[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] xsm: remove unused xsm_assign_vector check



# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1322862315 28800
# Node ID 841c330b23a64461aa246ed024e57082f1cd051b
# Parent  fba8c4003f427e0ec8135d96a10f74b94d3178fd
xsm: remove unused xsm_assign_vector check

The PHYSDEVOP_alloc_irq_vector hypercall is a noop, so its XSM check
is not useful. Remove it and the "event vector" FLASK permission.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---


diff -r fba8c4003f42 -r 841c330b23a6 
tools/flask/policy/policy/flask/access_vectors
--- a/tools/flask/policy/policy/flask/access_vectors    Fri Dec 02 13:44:26 
2011 -0800
+++ b/tools/flask/policy/policy/flask/access_vectors    Fri Dec 02 13:45:15 
2011 -0800
@@ -100,7 +100,6 @@
        status
        notify
        create
-    vector
     reset
 }
 
diff -r fba8c4003f42 -r 841c330b23a6 
tools/flask/policy/policy/modules/xen/xen.if
--- a/tools/flask/policy/policy/modules/xen/xen.if      Fri Dec 02 13:44:26 
2011 -0800
+++ b/tools/flask/policy/policy/modules/xen/xen.if      Fri Dec 02 13:45:15 
2011 -0800
@@ -67,7 +67,6 @@
 ###############################################################################
 define(`create_passthrough_resource', `
         type $3, resource_type;
-        allow $1 $3:event vector;
         allow $1 $2:resource {add remove};
         allow $1 ioport_t:resource {add_ioport use};
         allow $1 iomem_t:resource {add_iomem use};
diff -r fba8c4003f42 -r 841c330b23a6 
tools/flask/policy/policy/modules/xen/xen.te
--- a/tools/flask/policy/policy/modules/xen/xen.te      Fri Dec 02 13:44:26 
2011 -0800
+++ b/tools/flask/policy/policy/modules/xen/xen.te      Fri Dec 02 13:45:15 
2011 -0800
@@ -31,7 +31,6 @@
 
 allow dom0_t domio_t:mmu {map_read map_write};
 allow dom0_t iomem_t:mmu {map_read map_write};
-allow dom0_t pirq_t:event {vector};
 allow dom0_t xen_t:mmu {memorymap};
 
 allow dom0_t dom0_t:mmu {pinpage map_read map_write adjust updatemp};
diff -r fba8c4003f42 -r 841c330b23a6 xen/arch/x86/physdev.c
--- a/xen/arch/x86/physdev.c    Fri Dec 02 13:44:26 2011 -0800
+++ b/xen/arch/x86/physdev.c    Fri Dec 02 13:45:15 2011 -0800
@@ -452,10 +452,6 @@
         if ( !IS_PRIV(v->domain) )
             break;
 
-        ret = xsm_assign_vector(v->domain, irq_op.irq);
-        if ( ret )
-            break;
-
         /* Vector is only used by hypervisor, and dom0 shouldn't
            touch it in its world, return irq_op.irq as the vecotr,
            and make this hypercall dummy, and also defer the vector 
diff -r fba8c4003f42 -r 841c330b23a6 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h     Fri Dec 02 13:44:26 2011 -0800
+++ b/xen/include/xsm/xsm.h     Fri Dec 02 13:45:15 2011 -0800
@@ -129,7 +129,6 @@
     int (*hvm_set_pci_link_route) (struct domain *d);
     int (*hvm_inject_msi) (struct domain *d);
     int (*apic) (struct domain *d, int cmd);
-    int (*assign_vector) (struct domain *d, uint32_t pirq);
     int (*xen_settime) (void);
     int (*memtype) (uint32_t access);
     int (*microcode) (void);
@@ -536,11 +535,6 @@
     return xsm_call(apic(d, cmd));
 }
 
-static inline int xsm_assign_vector (struct domain *d, uint32_t pirq)
-{
-    return xsm_call(assign_vector(d, pirq));
-}
-
 static inline int xsm_xen_settime (void)
 {
     return xsm_call(xen_settime());
diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/dummy.c
--- a/xen/xsm/dummy.c   Fri Dec 02 13:44:26 2011 -0800
+++ b/xen/xsm/dummy.c   Fri Dec 02 13:45:15 2011 -0800
@@ -345,11 +345,6 @@
     return 0;
 }
 
