Changes from v4:
* Removed patches that have been applied
* Rename __do_xsm_op to do_xsm_op
* Rebased on current xen-unstable
* Policy headers moved under hypervisor
Changes from v3:
* Moved x86-specific sysctls inside #ifdef CONFIG_X86
* Removed pt_domain parameter from mmu_update hook when unused
* Renamed xsm___do_xsm_op to xsm_do_xsm_op
* Added struct domain* argument to arch_do_domctl
* Cleaned up mem_event code duplication
Changes from v2:
* Added overall hooks for domctl, sysctl, and platform_hypercall so
that new sub-operations are protected by IS_PRIV checks
* Reorganized the IS_PRIV additions to dummy.h so they are added in the
same patch that removes the IS_PRIV they are replacing
* Reworked hooks in the MM hotpath to increase efficiency
* Dropped some unneeded XSM hook additions due to do_domctl hook
* Dropped the rcu_lock*target_domain_by_id function removal patch
* Restore IS_PRIV check in PHYSDEVOP_alloc_irq_vector
* Use the existing hook function structure for tmem
Miscellaneous updates to FLASK:
[PATCH 01/19] libxl: introduce XSM relabel on build
[PATCH 02/19] flask/policy: Add domain relabel example
[PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
[PATCH 04/19] xsm/flask: Add checks on the domain performing set_target
IS_PRIV Refactoring:
[PATCH 05/19] xsm: Use the dummy XSM module if XSM is disabled
[PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
[PATCH 07/19] xen: avoid calling rcu_lock_*target_domain when an XSM
[PATCH 08/19] arch/x86: convert platform_hypercall to use XSM
[PATCH 09/19] xen: lock target domain in do_domctl common code
[PATCH 10/19] xen: convert do_domctl to use XSM
[PATCH 11/19] xen: convert do_sysctl to use XSM
Additional new/updated hooks:
[PATCH 12/19] xsm/flask: add missing hooks
[PATCH 13/19] xsm/flask: add distinct SIDs for self/target access
[PATCH 14/19] arch/x86: Add missing mem_sharing XSM hooks
[PATCH 15/19] arch/x86: use XSM hooks for get_pg_owner access checks
[PATCH 16/19] xen: Add XSM hook for XENMEM_exchange
[PATCH 17/19] tmem: add XSM hooks
Other cleanup:
[PATCH 18/19] xen/arch/*: add struct domain parameter to
[PATCH 19/19] flask: move policy headers into hypervisor
Allow a domain to be built under one security label and run using a
different label. This can be used to prevent the domain builder or
control domain from having the ability to access a guest domain''s
memory
via map_foreign_range except during the build process where this is
required.
Note: this does not provide complete protection from a malicious dom0;
mappings created during the build process may persist after the relabel,
and could be used to indirectly access the guest''s memory.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
---
tools/libxc/xc_flask.c | 10 ++++++++++
tools/libxc/xenctrl.h | 1 +
tools/libxl/libxl_create.c | 4 ++++
tools/libxl/libxl_types.idl | 1 +
tools/libxl/xl_cmdimpl.c | 20 +++++++++++++++++++-
5 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c
index 80c5a2d..face1e0 100644
--- a/tools/libxc/xc_flask.c
+++ b/tools/libxc/xc_flask.c
@@ -422,6 +422,16 @@ int xc_flask_setavc_threshold(xc_interface *xch, int
threshold)
return xc_flask_op(xch, &op);
}
+int xc_flask_relabel_domain(xc_interface *xch, int domid, uint32_t sid)
+{
+ DECLARE_FLASK_OP;
+ op.cmd = FLASK_RELABEL_DOMAIN;
+ op.u.relabel.domid = domid;
+ op.u.relabel.sid = sid;
+
+ return xc_flask_op(xch, &op);
+}
+
/*
* Local variables:
* mode: C
diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h
index 7eb5743..60391c6 100644
--- a/tools/libxc/xenctrl.h
+++ b/tools/libxc/xenctrl.h
@@ -2158,6 +2158,7 @@ int xc_flask_policyvers(xc_interface *xc_handle);
int xc_flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size);
int xc_flask_getavc_threshold(xc_interface *xc_handle);
int xc_flask_setavc_threshold(xc_interface *xc_handle, int threshold);
+int xc_flask_relabel_domain(xc_interface *xch, int domid, uint32_t sid);
struct elf_binary;
void xc_elf_set_logfile(xc_interface *xch, struct elf_binary *elf,
diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
index 9d20086..b183255 100644
--- a/tools/libxl/libxl_create.c
+++ b/tools/libxl/libxl_create.c
@@ -1182,6 +1182,10 @@ static void domcreate_complete(libxl__egc *egc,
int rc)
{
STATE_AO_GC(dcs->ao);
+ libxl_domain_config *const d_config = dcs->guest_config;
+
+ if (!rc && d_config->b_info.exec_ssidref)
+ rc = xc_flask_relabel_domain(CTX->xch, dcs->guest_domid,
d_config->b_info.exec_ssidref);
if (rc) {
if (dcs->guest_domid) {
diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl
index 7eac4a8..93524f0 100644
--- a/tools/libxl/libxl_types.idl
+++ b/tools/libxl/libxl_types.idl
@@ -268,6 +268,7 @@ libxl_domain_build_info =
Struct("domain_build_info",[
("video_memkb", MemKB),
("shadow_memkb", MemKB),
("rtc_timeoffset", uint32),
+ ("exec_ssidref", uint32),
("localtime", libxl_defbool),
("disable_migrate", libxl_defbool),
("cpuid", libxl_cpuid_policy_list),
diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
index 5d444a8..4d67fdf 100644
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
@@ -596,16 +596,34 @@ static void parse_config_data(const char *config_source,
exit(1);
}
- if (!xlu_cfg_get_string (config, "seclabel", &buf, 0)) {
+ if (!xlu_cfg_get_string (config, "init_seclabel", &buf, 0)) {
e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf),
&c_info->ssidref);
if (e) {
if (errno == ENOSYS) {
+ fprintf(stderr, "XSM Disabled: init_seclabel not
supported\n");
+ } else {
+ fprintf(stderr, "Invalid init_seclabel: %s\n", buf);
+ exit(1);
+ }
+ }
+ }
+
+ if (!xlu_cfg_get_string (config, "seclabel", &buf, 0)) {
+ uint32_t ssidref;
+ e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf),
+ &ssidref);
+ if (e) {
+ if (errno == ENOSYS) {
fprintf(stderr, "XSM Disabled: seclabel not
supported\n");
} else {
fprintf(stderr, "Invalid seclabel: %s\n", buf);
exit(1);
}
+ } else if (c_info->ssidref) {
+ b_info->exec_ssidref = ssidref;
+ } else {
+ c_info->ssidref = ssidref;
}
}
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 02/19] flask/policy: Add domain relabel example
This adds the nomigrate_t type to the example FLASK policy which allows
domains to be created that dom0 cannot access after building.
Example domain configuration snippet:
seclabel=''customer_1:vm_r:nomigrate_t''
init_seclabel=''customer_1:vm_r:nomigrate_t_building''
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
docs/misc/xsm-flask.txt | 2 +
tools/flask/policy/policy/modules/xen/xen.if | 56 +++++++++++++++++++++-------
tools/flask/policy/policy/modules/xen/xen.te | 10 +++++
3 files changed, 55 insertions(+), 13 deletions(-)
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 6b0d327..0778a28 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -60,6 +60,8 @@ that can be used without dom0 disaggregation. The main types
for domUs are:
- domU_t is a domain that can communicate with any other domU_t
- isolated_domU_t can only communicate with dom0
- prot_domU_t is a domain type whose creation can be disabled with a boolean
+ - nomigrate_t is a domain that must be created via the nomigrate_t_building
+ type, and whose memory cannot be read by dom0 once created
HVM domains with stubdomain device models use two types (one per domain):
- domHVM_t is an HVM domain that uses a stubdomain device model
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index 3f58909..2ad11b2 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -9,24 +9,47 @@
# Declare a type as a domain type, and allow basic domain setup
define(`declare_domain'', `
type $1, domain_type`''ifelse(`$#'', `1'',
`'', `,shift($@)'');
+ type $1_channel, event_type;
+ type_transition $1 domain_type:event $1_channel;
allow $1 $1:grant { query setup };
allow $1 $1:mmu { adjust physmap map_read map_write stat pinpage };
allow $1 $1:hvm { getparam setparam };
'')
-# create_domain(priv, target)
-# Allow a domain to be created
-define(`create_domain'', `
+# declare_build_label(type)
+# Declare a paired _building type for the given domain type
+define(`declare_build_label'', `
+ type $1_building, domain_type;
+ type_transition $1_building domain_type:event $1_channel;
+ allow $1_building $1 : domain transition;
+'')
+
+define(`create_domain_common'', `
allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize
- getdomaininfo hypercall setvcpucontext scheduler
- unpause getvcpuinfo getvcpuextstate getaddrsize
- getvcpuaffinity };
+ getdomaininfo hypercall setvcpucontext setextvcpucontext
+ scheduler getvcpuinfo getvcpuextstate getaddrsize
+ getvcpuaffinity setvcpuaffinity };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
allow $1 $2:grant setup;
- allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam
pcilevel trackdirtyvram };
- allow $1 $2_$1_channel:event create;
+ allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc setparam
pcilevel trackdirtyvram };
+'')
+
+# create_domain(priv, target)
+# Allow a domain to be created directly
+define(`create_domain'', `
+ create_domain_common($1, $2)
+ allow $1 $2_channel:event create;
+'')
+
+# create_domain_build_label(priv, target)
+# Allow a domain to be created via its domain build label
+define(`create_domain_build_label'', `
+ create_domain_common($1, $2_building)
+ allow $1 $2_channel:event create;
+ allow $1 $2_building:domain2 relabelfrom;
+ allow $1 $2:domain2 relabelto;
'')
# manage_domain(priv, target)
@@ -37,6 +60,15 @@ define(`manage_domain'', `
setvcpuaffinity setdomainmaxmem };
'')
+# migrate_domain_out(priv, target)
+# Allow creation of a snapshot or migration image from a domain
+# (inbound migration is the same as domain creation)
+define(`migrate_domain_out'', `
+ allow $1 $2:hvm { gethvmc getparam irqlevel };
+ allow $1 $2:mmu { stat pageinfo map_read };
+ allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext
getvcpuextstate pause destroy };
+'')
+
################################################################################
#
# Inter-domain communication
@@ -47,8 +79,6 @@ define(`manage_domain'', `
# This allows an event channel to be created from domains with labels
# <source> to <dest> and will label it <chan-label>
define(`create_channel'', `
- type $3, event_type;
- type_transition $1 $2:event $3;
allow $1 $3:event { create send status };
allow $3 $2:event { bind };
'')
@@ -56,8 +86,8 @@ define(`create_channel'', `
# domain_event_comms(dom1, dom2)
# Allow two domain types to communicate using event channels
define(`domain_event_comms'', `
- create_channel($1, $2, $1_$2_channel)
- create_channel($2, $1, $2_$1_channel)
+ create_channel($1, $2, $1_channel)
+ create_channel($2, $1, $2_channel)
'')
# domain_comms(dom1, dom2)
@@ -72,7 +102,7 @@ define(`domain_comms'', `
# Allow a domain types to communicate with others of its type using grants
# and event channels (this includes event channels to DOMID_SELF)
define(`domain_self_comms'', `
- create_channel($1, $1, $1_self_channel)
+ create_channel($1, $1, $1_channel)
allow $1 $1:grant { map_read map_write copy unmap };
'')
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index 9550397..1162153 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -90,6 +90,7 @@ create_domain(dom0_t, isolated_domU_t)
manage_domain(dom0_t, isolated_domU_t)
domain_comms(dom0_t, isolated_domU_t)
+# Declare a boolean that denies creation of prot_domU_t domains
gen_bool(prot_doms_locked, false)
declare_domain(prot_domU_t)
if (!prot_doms_locked) {
@@ -111,6 +112,15 @@ manage_domain(dom0_t, dm_dom_t)
domain_comms(dom0_t, dm_dom_t)
device_model(dm_dom_t, domHVM_t)
+# nomigrate_t must be built via the nomigrate_t_building label; once built,
+# dom0 cannot read its memory.
+declare_domain(nomigrate_t)
+declare_build_label(nomigrate_t)
+create_domain_build_label(dom0_t, nomigrate_t)
+manage_domain(dom0_t, nomigrate_t)
+domain_comms(dom0_t, nomigrate_t)
+domain_self_comms(nomigrate_t)
+
###############################################################################
#
# Device delegation
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
The xsm_iomem_permission and xsm_ioport_permission hooks are intended to
be called by the domain builder, while the calls in arch/x86/domctl.c
which control mapping are also performed by the device model. Because of
this, they should not use the same XSM hooks.
This also adds a missing XSM hook in the unbind IRQ domctl.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/domctl.c | 8 ++++++--
xen/arch/x86/physdev.c | 2 +-
xen/include/xsm/xsm.h | 25 ++++++++++++++++++++++---
xen/xsm/dummy.c | 20 +++++++++++++++++++-
xen/xsm/flask/hooks.c | 42 ++++++++++++++++++++----------------------
5 files changed, 68 insertions(+), 29 deletions(-)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 508c77c..7069d7a 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -803,6 +803,10 @@ long arch_do_domctl(
!irq_access_permitted(current->domain, bind->machine_irq) )
goto unbind_out;
+ ret = xsm_unbind_pt_irq(d, bind);
+ if ( ret )
+ goto unbind_out;
+
if ( iommu_enabled )
{
spin_lock(&pcidevs_lock);
@@ -842,7 +846,7 @@ long arch_do_domctl(
if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
break;
- ret = xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, add);
+ ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
if ( ret ) {
rcu_unlock_domain(d);
break;
@@ -929,7 +933,7 @@ long arch_do_domctl(
if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
break;
- ret = xsm_ioport_permission(d, fmp, fmp + np - 1, add);
+ ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add);
if ( ret ) {
rcu_unlock_domain(d);
break;
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 751cbd4..2928f1c 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -242,7 +242,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
if ( !IS_PRIV_FOR(current->domain, d) )
goto free_domain;
- ret = xsm_irq_permission(d, domain_pirq_to_irq(d, pirq), 0);
+ ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
if ( ret )
goto free_domain;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index a949c1e..2560229 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -117,8 +117,10 @@ struct xsm_operations {
char *(*show_irq_sid) (int irq);
int (*map_domain_pirq) (struct domain *d, int irq, void *data);
+ int (*unmap_domain_pirq) (struct domain *d, int irq);
int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
+ int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
int (*get_device_group) (uint32_t machine_bdf);
@@ -176,11 +178,12 @@ struct xsm_operations {
int (*add_to_physmap) (struct domain *d1, struct domain *d2);
int (*sendtrigger) (struct domain *d);
int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*unbind_pt_irq) (struct domain *d);
+ int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
int (*pin_mem_cacheattr) (struct domain *d);
int (*ext_vcpucontext) (struct domain *d, uint32_t cmd);
int (*vcpuextstate) (struct domain *d, uint32_t cmd);
int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
+ int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
#endif
};
@@ -495,6 +498,11 @@ static inline int xsm_map_domain_pirq (struct domain *d,
int irq, void *data)
return xsm_call(map_domain_pirq(d, irq, data));
}
+static inline int xsm_unmap_domain_pirq (struct domain *d, int irq)
+{
+ return xsm_call(unmap_domain_pirq(d, irq));
+}
+
static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t
allow)
{
return xsm_call(irq_permission(d, pirq, allow));
@@ -505,6 +513,11 @@ static inline int xsm_iomem_permission (struct domain *d,
uint64_t s, uint64_t e
return xsm_call(iomem_permission(d, s, e, allow));
}
+static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
+{
+ return xsm_call(iomem_mapping(d, s, e, allow));
+}
+
static inline int xsm_pci_config_permission (struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
{
return xsm_call(pci_config_permission(d, machine_bdf, start, end, access));
@@ -781,9 +794,10 @@ static inline int xsm_bind_pt_irq(struct domain *d,
return xsm_call(bind_pt_irq(d, bind));
}
-static inline int xsm_unbind_pt_irq(struct domain *d)
+static inline int xsm_unbind_pt_irq(struct domain *d,
+ struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_call(unbind_pt_irq(d));
+ return xsm_call(unbind_pt_irq(d, bind));
}
static inline int xsm_pin_mem_cacheattr(struct domain *d)
@@ -804,6 +818,11 @@ static inline int xsm_ioport_permission (struct domain *d,
uint32_t s, uint32_t
{
return xsm_call(ioport_permission(d, s, e, allow));
}
+
+static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
+{
+ return xsm_call(ioport_mapping(d, s, e, allow));
+}
#endif /* CONFIG_X86 */
extern struct xsm_operations dummy_xsm_ops;
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index b726eaf..5f078d2 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -395,6 +395,11 @@ static int dummy_map_domain_pirq (struct domain *d, int
irq, void *data)
return 0;
}
+static int dummy_unmap_domain_pirq (struct domain *d, int irq)
+{
+ return 0;
+}
+
static int dummy_irq_permission (struct domain *d, int pirq, uint8_t allow)
{
return 0;
@@ -405,6 +410,11 @@ static int dummy_iomem_permission (struct domain *d,
uint64_t s, uint64_t e, uin
return 0;
}
+static int dummy_iomem_mapping (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
+{
+ return 0;
+}
+
static int dummy_pci_config_permission (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end,
uint8_t access)
@@ -585,7 +595,7 @@ static int dummy_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *b
return 0;
}
-static int dummy_unbind_pt_irq (struct domain *d)
+static int dummy_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
{
return 0;
}
@@ -609,6 +619,11 @@ static int dummy_ioport_permission (struct domain *d,
uint32_t s, uint32_t e, ui
{
return 0;
}
+
+static int dummy_ioport_mapping (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
+{
+ return 0;
+}
#endif
struct xsm_operations dummy_xsm_ops;
@@ -693,8 +708,10 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, show_irq_sid);
set_to_dummy_if_null(ops, map_domain_pirq);
+ set_to_dummy_if_null(ops, unmap_domain_pirq);
set_to_dummy_if_null(ops, irq_permission);
set_to_dummy_if_null(ops, iomem_permission);
+ set_to_dummy_if_null(ops, iomem_mapping);
set_to_dummy_if_null(ops, pci_config_permission);
set_to_dummy_if_null(ops, get_device_group);
@@ -757,5 +774,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, ext_vcpucontext);
set_to_dummy_if_null(ops, vcpuextstate);
set_to_dummy_if_null(ops, ioport_permission);
+ set_to_dummy_if_null(ops, ioport_mapping);
#endif
}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 0ca10d0..d4635d0 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -721,43 +721,40 @@ static int flask_map_domain_pirq (struct domain *d, int
irq, void *data)
return rc;
}
-static int flask_irq_permission (struct domain *d, int irq, uint8_t access)
+static int flask_unmap_domain_pirq (struct domain *d, int irq)
{
- u32 perm;
- u32 rsid;
+ u32 sid;
int rc = -EPERM;
- struct domain_security_struct *ssec, *tsec;
+ struct domain_security_struct *ssec;
struct avc_audit_data ad;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
- resource_to_perm(access));
-
+ rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__REMOVE);
if ( rc )
return rc;
- if ( access )
- perm = RESOURCE__ADD_IRQ;
- else
- perm = RESOURCE__REMOVE_IRQ;
-
ssec = current->domain->ssid;
- tsec = d->ssid;
- rc = get_irq_sid(irq, &rsid, &ad);
- if ( rc )
- return rc;
-
- rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad);
+ if ( irq >= nr_irqs_gsi ) {
+ /* TODO support for MSI here */
+ return 0;
+ } else {
+ rc = get_irq_sid(irq, &sid, &ad);
+ }
if ( rc )
return rc;
- if ( access )
- rc = avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE,
- RESOURCE__USE, &ad);
+ rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_IRQ, &ad);
return rc;
}
+static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
+{
+ /* the PIRQ number is not useful; real IRQ is checked during mapping */
+ return domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
+ resource_to_perm(access));
+}
+
struct iomem_has_perm_data {
struct domain_security_struct *ssec, *tsec;
u32 perm;
@@ -1413,7 +1410,7 @@ static int flask_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *b
return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
-static int flask_unbind_pt_irq (struct domain *d)
+static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
{
return domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__REMOVE);
}
@@ -1533,6 +1530,7 @@ static struct xsm_operations flask_ops = {
.show_irq_sid = flask_show_irq_sid,
.map_domain_pirq = flask_map_domain_pirq,
+ .unmap_domain_pirq = flask_unmap_domain_pirq,
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
.pci_config_permission = flask_pci_config_permission,
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 04/19] xsm/flask: Add checks on the domain performing the set_target operation
The existing domain__set_target check only verifies that the source and
target domains can be associated. We also need to check that the
privileged domain making this association is allowed to do so.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
tools/flask/policy/policy/flask/access_vectors | 2 ++
xen/xsm/flask/hooks.c | 7 +++++++
xen/xsm/flask/include/av_perm_to_string.h | 2 ++
xen/xsm/flask/include/av_permissions.h | 2 ++
4 files changed, 13 insertions(+)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index c7e29ab..11d02da 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -78,6 +78,8 @@ class domain2
relabelfrom
relabelto
relabelself
+ make_priv_for
+ set_as_target
}
class hvm
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index d4635d0..81ff5ac 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -577,6 +577,13 @@ static int flask_domain_settime(struct domain *d)
static int flask_set_target(struct domain *d, struct domain *e)
{
+ int rc;
+ rc = domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__MAKE_PRIV_FOR);
+ if ( rc )
+ return rc;
+ rc = domain_has_perm(current->domain, e, SECCLASS_DOMAIN2,
DOMAIN2__SET_AS_TARGET);
+ if ( rc )
+ return rc;
return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
}
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index e7e2058..10f8e80 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -64,6 +64,8 @@
S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELFROM, "relabelfrom")
S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELTO, "relabelto")
S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target")
S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index cb1c5dc..f7cfee1 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -66,6 +66,8 @@
#define DOMAIN2__RELABELFROM 0x00000001UL
#define DOMAIN2__RELABELTO 0x00000002UL
#define DOMAIN2__RELABELSELF 0x00000004UL
+#define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL
+#define DOMAIN2__SET_AS_TARGET 0x00000010UL
#define HVM__SETHVMC 0x00000001UL
#define HVM__GETHVMC 0x00000002UL
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 05/19] xsm: Use the dummy XSM module if XSM is disabled
This patch moves the implementation of the dummy XSM module to a header
file that provides inline functions when XSM_ENABLE is not defined. This
reduces duplication between the dummy module and callers when the
implementation of the dummy return is not just "return 0", and also
provides better compile-time checking for completeness of the XSM
implementations in the dummy module.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/common/domctl.c | 2 -
xen/include/xsm/dummy.h | 628 ++++++++++++++++++++++++++++++++++++++++++++++++
xen/include/xsm/xsm.h | 294 +++++++++++------------
xen/xsm/dummy.c | 619 +----------------------------------------------
xen/xsm/flask/hooks.c | 2 +-
xen/xsm/xsm_core.c | 2 +-
6 files changed, 776 insertions(+), 771 deletions(-)
create mode 100644 xen/include/xsm/dummy.h
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index a7a6b9f..2f49eb2 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -267,10 +267,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
return -EPERM;
break;
}
-#ifdef XSM_ENABLE
case XEN_DOMCTL_getdomaininfo:
break;
-#endif
default:
if ( !IS_PRIV(current->domain) )
return -EPERM;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
new file mode 100644
index 0000000..264f44b
--- /dev/null
+++ b/xen/include/xsm/dummy.h
@@ -0,0 +1,628 @@
+/*
+ * Default XSM hooks - IS_PRIV and IS_PRIV_FOR checks
+ *
+ * Author: Daniel De Graaf <dgdegra@tyhco.nsa.gov>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+
+#include <xen/sched.h>
+#include <xsm/xsm.h>
+
+static XSM_DEFAULT(void, security_domaininfo)(struct domain *d,
+ struct xen_domctl_getdomaininfo *info)
+{
+ return;
+}
+
+static XSM_DEFAULT(int, setvcpucontext)(struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, pausedomain) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, unpausedomain) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resumedomain) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, domain_create)(struct domain *d, u32 ssidref)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, max_vcpus)(struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, destroydomain) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, vcpuaffinity) (int cmd, struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, scheduler) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, getdomaininfo) (struct domain *d)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, getvcpucontext) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, getvcpuinfo) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, domain_settime) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, set_target) (struct domain *d, struct domain *e)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, domctl)(struct domain *d, int cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, set_virq_handler)(struct domain *d, uint32_t virq)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, tbufcontrol) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, readconsole) (uint32_t clear)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, sched_id) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, setdomainmaxmem) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, setdomainhandle) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, setdebugging) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, perfcontrol) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, debug_keys) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, getcpuinfo) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, get_pmstat) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, setpminfo) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, pm_op) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, do_mca) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, availheap) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, alloc_security_domain) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(void, free_security_domain) (struct domain *d)
+{
+ return;
+}
+
+static XSM_DEFAULT(int, grant_mapref) (struct domain *d1, struct domain *d2,
+ uint32_t flags)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, grant_unmapref) (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, grant_setup) (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, grant_transfer) (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, grant_copy) (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, grant_query_size) (struct domain *d1, struct domain
*d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, memory_adjust_reservation) (struct domain *d1,
+ struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, memory_stat_reservation) (struct domain *d1, struct
domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, console_io) (struct domain *d, int cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, profile) (struct domain *d, int op)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, kexec) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, schedop_shutdown) (struct domain *d1, struct domain
*d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, memory_pin_page) (struct domain *d1, struct domain *d2,
+ struct page_info *page)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, evtchn_unbound) (struct domain *d, struct evtchn *chn,
+ domid_t id2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, evtchn_interdomain) (struct domain *d1, struct evtchn
+ *chan1, struct domain *d2, struct evtchn
*chan2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(void, evtchn_close_post) (struct evtchn *chn)
+{
+ return;
+}
+
+static XSM_DEFAULT(int, evtchn_send) (struct domain *d, struct evtchn *chn)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, evtchn_status) (struct domain *d, struct evtchn *chn)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, evtchn_reset) (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, alloc_security_evtchn) (struct evtchn *chn)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(void, free_security_evtchn) (struct evtchn *chn)
+{
+ return;
+}
+
+static XSM_DEFAULT(char *, show_security_evtchn) (struct domain *d, const
struct evtchn *chn)
+{
+ return NULL;
+}
+
+static XSM_DEFAULT(int, get_pod_target)(struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, set_pod_target)(struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, get_device_group) (uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, test_assign_device) (uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, assign_device) (struct domain *d, uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, deassign_device) (struct domain *d, uint32_t
machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_plug_core) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_unplug_core) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_plug_pci) (uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_unplug_pci) (uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_setup_pci) (uint32_t machine_bdf)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_setup_gsi) (int gsi)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, resource_setup_misc) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, page_offline) (uint32_t cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, lockprof) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, cpupool_op) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, sched_op) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(long, do_xsm_op)(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+{
+ return -ENOSYS;
+}
+
+static XSM_DEFAULT(char *, show_irq_sid) (int irq)
+{
+ return NULL;
+}
+
+static XSM_DEFAULT(int, map_domain_pirq) (struct domain *d, int irq, void
*data)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, unmap_domain_pirq) (struct domain *d, int irq)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, irq_permission) (struct domain *d, int pirq, uint8_t
allow)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, iomem_permission) (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, iomem_mapping) (struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, pci_config_permission) (struct domain *d, uint32_t
machine_bdf,
+ uint16_t start, uint16_t end,
+ uint8_t access)
+{
+ return 0;
+}
+
+#ifdef CONFIG_X86
+static XSM_DEFAULT(int, shadow_control) (struct domain *d, uint32_t op)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, getpageframeinfo) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, getmemlist) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hypercall_init) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hvmcontext) (struct domain *d, uint32_t cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, address_size) (struct domain *d, uint32_t cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, machine_address_size) (struct domain *d, uint32_t cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hvm_param) (struct domain *d, unsigned long op)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hvm_set_pci_intx_level) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hvm_set_isa_irq_level) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hvm_set_pci_link_route) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, hvm_inject_msi) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, mem_event) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, xen_settime) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, memtype) (uint32_t access)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, microcode) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, physinfo) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, platform_quirk) (uint32_t quirk)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, firmware_info) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, efi_call) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, acpi_sleep) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, change_freq) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, getidletime) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, machine_memory_map) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, domain_memory_map) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, mmu_normal_update) (struct domain *d, struct domain *t,
+ struct domain *f, intpte_t fpte)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, mmu_machphys_update) (struct domain *d, struct domain
*f,
+ unsigned long mfn)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, update_va_mapping) (struct domain *d, struct domain *f,
+ l1_pgentry_t pte)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, add_to_physmap) (struct domain *d1, struct domain *d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, remove_from_physmap) (struct domain *d1, struct domain
*d2)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, sendtrigger) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, bind_pt_irq) (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, unbind_pt_irq) (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, pin_mem_cacheattr) (struct domain *d)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, ext_vcpucontext) (struct domain *d, uint32_t cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, vcpuextstate) (struct domain *d, uint32_t cmd)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, ioport_permission) (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, ioport_mapping) (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+{
+ return 0;
+}
+
+#endif
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 2560229..5c3065b 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -21,12 +21,6 @@
typedef void xsm_op_t;
DEFINE_XEN_GUEST_HANDLE(xsm_op_t);
-#ifdef XSM_ENABLE
- #define xsm_call(fn) xsm_ops->fn
-#else
- #define xsm_call(fn) 0
-#endif
-
/* policy magic number (defined by XSM_MAGIC) */
typedef u32 xsm_magic_t;
#ifndef XSM_MAGIC
@@ -141,7 +135,7 @@ struct xsm_operations {
int (*cpupool_op)(void);
int (*sched_op)(void);
- long (*__do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
+ long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
#ifdef CONFIG_X86
int (*shadow_control) (struct domain *d, uint32_t op);
@@ -187,645 +181,643 @@ struct xsm_operations {
#endif
};
-#endif
-
extern struct xsm_operations *xsm_ops;
static inline void xsm_security_domaininfo (struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
- (void)xsm_call(security_domaininfo(d, info));
+ xsm_ops->security_domaininfo(d, info);
}
static inline int xsm_setvcpucontext(struct domain *d)
{
- return xsm_call(setvcpucontext(d));
+ return xsm_ops->setvcpucontext(d);
}
static inline int xsm_pausedomain (struct domain *d)
{
- return xsm_call(pausedomain(d));
+ return xsm_ops->pausedomain(d);
}
static inline int xsm_unpausedomain (struct domain *d)
{
- return xsm_call(unpausedomain(d));
+ return xsm_ops->unpausedomain(d);
}
static inline int xsm_resumedomain (struct domain *d)
{
- return xsm_call(resumedomain(d));
+ return xsm_ops->resumedomain(d);
}
static inline int xsm_domain_create (struct domain *d, u32 ssidref)
{
- return xsm_call(domain_create(d, ssidref));
+ return xsm_ops->domain_create(d, ssidref);
}
static inline int xsm_max_vcpus(struct domain *d)
{
- return xsm_call(max_vcpus(d));
+ return xsm_ops->max_vcpus(d);
}
static inline int xsm_destroydomain (struct domain *d)
{
- return xsm_call(destroydomain(d));
+ return xsm_ops->destroydomain(d);
}
static inline int xsm_vcpuaffinity (int cmd, struct domain *d)
{
- return xsm_call(vcpuaffinity(cmd, d));
+ return xsm_ops->vcpuaffinity(cmd, d);
}
static inline int xsm_scheduler (struct domain *d)
{
- return xsm_call(scheduler(d));
+ return xsm_ops->scheduler(d);
}
static inline int xsm_getdomaininfo (struct domain *d)
{
- return xsm_call(getdomaininfo(d));
+ return xsm_ops->getdomaininfo(d);
}
static inline int xsm_getvcpucontext (struct domain *d)
{
- return xsm_call(getvcpucontext(d));
+ return xsm_ops->getvcpucontext(d);
}
static inline int xsm_getvcpuinfo (struct domain *d)
{
- return xsm_call(getvcpuinfo(d));
+ return xsm_ops->getvcpuinfo(d);
}
static inline int xsm_domain_settime (struct domain *d)
{
- return xsm_call(domain_settime(d));
+ return xsm_ops->domain_settime(d);
}
static inline int xsm_set_target (struct domain *d, struct domain *e)
{
- return xsm_call(set_target(d, e));
+ return xsm_ops->set_target(d, e);
}
static inline int xsm_domctl (struct domain *d, int cmd)
{
- return xsm_call(domctl(d, cmd));
+ return xsm_ops->domctl(d, cmd);
}
static inline int xsm_set_virq_handler (struct domain *d, uint32_t virq)
{
- return xsm_call(set_virq_handler(d, virq));
+ return xsm_ops->set_virq_handler(d, virq);
}
static inline int xsm_tbufcontrol (void)
{
- return xsm_call(tbufcontrol());
+ return xsm_ops->tbufcontrol();
}
static inline int xsm_readconsole (uint32_t clear)
{
- return xsm_call(readconsole(clear));
+ return xsm_ops->readconsole(clear);
}
static inline int xsm_sched_id (void)
{
- return xsm_call(sched_id());
+ return xsm_ops->sched_id();
}
static inline int xsm_setdomainmaxmem (struct domain *d)
{
- return xsm_call(setdomainmaxmem(d));
+ return xsm_ops->setdomainmaxmem(d);
}
static inline int xsm_setdomainhandle (struct domain *d)
{
- return xsm_call(setdomainhandle(d));
+ return xsm_ops->setdomainhandle(d);
}
static inline int xsm_setdebugging (struct domain *d)
{
- return xsm_call(setdebugging(d));
+ return xsm_ops->setdebugging(d);
}
static inline int xsm_perfcontrol (void)
{
- return xsm_call(perfcontrol());
+ return xsm_ops->perfcontrol();
}
static inline int xsm_debug_keys (void)
{
- return xsm_call(debug_keys());
+ return xsm_ops->debug_keys();
}
static inline int xsm_availheap (void)
{
- return xsm_call(availheap());
+ return xsm_ops->availheap();
}
static inline int xsm_getcpuinfo (void)
{
- return xsm_call(getcpuinfo());
+ return xsm_ops->getcpuinfo();
}
static inline int xsm_get_pmstat(void)
{
- return xsm_call(get_pmstat());
+ return xsm_ops->get_pmstat();
}
static inline int xsm_setpminfo(void)
{
- return xsm_call(setpminfo());
+ return xsm_ops->setpminfo();
}
static inline int xsm_pm_op(void)
{
- return xsm_call(pm_op());
+ return xsm_ops->pm_op();
}
static inline int xsm_do_mca(void)
{
- return xsm_call(do_mca());
+ return xsm_ops->do_mca();
}
static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
domid_t
id2)
{
- return xsm_call(evtchn_unbound(d1, chn, id2));
+ return xsm_ops->evtchn_unbound(d1, chn, id2);
}
static inline int xsm_evtchn_interdomain (struct domain *d1,
struct evtchn *chan1, struct domain *d2, struct evtchn *chan2)
{
- return xsm_call(evtchn_interdomain(d1, chan1, d2, chan2));
+ return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
}
static inline void xsm_evtchn_close_post (struct evtchn *chn)
{
- (void)xsm_call(evtchn_close_post(chn));
+ xsm_ops->evtchn_close_post(chn);
}
static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn)
{
- return xsm_call(evtchn_send(d, chn));
+ return xsm_ops->evtchn_send(d, chn);
}
static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn)
{
- return xsm_call(evtchn_status(d, chn));
+ return xsm_ops->evtchn_status(d, chn);
}
static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2)
{
- return xsm_call(evtchn_reset(d1, d2));
+ return xsm_ops->evtchn_reset(d1, d2);
}
static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2,
uint32_t flags)
{
- return xsm_call(grant_mapref(d1, d2, flags));
+ return xsm_ops->grant_mapref(d1, d2, flags);
}
static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2)
{
- return xsm_call(grant_unmapref(d1, d2));
+ return xsm_ops->grant_unmapref(d1, d2);
}
static inline int xsm_grant_setup (struct domain *d1, struct domain *d2)
{
- return xsm_call(grant_setup(d1, d2));
+ return xsm_ops->grant_setup(d1, d2);
}
static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2)
{
- return xsm_call(grant_transfer(d1, d2));
+ return xsm_ops->grant_transfer(d1, d2);
}
static inline int xsm_grant_copy (struct domain *d1, struct domain *d2)
{
- return xsm_call(grant_copy(d1, d2));
+ return xsm_ops->grant_copy(d1, d2);
}
static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2)
{
- return xsm_call(grant_query_size(d1, d2));
+ return xsm_ops->grant_query_size(d1, d2);
}
static inline int xsm_alloc_security_domain (struct domain *d)
{
- return xsm_call(alloc_security_domain(d));
+ return xsm_ops->alloc_security_domain(d);
}
static inline void xsm_free_security_domain (struct domain *d)
{
- (void)xsm_call(free_security_domain(d));
+ xsm_ops->free_security_domain(d);
}
static inline int xsm_alloc_security_evtchn (struct evtchn *chn)
{
- return xsm_call(alloc_security_evtchn(chn));
+ return xsm_ops->alloc_security_evtchn(chn);
}
static inline void xsm_free_security_evtchn (struct evtchn *chn)
{
- (void)xsm_call(free_security_evtchn(chn));
+ (void)xsm_ops->free_security_evtchn(chn);
}
static inline char *xsm_show_security_evtchn (struct domain *d, const struct
evtchn *chn)
{
- return xsm_call(show_security_evtchn(d, chn));
+ return xsm_ops->show_security_evtchn(d, chn);
}
static inline int xsm_get_pod_target (struct domain *d)
{
- return xsm_call(get_pod_target(d));
+ return xsm_ops->get_pod_target(d);
}
static inline int xsm_set_pod_target (struct domain *d)
{
- return xsm_call(set_pod_target(d));
+ return xsm_ops->set_pod_target(d);
}
static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
domain *d2)
{
- return xsm_call(memory_adjust_reservation(d1, d2));
+ return xsm_ops->memory_adjust_reservation(d1, d2);
}
static inline int xsm_memory_stat_reservation (struct domain *d1,
struct domain *d2)
{
- return xsm_call(memory_stat_reservation(d1, d2));
+ return xsm_ops->memory_stat_reservation(d1, d2);
}
static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
struct page_info *page)
{
- return xsm_call(memory_pin_page(d1, d2, page));
+ return xsm_ops->memory_pin_page(d1, d2, page);
}
static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2)
{
- return xsm_call(remove_from_physmap(d1, d2));
+ return xsm_ops->remove_from_physmap(d1, d2);
}
static inline int xsm_console_io (struct domain *d, int cmd)
{
- return xsm_call(console_io(d, cmd));
+ return xsm_ops->console_io(d, cmd);
}
static inline int xsm_profile (struct domain *d, int op)
{
- return xsm_call(profile(d, op));
+ return xsm_ops->profile(d, op);
}
static inline int xsm_kexec (void)
{
- return xsm_call(kexec());
+ return xsm_ops->kexec();
}
static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2)
{
- return xsm_call(schedop_shutdown(d1, d2));
+ return xsm_ops->schedop_shutdown(d1, d2);
}
static inline char *xsm_show_irq_sid (int irq)
{
- return xsm_call(show_irq_sid(irq));
+ return xsm_ops->show_irq_sid(irq);
}
static inline int xsm_map_domain_pirq (struct domain *d, int irq, void *data)
{
- return xsm_call(map_domain_pirq(d, irq, data));
+ return xsm_ops->map_domain_pirq(d, irq, data);
}
static inline int xsm_unmap_domain_pirq (struct domain *d, int irq)
{
- return xsm_call(unmap_domain_pirq(d, irq));
+ return xsm_ops->unmap_domain_pirq(d, irq);
}
static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t
allow)
{
- return xsm_call(irq_permission(d, pirq, allow));
+ return xsm_ops->irq_permission(d, pirq, allow);
}
static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
{
- return xsm_call(iomem_permission(d, s, e, allow));
+ return xsm_ops->iomem_permission(d, s, e, allow);
}
static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
{
- return xsm_call(iomem_mapping(d, s, e, allow));
+ return xsm_ops->iomem_mapping(d, s, e, allow);
}
static inline int xsm_pci_config_permission (struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
{
- return xsm_call(pci_config_permission(d, machine_bdf, start, end, access));
+ return xsm_ops->pci_config_permission(d, machine_bdf, start, end,
access);
}
static inline int xsm_get_device_group(uint32_t machine_bdf)
{
- return xsm_call(get_device_group(machine_bdf));
+ return xsm_ops->get_device_group(machine_bdf);
}
static inline int xsm_test_assign_device(uint32_t machine_bdf)
{
- return xsm_call(test_assign_device(machine_bdf));
+ return xsm_ops->test_assign_device(machine_bdf);
}
static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
{
- return xsm_call(assign_device(d, machine_bdf));
+ return xsm_ops->assign_device(d, machine_bdf);
}
static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
{
- return xsm_call(deassign_device(d, machine_bdf));
+ return xsm_ops->deassign_device(d, machine_bdf);
}
static inline int xsm_resource_plug_pci (uint32_t machine_bdf)
{
- return xsm_call(resource_plug_pci(machine_bdf));
+ return xsm_ops->resource_plug_pci(machine_bdf);
}
static inline int xsm_resource_unplug_pci (uint32_t machine_bdf)
{
- return xsm_call(resource_unplug_pci(machine_bdf));
+ return xsm_ops->resource_unplug_pci(machine_bdf);
}
static inline int xsm_resource_plug_core (void)
{
- return xsm_call(resource_plug_core());
+ return xsm_ops->resource_plug_core();
}
static inline int xsm_resource_unplug_core (void)
{
- return xsm_call(resource_unplug_core());
+ return xsm_ops->resource_unplug_core();
}
static inline int xsm_resource_setup_pci (uint32_t machine_bdf)
{
- return xsm_call(resource_setup_pci(machine_bdf));
+ return xsm_ops->resource_setup_pci(machine_bdf);
}
static inline int xsm_resource_setup_gsi (int gsi)
{
- return xsm_call(resource_setup_gsi(gsi));
+ return xsm_ops->resource_setup_gsi(gsi);
}
static inline int xsm_resource_setup_misc (void)
{
- return xsm_call(resource_setup_misc());
+ return xsm_ops->resource_setup_misc();
}
static inline int xsm_page_offline(uint32_t cmd)
{
- return xsm_call(page_offline(cmd));
+ return xsm_ops->page_offline(cmd);
}
static inline int xsm_lockprof(void)
{
- return xsm_call(lockprof());
+ return xsm_ops->lockprof();
}
static inline int xsm_cpupool_op(void)
{
- return xsm_call(cpupool_op());
+ return xsm_ops->cpupool_op();
}
static inline int xsm_sched_op(void)
{
- return xsm_call(sched_op());
-}
-
-static inline long __do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
-{
-#ifdef XSM_ENABLE
- return xsm_ops->__do_xsm_op(op);
-#else
- return -ENOSYS;
-#endif
+ return xsm_ops->sched_op();
}
-#ifdef XSM_ENABLE
-extern int xsm_init(unsigned long *module_map, const multiboot_info_t *mbi,
- void *(*bootstrap_map)(const module_t *));
-extern int xsm_policy_init(unsigned long *module_map,
- const multiboot_info_t *mbi,
- void *(*bootstrap_map)(const module_t *));
-extern int register_xsm(struct xsm_operations *ops);
-extern int unregister_xsm(struct xsm_operations *ops);
-#else
-static inline int xsm_init (unsigned long *module_map,
- const multiboot_info_t *mbi,
- void *(*bootstrap_map)(const module_t *))
+static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
{
- return 0;
+ return xsm_ops->do_xsm_op(op);
}
-#endif
#ifdef CONFIG_X86
static inline int xsm_shadow_control (struct domain *d, uint32_t op)
{
- return xsm_call(shadow_control(d, op));
+ return xsm_ops->shadow_control(d, op);
}
static inline int xsm_getpageframeinfo (struct domain *d)
{
- return xsm_call(getpageframeinfo(d));
+ return xsm_ops->getpageframeinfo(d);
}
static inline int xsm_getmemlist (struct domain *d)
{
- return xsm_call(getmemlist(d));
+ return xsm_ops->getmemlist(d);
}
static inline int xsm_hypercall_init (struct domain *d)
{
- return xsm_call(hypercall_init(d));
+ return xsm_ops->hypercall_init(d);
}
static inline int xsm_hvmcontext (struct domain *d, uint32_t cmd)
{
- return xsm_call(hvmcontext(d, cmd));
+ return xsm_ops->hvmcontext(d, cmd);
}
static inline int xsm_address_size (struct domain *d, uint32_t cmd)
{
- return xsm_call(address_size(d, cmd));
+ return xsm_ops->address_size(d, cmd);
}
static inline int xsm_machine_address_size (struct domain *d, uint32_t cmd)
{
- return xsm_call(machine_address_size(d, cmd));
+ return xsm_ops->machine_address_size(d, cmd);
}
static inline int xsm_hvm_param (struct domain *d, unsigned long op)
{
- return xsm_call(hvm_param(d, op));
+ return xsm_ops->hvm_param(d, op);
}
static inline int xsm_hvm_set_pci_intx_level (struct domain *d)
{
- return xsm_call(hvm_set_pci_intx_level(d));
+ return xsm_ops->hvm_set_pci_intx_level(d);
}
static inline int xsm_hvm_set_isa_irq_level (struct domain *d)
{
- return xsm_call(hvm_set_isa_irq_level(d));
+ return xsm_ops->hvm_set_isa_irq_level(d);
}
static inline int xsm_hvm_set_pci_link_route (struct domain *d)
{
- return xsm_call(hvm_set_pci_link_route(d));
+ return xsm_ops->hvm_set_pci_link_route(d);
}
static inline int xsm_hvm_inject_msi (struct domain *d)
{
- return xsm_call(hvm_inject_msi(d));
+ return xsm_ops->hvm_inject_msi(d);
}
static inline int xsm_mem_event (struct domain *d)
{
- return xsm_call(mem_event(d));
+ return xsm_ops->mem_event(d);
}
static inline int xsm_mem_sharing (struct domain *d)
{
- return xsm_call(mem_sharing(d));
+ return xsm_ops->mem_sharing(d);
}
static inline int xsm_apic (struct domain *d, int cmd)
{
- return xsm_call(apic(d, cmd));
+ return xsm_ops->apic(d, cmd);
}
static inline int xsm_xen_settime (void)
{
- return xsm_call(xen_settime());
+ return xsm_ops->xen_settime();
}
static inline int xsm_memtype (uint32_t access)
{
- return xsm_call(memtype(access));
+ return xsm_ops->memtype(access);
}
static inline int xsm_microcode (void)
{
- return xsm_call(microcode());
+ return xsm_ops->microcode();
}
static inline int xsm_physinfo (void)
{
- return xsm_call(physinfo());
+ return xsm_ops->physinfo();
}
static inline int xsm_platform_quirk (uint32_t quirk)
{
- return xsm_call(platform_quirk(quirk));
+ return xsm_ops->platform_quirk(quirk);
}
static inline int xsm_firmware_info (void)
{
- return xsm_call(firmware_info());
+ return xsm_ops->firmware_info();
}
static inline int xsm_efi_call (void)
{
- return xsm_call(efi_call());
+ return xsm_ops->efi_call();
}
static inline int xsm_acpi_sleep (void)
{
- return xsm_call(acpi_sleep());
+ return xsm_ops->acpi_sleep();
}
static inline int xsm_change_freq (void)
{
- return xsm_call(change_freq());
+ return xsm_ops->change_freq();
}
static inline int xsm_getidletime (void)
{
- return xsm_call(getidletime());
+ return xsm_ops->getidletime();
}
static inline int xsm_machine_memory_map(void)
{
- return xsm_call(machine_memory_map());
+ return xsm_ops->machine_memory_map();
}
static inline int xsm_domain_memory_map(struct domain *d)
{
- return xsm_call(domain_memory_map(d));
+ return xsm_ops->domain_memory_map(d);
}
static inline int xsm_mmu_normal_update (struct domain *d, struct domain *t,
struct domain *f, intpte_t fpte)
{
- return xsm_call(mmu_normal_update(d, t, f, fpte));
+ return xsm_ops->mmu_normal_update(d, t, f, fpte);
}
static inline int xsm_mmu_machphys_update (struct domain *d1, struct domain
*d2,
unsigned long mfn)
{
- return xsm_call(mmu_machphys_update(d1, d2, mfn));
+ return xsm_ops->mmu_machphys_update(d1, d2, mfn);
}
static inline int xsm_update_va_mapping(struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
- return xsm_call(update_va_mapping(d, f, pte));
+ return xsm_ops->update_va_mapping(d, f, pte);
}
static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
{
- return xsm_call(add_to_physmap(d1, d2));
+ return xsm_ops->add_to_physmap(d1, d2);
}
static inline int xsm_sendtrigger(struct domain *d)
{
- return xsm_call(sendtrigger(d));
+ return xsm_ops->sendtrigger(d);
}
static inline int xsm_bind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_call(bind_pt_irq(d, bind));
+ return xsm_ops->bind_pt_irq(d, bind);
}
static inline int xsm_unbind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_call(unbind_pt_irq(d, bind));
+ return xsm_ops->unbind_pt_irq(d, bind);
}
static inline int xsm_pin_mem_cacheattr(struct domain *d)
{
- return xsm_call(pin_mem_cacheattr(d));
+ return xsm_ops->pin_mem_cacheattr(d);
}
static inline int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
{
- return xsm_call(ext_vcpucontext(d, cmd));
+ return xsm_ops->ext_vcpucontext(d, cmd);
}
static inline int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
{
- return xsm_call(vcpuextstate(d, cmd));
+ return xsm_ops->vcpuextstate(d, cmd);
}
static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
{
- return xsm_call(ioport_permission(d, s, e, allow));
+ return xsm_ops->ioport_permission(d, s, e, allow);
}
static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
{
- return xsm_call(ioport_mapping(d, s, e, allow));
+ return xsm_ops->ioport_mapping(d, s, e, allow);
}
#endif /* CONFIG_X86 */
+extern int xsm_init(unsigned long *module_map, const multiboot_info_t *mbi,
+ void *(*bootstrap_map)(const module_t *));
+extern int xsm_policy_init(unsigned long *module_map,
+ const multiboot_info_t *mbi,
+ void *(*bootstrap_map)(const module_t *));
+extern int register_xsm(struct xsm_operations *ops);
+extern int unregister_xsm(struct xsm_operations *ops);
+
extern struct xsm_operations dummy_xsm_ops;
extern void xsm_fixup_ops(struct xsm_operations *ops);
+#else /* XSM_ENABLE */
+
+#define XSM_DEFAULT(type, name) inline type xsm_ ## name
+#include <xsm/dummy.h>
+
+static inline int xsm_init (unsigned long *module_map,
+ const multiboot_info_t *mbi,
+ void *(*bootstrap_map)(const module_t *))
+{
+ return 0;
+}
+#endif /* XSM_ENABLE */
+
#endif /* __XSM_H */
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 5f078d2..47192d7 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -10,621 +10,8 @@
* as published by the Free Software Foundation.
*/
-#include <xen/sched.h>
-#include <xsm/xsm.h>
-
-static void dummy_security_domaininfo(struct domain *d,
- struct xen_domctl_getdomaininfo *info)
-{
- return;
-}
-
-static int dummy_setvcpucontext(struct domain *d)
-{
- return 0;
-}
-
-static int dummy_pausedomain (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_unpausedomain (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_resumedomain (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_domain_create(struct domain *d, u32 ssidref)
-{
- return 0;
-}
-
-static int dummy_max_vcpus(struct domain *d)
-{
- return 0;
-}
-
-static int dummy_destroydomain (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_vcpuaffinity (int cmd, struct domain *d)
-{
- return 0;
-}
-
-static int dummy_scheduler (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_getdomaininfo (struct domain *d)
-{
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- return 0;
-}
-
-static int dummy_getvcpucontext (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_getvcpuinfo (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_domain_settime (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_set_target (struct domain *d, struct domain *e)
-{
- return 0;
-}
-
-static int dummy_domctl(struct domain *d, int cmd)
-{
- return 0;
-}
-
-static int dummy_set_virq_handler(struct domain *d, uint32_t virq)
-{
- return 0;
-}
-
-static int dummy_tbufcontrol (void)
-{
- return 0;
-}
-
-static int dummy_readconsole (uint32_t clear)
-{
- return 0;
-}
-
-static int dummy_sched_id (void)
-{
- return 0;
-}
-
-static int dummy_setdomainmaxmem (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_setdomainhandle (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_setdebugging (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_perfcontrol (void)
-{
- return 0;
-}
-
-static int dummy_debug_keys (void)
-{
- return 0;
-}
-
-static int dummy_getcpuinfo (void)
-{
- return 0;
-}
-
-static int dummy_get_pmstat (void)
-{
- return 0;
-}
-
-static int dummy_setpminfo (void)
-{
- return 0;
-}
-
-static int dummy_pm_op (void)
-{
- return 0;
-}
-
-static int dummy_do_mca (void)
-{
- return 0;
-}
-
-static int dummy_availheap (void)
-{
- return 0;
-}
-
-static int dummy_alloc_security_domain (struct domain *d)
-{
- return 0;
-}
-
-static void dummy_free_security_domain (struct domain *d)
-{
- return;
-}
-
-static int dummy_grant_mapref (struct domain *d1, struct domain *d2,
- uint32_t flags)
-{
- return 0;
-}
-
-static int dummy_grant_unmapref (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_grant_setup (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_grant_transfer (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_grant_copy (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_grant_query_size (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_memory_adjust_reservation (struct domain *d1,
- struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_memory_stat_reservation (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_console_io (struct domain *d, int cmd)
-{
- return 0;
-}
-
-static int dummy_profile (struct domain *d, int op)
-{
- return 0;
-}
-
-static int dummy_kexec (void)
-{
- return 0;
-}
-
-static int dummy_schedop_shutdown (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_memory_pin_page(struct domain *d1, struct domain *d2, struct
page_info *page)
-{
- return 0;
-}
-
-static int dummy_evtchn_unbound (struct domain *d, struct evtchn *chn,
- domid_t
id2)
-{
- return 0;
-}
-
-static int dummy_evtchn_interdomain (struct domain *d1, struct evtchn
- *chan1, struct domain *d2, struct evtchn
*chan2)
-{
- return 0;
-}
-
-static void dummy_evtchn_close_post (struct evtchn *chn)
-{
- return;
-}
-
-static int dummy_evtchn_send (struct domain *d, struct evtchn *chn)
-{
- return 0;
-}
-
-static int dummy_evtchn_status (struct domain *d, struct evtchn *chn)
-{
- return 0;
-}
-
-static int dummy_evtchn_reset (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_alloc_security_evtchn (struct evtchn *chn)
-{
- return 0;
-}
-
-static void dummy_free_security_evtchn (struct evtchn *chn)
-{
- return;
-}
-
-static char *dummy_show_security_evtchn (struct domain *d, const struct evtchn
*chn)
-{
- return NULL;
-}
-
-static int dummy_get_pod_target(struct domain *d)
-{
- return 0;
-}
-
-static int dummy_set_pod_target(struct domain *d)
-{
- return 0;
-}
-
-static int dummy_get_device_group (uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_test_assign_device (uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_assign_device (struct domain *d, uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_deassign_device (struct domain *d, uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_resource_plug_core (void)
-{
- return 0;
-}
-
-static int dummy_resource_unplug_core (void)
-{
- return 0;
-}
-
-static int dummy_resource_plug_pci (uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_resource_unplug_pci (uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_resource_setup_pci (uint32_t machine_bdf)
-{
- return 0;
-}
-
-static int dummy_resource_setup_gsi (int gsi)
-{
- return 0;
-}
-
-static int dummy_resource_setup_misc (void)
-{
- return 0;
-}
-
-static int dummy_page_offline (uint32_t cmd)
-{
- return 0;
-}
-
-static int dummy_lockprof (void)
-{
- return 0;
-}
-
-static int dummy_cpupool_op (void)
-{
- return 0;
-}
-
-static int dummy_sched_op (void)
-{
- return 0;
-}
-
-static long dummy___do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
-{
- return -ENOSYS;
-}
-
-static char *dummy_show_irq_sid (int irq)
-{
- return NULL;
-}
-
-static int dummy_map_domain_pirq (struct domain *d, int irq, void *data)
-{
- return 0;
-}
-
-static int dummy_unmap_domain_pirq (struct domain *d, int irq)
-{
- return 0;
-}
-
-static int dummy_irq_permission (struct domain *d, int pirq, uint8_t allow)
-{
- return 0;
-}
-
-static int dummy_iomem_permission (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
-{
- return 0;
-}
-
-static int dummy_iomem_mapping (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
-{
- return 0;
-}
-
-static int dummy_pci_config_permission (struct domain *d, uint32_t machine_bdf,
- uint16_t start, uint16_t end,
- uint8_t access)
-{
- return 0;
-}
-
-#ifdef CONFIG_X86
-static int dummy_shadow_control (struct domain *d, uint32_t op)
-{
- return 0;
-}
-
-static int dummy_getpageframeinfo (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_getmemlist (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_hypercall_init (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_hvmcontext (struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static int dummy_address_size (struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static int dummy_machine_address_size (struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static int dummy_hvm_param (struct domain *d, unsigned long op)
-{
- return 0;
-}
-
-static int dummy_hvm_set_pci_intx_level (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_hvm_set_isa_irq_level (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_hvm_set_pci_link_route (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_hvm_inject_msi (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_mem_event (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_mem_sharing (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_apic (struct domain *d, int cmd)
-{
- return 0;
-}
-
-static int dummy_xen_settime (void)
-{
- return 0;
-}
-
-static int dummy_memtype (uint32_t access)
-{
- return 0;
-}
-
-static int dummy_microcode (void)
-{
- return 0;
-}
-
-static int dummy_physinfo (void)
-{
- return 0;
-}
-
-static int dummy_platform_quirk (uint32_t quirk)
-{
- return 0;
-}
-
-static int dummy_firmware_info (void)
-{
- return 0;
-}
-
-static int dummy_efi_call(void)
-{
- return 0;
-}
-
-static int dummy_acpi_sleep (void)
-{
- return 0;
-}
-
-static int dummy_change_freq (void)
-{
- return 0;
-}
-
-static int dummy_getidletime (void)
-{
- return 0;
-}
-
-static int dummy_machine_memory_map (void)
-{
- return 0;
-}
-
-static int dummy_domain_memory_map (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_mmu_normal_update (struct domain *d, struct domain *t,
- struct domain *f, intpte_t fpte)
-{
- return 0;
-}
-
-static int dummy_mmu_machphys_update (struct domain *d, struct domain *f,
unsigned long mfn)
-{
- return 0;
-}
-
-static int dummy_update_va_mapping (struct domain *d, struct domain *f,
- l1_pgentry_t pte)
-{
- return 0;
-}
-
-static int dummy_add_to_physmap (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_remove_from_physmap (struct domain *d1, struct domain *d2)
-{
- return 0;
-}
-
-static int dummy_sendtrigger (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
-{
- return 0;
-}
-
-static int dummy_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
-{
- return 0;
-}
-
-static int dummy_pin_mem_cacheattr (struct domain *d)
-{
- return 0;
-}
-
-static int dummy_ext_vcpucontext (struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static int dummy_vcpuextstate (struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static int dummy_ioport_permission (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
-{
- return 0;
-}
-
-static int dummy_ioport_mapping (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
-{
- return 0;
-}
-#endif
+#define XSM_DEFAULT(type, name) type dummy_ ## name
+#include <xsm/dummy.h>
struct xsm_operations dummy_xsm_ops;
@@ -732,7 +119,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, cpupool_op);
set_to_dummy_if_null(ops, sched_op);
- set_to_dummy_if_null(ops, __do_xsm_op);
+ set_to_dummy_if_null(ops, do_xsm_op);
#ifdef CONFIG_X86
set_to_dummy_if_null(ops, shadow_control);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 81ff5ac..31572c5 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1555,7 +1555,7 @@ static struct xsm_operations flask_ops = {
.cpupool_op = flask_cpupool_op,
.sched_op = flask_sched_op,
- .__do_xsm_op = do_flask_op,
+ .do_xsm_op = do_flask_op,
#ifdef CONFIG_X86
.shadow_control = flask_shadow_control,
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 46287cb..ca28f91 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -113,7 +113,7 @@ int unregister_xsm(struct xsm_operations *ops)
long do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
{
- return __do_xsm_op(op);
+ return xsm_do_xsm_op(op);
}
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
The Xen hypervisor has two basic access control function calls: IS_PRIV
and the xsm_* functions. Most privileged operations currently require
that both checks succeed, and many times the checks are at different
locations in the code. This patch eliminates the explicit and implicit
IS_PRIV checks that are duplicated in XSM hooks.
When XSM_ENABLE is not defined or when the dummy XSM module is used,
this patch should not change any functionality. Because the locations of
privilege checks have sometimes moved below argument validation, error
returns of some functions may change from EPERM to EINVAL or ESRCH if
called with invalid arguments and from a domain without permission to
perform the operation.
Some checks are removed due to non-obvious duplicates in their callers:
* acpi_enter_sleep is checked in XENPF_enter_acpi_sleep
* map_domain_pirq has IS_PRIV_FOR checked in its callers:
* physdev_map_pirq checks when acquiring the RCU lock
* ioapic_guest_write is checked in PHYSDEVOP_apic_write
* PHYSDEVOP_{manage_pci_add,manage_pci_add_ext,pci_device_add} are
checked by xsm_resource_plug_pci in pci_add_device
* PHYSDEVOP_manage_pci_remove is checked by xsm_resource_unplug_pci
in pci_remove_device
* PHYSDEVOP_{restore_msi,restore_msi_ext} are checked by
xsm_resource_setup_pci in pci_restore_msi_state
* do_console_io has changed to IS_PRIV from an explicit domid==0
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/acpi/power.c | 2 +-
xen/arch/x86/cpu/mcheck/mce.c | 3 ---
xen/arch/x86/irq.c | 3 +--
xen/arch/x86/mm.c | 3 ---
xen/arch/x86/physdev.c | 54 ++-----------------------------------------
xen/common/kexec.c | 3 ---
xen/common/schedule.c | 6 -----
xen/drivers/char/console.c | 6 -----
xen/include/xsm/dummy.h | 28 ++++++++++++++++++++++
xen/xsm/flask/hooks.c | 5 ++--
10 files changed, 35 insertions(+), 78 deletions(-)
diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index 9e1f989..c7b37ef 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -238,7 +238,7 @@ static long enter_state_helper(void *data)
*/
int acpi_enter_sleep(struct xenpf_enter_acpi_sleep *sleep)
{
- if ( !IS_PRIV(current->domain) || !acpi_sinfo.pm1a_cnt_blk.address )
+ if ( !acpi_sinfo.pm1a_cnt_blk.address )
return -EPERM;
/* Sanity check */
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 8b54240..658774a 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1293,9 +1293,6 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc)
struct xen_mc_msrinject *mc_msrinject;
struct xen_mc_mceinject *mc_mceinject;
- if (!IS_PRIV(v->domain) )
- return x86_mcerr(NULL, -EPERM);
-
ret = xsm_do_mca();
if ( ret )
return x86_mcerr(NULL, ret);
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 05cede5..238600a 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1853,8 +1853,7 @@ int map_domain_pirq(
ASSERT(spin_is_locked(&d->event_lock));
if ( !IS_PRIV(current->domain) &&
- !(IS_PRIV_FOR(current->domain, d) &&
- irq_access_permitted(current->domain, pirq)))
+ !irq_access_permitted(current->domain, pirq))
return -EPERM;
if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >=
nr_irqs )
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index fad3d33..9c90067 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4507,9 +4507,6 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
XEN_GUEST_HANDLE_PARAM(e820entry_t) buffer_param;
unsigned int i;
- if ( !IS_PRIV(current->domain) )
- return -EINVAL;
-
rc = xsm_machine_memory_map();
if ( rc )
return rc;
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 2928f1c..3f3ac0d 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -109,12 +109,6 @@ int physdev_map_pirq(domid_t domid, int type, int *index,
int *pirq_p,
if ( ret )
return ret;
- if ( !IS_PRIV_FOR(current->domain, d) )
- {
- ret = -EPERM;
- goto free_domain;
- }
-
/* Verify or get irq. */
switch ( type )
{
@@ -238,10 +232,6 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
goto free_domain;
}
- ret = -EPERM;
- if ( !IS_PRIV_FOR(current->domain, d) )
- goto free_domain;
-
ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
if ( ret )
goto free_domain;
@@ -433,9 +423,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = xsm_apic(v->domain, cmd);
if ( ret )
break;
@@ -450,9 +437,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = xsm_apic(v->domain, cmd);
if ( ret )
break;
@@ -467,8 +451,8 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( copy_from_guest(&irq_op, arg, 1) != 0 )
break;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
+ ret = xsm_apic(v->domain, cmd);
+ if ( ret )
break;
/* Vector is only used by hypervisor, and dom0 shouldn''t
@@ -517,9 +501,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_manage_pci_add: {
struct physdev_manage_pci manage_pci;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = -EFAULT;
if ( copy_from_guest(&manage_pci, arg, 1) != 0 )
break;
@@ -530,9 +511,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_manage_pci_remove: {
struct physdev_manage_pci manage_pci;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
ret = -EFAULT;
if ( copy_from_guest(&manage_pci, arg, 1) != 0 )
break;
@@ -545,10 +523,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
struct physdev_manage_pci_ext manage_pci_ext;
struct pci_dev_info pdev_info;
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&manage_pci_ext, arg, 1) != 0 )
break;
@@ -571,10 +545,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
struct physdev_pci_device_add add;
struct pci_dev_info pdev_info;
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&add, arg, 1) != 0 )
break;
@@ -595,10 +565,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_pci_device_remove: {
struct physdev_pci_device dev;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&dev, arg, 1) != 0 )
break;
@@ -610,10 +576,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_pci_mmcfg_reserved: {
struct physdev_pci_mmcfg_reserved info;
- ret = -EPERM;
- if ( !IS_PRIV(current->domain) )
- break;
-
ret = xsm_resource_setup_misc();
if ( ret )
break;
@@ -631,10 +593,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
struct physdev_restore_msi restore_msi;
struct pci_dev *pdev;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&restore_msi, arg, 1) != 0 )
break;
@@ -650,10 +608,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
struct physdev_pci_device dev;
struct pci_dev *pdev;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&dev, arg, 1) != 0 )
break;
@@ -668,10 +622,6 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_setup_gsi: {
struct physdev_setup_gsi setup_gsi;
- ret = -EPERM;
- if ( !IS_PRIV(v->domain) )
- break;
-
ret = -EFAULT;
if ( copy_from_guest(&setup_gsi, arg, 1) != 0 )
break;
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 25ebd6a..d4f6332 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -852,9 +852,6 @@ static int do_kexec_op_internal(unsigned long op,
unsigned long flags;
int ret = -EINVAL;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
ret = xsm_kexec();
if ( ret )
return ret;
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index 231e097..cfd173d 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -921,12 +921,6 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( d == NULL )
break;
- if ( !IS_PRIV_FOR(current->domain, d) )
- {
- rcu_unlock_domain(d);
- return -EPERM;
- }
-
ret = xsm_schedop_shutdown(current->domain, d);
if ( ret )
{
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index ff360fe..b2c3ee3 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -406,12 +406,6 @@ long do_console_io(int cmd, int count,
XEN_GUEST_HANDLE_PARAM(char) buffer)
long rc;
unsigned int idx, len;
-#ifndef VERBOSE
- /* Only domain 0 may access the emergency console. */
- if ( current->domain->domain_id != 0 )
- return -EPERM;
-#endif
-
rc = xsm_console_io(current->domain, cmd);
if ( rc )
return rc;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 264f44b..12b1508 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -161,6 +161,8 @@ static XSM_DEFAULT(int, pm_op) (void)
static XSM_DEFAULT(int, do_mca) (void)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
@@ -223,6 +225,10 @@ static XSM_DEFAULT(int, memory_stat_reservation) (struct
domain *d1, struct doma
static XSM_DEFAULT(int, console_io) (struct domain *d, int cmd)
{
+#ifndef VERBOSE
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+#endif
return 0;
}
@@ -233,11 +239,15 @@ static XSM_DEFAULT(int, profile) (struct domain *d, int
op)
static XSM_DEFAULT(int, kexec) (void)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, schedop_shutdown) (struct domain *d1, struct domain
*d2)
{
+ if ( !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
@@ -336,26 +346,36 @@ static XSM_DEFAULT(int, resource_unplug_core) (void)
static XSM_DEFAULT(int, resource_plug_pci) (uint32_t machine_bdf)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, resource_unplug_pci) (uint32_t machine_bdf)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, resource_setup_pci) (uint32_t machine_bdf)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, resource_setup_gsi) (int gsi)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, resource_setup_misc) (void)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
@@ -396,6 +416,8 @@ static XSM_DEFAULT(int, map_domain_pirq) (struct domain *d,
int irq, void *data)
static XSM_DEFAULT(int, unmap_domain_pirq) (struct domain *d, int irq)
{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
return 0;
}
@@ -494,6 +516,8 @@ static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
{
+ if ( !IS_PRIV(d) )
+ return -EPERM;
return 0;
}
@@ -534,6 +558,8 @@ static XSM_DEFAULT(int, efi_call) (void)
static XSM_DEFAULT(int, acpi_sleep) (void)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
@@ -549,6 +575,8 @@ static XSM_DEFAULT(int, getidletime) (void)
static XSM_DEFAULT(int, machine_memory_map) (void)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 31572c5..cb8cf96 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1147,10 +1147,11 @@ static int flask_apic(struct domain *d, int cmd)
switch ( cmd )
{
- case PHYSDEVOP_APIC_READ:
+ case PHYSDEVOP_apic_read:
+ case PHYSDEVOP_alloc_irq_vector:
perm = XEN__READAPIC;
break;
- case PHYSDEVOP_APIC_WRITE:
+ case PHYSDEVOP_apic_write:
perm = XEN__WRITEAPIC;
break;
default:
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 07/19] xen: avoid calling rcu_lock_*target_domain when an XSM hook exists
The rcu_lock_{,remote_}target_domain_by_id functions are wrappers around
an IS_PRIV_FOR check for the current domain. This is now redundant with
XSM hooks, so replace these calls with rcu_lock_domain_by_any_id or
rcu_lock_remote_domain_by_id to remove the duplicate permission checks.
