xen-vtx-unstable
changeset 6271:509316987d65
Merge.
Signed-off-by: Steven Smith, sos22@cam.ac.uk
Signed-off-by: Steven Smith, sos22@cam.ac.uk
line diff
1.1 --- a/Config.mk Fri Aug 19 10:18:53 2005 +0000 1.2 +++ b/Config.mk Fri Aug 19 10:50:15 2005 +0000 1.3 @@ -35,3 +35,11 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES) 1.4 1.5 # Choose the best mirror to download linux kernel 1.6 KERNEL_REPO = http://www.kernel.org 1.7 + 1.8 +# ACM_USE_SECURITY_POLICY is set to security policy of Xen 1.9 +# Supported models are: 1.10 +# ACM_NULL_POLICY (ACM will not be built with this policy) 1.11 +# ACM_CHINESE_WALL_POLICY 1.12 +# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 1.13 +# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 1.14 +ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
2.1 --- a/docs/misc/shype4xen_readme.txt Fri Aug 19 10:18:53 2005 +0000 2.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 2.3 @@ -1,588 +0,0 @@ 2.4 -Copyright: IBM Corporation (C) 2.5 -20 June 2005 2.6 -Author: Reiner Sailer 2.7 - 2.8 -This document is a very short introduction into the sHype access control 2.9 -security architecture implementation and how it is perceived by users. It 2.10 -is a very preliminary draft for the courageous ones to get "their feet wet" 2.11 -and to be able to give feedback (via the xen-devel/xense-devel mailing lists). 2.12 - 2.13 -Install: 2.14 - 2.15 -cd into xeno-unstable.bk 2.16 -(use --dry-run option if you want to test the patch only) 2.17 -patch -p1 -g0 < *tools.diff 2.18 -patch -p1 -g0 < *xen.diff 2.19 - 2.20 -(no rejects, probably some line offsets) 2.21 - 2.22 -make uninstall; make mrproper; make; ./install.sh should install the default 2.23 -sHype into Xen (rebuild your initrd images if necessary). Reboot. 2.24 - 2.25 -Debug output: there are two triggers for debug output: 2.26 -a) General sHype debug: 2.27 - xeno-unstable.bk/xen/include/public/acm.h 2.28 - undefine ACM_DEBUG to switch this debug off 2.29 - 2.30 -b) sHype enforcement hook trace: This prints a small trace for each enforcement 2.31 -hook that is executed. The trigger is in 2.32 - xeno-unstable.bk/xen/include/acm/acm_hooks.h 2.33 - undefine ACM_TRACE_MODE to switch this debug off 2.34 - 2.35 -1. The default NULL policy 2.36 -*************************** 2.37 -When you apply the patches and startup xen, you should at first not notice any 2.38 -difference because the default policy is the "NULL" policy, which as the name 2.39 -implies does not enforce anything. 2.40 - 2.41 -To display the currently enforced policy, use the policy tool under xeno- 2.42 -unstable.bk/tools/policy: policy_tool getpolicy. You should see output like the 2.43 -one below. 2.44 - 2.45 -[root@laptop policy]#./policy_tool getpolicy 2.46 - 2.47 -Policy dump: 2.48 -============ 2.49 -Magic = 1debc. 2.50 -PolVer = aaaa0000. 2.51 -Len = 14. 2.52 -Primary = NULL policy (c=0, off=14). 2.53 -Secondary = NULL policy (c=0, off=14). 2.54 -No primary policy (NULL). 2.55 -No secondary policy (NULL). 2.56 - 2.57 -Policy dump End. 2.58 - 2.59 -Since this is a dump of a binary policy, it's not pretty. The important parts 2.60 -are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 2.61 -currently allows to set two independent policies; thus the two SSID-REF parts 2.62 -shown in 'xm list'. Right here: primary policy only means this policy is 2.63 -checked first, the secondary policy is checked if the primary results in 2.64 -"permitted access". The result of the combined policy is "permitted" if both 2.65 -policies return permitted (NULL policy always returns permitted). The result is 2.66 -"denied" if at least one of the policies returns "denied". Look into xeno- 2.67 -unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 2.68 -integrating the policy decisions (if you like, you won't need it for the rest 2.69 -of the Readme file). 2.70 - 2.71 -2. Setting Chinese Wall and Simple Type Enforcement policies: 2.72 -************************************************************* 2.73 - 2.74 -We'll get fast to the point. However, in order to understand what we are doing, 2.75 -we must at least understand the purpose of the policies that we are going to 2.76 -enforce. The two policies presented here are just examples and the 2.77 -implementation encourages adding new policies easily. 2.78 - 2.79 -2.1. Chinese Wall policy: "decides whether a domain can be started based on 2.80 -this domain's ssidref and the ssidrefs of the currently running domains". 2.81 -Generally, the Chinese wall policy allows specifying certain types (or classes 2.82 -or categories, whatever the preferred word) that conflict; we usually assign a 2.83 -type to a workload and the set of types of those workloads running in a domain 2.84 -make up the type set for this domain. Each domain is assigned a set of types 2.85 -through its SSID-REF (we register Chinese Wall as primary policy, so the 2.86 -ssidref used for determining the Chinese Wall types is the one annotated with 2.87 -"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 2.88 -SSIDREFs are represented in Xen later when we will look at the policy. (A good 2.89 -read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.) 2.90 - 2.91 -So let's assume the Chinese Wall policy we are running distinguishes 10 types: 2.92 -t0 ... t9. Let us assume further that each SSID-REF points to a set that 2.93 -includes exactly one type (attached to domains that run workloads of a single 2.94 -type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 2.95 -{t9}. [This is actually the example policy we are going to push into xen later] 2.96 - 2.97 -Now the Chinese Wall policy allows you to define "Conflict type sets" and it 2.98 -guarantees that of any conflict set at most one type is "running" at any time. 2.99 -As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 2.100 -Specifying these conflict sets, sHype ensures that at most one type of each set 2.101 -is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 2.102 -multiple of them). 2.103 - 2.104 -The effect is that administrators can define which workload types cannot run 2.105 -simultaneously on a single Xen system. This is useful to limit the covert 2.106 -timing channels between such payloads or to ensure that payloads don't 2.107 -interfere with each other through existing resource dependencies. 2.108 - 2.109 -2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 2.110 -share data, e.g., setup event channels or grant tables to each other, based on 2.111 -the two domains' ssidref. This, as the name says, is a simple policy. Think of 2.112 -each type as of a single color. Each domain has one or more colors, i.e., the 2.113 -domains ssid for the ste policy points to a set that has set one or multiple 2.114 -types. Let us assume in our example policy we differentiate 5 colors (types) 2.115 -and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 2.116 -exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 2.117 -set, i.e., has all defined colors. 2.118 - 2.119 -Sharing is enforced by the ste policy by requiring that two domains that want 2.120 -to establish an event channel or grant pages to each other must have a common 2.121 -color. Currently all domains communicate through DOM0 by default; i.e., Domain0 2.122 -will necessarily have all colors to be able to create domains (thus, we will 2.123 -assign ssidref(0) to Domain0 in our example below. 2.124 - 2.125 -More complex mandatory access control policies governing sharing will follow; 2.126 -such policies are more sophisticated than the "color" scheme above by allowing 2.127 -more flexible (and complex :_) access control decisions than "share a color" or 2.128 -"don't share a color" and will be able to express finer-grained policies. 2.129 - 2.130 - 2.131 -2.3 Binary Policy: 2.132 -In the future, we will have a policy tool that takes as input a more humane 2.133 -policy description, using types such as development, home-banking, donated- 2.134 -Grid, CorpA-Payload ... and translates the respective policy into what we see 2.135 -today as the binary policy using 1s and 0s and sets of them. For now, we must 2.136 -live with the binary policy when working with sHype. 2.137 - 2.138 - 2.139 -2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 2.140 -edit the file (yes, this will soon be a compile option): 2.141 - xeno-unstable.bk/xen/include/public/acm.h 2.142 - Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY 2.143 - To : #define ACM_USE_SECURITY_POLICY ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 2.144 - cd xeno-unstable.bk 2.145 - make mrproper 2.146 - make uninstall (manually remove /etc/xen.old if necessary) 2.147 - make 2.148 - ./install.sh (recreate your kernel initrd's if necessary) 2.149 - Reboot into new xen.gz 2.150 - 2.151 -After booting, check out 'xm dmesg'; should show somewhere in the middle: 2.152 - 2.153 -(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 2.154 -ENFORCEMENT policy. 2.155 - 2.156 -Even though you can activate those policies in any combination and also 2.157 -independently, the policy tool currently only supports setting the policy for 2.158 -the above combination. 2.159 - 2.160 -Now look at the minimal startup policy with: 2.161 - xeno-unstable.bk/tools/policytool getpolicy 2.162 - 2.163 -You should see something like: 2.164 - 2.165 -[root@laptop policy]# ./policy_tool getpolicy 2.166 - 2.167 -Policy dump: 2.168 -============ 2.169 -Magic = 1debc. 2.170 -PolVer = aaaa0000. 2.171 -Len = 36. 2.172 -Primary = CHINESE WALL policy (c=1, off=14). 2.173 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c). 2.174 - 2.175 - 2.176 -Chinese Wall policy: 2.177 -==================== 2.178 -Max Types = 1. 2.179 -Max Ssidrefs = 1. 2.180 -Max ConfSets = 1. 2.181 -Ssidrefs Off = 10. 2.182 -Conflicts Off = 12. 2.183 -Runing T. Off = 14. 2.184 -C. Agg. Off = 16. 2.185 - 2.186 -SSID To CHWALL-Type matrix: 2.187 - 2.188 - ssidref 0: 00 2.189 - 2.190 -Confict Sets: 2.191 - 2.192 - c-set 0: 00 2.193 - 2.194 -Running 2.195 -Types: 00 2.196 - 2.197 -Conflict 2.198 -Aggregate Set: 00 2.199 - 2.200 - 2.201 -Simple Type Enforcement policy: 2.202 -=============================== 2.203 -Max Types = 1. 2.204 -Max Ssidrefs = 1. 2.205 -Ssidrefs Off = 8. 2.206 - 2.207 -SSID To STE-Type matrix: 2.208 - 2.209 - ssidref 0: 01 2.210 - 2.211 - 2.212 -Policy dump End. 2.213 - 2.214 -This is a minimal policy (of little use), except it will disable starting any 2.215 -domain that does not have ssidref set to 0x0. The Chinese Wall policy has 2.216 -nothing to enforce and the ste policy only knows one type, which is set for the 2.217 -only defined ssidref. 2.218 - 2.219 -The item that defines the ssidref in a domain configuration is: 2.220 - 2.221 -ssidref = 0x12345678 2.222 - 2.223 -Where ssidref is interpreted as a 32bit number, where the lower 16bits become 2.224 -the ssidref for the primary policy and the higher 16bits become the ssidref for 2.225 -the secondary policy. sHype currently supports two policies but this is an 2.226 -implementation decision and can be extended if necessary. 2.227 - 2.228 -This reference defines the security information of a domain. The meaning of the 2.229 -SSID-REF depends on the policy, so we explain it when we explain the real 2.230 -policies. 2.231 - 2.232 - 2.233 -Setting a new Security Policy: 2.234 -****************************** 2.235 -The policy tool with all its current limitations has one usable example policy 2.236 -compiled-in. Please try at this time to use the setpolicy command: 2.237 - xeno-unstable.bk/tools/policy/policy_tool setpolicy 2.238 - 2.239 -You should see a dump of the policy you are setting. It should say at the very 2.240 -end: 2.241 - 2.242 -Policy successfully set. 2.243 - 2.244 -Now try to dump the currently enforced policy, which is the policy we have just 2.245 -set and the dynamic security state information of this policy 2.246 -(<<< ... some additional explanations) 2.247 - 2.248 -[root@laptop policy]# ./policy_tool getpolicy 2.249 - 2.250 -Policy dump: 2.251 -============ 2.252 -Magic = 1debc. 2.253 -PolVer = aaaa0000. 2.254 -Len = 112. 2.255 -Primary = CHINESE WALL policy (c=1, off=14). 2.256 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8). 2.257 - 2.258 - 2.259 -Chinese Wall policy: 2.260 -==================== 2.261 -Max Types = a. 2.262 -Max Ssidrefs = 5. 2.263 -Max ConfSets = 2. 2.264 -Ssidrefs Off = 10. 2.265 -Conflicts Off = 74. 2.266 -Runing T. Off = 9c. 2.267 -C. Agg. Off = b0. 2.268 - 2.269 -SSID To CHWALL-Type matrix: 2.270 - 2.271 - ssidref 0: 01 00 00 00 00 00 00 00 00 00 <<< type0 is set for ssidref0 2.272 - ssidref 1: 00 01 00 00 00 00 00 00 00 00 2.273 - ssidref 2: 00 00 01 00 00 00 00 00 00 00 2.274 - ssidref 3: 00 00 00 01 00 00 00 00 00 00 2.275 - ssidref 4: 00 00 00 00 01 00 00 00 00 00 <<< type4 is set for ssidref4 2.276 - <<< types 5-9 are unused 2.277 -Confict Sets: 2.278 - 2.279 - c-set 0: 00 00 01 01 00 00 00 00 00 00 <<< type2 and type3 never run together 2.280 - c-set 1: 01 00 00 00 00 01 01 00 00 00 <<< only one of types 0, 5 or 6 2.281 - <<< can run simultaneously 2.282 -Running 2.283 -Types: 01 00 00 00 00 00 00 00 00 00 <<< ref-count for types of running domains 2.284 - 2.285 -Conflict 2.286 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00 <<< aggregated set of types that 2.287 - <<< cannot run because they 2.288 - <<< are in conflict set 1 and 2.289 - <<< (domain 0 is running w t0) 2.290 - 2.291 - 2.292 -Simple Type Enforcement policy: 2.293 -=============================== 2.294 -Max Types = 5. 2.295 -Max Ssidrefs = 5. 2.296 -Ssidrefs Off = 8. 2.297 - 2.298 -SSID To STE-Type matrix: 2.299 - 2.300 - ssidref 0: 01 01 01 01 01 <<< ssidref0 points to a set that 2.301 - <<< has all types set (colors) 2.302 - ssidref 1: 00 01 00 00 00 <<< ssidref1 has color1 set 2.303 - ssidref 2: 00 00 01 00 00 <<< ... 2.304 - ssidref 3: 00 00 00 01 00 2.305 - ssidref 4: 00 00 00 00 01 2.306 - 2.307 - 2.308 -Policy dump End. 2.309 - 2.310 - 2.311 -This is a small example policy with which we will demonstrate the enforcement. 2.312 - 2.313 -Starting Domains with policy enforcement 2.314 -======================================== 2.315 -Now let us play with this policy. 2.316 - 2.317 -Define 3 or 4 domain configurations. I use the following config using a ramdisk 2.318 -only and about 8MBytes of memory for each DomU (test purposes): 2.319 - 2.320 -#-------configuration xmsec1------------------------- 2.321 -kernel = "/boot/vmlinuz-2.6.11-xenU" 2.322 -ramdisk="/boot/U1_ramdisk.img" 2.323 -#security reference identifier 2.324 -ssidref= 0x00010001 2.325 -memory = 10 2.326 -name = "xmsec1" 2.327 -cpu = -1 # leave to Xen to pick 2.328 -# Number of network interfaces. Default is 1. 2.329 -nics=1 2.330 -dhcp="dhcp" 2.331 -#----------------------------------------------------- 2.332 - 2.333 -xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 2.334 -your domain config file and add "ssidref = 0x00010001" to the first (xmsec1), 2.335 -"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003" 2.336 -to the third (we will call this one xmsec3). 2.337 - 2.338 -First start xmsec1: xm create -c xmsec1 (succeeds) 2.339 - 2.340 -Then 2.341 -[root@laptop policy]# xm list 2.342 -Name Id Mem(MB) CPU State Time(s) Console 2.343 -Domain-0 0 620 0 r---- 42.3 s:00/p:00 2.344 -xmnosec 1 9 0 -b--- 0.3 9601 s:00/p:05 2.345 -xmsec1 2 9 0 -b--- 0.2 9602 s:01/p:01 2.346 - 2.347 -Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 2.348 -and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are 2.349 -independent and can differ for a domain. 2.350 - 2.351 -[root@laptop policy]# ./policy_tool getpolicy 2.352 - 2.353 -Policy dump: 2.354 -============ 2.355 -Magic = 1debc. 2.356 -PolVer = aaaa0000. 2.357 -Len = 112. 2.358 -Primary = CHINESE WALL policy (c=1, off=14). 2.359 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8). 2.360 - 2.361 - 2.362 -Chinese Wall policy: 2.363 -==================== 2.364 -Max Types = a. 2.365 -Max Ssidrefs = 5. 2.366 -Max ConfSets = 2. 2.367 -Ssidrefs Off = 10. 2.368 -Conflicts Off = 74. 2.369 -Runing T. Off = 9c. 2.370 -C. Agg. Off = b0. 2.371 - 2.372 -SSID To CHWALL-Type matrix: 2.373 - 2.374 - ssidref 0: 01 00 00 00 00 00 00 00 00 00 2.375 - ssidref 1: 00 01 00 00 00 00 00 00 00 00 2.376 - ssidref 2: 00 00 01 00 00 00 00 00 00 00 2.377 - ssidref 3: 00 00 00 01 00 00 00 00 00 00 2.378 - ssidref 4: 00 00 00 00 01 00 00 00 00 00 2.379 - 2.380 -Confict Sets: 2.381 - 2.382 - c-set 0: 00 00 01 01 00 00 00 00 00 00 2.383 - c-set 1: 01 00 00 00 00 01 01 00 00 00 <<< t1 is not part of any c-set 2.384 - 2.385 -Running 2.386 -Types: 01 01 00 00 00 00 00 00 00 00 <<< xmsec1 has ssidref 1->type1 2.387 - ^^ <<< ref-count at position 1 incr 2.388 -Conflict 2.389 -Aggregate Set: 00 00 00 00 00 01 01 00 00 00 <<< domain 1 was allowed to 2.390 - <<< start since type 1 was not 2.391 - <<< in conflict with running 2.392 - <<< types 2.393 - 2.394 -Simple Type Enforcement policy: 2.395 -=============================== 2.396 -Max Types = 5. 2.397 -Max Ssidrefs = 5. 2.398 -Ssidrefs Off = 8. 2.399 - 2.400 -SSID To STE-Type matrix: 2.401 - 2.402 - ssidref 0: 01 01 01 01 01 <<< the ste policy does not maintain; we 2.403 - ssidref 1: 00 01 00 00 00 <-- <<< see that domain xmsec1 has ste 2.404 - ssidref 2: 00 00 01 00 00 <<< ssidref1->type1 and has this type in 2.405 - ssidref 3: 00 00 00 01 00 <<< common with dom0 2.406 - ssidref 4: 00 00 00 00 01 2.407 - 2.408 - 2.409 -Policy dump End. 2.410 - 2.411 -Look at sHype output in xen dmesg: 2.412 - 2.413 -[root@laptop xen]# xm dmesg 2.414 -. 2.415 -. 2.416 -[somewhere near the very end] 2.417 -(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1. 2.418 -(XEN) ste_init_domain_ssid. 2.419 -(XEN) ste_init_domain_ssid: determined ste_ssidref to 1. 2.420 -(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01. 2.421 -(XEN) chwall_post_domain_create. 2.422 -(XEN) ste_pre_eventchannel_interdomain. 2.423 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01. 2.424 -(XEN) shype_authorize_domops. 2.425 -(XEN) ste_pre_eventchannel_interdomain. 2.426 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01. 2.427 -(XEN) ste_pre_eventchannel_interdomain. 2.428 -(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01. 2.429 - 2.430 - 2.431 -You can see that the chinese wall policy does not complain and that the ste 2.432 -policy makes three access control decisions for three event-channels setup 2.433 -between domain 0 and the new domain 1. Each time, the two domains share the 2.434 -type1 and setting up the eventchannel is permitted. 2.435 - 2.436 - 2.437 -Starting up a second domain xmsec2: 2.438 - 2.439 -[root@laptop xen]# xm create -c xmsec2 2.440 -Using config file "xmsec2". 2.441 -Started domain xmsec2, console on port 9602 2.442 -************ REMOTE CONSOLE: CTRL-] TO QUIT ******** 2.443 -Linux version 2.6.11-xenU (root@laptop.home.org) (gcc version 3.4.2 20041017 2.444 -(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005 2.445 -. 2.446 -. 2.447 -. 2.448 -[root@laptop policy]# xm list 2.449 -Name Id Mem(MB) CPU State Time(s) Console 2.450 -Domain-0 0 620 0 r---- 71.7 s:00/p:00 2.451 -xmsec1 1 9 0 -b--- 0.3 9601 s:01/p:01 2.452 -xmsec2 2 7 0 -b--- 0.3 9602 s:02/p:02 << our domain runs both policies with ssidref 2 2.453 - 2.454 - 2.455 -[root@laptop policy]# ./policy_tool getpolicy 2.456 - 2.457 -Policy dump: 2.458 -============ 2.459 -Magic = 1debc. 2.460 -PolVer = aaaa0000. 2.461 -Len = 112. 2.462 -Primary = CHINESE WALL policy (c=1, off=14). 2.463 -Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8). 2.464 - 2.465 - 2.466 -Chinese Wall policy: 2.467 -==================== 2.468 -Max Types = a. 2.469 -Max Ssidrefs = 5. 2.470 -Max ConfSets = 2. 2.471 -Ssidrefs Off = 10. 2.472 -Conflicts Off = 74. 2.473 -Runing T. Off = 9c. 2.474 -C. Agg. Off = b0. 2.475 - 2.476 -SSID To CHWALL-Type matrix: 2.477 - 2.478 - ssidref 0: 01 00 00 00 00 00 00 00 00 00 2.479 - ssidref 1: 00 01 00 00 00 00 00 00 00 00 2.480 - ssidref 2: 00 00 01 00 00 00 00 00 00 00 <<< our domain has type 2 set 2.481 - ssidref 3: 00 00 00 01 00 00 00 00 00 00 2.482 - ssidref 4: 00 00 00 00 01 00 00 00 00 00 2.483 - 2.484 -Confict Sets: 2.485 - 2.486 - c-set 0: 00 00 01 01 00 00 00 00 00 00 <<< t2 is in c-set0 with type 3 2.487 - c-set 1: 01 00 00 00 00 01 01 00 00 00 2.488 - 2.489 -Running 2.490 -Types: 01 01 01 00 00 00 00 00 00 00 <<< t2 is running since the 2.491 - ^^ <<< current aggregate conflict 2.492 - <<< set (see above) does not 2.493 - <<< include type 2 2.494 -Conflict 2.495 -Aggregate Set: 00 00 00 01 00 01 01 00 00 00 <<< type 3 is added to the 2.496 - <<< conflict aggregate 2.497 - 2.498 - 2.499 -Simple Type Enforcement policy: 2.500 -=============================== 2.501 -Max Types = 5. 2.502 -Max Ssidrefs = 5. 2.503 -Ssidrefs Off = 8. 2.504 - 2.505 -SSID To STE-Type matrix: 2.506 - 2.507 - ssidref 0: 01 01 01 01 01 2.508 - ssidref 1: 00 01 00 00 00 2.509 - ssidref 2: 00 00 01 00 00 2.510 - ssidref 3: 00 00 00 01 00 2.511 - ssidref 4: 00 00 00 00 01 2.512 - 2.513 - 2.514 -Policy dump End. 2.515 - 2.516 - 2.517 -The sHype xen dmesg output looks similar to the one above when starting the 2.518 -first domain. 2.519 - 2.520 -Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 2.521 -conflicts with running type2 (from xmsec2). As expected, creating this domain 2.522 -fails for security policy enforcement reasons. 2.523 - 2.524 -[root@laptop xen]# xm create -c xmsec3 2.525 -Using config file "xmsec3". 2.526 -Error: Error creating domain: (22, 'Invalid argument') 2.527 -[root@laptop xen]# 2.528 - 2.529 -[root@laptop xen]# xm dmesg 2.530 -. 2.531 -. 2.532 -[somewhere near the very end] 2.533 -(XEN) chwall_pre_domain_create. 2.534 -(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03. 2.535 - 2.536 -xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 2.537 -set. This domain cannot start until domain xmsec2 is destroyed, at which time 2.538 -the aggregate conflict set is reduced and type3 is excluded from it. Then, 2.539 -xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it. 2.540 - 2.541 -3. Policy tool 2.542 -************** 2.543 -toos/policy/policy_tool.c 2.544 - 2.545 -a) ./policy_tool getpolicy 2.546 - prints the currently enforced policy 2.547 - (see for example section 1.) 2.548 - 2.549 -b) ./policy_tool setpolicy 2.550 - sets a predefined and hardcoded security 2.551 - policy (the one described in section 2.) 2.552 - 2.553 -c) ./policy_tool dumpstats 2.554 - prints some status information about the caching 2.555 - of access control decisions (number of cache hits 2.556 - and number of policy evaluations for grant_table 2.557 - and event channels). 2.558 - 2.559 -d) ./policy_tool loadpolicy <binary_policy_file> 2.560 - sets the policy defined in the <binary_policy_file> 2.561 - please use the policy_processor that is posted to this 2.562 - mailing list to create such a binary policy from an XML 2.563 - policy description 2.564 - 2.565 -4. Policy interface: 2.566 -******************** 2.567 -The Policy interface is working in "network-byte-order" (big endian). The reason for this 2.568 -is that policy files/management should be portable and independent of the platforms. 2.569 - 2.570 -Our policy interface enables managers to create a single binary policy file in a trusted 2.571 -environment and distributed it to multiple systems for enforcement. 2.572 - 2.573 -5. Booting with a binary policy: 2.574 -******************************** 2.575 -The grub configuration file can be adapted to boot the hypervisor with an 2.576 -already active policy. To do this, a binary policy file - this can be 2.577 -the same file as used by the policy_tool - should be placed into the boot 2.578 -partition. The following entry from the grub configuration file shows how 2.579 -a binary policy can be added to the system during boot time. Note that the 2.580 -binary policy must be of the same type that the hypervisor was compiled 2.581 -for. The policy module line should also only be added as the last module 2.582 -line if XEN was compiled with the access control module (ACM). 2.583 - 2.584 -title XEN0 3.0 Devel 2.585 - kernel /xen.gz dom0_mem=400000 2.586 - module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0 2.587 - module /initrd-2.6.12-xen0.img 2.588 - module /xen_sample_policy.bin 2.589 - 2.590 - 2.591 -====================end-of file=======================================
3.1 --- a/docs/src/user.tex Fri Aug 19 10:18:53 2005 +0000 3.2 +++ b/docs/src/user.tex Fri Aug 19 10:50:15 2005 +0000 3.3 @@ -1763,7 +1763,7 @@ editing \path{grub.conf}. 3.4 physical address in the memory map will be ignored. This parameter 3.5 may be specified with a B, K, M or G suffix, representing bytes, 3.6 kilobytes, megabytes and gigabytes respectively. The 3.7 - default unit, if no suffix is specified, is bytes. 3.8 + default unit, if no suffix is specified, is kilobytes. 3.9 3.10 \item [dom0\_mem=xxx ] 3.11 Set the amount of memory to be allocated to domain0. In Xen 3.x the parameter
4.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 Fri Aug 19 10:18:53 2005 +0000 4.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 Fri Aug 19 10:50:15 2005 +0000 4.3 @@ -541,7 +541,7 @@ CONFIG_IP_NF_MATCH_IPRANGE=m 4.4 # CONFIG_IP_NF_MATCH_STATE is not set 4.5 # CONFIG_IP_NF_MATCH_CONNTRACK is not set 4.6 # CONFIG_IP_NF_MATCH_OWNER is not set 4.7 -# CONFIG_IP_NF_MATCH_PHYSDEV is not set 4.8 +CONFIG_IP_NF_MATCH_PHYSDEV=y 4.9 # CONFIG_IP_NF_MATCH_ADDRTYPE is not set 4.10 # CONFIG_IP_NF_MATCH_REALM is not set 4.11 # CONFIG_IP_NF_MATCH_SCTP is not set 4.12 @@ -689,7 +689,7 @@ CONFIG_E1000=y 4.13 # CONFIG_HAMACHI is not set 4.14 # CONFIG_YELLOWFIN is not set 4.15 # CONFIG_R8169 is not set 4.16 -# CONFIG_SK98LIN is not set 4.17 +CONFIG_SK98LIN=y 4.18 # CONFIG_VIA_VELOCITY is not set 4.19 CONFIG_TIGON3=y 4.20 # CONFIG_BNX2 is not set
5.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 Fri Aug 19 10:18:53 2005 +0000 5.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 Fri Aug 19 10:50:15 2005 +0000 5.3 @@ -480,7 +480,7 @@ CONFIG_IP_NF_MATCH_IPRANGE=m 5.4 # CONFIG_IP_NF_MATCH_STATE is not set 5.5 # CONFIG_IP_NF_MATCH_CONNTRACK is not set 5.6 # CONFIG_IP_NF_MATCH_OWNER is not set 5.7 -# CONFIG_IP_NF_MATCH_PHYSDEV is not set 5.8 +CONFIG_IP_NF_MATCH_PHYSDEV=y 5.9 # CONFIG_IP_NF_MATCH_ADDRTYPE is not set 5.10 # CONFIG_IP_NF_MATCH_REALM is not set 5.11 # CONFIG_IP_NF_MATCH_SCTP is not set 5.12 @@ -611,7 +611,7 @@ CONFIG_E1000=y 5.13 # CONFIG_HAMACHI is not set 5.14 # CONFIG_YELLOWFIN is not set 5.15 # CONFIG_R8169 is not set 5.16 -# CONFIG_SK98LIN is not set 5.17 +CONFIG_SK98LIN=y 5.18 # CONFIG_VIA_VELOCITY is not set 5.19 CONFIG_TIGON3=y 5.20 # CONFIG_BNX2 is not set
6.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 Fri Aug 19 10:18:53 2005 +0000 6.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 Fri Aug 19 10:50:15 2005 +0000 6.3 @@ -1,7 +1,7 @@ 6.4 # 6.5 # Automatically generated make config: don't edit 6.6 -# Linux kernel version: 2.6.12.4-xenU 6.7 -# Mon Aug 15 19:25:22 2005 6.8 +# Linux kernel version: 2.6.12-xenU 6.9 +# Thu Aug 18 11:15:14 2005 6.10 # 6.11 CONFIG_XEN=y 6.12 CONFIG_ARCH_XEN=y 6.13 @@ -270,7 +270,10 @@ CONFIG_IP_ROUTE_FWMARK=y 6.14 CONFIG_IP_ROUTE_MULTIPATH=y 6.15 # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set 6.16 CONFIG_IP_ROUTE_VERBOSE=y 6.17 -# CONFIG_IP_PNP is not set 6.18 +CONFIG_IP_PNP=y 6.19 +CONFIG_IP_PNP_DHCP=y 6.20 +CONFIG_IP_PNP_BOOTP=y 6.21 +CONFIG_IP_PNP_RARP=y 6.22 CONFIG_NET_IPIP=m 6.23 CONFIG_NET_IPGRE=m 6.24 CONFIG_NET_IPGRE_BROADCAST=y
7.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile Fri Aug 19 10:18:53 2005 +0000 7.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile Fri Aug 19 10:50:15 2005 +0000 7.3 @@ -44,7 +44,7 @@ c-obj-$(CONFIG_HPET_TIMER) += time_hpet 7.4 c-obj-$(CONFIG_EFI) += efi.o efi_stub.o 7.5 c-obj-$(CONFIG_EARLY_PRINTK) += early_printk.o 7.6 c-obj-$(CONFIG_SMP_ALTERNATIVES)+= smpalts.o 7.7 -c-obj-$(CONFIG_SWIOTLB) += swiotlb.o 7.8 +obj-$(CONFIG_SWIOTLB) += swiotlb.o 7.9 7.10 EXTRA_AFLAGS := -traditional 7.11
9.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c Fri Aug 19 10:18:53 2005 +0000 9.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/pci-dma.c Fri Aug 19 10:50:15 2005 +0000 9.3 @@ -24,13 +24,14 @@ struct dma_coherent_mem { 9.4 unsigned long *bitmap; 9.5 }; 9.6 9.7 -static void iommu_bug(void) 9.8 -{ 9.9 - printk(KERN_ALERT "Fatal DMA error! Please use 'swiotlb=force'\n"); 9.10 - BUG(); 9.11 -} 9.12 - 9.13 -#define IOMMU_BUG_ON(test) do { if (unlikely(test)) iommu_bug(); } while(0) 9.14 +#define IOMMU_BUG_ON(test) \ 9.15 +do { \ 9.16 + if (unlikely(test)) { \ 9.17 + printk(KERN_ALERT "Fatal DMA error! " \ 9.18 + "Please use 'swiotlb=force'\n"); \ 9.19 + BUG(); \ 9.20 + } \ 9.21 +} while (0) 9.22 9.23 int 9.24 dma_map_sg(struct device *hwdev, struct scatterlist *sg, int nents,
11.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c Fri Aug 19 10:18:53 2005 +0000 11.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/smp.c Fri Aug 19 10:50:15 2005 +0000 11.3 @@ -129,8 +129,6 @@ static inline int __prepare_ICR2 (unsign 11.4 11.5 DECLARE_PER_CPU(int, ipi_to_evtchn[NR_IPIS]); 11.6 11.7 -extern unsigned uber_debug; 11.8 - 11.9 static inline void __send_IPI_one(unsigned int cpu, int vector) 11.10 { 11.11 unsigned int evtchn; 11.12 @@ -144,9 +142,6 @@ static inline void __send_IPI_one(unsign 11.13 synch_test_bit(evtchn, &s->evtchn_mask[0])) 11.14 ; 11.15 #endif 11.16 - if (uber_debug) 11.17 - printk("<0>Send ipi %d to %d evtchn %d.\n", 11.18 - vector, cpu, evtchn); 11.19 notify_via_evtchn(evtchn); 11.20 } else 11.21 printk("send_IPI to unbound port %d/%d", 11.22 @@ -605,7 +600,6 @@ irqreturn_t smp_call_function_interrupt( 11.23 void (*func) (void *info) = call_data->func; 11.24 void *info = call_data->info; 11.25 int wait = call_data->wait; 11.26 - extern unsigned uber_debug; 11.27 11.28 /* 11.29 * Notify initiating CPU that I've grabbed the data and am 11.30 @@ -617,9 +611,6 @@ irqreturn_t smp_call_function_interrupt( 11.31 * At this point the info structure may be out of scope unless wait==1 11.32 */ 11.33 irq_enter(); 11.34 - if (uber_debug && smp_processor_id()) 11.35 - printk("<0>Processor %d calling %p.\n", smp_processor_id(), 11.36 - func); 11.37 (*func)(info); 11.38 irq_exit(); 11.39
