diff mbox series

[v4,3/9] xen/arm: temporarily elevate idle_domain privileged during create_domUs

Message ID 20220401003847.38393-3-sstabellini@kernel.org (mailing list archive)
State Superseded
Headers show
Series dom0less PV drivers | expand

Commit Message

Stefano Stabellini April 1, 2022, 12:38 a.m. UTC 
From: Stefano Stabellini <stefano.stabellini@xilinx.com>

create_domUs might call functions that perform XSM checks on the current
domain, which is idle_domain at this time. Temporarily elevate
idle_domain privileges in create_domUs.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
---
 xen/arch/arm/domain_build.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Julien Grall April 1, 2022, 5:36 p.m. UTC | #1 
Hi,

On 01/04/2022 01:38, Stefano Stabellini wrote:
> From: Stefano Stabellini <stefano.stabellini@xilinx.com>
> 
> create_domUs might call functions that perform XSM checks on the current
> domain, which is idle_domain at this time. Temporarily elevate
> idle_domain privileges in create_domUs.
> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
> ---
>   xen/arch/arm/domain_build.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index b6189b935d..100a4959a8 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -27,6 +27,7 @@
>   #include <asm/setup.h>
>   #include <asm/cpufeature.h>
>   #include <asm/domain_build.h>
> +#include <xsm/xsm.h>
>   
>   #include <xen/irq.h>
>   #include <xen/grant_table.h>
> @@ -3210,6 +3211,8 @@ void __init create_domUs(void)
>       struct dt_device_node *node;
>       const struct dt_device_node *chosen = dt_find_node_by_path("/chosen");
>   
> +    xsm_elevate_priv(current->domain);

Please check the return of this function and...

> +
>       BUG_ON(chosen == NULL);
>       dt_for_each_child_node(chosen, node)
>       {
> @@ -3291,6 +3294,8 @@ void __init create_domUs(void)
>           if ( construct_domU(d, node) != 0 )
>               panic("Could not set up domain %s\n", dt_node_name(node));
>       }
> +
> +    xsm_demote_priv(current->domain);

... this. For us, it should hopefully be 0. But it is a good practice to 
confirm.

Cheers,
diff mbox series

Patch

diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index b6189b935d..100a4959a8 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -27,6 +27,7 @@ 
 #include <asm/setup.h>
 #include <asm/cpufeature.h>
 #include <asm/domain_build.h>
+#include <xsm/xsm.h>
 
 #include <xen/irq.h>
 #include <xen/grant_table.h>
@@ -3210,6 +3211,8 @@  void __init create_domUs(void)
     struct dt_device_node *node;
     const struct dt_device_node *chosen = dt_find_node_by_path("/chosen");
 
+    xsm_elevate_priv(current->domain);
+
     BUG_ON(chosen == NULL);
     dt_for_each_child_node(chosen, node)
     {
@@ -3291,6 +3294,8 @@  void __init create_domUs(void)
         if ( construct_domU(d, node) != 0 )
             panic("Could not set up domain %s\n", dt_node_name(node));
     }
+
+    xsm_demote_priv(current->domain);
 }
 
 static int __init construct_dom0(struct domain *d)