When XSM_ENABLE is not defined or when the dummy XSM module is used,
this patch should not change any functionality. Because the locations of
privilege checks have sometimes moved below argument validation, error
returns of some functions may change from EPERM to EINVAL when called
with invalid arguments and from a domain without permission to perform
the operation.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/hvm/hvm.c | 38 +++++++++++++++----------------
xen/arch/x86/mm.c | 22 ++++++++----------
xen/common/event_channel.c | 18 +++++++--------
xen/common/grant_table.c | 57 +++++++++++++++-------------------------------
xen/common/memory.c | 15 ++++++------
xen/include/xsm/dummy.h | 34 +++++++++++++++++++++++++++
6 files changed, 97 insertions(+), 87 deletions(-)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 34da2f5..5bdde8d 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3392,7 +3392,7 @@ static int hvmop_set_pci_intx_level(
if ( (op.domain > 0) || (op.bus > 0) || (op.device > 31) ||
(op.intx > 3) )
return -EINVAL;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(op.domid, &d);
if ( rc != 0 )
return rc;
@@ -3559,7 +3559,7 @@ static int hvmop_set_isa_irq_level(
if ( op.isa_irq > 15 )
return -EINVAL;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(op.domid, &d);
if ( rc != 0 )
return rc;
@@ -3603,7 +3603,7 @@ static int hvmop_set_pci_link_route(
if ( (op.link > 3) || (op.isa_irq > 15) )
return -EINVAL;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(op.domid, &d);
if ( rc != 0 )
return rc;
@@ -3633,7 +3633,7 @@ static int hvmop_inject_msi(
if ( copy_from_guest(&op, uop, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(op.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(op.domid, &d);
if ( rc != 0 )
return rc;
@@ -3730,9 +3730,9 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( a.index >= HVM_NR_PARAMS )
return -EINVAL;
- rc = rcu_lock_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
if ( !is_hvm_domain(d) )
@@ -3976,7 +3976,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(a.domid, &d);
if ( rc != 0 )
return rc;
@@ -4015,7 +4015,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(a.domid, &d);
if ( rc != 0 )
return rc;
@@ -4065,9 +4065,9 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_hvm_param(d, op);
if ( rc )
@@ -4116,7 +4116,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(a.domid, &d);
if ( rc != 0 )
return rc;
@@ -4195,7 +4195,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(a.domid, &d);
if ( rc != 0 )
return rc;
@@ -4230,7 +4230,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(a.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(a.domid, &d);
if ( rc != 0 )
return rc;
@@ -4266,9 +4266,9 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&a, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(a.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(a.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = -EINVAL;
if ( !is_hvm_domain(d) || !paging_mode_shadow(d) )
@@ -4320,7 +4320,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&tr, arg, 1 ) )
return -EFAULT;
- rc = rcu_lock_remote_target_domain_by_id(tr.domid, &d);
+ rc = rcu_lock_remote_domain_by_id(tr.domid, &d);
if ( rc != 0 )
return rc;
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 9c90067..b065bcf 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4389,9 +4389,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( copy_from_guest(&xatp, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(xatp.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(xatp.domid);
+ if ( d == NULL )
+ return -ESRCH;
if ( xsm_add_to_physmap(current->domain, d) )
{
@@ -4428,9 +4428,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( fmap.map.nr_entries > E820MAX )
return -EINVAL;
- rc = rcu_lock_target_domain_by_id(fmap.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(fmap.domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_domain_memory_map(d);
if ( rc )
@@ -4583,16 +4583,12 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
struct domain *d;
struct p2m_domain *p2m;
- /* Support DOMID_SELF? */
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(&target, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(target.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(target.domid);
+ if ( d == NULL )
+ return -ESRCH;
if ( op == XENMEM_set_pod_target )
rc = xsm_set_pod_target(d);
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index a80a0d1..37947a9 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -165,9 +165,9 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t
*alloc)
domid_t dom = alloc->dom;
long rc;
- rc = rcu_lock_target_domain_by_id(dom, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_any_id(dom);
+ if ( d == NULL )
+ return -ESRCH;
spin_lock(&d->event_lock);
@@ -798,9 +798,9 @@ static long evtchn_status(evtchn_status_t *status)
struct evtchn *chn;
long rc = 0;
- rc = rcu_lock_target_domain_by_id(dom, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_any_id(dom);
+ if ( d == NULL )
+ return -ESRCH;
spin_lock(&d->event_lock);
@@ -950,9 +950,9 @@ static long evtchn_reset(evtchn_reset_t *r)
struct domain *d;
int i, rc;
- rc = rcu_lock_target_domain_by_id(dom, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_any_id(dom);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_evtchn_reset(current->domain, d);
if ( rc )
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 7912769..eae9518 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -230,30 +230,6 @@ double_gt_unlock(struct grant_table *lgt, struct
grant_table *rgt)
spin_unlock(&rgt->lock);
}
-static struct domain *gt_lock_target_domain_by_id(domid_t dom)
-{
- struct domain *d;
- int rc = GNTST_general_error;
-
- switch ( rcu_lock_target_domain_by_id(dom, &d) )
- {
- case 0:
- return d;
-
- case -ESRCH:
- gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom);
- rc = GNTST_bad_domain;
- break;
-
- case -EPERM:
- rc = GNTST_permission_denied;
- break;
- }
-
- ASSERT(rc < 0 && -rc <= MAX_ERRNO);
- return ERR_PTR(rc);
-}
-
static inline int
__get_maptrack_handle(
struct grant_table *t)
@@ -1342,11 +1318,12 @@ gnttab_setup_table(
goto out1;
}
- d = gt_lock_target_domain_by_id(op.dom);
- if ( IS_ERR(d) )
+ d = rcu_lock_domain_by_any_id(op.dom);
+ if ( d == NULL )
{
- op.status = PTR_ERR(d);
- goto out1;
+ gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
+ op.status = GNTST_bad_domain;
+ goto out2;
}
if ( xsm_grant_setup(current->domain, d) )
@@ -1410,10 +1387,11 @@ gnttab_query_size(
return -EFAULT;
}
- d = gt_lock_target_domain_by_id(op.dom);
- if ( IS_ERR(d) )
+ d = rcu_lock_domain_by_any_id(op.dom);
+ if ( d == NULL )
{
- op.status = PTR_ERR(d);
+ gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
+ op.status = GNTST_bad_domain;
goto query_out;
}
@@ -2283,10 +2261,10 @@
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
return -EFAULT;
}
- d = gt_lock_target_domain_by_id(op.dom);
- if ( IS_ERR(d) )
+ d = rcu_lock_domain_by_any_id(op.dom);
+ if ( d == NULL )
{
- op.status = PTR_ERR(d);
+ op.status = GNTST_bad_domain;
goto out1;
}
rc = xsm_grant_setup(current->domain, d);
@@ -2336,14 +2314,15 @@
gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t uop))
if ( copy_from_guest(&op, uop, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(op.dom, &d);
- if ( rc < 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(op.dom);
+ if ( d == NULL )
+ return -ESRCH;
- if ( xsm_grant_query_size(current->domain, d) )
+ rc = xsm_grant_query_size(current->domain, d);
+ if ( rc )
{
rcu_unlock_domain(d);
- return -EPERM;
+ return rc;
}
op.version = d->grant_table->gt_version;
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 83e2666..dd36b83 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -570,7 +570,8 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
&& (reservation.mem_flags &
XENMEMF_populate_on_demand) )
args.memflags |= MEMF_populate_on_demand;
- if ( unlikely(rcu_lock_target_domain_by_id(reservation.domid, &d))
)
+ d = rcu_lock_domain_by_any_id(reservation.domid);
+ if ( d == NULL )
return start_extent;
args.domain = d;
@@ -619,9 +620,9 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&domid, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(domid, &d);
- if ( rc )
- return rc;
+ d = rcu_lock_domain_by_any_id(domid);
+ if ( d == NULL )
+ return -ESRCH;
rc = xsm_memory_stat_reservation(current->domain, d);
if ( rc )
@@ -657,9 +658,9 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( copy_from_guest(&xrfp, arg, 1) )
return -EFAULT;
- rc = rcu_lock_target_domain_by_id(xrfp.domid, &d);
- if ( rc != 0 )
- return rc;
+ d = rcu_lock_domain_by_any_id(xrfp.domid);
+ if ( d == NULL )
+ return -ESRCH;
if ( xsm_remove_from_physmap(current->domain, d) )
{
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 12b1508..17128f5 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -194,6 +194,8 @@ static XSM_DEFAULT(int, grant_unmapref) (struct domain *d1,
struct domain *d2)
static XSM_DEFAULT(int, grant_setup) (struct domain *d1, struct domain *d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
@@ -209,17 +211,23 @@ static XSM_DEFAULT(int, grant_copy) (struct domain *d1,
struct domain *d2)
static XSM_DEFAULT(int, grant_query_size) (struct domain *d1, struct domain
*d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, memory_adjust_reservation) (struct domain *d1,
struct domain *d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, memory_stat_reservation) (struct domain *d1, struct
domain *d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
@@ -260,6 +268,8 @@ static XSM_DEFAULT(int, memory_pin_page) (struct domain *d1,
struct domain *d2,
static XSM_DEFAULT(int, evtchn_unbound) (struct domain *d, struct evtchn *chn,
domid_t id2)
{
+ if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
+ return -EPERM;
return 0;
}
@@ -281,11 +291,15 @@ static XSM_DEFAULT(int, evtchn_send) (struct domain *d,
struct evtchn *chn)
static XSM_DEFAULT(int, evtchn_status) (struct domain *d, struct evtchn *chn)
{
+ if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, evtchn_reset) (struct domain *d1, struct domain *d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
@@ -306,11 +320,15 @@ static XSM_DEFAULT(char *, show_security_evtchn) (struct
domain *d, const struct
static XSM_DEFAULT(int, get_pod_target)(struct domain *d)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, set_pod_target)(struct domain *d)
{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
return 0;
}
@@ -481,26 +499,36 @@ static XSM_DEFAULT(int, machine_address_size) (struct
domain *d, uint32_t cmd)
static XSM_DEFAULT(int, hvm_param) (struct domain *d, unsigned long op)
{
+ if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, hvm_set_pci_intx_level) (struct domain *d)
{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, hvm_set_isa_irq_level) (struct domain *d)
{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, hvm_set_pci_link_route) (struct domain *d)
{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, hvm_inject_msi) (struct domain *d)
{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
return 0;
}
@@ -582,6 +610,8 @@ static XSM_DEFAULT(int, machine_memory_map) (void)
static XSM_DEFAULT(int, domain_memory_map) (struct domain *d)
{
+ if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
+ return -EPERM;
return 0;
}
@@ -605,11 +635,15 @@ static XSM_DEFAULT(int, update_va_mapping) (struct domain
*d, struct domain *f,
static XSM_DEFAULT(int, add_to_physmap) (struct domain *d1, struct domain *d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, remove_from_physmap) (struct domain *d1, struct domain
*d2)
{
+ if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
+ return -EPERM;
return 0;
}
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 08/19] arch/x86: convert platform_hypercall to use XSM
The newly introduced xsm_platform_op hook addresses new sub-ops, while
most ops already have their own XSM hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/platform_hypercall.c | 11 ++++++++---
xen/include/xsm/dummy.h | 7 +++++++
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 33 +++++++++++++++++++++++++++++++++
5 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index a3b5a6b..738bed0 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -66,15 +66,16 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
ret_t ret = 0;
struct xen_platform_op curop, *op = &curop;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_xenpf_op, 1) )
return -EFAULT;
if ( op->interface_version != XENPF_INTERFACE_VERSION )
return -EACCES;
+ ret = xsm_platform_op(op->cmd);
+ if ( ret )
+ return ret;
+
/*
* Trylock here avoids deadlock with an existing platform critical section
* which might (for some current or future reason) want to synchronise
@@ -511,6 +512,10 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
struct xenpf_pcpu_version *ver = &op->u.pcpu_version;
+ ret = xsm_getcpuinfo();
+ if ( ret )
+ break;
+
if ( !get_cpu_maps() )
{
ret = -EBUSY;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 17128f5..b77ab4a 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -574,6 +574,13 @@ static XSM_DEFAULT(int, platform_quirk) (uint32_t quirk)
return 0;
}
+static XSM_DEFAULT(int, platform_op) (uint32_t op)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, firmware_info) (void)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 5c3065b..a0c97cb 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -158,6 +158,7 @@ struct xsm_operations {
int (*microcode) (void);
int (*physinfo) (void);
int (*platform_quirk) (uint32_t);
+ int (*platform_op) (uint32_t cmd);
int (*firmware_info) (void);
int (*efi_call) (void);
int (*acpi_sleep) (void);
@@ -696,6 +697,11 @@ static inline int xsm_platform_quirk (uint32_t quirk)
return xsm_ops->platform_quirk(quirk);
}
+static inline int xsm_platform_op (uint32_t op)
+{
+ return xsm_ops->platform_op(op);
+}
+
static inline int xsm_firmware_info (void)
{
return xsm_ops->firmware_info();
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 47192d7..10f9c47 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -142,6 +142,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, microcode);
set_to_dummy_if_null(ops, physinfo);
set_to_dummy_if_null(ops, platform_quirk);
+ set_to_dummy_if_null(ops, platform_op);
set_to_dummy_if_null(ops, firmware_info);
set_to_dummy_if_null(ops, efi_call);
set_to_dummy_if_null(ops, acpi_sleep);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index cb8cf96..f9a2596 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1207,6 +1207,38 @@ static int flask_platform_quirk(uint32_t quirk)
XEN__QUIRK, NULL);
}
+static int flask_platform_op(uint32_t op)
+{
+ switch ( op )
+ {
+ case XENPF_settime:
+ case XENPF_add_memtype:
+ case XENPF_del_memtype:
+ case XENPF_read_memtype:
+ case XENPF_microcode_update:
+ case XENPF_platform_quirk:
+ case XENPF_firmware_info:
+ case XENPF_efi_runtime_call:
+ case XENPF_enter_acpi_sleep:
+ case XENPF_change_freq:
+ case XENPF_getidletime:
+ case XENPF_set_processor_pminfo:
+ case XENPF_get_cpuinfo:
+ case XENPF_get_cpu_version:
+ case XENPF_cpu_online:
+ case XENPF_cpu_offline:
+ case XENPF_cpu_hotadd:
+ case XENPF_mem_hotadd:
+ /* These operations have their own XSM hooks */
+ return 0;
+ case XENPF_core_parking:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+ default:
+ printk("flask_platform_op: Unknown op %d\n", op);
+ return -EPERM;
+ }
+}
+
static int flask_firmware_info(void)
{
return domain_has_xen(current->domain, XEN__FIRMWARE);
@@ -1577,6 +1609,7 @@ static struct xsm_operations flask_ops = {
.microcode = flask_microcode,
.physinfo = flask_physinfo,
.platform_quirk = flask_platform_quirk,
+ .platform_op = flask_platform_op,
.firmware_info = flask_firmware_info,
.efi_call = flask_efi_call,
.acpi_sleep = flask_acpi_sleep,
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 09/19] xen: lock target domain in do_domctl common code
Because almost all domctls need to lock the target domain, do this by
default instead of repeating it in each domctl. This is not currently
extended to the arch-specific domctls, but RCU locks are safe to take
recursively so this only causes duplicate but correct locking.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/common/domctl.c | 268 ++++++++++++----------------------------------------
1 file changed, 59 insertions(+), 209 deletions(-)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 2f49eb2..536bef5 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -243,6 +243,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
{
long ret = 0;
struct xen_domctl curop, *op = &curop;
+ struct domain *d;
if ( copy_from_guest(op, u_domctl, 1) )
return -EFAULT;
@@ -252,19 +253,29 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
switch ( op->cmd )
{
+ case XEN_DOMCTL_createdomain:
+ case XEN_DOMCTL_getdomaininfo:
+ case XEN_DOMCTL_test_assign_device:
+ d = NULL;
+ break;
+ default:
+ d = rcu_lock_domain_by_id(op->domain);
+ if ( d == NULL )
+ return -ESRCH;
+ }
+
+ switch ( op->cmd )
+ {
case XEN_DOMCTL_ioport_mapping:
case XEN_DOMCTL_memory_mapping:
case XEN_DOMCTL_bind_pt_irq:
case XEN_DOMCTL_unbind_pt_irq: {
- struct domain *d;
- bool_t is_priv = IS_PRIV(current->domain);
- if ( !is_priv && ((d = rcu_lock_domain_by_id(op->domain)) !=
NULL) )
+ bool_t is_priv = IS_PRIV_FOR(current->domain, d);
+ if ( !is_priv )
{
- is_priv = IS_PRIV_FOR(current->domain, d);
- rcu_unlock_domain(d);
+ ret = -EPERM;
+ goto domctl_out_unlock;
}
- if ( !is_priv )
- return -EPERM;
break;
}
case XEN_DOMCTL_getdomaininfo:
@@ -276,15 +287,18 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
}
if ( !domctl_lock_acquire() )
+ {
+ if ( d )
+ rcu_unlock_domain(d);
return hypercall_create_continuation(
__HYPERVISOR_domctl, "h", u_domctl);
+ }
switch ( op->cmd )
{
case XEN_DOMCTL_setvcpucontext:
{
- struct domain *d = rcu_lock_domain_by_id(op->domain);
vcpu_guest_context_u c = { .nat = NULL };
unsigned int vcpu = op->u.vcpucontext.vcpu;
struct vcpu *v;
@@ -338,77 +352,48 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
svc_out:
free_vcpu_guest_context(c.nat);
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_pausedomain:
{
- struct domain *d = rcu_lock_domain_by_id(op->domain);
- ret = -ESRCH;
- if ( d != NULL )
- {
- ret = xsm_pausedomain(d);
- if ( ret )
- goto pausedomain_out;
+ ret = xsm_pausedomain(d);
+ if ( ret )
+ break;
- ret = -EINVAL;
- if ( d != current->domain )
- {
- domain_pause_by_systemcontroller(d);
- ret = 0;
- }
- pausedomain_out:
- rcu_unlock_domain(d);
+ ret = -EINVAL;
+ if ( d != current->domain )
+ {
+ domain_pause_by_systemcontroller(d);
+ ret = 0;
}
}
break;
case XEN_DOMCTL_unpausedomain:
{
- struct domain *d = rcu_lock_domain_by_id(op->domain);
-
- ret = -ESRCH;
- if ( d == NULL )
- break;
-
ret = xsm_unpausedomain(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
domain_unpause_by_systemcontroller(d);
- rcu_unlock_domain(d);
ret = 0;
}
break;
case XEN_DOMCTL_resumedomain:
{
- struct domain *d = rcu_lock_domain_by_id(op->domain);
-
- ret = -ESRCH;
- if ( d == NULL )
- break;
-
ret = xsm_resumedomain(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
domain_resume(d);
- rcu_unlock_domain(d);
ret = 0;
}
break;
case XEN_DOMCTL_createdomain:
{
- struct domain *d;
domid_t dom;
static domid_t rover = 0;
unsigned int domcr_flags;
@@ -458,6 +443,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( IS_ERR(d) )
{
ret = PTR_ERR(d);
+ d = NULL;
break;
}
@@ -469,39 +455,28 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
op->domain = d->domain_id;
if ( copy_to_guest(u_domctl, op, 1) )
ret = -EFAULT;
+ d = NULL;
}
break;
case XEN_DOMCTL_max_vcpus:
{
- struct domain *d;
unsigned int i, max = op->u.max_vcpus.max, cpu;
cpumask_t *online;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
- break;
-
ret = -EINVAL;
if ( (d == current->domain) || /* no domain_pause() */
(max > MAX_VIRT_CPUS) ||
(is_hvm_domain(d) && (max > MAX_HVM_VCPUS)) )
- {
- rcu_unlock_domain(d);
break;
- }
ret = xsm_max_vcpus(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
/* Until Xenoprof can dynamically grow its vcpu-s array... */
if ( d->xenoprof )
{
- rcu_unlock_domain(d);
ret = -EAGAIN;
break;
}
@@ -576,44 +551,31 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
maxvcpu_out_novcpulock:
domain_unpause(d);
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_destroydomain:
{
- struct domain *d = rcu_lock_domain_by_id(op->domain);
- ret = -ESRCH;
- if ( d != NULL )
- {
- ret = xsm_destroydomain(d) ? : domain_kill(d);
- rcu_unlock_domain(d);
- }
+ ret = xsm_destroydomain(d) ? : domain_kill(d);
}
break;
case XEN_DOMCTL_setvcpuaffinity:
case XEN_DOMCTL_getvcpuaffinity:
{
- domid_t dom = op->domain;
- struct domain *d = rcu_lock_domain_by_id(dom);
struct vcpu *v;
- ret = -ESRCH;
- if ( d == NULL )
- break;
-
ret = xsm_vcpuaffinity(op->cmd, d);
if ( ret )
- goto vcpuaffinity_out;
+ break;
ret = -EINVAL;
if ( op->u.vcpuaffinity.vcpu >= d->max_vcpus )
- goto vcpuaffinity_out;
+ break;
ret = -ESRCH;
if ( (v = d->vcpu[op->u.vcpuaffinity.vcpu]) == NULL )
- goto vcpuaffinity_out;
+ break;
if ( op->cmd == XEN_DOMCTL_setvcpuaffinity )
{
@@ -632,36 +594,23 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
ret = cpumask_to_xenctl_cpumap(
&op->u.vcpuaffinity.cpumap, v->cpu_affinity);
}
-
- vcpuaffinity_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_scheduler_op:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
- break;
-
ret = xsm_scheduler(d);
if ( ret )
- goto scheduler_op_out;
+ break;
ret = sched_adjust(d, &op->u.scheduler_op);
if ( copy_to_guest(u_domctl, op, 1) )
ret = -EFAULT;
-
- scheduler_op_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_getdomaininfo:
{
- struct domain *d;
domid_t dom = op->domain;
rcu_read_lock(&domlist_read_lock);
@@ -689,19 +638,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
getdomaininfo_out:
rcu_read_unlock(&domlist_read_lock);
+ d = NULL;
}
break;
case XEN_DOMCTL_getvcpucontext:
{
vcpu_guest_context_u c = { .nat = NULL };
- struct domain *d;
struct vcpu *v;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
- break;
-
ret = xsm_getvcpucontext(d);
if ( ret )
goto getvcpucontext_out;
@@ -750,31 +695,25 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
getvcpucontext_out:
xfree(c.nat);
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_getvcpuinfo:
{
- struct domain *d;
struct vcpu *v;
struct vcpu_runstate_info runstate;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
- break;
-
ret = xsm_getvcpuinfo(d);
if ( ret )
- goto getvcpuinfo_out;
+ break;
ret = -EINVAL;
if ( op->u.getvcpuinfo.vcpu >= d->max_vcpus )
- goto getvcpuinfo_out;
+ break;
ret = -ESRCH;
if ( (v = d->vcpu[op->u.getvcpuinfo.vcpu]) == NULL )
- goto getvcpuinfo_out;
+ break;
vcpu_runstate_get(v, &runstate);
@@ -787,25 +726,16 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( copy_to_guest(u_domctl, op, 1) )
ret = -EFAULT;
-
- getvcpuinfo_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_max_mem:
{
- struct domain *d;
unsigned long new_max;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
-
ret = xsm_setdomainmaxmem(d);
if ( ret )
- goto max_mem_out;
+ break;
ret = -EINVAL;
new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
@@ -819,77 +749,43 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
d->max_pages = new_max;
ret = 0;
spin_unlock(&d->page_alloc_lock);
-
- max_mem_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_setdomainhandle:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
-
ret = xsm_setdomainhandle(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
memcpy(d->handle, op->u.setdomainhandle.handle,
sizeof(xen_domain_handle_t));
- rcu_unlock_domain(d);
ret = 0;
}
break;
case XEN_DOMCTL_setdebugging:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
-
ret = -EINVAL;
if ( d == current->domain ) /* no domain_pause() */
- {
- rcu_unlock_domain(d);
break;
- }
ret = xsm_setdebugging(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
domain_pause(d);
d->debugger_attached = !!op->u.setdebugging.enable;
domain_unpause(d); /* causes guest to latch new status */
- rcu_unlock_domain(d);
ret = 0;
}
break;
case XEN_DOMCTL_irq_permission:
{
- struct domain *d;
unsigned int pirq = op->u.irq_permission.pirq;
int allow = op->u.irq_permission.allow_access;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
-
if ( pirq >= d->nr_pirqs )
ret = -EINVAL;
else if ( xsm_irq_permission(d, pirq, allow) )
@@ -898,14 +794,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
ret = irq_permit_access(d, pirq);
else
ret = irq_deny_access(d, pirq);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_iomem_permission:
{
- struct domain *d;
unsigned long mfn = op->u.iomem_permission.first_mfn;
unsigned long nr_mfns = op->u.iomem_permission.nr_mfns;
int allow = op->u.iomem_permission.allow_access;
@@ -914,125 +807,78 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */
break;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
-
if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
ret = -EPERM;
else if ( allow )
ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
else
ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_settimeoffset:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
-
ret = xsm_domain_settime(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
domain_set_time_offset(d, op->u.settimeoffset.time_offset_seconds);
- rcu_unlock_domain(d);
ret = 0;
}
break;
case XEN_DOMCTL_set_target:
{
- struct domain *d, *e;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d == NULL )
- break;
+ struct domain *e;
ret = -ESRCH;
e = get_domain_by_id(op->u.set_target.target);
if ( e == NULL )
- goto set_target_out;
+ break;
ret = -EINVAL;
if ( (d == e) || (d->target != NULL) )
{
put_domain(e);
- goto set_target_out;
+ break;
}
ret = xsm_set_target(d, e);
if ( ret ) {
put_domain(e);
- goto set_target_out;
+ break;
}
/* Hold reference on @e until we destroy @d. */
d->target = e;
ret = 0;
-
- set_target_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_subscribe:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d != NULL )
- {
- ret = xsm_domctl(d, op->cmd);
- if ( !ret )
- d->suspend_evtchn = op->u.subscribe.port;
- rcu_unlock_domain(d);
- }
+ ret = xsm_domctl(d, op->cmd);
+ if ( !ret )
+ d->suspend_evtchn = op->u.subscribe.port;
}
break;
case XEN_DOMCTL_disable_migrate:
{
- struct domain *d;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(op->domain)) != NULL )
- {
- ret = xsm_domctl(d, op->cmd);
- if ( !ret )
- d->disable_migrate = op->u.disable_migrate.disable;
- rcu_unlock_domain(d);
- }
+ ret = xsm_domctl(d, op->cmd);
+ if ( !ret )
+ d->disable_migrate = op->u.disable_migrate.disable;
}
break;
case XEN_DOMCTL_set_virq_handler:
{
- struct domain *d;
uint32_t virq = op->u.set_virq_handler.virq;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(op->domain);
- if ( d != NULL )
- {
- ret = xsm_set_virq_handler(d, virq);
- if ( !ret )
- ret = set_global_virq_handler(d, virq);
- rcu_unlock_domain(d);
- }
+ ret = xsm_set_virq_handler(d, virq);
+ if ( !ret )
+ ret = set_global_virq_handler(d, virq);
}
break;
@@ -1043,6 +889,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
domctl_lock_release();
+ domctl_out_unlock:
+ if ( d )
+ rcu_unlock_domain(d);
+
return ret;
}
--
1.7.11.7
The xsm_domctl hook now covers every domctl, in addition to the more
fine-grained XSM hooks in most sub-functions. This also removes the need
to special-case XEN_DOMCTL_getdomaininfo.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/domctl.c | 2 +-
xen/common/domctl.c | 32 +++----------------
xen/include/xsm/dummy.h | 16 ++++++++--
xen/xsm/flask/hooks.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++-
4 files changed, 104 insertions(+), 31 deletions(-)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 7069d7a..30518aa 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1534,7 +1534,7 @@ long arch_do_domctl(
{
struct domain *d;
- ret = rcu_lock_remote_target_domain_by_id(domctl->domain, &d);
+ ret = rcu_lock_remote_domain_by_id(domctl->domain, &d);
if ( ret != 0 )
break;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 536bef5..46bb0e3 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -264,27 +264,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
return -ESRCH;
}
- switch ( op->cmd )
- {
- case XEN_DOMCTL_ioport_mapping:
- case XEN_DOMCTL_memory_mapping:
- case XEN_DOMCTL_bind_pt_irq:
- case XEN_DOMCTL_unbind_pt_irq: {
- bool_t is_priv = IS_PRIV_FOR(current->domain, d);
- if ( !is_priv )
- {
- ret = -EPERM;
- goto domctl_out_unlock;
- }
- break;
- }
- case XEN_DOMCTL_getdomaininfo:
- break;
- default:
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- break;
- }
+ ret = xsm_domctl(d, op->cmd);
+ if ( ret )
+ goto domctl_out_unlock;
if ( !domctl_lock_acquire() )
{
@@ -858,17 +840,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_subscribe:
{
- ret = xsm_domctl(d, op->cmd);
- if ( !ret )
- d->suspend_evtchn = op->u.subscribe.port;
+ d->suspend_evtchn = op->u.subscribe.port;
}
break;
case XEN_DOMCTL_disable_migrate:
{
- ret = xsm_domctl(d, op->cmd);
- if ( !ret )
- d->disable_migrate = op->u.disable_migrate.disable;
+ d->disable_migrate = op->u.disable_migrate.disable;
}
break;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index b77ab4a..f5fe89f 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -64,8 +64,6 @@ static XSM_DEFAULT(int, scheduler) (struct domain *d)
static XSM_DEFAULT(int, getdomaininfo) (struct domain *d)
{
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
return 0;
}
@@ -91,6 +89,20 @@ static XSM_DEFAULT(int, set_target) (struct domain *d, struct
domain *e)
static XSM_DEFAULT(int, domctl)(struct domain *d, int cmd)
{
+ switch ( cmd )
+ {
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq: {
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
+ break;
+ }
+ default:
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ }
return 0;
}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f9a2596..2e002f0 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -589,7 +589,90 @@ static int flask_set_target(struct domain *d, struct domain
*e)
static int flask_domctl(struct domain *d, int cmd)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SET_MISC_INFO);
+ switch ( cmd )
+ {
+ /* These have individual XSM hooks (common/domctl.c) */
+ case XEN_DOMCTL_createdomain:
+ case XEN_DOMCTL_destroydomain:
+ case XEN_DOMCTL_pausedomain:
+ case XEN_DOMCTL_unpausedomain:
+ case XEN_DOMCTL_getdomaininfo:
+ case XEN_DOMCTL_setvcpuaffinity:
+ case XEN_DOMCTL_max_mem:
+ case XEN_DOMCTL_setvcpucontext:
+ case XEN_DOMCTL_getvcpucontext:
+ case XEN_DOMCTL_getvcpuinfo:
+ case XEN_DOMCTL_max_vcpus:
+ case XEN_DOMCTL_scheduler_op:
+ case XEN_DOMCTL_setdomainhandle:
+ case XEN_DOMCTL_setdebugging:
+ case XEN_DOMCTL_irq_permission:
+ case XEN_DOMCTL_iomem_permission:
+ case XEN_DOMCTL_settimeoffset:
+ case XEN_DOMCTL_getvcpuaffinity:
+ case XEN_DOMCTL_resumedomain:
+ case XEN_DOMCTL_set_target:
+ case XEN_DOMCTL_set_virq_handler:
+#ifdef CONFIG_X86
+ /* These have individual XSM hooks (arch/x86/domctl.c) */
+ case XEN_DOMCTL_shadow_op:
+ case XEN_DOMCTL_ioport_permission:
+ case XEN_DOMCTL_getpageframeinfo:
+ case XEN_DOMCTL_getpageframeinfo2:
+ case XEN_DOMCTL_getpageframeinfo3:
+ case XEN_DOMCTL_getmemlist:
+ case XEN_DOMCTL_hypercall_init:
+ case XEN_DOMCTL_sethvmcontext:
+ case XEN_DOMCTL_gethvmcontext:
+ case XEN_DOMCTL_gethvmcontext_partial:
+ case XEN_DOMCTL_set_address_size:
+ case XEN_DOMCTL_get_address_size:
+ case XEN_DOMCTL_set_machine_address_size:
+ case XEN_DOMCTL_get_machine_address_size:
+ case XEN_DOMCTL_sendtrigger:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_pin_mem_cacheattr:
+ case XEN_DOMCTL_set_ext_vcpucontext:
+ case XEN_DOMCTL_get_ext_vcpucontext:
+ case XEN_DOMCTL_setvcpuextstate:
+ case XEN_DOMCTL_getvcpuextstate:
+ case XEN_DOMCTL_mem_event_op:
+ case XEN_DOMCTL_mem_sharing_op:
+ case XEN_DOMCTL_set_access_required:
+ /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
+ case XEN_DOMCTL_get_device_group:
+ case XEN_DOMCTL_test_assign_device:
+ case XEN_DOMCTL_assign_device:
+ case XEN_DOMCTL_deassign_device:
+#endif
+ return 0;
+
+ case XEN_DOMCTL_subscribe:
+ case XEN_DOMCTL_disable_migrate:
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
+ DOMAIN__SET_MISC_INFO);
+
+ case XEN_DOMCTL_set_cpuid:
+ case XEN_DOMCTL_suppress_spurious_page_faults:
+ case XEN_DOMCTL_debug_op:
+ case XEN_DOMCTL_gettscinfo:
+ case XEN_DOMCTL_settscinfo:
+ case XEN_DOMCTL_audit_p2m:
+ case XEN_DOMCTL_gdbsx_guestmemio:
+ case XEN_DOMCTL_gdbsx_pausevcpu:
+ case XEN_DOMCTL_gdbsx_unpausevcpu:
+ case XEN_DOMCTL_gdbsx_domstatus:
+ /* TODO add per-subfunction hooks */
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+ default:
+ printk("flask_domctl: Unknown op %d\n", cmd);
+ return -EPERM;
+ }
}
static int flask_set_virq_handler(struct domain *d, uint32_t virq)
--
1.7.11.7
The xsm_sysctl hook now covers every sysctl, in addition to the more
fine-grained XSM hooks in most sub-functions.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/common/sysctl.c | 7 ++++---
xen/include/xsm/dummy.h | 7 +++++++
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 33 +++++++++++++++++++++++++++++++++
5 files changed, 51 insertions(+), 3 deletions(-)
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index 47142f4..599430e 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -33,15 +33,16 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
struct xen_sysctl curop, *op = &curop;
static DEFINE_SPINLOCK(sysctl_lock);
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_sysctl, 1) )
return -EFAULT;
if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION )
return -EACCES;
+ ret = xsm_sysctl(op->cmd);
+ if ( ret )
+ return ret;
+
/*
* Trylock here avoids deadlock with an existing sysctl critical section
* which might (for some current or future reason) want to synchronise
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index f5fe89f..073217a 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -106,6 +106,13 @@ static XSM_DEFAULT(int, domctl)(struct domain *d, int cmd)
return 0;
}
+static XSM_DEFAULT(int, sysctl)(int cmd)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, set_virq_handler)(struct domain *d, uint32_t virq)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index a0c97cb..4900d1f 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -58,6 +58,7 @@ struct xsm_operations {
int (*domain_settime) (struct domain *d);
int (*set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
+ int (*sysctl) (int cmd);
int (*set_virq_handler) (struct domain *d, uint32_t virq);
int (*tbufcontrol) (void);
int (*readconsole) (uint32_t clear);
@@ -265,6 +266,11 @@ static inline int xsm_domctl (struct domain *d, int cmd)
return xsm_ops->domctl(d, cmd);
}
+static inline int xsm_sysctl (int cmd)
+{
+ return xsm_ops->sysctl(cmd);
+}
+
static inline int xsm_set_virq_handler (struct domain *d, uint32_t virq)
{
return xsm_ops->set_virq_handler(d, virq);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 10f9c47..43e8617 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -44,6 +44,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, domain_settime);
set_to_dummy_if_null(ops, set_target);
set_to_dummy_if_null(ops, domctl);
+ set_to_dummy_if_null(ops, sysctl);
set_to_dummy_if_null(ops, set_virq_handler);
set_to_dummy_if_null(ops, tbufcontrol);
set_to_dummy_if_null(ops, readconsole);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 2e002f0..e25dd1c 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -675,6 +675,38 @@ static int flask_domctl(struct domain *d, int cmd)
}
}
+static int flask_sysctl(int cmd)
+{
+ switch ( cmd )
+ {
+ /* These have individual XSM hooks */
+ case XEN_SYSCTL_readconsole:
+ case XEN_SYSCTL_tbuf_op:
+ case XEN_SYSCTL_sched_id:
+ case XEN_SYSCTL_perfc_op:
+ case XEN_SYSCTL_getdomaininfolist:
+ case XEN_SYSCTL_debug_keys:
+ case XEN_SYSCTL_getcpuinfo:
+ case XEN_SYSCTL_availheap:
+ case XEN_SYSCTL_get_pmstat:
+ case XEN_SYSCTL_pm_op:
+ case XEN_SYSCTL_page_offline_op:
+ case XEN_SYSCTL_lockprof_op:
+ case XEN_SYSCTL_cpupool_op:
+ case XEN_SYSCTL_scheduler_op:
+#ifdef CONFIG_X86
+ case XEN_SYSCTL_physinfo:
+ case XEN_SYSCTL_cpu_hotplug:
+ case XEN_SYSCTL_topologyinfo:
+ case XEN_SYSCTL_numainfo:
+#endif
+ return 0;
+ default:
+ printk("flask_sysctl: Unknown op %d\n", cmd);
+ return -EPERM;
+ }
+}
+
static int flask_set_virq_handler(struct domain *d, uint32_t virq)
{
return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SET_VIRQ_HANDLER);
@@ -1601,6 +1633,7 @@ static struct xsm_operations flask_ops = {
.domain_settime = flask_domain_settime,
.set_target = flask_set_target,
.domctl = flask_domctl,
+ .sysctl = flask_sysctl,
.set_virq_handler = flask_set_virq_handler,
.tbufcontrol = flask_tbufcontrol,
.readconsole = flask_readconsole,
--
1.7.11.7
The FLASK module was missing implementations of some hooks and did not
have access vectors defined for 10 domctls; define these now.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
tools/flask/policy/policy/flask/access_vectors | 5 ++
tools/flask/policy/policy/modules/xen/xen.if | 4 +-
xen/xsm/flask/hooks.c | 66 +++++++++++++++++++++-----
xen/xsm/flask/include/av_perm_to_string.h | 5 ++
xen/xsm/flask/include/av_permissions.h | 5 ++
5 files changed, 73 insertions(+), 12 deletions(-)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index 11d02da..ea65e45 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -80,6 +80,9 @@ class domain2
relabelself
make_priv_for
set_as_target
+ set_cpuid
+ gettsc
+ settsc
}
class hvm
@@ -97,6 +100,8 @@ class hvm
hvmctl
mem_event
mem_sharing
+ audit_p2m
+ send_irq
}
class event
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index 2ad11b2..59ba171 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -29,6 +29,7 @@ define(`create_domain_common'', `
getdomaininfo hypercall setvcpucontext setextvcpucontext
scheduler getvcpuinfo getvcpuextstate getaddrsize
getvcpuaffinity setvcpuaffinity };
+ allow $1 $2:domain2 { set_cpuid settsc };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
@@ -67,6 +68,7 @@ define(`migrate_domain_out'', `
allow $1 $2:hvm { gethvmc getparam irqlevel };
allow $1 $2:mmu { stat pageinfo map_read };
allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext
getvcpuextstate pause destroy };
+ allow $1 $2:domain2 gettsc;
'')
################################################################################
@@ -112,7 +114,7 @@ define(`device_model'', `
domain_comms($1, $2)
allow $1 $2:domain { set_target shutdown };
allow $1 $2:mmu { map_read map_write adjust physmap };
- allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute };
+ allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute
cacheattr send_irq };
'')
################################################################################
#
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index e25dd1c..dbbf34f 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -650,25 +650,32 @@ static int flask_domctl(struct domain *d, int cmd)
#endif
return 0;
+ case XEN_DOMCTL_debug_op:
+ case XEN_DOMCTL_gdbsx_guestmemio:
+ case XEN_DOMCTL_gdbsx_pausevcpu:
+ case XEN_DOMCTL_gdbsx_unpausevcpu:
+ case XEN_DOMCTL_gdbsx_domstatus:
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
+ DOMAIN__SETDEBUGGING);
+
case XEN_DOMCTL_subscribe:
case XEN_DOMCTL_disable_migrate:
+ case XEN_DOMCTL_suppress_spurious_page_faults:
return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SET_MISC_INFO);
case XEN_DOMCTL_set_cpuid:
- case XEN_DOMCTL_suppress_spurious_page_faults:
- case XEN_DOMCTL_debug_op:
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__SET_CPUID);
+
case XEN_DOMCTL_gettscinfo:
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__GETTSC);
+
case XEN_DOMCTL_settscinfo:
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__SETTSC);
+
case XEN_DOMCTL_audit_p2m:
- case XEN_DOMCTL_gdbsx_guestmemio:
- case XEN_DOMCTL_gdbsx_pausevcpu:
- case XEN_DOMCTL_gdbsx_unpausevcpu:
- case XEN_DOMCTL_gdbsx_domstatus:
- /* TODO add per-subfunction hooks */
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- return 0;
+ return domain_has_perm(current->domain, d, SECCLASS_HVM,
HVM__AUDIT_P2M);
+
default:
printk("flask_domctl: Unknown op %d\n", cmd);
return -EPERM;
@@ -921,6 +928,11 @@ static int flask_iomem_permission(struct domain *d,
uint64_t start, uint64_t end
return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
}
+static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end,
uint8_t access)
+{
+ return flask_iomem_permission(d, start, end, access);
+}
+
static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access)
{
u32 rsid;
@@ -1128,7 +1140,6 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned
long start, unsigned long
return avc_has_perm(data->tsec->sid, sid, SECCLASS_RESOURCE,
RESOURCE__USE, &ad);
}
-
static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t
end, uint8_t access)
{
int rc;
@@ -1151,6 +1162,11 @@ static int flask_ioport_permission(struct domain *d,
uint32_t start, uint32_t en
return security_iterate_ioport_sids(start, end, _ioport_has_perm,
&data);
}
+static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t end,
uint8_t access)
+{
+ return flask_ioport_permission(d, start, end, access);
+}
+
static int flask_getpageframeinfo(struct domain *d)
{
return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGEINFO);
@@ -1209,6 +1225,25 @@ static int flask_address_size(struct domain *d, uint32_t
cmd)
return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
}
+static int flask_machine_address_size(struct domain *d, uint32_t cmd)
+{
+ u32 perm;
+
+ switch ( cmd )
+ {
+ case XEN_DOMCTL_set_machine_address_size:
+ perm = DOMAIN__SETADDRSIZE;
+ break;
+ case XEN_DOMCTL_get_machine_address_size:
+ perm = DOMAIN__GETADDRSIZE;
+ break;
+ default:
+ return -EPERM;
+ }
+
+ return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
+}
+
static int flask_hvm_param(struct domain *d, unsigned long op)
{
u32 perm;
@@ -1246,6 +1281,11 @@ static int flask_hvm_set_pci_link_route(struct domain *d)
return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__PCIROUTE);
}
+static int flask_hvm_inject_msi(struct domain *d)
+{
+ return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__SEND_IRQ);
+}
+
static int flask_mem_event(struct domain *d)
{
return domain_has_perm(current->domain, d, SECCLASS_HVM,
HVM__MEM_EVENT);
@@ -1689,6 +1729,7 @@ static struct xsm_operations flask_ops = {
.unmap_domain_pirq = flask_unmap_domain_pirq,
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
+ .iomem_mapping = flask_iomem_mapping,
.pci_config_permission = flask_pci_config_permission,
.resource_plug_core = flask_resource_plug_core,
@@ -1713,10 +1754,12 @@ static struct xsm_operations flask_ops = {
.hypercall_init = flask_hypercall_init,
.hvmcontext = flask_hvmcontext,
.address_size = flask_address_size,
+ .machine_address_size = flask_machine_address_size,
.hvm_param = flask_hvm_param,
.hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
.hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
.hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
+ .hvm_inject_msi = flask_hvm_inject_msi,
.mem_event = flask_mem_event,
.mem_sharing = flask_mem_sharing,
.apic = flask_apic,
@@ -1749,6 +1792,7 @@ static struct xsm_operations flask_ops = {
.ext_vcpucontext = flask_ext_vcpucontext,
.vcpuextstate = flask_vcpuextstate,
.ioport_permission = flask_ioport_permission,
+ .ioport_mapping = flask_ioport_mapping,
#endif
};
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index 10f8e80..894910c 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -66,6 +66,9 @@
S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself")
S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for")
S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID, "set_cpuid")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__GETTSC, "gettsc")
+ S_(SECCLASS_DOMAIN2, DOMAIN2__SETTSC, "settsc")
S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
@@ -79,6 +82,8 @@
S_(SECCLASS_HVM, HVM__HVMCTL, "hvmctl")
S_(SECCLASS_HVM, HVM__MEM_EVENT, "mem_event")
S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing")
+ S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m")
+ S_(SECCLASS_HVM, HVM__SEND_IRQ, "send_irq")
S_(SECCLASS_EVENT, EVENT__BIND, "bind")
S_(SECCLASS_EVENT, EVENT__SEND, "send")
S_(SECCLASS_EVENT, EVENT__STATUS, "status")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index f7cfee1..1bdb515 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -68,6 +68,9 @@
#define DOMAIN2__RELABELSELF 0x00000004UL
#define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL
#define DOMAIN2__SET_AS_TARGET 0x00000010UL
+#define DOMAIN2__SET_CPUID 0x00000020UL
+#define DOMAIN2__GETTSC 0x00000040UL
+#define DOMAIN2__SETTSC 0x00000080UL
#define HVM__SETHVMC 0x00000001UL
#define HVM__GETHVMC 0x00000002UL
@@ -82,6 +85,8 @@
#define HVM__HVMCTL 0x00000400UL
#define HVM__MEM_EVENT 0x00000800UL
#define HVM__MEM_SHARING 0x00001000UL
+#define HVM__AUDIT_P2M 0x00002000UL
+#define HVM__SEND_IRQ 0x00004000UL
#define EVENT__BIND 0x00000001UL
#define EVENT__SEND 0x00000002UL
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 13/19] xsm/flask: add distinct SIDs for self/target access
Because the FLASK XSM module no longer checks IS_PRIV for remote domain
accesses covered by XSM permissions, domains now have the ability to
perform memory management and other functions on all domains that have
the same type. While it is possible to prevent this by only creating one
domain per type, this solution significantly limits the flexibility of
the type system.
This patch introduces a domain type transition to represent a domain
that is operating on itself. In the example policy, this is demonstrated
by creating a type with _self appended when declaring a domain type
which will be used for reflexive operations. AVCs for a domain of type
domU_t will look like the following:
scontext=system_u:system_r:domU_t tcontext=system_u:system_r:domU_t_self
This change also allows policy to distinguish between event channels a
domain creates to itself and event channels created between domains of
the same type.
The IS_PRIV_FOR check used for device model domains is also no longer
checked by FLASK; a similar transition is performed when the target is
set and used when the device model accesses its target domain.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
docs/misc/xsm-flask.txt | 43 ++-
tools/flask/policy/policy/modules/xen/xen.if | 60 +++-
tools/flask/policy/policy/modules/xen/xen.te | 13 +-
xen/xsm/flask/flask_op.c | 9 +
xen/xsm/flask/hooks.c | 422 +++++++++++++--------------
xen/xsm/flask/include/objsec.h | 2 +
6 files changed, 307 insertions(+), 242 deletions(-)
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 0778a28..ff81b01 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -68,9 +68,43 @@ HVM domains with stubdomain device models use two types (one
per domain):
- dm_dom_t is the device model for a domain with type domHVM_t
One disadvantage of using type enforcement to enforce isolation is that a new
-type is needed for each group of domains. In addition, it is not possible to
-allow isolated_domU_t cannot to create loopback event channels without allowing
-two domains of type isolated_domU_t to communicate with one another.
+type is needed for each group of domains. The user field can be used to address
+this for the most common case of groups that can communicate internally but not
+externally; see "Users and roles" below.
+
+Type transitions
+----------------
+
+Xen defines a number of operations such as memory mapping that are necessary
for
+a domain to perform on itself, but are also undesirable to allow a domain to
+perform on every other domain of the same label. While it is possible to
address
+this by only creating one domain per type, this solution significantly limits
+the flexibility of the type system. Another method to address this issue is to
+duplicate the permission names for every operation that can be performed on the
+current domain or on other domains; however, this significantly increases the
+necessary number of permissions and complicates the XSM hooks. Instead, this is
+addressed by allowing a distinct type to be used for a domain''s access
to
+itself. The same applies for a device model domain''s access to its
designated
+target, allowing the IS_PRIV_FOR checks used in Xen''s DAC model to be
+implemented in FLASK.
+
+Upon domain creation (or relabel), a type transition is computed using the
+domain''s label as the source and target. The result of this
computation is used
+as the target when the domain accesses itself. In the example policy, this
+computed type is the result of appending _self to a domain''s type:
domU_t_self
+for domU_t. If no type transition rule exists, the domain will continue to use
+its own label for both the source and target. An AVC message will look like:
+
+ scontext=system_u:system_r:domU_t tcontext=system_u:system_r:domU_t_self
+
+A similar type transition is done when a device model domain is associated with
+its target using the set_target operation. The transition is computed with the
+target domain as the source and the device model domain as the target: this
+ordering was chosen in order to preserve the original label for the target when
+no type transition rule exists. In the example policy, these computed types are
+the result of appending _target to the domain.
+
+Type transitions are also used to compute the labels of event channels.
Users and roles
---------------
@@ -84,7 +118,8 @@ the customer_1 user.
Access control rules involving users and roles are defined in the policy
constraints file (tools/flask/policy/policy/constraints). The example policy
provides constraints that prevent different users from communicating using
-grants or event channels, while still allowing communication with dom0.
+grants or event channels, while still allowing communication with the system_u
+user where dom0 resides.
Resource Policy
---------------
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index 59ba171..d630f47 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -5,15 +5,34 @@
# Domain creation and setup
#
################################################################################
+define(`declare_domain_common'', `
+ allow $1 $2:grant { query setup };
+ allow $1 $2:mmu { adjust physmap map_read map_write stat pinpage updatemp };
+ allow $1 $2:hvm { getparam setparam };
+'')
+
# declare_domain(type, attrs...)
-# Declare a type as a domain type, and allow basic domain setup
+# Declare a domain type, along with associated _self and _channel types
+# Allow the domain to perform basic operations on itself
define(`declare_domain'', `
type $1, domain_type`''ifelse(`$#'', `1'',
`'', `,shift($@)'');
+ type $1_self, domain_type, domain_self_type;
+ type_transition $1 $1:domain $1_self;
+ type $1_channel, event_type;
+ type_transition $1 domain_type:event $1_channel;
+ declare_domain_common($1, $1_self)
+'')
+
+# declare_singleton_domain(type, attrs...)
+# Declare a domain type and associated _channel types.
+# Note: Because the domain can perform basic operations on itself and any
+# other domain of the same type, this constructor should be used for types
+# containing at most one domain. This is not enforced by policy.
+define(`declare_singleton_domain'', `
+ type $1, domain_type`''ifelse(`$#'', `1'',
`'', `,shift($@)'');
type $1_channel, event_type;
type_transition $1 domain_type:event $1_channel;
- allow $1 $1:grant { query setup };
- allow $1 $1:mmu { adjust physmap map_read map_write stat pinpage };
- allow $1 $1:hvm { getparam setparam };
+ declare_domain_common($1, $1)
'')
# declare_build_label(type)
@@ -51,6 +70,7 @@ define(`create_domain_build_label'', `
allow $1 $2_channel:event create;
allow $1 $2_building:domain2 relabelfrom;
allow $1 $2:domain2 relabelto;
+ allow $2_building $2:domain transition;
'')
# manage_domain(priv, target)
@@ -101,20 +121,36 @@ define(`domain_comms'', `
'')
# domain_self_comms(domain)
-# Allow a domain types to communicate with others of its type using grants
-# and event channels (this includes event channels to DOMID_SELF)
+# Allow a non-singleton domain type to communicate with itself using grants
+# and event channels
define(`domain_self_comms'', `
- create_channel($1, $1, $1_channel)
- allow $1 $1:grant { map_read map_write copy unmap };
+ create_channel($1, $1_self, $1_channel)
+ allow $1 $1_self:grant { map_read map_write copy unmap };
'')
# device_model(dm_dom, hvm_dom)
# Define how a device model domain interacts with its target
define(`device_model'', `
- domain_comms($1, $2)
- allow $1 $2:domain { set_target shutdown };
- allow $1 $2:mmu { map_read map_write adjust physmap };
- allow $1 $2:hvm { getparam setparam trackdirtyvram hvmctl irqlevel pciroute
cacheattr send_irq };
+ type $2_target, domain_type, domain_target_type;
+ type_transition $2 $1:domain $2_target;
+ allow $1 $2:domain set_target;
+
+ type_transition $2_target domain_type:event $2_channel;
+ create_channel($1, $2_target, $1_channel)
+ create_channel($2, $1, $2_channel)
+ allow $1 $2_channel:event create;
+
+ allow $1 $2_target:domain shutdown;
+ allow $1 $2_target:mmu { map_read map_write adjust physmap };
+ allow $1 $2_target:hvm { getparam setparam trackdirtyvram hvmctl irqlevel
pciroute cacheattr send_irq };
+'')
+
+# make_device_model(priv, dm_dom, hvm_dom)
+# Allow creation of a device model and HVM domain pair
+define(`make_device_model'', `
+ device_model($2, $3)
+ allow $1 $2:domain2 make_priv_for;
+ allow $1 $3:domain2 set_as_target;
'')
################################################################################
#
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index 1162153..8d33285 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -8,6 +8,8 @@
################################################################################
attribute xen_type;
attribute domain_type;
+attribute domain_self_type;
+attribute domain_target_type;
attribute resource_type;
attribute event_type;
attribute mls_priv;
@@ -25,7 +27,7 @@ attribute mls_priv;
type xen_t, xen_type, mls_priv;
# Domain 0
-declare_domain(dom0_t, mls_priv);
+declare_singleton_domain(dom0_t, mls_priv);
# Untracked I/O memory (pseudo-domain)
type domio_t, xen_type;
@@ -69,7 +71,7 @@ admin_device(dom0_t, ioport_t)
admin_device(dom0_t, iomem_t)
allow dom0_t domio_t:mmu { map_read map_write };
-domain_self_comms(dom0_t)
+domain_comms(dom0_t, dom0_t)
auditallow dom0_t security_t:security { load_policy setenforce setbool };
@@ -84,11 +86,14 @@ domain_self_comms(domU_t)
create_domain(dom0_t, domU_t)
manage_domain(dom0_t, domU_t)
domain_comms(dom0_t, domU_t)
+domain_comms(domU_t, domU_t)
+domain_self_comms(domU_t)
declare_domain(isolated_domU_t)
create_domain(dom0_t, isolated_domU_t)
manage_domain(dom0_t, isolated_domU_t)
domain_comms(dom0_t, isolated_domU_t)
+domain_self_comms(isolated_domU_t)
# Declare a boolean that denies creation of prot_domU_t domains
gen_bool(prot_doms_locked, false)
@@ -98,6 +103,8 @@ if (!prot_doms_locked) {
}
domain_comms(dom0_t, prot_domU_t)
domain_comms(domU_t, prot_domU_t)
+domain_comms(prot_domU_t, prot_domU_t)
+domain_self_comms(prot_domU_t)
# domHVM_t is meant to be paired with a qemu-dm stub domain of type dm_dom_t
declare_domain(domHVM_t)
@@ -110,7 +117,7 @@ declare_domain(dm_dom_t)
create_domain(dom0_t, dm_dom_t)
manage_domain(dom0_t, dm_dom_t)
domain_comms(dom0_t, dm_dom_t)
-device_model(dm_dom_t, domHVM_t)
+make_device_model(dom0_t, dm_dom_t, domHVM_t)
# nomigrate_t must be built via the nomigrate_t_building label; once built,
# dom0 cannot read its memory.
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index a5d7748..4426ab9 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -612,6 +612,15 @@ static int flask_relabel_domain(struct xen_flask_relabel
*arg)
goto out;
dsec->sid = arg->sid;
+ dsec->self_sid = arg->sid;
+ security_transition_sid(dsec->sid, dsec->sid, SECCLASS_DOMAIN,
+ &dsec->self_sid);
+ if ( d->target )
+ {
+ struct domain_security_struct *tsec = d->target->ssid;
+ security_transition_sid(tsec->sid, dsec->sid, SECCLASS_DOMAIN,
+ &dsec->target_sid);
+ }
out:
rcu_unlock_domain(d);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index dbbf34f..a8475ea 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -33,38 +33,69 @@
struct xsm_operations *original_ops = NULL;
+static u32 domain_sid(struct domain *dom)
+{
+ struct domain_security_struct *dsec = dom->ssid;
+ return dsec->sid;
+}
+
+static u32 domain_target_sid(struct domain *src, struct domain *dst)
+{
+ struct domain_security_struct *ssec = src->ssid;
+ struct domain_security_struct *dsec = dst->ssid;
+ if (src == dst)
+ return ssec->self_sid;
+ if (src->target == dst)
+ return ssec->target_sid;
+ return dsec->sid;
+}
+
+static u32 evtchn_sid(const struct evtchn *chn)
+{
+ struct evtchn_security_struct *esec = chn->ssid;
+ return esec->sid;
+}
+
static int domain_has_perm(struct domain *dom1, struct domain *dom2,
u16 class, u32 perms)
{
- struct domain_security_struct *dsec1, *dsec2;
+ u32 ssid, tsid;
struct avc_audit_data ad;
AVC_AUDIT_DATA_INIT(&ad, NONE);
ad.sdom = dom1;
ad.tdom = dom2;
- dsec1 = dom1->ssid;
- dsec2 = dom2->ssid;
+ ssid = domain_sid(dom1);
+ tsid = domain_target_sid(dom1, dom2);
- return avc_has_perm(dsec1->sid, dsec2->sid, class, perms, &ad);
+ return avc_has_perm(ssid, tsid, class, perms, &ad);
}
-static int domain_has_evtchn(struct domain *d, struct evtchn *chn, u32 perms)
+static int avc_current_has_perm(u32 tsid, u16 class, u32 perm,
+ struct avc_audit_data *ad)
{
- struct domain_security_struct *dsec;
- struct evtchn_security_struct *esec;
+ u32 csid = domain_sid(current->domain);
+ return avc_has_perm(csid, tsid, class, perm, ad);
+}
- dsec = d->ssid;
- esec = chn->ssid;
+static int current_has_perm(struct domain *d, u16 class, u32 perms)
+{
+ return domain_has_perm(current->domain, d, class, perms);
+}
- return avc_has_perm(dsec->sid, esec->sid, SECCLASS_EVENT, perms,
NULL);
+static int domain_has_evtchn(struct domain *d, struct evtchn *chn, u32 perms)
+{
+ u32 dsid = domain_sid(d);
+ u32 esid = evtchn_sid(chn);
+
+ return avc_has_perm(dsid, esid, SECCLASS_EVENT, perms, NULL);
}
static int domain_has_xen(struct domain *d, u32 perms)
{
- struct domain_security_struct *dsec;
- dsec = d->ssid;
+ u32 dsid = domain_sid(d);
- return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_XEN, perms,
NULL);
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN, perms, NULL);
}
static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
@@ -123,6 +154,7 @@ static int flask_domain_alloc_security(struct domain *d)
dsec->sid = SECINITSID_UNLABELED;
}
+ dsec->self_sid = dsec->sid;
d->ssid = dsec;
return 0;
@@ -142,68 +174,55 @@ static void flask_domain_free_security(struct domain *d)
static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn,
domid_t id2)
{
- u32 newsid;
+ u32 sid1, sid2, newsid;
int rc;
- domid_t id;
struct domain *d2;
- struct domain_security_struct *dsec, *dsec1, *dsec2;
struct evtchn_security_struct *esec;
- dsec = current->domain->ssid;
- dsec1 = d1->ssid;
- esec = chn->ssid;
-
- if ( id2 == DOMID_SELF )
- id = current->domain->domain_id;
- else
- id = id2;
-
- d2 = get_domain_by_id(id);
+ d2 = rcu_lock_domain_by_any_id(id2);
if ( d2 == NULL )
return -EPERM;
- dsec2 = d2->ssid;
- rc = security_transition_sid(dsec1->sid, dsec2->sid, SECCLASS_EVENT,
- &newsid);
+ sid1 = domain_sid(d1);
+ sid2 = domain_target_sid(d1, d2);
+ esec = chn->ssid;
+
+ rc = security_transition_sid(sid1, sid2, SECCLASS_EVENT, &newsid);
if ( rc )
goto out;
- rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT, EVENT__CREATE,
NULL);
+ rc = avc_current_has_perm(newsid, SECCLASS_EVENT, EVENT__CREATE, NULL);
if ( rc )
goto out;
- rc = avc_has_perm(newsid, dsec2->sid, SECCLASS_EVENT, EVENT__BIND,
NULL);
+ rc = avc_has_perm(newsid, sid2, SECCLASS_EVENT, EVENT__BIND, NULL);
if ( rc )
goto out;
- else
- esec->sid = newsid;
+
+ esec->sid = newsid;
out:
- put_domain(d2);
+ rcu_unlock_domain(d2);
return rc;
}
static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1,
struct domain *d2, struct evtchn *chn2)
{
- u32 newsid;
+ u32 sid1, sid2, newsid, reverse_sid;
int rc;
- struct domain_security_struct *dsec, *dsec1, *dsec2;
- struct evtchn_security_struct *esec1, *esec2;
+ struct evtchn_security_struct *esec1;
struct avc_audit_data ad;
AVC_AUDIT_DATA_INIT(&ad, NONE);
ad.sdom = d1;
ad.tdom = d2;
- dsec = current->domain->ssid;
- dsec1 = d1->ssid;
- dsec2 = d2->ssid;
+ sid1 = domain_sid(d1);
+ sid2 = domain_target_sid(d1, d2);
esec1 = chn1->ssid;
- esec2 = chn2->ssid;
- rc = security_transition_sid(dsec1->sid, dsec2->sid,
- SECCLASS_EVENT, &newsid);
+ rc = security_transition_sid(sid1, sid2, SECCLASS_EVENT, &newsid);
if ( rc )
{
printk("%s: security_transition_sid failed, rc=%d
(domain=%d)\n",
@@ -211,15 +230,20 @@ static int flask_evtchn_interdomain(struct domain *d1,
struct evtchn *chn1,
return rc;
}
- rc = avc_has_perm(dsec->sid, newsid, SECCLASS_EVENT, EVENT__CREATE,
&ad);
+ rc = avc_current_has_perm(newsid, SECCLASS_EVENT, EVENT__CREATE, &ad);
if ( rc )
return rc;
- rc = avc_has_perm(newsid, dsec2->sid, SECCLASS_EVENT, EVENT__BIND,
&ad);
+ rc = avc_has_perm(newsid, sid2, SECCLASS_EVENT, EVENT__BIND, &ad);
if ( rc )
return rc;
- rc = avc_has_perm(esec2->sid, dsec1->sid, SECCLASS_EVENT,
EVENT__BIND, &ad);
+ /* It''s possible the target domain has changed (relabel or
destroy/create)
+ * since the unbound part was created; re-validate this binding now.
+ */
+ reverse_sid = evtchn_sid(chn2);
+ sid1 = domain_target_sid(d2, d1);
+ rc = avc_has_perm(reverse_sid, sid1, SECCLASS_EVENT, EVENT__BIND, &ad);
if ( rc )
return rc;
@@ -302,7 +326,6 @@ static void flask_free_security_evtchn(struct evtchn *chn)
static char *flask_show_security_evtchn(struct domain *d, const struct evtchn
*chn)
{
- struct evtchn_security_struct *esec;
int irq;
u32 sid = 0;
char *ctx;
@@ -312,9 +335,7 @@ static char *flask_show_security_evtchn(struct domain *d,
const struct evtchn *c
{
case ECS_UNBOUND:
case ECS_INTERDOMAIN:
- esec = chn->ssid;
- if ( esec )
- sid = esec->sid;
+ sid = evtchn_sid(chn);
break;
case ECS_PIRQ:
irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
@@ -367,12 +388,12 @@ static int flask_grant_query_size(struct domain *d1,
struct domain *d2)
static int flask_get_pod_target(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__GETPODTARGET);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET);
}
static int flask_set_pod_target(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SETPODTARGET);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
}
static int flask_memory_adjust_reservation(struct domain *d1, struct domain
*d2)
@@ -455,70 +476,65 @@ static int flask_schedop_shutdown(struct domain *d1,
struct domain *d2)
static void flask_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
- struct domain_security_struct *dsec;
-
- dsec = d->ssid;
- info->ssidref = dsec->sid;
+ info->ssidref = domain_sid(d);
}
static int flask_setvcpucontext(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SETVCPUCONTEXT);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT);
}
static int flask_pausedomain(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__PAUSE);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__PAUSE);
}
static int flask_unpausedomain(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__UNPAUSE);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
}
static int flask_resumedomain(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__RESUME);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
}
static int flask_domain_create(struct domain *d, u32 ssidref)
{
int rc;
- struct domain_security_struct *dsec1;
- struct domain_security_struct *dsec2;
+ struct domain_security_struct *dsec = d->ssid;
static int dom0_created = 0;
- dsec1 = current->domain->ssid;
- dsec2 = d->ssid;
-
if ( is_idle_domain(current->domain) && !dom0_created )
{
- dsec2->sid = SECINITSID_DOM0;
+ dsec->sid = SECINITSID_DOM0;
dom0_created = 1;
- return 0;
}
+ else
+ {
+ rc = avc_current_has_perm(ssidref, SECCLASS_DOMAIN,
+ DOMAIN__CREATE, NULL);
+ if ( rc )
+ return rc;
- rc = avc_has_perm(dsec1->sid, ssidref, SECCLASS_DOMAIN,
- DOMAIN__CREATE, NULL);
- if ( rc )
- return rc;
+ dsec->sid = ssidref;
+ }
+ dsec->self_sid = dsec->sid;
- dsec2->sid = ssidref;
+ rc = security_transition_sid(dsec->sid, dsec->sid, SECCLASS_DOMAIN,
+ &dsec->self_sid);
return rc;
}
static int flask_max_vcpus(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__MAX_VCPUS);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS);
}
static int flask_destroydomain(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__DESTROY);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__DESTROY);
}
static int flask_vcpuaffinity(int cmd, struct domain *d)
@@ -537,7 +553,7 @@ static int flask_vcpuaffinity(int cmd, struct domain *d)
return -EPERM;
}
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm );
+ return current_has_perm(d, SECCLASS_DOMAIN, perm );
}
static int flask_scheduler(struct domain *d)
@@ -548,43 +564,51 @@ static int flask_scheduler(struct domain *d)
if ( rc )
return rc;
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SCHEDULER);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SCHEDULER);
}
static int flask_getdomaininfo(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__GETDOMAININFO);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
static int flask_getvcpucontext(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__GETVCPUCONTEXT);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT);
}
static int flask_getvcpuinfo(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__GETVCPUINFO);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO);
}
static int flask_domain_settime(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SETTIME);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETTIME);
}
-static int flask_set_target(struct domain *d, struct domain *e)
+static int flask_set_target(struct domain *d, struct domain *t)
{
int rc;
- rc = domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__MAKE_PRIV_FOR);
+ struct domain_security_struct *dsec, *tsec;
+ dsec = d->ssid;
+ tsec = t->ssid;
+
+ rc = current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR);
if ( rc )
return rc;
- rc = domain_has_perm(current->domain, e, SECCLASS_DOMAIN2,
DOMAIN2__SET_AS_TARGET);
+ rc = current_has_perm(t, SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET);
if ( rc )
return rc;
- return domain_has_perm(d, e, SECCLASS_DOMAIN, DOMAIN__SET_TARGET);
+ /* Use avc_has_perm to avoid resolving target/current SID */
+ rc = avc_has_perm(dsec->sid, tsec->sid, SECCLASS_DOMAIN,
DOMAIN__SET_TARGET, NULL);
+ if ( rc )
+ return rc;
+
+ /* (tsec, dsec) defaults the label to tsec, as it should here */
+ rc = security_transition_sid(tsec->sid, dsec->sid, SECCLASS_DOMAIN,
+ &dsec->target_sid);
+ return rc;
}
static int flask_domctl(struct domain *d, int cmd)
@@ -655,26 +679,24 @@ static int flask_domctl(struct domain *d, int cmd)
case XEN_DOMCTL_gdbsx_pausevcpu:
case XEN_DOMCTL_gdbsx_unpausevcpu:
case XEN_DOMCTL_gdbsx_domstatus:
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SETDEBUGGING);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING);
case XEN_DOMCTL_subscribe:
case XEN_DOMCTL_disable_migrate:
case XEN_DOMCTL_suppress_spurious_page_faults:
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SET_MISC_INFO);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_MISC_INFO);
case XEN_DOMCTL_set_cpuid:
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__SET_CPUID);
+ return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID);
case XEN_DOMCTL_gettscinfo:
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__GETTSC);
+ return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GETTSC);
case XEN_DOMCTL_settscinfo:
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN2,
DOMAIN2__SETTSC);
+ return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SETTSC);
case XEN_DOMCTL_audit_p2m:
- return domain_has_perm(current->domain, d, SECCLASS_HVM,
HVM__AUDIT_P2M);
+ return current_has_perm(d, SECCLASS_HVM, HVM__AUDIT_P2M);
default:
printk("flask_domctl: Unknown op %d\n", cmd);
@@ -716,7 +738,7 @@ static int flask_sysctl(int cmd)
static int flask_set_virq_handler(struct domain *d, uint32_t virq)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__SET_VIRQ_HANDLER);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
}
static int flask_tbufcontrol(void)
@@ -741,20 +763,17 @@ static int flask_sched_id(void)
static int flask_setdomainmaxmem(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SETDOMAINMAXMEM);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM);
}
static int flask_setdomainhandle(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SETDOMAINHANDLE);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE);
}
static int flask_setdebugging(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__SETDEBUGGING);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING);
}
static int flask_debug_keys(void)
@@ -816,14 +835,12 @@ static char *flask_show_irq_sid (int irq)
static int flask_map_domain_pirq (struct domain *d, int irq, void *data)
{
- u32 sid;
+ u32 sid, dsid;
int rc = -EPERM;
struct msi_info *msi = data;
-
- struct domain_security_struct *ssec, *tsec;
struct avc_audit_data ad;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__ADD);
+ rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
if ( rc )
return rc;
@@ -839,14 +856,13 @@ static int flask_map_domain_pirq (struct domain *d, int
irq, void *data)
if ( rc )
return rc;
- ssec = current->domain->ssid;
- tsec = d->ssid;
+ dsid = domain_sid(d);
- rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE, RESOURCE__ADD_IRQ,
&ad);
+ rc = avc_current_has_perm(sid, SECCLASS_RESOURCE, RESOURCE__ADD_IRQ,
&ad);
if ( rc )
return rc;
- rc = avc_has_perm(tsec->sid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
+ rc = avc_has_perm(dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
return rc;
}
@@ -854,16 +870,12 @@ static int flask_unmap_domain_pirq (struct domain *d, int
irq)
{
u32 sid;
int rc = -EPERM;
-
- struct domain_security_struct *ssec;
struct avc_audit_data ad;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__REMOVE);
+ rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
if ( rc )
return rc;
- ssec = current->domain->ssid;
-
if ( irq >= nr_irqs_gsi ) {
/* TODO support for MSI here */
return 0;
@@ -873,19 +885,19 @@ static int flask_unmap_domain_pirq (struct domain *d, int
irq)
if ( rc )
return rc;
- rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_IRQ, &ad);
+ rc = avc_current_has_perm(sid, SECCLASS_RESOURCE, RESOURCE__REMOVE_IRQ,
&ad);
return rc;
}
static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
{
/* the PIRQ number is not useful; real IRQ is checked during mapping */
- return domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
- resource_to_perm(access));
+ return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
}
struct iomem_has_perm_data {
- struct domain_security_struct *ssec, *tsec;
+ u32 ssid;
+ u32 dsid;
u32 perm;
};
@@ -899,12 +911,12 @@ static int _iomem_has_perm(void *v, u32 sid, unsigned long
start, unsigned long
ad.range.start = start;
ad.range.end = end;
- rc = avc_has_perm(data->ssec->sid, sid, SECCLASS_RESOURCE,
data->perm, &ad);
+ rc = avc_has_perm(data->ssid, sid, SECCLASS_RESOURCE, data->perm,
&ad);
if ( rc )
return rc;
- return avc_has_perm(data->tsec->sid, sid, SECCLASS_RESOURCE,
RESOURCE__USE, &ad);
+ return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t
end, uint8_t access)
@@ -912,7 +924,7 @@ static int flask_iomem_permission(struct domain *d, uint64_t
start, uint64_t end
struct iomem_has_perm_data data;
int rc;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
+ rc = current_has_perm(d, SECCLASS_RESOURCE,
resource_to_perm(access));
if ( rc )
return rc;
@@ -922,8 +934,8 @@ static int flask_iomem_permission(struct domain *d, uint64_t
start, uint64_t end
else
data.perm = RESOURCE__REMOVE_IOMEM;
- data.ssec = current->domain->ssid;
- data.tsec = d->ssid;
+ data.ssid = domain_sid(current->domain);
+ data.dsid = domain_sid(d);
return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
}
@@ -935,10 +947,9 @@ static int flask_iomem_mapping(struct domain *d, uint64_t
start, uint64_t end, u
static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access)
{
- u32 rsid;
+ u32 dsid, rsid;
int rc = -EPERM;
struct avc_audit_data ad;
- struct domain_security_struct *ssec;
u32 perm = RESOURCE__USE;
rc = security_device_sid(machine_bdf, &rsid);
@@ -951,33 +962,24 @@ static int flask_pci_config_permission(struct domain *d,
uint32_t machine_bdf, u
AVC_AUDIT_DATA_INIT(&ad, DEV);
ad.device = (unsigned long) machine_bdf;
- ssec = d->ssid;
- return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad);
+ dsid = domain_sid(d);
+ return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, perm, &ad);
}
static int flask_resource_plug_core(void)
{
- struct domain_security_struct *ssec;
-
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__PLUG, NULL);
+ return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__PLUG, NULL);
}
static int flask_resource_unplug_core(void)
{
- struct domain_security_struct *ssec;
-
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__UNPLUG, NULL);
+ return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__UNPLUG, NULL);
}
static int flask_resource_use_core(void)
{
- struct domain_security_struct *ssec;
-
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__USE, NULL);
+ return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__USE, NULL);
}
static int flask_resource_plug_pci(uint32_t machine_bdf)
@@ -985,7 +987,6 @@ static int flask_resource_plug_pci(uint32_t machine_bdf)
u32 rsid;
int rc = -EPERM;
struct avc_audit_data ad;
- struct domain_security_struct *ssec;
rc = security_device_sid(machine_bdf, &rsid);
if ( rc )
@@ -993,8 +994,7 @@ static int flask_resource_plug_pci(uint32_t machine_bdf)
AVC_AUDIT_DATA_INIT(&ad, DEV);
ad.device = (unsigned long) machine_bdf;
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__PLUG,
&ad);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG,
&ad);
}
static int flask_resource_unplug_pci(uint32_t machine_bdf)
@@ -1002,7 +1002,6 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf)
u32 rsid;
int rc = -EPERM;
struct avc_audit_data ad;
- struct domain_security_struct *ssec;
rc = security_device_sid(machine_bdf, &rsid);
if ( rc )
@@ -1010,8 +1009,7 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf)
AVC_AUDIT_DATA_INIT(&ad, DEV);
ad.device = (unsigned long) machine_bdf;
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__UNPLUG, &ad);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG,
&ad);
}
static int flask_resource_setup_pci(uint32_t machine_bdf)
@@ -1019,7 +1017,6 @@ static int flask_resource_setup_pci(uint32_t machine_bdf)
u32 rsid;
int rc = -EPERM;
struct avc_audit_data ad;
- struct domain_security_struct *ssec;
rc = security_device_sid(machine_bdf, &rsid);
if ( rc )
@@ -1027,8 +1024,7 @@ static int flask_resource_setup_pci(uint32_t machine_bdf)
AVC_AUDIT_DATA_INIT(&ad, DEV);
ad.device = (unsigned long) machine_bdf;
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
}
static int flask_resource_setup_gsi(int gsi)
@@ -1036,22 +1032,17 @@ static int flask_resource_setup_gsi(int gsi)
u32 rsid;
int rc = -EPERM;
struct avc_audit_data ad;
- struct domain_security_struct *ssec;
rc = get_irq_sid(gsi, &rsid, &ad);
if ( rc )
return rc;
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
}
static int flask_resource_setup_misc(void)
{
- struct domain_security_struct *ssec;
-
- ssec = current->domain->ssid;
- return avc_has_perm(ssec->sid, SECINITSID_XEN, SECCLASS_RESOURCE,
RESOURCE__SETUP, NULL);
+ return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE,
RESOURCE__SETUP, NULL);
}
static inline int flask_page_offline(uint32_t cmd)
@@ -1114,11 +1105,12 @@ static int flask_shadow_control(struct domain *d,
uint32_t op)
return -EPERM;
}
- return domain_has_perm(current->domain, d, SECCLASS_SHADOW, perm);
+ return current_has_perm(d, SECCLASS_SHADOW, perm);
}
struct ioport_has_perm_data {
- struct domain_security_struct *ssec, *tsec;
+ u32 ssid;
+ u32 dsid;
u32 perm;
};
@@ -1132,12 +1124,12 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned
long start, unsigned long
ad.range.start = start;
ad.range.end = end;
- rc = avc_has_perm(data->ssec->sid, sid, SECCLASS_RESOURCE,
data->perm, &ad);
+ rc = avc_has_perm(data->ssid, sid, SECCLASS_RESOURCE, data->perm,
&ad);
if ( rc )
return rc;
- return avc_has_perm(data->tsec->sid, sid, SECCLASS_RESOURCE,
RESOURCE__USE, &ad);
+ return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t
end, uint8_t access)
@@ -1145,7 +1137,7 @@ static int flask_ioport_permission(struct domain *d,
uint32_t start, uint32_t en
int rc;
struct ioport_has_perm_data data;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
+ rc = current_has_perm(d, SECCLASS_RESOURCE,
resource_to_perm(access));
if ( rc )
@@ -1156,8 +1148,8 @@ static int flask_ioport_permission(struct domain *d,
uint32_t start, uint32_t en
else
data.perm = RESOURCE__REMOVE_IOPORT;
- data.ssec = current->domain->ssid;
- data.tsec = d->ssid;
+ data.ssid = domain_sid(current->domain);
+ data.dsid = domain_sid(d);
return security_iterate_ioport_sids(start, end, _ioport_has_perm,
&data);
}
@@ -1169,18 +1161,17 @@ static int flask_ioport_mapping(struct domain *d,
uint32_t start, uint32_t end,
static int flask_getpageframeinfo(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGEINFO);
+ return current_has_perm(d, SECCLASS_MMU, MMU__PAGEINFO);
}
static int flask_getmemlist(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_MMU, MMU__PAGELIST);
+ return current_has_perm(d, SECCLASS_MMU, MMU__PAGELIST);
}
static int flask_hypercall_init(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
- DOMAIN__HYPERCALL);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__HYPERCALL);
}
static int flask_hvmcontext(struct domain *d, uint32_t cmd)
@@ -1203,7 +1194,7 @@ static int flask_hvmcontext(struct domain *d, uint32_t
cmd)
return -EPERM;
}
- return domain_has_perm(current->domain, d, SECCLASS_HVM, perm);
+ return current_has_perm(d, SECCLASS_HVM, perm);
}
static int flask_address_size(struct domain *d, uint32_t cmd)
@@ -1222,7 +1213,7 @@ static int flask_address_size(struct domain *d, uint32_t
cmd)
return -EPERM;
}
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
+ return current_has_perm(d, SECCLASS_DOMAIN, perm);
}
static int flask_machine_address_size(struct domain *d, uint32_t cmd)
@@ -1263,37 +1254,37 @@ static int flask_hvm_param(struct domain *d, unsigned
long op)
perm = HVM__HVMCTL;
}
- return domain_has_perm(current->domain, d, SECCLASS_HVM, perm);
+ return current_has_perm(d, SECCLASS_HVM, perm);
}
static int flask_hvm_set_pci_intx_level(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__PCILEVEL);
+ return current_has_perm(d, SECCLASS_HVM, HVM__PCILEVEL);
}
static int flask_hvm_set_isa_irq_level(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__IRQLEVEL);
+ return current_has_perm(d, SECCLASS_HVM, HVM__IRQLEVEL);
}
static int flask_hvm_set_pci_link_route(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__PCIROUTE);
+ return current_has_perm(d, SECCLASS_HVM, HVM__PCIROUTE);
}
static int flask_hvm_inject_msi(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM, HVM__SEND_IRQ);
+ return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
}
static int flask_mem_event(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM,
HVM__MEM_EVENT);
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
static int flask_mem_sharing(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM,
HVM__MEM_SHARING);
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
}
static int flask_apic(struct domain *d, int cmd)
@@ -1355,11 +1346,7 @@ static int flask_physinfo(void)
static int flask_platform_quirk(uint32_t quirk)
{
- struct domain_security_struct *dsec;
- dsec = current->domain->ssid;
-
- return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_XEN,
- XEN__QUIRK, NULL);
+ return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN, XEN__QUIRK,
NULL);
}
static int flask_platform_op(uint32_t op)
@@ -1421,16 +1408,12 @@ static int flask_getidletime(void)
static int flask_machine_memory_map(void)
{
- struct domain_security_struct *dsec;
- dsec = current->domain->ssid;
-
- return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_MMU,
- MMU__MEMORYMAP, NULL);
+ return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP,
NULL);
}
static int flask_domain_memory_map(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_MMU,
MMU__MEMORYMAP);
+ return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP);
}
static int domain_memory_perm(struct domain *d, struct domain *f, l1_pgentry_t
pte)
@@ -1453,17 +1436,17 @@ static int domain_memory_perm(struct domain *d, struct
domain *f, l1_pgentry_t p
if ( f->domain_id == DOMID_IO || !mfn_valid(fmfn) )
{
struct avc_audit_data ad;
- struct domain_security_struct *dsec = d->ssid;
- u32 fsid;
+ u32 dsid, fsid;
+ rc = security_iomem_sid(fmfn, &fsid);
+ if ( rc )
+ return rc;
AVC_AUDIT_DATA_INIT(&ad, MEMORY);
ad.sdom = d;
ad.tdom = f;
ad.memory.pte = pte.l1;
ad.memory.mfn = fmfn;
- rc = security_iomem_sid(fmfn, &fsid);
- if ( rc )
- return rc;
- return avc_has_perm(dsec->sid, fsid, SECCLASS_MMU, map_perms,
&ad);
+ dsid = domain_sid(d);
+ return avc_has_perm(dsid, fsid, SECCLASS_MMU, map_perms, &ad);
}
return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
@@ -1506,43 +1489,40 @@ static int flask_remove_from_physmap(struct domain *d1,
struct domain *d2)
static int flask_sendtrigger(struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
DOMAIN__TRIGGER);
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
}
static int flask_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
- struct domain_security_struct *ssec = current->domain->ssid;
rc = security_device_sid(machine_bdf, &rsid);
if ( rc )
return rc;
- return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__STAT_DEVICE, NULL);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE,
NULL);
}
static int flask_test_assign_device(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
- struct domain_security_struct *ssec = current->domain->ssid;
rc = security_device_sid(machine_bdf, &rsid);
if ( rc )
return rc;
- return rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__STAT_DEVICE, NULL);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE,
NULL);
}
static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
{
- u32 rsid;
+ u32 dsid, rsid;
int rc = -EPERM;
- struct domain_security_struct *ssec, *tsec;
struct avc_audit_data ad;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__ADD);
+ rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
if ( rc )
return rc;
@@ -1552,22 +1532,20 @@ static int flask_assign_device(struct domain *d,
uint32_t machine_bdf)
AVC_AUDIT_DATA_INIT(&ad, DEV);
ad.device = (unsigned long) machine_bdf;
- ssec = current->domain->ssid;
- rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__ADD_DEVICE, &ad);
+ rc = avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE,
&ad);
if ( rc )
return rc;
- tsec = d->ssid;
- return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
+ dsid = domain_sid(d);
+ return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
}
static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
- struct domain_security_struct *ssec = current->domain->ssid;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__REMOVE);
+ rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
if ( rc )
return rc;
@@ -1575,18 +1553,17 @@ static int flask_deassign_device(struct domain *d,
uint32_t machine_bdf)
if ( rc )
return rc;
- return rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_DEVICE, NULL);
+ return avc_current_has_perm(rsid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_DEVICE, NULL);
}
static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
{
- u32 rsid;
+ u32 dsid, rsid;
int rc = -EPERM;
int irq;
- struct domain_security_struct *ssec, *tsec;
struct avc_audit_data ad;
- rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__ADD);
+ rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
if ( rc )
return rc;
@@ -1596,23 +1573,22 @@ static int flask_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *b
if ( rc )
return rc;
- ssec = current->domain->ssid;
- rc = avc_has_perm(ssec->sid, rsid, SECCLASS_HVM, HVM__BIND_IRQ,
&ad);
+ rc = avc_current_has_perm(rsid, SECCLASS_HVM, HVM__BIND_IRQ, &ad);
if ( rc )
return rc;
- tsec = d->ssid;
- return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
+ dsid = domain_sid(d);
+ return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
}
static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
{
- return domain_has_perm(current->domain, d, SECCLASS_RESOURCE,
RESOURCE__REMOVE);
+ return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
static int flask_pin_mem_cacheattr (struct domain *d)
{
- return domain_has_perm(current->domain, d, SECCLASS_HVM,
HVM__CACHEATTR);
+ return current_has_perm(d, SECCLASS_HVM, HVM__CACHEATTR);
}
static int flask_ext_vcpucontext (struct domain *d, uint32_t cmd)
@@ -1631,7 +1607,7 @@ static int flask_ext_vcpucontext (struct domain *d,
uint32_t cmd)
return -EPERM;
}
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
+ return current_has_perm(d, SECCLASS_DOMAIN, perm);
}
static int flask_vcpuextstate (struct domain *d, uint32_t cmd)
@@ -1650,7 +1626,7 @@ static int flask_vcpuextstate (struct domain *d, uint32_t
cmd)
return -EPERM;
}
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
+ return current_has_perm(d, SECCLASS_DOMAIN, perm);
}
#endif
diff --git a/xen/xsm/flask/include/objsec.h b/xen/xsm/flask/include/objsec.h
index 4ff52be..6595dc3 100644
--- a/xen/xsm/flask/include/objsec.h
+++ b/xen/xsm/flask/include/objsec.h
@@ -19,6 +19,8 @@
struct domain_security_struct {
u32 sid; /* current SID */
+ u32 self_sid; /* SID for target when operating on DOMID_SELF */
+ u32 target_sid; /* SID for device model target domain */
};
struct evtchn_security_struct {
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 14/19] arch/x86: Add missing mem_sharing XSM hooks
This patch adds splits up the mem_sharing and mem_event XSM hooks to
better cover what the code is doing. It also changes the utility
function get_mem_event_op_target to rcu_lock_live_remote_domain_by_id
because there is no mm-specific logic in there.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Tim Deegan <tim@xen.org>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
tools/flask/policy/policy/flask/access_vectors | 1 +
xen/arch/x86/domctl.c | 8 ++---
xen/arch/x86/mm/mem_event.c | 41 ++++++++------------------
xen/arch/x86/mm/mem_sharing.c | 25 +++++++++++++---
xen/common/domain.c | 15 ++++++++++
xen/include/asm-x86/mem_event.h | 1 -
xen/include/xen/sched.h | 6 ++++
xen/include/xsm/dummy.h | 23 ++++++++++++++-
xen/include/xsm/xsm.h | 24 +++++++++++++--
xen/xsm/dummy.c | 5 +++-
xen/xsm/flask/hooks.c | 25 ++++++++++++++--
xen/xsm/flask/include/av_perm_to_string.h | 1 +
xen/xsm/flask/include/av_permissions.h | 1 +
13 files changed, 130 insertions(+), 46 deletions(-)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index ea65e45..45ac437 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -102,6 +102,7 @@ class hvm
mem_sharing
audit_p2m
send_irq
+ share_mem
}
class event
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 30518aa..34e6223 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1503,10 +1503,8 @@ long arch_do_domctl(
d = rcu_lock_domain_by_id(domctl->domain);
if ( d != NULL )
{
- ret = xsm_mem_event(d);
- if ( !ret )
- ret = mem_event_domctl(d, &domctl->u.mem_event_op,
- guest_handle_cast(u_domctl, void));
+ ret = mem_event_domctl(d, &domctl->u.mem_event_op,
+ guest_handle_cast(u_domctl, void));
rcu_unlock_domain(d);
copy_to_guest(u_domctl, domctl, 1);
}
@@ -1562,7 +1560,7 @@ long arch_do_domctl(
d = rcu_lock_domain_by_id(domctl->domain);
if ( d != NULL )
{
- ret = xsm_mem_event(d);
+ ret = xsm_mem_event_setup(d);
if ( !ret ) {
p2m = p2m_get_hostp2m(d);
p2m->access_required =
domctl->u.access_required.access_required;
diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c
index 27d1cf4..c2b3670 100644
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
@@ -29,6 +29,7 @@
#include <asm/mem_paging.h>
#include <asm/mem_access.h>
#include <asm/mem_sharing.h>
+#include <xsm/xsm.h>
/* for public/io/ring.h macros */
#define xen_mb() mb()
@@ -439,35 +440,19 @@ static void mem_sharing_notification(struct vcpu *v,
unsigned int port)
mem_sharing_sharing_resume(v->domain);
}
-struct domain *get_mem_event_op_target(uint32_t domain, int *rc)
-{
- struct domain *d;
-
- /* Get the target domain */
- *rc = rcu_lock_remote_target_domain_by_id(domain, &d);
- if ( *rc != 0 )
- return NULL;
-
- /* Not dying? */
- if ( d->is_dying )
- {
- rcu_unlock_domain(d);
- *rc = -EINVAL;
- return NULL;
- }
-
- return d;
-}
-
int do_mem_event_op(int op, uint32_t domain, void *arg)
{
int ret;
struct domain *d;
- d = get_mem_event_op_target(domain, &ret);
- if ( !d )
+ ret = rcu_lock_live_remote_domain_by_id(domain, &d);
+ if ( ret )
return ret;
+ ret = xsm_mem_event_op(d, op);
+ if ( ret )
+ goto out;
+
switch (op)
{
case XENMEM_paging_op:
@@ -483,6 +468,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg)
ret = -ENOSYS;
}
+ out:
rcu_unlock_domain(d);
return ret;
}
@@ -516,6 +502,10 @@ int mem_event_domctl(struct domain *d,
xen_domctl_mem_event_op_t *mec,
{
int rc;
+ rc = xsm_mem_event_control(d, mec->mode, mec->op);
+ if ( rc )
+ return rc;
+
if ( unlikely(d == current->domain) )
{
gdprintk(XENLOG_INFO, "Tried to do a memory event op on
itself.\n");
@@ -537,13 +527,6 @@ int mem_event_domctl(struct domain *d,
xen_domctl_mem_event_op_t *mec,
return -EINVAL;
}
- /* TODO: XSM hook */
-#if 0
- rc = xsm_mem_event_control(d, mec->op);
- if ( rc )
- return rc;
-#endif
-
rc = -ENOSYS;
switch ( mec->mode )
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 5103285..9229b83 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -34,6 +34,7 @@
#include <asm/atomic.h>
#include <xen/rcupdate.h>
#include <asm/event.h>
+#include <xsm/xsm.h>
#include "mm-locks.h"
@@ -1345,10 +1346,18 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( !mem_sharing_enabled(d) )
return -EINVAL;
- cd = get_mem_event_op_target(mec->u.share.client_domain,
&rc);
- if ( !cd )
+ rc =
rcu_lock_live_remote_domain_by_id(mec->u.share.client_domain,
+ &cd);
+ if ( rc )
return rc;
+ rc = xsm_mem_sharing_op(d, cd, mec->op);
+ if ( rc )
+ {
+ rcu_unlock_domain(cd);
+ return rc;
+ }
+
if ( !mem_sharing_enabled(cd) )
{
rcu_unlock_domain(cd);
@@ -1401,10 +1410,18 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( !mem_sharing_enabled(d) )
return -EINVAL;
- cd = get_mem_event_op_target(mec->u.share.client_domain,
&rc);
- if ( !cd )
+ rc =
rcu_lock_live_remote_domain_by_id(mec->u.share.client_domain,
+ &cd);
+ if ( rc )
return rc;
+ rc = xsm_mem_sharing_op(d, cd, mec->op);
+ if ( rc )
+ {
+ rcu_unlock_domain(cd);
+ return rc;
+ }
+
if ( !mem_sharing_enabled(cd) )
{
rcu_unlock_domain(cd);
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 12c8e24..fcf24e2 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -475,6 +475,21 @@ int rcu_lock_remote_domain_by_id(domid_t dom, struct domain
**d)
return 0;
}
+int rcu_lock_live_remote_domain_by_id(domid_t dom, struct domain **d)
+{
+ int rv;
+ rv = rcu_lock_remote_domain_by_id(dom, d);
+ if ( rv )
+ return rv;
+ if ( (*d)->is_dying )
+ {
+ rcu_unlock_domain(*d);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
int domain_kill(struct domain *d)
{
int rc = 0;
diff --git a/xen/include/asm-x86/mem_event.h b/xen/include/asm-x86/mem_event.h
index e17f36b..5959621 100644
--- a/xen/include/asm-x86/mem_event.h
+++ b/xen/include/asm-x86/mem_event.h
@@ -62,7 +62,6 @@ void mem_event_put_request(struct domain *d, struct
mem_event_domain *med,
int mem_event_get_response(struct domain *d, struct mem_event_domain *med,
mem_event_response_t *rsp);
-struct domain *get_mem_event_op_target(uint32_t domain, int *rc);
int do_mem_event_op(int op, uint32_t domain, void *arg);
int mem_event_domctl(struct domain *d, xen_domctl_mem_event_op_t *mec,
XEN_GUEST_HANDLE_PARAM(void) u_domctl);
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 6c55039..90a6537 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -484,6 +484,12 @@ int rcu_lock_remote_target_domain_by_id(domid_t dom, struct
domain **d);
*/
int rcu_lock_remote_domain_by_id(domid_t dom, struct domain **d);
+/*
+ * As rcu_lock_remote_domain_by_id() but will fail EINVAL if the domain is
+ * dying.
