[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [IA64] Hypercalls are only allowed by kernels.

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Mar 2006 00:52:10 +0000
Delivery-date: Thu, 23 Mar 2006 00:54:08 +0000
List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch
# User awilliam@xxxxxxxxxxx
# Node ID 9afd25b90af4b7908acd0dd82996f9331ce94cfa
# Parent  1dc45879fa5c925ef73eef76ab07a5b11e28e574
[IA64] Hypercalls are only allowed by kernels.

Add the "unsafe_hypercall" command line option to allow
some unsafe user hypercalls.

Signed-off-by: Tristan Gingold <tristan.gingold@xxxxxxxx>

diff -r 1dc45879fa5c -r 9afd25b90af4 xen/arch/ia64/xen/hypercall.c
--- a/xen/arch/ia64/xen/hypercall.c     Mon Mar 20 16:55:32 2006
+++ b/xen/arch/ia64/xen/hypercall.c     Mon Mar 20 16:56:58 2006
@@ -231,14 +231,27 @@
        return 1;
 }
 
+/* opt_unsafe_hypercall: If true, unsafe debugging hypercalls are allowed.
+   These can create security hole.  */
+static int opt_unsafe_hypercall = 0;
+boolean_param("unsafe_hypercall", opt_unsafe_hypercall);
+
 int
 ia64_hypercall (struct pt_regs *regs)
 {
        struct vcpu *v = current;
        unsigned long index = regs->r2;
+       int privlvl = (regs->cr_ipsr & IA64_PSR_CPL) >> IA64_PSR_CPL0_BIT;
 
        if (index >= FW_HYPERCALL_FIRST_USER) {
-           switch (index) {
+           /* Note: user hypercalls are not safe, since Xen doesn't
+              check memory access privilege: Xen does not deny reading
+              or writing to kernel memory.  */
+           if (!opt_unsafe_hypercall) {
+               printf("user xen/ia64 hypercalls disabled\n");
+               regs->r8 = -1;
+           }
+           else switch (index) {
                case 0xffff:
                        regs->r8 = dump_privop_counts_to_user(
                                (char *) vcpu_get_gr(v,32),
@@ -255,19 +268,18 @@
            }
            return 1;
        }
-       else if (index >= FW_HYPERCALL_FIRST_ARCH) {
-           int privlvl;
-
-           /* Firmware calls are only allowed in kernel.  */
-           privlvl = (regs->cr_ipsr & IA64_PSR_CPL) >> IA64_PSR_CPL0_BIT;
-           if (privlvl != 2) {
-               /* FIXME: Return a better error value ?
-                  Reflextion ? Illegal operation ?  */
-               regs->r8 = -1;
-               return 1;
-           }
-           else
-               return fw_hypercall (regs);
-       } else
+
+       /* Hypercalls are only allowed by kernel.
+          Kernel checks memory accesses.  */
+       if (privlvl != 2) {
+           /* FIXME: Return a better error value ?
+              Reflection ? Illegal operation ?  */
+           regs->r8 = -1;
+           return 1;
+       }
+
+       if (index >= FW_HYPERCALL_FIRST_ARCH)
+           return fw_hypercall (regs);
+       else
            return xen_hypercall (regs);
 }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [IA64] Check privilege level for pal/sal/efi calls.
Next by Date: [Xen-changelog] [IA64] EFI_RESET_SYSTEM now reboots domU.
Previous by thread: [Xen-changelog] [IA64] Check privilege level for pal/sal/efi calls.
Next by thread: [Xen-changelog] [IA64] EFI_RESET_SYSTEM now reboots domU.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.