From 3f28d0077788e7f8cd3ee25b023a4225d7e26e87 Mon Sep 17 00:00:00 2001 From: Daniel De Graaf Date: Tue, 23 Apr 2013 11:56:05 +0200 Subject: x86: remove IS_PRIV_FOR references The check in guest_physmap_mark_populate_on_demand is redundant, since its only caller is populate_physmap whose only caller checks the xsm_memory_adjust_reservation hook prior to calling. Add a new XSM hook for the other two checks since they allow privileged domains to arbitrarily map a guest's memory. Signed-off-by: Daniel De Graaf Acked-by: George Dunlap (release perspective) --- xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 6 ++++++ xen/xsm/flask/policy/access_vectors | 3 +++ 3 files changed, 10 insertions(+) (limited to 'xen/xsm') diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 21aef2add9..f7b0399c2c 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -124,6 +124,7 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, mmu_update); set_to_dummy_if_null(ops, mmuext_op); set_to_dummy_if_null(ops, update_va_mapping); + set_to_dummy_if_null(ops, priv_mapping); set_to_dummy_if_null(ops, bind_pt_irq); set_to_dummy_if_null(ops, unbind_pt_irq); set_to_dummy_if_null(ops, ioport_permission); diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 23c523386b..04c8a3913e 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1345,6 +1345,11 @@ static int flask_update_va_mapping(struct domain *d, struct domain *f, return domain_has_perm(d, f, SECCLASS_MMU, map_perms); } +static int flask_priv_mapping(struct domain *d, struct domain *t) +{ + return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK); +} + static int flask_get_device_group(uint32_t machine_bdf) { u32 rsid; @@ -1534,6 +1539,7 @@ static struct xsm_operations flask_ops = { .mmu_update = flask_mmu_update, .mmuext_op = flask_mmuext_op, .update_va_mapping = flask_update_va_mapping, + .priv_mapping = flask_priv_mapping, .get_device_group = flask_get_device_group, .test_assign_device = flask_test_assign_device, .assign_device = flask_assign_device, diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 36b8b2c271..c8ae8060cd 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -330,6 +330,9 @@ class mmu # source = domain making the hypercall # target = domain whose pages are being exchanged exchange +# Allow a privileged domain to install a map of a page it does not own. Used +# for stub domain device models with the PV framebuffer. + target_hack } # control of the paging_domctl split by subop -- cgit v1.2.3