xen-devel

[Top] [All Lists]

[Xen-devel] [PATCH] domctl: don't allow certain operations on Dom0

from [Jan Beulich]

[Permanent Link][Original]

To:	<xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] [PATCH] domctl: don't allow certain operations on Dom0
From:	"Jan Beulich" <jbeulich@xxxxxxxxxx>
Date:	Fri, 19 Sep 2008 14:06:33 +0100
Delivery-date:	Fri, 19 Sep 2008 06:06:16 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

XEN_DOMCTL_setvcpucontext, XEN_DOMCTL_max_vcpus, and
XEN_DOMCTL_setdebugging don't seem to allow Dom0 as the subject domain
(based on the criteria that they pause that domain in order to do their
job).

Apart from this, I wonder about the usefulness of XEN_DOMCTL_max_vcpus
on a domain that was already booted - generally, I would expect OSes to
be allowed to assume they know how many CPUs they might ever run on (at
least Linux indeed does, by requiring that cpu_possible_map never
changes).

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>

Index: 2008-09-19/xen/common/domctl.c
===================================================================
--- 2008-09-19.orig/xen/common/domctl.c 2008-09-19 13:36:28.000000000 +0200
+++ 2008-09-19/xen/common/domctl.c      2008-09-19 13:36:52.000000000 +0200
@@ -223,7 +223,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
             goto svc_out;
 
         ret = -EINVAL;
-        if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
+        if ( d == current->domain ||
+             (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
             goto svc_out;
 
         if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
@@ -392,14 +393,14 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         struct domain *d;
         unsigned int i, max = op->u.max_vcpus.max, cpu;
 
-        ret = -EINVAL;
-        if ( max > MAX_VIRT_CPUS )
-            break;
-
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
+        ret = -EINVAL;
+        if ( d == current->domain || max > MAX_VIRT_CPUS )
+            break;
+
         ret = xsm_max_vcpus(d);
         if ( ret )
         {
@@ -706,6 +707,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
+        ret = -EINVAL;
+        if ( d == current->domain )
+            break;
+
         ret = xsm_setdebugging(d);
         if ( ret )
         {




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH] domctl: don't allow certain operations on Dom0, Jan Beulich <=

Previous by Date:	[Xen-devel] [PATCH] fix misc issues related to allowing support of more CPUs, Jan Beulich
Next by Date:	[Xen-devel] [PATCH] x86/cpufreq: don't use static array for large per-CPU data structures, Jan Beulich
Previous by Thread:	[Xen-devel] [PATCH] fix misc issues related to allowing support of more CPUs, Jan Beulich
Next by Thread:	[Xen-devel] [PATCH] x86/cpufreq: don't use static array for large per-CPU data structures, Jan Beulich
Indexes:	[Date] [Thread] [Top] [All Lists]