WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] domctl: don't allow certain operations on

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] domctl: don't allow certain operations on Dom0
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Sep 2008 11:20:14 -0700
Delivery-date: Mon, 22 Sep 2008 11:20:27 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1222093225 -3600
# Node ID 1c09b810f97757288a0908b22d9d2b11c5d13501
# Parent  40233384ffe31a0238743618755a906209c79763
domctl: don't allow certain operations on Dom0

XEN_DOMCTL_setvcpucontext, XEN_DOMCTL_max_vcpus, and
XEN_DOMCTL_setdebugging don't seem to allow Dom0 as the subject domain
(based on the criteria that they pause that domain in order to do
their job).

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
---
 xen/common/domctl.c |   22 +++++++++++++++++-----
 1 files changed, 17 insertions(+), 5 deletions(-)

diff -r 40233384ffe3 -r 1c09b810f977 xen/common/domctl.c
--- a/xen/common/domctl.c       Mon Sep 22 15:15:19 2008 +0100
+++ b/xen/common/domctl.c       Mon Sep 22 15:20:25 2008 +0100
@@ -223,7 +223,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
             goto svc_out;
 
         ret = -EINVAL;
-        if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
+        if ( (d == current->domain) || /* no domain_pause() */
+             (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
             goto svc_out;
 
         if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
@@ -392,13 +393,17 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         struct domain *d;
         unsigned int i, max = op->u.max_vcpus.max, cpu;
 
-        ret = -EINVAL;
-        if ( max > MAX_VIRT_CPUS )
-            break;
-
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
+
+        ret = -EINVAL;
+        if ( (d == current->domain) || /* no domain_pause() */
+             (max > MAX_VIRT_CPUS) )
+        {
+            rcu_unlock_domain(d);
+            break;
+        }
 
         ret = xsm_max_vcpus(d);
         if ( ret )
@@ -705,6 +710,13 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
+
+        ret = -EINVAL;
+        if ( d == current->domain ) /* no domain_pause() */
+        {
+            rcu_unlock_domain(d);
+            break;
+        }
 
         ret = xsm_setdebugging(d);
         if ( ret )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] domctl: don't allow certain operations on Dom0, Xen patchbot-unstable <=