From: Jan Beulich Subject: domctl/XSM: drop scheduler_op hook Integrate the checking with xsm_domctl(), now that it has the full op struct passed. As a positive side effect, permissions are then checked at the same early point with and without Flask. This is part of XSA-492. Signed-off-by: Jan Beulich Acked-by: Daniel P. Smith Reviewed-by: Juergen Gross --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2073,10 +2073,6 @@ long sched_adjust(struct domain *d, stru { long ret; - ret = xsm_domctl_scheduler_op(XSM_HOOK, d, op->cmd); - if ( ret ) - return ret; - if ( op->sched_id != dom_scheduler(d)->sched_id ) return -EINVAL; --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -141,13 +141,6 @@ static XSM_INLINE int cf_check xsm_getdo return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int cf_check xsm_domctl_scheduler_op( - XSM_DEFAULT_ARG struct domain *d, int cmd) -{ - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, d); -} - static XSM_INLINE int cf_check xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -56,7 +56,6 @@ struct xsm_ops { struct xen_domctl_getdomaininfo *info); int (*domain_create)(struct domain *d, uint32_t ssidref); int (*getdomaininfo)(struct domain *d); - int (*domctl_scheduler_op)(struct domain *d, int op); #ifdef CONFIG_SYSCTL int (*sysctl_scheduler_op)(int op); #endif @@ -238,12 +237,6 @@ static inline int xsm_get_domain_state(x return alternative_call(xsm_ops.get_domain_state, d); } -static inline int xsm_domctl_scheduler_op( - xsm_default_t def, struct domain *d, int cmd) -{ - return alternative_call(xsm_ops.domctl_scheduler_op, d, cmd); -} - #ifdef CONFIG_SYSCTL static inline int xsm_sysctl_scheduler_op(xsm_default_t def, int cmd) { --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -18,7 +18,6 @@ static const struct xsm_ops __initconst_ .security_domaininfo = xsm_security_domaininfo, .domain_create = xsm_domain_create, .getdomaininfo = xsm_getdomaininfo, - .domctl_scheduler_op = xsm_domctl_scheduler_op, #ifdef CONFIG_SYSCTL .sysctl_scheduler_op = xsm_sysctl_scheduler_op, #endif --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -576,7 +576,7 @@ static int cf_check flask_getdomaininfo( return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO); } -static int cf_check flask_domctl_scheduler_op(struct domain *d, int op) +static int flask_domctl_scheduler_op(struct domain *d, int op) { switch ( op ) { @@ -664,7 +664,6 @@ static int cf_check flask_domctl(struct return -EILSEQ; /* These have individual XSM hooks (common/domctl.c) */ - case XEN_DOMCTL_scheduler_op: case XEN_DOMCTL_set_target: #ifdef CONFIG_X86 @@ -712,6 +711,9 @@ static int cf_check flask_domctl(struct case XEN_DOMCTL_setdomainhandle: return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE); + case XEN_DOMCTL_scheduler_op: + return flask_domctl_scheduler_op(d, op->u.scheduler_op.cmd); + case XEN_DOMCTL_set_ext_vcpucontext: case XEN_DOMCTL_set_vcpu_msrs: case XEN_DOMCTL_setvcpucontext: @@ -1847,7 +1849,6 @@ static const struct xsm_ops __initconst_ .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, - .domctl_scheduler_op = flask_domctl_scheduler_op, #ifdef CONFIG_SYSCTL .sysctl_scheduler_op = flask_sysctl_scheduler_op, #endif