[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 16/23] xen: Add XSM hook for XENMEM_exchange

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
---
 tools/flask/policy/policy/flask/access_vectors |  1 +
 tools/flask/policy/policy/modules/xen/xen.if   |  2 ++
 xen/common/memory.c                            | 12 +++++++++++-
 xen/include/xsm/dummy.h                        |  7 +++++++
 xen/include/xsm/xsm.h                          |  6 ++++++
 xen/xsm/dummy.c                                |  1 +
 xen/xsm/flask/hooks.c                          |  6 ++++++
 xen/xsm/flask/include/av_perm_to_string.h      |  1 +
 xen/xsm/flask/include/av_permissions.h         |  1 +
 9 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/tools/flask/policy/policy/flask/access_vectors 
b/tools/flask/policy/policy/flask/access_vectors
index 8324725..caf65d2 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -142,6 +142,7 @@ class mmu
     memorymap
     remote_remap
        mmuext_op
+       exchange
 }
 
 class shadow
diff --git a/tools/flask/policy/policy/modules/xen/xen.if 
b/tools/flask/policy/policy/modules/xen/xen.if
index fda5cb5..d9d5344 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -30,6 +30,7 @@ define(`declare_domain', `
 #   containing at most one domain. This is not enforced by policy.
 define(`declare_singleton_domain', `
        type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)');
+       define(`$1_self', `$1')
        type $1_channel, event_type;
        type_transition $1 domain_type:event $1_channel;
        declare_domain_common($1, $1)
@@ -161,6 +162,7 @@ define(`make_device_model', `
 # use_device(domain, device)
 #   Allow a device to be used by a domain
 define(`use_device', `
+    allow $1 $1_self:mmu exchange;
     allow $1 $2:resource use;
     allow $1 domio_t:mmu { map_read map_write };
 ')
diff --git a/xen/common/memory.c b/xen/common/memory.c
index dd36b83..7d3c326 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -329,9 +329,19 @@ static long 
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
         out_chunk_order = exch.in.extent_order - exch.out.extent_order;
     }
 
-    rc = rcu_lock_target_domain_by_id(exch.in.domid, &d);
+    d = rcu_lock_domain_by_any_id(exch.in.domid);
+    if ( d == NULL )
+    {
+        rc = -ESRCH;
+        goto fail_early;
+    }
+
+    rc = xsm_memory_exchange(d);
     if ( rc )
+    {
+        rcu_unlock_domain(d);
         goto fail_early;
+    }
 
     memflags |= MEMF_bits(domain_clamp_alloc_bitsize(
         d,
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 6648739..9894d8d 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -235,6 +235,13 @@ static XSM_INLINE int xsm_grant_query_size(struct domain 
*d1, struct domain *d2)
     return 0;
 }
 
+static XSM_INLINE int xsm_memory_exchange(struct domain *d)
+{
+    if ( d != current->domain && !IS_PRIV_FOR(current->domain, d) )
+        return -EPERM;
+    return 0;
+}
+
 static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
                                                             struct domain *d2)
 {
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index d41eb54..a8c1d87 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -96,6 +96,7 @@ struct xsm_operations {
 
     int (*get_pod_target) (struct domain *d);
     int (*set_pod_target) (struct domain *d);
+    int (*memory_exchange) (struct domain *d);
     int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
     int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
     int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct 
page_info *page);
@@ -453,6 +454,11 @@ static inline int xsm_set_pod_target (struct domain *d)
     return xsm_ops->set_pod_target(d);
 }
 
+static inline int xsm_memory_exchange (struct domain *d)
+{
+    return xsm_ops->memory_exchange(d);
+}
+
 static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
                                                                     domain *d2)
 {
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 200cbc8..71299d5 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -84,6 +84,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, get_pod_target);
     set_to_dummy_if_null(ops, set_pod_target);
 
+    set_to_dummy_if_null(ops, memory_exchange);
     set_to_dummy_if_null(ops, memory_adjust_reservation);
     set_to_dummy_if_null(ops, memory_stat_reservation);
     set_to_dummy_if_null(ops, memory_pin_page);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b2f00d8..167f8e6 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -396,6 +396,11 @@ static int flask_set_pod_target(struct domain *d)
     return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
 }
 
+static int flask_memory_exchange(struct domain *d)
+{
+    return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
+}
+
 static int flask_memory_adjust_reservation(struct domain *d1, struct domain 
*d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
@@ -1685,6 +1690,7 @@ static struct xsm_operations flask_ops = {
 
     .get_pod_target = flask_get_pod_target,
     .set_pod_target = flask_set_pod_target,
+    .memory_exchange = flask_memory_exchange,
     .memory_adjust_reservation = flask_memory_adjust_reservation,
     .memory_stat_reservation = flask_memory_stat_reservation,
     .memory_pin_page = flask_memory_pin_page,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h 
b/xen/xsm/flask/include/av_perm_to_string.h
index 8f65b96..79d5939 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -112,6 +112,7 @@
    S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
    S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
    S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op")
+   S_(SECCLASS_MMU, MMU__EXCHANGE, "exchange")
    S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
    S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
    S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
diff --git a/xen/xsm/flask/include/av_permissions.h 
b/xen/xsm/flask/include/av_permissions.h
index 18454fd..d982328 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -118,6 +118,7 @@
 #define MMU__MEMORYMAP                            0x00000800UL
 #define MMU__REMOTE_REMAP                         0x00001000UL
 #define MMU__MMUEXT_OP                            0x00002000UL
+#define MMU__EXCHANGE                             0x00004000UL
 
 #define SHADOW__DISABLE                           0x00000001UL
 #define SHADOW__ENABLE                            0x00000002UL
-- 
1.7.11.7


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.