|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] flask: sort io{port,mem}con entries
> -----Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: -----
> To: xen-devel@xxxxxxxxxxxxxxxxxxxx, Nicolas Poirot <nicolas.poirot@xxxxxxxxx>
> From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Date: 05/10/2018 18:33
> Cc: George Dunlap <dunlapg@xxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>,
> Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Subject: [PATCH v2] flask: sort io{port,mem}con entries
>
> These entries are not always sorted by checkpolicy, so sort them during
> policy load (as is already done for later ocontext additions).
>
> Reported-by: Nicolas Poirot <nicolas.poirot@xxxxxxxxx>
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
> xen/xsm/flask/ss/policydb.c | 35 +++++++++++++++++++++++++++++------
> 1 file changed, 29 insertions(+), 6 deletions(-)
>
> diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c
> index 3a12d96ef9..9426164353 100644
> --- a/xen/xsm/flask/ss/policydb.c
> +++ b/xen/xsm/flask/ss/policydb.c
> @@ -1737,7 +1737,7 @@ int policydb_read(struct policydb *p, void *fp)
> {
> struct role_allow *ra, *lra;
> struct role_trans *tr, *ltr;
> - struct ocontext *l, *c /*, *newc*/;
> + struct ocontext *l, *c, **pn;
> int i, j, rc;
> __le32 buf[8];
> u32 len, /*len2,*/ config, nprim, nel /*, nel2*/;
> @@ -1994,6 +1994,7 @@ int policydb_read(struct policydb *p, void *fp)
> if ( rc < 0 )
> goto bad;
> nel = le32_to_cpu(buf[0]);
> + pn = &p->ocontexts[i];
> l = NULL;
> for ( j = 0; j < nel; j++ )
> {
> @@ -2003,11 +2004,6 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -ENOMEM;
> goto bad;
> }
> - if ( l )
> - l->next = c;
> - else
> - p->ocontexts[i] = c;
> - l = c;
> rc = -EINVAL;
> switch ( i )
> {
> @@ -2050,6 +2046,18 @@ int policydb_read(struct policydb *p, void *fp)
> rc = context_read_and_validate(&c->context, p, fp);
> if ( rc )
> goto bad;
> +
> + if ( *pn || ( l && l->u.ioport.high_ioport >=
> c->u.ioport.low_ioport ) )
> + {
> + pn = &p->ocontexts[i];
> + l = *pn;
> + while ( l && l->u.ioport.high_ioport <
> c->u.ioport.low_ioport ) {
> + pn = &l->next;
> + l = *pn;
> + }
> + c->next = l;
> + }
> + l = c;
> break;
> case OCON_IOMEM:
> if ( p->target_type != TARGET_XEN )
> @@ -2078,6 +2086,18 @@ int policydb_read(struct policydb *p, void *fp)
> rc = context_read_and_validate(&c->context, p, fp);
> if ( rc )
> goto bad;
> +
> + if ( *pn || ( l && l->u.iomem.high_iomem >=
> c->u.iomem.low_iomem ) )
> + {
> + pn = &p->ocontexts[i];
> + l = *pn;
> + while ( l && l->u.iomem.high_iomem <
> c->u.iomem.low_iomem ) {
> + pn = &l->next;
> + l = *pn;
> + }
> + c->next = l;
> + }
> + l = c;
> break;
> case OCON_DEVICE:
> if ( p->target_type != TARGET_XEN )
> @@ -2123,6 +2143,9 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -EINVAL;
> goto bad;
> }
> +
> + *pn = c;
> + pn = &c->next;
> }
> }
>
> --
> 2.14.4
Tested on the same conditions as the previous patch, looks good.
Thank you.
Tested-by: Nicolas Poirot <nicolas.poirot@xxxxxxxxx>
Reviewed-by: Nicolas Poirot <nicolas.poirot@xxxxxxxxx>
1
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |