summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTamas Lengyel <tamas.lengyel@zentific.com>2013-01-01 00:44:30 +0400
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>2013-01-11 21:40:00 +0400
commit30d4b180e20c081f435143f8bc211c66a930608a (patch)
tree538e29c13c199f64e0154bd761bf644842ff723b
parent9d328a948f38ec240fc6d05db2c146e23ccd9b8b (diff)
downloadlinux-30d4b180e20c081f435143f8bc211c66a930608a.tar.xz
xen/privcmd: Relax access control in privcmd_ioctl_mmap
In the privcmd Linux driver two checks in the functions privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they are trying to enforce hypervisor-level access control. They should be removed as they break secondary control domains when performing dom0 disaggregation. Xen itself provides adequate security controls around these hypercalls and these checks prevent those controls from functioning as intended. Signed-off-by: Tamas K Lengyel <tamas.lengyel@zentific.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> [v1: Fixed up the patch and commit description] Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-rw-r--r--drivers/xen/privcmd.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index b9d08987a5a5..f6316127f53f 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -199,9 +199,6 @@ static long privcmd_ioctl_mmap(void __user *udata)
LIST_HEAD(pagelist);
struct mmap_mfn_state state;
- if (!xen_initial_domain())
- return -EPERM;
-
/* We only support privcmd_ioctl_mmap_batch for auto translated. */
if (xen_feature(XENFEAT_auto_translated_physmap))
return -ENOSYS;
@@ -360,9 +357,6 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version)
int *err_array = NULL;
struct mmap_batch_state state;
- if (!xen_initial_domain())
- return -EPERM;
-
switch (version) {
case 1:
if (copy_from_user(&m, udata, sizeof(struct privcmd_mmapbatch)))