[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v03 02/10] domctl: introduce access_remote_pagetable call



The following call is designed to check is domain
can access MMU of remoteprocessor, such as IPU or GPU.

Signed-off-by: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
---
 xen/include/public/domctl.h         | 1 +
 xen/xsm/flask/hooks.c               | 3 +++
 xen/xsm/flask/policy/access_vectors | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 8c4d4c5..eedf933 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -1067,6 +1067,7 @@ struct xen_domctl {
 #define XEN_DOMCTL_configure_domain              74
 #define XEN_DOMCTL_dtdev_op                      75
 #define XEN_DOMCTL_assign_dt_device              76
+#define XEN_DOMCTL_access_remote_pagetable       77
 #define XEN_DOMCTL_gdbsx_guestmemio            1000
 #define XEN_DOMCTL_gdbsx_pausevcpu             1001
 #define XEN_DOMCTL_gdbsx_unpausevcpu           1002
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 8a5ff7c..897b53f 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -718,6 +718,9 @@ static int flask_domctl(struct domain *d, int cmd)
     case XEN_DOMCTL_configure_domain:
         return current_has_perm(d, SECCLASS_DOMAIN2, 
DOMAIN2__CONFIGURE_DOMAIN);
 
+    case XEN_DOMCTL_access_remote_pagetable:
+        return current_has_perm(d, SECCLASS_DOMAIN2, 
DOMAIN2__ACCESS_REMOTE_PAGETABLE);
+
     default:
         printk("flask_domctl: Unknown op %d\n", cmd);
         return -EPERM;
diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
index 33eec66..1a9aff1 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -202,6 +202,8 @@ class domain2
     create_hardware_domain
 # XEN_DOMCTL_configure_domain
     configure_domain
+# XEN_DOMCTL_access_remote_pagetable
+    access_remote_pagetable
 }
 
 # Similar to class domain, but primarily contains domctls related to HVM 
domains
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.