aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--xen/arch/arm/mm.c23
-rw-r--r--xen/include/xsm/dummy.h8
-rw-r--r--xen/include/xsm/xsm.h11
-rw-r--r--xen/xsm/dummy.c3
-rw-r--r--xen/xsm/flask/hooks.c10
5 files changed, 47 insertions, 8 deletions
diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 03492dfa7d..bd6d5f34e9 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -753,9 +753,16 @@ static int xenmem_add_to_physmap_one(
{
paddr_t maddr;
struct domain *od;
- rc = rcu_lock_target_domain_by_id(foreign_domid, &od);
- if ( rc < 0 )
+ od = rcu_lock_domain_by_any_id(foreign_domid);
+ if ( od == NULL )
+ return -ESRCH;
+
+ rc = xsm_map_gmfn_foreign(XSM_TARGET, d, od);
+ if ( rc )
+ {
+ rcu_unlock_domain(od);
return rc;
+ }
maddr = p2m_lookup(od, idx << PAGE_SHIFT);
if ( maddr == INVALID_PADDR )
@@ -847,9 +854,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg)
if ( xatp.space == XENMAPSPACE_gmfn_foreign )
return -EINVAL;
- rc = rcu_lock_target_domain_by_id(xatp.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(xatp.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_add_to_physmap(XSM_TARGET, current->domain, d);
if ( rc )
@@ -878,9 +885,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg)
if ( xatpr.space == XENMAPSPACE_gmfn_range )
return -EINVAL;
- rc = rcu_lock_target_domain_by_id(xatpr.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(xatpr.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_add_to_physmap(XSM_TARGET, current->domain, d);
if ( rc )
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 9bfe5966e4..3912bd93b9 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -616,4 +616,12 @@ static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint3
return xsm_default_action(action, current->domain, d);
}
+#endif /* CONFIG_X86 */
+
+#ifdef CONFIG_ARM
+static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t)
+{
+ XSM_ASSERT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d, t);
+}
#endif
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 69fe64a5ff..58a4fbb1d1 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -162,6 +162,9 @@ struct xsm_operations {
int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow);
int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow);
#endif
+#ifdef CONFIG_ARM
+ int (*map_gmfn_foreign) (struct domain *d, struct domain *t);
+#endif
};
#ifdef XSM_ENABLE
@@ -622,6 +625,14 @@ static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint3
return xsm_ops->ioport_mapping(d, s, e, allow);
}
#endif /* CONFIG_X86 */
+
+#ifdef CONFIG_ARM
+static inline int xsm_map_gmfn_foreign (struct domain *d, struct domain *t)
+{
+ return xsm_ops->map_gmfn_foreign(d, t);
+}
+#endif /* CONFIG_ARM */
+
#endif /* XSM_NO_WRAPPERS */
extern int xsm_init(unsigned long *module_map, const multiboot_info_t *mbi,
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 3d84e73110..937761f095 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -132,4 +132,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, ioport_permission);
set_to_dummy_if_null(ops, ioport_mapping);
#endif
+#ifdef CONFIG_ARM
+ set_to_dummy_if_null(ops, map_gmfn_foreign);
+#endif
}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3291aa2e6c..bb10de3ae8 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1454,6 +1454,13 @@ static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
+#endif /* CONFIG_X86 */
+
+#ifdef CONFIG_ARM
+static int flask_map_gmfn_foreign(struct domain *d, struct domain *t)
+{
+ return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE);
+}
#endif
long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
@@ -1562,6 +1569,9 @@ static struct xsm_operations flask_ops = {
.ioport_permission = flask_ioport_permission,
.ioport_mapping = flask_ioport_mapping,
#endif
+#ifdef CONFIG_ARM
+ .map_gmfn_foreign = flask_map_gmfn_foreign,
+#endif
};
static __init int flask_init(void)