|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 11/18] xen: use XSM instead of IS_PRIV where duplicated
The Xen hypervisor has two basic access control function calls: IS_PRIV
and the xsm_* functions. Most privileged operations currently require
that both checks succeed, and many times the checks are at different
locations in the code. This patch eliminates the explicit and implicit
IS_PRIV checks that are duplicated in XSM hooks. When XSM_ENABLE is not
defined or when the dummy XSM module is used, this patch should not
change any functionality.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
xen/arch/x86/acpi/power.c | 2 +-
xen/arch/x86/cpu/mcheck/mce.c | 3 --
xen/arch/x86/domctl.c | 25 ++++++++--
xen/arch/x86/hvm/hvm.c | 96 +++++++++++++++++++--------------------
xen/arch/x86/irq.c | 3 +-
xen/arch/x86/mm.c | 25 ++++------
xen/arch/x86/physdev.c | 54 ----------------------
xen/arch/x86/platform_hypercall.c | 3 --
xen/common/domctl.c | 33 ++------------
xen/common/event_channel.c | 18 ++++----
xen/common/grant_table.c | 70 ++++++++--------------------
xen/common/kexec.c | 3 --
xen/common/memory.c | 29 ++++--------
xen/common/schedule.c | 6 ---
xen/common/sysctl.c | 3 --
15 files changed, 119 insertions(+), 254 deletions(-)
diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index 9e1f989..c7b37ef 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -238,7 +238,7 @@ static long enter_state_helper(void *data)
*/
int acpi_enter_sleep(struct xenpf_enter_acpi_sleep *sleep)
{
- if ( !IS_PRIV(current->domain) || !acpi_sinfo.pm1a_cnt_blk.address )
+ if ( !acpi_sinfo.pm1a_cnt_blk.address )
return -EPERM;
/* Sanity check */
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index ed76131..4176bae 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1381,9 +1381,6 @@ long do_mca(XEN_GUEST_HANDLE(xen_mc_t) u_xen_mc)
struct xen_mc_msrinject *mc_msrinject;
struct xen_mc_mceinject *mc_mceinject;
- if (!IS_PRIV(v->domain) )
- return x86_mcerr(NULL, -EPERM);
-
ret = xsm_do_mca();
if ( ret )
return x86_mcerr(NULL, ret);
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 3cb4d97..bcb5b2d 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -54,6 +54,26 @@ long arch_do_domctl(
switch ( domctl->cmd )
{
+ /* TODO: the following do not have XSM hooks yet */
+ case XEN_DOMCTL_set_cpuid:
+ case XEN_DOMCTL_suppress_spurious_page_faults:
+ case XEN_DOMCTL_debug_op:
+ case XEN_DOMCTL_gettscinfo:
+ case XEN_DOMCTL_settscinfo:
+ case XEN_DOMCTL_audit_p2m:
+ case XEN_DOMCTL_gdbsx_guestmemio:
+ case XEN_DOMCTL_gdbsx_pausevcpu:
+ case XEN_DOMCTL_gdbsx_unpausevcpu:
+ case XEN_DOMCTL_gdbsx_domstatus:
+ /* getpageframeinfo[23] will leak XEN_DOMCTL_PFINFO_XTAB on target GFNs */
+ case XEN_DOMCTL_getpageframeinfo2:
+ case XEN_DOMCTL_getpageframeinfo3:
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ }
+
+ switch ( domctl->cmd )
+ {
case XEN_DOMCTL_shadow_op:
{
@@ -795,11 +815,6 @@ long arch_do_domctl(
break;
bind = &(domctl->u.bind_pt_irq);
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) &&
- !irq_access_permitted(current->domain, bind->machine_irq) )
- goto unbind_out;
-
ret = xsm_unbind_pt_irq(d, bind);
if ( ret )
goto unbind_out;
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 22c136b..bec9e57 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3366,12 +3366,12 @@ static int hvmop_set_pci_intx_level(
if ( (op.domain > 0) || (op.bus > 0) || (op.device > 31) || (op.intx > 3) )
return -EINVAL;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(op.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto out;
rc = xsm_hvm_set_pci_intx_level(d);
@@ -3531,12 +3531,12 @@ static int hvmop_set_isa_irq_level(
if ( op.isa_irq > 15 )
return -EINVAL;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(op.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto out;
rc = xsm_hvm_set_isa_irq_level(d);
@@ -3575,12 +3575,12 @@ static int hvmop_set_pci_link_route(
if ( (op.link > 3) || (op.isa_irq > 15) )
return -EINVAL;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(op.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto out;
rc = xsm_hvm_set_pci_link_route(d);
@@ -3605,9 +3605,9 @@ static int hvmop_inject_msi(
if ( copy_from_guest(&op, uop, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(op.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
if ( !is_hvm_domain(d) )
@@ -3702,9 +3702,9 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( a.index >= HVM_NR_PARAMS )
return -EINVAL;
- rc = rcu_lock_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
if ( !is_hvm_domain(d) )
@@ -3948,12 +3948,12 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto param_fail2;
rc = xsm_hvm_param(d, op);
