diff options
-rw-r--r-- | tools/flask/policy/policy/flask/access_vectors | 1 | ||||
-rw-r--r-- | xen/arch/x86/mm.c | 2 | ||||
-rw-r--r-- | xen/include/xsm/xsm.h | 10 | ||||
-rw-r--r-- | xen/xsm/dummy.c | 4 | ||||
-rw-r--r-- | xen/xsm/flask/hooks.c | 9 | ||||
-rw-r--r-- | xen/xsm/flask/include/av_perm_to_string.h | 1 | ||||
-rw-r--r-- | xen/xsm/flask/include/av_permissions.h | 1 |
7 files changed, 18 insertions, 10 deletions
diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors index 1b2687a8f9..38036d0ef6 100644 --- a/tools/flask/policy/policy/flask/access_vectors +++ b/tools/flask/policy/policy/flask/access_vectors @@ -128,6 +128,7 @@ class mmu pinpage mfnlist memorymap + remote_remap } class shadow diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 7bb3ea1872..19391fc3cb 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3517,7 +3517,7 @@ int do_mmu_update( { p2m_type_t p2mt; - rc = xsm_mmu_normal_update(d, pg_owner, req.val); + rc = xsm_mmu_normal_update(d, pt_owner, pg_owner, req.val); if ( rc ) break; rc = -EINVAL; diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index ce3b6aa9d5..43829c7762 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -141,8 +141,8 @@ struct xsm_operations { int (*getidletime) (void); int (*machine_memory_map) (void); int (*domain_memory_map) (struct domain *d); - int (*mmu_normal_update) (struct domain *d, struct domain *f, - intpte_t fpte); + int (*mmu_normal_update) (struct domain *d, struct domain *t, + struct domain *f, intpte_t fpte); int (*mmu_machphys_update) (struct domain *d, unsigned long mfn); int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte); @@ -593,10 +593,10 @@ static inline int xsm_domain_memory_map(struct domain *d) return xsm_call(domain_memory_map(d)); } -static inline int xsm_mmu_normal_update (struct domain *d, struct domain *f, - intpte_t fpte) +static inline int xsm_mmu_normal_update (struct domain *d, struct domain *t, + struct domain *f, intpte_t fpte) { - return xsm_call(mmu_normal_update(d, f, fpte)); + return xsm_call(mmu_normal_update(d, t, f, fpte)); } static inline int xsm_mmu_machphys_update (struct domain *d, unsigned long mfn) diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index d6f2da023f..7066dfb5b1 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -399,8 +399,8 @@ static int dummy_domain_memory_map (struct domain *d) return 0; } -static int dummy_mmu_normal_update (struct domain *d, struct domain *f, - intpte_t fpte) +static int dummy_mmu_normal_update (struct domain *d, struct domain *t, + struct domain *f, intpte_t fpte) { return 0; } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 1a3f3b30ac..04c2f687ad 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1008,8 +1008,8 @@ static int flask_domain_memory_map(struct domain *d) return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__MEMORYMAP); } -static int flask_mmu_normal_update(struct domain *d, struct domain *f, - intpte_t fpte) +static int flask_mmu_normal_update(struct domain *d, struct domain *t, + struct domain *f, intpte_t fpte) { int rc = 0; u32 map_perms = MMU__MAP_READ; @@ -1017,6 +1017,11 @@ static int flask_mmu_normal_update(struct domain *d, struct domain *f, struct domain_security_struct *dsec; u32 fsid; + if (d != t) + rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP); + if ( rc ) + return rc; + if ( !(l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_PRESENT) ) return 0; diff --git a/xen/xsm/flask/include/av_perm_to_string.h b/xen/xsm/flask/include/av_perm_to_string.h index 70aa02d2da..56572a76b6 100644 --- a/xen/xsm/flask/include/av_perm_to_string.h +++ b/xen/xsm/flask/include/av_perm_to_string.h @@ -87,6 +87,7 @@ S_(SECCLASS_MMU, MMU__PINPAGE, "pinpage") S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist") S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap") + S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap") S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable") S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable") S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty") diff --git a/xen/xsm/flask/include/av_permissions.h b/xen/xsm/flask/include/av_permissions.h index 4c2ffb61e8..67511adae5 100644 --- a/xen/xsm/flask/include/av_permissions.h +++ b/xen/xsm/flask/include/av_permissions.h @@ -92,6 +92,7 @@ #define MMU__PINPAGE 0x00000200UL #define MMU__MFNLIST 0x00000400UL #define MMU__MEMORYMAP 0x00000800UL +#define MMU__REMOTE_REMAP 0x00001000UL #define SHADOW__DISABLE 0x00000001UL #define SHADOW__ENABLE 0x00000002UL |