Re: [PATCH RESEND 1/4] xen/xsm: add hooks for claim

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Keir Fraser <keir.xen@gmail.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>, xen-devel@lists.xen.org
Cc: Dan Magenheimer <dan.magenheimer@oracle.com>, Keir Fraser <keir@xen.org>
Subject: Re: [PATCH RESEND 1/4] xen/xsm: add hooks for claim
Date: Fri, 03 May 2013 17:00:41 +0100	[thread overview]
Message-ID: <CDA99DB9.24001%keir.xen@gmail.com> (raw)
In-Reply-To: <1367590156-19177-2-git-send-email-dgdegra@tycho.nsa.gov>

On 03/05/2013 15:09, "Daniel De Graaf" <dgdegra@tycho.nsa.gov> wrote:

> Adds XSM hooks for the recently introduced XENMEM_claim_pages and
> XENMEM_get_outstanding_pages operations, and adds FLASK access vectors
> for them. This makes the access control decisions for these operations
> match those in the rest of the hypervisor.
> 
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
> Cc: Dan Magenheimer <dan.magenheimer@oracle.com>
> Cc: Keir Fraser <keir@xen.org>

Acked-by: Keir Fraser <keir@xen.org>

> ---
>  tools/flask/policy/policy/modules/xen/xen.if |  2 +-
>  xen/common/memory.c                          | 15 ++++++++-------
>  xen/include/xsm/dummy.h                      | 12 ++++++++++++
>  xen/include/xsm/xsm.h                        | 12 ++++++++++++
>  xen/xsm/dummy.c                              |  2 ++
>  xen/xsm/flask/hooks.c                        | 13 +++++++++++++
>  xen/xsm/flask/policy/access_vectors          |  4 +++-
>  7 files changed, 51 insertions(+), 9 deletions(-)
> 
> diff --git a/tools/flask/policy/policy/modules/xen/xen.if
> b/tools/flask/policy/policy/modules/xen/xen.if
> index 3a59f38..c86a618 100644
> --- a/tools/flask/policy/policy/modules/xen/xen.if
> +++ b/tools/flask/policy/policy/modules/xen/xen.if
> @@ -49,7 +49,7 @@ define(`create_domain_common', `
> getdomaininfo hypercall setvcpucontext setextvcpucontext
> getscheduler getvcpuinfo getvcpuextstate getaddrsize
> getaffinity setaffinity };
> - allow $1 $2:domain2 { set_cpuid settsc setscheduler };
> + allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim };
> allow $1 $2:security check_context;
> allow $1 $2:shadow enable;
> allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage
> mmuext_op };
> diff --git a/xen/common/memory.c b/xen/common/memory.c
> index 68501d1..3239d53 100644
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -712,9 +712,6 @@ long do_memory_op(unsigned long cmd,
> XEN_GUEST_HANDLE_PARAM(void) arg)
>      }
>  
>      case XENMEM_claim_pages:
> -        if ( !IS_PRIV(current->domain) )
> -            return -EPERM;
> -
>          if ( copy_from_guest(&reservation, arg, 1) )
>              return -EFAULT;
>  
> @@ -731,17 +728,21 @@ long do_memory_op(unsigned long cmd,
> XEN_GUEST_HANDLE_PARAM(void) arg)
>          if ( d == NULL )
>              return -EINVAL;
>  
> -        rc = domain_set_outstanding_pages(d, reservation.nr_extents);
> +        rc = xsm_claim_pages(XSM_PRIV, d);
> +
> +        if ( !rc )
> +            rc = domain_set_outstanding_pages(d, reservation.nr_extents);
>  
>          rcu_unlock_domain(d);
>  
>          break;
>  
>      case XENMEM_get_outstanding_pages:
> -        if ( !IS_PRIV(current->domain) )
> -            return -EPERM;
> +        rc = xsm_xenmem_get_outstanding_pages(XSM_PRIV);
> +
> +        if ( !rc )
> +            rc = get_outstanding_claims();
>  
> -        rc = get_outstanding_claims();
>          break;
>  
>      default:
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 9cae61c..9bfe596 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -247,6 +247,18 @@ static XSM_INLINE int xsm_memory_pin_page(XSM_DEFAULT_ARG
> struct domain *d1, str
>      return xsm_default_action(action, d1, d2);
>  }
>  
> +static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d)
> +{
> +    XSM_ASSERT_ACTION(XSM_PRIV);
> +    return xsm_default_action(action, current->domain, d);
> +}
> +
> +static XSM_INLINE int xsm_xenmem_get_outstanding_pages(XSM_DEFAULT_VOID)
> +{
> +    XSM_ASSERT_ACTION(XSM_PRIV);
> +    return xsm_default_action(action, current->domain, NULL);
> +}
> +
>  static XSM_INLINE int xsm_evtchn_unbound(XSM_DEFAULT_ARG struct domain *d,
> struct evtchn *chn,
>                                           domid_t id2)
>  {
> diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
> index 5103070..69fe64a 100644
> --- a/xen/include/xsm/xsm.h
> +++ b/xen/include/xsm/xsm.h
> @@ -92,6 +92,8 @@ struct xsm_operations {
