[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.22? 4/7] domctl: restrict permission check for XEN_DOMCTL_memory_mapping's remove form

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 17 Jun 2026 13:37:11 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UmwTGFjJ41DfNMZjpQlHpx84UVScg80V84aQE4Fiwzs=; b=hQyOy5EpsrNK0cgpN4Nngw+ZpKKWxPzLCEuh81JuLEUhO18ETAKd977k0WqFEYYJePacSnLvFhSQ3iZpWN452EsuYZ5cVSmc2fL35AsI1oPPzjsYx/b1I+p3BgqWvJdtPZ84pptcym/6Wr0HPlPKlqcsFgnFYEbvedqyCpCBm2GTq/AbmI8s1/0onFXpI9wI28yRDiD2hSWk8FrWNEXlKCnjOeWY9SWNldaSU7JhNkVtAdxzCdKaXgMu1NKlNZBNdE6B14Wn5xNqViWlbmTguiQ2/wraorMnbDXF+N0f0b72F1tBAb1pV+/x1okt4vEcr4jH28l4WCiEmIt3lCfeBA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DPYkimolcGkZZFqtbAc9LifU0ifz2+f0SxBEtZjsyCtgJQO1iYBEWp4NDNTW8OH6TGRYgAhgNE0X+55VjW/1lzNsg+YuGqw6ZSVuD6fuexawAr16DprGc6RhnWdyMDBjRFMr6sUWwfYFp0RicDsLea161Df/IXBGLW2qvZVgXHAZtOmc5q/YJ1RJpxJ2Z7n/nGE+v/WjEyuUUKqVBSbs5rYOs8JjYEzQgfUqNZl6F7/s7rcmEqtRkvqKdNPtfIf966Rw1F/D9cV/Fb+4APvMtPch0TdCDAaeaY2UUMHc8JUVgEo9KW0QfveKFLHymar4bunT4djY523sv7gM616fnA==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
  • Delivery-date: Wed, 17 Jun 2026 11:37:26 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Jun 17, 2026 at 11:27:42AM +0200, Jan Beulich wrote:
> While the granting of permissions when mapping was already removed from
> this operation, check whether permissions actually were granted when
> adding a mapping; the check of the requester having permission remains
> unaltered.

I would possibly reword this as:

"Be less strict with permissions checks when removing a mapping and
only request the caller domain to have access to the region.  Keep the
same permission checks for addition operations."

> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.