debuggers.hg

view xen/xsm/xsm_core.c @ 22855:1d1eec7e1fb4

xl: Perform minimal validation of virtual disk file while parsing config file

This patch performs some very basic validation on the virtual disk
file passed through the config file. This validation ensures that we
don't go too far with the initialization like spawn qemu and more
while there could be some potentially fundamental issues.

[ Patch fixed up to work with PHYSTYPE_EMPTY 22808:6ec61438713a -iwj ]

Signed-off-by: Kamala Narasimhan <kamala.narasimhan@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
author Kamala Narasimhan <kamala.narasimhan@gmail.com>
date Tue Jan 25 18:09:49 2011 +0000 (2011-01-25)
parents 426f3a265784
children
line source
1 /*
2 * This work is based on the LSM implementation in Linux 2.6.13.4.
3 *
4 * Author: George Coker, <gscoker@alpha.ncsc.mil>
5 *
6 * Contributors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2,
10 * as published by the Free Software Foundation.
11 */
13 #include <xen/init.h>
14 #include <xen/errno.h>
15 #include <xen/lib.h>
17 #include <xen/hypercall.h>
18 #include <xsm/xsm.h>
20 #ifdef XSM_ENABLE
22 #define XSM_FRAMEWORK_VERSION "1.0.0"
24 extern struct xsm_operations dummy_xsm_ops;
25 extern void xsm_fixup_ops(struct xsm_operations *ops);
27 struct xsm_operations *xsm_ops;
29 static inline int verify(struct xsm_operations *ops)
30 {
31 /* verify the security_operations structure exists */
32 if ( !ops )
33 return -EINVAL;
34 xsm_fixup_ops(ops);
35 return 0;
36 }
38 static void __init do_xsm_initcalls(void)
39 {
40 xsm_initcall_t *call;
41 call = __xsm_initcall_start;
42 while ( call < __xsm_initcall_end )
43 {
44 (*call) ();
45 call++;
46 }
47 }
49 int __init xsm_init(unsigned int *initrdidx, const multiboot_info_t *mbi,
50 void *(*bootstrap_map)(const module_t *))
51 {
52 int ret = 0;
54 printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
56 if ( XSM_MAGIC )
57 {
58 ret = xsm_policy_init(initrdidx, mbi, bootstrap_map);
59 if ( ret )
60 {
61 bootstrap_map(NULL);
62 printk("%s: Error initializing policy.\n", __FUNCTION__);
63 return -EINVAL;
64 }
65 }
67 if ( verify(&dummy_xsm_ops) )
68 {
69 bootstrap_map(NULL);
70 printk("%s could not verify "
71 "dummy_xsm_ops structure.\n", __FUNCTION__);
72 return -EIO;
73 }
75 xsm_ops = &dummy_xsm_ops;
76 do_xsm_initcalls();
77 bootstrap_map(NULL);
79 return 0;
80 }
82 int register_xsm(struct xsm_operations *ops)
83 {
84 if ( verify(ops) )
85 {
86 printk("%s could not verify "
87 "security_operations structure.\n", __FUNCTION__);
88 return -EINVAL;
89 }
91 if ( xsm_ops != &dummy_xsm_ops )
92 return -EAGAIN;
94 xsm_ops = ops;
96 return 0;
97 }
100 int unregister_xsm(struct xsm_operations *ops)
101 {
102 if ( ops != xsm_ops )
103 {
104 printk("%s: trying to unregister "
105 "a security_opts structure that is not "
106 "registered, failing.\n", __FUNCTION__);
107 return -EINVAL;
108 }
110 xsm_ops = &dummy_xsm_ops;
112 return 0;
113 }
115 #endif
117 long do_xsm_op (XEN_GUEST_HANDLE(xsm_op_t) op)
118 {
119 return __do_xsm_op(op);
120 }