[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] tmem: add XSM hooks

  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-unstable <patchbot@xxxxxxx>
  • Date: Wed, 16 Jan 2013 08:22:16 +0000
  • Delivery-date: Wed, 16 Jan 2013 08:22:23 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1357901203 0
# Node ID 21f0e200f6b02bd02c4eb4aeae8ff6e84cd5b1d8
# Parent  1d94ac6cf85adbcfc5d5c1e45bc165f9a97f5634
tmem: add XSM hooks

This adds a pair of XSM hooks for tmem operations: xsm_tmem_op which
controls any use of tmem, and xsm_tmem_control which allows use of the
TMEM_CONTROL operations. By default, all domains can use tmem while
only IS_PRIV domains can use control operations.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Acked-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---


diff -r 1d94ac6cf85a -r 21f0e200f6b0 
tools/flask/policy/policy/modules/xen/xen.te
--- a/tools/flask/policy/policy/modules/xen/xen.te      Fri Jan 11 10:44:01 
2013 +0000
+++ b/tools/flask/policy/policy/modules/xen/xen.te      Fri Jan 11 10:46:43 
2013 +0000
@@ -56,7 +56,7 @@ type device_t, resource_type;
 
################################################################################
 allow dom0_t xen_t:xen { kexec readapic writeapic mtrr_read mtrr_add mtrr_del
        scheduler physinfo heap quirk readconsole writeconsole settime 
getcpuinfo
-       microcode cpupool_op sched_op pm_op };
+       microcode cpupool_op sched_op pm_op tmem_control };
 allow dom0_t xen_t:mmu { memorymap };
 allow dom0_t security_t:security { check_context compute_av compute_create
        compute_member load_policy compute_relabel compute_user setenforce
@@ -74,6 +74,9 @@ domain_comms(dom0_t, dom0_t)
 
 auditallow dom0_t security_t:security { load_policy setenforce setbool };
 
+# Allow all domains to use (unprivileged parts of) the tmem hypercall
+allow domain_type xen_t:xen tmem_op;
+
 ###############################################################################
 #
 # Domain creation
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/common/tmem.c
--- a/xen/common/tmem.c Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/common/tmem.c Fri Jan 11 10:46:43 2013 +0000
@@ -2644,6 +2644,9 @@ EXPORT long do_tmem_op(tmem_cli_op_t uop
     if ( !tmem_initialized )
         return -ENODEV;
 
+    if ( !tmh_current_permitted() )
+        return -EPERM;
+
     total_tmem_ops++;
 
     if ( tmh_lock_all )
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/include/xen/tmem_xen.h
--- a/xen/include/xen/tmem_xen.h        Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/include/xen/tmem_xen.h        Fri Jan 11 10:46:43 2013 +0000
@@ -16,6 +16,7 @@
 #include <xen/guest_access.h> /* copy_from_guest */
 #include <xen/hash.h> /* hash_long */
 #include <xen/domain_page.h> /* __map_domain_page */
+#include <xsm/xsm.h> /* xsm_tmem_control */
 #include <public/tmem.h>
 #ifdef CONFIG_COMPAT
 #include <compat/tmem.h>
@@ -326,9 +327,14 @@ static inline bool_t tmh_set_client_from
     return rc;
 }
 
+static inline bool_t tmh_current_permitted(void)
+{
+    return !xsm_tmem_op(XSM_HOOK);
+}
+
 static inline bool_t tmh_current_is_privileged(void)
 {
-    return IS_PRIV(current->domain);
+    return !xsm_tmem_control(XSM_PRIV);
 }
 
 static inline uint8_t tmh_get_first_byte(pfp_t *pfp)
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/include/xsm/dummy.h
--- a/xen/include/xsm/dummy.h   Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/include/xsm/dummy.h   Fri Jan 11 10:46:43 2013 +0000
@@ -371,6 +371,18 @@ static XSM_INLINE int xsm_page_offline(X
     return xsm_default_action(action, current->domain, NULL);
 }
 
+static XSM_INLINE int xsm_tmem_op(XSM_DEFAULT_VOID)
+{
+    XSM_ASSERT_ACTION(XSM_HOOK);
+    return xsm_default_action(action, current->domain, NULL);
+}
+
+static XSM_INLINE int xsm_tmem_control(XSM_DEFAULT_VOID)
+{
+    XSM_ASSERT_ACTION(XSM_PRIV);
+    return xsm_default_action(action, current->domain, NULL);
+}
+
 static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
 {
     return -ENOSYS;
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h     Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/include/xsm/xsm.h     Fri Jan 11 10:46:43 2013 +0000
@@ -119,6 +119,8 @@ struct xsm_operations {
     int (*resource_setup_misc) (void);
 
     int (*page_offline)(uint32_t cmd);
+    int (*tmem_op)(void);
+    int (*tmem_control)(void);
 
     long (*do_xsm_op) (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op);
 
@@ -441,6 +443,16 @@ static inline int xsm_page_offline(xsm_d
     return xsm_ops->page_offline(cmd);
 }
 
+static inline int xsm_tmem_op(xsm_default_t def)
+{
+    return xsm_ops->tmem_op();
+}
+
+static inline int xsm_tmem_control(xsm_default_t def)
+{
+    return xsm_ops->tmem_control();
+}
+
 static inline long xsm_do_xsm_op (XEN_GUEST_HANDLE_PARAM(xsm_op_t) op)
 {
     return xsm_ops->do_xsm_op(op);
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/xsm/dummy.c
--- a/xen/xsm/dummy.c   Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/xsm/dummy.c   Fri Jan 11 10:46:43 2013 +0000
@@ -94,6 +94,8 @@ void xsm_fixup_ops (struct xsm_operation
     set_to_dummy_if_null(ops, resource_setup_misc);
 
     set_to_dummy_if_null(ops, page_offline);
+    set_to_dummy_if_null(ops, tmem_op);
+    set_to_dummy_if_null(ops, tmem_control);
 
     set_to_dummy_if_null(ops, do_xsm_op);
 
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c     Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/xsm/flask/hooks.c     Fri Jan 11 10:46:43 2013 +0000
@@ -1017,6 +1017,16 @@ static inline int flask_page_offline(uin
     }
 }
 
+static inline int flask_tmem_op(void)
+{
+    return domain_has_xen(current->domain, XEN__TMEM_OP);
+}
+
+static inline int flask_tmem_control(void)
+{
+    return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
+}
+
 #ifdef CONFIG_X86
 static int flask_shadow_control(struct domain *d, uint32_t op)
 {
@@ -1456,6 +1466,8 @@ static struct xsm_operations flask_ops =
     .resource_setup_misc = flask_resource_setup_misc,
 
     .page_offline = flask_page_offline,
+    .tmem_op = flask_tmem_op,
+    .tmem_control = flask_tmem_control,
 
     .do_xsm_op = do_flask_op,
 
diff -r 1d94ac6cf85a -r 21f0e200f6b0 xen/xsm/flask/policy/access_vectors
--- a/xen/xsm/flask/policy/access_vectors       Fri Jan 11 10:44:01 2013 +0000
+++ b/xen/xsm/flask/policy/access_vectors       Fri Jan 11 10:46:43 2013 +0000
@@ -35,6 +35,8 @@ class xen
        lockprof
        cpupool_op
        sched_op
+       tmem_op
+       tmem_control
 }
 
 class domain

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.