[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] sysctl: XSM hook should not cause XEN_SYSCTL_getdomaininfolist to (appear to) fail
- To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Tue, 2 May 2023 11:40:42 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sWd4VHl3QwgEFRTdzx+i/fqQiQZSGVt6HDdW7tgg490=; b=XcOXzrRx7JKFyOmfAuR6qIjpDaq0Fl1YrcW1oVpyVttBoL3TjPSuFUKxdYa2f6Wq3G796ey9Ue8IvRHLm4JjeCX0wK3UA4m7JFr7gItXZVqwhbBMUDEHnc1SNijjz6FLCq9LpRIAt9vVQvOXbDM6vEAUCuxIxJ40Qfm3Lppc7TjdE95ek7aPLehAqsf6Z1BU/79puweuVQJxqPYcYhjYK3TAdc98Ax9eNtlKwWYsFLYf7YGR2iqRoTGFPZUBisWPlDCFHSZVfhebs3JZCIFoyr2nhu62xwGWlpLHEWTVnZva+ZJ5pjxeNaWBVhnSacuM3t/zDKyBWTM7aPx/BaFebQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Gyqu7AJGv+KGQ9CFoLTS5HhonlItsa+4ojydPRjvGnG61qfrkaHP7hN9DKIfa2oxhWXvZgfofi1tXsY3+eAFZCLFMZL5sucz7a3Vi+ElgXQ8GgyuZAnf9Ahwq5ffX8gNtwCqrzcYvi9xeXtHYYMw9QKMmv6fp9y9qpVlj4GOQI9oaTfz4FHsmCZW/VfU9VWUT0EqMBmiIm3VKVjAtI7VvEezAb37HSNZSzbY1Ph4HXNzQHFSV8/hRLn/k4vPQ2rS9Ro+DkZn+o/WajDPvkgCydp1QF2CNzKUtMu9OtnHhVgvHcShaL7k5PsBy6rOyMAi0n02RgqO4rEevdGBx1nFDA==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Delivery-date: Tue, 02 May 2023 09:41:15 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02.05.2023 11:33, Roger Pau Monné wrote:
> On Tue, May 02, 2023 at 10:27:39AM +0100, Andrew Cooper wrote:
>> On 02/05/2023 8:17 am, Jan Beulich wrote:
>>> The hook being able to deny access to data for certain domains means
>>> that no caller can assume to have a system-wide picture when holding the
>>> results.
>>>
>>> Wouldn't it make sense to permit the function to merely "count" domains?
>>> While racy in general (including in its present, "normal" mode of
>>> operation), within a tool stack this could be used as long as creation
>>> of new domains is suppressed between obtaining the count and then using
>>> it.
>>
>> This would not be the first example of the XSM hooks being tantamount to
>> useless. I doubt it will be the last either.
>>
>> With the rest of Alejandro's series in place, all requests for a single
>> domid's worth of info use the domctl, and all requests for all domains
>> use the systctl.
>>
>>
>> As a result, we can retrofit some sanity and change the meaning of the
>> XSM hook here for the sysctl, to mean "can see a systemwide view" (or
>> not). This moves the check out of the loop, and fixes the behaviour.
>
> Don't we still need some kind of loop, as the current getdomaininfo()
> XSM hook expects a domain parameter in order to check whether the
> caller has permissions over it?
>
> Or we plan to introduce a new hook that reports whether a caller has
> permissions over all domains?
I'd be inclined to make the existing hook recognize NULL as "global view".
Jan
|
