From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49205) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e1yFa-0000ZR-UE for qemu-devel@nongnu.org; Tue, 10 Oct 2017 13:23:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e1yFV-0004U3-DZ for qemu-devel@nongnu.org; Tue, 10 Oct 2017 13:23:26 -0400 Received: from smtp02.citrix.com ([66.165.176.63]:15684) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1e1yFV-0004TA-08 for qemu-devel@nongnu.org; Tue, 10 Oct 2017 13:23:21 -0400 Date: Tue, 10 Oct 2017 12:40:01 +0100 From: Anthony PERARD Message-ID: <20171010114001.GF1771@perard.uk.xensource.com> References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com> <1507133891-26013-4-git-send-email-ian.jackson@eu.citrix.com> <20171009155044.GC1771@perard.uk.xensource.com> <23003.43689.447516.6588@mariner.uk.xensource.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <23003.43689.447516.6588@mariner.uk.xensource.com> Subject: Re: [Qemu-devel] [PATCH 3/8] xen: defer call to xen_restrict until after os_setup_post List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Ian Jackson Cc: qemu-devel@nongnu.org, Ross Lagerwall , xen-devel@lists.xenproject.org, Juergen Gross , Stefano Stabellini On Mon, Oct 09, 2017 at 05:58:17PM +0100, Ian Jackson wrote: > (My resend has crossed with your review. Sorry about that.) > > Anthony PERARD writes ("Re: [PATCH 3/8] xen: defer call to xen_restrict until after os_setup_post"): > > On Wed, Oct 04, 2017 at 05:18:06PM +0100, Ian Jackson wrote: > > > > +void xen_setup_post(void) > > > +{ > > > + int rc; > > > > We probably want to check here if Xen is enable (via xen_enabled()). > > xen_domid_restrict could be true when Xen is not used, even if it does > > not make sense to use -xen-domid-restrict in that case. > > Should -xen-domid-restrict without xen_enabled() not fail ? IMO it is > normally better for an option which requests enhanced security to fail > when it can't do its job, rather than just hoping that its > inapplicability is intentional. I'm tring to find out what does calling xen_restrict_all(0), when running an non-Xen guest. I think it would just lock(), then unlock() then there should not be any handle to restrict, and return 0; is that right? So I think the code is fine like this. I'll put my Reviewed-by to the last version. Thanks. > OTOH I suppose there is an argument that without xen_enabled() the > function of -xen-domid-restrict is achieved, in that without > xen_enabled() qemu is unable (after dropping privileges) to act on > Xen domains at all... > > Thanks, > Ian. -- Anthony PERARD From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony PERARD Subject: Re: [PATCH 3/8] xen: defer call to xen_restrict until after os_setup_post Date: Tue, 10 Oct 2017 12:40:01 +0100 Message-ID: <20171010114001.GF1771@perard.uk.xensource.com> References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com> <1507133891-26013-4-git-send-email-ian.jackson@eu.citrix.com> <20171009155044.GC1771@perard.uk.xensource.com> <23003.43689.447516.6588@mariner.