On 02/05/2023 10:33 am, Roger Pau Monné wrote: > On Tue, May 02, 2023 at 10:27:39AM +0100, Andrew Cooper wrote: >> On 02/05/2023 8:17 am, Jan Beulich wrote: >>> The hook being able to deny access to data for certain domains means >>> that no caller can assume to have a system-wide picture when holding the >>> results. >>> >>> Wouldn't it make sense to permit the function to merely "count" domains? >>> While racy in general (including in its present, "normal" mode of >>> operation), within a tool stack this could be used as long as creation >>> of new domains is suppressed between obtaining the count and then using >>> it. >> This would not be the first example of the XSM hooks being tantamount to >> useless. I doubt it will be the last either. >> >> With the rest of Alejandro's series in place, all requests for a single >> domid's worth of info use the domctl, and all requests for all domains >> use the systctl. >> >> >> As a result, we can retrofit some sanity and change the meaning of the >> XSM hook here for the sysctl, to mean "can see a systemwide view" (or >> not). This moves the check out of the loop, and fixes the behaviour. > Don't we still need some kind of loop, as the current getdomaininfo() > XSM hook expects a domain parameter in order to check whether the > caller has permissions over it? > > Or we plan to introduce a new hook that reports whether a caller has > permissions over all domains?
New hook. The current behaviour of skipping certain entries is fundamentally broken, and needs not to stay. ~Andrew
