| Message ID | 20170809165639.31623-1-dgdegra@tycho.nsa.gov (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 09/08/17 17:56, Daniel De Graaf wrote: > The current code was incorrectly using SECCLASS_XEN instead of > SECCLASS_XEN2, resulting in the wrong permission being checked. > > GET_CPU_LEVELLING_CAPS was checking MTRR_DEL > GET_CPU_FEATURESET was checking MTRR_READ > > The default XSM policy only allowed these permissions to dom0, so this > didn't result in a security issue there. > > Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Oops - This looks like my fault. Sorry. Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- > xen/xsm/flask/hooks.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c > index 819e25d3af..57be18d6d4 100644 > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -814,10 +814,12 @@ static int flask_sysctl(int cmd) > return domain_has_xen(current->domain, XEN__TMEM_CONTROL); > > case XEN_SYSCTL_get_cpu_levelling_caps: > - return domain_has_xen(current->domain, XEN2__GET_CPU_LEVELLING_CAPS); > + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, > + XEN2__GET_CPU_LEVELLING_CAPS); > > case XEN_SYSCTL_get_cpu_featureset: > - return domain_has_xen(current->domain, XEN2__GET_CPU_FEATURESET); > + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, > + XEN2__GET_CPU_FEATURESET); > > case XEN_SYSCTL_livepatch_op: > return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 819e25d3af..57be18d6d4 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -814,10 +814,12 @@ static int flask_sysctl(int cmd) return domain_has_xen(current->domain, XEN__TMEM_CONTROL); case XEN_SYSCTL_get_cpu_levelling_caps: - return domain_has_xen(current->domain, XEN2__GET_CPU_LEVELLING_CAPS); + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, + XEN2__GET_CPU_LEVELLING_CAPS); case XEN_SYSCTL_get_cpu_featureset: - return domain_has_xen(current->domain, XEN2__GET_CPU_FEATURESET); + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, + XEN2__GET_CPU_FEATURESET); case XEN_SYSCTL_livepatch_op: return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
The current code was incorrectly using SECCLASS_XEN instead of SECCLASS_XEN2, resulting in the wrong permission being checked. GET_CPU_LEVELLING_CAPS was checking MTRR_DEL GET_CPU_FEATURESET was checking MTRR_READ The default XSM policy only allowed these permissions to dom0, so this didn't result in a security issue there. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- xen/xsm/flask/hooks.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)