|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 12/18] xsm: Add missing domctl and mem_sharing hooks
This patch adds new XSM hooks to cover the 12 domctls that were not
previously covered by an XSM hook, and splits up the mem_sharing and
mem_event XSM hooks to better cover what the code is doing.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
tools/flask/policy/policy/flask/access_vectors | 5 +
tools/flask/policy/policy/modules/xen/xen.if | 2 +
xen/arch/x86/domctl.c | 125 +++++++++++++++----------
xen/arch/x86/mm/mem_event.c | 45 ++++-----
xen/arch/x86/mm/mem_sharing.c | 23 ++++-
xen/include/asm-x86/mem_event.h | 1 -
xen/include/xsm/dummy.h | 65 ++++++++++++-
xen/include/xsm/xsm.h | 62 +++++++++++-
xen/xsm/dummy.c | 11 ++-
xen/xsm/flask/hooks.c | 62 +++++++++++-
xen/xsm/flask/include/av_perm_to_string.h | 5 +
xen/xsm/flask/include/av_permissions.h | 5 +
12 files changed, 318 insertions(+), 93 deletions(-)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index 11d02da..28b8ada 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -80,6 +80,9 @@ class domain2
relabelself
make_priv_for
set_as_target
+ set_cpuid
+ gettsc
+ settsc
}
class hvm
@@ -97,6 +100,8 @@ class hvm
hvmctl
mem_event
mem_sharing
+ share_mem
+ audit_p2m
}
class event
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index 4de99c8..f9bd757 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -29,6 +29,7 @@ define(`create_domain_common', `
getdomaininfo hypercall setvcpucontext setextvcpucontext
scheduler getvcpuinfo getvcpuextstate getaddrsize
getvcpuaffinity setvcpuaffinity };
+ allow $1 $2:domain2 { set_cpuid settsc };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
@@ -67,6 +68,7 @@ define(`migrate_domain_out', `
allow $1 $2:hvm { gethvmc getparam irqlevel };
allow $1 $2:mmu { stat pageinfo map_read };
allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext
getvcpuextstate pause destroy };
+ allow $1 $2:domain2 gettsc;
')
################################################################################
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index bcb5b2d..95f34d2 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -54,26 +54,6 @@ long arch_do_domctl(
switch ( domctl->cmd )
{
- /* TODO: the following do not have XSM hooks yet */
- case XEN_DOMCTL_set_cpuid:
- case XEN_DOMCTL_suppress_spurious_page_faults:
- case XEN_DOMCTL_debug_op:
- case XEN_DOMCTL_gettscinfo:
- case XEN_DOMCTL_settscinfo:
- case XEN_DOMCTL_audit_p2m:
- case XEN_DOMCTL_gdbsx_guestmemio:
- case XEN_DOMCTL_gdbsx_pausevcpu:
- case XEN_DOMCTL_gdbsx_unpausevcpu:
- case XEN_DOMCTL_gdbsx_domstatus:
- /* getpageframeinfo[23] will leak XEN_DOMCTL_PFINFO_XTAB on target GFNs */
- case XEN_DOMCTL_getpageframeinfo2:
- case XEN_DOMCTL_getpageframeinfo3:
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- }
-
- switch ( domctl->cmd )
- {
case XEN_DOMCTL_shadow_op:
{
@@ -190,6 +170,13 @@ long arch_do_domctl(
if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
break;
+ ret = xsm_getpageframeinfo_domain(d);
+ if ( ret )
+ {
+ rcu_unlock_domain(d);
+ break;
+ }
+
if ( unlikely(num > 1024) ||
unlikely(num != domctl->u.getpageframeinfo3.num) )
{
@@ -287,6 +274,13 @@ long arch_do_domctl(
if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
break;
+ ret = xsm_getpageframeinfo_domain(d);
+ if ( ret )
+ {
+ rcu_unlock_domain(d);
+ break;
+ }
+
if ( unlikely(num > 1024) )
{
ret = -E2BIG;
@@ -1106,6 +1100,10 @@ long arch_do_domctl(
