Re: [PATCH 1/5] xen/domain: Introduce a new check_domain_config() helper

From: "Jan Beulich" <JBeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Julien Grall <julien.grall@arm.com>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 1/5] xen/domain: Introduce a new check_domain_config() helper
Date: Mon, 08 Oct 2018 07:37:50 -0600	[thread overview]
Message-ID: <5BBB5DAE02000078001EF9A7@prv1-mh.provo.novell.com> (raw)
In-Reply-To: <1538751289-1109-2-git-send-email-andrew.cooper3@citrix.com>

>>> On 05.10.18 at 16:54, <andrew.cooper3@citrix.com> wrote:
> Call it from the head of domain_create() (before doing any memory
> allocations), which will apply the checks to dom0 as well as domU's.
> 
> For now, just subsume the XEN_DOMCTL_CDF_* check from XEN_DOMCTL_createdomain.
> This means that the corner case of the toolstack providing bad configuration
> will burn a domid, but production setups shouldn't ever get into this
> situation.

"Burn" as in "skip in the current round", not as in "leak" afaiu?

> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -288,6 +288,18 @@ static void _domain_destroy(struct domain *d)
>      free_domain_struct(d);
>  }
>  
> +static int check_domain_config(struct xen_domctl_createdomain *config)

I was tempted to ask for the parameter to be constified, but since on
its own the code movement here makes no sense (and the description
also doesn't supply any hint), I've peeked into patch 2, where I found
that Arm's arch_check_domain_config() actually modifies the config.
With that I don't consider "check" the right term for the function name;
"sanitize" or "massage" perhaps?

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel