Commit 30d4b180 authored Dec 31, 2012 by Tamas Lengyel Committed by Konrad Rzeszutek Wilk Jan 11, 2013

xen/privcmd: Relax access control in privcmd_ioctl_mmap



In the privcmd Linux driver two checks in the functions
privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they
are trying to enforce hypervisor-level access control.  They should be
removed as they break secondary control domains when performing dom0
disaggregation. Xen itself provides adequate security controls around
these hypercalls and these checks prevent those controls from
functioning as intended.

Signed-off-by: Tamas K Lengyel <tamas.lengyel@zentific.com>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
[v1: Fixed up the patch and commit description]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

parent 9d328a94

drivers/xen/privcmd.c

+0 −6

Original line number	Diff line number	Diff line
		@@ -199,9 +199,6 @@ static long privcmd_ioctl_mmap(void __user *udata)
		LIST_HEAD(pagelist);
		struct mmap_mfn_state state;

		if (!xen_initial_domain())
		return -EPERM;

		/* We only support privcmd_ioctl_mmap_batch for auto translated. */
		if (xen_feature(XENFEAT_auto_translated_physmap))
		return -ENOSYS;
		@@ -360,9 +357,6 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version)
		int *err_array = NULL;
		struct mmap_batch_state state;

		if (!xen_initial_domain())
		return -EPERM;

		switch (version) {
		case 1:
		if (copy_from_user(&m, udata, sizeof(struct privcmd_mmapbatch)))

Admin message