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1yFT-0005zY-FU for xen-devel@lists.xenproject.org; Tue, 10 Oct 2017 17:23:19 +0000 Content-Disposition: inline In-Reply-To: <23003.43689.447516.6588@mariner.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Ian Jackson Cc: Juergen Gross , Ross Lagerwall , Stefano Stabellini , qemu-devel@nongnu.org, xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org T24gTW9uLCBPY3QgMDksIDIwMTcgYXQgMDU6NTg6MTdQTSArMDEwMCwgSWFuIEphY2tzb24gd3Jv dGU6Cj4gKE15IHJlc2VuZCBoYXMgY3Jvc3NlZCB3aXRoIHlvdXIgcmV2aWV3LiAgU29ycnkgYWJv dXQgdGhhdC4pCj4gCj4gQW50aG9ueSBQRVJBUkQgd3JpdGVzICgiUmU6IFtQQVRDSCAzLzhdIHhl bjogZGVmZXIgY2FsbCB0byB4ZW5fcmVzdHJpY3QgdW50aWwgYWZ0ZXIgb3Nfc2V0dXBfcG9zdCIp Ogo+ID4gT24gV2VkLCBPY3QgMDQsIDIwMTcgYXQgMDU6MTg6MDZQTSArMDEwMCwgSWFuIEphY2tz b24gd3JvdGU6Cj4gCj4gPiA+ICt2b2lkIHhlbl9zZXR1cF9wb3N0KHZvaWQpCj4gPiA+ICt7Cj4g PiA+ICsgICAgaW50IHJjOwo+ID4gCj4gPiBXZSBwcm9iYWJseSB3YW50IHRvIGNoZWNrIGhlcmUg aWYgWGVuIGlzIGVuYWJsZSAodmlhIHhlbl9lbmFibGVkKCkpLgo+ID4geGVuX2RvbWlkX3Jlc3Ry aWN0IGNvdWxkIGJlIHRydWUgd2hlbiBYZW4gaXMgbm90IHVzZWQsIGV2ZW4gaWYgaXQgZG9lcwo+ ID4gbm90IG1ha2Ugc2Vuc2UgdG8gdXNlIC14ZW4tZG9taWQtcmVzdHJpY3QgaW4gdGhhdCBjYXNl Lgo+IAo+IFNob3VsZCAteGVuLWRvbWlkLXJlc3RyaWN0IHdpdGhvdXQgeGVuX2VuYWJsZWQoKSBu b3QgZmFpbCA/ICBJTU8gaXQgaXMKPiBub3JtYWxseSBiZXR0ZXIgZm9yIGFuIG9wdGlvbiB3aGlj aCByZXF1ZXN0cyBlbmhhbmNlZCBzZWN1cml0eSB0byBmYWlsCj4gd2hlbiBpdCBjYW4ndCBkbyBp dHMgam9iLCByYXRoZXIgdGhhbiBqdXN0IGhvcGluZyB0aGF0IGl0cwo+IGluYXBwbGljYWJpbGl0 eSBpcyBpbnRlbnRpb25hbC4KCkknbSB0cmluZyB0byBmaW5kIG91dCB3aGF0IGRvZXMgY2FsbGlu ZyB4ZW5fcmVzdHJpY3RfYWxsKDApLCB3aGVuCnJ1bm5pbmcgYW4gbm9uLVhlbiBndWVzdC4gSSB0 aGluayBpdCB3b3VsZCBqdXN0IGxvY2soKSwgdGhlbiB1bmxvY2soKQp0aGVuIHRoZXJlIHNob3Vs ZCBub3QgYmUgYW55IGhhbmRsZSB0byByZXN0cmljdCwgYW5kIHJldHVybiAwOyBpcyB0aGF0CnJp Z2h0PwoKU28gSSB0aGluayB0aGUgY29kZSBpcyBmaW5lIGxpa2UgdGhpcy4gSSdsbCBwdXQgbXkg UmV2aWV3ZWQtYnkgdG8gdGhlCmxhc3QgdmVyc2lvbi4KClRoYW5rcy4KCj4gT1RPSCBJIHN1cHBv c2UgdGhlcmUgaXMgYW4gYXJndW1lbnQgdGhhdCB3aXRob3V0IHhlbl9lbmFibGVkKCkgdGhlCj4g ZnVuY3Rpb24gb2YgLXhlbi1kb21pZC1yZXN0cmljdCBpcyBhY2hpZXZlZCwgaW4gdGhhdCB3aXRo b3V0Cj4geGVuX2VuYWJsZWQoKSBxZW11IGlzIHVuYWJsZSAoYWZ0ZXIgZHJvcHBpbmcgcHJpdmls ZWdlcykgdG8gYWN0IG9uCj4gWGVuIGRvbWFpbnMgYXQgYWxsLi4uCj4gCj4gVGhhbmtzLAo+IElh bi4KCi0tIApBbnRob255IFBFUkFSRAoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVu Lm9yZwpodHRwczovL2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==