xsm: Revert "Fix xsm_mmu_* and xsm_update_va_mapping hooks"

This reverts 23220:56a3b9c7367f, which removes all validation of the target pages in the mapping. This crash was solved by properly marking pages without known SIDs in 22207:20f139010445. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2011-12-02 13:45:56 -0800
committer: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2011-12-02 13:45:56 -0800
commit: f21c69c577345e1529a446fd87f4f6f449fdca47 (patch)
tree: 32523383c78ec9a7438fcda926e051f142cb4c23 /xen/xsm
parent: c9f7324e6c6f634bc0f7214fd0ab12fb9847c857 (diff)
download: xen-f21c69c577345e1529a446fd87f4f6f449fdca47.tar.gz
xen-f21c69c577345e1529a446fd87f4f6f449fdca47.tar.bz2
xen-f21c69c577345e1529a446fd87f4f6f449fdca47.zip
2 files changed, 38 insertions, 14 deletions
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 1b50d0e163..ef461e6ea8 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -400,20 +400,19 @@ static int dummy_domain_memory_map (struct domain *d)
     return 0;
 }
 
-static int dummy_mmu_normal_update (struct domain *d,
-				    intpte_t fpte, struct page_info *page)
+static int dummy_mmu_normal_update (struct domain *d, struct domain *f, 
+                                                                intpte_t fpte)
 {
     return 0;
 }
 
-static int dummy_mmu_machphys_update (struct domain *d, struct page_info *page)
+static int dummy_mmu_machphys_update (struct domain *d, unsigned long mfn)
 {
     return 0;
 }
 
-static int dummy_update_va_mapping (struct domain *d,
-				    l1_pgentry_t pte,
-				    struct page_info *page)
+static int dummy_update_va_mapping (struct domain *d, struct domain *f, 
+                                                            l1_pgentry_t pte)
 {
     return 0;
 }
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 97ae4d9407..2cb3e169c0 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -348,6 +348,26 @@ static int get_page_sid(struct page_info *page, u32 *sid)
     return rc;
 }
 
+static int get_mfn_sid(unsigned long mfn, u32 *sid)
+{
+    int rc = 0;
+    struct page_info *page;
+
+    if ( mfn_valid(mfn) )
+    {
+        /*mfn is valid if this is a page that Xen is tracking!*/
+        page = mfn_to_page(mfn);
+        rc = get_page_sid(page, sid);
+    }
+    else
+    {
+        /*Possibly an untracked IO page?*/
+        rc = security_iomem_sid(mfn, sid);
+    }
+
+    return rc;    
+}
+
 static int flask_memory_adjust_reservation(struct domain *d1, struct domain *d2)
 {
     return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
@@ -987,11 +1007,12 @@ static int flask_domain_memory_map(struct domain *d)
     return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__MEMORYMAP);
 }
 
-static int flask_mmu_normal_update(struct domain *d, 
-                                   intpte_t fpte, struct page_info *page)
+static int flask_mmu_normal_update(struct domain *d, struct domain *f, 
+                                   intpte_t fpte)
 {
     int rc = 0;
     u32 map_perms = MMU__MAP_READ;
+    unsigned long fmfn;
     struct domain_security_struct *dsec;
     u32 fsid;
 
@@ -1000,38 +1021,42 @@ static int flask_mmu_normal_update(struct domain *d,
     if ( l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_RW )
         map_perms |= MMU__MAP_WRITE;
 
-    rc = get_page_sid(page, &fsid);
+    fmfn = get_gfn_untyped(f, l1e_get_pfn(l1e_from_intpte(fpte)));
+
+    rc = get_mfn_sid(fmfn, &fsid);
     if ( rc )
         return rc;
 
     return avc_has_perm(dsec->sid, fsid, SECCLASS_MMU, map_perms, NULL);
 }
 
-static int flask_mmu_machphys_update(struct domain *d, struct page_info *page)
+static int flask_mmu_machphys_update(struct domain *d, unsigned long mfn)
 {
     int rc = 0;
     u32 psid;
     struct domain_security_struct *dsec;
     dsec = d->ssid;
 
-    rc = get_page_sid(page, &psid);
+    rc = get_mfn_sid(mfn, &psid);
     if ( rc )
         return rc;
 
     return avc_has_perm(dsec->sid, psid, SECCLASS_MMU, MMU__UPDATEMP, NULL);
 }
 
-static int flask_update_va_mapping(struct domain *d,
-                                   l1_pgentry_t pte, struct page_info *page)
+static int flask_update_va_mapping(struct domain *d, struct domain *f,
+                                   l1_pgentry_t pte)
 {
     int rc = 0;
     u32 psid;
     u32 map_perms = MMU__MAP_READ;
+    unsigned long mfn;
     struct domain_security_struct *dsec;
 
     dsec = d->ssid;
 
-    rc = get_page_sid(page, &psid);
+    mfn = get_gfn_untyped(f, l1e_get_pfn(pte));
+    rc = get_mfn_sid(mfn, &psid);
     if ( rc )
         return rc;
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2011-12-02 13:45:56 -0800
committer	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2011-12-02 13:45:56 -0800
commit	f21c69c577345e1529a446fd87f4f6f449fdca47 (patch)
tree	32523383c78ec9a7438fcda926e051f142cb4c23 /xen/xsm
parent	c9f7324e6c6f634bc0f7214fd0ab12fb9847c857 (diff)
download	xen-f21c69c577345e1529a446fd87f4f6f449fdca47.tar.gz xen-f21c69c577345e1529a446fd87f4f6f449fdca47.tar.bz2 xen-f21c69c577345e1529a446fd87f4f6f449fdca47.zip