diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:19 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:33:19 +0000 |
commit | 4c1b911bbcd97fb68b4a9e0903a6644e50adda01 (patch) | |
tree | ced092f6dc59142d3362611e9acf117ffc250363 /xen/xsm | |
parent | d55b4c2dc629e9460d72c17bb2b0fa2028123199 (diff) | |
download | xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.tar.gz xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.tar.bz2 xen-4c1b911bbcd97fb68b4a9e0903a6644e50adda01.zip |
xsm: add remote_remap permission
The mmu_update hypercall can be used to manipulate the page tables of
a remote domain. Add a check for this in the XSM hook in addition to
the existing check on mapping pages of a remote domain.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Diffstat (limited to 'xen/xsm')
-rw-r--r-- | xen/xsm/dummy.c | 4 | ||||
-rw-r--r-- | xen/xsm/flask/hooks.c | 9 | ||||
-rw-r--r-- | xen/xsm/flask/include/av_perm_to_string.h | 1 | ||||
-rw-r--r-- | xen/xsm/flask/include/av_permissions.h | 1 |
4 files changed, 11 insertions, 4 deletions
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index d6f2da023f..7066dfb5b1 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -399,8 +399,8 @@ static int dummy_domain_memory_map (struct domain *d) return 0; } -static int dummy_mmu_normal_update (struct domain *d, struct domain *f, - intpte_t fpte) +static int dummy_mmu_normal_update (struct domain *d, struct domain *t, + struct domain *f, intpte_t fpte) { return 0; } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 1a3f3b30ac..04c2f687ad 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1008,8 +1008,8 @@ static int flask_domain_memory_map(struct domain *d) return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__MEMORYMAP); } -static int flask_mmu_normal_update(struct domain *d, struct domain *f, - intpte_t fpte) +static int flask_mmu_normal_update(struct domain *d, struct domain *t, + struct domain *f, intpte_t fpte) { int rc = 0; u32 map_perms = MMU__MAP_READ; @@ -1017,6 +1017,11 @@ static int flask_mmu_normal_update(struct domain *d, struct domain *f, struct domain_security_struct *dsec; u32 fsid; + if (d != t) + rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP); + if ( rc ) + return rc; + if ( !(l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_PRESENT) ) return 0; diff --git a/xen/xsm/flask/include/av_perm_to_string.h b/xen/xsm/flask/include/av_perm_to_string.h index 70aa02d2da..56572a76b6 100644 --- a/xen/xsm/flask/include/av_perm_to_string.h +++ b/xen/xsm/flask/include/av_perm_to_string.h @@ -87,6 +87,7 @@ S_(SECCLASS_MMU, MMU__PINPAGE, "pinpage") S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist") S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap") + S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap") S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable") S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable") S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty") diff --git a/xen/xsm/flask/include/av_permissions.h b/xen/xsm/flask/include/av_permissions.h index 4c2ffb61e8..67511adae5 100644 --- a/xen/xsm/flask/include/av_permissions.h +++ b/xen/xsm/flask/include/av_permissions.h @@ -92,6 +92,7 @@ #define MMU__PINPAGE 0x00000200UL #define MMU__MFNLIST 0x00000400UL #define MMU__MEMORYMAP 0x00000800UL +#define MMU__REMOTE_REMAP 0x00001000UL #define SHADOW__DISABLE 0x00000001UL #define SHADOW__ENABLE 0x00000002UL |