From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Daniel P . Smith" <dpsmith@apertussolutions.com>,
xen-devel@lists.xenproject.org,
Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
George Dunlap <gwd@xenproject.org>, Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Anthony PERARD <anthony@xenproject.org>,
Juergen Gross <jgross@suse.com>,
Stewart Hildebrand <Stewart.Hildebrand@amd.com>,
Huang Rui <ray.huang@amd.com>, Jiqian Chen <Jiqian.Chen@amd.com>
Subject: Re: [XEN PATCH v12 4/7] x86/domctl: Add hypercall to set the access of x86 gsi
Date: Thu, 1 Aug 2024 14:41:14 +0200 [thread overview]
Message-ID: <ZquCatoi50cNI3qR@macbook> (raw)
In-Reply-To: <ec95b413-519d-46a4-be41-ebb6a375612a@suse.com>
On Thu, Aug 01, 2024 at 01:36:16PM +0200, Jan Beulich wrote:
> On 01.08.2024 13:06, Roger Pau Monné wrote:
> > On Mon, Jul 08, 2024 at 07:41:21PM +0800, Jiqian Chen wrote:
> >> Remaining comment @Daniel P . Smith:
> >> + ret = -EPERM;
> >> + if ( !irq_access_permitted(currd, irq) ||
> >> + xsm_irq_permission(XSM_HOOK, d, irq, access_flag) )
> >> + goto gsi_permission_out;
> >> Is it okay to issue the XSM check using the translated value,
> >> not the one that was originally passed into the hypercall?
> >
> > FWIW, I don't see the GSI -> IRQ translation much different from the
> > pIRQ -> IRQ translation done by pirq_access_permitted(), which is also
> > ahead of the xsm check.
>
> The question (which I raised originally) isn't an ordering one, but an
> auditing one: Is it okay to pass the XSM hook a value that isn't what
> was passed into the hypercall?
But that's also the case with the current XEN_DOMCTL_irq_permission
implementation? As the hypercall parameter is a pIRQ, and the XSM
check is done against the translated IRQ obtained from the pIRQ
parameter.
Not saying you question is not relevant, but we already have at least
one very similar instance of doing the XSM check against a value
derived from an hypercall parameter.
Thanks, Roger.
next prev parent reply other threads:[~2024-08-01 12:41 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-08 11:41 [XEN PATCH v12 0/7] Support device passthrough when dom0 is PVH on Xen Jiqian Chen
2024-07-08 11:41 ` [XEN PATCH v12 1/7] xen/pci: Add hypercall to support reset of pcidev Jiqian Chen
2024-07-08 14:56 ` Jan Beulich
2024-07-09 2:47 ` Chen, Jiqian
2024-07-09 6:01 ` Jan Beulich
2024-07-31 15:55 ` Roger Pau Monné
2024-07-31 15:58 ` Jan Beulich
2024-07-31 16:13 ` Roger Pau Monné
2024-08-01 6:49 ` Jan Beulich
2024-08-02 2:56 ` Chen, Jiqian
2024-08-02 2:55 ` Chen, Jiqian
2024-08-02 6:25 ` Jan Beulich
2024-08-02 7:41 ` Chen, Jiqian
2024-08-02 7:43 ` Jan Beulich
2024-08-02 7:44 ` Roger Pau Monné
2024-07-08 11:41 ` [XEN PATCH v12 2/7] x86/pvh: Allow (un)map_pirq when dom0 is PVH Jiqian Chen
2024-07-08 14:58 ` Jan Beulich
2024-07-22 21:37 ` Stefano Stabellini
2024-07-30 13:09 ` Andrew Cooper
2024-07-31 1:47 ` Chen, Jiqian
2024-07-31 8:31 ` Chen, Jiqian
2024-07-31 8:42 ` Jan Beulich
2024-07-31 7:50 ` Roger Pau Monné
2024-07-31 7:58 ` Jan Beulich
2024-07-31 8:24 ` Roger Pau Monné
2024-07-31 8:40 ` Jan Beulich
2024-07-31 8:51 ` Roger Pau Monné
2024-07-31 9:02 ` Jan Beulich
2024-07-31 9:37 ` Roger Pau Monné
2024-07-31 9:55 ` Jan Beulich
2024-07-31 11:29 ` Roger Pau Monné
2024-07-31 11:39 ` Jan Beulich
2024-07-31 13:03 ` Roger Pau Monné
2024-08-02 2:37 ` Chen, Jiqian
2024-08-02 8:11 ` Roger Pau Monné
2024-08-02 8:17 ` Chen, Jiqian
2024-08-02 8:35 ` Roger Pau Monné
2024-08-02 8:40 ` Chen, Jiqian
2024-08-02 9:17 ` Jan Beulich
2024-08-02 9:37 ` Jan Beulich
2024-07-31 8:39 ` Chen, Jiqian
2024-07-08 11:41 ` [XEN PATCH v12 3/7] x86/pvh: Add PHYSDEVOP_setup_gsi for PVH dom0 Jiqian Chen
2024-07-10 8:01 ` Chen, Jiqian
2024-07-11 7:58 ` Chen, Jiqian
2024-07-22 21:38 ` Stefano Stabellini
2024-07-08 11:41 ` [XEN PATCH v12 4/7] x86/domctl: Add hypercall to set the access of x86 gsi Jiqian Chen
2024-07-09 13:08 ` Jan Beulich
2024-07-26 6:55 ` Chen, Jiqian
2024-07-22 22:10 ` Stefano Stabellini
2024-07-26 6:53 ` Chen, Jiqian
2024-07-26 20:16 ` Stefano Stabellini
2024-08-01 11:06 ` Roger Pau Monné
2024-08-01 11:36 ` Jan Beulich
2024-08-01 12:41 ` Roger Pau Monné [this message]
2024-08-01 13:11 ` Jan Beulich
2024-08-02 3:10 ` Chen, Jiqian
2024-08-02 6:27 ` Jan Beulich
2024-08-02 7:44 ` Chen, Jiqian
2024-08-02 7:59 ` Roger Pau Monné
2024-08-02 8:08 ` Roger Pau Monné
2024-08-02 8:23 ` Chen, Jiqian
2024-08-02 9:40 ` Jan Beulich
2024-08-02 12:05 ` Roger Pau Monné
2024-07-08 11:41 ` [XEN PATCH v12 5/7] tools/libxc: Allow gsi be mapped into a free pirq Jiqian Chen
2024-07-09 13:26 ` Jan Beulich
2024-07-10 7:55 ` Chen, Jiqian
2024-08-01 12:55 ` Roger Pau Monné
2024-07-08 11:41 ` [RFC XEN PATCH v12 6/7] tools: Add new function to get gsi from dev Jiqian Chen
2024-07-08 13:27 ` Anthony PERARD
2024-07-09 3:35 ` Chen, Jiqian
2024-07-29 16:30 ` Anthony PERARD
2024-08-01 13:01 ` Roger Pau Monné
2024-08-02 3:13 ` Chen, Jiqian
2024-07-08 11:41 ` [RFC XEN PATCH v12 7/7] tools: Add new function to do PIRQ (un)map on PVH dom0 Jiqian Chen
2024-07-08 14:57 ` Anthony PERARD
2024-07-09 6:18 ` Chen, Jiqian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZquCatoi50cNI3qR@macbook \
--to=roger.pau@citrix.com \
--cc=Jiqian.Chen@amd.com \
--cc=Stewart.Hildebrand@amd.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony@xenproject.org \
--cc=dpsmith@apertussolutions.com \
--cc=gwd@xenproject.org \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=ray.huang@amd.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.