Re: [PATCH 12/20] xen: avoid calling rcu_lock_*target_domain when an XSM hook exists

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>, xen-devel@lists.xen.org
Subject: Re: [PATCH 12/20] xen: avoid calling rcu_lock_*target_domain when an XSM hook exists
Date: Tue, 11 Sep 2012 09:26:38 -0400	[thread overview]
Message-ID: <504F3C0E.8020901@tycho.nsa.gov> (raw)
In-Reply-To: <504F0603020000780009A6CC@nat28.tlf.novell.com>

On 09/11/2012 03:36 AM, Jan Beulich wrote:
>>>> On 10.09.12 at 21:49, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> --- a/xen/common/grant_table.c
>> +++ b/xen/common/grant_table.c
>> @@ -195,30 +195,6 @@ double_gt_unlock(struct grant_table *lgt, struct 
>> grant_table *rgt)
>>          spin_unlock(&rgt->lock);
>>  }
>>  
>> -static struct domain *gt_lock_target_domain_by_id(domid_t dom)
>> -{
>> -    struct domain *d;
>> -    int rc = GNTST_general_error;
>> -
>> -    switch ( rcu_lock_target_domain_by_id(dom, &d) )
>> -    {
>> -    case 0:
>> -        return d;
>> -
>> -    case -ESRCH:
>> -        gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom);
>> -        rc = GNTST_bad_domain;
>> -        break;
>> -
>> -    case -EPERM:
>> -        rc = GNTST_permission_denied;
>> -        break;
>> -    }
>> -
>> -    ASSERT(rc < 0 && -rc <= MAX_ERRNO);
>> -    return ERR_PTR(rc);
>> -}
>> -
> 
> Removing that function again is fine as long as you retain the
> distinguished error codes, which ...
> 
>>  static inline int
>>  __get_maptrack_handle(
>>      struct grant_table *t)
>> @@ -1304,11 +1280,12 @@ gnttab_setup_table(
>>          goto out1;
>>      }
>>  
>> -    d = gt_lock_target_domain_by_id(op.dom);
>> -    if ( IS_ERR(d) )
>> +    d = rcu_lock_domain_by_any_id(op.dom);
>> +    if ( d == NULL )
>>      {
>> -        op.status = PTR_ERR(d);
>> -        goto out1;
>> +        gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
>> +        op.status = GNTST_bad_domain;
> 
> ... you don't.

Actually, I do. The only distinguishing error code here is
GNTST_permission_denied, which is now only triggered by the XSM
hook.

>> --- a/xen/common/memory.c
>> +++ b/xen/common/memory.c
>> @@ -570,7 +570,8 @@ long do_memory_op(unsigned long cmd, 
>> XEN_GUEST_HANDLE(void) arg)
>>               && (reservation.mem_flags & XENMEMF_populate_on_demand) )
>>              args.memflags |= MEMF_populate_on_demand;
>>  
>> -        if ( unlikely(rcu_lock_target_domain_by_id(reservation.domid, &d)) )
>> +        d = rcu_lock_domain_by_any_id(reservation.domid);
>> +        if ( d == NULL )
>>              return start_extent;
>>          args.domain = d;
>>  
>> @@ -619,9 +620,9 @@ long do_memory_op(unsigned long cmd, 
>> XEN_GUEST_HANDLE(void) arg)
>>          if ( copy_from_guest(&domid, arg, 1) )
>>              return -EFAULT;
>>  
>> -        rc = rcu_lock_target_domain_by_id(domid, &d);
>> -        if ( rc )
>> -            return rc;
>> +        d = rcu_lock_domain_by_any_id(domid);
>> +        if ( d == NULL )
>> +            return -ESRCH;
> 
> And quite similarly here and further down you're losing -EPERM.
> 
> Jan
> 
Same logic: rcu_lock_domain_by_any_id will succeed where -EPERM was
returned by rcu_lock_target_domain_by_id; the check is moved to the
XSM hook.

-- 
Daniel De Graaf
National Security Agency

next prev parent reply	other threads:[~2012-09-11 13:26 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-10 19:48 [PATCH v2] Merge IS_PRIV checks into XSM hooks Daniel De Graaf
2012-09-10 19:48 ` [PATCH 01/20] xsm/flask: remove inherited class attributes Daniel De Graaf
2012-09-10 19:48 ` [PATCH 02/20] xsm/flask: remove unneeded create_sid field Daniel De Graaf
2012-09-10 19:48 ` [PATCH 03/20] xen: Add versions of rcu_lock_*_domain without IS_PRIV checks Daniel De Graaf
2012-09-10 19:48 ` [PATCH 04/20] xsm/flask: add domain relabel support Daniel De Graaf
2012-09-10 19:48 ` [PATCH 05/20] libxl: introduce XSM relabel on build Daniel De Graaf
2012-09-10 19:48 ` [PATCH 06/20] flask/policy: Add domain relabel example Daniel De Graaf
2012-09-10 19:49 ` [PATCH 07/20] arch/x86: add distinct XSM hooks for map/unmap Daniel De Graaf
2012-09-10 19:49 ` [PATCH 08/20] arch/x86: add missing XSM checks to XENPF_ commands Daniel De Graaf
2012-09-10 19:49 ` [PATCH 09/20] xsm/flask: Add checks on the domain performing the set_target operation Daniel De Graaf
2012-09-10 19:49 ` [PATCH 10/20] xsm: Add IS_PRIV checks to dummy XSM module Daniel De Graaf
2012-09-11  7:44   ` Jan Beulich
2012-09-11 13:24     ` Daniel De Graaf
2012-09-10 19:49 ` [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated Daniel De Graaf
2012-09-11  7:29   ` Jan Beulich
2012-09-11  9:05     ` Ian Campbell
2012-09-11 13:33       ` Daniel De Graaf
2012-09-11 13:33         ` [PATCH] xen/console: Add domain ID to output if VERBOSE Daniel De Graaf
2012-09-11 14:23           ` Jan Beulich
2012-09-11 14:26             ` Ian Campbell
2012-09-11 14:10     ` [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated Daniel De Graaf
2012-09-10 19:49 ` [PATCH 12/20] xen: avoid calling rcu_lock_*target_domain when an XSM hook exists Daniel De Graaf
2012-09-11  7:36   ` Jan Beulich
2012-09-11 13:26     ` Daniel De Graaf [this message]
2012-09-11 14:15       ` Jan Beulich
2012-09-10 19:49 ` [PATCH 13/20] arch/x86: Add missing domctl and mem_sharing XSM hooks Daniel De Graaf
2012-09-10 19:49 ` [PATCH 14/20] tmem: Add access control check Daniel De Graaf
2012-09-11  7:40   ` Jan Beulich
2012-09-10 19:49 ` [PATCH 15/20] xsm: remove unneeded xsm_call macro Daniel De Graaf
2012-09-10 19:49 ` [PATCH 16/20] xsm/flask: add distinct SIDs for self/target access Daniel De Graaf
2012-09-10 19:49 ` [PATCH 17/20] arch/x86: use XSM hooks for get_pg_owner access checks Daniel De Graaf
2012-09-11  7:55   ` Jan Beulich
2012-09-11 13:40     ` Daniel De Graaf
2012-09-11 14:16       ` Jan Beulich
2012-09-11 14:33         ` Daniel De Graaf
2012-09-11 14:50           ` Jan Beulich
2012-09-10 19:49 ` [PATCH 18/20] xen: Add XSM hook for XENMEM_exchange Daniel De Graaf
2012-09-10 19:49 ` [PATCH 19/20] xen: remove rcu_lock_{remote_, }target_domain_by_id Daniel De Graaf
2012-09-11  7:59   ` Jan Beulich
2012-09-10 19:49 ` [PATCH 20/20] flask: add missing operations Daniel De Graaf
2012-09-10 20:51 ` [PATCH v2] Merge IS_PRIV checks into XSM hooks Keir Fraser
2012-09-10 21:10   ` Daniel De Graaf
2012-09-10 21:13     ` [PATCH 21/20] arch/arm: replace rcu_lock_target_domain_by_id with XSM Daniel De Graaf
2012-09-10 21:35     ` [PATCH v2] Merge IS_PRIV checks into XSM hooks Keir Fraser
2012-09-11  8:54       ` Ian Campbell
2012-09-11 13:49         ` Daniel De Graaf
2012-09-11  8:09     ` Jan Beulich
2012-09-11 13:21       ` Daniel De Graaf
2012-09-11 14:11         ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=504F3C0E.8020901@tycho.nsa.gov \
    --to=dgdegra@tycho.nsa.gov \
    --cc=JBeulich@suse.com \
    --cc=keir@xen.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.