diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-04-19 10:50:08 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-04-19 10:50:08 +0200 |
| commit | abd10cf98fed1f8eb01b7826a171873a3b75c396 (patch) | |
| tree | 6745afc7e63817fd0727e816d6e91e880735ef61 /xen/arch/x86/domctl.c | |
| parent | 764012376a096a45bced88ee2ec1a6c17c6c22c7 (diff) | |
| download | xen-abd10cf98fed1f8eb01b7826a171873a3b75c396.tar.gz xen-abd10cf98fed1f8eb01b7826a171873a3b75c396.tar.bz2 xen-abd10cf98fed1f8eb01b7826a171873a3b75c396.zip | |
x86: remove IS_PRIV bypass on IRQ check
This prevents a process in dom0 from granting a domU access to an IRQ without
adding the IRQ to the domU's list of permitted IRQs. This operation currently
succeeds in dom0 but would fail if the device model were running in a stubdom,
so making the failure consistent should ease debugging of the device-model
stubdoms.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Diffstat (limited to 'xen/arch/x86/domctl.c')
| -rw-r--r-- | xen/arch/x86/domctl.c | 29 |
1 files changed, 9 insertions, 20 deletions
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 9580390594..1f16ad2568 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -565,9 +565,8 @@ long arch_do_domctl( case XEN_DOMCTL_bind_pt_irq: { - xen_domctl_bind_pt_irq_t * bind; - - bind = &(domctl->u.bind_pt_irq); + xen_domctl_bind_pt_irq_t *bind = &domctl->u.bind_pt_irq; + int irq; ret = -EINVAL; if ( !is_hvm_domain(d) ) @@ -577,14 +576,10 @@ long arch_do_domctl( if ( ret ) break; + irq = domain_pirq_to_irq(d, bind->machine_irq); ret = -EPERM; - if ( !IS_PRIV(current->domain) ) - { - int irq = domain_pirq_to_irq(d, bind->machine_irq); - - if ( irq <= 0 || !irq_access_permitted(current->domain, irq) ) - break; - } + if ( irq <= 0 || !irq_access_permitted(current->domain, irq) ) + break; ret = -ESRCH; if ( iommu_enabled ) @@ -601,18 +596,12 @@ long arch_do_domctl( case XEN_DOMCTL_unbind_pt_irq: { - xen_domctl_bind_pt_irq_t * bind; - - bind = &(domctl->u.bind_pt_irq); + xen_domctl_bind_pt_irq_t *bind = &domctl->u.bind_pt_irq; + int irq = domain_pirq_to_irq(d, bind->machine_irq); ret = -EPERM; - if ( !IS_PRIV(current->domain) ) - { - int irq = domain_pirq_to_irq(d, bind->machine_irq); - - if ( irq <= 0 || !irq_access_permitted(current->domain, irq) ) - break; - } + if ( irq <= 0 || !irq_access_permitted(current->domain, irq) ) + break; ret = xsm_unbind_pt_irq(XSM_HOOK, d, bind); if ( ret ) |