From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: [PATCH 06/10] xsm/flask: Improve error reporting for ocontexts Date: Tue, 31 Jan 2012 16:26:14 -0500 Message-ID: <1328045178-30665-7-git-send-email-dgdegra@tycho.nsa.gov> References: <1328045178-30665-1-git-send-email-dgdegra@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1328045178-30665-1-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com Cc: Daniel De Graaf List-Id: xen-devel@lists.xenproject.org Instead of returning -EINVAL for all errors, return -EEXIST if adding an entry that overlaps with an existing entry, and -ENOENT if attempting to remove an entry that does not exist. Adding an ocontext that already exists with the same SID is no longer an error. Signed-off-by: Daniel De Graaf --- xen/xsm/flask/ss/services.c | 29 +++++++++++++++++++++-------- 1 files changed, 21 insertions(+), 8 deletions(-) diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c index 7b08e73..3b0acf5 100644 --- a/xen/xsm/flask/ss/services.c +++ b/xen/xsm/flask/ss/services.c @@ -2084,8 +2084,10 @@ int security_ocontext_add( char *ocontext, unsigned long low, unsigned long high { if ( c->u.pirq == add->u.pirq ) { + if ( c->sid[0] == sid ) + break; printk("%s: Duplicate pirq %d\n", __FUNCTION__, add->u.pirq); - ret = -EINVAL; + ret = -EEXIST; break; } c = c->next; @@ -2112,10 +2114,14 @@ int security_ocontext_add( char *ocontext, unsigned long low, unsigned long high if (c && c->u.ioport.low_ioport <= high) { + if (c->u.ioport.low_ioport == low && + c->u.ioport.high_ioport == high && c->sid[0] == sid) + break; + printk("%s: IO Port overlap with entry 0x%x - 0x%x\n", __FUNCTION__, c->u.ioport.low_ioport, c->u.ioport.high_ioport); - ret = -EINVAL; + ret = -EEXIST; break; } @@ -2142,10 +2148,14 @@ int security_ocontext_add( char *ocontext, unsigned long low, unsigned long high if (c && c->u.iomem.low_iomem <= high) { + if (c->u.iomem.low_iomem == low && + c->u.iomem.high_iomem == high && c->sid[0] == sid) + break; + printk("%s: IO Memory overlap with entry 0x%x - 0x%x\n", __FUNCTION__, c->u.iomem.low_iomem, c->u.iomem.high_iomem); - ret = -EINVAL; + ret = -EEXIST; break; } @@ -2171,9 +2181,12 @@ int security_ocontext_add( char *ocontext, unsigned long low, unsigned long high { if ( c->u.device == add->u.device ) { + if ( c->sid[0] == sid ) + break; + printk("%s: Duplicate PCI Device 0x%x\n", __FUNCTION__, add->u.device); - ret = -EINVAL; + ret = -EEXIST; break; } c = c->next; @@ -2230,7 +2243,7 @@ int security_ocontext_del( char *ocontext, unsigned int low, unsigned int high ) } printk("%s: ocontext not found: pirq %d\n", __FUNCTION__, low); - ret = -EINVAL; + ret = -ENOENT; break; case OCON_IOPORT: @@ -2257,7 +2270,7 @@ int security_ocontext_del( char *ocontext, unsigned int low, unsigned int high ) printk("%s: ocontext not found: ioport 0x%x - 0x%x\n", __FUNCTION__, low, high); - ret = -EINVAL; + ret = -ENOENT; break; case OCON_IOMEM: @@ -2284,7 +2297,7 @@ int security_ocontext_del( char *ocontext, unsigned int low, unsigned int high ) printk("%s: ocontext not found: iomem 0x%x - 0x%x\n", __FUNCTION__, low, high); - ret = -EINVAL; + ret = -ENOENT; break; case OCON_DEVICE: @@ -2309,7 +2322,7 @@ int security_ocontext_del( char *ocontext, unsigned int low, unsigned int high ) } printk("%s: ocontext not found: pcidevice 0x%x\n", __FUNCTION__, low); - ret = -EINVAL; + ret = -ENOENT; break; default: -- 1.7.7.6