[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 05 of 11 v4] xen: allow for explicitly specifying node-affinity

To: Dario Faggioli <dario.faggioli@xxxxxxxxxx>
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Fri, 15 Mar 2013 10:20:35 -0400
Cc: Marcus Granado <Marcus.Granado@xxxxxxxxxxxxx>, Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Anil Madhavapeddy <anil@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Juergen Gross <juergen.gross@xxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Xen-Devel <xen-devel@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>
Delivery-date: Fri, 15 Mar 2013 14:21:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 03/14/2013 10:30 PM, Dario Faggioli wrote:
[...]

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -611,10 +611,10 @@ static int flask_domctl(struct domain *d
          return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);

      case XEN_DOMCTL_setvcpuaffinity:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY);
+        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETAFFINITY);

      case XEN_DOMCTL_getvcpuaffinity:
-        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUAFFINITY);
+        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETAFFINITY);


You need to add XEN_DOMCTL_{get,set}nodeaffinity to the switch statement
in addition to changing the permission name for the existing domctls.

      case XEN_DOMCTL_resumedomain:
          return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -103,10 +103,10 @@ class domain
      max_vcpus
  # XEN_DOMCTL_destroydomain
      destroy
-# XEN_DOMCTL_setvcpuaffinity
-    setvcpuaffinity
-# XEN_DOMCTL_getvcpuaffinity
-    getvcpuaffinity
+# XEN_DOMCTL_setaffinity
+    setaffinity
+# XEN_DOMCTL_getaffinity
+    getaffinity
  # XEN_DOMCTL_scheduler_op with XEN_DOMCTL_SCHEDOP_getinfo
      getscheduler
  # XEN_DOMCTL_getdomaininfo, XEN_SYSCTL_getdomaininfolist


The comments here are now incorrect, and should reflect the domctls
controlled by the listed permission.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 05 of 11 v4] xen: allow for explicitly specifying node-affinity
  - From: Dario Faggioli

References:
- [Xen-devel] [PATCH 00 of 11 v4] NUMA aware credit scheduling
  - From: Dario Faggioli
- [Xen-devel] [PATCH 05 of 11 v4] xen: allow for explicitly specifying node-affinity
  - From: Dario Faggioli

Prev by Date: Re: [Xen-devel] a strange issue on disk scheduler in xen
Next by Date: Re: [Xen-devel] [PATCH 6/9] tools: memshr: arm64 support
Previous by thread: Re: [Xen-devel] [PATCH 05 of 11 v4] xen: allow for explicitly specifying node-affinity
Next by thread: Re: [Xen-devel] [PATCH 05 of 11 v4] xen: allow for explicitly specifying node-affinity
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.