diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:48 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:48 +0000 |
commit | 875756ca34fabc7243c4a682ffd7008710a907e2 (patch) | |
tree | c4992e378b41a03f691fe756a5c3343b62381db9 /xen/arch/x86/physdev.c | |
parent | 4c1b911bbcd97fb68b4a9e0903a6644e50adda01 (diff) | |
download | xen-875756ca34fabc7243c4a682ffd7008710a907e2.tar.gz xen-875756ca34fabc7243c4a682ffd7008710a907e2.tar.bz2 xen-875756ca34fabc7243c4a682ffd7008710a907e2.zip |
xsm: Add missing access checks
Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Diffstat (limited to 'xen/arch/x86/physdev.c')
-rw-r--r-- | xen/arch/x86/physdev.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index c1c7e54da6..ca4fb59e97 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -600,6 +600,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg) if ( !IS_PRIV(current->domain) ) break; + ret = xsm_resource_setup_misc(); + if ( ret ) + break; + ret = -EFAULT; if ( copy_from_guest(&info, arg, 1) ) break; @@ -662,6 +666,11 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg) ret = -EINVAL; if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi ) break; + + ret = xsm_resource_setup_gsi(setup_gsi.gsi); + if ( ret ) + break; + ret = mp_register_gsi(setup_gsi.gsi, setup_gsi.triggering, setup_gsi.polarity); break; |