diff options
| -rw-r--r-- | xen/arch/arm/mm.c | 23 | ||||
| -rw-r--r-- | xen/include/xsm/dummy.h | 8 | ||||
| -rw-r--r-- | xen/include/xsm/xsm.h | 11 | ||||
| -rw-r--r-- | xen/xsm/dummy.c | 3 | ||||
| -rw-r--r-- | xen/xsm/flask/hooks.c | 10 |
5 files changed, 47 insertions, 8 deletions
diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 03492dfa7d..bd6d5f34e9 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -753,9 +753,16 @@ static int xenmem_add_to_physmap_one( { paddr_t maddr; struct domain *od; - rc = rcu_lock_target_domain_by_id(foreign_domid, &od); - if ( rc < 0 ) + od = rcu_lock_domain_by_any_id(foreign_domid); + if ( od == NULL ) + return -ESRCH; + + rc = xsm_map_gmfn_foreign(XSM_TARGET, d, od); + if ( rc ) + { + rcu_unlock_domain(od); return rc; + } maddr = p2m_lookup(od, idx << PAGE_SHIFT); if ( maddr == INVALID_PADDR ) @@ -847,9 +854,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( xatp.space == XENMAPSPACE_gmfn_foreign ) return -EINVAL; - rc = rcu_lock_target_domain_by_id(xatp.domid, &d); - if ( rc != 0 ) - return rc; + d = rcu_lock_domain_by_any_id(xatp.domid); + if ( d == NULL ) + return -ESRCH; rc = xsm_add_to_physmap(XSM_TARGET, current->domain, d); if ( rc ) @@ -878,9 +885,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( xatpr.space == XENMAPSPACE_gmfn_range ) return -EINVAL; - rc = rcu_lock_target_domain_by_id(xatpr.domid, &d); - if ( rc != 0 ) - return rc; + d = rcu_lock_domain_by_any_id(xatpr.domid); + if ( d == NULL ) + return -ESRCH; rc = xsm_add_to_physmap(XSM_TARGET, current->domain, d); if ( rc ) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 9bfe5966e4..3912bd93b9 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -616,4 +616,12 @@ static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint3 return xsm_default_action(action, current->domain, d); } +#endif /* CONFIG_X86 */ + +#ifdef CONFIG_ARM +static XSM_INLINE int xsm_map_gmfn_foreign(XSM_DEFAULT_ARG struct domain *d, struct domain *t) +{ + XSM_ASSERT_ACTION(XSM_TARGET); + return xsm_default_action(action, d, t); +} #endif diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 69fe64a5ff..58a4fbb1d1 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -162,6 +162,9 @@ struct xsm_operations { int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); #endif +#ifdef CONFIG_ARM + int (*map_gmfn_foreign) (struct domain *d, struct domain *t); +#endif }; #ifdef XSM_ENABLE @@ -622,6 +625,14 @@ static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint3 return xsm_ops->ioport_mapping(d, s, e, allow); } #endif /* CONFIG_X86 */ + +#ifdef CONFIG_ARM +static inline int xsm_map_gmfn_foreign (struct domain *d, struct domain *t) +{ + return xsm_ops->map_gmfn_foreign(d, t); +} +#endif /* CONFIG_ARM */ + #endif /* XSM_NO_WRAPPERS */ extern int xsm_init(unsigned long *module_map, const multiboot_info_t *mbi, diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 3d84e73110..937761f095 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -132,4 +132,7 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, ioport_permission); set_to_dummy_if_null(ops, ioport_mapping); #endif +#ifdef CONFIG_ARM + set_to_dummy_if_null(ops, map_gmfn_foreign); +#endif } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 3291aa2e6c..bb10de3ae8 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1454,6 +1454,13 @@ static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } +#endif /* CONFIG_X86 */ + +#ifdef CONFIG_ARM +static int flask_map_gmfn_foreign(struct domain *d, struct domain *t) +{ + return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE); +} #endif long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); @@ -1562,6 +1569,9 @@ static struct xsm_operations flask_ops = { .ioport_permission = flask_ioport_permission, .ioport_mapping = flask_ioport_mapping, #endif +#ifdef CONFIG_ARM + .map_gmfn_foreign = flask_map_gmfn_foreign, +#endif }; static __init int flask_init(void) |