Xen project Mailing List

Re: [PATCH] common: don't require use of DOMID_SELF

To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 14 Jan 2021 15:01:07 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1jCh94g6oZvKC5v97eK4sFOl++geGsWjx4TERsIiFmo=; b=ISaW9b5LyH/IUzvnaoJvuD3ZEE3IHgGSPLlh99Ke8e6OnFK+Mvw7IZ44W0yQY/M1PKXH7MP2OCTTvoYKPTneWWJ/dtGj5NgHaVksIyB15a/AfFZHRkqCy5hwUSpsjldPpNnLOGsQAzT+j8MuXHuHGBwNM/hO+eiPWj2TzWXIxm8KmoQLVHitT3F5mXKTi6AcoHizgsBoRE2GXiQS98whPzU07WEv+3Vl6mb68S1dTc6PuhPZPA7jAmJslH0xY1vFcFEbjeYBn4jTEb6ZHA9WEXYcZ+oX+Ax+uJcP0ThJhbuy7mQyLPMe8ZWlTSUdwVEl5RYB32ueLmgnyZgAxN5+sQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gLC+6MBASQ+/VH7sWbkCqnXK0B9bsH6YKVaUlTWQs/rf5FoGTnFLnUanyg2HrvRISbrXGrjm2Bdr/luev2BuiAc9TJ7FxDzOciMFkm3SgHU8HnU9RaFlklm8KoMVMyeegjmnlt3XGzTU2RDPWyHZ8lBQTP9SXyQaIStlnNMfpg3oNKoo9Psehq1xOPpAuhaAycxBw1torik+bg/EXC3oijGZ4JAEPRE9qCVmx1wLFBhUXoiELo95ws8Z2K1NMwvSp0NWqhSfKHWju6GPqr1Q4E+Lz3swsZmUVtugJzG7gpzsaTntIhhTiGOVWKEvsJ7MH4Hpy9boylvoeSKfMeLtXQ==

Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 14 Jan 2021 15:01:35 +0000

Ironport-sdr: hvASdtkYzqflHYWubjnAin6kyGYzgPhDAXEt2XwaTiP/uB3D39npFVgzn08HuNaI9lEWbjrmmF /LyHhjvb/LCVgSyVe2hTlJ0R/BR4k24zGlpzYMYr4R/qhtjf6Axc29B/hjrjYpJddJPVj6Bkab L9b+EPV1bKv1jH3Lfkshl3KDsgiieg2Etc5mAni54LZ24XP743awiNthuDw3pPYghXPTYbZoYD lgJnyyZxfjhW4RXT51gB0rn9C7o06wC+Skf6pnOzOGgbBhS1QTMgHA1WqFN5VqmtZDGeZLmE// 8x0=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14/01/2021 14:02, Jan Beulich wrote: > It's not overly difficult for a domain to figure out its ID, so > requiring the use of DOMID_SELF in a very limited set of places isn't > really helpful towards keeping the ID opaque to the guest. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > --- a/xen/common/grant_table.c > +++ b/xen/common/grant_table.c > @@ -2776,15 +2776,19 @@ struct gnttab_copy_buf { > static int gnttab_copy_lock_domain(domid_t domid, bool is_gref, > struct gnttab_copy_buf *buf) > { > - /* Only DOMID_SELF may reference via frame. */ > - if ( domid != DOMID_SELF && !is_gref ) > - return GNTST_permission_denied; > - > buf->domain = rcu_lock_domain_by_any_id(domid); > > if ( !buf->domain ) > return GNTST_bad_domain; > > + /* Only the local domain may reference via frame. */ > + if ( buf->domain != current->domain && !is_gref ) > + { > + rcu_unlock_domain(buf->domain); > + buf->domain = NULL; > + return GNTST_permission_denied; > + } In this case, it's also a weird asymmetry where this is one grant table operation which a privileged domain can't issue on behalf of an unprivileged one. > + > buf->ptr.domid = domid; > > return GNTST_okay; > --- a/xen/common/page_alloc.c > +++ b/xen/common/page_alloc.c > @@ -2566,13 +2566,7 @@ __initcall(register_heap_trigger); > > struct domain *get_pg_owner(domid_t domid) > { > - struct domain *pg_owner = NULL, *curr = current->domain; > - > - if ( unlikely(domid == curr->domain_id) ) > - { > - gdprintk(XENLOG_WARNING, "Cannot specify itself as foreign > domain\n"); > - goto out; > - } > + struct domain *pg_owner; I'm not sure this is correct. It isn't a DOMID_SELF check. It's a "confirm the nominated domid is remote" check, and I don't see all the callers of this interface having appropriate checks to prohibit trying to do a foreign operation on oneself, however they specify the foreign domid. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.