>      int (*memory_pin_page) (struct domain *d1, struct domain *d2, struct
> page_info *page);
>      int (*add_to_physmap) (struct domain *d1, struct domain *d2);
>      int (*remove_from_physmap) (struct domain *d1, struct domain *d2);
> +    int (*claim_pages) (struct domain *d);
> +    int (*xenmem_get_outstanding_pages) (void);
>  
>      int (*console_io) (struct domain *d, int cmd);
>  
> @@ -350,6 +352,16 @@ static inline int xsm_remove_from_physmap(xsm_default_t
> def, struct domain *d1,
>      return xsm_ops->remove_from_physmap(d1, d2);
>  }
>  
> +static inline int xsm_claim_pages(xsm_default_t def, struct domain *d)
> +{
> +    return xsm_ops->claim_pages(d);
> +}
> +
> +static inline int xsm_xenmem_get_outstanding_pages(xsm_default_t def)
> +{
> +    return xsm_ops->xenmem_get_outstanding_pages();
> +}
> +
>  static inline int xsm_console_io (xsm_default_t def, struct domain *d, int
> cmd)
>  {
>      return xsm_ops->console_io(d, cmd);
> diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
> index f7b0399..3d84e73 100644
> --- a/xen/xsm/dummy.c
> +++ b/xen/xsm/dummy.c
> @@ -66,6 +66,8 @@ void xsm_fixup_ops (struct xsm_operations *ops)
>      set_to_dummy_if_null(ops, memory_adjust_reservation);
>      set_to_dummy_if_null(ops, memory_stat_reservation);
>      set_to_dummy_if_null(ops, memory_pin_page);
> +    set_to_dummy_if_null(ops, claim_pages);
> +    set_to_dummy_if_null(ops, xenmem_get_outstanding_pages);
>  
>      set_to_dummy_if_null(ops, console_io);
>  
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 04c8a39..3291aa2 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -417,6 +417,17 @@ static int flask_memory_pin_page(struct domain *d1,
> struct domain *d2,
>      return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE);
>  }
>  
> +static int flask_claim_pages(struct domain *d)
> +{
> +    return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SETCLAIM);
> +}
> +
> +static int flask_xenmem_get_outstanding_pages(void)
> +{
> +    return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN,
> +                                XEN__HEAP, NULL);
> +}
> +
>  static int flask_console_io(struct domain *d, int cmd)
>  {
>      u32 perm;
> @@ -1485,6 +1496,8 @@ static struct xsm_operations flask_ops = {
>      .memory_adjust_reservation = flask_memory_adjust_reservation,
>      .memory_stat_reservation = flask_memory_stat_reservation,
>      .memory_pin_page = flask_memory_pin_page,
> +    .claim_pages = flask_claim_pages,
> +    .xenmem_get_outstanding_pages = flask_xenmem_get_outstanding_pages,
>  
>      .console_io = flask_console_io,
>  
> diff --git a/xen/xsm/flask/policy/access_vectors
> b/xen/xsm/flask/policy/access_vectors
> index c8ae806..544c3ba 100644
> --- a/xen/xsm/flask/policy/access_vectors
> +++ b/xen/xsm/flask/policy/access_vectors
> @@ -54,7 +54,7 @@ class xen
>      debug
>  # XEN_SYSCTL_getcpuinfo, XENPF_get_cpu_version, XENPF_get_cpuinfo
>      getcpuinfo
> -# XEN_SYSCTL_availheap
> +# XEN_SYSCTL_availheap, XENMEM_get_outstanding_pages
>      heap
>  # XEN_SYSCTL_get_pmstat, XEN_SYSCTL_pm_op, XENPF_set_processor_pminfo,
>  # XENPF_core_parking
> @@ -192,6 +192,8 @@ class domain2
>      settsc
>  # XEN_DOMCTL_scheduler_op with XEN_DOMCTL_SCHEDOP_putinfo
>      setscheduler
> +# XENMEM_claim_pages
> +    setclaim
>  }
>  
>  # Similar to class domain, but primarily contains domctls related to HVM
> domains

next prev parent reply	other threads:[~2013-05-03 16:00 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-03 14:09 [PATCH v4 0/4] Rename/remove IS_PRIV Daniel De Graaf
2013-05-03 14:09 ` [PATCH RESEND 1/4] xen/xsm: add hooks for claim Daniel De Graaf
2013-05-03 15:46   ` Konrad Rzeszutek Wilk
2013-05-03 16:29     ` Daniel De Graaf
2013-05-03 16:00   ` Keir Fraser [this message]
2013-05-03 14:09 ` [PATCH RESEND 2/4] xen/arm: remove rcu_lock_target_domain_by_id users Daniel De Graaf
2013-05-03 14:26   ` Ian Campbell
2013-05-03 14:09 ` [PATCH RESEND 3/4] xen/common: remove rcu_lock_target_domain_by_id Daniel De Graaf
2013-05-03 16:00   ` Keir Fraser
2013-05-03 14:09 ` [PATCH RESEND 4/4] xen: rename IS_PRIV to is_hardware_domain Daniel De Graaf
2013-05-03 16:00   ` Keir Fraser

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CDA99DB9.24001%keir.xen@gmail.com \
    --to=keir.xen@gmail.com \
    --cc=dan.magenheimer@oracle.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=keir@xen.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.