+ */
+int rcu_lock_live_remote_domain_by_id(domid_t dom, struct domain **d);
+
/* Finish a RCU critical region started by rcu_lock_domain_by_id(). */
static inline void rcu_unlock_domain(struct domain *d)
{
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 073217a..ee381a8 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -551,16 +551,37 @@ static XSM_DEFAULT(int, hvm_inject_msi) (struct domain *d)
return 0;
}
-static XSM_DEFAULT(int, mem_event) (struct domain *d)
+static XSM_DEFAULT(int, mem_event_setup) (struct domain *d)
{
return 0;
}
+static XSM_DEFAULT(int, mem_event_control) (struct domain *d, int mode, int op)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
+static XSM_DEFAULT(int, mem_event_op) (struct domain *d, int op)
+{
+ if ( !IS_PRIV_FOR(current->domain, d) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
{
return 0;
}
+static XSM_DEFAULT(int, mem_sharing_op) (struct domain *d, struct domain *cd,
int op)
+{
+ if ( !IS_PRIV_FOR(current->domain, cd) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
{
if ( !IS_PRIV(d) )
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4900d1f..1b9f939 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -151,8 +151,11 @@ struct xsm_operations {
int (*hvm_set_isa_irq_level) (struct domain *d);
int (*hvm_set_pci_link_route) (struct domain *d);
int (*hvm_inject_msi) (struct domain *d);
- int (*mem_event) (struct domain *d);
+ int (*mem_event_setup) (struct domain *d);
+ int (*mem_event_control) (struct domain *d, int mode, int op);
+ int (*mem_event_op) (struct domain *d, int op);
int (*mem_sharing) (struct domain *d);
+ int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
int (*apic) (struct domain *d, int cmd);
int (*xen_settime) (void);
int (*memtype) (uint32_t access);
@@ -663,9 +666,19 @@ static inline int xsm_hvm_inject_msi (struct domain *d)
return xsm_ops->hvm_inject_msi(d);
}
-static inline int xsm_mem_event (struct domain *d)
+static inline int xsm_mem_event_setup (struct domain *d)
{
- return xsm_ops->mem_event(d);
+ return xsm_ops->mem_event_setup(d);
+}
+
+static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
+{
+ return xsm_ops->mem_event_control(d, mode, op);
+}
+
+static inline int xsm_mem_event_op (struct domain *d, int op)
+{
+ return xsm_ops->mem_event_op(d, op);
}
static inline int xsm_mem_sharing (struct domain *d)
@@ -673,6 +686,11 @@ static inline int xsm_mem_sharing (struct domain *d)
return xsm_ops->mem_sharing(d);
}
+static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int
op)
+{
+ return xsm_ops->mem_sharing_op(d, cd, op);
+}
+
static inline int xsm_apic (struct domain *d, int cmd)
{
return xsm_ops->apic(d, cmd);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 43e8617..3926b2b 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -135,8 +135,11 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
set_to_dummy_if_null(ops, hvm_set_pci_link_route);
set_to_dummy_if_null(ops, hvm_inject_msi);
- set_to_dummy_if_null(ops, mem_event);
+ set_to_dummy_if_null(ops, mem_event_setup);
+ set_to_dummy_if_null(ops, mem_event_control);
+ set_to_dummy_if_null(ops, mem_event_op);
set_to_dummy_if_null(ops, mem_sharing);
+ set_to_dummy_if_null(ops, mem_sharing_op);
set_to_dummy_if_null(ops, apic);
set_to_dummy_if_null(ops, xen_settime);
set_to_dummy_if_null(ops, memtype);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index a8475ea..99d3e21 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1277,7 +1277,17 @@ static int flask_hvm_inject_msi(struct domain *d)
return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
}
-static int flask_mem_event(struct domain *d)
+static int flask_mem_event_setup(struct domain *d)
+{
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
+}
+
+static int flask_mem_event_control(struct domain *d, int mode, int op)
+{
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
+}
+
+static int flask_mem_event_op(struct domain *d, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
@@ -1287,6 +1297,14 @@ static int flask_mem_sharing(struct domain *d)
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
}
+static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
+{
+ int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
+ if ( rc )
+ return rc;
+ return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
+}
+
static int flask_apic(struct domain *d, int cmd)
{
u32 perm;
@@ -1736,8 +1754,11 @@ static struct xsm_operations flask_ops = {
.hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
.hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
.hvm_inject_msi = flask_hvm_inject_msi,
- .mem_event = flask_mem_event,
+ .mem_event_setup = flask_mem_event_setup,
+ .mem_event_control = flask_mem_event_control,
+ .mem_event_op = flask_mem_event_op,
.mem_sharing = flask_mem_sharing,
+ .mem_sharing_op = flask_mem_sharing_op,
.apic = flask_apic,
.xen_settime = flask_xen_settime,
.memtype = flask_memtype,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index 894910c..186f1fa 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -84,6 +84,7 @@
S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing")
S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m")
S_(SECCLASS_HVM, HVM__SEND_IRQ, "send_irq")
+ S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem")
S_(SECCLASS_EVENT, EVENT__BIND, "bind")
S_(SECCLASS_EVENT, EVENT__SEND, "send")
S_(SECCLASS_EVENT, EVENT__STATUS, "status")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index 1bdb515..b3831f6 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -87,6 +87,7 @@
#define HVM__MEM_SHARING 0x00001000UL
#define HVM__AUDIT_P2M 0x00002000UL
#define HVM__SEND_IRQ 0x00004000UL
+#define HVM__SHARE_MEM 0x00008000UL
#define EVENT__BIND 0x00000001UL
#define EVENT__SEND 0x00000002UL
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 15/19] arch/x86: use XSM hooks for get_pg_owner access checks
There are three callers of get_pg_owner:
* do_mmuext_op, which does not have XSM hooks on all subfunctions
* do_mmu_update, which has hooks that are inefficient
* do_update_va_mapping_otherdomain, which has a simple XSM hook
In order to preserve return values for the do_mmuext_op hypercall, an
additional XSM hook is required to check the operation even for those
subfunctions that do not use the pg_owner field. This also covers the
MMUEXT_UNPIN_TABLE operation which did previously have an XSM hook.
The XSM hooks in do_mmu_update were capable of replacing the checks in
get_pg_owner; however, the hooks are buried in the inner loop of the
function - not very good for performance when XSM is enabled and these
turn in to indirect function calls. This patch removes the PTE from the
hooks and replaces it with a bitfield describing what accesses are being
requested. The XSM hook can then be called only when additional bits are
set instead of once per iteration of the loop.
This patch results in a change in the FLASK permissions used for mapping
an MMIO page: the target for the permisison check on the memory mapping
is no longer resolved to the device-specific type, and is instead either
the domain''s own type or domio_t (depending on if the domain uses
DOMID_SELF or DOMID_IO in the map command). Device-specific access is
still controlled via the "resource use" permisison checked at domain
creation (or device hotplug).
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Tim Deegan <tim@xen.org>
---
tools/flask/policy/policy/flask/access_vectors | 1 +
tools/flask/policy/policy/modules/xen/xen.if | 6 +--
tools/flask/policy/policy/modules/xen/xen.te | 5 +-
xen/arch/x86/mm.c | 53 +++++++++++--------
xen/include/xsm/dummy.h | 15 ++++--
xen/include/xsm/xsm.h | 25 +++++----
xen/xsm/dummy.c | 4 +-
xen/xsm/flask/hooks.c | 71 +++++++++-----------------
xen/xsm/flask/include/av_perm_to_string.h | 1 +
xen/xsm/flask/include/av_permissions.h | 1 +
10 files changed, 91 insertions(+), 91 deletions(-)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index 45ac437..8324725 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -141,6 +141,7 @@ class mmu
mfnlist
memorymap
remote_remap
+ mmuext_op
}
class shadow
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index d630f47..fda5cb5 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -7,7 +7,7 @@
################################################################################
define(`declare_domain_common'', `
allow $1 $2:grant { query setup };
- allow $1 $2:mmu { adjust physmap map_read map_write stat pinpage updatemp };
+ allow $1 $2:mmu { adjust physmap map_read map_write stat pinpage updatemp
mmuext_op };
allow $1 $2:hvm { getparam setparam };
'')
@@ -51,7 +51,7 @@ define(`create_domain_common'', `
allow $1 $2:domain2 { set_cpuid settsc };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
- allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage};
+ allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage
mmuext_op };
allow $1 $2:grant setup;
allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc setparam
pcilevel trackdirtyvram };
'')
@@ -162,7 +162,7 @@ define(`make_device_model'', `
# Allow a device to be used by a domain
define(`use_device'', `
allow $1 $2:resource use;
- allow $1 $2:mmu { map_read map_write };
+ allow $1 domio_t:mmu { map_read map_write };
'')
# admin_device(domain, device)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index 8d33285..8c77e6b 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -29,10 +29,10 @@ type xen_t, xen_type, mls_priv;
# Domain 0
declare_singleton_domain(dom0_t, mls_priv);
-# Untracked I/O memory (pseudo-domain)
+# I/O memory (DOMID_IO pseudo-domain)
type domio_t, xen_type;
-# Xen heap (pseudo-domain)
+# Xen heap (DOMID_XEN pseudo-domain)
type domxen_t, xen_type;
# Unlabeled objects
@@ -69,7 +69,6 @@ admin_device(dom0_t, device_t)
admin_device(dom0_t, irq_t)
admin_device(dom0_t, ioport_t)
admin_device(dom0_t, iomem_t)
-allow dom0_t domio_t:mmu { map_read map_write };
domain_comms(dom0_t, dom0_t)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index b065bcf..39b2cc7 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2620,11 +2620,6 @@ static struct domain *get_pg_owner(domid_t domid)
pg_owner = rcu_lock_domain(dom_io);
break;
case DOMID_XEN:
- if ( !IS_PRIV(curr) )
- {
- MEM_LOG("Cannot set foreign dom");
- break;
- }
pg_owner = rcu_lock_domain(dom_xen);
break;
default:
@@ -2633,12 +2628,6 @@ static struct domain *get_pg_owner(domid_t domid)
MEM_LOG("Unknown domain ''%u''", domid);
break;
}
- if ( !IS_PRIV_FOR(curr, pg_owner) )
- {
- MEM_LOG("Cannot set foreign dom");
- rcu_unlock_domain(pg_owner);
- pg_owner = NULL;
- }
break;
}
@@ -2726,6 +2715,13 @@ long do_mmuext_op(
goto out;
}
+ rc = xsm_mmuext_op(d, pg_owner);
+ if ( rc )
+ {
+ rcu_unlock_domain(pg_owner);
+ goto out;
+ }
+
for ( i = 0; i < count; i++ )
{
if ( hypercall_preempt_check() )
@@ -3167,6 +3163,8 @@ long do_mmu_update(
struct vcpu *v = current;
struct domain *d = v->domain, *pt_owner = d, *pg_owner;
struct domain_mmap_cache mapcache;
+ uint32_t xsm_needed = 0;
+ uint32_t xsm_checked = 0;
if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
{
@@ -3198,11 +3196,6 @@ long do_mmu_update(
rc = -EINVAL;
goto out;
}
- if ( !IS_PRIV_FOR(d, pt_owner) )
- {
- rc = -ESRCH;
- goto out;
- }
}
if ( (pg_owner = get_pg_owner((uint16_t)foreigndom)) == NULL )
@@ -3242,9 +3235,20 @@ long do_mmu_update(
{
p2m_type_t p2mt;
- rc = xsm_mmu_normal_update(d, pt_owner, pg_owner, req.val);
- if ( rc )
- break;
+ xsm_needed |= XSM_MMU_NORMAL_UPDATE;
+ if ( get_pte_flags(req.val) & _PAGE_PRESENT )
+ {
+ xsm_needed |= XSM_MMU_UPDATE_READ;
+ if ( get_pte_flags(req.val) & _PAGE_RW )
+ xsm_needed |= XSM_MMU_UPDATE_WRITE;
+ }
+ if ( xsm_needed != xsm_checked )
+ {
+ rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed);
+ if ( rc )
+ break;
+ xsm_checked = xsm_needed;
+ }
rc = -EINVAL;
req.ptr -= cmd;
@@ -3356,9 +3360,14 @@ long do_mmu_update(
mfn = req.ptr >> PAGE_SHIFT;
gpfn = req.val;
- rc = xsm_mmu_machphys_update(d, pg_owner, mfn);
- if ( rc )
- break;
+ xsm_needed |= XSM_MMU_MACHPHYS_UPDATE;
+ if ( xsm_needed != xsm_checked )
+ {
+ rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed);
+ if ( rc )
+ break;
+ xsm_checked = xsm_needed;
+ }
if ( unlikely(!get_page_from_pagenr(mfn, pg_owner)) )
{
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index ee381a8..8131a57 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -662,21 +662,28 @@ static XSM_DEFAULT(int, domain_memory_map) (struct domain
*d)
return 0;
}
-static XSM_DEFAULT(int, mmu_normal_update) (struct domain *d, struct domain *t,
- struct domain *f, intpte_t fpte)
+static XSM_DEFAULT(int, mmu_update) (struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags)
{
+ if ( t && d != t && !IS_PRIV_FOR(d, t) )
+ return -EPERM;
+ if ( d != f && !IS_PRIV_FOR(d, f) )
+ return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mmu_machphys_update) (struct domain *d, struct domain
*f,
- unsigned long mfn)
+static XSM_DEFAULT(int, mmuext_op) (struct domain *d, struct domain *f)
{
+ if ( d != f && !IS_PRIV_FOR(d, f) )
+ return -EPERM;
return 0;
}
static XSM_DEFAULT(int, update_va_mapping) (struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
+ if ( d != f && !IS_PRIV_FOR(d, f) )
+ return -EPERM;
return 0;
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1b9f939..092efdc 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -27,8 +27,6 @@ typedef u32 xsm_magic_t;
#define XSM_MAGIC 0x00000000
#endif
-#ifdef XSM_ENABLE
-
extern char *policy_buffer;
extern u32 policy_size;
@@ -170,9 +168,13 @@ struct xsm_operations {
int (*getidletime) (void);
int (*machine_memory_map) (void);
int (*domain_memory_map) (struct domain *d);
- int (*mmu_normal_update) (struct domain *d, struct domain *t,
- struct domain *f, intpte_t fpte);
- int (*mmu_machphys_update) (struct domain *d1, struct domain *d2, unsigned
long mfn);
+#define XSM_MMU_UPDATE_READ 1
+#define XSM_MMU_UPDATE_WRITE 2
+#define XSM_MMU_NORMAL_UPDATE 4
+#define XSM_MMU_MACHPHYS_UPDATE 8
+ int (*mmu_update) (struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags);
+ int (*mmuext_op) (struct domain *d, struct domain *f);
int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t
pte);
int (*add_to_physmap) (struct domain *d1, struct domain *d2);
int (*sendtrigger) (struct domain *d);
@@ -186,6 +188,8 @@ struct xsm_operations {
#endif
};
+#ifdef XSM_ENABLE
+
extern struct xsm_operations *xsm_ops;
static inline void xsm_security_domaininfo (struct domain *d,
@@ -761,16 +765,15 @@ static inline int xsm_domain_memory_map(struct domain *d)
return xsm_ops->domain_memory_map(d);
}
-static inline int xsm_mmu_normal_update (struct domain *d, struct domain *t,
- struct domain *f, intpte_t fpte)
+static inline int xsm_mmu_update (struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags)
{
- return xsm_ops->mmu_normal_update(d, t, f, fpte);
+ return xsm_ops->mmu_update(d, t, f, flags);
}
-static inline int xsm_mmu_machphys_update (struct domain *d1, struct domain
*d2,
- unsigned long mfn)
+static inline int xsm_mmuext_op (struct domain *d, struct domain *f)
{
- return xsm_ops->mmu_machphys_update(d1, d2, mfn);
+ return xsm_ops->mmuext_op(d, f);
}
static inline int xsm_update_va_mapping(struct domain *d, struct domain *f,
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 3926b2b..588f367 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -154,8 +154,8 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, getidletime);
set_to_dummy_if_null(ops, machine_memory_map);
set_to_dummy_if_null(ops, domain_memory_map);
- set_to_dummy_if_null(ops, mmu_normal_update);
- set_to_dummy_if_null(ops, mmu_machphys_update);
+ set_to_dummy_if_null(ops, mmu_update);
+ set_to_dummy_if_null(ops, mmuext_op);
set_to_dummy_if_null(ops, update_va_mapping);
set_to_dummy_if_null(ops, add_to_physmap);
set_to_dummy_if_null(ops, remove_from_physmap);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 99d3e21..b2f00d8 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1434,65 +1434,44 @@ static int flask_domain_memory_map(struct domain *d)
return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP);
}
-static int domain_memory_perm(struct domain *d, struct domain *f, l1_pgentry_t
pte)
+static int flask_mmu_update(struct domain *d, struct domain *t,
+ struct domain *f, uint32_t flags)
{
int rc = 0;
- u32 map_perms = MMU__MAP_READ;
- unsigned long fgfn, fmfn;
- p2m_type_t p2mt;
-
- if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) )
- return 0;
-
- if ( l1e_get_flags(pte) & _PAGE_RW )
- map_perms |= MMU__MAP_WRITE;
-
- fgfn = l1e_get_pfn(pte);
- fmfn = mfn_x(get_gfn_query(f, fgfn, &p2mt));
- put_gfn(f, fgfn);
+ u32 map_perms = 0;
- if ( f->domain_id == DOMID_IO || !mfn_valid(fmfn) )
- {
- struct avc_audit_data ad;
- u32 dsid, fsid;
- rc = security_iomem_sid(fmfn, &fsid);
- if ( rc )
- return rc;
- AVC_AUDIT_DATA_INIT(&ad, MEMORY);
- ad.sdom = d;
- ad.tdom = f;
- ad.memory.pte = pte.l1;
- ad.memory.mfn = fmfn;
- dsid = domain_sid(d);
- return avc_has_perm(dsid, fsid, SECCLASS_MMU, map_perms, &ad);
- }
-
- return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
-}
-
-static int flask_mmu_normal_update(struct domain *d, struct domain *t,
- struct domain *f, intpte_t fpte)
-{
- int rc = 0;
-
- if (d != t)
+ if ( t && d != t )
rc = domain_has_perm(d, t, SECCLASS_MMU, MMU__REMOTE_REMAP);
if ( rc )
return rc;
- return domain_memory_perm(d, f, l1e_from_intpte(fpte));
+ if ( flags & XSM_MMU_UPDATE_READ )
+ map_perms |= MMU__MAP_READ;
+ if ( flags & XSM_MMU_UPDATE_WRITE )
+ map_perms |= MMU__MAP_WRITE;
+ if ( flags & XSM_MMU_MACHPHYS_UPDATE )
+ map_perms |= MMU__UPDATEMP;
+
+ if ( map_perms )
+ rc = domain_has_perm(d, f, SECCLASS_MMU, map_perms);
+ return rc;
}
-static int flask_mmu_machphys_update(struct domain *d1, struct domain *d2,
- unsigned long mfn)
+static int flask_mmuext_op(struct domain *d, struct domain *f)
{
- return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__UPDATEMP);
+ return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP);
}
static int flask_update_va_mapping(struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
- return domain_memory_perm(d, f, pte);
+ u32 map_perms = MMU__MAP_READ;
+ if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) )
+ return 0;
+ if ( l1e_get_flags(pte) & _PAGE_RW )
+ map_perms |= MMU__MAP_WRITE;
+
+ return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
}
static int flask_add_to_physmap(struct domain *d1, struct domain *d2)
@@ -1773,8 +1752,8 @@ static struct xsm_operations flask_ops = {
.getidletime = flask_getidletime,
.machine_memory_map = flask_machine_memory_map,
.domain_memory_map = flask_domain_memory_map,
- .mmu_normal_update = flask_mmu_normal_update,
- .mmu_machphys_update = flask_mmu_machphys_update,
+ .mmu_update = flask_mmu_update,
+ .mmuext_op = flask_mmuext_op,
.update_va_mapping = flask_update_va_mapping,
.add_to_physmap = flask_add_to_physmap,
.remove_from_physmap = flask_remove_from_physmap,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index 186f1fa..8f65b96 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -111,6 +111,7 @@
S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist")
S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
+ S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op")
S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index b3831f6..18454fd 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -117,6 +117,7 @@
#define MMU__MFNLIST 0x00000400UL
#define MMU__MEMORYMAP 0x00000800UL
#define MMU__REMOTE_REMAP 0x00001000UL
+#define MMU__MMUEXT_OP 0x00002000UL
#define SHADOW__DISABLE 0x00000001UL
#define SHADOW__ENABLE 0x00000002UL
--
1.7.11.7
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Keir Fraser <keir@xen.org>
---
tools/flask/policy/policy/flask/access_vectors | 1 +
tools/flask/policy/policy/modules/xen/xen.if | 2 ++
xen/common/memory.c | 12 +++++++++++-
xen/include/xsm/dummy.h | 7 +++++++
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 6 ++++++
xen/xsm/flask/include/av_perm_to_string.h | 1 +
xen/xsm/flask/include/av_permissions.h | 1 +
9 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index 8324725..caf65d2 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -142,6 +142,7 @@ class mmu
memorymap
remote_remap
mmuext_op
+ exchange
}
class shadow
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy/modules/xen/xen.if
index fda5cb5..d9d5344 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -30,6 +30,7 @@ define(`declare_domain'', `
# containing at most one domain. This is not enforced by policy.
define(`declare_singleton_domain'', `
type $1, domain_type`''ifelse(`$#'', `1'',
`'', `,shift($@)'');
+ define(`$1_self'', `$1'')
type $1_channel, event_type;
type_transition $1 domain_type:event $1_channel;
declare_domain_common($1, $1)
@@ -161,6 +162,7 @@ define(`make_device_model'', `
# use_device(domain, device)
# Allow a device to be used by a domain
define(`use_device'', `
+ allow $1 $1_self:mmu exchange;
allow $1 $2:resource use;
allow $1 domio_t:mmu { map_read map_write };
'')
diff --git a/xen/common/memory.c b/xen/common/memory.c
index dd36b83..7d3c326 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -329,9 +329,19 @@ static long
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
out_chunk_order = exch.in.extent_order - exch.out.extent_order;
}
- rc = rcu_lock_target_domain_by_id(exch.in.domid, &d);
+ d = rcu_lock_domain_by_any_id(exch.in.domid);
+ if ( d == NULL )
+ {
+ rc = -ESRCH;
+ goto fail_early;
+ }
+
+ rc = xsm_memory_exchange(d);
if ( rc )
+ {
+ rcu_unlock_domain(d);
goto fail_early;
+ }
memflags |= MEMF_bits(domain_clamp_alloc_bitsize(
d,
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 8131a57..f115151 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -235,6 +235,13 @@ static XSM_DEFAULT(int, grant_query_size) (struct domain
*d1, struct domain *d2)
return 0;
}
+static XSM_DEFAULT(int, memory_exchange) (struct domain *d)
+{
+ if ( d != current->domain && !IS_PRIV_FOR(current->domain, d)
)
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(int, memory_adjust_reservation) (struct domain *d1,
struct domain *d2)
{
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 092efdc..628ddd6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -96,6 +96,7 @@ struct xsm_operations {
int (*get_pod_target) (struct domain *d);
int (*set_pod_target) (struct domain *d);
+ int (*memory_exchange) (struct domain *d);
int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct
page_info *page);
@@ -451,6 +452,11 @@ static inline int xsm_set_pod_target (struct domain *d)
return xsm_ops->set_pod_target(d);
}
+static inline int xsm_memory_exchange (struct domain *d)
+{
+ return xsm_ops->memory_exchange(d);
+}
+
static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
domain *d2)
{
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 588f367..26e04d5 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -83,6 +83,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, get_pod_target);
set_to_dummy_if_null(ops, set_pod_target);
+ set_to_dummy_if_null(ops, memory_exchange);
set_to_dummy_if_null(ops, memory_adjust_reservation);
set_to_dummy_if_null(ops, memory_stat_reservation);
set_to_dummy_if_null(ops, memory_pin_page);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b2f00d8..167f8e6 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -396,6 +396,11 @@ static int flask_set_pod_target(struct domain *d)
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
}
+static int flask_memory_exchange(struct domain *d)
+{
+ return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
+}
+
static int flask_memory_adjust_reservation(struct domain *d1, struct domain
*d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
@@ -1685,6 +1690,7 @@ static struct xsm_operations flask_ops = {
.get_pod_target = flask_get_pod_target,
.set_pod_target = flask_set_pod_target,
+ .memory_exchange = flask_memory_exchange,
.memory_adjust_reservation = flask_memory_adjust_reservation,
.memory_stat_reservation = flask_memory_stat_reservation,
.memory_pin_page = flask_memory_pin_page,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index 8f65b96..79d5939 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -112,6 +112,7 @@
S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op")
+ S_(SECCLASS_MMU, MMU__EXCHANGE, "exchange")
S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index 18454fd..d982328 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -118,6 +118,7 @@
#define MMU__MEMORYMAP 0x00000800UL
#define MMU__REMOTE_REMAP 0x00001000UL
#define MMU__MMUEXT_OP 0x00002000UL
+#define MMU__EXCHANGE 0x00004000UL
#define SHADOW__DISABLE 0x00000001UL
#define SHADOW__ENABLE 0x00000002UL
--
1.7.11.7
This adds a pair of XSM hooks for tmem operations: xsm_tmem_op which
controls any use of tmem, and xsm_tmem_control which allows use of the
TMEM_CONTROL operations. By default, all domains can use tmem while only
IS_PRIV domains can use control operations.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
---
tools/flask/policy/policy/flask/access_vectors | 2 ++
xen/common/tmem.c | 3 +++
xen/include/xen/tmem_xen.h | 8 +++++++-
xen/include/xsm/dummy.h | 12 ++++++++++++
xen/include/xsm/xsm.h | 12 ++++++++++++
xen/xsm/dummy.c | 2 ++
xen/xsm/flask/hooks.c | 12 ++++++++++++
xen/xsm/flask/include/av_perm_to_string.h | 2 ++
xen/xsm/flask/include/av_permissions.h | 2 ++
9 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/tools/flask/policy/policy/flask/access_vectors
index caf65d2..7a7e253 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -35,6 +35,8 @@ class xen
lockprof
cpupool_op
sched_op
+ tmem_op
+ tmem_control
}
class domain
diff --git a/xen/common/tmem.c b/xen/common/tmem.c
index 44e2772..ca70e86 100644
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2644,6 +2644,9 @@ EXPORT long do_tmem_op(tmem_cli_op_t uops)
if ( !tmem_initialized )
return -ENODEV;
+ if ( !tmh_current_permitted() )
+ return -EPERM;
+
total_tmem_ops++;
if ( tmh_lock_all )
diff --git a/xen/include/xen/tmem_xen.h b/xen/include/xen/tmem_xen.h
index 36a8d9f..8dec5aa 100644
--- a/xen/include/xen/tmem_xen.h
+++ b/xen/include/xen/tmem_xen.h
@@ -16,6 +16,7 @@
#include <xen/guest_access.h> /* copy_from_guest */
#include <xen/hash.h> /* hash_long */
#include <xen/domain_page.h> /* __map_domain_page */
+#include <xsm/xsm.h> /* xsm_tmem_control */
#include <public/tmem.h>
#ifdef CONFIG_COMPAT
#include <compat/tmem.h>
@@ -326,9 +327,14 @@ static inline bool_t tmh_set_client_from_id(
return rc;
}
+static inline bool_t tmh_current_permitted(void)
+{
+ return !xsm_tmem_op();
+}
+
static inline bool_t tmh_current_is_privileged(void)
{
- return IS_PRIV(current->domain);
+ return !xsm_tmem_control();
}
static inline uint8_t tmh_get_first_byte(pfp_t *pfp)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index f115151..040b463 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -443,6 +443,18 @@ static XSM_DEFAULT(int, sched_op) (void)
return 0;
}
+static XSM_DEFAULT(int, tmem_op) (void)
+{
+ return 0;
+}
+
+static XSM_DEFAULT(int, tmem_control) (void)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_DEFAULT(long, do_xsm_op)(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
{
return -ENOSYS;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 628ddd6..748f5ff 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -134,6 +134,8 @@ struct xsm_operations {
int (*lockprof)(void);
int (*cpupool_op)(void);
int (*sched_op)(void);
+ int (*tmem_op)(void);
+ int (*tmem_control)(void);
long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
@@ -610,6 +612,16 @@ static inline int xsm_sched_op(void)
return xsm_ops->sched_op();
}
+static inline int xsm_tmem_op(void)
+{
+ return xsm_ops->tmem_op();
+}
+
+static inline int xsm_tmem_control(void)
+{
+ return xsm_ops->tmem_control();
+}
+
static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
{
return xsm_ops->do_xsm_op(op);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 26e04d5..6e113fb 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -120,6 +120,8 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, lockprof);
set_to_dummy_if_null(ops, cpupool_op);
set_to_dummy_if_null(ops, sched_op);
+ set_to_dummy_if_null(ops, tmem_op);
+ set_to_dummy_if_null(ops, tmem_control);
set_to_dummy_if_null(ops, do_xsm_op);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 167f8e6..e815ea5 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1079,6 +1079,16 @@ static inline int flask_sched_op(void)
return domain_has_xen(current->domain, XEN__SCHED_OP);
}
+static inline int flask_tmem_op(void)
+{
+ return domain_has_xen(current->domain, XEN__TMEM_OP);
+}
+
+static inline int flask_tmem_control(void)
+{
+ return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
+}
+
static int flask_perfcontrol(void)
{
return domain_has_xen(current->domain, XEN__PERFCONTROL);
@@ -1723,6 +1733,8 @@ static struct xsm_operations flask_ops = {
.lockprof = flask_lockprof,
.cpupool_op = flask_cpupool_op,
.sched_op = flask_sched_op,
+ .tmem_op = flask_tmem_op,
+ .tmem_control = flask_tmem_control,
.do_xsm_op = do_flask_op,
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
index 79d5939..c3f2370 100644
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ b/xen/xsm/flask/include/av_perm_to_string.h
@@ -29,6 +29,8 @@
S_(SECCLASS_XEN, XEN__LOCKPROF, "lockprof")
S_(SECCLASS_XEN, XEN__CPUPOOL_OP, "cpupool_op")
S_(SECCLASS_XEN, XEN__SCHED_OP, "sched_op")
+ S_(SECCLASS_XEN, XEN__TMEM_OP, "tmem_op")
+ S_(SECCLASS_XEN, XEN__TMEM_CONTROL, "tmem_control")
S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT, "setvcpucontext")
S_(SECCLASS_DOMAIN, DOMAIN__PAUSE, "pause")
S_(SECCLASS_DOMAIN, DOMAIN__UNPAUSE, "unpause")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
index d982328..65302e8 100644
--- a/xen/xsm/flask/include/av_permissions.h
+++ b/xen/xsm/flask/include/av_permissions.h
@@ -29,6 +29,8 @@
#define XEN__LOCKPROF 0x08000000UL
#define XEN__CPUPOOL_OP 0x10000000UL
#define XEN__SCHED_OP 0x20000000UL
+#define XEN__TMEM_OP 0x40000000UL
+#define XEN__TMEM_CONTROL 0x80000000UL
#define DOMAIN__SETVCPUCONTEXT 0x00000001UL
#define DOMAIN__PAUSE 0x00000002UL
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 18/19] xen/arch/*: add struct domain parameter to arch_do_domctl
Since the arch-independent do_domctl function now RCU locks the domain
specified by op->domain, pass the struct domain to the arch-specific
domctl function and remove the duplicate per-subfunction locking.
This also removes two get_domain/put_domain call pairs (in
XEN_DOMCTL_assign_device and XEN_DOMCTL_deassign_device), replacing them
with RCU locking.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@citrix.com>
Cc: Tim Deegan <tim@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/arch/arm/domctl.c | 2 +-
xen/arch/x86/domctl.c | 434 +++++++---------------------------------
xen/common/domctl.c | 2 +-
xen/drivers/passthrough/iommu.c | 31 +--
xen/include/xen/hypercall.h | 2 +-
xen/include/xen/iommu.h | 3 +-
6 files changed, 76 insertions(+), 398 deletions(-)
diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
index cf16791..d54a387 100644
--- a/xen/arch/arm/domctl.c
+++ b/xen/arch/arm/domctl.c
@@ -10,7 +10,7 @@
#include <xen/errno.h>
#include <public/domctl.h>
-long arch_do_domctl(struct xen_domctl *domctl,
+long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
{
return -ENOSYS;
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 34e6223..5e224fc 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -47,7 +47,7 @@ static int gdbsx_guest_mem_io(
}
long arch_do_domctl(
- struct xen_domctl *domctl,
+ struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
{
long ret = 0;
@@ -57,23 +57,15 @@ long arch_do_domctl(
case XEN_DOMCTL_shadow_op:
{
- struct domain *d;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d != NULL )
- {
- ret = paging_domctl(d,
- &domctl->u.shadow_op,
- guest_handle_cast(u_domctl, void));
- rcu_unlock_domain(d);
- copy_to_guest(u_domctl, domctl, 1);
- }
+ ret = paging_domctl(d,
+ &domctl->u.shadow_op,
+ guest_handle_cast(u_domctl, void));
+ copy_to_guest(u_domctl, domctl, 1);
}
break;
case XEN_DOMCTL_ioport_permission:
{
- struct domain *d;
unsigned int fp = domctl->u.ioport_permission.first_port;
unsigned int np = domctl->u.ioport_permission.nr_ports;
int allow = domctl->u.ioport_permission.allow_access;
@@ -82,10 +74,6 @@ long arch_do_domctl(
if ( (fp + np) > 65536 )
break;
- ret = -ESRCH;
- if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
- break;
-
if ( np == 0 )
ret = 0;
else if ( xsm_ioport_permission(d, fp, fp + np - 1, allow) )
@@ -94,8 +82,6 @@ long arch_do_domctl(
ret = ioports_permit_access(d, fp, fp + np - 1);
else
ret = ioports_deny_access(d, fp, fp + np - 1);
-
- rcu_unlock_domain(d);
}
break;
@@ -103,23 +89,16 @@ long arch_do_domctl(
{
struct page_info *page;
unsigned long mfn = domctl->u.getpageframeinfo.gmfn;
- domid_t dom = domctl->domain;
- struct domain *d;
ret = -EINVAL;
-
- if ( unlikely(!mfn_valid(mfn)) ||
- unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
+ if ( unlikely(!mfn_valid(mfn)) )
break;
page = mfn_to_page(mfn);
ret = xsm_getpageframeinfo(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
if ( likely(get_page(page, d)) )
{
@@ -149,8 +128,6 @@ long arch_do_domctl(
put_page(page);
}
- rcu_unlock_domain(d);
-
copy_to_guest(u_domctl, domctl, 1);
}
break;
@@ -160,27 +137,17 @@ long arch_do_domctl(
{
unsigned int n, j;
unsigned int num = domctl->u.getpageframeinfo3.num;
- domid_t dom = domctl->domain;
- struct domain *d;
struct page_info *page;
xen_pfn_t *arr;
- ret = -ESRCH;
- if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
- break;
-
ret = xsm_getpageframeinfo(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
if ( unlikely(num > 1024) ||
unlikely(num != domctl->u.getpageframeinfo3.num) )
{
ret = -E2BIG;
- rcu_unlock_domain(d);
break;
}
@@ -188,7 +155,6 @@ long arch_do_domctl(
if ( !page )
{
ret = -ENOMEM;
- rcu_unlock_domain(d);
break;
}
arr = page_to_virt(page);
@@ -254,7 +220,6 @@ long arch_do_domctl(
free_domheap_page(virt_to_page(arr));
- rcu_unlock_domain(d);
break;
}
/* fall thru */
@@ -262,25 +227,15 @@ long arch_do_domctl(
{
int n,j;
int num = domctl->u.getpageframeinfo2.num;
- domid_t dom = domctl->domain;
- struct domain *d;
uint32_t *arr32;
- ret = -ESRCH;
-
- if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
- break;
ret = xsm_getpageframeinfo(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
if ( unlikely(num > 1024) )
{
ret = -E2BIG;
- rcu_unlock_domain(d);
break;
}
@@ -288,7 +243,6 @@ long arch_do_domctl(
if ( !arr32 )
{
ret = -ENOMEM;
- rcu_unlock_domain(d);
break;
}
@@ -360,78 +314,58 @@ long arch_do_domctl(
}
free_xenheap_page(arr32);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_getmemlist:
{
int i;
- struct domain *d = rcu_lock_domain_by_id(domctl->domain);
unsigned long max_pfns = domctl->u.getmemlist.max_pfns;
uint64_t mfn;
struct page_info *page;
- ret = -EINVAL;
- if ( d != NULL )
- {
- ret = xsm_getmemlist(d);
- if ( ret )
- {
- rcu_unlock_domain(d);
- break;
- }
+ ret = xsm_getmemlist(d);
+ if ( ret )
+ break;
- spin_lock(&d->page_alloc_lock);
+ if ( unlikely(d->is_dying) ) {
+ ret = -EINVAL;
+ break;
+ }
- if ( unlikely(d->is_dying) ) {
- spin_unlock(&d->page_alloc_lock);
- goto getmemlist_out;
- }
+ spin_lock(&d->page_alloc_lock);
- ret = i = 0;
- page_list_for_each(page, &d->page_list)
+ ret = i = 0;
+ page_list_for_each(page, &d->page_list)
+ {
+ if ( i >= max_pfns )
+ break;
+ mfn = page_to_mfn(page);
+ if ( copy_to_guest_offset(domctl->u.getmemlist.buffer,
+ i, &mfn, 1) )
{
- if ( i >= max_pfns )
- break;
- mfn = page_to_mfn(page);
- if ( copy_to_guest_offset(domctl->u.getmemlist.buffer,
- i, &mfn, 1) )
- {
- ret = -EFAULT;
- break;
- }
- ++i;
+ ret = -EFAULT;
+ break;
}
-
- spin_unlock(&d->page_alloc_lock);
-
- domctl->u.getmemlist.num_pfns = i;
- copy_to_guest(u_domctl, domctl, 1);
- getmemlist_out:
- rcu_unlock_domain(d);
+ ++i;
}
+
+ spin_unlock(&d->page_alloc_lock);
+
+ domctl->u.getmemlist.num_pfns = i;
+ copy_to_guest(u_domctl, domctl, 1);
}
break;
case XEN_DOMCTL_hypercall_init:
{
- struct domain *d = rcu_lock_domain_by_id(domctl->domain);
unsigned long gmfn = domctl->u.hypercall_init.gmfn;
struct page_info *page;
void *hypercall_page;
- ret = -ESRCH;
- if ( unlikely(d == NULL) )
- break;
-
ret = xsm_hypercall_init(d);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC);
@@ -440,7 +374,6 @@ long arch_do_domctl(
{
if ( page )
put_page(page);
- rcu_unlock_domain(d);
break;
}
@@ -451,19 +384,12 @@ long arch_do_domctl(
unmap_domain_page(hypercall_page);
put_page_and_type(page);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_sethvmcontext:
{
struct hvm_domain_context c = { .size = domctl->u.hvmcontext.size };
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
ret = xsm_hvmcontext(d, domctl->cmd);
if ( ret )
@@ -488,19 +414,12 @@ long arch_do_domctl(
sethvmcontext_out:
if ( c.data != NULL )
xfree(c.data);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gethvmcontext:
{
struct hvm_domain_context c = { 0 };
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
ret = xsm_hvmcontext(d, domctl->cmd);
if ( ret )
@@ -544,53 +463,33 @@ long arch_do_domctl(
if ( c.data != NULL )
xfree(c.data);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gethvmcontext_partial:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = xsm_hvmcontext(d, domctl->cmd);
if ( ret )
- goto gethvmcontext_partial_out;
+ break;
ret = -EINVAL;
if ( !is_hvm_domain(d) )
- goto gethvmcontext_partial_out;
+ break;
domain_pause(d);
ret = hvm_save_one(d, domctl->u.hvmcontext_partial.type,
domctl->u.hvmcontext_partial.instance,
domctl->u.hvmcontext_partial.buffer);
domain_unpause(d);
-
- gethvmcontext_partial_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_set_address_size:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = xsm_address_size(d, domctl->cmd);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
switch ( domctl->u.address_size.size )
{
@@ -604,31 +503,19 @@ long arch_do_domctl(
ret = (domctl->u.address_size.size == BITS_PER_LONG) ? 0 :
-EINVAL;
break;
}
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_get_address_size:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = xsm_address_size(d, domctl->cmd);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
domctl->u.address_size.size is_pv_32on64_domain(d) ? 32
: BITS_PER_LONG;
ret = 0;
- rcu_unlock_domain(d);
if ( copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
@@ -637,76 +524,51 @@ long arch_do_domctl(
case XEN_DOMCTL_set_machine_address_size:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = xsm_machine_address_size(d, domctl->cmd);
if ( ret )
- goto set_machine_address_size_out;
+ break;
ret = -EBUSY;
if ( d->tot_pages > 0 )
- goto set_machine_address_size_out;
+ break;
d->arch.physaddr_bitsize = domctl->u.address_size.size;
ret = 0;
- set_machine_address_size_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_get_machine_address_size:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = xsm_machine_address_size(d, domctl->cmd);
if ( ret )
- {
- rcu_unlock_domain(d);
break;
- }
domctl->u.address_size.size = d->arch.physaddr_bitsize;
ret = 0;
- rcu_unlock_domain(d);
if ( copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
-
-
}
break;
case XEN_DOMCTL_sendtrigger:
{
- struct domain *d;
struct vcpu *v;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = xsm_sendtrigger(d);
if ( ret )
- goto sendtrigger_out;
+ break;
ret = -EINVAL;
if ( domctl->u.sendtrigger.vcpu >= MAX_VIRT_CPUS )
- goto sendtrigger_out;
+ break;
ret = -ESRCH;
if ( domctl->u.sendtrigger.vcpu >= d->max_vcpus ||
(v = d->vcpu[domctl->u.sendtrigger.vcpu]) == NULL )
- goto sendtrigger_out;
+ break;
switch ( domctl->u.sendtrigger.trigger )
{
@@ -743,34 +605,27 @@ long arch_do_domctl(
default:
ret = -ENOSYS;
}
-
- sendtrigger_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_bind_pt_irq:
{
- struct domain * d;
xen_domctl_bind_pt_irq_t * bind;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
bind = &(domctl->u.bind_pt_irq);
ret = -EINVAL;
if ( !is_hvm_domain(d) )
- goto bind_out;
+ break;
ret = xsm_bind_pt_irq(d, bind);
if ( ret )
- goto bind_out;
+ break;
ret = -EPERM;
if ( !IS_PRIV(current->domain) &&
!irq_access_permitted(current->domain, bind->machine_irq) )
- goto bind_out;
+ break;
ret = -ESRCH;
if ( iommu_enabled )
@@ -782,30 +637,23 @@ long arch_do_domctl(
if ( ret < 0 )
printk(XENLOG_G_ERR "pt_irq_create_bind failed (%ld) for
dom%d\n",
ret, d->domain_id);
-
- bind_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_unbind_pt_irq:
{
- struct domain * d;
xen_domctl_bind_pt_irq_t * bind;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
bind = &(domctl->u.bind_pt_irq);
ret = -EPERM;
if ( !IS_PRIV(current->domain) &&
!irq_access_permitted(current->domain, bind->machine_irq) )
- goto unbind_out;
+ break;
ret = xsm_unbind_pt_irq(d, bind);
if ( ret )
- goto unbind_out;
+ break;
if ( iommu_enabled )
{
@@ -816,15 +664,11 @@ long arch_do_domctl(
if ( ret < 0 )
printk(XENLOG_G_ERR "pt_irq_destroy_bind failed (%ld) for
dom%d\n",
ret, d->domain_id);
-
- unbind_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_memory_mapping:
{
- struct domain *d;
unsigned long gfn = domctl->u.memory_mapping.first_gfn;
unsigned long mfn = domctl->u.memory_mapping.first_mfn;
unsigned long nr_mfns = domctl->u.memory_mapping.nr_mfns;
@@ -842,15 +686,9 @@ long arch_do_domctl(
!iomem_access_permitted(current->domain, mfn, mfn + nr_mfns -
1) )
break;
- ret = -ESRCH;
- if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
- break;
-
ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
- if ( ret ) {
- rcu_unlock_domain(d);
+ if ( ret )
break;
- }
if ( add )
{
@@ -897,15 +735,12 @@ long arch_do_domctl(
ret, add ? "removing" : "denying",
d->domain_id,
mfn, mfn + nr_mfns - 1);
}
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_ioport_mapping:
{
#define MAX_IOPORTS 0x10000
- struct domain *d;
struct hvm_iommu *hd;
unsigned int fgp = domctl->u.ioport_mapping.first_gport;
unsigned int fmp = domctl->u.ioport_mapping.first_mport;
@@ -929,15 +764,9 @@ long arch_do_domctl(
!ioports_access_permitted(current->domain, fmp, fmp + np - 1) )
break;
- ret = -ESRCH;
- if ( unlikely((d = rcu_lock_domain_by_id(domctl->domain)) == NULL) )
- break;
-
ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add);
- if ( ret ) {
- rcu_unlock_domain(d);
+ if ( ret )
break;
- }
hd = domain_hvm_iommu(d);
if ( add )
@@ -993,30 +822,19 @@ long arch_do_domctl(
"ioport_map: error %ld denying dom%d access to
[%x,%x]\n",
ret, d->domain_id, fmp, fmp + np - 1);
}
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_pin_mem_cacheattr:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
ret = xsm_pin_mem_cacheattr(d);
if ( ret )
- goto pin_out;
+ break;
ret = hvm_set_mem_pinned_cacheattr(
d, domctl->u.pin_mem_cacheattr.start,
domctl->u.pin_mem_cacheattr.end,
domctl->u.pin_mem_cacheattr.type);
-
- pin_out:
- rcu_unlock_domain(d);
}
break;
@@ -1024,19 +842,13 @@ long arch_do_domctl(
case XEN_DOMCTL_get_ext_vcpucontext:
{
struct xen_domctl_ext_vcpucontext *evc;
- struct domain *d;
struct vcpu *v;
evc = &domctl->u.ext_vcpucontext;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
ret = xsm_ext_vcpucontext(d, domctl->cmd);
if ( ret )
- goto ext_vcpucontext_out;
+ break;
ret = -ESRCH;
if ( (evc->vcpu >= d->max_vcpus) ||
@@ -1127,7 +939,6 @@ long arch_do_domctl(
ret = 0;
ext_vcpucontext_out:
- rcu_unlock_domain(d);
if ( (domctl->cmd == XEN_DOMCTL_get_ext_vcpucontext) &&
copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
@@ -1136,16 +947,10 @@ long arch_do_domctl(
case XEN_DOMCTL_set_cpuid:
{
- struct domain *d;
xen_domctl_cpuid_t *ctl = &domctl->u.cpuid;
cpuid_input_t *cpuid = NULL;
int i;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
for ( i = 0; i < MAX_CPUID_INPUT; i++ )
{
cpuid = &d->arch.cpuids[i];
@@ -1168,21 +973,13 @@ long arch_do_domctl(
memcpy(cpuid, ctl, sizeof(cpuid_input_t));
ret = 0;
}
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gettscinfo:
{
- struct domain *d;
xen_guest_tsc_info_t info;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
domain_pause(d);
tsc_get_info(d, &info.tsc_mode,
&info.elapsed_nsec,
@@ -1193,20 +990,11 @@ long arch_do_domctl(
else
ret = 0;
domain_unpause(d);
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_settscinfo:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
domain_pause(d);
tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode,
domctl->u.tsc_info.info.elapsed_nsec,
@@ -1214,138 +1002,83 @@ long arch_do_domctl(
domctl->u.tsc_info.info.incarnation);
domain_unpause(d);
- rcu_unlock_domain(d);
ret = 0;
}
break;
case XEN_DOMCTL_suppress_spurious_page_faults:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d != NULL )
- {
- d->arch.suppress_spurious_page_faults = 1;
- rcu_unlock_domain(d);
- ret = 0;
- }
+ d->arch.suppress_spurious_page_faults = 1;
+ ret = 0;
}
break;
case XEN_DOMCTL_debug_op:
{
- struct domain *d;
struct vcpu *v;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
ret = -EINVAL;
if ( (domctl->u.debug_op.vcpu >= d->max_vcpus) ||
((v = d->vcpu[domctl->u.debug_op.vcpu]) == NULL) )
- goto debug_op_out;
+ break;
ret = -EINVAL;
if ( !is_hvm_domain(d))
- goto debug_op_out;
+ break;
ret = hvm_debug_op(v, domctl->u.debug_op.op);
-
- debug_op_out:
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gdbsx_guestmemio:
{
- struct domain *d;
-
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
domctl->u.gdbsx_guest_memio.remain
domctl->u.gdbsx_guest_memio.len;
ret = gdbsx_guest_mem_io(domctl->domain,
&domctl->u.gdbsx_guest_memio);
if ( !ret && copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
-
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gdbsx_pausevcpu:
{
- struct domain *d;
struct vcpu *v;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = -EBUSY;
if ( !d->is_paused_by_controller )
- {
- rcu_unlock_domain(d);
break;
- }
ret = -EINVAL;
if ( domctl->u.gdbsx_pauseunp_vcpu.vcpu >= MAX_VIRT_CPUS ||
(v = d->vcpu[domctl->u.gdbsx_pauseunp_vcpu.vcpu]) == NULL )
- {
- rcu_unlock_domain(d);
break;
- }
vcpu_pause(v);
ret = 0;
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gdbsx_unpausevcpu:
{
- struct domain *d;
struct vcpu *v;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
ret = -EBUSY;
if ( !d->is_paused_by_controller )
- {
- rcu_unlock_domain(d);
break;
- }
ret = -EINVAL;
if ( domctl->u.gdbsx_pauseunp_vcpu.vcpu >= MAX_VIRT_CPUS ||
(v = d->vcpu[domctl->u.gdbsx_pauseunp_vcpu.vcpu]) == NULL )
- {
- rcu_unlock_domain(d);
break;
- }
if ( !atomic_read(&v->pause_count) )
printk("WARN: Unpausing vcpu:%d which is not paused\n",
v->vcpu_id);
vcpu_unpause(v);
ret = 0;
- rcu_unlock_domain(d);
}
break;
case XEN_DOMCTL_gdbsx_domstatus:
{
- struct domain *d;
struct vcpu *v;
- ret = -ESRCH;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
domctl->u.gdbsx_domstatus.vcpu_id = -1;
domctl->u.gdbsx_domstatus.paused = d->is_paused_by_controller;
if ( domctl->u.gdbsx_domstatus.paused )
@@ -1365,7 +1098,6 @@ long arch_do_domctl(
ret = 0;
if ( copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
- rcu_unlock_domain(d);
}
break;
@@ -1373,7 +1105,6 @@ long arch_do_domctl(
case XEN_DOMCTL_getvcpuextstate:
{
struct xen_domctl_vcpuextstate *evc;
- struct domain *d;
struct vcpu *v;
uint32_t offset = 0;
uint64_t _xfeature_mask = 0;
@@ -1384,12 +1115,6 @@ long arch_do_domctl(
evc = &domctl->u.vcpuextstate;
- ret = -ESRCH;
-
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d == NULL )
- break;
-
ret = xsm_vcpuextstate(d, domctl->cmd);
if ( ret )
goto vcpuextstate_out;
@@ -1488,7 +1213,6 @@ long arch_do_domctl(
ret = 0;
vcpuextstate_out:
- rcu_unlock_domain(d);
if ( (domctl->cmd == XEN_DOMCTL_getvcpuextstate) &&
copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
@@ -1497,50 +1221,33 @@ long arch_do_domctl(
case XEN_DOMCTL_mem_event_op:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d != NULL )
- {
- ret = mem_event_domctl(d, &domctl->u.mem_event_op,
- guest_handle_cast(u_domctl, void));
- rcu_unlock_domain(d);
- copy_to_guest(u_domctl, domctl, 1);
- }
+ ret = mem_event_domctl(d, &domctl->u.mem_event_op,
+ guest_handle_cast(u_domctl, void));
+ copy_to_guest(u_domctl, domctl, 1);
}
break;
case XEN_DOMCTL_mem_sharing_op:
{
- struct domain *d;
-
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d != NULL )
- {
- ret = xsm_mem_sharing(d);
- if ( !ret )
- ret = mem_sharing_domctl(d, &domctl->u.mem_sharing_op);
- rcu_unlock_domain(d);
- }
+ ret = xsm_mem_sharing(d);
+ if ( !ret )
+ ret = mem_sharing_domctl(d, &domctl->u.mem_sharing_op);
}
break;
#if P2M_AUDIT
case XEN_DOMCTL_audit_p2m:
{
- struct domain *d;
-
- ret = rcu_lock_remote_domain_by_id(domctl->domain, &d);
- if ( ret != 0 )
+ if ( d == current->domain )
+ {
+ ret = -EPERM;
break;
+ }
audit_p2m(d,
&domctl->u.audit_p2m.orphans,
&domctl->u.audit_p2m.m2p_bad,
&domctl->u.audit_p2m.p2m_bad);
- rcu_unlock_domain(d);
if ( copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
}
@@ -1549,29 +1256,22 @@ long arch_do_domctl(
case XEN_DOMCTL_set_access_required:
{
- struct domain *d;
struct p2m_domain* p2m;
ret = -EPERM;
- if ( current->domain->domain_id == domctl->domain )
+ if ( current->domain == d )
break;
- ret = -ESRCH;
- d = rcu_lock_domain_by_id(domctl->domain);
- if ( d != NULL )
- {
- ret = xsm_mem_event_setup(d);
- if ( !ret ) {
- p2m = p2m_get_hostp2m(d);
- p2m->access_required =
domctl->u.access_required.access_required;
- }
- rcu_unlock_domain(d);
- }
+ ret = xsm_mem_event_setup(d);
+ if ( !ret ) {
+ p2m = p2m_get_hostp2m(d);
+ p2m->access_required =
domctl->u.access_required.access_required;
+ }
}
break;
default:
- ret = iommu_do_domctl(domctl, u_domctl);
+ ret = iommu_do_domctl(domctl, d, u_domctl);
break;
}
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 46bb0e3..2a42a5f 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -861,7 +861,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
break;
default:
- ret = arch_do_domctl(op, u_domctl);
+ ret = arch_do_domctl(op, d, u_domctl);
break;
}
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 47408f2..9d13185 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -538,10 +538,9 @@ void iommu_crash_shutdown(void)
}
int iommu_do_domctl(
- struct xen_domctl *domctl,
+ struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
{
- struct domain *d;
u16 seg;
u8 bus, devfn;
int ret = 0;
@@ -560,10 +559,6 @@ int iommu_do_domctl(
if ( ret )
break;
- ret = -EINVAL;
- if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
- break;
-
seg = domctl->u.get_device_group.machine_sbdf >> 16;
bus = (domctl->u.get_device_group.machine_sbdf >> 8) &
0xff;
devfn = domctl->u.get_device_group.machine_sbdf & 0xff;
@@ -584,7 +579,6 @@ int iommu_do_domctl(
}
if ( copy_to_guest(u_domctl, domctl, 1) )
ret = -EFAULT;
- rcu_unlock_domain(d);
}
break;
@@ -607,20 +601,15 @@ int iommu_do_domctl(
break;
case XEN_DOMCTL_assign_device:
- if ( unlikely((d = get_domain_by_id(domctl->domain)) == NULL) ||
- unlikely(d->is_dying) )
+ if ( unlikely(d->is_dying) )
{
- printk(XENLOG_G_ERR
- "XEN_DOMCTL_assign_device: get_domain_by_id()
failed\n");
ret = -EINVAL;
- if ( d )
- goto assign_device_out;
break;
}
ret = xsm_assign_device(d, domctl->u.assign_device.machine_sbdf);
if ( ret )
- goto assign_device_out;
+ break;
seg = domctl->u.get_device_group.machine_sbdf >> 16;
bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff;
@@ -634,22 +623,12 @@ int iommu_do_domctl(
seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn),
d->domain_id, ret);
- assign_device_out:
- put_domain(d);
break;
case XEN_DOMCTL_deassign_device:
- if ( unlikely((d = get_domain_by_id(domctl->domain)) == NULL) )
- {
- printk(XENLOG_G_ERR
- "XEN_DOMCTL_deassign_device: get_domain_by_id()
failed\n");
- ret = -EINVAL;
- break;
- }
-
ret = xsm_deassign_device(d, domctl->u.assign_device.machine_sbdf);
if ( ret )
- goto deassign_device_out;
+ break;
seg = domctl->u.get_device_group.machine_sbdf >> 16;
bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff;
@@ -664,8 +643,6 @@ int iommu_do_domctl(
seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn),
d->domain_id, ret);
- deassign_device_out:
- put_domain(d);
break;
default:
diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h
index e315523..7c3d719 100644
--- a/xen/include/xen/hypercall.h
+++ b/xen/include/xen/hypercall.h
@@ -37,7 +37,7 @@ do_domctl(
extern long
arch_do_domctl(
- struct xen_domctl *domctl,
+ struct xen_domctl *domctl, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl);
extern long
diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h
index 3026e54..55e5cc9 100644
--- a/xen/include/xen/iommu.h
+++ b/xen/include/xen/iommu.h
@@ -132,7 +132,8 @@ void iommu_crash_shutdown(void);
void iommu_set_dom0_mapping(struct domain *d);
void iommu_share_p2m_table(struct domain *d);
-int iommu_do_domctl(struct xen_domctl *, XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
+int iommu_do_domctl(struct xen_domctl *, struct domain *d,
+ XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
void iommu_iotlb_flush(struct domain *d, unsigned long gfn, unsigned int
page_count);
void iommu_iotlb_flush_all(struct domain *d);
--
1.7.11.7
Daniel De Graaf
2012-Nov-16 18:28 UTC
[PATCH 19/19] flask: move policy headers into hypervisor
Rather than keeping around headers that are autogenerated in order to
avoid adding build dependencies from xen/ to files in tools/, move the
relevant parts of the FLASK policy into the hypervisor tree and generate
the headers as part of the hypervisor''s build.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
.gitignore | 5 +
.hgignore | 5 +
tools/flask/policy/Makefile | 2 +-
tools/flask/policy/policy/flask/Makefile | 41 ------
xen/xsm/flask/Makefile | 25 ++++
xen/xsm/flask/include/av_perm_to_string.h | 147 -------------------
xen/xsm/flask/include/av_permissions.h | 157 ---------------------
xen/xsm/flask/include/class_to_string.h | 15 --
xen/xsm/flask/include/flask.h | 35 -----
xen/xsm/flask/include/initial_sid_to_string.h | 16 ---
.../flask => xen/xsm/flask/policy}/access_vectors | 0
.../flask => xen/xsm/flask/policy}/initial_sids | 0
.../xsm/flask/policy}/mkaccess_vector.sh | 4 +-
.../flask => xen/xsm/flask/policy}/mkflask.sh | 6 +-
.../xsm/flask/policy}/security_classes | 0
15 files changed, 41 insertions(+), 417 deletions(-)
delete mode 100644 tools/flask/policy/policy/flask/Makefile
delete mode 100644 xen/xsm/flask/include/av_perm_to_string.h
delete mode 100644 xen/xsm/flask/include/av_permissions.h
delete mode 100644 xen/xsm/flask/include/class_to_string.h
delete mode 100644 xen/xsm/flask/include/flask.h
delete mode 100644 xen/xsm/flask/include/initial_sid_to_string.h
rename {tools/flask/policy/policy/flask =>
xen/xsm/flask/policy}/access_vectors (100%)
rename {tools/flask/policy/policy/flask =>
xen/xsm/flask/policy}/initial_sids (100%)
rename {tools/flask/policy/policy/flask =>
xen/xsm/flask/policy}/mkaccess_vector.sh (97%)
rename {tools/flask/policy/policy/flask => xen/xsm/flask/policy}/mkflask.sh
(95%)
rename {tools/flask/policy/policy/flask =>
xen/xsm/flask/policy}/security_classes (100%)
diff --git a/.gitignore b/.gitignore
index f6edc43..aac7a14 100644
--- a/.gitignore
+++ b/.gitignore
@@ -309,6 +309,11 @@ xen/include/xen/banner.h
xen/include/xen/compile.h
xen/tools/figlet/figlet
xen/tools/symbols
+xen/xsm/flask/include/av_perm_to_string.h
+xen/xsm/flask/include/av_permissions.h
+xen/xsm/flask/include/class_to_string.h
+xen/xsm/flask/include/flask.h
+xen/xsm/flask/include/initial_sid_to_string.h
xen/xen
xen/xen-syms
xen/xen.*
diff --git a/.hgignore b/.hgignore
index 344792a..5ed903f 100644
--- a/.hgignore
+++ b/.hgignore
@@ -339,6 +339,11 @@
^xen/include/xen/compile\.h$
^xen/tools/figlet/figlet$
^xen/tools/symbols$
+^xen/xsm/flask/include/av_perm_to_string\.h$
+^xen/xsm/flask/include/av_permissions\.h$
+^xen/xsm/flask/include/class_to_string\.h$
+^xen/xsm/flask/include/flask\.h$
+^xen/xsm/flask/include/initial_sid_to_string\.h$
^xen/xen$
^xen/xen-syms$
^xen/xen\..*$
diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile
index 5c25cbe..3f5aa38 100644
--- a/tools/flask/policy/Makefile
+++ b/tools/flask/policy/Makefile
@@ -61,7 +61,7 @@ LOADPOLICY := $(SBINDIR)/flask-loadpolicy
# policy source layout
POLDIR := policy
MODDIR := $(POLDIR)/modules
-FLASKDIR := $(POLDIR)/flask
+FLASKDIR := ../../../xen/xsm/flask/policy
SECCLASS := $(FLASKDIR)/security_classes
ISIDS := $(FLASKDIR)/initial_sids
AVS := $(FLASKDIR)/access_vectors
diff --git a/tools/flask/policy/policy/flask/Makefile
b/tools/flask/policy/policy/flask/Makefile
deleted file mode 100644
index 5f57e88..0000000
--- a/tools/flask/policy/policy/flask/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-# flask needs to know where to export the libselinux headers.
-LIBSEL ?= ../../libselinux
-
-# flask needs to know where to export the kernel headers.
-LINUXDIR ?= ../../../linux-2.6
-
-AWK = awk
-
-CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
- else if [ -x /bin/bash ]; then echo /bin/bash; \
- else echo sh; fi ; fi)
-
-FLASK_H_DEPEND = security_classes initial_sids
-AV_H_DEPEND = access_vectors
-
-FLASK_H_FILES = class_to_string.h flask.h initial_sid_to_string.h
-AV_H_FILES = av_perm_to_string.h av_permissions.h
-ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES)
-
-all: $(ALL_H_FILES)
-
-$(FLASK_H_FILES): $(FLASK_H_DEPEND)
- $(CONFIG_SHELL) mkflask.sh $(AWK) $(FLASK_H_DEPEND)
-
-$(AV_H_FILES): $(AV_H_DEPEND)
- $(CONFIG_SHELL) mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
-
-tolib: all
- install -m 644 flask.h av_permissions.h $(LIBSEL)/include/selinux
- install -m 644 class_to_string.h av_inherit.h common_perm_to_string.h
av_perm_to_string.h $(LIBSEL)/src
-
-tokern: all
- install -m 644 $(ALL_H_FILES) $(LINUXDIR)/security/selinux/include
-
-install: all
-
-relabel:
-
-clean:
- rm -f $(FLASK_H_FILES)
- rm -f $(AV_H_FILES)
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index 92fb410..1256512 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -5,3 +5,28 @@ obj-y += flask_op.o
subdir-y += ss
CFLAGS += -I./include
+
+AWK = awk
+
+CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
+ else if [ -x /bin/bash ]; then echo /bin/bash; \
+ else echo sh; fi ; fi)
+
+FLASK_H_DEPEND = policy/security_classes policy/initial_sids
+AV_H_DEPEND = policy/access_vectors
+
+FLASK_H_FILES = include/flask.h include/class_to_string.h
include/initial_sid_to_string.h
+AV_H_FILES = include/av_perm_to_string.h include/av_permissions.h
+ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES)
+
+$(obj-y) ss/built_in.o: $(ALL_H_FILES)
+
+$(FLASK_H_FILES): $(FLASK_H_DEPEND)
+ $(CONFIG_SHELL) policy/mkflask.sh $(AWK) $(FLASK_H_DEPEND)
+
+$(AV_H_FILES): $(AV_H_DEPEND)
+ $(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
+
+.PHONY: clean
+clean::
+ rm -f $(ALL_H_FILES) *.o $(DEPS)
diff --git a/xen/xsm/flask/include/av_perm_to_string.h
b/xen/xsm/flask/include/av_perm_to_string.h
deleted file mode 100644
index c3f2370..0000000
--- a/xen/xsm/flask/include/av_perm_to_string.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* This file is automatically generated. Do not edit. */
- S_(SECCLASS_XEN, XEN__SCHEDULER, "scheduler")
- S_(SECCLASS_XEN, XEN__SETTIME, "settime")
- S_(SECCLASS_XEN, XEN__TBUFCONTROL, "tbufcontrol")
- S_(SECCLASS_XEN, XEN__READCONSOLE, "readconsole")
- S_(SECCLASS_XEN, XEN__CLEARCONSOLE, "clearconsole")
- S_(SECCLASS_XEN, XEN__PERFCONTROL, "perfcontrol")
- S_(SECCLASS_XEN, XEN__MTRR_ADD, "mtrr_add")
- S_(SECCLASS_XEN, XEN__MTRR_DEL, "mtrr_del")
- S_(SECCLASS_XEN, XEN__MTRR_READ, "mtrr_read")
- S_(SECCLASS_XEN, XEN__MICROCODE, "microcode")
- S_(SECCLASS_XEN, XEN__PHYSINFO, "physinfo")
- S_(SECCLASS_XEN, XEN__QUIRK, "quirk")
- S_(SECCLASS_XEN, XEN__WRITECONSOLE, "writeconsole")
- S_(SECCLASS_XEN, XEN__READAPIC, "readapic")
- S_(SECCLASS_XEN, XEN__WRITEAPIC, "writeapic")
- S_(SECCLASS_XEN, XEN__PRIVPROFILE, "privprofile")
- S_(SECCLASS_XEN, XEN__NONPRIVPROFILE, "nonprivprofile")
- S_(SECCLASS_XEN, XEN__KEXEC, "kexec")
- S_(SECCLASS_XEN, XEN__FIRMWARE, "firmware")
- S_(SECCLASS_XEN, XEN__SLEEP, "sleep")
- S_(SECCLASS_XEN, XEN__FREQUENCY, "frequency")
- S_(SECCLASS_XEN, XEN__GETIDLE, "getidle")
- S_(SECCLASS_XEN, XEN__DEBUG, "debug")
- S_(SECCLASS_XEN, XEN__GETCPUINFO, "getcpuinfo")
- S_(SECCLASS_XEN, XEN__HEAP, "heap")
- S_(SECCLASS_XEN, XEN__PM_OP, "pm_op")
- S_(SECCLASS_XEN, XEN__MCA_OP, "mca_op")
- S_(SECCLASS_XEN, XEN__LOCKPROF, "lockprof")
- S_(SECCLASS_XEN, XEN__CPUPOOL_OP, "cpupool_op")
- S_(SECCLASS_XEN, XEN__SCHED_OP, "sched_op")
- S_(SECCLASS_XEN, XEN__TMEM_OP, "tmem_op")
- S_(SECCLASS_XEN, XEN__TMEM_CONTROL, "tmem_control")
- S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT, "setvcpucontext")
- S_(SECCLASS_DOMAIN, DOMAIN__PAUSE, "pause")
- S_(SECCLASS_DOMAIN, DOMAIN__UNPAUSE, "unpause")
- S_(SECCLASS_DOMAIN, DOMAIN__RESUME, "resume")
- S_(SECCLASS_DOMAIN, DOMAIN__CREATE, "create")
- S_(SECCLASS_DOMAIN, DOMAIN__TRANSITION, "transition")
- S_(SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS, "max_vcpus")
- S_(SECCLASS_DOMAIN, DOMAIN__DESTROY, "destroy")
- S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY, "setvcpuaffinity")
- S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUAFFINITY, "getvcpuaffinity")
- S_(SECCLASS_DOMAIN, DOMAIN__SCHEDULER, "scheduler")
- S_(SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO, "getdomaininfo")
- S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO, "getvcpuinfo")
- S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT, "getvcpucontext")
- S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM, "setdomainmaxmem")
- S_(SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE, "setdomainhandle")
- S_(SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING, "setdebugging")
- S_(SECCLASS_DOMAIN, DOMAIN__HYPERCALL, "hypercall")
- S_(SECCLASS_DOMAIN, DOMAIN__SETTIME, "settime")
- S_(SECCLASS_DOMAIN, DOMAIN__SET_TARGET, "set_target")
- S_(SECCLASS_DOMAIN, DOMAIN__SHUTDOWN, "shutdown")
- S_(SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE, "setaddrsize")
- S_(SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE, "getaddrsize")
- S_(SECCLASS_DOMAIN, DOMAIN__TRIGGER, "trigger")
- S_(SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT,
"getextvcpucontext")
- S_(SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT,
"setextvcpucontext")
- S_(SECCLASS_DOMAIN, DOMAIN__GETVCPUEXTSTATE, "getvcpuextstate")
- S_(SECCLASS_DOMAIN, DOMAIN__SETVCPUEXTSTATE, "setvcpuextstate")
- S_(SECCLASS_DOMAIN, DOMAIN__GETPODTARGET, "getpodtarget")
- S_(SECCLASS_DOMAIN, DOMAIN__SETPODTARGET, "setpodtarget")
- S_(SECCLASS_DOMAIN, DOMAIN__SET_MISC_INFO, "set_misc_info")
- S_(SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER, "set_virq_handler")
- S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELFROM, "relabelfrom")
- S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELTO, "relabelto")
- S_(SECCLASS_DOMAIN2, DOMAIN2__RELABELSELF, "relabelself")
- S_(SECCLASS_DOMAIN2, DOMAIN2__MAKE_PRIV_FOR, "make_priv_for")
- S_(SECCLASS_DOMAIN2, DOMAIN2__SET_AS_TARGET, "set_as_target")
- S_(SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID, "set_cpuid")
- S_(SECCLASS_DOMAIN2, DOMAIN2__GETTSC, "gettsc")
- S_(SECCLASS_DOMAIN2, DOMAIN2__SETTSC, "settsc")
- S_(SECCLASS_HVM, HVM__SETHVMC, "sethvmc")
- S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
- S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
- S_(SECCLASS_HVM, HVM__GETPARAM, "getparam")
- S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
- S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
- S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
- S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq")
- S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr")
- S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
- S_(SECCLASS_HVM, HVM__HVMCTL, "hvmctl")
- S_(SECCLASS_HVM, HVM__MEM_EVENT, "mem_event")
- S_(SECCLASS_HVM, HVM__MEM_SHARING, "mem_sharing")
- S_(SECCLASS_HVM, HVM__AUDIT_P2M, "audit_p2m")
- S_(SECCLASS_HVM, HVM__SEND_IRQ, "send_irq")
- S_(SECCLASS_HVM, HVM__SHARE_MEM, "share_mem")
- S_(SECCLASS_EVENT, EVENT__BIND, "bind")
- S_(SECCLASS_EVENT, EVENT__SEND, "send")
- S_(SECCLASS_EVENT, EVENT__STATUS, "status")
- S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify")
- S_(SECCLASS_EVENT, EVENT__CREATE, "create")
- S_(SECCLASS_EVENT, EVENT__RESET, "reset")
- S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read")
- S_(SECCLASS_GRANT, GRANT__MAP_WRITE, "map_write")
- S_(SECCLASS_GRANT, GRANT__UNMAP, "unmap")
- S_(SECCLASS_GRANT, GRANT__TRANSFER, "transfer")
- S_(SECCLASS_GRANT, GRANT__SETUP, "setup")
- S_(SECCLASS_GRANT, GRANT__COPY, "copy")
- S_(SECCLASS_GRANT, GRANT__QUERY, "query")
- S_(SECCLASS_MMU, MMU__MAP_READ, "map_read")
- S_(SECCLASS_MMU, MMU__MAP_WRITE, "map_write")
- S_(SECCLASS_MMU, MMU__PAGEINFO, "pageinfo")
- S_(SECCLASS_MMU, MMU__PAGELIST, "pagelist")
- S_(SECCLASS_MMU, MMU__ADJUST, "adjust")
- S_(SECCLASS_MMU, MMU__STAT, "stat")
- S_(SECCLASS_MMU, MMU__TRANSLATEGP, "translategp")
- S_(SECCLASS_MMU, MMU__UPDATEMP, "updatemp")
- S_(SECCLASS_MMU, MMU__PHYSMAP, "physmap")
- S_(SECCLASS_MMU, MMU__PINPAGE, "pinpage")
- S_(SECCLASS_MMU, MMU__MFNLIST, "mfnlist")
- S_(SECCLASS_MMU, MMU__MEMORYMAP, "memorymap")
- S_(SECCLASS_MMU, MMU__REMOTE_REMAP, "remote_remap")
- S_(SECCLASS_MMU, MMU__MMUEXT_OP, "mmuext_op")
- S_(SECCLASS_MMU, MMU__EXCHANGE, "exchange")
- S_(SECCLASS_SHADOW, SHADOW__DISABLE, "disable")
- S_(SECCLASS_SHADOW, SHADOW__ENABLE, "enable")
- S_(SECCLASS_SHADOW, SHADOW__LOGDIRTY, "logdirty")
- S_(SECCLASS_RESOURCE, RESOURCE__ADD, "add")
- S_(SECCLASS_RESOURCE, RESOURCE__REMOVE, "remove")
- S_(SECCLASS_RESOURCE, RESOURCE__USE, "use")
- S_(SECCLASS_RESOURCE, RESOURCE__ADD_IRQ, "add_irq")
- S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IRQ, "remove_irq")
- S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOPORT, "add_ioport")
- S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOPORT, "remove_ioport")
- S_(SECCLASS_RESOURCE, RESOURCE__ADD_IOMEM, "add_iomem")
- S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_IOMEM, "remove_iomem")
- S_(SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, "stat_device")
- S_(SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, "add_device")
- S_(SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, "remove_device")
- S_(SECCLASS_RESOURCE, RESOURCE__PLUG, "plug")
- S_(SECCLASS_RESOURCE, RESOURCE__UNPLUG, "unplug")
- S_(SECCLASS_RESOURCE, RESOURCE__SETUP, "setup")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
- S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
- S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
"compute_relabel")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
- S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
- S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
- S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
- S_(SECCLASS_SECURITY, SECURITY__ADD_OCONTEXT, "add_ocontext")
- S_(SECCLASS_SECURITY, SECURITY__DEL_OCONTEXT, "del_ocontext")
diff --git a/xen/xsm/flask/include/av_permissions.h
b/xen/xsm/flask/include/av_permissions.h
deleted file mode 100644
index 65302e8..0000000
--- a/xen/xsm/flask/include/av_permissions.h
+++ /dev/null
@@ -1,157 +0,0 @@
-/* This file is automatically generated. Do not edit. */
-#define XEN__SCHEDULER 0x00000001UL
-#define XEN__SETTIME 0x00000002UL
-#define XEN__TBUFCONTROL 0x00000004UL
-#define XEN__READCONSOLE 0x00000008UL
-#define XEN__CLEARCONSOLE 0x00000010UL
-#define XEN__PERFCONTROL 0x00000020UL
-#define XEN__MTRR_ADD 0x00000040UL
-#define XEN__MTRR_DEL 0x00000080UL
-#define XEN__MTRR_READ 0x00000100UL
-#define XEN__MICROCODE 0x00000200UL
-#define XEN__PHYSINFO 0x00000400UL
-#define XEN__QUIRK 0x00000800UL
-#define XEN__WRITECONSOLE 0x00001000UL
-#define XEN__READAPIC 0x00002000UL
-#define XEN__WRITEAPIC 0x00004000UL
-#define XEN__PRIVPROFILE 0x00008000UL
-#define XEN__NONPRIVPROFILE 0x00010000UL
-#define XEN__KEXEC 0x00020000UL
-#define XEN__FIRMWARE 0x00040000UL
-#define XEN__SLEEP 0x00080000UL
-#define XEN__FREQUENCY 0x00100000UL
-#define XEN__GETIDLE 0x00200000UL
-#define XEN__DEBUG 0x00400000UL
-#define XEN__GETCPUINFO 0x00800000UL
-#define XEN__HEAP 0x01000000UL
-#define XEN__PM_OP 0x02000000UL
-#define XEN__MCA_OP 0x04000000UL
-#define XEN__LOCKPROF 0x08000000UL
-#define XEN__CPUPOOL_OP 0x10000000UL
-#define XEN__SCHED_OP 0x20000000UL
-#define XEN__TMEM_OP 0x40000000UL
-#define XEN__TMEM_CONTROL 0x80000000UL
-
-#define DOMAIN__SETVCPUCONTEXT 0x00000001UL
-#define DOMAIN__PAUSE 0x00000002UL
-#define DOMAIN__UNPAUSE 0x00000004UL
-#define DOMAIN__RESUME 0x00000008UL
-#define DOMAIN__CREATE 0x00000010UL
-#define DOMAIN__TRANSITION 0x00000020UL
-#define DOMAIN__MAX_VCPUS 0x00000040UL
-#define DOMAIN__DESTROY 0x00000080UL
-#define DOMAIN__SETVCPUAFFINITY 0x00000100UL
-#define DOMAIN__GETVCPUAFFINITY 0x00000200UL
-#define DOMAIN__SCHEDULER 0x00000400UL
-#define DOMAIN__GETDOMAININFO 0x00000800UL
-#define DOMAIN__GETVCPUINFO 0x00001000UL
-#define DOMAIN__GETVCPUCONTEXT 0x00002000UL
-#define DOMAIN__SETDOMAINMAXMEM 0x00004000UL
-#define DOMAIN__SETDOMAINHANDLE 0x00008000UL
-#define DOMAIN__SETDEBUGGING 0x00010000UL
-#define DOMAIN__HYPERCALL 0x00020000UL
-#define DOMAIN__SETTIME 0x00040000UL
-#define DOMAIN__SET_TARGET 0x00080000UL
-#define DOMAIN__SHUTDOWN 0x00100000UL
-#define DOMAIN__SETADDRSIZE 0x00200000UL
-#define DOMAIN__GETADDRSIZE 0x00400000UL
-#define DOMAIN__TRIGGER 0x00800000UL
-#define DOMAIN__GETEXTVCPUCONTEXT 0x01000000UL
-#define DOMAIN__SETEXTVCPUCONTEXT 0x02000000UL
-#define DOMAIN__GETVCPUEXTSTATE 0x04000000UL
-#define DOMAIN__SETVCPUEXTSTATE 0x08000000UL
-#define DOMAIN__GETPODTARGET 0x10000000UL
-#define DOMAIN__SETPODTARGET 0x20000000UL
-#define DOMAIN__SET_MISC_INFO 0x40000000UL
-#define DOMAIN__SET_VIRQ_HANDLER 0x80000000UL
-
-#define DOMAIN2__RELABELFROM 0x00000001UL
-#define DOMAIN2__RELABELTO 0x00000002UL
-#define DOMAIN2__RELABELSELF 0x00000004UL
-#define DOMAIN2__MAKE_PRIV_FOR 0x00000008UL
-#define DOMAIN2__SET_AS_TARGET 0x00000010UL
-#define DOMAIN2__SET_CPUID 0x00000020UL
-#define DOMAIN2__GETTSC 0x00000040UL
-#define DOMAIN2__SETTSC 0x00000080UL
-
-#define HVM__SETHVMC 0x00000001UL
-#define HVM__GETHVMC 0x00000002UL
-#define HVM__SETPARAM 0x00000004UL
-#define HVM__GETPARAM 0x00000008UL
-#define HVM__PCILEVEL 0x00000010UL
-#define HVM__IRQLEVEL 0x00000020UL
-#define HVM__PCIROUTE 0x00000040UL
-#define HVM__BIND_IRQ 0x00000080UL
-#define HVM__CACHEATTR 0x00000100UL
-#define HVM__TRACKDIRTYVRAM 0x00000200UL
-#define HVM__HVMCTL 0x00000400UL
-#define HVM__MEM_EVENT 0x00000800UL
-#define HVM__MEM_SHARING 0x00001000UL
-#define HVM__AUDIT_P2M 0x00002000UL
-#define HVM__SEND_IRQ 0x00004000UL
-#define HVM__SHARE_MEM 0x00008000UL
-
-#define EVENT__BIND 0x00000001UL
-#define EVENT__SEND 0x00000002UL
-#define EVENT__STATUS 0x00000004UL
-#define EVENT__NOTIFY 0x00000008UL
-#define EVENT__CREATE 0x00000010UL
-#define EVENT__RESET 0x00000020UL
-
-#define GRANT__MAP_READ 0x00000001UL
-#define GRANT__MAP_WRITE 0x00000002UL
-#define GRANT__UNMAP 0x00000004UL
-#define GRANT__TRANSFER 0x00000008UL
-#define GRANT__SETUP 0x00000010UL
-#define GRANT__COPY 0x00000020UL
-#define GRANT__QUERY 0x00000040UL
-
-#define MMU__MAP_READ 0x00000001UL
-#define MMU__MAP_WRITE 0x00000002UL
-#define MMU__PAGEINFO 0x00000004UL
-#define MMU__PAGELIST 0x00000008UL
-#define MMU__ADJUST 0x00000010UL
-#define MMU__STAT 0x00000020UL
-#define MMU__TRANSLATEGP 0x00000040UL
-#define MMU__UPDATEMP 0x00000080UL
-#define MMU__PHYSMAP 0x00000100UL
-#define MMU__PINPAGE 0x00000200UL
-#define MMU__MFNLIST 0x00000400UL
-#define MMU__MEMORYMAP 0x00000800UL
-#define MMU__REMOTE_REMAP 0x00001000UL
-#define MMU__MMUEXT_OP 0x00002000UL
-#define MMU__EXCHANGE 0x00004000UL
-
-#define SHADOW__DISABLE 0x00000001UL
-#define SHADOW__ENABLE 0x00000002UL
-#define SHADOW__LOGDIRTY 0x00000004UL
-
-#define RESOURCE__ADD 0x00000001UL
-#define RESOURCE__REMOVE 0x00000002UL
-#define RESOURCE__USE 0x00000004UL
-#define RESOURCE__ADD_IRQ 0x00000008UL
-#define RESOURCE__REMOVE_IRQ 0x00000010UL
-#define RESOURCE__ADD_IOPORT 0x00000020UL
-#define RESOURCE__REMOVE_IOPORT 0x00000040UL
-#define RESOURCE__ADD_IOMEM 0x00000080UL
-#define RESOURCE__REMOVE_IOMEM 0x00000100UL
-#define RESOURCE__STAT_DEVICE 0x00000200UL
-#define RESOURCE__ADD_DEVICE 0x00000400UL
-#define RESOURCE__REMOVE_DEVICE 0x00000800UL
-#define RESOURCE__PLUG 0x00001000UL
-#define RESOURCE__UNPLUG 0x00002000UL
-#define RESOURCE__SETUP 0x00004000UL
-
-#define SECURITY__COMPUTE_AV 0x00000001UL
-#define SECURITY__COMPUTE_CREATE 0x00000002UL
-#define SECURITY__COMPUTE_MEMBER 0x00000004UL
-#define SECURITY__CHECK_CONTEXT 0x00000008UL
-#define SECURITY__LOAD_POLICY 0x00000010UL
-#define SECURITY__COMPUTE_RELABEL 0x00000020UL
-#define SECURITY__COMPUTE_USER 0x00000040UL
-#define SECURITY__SETENFORCE 0x00000080UL
-#define SECURITY__SETBOOL 0x00000100UL
-#define SECURITY__SETSECPARAM 0x00000200UL
-#define SECURITY__ADD_OCONTEXT 0x00000400UL
-#define SECURITY__DEL_OCONTEXT 0x00000800UL
-
diff --git a/xen/xsm/flask/include/class_to_string.h
b/xen/xsm/flask/include/class_to_string.h
deleted file mode 100644
index 7716645..0000000
--- a/xen/xsm/flask/include/class_to_string.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* This file is automatically generated. Do not edit. */
-/*
- * Security object class definitions
- */
- S_("null")
- S_("xen")
- S_("domain")
- S_("domain2")
- S_("hvm")
- S_("mmu")
- S_("resource")
- S_("shadow")
- S_("event")
- S_("grant")
- S_("security")
diff --git a/xen/xsm/flask/include/flask.h b/xen/xsm/flask/include/flask.h
deleted file mode 100644
index 3bff998..0000000
--- a/xen/xsm/flask/include/flask.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* This file is automatically generated. Do not edit. */
-#ifndef _SELINUX_FLASK_H_
-#define _SELINUX_FLASK_H_
-
-/*
- * Security object class definitions
- */
-#define SECCLASS_XEN 1
-#define SECCLASS_DOMAIN 2
-#define SECCLASS_DOMAIN2 3
-#define SECCLASS_HVM 4
-#define SECCLASS_MMU 5
-#define SECCLASS_RESOURCE 6
-#define SECCLASS_SHADOW 7
-#define SECCLASS_EVENT 8
-#define SECCLASS_GRANT 9
-#define SECCLASS_SECURITY 10
-
-/*
- * Security identifier indices for initial entities
- */
-#define SECINITSID_XEN 1
-#define SECINITSID_DOM0 2
-#define SECINITSID_DOMIO 3
-#define SECINITSID_DOMXEN 4
-#define SECINITSID_UNLABELED 5
-#define SECINITSID_SECURITY 6
-#define SECINITSID_IOPORT 7
-#define SECINITSID_IOMEM 8
-#define SECINITSID_IRQ 9
-#define SECINITSID_DEVICE 10
-
-#define SECINITSID_NUM 10
-
-#endif
diff --git a/xen/xsm/flask/include/initial_sid_to_string.h
b/xen/xsm/flask/include/initial_sid_to_string.h
deleted file mode 100644
index 814f4bf..0000000
--- a/xen/xsm/flask/include/initial_sid_to_string.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* This file is automatically generated. Do not edit. */
-static char *initial_sid_to_string[] -{
- "null",
- "xen",
- "dom0",
- "domio",
- "domxen",
- "unlabeled",
- "security",
- "ioport",
- "iomem",
- "irq",
- "device",
-};
-
diff --git a/tools/flask/policy/policy/flask/access_vectors
b/xen/xsm/flask/policy/access_vectors
similarity index 100%
rename from tools/flask/policy/policy/flask/access_vectors
rename to xen/xsm/flask/policy/access_vectors
diff --git a/tools/flask/policy/policy/flask/initial_sids
b/xen/xsm/flask/policy/initial_sids
similarity index 100%
rename from tools/flask/policy/policy/flask/initial_sids
rename to xen/xsm/flask/policy/initial_sids
diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh
b/xen/xsm/flask/policy/mkaccess_vector.sh
similarity index 97%
rename from tools/flask/policy/policy/flask/mkaccess_vector.sh
rename to xen/xsm/flask/policy/mkaccess_vector.sh
index 43a60a7..8ec87f7 100644
--- a/tools/flask/policy/policy/flask/mkaccess_vector.sh
+++ b/xen/xsm/flask/policy/mkaccess_vector.sh
@@ -9,8 +9,8 @@ awk=$1
shift
# output files
-av_permissions="av_permissions.h"
-av_perm_to_string="av_perm_to_string.h"
+av_permissions="include/av_permissions.h"
+av_perm_to_string="include/av_perm_to_string.h"
cat $* | $awk "
BEGIN {
diff --git a/tools/flask/policy/policy/flask/mkflask.sh
b/xen/xsm/flask/policy/mkflask.sh
similarity index 95%
rename from tools/flask/policy/policy/flask/mkflask.sh
rename to xen/xsm/flask/policy/mkflask.sh
index 9c84754..e8d8fb5 100644
--- a/tools/flask/policy/policy/flask/mkflask.sh
+++ b/xen/xsm/flask/policy/mkflask.sh
@@ -9,9 +9,9 @@ awk=$1
shift 1
# output file
-output_file="flask.h"
-debug_file="class_to_string.h"
-debug_file2="initial_sid_to_string.h"
+output_file="include/flask.h"
+debug_file="include/class_to_string.h"
+debug_file2="include/initial_sid_to_string.h"
cat $* | $awk "
BEGIN {
diff --git a/tools/flask/policy/policy/flask/security_classes
b/xen/xsm/flask/policy/security_classes
similarity index 100%
rename from tools/flask/policy/policy/flask/security_classes
rename to xen/xsm/flask/policy/security_classes
--
1.7.11.7
Jan Beulich
2012-Nov-19 08:59 UTC
Re: [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > -static int flask_irq_permission (struct domain *d, int irq, uint8_t access) > +static int flask_unmap_domain_pirq (struct domain *d, int irq) > { > - u32 perm; > - u32 rsid; > + u32 sid; > int rc = -EPERM; > > - struct domain_security_struct *ssec, *tsec; > + struct domain_security_struct *ssec; > struct avc_audit_data ad; > > - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, > - resource_to_perm(access)); > - > + rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__REMOVE); > if ( rc ) > return rc; > > - if ( access ) > - perm = RESOURCE__ADD_IRQ; > - else > - perm = RESOURCE__REMOVE_IRQ; > - > ssec = current->domain->ssid; > - tsec = d->ssid; > > - rc = get_irq_sid(irq, &rsid, &ad); > - if ( rc ) > - return rc; > - > - rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad); > + if ( irq >= nr_irqs_gsi ) {Isn''t the use of nr_irqs_gsi x86-specific? Jan> + /* TODO support for MSI here */ > + return 0; > + } else { > + rc = get_irq_sid(irq, &sid, &ad); > + } > if ( rc ) > return rc; > > - if ( access ) > - rc = avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, > - RESOURCE__USE, &ad); > + rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE, RESOURCE__REMOVE_IRQ, &ad); > return rc; > }
Jan Beulich
2012-Nov-19 09:08 UTC
Re: [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > @@ -467,8 +451,8 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) > if ( copy_from_guest(&irq_op, arg, 1) != 0 ) > break; > > - ret = -EPERM; > - if ( !IS_PRIV(v->domain) ) > + ret = xsm_apic(v->domain, cmd);Is that the right hook? There''s nothing APIC related here. Jan> + if ( ret ) > break; > > /* Vector is only used by hypervisor, and dom0 shouldn''t
Jan Beulich
2012-Nov-19 09:24 UTC
Re: [PATCH 09/19] xen: lock target domain in do_domctl common code
>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > @@ -458,6 +443,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) > if ( IS_ERR(d) ) > { > ret = PTR_ERR(d); > + d = NULL;Considering that in the common code you already set d to NULL, is there a specific reason why you do so again here ...> break; > } > > @@ -469,39 +455,28 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) > op->domain = d->domain_id; > if ( copy_to_guest(u_domctl, op, 1) ) > ret = -EFAULT; > + d = NULL;... and here? Same further down for XEN_DOMCTL_getdomaininfo. Jan> } > break; >
>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > Changes from v4: > * Removed patches that have been applied > * Rename __do_xsm_op to do_xsm_op > * Rebased on current xen-unstable > * Policy headers moved under hypervisor > > Changes from v3: > * Moved x86-specific sysctls inside #ifdef CONFIG_X86 > * Removed pt_domain parameter from mmu_update hook when unused > * Renamed xsm___do_xsm_op to xsm_do_xsm_op > * Added struct domain* argument to arch_do_domctl > * Cleaned up mem_event code duplication > > Changes from v2: > * Added overall hooks for domctl, sysctl, and platform_hypercall so > that new sub-operations are protected by IS_PRIV checks > * Reorganized the IS_PRIV additions to dummy.h so they are added in the > same patch that removes the IS_PRIV they are replacing > * Reworked hooks in the MM hotpath to increase efficiency > * Dropped some unneeded XSM hook additions due to do_domctl hook > * Dropped the rcu_lock*target_domain_by_id function removal patch > * Restore IS_PRIV check in PHYSDEVOP_alloc_irq_vector > * Use the existing hook function structure for tmem > > Miscellaneous updates to FLASK: > [PATCH 01/19] libxl: introduce XSM relabel on build > [PATCH 02/19] flask/policy: Add domain relabel example > [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap > [PATCH 04/19] xsm/flask: Add checks on the domain performing set_target > > IS_PRIV Refactoring: > [PATCH 05/19] xsm: Use the dummy XSM module if XSM is disabled > [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated > [PATCH 07/19] xen: avoid calling rcu_lock_*target_domain when an XSM > [PATCH 08/19] arch/x86: convert platform_hypercall to use XSM > [PATCH 09/19] xen: lock target domain in do_domctl common code > [PATCH 10/19] xen: convert do_domctl to use XSM > [PATCH 11/19] xen: convert do_sysctl to use XSM > > Additional new/updated hooks: > [PATCH 12/19] xsm/flask: add missing hooks > [PATCH 13/19] xsm/flask: add distinct SIDs for self/target access > [PATCH 14/19] arch/x86: Add missing mem_sharing XSM hooks > [PATCH 15/19] arch/x86: use XSM hooks for get_pg_owner access checks > [PATCH 16/19] xen: Add XSM hook for XENMEM_exchange > [PATCH 17/19] tmem: add XSM hooks > > Other cleanup: > [PATCH 18/19] xen/arch/*: add struct domain parameter to > [PATCH 19/19] flask: move policy headers into hypervisorExcept for patch 14, once we dealt with the few review comment I gave on the patches I was explicitly Cc-ed on, feel free to change the Cc-s into Acked-by-s (unless, of course, you make non-trivial changes to them down the road); for patches 15 and 18 the acks would be limited to the x86 (and, for the latter, iommu) pieces. As to getting the series applied, I suppose that''ll be a little difficult, as it mixes changes to various parts of the tree, and hence no single maintainer would generally be able to apply the whole series without respective other parts fully acked by the corresponding maintainers. Is there a way to either indicate eventual fully standalone patches, or order/split it so that at least tools side and hypervisor side changes are separated from one another, or mixed patches all go at the beginning or end of the series? Jan
At 09:45 +0000 on 19 Nov (1353318334), Jan Beulich wrote:> As to getting the series applied, I suppose that''ll be a little difficult, > as it mixes changes to various parts of the tree, and hence no > single maintainer would generally be able to apply the whole series > without respective other parts fully acked by the corresponding > maintainers. Is there a way to either indicate eventual fully > standalone patches, or order/split it so that at least tools side and > hypervisor side changes are separated from one another, or mixed > patches all go at the beginning or end of the series?This whole series makes me very uncomfortable. I can see its usefulness, and as a supporter of disaggregations I like the idea of fine-grained control, but it really does obscure the security checks, and makes it less likely that people implementing new operations will get their security checks right. Since there are only a small number of default checks (IS_PRIV, IS_PRIV_FOR, self-only, ???), I wonder whether they could be explicitly included in the xsm invocation (as some sort of ''enum xsm-default-policy'' argument), to make it clear what''s going on without the reader having to grobble around in xsm files? Cheers, Tim.
