[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm_remove_from_physmap is (so far) only defined for X86 architecture, not for ARM



On Tue, 15 Jan 2013, Ian Campbell wrote:
> From 469d20054b96b8bc749891c366659532b67d6031 Mon Sep 17 00:00:00 2001
> From: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Date: Fri, 11 Jan 2013 16:44:14 +0000
> Subject: [PATCH] xen arm: add XSM hooks to arch_memory_op
> 
> Treat XENMEM_add_to_physmap_range the same as XENMEM_add_to_physmap.
> 
> Also conditionalise more x86-isms and add required headers such that
> it compiles on ARM. Totally untested.
> 
> Reported-by: Lars Rasmusson <Lars.Rasmusson@xxxxxxx>
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

the patch looks mostly to me


> diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
> index 4426ab9..f9b16f2 100644
> --- a/xen/xsm/flask/flask_op.c
> +++ b/xen/xsm/flask/flask_op.c
> @@ -10,9 +10,11 @@
> 
>  #include <xen/errno.h>
>  #include <xen/event.h>
> +#include <xen/init.h>
>  #include <xsm/xsm.h>
>  #include <xen/guest_access.h>
> 
> +#include <public/event_channel.h>
>  #include <public/xsm/flask_op.h>
> 
>  #include <avc.h>
> @@ -71,7 +73,7 @@ static int domain_has_security(struct domain *d, u32 perms)
>                          perms, NULL);
>  }
> 
> -static int flask_copyin_string(XEN_GUEST_HANDLE_PARAM(char) u_buf, char 
> **buf, uint32_t size)
> +static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, 
> uint32_t size)
>  {
>      char *tmp = xmalloc_bytes(size + 1);
>      if ( !tmp )

this change is correct


> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index ba67502..c39f129 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -19,11 +19,15 @@
>  #include <xen/errno.h>
>  #include <xen/guest_access.h>
>  #include <xen/xenoprof.h>
> +#ifdef CONFIG_X86
>  #include <asm/msi.h>
> +#endif
> +#include <asm/irq.h>
>  #include <public/xen.h>
>  #include <public/physdev.h>
>  #include <public/platform.h>
> 
> +#include <public/event_channel.h>
>  #include <public/xsm/flask_op.h>
> 
>  #include <avc.h>
> @@ -100,7 +104,9 @@ static int domain_has_xen(struct domain *d, u32 perms)
> 
>  static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
>  {
> +#ifdef CONFIG_X86
>      struct irq_desc *desc = irq_to_desc(irq);
> +#endif
>      if ( irq >= nr_irqs || irq < 0 )
>          return -EINVAL;
>      if ( irq < nr_static_irqs ) {
> @@ -110,6 +116,7 @@ static int get_irq_sid(int irq, u32 *sid, struct 
> avc_audit_data *ad)
>          }
>          return security_irq_sid(irq, sid);
>      }
> +#ifdef CONFIG_X86
>      if ( desc->msi_desc ) {
>          struct pci_dev *dev = desc->msi_desc->dev;
>          u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> @@ -119,6 +126,7 @@ static int get_irq_sid(int irq, u32 *sid, struct 
> avc_audit_data *ad)
>          }
>          return security_device_sid(sbdf, sid);
>      }
> +#endif
>      if (ad) {
>          AVC_AUDIT_DATA_INIT(ad, IRQ);
>          ad->irq = irq;
> @@ -822,7 +830,9 @@ static int flask_map_domain_pirq (struct domain *d, int 
> irq, void *data)
>  {
>      u32 sid, dsid;
>      int rc = -EPERM;
> +#ifdef CONFIG_X86
>      struct msi_info *msi = data;
> +#endif
>      struct avc_audit_data ad;
> 
>      rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
> @@ -830,12 +840,17 @@ static int flask_map_domain_pirq (struct domain *d, int 
> irq, void *data)
>      if ( rc )
>          return rc;
> 
> -    if ( irq >= nr_static_irqs && msi ) {
> +#ifdef CONFIG_X86
> +    if ( irq >= nr_static_irqs && msi )
> +    {
>          u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
>          AVC_AUDIT_DATA_INIT(&ad, DEV);
>          ad.device = machine_bdf;
>          rc = security_device_sid(machine_bdf, &sid);
> -    } else {
> +    }
> +    else
> +#endif
> +    {
>          rc = get_irq_sid(irq, &sid, &ad);
>      }
>      if ( rc )

this part is a bit ugly, can we refactor the msi checks into separate,
arch specific, functions?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.