if ( d == NULL )
break;
+ ret = xsm_set_cpuid(d);
+ if ( ret )
+ goto set_cpuid_out;
+
for ( i = 0; i < MAX_CPUID_INPUT; i++ )
{
cpuid = &d->arch.cpuids[i];
@@ -1129,6 +1127,7 @@ long arch_do_domctl(
ret = 0;
}
+ set_cpuid_out:
rcu_unlock_domain(d);
}
break;
@@ -1143,6 +1142,10 @@ long arch_do_domctl(
if ( d == NULL )
break;
+ ret = xsm_gettscinfo(d);
+ if ( ret )
+ goto gettscinfo_out;
+
domain_pause(d);
tsc_get_info(d, &info.tsc_mode,
&info.elapsed_nsec,
@@ -1154,6 +1157,7 @@ long arch_do_domctl(
ret = 0;
domain_unpause(d);
+ gettscinfo_out:
rcu_unlock_domain(d);
}
break;
@@ -1167,15 +1171,20 @@ long arch_do_domctl(
if ( d == NULL )
break;
+ ret = xsm_settscinfo(d);
+ if ( ret )
+ goto settscinfo_out;
+
domain_pause(d);
tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode,
domctl->u.tsc_info.info.elapsed_nsec,
domctl->u.tsc_info.info.gtsc_khz,
domctl->u.tsc_info.info.incarnation);
domain_unpause(d);
+ ret = 0;
+ settscinfo_out:
rcu_unlock_domain(d);
- ret = 0;
}
break;
@@ -1187,9 +1196,10 @@ long arch_do_domctl(
d = rcu_lock_domain_by_id(domctl->domain);
if ( d != NULL )
{
- d->arch.suppress_spurious_page_faults = 1;
+ ret = xsm_domctl(d, domctl->cmd);
+ if ( !ret )
+ d->arch.suppress_spurious_page_faults = 1;
rcu_unlock_domain(d);
- ret = 0;
}
}
break;
@@ -1204,6 +1214,10 @@ long arch_do_domctl(
if ( d == NULL )
break;
+ ret = xsm_debug_op(d);
+ if ( ret )
+ goto debug_op_out;
+
ret = -EINVAL;
if ( (domctl->u.debug_op.vcpu >= d->max_vcpus) ||
((v = d->vcpu[domctl->u.debug_op.vcpu]) == NULL) )
@@ -1228,6 +1242,10 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
+ ret = xsm_debug_op(d);
+ if ( ret )
+ goto gdbsx_guestmemio_out;
+
domctl->u.gdbsx_guest_memio.remain =
domctl->u.gdbsx_guest_memio.len;
@@ -1235,6 +1253,7 @@ long arch_do_domctl(
if ( !ret && copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
+ gdbsx_guestmemio_out:
rcu_unlock_domain(d);
}
break;
@@ -1248,21 +1267,20 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
+ ret = xsm_debug_op(d);
+ if ( ret )
+ goto gdbsx_pausevcpu_out;
+
ret = -EBUSY;
if ( !d->is_paused_by_controller )
- {
- rcu_unlock_domain(d);
- break;
- }
+ goto gdbsx_pausevcpu_out;
ret = -EINVAL;
if ( domctl->u.gdbsx_pauseunp_vcpu.vcpu >= MAX_VIRT_CPUS ||
(v = d->vcpu[domctl->u.gdbsx_pauseunp_vcpu.vcpu]) == NULL )
- {
- rcu_unlock_domain(d);
- break;
- }
+ goto gdbsx_pausevcpu_out;
vcpu_pause(v);
ret = 0;
+ gdbsx_pausevcpu_out:
rcu_unlock_domain(d);
}
break;
@@ -1276,23 +1294,22 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
+ ret = xsm_debug_op(d);
+ if ( ret )
+ goto gdbsx_unpausevcpu_out;
+
ret = -EBUSY;
if ( !d->is_paused_by_controller )
- {
- rcu_unlock_domain(d);
- break;
- }
+ goto gdbsx_unpausevcpu_out;
ret = -EINVAL;
if ( domctl->u.gdbsx_pauseunp_vcpu.vcpu >= MAX_VIRT_CPUS ||
(v = d->vcpu[domctl->u.gdbsx_pauseunp_vcpu.vcpu]) == NULL )
- {
- rcu_unlock_domain(d);
- break;
- }
+ goto gdbsx_unpausevcpu_out;
if ( !atomic_read(&v->pause_count) )
printk("WARN: Unpausing vcpu:%d which is not paused\n",
v->vcpu_id);
vcpu_unpause(v);
ret = 0;
+ gdbsx_unpausevcpu_out:
rcu_unlock_domain(d);
}
break;
@@ -1306,6 +1323,10 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
+ ret = xsm_debug_op(d);
+ if ( ret )
+ goto gdbsx_domstatus_out;
+
domctl->u.gdbsx_domstatus.vcpu_id = -1;
domctl->u.gdbsx_domstatus.paused = d->is_paused_by_controller;
if ( domctl->u.gdbsx_domstatus.paused )
@@ -1325,6 +1346,7 @@ long arch_do_domctl(