13.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c Fri Aug 19 10:18:53 2005 +0000 13.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c Fri Aug 19 10:50:15 2005 +0000 13.3 @@ -49,13 +49,14 @@ int swiotlb_force; 13.4 * swiotlb_sync_single_*, to see if the memory was in fact allocated by this 13.5 * API. 13.6 */ 13.7 -static char *io_tlb_start, *io_tlb_end; 13.8 +static char *iotlb_virt_start, *iotlb_virt_end; 13.9 +static dma_addr_t iotlb_bus_start, iotlb_bus_end; 13.10 13.11 /* 13.12 - * The number of IO TLB blocks (in groups of 64) betweeen io_tlb_start and 13.13 - * io_tlb_end. This is command line adjustable via setup_io_tlb_npages. 13.14 + * The number of IO TLB blocks (in groups of 64) betweeen iotlb_virt_start and 13.15 + * iotlb_virt_end. This is command line adjustable via setup_io_tlb_npages. 13.16 */ 13.17 -static unsigned long io_tlb_nslabs; 13.18 +static unsigned long iotlb_nslabs; 13.19 13.20 /* 13.21 * When the IOMMU overflows we return a fallback buffer. This sets the size. 13.22 @@ -88,11 +89,11 @@ static DEFINE_SPINLOCK(io_tlb_lock); 13.23 static int __init 13.24 setup_io_tlb_npages(char *str) 13.25 { 13.26 + /* Unlike ia64, the size is aperture in megabytes, not 'slabs'! */ 13.27 if (isdigit(*str)) { 13.28 - io_tlb_nslabs = simple_strtoul(str, &str, 0) << 13.29 - (PAGE_SHIFT - IO_TLB_SHIFT); 13.30 - /* avoid tail segment of size < IO_TLB_SEGSIZE */ 13.31 - io_tlb_nslabs = ALIGN(io_tlb_nslabs, IO_TLB_SEGSIZE); 13.32 + iotlb_nslabs = simple_strtoul(str, &str, 0) << 13.33 + (20 - IO_TLB_SHIFT); 13.34 + iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE); 13.35 } 13.36 if (*str == ',') 13.37 ++str; 13.38 @@ -114,45 +115,56 @@ setup_io_tlb_npages(char *str) 13.39 void 13.40 swiotlb_init_with_default_size (size_t default_size) 13.41 { 13.42 - unsigned long i; 13.43 + unsigned long i, bytes; 13.44 13.45 - if (!io_tlb_nslabs) { 13.46 - io_tlb_nslabs = (default_size >> PAGE_SHIFT); 13.47 - io_tlb_nslabs = ALIGN(io_tlb_nslabs, IO_TLB_SEGSIZE); 13.48 + if (!iotlb_nslabs) { 13.49 + iotlb_nslabs = (default_size >> IO_TLB_SHIFT); 13.50 + iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE); 13.51 } 13.52 13.53 + bytes = iotlb_nslabs * (1UL << IO_TLB_SHIFT); 13.54 + 13.55 /* 13.56 * Get IO TLB memory from the low pages 13.57 */ 13.58 - io_tlb_start = alloc_bootmem_low_pages(io_tlb_nslabs * 13.59 - (1 << IO_TLB_SHIFT)); 13.60 - if (!io_tlb_start) 13.61 - panic("Cannot allocate SWIOTLB buffer"); 13.62 + iotlb_virt_start = alloc_bootmem_low_pages(bytes); 13.63 + if (!iotlb_virt_start) 13.64 + panic("Cannot allocate SWIOTLB buffer!\n" 13.65 + "Use dom0_mem Xen boot parameter to reserve\n" 13.66 + "some DMA memory (e.g., dom0_mem=-128M).\n"); 13.67 13.68 - xen_create_contiguous_region( 13.69 - (unsigned long)io_tlb_start, 13.70 - get_order(io_tlb_nslabs * (1 << IO_TLB_SHIFT))); 13.71 + for (i = 0; i < iotlb_nslabs; i += IO_TLB_SEGSIZE) 13.72 + xen_create_contiguous_region( 13.73 + (unsigned long)iotlb_virt_start + (i << IO_TLB_SHIFT), 13.74 + get_order(IO_TLB_SEGSIZE << IO_TLB_SHIFT)); 13.75 13.76 - io_tlb_end = io_tlb_start + io_tlb_nslabs * (1 << IO_TLB_SHIFT); 13.77 + iotlb_virt_end = iotlb_virt_start + bytes; 13.78 13.79 /* 13.80 * Allocate and initialize the free list array. This array is used 13.81 * to find contiguous free memory regions of size up to IO_TLB_SEGSIZE 13.82 - * between io_tlb_start and io_tlb_end. 13.83 + * between iotlb_virt_start and iotlb_virt_end. 13.84 */ 13.85 - io_tlb_list = alloc_bootmem(io_tlb_nslabs * sizeof(int)); 13.86 - for (i = 0; i < io_tlb_nslabs; i++) 13.87 + io_tlb_list = alloc_bootmem(iotlb_nslabs * sizeof(int)); 13.88 + for (i = 0; i < iotlb_nslabs; i++) 13.89 io_tlb_list[i] = IO_TLB_SEGSIZE - OFFSET(i, IO_TLB_SEGSIZE); 13.90 io_tlb_index = 0; 13.91 io_tlb_orig_addr = alloc_bootmem( 13.92 - io_tlb_nslabs * sizeof(*io_tlb_orig_addr)); 13.93 + iotlb_nslabs * sizeof(*io_tlb_orig_addr)); 13.94 13.95 /* 13.96 * Get the overflow emergency buffer 13.97 */ 13.98 io_tlb_overflow_buffer = alloc_bootmem_low(io_tlb_overflow); 13.99 - printk(KERN_INFO "Placing software IO TLB between 0x%lx - 0x%lx\n", 13.100 - virt_to_bus(io_tlb_start), virt_to_bus(io_tlb_end-1)); 13.101 + iotlb_bus_start = virt_to_bus(iotlb_virt_start); 13.102 + iotlb_bus_end = iotlb_bus_start + bytes; 13.103 + printk(KERN_INFO "Software IO TLB enabled: \n" 13.104 + " Aperture: %lu megabytes\n" 13.105 + " Bus range: 0x%016lx - 0x%016lx\n" 13.106 + " Kernel range: 0x%016lx - 0x%016lx\n", 13.107 + bytes >> 20, 13.108 + (unsigned long)iotlb_bus_start, (unsigned long)iotlb_bus_end, 13.109 + (unsigned long)iotlb_virt_start, (unsigned long)iotlb_virt_end); 13.110 } 13.111 13.112 void 13.113 @@ -240,7 +252,7 @@ map_single(struct device *hwdev, struct 13.114 { 13.115 wrap = index = ALIGN(io_tlb_index, stride); 13.116 13.117 - if (index >= io_tlb_nslabs) 13.118 + if (index >= iotlb_nslabs) 13.119 wrap = index = 0; 13.120 13.121 do { 13.122 @@ -260,7 +272,7 @@ map_single(struct device *hwdev, struct 13.123 IO_TLB_SEGSIZE -1) && io_tlb_list[i]; 13.124 i--) 13.125 io_tlb_list[i] = ++count; 13.126 - dma_addr = io_tlb_start + 13.127 + dma_addr = iotlb_virt_start + 13.128 (index << IO_TLB_SHIFT); 13.129 13.130 /* 13.131 @@ -268,13 +280,13 @@ map_single(struct device *hwdev, struct 13.132 * the next round. 13.133 */ 13.134 io_tlb_index = 13.135 - ((index + nslots) < io_tlb_nslabs 13.136 + ((index + nslots) < iotlb_nslabs 13.137 ? (index + nslots) : 0); 13.138 13.139 goto found; 13.140 } 13.141 index += stride; 13.142 - if (index >= io_tlb_nslabs) 13.143 + if (index >= iotlb_nslabs) 13.144 index = 0; 13.145 } while (index != wrap); 13.146 13.147 @@ -304,7 +316,7 @@ unmap_single(struct device *hwdev, char 13.148 { 13.149 unsigned long flags; 13.150 int i, count, nslots = ALIGN(size, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT; 13.151 - int index = (dma_addr - io_tlb_start) >> IO_TLB_SHIFT; 13.152 + int index = (dma_addr - iotlb_virt_start) >> IO_TLB_SHIFT; 13.153 struct phys_addr buffer = io_tlb_orig_addr[index]; 13.154 13.155 /* 13.156 @@ -345,7 +357,7 @@ unmap_single(struct device *hwdev, char 13.157 static void 13.158 sync_single(struct device *hwdev, char *dma_addr, size_t size, int dir) 13.159 { 13.160 - int index = (dma_addr - io_tlb_start) >> IO_TLB_SHIFT; 13.161 + int index = (dma_addr - iotlb_virt_start) >> IO_TLB_SHIFT; 13.162 struct phys_addr buffer = io_tlb_orig_addr[index]; 13.163 BUG_ON((dir != DMA_FROM_DEVICE) && (dir != DMA_TO_DEVICE)); 13.164 __sync_single(buffer, dma_addr, size, dir); 13.165 @@ -431,11 +443,9 @@ void 13.166 swiotlb_unmap_single(struct device *hwdev, dma_addr_t dev_addr, size_t size, 13.167 int dir) 13.168 { 13.169 - char *dma_addr = bus_to_virt(dev_addr); 13.170 - 13.171 BUG_ON(dir == DMA_NONE); 13.172 - if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end) 13.173 - unmap_single(hwdev, dma_addr, size, dir); 13.174 + if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end)) 13.175 + unmap_single(hwdev, bus_to_virt(dev_addr), size, dir); 13.176 } 13.177 13.178 /* 13.179 @@ -452,22 +462,18 @@ void 13.180 swiotlb_sync_single_for_cpu(struct device *hwdev, dma_addr_t dev_addr, 13.181 size_t size, int dir) 13.182 { 13.183 - char *dma_addr = bus_to_virt(dev_addr); 13.184 - 13.185 BUG_ON(dir == DMA_NONE); 13.186 - if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end) 13.187 - sync_single(hwdev, dma_addr, size, dir); 13.188 + if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end)) 13.189 + sync_single(hwdev, bus_to_virt(dev_addr), size, dir); 13.190 } 13.191 13.192 void 13.193 swiotlb_sync_single_for_device(struct device *hwdev, dma_addr_t dev_addr, 13.194 size_t size, int dir) 13.195 { 13.196 - char *dma_addr = bus_to_virt(dev_addr); 13.197 - 13.198 BUG_ON(dir == DMA_NONE); 13.199 - if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end) 13.200 - sync_single(hwdev, dma_addr, size, dir); 13.201 + if ((dev_addr >= iotlb_bus_start) && (dev_addr < iotlb_bus_end)) 13.202 + sync_single(hwdev, bus_to_virt(dev_addr), size, dir); 13.203 } 13.204 13.205 /* 13.206 @@ -603,11 +609,9 @@ void 13.207 swiotlb_unmap_page(struct device *hwdev, dma_addr_t dma_address, 13.208 size_t size, enum dma_data_direction direction) 13.209 { 13.210 - char *dma_addr = bus_to_virt(dma_address); 13.211 - 13.212 BUG_ON(direction == DMA_NONE); 13.213 - if (dma_addr >= io_tlb_start && dma_addr < io_tlb_end) 13.214 - unmap_single(hwdev, dma_addr, size, direction); 13.215 + if ((dma_address >= iotlb_bus_start) && (dma_address < iotlb_bus_end)) 13.216 + unmap_single(hwdev, bus_to_virt(dma_address), size, direction); 13.217 } 13.218 13.219 int
16.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c Fri Aug 19 10:18:53 2005 +0000 16.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/hypervisor.c Fri Aug 19 10:50:15 2005 +0000 16.3 @@ -59,124 +59,124 @@ 16.4 #ifndef CONFIG_XEN_SHADOW_MODE 16.5 void xen_l1_entry_update(pte_t *ptr, pte_t val) 16.6 { 16.7 - mmu_update_t u; 16.8 - u.ptr = virt_to_machine(ptr); 16.9 - u.val = pte_val_ma(val); 16.10 - BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.11 + mmu_update_t u; 16.12 + u.ptr = virt_to_machine(ptr); 16.13 + u.val = pte_val_ma(val); 16.14 + BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.15 } 16.16 16.17 void xen_l2_entry_update(pmd_t *ptr, pmd_t val) 16.18 { 16.19 - mmu_update_t u; 16.20 - u.ptr = virt_to_machine(ptr); 16.21 - u.val = pmd_val_ma(val); 16.22 - BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.23 + mmu_update_t u; 16.24 + u.ptr = virt_to_machine(ptr); 16.25 + u.val = pmd_val_ma(val); 16.26 + BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.27 } 16.28 16.29 #ifdef CONFIG_X86_PAE 16.30 void xen_l3_entry_update(pud_t *ptr, pud_t val) 16.31 { 16.32 - mmu_update_t u; 16.33 - u.ptr = virt_to_machine(ptr); 16.34 - u.val = pud_val_ma(val); 16.35 - BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.36 + mmu_update_t u; 16.37 + u.ptr = virt_to_machine(ptr); 16.38 + u.val = pud_val_ma(val); 16.39 + BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.40 } 16.41 #endif 16.42 16.43 #ifdef CONFIG_X86_64 16.44 void xen_l3_entry_update(pud_t *ptr, pud_t val) 16.45 { 16.46 - mmu_update_t u; 16.47 - u.ptr = virt_to_machine(ptr); 16.48 - u.val = val.pud; 16.49 - BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.50 + mmu_update_t u; 16.51 + u.ptr = virt_to_machine(ptr); 16.52 + u.val = val.pud; 16.53 + BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.54 } 16.55 16.56 void xen_l4_entry_update(pgd_t *ptr, pgd_t val) 16.57 { 16.58 - mmu_update_t u; 16.59 - u.ptr = virt_to_machine(ptr); 16.60 - u.val = val.pgd; 16.61 - BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.62 + mmu_update_t u; 16.63 + u.ptr = virt_to_machine(ptr); 16.64 + u.val = val.pgd; 16.65 + BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.66 } 16.67 #endif /* CONFIG_X86_64 */ 16.68 #endif /* CONFIG_XEN_SHADOW_MODE */ 16.69 16.70 void xen_machphys_update(unsigned long mfn, unsigned long pfn) 16.71 { 16.72 - mmu_update_t u; 16.73 - u.ptr = (mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE; 16.74 - u.val = pfn; 16.75 - BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.76 + mmu_update_t u; 16.77 + u.ptr = (mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE; 16.78 + u.val = pfn; 16.79 + BUG_ON(HYPERVISOR_mmu_update(&u, 1, NULL, DOMID_SELF) < 0); 16.80 } 16.81 16.82 void xen_pt_switch(unsigned long ptr) 16.83 { 16.84 - struct mmuext_op op; 16.85 - op.cmd = MMUEXT_NEW_BASEPTR; 16.86 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.87 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.88 + struct mmuext_op op; 16.89 + op.cmd = MMUEXT_NEW_BASEPTR; 16.90 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.91 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.92 } 16.93 16.94 void xen_new_user_pt(unsigned long ptr) 16.95 { 16.96 - struct mmuext_op op; 16.97 - op.cmd = MMUEXT_NEW_USER_BASEPTR; 16.98 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.99 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.100 + struct mmuext_op op; 16.101 + op.cmd = MMUEXT_NEW_USER_BASEPTR; 16.102 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.103 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.104 } 16.105 16.106 void xen_tlb_flush(void) 16.107 { 16.108 - struct mmuext_op op; 16.109 - op.cmd = MMUEXT_TLB_FLUSH_LOCAL; 16.110 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.111 + struct mmuext_op op; 16.112 + op.cmd = MMUEXT_TLB_FLUSH_LOCAL; 16.113 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.114 } 16.115 16.116 void xen_invlpg(unsigned long ptr) 16.117 { 16.118 - struct mmuext_op op; 16.119 - op.cmd = MMUEXT_INVLPG_LOCAL; 16.120 - op.linear_addr = ptr & PAGE_MASK; 16.121 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.122 + struct mmuext_op op; 16.123 + op.cmd = MMUEXT_INVLPG_LOCAL; 16.124 + op.linear_addr = ptr & PAGE_MASK; 16.125 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.126 } 16.127 16.128 #ifdef CONFIG_SMP 16.129 16.130 void xen_tlb_flush_all(void) 16.131 { 16.132 - struct mmuext_op op; 16.133 - op.cmd = MMUEXT_TLB_FLUSH_ALL; 16.134 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.135 + struct mmuext_op op; 16.136 + op.cmd = MMUEXT_TLB_FLUSH_ALL; 16.137 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.138 } 16.139 16.140 void xen_tlb_flush_mask(cpumask_t *mask) 16.141 { 16.142 - struct mmuext_op op; 16.143 - if ( cpus_empty(*mask) ) 16.144 - return; 16.145 - op.cmd = MMUEXT_TLB_FLUSH_MULTI; 16.146 - op.vcpumask = mask->bits; 16.147 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.148 + struct mmuext_op op; 16.149 + if ( cpus_empty(*mask) ) 16.150 + return; 16.151 + op.cmd = MMUEXT_TLB_FLUSH_MULTI; 16.152 + op.vcpumask = mask->bits; 16.153 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.154 } 16.155 16.156 void xen_invlpg_all(unsigned long ptr) 16.157 { 16.158 - struct mmuext_op op; 16.159 - op.cmd = MMUEXT_INVLPG_ALL; 16.160 - op.linear_addr = ptr & PAGE_MASK; 16.161 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.162 + struct mmuext_op op; 16.163 + op.cmd = MMUEXT_INVLPG_ALL; 16.164 + op.linear_addr = ptr & PAGE_MASK; 16.165 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.166 } 16.167 16.168 void xen_invlpg_mask(cpumask_t *mask, unsigned long ptr) 16.169 { 16.170 - struct mmuext_op op; 16.171 - if ( cpus_empty(*mask) ) 16.172 - return; 16.173 - op.cmd = MMUEXT_INVLPG_MULTI; 16.174 - op.vcpumask = mask->bits; 16.175 - op.linear_addr = ptr & PAGE_MASK; 16.176 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.177 + struct mmuext_op op; 16.178 + if ( cpus_empty(*mask) ) 16.179 + return; 16.180 + op.cmd = MMUEXT_INVLPG_MULTI; 16.181 + op.vcpumask = mask->bits; 16.182 + op.linear_addr = ptr & PAGE_MASK; 16.183 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.184 } 16.185 16.186 #endif /* CONFIG_SMP */ 16.187 @@ -184,221 +184,281 @@ void xen_invlpg_mask(cpumask_t *mask, un 16.188 #ifndef CONFIG_XEN_SHADOW_MODE 16.189 void xen_pgd_pin(unsigned long ptr) 16.190 { 16.191 - struct mmuext_op op; 16.192 + struct mmuext_op op; 16.193 #ifdef CONFIG_X86_64 16.194 - op.cmd = MMUEXT_PIN_L4_TABLE; 16.195 + op.cmd = MMUEXT_PIN_L4_TABLE; 16.196 #elif defined(CONFIG_X86_PAE) 16.197 - op.cmd = MMUEXT_PIN_L3_TABLE; 16.198 + op.cmd = MMUEXT_PIN_L3_TABLE; 16.199 #else 16.200 - op.cmd = MMUEXT_PIN_L2_TABLE; 16.201 + op.cmd = MMUEXT_PIN_L2_TABLE; 16.202 #endif 16.203 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.204 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.205 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.206 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.207 } 16.208 16.209 void xen_pgd_unpin(unsigned long ptr) 16.210 { 16.211 - struct mmuext_op op; 16.212 - op.cmd = MMUEXT_UNPIN_TABLE; 16.213 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.214 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.215 + struct mmuext_op op; 16.216 + op.cmd = MMUEXT_UNPIN_TABLE; 16.217 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.218 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.219 } 16.220 16.221 void xen_pte_pin(unsigned long ptr) 16.222 { 16.223 - struct mmuext_op op; 16.224 - op.cmd = MMUEXT_PIN_L1_TABLE; 16.225 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.226 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.227 + struct mmuext_op op; 16.228 + op.cmd = MMUEXT_PIN_L1_TABLE; 16.229 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.230 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.231 } 16.232 16.233 void xen_pte_unpin(unsigned long ptr) 16.234 { 16.235 - struct mmuext_op op; 16.236 - op.cmd = MMUEXT_UNPIN_TABLE; 16.237 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.238 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.239 + struct mmuext_op op; 16.240 + op.cmd = MMUEXT_UNPIN_TABLE; 16.241 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.242 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.243 } 16.244 16.245 #ifdef CONFIG_X86_64 16.246 void xen_pud_pin(unsigned long ptr) 16.247 { 16.248 - struct mmuext_op op; 16.249 - op.cmd = MMUEXT_PIN_L3_TABLE; 16.250 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.251 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.252 + struct mmuext_op op; 16.253 + op.cmd = MMUEXT_PIN_L3_TABLE; 16.254 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.255 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.256 } 16.257 16.258 void xen_pud_unpin(unsigned long ptr) 16.259 { 16.260 - struct mmuext_op op; 16.261 - op.cmd = MMUEXT_UNPIN_TABLE; 16.262 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.263 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.264 + struct mmuext_op op; 16.265 + op.cmd = MMUEXT_UNPIN_TABLE; 16.266 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.267 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.268 } 16.269 16.270 void xen_pmd_pin(unsigned long ptr) 16.271 { 16.272 - struct mmuext_op op; 16.273 - op.cmd = MMUEXT_PIN_L2_TABLE; 16.274 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.275 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.276 + struct mmuext_op op; 16.277 + op.cmd = MMUEXT_PIN_L2_TABLE; 16.278 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.279 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.280 } 16.281 16.282 void xen_pmd_unpin(unsigned long ptr) 16.283 { 16.284 - struct mmuext_op op; 16.285 - op.cmd = MMUEXT_UNPIN_TABLE; 16.286 - op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.287 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.288 + struct mmuext_op op; 16.289 + op.cmd = MMUEXT_UNPIN_TABLE; 16.290 + op.mfn = pfn_to_mfn(ptr >> PAGE_SHIFT); 16.291 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.292 } 16.293 #endif /* CONFIG_X86_64 */ 16.294 #endif /* CONFIG_XEN_SHADOW_MODE */ 16.295 16.296 void xen_set_ldt(unsigned long ptr, unsigned long len) 16.297 { 16.298 - struct mmuext_op op; 16.299 - op.cmd = MMUEXT_SET_LDT; 16.300 - op.linear_addr = ptr; 16.301 - op.nr_ents = len; 16.302 - BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.303 + struct mmuext_op op; 16.304 + op.cmd = MMUEXT_SET_LDT; 16.305 + op.linear_addr = ptr; 16.306 + op.nr_ents = len; 16.307 + BUG_ON(HYPERVISOR_mmuext_op(&op, 1, NULL, DOMID_SELF) < 0); 16.308 +} 16.309 + 16.310 +/* 16.311 + * Bitmap is indexed by page number. If bit is set, the page is part of a 16.312 + * xen_create_contiguous_region() area of memory. 16.313 + */ 16.314 +unsigned long *contiguous_bitmap; 16.315 + 16.316 +static void contiguous_bitmap_set( 16.317 + unsigned long first_page, unsigned long nr_pages) 16.318 +{ 16.319 + unsigned long start_off, end_off, curr_idx, end_idx; 16.320 + 16.321 + curr_idx = first_page / BITS_PER_LONG; 16.322 + start_off = first_page & (BITS_PER_LONG-1); 16.323 + end_idx = (first_page + nr_pages) / BITS_PER_LONG; 16.324 + end_off = (first_page + nr_pages) & (BITS_PER_LONG-1); 16.325 + 16.326 + if (curr_idx == end_idx) { 16.327 + contiguous_bitmap[curr_idx] |= 16.328 + ((1UL<<end_off)-1) & -(1UL<<start_off); 16.329 + } else { 16.330 + contiguous_bitmap[curr_idx] |= -(1UL<<start_off); 16.331 + while ( ++curr_idx < end_idx ) 16.332 + contiguous_bitmap[curr_idx] = ~0UL; 16.333 + contiguous_bitmap[curr_idx] |= (1UL<<end_off)-1; 16.334 + } 16.335 +} 16.336 + 16.337 +static void contiguous_bitmap_clear( 16.338 + unsigned long first_page, unsigned long nr_pages) 16.339 +{ 16.340 + unsigned long start_off, end_off, curr_idx, end_idx; 16.341 + 16.342 + curr_idx = first_page / BITS_PER_LONG; 16.343 + start_off = first_page & (BITS_PER_LONG-1); 16.344 + end_idx = (first_page + nr_pages) / BITS_PER_LONG; 16.345 + end_off = (first_page + nr_pages) & (BITS_PER_LONG-1); 16.346 + 16.347 + if (curr_idx == end_idx) { 16.348 + contiguous_bitmap[curr_idx] &= 16.349 + -(1UL<<end_off) | ((1UL<<start_off)-1); 16.350 + } else { 16.351 + contiguous_bitmap[curr_idx] &= (1UL<<start_off)-1; 16.352 + while ( ++curr_idx != end_idx ) 16.353 + contiguous_bitmap[curr_idx] = 0; 16.354 + contiguous_bitmap[curr_idx] &= -(1UL<<end_off); 16.355 + } 16.356 } 16.357 16.358 /* Ensure multi-page extents are contiguous in machine memory. */ 16.359 void xen_create_contiguous_region(unsigned long vstart, unsigned int order) 16.360 { 16.361 - pgd_t *pgd; 16.362 - pud_t *pud; 16.363 - pmd_t *pmd; 16.364 - pte_t *pte; 16.365 - unsigned long mfn, i, flags; 16.366 + pgd_t *pgd; 16.367 + pud_t *pud; 16.368 + pmd_t *pmd; 16.369 + pte_t *pte; 16.370 + unsigned long mfn, i, flags; 16.371 16.372 - scrub_pages(vstart, 1 << order); 16.373 + scrub_pages(vstart, 1 << order); 16.374 16.375 - balloon_lock(flags); 16.376 + balloon_lock(flags); 16.377 16.378 - /* 1. Zap current PTEs, giving away the underlying pages. */ 16.379 - for (i = 0; i < (1<<order); i++) { 16.380 - pgd = pgd_offset_k(vstart + (i*PAGE_SIZE)); 16.381 - pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE))); 16.382 - pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE))); 16.383 - pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 16.384 - mfn = pte_mfn(*pte); 16.385 - BUG_ON(HYPERVISOR_update_va_mapping( 16.386 - vstart + (i*PAGE_SIZE), __pte_ma(0), 0)); 16.387 - phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = 16.388 - INVALID_P2M_ENTRY; 16.389 - BUG_ON(HYPERVISOR_dom_mem_op( 16.390 - MEMOP_decrease_reservation, &mfn, 1, 0) != 1); 16.391 - } 16.392 + /* 1. Zap current PTEs, giving away the underlying pages. */ 16.393 + for (i = 0; i < (1<<order); i++) { 16.394 + pgd = pgd_offset_k(vstart + (i*PAGE_SIZE)); 16.395 + pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE))); 16.396 + pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE))); 16.397 + pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 16.398 + mfn = pte_mfn(*pte); 16.399 + BUG_ON(HYPERVISOR_update_va_mapping( 16.400 + vstart + (i*PAGE_SIZE), __pte_ma(0), 0)); 16.401 + phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = 16.402 + INVALID_P2M_ENTRY; 16.403 + BUG_ON(HYPERVISOR_dom_mem_op( 16.404 + MEMOP_decrease_reservation, &mfn, 1, 0) != 1); 16.405 + } 16.406 16.407 - /* 2. Get a new contiguous memory extent. */ 16.408 - BUG_ON(HYPERVISOR_dom_mem_op( 16.409 - MEMOP_increase_reservation, &mfn, 1, order | (32<<8)) != 1); 16.410 + /* 2. Get a new contiguous memory extent. */ 16.411 + BUG_ON(HYPERVISOR_dom_mem_op( 16.412 + MEMOP_increase_reservation, &mfn, 1, order | (32<<8)) != 1); 16.413 16.414 - /* 3. Map the new extent in place of old pages. */ 16.415 - for (i = 0; i < (1<<order); i++) { 16.416 - BUG_ON(HYPERVISOR_update_va_mapping( 16.417 - vstart + (i*PAGE_SIZE), 16.418 - __pte_ma(((mfn+i)<<PAGE_SHIFT)|__PAGE_KERNEL), 0)); 16.419 - xen_machphys_update(mfn+i, (__pa(vstart)>>PAGE_SHIFT)+i); 16.420 - phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn+i; 16.421 - } 16.422 + /* 3. Map the new extent in place of old pages. */ 16.423 + for (i = 0; i < (1<<order); i++) { 16.424 + BUG_ON(HYPERVISOR_update_va_mapping( 16.425 + vstart + (i*PAGE_SIZE), 16.426 + pfn_pte_ma(mfn+i, PAGE_KERNEL), 0)); 16.427 + xen_machphys_update(mfn+i, (__pa(vstart)>>PAGE_SHIFT)+i); 16.428 + phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn+i; 16.429 + } 16.430 16.431 - flush_tlb_all(); 16.432 + flush_tlb_all(); 16.433 16.434 - balloon_unlock(flags); 16.435 + contiguous_bitmap_set(__pa(vstart) >> PAGE_SHIFT, 1UL << order); 16.436 + 16.437 + balloon_unlock(flags); 16.438 } 16.439 16.440 void xen_destroy_contiguous_region(unsigned long vstart, unsigned int order) 16.441 { 16.442 - pgd_t *pgd; 16.443 - pud_t *pud; 16.444 - pmd_t *pmd; 16.445 - pte_t *pte; 16.446 - unsigned long mfn, i, flags; 16.447 + pgd_t *pgd; 16.448 + pud_t *pud; 16.449 + pmd_t *pmd; 16.450 + pte_t *pte; 16.451 + unsigned long mfn, i, flags; 16.452 16.453 - scrub_pages(vstart, 1 << order); 16.454 + scrub_pages(vstart, 1 << order); 16.455 16.456 - balloon_lock(flags); 16.457 + balloon_lock(flags); 16.458 + 16.459 + contiguous_bitmap_clear(__pa(vstart) >> PAGE_SHIFT, 1UL << order); 16.460 16.461 - /* 1. Zap current PTEs, giving away the underlying pages. */ 16.462 - for (i = 0; i < (1<<order); i++) { 16.463 - pgd = pgd_offset_k(vstart + (i*PAGE_SIZE)); 16.464 - pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE))); 16.465 - pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE))); 16.466 - pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 16.467 - mfn = pte_mfn(*pte); 16.468 - BUG_ON(HYPERVISOR_update_va_mapping( 16.469 - vstart + (i*PAGE_SIZE), __pte_ma(0), 0)); 16.470 - phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = 16.471 - INVALID_P2M_ENTRY; 16.472 - BUG_ON(HYPERVISOR_dom_mem_op( 16.473 - MEMOP_decrease_reservation, &mfn, 1, 0) != 1); 16.474 - } 16.475 + /* 1. Zap current PTEs, giving away the underlying pages. */ 16.476 + for (i = 0; i < (1<<order); i++) { 16.477 + pgd = pgd_offset_k(vstart + (i*PAGE_SIZE)); 16.478 + pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE))); 16.479 + pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE))); 16.480 + pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 16.481 + mfn = pte_mfn(*pte); 16.482 + BUG_ON(HYPERVISOR_update_va_mapping( 16.483 + vstart + (i*PAGE_SIZE), __pte_ma(0), 0)); 16.484 + phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = 16.485 + INVALID_P2M_ENTRY; 16.486 + BUG_ON(HYPERVISOR_dom_mem_op( 16.487 + MEMOP_decrease_reservation, &mfn, 1, 0) != 1); 16.488 + } 16.489 16.490 - /* 2. Map new pages in place of old pages. */ 16.491 - for (i = 0; i < (1<<order); i++) { 16.492 - BUG_ON(HYPERVISOR_dom_mem_op( 16.493 - MEMOP_increase_reservation, &mfn, 1, 0) != 1); 16.494 - BUG_ON(HYPERVISOR_update_va_mapping( 16.495 - vstart + (i*PAGE_SIZE), 16.496 - __pte_ma((mfn<<PAGE_SHIFT)|__PAGE_KERNEL), 0)); 16.497 - xen_machphys_update(mfn, (__pa(vstart)>>PAGE_SHIFT)+i); 16.498 - phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn; 16.499 - } 16.500 + /* 2. Map new pages in place of old pages. */ 16.501 + for (i = 0; i < (1<<order); i++) { 16.502 + BUG_ON(HYPERVISOR_dom_mem_op( 16.503 + MEMOP_increase_reservation, &mfn, 1, 0) != 1); 16.504 + BUG_ON(HYPERVISOR_update_va_mapping( 16.505 + vstart + (i*PAGE_SIZE), 16.506 + pfn_pte_ma(mfn, PAGE_KERNEL), 0)); 16.507 + xen_machphys_update(mfn, (__pa(vstart)>>PAGE_SHIFT)+i); 16.508 + phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = mfn; 16.509 + } 16.510 16.511 - flush_tlb_all(); 16.512 + flush_tlb_all(); 16.513 16.514 - balloon_unlock(flags); 16.515 + balloon_unlock(flags); 16.516 } 16.517 16.518 16.519 unsigned long allocate_empty_lowmem_region(unsigned long pages) 16.520 { 16.521 - pgd_t *pgd; 16.522 - pud_t *pud; 16.523 - pmd_t *pmd; 16.524 - pte_t *pte; 16.525 - unsigned long *pfn_array; 16.526 - unsigned long vstart; 16.527 - unsigned long i; 16.528 - unsigned int order = get_order(pages*PAGE_SIZE); 16.529 + pgd_t *pgd; 16.530 + pud_t *pud; 16.531 + pmd_t *pmd; 16.532 + pte_t *pte; 16.533 + unsigned long *pfn_array; 16.534 + unsigned long vstart; 16.535 + unsigned long i; 16.536 + unsigned int order = get_order(pages*PAGE_SIZE); 16.537 16.538 - vstart = __get_free_pages(GFP_KERNEL, order); 16.539 - if ( vstart == 0 ) 16.540 - return 0UL; 16.541 + vstart = __get_free_pages(GFP_KERNEL, order); 16.542 + if (vstart == 0) 16.543 + return 0UL; 16.544 16.545 - scrub_pages(vstart, 1 << order); 16.546 + scrub_pages(vstart, 1 << order); 16.547 16.548 - pfn_array = vmalloc((1<<order) * sizeof(*pfn_array)); 16.549 - if ( pfn_array == NULL ) 16.550 - BUG(); 16.551 + pfn_array = vmalloc((1<<order) * sizeof(*pfn_array)); 16.552 + BUG_ON(pfn_array == NULL); 16.553 16.554 - for ( i = 0; i < (1<<order); i++ ) 16.555 - { 16.556 - pgd = pgd_offset_k( (vstart + (i*PAGE_SIZE))); 16.557 - pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE))); 16.558 - pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE))); 16.559 - pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 16.560 - pfn_array[i] = pte_mfn(*pte); 16.561 + for (i = 0; i < (1<<order); i++) { 16.562 + pgd = pgd_offset_k( (vstart + (i*PAGE_SIZE))); 16.563 + pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE))); 16.564 + pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE))); 16.565 + pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE))); 16.566 + pfn_array[i] = pte_mfn(*pte); 16.567 #ifdef CONFIG_X86_64 16.568 - xen_l1_entry_update(pte, __pte(0)); 16.569 + xen_l1_entry_update(pte, __pte(0)); 16.570 #else 16.571 - BUG_ON(HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE), 16.572 - __pte_ma(0), 0)); 16.573 + BUG_ON(HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE), 16.574 + __pte_ma(0), 0)); 16.575 #endif 16.576 - phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = 16.577 - INVALID_P2M_ENTRY; 16.578 - } 16.579 + phys_to_machine_mapping[(__pa(vstart)>>PAGE_SHIFT)+i] = 16.580 + INVALID_P2M_ENTRY; 16.581 + } 16.582 16.583 - flush_tlb_all(); 16.584 + flush_tlb_all(); 16.585 16.586 - balloon_put_pages(pfn_array, 1 << order); 16.587 + balloon_put_pages(pfn_array, 1 << order); 16.588 16.589 - vfree(pfn_array); 16.590 + vfree(pfn_array); 16.591 16.592 - return vstart; 16.593 + return vstart; 16.594 } 16.595 16.596 EXPORT_SYMBOL(allocate_empty_lowmem_region); 16.597 + 16.598 +/* 16.599 + * Local variables: 16.600 + * c-file-style: "linux" 16.601 + * indent-tabs-mode: t 16.602 + * c-indent-level: 8 16.603 + * c-basic-offset: 8 16.604 + * tab-width: 8 16.605 + * End: 16.606 + */
17.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c Fri Aug 19 10:18:53 2005 +0000 17.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c Fri Aug 19 10:50:15 2005 +0000 17.3 @@ -41,6 +41,8 @@ 17.4 #include <asm/sections.h> 17.5 #include <asm-xen/hypervisor.h> 17.6 17.7 +extern unsigned long *contiguous_bitmap; 17.8 + 17.9 #if defined(CONFIG_SWIOTLB) 17.10 extern void swiotlb_init(void); 17.11 int swiotlb; 17.12 @@ -637,6 +639,11 @@ void __init mem_init(void) 17.13 int bad_ppro; 17.14 unsigned long pfn; 17.15 17.16 + contiguous_bitmap = alloc_bootmem_low_pages( 17.17 + (max_low_pfn + 2*BITS_PER_LONG) >> 3); 17.18 + BUG_ON(!contiguous_bitmap); 17.19 + memset(contiguous_bitmap, 0, (max_low_pfn + 2*BITS_PER_LONG) >> 3); 17.20 + 17.21 #if defined(CONFIG_SWIOTLB) 17.22 swiotlb_init(); 17.23 #endif
18.1 --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c Fri Aug 19 10:18:53 2005 +0000 18.2 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c Fri Aug 19 10:50:15 2005 +0000 18.3 @@ -300,17 +300,17 @@ void __init bt_iounmap(void *addr, unsig 18.4 18.5 18.6 static int direct_remap_area_pte_fn(pte_t *pte, 18.7 - struct page *pte_page, 18.8 - unsigned long address, 18.9 - void *data) 18.10 + struct page *pte_page, 18.11 + unsigned long address, 18.12 + void *data) 18.13 { 18.14 - mmu_update_t **v = (mmu_update_t **)data; 18.15 + mmu_update_t **v = (mmu_update_t **)data; 18.16 18.17 - (*v)->ptr = (pfn_to_mfn(page_to_pfn(pte_page)) << PAGE_SHIFT) 18.18 - | ((unsigned long)pte & ~PAGE_MASK); 18.19 - (*v)++; 18.20 + (*v)->ptr = ((physaddr_t)pfn_to_mfn(page_to_pfn(pte_page)) << 18.21 + PAGE_SHIFT) | ((unsigned long)pte & ~PAGE_MASK); 18.22 + (*v)++; 18.23 18.24 - return 0; 18.25 + return 0; 18.26 } 18.27 18.28 int direct_remap_area_pages(struct mm_struct *mm, 18.29 @@ -397,6 +397,16 @@ int touch_pte_range(struct mm_struct *mm 18.30 } 18.31 18.32 return generic_page_range(mm, address, size, f, NULL); 18.33 -} 18.34 +} 18.35 18.36 EXPORT_SYMBOL(touch_pte_range); 18.37 + 18.38 +/* 18.39 + * Local variables: 18.40 + * c-file-style: "linux" 18.41 + * indent-tabs-mode: t 18.42 + * c-indent-level: 8 18.43 + * c-basic-offset: 8 18.44 + * tab-width: 8 18.45 + * End: 18.46 + */
19.1 --- a/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c Fri Aug 19 10:18:53 2005 +0000 19.2 +++ b/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c Fri Aug 19 10:50:15 2005 +0000 19.3 @@ -124,8 +124,6 @@ extern asmlinkage unsigned int do_IRQ(st 19.4 19.5 #define VALID_EVTCHN(_chn) ((_chn) >= 0) 19.6 19.7 -unsigned uber_debug; 19.8 - 19.9 /* 19.10 * Force a proper event-channel callback from Xen after clearing the 19.11 * callback mask. We do this in a very simple manner, by making a call 19.12 @@ -160,11 +158,7 @@ asmlinkage void evtchn_do_upcall(struct 19.13 l2 &= ~(1 << l2i); 19.14 19.15 port = (l1i << 5) + l2i; 19.16 - if (uber_debug && cpu) 19.17 - printk("<0>Upcall to %d on %d.\n", port, cpu); 19.18 if ( (irq = evtchn_to_irq[port]) != -1 ) { 19.19 - if (uber_debug && cpu) 19.20 - printk("<0>IRQ %d.\n", irq); 19.21 do_IRQ(irq, regs); 19.22 } else 19.23 evtchn_device_upcall(port);
21.1 --- a/linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c Fri Aug 19 10:18:53 2005 +0000 21.2 +++ b/linux-2.6-xen-sparse/arch/xen/kernel/skbuff.c Fri Aug 19 10:50:15 2005 +0000 21.3 @@ -5,8 +5,6 @@ 21.4 #include <linux/kernel.h> 21.5 #include <linux/sched.h> 21.6 #include <linux/slab.h> 21.7 -#include <linux/string.h> 21.8 -#include <linux/errno.h> 21.9 #include <linux/netdevice.h> 21.10 #include <linux/inetdevice.h> 21.11 #include <linux/etherdevice.h> 21.12 @@ -14,34 +12,86 @@ 21.13 #include <linux/init.h> 21.14 #include <asm/io.h> 21.15 #include <asm/page.h> 21.16 - 21.17 -EXPORT_SYMBOL(__dev_alloc_skb); 21.18 +#include <asm-xen/hypervisor.h> 21.19 21.20 /* Referenced in netback.c. */ 21.21 /*static*/ kmem_cache_t *skbuff_cachep; 21.22 21.23 -/* Size must be cacheline-aligned (alloc_skb uses SKB_DATA_ALIGN). */ 21.24 -#define XEN_SKB_SIZE \ 21.25 - ((PAGE_SIZE - sizeof(struct skb_shared_info)) & ~(SMP_CACHE_BYTES - 1)) 21.26 +#define MAX_SKBUFF_ORDER 2 21.27 +static kmem_cache_t *skbuff_order_cachep[MAX_SKBUFF_ORDER + 1]; 21.28 21.29 struct sk_buff *__dev_alloc_skb(unsigned int length, int gfp_mask) 21.30 { 21.31 - struct sk_buff *skb; 21.32 - skb = alloc_skb_from_cache(skbuff_cachep, length + 16, gfp_mask); 21.33 - if ( likely(skb != NULL) ) 21.34 - skb_reserve(skb, 16); 21.35 - return skb; 21.36 + struct sk_buff *skb; 21.37 + int order; 21.38 + 21.39 + length = SKB_DATA_ALIGN(length + 16); 21.40 + order = get_order(length + sizeof(struct skb_shared_info)); 21.41 + if (order > MAX_SKBUFF_ORDER) { 21.42 + printk(KERN_ALERT "Attempt to allocate order %d skbuff. " 21.43 + "Increase MAX_SKBUFF_ORDER.\n", order); 21.44 + return NULL; 21.45 + } 21.46 + 21.47 + skb = alloc_skb_from_cache( 21.48 + skbuff_order_cachep[order], length, gfp_mask); 21.49 + if (skb != NULL) 21.50 + skb_reserve(skb, 16); 21.51 + 21.52 + return skb; 21.53 } 21.54 21.55 static void skbuff_ctor(void *buf, kmem_cache_t *cachep, unsigned long unused) 21.56 { 21.57 - scrub_pages(buf, 1); 21.58 + int order = 0; 21.59 + 21.60 + while (skbuff_order_cachep[order] != cachep) 21.61 + order++; 21.62 + 21.63 + if (order != 0) 21.64 + xen_create_contiguous_region((unsigned long)buf, order); 21.65 + 21.66 + scrub_pages(buf, 1 << order); 21.67 +} 21.68 + 21.69 +static void skbuff_dtor(void *buf, kmem_cache_t *cachep, unsigned long unused) 21.70 +{ 21.71 + int order = 0; 21.72 + 21.73 + while (skbuff_order_cachep[order] != cachep) 21.74 + order++; 21.75 + 21.76 + if (order != 0) 21.77 + xen_destroy_contiguous_region((unsigned long)buf, order); 21.78 } 21.79 21.80 static int __init skbuff_init(void) 21.81 { 21.82 - skbuff_cachep = kmem_cache_create( 21.83 - "xen-skb", PAGE_SIZE, PAGE_SIZE, 0, skbuff_ctor, NULL); 21.84 - return 0; 21.85 + static char name[MAX_SKBUFF_ORDER + 1][20]; 21.86 + unsigned long size; 21.87 + int order; 21.88 + 21.89 + for (order = 0; order <= MAX_SKBUFF_ORDER; order++) { 21.90 + size = PAGE_SIZE << order; 21.91 + sprintf(name[order], "xen-skb-%lu", size); 21.92 + skbuff_order_cachep[order] = kmem_cache_create( 21.93 + name[order], size, size, 0, skbuff_ctor, skbuff_dtor); 21.94 + } 21.95 + 21.96 + skbuff_cachep = skbuff_order_cachep[0]; 21.97 + 21.98 + return 0; 21.99 } 21.100 __initcall(skbuff_init); 21.101 + 21.102 +EXPORT_SYMBOL(__dev_alloc_skb); 21.103 + 21.104 +/* 21.105 + * Local variables: 21.106 + * c-file-style: "linux" 21.107 + * indent-tabs-mode: t 21.108 + * c-indent-level: 8 21.109 + * c-basic-offset: 8 21.110 + * tab-width: 8 21.111 + * End: 21.112 + */
22.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c Fri Aug 19 10:18:53 2005 +0000 22.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c Fri Aug 19 10:50:15 2005 +0000 22.3 @@ -426,16 +426,10 @@ static __init void parse_cmdline_early ( 22.4 #ifdef CONFIG_XEN 22.5 static void __init contig_initmem_init(void) 22.6 { 22.7 - unsigned long bootmap_size, bootmap; 22.8 - 22.9 - bootmap_size = bootmem_bootmap_pages(end_pfn)<<PAGE_SHIFT; 22.10 - bootmap = start_pfn; 22.11 - bootmap_size = init_bootmem(bootmap, end_pfn); 22.12 - reserve_bootmem(bootmap, bootmap_size); 22.13 - 22.14 - free_bootmem(start_pfn << PAGE_SHIFT, (end_pfn - start_pfn) << PAGE_SHIFT); 22.15 - reserve_bootmem(0, (PFN_PHYS(start_pfn) + 22.16 - bootmap_size + PAGE_SIZE-1)); 22.17 + unsigned long bootmap_size = init_bootmem(start_pfn, end_pfn); 22.18 + free_bootmem(0, end_pfn << PAGE_SHIFT); 22.19 + /* XXX KAF: Why can't we leave low 1MB of memory free? */ 22.20 + reserve_bootmem(0, (PFN_PHYS(start_pfn) + bootmap_size + PAGE_SIZE-1)); 22.21 } 22.22 #else 22.23 static void __init contig_initmem_init(void)
