From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: xen-devel@lists.xensource.com
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH 03/10] xsm/flask: Use PCI device label for PCI-MSI IRQs
Date: Tue, 31 Jan 2012 16:26:11 -0500 [thread overview]
Message-ID: <1328045178-30665-4-git-send-email-dgdegra@tycho.nsa.gov> (raw)
In-Reply-To: <1328045178-30665-1-git-send-email-dgdegra@tycho.nsa.gov>
Because the PCI-MSI IRQ numbers are allocated dynamically, labeling them
by number is not useful. Instead, for all IRQs beyond nr_irqs_gsi,
use the associated msi_desc to find the PCI device and use the label of
the PCI device for the IRQ.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
xen/xsm/flask/hooks.c | 53 +++++++++++++++++++++++++++++++++++-------------
1 files changed, 38 insertions(+), 15 deletions(-)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index d79405b..0dbf19d 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -19,6 +19,7 @@
#include <xen/errno.h>
#include <xen/guest_access.h>
#include <xen/xenoprof.h>
+#include <asm/msi.h>
#include <public/xen.h>
#include <public/physdev.h>
#include <public/platform.h>
@@ -62,6 +63,36 @@ static int domain_has_xen(struct domain *d, u32 perms)
return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_XEN, perms, NULL);
}
+static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
+{
+ struct irq_desc *desc = irq_to_desc(irq);
+ if ( irq >= nr_irqs || irq < 0 )
+ return -EINVAL;
+ if ( irq < nr_irqs_gsi ) {
+ if (ad) {
+ AVC_AUDIT_DATA_INIT(ad, IRQ);
+ ad->irq = irq;
+ }
+ return security_irq_sid(irq, sid);
+ }
+ if ( desc->msi_desc ) {
+ struct pci_dev *dev = desc->msi_desc->dev;
+ u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
+ if (ad) {
+ AVC_AUDIT_DATA_INIT(ad, DEV);
+ ad->device = sbdf;
+ }
+ return security_device_sid(sbdf, sid);
+ }
+ if (ad) {
+ AVC_AUDIT_DATA_INIT(ad, IRQ);
+ ad->irq = irq;
+ }
+ /* HPET or IOMMU IRQ, should not be seen by domains */
+ *sid = SECINITSID_UNLABELED;
+ return 0;
+}
+
static int flask_domain_alloc_security(struct domain *d)
{
struct domain_security_struct *dsec;
@@ -292,8 +323,8 @@ static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *c
break;
case ECS_PIRQ:
irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
- if (irq)
- security_irq_sid(irq, &sid);
+ if (irq && get_irq_sid(irq, &sid, NULL))
+ return NULL;
break;
}
if ( !sid )
@@ -716,7 +747,7 @@ static char *flask_show_irq_sid (int irq)
{
u32 sid, ctx_len;
char *ctx;
- int rc = security_irq_sid(irq, &sid);
+ int rc = get_irq_sid(irq, &sid, NULL);
if ( rc )
return NULL;
@@ -726,7 +757,7 @@ static char *flask_show_irq_sid (int irq)
return ctx;
}
-static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
+static int flask_irq_permission (struct domain *d, int irq, uint8_t access)
{
u32 perm;
u32 rsid;
@@ -749,13 +780,10 @@ static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
ssec = current->domain->ssid;
tsec = d->ssid;
- rc = security_irq_sid(pirq, &rsid);
+ rc = get_irq_sid(irq, &rsid, &ad);
if ( rc )
return rc;
- AVC_AUDIT_DATA_INIT(&ad, IRQ);
- ad.irq = pirq;
-
rc = avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad);
if ( rc )
return rc;
@@ -915,12 +943,10 @@ static int flask_resource_setup_gsi(int gsi)
struct avc_audit_data ad;
struct domain_security_struct *ssec;
- rc = security_irq_sid(gsi, &rsid);
+ rc = get_irq_sid(gsi, &rsid, &ad);
if ( rc )
return rc;
- AVC_AUDIT_DATA_INIT(&ad, IRQ);
- ad.irq = gsi;
ssec = current->domain->ssid;
return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad);
}
@@ -1424,13 +1450,10 @@ static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *b
irq = domain_pirq_to_irq(d, bind->machine_irq);
- rc = security_irq_sid(irq, &rsid);
+ rc = get_irq_sid(irq, &rsid, &ad);
if ( rc )
return rc;
- AVC_AUDIT_DATA_INIT(&ad, IRQ);
- ad.irq = irq;
-
ssec = current->domain->ssid;
rc = avc_has_perm(ssec->sid, rsid, SECCLASS_HVM, HVM__BIND_IRQ, &ad);
if ( rc )
--
1.7.7.6
next prev parent reply other threads:[~2012-01-31 21:26 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-31 21:26 [PATCH 00/10] FLASK updates: MSI interrupts, cleanups Daniel De Graaf
2012-01-31 21:26 ` [PATCH 01/10] xsm: Add security labels to event-channel dump Daniel De Graaf
2012-01-31 21:26 ` [PATCH 02/10] xsm: Add security label to IRQ debug output Daniel De Graaf
2012-01-31 21:26 ` Daniel De Graaf [this message]
2012-01-31 21:26 ` [PATCH 04/10] xsm: Add xsm_map_domain_pirq hook Daniel De Graaf
2012-01-31 21:26 ` [PATCH 05/10] xsm: Use mapped IRQ not PIRQ in unmap_domain_pirq Daniel De Graaf
2012-01-31 21:26 ` [PATCH 06/10] xsm/flask: Improve error reporting for ocontexts Daniel De Graaf
2012-01-31 21:26 ` [PATCH 07/10] xsm/flask: Remove useless back pointers Daniel De Graaf
2012-01-31 21:26 ` [PATCH 08/10] flask/policy: Policy build updates Daniel De Graaf
2012-01-31 21:26 ` [PATCH 09/10] flask/policy: Add user and constraint examples Daniel De Graaf
2012-01-31 21:26 ` [PATCH 10/10] flask/policy: use declare_domain for dom0_t Daniel De Graaf
2012-02-01 19:09 ` [PATCH 0/8] XSM/FLASK updates part 2: booleans, stubdoms Daniel De Graaf
2012-02-01 19:09 ` [PATCH 1/8] xen/xsm: fix incorrect handling of XSM hook return Daniel De Graaf
2012-02-01 19:09 ` [PATCH 2/8] xsm/flask: allow policy booleans to be addressed by name Daniel De Graaf
2012-02-01 19:09 ` [PATCH 3/8] libflask: Add boolean manipulation functions Daniel De Graaf
2012-02-02 9:06 ` Ian Campbell
2012-02-02 14:28 ` Daniel De Graaf
2012-02-02 14:50 ` Ian Campbell
2012-02-02 15:22 ` Daniel De Graaf
2012-02-01 19:09 ` [PATCH 4/8] flask: add flask-{get,set}-bool tools Daniel De Graaf
2012-02-01 19:09 ` [PATCH 5/8] flask/policy: Add boolean example Daniel De Graaf
2012-02-01 19:09 ` [PATCH 6/8] libxl: Add device_model_stubdomain_seclabel Daniel De Graaf
2012-02-02 15:28 ` Keir Fraser
2012-02-09 18:25 ` Ian Jackson
2012-02-01 19:09 ` [PATCH 7/8] flask/policy: add device model types to example policy Daniel De Graaf
2012-02-09 18:25 ` Ian Jackson
2012-02-01 19:09 ` [PATCH 8/8] xsm/flask: Improve domain ID auditing in AVCs Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1328045178-30665-4-git-send-email-dgdegra@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).