Xen project Mailing List

[Xen-changelog] [xen-unstable] xen: add XSM hook for XENMEM_exchange

From: Xen patchbot-unstable <patchbot@xxxxxxx>

Date: Wed, 16 Jan 2013 08:22:13 +0000

Delivery-date: Wed, 16 Jan 2013 08:22:22 +0000

List-id: "Change log for Mercurial $receive only$" <xen-changelog.lists.xen.org>

# HG changeset patch # User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> # Date 1357900858 0 # Node ID 50418c161c75d0f8439f686ad2813dcfdcc16e5a # Parent 1afbedca64ea6671d2dae5dfb8a886e69ce39d20 xen: add XSM hook for XENMEM_exchange Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Committed-by: Keir Fraser <keir@xxxxxxx> --- diff -r 1afbedca64ea -r 50418c161c75 tools/flask/policy/policy/modules/xen/xen.if --- a/tools/flask/policy/policy/modules/xen/xen.if Fri Jan 11 10:39:58 2013 +0000 +++ b/tools/flask/policy/policy/modules/xen/xen.if Fri Jan 11 10:40:58 2013 +0000 @@ -30,6 +30,7 @@ define(`declare_domain', ` # containing at most one domain. This is not enforced by policy. define(`declare_singleton_domain', ` type $1, domain_type`'ifelse(`$#', `1', `', `,shift($@)'); + define(`$1_self', `$1') type $1_channel, event_type; type_transition $1 domain_type:event $1_channel; declare_domain_common($1, $1) @@ -161,6 +162,7 @@ define(`make_device_model', ` # use_device(domain, device) # Allow a device to be used by a domain define(`use_device', ` + allow $1 $1_self:mmu exchange; allow $1 $2:resource use; allow $1 domio_t:mmu { map_read map_write }; ') diff -r 1afbedca64ea -r 50418c161c75 xen/common/memory.c --- a/xen/common/memory.c Fri Jan 11 10:39:58 2013 +0000 +++ b/xen/common/memory.c Fri Jan 11 10:40:58 2013 +0000 @@ -341,9 +341,19 @@ static long memory_exchange(XEN_GUEST_HA out_chunk_order = exch.in.extent_order - exch.out.extent_order; } - rc = rcu_lock_target_domain_by_id(exch.in.domid, &d); + d = rcu_lock_domain_by_any_id(exch.in.domid); + if ( d == NULL ) + { + rc = -ESRCH; + goto fail_early; + } + + rc = xsm_memory_exchange(d); if ( rc ) + { + rcu_unlock_domain(d); goto fail_early; + } memflags |= MEMF_bits(domain_clamp_alloc_bitsize( d, diff -r 1afbedca64ea -r 50418c161c75 xen/include/xsm/dummy.h --- a/xen/include/xsm/dummy.h Fri Jan 11 10:39:58 2013 +0000 +++ b/xen/include/xsm/dummy.h Fri Jan 11 10:40:58 2013 +0000 @@ -235,6 +235,13 @@ static XSM_INLINE int xsm_grant_query_si return 0; } +static XSM_INLINE int xsm_memory_exchange(struct domain *d) +{ + if ( d != current->domain && !IS_PRIV_FOR(current->domain, d) ) + return -EPERM; + return 0; +} + static XSM_INLINE int xsm_memory_adjust_reservation(struct domain *d1, struct domain *d2) { diff -r 1afbedca64ea -r 50418c161c75 xen/include/xsm/xsm.h --- a/xen/include/xsm/xsm.h Fri Jan 11 10:39:58 2013 +0000 +++ b/xen/include/xsm/xsm.h Fri Jan 11 10:40:58 2013 +0000 @@ -96,6 +96,7 @@ struct xsm_operations { int (*get_pod_target) (struct domain *d); int (*set_pod_target) (struct domain *d); + int (*memory_exchange) (struct domain *d); int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2); int (*memory_stat_reservation) (struct domain *d1, struct domain *d2); int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct page_info *page); @@ -453,6 +454,11 @@ static inline int xsm_set_pod_target (st return xsm_ops->set_pod_target(d); } +static inline int xsm_memory_exchange (struct domain *d) +{ + return xsm_ops->memory_exchange(d); +} + static inline int xsm_memory_adjust_reservation (struct domain *d1, struct domain *d2) { diff -r 1afbedca64ea -r 50418c161c75 xen/xsm/dummy.c --- a/xen/xsm/dummy.c Fri Jan 11 10:39:58 2013 +0000 +++ b/xen/xsm/dummy.c Fri Jan 11 10:40:58 2013 +0000 @@ -84,6 +84,7 @@ void xsm_fixup_ops (struct xsm_operation set_to_dummy_if_null(ops, get_pod_target); set_to_dummy_if_null(ops, set_pod_target); + set_to_dummy_if_null(ops, memory_exchange); set_to_dummy_if_null(ops, memory_adjust_reservation); set_to_dummy_if_null(ops, memory_stat_reservation); set_to_dummy_if_null(ops, memory_pin_page); diff -r 1afbedca64ea -r 50418c161c75 xen/xsm/flask/hooks.c --- a/xen/xsm/flask/hooks.c Fri Jan 11 10:39:58 2013 +0000 +++ b/xen/xsm/flask/hooks.c Fri Jan 11 10:40:58 2013 +0000 @@ -396,6 +396,11 @@ static int flask_set_pod_target(struct d return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET); } +static int flask_memory_exchange(struct domain *d) +{ + return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE); +} + static int flask_memory_adjust_reservation(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST); @@ -1686,6 +1691,7 @@ static struct xsm_operations flask_ops = .get_pod_target = flask_get_pod_target, .set_pod_target = flask_set_pod_target, + .memory_exchange = flask_memory_exchange, .memory_adjust_reservation = flask_memory_adjust_reservation, .memory_stat_reservation = flask_memory_stat_reservation, .memory_pin_page = flask_memory_pin_page, diff -r 1afbedca64ea -r 50418c161c75 xen/xsm/flask/policy/access_vectors --- a/xen/xsm/flask/policy/access_vectors Fri Jan 11 10:39:58 2013 +0000 +++ b/xen/xsm/flask/policy/access_vectors Fri Jan 11 10:40:58 2013 +0000 @@ -142,6 +142,7 @@ class mmu memorymap remote_remap mmuext_op + exchange } class shadow _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.