diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-08-22 22:14:52 +0100 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-08-22 22:14:52 +0100 |
| commit | c14bb38304d348b2b39160947b772442a15d03fc (patch) | |
| tree | febba903031e096ae42563e51aaa1baef398a788 /xen/include/xsm | |
| parent | 00e23f230212638718b6ff9214b829a663707a76 (diff) | |
| download | xen-c14bb38304d348b2b39160947b772442a15d03fc.tar.gz xen-c14bb38304d348b2b39160947b772442a15d03fc.tar.bz2 xen-c14bb38304d348b2b39160947b772442a15d03fc.zip | |
xsm/flask: remove page-to-domain lookups from XSM hooks
Doing a reverse lookup from MFN to its owning domain is redundant with
the internal checks Xen does on pages. Change the checks to operate
directly on the domain owning the pages for normal memory; MMIO areas
are still checked with security_iomem_sid.
This fixes a hypervisor crash when a domU attempts to map an MFN that
is free in Xen's heap: the XSM hook is called before the validity
check, and page_get_owner returns garbage when called on these
pages. While explicitly checking for such pages using
page_get_owner_and_reference is a possible solution, this ends up
duplicating parts of get_page_from_l1e.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/include/xsm')
| -rw-r--r-- | xen/include/xsm/xsm.h | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index bef79df8cd..593cdbd10d 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -105,7 +105,7 @@ struct xsm_operations { int (*set_pod_target) (struct domain *d); int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2); int (*memory_stat_reservation) (struct domain *d1, struct domain *d2); - int (*memory_pin_page) (struct domain *d, struct page_info *page); + int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct page_info *page); int (*remove_from_physmap) (struct domain *d1, struct domain *d2); int (*console_io) (struct domain *d, int cmd); @@ -143,7 +143,7 @@ struct xsm_operations { #ifdef CONFIG_X86 int (*shadow_control) (struct domain *d, uint32_t op); - int (*getpageframeinfo) (struct page_info *page); + int (*getpageframeinfo) (struct domain *d); int (*getmemlist) (struct domain *d); int (*hypercall_init) (struct domain *d); int (*hvmcontext) (struct domain *d, uint32_t op); @@ -171,9 +171,8 @@ struct xsm_operations { int (*domain_memory_map) (struct domain *d); int (*mmu_normal_update) (struct domain *d, struct domain *t, struct domain *f, intpte_t fpte); - int (*mmu_machphys_update) (struct domain *d, unsigned long mfn); - int (*update_va_mapping) (struct domain *d, struct domain *f, - l1_pgentry_t pte); + int (*mmu_machphys_update) (struct domain *d1, struct domain *d2, unsigned long mfn); + int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte); int (*add_to_physmap) (struct domain *d1, struct domain *d2); int (*sendtrigger) (struct domain *d); int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); @@ -455,9 +454,10 @@ static inline int xsm_memory_stat_reservation (struct domain *d1, return xsm_call(memory_stat_reservation(d1, d2)); } -static inline int xsm_memory_pin_page(struct domain *d, struct page_info *page) +static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2, + struct page_info *page) { - return xsm_call(memory_pin_page(d, page)); + return xsm_call(memory_pin_page(d1, d2, page)); } static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2) @@ -617,9 +617,9 @@ static inline int xsm_shadow_control (struct domain *d, uint32_t op) return xsm_call(shadow_control(d, op)); } -static inline int xsm_getpageframeinfo (struct page_info *page) +static inline int xsm_getpageframeinfo (struct domain *d) { - return xsm_call(getpageframeinfo(page)); + return xsm_call(getpageframeinfo(d)); } static inline int xsm_getmemlist (struct domain *d) @@ -753,9 +753,10 @@ static inline int xsm_mmu_normal_update (struct domain *d, struct domain *t, return xsm_call(mmu_normal_update(d, t, f, fpte)); } -static inline int xsm_mmu_machphys_update (struct domain *d, unsigned long mfn) +static inline int xsm_mmu_machphys_update (struct domain *d1, struct domain *d2, + unsigned long mfn) { - return xsm_call(mmu_machphys_update(d, mfn)); + return xsm_call(mmu_machphys_update(d1, d2, mfn)); } static inline int xsm_update_va_mapping(struct domain *d, struct domain *f, |