From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <ian.campbell@citrix.com>
Subject: Re: [PATCH v1 1/4] xsm/libxl/xen_version: Add XSM for
 some of the xen_version commands.
Date: Fri, 9 Oct 2015 10:31:51 +0100
Message-ID: <1444383111.1410.314.camel@citrix.com>
References: <1444359390-14153-1-git-send-email-konrad.wilk@oracle.com>
	<1444359390-14153-2-git-send-email-konrad.wilk@oracle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <prvs=717dc9c5a=Ian.Campbell@citrix.com>)
	id 1ZkU1s-0000pZ-2i
	for xen-devel@lists.xenproject.org; Fri, 09 Oct 2015 09:31:56 +0000
In-Reply-To: <1444359390-14153-2-git-send-email-konrad.wilk@oracle.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, xen-devel@lists.xenproject.org, wei.liu2@citrix.com, ian.jackson@eu.citrix.com, jbeulich@suse.com, andrew.cooper3@citrix.com, mpohlack@amazon.de, dgdegra@tycho.nsa.gov
List-Id: xen-devel@lists.xenproject.org

On Thu, 2015-10-08 at 22:56 -0400, Konrad Rzeszutek Wilk wrote:
> The XENVER_[compile_info|changeset|commandline] are now
> guarded by an XSM check.

I can guess, but please explain/justify why this is the case for these
here.

> The rest: XENVER_[version|extraversion|capabilities|
> parameters|get_features|page_size|guest_handle] behave
> as before (no XSM check).

and correspondingly why these ones to not warrant such a change.

> As such we also modify the toolstack such that if we fail
> to get any data instead of printing (null) we just print "".

Perhaps the hypervisor should instead return "<denied>" or some suitable
string indicating why (<denied-xsm>)?

> @@ -720,4 +720,28 @@ static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG
> struct domain *d, unsigned int
>      }
>  }
>  
> +#include <public/version.h>
> +static XSM_INLINE int xsm_version_op (XSM_DEFAULT_ARG uint32_t op)
> +{
> +    XSM_ASSERT_ACTION(XSM_PRIV);
> +    switch ( op )
> +    {
> +    case XENVER_compile_info:
> +    case XENVER_changeset:
> +    case XENVER_commandline:
> +        return xsm_default_action(XSM_PRIV, current->domain, NULL);
> +    case XENVER_version:
> +    case XENVER_extraversion:
> +    case XENVER_capabilities:
> +    case XENVER_platform_parameters:
> +    case XENVER_get_features:
> +    case XENVER_pagesize:
> +    case XENVER_guest_handle:
> +        /* The should _NEVER_ get here, but just in case. */

BUG_ON?

IMHO such a comment should have a "because ..." in it.

Actually, thinking about it, instead of splitting access control between
do_xen_version and here it would be more normal to have this function DTRT
and for it to be called unconditionally.

Ian.