[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] xen: convert do_domctl to use XSM


  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-unstable <patchbot@xxxxxxx>
  • Date: Wed, 16 Jan 2013 08:22:09 +0000
  • Delivery-date: Wed, 16 Jan 2013 08:22:24 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1357898985 0
# Node ID fd939d1a9b306b5e219fd1080eefdcd1c47cfcb0
# Parent  ba386fd2bf17fd30e8215bedc3187c95b8eb9e6b
xen: convert do_domctl to use XSM

The xsm_domctl hook now covers every domctl, in addition to the more
fine-grained XSM hooks in most sub-functions. This also removes the
need to special-case XEN_DOMCTL_getdomaininfo.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---


diff -r ba386fd2bf17 -r fd939d1a9b30 xen/common/domctl.c
--- a/xen/common/domctl.c       Fri Jan 11 10:07:19 2013 +0000
+++ b/xen/common/domctl.c       Fri Jan 11 10:09:45 2013 +0000
@@ -265,27 +265,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
             return -ESRCH;
     }
 
-    switch ( op->cmd )
-    {
-    case XEN_DOMCTL_ioport_mapping:
-    case XEN_DOMCTL_memory_mapping:
-    case XEN_DOMCTL_bind_pt_irq:
-    case XEN_DOMCTL_unbind_pt_irq: {
-        bool_t is_priv = IS_PRIV_FOR(current->domain, d);
-        if ( !is_priv )
-        {
-            ret = -EPERM;
-            goto domctl_out_unlock_domonly;
-        }
-        break;
-    }
-    case XEN_DOMCTL_getdomaininfo:
-        break;
-    default:
-        if ( !IS_PRIV(current->domain) )
-            return -EPERM;
-        break;
-    }
+    ret = xsm_domctl(d, op->cmd);
+    if ( ret )
+        goto domctl_out_unlock_domonly;
 
     if ( !domctl_lock_acquire() )
     {
@@ -855,17 +837,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
 
     case XEN_DOMCTL_subscribe:
     {
-        ret = xsm_domctl(d, op->cmd);
-        if ( !ret )
-            d->suspend_evtchn = op->u.subscribe.port;
+        d->suspend_evtchn = op->u.subscribe.port;
     }
     break;
 
     case XEN_DOMCTL_disable_migrate:
     {
-        ret = xsm_domctl(d, op->cmd);
-        if ( !ret )
-            d->disable_migrate = op->u.disable_migrate.disable;
+        d->disable_migrate = op->u.disable_migrate.disable;
     }
     break;
 
diff -r ba386fd2bf17 -r fd939d1a9b30 xen/include/xsm/dummy.h
--- a/xen/include/xsm/dummy.h   Fri Jan 11 10:07:19 2013 +0000
+++ b/xen/include/xsm/dummy.h   Fri Jan 11 10:09:45 2013 +0000
@@ -64,8 +64,6 @@ static XSM_INLINE int xsm_scheduler(stru
 
 static XSM_INLINE int xsm_getdomaininfo(struct domain *d)
 {
-    if ( !IS_PRIV(current->domain) )
-        return -EPERM;
     return 0;
 }
 
@@ -91,6 +89,20 @@ static XSM_INLINE int xsm_set_target(str
 
 static XSM_INLINE int xsm_domctl(struct domain *d, int cmd)
 {
+    switch ( cmd )
+    {
+    case XEN_DOMCTL_ioport_mapping:
+    case XEN_DOMCTL_memory_mapping:
+    case XEN_DOMCTL_bind_pt_irq:
+    case XEN_DOMCTL_unbind_pt_irq: {
+        if ( !IS_PRIV_FOR(current->domain, d) )
+            return -EPERM;
+        break;
+    }
+    default:
+        if ( !IS_PRIV(current->domain) )
+            return -EPERM;
+    }
     return 0;
 }
 
diff -r ba386fd2bf17 -r fd939d1a9b30 xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c     Fri Jan 11 10:07:19 2013 +0000
+++ b/xen/xsm/flask/hooks.c     Fri Jan 11 10:09:45 2013 +0000
@@ -582,7 +582,90 @@ static int flask_set_target(struct domai
 
 static int flask_domctl(struct domain *d, int cmd)
 {
-    return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 
DOMAIN__SET_MISC_INFO);
+    switch ( cmd )
+    {
+    /* These have individual XSM hooks (common/domctl.c) */
+    case XEN_DOMCTL_createdomain:
+    case XEN_DOMCTL_destroydomain:
+    case XEN_DOMCTL_pausedomain:
+    case XEN_DOMCTL_unpausedomain:
+    case XEN_DOMCTL_getdomaininfo:
+    case XEN_DOMCTL_setvcpuaffinity:
+    case XEN_DOMCTL_max_mem:
+    case XEN_DOMCTL_setvcpucontext:
+    case XEN_DOMCTL_getvcpucontext:
+    case XEN_DOMCTL_getvcpuinfo:
+    case XEN_DOMCTL_max_vcpus:
+    case XEN_DOMCTL_scheduler_op:
+    case XEN_DOMCTL_setdomainhandle:
+    case XEN_DOMCTL_setdebugging:
+    case XEN_DOMCTL_irq_permission:
+    case XEN_DOMCTL_iomem_permission:
+    case XEN_DOMCTL_settimeoffset:
+    case XEN_DOMCTL_getvcpuaffinity:
+    case XEN_DOMCTL_resumedomain:
+    case XEN_DOMCTL_set_target:
+    case XEN_DOMCTL_set_virq_handler:
+#ifdef CONFIG_X86
+    /* These have individual XSM hooks (arch/x86/domctl.c) */
+    case XEN_DOMCTL_shadow_op:
+    case XEN_DOMCTL_ioport_permission:
+    case XEN_DOMCTL_getpageframeinfo:
+    case XEN_DOMCTL_getpageframeinfo2:
+    case XEN_DOMCTL_getpageframeinfo3:
+    case XEN_DOMCTL_getmemlist:
+    case XEN_DOMCTL_hypercall_init:
+    case XEN_DOMCTL_sethvmcontext:
+    case XEN_DOMCTL_gethvmcontext:
+    case XEN_DOMCTL_gethvmcontext_partial:
+    case XEN_DOMCTL_set_address_size:
+    case XEN_DOMCTL_get_address_size:
+    case XEN_DOMCTL_set_machine_address_size:
+    case XEN_DOMCTL_get_machine_address_size:
+    case XEN_DOMCTL_sendtrigger:
+    case XEN_DOMCTL_bind_pt_irq:
+    case XEN_DOMCTL_unbind_pt_irq:
+    case XEN_DOMCTL_memory_mapping:
+    case XEN_DOMCTL_ioport_mapping:
+    case XEN_DOMCTL_pin_mem_cacheattr:
+    case XEN_DOMCTL_set_ext_vcpucontext:
+    case XEN_DOMCTL_get_ext_vcpucontext:
+    case XEN_DOMCTL_setvcpuextstate:
+    case XEN_DOMCTL_getvcpuextstate:
+    case XEN_DOMCTL_mem_event_op:
+    case XEN_DOMCTL_mem_sharing_op:
+    case XEN_DOMCTL_set_access_required:
+    /* These have individual XSM hooks (drivers/passthrough/iommu.c) */
+    case XEN_DOMCTL_get_device_group:
+    case XEN_DOMCTL_test_assign_device:
+    case XEN_DOMCTL_assign_device:
+    case XEN_DOMCTL_deassign_device:
+#endif
+        return 0;
+
+    case XEN_DOMCTL_subscribe:
+    case XEN_DOMCTL_disable_migrate:
+        return domain_has_perm(current->domain, d, SECCLASS_DOMAIN,
+                               DOMAIN__SET_MISC_INFO);
+
+    case XEN_DOMCTL_set_cpuid:
+    case XEN_DOMCTL_suppress_spurious_page_faults:
+    case XEN_DOMCTL_debug_op:
+    case XEN_DOMCTL_gettscinfo:
+    case XEN_DOMCTL_settscinfo:
+    case XEN_DOMCTL_audit_p2m:
+    case XEN_DOMCTL_gdbsx_guestmemio:
+    case XEN_DOMCTL_gdbsx_pausevcpu:
+    case XEN_DOMCTL_gdbsx_unpausevcpu:
+    case XEN_DOMCTL_gdbsx_domstatus:
+        /* TODO add per-subfunction hooks */
+        if ( !IS_PRIV(current->domain) )
+            return -EPERM;
+        return 0;
+    default:
+        printk("flask_domctl: Unknown op %d\n", cmd);
+        return -EPERM;
+    }
 }
 
 static int flask_set_virq_handler(struct domain *d, uint32_t virq)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.