[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v3 13/15] xsm, argo: XSM control for any access to argo by a domain
Will inhibit initialization of the domain's argo data structure to prevent receiving any messages or notifications and access to any of the argo hypercall operations. Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx> --- v2 self: fix xsm use in soft-reset prior to introduction v1 #5 (#17) feedback Paul: XSM control for any access: use currd v1 #16 feedback Jan: apply const to function signatures xen/common/argo.c | 6 +++--- xen/include/xsm/dummy.h | 5 +++++ xen/include/xsm/xsm.h | 6 ++++++ xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 7 +++++++ xen/xsm/flask/policy/access_vectors | 3 +++ 6 files changed, 25 insertions(+), 3 deletions(-) diff --git a/xen/common/argo.c b/xen/common/argo.c index 2c0348a..31535bd 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -1984,7 +1984,7 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, argo_dprintk("->do_argo_op(%u,%p,%p,%d,%d)\n", cmd, (void *)arg1.p, (void *)arg2.p, (int) arg3, (int) arg4); - if ( unlikely(!opt_argo_enabled) ) + if ( unlikely(!opt_argo_enabled || xsm_argo_enable(currd)) ) { rc = -EOPNOTSUPP; return rc; @@ -2134,7 +2134,7 @@ argo_init(struct domain *d) { struct argo_domain *argo; - if ( !opt_argo_enabled ) + if ( !opt_argo_enabled || xsm_argo_enable(d) ) { argo_dprintk("argo disabled, domid: %d\n", d->domain_id); return 0; @@ -2190,7 +2190,7 @@ argo_soft_reset(struct domain *d) partner_rings_remove(d); wildcard_rings_pending_remove(d); - if ( !opt_argo_enabled ) + if ( !opt_argo_enabled || xsm_argo_enable(d) ) { xfree(d->argo); d->argo = NULL; diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 05d10b5..91a21c3 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -721,6 +721,11 @@ static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d) #endif /* CONFIG_X86 */ #ifdef CONFIG_ARGO +static XSM_INLINE int xsm_argo_enable(struct domain *d) +{ + return 0; +} + static XSM_INLINE int xsm_argo_register_single_source(struct domain *d, struct domain *t) { diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 4d4a60c..e300ebc 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -182,6 +182,7 @@ struct xsm_operations { int (*xen_version) (uint32_t cmd); int (*domain_resource_map) (struct domain *d); #ifdef CONFIG_ARGO + int (*argo_enable) (const struct domain *d); int (*argo_register_single_source) (const struct domain *d, const struct domain *t); int (*argo_register_any_source) (const struct domain *d); @@ -705,6 +706,11 @@ static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d) } #ifdef CONFIG_ARGO +static inline xsm_argo_enable(const struct domain *d) +{ + return xsm_ops->argo_enable(d); +} + static inline xsm_argo_register_single_source(const struct domain *d, const struct domain *t) { diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index ffac774..1fe0e74 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -153,6 +153,7 @@ void __init xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, xen_version); set_to_dummy_if_null(ops, domain_resource_map); #ifdef CONFIG_ARGO + set_to_dummy_if_null(ops, argo_enable); set_to_dummy_if_null(ops, argo_register_single_source); set_to_dummy_if_null(ops, argo_register_any_source); set_to_dummy_if_null(ops, argo_send); diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 76c012c..3d00c74 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1720,6 +1720,12 @@ static int flask_domain_resource_map(struct domain *d) } #ifdef CONFIG_ARGO +static int flask_argo_enable(const struct domain *d) +{ + return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO, + ARGO__ENABLE, NULL); +} + static int flask_argo_register_single_source(const struct domain *d, const struct domain *t) { @@ -1875,6 +1881,7 @@ static struct xsm_operations flask_ops = { .xen_version = flask_xen_version, .domain_resource_map = flask_domain_resource_map, #ifdef CONFIG_ARGO + .argo_enable = flask_argo_enable, .argo_register_single_source = flask_argo_register_single_source, .argo_register_any_source = flask_argo_register_any_source, .argo_send = flask_argo_send, diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index f6c5377..e00448b 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -535,6 +535,9 @@ class version # Class argo is used to describe the Argo interdomain communication system. class argo { + # Enable initialization of a domain's argo subsystem and + # permission to access the argo hypercall operations. + enable # Domain requesting registration of a communication ring # to receive messages from a specific other domain. register_single_source -- 2.7.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |