RE: [Xen-devel] [PATCH 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT

From: Paul Durrant
Date: Thu Feb 09 2017 - 09:48:05 EST

Next message: Peter Zijlstra: "Re: [PATCHSET for-4.11] cgroup: implement cgroup v2 thread mode"
Previous message: Rajneesh Bhardwaj: "Re: [PATCH] platform/x86: intel_pmc_ipc: read s0ix residency API"
In reply to: Jan Beulich: "Re: [Xen-devel] [PATCH 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: 09 February 2017 14:43
> To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx; Boris Ostrovsky
> <boris.ostrovsky@xxxxxxxxxx>; Juergen Gross <JGross@xxxxxxxx>; linux-
> kernel@xxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] [PATCH 3/3] xen/privcmd: add
> IOCTL_PRIVCMD_RESTRICT
>
> >>> On 09.02.17 at 15:17, <paul.durrant@xxxxxxxxxx> wrote:
> > @@ -666,6 +680,20 @@ static long privcmd_ioctl_dm_op(void __user
> *udata)
> > return rc;
> > }
> >
> > +static long privcmd_ioctl_restrict(struct file *file, void __user *udata)
> > +{
> > + struct privcmd_data *data = file->private_data;
> > + domid_t dom;
> > +
> > + if (copy_from_user(&dom, udata, sizeof(dom)))
> > + return -EFAULT;
> > +
> > + /* Set restriction to the specified domain */
> > + data->domid = dom;
> > +
> > + return 0;
> > +}
>
> Is it really intended for the caller to be able to undo this, by passing
> in DOMID_INVALID?

Good point. I was intending to fix that, but forgot.

Paul

>
> Jan

Next message: Peter Zijlstra: "Re: [PATCHSET for-4.11] cgroup: implement cgroup v2 thread mode"
Previous message: Rajneesh Bhardwaj: "Re: [PATCH] platform/x86: intel_pmc_ipc: read s0ix residency API"
In reply to: Jan Beulich: "Re: [Xen-devel] [PATCH 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]