diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:48 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:48 +0000 |
commit | 875756ca34fabc7243c4a682ffd7008710a907e2 (patch) | |
tree | c4992e378b41a03f691fe756a5c3343b62381db9 /xen/arch/x86/sysctl.c | |
parent | 4c1b911bbcd97fb68b4a9e0903a6644e50adda01 (diff) | |
download | xen-875756ca34fabc7243c4a682ffd7008710a907e2.tar.gz xen-875756ca34fabc7243c4a682ffd7008710a907e2.tar.bz2 xen-875756ca34fabc7243c4a682ffd7008710a907e2.zip |
xsm: Add missing access checks
Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Diffstat (limited to 'xen/arch/x86/sysctl.c')
-rw-r--r-- | xen/arch/x86/sysctl.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index 738e5172fe..379f0719ec 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -103,6 +103,10 @@ long arch_do_sysctl( uint32_t i, max_cpu_index, last_online_cpu; xen_sysctl_topologyinfo_t *ti = &sysctl->u.topologyinfo; + ret = xsm_physinfo(); + if ( ret ) + break; + last_online_cpu = cpumask_last(&cpu_online_map); max_cpu_index = min_t(uint32_t, ti->max_cpu_index, last_online_cpu); ti->max_cpu_index = last_online_cpu; @@ -139,6 +143,10 @@ long arch_do_sysctl( uint32_t i, j, max_node_index, last_online_node; xen_sysctl_numainfo_t *ni = &sysctl->u.numainfo; + ret = xsm_physinfo(); + if ( ret ) + break; + last_online_node = last_node(node_online_map); max_node_index = min_t(uint32_t, ni->max_node_index, last_online_node); ni->max_node_index = last_online_node; @@ -189,10 +197,16 @@ long arch_do_sysctl( switch ( sysctl->u.cpu_hotplug.op ) { case XEN_SYSCTL_CPU_HOTPLUG_ONLINE: + ret = xsm_resource_plug_core(); + if ( ret ) + break; ret = continue_hypercall_on_cpu( 0, cpu_up_helper, (void *)(unsigned long)cpu); break; case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE: + ret = xsm_resource_unplug_core(); + if ( ret ) + break; ret = continue_hypercall_on_cpu( 0, cpu_down_helper, (void *)(unsigned long)cpu); break; |