ia64/xen-unstable

changeset 9318:9afd25b90af4

[IA64] Hypercalls are only allowed by kernels.

Add the "unsafe_hypercall" command line option to allow
some unsafe user hypercalls.

Signed-off-by: Tristan Gingold <tristan.gingold@bull.net>
author awilliam@xenbuild.aw
date Mon Mar 20 09:56:58 2006 -0700 (2006-03-20)
parents 1dc45879fa5c
children 263901a2a995
files xen/arch/ia64/xen/hypercall.c
line diff
     1.1 --- a/xen/arch/ia64/xen/hypercall.c	Mon Mar 20 09:55:32 2006 -0700
     1.2 +++ b/xen/arch/ia64/xen/hypercall.c	Mon Mar 20 09:56:58 2006 -0700
     1.3 @@ -231,14 +231,27 @@ fw_hypercall (struct pt_regs *regs)
     1.4  	return 1;
     1.5  }
     1.6  
     1.7 +/* opt_unsafe_hypercall: If true, unsafe debugging hypercalls are allowed.
     1.8 +   These can create security hole.  */
     1.9 +static int opt_unsafe_hypercall = 0;
    1.10 +boolean_param("unsafe_hypercall", opt_unsafe_hypercall);
    1.11 +
    1.12  int
    1.13  ia64_hypercall (struct pt_regs *regs)
    1.14  {
    1.15  	struct vcpu *v = current;
    1.16  	unsigned long index = regs->r2;
    1.17 +	int privlvl = (regs->cr_ipsr & IA64_PSR_CPL) >> IA64_PSR_CPL0_BIT;
    1.18  
    1.19  	if (index >= FW_HYPERCALL_FIRST_USER) {
    1.20 -	    switch (index) {
    1.21 +	    /* Note: user hypercalls are not safe, since Xen doesn't
    1.22 +	       check memory access privilege: Xen does not deny reading
    1.23 +	       or writing to kernel memory.  */
    1.24 +	    if (!opt_unsafe_hypercall) {
    1.25 +		printf("user xen/ia64 hypercalls disabled\n");
    1.26 +		regs->r8 = -1;
    1.27 +	    }
    1.28 +	    else switch (index) {
    1.29  		case 0xffff:
    1.30  			regs->r8 = dump_privop_counts_to_user(
    1.31  				(char *) vcpu_get_gr(v,32),
    1.32 @@ -255,19 +268,18 @@ ia64_hypercall (struct pt_regs *regs)
    1.33  	    }
    1.34  	    return 1;
    1.35  	}
    1.36 -	else if (index >= FW_HYPERCALL_FIRST_ARCH) {
    1.37 -	    int privlvl;
    1.38  
    1.39 -	    /* Firmware calls are only allowed in kernel.  */
    1.40 -	    privlvl = (regs->cr_ipsr & IA64_PSR_CPL) >> IA64_PSR_CPL0_BIT;
    1.41 -	    if (privlvl != 2) {
    1.42 -		/* FIXME: Return a better error value ?
    1.43 -		   Reflextion ? Illegal operation ?  */
    1.44 -		regs->r8 = -1;
    1.45 -		return 1;
    1.46 -	    }
    1.47 -	    else
    1.48 -		return fw_hypercall (regs);
    1.49 -	} else
    1.50 +	/* Hypercalls are only allowed by kernel.
    1.51 +	   Kernel checks memory accesses.  */
    1.52 +	if (privlvl != 2) {
    1.53 +	    /* FIXME: Return a better error value ?
    1.54 +	       Reflection ? Illegal operation ?  */
    1.55 +	    regs->r8 = -1;
    1.56 +	    return 1;
    1.57 +	}
    1.58 +
    1.59 +	if (index >= FW_HYPERCALL_FIRST_ARCH)
    1.60 +	    return fw_hypercall (regs);
    1.61 +	else
    1.62  	    return xen_hypercall (regs);
    1.63  }