All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jason Andryuk <jandryuk@gmail.com>
To: Andrew Cooper <Andrew.Cooper3@citrix.com>
Cc: Xen-devel <xen-devel@lists.xenproject.org>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	 Daniel Smith <dpsmith@apertussolutions.com>,
	Henry Wang <Henry.Wang@arm.com>
Subject: Re: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size
Date: Mon, 21 Nov 2022 10:54:15 -0500	[thread overview]
Message-ID: <CAKf6xps3OQsuFMNOnJ1hoMvk5tnkNpUhPdNRqdPeht9dTvS+jA@mail.gmail.com> (raw)
In-Reply-To: <9a302c19-4f07-77a5-5e41-310498c7cf23@citrix.com>

On Mon, Nov 21, 2022 at 10:46 AM Andrew Cooper
<Andrew.Cooper3@citrix.com> wrote:
>
> On 21/11/2022 15:39, Jason Andryuk wrote:
> > On Mon, Nov 21, 2022 at 9:37 AM Andrew Cooper <andrew.cooper3@citrix.com> wrote:
> >> These were overlooked in the original patch, and noticed by OSSTest which does
> >> run some Flask tests.
> >>
> >> Fixes: 22b20bd98c02 ("xen: Introduce non-broken hypercalls for the paging mempool size")
> >> Suggested-by: Daniel Smith <dpsmith@apertussolutions.com>
> >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> >> ---
> >> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> >> CC: Daniel Smith <dpsmith@apertussolutions.com>
> >> CC: Jason Andryuk <jandryuk@gmail.com>
> >> CC: Henry Wang <Henry.Wang@arm.com>
> > Reviewed-by: Jason Andryuk <jandryuk@gmail.com>
> >
> > Thanks, Andrew.  Though we might want a small tweak - possibly as a follow up?
> >
> >> diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if
> >> index 424daab6a022..6b7b7d403ab4 100644
> >> --- a/tools/flask/policy/modules/xen.if
> >> +++ b/tools/flask/policy/modules/xen.if
> >> @@ -92,7 +92,7 @@ define(`manage_domain', `
> >>         allow $1 $2:domain { getdomaininfo getvcpuinfo getaffinity
> >>                         getaddrsize pause unpause trigger shutdown destroy
> >>                         setaffinity setdomainmaxmem getscheduler resume
> >> -                       setpodtarget getpodtarget };
> >> +                       setpodtarget getpodtarget getpagingmempool setpagingmempool };
> > There is also create_domain_common which is for a dedicated "domain
> > builder" that creates but does not manage domains.  I think that
> > should gain setpagingmempool permission?
>
> Sounds like it should.  Something like this?
>
> diff --git a/tools/flask/policy/modules/xen.if
> b/tools/flask/policy/modules/xen.if
> index 6b7b7d403ab4..11c1562aa5da 100644
> --- a/tools/flask/policy/modules/xen.if
> +++ b/tools/flask/policy/modules/xen.if
> @@ -49,7 +49,8 @@ define(`create_domain_common', `
>         allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize
>                         getdomaininfo hypercall setvcpucontext getscheduler
>                         getvcpuinfo getaddrsize getaffinity setaffinity
> -                       settime setdomainhandle getvcpucontext
> set_misc_info };
> +                       settime setdomainhandle getvcpucontext set_misc_info
> +                       getpagingmempool setpagingmempool };
>         allow $1 $2:domain2 { set_cpu_policy settsc setscheduler setclaim
>                         set_vnumainfo get_vnumainfo cacheflush
>                         psr_cmt_op psr_alloc soft_reset
>
> I can fold this in on commit.

Yes, though strictly speaking it may only need setpagingmempool and
not getpagingmempool.  These are all calls that would execute before
the domain is run.  But adding both is probably fine since the builder
is setting these itself.  i.e. allowing it to read what it set is
fine.

So, yes, I'd just fold this in.

Thanks,
Jason


  reply	other threads:[~2022-11-21 15:54 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-21 14:37 [PATCH for-4.17 0/2] Even more XSA-409 fixes Andrew Cooper
2022-11-21 14:37 ` [PATCH 1/2] tools/libxl: Fixes to libxl__domain_set_paging_mempool_size() Andrew Cooper
2022-11-21 14:45   ` Anthony PERARD
2022-11-21 15:16     ` Henry Wang
2022-11-21 14:37 ` [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size Andrew Cooper
2022-11-21 15:18   ` Henry Wang
2022-11-21 15:39   ` Jason Andryuk
2022-11-21 15:46     ` Andrew Cooper
2022-11-21 15:54       ` Jason Andryuk [this message]
2022-11-21 16:07   ` Daniel P. Smith

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKf6xps3OQsuFMNOnJ1hoMvk5tnkNpUhPdNRqdPeht9dTvS+jA@mail.gmail.com \
    --to=jandryuk@gmail.com \
    --cc=Andrew.Cooper3@citrix.com \
    --cc=Henry.Wang@arm.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=dpsmith@apertussolutions.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.