diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:47:08 -0800 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-02 13:47:08 -0800 |
commit | 3d7895b3bbe977e3abd2d4128e42c1daba5e3fa4 (patch) | |
tree | 3a17a23357b787f377dc3dc669824cc88e352306 /xen/common/domctl.c | |
parent | 65d744c6d56f92401b9d279c9cf8fe618397be0e (diff) | |
download | xen-3d7895b3bbe977e3abd2d4128e42c1daba5e3fa4.tar.gz xen-3d7895b3bbe977e3abd2d4128e42c1daba5e3fa4.tar.bz2 xen-3d7895b3bbe977e3abd2d4128e42c1daba5e3fa4.zip |
xsm: Expand I/O resource hooks
The XSM hooks inside rangeset are not useful in capturing the PIRQ
mappings in HVM domains. They can also be called from softirq context
where current->domain is invalid, causing spurious AVC denials from
unrelated domains on such calls.
Within FLASK code, the rangeset hooks were already divided between
IRQs, I/O memory, and x86 IO ports; propagate this division back
through the XSM hooks and call the XSM functions directly when needed.
This removes XSM checks for the initial rangeset population for dom0
and the removal checks on domain destruction; denying either of these
actions does not make sense.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/common/domctl.c')
-rw-r--r-- | xen/common/domctl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 6705a573df..06594a0f01 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -858,6 +858,7 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl) { struct domain *d; unsigned int pirq = op->u.irq_permission.pirq; + int allow = op->u.irq_permission.allow_access; ret = -ESRCH; d = rcu_lock_domain_by_id(op->domain); @@ -866,7 +867,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl) if ( pirq >= d->nr_pirqs ) ret = -EINVAL; - else if ( op->u.irq_permission.allow_access ) + else if ( xsm_irq_permission(d, pirq, allow) ) + ret = -EPERM; + else if ( allow ) ret = irq_permit_access(d, pirq); else ret = irq_deny_access(d, pirq); @@ -880,6 +883,7 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl) struct domain *d; unsigned long mfn = op->u.iomem_permission.first_mfn; unsigned long nr_mfns = op->u.iomem_permission.nr_mfns; + int allow = op->u.iomem_permission.allow_access; ret = -EINVAL; if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */ @@ -890,7 +894,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl) if ( d == NULL ) break; - if ( op->u.iomem_permission.allow_access ) + if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) ) + ret = -EPERM; + else if ( allow ) ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1); else ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1); |