@@ -3987,12 +3987,12 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto param_fail3;
rc = xsm_hvm_param(d, op);
@@ -4037,9 +4037,9 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_hvm_param(d, op);
if ( rc )
@@ -4084,12 +4084,12 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto param_fail4;
rc = xsm_hvm_param(d, op);
@@ -4163,12 +4163,12 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto param_fail5;
rc = xsm_hvm_param(d, op);
@@ -4198,12 +4198,12 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto param_fail6;
rc = xsm_hvm_param(d, op);
@@ -4234,9 +4234,9 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
if ( !is_hvm_domain(d) || !paging_mode_shadow(d) )
@@ -4288,12 +4288,12 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&tr, arg, 1 ) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(tr.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(tr.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
- if ( !is_hvm_domain(d) )
+ if ( d == current->domain || !is_hvm_domain(d) )
goto param_fail8;
rc = xsm_hvm_param(d, op);
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 78a02e3..33ce710 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1853,8 +1853,7 @@ int map_domain_pirq(
ASSERT(spin_is_locked(&d->event_lock));
if ( !IS_PRIV(current->domain) &&
- !(IS_PRIV_FOR(current->domain, d) &&
- irq_access_permitted(current->domain, pirq)))
+ !irq_access_permitted(current->domain, pirq))
return -EPERM;
if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs )
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 9338575..1b352df 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4673,9 +4673,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE(void) arg)
if ( copy_from_guest(&xatp, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(xatp.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(xatp.domid);
+ if ( d == NULL )
+ return -ESRCH;
if ( xsm_add_to_physmap(current->domain, d) )
{
@@ -4712,9 +4712,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE(void) arg)
if ( fmap.map.nr_entries > E820MAX )
return -EINVAL;
- rc = rcu_lock_target_domain_by_id(fmap.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(fmap.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_domain_memory_map(d);
if ( rc )
@@ -4790,9 +4790,6 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE(void) arg)
XEN_GUEST_HANDLE(e820entry_t) buffer;
unsigned int i;
- if ( !IS_PRIV(current->domain) )
- return -EINVAL;
-
rc = xsm_machine_memory_map();
if ( rc )
return rc;
@@ -4868,16 +4865,12 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE(void) arg)
struct domain *d;
struct p2m_domain *p2m;
- /* Support DOMID_SELF? */
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(&target, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(target.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(target.domid);
+ if ( d == NULL )
+ return -ESRCH;
if ( op == XENMEM_set_pod_target )
rc = xsm_set_pod_target(d);
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index e434ff4..0841a7a 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -106,12 +106,6 @@ int physdev_map_pirq(domid_t domid, int type, int *index,
int *pirq_p,
goto free_domain;
}
- if ( !IS_PRIV_FOR(current->domain, d) )
- {
- ret = -EPERM;
- goto free_domain;
- }
-
/* Verify or get irq. */
switch ( type )
{
@@ -235,10 +229,6 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
goto free_domain;
}
- ret = -EPERM;
- if ( !IS_PRIV_FOR(current->domain, d) )
- goto free_domain;
-
ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
if ( ret )
goto free_domain;
@@ -430,9 +420,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = xsm_apic(v->domain, cmd);
if ( ret )
break;
@@ -447,9 +434,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = xsm_apic(v->domain, cmd);
if ( ret )
break;
@@ -464,10 +448,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
if ( copy_from_guest(&irq_op, arg, 1) != 0 )
break;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
/* Vector is only used by hypervisor, and dom0 shouldn't
touch it in its world, return irq_op.irq as the vecotr,
and make this hypercall dummy, and also defer the vector
@@ -514,9 +494,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
case PHYSDEVOP_manage_pci_add: {
struct physdev_manage_pci manage_pci;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = -EFAULT;
if ( copy_from_guest(&manage_pci, arg, 1) != 0 )
break;
@@ -527,9 +504,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
case PHYSDEVOP_manage_pci_remove: {
struct physdev_manage_pci manage_pci;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = -EFAULT;
if ( copy_from_guest(&manage_pci, arg, 1) != 0 )
break;
