[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] domctl: restrict permission check for XEN_DOMCTL_memory_mapping's remove form

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Thu, 18 Jun 2026 09:22:12 +0000
Delivery-date: Thu, 18 Jun 2026 09:22:13 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit 6df6f24251dbc13c02c25ac71d463cdaf60795e0
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 18 10:01:55 2026 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jun 18 10:01:55 2026 +0200

    domctl: restrict permission check for XEN_DOMCTL_memory_mapping's remove 
form
    
    Be less strict with permissions checks when removing a mapping and
    only request the caller domain to have access to the region.  Keep the
    same permission checks for addition operations.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Roger Pau MonnÃ© <roger.pau@xxxxxxxxxx>
    Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
---
 xen/common/domctl.c | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index b3f3c99c41..e30b38a337 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -436,25 +436,16 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
             goto domctl_out_unlock_rcuonly;
 #endif
 
+        /*
+         * NB: The double lock isn't really needed when !add, but is used 
anyway
+         * to keep things simple.
+         */
         iocaps_double_lock(d, false);
 
         ret = -EPERM;
-        if ( !iomem_access_permitted(current->domain, mfn, mfn_end) ||
-             !iomem_access_permitted(d, mfn, mfn_end) )
+        if ( !iomem_access_permitted(current->domain, mfn, mfn_end) )
             /* Nothing. */;
-        else if ( add )
-        {
-            printk(XENLOG_G_DEBUG
-                   "memory_map:add: %pd gfn=%lx mfn=%lx nr=%lx\n",
-                   d, gfn, mfn, nr_mfns);
-
-            ret = map_mmio_regions(d, _gfn(gfn), nr_mfns, _mfn(mfn));
-            if ( ret < 0 )
-                printk(XENLOG_G_WARNING
-                       "memory_map:fail: %pd gfn=%lx mfn=%lx nr=%lx ret:%ld\n",
-                       d, gfn, mfn, nr_mfns, ret);
-        }
-        else
+        else if ( !add )
         {
             printk(XENLOG_G_DEBUG
                    "memory_map:remove: %pd gfn=%lx mfn=%lx nr=%lx\n",
@@ -466,6 +457,18 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) 
u_domctl)
                        "memory_map: error %ld removing %pd access to 
[%lx,%lx]\n",
                        ret, d, mfn, mfn_end);
         }
+        else if ( iomem_access_permitted(d, mfn, mfn_end) )
+        {
+            printk(XENLOG_G_DEBUG
+                   "memory_map:add: %pd gfn=%lx mfn=%lx nr=%lx\n",
+                   d, gfn, mfn, nr_mfns);
+
+            ret = map_mmio_regions(d, _gfn(gfn), nr_mfns, _mfn(mfn));
+            if ( ret < 0 )
+                printk(XENLOG_G_WARNING
+                       "memory_map:fail: %pd gfn=%lx mfn=%lx nr=%lx ret:%ld\n",
+                       d, gfn, mfn, nr_mfns, ret);
+        }
 
         iocaps_double_unlock(d, false);
         goto domctl_out_unlock_rcuonly;
--
generated by git-patchbot for /home/xen/git/xen.git#staging

Prev by Date: [xen staging] domctl: move early special casing of XEN_DOMCTL_shadow_op
Next by Date: [xen staging] domctl: correct return value of XEN_DOMCTL_[gs]etvcpuaffinity
Previous by thread: [xen staging] domctl: move early special casing of XEN_DOMCTL_shadow_op
Next by thread: [xen staging] domctl: correct return value of XEN_DOMCTL_[gs]etvcpuaffinity
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.