* minor hack can go away.
*/
if ( (real_pg_owner == NULL) || (pg_owner == l1e_owner) ||
- !IS_PRIV_FOR(pg_owner, real_pg_owner) )
+ xsm_priv_mapping(XSM_TARGET, pg_owner, real_pg_owner) )
{
MEM_LOG("pg_owner %d l1e_owner %d, but real_pg_owner %d",
pg_owner->domain_id, l1e_owner->domain_id,
mfn_t omfn;
int rc = 0;
- if ( !IS_PRIV_FOR(current->domain, d) )
- return -EPERM;
-
if ( !paging_mode_translate(d) )
return -EINVAL;
#include <xen/perfc.h>
#include <xen/domain_page.h>
#include <xen/iocap.h>
+#include <xsm/xsm.h>
#include <asm/page.h>
#include <asm/current.h>
#include <asm/shadow.h>
!shadow_mode_translate(d) &&
mfn_valid(mfn = shadow_l1e_get_mfn(sl1e)) &&
(owner = page_get_owner(mfn_to_page(mfn))) &&
- (d != owner) &&
- IS_PRIV_FOR(d, owner))
- {
- res = get_page_from_l1e(sl1e, d, owner);
- SHADOW_PRINTK("privileged domain %d installs map of mfn %05lx "
- "which is owned by domain %d: %s\n",
- d->domain_id, mfn_x(mfn), owner->domain_id,
- res >= 0 ? "success" : "failed");
+ (d != owner) )
+ {
+ res = xsm_priv_mapping(XSM_TARGET, d, owner);
+ if ( !res ) {
+ res = get_page_from_l1e(sl1e, d, owner);
+ SHADOW_PRINTK("privileged domain %d installs map of mfn %05lx "
+ "which is owned by domain %d: %s\n",
+ d->domain_id, mfn_x(mfn), owner->domain_id,
+ res >= 0 ? "success" : "failed");
+ }
}
/* Okay, it might still be a grant mapping PTE. Try it. */
return xsm_default_action(action, d, f);
}
+static XSM_INLINE int xsm_priv_mapping(XSM_DEFAULT_ARG struct domain *d, struct domain *t)
+{
+ XSM_ASSERT_ACTION(XSM_TARGET);
+ return xsm_default_action(action, d, t);
+}
+
static XSM_INLINE int xsm_bind_pt_irq(XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind)
{
XSM_ASSERT_ACTION(XSM_HOOK);
struct domain *f, uint32_t flags);
int (*mmuext_op) (struct domain *d, struct domain *f);
int (*update_va_mapping) (struct domain *d, struct domain *f, l1_pgentry_t pte);
+ int (*priv_mapping) (struct domain *d, struct domain *t);
int (*bind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind);
int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow);
return xsm_ops->update_va_mapping(d, f, pte);
}
+static inline int xsm_priv_mapping(xsm_default_t def, struct domain *d, struct domain *t)
+{
+ return xsm_ops->priv_mapping(d, t);
+}
+
static inline int xsm_bind_pt_irq(xsm_default_t def, struct domain *d,
struct xen_domctl_bind_pt_irq *bind)
{
set_to_dummy_if_null(ops, mmu_update);
set_to_dummy_if_null(ops, mmuext_op);
set_to_dummy_if_null(ops, update_va_mapping);
+ set_to_dummy_if_null(ops, priv_mapping);
set_to_dummy_if_null(ops, bind_pt_irq);
set_to_dummy_if_null(ops, unbind_pt_irq);
set_to_dummy_if_null(ops, ioport_permission);
return domain_has_perm(d, f, SECCLASS_MMU, map_perms);
}
+static int flask_priv_mapping(struct domain *d, struct domain *t)
+{
+ return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK);
+}
+
static int flask_get_device_group(uint32_t machine_bdf)
{
u32 rsid;
.mmu_update = flask_mmu_update,
.mmuext_op = flask_mmuext_op,
.update_va_mapping = flask_update_va_mapping,
+ .priv_mapping = flask_priv_mapping,
.get_device_group = flask_get_device_group,
.test_assign_device = flask_test_assign_device,
.assign_device = flask_assign_device,
# source = domain making the hypercall
# target = domain whose pages are being exchanged
exchange
+# Allow a privileged domain to install a map of a page it does not own. Used
+# for stub domain device models with the PV framebuffer.
+ target_hack
}
# control of the paging_domctl split by subop
projects / xen.git / commitdiff