From patchwork Wed Aug 30 18:32:22 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sergej Proskurin <proskurin@sec.in.tum.de>
X-Patchwork-Id: 9930619
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	6CE496032A for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed, 30 Aug 2017 18:36:09 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64EE0285C8
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed, 30 Aug 2017 18:36:09 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5A11928717; Wed, 30 Aug 2017 18:36:09 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 01D27285C8
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed, 30 Aug 2017 18:36:09 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dn7nj-0001Uc-8C; Wed, 30 Aug 2017 18:33:19 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <proskurin@sec.in.tum.de>) id 1dn7ni-0001UH-Bb
	for xen-devel@lists.xenproject.org; Wed, 30 Aug 2017 18:33:18 +0000
Received: from [193.109.254.147] by server-4.bemta-6.messagelabs.com id
	46/9C-03283-DE407A95; Wed, 30 Aug 2017 18:33:17 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOLMWRWlGSWpSXmKPExsXSPJ+BQ/cty/J
	Ig6szOCy+b5nM5MDocfjDFZYAxijWzLyk/IoE1oyz+9QLZohW/D67lKmBsZm/i5GLQ0hgI6PE
	yqWTmSCcTYwSW2fPYO5i5ORgEzCQmPJ6JSuILSKgJHFvFUQRs0ATo8S9xgdsIAlhAQeJ/xe/g
	RWxCKhKtLTMBLN5BWwkvq6dyARiSwjIS5x7cBtsKKeArcSZAzPAaoSAau7NPc88gZF7ASPDKk
	aN4tSistQiXUNzvaSizPSMktzEzBxdQwMzvdzU4uLE9NScxKRiveT83E2MQA8zAMEOxtsbAw4
	xSnIwKYnyWvxaFinEl5SfUpmRWJwRX1Sak1p8iFGGg0NJgncW8/JIIcGi1PTUirTMHGCowaQl
	OHiURHi7QdK8xQWJucWZ6RCpU4yKUuK8i0ESAiCJjNI8uDZYeF9ilJUS5mUEOkSIpyC1KDezB
	FX+FaM4B6OSMK8wyBSezLwSuOmvgBYzAS2O9VoKsrgkESEl1cBY1tdR4PcmzfujeSVvTKZPqn
	hU6oGmpUXyO+rdFhUz3DdwPltp2Ldy69NgPWEPS0XzDT9W6PGf/sollrbwlY9dXate2Iu8W4s
	1jvIoXTIpvLdNKUXQPlElvcCi5EPCnw+J0xxeOeic8pI6JdnSWHR84uSiKdxzntacO8piY5nm
	qV1wrLxjohJLcUaioRZzUXEiAK3LykBqAgAA
X-Env-Sender: proskurin@sec.in.tum.de
X-Msg-Ref: server-14.tower-27.messagelabs.com!1504117996!101798013!1
X-Originating-IP: [131.159.0.8]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 61311 invoked from network); 30 Aug 2017 18:33:17 -0000
Received: from mail-out1.informatik.tu-muenchen.de (HELO
	mail-out1.informatik.tu-muenchen.de) (131.159.0.8)
	by server-14.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 30 Aug 2017 18:33:17 -0000
Received: from files.sec.in.tum.de (files.sec.in.tum.de [131.159.50.1])
	by services.sec.in.tum.de (Postfix) with ESMTP id B5C1710CB7DF8;
	Wed, 30 Aug 2017 20:33:07 +0200 (CEST)
Received: from thanatos.sec.in.tum.de (thanatos.sec.in.tum.de
	[131.159.50.57])
	by files.sec.in.tum.de (Postfix) with ESMTP id A7E11491F5;
	Wed, 30 Aug 2017 20:33:07 +0200 (CEST)
From: Sergej Proskurin <proskurin@sec.in.tum.de>
To: xen-devel@lists.xenproject.org
Date: Wed, 30 Aug 2017 20:32:22 +0200
Message-Id: <20170830183258.14612-4-proskurin@sec.in.tum.de>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20170830183258.14612-1-proskurin@sec.in.tum.de>
References: <20170830183258.14612-1-proskurin@sec.in.tum.de>
Cc: Sergej Proskurin <proskurin@sec.in.tum.de>,
	Julien Grall <julien.grall@arm.com>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: [Xen-devel] [PATCH v4 03/39] arm/p2m: Add hvm_allow_(set|get)_param
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

This commit introduces the functions hvm_allow_(set|get)_param. These
can be used as a filter controlling access to HVM params. This
functionality has been inspired by the x86 implementation.

The introduced filter ensures that the HVM param HVM_PARAM_ALTP2M is set
once and not altered by guest domains.

Signed-off-by: Sergej Proskurin <proskurin@sec.in.tum.de>
---
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Julien Grall <julien.grall@arm.com>
---
 xen/arch/arm/hvm.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 56 insertions(+), 9 deletions(-)

diff --git a/xen/arch/arm/hvm.c b/xen/arch/arm/hvm.c
index 042bdda979..6f5f9b41ac 100644
--- a/xen/arch/arm/hvm.c
+++ b/xen/arch/arm/hvm.c
@@ -124,6 +124,48 @@ out:
     return rc;
 }
 
+static int hvm_allow_set_param(struct domain *d, const struct xen_hvm_param *a)
+{
+    uint64_t value = d->arch.hvm_domain.params[a->index];
+    int rc;
+
+    rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_set_param);
+    if ( rc )
+        return rc;
+
+    switch ( a->index )
+    {
+    /* The following parameters should only be changed once. */
+    case HVM_PARAM_ALTP2M:
+        if ( value != 0 && a->value != value )
+            rc = -EEXIST;
+        break;
+    default:
+        break;
+    }
+
+    return rc;
+}
+
+static int hvm_allow_get_param(struct domain *d, const struct xen_hvm_param *a)
+{
+    int rc;
+
+    rc = xsm_hvm_param(XSM_TARGET, d, HVMOP_get_param);
+    if ( rc )
+        return rc;
+
+    switch ( a->index )
+    {
+        /* This switch statement can be used to control/limit guest access to
+         * certain HVM params. */
+    default:
+        break;
+    }
+
+    return rc;
+}
+
 long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
 {
     long rc = 0;
@@ -146,21 +188,26 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
         if ( d == NULL )
             return -ESRCH;
 
-        rc = xsm_hvm_param(XSM_TARGET, d, op);
-        if ( rc )
-            goto param_fail;
-
-        if ( op == HVMOP_set_param )
+        switch ( op )
         {
+        case HVMOP_set_param:
+            rc = hvm_allow_set_param(d, &a);
+            if ( rc )
+                break;
+
             d->arch.hvm_domain.params[a.index] = a.value;
-        }
-        else
-        {
+            break;
+
+        case HVMOP_get_param:
+            rc = hvm_allow_get_param(d, &a);
+            if ( rc )
+                break;
+
             a.value = d->arch.hvm_domain.params[a.index];
             rc = copy_to_guest(arg, &a, 1) ? -EFAULT : 0;
+            break;
         }
 
-    param_fail:
         rcu_unlock_domain(d);
         break;
     }