ret = 0;
if ( copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
+ gdbsx_domstatus_out:
rcu_unlock_domain(d);
}
break;
@@ -1464,10 +1486,8 @@ long arch_do_domctl(
d = rcu_lock_domain_by_id(domctl->domain);
if ( d != NULL )
{
- ret = xsm_mem_event(d);
- if ( !ret )
- ret = mem_event_domctl(d, &domctl->u.mem_event_op,
- guest_handle_cast(u_domctl, void));
+ ret = mem_event_domctl(d, &domctl->u.mem_event_op,
+ guest_handle_cast(u_domctl, void));
rcu_unlock_domain(d);
copy_to_guest(u_domctl, domctl, 1);
}
@@ -1496,16 +1516,19 @@ long arch_do_domctl(
{
struct domain *d;
- ret = rcu_lock_remote_target_domain_by_id(domctl->domain, &d);
- if ( ret != 0 )
+ d = rcu_lock_domain_by_id(domctl->domain);
+ if ( d == NULL )
break;
- audit_p2m(d,
- &domctl->u.audit_p2m.orphans,
- &domctl->u.audit_p2m.m2p_bad,
- &domctl->u.audit_p2m.p2m_bad);
+ ret = xsm_audit_p2m(d);
+ if ( !ret )
+ audit_p2m(d,
+ &domctl->u.audit_p2m.orphans,
+ &domctl->u.audit_p2m.m2p_bad,
+ &domctl->u.audit_p2m.p2m_bad);
+
rcu_unlock_domain(d);
- if ( copy_to_guest(u_domctl, domctl, 1) )
+ if ( !ret && copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
}
break;
@@ -1524,7 +1547,7 @@ long arch_do_domctl(
d = rcu_lock_domain_by_id(domctl->domain);
if ( d != NULL )
{
- ret = xsm_mem_event(d);
+ ret = xsm_mem_event_setup(d);
if ( !ret ) {
p2m = p2m_get_hostp2m(d);
p2m->access_required =
domctl->u.access_required.access_required;
diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c
index d728889..a5b02d9 100644
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
@@ -29,6 +29,7 @@
#include <asm/mem_paging.h>
#include <asm/mem_access.h>
#include <asm/mem_sharing.h>
+#include <xsm/xsm.h>
/* for public/io/ring.h macros */
#define xen_mb() mb()
@@ -439,34 +440,22 @@ static void mem_sharing_notification(struct vcpu *v,
unsigned int port)
mem_sharing_sharing_resume(v->domain);
}
-struct domain *get_mem_event_op_target(uint32_t domain, int *rc)
-{
- struct domain *d;
-
- /* Get the target domain */
- *rc = rcu_lock_remote_target_domain_by_id(domain, &d);
- if ( *rc != 0 )
- return NULL;
-
- /* Not dying? */
- if ( d->is_dying )
- {
- rcu_unlock_domain(d);
- *rc = -EINVAL;
- return NULL;
- }
-
- return d;
-}
-
int do_mem_event_op(int op, uint32_t domain, void *arg)
{
int ret;
struct domain *d;
- d = get_mem_event_op_target(domain, &ret);
+ d = rcu_lock_domain_by_id(domain);
if ( !d )
- return ret;
+ return -ESRCH;
+
+ ret = -EINVAL;
+ if ( d->is_dying || d == current->domain )
+ goto out;
+
+ ret = xsm_mem_event_op(d, op);
+ if ( ret )
+ goto out;
switch (op)
{
@@ -483,6 +472,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg)
ret = -ENOSYS;
}
+ out:
rcu_unlock_domain(d);
return ret;
}
@@ -516,6 +506,10 @@ int mem_event_domctl(struct domain *d,
xen_domctl_mem_event_op_t *mec,
{
int rc;
+ rc = xsm_mem_event_control(d, mec->mode, mec->op);
+ if ( rc )
+ return rc;
+
if ( unlikely(d == current->domain) )
{
gdprintk(XENLOG_INFO, "Tried to do a memory event op on itself.\n");
@@ -537,13 +531,6 @@ int mem_event_domctl(struct domain *d,
xen_domctl_mem_event_op_t *mec,
return -EINVAL;
}
- /* TODO: XSM hook */
-#if 0
- rc = xsm_mem_event_control(d, mec->op);
- if ( rc )
- return rc;
-#endif
-
rc = -ENOSYS;
switch ( mec->mode )
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 5103285..a7e6c5c 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -34,6 +34,7 @@
#include <asm/atomic.h>
#include <xen/rcupdate.h>
#include <asm/event.h>
+#include <xsm/xsm.h>
#include "mm-locks.h"
@@ -1345,11 +1346,18 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( !mem_sharing_enabled(d) )
return -EINVAL;
- cd = get_mem_event_op_target(mec->u.share.client_domain, &rc);
+ cd = rcu_lock_domain_by_id(mec->u.share.client_domain);
if ( !cd )
+ return -ESRCH;
+
+ rc = xsm_mem_sharing_op(d, cd, mec->op);
+ if ( rc )
+ {
+ rcu_unlock_domain(cd);
return rc;
+ }
- if ( !mem_sharing_enabled(cd) )
+ if ( cd == current->domain || !mem_sharing_enabled(cd) )
{
rcu_unlock_domain(cd);
return -EINVAL;
@@ -1401,11 +1409,18 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( !mem_sharing_enabled(d) )
return -EINVAL;
- cd = get_mem_event_op_target(mec->u.share.client_domain, &rc);
+ cd = rcu_lock_domain_by_id(mec->u.share.client_domain);
if ( !cd )
+ return -ESRCH;
+
+ rc = xsm_mem_sharing_op(d, cd, mec->op);
+ if ( rc )
+ {
+ rcu_unlock_domain(cd);
return rc;
+ }
- if ( !mem_sharing_enabled(cd) )
+ if ( cd == current->domain || !mem_sharing_enabled(cd) )
{
rcu_unlock_domain(cd);
return -EINVAL;
diff --git a/xen/include/asm-x86/mem_event.h b/xen/include/asm-x86/mem_event.h
index 23d71c1..448be4f 100644
--- a/xen/include/asm-x86/mem_event.h
+++ b/xen/include/asm-x86/mem_event.h
@@ -62,7 +62,6 @@ void mem_event_put_request(struct domain *d, struct
mem_event_domain *med,
int mem_event_get_response(struct domain *d, struct mem_event_domain *med,
mem_event_response_t *rsp);
-struct domain *get_mem_event_op_target(uint32_t domain, int *rc);
int do_mem_event_op(int op, uint32_t domain, void *arg);
int mem_event_domctl(struct domain *d, xen_domctl_mem_event_op_t *mec,
XEN_GUEST_HANDLE(void) u_domctl);
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 0d849cc..c71c08b 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -171,6 +171,13 @@ static XSM_DEFAULT(int, setdebugging) (struct domain *d)
return 0;
}
+static XSM_DEFAULT(int, debug_op) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, perfcontrol) (void)
{
if ( !IS_PRIV(current->domain) )
@@ -557,6 +564,34 @@ static XSM_DEFAULT(int, getpageframeinfo) (struct
page_info *page)
return 0;
}
+static XSM_DEFAULT(int, getpageframeinfo_domain) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, set_cpuid) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, gettscinfo) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, settscinfo) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, getmemlist) (struct domain *d)
{
if ( !IS_PRIV(current->domain) )
@@ -627,13 +662,27 @@ static XSM_DEFAULT(int, hvm_inject_msi) (struct domain *d)
return 0;
}
-static XSM_DEFAULT(int, mem_event) (struct domain *d)
+static XSM_DEFAULT(int, mem_event_setup) (struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
+static XSM_DEFAULT(int, mem_event_control) (struct domain *d, int mode, int op)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, mem_event_op) (struct domain *d, int op)
+{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
{
if ( !IS_PRIV(current->domain) )
@@ -641,6 +690,20 @@ static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
return 0;
}
+static XSM_DEFAULT(int, mem_sharing_op) (struct domain *d, struct domain *cd,
int op)
+{
+ if ( !IS_PRIV_FOR(current->domain, cd) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, audit_p2m) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
{
if ( !IS_PRIV(current->domain) )
