[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Mon, 21 Nov 2022 10:39:46 -0500
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>
Delivery-date: Mon, 21 Nov 2022 15:40:07 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Nov 21, 2022 at 9:37 AM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
>
> These were overlooked in the original patch, and noticed by OSSTest which does
> run some Flask tests.
>
> Fixes: 22b20bd98c02 ("xen: Introduce non-broken hypercalls for the paging 
> mempool size")
> Suggested-by: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> CC: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> CC: Jason Andryuk <jandryuk@xxxxxxxxx>
> CC: Henry Wang <Henry.Wang@xxxxxxx>

Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>

Thanks, Andrew.  Though we might want a small tweak - possibly as a follow up?

> diff --git a/tools/flask/policy/modules/xen.if 
> b/tools/flask/policy/modules/xen.if
> index 424daab6a022..6b7b7d403ab4 100644
> --- a/tools/flask/policy/modules/xen.if
> +++ b/tools/flask/policy/modules/xen.if
> @@ -92,7 +92,7 @@ define(`manage_domain', `
>         allow $1 $2:domain { getdomaininfo getvcpuinfo getaffinity
>                         getaddrsize pause unpause trigger shutdown destroy
>                         setaffinity setdomainmaxmem getscheduler resume
> -                       setpodtarget getpodtarget };
> +                       setpodtarget getpodtarget getpagingmempool 
> setpagingmempool };

There is also create_domain_common which is for a dedicated "domain
builder" that creates but does not manage domains.  I think that
should gain setpagingmempool permission?

Regards,
Jason

Follow-Ups:
- Re: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
  - From: Andrew Cooper

References:
- [PATCH for-4.17 0/2] Even more XSA-409 fixes
  - From: Andrew Cooper
- [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
  - From: Andrew Cooper

Prev by Date: RE: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
Next by Date: Re: [PATCH v3] xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
Previous by thread: RE: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
Next by thread: Re: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.