|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 06/10] xsm/flask: Improve error reporting for ocontexts
Instead of returning -EINVAL for all errors, return -EEXIST if adding an
entry that overlaps with an existing entry, and -ENOENT if attempting to
remove an entry that does not exist. Adding an ocontext that already
exists with the same SID is no longer an error.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
xen/xsm/flask/ss/services.c | 29 +++++++++++++++++++++--------
1 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c
index 7b08e73..3b0acf5 100644
--- a/xen/xsm/flask/ss/services.c
+++ b/xen/xsm/flask/ss/services.c
@@ -2084,8 +2084,10 @@ int security_ocontext_add( char *ocontext, unsigned long
low, unsigned long high
{
if ( c->u.pirq == add->u.pirq )
{
+ if ( c->sid[0] == sid )
+ break;
printk("%s: Duplicate pirq %d\n", __FUNCTION__, add->u.pirq);
- ret = -EINVAL;
+ ret = -EEXIST;
break;
}
c = c->next;
@@ -2112,10 +2114,14 @@ int security_ocontext_add( char *ocontext, unsigned
long low, unsigned long high
if (c && c->u.ioport.low_ioport <= high)
{
+ if (c->u.ioport.low_ioport == low &&
+ c->u.ioport.high_ioport == high && c->sid[0] == sid)
+ break;
+
printk("%s: IO Port overlap with entry 0x%x - 0x%x\n",
__FUNCTION__, c->u.ioport.low_ioport,
c->u.ioport.high_ioport);
- ret = -EINVAL;
+ ret = -EEXIST;
break;
}
@@ -2142,10 +2148,14 @@ int security_ocontext_add( char *ocontext, unsigned
long low, unsigned long high
if (c && c->u.iomem.low_iomem <= high)
{
+ if (c->u.iomem.low_iomem == low &&
+ c->u.iomem.high_iomem == high && c->sid[0] == sid)
+ break;
+
printk("%s: IO Memory overlap with entry 0x%x - 0x%x\n",
__FUNCTION__, c->u.iomem.low_iomem,
c->u.iomem.high_iomem);
- ret = -EINVAL;
+ ret = -EEXIST;
break;
}
@@ -2171,9 +2181,12 @@ int security_ocontext_add( char *ocontext, unsigned long
low, unsigned long high
{
if ( c->u.device == add->u.device )
{
+ if ( c->sid[0] == sid )
+ break;
+
printk("%s: Duplicate PCI Device 0x%x\n", __FUNCTION__,
add->u.device);
- ret = -EINVAL;
+ ret = -EEXIST;
break;
}
c = c->next;
@@ -2230,7 +2243,7 @@ int security_ocontext_del( char *ocontext, unsigned int
low, unsigned int high )
}
printk("%s: ocontext not found: pirq %d\n", __FUNCTION__, low);
- ret = -EINVAL;
+ ret = -ENOENT;
break;
case OCON_IOPORT:
@@ -2257,7 +2270,7 @@ int security_ocontext_del( char *ocontext, unsigned int
low, unsigned int high )
printk("%s: ocontext not found: ioport 0x%x - 0x%x\n", __FUNCTION__,
low, high);
- ret = -EINVAL;
+ ret = -ENOENT;
break;
case OCON_IOMEM:
@@ -2284,7 +2297,7 @@ int security_ocontext_del( char *ocontext, unsigned int
low, unsigned int high )
printk("%s: ocontext not found: iomem 0x%x - 0x%x\n", __FUNCTION__,
low, high);
- ret = -EINVAL;
+ ret = -ENOENT;
break;
case OCON_DEVICE:
@@ -2309,7 +2322,7 @@ int security_ocontext_del( char *ocontext, unsigned int
low, unsigned int high )
}
printk("%s: ocontext not found: pcidevice 0x%x\n", __FUNCTION__, low);
- ret = -EINVAL;
+ ret = -ENOENT;
break;
default:
--
1.7.7.6
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |