In the privcmd Linux driver two checks in the functions privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they are trying to enforce hypervisor-level access control. They should be removed as they break secondary control domains when performing dom0 disaggregation. Xen itself provides adequate security controls around these hypercalls and these checks prevent those controls from functioning as intended.
The patch applies to the stable Linux 3.7.1 kernel. Signed-off-by: Tamas K Lengyel <tamas.leng...@zentific.com> Cc: Daniel De Graaf <dgde...@tycho.nsa.gov> Cc: xen-de...@lists.xensource.com Cc: linux-kernel@vger.kernel.org --- drivers/xen/privcmd.c | 6 ------ 1 files changed, 0 insertions(+), 6 deletions(-) diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c index 71f5c45..adaa260 100644 --- a/drivers/xen/privcmd.c +++ b/drivers/xen/privcmd.c @@ -196,9 +196,6 @@ static long privcmd_ioctl_mmap(void __user *udata) LIST_HEAD(pagelist); struct mmap_mfn_state state; - if (!xen_initial_domain()) - return -EPERM; - if (copy_from_user(&mmapcmd, udata, sizeof(mmapcmd))) return -EFAULT; @@ -316,9 +313,6 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version) int *err_array = NULL; struct mmap_batch_state state; - if (!xen_initial_domain()) - return -EPERM; - switch (version) { case 1: if (copy_from_user(&m, udata, sizeof(struct privcmd_mmapbatch))) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/