From: Christopher Clark <christopher.w.clark@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
James McKenzie <voreekf@madingley.org>,
Ross Philipson <ross.philipson@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Jason Andryuk <jandryuk@gmail.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Rich Persaud <persaur@gmail.com>, Tim Deegan <tim@xen.org>,
Daniel Smith <dpsmith@apertussolutions.com>,
Julien Grall <julien.grall@arm.com>,
Paul Durrant <paul.durrant@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
Eric Chanudet <eric.chanudet@gmail.com>
Subject: [PATCH 17/25] xsm, argo: XSM control for any access to argo by a domain
Date: Fri, 30 Nov 2018 17:32:56 -0800 [thread overview]
Message-ID: <1543627984-21394-18-git-send-email-christopher.w.clark@gmail.com> (raw)
In-Reply-To: <1543627984-21394-1-git-send-email-christopher.w.clark@gmail.com>
Will inhibit initialization of the domain's argo data structure to
prevent receiving any messages or notifications and access to any of
the argo hypercall operations.
Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
---
xen/common/argo.c | 4 ++--
xen/include/xsm/dummy.h | 5 +++++
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 7 +++++++
xen/xsm/flask/policy/access_vectors | 3 +++
6 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/xen/common/argo.c b/xen/common/argo.c
index a171191..ca48032 100644
--- a/xen/common/argo.c
+++ b/xen/common/argo.c
@@ -1588,7 +1588,7 @@ do_argo_message_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1,
argo_dprintk("->do_argo_message_op(%d,%p,%p,%d,%d)\n", cmd,
(void *)arg1.p, (void *)arg2.p, (int) arg3, (int) arg4);
- if ( unlikely(!opt_argo_enabled) )
+ if ( unlikely(!opt_argo_enabled || xsm_argo_enable(d)) )
{
rc = -ENOSYS;
argo_dprintk("<-do_argo_message_op()=%ld\n", rc);
@@ -1685,7 +1685,7 @@ argo_init(struct domain *d)
int i;
int rc;
- if ( !opt_argo_enabled )
+ if ( !opt_argo_enabled || xsm_argo_enable(d) )
{
argo_dprintk("argo disabled, domid: %d\n", d->domain_id);
return 0;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 85965fc..1ad52c0 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -721,6 +721,11 @@ static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d)
#endif /* CONFIG_X86 */
#ifdef CONFIG_ARGO
+static XSM_INLINE int xsm_argo_enable(struct domain *d)
+{
+ return 0;
+}
+
static XSM_INLINE int xsm_argo_register_single_source(struct domain *d,
struct domain *t)
{
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 470e7c3..70d7e86 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -182,6 +182,7 @@ struct xsm_operations {
int (*xen_version) (uint32_t cmd);
int (*domain_resource_map) (struct domain *d);
#ifdef CONFIG_ARGO
+ int (*argo_enable) (struct domain *d);
int (*argo_register_single_source) (struct domain *d, struct domain *t);
int (*argo_register_any_source) (struct domain *d);
int (*argo_send) (struct domain *d, struct domain *t);
@@ -704,6 +705,11 @@ static inline int xsm_domain_resource_map(xsm_default_t def, struct domain *d)
}
#ifdef CONFIG_ARGO
+static inline xsm_argo_enable(struct domain *d)
+{
+ return xsm_ops->argo_enable(d);
+}
+
static inline xsm_argo_register_single_source(struct domain *d, struct domain *t)
{
return xsm_ops->argo_register_single_source(d, t);
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index ffac774..1fe0e74 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -153,6 +153,7 @@ void __init xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, xen_version);
set_to_dummy_if_null(ops, domain_resource_map);
#ifdef CONFIG_ARGO
+ set_to_dummy_if_null(ops, argo_enable);
set_to_dummy_if_null(ops, argo_register_single_source);
set_to_dummy_if_null(ops, argo_register_any_source);
set_to_dummy_if_null(ops, argo_send);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 7b4e5ff..897bc94 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1718,6 +1718,12 @@ static int flask_domain_resource_map(struct domain *d)
}
#ifdef CONFIG_ARGO
+static int flask_argo_enable(struct domain *d)
+{
+ return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO,
+ ARGO__ENABLE, NULL);
+}
+
static int flask_argo_register_single_source(struct domain *d,
struct domain *t)
{
@@ -1873,6 +1879,7 @@ static struct xsm_operations flask_ops = {
.xen_version = flask_xen_version,
.domain_resource_map = flask_domain_resource_map,
#ifdef CONFIG_ARGO
+ .argo_enable = flask_argo_enable,
.argo_register_single_source = flask_argo_register_single_source,
.argo_register_any_source = flask_argo_register_any_source,
.argo_send = flask_argo_send,
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index f6c5377..e00448b 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -535,6 +535,9 @@ class version
# Class argo is used to describe the Argo interdomain communication system.
class argo
{
+ # Enable initialization of a domain's argo subsystem and
+ # permission to access the argo hypercall operations.
+ enable
# Domain requesting registration of a communication ring
# to receive messages from a specific other domain.
register_single_source
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-12-01 1:34 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-01 1:32 [PATCH 00/25] Argo: hypervisor-mediated interdomain communication Christopher Clark
2018-12-01 1:32 ` [PATCH 01/25] xen/evtchn: expose evtchn_bind_ipi_vcpu0_domain for use within Xen Christopher Clark
2018-12-03 16:20 ` Jan Beulich
2018-12-04 9:17 ` Christopher Clark
2018-12-01 1:32 ` [PATCH 02/25] argo: Introduce the Kconfig option to govern inclusion of Argo Christopher Clark
2018-12-03 15:51 ` Jan Beulich
2018-12-04 9:12 ` Christopher Clark
2018-12-01 1:32 ` [PATCH 03/25] argo: introduce the argo_message_op hypercall boilerplate Christopher Clark
2018-12-04 9:44 ` Paul Durrant
2018-12-20 5:13 ` Christopher Clark
2018-12-01 1:32 ` [PATCH 04/25] argo: define argo_dprintk for subsystem debugging Christopher Clark
2018-12-03 15:59 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 05/25] argo: Add initial argo_init and argo_destroy Christopher Clark
2018-12-04 9:12 ` Paul Durrant
2018-12-13 13:16 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 06/25] argo: Xen command line parameter 'argo': bool to enable/disable Christopher Clark
2018-12-04 9:18 ` Paul Durrant
2018-12-04 11:35 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 07/25] xen (ARM, x86): add errno-returning functions for copy Christopher Clark
2018-12-04 9:35 ` Paul Durrant
2018-12-12 16:01 ` Roger Pau Monné
2018-12-20 5:16 ` Christopher Clark
2018-12-20 8:45 ` Jan Beulich
2018-12-20 12:57 ` Roger Pau Monné
2018-12-01 1:32 ` [PATCH 08/25] xen: define XEN_GUEST_HANDLE_NULL as null XEN_GUEST_HANDLE Christopher Clark
2018-12-04 11:39 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 09/25] errno: add POSIX error codes EMSGSIZE, ECONNREFUSED to the ABI Christopher Clark
2018-12-03 15:42 ` Jan Beulich
2018-12-04 9:10 ` Christopher Clark
2018-12-04 10:04 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 10/25] arm: introduce guest_handle_for_field() Christopher Clark
2018-12-04 9:46 ` Paul Durrant
2018-12-01 1:32 ` [PATCH 11/25] xsm, argo: XSM control for argo register operation, argo_mac bootparam Christopher Clark
2018-12-04 9:52 ` Paul Durrant
2018-12-20 5:19 ` Christopher Clark
2018-12-01 1:32 ` [PATCH 12/25] xsm, argo: XSM control for argo message send operation Christopher Clark
2018-12-04 9:53 ` Paul Durrant
2018-12-01 1:32 ` [PATCH 13/25] argo: implement the register op Christopher Clark
2018-12-02 20:10 ` Julien Grall
2018-12-04 9:08 ` Christopher Clark
2018-12-05 17:20 ` Julien Grall
2018-12-05 22:35 ` Christopher Clark
2018-12-11 13:51 ` Julien Grall
2018-12-04 10:57 ` Paul Durrant
2018-12-12 9:48 ` Jan Beulich
2018-12-20 5:29 ` Christopher Clark
2018-12-20 8:29 ` Jan Beulich
2018-12-21 1:25 ` Christopher Clark
2018-12-21 7:28 ` Jan Beulich
2018-12-21 8:16 ` Christopher Clark
2018-12-21 8:53 ` Jan Beulich
2018-12-21 23:28 ` Christopher Clark
2018-12-12 16:47 ` Roger Pau Monné
2018-12-20 5:41 ` Christopher Clark
2018-12-20 8:51 ` Jan Beulich
2018-12-20 12:52 ` Roger Pau Monné
2018-12-21 23:05 ` Christopher Clark
2019-01-04 8:57 ` Roger Pau Monné
2019-01-04 13:22 ` Jan Beulich
2019-01-04 15:35 ` Roger Pau Monné
2019-01-04 15:47 ` Jan Beulich
2019-01-07 9:00 ` Roger Pau Monné
2019-01-09 16:15 ` Tamas K Lengyel
2019-01-09 16:23 ` Razvan Cojocaru
2019-01-09 16:34 ` Roger Pau Monné
2019-01-09 16:48 ` Razvan Cojocaru
2019-01-09 16:50 ` Tamas K Lengyel
2019-01-09 16:59 ` Roger Pau Monné
2019-01-09 17:03 ` Fwd: " Roger Pau Monné
2019-01-09 17:03 ` Razvan Cojocaru
2018-12-01 1:32 ` [PATCH 14/25] argo: implement the unregister op Christopher Clark
2018-12-04 11:10 ` Paul Durrant
2018-12-12 9:51 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 15/25] argo: implement the sendv op Christopher Clark
2018-12-04 11:22 ` Paul Durrant
2018-12-12 11:52 ` Jan Beulich
2018-12-20 5:58 ` Christopher Clark
2018-12-20 8:33 ` Jan Beulich
2019-01-04 8:13 ` Christopher Clark
2019-01-04 8:43 ` Roger Pau Monné
2019-01-04 13:37 ` Jan Beulich
2019-01-07 20:54 ` Christopher Clark
2018-12-01 1:32 ` [PATCH 16/25] argo: implement the notify op Christopher Clark
2018-12-13 14:06 ` Jan Beulich
2018-12-20 6:12 ` Christopher Clark
2018-12-20 8:39 ` Jan Beulich
2018-12-01 1:32 ` Christopher Clark [this message]
2018-12-01 1:32 ` [PATCH 18/25] argo: limit the max number of rings that a domain may register Christopher Clark
2018-12-13 14:08 ` Jan Beulich
2018-12-01 1:32 ` [PATCH 19/25] argo: limit the max number of notify requests in a single operation Christopher Clark
2018-12-01 1:32 ` [PATCH 20/25] argo, xsm: notify: don't describe rings that cannot be sent to Christopher Clark
2018-12-01 1:33 ` [PATCH 21/25] argo: add array_index_nospec to guard the result of the hash func Christopher Clark
2018-12-13 14:10 ` Jan Beulich
2018-12-01 1:33 ` [PATCH 22/25] xen/evtchn: expose send_guest_global_virq for use within Xen Christopher Clark
2018-12-13 14:12 ` Jan Beulich
2018-12-01 1:33 ` [PATCH 23/25] argo: signal x86 HVM and ARM via VIRQ Christopher Clark
2018-12-02 19:55 ` Julien Grall
2018-12-04 9:03 ` Christopher Clark
2018-12-04 9:16 ` Paul Durrant
2018-12-12 14:49 ` James
2018-12-11 14:15 ` Julien Grall
2018-12-13 14:16 ` Jan Beulich
2018-12-20 6:20 ` Christopher Clark
2018-12-01 1:33 ` [PATCH 24/25] argo: unmap rings on suspend and send signal to ring-owners on resume Christopher Clark
2018-12-13 14:26 ` Jan Beulich
2018-12-20 6:25 ` Christopher Clark
2018-12-01 1:33 ` [PATCH 25/25] argo: implement the get_config op to query notification config Christopher Clark
2018-12-13 14:32 ` Jan Beulich
2018-12-03 16:49 ` [PATCH 00/25] Argo: hypervisor-mediated interdomain communication Chris Patterson
2018-12-04 9:00 ` Christopher Clark
2018-12-11 22:13 ` Chris Patterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1543627984-21394-18-git-send-email-christopher.w.clark@gmail.com \
--to=christopher.w.clark@gmail.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=dpsmith@apertussolutions.com \
--cc=eric.chanudet@gmail.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jandryuk@gmail.com \
--cc=jbeulich@suse.com \
--cc=julien.grall@arm.com \
--cc=konrad.wilk@oracle.com \
--cc=paul.durrant@citrix.com \
--cc=persaur@gmail.com \
--cc=ross.philipson@gmail.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=voreekf@madingley.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).