23.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c Fri Aug 19 10:18:53 2005 +0000 23.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c Fri Aug 19 10:50:15 2005 +0000 23.3 @@ -280,19 +280,16 @@ void __init cpu_init (void) 23.4 if (cpu) { 23.5 memcpy(cpu_gdt_table[cpu], cpu_gdt_table[0], GDT_SIZE); 23.6 } 23.7 -#endif 23.8 23.9 cpu_gdt_descr[cpu].size = GDT_SIZE; 23.10 cpu_gdt_descr[cpu].address = (unsigned long)cpu_gdt_table[cpu]; 23.11 23.12 - cpu_gdt_init(&cpu_gdt_descr[cpu]); 23.13 - 23.14 -#ifndef CONFIG_XEN 23.15 memcpy(me->thread.tls_array, cpu_gdt_table[cpu], GDT_ENTRY_TLS_ENTRIES * 8); 23.16 - 23.17 #else 23.18 memcpy(me->thread.tls_array, &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN], 23.19 GDT_ENTRY_TLS_ENTRIES * 8); 23.20 + 23.21 + cpu_gdt_init(&cpu_gdt_descr[cpu]); 23.22 #endif 23.23 23.24 /*
24.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c Fri Aug 19 10:18:53 2005 +0000 24.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/fault.c Fri Aug 19 10:50:15 2005 +0000 24.3 @@ -250,7 +250,11 @@ static int vmalloc_fault(unsigned long a 24.4 happen within a race in page table update. In the later 24.5 case just flush. */ 24.6 24.7 - pgd = pgd_offset(current->mm ?: &init_mm, address); 24.8 + /* On Xen the line below does not always work. Needs investigating! */ 24.9 + /*pgd = pgd_offset(current->mm ?: &init_mm, address);*/ 24.10 + pgd = (pgd_t *)per_cpu(cur_pgd, smp_processor_id()); 24.11 + pgd += pgd_index(address); 24.12 + 24.13 pgd_ref = pgd_offset_k(address); 24.14 if (pgd_none(*pgd_ref)) 24.15 return -1;
25.1 --- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c Fri Aug 19 10:18:53 2005 +0000 25.2 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c Fri Aug 19 10:50:15 2005 +0000 25.3 @@ -40,6 +40,12 @@ 25.4 #include <asm/proto.h> 25.5 #include <asm/smp.h> 25.6 25.7 +extern unsigned long *contiguous_bitmap; 25.8 + 25.9 +#if defined(CONFIG_SWIOTLB) 25.10 +extern void swiotlb_init(void); 25.11 +#endif 25.12 + 25.13 #ifndef Dprintk 25.14 #define Dprintk(x...) 25.15 #endif 25.16 @@ -794,8 +800,12 @@ void __init mem_init(void) 25.17 int codesize, reservedpages, datasize, initsize; 25.18 int tmp; 25.19 25.20 + contiguous_bitmap = alloc_bootmem_low_pages( 25.21 + (end_pfn + 2*BITS_PER_LONG) >> 3); 25.22 + BUG_ON(!contiguous_bitmap); 25.23 + memset(contiguous_bitmap, 0, (end_pfn + 2*BITS_PER_LONG) >> 3); 25.24 + 25.25 #if defined(CONFIG_SWIOTLB) 25.26 - extern void swiotlb_init(void); 25.27 swiotlb_init(); 25.28 #endif 25.29
26.1 --- a/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c Fri Aug 19 10:18:53 2005 +0000 26.2 +++ b/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c Fri Aug 19 10:50:15 2005 +0000 26.3 @@ -213,9 +213,7 @@ static void balloon_process(void *unused 26.4 { 26.5 BUG_ON(HYPERVISOR_update_va_mapping( 26.6 (unsigned long)__va(pfn << PAGE_SHIFT), 26.7 - __pte_ma((mfn_list[i] << PAGE_SHIFT) | 26.8 - pgprot_val(PAGE_KERNEL)), 26.9 - 0)); 26.10 + pfn_pte_ma(mfn_list[i], PAGE_KERNEL), 0)); 26.11 } 26.12 26.13 /* Finally, relinquish the memory back to the system allocator. */
27.1 --- a/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c Fri Aug 19 10:18:53 2005 +0000 27.2 +++ b/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c Fri Aug 19 10:50:15 2005 +0000 27.3 @@ -406,21 +406,15 @@ static void dispatch_probe(blkif_t *blki 27.4 #endif 27.5 27.6 27.7 -#ifdef CONFIG_XEN_BLKDEV_TAP_BE 27.8 if ( HYPERVISOR_update_va_mapping_otherdomain( 27.9 MMAP_VADDR(pending_idx, 0), 27.10 - (pte_t) { (req->frame_and_sects[0] & PAGE_MASK) | __PAGE_KERNEL }, 27.11 + pfn_pte_ma(req->frame_and_sects[0] >> PAGE_SHIFT, PAGE_KERNEL), 27.12 +#ifdef CONFIG_XEN_BLKDEV_TAP_BE 27.13 0, (blkif->is_blktap ? ID_TO_DOM(req->id) : blkif->domid) ) ) 27.14 - 27.15 - goto out; 27.16 #else 27.17 - if ( HYPERVISOR_update_va_mapping_otherdomain( 27.18 - MMAP_VADDR(pending_idx, 0), 27.19 - (pte_t) { (req->frame_and_sects[0] & PAGE_MASK) | __PAGE_KERNEL }, 27.20 - 0, blkif->domid) ) 27.21 - 27.22 + 0, blkif->domid) ) 27.23 +#endif 27.24 goto out; 27.25 -#endif 27.26 #endif /* endif CONFIG_XEN_BLKDEV_GRANT */ 27.27 27.28 rsp = vbd_probe(blkif, (vdisk_t *)MMAP_VADDR(pending_idx, 0),
28.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c Fri Aug 19 10:18:53 2005 +0000 28.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c Fri Aug 19 10:50:15 2005 +0000 28.3 @@ -48,15 +48,7 @@ static const struct xenbus_device_id * 28.4 match_device(const struct xenbus_device_id *arr, struct xenbus_device *dev) 28.5 { 28.6 for (; !streq(arr->devicetype, ""); arr++) { 28.7 - if (!streq(arr->devicetype, dev->devicetype)) 28.8 - continue; 28.9 - 28.10 - /* If they don't care what subtype, it's a match. */ 28.11 - if (streq(arr->subtype, "")) 28.12 - return arr; 28.13 - 28.14 - /* If they care, device must have (same) subtype. */ 28.15 - if (dev->subtype && streq(arr->subtype, dev->subtype)) 28.16 + if (streq(arr->devicetype, dev->devicetype)) 28.17 return arr; 28.18 } 28.19 return NULL; 28.20 @@ -72,10 +64,102 @@ static int xenbus_match(struct device *_ 28.21 return match_device(drv->ids, to_xenbus_device(_dev)) != NULL; 28.22 } 28.23 28.24 +struct xen_bus_type 28.25 +{ 28.26 + char *root; 28.27 + unsigned int levels; 28.28 + int (*get_bus_id)(char bus_id[BUS_ID_SIZE], const char *nodename); 28.29 + int (*probe)(const char *type, const char *dir); 28.30 + struct bus_type bus; 28.31 + struct device dev; 28.32 +}; 28.33 + 28.34 +/* device/<type>/<id> => <type>-<id> */ 28.35 +static int frontend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename) 28.36 +{ 28.37 + nodename = strchr(nodename, '/'); 28.38 + if (!nodename || strlen(nodename + 1) >= BUS_ID_SIZE) { 28.39 + printk(KERN_WARNING "XENBUS: bad frontend %s\n", nodename); 28.40 + return -EINVAL; 28.41 + } 28.42 + 28.43 + strlcpy(bus_id, nodename + 1, BUS_ID_SIZE); 28.44 + if (!strchr(bus_id, '/')) { 28.45 + printk(KERN_WARNING "XENBUS: bus_id %s no slash\n", bus_id); 28.46 + return -EINVAL; 28.47 + } 28.48 + *strchr(bus_id, '/') = '-'; 28.49 + return 0; 28.50 +} 28.51 + 28.52 /* Bus type for frontend drivers. */ 28.53 -static struct bus_type xenbus_type = { 28.54 - .name = "xenbus", 28.55 - .match = xenbus_match, 28.56 +static int xenbus_probe_frontend(const char *type, const char *name); 28.57 +static struct xen_bus_type xenbus_frontend = { 28.58 + .root = "device", 28.59 + .levels = 2, /* device/type/<id> */ 28.60 + .get_bus_id = frontend_bus_id, 28.61 + .probe = xenbus_probe_frontend, 28.62 + .bus = { 28.63 + .name = "xen", 28.64 + .match = xenbus_match, 28.65 + }, 28.66 + .dev = { 28.67 + .bus_id = "xen", 28.68 + }, 28.69 +}; 28.70 + 28.71 +/* backend/<type>/<fe-uuid>/<id> => <type>-<fe-domid>-<id> */ 28.72 +static int backend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename) 28.73 +{ 28.74 + int domid, err; 28.75 + const char *devid, *type, *frontend; 28.76 + unsigned int typelen; 28.77 + 28.78 + type = strchr(nodename, '/'); 28.79 + if (!type) 28.80 + return -EINVAL; 28.81 + type++; 28.82 + typelen = strcspn(type, "/"); 28.83 + if (!typelen || type[typelen] != '/') 28.84 + return -EINVAL; 28.85 + 28.86 + devid = strrchr(nodename, '/') + 1; 28.87 + 28.88 + err = xenbus_gather(nodename, "frontend-id", "%i", &domid, 28.89 + "frontend", NULL, &frontend, 28.90 + NULL); 28.91 + if (err) 28.92 + return err; 28.93 + if (strlen(frontend) == 0) 28.94 + err = -ERANGE; 28.95 + 28.96 + if (!err && !xenbus_exists(frontend, "")) 28.97 + err = -ENOENT; 28.98 + 28.99 + if (err) { 28.100 + kfree(frontend); 28.101 + return err; 28.102 + } 28.103 + 28.104 + if (snprintf(bus_id, BUS_ID_SIZE, 28.105 + "%.*s-%i-%s", typelen, type, domid, devid) >= BUS_ID_SIZE) 28.106 + return -ENOSPC; 28.107 + return 0; 28.108 +} 28.109 + 28.110 +static int xenbus_probe_backend(const char *type, const char *uuid); 28.111 +static struct xen_bus_type xenbus_backend = { 28.112 + .root = "backend", 28.113 + .levels = 3, /* backend/type/<frontend>/<id> */ 28.114 + .get_bus_id = backend_bus_id, 28.115 + .probe = xenbus_probe_backend, 28.116 + .bus = { 28.117 + .name = "xen-backend", 28.118 + .match = xenbus_match, 28.119 + }, 28.120 + .dev = { 28.121 + .bus_id = "xen-backend", 28.122 + }, 28.123 }; 28.124 28.125 static int xenbus_dev_probe(struct device *_dev) 28.126 @@ -104,12 +188,13 @@ static int xenbus_dev_remove(struct devi 28.127 return drv->remove(dev); 28.128 } 28.129 28.130 -int xenbus_register_driver(struct xenbus_driver *drv) 28.131 +static int xenbus_register_driver(struct xenbus_driver *drv, 28.132 + struct xen_bus_type *bus) 28.133 { 28.134 int err; 28.135 28.136 drv->driver.name = drv->name; 28.137 - drv->driver.bus = &xenbus_type; 28.138 + drv->driver.bus = &bus->bus; 28.139 drv->driver.owner = drv->owner; 28.140 drv->driver.probe = xenbus_dev_probe; 28.141 drv->driver.remove = xenbus_dev_remove; 28.142 @@ -120,6 +205,16 @@ int xenbus_register_driver(struct xenbus 28.143 return err; 28.144 } 28.145 28.146 +int xenbus_register_device(struct xenbus_driver *drv) 28.147 +{ 28.148 + return xenbus_register_driver(drv, &xenbus_frontend); 28.149 +} 28.150 + 28.151 +int xenbus_register_backend(struct xenbus_driver *drv) 28.152 +{ 28.153 + return xenbus_register_driver(drv, &xenbus_backend); 28.154 +} 28.155 + 28.156 void xenbus_unregister_driver(struct xenbus_driver *drv) 28.157 { 28.158 down(&xenbus_lock); 28.159 @@ -130,52 +225,98 @@ void xenbus_unregister_driver(struct xen 28.160 struct xb_find_info 28.161 { 28.162 struct xenbus_device *dev; 28.163 - const char *busid; 28.164 + const char *nodename; 28.165 }; 28.166 28.167 static int cmp_dev(struct device *dev, void *data) 28.168 { 28.169 + struct xenbus_device *xendev = to_xenbus_device(dev); 28.170 struct xb_find_info *info = data; 28.171 28.172 - if (streq(dev->bus_id, info->busid)) { 28.173 - info->dev = container_of(get_device(dev), 28.174 - struct xenbus_device, dev); 28.175 + if (streq(xendev->nodename, info->nodename)) { 28.176 + info->dev = xendev; 28.177 + get_device(dev); 28.178 return 1; 28.179 } 28.180 return 0; 28.181 } 28.182 28.183 -/* FIXME: device_find is fixed in 2.6.13-rc2 according to Greg KH --RR */ 28.184 -struct xenbus_device *xenbus_device_find(const char *busid) 28.185 +struct xenbus_device *xenbus_device_find(const char *nodename, 28.186 + struct bus_type *bus) 28.187 { 28.188 - struct xb_find_info info = { .dev = NULL, .busid = busid }; 28.189 + struct xb_find_info info = { .dev = NULL, .nodename = nodename }; 28.190 28.191 - bus_for_each_dev(&xenbus_type, NULL, &info, cmp_dev); 28.192 + bus_for_each_dev(bus, NULL, &info, cmp_dev); 28.193 return info.dev; 28.194 } 28.195 28.196 +static int cleanup_dev(struct device *dev, void *data) 28.197 +{ 28.198 + struct xenbus_device *xendev = to_xenbus_device(dev); 28.199 + struct xb_find_info *info = data; 28.200 + int len = strlen(info->nodename); 28.201 + 28.202 + if (!strncmp(xendev->nodename, info->nodename, len)) { 28.203 + info->dev = xendev; 28.204 + get_device(dev); 28.205 + return 1; 28.206 + } 28.207 + return 0; 28.208 +} 28.209 + 28.210 +static void xenbus_cleanup_devices(const char *path, struct bus_type *bus) 28.211 +{ 28.212 + struct xb_find_info info = { .nodename = path }; 28.213 + 28.214 + do { 28.215 + info.dev = NULL; 28.216 + bus_for_each_dev(bus, NULL, &info, cleanup_dev); 28.217 + if (info.dev) { 28.218 + device_unregister(&info.dev->dev); 28.219 + put_device(&info.dev->dev); 28.220 + } 28.221 + } while (info.dev); 28.222 +} 28.223 28.224 static void xenbus_release_device(struct device *dev) 28.225 { 28.226 if (dev) { 28.227 struct xenbus_device *xendev = to_xenbus_device(dev); 28.228 28.229 - kfree(xendev->subtype); 28.230 kfree(xendev); 28.231 } 28.232 } 28.233 -/* devices/<typename>/<name> */ 28.234 -static int xenbus_probe_device(const char *dirpath, const char *devicetype, 28.235 - const char *name) 28.236 + 28.237 +/* Simplified asprintf. */ 28.238 +static char *kasprintf(const char *fmt, ...) 28.239 +{ 28.240 + va_list ap; 28.241 + unsigned int len; 28.242 + char *p, dummy[1]; 28.243 + 28.244 + va_start(ap, fmt); 28.245 + /* FIXME: vsnprintf has a bug, NULL should work */ 28.246 + len = vsnprintf(dummy, 0, fmt, ap); 28.247 + va_end(ap); 28.248 + 28.249 + p = kmalloc(len + 1, GFP_KERNEL); 28.250 + if (!p) 28.251 + return NULL; 28.252 + va_start(ap, fmt); 28.253 + vsprintf(p, fmt, ap); 28.254 + va_end(ap); 28.255 + return p; 28.256 +} 28.257 + 28.258 +static int xenbus_probe_node(struct xen_bus_type *bus, 28.259 + const char *type, 28.260 + const char *nodename) 28.261 { 28.262 int err; 28.263 struct xenbus_device *xendev; 28.264 unsigned int stringlen; 28.265 28.266 - /* Nodename: /device/<typename>/<name>/ */ 28.267 - stringlen = strlen(dirpath) + strlen(devicetype) + strlen(name) + 3; 28.268 - /* Typename */ 28.269 - stringlen += strlen(devicetype) + 1; 28.270 + stringlen = strlen(nodename) + 1 + strlen(type) + 1; 28.271 xendev = kmalloc(sizeof(*xendev) + stringlen, GFP_KERNEL); 28.272 if (!xendev) 28.273 return -ENOMEM; 28.274 @@ -183,38 +324,103 @@ static int xenbus_probe_device(const cha 28.275 28.276 /* Copy the strings into the extra space. */ 28.277 xendev->nodename = (char *)(xendev + 1); 28.278 - sprintf(xendev->nodename, "%s/%s/%s", dirpath, devicetype, name); 28.279 + strcpy(xendev->nodename, nodename); 28.280 xendev->devicetype = xendev->nodename + strlen(xendev->nodename) + 1; 28.281 - strcpy(xendev->devicetype, devicetype); 28.282 + strcpy(xendev->devicetype, type); 28.283 28.284 - /* FIXME: look for "subtype" field. */ 28.285 - snprintf(xendev->dev.bus_id, BUS_ID_SIZE, "%s-%s", devicetype, name); 28.286 - xendev->dev.bus = &xenbus_type; 28.287 + xendev->dev.parent = &bus->dev; 28.288 + xendev->dev.bus = &bus->bus; 28.289 xendev->dev.release = xenbus_release_device; 28.290 28.291 + err = bus->get_bus_id(xendev->dev.bus_id, xendev->nodename); 28.292 + if (err) { 28.293 + kfree(xendev); 28.294 + return err; 28.295 + } 28.296 + 28.297 /* Register with generic device framework. */ 28.298 err = device_register(&xendev->dev); 28.299 if (err) { 28.300 - printk("XENBUS: Registering device %s: error %i\n", 28.301 - xendev->dev.bus_id, err); 28.302 + printk("XENBUS: Registering %s device %s: error %i\n", 28.303 + bus->bus.name, xendev->dev.bus_id, err); 28.304 kfree(xendev); 28.305 } 28.306 return err; 28.307 } 28.308 28.309 -static int xenbus_probe_device_type(const char *dirpath, const char *typename) 28.310 +/* device/<typename>/<name> */ 28.311 +static int xenbus_probe_frontend(const char *type, const char *name) 28.312 +{ 28.313 + char *nodename; 28.314 + int err; 28.315 + 28.316 + nodename = kasprintf("%s/%s/%s", xenbus_frontend.root, type, name); 28.317 + if (!nodename) 28.318 + return -ENOMEM; 28.319 + 28.320 + err = xenbus_probe_node(&xenbus_frontend, type, nodename); 28.321 + kfree(nodename); 28.322 + return err; 28.323 +} 28.324 + 28.325 +/* backend/<typename>/<frontend-uuid>/<name> */ 28.326 +static int xenbus_probe_backend_unit(const char *dir, 28.327 + const char *type, 28.328 + const char *name) 28.329 +{ 28.330 + char *nodename; 28.331 + int err; 28.332 + 28.333 + nodename = kasprintf("%s/%s", dir, name); 28.334 + if (!nodename) 28.335 + return -ENOMEM; 28.336 + 28.337 + err = xenbus_probe_node(&xenbus_backend, type, nodename); 28.338 + kfree(nodename); 28.339 + return err; 28.340 +} 28.341 + 28.342 +/* backend/<typename>/<frontend-uuid> */ 28.343 +static int xenbus_probe_backend(const char *type, const char *uuid) 28.344 +{ 28.345 + char *nodename; 28.346 + int err = 0; 28.347 + char **dir; 28.348 + unsigned int i, dir_n = 0; 28.349 + 28.350 + nodename = kasprintf("%s/%s/%s", xenbus_backend.root, type, uuid); 28.351 + if (!nodename) 28.352 + return -ENOMEM; 28.353 + 28.354 + dir = xenbus_directory(nodename, "", &dir_n); 28.355 + if (IS_ERR(dir)) { 28.356 + kfree(nodename); 28.357 + return PTR_ERR(dir); 28.358 + } 28.359 + 28.360 + for (i = 0; i < dir_n; i++) { 28.361 + err = xenbus_probe_backend_unit(nodename, type, dir[i]); 28.362 + if (err) 28.363 + break; 28.364 + } 28.365 + kfree(dir); 28.366 + kfree(nodename); 28.367 + return err; 28.368 +} 28.369 + 28.370 +static int xenbus_probe_device_type(struct xen_bus_type *bus, const char *type) 28.371 { 28.372 int err = 0; 28.373 char **dir; 28.374 unsigned int dir_n = 0; 28.375 int i; 28.376 28.377 - dir = xenbus_directory(dirpath, typename, &dir_n); 28.378 + dir = xenbus_directory(bus->root, type, &dir_n); 28.379 if (IS_ERR(dir)) 28.380 return PTR_ERR(dir); 28.381 28.382 for (i = 0; i < dir_n; i++) { 28.383 - err = xenbus_probe_device(dirpath, typename, dir[i]); 28.384 + err = bus->probe(type, dir[i]); 28.385 if (err) 28.386 break; 28.387 } 28.388 @@ -222,18 +428,18 @@ static int xenbus_probe_device_type(cons 28.389 return err; 28.390 } 28.391 28.392 -static int xenbus_probe_devices(const char *path) 28.393 +static int xenbus_probe_devices(struct xen_bus_type *bus) 28.394 { 28.395 int err = 0; 28.396 char **dir; 28.397 unsigned int i, dir_n; 28.398 28.399 - dir = xenbus_directory(path, "", &dir_n); 28.400 + dir = xenbus_directory(bus->root, "", &dir_n); 28.401 if (IS_ERR(dir)) 28.402 return PTR_ERR(dir); 28.403 28.404 for (i = 0; i < dir_n; i++) { 28.405 - err = xenbus_probe_device_type(path, dir[i]); 28.406 + err = xenbus_probe_device_type(bus, dir[i]); 28.407 if (err) 28.408 break; 28.409 } 28.410 @@ -251,58 +457,111 @@ static unsigned int char_count(const cha 28.411 return ret; 28.412 } 28.413 28.414 -static void dev_changed(struct xenbus_watch *watch, const char *node) 28.415 +static int strsep_len(const char *str, char c, unsigned int len) 28.416 { 28.417 - char busid[BUS_ID_SIZE]; 28.418 - int exists; 28.419 - struct xenbus_device *dev; 28.420 - char *p; 28.421 + unsigned int i; 28.422 + 28.423 + for (i = 0; str[i]; i++) 28.424 + if (str[i] == c) { 28.425 + if (len == 0) 28.426 + return i; 28.427 + len--; 28.428 + } 28.429 + return (len == 0) ? i : -ERANGE; 28.430 +} 28.431 28.432 - /* Node is of form device/<type>/<identifier>[/...] */ 28.433 - if (char_count(node, '/') != 2) 28.434 - return; 28.435 +static void dev_changed(const char *node, struct xen_bus_type *bus) 28.436 +{ 28.437 + int exists, rootlen; 28.438 + struct xenbus_device *dev; 28.439 + char type[BUS_ID_SIZE]; 28.440 + const char *p, *root; 28.441 28.442 - /* Created or deleted? */ 28.443 - exists = xenbus_exists(node, ""); 28.444 + if (char_count(node, '/') < 2) 28.445 + return; 28.446 28.447 - p = strchr(node, '/') + 1; 28.448 - if (strlen(p) + 1 > BUS_ID_SIZE) { 28.449 - printk("Device for node %s is too big!\n", node); 28.450 + exists = xenbus_exists(node, ""); 28.451 + if (!exists) { 28.452 + xenbus_cleanup_devices(node, &bus->bus); 28.453 return; 28.454 } 28.455 - /* Bus ID is name with / changed to - */ 28.456 - strcpy(busid, p); 28.457 - *strchr(busid, '/') = '-'; 28.458 + 28.459 + /* backend/<type>/... or device/<type>/... */ 28.460 + p = strchr(node, '/') + 1; 28.461 + snprintf(type, BUS_ID_SIZE, "%.*s", strcspn(p, "/"), p); 28.462 + type[BUS_ID_SIZE-1] = '\0'; 28.463 + 28.464 + rootlen = strsep_len(node, '/', bus->levels); 28.465 + if (rootlen < 0) 28.466 + return; 28.467 + root = kasprintf("%.*s", rootlen, node); 28.468 + if (!root) 28.469 + return; 28.470 28.471 - dev = xenbus_device_find(busid); 28.472 - printk("xenbus: device %s %s\n", busid, dev ? "exists" : "new"); 28.473 - if (dev && !exists) { 28.474 - printk("xenbus: Unregistering device %s\n", busid); 28.475 - /* FIXME: free? */ 28.476 - device_unregister(&dev->dev); 28.477 - } else if (!dev && exists) { 28.478 - printk("xenbus: Adding device %s\n", busid); 28.479 - /* Hack bus id back into two strings. */ 28.480 - *strrchr(busid, '-') = '\0'; 28.481 - xenbus_probe_device("device", busid, busid+strlen(busid)+1); 28.482 - } else 28.483 - printk("xenbus: strange, %s already %s\n", busid, 28.484 - exists ? "exists" : "gone"); 28.485 - if (dev) 28.486 + dev = xenbus_device_find(root, &bus->bus); 28.487 + if (!dev) 28.488 + xenbus_probe_node(bus, type, root); 28.489 + else 28.490 put_device(&dev->dev); 28.491 + 28.492 + kfree(root); 28.493 +} 28.494 + 28.495 +static void frontend_changed(struct xenbus_watch *watch, const char *node) 28.496 +{ 28.497 + dev_changed(node, &xenbus_frontend); 28.498 +} 28.499 + 28.500 +static void backend_changed(struct xenbus_watch *watch, const char *node) 28.501 +{ 28.502 + dev_changed(node, &xenbus_backend); 28.503 } 28.504 28.505 /* We watch for devices appearing and vanishing. */ 28.506 -static struct xenbus_watch dev_watch = { 28.507 - /* FIXME: Ideally we'd only watch for changes 2 levels deep... */ 28.508 +static struct xenbus_watch fe_watch = { 28.509 .node = "device", 28.510 - .callback = dev_changed, 28.511 + .callback = frontend_changed, 28.512 +}; 28.513 + 28.514 +static struct xenbus_watch be_watch = { 28.515 + .node = "backend", 28.516 + .callback = backend_changed, 28.517 }; 28.518 28.519 +static int suspend_dev(struct device *dev, void *data) 28.520 +{ 28.521 + int err = 0; 28.522 + struct xenbus_driver *drv = to_xenbus_driver(dev->driver); 28.523 + struct xenbus_device *xdev 28.524 + = container_of(dev, struct xenbus_device, dev); 28.525 + 28.526 + if (drv->suspend) 28.527 + err = drv->suspend(xdev); 28.528 + if (err) 28.529 + printk("xenbus: suspend %s failed: %i\n", dev->bus_id, err); 28.530 + return 0; 28.531 +} 28.532 + 28.533 +static int resume_dev(struct device *dev, void *data) 28.534 +{ 28.535 + int err = 0; 28.536 + struct xenbus_driver *drv = to_xenbus_driver(dev->driver); 28.537 + struct xenbus_device *xdev 28.538 + = container_of(dev, struct xenbus_device, dev); 28.539 + 28.540 + if (drv->resume) 28.541 + err = drv->resume(xdev); 28.542 + if (err) 28.543 + printk("xenbus: resume %s failed: %i\n", dev->bus_id, err); 28.544 + return 0; 28.545 +} 28.546 + 28.547 void xenbus_suspend(void) 28.548 { 28.549 /* We keep lock, so no comms can happen as page moves. */ 28.550 down(&xenbus_lock); 28.551 + bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, suspend_dev); 28.552 + bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, suspend_dev); 28.553 xb_suspend_comms(); 28.554 } 28.555 28.556 @@ -310,6 +569,8 @@ void xenbus_resume(void) 28.557 { 28.558 xb_init_comms(); 28.559 reregister_xenbus_watches(); 28.560 + bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, resume_dev); 28.561 + bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, resume_dev); 28.562 up(&xenbus_lock); 28.563 } 28.564 28.565 @@ -354,30 +615,23 @@ int do_xenbus_probe(void *unused) 28.566 } 28.567 28.568 down(&xenbus_lock); 28.569 - err = notifier_call_chain(&xenstore_chain, 0, 0); 28.570 - up(&xenbus_lock); 28.571 - 28.572 - if (err == NOTIFY_BAD) { 28.573 - printk("%s: calling xenstore notify chain failed\n", 28.574 - __FUNCTION__); 28.575 - return -EINVAL; 28.576 - } 28.577 - 28.578 - err = 0; 28.579 - 28.580 - down(&xenbus_lock); 28.581 /* Enumerate devices in xenstore. */ 28.582 - xenbus_probe_devices("device"); 28.583 + xenbus_probe_devices(&xenbus_frontend); 28.584 + xenbus_probe_devices(&xenbus_backend); 28.585 /* Watch for changes. */ 28.586 - register_xenbus_watch(&dev_watch); 28.587 + register_xenbus_watch(&fe_watch); 28.588 + register_xenbus_watch(&be_watch); 28.589 up(&xenbus_lock); 28.590 return 0; 28.591 } 28.592 28.593 static int __init xenbus_probe_init(void) 28.594 { 28.595 - bus_register(&xenbus_type); 28.596 - 28.597 + bus_register(&xenbus_frontend.bus); 28.598 + bus_register(&xenbus_backend.bus); 28.599 + device_register(&xenbus_frontend.dev); 28.600 + device_register(&xenbus_backend.dev); 28.601 + 28.602 if (!xen_start_info.store_evtchn) 28.603 return 0; 28.604
29.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c Fri Aug 19 10:18:53 2005 +0000 29.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c Fri Aug 19 10:50:15 2005 +0000 29.3 @@ -187,6 +187,7 @@ static char *join(const char *dir, const 29.4 static char buffer[4096]; 29.5 29.6 BUG_ON(down_trylock(&xenbus_lock) == 0); 29.7 + /* XXX FIXME: might not be correct if name == "" */ 29.8 BUG_ON(strlen(dir) + strlen("/") + strlen(name) + 1 > sizeof(buffer)); 29.9 29.10 strcpy(buffer, dir); 29.11 @@ -399,9 +400,12 @@ int xenbus_gather(const char *dir, ...) 29.12 ret = PTR_ERR(p); 29.13 break; 29.14 } 29.15 - if (sscanf(p, fmt, result) == 0) 29.16 - ret = -EINVAL; 29.17 - kfree(p); 29.18 + if (fmt) { 29.19 + if (sscanf(p, fmt, result) == 0) 29.20 + ret = -EINVAL; 29.21 + kfree(p); 29.22 + } else 29.23 + *(char **)result = p; 29.24 } 29.25 va_end(ap); 29.26 return ret;
30.1 --- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h Fri Aug 19 10:18:53 2005 +0000 30.2 +++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/dma-mapping.h Fri Aug 19 10:50:15 2005 +0000 30.3 @@ -26,7 +26,9 @@ address_needs_mapping(struct device *hwd 30.4 static inline int 30.5 range_straddles_page_boundary(void *p, size_t size) 30.6 { 30.7 - return ((((unsigned long)p & ~PAGE_MASK) + size) > PAGE_SIZE); 30.8 + extern unsigned long *contiguous_bitmap; 30.9 + return (((((unsigned long)p & ~PAGE_MASK) + size) > PAGE_SIZE) && 30.10 + !test_bit(__pa(p) >> PAGE_SHIFT, contiguous_bitmap)); 30.11 } 30.12 30.13 #define dma_alloc_noncoherent(d, s, h, f) dma_alloc_coherent(d, s, h, f)
33.1 --- a/linux-2.6-xen-sparse/include/asm-xen/xenbus.h Fri Aug 19 10:18:53 2005 +0000 33.2 +++ b/linux-2.6-xen-sparse/include/asm-xen/xenbus.h Fri Aug 19 10:50:15 2005 +0000 33.3 @@ -37,7 +37,6 @@ 33.4 /* A xenbus device. */ 33.5 struct xenbus_device { 33.6 char *devicetype; 33.7 - char *subtype; 33.8 char *nodename; 33.9 struct device dev; 33.10 int has_error; 33.11 @@ -53,7 +52,6 @@ struct xenbus_device_id 33.12 { 33.13 /* .../device/<device_type>/<identifier> */ 33.14 char devicetype[32]; /* General class of device. */ 33.15 - char subtype[32]; /* Contents of "subtype" for this device */ 33.16 }; 33.17 33.18 /* A xenbus driver. */ 33.19 @@ -61,9 +59,11 @@ struct xenbus_driver { 33.20 char *name; 33.21 struct module *owner; 33.22 const struct xenbus_device_id *ids; 33.23 - int (*probe) (struct xenbus_device * dev, 33.24 - const struct xenbus_device_id * id); 33.25 - int (*remove) (struct xenbus_device * dev); 33.26 + int (*probe)(struct xenbus_device *dev, 33.27 + const struct xenbus_device_id *id); 33.28 + int (*remove)(struct xenbus_device *dev); 33.29 + int (*suspend)(struct xenbus_device *dev); 33.30 + int (*resume)(struct xenbus_device *dev); 33.31 struct device_driver driver; 33.32 }; 33.33 33.34 @@ -72,7 +72,8 @@ static inline struct xenbus_driver *to_x 33.35 return container_of(drv, struct xenbus_driver, driver); 33.36 } 33.37 33.38 -int xenbus_register_driver(struct xenbus_driver *drv); 33.39 +int xenbus_register_device(struct xenbus_driver *drv); 33.40 +int xenbus_register_backend(struct xenbus_driver *drv); 33.41 void xenbus_unregister_driver(struct xenbus_driver *drv); 33.42 33.43 /* Caller must hold this lock to call these functions: it's also held
34.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 34.2 +++ b/patches/linux-2.6.12/workaround_double_br_del_if.patch Fri Aug 19 10:50:15 2005 +0000 34.3 @@ -0,0 +1,11 @@ 34.4 +--- linux-2.6.12/net/bridge/br_if.c 2005-06-17 14:48:29.000000000 -0500 34.5 ++++ linux-2.6.12-xen0-smp/net/bridge/br_if.c 2005-08-18 15:17:27.302615846 -0500 34.6 +@@ -382,7 +382,7 @@ 34.7 + { 34.8 + struct net_bridge_port *p = dev->br_port; 34.9 + 34.10 +- if (!p || p->br != br) 34.11 ++ if (!p || p->br != br || p->state == BR_STATE_DISABLED) 34.12 + return -EINVAL; 34.13 + 34.14 + br_sysfs_removeif(p);
35.1 --- a/tools/examples/network-bridge Fri Aug 19 10:18:53 2005 +0000 35.2 +++ b/tools/examples/network-bridge Fri Aug 19 10:50:15 2005 +0000 35.3 @@ -51,7 +51,7 @@ for arg ; do export "${arg}" ; done 35.4 35.5 bridge=${bridge:-xen-br0} 35.6 netdev=${netdev:-eth0} 35.7 -antispoof=${antispoof:-yes} 35.8 +antispoof=${antispoof:-no} 35.9 35.10 echo "*network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof" >&2 35.11
36.1 --- a/tools/misc/policyprocessor/Makefile Fri Aug 19 10:18:53 2005 +0000 36.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 36.3 @@ -1,42 +0,0 @@ 36.4 -XEN_ROOT = ../../.. 36.5 -include $(XEN_ROOT)/tools/Rules.mk 36.6 - 36.7 -CFLAGS += -static 36.8 -CFLAGS += -Wall 36.9 -CFLAGS += -Werror 36.10 -CFLAGS += -O3 36.11 -CFLAGS += -fno-strict-aliasing 36.12 -CFLAGS += -I. 36.13 - 36.14 -all: build 36.15 - 36.16 -build: mk-symlinks 36.17 - $(MAKE) xml_to_bin 36.18 - 36.19 -default: all 36.20 - 36.21 -install: all 36.22 - 36.23 -xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java SecurityLabel.java myHandler.java 36.24 - javac XmlToBin.java 36.25 - 36.26 -make_include : c2j_include 36.27 - ./c2j_include 36.28 - 36.29 -c2j_include: c2j_include.c 36.30 - $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< 36.31 - 36.32 -clean: 36.33 - rm -rf *.class xen c2j_include policy_version.java *.bin 36.34 - 36.35 - 36.36 -LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse 36.37 -mk-symlinks: 36.38 - [ -e xen/linux ] || mkdir -p xen/linux 36.39 - [ -e xen/io ] || mkdir -p xen/io 36.40 - ( cd xen >/dev/null ; \ 36.41 - ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) 36.42 - ( cd xen/io >/dev/null ; \ 36.43 - ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) 36.44 - ( cd xen/linux >/dev/null ; \ 36.45 - ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
37.1 --- a/tools/misc/policyprocessor/SecurityLabel.java Fri Aug 19 10:18:53 2005 +0000 37.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 37.3 @@ -1,34 +0,0 @@ 37.4 -/** 37.5 - * (C) Copyright IBM Corp. 2005 37.6 - * 37.7 - * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $ 37.8 - * 37.9 - * Author: Ray Valdez 37.10 - * 37.11 - * This program is free software; you can redistribute it and/or 37.12 - * modify it under the terms of the GNU General Public License as 37.13 - * published by the Free Software Foundation, version 2 of the 37.14 - * License. 37.15 - * 37.16 - * SecurityLabel Class. 37.17 - * 37.18 - * <p> 37.19 - * 37.20 - * Keeps track of types. 37.21 - * 37.22 - * <p> 37.23 - * 37.24 - * 37.25 - */ 37.26 -import java.util.*; 37.27 -public class SecurityLabel 37.28 -{ 37.29 - Vector ids; 37.30 - Vector vlans; 37.31 - Vector slots; 37.32 - Vector steTypes; 37.33 - int steSsidPosition; 37.34 - Vector chwIDs; 37.35 - Vector chwTypes; 37.36 - int chwSsidPosition; 37.37 -}
38.1 --- a/tools/misc/policyprocessor/SecurityPolicySpec.xsd Fri Aug 19 10:18:53 2005 +0000 38.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 38.3 @@ -1,115 +0,0 @@ 38.4 -<?xml version="1.0" encoding="UTF-8"?> 38.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com --> 38.6 -<!-- xml schema definition for xen xml policies --> 38.7 -<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" 38.8 -targetNamespace="http://www.ibm.com" 38.9 -xmlns="http://www.ibm.com" 38.10 -elementFormDefault="qualified"> 38.11 - 38.12 -<xsd:element name="TE" type="xsd:string" /> 38.13 -<xsd:element name="ChWall" type="xsd:string" /> 38.14 - 38.15 -<xsd:element name="Definition"> 38.16 - <xsd:complexType> 38.17 - <xsd:sequence> 38.18 - 38.19 - <!-- simple type enforcement --> 38.20 - <xsd:element name="Types" minOccurs ="0" maxOccurs="1"> 38.21 - <xsd:complexType> 38.22 - <xsd:sequence> 38.23 - <xsd:element ref="TE" minOccurs ="1" maxOccurs ="unbounded"/> 38.24 - </xsd:sequence> 38.25 - </xsd:complexType> 38.26 - </xsd:element> 38.27 - 38.28 - <!-- chinese wall --> 38.29 - <!-- type definition --> 38.30 - <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1"> 38.31 - <xsd:complexType> 38.32 - <xsd:sequence> 38.33 - <xsd:element ref="ChWall" minOccurs ="1" maxOccurs ="unbounded"/> 38.34 - 38.35 - </xsd:sequence> 38.36 - </xsd:complexType> 38.37 - </xsd:element> 38.38 - 38.39 - <!-- conflict set --> 38.40 - <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded"> 38.41 - <xsd:complexType> 38.42 - <xsd:sequence> 38.43 - <xsd:element ref="ChWall" minOccurs ="2" maxOccurs ="unbounded"/> 38.44 - </xsd:sequence> 38.45 - </xsd:complexType> 38.46 - </xsd:element> 38.47 - 38.48 - </xsd:sequence> 38.49 - </xsd:complexType> 38.50 -</xsd:element> 38.51 - 38.52 -<xsd:element name="Policy"> 38.53 - <xsd:complexType> 38.54 - <xsd:sequence> 38.55 - 38.56 - <xsd:element name="PolicyHeader"> 38.57 - <xsd:complexType> 38.58 - <xsd:all> 38.59 - <xsd:element name = "Name" type="xsd:string"/> 38.60 - <xsd:element name = "DateTime" type="xsd:dateTime"/> 38.61 - <xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" type="xsd:string"/> 38.62 - <xsd:element name = "TypeDefinition"> 38.63 - <xsd:complexType> 38.64 - <xsd:all> 38.65 - <xsd:element name = "url" type="xsd:string"/> 38.66 - <xsd:element name = "hash" minOccurs ="0" maxOccurs ="1" type="xsd:string"/> 38.67 - </xsd:all> 38.68 - </xsd:complexType> 38.69 - </xsd:element> 38.70 - 38.71 - </xsd:all> 38.72 - </xsd:complexType> 38.73 - </xsd:element> 38.74 - 38.75 - <xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded"> 38.76 - <xsd:complexType> 38.77 - <xsd:sequence> 38.78 - <xsd:element name="id" type="xsd:integer"/> 38.79 - <xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" /> 38.80 - <xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/> 38.81 - </xsd:sequence> 38.82 - </xsd:complexType> 38.83 - </xsd:element> 38.84 - 38.85 - <xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded"> 38.86 - <xsd:complexType> 38.87 - <xsd:sequence> 38.88 - <xsd:element name="vid" type="xsd:integer"/> 38.89 - <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" /> 38.90 - </xsd:sequence> 38.91 - </xsd:complexType> 38.92 - </xsd:element> 38.93 - 38.94 - <xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded"> 38.95 - <xsd:complexType> 38.96 - <xsd:sequence> 38.97 - <xsd:element name="bus" type="xsd:integer"/> 38.98 - <xsd:element name="slot" type="xsd:integer"/> 38.99 - <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" /> 38.100 - </xsd:sequence> 38.101 - </xsd:complexType> 38.102 - </xsd:element> 38.103 - 38.104 - 38.105 - </xsd:sequence> 38.106 - </xsd:complexType> 38.107 -</xsd:element> 38.108 - 38.109 -<!-- root element --> 38.110 -<xsd:element name="SecurityPolicySpec"> 38.111 - <xsd:complexType> 38.112 - <xsd:choice> 38.113 - <xsd:element ref="Definition" minOccurs ="1" maxOccurs="unbounded"/> 38.114 - <xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/> 38.115 - </xsd:choice> 38.116 - </xsd:complexType> 38.117 -</xsd:element> 38.118 -</xsd:schema>
39.1 --- a/tools/misc/policyprocessor/SsidsEntry.java Fri Aug 19 10:18:53 2005 +0000 39.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 39.3 @@ -1,29 +0,0 @@ 39.4 -/** 39.5 - * (C) Copyright IBM Corp. 2005 39.6 - * 39.7 - * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $ 39.8 - * 39.9 - * Author: Ray Valdez 39.10 - * 39.11 - * This program is free software; you can redistribute it and/or 39.12 - * modify it under the terms of the GNU General Public License as 39.13 - * published by the Free Software Foundation, version 2 of the 39.14 - * License. 39.15 - * 39.16 - * SsidsEntry Class. 39.17 - * <p> 39.18 - * 39.19 - * Holds ssid information. 39.20 - * 39.21 - * <p> 39.22 - * 39.23 - * 39.24 - */ 39.25 -public class SsidsEntry 39.26 - { 39.27 - int id; /* used for partition and vlan */ 39.28 - int bus; /* used for slots */ 39.29 - int slot; 39.30 - int ste = 0xffffffff; 39.31 - int chw = 0xffffffff; 39.32 - }
40.1 --- a/tools/misc/policyprocessor/XmlToBin.java Fri Aug 19 10:18:53 2005 +0000 40.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 40.3 @@ -1,1570 +0,0 @@ 40.4 -/** 40.5 - * (C) Copyright IBM Corp. 2005 40.6 - * 40.7 - * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $ 40.8 - * 40.9 - * Author: Ray Valdez 40.10 - * 40.11 - * Contributors: 40.12 - * Reiner Sailer - adjust type-lengths 40.13 - * 40.14 - * This program is free software; you can redistribute it and/or 40.15 - * modify it under the terms of the GNU General Public License as 40.16 - * published by the Free Software Foundation, version 2 of the 40.17 - * License. 40.18 - * 40.19 - * XmlToBin Class. 40.20 - * <p> 40.21 - * 40.22 - * Translates a xml representation of a SHYPE policy into a binary 40.23 - * format. The class processes an xml policy file based on elment tags 40.24 - * defined in a schema definition files: SecurityPolicySpec.xsd. 40.25 - * 40.26 - * XmlToBin Command line Options: 40.27 - * 40.28 - * -i inputFile: name of policyfile (.xml) 40.29 - * -o outputFile: name of binary policy file (Big Endian) 40.30 - * -xssid SsidFile: xen ssids to types text file 40.31 - * -xssidconf SsidConf: xen conflict ssids to types text file 40.32 - * -debug turn on debug messages 40.33 - * -help help. This printout 40.34 - * 40.35 - * <p> 40.36 - * 40.37 - * 40.38 - */ 40.39 -import java.util.*; 40.40 -import java.io.*; 40.41 -import java.io.IOException; 40.42 -import java.io.FileNotFoundException; 40.43 -import org.w3c.dom.Document; 40.44 -import org.w3c.dom.Element; 40.45 -import org.w3c.dom.Node; 40.46 -import org.w3c.dom.Attr; 40.47 -import org.w3c.dom.NodeList; 40.48 -import org.w3c.dom.NamedNodeMap; 40.49 -import org.xml.sax.*; 40.50 -import javax.xml.parsers.*; 40.51 -import org.xml.sax.helpers.*; 40.52 - 40.53 -public class XmlToBin 40.54 - implements XmlToBinInterface 40.55 -{ 40.56 - class SlotInfo { 40.57 - String bus; 40.58 - String slot; 40.59 - } 40.60 - 40.61 - boolean LittleEndian = false; 40.62 - boolean debug = false; 40.63 - 40.64 - static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 40.65 - 40.66 - static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema"; 40.67 - 40.68 - public static void printUsage() 40.69 - { 40.70 - System.out.println("XmlToBin Command line Options: "); 40.71 - System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)"); 40.72 - System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big Endian)"); 40.73 - System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text file"); 40.74 - System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named types text file"); 40.75 - System.out.println("\t-debug\t\t\t\tturn on debug messages"); 40.76 - System.out.println("\t-help\t\t\t\thelp. This printout"); 40.77 - return; 40.78 - } 40.79 - 40.80 - public void printDebug(String message) 40.81 - { 40.82 - if (debug) 40.83 - System.out.println(message); 40.84 - } 40.85 - 40.86 - public void writeBinPolicy(byte[] binPolicy, String outputFileName) 40.87 - throws Exception 40.88 - { 40.89 - if (debug) 40.90 - printHex(binPolicy,binPolicy.length); 40.91 - 40.92 - DataOutputStream writeObj = new DataOutputStream( 40.93 - new FileOutputStream(outputFileName)); 40.94 - 40.95 - writeObj.write(binPolicy); 40.96 - writeObj.flush(); 40.97 - writeObj.close(); 40.98 - System.out.println(" wBP:: wrote outputfile: " + outputFileName); 40.99 - 40.100 - return; 40.101 - } 40.102 - 40.103 - public void writeXenTypeVectorFile(Vector list, String outputFileName) 40.104 - throws Exception 40.105 - { 40.106 - PrintWriter out; 40.107 - 40.108 - if (0 == list.size()) 40.109 - { 40.110 - printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 40.111 - return; 40.112 - } 40.113 - out = new PrintWriter( 40.114 - new BufferedWriter( 40.115 - new FileWriter(outputFileName))); 40.116 - 40.117 - 40.118 - for (int i = 0; i < list.size(); i++) 40.119 - { 40.120 - Vector ee = (Vector) list.elementAt(i); 40.121 - out.println(i + " " +ee.toString()); 40.122 - } 40.123 - out.close(); 40.124 - 40.125 - return; 40.126 - } 40.127 - 40.128 - public void writeXenTypeFile(Vector list, String outputFileName, boolean slabel) 40.129 - throws Exception 40.130 - { 40.131 - Vector entry; 40.132 - String strTypes = ""; 40.133 - SecurityLabel ee; 40.134 - PrintWriter out; 40.135 - 40.136 - if (0 == list.size()) 40.137 - { 40.138 - printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 40.139 - return; 40.140 - } 40.141 - out = new PrintWriter( 40.142 - new BufferedWriter( 40.143 - new FileWriter(outputFileName))); 40.144 - 40.145 - for (int i = 0; i < list.size(); i++) 40.146 - { 40.147 - ee = (SecurityLabel) list.elementAt(i); 40.148 - 40.149 - if (slabel) 40.150 - { 40.151 - entry = ee.steTypes; 40.152 - } else { 40.153 - 40.154 - entry = ee.chwTypes; 40.155 - } 40.156 - if (null == entry) continue; 40.157 - 40.158 - Enumeration e = entry.elements(); 40.159 - while (e.hasMoreElements()) 40.160 - { 40.161 - String typeName = (String) e.nextElement(); 40.162 - strTypes = strTypes + " " + typeName; 40.163 - } 40.164 - printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 40.165 - out.println(i +" "+strTypes); 40.166 - strTypes = ""; 40.167 - } 40.168 - out.close(); 40.169 - 40.170 - return; 40.171 - } 40.172 - 40.173 - public void setDebug(boolean value) 40.174 - { 40.175 - debug=value; 40.176 - } 40.177 - 40.178 - public void setEndian(boolean value) 40.179 - { 40.180 - LittleEndian = value; 40.181 - } 40.182 - 40.183 - public byte[] generateVlanSsids(Vector bagOfSsids) 40.184 - throws Exception 40.185 - { 40.186 - /** 40.187 - typedef struct { 40.188 - u16 vlan; 40.189 - u16 ssid_ste; 40.190 - } acm_vlan_entry_t; 40.191 - **/ 40.192 - 40.193 - Hashtable vlanSsid = new Hashtable(); 40.194 - printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size()); 40.195 - 40.196 - /* Get the number of partitions */ 40.197 - for (int i = 0; i < bagOfSsids.size(); i++) 40.198 - { 40.199 - SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i); 40.200 - 40.201 - if (null == entry.vlans) 40.202 - continue; 40.203 - 40.204 - Enumeration e = entry.vlans.elements(); 40.205 - while (e.hasMoreElements()) 40.206 - { 40.207 - String id = (String) e.nextElement(); 40.208 - printDebug(" gVS:: vlan: " + id + "has ste ssid: " + entry.steSsidPosition); 40.209 - if (-1 == entry.steSsidPosition) 40.210 - continue; 40.211 - 40.212 - /* Only use ste for vlan */ 40.213 - SsidsEntry ssidsObj = new SsidsEntry(); 40.214 - 40.215 - ssidsObj.id = Integer.parseInt(id); 40.216 - ssidsObj.ste = entry.steSsidPosition; 40.217 - 40.218 - if (vlanSsid.contains(id)) 40.219 - printDebug(" gVS:: Error already in the Hash part:" + ssidsObj.id); 40.220 - else 40.221 - vlanSsid.put(id, ssidsObj); 40.222 - printDebug(" gVS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition); 40.223 - } 40.224 - } 40.225 - 40.226 - /* allocate array */ 40.227 - int numOfVlan = vlanSsid.size(); 40.228 - int totalSize = (numOfVlan * vlanEntrySz); 40.229 - 40.230 - if (0 == numOfVlan) 40.231 - { 40.232 - printDebug(" gVS:: vlan: binary ==> zero"); 40.233 - return new byte[0]; 40.234 - } 40.235 - 40.236 - byte[] vlanArray = new byte[totalSize]; 40.237 - 40.238 - int index = 0; 40.239 - 40.240 - Enumeration e = vlanSsid.elements(); 40.241 - while (e.hasMoreElements()) 40.242 - { 40.243 - SsidsEntry entry = (SsidsEntry) e.nextElement(); 40.244 - printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste); 40.245 - 40.246 - /* Write id */ 40.247 - writeShortToStream(vlanArray,(short)entry.id,index); 40.248 - index = index + u16Size; 40.249 - 40.250 - /* write ste ssid */ 40.251 - writeShortToStream(vlanArray,(short) entry.ste,index); 40.252 - index = index + u16Size; 40.253 - } 40.254 - 40.255 - printDebug(" gVS:: vlan: num of vlans " + numOfVlan); 40.256 - printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length); 40.257 - 40.258 - if (debug) 40.259 - printHex(vlanArray,vlanArray.length); 40.260 - printDebug("\n"); 40.261 - 40.262 - return vlanArray; 40.263 - } 40.264 - 40.265 - public byte[] generateSlotSsids(Vector bagOfSsids) 40.266 - throws Exception 40.267 - { 40.268 - /** 40.269 - typedef struct { 40.270 - u16 slot_max; 40.271 - u16 slot_offset; 40.272 - } acm_slot_buffer_t; 40.273 - 40.274 - typedef struct { 40.275 - u16 bus; 40.276 - u16 slot; 40.277 - u16 ssid_ste; 40.278 - } acm_slot_entry_t; 40.279 - **/ 40.280 - Hashtable slotSsid = new Hashtable(); 40.281 - printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size()); 40.282 - 40.283 - /* Find the number of VMs */ 40.284 - for (int i = 0; i < bagOfSsids.size(); i++) 40.285 - { 40.286 - SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i); 40.287 - 40.288 - if (null == entry.slots) 40.289 - continue; 40.290 - 40.291 - Enumeration e = entry.slots.elements(); 40.292 - while (e.hasMoreElements()) 40.293 - { 40.294 - SlotInfo item = (SlotInfo) e.nextElement(); 40.295 - printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " + entry.steSsidPosition); 40.296 - if (-1 == entry.steSsidPosition) 40.297 - continue; 40.298 - 40.299 - SsidsEntry ssidsObj = new SsidsEntry(); 40.300 - 40.301 - String id = item.bus +" "+item.slot; 40.302 - ssidsObj.bus = Integer.parseInt(item.bus); 40.303 - ssidsObj.slot = Integer.parseInt(item.slot); 40.304 - /* set ste ssid */ 40.305 - ssidsObj.ste = entry.steSsidPosition; 40.306 - 40.307 - if (slotSsid.contains(id)) 40.308 - printDebug(" gSS:: Error already in the Hash part:" + id); 40.309 - else 40.310 - slotSsid.put(id, ssidsObj); 40.311 - 40.312 - printDebug(" gSS:: added slot: " + id + "has ste ssid: " + entry.steSsidPosition); 40.313 - } 40.314 - } 40.315 - 40.316 - /* allocate array */ 40.317 - int numOfSlot = slotSsid.size(); 40.318 - 40.319 - if (0 == numOfSlot) 40.320 - { 40.321 - printDebug(" gVS:: slot: binary ==> zero"); 40.322 - return new byte[0]; 40.323 - } 40.324 - 40.325 - int totalSize = (numOfSlot * slotEntrySz); 40.326 - 40.327 - byte[] slotArray = new byte[totalSize]; 40.328 - 40.329 - int index = 0; 40.330 - 40.331 - Enumeration e = slotSsid.elements(); 40.332 - while (e.hasMoreElements()) 40.333 - { 40.334 - SsidsEntry entry = (SsidsEntry) e.nextElement(); 40.335 - System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + " ste ssid: " + entry.ste); 40.336 - 40.337 - /* Write bus */ 40.338 - writeShortToStream(slotArray,(short)entry.bus,index); 40.339 - index = index + u16Size; 40.340 - 40.341 - /* Write slot */ 40.342 - writeShortToStream(slotArray,(short)entry.slot,index); 40.343 - index = index + u16Size; 40.344 - 40.345 - /* Write ste ssid */ 40.346 - writeShortToStream(slotArray,(short) entry.ste,index); 40.347 - index = index + u16Size; 40.348 - 40.349 - } 40.350 - 40.351 - printDebug(" gSS:: slot: num of vlans " + numOfSlot); 40.352 - printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length); 40.353 - 40.354 - if (debug) 40.355 - printHex(slotArray,slotArray.length); 40.356 - printDebug("\n"); 40.357 - 40.358 - return slotArray; 40.359 - 40.360 - } 40.361 - 40.362 - public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids) 40.363 - throws Exception 40.364 - { 40.365 - /** 40.366 - typedef struct { 40.367 - u16 id; 40.368 - u16 ssid_ste; 40.369 - u16 ssid_chwall; 40.370 - } acm_partition_entry_t; 40.371 - 40.372 - **/ 40.373 - Hashtable partSsid = new Hashtable(); 40.374 - printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size()); 40.375 - 40.376 - /* Find the number of VMs */ 40.377 - for (int i = 0; i < bagOfSsids.size(); i++) 40.378 - { 40.379 - SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i); 40.380 - 40.381 - if (null == entry.ids) 40.382 - continue; 40.383 - 40.384 - Enumeration e = entry.ids.elements(); 40.385 - while (e.hasMoreElements()) 40.386 - { 40.387 - String id = (String) e.nextElement(); 40.388 - printDebug(" gPS:: part: " + id + "has ste ssid: " + entry.steSsidPosition); 40.389 - if (-1 == entry.steSsidPosition) 40.390 - continue; 40.391 - 40.392 - SsidsEntry ssidsObj = new SsidsEntry(); 40.393 - 40.394 - ssidsObj.id = Integer.parseInt(id); 40.395 - ssidsObj.ste = entry.steSsidPosition; 40.396 - 40.397 - if (partSsid.contains(id)) 40.398 - printDebug(" gPS:: Error already in the Hash part:" + ssidsObj.id); 40.399 - else 40.400 - partSsid.put(id, ssidsObj); 40.401 - printDebug(" gPS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition); 40.402 - } 40.403 - 40.404 - } 40.405 - 40.406 - for (int i = 0; i < bagOfChwSsids.size(); i++) 40.407 - { 40.408 - SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i); 40.409 - 40.410 - Enumeration e = entry.chwIDs.elements(); 40.411 - while (e.hasMoreElements()) 40.412 - { 40.413 - String id = (String) e.nextElement(); 40.414 - printDebug(" gPS:: part: " + id + "has chw ssid: " + entry.chwSsidPosition); 40.415 - if (partSsid.containsKey(id)) 40.416 - { 40.417 - SsidsEntry item = (SsidsEntry) partSsid.get(id); 40.418 - item.chw = entry.chwSsidPosition; 40.419 - printDebug(" gPS:: added :" + item.id +" chw: " + item.chw); 40.420 - } 40.421 - else 40.422 - { 40.423 - printDebug(" gPS:: creating :" + id +" chw: " + entry.chwSsidPosition); 40.424 - SsidsEntry ssidsObj = new SsidsEntry(); 40.425 - ssidsObj.id = Integer.parseInt(id); 40.426 - ssidsObj.chw = entry.chwSsidPosition; 40.427 - partSsid.put(id, ssidsObj); 40.428 - 40.429 - } 40.430 - } 40.431 - } 40.432 - 40.433 - /* Allocate array */ 40.434 - int numOfPar = partSsid.size(); 40.435 - int totalSize = (numOfPar * partitionEntrySz); 40.436 - 40.437 - if (0 == numOfPar) 40.438 - { 40.439 - printDebug(" gPS:: part: binary ==> zero"); 40.440 - return new byte[0]; 40.441 - } 40.442 - 40.443 - byte[] partArray = new byte[totalSize]; 40.444 - 40.445 - int index = 0; 40.446 - 40.447 - Enumeration e = partSsid.elements(); 40.448 - while (e.hasMoreElements()) 40.449 - { 40.450 - SsidsEntry entry = (SsidsEntry) e.nextElement(); 40.451 - printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " chw ssid: "+ entry.chw); 40.452 - 40.453 - /* Write id */ 40.454 - writeShortToStream(partArray,(short)entry.id,index); 40.455 - index = index + u16Size; 40.456 - 40.457 - /* Write ste ssid */ 40.458 - writeShortToStream(partArray,(short) entry.ste,index); 40.459 - index = index + u16Size; 40.460 - 40.461 - /* Write chw ssid */ 40.462 - writeShortToStream(partArray,(short) entry.chw,index); 40.463 - index = index + u16Size; 40.464 - } 40.465 - 40.466 - printDebug(" gPS:: part: num of partitions " + numOfPar); 40.467 - printDebug(" gPS:: part: binary ==> Length " + partArray.length); 40.468 - 40.469 - if (debug) 40.470 - printHex(partArray,partArray.length); 40.471 - printDebug("\n"); 40.472 - 40.473 - return partArray; 40.474 - } 40.475 - 40.476 - public byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte [] partMap, byte[] vlanMap, byte[] slotMap) 40.477 - { 40.478 - byte[] binBuffer; 40.479 - short chwSize =0; 40.480 - short steSize =0; 40.481 - int index = 0; 40.482 - 40.483 - /* Builds data structure acm_policy_buffer_t */ 40.484 - /* Get number of colorTypes */ 40.485 - if (null != chwPolicy) 40.486 - chwSize = (short) chwPolicy.length; 40.487 - 40.488 - if (null != stePolicy) 40.489 - steSize = (short) stePolicy.length; 40.490 - 40.491 - int totalDataSize = chwSize + steSize + resourceOffsetSz + 3 *(2 * u16Size); 40.492 - 40.493 - /* Add vlan and slot */ 40.494 - totalDataSize = totalDataSize +partMap.length + vlanMap.length + slotMap.length; 40.495 - binBuffer = new byte[binaryBufferHeaderSz +totalDataSize]; 40.496 - 40.497 - 40.498 - try { 40.499 - index = 0; 40.500 - /* fill in General Policy Version */ 40.501 - writeIntToStream(binBuffer, ACM_POLICY_VERSION, index); 40.502 - index += u32Size; 40.503 - 40.504 - /* Write magic */ 40.505 - writeIntToStream(binBuffer, ACM_MAGIC, index); 40.506 - index += u32Size; 40.507 - 40.508 - /* write len */ 40.509 - writeIntToStream(binBuffer, binBuffer.length, index); 40.510 - index += u32Size; 40.511 - 40.512 - } catch (IOException ee) { 40.513 - System.out.println(" GBPB:: got exception : " + ee); 40.514 - return null; 40.515 - } 40.516 - 40.517 - int offset, address; 40.518 - address = index; 40.519 - 40.520 - if (null != partMap) 40.521 - offset = binaryBufferHeaderSz + resourceOffsetSz; 40.522 - else 40.523 - offset = binaryBufferHeaderSz; 40.524 - 40.525 - try { 40.526 - int skip = 0; 40.527 - 40.528 - /* init with NULL policy setting */ 40.529 - writeIntToStream(binBuffer, ACM_NULL_POLICY, index); 40.530 - writeIntToStream(binBuffer, 0, index + u32Size); 40.531 - writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size); 40.532 - writeIntToStream(binBuffer, 0, index + 3*u32Size); 40.533 - 40.534 - index = address; 40.535 - if (null != chwPolicy) { 40.536 - 40.537 - /* Write policy name */ 40.538 - writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index); 40.539 - index += u32Size; 40.540 - 40.541 - /* Write offset */ 40.542 - writeIntToStream(binBuffer, offset, index); 40.543 - index += u32Size; 40.544 - 40.545 - /* Write payload. No need increment index */ 40.546 - address = offset; 40.547 - System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length); 40.548 - address = address + chwPolicy.length; 40.549 - } else 40.550 - skip += 2*u32Size; 40.551 - 40.552 - if (null != stePolicy) 40.553 - { 40.554 - /* Write policy name */ 40.555 - writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index); 40.556 - index += u32Size; 40.557 - 40.558 - /* Write offset */ 40.559 - writeIntToStream(binBuffer, address, index); 40.560 - index += u32Size; 40.561 - 40.562 - /* Copy array */ 40.563 - System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); 40.564 - /* Update address */ 40.565 - address = address + stePolicy.length; 40.566 - } else 40.567 - skip += 2*u32Size; 40.568 - 40.569 - /* Skip writing policy name and offset for each null policy*/ 40.570 - index += skip; 40.571 - 40.572 - int size; 40.573 - /* Assumes that you will always have a partition defined in policy */ 40.574 - if ( 0 < partMap.length) { 40.575 - writeIntToStream(binBuffer, address, index); 40.576 - index = address; 40.577 - 40.578 - /* Compute num of VMs */ 40.579 - size = partMap.length / (3 * u16Size); 40.580 - 40.581 - writeShortToStream(binBuffer, (short)size,index); 40.582 - index = index + u16Size; 40.583 - 40.584 - /* part, vlan and slot: each one consists of two entries */ 40.585 - offset = 3 * (2 * u16Size); 40.586 - writeShortToStream(binBuffer, (short) offset,index); 40.587 - 40.588 - /* Write partition array at offset */ 40.589 - System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length); 40.590 - index = index + u16Size; 40.591 - offset = offset + partMap.length; 40.592 - } 40.593 - 40.594 - if ( 0 < vlanMap.length) { 40.595 - size = vlanMap.length / (2 * u16Size); 40.596 - writeShortToStream(binBuffer, (short) size,index); 40.597 - index = index + u16Size; 40.598 - 40.599 - writeShortToStream(binBuffer, (short) offset,index); 40.600 - index = index + u16Size; 40.601 - System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length); 40.602 - } else { 40.603 - /* Write vlan max */ 40.604 - writeShortToStream(binBuffer, (short) 0,index); 40.605 - index = index + u16Size; 40.606 - 40.607 - /* Write vlan offset */ 40.608 - writeShortToStream(binBuffer, (short) 0,index); 40.609 - index = index + u16Size; 40.610 - } 40.611 - 40.612 - offset = offset + vlanMap.length; 40.613 - if ( 0 < slotMap.length) { 40.614 - size = slotMap.length / (3 * u16Size); 40.615 - writeShortToStream(binBuffer, (short) size,index); 40.616 - index = index + u16Size; 40.617 - 40.618 - writeShortToStream(binBuffer, (short) offset,index); 40.619 - index = index + u16Size; 40.620 - System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length); 40.621 - } 40.622 - } catch (IOException ee) { 40.623 - System.out.println(" GBPB:: got exception : " + ee); 40.624 - return null; 40.625 - } 40.626 - 40.627 - printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); 40.628 - if (debug) 40.629 - printHex(binBuffer,binBuffer.length); 40.630 - 40.631 - return binBuffer; 40.632 - } 40.633 - 40.634 - public byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes) 40.635 - { 40.636 - byte[] chwBuffer; 40.637 - int index = 0; 40.638 - int position = 0; 40.639 - 40.640 - /* Get number of rTypes */ 40.641 - int maxTypes = ColorTypes.size(); 40.642 - 40.643 - /* Get number of SSids entry */ 40.644 - int maxSsids = Ssids.size(); 40.645 - 40.646 - /* Get number of conflict sets */ 40.647 - int maxConflict = ConflictSsids.size(); 40.648 - 40.649 - 40.650 - if (maxTypes * maxSsids == 0) 40.651 - return null; 40.652 - /* 40.653 - data structure acm_chwall_policy_buffer 40.654 - se XmlToBinInterface.java 40.655 - */ 40.656 - int totalBytes = chwHeaderSize + u16Size *(maxTypes * (maxSsids + maxConflict)); 40.657 - 40.658 - chwBuffer = new byte[ totalBytes ]; 40.659 - int address = chwHeaderSize + (u16Size * maxTypes * maxSsids ); 40.660 - 40.661 - printDebug(" gCB:: chwall totalbytes : "+totalBytes); 40.662 - 40.663 - try { 40.664 - index = 0; 40.665 - /* fill in General Policy Version */ 40.666 - writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index); 40.667 - index += u32Size; 40.668 - 40.669 - writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index); 40.670 - index += u32Size; 40.671 - 40.672 - writeIntToStream(chwBuffer, maxTypes, index); 40.673 - index += u32Size; 40.674 - 40.675 - writeIntToStream(chwBuffer, maxSsids, index); 40.676 - index += u32Size; 40.677 - 40.678 - writeIntToStream(chwBuffer, maxConflict, index); 40.679 - index += u32Size; 40.680 - 40.681 - /* Write chwall_ssid_offset */ 40.682 - writeIntToStream(chwBuffer, chwHeaderSize, index); 40.683 - index += u32Size; 40.684 - 40.685 - /* Write chwall_conflict_sets_offset */ 40.686 - writeIntToStream(chwBuffer, address, index); 40.687 - index += u32Size; 40.688 - 40.689 - /* Write chwall_running_types_offset */ 40.690 - writeIntToStream(chwBuffer, 0, index); 40.691 - index += u32Size; 40.692 - 40.693 - /* Write chwall_conflict_aggregate_offset */ 40.694 - writeIntToStream(chwBuffer, 0, index); 40.695 - index += u32Size; 40.696 - 40.697 - } catch (IOException ee) { 40.698 - System.out.println(" gCB:: got exception : " + ee); 40.699 - return null; 40.700 - } 40.701 - int markPos = 0; 40.702 - 40.703 - /* Create the SSids entry */ 40.704 - for (int i = 0; i < maxSsids; i++) 40.705 - { 40.706 - SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i); 40.707 - /* Get chwall types */ 40.708 - ssidEntry.chwSsidPosition = i; 40.709 - Enumeration e = ssidEntry.chwTypes.elements(); 40.710 - while (e.hasMoreElements()) 40.711 - { 40.712 - String typeName = (String) e.nextElement(); 40.713 - printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName); 40.714 - position = ColorTypes.indexOf(typeName); 40.715 - 40.716 - if (position < 0) 40.717 - { 40.718 - System.out.println (" gCB:: Error type : " + typeName + " not found in ColorTypes"); 40.719 - return null; 40.720 - } 40.721 - printDebug(" GCB:: type : " + typeName + " found in ColorTypes at position: " + position); 40.722 - markPos = ((i * maxTypes + position) * u16Size) + index; 40.723 - 40.724 - try { 40.725 - writeShortToStream(chwBuffer,markSymbol,markPos); 40.726 - } catch (IOException ee) { 40.727 - System.out.println(" gCB:: got exception : "); 40.728 - return null; 40.729 - } 40.730 - } 40.731 - } 40.732 - 40.733 - if (debug) 40.734 - printHex(chwBuffer,chwBuffer.length); 40.735 - 40.736 - /* Add conflict set */ 40.737 - index = address; 40.738 - for (int i = 0; i < maxConflict; i++) 40.739 - { 40.740 - /* Get ste types */ 40.741 - Vector entry = (Vector) ConflictSsids.elementAt(i); 40.742 - Enumeration e = entry.elements(); 40.743 - while (e.hasMoreElements()) 40.744 - { 40.745 - String typeName = (String) e.nextElement(); 40.746 - printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName); 40.747 - position = ColorTypes.indexOf(typeName); 40.748 - 40.749 - if (position < 0) 40.750 - { 40.751 - System.out.println (" GCB:: Error type : " + typeName + " not found in ColorTypes"); 40.752 - return null; 40.753 - } 40.754 - printDebug(" GCB:: type : " + typeName + " found in ColorTypes at position: " + position); 40.755 - markPos = ((i * maxTypes + position) * u16Size) + index; 40.756 - 40.757 - try { 40.758 - writeShortToStream(chwBuffer,markSymbol,markPos); 40.759 - } catch (IOException ee) { 40.760 - System.out.println(" GCB:: got exception : "); 40.761 - return null; 40.762 - } 40.763 - } 40.764 - 40.765 - } 40.766 - printDebug(" gSB:: chw binary ==> Length " + chwBuffer.length); 40.767 - if (debug) 40.768 - printHex(chwBuffer,chwBuffer.length); 40.769 - printDebug("\n"); 40.770 - 40.771 - return chwBuffer; 40.772 - } 40.773 - 40.774 -/********************************************************************** 40.775 - Generate byte representation of policy using type information 40.776 - <p> 40.777 - @param Ssids Vector 40.778 - @param ColorTypes Vector 40.779 - <p> 40.780 - @return bytes represenation of simple type enforcement policy 40.781 -**********************************************************************/ 40.782 - public byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes) 40.783 - { 40.784 - byte[] steBuffer; 40.785 - int index = 0; 40.786 - int position = 0; 40.787 - 40.788 - /* Get number of colorTypes */ 40.789 - int numColorTypes = ColorTypes.size(); 40.790 - 40.791 - /* Get number of SSids entry */ 40.792 - int numSsids = Ssids.size(); 40.793 - 40.794 - if (numColorTypes * numSsids == 0) 40.795 - return null; 40.796 - 40.797 - /* data structure: acm_ste_policy_buffer 40.798 - * see XmlToBinInterface.java 40.799 - * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size) 40.800 - * 40.801 - */ 40.802 - steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2]; 40.803 - 40.804 - try { 40.805 - 40.806 - index = 0; 40.807 - writeIntToStream(steBuffer, ACM_STE_VERSION, index); 40.808 - index += u32Size; 40.809 - 40.810 - writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index); 40.811 - index += u32Size; 40.812 - 40.813 - writeIntToStream(steBuffer, numColorTypes, index); 40.814 - index += u32Size; 40.815 - 40.816 - writeIntToStream(steBuffer, numSsids, index); 40.817 - index += u32Size; 40.818 - 40.819 - writeIntToStream(steBuffer, steHeaderSize, index); 40.820 - index += u32Size; 40.821 - 40.822 - 40.823 - } catch (IOException ee) { 40.824 - System.out.println(" gSB:: got exception : " + ee); 40.825 - return null; 40.826 - } 40.827 - int markPos = 0; 40.828 - for (int i = 0; i < numSsids; i++) 40.829 - { 40.830 - 40.831 - SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i); 40.832 - ssidEntry.steSsidPosition = i; 40.833 - /* Get ste types */ 40.834 - Enumeration e = ssidEntry.steTypes.elements(); 40.835 - while (e.hasMoreElements()) 40.836 - { 40.837 - String typeName = (String) e.nextElement(); 40.838 - printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName); 40.839 - position = ColorTypes.indexOf(typeName); 40.840 - 40.841 - if (position < 0) 40.842 - { 40.843 - printDebug(" gSB:: Error type : " + typeName + " not found in ColorTypes"); 40.844 - return null; 40.845 - } 40.846 - printDebug(" gSB:: type : " + typeName + " found in ColorTypes at position: " + position); 40.847 - markPos = ((i * numColorTypes + position) * u16Size) + index; 40.848 - 40.849 - try { 40.850 - writeShortToStream(steBuffer,markSymbol,markPos); 40.851 - } catch (IOException ee) 40.852 - { 40.853 - System.out.println(" gSB:: got exception : "); 40.854 - return null; 40.855 - } 40.856 - } 40.857 - 40.858 - } 40.859 - 40.860 - printDebug(" gSB:: ste binary ==> Length " + steBuffer.length); 40.861 - if (debug) 40.862 - printHex(steBuffer,steBuffer.length); 40.863 - printDebug("\n"); 40.864 - 40.865 - return steBuffer; 40.866 - } 40.867 - 40.868 - public static void printHex(byte [] dataArray, int length) 40.869 - { 40.870 - char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', 40.871 - '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; 40.872 - int hexIndex; 40.873 - int value; 40.874 - int arraylength; 40.875 - 40.876 - arraylength = length; 40.877 - 40.878 - if (dataArray == null) 40.879 - { 40.880 - System.err.print("printHex: input byte array is null"); 40.881 - } 40.882 - 40.883 - if (length > dataArray.length || length < 0) 40.884 - arraylength = dataArray.length; 40.885 - 40.886 - System.out.print("\n\t"); 40.887 - 40.888 - int i; 40.889 - for(i = 0; i < arraylength; ) 40.890 - { 40.891 - value = dataArray[i] & 0xFF; 40.892 - hexIndex = (value >>> 4); 40.893 - System.out.print(hexChars[hexIndex]); 40.894 - hexIndex = (value & 0x0F); 40.895 - System.out.print(hexChars[hexIndex]); 40.896 - 40.897 - i++; 40.898 - /* if done, print a final newline */ 40.899 - if (i == arraylength) { 40.900 - if (arraylength < dataArray.length) { 40.901 - System.out.print("..."); 40.902 - } 40.903 - System.out.println(); 40.904 - } 40.905 - else if ((i % 24) == 0) { 40.906 - System.out.print("\n\t"); 40.907 - } 40.908 - else if ((i % 4) == 0) { 40.909 - System.out.print(" "); 40.910 - } 40.911 - } 40.912 - 40.913 - return; 40.914 - } 40.915 - 40.916 - 40.917 - private void writeShortToStream(byte[] stream, short value, int index) 40.918 - throws IOException 40.919 - { 40.920 - int littleEndian = 0; 40.921 - int byteVal; 40.922 - 40.923 - if (index + 2 > stream.length) 40.924 - { 40.925 - throw new IOException("Writing beyond stream length: " + 40.926 - stream.length + " writing at locations from: " + index + " to " + (index + 4)); 40.927 - } 40.928 - 40.929 - if (!LittleEndian) 40.930 - { 40.931 - 40.932 - byteVal = value >> 8; 40.933 - stream[index ] = (byte) byteVal; 40.934 - 40.935 - byteVal = value; 40.936 - stream[index + 1] = (byte) byteVal; 40.937 - } else { 40.938 - stream[index] = (byte) ((value & 0x00ff) ); 40.939 - stream[index + 1] = (byte) ((value & 0xff00) >> 8); 40.940 - } 40.941 - return; 40.942 - } 40.943 - 40.944 - private void writeIntToStream(byte[] stream, int value, int index) 40.945 - throws IOException 40.946 - { 40.947 - int littleEndian = 0; 40.948 - int byteVal; 40.949 - 40.950 - if (4 > stream.length) 40.951 - { 40.952 - throw new IOException("writeIntToStream: stream length less than 4 bytes " + 40.953 - stream.length); 40.954 - } 40.955 - 40.956 - /* Do not Write beyond range */ 40.957 - if (index + 4 > stream.length) 40.958 - { 40.959 - throw new IOException("writeIntToStream: writing beyond stream length: " + 40.960 - stream.length + " writing at locations from: " + index + " to " + (index + 4)); 40.961 - } 40.962 - if (!LittleEndian) 40.963 - { 40.964 - byteVal = value >>> 24; 40.965 - stream[index] = (byte) byteVal; 40.966 - 40.967 - byteVal = value >> 16; 40.968 - stream[index + 1] = (byte) byteVal; 40.969 - 40.970 - byteVal = value >> 8; 40.971 - stream[index + 2] = (byte) byteVal; 40.972 - 40.973 - byteVal = value; 40.974 - stream[index + 3] = (byte) byteVal; 40.975 - } else { 40.976 - stream[index] = (byte) value; 40.977 - stream[index + 1] = (byte) ((value & 0x0000ff00) >> 8); 40.978 - stream[index + 2] = (byte) ((value & 0x00ff0000) >> 16); 40.979 - stream[index + 3] = (byte) ( value >>> 24); 40.980 - } 40.981 - return; 40.982 - } 40.983 - 40.984 - public Document getDomTree(String xmlFileName) 40.985 - throws Exception, SAXException, ParserConfigurationException 40.986 - { 40.987 - javax.xml.parsers.DocumentBuilderFactory dbf = 40.988 - javax.xml.parsers.DocumentBuilderFactory.newInstance(); 40.989 - 40.990 - /* Turn on namespace aware and validation */ 40.991 - dbf.setNamespaceAware(true); 40.992 - dbf.setValidating(true); 40.993 - dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA); 40.994 - 40.995 - /* Checks that the document is well-formed */ 40.996 - javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 40.997 - 40.998 - myHandler errHandler= new myHandler(); 40.999 - db.setErrorHandler(errHandler); 40.1000 - Document doc = db.parse(xmlFileName); 40.1001 - 40.1002 - /* Checks for validation errors */ 40.1003 - if (errHandler.isValid) 40.1004 - printDebug(" gDT:: Xml file: " + xmlFileName + " is valid"); 40.1005 - else 40.1006 - throw new Exception("Xml file: " + xmlFileName + " is NOT valid"); 40.1007 - 40.1008 - return doc; 40.1009 - } 40.1010 - 40.1011 - public void processDomTree( 40.1012 - Document doc, 40.1013 - Vector bagOfSsids, 40.1014 - Vector bagOfTypes, 40.1015 - Vector bagOfChwSsids, 40.1016 - Vector bagOfChwTypes, 40.1017 - Vector bagOfConflictSsids) 40.1018 - throws Exception, SAXException, ParserConfigurationException 40.1019 - { 40.1020 - boolean found; 40.1021 - 40.1022 - /* print the root Element */ 40.1023 - Element root = doc.getDocumentElement(); 40.1024 - printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + ",Value = " + root.getNodeValue()); 40.1025 - 40.1026 - /* Go through the list of the root Element's Attributes */ 40.1027 - NamedNodeMap nnm = root.getAttributes(); 40.1028 - printDebug (" pDT:: # of Attributes: " + nnm.getLength()); 40.1029 - for (int i = 0; i < nnm.getLength(); i++) 40.1030 - { 40.1031 - Node n = nnm.item (i); 40.1032 - printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = " 40.1033 - + n.getNodeValue()); 40.1034 - } 40.1035 - 40.1036 - /* Retrieve the policy definition */ 40.1037 - NodeList elementList = root.getElementsByTagName ("url"); 40.1038 - String definitionFileName = elementList.item(0).getFirstChild().getNodeValue(); 40.1039 - 40.1040 - String definitionHash = null; 40.1041 - 40.1042 - /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */ 40.1043 - elementList = root.getElementsByTagName ("hash"); 40.1044 - if (0 != elementList.getLength()) 40.1045 - definitionHash = elementList.item(0).getFirstChild().getNodeValue(); 40.1046 - 40.1047 - Document definitionDoc = pGetDomDefinition(definitionFileName,definitionHash); 40.1048 - pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids); 40.1049 - 40.1050 - 40.1051 - /* Get VM security information */ 40.1052 - elementList = root.getElementsByTagName ("VM"); 40.1053 - printDebug ("\n pDT:: partition length of NodeList:" + elementList.getLength()); 40.1054 - /* Add default Ssid to Ste and Chw bags */ 40.1055 - SecurityLabel defEntry = new SecurityLabel(); 40.1056 - 40.1057 - defEntry.chwTypes = new Vector(); 40.1058 - defEntry.steTypes = new Vector(); 40.1059 - defEntry.chwIDs = new Vector(); 40.1060 - defEntry.ids = new Vector(); 40.1061 - 40.1062 - defEntry.steSsidPosition =0; 40.1063 - defEntry.chwSsidPosition =0; 40.1064 - bagOfChwSsids.add(defEntry); 40.1065 - bagOfSsids.add(defEntry); 40.1066 - 40.1067 - for (int x = 0; x < elementList.getLength(); x++) 40.1068 - { 40.1069 - found = false; 40.1070 - 40.1071 - Node node = elementList.item (x); 40.1072 - 40.1073 - if (node.getNodeType() == Node.ELEMENT_NODE) 40.1074 - { 40.1075 - printDebug (" pDT:: child: " + x + " is an element node" ); 40.1076 - Element e1 = (Element) node; 40.1077 - 40.1078 - /* Get id */ 40.1079 - NodeList elist = e1.getElementsByTagName ("id"); 40.1080 - String idStr = elist.item(0).getFirstChild().getNodeValue(); 40.1081 - printDebug (" pDT:: id:" + idStr); 40.1082 - 40.1083 - /* Get TE */ 40.1084 - Vector colorTypes = new Vector(); 40.1085 - pConflictEntries(e1, "TE", bagOfTypes, colorTypes); 40.1086 - 40.1087 - Enumeration e = bagOfSsids.elements(); 40.1088 - while (e.hasMoreElements()) 40.1089 - { 40.1090 - SecurityLabel elem = (SecurityLabel) e.nextElement(); 40.1091 - if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes)) 40.1092 - { 40.1093 - found = true; 40.1094 - elem.ids.add(idStr); 40.1095 - } 40.1096 - 40.1097 - } 40.1098 - if (!found && (0 < colorTypes.size())) 40.1099 - { 40.1100 - SecurityLabel entry = new SecurityLabel(); 40.1101 - entry.steTypes = colorTypes; 40.1102 - entry.ids = new Vector(); 40.1103 - entry.ids.add(idStr); 40.1104 - bagOfSsids.add(entry); 40.1105 - } 40.1106 - 40.1107 - /* Get Chinese wall type */ 40.1108 - Vector chwTypes = new Vector(); 40.1109 - pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes); 40.1110 - 40.1111 - found = false; 40.1112 - e = bagOfChwSsids.elements(); 40.1113 - 40.1114 - while (e.hasMoreElements()) 40.1115 - { 40.1116 - SecurityLabel elem = (SecurityLabel) e.nextElement(); 40.1117 - if ( elem.chwTypes.size() == chwTypes.size() && elem.chwTypes.containsAll(chwTypes)) 40.1118 - { 40.1119 - found = true; 40.1120 - elem.chwIDs.add(idStr); 40.1121 - } 40.1122 - 40.1123 - } 40.1124 - 40.1125 - if (!found && (0 < chwTypes.size())) 40.1126 - { 40.1127 - SecurityLabel entry = new SecurityLabel(); 40.1128 - entry.chwTypes = chwTypes; 40.1129 - entry.chwIDs = new Vector(); 40.1130 - entry.chwIDs.add(idStr); 40.1131 - bagOfChwSsids.add(entry); 40.1132 - } 40.1133 - } 40.1134 - } 40.1135 - return; 40.1136 - } 40.1137 - 40.1138 - public Document pGetDomDefinition( 40.1139 - String definitionFileName, 40.1140 - String definitionHash) 40.1141 - throws Exception, SAXException, ParserConfigurationException 40.1142 - { 40.1143 - printDebug("\n pGDD:: definition file name: " + definitionFileName); 40.1144 - printDebug("\n pGDD:: definition file hash: " + definitionHash); 40.1145 - 40.1146 - Document doc = getDomTree(definitionFileName); 40.1147 - return doc; 40.1148 - } 40.1149 - 40.1150 - public void pGetTypes( 40.1151 - Document defDoc, 40.1152 - Vector bagOfTypes, 40.1153 - Vector bagOfChwTypes, 40.1154 - Vector bagOfConflictSsids) 40.1155 - throws Exception 40.1156 - { 40.1157 - 40.1158 - 40.1159 - if (null == defDoc) 40.1160 - throw new Exception(" pGT:: definition file DOM is null "); 40.1161 - 40.1162 - Element root = defDoc.getDocumentElement(); 40.1163 - 40.1164 - /* Get list of TE types */ 40.1165 - NodeList elementList = root.getElementsByTagName ("Types"); 40.1166 - printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength()); 40.1167 - Element e1 = (Element) elementList.item (0); 40.1168 - pGetEntries(e1,"TE",bagOfTypes); 40.1169 - 40.1170 - /* Get list of Chinese types */ 40.1171 - elementList = root.getElementsByTagName ("ChWallTypes"); 40.1172 - printDebug ("\n pGT:: ChwTypes length of NodeList:" + elementList.getLength()); 40.1173 - if (0 == elementList.getLength()) 40.1174 - { 40.1175 - printDebug ("\n pGT:: ChWallTypes has zero length: :" + elementList.getLength()); 40.1176 - } else { 40.1177 - e1 = (Element) elementList.item (0); 40.1178 - pGetEntries(e1,"ChWall",bagOfChwTypes); 40.1179 - } 40.1180 - printDebug (" pGT:: Total number of unique chw types: " + bagOfChwTypes.size()); 40.1181 - 40.1182 - /* Get Chinese type conflict sets */ 40.1183 - elementList = root.getElementsByTagName ("ConflictSet"); 40.1184 - printDebug ("\n pGT:: Conflict sets length of NodeList:" + elementList.getLength()); 40.1185 - for (int x = 0; x < elementList.getLength(); x++) 40.1186 - { 40.1187 - Vector conflictEntry = new Vector(); 40.1188 - e1 = (Element) elementList.item (x); 40.1189 - printDebug ("\n pGT:: Conflict sets : " + x); 40.1190 - 40.1191 - pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry); 40.1192 - 40.1193 - if (conflictEntry.size() > 0) 40.1194 - { 40.1195 - boolean found = false; 40.1196 - Enumeration e = bagOfConflictSsids.elements(); 40.1197 - 40.1198 - while (e.hasMoreElements()) 40.1199 - { 40.1200 - Vector elem = (Vector) e.nextElement(); 40.1201 - if (elem.size() == conflictEntry.size() && elem.containsAll(conflictEntry)) 40.1202 - { 40.1203 - found = true; 40.1204 - } 40.1205 - 40.1206 - } 40.1207 - if (!found) 40.1208 - { 40.1209 - bagOfConflictSsids.add(conflictEntry); 40.1210 - } 40.1211 - } 40.1212 - } 40.1213 - 40.1214 - } 40.1215 - 40.1216 - public void pGetEntries(Element doc, String tag, Vector typeBag) 40.1217 - throws Exception 40.1218 - { 40.1219 - 40.1220 - if (null == doc) 40.1221 - throw new Exception(" pGE:: Element doc is null"); 40.1222 - 40.1223 - if (null == typeBag) 40.1224 - throw new Exception(" pGE:: typeBag is null"); 40.1225 - 40.1226 - NodeList elist = doc.getElementsByTagName (tag); 40.1227 - for (int j = 0; j < elist.getLength(); j++) 40.1228 - { 40.1229 - Node knode = elist.item (j); 40.1230 - Node childNode = knode.getFirstChild(); 40.1231 - String value = childNode.getNodeValue(); 40.1232 - 40.1233 - printDebug (" pGT:: "+ tag +" type: " + value); 40.1234 - 40.1235 - /* Check if value is known */ 40.1236 - if (!typeBag.contains(value)) 40.1237 - typeBag.addElement(value); 40.1238 - } 40.1239 - } 40.1240 - 40.1241 - public void pConflictEntries(Element doc, String tag, Vector typeBag, Vector conflictEntry) 40.1242 - throws Exception 40.1243 - { 40.1244 - 40.1245 - if (null == doc) 40.1246 - throw new Exception(" pGE:: Element doc is null"); 40.1247 - 40.1248 - if (null == typeBag) 40.1249 - throw new Exception(" pGE:: typeBag is null"); 40.1250 - 40.1251 - if (null == conflictEntry) 40.1252 - throw new Exception(" pGE:: typeBag is null"); 40.1253 - 40.1254 - 40.1255 - NodeList elist = doc.getElementsByTagName (tag); 40.1256 - 40.1257 - for (int j = 0; j < elist.getLength(); j++) 40.1258 - { 40.1259 - Node knode = elist.item (j); 40.1260 - Node childNode = knode.getFirstChild(); 40.1261 - String value = childNode.getNodeValue(); 40.1262 - 40.1263 - printDebug (" pGE:: "+ tag +" type: " + value); 40.1264 - 40.1265 - /* Check if value is known */ 40.1266 - if (!typeBag.contains(value)) 40.1267 - throw new Exception(" pCE:: found undefined type set " + value); 40.1268 - 40.1269 - if (!conflictEntry.contains(value)) 40.1270 - conflictEntry.addElement(value); 40.1271 - 40.1272 - } 40.1273 - } 40.1274 - 40.1275 - public void processDomTreeVlanSlot( 40.1276 - Document doc, 40.1277 - Vector bagOfSsids, 40.1278 - Vector bagOfTypes) 40.1279 - throws Exception 40.1280 - { 40.1281 - boolean found; 40.1282 - 40.1283 - printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size()); 40.1284 - Element root = doc.getDocumentElement(); 40.1285 - 40.1286 - NodeList elementList = root.getElementsByTagName ("Vlan"); 40.1287 - printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength()); 40.1288 - 40.1289 - for (int x = 0; x < elementList.getLength(); x++) 40.1290 - { 40.1291 - found = false; 40.1292 - 40.1293 - Node node = elementList.item (x); 40.1294 - 40.1295 - if (node.getNodeType() == Node.ELEMENT_NODE) 40.1296 - { 40.1297 - printDebug(" pDTVS:: child: " + x + " is an element node" ); 40.1298 - Element e1 = (Element) node; 40.1299 - 40.1300 - /* Get vid */ 40.1301 - NodeList elist = e1.getElementsByTagName ("vid"); 40.1302 - String idStr = elist.item(0).getFirstChild().getNodeValue(); 40.1303 - printDebug (" pDTVS:: vid:" + idStr); 40.1304 - 40.1305 - /* Get TE */ 40.1306 - elist = e1.getElementsByTagName ("TE"); 40.1307 - printDebug (" pDTVS:: Total ste types: " + elist.getLength()); 40.1308 - 40.1309 - Vector colorTypes = new Vector(); 40.1310 - for (int j = 0; j < elist.getLength(); j++) 40.1311 - { 40.1312 - Node knode = elist.item (j); 40.1313 - Node childNode = knode.getFirstChild(); 40.1314 - String value = childNode.getNodeValue(); 40.1315 - 40.1316 - printDebug (" pDT:: My color is: " + value); 40.1317 - if (!bagOfTypes.contains(value)) 40.1318 - { 40.1319 - throw new IOException("pDT:: Vlan: " + idStr+ " has unknown type : "+ value); 40.1320 - } 40.1321 - 40.1322 - if (!colorTypes.contains(value)) 40.1323 - colorTypes.addElement(value); 40.1324 - } 40.1325 - Enumeration e = bagOfSsids.elements(); 40.1326 - while (e.hasMoreElements()) 40.1327 - { 40.1328 - SecurityLabel elem = (SecurityLabel) e.nextElement(); 40.1329 - if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes)) 40.1330 - { 40.1331 - found = true; 40.1332 - if (null == elem.vlans) 40.1333 - elem.vlans = new Vector(); 40.1334 - elem.vlans.add(idStr); 40.1335 - } 40.1336 - 40.1337 - } 40.1338 - if (!found && (0 < colorTypes.size())) 40.1339 - { 40.1340 - SecurityLabel entry = new SecurityLabel(); 40.1341 - entry.steTypes = colorTypes; 40.1342 - entry.vlans = new Vector(); 40.1343 - entry.vlans.add(idStr); 40.1344 - bagOfSsids.add(entry); 40.1345 - } 40.1346 - 40.1347 - } 40.1348 - } 40.1349 - printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size()); 40.1350 - 40.1351 - elementList = root.getElementsByTagName ("Slot"); 40.1352 - printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength()); 40.1353 - 40.1354 - for (int x = 0; x < elementList.getLength(); x++) 40.1355 - { 40.1356 - found = false; 40.1357 - 40.1358 - Node node = elementList.item (x); 40.1359 - 40.1360 - if (node.getNodeType() == Node.ELEMENT_NODE) 40.1361 - { 40.1362 - printDebug(" pDT:: child: " + x + " is an element node" ); 40.1363 - Element e1 = (Element) node; 40.1364 - 40.1365 - 40.1366 - /* Get slot and bus */ 40.1367 - SlotInfo item = new SlotInfo(); 40.1368 - 40.1369 - NodeList elist = e1.getElementsByTagName ("bus"); 40.1370 - item.bus = elist.item(0).getFirstChild().getNodeValue(); 40.1371 - elist = e1.getElementsByTagName ("slot"); 40.1372 - item.slot = elist.item(0).getFirstChild().getNodeValue(); 40.1373 - printDebug (" pDT:: bus and slot:" + item.bus + " "+ item.slot); 40.1374 - 40.1375 - /* Get TE */ 40.1376 - elist = e1.getElementsByTagName ("TE"); 40.1377 - printDebug (" pDT:: Total ste types: " + elist.getLength()); 40.1378 - 40.1379 - Vector colorTypes = new Vector(); 40.1380 - for (int j = 0; j < elist.getLength(); j++) 40.1381 - { 40.1382 - Node knode = elist.item (j); 40.1383 - Node childNode = knode.getFirstChild(); 40.1384 - String value = childNode.getNodeValue(); 40.1385 - 40.1386 - printDebug (" pDT:: My color is: " + value); 40.1387 - if (!bagOfTypes.contains(value)) 40.1388 - { 40.1389 - throw new IOException("pDT:: bus: " + item.bus + " slot: "+ item.slot + " has unknown type : "+ value); 40.1390 - } 40.1391 - 40.1392 - if (!colorTypes.contains(value)) 40.1393 - colorTypes.addElement(value); 40.1394 - } 40.1395 - 40.1396 - Enumeration e = bagOfSsids.elements(); 40.1397 - while (e.hasMoreElements()) 40.1398 - { 40.1399 - SecurityLabel elem = (SecurityLabel) e.nextElement(); 40.1400 - if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes)) 40.1401 - { 40.1402 - found = true; 40.1403 - if (null == elem.slots) 40.1404 - elem.slots = new Vector(); 40.1405 - elem.slots.add(item); 40.1406 - 40.1407 - } 40.1408 - 40.1409 - } 40.1410 - 40.1411 - if (!found && (0 < colorTypes.size())) 40.1412 - { 40.1413 - SecurityLabel entry = new SecurityLabel(); 40.1414 - entry.steTypes = colorTypes; 40.1415 - entry.slots = new Vector(); 40.1416 - entry.slots.add(item); 40.1417 - bagOfSsids.add(entry); 40.1418 - } 40.1419 - 40.1420 - } 40.1421 - } 40.1422 - return; 40.1423 - } 40.1424 - 40.1425 - public static void main (String[] args) 40.1426 - { 40.1427 - String xmlFileName = null; /* policy file */ 40.1428 - String outputFileName = null; /* binary policy file */ 40.1429 - String xenSsidOutputFileName = null; /* outputfile ssid to named types */ 40.1430 - /* outputfile conflicts ssid to named types */ 40.1431 - String xenSsidConfOutputFileName = null; 40.1432 - 40.1433 - XmlToBin genObj = new XmlToBin(); 40.1434 - 40.1435 - policy_version active_policy = new policy_version(); 40.1436 - 40.1437 - if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) || 40.1438 - (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) || 40.1439 - (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) { 40.1440 - System.out.println("ACM policy versions differ."); 40.1441 - System.out.println("Please verify that data structures are correct"); 40.1442 - System.out.println("and then adjust the version numbers in XmlToBinInterface.java."); 40.1443 - return; 40.1444 - } 40.1445 - 40.1446 - 40.1447 - for (int i = 0 ; i < args.length ; i++) { 40.1448 - 40.1449 - if ( args[i].equals("-help")) { 40.1450 - printUsage(); 40.1451 - System.exit(1); 40.1452 - 40.1453 - } else if ( args[i].equals("-i")) { 40.1454 - i++; 40.1455 - if (i < args.length) { 40.1456 - xmlFileName = args[i]; 40.1457 - } else { 40.1458 - System.out.println("-i argument needs parameter"); 40.1459 - System.exit(1); 40.1460 - } 40.1461 - 40.1462 - } else if ( args[i].equals("-o")) { 40.1463 - i++; 40.1464 - if (i < args.length) { 40.1465 - outputFileName = args[i]; 40.1466 - } else { 40.1467 - System.out.println("-o argument needs parameter"); 40.1468 - System.exit(1); 40.1469 - } 40.1470 - 40.1471 - } else if ( args[i].equals("-xssid")) { 40.1472 - i++; 40.1473 - if (i < args.length) { 40.1474 - xenSsidOutputFileName = args[i]; 40.1475 - } else { 40.1476 - System.out.println("-xssid argument needs parameter"); 40.1477 - System.exit(1); 40.1478 - } 40.1479 - 40.1480 - } else if ( args[i].equals("-xssidconf")) { 40.1481 - i++; 40.1482 - if (i < args.length) { 40.1483 - xenSsidConfOutputFileName = args[i]; 40.1484 - } else { 40.1485 - System.out.println("-xssidconf argument needs parameter"); 40.1486 - System.exit(1); 40.1487 - } 40.1488 - } else if ( args[i].equals("-debug")) { /* turn on debug msg */ 40.1489 - genObj.setDebug(true); 40.1490 - } else { 40.1491 - System.out.println("bad command line argument: " + args[i]); 40.1492 - printUsage(); 40.1493 - System.exit(1); 40.1494 - } 40.1495 - 40.1496 - } 40.1497 - 40.1498 - if (xmlFileName == null) 40.1499 - { 40.1500 - System.out.println("Need to specify input file -i option"); 40.1501 - printUsage(); 40.1502 - System.exit(1); 40.1503 - } 40.1504 - 40.1505 - 40.1506 - try 40.1507 - { 40.1508 - /* Parse and validate */ 40.1509 - Document doc = genObj.getDomTree(xmlFileName); 40.1510 - 40.1511 - /* Vectors to hold sets of types */ 40.1512 - Vector bagOfSsids = new Vector(); 40.1513 - Vector bagOfTypes = new Vector(); 40.1514 - Vector bagOfChwSsids = new Vector(); 40.1515 - Vector bagOfChwTypes = new Vector(); 40.1516 - Vector bagOfConflictSsids = new Vector(); 40.1517 - 40.1518 - Vector vlanMapSsids = new Vector(); 40.1519 - Vector slotMapSsids = new Vector(); 40.1520 - 40.1521 - genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, bagOfChwTypes, bagOfConflictSsids); 40.1522 - 40.1523 - genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes); 40.1524 - 40.1525 - /* Get binary representation of policies */ 40.1526 - byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes); 40.1527 - byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, bagOfConflictSsids,bagOfChwTypes); 40.1528 - 40.1529 - byte[] binPolicy = null; 40.1530 - byte[] binaryPartionSsid = null; 40.1531 - byte[] binaryVlanSsid = null; 40.1532 - byte[] binarySlotSsid = null; 40.1533 - 40.1534 - /* Get binary representation of partition to ssid mapping */ 40.1535 - binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids); 40.1536 - 40.1537 - /* Get binary representation of vlan to ssid mapping */ 40.1538 - binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids); 40.1539 - 40.1540 - /* Get binary representation of slot to ssid mapping */ 40.1541 - binarySlotSsid = genObj.generateSlotSsids(bagOfSsids); 40.1542 - 40.1543 - /* Generate binary representation: policy, partition, slot and vlan */ 40.1544 - binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, binaryPartionSsid, binaryVlanSsid, binarySlotSsid); 40.1545 - 40.1546 - 40.1547 - /* Write binary policy into file */ 40.1548 - if (null != outputFileName) 40.1549 - { 40.1550 - genObj.writeBinPolicy(binPolicy, outputFileName); 40.1551 - } else { 40.1552 - System.out.println (" No binary policy generated, outputFileName: " + outputFileName); 40.1553 - } 40.1554 - 40.1555 - /* Print total number of types */ 40.1556 - System.out.println (" Total number of unique ste types: " + bagOfTypes.size()); 40.1557 - System.out.println (" Total number of Ssids : " + bagOfSsids.size()); 40.1558 - System.out.println (" Total number of unique chw types: " + bagOfChwTypes.size()); 40.1559 - System.out.println (" Total number of conflict ssids : " + bagOfConflictSsids.size()); 40.1560 - System.out.println (" Total number of chw Ssids : " + bagOfChwSsids.size()); 40.1561 - 40.1562 - if (null != xenSsidOutputFileName) 40.1563 - genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, true); 40.1564 - 40.1565 - if (null != xenSsidConfOutputFileName) 40.1566 - genObj.writeXenTypeFile(bagOfChwSsids, xenSsidConfOutputFileName, false); 40.1567 - } 40.1568 - catch (Exception e) 40.1569 - { 40.1570 - e.printStackTrace(); 40.1571 - } 40.1572 - } 40.1573 -}
41.1 --- a/tools/misc/policyprocessor/XmlToBinInterface.java Fri Aug 19 10:18:53 2005 +0000 41.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 41.3 @@ -1,138 +0,0 @@ 41.4 -/** 41.5 - * (C) Copyright IBM Corp. 2005 41.6 - * 41.7 - * $Id: XmlToBinInterface.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $ 41.8 - * 41.9 - * Author: Ray Valdez 41.10 - * 41.11 - * This program is free software; you can redistribute it and/or 41.12 - * modify it under the terms of the GNU General Public License as 41.13 - * published by the Free Software Foundation, version 2 of the 41.14 - * License. 41.15 - * 41.16 - * XmlToBinInterface Class. 41.17 - * <p> 41.18 - * 41.19 - * Defines constants used by XmToBin. 41.20 - * 41.21 - * <p> 41.22 - * 41.23 - * policy binary structures 41.24 - * 41.25 - * struct acm_policy_buffer { 41.26 - * u32 policy_version; * ACM_POLICY_VERSION * 41.27 - * u32 magic; 41.28 - * u32 len; 41.29 - * u32 primary_policy_code; 41.30 - * u32 primary_buffer_offset; 41.31 - * u32 secondary_policy_code; 41.32 - * u32 secondary_buffer_offset; 41.33 - * +u32 resource offset (not used yet in Xen) 41.34 - * }; 41.35 - * 41.36 - * 41.37 - * struct acm_ste_policy_buffer { 41.38 - * u32 policy_version; * ACM_STE_VERSION * 41.39 - * u32 policy_code; 41.40 - * u32 ste_max_types; 41.41 - * u32 ste_max_ssidrefs; 41.42 - * u32 ste_ssid_offset; 41.43 - * }; 41.44 - * 41.45 - * struct acm_chwall_policy_buffer { 41.46 - * u32 policy_version; * ACM_CHWALL_VERSION * 41.47 - * u32 policy_code; 41.48 - * u32 chwall_max_types; 41.49 - * u32 chwall_max_ssidrefs; 41.50 - * u32 chwall_max_conflictsets; 41.51 - * u32 chwall_ssid_offset; 41.52 - * u32 chwall_conflict_sets_offset; 41.53 - * u32 chwall_running_types_offset; 41.54 - * u32 chwall_conflict_aggregate_offset; 41.55 - * }; 41.56 - * 41.57 - * typedef struct { 41.58 - * u16 partition_max; 41.59 - * u16 partition_offset; 41.60 - * u16 vlan_max; 41.61 - * u16 vlan_offset; 41.62 - * u16 slot_max; 41.63 - * u16 slot_offset; 41.64 - * } acm_resource_buffer_t; 41.65 - * 41.66 - * typedef struct { 41.67 - * u16 id; 41.68 - * u16 ssid_ste; 41.69 - * u16 ssid_chwall; 41.70 - * } acm_partition_entry_t; 41.71 - * 41.72 - * typedef struct { 41.73 - * u16 vlan; 41.74 - * u16 ssid_ste; 41.75 - * } acm_vlan_entry_t; 41.76 - * 41.77 - * typedef struct { 41.78 - * u16 bus; 41.79 - * u16 slot; 41.80 - * u16 ssid_ste; 41.81 - * } acm_slot_entry_t; 41.82 - * 41.83 - * 41.84 - * 41.85 - */ 41.86 -public interface XmlToBinInterface 41.87 -{ 41.88 - /* policy code (uint16) */ 41.89 - final int policyCodeSize = 2; 41.90 - 41.91 - /* max_types (uint16) */ 41.92 - final int maxTypesSize = 2; 41.93 - 41.94 - /* max_ssidrefs (uint16) */ 41.95 - final int maxSsidrefSize = 2; 41.96 - 41.97 - /* ssid_offset (uint32) */ 41.98 - final int ssidOffsetSize = 2; 41.99 - 41.100 - final short markSymbol = 0x0001; 41.101 - 41.102 - final int u32Size = 4; 41.103 - final int u16Size = 2; 41.104 - 41.105 - /* num of bytes for acm_ste_policy_buffer_t */ 41.106 - final int steHeaderSize = (5 * u32Size); 41.107 - 41.108 - /* byte for acm_chinese_wall_policy_buffer_t */ 41.109 - final int chwHeaderSize = (9 * u32Size); 41.110 - 41.111 - final int primaryPolicyCodeSize = u32Size; 41.112 - final int primaryBufferOffsetSize = u32Size ; 41.113 - 41.114 - final int secondaryPolicyCodeSz = u32Size; 41.115 - final int secondaryBufferOffsetSz = u32Size; 41.116 - final int resourceOffsetSz = u32Size; 41.117 - 41.118 - final short partitionBufferSz = (2 * u16Size); 41.119 - final short partitionEntrySz = (3 * u16Size); 41.120 - 41.121 - final short slotBufferSz = (2 * u16Size); 41.122 - final short slotEntrySz = (3 * u16Size); 41.123 - 41.124 - final short vlanBufferSz = (2 * u16Size); 41.125 - final short vlanEntrySz = (2 * u16Size); 41.126 - 41.127 - final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */ 41.128 - 41.129 - /* copied directly from acm.h */ 41.130 - final int ACM_MAGIC = 0x0001debc; 41.131 - final int ACM_NULL_POLICY = 0; 41.132 - final int ACM_CHINESE_WALL_POLICY = 1; 41.133 - final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2; 41.134 - final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3; 41.135 - final int ACM_EMPTY_POLICY = 4; 41.136 - 41.137 - /* version for compatibility check */ 41.138 - final int ACM_POLICY_VERSION = 1; 41.139 - final int ACM_STE_VERSION = 1; 41.140 - final int ACM_CHWALL_VERSION = 1; 41.141 -}
42.1 --- a/tools/misc/policyprocessor/c2j_include.c Fri Aug 19 10:18:53 2005 +0000 42.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 42.3 @@ -1,57 +0,0 @@ 42.4 -/**************************************************************** 42.5 - * c2j_include.c 42.6 - * 42.7 - * Copyright (C) 2005 IBM Corporation 42.8 - * 42.9 - * Authors: 42.10 - * Reiner Sailer <sailer@watson.ibm.com> 42.11 - * 42.12 - * This program is free software; you can redistribute it and/or 42.13 - * modify it under the terms of the GNU General Public License as 42.14 - * published by the Free Software Foundation, version 2 of the 42.15 - * License. 42.16 - * 42.17 - * This tool makes some constants from acm.h available to the 42.18 - * java policyprocessor for version checking. 42.19 - */ 42.20 -#include <stdio.h> 42.21 -#include <errno.h> 42.22 -#include <stdlib.h> 42.23 -#include <stdint.h> 42.24 - 42.25 -typedef uint8_t u8; 42.26 -typedef uint16_t u16; 42.27 -typedef uint32_t u32; 42.28 -typedef uint64_t u64; 42.29 -typedef int8_t s8; 42.30 -typedef int16_t s16; 42.31 -typedef int32_t s32; 42.32 -typedef int64_t s64; 42.33 - 42.34 -#include <xen/acm.h> 42.35 - 42.36 -char *filename = "policy_version.java"; 42.37 - 42.38 -int main(int argc, char **argv) 42.39 -{ 42.40 - 42.41 - FILE *fd; 42.42 - if ((fd = fopen(filename, "w")) <= 0) 42.43 - { 42.44 - printf("File %s not found.\n", filename); 42.45 - exit(-ENOENT); 42.46 - } 42.47 - 42.48 - fprintf(fd, "/*\n * This file was automatically generated\n"); 42.49 - fprintf(fd, " * Do not change it manually!\n */\n"); 42.50 - fprintf(fd, "public class policy_version {\n"); 42.51 - fprintf(fd, " final int ACM_POLICY_VERSION = %x;\n", 42.52 - ACM_POLICY_VERSION); 42.53 - fprintf(fd, " final int ACM_CHWALL_VERSION = %x;\n", 42.54 - ACM_CHWALL_VERSION); 42.55 - fprintf(fd, " final int ACM_STE_VERSION = %x;\n", 42.56 - ACM_STE_VERSION); 42.57 - fprintf(fd, "}\n"); 42.58 - fclose(fd); 42.59 - return 0; 42.60 -}
43.1 --- a/tools/misc/policyprocessor/myHandler.java Fri Aug 19 10:18:53 2005 +0000 43.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 43.3 @@ -1,47 +0,0 @@ 43.4 -/** 43.5 - * (C) Copyright IBM Corp. 2005 43.6 - * 43.7 - * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $ 43.8 - * 43.9 - * Author: Ray Valdez 43.10 - * 43.11 - * This program is free software; you can redistribute it and/or 43.12 - * modify it under the terms of the GNU General Public License as 43.13 - * published by the Free Software Foundation, version 2 of the 43.14 - * License. 43.15 - * 43.16 - * myHandler Class. 43.17 - * 43.18 - * <p> 43.19 - * 43.20 - * A dummy class used for detecting XML validating/parsing errors. 43.21 - * 43.22 - * <p> 43.23 - * 43.24 - * 43.25 - */ 43.26 -import org.xml.sax.helpers.*; 43.27 -import org.xml.sax.SAXParseException; 43.28 - 43.29 -class myHandler extends DefaultHandler 43.30 -{ 43.31 - public boolean isValid = true; 43.32 - 43.33 - /* Notification of a recoverable error. */ 43.34 - public void error(SAXParseException se) 43.35 - { 43.36 - isValid = false; 43.37 - } 43.38 - 43.39 - /* Notification of a non-recoverable error. */ 43.40 - public void fatalError(SAXParseException se) 43.41 - { 43.42 - isValid = false; 43.43 - } 43.44 - 43.45 - /* Notification of a warning. */ 43.46 - public void warning(SAXParseException se) 43.47 - { 43.48 - isValid = false; 43.49 - } 43.50 -}
44.1 --- a/tools/misc/policyprocessor/readme.install Fri Aug 19 10:18:53 2005 +0000 44.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 44.3 @@ -1,33 +0,0 @@ 44.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 44.5 -# Version: 1.0 44.6 -# 44.7 -# install readme 44.8 -# 44.9 -PREREQUISITES: 44.10 - 44.11 -Prior to installation of the policy processor tool (XmlToBin) you must have... 44.12 - 44.13 - 1. Java version 1.4.2 44.14 - 2. xmlParserAPIs.jar and xercesImpl.jar 44.15 - 44.16 -The above can be obtained from the Sun Developer Network web site at 44.17 -http://java.sun.com/j2se/1.4.2/download.html. 44.18 - 44.19 -XmlParserAPIs and xercesImpl jars can be obtained from 44.20 -http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz, 44.21 -for example). 44.22 - 44.23 -The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit 44.24 -INTEL). 44.25 - 44.26 -INSTALLATION 44.27 - 44.28 -1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin 44.29 - where $HOME_JAVA is your java installation directory 44.30 - 44.31 -2. Compile XmlToBin: 44.32 - javac XmlToBin.java 44.33 - 44.34 -USAGE 44.35 - 44.36 - See readme.xen
45.1 --- a/tools/misc/policyprocessor/readme.xen Fri Aug 19 10:18:53 2005 +0000 45.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 45.3 @@ -1,65 +0,0 @@ 45.4 -# Author: Ray Valdez, rvaldez@us.ibm.com 45.5 -# Version: 1.0 45.6 -# 45.7 -# This readme describes the policy processor tool for sHype. 45.8 -# 45.9 - 45.10 -Java program: 45.11 - 45.12 - java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf> 45.13 - 45.14 - Command line options: 45.15 - 45.16 - -i inputFile: name of policyfile (.xml) 45.17 - -o outputFile: name of binary policy file (Big Endian) 45.18 - -xssid SsidFile: xen ssids to named types text file 45.19 - -xssidconf SsidConf: xen conflict ssids to types text file 45.20 - -debug turn on debug messages 45.21 - -help help. This printout 45.22 - 45.23 -Where: 45.24 - 45.25 -file.xml is the (input) xml policy file to be parsed and validated. 45.26 -The syntax for file.xml is defined in the SecurityPolicySpec.xsd file. 45.27 -file.bin is the (output) binary policy file generated by XmlToBin. 45.28 -This binary policy can be activated in sHype. The binary policy file 45.29 -is laid out in network byte order (i.e., big endian). The SsidFile 45.30 -file contains the mapping of type enforcement (TE) ssids to the "named 45.31 -types". Similarly, the SsidConf file contains the mapping of Chinese 45.32 -Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf 45.33 -files are used by Xen. 45.34 - 45.35 -Xml Schema and policy: 45.36 - 45.37 -The SecurityPolicySpec.xsd defines the syntax of a policy file. It 45.38 -declares the tags that are used by XmlToBin to generate the binary 45.39 -policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid, 45.40 -etc. The xml files that describe a policy are simple. Semantic 45.41 -checking of a policy is performed mostly by XmlToBin. A type, for 45.42 -example, is a string. No fixed values are defined for types in Xml. 45.43 - 45.44 -A policy consists of two Xml files: definition and policy. The 45.45 -definition Xml declares the types that are permitted in the policy 45.46 -Xml. The policy Xml contains the assignment of labels to 45.47 -subject/object (e.g., vm). This Xml file contains an explicit 45.48 -reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>). 45.49 -The policy Xml is the one provided as a command line argument. 45.50 - 45.51 - 45.52 -Files: 45.53 - 45.54 -*.java - policy processor source 45.55 -xen_sample_policy.xml - sample xml policy file 45.56 -xen_sample_def.xml - sample user defined types 45.57 -SecurityPolicySpec.xsd - schema definition file 45.58 - 45.59 - 45.60 -To generate the sample binary policy: 45.61 - 45.62 -export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:. 45.63 - 45.64 -java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin 45.65 - 45.66 -where $XERCES_HOME is the installation directory of the Apache Xerces-J 45.67 - 45.68 -
46.1 --- a/tools/misc/policyprocessor/xen_sample_def.xml Fri Aug 19 10:18:53 2005 +0000 46.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 46.3 @@ -1,46 +0,0 @@ 46.4 -<?xml version="1.0"?> 46.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com --> 46.6 -<!-- example policy type definition --> 46.7 -<SecurityPolicySpec 46.8 -xmlns="http://www.ibm.com" 46.9 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 46.10 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd"> 46.11 - 46.12 -<Definition> 46.13 -<!-- an example of a simple type enforcement type definition --> 46.14 - <Types> 46.15 - <TE>LOCAL-management</TE> 46.16 - <TE>R-Company-development</TE> 46.17 - <TE>S-Company-order</TE> 46.18 - <TE>T-Company-advertising</TE> 46.19 - <TE>U-Company-computing</TE> 46.20 - <!-- TE nondevelopment --> 46.21 - </Types> 46.22 - 46.23 -<!-- an example of a chinese wall type definition along with conflict sets--> 46.24 - <ChWallTypes> 46.25 - <ChWall>Q-Company</ChWall> 46.26 - <ChWall>R-Company</ChWall> 46.27 - <ChWall>S-Company</ChWall> 46.28 - <ChWall>T-Company</ChWall> 46.29 - <ChWall>U-Company</ChWall> 46.30 - <ChWall>V-Company</ChWall> 46.31 - <ChWall>W-Company</ChWall> 46.32 - <ChWall>X-Company</ChWall> 46.33 - <ChWall>Y-Company</ChWall> 46.34 - <ChWall>Z-Company</ChWall> 46.35 - </ChWallTypes> 46.36 - 46.37 - <ConflictSet> 46.38 - <ChWall>T-Company</ChWall> 46.39 - <ChWall>S-Company</ChWall> 46.40 - </ConflictSet> 46.41 - 46.42 - <ConflictSet> 46.43 - <ChWall>R-Company</ChWall> 46.44 - <ChWall>V-Company</ChWall> 46.45 - <ChWall>W-Company</ChWall> 46.46 - </ConflictSet> 46.47 - 46.48 -</Definition> 46.49 -</SecurityPolicySpec>
47.1 --- a/tools/misc/policyprocessor/xen_sample_policy.xml Fri Aug 19 10:18:53 2005 +0000 47.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 47.3 @@ -1,58 +0,0 @@ 47.4 -<?xml version="1.0"?> 47.5 -<!-- Author: Ray Valdez, rvaldez@us.ibm.com --> 47.6 -<!-- example xen policy file --> 47.7 - 47.8 -<SecurityPolicySpec 47.9 -xmlns="http://www.ibm.com" 47.10 -xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 47.11 -xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd"> 47.12 -<Policy> 47.13 - <PolicyHeader> 47.14 - <Name>xen sample policy</Name> 47.15 - <DateTime>2005-05-20T16:56:00</DateTime> 47.16 - <Tag>foobar</Tag> 47.17 - <TypeDefinition> 47.18 - <url>xen_sample_def.xml</url> 47.19 - <hash>abcdef123456abcdef</hash> 47.20 - </TypeDefinition> 47.21 - </PolicyHeader> 47.22 - 47.23 - <VM> 47.24 - <id> 0 </id> 47.25 - <TE>LOCAL-management</TE> 47.26 - <TE>R-Company-development</TE> 47.27 - <TE>S-Company-order</TE> 47.28 - <TE>T-Company-advertising</TE> 47.29 - <TE>U-Company-computing</TE> 47.30 - <ChWall>Q-Company</ChWall> 47.31 - </VM> 47.32 - 47.33 - <VM> 47.34 - <id> 1 </id> 47.35 - <TE>R-Company-development</TE> 47.36 - <ChWall>R-Company</ChWall> 47.37 - </VM> 47.38 - 47.39 - <VM> 47.40 - <id> 2 </id> 47.41 - <TE>S-Company-order</TE> 47.42 - <ChWall>S-Company</ChWall> 47.43 - 47.44 - </VM> 47.45 - 47.46 - <VM> 47.47 - <id> 3 </id> 47.48 - <TE>T-Company-advertising</TE> 47.49 - <ChWall>T-Company</ChWall> 47.50 - </VM> 47.51 - 47.52 - 47.53 - <VM> 47.54 - <id> 4 </id> 47.55 - <TE>U-Company-computing</TE> 47.56 - <ChWall>U-Company</ChWall> 47.57 - </VM> 47.58 - 47.59 - 47.60 -</Policy> 47.61 -</SecurityPolicySpec>
48.1 --- a/tools/python/xen/xend/server/event.py Fri Aug 19 10:18:53 2005 +0000 48.2 +++ b/tools/python/xen/xend/server/event.py Fri Aug 19 10:50:15 2005 +0000 48.3 @@ -50,7 +50,7 @@ class EventProtocol(protocol.Protocol): 48.4 def dataReceived(self, data): 48.5 try: 48.6 self.parser.input(data) 48.7 - if self.parser.ready(): 48.8 + while(self.parser.ready()): 48.9 val = self.parser.get_val() 48.10 res = self.dispatch(val) 48.11 self.send_result(res)
49.1 --- a/tools/python/xen/xend/server/relocate.py Fri Aug 19 10:18:53 2005 +0000 49.2 +++ b/tools/python/xen/xend/server/relocate.py Fri Aug 19 10:50:15 2005 +0000 49.3 @@ -42,7 +42,7 @@ class RelocationProtocol(protocol.Protoc 49.4 def dataReceived(self, data): 49.5 try: 49.6 self.parser.input(data) 49.7 - if self.parser.ready(): 49.8 + while(self.parser.ready()): 49.9 val = self.parser.get_val() 49.10 res = self.dispatch(val) 49.11 self.send_result(res)
50.1 --- a/tools/python/xen/xm/create.py Fri Aug 19 10:18:53 2005 +0000 50.2 +++ b/tools/python/xen/xm/create.py Fri Aug 19 10:50:15 2005 +0000 50.3 @@ -23,6 +23,7 @@ import string 50.4 import sys 50.5 import socket 50.6 import commands 50.7 +import time 50.8 50.9 import xen.lowlevel.xc 50.10 50.11 @@ -674,18 +675,33 @@ def get_dom0_alloc(): 50.12 return 0 50.13 50.14 def balloon_out(dom0_min_mem, opts): 50.15 - """Balloon out to get memory for domU, if necessarily""" 50.16 + """Balloon out memory from dom0 if necessary""" 50.17 SLACK = 4 50.18 + timeout = 20 # 2s 50.19 + ret = 0 50.20 50.21 xc = xen.lowlevel.xc.new() 50.22 pinfo = xc.physinfo() 50.23 - free_mem = pinfo['free_pages']/256 50.24 - if free_mem < opts.vals.memory + SLACK: 50.25 - need_mem = opts.vals.memory + SLACK - free_mem 50.26 - cur_alloc = get_dom0_alloc() 50.27 - if cur_alloc - need_mem >= dom0_min_mem: 50.28 - server.xend_domain_mem_target_set(0, cur_alloc - need_mem) 50.29 + free_mem = pinfo['free_pages'] / 256 50.30 + domU_need_mem = opts.vals.memory + SLACK 50.31 + 50.32 + dom0_cur_alloc = get_dom0_alloc() 50.33 + dom0_new_alloc = dom0_cur_alloc - (domU_need_mem - free_mem) 50.34 + 50.35 + if free_mem < domU_need_mem and dom0_new_alloc >= dom0_min_mem: 50.36 + 50.37 + server.xend_domain_mem_target_set(0, dom0_new_alloc) 50.38 + 50.39 + while dom0_cur_alloc > dom0_new_alloc and timeout > 0: 50.40 + time.sleep(0.1) # sleep 100ms 50.41 + dom0_cur_alloc = get_dom0_alloc() 50.42 + timeout -= 1 50.43 + 50.44 + if dom0_cur_alloc > dom0_new_alloc: 50.45 + ret = 1 50.46 + 50.47 del xc 50.48 + return ret 50.49 50.50 def main(argv): 50.51 random.seed() 50.52 @@ -717,7 +733,8 @@ def main(argv): 50.53 else: 50.54 dom0_min_mem = xroot.get_dom0_min_mem() 50.55 if dom0_min_mem != 0: 50.56 - balloon_out(dom0_min_mem, opts) 50.57 + if balloon_out(dom0_min_mem, opts): 50.58 + return 50.59 50.60 dom = make_domain(opts, config) 50.61 if opts.vals.console_autoconnect:
51.1 --- a/tools/python/xen/xm/main.py Fri Aug 19 10:18:53 2005 +0000 51.2 +++ b/tools/python/xen/xm/main.py Fri Aug 19 10:50:15 2005 +0000 51.3 @@ -200,7 +200,11 @@ def xm_migrate(args): 51.4 def xm_list(args): 51.5 use_long = 0 51.6 show_vcpus = 0 51.7 - (options, params) = getopt(args, 'lv', ['long','vcpus']) 51.8 + try: 51.9 + (options, params) = getopt(args, 'lv', ['long','vcpus']) 51.10 + except GetoptError, opterr: 51.11 + err(opterr) 51.12 + sys.exit(1) 51.13 51.14 n = len(params) 51.15 for (k, v) in options:
52.1 --- a/tools/security/Makefile Fri Aug 19 10:18:53 2005 +0000 52.2 +++ b/tools/security/Makefile Fri Aug 19 10:50:15 2005 +0000 52.3 @@ -2,28 +2,72 @@ XEN_ROOT = ../.. 52.4 include $(XEN_ROOT)/tools/Rules.mk 52.5 52.6 SRCS = secpol_tool.c 52.7 -CFLAGS += -static 52.8 CFLAGS += -Wall 52.9 CFLAGS += -Werror 52.10 CFLAGS += -O3 52.11 CFLAGS += -fno-strict-aliasing 52.12 -CFLAGS += -I. 52.13 +CFLAGS += -I. -I/usr/include/libxml2 52.14 +CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs ) 52.15 +#if above does not work, try -L/usr/lib -lxml2 -lz -lpthread -lm 52.16 +XML2VERSION = $(shell xml2-config --version ) 52.17 +VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; ) 52.18 52.19 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY) 52.20 +POLICY=null 52.21 +endif 52.22 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY) 52.23 +POLICY=chwall 52.24 +endif 52.25 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) 52.26 +POLICY=ste 52.27 +endif 52.28 +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) 52.29 +POLICY=chwall_ste 52.30 +endif 52.31 +POLICYFILE=./policies/$(POLICY)/$(POLICY).bin 52.32 + 52.33 +ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY) 52.34 all: build 52.35 + 52.36 +install:all 52.37 + 52.38 +default:all 52.39 +else 52.40 +all: 52.41 + 52.42 +install: 52.43 + 52.44 +default: 52.45 +endif 52.46 + 52.47 build: mk-symlinks 52.48 $(MAKE) secpol_tool 52.49 - 52.50 -default: all 52.51 + $(MAKE) secpol_xml2bin 52.52 + chmod 700 ./setlabel.sh 52.53 + chmod 700 ./updategrub.sh 52.54 52.55 -install: all 52.56 - 52.57 -secpol_tool : secpol_tool.c 52.58 +secpol_tool : secpol_tool.c secpol_compat.h 52.59 $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< 52.60 52.61 +secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h 52.62 + $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $< 52.63 + 52.64 clean: 52.65 - rm -rf secpol_tool xen 52.66 + rm -rf secpol_tool secpol_xml2bin xen 52.67 + 52.68 +policy_clean: 52.69 + rm -rf policies/*/*.bin policies/*/*.map 52.70 + 52.71 +mrproper: clean policy_clean 52.72 52.73 52.74 +$(POLICYFILE) : build 52.75 + @./secpol_xml2bin $(POLICY) > /dev/null 52.76 + 52.77 +boot_install: $(POLICYFILE) 52.78 + @cp $(POLICYFILE) /boot 52.79 + @./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT) 52.80 + 52.81 LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse 52.82 mk-symlinks: 52.83 [ -e xen/linux ] || mkdir -p xen/linux
53.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 53.2 +++ b/tools/security/example.txt Fri Aug 19 10:50:15 2005 +0000 53.3 @@ -0,0 +1,269 @@ 53.4 +## 53.5 +# example.txt <description to the xen access control architecture> 53.6 +# 53.7 +# Author: 53.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com> 53.9 +# 53.10 +# 53.11 +# This file introduces into the tools to manage policies 53.12 +# and to label domains and resources. 53.13 +## 53.14 + 53.15 +We will show how to install and use the chwall_ste policy. 53.16 +Other policies work similarly. Feedback welcome! 53.17 + 53.18 + 53.19 + 53.20 +1. Using secpol_xml2bin to translate the chwall_ste policy: 53.21 +=========================================================== 53.22 + 53.23 +#tools/security/secpol_xml2bin chwall_ste 53.24 + 53.25 +Successful execution should print: 53.26 + 53.27 + [root@laptopxn security]# ./secpol_xml2bin chwall_ste 53.28 + Validating label file policies/chwall_ste/chwall_ste-security_label_template.xml... 53.29 + XML Schema policies/security_policy.xsd valid. 53.30 + Validating policy file policies/chwall_ste/chwall_ste-security_policy.xml... 53.31 + XML Schema policies/security_policy.xsd valid. 53.32 + Creating ssid mappings ... 53.33 + Creating label mappings ... 53.34 + Max chwall labels: 7 53.35 + Max chwall-types: 4 53.36 + Max chwall-ssids: 5 53.37 + Max ste labels: 14 53.38 + Max ste-types: 6 53.39 + Max ste-ssids: 10 53.40 + 53.41 +The tool looks in directory policies/chwall_ste for 53.42 +the label and policy files. 53.43 + 53.44 +The default policy directory structure under tools/security looks like: 53.45 + 53.46 +policies 53.47 +|-- security_policy.xsd 53.48 +|-- chwall 53.49 +| |-- chwall-security_label_template.xml 53.50 +| `-- chwall-security_policy.xml 53.51 +|-- chwall_ste 53.52 +| |-- chwall_ste-security_label_template.xml 53.53 +| `-- chwall_ste-security_policy.xml 53.54 +|-- null 53.55 +| |-- null-security_label_template.xml 53.56 +| `-- null-security_policy.xml 53.57 +`-- ste 53.58 + |-- ste-security_label_template.xml 53.59 + `-- ste-security_policy.xml 53.60 + 53.61 +policies/security_policy.xsd contains the schema against which both the 53.62 +label-template and the policy files must validate during translation. 53.63 + 53.64 +policies/chwall_ste/chwall_ste-security_policy.xml defines the 53.65 +policies and the types known to the policies. 53.66 + 53.67 +policies/chwall_ste/chwall_ste-security_label_template.xml contains 53.68 +label definitions that group chwall and ste types together and make 53.69 +them easier to use for users 53.70 + 53.71 +After executing the above secpol_xml2bin command, you will find 2 new 53.72 +files in the policies/chwall_ste sub-directory: 53.73 + 53.74 +policies/chwall_ste/chwall_ste.map ... this file includes the mapping 53.75 +of names from the xml files into their binary code representation. 53.76 + 53.77 +policies/chwall_ste/chwall_ste.bin ... this is the binary policy file, 53.78 +the result of parsing the xml files and using the mapping to extract a 53.79 +binary version that can be loaded into the hypervisor. 53.80 + 53.81 + 53.82 + 53.83 +2. Loading and activating the policy: 53.84 +===================================== 53.85 + 53.86 +We assume that xen is already configured to use the chwall_ste policy; 53.87 +please refer to install.txt for instructions. 53.88 + 53.89 +To activate the policy from the command line (assuming that the 53.90 +currently established policy is the minimal boot-policy that is 53.91 +hard-coded into the hypervisor: 53.92 + 53.93 +# ./secpol_tool loadpolicy policies/chwall_ste/chwall_ste.bin 53.94 + 53.95 +To activate the policy at next reboot: 53.96 + 53.97 +# cp policies/chwall_ste/chwall_ste.bin /boot 53.98 + 53.99 +Add a module line to your /boot/grub/grub.conf Xen entry. 53.100 +My boot entry with chwall_ste enabled looks like this: 53.101 + 53.102 + title Xen (2.6.12) 53.103 + root (hd0,5) 53.104 + kernel /boot/xen.gz dom0_mem=1200000 console=vga 53.105 + module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb 53.106 + module /boot/initrd-2.6.12-xen0.img 53.107 + module /boot/chwall_ste.bin 53.108 + 53.109 +This tells the grub boot-loader to load the binary policy, which 53.110 +the hypervisor will recognize. The hypervisor will then establish 53.111 +this binary policy during boot instead of the minimal policy that 53.112 +is hardcoded as default. 53.113 + 53.114 +If you have any trouble here, maks sure you have the access control 53.115 +framework enabled (see: install.txt). 53.116 + 53.117 + 53.118 + 53.119 +3. Labeling domains: 53.120 +==================== 53.121 + 53.122 +a) Labeling Domain0: 53.123 + 53.124 +The chwall_ste-security_label_template.xml file includes an attribute 53.125 +"bootstrap", which is set to the label name that will be assigned to 53.126 +Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0). 53.127 + 53.128 +b) Labeling User Domains: 53.129 + 53.130 +Use the script tools/security/setlabel.sh to choose a label and to 53.131 +assign labels to user domains. 53.132 + 53.133 +To show available labels for the chwall_ste policy: 53.134 + 53.135 +#tools/security/setlabel.sh -l 53.136 + 53.137 +lists all available labels. For the default chwall_ste it should print 53.138 +the following: 53.139 + 53.140 + [root@laptopxn security]# ./setlabel.sh -l chwall_ste 53.141 + The following labels are available: 53.142 + dom_SystemManagement 53.143 + dom_HomeBanking 53.144 + dom_Fun 53.145 + dom_BoincClient 53.146 + dom_StorageDomain 53.147 + dom_NetworkDomain 53.148 + 53.149 +You need to have compiled the policy beforehand so that a .map file 53.150 +exists. Setlabel.sh uses the mapping file created throughout the 53.151 +policy translation to translate a user-friendly label string into a 53.152 +ssidref-number that is eventually used by the Xen hypervisor. 53.153 + 53.154 +We distinguish two kinds of labels: a) VM labels (for domains) and RES 53.155 +Labels (for resources). We are currently working on support for 53.156 +resource labeling but will focus here on VM labels. 53.157 + 53.158 +Setlabel.sh only prints VM labels (which we have prefixed with "dom_") 53.159 +since only those are used at this time. 53.160 + 53.161 +If you would like to assign the dom_HomeBanking label to one of your 53.162 +user domains (which you hopefully keep clean), look at an example 53.163 +domain configuration homebanking.xm: 53.164 + 53.165 + #------HOMEBANKING--------- 53.166 + kernel = "/boot/vmlinuz-2.6.12-xenU" 53.167 + ramdisk="/boot/U1_ramdisk.img" 53.168 + memory = 65 53.169 + name = "test34" 53.170 + cpu = -1 # leave to Xen to pick 53.171 + # Number of network interfaces. Default is 1. 53.172 + nics=1 53.173 + dhcp="dhcp" 53.174 + #------------------------- 53.175 + 53.176 +Now we label this domain 53.177 + 53.178 +[root@laptopxn security]# ./setlabel.sh homebanking.xm dom_HomeBanking chwall_ste 53.179 +Mapped label 'dom_HomeBanking' to ssidref '0x00020002'. 53.180 + 53.181 +The domain configuration my look now like: 53.182 + 53.183 + [root@laptopxn security]# cat homebanking.xm 53.184 + #------HOMEBANKING--------- 53.185 + kernel = "/boot/vmlinuz-2.6.12-xenU" 53.186 + ramdisk="/boot/U1_ramdisk.img" 53.187 + memory = 65 53.188 + name = "test34" 53.189 + cpu = -1 # leave to Xen to pick 53.190 + # Number of network interfaces. Default is 1. 53.191 + nics=1 53.192 + dhcp="dhcp" 53.193 + #------------------------- 53.194 + #ACM_POLICY=chwall_ste-security_policy.xml 53.195 + #ACM_LABEL=dom_HomeBanking 53.196 + ssidref = 0x00020002 53.197 + 53.198 +You can see 3 new entries, two of which are comments. The only value 53.199 +that the hypervisor cares about is the ssidref that will reference 53.200 +those types assigned to this label. You can look them up in the 53.201 +xml label-template file for the chwall_ste policy. 53.202 + 53.203 +This script will eventually move into the domain management and will 53.204 +be called when the domain is instantiated. For now, the setlabel 53.205 +script must be run on domains whenever the policy files change since 53.206 +the mapping between label names and ssidrefs can change in this case. 53.207 + 53.208 + 53.209 +4. Starting a labeled domain 53.210 +============================ 53.211 + 53.212 +Now, start the domain: 53.213 + #xm create -c homebanking.xm 53.214 + 53.215 + 53.216 +If you label another domain configuration as dom_Fun and try to start 53.217 +it afterwards, its start will fail. Why? 53.218 + 53.219 +Because the running homebanking domain has the chinese wall type 53.220 +"cw_Sensitive". The new domain dom_Fun has the chinese wall label 53.221 +"cw_Distrusted". This domain is not allowed to run simultaneously 53.222 +because of the defined conflict set 53.223 + 53.224 + <conflictset name="Protection1"> 53.225 + <type>cw_Sensitive</type> 53.226 + <type>cw_Distrusted</type> 53.227 + </conflictset> 53.228 + 53.229 +(in policies/chwall_ste/chwall_ste-security_policy.xml), which says 53.230 +that only one of the types cw_sensitive and cw_Distrusted can run at a 53.231 +time. 53.232 + 53.233 +If you save or shutdown the HomeBanking domain, you will be able to 53.234 +start the "Fun" domain. You can look into the Xen log to see if a 53.235 +domain was denied to start because of the access control framework 53.236 +with the command 'xm dmesg'. 53.237 + 53.238 +It is important (and usually non-trivial) to define the labels in a 53.239 +way that the semantics of the labels are enforced and supported by the 53.240 +types and the conflict sets. 53.241 + 53.242 +Note: While the chinese wall policy enforcement is complete, the type 53.243 +enforcement is currently enforced in the Xen hypervisor 53.244 +only. Therefore, only point-to-point sharing with regard to the type 53.245 +enforcement is currently controlled. We are working on enhancements to 53.246 +Dom0 that enforce types also for network traffic that is routed 53.247 +through Dom0 and on the enforcement of resource labeling when binding 53.248 +resources to domains (e.g., enforcing types between domains and 53.249 +hardware resources, such as disk partitions). 53.250 + 53.251 + 53.252 +4. Adding your own policies 53.253 +=========================== 53.254 + 53.255 +Writing your own policy (e.g. "mypolicy") requires the following: 53.256 + 53.257 +a) the policy definition (types etc.) file 53.258 +b) the label template definition (labels etc.) file 53.259 + 53.260 +If your policy name is "mypolicy", you need to create a 53.261 +subdirectory mypolicy in tools/security/policies. 53.262 + 53.263 +Then you create 53.264 +tools/security/policies/mypolicy/mypolicy-security_policy.xml and 53.265 +tools/security/policies/mypolicy/mypolicy-security_label_template.xml. 53.266 + 53.267 +You need to keep to the schema as defined in 53.268 +tools/security/security_policy.xsd since the translation tool 53.269 +secpol_xml2bin is written against this schema. 53.270 + 53.271 +If you keep to the security policy schema, then you can use all the 53.272 +tools described above. Refer to install.txt to install it.
54.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 54.2 +++ b/tools/security/install.txt Fri Aug 19 10:50:15 2005 +0000 54.3 @@ -0,0 +1,67 @@ 54.4 +## 54.5 +# install.txt <description to the xen access control architecture> 54.6 +# 54.7 +# Author: 54.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com> 54.9 +# 54.10 +# 54.11 +# This file shows how to activate and install the access control 54.12 +# framework. 54.13 +## 54.14 + 54.15 + 54.16 +INSTALLING A SECURITY POLICY IN XEN 54.17 +=================================== 54.18 + 54.19 +By default, the access control architecture is disabled in Xen. To 54.20 +enable the access control architecture in Xen follow the steps below. 54.21 +This description assumes that you want to install the Chinese Wall and 54.22 +Simple Type Enforcement policy. Some file names need to be replaced 54.23 +below to activate the Chinese Wall OR the Type Enforcement policy 54.24 +exclusively (chwall_ste --> {chwall, ste}). 54.25 + 54.26 +1. enable access control in Xen 54.27 + # cd "xen_root" 54.28 + # edit/xemacs/vi Config.mk 54.29 + 54.30 + change the line: 54.31 + ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY 54.32 + 54.33 + to: 54.34 + ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 54.35 + 54.36 + # make all 54.37 + # ./install.sh 54.38 + 54.39 +2. compile the policy from xml to a binary format that can be loaded 54.40 + into the hypervisor for enforcement 54.41 + # cd tools/security 54.42 + # make 54.43 + 54.44 + manual steps (alternative to make boot_install): 54.45 + #./secpol_xml2bin chwall_ste 54.46 + #cp policies/chwall_ste/chwall_ste.bin /boot 54.47 + #edit /boot/grub/grub.conf 54.48 + add the follwoing line to your xen boot entry: 54.49 + "module chwall_ste.bin" 54.50 + 54.51 + alternatively, you can try our automatic translation and 54.52 + installation of the policy: 54.53 + # make boot_install 54.54 + 54.55 + [we try hard to do the right thing to the right boot entry but 54.56 + please verify boot entry in /boot/grub/grub.conf afterwards; 54.57 + your xen boot entry should have an additional module line 54.58 + specifying a chwall_ste.bin file with the correct directory 54.59 + (e.g. "/" or "/boot").] 54.60 + 54.61 + 54.62 +3. reboot into the newly compiled hypervisor 54.63 + 54.64 + after boot 54.65 + #xm dmesg should show an entry about the policy being loaded 54.66 + during the boot process 54.67 + 54.68 + #tools/security/secpol_tool getpolicy 54.69 + should print the new chwall_ste binary policy representation 54.70 +
55.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 55.2 +++ b/tools/security/policies/chwall/chwall-security_label_template.xml Fri Aug 19 10:50:15 2005 +0000 55.3 @@ -0,0 +1,76 @@ 55.4 +<?xml version="1.0"?> 55.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 55.6 +<!-- This file defines the security labels, which can --> 55.7 +<!-- be attached to Domains and resources. Based on --> 55.8 +<!-- these labels, the access control module decides --> 55.9 +<!-- about sharing between Domains and about access --> 55.10 +<!-- of Domains to real resources. --> 55.11 + 55.12 +<SecurityLabelTemplate 55.13 + xmlns="http://www.ibm.com" 55.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 55.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 55.16 + <LabelHeader> 55.17 + <Name>chwall-security_label_template</Name> 55.18 + <Date>2005-08-10</Date> 55.19 + <PolicyName> 55.20 + <Url>chwall-security_policy.xml</Url> 55.21 + <Reference>abcdef123456abcdef</Reference> 55.22 + </PolicyName> 55.23 + </LabelHeader> 55.24 + 55.25 + <SubjectLabels bootstrap="dom_SystemManagement"> 55.26 + <!-- single ste typed domains --> 55.27 + <!-- ACM enforces that only domains with --> 55.28 + <!-- the same type can share information --> 55.29 + <!-- --> 55.30 + <!-- Bootstrap label is assigned to Dom0 --> 55.31 + <VirtualMachineLabel> 55.32 + <Name>dom_HomeBanking</Name> 55.33 + <ChineseWallTypes> 55.34 + <Type>cw_Sensitive</Type> 55.35 + </ChineseWallTypes> 55.36 + </VirtualMachineLabel> 55.37 + 55.38 + <VirtualMachineLabel> 55.39 + <Name>dom_Fun</Name> 55.40 + <ChineseWallTypes> 55.41 + <Type>cw_Distrusted</Type> 55.42 + </ChineseWallTypes> 55.43 + </VirtualMachineLabel> 55.44 + 55.45 + <VirtualMachineLabel> 55.46 + <!-- donating some cycles to seti@home --> 55.47 + <Name>dom_BoincClient</Name> 55.48 + <ChineseWallTypes> 55.49 + <Type>cw_Isolated</Type> 55.50 + </ChineseWallTypes> 55.51 + </VirtualMachineLabel> 55.52 + 55.53 + <!-- Domains with multiple ste types services; such domains --> 55.54 + <!-- must keep the types inside their domain safely confined. --> 55.55 + <VirtualMachineLabel> 55.56 + <Name>dom_SystemManagement</Name> 55.57 + <ChineseWallTypes> 55.58 + <Type>cw_SystemManagement</Type> 55.59 + </ChineseWallTypes> 55.60 + </VirtualMachineLabel> 55.61 + 55.62 + <VirtualMachineLabel> 55.63 + <!-- serves persistent storage to other domains --> 55.64 + <Name>dom_StorageDomain</Name> 55.65 + <ChineseWallTypes> 55.66 + <Type>cw_SystemManagement</Type> 55.67 + </ChineseWallTypes> 55.68 + </VirtualMachineLabel> 55.69 + 55.70 + <VirtualMachineLabel> 55.71 + <!-- serves network access to other domains --> 55.72 + <Name>dom_NetworkDomain</Name> 55.73 + <ChineseWallTypes> 55.74 + <Type>cw_SystemManagement</Type> 55.75 + </ChineseWallTypes> 55.76 + </VirtualMachineLabel> 55.77 + </SubjectLabels> 55.78 +</SecurityLabelTemplate> 55.79 +
56.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 56.2 +++ b/tools/security/policies/chwall/chwall-security_policy.xml Fri Aug 19 10:50:15 2005 +0000 56.3 @@ -0,0 +1,36 @@ 56.4 +<?xml version="1.0" encoding="UTF-8"?> 56.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 56.6 +<!-- This file defines the security policies, which --> 56.7 +<!-- can be enforced by the Xen Access Control Module. --> 56.8 +<!-- Currently: Chinese Wall and Simple Type Enforcement--> 56.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" 56.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 56.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 56.12 +<PolicyHeader> 56.13 + <Name>chwall-security_policy</Name> 56.14 + <Date>2005-08-10</Date> 56.15 +</PolicyHeader> 56.16 +<!-- --> 56.17 +<!-- example of a chinese wall type definition --> 56.18 +<!-- along with its conflict sets --> 56.19 +<!-- (typse in a confict set are exclusive, i.e. --> 56.20 +<!-- once a Domain with one type of a set is --> 56.21 +<!-- running, no other Domain with another type --> 56.22 +<!-- of the same conflict set can start.) --> 56.23 + <ChineseWall priority="PrimaryPolicyComponent"> 56.24 + <ChineseWallTypes> 56.25 + <Type>cw_SystemManagement</Type> 56.26 + <Type>cw_Sensitive</Type> 56.27 + <Type>cw_Isolated</Type> 56.28 + <Type>cw_Distrusted</Type> 56.29 + </ChineseWallTypes> 56.30 + 56.31 + <ConflictSets> 56.32 + <Conflict name="Protection1"> 56.33 + <Type>cw_Sensitive</Type> 56.34 + <Type>cw_Distrusted</Type> 56.35 + </Conflict> 56.36 + </ConflictSets> 56.37 + </ChineseWall> 56.38 +</SecurityPolicyDefinition> 56.39 +
57.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 57.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml Fri Aug 19 10:50:15 2005 +0000 57.3 @@ -0,0 +1,167 @@ 57.4 +<?xml version="1.0"?> 57.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 57.6 +<!-- This file defines the security labels, which can --> 57.7 +<!-- be attached to Domains and resources. Based on --> 57.8 +<!-- these labels, the access control module decides --> 57.9 +<!-- about sharing between Domains and about access --> 57.10 +<!-- of Domains to real resources. --> 57.11 + 57.12 +<SecurityLabelTemplate 57.13 + xmlns="http://www.ibm.com" 57.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 57.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 57.16 + <LabelHeader> 57.17 + <Name>chwall_ste-security_label_template</Name> 57.18 + <Date>2005-08-10</Date> 57.19 + <PolicyName> 57.20 + <Url>chwall_ste-security_policy.xml</Url> 57.21 + <Reference>abcdef123456abcdef</Reference> 57.22 + </PolicyName> 57.23 + </LabelHeader> 57.24 + 57.25 + <SubjectLabels bootstrap="dom_SystemManagement"> 57.26 + <!-- single ste typed domains --> 57.27 + <!-- ACM enforces that only domains with --> 57.28 + <!-- the same type can share information --> 57.29 + <!-- --> 57.30 + <!-- Bootstrap label is assigned to Dom0 --> 57.31 + <VirtualMachineLabel> 57.32 + <Name>dom_HomeBanking</Name> 57.33 + <SimpleTypeEnforcementTypes> 57.34 + <Type>ste_PersonalFinances</Type> 57.35 + </SimpleTypeEnforcementTypes> 57.36 + 57.37 + <ChineseWallTypes> 57.38 + <Type>cw_Sensitive</Type> 57.39 + </ChineseWallTypes> 57.40 + </VirtualMachineLabel> 57.41 + 57.42 + <VirtualMachineLabel> 57.43 + <Name>dom_Fun</Name> 57.44 + <SimpleTypeEnforcementTypes> 57.45 + <Type>ste_InternetInsecure</Type> 57.46 + </SimpleTypeEnforcementTypes> 57.47 + 57.48 + <ChineseWallTypes> 57.49 + <Type>cw_Distrusted</Type> 57.50 + </ChineseWallTypes> 57.51 + </VirtualMachineLabel> 57.52 + 57.53 + <VirtualMachineLabel> 57.54 + <!-- donating some cycles to seti@home --> 57.55 + <Name>dom_BoincClient</Name> 57.56 + <SimpleTypeEnforcementTypes> 57.57 + <Type>ste_DonatedCycles</Type> 57.58 + </SimpleTypeEnforcementTypes> 57.59 + 57.60 + <ChineseWallTypes> 57.61 + <Type>cw_Isolated</Type> 57.62 + </ChineseWallTypes> 57.63 + </VirtualMachineLabel> 57.64 + 57.65 + <!-- Domains with multiple ste types services; such domains --> 57.66 + <!-- must keep the types inside their domain safely confined. --> 57.67 + <VirtualMachineLabel> 57.68 + <Name>dom_SystemManagement</Name> 57.69 + <SimpleTypeEnforcementTypes> 57.70 + <!-- since dom0 needs access to every domain and --> 57.71 + <!-- resource right now ... --> 57.72 + <Type>ste_SystemManagement</Type> 57.73 + <Type>ste_PersonalFinances</Type> 57.74 + <Type>ste_InternetInsecure</Type> 57.75 + <Type>ste_DonatedCycles</Type> 57.76 + <Type>ste_PersistentStorageA</Type> 57.77 + <Type>ste_NetworkAdapter0</Type> 57.78 + </SimpleTypeEnforcementTypes> 57.79 + 57.80 + <ChineseWallTypes> 57.81 + <Type>cw_SystemManagement</Type> 57.82 + </ChineseWallTypes> 57.83 + </VirtualMachineLabel> 57.84 + 57.85 + <VirtualMachineLabel> 57.86 + <!-- serves persistent storage to other domains --> 57.87 + <Name>dom_StorageDomain</Name> 57.88 + <SimpleTypeEnforcementTypes> 57.89 + <!-- access right to the resource (hard drive a) --> 57.90 + <Type>ste_PersistentStorageA</Type> 57.91 + <!-- can serve following types --> 57.92 + <Type>ste_PersonalFinances</Type> 57.93 + <Type>ste_InternetInsecure</Type> 57.94 + </SimpleTypeEnforcementTypes> 57.95 + 57.96 + <ChineseWallTypes> 57.97 + <Type>cw_SystemManagement</Type> 57.98 + </ChineseWallTypes> 57.99 + </VirtualMachineLabel> 57.100 + 57.101 + <VirtualMachineLabel> 57.102 + <!-- serves network access to other domains --> 57.103 + <Name>dom_NetworkDomain</Name> 57.104 + <SimpleTypeEnforcementTypes> 57.105 + <!-- access right to the resource (ethernet card) --> 57.106 + <Type>ste_NetworkAdapter0</Type> 57.107 + <!-- can serve following types --> 57.108 + <Type>ste_PersonalFinances</Type> 57.109 + <Type>ste_InternetInsecure</Type> 57.110 + <Type>ste_DonatedCycles</Type> 57.111 + </SimpleTypeEnforcementTypes> 57.112 + 57.113 + <ChineseWallTypes> 57.114 + <Type>cw_SystemManagement</Type> 57.115 + </ChineseWallTypes> 57.116 + </VirtualMachineLabel> 57.117 + </SubjectLabels> 57.118 + 57.119 + <ObjectLabels> 57.120 + <ResourceLabel> 57.121 + <Name>res_ManagementResource</Name> 57.122 + <SimpleTypeEnforcementTypes> 57.123 + <Type>ste_SystemManagement</Type> 57.124 + </SimpleTypeEnforcementTypes> 57.125 + </ResourceLabel> 57.126 + 57.127 + <ResourceLabel> 57.128 + <Name>res_HardDrive (hda)</Name> 57.129 + <SimpleTypeEnforcementTypes> 57.130 + <Type>ste_PersistentStorageA</Type> 57.131 + </SimpleTypeEnforcementTypes> 57.132 + </ResourceLabel> 57.133 + 57.134 + <ResourceLabel> 57.135 + <Name>res_LogicalDiskPartition1 (hda1)</Name> 57.136 + <SimpleTypeEnforcementTypes> 57.137 + <Type>ste_PersonalFinances</Type> 57.138 + </SimpleTypeEnforcementTypes> 57.139 + </ResourceLabel> 57.140 + 57.141 + <ResourceLabel> 57.142 + <Name>res_LogicalDiskPartition2 (hda2)</Name> 57.143 + <SimpleTypeEnforcementTypes> 57.144 + <Type>ste_InternetInsecure</Type> 57.145 + </SimpleTypeEnforcementTypes> 57.146 + </ResourceLabel> 57.147 + 57.148 + <ResourceLabel> 57.149 + <Name>res_EthernetCard</Name> 57.150 + <SimpleTypeEnforcementTypes> 57.151 + <Type>ste_NetworkAdapter0</Type> 57.152 + </SimpleTypeEnforcementTypes> 57.153 + </ResourceLabel> 57.154 + 57.155 + <ResourceLabel> 57.156 + <Name>res_SecurityToken</Name> 57.157 + <SimpleTypeEnforcementTypes> 57.158 + <Type>ste_PersonalFinances</Type> 57.159 + </SimpleTypeEnforcementTypes> 57.160 + </ResourceLabel> 57.161 + 57.162 + <ResourceLabel> 57.163 + <Name>res_GraphicsAdapter</Name> 57.164 + <SimpleTypeEnforcementTypes> 57.165 + <Type>ste_SystemManagement</Type> 57.166 + </SimpleTypeEnforcementTypes> 57.167 + </ResourceLabel> 57.168 + </ObjectLabels> 57.169 +</SecurityLabelTemplate> 57.170 +
58.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 58.2 +++ b/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml Fri Aug 19 10:50:15 2005 +0000 58.3 @@ -0,0 +1,49 @@ 58.4 +<?xml version="1.0" encoding="UTF-8"?> 58.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 58.6 +<!-- This file defines the security policies, which --> 58.7 +<!-- can be enforced by the Xen Access Control Module. --> 58.8 +<!-- Currently: Chinese Wall and Simple Type Enforcement--> 58.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" 58.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 58.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 58.12 +<PolicyHeader> 58.13 + <Name>chwall_ste-security_policy</Name> 58.14 + <Date>2005-08-10</Date> 58.15 +</PolicyHeader> 58.16 +<!-- --> 58.17 +<!-- example of a simple type enforcement policy definition --> 58.18 +<!-- --> 58.19 + <SimpleTypeEnforcement> 58.20 + <SimpleTypeEnforcementTypes> 58.21 + <Type>ste_SystemManagement</Type> <!-- machine/security management --> 58.22 + <Type>ste_PersonalFinances</Type> <!-- personal finances --> 58.23 + <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. --> 58.24 + <Type>ste_DonatedCycles</Type> <!-- donation to BOINC/seti@home --> 58.25 + <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A--> 58.26 + <Type>ste_NetworkAdapter0</Type> <!-- type of the domain managing ethernet adapter 0--> 58.27 + </SimpleTypeEnforcementTypes> 58.28 + </SimpleTypeEnforcement> 58.29 +<!-- --> 58.30 +<!-- example of a chinese wall type definition --> 58.31 +<!-- along with its conflict sets --> 58.32 +<!-- (typse in a confict set are exclusive, i.e. --> 58.33 +<!-- once a Domain with one type of a set is --> 58.34 +<!-- running, no other Domain with another type --> 58.35 +<!-- of the same conflict set can start.) --> 58.36 + <ChineseWall priority="PrimaryPolicyComponent"> 58.37 + <ChineseWallTypes> 58.38 + <Type>cw_SystemManagement</Type> 58.39 + <Type>cw_Sensitive</Type> 58.40 + <Type>cw_Isolated</Type> 58.41 + <Type>cw_Distrusted</Type> 58.42 + </ChineseWallTypes> 58.43 + 58.44 + <ConflictSets> 58.45 + <Conflict name="Protection1"> 58.46 + <Type>cw_Sensitive</Type> 58.47 + <Type>cw_Distrusted</Type> 58.48 + </Conflict> 58.49 + </ConflictSets> 58.50 + </ChineseWall> 58.51 +</SecurityPolicyDefinition> 58.52 +
59.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 59.2 +++ b/tools/security/policies/null/null-security_label_template.xml Fri Aug 19 10:50:15 2005 +0000 59.3 @@ -0,0 +1,24 @@ 59.4 +<?xml version="1.0"?> 59.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 59.6 +<!-- This file defines the security labels, which can --> 59.7 +<!-- be attached to Domains and resources. Based on --> 59.8 +<!-- these labels, the access control module decides --> 59.9 +<!-- about sharing between Domains and about access --> 59.10 +<!-- of Domains to real resources. --> 59.11 + 59.12 +<SecurityLabelTemplate 59.13 + xmlns="http://www.ibm.com" 59.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 59.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 59.16 + <LabelHeader> 59.17 + <Name>null-security_label_template</Name> 59.18 + 59.19 + <Date>2005-08-10</Date> 59.20 + <PolicyName> 59.21 + <Url>null-security_policy.xml</Url> 59.22 + 59.23 + <Reference>abcdef123456abcdef</Reference> 59.24 + </PolicyName> 59.25 + </LabelHeader> 59.26 +</SecurityLabelTemplate> 59.27 +
60.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 60.2 +++ b/tools/security/policies/null/null-security_policy.xml Fri Aug 19 10:50:15 2005 +0000 60.3 @@ -0,0 +1,14 @@ 60.4 +<?xml version="1.0" encoding="UTF-8"?> 60.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 60.6 +<!-- This file defines the security policies, which --> 60.7 +<!-- can be enforced by the Xen Access Control Module. --> 60.8 +<!-- Currently: Chinese Wall and Simple Type Enforcement--> 60.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" 60.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 60.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 60.12 +<PolicyHeader> 60.13 + <Name>null-security_policy</Name> 60.14 + <Date>2005-08-10</Date> 60.15 +</PolicyHeader> 60.16 +</SecurityPolicyDefinition> 60.17 +
