[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 6/7] xsm: add platform QoS related xsm policies

To: dongxiao.xu@xxxxxxxxx, xen-devel@xxxxxxxxxxxxx
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Fri, 29 Nov 2013 10:50:52 -0500
Cc: keir@xxxxxxx, Ian.Campbell@xxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, JBeulich@xxxxxxxx
Delivery-date: Fri, 29 Nov 2013 15:51:06 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 11/29/2013 12:48 AM, dongxiao.xu@xxxxxxxxx wrote:

From: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>

Add xsm policies for attach/detach pqos services and get CQM info
hypercalls.

Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
---
  tools/flask/policy/policy/modules/xen/xen.if |    2 +-
  tools/flask/policy/policy/modules/xen/xen.te |    5 ++++-
  xen/xsm/flask/hooks.c                        |    7 +++++++
  xen/xsm/flask/policy/access_vectors          |   17 ++++++++++++++---
  4 files changed, 26 insertions(+), 5 deletions(-)

[...]

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b1e2593..884922b 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -730,6 +730,10 @@ static int flask_domctl(struct domain *d, int cmd)
      case XEN_DOMCTL_set_max_evtchn:
          return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_MAX_EVTCHN);

+    case XEN_DOMCTL_attach_pqos:
+    case XEN_DOMCTL_detach_pqos:
+        return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__PQOS_OP);
+
      default:
          printk("flask_domctl: Unknown op %d\n", cmd);
          return -EPERM;
@@ -785,6 +789,9 @@ static int flask_sysctl(int cmd)
      case XEN_SYSCTL_numainfo:
          return domain_has_xen(current->domain, XEN__PHYSINFO);

+    case XEN_SYSCTL_getcqminfo:
+        return domain_has_xen(current->domain, XEN2__PQOS_OP);


The domain_has_xen helper function assumes SECCLASS_XEN, but this call
needs to pass SECCLASS_XEN2. The easy fix is to change this call to
avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, XEN2__PQOS_OP, NULL)
Otherwise, a class parameter would need to be added to domain_has_xen.

With this changed,
Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3 0/7] enable Cache QoS Monitoring (CQM) feature
  - From: dongxiao . xu
- [Xen-devel] [PATCH v3 6/7] xsm: add platform QoS related xsm policies
  - From: dongxiao . xu

Prev by Date: Re: [Xen-devel] [PATCH] memshr: fix off-by-one in filename size check
Next by Date: [Xen-devel] "swiotlb buffer is full" with 3.13-rc1+ but not 3.4.
Previous by thread: [Xen-devel] [PATCH v3 6/7] xsm: add platform QoS related xsm policies
Next by thread: [Xen-devel] [PATCH v3 7/7] tools: enable Cache QoS Monitoring feature for libxl/libxc
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.