[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] arch: ensure idle domain is not left privileged

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 5 Apr 2022 08:24:50 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1649161517; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=fR/2PJkBquhZn9cqmyUgmmbvio8ZT+SIOP6kXLDgiwI=; b=H/z2c9V5sMCQNYHlfLw0a/MGNSe0+O/oActtBKt9ELP/Vjt06j8CnrDNfiOoAYqcZMVSXFu6PjpECqsmOxu6eRsCfbJH12G6zFb9C4jaD6BR/vM0JWWH4+SLR0t1XibzFrrmwKBcyFNH0B7zPRZBQzDu4CwhIKBlNKncnJ2nf3s=
  • Arc-seal: i=1; a=rsa-sha256; t=1649161517; cv=none; d=zohomail.com; s=zohoarc; b=X7kZ0oR51UZopkxbvr3/rdqmyTBa5QiM/mN6bE9vW4TCB4qvJDMmg4Qnsw1DwxBH4RgHL1QFDuq94bd7uJGEmk9Tm/HTL7xNuDuoota8y5N/v9pQBtOws/bvc0yvDBG0DOwArNTVelOUXP3KEMufi2EqG23so8w1D9A+f4kmRjw=
  • Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 05 Apr 2022 12:25:29 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 4/5/22 04:26, Jan Beulich wrote:
> On 31.03.2022 01:05, Daniel P. Smith wrote:
>> --- a/xen/arch/x86/setup.c
>> +++ b/xen/arch/x86/setup.c
>> @@ -589,6 +589,9 @@ static void noinline init_done(void)
>>      void *va;
>>      unsigned long start, end;
>>  
>> +    /* Ensure idle domain was not left privileged */
>> +    ASSERT(current->domain->is_privileged == false) ;
> 
> I think this should be stronger than ASSERT(); I'd recommend calling
> panic(). Also please don't compare against "true" or "false" - use
> ordinary boolean operations instead (here it would be
> "!current->domain->is_privileged").

Ack.

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.