The newly introduced xsm_platform_op hook addresses new sub-ops, while
most ops already have their own XSM hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>
---
xen/arch/x86/platform_hypercall.c | 11 ++++++++---
xen/include/xsm/dummy.h | 7 +++++++
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 33 +++++++++++++++++++++++++++++++++
5 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c
index 56e2994..570b3db 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -66,15 +66,16 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
ret_t ret = 0;
struct xen_platform_op curop, *op = &curop;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_xenpf_op, 1) )
return -EFAULT;
if ( op->interface_version != XENPF_INTERFACE_VERSION )
return -EACCES;
+ ret = xsm_platform_op(op->cmd);
+ if ( ret )
+ return ret;
+
/*
* Trylock here avoids deadlock with an existing platform critical section
* which might (for some current or future reason) want to synchronise
@@ -513,6 +514,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
struct xenpf_pcpu_version *ver = &op->u.pcpu_version;
+ ret = xsm_getcpuinfo();
+ if ( ret )
+ break;
+
if ( !get_cpu_maps() )
{
ret = -EBUSY;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index b335bd9..e42965c 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -593,6 +593,13 @@ static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
return 0;
}
+static XSM_INLINE int xsm_platform_op(uint32_t op)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_INLINE int xsm_firmware_info(void)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 75c27bb..470e3c0 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -159,6 +159,7 @@ struct xsm_operations {
int (*microcode) (void);
int (*physinfo) (void);
int (*platform_quirk) (uint32_t);
+ int (*platform_op) (uint32_t cmd);
int (*firmware_info) (void);
int (*efi_call) (void);
int (*acpi_sleep) (void);
@@ -704,6 +705,11 @@ static inline int xsm_platform_quirk (uint32_t quirk)
return xsm_ops->platform_quirk(quirk);
}
+static inline int xsm_platform_op (uint32_t op)
+{
+ return xsm_ops->platform_op(op);
+}
+
static inline int xsm_firmware_info (void)
{
return xsm_ops->firmware_info();
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index f6a0807..1e7f42c 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -144,6 +144,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, microcode);
set_to_dummy_if_null(ops, physinfo);
set_to_dummy_if_null(ops, platform_quirk);
+ set_to_dummy_if_null(ops, platform_op);
set_to_dummy_if_null(ops, firmware_info);
set_to_dummy_if_null(ops, efi_call);
set_to_dummy_if_null(ops, acpi_sleep);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b3698c7..63f936b 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1316,6 +1316,38 @@ static int flask_platform_quirk(uint32_t quirk)
XEN__QUIRK, NULL);
}
+static int flask_platform_op(uint32_t op)
+{
+ switch ( op )
+ {
+ case XENPF_settime:
+ case XENPF_add_memtype:
+ case XENPF_del_memtype:
+ case XENPF_read_memtype:
+ case XENPF_microcode_update:
+ case XENPF_platform_quirk:
+ case XENPF_firmware_info:
+ case XENPF_efi_runtime_call:
+ case XENPF_enter_acpi_sleep:
+ case XENPF_change_freq:
+ case XENPF_getidletime:
+ case XENPF_set_processor_pminfo:
+ case XENPF_get_cpuinfo:
+ case XENPF_get_cpu_version:
+ case XENPF_cpu_online:
+ case XENPF_cpu_offline:
+ case XENPF_cpu_hotadd:
+ case XENPF_mem_hotadd:
+ /* These operations have their own XSM hooks */
+ return 0;
+ case XENPF_core_parking:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+ default:
+ printk("flask_platform_op: Unknown op %d\n", op);
+ return -EPERM;
+ }
+}
+
static int flask_firmware_info(void)
{
return domain_has_xen(current->domain, XEN__FIRMWARE);
@@ -1687,6 +1719,7 @@ static struct xsm_operations flask_ops = {
.microcode = flask_microcode,
.physinfo = flask_physinfo,
.platform_quirk = flask_platform_quirk,
+ .platform_op = flask_platform_op,
.firmware_info = flask_firmware_info,
.efi_call = flask_efi_call,
.acpi_sleep = flask_acpi_sleep,
--
1.7.11.7
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
