[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] Merge IS_PRIV checks into XSM hooks


  • To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>
  • From: Keir Fraser <keir@xxxxxxx>
  • Date: Mon, 10 Sep 2012 21:51:51 +0100
  • Delivery-date: Mon, 10 Sep 2012 20:52:21 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: Ac2PlhojYZSgAtjdVE+QLDMywoddpQ==
  • Thread-topic: [Xen-devel] [PATCH v2] Merge IS_PRIV checks into XSM hooks

On 10/09/2012 20:48, "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx> wrote:

> Overall, this series should not change the behavior of Xen when XSM is
> not enabled; however, in some cases, the exact errors that are returned
> will be different because security checks have been moved below validity
> checks. Also, once applied, newly introduced domctls and sysctls will
> not automatically be guarded by IS_PRIV checks - they will need to add
> their own permission checking code.

How do we guard against accidentally forgetting to do this?

> The ARM architecture is not touched at all in these patches. The only
> obvious breakage that I can see is due to rcu_lock_target_domain_by_id
> being removed, but XSM hooks will be needed for domctls and sysctls.

So ARM build is broken? And/or ARM is made insecure because of unchecked
sysctls/domctls?

 -- Keir

> The rcu_lock_target_domain_by_id and rcu_lock_remote_target_domain_by_id
> functions are removed by this series because they act as wrappers around
> IS_PRIV_FOR; their callers have been changed to use XSM checks instead.
> 
> Miscellaneous updates to FLASK:
>     [PATCH 01/20] xsm/flask: remove inherited class attributes
>     [PATCH 02/20] xsm/flask: remove unneeded create_sid field
>     [PATCH 03/20] xen: Add versions of rcu_lock_*_domain without IS_PRIV
>     [PATCH 04/20] xsm/flask: add domain relabel support
>     [PATCH 05/20] libxl: introduce XSM relabel on build
>     [PATCH 06/20] flask/policy: Add domain relabel example
> 
> Preparatory new hooks:
>     [PATCH 07/20] arch/x86: add distinct XSM hooks for map/unmap
>     [PATCH 08/20] arch/x86: add missing XSM checks to XENPF_ commands
>     [PATCH 09/20] xsm/flask: Add checks on the domain performing the
> 
> Refactoring:
>     [PATCH 10/20] xsm: Add IS_PRIV checks to dummy XSM module
>     [PATCH 11/20] xen: use XSM instead of IS_PRIV where duplicated
>     [PATCH 12/20] xen: avoid calling rcu_lock_*target_domain when an XSM
> 
> Remaining IS_PRIV calls:
>     [PATCH 13/20] arch/x86: Add missing domctl and mem_sharing XSM hooks
>     [PATCH 14/20] tmem: Add access control check
>     [PATCH 17/20] arch/x86: use XSM hooks for get_pg_owner access checks
>     [PATCH 18/20] xen: Add XSM hook for XENMEM_exchange
> 
> Cleanup, FLASK updates to support IS_PRIV emulation:
>     [PATCH 15/20] xsm: remove unneeded xsm_call macro
>     [PATCH 16/20] xsm/flask: add distinct SIDs for self/target access
>     [PATCH 19/20] xen: remove rcu_lock_{remote_,}target_domain_by_id
>     [PATCH 20/20] flask: add missing operations
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.