Xen project Mailing List

Re: [PATCH] common: don't require use of DOMID_SELF

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 15 Jan 2021 11:49:32 +0100

Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 15 Jan 2021 10:49:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.01.2021 16:01, Andrew Cooper wrote: > On 14/01/2021 14:02, Jan Beulich wrote: >> --- a/xen/common/page_alloc.c >> +++ b/xen/common/page_alloc.c >> @@ -2566,13 +2566,7 @@ __initcall(register_heap_trigger); >> >> struct domain *get_pg_owner(domid_t domid) >> { >> - struct domain *pg_owner = NULL, *curr = current->domain; >> - >> - if ( unlikely(domid == curr->domain_id) ) >> - { >> - gdprintk(XENLOG_WARNING, "Cannot specify itself as foreign >> domain\n"); >> - goto out; >> - } >> + struct domain *pg_owner; > > I'm not sure this is correct. > > It isn't a DOMID_SELF check. It's a "confirm the nominated domid is > remote" check, and I don't see all the callers of this interface having > appropriate checks to prohibit trying to do a foreign operation on > oneself, however they specify the foreign domid. Since Julien had me look up all the call sites anyway (for adding respective commentary in the public headers), I checked this property as well: The only case where a foreign domain is strictly required is the handling of XENMAPSPACE_gmfn_foreign, and there a respective check exists. I actually question do_mmuext_op()'s use of the function, as neither DOMID_IO nor DOMID_XEN ought to be sensibly usable there. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.