[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] xen/sysctl: fix XEN_SYSCTL_getdomaininfolist handling with XSM
- To: Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 2 May 2023 09:03:00 -0400
- Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683032583; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=+PmM/urMgFqGb0mSi5wPADvNdwp6VGJZKc8t26d4ohA=; b=Zs5kwMKNBZqS8yx+15CNimtqKJkvfKHP9XZv+pmDW/PJ865FwLAYEnbWVdtliui1mkIolBjbush/x8Hchwglss1oJ14AKbEsJiwXnNf2/T4GYFWHAkTyIbEh7ZAmAKvEkITJh0yd0jAGXfJrLokjwR+NKoreib0/KiRHKLAANGI=
- Arc-seal: i=1; a=rsa-sha256; t=1683032583; cv=none; d=zohomail.com; s=zohoarc; b=dcnrjMXMEBqaDs8HEbZpO1CdF6/rgjf5Vvlwc8+apeqQe0DT6bMc+fLmzS123Eqx2HOoPNyZBgGDvjzrDl/k90nzuymYQYfhshju5oMKBv6NAY357rd9y6aWnPqbso9TuKQg7mqE+KJwrhfcwwibJSh+xzjk4RSu3+caj4wulbU=
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Tue, 02 May 2023 13:03:19 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 4/30/23 10:46, Juergen Gross wrote:
In case XSM is active, the handling of XEN_SYSCTL_getdomaininfolist
can fail if the last domain scanned isn't allowed to be accessed by
the calling domain (i.e. xsm_getdomaininfo(XSM_HOOK, d) is failing).
Fix that by just ignoring scanned domains where xsm_getdomaininfo()
is returning an error, like it is effectively done when such a
situation occurs for a domain not being the last one scanned.
Fixes: d046f361dc93 ("Xen Security Modules: XSM")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
xen/common/sysctl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index 02505ab044..0cbfe8bd44 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -89,8 +89,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
if ( num_domains == op->u.getdomaininfolist.max_domains )
break;
- ret = xsm_getdomaininfo(XSM_HOOK, d);
- if ( ret )
+ if ( xsm_getdomaininfo(XSM_HOOK, d) )
continue;
getdomaininfo(d, &info);
This change does not match the commit message. This says it fixes an
issue, but unless I am totally missing something, this change is nothing
more than formatting that drops the use of an intermediate variable.
Please feel free to correct me if I am wrong here, otherwise I believe
the commit message should be changed to reflect the code change.
Second, as far as the problem description goes. The *only* time the call
to xsm_getdomaininfo() at this location will return anything other than
0, is when FLASK is being used and a domain whose type is not allowed
getdomaininfo is making the call. XSM_HOOK signals a no-op check for the
default/dummy policy, and the SILO policy does not override the
default/dummy policy for this check.
V/r,
Daniel P. Smith
|