most ops already have their own XSM hooks.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>
---
xen/arch/x86/platform_hypercall.c | 11 ++++++++---
xen/include/xsm/dummy.h | 7 +++++++
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 1 +
xen/xsm/flask/hooks.c | 33 +++++++++++++++++++++++++++++++++
5 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c
index 56e2994..570b3db 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -66,15 +66,16 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
ret_t ret = 0;
struct xen_platform_op curop, *op = &curop;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_xenpf_op, 1) )
return -EFAULT;
if ( op->interface_version != XENPF_INTERFACE_VERSION )
return -EACCES;
+ ret = xsm_platform_op(op->cmd);
+ if ( ret )
+ return ret;
+
/*
* Trylock here avoids deadlock with an existing platform critical section
* which might (for some current or future reason) want to synchronise
@@ -513,6 +514,10 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
{
struct xenpf_pcpu_version *ver = &op->u.pcpu_version;
+ ret = xsm_getcpuinfo();
+ if ( ret )
+ break;
+
if ( !get_cpu_maps() )
{
ret = -EBUSY;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index b335bd9..e42965c 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -593,6 +593,13 @@ static XSM_INLINE int xsm_platform_quirk(uint32_t quirk)
return 0;
}
+static XSM_INLINE int xsm_platform_op(uint32_t op)
+{
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ return 0;
+}
+
static XSM_INLINE int xsm_firmware_info(void)
{
return 0;
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 75c27bb..470e3c0 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -159,6 +159,7 @@ struct xsm_operations {
int (*microcode) (void);
int (*physinfo) (void);
int (*platform_quirk) (uint32_t);
+ int (*platform_op) (uint32_t cmd);
int (*firmware_info) (void);
int (*efi_call) (void);
int (*acpi_sleep) (void);
@@ -704,6 +705,11 @@ static inline int xsm_platform_quirk (uint32_t quirk)
return xsm_ops->platform_quirk(quirk);
}
+static inline int xsm_platform_op (uint32_t op)
+{
+ return xsm_ops->platform_op(op);
+}
+
static inline int xsm_firmware_info (void)
{
return xsm_ops->firmware_info();
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index f6a0807..1e7f42c 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -144,6 +144,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, microcode);
set_to_dummy_if_null(ops, physinfo);
set_to_dummy_if_null(ops, platform_quirk);
+ set_to_dummy_if_null(ops, platform_op);
set_to_dummy_if_null(ops, firmware_info);
set_to_dummy_if_null(ops, efi_call);
set_to_dummy_if_null(ops, acpi_sleep);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b3698c7..63f936b 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1316,6 +1316,38 @@ static int flask_platform_quirk(uint32_t quirk)
XEN__QUIRK, NULL);
}
+static int flask_platform_op(uint32_t op)
+{
+ switch ( op )
+ {
+ case XENPF_settime:
+ case XENPF_add_memtype:
+ case XENPF_del_memtype:
+ case XENPF_read_memtype:
+ case XENPF_microcode_update:
+ case XENPF_platform_quirk:
+ case XENPF_firmware_info:
+ case XENPF_efi_runtime_call:
+ case XENPF_enter_acpi_sleep:
+ case XENPF_change_freq:
+ case XENPF_getidletime:
+ case XENPF_set_processor_pminfo:
+ case XENPF_get_cpuinfo:
+ case XENPF_get_cpu_version:
+ case XENPF_cpu_online:
+ case XENPF_cpu_offline:
+ case XENPF_cpu_hotadd:
+ case XENPF_mem_hotadd:
+ /* These operations have their own XSM hooks */
+ return 0;
+ case XENPF_core_parking:
+ return domain_has_xen(current->domain, XEN__PM_OP);
+ default:
+ printk("flask_platform_op: Unknown op %d\n", op);
+ return -EPERM;
+ }
+}
+
static int flask_firmware_info(void)
{
return domain_has_xen(current->domain, XEN__FIRMWARE);
@@ -1687,6 +1719,7 @@ static struct xsm_operations flask_ops = {
.microcode = flask_microcode,
.physinfo = flask_physinfo,
.platform_quirk = flask_platform_quirk,
+ .platform_op = flask_platform_op,
.firmware_info = flask_firmware_info,
.efi_call = flask_efi_call,
.acpi_sleep = flask_acpi_sleep,
--
1.7.11.7
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel