[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 2/2] flask: implement xsm_set_system_active


  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 2 May 2022 16:16:26 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UGKVNXpk6Yv1J6OL742nVyzRVlUL2zXcUGt7Gxrlk2U=; b=Fu3yZfR7CJsfQYh9ZvI80FB8DmOuauzB4ugtbpT6zttftAAID0HK9fFV/ktAahxALSAJ/3jiIa4IoW8ZO6Oxql2gJATmIqz7jDi4zRhsGSRSyFgm+eetTM4nwrQow3QiJnfbh7UERsDWjsNR+0PkciqsbaneWmF4hc78+Vuupw6oNsqXO1DraZOEAxb5DY84OF+FPQHNzNlb8l/ecSethKgiAp5UBZhxF2m9pI4rHEsK/8YcGvbzm9CVxsUn9A4P74Qd7iN9mPFAXNmcf3LSNq3Cb/XR13xlKEMCWTs56U45EPFZnOzh6YTYf2CF1eAtbesmVpFK90kKp+hJsknA/A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iZFMD6kHjBOwskec7ZUcCiOZUsAQYTnDsq7geNjlArYfEv38nqsrS4sqifdZkT5TQ7ASFsdgcS9vqBuCtzXLflnP0A+Gq4h33tHLjxwhU4tOTNbUha+o9QgEK+oNou0WIXAd4r+GKXzVC7LZ6ilFLVgmhMhjm18WNXLQ1MQNCJFYSawX6v9eQg5Rpa8V5CBq8NuR//CF3Da8AB+80tbHQnzp6Dglv5ep9wSezSoBn7Mpow8AX8LWUzCchtBrVfZRDzWUsSkvEOc+GvojUMbcvLc1QqWcVPTFNNHrh5hz2tre/5rDkU8OY8hepp36yJTRxoSx2gFBLqqKWR8xyf6LLg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, christopher.clark@xxxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 02 May 2022 14:16:34 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02.05.2022 15:30, Daniel P. Smith wrote:
> @@ -188,14 +188,20 @@ static int cf_check flask_domain_alloc_security(struct 
> domain *d)
>  
>  static int cf_check flask_set_system_active(void)
>  {
> +    struct domain_security_struct *dsec;
>      struct domain *d = current->domain;
>  
> +    dsec = d->ssid;
> +    ASSERT(dsec->sid == SECINITSID_XENBOOT);

What about ->self_sid, which ...

> +
>      if ( d->domain_id != DOMID_IDLE )
>      {
>          printk("xsm_set_system_active should only be called by idle 
> domain\n");
>          return -EPERM;
>      }
>  
> +    dsec->self_sid = dsec->sid = SECINITSID_XEN;

... you also overwrite here?

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.