[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 18/23] arch/x86: Add missing mem_sharing XSM hooks

Cc'ing Joe, the author of the original check I'm talking about below. 

At 11:23 -0400 on 17 Sep (1347881020), Daniel De Graaf wrote:
> diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
> index 24e2d93..7062f02 100644
> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -1447,10 +1447,8 @@ long arch_do_domctl(
>          d = rcu_lock_domain_by_id(domctl->domain);
>          if ( d != NULL )
>          {
> -            ret = xsm_mem_event(d);
> -            if ( !ret )
> -                ret = mem_event_domctl(d, &domctl->u.mem_event_op,
> -                                       guest_handle_cast(u_domctl, void));
> +            ret = mem_event_domctl(d, &domctl->u.mem_event_op,
> +                                   guest_handle_cast(u_domctl, void));
>              rcu_unlock_domain(d);
>              copy_to_guest(u_domctl, domctl, 1);
>          } 
> @@ -1506,7 +1504,7 @@ long arch_do_domctl(
>          d = rcu_lock_domain_by_id(domctl->domain);
>          if ( d != NULL )
>          {
> -            ret = xsm_mem_event(d);
> +            ret = xsm_mem_event_setup(d);
>              if ( !ret ) {
>                  p2m = p2m_get_hostp2m(d);
>                  p2m->access_required = 
> domctl->u.access_required.access_required;

[...]

> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 626a332..5fb0afe 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -551,16 +551,37 @@ static XSM_DEFAULT(int, hvm_inject_msi) (struct domain 
> *d)
>      return 0;
>  }
>  
> -static XSM_DEFAULT(int, mem_event) (struct domain *d)
> +static XSM_DEFAULT(int, mem_event_setup) (struct domain *d)
>  {
>      return 0;
>  }

I think this ought to be at least IS_PRIV_FOR.  I can see the original
code allowed all callers to use it, but surely it ought to be only for
the tools.  Since only the tools can actually set the mem-access rights
(and so this is pretty much a noop) I don't think this causes any
substantial problem but we might as well adjust it anyway.

Tim.

