diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-05-07 16:49:18 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-05-07 16:49:18 +0200 |
commit | 919f59b3b99e1d845c6a1f30125e79e828805d87 (patch) | |
tree | aa20c9a715a12b2ba54bf9ec992a7f4a507c4bb7 /xen/common/memory.c | |
parent | 013e34f5a61725012467f17650597d351fc0ca99 (diff) | |
download | xen-919f59b3b99e1d845c6a1f30125e79e828805d87.tar.gz xen-919f59b3b99e1d845c6a1f30125e79e828805d87.tar.bz2 xen-919f59b3b99e1d845c6a1f30125e79e828805d87.zip |
xsm: add hooks for claim
Adds XSM hooks for the recently introduced XENMEM_claim_pages and
XENMEM_get_outstanding_pages operations, and adds FLASK access vectors
for them. This makes the access control decisions for these operations
match those in the rest of the hypervisor.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/common/memory.c')
-rw-r--r-- | xen/common/memory.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/xen/common/memory.c b/xen/common/memory.c index 68501d1746..3239d53978 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -712,9 +712,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } case XENMEM_claim_pages: - if ( !IS_PRIV(current->domain) ) - return -EPERM; - if ( copy_from_guest(&reservation, arg, 1) ) return -EFAULT; @@ -731,17 +728,21 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -EINVAL; - rc = domain_set_outstanding_pages(d, reservation.nr_extents); + rc = xsm_claim_pages(XSM_PRIV, d); + + if ( !rc ) + rc = domain_set_outstanding_pages(d, reservation.nr_extents); rcu_unlock_domain(d); break; case XENMEM_get_outstanding_pages: - if ( !IS_PRIV(current->domain) ) - return -EPERM; + rc = xsm_xenmem_get_outstanding_pages(XSM_PRIV); + + if ( !rc ) + rc = get_outstanding_claims(); - rc = get_outstanding_claims(); break; default: |