Xen project Mailing List

[PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 21 Nov 2022 14:37:31 +0000

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>

Delivery-date: Mon, 21 Nov 2022 14:37:48 +0000

Ironport-data: A9a23:xqAwXqgw6BT1X8eHNW5fg4G2X161VxAKZh0ujC45NGQN5FlHY01je htvW2rTa67fMWqkftp/PI21pBsGuZfTytFqSVNq+ypmQiMb9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrWCYmUpH1QMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsy+qWs0N8klgZmP6oS5QWHzyB94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tQ0LgoKd0mJp9uwybK+S8xChMsPHPnSadZ3VnFIlVk1DN4jSJHHBa7L+cVZzHE7gcUm8fT2P pRDL2A1NVKZPkMJagx/5JEWxY9EglHWdTFCpU3Tjq0w+2XJlyR60aT3McqTcduPLSlQthbF+ D2brz2mav0cHPKuyRTb9lzrvcqMjQnkab0MNue39sc/1TV/wURMUUZLBDNXu8KRhlalXtNDK 2Qd4ic0sbUp70uvU8X8WBuj5nWDu3Y0WdNWH/cr9QKlxa/d4gLfDW8BJhZhZdo8pYkJTDol/ laTmpXiAjkHmK2YTzeR+6mZqRu2ODMJNikSaCkcVwwH7tL/5oYpgXrnQtlvHaGvh/XpCDrwx HaMtyF4iLIN5fPnzI3iowqB2Wj14MGUEEhlvW07Q15J8CtVYrSiftWiyWHd5PZFLaO3TFatj Eg9zp32AP81MbmBkymEQeMoFb6v5uqYPDC0vWODD6XN5Bz2pSf9INk4DCVWYR4wb51aIWOBj Fr741s52XNFAJe9gUabiaqVAt9i86XvHM+Nuhv8PosXOcgZmONqEUhTia+sM4PFyhJEfUQD1 XCzL66R4Y4yU/gP8dZPb751PH9C7nlWKZnvbZ761Q+79rGVeWSYT7wIWHPXML5pvf3V+l6Jr Y4DXydv9/m4eLSvChQ7DKZJdQxaRZTFLc2eRzNrmh6rfVM9RTBJ5w75yrI9YY1195m5Zc+Rl kxQmyZwljLCuJEwAV/UMS8yMO+zA8sXQLBSFXVEAGtEEkMLOe6HhJrzvbNuFVX73ISPFcJJc sQ=

Ironport-hdrordr: A9a23:6m9Yhazw/I1oH7Nsel14KrPwLL1zdoMgy1knxilNoRw8SKOlfq GV7ZImPHDP6Qr5NEtMpTnEAtjjfZq+z+8T3WByB9eftWDd0QPCRr2Kr7GSpgEIcxeOktK1vp 0PT0ERMrHN5CBB/KXH3DU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

These were overlooked in the original patch, and noticed by OSSTest which does run some Flask tests. Fixes: 22b20bd98c02 ("xen: Introduce non-broken hypercalls for the paging mempool size") Suggested-by: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> CC: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> CC: Jason Andryuk <jandryuk@xxxxxxxxx> CC: Henry Wang <Henry.Wang@xxxxxxx> It should be noted that the original XSA-409 fix broke Flask on ARM but no testing noticed. c/s 7c3bbd940dd8 ("xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; use p2m mempool hypercalls") "fixes" the original breakage and introduced this breakage instead. For 4.17. It's a fix for an issue that OSSTest is currently blocking as a regression. --- tools/flask/policy/modules/dom0.te | 3 ++- tools/flask/policy/modules/xen.if | 2 +- xen/xsm/flask/hooks.c | 6 ++++++ xen/xsm/flask/policy/access_vectors | 4 ++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te index f710ff9941c0..f1dcff48e227 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -35,7 +35,8 @@ allow dom0_t dom0_t:domain { setvcpucontext max_vcpus setaffinity getaffinity getscheduler getdomaininfo getvcpuinfo getvcpucontext setdomainmaxmem setdomainhandle setdebugging hypercall settime setaddrsize getaddrsize trigger - getpodtarget setpodtarget set_misc_info set_virq_handler + getpodtarget setpodtarget getpagingmempool setpagingmempool set_misc_info + set_virq_handler }; allow dom0_t dom0_t:domain2 { set_cpu_policy gettsc settsc setscheduler set_vnumainfo diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if index 424daab6a022..6b7b7d403ab4 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -92,7 +92,7 @@ define(`manage_domain', ` allow $1 $2:domain { getdomaininfo getvcpuinfo getaffinity getaddrsize pause unpause trigger shutdown destroy setaffinity setdomainmaxmem getscheduler resume - setpodtarget getpodtarget }; + setpodtarget getpodtarget getpagingmempool setpagingmempool }; allow $1 $2:domain2 set_vnumainfo; ') diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 391aec4dc221..78225f68c15c 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -822,6 +822,12 @@ static int cf_check flask_domctl(struct domain *d, int cmd) case XEN_DOMCTL_get_cpu_policy: return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GET_CPU_POLICY); + case XEN_DOMCTL_get_paging_mempool_size: + return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPAGINGMEMPOOL); + + case XEN_DOMCTL_set_paging_mempool_size: + return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPAGINGMEMPOOL); + default: return avc_unknown_permission("domctl", cmd); } diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 6359c7fc8757..4e6710a63e1b 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -180,6 +180,10 @@ class domain set_misc_info # XEN_DOMCTL_set_virq_handler set_virq_handler +# XEN_DOMCTL_get_paging_mempool_size + getpagingmempool +# XEN_DOMCTL_set_paging_mempool_size + setpagingmempool } # This is a continuation of class domain, since only 32 permissions can be -- 2.11.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.