#include <asm/mc146818rtc.h>
#include <asm/hpet.h>
#include <public/arch-x86/cpuid.h>
+#include <xsm/xsm.h>
/*
* opt_nmi: one of 'ignore', 'dom0', or 'fatal'.
return ioports_access_permitted(v->domain, port, port + bytes - 1);
}
+static int pci_cfg_ok(struct domain *d, int write, int size)
+{
+ uint32_t machine_bdf;
+ uint16_t start, end;
+ if (!IS_PRIV(d))
+ return 0;
+
+ machine_bdf = (d->arch.pci_cf8 >> 8) & 0xFFFF;
+ start = d->arch.pci_cf8 & 0xFF;
+ end = start + size - 1;
+ if (xsm_pci_config_permission(d, machine_bdf, start, end, write))
+ return 0;
+ return 1;
+}
+
static uint32_t guest_io_read(
unsigned int port, unsigned int bytes,
struct vcpu *v, struct cpu_user_regs *regs)
size = 4;
sub_data = v->domain->arch.pci_cf8;
}
- else if ( ((port & 0xfffc) == 0xcfc) && IS_PRIV(v->domain) )
+ else if ( (port & 0xfffc) == 0xcfc )
{
size = min(bytes, 4 - (port & 3));
if ( size == 3 )
size = 2;
- sub_data = pci_conf_read(v->domain->arch.pci_cf8, port & 3, size);
+ if ( pci_cfg_ok(v->domain, 0, size) )
+ sub_data = pci_conf_read(v->domain->arch.pci_cf8, port & 3, size);
}
if ( size == 4 )
size = 4;
v->domain->arch.pci_cf8 = data;
}
- else if ( ((port & 0xfffc) == 0xcfc) && IS_PRIV(v->domain) )
+ else if ( (port & 0xfffc) == 0xcfc )
{
size = min(bytes, 4 - (port & 3));
if ( size == 3 )
size = 2;
- pci_conf_write(v->domain->arch.pci_cf8, port & 3, size, data);
+ if ( pci_cfg_ok(v->domain, 1, size) )
+ pci_conf_write(v->domain->arch.pci_cf8, port & 3, size, data);
}
if ( size == 4 )
#include <xen/xmalloc.h>
#include <xen/pci.h>
#include <xen/pci_regs.h>
+#include <xsm/xsm.h>
#include "mmconfig.h"
unsigned int devfn, int reg, int len, u32 *value)
{
char __iomem *addr;
+ uint32_t mbdf;
/* Why do we have this when nobody checks it. How about a BUG()!? -AK */
if (unlikely((bus > 255) || (devfn > 255) || (reg > 4095))) {
return -EINVAL;
}
+ mbdf = (seg << 16) | (bus << 8) | devfn;
+ if (xsm_pci_config_permission(current->domain, mbdf, reg, reg + len - 1, 0)) {
+ *value = -1;
+ return -EPERM;
+ }
+
addr = pci_dev_base(seg, bus, devfn);
if (!addr)
goto err;
unsigned int devfn, int reg, int len, u32 value)
{
char __iomem *addr;
+ uint32_t mbdf;
/* Why do we have this when nobody checks it. How about a BUG()!? -AK */
if (unlikely((bus > 255) || (devfn > 255) || (reg > 4095)))
return -EINVAL;
+ mbdf = (seg << 16) | (bus << 8) | devfn;
+ if (xsm_pci_config_permission(current->domain, mbdf, reg, reg + len - 1, 1))
+ return -EPERM;
+
addr = pci_dev_base(seg, bus, devfn);
if (!addr)
return -EINVAL;
int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t allow);
+ int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access);
int (*get_device_group) (uint32_t machine_bdf);
int (*test_assign_device) (uint32_t machine_bdf);
return xsm_call(iomem_permission(d, s, e, allow));
}
+static inline int xsm_pci_config_permission (struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+{
+ return xsm_call(pci_config_permission(d, machine_bdf, start, end, access));
+}
+
static inline int xsm_get_device_group(uint32_t machine_bdf)
{
return xsm_call(get_device_group(machine_bdf));
return 0;
}
+static int dummy_pci_config_permission (struct domain *d, uint32_t machine_bdf,
+ uint16_t start, uint16_t end,
+ uint8_t access)
+{
+ return 0;
+}
+
#ifdef CONFIG_X86
static int dummy_shadow_control (struct domain *d, uint32_t op)
{
set_to_dummy_if_null(ops, irq_permission);
set_to_dummy_if_null(ops, iomem_permission);
+ set_to_dummy_if_null(ops, pci_config_permission);
set_to_dummy_if_null(ops, test_assign_device);
set_to_dummy_if_null(ops, assign_device);
return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data);
}
+static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access)
+{
+ u32 rsid;
+ int rc = -EPERM;
+ struct avc_audit_data ad;
+ struct domain_security_struct *ssec;
+ u32 perm = RESOURCE__USE;
+
+ rc = security_device_sid(machine_bdf, &rsid);
+ if ( rc )
+ return rc;
+
+ /* Writes to the BARs count as setup */
+ if ( access && (end >= 0x10 && start < 0x28) )
+ perm = RESOURCE__SETUP;
+
+ AVC_AUDIT_DATA_INIT(&ad, DEV);
+ ad.device = (unsigned long) machine_bdf;
+ ssec = d->ssid;
+ return avc_has_perm(ssec->sid, rsid, SECCLASS_RESOURCE, perm, &ad);
+
+}
+
static int flask_resource_plug_core(void)
{
struct domain_security_struct *ssec;
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
+ .pci_config_permission = flask_pci_config_permission,
.resource_plug_core = flask_resource_plug_core,
.resource_unplug_core = flask_resource_unplug_core,
projects / xen.git / commitdiff