Ian Campbell
2012-Nov-19 10:42 UTC
Re: [PATCH 01/19] libxl: introduce XSM relabel on build
On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote:> Allow a domain to be built under one security label and run using a > different label. This can be used to prevent the domain builder or > control domain from having the ability to access a guest domain''s memory > via map_foreign_range except during the build process where this is > required. > > Note: this does not provide complete protection from a malicious dom0; > mappings created during the build process may persist after the relabel, > and could be used to indirectly access the guest''s memory. > > Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> > Cc: Ian Jackson <ian.jackson@eu.citrix.com> > Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > Cc: Ian Campbell <ian.campbell@citrix.com> > --- > tools/libxc/xc_flask.c | 10 ++++++++++ > tools/libxc/xenctrl.h | 1 + > tools/libxl/libxl_create.c | 4 ++++ > tools/libxl/libxl_types.idl | 1 + > tools/libxl/xl_cmdimpl.c | 20 +++++++++++++++++++-docs/man... please> diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl > index 7eac4a8..93524f0 100644 > --- a/tools/libxl/libxl_types.idl > +++ b/tools/libxl/libxl_types.idl > @@ -268,6 +268,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ > ("video_memkb", MemKB), > ("shadow_memkb", MemKB), > ("rtc_timeoffset", uint32), > + ("exec_ssidref", uint32),What is the significance of the "exec_" bit of the name?> ("localtime", libxl_defbool), > ("disable_migrate", libxl_defbool), > ("cpuid", libxl_cpuid_policy_list),Ian.
Ian Campbell
2012-Nov-19 10:46 UTC
Re: [PATCH 02/19] flask/policy: Add domain relabel example
On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote:> This adds the nomigrate_t type to the example FLASK policy which allows > domains to be created that dom0 cannot access after building.This is a very cool example of how even dom0''s privileges can be curtailed, I like it! The fact that the domain can''t be migrated is more of a side-effect though I guess, but I can''t really think of a better name (e.g. "securedom_t" suggests other domains aren''t etc...) I''d ack it but this stuff is all Greek to me ;-)> > Example domain configuration snippet: > seclabel=''customer_1:vm_r:nomigrate_t'' > init_seclabel=''customer_1:vm_r:nomigrate_t_building'' > > Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> > --- > docs/misc/xsm-flask.txt | 2 + > tools/flask/policy/policy/modules/xen/xen.if | 56 +++++++++++++++++++++------- > tools/flask/policy/policy/modules/xen/xen.te | 10 +++++ > 3 files changed, 55 insertions(+), 13 deletions(-) > > diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt > index 6b0d327..0778a28 100644 > --- a/docs/misc/xsm-flask.txt > +++ b/docs/misc/xsm-flask.txt > @@ -60,6 +60,8 @@ that can be used without dom0 disaggregation. The main types for domUs are: > - domU_t is a domain that can communicate with any other domU_t > - isolated_domU_t can only communicate with dom0 > - prot_domU_t is a domain type whose creation can be disabled with a boolean > + - nomigrate_t is a domain that must be created via the nomigrate_t_building > + type, and whose memory cannot be read by dom0 once created > > HVM domains with stubdomain device models use two types (one per domain): > - domHVM_t is an HVM domain that uses a stubdomain device model > diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if > index 3f58909..2ad11b2 100644 > --- a/tools/flask/policy/policy/modules/xen/xen.if > +++ b/tools/flask/policy/policy/modules/xen/xen.if > @@ -9,24 +9,47 @@ > # Declare a type as a domain type, and allow basic domain setup > define(`declare_domain'', ` > type $1, domain_type`''ifelse(`$#'', `1'', `'', `,shift($@)''); > + type $1_channel, event_type; > + type_transition $1 domain_type:event $1_channel; > allow $1 $1:grant { query setup }; > allow $1 $1:mmu { adjust physmap map_read map_write stat pinpage }; > allow $1 $1:hvm { getparam setparam }; > '') > > -# create_domain(priv, target) > -# Allow a domain to be created > -define(`create_domain'', ` > +# declare_build_label(type) > +# Declare a paired _building type for the given domain type > +define(`declare_build_label'', ` > + type $1_building, domain_type; > + type_transition $1_building domain_type:event $1_channel; > + allow $1_building $1 : domain transition; > +'') > + > +define(`create_domain_common'', ` > allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize > - getdomaininfo hypercall setvcpucontext scheduler > - unpause getvcpuinfo getvcpuextstate getaddrsize > - getvcpuaffinity }; > + getdomaininfo hypercall setvcpucontext setextvcpucontext > + scheduler getvcpuinfo getvcpuextstate getaddrsize > + getvcpuaffinity setvcpuaffinity }; > allow $1 $2:security check_context; > allow $1 $2:shadow enable; > allow $1 $2:mmu {map_read map_write adjust memorymap physmap pinpage}; > allow $1 $2:grant setup; > - allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute setparam pcilevel trackdirtyvram }; > - allow $1 $2_$1_channel:event create; > + allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc setparam pcilevel trackdirtyvram }; > +'') > + > +# create_domain(priv, target) > +# Allow a domain to be created directly > +define(`create_domain'', ` > + create_domain_common($1, $2) > + allow $1 $2_channel:event create; > +'') > + > +# create_domain_build_label(priv, target) > +# Allow a domain to be created via its domain build label > +define(`create_domain_build_label'', ` > + create_domain_common($1, $2_building) > + allow $1 $2_channel:event create; > + allow $1 $2_building:domain2 relabelfrom; > + allow $1 $2:domain2 relabelto; > '') > > # manage_domain(priv, target) > @@ -37,6 +60,15 @@ define(`manage_domain'', ` > setvcpuaffinity setdomainmaxmem }; > '') > > +# migrate_domain_out(priv, target) > +# Allow creation of a snapshot or migration image from a domain > +# (inbound migration is the same as domain creation) > +define(`migrate_domain_out'', ` > + allow $1 $2:hvm { gethvmc getparam irqlevel }; > + allow $1 $2:mmu { stat pageinfo map_read }; > + allow $1 $2:domain { getaddrsize getvcpucontext getextvcpucontext getvcpuextstate pause destroy }; > +'') > + > ################################################################################ > # > # Inter-domain communication > @@ -47,8 +79,6 @@ define(`manage_domain'', ` > # This allows an event channel to be created from domains with labels > # <source> to <dest> and will label it <chan-label> > define(`create_channel'', ` > - type $3, event_type; > - type_transition $1 $2:event $3; > allow $1 $3:event { create send status }; > allow $3 $2:event { bind }; > '') > @@ -56,8 +86,8 @@ define(`create_channel'', ` > # domain_event_comms(dom1, dom2) > # Allow two domain types to communicate using event channels > define(`domain_event_comms'', ` > - create_channel($1, $2, $1_$2_channel) > - create_channel($2, $1, $2_$1_channel) > + create_channel($1, $2, $1_channel) > + create_channel($2, $1, $2_channel) > '') > > # domain_comms(dom1, dom2) > @@ -72,7 +102,7 @@ define(`domain_comms'', ` > # Allow a domain types to communicate with others of its type using grants > # and event channels (this includes event channels to DOMID_SELF) > define(`domain_self_comms'', ` > - create_channel($1, $1, $1_self_channel) > + create_channel($1, $1, $1_channel) > allow $1 $1:grant { map_read map_write copy unmap }; > '') > > diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te > index 9550397..1162153 100644 > --- a/tools/flask/policy/policy/modules/xen/xen.te > +++ b/tools/flask/policy/policy/modules/xen/xen.te > @@ -90,6 +90,7 @@ create_domain(dom0_t, isolated_domU_t) > manage_domain(dom0_t, isolated_domU_t) > domain_comms(dom0_t, isolated_domU_t) > > +# Declare a boolean that denies creation of prot_domU_t domains > gen_bool(prot_doms_locked, false) > declare_domain(prot_domU_t) > if (!prot_doms_locked) { > @@ -111,6 +112,15 @@ manage_domain(dom0_t, dm_dom_t) > domain_comms(dom0_t, dm_dom_t) > device_model(dm_dom_t, domHVM_t) > > +# nomigrate_t must be built via the nomigrate_t_building label; once built, > +# dom0 cannot read its memory. > +declare_domain(nomigrate_t) > +declare_build_label(nomigrate_t) > +create_domain_build_label(dom0_t, nomigrate_t) > +manage_domain(dom0_t, nomigrate_t) > +domain_comms(dom0_t, nomigrate_t) > +domain_self_comms(nomigrate_t) > + > ############################################################################### > # > # Device delegation
Ian Campbell
2012-Nov-19 11:00 UTC
Re: [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote:> The Xen hypervisor has two basic access control function calls: IS_PRIV > and the xsm_* functions. Most privileged operations currently require > that both checks succeed, and many times the checks are at different > locations in the code. This patch eliminates the explicit and implicit > IS_PRIV checks that are duplicated in XSM hooks.The downside is that you loose some context in the hypercall implementation, i.e. the hint about whether a hypercall is available only to the toolstack, or to only stubdomains or more generally to all guests etc which is useful to have in front of you when changing the code. IOW I worry that we may end up introducing bugs due to hiding this context away behind the xsm wrapper, e.g. you think a function is privileged guest only but actually it is guest accessible. I wonder if there is any way we can get the benefits of this change without this downside? Perhaps in the name of the hook? e.g. For each existing xsm_<foo> we instead define exactly one of xsm_guest_<foo>, xsm_stubdom_<foo> or xsm_priv_<foo>. This might also let us define some macros for use in dummy.[ch] which simultaneously construct the correct function name and include the appropriate boilerplate perm check thus ensuring they don''t get out of sync.> Some checks are removed due to non-obvious duplicates in their callers:If the duplicates are non-obvious wouldn''t it be better to keep them as a belt-and-braces measure? Ian.
Daniel De Graaf
2012-Nov-19 14:53 UTC
Re: [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
On 11/19/2012 03:59 AM, Jan Beulich wrote:>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >> -static int flask_irq_permission (struct domain *d, int irq, uint8_t access) >> +static int flask_unmap_domain_pirq (struct domain *d, int irq) >> { >> - u32 perm; >> - u32 rsid; >> + u32 sid; >> int rc = -EPERM; >> >> - struct domain_security_struct *ssec, *tsec; >> + struct domain_security_struct *ssec; >> struct avc_audit_data ad; >> >> - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, >> - resource_to_perm(access)); >> - >> + rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, RESOURCE__REMOVE); >> if ( rc ) >> return rc; >> >> - if ( access ) >> - perm = RESOURCE__ADD_IRQ; >> - else >> - perm = RESOURCE__REMOVE_IRQ; >> - >> ssec = current->domain->ssid; >> - tsec = d->ssid; >> >> - rc = get_irq_sid(irq, &rsid, &ad); >> - if ( rc ) >> - return rc; >> - >> - rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad); >> + if ( irq >= nr_irqs_gsi ) { > > Isn''t the use of nr_irqs_gsi x86-specific? > > Jan >It''s defined in xen/include/xen/irq.h (not in an x86-specific file), so I hadn''t assumed so. The check here is to avoid needing to allow access to the MSI IRQs by number since they are dynamic and therefore meaningless in a statically-defined policy.>> + /* TODO support for MSI here */ >> + return 0; >> + } else { >> + rc = get_irq_sid(irq, &sid, &ad); >> + } >> if ( rc ) >> return rc; >> >> - if ( access ) >> - rc = avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, >> - RESOURCE__USE, &ad); >> + rc = avc_has_perm(ssec->sid, sid, SECCLASS_RESOURCE, RESOURCE__REMOVE_IRQ, &ad); >> return rc; >> } > > >-- Daniel De Graaf National Security Agency
Daniel De Graaf
2012-Nov-19 14:59 UTC
Re: [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
On 11/19/2012 04:08 AM, Jan Beulich wrote:>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >> @@ -467,8 +451,8 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) >> if ( copy_from_guest(&irq_op, arg, 1) != 0 ) >> break; >> >> - ret = -EPERM; >> - if ( !IS_PRIV(v->domain) ) >> + ret = xsm_apic(v->domain, cmd); > > Is that the right hook? There''s nothing APIC related here. > > JanThere''s nothing here at all: the hypercall is a noop. However, when I posted the patch without the XSM check I was told that a check still needs to be performed in order to preserve compatability, and the comment below implies that this operation is done prior to programming the ioapic.> >> + if ( ret ) >> break; >>/* Vector is only used by hypervisor, and dom0 shouldn''t touch it in its world, return irq_op.irq as the vecotr, and make this hypercall dummy, and also defer the vector allocation when dom0 tries to programe ioapic entry. */
Daniel De Graaf
2012-Nov-19 15:16 UTC
Re: [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
On 11/19/2012 06:00 AM, Ian Campbell wrote:> On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote: >> The Xen hypervisor has two basic access control function calls: IS_PRIV >> and the xsm_* functions. Most privileged operations currently require >> that both checks succeed, and many times the checks are at different >> locations in the code. This patch eliminates the explicit and implicit >> IS_PRIV checks that are duplicated in XSM hooks. > > The downside is that you loose some context in the hypercall > implementation, i.e. the hint about whether a hypercall is available > only to the toolstack, or to only stubdomains or more generally to all > guests etc which is useful to have in front of you when changing the > code. > > IOW I worry that we may end up introducing bugs due to hiding this > context away behind the xsm wrapper, e.g. you think a function is > privileged guest only but actually it is guest accessible. > > I wonder if there is any way we can get the benefits of this change > without this downside? > > Perhaps in the name of the hook? e.g. For each existing xsm_<foo> we > instead define exactly one of xsm_guest_<foo>, xsm_stubdom_<foo> or > xsm_priv_<foo>. This might also let us define some macros for use in > dummy.[ch] which simultaneously construct the correct function name and > include the appropriate boilerplate perm check thus ensuring they don''t > get out of sync.I think something like this would help clarify the intended purpose of the access control check. I think it may also be useful to split "priv" further into "dom0" for hardware functionality and "ctl" for domain administration; without looking at the hooks in detail, that should cover most categories. One other problem that I would like to resolve is that the XSM functions in dummy.h aren''t visible to ctags; it might be useful to name the dummy functions identically to the XSM hooks and construct dummy.c to avoid including the duplicate definitions.>> Some checks are removed due to non-obvious duplicates in their callers: > > If the duplicates are non-obvious wouldn''t it be better to keep them as > a belt-and-braces measure? > > Ian.In this case, "non-obvious" meant "not obvious from a patch context". Keeping the duplicated calls would require either leaving the IS_PRIV checks (where the whole point of this patch is to remove them) or creating new, redundant XSM hooks. -- Daniel De Graaf National Security Agency
Daniel De Graaf
2012-Nov-19 15:20 UTC
Re: [PATCH 09/19] xen: lock target domain in do_domctl common code
On 11/19/2012 04:24 AM, Jan Beulich wrote:>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >> @@ -458,6 +443,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) >> if ( IS_ERR(d) ) >> { >> ret = PTR_ERR(d); >> + d = NULL; > > Considering that in the common code you already set d to NULL, > is there a specific reason why you do so again here ... > >> break; >> } >> >> @@ -469,39 +455,28 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) >> op->domain = d->domain_id; >> if ( copy_to_guest(u_domctl, op, 1) ) >> ret = -EFAULT; >> + d = NULL; > > ... and here? > > Same further down for XEN_DOMCTL_getdomaininfo. > > Jan > >> } >> break; >> > > >This avoids unlocking the domain when it hasn''t been locked (at the end of the function at domctl_out_unlock) or trying to unlock a ERR_PTR value. -- Daniel De Graaf National Security Agency
Jan Beulich
2012-Nov-19 15:43 UTC
Re: [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated
>>> On 19.11.12 at 15:59, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > On 11/19/2012 04:08 AM, Jan Beulich wrote: >>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >>> @@ -467,8 +451,8 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) > arg) >>> if ( copy_from_guest(&irq_op, arg, 1) != 0 ) >>> break; >>> >>> - ret = -EPERM; >>> - if ( !IS_PRIV(v->domain) ) >>> + ret = xsm_apic(v->domain, cmd); >> >> Is that the right hook? There''s nothing APIC related here. > > There''s nothing here at all: the hypercall is a noop. However, when I > posted the patch without the XSM check I was told that a check still > needs to be performed in order to preserve compatability, and the > comment below implies that this operation is done prior to programming > the ioapic.But still - this is misleading without at least a code comment. Jan>> >>> + if ( ret ) >>> break; >>> > /* Vector is only used by hypervisor, and dom0 shouldn''t > touch it in its world, return irq_op.irq as the vecotr, > and make this hypercall dummy, and also defer the vector > allocation when dom0 tries to programe ioapic entry. */ >
On 11/19/2012 04:45 AM, Jan Beulich wrote:> As to getting the series applied, I suppose that''ll be a little difficult, > as it mixes changes to various parts of the tree, and hence no > single maintainer would generally be able to apply the whole series > without respective other parts fully acked by the corresponding > maintainers. Is there a way to either indicate eventual fully > standalone patches, or order/split it so that at least tools side and > hypervisor side changes are separated from one another, or mixed > patches all go at the beginning or end of the series?The only patch related to tools is patch #1; the other patches only touch the hypervisor or the example FLASK policy (which is under tools/). The hypervisor patch that #1 relies on is already in 4.3, none of the rest of the series depends on it (except where someone might want to use the functionality it adds). On 11/19/2012 05:26 AM, Tim Deegan wrote:> This whole series makes me very uncomfortable. I can see its usefulness, > and as a supporter of disaggregations I like the idea of fine-grained > control, but it really does obscure the security checks, and makes it > less likely that people implementing new operations will get their > security checks right.I agree about the increased possibility to get things wrong, but I think that''s going regardless of how you move away from a simple binary permission check. I have tried to address this by adding generic checks where possible (domctl, sysctl) so that new code added there has sane default protection. Another thing I can think of is to make the existing code as easy to understand as possible so people copying "how it''s currently done" get it right; suggestions here would be appreciated as I tend to understand my own code too well to see how it''s confusing - the construction of new hooks in dummy.h is one part that I hope to improve on.> Since there are only a small number of default checks (IS_PRIV, > IS_PRIV_FOR, self-only, ???), I wonder whether they could be explicitly > included in the xsm invocation (as some sort of ''enum > xsm-default-policy'' argument), to make it clear what''s going on without > the reader having to grobble around in xsm files?Ian made a similar suggestion in reply to #6, suggesting adding the type (guest, stubdom, toolstack, dom0/hardware) to the XSM hook''s name so that one can get a quick idea of what the hook is for at a glance. This seems like a useful addition, although the handling of more complex hooks like xsm_mmu_update may still require the reader to look in the XSM code to figure out what is being checked. -- Daniel De Graaf National Security Agency
These patches clean up some of the XSM code that caused difficulty with ctags, and changes hook names to show the default action of the hook. They apply on top of my XSM patch series v5, and if they help increase readability, will be integrated into the next version of that series.
This fixes ctags so that it can find the default XSM hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/include/xsm/dummy.h | 256 ++++++++++++++++++++++++------------------------
xen/include/xsm/xsm.h | 5 +-
xen/xsm/dummy.c | 5 +-
3 files changed, 135 insertions(+), 131 deletions(-)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 040b463..fa78785 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -11,83 +11,83 @@
#include <xen/sched.h>
#include <xsm/xsm.h>
-static XSM_DEFAULT(void, security_domaininfo)(struct domain *d,
+static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
return;
}
-static XSM_DEFAULT(int, setvcpucontext)(struct domain *d)
+static XSM_INLINE int xsm_setvcpucontext(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, pausedomain) (struct domain *d)
+static XSM_INLINE int xsm_pausedomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, unpausedomain) (struct domain *d)
+static XSM_INLINE int xsm_unpausedomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, resumedomain) (struct domain *d)
+static XSM_INLINE int xsm_resumedomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, domain_create)(struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
{
return 0;
}
-static XSM_DEFAULT(int, max_vcpus)(struct domain *d)
+static XSM_INLINE int xsm_max_vcpus(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, destroydomain) (struct domain *d)
+static XSM_INLINE int xsm_destroydomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, vcpuaffinity) (int cmd, struct domain *d)
+static XSM_INLINE int xsm_vcpuaffinity(int cmd, struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, scheduler) (struct domain *d)
+static XSM_INLINE int xsm_scheduler(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getdomaininfo) (struct domain *d)
+static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getvcpucontext) (struct domain *d)
+static XSM_INLINE int xsm_getvcpucontext(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getvcpuinfo) (struct domain *d)
+static XSM_INLINE int xsm_getvcpuinfo(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, domain_settime) (struct domain *d)
+static XSM_INLINE int xsm_domain_settime(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, set_target) (struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
{
return 0;
}
-static XSM_DEFAULT(int, domctl)(struct domain *d, int cmd)
+static XSM_INLINE int xsm_domctl(struct domain *d, int cmd)
{
switch ( cmd )
{
@@ -106,143 +106,143 @@ static XSM_DEFAULT(int, domctl)(struct domain *d, int
cmd)
return 0;
}
-static XSM_DEFAULT(int, sysctl)(int cmd)
+static XSM_INLINE int xsm_sysctl(int cmd)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, set_virq_handler)(struct domain *d, uint32_t virq)
+static XSM_INLINE int xsm_set_virq_handler(struct domain *d, uint32_t virq)
{
return 0;
}
-static XSM_DEFAULT(int, tbufcontrol) (void)
+static XSM_INLINE int xsm_tbufcontrol(void)
{
return 0;
}
-static XSM_DEFAULT(int, readconsole) (uint32_t clear)
+static XSM_INLINE int xsm_readconsole(uint32_t clear)
{
return 0;
}
-static XSM_DEFAULT(int, sched_id) (void)
+static XSM_INLINE int xsm_sched_id(void)
{
return 0;
}
-static XSM_DEFAULT(int, setdomainmaxmem) (struct domain *d)
+static XSM_INLINE int xsm_setdomainmaxmem(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, setdomainhandle) (struct domain *d)
+static XSM_INLINE int xsm_setdomainhandle(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, setdebugging) (struct domain *d)
+static XSM_INLINE int xsm_setdebugging(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, perfcontrol) (void)
+static XSM_INLINE int xsm_perfcontrol(void)
{
return 0;
}
-static XSM_DEFAULT(int, debug_keys) (void)
+static XSM_INLINE int xsm_debug_keys(void)
{
return 0;
}
-static XSM_DEFAULT(int, getcpuinfo) (void)
+static XSM_INLINE int xsm_getcpuinfo(void)
{
return 0;
}
-static XSM_DEFAULT(int, get_pmstat) (void)
+static XSM_INLINE int xsm_get_pmstat(void)
{
return 0;
}
-static XSM_DEFAULT(int, setpminfo) (void)
+static XSM_INLINE int xsm_setpminfo(void)
{
return 0;
}
-static XSM_DEFAULT(int, pm_op) (void)
+static XSM_INLINE int xsm_pm_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, do_mca) (void)
+static XSM_INLINE int xsm_do_mca(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, availheap) (void)
+static XSM_INLINE int xsm_availheap(void)
{
return 0;
}
-static XSM_DEFAULT(int, alloc_security_domain) (struct domain *d)
+static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(void, free_security_domain) (struct domain *d)
+static XSM_INLINE void xsm_free_security_domain(struct domain *d)
{
return;
}
-static XSM_DEFAULT(int, grant_mapref) (struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
return 0;
}
-static XSM_DEFAULT(int, grant_unmapref) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_DEFAULT(int, grant_setup) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, grant_transfer) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_DEFAULT(int, grant_copy) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_DEFAULT(int, grant_query_size) (struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, memory_exchange) (struct domain *d)
+static XSM_INLINE int xsm_memory_exchange(struct domain *d)
{
if ( d != current->domain && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, memory_adjust_reservation) (struct domain *d1,
+static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
@@ -250,14 +250,14 @@ static XSM_DEFAULT(int, memory_adjust_reservation) (struct
domain *d1,
return 0;
}
-static XSM_DEFAULT(int, memory_stat_reservation) (struct domain *d1, struct
domain *d2)
+static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, console_io) (struct domain *d, int cmd)
+static XSM_INLINE int xsm_console_io(struct domain *d, int cmd)
{
#ifndef VERBOSE
if ( !IS_PRIV(current->domain) )
@@ -266,32 +266,32 @@ static XSM_DEFAULT(int, console_io) (struct domain *d, int
cmd)
return 0;
}
-static XSM_DEFAULT(int, profile) (struct domain *d, int op)
+static XSM_INLINE int xsm_profile(struct domain *d, int op)
{
return 0;
}
-static XSM_DEFAULT(int, kexec) (void)
+static XSM_INLINE int xsm_kexec(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, schedop_shutdown) (struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain
*d2)
{
if ( !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, memory_pin_page) (struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
struct page_info *page)
{
return 0;
}
-static XSM_DEFAULT(int, evtchn_unbound) (struct domain *d, struct evtchn *chn,
+static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
domid_t id2)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
@@ -299,200 +299,200 @@ static XSM_DEFAULT(int, evtchn_unbound) (struct domain
*d, struct evtchn *chn,
return 0;
}
-static XSM_DEFAULT(int, evtchn_interdomain) (struct domain *d1, struct evtchn
+static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn
*chan1, struct domain *d2, struct evtchn
*chan2)
{
return 0;
}
-static XSM_DEFAULT(void, evtchn_close_post) (struct evtchn *chn)
+static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
{
return;
}
-static XSM_DEFAULT(int, evtchn_send) (struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
{
return 0;
}
-static XSM_DEFAULT(int, evtchn_status) (struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, evtchn_reset) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, alloc_security_evtchn) (struct evtchn *chn)
+static XSM_INLINE int xsm_alloc_security_evtchn(struct evtchn *chn)
{
return 0;
}
-static XSM_DEFAULT(void, free_security_evtchn) (struct evtchn *chn)
+static XSM_INLINE void xsm_free_security_evtchn(struct evtchn *chn)
{
return;
}
-static XSM_DEFAULT(char *, show_security_evtchn) (struct domain *d, const
struct evtchn *chn)
+static XSM_INLINE char * xsm_show_security_evtchn(struct domain *d, const
struct evtchn *chn)
{
return NULL;
}
-static XSM_DEFAULT(int, get_pod_target)(struct domain *d)
+static XSM_INLINE int xsm_get_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, set_pod_target)(struct domain *d)
+static XSM_INLINE int xsm_set_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, get_device_group) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, test_assign_device) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, assign_device) (struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, deassign_device) (struct domain *d, uint32_t
machine_bdf)
+static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t
machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, resource_plug_core) (void)
+static XSM_INLINE int xsm_resource_plug_core(void)
{
return 0;
}
-static XSM_DEFAULT(int, resource_unplug_core) (void)
+static XSM_INLINE int xsm_resource_unplug_core(void)
{
return 0;
}
-static XSM_DEFAULT(int, resource_plug_pci) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_unplug_pci) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_setup_pci) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_setup_gsi) (int gsi)
+static XSM_INLINE int xsm_resource_setup_gsi(int gsi)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_setup_misc) (void)
+static XSM_INLINE int xsm_resource_setup_misc(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, page_offline) (uint32_t cmd)
+static XSM_INLINE int xsm_page_offline(uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, lockprof) (void)
+static XSM_INLINE int xsm_lockprof(void)
{
return 0;
}
-static XSM_DEFAULT(int, cpupool_op) (void)
+static XSM_INLINE int xsm_cpupool_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, sched_op) (void)
+static XSM_INLINE int xsm_sched_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, tmem_op) (void)
+static XSM_INLINE int xsm_tmem_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, tmem_control) (void)
+static XSM_INLINE int xsm_tmem_control(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(long, do_xsm_op)(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
{
return -ENOSYS;
}
-static XSM_DEFAULT(char *, show_irq_sid) (int irq)
+static XSM_INLINE char * xsm_show_irq_sid(int irq)
{
return NULL;
}
-static XSM_DEFAULT(int, map_domain_pirq) (struct domain *d, int irq, void
*data)
+static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void
*data)
{
return 0;
}
-static XSM_DEFAULT(int, unmap_domain_pirq) (struct domain *d, int irq)
+static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, irq_permission) (struct domain *d, int pirq, uint8_t
allow)
+static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t
allow)
{
return 0;
}
-static XSM_DEFAULT(int, iomem_permission) (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
return 0;
}
-static XSM_DEFAULT(int, iomem_mapping) (struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
{
return 0;
}
-static XSM_DEFAULT(int, pci_config_permission) (struct domain *d, uint32_t
machine_bdf,
+static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t
machine_bdf,
uint16_t start, uint16_t end,
uint8_t access)
{
@@ -500,188 +500,188 @@ static XSM_DEFAULT(int, pci_config_permission) (struct
domain *d, uint32_t machi
}
#ifdef CONFIG_X86
-static XSM_DEFAULT(int, shadow_control) (struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op)
{
return 0;
}
-static XSM_DEFAULT(int, getpageframeinfo) (struct domain *d)
+static XSM_INLINE int xsm_getpageframeinfo(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getmemlist) (struct domain *d)
+static XSM_INLINE int xsm_getmemlist(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, hypercall_init) (struct domain *d)
+static XSM_INLINE int xsm_hypercall_init(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, hvmcontext) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_hvmcontext(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, address_size) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_address_size(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, machine_address_size) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_machine_address_size(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, hvm_param) (struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_set_pci_intx_level) (struct domain *d)
+static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_set_isa_irq_level) (struct domain *d)
+static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_set_pci_link_route) (struct domain *d)
+static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_inject_msi) (struct domain *d)
+static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mem_event_setup) (struct domain *d)
+static XSM_INLINE int xsm_mem_event_setup(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, mem_event_control) (struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mem_event_op) (struct domain *d, int op)
+static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
+static XSM_INLINE int xsm_mem_sharing(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, mem_sharing_op) (struct domain *d, struct domain *cd,
int op)
+static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
int op)
{
if ( !IS_PRIV_FOR(current->domain, cd) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
+static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
{
if ( !IS_PRIV(d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, xen_settime) (void)
+static XSM_INLINE int xsm_xen_settime(void)
{
return 0;
}
-static XSM_DEFAULT(int, memtype) (uint32_t access)
+static XSM_INLINE int xsm_memtype(uint32_t access)
{
return 0;
}
-static XSM_DEFAULT(int, microcode) (void)
+static XSM_INLINE int xsm_microcode(void)
{
return 0;
}
-static XSM_DEFAULT(int, physinfo) (void)
+static XSM_INLINE int xsm_physinfo(void)
{
return 0;
}
-static XSM_DEFAULT(int, platform_quirk) (uint32_t quirk)
+static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
{
return 0;
}
-static XSM_DEFAULT(int, platform_op) (uint32_t op)
+static XSM_INLINE int xsm_platform_op(uint32_t op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, firmware_info) (void)
+static XSM_INLINE int xsm_firmware_info(void)
{
return 0;
}
-static XSM_DEFAULT(int, efi_call) (void)
+static XSM_INLINE int xsm_efi_call(void)
{
return 0;
}
-static XSM_DEFAULT(int, acpi_sleep) (void)
+static XSM_INLINE int xsm_acpi_sleep(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, change_freq) (void)
+static XSM_INLINE int xsm_change_freq(void)
{
return 0;
}
-static XSM_DEFAULT(int, getidletime) (void)
+static XSM_INLINE int xsm_getidletime(void)
{
return 0;
}
-static XSM_DEFAULT(int, machine_memory_map) (void)
+static XSM_INLINE int xsm_machine_memory_map(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, domain_memory_map) (struct domain *d)
+static XSM_INLINE int xsm_domain_memory_map(struct domain *d)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mmu_update) (struct domain *d, struct domain *t,
+static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
if ( t && d != t && !IS_PRIV_FOR(d, t) )
@@ -691,14 +691,14 @@ static XSM_DEFAULT(int, mmu_update) (struct domain *d,
struct domain *t,
return 0;
}
-static XSM_DEFAULT(int, mmuext_op) (struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, update_va_mapping) (struct domain *d, struct domain *f,
+static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
@@ -706,56 +706,56 @@ static XSM_DEFAULT(int, update_va_mapping) (struct domain
*d, struct domain *f,
return 0;
}
-static XSM_DEFAULT(int, add_to_physmap) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, remove_from_physmap) (struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, sendtrigger) (struct domain *d)
+static XSM_INLINE int xsm_sendtrigger(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, bind_pt_irq) (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_DEFAULT(int, unbind_pt_irq) (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_DEFAULT(int, pin_mem_cacheattr) (struct domain *d)
+static XSM_INLINE int xsm_pin_mem_cacheattr(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, ext_vcpucontext) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, vcpuextstate) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, ioport_permission) (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
}
-static XSM_DEFAULT(int, ioport_mapping) (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
{
return 0;
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 748f5ff..b2f33d6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -195,6 +195,8 @@ struct xsm_operations {
extern struct xsm_operations *xsm_ops;
+#ifndef XSM_NO_WRAPPERS
+
static inline void xsm_security_domaininfo (struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
@@ -846,6 +848,7 @@ static inline int xsm_ioport_mapping (struct domain *d,
uint32_t s, uint32_t e,
return xsm_ops->ioport_mapping(d, s, e, allow);
}
#endif /* CONFIG_X86 */
+#endif /* XSM_NO_WRAPPERS */
extern int xsm_init(unsigned long *module_map, const multiboot_info_t *mbi,
void *(*bootstrap_map)(const module_t *));
@@ -860,7 +863,7 @@ extern void xsm_fixup_ops(struct xsm_operations *ops);
#else /* XSM_ENABLE */
-#define XSM_DEFAULT(type, name) inline type xsm_ ## name
+#define XSM_INLINE inline
#include <xsm/dummy.h>
static inline int xsm_init (unsigned long *module_map,
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 6e113fb..3e6e5df 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -10,7 +10,8 @@
* as published by the Free Software Foundation.
*/
-#define XSM_DEFAULT(type, name) type dummy_ ## name
+#define XSM_NO_WRAPPERS
+#define XSM_INLINE /* */
#include <xsm/dummy.h>
struct xsm_operations dummy_xsm_ops;
@@ -19,7 +20,7 @@ struct xsm_operations dummy_xsm_ops;
do { \
if ( !ops->function ) \
{ \
- ops->function = dummy_##function; \
+ ops->function = xsm_##function; \
if (ops != &dummy_xsm_ops) \
dprintk(XENLOG_DEBUG, "Had to override the "
#function \
" security operation with the dummy one.\n");
\
--
1.7.11.7
A number of the domctl XSM hooks do nothing except pass the domain and
operation ID, making them redundant with the xsm_domctl hook. Remove
these redundant hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/domctl.c | 76 +---------
xen/common/domctl.c | 59 +-------
xen/include/xsm/dummy.h | 135 -----------------
xen/include/xsm/xsm.h | 161 ---------------------
xen/xsm/dummy.c | 27 ----
xen/xsm/flask/hooks.c | 378 ++++++++++++------------------------------------
6 files changed, 98 insertions(+), 738 deletions(-)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 5e224fc..2630bdb 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -96,10 +96,6 @@ long arch_do_domctl(
page = mfn_to_page(mfn);
- ret = xsm_getpageframeinfo(d);
- if ( ret )
- break;
-
if ( likely(get_page(page, d)) )
{
ret = 0;
@@ -140,10 +136,6 @@ long arch_do_domctl(
struct page_info *page;
xen_pfn_t *arr;
- ret = xsm_getpageframeinfo(d);
- if ( ret )
- break;
-
if ( unlikely(num > 1024) ||
unlikely(num != domctl->u.getpageframeinfo3.num) )
{
@@ -229,10 +221,6 @@ long arch_do_domctl(
int num = domctl->u.getpageframeinfo2.num;
uint32_t *arr32;
- ret = xsm_getpageframeinfo(d);
- if ( ret )
- break;
-
if ( unlikely(num > 1024) )
{
ret = -E2BIG;
@@ -324,10 +312,6 @@ long arch_do_domctl(
uint64_t mfn;
struct page_info *page;
- ret = xsm_getmemlist(d);
- if ( ret )
- break;
-
if ( unlikely(d->is_dying) ) {
ret = -EINVAL;
break;
@@ -363,10 +347,6 @@ long arch_do_domctl(
struct page_info *page;
void *hypercall_page;
- ret = xsm_hypercall_init(d);
- if ( ret )
- break;
-
page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC);
ret = -EACCES;
@@ -391,10 +371,6 @@ long arch_do_domctl(
{
struct hvm_domain_context c = { .size = domctl->u.hvmcontext.size };
- ret = xsm_hvmcontext(d, domctl->cmd);
- if ( ret )
- goto sethvmcontext_out;
-
ret = -EINVAL;
if ( !is_hvm_domain(d) )
goto sethvmcontext_out;
@@ -421,10 +397,6 @@ long arch_do_domctl(
{
struct hvm_domain_context c = { 0 };
- ret = xsm_hvmcontext(d, domctl->cmd);
- if ( ret )
- goto gethvmcontext_out;
-
ret = -EINVAL;
if ( !is_hvm_domain(d) )
goto gethvmcontext_out;
@@ -468,10 +440,6 @@ long arch_do_domctl(
case XEN_DOMCTL_gethvmcontext_partial:
{
- ret = xsm_hvmcontext(d, domctl->cmd);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( !is_hvm_domain(d) )
break;
@@ -487,10 +455,6 @@ long arch_do_domctl(
case XEN_DOMCTL_set_address_size:
{
- ret = xsm_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
switch ( domctl->u.address_size.size )
{
case 32:
@@ -508,10 +472,6 @@ long arch_do_domctl(
case XEN_DOMCTL_get_address_size:
{
- ret = xsm_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
domctl->u.address_size.size is_pv_32on64_domain(d) ? 32
: BITS_PER_LONG;
@@ -524,10 +484,6 @@ long arch_do_domctl(
case XEN_DOMCTL_set_machine_address_size:
{
- ret = xsm_machine_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
ret = -EBUSY;
if ( d->tot_pages > 0 )
break;
@@ -540,10 +496,6 @@ long arch_do_domctl(
case XEN_DOMCTL_get_machine_address_size:
{
- ret = xsm_machine_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
domctl->u.address_size.size = d->arch.physaddr_bitsize;
ret = 0;
@@ -557,10 +509,6 @@ long arch_do_domctl(
{
struct vcpu *v;
- ret = xsm_sendtrigger(d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( domctl->u.sendtrigger.vcpu >= MAX_VIRT_CPUS )
break;
@@ -827,10 +775,6 @@ long arch_do_domctl(
case XEN_DOMCTL_pin_mem_cacheattr:
{
- ret = xsm_pin_mem_cacheattr(d);
- if ( ret )
- break;
-
ret = hvm_set_mem_pinned_cacheattr(
d, domctl->u.pin_mem_cacheattr.start,
domctl->u.pin_mem_cacheattr.end,
@@ -846,10 +790,6 @@ long arch_do_domctl(
evc = &domctl->u.ext_vcpucontext;
- ret = xsm_ext_vcpucontext(d, domctl->cmd);
- if ( ret )
- break;
-
ret = -ESRCH;
if ( (evc->vcpu >= d->max_vcpus) ||
((v = d->vcpu[evc->vcpu]) == NULL) )
@@ -1115,10 +1055,6 @@ long arch_do_domctl(
evc = &domctl->u.vcpuextstate;
- ret = xsm_vcpuextstate(d, domctl->cmd);
- if ( ret )
- goto vcpuextstate_out;
-
ret = -ESRCH;
if ( (evc->vcpu >= d->max_vcpus) ||
((v = d->vcpu[evc->vcpu]) == NULL) )
@@ -1229,9 +1165,7 @@ long arch_do_domctl(
case XEN_DOMCTL_mem_sharing_op:
{
- ret = xsm_mem_sharing(d);
- if ( !ret )
- ret = mem_sharing_domctl(d, &domctl->u.mem_sharing_op);
+ ret = mem_sharing_domctl(d, &domctl->u.mem_sharing_op);
}
break;
@@ -1262,11 +1196,9 @@ long arch_do_domctl(
if ( current->domain == d )
break;
- ret = xsm_mem_event_setup(d);
- if ( !ret ) {
- p2m = p2m_get_hostp2m(d);
- p2m->access_required =
domctl->u.access_required.access_required;
- }
+ ret = 0;
+ p2m = p2m_get_hostp2m(d);
+ p2m->access_required = domctl->u.access_required.access_required;
}
break;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 2a42a5f..6f792e9 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -289,10 +289,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( d == NULL )
break;
- ret = xsm_setvcpucontext(d);
- if ( ret )
- goto svc_out;
-
ret = -EINVAL;
if ( (d == current->domain) || /* no domain_pause() */
(vcpu >= d->max_vcpus) || ((v = d->vcpu[vcpu]) == NULL) )
@@ -339,10 +335,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_pausedomain:
{
- ret = xsm_pausedomain(d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( d != current->domain )
{
@@ -354,10 +346,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_unpausedomain:
{
- ret = xsm_unpausedomain(d);
- if ( ret )
- break;
-
domain_unpause_by_systemcontroller(d);
ret = 0;
}
@@ -365,10 +353,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_resumedomain:
{
- ret = xsm_resumedomain(d);
- if ( ret )
- break;
-
domain_resume(d);
ret = 0;
}
@@ -452,10 +436,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
(is_hvm_domain(d) && (max > MAX_HVM_VCPUS)) )
break;
- ret = xsm_max_vcpus(d);
- if ( ret )
- break;
-
/* Until Xenoprof can dynamically grow its vcpu-s array... */
if ( d->xenoprof )
{
@@ -538,7 +518,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_destroydomain:
{
- ret = xsm_destroydomain(d) ? : domain_kill(d);
+ ret = domain_kill(d);
}
break;
@@ -547,10 +527,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
{
struct vcpu *v;
- ret = xsm_vcpuaffinity(op->cmd, d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( op->u.vcpuaffinity.vcpu >= d->max_vcpus )
break;
@@ -581,10 +557,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_scheduler_op:
{
- ret = xsm_scheduler(d);
- if ( ret )
- break;
-
ret = sched_adjust(d, &op->u.scheduler_op);
if ( copy_to_guest(u_domctl, op, 1) )
ret = -EFAULT;
@@ -629,10 +601,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
vcpu_guest_context_u c = { .nat = NULL };
struct vcpu *v;
- ret = xsm_getvcpucontext(d);
- if ( ret )
- goto getvcpucontext_out;
-
ret = -EINVAL;
if ( op->u.vcpucontext.vcpu >= d->max_vcpus )
goto getvcpucontext_out;
@@ -685,10 +653,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
struct vcpu *v;
struct vcpu_runstate_info runstate;
- ret = xsm_getvcpuinfo(d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( op->u.getvcpuinfo.vcpu >= d->max_vcpus )
break;
@@ -715,10 +679,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
{
unsigned long new_max;
- ret = xsm_setdomainmaxmem(d);
- if ( ret )
- break;
-
ret = -EINVAL;
new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
@@ -736,10 +696,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_setdomainhandle:
{
- ret = xsm_setdomainhandle(d);
- if ( ret )
- break;
-
memcpy(d->handle, op->u.setdomainhandle.handle,
sizeof(xen_domain_handle_t));
ret = 0;
@@ -752,10 +708,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( d == current->domain ) /* no domain_pause() */
break;
- ret = xsm_setdebugging(d);
- if ( ret )
- break;
-
domain_pause(d);
d->debugger_attached = !!op->u.setdebugging.enable;
domain_unpause(d); /* causes guest to latch new status */
@@ -800,10 +752,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_settimeoffset:
{
- ret = xsm_domain_settime(d);
- if ( ret )
- break;
-
domain_set_time_offset(d, op->u.settimeoffset.time_offset_seconds);
ret = 0;
}
@@ -853,10 +801,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_set_virq_handler:
{
uint32_t virq = op->u.set_virq_handler.virq;
-
- ret = xsm_set_virq_handler(d, virq);
- if ( !ret )
- ret = set_global_virq_handler(d, virq);
+ ret = set_global_virq_handler(d, virq);
}
break;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index fa78785..aef7c4e 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -17,71 +17,16 @@ static XSM_INLINE void xsm_security_domaininfo(struct domain
*d,
return;
}
-static XSM_INLINE int xsm_setvcpucontext(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_pausedomain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_unpausedomain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_resumedomain(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
{
return 0;
}
-static XSM_INLINE int xsm_max_vcpus(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_destroydomain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_vcpuaffinity(int cmd, struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_scheduler(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
{
return 0;
}
-static XSM_INLINE int xsm_getvcpucontext(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getvcpuinfo(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_domain_settime(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
{
return 0;
@@ -113,11 +58,6 @@ static XSM_INLINE int xsm_sysctl(int cmd)
return 0;
}
-static XSM_INLINE int xsm_set_virq_handler(struct domain *d, uint32_t virq)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_tbufcontrol(void)
{
return 0;
@@ -133,21 +73,6 @@ static XSM_INLINE int xsm_sched_id(void)
return 0;
}
-static XSM_INLINE int xsm_setdomainmaxmem(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_setdomainhandle(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_setdebugging(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_perfcontrol(void)
{
return 0;
@@ -505,36 +430,6 @@ static XSM_INLINE int xsm_shadow_control(struct domain *d,
uint32_t op)
return 0;
}
-static XSM_INLINE int xsm_getpageframeinfo(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getmemlist(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_hypercall_init(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_hvmcontext(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_address_size(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_machine_address_size(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
@@ -570,11 +465,6 @@ static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
return 0;
}
-static XSM_INLINE int xsm_mem_event_setup(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
{
if ( !IS_PRIV(current->domain) )
@@ -589,11 +479,6 @@ static XSM_INLINE int xsm_mem_event_op(struct domain *d,
int op)
return 0;
}
-static XSM_INLINE int xsm_mem_sharing(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
int op)
{
if ( !IS_PRIV_FOR(current->domain, cd) )
@@ -720,11 +605,6 @@ static XSM_INLINE int xsm_remove_from_physmap(struct domain
*d1, struct domain *
return 0;
}
-static XSM_INLINE int xsm_sendtrigger(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
@@ -735,21 +615,6 @@ static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d,
struct xen_domctl_bind
return 0;
}
-static XSM_INLINE int xsm_pin_mem_cacheattr(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index b2f33d6..903c7cb 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -41,29 +41,14 @@ extern xsm_initcall_t __xsm_initcall_start[],
__xsm_initcall_end[];
struct xsm_operations {
void (*security_domaininfo) (struct domain *d,
struct xen_domctl_getdomaininfo *info);
- int (*setvcpucontext) (struct domain *d);
- int (*pausedomain) (struct domain *d);
- int (*unpausedomain) (struct domain *d);
- int (*resumedomain) (struct domain *d);
int (*domain_create) (struct domain *d, u32 ssidref);
- int (*max_vcpus) (struct domain *d);
- int (*destroydomain) (struct domain *d);
- int (*vcpuaffinity) (int cmd, struct domain *d);
- int (*scheduler) (struct domain *d);
int (*getdomaininfo) (struct domain *d);
- int (*getvcpucontext) (struct domain *d);
- int (*getvcpuinfo) (struct domain *d);
- int (*domain_settime) (struct domain *d);
int (*set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
int (*sysctl) (int cmd);
- int (*set_virq_handler) (struct domain *d, uint32_t virq);
int (*tbufcontrol) (void);
int (*readconsole) (uint32_t clear);
int (*sched_id) (void);
- int (*setdomainmaxmem) (struct domain *d);
- int (*setdomainhandle) (struct domain *d);
- int (*setdebugging) (struct domain *d);
int (*perfcontrol) (void);
int (*debug_keys) (void);
int (*getcpuinfo) (void);
@@ -141,21 +126,13 @@ struct xsm_operations {
#ifdef CONFIG_X86
int (*shadow_control) (struct domain *d, uint32_t op);
- int (*getpageframeinfo) (struct domain *d);
- int (*getmemlist) (struct domain *d);
- int (*hypercall_init) (struct domain *d);
- int (*hvmcontext) (struct domain *d, uint32_t op);
- int (*address_size) (struct domain *d, uint32_t op);
- int (*machine_address_size) (struct domain *d, uint32_t op);
int (*hvm_param) (struct domain *d, unsigned long op);
int (*hvm_set_pci_intx_level) (struct domain *d);
int (*hvm_set_isa_irq_level) (struct domain *d);
int (*hvm_set_pci_link_route) (struct domain *d);
int (*hvm_inject_msi) (struct domain *d);
- int (*mem_event_setup) (struct domain *d);
int (*mem_event_control) (struct domain *d, int mode, int op);
int (*mem_event_op) (struct domain *d, int op);
- int (*mem_sharing) (struct domain *d);
int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
int (*apic) (struct domain *d, int cmd);
int (*xen_settime) (void);
@@ -180,12 +157,8 @@ struct xsm_operations {
int (*mmuext_op) (struct domain *d, struct domain *f);
int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t
pte);
int (*add_to_physmap) (struct domain *d1, struct domain *d2);
- int (*sendtrigger) (struct domain *d);
int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
- int (*pin_mem_cacheattr) (struct domain *d);
- int (*ext_vcpucontext) (struct domain *d, uint32_t cmd);
- int (*vcpuextstate) (struct domain *d, uint32_t cmd);
int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
#endif
@@ -203,71 +176,16 @@ static inline void xsm_security_domaininfo (struct domain
*d,
xsm_ops->security_domaininfo(d, info);
}
-static inline int xsm_setvcpucontext(struct domain *d)
-{
- return xsm_ops->setvcpucontext(d);
-}
-
-static inline int xsm_pausedomain (struct domain *d)
-{
- return xsm_ops->pausedomain(d);
-}
-
-static inline int xsm_unpausedomain (struct domain *d)
-{
- return xsm_ops->unpausedomain(d);
-}
-
-static inline int xsm_resumedomain (struct domain *d)
-{
- return xsm_ops->resumedomain(d);
-}
-
static inline int xsm_domain_create (struct domain *d, u32 ssidref)
{
return xsm_ops->domain_create(d, ssidref);
}
-static inline int xsm_max_vcpus(struct domain *d)
-{
- return xsm_ops->max_vcpus(d);
-}
-
-static inline int xsm_destroydomain (struct domain *d)
-{
- return xsm_ops->destroydomain(d);
-}
-
-static inline int xsm_vcpuaffinity (int cmd, struct domain *d)
-{
- return xsm_ops->vcpuaffinity(cmd, d);
-}
-
-static inline int xsm_scheduler (struct domain *d)
-{
- return xsm_ops->scheduler(d);
-}
-
static inline int xsm_getdomaininfo (struct domain *d)
{
return xsm_ops->getdomaininfo(d);
}
-static inline int xsm_getvcpucontext (struct domain *d)
-{
- return xsm_ops->getvcpucontext(d);
-}
-
-static inline int xsm_getvcpuinfo (struct domain *d)
-{
- return xsm_ops->getvcpuinfo(d);
-}
-
-static inline int xsm_domain_settime (struct domain *d)
-{
- return xsm_ops->domain_settime(d);
-}
-
static inline int xsm_set_target (struct domain *d, struct domain *e)
{
return xsm_ops->set_target(d, e);
@@ -283,11 +201,6 @@ static inline int xsm_sysctl (int cmd)
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_set_virq_handler (struct domain *d, uint32_t virq)
-{
- return xsm_ops->set_virq_handler(d, virq);
-}
-
static inline int xsm_tbufcontrol (void)
{
return xsm_ops->tbufcontrol();
@@ -303,21 +216,6 @@ static inline int xsm_sched_id (void)
return xsm_ops->sched_id();
}
-static inline int xsm_setdomainmaxmem (struct domain *d)
-{
- return xsm_ops->setdomainmaxmem(d);
-}
-
-static inline int xsm_setdomainhandle (struct domain *d)
-{
- return xsm_ops->setdomainhandle(d);
-}
-
-static inline int xsm_setdebugging (struct domain *d)
-{
- return xsm_ops->setdebugging(d);
-}
-
static inline int xsm_perfcontrol (void)
{
return xsm_ops->perfcontrol();
@@ -635,36 +533,6 @@ static inline int xsm_shadow_control (struct domain *d,
uint32_t op)
return xsm_ops->shadow_control(d, op);
}
-static inline int xsm_getpageframeinfo (struct domain *d)
-{
- return xsm_ops->getpageframeinfo(d);
-}
-
-static inline int xsm_getmemlist (struct domain *d)
-{
- return xsm_ops->getmemlist(d);
-}
-
-static inline int xsm_hypercall_init (struct domain *d)
-{
- return xsm_ops->hypercall_init(d);
-}
-
-static inline int xsm_hvmcontext (struct domain *d, uint32_t cmd)
-{
- return xsm_ops->hvmcontext(d, cmd);
-}
-
-static inline int xsm_address_size (struct domain *d, uint32_t cmd)
-{
- return xsm_ops->address_size(d, cmd);
-}
-
-static inline int xsm_machine_address_size (struct domain *d, uint32_t cmd)
-{
- return xsm_ops->machine_address_size(d, cmd);
-}
-
static inline int xsm_hvm_param (struct domain *d, unsigned long op)
{
return xsm_ops->hvm_param(d, op);
@@ -690,11 +558,6 @@ static inline int xsm_hvm_inject_msi (struct domain *d)
return xsm_ops->hvm_inject_msi(d);
}
-static inline int xsm_mem_event_setup (struct domain *d)
-{
- return xsm_ops->mem_event_setup(d);
-}
-
static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
{
return xsm_ops->mem_event_control(d, mode, op);
@@ -705,11 +568,6 @@ static inline int xsm_mem_event_op (struct domain *d, int
op)
return xsm_ops->mem_event_op(d, op);
}
-static inline int xsm_mem_sharing (struct domain *d)
-{
- return xsm_ops->mem_sharing(d);
-}
-
static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int
op)
{
return xsm_ops->mem_sharing_op(d, cd, op);
@@ -807,11 +665,6 @@ static inline int xsm_add_to_physmap(struct domain *d1,
struct domain *d2)
return xsm_ops->add_to_physmap(d1, d2);
}
-static inline int xsm_sendtrigger(struct domain *d)
-{
- return xsm_ops->sendtrigger(d);
-}
-
static inline int xsm_bind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
@@ -824,20 +677,6 @@ static inline int xsm_unbind_pt_irq(struct domain *d,
return xsm_ops->unbind_pt_irq(d, bind);
}
-static inline int xsm_pin_mem_cacheattr(struct domain *d)
-{
- return xsm_ops->pin_mem_cacheattr(d);
-}
-
-static inline int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
-{
- return xsm_ops->ext_vcpucontext(d, cmd);
-}
-static inline int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
-{
- return xsm_ops->vcpuextstate(d, cmd);
-}
-
static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
{
return xsm_ops->ioport_permission(d, s, e, allow);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 3e6e5df..9bb86ef 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -30,29 +30,14 @@ struct xsm_operations dummy_xsm_ops;
void xsm_fixup_ops (struct xsm_operations *ops)
{
set_to_dummy_if_null(ops, security_domaininfo);
- set_to_dummy_if_null(ops, setvcpucontext);
- set_to_dummy_if_null(ops, pausedomain);
- set_to_dummy_if_null(ops, unpausedomain);
- set_to_dummy_if_null(ops, resumedomain);
set_to_dummy_if_null(ops, domain_create);
- set_to_dummy_if_null(ops, max_vcpus);
- set_to_dummy_if_null(ops, destroydomain);
- set_to_dummy_if_null(ops, vcpuaffinity);
- set_to_dummy_if_null(ops, scheduler);
set_to_dummy_if_null(ops, getdomaininfo);
- set_to_dummy_if_null(ops, getvcpucontext);
- set_to_dummy_if_null(ops, getvcpuinfo);
- set_to_dummy_if_null(ops, domain_settime);
set_to_dummy_if_null(ops, set_target);
set_to_dummy_if_null(ops, domctl);
set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, set_virq_handler);
set_to_dummy_if_null(ops, tbufcontrol);
set_to_dummy_if_null(ops, readconsole);
set_to_dummy_if_null(ops, sched_id);
- set_to_dummy_if_null(ops, setdomainmaxmem);
- set_to_dummy_if_null(ops, setdomainhandle);
- set_to_dummy_if_null(ops, setdebugging);
set_to_dummy_if_null(ops, perfcontrol);
set_to_dummy_if_null(ops, debug_keys);
set_to_dummy_if_null(ops, getcpuinfo);
@@ -128,21 +113,13 @@ void xsm_fixup_ops (struct xsm_operations *ops)
#ifdef CONFIG_X86
set_to_dummy_if_null(ops, shadow_control);
- set_to_dummy_if_null(ops, getpageframeinfo);
- set_to_dummy_if_null(ops, getmemlist);
- set_to_dummy_if_null(ops, hypercall_init);
- set_to_dummy_if_null(ops, hvmcontext);
- set_to_dummy_if_null(ops, address_size);
- set_to_dummy_if_null(ops, machine_address_size);
set_to_dummy_if_null(ops, hvm_param);
set_to_dummy_if_null(ops, hvm_set_pci_intx_level);
set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
set_to_dummy_if_null(ops, hvm_set_pci_link_route);
set_to_dummy_if_null(ops, hvm_inject_msi);
- set_to_dummy_if_null(ops, mem_event_setup);
set_to_dummy_if_null(ops, mem_event_control);
set_to_dummy_if_null(ops, mem_event_op);
- set_to_dummy_if_null(ops, mem_sharing);
set_to_dummy_if_null(ops, mem_sharing_op);
set_to_dummy_if_null(ops, apic);
set_to_dummy_if_null(ops, xen_settime);
@@ -163,12 +140,8 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, update_va_mapping);
set_to_dummy_if_null(ops, add_to_physmap);
set_to_dummy_if_null(ops, remove_from_physmap);
- set_to_dummy_if_null(ops, sendtrigger);
set_to_dummy_if_null(ops, bind_pt_irq);
set_to_dummy_if_null(ops, unbind_pt_irq);
- set_to_dummy_if_null(ops, pin_mem_cacheattr);
- set_to_dummy_if_null(ops, ext_vcpucontext);
- set_to_dummy_if_null(ops, vcpuextstate);
set_to_dummy_if_null(ops, ioport_permission);
set_to_dummy_if_null(ops, ioport_mapping);
#endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index e815ea5..f0216e0 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -484,26 +484,6 @@ static void flask_security_domaininfo(struct domain *d,
info->ssidref = domain_sid(d);
}
-static int flask_setvcpucontext(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT);
-}
-
-static int flask_pausedomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__PAUSE);
-}
-
-static int flask_unpausedomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
-}
-
-static int flask_resumedomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
-}
-
static int flask_domain_create(struct domain *d, u32 ssidref)
{
int rc;
@@ -532,66 +512,11 @@ static int flask_domain_create(struct domain *d, u32
ssidref)
return rc;
}
-static int flask_max_vcpus(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS);
-}
-
-static int flask_destroydomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__DESTROY);
-}
-
-static int flask_vcpuaffinity(int cmd, struct domain *d)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_setvcpuaffinity:
- perm = DOMAIN__SETVCPUAFFINITY;
- break;
- case XEN_DOMCTL_getvcpuaffinity:
- perm = DOMAIN__GETVCPUAFFINITY;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm );
-}
-
-static int flask_scheduler(struct domain *d)
-{
- int rc = 0;
-
- rc = domain_has_xen(current->domain, XEN__SCHEDULER);
- if ( rc )
- return rc;
-
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SCHEDULER);
-}
-
static int flask_getdomaininfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
-static int flask_getvcpucontext(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT);
-}
-
-static int flask_getvcpuinfo(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO);
-}
-
-static int flask_domain_settime(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETTIME);
-}
-
static int flask_set_target(struct domain *d, struct domain *t)
{
int rc;
@@ -622,62 +547,121 @@ static int flask_domctl(struct domain *d, int cmd)
{
/* These have individual XSM hooks (common/domctl.c) */
case XEN_DOMCTL_createdomain:
+ case XEN_DOMCTL_getdomaininfo:
+ case XEN_DOMCTL_irq_permission:
+ case XEN_DOMCTL_iomem_permission:
+ case XEN_DOMCTL_set_target:
+#ifdef CONFIG_X86
+ /* These have individual XSM hooks (arch/x86/domctl.c) */
+ case XEN_DOMCTL_shadow_op:
+ case XEN_DOMCTL_ioport_permission:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_mem_event_op:
+ /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
+ case XEN_DOMCTL_get_device_group:
+ case XEN_DOMCTL_test_assign_device:
+ case XEN_DOMCTL_assign_device:
+ case XEN_DOMCTL_deassign_device:
+#endif
+ return 0;
+
case XEN_DOMCTL_destroydomain:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__DESTROY);
+
case XEN_DOMCTL_pausedomain:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__PAUSE);
+
case XEN_DOMCTL_unpausedomain:
- case XEN_DOMCTL_getdomaininfo:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
+
case XEN_DOMCTL_setvcpuaffinity:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY);
+
+ case XEN_DOMCTL_getvcpuaffinity:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUAFFINITY);
+
+ case XEN_DOMCTL_resumedomain:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
+
+ case XEN_DOMCTL_scheduler_op:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SCHEDULER);
+
+ case XEN_DOMCTL_max_vcpus:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS);
+
case XEN_DOMCTL_max_mem:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM);
+
+ case XEN_DOMCTL_setdomainhandle:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE);
+
case XEN_DOMCTL_setvcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT);
+
case XEN_DOMCTL_getvcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT);
+
case XEN_DOMCTL_getvcpuinfo:
- case XEN_DOMCTL_max_vcpus:
- case XEN_DOMCTL_scheduler_op:
- case XEN_DOMCTL_setdomainhandle:
- case XEN_DOMCTL_setdebugging:
- case XEN_DOMCTL_irq_permission:
- case XEN_DOMCTL_iomem_permission:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO);
+
case XEN_DOMCTL_settimeoffset:
- case XEN_DOMCTL_getvcpuaffinity:
- case XEN_DOMCTL_resumedomain:
- case XEN_DOMCTL_set_target:
- case XEN_DOMCTL_set_virq_handler:
-#ifdef CONFIG_X86
- /* These have individual XSM hooks (arch/x86/domctl.c) */
- case XEN_DOMCTL_shadow_op:
- case XEN_DOMCTL_ioport_permission:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETTIME);
+
+ case XEN_DOMCTL_setdebugging:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING);
+
case XEN_DOMCTL_getpageframeinfo:
case XEN_DOMCTL_getpageframeinfo2:
case XEN_DOMCTL_getpageframeinfo3:
+ return current_has_perm(d, SECCLASS_MMU, MMU__PAGEINFO);
+
case XEN_DOMCTL_getmemlist:
+ return current_has_perm(d, SECCLASS_MMU, MMU__PAGELIST);
+
case XEN_DOMCTL_hypercall_init:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__HYPERCALL);
+
case XEN_DOMCTL_sethvmcontext:
+ return current_has_perm(d, SECCLASS_HVM, HVM__SETHVMC);
+
case XEN_DOMCTL_gethvmcontext:
case XEN_DOMCTL_gethvmcontext_partial:
+ return current_has_perm(d, SECCLASS_HVM, HVM__GETHVMC);
+
case XEN_DOMCTL_set_address_size:
- case XEN_DOMCTL_get_address_size:
case XEN_DOMCTL_set_machine_address_size:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE);
+
+ case XEN_DOMCTL_get_address_size:
case XEN_DOMCTL_get_machine_address_size:
- case XEN_DOMCTL_sendtrigger:
- case XEN_DOMCTL_bind_pt_irq:
- case XEN_DOMCTL_unbind_pt_irq:
- case XEN_DOMCTL_memory_mapping:
- case XEN_DOMCTL_ioport_mapping:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE);
+
+ case XEN_DOMCTL_mem_sharing_op:
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
+
case XEN_DOMCTL_pin_mem_cacheattr:
+ return current_has_perm(d, SECCLASS_HVM, HVM__CACHEATTR);
+
case XEN_DOMCTL_set_ext_vcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT);
+
case XEN_DOMCTL_get_ext_vcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT);
+
case XEN_DOMCTL_setvcpuextstate:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUEXTSTATE);
+
case XEN_DOMCTL_getvcpuextstate:
- case XEN_DOMCTL_mem_event_op:
- case XEN_DOMCTL_mem_sharing_op:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUEXTSTATE);
+
+ case XEN_DOMCTL_sendtrigger:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
+
case XEN_DOMCTL_set_access_required:
- /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
- case XEN_DOMCTL_get_device_group:
- case XEN_DOMCTL_test_assign_device:
- case XEN_DOMCTL_assign_device:
- case XEN_DOMCTL_deassign_device:
-#endif
- return 0;
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
case XEN_DOMCTL_debug_op:
case XEN_DOMCTL_gdbsx_guestmemio:
@@ -691,6 +675,9 @@ static int flask_domctl(struct domain *d, int cmd)
case XEN_DOMCTL_suppress_spurious_page_faults:
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_MISC_INFO);
+ case XEN_DOMCTL_set_virq_handler:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
+
case XEN_DOMCTL_set_cpuid:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID);
@@ -741,11 +728,6 @@ static int flask_sysctl(int cmd)
}
}
-static int flask_set_virq_handler(struct domain *d, uint32_t virq)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
-}
-
static int flask_tbufcontrol(void)
{
return domain_has_xen(current->domain, XEN__TBUFCONTROL);
@@ -766,21 +748,6 @@ static int flask_sched_id(void)
return domain_has_xen(current->domain, XEN__SCHEDULER);
}
-static int flask_setdomainmaxmem(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM);
-}
-
-static int flask_setdomainhandle(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE);
-}
-
-static int flask_setdebugging(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING);
-}
-
static int flask_debug_keys(void)
{
return domain_has_xen(current->domain, XEN__DEBUG);
@@ -1174,82 +1141,6 @@ static int flask_ioport_mapping(struct domain *d,
uint32_t start, uint32_t end,
return flask_ioport_permission(d, start, end, access);
}
-static int flask_getpageframeinfo(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_MMU, MMU__PAGEINFO);
-}
-
-static int flask_getmemlist(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_MMU, MMU__PAGELIST);
-}
-
-static int flask_hypercall_init(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__HYPERCALL);
-}
-
-static int flask_hvmcontext(struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_sethvmcontext:
- perm = HVM__SETHVMC;
- break;
- case XEN_DOMCTL_gethvmcontext:
- case XEN_DOMCTL_gethvmcontext_partial:
- perm = HVM__GETHVMC;
- break;
- case HVMOP_track_dirty_vram:
- perm = HVM__TRACKDIRTYVRAM;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_HVM, perm);
-}
-
-static int flask_address_size(struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_set_address_size:
- perm = DOMAIN__SETADDRSIZE;
- break;
- case XEN_DOMCTL_get_address_size:
- perm = DOMAIN__GETADDRSIZE;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm);
-}
-
-static int flask_machine_address_size(struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_set_machine_address_size:
- perm = DOMAIN__SETADDRSIZE;
- break;
- case XEN_DOMCTL_get_machine_address_size:
- perm = DOMAIN__GETADDRSIZE;
- break;
- default:
- return -EPERM;
- }
-
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
-}
-
static int flask_hvm_param(struct domain *d, unsigned long op)
{
u32 perm;
@@ -1292,11 +1183,6 @@ static int flask_hvm_inject_msi(struct domain *d)
return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
}
-static int flask_mem_event_setup(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
-}
-
static int flask_mem_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
@@ -1307,11 +1193,6 @@ static int flask_mem_event_op(struct domain *d, int op)
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
-static int flask_mem_sharing(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
-}
-
static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
{
int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
@@ -1499,11 +1380,6 @@ static int flask_remove_from_physmap(struct domain *d1,
struct domain *d2)
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_sendtrigger(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
-}
-
static int flask_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
@@ -1597,78 +1473,20 @@ static int flask_unbind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
-
-static int flask_pin_mem_cacheattr (struct domain *d)
-{
- return current_has_perm(d, SECCLASS_HVM, HVM__CACHEATTR);
-}
-
-static int flask_ext_vcpucontext (struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_set_ext_vcpucontext:
- perm = DOMAIN__SETEXTVCPUCONTEXT;
- break;
- case XEN_DOMCTL_get_ext_vcpucontext:
- perm = DOMAIN__GETEXTVCPUCONTEXT;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm);
-}
-
-static int flask_vcpuextstate (struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_setvcpuextstate:
- perm = DOMAIN__SETVCPUEXTSTATE;
- break;
- case XEN_DOMCTL_getvcpuextstate:
- perm = DOMAIN__GETVCPUEXTSTATE;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm);
-}
#endif
long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
static struct xsm_operations flask_ops = {
.security_domaininfo = flask_security_domaininfo,
- .setvcpucontext = flask_setvcpucontext,
- .pausedomain = flask_pausedomain,
- .unpausedomain = flask_unpausedomain,
- .resumedomain = flask_resumedomain,
.domain_create = flask_domain_create,
- .max_vcpus = flask_max_vcpus,
- .destroydomain = flask_destroydomain,
- .vcpuaffinity = flask_vcpuaffinity,
- .scheduler = flask_scheduler,
.getdomaininfo = flask_getdomaininfo,
- .getvcpucontext = flask_getvcpucontext,
- .getvcpuinfo = flask_getvcpuinfo,
- .domain_settime = flask_domain_settime,
.set_target = flask_set_target,
.domctl = flask_domctl,
.sysctl = flask_sysctl,
- .set_virq_handler = flask_set_virq_handler,
.tbufcontrol = flask_tbufcontrol,
.readconsole = flask_readconsole,
.sched_id = flask_sched_id,
- .setdomainmaxmem = flask_setdomainmaxmem,
- .setdomainhandle = flask_setdomainhandle,
- .setdebugging = flask_setdebugging,
.perfcontrol = flask_perfcontrol,
.debug_keys = flask_debug_keys,
.getcpuinfo = flask_getcpuinfo,
@@ -1740,21 +1558,13 @@ static struct xsm_operations flask_ops = {
#ifdef CONFIG_X86
.shadow_control = flask_shadow_control,
- .getpageframeinfo = flask_getpageframeinfo,
- .getmemlist = flask_getmemlist,
- .hypercall_init = flask_hypercall_init,
- .hvmcontext = flask_hvmcontext,
- .address_size = flask_address_size,
- .machine_address_size = flask_machine_address_size,
.hvm_param = flask_hvm_param,
.hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
.hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
.hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
.hvm_inject_msi = flask_hvm_inject_msi,
- .mem_event_setup = flask_mem_event_setup,
.mem_event_control = flask_mem_event_control,
.mem_event_op = flask_mem_event_op,
- .mem_sharing = flask_mem_sharing,
.mem_sharing_op = flask_mem_sharing_op,
.apic = flask_apic,
.xen_settime = flask_xen_settime,
@@ -1775,16 +1585,12 @@ static struct xsm_operations flask_ops = {
.update_va_mapping = flask_update_va_mapping,
.add_to_physmap = flask_add_to_physmap,
.remove_from_physmap = flask_remove_from_physmap,
- .sendtrigger = flask_sendtrigger,
.get_device_group = flask_get_device_group,
.test_assign_device = flask_test_assign_device,
.assign_device = flask_assign_device,
.deassign_device = flask_deassign_device,
.bind_pt_irq = flask_bind_pt_irq,
.unbind_pt_irq = flask_unbind_pt_irq,
- .pin_mem_cacheattr = flask_pin_mem_cacheattr,
- .ext_vcpucontext = flask_ext_vcpucontext,
- .vcpuextstate = flask_vcpuextstate,
.ioport_permission = flask_ioport_permission,
.ioport_mapping = flask_ioport_mapping,
#endif
--
1.7.11.7
A number of the sysctl XSM hooks have no parameters or only pass the
operation ID, making them redundant with the xsm_sysctl hook. Remove
these redundant hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/platform_hypercall.c | 12 ----
xen/arch/x86/sysctl.c | 13 ----
xen/common/sysctl.c | 44 --------------
xen/include/xsm/dummy.h | 60 ------------------
xen/include/xsm/xsm.h | 72 ----------------------
xen/xsm/dummy.c | 12 ----
xen/xsm/flask/hooks.c | 125 ++++++++++++--------------------------
7 files changed, 38 insertions(+), 300 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index 738bed0..ffac6ac 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -419,10 +419,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_set_processor_pminfo:
- ret = xsm_setpminfo();
- if ( ret )
- break;
-
switch ( op->u.set_pminfo.type )
{
case XEN_PM_PX:
@@ -475,10 +471,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
g_info = &op->u.pcpu_info;
- ret = xsm_getcpuinfo();
- if ( ret )
- break;
-
if ( !get_cpu_maps() )
{
ret = -EBUSY;
@@ -512,10 +504,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
struct xenpf_pcpu_version *ver = &op->u.pcpu_version;
- ret = xsm_getcpuinfo();
- if ( ret )
- break;
-
if ( !get_cpu_maps() )
{
ret = -EBUSY;
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index b84dd34..5b0c4b7 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -69,11 +69,6 @@ long arch_do_sysctl(
{
xen_sysctl_physinfo_t *pi = &sysctl->u.physinfo;
- ret = xsm_physinfo();
- if ( ret )
- break;
-
-
memset(pi, 0, sizeof(*pi));
pi->threads_per_core
cpumask_weight(per_cpu(cpu_sibling_mask, 0));
@@ -103,10 +98,6 @@ long arch_do_sysctl(
uint32_t i, max_cpu_index, last_online_cpu;
xen_sysctl_topologyinfo_t *ti = &sysctl->u.topologyinfo;
- ret = xsm_physinfo();
- if ( ret )
- break;
-
last_online_cpu = cpumask_last(&cpu_online_map);
max_cpu_index = min_t(uint32_t, ti->max_cpu_index, last_online_cpu);
ti->max_cpu_index = last_online_cpu;
@@ -143,10 +134,6 @@ long arch_do_sysctl(
uint32_t i, j, max_node_index, last_online_node;
xen_sysctl_numainfo_t *ni = &sysctl->u.numainfo;
- ret = xsm_physinfo();
- if ( ret )
- break;
-
last_online_node = last_node(node_online_map);
max_node_index = min_t(uint32_t, ni->max_node_index,
last_online_node);
ni->max_node_index = last_online_node;
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index 599430e..cbefb0e 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -69,10 +69,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
case XEN_SYSCTL_tbuf_op:
{
- ret = xsm_tbufcontrol();
- if ( ret )
- break;
-
ret = tb_control(&op->u.tbuf_op);
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -81,10 +77,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
case XEN_SYSCTL_sched_id:
{
- ret = xsm_sched_id();
- if ( ret )
- break;
-
op->u.sched_id.sched_id = sched_id();
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -139,10 +131,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
#ifdef PERF_COUNTERS
case XEN_SYSCTL_perfc_op:
{
- ret = xsm_perfcontrol();
- if ( ret )
- break;
-
ret = perfc_control(&op->u.perfc_op);
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -153,10 +141,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
#ifdef LOCK_PROFILE
case XEN_SYSCTL_lockprof_op:
{
- ret = xsm_lockprof();
- if ( ret )
- break;
-
ret = spinlock_profile_control(&op->u.lockprof_op);
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -168,10 +152,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
char c;
uint32_t i;
- ret = xsm_debug_keys();
- if ( ret )
- break;
-
ret = -EFAULT;
for ( i = 0; i < op->u.debug_keys.nr_keys; i++ )
{
@@ -190,10 +170,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
nr_cpus = min(op->u.getcpuinfo.max_cpus, nr_cpu_ids);
- ret = xsm_getcpuinfo();
- if ( ret )
- break;
-
for ( i = 0; i < nr_cpus; i++ )
{
cpuinfo.idletime = get_cpu_idle_time(i);
@@ -210,10 +186,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_availheap:
{
- ret = xsm_availheap();
- if ( ret )
- break;
-
op->u.availheap.avail_bytes = avail_domheap_pages_region(
op->u.availheap.node,
op->u.availheap.min_bitwidth,
@@ -227,10 +199,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
#ifdef HAS_ACPI
case XEN_SYSCTL_get_pmstat:
{
- ret = xsm_get_pmstat();
- if ( ret )
- break;
-
ret = do_get_pm_info(&op->u.get_pmstat);
if ( ret )
break;
@@ -245,10 +213,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_pm_op:
{
- ret = xsm_pm_op();
- if ( ret )
- break;
-
ret = do_pm_op(&op->u.pm_op);
if ( ret && (ret != -EAGAIN) )
break;
@@ -323,10 +287,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_cpupool_op:
{
- ret = xsm_cpupool_op();
- if ( ret )
- break;
-
ret = cpupool_do_sysctl(&op->u.cpupool_op);
if ( (ret == 0) && copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -335,10 +295,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_scheduler_op:
{
- ret = xsm_sched_op();
- if ( ret )
- break;
-
ret = sched_adjust_global(&op->u.scheduler_op);
if ( (ret == 0) && copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index aef7c4e..93e84dc 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -58,51 +58,11 @@ static XSM_INLINE int xsm_sysctl(int cmd)
return 0;
}
-static XSM_INLINE int xsm_tbufcontrol(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_readconsole(uint32_t clear)
{
return 0;
}
-static XSM_INLINE int xsm_sched_id(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_perfcontrol(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_debug_keys(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getcpuinfo(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_get_pmstat(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_setpminfo(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_pm_op(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_do_mca(void)
{
if ( !IS_PRIV(current->domain) )
@@ -110,11 +70,6 @@ static XSM_INLINE int xsm_do_mca(void)
return 0;
}
-static XSM_INLINE int xsm_availheap(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
{
return 0;
@@ -358,16 +313,6 @@ static XSM_INLINE int xsm_lockprof(void)
return 0;
}
-static XSM_INLINE int xsm_cpupool_op(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_sched_op(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_tmem_op(void)
{
return 0;
@@ -508,11 +453,6 @@ static XSM_INLINE int xsm_microcode(void)
return 0;
}
-static XSM_INLINE int xsm_physinfo(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 903c7cb..f1ccd8e 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -46,16 +46,7 @@ struct xsm_operations {
int (*set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
int (*sysctl) (int cmd);
- int (*tbufcontrol) (void);
int (*readconsole) (uint32_t clear);
- int (*sched_id) (void);
- int (*perfcontrol) (void);
- int (*debug_keys) (void);
- int (*getcpuinfo) (void);
- int (*availheap) (void);
- int (*get_pmstat) (void);
- int (*setpminfo) (void);
- int (*pm_op) (void);
int (*do_mca) (void);
int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
@@ -117,8 +108,6 @@ struct xsm_operations {
int (*page_offline)(uint32_t cmd);
int (*lockprof)(void);
- int (*cpupool_op)(void);
- int (*sched_op)(void);
int (*tmem_op)(void);
int (*tmem_control)(void);
@@ -138,7 +127,6 @@ struct xsm_operations {
int (*xen_settime) (void);
int (*memtype) (uint32_t access);
int (*microcode) (void);
- int (*physinfo) (void);
int (*platform_quirk) (uint32_t);
int (*platform_op) (uint32_t cmd);
int (*firmware_info) (void);
@@ -201,56 +189,11 @@ static inline int xsm_sysctl (int cmd)
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_tbufcontrol (void)
-{
- return xsm_ops->tbufcontrol();
-}
-
static inline int xsm_readconsole (uint32_t clear)
{
return xsm_ops->readconsole(clear);
}
-static inline int xsm_sched_id (void)
-{
- return xsm_ops->sched_id();
-}
-
-static inline int xsm_perfcontrol (void)
-{
- return xsm_ops->perfcontrol();
-}
-
-static inline int xsm_debug_keys (void)
-{
- return xsm_ops->debug_keys();
-}
-
-static inline int xsm_availheap (void)
-{
- return xsm_ops->availheap();
-}
-
-static inline int xsm_getcpuinfo (void)
-{
- return xsm_ops->getcpuinfo();
-}
-
-static inline int xsm_get_pmstat(void)
-{
- return xsm_ops->get_pmstat();
-}
-
-static inline int xsm_setpminfo(void)
-{
- return xsm_ops->setpminfo();
-}
-
-static inline int xsm_pm_op(void)
-{
- return xsm_ops->pm_op();
-}
-
static inline int xsm_do_mca(void)
{
return xsm_ops->do_mca();
@@ -502,16 +445,6 @@ static inline int xsm_lockprof(void)
return xsm_ops->lockprof();
}
-static inline int xsm_cpupool_op(void)
-{
- return xsm_ops->cpupool_op();
-}
-
-static inline int xsm_sched_op(void)
-{
- return xsm_ops->sched_op();
-}
-
static inline int xsm_tmem_op(void)
{
return xsm_ops->tmem_op();
@@ -593,11 +526,6 @@ static inline int xsm_microcode (void)
return xsm_ops->microcode();
}
-static inline int xsm_physinfo (void)
-{
- return xsm_ops->physinfo();
-}
-
static inline int xsm_platform_quirk (uint32_t quirk)
{
return xsm_ops->platform_quirk(quirk);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 9bb86ef..03a17ba 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -35,16 +35,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, set_target);
set_to_dummy_if_null(ops, domctl);
set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, tbufcontrol);
set_to_dummy_if_null(ops, readconsole);
- set_to_dummy_if_null(ops, sched_id);
- set_to_dummy_if_null(ops, perfcontrol);
- set_to_dummy_if_null(ops, debug_keys);
- set_to_dummy_if_null(ops, getcpuinfo);
- set_to_dummy_if_null(ops, availheap);
- set_to_dummy_if_null(ops, get_pmstat);
- set_to_dummy_if_null(ops, setpminfo);
- set_to_dummy_if_null(ops, pm_op);
set_to_dummy_if_null(ops, do_mca);
set_to_dummy_if_null(ops, evtchn_unbound);
@@ -104,8 +95,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, page_offline);
set_to_dummy_if_null(ops, lockprof);
- set_to_dummy_if_null(ops, cpupool_op);
- set_to_dummy_if_null(ops, sched_op);
set_to_dummy_if_null(ops, tmem_op);
set_to_dummy_if_null(ops, tmem_control);
@@ -125,7 +114,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, xen_settime);
set_to_dummy_if_null(ops, memtype);
set_to_dummy_if_null(ops, microcode);
- set_to_dummy_if_null(ops, physinfo);
set_to_dummy_if_null(ops, platform_quirk);
set_to_dummy_if_null(ops, platform_op);
set_to_dummy_if_null(ops, firmware_info);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f0216e0..d72a807 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -702,37 +702,57 @@ static int flask_sysctl(int cmd)
{
/* These have individual XSM hooks */
case XEN_SYSCTL_readconsole:
+ case XEN_SYSCTL_getdomaininfolist:
+ case XEN_SYSCTL_page_offline_op:
+#ifdef CONFIG_X86
+ case XEN_SYSCTL_cpu_hotplug:
+#endif
+ return 0;
+
case XEN_SYSCTL_tbuf_op:
+ return domain_has_xen(current->domain, XEN__TBUFCONTROL);
+
case XEN_SYSCTL_sched_id:
+ return domain_has_xen(current->domain, XEN__SCHEDULER);
+
case XEN_SYSCTL_perfc_op:
- case XEN_SYSCTL_getdomaininfolist:
+ return domain_has_xen(current->domain, XEN__PERFCONTROL);
+
case XEN_SYSCTL_debug_keys:
+ return domain_has_xen(current->domain, XEN__DEBUG);
+
case XEN_SYSCTL_getcpuinfo:
+ return domain_has_xen(current->domain, XEN__GETCPUINFO);
+
case XEN_SYSCTL_availheap:
+ return domain_has_xen(current->domain, XEN__HEAP);
+
case XEN_SYSCTL_get_pmstat:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+
case XEN_SYSCTL_pm_op:
- case XEN_SYSCTL_page_offline_op:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+
case XEN_SYSCTL_lockprof_op:
+ return domain_has_xen(current->domain, XEN__LOCKPROF);
+
case XEN_SYSCTL_cpupool_op:
+ return domain_has_xen(current->domain, XEN__CPUPOOL_OP);
+
case XEN_SYSCTL_scheduler_op:
-#ifdef CONFIG_X86
+ return domain_has_xen(current->domain, XEN__SCHED_OP);
+
case XEN_SYSCTL_physinfo:
- case XEN_SYSCTL_cpu_hotplug:
case XEN_SYSCTL_topologyinfo:
case XEN_SYSCTL_numainfo:
-#endif
- return 0;
+ return domain_has_xen(current->domain, XEN__PHYSINFO);
+
default:
printk("flask_sysctl: Unknown op %d\n", cmd);
return -EPERM;
}
}
-static int flask_tbufcontrol(void)
-{
- return domain_has_xen(current->domain, XEN__TBUFCONTROL);
-}
-
static int flask_readconsole(uint32_t clear)
{
u32 perms = XEN__READCONSOLE;
@@ -743,41 +763,6 @@ static int flask_readconsole(uint32_t clear)
return domain_has_xen(current->domain, perms);
}
-static int flask_sched_id(void)
-{
- return domain_has_xen(current->domain, XEN__SCHEDULER);
-}
-
-static int flask_debug_keys(void)
-{
- return domain_has_xen(current->domain, XEN__DEBUG);
-}
-
-static int flask_getcpuinfo(void)
-{
- return domain_has_xen(current->domain, XEN__GETCPUINFO);
-}
-
-static int flask_availheap(void)
-{
- return domain_has_xen(current->domain, XEN__HEAP);
-}
-
-static int flask_get_pmstat(void)
-{
- return domain_has_xen(current->domain, XEN__PM_OP);
-}
-
-static int flask_setpminfo(void)
-{
- return domain_has_xen(current->domain, XEN__PM_OP);
-}
-
-static int flask_pm_op(void)
-{
- return domain_has_xen(current->domain, XEN__PM_OP);
-}
-
static int flask_do_mca(void)
{
return domain_has_xen(current->domain, XEN__MCA_OP);
@@ -1031,21 +1016,6 @@ static inline int flask_page_offline(uint32_t cmd)
}
}
-static inline int flask_lockprof(void)
-{
- return domain_has_xen(current->domain, XEN__LOCKPROF);
-}
-
-static inline int flask_cpupool_op(void)
-{
- return domain_has_xen(current->domain, XEN__CPUPOOL_OP);
-}
-
-static inline int flask_sched_op(void)
-{
- return domain_has_xen(current->domain, XEN__SCHED_OP);
-}
-
static inline int flask_tmem_op(void)
{
return domain_has_xen(current->domain, XEN__TMEM_OP);
@@ -1056,11 +1026,6 @@ static inline int flask_tmem_control(void)
return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
}
-static int flask_perfcontrol(void)
-{
- return domain_has_xen(current->domain, XEN__PERFCONTROL);
-}
-
#ifdef CONFIG_X86
static int flask_shadow_control(struct domain *d, uint32_t op)
{
@@ -1253,11 +1218,6 @@ static int flask_microcode(void)
return domain_has_xen(current->domain, XEN__MICROCODE);
}
-static int flask_physinfo(void)
-{
- return domain_has_xen(current->domain, XEN__PHYSINFO);
-}
-
static int flask_platform_quirk(uint32_t quirk)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN, XEN__QUIRK,
NULL);
@@ -1278,17 +1238,21 @@ static int flask_platform_op(uint32_t op)
case XENPF_enter_acpi_sleep:
case XENPF_change_freq:
case XENPF_getidletime:
- case XENPF_set_processor_pminfo:
- case XENPF_get_cpuinfo:
- case XENPF_get_cpu_version:
case XENPF_cpu_online:
case XENPF_cpu_offline:
case XENPF_cpu_hotadd:
case XENPF_mem_hotadd:
/* These operations have their own XSM hooks */
return 0;
+
+ case XENPF_set_processor_pminfo:
case XENPF_core_parking:
return domain_has_xen(current->domain, XEN__PM_OP);
+
+ case XENPF_get_cpu_version:
+ case XENPF_get_cpuinfo:
+ return domain_has_xen(current->domain, XEN__GETCPUINFO);
+
default:
printk("flask_platform_op: Unknown op %d\n", op);
return -EPERM;
@@ -1484,16 +1448,7 @@ static struct xsm_operations flask_ops = {
.set_target = flask_set_target,
.domctl = flask_domctl,
.sysctl = flask_sysctl,
- .tbufcontrol = flask_tbufcontrol,
.readconsole = flask_readconsole,
- .sched_id = flask_sched_id,
- .perfcontrol = flask_perfcontrol,
- .debug_keys = flask_debug_keys,
- .getcpuinfo = flask_getcpuinfo,
- .availheap = flask_availheap,
- .get_pmstat = flask_get_pmstat,
- .setpminfo = flask_setpminfo,
- .pm_op = flask_pm_op,
.do_mca = flask_do_mca,
.evtchn_unbound = flask_evtchn_unbound,
@@ -1548,9 +1503,6 @@ static struct xsm_operations flask_ops = {
.resource_setup_misc = flask_resource_setup_misc,
.page_offline = flask_page_offline,
- .lockprof = flask_lockprof,
- .cpupool_op = flask_cpupool_op,
- .sched_op = flask_sched_op,
.tmem_op = flask_tmem_op,
.tmem_control = flask_tmem_control,
@@ -1570,7 +1522,6 @@ static struct xsm_operations flask_ops = {
.xen_settime = flask_xen_settime,
.memtype = flask_memtype,
.microcode = flask_microcode,
- .physinfo = flask_physinfo,
.platform_quirk = flask_platform_quirk,
.platform_op = flask_platform_op,
.firmware_info = flask_firmware_info,
--
1.7.11.7
Daniel De Graaf
2012-Nov-19 21:28 UTC
[PATCH 4/5] xen: platform_hypercall XSM hook removal
A number of the platform_hypercall XSM hooks have no parameters or only
pass the operation ID, making them redundant with the xsm_sysctl hook.