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1a9f35b..b473b54 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -67,6 +67,7 @@ struct xsm_operations {
int (*setdomainmaxmem) (struct domain *d);
int (*setdomainhandle) (struct domain *d);
int (*setdebugging) (struct domain *d);
+ int (*debug_op) (struct domain *d);
int (*perfcontrol) (void);
int (*debug_keys) (void);
int (*getcpuinfo) (void);
@@ -142,6 +143,10 @@ struct xsm_operations {
#ifdef CONFIG_X86
int (*shadow_control) (struct domain *d, uint32_t op);
int (*getpageframeinfo) (struct page_info *page);
+ int (*getpageframeinfo_domain) (struct domain *d);
+ int (*set_cpuid) (struct domain *d);
+ int (*gettscinfo) (struct domain *d);
+ int (*settscinfo) (struct domain *d);
int (*getmemlist) (struct domain *d);
int (*hypercall_init) (struct domain *d);
int (*hvmcontext) (struct domain *d, uint32_t op);
@@ -152,8 +157,12 @@ struct xsm_operations {
int (*hvm_set_isa_irq_level) (struct domain *d);
int (*hvm_set_pci_link_route) (struct domain *d);
int (*hvm_inject_msi) (struct domain *d);
- int (*mem_event) (struct domain *d);
+ int (*mem_event_setup) (struct domain *d);
+ int (*mem_event_control) (struct domain *d, int mode, int op);
+ int (*mem_event_op) (struct domain *d, int op);
int (*mem_sharing) (struct domain *d);
+ int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
+ int (*audit_p2m) (struct domain *d);
int (*apic) (struct domain *d, int cmd);
int (*xen_settime) (void);
int (*memtype) (uint32_t access);
@@ -302,6 +311,11 @@ static inline int xsm_setdebugging (struct domain *d)
return xsm_call(setdebugging(d));
}
+static inline int xsm_debug_op (struct domain *d)
+{
+ return xsm_call(debug_op(d));
+}
+
static inline int xsm_perfcontrol (void)
{
return xsm_call(perfcontrol());
@@ -329,7 +343,7 @@ static inline int xsm_get_pmstat(void)
static inline int xsm_setpminfo(void)
{
- return xsm_call(setpminfo());
+ return xsm_call(setpminfo());
}
static inline int xsm_pm_op(void)
@@ -608,6 +622,26 @@ static inline int xsm_getpageframeinfo (struct page_info
*page)
return xsm_call(getpageframeinfo(page));
}
+static inline int xsm_getpageframeinfo_domain (struct domain *d)
+{
+ return xsm_call(getpageframeinfo_domain(d));
+}
+
+static inline int xsm_set_cpuid (struct domain *d)
+{
+ return xsm_call(set_cpuid(d));
+}
+
+static inline int xsm_gettscinfo (struct domain *d)
+{
+ return xsm_call(gettscinfo(d));
+}
+
+static inline int xsm_settscinfo (struct domain *d)
+{
+ return xsm_call(settscinfo(d));
+}
+
static inline int xsm_getmemlist (struct domain *d)
{
return xsm_call(getmemlist(d));
@@ -658,9 +692,19 @@ static inline int xsm_hvm_inject_msi (struct domain *d)
return xsm_call(hvm_inject_msi(d));
}
-static inline int xsm_mem_event (struct domain *d)
+static inline int xsm_mem_event_setup (struct domain *d)
+{
+ return xsm_call(mem_event_setup(d));
+}
+
+static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
+{
+ return xsm_call(mem_event_control(d, mode, op));
+}
+
+static inline int xsm_mem_event_op (struct domain *d, int op)
{
- return xsm_call(mem_event(d));
+ return xsm_call(mem_event_op(d, op));
}
static inline int xsm_mem_sharing (struct domain *d)
@@ -668,6 +712,16 @@ static inline int xsm_mem_sharing (struct domain *d)
return xsm_call(mem_sharing(d));
}
+static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int
op)
+{
+ return xsm_call(mem_sharing_op(d, cd, op));
+}
+
+static inline int xsm_audit_p2m (struct domain *d)
+{
+ return xsm_call(audit_p2m(d));