-static int dummy_assign_vector (struct domain *d, uint32_t pirq)
-{
-    return 0;
-}
-
 static int dummy_xen_settime (void)
 {
     return 0;
@@ -560,7 +555,6 @@
     set_to_dummy_if_null(ops, hvm_set_isa_irq_level);
     set_to_dummy_if_null(ops, hvm_set_pci_link_route);
     set_to_dummy_if_null(ops, apic);
-    set_to_dummy_if_null(ops, assign_vector);
     set_to_dummy_if_null(ops, xen_settime);
     set_to_dummy_if_null(ops, memtype);
     set_to_dummy_if_null(ops, microcode);
diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c     Fri Dec 02 13:44:26 2011 -0800
+++ b/xen/xsm/flask/hooks.c     Fri Dec 02 13:45:15 2011 -0800
@@ -907,18 +907,6 @@
     return domain_has_xen(d, perm);
 }
 
-static int flask_assign_vector(struct domain *d, uint32_t pirq)
-{
-    u32 psid;
-    struct domain_security_struct *dsec;
-    dsec = d->ssid;
-
-    if ( security_pirq_sid(pirq, &psid) )
-        return -EPERM;
-
-    return avc_has_perm(dsec->sid, psid, SECCLASS_EVENT, EVENT__VECTOR, NULL);
-}
-
 static int flask_xen_settime(void)
 {
     return domain_has_xen(current->domain, XEN__SETTIME);
@@ -1306,7 +1294,6 @@
     .hvm_set_isa_irq_level = flask_hvm_set_isa_irq_level,
     .hvm_set_pci_link_route = flask_hvm_set_pci_link_route,
     .apic = flask_apic,
-    .assign_vector = flask_assign_vector,
     .xen_settime = flask_xen_settime,
     .memtype = flask_memtype,
     .microcode = flask_microcode,
diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/flask/include/av_perm_to_string.h
--- a/xen/xsm/flask/include/av_perm_to_string.h Fri Dec 02 13:44:26 2011 -0800
+++ b/xen/xsm/flask/include/av_perm_to_string.h Fri Dec 02 13:45:15 2011 -0800
@@ -56,18 +56,17 @@
    S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc")
    S_(SECCLASS_HVM, HVM__SETPARAM, "setparam")
    S_(SECCLASS_HVM, HVM__GETPARAM, "getparam")
-   S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
    S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel")
    S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel")
    S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute")
    S_(SECCLASS_HVM, HVM__BIND_IRQ, "bind_irq")
    S_(SECCLASS_HVM, HVM__CACHEATTR, "cacheattr")
+   S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram")
    S_(SECCLASS_EVENT, EVENT__BIND, "bind")
    S_(SECCLASS_EVENT, EVENT__SEND, "send")
    S_(SECCLASS_EVENT, EVENT__STATUS, "status")
    S_(SECCLASS_EVENT, EVENT__NOTIFY, "notify")
    S_(SECCLASS_EVENT, EVENT__CREATE, "create")
-   S_(SECCLASS_EVENT, EVENT__VECTOR, "vector")
    S_(SECCLASS_EVENT, EVENT__RESET, "reset")
    S_(SECCLASS_GRANT, GRANT__MAP_READ, "map_read")
    S_(SECCLASS_GRANT, GRANT__MAP_WRITE, "map_write")
diff -r fba8c4003f42 -r 841c330b23a6 xen/xsm/flask/include/av_permissions.h
--- a/xen/xsm/flask/include/av_permissions.h    Fri Dec 02 13:44:26 2011 -0800
+++ b/xen/xsm/flask/include/av_permissions.h    Fri Dec 02 13:45:15 2011 -0800
@@ -70,8 +70,7 @@
 #define EVENT__STATUS                             0x00000004UL
 #define EVENT__NOTIFY                             0x00000008UL
 #define EVENT__CREATE                             0x00000010UL
-#define EVENT__VECTOR                             0x00000020UL
-#define EVENT__RESET                              0x00000040UL
+#define EVENT__RESET                              0x00000020UL
 
 #define GRANT__MAP_READ                           0x00000001UL
 #define GRANT__MAP_WRITE                          0x00000002UL

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.