Xen project Mailing List

Re: [Xen-devel] [RFC 2/6] linux-stubdomain: Compile Linux

To: Anthony PERARD <anthony.perard@xxxxxxxxxx>

From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Date: Mon, 22 Apr 2013 09:59:45 -0400

Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

Delivery-date: Mon, 22 Apr 2013 14:00:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 04/22/2013 09:46 AM, Anthony PERARD wrote:

On 19/04/13 11:33, Stefano Stabellini wrote:

On Wed, 17 Apr 2013, Anthony PERARD wrote:

diff --git 
a/stubdom-linux/0001-xen-Don-t-check-for-xen_initial_domain-in-privcmd_io.patch 
b/stubdom-linux/0001-xen-Don-t-check-for-xen_initial_domain-in-privcmd_io.patch
new file mode 100644
index 0000000..627b337
--- /dev/null
+++ 
b/stubdom-linux/0001-xen-Don-t-check-for-xen_initial_domain-in-privcmd_io.patch
@@ -0,0 +1,39 @@
+From 94d3502e70882a78ec3abb22379a79afc1292fb0 Mon Sep 17 00:00:00 2001
+From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
+Date: Fri, 1 Jun 2012 15:46:39 +0100
+Subject: [PATCH 1/2] xen: Don't check for xen_initial_domain in
+ privcmd_ioctl_mmap*.
+
+This prevent a stubdom from working.
+
+---
+ drivers/xen/privcmd.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
+index ccee0f1..a8d71a3 100644
+--- a/drivers/xen/privcmd.c
++++ b/drivers/xen/privcmd.c
+@@ -196,9 +196,6 @@ static long privcmd_ioctl_mmap(void __user *udata)
+       LIST_HEAD(pagelist);
+       struct mmap_mfn_state state;
+
+-      if (!xen_initial_domain())
+-              return -EPERM;
+-
+       if (copy_from_user(&mmapcmd, udata, sizeof(mmapcmd)))
+               return -EFAULT;
+
+@@ -286,9 +283,6 @@ static long privcmd_ioctl_mmap_batch(void __user *udata)
+       LIST_HEAD(pagelist);
+       struct mmap_batch_state state;
+
+-      if (!xen_initial_domain())
+-              return -EPERM;
+-
+       if (copy_from_user(&m, udata, sizeof(m)))
+               return -EFAULT;
+



I think you should submit both patches separately for inclusion in the
Linux kernel.


Definitely.
Should we remove the check for initial_domain all together and leave
this permission to be handle by Xen? Or should we try to find out if the
function is called in a stubdom/dom0 ?

This has already been fixed upstream (Linux 3.8). The check should never have been in the Linux kernel as it is the hypervisor's responsibility to check hypercall permissions, and Xen does this correctly. -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.