[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] [LINUX] Remove hypercall permission checks from privcmd driver.



# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID 12daa88262c5543d997b28f918573bf86cdd3ebd
# Parent  54a905c6c84d0083c1b6b69b1053b0cec2757f9b
[LINUX] Remove hypercall permission checks from privcmd driver.

This will allow the tools management to be revised independently
of dom0 kernel interfaces. Currently tools cannot be 'smarter'
than the kernel in terms of hypercalls they know about, because
the kernel disallows access to any hypercalls it does not know
about.

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c |   23 ---------------------
 1 files changed, 23 deletions(-)

diff -r 54a905c6c84d -r 12daa88262c5 
linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c
--- a/linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c        Thu Aug 24 
17:24:54 2006 +0100
+++ b/linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c        Thu Aug 24 
17:58:28 2006 +0100
@@ -35,9 +35,6 @@ static struct proc_dir_entry *privcmd_in
 static struct proc_dir_entry *privcmd_intf;
 static struct proc_dir_entry *capabilities_intf;
 
-#define NR_HYPERCALLS 64
-static DECLARE_BITMAP(hypercall_permission_map, NR_HYPERCALLS);
-
 static int privcmd_ioctl(struct inode *inode, struct file *file,
                         unsigned int cmd, unsigned long data)
 {
@@ -50,12 +47,6 @@ static int privcmd_ioctl(struct inode *i
   
                if (copy_from_user(&hypercall, udata, sizeof(hypercall)))
                        return -EFAULT;
-
-               /* Check hypercall number for validity. */
-               if (hypercall.op >= NR_HYPERCALLS)
-                       return -EINVAL;
-               if (!test_bit(hypercall.op, hypercall_permission_map))
-                       return -EINVAL;
 
 #if defined(__i386__)
                __asm__ __volatile__ (
@@ -262,20 +253,6 @@ static int __init privcmd_init(void)
        if (!is_running_on_xen())
                return -ENODEV;
 
-       /* Set of hypercalls that privileged applications may execute. */
-       set_bit(__HYPERVISOR_acm_op,           hypercall_permission_map);
-       set_bit(__HYPERVISOR_dom0_op,          hypercall_permission_map);
-       set_bit(__HYPERVISOR_event_channel_op, hypercall_permission_map);
-       set_bit(__HYPERVISOR_memory_op,        hypercall_permission_map);
-       set_bit(__HYPERVISOR_mmu_update,       hypercall_permission_map);
-       set_bit(__HYPERVISOR_mmuext_op,        hypercall_permission_map);
-       set_bit(__HYPERVISOR_xen_version,      hypercall_permission_map);
-       set_bit(__HYPERVISOR_sched_op,         hypercall_permission_map);
-       set_bit(__HYPERVISOR_sched_op_compat,  hypercall_permission_map);
-       set_bit(__HYPERVISOR_event_channel_op_compat,
-               hypercall_permission_map);
-       set_bit(__HYPERVISOR_hvm_op,           hypercall_permission_map);
-
        privcmd_intf = create_xen_proc_entry("privcmd", 0400);
        if (privcmd_intf != NULL)
                privcmd_intf->proc_fops = &privcmd_file_ops;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.