[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] sysctl: XSM hook should not cause XEN_SYSCTL_getdomaininfolist to (appear to) fail


  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 2 May 2023 10:39:14 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vupd9GIf/iSUDWxuU9OY5RGPur9GEsNPNTDZ9vRliqw=; b=ULX4YjFWLfKRn0miVfnnfDI+HU0p8Z3w9Mp3gWgSyW/YqvmbfTscb1xtcpgeaBAskpXspKWvADW8WL/FIedA2f2CPA0fIPi4F1b47WfyD4BlhdWFswBLuYpwvZXofJmlmWpplf8tQRdYfN45zynyd7PHox9wniyybOK3DwmMmG6dnrZBZRavYHMqCqGZK3yHnTnpiLSo8iyYvHo0JzWKo8ftwl5cKqVs2Qvgat8sFP5bTNPo5c0e52STsSQC2OKEMmKhjyCZmbQclf/oh58WrO3wFDTwuJDairg7K4Eu6XAwX/e00bYilR08T+IkCjf+Cllq86fXGp6Ovx5WuuUR+w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XQ8NLxYEtrBeLweKkTfOk4yasIMDAdgsJl/IU+Mvra0WOafI259MHwuuKNAFeF/jn3wBOEiVA9sqBRrk0PFt4G1wQx7ms94fAQMB7YtMjbEjKiHZ7QiFSGLoCkEEsMoOPUTGXqmq+gWnPxEm8qmlKHvxzVgeLvicFWMzsrz0VQahbq1ALBhGRnls5ul65+0APpB1jWRBgbFLpx1MdszHsyHIa2G6WNNIUYIRua87SCpDTILYqTOR1YJWaP0lJh0nf0iebs5HSCd3GZ5V5b0ASzWb+5/en6Zd8asW85BBACtGRjUlr3K7BikI3jA/8JylSKMc0hK4PgvtOoNQif3Ccw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>
  • Delivery-date: Tue, 02 May 2023 09:39:49 +0000
  • Ironport-data: A9a23:0eY/c6/H7nn6MYSZ+Xu0DrUDGn+TJUtcMsCJ2f8bNWPcYEJGY0x3z 2AYD2+EbKrZN2HxKN4gPo+29xkG75TTxtM2HQFvpCo8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKicYXoZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kI+1BjOkGlA5AdmOKgR5Aa2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklDr 6weJRE9diy9gvm7h7CaR9Z2u5UaeZyD0IM34hmMzBn/JNN/G9XvZvuP4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTWCilUuidABM/KMEjCObexTklyVu STt+GPhDwtBHNee1SCE4jSngeqncSbTAdpMT+Xoqq806LGV7jAKDyYoVlqdmvyopB6PcO1jK FUL2DV7+MDe82TuFLERRSaQonSJoxodUNp4CPAh5UeGza+8yxaUAC0IQyBMbPQitdQqXno62 1mRhdTrCDdz9rqPRhq19KqQrD60ETgYKykFfyBsZRAe/9DprYU3jxTOZtVuCqi4ipvyAz6Y6 y+OhDgzgfMUl8Fj/6mj5lXGnzKEr4DEVBIo/R7QWn+57wR/f8iuYInAwVHf4PRJKoqDSR+ft XwAlsqZxOsKCoyB0ieKRY0lHriv6+yULT70jltmHp1n/DOok0NPZqhV6TB6YUtsbMANfGazZ FeJ4FwIophOIHGtcKl7JZqrDNgnxrThEtKjUe3Iat1JYd56cwrvEDxSWHN8FlvFyCAE+ZzT8 7/AGSpwJR720Zha8Qc=
  • Ironport-hdrordr: A9a23:ZTR7X67KDQmj6L8uPAPXwMzXdLJyesId70hD6qkRc20tTiX8ra uTdZsgpHzJYVoqNk3I+urwXZVoI0msl6KdiLN5Vd3PMzUO0FHYSL2KhrGD/9SPIUzDHkM378 pdmy8UMqyXMbCv5vyKhzWFLw==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02/05/2023 10:33 am, Roger Pau Monné wrote:
> On Tue, May 02, 2023 at 10:27:39AM +0100, Andrew Cooper wrote:
>> On 02/05/2023 8:17 am, Jan Beulich wrote:
>>> The hook being able to deny access to data for certain domains means
>>> that no caller can assume to have a system-wide picture when holding the
>>> results.
>>>
>>> Wouldn't it make sense to permit the function to merely "count" domains?
>>> While racy in general (including in its present, "normal" mode of
>>> operation), within a tool stack this could be used as long as creation
>>> of new domains is suppressed between obtaining the count and then using
>>> it.
>> This would not be the first example of the XSM hooks being tantamount to
>> useless.  I doubt it will be the last either.
>>
>> With the rest of Alejandro's series in place, all requests for a single
>> domid's worth of info use the domctl, and all requests for all domains
>> use the systctl.
>>
>>
>> As a result, we can retrofit some sanity and change the meaning of the
>> XSM hook here for the sysctl, to mean "can see a systemwide view" (or
>> not).  This moves the check out of the loop, and fixes the behaviour.
> Don't we still need some kind of loop, as the current getdomaininfo()
> XSM hook expects a domain parameter in order to check whether the
> caller has permissions over it?
>
> Or we plan to introduce a new hook that reports whether a caller has
> permissions over all domains?

New hook.

The current behaviour of skipping certain entries is fundamentally
broken, and needs not to stay.

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.