xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Keir Fraser <keir@xen.org>, Tim Deegan <tim@xen.org>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Ian Campbell <ian.campbell@citrix.com>,
	xen-devel@lists.xen.org
Subject: Re: [PATCH v5 2/2] allow hardware domain != dom0
Date: Thu, 17 Apr 2014 10:19:04 -0400	[thread overview]
Message-ID: <534FE2D8.8060603@tycho.nsa.gov> (raw)
In-Reply-To: <534F9DBD0200007800009DCD@nat28.tlf.novell.com>

On 04/17/2014 03:24 AM, Jan Beulich wrote:
>>>> On 16.04.14 at 21:13, <dgdegra@tycho.nsa.gov> wrote:
>> On 04/16/2014 03:06 PM, Andrew Cooper wrote:
>>> On 16/04/14 19:56, Daniel De Graaf wrote:
>>>>    static unsigned int __read_mostly extra_dom0_irqs = 256;
>>>>    static unsigned int __read_mostly extra_domU_irqs = 32;
>>>>    static void __init parse_extra_guest_irqs(const char *s)
>>>> @@ -192,7 +242,7 @@ custom_param("extra_guest_irqs", parse_extra_guest_irqs);
>>>>    struct domain *domain_create(
>>>>        domid_t domid, unsigned int domcr_flags, uint32_t ssidref)
>>>>    {
>>>> -    struct domain *d, **pd;
>>>> +    struct domain *d, **pd, *old_hwdom = NULL;
>>>>        enum { INIT_xsm = 1u<<0, INIT_watchdog = 1u<<1, INIT_rangeset = 1u<<2,
>>>>               INIT_evtchn = 1u<<3, INIT_gnttab = 1u<<4, INIT_arch = 1u<<5 };
>>>>        int err, init_status = 0;
>>>> @@ -237,10 +287,12 @@ struct domain *domain_create(
>>>>        else if ( domcr_flags & DOMCRF_pvh )
>>>>            d->guest_type = guest_type_pvh;
>>>>
>>>> -    if ( domid == 0 )
>>>> +    if ( domid == 0 || domid == hardware_domid )
>>>>        {
>>>> +        BUG_ON(domid >= DOMID_FIRST_RESERVED);
>>>
>>> Domid is a signed type.
>>>
>>> You also need ensure it is not negative, as assign_integer_param() from
>>> the command line parsing writes all values as unsigned.
>>
>> While this is true, the domain ID has already been validated by the caller
>> of domain_create and so there is no need to check for domid < 0 here.  If
>> someone assigns an out-of-range domain ID to the hardware_domid field, the
>> system will act the same as if any other unused domain ID is specified: a
>> technically working but realistically unusable system.
>
> The thing is that you check the wrong entity: domid is always valid
> (as it is being picked by the caller) - you really want to BUG_ON() or
> panic() upon seeing hardware_domid >= DOMID_FIRST_RESERVED (and
> indeed I think in this case panic() would be the better option, as it
> gives a descriptive message for bad user input rather than a crash
> the reason for which one needs to look up in sources).
>
> As that's the only (non-cosmetic) change request, I'd be fine doing
> that change while committing, unless I hear to the contrary.
>
> Jan

That change is fine with me.


-- 
Daniel De Graaf
National Security Agency

  reply	other threads:[~2014-04-17 14:19 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-16 18:56 [PATCH v5 1/2] implement is_hardware_domain using hardware_domain global Daniel De Graaf
2014-04-16 18:56 ` [PATCH v5 2/2] allow hardware domain != dom0 Daniel De Graaf
2014-04-16 19:06   ` Andrew Cooper
2014-04-16 19:13     ` Daniel De Graaf
2014-04-17  7:24       ` Jan Beulich
2014-04-17 14:19         ` Daniel De Graaf [this message]
2014-04-17 15:00   ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=534FE2D8.8060603@tycho.nsa.gov \
    --to=dgdegra@tycho.nsa.gov \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=ian.campbell@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=keir@xen.org \
    --cc=tim@xen.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).