[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 10/23] xen: convert do_domctl to use XSM

The xsm_domctl hook now covers every domctl, in addition to the more
fine-grained XSM hooks in most sub-functions. This also removes the need
to special-case XEN_DOMCTL_getdomaininfo.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/domctl.c   |  2 +-
 xen/common/domctl.c     | 32 +++----------------
 xen/include/xsm/dummy.h | 16 ++++++++--
 xen/xsm/flask/hooks.c   | 85 ++++++++++++++++++++++++++++++++++++++++++++++++-
 4 files changed, 104 insertions(+), 31 deletions(-)

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 7069d7a..30518aa 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1534,7 +1534,7 @@ long arch_do_domctl(
     {
         struct domain *d;
 
-        ret = rcu_lock_remote_target_domain_by_id(domctl->domain, &d);
+        ret = rcu_lock_remote_domain_by_id(domctl->domain, &d);
         if ( ret != 0 )
             break;
 
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 536bef5..46bb0e3 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -264,27 +264,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             return -ESRCH;
     }
 
-    switch ( op->cmd )
-    {
-    case XEN_DOMCTL_ioport_mapping:
-    case XEN_DOMCTL_memory_mapping:
-    case XEN_DOMCTL_bind_pt_irq:
-    case XEN_DOMCTL_unbind_pt_irq: {
-        bool_t is_priv = IS_PRIV_FOR(current->domain, d);
-        if ( !is_priv )
-        {
-            ret = -EPERM;
-            goto domctl_out_unlock;
-        }
-        break;
-    }
-    case XEN_DOMCTL_getdomaininfo:
-        break;
-    default:
-        if ( !IS_PRIV(current->domain) )
-            return -EPERM;
-        break;
-    }
+    ret = xsm_domctl(d, op->cmd);
+    if ( ret )
+        goto domctl_out_unlock;
 
     if ( !domctl_lock_acquire() )
     {
@@ -858,17 +840,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
 
     case XEN_DOMCTL_subscribe:
     {
-        ret = xsm_domctl(d, op->cmd);
-        if ( !ret )
-            d->suspend_evtchn = op->u.subscribe.port;
+        d->suspend_evtchn = op->u.subscribe.port;
     }
     break;
 
     case XEN_DOMCTL_disable_migrate:
     {
-        ret = xsm_domctl(d, op->cmd);
-        if ( !ret )
-            d->disable_migrate = op->u.disable_migrate.disable;
+        d->disable_migrate = op->u.disable_migrate.disable;
     }
     break;
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index ae7b4f6..1c19e15 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -64,8 +64,6 @@ static XSM_INLINE int xsm_scheduler(struct domain *d)
 
 static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
     return 0;
 }
 
@@ -91,6 +89,20 @@ static XSM_INLINE int xsm_set_target(struct domain *d, 
struct domain *e)
 
 static XSM_INLINE int xsm_domctl(struct domain *d, int cmd)
 {
+    switch ( cmd )
+    {
+    case XEN_DOMCTL_ioport_mapping:
+    case XEN_DOMCTL_memory_mapping:
+    case XEN_DOMCTL_bind_pt_irq:
+    case XEN_DOMCTL_unbind_pt_irq: {
+        if ( !IS_PRIV_FOR(current->domain, d) )
+            return -EPERM;
+        break;
+    }
+    default:
+        if ( !IS_PRIV(current->domain) )
+            return -EPERM;
+    }
     return 0;
 }
 
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f9a2596..2e002f0 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -589,7 +589,90 @@ static int flask_set_target(struct domain *d, struct 
domain *e)
 
