[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 4/8] xsm: always allow setting non-present PTEs



Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 xen/xsm/flask/hooks.c |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 2cb3e16..80c1f70 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1016,6 +1016,9 @@ static int flask_mmu_normal_update(struct domain *d, 
struct domain *f,
     struct domain_security_struct *dsec;
     u32 fsid;
 
+    if ( !(l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_PRESENT) )
+        return 0;
+
     dsec = d->ssid;
 
     if ( l1e_get_flags(l1e_from_intpte(fpte)) & _PAGE_RW )
@@ -1053,6 +1056,12 @@ static int flask_update_va_mapping(struct domain *d, 
struct domain *f,
     unsigned long mfn;
     struct domain_security_struct *dsec;
 
+    if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) )
+        return 0;
+
+    if ( l1e_get_flags(pte) & _PAGE_RW )
+        map_perms |= MMU__MAP_WRITE;
+
     dsec = d->ssid;
 
     mfn = get_gfn_untyped(f, l1e_get_pfn(pte));
@@ -1060,9 +1069,6 @@ static int flask_update_va_mapping(struct domain *d, 
struct domain *f,
     if ( rc )
         return rc;
 
-    if ( l1e_get_flags(pte) & _PAGE_RW )
-        map_perms |= MMU__MAP_WRITE;
-
     return avc_has_perm(dsec->sid, psid, SECCLASS_MMU, map_perms, NULL);
 }
 
-- 
1.7.7.3


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.