61.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 61.2 +++ b/tools/security/policies/security_policy.xsd Fri Aug 19 10:50:15 2005 +0000 61.3 @@ -0,0 +1,138 @@ 61.4 +<?xml version="1.0" encoding="UTF-8"?> 61.5 +<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com --> 61.6 +<!-- This file defines the schema, which is used to define --> 61.7 +<!-- the security policy and the security labels in Xe. --> 61.8 + 61.9 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified"> 61.10 + <xsd:element name="SecurityPolicyDefinition"> 61.11 + <xsd:complexType> 61.12 + <xsd:sequence> 61.13 + <xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element> 61.14 + <xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element> 61.15 + <xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element> 61.16 + </xsd:sequence> 61.17 + </xsd:complexType> 61.18 + </xsd:element> 61.19 + <xsd:element name="SecurityLabelTemplate"> 61.20 + <xsd:complexType> 61.21 + <xsd:sequence> 61.22 + <xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element> 61.23 + <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1"> 61.24 + <xsd:complexType> 61.25 + <xsd:sequence> 61.26 + <xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element> 61.27 + </xsd:sequence> 61.28 + <xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute> 61.29 + </xsd:complexType> 61.30 + </xsd:element> 61.31 + <xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1"> 61.32 + <xsd:complexType> 61.33 + <xsd:sequence> 61.34 + <xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element> 61.35 + </xsd:sequence> 61.36 + </xsd:complexType> 61.37 + </xsd:element> 61.38 + </xsd:sequence> 61.39 + </xsd:complexType> 61.40 + </xsd:element> 61.41 + <xsd:element name="PolicyHeader"> 61.42 + <xsd:complexType> 61.43 + <xsd:sequence> 61.44 + <xsd:element ref="Name" minOccurs="1" maxOccurs="1" /> 61.45 + <xsd:element ref="Date" minOccurs="1" maxOccurs="1" /> 61.46 + </xsd:sequence> 61.47 + </xsd:complexType> 61.48 + </xsd:element> 61.49 + <xsd:element name="LabelHeader"> 61.50 + <xsd:complexType> 61.51 + <xsd:sequence> 61.52 + <xsd:element ref="Name"></xsd:element> 61.53 + <xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element> 61.54 + <xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element> 61.55 + </xsd:sequence> 61.56 + </xsd:complexType> 61.57 + </xsd:element> 61.58 + <xsd:element name="SimpleTypeEnforcement"> 61.59 + <xsd:complexType> 61.60 + <xsd:sequence> 61.61 + <xsd:element ref="SimpleTypeEnforcementTypes" /> 61.62 + </xsd:sequence> 61.63 + <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> 61.64 + </xsd:complexType> 61.65 + </xsd:element> 61.66 + <xsd:element name="ChineseWall"> 61.67 + <xsd:complexType> 61.68 + <xsd:sequence> 61.69 + <xsd:element ref="ChineseWallTypes" /> 61.70 + <xsd:element ref="ConflictSets" /> 61.71 + </xsd:sequence> 61.72 + <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> 61.73 + </xsd:complexType> 61.74 + </xsd:element> 61.75 + <xsd:element name="ChineseWallTypes"> 61.76 + <xsd:complexType> 61.77 + <xsd:sequence> 61.78 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> 61.79 + </xsd:sequence> 61.80 + </xsd:complexType> 61.81 + </xsd:element> 61.82 + <xsd:element name="ConflictSets"> 61.83 + <xsd:complexType> 61.84 + <xsd:sequence> 61.85 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Conflict" /> 61.86 + </xsd:sequence> 61.87 + </xsd:complexType> 61.88 + </xsd:element> 61.89 + <xsd:element name="SimpleTypeEnforcementTypes"> 61.90 + <xsd:complexType> 61.91 + <xsd:sequence> 61.92 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> 61.93 + </xsd:sequence> 61.94 + </xsd:complexType> 61.95 + </xsd:element> 61.96 + <xsd:element name="Conflict"> 61.97 + <xsd:complexType> 61.98 + <xsd:sequence> 61.99 + <xsd:element maxOccurs="unbounded" minOccurs="1" ref="Type" /> 61.100 + </xsd:sequence> 61.101 + <xsd:attribute name="name" type="xsd:string" use="optional"></xsd:attribute> 61.102 + </xsd:complexType> 61.103 + </xsd:element> 61.104 + <xsd:element name="VirtualMachineLabel"> 61.105 + <xsd:complexType> 61.106 + <xsd:sequence> 61.107 + <xsd:element ref="Name"></xsd:element> 61.108 + <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" /> 61.109 + <xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" /> 61.110 + </xsd:sequence> 61.111 + </xsd:complexType> 61.112 + </xsd:element> 61.113 + <xsd:element name="ResourceLabel"> 61.114 + <xsd:complexType> 61.115 + <xsd:sequence> 61.116 + <xsd:element ref="Name"></xsd:element> 61.117 + <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" /> 61.118 + </xsd:sequence> 61.119 + </xsd:complexType> 61.120 + </xsd:element> 61.121 + <xsd:element name="PolicyName"> 61.122 + <xsd:complexType> 61.123 + <xsd:sequence> 61.124 + <xsd:element ref="Url" /> 61.125 + <xsd:element ref="Reference" /> 61.126 + </xsd:sequence> 61.127 + </xsd:complexType> 61.128 + </xsd:element> 61.129 + <xsd:element name="Date" type="xsd:string" /> 61.130 + <xsd:element name="Name" type="xsd:string" /> 61.131 + <xsd:element name="Type" type="xsd:string" /> 61.132 + <xsd:element name="Reference" type="xsd:string" /> 61.133 + <xsd:element name="Url"></xsd:element> 61.134 + 61.135 + <xsd:simpleType name="PolicyOrder"> 61.136 + <xsd:restriction base="xsd:string"> 61.137 + <xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration> 61.138 + </xsd:restriction> 61.139 + </xsd:simpleType> 61.140 + 61.141 +</xsd:schema>
62.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 62.2 +++ b/tools/security/policies/ste/ste-security_label_template.xml Fri Aug 19 10:50:15 2005 +0000 62.3 @@ -0,0 +1,143 @@ 62.4 +<?xml version="1.0"?> 62.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 62.6 +<!-- This file defines the security labels, which can --> 62.7 +<!-- be attached to Domains and resources. Based on --> 62.8 +<!-- these labels, the access control module decides --> 62.9 +<!-- about sharing between Domains and about access --> 62.10 +<!-- of Domains to real resources. --> 62.11 + 62.12 +<SecurityLabelTemplate 62.13 + xmlns="http://www.ibm.com" 62.14 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 62.15 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 62.16 + <LabelHeader> 62.17 + <Name>ste-security_label_template</Name> 62.18 + <Date>2005-08-10</Date> 62.19 + <PolicyName> 62.20 + <Url>ste-security_policy.xml</Url> 62.21 + <Reference>abcdef123456abcdef</Reference> 62.22 + </PolicyName> 62.23 + </LabelHeader> 62.24 + 62.25 + <SubjectLabels bootstrap="dom_SystemManagement"> 62.26 + <!-- single ste typed domains --> 62.27 + <!-- ACM enforces that only domains with --> 62.28 + <!-- the same type can share information --> 62.29 + <!-- --> 62.30 + <!-- Bootstrap label is assigned to Dom0 --> 62.31 + <VirtualMachineLabel> 62.32 + <Name>dom_HomeBanking</Name> 62.33 + <SimpleTypeEnforcementTypes> 62.34 + <Type>ste_PersonalFinances</Type> 62.35 + </SimpleTypeEnforcementTypes> 62.36 + </VirtualMachineLabel> 62.37 + 62.38 + <VirtualMachineLabel> 62.39 + <Name>dom_Fun</Name> 62.40 + <SimpleTypeEnforcementTypes> 62.41 + <Type>ste_InternetInsecure</Type> 62.42 + </SimpleTypeEnforcementTypes> 62.43 + </VirtualMachineLabel> 62.44 + 62.45 + <VirtualMachineLabel> 62.46 + <!-- donating some cycles to seti@home --> 62.47 + <Name>dom_BoincClient</Name> 62.48 + <SimpleTypeEnforcementTypes> 62.49 + <Type>ste_DonatedCycles</Type> 62.50 + </SimpleTypeEnforcementTypes> 62.51 + </VirtualMachineLabel> 62.52 + 62.53 + <!-- Domains with multiple ste types services; such domains --> 62.54 + <!-- must keep the types inside their domain safely confined. --> 62.55 + <VirtualMachineLabel> 62.56 + <Name>dom_SystemManagement</Name> 62.57 + <SimpleTypeEnforcementTypes> 62.58 + <!-- since dom0 needs access to every domain and --> 62.59 + <!-- resource right now ... --> 62.60 + <Type>ste_SystemManagement</Type> 62.61 + <Type>ste_PersonalFinances</Type> 62.62 + <Type>ste_InternetInsecure</Type> 62.63 + <Type>ste_DonatedCycles</Type> 62.64 + <Type>ste_PersistentStorageA</Type> 62.65 + <Type>ste_NetworkAdapter0</Type> 62.66 + </SimpleTypeEnforcementTypes> 62.67 + </VirtualMachineLabel> 62.68 + 62.69 + <VirtualMachineLabel> 62.70 + <!-- serves persistent storage to other domains --> 62.71 + <Name>dom_StorageDomain</Name> 62.72 + <SimpleTypeEnforcementTypes> 62.73 + <!-- access right to the resource (hard drive a) --> 62.74 + <Type>ste_PersistentStorageA</Type> 62.75 + <!-- can serve following types --> 62.76 + <Type>ste_PersonalFinances</Type> 62.77 + <Type>ste_InternetInsecure</Type> 62.78 + </SimpleTypeEnforcementTypes> 62.79 + </VirtualMachineLabel> 62.80 + 62.81 + <VirtualMachineLabel> 62.82 + <!-- serves network access to other domains --> 62.83 + <Name>dom_NetworkDomain</Name> 62.84 + <SimpleTypeEnforcementTypes> 62.85 + <!-- access right to the resource (ethernet card) --> 62.86 + <Type>ste_NetworkAdapter0</Type> 62.87 + <!-- can serve following types --> 62.88 + <Type>ste_PersonalFinances</Type> 62.89 + <Type>ste_InternetInsecure</Type> 62.90 + <Type>ste_DonatedCycles</Type> 62.91 + </SimpleTypeEnforcementTypes> 62.92 + </VirtualMachineLabel> 62.93 + </SubjectLabels> 62.94 + 62.95 + <ObjectLabels> 62.96 + <ResourceLabel> 62.97 + <Name>res_ManagementResource</Name> 62.98 + <SimpleTypeEnforcementTypes> 62.99 + <Type>ste_SystemManagement</Type> 62.100 + </SimpleTypeEnforcementTypes> 62.101 + </ResourceLabel> 62.102 + 62.103 + <ResourceLabel> 62.104 + <Name>res_HardDrive (hda)</Name> 62.105 + <SimpleTypeEnforcementTypes> 62.106 + <Type>ste_PersistentStorageA</Type> 62.107 + </SimpleTypeEnforcementTypes> 62.108 + </ResourceLabel> 62.109 + 62.110 + <ResourceLabel> 62.111 + <Name>res_LogicalDiskPartition1 (hda1)</Name> 62.112 + <SimpleTypeEnforcementTypes> 62.113 + <Type>ste_PersonalFinances</Type> 62.114 + </SimpleTypeEnforcementTypes> 62.115 + </ResourceLabel> 62.116 + 62.117 + <ResourceLabel> 62.118 + <Name>res_LogicalDiskPartition2 (hda2)</Name> 62.119 + <SimpleTypeEnforcementTypes> 62.120 + <Type>ste_InternetInsecure</Type> 62.121 + </SimpleTypeEnforcementTypes> 62.122 + </ResourceLabel> 62.123 + 62.124 + <ResourceLabel> 62.125 + <Name>res_EthernetCard</Name> 62.126 + <SimpleTypeEnforcementTypes> 62.127 + <Type>ste_NetworkAdapter0</Type> 62.128 + </SimpleTypeEnforcementTypes> 62.129 + </ResourceLabel> 62.130 + 62.131 + <ResourceLabel> 62.132 + <Name>res_SecurityToken</Name> 62.133 + <SimpleTypeEnforcementTypes> 62.134 + <Type>ste_PersonalFinances</Type> 62.135 + </SimpleTypeEnforcementTypes> 62.136 + </ResourceLabel> 62.137 + 62.138 + <ResourceLabel> 62.139 + <Name>res_GraphicsAdapter</Name> 62.140 + <SimpleTypeEnforcementTypes> 62.141 + <Type>ste_SystemManagement</Type> 62.142 + </SimpleTypeEnforcementTypes> 62.143 + </ResourceLabel> 62.144 + </ObjectLabels> 62.145 +</SecurityLabelTemplate> 62.146 +
63.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 63.2 +++ b/tools/security/policies/ste/ste-security_policy.xml Fri Aug 19 10:50:15 2005 +0000 63.3 @@ -0,0 +1,27 @@ 63.4 +<?xml version="1.0" encoding="UTF-8"?> 63.5 +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> 63.6 +<!-- This file defines the security policies, which --> 63.7 +<!-- can be enforced by the Xen Access Control Module. --> 63.8 +<!-- Currently: Chinese Wall and Simple Type Enforcement--> 63.9 +<SecurityPolicyDefinition xmlns="http://www.ibm.com" 63.10 + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 63.11 + xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> 63.12 +<PolicyHeader> 63.13 + <Name>ste-security_policy</Name> 63.14 + <Date>2005-08-10</Date> 63.15 +</PolicyHeader> 63.16 +<!-- --> 63.17 +<!-- example of a simple type enforcement policy definition --> 63.18 +<!-- --> 63.19 + <SimpleTypeEnforcement> 63.20 + <SimpleTypeEnforcementTypes> 63.21 + <Type>ste_SystemManagement</Type> <!-- machine/security management --> 63.22 + <Type>ste_PersonalFinances</Type> <!-- personal finances --> 63.23 + <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. --> 63.24 + <Type>ste_DonatedCycles</Type> <!-- donation to BOINC/seti@home --> 63.25 + <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A--> 63.26 + <Type>ste_NetworkAdapter0</Type> <!-- type of the domain managing ethernet adapter 0--> 63.27 + </SimpleTypeEnforcementTypes> 63.28 + </SimpleTypeEnforcement> 63.29 +</SecurityPolicyDefinition> 63.30 +
64.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 64.2 +++ b/tools/security/policy.txt Fri Aug 19 10:50:15 2005 +0000 64.3 @@ -0,0 +1,405 @@ 64.4 +## 64.5 +# policy.txt <description to the Xen access control architecture> 64.6 +# 64.7 +# Author: 64.8 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com> 64.9 +# 64.10 +# 64.11 +# This file gives an overview of the security policies currently 64.12 +# provided and also gives some reasoning about how to assign 64.13 +# labels to domains. 64.14 +## 64.15 + 64.16 +Xen access control policies 64.17 + 64.18 + 64.19 +General explanation of supported security policies: 64.20 +===================================================== 64.21 + 64.22 +We have implemented the mandatory access control architecture of our 64.23 +hypervisor security architecture (sHype) for the Xen hypervisor. It 64.24 +controls communication (in Xen: event channels, grant tables) between 64.25 +Virtual Machines (from here on called domains) and through this the 64.26 +virtual block devices, networking, and shared memory are implemented 64.27 +on top of these communication means. While we have implemented the 64.28 +described policies and access control architecture for other 64.29 +hypervisor systems, we will describe below specifically its 64.30 +implementation and use in the Xen hypervisor. The policy enforcement 64.31 +is called mandatory regarding user domains since the policy it is 64.32 +given by the security administration and enforced independently of the 64.33 +user domains by the Xen hypervisor in cooperation with the domain 64.34 +management. 64.35 + 64.36 +The access control architecture consists of three parts: 64.37 + 64.38 +i) The access control policy determines the "command set" of the ACM 64.39 +and the hooks with which they can be configured to constrain the 64.40 +sharing of virtual resources. The current access control architecture 64.41 +implemented for Xen supports two policies: Chinese Wall and Simple 64.42 +Type Enforcement, which we describe in turn below. 64.43 + 64.44 + 64.45 +ii) The actually enforced policy instantiation uses the policy 64.46 +language (i) to configure the Xen access control in a way that suits 64.47 +the specific application (home desktop environment, company desktop, 64.48 +Web server system, etc.). We have defined an exemplary policy 64.49 +instantiation for Chinese Wall (chwall policy) and Simple Type 64.50 +Enforcement (ste policy) for a desktop system. We offer these policies 64.51 +in combination since they are controlling orthogonal events. 64.52 + 64.53 + 64.54 +iii) The access control module (ACM) and related hooks are part of the 64.55 +core hypervisor and their controls cannot be bypassed by domains. The 64.56 +ACM and hooks are the active security components. We refer to 64.57 +publications that describe how access control is enforced in the Xen 64.58 +hypervisor using the ACM (access decision) and the hooks (decision 64.59 +enforcement) inserted into the setup of event channels and grant 64.60 +tables, and into domain operations (create, destroy, save, restore, 64.61 +migrate). These controls decide based on the active policy 64.62 +configuration (see i. and ii.) if the operation proceeds of if the 64.63 +operation is aborted (denied). 64.64 + 64.65 + 64.66 +In general, security policy instantiations in the Xen access control 64.67 +framework are defined by two files: 64.68 + 64.69 +a) a single "policy-name"-security_policy.xml file that defines the 64.70 +types known to the ACM and policy rules based on these types 64.71 + 64.72 +b) a single "policy-name"-security_label_template.xml file that 64.73 +defines labels based on known types 64.74 + 64.75 +Every security policy has its own sub-directory under 64.76 +"Xen-root"/tools/security/policies in order to simplify their 64.77 +management and the security policy tools. We will describe those files 64.78 +for our example policy (Chinese Wall and Simple Type Enforcement) in 64.79 +more detail as we go along. Eventually, we will move towards a system 64.80 +installation where the policies will reside under /etc. 64.81 + 64.82 + 64.83 +CHINESE WALL 64.84 +============ 64.85 + 64.86 +The Chinese Wall policy enables the user to define "which workloads 64.87 +(domain payloads) cannot run on a single physical system at the same 64.88 +time". Why would we want to prevent workloads from running at the same 64.89 +time on the same system? This supports requirements that can (but 64.90 +don't have to) be rooted in the measure of trust into the isolation of 64.91 +different domains that share the same hardware. Since the access 64.92 +control architecture aims at high performance and non-intrusive 64.93 +implementation, it currently does not address covert (timing) channels 64.94 +and aims at medium assurance. Users can apply the Chinese Wall policy 64.95 +to guarantee an air-gap between very sensitive payloads both regarding 64.96 +covert information channels and regarding resource starvation. 64.97 + 64.98 +To enable the CW control, each domain is labeled with a set of Chinese 64.99 +Wall types and CW Conflict Sets are defined which include those CW 64.100 +types that cannot run simultaneously on the same hardware. This 64.101 +interpretation of conflict sets is the only policy rule for the Chines 64.102 +Wall policy. 64.103 + 64.104 +This is enforced by controlling the start of domains according to 64.105 +their assigned CW worload types. Domains with Chinese Wall types that 64.106 +appear in a common conflict set are running mutually exclusive on a 64.107 +platform, i.e., once a domain with one of the cw-types of a conflict 64.108 +set is running, no domain with another cw-type of the same conflict 64.109 +set can start until the first domain is destroyed, paused, or migrated 64.110 +away from the physical system (this assumes that such a partition can 64.111 +no longer be observed). The idea is to assign cw-types according to 64.112 +the type of payload that a domain runs and to use the Chinese Wall 64.113 +policy to ensure that payload types can be differentiated by the 64.114 +hypervisor and can be prevented from being executed on the same system 64.115 +at the same time. Using the flexible CW policy maintains system 64.116 +consolidation and workload-balancing while introducing guaranteed 64.117 +constraints where necessary. 64.118 + 64.119 + 64.120 +Example of a Chinese Wall Policy Instantiation 64.121 +---------------------------------------------- 64.122 + 64.123 +The file chwall-security_policy.xml defines the Chinese Wall types as 64.124 +well as the conflict sets for our example policy (you find it in the 64.125 +directory "xen_root"/tools/security/policies/chwall). 64.126 + 64.127 +It defines four Chinese Wall types (prefixed with cw_) with the 64.128 +following meaning: 64.129 + 64.130 +* cw_SystemsManagement is a type identifying workloads for systems 64.131 +management, e.g., domain management, device management, or hypervisor 64.132 +management. 64.133 + 64.134 +* cw_Sensitive is identifying workloads that are critical to the user 64.135 +for one reason or another. 64.136 + 64.137 +* cw_Distrusted is identifying workloads a user does not have much 64.138 +confidence in. E.g. a domain used for surfing in the internet without 64.139 +protection( i.e., active-X, java, java-script, executing web content) 64.140 +or for (Internet) Games should be typed this way. 64.141 + 64.142 +* cw_Isolated is identifying workloads that are supposedly isolated by 64.143 +use of the type enforcement policy (described below). For example, if 64.144 +a user wants to donate cycles to seti@home, she can setup a separate 64.145 +domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable 64.146 +this domain from accessing the hard drive and from communicating to 64.147 +other local domains, and type it as cw_Isolated. We will look at a 64.148 +specific example later. 64.149 + 64.150 +The example policy uses the defined types to define one conflict set: 64.151 +Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells 64.152 +the hypervisor that once a domain typed as cw_Sensitive is running, a 64.153 +domain typed as cw_Distrusted cannot run concurrently (and the other 64.154 +way round). With this policy, a domain typed as cw_Isolated is allowed 64.155 +to run simultaneously with domains tagged as cw_Sensitive. 64.156 + 64.157 +Consequently, the access control module in the Xen hypervisor 64.158 +distinguishes in this example policy 4 different workload types in 64.159 +this example policy. It is the user's responsibility to type the 64.160 +domains in a way that reflects the workloads of these domains and, in 64.161 +the case of cw_Isolated, its properties, e.g. by configuring the 64.162 +sharing capabilities of the domain accordingly by using the simple 64.163 +type enforcement policy. 64.164 + 64.165 +Users can define their own or change the existing example policy 64.166 +according to their working environment and security requirements. To 64.167 +do so, replace the file chwall-security_policy.xml with the new 64.168 +policy. 64.169 + 64.170 + 64.171 +SIMPLE TYPE ENFORCEMENT 64.172 +======================= 64.173 + 64.174 +The file ste-security_policy.xml defines the simple type enforcement 64.175 +types for our example policy (you find it in the directory 64.176 +"xen_root"/tools/security/policies/ste). The Simple Type Enforcement 64.177 +policy defines which domains can share information with which other 64.178 +domains. To this end, it controls 64.179 + 64.180 +i) inter-domain communication channels (e.g., network traffic, events, 64.181 +and shared memory). 64.182 + 64.183 +ii) access of domains to physical resources (e.g., hard drive, network 64.184 +cards, graphics adapter, keyboard). 64.185 + 64.186 +In order to enable the hypervisor to distinguish different domains and 64.187 +the user to express access rules, the simple type enforcement defines 64.188 +a set of types (ste_types). 64.189 + 64.190 +The policy defines that communication between domains is allowed if 64.191 +the domains share a common STE type. As with the chwall types, STE 64.192 +types should enable the differentiation of workloads. The simple type 64.193 +enforcement access control implementation in the hypervisor enforces 64.194 +that domains can only communicate (setup event channels, grant tables) 64.195 +if they share a common type, i.e., both domains have assigned at least 64.196 +on type in common. A domain can access a resource, if the domain and 64.197 +the resource share a common type. Hence, assigning STE types to 64.198 +domains and resources allows users to define constraints on sharing 64.199 +between domains and to keep sensitive data confined from distrusted 64.200 +domains. 64.201 + 64.202 +Domain <--> Domain Sharing 64.203 +'''''''''''''''''''''''''' 64.204 +(implemented but its effective use requires factorization of Dom0) 64.205 + 64.206 +a) Domains with a single STE type (general user domains): Sharing 64.207 +between such domains is enforced entirely by the hypervisor access 64.208 +control. It is independent of the domains and does not require their 64.209 +co-operation. 64.210 + 64.211 +b) Domains with multiple STE types: One example is a domain that 64.212 +virtualizes a physical resource (e.g., hard drive) and serves it as 64.213 +multiple virtual resources (virtual block drives) to other domains of 64.214 +different types. The idea is that only a specific device domain has 64.215 +assigned the type required to access the physical hard-drive. Logical 64.216 +drives are then assigned the types of domains that have access to this 64.217 +logical drive. Since the Xen hypervisor cannot distinguish between the 64.218 +logical drives, the access control (type enforcement) is delegated to 64.219 +the device domain, which has access to the types of domains requesting 64.220 +to mount a logical drive as well as the types assigned to the 64.221 +different available logical drives. 64.222 + 64.223 +Currently in Xen, Dom0 controls all hardware, needs to communicate 64.224 +with all domains during their setup, and intercepts all communication 64.225 +between domains. Consequently, Dom0 needs to be assigned all types 64.226 +used and must be completely trusted to maintain the separation of 64.227 +informatio ncoming from domains with different STE types. Thus a 64.228 +refactoring of Dom0 is recommended for stronger confinement 64.229 +guarantees. 64.230 + 64.231 +Domain --> RESOURCES Access 64.232 +''''''''''''''''''''''''''' 64.233 +(current work) 64.234 + 64.235 +We define for each resource that we want to distinguish a separate STE 64.236 +type. Each STE type is assigned to the respective resource and to 64.237 +those domains that are allowed to access this resource. Type 64.238 +enforcement will guarantee that other domains cannot access this 64.239 +resource since they don't share the resource's STE type. 64.240 + 64.241 +Since in the current implementation of Xen, Dom0 controls access to 64.242 +all hardware (e.g., disk drives, network), Domain-->Resource access 64.243 +control enforcement must be implemented in Dom0. This is possible 64.244 +since Dom0 has access to both the domain configuration (including the 64.245 +domain STE types) and the resource configuration (including the 64.246 +resource STE types). 64.247 + 64.248 +For purposes of gaining higher assurance in the resulting system, it 64.249 +may be desirable to reduce the size of dom0 by adding one or more 64.250 +"device domains" (DDs). These DDs, e.g. providing storage or network 64.251 +access, can support one or more physical devices, and manage 64.252 +enforcement of MAC policy relevant for said devices. Security benefits 64.253 +come from the smaller size of these DDs, as they can be more easily 64.254 +audited than monolithic device driver domains. DDs can help to obtain 64.255 +maximum security benefit from sHype. 64.256 + 64.257 + 64.258 +Example of a Simple Type Enforcement Policy Instantiation 64.259 +--------------------------------------------------------- 64.260 + 64.261 +We define the following types: 64.262 + 64.263 +* ste_SystemManagement identifies workloads (and domains that runs 64.264 +them) that must share information to accomplish the management of the 64.265 +system 64.266 + 64.267 +* ste_PersonalFinances identifies workloads that are related to 64.268 +sensitive programs such as HomeBanking applications or safely 64.269 +configured web browsers for InternetBanking 64.270 + 64.271 +* ste_InternetInsecure identifies workloads that are very 64.272 +function-rich and unrestricted to offer for example an environment 64.273 +where internet games can run efficiently 64.274 + 64.275 +* ste_DonatedCycles identifies workloads that run on behalf of others, 64.276 +e.g. a Boinc client 64.277 + 64.278 +* ste_PersistentStorage identifies workloads that have direct access 64.279 +to persistent storage (e.g., hard drive) 64.280 + 64.281 +* ste_NetworkAccess identifies workload that have direct access to 64.282 +network cards and related networks 64.283 + 64.284 + 64.285 + 64.286 +SECURITY LABEL TEMPLATES 64.287 +======================== 64.288 + 64.289 +We introduce security label templates because it is difficult for 64.290 +users to ensure tagging of domains consistently and since there are 64.291 +--as we have seen in the case of isolation-- useful dependencies 64.292 +between the policies. Security Label Templates define type sets that 64.293 +can be addressed by more user-friendly label names, 64.294 +e.g. dom_Homebanking describes a typical typeset tagged to domains 64.295 +used for sensitive Homebanking work-loads. Labels are defined in the 64.296 +file 64.297 + 64.298 +Using Security Label Templates has multiple advantages: 64.299 +a) easy reference of typical sets of type assignments 64.300 +b) consistent interpretation of type combinations 64.301 +c) meaningful application-level label names 64.302 + 64.303 +The definition of label templates depends on the combination of 64.304 +policies that are used. We will describe some of the labels defined 64.305 +for the Chinese Wall and Simple Type Enforcement combination. 64.306 + 64.307 +In the BoincClient example, the label_template file specifies that 64.308 +this Label is assigned the Chinese Wall type cw_Isolated. We do this 64.309 +assuming that this BoincClient is isolated against the rest of the 64.310 +system infrastructure (no persistent memory, no sharing with local 64.311 +domains). Since cw_Isolated is not included in any conflict set, it 64.312 +can run at any time concurrently with any other domain. The 64.313 +ste_DonatedCycles type assigned to the BoincClient reflect the 64.314 +isolation assumption: it is only assigned to the dom_NetworkDomain 64.315 +giving the BoincClient domain access to the network to communicate 64.316 +with its BoincServer. 64.317 + 64.318 +The strategy for combining types into Labels is the following: First 64.319 +we define a label for each type of general user domain 64.320 +(workload-oriented). Then we define a new label for each physical 64.321 +resource that shall be shared using a DD domain (e.g., disk) and for 64.322 +each logical resource offered through this physical resource (logical 64.323 +disk partition). We define then device domain labels (here: 64.324 +dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which 64.325 +include the types of the physical resources (e.g. hda) their domains 64.326 +need to connect to. Such physical resources can only be accessed 64.327 +directly by device domains types with the respective device's STE 64.328 +type. Additionally we assign to such a device domain Label the STE 64.329 +types of those user domains that are allowed to access one of the 64.330 +logical resources (e.g., hda1, hda2) built on top of this physical 64.331 +resource through the device domain. 64.332 + 64.333 + 64.334 +Label Construction Example: 64.335 +--------------------------- 64.336 + 64.337 +We define here a storage domain label for a domain that owns a real 64.338 +disk drive and creates the logical disk partitions hda1 and hda2 which 64.339 +it serves to domains labeled dom_HomeBanking and dom_Fun 64.340 +respectively. The labels we refer to are defined in the label template 64.341 +file policies/chwall_ste/chwall_ste-security-label-template.xml. 64.342 + 64.343 +step1: To distinguish different shared disk drives, we create a 64.344 +separate Label and STE type for each of them. Here: we create a type 64.345 +ste_PersistentStorageA for disk drive hda. If you have another disk 64.346 +drive, you may define another persistent storage type 64.347 +ste_PersistentStorageB in the chwall_ste-security_policy.xml. 64.348 + 64.349 +step2: To distinguish different domains, we create multiple domain 64.350 +labels including different types. Here: label dom_HomeBanking includes 64.351 +STE type ste_PersonalFinances, label dom_Fun includes STE type 64.352 +ste_InternetInsecure. 64.353 + 64.354 +step3: The storage domain in charge of the hard drive A needs access 64.355 +to this hard drive. Therefore the storage domain label 64.356 +dom_StorageDomain must include the type assigned to the hard drive 64.357 +(ste_PersistentStorageA). 64.358 + 64.359 +step4: In order to serve dom hda1 to domains labeled dom_HomeBanking 64.360 +and hda2 to domains labeled dom_Fun, the storage domain label must 64.361 +include the types of those domains as well (ste_PersonalFinance, 64.362 +ste_InternetInsecure). 64.363 + 64.364 +step5: In order to keep the data for different types safely apart, the 64.365 +different logical disk partitions must be assigned unique labels and 64.366 +types, which are used inside the storage domain to extend the ACM 64.367 +access enforcement to logical resources served from inside the storage 64.368 +domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign 64.369 +it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to 64.370 +hda2. These labels must include the STE types of those domains that 64.371 +are allowed to use them (e.g., ste_PersonalFinances for hda1). 64.372 + 64.373 +The overall mandatory access control is then enforced in 3 different 64.374 +Xen components and these components use a single consistent policy to 64.375 +co-operatively enforce the policy. In the storage domain example, we 64.376 +have three components that co-operate: 64.377 + 64.378 +1. The ACM module inside the hypervisor enforces: communication between 64.379 +user domains and the storage domain (only domains including types 64.380 +ste_PersonalFinances or ste_InternetInsecure can communicate with the 64.381 +storage domain and request access to logical resource). This confines 64.382 +the sharing to the types assigned to the storage domain. 64.383 + 64.384 +2. The domain management will enforce (work in progress): assignment of 64.385 +real resources (hda) to domains (storage domain) that share a 64.386 +type with the resource. 64.387 + 64.388 +3. If the storage domain serves multiple STE types (as in our example), 64.389 +it enforces (work in progress): that domains can access (mount) 64.390 +logical resources only if they share an STE type with the respective 64.391 +resource. In our example, domains with the STE type 64.392 +ste_PersonalFinances can request access (mount) to logical resource 64.393 +hda1 from the storage domain. 64.394 + 64.395 +If you look at the virtual machine label dom_StorageDomain, you will 64.396 +see the minimal set of types assigned to our domain manageing disk 64.397 +drive hda for serving logical disk partitions exclusively to 64.398 +dom_HomeBanking and dom_Fun. 64.399 + 64.400 +Similary, network domains can confine access to the network or 64.401 +network communication between user domains. 64.402 + 64.403 +As a result, device domains (e.g., storage domain, network domain) 64.404 +must be simple and small to ensure their correct co-operation in the 64.405 +type enforcement model. If such trust is not possible, then hardware 64.406 +should be assigned exclusively to a single type (or to a single 64.407 +partition) in which case the hypervisor ACM enforcement enforces the 64.408 +types independently.
