[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] arch: ensure idle domain is not left privileged

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 5 Apr 2022 10:26:57 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d27+30hA0jLtQPGYSSic12DifZW7BygFpuU8vKCLWx4=; b=ePdQ1WyUzIvzBM8JcGi7wE+mK/VWBu4jG6T5iOifNohNrZnTOTqUStCeAwkpxzD2YJoV9FDkOsI9CD20ZmESd+l+2rvvnPGGGi1LW/Icq2sUiKoxD89+v/tPeh3ZwkzxtJpSI+jTIS9mj0ET2ygy0GeZOdPpalZRQEzDbzN4aFsdJCCzP1E476ChZM52iDmNELqUhOHL8PFbzTLQNpcj0ZNYBS3xPnvZhL+fsEPQMw7A1OaTnkA9anzsBZ8oXO2X1krj5KgSjX5xIpAUcWJhT+TfeDF1KlXWl7LL/9Qsj7pztl1k4z+HI37g8XKc5xfc3mDt5U/1lOlF+SKg+TyrBw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BgDz6tu2L9QoeUPltQN/4QwM9XURQxjVhYV9gt3C903Sd3RvYAxhALhj7yE8JQU7XigVx3oFeWBQsp4u4Oz9U9KiP6qn4WKLCQzgVJgrSxh8z7GiXKwcshbsJbvo40/QEvnV/Wsxn+3PrJYoRTE+m1qoDXh7URZ7TTu4Y9JOCFcDVl4KxWcHNntghYK92IaGD3KWqeJhYItOlX2a4XCYAvevaixx35B59yb/Vbi69aROq5QETO3qpxagzDMuVggucOW/wMbshOJ4YXFwPFW03H/0QK48/53LV8nxy4GySIerO+xfMz5RBk5uusia3ENiW8pDi8jkmmegyp7p6ttuVQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 05 Apr 2022 08:27:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 31.03.2022 01:05, Daniel P. Smith wrote:
> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -589,6 +589,9 @@ static void noinline init_done(void)
>      void *va;
>      unsigned long start, end;
>  
> +    /* Ensure idle domain was not left privileged */
> +    ASSERT(current->domain->is_privileged == false) ;

I think this should be stronger than ASSERT(); I'd recommend calling
panic(). Also please don't compare against "true" or "false" - use
ordinary boolean operations instead (here it would be
"!current->domain->is_privileged").

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.