[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 17/18] xen: Add XSM hook for XENMEM_exchange



Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/flask/policy/policy/flask/access_vectors |  1 +
 tools/flask/policy/policy/modules/xen/xen.if   |  2 ++
 xen/common/memory.c                            | 21 +++++++++------------
 xen/include/xsm/dummy.h                        |  7 +++++++
 xen/include/xsm/xsm.h                          |  6 ++++++
 xen/xsm/dummy.c                                |  1 +
 xen/xsm/flask/hooks.c                          |  6 ++++++
 xen/xsm/flask/include/av_perm_to_string.h      |  1 +
 xen/xsm/flask/include/av_permissions.h         |  1 +
 9 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/tools/flask/policy/policy/flask/access_vectors 
b/tools/flask/policy/policy/flask/access_vectors
index 5e897e2..2736075 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -142,6 +142,7 @@ class mmu
     memorymap
     remote_remap
        mmuext_op
+       exchange
 }
 
 class shadow
diff --git a/tools/flask/policy/policy/modules/xen/xen.if 
b/tools/flask/policy/policy/modules/xen/xen.if
index 78083c3..ab14d2f 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -30,6 +30,7 @@ define(`declare_domain', `
 #   containing at most one domain. This is not enforced by policy.
 define(`declare_singleton_domain', `
        type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)');
+       define(`$1_self', `$1')
        type $1_channel, event_type;
        type_transition $1 domain_type:event $1_channel;
        declare_domain_common($1, $1)
@@ -161,6 +162,7 @@ define(`make_device_model', `
 # use_device(domain, device)
 #   Allow a device to be used by a domain
 define(`use_device', `
+    allow $1 $1_self:mmu exchange;
     allow $1 $2:resource use;
     allow $1 $2:mmu { map_read map_write };
 ')
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 77969d9..b8aaecb 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -329,21 +329,18 @@ static long 
memory_exchange(XEN_GUEST_HANDLE(xen_memory_exchange_t) arg)
         out_chunk_order = exch.in.extent_order - exch.out.extent_order;
     }
 
-    if ( likely(exch.in.domid == DOMID_SELF) )
+    d = rcu_lock_domain_by_id(exch.in.domid);
+    if ( d == NULL )
     {
-        d = rcu_lock_current_domain();
+        rc = -ESRCH;
+        goto fail_early;
     }
-    else
+    
+    rc = xsm_memory_exchange(d);
+    if ( rc )
     {
-        if ( (d = rcu_lock_domain_by_id(exch.in.domid)) == NULL )
-            goto fail_early;
-
-        if ( !IS_PRIV_FOR(current->domain, d) )
-        {
-            rcu_unlock_domain(d);
-            rc = -EPERM;
-            goto fail_early;
-        }
+        rcu_unlock_domain(d);
+        goto fail_early;
     }
 
     memflags |= MEMF_bits(domain_clamp_alloc_bitsize(
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 28e1d2b..6467928 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -279,6 +279,13 @@ static XSM_DEFAULT(int, grant_query_size) (struct domain 
*d1, struct domain *d2)
     return 0;
 }
 
+static XSM_DEFAULT(int, memory_exchange) (struct domain *d)
+{
+    if ( d != current->domain && !IS_PRIV_FOR(current->domain, d) )
+        return -EPERM;
+    return 0;
+}
+
 static XSM_DEFAULT(int, memory_adjust_reservation) (struct domain *d1,
                                                             struct domain *d2)
 {
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4134877..c5c6202 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -98,6 +98,7 @@ struct xsm_operations {
 
     int (*get_pod_target) (struct domain *d);
     int (*set_pod_target) (struct domain *d);
+    int (*memory_exchange) (struct domain *d);
     int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
     int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
     int (*memory_pin_page) (struct domain *d, struct page_info *page);
@@ -455,6 +456,11 @@ static inline int xsm_set_pod_target (struct domain *d)
     return xsm_ops->set_pod_target(d);
 }
 
+static inline int xsm_memory_exchange (struct domain *d)
+{
+    return xsm_ops->memory_exchange(d);
+}
+
 static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
                                                                     domain *d2)
 {
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 1bf9de9..5915c5e 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -83,6 +83,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, get_pod_target);
     set_to_dummy_if_null(ops, set_pod_target);
 
+    set_to_dummy_if_null(ops, memory_exchange);
     set_to_dummy_if_null(ops, memory_adjust_reservation);
     set_to_dummy_if_null(ops, memory_stat_reservation);
     set_to_dummy_if_null(ops, memory_pin_page);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f743be1..ad1c593 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -442,6 +442,11 @@ static int flask_set_pod_target(struct domain *d)
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
 }
 
+static int flask_memory_exchange(struct domain *d)
+{
+    return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
+}
+
 static int flask_memory_adjust_reservation(struct domain *d1, struct domain 
*d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
@@ -1642,6 +1647,7 @@ static struct xsm_operations flask_ops = {
 
     .get_pod_target = flask_get_pod_target,
     .set_pod_target = flask_set_pod_target,
+    .memory_exchange = flask_memory_exchange,
     .memory_adjust_reservation = flask_memory_adjust_reservation,
     .memory_stat_reservation = flask_memory_stat_reservation,
     .memory_pin_page = flask_memory_pin_page,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h 
b/xen/xsm/flask/include/av_perm_to_string.h
index 5d4f316..b2c77b2 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -112,6 +112,7 @@
    S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
    S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
    S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op")
+   S_(SECCLASS_MMU, MMU__EXCHANGE, "exchange")
    S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
    S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
    S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
diff --git a/xen/xsm/flask/include/av_permissions.h 
b/xen/xsm/flask/include/av_permissions.h
index f970b50..acb0b1a 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -118,6 +118,7 @@
 #define MMU__MEMORYMAP                            0x00000800UL
 #define MMU__REMOTE_REMAP                         0x00001000UL
 #define MMU__MMUEXT_OP                            0x00002000UL
+#define MMU__EXCHANGE                             0x00004000UL
 
 #define SHADOW__DISABLE                           0x00000001UL
 #define SHADOW__ENABLE                            0x00000002UL
-- 
1.7.11.2


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.