xsm: add hooks for claim

Adds XSM hooks for the recently introduced XENMEM_claim_pages and
XENMEM_get_outstanding_pages operations, and adds FLASK access vectors
for them. This makes the access control decisions for these operations
match those in the rest of the hypervisor.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
Acked-by: Keir Fraser <keir@xen.org>

1 files changed, 8 insertions, 7 deletions

diff --git a/xen/common/memory.c b/xen/common/memory.c
index 68501d1746..3239d53978 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -712,9 +712,6 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
     }
 
     case XENMEM_claim_pages:
-        if ( !IS_PRIV(current->domain) )
-            return -EPERM;
-
         if ( copy_from_guest(&reservation, arg, 1) )
             return -EFAULT;
 
@@ -731,17 +728,21 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -EINVAL;
 
-        rc = domain_set_outstanding_pages(d, reservation.nr_extents);
+        rc = xsm_claim_pages(XSM_PRIV, d);
+
+        if ( !rc )
+            rc = domain_set_outstanding_pages(d, reservation.nr_extents);
 
         rcu_unlock_domain(d);
 
         break;
 
     case XENMEM_get_outstanding_pages:
-        if ( !IS_PRIV(current->domain) )
-            return -EPERM;
+        rc = xsm_xenmem_get_outstanding_pages(XSM_PRIV);
+
+        if ( !rc )
+            rc = get_outstanding_claims();
 
-        rc = get_outstanding_claims();
         break;
 
     default: