xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

1 files changed, 10 insertions, 0 deletions

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index e2b103b5fb..fefa8383b2 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -2208,6 +2208,11 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE(gnttab_get_status_frames_t) uop,
             op.status = GNTST_general_error;
         goto out1;
     }
+    rc = xsm_grant_setup(current->domain, d);
+    if ( rc ) {
+        op.status = GNTST_permission_denied;
+        goto out1;
+    }
 
     gt = d->grant_table;
 
@@ -2259,6 +2264,11 @@ gnttab_get_version(XEN_GUEST_HANDLE(gnttab_get_version_t uop))
         rcu_unlock_domain(d);
         return -EPERM;
     }
+    if ( xsm_grant_query_size(current->domain, d) )
+    {
+        rcu_unlock_domain(d);
+        return -EPERM;
+    }
     spin_lock(&d->grant_table->lock);
     op.version = d->grant_table->gt_version;
     spin_unlock(&d->grant_table->lock);