+}
+
static inline int xsm_apic (struct domain *d, int cmd)
{
return xsm_call(apic(d, cmd));
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index af532b8..09935d8 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -51,6 +51,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, setdomainmaxmem);
set_to_dummy_if_null(ops, setdomainhandle);
set_to_dummy_if_null(ops, setdebugging);
+ set_to_dummy_if_null(ops, debug_op);
set_to_dummy_if_null(ops, perfcontrol);
set_to_dummy_if_null(ops, debug_keys);
set_to_dummy_if_null(ops, getcpuinfo);
@@ -124,6 +125,10 @@ void xsm_fixup_ops (struct xsm_operations *ops)
#ifdef CONFIG_X86
set_to_dummy_if_null(ops, shadow_control);
set_to_dummy_if_null(ops, getpageframeinfo);
+ set_to_dummy_if_null(ops, getpageframeinfo_domain);
+ set_to_dummy_if_null(ops, set_cpuid);
+ set_to_dummy_if_null(ops, gettscinfo);
+ set_to_dummy_if_null(ops, settscinfo);
set_to_dummy_if_null(ops, getmemlist);
set_to_dummy_if_null(ops, hypercall_init);
set_to_dummy_if_null(ops, hvmcontext);
@@ -134,8 +139,12 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
set_to_dummy_if_null(ops, hvm_set_pci_link_route);
set_to_dummy_if_null(ops, hvm_inject_msi);
- set_to_dummy_if_null(ops, mem_event);
+ set_to_dummy_if_null(ops, mem_event_setup);
+ set_to_dummy_if_null(ops, mem_event_control);
+ set_to_dummy_if_null(ops, mem_event_op);
set_to_dummy_if_null(ops, mem_sharing);
+ set_to_dummy_if_null(ops, mem_sharing_op);
+ set_to_dummy_if_null(ops, audit_p2m);
set_to_dummy_if_null(ops, apic);
set_to_dummy_if_null(ops, xen_settime);
set_to_dummy_if_null(ops, memtype);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f8aff14..4f71604 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -695,6 +695,12 @@ static int flask_setdebugging(struct domain *d)
DOMAIN__SETDEBUGGING);
}
+static int flask_debug_op(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
+ DOMAIN__SETDEBUGGING);
+}
+
static int flask_debug_keys(void)
{
return domain_has_xen(current->domain, XEN__DEBUG);
@@ -1111,6 +1117,26 @@ static int flask_getpageframeinfo(struct page_info *page)
return avc_has_perm(dsec->sid, tsid, SECCLASS_MMU, MMU__PAGEINFO, NULL);
}
+static int flask_getpageframeinfo_domain(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGEINFO);
+}
+
+static int flask_set_cpuid(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__SET_CPUID);
+}
+
+static int flask_gettscinfo(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__GETTSC);
+}
+
+static int flask_settscinfo(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__SETTSC);
+}
+
static int flask_getmemlist(struct domain *d)
{
return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGELIST);
@@ -1201,7 +1227,17 @@ static int flask_hvm_set_pci_link_route(struct domain *d)
return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__PCIROUTE);
}
-static int flask_mem_event(struct domain *d)
+static int flask_mem_event_setup(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_EVENT);
+}
+
+static int flask_mem_event_control(struct domain *d, int mode, int op)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_EVENT);
+}
+
+static int flask_mem_event_op(struct domain *d, int op)
{
return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_EVENT);
}
@@ -1211,6 +1247,19 @@ static int flask_mem_sharing(struct domain *d)
return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_SHARING);
}
+static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
