From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>,
Ian Campbell <Ian.Campbell@eu.citrix.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
Tim Deegan <tim@xen.org>, Keir Fraser <keir@xen.org>,
Ian Jackson <Ian.Jackson@eu.citrix.com>
Subject: Re: [PATCH] domctl: fix IRQ permission granting/revocation
Date: Thu, 11 Dec 2014 12:40:00 -0500 [thread overview]
Message-ID: <5489D6F0.4040403@tycho.nsa.gov> (raw)
In-Reply-To: <548991B2020000780004EE44@mail.emea.novell.com>
On 12/11/2014 06:44 AM, Jan Beulich wrote:
>>>> On 10.12.14 at 10:53, <Ian.Campbell@eu.citrix.com> wrote:
>> On Wed, 2014-12-10 at 08:07 +0000, Jan Beulich wrote:
>>> --- a/xen/common/domctl.c
>>> +++ b/xen/common/domctl.c
>>> @@ -981,18 +981,18 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
>>>
>>> case XEN_DOMCTL_irq_permission:
>>> {
>>> - unsigned int pirq = op->u.irq_permission.pirq;
>>> + unsigned int pirq = op->u.irq_permission.pirq, irq;
>>> int allow = op->u.irq_permission.allow_access;
>>>
>>> if ( pirq >= d->nr_pirqs )
>>> ret = -EINVAL;
>>> - else if ( !pirq_access_permitted(current->domain, pirq) ||
>>> + else if ( !(irq = pirq_access_permitted(current->domain, pirq)) ||
>>
>> I find hiding an assignment inside the second condition in a chain of
>> if's to be rather obfuscated. Doing an assignment in a standalone if
>> statement is one thing, this is going to far IMHO.
>
> Changed. My main intention was to avoid having to add another
> "break;".
>
>> Also, you range check pirq against d->nr_pirqs but then translate it
>> against current->domain, is that correct?
>
> No, it's not. As much as xsm_irq_permission(XSM_HOOK, d, pirq, allow)
> is bogus, yet it's not clear to me whether switching that to use the Xen
> IRQ number is okay without any other changes. Daniel?
>
> Jan
At the moment, this XSM hook does not inspect the PIRQ argument, so it
is safe to change it to use the Xen IRQ number. The XSM hooks currently
only inspect the IRQ at mapping time; with this change (and the prior
changes that fixed up the IRQ permissions rangesets), it may make sense
to either add a check here or move the check in order to catch the error
earlier.
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2014-12-11 17:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-10 8:07 [PATCH] domctl: fix IRQ permission granting/revocation Jan Beulich
2014-12-10 9:53 ` Ian Campbell
2014-12-10 10:00 ` Jan Beulich
2014-12-10 10:12 ` Ian Campbell
2014-12-11 11:44 ` Jan Beulich
2014-12-11 17:40 ` Daniel De Graaf [this message]
2014-12-10 10:19 ` Julien Grall
2014-12-10 10:46 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5489D6F0.4040403@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.