@@ -542,10 +516,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
struct physdev_manage_pci_ext manage_pci_ext;
struct pci_dev_info pdev_info;
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&manage_pci_ext, arg, 1) != 0 )
break;
@@ -568,10 +538,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
struct physdev_pci_device_add add;
struct pci_dev_info pdev_info;
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&add, arg, 1) != 0 )
break;
@@ -592,10 +558,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
case PHYSDEVOP_pci_device_remove: {
struct physdev_pci_device dev;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&dev, arg, 1) != 0 )
break;
@@ -608,10 +570,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
case PHYSDEVOP_pci_mmcfg_reserved: {
struct physdev_pci_mmcfg_reserved info;
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) )
- break;
-
ret = xsm_resource_setup_misc();
if ( ret )
break;
@@ -630,10 +588,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
struct physdev_restore_msi restore_msi;
struct pci_dev *pdev;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&restore_msi, arg, 1) != 0 )
break;
@@ -649,10 +603,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
struct physdev_pci_device dev;
struct pci_dev *pdev;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&dev, arg, 1) != 0 )
break;
@@ -667,10 +617,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
case PHYSDEVOP_setup_gsi: {
struct physdev_setup_gsi setup_gsi;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&setup_gsi, arg, 1) != 0 )
break;
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index c049db7..f3304a2 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -65,9 +65,6 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t)
u_xenpf_op)
ret_t ret = 0;
struct xen_platform_op curop, *op = &curop;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_xenpf_op, 1) )
return -EFAULT;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 7ca6b08..db152b1 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -249,33 +249,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
if ( op->interface_version != XEN_DOMCTL_INTERFACE_VERSION )
return -EACCES;
- switch ( op->cmd )
- {
- case XEN_DOMCTL_ioport_mapping:
- case XEN_DOMCTL_memory_mapping:
- case XEN_DOMCTL_bind_pt_irq:
- case XEN_DOMCTL_unbind_pt_irq: {
- struct domain *d;
- bool_t is_priv = IS_PRIV(current->domain);
- if ( !is_priv && ((d = rcu_lock_domain_by_id(op->domain)) != NULL) )
- {
- is_priv = IS_PRIV_FOR(current->domain, d);
- rcu_unlock_domain(d);
- }
- if ( !is_priv )
- return -EPERM;
- break;
- }
-#ifdef XSM_ENABLE
- case XEN_DOMCTL_getdomaininfo:
- break;
-#endif
- default:
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- break;
- }
-
if ( !domctl_lock_acquire() )
return hypercall_create_continuation(
__HYPERVISOR_domctl, "h", u_domctl);
@@ -889,10 +862,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
if ( d == NULL )
break;
- if ( pirq >= d->nr_pirqs )
- ret = -EINVAL;
- else if ( xsm_irq_permission(d, pirq, allow) )
+ if ( xsm_irq_permission(d, pirq, allow) )
ret = -EPERM;
+ else if ( pirq >= d->nr_pirqs )
+ ret = -EINVAL;
else if ( allow )
ret = irq_permit_access(d, pirq);
else
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 988d3ce..625748b 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -165,9 +165,9 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t
*alloc)
domid_t dom = alloc->dom;
long rc;
- rc = rcu_lock_target_domain_by_id(dom, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_id(dom);
+ if ( d == NULL )
+ return -ESRCH;
spin_lock(&d->event_lock);
@@ -795,9 +795,9 @@ static long evtchn_status(evtchn_status_t *status)
struct evtchn *chn;
long rc = 0;
- rc = rcu_lock_target_domain_by_id(dom, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_id(dom);
+ if ( d == NULL )
+ return -ESRCH;
spin_lock(&d->event_lock);
@@ -947,9 +947,9 @@ static long evtchn_reset(evtchn_reset_t *r)
struct domain *d;
int i, rc;
- rc = rcu_lock_target_domain_by_id(dom, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_id(dom);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_evtchn_reset(current->domain, d);
if ( rc )
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index fbea67c..5760937 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1261,7 +1261,6 @@ gnttab_setup_table(
struct grant_table *gt;
int i;
unsigned long gmfn;
- domid_t dom;
if ( count != 1 )
return -EINVAL;
@@ -1281,25 +1280,12 @@ gnttab_setup_table(
goto out1;
}
- dom = op.dom;
- if ( dom == DOMID_SELF )
+ d = rcu_lock_domain_by_id(op.dom);
+ if ( d == NULL )
{
- d = rcu_lock_current_domain();
- }
- else
- {
- if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
- {
- gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom);
- op.status = GNTST_bad_domain;
- goto out1;
- }
-
- if ( unlikely(!IS_PRIV_FOR(current->domain, d)) )
- {
- op.status = GNTST_permission_denied;
- goto out2;
- }
+ gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
+ op.status = GNTST_bad_domain;
+ goto out2;
}
if ( xsm_grant_setup(current->domain, d) )
@@ -1352,7 +1338,6 @@ gnttab_query_size(
{
struct gnttab_query_size op;
struct domain *d;
- domid_t dom;
int rc;
if ( count != 1 )
@@ -1364,25 +1349,12 @@ gnttab_query_size(
return -EFAULT;
}
- dom = op.dom;
- if ( dom == DOMID_SELF )
- {
- d = rcu_lock_current_domain();
- }
- else
+ d = rcu_lock_domain_by_id(op.dom);
+ if ( d == NULL )
{
- if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
- {
- gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom);
- op.status = GNTST_bad_domain;
- goto query_out;
- }
-
- if ( unlikely(!IS_PRIV_FOR(current->domain, d)) )
- {
- op.status = GNTST_permission_denied;
- goto query_out_unlock;
- }
+ gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
+ op.status = GNTST_bad_domain;
+ goto query_out;
}
rc = xsm_grant_query_size(current->domain, d);
@@ -2240,15 +2212,10 @@
gnttab_get_status_frames(XEN_GUEST_HANDLE(gnttab_get_status_frames_t) uop,
return -EFAULT;
}
- rc = rcu_lock_target_domain_by_id(op.dom, &d);
- if ( rc < 0 )
+ d = rcu_lock_domain_by_id(op.dom);
+ if ( d == NULL )
{
- if ( rc == -ESRCH )
- op.status = GNTST_bad_domain;
- else if ( rc == -EPERM )
- op.status = GNTST_permission_denied;
- else
- op.status = GNTST_general_error;
+ op.status = GNTST_bad_domain;
goto out1;
}
rc = xsm_grant_setup(current->domain, d);
@@ -2298,14 +2265,15 @@
gnttab_get_version(XEN_GUEST_HANDLE(gnttab_get_version_t uop))
if ( copy_from_guest(&op, uop, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(op.dom, &d);
- if ( rc < 0 )
- return rc;
+ d = rcu_lock_domain_by_id(op.dom);
+ if ( d == NULL )
+ return -ESRCH;
- if ( xsm_grant_query_size(current->domain, d) )
+ rc = xsm_grant_query_size(current->domain, d);
+ if ( rc )
{
rcu_unlock_domain(d);
- return -EPERM;
+ return rc;
}
op.version = d->grant_table->gt_version;
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 09a5624..22bca20 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -851,9 +851,6 @@ int do_kexec_op_internal(unsigned long op,
XEN_GUEST_HANDLE(void) uarg,
unsigned long flags;
int ret = -EINVAL;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
ret = xsm_kexec();
if ( ret )
return ret;
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 5d64cb6..77969d9 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -583,20 +583,9 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE(void) arg)
&& (reservation.mem_flags & XENMEMF_populate_on_demand) )
args.memflags |= MEMF_populate_on_demand;
- if ( likely(reservation.domid == DOMID_SELF) )
- {
- d = rcu_lock_current_domain();
- }
- else
- {
- if ( (d = rcu_lock_domain_by_id(reservation.domid)) == NULL )
- return start_extent;
- if ( !IS_PRIV_FOR(current->domain, d) )
- {
- rcu_unlock_domain(d);
- return start_extent;
- }
- }
+ d = rcu_lock_domain_by_id(reservation.domid);
+ if ( d == NULL )
+ return start_extent;
args.domain = d;
rc = xsm_memory_adjust_reservation(current->domain, d);
@@ -644,9 +633,9 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&domid, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(domid, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_id(domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_memory_stat_reservation(current->domain, d);
if ( rc )
@@ -682,9 +671,9 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void)
arg)
if ( copy_from_guest(&xrfp, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(xrfp.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_id(xrfp.domid);
+ if ( d == NULL )
+ return -ESRCH;
if ( xsm_remove_from_physmap(current->domain, d) )
{
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index 0854f55..e38e6e2 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -919,12 +919,6 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE(void) arg)
if ( d == NULL )
break;
- if ( !IS_PRIV_FOR(current->domain, d) )
- {
- rcu_unlock_domain(d);
- return -EPERM;
- }
-
ret = xsm_schedop_shutdown(current->domain, d);
if ( ret )
{
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index ea68278..2cea0c3 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -33,9 +33,6 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl)
struct xen_sysctl curop, *op = &curop;
static DEFINE_SPINLOCK(sysctl_lock);
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_sysctl, 1) )
return -EFAULT;
--
1.7.11.2
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |