|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] domctl: don't allow certain operations on Dom0
XEN_DOMCTL_setvcpucontext, XEN_DOMCTL_max_vcpus, and
XEN_DOMCTL_setdebugging don't seem to allow Dom0 as the subject domain
(based on the criteria that they pause that domain in order to do their
job).
Apart from this, I wonder about the usefulness of XEN_DOMCTL_max_vcpus
on a domain that was already booted - generally, I would expect OSes to
be allowed to assume they know how many CPUs they might ever run on (at
least Linux indeed does, by requiring that cpu_possible_map never
changes).
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Index: 2008-09-19/xen/common/domctl.c
===================================================================
--- 2008-09-19.orig/xen/common/domctl.c 2008-09-19 13:36:28.000000000 +0200
+++ 2008-09-19/xen/common/domctl.c 2008-09-19 13:36:52.000000000 +0200
@@ -223,7 +223,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
goto svc_out;
ret = -EINVAL;
- if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
+ if ( d == current->domain ||
+ (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
goto svc_out;
if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
@@ -392,14 +393,14 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
struct domain *d;
unsigned int i, max = op->u.max_vcpus.max, cpu;
- ret = -EINVAL;
- if ( max > MAX_VIRT_CPUS )
- break;
-
ret = -ESRCH;
if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
break;
+ ret = -EINVAL;
+ if ( d == current->domain || max > MAX_VIRT_CPUS )
+ break;
+
ret = xsm_max_vcpus(d);
if ( ret )
{
@@ -706,6 +707,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
if ( d == NULL )
break;
+ ret = -EINVAL;
+ if ( d == current->domain )
+ break;
+
ret = xsm_setdebugging(d);
if ( ret )
{
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |