[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 21 Nov 2022 15:46:17 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CSP00r10vQy+QH3m25K+YDlTWgiYvTP+Iw9w86WGZx8=; b=DVRXzyLLOgIjkMjHY2u4wdtRwROmJkofYmnKgzb4dELOm4T/0H5oIlS7x1iLYFvcfgKxnbYN7g3FU2DpuKpQC3PxV/2aDKV3YdOXNO4KaT+ZEICHp4eStc5apzV4Xf/3kEVHLK5t3R15PSSH5Dt+Ls9T61EG+SLShUDz6W/xICJADqIZuwa5DgXdeKMZDlEJ13FNRlzSSP116Dpso+uQdh+U1sYISZsvNpcUJOwq34GU7k+BsrJG8aFjbrqkY5eX2r7GPWL19EPHasNamm7cwRtvfGCxlw2z7AvWXKi2tGKtG39HQ/kFgPSf5MR7F0GLESzR4reCWOFngFkZNjjcvg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XK2PO6CwsCA34lnFmsv//6goMteX+h3dS/8wPp22QRVN/NvBEk8i/4ntjII8YX6RcJ23YiIqeZKHYNMhrXXaG4Oti29oJabC3EB2rVJU2TObb2BVxiJBR4NHu830OLRTDDDp+p2PAbR5s176UE33gu0IKVTPFKnWpsAKUVPMWcmeiUIMVUqgNYC/nvJd4q5GlMaSgC45TIovXyDgvR8xN8kzG9gS3SyHyX+5d76Tv5qfVZwOmGi8FUrZAgRF9sPr4MC0MWL0dvQYCptaz83CIkimYOOGpt4rRUTlO8UNXleqjAlyr4VFkKmBqvbJ/XypLF2PgJRZr3UBaCM4lRTGbg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>
  • Delivery-date: Mon, 21 Nov 2022 15:46:37 +0000
  • Ironport-data: A9a23:jQ38yqjtCTgdxr5m2d8XBGfZX161gBEKZh0ujC45NGQN5FlHY01je htvUGCBbqyIZ2vzKdFwYYri8UIFvsSBytM1QVY6+CFmRHwb9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrWCYmUpH1QMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsy+qWs0N8klgZmP6oS5QWHzyB94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tRHB24JQCGo196x0ZyfV883ipQfEvTSadZ3VnFIlVk1DN4AaLWaGuDhwoYd2z09wMdTAfzZe swVLyJ1awjNaAFOPVFRD48imOCvhT/0dDgwRFC9/PJrpTSMilEvluGyarI5efTTLSlRtm+eq njL4CLSBRYCOcbE4TGE7mitlqnEmiaTtIc6ROLorqU13wb7Kmo7LBsOdQKJheuAsk+vXexwK 0wOohN2ov1nnKCsZpynN/Gim1aGtxgQQctNEMU17QiMzuzf5APxLngJSHtNZcIrsOcyRCc2z RmZktXxHzttvbaJD3WH+d+8oTy+NCcPJEcedCQESk0D+NClr4Yt5jrDVs1mEbK1ptTtFCvs3 iuRqywjm7QUi9VN3KK+lXjnjjS2t972Rwg6zgzNWySu6QYRWWK+T4mh6Fye5vEZKo+cFwCFp CJdxJLY6/0SB5aQkiDLWP8KALyi+/eCNnvbnEJrGJ4isT+q/hZPYLxt3d23H28xWu5sRNMjS Ba7Vd95jHOLAEaXUA==
  • Ironport-hdrordr: A9a23:aSbnYK9/dfzun2u7mUBuk+Hwdr1zdoMgy1knxilNoENuH/Bwxv rFoB1E73TJYW4qKQodcdDpAtjifZtFnaQFrLX5To3SJjUO31HYYL2KjLGSiQEIfheTygcz79 YGT0ETMrzN5B1B/L7HCWqDYpkdKbu8gcaVbI7lph8DIz2CKZsQljuRYTzrcHGeMTM2YabRY6 Dsg/avyQDBRV0nKuCAQlUVVenKoNPG0LrgfB49HhYirCWekD+y77b+Mh6AmjMTSSlGz7sO+X XM11WR3NTjj9iLjjvnk0PD5ZVfn9XsjvNFGcy3k8AQbhn8lwqyY4xlerua+BQ4uvum5loGmM TF5z0gI8NwwXXMeXzdm2qi5yDQlBIVr1Pyw16RhnXu5ebjQighNsZHjYVFNjPE9ksJprhHoe F29lPck6ASIQLLnSz76dSNfQptjFCIrX0rlvNWp2BDULEZdKRaoeUkjQFo+dY7bWfHAbIcYa 5T5fLnlbBrmJShHinkV1xUsZiRt7IIb0+7qwY5y5eoOnNt7Q1EJgMjtbAidzE7hdIAotB/lp r52u4DrsAwcuYGKa16H+sPWs2xFyjERg/NKnubJRD9GLgAIG+lke+/3FwZ3pDcRHUz9upFpL 3RFFdD8WIicUPnDsODmJVN7xDWWW24GTDg0NtX6ZR1sqD1AOODC1zJdHk+18+75/kPCMzSXP i+fJpQHv/4NGPrXYJExRf3VZVeIWQXFMcVptE4UVSTpd+jEPyjisXLNPLIYLb9GzctXW3yRn MFQTjoPc1FqlumX3fp6SKhL08FunaPiK6YPJKqjNT7krJ9R7GkmjJl+WiR94WMNSBItLAwcQ 93PK7n+5nL11WLwQ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHY/bbRnyNjpAguUkKfWUCja4W2UK5Jg4kAgAAB0oA=
  • Thread-topic: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
On 21/11/2022 15:39, Jason Andryuk wrote:
> On Mon, Nov 21, 2022 at 9:37 AM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> 
> wrote:
>> These were overlooked in the original patch, and noticed by OSSTest which 
>> does
>> run some Flask tests.
>>
>> Fixes: 22b20bd98c02 ("xen: Introduce non-broken hypercalls for the paging 
>> mempool size")
>> Suggested-by: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> ---
>> CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
>> CC: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> CC: Jason Andryuk <jandryuk@xxxxxxxxx>
>> CC: Henry Wang <Henry.Wang@xxxxxxx>
> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>
>
> Thanks, Andrew.  Though we might want a small tweak - possibly as a follow up?
>
>> diff --git a/tools/flask/policy/modules/xen.if 
>> b/tools/flask/policy/modules/xen.if
>> index 424daab6a022..6b7b7d403ab4 100644
>> --- a/tools/flask/policy/modules/xen.if
>> +++ b/tools/flask/policy/modules/xen.if
>> @@ -92,7 +92,7 @@ define(`manage_domain', `
>>         allow $1 $2:domain { getdomaininfo getvcpuinfo getaffinity
>>                         getaddrsize pause unpause trigger shutdown destroy
>>                         setaffinity setdomainmaxmem getscheduler resume
>> -                       setpodtarget getpodtarget };
>> +                       setpodtarget getpodtarget getpagingmempool 
>> setpagingmempool };
> There is also create_domain_common which is for a dedicated "domain
> builder" that creates but does not manage domains.  I think that
> should gain setpagingmempool permission?

Sounds like it should.  Something like this?

diff --git a/tools/flask/policy/modules/xen.if
b/tools/flask/policy/modules/xen.if
index 6b7b7d403ab4..11c1562aa5da 100644
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -49,7 +49,8 @@ define(`create_domain_common', `
        allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize
                        getdomaininfo hypercall setvcpucontext getscheduler
                        getvcpuinfo getaddrsize getaffinity setaffinity
-                       settime setdomainhandle getvcpucontext
set_misc_info };
+                       settime setdomainhandle getvcpucontext set_misc_info
+                       getpagingmempool setpagingmempool };
        allow $1 $2:domain2 { set_cpu_policy settsc setscheduler setclaim
                        set_vnumainfo get_vnumainfo cacheflush
                        psr_cmt_op psr_alloc soft_reset

I can fold this in on commit.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.