Re: [PATCH 08/18] xen: Add DOMID_SELF support to rcu_lock_domain_by_id

[Daniel De Graaf <dgdegra@tycho.nsa.gov>]

On 08/06/2012 11:50 AM, Jan Beulich wrote:
>>>> On 06.08.12 at 17:19, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> On 08/06/2012 11:07 AM, Jan Beulich wrote:
>>>>>> On 06.08.12 at 16:32, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>>>> Callers that want to prevent use of DOMID_SELF already need to ensure
>>>> the calling domain does not pass its own domain ID. This removes the
>>>> need for the caller to manually support DOMID_SELF, which many already
>>>> do.
>>>
>>> I'm not really sure this is correct. At the very least it changes the
>>> return value of rcu_lock_remote_target_domain_by_id() when
>>> called with DOMID_SELF (from -ESRCH to -EPERM).
>>
>> This series ends up eliminating that function in patch #18, so that
>> part is taken care of.
> 
> But may, in case of problems, then not be fully bi-sectable.

Do we depend on the exact error return codes in non-error code paths?
I would think most attempts to bisect would work just fine as the
function will still be returning an error. I'm not sure ESRCH is
really the best error to return here anyway: the problem is not that
a domain with my_own_domid or DOMID_SELF couldn't be found, it's that
you can't specify that domain for this operation.
 
>>> I'm also not convinced that a distinction between a domain knowing
>>> its ID and one passing DOMID_SELF isn't/can't be useful. That of
>>> course depends on whether the ID can be fully hidden from a guest
>>> (obviously pure HVM guests would never know their ID, but then
>>> again they also would never pass DOMID_SELF anywhere; it might
>>> be, however, that they could get the latter passed on their behalf
>>> e.g. from some emulation function).
>>
>> I don't think we can (or want to) make it impossible for a guest to find
>> out its own domain ID. I agree that the distinction between DOMID_SELF and
>> my_own_domid can be a useful distinction in some cases. Most of those cases
>> in Xen that I have seen already handle this at the caller.
>>
>> Another solution here is to create a function rcu_lock_domain_by_any_id that
>> is identical to rcu_lock_domain_by_id except for handling DOMID_SELF.
> 
> Maybe. I'd like to see Keir's position regarding all of the details
> here anyway.
> 
> Jan
> 
> 
> 


-- 
Daniel De Graaf
National Security Agency