From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Julien Grall <julien.grall@linaro.org>, xen-devel@lists.xenproject.org
Cc: stefano.stabellini@citrix.com, tim@xen.org, ian.campbell@citrix.com
Subject: Re: [RFC 05/14] xen/xsm: xsm functions for PCI passthrough is not x86 specific
Date: Thu, 13 Mar 2014 10:25:39 -0400 [thread overview]
Message-ID: <5321BFE3.40905@tycho.nsa.gov> (raw)
In-Reply-To: <1394640969-25583-6-git-send-email-julien.grall@linaro.org>
On 03/12/2014 12:16 PM, Julien Grall wrote:
> Protect xsm functions for PCI passthrough by HAS_PASSTHROUGH && HAS_PCI
>
> Signed-off-by: Julien Grall <julien.grall@linaro.org>
> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> xen/include/xsm/dummy.h | 3 +
> xen/include/xsm/xsm.h | 4 ++
> xen/xsm/dummy.c | 2 +
> xen/xsm/flask/hooks.c | 143 +++++++++++++++++++++++++----------------------
> 4 files changed, 84 insertions(+), 68 deletions(-)
>
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 3bcd941..76f9280 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -317,6 +317,7 @@ static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d)
> return xsm_default_action(action, current->domain, d);
> }
>
> +#if defined(HAS_PASSTHROUGH) && defined(HAS_PCI)
> static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf)
> {
> XSM_ASSERT_ACTION(XSM_HOOK);
> @@ -341,6 +342,8 @@ static XSM_INLINE int xsm_deassign_device(XSM_DEFAULT_ARG struct domain *d, uint
> return xsm_default_action(action, current->domain, d);
> }
>
> +#endif /* HAS_PASSTHROUGH && HAS_PCI */
> +
> static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID)
> {
> XSM_ASSERT_ACTION(XSM_HOOK);
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index de9cf86..11218b6 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -111,10 +111,12 @@ struct xsm_operations {
> int (*iomem_mapping) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow);
> int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access);
>
> +#if defined(HAS_PASSTHROUGH) && defined(HAS_PCI)
> int (*get_device_group) (uint32_t machine_bdf);
> int (*test_assign_device) (uint32_t machine_bdf);
> int (*assign_device) (struct domain *d, uint32_t machine_bdf);
> int (*deassign_device) (struct domain *d, uint32_t machine_bdf);
> +#endif
>
> int (*resource_plug_core) (void);
> int (*resource_unplug_core) (void);
> @@ -427,6 +429,7 @@ static inline int xsm_pci_config_permission (xsm_default_t def, struct domain *d
> return xsm_ops->pci_config_permission(d, machine_bdf, start, end, access);
> }
>
> +#if defined(HAS_PASSTHROUGH) && defined(HAS_PCI)
> static inline int xsm_get_device_group(xsm_default_t def, uint32_t machine_bdf)
> {
> return xsm_ops->get_device_group(machine_bdf);
> @@ -446,6 +449,7 @@ static inline int xsm_deassign_device(xsm_default_t def, struct domain *d, uint3
> {
> return xsm_ops->deassign_device(d, machine_bdf);
> }
> +#endif /* HAS_PASSTHROUGH && HAS_PCI) */
>
> static inline int xsm_resource_plug_pci (xsm_default_t def, uint32_t machine_bdf)
> {
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index 3fe4c59..627edcc 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -85,10 +85,12 @@ void xsm_fixup_ops (struct xsm_operations *ops)
> set_to_dummy_if_null(ops, iomem_mapping);
> set_to_dummy_if_null(ops, pci_config_permission);
>
> +#if defined(HAS_PASSTHROUGH) && defined(HAS_PCI)
> set_to_dummy_if_null(ops, get_device_group);
> set_to_dummy_if_null(ops, test_assign_device);
> set_to_dummy_if_null(ops, assign_device);
> set_to_dummy_if_null(ops, deassign_device);
> +#endif
>
> set_to_dummy_if_null(ops, resource_plug_core);
> set_to_dummy_if_null(ops, resource_unplug_core);
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 96276ac..7329f31 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1102,6 +1102,72 @@ static int flask_hvm_param_nested(struct domain *d)
> return current_has_perm(d, SECCLASS_HVM, HVM__NESTED);