+{
+ int rc = domain_has_perm(current->domain, cd, SECCLASS_HVM,
HVM__MEM_SHARING);
+ if ( rc )
+ return rc;
+ return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
+}
+
+static int flask_audit_p2m(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__AUDIT_P2M);
+}
+
static int flask_apic(struct domain *d, int cmd)
{
u32 perm;
@@ -1586,6 +1635,7 @@ static struct xsm_operations flask_ops = {
.setdomainmaxmem = flask_setdomainmaxmem,
.setdomainhandle = flask_setdomainhandle,
.setdebugging = flask_setdebugging,
+ .debug_op = flask_debug_op,
.perfcontrol = flask_perfcontrol,
.debug_keys = flask_debug_keys,
.getcpuinfo = flask_getcpuinfo,
@@ -1654,6 +1704,10 @@ static struct xsm_operations flask_ops = {
#ifdef CONFIG_X86
.shadow_control = flask_shadow_control,
.getpageframeinfo = flask_getpageframeinfo,
+ .getpageframeinfo_domain = flask_getpageframeinfo_domain,
+ .set_cpuid = flask_set_cpuid,
+ .gettscinfo = flask_gettscinfo,
+ .settscinfo = flask_settscinfo,
.getmemlist = flask_getmemlist,
.hypercall_init = flask_hypercall_init,
.hvmcontext = flask_hvmcontext,
@@ -1662,8 +1716,12 @@ static struct xsm_operations flask_ops = {
.hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
.hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
.hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
- .mem_event = flask_mem_event,
+ .mem_event_setup = flask_mem_event_setup,
+ .mem_event_control = flask_mem_event_control,
+ .mem_event_op = flask_mem_event_op,
.mem_sharing = flask_mem_sharing,
+ .mem_sharing_op = flask_mem_sharing_op,
+ .audit_p2m = flask_audit_p2m,
.apic = flask_apic,
.xen_settime = flask_xen_settime,
.memtype = flask_memtype,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index 10f8e80..997f098 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -66,6 +66,9 @@
S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself")
S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for")
S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID, "set_cpuid")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__GETTSC, "gettsc")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__SETTSC, "settsc")
S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
@@ -79,6 +82,8 @@
S_(SECCLASS_HVM, HVM__HVMCTL, "hvmctl")
S_(SECCLASS_HVM, HVM__MEM_EVENT, "mem_event")
S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing")
+ S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem")
+ S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m")
S_(SECCLASS_EVENT, EVENT__BIND, "bind")
S_(SECCLASS_EVENT, EVENT__SEND, "send")
S_(SECCLASS_EVENT, EVENT__STATUS, "status")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index f7cfee1..8596a55 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -68,6 +68,9 @@
#define DOMAIN2__RELABELSELF 0x00000004UL
#define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL
#define DOMAIN2__SET_AS_TARGET 0x00000010UL
+#define DOMAIN2__SET_CPUID 0x00000020UL
+#define DOMAIN2__GETTSC 0x00000040UL
+#define DOMAIN2__SETTSC 0x00000080UL
#define HVM__SETHVMC 0x00000001UL
#define HVM__GETHVMC 0x00000002UL
@@ -82,6 +85,8 @@
#define HVM__HVMCTL 0x00000400UL
#define HVM__MEM_EVENT 0x00000800UL
#define HVM__MEM_SHARING 0x00001000UL
+#define HVM__SHARE_MEM 0x00002000UL
+#define HVM__AUDIT_P2M 0x00004000UL
#define EVENT__BIND 0x00000001UL
#define EVENT__SEND 0x00000002UL
--
1.7.11.2
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |