Xen project Mailing List

Re: [Xen-devel] [PATCH 12/18] xsm: Add missing domctl and mem_sharing hooks

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>

From: Keir Fraser <keir.xen@xxxxxxxxx>

Date: Mon, 06 Aug 2012 19:53:49 +0100

Delivery-date: Mon, 06 Aug 2012 18:54:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: Ac10BNB6BoEaqC3UcEuDHKmXzGt/fA==

Thread-topic: [Xen-devel] [PATCH 12/18] xsm: Add missing domctl and mem_sharing hooks

When someone wants to add a new domctl/sysctl, how many places will they have to add things to ensure that xsm dtrt for a basic setup, allowing only dom0 access to the new op? How big is the risk that we end up with new ops that have no access control? On 06/08/2012 15:32, "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx> wrote: > This patch adds new XSM hooks to cover the 12 domctls that were not > previously covered by an XSM hook, and splits up the mem_sharing and > mem_event XSM hooks to better cover what the code is doing. > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > --- > tools/flask/policy/policy/flask/access_vectors | 5 + > tools/flask/policy/policy/modules/xen/xen.if | 2 + > xen/arch/x86/domctl.c | 125 > +++++++++++++++---------- > xen/arch/x86/mm/mem_event.c | 45 ++++----- > xen/arch/x86/mm/mem_sharing.c | 23 ++++- > xen/include/asm-x86/mem_event.h | 1 - > xen/include/xsm/dummy.h | 65 ++++++++++++- > xen/include/xsm/xsm.h | 62 +++++++++++- > xen/xsm/dummy.c | 11 ++- > xen/xsm/flask/hooks.c | 62 +++++++++++- > xen/xsm/flask/include/av_perm_to_string.h | 5 + > xen/xsm/flask/include/av_permissions.h | 5 + > 12 files changed, 318 insertions(+), 93 deletions(-) > > diff --git a/tools/flask/policy/policy/flask/access_vectors > b/tools/flask/policy/policy/flask/access_vectors > index 11d02da..28b8ada 100644 > --- a/tools/flask/policy/policy/flask/access_vectors > +++ b/tools/flask/policy/policy/flask/access_vectors > @@ -80,6 +80,9 @@ class domain2 > relabelself > make_priv_for > set_as_target > + set_cpuid > + gettsc > + settsc > } > > class hvm > @@ -97,6 +100,8 @@ class hvm > hvmctl > mem_event > mem_sharing > + share_mem > + audit_p2m > } > > class event > diff --git a/tools/flask/policy/policy/modules/xen/xen.if > b/tools/flask/policy/policy/modules/xen/xen.if > index 4de99c8..f9bd757 100644 > --- a/tools/flask/policy/policy/modules/xen/xen.if > +++ b/tools/flask/policy/policy/modules/xen/xen.if > @@ -29,6 +29,7 @@ define(`create_domain_common', ` > getdomaininfo hypercall setvcpucontext setextvcpucontext > scheduler getvcpuinfo getvcpuextstate getaddrsize > getvcpuaffinity setvcpuaffinity }; > + allow $1 $2:domain2 { set_cpuid settsc }; > allow $1 $2:security check_context; > allow $1 $2:shadow enable; > allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage}; > @@ -67,6 +68,7 @@ define(`migrate_domain_out', ` > allow $1 $2:hvm { gethvmc getparam irqlevel }; > allow $1 $2:mmu { stat pageinfo map_read }; > allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext > getvcpuextstate pause destroy }; > + allow $1 $2:domain2 gettsc; > ') > > > ############################################################################## > ## > diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c > index bcb5b2d..95f34d2 100644 > --- a/xen/arch/x86/domctl.c > +++ b/xen/arch/x86/domctl.c > @@ -54,26 +54,6 @@ long arch_do_domctl( > > switch ( domctl->cmd ) > { > - /* TODO: the following do not have XSM hooks yet */ > - case XEN_DOMCTL_set_cpuid: > - case XEN_DOMCTL_suppress_spurious_page_faults: > - case XEN_DOMCTL_debug_op: > - case XEN_DOMCTL_gettscinfo: > - case XEN_DOMCTL_settscinfo: > - case XEN_DOMCTL_audit_p2m: > - case XEN_DOMCTL_gdbsx_guestmemio: > - case XEN_DOMCTL_gdbsx_pausevcpu: > - case XEN_DOMCTL_gdbsx_unpausevcpu: > - case XEN_DOMCTL_gdbsx_domstatus: > - /* getpageframeinfo[23] will leak XEN_DOMCTL_PFINFO_XTAB on target GFNs > */ > - case XEN_DOMCTL_getpageframeinfo2: > - case XEN_DOMCTL_getpageframeinfo3: > - if ( !IS_PRIV(current->domain) ) > - return -EPERM; > - } > - > - switch ( domctl->cmd ) > - { > > case XEN_DOMCTL_shadow_op: > { > @@ -190,6 +170,13 @@ long arch_do_domctl( > if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) ) > break; > > + ret = xsm_getpageframeinfo_domain(d); > + if ( ret ) > + { > + rcu_unlock_domain(d); > + break; > + } > + > if ( unlikely(num > 1024) || > unlikely(num != domctl->u.getpageframeinfo3.num) ) > { > @@ -287,6 +274,13 @@ long arch_do_domctl( > if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) ) > break; > > + ret = xsm_getpageframeinfo_domain(d); > + if ( ret ) > + { > + rcu_unlock_domain(d); > + break; > + } > + > if ( unlikely(num > 1024) ) > { > ret = -E2BIG; > @@ -1106,6 +1100,10 @@ long arch_do_domctl( > if ( d == NULL ) > break; > > + ret = xsm_set_cpuid(d); > + if ( ret ) > + goto set_cpuid_out; > + > for ( i = 0; i < MAX_CPUID_INPUT; i++ ) > { > cpuid = &d->arch.cpuids[i]; > @@ -1129,6 +1127,7 @@ long arch_do_domctl( > ret = 0; > } > > + set_cpuid_out: > rcu_unlock_domain(d); > } > break; > @@ -1143,6 +1142,10 @@ long arch_do_domctl( > if ( d == NULL ) > break; > > + ret = xsm_gettscinfo(d); > + if ( ret ) > + goto gettscinfo_out; > + > domain_pause(d); > tsc_get_info(d, &info.tsc_mode, > &info.elapsed_nsec, > @@ -1154,6 +1157,7 @@ long arch_do_domctl( > ret = 0; > domain_unpause(d); > > + gettscinfo_out: > rcu_unlock_domain(d); > } > break; > @@ -1167,15 +1171,20 @@ long arch_do_domctl( > if ( d == NULL ) > break; > > + ret = xsm_settscinfo(d); > + if ( ret ) > + goto settscinfo_out; > + > domain_pause(d); > tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode, > domctl->u.tsc_info.info.elapsed_nsec, > domctl->u.tsc_info.info.gtsc_khz, > domctl->u.tsc_info.info.incarnation); > domain_unpause(d); > + ret = 0; > > + settscinfo_out: > rcu_unlock_domain(d); > - ret = 0; > } > break; > > @@ -1187,9 +1196,10 @@ long arch_do_domctl( > d = rcu_lock_domain_by_id(domctl->domain); > if ( d != NULL ) > { > - d->arch.suppress_spurious_page_faults = 1; > + ret = xsm_domctl(d, domctl->cmd); > + if ( !ret ) > + d->arch.suppress_spurious_page_faults = 1; > rcu_unlock_domain(d); > - ret = 0; > } > } > break; > @@ -1204,6 +1214,10 @@ long arch_do_domctl( > if ( d == NULL ) > break; > > + ret = xsm_debug_op(d); > + if ( ret ) > + goto debug_op_out; > + > ret = -EINVAL; > if ( (domctl->u.debug_op.vcpu >= d->max_vcpus) || > ((v = d->vcpu[domctl->u.debug_op.vcpu]) == NULL) ) > @@ -1228,6 +1242,10 @@ long arch_do_domctl( > if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL ) > break; > > + ret = xsm_debug_op(d); > + if ( ret ) > + goto gdbsx_guestmemio_out; > + > domctl->u.gdbsx_guest_memio.remain = > domctl->u.gdbsx_guest_memio.len; > > @@ -1235,6 +1253,7 @@ long arch_do_domctl( > if ( !ret && copy_to_guest(u_domctl, domctl, 1) ) > ret = -EFAULT; > > + gdbsx_guestmemio_out: > rcu_unlock_domain(d); > } > break; > @@ -1248,21 +1267,20 @@ long arch_do_domctl( > if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL ) > break; > > + ret = xsm_debug_op(d); > + if ( ret ) > + goto gdbsx_pausevcpu_out; > + > ret = -EBUSY; > if ( !d->is_paused_by_controller ) > - { > - rcu_unlock_domain(d); > - break; > - } > + goto gdbsx_pausevcpu_out; > ret = -EINVAL; > if ( domctl->u.gdbsx_pauseunp_vcpu.vcpu >= MAX_VIRT_CPUS || > (v = d->vcpu[domctl->u.gdbsx_pauseunp_vcpu.vcpu]) == NULL ) > - { > - rcu_unlock_domain(d); > - break; > - } > + goto gdbsx_pausevcpu_out; > vcpu_pause(v); > ret = 0; > + gdbsx_pausevcpu_out: > rcu_unlock_domain(d); > } > break; > @@ -1276,23 +1294,22 @@ long arch_do_domctl( > if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL ) > break; > > + ret = xsm_debug_op(d); > + if ( ret ) > + goto gdbsx_unpausevcpu_out; > + > ret = -EBUSY; > if ( !d->is_paused_by_controller ) > - { > - rcu_unlock_domain(d); > - break; > - } > + goto gdbsx_unpausevcpu_out; > ret = -EINVAL; > if ( domctl->u.gdbsx_pauseunp_vcpu.vcpu >= MAX_VIRT_CPUS || > (v = d->vcpu[domctl->u.gdbsx_pauseunp_vcpu.vcpu]) == NULL ) > - { > - rcu_unlock_domain(d); > - break; > - } > + goto gdbsx_unpausevcpu_out; > if ( !atomic_read(&v->pause_count) ) > printk("WARN: Unpausing vcpu:%d which is not paused\n", > v->vcpu_id); > vcpu_unpause(v); > ret = 0; > + gdbsx_unpausevcpu_out: > rcu_unlock_domain(d); > } > break; > @@ -1306,6 +1323,10 @@ long arch_do_domctl( > if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL ) > break; > > + ret = xsm_debug_op(d); > + if ( ret ) > + goto gdbsx_domstatus_out; > + > domctl->u.gdbsx_domstatus.vcpu_id = -1; > domctl->u.gdbsx_domstatus.paused = d->is_paused_by_controller; > if ( domctl->u.gdbsx_domstatus.paused ) > @@ -1325,6 +1346,7 @@ long arch_do_domctl( > ret = 0; > if ( copy_to_guest(u_domctl, domctl, 1) ) > ret = -EFAULT; > + gdbsx_domstatus_out: > rcu_unlock_domain(d); > } > break; > @@ -1464,10 +1486,8 @@ long arch_do_domctl( > d = rcu_lock_domain_by_id(domctl->domain); > if ( d != NULL ) > { > - ret = xsm_mem_event(d); > - if ( !ret ) > - ret = mem_event_domctl(d, &domctl->u.mem_event_op, > - guest_handle_cast(u_domctl, void)); > + ret = mem_event_domctl(d, &domctl->u.mem_event_op, > + guest_handle_cast(u_domctl, void)); > rcu_unlock_domain(d); > copy_to_guest(u_domctl, domctl, 1); > } > @@ -1496,16 +1516,19 @@ long arch_do_domctl( > { > struct domain *d; > > - ret = rcu_lock_remote_target_domain_by_id(domctl->domain, &d); > - if ( ret != 0 ) > + d = rcu_lock_domain_by_id(domctl->domain); > + if ( d == NULL ) > break; > > - audit_p2m(d, > - &domctl->u.audit_p2m.orphans, > - &domctl->u.audit_p2m.m2p_bad, > - &domctl->u.audit_p2m.p2m_bad); > + ret = xsm_audit_p2m(d); > + if ( !ret ) > + audit_p2m(d, > + &domctl->u.audit_p2m.orphans, > + &domctl->u.audit_p2m.m2p_bad, > + &domctl->u.audit_p2m.p2m_bad); > + > rcu_unlock_domain(d); > - if ( copy_to_guest(u_domctl, domctl, 1) ) > + if ( !ret && copy_to_guest(u_domctl, domctl, 1) ) > ret = -EFAULT; > } > break; > @@ -1524,7 +1547,7 @@ long arch_do_domctl( > d = rcu_lock_domain_by_id(domctl->domain); > if ( d != NULL ) > { > - ret = xsm_mem_event(d); > + ret = xsm_mem_event_setup(d); > if ( !ret ) { > p2m = p2m_get_hostp2m(d); > p2m->access_required = > domctl->u.access_required.access_required; > diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c > index d728889..a5b02d9 100644 > --- a/xen/arch/x86/mm/mem_event.c > +++ b/xen/arch/x86/mm/mem_event.c > @@ -29,6 +29,7 @@ > #include <asm/mem_paging.h> > #include <asm/mem_access.h> > #include <asm/mem_sharing.h> > +#include <xsm/xsm.h> > > /* for public/io/ring.h macros */ > #define xen_mb() mb() > @@ -439,34 +440,22 @@ static void mem_sharing_notification(struct vcpu *v, > unsigned int port) > mem_sharing_sharing_resume(v->domain); > } > > -struct domain *get_mem_event_op_target(uint32_t domain, int *rc) > -{ > - struct domain *d; > - > - /* Get the target domain */ > - *rc = rcu_lock_remote_target_domain_by_id(domain, &d); > - if ( *rc != 0 ) > - return NULL; > - > - /* Not dying? */ > - if ( d->is_dying ) > - { > - rcu_unlock_domain(d); > - *rc = -EINVAL; > - return NULL; > - } > - > - return d; > -} > - > int do_mem_event_op(int op, uint32_t domain, void *arg) > { > int ret; > struct domain *d; > > - d = get_mem_event_op_target(domain, &ret); > + d = rcu_lock_domain_by_id(domain); > if ( !d ) > - return ret; > + return -ESRCH; > + > + ret = -EINVAL; > + if ( d->is_dying || d == current->domain ) > + goto out; > + > + ret = xsm_mem_event_op(d, op); > + if ( ret ) > + goto out; > > switch (op) > { > @@ -483,6 +472,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg) > ret = -ENOSYS; > } > > + out: > rcu_unlock_domain(d); > return ret; > } > @@ -516,6 +506,10 @@ int mem_event_domctl(struct domain *d, > xen_domctl_mem_event_op_t *mec, > { > int rc; > > + rc = xsm_mem_event_control(d, mec->mode, mec->op); > + if ( rc ) > + return rc; > + > if ( unlikely(d == current->domain) ) > { > gdprintk(XENLOG_INFO, "Tried to do a memory event op on itself.\n"); > @@ -537,13 +531,6 @@ int mem_event_domctl(struct domain *d, > xen_domctl_mem_event_op_t *mec, > return -EINVAL; > } > > - /* TODO: XSM hook */ > -#if 0 > - rc = xsm_mem_event_control(d, mec->op); > - if ( rc ) > - return rc; > -#endif > - > rc = -ENOSYS; > > switch ( mec->mode ) > diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c > index 5103285..a7e6c5c 100644 > --- a/xen/arch/x86/mm/mem_sharing.c > +++ b/xen/arch/x86/mm/mem_sharing.c > @@ -34,6 +34,7 @@ > #include <asm/atomic.h> > #include <xen/rcupdate.h> > #include <asm/event.h> > +#include <xsm/xsm.h> > > #include "mm-locks.h" > > @@ -1345,11 +1346,18 @@ int mem_sharing_memop(struct domain *d, > xen_mem_sharing_op_t *mec) > if ( !mem_sharing_enabled(d) ) > return -EINVAL; > > - cd = get_mem_event_op_target(mec->u.share.client_domain, &rc); > + cd = rcu_lock_domain_by_id(mec->u.share.client_domain); > if ( !cd ) > + return -ESRCH; > + > + rc = xsm_mem_sharing_op(d, cd, mec->op); > + if ( rc ) > + { > + rcu_unlock_domain(cd); > return rc; > + } > > - if ( !mem_sharing_enabled(cd) ) > + if ( cd == current->domain || !mem_sharing_enabled(cd) ) > { > rcu_unlock_domain(cd); > return -EINVAL; > @@ -1401,11 +1409,18 @@ int mem_sharing_memop(struct domain *d, > xen_mem_sharing_op_t *mec) > if ( !mem_sharing_enabled(d) ) > return -EINVAL; > > - cd = get_mem_event_op_target(mec->u.share.client_domain, &rc); > + cd = rcu_lock_domain_by_id(mec->u.share.client_domain); > if ( !cd ) > + return -ESRCH; > + > + rc = xsm_mem_sharing_op(d, cd, mec->op); > + if ( rc ) > + { > + rcu_unlock_domain(cd); > return rc; > + } > > - if ( !mem_sharing_enabled(cd) ) > + if ( cd == current->domain || !mem_sharing_enabled(cd) ) > { > rcu_unlock_domain(cd); > return -EINVAL; > diff --git a/xen/include/asm-x86/mem_event.h b/xen/include/asm-x86/mem_event.h > index 23d71c1..448be4f 100644 > --- a/xen/include/asm-x86/mem_event.h > +++ b/xen/include/asm-x86/mem_event.h > @@ -62,7 +62,6 @@ void mem_event_put_request(struct domain *d, struct > mem_event_domain *med, > int mem_event_get_response(struct domain *d, struct mem_event_domain *med, > mem_event_response_t *rsp); > > -struct domain *get_mem_event_op_target(uint32_t domain, int *rc); > int do_mem_event_op(int op, uint32_t domain, void *arg); > int mem_event_domctl(struct domain *d, xen_domctl_mem_event_op_t *mec, > XEN_GUEST_HANDLE(void) u_domctl); > diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h > index 0d849cc..c71c08b 100644 > --- a/xen/include/xsm/dummy.h > +++ b/xen/include/xsm/dummy.h > @@ -171,6 +171,13 @@ static XSM_DEFAULT(int, setdebugging) (struct domain *d) > return 0; > } > > +static XSM_DEFAULT(int, debug_op) (struct domain *d) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > static XSM_DEFAULT(int, perfcontrol) (void) > { > if ( !IS_PRIV(current->domain) ) > @@ -557,6 +564,34 @@ static XSM_DEFAULT(int, getpageframeinfo) (struct > page_info *page) > return 0; > } > > +static XSM_DEFAULT(int, getpageframeinfo_domain) (struct domain *d) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > +static XSM_DEFAULT(int, set_cpuid) (struct domain *d) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > +static XSM_DEFAULT(int, gettscinfo) (struct domain *d) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > +static XSM_DEFAULT(int, settscinfo) (struct domain *d) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > static XSM_DEFAULT(int, getmemlist) (struct domain *d) > { > if ( !IS_PRIV(current->domain) ) > @@ -627,13 +662,27 @@ static XSM_DEFAULT(int, hvm_inject_msi) (struct domain > *d) > return 0; > } > > -static XSM_DEFAULT(int, mem_event) (struct domain *d) > +static XSM_DEFAULT(int, mem_event_setup) (struct domain *d) > { > if ( !IS_PRIV(current->domain) ) > return -EPERM; > return 0; > } > > +static XSM_DEFAULT(int, mem_event_control) (struct domain *d, int mode, int > op) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > +static XSM_DEFAULT(int, mem_event_op) (struct domain *d, int op) > +{ > + if ( !IS_PRIV_FOR(current->domain, d) ) > + return -EPERM; > + return 0; > +} > + > static XSM_DEFAULT(int, mem_sharing) (struct domain *d) > { > if ( !IS_PRIV(current->domain) ) > @@ -641,6 +690,20 @@ static XSM_DEFAULT(int, mem_sharing) (struct domain *d) > return 0; > } > > +static XSM_DEFAULT(int, mem_sharing_op) (struct domain *d, struct domain *cd, > int op) > +{ > + if ( !IS_PRIV_FOR(current->domain, cd) ) > + return -EPERM; > + return 0; > +} > + > +static XSM_DEFAULT(int, audit_p2m) (struct domain *d) > +{ > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + return 0; > +} > + > static XSM_DEFAULT(int, apic) (struct domain *d, int cmd) > { > if ( !IS_PRIV(current->domain) ) > diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h > index 1a9f35b..b473b54 100644 > --- a/xen/include/xsm/xsm.h > +++ b/xen/include/xsm/xsm.h > @@ -67,6 +67,7 @@ struct xsm_operations { > int (*setdomainmaxmem) (struct domain *d); > int (*setdomainhandle) (struct domain *d); > int (*setdebugging) (struct domain *d); > + int (*debug_op) (struct domain *d); > int (*perfcontrol) (void); > int (*debug_keys) (void); > int (*getcpuinfo) (void); > @@ -142,6 +143,10 @@ struct xsm_operations { > #ifdef CONFIG_X86 > int (*shadow_control) (struct domain *d, uint32_t op); > int (*getpageframeinfo) (struct page_info *page); > + int (*getpageframeinfo_domain) (struct domain *d); > + int (*set_cpuid) (struct domain *d); > + int (*gettscinfo) (struct domain *d); > + int (*settscinfo) (struct domain *d); > int (*getmemlist) (struct domain *d); > int (*hypercall_init) (struct domain *d); > int (*hvmcontext) (struct domain *d, uint32_t op); > @@ -152,8 +157,12 @@ struct xsm_operations { > int (*hvm_set_isa_irq_level) (struct domain *d); > int (*hvm_set_pci_link_route) (struct domain *d); > int (*hvm_inject_msi) (struct domain *d); > - int (*mem_event) (struct domain *d); > + int (*mem_event_setup) (struct domain *d); > + int (*mem_event_control) (struct domain *d, int mode, int op); > + int (*mem_event_op) (struct domain *d, int op); > int (*mem_sharing) (struct domain *d); > + int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op); > + int (*audit_p2m) (struct domain *d); > int (*apic) (struct domain *d, int cmd); > int (*xen_settime) (void); > int (*memtype) (uint32_t access); > @@ -302,6 +311,11 @@ static inline int xsm_setdebugging (struct domain *d) > return xsm_call(setdebugging(d)); > } > > +static inline int xsm_debug_op (struct domain *d) > +{ > + return xsm_call(debug_op(d)); > +} > + > static inline int xsm_perfcontrol (void) > { > return xsm_call(perfcontrol()); > @@ -329,7 +343,7 @@ static inline int xsm_get_pmstat(void) > > static inline int xsm_setpminfo(void) > { > - return xsm_call(setpminfo()); > + return xsm_call(setpminfo()); > } > > static inline int xsm_pm_op(void) > @@ -608,6 +622,26 @@ static inline int xsm_getpageframeinfo (struct page_info > *page) > return xsm_call(getpageframeinfo(page)); > } > > +static inline int xsm_getpageframeinfo_domain (struct domain *d) > +{ > + return xsm_call(getpageframeinfo_domain(d)); > +} > + > +static inline int xsm_set_cpuid (struct domain *d) > +{ > + return xsm_call(set_cpuid(d)); > +} > + > +static inline int xsm_gettscinfo (struct domain *d) > +{ > + return xsm_call(gettscinfo(d)); > +} > + > +static inline int xsm_settscinfo (struct domain *d) > +{ > + return xsm_call(settscinfo(d)); > +} > + > static inline int xsm_getmemlist (struct domain *d) > { > return xsm_call(getmemlist(d)); > @@ -658,9 +692,19 @@ static inline int xsm_hvm_inject_msi (struct domain *d) > return xsm_call(hvm_inject_msi(d)); > } > > -static inline int xsm_mem_event (struct domain *d) > +static inline int xsm_mem_event_setup (struct domain *d) > +{ > + return xsm_call(mem_event_setup(d)); > +} > + > +static inline int xsm_mem_event_control (struct domain *d, int mode, int op) > +{ > + return xsm_call(mem_event_control(d, mode, op)); > +} > + > +static inline int xsm_mem_event_op (struct domain *d, int op) > { > - return xsm_call(mem_event(d)); > + return xsm_call(mem_event_op(d, op)); > } > > static inline int xsm_mem_sharing (struct domain *d) > @@ -668,6 +712,16 @@ static inline int xsm_mem_sharing (struct domain *d) > return xsm_call(mem_sharing(d)); > } > > +static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, > int op) > +{ > + return xsm_call(mem_sharing_op(d, cd, op)); > +} > + > +static inline int xsm_audit_p2m (struct domain *d) > +{ > + return xsm_call(audit_p2m(d)); > +} > + > static inline int xsm_apic (struct domain *d, int cmd) > { > return xsm_call(apic(d, cmd)); > diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c > index af532b8..09935d8 100644 > --- a/xen/xsm/dummy.c > +++ b/xen/xsm/dummy.c > @@ -51,6 +51,7 @@ void xsm_fixup_ops (struct xsm_operations *ops) > set_to_dummy_if_null(ops, setdomainmaxmem); > set_to_dummy_if_null(ops, setdomainhandle); > set_to_dummy_if_null(ops, setdebugging); > + set_to_dummy_if_null(ops, debug_op); > set_to_dummy_if_null(ops, perfcontrol); > set_to_dummy_if_null(ops, debug_keys); > set_to_dummy_if_null(ops, getcpuinfo); > @@ -124,6 +125,10 @@ void xsm_fixup_ops (struct xsm_operations *ops) > #ifdef CONFIG_X86 > set_to_dummy_if_null(ops, shadow_control); > set_to_dummy_if_null(ops, getpageframeinfo); > + set_to_dummy_if_null(ops, getpageframeinfo_domain); > + set_to_dummy_if_null(ops, set_cpuid); > + set_to_dummy_if_null(ops, gettscinfo); > + set_to_dummy_if_null(ops, settscinfo); > set_to_dummy_if_null(ops, getmemlist); > set_to_dummy_if_null(ops, hypercall_init); > set_to_dummy_if_null(ops, hvmcontext); > @@ -134,8 +139,12 @@ void xsm_fixup_ops (struct xsm_operations *ops) > set_to_dummy_if_null(ops, hvm_set_isa_irq_level); > set_to_dummy_if_null(ops, hvm_set_pci_link_route); > set_to_dummy_if_null(ops, hvm_inject_msi); > - set_to_dummy_if_null(ops, mem_event); > + set_to_dummy_if_null(ops, mem_event_setup); > + set_to_dummy_if_null(ops, mem_event_control); > + set_to_dummy_if_null(ops, mem_event_op); > set_to_dummy_if_null(ops, mem_sharing); > + set_to_dummy_if_null(ops, mem_sharing_op); > + set_to_dummy_if_null(ops, audit_p2m); > set_to_dummy_if_null(ops, apic); > set_to_dummy_if_null(ops, xen_settime); > set_to_dummy_if_null(ops, memtype); > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c > index f8aff14..4f71604 100644 > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -695,6 +695,12 @@ static int flask_setdebugging(struct domain *d) > DOMAIN__SETDEBUGGING); > } > > +static int flask_debug_op(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, > + DOMAIN__SETDEBUGGING); > +} > + > static int flask_debug_keys(void) > { > return domain_has_xen(current->domain, XEN__DEBUG); > @@ -1111,6 +1117,26 @@ static int flask_getpageframeinfo(struct page_info > *page) > return avc_has_perm(dsec->sid, tsid, SECCLASS_MMU, MMU__PAGEINFO, NULL); > } > > +static int flask_getpageframeinfo_domain(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGEINFO); > +} > + > +static int flask_set_cpuid(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2, > DOMAIN2__SET_CPUID); > +} > + > +static int flask_gettscinfo(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2, > DOMAIN2__GETTSC); > +} > + > +static int flask_settscinfo(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2, > DOMAIN2__SETTSC); > +} > + > static int flask_getmemlist(struct domain *d) > { > return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGELIST); > @@ -1201,7 +1227,17 @@ static int flask_hvm_set_pci_link_route(struct domain > *d) > return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__PCIROUTE); > } > > -static int flask_mem_event(struct domain *d) > +static int flask_mem_event_setup(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_EVENT); > +} > + > +static int flask_mem_event_control(struct domain *d, int mode, int op) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_EVENT); > +} > + > +static int flask_mem_event_op(struct domain *d, int op) > { > return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__MEM_EVENT); > } > @@ -1211,6 +1247,19 @@ static int flask_mem_sharing(struct domain *d) > return domain_has_perm(current->domain, d, SECCLASS_HVM, > HVM__MEM_SHARING); > } > > +static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op) > +{ > + int rc = domain_has_perm(current->domain, cd, SECCLASS_HVM, > HVM__MEM_SHARING); > + if ( rc ) > + return rc; > + return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM); > +} > + > +static int flask_audit_p2m(struct domain *d) > +{ > + return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__AUDIT_P2M); > +} > + > static int flask_apic(struct domain *d, int cmd) > { > u32 perm; > @@ -1586,6 +1635,7 @@ static struct xsm_operations flask_ops = { > .setdomainmaxmem = flask_setdomainmaxmem, > .setdomainhandle = flask_setdomainhandle, > .setdebugging = flask_setdebugging, > + .debug_op = flask_debug_op, > .perfcontrol = flask_perfcontrol, > .debug_keys = flask_debug_keys, > .getcpuinfo = flask_getcpuinfo, > @@ -1654,6 +1704,10 @@ static struct xsm_operations flask_ops = { > #ifdef CONFIG_X86 > .shadow_control = flask_shadow_control, > .getpageframeinfo = flask_getpageframeinfo, > + .getpageframeinfo_domain = flask_getpageframeinfo_domain, > + .set_cpuid = flask_set_cpuid, > + .gettscinfo = flask_gettscinfo, > + .settscinfo = flask_settscinfo, > .getmemlist = flask_getmemlist, > .hypercall_init = flask_hypercall_init, > .hvmcontext = flask_hvmcontext, > @@ -1662,8 +1716,12 @@ static struct xsm_operations flask_ops = { > .hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level, > .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level, > .hvm_set_pci_link_route = flask_hvm_set_pci_link_route, > - .mem_event = flask_mem_event, > + .mem_event_setup = flask_mem_event_setup, > + .mem_event_control = flask_mem_event_control, > + .mem_event_op = flask_mem_event_op, > .mem_sharing = flask_mem_sharing, > + .mem_sharing_op = flask_mem_sharing_op, > + .audit_p2m = flask_audit_p2m, > .apic = flask_apic, > .xen_settime = flask_xen_settime, > .memtype = flask_memtype, > diff --git a/xen/xsm/flask/include/av_perm_to_string.h > b/xen/xsm/flask/include/av_perm_to_string.h > index 10f8e80..997f098 100644 > --- a/xen/xsm/flask/include/av_perm_to_string.h > +++ b/xen/xsm/flask/include/av_perm_to_string.h > @@ -66,6 +66,9 @@ > S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself") > S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for") > S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target") > + S_(SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID, "set_cpuid") > + S_(SECCLASS_DOMAIN2, DOMAIN2__GETTSC, "gettsc") > + S_(SECCLASS_DOMAIN2, DOMAIN2__SETTSC, "settsc") > S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc") > S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc") > S_(SECCLASS_HVM, HVM__SETPARAM, "setparam") > @@ -79,6 +82,8 @@ > S_(SECCLASS_HVM, HVM__HVMCTL, "hvmctl") > S_(SECCLASS_HVM, HVM__MEM_EVENT, "mem_event") > S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing") > + S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem") > + S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m") > S_(SECCLASS_EVENT, EVENT__BIND, "bind") > S_(SECCLASS_EVENT, EVENT__SEND, "send") > S_(SECCLASS_EVENT, EVENT__STATUS, "status") > diff --git a/xen/xsm/flask/include/av_permissions.h > b/xen/xsm/flask/include/av_permissions.h > index f7cfee1..8596a55 100644 > --- a/xen/xsm/flask/include/av_permissions.h > +++ b/xen/xsm/flask/include/av_permissions.h > @@ -68,6 +68,9 @@ > #define DOMAIN2__RELABELSELF 0x00000004UL > #define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL > #define DOMAIN2__SET_AS_TARGET 0x00000010UL > +#define DOMAIN2__SET_CPUID 0x00000020UL > +#define DOMAIN2__GETTSC 0x00000040UL > +#define DOMAIN2__SETTSC 0x00000080UL > > #define HVM__SETHVMC 0x00000001UL > #define HVM__GETHVMC 0x00000002UL > @@ -82,6 +85,8 @@ > #define HVM__HVMCTL 0x00000400UL > #define HVM__MEM_EVENT 0x00000800UL > #define HVM__MEM_SHARING 0x00001000UL > +#define HVM__SHARE_MEM 0x00002000UL > +#define HVM__AUDIT_P2M 0x00004000UL > > #define EVENT__BIND 0x00000001UL > #define EVENT__SEND 0x00000002UL _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.