Remove these redundant hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/platform_hypercall.c | 44 ----------------
xen/include/xsm/dummy.h | 52 ------------------
xen/include/xsm/xsm.h | 54 -------------------
xen/xsm/dummy.c | 10 ----
xen/xsm/flask/hooks.c | 107 +++++++++++---------------------------
5 files changed, 30 insertions(+), 237 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index ffac6ac..f267b8b 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -90,10 +90,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
case XENPF_settime:
{
- ret = xsm_xen_settime();
- if ( ret )
- break;
-
do_settime(op->u.settime.secs,
op->u.settime.nsecs,
op->u.settime.system_time);
@@ -103,10 +99,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
case XENPF_add_memtype:
{
- ret = xsm_memtype(op->cmd);
- if ( ret )
- break;
-
ret = mtrr_add_page(
op->u.add_memtype.mfn,
op->u.add_memtype.nr_mfns,
@@ -125,10 +117,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
case XENPF_del_memtype:
{
- ret = xsm_memtype(op->cmd);
- if ( ret )
- break;
-
if (op->u.del_memtype.handle == 0
/* mtrr/main.c otherwise does a lookup */
&& (int)op->u.del_memtype.reg >= 0)
@@ -147,10 +135,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
unsigned long mfn, nr_mfns;
mtrr_type type;
- ret = xsm_memtype(op->cmd);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( op->u.read_memtype.reg < num_var_ranges )
{
@@ -167,10 +151,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
XEN_GUEST_HANDLE(const_void) data;
- ret = xsm_microcode();
- if ( ret )
- break;
-
guest_from_compat_handle(data, op->u.microcode.data);
/*
@@ -198,10 +178,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
int quirk_id = op->u.platform_quirk.quirk_id;
- ret = xsm_platform_quirk(quirk_id);
- if ( ret )
- break;
-
switch ( quirk_id )
{
case QUIRK_NOIRQBALANCING:
@@ -223,10 +199,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_firmware_info:
- ret = xsm_firmware_info();
- if ( ret )
- break;
-
switch ( op->u.firmware_info.type )
{
case XEN_FW_DISK_INFO: {
@@ -335,10 +307,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_efi_runtime_call:
- ret = xsm_efi_call();
- if ( ret )
- break;
-
ret = efi_runtime_call(&op->u.efi_runtime_call);
if ( ret == 0 &&
copy_field_to_guest(u_xenpf_op, op, u.efi_runtime_call) )
@@ -346,18 +314,10 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_enter_acpi_sleep:
- ret = xsm_acpi_sleep();
- if ( ret )
- break;
-
ret = acpi_enter_sleep(&op->u.enter_acpi_sleep);
break;
case XENPF_change_freq:
- ret = xsm_change_freq();
- if ( ret )
- break;
-
ret = -ENOSYS;
if ( cpufreq_controller != FREQCTL_dom0_kernel )
break;
@@ -379,10 +339,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
XEN_GUEST_HANDLE(uint8) cpumap_bitmap;
XEN_GUEST_HANDLE(uint64) idletimes;
- ret = xsm_getidletime();
- if ( ret )
- break;
-
ret = -ENOSYS;
if ( cpufreq_controller != FREQCTL_dom0_kernel )
break;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 93e84dc..aaac50d3 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -308,11 +308,6 @@ static XSM_INLINE int xsm_page_offline(uint32_t cmd)
return 0;
}
-static XSM_INLINE int xsm_lockprof(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_tmem_op(void)
{
return 0;
@@ -438,26 +433,6 @@ static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
return 0;
}
-static XSM_INLINE int xsm_xen_settime(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_memtype(uint32_t access)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_microcode(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_platform_op(uint32_t op)
{
if ( !IS_PRIV(current->domain) )
@@ -465,33 +440,6 @@ static XSM_INLINE int xsm_platform_op(uint32_t op)
return 0;
}
-static XSM_INLINE int xsm_firmware_info(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_efi_call(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_acpi_sleep(void)
-{
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- return 0;
-}
-
-static XSM_INLINE int xsm_change_freq(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getidletime(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_machine_memory_map(void)
{
if ( !IS_PRIV(current->domain) )
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index f1ccd8e..105201e 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -107,7 +107,6 @@ struct xsm_operations {
int (*resource_setup_misc) (void);
int (*page_offline)(uint32_t cmd);
- int (*lockprof)(void);
int (*tmem_op)(void);
int (*tmem_control)(void);
@@ -124,16 +123,8 @@ struct xsm_operations {
int (*mem_event_op) (struct domain *d, int op);
int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
int (*apic) (struct domain *d, int cmd);
- int (*xen_settime) (void);
int (*memtype) (uint32_t access);
- int (*microcode) (void);
- int (*platform_quirk) (uint32_t);
int (*platform_op) (uint32_t cmd);
- int (*firmware_info) (void);
- int (*efi_call) (void);
- int (*acpi_sleep) (void);
- int (*change_freq) (void);
- int (*getidletime) (void);
int (*machine_memory_map) (void);
int (*domain_memory_map) (struct domain *d);
#define XSM_MMU_UPDATE_READ 1
@@ -440,11 +431,6 @@ static inline int xsm_page_offline(uint32_t cmd)
return xsm_ops->page_offline(cmd);
}
-static inline int xsm_lockprof(void)
-{
- return xsm_ops->lockprof();
-}
-
static inline int xsm_tmem_op(void)
{
return xsm_ops->tmem_op();
@@ -511,56 +497,16 @@ static inline int xsm_apic (struct domain *d, int cmd)
return xsm_ops->apic(d, cmd);
}
-static inline int xsm_xen_settime (void)
-{
- return xsm_ops->xen_settime();
-}
-
static inline int xsm_memtype (uint32_t access)
{
return xsm_ops->memtype(access);
}
-static inline int xsm_microcode (void)
-{
- return xsm_ops->microcode();
-}
-
-static inline int xsm_platform_quirk (uint32_t quirk)
-{
- return xsm_ops->platform_quirk(quirk);
-}
-
static inline int xsm_platform_op (uint32_t op)
{
return xsm_ops->platform_op(op);
}
-static inline int xsm_firmware_info (void)
-{
- return xsm_ops->firmware_info();
-}
-
-static inline int xsm_efi_call (void)
-{
- return xsm_ops->efi_call();
-}
-
-static inline int xsm_acpi_sleep (void)
-{
- return xsm_ops->acpi_sleep();
-}
-
-static inline int xsm_change_freq (void)
-{
- return xsm_ops->change_freq();
-}
-
-static inline int xsm_getidletime (void)
-{
- return xsm_ops->getidletime();
-}
-
static inline int xsm_machine_memory_map(void)
{
return xsm_ops->machine_memory_map();
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 03a17ba..22c66e5 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -94,7 +94,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, resource_setup_misc);
set_to_dummy_if_null(ops, page_offline);
- set_to_dummy_if_null(ops, lockprof);
set_to_dummy_if_null(ops, tmem_op);
set_to_dummy_if_null(ops, tmem_control);
@@ -111,16 +110,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, mem_event_op);
set_to_dummy_if_null(ops, mem_sharing_op);
set_to_dummy_if_null(ops, apic);
- set_to_dummy_if_null(ops, xen_settime);
- set_to_dummy_if_null(ops, memtype);
- set_to_dummy_if_null(ops, microcode);
- set_to_dummy_if_null(ops, platform_quirk);
set_to_dummy_if_null(ops, platform_op);
- set_to_dummy_if_null(ops, firmware_info);
- set_to_dummy_if_null(ops, efi_call);
- set_to_dummy_if_null(ops, acpi_sleep);
- set_to_dummy_if_null(ops, change_freq);
- set_to_dummy_if_null(ops, getidletime);
set_to_dummy_if_null(ops, machine_memory_map);
set_to_dummy_if_null(ops, domain_memory_map);
set_to_dummy_if_null(ops, mmu_update);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index d72a807..03ea675 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1186,64 +1186,51 @@ static int flask_apic(struct domain *d, int cmd)
return domain_has_xen(d, perm);
}
-static int flask_xen_settime(void)
-{
- return domain_has_xen(current->domain, XEN__SETTIME);
-}
-
-static int flask_memtype(uint32_t access)
-{
- u32 perm;
-
- switch ( access )
- {
- case XENPF_add_memtype:
- perm = XEN__MTRR_ADD;
- break;
- case XENPF_del_memtype:
- perm = XEN__MTRR_DEL;
- break;
- case XENPF_read_memtype:
- perm = XEN__MTRR_READ;
- break;
- default:
- return -EPERM;
- }
-
- return domain_has_xen(current->domain, perm);
-}
-
-static int flask_microcode(void)
-{
- return domain_has_xen(current->domain, XEN__MICROCODE);
-}
-
-static int flask_platform_quirk(uint32_t quirk)
-{
- return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN, XEN__QUIRK,
NULL);
-}
-
static int flask_platform_op(uint32_t op)
{
switch ( op )
{
+#ifdef CONFIG_X86
+ /* These operations have their own XSM hooks */
+ case XENPF_cpu_online:
+ case XENPF_cpu_offline:
+ case XENPF_cpu_hotadd:
+ case XENPF_mem_hotadd:
+ return 0;
+#endif
+
case XENPF_settime:
+ return domain_has_xen(current->domain, XEN__SETTIME);
+
case XENPF_add_memtype:
+ return domain_has_xen(current->domain, XEN__MTRR_ADD);
+
case XENPF_del_memtype:
+ return domain_has_xen(current->domain, XEN__MTRR_DEL);
+
case XENPF_read_memtype:
+ return domain_has_xen(current->domain, XEN__MTRR_READ);
+
case XENPF_microcode_update:
+ return domain_has_xen(current->domain, XEN__MICROCODE);
+
case XENPF_platform_quirk:
+ return domain_has_xen(current->domain, XEN__QUIRK);
+
case XENPF_firmware_info:
+ return domain_has_xen(current->domain, XEN__FIRMWARE);
+
case XENPF_efi_runtime_call:
+ return domain_has_xen(current->domain, XEN__FIRMWARE);
+
case XENPF_enter_acpi_sleep:
+ return domain_has_xen(current->domain, XEN__SLEEP);
+
case XENPF_change_freq:
+ return domain_has_xen(current->domain, XEN__FREQUENCY);
+
case XENPF_getidletime:
- case XENPF_cpu_online:
- case XENPF_cpu_offline:
- case XENPF_cpu_hotadd:
- case XENPF_mem_hotadd:
- /* These operations have their own XSM hooks */
- return 0;
+ return domain_has_xen(current->domain, XEN__GETIDLE);
case XENPF_set_processor_pminfo:
case XENPF_core_parking:
@@ -1259,31 +1246,6 @@ static int flask_platform_op(uint32_t op)
}
}
-static int flask_firmware_info(void)
-{
- return domain_has_xen(current->domain, XEN__FIRMWARE);
-}
-
-static int flask_efi_call(void)
-{
- return domain_has_xen(current->domain, XEN__FIRMWARE);
-}
-
-static int flask_acpi_sleep(void)
-{
- return domain_has_xen(current->domain, XEN__SLEEP);
-}
-
-static int flask_change_freq(void)
-{
- return domain_has_xen(current->domain, XEN__FREQUENCY);
-}
-
-static int flask_getidletime(void)
-{
- return domain_has_xen(current->domain, XEN__GETIDLE);
-}
-
static int flask_machine_memory_map(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP,
NULL);
@@ -1519,16 +1481,7 @@ static struct xsm_operations flask_ops = {
.mem_event_op = flask_mem_event_op,
.mem_sharing_op = flask_mem_sharing_op,
.apic = flask_apic,
- .xen_settime = flask_xen_settime,
- .memtype = flask_memtype,
- .microcode = flask_microcode,
- .platform_quirk = flask_platform_quirk,
.platform_op = flask_platform_op,
- .firmware_info = flask_firmware_info,
- .efi_call = flask_efi_call,
- .acpi_sleep = flask_acpi_sleep,
- .change_freq = flask_change_freq,
- .getidletime = flask_getidletime,
.machine_memory_map = flask_machine_memory_map,
.domain_memory_map = flask_domain_memory_map,
.mmu_update = flask_mmu_update,
--
1.7.11.7
Daniel De Graaf
2012-Nov-19 21:28 UTC
[PATCH RFC 5/5] xen/xsm: include default hook action in name
Include the default XSM hook action in the name of the hook in order to
allow quick understanding of how the call site is expected to be used
(dom0-only, arbitrary guest, or target-only).
Abbreviation explanation:
xsm_dm_* Usable only by device model (IS_PRIV_FOR)
xsm_hook_* No access check in dummy module. The calling code is
either guest-accessible or covered by another check
xsm_priv_* Privileged command (IS_PRIV)
xsm_target_* Usable by guest or its device model targeted to the guest
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/cpu/mcheck/mce.c | 2 +-
xen/arch/x86/domctl.c | 10 +-
xen/arch/x86/hvm/hvm.c | 26 +--
xen/arch/x86/irq.c | 2 +-
xen/arch/x86/mm.c | 20 +-
xen/arch/x86/mm/mem_event.c | 4 +-
xen/arch/x86/mm/mem_sharing.c | 4 +-
xen/arch/x86/mm/paging.c | 2 +-
xen/arch/x86/msi.c | 2 +-
xen/arch/x86/physdev.c | 12 +-
xen/arch/x86/platform_hypercall.c | 12 +-
xen/arch/x86/sysctl.c | 4 +-
xen/arch/x86/traps.c | 2 +-
xen/common/domain.c | 2 +-
xen/common/domctl.c | 10 +-
xen/common/event_channel.c | 14 +-
xen/common/grant_table.c | 16 +-
xen/common/kexec.c | 2 +-
xen/common/memory.c | 8 +-
xen/common/schedule.c | 2 +-
xen/common/sysctl.c | 6 +-
xen/common/xenoprof.c | 2 +-
xen/drivers/char/console.c | 2 +-
xen/drivers/passthrough/iommu.c | 10 +-
xen/drivers/passthrough/pci.c | 4 +-
xen/include/xen/tmem_xen.h | 4 +-
xen/include/xsm/dummy.h | 140 ++++++-------
xen/include/xsm/xsm.h | 428 +++++++++++++++++++-------------------
xen/xsm/dummy.c | 150 ++++++-------
xen/xsm/flask/hooks.c | 296 +++++++++++++-------------
30 files changed, 599 insertions(+), 599 deletions(-)
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 658774a..72f6f18 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1293,7 +1293,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc)
struct xen_mc_msrinject *mc_msrinject;
struct xen_mc_mceinject *mc_mceinject;
- ret = xsm_do_mca();
+ ret = xsm_priv_do_mca();
if ( ret )
return x86_mcerr(NULL, ret);
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 2630bdb..9541ef8 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -76,7 +76,7 @@ long arch_do_domctl(
if ( np == 0 )
ret = 0;
- else if ( xsm_ioport_permission(d, fp, fp + np - 1, allow) )
+ else if ( xsm_hook_ioport_permission(d, fp, fp + np - 1, allow) )
ret = -EPERM;
else if ( allow )
ret = ioports_permit_access(d, fp, fp + np - 1);
@@ -566,7 +566,7 @@ long arch_do_domctl(
if ( !is_hvm_domain(d) )
break;
- ret = xsm_bind_pt_irq(d, bind);
+ ret = xsm_hook_bind_pt_irq(d, bind);
if ( ret )
break;
@@ -599,7 +599,7 @@ long arch_do_domctl(
!irq_access_permitted(current->domain, bind->machine_irq) )
break;
- ret = xsm_unbind_pt_irq(d, bind);
+ ret = xsm_hook_unbind_pt_irq(d, bind);
if ( ret )
break;
@@ -634,7 +634,7 @@ long arch_do_domctl(
!iomem_access_permitted(current->domain, mfn, mfn + nr_mfns -
1) )
break;
- ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
+ ret = xsm_hook_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
if ( ret )
break;
@@ -712,7 +712,7 @@ long arch_do_domctl(
!ioports_access_permitted(current->domain, fmp, fmp + np - 1) )
break;
- ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add);
+ ret = xsm_hook_ioport_mapping(d, fmp, fmp + np - 1, add);
if ( ret )
break;
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 5bdde8d..e75c139 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3400,7 +3400,7 @@ static int hvmop_set_pci_intx_level(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_set_pci_intx_level(d);
+ rc = xsm_dm_hvm_set_pci_intx_level(d);
if ( rc )
goto out;
@@ -3567,7 +3567,7 @@ static int hvmop_set_isa_irq_level(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_set_isa_irq_level(d);
+ rc = xsm_dm_hvm_set_isa_irq_level(d);
if ( rc )
goto out;
@@ -3611,7 +3611,7 @@ static int hvmop_set_pci_link_route(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_set_pci_link_route(d);
+ rc = xsm_dm_hvm_set_pci_link_route(d);
if ( rc )
goto out;
@@ -3641,7 +3641,7 @@ static int hvmop_inject_msi(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_inject_msi(d);
+ rc = xsm_dm_hvm_inject_msi(d);
if ( rc )
goto out;
@@ -3738,7 +3738,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail;
@@ -3984,7 +3984,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail2;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail2;
@@ -4023,7 +4023,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail3;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail3;
@@ -4069,7 +4069,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail_getmemtype;
@@ -4124,7 +4124,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail4;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail4;
@@ -4203,7 +4203,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail5;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail5;
@@ -4238,7 +4238,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail6;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail6;
@@ -4274,7 +4274,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) || !paging_mode_shadow(d) )
goto param_fail7;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail7;
@@ -4328,7 +4328,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail8;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail8;
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 238600a..ba8a5ce 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1874,7 +1874,7 @@ int map_domain_pirq(
return 0;
}
- ret = xsm_map_domain_pirq(d, irq, data);
+ ret = xsm_hook_map_domain_pirq(d, irq, data);
if ( ret )
{
dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d
mapping to pirq %d\n",
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 39b2cc7..1dbe4ef 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2715,7 +2715,7 @@ long do_mmuext_op(
goto out;
}
- rc = xsm_mmuext_op(d, pg_owner);
+ rc = xsm_target_mmuext_op(d, pg_owner);
if ( rc )
{
rcu_unlock_domain(pg_owner);
@@ -2787,7 +2787,7 @@ long do_mmuext_op(
break;
}
- if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
+ if ( (rc = xsm_hook_memory_pin_page(d, pg_owner, page)) != 0 )
{
put_page_and_type(page);
okay = 0;
@@ -3244,7 +3244,7 @@ long do_mmu_update(
}
if ( xsm_needed != xsm_checked )
{
- rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed);
+ rc = xsm_target_mmu_update(d, pt_owner, pg_owner, xsm_needed);
if ( rc )
break;
xsm_checked = xsm_needed;
@@ -3363,7 +3363,7 @@ long do_mmu_update(
xsm_needed |= XSM_MMU_MACHPHYS_UPDATE;
if ( xsm_needed != xsm_checked )
{
- rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed);
+ rc = xsm_target_mmu_update(d, NULL, pg_owner, xsm_needed);
if ( rc )
break;
xsm_checked = xsm_needed;
@@ -3931,7 +3931,7 @@ static int __do_update_va_mapping(
perfc_incr(calls_to_update_va);
- rc = xsm_update_va_mapping(d, pg_owner, val);
+ rc = xsm_target_update_va_mapping(d, pg_owner, val);
if ( rc )
return rc;
@@ -4402,7 +4402,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( d == NULL )
return -ESRCH;
- if ( xsm_add_to_physmap(current->domain, d) )
+ if ( xsm_target_add_to_physmap(current->domain, d) )
{
rcu_unlock_domain(d);
return -EPERM;
@@ -4441,7 +4441,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( d == NULL )
return -ESRCH;
- rc = xsm_domain_memory_map(d);
+ rc = xsm_target_domain_memory_map(d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -4516,7 +4516,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
XEN_GUEST_HANDLE_PARAM(e820entry_t) buffer_param;
unsigned int i;
- rc = xsm_machine_memory_map();
+ rc = xsm_priv_machine_memory_map();
if ( rc )
return rc;
@@ -4600,9 +4600,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
return -ESRCH;
if ( op == XENMEM_set_pod_target )
- rc = xsm_set_pod_target(d);
+ rc = xsm_priv_set_pod_target(d);
else
- rc = xsm_get_pod_target(d);
+ rc = xsm_priv_get_pod_target(d);
if ( rc != 0 )
goto pod_target_out_unlock;
diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c
index c2b3670..3a7605c 100644
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
@@ -449,7 +449,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg)
if ( ret )
return ret;
- ret = xsm_mem_event_op(d, op);
+ ret = xsm_dm_mem_event_op(d, op);
if ( ret )
goto out;
@@ -502,7 +502,7 @@ int mem_event_domctl(struct domain *d,
xen_domctl_mem_event_op_t *mec,
{
int rc;
- rc = xsm_mem_event_control(d, mec->mode, mec->op);
+ rc = xsm_dm_mem_event_control(d, mec->mode, mec->op);
if ( rc )
return rc;
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 9229b83..57f02af 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1351,7 +1351,7 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( rc )
return rc;
- rc = xsm_mem_sharing_op(d, cd, mec->op);
+ rc = xsm_dm_mem_sharing_op(d, cd, mec->op);
if ( rc )
{
rcu_unlock_domain(cd);
@@ -1415,7 +1415,7 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( rc )
return rc;
- rc = xsm_mem_sharing_op(d, cd, mec->op);
+ rc = xsm_dm_mem_sharing_op(d, cd, mec->op);
if ( rc )
{
rcu_unlock_domain(cd);
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index ea44e39..1815696 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -678,7 +678,7 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t
*sc,
return -EINVAL;
}
- rc = xsm_shadow_control(d, sc->op);
+ rc = xsm_hook_shadow_control(d, sc->op);
if ( rc )
return rc;
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index e48ad2e..4bad230 100644
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -1016,7 +1016,7 @@ int pci_restore_msi_state(struct pci_dev *pdev)
if (!pdev)
return -EINVAL;
- ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus
<< 8) | pdev->devfn);
+ ret = xsm_priv_resource_setup_pci((pdev->seg << 16) |
(pdev->bus << 8) | pdev->devfn);
if ( ret )
return ret;
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 9c30245..a894c43 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -232,7 +232,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
goto free_domain;
}
- ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
+ ret = xsm_dm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
if ( ret )
goto free_domain;
@@ -423,7 +423,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = xsm_apic(v->domain, cmd);
+ ret = xsm_priv_apic(v->domain, cmd);
if ( ret )
break;
ret = ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.value);
@@ -437,7 +437,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = xsm_apic(v->domain, cmd);
+ ret = xsm_priv_apic(v->domain, cmd);
if ( ret )
break;
ret = ioapic_guest_write(apic.apic_physbase, apic.reg, apic.value);
@@ -453,7 +453,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
/* Use the APIC check since this dummy hypercall should still only
* be called by the domain with access to program the ioapic */
- ret = xsm_apic(v->domain, cmd);
+ ret = xsm_priv_apic(v->domain, cmd);
if ( ret )
break;
@@ -578,7 +578,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_pci_mmcfg_reserved: {
struct physdev_pci_mmcfg_reserved info;
- ret = xsm_resource_setup_misc();
+ ret = xsm_priv_resource_setup_misc();
if ( ret )
break;
@@ -632,7 +632,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi )
break;
- ret = xsm_resource_setup_gsi(setup_gsi.gsi);
+ ret = xsm_priv_resource_setup_gsi(setup_gsi.gsi);
if ( ret )
break;
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index f267b8b..c4b20ea 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -72,7 +72,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t)
u_xenpf_op)
if ( op->interface_version != XENPF_INTERFACE_VERSION )
return -EACCES;
- ret = xsm_platform_op(op->cmd);
+ ret = xsm_priv_platform_op(op->cmd);
if ( ret )
return ret;
@@ -496,7 +496,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
int cpu = op->u.cpu_ol.cpuid;
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
@@ -512,7 +512,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
}
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
@@ -525,7 +525,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
int cpu = op->u.cpu_ol.cpuid;
- ret = xsm_resource_unplug_core();
+ ret = xsm_hook_resource_unplug_core();
if ( ret )
break;
@@ -554,7 +554,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_cpu_hotadd:
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
@@ -564,7 +564,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_mem_hotadd:
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index 5b0c4b7..3a10a13 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -184,14 +184,14 @@ long arch_do_sysctl(
switch ( sysctl->u.cpu_hotplug.op )
{
case XEN_SYSCTL_CPU_HOTPLUG_ONLINE:
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
ret = continue_hypercall_on_cpu(
0, cpu_up_helper, (void *)(unsigned long)cpu);
break;
case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE:
- ret = xsm_resource_unplug_core();
+ ret = xsm_hook_resource_unplug_core();
if ( ret )
break;
ret = continue_hypercall_on_cpu(
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 44a866e..695e991 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1643,7 +1643,7 @@ static int pci_cfg_ok(struct domain *d, int write, int
size)
start |= (d->arch.pci_cf8 >> 16) & 0xF00;
}
end = start + size - 1;
- if (xsm_pci_config_permission(d, machine_bdf, start, end, write))
+ if (xsm_hook_pci_config_permission(d, machine_bdf, start, end, write))
return 0;
return 1;
}
diff --git a/xen/common/domain.c b/xen/common/domain.c
index fcf24e2..296d735 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -252,7 +252,7 @@ struct domain *domain_create(
if ( !is_idle_domain(d) )
{
- if ( (err = xsm_domain_create(d, ssidref)) != 0 )
+ if ( (err = xsm_hook_domain_create(d, ssidref)) != 0 )
goto fail;
d->is_paused_by_controller = 1;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 6f792e9..1f88ad2 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -150,7 +150,7 @@ void getdomaininfo(struct domain *d, struct
xen_domctl_getdomaininfo *info)
if ( is_hvm_domain(d) )
info->flags |= XEN_DOMINF_hvm_guest;
- xsm_security_domaininfo(d, info);
+ xsm_populate_security_domaininfo(d, info);
info->tot_pages = d->tot_pages;
info->max_pages = d->max_pages;
@@ -580,7 +580,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
break;
}
- ret = xsm_getdomaininfo(d);
+ ret = xsm_hook_getdomaininfo(d);
if ( ret )
goto getdomaininfo_out;
@@ -722,7 +722,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( pirq >= d->nr_pirqs )
ret = -EINVAL;
- else if ( xsm_irq_permission(d, pirq, allow) )
+ else if ( xsm_hook_irq_permission(d, pirq, allow) )
ret = -EPERM;
else if ( allow )
ret = irq_permit_access(d, pirq);
@@ -741,7 +741,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */
break;
- if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
+ if ( xsm_hook_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
ret = -EPERM;
else if ( allow )
ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
@@ -773,7 +773,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
break;
}
- ret = xsm_set_target(d, e);
+ ret = xsm_hook_set_target(d, e);
if ( ret ) {
put_domain(e);
break;
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 37947a9..ef0d89b 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -175,7 +175,7 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t
*alloc)
ERROR_EXIT_DOM(port, d);
chn = evtchn_from_port(d, port);
- rc = xsm_evtchn_unbound(d, chn, alloc->remote_dom);
+ rc = xsm_target_evtchn_unbound(d, chn, alloc->remote_dom);
if ( rc )
goto out;
@@ -231,7 +231,7 @@ static long
evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind)
(rchn->u.unbound.remote_domid != ld->domain_id) )
ERROR_EXIT_DOM(-EINVAL, rd);
- rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn);
+ rc = xsm_hook_evtchn_interdomain(ld, lchn, rd, rchn);
if ( rc )
goto out;
@@ -535,7 +535,7 @@ static long __evtchn_close(struct domain *d1, int port1)
chn1->state = ECS_FREE;
chn1->notify_vcpu_id = 0;
- xsm_evtchn_close_post(chn1);
+ xsm_hook_evtchn_close_post(chn1);
out:
if ( d2 != NULL )
@@ -580,7 +580,7 @@ int evtchn_send(struct domain *d, unsigned int lport)
return -EINVAL;
}
- ret = xsm_evtchn_send(ld, lchn);
+ ret = xsm_hook_evtchn_send(ld, lchn);
if ( ret )
goto out;
@@ -812,7 +812,7 @@ static long evtchn_status(evtchn_status_t *status)
chn = evtchn_from_port(d, port);
- rc = xsm_evtchn_status(d, chn);
+ rc = xsm_target_evtchn_status(d, chn);
if ( rc )
goto out;
@@ -954,7 +954,7 @@ static long evtchn_reset(evtchn_reset_t *r)
if ( d == NULL )
return -ESRCH;
- rc = xsm_evtchn_reset(current->domain, d);
+ rc = xsm_target_evtchn_reset(current->domain, d);
if ( rc )
goto out;
@@ -1101,7 +1101,7 @@ int alloc_unbound_xen_event_channel(
goto out;
chn = evtchn_from_port(d, port);
- rc = xsm_evtchn_unbound(d, chn, remote_domid);
+ rc = xsm_target_evtchn_unbound(d, chn, remote_domid);
chn->state = ECS_UNBOUND;
chn->xen_consumer = get_xen_consumer(notification_fn);
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index eae9518..e3690b6 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -552,7 +552,7 @@ __gnttab_map_grant_ref(
return;
}
- rc = xsm_grant_mapref(ld, rd, op->flags);
+ rc = xsm_hook_grant_mapref(ld, rd, op->flags);
if ( rc )
{
rcu_unlock_domain(rd);
@@ -872,7 +872,7 @@ __gnttab_unmap_common(
return;
}
- rc = xsm_grant_unmapref(ld, rd);
+ rc = xsm_hook_grant_unmapref(ld, rd);
if ( rc )
{
rcu_unlock_domain(rd);
@@ -1326,7 +1326,7 @@ gnttab_setup_table(
goto out2;
}
- if ( xsm_grant_setup(current->domain, d) )
+ if ( xsm_target_grant_setup(current->domain, d) )
{
op.status = GNTST_permission_denied;
goto out2;
@@ -1395,7 +1395,7 @@ gnttab_query_size(
goto query_out;
}
- rc = xsm_grant_query_size(current->domain, d);
+ rc = xsm_target_grant_query_size(current->domain, d);
if ( rc )
{
op.status = GNTST_permission_denied;
@@ -1571,7 +1571,7 @@ gnttab_transfer(
goto copyback;
}
- if ( xsm_grant_transfer(d, e) )
+ if ( xsm_hook_grant_transfer(d, e) )
{
put_gfn(d, gop.mfn);
gop.status = GNTST_permission_denied;
@@ -2010,7 +2010,7 @@ __gnttab_copy(
PIN_FAIL(error_out, GNTST_bad_domain,
"couldn''t find %d\n", op->dest.domid);
- rc = xsm_grant_copy(sd, dd);
+ rc = xsm_hook_grant_copy(sd, dd);
if ( rc )
{
rc = GNTST_permission_denied;
@@ -2267,7 +2267,7 @@
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
op.status = GNTST_bad_domain;
goto out1;
}
- rc = xsm_grant_setup(current->domain, d);
+ rc = xsm_target_grant_setup(current->domain, d);
if ( rc ) {
op.status = GNTST_permission_denied;
goto out1;
@@ -2318,7 +2318,7 @@
gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t uop))
if ( d == NULL )
return -ESRCH;
- rc = xsm_grant_query_size(current->domain, d);
+ rc = xsm_target_grant_query_size(current->domain, d);
if ( rc )
{
rcu_unlock_domain(d);
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index d4f6332..ff9d205 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -852,7 +852,7 @@ static int do_kexec_op_internal(unsigned long op,
unsigned long flags;
int ret = -EINVAL;
- ret = xsm_kexec();
+ ret = xsm_priv_kexec();
if ( ret )
return ret;
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 7d3c326..0e216bb 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -336,7 +336,7 @@ static long
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
goto fail_early;
}
- rc = xsm_memory_exchange(d);
+ rc = xsm_target_memory_exchange(d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -585,7 +585,7 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
return start_extent;
args.domain = d;
- rc = xsm_memory_adjust_reservation(current->domain, d);
+ rc = xsm_target_memory_adjust_reservation(current->domain, d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -634,7 +634,7 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- rc = xsm_memory_stat_reservation(current->domain, d);
+ rc = xsm_target_memory_stat_reservation(current->domain, d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -672,7 +672,7 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- if ( xsm_remove_from_physmap(current->domain, d) )
+ if ( xsm_target_remove_from_physmap(current->domain, d) )
{
rcu_unlock_domain(d);
return -EPERM;
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index cfd173d..2cad778 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -921,7 +921,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
break;
- ret = xsm_schedop_shutdown(current->domain, d);
+ ret = xsm_dm_schedop_shutdown(current->domain, d);
if ( ret )
{
rcu_unlock_domain(d);
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index cbefb0e..d6e3f6c 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -57,7 +57,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
{
case XEN_SYSCTL_readconsole:
{
- ret = xsm_readconsole(op->u.readconsole.clear);
+ ret = xsm_hook_readconsole(op->u.readconsole.clear);
if ( ret )
break;
@@ -100,7 +100,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
if ( num_domains == op->u.getdomaininfolist.max_domains )
break;
- ret = xsm_getdomaininfo(d);
+ ret = xsm_hook_getdomaininfo(d);
if ( ret )
continue;
@@ -231,7 +231,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
uint32_t *status, *ptr;
unsigned long pfn;
- ret = xsm_page_offline(op->u.page_offline.cmd);
+ ret = xsm_hook_page_offline(op->u.page_offline.cmd);
if ( ret )
break;
diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index ae0435b..7a82e3a 100644
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -680,7 +680,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
return -EPERM;
}
- ret = xsm_profile(current->domain, op);
+ ret = xsm_hook_profile(current->domain, op);
if ( ret )
return ret;
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index b2c3ee3..b6faa43 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -406,7 +406,7 @@ long do_console_io(int cmd, int count,
XEN_GUEST_HANDLE_PARAM(char) buffer)
long rc;
unsigned int idx, len;
- rc = xsm_console_io(current->domain, cmd);
+ rc = xsm_priv_console_io(current->domain, cmd);
if ( rc )
return rc;
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 9d13185..52eff81 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -452,7 +452,7 @@ static int iommu_get_device_group(
((pdev->bus == bus) && (pdev->devfn == devfn)) )
continue;
- if ( xsm_get_device_group((seg << 16) | (pdev->bus << 8)
| pdev->devfn) )
+ if ( xsm_hook_get_device_group((seg << 16) | (pdev->bus
<< 8) | pdev->devfn) )
continue;
sdev_id = ops->get_device_group_id(seg, pdev->bus,
pdev->devfn);
@@ -555,7 +555,7 @@ int iommu_do_domctl(
u32 max_sdevs;
XEN_GUEST_HANDLE_64(uint32) sdevs;
- ret = xsm_get_device_group(domctl->u.get_device_group.machine_sbdf);
+ ret =
xsm_hook_get_device_group(domctl->u.get_device_group.machine_sbdf);
if ( ret )
break;
@@ -583,7 +583,7 @@ int iommu_do_domctl(
break;
case XEN_DOMCTL_test_assign_device:
- ret = xsm_test_assign_device(domctl->u.assign_device.machine_sbdf);
+ ret =
xsm_hook_test_assign_device(domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
@@ -607,7 +607,7 @@ int iommu_do_domctl(
break;
}
- ret = xsm_assign_device(d, domctl->u.assign_device.machine_sbdf);
+ ret = xsm_hook_assign_device(d,
domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
@@ -626,7 +626,7 @@ int iommu_do_domctl(
break;
case XEN_DOMCTL_deassign_device:
- ret = xsm_deassign_device(d, domctl->u.assign_device.machine_sbdf);
+ ret = xsm_hook_deassign_device(d,
domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index d5ef4c1..43eceab 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -380,7 +380,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, const struct
pci_dev_info *info)
pdev_type = "device";
}
- ret = xsm_resource_plug_pci((seg << 16) | (bus << 8) | devfn);
+ ret = xsm_priv_resource_plug_pci((seg << 16) | (bus << 8) |
devfn);
if ( ret )
return ret;
@@ -496,7 +496,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn)
struct pci_dev *pdev;
int ret;
- ret = xsm_resource_unplug_pci((seg << 16) | (bus << 8) |
devfn);
+ ret = xsm_priv_resource_unplug_pci((seg << 16) | (bus << 8) |
devfn);
if ( ret )
return ret;
diff --git a/xen/include/xen/tmem_xen.h b/xen/include/xen/tmem_xen.h
index 8dec5aa..81d88f3 100644
--- a/xen/include/xen/tmem_xen.h
+++ b/xen/include/xen/tmem_xen.h
@@ -329,12 +329,12 @@ static inline bool_t tmh_set_client_from_id(
static inline bool_t tmh_current_permitted(void)
{
- return !xsm_tmem_op();
+ return !xsm_hook_tmem_op();
}
static inline bool_t tmh_current_is_privileged(void)
{
- return !xsm_tmem_control();
+ return !xsm_priv_tmem_control();
}
static inline uint8_t tmh_get_first_byte(pfp_t *pfp)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index aaac50d3..09ee3f2 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -11,23 +11,23 @@
#include <xen/sched.h>
#include <xsm/xsm.h>
-static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
+static XSM_INLINE void xsm_populate_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
return;
}
-static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_hook_domain_create(struct domain *d, u32 ssidref)
{
return 0;
}
-static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
+static XSM_INLINE int xsm_hook_getdomaininfo(struct domain *d)
{
return 0;
}
-static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_hook_set_target(struct domain *d, struct domain *e)
{
return 0;
}
@@ -58,12 +58,12 @@ static XSM_INLINE int xsm_sysctl(int cmd)
return 0;
}
-static XSM_INLINE int xsm_readconsole(uint32_t clear)
+static XSM_INLINE int xsm_hook_readconsole(uint32_t clear)
{
return 0;
}
-static XSM_INLINE int xsm_do_mca(void)
+static XSM_INLINE int xsm_priv_do_mca(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
@@ -80,49 +80,49 @@ static XSM_INLINE void xsm_free_security_domain(struct
domain *d)
return;
}
-static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_hook_grant_mapref(struct domain *d1, struct domain
*d2,
uint32_t flags)
{
return 0;
}
-static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_unmapref(struct domain *d1, struct domain
*d2)
{
return 0;
}
-static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_grant_setup(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_transfer(struct domain *d1, struct domain
*d2)
{
return 0;
}
-static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_copy(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_target_grant_query_size(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_memory_exchange(struct domain *d)
+static XSM_INLINE int xsm_target_memory_exchange(struct domain *d)
{
if ( d != current->domain && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
+static XSM_INLINE int xsm_target_memory_adjust_reservation(struct domain *d1,
struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
@@ -130,14 +130,14 @@ static XSM_INLINE int xsm_memory_adjust_reservation(struct
domain *d1,
return 0;
}
-static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct
domain *d2)
+static XSM_INLINE int xsm_target_memory_stat_reservation(struct domain *d1,
struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_console_io(struct domain *d, int cmd)
+static XSM_INLINE int xsm_priv_console_io(struct domain *d, int cmd)
{
#ifndef VERBOSE
if ( !IS_PRIV(current->domain) )
@@ -146,32 +146,32 @@ static XSM_INLINE int xsm_console_io(struct domain *d, int
cmd)
return 0;
}
-static XSM_INLINE int xsm_profile(struct domain *d, int op)
+static XSM_INLINE int xsm_hook_profile(struct domain *d, int op)
{
return 0;
}
-static XSM_INLINE int xsm_kexec(void)
+static XSM_INLINE int xsm_priv_kexec(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_dm_schedop_shutdown(struct domain *d1, struct domain
*d2)
{
if ( !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_hook_memory_pin_page(struct domain *d1, struct domain
*d2,
struct page_info *page)
{
return 0;
}
-static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
+static XSM_INLINE int xsm_target_evtchn_unbound(struct domain *d, struct evtchn
*chn,
domid_t id2)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
@@ -179,30 +179,30 @@ static XSM_INLINE int xsm_evtchn_unbound(struct domain *d,
struct evtchn *chn,
return 0;
}
-static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn
+static XSM_INLINE int xsm_hook_evtchn_interdomain(struct domain *d1, struct
evtchn
*chan1, struct domain *d2, struct evtchn
*chan2)
{
return 0;
}
-static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
+static XSM_INLINE void xsm_hook_evtchn_close_post(struct evtchn *chn)
{
return;
}
-static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_hook_evtchn_send(struct domain *d, struct evtchn
*chn)
{
return 0;
}
-static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_target_evtchn_status(struct domain *d, struct evtchn
*chn)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_evtchn_reset(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
@@ -224,96 +224,96 @@ static XSM_INLINE char * xsm_show_security_evtchn(struct
domain *d, const struct
return NULL;
}
-static XSM_INLINE int xsm_get_pod_target(struct domain *d)
+static XSM_INLINE int xsm_priv_get_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_set_pod_target(struct domain *d)
+static XSM_INLINE int xsm_priv_set_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_get_device_group(uint32_t machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_test_assign_device(uint32_t machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_assign_device(struct domain *d, uint32_t
machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t
machine_bdf)
+static XSM_INLINE int xsm_hook_deassign_device(struct domain *d, uint32_t
machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_resource_plug_core(void)
+static XSM_INLINE int xsm_hook_resource_plug_core(void)
{
return 0;
}
-static XSM_INLINE int xsm_resource_unplug_core(void)
+static XSM_INLINE int xsm_hook_resource_unplug_core(void)
{
return 0;
}
-static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_plug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_unplug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_setup_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_setup_gsi(int gsi)
+static XSM_INLINE int xsm_priv_resource_setup_gsi(int gsi)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_setup_misc(void)
+static XSM_INLINE int xsm_priv_resource_setup_misc(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_page_offline(uint32_t cmd)
+static XSM_INLINE int xsm_hook_page_offline(uint32_t cmd)
{
return 0;
}
-static XSM_INLINE int xsm_tmem_op(void)
+static XSM_INLINE int xsm_hook_tmem_op(void)
{
return 0;
}
-static XSM_INLINE int xsm_tmem_control(void)
+static XSM_INLINE int xsm_priv_tmem_control(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
@@ -330,34 +330,34 @@ static XSM_INLINE char * xsm_show_irq_sid(int irq)
return NULL;
}
-static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void
*data)
+static XSM_INLINE int xsm_hook_map_domain_pirq(struct domain *d, int irq, void
*data)
{
return 0;
}
-static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq)
+static XSM_INLINE int xsm_dm_unmap_domain_pirq(struct domain *d, int irq)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t
allow)
+static XSM_INLINE int xsm_hook_irq_permission(struct domain *d, int pirq,
uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_iomem_permission(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+static XSM_INLINE int xsm_hook_iomem_mapping(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t
machine_bdf,
+static XSM_INLINE int xsm_hook_pci_config_permission(struct domain *d, uint32_t
machine_bdf,
uint16_t start, uint16_t end,
uint8_t access)
{
@@ -365,96 +365,96 @@ static XSM_INLINE int xsm_pci_config_permission(struct
domain *d, uint32_t machi
}
#ifdef CONFIG_X86
-static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_hook_shadow_control(struct domain *d, uint32_t op)
{
return 0;
}
-static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_target_hvm_param(struct domain *d, unsigned long op)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_pci_intx_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_isa_irq_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_pci_link_route(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_inject_msi(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_dm_mem_event_control(struct domain *d, int mode, int
op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op)
+static XSM_INLINE int xsm_dm_mem_event_op(struct domain *d, int op)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
int op)
+static XSM_INLINE int xsm_dm_mem_sharing_op(struct domain *d, struct domain
*cd, int op)
{
if ( !IS_PRIV_FOR(current->domain, cd) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
+static XSM_INLINE int xsm_priv_apic(struct domain *d, int cmd)
{
if ( !IS_PRIV(d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_platform_op(uint32_t op)
+static XSM_INLINE int xsm_priv_platform_op(uint32_t op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_machine_memory_map(void)
+static XSM_INLINE int xsm_priv_machine_memory_map(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_domain_memory_map(struct domain *d)
+static XSM_INLINE int xsm_target_domain_memory_map(struct domain *d)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t,
+static XSM_INLINE int xsm_target_mmu_update(struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
if ( t && d != t && !IS_PRIV_FOR(d, t) )
@@ -464,14 +464,14 @@ static XSM_INLINE int xsm_mmu_update(struct domain *d,
struct domain *t,
return 0;
}
-static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_target_mmuext_op(struct domain *d, struct domain *f)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain *f,
+static XSM_INLINE int xsm_target_update_va_mapping(struct domain *d, struct
domain *f,
l1_pgentry_t pte)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
@@ -479,36 +479,36 @@ static XSM_INLINE int xsm_update_va_mapping(struct domain
*d, struct domain *f,
return 0;
}
-static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_add_to_physmap(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_target_remove_from_physmap(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_hook_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_hook_unbind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+static XSM_INLINE int xsm_hook_ioport_mapping(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 105201e..c3a29b6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -39,30 +39,30 @@ extern xsm_initcall_t __xsm_initcall_start[],
__xsm_initcall_end[];
__used_section(".xsm_initcall.init") = fn
struct xsm_operations {
- void (*security_domaininfo) (struct domain *d,
+ void (*populate_security_domaininfo) (struct domain *d,
struct xen_domctl_getdomaininfo *info);
- int (*domain_create) (struct domain *d, u32 ssidref);
- int (*getdomaininfo) (struct domain *d);
- int (*set_target) (struct domain *d, struct domain *e);
+ int (*hook_domain_create) (struct domain *d, u32 ssidref);
+ int (*hook_getdomaininfo) (struct domain *d);
+ int (*hook_set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
int (*sysctl) (int cmd);
- int (*readconsole) (uint32_t clear);
- int (*do_mca) (void);
+ int (*hook_readconsole) (uint32_t clear);
+ int (*priv_do_mca) (void);
- int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
- int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
+ int (*target_evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t
id2);
+ int (*hook_evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
struct domain *d2, struct evtchn
*chn2);
- void (*evtchn_close_post) (struct evtchn *chn);
- int (*evtchn_send) (struct domain *d, struct evtchn *chn);
- int (*evtchn_status) (struct domain *d, struct evtchn *chn);
- int (*evtchn_reset) (struct domain *d1, struct domain *d2);
-
- int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags);
- int (*grant_unmapref) (struct domain *d1, struct domain *d2);
- int (*grant_setup) (struct domain *d1, struct domain *d2);
- int (*grant_transfer) (struct domain *d1, struct domain *d2);
- int (*grant_copy) (struct domain *d1, struct domain *d2);
- int (*grant_query_size) (struct domain *d1, struct domain *d2);
+ void (*hook_evtchn_close_post) (struct evtchn *chn);
+ int (*hook_evtchn_send) (struct domain *d, struct evtchn *chn);
+ int (*target_evtchn_status) (struct domain *d, struct evtchn *chn);
+ int (*target_evtchn_reset) (struct domain *d1, struct domain *d2);
+
+ int (*hook_grant_mapref) (struct domain *d1, struct domain *d2, uint32_t
flags);
+ int (*hook_grant_unmapref) (struct domain *d1, struct domain *d2);
+ int (*target_grant_setup) (struct domain *d1, struct domain *d2);
+ int (*hook_grant_transfer) (struct domain *d1, struct domain *d2);
+ int (*hook_grant_copy) (struct domain *d1, struct domain *d2);
+ int (*target_grant_query_size) (struct domain *d1, struct domain *d2);
int (*alloc_security_domain) (struct domain *d);
void (*free_security_domain) (struct domain *d);
@@ -70,76 +70,76 @@ struct xsm_operations {
void (*free_security_evtchn) (struct evtchn *chn);
char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
- int (*get_pod_target) (struct domain *d);
- int (*set_pod_target) (struct domain *d);
- int (*memory_exchange) (struct domain *d);
- int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
- int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
- int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct
page_info *page);
- int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
+ int (*priv_get_pod_target) (struct domain *d);
+ int (*priv_set_pod_target) (struct domain *d);
+ int (*target_memory_exchange) (struct domain *d);
+ int (*target_memory_adjust_reservation) (struct domain *d1, struct domain
*d2);
+ int (*target_memory_stat_reservation) (struct domain *d1, struct domain
*d2);
+ int (*hook_memory_pin_page) (struct domain *d1, struct domain *d2, struct
page_info *page);
+ int (*target_remove_from_physmap) (struct domain *d1, struct domain *d2);
- int (*console_io) (struct domain *d, int cmd);
+ int (*priv_console_io) (struct domain *d, int cmd);
- int (*profile) (struct domain *d, int op);
+ int (*hook_profile) (struct domain *d, int op);
- int (*kexec) (void);
- int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
+ int (*priv_kexec) (void);
+ int (*dm_schedop_shutdown) (struct domain *d1, struct domain *d2);
char *(*show_irq_sid) (int irq);
- int (*map_domain_pirq) (struct domain *d, int irq, void *data);
- int (*unmap_domain_pirq) (struct domain *d, int irq);
- int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
- int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
- int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
- int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
-
- int (*get_device_group) (uint32_t machine_bdf);
- int (*test_assign_device) (uint32_t machine_bdf);
- int (*assign_device) (struct domain *d, uint32_t machine_bdf);
- int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
-
- int (*resource_plug_core) (void);
- int (*resource_unplug_core) (void);
- int (*resource_plug_pci) (uint32_t machine_bdf);
- int (*resource_unplug_pci) (uint32_t machine_bdf);
- int (*resource_setup_pci) (uint32_t machine_bdf);
- int (*resource_setup_gsi) (int gsi);
- int (*resource_setup_misc) (void);
-
- int (*page_offline)(uint32_t cmd);
- int (*tmem_op)(void);
- int (*tmem_control)(void);
+ int (*hook_map_domain_pirq) (struct domain *d, int irq, void *data);
+ int (*dm_unmap_domain_pirq) (struct domain *d, int irq);
+ int (*hook_irq_permission) (struct domain *d, int pirq, uint8_t allow);
+ int (*hook_iomem_permission) (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
+ int (*hook_iomem_mapping) (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
+ int (*hook_pci_config_permission) (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
+
+ int (*hook_get_device_group) (uint32_t machine_bdf);
+ int (*hook_test_assign_device) (uint32_t machine_bdf);
+ int (*hook_assign_device) (struct domain *d, uint32_t machine_bdf);
+ int (*hook_deassign_device) (struct domain *d, uint32_t machine_bdf);
+
+ int (*hook_resource_plug_core) (void);
+ int (*hook_resource_unplug_core) (void);
+ int (*priv_resource_plug_pci) (uint32_t machine_bdf);
+ int (*priv_resource_unplug_pci) (uint32_t machine_bdf);
+ int (*priv_resource_setup_pci) (uint32_t machine_bdf);
+ int (*priv_resource_setup_gsi) (int gsi);
+ int (*priv_resource_setup_misc) (void);
+
+ int (*hook_page_offline)(uint32_t cmd);
+ int (*hook_tmem_op)(void);
+ int (*priv_tmem_control)(void);
long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
#ifdef CONFIG_X86
- int (*shadow_control) (struct domain *d, uint32_t op);
- int (*hvm_param) (struct domain *d, unsigned long op);
- int (*hvm_set_pci_intx_level) (struct domain *d);
- int (*hvm_set_isa_irq_level) (struct domain *d);
- int (*hvm_set_pci_link_route) (struct domain *d);
- int (*hvm_inject_msi) (struct domain *d);
- int (*mem_event_control) (struct domain *d, int mode, int op);
- int (*mem_event_op) (struct domain *d, int op);
- int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
- int (*apic) (struct domain *d, int cmd);
+ int (*hook_shadow_control) (struct domain *d, uint32_t op);
+ int (*target_hvm_param) (struct domain *d, unsigned long op);
+ int (*dm_hvm_set_pci_intx_level) (struct domain *d);
+ int (*dm_hvm_set_isa_irq_level) (struct domain *d);
+ int (*dm_hvm_set_pci_link_route) (struct domain *d);
+ int (*dm_hvm_inject_msi) (struct domain *d);
+ int (*dm_mem_event_control) (struct domain *d, int mode, int op);
+ int (*dm_mem_event_op) (struct domain *d, int op);
+ int (*dm_mem_sharing_op) (struct domain *d, struct domain *cd, int op);
+ int (*priv_apic) (struct domain *d, int cmd);
int (*memtype) (uint32_t access);
- int (*platform_op) (uint32_t cmd);
- int (*machine_memory_map) (void);
- int (*domain_memory_map) (struct domain *d);
+ int (*priv_platform_op) (uint32_t cmd);
+ int (*priv_machine_memory_map) (void);
+ int (*target_domain_memory_map) (struct domain *d);
#define XSM_MMU_UPDATE_READ 1
#define XSM_MMU_UPDATE_WRITE 2
#define XSM_MMU_NORMAL_UPDATE 4
#define XSM_MMU_MACHPHYS_UPDATE 8
- int (*mmu_update) (struct domain *d, struct domain *t,
+ int (*target_mmu_update) (struct domain *d, struct domain *t,
struct domain *f, uint32_t flags);
- int (*mmuext_op) (struct domain *d, struct domain *f);
- int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t
pte);
- int (*add_to_physmap) (struct domain *d1, struct domain *d2);
- int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
- int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
- int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
+ int (*target_mmuext_op) (struct domain *d, struct domain *f);
+ int (*target_update_va_mapping) (struct domain *d, struct domain *f,
l1_pgentry_t pte);
+ int (*target_add_to_physmap) (struct domain *d1, struct domain *d2);
+ int (*hook_bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
+ int (*hook_unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
+ int (*hook_ioport_permission) (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
+ int (*hook_ioport_mapping) (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
#endif
};
@@ -149,25 +149,25 @@ extern struct xsm_operations *xsm_ops;
#ifndef XSM_NO_WRAPPERS
-static inline void xsm_security_domaininfo (struct domain *d,
+static inline void xsm_populate_security_domaininfo (struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
- xsm_ops->security_domaininfo(d, info);
+ xsm_ops->populate_security_domaininfo(d, info);
}
-static inline int xsm_domain_create (struct domain *d, u32 ssidref)
+static inline int xsm_hook_domain_create (struct domain *d, u32 ssidref)
{
- return xsm_ops->domain_create(d, ssidref);
+ return xsm_ops->hook_domain_create(d, ssidref);
}
-static inline int xsm_getdomaininfo (struct domain *d)
+static inline int xsm_hook_getdomaininfo (struct domain *d)
{
- return xsm_ops->getdomaininfo(d);
+ return xsm_ops->hook_getdomaininfo(d);
}
-static inline int xsm_set_target (struct domain *d, struct domain *e)
+static inline int xsm_hook_set_target (struct domain *d, struct domain *e)
{
- return xsm_ops->set_target(d, e);
+ return xsm_ops->hook_set_target(d, e);
}
static inline int xsm_domctl (struct domain *d, int cmd)
@@ -180,77 +180,77 @@ static inline int xsm_sysctl (int cmd)
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_readconsole (uint32_t clear)
+static inline int xsm_hook_readconsole (uint32_t clear)
{
- return xsm_ops->readconsole(clear);
+ return xsm_ops->hook_readconsole(clear);
}
-static inline int xsm_do_mca(void)
+static inline int xsm_priv_do_mca(void)
{
- return xsm_ops->do_mca();
+ return xsm_ops->priv_do_mca();
}
-static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
+static inline int xsm_target_evtchn_unbound (struct domain *d1, struct evtchn
*chn,
domid_t
id2)
{
- return xsm_ops->evtchn_unbound(d1, chn, id2);
+ return xsm_ops->target_evtchn_unbound(d1, chn, id2);
}
-static inline int xsm_evtchn_interdomain (struct domain *d1,
+static inline int xsm_hook_evtchn_interdomain (struct domain *d1,
struct evtchn *chan1, struct domain *d2, struct evtchn *chan2)
{
- return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
+ return xsm_ops->hook_evtchn_interdomain(d1, chan1, d2, chan2);
}
-static inline void xsm_evtchn_close_post (struct evtchn *chn)
+static inline void xsm_hook_evtchn_close_post (struct evtchn *chn)
{
- xsm_ops->evtchn_close_post(chn);
+ xsm_ops->hook_evtchn_close_post(chn);
}
-static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn)
+static inline int xsm_hook_evtchn_send (struct domain *d, struct evtchn *chn)
{
- return xsm_ops->evtchn_send(d, chn);
+ return xsm_ops->hook_evtchn_send(d, chn);
}
-static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn)
+static inline int xsm_target_evtchn_status (struct domain *d, struct evtchn
*chn)
{
- return xsm_ops->evtchn_status(d, chn);
+ return xsm_ops->target_evtchn_status(d, chn);
}
-static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2)
+static inline int xsm_target_evtchn_reset (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->evtchn_reset(d1, d2);
+ return xsm_ops->target_evtchn_reset(d1, d2);
}
-static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2,
+static inline int xsm_hook_grant_mapref (struct domain *d1, struct domain *d2,
uint32_t flags)
{
- return xsm_ops->grant_mapref(d1, d2, flags);
+ return xsm_ops->hook_grant_mapref(d1, d2, flags);
}
-static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_unmapref (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->grant_unmapref(d1, d2);
+ return xsm_ops->hook_grant_unmapref(d1, d2);
}
-static inline int xsm_grant_setup (struct domain *d1, struct domain *d2)
+static inline int xsm_target_grant_setup (struct domain *d1, struct domain *d2)
{
- return xsm_ops->grant_setup(d1, d2);
+ return xsm_ops->target_grant_setup(d1, d2);
}
-static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_transfer (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->grant_transfer(d1, d2);
+ return xsm_ops->hook_grant_transfer(d1, d2);
}
-static inline int xsm_grant_copy (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_copy (struct domain *d1, struct domain *d2)
{
- return xsm_ops->grant_copy(d1, d2);
+ return xsm_ops->hook_grant_copy(d1, d2);
}
-static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2)
+static inline int xsm_target_grant_query_size (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->grant_query_size(d1, d2);
+ return xsm_ops->target_grant_query_size(d1, d2);
}
static inline int xsm_alloc_security_domain (struct domain *d)
@@ -278,62 +278,62 @@ static inline char *xsm_show_security_evtchn (struct
domain *d, const struct evt
return xsm_ops->show_security_evtchn(d, chn);
}
-static inline int xsm_get_pod_target (struct domain *d)
+static inline int xsm_priv_get_pod_target (struct domain *d)
{
- return xsm_ops->get_pod_target(d);
+ return xsm_ops->priv_get_pod_target(d);
}
-static inline int xsm_set_pod_target (struct domain *d)
+static inline int xsm_priv_set_pod_target (struct domain *d)
{
- return xsm_ops->set_pod_target(d);
+ return xsm_ops->priv_set_pod_target(d);
}
-static inline int xsm_memory_exchange (struct domain *d)
+static inline int xsm_target_memory_exchange (struct domain *d)
{
- return xsm_ops->memory_exchange(d);
+ return xsm_ops->target_memory_exchange(d);
}
-static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
+static inline int xsm_target_memory_adjust_reservation (struct domain *d1,
struct
domain *d2)
{
- return xsm_ops->memory_adjust_reservation(d1, d2);
+ return xsm_ops->target_memory_adjust_reservation(d1, d2);
}
-static inline int xsm_memory_stat_reservation (struct domain *d1,
+static inline int xsm_target_memory_stat_reservation (struct domain *d1,
struct domain *d2)
{
- return xsm_ops->memory_stat_reservation(d1, d2);
+ return xsm_ops->target_memory_stat_reservation(d1, d2);
}
-static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static inline int xsm_hook_memory_pin_page(struct domain *d1, struct domain
*d2,
struct page_info *page)
{
- return xsm_ops->memory_pin_page(d1, d2, page);
+ return xsm_ops->hook_memory_pin_page(d1, d2, page);
}
-static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_target_remove_from_physmap(struct domain *d1, struct
domain *d2)
{
- return xsm_ops->remove_from_physmap(d1, d2);
+ return xsm_ops->target_remove_from_physmap(d1, d2);
}
-static inline int xsm_console_io (struct domain *d, int cmd)
+static inline int xsm_priv_console_io (struct domain *d, int cmd)
{
- return xsm_ops->console_io(d, cmd);
+ return xsm_ops->priv_console_io(d, cmd);
}
-static inline int xsm_profile (struct domain *d, int op)
+static inline int xsm_hook_profile (struct domain *d, int op)
{
- return xsm_ops->profile(d, op);
+ return xsm_ops->hook_profile(d, op);
}
-static inline int xsm_kexec (void)
+static inline int xsm_priv_kexec (void)
{
- return xsm_ops->kexec();
+ return xsm_ops->priv_kexec();
}
-static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2)
+static inline int xsm_dm_schedop_shutdown (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->schedop_shutdown(d1, d2);
+ return xsm_ops->dm_schedop_shutdown(d1, d2);
}
static inline char *xsm_show_irq_sid (int irq)
@@ -341,104 +341,104 @@ static inline char *xsm_show_irq_sid (int irq)
return xsm_ops->show_irq_sid(irq);
}
-static inline int xsm_map_domain_pirq (struct domain *d, int irq, void *data)
+static inline int xsm_hook_map_domain_pirq (struct domain *d, int irq, void
*data)
{
- return xsm_ops->map_domain_pirq(d, irq, data);
+ return xsm_ops->hook_map_domain_pirq(d, irq, data);
}
-static inline int xsm_unmap_domain_pirq (struct domain *d, int irq)
+static inline int xsm_dm_unmap_domain_pirq (struct domain *d, int irq)
{
- return xsm_ops->unmap_domain_pirq(d, irq);
+ return xsm_ops->dm_unmap_domain_pirq(d, irq);
}
-static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t
allow)
+static inline int xsm_hook_irq_permission (struct domain *d, int pirq, uint8_t
allow)
{
- return xsm_ops->irq_permission(d, pirq, allow);
+ return xsm_ops->hook_irq_permission(d, pirq, allow);
}
-static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+static inline int xsm_hook_iomem_permission (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
- return xsm_ops->iomem_permission(d, s, e, allow);
+ return xsm_ops->hook_iomem_permission(d, s, e, allow);
}
-static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
+static inline int xsm_hook_iomem_mapping (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
- return xsm_ops->iomem_mapping(d, s, e, allow);
+ return xsm_ops->hook_iomem_mapping(d, s, e, allow);
}
-static inline int xsm_pci_config_permission (struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+static inline int xsm_hook_pci_config_permission (struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
{
- return xsm_ops->pci_config_permission(d, machine_bdf, start, end,
access);
+ return xsm_ops->hook_pci_config_permission(d, machine_bdf, start, end,
access);
}
-static inline int xsm_get_device_group(uint32_t machine_bdf)
+static inline int xsm_hook_get_device_group(uint32_t machine_bdf)
{
- return xsm_ops->get_device_group(machine_bdf);
+ return xsm_ops->hook_get_device_group(machine_bdf);
}
-static inline int xsm_test_assign_device(uint32_t machine_bdf)
+static inline int xsm_hook_test_assign_device(uint32_t machine_bdf)
{
- return xsm_ops->test_assign_device(machine_bdf);
+ return xsm_ops->hook_test_assign_device(machine_bdf);
}
-static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_hook_assign_device(struct domain *d, uint32_t
machine_bdf)
{
- return xsm_ops->assign_device(d, machine_bdf);
+ return xsm_ops->hook_assign_device(d, machine_bdf);
}
-static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_hook_deassign_device(struct domain *d, uint32_t
machine_bdf)
{
- return xsm_ops->deassign_device(d, machine_bdf);
+ return xsm_ops->hook_deassign_device(d, machine_bdf);
}
-static inline int xsm_resource_plug_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_plug_pci (uint32_t machine_bdf)
{
- return xsm_ops->resource_plug_pci(machine_bdf);
+ return xsm_ops->priv_resource_plug_pci(machine_bdf);
}
-static inline int xsm_resource_unplug_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_unplug_pci (uint32_t machine_bdf)
{
- return xsm_ops->resource_unplug_pci(machine_bdf);
+ return xsm_ops->priv_resource_unplug_pci(machine_bdf);
}
-static inline int xsm_resource_plug_core (void)
+static inline int xsm_hook_resource_plug_core (void)
{
- return xsm_ops->resource_plug_core();
+ return xsm_ops->hook_resource_plug_core();
}
-static inline int xsm_resource_unplug_core (void)
+static inline int xsm_hook_resource_unplug_core (void)
{
- return xsm_ops->resource_unplug_core();
+ return xsm_ops->hook_resource_unplug_core();
}
-static inline int xsm_resource_setup_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_setup_pci (uint32_t machine_bdf)
{
- return xsm_ops->resource_setup_pci(machine_bdf);
+ return xsm_ops->priv_resource_setup_pci(machine_bdf);
}
-static inline int xsm_resource_setup_gsi (int gsi)
+static inline int xsm_priv_resource_setup_gsi (int gsi)
{
- return xsm_ops->resource_setup_gsi(gsi);
+ return xsm_ops->priv_resource_setup_gsi(gsi);
}
-static inline int xsm_resource_setup_misc (void)
+static inline int xsm_priv_resource_setup_misc (void)
{
- return xsm_ops->resource_setup_misc();
+ return xsm_ops->priv_resource_setup_misc();
}
-static inline int xsm_page_offline(uint32_t cmd)
+static inline int xsm_hook_page_offline(uint32_t cmd)
{
- return xsm_ops->page_offline(cmd);
+ return xsm_ops->hook_page_offline(cmd);
}
-static inline int xsm_tmem_op(void)
+static inline int xsm_hook_tmem_op(void)
{
- return xsm_ops->tmem_op();
+ return xsm_ops->hook_tmem_op();
}
-static inline int xsm_tmem_control(void)
+static inline int xsm_priv_tmem_control(void)
{
- return xsm_ops->tmem_control();
+ return xsm_ops->priv_tmem_control();
}
static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
@@ -447,54 +447,54 @@ static inline long xsm_do_xsm_op
(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
}
#ifdef CONFIG_X86
-static inline int xsm_shadow_control (struct domain *d, uint32_t op)
+static inline int xsm_hook_shadow_control (struct domain *d, uint32_t op)
{
- return xsm_ops->shadow_control(d, op);
+ return xsm_ops->hook_shadow_control(d, op);
}
-static inline int xsm_hvm_param (struct domain *d, unsigned long op)
+static inline int xsm_target_hvm_param (struct domain *d, unsigned long op)
{
- return xsm_ops->hvm_param(d, op);
+ return xsm_ops->target_hvm_param(d, op);
}
-static inline int xsm_hvm_set_pci_intx_level (struct domain *d)
+static inline int xsm_dm_hvm_set_pci_intx_level (struct domain *d)
{
- return xsm_ops->hvm_set_pci_intx_level(d);
+ return xsm_ops->dm_hvm_set_pci_intx_level(d);
}
-static inline int xsm_hvm_set_isa_irq_level (struct domain *d)
+static inline int xsm_dm_hvm_set_isa_irq_level (struct domain *d)
{
- return xsm_ops->hvm_set_isa_irq_level(d);
+ return xsm_ops->dm_hvm_set_isa_irq_level(d);
}
-static inline int xsm_hvm_set_pci_link_route (struct domain *d)
+static inline int xsm_dm_hvm_set_pci_link_route (struct domain *d)
{
- return xsm_ops->hvm_set_pci_link_route(d);
+ return xsm_ops->dm_hvm_set_pci_link_route(d);
}
-static inline int xsm_hvm_inject_msi (struct domain *d)
+static inline int xsm_dm_hvm_inject_msi (struct domain *d)
{
- return xsm_ops->hvm_inject_msi(d);
+ return xsm_ops->dm_hvm_inject_msi(d);
}
-static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
+static inline int xsm_dm_mem_event_control (struct domain *d, int mode, int op)
{
- return xsm_ops->mem_event_control(d, mode, op);
+ return xsm_ops->dm_mem_event_control(d, mode, op);
}
-static inline int xsm_mem_event_op (struct domain *d, int op)
+static inline int xsm_dm_mem_event_op (struct domain *d, int op)
{
- return xsm_ops->mem_event_op(d, op);
+ return xsm_ops->dm_mem_event_op(d, op);
}
-static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int
op)
+static inline int xsm_dm_mem_sharing_op (struct domain *d, struct domain *cd,
int op)
{
- return xsm_ops->mem_sharing_op(d, cd, op);
+ return xsm_ops->dm_mem_sharing_op(d, cd, op);
}
-static inline int xsm_apic (struct domain *d, int cmd)
+static inline int xsm_priv_apic (struct domain *d, int cmd)
{
- return xsm_ops->apic(d, cmd);
+ return xsm_ops->priv_apic(d, cmd);
}
static inline int xsm_memtype (uint32_t access)
@@ -502,63 +502,63 @@ static inline int xsm_memtype (uint32_t access)
return xsm_ops->memtype(access);
}
-static inline int xsm_platform_op (uint32_t op)
+static inline int xsm_priv_platform_op (uint32_t op)
{
- return xsm_ops->platform_op(op);
+ return xsm_ops->priv_platform_op(op);
}
-static inline int xsm_machine_memory_map(void)
+static inline int xsm_priv_machine_memory_map(void)
{
- return xsm_ops->machine_memory_map();
+ return xsm_ops->priv_machine_memory_map();
}
-static inline int xsm_domain_memory_map(struct domain *d)
+static inline int xsm_target_domain_memory_map(struct domain *d)
{
- return xsm_ops->domain_memory_map(d);
+ return xsm_ops->target_domain_memory_map(d);
}
-static inline int xsm_mmu_update (struct domain *d, struct domain *t,
+static inline int xsm_target_mmu_update (struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
- return xsm_ops->mmu_update(d, t, f, flags);
+ return xsm_ops->target_mmu_update(d, t, f, flags);
}
-static inline int xsm_mmuext_op (struct domain *d, struct domain *f)
+static inline int xsm_target_mmuext_op (struct domain *d, struct domain *f)
{
- return xsm_ops->mmuext_op(d, f);
+ return xsm_ops->target_mmuext_op(d, f);
}
-static inline int xsm_update_va_mapping(struct domain *d, struct domain *f,
+static inline int xsm_target_update_va_mapping(struct domain *d, struct domain
*f,
l1_pgentry_t pte)
{
- return xsm_ops->update_va_mapping(d, f, pte);
+ return xsm_ops->target_update_va_mapping(d, f, pte);
}
-static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_target_add_to_physmap(struct domain *d1, struct domain
*d2)
{
- return xsm_ops->add_to_physmap(d1, d2);
+ return xsm_ops->target_add_to_physmap(d1, d2);
}
-static inline int xsm_bind_pt_irq(struct domain *d,
+static inline int xsm_hook_bind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_ops->bind_pt_irq(d, bind);
+ return xsm_ops->hook_bind_pt_irq(d, bind);
}
-static inline int xsm_unbind_pt_irq(struct domain *d,
+static inline int xsm_hook_unbind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_ops->unbind_pt_irq(d, bind);
+ return xsm_ops->hook_unbind_pt_irq(d, bind);
}
-static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+static inline int xsm_hook_ioport_permission (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
- return xsm_ops->ioport_permission(d, s, e, allow);
+ return xsm_ops->hook_ioport_permission(d, s, e, allow);
}
-static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
+static inline int xsm_hook_ioport_mapping (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
- return xsm_ops->ioport_mapping(d, s, e, allow);
+ return xsm_ops->hook_ioport_mapping(d, s, e, allow);
}
#endif /* CONFIG_X86 */
#endif /* XSM_NO_WRAPPERS */
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 22c66e5..c29c5af 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -29,98 +29,98 @@ struct xsm_operations dummy_xsm_ops;
void xsm_fixup_ops (struct xsm_operations *ops)
{
- set_to_dummy_if_null(ops, security_domaininfo);
- set_to_dummy_if_null(ops, domain_create);
- set_to_dummy_if_null(ops, getdomaininfo);
- set_to_dummy_if_null(ops, set_target);
+ set_to_dummy_if_null(ops, populate_security_domaininfo);
+ set_to_dummy_if_null(ops, hook_domain_create);
+ set_to_dummy_if_null(ops, hook_getdomaininfo);
+ set_to_dummy_if_null(ops, hook_set_target);
set_to_dummy_if_null(ops, domctl);
set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, readconsole);
- set_to_dummy_if_null(ops, do_mca);
-
- set_to_dummy_if_null(ops, evtchn_unbound);
- set_to_dummy_if_null(ops, evtchn_interdomain);
- set_to_dummy_if_null(ops, evtchn_close_post);
- set_to_dummy_if_null(ops, evtchn_send);
- set_to_dummy_if_null(ops, evtchn_status);
- set_to_dummy_if_null(ops, evtchn_reset);
-
- set_to_dummy_if_null(ops, grant_mapref);
- set_to_dummy_if_null(ops, grant_unmapref);
- set_to_dummy_if_null(ops, grant_setup);
- set_to_dummy_if_null(ops, grant_transfer);
- set_to_dummy_if_null(ops, grant_copy);
- set_to_dummy_if_null(ops, grant_query_size);
+ set_to_dummy_if_null(ops, hook_readconsole);
+ set_to_dummy_if_null(ops, priv_do_mca);
+
+ set_to_dummy_if_null(ops, target_evtchn_unbound);
+ set_to_dummy_if_null(ops, hook_evtchn_interdomain);
+ set_to_dummy_if_null(ops, hook_evtchn_close_post);
+ set_to_dummy_if_null(ops, hook_evtchn_send);
+ set_to_dummy_if_null(ops, target_evtchn_status);
+ set_to_dummy_if_null(ops, target_evtchn_reset);
+
+ set_to_dummy_if_null(ops, hook_grant_mapref);
+ set_to_dummy_if_null(ops, hook_grant_unmapref);
+ set_to_dummy_if_null(ops, target_grant_setup);
+ set_to_dummy_if_null(ops, hook_grant_transfer);
+ set_to_dummy_if_null(ops, hook_grant_copy);
+ set_to_dummy_if_null(ops, target_grant_query_size);
set_to_dummy_if_null(ops, alloc_security_domain);
set_to_dummy_if_null(ops, free_security_domain);
set_to_dummy_if_null(ops, alloc_security_evtchn);
set_to_dummy_if_null(ops, free_security_evtchn);
set_to_dummy_if_null(ops, show_security_evtchn);
- set_to_dummy_if_null(ops, get_pod_target);
- set_to_dummy_if_null(ops, set_pod_target);
+ set_to_dummy_if_null(ops, priv_get_pod_target);
+ set_to_dummy_if_null(ops, priv_set_pod_target);
- set_to_dummy_if_null(ops, memory_exchange);
- set_to_dummy_if_null(ops, memory_adjust_reservation);
- set_to_dummy_if_null(ops, memory_stat_reservation);
- set_to_dummy_if_null(ops, memory_pin_page);
+ set_to_dummy_if_null(ops, target_memory_exchange);
+ set_to_dummy_if_null(ops, target_memory_adjust_reservation);
+ set_to_dummy_if_null(ops, target_memory_stat_reservation);
+ set_to_dummy_if_null(ops, hook_memory_pin_page);
- set_to_dummy_if_null(ops, console_io);
+ set_to_dummy_if_null(ops, priv_console_io);
- set_to_dummy_if_null(ops, profile);
+ set_to_dummy_if_null(ops, hook_profile);
- set_to_dummy_if_null(ops, kexec);
- set_to_dummy_if_null(ops, schedop_shutdown);
+ set_to_dummy_if_null(ops, priv_kexec);
+ set_to_dummy_if_null(ops, dm_schedop_shutdown);
set_to_dummy_if_null(ops, show_irq_sid);
- set_to_dummy_if_null(ops, map_domain_pirq);
- set_to_dummy_if_null(ops, unmap_domain_pirq);
- set_to_dummy_if_null(ops, irq_permission);
- set_to_dummy_if_null(ops, iomem_permission);
- set_to_dummy_if_null(ops, iomem_mapping);
- set_to_dummy_if_null(ops, pci_config_permission);
-
- set_to_dummy_if_null(ops, get_device_group);
- set_to_dummy_if_null(ops, test_assign_device);
- set_to_dummy_if_null(ops, assign_device);
- set_to_dummy_if_null(ops, deassign_device);
-
- set_to_dummy_if_null(ops, resource_plug_core);
- set_to_dummy_if_null(ops, resource_unplug_core);
- set_to_dummy_if_null(ops, resource_plug_pci);
- set_to_dummy_if_null(ops, resource_unplug_pci);
- set_to_dummy_if_null(ops, resource_setup_pci);
- set_to_dummy_if_null(ops, resource_setup_gsi);
- set_to_dummy_if_null(ops, resource_setup_misc);
-
- set_to_dummy_if_null(ops, page_offline);
- set_to_dummy_if_null(ops, tmem_op);
- set_to_dummy_if_null(ops, tmem_control);
+ set_to_dummy_if_null(ops, hook_map_domain_pirq);
+ set_to_dummy_if_null(ops, dm_unmap_domain_pirq);
+ set_to_dummy_if_null(ops, hook_irq_permission);
+ set_to_dummy_if_null(ops, hook_iomem_permission);
+ set_to_dummy_if_null(ops, hook_iomem_mapping);
+ set_to_dummy_if_null(ops, hook_pci_config_permission);
+
+ set_to_dummy_if_null(ops, hook_get_device_group);
+ set_to_dummy_if_null(ops, hook_test_assign_device);
+ set_to_dummy_if_null(ops, hook_assign_device);
+ set_to_dummy_if_null(ops, hook_deassign_device);
+
+ set_to_dummy_if_null(ops, hook_resource_plug_core);
+ set_to_dummy_if_null(ops, hook_resource_unplug_core);
+ set_to_dummy_if_null(ops, priv_resource_plug_pci);
+ set_to_dummy_if_null(ops, priv_resource_unplug_pci);
+ set_to_dummy_if_null(ops, priv_resource_setup_pci);
+ set_to_dummy_if_null(ops, priv_resource_setup_gsi);
+ set_to_dummy_if_null(ops, priv_resource_setup_misc);
+
+ set_to_dummy_if_null(ops, hook_page_offline);
+ set_to_dummy_if_null(ops, hook_tmem_op);
+ set_to_dummy_if_null(ops, priv_tmem_control);
set_to_dummy_if_null(ops, do_xsm_op);
#ifdef CONFIG_X86
- set_to_dummy_if_null(ops, shadow_control);
- set_to_dummy_if_null(ops, hvm_param);
- set_to_dummy_if_null(ops, hvm_set_pci_intx_level);
- set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
- set_to_dummy_if_null(ops, hvm_set_pci_link_route);
- set_to_dummy_if_null(ops, hvm_inject_msi);
- set_to_dummy_if_null(ops, mem_event_control);
- set_to_dummy_if_null(ops, mem_event_op);
- set_to_dummy_if_null(ops, mem_sharing_op);
- set_to_dummy_if_null(ops, apic);
- set_to_dummy_if_null(ops, platform_op);
- set_to_dummy_if_null(ops, machine_memory_map);
- set_to_dummy_if_null(ops, domain_memory_map);
- set_to_dummy_if_null(ops, mmu_update);
- set_to_dummy_if_null(ops, mmuext_op);
- set_to_dummy_if_null(ops, update_va_mapping);
- set_to_dummy_if_null(ops, add_to_physmap);
- set_to_dummy_if_null(ops, remove_from_physmap);
- set_to_dummy_if_null(ops, bind_pt_irq);
- set_to_dummy_if_null(ops, unbind_pt_irq);
- set_to_dummy_if_null(ops, ioport_permission);
- set_to_dummy_if_null(ops, ioport_mapping);
+ set_to_dummy_if_null(ops, hook_shadow_control);
+ set_to_dummy_if_null(ops, target_hvm_param);
+ set_to_dummy_if_null(ops, dm_hvm_set_pci_intx_level);
+ set_to_dummy_if_null(ops, dm_hvm_set_isa_irq_level);
+ set_to_dummy_if_null(ops, dm_hvm_set_pci_link_route);
+ set_to_dummy_if_null(ops, dm_hvm_inject_msi);
+ set_to_dummy_if_null(ops, dm_mem_event_control);
+ set_to_dummy_if_null(ops, dm_mem_event_op);
+ set_to_dummy_if_null(ops, dm_mem_sharing_op);
+ set_to_dummy_if_null(ops, priv_apic);
+ set_to_dummy_if_null(ops, priv_platform_op);
+ set_to_dummy_if_null(ops, priv_machine_memory_map);
+ set_to_dummy_if_null(ops, target_domain_memory_map);
+ set_to_dummy_if_null(ops, target_mmu_update);
+ set_to_dummy_if_null(ops, target_mmuext_op);
+ set_to_dummy_if_null(ops, target_update_va_mapping);
+ set_to_dummy_if_null(ops, target_add_to_physmap);
+ set_to_dummy_if_null(ops, target_remove_from_physmap);
+ set_to_dummy_if_null(ops, hook_bind_pt_irq);
+ set_to_dummy_if_null(ops, hook_unbind_pt_irq);
+ set_to_dummy_if_null(ops, hook_ioport_permission);
+ set_to_dummy_if_null(ops, hook_ioport_mapping);
#endif
}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 03ea675..2c46276 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -171,7 +171,7 @@ static void flask_domain_free_security(struct domain *d)
xfree(dsec);
}
-static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn,
+static int flask_target_evtchn_unbound(struct domain *d1, struct evtchn *chn,
domid_t id2)
{
u32 sid1, sid2, newsid;
@@ -206,7 +206,7 @@ static int flask_evtchn_unbound(struct domain *d1, struct
evtchn *chn,
return rc;
}
-static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1,
+static int flask_hook_evtchn_interdomain(struct domain *d1, struct evtchn
*chn1,
struct domain *d2, struct evtchn *chn2)
{
u32 sid1, sid2, newsid, reverse_sid;
@@ -252,7 +252,7 @@ static int flask_evtchn_interdomain(struct domain *d1,
struct evtchn *chn1,
return rc;
}
-static void flask_evtchn_close_post(struct evtchn *chn)
+static void flask_hook_evtchn_close_post(struct evtchn *chn)
{
struct evtchn_security_struct *esec;
esec = chn->ssid;
@@ -260,7 +260,7 @@ static void flask_evtchn_close_post(struct evtchn *chn)
esec->sid = SECINITSID_UNLABELED;
}
-static int flask_evtchn_send(struct domain *d, struct evtchn *chn)
+static int flask_hook_evtchn_send(struct domain *d, struct evtchn *chn)
{
int rc;
@@ -280,12 +280,12 @@ static int flask_evtchn_send(struct domain *d, struct
evtchn *chn)
return rc;
}
-static int flask_evtchn_status(struct domain *d, struct evtchn *chn)
+static int flask_target_evtchn_status(struct domain *d, struct evtchn *chn)
{
return domain_has_evtchn(d, chn, EVENT__STATUS);
}
-static int flask_evtchn_reset(struct domain *d1, struct domain *d2)
+static int flask_target_evtchn_reset(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET);
}
@@ -350,7 +350,7 @@ static char *flask_show_security_evtchn(struct domain *d,
const struct evtchn *c
return ctx;
}
-static int flask_grant_mapref(struct domain *d1, struct domain *d2,
+static int flask_hook_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
u32 perms = GRANT__MAP_READ;
@@ -361,63 +361,63 @@ static int flask_grant_mapref(struct domain *d1, struct
domain *d2,
return domain_has_perm(d1, d2, SECCLASS_GRANT, perms);
}
-static int flask_grant_unmapref(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_unmapref(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__UNMAP);
}
-static int flask_grant_setup(struct domain *d1, struct domain *d2)
+static int flask_target_grant_setup(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__SETUP);
}
-static int flask_grant_transfer(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_transfer(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__TRANSFER);
}
-static int flask_grant_copy(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_copy(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__COPY);
}
-static int flask_grant_query_size(struct domain *d1, struct domain *d2)
+static int flask_target_grant_query_size(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__QUERY);
}
-static int flask_get_pod_target(struct domain *d)
+static int flask_priv_get_pod_target(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET);
}
-static int flask_set_pod_target(struct domain *d)
+static int flask_priv_set_pod_target(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
}
-static int flask_memory_exchange(struct domain *d)
+static int flask_target_memory_exchange(struct domain *d)
{
return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
}
-static int flask_memory_adjust_reservation(struct domain *d1, struct domain
*d2)
+static int flask_target_memory_adjust_reservation(struct domain *d1, struct
domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
}
-static int flask_memory_stat_reservation(struct domain *d1, struct domain *d2)
+static int flask_target_memory_stat_reservation(struct domain *d1, struct
domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__STAT);
}
-static int flask_memory_pin_page(struct domain *d1, struct domain *d2,
+static int flask_hook_memory_pin_page(struct domain *d1, struct domain *d2,
struct page_info *page)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE);
}
-static int flask_console_io(struct domain *d, int cmd)
+static int flask_priv_console_io(struct domain *d, int cmd)
{
u32 perm;
@@ -436,7 +436,7 @@ static int flask_console_io(struct domain *d, int cmd)
return domain_has_xen(d, perm);
}
-static int flask_profile(struct domain *d, int op)
+static int flask_hook_profile(struct domain *d, int op)
{
u32 perm;
@@ -468,23 +468,23 @@ static int flask_profile(struct domain *d, int op)
return domain_has_xen(d, perm);
}
-static int flask_kexec(void)
+static int flask_priv_kexec(void)
{
return domain_has_xen(current->domain, XEN__KEXEC);
}
-static int flask_schedop_shutdown(struct domain *d1, struct domain *d2)
+static int flask_dm_schedop_shutdown(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN);
}
-static void flask_security_domaininfo(struct domain *d,
+static void flask_populate_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
info->ssidref = domain_sid(d);
}
-static int flask_domain_create(struct domain *d, u32 ssidref)
+static int flask_hook_domain_create(struct domain *d, u32 ssidref)
{
int rc;
struct domain_security_struct *dsec = d->ssid;
@@ -512,12 +512,12 @@ static int flask_domain_create(struct domain *d, u32
ssidref)
return rc;
}
-static int flask_getdomaininfo(struct domain *d)
+static int flask_hook_getdomaininfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
-static int flask_set_target(struct domain *d, struct domain *t)
+static int flask_hook_set_target(struct domain *d, struct domain *t)
{
int rc;
struct domain_security_struct *dsec, *tsec;
@@ -753,7 +753,7 @@ static int flask_sysctl(int cmd)
}
}
-static int flask_readconsole(uint32_t clear)
+static int flask_hook_readconsole(uint32_t clear)
{
u32 perms = XEN__READCONSOLE;
@@ -763,7 +763,7 @@ static int flask_readconsole(uint32_t clear)
return domain_has_xen(current->domain, perms);
}
-static int flask_do_mca(void)
+static int flask_priv_do_mca(void)
{
return domain_has_xen(current->domain, XEN__MCA_OP);
}
@@ -790,7 +790,7 @@ static char *flask_show_irq_sid (int irq)
return ctx;
}
-static int flask_map_domain_pirq (struct domain *d, int irq, void *data)
+static int flask_hook_map_domain_pirq (struct domain *d, int irq, void *data)
{
u32 sid, dsid;
int rc = -EPERM;
@@ -823,7 +823,7 @@ static int flask_map_domain_pirq (struct domain *d, int irq,
void *data)
return rc;
}
-static int flask_unmap_domain_pirq (struct domain *d, int irq)
+static int flask_dm_unmap_domain_pirq (struct domain *d, int irq)
{
u32 sid;
int rc = -EPERM;
@@ -846,7 +846,7 @@ static int flask_unmap_domain_pirq (struct domain *d, int
irq)
return rc;
}
-static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
+static int flask_hook_irq_permission (struct domain *d, int pirq, uint8_t
access)
{
/* the PIRQ number is not useful; real IRQ is checked during mapping */
return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
@@ -876,7 +876,7 @@ static int _iomem_has_perm(void *v, u32 sid, unsigned long
start, unsigned long
return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
-static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t
end, uint8_t access)
+static int flask_hook_iomem_permission(struct domain *d, uint64_t start,
uint64_t end, uint8_t access)
{
struct iomem_has_perm_data data;
int rc;
@@ -897,12 +897,12 @@ static int flask_iomem_permission(struct domain *d,
uint64_t start, uint64_t end
return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
}
-static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end,
uint8_t access)
+static int flask_hook_iomem_mapping(struct domain *d, uint64_t start, uint64_t
end, uint8_t access)
{
- return flask_iomem_permission(d, start, end, access);
+ return flask_hook_iomem_permission(d, start, end, access);
}
-static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access)
+static int flask_hook_pci_config_permission(struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
{
u32 dsid, rsid;
int rc = -EPERM;
@@ -924,12 +924,12 @@ static int flask_pci_config_permission(struct domain *d,
uint32_t machine_bdf, u
}
-static int flask_resource_plug_core(void)
+static int flask_hook_resource_plug_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__PLUG, NULL);
}
-static int flask_resource_unplug_core(void)
+static int flask_hook_resource_unplug_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__UNPLUG, NULL);
}
@@ -939,7 +939,7 @@ static int flask_resource_use_core(void)
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__USE, NULL);
}
-static int flask_resource_plug_pci(uint32_t machine_bdf)
+static int flask_priv_resource_plug_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -954,7 +954,7 @@ static int flask_resource_plug_pci(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG,
&ad);
}
-static int flask_resource_unplug_pci(uint32_t machine_bdf)
+static int flask_priv_resource_unplug_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -969,7 +969,7 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG,
&ad);
}
-static int flask_resource_setup_pci(uint32_t machine_bdf)
+static int flask_priv_resource_setup_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -984,7 +984,7 @@ static int flask_resource_setup_pci(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
}
-static int flask_resource_setup_gsi(int gsi)
+static int flask_priv_resource_setup_gsi(int gsi)
{
u32 rsid;
int rc = -EPERM;
@@ -997,18 +997,18 @@ static int flask_resource_setup_gsi(int gsi)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
}
-static int flask_resource_setup_misc(void)
+static int flask_priv_resource_setup_misc(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE,
RESOURCE__SETUP, NULL);
}
-static inline int flask_page_offline(uint32_t cmd)
+static inline int flask_hook_page_offline(uint32_t cmd)
{
switch (cmd) {
case sysctl_page_offline:
- return flask_resource_unplug_core();
+ return flask_hook_resource_unplug_core();
case sysctl_page_online:
- return flask_resource_plug_core();
+ return flask_hook_resource_plug_core();
case sysctl_query_page_offline:
return flask_resource_use_core();
default:
@@ -1016,18 +1016,18 @@ static inline int flask_page_offline(uint32_t cmd)
}
}
-static inline int flask_tmem_op(void)
+static inline int flask_hook_tmem_op(void)
{
return domain_has_xen(current->domain, XEN__TMEM_OP);
}
-static inline int flask_tmem_control(void)
+static inline int flask_priv_tmem_control(void)
{
return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
}
#ifdef CONFIG_X86
-static int flask_shadow_control(struct domain *d, uint32_t op)
+static int flask_hook_shadow_control(struct domain *d, uint32_t op)
{
u32 perm;
@@ -1079,7 +1079,7 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned
long start, unsigned long
return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
-static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t
end, uint8_t access)
+static int flask_hook_ioport_permission(struct domain *d, uint32_t start,
uint32_t end, uint8_t access)
{
int rc;
struct ioport_has_perm_data data;
@@ -1101,12 +1101,12 @@ static int flask_ioport_permission(struct domain *d,
uint32_t start, uint32_t en
return security_iterate_ioport_sids(start, end, _ioport_has_perm,
&data);
}
-static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t end,
uint8_t access)
+static int flask_hook_ioport_mapping(struct domain *d, uint32_t start, uint32_t
end, uint8_t access)
{
- return flask_ioport_permission(d, start, end, access);
+ return flask_hook_ioport_permission(d, start, end, access);
}
-static int flask_hvm_param(struct domain *d, unsigned long op)
+static int flask_target_hvm_param(struct domain *d, unsigned long op)
{
u32 perm;
@@ -1128,37 +1128,37 @@ static int flask_hvm_param(struct domain *d, unsigned
long op)
return current_has_perm(d, SECCLASS_HVM, perm);
}
-static int flask_hvm_set_pci_intx_level(struct domain *d)
+static int flask_dm_hvm_set_pci_intx_level(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__PCILEVEL);
}
-static int flask_hvm_set_isa_irq_level(struct domain *d)
+static int flask_dm_hvm_set_isa_irq_level(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__IRQLEVEL);
}
-static int flask_hvm_set_pci_link_route(struct domain *d)
+static int flask_dm_hvm_set_pci_link_route(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__PCIROUTE);
}
-static int flask_hvm_inject_msi(struct domain *d)
+static int flask_dm_hvm_inject_msi(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
}
-static int flask_mem_event_control(struct domain *d, int mode, int op)
+static int flask_dm_mem_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
-static int flask_mem_event_op(struct domain *d, int op)
+static int flask_dm_mem_event_op(struct domain *d, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
-static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
+static int flask_dm_mem_sharing_op(struct domain *d, struct domain *cd, int op)
{
int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
if ( rc )
@@ -1166,7 +1166,7 @@ static int flask_mem_sharing_op(struct domain *d, struct
domain *cd, int op)
return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
}
-static int flask_apic(struct domain *d, int cmd)
+static int flask_priv_apic(struct domain *d, int cmd)
{
u32 perm;
@@ -1186,7 +1186,7 @@ static int flask_apic(struct domain *d, int cmd)
return domain_has_xen(d, perm);
}
-static int flask_platform_op(uint32_t op)
+static int flask_priv_platform_op(uint32_t op)
{
switch ( op )
{
@@ -1241,22 +1241,22 @@ static int flask_platform_op(uint32_t op)
return domain_has_xen(current->domain, XEN__GETCPUINFO);
default:
- printk("flask_platform_op: Unknown op %d\n", op);
+ printk("flask_priv_platform_op: Unknown op %d\n", op);
return -EPERM;
}
}
-static int flask_machine_memory_map(void)
+static int flask_priv_machine_memory_map(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP,
NULL);
}
-static int flask_domain_memory_map(struct domain *d)
+static int flask_target_domain_memory_map(struct domain *d)
{
return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP);
}
-static int flask_mmu_update(struct domain *d, struct domain *t,
+static int flask_target_mmu_update(struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
int rc = 0;
@@ -1279,12 +1279,12 @@ static int flask_mmu_update(struct domain *d, struct
domain *t,
return rc;
}
-static int flask_mmuext_op(struct domain *d, struct domain *f)
+static int flask_target_mmuext_op(struct domain *d, struct domain *f)
{
return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP);
}
-static int flask_update_va_mapping(struct domain *d, struct domain *f,
+static int flask_target_update_va_mapping(struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
u32 map_perms = MMU__MAP_READ;
@@ -1296,17 +1296,17 @@ static int flask_update_va_mapping(struct domain *d,
struct domain *f,
return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
}
-static int flask_add_to_physmap(struct domain *d1, struct domain *d2)
+static int flask_target_add_to_physmap(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_remove_from_physmap(struct domain *d1, struct domain *d2)
+static int flask_target_remove_from_physmap(struct domain *d1, struct domain
*d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_get_device_group(uint32_t machine_bdf)
+static int flask_hook_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -1330,7 +1330,7 @@ static int flask_test_assign_device(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE,
NULL);
}
-static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
+static int flask_hook_assign_device(struct domain *d, uint32_t machine_bdf)
{
u32 dsid, rsid;
int rc = -EPERM;
@@ -1354,7 +1354,7 @@ static int flask_assign_device(struct domain *d, uint32_t
machine_bdf)
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
}
-static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
+static int flask_hook_deassign_device(struct domain *d, uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -1370,7 +1370,7 @@ static int flask_deassign_device(struct domain *d,
uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_DEVICE, NULL);
}
-static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
+static int flask_hook_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
u32 dsid, rsid;
int rc = -EPERM;
@@ -1395,7 +1395,7 @@ static int flask_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *b
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
}
-static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
+static int flask_hook_unbind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
@@ -1404,28 +1404,28 @@ static int flask_unbind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq
long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
static struct xsm_operations flask_ops = {
- .security_domaininfo = flask_security_domaininfo,
- .domain_create = flask_domain_create,
- .getdomaininfo = flask_getdomaininfo,
- .set_target = flask_set_target,
+ .populate_security_domaininfo = flask_populate_security_domaininfo,
+ .hook_domain_create = flask_hook_domain_create,
+ .hook_getdomaininfo = flask_hook_getdomaininfo,
+ .hook_set_target = flask_hook_set_target,
.domctl = flask_domctl,
.sysctl = flask_sysctl,
- .readconsole = flask_readconsole,
- .do_mca = flask_do_mca,
-
- .evtchn_unbound = flask_evtchn_unbound,
- .evtchn_interdomain = flask_evtchn_interdomain,
- .evtchn_close_post = flask_evtchn_close_post,
- .evtchn_send = flask_evtchn_send,
- .evtchn_status = flask_evtchn_status,
- .evtchn_reset = flask_evtchn_reset,
-
- .grant_mapref = flask_grant_mapref,
- .grant_unmapref = flask_grant_unmapref,
- .grant_setup = flask_grant_setup,
- .grant_transfer = flask_grant_transfer,
- .grant_copy = flask_grant_copy,
- .grant_query_size = flask_grant_query_size,
+ .hook_readconsole = flask_hook_readconsole,
+ .priv_do_mca = flask_priv_do_mca,
+
+ .target_evtchn_unbound = flask_target_evtchn_unbound,
+ .hook_evtchn_interdomain = flask_hook_evtchn_interdomain,
+ .hook_evtchn_close_post = flask_hook_evtchn_close_post,
+ .hook_evtchn_send = flask_hook_evtchn_send,
+ .target_evtchn_status = flask_target_evtchn_status,
+ .target_evtchn_reset = flask_target_evtchn_reset,
+
+ .hook_grant_mapref = flask_hook_grant_mapref,
+ .hook_grant_unmapref = flask_hook_grant_unmapref,
+ .target_grant_setup = flask_target_grant_setup,
+ .hook_grant_transfer = flask_hook_grant_transfer,
+ .hook_grant_copy = flask_hook_grant_copy,
+ .target_grant_query_size = flask_target_grant_query_size,
.alloc_security_domain = flask_domain_alloc_security,
.free_security_domain = flask_domain_free_security,
@@ -1433,70 +1433,70 @@ static struct xsm_operations flask_ops = {
.free_security_evtchn = flask_free_security_evtchn,
.show_security_evtchn = flask_show_security_evtchn,
- .get_pod_target = flask_get_pod_target,
- .set_pod_target = flask_set_pod_target,
- .memory_exchange = flask_memory_exchange,
- .memory_adjust_reservation = flask_memory_adjust_reservation,
- .memory_stat_reservation = flask_memory_stat_reservation,
- .memory_pin_page = flask_memory_pin_page,
+ .priv_get_pod_target = flask_priv_get_pod_target,
+ .priv_set_pod_target = flask_priv_set_pod_target,
+ .target_memory_exchange = flask_target_memory_exchange,
+ .target_memory_adjust_reservation = flask_target_memory_adjust_reservation,
+ .target_memory_stat_reservation = flask_target_memory_stat_reservation,
+ .hook_memory_pin_page = flask_hook_memory_pin_page,
- .console_io = flask_console_io,
+ .priv_console_io = flask_priv_console_io,
- .profile = flask_profile,
+ .hook_profile = flask_hook_profile,
- .kexec = flask_kexec,
- .schedop_shutdown = flask_schedop_shutdown,
+ .priv_kexec = flask_priv_kexec,
+ .dm_schedop_shutdown = flask_dm_schedop_shutdown,
.show_irq_sid = flask_show_irq_sid,
- .map_domain_pirq = flask_map_domain_pirq,
- .unmap_domain_pirq = flask_unmap_domain_pirq,
- .irq_permission = flask_irq_permission,
- .iomem_permission = flask_iomem_permission,
- .iomem_mapping = flask_iomem_mapping,
- .pci_config_permission = flask_pci_config_permission,
-
- .resource_plug_core = flask_resource_plug_core,
- .resource_unplug_core = flask_resource_unplug_core,
- .resource_plug_pci = flask_resource_plug_pci,
- .resource_unplug_pci = flask_resource_unplug_pci,
- .resource_setup_pci = flask_resource_setup_pci,
- .resource_setup_gsi = flask_resource_setup_gsi,
- .resource_setup_misc = flask_resource_setup_misc,
-
- .page_offline = flask_page_offline,
- .tmem_op = flask_tmem_op,
- .tmem_control = flask_tmem_control,
+ .hook_map_domain_pirq = flask_hook_map_domain_pirq,
+ .dm_unmap_domain_pirq = flask_dm_unmap_domain_pirq,
+ .hook_irq_permission = flask_hook_irq_permission,
+ .hook_iomem_permission = flask_hook_iomem_permission,
+ .hook_iomem_mapping = flask_hook_iomem_mapping,
+ .hook_pci_config_permission = flask_hook_pci_config_permission,
+
+ .hook_resource_plug_core = flask_hook_resource_plug_core,
+ .hook_resource_unplug_core = flask_hook_resource_unplug_core,
+ .priv_resource_plug_pci = flask_priv_resource_plug_pci,
+ .priv_resource_unplug_pci = flask_priv_resource_unplug_pci,
+ .priv_resource_setup_pci = flask_priv_resource_setup_pci,
+ .priv_resource_setup_gsi = flask_priv_resource_setup_gsi,
+ .priv_resource_setup_misc = flask_priv_resource_setup_misc,
+
+ .hook_page_offline = flask_hook_page_offline,
+ .hook_tmem_op = flask_hook_tmem_op,
+ .priv_tmem_control = flask_priv_tmem_control,
.do_xsm_op = do_flask_op,
#ifdef CONFIG_X86
- .shadow_control = flask_shadow_control,
- .hvm_param = flask_hvm_param,
- .hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
- .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
- .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
- .hvm_inject_msi = flask_hvm_inject_msi,
- .mem_event_control = flask_mem_event_control,
- .mem_event_op = flask_mem_event_op,
- .mem_sharing_op = flask_mem_sharing_op,
- .apic = flask_apic,
- .platform_op = flask_platform_op,
- .machine_memory_map = flask_machine_memory_map,
- .domain_memory_map = flask_domain_memory_map,
- .mmu_update = flask_mmu_update,
- .mmuext_op = flask_mmuext_op,
- .update_va_mapping = flask_update_va_mapping,
- .add_to_physmap = flask_add_to_physmap,
- .remove_from_physmap = flask_remove_from_physmap,
- .get_device_group = flask_get_device_group,
- .test_assign_device = flask_test_assign_device,
- .assign_device = flask_assign_device,
- .deassign_device = flask_deassign_device,
- .bind_pt_irq = flask_bind_pt_irq,
- .unbind_pt_irq = flask_unbind_pt_irq,
- .ioport_permission = flask_ioport_permission,
- .ioport_mapping = flask_ioport_mapping,
+ .hook_shadow_control = flask_hook_shadow_control,
+ .target_hvm_param = flask_target_hvm_param,
+ .dm_hvm_set_pci_intx_level = flask_dm_hvm_set_pci_intx_level,
+ .dm_hvm_set_isa_irq_level = flask_dm_hvm_set_isa_irq_level,
+ .dm_hvm_set_pci_link_route = flask_dm_hvm_set_pci_link_route,
+ .dm_hvm_inject_msi = flask_dm_hvm_inject_msi,
+ .dm_mem_event_control = flask_dm_mem_event_control,
+ .dm_mem_event_op = flask_dm_mem_event_op,
+ .dm_mem_sharing_op = flask_dm_mem_sharing_op,
+ .priv_apic = flask_priv_apic,
+ .priv_platform_op = flask_priv_platform_op,
+ .priv_machine_memory_map = flask_priv_machine_memory_map,
+ .target_domain_memory_map = flask_target_domain_memory_map,
+ .target_mmu_update = flask_target_mmu_update,
+ .target_mmuext_op = flask_target_mmuext_op,
+ .target_update_va_mapping = flask_target_update_va_mapping,
+ .target_add_to_physmap = flask_target_add_to_physmap,
+ .target_remove_from_physmap = flask_target_remove_from_physmap,
+ .hook_get_device_group = flask_hook_get_device_group,
+ .hook_test_assign_device = flask_test_assign_device,
+ .hook_assign_device = flask_hook_assign_device,
+ .hook_deassign_device = flask_hook_deassign_device,
+ .hook_bind_pt_irq = flask_hook_bind_pt_irq,
+ .hook_unbind_pt_irq = flask_hook_unbind_pt_irq,
+ .hook_ioport_permission = flask_hook_ioport_permission,
+ .hook_ioport_mapping = flask_hook_ioport_mapping,
#endif
};
--
1.7.11.7
>>> On 19.11.12 at 22:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > These patches clean up some of the XSM code that caused difficulty with > ctags, and changes hook names to show the default action of the hook. > They apply on top of my XSM patch series v5, and if they help increase > readability, will be integrated into the next version of that series.Only this and patch 4 appear to have made it to the list. Jan
These patches clean up some of the XSM code that caused difficulty with ctags, and changes hook names to show the default action of the hook. They apply on top of my XSM patch series v5, and if they help increase readability, will be integrated into the next version of that series. Resending due to the mail issues - apparently only one message got through to the list last time.
This fixes ctags so that it can find the default XSM hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/include/xsm/dummy.h | 256 ++++++++++++++++++++++++------------------------
xen/include/xsm/xsm.h | 5 +-
xen/xsm/dummy.c | 5 +-
3 files changed, 135 insertions(+), 131 deletions(-)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 040b463..fa78785 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -11,83 +11,83 @@
#include <xen/sched.h>
#include <xsm/xsm.h>
-static XSM_DEFAULT(void, security_domaininfo)(struct domain *d,
+static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
return;
}
-static XSM_DEFAULT(int, setvcpucontext)(struct domain *d)
+static XSM_INLINE int xsm_setvcpucontext(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, pausedomain) (struct domain *d)
+static XSM_INLINE int xsm_pausedomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, unpausedomain) (struct domain *d)
+static XSM_INLINE int xsm_unpausedomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, resumedomain) (struct domain *d)
+static XSM_INLINE int xsm_resumedomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, domain_create)(struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
{
return 0;
}
-static XSM_DEFAULT(int, max_vcpus)(struct domain *d)
+static XSM_INLINE int xsm_max_vcpus(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, destroydomain) (struct domain *d)
+static XSM_INLINE int xsm_destroydomain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, vcpuaffinity) (int cmd, struct domain *d)
+static XSM_INLINE int xsm_vcpuaffinity(int cmd, struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, scheduler) (struct domain *d)
+static XSM_INLINE int xsm_scheduler(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getdomaininfo) (struct domain *d)
+static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getvcpucontext) (struct domain *d)
+static XSM_INLINE int xsm_getvcpucontext(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getvcpuinfo) (struct domain *d)
+static XSM_INLINE int xsm_getvcpuinfo(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, domain_settime) (struct domain *d)
+static XSM_INLINE int xsm_domain_settime(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, set_target) (struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
{
return 0;
}
-static XSM_DEFAULT(int, domctl)(struct domain *d, int cmd)
+static XSM_INLINE int xsm_domctl(struct domain *d, int cmd)
{
switch ( cmd )
{
@@ -106,143 +106,143 @@ static XSM_DEFAULT(int, domctl)(struct domain *d, int
cmd)
return 0;
}
-static XSM_DEFAULT(int, sysctl)(int cmd)
+static XSM_INLINE int xsm_sysctl(int cmd)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, set_virq_handler)(struct domain *d, uint32_t virq)
+static XSM_INLINE int xsm_set_virq_handler(struct domain *d, uint32_t virq)
{
return 0;
}
-static XSM_DEFAULT(int, tbufcontrol) (void)
+static XSM_INLINE int xsm_tbufcontrol(void)
{
return 0;
}
-static XSM_DEFAULT(int, readconsole) (uint32_t clear)
+static XSM_INLINE int xsm_readconsole(uint32_t clear)
{
return 0;
}
-static XSM_DEFAULT(int, sched_id) (void)
+static XSM_INLINE int xsm_sched_id(void)
{
return 0;
}
-static XSM_DEFAULT(int, setdomainmaxmem) (struct domain *d)
+static XSM_INLINE int xsm_setdomainmaxmem(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, setdomainhandle) (struct domain *d)
+static XSM_INLINE int xsm_setdomainhandle(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, setdebugging) (struct domain *d)
+static XSM_INLINE int xsm_setdebugging(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, perfcontrol) (void)
+static XSM_INLINE int xsm_perfcontrol(void)
{
return 0;
}
-static XSM_DEFAULT(int, debug_keys) (void)
+static XSM_INLINE int xsm_debug_keys(void)
{
return 0;
}
-static XSM_DEFAULT(int, getcpuinfo) (void)
+static XSM_INLINE int xsm_getcpuinfo(void)
{
return 0;
}
-static XSM_DEFAULT(int, get_pmstat) (void)
+static XSM_INLINE int xsm_get_pmstat(void)
{
return 0;
}
-static XSM_DEFAULT(int, setpminfo) (void)
+static XSM_INLINE int xsm_setpminfo(void)
{
return 0;
}
-static XSM_DEFAULT(int, pm_op) (void)
+static XSM_INLINE int xsm_pm_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, do_mca) (void)
+static XSM_INLINE int xsm_do_mca(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, availheap) (void)
+static XSM_INLINE int xsm_availheap(void)
{
return 0;
}
-static XSM_DEFAULT(int, alloc_security_domain) (struct domain *d)
+static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(void, free_security_domain) (struct domain *d)
+static XSM_INLINE void xsm_free_security_domain(struct domain *d)
{
return;
}
-static XSM_DEFAULT(int, grant_mapref) (struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
return 0;
}
-static XSM_DEFAULT(int, grant_unmapref) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_DEFAULT(int, grant_setup) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, grant_transfer) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_DEFAULT(int, grant_copy) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_DEFAULT(int, grant_query_size) (struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, memory_exchange) (struct domain *d)
+static XSM_INLINE int xsm_memory_exchange(struct domain *d)
{
if ( d != current->domain && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, memory_adjust_reservation) (struct domain *d1,
+static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
@@ -250,14 +250,14 @@ static XSM_DEFAULT(int, memory_adjust_reservation) (struct
domain *d1,
return 0;
}
-static XSM_DEFAULT(int, memory_stat_reservation) (struct domain *d1, struct
domain *d2)
+static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, console_io) (struct domain *d, int cmd)
+static XSM_INLINE int xsm_console_io(struct domain *d, int cmd)
{
#ifndef VERBOSE
if ( !IS_PRIV(current->domain) )
@@ -266,32 +266,32 @@ static XSM_DEFAULT(int, console_io) (struct domain *d, int
cmd)
return 0;
}
-static XSM_DEFAULT(int, profile) (struct domain *d, int op)
+static XSM_INLINE int xsm_profile(struct domain *d, int op)
{
return 0;
}
-static XSM_DEFAULT(int, kexec) (void)
+static XSM_INLINE int xsm_kexec(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, schedop_shutdown) (struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain
*d2)
{
if ( !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, memory_pin_page) (struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
struct page_info *page)
{
return 0;
}
-static XSM_DEFAULT(int, evtchn_unbound) (struct domain *d, struct evtchn *chn,
+static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
domid_t id2)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
@@ -299,200 +299,200 @@ static XSM_DEFAULT(int, evtchn_unbound) (struct domain
*d, struct evtchn *chn,
return 0;
}
-static XSM_DEFAULT(int, evtchn_interdomain) (struct domain *d1, struct evtchn
+static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn
*chan1, struct domain *d2, struct evtchn
*chan2)
{
return 0;
}
-static XSM_DEFAULT(void, evtchn_close_post) (struct evtchn *chn)
+static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
{
return;
}
-static XSM_DEFAULT(int, evtchn_send) (struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
{
return 0;
}
-static XSM_DEFAULT(int, evtchn_status) (struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, evtchn_reset) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, alloc_security_evtchn) (struct evtchn *chn)
+static XSM_INLINE int xsm_alloc_security_evtchn(struct evtchn *chn)
{
return 0;
}
-static XSM_DEFAULT(void, free_security_evtchn) (struct evtchn *chn)
+static XSM_INLINE void xsm_free_security_evtchn(struct evtchn *chn)
{
return;
}
-static XSM_DEFAULT(char *, show_security_evtchn) (struct domain *d, const
struct evtchn *chn)
+static XSM_INLINE char * xsm_show_security_evtchn(struct domain *d, const
struct evtchn *chn)
{
return NULL;
}
-static XSM_DEFAULT(int, get_pod_target)(struct domain *d)
+static XSM_INLINE int xsm_get_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, set_pod_target)(struct domain *d)
+static XSM_INLINE int xsm_set_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, get_device_group) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, test_assign_device) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, assign_device) (struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, deassign_device) (struct domain *d, uint32_t
machine_bdf)
+static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t
machine_bdf)
{
return 0;
}
-static XSM_DEFAULT(int, resource_plug_core) (void)
+static XSM_INLINE int xsm_resource_plug_core(void)
{
return 0;
}
-static XSM_DEFAULT(int, resource_unplug_core) (void)
+static XSM_INLINE int xsm_resource_unplug_core(void)
{
return 0;
}
-static XSM_DEFAULT(int, resource_plug_pci) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_unplug_pci) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_setup_pci) (uint32_t machine_bdf)
+static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_setup_gsi) (int gsi)
+static XSM_INLINE int xsm_resource_setup_gsi(int gsi)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, resource_setup_misc) (void)
+static XSM_INLINE int xsm_resource_setup_misc(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, page_offline) (uint32_t cmd)
+static XSM_INLINE int xsm_page_offline(uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, lockprof) (void)
+static XSM_INLINE int xsm_lockprof(void)
{
return 0;
}
-static XSM_DEFAULT(int, cpupool_op) (void)
+static XSM_INLINE int xsm_cpupool_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, sched_op) (void)
+static XSM_INLINE int xsm_sched_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, tmem_op) (void)
+static XSM_INLINE int xsm_tmem_op(void)
{
return 0;
}
-static XSM_DEFAULT(int, tmem_control) (void)
+static XSM_INLINE int xsm_tmem_control(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(long, do_xsm_op)(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
+static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
{
return -ENOSYS;
}
-static XSM_DEFAULT(char *, show_irq_sid) (int irq)
+static XSM_INLINE char * xsm_show_irq_sid(int irq)
{
return NULL;
}
-static XSM_DEFAULT(int, map_domain_pirq) (struct domain *d, int irq, void
*data)
+static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void
*data)
{
return 0;
}
-static XSM_DEFAULT(int, unmap_domain_pirq) (struct domain *d, int irq)
+static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, irq_permission) (struct domain *d, int pirq, uint8_t
allow)
+static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t
allow)
{
return 0;
}
-static XSM_DEFAULT(int, iomem_permission) (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
return 0;
}
-static XSM_DEFAULT(int, iomem_mapping) (struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
{
return 0;
}
-static XSM_DEFAULT(int, pci_config_permission) (struct domain *d, uint32_t
machine_bdf,
+static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t
machine_bdf,
uint16_t start, uint16_t end,
uint8_t access)
{
@@ -500,188 +500,188 @@ static XSM_DEFAULT(int, pci_config_permission) (struct
domain *d, uint32_t machi
}
#ifdef CONFIG_X86
-static XSM_DEFAULT(int, shadow_control) (struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op)
{
return 0;
}
-static XSM_DEFAULT(int, getpageframeinfo) (struct domain *d)
+static XSM_INLINE int xsm_getpageframeinfo(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, getmemlist) (struct domain *d)
+static XSM_INLINE int xsm_getmemlist(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, hypercall_init) (struct domain *d)
+static XSM_INLINE int xsm_hypercall_init(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, hvmcontext) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_hvmcontext(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, address_size) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_address_size(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, machine_address_size) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_machine_address_size(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, hvm_param) (struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_set_pci_intx_level) (struct domain *d)
+static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_set_isa_irq_level) (struct domain *d)
+static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_set_pci_link_route) (struct domain *d)
+static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, hvm_inject_msi) (struct domain *d)
+static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mem_event_setup) (struct domain *d)
+static XSM_INLINE int xsm_mem_event_setup(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, mem_event_control) (struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mem_event_op) (struct domain *d, int op)
+static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mem_sharing) (struct domain *d)
+static XSM_INLINE int xsm_mem_sharing(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, mem_sharing_op) (struct domain *d, struct domain *cd,
int op)
+static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
int op)
{
if ( !IS_PRIV_FOR(current->domain, cd) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, apic) (struct domain *d, int cmd)
+static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
{
if ( !IS_PRIV(d) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, xen_settime) (void)
+static XSM_INLINE int xsm_xen_settime(void)
{
return 0;
}
-static XSM_DEFAULT(int, memtype) (uint32_t access)
+static XSM_INLINE int xsm_memtype(uint32_t access)
{
return 0;
}
-static XSM_DEFAULT(int, microcode) (void)
+static XSM_INLINE int xsm_microcode(void)
{
return 0;
}
-static XSM_DEFAULT(int, physinfo) (void)
+static XSM_INLINE int xsm_physinfo(void)
{
return 0;
}
-static XSM_DEFAULT(int, platform_quirk) (uint32_t quirk)
+static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
{
return 0;
}
-static XSM_DEFAULT(int, platform_op) (uint32_t op)
+static XSM_INLINE int xsm_platform_op(uint32_t op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, firmware_info) (void)
+static XSM_INLINE int xsm_firmware_info(void)
{
return 0;
}
-static XSM_DEFAULT(int, efi_call) (void)
+static XSM_INLINE int xsm_efi_call(void)
{
return 0;
}
-static XSM_DEFAULT(int, acpi_sleep) (void)
+static XSM_INLINE int xsm_acpi_sleep(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, change_freq) (void)
+static XSM_INLINE int xsm_change_freq(void)
{
return 0;
}
-static XSM_DEFAULT(int, getidletime) (void)
+static XSM_INLINE int xsm_getidletime(void)
{
return 0;
}
-static XSM_DEFAULT(int, machine_memory_map) (void)
+static XSM_INLINE int xsm_machine_memory_map(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, domain_memory_map) (struct domain *d)
+static XSM_INLINE int xsm_domain_memory_map(struct domain *d)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, mmu_update) (struct domain *d, struct domain *t,
+static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
if ( t && d != t && !IS_PRIV_FOR(d, t) )
@@ -691,14 +691,14 @@ static XSM_DEFAULT(int, mmu_update) (struct domain *d,
struct domain *t,
return 0;
}
-static XSM_DEFAULT(int, mmuext_op) (struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, update_va_mapping) (struct domain *d, struct domain *f,
+static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
@@ -706,56 +706,56 @@ static XSM_DEFAULT(int, update_va_mapping) (struct domain
*d, struct domain *f,
return 0;
}
-static XSM_DEFAULT(int, add_to_physmap) (struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, remove_from_physmap) (struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_DEFAULT(int, sendtrigger) (struct domain *d)
+static XSM_INLINE int xsm_sendtrigger(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, bind_pt_irq) (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_DEFAULT(int, unbind_pt_irq) (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_DEFAULT(int, pin_mem_cacheattr) (struct domain *d)
+static XSM_INLINE int xsm_pin_mem_cacheattr(struct domain *d)
{
return 0;
}
-static XSM_DEFAULT(int, ext_vcpucontext) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, vcpuextstate) (struct domain *d, uint32_t cmd)
+static XSM_INLINE int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
{
return 0;
}
-static XSM_DEFAULT(int, ioport_permission) (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
}
-static XSM_DEFAULT(int, ioport_mapping) (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
{
return 0;
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 748f5ff..b2f33d6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -195,6 +195,8 @@ struct xsm_operations {
extern struct xsm_operations *xsm_ops;
+#ifndef XSM_NO_WRAPPERS
+
static inline void xsm_security_domaininfo (struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
@@ -846,6 +848,7 @@ static inline int xsm_ioport_mapping (struct domain *d,
uint32_t s, uint32_t e,
return xsm_ops->ioport_mapping(d, s, e, allow);
}
#endif /* CONFIG_X86 */
+#endif /* XSM_NO_WRAPPERS */
extern int xsm_init(unsigned long *module_map, const multiboot_info_t *mbi,
void *(*bootstrap_map)(const module_t *));
@@ -860,7 +863,7 @@ extern void xsm_fixup_ops(struct xsm_operations *ops);
#else /* XSM_ENABLE */
-#define XSM_DEFAULT(type, name) inline type xsm_ ## name
+#define XSM_INLINE inline
#include <xsm/dummy.h>
static inline int xsm_init (unsigned long *module_map,
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 6e113fb..3e6e5df 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -10,7 +10,8 @@
* as published by the Free Software Foundation.
*/
-#define XSM_DEFAULT(type, name) type dummy_ ## name
+#define XSM_NO_WRAPPERS
+#define XSM_INLINE /* */
#include <xsm/dummy.h>
struct xsm_operations dummy_xsm_ops;
@@ -19,7 +20,7 @@ struct xsm_operations dummy_xsm_ops;
do { \
if ( !ops->function ) \
{ \
- ops->function = dummy_##function; \
+ ops->function = xsm_##function; \
if (ops != &dummy_xsm_ops) \
dprintk(XENLOG_DEBUG, "Had to override the "
#function \
" security operation with the dummy one.\n");
\
--
1.7.11.7
A number of the domctl XSM hooks do nothing except pass the domain and
operation ID, making them redundant with the xsm_domctl hook. Remove
these redundant hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/domctl.c | 76 +---------
xen/common/domctl.c | 59 +-------
xen/include/xsm/dummy.h | 135 -----------------
xen/include/xsm/xsm.h | 161 ---------------------
xen/xsm/dummy.c | 27 ----
xen/xsm/flask/hooks.c | 378 ++++++++++++------------------------------------
6 files changed, 98 insertions(+), 738 deletions(-)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 5e224fc..2630bdb 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -96,10 +96,6 @@ long arch_do_domctl(
page = mfn_to_page(mfn);
- ret = xsm_getpageframeinfo(d);
- if ( ret )
- break;
-
if ( likely(get_page(page, d)) )
{
ret = 0;
@@ -140,10 +136,6 @@ long arch_do_domctl(
struct page_info *page;
xen_pfn_t *arr;
- ret = xsm_getpageframeinfo(d);
- if ( ret )
- break;
-
if ( unlikely(num > 1024) ||
unlikely(num != domctl->u.getpageframeinfo3.num) )
{
@@ -229,10 +221,6 @@ long arch_do_domctl(
int num = domctl->u.getpageframeinfo2.num;
uint32_t *arr32;
- ret = xsm_getpageframeinfo(d);
- if ( ret )
- break;
-
if ( unlikely(num > 1024) )
{
ret = -E2BIG;
@@ -324,10 +312,6 @@ long arch_do_domctl(
uint64_t mfn;
struct page_info *page;
- ret = xsm_getmemlist(d);
- if ( ret )
- break;
-
if ( unlikely(d->is_dying) ) {
ret = -EINVAL;
break;
@@ -363,10 +347,6 @@ long arch_do_domctl(
struct page_info *page;
void *hypercall_page;
- ret = xsm_hypercall_init(d);
- if ( ret )
- break;
-
page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC);
ret = -EACCES;
@@ -391,10 +371,6 @@ long arch_do_domctl(
{
struct hvm_domain_context c = { .size = domctl->u.hvmcontext.size };
- ret = xsm_hvmcontext(d, domctl->cmd);
- if ( ret )
- goto sethvmcontext_out;
-
ret = -EINVAL;
if ( !is_hvm_domain(d) )
goto sethvmcontext_out;
@@ -421,10 +397,6 @@ long arch_do_domctl(
{
struct hvm_domain_context c = { 0 };
- ret = xsm_hvmcontext(d, domctl->cmd);
- if ( ret )
- goto gethvmcontext_out;
-
ret = -EINVAL;
if ( !is_hvm_domain(d) )
goto gethvmcontext_out;
@@ -468,10 +440,6 @@ long arch_do_domctl(
case XEN_DOMCTL_gethvmcontext_partial:
{
- ret = xsm_hvmcontext(d, domctl->cmd);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( !is_hvm_domain(d) )
break;
@@ -487,10 +455,6 @@ long arch_do_domctl(
case XEN_DOMCTL_set_address_size:
{
- ret = xsm_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
switch ( domctl->u.address_size.size )
{
case 32:
@@ -508,10 +472,6 @@ long arch_do_domctl(
case XEN_DOMCTL_get_address_size:
{
- ret = xsm_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
domctl->u.address_size.size is_pv_32on64_domain(d) ? 32
: BITS_PER_LONG;
@@ -524,10 +484,6 @@ long arch_do_domctl(
case XEN_DOMCTL_set_machine_address_size:
{
- ret = xsm_machine_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
ret = -EBUSY;
if ( d->tot_pages > 0 )
break;
@@ -540,10 +496,6 @@ long arch_do_domctl(
case XEN_DOMCTL_get_machine_address_size:
{
- ret = xsm_machine_address_size(d, domctl->cmd);
- if ( ret )
- break;
-
domctl->u.address_size.size = d->arch.physaddr_bitsize;
ret = 0;
@@ -557,10 +509,6 @@ long arch_do_domctl(
{
struct vcpu *v;
- ret = xsm_sendtrigger(d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( domctl->u.sendtrigger.vcpu >= MAX_VIRT_CPUS )
break;
@@ -827,10 +775,6 @@ long arch_do_domctl(
case XEN_DOMCTL_pin_mem_cacheattr:
{
- ret = xsm_pin_mem_cacheattr(d);
- if ( ret )
- break;
-
ret = hvm_set_mem_pinned_cacheattr(
d, domctl->u.pin_mem_cacheattr.start,
domctl->u.pin_mem_cacheattr.end,
@@ -846,10 +790,6 @@ long arch_do_domctl(
evc = &domctl->u.ext_vcpucontext;
- ret = xsm_ext_vcpucontext(d, domctl->cmd);
- if ( ret )
- break;
-
ret = -ESRCH;
if ( (evc->vcpu >= d->max_vcpus) ||
((v = d->vcpu[evc->vcpu]) == NULL) )
@@ -1115,10 +1055,6 @@ long arch_do_domctl(
evc = &domctl->u.vcpuextstate;
- ret = xsm_vcpuextstate(d, domctl->cmd);
- if ( ret )
- goto vcpuextstate_out;
-
ret = -ESRCH;
if ( (evc->vcpu >= d->max_vcpus) ||
((v = d->vcpu[evc->vcpu]) == NULL) )
@@ -1229,9 +1165,7 @@ long arch_do_domctl(
case XEN_DOMCTL_mem_sharing_op:
{
- ret = xsm_mem_sharing(d);
- if ( !ret )
- ret = mem_sharing_domctl(d, &domctl->u.mem_sharing_op);
+ ret = mem_sharing_domctl(d, &domctl->u.mem_sharing_op);
}
break;
@@ -1262,11 +1196,9 @@ long arch_do_domctl(
if ( current->domain == d )
break;
- ret = xsm_mem_event_setup(d);
- if ( !ret ) {
- p2m = p2m_get_hostp2m(d);
- p2m->access_required =
domctl->u.access_required.access_required;
- }
+ ret = 0;
+ p2m = p2m_get_hostp2m(d);
+ p2m->access_required = domctl->u.access_required.access_required;
}
break;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 2a42a5f..6f792e9 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -289,10 +289,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( d == NULL )
break;
- ret = xsm_setvcpucontext(d);
- if ( ret )
- goto svc_out;
-
ret = -EINVAL;
if ( (d == current->domain) || /* no domain_pause() */
(vcpu >= d->max_vcpus) || ((v = d->vcpu[vcpu]) == NULL) )
@@ -339,10 +335,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_pausedomain:
{
- ret = xsm_pausedomain(d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( d != current->domain )
{
@@ -354,10 +346,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_unpausedomain:
{
- ret = xsm_unpausedomain(d);
- if ( ret )
- break;
-
domain_unpause_by_systemcontroller(d);
ret = 0;
}
@@ -365,10 +353,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_resumedomain:
{
- ret = xsm_resumedomain(d);
- if ( ret )
- break;
-
domain_resume(d);
ret = 0;
}
@@ -452,10 +436,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
(is_hvm_domain(d) && (max > MAX_HVM_VCPUS)) )
break;
- ret = xsm_max_vcpus(d);
- if ( ret )
- break;
-
/* Until Xenoprof can dynamically grow its vcpu-s array... */
if ( d->xenoprof )
{
@@ -538,7 +518,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_destroydomain:
{
- ret = xsm_destroydomain(d) ? : domain_kill(d);
+ ret = domain_kill(d);
}
break;
@@ -547,10 +527,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
{
struct vcpu *v;
- ret = xsm_vcpuaffinity(op->cmd, d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( op->u.vcpuaffinity.vcpu >= d->max_vcpus )
break;
@@ -581,10 +557,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_scheduler_op:
{
- ret = xsm_scheduler(d);
- if ( ret )
- break;
-
ret = sched_adjust(d, &op->u.scheduler_op);
if ( copy_to_guest(u_domctl, op, 1) )
ret = -EFAULT;
@@ -629,10 +601,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
vcpu_guest_context_u c = { .nat = NULL };
struct vcpu *v;
- ret = xsm_getvcpucontext(d);
- if ( ret )
- goto getvcpucontext_out;
-
ret = -EINVAL;
if ( op->u.vcpucontext.vcpu >= d->max_vcpus )
goto getvcpucontext_out;
@@ -685,10 +653,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
struct vcpu *v;
struct vcpu_runstate_info runstate;
- ret = xsm_getvcpuinfo(d);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( op->u.getvcpuinfo.vcpu >= d->max_vcpus )
break;
@@ -715,10 +679,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
{
unsigned long new_max;
- ret = xsm_setdomainmaxmem(d);
- if ( ret )
- break;
-
ret = -EINVAL;
new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
@@ -736,10 +696,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_setdomainhandle:
{
- ret = xsm_setdomainhandle(d);
- if ( ret )
- break;
-
memcpy(d->handle, op->u.setdomainhandle.handle,
sizeof(xen_domain_handle_t));
ret = 0;
@@ -752,10 +708,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( d == current->domain ) /* no domain_pause() */
break;
- ret = xsm_setdebugging(d);
- if ( ret )
- break;
-
domain_pause(d);
d->debugger_attached = !!op->u.setdebugging.enable;
domain_unpause(d); /* causes guest to latch new status */
@@ -800,10 +752,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_settimeoffset:
{
- ret = xsm_domain_settime(d);
- if ( ret )
- break;
-
domain_set_time_offset(d, op->u.settimeoffset.time_offset_seconds);
ret = 0;
}
@@ -853,10 +801,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
case XEN_DOMCTL_set_virq_handler:
{
uint32_t virq = op->u.set_virq_handler.virq;
-
- ret = xsm_set_virq_handler(d, virq);
- if ( !ret )
- ret = set_global_virq_handler(d, virq);
+ ret = set_global_virq_handler(d, virq);
}
break;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index fa78785..aef7c4e 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -17,71 +17,16 @@ static XSM_INLINE void xsm_security_domaininfo(struct domain
*d,
return;
}
-static XSM_INLINE int xsm_setvcpucontext(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_pausedomain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_unpausedomain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_resumedomain(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
{
return 0;
}
-static XSM_INLINE int xsm_max_vcpus(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_destroydomain(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_vcpuaffinity(int cmd, struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_scheduler(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
{
return 0;
}
-static XSM_INLINE int xsm_getvcpucontext(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getvcpuinfo(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_domain_settime(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
{
return 0;
@@ -113,11 +58,6 @@ static XSM_INLINE int xsm_sysctl(int cmd)
return 0;
}
-static XSM_INLINE int xsm_set_virq_handler(struct domain *d, uint32_t virq)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_tbufcontrol(void)
{
return 0;
@@ -133,21 +73,6 @@ static XSM_INLINE int xsm_sched_id(void)
return 0;
}
-static XSM_INLINE int xsm_setdomainmaxmem(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_setdomainhandle(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_setdebugging(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_perfcontrol(void)
{
return 0;
@@ -505,36 +430,6 @@ static XSM_INLINE int xsm_shadow_control(struct domain *d,
uint32_t op)
return 0;
}
-static XSM_INLINE int xsm_getpageframeinfo(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getmemlist(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_hypercall_init(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_hvmcontext(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_address_size(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_machine_address_size(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
@@ -570,11 +465,6 @@ static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
return 0;
}
-static XSM_INLINE int xsm_mem_event_setup(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
{
if ( !IS_PRIV(current->domain) )
@@ -589,11 +479,6 @@ static XSM_INLINE int xsm_mem_event_op(struct domain *d,
int op)
return 0;
}
-static XSM_INLINE int xsm_mem_sharing(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
int op)
{
if ( !IS_PRIV_FOR(current->domain, cd) )
@@ -720,11 +605,6 @@ static XSM_INLINE int xsm_remove_from_physmap(struct domain
*d1, struct domain *
return 0;
}
-static XSM_INLINE int xsm_sendtrigger(struct domain *d)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
@@ -735,21 +615,6 @@ static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d,
struct xen_domctl_bind
return 0;
}
-static XSM_INLINE int xsm_pin_mem_cacheattr(struct domain *d)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index b2f33d6..903c7cb 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -41,29 +41,14 @@ extern xsm_initcall_t __xsm_initcall_start[],
__xsm_initcall_end[];
struct xsm_operations {
void (*security_domaininfo) (struct domain *d,
struct xen_domctl_getdomaininfo *info);
- int (*setvcpucontext) (struct domain *d);
- int (*pausedomain) (struct domain *d);
- int (*unpausedomain) (struct domain *d);
- int (*resumedomain) (struct domain *d);
int (*domain_create) (struct domain *d, u32 ssidref);
- int (*max_vcpus) (struct domain *d);
- int (*destroydomain) (struct domain *d);
- int (*vcpuaffinity) (int cmd, struct domain *d);
- int (*scheduler) (struct domain *d);
int (*getdomaininfo) (struct domain *d);
- int (*getvcpucontext) (struct domain *d);
- int (*getvcpuinfo) (struct domain *d);
- int (*domain_settime) (struct domain *d);
int (*set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
int (*sysctl) (int cmd);
- int (*set_virq_handler) (struct domain *d, uint32_t virq);
int (*tbufcontrol) (void);
int (*readconsole) (uint32_t clear);
int (*sched_id) (void);
- int (*setdomainmaxmem) (struct domain *d);
- int (*setdomainhandle) (struct domain *d);
- int (*setdebugging) (struct domain *d);
int (*perfcontrol) (void);
int (*debug_keys) (void);
int (*getcpuinfo) (void);
@@ -141,21 +126,13 @@ struct xsm_operations {
#ifdef CONFIG_X86
int (*shadow_control) (struct domain *d, uint32_t op);
- int (*getpageframeinfo) (struct domain *d);
- int (*getmemlist) (struct domain *d);
- int (*hypercall_init) (struct domain *d);
- int (*hvmcontext) (struct domain *d, uint32_t op);
- int (*address_size) (struct domain *d, uint32_t op);
- int (*machine_address_size) (struct domain *d, uint32_t op);
int (*hvm_param) (struct domain *d, unsigned long op);
int (*hvm_set_pci_intx_level) (struct domain *d);
int (*hvm_set_isa_irq_level) (struct domain *d);
int (*hvm_set_pci_link_route) (struct domain *d);
int (*hvm_inject_msi) (struct domain *d);
- int (*mem_event_setup) (struct domain *d);
int (*mem_event_control) (struct domain *d, int mode, int op);
int (*mem_event_op) (struct domain *d, int op);
- int (*mem_sharing) (struct domain *d);
int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
int (*apic) (struct domain *d, int cmd);
int (*xen_settime) (void);
@@ -180,12 +157,8 @@ struct xsm_operations {
int (*mmuext_op) (struct domain *d, struct domain *f);
int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t
pte);
int (*add_to_physmap) (struct domain *d1, struct domain *d2);
- int (*sendtrigger) (struct domain *d);
int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
- int (*pin_mem_cacheattr) (struct domain *d);
- int (*ext_vcpucontext) (struct domain *d, uint32_t cmd);
- int (*vcpuextstate) (struct domain *d, uint32_t cmd);
int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
#endif
@@ -203,71 +176,16 @@ static inline void xsm_security_domaininfo (struct domain
*d,
xsm_ops->security_domaininfo(d, info);
}
-static inline int xsm_setvcpucontext(struct domain *d)
-{
- return xsm_ops->setvcpucontext(d);
-}
-
-static inline int xsm_pausedomain (struct domain *d)
-{
- return xsm_ops->pausedomain(d);
-}
-
-static inline int xsm_unpausedomain (struct domain *d)
-{
- return xsm_ops->unpausedomain(d);
-}
-
-static inline int xsm_resumedomain (struct domain *d)
-{
- return xsm_ops->resumedomain(d);
-}
-
static inline int xsm_domain_create (struct domain *d, u32 ssidref)
{
return xsm_ops->domain_create(d, ssidref);
}
-static inline int xsm_max_vcpus(struct domain *d)
-{
- return xsm_ops->max_vcpus(d);
-}
-
-static inline int xsm_destroydomain (struct domain *d)
-{
- return xsm_ops->destroydomain(d);
-}
-
-static inline int xsm_vcpuaffinity (int cmd, struct domain *d)
-{
- return xsm_ops->vcpuaffinity(cmd, d);
-}
-
-static inline int xsm_scheduler (struct domain *d)
-{
- return xsm_ops->scheduler(d);
-}
-
static inline int xsm_getdomaininfo (struct domain *d)
{
return xsm_ops->getdomaininfo(d);
}
-static inline int xsm_getvcpucontext (struct domain *d)
-{
- return xsm_ops->getvcpucontext(d);
-}
-
-static inline int xsm_getvcpuinfo (struct domain *d)
-{
- return xsm_ops->getvcpuinfo(d);
-}
-
-static inline int xsm_domain_settime (struct domain *d)
-{
- return xsm_ops->domain_settime(d);
-}
-
static inline int xsm_set_target (struct domain *d, struct domain *e)
{
return xsm_ops->set_target(d, e);
@@ -283,11 +201,6 @@ static inline int xsm_sysctl (int cmd)
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_set_virq_handler (struct domain *d, uint32_t virq)
-{
- return xsm_ops->set_virq_handler(d, virq);
-}
-
static inline int xsm_tbufcontrol (void)
{
return xsm_ops->tbufcontrol();
@@ -303,21 +216,6 @@ static inline int xsm_sched_id (void)
return xsm_ops->sched_id();
}
-static inline int xsm_setdomainmaxmem (struct domain *d)
-{
- return xsm_ops->setdomainmaxmem(d);
-}
-
-static inline int xsm_setdomainhandle (struct domain *d)
-{
- return xsm_ops->setdomainhandle(d);
-}
-
-static inline int xsm_setdebugging (struct domain *d)
-{
- return xsm_ops->setdebugging(d);
-}
-
static inline int xsm_perfcontrol (void)
{
return xsm_ops->perfcontrol();
@@ -635,36 +533,6 @@ static inline int xsm_shadow_control (struct domain *d,
uint32_t op)
return xsm_ops->shadow_control(d, op);
}
-static inline int xsm_getpageframeinfo (struct domain *d)
-{
- return xsm_ops->getpageframeinfo(d);
-}
-
-static inline int xsm_getmemlist (struct domain *d)
-{
- return xsm_ops->getmemlist(d);
-}
-
-static inline int xsm_hypercall_init (struct domain *d)
-{
- return xsm_ops->hypercall_init(d);
-}
-
-static inline int xsm_hvmcontext (struct domain *d, uint32_t cmd)
-{
- return xsm_ops->hvmcontext(d, cmd);
-}
-
-static inline int xsm_address_size (struct domain *d, uint32_t cmd)
-{
- return xsm_ops->address_size(d, cmd);
-}
-
-static inline int xsm_machine_address_size (struct domain *d, uint32_t cmd)
-{
- return xsm_ops->machine_address_size(d, cmd);
-}
-
static inline int xsm_hvm_param (struct domain *d, unsigned long op)
{
return xsm_ops->hvm_param(d, op);
@@ -690,11 +558,6 @@ static inline int xsm_hvm_inject_msi (struct domain *d)
return xsm_ops->hvm_inject_msi(d);
}
-static inline int xsm_mem_event_setup (struct domain *d)
-{
- return xsm_ops->mem_event_setup(d);
-}
-
static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
{
return xsm_ops->mem_event_control(d, mode, op);
@@ -705,11 +568,6 @@ static inline int xsm_mem_event_op (struct domain *d, int
op)
return xsm_ops->mem_event_op(d, op);
}
-static inline int xsm_mem_sharing (struct domain *d)
-{
- return xsm_ops->mem_sharing(d);
-}
-
static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int
op)
{
return xsm_ops->mem_sharing_op(d, cd, op);
@@ -807,11 +665,6 @@ static inline int xsm_add_to_physmap(struct domain *d1,
struct domain *d2)
return xsm_ops->add_to_physmap(d1, d2);
}
-static inline int xsm_sendtrigger(struct domain *d)
-{
- return xsm_ops->sendtrigger(d);
-}
-
static inline int xsm_bind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
@@ -824,20 +677,6 @@ static inline int xsm_unbind_pt_irq(struct domain *d,
return xsm_ops->unbind_pt_irq(d, bind);
}
-static inline int xsm_pin_mem_cacheattr(struct domain *d)
-{
- return xsm_ops->pin_mem_cacheattr(d);
-}
-
-static inline int xsm_ext_vcpucontext(struct domain *d, uint32_t cmd)
-{
- return xsm_ops->ext_vcpucontext(d, cmd);
-}
-static inline int xsm_vcpuextstate(struct domain *d, uint32_t cmd)
-{
- return xsm_ops->vcpuextstate(d, cmd);
-}
-
static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
{
return xsm_ops->ioport_permission(d, s, e, allow);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 3e6e5df..9bb86ef 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -30,29 +30,14 @@ struct xsm_operations dummy_xsm_ops;
void xsm_fixup_ops (struct xsm_operations *ops)
{
set_to_dummy_if_null(ops, security_domaininfo);
- set_to_dummy_if_null(ops, setvcpucontext);
- set_to_dummy_if_null(ops, pausedomain);
- set_to_dummy_if_null(ops, unpausedomain);
- set_to_dummy_if_null(ops, resumedomain);
set_to_dummy_if_null(ops, domain_create);
- set_to_dummy_if_null(ops, max_vcpus);
- set_to_dummy_if_null(ops, destroydomain);
- set_to_dummy_if_null(ops, vcpuaffinity);
- set_to_dummy_if_null(ops, scheduler);
set_to_dummy_if_null(ops, getdomaininfo);
- set_to_dummy_if_null(ops, getvcpucontext);
- set_to_dummy_if_null(ops, getvcpuinfo);
- set_to_dummy_if_null(ops, domain_settime);
set_to_dummy_if_null(ops, set_target);
set_to_dummy_if_null(ops, domctl);
set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, set_virq_handler);
set_to_dummy_if_null(ops, tbufcontrol);
set_to_dummy_if_null(ops, readconsole);
set_to_dummy_if_null(ops, sched_id);
- set_to_dummy_if_null(ops, setdomainmaxmem);
- set_to_dummy_if_null(ops, setdomainhandle);
- set_to_dummy_if_null(ops, setdebugging);
set_to_dummy_if_null(ops, perfcontrol);
set_to_dummy_if_null(ops, debug_keys);
set_to_dummy_if_null(ops, getcpuinfo);
@@ -128,21 +113,13 @@ void xsm_fixup_ops (struct xsm_operations *ops)
#ifdef CONFIG_X86
set_to_dummy_if_null(ops, shadow_control);
- set_to_dummy_if_null(ops, getpageframeinfo);
- set_to_dummy_if_null(ops, getmemlist);
- set_to_dummy_if_null(ops, hypercall_init);
- set_to_dummy_if_null(ops, hvmcontext);
- set_to_dummy_if_null(ops, address_size);
- set_to_dummy_if_null(ops, machine_address_size);
set_to_dummy_if_null(ops, hvm_param);
set_to_dummy_if_null(ops, hvm_set_pci_intx_level);
set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
set_to_dummy_if_null(ops, hvm_set_pci_link_route);
set_to_dummy_if_null(ops, hvm_inject_msi);
- set_to_dummy_if_null(ops, mem_event_setup);
set_to_dummy_if_null(ops, mem_event_control);
set_to_dummy_if_null(ops, mem_event_op);
- set_to_dummy_if_null(ops, mem_sharing);
set_to_dummy_if_null(ops, mem_sharing_op);
set_to_dummy_if_null(ops, apic);
set_to_dummy_if_null(ops, xen_settime);
@@ -163,12 +140,8 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, update_va_mapping);
set_to_dummy_if_null(ops, add_to_physmap);
set_to_dummy_if_null(ops, remove_from_physmap);
- set_to_dummy_if_null(ops, sendtrigger);
set_to_dummy_if_null(ops, bind_pt_irq);
set_to_dummy_if_null(ops, unbind_pt_irq);
- set_to_dummy_if_null(ops, pin_mem_cacheattr);
- set_to_dummy_if_null(ops, ext_vcpucontext);
- set_to_dummy_if_null(ops, vcpuextstate);
set_to_dummy_if_null(ops, ioport_permission);
set_to_dummy_if_null(ops, ioport_mapping);
#endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index e815ea5..f0216e0 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -484,26 +484,6 @@ static void flask_security_domaininfo(struct domain *d,
info->ssidref = domain_sid(d);
}
-static int flask_setvcpucontext(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT);
-}
-
-static int flask_pausedomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__PAUSE);
-}
-
-static int flask_unpausedomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
-}
-
-static int flask_resumedomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
-}
-
static int flask_domain_create(struct domain *d, u32 ssidref)
{
int rc;
@@ -532,66 +512,11 @@ static int flask_domain_create(struct domain *d, u32
ssidref)
return rc;
}
-static int flask_max_vcpus(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS);
-}
-
-static int flask_destroydomain(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__DESTROY);
-}
-
-static int flask_vcpuaffinity(int cmd, struct domain *d)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_setvcpuaffinity:
- perm = DOMAIN__SETVCPUAFFINITY;
- break;
- case XEN_DOMCTL_getvcpuaffinity:
- perm = DOMAIN__GETVCPUAFFINITY;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm );
-}
-
-static int flask_scheduler(struct domain *d)
-{
- int rc = 0;
-
- rc = domain_has_xen(current->domain, XEN__SCHEDULER);
- if ( rc )
- return rc;
-
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SCHEDULER);
-}
-
static int flask_getdomaininfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
-static int flask_getvcpucontext(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT);
-}
-
-static int flask_getvcpuinfo(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO);
-}
-
-static int flask_domain_settime(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETTIME);
-}
-
static int flask_set_target(struct domain *d, struct domain *t)
{
int rc;
@@ -622,62 +547,121 @@ static int flask_domctl(struct domain *d, int cmd)
{
/* These have individual XSM hooks (common/domctl.c) */
case XEN_DOMCTL_createdomain:
+ case XEN_DOMCTL_getdomaininfo:
+ case XEN_DOMCTL_irq_permission:
+ case XEN_DOMCTL_iomem_permission:
+ case XEN_DOMCTL_set_target:
+#ifdef CONFIG_X86
+ /* These have individual XSM hooks (arch/x86/domctl.c) */
+ case XEN_DOMCTL_shadow_op:
+ case XEN_DOMCTL_ioport_permission:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_mem_event_op:
+ /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
+ case XEN_DOMCTL_get_device_group:
+ case XEN_DOMCTL_test_assign_device:
+ case XEN_DOMCTL_assign_device:
+ case XEN_DOMCTL_deassign_device:
+#endif
+ return 0;
+
case XEN_DOMCTL_destroydomain:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__DESTROY);
+
case XEN_DOMCTL_pausedomain:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__PAUSE);
+
case XEN_DOMCTL_unpausedomain:
- case XEN_DOMCTL_getdomaininfo:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
+
case XEN_DOMCTL_setvcpuaffinity:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUAFFINITY);
+
+ case XEN_DOMCTL_getvcpuaffinity:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUAFFINITY);
+
+ case XEN_DOMCTL_resumedomain:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
+
+ case XEN_DOMCTL_scheduler_op:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SCHEDULER);
+
+ case XEN_DOMCTL_max_vcpus:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__MAX_VCPUS);
+
case XEN_DOMCTL_max_mem:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM);
+
+ case XEN_DOMCTL_setdomainhandle:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE);
+
case XEN_DOMCTL_setvcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUCONTEXT);
+
case XEN_DOMCTL_getvcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUCONTEXT);
+
case XEN_DOMCTL_getvcpuinfo:
- case XEN_DOMCTL_max_vcpus:
- case XEN_DOMCTL_scheduler_op:
- case XEN_DOMCTL_setdomainhandle:
- case XEN_DOMCTL_setdebugging:
- case XEN_DOMCTL_irq_permission:
- case XEN_DOMCTL_iomem_permission:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUINFO);
+
case XEN_DOMCTL_settimeoffset:
- case XEN_DOMCTL_getvcpuaffinity:
- case XEN_DOMCTL_resumedomain:
- case XEN_DOMCTL_set_target:
- case XEN_DOMCTL_set_virq_handler:
-#ifdef CONFIG_X86
- /* These have individual XSM hooks (arch/x86/domctl.c) */
- case XEN_DOMCTL_shadow_op:
- case XEN_DOMCTL_ioport_permission:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETTIME);
+
+ case XEN_DOMCTL_setdebugging:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING);
+
case XEN_DOMCTL_getpageframeinfo:
case XEN_DOMCTL_getpageframeinfo2:
case XEN_DOMCTL_getpageframeinfo3:
+ return current_has_perm(d, SECCLASS_MMU, MMU__PAGEINFO);
+
case XEN_DOMCTL_getmemlist:
+ return current_has_perm(d, SECCLASS_MMU, MMU__PAGELIST);
+
case XEN_DOMCTL_hypercall_init:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__HYPERCALL);
+
case XEN_DOMCTL_sethvmcontext:
+ return current_has_perm(d, SECCLASS_HVM, HVM__SETHVMC);
+
case XEN_DOMCTL_gethvmcontext:
case XEN_DOMCTL_gethvmcontext_partial:
+ return current_has_perm(d, SECCLASS_HVM, HVM__GETHVMC);
+
case XEN_DOMCTL_set_address_size:
- case XEN_DOMCTL_get_address_size:
case XEN_DOMCTL_set_machine_address_size:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETADDRSIZE);
+
+ case XEN_DOMCTL_get_address_size:
case XEN_DOMCTL_get_machine_address_size:
- case XEN_DOMCTL_sendtrigger:
- case XEN_DOMCTL_bind_pt_irq:
- case XEN_DOMCTL_unbind_pt_irq:
- case XEN_DOMCTL_memory_mapping:
- case XEN_DOMCTL_ioport_mapping:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETADDRSIZE);
+
+ case XEN_DOMCTL_mem_sharing_op:
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
+
case XEN_DOMCTL_pin_mem_cacheattr:
+ return current_has_perm(d, SECCLASS_HVM, HVM__CACHEATTR);
+
case XEN_DOMCTL_set_ext_vcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETEXTVCPUCONTEXT);
+
case XEN_DOMCTL_get_ext_vcpucontext:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETEXTVCPUCONTEXT);
+
case XEN_DOMCTL_setvcpuextstate:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUEXTSTATE);
+
case XEN_DOMCTL_getvcpuextstate:
- case XEN_DOMCTL_mem_event_op:
- case XEN_DOMCTL_mem_sharing_op:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUEXTSTATE);
+
+ case XEN_DOMCTL_sendtrigger:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
+
case XEN_DOMCTL_set_access_required:
- /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
- case XEN_DOMCTL_get_device_group:
- case XEN_DOMCTL_test_assign_device:
- case XEN_DOMCTL_assign_device:
- case XEN_DOMCTL_deassign_device:
-#endif
- return 0;
+ return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
case XEN_DOMCTL_debug_op:
case XEN_DOMCTL_gdbsx_guestmemio:
@@ -691,6 +675,9 @@ static int flask_domctl(struct domain *d, int cmd)
case XEN_DOMCTL_suppress_spurious_page_faults:
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_MISC_INFO);
+ case XEN_DOMCTL_set_virq_handler:
+ return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
+
case XEN_DOMCTL_set_cpuid:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID);
@@ -741,11 +728,6 @@ static int flask_sysctl(int cmd)
}
}
-static int flask_set_virq_handler(struct domain *d, uint32_t virq)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
-}
-
static int flask_tbufcontrol(void)
{
return domain_has_xen(current->domain, XEN__TBUFCONTROL);
@@ -766,21 +748,6 @@ static int flask_sched_id(void)
return domain_has_xen(current->domain, XEN__SCHEDULER);
}
-static int flask_setdomainmaxmem(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINMAXMEM);
-}
-
-static int flask_setdomainhandle(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDOMAINHANDLE);
-}
-
-static int flask_setdebugging(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETDEBUGGING);
-}
-
static int flask_debug_keys(void)
{
return domain_has_xen(current->domain, XEN__DEBUG);
@@ -1174,82 +1141,6 @@ static int flask_ioport_mapping(struct domain *d,
uint32_t start, uint32_t end,
return flask_ioport_permission(d, start, end, access);
}
-static int flask_getpageframeinfo(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_MMU, MMU__PAGEINFO);
-}
-
-static int flask_getmemlist(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_MMU, MMU__PAGELIST);
-}
-
-static int flask_hypercall_init(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__HYPERCALL);
-}
-
-static int flask_hvmcontext(struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_sethvmcontext:
- perm = HVM__SETHVMC;
- break;
- case XEN_DOMCTL_gethvmcontext:
- case XEN_DOMCTL_gethvmcontext_partial:
- perm = HVM__GETHVMC;
- break;
- case HVMOP_track_dirty_vram:
- perm = HVM__TRACKDIRTYVRAM;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_HVM, perm);
-}
-
-static int flask_address_size(struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_set_address_size:
- perm = DOMAIN__SETADDRSIZE;
- break;
- case XEN_DOMCTL_get_address_size:
- perm = DOMAIN__GETADDRSIZE;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm);
-}
-
-static int flask_machine_address_size(struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_set_machine_address_size:
- perm = DOMAIN__SETADDRSIZE;
- break;
- case XEN_DOMCTL_get_machine_address_size:
- perm = DOMAIN__GETADDRSIZE;
- break;
- default:
- return -EPERM;
- }
-
- return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm);
-}
-
static int flask_hvm_param(struct domain *d, unsigned long op)
{
u32 perm;
@@ -1292,11 +1183,6 @@ static int flask_hvm_inject_msi(struct domain *d)
return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
}
-static int flask_mem_event_setup(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
-}
-
static int flask_mem_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
@@ -1307,11 +1193,6 @@ static int flask_mem_event_op(struct domain *d, int op)
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
-static int flask_mem_sharing(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_HVM, HVM__MEM_SHARING);
-}
-
static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
{
int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
@@ -1499,11 +1380,6 @@ static int flask_remove_from_physmap(struct domain *d1,
struct domain *d2)
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_sendtrigger(struct domain *d)
-{
- return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__TRIGGER);
-}
-
static int flask_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
@@ -1597,78 +1473,20 @@ static int flask_unbind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
-
-static int flask_pin_mem_cacheattr (struct domain *d)
-{
- return current_has_perm(d, SECCLASS_HVM, HVM__CACHEATTR);
-}
-
-static int flask_ext_vcpucontext (struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_set_ext_vcpucontext:
- perm = DOMAIN__SETEXTVCPUCONTEXT;
- break;
- case XEN_DOMCTL_get_ext_vcpucontext:
- perm = DOMAIN__GETEXTVCPUCONTEXT;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm);
-}
-
-static int flask_vcpuextstate (struct domain *d, uint32_t cmd)
-{
- u32 perm;
-
- switch ( cmd )
- {
- case XEN_DOMCTL_setvcpuextstate:
- perm = DOMAIN__SETVCPUEXTSTATE;
- break;
- case XEN_DOMCTL_getvcpuextstate:
- perm = DOMAIN__GETVCPUEXTSTATE;
- break;
- default:
- return -EPERM;
- }
-
- return current_has_perm(d, SECCLASS_DOMAIN, perm);
-}
#endif
long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
static struct xsm_operations flask_ops = {
.security_domaininfo = flask_security_domaininfo,
- .setvcpucontext = flask_setvcpucontext,
- .pausedomain = flask_pausedomain,
- .unpausedomain = flask_unpausedomain,
- .resumedomain = flask_resumedomain,
.domain_create = flask_domain_create,
- .max_vcpus = flask_max_vcpus,
- .destroydomain = flask_destroydomain,
- .vcpuaffinity = flask_vcpuaffinity,
- .scheduler = flask_scheduler,
.getdomaininfo = flask_getdomaininfo,
- .getvcpucontext = flask_getvcpucontext,
- .getvcpuinfo = flask_getvcpuinfo,
- .domain_settime = flask_domain_settime,
.set_target = flask_set_target,
.domctl = flask_domctl,
.sysctl = flask_sysctl,
- .set_virq_handler = flask_set_virq_handler,
.tbufcontrol = flask_tbufcontrol,
.readconsole = flask_readconsole,
.sched_id = flask_sched_id,
- .setdomainmaxmem = flask_setdomainmaxmem,
- .setdomainhandle = flask_setdomainhandle,
- .setdebugging = flask_setdebugging,
.perfcontrol = flask_perfcontrol,
.debug_keys = flask_debug_keys,
.getcpuinfo = flask_getcpuinfo,
@@ -1740,21 +1558,13 @@ static struct xsm_operations flask_ops = {
#ifdef CONFIG_X86
.shadow_control = flask_shadow_control,
- .getpageframeinfo = flask_getpageframeinfo,
- .getmemlist = flask_getmemlist,
- .hypercall_init = flask_hypercall_init,
- .hvmcontext = flask_hvmcontext,
- .address_size = flask_address_size,
- .machine_address_size = flask_machine_address_size,
.hvm_param = flask_hvm_param,
.hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
.hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
.hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
.hvm_inject_msi = flask_hvm_inject_msi,
- .mem_event_setup = flask_mem_event_setup,
.mem_event_control = flask_mem_event_control,
.mem_event_op = flask_mem_event_op,
- .mem_sharing = flask_mem_sharing,
.mem_sharing_op = flask_mem_sharing_op,
.apic = flask_apic,
.xen_settime = flask_xen_settime,
@@ -1775,16 +1585,12 @@ static struct xsm_operations flask_ops = {
.update_va_mapping = flask_update_va_mapping,
.add_to_physmap = flask_add_to_physmap,
.remove_from_physmap = flask_remove_from_physmap,
- .sendtrigger = flask_sendtrigger,
.get_device_group = flask_get_device_group,
.test_assign_device = flask_test_assign_device,
.assign_device = flask_assign_device,
.deassign_device = flask_deassign_device,
.bind_pt_irq = flask_bind_pt_irq,
.unbind_pt_irq = flask_unbind_pt_irq,
- .pin_mem_cacheattr = flask_pin_mem_cacheattr,
- .ext_vcpucontext = flask_ext_vcpucontext,
- .vcpuextstate = flask_vcpuextstate,
.ioport_permission = flask_ioport_permission,
.ioport_mapping = flask_ioport_mapping,
#endif
--
1.7.11.7
A number of the sysctl XSM hooks have no parameters or only pass the
operation ID, making them redundant with the xsm_sysctl hook. Remove
these redundant hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/platform_hypercall.c | 12 ----
xen/arch/x86/sysctl.c | 13 ----
xen/common/sysctl.c | 44 --------------
xen/include/xsm/dummy.h | 60 ------------------
xen/include/xsm/xsm.h | 72 ----------------------
xen/xsm/dummy.c | 12 ----
xen/xsm/flask/hooks.c | 125 ++++++++++++--------------------------
7 files changed, 38 insertions(+), 300 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index 738bed0..ffac6ac 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -419,10 +419,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_set_processor_pminfo:
- ret = xsm_setpminfo();
- if ( ret )
- break;
-
switch ( op->u.set_pminfo.type )
{
case XEN_PM_PX:
@@ -475,10 +471,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
g_info = &op->u.pcpu_info;
- ret = xsm_getcpuinfo();
- if ( ret )
- break;
-
if ( !get_cpu_maps() )
{
ret = -EBUSY;
@@ -512,10 +504,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
struct xenpf_pcpu_version *ver = &op->u.pcpu_version;
- ret = xsm_getcpuinfo();
- if ( ret )
- break;
-
if ( !get_cpu_maps() )
{
ret = -EBUSY;
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index b84dd34..5b0c4b7 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -69,11 +69,6 @@ long arch_do_sysctl(
{
xen_sysctl_physinfo_t *pi = &sysctl->u.physinfo;
- ret = xsm_physinfo();
- if ( ret )
- break;
-
-
memset(pi, 0, sizeof(*pi));
pi->threads_per_core
cpumask_weight(per_cpu(cpu_sibling_mask, 0));
@@ -103,10 +98,6 @@ long arch_do_sysctl(
uint32_t i, max_cpu_index, last_online_cpu;
xen_sysctl_topologyinfo_t *ti = &sysctl->u.topologyinfo;
- ret = xsm_physinfo();
- if ( ret )
- break;
-
last_online_cpu = cpumask_last(&cpu_online_map);
max_cpu_index = min_t(uint32_t, ti->max_cpu_index, last_online_cpu);
ti->max_cpu_index = last_online_cpu;
@@ -143,10 +134,6 @@ long arch_do_sysctl(
uint32_t i, j, max_node_index, last_online_node;
xen_sysctl_numainfo_t *ni = &sysctl->u.numainfo;
- ret = xsm_physinfo();
- if ( ret )
- break;
-
last_online_node = last_node(node_online_map);
max_node_index = min_t(uint32_t, ni->max_node_index,
last_online_node);
ni->max_node_index = last_online_node;
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index 599430e..cbefb0e 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -69,10 +69,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
case XEN_SYSCTL_tbuf_op:
{
- ret = xsm_tbufcontrol();
- if ( ret )
- break;
-
ret = tb_control(&op->u.tbuf_op);
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -81,10 +77,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
case XEN_SYSCTL_sched_id:
{
- ret = xsm_sched_id();
- if ( ret )
- break;
-
op->u.sched_id.sched_id = sched_id();
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -139,10 +131,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
#ifdef PERF_COUNTERS
case XEN_SYSCTL_perfc_op:
{
- ret = xsm_perfcontrol();
- if ( ret )
- break;
-
ret = perfc_control(&op->u.perfc_op);
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -153,10 +141,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
#ifdef LOCK_PROFILE
case XEN_SYSCTL_lockprof_op:
{
- ret = xsm_lockprof();
- if ( ret )
- break;
-
ret = spinlock_profile_control(&op->u.lockprof_op);
if ( copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -168,10 +152,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
char c;
uint32_t i;
- ret = xsm_debug_keys();
- if ( ret )
- break;
-
ret = -EFAULT;
for ( i = 0; i < op->u.debug_keys.nr_keys; i++ )
{
@@ -190,10 +170,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
nr_cpus = min(op->u.getcpuinfo.max_cpus, nr_cpu_ids);
- ret = xsm_getcpuinfo();
- if ( ret )
- break;
-
for ( i = 0; i < nr_cpus; i++ )
{
cpuinfo.idletime = get_cpu_idle_time(i);
@@ -210,10 +186,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_availheap:
{
- ret = xsm_availheap();
- if ( ret )
- break;
-
op->u.availheap.avail_bytes = avail_domheap_pages_region(
op->u.availheap.node,
op->u.availheap.min_bitwidth,
@@ -227,10 +199,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
#ifdef HAS_ACPI
case XEN_SYSCTL_get_pmstat:
{
- ret = xsm_get_pmstat();
- if ( ret )
- break;
-
ret = do_get_pm_info(&op->u.get_pmstat);
if ( ret )
break;
@@ -245,10 +213,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_pm_op:
{
- ret = xsm_pm_op();
- if ( ret )
- break;
-
ret = do_pm_op(&op->u.pm_op);
if ( ret && (ret != -EAGAIN) )
break;
@@ -323,10 +287,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_cpupool_op:
{
- ret = xsm_cpupool_op();
- if ( ret )
- break;
-
ret = cpupool_do_sysctl(&op->u.cpupool_op);
if ( (ret == 0) && copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
@@ -335,10 +295,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
case XEN_SYSCTL_scheduler_op:
{
- ret = xsm_sched_op();
- if ( ret )
- break;
-
ret = sched_adjust_global(&op->u.scheduler_op);
if ( (ret == 0) && copy_to_guest(u_sysctl, op, 1) )
ret = -EFAULT;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index aef7c4e..93e84dc 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -58,51 +58,11 @@ static XSM_INLINE int xsm_sysctl(int cmd)
return 0;
}
-static XSM_INLINE int xsm_tbufcontrol(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_readconsole(uint32_t clear)
{
return 0;
}
-static XSM_INLINE int xsm_sched_id(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_perfcontrol(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_debug_keys(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getcpuinfo(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_get_pmstat(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_setpminfo(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_pm_op(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_do_mca(void)
{
if ( !IS_PRIV(current->domain) )
@@ -110,11 +70,6 @@ static XSM_INLINE int xsm_do_mca(void)
return 0;
}
-static XSM_INLINE int xsm_availheap(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_alloc_security_domain(struct domain *d)
{
return 0;
@@ -358,16 +313,6 @@ static XSM_INLINE int xsm_lockprof(void)
return 0;
}
-static XSM_INLINE int xsm_cpupool_op(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_sched_op(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_tmem_op(void)
{
return 0;
@@ -508,11 +453,6 @@ static XSM_INLINE int xsm_microcode(void)
return 0;
}
-static XSM_INLINE int xsm_physinfo(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 903c7cb..f1ccd8e 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -46,16 +46,7 @@ struct xsm_operations {
int (*set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
int (*sysctl) (int cmd);
- int (*tbufcontrol) (void);
int (*readconsole) (uint32_t clear);
- int (*sched_id) (void);
- int (*perfcontrol) (void);
- int (*debug_keys) (void);
- int (*getcpuinfo) (void);
- int (*availheap) (void);
- int (*get_pmstat) (void);
- int (*setpminfo) (void);
- int (*pm_op) (void);
int (*do_mca) (void);
int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
@@ -117,8 +108,6 @@ struct xsm_operations {
int (*page_offline)(uint32_t cmd);
int (*lockprof)(void);
- int (*cpupool_op)(void);
- int (*sched_op)(void);
int (*tmem_op)(void);
int (*tmem_control)(void);
@@ -138,7 +127,6 @@ struct xsm_operations {
int (*xen_settime) (void);
int (*memtype) (uint32_t access);
int (*microcode) (void);
- int (*physinfo) (void);
int (*platform_quirk) (uint32_t);
int (*platform_op) (uint32_t cmd);
int (*firmware_info) (void);
@@ -201,56 +189,11 @@ static inline int xsm_sysctl (int cmd)
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_tbufcontrol (void)
-{
- return xsm_ops->tbufcontrol();
-}
-
static inline int xsm_readconsole (uint32_t clear)
{
return xsm_ops->readconsole(clear);
}
-static inline int xsm_sched_id (void)
-{
- return xsm_ops->sched_id();
-}
-
-static inline int xsm_perfcontrol (void)
-{
- return xsm_ops->perfcontrol();
-}
-
-static inline int xsm_debug_keys (void)
-{
- return xsm_ops->debug_keys();
-}
-
-static inline int xsm_availheap (void)
-{
- return xsm_ops->availheap();
-}
-
-static inline int xsm_getcpuinfo (void)
-{
- return xsm_ops->getcpuinfo();
-}
-
-static inline int xsm_get_pmstat(void)
-{
- return xsm_ops->get_pmstat();
-}
-
-static inline int xsm_setpminfo(void)
-{
- return xsm_ops->setpminfo();
-}
-
-static inline int xsm_pm_op(void)
-{
- return xsm_ops->pm_op();
-}
-
static inline int xsm_do_mca(void)
{
return xsm_ops->do_mca();
@@ -502,16 +445,6 @@ static inline int xsm_lockprof(void)
return xsm_ops->lockprof();
}
-static inline int xsm_cpupool_op(void)
-{
- return xsm_ops->cpupool_op();
-}
-
-static inline int xsm_sched_op(void)
-{
- return xsm_ops->sched_op();
-}
-
static inline int xsm_tmem_op(void)
{
return xsm_ops->tmem_op();
@@ -593,11 +526,6 @@ static inline int xsm_microcode (void)
return xsm_ops->microcode();
}
-static inline int xsm_physinfo (void)
-{
- return xsm_ops->physinfo();
-}
-
static inline int xsm_platform_quirk (uint32_t quirk)
{
return xsm_ops->platform_quirk(quirk);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 9bb86ef..03a17ba 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -35,16 +35,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, set_target);
set_to_dummy_if_null(ops, domctl);
set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, tbufcontrol);
set_to_dummy_if_null(ops, readconsole);
- set_to_dummy_if_null(ops, sched_id);
- set_to_dummy_if_null(ops, perfcontrol);
- set_to_dummy_if_null(ops, debug_keys);
- set_to_dummy_if_null(ops, getcpuinfo);
- set_to_dummy_if_null(ops, availheap);
- set_to_dummy_if_null(ops, get_pmstat);
- set_to_dummy_if_null(ops, setpminfo);
- set_to_dummy_if_null(ops, pm_op);
set_to_dummy_if_null(ops, do_mca);
set_to_dummy_if_null(ops, evtchn_unbound);
@@ -104,8 +95,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, page_offline);
set_to_dummy_if_null(ops, lockprof);
- set_to_dummy_if_null(ops, cpupool_op);
- set_to_dummy_if_null(ops, sched_op);
set_to_dummy_if_null(ops, tmem_op);
set_to_dummy_if_null(ops, tmem_control);
@@ -125,7 +114,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, xen_settime);
set_to_dummy_if_null(ops, memtype);
set_to_dummy_if_null(ops, microcode);
- set_to_dummy_if_null(ops, physinfo);
set_to_dummy_if_null(ops, platform_quirk);
set_to_dummy_if_null(ops, platform_op);
set_to_dummy_if_null(ops, firmware_info);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index f0216e0..d72a807 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -702,37 +702,57 @@ static int flask_sysctl(int cmd)
{
/* These have individual XSM hooks */
case XEN_SYSCTL_readconsole:
+ case XEN_SYSCTL_getdomaininfolist:
+ case XEN_SYSCTL_page_offline_op:
+#ifdef CONFIG_X86
+ case XEN_SYSCTL_cpu_hotplug:
+#endif
+ return 0;
+
case XEN_SYSCTL_tbuf_op:
+ return domain_has_xen(current->domain, XEN__TBUFCONTROL);
+
case XEN_SYSCTL_sched_id:
+ return domain_has_xen(current->domain, XEN__SCHEDULER);
+
case XEN_SYSCTL_perfc_op:
- case XEN_SYSCTL_getdomaininfolist:
+ return domain_has_xen(current->domain, XEN__PERFCONTROL);
+
case XEN_SYSCTL_debug_keys:
+ return domain_has_xen(current->domain, XEN__DEBUG);
+
case XEN_SYSCTL_getcpuinfo:
+ return domain_has_xen(current->domain, XEN__GETCPUINFO);
+
case XEN_SYSCTL_availheap:
+ return domain_has_xen(current->domain, XEN__HEAP);
+
case XEN_SYSCTL_get_pmstat:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+
case XEN_SYSCTL_pm_op:
- case XEN_SYSCTL_page_offline_op:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+
case XEN_SYSCTL_lockprof_op:
+ return domain_has_xen(current->domain, XEN__LOCKPROF);
+
case XEN_SYSCTL_cpupool_op:
+ return domain_has_xen(current->domain, XEN__CPUPOOL_OP);
+
case XEN_SYSCTL_scheduler_op:
-#ifdef CONFIG_X86
+ return domain_has_xen(current->domain, XEN__SCHED_OP);
+
case XEN_SYSCTL_physinfo:
- case XEN_SYSCTL_cpu_hotplug:
case XEN_SYSCTL_topologyinfo:
case XEN_SYSCTL_numainfo:
-#endif
- return 0;
+ return domain_has_xen(current->domain, XEN__PHYSINFO);
+
default:
printk("flask_sysctl: Unknown op %d\n", cmd);
return -EPERM;
}
}
-static int flask_tbufcontrol(void)
-{
- return domain_has_xen(current->domain, XEN__TBUFCONTROL);
-}
-
static int flask_readconsole(uint32_t clear)
{
u32 perms = XEN__READCONSOLE;
@@ -743,41 +763,6 @@ static int flask_readconsole(uint32_t clear)
return domain_has_xen(current->domain, perms);
}
-static int flask_sched_id(void)
-{
- return domain_has_xen(current->domain, XEN__SCHEDULER);
-}
-
-static int flask_debug_keys(void)
-{
- return domain_has_xen(current->domain, XEN__DEBUG);
-}
-
-static int flask_getcpuinfo(void)
-{
- return domain_has_xen(current->domain, XEN__GETCPUINFO);
-}
-
-static int flask_availheap(void)
-{
- return domain_has_xen(current->domain, XEN__HEAP);
-}
-
-static int flask_get_pmstat(void)
-{
- return domain_has_xen(current->domain, XEN__PM_OP);
-}
-
-static int flask_setpminfo(void)
-{
- return domain_has_xen(current->domain, XEN__PM_OP);
-}
-
-static int flask_pm_op(void)
-{
- return domain_has_xen(current->domain, XEN__PM_OP);
-}
-
static int flask_do_mca(void)
{
return domain_has_xen(current->domain, XEN__MCA_OP);
@@ -1031,21 +1016,6 @@ static inline int flask_page_offline(uint32_t cmd)
}
}
-static inline int flask_lockprof(void)
-{
- return domain_has_xen(current->domain, XEN__LOCKPROF);
-}
-
-static inline int flask_cpupool_op(void)
-{
- return domain_has_xen(current->domain, XEN__CPUPOOL_OP);
-}
-
-static inline int flask_sched_op(void)
-{
- return domain_has_xen(current->domain, XEN__SCHED_OP);
-}
-
static inline int flask_tmem_op(void)
{
return domain_has_xen(current->domain, XEN__TMEM_OP);
@@ -1056,11 +1026,6 @@ static inline int flask_tmem_control(void)
return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
}
-static int flask_perfcontrol(void)
-{
- return domain_has_xen(current->domain, XEN__PERFCONTROL);
-}
-
#ifdef CONFIG_X86
static int flask_shadow_control(struct domain *d, uint32_t op)
{
@@ -1253,11 +1218,6 @@ static int flask_microcode(void)
return domain_has_xen(current->domain, XEN__MICROCODE);
}
-static int flask_physinfo(void)
-{
- return domain_has_xen(current->domain, XEN__PHYSINFO);
-}
-
static int flask_platform_quirk(uint32_t quirk)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN, XEN__QUIRK,
NULL);
@@ -1278,17 +1238,21 @@ static int flask_platform_op(uint32_t op)
case XENPF_enter_acpi_sleep:
case XENPF_change_freq:
case XENPF_getidletime:
- case XENPF_set_processor_pminfo:
- case XENPF_get_cpuinfo:
- case XENPF_get_cpu_version:
case XENPF_cpu_online:
case XENPF_cpu_offline:
case XENPF_cpu_hotadd:
case XENPF_mem_hotadd:
/* These operations have their own XSM hooks */
return 0;
+
+ case XENPF_set_processor_pminfo:
case XENPF_core_parking:
return domain_has_xen(current->domain, XEN__PM_OP);
+
+ case XENPF_get_cpu_version:
+ case XENPF_get_cpuinfo:
+ return domain_has_xen(current->domain, XEN__GETCPUINFO);
+
default:
printk("flask_platform_op: Unknown op %d\n", op);
return -EPERM;
@@ -1484,16 +1448,7 @@ static struct xsm_operations flask_ops = {
.set_target = flask_set_target,
.domctl = flask_domctl,
.sysctl = flask_sysctl,
- .tbufcontrol = flask_tbufcontrol,
.readconsole = flask_readconsole,
- .sched_id = flask_sched_id,
- .perfcontrol = flask_perfcontrol,
- .debug_keys = flask_debug_keys,
- .getcpuinfo = flask_getcpuinfo,
- .availheap = flask_availheap,
- .get_pmstat = flask_get_pmstat,
- .setpminfo = flask_setpminfo,
- .pm_op = flask_pm_op,
.do_mca = flask_do_mca,
.evtchn_unbound = flask_evtchn_unbound,
@@ -1548,9 +1503,6 @@ static struct xsm_operations flask_ops = {
.resource_setup_misc = flask_resource_setup_misc,
.page_offline = flask_page_offline,
- .lockprof = flask_lockprof,
- .cpupool_op = flask_cpupool_op,
- .sched_op = flask_sched_op,
.tmem_op = flask_tmem_op,
.tmem_control = flask_tmem_control,
@@ -1570,7 +1522,6 @@ static struct xsm_operations flask_ops = {
.xen_settime = flask_xen_settime,
.memtype = flask_memtype,
.microcode = flask_microcode,
- .physinfo = flask_physinfo,
.platform_quirk = flask_platform_quirk,
.platform_op = flask_platform_op,
.firmware_info = flask_firmware_info,
--
1.7.11.7
Daniel De Graaf
2012-Nov-20 14:51 UTC
[PATCH 4/5] xen: platform_hypercall XSM hook removal
A number of the platform_hypercall XSM hooks have no parameters or only
pass the operation ID, making them redundant with the xsm_sysctl hook.
Remove these redundant hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/platform_hypercall.c | 44 ----------------
xen/include/xsm/dummy.h | 52 ------------------
xen/include/xsm/xsm.h | 54 -------------------
xen/xsm/dummy.c | 10 ----
xen/xsm/flask/hooks.c | 107 +++++++++++---------------------------
5 files changed, 30 insertions(+), 237 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index ffac6ac..f267b8b 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -90,10 +90,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
case XENPF_settime:
{
- ret = xsm_xen_settime();
- if ( ret )
- break;
-
do_settime(op->u.settime.secs,
op->u.settime.nsecs,
op->u.settime.system_time);
@@ -103,10 +99,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
case XENPF_add_memtype:
{
- ret = xsm_memtype(op->cmd);
- if ( ret )
- break;
-
ret = mtrr_add_page(
op->u.add_memtype.mfn,
op->u.add_memtype.nr_mfns,
@@ -125,10 +117,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
case XENPF_del_memtype:
{
- ret = xsm_memtype(op->cmd);
- if ( ret )
- break;
-
if (op->u.del_memtype.handle == 0
/* mtrr/main.c otherwise does a lookup */
&& (int)op->u.del_memtype.reg >= 0)
@@ -147,10 +135,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
unsigned long mfn, nr_mfns;
mtrr_type type;
- ret = xsm_memtype(op->cmd);
- if ( ret )
- break;
-
ret = -EINVAL;
if ( op->u.read_memtype.reg < num_var_ranges )
{
@@ -167,10 +151,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
XEN_GUEST_HANDLE(const_void) data;
- ret = xsm_microcode();
- if ( ret )
- break;
-
guest_from_compat_handle(data, op->u.microcode.data);
/*
@@ -198,10 +178,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
int quirk_id = op->u.platform_quirk.quirk_id;
- ret = xsm_platform_quirk(quirk_id);
- if ( ret )
- break;
-
switch ( quirk_id )
{
case QUIRK_NOIRQBALANCING:
@@ -223,10 +199,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_firmware_info:
- ret = xsm_firmware_info();
- if ( ret )
- break;
-
switch ( op->u.firmware_info.type )
{
case XEN_FW_DISK_INFO: {
@@ -335,10 +307,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_efi_runtime_call:
- ret = xsm_efi_call();
- if ( ret )
- break;
-
ret = efi_runtime_call(&op->u.efi_runtime_call);
if ( ret == 0 &&
copy_field_to_guest(u_xenpf_op, op, u.efi_runtime_call) )
@@ -346,18 +314,10 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_enter_acpi_sleep:
- ret = xsm_acpi_sleep();
- if ( ret )
- break;
-
ret = acpi_enter_sleep(&op->u.enter_acpi_sleep);
break;
case XENPF_change_freq:
- ret = xsm_change_freq();
- if ( ret )
- break;
-
ret = -ENOSYS;
if ( cpufreq_controller != FREQCTL_dom0_kernel )
break;
@@ -379,10 +339,6 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
XEN_GUEST_HANDLE(uint8) cpumap_bitmap;
XEN_GUEST_HANDLE(uint64) idletimes;
- ret = xsm_getidletime();
- if ( ret )
- break;
-
ret = -ENOSYS;
if ( cpufreq_controller != FREQCTL_dom0_kernel )
break;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 93e84dc..aaac50d3 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -308,11 +308,6 @@ static XSM_INLINE int xsm_page_offline(uint32_t cmd)
return 0;
}
-static XSM_INLINE int xsm_lockprof(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_tmem_op(void)
{
return 0;
@@ -438,26 +433,6 @@ static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
return 0;
}
-static XSM_INLINE int xsm_xen_settime(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_memtype(uint32_t access)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_microcode(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_platform_op(uint32_t op)
{
if ( !IS_PRIV(current->domain) )
@@ -465,33 +440,6 @@ static XSM_INLINE int xsm_platform_op(uint32_t op)
return 0;
}
-static XSM_INLINE int xsm_firmware_info(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_efi_call(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_acpi_sleep(void)
-{
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
- return 0;
-}
-
-static XSM_INLINE int xsm_change_freq(void)
-{
- return 0;
-}
-
-static XSM_INLINE int xsm_getidletime(void)
-{
- return 0;
-}
-
static XSM_INLINE int xsm_machine_memory_map(void)
{
if ( !IS_PRIV(current->domain) )
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index f1ccd8e..105201e 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -107,7 +107,6 @@ struct xsm_operations {
int (*resource_setup_misc) (void);
int (*page_offline)(uint32_t cmd);
- int (*lockprof)(void);
int (*tmem_op)(void);
int (*tmem_control)(void);
@@ -124,16 +123,8 @@ struct xsm_operations {
int (*mem_event_op) (struct domain *d, int op);
int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
int (*apic) (struct domain *d, int cmd);
- int (*xen_settime) (void);
int (*memtype) (uint32_t access);
- int (*microcode) (void);
- int (*platform_quirk) (uint32_t);
int (*platform_op) (uint32_t cmd);
- int (*firmware_info) (void);
- int (*efi_call) (void);
- int (*acpi_sleep) (void);
- int (*change_freq) (void);
- int (*getidletime) (void);
int (*machine_memory_map) (void);
int (*domain_memory_map) (struct domain *d);
#define XSM_MMU_UPDATE_READ 1
@@ -440,11 +431,6 @@ static inline int xsm_page_offline(uint32_t cmd)
return xsm_ops->page_offline(cmd);
}
-static inline int xsm_lockprof(void)
-{
- return xsm_ops->lockprof();
-}
-
static inline int xsm_tmem_op(void)
{
return xsm_ops->tmem_op();
@@ -511,56 +497,16 @@ static inline int xsm_apic (struct domain *d, int cmd)
return xsm_ops->apic(d, cmd);
}
-static inline int xsm_xen_settime (void)
-{
- return xsm_ops->xen_settime();
-}
-
static inline int xsm_memtype (uint32_t access)
{
return xsm_ops->memtype(access);
}
-static inline int xsm_microcode (void)
-{
- return xsm_ops->microcode();
-}
-
-static inline int xsm_platform_quirk (uint32_t quirk)
-{
- return xsm_ops->platform_quirk(quirk);
-}
-
static inline int xsm_platform_op (uint32_t op)
{
return xsm_ops->platform_op(op);
}
-static inline int xsm_firmware_info (void)
-{
- return xsm_ops->firmware_info();
-}
-
-static inline int xsm_efi_call (void)
-{
- return xsm_ops->efi_call();
-}
-
-static inline int xsm_acpi_sleep (void)
-{
- return xsm_ops->acpi_sleep();
-}
-
-static inline int xsm_change_freq (void)
-{
- return xsm_ops->change_freq();
-}
-
-static inline int xsm_getidletime (void)
-{
- return xsm_ops->getidletime();
-}
-
static inline int xsm_machine_memory_map(void)
{
return xsm_ops->machine_memory_map();
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 03a17ba..22c66e5 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -94,7 +94,6 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, resource_setup_misc);
set_to_dummy_if_null(ops, page_offline);
- set_to_dummy_if_null(ops, lockprof);
set_to_dummy_if_null(ops, tmem_op);
set_to_dummy_if_null(ops, tmem_control);
@@ -111,16 +110,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, mem_event_op);
set_to_dummy_if_null(ops, mem_sharing_op);
set_to_dummy_if_null(ops, apic);
- set_to_dummy_if_null(ops, xen_settime);
- set_to_dummy_if_null(ops, memtype);
- set_to_dummy_if_null(ops, microcode);
- set_to_dummy_if_null(ops, platform_quirk);
set_to_dummy_if_null(ops, platform_op);
- set_to_dummy_if_null(ops, firmware_info);
- set_to_dummy_if_null(ops, efi_call);
- set_to_dummy_if_null(ops, acpi_sleep);
- set_to_dummy_if_null(ops, change_freq);
- set_to_dummy_if_null(ops, getidletime);
set_to_dummy_if_null(ops, machine_memory_map);
set_to_dummy_if_null(ops, domain_memory_map);
set_to_dummy_if_null(ops, mmu_update);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index d72a807..03ea675 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1186,64 +1186,51 @@ static int flask_apic(struct domain *d, int cmd)
return domain_has_xen(d, perm);
}
-static int flask_xen_settime(void)
-{
- return domain_has_xen(current->domain, XEN__SETTIME);
-}
-
-static int flask_memtype(uint32_t access)
-{
- u32 perm;
-
- switch ( access )
- {
- case XENPF_add_memtype:
- perm = XEN__MTRR_ADD;
- break;
- case XENPF_del_memtype:
- perm = XEN__MTRR_DEL;
- break;
- case XENPF_read_memtype:
- perm = XEN__MTRR_READ;
- break;
- default:
- return -EPERM;
- }
-
- return domain_has_xen(current->domain, perm);
-}
-
-static int flask_microcode(void)
-{
- return domain_has_xen(current->domain, XEN__MICROCODE);
-}
-
-static int flask_platform_quirk(uint32_t quirk)
-{
- return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN, XEN__QUIRK,
NULL);
-}
-
static int flask_platform_op(uint32_t op)
{
switch ( op )
{
+#ifdef CONFIG_X86
+ /* These operations have their own XSM hooks */
+ case XENPF_cpu_online:
+ case XENPF_cpu_offline:
+ case XENPF_cpu_hotadd:
+ case XENPF_mem_hotadd:
+ return 0;
+#endif
+
case XENPF_settime:
+ return domain_has_xen(current->domain, XEN__SETTIME);
+
case XENPF_add_memtype:
+ return domain_has_xen(current->domain, XEN__MTRR_ADD);
+
case XENPF_del_memtype:
+ return domain_has_xen(current->domain, XEN__MTRR_DEL);
+
case XENPF_read_memtype:
+ return domain_has_xen(current->domain, XEN__MTRR_READ);
+
case XENPF_microcode_update:
+ return domain_has_xen(current->domain, XEN__MICROCODE);
+
case XENPF_platform_quirk:
+ return domain_has_xen(current->domain, XEN__QUIRK);
+
case XENPF_firmware_info:
+ return domain_has_xen(current->domain, XEN__FIRMWARE);
+
case XENPF_efi_runtime_call:
+ return domain_has_xen(current->domain, XEN__FIRMWARE);
+
case XENPF_enter_acpi_sleep:
+ return domain_has_xen(current->domain, XEN__SLEEP);
+
case XENPF_change_freq:
+ return domain_has_xen(current->domain, XEN__FREQUENCY);
+
case XENPF_getidletime:
- case XENPF_cpu_online:
- case XENPF_cpu_offline:
- case XENPF_cpu_hotadd:
- case XENPF_mem_hotadd:
- /* These operations have their own XSM hooks */
- return 0;
+ return domain_has_xen(current->domain, XEN__GETIDLE);
case XENPF_set_processor_pminfo:
case XENPF_core_parking:
@@ -1259,31 +1246,6 @@ static int flask_platform_op(uint32_t op)
}
}
-static int flask_firmware_info(void)
-{
- return domain_has_xen(current->domain, XEN__FIRMWARE);
-}
-
-static int flask_efi_call(void)
-{
- return domain_has_xen(current->domain, XEN__FIRMWARE);
-}
-
-static int flask_acpi_sleep(void)
-{
- return domain_has_xen(current->domain, XEN__SLEEP);
-}
-
-static int flask_change_freq(void)
-{
- return domain_has_xen(current->domain, XEN__FREQUENCY);
-}
-
-static int flask_getidletime(void)
-{
- return domain_has_xen(current->domain, XEN__GETIDLE);
-}
-
static int flask_machine_memory_map(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP,
NULL);
@@ -1519,16 +1481,7 @@ static struct xsm_operations flask_ops = {
.mem_event_op = flask_mem_event_op,
.mem_sharing_op = flask_mem_sharing_op,
.apic = flask_apic,
- .xen_settime = flask_xen_settime,
- .memtype = flask_memtype,
- .microcode = flask_microcode,
- .platform_quirk = flask_platform_quirk,
.platform_op = flask_platform_op,
- .firmware_info = flask_firmware_info,
- .efi_call = flask_efi_call,
- .acpi_sleep = flask_acpi_sleep,
- .change_freq = flask_change_freq,
- .getidletime = flask_getidletime,
.machine_memory_map = flask_machine_memory_map,
.domain_memory_map = flask_domain_memory_map,
.mmu_update = flask_mmu_update,
--
1.7.11.7
Daniel De Graaf
2012-Nov-20 14:51 UTC
[PATCH RFC 5/5] xen/xsm: include default hook action in name
Include the default XSM hook action in the name of the hook in order to
allow quick understanding of how the call site is expected to be used
(dom0-only, arbitrary guest, or target-only).
Abbreviation explanation:
xsm_dm_* Usable only by device model (IS_PRIV_FOR)
xsm_hook_* No access check in dummy module. The calling code is
either guest-accessible or covered by another check
xsm_priv_* Privileged command (IS_PRIV)
xsm_target_* Usable by guest or its device model targeted to the guest
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/arch/x86/cpu/mcheck/mce.c | 2 +-
xen/arch/x86/domctl.c | 10 +-
xen/arch/x86/hvm/hvm.c | 26 +--
xen/arch/x86/irq.c | 2 +-
xen/arch/x86/mm.c | 20 +-
xen/arch/x86/mm/mem_event.c | 4 +-
xen/arch/x86/mm/mem_sharing.c | 4 +-
xen/arch/x86/mm/paging.c | 2 +-
xen/arch/x86/msi.c | 2 +-
xen/arch/x86/physdev.c | 12 +-
xen/arch/x86/platform_hypercall.c | 12 +-
xen/arch/x86/sysctl.c | 4 +-
xen/arch/x86/traps.c | 2 +-
xen/common/domain.c | 2 +-
xen/common/domctl.c | 10 +-
xen/common/event_channel.c | 14 +-
xen/common/grant_table.c | 16 +-
xen/common/kexec.c | 2 +-
xen/common/memory.c | 8 +-
xen/common/schedule.c | 2 +-
xen/common/sysctl.c | 6 +-
xen/common/xenoprof.c | 2 +-
xen/drivers/char/console.c | 2 +-
xen/drivers/passthrough/iommu.c | 10 +-
xen/drivers/passthrough/pci.c | 4 +-
xen/include/xen/tmem_xen.h | 4 +-
xen/include/xsm/dummy.h | 140 ++++++-------
xen/include/xsm/xsm.h | 428 +++++++++++++++++++-------------------
xen/xsm/dummy.c | 150 ++++++-------
xen/xsm/flask/hooks.c | 296 +++++++++++++-------------
30 files changed, 599 insertions(+), 599 deletions(-)
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 658774a..72f6f18 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1293,7 +1293,7 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc)
struct xen_mc_msrinject *mc_msrinject;
struct xen_mc_mceinject *mc_mceinject;
- ret = xsm_do_mca();
+ ret = xsm_priv_do_mca();
if ( ret )
return x86_mcerr(NULL, ret);
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 2630bdb..9541ef8 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -76,7 +76,7 @@ long arch_do_domctl(
if ( np == 0 )
ret = 0;
- else if ( xsm_ioport_permission(d, fp, fp + np - 1, allow) )
+ else if ( xsm_hook_ioport_permission(d, fp, fp + np - 1, allow) )
ret = -EPERM;
else if ( allow )
ret = ioports_permit_access(d, fp, fp + np - 1);
@@ -566,7 +566,7 @@ long arch_do_domctl(
if ( !is_hvm_domain(d) )
break;
- ret = xsm_bind_pt_irq(d, bind);
+ ret = xsm_hook_bind_pt_irq(d, bind);
if ( ret )
break;
@@ -599,7 +599,7 @@ long arch_do_domctl(
!irq_access_permitted(current->domain, bind->machine_irq) )
break;
- ret = xsm_unbind_pt_irq(d, bind);
+ ret = xsm_hook_unbind_pt_irq(d, bind);
if ( ret )
break;
@@ -634,7 +634,7 @@ long arch_do_domctl(
!iomem_access_permitted(current->domain, mfn, mfn + nr_mfns -
1) )
break;
- ret = xsm_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
+ ret = xsm_hook_iomem_mapping(d, mfn, mfn + nr_mfns - 1, add);
if ( ret )
break;
@@ -712,7 +712,7 @@ long arch_do_domctl(
!ioports_access_permitted(current->domain, fmp, fmp + np - 1) )
break;
- ret = xsm_ioport_mapping(d, fmp, fmp + np - 1, add);
+ ret = xsm_hook_ioport_mapping(d, fmp, fmp + np - 1, add);
if ( ret )
break;
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 5bdde8d..e75c139 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3400,7 +3400,7 @@ static int hvmop_set_pci_intx_level(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_set_pci_intx_level(d);
+ rc = xsm_dm_hvm_set_pci_intx_level(d);
if ( rc )
goto out;
@@ -3567,7 +3567,7 @@ static int hvmop_set_isa_irq_level(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_set_isa_irq_level(d);
+ rc = xsm_dm_hvm_set_isa_irq_level(d);
if ( rc )
goto out;
@@ -3611,7 +3611,7 @@ static int hvmop_set_pci_link_route(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_set_pci_link_route(d);
+ rc = xsm_dm_hvm_set_pci_link_route(d);
if ( rc )
goto out;
@@ -3641,7 +3641,7 @@ static int hvmop_inject_msi(
if ( !is_hvm_domain(d) )
goto out;
- rc = xsm_hvm_inject_msi(d);
+ rc = xsm_dm_hvm_inject_msi(d);
if ( rc )
goto out;
@@ -3738,7 +3738,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail;
@@ -3984,7 +3984,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail2;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail2;
@@ -4023,7 +4023,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail3;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail3;
@@ -4069,7 +4069,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail_getmemtype;
@@ -4124,7 +4124,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail4;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail4;
@@ -4203,7 +4203,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail5;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail5;
@@ -4238,7 +4238,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail6;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail6;
@@ -4274,7 +4274,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) || !paging_mode_shadow(d) )
goto param_fail7;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail7;
@@ -4328,7 +4328,7 @@ long do_hvm_op(unsigned long op,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !is_hvm_domain(d) )
goto param_fail8;
- rc = xsm_hvm_param(d, op);
+ rc = xsm_target_hvm_param(d, op);
if ( rc )
goto param_fail8;
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 238600a..ba8a5ce 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1874,7 +1874,7 @@ int map_domain_pirq(
return 0;
}
- ret = xsm_map_domain_pirq(d, irq, data);
+ ret = xsm_hook_map_domain_pirq(d, irq, data);
if ( ret )
{
dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d
mapping to pirq %d\n",
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 39b2cc7..1dbe4ef 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2715,7 +2715,7 @@ long do_mmuext_op(
goto out;
}
- rc = xsm_mmuext_op(d, pg_owner);
+ rc = xsm_target_mmuext_op(d, pg_owner);
if ( rc )
{
rcu_unlock_domain(pg_owner);
@@ -2787,7 +2787,7 @@ long do_mmuext_op(
break;
}
- if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
+ if ( (rc = xsm_hook_memory_pin_page(d, pg_owner, page)) != 0 )
{
put_page_and_type(page);
okay = 0;
@@ -3244,7 +3244,7 @@ long do_mmu_update(
}
if ( xsm_needed != xsm_checked )
{
- rc = xsm_mmu_update(d, pt_owner, pg_owner, xsm_needed);
+ rc = xsm_target_mmu_update(d, pt_owner, pg_owner, xsm_needed);
if ( rc )
break;
xsm_checked = xsm_needed;
@@ -3363,7 +3363,7 @@ long do_mmu_update(
xsm_needed |= XSM_MMU_MACHPHYS_UPDATE;
if ( xsm_needed != xsm_checked )
{
- rc = xsm_mmu_update(d, NULL, pg_owner, xsm_needed);
+ rc = xsm_target_mmu_update(d, NULL, pg_owner, xsm_needed);
if ( rc )
break;
xsm_checked = xsm_needed;
@@ -3931,7 +3931,7 @@ static int __do_update_va_mapping(
perfc_incr(calls_to_update_va);
- rc = xsm_update_va_mapping(d, pg_owner, val);
+ rc = xsm_target_update_va_mapping(d, pg_owner, val);
if ( rc )
return rc;
@@ -4402,7 +4402,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( d == NULL )
return -ESRCH;
- if ( xsm_add_to_physmap(current->domain, d) )
+ if ( xsm_target_add_to_physmap(current->domain, d) )
{
rcu_unlock_domain(d);
return -EPERM;
@@ -4441,7 +4441,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( d == NULL )
return -ESRCH;
- rc = xsm_domain_memory_map(d);
+ rc = xsm_target_domain_memory_map(d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -4516,7 +4516,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
XEN_GUEST_HANDLE_PARAM(e820entry_t) buffer_param;
unsigned int i;
- rc = xsm_machine_memory_map();
+ rc = xsm_priv_machine_memory_map();
if ( rc )
return rc;
@@ -4600,9 +4600,9 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
return -ESRCH;
if ( op == XENMEM_set_pod_target )
- rc = xsm_set_pod_target(d);
+ rc = xsm_priv_set_pod_target(d);
else
- rc = xsm_get_pod_target(d);
+ rc = xsm_priv_get_pod_target(d);
if ( rc != 0 )
goto pod_target_out_unlock;
diff --git a/xen/arch/x86/mm/mem_event.c b/xen/arch/x86/mm/mem_event.c
index c2b3670..3a7605c 100644
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
@@ -449,7 +449,7 @@ int do_mem_event_op(int op, uint32_t domain, void *arg)
if ( ret )
return ret;
- ret = xsm_mem_event_op(d, op);
+ ret = xsm_dm_mem_event_op(d, op);
if ( ret )
goto out;
@@ -502,7 +502,7 @@ int mem_event_domctl(struct domain *d,
xen_domctl_mem_event_op_t *mec,
{
int rc;
- rc = xsm_mem_event_control(d, mec->mode, mec->op);
+ rc = xsm_dm_mem_event_control(d, mec->mode, mec->op);
if ( rc )
return rc;
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 9229b83..57f02af 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1351,7 +1351,7 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( rc )
return rc;
- rc = xsm_mem_sharing_op(d, cd, mec->op);
+ rc = xsm_dm_mem_sharing_op(d, cd, mec->op);
if ( rc )
{
rcu_unlock_domain(cd);
@@ -1415,7 +1415,7 @@ int mem_sharing_memop(struct domain *d,
xen_mem_sharing_op_t *mec)
if ( rc )
return rc;
- rc = xsm_mem_sharing_op(d, cd, mec->op);
+ rc = xsm_dm_mem_sharing_op(d, cd, mec->op);
if ( rc )
{
rcu_unlock_domain(cd);
diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c
index ea44e39..1815696 100644
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -678,7 +678,7 @@ int paging_domctl(struct domain *d, xen_domctl_shadow_op_t
*sc,
return -EINVAL;
}
- rc = xsm_shadow_control(d, sc->op);
+ rc = xsm_hook_shadow_control(d, sc->op);
if ( rc )
return rc;
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index e48ad2e..4bad230 100644
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -1016,7 +1016,7 @@ int pci_restore_msi_state(struct pci_dev *pdev)
if (!pdev)
return -EINVAL;
- ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus
<< 8) | pdev->devfn);
+ ret = xsm_priv_resource_setup_pci((pdev->seg << 16) |
(pdev->bus << 8) | pdev->devfn);
if ( ret )
return ret;
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 9c30245..a894c43 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -232,7 +232,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq)
goto free_domain;
}
- ret = xsm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
+ ret = xsm_dm_unmap_domain_pirq(d, domain_pirq_to_irq(d, pirq));
if ( ret )
goto free_domain;
@@ -423,7 +423,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = xsm_apic(v->domain, cmd);
+ ret = xsm_priv_apic(v->domain, cmd);
if ( ret )
break;
ret = ioapic_guest_read(apic.apic_physbase, apic.reg, &apic.value);
@@ -437,7 +437,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
ret = -EFAULT;
if ( copy_from_guest(&apic, arg, 1) != 0 )
break;
- ret = xsm_apic(v->domain, cmd);
+ ret = xsm_priv_apic(v->domain, cmd);
if ( ret )
break;
ret = ioapic_guest_write(apic.apic_physbase, apic.reg, apic.value);
@@ -453,7 +453,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
/* Use the APIC check since this dummy hypercall should still only
* be called by the domain with access to program the ioapic */
- ret = xsm_apic(v->domain, cmd);
+ ret = xsm_priv_apic(v->domain, cmd);
if ( ret )
break;
@@ -578,7 +578,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_pci_mmcfg_reserved: {
struct physdev_pci_mmcfg_reserved info;
- ret = xsm_resource_setup_misc();
+ ret = xsm_priv_resource_setup_misc();
if ( ret )
break;
@@ -632,7 +632,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
if ( setup_gsi.gsi < 0 || setup_gsi.gsi >= nr_irqs_gsi )
break;
- ret = xsm_resource_setup_gsi(setup_gsi.gsi);
+ ret = xsm_priv_resource_setup_gsi(setup_gsi.gsi);
if ( ret )
break;
diff --git a/xen/arch/x86/platform_hypercall.c
b/xen/arch/x86/platform_hypercall.c
index f267b8b..c4b20ea 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -72,7 +72,7 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t)
u_xenpf_op)
if ( op->interface_version != XENPF_INTERFACE_VERSION )
return -EACCES;
- ret = xsm_platform_op(op->cmd);
+ ret = xsm_priv_platform_op(op->cmd);
if ( ret )
return ret;
@@ -496,7 +496,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
int cpu = op->u.cpu_ol.cpuid;
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
@@ -512,7 +512,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
}
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
@@ -525,7 +525,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
int cpu = op->u.cpu_ol.cpuid;
- ret = xsm_resource_unplug_core();
+ ret = xsm_hook_resource_unplug_core();
if ( ret )
break;
@@ -554,7 +554,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_cpu_hotadd:
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
@@ -564,7 +564,7 @@ ret_t
do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
break;
case XENPF_mem_hotadd:
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index 5b0c4b7..3a10a13 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -184,14 +184,14 @@ long arch_do_sysctl(
switch ( sysctl->u.cpu_hotplug.op )
{
case XEN_SYSCTL_CPU_HOTPLUG_ONLINE:
- ret = xsm_resource_plug_core();
+ ret = xsm_hook_resource_plug_core();
if ( ret )
break;
ret = continue_hypercall_on_cpu(
0, cpu_up_helper, (void *)(unsigned long)cpu);
break;
case XEN_SYSCTL_CPU_HOTPLUG_OFFLINE:
- ret = xsm_resource_unplug_core();
+ ret = xsm_hook_resource_unplug_core();
if ( ret )
break;
ret = continue_hypercall_on_cpu(
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 44a866e..695e991 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1643,7 +1643,7 @@ static int pci_cfg_ok(struct domain *d, int write, int
size)
start |= (d->arch.pci_cf8 >> 16) & 0xF00;
}
end = start + size - 1;
- if (xsm_pci_config_permission(d, machine_bdf, start, end, write))
+ if (xsm_hook_pci_config_permission(d, machine_bdf, start, end, write))
return 0;
return 1;
}
diff --git a/xen/common/domain.c b/xen/common/domain.c
index fcf24e2..296d735 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -252,7 +252,7 @@ struct domain *domain_create(
if ( !is_idle_domain(d) )
{
- if ( (err = xsm_domain_create(d, ssidref)) != 0 )
+ if ( (err = xsm_hook_domain_create(d, ssidref)) != 0 )
goto fail;
d->is_paused_by_controller = 1;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 6f792e9..1f88ad2 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -150,7 +150,7 @@ void getdomaininfo(struct domain *d, struct
xen_domctl_getdomaininfo *info)
if ( is_hvm_domain(d) )
info->flags |= XEN_DOMINF_hvm_guest;
- xsm_security_domaininfo(d, info);
+ xsm_populate_security_domaininfo(d, info);
info->tot_pages = d->tot_pages;
info->max_pages = d->max_pages;
@@ -580,7 +580,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
break;
}
- ret = xsm_getdomaininfo(d);
+ ret = xsm_hook_getdomaininfo(d);
if ( ret )
goto getdomaininfo_out;
@@ -722,7 +722,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( pirq >= d->nr_pirqs )
ret = -EINVAL;
- else if ( xsm_irq_permission(d, pirq, allow) )
+ else if ( xsm_hook_irq_permission(d, pirq, allow) )
ret = -EPERM;
else if ( allow )
ret = irq_permit_access(d, pirq);
@@ -741,7 +741,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
if ( (mfn + nr_mfns - 1) < mfn ) /* wrap? */
break;
- if ( xsm_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
+ if ( xsm_hook_iomem_permission(d, mfn, mfn + nr_mfns - 1, allow) )
ret = -EPERM;
else if ( allow )
ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
@@ -773,7 +773,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)
u_domctl)
break;
}
- ret = xsm_set_target(d, e);
+ ret = xsm_hook_set_target(d, e);
if ( ret ) {
put_domain(e);
break;
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index 37947a9..ef0d89b 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -175,7 +175,7 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t
*alloc)
ERROR_EXIT_DOM(port, d);
chn = evtchn_from_port(d, port);
- rc = xsm_evtchn_unbound(d, chn, alloc->remote_dom);
+ rc = xsm_target_evtchn_unbound(d, chn, alloc->remote_dom);
if ( rc )
goto out;
@@ -231,7 +231,7 @@ static long
evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind)
(rchn->u.unbound.remote_domid != ld->domain_id) )
ERROR_EXIT_DOM(-EINVAL, rd);
- rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn);
+ rc = xsm_hook_evtchn_interdomain(ld, lchn, rd, rchn);
if ( rc )
goto out;
@@ -535,7 +535,7 @@ static long __evtchn_close(struct domain *d1, int port1)
chn1->state = ECS_FREE;
chn1->notify_vcpu_id = 0;
- xsm_evtchn_close_post(chn1);
+ xsm_hook_evtchn_close_post(chn1);
out:
if ( d2 != NULL )
@@ -580,7 +580,7 @@ int evtchn_send(struct domain *d, unsigned int lport)
return -EINVAL;
}
- ret = xsm_evtchn_send(ld, lchn);
+ ret = xsm_hook_evtchn_send(ld, lchn);
if ( ret )
goto out;
@@ -812,7 +812,7 @@ static long evtchn_status(evtchn_status_t *status)
chn = evtchn_from_port(d, port);
- rc = xsm_evtchn_status(d, chn);
+ rc = xsm_target_evtchn_status(d, chn);
if ( rc )
goto out;
@@ -954,7 +954,7 @@ static long evtchn_reset(evtchn_reset_t *r)
if ( d == NULL )
return -ESRCH;
- rc = xsm_evtchn_reset(current->domain, d);
+ rc = xsm_target_evtchn_reset(current->domain, d);
if ( rc )
goto out;
@@ -1101,7 +1101,7 @@ int alloc_unbound_xen_event_channel(
goto out;
chn = evtchn_from_port(d, port);
- rc = xsm_evtchn_unbound(d, chn, remote_domid);
+ rc = xsm_target_evtchn_unbound(d, chn, remote_domid);
chn->state = ECS_UNBOUND;
chn->xen_consumer = get_xen_consumer(notification_fn);
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index eae9518..e3690b6 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -552,7 +552,7 @@ __gnttab_map_grant_ref(
return;
}
- rc = xsm_grant_mapref(ld, rd, op->flags);
+ rc = xsm_hook_grant_mapref(ld, rd, op->flags);
if ( rc )
{
rcu_unlock_domain(rd);
@@ -872,7 +872,7 @@ __gnttab_unmap_common(
return;
}
- rc = xsm_grant_unmapref(ld, rd);
+ rc = xsm_hook_grant_unmapref(ld, rd);
if ( rc )
{
rcu_unlock_domain(rd);
@@ -1326,7 +1326,7 @@ gnttab_setup_table(
goto out2;
}
- if ( xsm_grant_setup(current->domain, d) )
+ if ( xsm_target_grant_setup(current->domain, d) )
{
op.status = GNTST_permission_denied;
goto out2;
@@ -1395,7 +1395,7 @@ gnttab_query_size(
goto query_out;
}
- rc = xsm_grant_query_size(current->domain, d);
+ rc = xsm_target_grant_query_size(current->domain, d);
if ( rc )
{
op.status = GNTST_permission_denied;
@@ -1571,7 +1571,7 @@ gnttab_transfer(
goto copyback;
}
- if ( xsm_grant_transfer(d, e) )
+ if ( xsm_hook_grant_transfer(d, e) )
{
put_gfn(d, gop.mfn);
gop.status = GNTST_permission_denied;
@@ -2010,7 +2010,7 @@ __gnttab_copy(
PIN_FAIL(error_out, GNTST_bad_domain,
"couldn''t find %d\n", op->dest.domid);
- rc = xsm_grant_copy(sd, dd);
+ rc = xsm_hook_grant_copy(sd, dd);
if ( rc )
{
rc = GNTST_permission_denied;
@@ -2267,7 +2267,7 @@
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
op.status = GNTST_bad_domain;
goto out1;
}
- rc = xsm_grant_setup(current->domain, d);
+ rc = xsm_target_grant_setup(current->domain, d);
if ( rc ) {
op.status = GNTST_permission_denied;
goto out1;
@@ -2318,7 +2318,7 @@
gnttab_get_version(XEN_GUEST_HANDLE_PARAM(gnttab_get_version_t uop))
if ( d == NULL )
return -ESRCH;
- rc = xsm_grant_query_size(current->domain, d);
+ rc = xsm_target_grant_query_size(current->domain, d);
if ( rc )
{
rcu_unlock_domain(d);
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index d4f6332..ff9d205 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -852,7 +852,7 @@ static int do_kexec_op_internal(unsigned long op,
unsigned long flags;
int ret = -EINVAL;
- ret = xsm_kexec();
+ ret = xsm_priv_kexec();
if ( ret )
return ret;
diff --git a/xen/common/memory.c b/xen/common/memory.c
index 7d3c326..0e216bb 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -336,7 +336,7 @@ static long
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
goto fail_early;
}
- rc = xsm_memory_exchange(d);
+ rc = xsm_target_memory_exchange(d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -585,7 +585,7 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
return start_extent;
args.domain = d;
- rc = xsm_memory_adjust_reservation(current->domain, d);
+ rc = xsm_target_memory_adjust_reservation(current->domain, d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -634,7 +634,7 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- rc = xsm_memory_stat_reservation(current->domain, d);
+ rc = xsm_target_memory_stat_reservation(current->domain, d);
if ( rc )
{
rcu_unlock_domain(d);
@@ -672,7 +672,7 @@ long do_memory_op(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
return -ESRCH;
- if ( xsm_remove_from_physmap(current->domain, d) )
+ if ( xsm_target_remove_from_physmap(current->domain, d) )
{
rcu_unlock_domain(d);
return -EPERM;
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index cfd173d..2cad778 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -921,7 +921,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
if ( d == NULL )
break;
- ret = xsm_schedop_shutdown(current->domain, d);
+ ret = xsm_dm_schedop_shutdown(current->domain, d);
if ( ret )
{
rcu_unlock_domain(d);
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index cbefb0e..d6e3f6c 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -57,7 +57,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
{
case XEN_SYSCTL_readconsole:
{
- ret = xsm_readconsole(op->u.readconsole.clear);
+ ret = xsm_hook_readconsole(op->u.readconsole.clear);
if ( ret )
break;
@@ -100,7 +100,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
if ( num_domains == op->u.getdomaininfolist.max_domains )
break;
- ret = xsm_getdomaininfo(d);
+ ret = xsm_hook_getdomaininfo(d);
if ( ret )
continue;
@@ -231,7 +231,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
uint32_t *status, *ptr;
unsigned long pfn;
- ret = xsm_page_offline(op->u.page_offline.cmd);
+ ret = xsm_hook_page_offline(op->u.page_offline.cmd);
if ( ret )
break;
diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index ae0435b..7a82e3a 100644
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -680,7 +680,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void)
arg)
return -EPERM;
}
- ret = xsm_profile(current->domain, op);
+ ret = xsm_hook_profile(current->domain, op);
if ( ret )
return ret;
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index b2c3ee3..b6faa43 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -406,7 +406,7 @@ long do_console_io(int cmd, int count,
XEN_GUEST_HANDLE_PARAM(char) buffer)
long rc;
unsigned int idx, len;
- rc = xsm_console_io(current->domain, cmd);
+ rc = xsm_priv_console_io(current->domain, cmd);
if ( rc )
return rc;
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 9d13185..52eff81 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -452,7 +452,7 @@ static int iommu_get_device_group(
((pdev->bus == bus) && (pdev->devfn == devfn)) )
continue;
- if ( xsm_get_device_group((seg << 16) | (pdev->bus << 8)
| pdev->devfn) )
+ if ( xsm_hook_get_device_group((seg << 16) | (pdev->bus
<< 8) | pdev->devfn) )
continue;
sdev_id = ops->get_device_group_id(seg, pdev->bus,
pdev->devfn);
@@ -555,7 +555,7 @@ int iommu_do_domctl(
u32 max_sdevs;
XEN_GUEST_HANDLE_64(uint32) sdevs;
- ret = xsm_get_device_group(domctl->u.get_device_group.machine_sbdf);
+ ret =
xsm_hook_get_device_group(domctl->u.get_device_group.machine_sbdf);
if ( ret )
break;
@@ -583,7 +583,7 @@ int iommu_do_domctl(
break;
case XEN_DOMCTL_test_assign_device:
- ret = xsm_test_assign_device(domctl->u.assign_device.machine_sbdf);
+ ret =
xsm_hook_test_assign_device(domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
@@ -607,7 +607,7 @@ int iommu_do_domctl(
break;
}
- ret = xsm_assign_device(d, domctl->u.assign_device.machine_sbdf);
+ ret = xsm_hook_assign_device(d,
domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
@@ -626,7 +626,7 @@ int iommu_do_domctl(
break;
case XEN_DOMCTL_deassign_device:
- ret = xsm_deassign_device(d, domctl->u.assign_device.machine_sbdf);
+ ret = xsm_hook_deassign_device(d,
domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index d5ef4c1..43eceab 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -380,7 +380,7 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn, const struct
pci_dev_info *info)
pdev_type = "device";
}
- ret = xsm_resource_plug_pci((seg << 16) | (bus << 8) | devfn);
+ ret = xsm_priv_resource_plug_pci((seg << 16) | (bus << 8) |
devfn);
if ( ret )
return ret;
@@ -496,7 +496,7 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn)
struct pci_dev *pdev;
int ret;
- ret = xsm_resource_unplug_pci((seg << 16) | (bus << 8) |
devfn);
+ ret = xsm_priv_resource_unplug_pci((seg << 16) | (bus << 8) |
devfn);
if ( ret )
return ret;
diff --git a/xen/include/xen/tmem_xen.h b/xen/include/xen/tmem_xen.h
index 8dec5aa..81d88f3 100644
--- a/xen/include/xen/tmem_xen.h
+++ b/xen/include/xen/tmem_xen.h
@@ -329,12 +329,12 @@ static inline bool_t tmh_set_client_from_id(
static inline bool_t tmh_current_permitted(void)
{
- return !xsm_tmem_op();
+ return !xsm_hook_tmem_op();
}
static inline bool_t tmh_current_is_privileged(void)
{
- return !xsm_tmem_control();
+ return !xsm_priv_tmem_control();
}
static inline uint8_t tmh_get_first_byte(pfp_t *pfp)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index aaac50d3..09ee3f2 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -11,23 +11,23 @@
#include <xen/sched.h>
#include <xsm/xsm.h>
-static XSM_INLINE void xsm_security_domaininfo(struct domain *d,
+static XSM_INLINE void xsm_populate_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
return;
}
-static XSM_INLINE int xsm_domain_create(struct domain *d, u32 ssidref)
+static XSM_INLINE int xsm_hook_domain_create(struct domain *d, u32 ssidref)
{
return 0;
}
-static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
+static XSM_INLINE int xsm_hook_getdomaininfo(struct domain *d)
{
return 0;
}
-static XSM_INLINE int xsm_set_target(struct domain *d, struct domain *e)
+static XSM_INLINE int xsm_hook_set_target(struct domain *d, struct domain *e)
{
return 0;
}
@@ -58,12 +58,12 @@ static XSM_INLINE int xsm_sysctl(int cmd)
return 0;
}
-static XSM_INLINE int xsm_readconsole(uint32_t clear)
+static XSM_INLINE int xsm_hook_readconsole(uint32_t clear)
{
return 0;
}
-static XSM_INLINE int xsm_do_mca(void)
+static XSM_INLINE int xsm_priv_do_mca(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
@@ -80,49 +80,49 @@ static XSM_INLINE void xsm_free_security_domain(struct
domain *d)
return;
}
-static XSM_INLINE int xsm_grant_mapref(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_hook_grant_mapref(struct domain *d1, struct domain
*d2,
uint32_t flags)
{
return 0;
}
-static XSM_INLINE int xsm_grant_unmapref(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_unmapref(struct domain *d1, struct domain
*d2)
{
return 0;
}
-static XSM_INLINE int xsm_grant_setup(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_grant_setup(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_grant_transfer(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_transfer(struct domain *d1, struct domain
*d2)
{
return 0;
}
-static XSM_INLINE int xsm_grant_copy(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_hook_grant_copy(struct domain *d1, struct domain *d2)
{
return 0;
}
-static XSM_INLINE int xsm_grant_query_size(struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_target_grant_query_size(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_memory_exchange(struct domain *d)
+static XSM_INLINE int xsm_target_memory_exchange(struct domain *d)
{
if ( d != current->domain && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1,
+static XSM_INLINE int xsm_target_memory_adjust_reservation(struct domain *d1,
struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
@@ -130,14 +130,14 @@ static XSM_INLINE int xsm_memory_adjust_reservation(struct
domain *d1,
return 0;
}
-static XSM_INLINE int xsm_memory_stat_reservation(struct domain *d1, struct
domain *d2)
+static XSM_INLINE int xsm_target_memory_stat_reservation(struct domain *d1,
struct domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_console_io(struct domain *d, int cmd)
+static XSM_INLINE int xsm_priv_console_io(struct domain *d, int cmd)
{
#ifndef VERBOSE
if ( !IS_PRIV(current->domain) )
@@ -146,32 +146,32 @@ static XSM_INLINE int xsm_console_io(struct domain *d, int
cmd)
return 0;
}
-static XSM_INLINE int xsm_profile(struct domain *d, int op)
+static XSM_INLINE int xsm_hook_profile(struct domain *d, int op)
{
return 0;
}
-static XSM_INLINE int xsm_kexec(void)
+static XSM_INLINE int xsm_priv_kexec(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_schedop_shutdown(struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_dm_schedop_shutdown(struct domain *d1, struct domain
*d2)
{
if ( !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static XSM_INLINE int xsm_hook_memory_pin_page(struct domain *d1, struct domain
*d2,
struct page_info *page)
{
return 0;
}
-static XSM_INLINE int xsm_evtchn_unbound(struct domain *d, struct evtchn *chn,
+static XSM_INLINE int xsm_target_evtchn_unbound(struct domain *d, struct evtchn
*chn,
domid_t id2)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
@@ -179,30 +179,30 @@ static XSM_INLINE int xsm_evtchn_unbound(struct domain *d,
struct evtchn *chn,
return 0;
}
-static XSM_INLINE int xsm_evtchn_interdomain(struct domain *d1, struct evtchn
+static XSM_INLINE int xsm_hook_evtchn_interdomain(struct domain *d1, struct
evtchn
*chan1, struct domain *d2, struct evtchn
*chan2)
{
return 0;
}
-static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn)
+static XSM_INLINE void xsm_hook_evtchn_close_post(struct evtchn *chn)
{
return;
}
-static XSM_INLINE int xsm_evtchn_send(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_hook_evtchn_send(struct domain *d, struct evtchn
*chn)
{
return 0;
}
-static XSM_INLINE int xsm_evtchn_status(struct domain *d, struct evtchn *chn)
+static XSM_INLINE int xsm_target_evtchn_status(struct domain *d, struct evtchn
*chn)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_evtchn_reset(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_evtchn_reset(struct domain *d1, struct domain
*d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
@@ -224,96 +224,96 @@ static XSM_INLINE char * xsm_show_security_evtchn(struct
domain *d, const struct
return NULL;
}
-static XSM_INLINE int xsm_get_pod_target(struct domain *d)
+static XSM_INLINE int xsm_priv_get_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_set_pod_target(struct domain *d)
+static XSM_INLINE int xsm_priv_set_pod_target(struct domain *d)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_get_device_group(uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_get_device_group(uint32_t machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_test_assign_device(uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_test_assign_device(uint32_t machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static XSM_INLINE int xsm_hook_assign_device(struct domain *d, uint32_t
machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_deassign_device(struct domain *d, uint32_t
machine_bdf)
+static XSM_INLINE int xsm_hook_deassign_device(struct domain *d, uint32_t
machine_bdf)
{
return 0;
}
-static XSM_INLINE int xsm_resource_plug_core(void)
+static XSM_INLINE int xsm_hook_resource_plug_core(void)
{
return 0;
}
-static XSM_INLINE int xsm_resource_unplug_core(void)
+static XSM_INLINE int xsm_hook_resource_unplug_core(void)
{
return 0;
}
-static XSM_INLINE int xsm_resource_plug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_plug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_unplug_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_unplug_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_setup_pci(uint32_t machine_bdf)
+static XSM_INLINE int xsm_priv_resource_setup_pci(uint32_t machine_bdf)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_setup_gsi(int gsi)
+static XSM_INLINE int xsm_priv_resource_setup_gsi(int gsi)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_resource_setup_misc(void)
+static XSM_INLINE int xsm_priv_resource_setup_misc(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_page_offline(uint32_t cmd)
+static XSM_INLINE int xsm_hook_page_offline(uint32_t cmd)
{
return 0;
}
-static XSM_INLINE int xsm_tmem_op(void)
+static XSM_INLINE int xsm_hook_tmem_op(void)
{
return 0;
}
-static XSM_INLINE int xsm_tmem_control(void)
+static XSM_INLINE int xsm_priv_tmem_control(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
@@ -330,34 +330,34 @@ static XSM_INLINE char * xsm_show_irq_sid(int irq)
return NULL;
}
-static XSM_INLINE int xsm_map_domain_pirq(struct domain *d, int irq, void
*data)
+static XSM_INLINE int xsm_hook_map_domain_pirq(struct domain *d, int irq, void
*data)
{
return 0;
}
-static XSM_INLINE int xsm_unmap_domain_pirq(struct domain *d, int irq)
+static XSM_INLINE int xsm_dm_unmap_domain_pirq(struct domain *d, int irq)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_irq_permission(struct domain *d, int pirq, uint8_t
allow)
+static XSM_INLINE int xsm_hook_irq_permission(struct domain *d, int pirq,
uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_iomem_permission(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_iomem_permission(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_iomem_mapping(struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+static XSM_INLINE int xsm_hook_iomem_mapping(struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_pci_config_permission(struct domain *d, uint32_t
machine_bdf,
+static XSM_INLINE int xsm_hook_pci_config_permission(struct domain *d, uint32_t
machine_bdf,
uint16_t start, uint16_t end,
uint8_t access)
{
@@ -365,96 +365,96 @@ static XSM_INLINE int xsm_pci_config_permission(struct
domain *d, uint32_t machi
}
#ifdef CONFIG_X86
-static XSM_INLINE int xsm_shadow_control(struct domain *d, uint32_t op)
+static XSM_INLINE int xsm_hook_shadow_control(struct domain *d, uint32_t op)
{
return 0;
}
-static XSM_INLINE int xsm_hvm_param(struct domain *d, unsigned long op)
+static XSM_INLINE int xsm_target_hvm_param(struct domain *d, unsigned long op)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_set_pci_intx_level(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_pci_intx_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_set_isa_irq_level(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_isa_irq_level(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_set_pci_link_route(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_set_pci_link_route(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_hvm_inject_msi(struct domain *d)
+static XSM_INLINE int xsm_dm_hvm_inject_msi(struct domain *d)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mem_event_control(struct domain *d, int mode, int op)
+static XSM_INLINE int xsm_dm_mem_event_control(struct domain *d, int mode, int
op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mem_event_op(struct domain *d, int op)
+static XSM_INLINE int xsm_dm_mem_event_op(struct domain *d, int op)
{
if ( !IS_PRIV_FOR(current->domain, d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mem_sharing_op(struct domain *d, struct domain *cd,
int op)
+static XSM_INLINE int xsm_dm_mem_sharing_op(struct domain *d, struct domain
*cd, int op)
{
if ( !IS_PRIV_FOR(current->domain, cd) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_apic(struct domain *d, int cmd)
+static XSM_INLINE int xsm_priv_apic(struct domain *d, int cmd)
{
if ( !IS_PRIV(d) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_platform_op(uint32_t op)
+static XSM_INLINE int xsm_priv_platform_op(uint32_t op)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_machine_memory_map(void)
+static XSM_INLINE int xsm_priv_machine_memory_map(void)
{
if ( !IS_PRIV(current->domain) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_domain_memory_map(struct domain *d)
+static XSM_INLINE int xsm_target_domain_memory_map(struct domain *d)
{
if ( current->domain != d && !IS_PRIV_FOR(current->domain, d)
)
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_mmu_update(struct domain *d, struct domain *t,
+static XSM_INLINE int xsm_target_mmu_update(struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
if ( t && d != t && !IS_PRIV_FOR(d, t) )
@@ -464,14 +464,14 @@ static XSM_INLINE int xsm_mmu_update(struct domain *d,
struct domain *t,
return 0;
}
-static XSM_INLINE int xsm_mmuext_op(struct domain *d, struct domain *f)
+static XSM_INLINE int xsm_target_mmuext_op(struct domain *d, struct domain *f)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_update_va_mapping(struct domain *d, struct domain *f,
+static XSM_INLINE int xsm_target_update_va_mapping(struct domain *d, struct
domain *f,
l1_pgentry_t pte)
{
if ( d != f && !IS_PRIV_FOR(d, f) )
@@ -479,36 +479,36 @@ static XSM_INLINE int xsm_update_va_mapping(struct domain
*d, struct domain *f,
return 0;
}
-static XSM_INLINE int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static XSM_INLINE int xsm_target_add_to_physmap(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_remove_from_physmap(struct domain *d1, struct domain
*d2)
+static XSM_INLINE int xsm_target_remove_from_physmap(struct domain *d1, struct
domain *d2)
{
if ( d1 != d2 && !IS_PRIV_FOR(d1, d2) )
return -EPERM;
return 0;
}
-static XSM_INLINE int xsm_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_hook_bind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_INLINE int xsm_unbind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
+static XSM_INLINE int xsm_hook_unbind_pt_irq(struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return 0;
}
-static XSM_INLINE int xsm_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
+static XSM_INLINE int xsm_hook_ioport_permission(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
}
-static XSM_INLINE int xsm_ioport_mapping(struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+static XSM_INLINE int xsm_hook_ioport_mapping(struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
return 0;
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 105201e..c3a29b6 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -39,30 +39,30 @@ extern xsm_initcall_t __xsm_initcall_start[],
__xsm_initcall_end[];
__used_section(".xsm_initcall.init") = fn
struct xsm_operations {
- void (*security_domaininfo) (struct domain *d,
+ void (*populate_security_domaininfo) (struct domain *d,
struct xen_domctl_getdomaininfo *info);
- int (*domain_create) (struct domain *d, u32 ssidref);
- int (*getdomaininfo) (struct domain *d);
- int (*set_target) (struct domain *d, struct domain *e);
+ int (*hook_domain_create) (struct domain *d, u32 ssidref);
+ int (*hook_getdomaininfo) (struct domain *d);
+ int (*hook_set_target) (struct domain *d, struct domain *e);
int (*domctl) (struct domain *d, int cmd);
int (*sysctl) (int cmd);
- int (*readconsole) (uint32_t clear);
- int (*do_mca) (void);
+ int (*hook_readconsole) (uint32_t clear);
+ int (*priv_do_mca) (void);
- int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
- int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
+ int (*target_evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t
id2);
+ int (*hook_evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
struct domain *d2, struct evtchn
*chn2);
- void (*evtchn_close_post) (struct evtchn *chn);
- int (*evtchn_send) (struct domain *d, struct evtchn *chn);
- int (*evtchn_status) (struct domain *d, struct evtchn *chn);
- int (*evtchn_reset) (struct domain *d1, struct domain *d2);
-
- int (*grant_mapref) (struct domain *d1, struct domain *d2, uint32_t flags);
- int (*grant_unmapref) (struct domain *d1, struct domain *d2);
- int (*grant_setup) (struct domain *d1, struct domain *d2);
- int (*grant_transfer) (struct domain *d1, struct domain *d2);
- int (*grant_copy) (struct domain *d1, struct domain *d2);
- int (*grant_query_size) (struct domain *d1, struct domain *d2);
+ void (*hook_evtchn_close_post) (struct evtchn *chn);
+ int (*hook_evtchn_send) (struct domain *d, struct evtchn *chn);
+ int (*target_evtchn_status) (struct domain *d, struct evtchn *chn);
+ int (*target_evtchn_reset) (struct domain *d1, struct domain *d2);
+
+ int (*hook_grant_mapref) (struct domain *d1, struct domain *d2, uint32_t
flags);
+ int (*hook_grant_unmapref) (struct domain *d1, struct domain *d2);
+ int (*target_grant_setup) (struct domain *d1, struct domain *d2);
+ int (*hook_grant_transfer) (struct domain *d1, struct domain *d2);
+ int (*hook_grant_copy) (struct domain *d1, struct domain *d2);
+ int (*target_grant_query_size) (struct domain *d1, struct domain *d2);
int (*alloc_security_domain) (struct domain *d);
void (*free_security_domain) (struct domain *d);
@@ -70,76 +70,76 @@ struct xsm_operations {
void (*free_security_evtchn) (struct evtchn *chn);
char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
- int (*get_pod_target) (struct domain *d);
- int (*set_pod_target) (struct domain *d);
- int (*memory_exchange) (struct domain *d);
- int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2);
- int (*memory_stat_reservation) (struct domain *d1, struct domain *d2);
- int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct
page_info *page);
- int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
+ int (*priv_get_pod_target) (struct domain *d);
+ int (*priv_set_pod_target) (struct domain *d);
+ int (*target_memory_exchange) (struct domain *d);
+ int (*target_memory_adjust_reservation) (struct domain *d1, struct domain
*d2);
+ int (*target_memory_stat_reservation) (struct domain *d1, struct domain
*d2);
+ int (*hook_memory_pin_page) (struct domain *d1, struct domain *d2, struct
page_info *page);
+ int (*target_remove_from_physmap) (struct domain *d1, struct domain *d2);
- int (*console_io) (struct domain *d, int cmd);
+ int (*priv_console_io) (struct domain *d, int cmd);
- int (*profile) (struct domain *d, int op);
+ int (*hook_profile) (struct domain *d, int op);
- int (*kexec) (void);
- int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
+ int (*priv_kexec) (void);
+ int (*dm_schedop_shutdown) (struct domain *d1, struct domain *d2);
char *(*show_irq_sid) (int irq);
- int (*map_domain_pirq) (struct domain *d, int irq, void *data);
- int (*unmap_domain_pirq) (struct domain *d, int irq);
- int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
- int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
- int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
- int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
-
- int (*get_device_group) (uint32_t machine_bdf);
- int (*test_assign_device) (uint32_t machine_bdf);
- int (*assign_device) (struct domain *d, uint32_t machine_bdf);
- int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
-
- int (*resource_plug_core) (void);
- int (*resource_unplug_core) (void);
- int (*resource_plug_pci) (uint32_t machine_bdf);
- int (*resource_unplug_pci) (uint32_t machine_bdf);
- int (*resource_setup_pci) (uint32_t machine_bdf);
- int (*resource_setup_gsi) (int gsi);
- int (*resource_setup_misc) (void);
-
- int (*page_offline)(uint32_t cmd);
