[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.6] x86: enforce proper privilege when (un)mapping pIRQ-s
commit c5881c540fd27e12de2a2ac27504550527de6dde Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Oct 12 15:35:30 2017 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Oct 12 15:35:30 2017 +0200 x86: enforce proper privilege when (un)mapping pIRQ-s (Un)mapping of IRQs, just like other RESOURCE__ADD* / RESOURCE__REMOVE* actions (in FLASK terms) should be XSM_DM_PRIV rather than XSM_TARGET. This in turn requires bypassing the XSM check in physdev_unmap_pirq() for the HVM emuirq case just like is being done in physdev_map_pirq(). The primary goal security wise, however, is to no longer allow HVM guests, by specifying their own domain ID instead of DOMID_SELF, to enter code paths intended for PV guest and the control domains of HVM guests only. This is part of XSA-237. Reported-by: HW42 <hw42@xxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> master commit: db72faf69c94513e180568006a9d899ed422ff90 master date: 2017-10-12 14:36:30 +0200 --- xen/arch/x86/physdev.c | 7 ++++--- xen/include/xsm/dummy.h | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 57b7800..da66099a 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -110,7 +110,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index, int *pirq_p, if ( d == NULL ) return -ESRCH; - ret = xsm_map_domain_pirq(XSM_TARGET, d); + ret = xsm_map_domain_pirq(XSM_DM_PRIV, d); if ( ret ) goto free_domain; @@ -255,13 +255,14 @@ int physdev_map_pirq(domid_t domid, int type, int *index, int *pirq_p, int physdev_unmap_pirq(domid_t domid, int pirq) { struct domain *d; - int ret; + int ret = 0; d = rcu_lock_domain_by_any_id(domid); if ( d == NULL ) return -ESRCH; - ret = xsm_unmap_domain_pirq(XSM_TARGET, d); + if ( domid != DOMID_SELF || !is_hvm_domain(d) ) + ret = xsm_unmap_domain_pirq(XSM_DM_PRIV, d); if ( ret ) goto free_domain; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 6f6ff58..c8fc051 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -446,7 +446,7 @@ static XSM_INLINE char *xsm_show_irq_sid(int irq) static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) { - XSM_ASSERT_ACTION(XSM_TARGET); + XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } @@ -458,7 +458,7 @@ static XSM_INLINE int xsm_map_domain_irq(XSM_DEFAULT_ARG struct domain *d, int i static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) { - XSM_ASSERT_ACTION(XSM_TARGET); + XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.6 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |