From patchwork Thu Jul 31 15:00:32 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 34658 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wg0-f69.google.com (mail-wg0-f69.google.com [74.125.82.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id C105E20540 for ; Thu, 31 Jul 2014 15:02:28 +0000 (UTC) Received: by mail-wg0-f69.google.com with SMTP id m15sf1815072wgh.8 for ; Thu, 31 Jul 2014 08:02:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:cc:subject:precedence:list-id:list-unsubscribe:list-post :list-help:list-subscribe:mime-version:sender:errors-to :x-original-sender:x-original-authentication-results:mailing-list :list-archive:content-type:content-transfer-encoding; bh=D376tRPlPXPbhEqDLxlbAGxfPTnwAkYBP2BcdPUxzvM=; b=BMWTfeapmVeV7Wk6xEc06ClDLMstziHxnugw9mwEdLQgfmOIFgEABaLOlzeidZU9uz m5B6jZ8Yn6u+UstjyxVQkCcBX4mOGCm2Bypjxbcjkb5uVb5XSpDTFBJkgdv2niMIrFnc bzbRVZmw100ToTE6qHs/Z5BLKXaeHWO8m3Y8TE21GyUAom8aQe4oBWLu6uCF0uDLpKUR 1cnjtlCJXy5flVdeD4cEO3yLqIeJn6tBj+RgKx3Avj4pbTBe8fUpyGT70SQtE1wPGZDN jYmV+LNiWrv1fMbkd94cVfauefCXBOGc+QJbbiVt383DyCreQRQMDVZTnHGFKpygzCcd bzHA== X-Gm-Message-State: ALoCoQn7JjJyA48+BN6eVLDz5dhv6LJd2gqNgyhX/JgBQ/iRLQOGxG7J4XLRdFBrd83Iwnxn4ZW2 X-Received: by 10.112.33.116 with SMTP id q20mr929485lbi.6.1406818945001; Thu, 31 Jul 2014 08:02:25 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.31.101 with SMTP id e92ls1043716qge.37.gmail; Thu, 31 Jul 2014 08:02:24 -0700 (PDT) X-Received: by 10.52.142.102 with SMTP id rv6mr15574254vdb.26.1406818944850; Thu, 31 Jul 2014 08:02:24 -0700 (PDT) Received: from mail-vc0-f180.google.com (mail-vc0-f180.google.com [209.85.220.180]) by mx.google.com with ESMTPS id w19si4623078vcu.38.2014.07.31.08.02.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Jul 2014 08:02:24 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.220.180 as permitted sender) client-ip=209.85.220.180; Received: by mail-vc0-f180.google.com with SMTP id ij19so4412136vcb.39 for ; Thu, 31 Jul 2014 08:02:24 -0700 (PDT) X-Received: by 10.52.129.200 with SMTP id ny8mr14904039vdb.27.1406818944059; Thu, 31 Jul 2014 08:02:24 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.221.37.5 with SMTP id tc5csp25070vcb; Thu, 31 Jul 2014 08:02:23 -0700 (PDT) X-Received: by 10.50.137.73 with SMTP id qg9mr66204879igb.19.1406818942250; Thu, 31 Jul 2014 08:02:22 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id p10si41165312igj.57.2014.07.31.08.02.21 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 31 Jul 2014 08:02:22 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XCrqr-0000TI-Cz; Thu, 31 Jul 2014 15:01:05 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XCrqq-0000Sw-DZ for xen-devel@lists.xenproject.org; Thu, 31 Jul 2014 15:01:04 +0000 Received: from [193.109.254.147:32490] by server-8.bemta-14.messagelabs.com id 67/05-07074-F2A5AD35; Thu, 31 Jul 2014 15:01:03 +0000 X-Env-Sender: julien.grall@linaro.org X-Msg-Ref: server-9.tower-27.messagelabs.com!1406818862!12962081!1 X-Originating-IP: [209.85.212.171] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.11.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 11551 invoked from network); 31 Jul 2014 15:01:02 -0000 Received: from mail-wi0-f171.google.com (HELO mail-wi0-f171.google.com) (209.85.212.171) by server-9.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 31 Jul 2014 15:01:02 -0000 Received: by mail-wi0-f171.google.com with SMTP id hi2so9541539wib.10 for ; Thu, 31 Jul 2014 08:01:02 -0700 (PDT) X-Received: by 10.194.63.37 with SMTP id d5mr18004648wjs.92.1406818861258; Thu, 31 Jul 2014 08:01:01 -0700 (PDT) Received: from belegaer.uk.xensource.com ([185.25.64.249]) by mx.google.com with ESMTPSA id r20sm67128337wik.0.2014.07.31.08.00.59 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Jul 2014 08:01:00 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Thu, 31 Jul 2014 16:00:32 +0100 Message-Id: <1406818852-31856-2-git-send-email-julien.grall@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1406818852-31856-1-git-send-email-julien.grall@linaro.org> References: <1406818852-31856-1-git-send-email-julien.grall@linaro.org> Cc: Ian Campbell , Paolo Valente , Keir Fraser , ian.campbell@citrix.com, Stefano Stabellini , Ian Jackson , Dario Faggioli , tim@xen.org, Julien Grall , Eric Trudeau , Andrew Cooper , stefano.stabellini@citrix.com, Jan Beulich , Arianna Avanzini , Viktor Kleinik Subject: [Xen-devel] [PATCH v2 01/21] xen/common: do not implicitly permit access to mapped I/O memory X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: julien.grall@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.220.180 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: From: Arianna Avanzini Currently, the XEN_DOMCTL_memory_mapping hypercall implicitly grants to a domain access permission to the I/O memory areas mapped in its guest address space. This conflicts with the presence of a specific hypercall (XEN_DOMCTL_iomem_permission) used to grant such a permission to a domain. This commit separates the functions of the two hypercalls by having only the latter be able to permit I/O memory access to a domain, and the former just performing the mapping after a permissions check on both the granting and the grantee domains. Signed-off-by: Arianna Avanzini Cc: Dario Faggioli Cc: Paolo Valente Cc: Stefano Stabellini Cc: Julien Grall Cc: Ian Campbell Cc: Jan Beulich Cc: Keir Fraser Cc: Tim Deegan Cc: Ian Jackson Cc: Andrew Cooper Cc: Eric Trudeau Cc: Viktor Kleinik --- xen/common/domctl.c | 36 ++++++++++-------------------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 80b7800..04ecd53 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -917,7 +917,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) break; ret = -EPERM; - if ( !iomem_access_permitted(current->domain, mfn, mfn_end) ) + if ( !iomem_access_permitted(current->domain, mfn, mfn_end) || + !iomem_access_permitted(d, mfn, mfn_end) ) break; ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn_end, add); @@ -930,40 +931,23 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) "memory_map:add: dom%d gfn=%lx mfn=%lx nr=%lx\n", d->domain_id, gfn, mfn, nr_mfns); - ret = iomem_permit_access(d, mfn, mfn_end); - if ( !ret ) - { - ret = map_mmio_regions(d, gfn, nr_mfns, mfn); - if ( ret ) - { - printk(XENLOG_G_WARNING - "memory_map:fail: dom%d gfn=%lx mfn=%lx nr=%lx ret:%ld\n", - d->domain_id, gfn, mfn, nr_mfns, ret); - if ( iomem_deny_access(d, mfn, mfn_end) && - is_hardware_domain(current->domain) ) - printk(XENLOG_ERR - "memory_map: failed to deny dom%d access to [%lx,%lx]\n", - d->domain_id, mfn, mfn_end); - } - } + ret = map_mmio_regions(d, gfn, nr_mfns, mfn); + if ( ret ) + printk(XENLOG_G_WARNING + "memory_map:fail: dom%d gfn=%lx mfn=%lx nr=%lx ret:%ld\n", + d->domain_id, gfn, mfn, nr_mfns, ret); } else { - int rc = 0; - printk(XENLOG_G_INFO "memory_map:remove: dom%d gfn=%lx mfn=%lx nr=%lx\n", d->domain_id, gfn, mfn, nr_mfns); - rc = unmap_mmio_regions(d, gfn, nr_mfns, mfn); - ret = iomem_deny_access(d, mfn, mfn_end); - if ( !ret ) - ret = rc; + ret = unmap_mmio_regions(d, gfn, nr_mfns, mfn); if ( ret && is_hardware_domain(current->domain) ) printk(XENLOG_ERR - "memory_map: error %ld %s dom%d access to [%lx,%lx]\n", - ret, rc ? "removing" : "denying", d->domain_id, - mfn, mfn_end); + "memory_map: error %ld removing dom%d access to [%lx,%lx]\n", + ret, d->domain_id, mfn, mfn_end); } /* Do this unconditionally to cover errors on above failure paths. */ memory_type_changed(d);