From patchwork Wed Aug 9 16:56:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel De Graaf X-Patchwork-Id: 9891201 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1979D601EB for ; Wed, 9 Aug 2017 16:59:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07DF528111 for ; Wed, 9 Aug 2017 16:59:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EC94B28A1D; Wed, 9 Aug 2017 16:59:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6D87628111 for ; Wed, 9 Aug 2017 16:59:36 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dfUHw-0008MS-SF; Wed, 09 Aug 2017 16:56:56 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dfUHv-0008MM-5e for xen-devel@lists.xen.org; Wed, 09 Aug 2017 16:56:55 +0000 Received: from [193.109.254.147] by server-11.bemta-6.messagelabs.com id 86/47-03612-6DE3B895; Wed, 09 Aug 2017 16:56:54 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkkeJIrShJLcpLzFFi42K5JiEdpHvVrjv SYEabpsWSj4tZHBg9ju7+zRTAGMWamZeUX5HAmjH10CW2gvtcFR0PaxsY73B0MXJyCAnUSHzc MpkJxJYQ8JX4u+MGcxcjFwenwAcuiablD9lAHAmBF4wSvafOgmWEBDoYJbZMfQjlbGWUWHPqF jNIP5uArsSCgyvBZokISEtc+3yZEcRmFtCWaH43kx3EFhawlOjY9YG1i5GDg0VAVeLIdbBWXg EriQMXbjNCnCEvMa/vLfsERt4FjAyrGDWKU4vKUot0Dc31kooy0zNKchMzc3QNDcz0clOLixP TU3MSk4r1kvNzNzECA4IBCHYw3t4YcIhRkoNJSZR3k3ZnpBBfUn5KZUZicUZ8UWlOavEhRhkO DiUJ3sm23ZFCgkWp6akVaZk5wNCESUtw8CiJ8K4HSfMWFyTmFmemQ6ROMRpzbFi9/gsTx6sJ/ 78xCbHk5eelSonzeoCUCoCUZpTmwQ2CxcwlRlkpYV5GoNOEeApSi3IzS1DlXzGKczAqCfNuAZ nCk5lXArfvFdApTECnRPh2gpxSkoiQkmpg7NK8nNkelW3iwRukOz26Ynv0GV7O4//Pyf0LWz7 /6maz726n589emmOQfFZrq3WrUtnKyj0+61Zyij/ZL53Na6545THHGdOX3OfvpzzbeNp5195p k8uNZnf8tFp3LnvRnvA+Z7kNS1umOvoqVhYeqeb4XJiYYtG4Yum+4FjG50nBgif3vNCbqsRSn JFoqMVcVJwIAGzMhWWUAgAA X-Env-Sender: dgdegra@tycho.nsa.gov X-Msg-Ref: server-12.tower-27.messagelabs.com!1502297810!109628147!2 X-Originating-IP: [214.24.27.82] X-SpamReason: No, hits=0.0 required=7.0 tests=UPPERCASE_25_50 X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 11151 invoked from network); 9 Aug 2017 16:56:53 -0000 Received: from upbd19pa07.eemsg.mail.mil (HELO upbd19pa07.eemsg.mail.mil) (214.24.27.82) by server-12.tower-27.messagelabs.com with SMTP; 9 Aug 2017 16:56:53 -0000 Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa07.eemsg.mail.mil with ESMTP; 09 Aug 2017 16:56:52 +0000 X-IronPort-AV: E=Sophos;i="5.41,348,1498521600"; d="scan'208";a="1013722" IronPort-PHdr: =?us-ascii?q?9a23=3AmAfYchU/fhHZjMEsMHTMW68/Hi7V8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYxGEt8tkgFKBZ4jH8fUM07OQ6PGwHzRYqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLdxIRmssQndqtQdjJd/JKo21hbHuGZDdf?= =?us-ascii?q?5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXM?= =?us-ascii?q?TRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KhlUh/ojD?= =?us-ascii?q?oMOSA//m/Zl8d8iLtXrAy9qxB6xYPffYObO+dkfq7Ffd0UW3dPUMhSWSJGGY6w?= =?us-ascii?q?c5cDAvAdMetCs4Xxu10Dpga+Cwm2A+PvzydFiHHs0q080uQuDwXG1xEuEd0QrX?= =?us-ascii?q?/arc/1O70IXuC70aLFyijMb/xL1jjj54jIaAourOqQXbNwbcXRyU4vGxnDjlWL?= =?us-ascii?q?s4PpJTyV1uMTs2WC6edrSOGhi3Y/pg1srTWiyd0gh4nUio4P1FzJ+jt1zJwoKd?= =?us-ascii?q?C+VUV1e8SrEIFKuCGfL4Z2R8QiTHx2tysi0b0GvIK7fDANyJQ62x7Tc/yHfJaM?= =?us-ascii?q?4hLkTOuRPS13hGhkeLKinBa+61Sgy+3gWcm011ZGtCxFncXXtn8RzRDT78mHSv?= =?us-ascii?q?9l8keg3zaAyRzT5/lZLU07mqfXMZ4szqMqmpYNvknPADX6lFjugK+TbEok++yo?= =?us-ascii?q?6+r9YrXho5+RL5J7ig7jPaswlcy/G/43PxMSX2mb5eu81Lrj8Vf/QLVRlPI6iK?= =?us-ascii?q?bZsJfEJcgDvK62HxdV0po/6xa4Fzqn38oXnX8eIF1YZh2HkZbmO1XVLfD8DPe/?= =?us-ascii?q?mEiskCxxy/HJILLhBI/BLn/ZkLfuLv5B7BtMxQx2wd1B6pZ8DrAaPOm1SkL38t?= =?us-ascii?q?vCAUwXKQuxlsruDtRw0ssyVCqgGKaQPuuGvVCE6+01KsGQdYQVv3D7MPFj6Pnw?= =?us-ascii?q?2yxq0WQBdLWkiMNEIEuzGe5rdgDDOXc=3D?= X-IPAS-Result: =?us-ascii?q?A2APAwCJPYtZ/wHyM5BcGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwQrgXieFJoVHIUrhQBXAQEBAQEBAQECAWoogjMkgm9SKIEpiA6CIa9wO?= =?us-ascii?q?iICiyUBMYMoggKMFYUoBaAXlCkNi1mGdgKWC1eBCigMHyoPh38kNooRAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 09 Aug 2017 16:56:52 +0000 Received: from moss-nexus.infosec.tycho.ncsc.mil (moss-nexus [192.168.25.48]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v79Gup0e001317; Wed, 9 Aug 2017 12:56:51 -0400 From: Daniel De Graaf To: xen-devel@lists.xen.org Date: Wed, 9 Aug 2017 12:56:39 -0400 Message-Id: <20170809165639.31623-1-dgdegra@tycho.nsa.gov> X-Mailer: git-send-email 2.13.4 Cc: Daniel De Graaf Subject: [Xen-devel] [PATCH] xsm: correct AVC lookups for two sysctls X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP The current code was incorrectly using SECCLASS_XEN instead of SECCLASS_XEN2, resulting in the wrong permission being checked. GET_CPU_LEVELLING_CAPS was checking MTRR_DEL GET_CPU_FEATURESET was checking MTRR_READ The default XSM policy only allowed these permissions to dom0, so this didn't result in a security issue there. Signed-off-by: Daniel De Graaf Acked-by: Andrew Cooper --- xen/xsm/flask/hooks.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 819e25d3af..57be18d6d4 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -814,10 +814,12 @@ static int flask_sysctl(int cmd) return domain_has_xen(current->domain, XEN__TMEM_CONTROL); case XEN_SYSCTL_get_cpu_levelling_caps: - return domain_has_xen(current->domain, XEN2__GET_CPU_LEVELLING_CAPS); + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, + XEN2__GET_CPU_LEVELLING_CAPS); case XEN_SYSCTL_get_cpu_featureset: - return domain_has_xen(current->domain, XEN2__GET_CPU_FEATURESET); + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, + XEN2__GET_CPU_FEATURESET); case XEN_SYSCTL_livepatch_op: return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,