- int (*tmem_op)(void);
- int (*tmem_control)(void);
+ int (*hook_map_domain_pirq) (struct domain *d, int irq, void *data);
+ int (*dm_unmap_domain_pirq) (struct domain *d, int irq);
+ int (*hook_irq_permission) (struct domain *d, int pirq, uint8_t allow);
+ int (*hook_iomem_permission) (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
+ int (*hook_iomem_mapping) (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow);
+ int (*hook_pci_config_permission) (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
+
+ int (*hook_get_device_group) (uint32_t machine_bdf);
+ int (*hook_test_assign_device) (uint32_t machine_bdf);
+ int (*hook_assign_device) (struct domain *d, uint32_t machine_bdf);
+ int (*hook_deassign_device) (struct domain *d, uint32_t machine_bdf);
+
+ int (*hook_resource_plug_core) (void);
+ int (*hook_resource_unplug_core) (void);
+ int (*priv_resource_plug_pci) (uint32_t machine_bdf);
+ int (*priv_resource_unplug_pci) (uint32_t machine_bdf);
+ int (*priv_resource_setup_pci) (uint32_t machine_bdf);
+ int (*priv_resource_setup_gsi) (int gsi);
+ int (*priv_resource_setup_misc) (void);
+
+ int (*hook_page_offline)(uint32_t cmd);
+ int (*hook_tmem_op)(void);
+ int (*priv_tmem_control)(void);
long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
#ifdef CONFIG_X86
- int (*shadow_control) (struct domain *d, uint32_t op);
- int (*hvm_param) (struct domain *d, unsigned long op);
- int (*hvm_set_pci_intx_level) (struct domain *d);
- int (*hvm_set_isa_irq_level) (struct domain *d);
- int (*hvm_set_pci_link_route) (struct domain *d);
- int (*hvm_inject_msi) (struct domain *d);
- int (*mem_event_control) (struct domain *d, int mode, int op);
- int (*mem_event_op) (struct domain *d, int op);
- int (*mem_sharing_op) (struct domain *d, struct domain *cd, int op);
- int (*apic) (struct domain *d, int cmd);
+ int (*hook_shadow_control) (struct domain *d, uint32_t op);
+ int (*target_hvm_param) (struct domain *d, unsigned long op);
+ int (*dm_hvm_set_pci_intx_level) (struct domain *d);
+ int (*dm_hvm_set_isa_irq_level) (struct domain *d);
+ int (*dm_hvm_set_pci_link_route) (struct domain *d);
+ int (*dm_hvm_inject_msi) (struct domain *d);
+ int (*dm_mem_event_control) (struct domain *d, int mode, int op);
+ int (*dm_mem_event_op) (struct domain *d, int op);
+ int (*dm_mem_sharing_op) (struct domain *d, struct domain *cd, int op);
+ int (*priv_apic) (struct domain *d, int cmd);
int (*memtype) (uint32_t access);
- int (*platform_op) (uint32_t cmd);
- int (*machine_memory_map) (void);
- int (*domain_memory_map) (struct domain *d);
+ int (*priv_platform_op) (uint32_t cmd);
+ int (*priv_machine_memory_map) (void);
+ int (*target_domain_memory_map) (struct domain *d);
#define XSM_MMU_UPDATE_READ 1
#define XSM_MMU_UPDATE_WRITE 2
#define XSM_MMU_NORMAL_UPDATE 4
#define XSM_MMU_MACHPHYS_UPDATE 8
- int (*mmu_update) (struct domain *d, struct domain *t,
+ int (*target_mmu_update) (struct domain *d, struct domain *t,
struct domain *f, uint32_t flags);
- int (*mmuext_op) (struct domain *d, struct domain *f);
- int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t
pte);
- int (*add_to_physmap) (struct domain *d1, struct domain *d2);
- int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
- int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
- int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
- int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t
allow);
+ int (*target_mmuext_op) (struct domain *d, struct domain *f);
+ int (*target_update_va_mapping) (struct domain *d, struct domain *f,
l1_pgentry_t pte);
+ int (*target_add_to_physmap) (struct domain *d1, struct domain *d2);
+ int (*hook_bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
+ int (*hook_unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq
*bind);
+ int (*hook_ioport_permission) (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
+ int (*hook_ioport_mapping) (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow);
#endif
};
@@ -149,25 +149,25 @@ extern struct xsm_operations *xsm_ops;
#ifndef XSM_NO_WRAPPERS
-static inline void xsm_security_domaininfo (struct domain *d,
+static inline void xsm_populate_security_domaininfo (struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
- xsm_ops->security_domaininfo(d, info);
+ xsm_ops->populate_security_domaininfo(d, info);
}
-static inline int xsm_domain_create (struct domain *d, u32 ssidref)
+static inline int xsm_hook_domain_create (struct domain *d, u32 ssidref)
{
- return xsm_ops->domain_create(d, ssidref);
+ return xsm_ops->hook_domain_create(d, ssidref);
}
-static inline int xsm_getdomaininfo (struct domain *d)
+static inline int xsm_hook_getdomaininfo (struct domain *d)
{
- return xsm_ops->getdomaininfo(d);
+ return xsm_ops->hook_getdomaininfo(d);
}
-static inline int xsm_set_target (struct domain *d, struct domain *e)
+static inline int xsm_hook_set_target (struct domain *d, struct domain *e)
{
- return xsm_ops->set_target(d, e);
+ return xsm_ops->hook_set_target(d, e);
}
static inline int xsm_domctl (struct domain *d, int cmd)
@@ -180,77 +180,77 @@ static inline int xsm_sysctl (int cmd)
return xsm_ops->sysctl(cmd);
}
-static inline int xsm_readconsole (uint32_t clear)
+static inline int xsm_hook_readconsole (uint32_t clear)
{
- return xsm_ops->readconsole(clear);
+ return xsm_ops->hook_readconsole(clear);
}
-static inline int xsm_do_mca(void)
+static inline int xsm_priv_do_mca(void)
{
- return xsm_ops->do_mca();
+ return xsm_ops->priv_do_mca();
}
-static inline int xsm_evtchn_unbound (struct domain *d1, struct evtchn *chn,
+static inline int xsm_target_evtchn_unbound (struct domain *d1, struct evtchn
*chn,
domid_t
id2)
{
- return xsm_ops->evtchn_unbound(d1, chn, id2);
+ return xsm_ops->target_evtchn_unbound(d1, chn, id2);
}
-static inline int xsm_evtchn_interdomain (struct domain *d1,
+static inline int xsm_hook_evtchn_interdomain (struct domain *d1,
struct evtchn *chan1, struct domain *d2, struct evtchn *chan2)
{
- return xsm_ops->evtchn_interdomain(d1, chan1, d2, chan2);
+ return xsm_ops->hook_evtchn_interdomain(d1, chan1, d2, chan2);
}
-static inline void xsm_evtchn_close_post (struct evtchn *chn)
+static inline void xsm_hook_evtchn_close_post (struct evtchn *chn)
{
- xsm_ops->evtchn_close_post(chn);
+ xsm_ops->hook_evtchn_close_post(chn);
}
-static inline int xsm_evtchn_send (struct domain *d, struct evtchn *chn)
+static inline int xsm_hook_evtchn_send (struct domain *d, struct evtchn *chn)
{
- return xsm_ops->evtchn_send(d, chn);
+ return xsm_ops->hook_evtchn_send(d, chn);
}
-static inline int xsm_evtchn_status (struct domain *d, struct evtchn *chn)
+static inline int xsm_target_evtchn_status (struct domain *d, struct evtchn
*chn)
{
- return xsm_ops->evtchn_status(d, chn);
+ return xsm_ops->target_evtchn_status(d, chn);
}
-static inline int xsm_evtchn_reset (struct domain *d1, struct domain *d2)
+static inline int xsm_target_evtchn_reset (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->evtchn_reset(d1, d2);
+ return xsm_ops->target_evtchn_reset(d1, d2);
}
-static inline int xsm_grant_mapref (struct domain *d1, struct domain *d2,
+static inline int xsm_hook_grant_mapref (struct domain *d1, struct domain *d2,
uint32_t flags)
{
- return xsm_ops->grant_mapref(d1, d2, flags);
+ return xsm_ops->hook_grant_mapref(d1, d2, flags);
}
-static inline int xsm_grant_unmapref (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_unmapref (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->grant_unmapref(d1, d2);
+ return xsm_ops->hook_grant_unmapref(d1, d2);
}
-static inline int xsm_grant_setup (struct domain *d1, struct domain *d2)
+static inline int xsm_target_grant_setup (struct domain *d1, struct domain *d2)
{
- return xsm_ops->grant_setup(d1, d2);
+ return xsm_ops->target_grant_setup(d1, d2);
}
-static inline int xsm_grant_transfer (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_transfer (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->grant_transfer(d1, d2);
+ return xsm_ops->hook_grant_transfer(d1, d2);
}
-static inline int xsm_grant_copy (struct domain *d1, struct domain *d2)
+static inline int xsm_hook_grant_copy (struct domain *d1, struct domain *d2)
{
- return xsm_ops->grant_copy(d1, d2);
+ return xsm_ops->hook_grant_copy(d1, d2);
}
-static inline int xsm_grant_query_size (struct domain *d1, struct domain *d2)
+static inline int xsm_target_grant_query_size (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->grant_query_size(d1, d2);
+ return xsm_ops->target_grant_query_size(d1, d2);
}
static inline int xsm_alloc_security_domain (struct domain *d)
@@ -278,62 +278,62 @@ static inline char *xsm_show_security_evtchn (struct
domain *d, const struct evt
return xsm_ops->show_security_evtchn(d, chn);
}
-static inline int xsm_get_pod_target (struct domain *d)
+static inline int xsm_priv_get_pod_target (struct domain *d)
{
- return xsm_ops->get_pod_target(d);
+ return xsm_ops->priv_get_pod_target(d);
}
-static inline int xsm_set_pod_target (struct domain *d)
+static inline int xsm_priv_set_pod_target (struct domain *d)
{
- return xsm_ops->set_pod_target(d);
+ return xsm_ops->priv_set_pod_target(d);
}
-static inline int xsm_memory_exchange (struct domain *d)
+static inline int xsm_target_memory_exchange (struct domain *d)
{
- return xsm_ops->memory_exchange(d);
+ return xsm_ops->target_memory_exchange(d);
}
-static inline int xsm_memory_adjust_reservation (struct domain *d1, struct
+static inline int xsm_target_memory_adjust_reservation (struct domain *d1,
struct
domain *d2)
{
- return xsm_ops->memory_adjust_reservation(d1, d2);
+ return xsm_ops->target_memory_adjust_reservation(d1, d2);
}
-static inline int xsm_memory_stat_reservation (struct domain *d1,
+static inline int xsm_target_memory_stat_reservation (struct domain *d1,
struct domain *d2)
{
- return xsm_ops->memory_stat_reservation(d1, d2);
+ return xsm_ops->target_memory_stat_reservation(d1, d2);
}
-static inline int xsm_memory_pin_page(struct domain *d1, struct domain *d2,
+static inline int xsm_hook_memory_pin_page(struct domain *d1, struct domain
*d2,
struct page_info *page)
{
- return xsm_ops->memory_pin_page(d1, d2, page);
+ return xsm_ops->hook_memory_pin_page(d1, d2, page);
}
-static inline int xsm_remove_from_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_target_remove_from_physmap(struct domain *d1, struct
domain *d2)
{
- return xsm_ops->remove_from_physmap(d1, d2);
+ return xsm_ops->target_remove_from_physmap(d1, d2);
}
-static inline int xsm_console_io (struct domain *d, int cmd)
+static inline int xsm_priv_console_io (struct domain *d, int cmd)
{
- return xsm_ops->console_io(d, cmd);
+ return xsm_ops->priv_console_io(d, cmd);
}
-static inline int xsm_profile (struct domain *d, int op)
+static inline int xsm_hook_profile (struct domain *d, int op)
{
- return xsm_ops->profile(d, op);
+ return xsm_ops->hook_profile(d, op);
}
-static inline int xsm_kexec (void)
+static inline int xsm_priv_kexec (void)
{
- return xsm_ops->kexec();
+ return xsm_ops->priv_kexec();
}
-static inline int xsm_schedop_shutdown (struct domain *d1, struct domain *d2)
+static inline int xsm_dm_schedop_shutdown (struct domain *d1, struct domain
*d2)
{
- return xsm_ops->schedop_shutdown(d1, d2);
+ return xsm_ops->dm_schedop_shutdown(d1, d2);
}
static inline char *xsm_show_irq_sid (int irq)
@@ -341,104 +341,104 @@ static inline char *xsm_show_irq_sid (int irq)
return xsm_ops->show_irq_sid(irq);
}
-static inline int xsm_map_domain_pirq (struct domain *d, int irq, void *data)
+static inline int xsm_hook_map_domain_pirq (struct domain *d, int irq, void
*data)
{
- return xsm_ops->map_domain_pirq(d, irq, data);
+ return xsm_ops->hook_map_domain_pirq(d, irq, data);
}
-static inline int xsm_unmap_domain_pirq (struct domain *d, int irq)
+static inline int xsm_dm_unmap_domain_pirq (struct domain *d, int irq)
{
- return xsm_ops->unmap_domain_pirq(d, irq);
+ return xsm_ops->dm_unmap_domain_pirq(d, irq);
}
-static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t
allow)
+static inline int xsm_hook_irq_permission (struct domain *d, int pirq, uint8_t
allow)
{
- return xsm_ops->irq_permission(d, pirq, allow);
+ return xsm_ops->hook_irq_permission(d, pirq, allow);
}
-static inline int xsm_iomem_permission (struct domain *d, uint64_t s, uint64_t
e, uint8_t allow)
+static inline int xsm_hook_iomem_permission (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
- return xsm_ops->iomem_permission(d, s, e, allow);
+ return xsm_ops->hook_iomem_permission(d, s, e, allow);
}
-static inline int xsm_iomem_mapping (struct domain *d, uint64_t s, uint64_t e,
uint8_t allow)
+static inline int xsm_hook_iomem_mapping (struct domain *d, uint64_t s,
uint64_t e, uint8_t allow)
{
- return xsm_ops->iomem_mapping(d, s, e, allow);
+ return xsm_ops->hook_iomem_mapping(d, s, e, allow);
}
-static inline int xsm_pci_config_permission (struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+static inline int xsm_hook_pci_config_permission (struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
{
- return xsm_ops->pci_config_permission(d, machine_bdf, start, end,
access);
+ return xsm_ops->hook_pci_config_permission(d, machine_bdf, start, end,
access);
}
-static inline int xsm_get_device_group(uint32_t machine_bdf)
+static inline int xsm_hook_get_device_group(uint32_t machine_bdf)
{
- return xsm_ops->get_device_group(machine_bdf);
+ return xsm_ops->hook_get_device_group(machine_bdf);
}
-static inline int xsm_test_assign_device(uint32_t machine_bdf)
+static inline int xsm_hook_test_assign_device(uint32_t machine_bdf)
{
- return xsm_ops->test_assign_device(machine_bdf);
+ return xsm_ops->hook_test_assign_device(machine_bdf);
}
-static inline int xsm_assign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_hook_assign_device(struct domain *d, uint32_t
machine_bdf)
{
- return xsm_ops->assign_device(d, machine_bdf);
+ return xsm_ops->hook_assign_device(d, machine_bdf);
}
-static inline int xsm_deassign_device(struct domain *d, uint32_t machine_bdf)
+static inline int xsm_hook_deassign_device(struct domain *d, uint32_t
machine_bdf)
{
- return xsm_ops->deassign_device(d, machine_bdf);
+ return xsm_ops->hook_deassign_device(d, machine_bdf);
}
-static inline int xsm_resource_plug_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_plug_pci (uint32_t machine_bdf)
{
- return xsm_ops->resource_plug_pci(machine_bdf);
+ return xsm_ops->priv_resource_plug_pci(machine_bdf);
}
-static inline int xsm_resource_unplug_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_unplug_pci (uint32_t machine_bdf)
{
- return xsm_ops->resource_unplug_pci(machine_bdf);
+ return xsm_ops->priv_resource_unplug_pci(machine_bdf);
}
-static inline int xsm_resource_plug_core (void)
+static inline int xsm_hook_resource_plug_core (void)
{
- return xsm_ops->resource_plug_core();
+ return xsm_ops->hook_resource_plug_core();
}
-static inline int xsm_resource_unplug_core (void)
+static inline int xsm_hook_resource_unplug_core (void)
{
- return xsm_ops->resource_unplug_core();
+ return xsm_ops->hook_resource_unplug_core();
}
-static inline int xsm_resource_setup_pci (uint32_t machine_bdf)
+static inline int xsm_priv_resource_setup_pci (uint32_t machine_bdf)
{
- return xsm_ops->resource_setup_pci(machine_bdf);
+ return xsm_ops->priv_resource_setup_pci(machine_bdf);
}
-static inline int xsm_resource_setup_gsi (int gsi)
+static inline int xsm_priv_resource_setup_gsi (int gsi)
{
- return xsm_ops->resource_setup_gsi(gsi);
+ return xsm_ops->priv_resource_setup_gsi(gsi);
}
-static inline int xsm_resource_setup_misc (void)
+static inline int xsm_priv_resource_setup_misc (void)
{
- return xsm_ops->resource_setup_misc();
+ return xsm_ops->priv_resource_setup_misc();
}
-static inline int xsm_page_offline(uint32_t cmd)
+static inline int xsm_hook_page_offline(uint32_t cmd)
{
- return xsm_ops->page_offline(cmd);
+ return xsm_ops->hook_page_offline(cmd);
}
-static inline int xsm_tmem_op(void)
+static inline int xsm_hook_tmem_op(void)
{
- return xsm_ops->tmem_op();
+ return xsm_ops->hook_tmem_op();
}
-static inline int xsm_tmem_control(void)
+static inline int xsm_priv_tmem_control(void)
{
- return xsm_ops->tmem_control();
+ return xsm_ops->priv_tmem_control();
}
static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
@@ -447,54 +447,54 @@ static inline long xsm_do_xsm_op
(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
}
#ifdef CONFIG_X86
-static inline int xsm_shadow_control (struct domain *d, uint32_t op)
+static inline int xsm_hook_shadow_control (struct domain *d, uint32_t op)
{
- return xsm_ops->shadow_control(d, op);
+ return xsm_ops->hook_shadow_control(d, op);
}
-static inline int xsm_hvm_param (struct domain *d, unsigned long op)
+static inline int xsm_target_hvm_param (struct domain *d, unsigned long op)
{
- return xsm_ops->hvm_param(d, op);
+ return xsm_ops->target_hvm_param(d, op);
}
-static inline int xsm_hvm_set_pci_intx_level (struct domain *d)
+static inline int xsm_dm_hvm_set_pci_intx_level (struct domain *d)
{
- return xsm_ops->hvm_set_pci_intx_level(d);
+ return xsm_ops->dm_hvm_set_pci_intx_level(d);
}
-static inline int xsm_hvm_set_isa_irq_level (struct domain *d)
+static inline int xsm_dm_hvm_set_isa_irq_level (struct domain *d)
{
- return xsm_ops->hvm_set_isa_irq_level(d);
+ return xsm_ops->dm_hvm_set_isa_irq_level(d);
}
-static inline int xsm_hvm_set_pci_link_route (struct domain *d)
+static inline int xsm_dm_hvm_set_pci_link_route (struct domain *d)
{
- return xsm_ops->hvm_set_pci_link_route(d);
+ return xsm_ops->dm_hvm_set_pci_link_route(d);
}
-static inline int xsm_hvm_inject_msi (struct domain *d)
+static inline int xsm_dm_hvm_inject_msi (struct domain *d)
{
- return xsm_ops->hvm_inject_msi(d);
+ return xsm_ops->dm_hvm_inject_msi(d);
}
-static inline int xsm_mem_event_control (struct domain *d, int mode, int op)
+static inline int xsm_dm_mem_event_control (struct domain *d, int mode, int op)
{
- return xsm_ops->mem_event_control(d, mode, op);
+ return xsm_ops->dm_mem_event_control(d, mode, op);
}
-static inline int xsm_mem_event_op (struct domain *d, int op)
+static inline int xsm_dm_mem_event_op (struct domain *d, int op)
{
- return xsm_ops->mem_event_op(d, op);
+ return xsm_ops->dm_mem_event_op(d, op);
}
-static inline int xsm_mem_sharing_op (struct domain *d, struct domain *cd, int
op)
+static inline int xsm_dm_mem_sharing_op (struct domain *d, struct domain *cd,
int op)
{
- return xsm_ops->mem_sharing_op(d, cd, op);
+ return xsm_ops->dm_mem_sharing_op(d, cd, op);
}
-static inline int xsm_apic (struct domain *d, int cmd)
+static inline int xsm_priv_apic (struct domain *d, int cmd)
{
- return xsm_ops->apic(d, cmd);
+ return xsm_ops->priv_apic(d, cmd);
}
static inline int xsm_memtype (uint32_t access)
@@ -502,63 +502,63 @@ static inline int xsm_memtype (uint32_t access)
return xsm_ops->memtype(access);
}
-static inline int xsm_platform_op (uint32_t op)
+static inline int xsm_priv_platform_op (uint32_t op)
{
- return xsm_ops->platform_op(op);
+ return xsm_ops->priv_platform_op(op);
}
-static inline int xsm_machine_memory_map(void)
+static inline int xsm_priv_machine_memory_map(void)
{
- return xsm_ops->machine_memory_map();
+ return xsm_ops->priv_machine_memory_map();
}
-static inline int xsm_domain_memory_map(struct domain *d)
+static inline int xsm_target_domain_memory_map(struct domain *d)
{
- return xsm_ops->domain_memory_map(d);
+ return xsm_ops->target_domain_memory_map(d);
}
-static inline int xsm_mmu_update (struct domain *d, struct domain *t,
+static inline int xsm_target_mmu_update (struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
- return xsm_ops->mmu_update(d, t, f, flags);
+ return xsm_ops->target_mmu_update(d, t, f, flags);
}
-static inline int xsm_mmuext_op (struct domain *d, struct domain *f)
+static inline int xsm_target_mmuext_op (struct domain *d, struct domain *f)
{
- return xsm_ops->mmuext_op(d, f);
+ return xsm_ops->target_mmuext_op(d, f);
}
-static inline int xsm_update_va_mapping(struct domain *d, struct domain *f,
+static inline int xsm_target_update_va_mapping(struct domain *d, struct domain
*f,
l1_pgentry_t pte)
{
- return xsm_ops->update_va_mapping(d, f, pte);
+ return xsm_ops->target_update_va_mapping(d, f, pte);
}
-static inline int xsm_add_to_physmap(struct domain *d1, struct domain *d2)
+static inline int xsm_target_add_to_physmap(struct domain *d1, struct domain
*d2)
{
- return xsm_ops->add_to_physmap(d1, d2);
+ return xsm_ops->target_add_to_physmap(d1, d2);
}
-static inline int xsm_bind_pt_irq(struct domain *d,
+static inline int xsm_hook_bind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_ops->bind_pt_irq(d, bind);
+ return xsm_ops->hook_bind_pt_irq(d, bind);
}
-static inline int xsm_unbind_pt_irq(struct domain *d,
+static inline int xsm_hook_unbind_pt_irq(struct domain *d,
struct xen_domctl_bind_pt_irq
*bind)
{
- return xsm_ops->unbind_pt_irq(d, bind);
+ return xsm_ops->hook_unbind_pt_irq(d, bind);
}
-static inline int xsm_ioport_permission (struct domain *d, uint32_t s, uint32_t
e, uint8_t allow)
+static inline int xsm_hook_ioport_permission (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
- return xsm_ops->ioport_permission(d, s, e, allow);
+ return xsm_ops->hook_ioport_permission(d, s, e, allow);
}
-static inline int xsm_ioport_mapping (struct domain *d, uint32_t s, uint32_t e,
uint8_t allow)
+static inline int xsm_hook_ioport_mapping (struct domain *d, uint32_t s,
uint32_t e, uint8_t allow)
{
- return xsm_ops->ioport_mapping(d, s, e, allow);
+ return xsm_ops->hook_ioport_mapping(d, s, e, allow);
}
#endif /* CONFIG_X86 */
#endif /* XSM_NO_WRAPPERS */
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index 22c66e5..c29c5af 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -29,98 +29,98 @@ struct xsm_operations dummy_xsm_ops;
void xsm_fixup_ops (struct xsm_operations *ops)
{
- set_to_dummy_if_null(ops, security_domaininfo);
- set_to_dummy_if_null(ops, domain_create);
- set_to_dummy_if_null(ops, getdomaininfo);
- set_to_dummy_if_null(ops, set_target);
+ set_to_dummy_if_null(ops, populate_security_domaininfo);
+ set_to_dummy_if_null(ops, hook_domain_create);
+ set_to_dummy_if_null(ops, hook_getdomaininfo);
+ set_to_dummy_if_null(ops, hook_set_target);
set_to_dummy_if_null(ops, domctl);
set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, readconsole);
- set_to_dummy_if_null(ops, do_mca);
-
- set_to_dummy_if_null(ops, evtchn_unbound);
- set_to_dummy_if_null(ops, evtchn_interdomain);
- set_to_dummy_if_null(ops, evtchn_close_post);
- set_to_dummy_if_null(ops, evtchn_send);
- set_to_dummy_if_null(ops, evtchn_status);
- set_to_dummy_if_null(ops, evtchn_reset);
-
- set_to_dummy_if_null(ops, grant_mapref);
- set_to_dummy_if_null(ops, grant_unmapref);
- set_to_dummy_if_null(ops, grant_setup);
- set_to_dummy_if_null(ops, grant_transfer);
- set_to_dummy_if_null(ops, grant_copy);
- set_to_dummy_if_null(ops, grant_query_size);
+ set_to_dummy_if_null(ops, hook_readconsole);
+ set_to_dummy_if_null(ops, priv_do_mca);
+
+ set_to_dummy_if_null(ops, target_evtchn_unbound);
+ set_to_dummy_if_null(ops, hook_evtchn_interdomain);
+ set_to_dummy_if_null(ops, hook_evtchn_close_post);
+ set_to_dummy_if_null(ops, hook_evtchn_send);
+ set_to_dummy_if_null(ops, target_evtchn_status);
+ set_to_dummy_if_null(ops, target_evtchn_reset);
+
+ set_to_dummy_if_null(ops, hook_grant_mapref);
+ set_to_dummy_if_null(ops, hook_grant_unmapref);
+ set_to_dummy_if_null(ops, target_grant_setup);
+ set_to_dummy_if_null(ops, hook_grant_transfer);
+ set_to_dummy_if_null(ops, hook_grant_copy);
+ set_to_dummy_if_null(ops, target_grant_query_size);
set_to_dummy_if_null(ops, alloc_security_domain);
set_to_dummy_if_null(ops, free_security_domain);
set_to_dummy_if_null(ops, alloc_security_evtchn);
set_to_dummy_if_null(ops, free_security_evtchn);
set_to_dummy_if_null(ops, show_security_evtchn);
- set_to_dummy_if_null(ops, get_pod_target);
- set_to_dummy_if_null(ops, set_pod_target);
+ set_to_dummy_if_null(ops, priv_get_pod_target);
+ set_to_dummy_if_null(ops, priv_set_pod_target);
- set_to_dummy_if_null(ops, memory_exchange);
- set_to_dummy_if_null(ops, memory_adjust_reservation);
- set_to_dummy_if_null(ops, memory_stat_reservation);
- set_to_dummy_if_null(ops, memory_pin_page);
+ set_to_dummy_if_null(ops, target_memory_exchange);
+ set_to_dummy_if_null(ops, target_memory_adjust_reservation);
+ set_to_dummy_if_null(ops, target_memory_stat_reservation);
+ set_to_dummy_if_null(ops, hook_memory_pin_page);
- set_to_dummy_if_null(ops, console_io);
+ set_to_dummy_if_null(ops, priv_console_io);
- set_to_dummy_if_null(ops, profile);
+ set_to_dummy_if_null(ops, hook_profile);
- set_to_dummy_if_null(ops, kexec);
- set_to_dummy_if_null(ops, schedop_shutdown);
+ set_to_dummy_if_null(ops, priv_kexec);
+ set_to_dummy_if_null(ops, dm_schedop_shutdown);
set_to_dummy_if_null(ops, show_irq_sid);
- set_to_dummy_if_null(ops, map_domain_pirq);
- set_to_dummy_if_null(ops, unmap_domain_pirq);
- set_to_dummy_if_null(ops, irq_permission);
- set_to_dummy_if_null(ops, iomem_permission);
- set_to_dummy_if_null(ops, iomem_mapping);
- set_to_dummy_if_null(ops, pci_config_permission);
-
- set_to_dummy_if_null(ops, get_device_group);
- set_to_dummy_if_null(ops, test_assign_device);
- set_to_dummy_if_null(ops, assign_device);
- set_to_dummy_if_null(ops, deassign_device);
-
- set_to_dummy_if_null(ops, resource_plug_core);
- set_to_dummy_if_null(ops, resource_unplug_core);
- set_to_dummy_if_null(ops, resource_plug_pci);
- set_to_dummy_if_null(ops, resource_unplug_pci);
- set_to_dummy_if_null(ops, resource_setup_pci);
- set_to_dummy_if_null(ops, resource_setup_gsi);
- set_to_dummy_if_null(ops, resource_setup_misc);
-
- set_to_dummy_if_null(ops, page_offline);
- set_to_dummy_if_null(ops, tmem_op);
- set_to_dummy_if_null(ops, tmem_control);
+ set_to_dummy_if_null(ops, hook_map_domain_pirq);
+ set_to_dummy_if_null(ops, dm_unmap_domain_pirq);
+ set_to_dummy_if_null(ops, hook_irq_permission);
+ set_to_dummy_if_null(ops, hook_iomem_permission);
+ set_to_dummy_if_null(ops, hook_iomem_mapping);
+ set_to_dummy_if_null(ops, hook_pci_config_permission);
+
+ set_to_dummy_if_null(ops, hook_get_device_group);
+ set_to_dummy_if_null(ops, hook_test_assign_device);
+ set_to_dummy_if_null(ops, hook_assign_device);
+ set_to_dummy_if_null(ops, hook_deassign_device);
+
+ set_to_dummy_if_null(ops, hook_resource_plug_core);
+ set_to_dummy_if_null(ops, hook_resource_unplug_core);
+ set_to_dummy_if_null(ops, priv_resource_plug_pci);
+ set_to_dummy_if_null(ops, priv_resource_unplug_pci);
+ set_to_dummy_if_null(ops, priv_resource_setup_pci);
+ set_to_dummy_if_null(ops, priv_resource_setup_gsi);
+ set_to_dummy_if_null(ops, priv_resource_setup_misc);
+
+ set_to_dummy_if_null(ops, hook_page_offline);
+ set_to_dummy_if_null(ops, hook_tmem_op);
+ set_to_dummy_if_null(ops, priv_tmem_control);
set_to_dummy_if_null(ops, do_xsm_op);
#ifdef CONFIG_X86
- set_to_dummy_if_null(ops, shadow_control);
- set_to_dummy_if_null(ops, hvm_param);
- set_to_dummy_if_null(ops, hvm_set_pci_intx_level);
- set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
- set_to_dummy_if_null(ops, hvm_set_pci_link_route);
- set_to_dummy_if_null(ops, hvm_inject_msi);
- set_to_dummy_if_null(ops, mem_event_control);
- set_to_dummy_if_null(ops, mem_event_op);
- set_to_dummy_if_null(ops, mem_sharing_op);
- set_to_dummy_if_null(ops, apic);
- set_to_dummy_if_null(ops, platform_op);
- set_to_dummy_if_null(ops, machine_memory_map);
- set_to_dummy_if_null(ops, domain_memory_map);
- set_to_dummy_if_null(ops, mmu_update);
- set_to_dummy_if_null(ops, mmuext_op);
- set_to_dummy_if_null(ops, update_va_mapping);
- set_to_dummy_if_null(ops, add_to_physmap);
- set_to_dummy_if_null(ops, remove_from_physmap);
- set_to_dummy_if_null(ops, bind_pt_irq);
- set_to_dummy_if_null(ops, unbind_pt_irq);
- set_to_dummy_if_null(ops, ioport_permission);
- set_to_dummy_if_null(ops, ioport_mapping);
+ set_to_dummy_if_null(ops, hook_shadow_control);
+ set_to_dummy_if_null(ops, target_hvm_param);
+ set_to_dummy_if_null(ops, dm_hvm_set_pci_intx_level);
+ set_to_dummy_if_null(ops, dm_hvm_set_isa_irq_level);
+ set_to_dummy_if_null(ops, dm_hvm_set_pci_link_route);
+ set_to_dummy_if_null(ops, dm_hvm_inject_msi);
+ set_to_dummy_if_null(ops, dm_mem_event_control);
+ set_to_dummy_if_null(ops, dm_mem_event_op);
+ set_to_dummy_if_null(ops, dm_mem_sharing_op);
+ set_to_dummy_if_null(ops, priv_apic);
+ set_to_dummy_if_null(ops, priv_platform_op);
+ set_to_dummy_if_null(ops, priv_machine_memory_map);
+ set_to_dummy_if_null(ops, target_domain_memory_map);
+ set_to_dummy_if_null(ops, target_mmu_update);
+ set_to_dummy_if_null(ops, target_mmuext_op);
+ set_to_dummy_if_null(ops, target_update_va_mapping);
+ set_to_dummy_if_null(ops, target_add_to_physmap);
+ set_to_dummy_if_null(ops, target_remove_from_physmap);
+ set_to_dummy_if_null(ops, hook_bind_pt_irq);
+ set_to_dummy_if_null(ops, hook_unbind_pt_irq);
+ set_to_dummy_if_null(ops, hook_ioport_permission);
+ set_to_dummy_if_null(ops, hook_ioport_mapping);
#endif
}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 03ea675..2c46276 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -171,7 +171,7 @@ static void flask_domain_free_security(struct domain *d)
xfree(dsec);
}
-static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn,
+static int flask_target_evtchn_unbound(struct domain *d1, struct evtchn *chn,
domid_t id2)
{
u32 sid1, sid2, newsid;
@@ -206,7 +206,7 @@ static int flask_evtchn_unbound(struct domain *d1, struct
evtchn *chn,
return rc;
}
-static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1,
+static int flask_hook_evtchn_interdomain(struct domain *d1, struct evtchn
*chn1,
struct domain *d2, struct evtchn *chn2)
{
u32 sid1, sid2, newsid, reverse_sid;
@@ -252,7 +252,7 @@ static int flask_evtchn_interdomain(struct domain *d1,
struct evtchn *chn1,
return rc;
}
-static void flask_evtchn_close_post(struct evtchn *chn)
+static void flask_hook_evtchn_close_post(struct evtchn *chn)
{
struct evtchn_security_struct *esec;
esec = chn->ssid;
@@ -260,7 +260,7 @@ static void flask_evtchn_close_post(struct evtchn *chn)
esec->sid = SECINITSID_UNLABELED;
}
-static int flask_evtchn_send(struct domain *d, struct evtchn *chn)
+static int flask_hook_evtchn_send(struct domain *d, struct evtchn *chn)
{
int rc;
@@ -280,12 +280,12 @@ static int flask_evtchn_send(struct domain *d, struct
evtchn *chn)
return rc;
}
-static int flask_evtchn_status(struct domain *d, struct evtchn *chn)
+static int flask_target_evtchn_status(struct domain *d, struct evtchn *chn)
{
return domain_has_evtchn(d, chn, EVENT__STATUS);
}
-static int flask_evtchn_reset(struct domain *d1, struct domain *d2)
+static int flask_target_evtchn_reset(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET);
}
@@ -350,7 +350,7 @@ static char *flask_show_security_evtchn(struct domain *d,
const struct evtchn *c
return ctx;
}
-static int flask_grant_mapref(struct domain *d1, struct domain *d2,
+static int flask_hook_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
u32 perms = GRANT__MAP_READ;
@@ -361,63 +361,63 @@ static int flask_grant_mapref(struct domain *d1, struct
domain *d2,
return domain_has_perm(d1, d2, SECCLASS_GRANT, perms);
}
-static int flask_grant_unmapref(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_unmapref(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__UNMAP);
}
-static int flask_grant_setup(struct domain *d1, struct domain *d2)
+static int flask_target_grant_setup(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__SETUP);
}
-static int flask_grant_transfer(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_transfer(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__TRANSFER);
}
-static int flask_grant_copy(struct domain *d1, struct domain *d2)
+static int flask_hook_grant_copy(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__COPY);
}
-static int flask_grant_query_size(struct domain *d1, struct domain *d2)
+static int flask_target_grant_query_size(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__QUERY);
}
-static int flask_get_pod_target(struct domain *d)
+static int flask_priv_get_pod_target(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET);
}
-static int flask_set_pod_target(struct domain *d)
+static int flask_priv_set_pod_target(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET);
}
-static int flask_memory_exchange(struct domain *d)
+static int flask_target_memory_exchange(struct domain *d)
{
return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE);
}
-static int flask_memory_adjust_reservation(struct domain *d1, struct domain
*d2)
+static int flask_target_memory_adjust_reservation(struct domain *d1, struct
domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST);
}
-static int flask_memory_stat_reservation(struct domain *d1, struct domain *d2)
+static int flask_target_memory_stat_reservation(struct domain *d1, struct
domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__STAT);
}
-static int flask_memory_pin_page(struct domain *d1, struct domain *d2,
+static int flask_hook_memory_pin_page(struct domain *d1, struct domain *d2,
struct page_info *page)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE);
}
-static int flask_console_io(struct domain *d, int cmd)
+static int flask_priv_console_io(struct domain *d, int cmd)
{
u32 perm;
@@ -436,7 +436,7 @@ static int flask_console_io(struct domain *d, int cmd)
return domain_has_xen(d, perm);
}
-static int flask_profile(struct domain *d, int op)
+static int flask_hook_profile(struct domain *d, int op)
{
u32 perm;
@@ -468,23 +468,23 @@ static int flask_profile(struct domain *d, int op)
return domain_has_xen(d, perm);
}
-static int flask_kexec(void)
+static int flask_priv_kexec(void)
{
return domain_has_xen(current->domain, XEN__KEXEC);
}
-static int flask_schedop_shutdown(struct domain *d1, struct domain *d2)
+static int flask_dm_schedop_shutdown(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN);
}
-static void flask_security_domaininfo(struct domain *d,
+static void flask_populate_security_domaininfo(struct domain *d,
struct xen_domctl_getdomaininfo *info)
{
info->ssidref = domain_sid(d);
}
-static int flask_domain_create(struct domain *d, u32 ssidref)
+static int flask_hook_domain_create(struct domain *d, u32 ssidref)
{
int rc;
struct domain_security_struct *dsec = d->ssid;
@@ -512,12 +512,12 @@ static int flask_domain_create(struct domain *d, u32
ssidref)
return rc;
}
-static int flask_getdomaininfo(struct domain *d)
+static int flask_hook_getdomaininfo(struct domain *d)
{
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO);
}
-static int flask_set_target(struct domain *d, struct domain *t)
+static int flask_hook_set_target(struct domain *d, struct domain *t)
{
int rc;
struct domain_security_struct *dsec, *tsec;
@@ -753,7 +753,7 @@ static int flask_sysctl(int cmd)
}
}
-static int flask_readconsole(uint32_t clear)
+static int flask_hook_readconsole(uint32_t clear)
{
u32 perms = XEN__READCONSOLE;
@@ -763,7 +763,7 @@ static int flask_readconsole(uint32_t clear)
return domain_has_xen(current->domain, perms);
}
-static int flask_do_mca(void)
+static int flask_priv_do_mca(void)
{
return domain_has_xen(current->domain, XEN__MCA_OP);
}
@@ -790,7 +790,7 @@ static char *flask_show_irq_sid (int irq)
return ctx;
}
-static int flask_map_domain_pirq (struct domain *d, int irq, void *data)
+static int flask_hook_map_domain_pirq (struct domain *d, int irq, void *data)
{
u32 sid, dsid;
int rc = -EPERM;
@@ -823,7 +823,7 @@ static int flask_map_domain_pirq (struct domain *d, int irq,
void *data)
return rc;
}
-static int flask_unmap_domain_pirq (struct domain *d, int irq)
+static int flask_dm_unmap_domain_pirq (struct domain *d, int irq)
{
u32 sid;
int rc = -EPERM;
@@ -846,7 +846,7 @@ static int flask_unmap_domain_pirq (struct domain *d, int
irq)
return rc;
}
-static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
+static int flask_hook_irq_permission (struct domain *d, int pirq, uint8_t
access)
{
/* the PIRQ number is not useful; real IRQ is checked during mapping */
return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access));
@@ -876,7 +876,7 @@ static int _iomem_has_perm(void *v, u32 sid, unsigned long
start, unsigned long
return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
-static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t
end, uint8_t access)
+static int flask_hook_iomem_permission(struct domain *d, uint64_t start,
uint64_t end, uint8_t access)
{
struct iomem_has_perm_data data;
int rc;
@@ -897,12 +897,12 @@ static int flask_iomem_permission(struct domain *d,
uint64_t start, uint64_t end
return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
}
-static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end,
uint8_t access)
+static int flask_hook_iomem_mapping(struct domain *d, uint64_t start, uint64_t
end, uint8_t access)
{
- return flask_iomem_permission(d, start, end, access);
+ return flask_hook_iomem_permission(d, start, end, access);
}
-static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access)
+static int flask_hook_pci_config_permission(struct domain *d, uint32_t
machine_bdf, uint16_t start, uint16_t end, uint8_t access)
{
u32 dsid, rsid;
int rc = -EPERM;
@@ -924,12 +924,12 @@ static int flask_pci_config_permission(struct domain *d,
uint32_t machine_bdf, u
}
-static int flask_resource_plug_core(void)
+static int flask_hook_resource_plug_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__PLUG, NULL);
}
-static int flask_resource_unplug_core(void)
+static int flask_hook_resource_unplug_core(void)
{
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__UNPLUG, NULL);
}
@@ -939,7 +939,7 @@ static int flask_resource_use_core(void)
return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE,
RESOURCE__USE, NULL);
}
-static int flask_resource_plug_pci(uint32_t machine_bdf)
+static int flask_priv_resource_plug_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -954,7 +954,7 @@ static int flask_resource_plug_pci(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG,
&ad);
}
-static int flask_resource_unplug_pci(uint32_t machine_bdf)
+static int flask_priv_resource_unplug_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -969,7 +969,7 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG,
&ad);
}
-static int flask_resource_setup_pci(uint32_t machine_bdf)
+static int flask_priv_resource_setup_pci(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -984,7 +984,7 @@ static int flask_resource_setup_pci(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
}
-static int flask_resource_setup_gsi(int gsi)
+static int flask_priv_resource_setup_gsi(int gsi)
{
u32 rsid;
int rc = -EPERM;
@@ -997,18 +997,18 @@ static int flask_resource_setup_gsi(int gsi)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP,
&ad);
}
-static int flask_resource_setup_misc(void)
+static int flask_priv_resource_setup_misc(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE,
RESOURCE__SETUP, NULL);
}
-static inline int flask_page_offline(uint32_t cmd)
+static inline int flask_hook_page_offline(uint32_t cmd)
{
switch (cmd) {
case sysctl_page_offline:
- return flask_resource_unplug_core();
+ return flask_hook_resource_unplug_core();
case sysctl_page_online:
- return flask_resource_plug_core();
+ return flask_hook_resource_plug_core();
case sysctl_query_page_offline:
return flask_resource_use_core();
default:
@@ -1016,18 +1016,18 @@ static inline int flask_page_offline(uint32_t cmd)
}
}
-static inline int flask_tmem_op(void)
+static inline int flask_hook_tmem_op(void)
{
return domain_has_xen(current->domain, XEN__TMEM_OP);
}
-static inline int flask_tmem_control(void)
+static inline int flask_priv_tmem_control(void)
{
return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
}
#ifdef CONFIG_X86
-static int flask_shadow_control(struct domain *d, uint32_t op)
+static int flask_hook_shadow_control(struct domain *d, uint32_t op)
{
u32 perm;
@@ -1079,7 +1079,7 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned
long start, unsigned long
return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, RESOURCE__USE,
&ad);
}
-static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t
end, uint8_t access)
+static int flask_hook_ioport_permission(struct domain *d, uint32_t start,
uint32_t end, uint8_t access)
{
int rc;
struct ioport_has_perm_data data;
@@ -1101,12 +1101,12 @@ static int flask_ioport_permission(struct domain *d,
uint32_t start, uint32_t en
return security_iterate_ioport_sids(start, end, _ioport_has_perm,
&data);
}
-static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t end,
uint8_t access)
+static int flask_hook_ioport_mapping(struct domain *d, uint32_t start, uint32_t
end, uint8_t access)
{
- return flask_ioport_permission(d, start, end, access);
+ return flask_hook_ioport_permission(d, start, end, access);
}
-static int flask_hvm_param(struct domain *d, unsigned long op)
+static int flask_target_hvm_param(struct domain *d, unsigned long op)
{
u32 perm;
@@ -1128,37 +1128,37 @@ static int flask_hvm_param(struct domain *d, unsigned
long op)
return current_has_perm(d, SECCLASS_HVM, perm);
}
-static int flask_hvm_set_pci_intx_level(struct domain *d)
+static int flask_dm_hvm_set_pci_intx_level(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__PCILEVEL);
}
-static int flask_hvm_set_isa_irq_level(struct domain *d)
+static int flask_dm_hvm_set_isa_irq_level(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__IRQLEVEL);
}
-static int flask_hvm_set_pci_link_route(struct domain *d)
+static int flask_dm_hvm_set_pci_link_route(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__PCIROUTE);
}
-static int flask_hvm_inject_msi(struct domain *d)
+static int flask_dm_hvm_inject_msi(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__SEND_IRQ);
}
-static int flask_mem_event_control(struct domain *d, int mode, int op)
+static int flask_dm_mem_event_control(struct domain *d, int mode, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
-static int flask_mem_event_op(struct domain *d, int op)
+static int flask_dm_mem_event_op(struct domain *d, int op)
{
return current_has_perm(d, SECCLASS_HVM, HVM__MEM_EVENT);
}
-static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op)
+static int flask_dm_mem_sharing_op(struct domain *d, struct domain *cd, int op)
{
int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING);
if ( rc )
@@ -1166,7 +1166,7 @@ static int flask_mem_sharing_op(struct domain *d, struct
domain *cd, int op)
return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM);
}
-static int flask_apic(struct domain *d, int cmd)
+static int flask_priv_apic(struct domain *d, int cmd)
{
u32 perm;
@@ -1186,7 +1186,7 @@ static int flask_apic(struct domain *d, int cmd)
return domain_has_xen(d, perm);
}
-static int flask_platform_op(uint32_t op)
+static int flask_priv_platform_op(uint32_t op)
{
switch ( op )
{
@@ -1241,22 +1241,22 @@ static int flask_platform_op(uint32_t op)
return domain_has_xen(current->domain, XEN__GETCPUINFO);
default:
- printk("flask_platform_op: Unknown op %d\n", op);
+ printk("flask_priv_platform_op: Unknown op %d\n", op);
return -EPERM;
}
}
-static int flask_machine_memory_map(void)
+static int flask_priv_machine_memory_map(void)
{
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP,
NULL);
}
-static int flask_domain_memory_map(struct domain *d)
+static int flask_target_domain_memory_map(struct domain *d)
{
return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP);
}
-static int flask_mmu_update(struct domain *d, struct domain *t,
+static int flask_target_mmu_update(struct domain *d, struct domain *t,
struct domain *f, uint32_t flags)
{
int rc = 0;
@@ -1279,12 +1279,12 @@ static int flask_mmu_update(struct domain *d, struct
domain *t,
return rc;
}
-static int flask_mmuext_op(struct domain *d, struct domain *f)
+static int flask_target_mmuext_op(struct domain *d, struct domain *f)
{
return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP);
}
-static int flask_update_va_mapping(struct domain *d, struct domain *f,
+static int flask_target_update_va_mapping(struct domain *d, struct domain *f,
l1_pgentry_t pte)
{
u32 map_perms = MMU__MAP_READ;
@@ -1296,17 +1296,17 @@ static int flask_update_va_mapping(struct domain *d,
struct domain *f,
return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
}
-static int flask_add_to_physmap(struct domain *d1, struct domain *d2)
+static int flask_target_add_to_physmap(struct domain *d1, struct domain *d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_remove_from_physmap(struct domain *d1, struct domain *d2)
+static int flask_target_remove_from_physmap(struct domain *d1, struct domain
*d2)
{
return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP);
}
-static int flask_get_device_group(uint32_t machine_bdf)
+static int flask_hook_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -1330,7 +1330,7 @@ static int flask_test_assign_device(uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE,
NULL);
}
-static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
+static int flask_hook_assign_device(struct domain *d, uint32_t machine_bdf)
{
u32 dsid, rsid;
int rc = -EPERM;
@@ -1354,7 +1354,7 @@ static int flask_assign_device(struct domain *d, uint32_t
machine_bdf)
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
}
-static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
+static int flask_hook_deassign_device(struct domain *d, uint32_t machine_bdf)
{
u32 rsid;
int rc = -EPERM;
@@ -1370,7 +1370,7 @@ static int flask_deassign_device(struct domain *d,
uint32_t machine_bdf)
return avc_current_has_perm(rsid, SECCLASS_RESOURCE,
RESOURCE__REMOVE_DEVICE, NULL);
}
-static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
+static int flask_hook_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
u32 dsid, rsid;
int rc = -EPERM;
@@ -1395,7 +1395,7 @@ static int flask_bind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *b
return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
}
-static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq
*bind)
+static int flask_hook_unbind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq *bind)
{
return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
}
@@ -1404,28 +1404,28 @@ static int flask_unbind_pt_irq (struct domain *d, struct
xen_domctl_bind_pt_irq
long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op);
static struct xsm_operations flask_ops = {
- .security_domaininfo = flask_security_domaininfo,
- .domain_create = flask_domain_create,
- .getdomaininfo = flask_getdomaininfo,
- .set_target = flask_set_target,
+ .populate_security_domaininfo = flask_populate_security_domaininfo,
+ .hook_domain_create = flask_hook_domain_create,
+ .hook_getdomaininfo = flask_hook_getdomaininfo,
+ .hook_set_target = flask_hook_set_target,
.domctl = flask_domctl,
.sysctl = flask_sysctl,
- .readconsole = flask_readconsole,
- .do_mca = flask_do_mca,
-
- .evtchn_unbound = flask_evtchn_unbound,
- .evtchn_interdomain = flask_evtchn_interdomain,
- .evtchn_close_post = flask_evtchn_close_post,
- .evtchn_send = flask_evtchn_send,
- .evtchn_status = flask_evtchn_status,
- .evtchn_reset = flask_evtchn_reset,
-
- .grant_mapref = flask_grant_mapref,
- .grant_unmapref = flask_grant_unmapref,
- .grant_setup = flask_grant_setup,
- .grant_transfer = flask_grant_transfer,
- .grant_copy = flask_grant_copy,
- .grant_query_size = flask_grant_query_size,
+ .hook_readconsole = flask_hook_readconsole,
+ .priv_do_mca = flask_priv_do_mca,
+
+ .target_evtchn_unbound = flask_target_evtchn_unbound,
+ .hook_evtchn_interdomain = flask_hook_evtchn_interdomain,
+ .hook_evtchn_close_post = flask_hook_evtchn_close_post,
+ .hook_evtchn_send = flask_hook_evtchn_send,
+ .target_evtchn_status = flask_target_evtchn_status,
+ .target_evtchn_reset = flask_target_evtchn_reset,
+
+ .hook_grant_mapref = flask_hook_grant_mapref,
+ .hook_grant_unmapref = flask_hook_grant_unmapref,
+ .target_grant_setup = flask_target_grant_setup,
+ .hook_grant_transfer = flask_hook_grant_transfer,
+ .hook_grant_copy = flask_hook_grant_copy,
+ .target_grant_query_size = flask_target_grant_query_size,
.alloc_security_domain = flask_domain_alloc_security,
.free_security_domain = flask_domain_free_security,
@@ -1433,70 +1433,70 @@ static struct xsm_operations flask_ops = {
.free_security_evtchn = flask_free_security_evtchn,
.show_security_evtchn = flask_show_security_evtchn,
- .get_pod_target = flask_get_pod_target,
- .set_pod_target = flask_set_pod_target,
- .memory_exchange = flask_memory_exchange,
- .memory_adjust_reservation = flask_memory_adjust_reservation,
- .memory_stat_reservation = flask_memory_stat_reservation,
- .memory_pin_page = flask_memory_pin_page,
+ .priv_get_pod_target = flask_priv_get_pod_target,
+ .priv_set_pod_target = flask_priv_set_pod_target,
+ .target_memory_exchange = flask_target_memory_exchange,
+ .target_memory_adjust_reservation = flask_target_memory_adjust_reservation,
+ .target_memory_stat_reservation = flask_target_memory_stat_reservation,
+ .hook_memory_pin_page = flask_hook_memory_pin_page,
- .console_io = flask_console_io,
+ .priv_console_io = flask_priv_console_io,
- .profile = flask_profile,
+ .hook_profile = flask_hook_profile,
- .kexec = flask_kexec,
- .schedop_shutdown = flask_schedop_shutdown,
+ .priv_kexec = flask_priv_kexec,
+ .dm_schedop_shutdown = flask_dm_schedop_shutdown,
.show_irq_sid = flask_show_irq_sid,
- .map_domain_pirq = flask_map_domain_pirq,
- .unmap_domain_pirq = flask_unmap_domain_pirq,
- .irq_permission = flask_irq_permission,
- .iomem_permission = flask_iomem_permission,
- .iomem_mapping = flask_iomem_mapping,
- .pci_config_permission = flask_pci_config_permission,
-
- .resource_plug_core = flask_resource_plug_core,
- .resource_unplug_core = flask_resource_unplug_core,
- .resource_plug_pci = flask_resource_plug_pci,
- .resource_unplug_pci = flask_resource_unplug_pci,
- .resource_setup_pci = flask_resource_setup_pci,
- .resource_setup_gsi = flask_resource_setup_gsi,
- .resource_setup_misc = flask_resource_setup_misc,
-
- .page_offline = flask_page_offline,
- .tmem_op = flask_tmem_op,
- .tmem_control = flask_tmem_control,
+ .hook_map_domain_pirq = flask_hook_map_domain_pirq,
+ .dm_unmap_domain_pirq = flask_dm_unmap_domain_pirq,
+ .hook_irq_permission = flask_hook_irq_permission,
+ .hook_iomem_permission = flask_hook_iomem_permission,
+ .hook_iomem_mapping = flask_hook_iomem_mapping,
+ .hook_pci_config_permission = flask_hook_pci_config_permission,
+
+ .hook_resource_plug_core = flask_hook_resource_plug_core,
+ .hook_resource_unplug_core = flask_hook_resource_unplug_core,
+ .priv_resource_plug_pci = flask_priv_resource_plug_pci,
+ .priv_resource_unplug_pci = flask_priv_resource_unplug_pci,
+ .priv_resource_setup_pci = flask_priv_resource_setup_pci,
+ .priv_resource_setup_gsi = flask_priv_resource_setup_gsi,
+ .priv_resource_setup_misc = flask_priv_resource_setup_misc,
+
+ .hook_page_offline = flask_hook_page_offline,
+ .hook_tmem_op = flask_hook_tmem_op,
+ .priv_tmem_control = flask_priv_tmem_control,
.do_xsm_op = do_flask_op,
#ifdef CONFIG_X86
- .shadow_control = flask_shadow_control,
- .hvm_param = flask_hvm_param,
- .hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
- .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
- .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
- .hvm_inject_msi = flask_hvm_inject_msi,
- .mem_event_control = flask_mem_event_control,
- .mem_event_op = flask_mem_event_op,
- .mem_sharing_op = flask_mem_sharing_op,
- .apic = flask_apic,
- .platform_op = flask_platform_op,
- .machine_memory_map = flask_machine_memory_map,
- .domain_memory_map = flask_domain_memory_map,
- .mmu_update = flask_mmu_update,
- .mmuext_op = flask_mmuext_op,
- .update_va_mapping = flask_update_va_mapping,
- .add_to_physmap = flask_add_to_physmap,
- .remove_from_physmap = flask_remove_from_physmap,
- .get_device_group = flask_get_device_group,
- .test_assign_device = flask_test_assign_device,
- .assign_device = flask_assign_device,
- .deassign_device = flask_deassign_device,
- .bind_pt_irq = flask_bind_pt_irq,
- .unbind_pt_irq = flask_unbind_pt_irq,
- .ioport_permission = flask_ioport_permission,
- .ioport_mapping = flask_ioport_mapping,
+ .hook_shadow_control = flask_hook_shadow_control,
+ .target_hvm_param = flask_target_hvm_param,
+ .dm_hvm_set_pci_intx_level = flask_dm_hvm_set_pci_intx_level,
+ .dm_hvm_set_isa_irq_level = flask_dm_hvm_set_isa_irq_level,
+ .dm_hvm_set_pci_link_route = flask_dm_hvm_set_pci_link_route,
+ .dm_hvm_inject_msi = flask_dm_hvm_inject_msi,
+ .dm_mem_event_control = flask_dm_mem_event_control,
+ .dm_mem_event_op = flask_dm_mem_event_op,
+ .dm_mem_sharing_op = flask_dm_mem_sharing_op,
+ .priv_apic = flask_priv_apic,
+ .priv_platform_op = flask_priv_platform_op,
+ .priv_machine_memory_map = flask_priv_machine_memory_map,
+ .target_domain_memory_map = flask_target_domain_memory_map,
+ .target_mmu_update = flask_target_mmu_update,
+ .target_mmuext_op = flask_target_mmuext_op,
+ .target_update_va_mapping = flask_target_update_va_mapping,
+ .target_add_to_physmap = flask_target_add_to_physmap,
+ .target_remove_from_physmap = flask_target_remove_from_physmap,
+ .hook_get_device_group = flask_hook_get_device_group,
+ .hook_test_assign_device = flask_test_assign_device,
+ .hook_assign_device = flask_hook_assign_device,
+ .hook_deassign_device = flask_hook_deassign_device,
+ .hook_bind_pt_irq = flask_hook_bind_pt_irq,
+ .hook_unbind_pt_irq = flask_hook_unbind_pt_irq,
+ .hook_ioport_permission = flask_hook_ioport_permission,
+ .hook_ioport_mapping = flask_hook_ioport_mapping,
#endif
};
--
1.7.11.7
>>> On 20.11.12 at 15:51, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > --- a/xen/arch/x86/domctl.c > +++ b/xen/arch/x86/domctl.c > @@ -96,10 +96,6 @@ long arch_do_domctl( > > page = mfn_to_page(mfn); > > - ret = xsm_getpageframeinfo(d); > - if ( ret ) > - break;This is actually a bug fix - with this still in place, the operation returns success even if the get_page() below fails. Jan> - > if ( likely(get_page(page, d)) ) > { > ret = 0;
>>> On 20.11.12 at 15:51, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > A number of the sysctl XSM hooks have no parameters or only pass the > operation ID, making them redundant with the xsm_sysctl hook. Remove > these redundant hooks. > > Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> > --- > xen/arch/x86/platform_hypercall.c | 12 ----This is slightly confusing given the title/description. Jan
On 11/20/2012 10:25 AM, Jan Beulich wrote:>>>> On 20.11.12 at 15:51, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >> A number of the sysctl XSM hooks have no parameters or only pass the >> operation ID, making them redundant with the xsm_sysctl hook. Remove >> these redundant hooks. >> >> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> >> --- >> xen/arch/x86/platform_hypercall.c | 12 ---- > > This is slightly confusing given the title/description. > > Jan >There were a few hooks used in both sysctl and platform_hypercall, so this was needed to avoid breaking the compile. I''ll delay their removal until the next patch in order to keep the changes confined to a single file, which was my original goal. -- Daniel De Graaf National Security Agency
Daniel De Graaf
2012-Nov-20 16:38 UTC
Re: [PATCH 01/19] libxl: introduce XSM relabel on build
On 11/19/2012 05:42 AM, Ian Campbell wrote:> On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote: >> Allow a domain to be built under one security label and run using a >> different label. This can be used to prevent the domain builder or >> control domain from having the ability to access a guest domain''s memory >> via map_foreign_range except during the build process where this is >> required. >> >> Note: this does not provide complete protection from a malicious dom0; >> mappings created during the build process may persist after the relabel, >> and could be used to indirectly access the guest''s memory. >> >> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> >> Cc: Ian Jackson <ian.jackson@eu.citrix.com> >> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> >> Cc: Ian Campbell <ian.campbell@citrix.com> >> --- >> tools/libxc/xc_flask.c | 10 ++++++++++ >> tools/libxc/xenctrl.h | 1 + >> tools/libxl/libxl_create.c | 4 ++++ >> tools/libxl/libxl_types.idl | 1 + >> tools/libxl/xl_cmdimpl.c | 20 +++++++++++++++++++- > > docs/man... pleaseThe following will be included in the next version: --- a/docs/man/xl.cfg.pod.5 +++ b/docs/man/xl.cfg.pod.5 @@ -270,6 +270,15 @@ UUID will be generated. Assign an XSM security label to this domain. +=item B<init_seclabel="LABEL"> + +Specify an XSM security label used for this domain temporarily during +its build. The domain''s XSM label will be changed to the execution +seclabel (specified by "seclabel") once the build is complete, prior to +unpausing the domain. With a properly constructed security policy (such +as nomigrate_t in the example policy), this can be used to build a +domain whose memory is not accessible to the toolstack domain. + =item B<nomigrate=BOOLEAN>>> diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl >> index 7eac4a8..93524f0 100644 >> --- a/tools/libxl/libxl_types.idl >> +++ b/tools/libxl/libxl_types.idl >> @@ -268,6 +268,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ >> ("video_memkb", MemKB), >> ("shadow_memkb", MemKB), >> ("rtc_timeoffset", uint32), >> + ("exec_ssidref", uint32), > > What is the significance of the "exec_" bit of the name?This ssidref is the one used during execution of the domain (as opposed to during build). I chose to add this rather than adding a field called init_ssidref because the new functionality is the ability to change the label prior to execution: the existing ssidref is already used at creation.>> ("localtime", libxl_defbool), >> ("disable_migrate", libxl_defbool), >> ("cpuid", libxl_cpuid_policy_list), > > Ian. >-- Daniel De Graaf National Security Agency
Jan Beulich
2012-Nov-20 16:39 UTC
Re: [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap
>>> On 19.11.12 at 15:53, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > On 11/19/2012 03:59 AM, Jan Beulich wrote: >>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >>> -static int flask_irq_permission (struct domain *d, int irq, uint8_t access) >>> +static int flask_unmap_domain_pirq (struct domain *d, int irq) >>> { >>> - u32 perm; >>> - u32 rsid; >>> + u32 sid; >>> int rc = -EPERM; >>> >>> - struct domain_security_struct *ssec, *tsec; >>> + struct domain_security_struct *ssec; >>> struct avc_audit_data ad; >>> >>> - rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, >>> - resource_to_perm(access)); >>> - >>> + rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, > RESOURCE__REMOVE); >>> if ( rc ) >>> return rc; >>> >>> - if ( access ) >>> - perm = RESOURCE__ADD_IRQ; >>> - else >>> - perm = RESOURCE__REMOVE_IRQ; >>> - >>> ssec = current->domain->ssid; >>> - tsec = d->ssid; >>> >>> - rc = get_irq_sid(irq, &rsid, &ad); >>> - if ( rc ) >>> - return rc; >>> - >>> - rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad); >>> + if ( irq >= nr_irqs_gsi ) { >> >> Isn''t the use of nr_irqs_gsi x86-specific? > > It''s defined in xen/include/xen/irq.h (not in an x86-specific file), so I > hadn''t assumed so. The check here is to avoid needing to allow access to > the MSI IRQs by number since they are dynamic and therefore meaningless in > a statically-defined policy.Indeed, there are other uses in common code. We may need to do something about this for ARM. Jan
Jan Beulich
2012-Nov-20 16:40 UTC
Re: [PATCH 09/19] xen: lock target domain in do_domctl common code
>>> On 19.11.12 at 16:20, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > On 11/19/2012 04:24 AM, Jan Beulich wrote: >>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >>> @@ -458,6 +443,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) > u_domctl) >>> if ( IS_ERR(d) ) >>> { >>> ret = PTR_ERR(d); >>> + d = NULL; >> >> Considering that in the common code you already set d to NULL, >> is there a specific reason why you do so again here ... >> >>> break; >>> } >>> >>> @@ -469,39 +455,28 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) > u_domctl) >>> op->domain = d->domain_id; >>> if ( copy_to_guest(u_domctl, op, 1) ) >>> ret = -EFAULT; >>> + d = NULL; >> >> ... and here? >> >> Same further down for XEN_DOMCTL_getdomaininfo. >> >> Jan >> >>> } >>> break; >>> >> >> >> > > This avoids unlocking the domain when it hasn''t been locked (at the > end of the function at domctl_out_unlock) or trying to unlock a > ERR_PTR value.Sorry, this doesn''t explain why d needs to be set to NULL twice. Jan
Daniel De Graaf
2012-Nov-20 16:44 UTC
Re: [PATCH 09/19] xen: lock target domain in do_domctl common code
On 11/20/2012 11:40 AM, Jan Beulich wrote:>>>> On 19.11.12 at 16:20, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >> On 11/19/2012 04:24 AM, Jan Beulich wrote: >>>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >>>> @@ -458,6 +443,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) >> u_domctl) >>>> if ( IS_ERR(d) ) >>>> { >>>> ret = PTR_ERR(d); >>>> + d = NULL; >>> >>> Considering that in the common code you already set d to NULL, >>> is there a specific reason why you do so again here ... >>> >>>> break; >>>> } >>>> >>>> @@ -469,39 +455,28 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) >> u_domctl) >>>> op->domain = d->domain_id; >>>> if ( copy_to_guest(u_domctl, op, 1) ) >>>> ret = -EFAULT; >>>> + d = NULL; >>> >>> ... and here? >>> >>> Same further down for XEN_DOMCTL_getdomaininfo. >>> >>> Jan >>> >>>> } >>>> break; >>>> >>> >>> >>> >> >> This avoids unlocking the domain when it hasn''t been locked (at the >> end of the function at domctl_out_unlock) or trying to unlock a >> ERR_PTR value. > > Sorry, this doesn''t explain why d needs to be set to NULL twice. > > Jan >Maybe I misunderstood you: do you think one of the two assignments is redundant? They are not, since the above is immediately followed by a break, which jumps out of the switch statement to domctl_lock_release(), and does not hit the second assignment. -- Daniel De Graaf National Security Agency
Jan Beulich
2012-Nov-20 16:53 UTC
Re: [PATCH 09/19] xen: lock target domain in do_domctl common code
>>> On 20.11.12 at 17:44, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: > On 11/20/2012 11:40 AM, Jan Beulich wrote: >>>>> On 19.11.12 at 16:20, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >>> On 11/19/2012 04:24 AM, Jan Beulich wrote: >>>>>>> On 16.11.12 at 19:28, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote: >>>>> @@ -458,6 +443,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) >>> u_domctl) >>>>> if ( IS_ERR(d) ) >>>>> { >>>>> ret = PTR_ERR(d); >>>>> + d = NULL; >>>> >>>> Considering that in the common code you already set d to NULL, >>>> is there a specific reason why you do so again here ... >>>> >>>>> break; >>>>> } >>>>> >>>>> @@ -469,39 +455,28 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) >>> u_domctl) >>>>> op->domain = d->domain_id; >>>>> if ( copy_to_guest(u_domctl, op, 1) ) >>>>> ret = -EFAULT; >>>>> + d = NULL; >>>> >>>> ... and here? >>>> >>>> Same further down for XEN_DOMCTL_getdomaininfo. >>>> >>>> Jan >>>> >>>>> } >>>>> break; >>>>> >>>> >>>> >>>> >>> >>> This avoids unlocking the domain when it hasn''t been locked (at the >>> end of the function at domctl_out_unlock) or trying to unlock a >>> ERR_PTR value. >> >> Sorry, this doesn''t explain why d needs to be set to NULL twice. >> >> Jan >> > > Maybe I misunderstood you: do you think one of the two assignments is > redundant? They are not, since the above is immediately followed by a > break, which jumps out of the switch statement to domctl_lock_release(), > and does not hit the second assignment.I thought they were redundant with the NULL assignment you added close to the top of the function. But I realize I was wrong with that. Jan
Daniel De Graaf
2012-Nov-20 17:26 UTC
Re: [PATCH 02/19] flask/policy: Add domain relabel example
On 11/19/2012 05:46 AM, Ian Campbell wrote:> On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote: >> This adds the nomigrate_t type to the example FLASK policy which allows >> domains to be created that dom0 cannot access after building. > > This is a very cool example of how even dom0''s privileges can be > curtailed, I like it! > > The fact that the domain can''t be migrated is more of a side-effect > though I guess, but I can''t really think of a better name (e.g. > "securedom_t" suggests other domains aren''t etc...)Especially as I have already used some of the other choices (protected, isolated) for other examples. The inability to migrate actually sums up the protection this provides: since the only reason dom0 has to read a domain''s memory is to migrate it, preventing migration should (in theory) prevent that access.> I''d ack it but this stuff is all Greek to me ;-)FLASK policies in general tend to be hard to read, especially since using the M4 macros is almost required to make a sane policy. There is some work at making a higher-level language for SELinux policy definition, so that can be applied to Xen at some point. Using sesearch on the Xen policy can also be useful to see what the result of the definitions is.>> >> Example domain configuration snippet: >> seclabel=''customer_1:vm_r:nomigrate_t'' >> init_seclabel=''customer_1:vm_r:nomigrate_t_building'' >> >> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> >> --- >> docs/misc/xsm-flask.txt | 2 + >> tools/flask/policy/policy/modules/xen/xen.if | 56 +++++++++++++++++++++------- >> tools/flask/policy/policy/modules/xen/xen.te | 10 +++++ >> 3 files changed, 55 insertions(+), 13 deletions(-) >> >> diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt >> index 6b0d327..0778a28 100644 >> --- a/docs/misc/xsm-flask.txt >> +++ b/docs/misc/xsm-flask.txt >> @@ -60,6 +60,8 @@ that can be used without dom0 disaggregation. The main types for domUs are: >> - domU_t is a domain that can communicate with any other domU_t >> - isolated_domU_t can only communicate with dom0 >> - prot_domU_t is a domain type whose creation can be disabled with a boolean >> + - nomigrate_t is a domain that must be created via the nomigrate_t_building >> + type, and whose memory cannot be read by dom0 once created >> >> HVM domains with stubdomain device models use two types (one per domain): >> - domHVM_t is an HVM domain that uses a stubdomain device model
Tim Deegan
2012-Nov-22 16:57 UTC
Re: [PATCH RFC 5/5] xen/xsm: include default hook action in name
Hi, At 09:51 -0500 on 20 Nov (1353405098), Daniel De Graaf wrote:> Include the default XSM hook action in the name of the hook in order to > allow quick understanding of how the call site is expected to be used > (dom0-only, arbitrary guest, or target-only).I like this a lot; it''s much less worrying than having to follow every xsm hook to see what it does. I would like it even more if the process were automatic -- as it stands your dummy hooks must be manually coded to do what their name implies, and if the code gets out of sync with the name it could be a long time before anyone spotted it. Would it be acceptable for every XSM hook to take a default action as its first argument? Then the call sites look like: xsm_do_mca(XSM_PRIV), xsm_unbind_pt_irq(XSM_HOOK, d, bind); and so forth, and every one of the dummy hooks is just a wrapper around a single central hook that DTRT with the default: static XSM_INLINE int xsm_do_mca(xsm_default_t default) { return xsm_default_action(default); } static XSM_INLINE int xsm_unbind_pt_irq(xsm_default_t default, struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return xsm_default_action(default); } and so forth. It should be very hard to get it wrong. I guess there might have to be a standard order for things that take a domain or an mfn, but do you think something along those lines could work? If adding an arg is too much overhead I''m sure the dummy ops could be autogenerated from the name with some nasty CPP. :) Tim.
Daniel De Graaf
2012-Nov-23 16:42 UTC
Re: [PATCH RFC 5/5] xen/xsm: include default hook action in name
On 11/22/2012 11:57 AM, Tim Deegan wrote:> Hi, > > At 09:51 -0500 on 20 Nov (1353405098), Daniel De Graaf wrote: >> Include the default XSM hook action in the name of the hook in order to >> allow quick understanding of how the call site is expected to be used >> (dom0-only, arbitrary guest, or target-only). > > I like this a lot; it''s much less worrying than having to follow every > xsm hook to see what it does. > > I would like it even more if the process were automatic -- as it stands > your dummy hooks must be manually coded to do what their name implies, > and if the code gets out of sync with the name it could be a long time > before anyone spotted it.That''s one thing I didn''t like about this scheme - it''s effectively coding a default security policy into function names, so changing that policy will make larger-than-necessary diffs, assuming all the locations are changed (although this will produce compile errors if tested with both XSM enabled and disabled, so not a big problem). However, I don''t think the behavior of the dummy hooks will change very much. In the event of a change, it is more likely that parameters (such as a new struct domain*) will need to be added in order to facilitate the new permission check, so changing the name at that time should be easy to catch.> Would it be acceptable for every XSM hook to take a default action as > its first argument? Then the call sites look like: > > xsm_do_mca(XSM_PRIV), > xsm_unbind_pt_irq(XSM_HOOK, d, bind); > > and so forth, and every one of the dummy hooks is just a wrapper around > a single central hook that DTRT with the default: > > static XSM_INLINE int xsm_do_mca(xsm_default_t default) > { > return xsm_default_action(default); > } > > static XSM_INLINE int xsm_unbind_pt_irq(xsm_default_t default, struct domain *d, struct xen_domctl_bind_pt_irq *bind) > { > return xsm_default_action(default); > } > > and so forth. It should be very hard to get it wrong. I guess there > might have to be a standard order for things that take a domain or an > mfn, but do you think something along those lines could work?This would not work for all the hooks, although it would work for most: domctl and mmu_update are both too complex for this type of hack, and console_io would need its #define moved back up to the source. For the other hooks, you would have to code in the domain arguments manually (sometimes current->domain is available, sometimes it''s not) so it''s not automatically an improvement in readability since you still have to look inside dummy.h to see what domain arguments are being checked. When I first looked at this, I had thought that it could be implemented by discarding the xsm_default_t argument if XSM is enabled, but this would make it very likely that the behavior of the dummy XSM module would be different from a build with XSM disabled, which we want to avoid. And, now that I''ve actually looked at implementing this, the arguments to xsm_default_action are difficult to specify. The obvious prototype: int xsm_default_action(xsm_default_t, struct domain* s, struct domain* d) would require passing something (either NULL or current->domain) for those hooks that do not have source and destination domains. This adds another possible issue: if someone changes xsm_unbind_pt_irq from XSM_HOOK to XSM_TARGET, they might get surprise null dereferences or end up checking current->domain instead of the actual target - which will pass even when it should not. This also makes the dummy module larger when compiled: since the compiler can''t propagate constants through a function pointer call, the dummy module will end up needing to handle all possible values of xsm_default_t even though it will only ever be called with one.> If adding an arg is too much overhead I''m sure the dummy ops could > be autogenerated from the name with some nasty CPP. :) > > Tim.I just got rid of some nasty CPP in order to make ctags able to follow xsm_* to the dummy implementation, which I personally find more helpful in understanding XSM hooks at a glance - especially if you are trying to decipher what exactly is implied by the prefixes or constant names. I think a solution similar to yours could work, although it''s not as nice looking - use the constants in the source files but have them compiled out of the XSM hooks, and have the dummy ops include a compile-time assertion in the XSM-disabled case to verify that the constant passed in matches their implementation; something like: #define BUILD_ASSERT(x) if (!(x)) cause_linker_error_if_not_inlined_out() #ifdef XSM_ENABLE /* XSM_INLINE == empty; compiled in to dummy.c */ #define XSM_DEFAULT_VOID void #define XSM_DEFAULT_ARG #define XSM_ASSERT_ACTION(action) xsm_default_t default = action #else /* XSM_INLINE == inline; compiled as a header */ #define XSM_DEFAULT_VOID xsm_default_t default #define XSM_DEFAULT_ARG xsm_default_t default, #define XSM_ASSERT_ACTION(action) BUILD_ASSERT(default == action) #endif static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(default, current->domain, NULL); } static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(default, current->domain, d); } Does this seem reasonable? It would force some level of compiler optimization to be used at all times, but I think that''s already required due to GCC otherwise wasting lots of stack space. -- Daniel De Graaf National Security Agency
Tim Deegan
2012-Nov-27 14:49 UTC
Re: [PATCH RFC 5/5] xen/xsm: include default hook action in name
At 11:42 -0500 on 23 Nov (1353670952), Daniel De Graaf wrote:> This would not work for all the hooks, although it would work for most: > domctl and mmu_update are both too complex for this type of hack, and > console_io would need its #define moved back up to the source. For the > other hooks, you would have to code in the domain arguments manually > (sometimes current->domain is available, sometimes it''s not) so it''s not > automatically an improvement in readability since you still have to look > inside dummy.h to see what domain arguments are being checked.Hrmn. Yes, I see.> I think a solution similar to yours could work, although it''s not as > nice looking - use the constants in the source files but have them > compiled out of the XSM hooks, and have the dummy ops include a > compile-time assertion in the XSM-disabled case to verify that the > constant passed in matches their implementation; something like: > > #define BUILD_ASSERT(x) if (!(x)) cause_linker_error_if_not_inlined_out() > #ifdef XSM_ENABLE > /* XSM_INLINE == empty; compiled in to dummy.c */ > #define XSM_DEFAULT_VOID void > #define XSM_DEFAULT_ARG > #define XSM_ASSERT_ACTION(action) xsm_default_t default = action > #else > /* XSM_INLINE == inline; compiled as a header */ > #define XSM_DEFAULT_VOID xsm_default_t default > #define XSM_DEFAULT_ARG xsm_default_t default, > #define XSM_ASSERT_ACTION(action) BUILD_ASSERT(default == action) > #endif > > static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) > { > XSM_ASSERT_ACTION(XSM_PRIV); > return xsm_default_action(default, current->domain, NULL); > }So on an xsm-disabled build this checks that the action is the right one. And if it''s changed the author has to touch this file so will be more likely to see that there is some other code to be changed. Nice. The CPP gore is a bit unfortunate, but I think it''s worth it (as long as it gets a great big comment explaining how it should be used, of course!).> static XSM_INLINE int xsm_unbind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) > { > XSM_ASSERT_ACTION(XSM_HOOK); > return xsm_default_action(default, current->domain, d); > } > > Does this seem reasonable? It would force some level of compiler > optimization to be used at all times, but I think that''s already > required due to GCC otherwise wasting lots of stack space.Yes, even debug builds get -O1. Tim.