xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

1 files changed, 9 insertions, 0 deletions

diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index c1c7e54da6..ca4fb59e97 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -600,6 +600,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
         if ( !IS_PRIV(current->domain) )
             break;
 
+        ret = xsm_resource_setup_misc();
+        if ( ret )
+            break;
+
         ret = -EFAULT;
         if ( copy_from_guest(&info, arg, 1) )
             break;
@@ -662,6 +666,11 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
         ret = -EINVAL;
         if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi )
             break;
+
+        ret = xsm_resource_setup_gsi(setup_gsi.gsi);
+        if ( ret )
+            break;
+
         ret = mp_register_gsi(setup_gsi.gsi, setup_gsi.triggering,
                               setup_gsi.polarity);
         break;