diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:06:43 +0000 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:06:43 +0000 |
| commit | 698f86a15a06ebd07ab15c11ad97b7a8fb2d3998 (patch) | |
| tree | 1e7c559a4a725fd93d3ae7b64a6796496a1c6fda /xen/include/xsm | |
| parent | 11e65dc903a6b93919c9a69278499ac85332207c (diff) | |
| download | xen-698f86a15a06ebd07ab15c11ad97b7a8fb2d3998.tar.gz xen-698f86a15a06ebd07ab15c11ad97b7a8fb2d3998.tar.bz2 xen-698f86a15a06ebd07ab15c11ad97b7a8fb2d3998.zip | |
xen: use XSM instead of IS_PRIV where duplicated
The Xen hypervisor has two basic access control function calls:
IS_PRIV and the xsm_* functions. Most privileged operations currently
require that both checks succeed, and many times the checks are at
different locations in the code. This patch eliminates the explicit
and implicit IS_PRIV checks that are duplicated in XSM hooks.
When XSM_ENABLE is not defined or when the dummy XSM module is used,
this patch should not change any functionality. Because the locations
of privilege checks have sometimes moved below argument validation,
error returns of some functions may change from EPERM to EINVAL or
ESRCH if called with invalid arguments and from a domain without
permission to perform the operation.
Some checks are removed due to non-obvious duplicates in their
callers:
* acpi_enter_sleep is checked in XENPF_enter_acpi_sleep
* map_domain_pirq has IS_PRIV_FOR checked in its callers:
* physdev_map_pirq checks when acquiring the RCU lock
* ioapic_guest_write is checked in PHYSDEVOP_apic_write
* PHYSDEVOP_{manage_pci_add,manage_pci_add_ext,pci_device_add} are
checked by xsm_resource_plug_pci in pci_add_device
* PHYSDEVOP_manage_pci_remove is checked by xsm_resource_unplug_pci
in pci_remove_device
* PHYSDEVOP_{restore_msi,restore_msi_ext} are checked by
xsm_resource_setup_pci in pci_restore_msi_state
* do_console_io has changed to IS_PRIV from an explicit domid==0
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/include/xsm')
| -rw-r--r-- | xen/include/xsm/dummy.h | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 4384552f53..fb00a01feb 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -161,6 +161,8 @@ static XSM_INLINE int xsm_pm_op(void) static XSM_INLINE int xsm_do_mca(void) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } @@ -223,6 +225,10 @@ static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct doma static XSM_INLINE int xsm_console_io(struct domain *d, int cmd) { +#ifndef VERBOSE + if ( !IS_PRIV(current->domain) ) + return -EPERM; +#endif return 0; } @@ -233,11 +239,15 @@ static XSM_INLINE int xsm_profile(struct domain *d, int op) static XSM_INLINE int xsm_kexec(void) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain *d2) { + if ( !IS_PRIV_FOR(d1, d2) ) + return -EPERM; return 0; } @@ -336,26 +346,36 @@ static XSM_INLINE int xsm_resource_unplug_core(void) static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } static XSM_INLINE int xsm_resource_setup_gsi(int gsi) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } static XSM_INLINE int xsm_resource_setup_misc(void) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } @@ -396,6 +416,8 @@ static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void *data) static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq) { + if ( !IS_PRIV_FOR(current->domain, d) ) + return -EPERM; return 0; } @@ -494,6 +516,8 @@ static XSM_INLINE int xsm_mem_sharing(struct domain *d) static XSM_INLINE int xsm_apic(struct domain *d, int cmd) { + if ( !IS_PRIV(d) ) + return -EPERM; return 0; } @@ -534,6 +558,8 @@ static XSM_INLINE int xsm_efi_call(void) static XSM_INLINE int xsm_acpi_sleep(void) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } @@ -549,6 +575,8 @@ static XSM_INLINE int xsm_getidletime(void) static XSM_INLINE int xsm_machine_memory_map(void) { + if ( !IS_PRIV(current->domain) ) + return -EPERM; return 0; } |