 static int flask_domctl(struct domain *d, int cmd)
 {
-    return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 
DOMAIN__SET_MISC_INFO);
+    switch ( cmd )
+    {
+    /* These have individual XSM hooks (common/domctl.c) */
+    case XEN_DOMCTL_createdomain:
+    case XEN_DOMCTL_destroydomain:
+    case XEN_DOMCTL_pausedomain:
+    case XEN_DOMCTL_unpausedomain:
+    case XEN_DOMCTL_getdomaininfo:
+    case XEN_DOMCTL_setvcpuaffinity:
+    case XEN_DOMCTL_max_mem:
+    case XEN_DOMCTL_setvcpucontext:
+    case XEN_DOMCTL_getvcpucontext:
+    case XEN_DOMCTL_getvcpuinfo:
+    case XEN_DOMCTL_max_vcpus:
+    case XEN_DOMCTL_scheduler_op:
+    case XEN_DOMCTL_setdomainhandle:
+    case XEN_DOMCTL_setdebugging:
+    case XEN_DOMCTL_irq_permission:
+    case XEN_DOMCTL_iomem_permission:
+    case XEN_DOMCTL_settimeoffset:
+    case XEN_DOMCTL_getvcpuaffinity:
+    case XEN_DOMCTL_resumedomain:
+    case XEN_DOMCTL_set_target:
+    case XEN_DOMCTL_set_virq_handler:
+#ifdef CONFIG_X86
+    /* These have individual XSM hooks (arch/x86/domctl.c) */
+    case XEN_DOMCTL_shadow_op:
+    case XEN_DOMCTL_ioport_permission:
+    case XEN_DOMCTL_getpageframeinfo:
+    case XEN_DOMCTL_getpageframeinfo2:
+    case XEN_DOMCTL_getpageframeinfo3:
+    case XEN_DOMCTL_getmemlist:
+    case XEN_DOMCTL_hypercall_init:
+    case XEN_DOMCTL_sethvmcontext:
+    case XEN_DOMCTL_gethvmcontext:
+    case XEN_DOMCTL_gethvmcontext_partial:
+    case XEN_DOMCTL_set_address_size:
+    case XEN_DOMCTL_get_address_size:
+    case XEN_DOMCTL_set_machine_address_size:
+    case XEN_DOMCTL_get_machine_address_size:
+    case XEN_DOMCTL_sendtrigger:
+    case XEN_DOMCTL_bind_pt_irq:
+    case XEN_DOMCTL_unbind_pt_irq:
+    case XEN_DOMCTL_memory_mapping:
+    case XEN_DOMCTL_ioport_mapping:
+    case XEN_DOMCTL_pin_mem_cacheattr:
+    case XEN_DOMCTL_set_ext_vcpucontext:
+    case XEN_DOMCTL_get_ext_vcpucontext:
+    case XEN_DOMCTL_setvcpuextstate:
+    case XEN_DOMCTL_getvcpuextstate:
+    case XEN_DOMCTL_mem_event_op:
+    case XEN_DOMCTL_mem_sharing_op:
+    case XEN_DOMCTL_set_access_required:
+    /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
+    case XEN_DOMCTL_get_device_group:
+    case XEN_DOMCTL_test_assign_device:
+    case XEN_DOMCTL_assign_device:
+    case XEN_DOMCTL_deassign_device:
+#endif
+        return 0;
+
+    case XEN_DOMCTL_subscribe:
+    case XEN_DOMCTL_disable_migrate:
+        return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
+                               DOMAIN__SET_MISC_INFO);
+
+    case XEN_DOMCTL_set_cpuid:
+    case XEN_DOMCTL_suppress_spurious_page_faults:
+    case XEN_DOMCTL_debug_op:
+    case XEN_DOMCTL_gettscinfo:
+    case XEN_DOMCTL_settscinfo:
+    case XEN_DOMCTL_audit_p2m:
+    case XEN_DOMCTL_gdbsx_guestmemio:
+    case XEN_DOMCTL_gdbsx_pausevcpu:
+    case XEN_DOMCTL_gdbsx_unpausevcpu:
+    case XEN_DOMCTL_gdbsx_domstatus:
+        /* TODO add per-subfunction hooks */
+        if ( !IS_PRIV(current->domain) )
+            return -EPERM;
+        return 0;
+    default:
+        printk("flask_domctl: Unknown op %d\n", cmd);
+        return -EPERM;
+    }
 }
 
 static int flask_set_virq_handler(struct domain *d, uint32_t virq)
-- 
1.7.11.7


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.