diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:48 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:48 +0000 |
commit | 875756ca34fabc7243c4a682ffd7008710a907e2 (patch) | |
tree | c4992e378b41a03f691fe756a5c3343b62381db9 /xen/common/sysctl.c | |
parent | 4c1b911bbcd97fb68b4a9e0903a6644e50adda01 (diff) | |
download | xen-875756ca34fabc7243c4a682ffd7008710a907e2.tar.gz xen-875756ca34fabc7243c4a682ffd7008710a907e2.tar.bz2 xen-875756ca34fabc7243c4a682ffd7008710a907e2.zip |
xsm: Add missing access checks
Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Diffstat (limited to 'xen/common/sysctl.c')
-rw-r--r-- | xen/common/sysctl.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index ccfdb220ae..f8f7cf8c36 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -152,6 +152,11 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) #ifdef LOCK_PROFILE case XEN_SYSCTL_lockprof_op: { + ret = xsm_lockprof(); + if ( ret ) + break; + + ret = perfc_control(&op->u.perfc_op); ret = spinlock_profile_control(&op->u.lockprof_op); if ( copy_to_guest(u_sysctl, op, 1) ) ret = -EFAULT; @@ -260,6 +265,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) uint32_t *status, *ptr; unsigned long pfn; + ret = xsm_page_offline(op->u.page_offline.cmd); + if ( ret ) + break; + ptr = status = xmalloc_bytes( sizeof(uint32_t) * (op->u.page_offline.end - op->u.page_offline.start + 1)); @@ -314,6 +323,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) case XEN_SYSCTL_cpupool_op: { + ret = xsm_cpupool_op(); + if ( ret ) + break; + ret = cpupool_do_sysctl(&op->u.cpupool_op); if ( (ret == 0) && copy_to_guest(u_sysctl, op, 1) ) ret = -EFAULT; @@ -322,6 +335,10 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) case XEN_SYSCTL_scheduler_op: { + ret = xsm_sched_op(); + if ( ret ) + break; + ret = sched_adjust_global(&op->u.scheduler_op); if ( (ret == 0) && copy_to_guest(u_sysctl, op, 1) ) ret = -EFAULT; |