> }
>
> +#if defined(HAS_PASSTHROUGH) && defined(HAS_PCI)
> +static int flask_get_device_group(uint32_t machine_bdf)
> +{
> + u32 rsid;
> + int rc = -EPERM;
> +
> + rc = security_device_sid(machine_bdf, &rsid);
> + if ( rc )
> + return rc;
> +
> + return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL);
> +}
> +
> +static int flask_test_assign_device(uint32_t machine_bdf)
> +{
> + u32 rsid;
> + int rc = -EPERM;
> +
> + rc = security_device_sid(machine_bdf, &rsid);
> + if ( rc )
> + return rc;
> +
> + return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL);
> +}
> +
> +static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
> +{
> + u32 dsid, rsid;
> + int rc = -EPERM;
> + struct avc_audit_data ad;
> +
> + rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
> + if ( rc )
> + return rc;
> +
> + rc = security_device_sid(machine_bdf, &rsid);
> + if ( rc )
> + return rc;
> +
> + AVC_AUDIT_DATA_INIT(&ad, DEV);
> + ad.device = (unsigned long) machine_bdf;
> + rc = avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, &ad);
> + if ( rc )
> + return rc;
> +
> + dsid = domain_sid(d);
> + return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
> +}
> +
> +static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
> +{
> + u32 rsid;
> + int rc = -EPERM;
> +
> + rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
> + if ( rc )
> + return rc;
> +
> + rc = security_device_sid(machine_bdf, &rsid);
> + if ( rc )
> + return rc;
> +
> + return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, NULL);
> +}
> +#endif /* HAS_PASSTHROUGH && HAS_PCI */
> +
> #ifdef CONFIG_X86
> static int flask_shadow_control(struct domain *d, uint32_t op)
> {
> @@ -1355,70 +1421,6 @@ static int flask_priv_mapping(struct domain *d, struct domain *t)
> return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK);
> }
>
> -static int flask_get_device_group(uint32_t machine_bdf)
> -{
> - u32 rsid;
> - int rc = -EPERM;
> -
> - rc = security_device_sid(machine_bdf, &rsid);
> - if ( rc )
> - return rc;
> -
> - return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL);
> -}
> -
> -static int flask_test_assign_device(uint32_t machine_bdf)
> -{
> - u32 rsid;
> - int rc = -EPERM;
> -
> - rc = security_device_sid(machine_bdf, &rsid);
> - if ( rc )
> - return rc;
> -
> - return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL);
> -}
> -
> -static int flask_assign_device(struct domain *d, uint32_t machine_bdf)
> -{
> - u32 dsid, rsid;
> - int rc = -EPERM;
> - struct avc_audit_data ad;
> -
> - rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
> - if ( rc )
> - return rc;
> -
> - rc = security_device_sid(machine_bdf, &rsid);
> - if ( rc )
> - return rc;
> -
> - AVC_AUDIT_DATA_INIT(&ad, DEV);
> - ad.device = (unsigned long) machine_bdf;
> - rc = avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__ADD_DEVICE, &ad);
> - if ( rc )
> - return rc;
> -
> - dsid = domain_sid(d);
> - return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, RESOURCE__USE, &ad);
> -}
> -
> -static int flask_deassign_device(struct domain *d, uint32_t machine_bdf)
> -{
> - u32 rsid;
> - int rc = -EPERM;
> -
> - rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
> - if ( rc )
> - return rc;
> -
> - rc = security_device_sid(machine_bdf, &rsid);
> - if ( rc )
> - return rc;
> -
> - return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__REMOVE_DEVICE, NULL);
> -}
> -
> static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind)
> {
> u32 dsid, rsid;
> @@ -1540,6 +1542,14 @@ static struct xsm_operations flask_ops = {
> .add_to_physmap = flask_add_to_physmap,
> .remove_from_physmap = flask_remove_from_physmap,
>
> +
> +#if defined(HAS_PASSTHROUGH) && defined(HAS_PCI)
> + .get_device_group = flask_get_device_group,
> + .test_assign_device = flask_test_assign_device,
> + .assign_device = flask_assign_device,
