diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-04-23 11:56:05 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-04-23 11:56:05 +0200 |
commit | 3f28d0077788e7f8cd3ee25b023a4225d7e26e87 (patch) | |
tree | 56758394d52f0aed5f71ad2763a54d76c07d8810 /xen/xsm | |
parent | 4bc22a50ebc1fb1695d59f69105797e208021edb (diff) | |
download | xen-3f28d0077788e7f8cd3ee25b023a4225d7e26e87.tar.gz xen-3f28d0077788e7f8cd3ee25b023a4225d7e26e87.tar.bz2 xen-3f28d0077788e7f8cd3ee25b023a4225d7e26e87.zip |
x86: remove IS_PRIV_FOR references
The check in guest_physmap_mark_populate_on_demand is redundant, since
its only caller is populate_physmap whose only caller checks the
xsm_memory_adjust_reservation hook prior to calling.
Add a new XSM hook for the other two checks since they allow privileged
domains to arbitrarily map a guest's memory.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (release perspective)
Diffstat (limited to 'xen/xsm')
-rw-r--r-- | xen/xsm/dummy.c | 1 | ||||
-rw-r--r-- | xen/xsm/flask/hooks.c | 6 | ||||
-rw-r--r-- | xen/xsm/flask/policy/access_vectors | 3 |
3 files changed, 10 insertions, 0 deletions
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 21aef2add9..f7b0399c2c 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -124,6 +124,7 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, mmu_update); set_to_dummy_if_null(ops, mmuext_op); set_to_dummy_if_null(ops, update_va_mapping); + set_to_dummy_if_null(ops, priv_mapping); set_to_dummy_if_null(ops, bind_pt_irq); set_to_dummy_if_null(ops, unbind_pt_irq); set_to_dummy_if_null(ops, ioport_permission); diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 23c523386b..04c8a3913e 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1345,6 +1345,11 @@ static int flask_update_va_mapping(struct domain *d, struct domain *f, return domain_has_perm(d, f, SECCLASS_MMU, map_perms); } +static int flask_priv_mapping(struct domain *d, struct domain *t) +{ + return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK); +} + static int flask_get_device_group(uint32_t machine_bdf) { u32 rsid; @@ -1534,6 +1539,7 @@ static struct xsm_operations flask_ops = { .mmu_update = flask_mmu_update, .mmuext_op = flask_mmuext_op, .update_va_mapping = flask_update_va_mapping, + .priv_mapping = flask_priv_mapping, .get_device_group = flask_get_device_group, .test_assign_device = flask_test_assign_device, .assign_device = flask_assign_device, diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 36b8b2c271..c8ae8060cd 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -330,6 +330,9 @@ class mmu # source = domain making the hypercall # target = domain whose pages are being exchanged exchange +# Allow a privileged domain to install a map of a page it does not own. Used +# for stub domain device models with the PV framebuffer. + target_hack } # control of the paging_domctl split by subop |