> +static XSM_DEFAULT(int, mem_event_control) (struct domain *d, int mode, int 
> op)
> +{
> +    if ( !IS_PRIV(current->domain) )
> +        return -EPERM;
> +    return 0;
> +}
> +
> +static XSM_DEFAULT(int, mem_event_op) (struct domain *d, int op)
> +{
> +    if ( !IS_PRIV_FOR(current->domain, d) )
> +        return -EPERM;
> +    return 0;
> +}
> +
>  static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
>  {
>      return 0;
>  }
>  
> +static XSM_DEFAULT(int, mem_sharing_op) (struct domain *d, struct domain 
> *cd, int op)
> +{
> +    if ( !IS_PRIV_FOR(current->domain, cd) )
> +        return -EPERM;
> +    return 0;
> +}
> +
>  static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
>  {
>      if ( !IS_PRIV(d) )
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 96e4b13..c08a664 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -151,8 +151,11 @@ struct xsm_operations {
>      int (*hvm_set_isa_irq_level) (struct domain *d);
>      int (*hvm_set_pci_link_route) (struct domain *d);
>      int (*hvm_inject_msi) (struct domain *d);
> -    int (*mem_event) (struct domain *d);
> +    int (*mem_event_setup) (struct domain *d);
> +    int (*mem_event_control) (struct domain *d, int mode, int op);
> +    int (*mem_event_op) (struct domain *d, int op);
>      int (*mem_sharing) (struct domain *d);
> +    int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
>      int (*apic) (struct domain *d, int cmd);
>      int (*xen_settime) (void);
>      int (*memtype) (uint32_t access);
> @@ -663,9 +666,19 @@ static inline int xsm_hvm_inject_msi (struct domain *d)
>      return xsm_ops->hvm_inject_msi(d);
>  }
>  
> -static inline int xsm_mem_event (struct domain *d)
> +static inline int xsm_mem_event_setup (struct domain *d)
>  {
> -    return xsm_ops->mem_event(d);
> +    return xsm_ops->mem_event_setup(d);
> +}
> +
> +static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
> +{
> +    return xsm_ops->mem_event_control(d, mode, op);
> +}
> +
> +static inline int xsm_mem_event_op (struct domain *d, int op)
> +{
> +    return xsm_ops->mem_event_op(d, op);
>  }
>  
>  static inline int xsm_mem_sharing (struct domain *d)
> @@ -673,6 +686,11 @@ static inline int xsm_mem_sharing (struct domain *d)
>      return xsm_ops->mem_sharing(d);
>  }
>  
> +static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, 
> int op)
> +{
> +    return xsm_ops->mem_sharing_op(d, cd, op);
> +}
> +
>  static inline int xsm_apic (struct domain *d, int cmd)
>  {
>      return xsm_ops->apic(d, cmd);
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index 43e8617..3926b2b 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -135,8 +135,11 @@ void xsm_fixup_ops (struct xsm_operations *ops)
>      set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
>      set_to_dummy_if_null(ops, hvm_set_pci_link_route);
>      set_to_dummy_if_null(ops, hvm_inject_msi);
> -    set_to_dummy_if_null(ops, mem_event);
> +    set_to_dummy_if_null(ops, mem_event_setup);
> +    set_to_dummy_if_null(ops, mem_event_control);
> +    set_to_dummy_if_null(ops, mem_event_op);
>      set_to_dummy_if_null(ops, mem_sharing);
> +    set_to_dummy_if_null(ops, mem_sharing_op);
>      set_to_dummy_if_null(ops, apic);
>      set_to_dummy_if_null(ops, xen_settime);
>      set_to_dummy_if_null(ops, memtype);
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index a242d65..65db2b7 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1277,7 +1277,17 @@ static int flask_hvm_inject_msi(struct domain *d)
>      return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
>  }
>  
> -static int flask_mem_event(struct domain *d)
> +static int flask_mem_event_setup(struct domain *d)
> +{
> +    return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
> +}
> +
> +static int flask_mem_event_control(struct domain *d, int mode, int op)
> +{
> +    return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
> +}
> +
> +static int flask_mem_event_op(struct domain *d, int op)
>  {
>      return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
>  }
> @@ -1287,6 +1297,14 @@ static int flask_mem_sharing(struct domain *d)
>      return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
>  }
>  
> +static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
> +{
> +    int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
> +    if ( rc )
> +        return rc;
> +    return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
> +}
> +
>  static int flask_apic(struct domain *d, int cmd)
>  {
>      u32 perm;
> @@ -1736,8 +1754,11 @@ static struct xsm_operations flask_ops = {
>      .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
>      .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
>      .hvm_inject_msi = flask_hvm_inject_msi,
> -    .mem_event = flask_mem_event,
> +    .mem_event_setup = flask_mem_event_setup,
> +    .mem_event_control = flask_mem_event_control,
> +    .mem_event_op = flask_mem_event_op,
>      .mem_sharing = flask_mem_sharing,
> +    .mem_sharing_op = flask_mem_sharing_op,
>      .apic = flask_apic,
>      .xen_settime = flask_xen_settime,
>      .memtype = flask_memtype,
> diff --git a/xen/xsm/flask/include/av_perm_to_string.h 
> b/xen/xsm/flask/include/av_perm_to_string.h
> index 894910c..186f1fa 100644
> --- a/xen/xsm/flask/include/av_perm_to_string.h
> +++ b/xen/xsm/flask/include/av_perm_to_string.h
> @@ -84,6 +84,7 @@
>     S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing")
>     S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m")
>     S_(SECCLASS_HVM, HVM__SEND_IRQ, "send_irq")
> +   S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem")
>     S_(SECCLASS_EVENT, EVENT__BIND, "bind")
>     S_(SECCLASS_EVENT, EVENT__SEND, "send")
>     S_(SECCLASS_EVENT, EVENT__STATUS, "status")
> diff --git a/xen/xsm/flask/include/av_permissions.h 
> b/xen/xsm/flask/include/av_permissions.h
> index 1bdb515..b3831f6 100644
> --- a/xen/xsm/flask/include/av_permissions.h
> +++ b/xen/xsm/flask/include/av_permissions.h
> @@ -87,6 +87,7 @@
>  #define HVM__MEM_SHARING                          0x00001000UL
>  #define HVM__AUDIT_P2M                            0x00002000UL
>  #define HVM__SEND_IRQ                             0x00004000UL
> +#define HVM__SHARE_MEM                            0x00008000UL
>  
>  #define EVENT__BIND                               0x00000001UL
>  #define EVENT__SEND                               0x00000002UL
> -- 
> 1.7.11.4
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.