> + .deassign_device = flask_deassign_device,
> +#endif
> +
> #ifdef CONFIG_X86
> .shadow_control = flask_shadow_control,
> .hvm_set_pci_intx_level = flask_hvm_set_pci_intx_level,
> @@ -1557,15 +1567,12 @@ static struct xsm_operations flask_ops = {
> .mmuext_op = flask_mmuext_op,
> .update_va_mapping = flask_update_va_mapping,
> .priv_mapping = flask_priv_mapping,
> - .get_device_group = flask_get_device_group,
> - .test_assign_device = flask_test_assign_device,
> - .assign_device = flask_assign_device,
> - .deassign_device = flask_deassign_device,
> .bind_pt_irq = flask_bind_pt_irq,
> .unbind_pt_irq = flask_unbind_pt_irq,
> .ioport_permission = flask_ioport_permission,
> .ioport_mapping = flask_ioport_mapping,
> #endif
> +
> #ifdef CONFIG_ARM
> .map_gmfn_foreign = flask_map_gmfn_foreign,
> #endif
>
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2014-03-13 14:26 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-12 16:15 [RFC 00/14] xen/arm: Add support for XSM Julien Grall
2014-03-12 16:15 ` [RFC 01/14] xen/arm: kernel: Don't harcode flash address Julien Grall
2014-03-14 17:10 ` Ian Campbell
2014-03-14 17:44 ` Julien Grall
2014-03-12 16:15 ` [RFC 02/14] xen/arm: Remove the parameter "attrindx" in copy_paddr Julien Grall
2014-03-14 17:14 ` Ian Campbell
2014-03-14 18:02 ` Julien Grall
2014-03-17 10:13 ` Ian Campbell
2014-03-17 11:53 ` Julien Grall
2014-03-17 12:02 ` Ian Campbell
2014-03-12 16:15 ` [RFC 03/14] xen/arm: Correctly define size_t Julien Grall
2014-03-14 17:18 ` Ian Campbell
2014-03-12 16:15 ` [RFC 04/14] xen/arm: next_module: Skip module if the size is 0 Julien Grall
2014-03-14 17:19 ` Ian Campbell
2014-03-12 16:16 ` [RFC 05/14] xen/xsm: xsm functions for PCI passthrough is not x86 specific Julien Grall
2014-03-13 14:25 ` Daniel De Graaf [this message]
2014-03-14 17:20 ` Ian Campbell
2014-03-12 16:16 ` [RFC 06/14] xen/xsm: xsm_do_mca is " Julien Grall
2014-03-13 14:26 ` Daniel De Graaf
2014-03-14 17:21 ` Ian Campbell
2014-03-12 16:16 ` [RFC 07/14] xen/xsm: flask: Fix compilation when CONFIG_COMPAT=y Julien Grall
2014-03-13 14:26 ` Daniel De Graaf
2014-03-14 17:23 ` Ian Campbell
2014-03-14 18:08 ` Julien Grall
2014-03-17 7:22 ` Jan Beulich
2014-03-17 10:15 ` Ian Campbell
2014-03-17 11:57 ` Julien Grall
2014-03-12 16:16 ` [RFC 08/14] xen/xsm: flask: Rename variable "bool" in "b" Julien Grall
2014-03-12 16:26 ` Andrew Cooper
2014-03-13 13:17 ` Julien Grall
2014-03-13 13:57 ` Jan Beulich
2014-03-13 14:27 ` Daniel De Graaf
2014-03-14 17:24 ` Ian Campbell
2014-03-12 16:16 ` [RFC 09/14] xen/xsm: flask: MSI is PCI specific Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-13 14:40 ` Julien Grall
2014-03-14 17:25 ` Ian Campbell
2014-03-14 18:15 ` Julien Grall
2014-03-17 10:13 ` Ian Campbell
2014-03-17 12:05 ` Julien Grall
2014-03-12 16:16 ` [RFC 10/14] xen/xsm: flask: flask_copying_string is taking a XEN_GUEST_HANDLE as first param Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-14 17:26 ` Ian Campbell
2014-03-12 16:16 ` [RFC 11/14] xen/xsm: flask: Add missing header in hooks.c Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-14 17:26 ` Ian Campbell
2014-03-12 16:16 ` [RFC 12/14] xen/xsm: Don't use multiboot by default to initialize XSM Julien Grall
2014-03-12 16:52 ` Jan Beulich
2014-03-13 14:36 ` Daniel De Graaf
2014-03-14 17:27 ` Ian Campbell
2014-03-12 16:16 ` [RFC 13/14] xen/xsm: Add support for device tree Julien Grall
2014-03-13 14:47 ` Daniel De Graaf
2014-03-14 17:34 ` Ian Campbell
2014-03-14 18:24 ` Julien Grall
2014-03-17 10:15 ` Ian Campbell
2014-03-12 16:16 ` [RFC 14/14] xen/arm: Add support for XSM Julien Grall
2014-03-14 17:34 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5321BFE3.40905@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=ian.campbell@citrix.com \
--cc=julien.grall@linaro.org \
--cc=stefano.stabellini@citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.