[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] sysctl: XSM hook should not cause XEN_SYSCTL_getdomaininfolist to (appear to) fail

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 2 May 2023 09:17:52 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mJOXKJhqj0dCvMwJodrI7VMwHJWDODfDJZHptDaJKnA=; b=cQwgf+HFCB71gNmwOwTc32kr0vD6apx8wsnQTFmfgPtLakoBpY2J0FP4Ip/tYNUogGDADU13g+Z444CsvAKMzvkpewNFKcFicZmZL0ls0SzptRX5ZGWq+SPOUW5IfQ0GkhjG4TXsWRKcB4d2bgp7XU6QqeYvRlfWPITreZUa7jRpY5CnCN0DR7vUvhlFK7upre5Kt+GHD0uicR1/RjcOlbYpC9CHDCPzpJHaOlz6Jm66aiF9VGr8e/yNwboHwVXMI8MbVjZ9fEzWaK6IrjyO6hgD6QEmYp62v/LXfePtd5MHQHoMX+j/fY4JDCm589ADJWKe8OHEr3jRRh5dpRoL2A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YoFzm8fmaDDVP9+IUvOGemPkdB0WBIVdceOi1jg63jmurBJRS04BupVc9AnPlF0k7IOrdk9j3JdpkBJbWj5C1uHAll/U9oM1XeQZRffloDcTgi4G5xjwMS52rVTsh4sXjUuRG0QwPY8RyryfzEh3SpEE04661mrXliVtiJeVjLmQtlDb+DuHPDQ54L5D0EumU7hR8/y9Nzcse/7BoOudtCIofcZFkQ3MCWHMKAuy4fdGqA0TwymtsLSZGXm5ZvhlaoeQrLlfIcvshhMXNkFQCoheZCJfkZVTrHTM46TNhAPTh0aCC6VSExLEpeIrjqfSzvyWWhx9PrsgLdXRVtVhLA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 02 May 2023 07:18:31 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Unlike for XEN_DOMCTL_getdomaininfo, where the XSM check is intended to
cause the operation to fail, in the loop here it ought to merely
determine whether information for the domain at hand may be reported
back. Therefore if on the last iteration the hook results in denial,
this should not affect the sub-op's return value.

Fixes: d046f361dc93 ("Xen Security Modules: XSM")
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
The hook being able to deny access to data for certain domains means
that no caller can assume to have a system-wide picture when holding the
results.

Wouldn't it make sense to permit the function to merely "count" domains?
While racy in general (including in its present, "normal" mode of
operation), within a tool stack this could be used as long as creation
of new domains is suppressed between obtaining the count and then using
it.

In XEN_DOMCTL_getpageframeinfo2 said commit had introduced a 2nd such
issue, but luckily that sub-op and xsm_getpageframeinfo() are long gone.

--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -89,8 +89,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xe
             if ( num_domains == op->u.getdomaininfolist.max_domains )
                 break;
 
-            ret = xsm_getdomaininfo(XSM_HOOK, d);
-            if ( ret )
+            if ( xsm_getdomaininfo(XSM_HOOK, d) )
                 continue;
 
             getdomaininfo(d, &info);

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.