xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

1 files changed, 14 insertions, 0 deletions

diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index 738e5172fe..379f0719ec 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -103,6 +103,10 @@ long arch_do_sysctl(
         uint32_t i, max_cpu_index, last_online_cpu;
         xen_sysctl_topologyinfo_t *ti = &sysctl->u.topologyinfo;
 
+        ret = xsm_physinfo();
+        if ( ret )
+            break;
+
         last_online_cpu = cpumask_last(&cpu_online_map);
         max_cpu_index = min_t(uint32_t, ti->max_cpu_index, last_online_cpu);
         ti->max_cpu_index = last_online_cpu;
@@ -139,6 +143,10 @@ long arch_do_sysctl(
         uint32_t i, j, max_node_index, last_online_node;
         xen_sysctl_numainfo_t *ni = &sysctl->u.numainfo;
 
+        ret = xsm_physinfo();
+        if ( ret )
+            break;
+
         last_online_node = last_node(node_online_map);
         max_node_index = min_t(uint32_t, ni->max_node_index, last_online_node);
         ni->max_node_index = last_online_node;
@@ -189,10 +197,16 @@ long arch_do_sysctl(
         switch ( sysctl->u.cpu_hotplug.op )
         {
         case XEN_SYSCTL_CPU_HOTPLUG_ONLINE:
+            ret = xsm_resource_plug_core();
+            if ( ret )
+                break;
             ret = continue_hypercall_on_cpu(
                 0, cpu_up_helper, (void *)(unsigned long)cpu);
             break;
         case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE:
+            ret = xsm_resource_unplug_core();
+            if ( ret )
+                break;
             ret = continue_hypercall_on_cpu(
                 0, cpu_down_helper, (void *)(unsigned long)cpu);
             break;