65.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 65.2 +++ b/tools/security/readme.txt Fri Aug 19 10:50:15 2005 +0000 65.3 @@ -0,0 +1,29 @@ 65.4 + 65.5 +## 65.6 +# readme.txt <description to the xen access control architecture> 65.7 +# 65.8 +# Author: 65.9 +# Reiner Sailer 08/15/2005 <sailer@watson.ibm.com> 65.10 +# 65.11 +# 65.12 +# This file is a toc for information regarding 65.13 +# the access control policy and tools in Xen. 65.14 +## 65.15 + 65.16 +1. policy.txt: 65.17 + 65.18 + describes the general reasoning and examples for access 65.19 + control policies in Xen 65.20 + 65.21 + 65.22 +2. install.txt 65.23 + 65.24 + describes the activation of the access control framework 65.25 + in Xen 65.26 + 65.27 +3. example.txt 65.28 + 65.29 + describes the available tools for managing security policies 65.30 + in Xen and the tools to label domains 65.31 + 65.32 +
66.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 66.2 +++ b/tools/security/secpol_compat.h Fri Aug 19 10:50:15 2005 +0000 66.3 @@ -0,0 +1,14 @@ 66.4 +/* secpol_compat.h 66.5 + * 'translates' data types necessary to 66.6 + * include <xen/acm.h> 66.7 + */ 66.8 +#include <stdint.h> 66.9 + 66.10 +typedef uint8_t u8; 66.11 +typedef uint16_t u16; 66.12 +typedef uint32_t u32; 66.13 +typedef uint64_t u64; 66.14 +typedef int8_t s8; 66.15 +typedef int16_t s16; 66.16 +typedef int32_t s32; 66.17 +typedef int64_t s64;
67.1 --- a/tools/security/secpol_tool.c Fri Aug 19 10:18:53 2005 +0000 67.2 +++ b/tools/security/secpol_tool.c Fri Aug 19 10:50:15 2005 +0000 67.3 @@ -31,18 +31,8 @@ 67.4 #include <stdlib.h> 67.5 #include <sys/ioctl.h> 67.6 #include <string.h> 67.7 -#include <stdint.h> 67.8 #include <netinet/in.h> 67.9 - 67.10 -typedef uint8_t u8; 67.11 -typedef uint16_t u16; 67.12 -typedef uint32_t u32; 67.13 -typedef uint64_t u64; 67.14 -typedef int8_t s8; 67.15 -typedef int16_t s16; 67.16 -typedef int32_t s32; 67.17 -typedef int64_t s64; 67.18 - 67.19 +#include "secpol_compat.h" 67.20 #include <xen/acm.h> 67.21 #include <xen/acm_ops.h> 67.22 #include <xen/linux/privcmd.h> 67.23 @@ -270,171 +260,6 @@ void acm_dump_policy_buffer(void *buf, i 67.24 } 67.25 } 67.26 67.27 -/*************************** set policy ****************************/ 67.28 - 67.29 -int acm_domain_set_chwallpolicy(void *bufstart, int buflen) 67.30 -{ 67.31 -#define CWALL_MAX_SSIDREFS 6 67.32 -#define CWALL_MAX_TYPES 10 67.33 -#define CWALL_MAX_CONFLICTSETS 2 67.34 - 67.35 - struct acm_chwall_policy_buffer *chwall_bin_pol = 67.36 - (struct acm_chwall_policy_buffer *) bufstart; 67.37 - domaintype_t *ssidrefs, *conflicts; 67.38 - int ret = 0; 67.39 - int j; 67.40 - 67.41 - chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES); 67.42 - chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS); 67.43 - chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY); 67.44 - chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION); 67.45 - chwall_bin_pol->chwall_ssid_offset = 67.46 - htonl(sizeof(struct acm_chwall_policy_buffer)); 67.47 - chwall_bin_pol->chwall_max_conflictsets = 67.48 - htonl(CWALL_MAX_CONFLICTSETS); 67.49 - chwall_bin_pol->chwall_conflict_sets_offset = 67.50 - htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) + 67.51 - sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES); 67.52 - chwall_bin_pol->chwall_running_types_offset = 0; /* not set */ 67.53 - chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */ 67.54 - ret += sizeof(struct acm_chwall_policy_buffer); 67.55 - /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */ 67.56 - /* check buffer size */ 67.57 - if ((buflen - ret) < 67.58 - (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t))) 67.59 - return -1; /* not enough space */ 67.60 - 67.61 - ssidrefs = (domaintype_t *) (bufstart + 67.62 - ntohl(chwall_bin_pol->chwall_ssid_offset)); 67.63 - memset(ssidrefs, 0, 67.64 - CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)); 67.65 - 67.66 - /* now set type j-1 for ssidref i+1 */ 67.67 - for (j = 0; j <= CWALL_MAX_SSIDREFS; j++) 67.68 - if ((0 < j) && (j <= CWALL_MAX_TYPES)) 67.69 - ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1); 67.70 - 67.71 - ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t); 67.72 - if ((buflen - ret) < 67.73 - (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t))) 67.74 - return -1; /* not enough space */ 67.75 - 67.76 - /* now the chinese wall policy conflict sets */ 67.77 - conflicts = (domaintype_t *) (bufstart + 67.78 - ntohl(chwall_bin_pol-> 67.79 - chwall_conflict_sets_offset)); 67.80 - memset((void *) conflicts, 0, 67.81 - CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * 67.82 - sizeof(domaintype_t)); 67.83 - /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */ 67.84 - if (CWALL_MAX_TYPES > 3) 67.85 - { 67.86 - conflicts[2] = htons(1); 67.87 - conflicts[3] = htons(1); /* {2,3} */ 67.88 - conflicts[CWALL_MAX_TYPES + 1] = htons(1); 67.89 - conflicts[CWALL_MAX_TYPES + 5] = htons(1); 67.90 - conflicts[CWALL_MAX_TYPES + 6] = htons(1); /* {0,5,6} */ 67.91 - } 67.92 - ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES; 67.93 - return ret; 67.94 -} 67.95 - 67.96 -int acm_domain_set_stepolicy(void *bufstart, int buflen) 67.97 -{ 67.98 -#define STE_MAX_SSIDREFS 6 67.99 -#define STE_MAX_TYPES 5 67.100 - 67.101 - struct acm_ste_policy_buffer *ste_bin_pol = 67.102 - (struct acm_ste_policy_buffer *) bufstart; 67.103 - domaintype_t *ssidrefs; 67.104 - int j, ret = 0; 67.105 - 67.106 - ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES); 67.107 - ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS); 67.108 - ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 67.109 - ste_bin_pol->policy_version = htonl(ACM_STE_VERSION); 67.110 - ste_bin_pol->ste_ssid_offset = 67.111 - htonl(sizeof(struct acm_ste_policy_buffer)); 67.112 - ret += sizeof(struct acm_ste_policy_buffer); 67.113 - /* check buffer size */ 67.114 - if ((buflen - ret) < 67.115 - (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t))) 67.116 - return -1; /* not enough space */ 67.117 - 67.118 - ssidrefs = 67.119 - (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset)); 67.120 - memset(ssidrefs, 0, 67.121 - STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)); 67.122 - /* all types 1 for ssidref 1 */ 67.123 - for (j = 0; j < STE_MAX_TYPES; j++) 67.124 - ssidrefs[1 * STE_MAX_TYPES + j] = htons(1); 67.125 - /* now set type j-1 for ssidref j */ 67.126 - for (j = 0; j < STE_MAX_SSIDREFS; j++) 67.127 - if ((0 < j) && (j <= STE_MAX_TYPES)) 67.128 - ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1); 67.129 - ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t); 67.130 - return ret; 67.131 -} 67.132 - 67.133 -#define MAX_PUSH_BUFFER 16384 67.134 -u8 push_buffer[MAX_PUSH_BUFFER]; 67.135 - 67.136 -int acm_domain_setpolicy(int xc_handle) 67.137 -{ 67.138 - int ret; 67.139 - struct acm_policy_buffer *bin_pol; 67.140 - acm_op_t op; 67.141 - 67.142 - /* future: read policy from file and set it */ 67.143 - bin_pol = (struct acm_policy_buffer *) push_buffer; 67.144 - bin_pol->policy_version = htonl(ACM_POLICY_VERSION); 67.145 - bin_pol->magic = htonl(ACM_MAGIC); 67.146 - bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY); 67.147 - bin_pol->secondary_policy_code = 67.148 - htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 67.149 - 67.150 - bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); 67.151 - bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); 67.152 - ret = 67.153 - acm_domain_set_chwallpolicy(push_buffer + 67.154 - ntohl(bin_pol->primary_buffer_offset), 67.155 - MAX_PUSH_BUFFER - 67.156 - ntohl(bin_pol->primary_buffer_offset)); 67.157 - if (ret < 0) 67.158 - { 67.159 - printf("ERROR creating chwallpolicy buffer.\n"); 67.160 - return -1; 67.161 - } 67.162 - bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 67.163 - bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); 67.164 - ret = acm_domain_set_stepolicy(push_buffer + 67.165 - ntohl(bin_pol->secondary_buffer_offset), 67.166 - MAX_PUSH_BUFFER - 67.167 - ntohl(bin_pol->secondary_buffer_offset)); 67.168 - if (ret < 0) 67.169 - { 67.170 - printf("ERROR creating chwallpolicy buffer.\n"); 67.171 - return -1; 67.172 - } 67.173 - bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 67.174 - 67.175 - /* dump it and then push it down into xen/acm */ 67.176 - acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len)); 67.177 - 67.178 - op.cmd = ACM_SETPOLICY; 67.179 - op.interface_version = ACM_INTERFACE_VERSION; 67.180 - op.u.setpolicy.pushcache = (void *) push_buffer; 67.181 - op.u.setpolicy.pushcache_size = ntohl(bin_pol->len); 67.182 - ret = do_acm_op(xc_handle, &op); 67.183 - 67.184 - if (ret) 67.185 - printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); 67.186 - else 67.187 - printf("Successfully changed policy.\n"); 67.188 - 67.189 - return ret; 67.190 -} 67.191 - 67.192 /******************************* get policy ******************************/ 67.193 67.194 #define PULL_CACHE_SIZE 8192 67.195 @@ -602,7 +427,6 @@ int acm_domain_dumpstats(int xc_handle) 67.196 void usage(char *progname) 67.197 { 67.198 printf("Use: %s \n" 67.199 - "\t setpolicy\n" 67.200 "\t getpolicy\n" 67.201 "\t dumpstats\n" 67.202 "\t loadpolicy <binary policy file>\n", progname); 67.203 @@ -623,12 +447,7 @@ int main(int argc, char **argv) 67.204 exit(-1); 67.205 } 67.206 67.207 - if (!strcmp(argv[1], "setpolicy")) 67.208 - { 67.209 - if (argc != 2) 67.210 - usage(argv[0]); 67.211 - ret = acm_domain_setpolicy(acm_cmd_fd); 67.212 - } else if (!strcmp(argv[1], "getpolicy")) { 67.213 + if (!strcmp(argv[1], "getpolicy")) { 67.214 if (argc != 2) 67.215 usage(argv[0]); 67.216 ret = acm_domain_getpolicy(acm_cmd_fd);
68.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 68.2 +++ b/tools/security/secpol_xml2bin.c Fri Aug 19 10:50:15 2005 +0000 68.3 @@ -0,0 +1,1396 @@ 68.4 +/**************************************************************** 68.5 + * secpol_xml2bin.c 68.6 + * 68.7 + * Copyright (C) 2005 IBM Corporation 68.8 + * 68.9 + * Author: Reiner Sailer <sailer@us.ibm.com> 68.10 + * 68.11 + * Maintained: 68.12 + * Reiner Sailer <sailer@us.ibm.com> 68.13 + * Ray Valdez <rvaldez@us.ibm.com> 68.14 + * 68.15 + * This program is free software; you can redistribute it and/or 68.16 + * modify it under the terms of the GNU General Public License as 68.17 + * published by the Free Software Foundation, version 2 of the 68.18 + * License. 68.19 + * 68.20 + * sHype policy translation tool. This tool takes an XML 68.21 + * policy specification as input and produces a binary 68.22 + * policy file that can be loaded into Xen through the 68.23 + * ACM operations (secpol_tool loadpolicy) interface or at 68.24 + * boot time (grub module parameter) 68.25 + * 68.26 + * indent -i4 -kr -nut 68.27 + */ 68.28 +#include <stdio.h> 68.29 +#include <stdlib.h> 68.30 +#include <string.h> 68.31 +#include <errno.h> 68.32 +#include <libgen.h> 68.33 +#include <fcntl.h> 68.34 +#include <unistd.h> 68.35 +#include <sys/types.h> 68.36 +#include <sys/stat.h> 68.37 +#include <sys/queue.h> 68.38 +#include <netinet/in.h> 68.39 +#include <libxml/xmlschemas.h> 68.40 +#include <libxml/parser.h> 68.41 +#include <libxml/tree.h> 68.42 +#include <libxml/xmlreader.h> 68.43 +#include "secpol_compat.h" 68.44 +#include <xen/acm.h> 68.45 + 68.46 +#include "secpol_xml2bin.h" 68.47 + 68.48 +#define DEBUG 0 68.49 + 68.50 +/* primary / secondary policy component setting */ 68.51 +enum policycomponent { CHWALL, STE, NULLPOLICY } 68.52 + primary = NULLPOLICY, secondary = NULLPOLICY; 68.53 + 68.54 +/* general list element for ste and chwall type queues */ 68.55 +struct type_entry { 68.56 + TAILQ_ENTRY(type_entry) entries; 68.57 + char *name; /* name of type from xml file */ 68.58 + type_t mapping; /* type mapping into 16bit */ 68.59 +}; 68.60 + 68.61 +TAILQ_HEAD(tailhead, type_entry) ste_head, chwall_head; 68.62 + 68.63 +/* general list element for all label queues */ 68.64 +enum label_type { VM, RES, ANY }; 68.65 +struct ssid_entry { 68.66 + TAILQ_ENTRY(ssid_entry) entries; 68.67 + char *name; /* label name */ 68.68 + enum label_type type; /* type: VM / RESOURCE LABEL */ 68.69 + u_int32_t num; /* ssid or referenced ssid */ 68.70 + int is_ref; /* if this entry references earlier ssid number */ 68.71 + unsigned char *row; /* index of types (if not a reference) */ 68.72 +}; 68.73 + 68.74 +TAILQ_HEAD(tailhead_ssid, ssid_entry) ste_ssid_head, chwall_ssid_head, 68.75 + conflictsets_head; 68.76 +struct ssid_entry *current_chwall_ssid_p = NULL; 68.77 +struct ssid_entry *current_ste_ssid_p = NULL; 68.78 +struct ssid_entry *current_conflictset_p = NULL; 68.79 + 68.80 +/* which label to assign to dom0 during boot */ 68.81 +char *bootstrap_label; 68.82 + 68.83 +u_int32_t max_ste_ssids = 0; 68.84 +u_int32_t max_chwall_ssids = 0; 68.85 +u_int32_t max_chwall_labels = 0; 68.86 +u_int32_t max_ste_labels = 0; 68.87 +u_int32_t max_conflictsets = 0; 68.88 + 68.89 +char *current_ssid_name; /* store name until structure is allocated */ 68.90 +char *current_conflictset_name; /* store name until structure is allocated */ 68.91 + 68.92 +/* dynamic list of type mappings for STE */ 68.93 +u_int32_t max_ste_types = 0; 68.94 + 68.95 +/* dynamic list of type mappings for CHWALL */ 68.96 +u_int32_t max_chwall_types = 0; 68.97 + 68.98 +/* dynamic list of conflict sets */ 68.99 +int max_conflict_set = 0; 68.100 + 68.101 +/* which policies are defined */ 68.102 +int have_ste = 0; 68.103 +int have_chwall = 0; 68.104 + 68.105 +/* input/output file names */ 68.106 +char *policy_filename = NULL, 68.107 + *label_filename = NULL, 68.108 + *binary_filename = NULL, *mapping_filename = NULL; 68.109 + 68.110 +void usage(char *prg) 68.111 +{ 68.112 + printf("usage:\n%s policyname[-policy.xml/-security_label_template.xml]\n", 68.113 + prg); 68.114 + exit(EXIT_FAILURE); 68.115 +} 68.116 + 68.117 + 68.118 +/***************** policy-related parsing *********************/ 68.119 + 68.120 +char *type_by_mapping(struct tailhead *head, u_int32_t mapping) 68.121 +{ 68.122 + struct type_entry *np; 68.123 + for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) 68.124 + if (np->mapping == mapping) 68.125 + return np->name; 68.126 + return NULL; 68.127 +} 68.128 + 68.129 + 68.130 +struct type_entry *lookup(struct tailhead *head, char *name) 68.131 +{ 68.132 + struct type_entry *np; 68.133 + for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) 68.134 + if (!(strcmp(np->name, name))) 68.135 + return np; 68.136 + return NULL; 68.137 +} 68.138 + 68.139 +/* enforces single-entry lists */ 68.140 +int add_entry(struct tailhead *head, char *name, type_t mapping) 68.141 +{ 68.142 + struct type_entry *e; 68.143 + if (lookup(head, name)) 68.144 + { 68.145 + printf("Error: Type >%s< defined more than once.\n", name); 68.146 + return -EFAULT; /* already in the list */ 68.147 + } 68.148 + if (!(e = malloc(sizeof(struct type_entry)))) 68.149 + return -ENOMEM; 68.150 + 68.151 + e->name = name; 68.152 + e->mapping = mapping; 68.153 + TAILQ_INSERT_TAIL(head, e, entries); 68.154 + return 0; 68.155 +} 68.156 + 68.157 +int totoken(char *tok) 68.158 +{ 68.159 + int i; 68.160 + for (i = 0; token[i] != NULL; i++) 68.161 + if (!strcmp(token[i], tok)) 68.162 + return i; 68.163 + return -EFAULT; 68.164 +} 68.165 + 68.166 +/* conflictsets use the same data structure as ssids; since 68.167 + * they are similar in structure (set of types) 68.168 + */ 68.169 +int init_next_conflictset(void) 68.170 +{ 68.171 + struct ssid_entry *conflictset = malloc(sizeof(struct ssid_entry)); 68.172 + 68.173 + if (!conflictset) 68.174 + return -ENOMEM; 68.175 + 68.176 + conflictset->name = current_conflictset_name; 68.177 + conflictset->num = max_conflictsets++; 68.178 + conflictset->is_ref = 0; /* n/a for conflictsets */ 68.179 + /** 68.180 + * row: allocate one byte per type; 68.181 + * [i] != 0 --> mapped type >i< is part of the conflictset 68.182 + */ 68.183 + conflictset->row = malloc(max_chwall_types); 68.184 + if (!conflictset->row) 68.185 + return -ENOMEM; 68.186 + 68.187 + memset(conflictset->row, 0, max_chwall_types); 68.188 + TAILQ_INSERT_TAIL(&conflictsets_head, conflictset, entries); 68.189 + current_conflictset_p = conflictset; 68.190 + return 0; 68.191 +} 68.192 + 68.193 +int register_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state) 68.194 +{ 68.195 + xmlChar *text; 68.196 + struct type_entry *e; 68.197 + 68.198 + 68.199 + text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); 68.200 + if (!text) 68.201 + { 68.202 + printf("Error reading type name!\n"); 68.203 + return -EFAULT; 68.204 + } 68.205 + 68.206 + switch (state) { 68.207 + case XML2BIN_stetype_S: 68.208 + if (add_entry(&ste_head, (char *) text, max_ste_types)) 68.209 + { 68.210 + xmlFree(text); 68.211 + return -EFAULT; 68.212 + } 68.213 + max_ste_types++; 68.214 + break; 68.215 + 68.216 + case XML2BIN_chwalltype_S: 68.217 + if (add_entry(&chwall_head, (char *) text, max_chwall_types)) 68.218 + { 68.219 + xmlFree(text); 68.220 + return -EFAULT; 68.221 + } 68.222 + max_chwall_types++; 68.223 + break; 68.224 + 68.225 + case XML2BIN_conflictsettype_S: 68.226 + /* a) search the type in the chwall_type list */ 68.227 + e = lookup(&chwall_head, (char *) text); 68.228 + if (e == NULL) 68.229 + { 68.230 + printf("CS type >%s< not a CHWALL type.\n", text); 68.231 + xmlFree(text); 68.232 + return -EFAULT; 68.233 + } 68.234 + /* b) add type entry to the current cs set */ 68.235 + if (current_conflictset_p->row[e->mapping]) 68.236 + { 68.237 + printf("ERROR: Double entry of type >%s< in conflict set %d.\n", 68.238 + text, current_conflictset_p->num); 68.239 + xmlFree(text); 68.240 + return -EFAULT; 68.241 + } 68.242 + current_conflictset_p->row[e->mapping] = 1; 68.243 + break; 68.244 + 68.245 + default: 68.246 + printf("Incorrect type environment (state = %lx, text = %s).\n", 68.247 + state, text); 68.248 + xmlFree(text); 68.249 + return -EFAULT; 68.250 + } 68.251 + return 0; 68.252 +} 68.253 + 68.254 +void set_component_type(xmlNode * cur_node, enum policycomponent pc) 68.255 +{ 68.256 + xmlChar *order; 68.257 + 68.258 + if ((order = xmlGetProp(cur_node, (xmlChar *) PRIMARY_COMPONENT_ATTR_NAME))) { 68.259 + if (strcmp((char *) order, PRIMARY_COMPONENT)) 68.260 + { 68.261 + printf("ERROR: Illegal attribut value >order=%s<.\n", 68.262 + (char *) order); 68.263 + xmlFree(order); 68.264 + exit(EXIT_FAILURE); 68.265 + } 68.266 + if (primary != NULLPOLICY) 68.267 + { 68.268 + printf("ERROR: Primary Policy Component set twice!\n"); 68.269 + exit(EXIT_FAILURE); 68.270 + } 68.271 + primary = pc; 68.272 + xmlFree(order); 68.273 + } 68.274 +} 68.275 + 68.276 +void walk_policy(xmlNode * start, xmlDocPtr doc, unsigned long state) 68.277 +{ 68.278 + xmlNode *cur_node = NULL; 68.279 + int code; 68.280 + 68.281 + for (cur_node = start; cur_node; cur_node = cur_node->next) 68.282 + { 68.283 + if ((code = totoken((char *) cur_node->name)) < 0) 68.284 + { 68.285 + printf("Unknown token: >%s<. Aborting.\n", cur_node->name); 68.286 + exit(EXIT_FAILURE); 68.287 + } 68.288 + switch (code) { /* adjust state to new state */ 68.289 + case XML2BIN_SECPOL: 68.290 + case XML2BIN_STETYPES: 68.291 + case XML2BIN_CHWALLTYPES: 68.292 + case XML2BIN_CONFLICTSETS: 68.293 + walk_policy(cur_node->children, doc, state | (1 << code)); 68.294 + break; 68.295 + 68.296 + case XML2BIN_STE: 68.297 + if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION) 68.298 + { 68.299 + printf("ERROR: This program was written against another STE version.\n"); 68.300 + exit(EXIT_FAILURE); 68.301 + } 68.302 + have_ste = 1; 68.303 + set_component_type(cur_node, STE); 68.304 + walk_policy(cur_node->children, doc, state | (1 << code)); 68.305 + break; 68.306 + 68.307 + case XML2BIN_CHWALL: 68.308 + if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) 68.309 + { 68.310 + printf("ERROR: This program was written against another CHWALL version.\n"); 68.311 + exit(EXIT_FAILURE); 68.312 + } 68.313 + have_chwall = 1; 68.314 + set_component_type(cur_node, CHWALL); 68.315 + walk_policy(cur_node->children, doc, state | (1 << code)); 68.316 + break; 68.317 + 68.318 + case XML2BIN_CSTYPE: 68.319 + current_conflictset_name = 68.320 + (char *) xmlGetProp(cur_node, (xmlChar *) "name"); 68.321 + if (!current_conflictset_name) 68.322 + current_conflictset_name = ""; 68.323 + 68.324 + if (init_next_conflictset()) 68.325 + { 68.326 + printf 68.327 + ("ERROR: creating new conflictset structure failed.\n"); 68.328 + exit(EXIT_FAILURE); 68.329 + } 68.330 + walk_policy(cur_node->children, doc, state | (1 << code)); 68.331 + break; 68.332 + 68.333 + case XML2BIN_TYPE: 68.334 + if (register_type(cur_node, doc, state)) 68.335 + exit(EXIT_FAILURE); 68.336 + /* type leaf */ 68.337 + break; 68.338 + 68.339 + case XML2BIN_TEXT: 68.340 + case XML2BIN_COMMENT: 68.341 + case XML2BIN_POLICYHEADER: 68.342 + /* leaf - nothing to do */ 68.343 + break; 68.344 + 68.345 + default: 68.346 + printf("Unkonwn token Error (%d)\n", code); 68.347 + exit(EXIT_FAILURE); 68.348 + } 68.349 + 68.350 + } 68.351 + return; 68.352 +} 68.353 + 68.354 +int create_type_mapping(xmlDocPtr doc) 68.355 +{ 68.356 + xmlNode *root_element = xmlDocGetRootElement(doc); 68.357 + struct type_entry *te; 68.358 + struct ssid_entry *se; 68.359 + int i; 68.360 + 68.361 + printf("Creating ssid mappings ...\n"); 68.362 + 68.363 + /* initialize the ste and chwall type lists */ 68.364 + TAILQ_INIT(&ste_head); 68.365 + TAILQ_INIT(&chwall_head); 68.366 + TAILQ_INIT(&conflictsets_head); 68.367 + 68.368 + walk_policy(root_element, doc, XML2BIN_NULL); 68.369 + 68.370 + /* determine primary/secondary policy component orders */ 68.371 + if ((primary == NULLPOLICY) && have_chwall) 68.372 + primary = CHWALL; /* default if not set */ 68.373 + else if ((primary == NULLPOLICY) && have_ste) 68.374 + primary = STE; 68.375 + 68.376 + switch (primary) { 68.377 + 68.378 + case CHWALL: 68.379 + if (have_ste) 68.380 + secondary = STE; 68.381 + /* else default = NULLPOLICY */ 68.382 + break; 68.383 + 68.384 + case STE: 68.385 + if (have_chwall) 68.386 + secondary = CHWALL; 68.387 + /* else default = NULLPOLICY */ 68.388 + break; 68.389 + 68.390 + default: 68.391 + /* NULL/NULL policy */ 68.392 + break; 68.393 + } 68.394 + 68.395 + if (!DEBUG) 68.396 + return 0; 68.397 + 68.398 + /* print queues */ 68.399 + if (have_ste) 68.400 + { 68.401 + printf("STE-Type queue (%s):\n", 68.402 + (primary == STE) ? "PRIMARY" : "SECONDARY"); 68.403 + for (te = ste_head.tqh_first; te != NULL; 68.404 + te = te->entries.tqe_next) 68.405 + printf("name=%22s, map=%x\n", te->name, te->mapping); 68.406 + } 68.407 + if (have_chwall) 68.408 + { 68.409 + printf("CHWALL-Type queue (%s):\n", 68.410 + (primary == CHWALL) ? "PRIMARY" : "SECONDARY"); 68.411 + for (te = chwall_head.tqh_first; te != NULL; 68.412 + te = te->entries.tqe_next) 68.413 + printf("name=%s, map=%x\n", te->name, te->mapping); 68.414 + 68.415 + printf("Conflictset queue (max=%d):\n", max_conflictsets); 68.416 + for (se = conflictsets_head.tqh_first; se != NULL; 68.417 + se = se->entries.tqe_next) 68.418 + { 68.419 + printf("conflictset name >%s<\n", 68.420 + se->name ? se->name : "NONAME"); 68.421 + for (i = 0; i < max_chwall_types; i++) 68.422 + if (se->row[i]) 68.423 + printf("#%x ", i); 68.424 + printf("\n"); 68.425 + } 68.426 + } 68.427 + return 0; 68.428 +} 68.429 + 68.430 + 68.431 +/***************** template-related parsing *********************/ 68.432 + 68.433 +/* add default ssid at head of ssid queues */ 68.434 +int init_ssid_queues(void) 68.435 +{ 68.436 + struct ssid_entry *default_ssid_chwall, *default_ssid_ste; 68.437 + 68.438 + default_ssid_chwall = malloc(sizeof(struct ssid_entry)); 68.439 + default_ssid_ste = malloc(sizeof(struct ssid_entry)); 68.440 + 68.441 + if ((!default_ssid_chwall) || (!default_ssid_ste)) 68.442 + return -ENOMEM; 68.443 + 68.444 + /* default chwall ssid */ 68.445 + default_ssid_chwall->name = "DEFAULT"; 68.446 + default_ssid_chwall->num = max_chwall_ssids++; 68.447 + default_ssid_chwall->is_ref = 0; 68.448 + default_ssid_chwall->type = ANY; 68.449 + 68.450 + default_ssid_chwall->row = malloc(max_chwall_types); 68.451 + 68.452 + if (!default_ssid_chwall->row) 68.453 + return -ENOMEM; 68.454 + 68.455 + memset(default_ssid_chwall->row, 0, max_chwall_types); 68.456 + 68.457 + TAILQ_INSERT_TAIL(&chwall_ssid_head, default_ssid_chwall, entries); 68.458 + current_chwall_ssid_p = default_ssid_chwall; 68.459 + max_chwall_labels++; 68.460 + 68.461 + /* default ste ssid */ 68.462 + default_ssid_ste->name = "DEFAULT"; 68.463 + default_ssid_ste->num = max_ste_ssids++; 68.464 + default_ssid_ste->is_ref = 0; 68.465 + default_ssid_ste->type = ANY; 68.466 + 68.467 + default_ssid_ste->row = malloc(max_ste_types); 68.468 + 68.469 + if (!default_ssid_ste->row) 68.470 + return -ENOMEM; 68.471 + 68.472 + memset(default_ssid_ste->row, 0, max_ste_types); 68.473 + 68.474 + TAILQ_INSERT_TAIL(&ste_ssid_head, default_ssid_ste, entries); 68.475 + current_ste_ssid_p = default_ssid_ste; 68.476 + max_ste_labels++; 68.477 + return 0; 68.478 +} 68.479 + 68.480 +int init_next_chwall_ssid(unsigned long state) 68.481 +{ 68.482 + struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry)); 68.483 + 68.484 + if (!ssid) 68.485 + return -ENOMEM; 68.486 + 68.487 + ssid->name = current_ssid_name; 68.488 + ssid->num = max_chwall_ssids++; 68.489 + ssid->is_ref = 0; 68.490 + 68.491 + if (state & (1 << XML2BIN_VM)) 68.492 + ssid->type = VM; 68.493 + else 68.494 + ssid->type = RES; 68.495 + /** 68.496 + * row: allocate one byte per type; 68.497 + * [i] != 0 --> mapped type >i< is part of the ssid 68.498 + */ 68.499 + ssid->row = malloc(max_chwall_types); 68.500 + if (!ssid->row) 68.501 + return -ENOMEM; 68.502 + 68.503 + memset(ssid->row, 0, max_chwall_types); 68.504 + TAILQ_INSERT_TAIL(&chwall_ssid_head, ssid, entries); 68.505 + current_chwall_ssid_p = ssid; 68.506 + max_chwall_labels++; 68.507 + return 0; 68.508 +} 68.509 + 68.510 +int init_next_ste_ssid(unsigned long state) 68.511 +{ 68.512 + struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry)); 68.513 + 68.514 + if (!ssid) 68.515 + return -ENOMEM; 68.516 + 68.517 + ssid->name = current_ssid_name; 68.518 + ssid->num = max_ste_ssids++; 68.519 + ssid->is_ref = 0; 68.520 + 68.521 + if (state & (1 << XML2BIN_VM)) 68.522 + ssid->type = VM; 68.523 + else 68.524 + ssid->type = RES; 68.525 + 68.526 + /** 68.527 + * row: allocate one byte per type; 68.528 + * [i] != 0 --> mapped type >i< is part of the ssid 68.529 + */ 68.530 + ssid->row = malloc(max_ste_types); 68.531 + if (!ssid->row) 68.532 + return -ENOMEM; 68.533 + 68.534 + memset(ssid->row, 0, max_ste_types); 68.535 + TAILQ_INSERT_TAIL(&ste_ssid_head, ssid, entries); 68.536 + current_ste_ssid_p = ssid; 68.537 + max_ste_labels++; 68.538 + 68.539 + return 0; 68.540 +} 68.541 + 68.542 + 68.543 +/* adds a type to the current ssid */ 68.544 +int add_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state) 68.545 +{ 68.546 + xmlChar *text; 68.547 + struct type_entry *e; 68.548 + 68.549 + text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); 68.550 + if (!text) 68.551 + { 68.552 + printf("Error reading type name!\n"); 68.553 + return -EFAULT; 68.554 + } 68.555 + /* same for all: 1. lookup type mapping, 2. mark type in ssid */ 68.556 + switch (state) { 68.557 + case XML2BIN_VM_STE_S: 68.558 + case XML2BIN_RES_STE_S: 68.559 + /* lookup the type mapping and include the type mapping into the array */ 68.560 + if (!(e = lookup(&ste_head, (char *) text))) 68.561 + { 68.562 + printf("ERROR: unknown VM STE type >%s<.\n", text); 68.563 + exit(EXIT_FAILURE); 68.564 + } 68.565 + if (current_ste_ssid_p->row[e->mapping]) 68.566 + printf("Warning: double entry of VM STE type >%s<.\n", text); 68.567 + 68.568 + current_ste_ssid_p->row[e->mapping] = 1; 68.569 + break; 68.570 + 68.571 + case XML2BIN_VM_CHWALL_S: 68.572 + /* lookup the type mapping and include the type mapping into the array */ 68.573 + if (!(e = lookup(&chwall_head, (char *) text))) 68.574 + { 68.575 + printf("ERROR: unknown VM CHWALL type >%s<.\n", text); 68.576 + exit(EXIT_FAILURE); 68.577 + } 68.578 + if (current_chwall_ssid_p->row[e->mapping]) 68.579 + printf("Warning: double entry of VM CHWALL type >%s<.\n", 68.580 + text); 68.581 + 68.582 + current_chwall_ssid_p->row[e->mapping] = 1; 68.583 + break; 68.584 + 68.585 + default: 68.586 + printf("Incorrect type environment (state = %lx, text = %s).\n", 68.587 + state, text); 68.588 + xmlFree(text); 68.589 + return -EFAULT; 68.590 + } 68.591 + return 0; 68.592 +} 68.593 + 68.594 +void set_bootstrap_label(xmlNode * cur_node) 68.595 +{ 68.596 + xmlChar *order; 68.597 + 68.598 + if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME))) 68.599 + bootstrap_label = (char *)order; 68.600 + else { 68.601 + printf("ERROR: No bootstrap label defined!\n"); 68.602 + exit(EXIT_FAILURE); 68.603 + } 68.604 +} 68.605 + 68.606 +void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state) 68.607 +{ 68.608 + xmlNode *cur_node = NULL; 68.609 + int code; 68.610 + 68.611 + for (cur_node = start; cur_node; cur_node = cur_node->next) 68.612 + { 68.613 + if ((code = totoken((char *) cur_node->name)) < 0) 68.614 + { 68.615 + printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name); 68.616 + exit(EXIT_FAILURE); 68.617 + } 68.618 + switch (code) { /* adjust state to new state */ 68.619 + 68.620 + case XML2BIN_SUBJECTS: 68.621 + set_bootstrap_label(cur_node); 68.622 + /* fall through */ 68.623 + case XML2BIN_VM: 68.624 + case XML2BIN_RES: 68.625 + case XML2BIN_SECTEMPLATE: 68.626 + case XML2BIN_OBJECTS: 68.627 + walk_labels(cur_node->children, doc, state | (1 << code)); 68.628 + break; 68.629 + 68.630 + case XML2BIN_STETYPES: 68.631 + /* create new ssid entry to use and point current to it */ 68.632 + if (init_next_ste_ssid(state)) 68.633 + { 68.634 + printf("ERROR: creating new ste ssid structure failed.\n"); 68.635 + exit(EXIT_FAILURE); 68.636 + } 68.637 + walk_labels(cur_node->children, doc, state | (1 << code)); 68.638 + 68.639 + break; 68.640 + 68.641 + case XML2BIN_CHWALLTYPES: 68.642 + /* create new ssid entry to use and point current to it */ 68.643 + if (init_next_chwall_ssid(state)) 68.644 + { 68.645 + printf("ERROR: creating new chwall ssid structure failed.\n"); 68.646 + exit(EXIT_FAILURE); 68.647 + } 68.648 + walk_labels(cur_node->children, doc, state | (1 << code)); 68.649 + 68.650 + break; 68.651 + 68.652 + case XML2BIN_TYPE: 68.653 + /* add type to current ssid */ 68.654 + if (add_type(cur_node, doc, state)) 68.655 + exit(EXIT_FAILURE); 68.656 + break; 68.657 + 68.658 + case XML2BIN_NAME: 68.659 + if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S)) 68.660 + { 68.661 + printf("ERROR: >name< out of VM/RES context.\n"); 68.662 + exit(EXIT_FAILURE); 68.663 + } 68.664 + current_ssid_name = (char *) 68.665 + xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); 68.666 + 68.667 + if (!current_ssid_name) 68.668 + { 68.669 + printf("ERROR: empty >name<!\n"); 68.670 + exit(EXIT_FAILURE); 68.671 + } 68.672 + break; 68.673 + 68.674 + case XML2BIN_TEXT: 68.675 + case XML2BIN_COMMENT: 68.676 + case XML2BIN_LABELHEADER: 68.677 + break; 68.678 + 68.679 + default: 68.680 + printf("Unkonwn token Error (%d)\n", code); 68.681 + exit(EXIT_FAILURE); 68.682 + } 68.683 + 68.684 + } 68.685 + return; 68.686 +} 68.687 + 68.688 +/* this function walks through a ssid queue 68.689 + * and transforms double entries into references 68.690 + * of the first definition (we need to keep the 68.691 + * entry to map labels but we don't want double 68.692 + * ssids in the binary policy 68.693 + */ 68.694 +void 68.695 +remove_doubles(struct tailhead_ssid *head, 68.696 + u_int32_t max_types, u_int32_t * max_ssids) 68.697 +{ 68.698 + struct ssid_entry *np, *ni; 68.699 + 68.700 + /* walk once through the list */ 68.701 + for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) 68.702 + { 68.703 + /* now search from the start until np for the same entry */ 68.704 + for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next) 68.705 + { 68.706 + if (ni->is_ref) 68.707 + continue; 68.708 + if (memcmp(np->row, ni->row, max_types)) 68.709 + continue; 68.710 + /* found one, set np reference to ni */ 68.711 + np->is_ref = 1; 68.712 + np->num = ni->num; 68.713 + (*max_ssids)--; 68.714 + } 68.715 + } 68.716 + 68.717 + /* now minimize the ssid numbers used (doubles introduce holes) */ 68.718 + (*max_ssids) = 0; /* reset */ 68.719 + 68.720 + for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) 68.721 + { 68.722 + if (np->is_ref) 68.723 + continue; 68.724 + 68.725 + if (np->num != (*max_ssids)) { 68.726 + /* first reset all later references to the new max_ssid */ 68.727 + for (ni = np->entries.tqe_next; ni != NULL; ni = ni->entries.tqe_next) 68.728 + { 68.729 + if (ni->num == np->num) 68.730 + ni->num = (*max_ssids); 68.731 + } 68.732 + /* now reset num */ 68.733 + np->num = (*max_ssids)++; 68.734 + } 68.735 + else 68.736 + (*max_ssids)++; 68.737 + } 68.738 +} 68.739 + 68.740 +/* 68.741 + * will go away as soon as we have non-static bootstrap ssidref for dom0 68.742 + */ 68.743 +void fixup_bootstrap_label(struct tailhead_ssid *head, 68.744 + u_int32_t max_types, u_int32_t * max_ssids) 68.745 +{ 68.746 + struct ssid_entry *np; 68.747 + int i; 68.748 + 68.749 + /* should not happen if xml / xsd checks work */ 68.750 + if (!bootstrap_label) 68.751 + { 68.752 + printf("ERROR: No bootstrap label defined.\n"); 68.753 + exit(EXIT_FAILURE); 68.754 + } 68.755 + 68.756 + /* search bootstrap_label */ 68.757 + for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) 68.758 + { 68.759 + if (!strcmp(np->name, bootstrap_label)) 68.760 + { 68.761 + break; 68.762 + } 68.763 + } 68.764 + 68.765 + if (!np) { 68.766 + /* bootstrap label not found */ 68.767 + printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label); 68.768 + exit(EXIT_FAILURE); 68.769 + } 68.770 + 68.771 + /* move this entry ahead in the list right after the default entry so it 68.772 + * receives ssidref 1/1 */ 68.773 + TAILQ_REMOVE(head, np, entries); 68.774 + TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries); 68.775 + 68.776 + /* renumber the ssids (we could also just switch places with 1st element) */ 68.777 + for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++) 68.778 + np->num = i; 68.779 + 68.780 +} 68.781 + 68.782 +int create_ssid_mapping(xmlDocPtr doc) 68.783 +{ 68.784 + xmlNode *root_element = xmlDocGetRootElement(doc); 68.785 + struct ssid_entry *np; 68.786 + int i; 68.787 + 68.788 + printf("Creating label mappings ...\n"); 68.789 + /* initialize the ste and chwall type lists */ 68.790 + TAILQ_INIT(&chwall_ssid_head); 68.791 + TAILQ_INIT(&ste_ssid_head); 68.792 + 68.793 + /* init with default ssids */ 68.794 + if (init_ssid_queues()) 68.795 + { 68.796 + printf("ERROR adding default ssids.\n"); 68.797 + exit(EXIT_FAILURE); 68.798 + } 68.799 + 68.800 + /* now walk the template DOM tree and fill in ssids */ 68.801 + walk_labels(root_element, doc, XML2BIN_NULL); 68.802 + 68.803 + /* 68.804 + * now sort bootstrap label to the head of the list 68.805 + * (for now), dom0 assumes its label in the first 68.806 + * defined ssidref (1/1). 0/0 is the default non-Label 68.807 + */ 68.808 + if (have_chwall) 68.809 + fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types, 68.810 + &max_chwall_ssids); 68.811 + if (have_ste) 68.812 + fixup_bootstrap_label(&ste_ssid_head, max_ste_types, 68.813 + &max_ste_ssids); 68.814 + 68.815 + /* remove any double entries (insert reference instead) */ 68.816 + if (have_chwall) 68.817 + remove_doubles(&chwall_ssid_head, max_chwall_types, 68.818 + &max_chwall_ssids); 68.819 + if (have_ste) 68.820 + remove_doubles(&ste_ssid_head, max_ste_types, 68.821 + &max_ste_ssids); 68.822 + 68.823 + if (!DEBUG) 68.824 + return 0; 68.825 + 68.826 + /* print queues */ 68.827 + if (have_chwall) 68.828 + { 68.829 + printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids); 68.830 + np = NULL; 68.831 + for (np = chwall_ssid_head.tqh_first; np != NULL; 68.832 + np = np->entries.tqe_next) 68.833 + { 68.834 + printf("SSID #%02u (Label=%s)\n", np->num, np->name); 68.835 + if (np->is_ref) 68.836 + printf("REFERENCE"); 68.837 + else 68.838 + for (i = 0; i < max_chwall_types; i++) 68.839 + if (np->row[i]) 68.840 + printf("#%02d ", i); 68.841 + printf("\n\n"); 68.842 + } 68.843 + } 68.844 + if (have_ste) 68.845 + { 68.846 + printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids); 68.847 + np = NULL; 68.848 + for (np = ste_ssid_head.tqh_first; np != NULL; 68.849 + np = np->entries.tqe_next) 68.850 + { 68.851 + printf("SSID #%02u (Label=%s)\n", np->num, np->name); 68.852 + if (np->is_ref) 68.853 + printf("REFERENCE"); 68.854 + else 68.855 + for (i = 0; i < max_ste_types; i++) 68.856 + if (np->row[i]) 68.857 + printf("#%02d ", i); 68.858 + printf("\n\n"); 68.859 + } 68.860 + } 68.861 + return 0; 68.862 +} 68.863 + 68.864 +/***************** writing the binary policy *********************/ 68.865 + 68.866 +/* 68.867 + * the mapping file is ascii-based since it will likely be used from 68.868 + * within scripts (using awk, grep, etc.); 68.869 + * 68.870 + * We print from high-level to low-level information so that with one 68.871 + * pass, any symbol can be resolved (e.g. Label -> types) 68.872 + */ 68.873 +int write_mapping(char *filename) 68.874 +{ 68.875 + 68.876 + struct ssid_entry *e; 68.877 + struct type_entry *t; 68.878 + int i; 68.879 + FILE *file; 68.880 + 68.881 + if ((file = fopen(filename, "w")) == NULL) 68.882 + return -EIO; 68.883 + 68.884 + fprintf(file, "MAGIC %08x\n", ACM_MAGIC); 68.885 + fprintf(file, "POLICY %s\n", 68.886 + basename(policy_filename)); 68.887 + fprintf(file, "BINARY %s\n", 68.888 + basename(binary_filename)); 68.889 + if (have_chwall) 68.890 + { 68.891 + fprintf(file, "MAX-CHWALL-TYPES %08x\n", max_chwall_types); 68.892 + fprintf(file, "MAX-CHWALL-SSIDS %08x\n", max_chwall_ssids); 68.893 + fprintf(file, "MAX-CHWALL-LABELS %08x\n", max_chwall_labels); 68.894 + } 68.895 + if (have_ste) 68.896 + { 68.897 + fprintf(file, "MAX-STE-TYPES %08x\n", max_ste_types); 68.898 + fprintf(file, "MAX-STE-SSIDS %08x\n", max_ste_ssids); 68.899 + fprintf(file, "MAX-STE-LABELS %08x\n", max_ste_labels); 68.900 + } 68.901 + fprintf(file, "\n"); 68.902 + 68.903 + /* primary / secondary order for combined ssid synthesis/analysis 68.904 + * if no primary is named, then chwall is primary */ 68.905 + switch (primary) { 68.906 + case CHWALL: 68.907 + fprintf(file, "PRIMARY CHWALL\n"); 68.908 + break; 68.909 + 68.910 + case STE: 68.911 + fprintf(file, "PRIMARY STE\n"); 68.912 + break; 68.913 + 68.914 + default: 68.915 + fprintf(file, "PRIMARY NULL\n"); 68.916 + break; 68.917 + } 68.918 + 68.919 + switch (secondary) { 68.920 + case CHWALL: 68.921 + fprintf(file, "SECONDARY CHWALL\n"); 68.922 + break; 68.923 + 68.924 + case STE: 68.925 + fprintf(file, "SECONDARY STE\n"); 68.926 + break; 68.927 + 68.928 + default: 68.929 + fprintf(file, "SECONDARY NULL\n"); 68.930 + break; 68.931 + } 68.932 + fprintf(file, "\n"); 68.933 + 68.934 + /* first labels to ssid mappings */ 68.935 + if (have_chwall) 68.936 + { 68.937 + for (e = chwall_ssid_head.tqh_first; e != NULL; 68.938 + e = e->entries.tqe_next) 68.939 + { 68.940 + fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n", 68.941 + (e->type == 68.942 + VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"), 68.943 + e->name, e->num); 68.944 + } 68.945 + fprintf(file, "\n"); 68.946 + } 68.947 + if (have_ste) 68.948 + { 68.949 + for (e = ste_ssid_head.tqh_first; e != NULL; 68.950 + e = e->entries.tqe_next) 68.951 + { 68.952 + fprintf(file, "LABEL->SSID %s STE %-25s %8x\n", 68.953 + (e->type == 68.954 + VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"), 68.955 + e->name, e->num); 68.956 + } 68.957 + fprintf(file, "\n"); 68.958 + } 68.959 + 68.960 + /* second ssid to type mappings */ 68.961 + if (have_chwall) 68.962 + { 68.963 + for (e = chwall_ssid_head.tqh_first; e != NULL; 68.964 + e = e->entries.tqe_next) 68.965 + { 68.966 + if (e->is_ref) 68.967 + continue; 68.968 + 68.969 + fprintf(file, "SSID->TYPE CHWALL %08x", e->num); 68.970 + 68.971 + for (i = 0; i < max_chwall_types; i++) 68.972 + if (e->row[i]) 68.973 + fprintf(file, " %s", type_by_mapping(&chwall_head, i)); 68.974 + 68.975 + fprintf(file, "\n"); 68.976 + } 68.977 + fprintf(file, "\n"); 68.978 + } 68.979 + if (have_ste) { 68.980 + for (e = ste_ssid_head.tqh_first; e != NULL; 68.981 + e = e->entries.tqe_next) 68.982 + { 68.983 + if (e->is_ref) 68.984 + continue; 68.985 + 68.986 + fprintf(file, "SSID->TYPE STE %08x", e->num); 68.987 + 68.988 + for (i = 0; i < max_ste_types; i++) 68.989 + if (e->row[i]) 68.990 + fprintf(file, " %s", type_by_mapping(&ste_head, i)); 68.991 + 68.992 + fprintf(file, "\n"); 68.993 + } 68.994 + fprintf(file, "\n"); 68.995 + } 68.996 + /* third type mappings */ 68.997 + if (have_chwall) 68.998 + { 68.999 + for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next) 68.1000 + { 68.1001 + fprintf(file, "TYPE CHWALL %-25s %8x\n", 68.1002 + t->name, t->mapping); 68.1003 + } 68.1004 + fprintf(file, "\n"); 68.1005 + } 68.1006 + if (have_ste) { 68.1007 + for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next) 68.1008 + { 68.1009 + fprintf(file, "TYPE STE %-25s %8x\n", 68.1010 + t->name, t->mapping); 68.1011 + } 68.1012 + fprintf(file, "\n"); 68.1013 + } 68.1014 + fclose(file); 68.1015 + return 0; 68.1016 +} 68.1017 + 68.1018 +unsigned char *write_chwall_binary(u_int32_t * len_chwall) 68.1019 +{ 68.1020 + unsigned char *buf, *ptr; 68.1021 + struct acm_chwall_policy_buffer *chwall_header; 68.1022 + u_int32_t len; 68.1023 + struct ssid_entry *e; 68.1024 + int i; 68.1025 + 68.1026 + if (!have_chwall) 68.1027 + return NULL; 68.1028 + 68.1029 + len = sizeof(struct acm_chwall_policy_buffer) + 68.1030 + sizeof(type_t) * max_chwall_types * max_chwall_ssids + 68.1031 + sizeof(type_t) * max_chwall_types * max_conflictsets; 68.1032 + 68.1033 + buf = malloc(len); 68.1034 + ptr = buf; 68.1035 + 68.1036 + if (!buf) 68.1037 + { 68.1038 + printf("ERROR: out of memory allocating chwall buffer.\n"); 68.1039 + exit(EXIT_FAILURE); 68.1040 + } 68.1041 + /* chwall has 3 parts : header, types, conflictsets */ 68.1042 + 68.1043 + chwall_header = (struct acm_chwall_policy_buffer *) buf; 68.1044 + chwall_header->chwall_max_types = htonl(max_chwall_types); 68.1045 + chwall_header->chwall_max_ssidrefs = htonl(max_chwall_ssids); 68.1046 + chwall_header->policy_code = htonl(ACM_CHINESE_WALL_POLICY); 68.1047 + chwall_header->policy_version = htonl(ACM_CHWALL_VERSION); 68.1048 + chwall_header->chwall_ssid_offset = 68.1049 + htonl(sizeof(struct acm_chwall_policy_buffer)); 68.1050 + chwall_header->chwall_max_conflictsets = htonl(max_conflictsets); 68.1051 + chwall_header->chwall_conflict_sets_offset = 68.1052 + htonl(ntohl(chwall_header->chwall_ssid_offset) + 68.1053 + sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types); 68.1054 + chwall_header->chwall_running_types_offset = 0; /* not set, only retrieved */ 68.1055 + chwall_header->chwall_conflict_aggregate_offset = 0; /* not set, only retrieved */ 68.1056 + ptr += sizeof(struct acm_chwall_policy_buffer); 68.1057 + 68.1058 + /* types */ 68.1059 + for (e = chwall_ssid_head.tqh_first; e != NULL; 68.1060 + e = e->entries.tqe_next) 68.1061 + { 68.1062 + if (e->is_ref) 68.1063 + continue; 68.1064 + 68.1065 + for (i = 0; i < max_chwall_types; i++) 68.1066 + ((type_t *) ptr)[i] = htons((type_t) e->row[i]); 68.1067 + 68.1068 + ptr += sizeof(type_t) * max_chwall_types; 68.1069 + } 68.1070 + 68.1071 + /* conflictsets */ 68.1072 + for (e = conflictsets_head.tqh_first; e != NULL; 68.1073 + e = e->entries.tqe_next) 68.1074 + { 68.1075 + for (i = 0; i < max_chwall_types; i++) 68.1076 + ((type_t *) ptr)[i] = htons((type_t) e->row[i]); 68.1077 + 68.1078 + ptr += sizeof(type_t) * max_chwall_types; 68.1079 + } 68.1080 + 68.1081 + if ((ptr - buf) != len) 68.1082 + { 68.1083 + printf("ERROR: wrong lengths in %s.\n", __func__); 68.1084 + exit(EXIT_FAILURE); 68.1085 + } 68.1086 + 68.1087 + (*len_chwall) = len; 68.1088 + return buf; 68.1089 +} 68.1090 + 68.1091 +unsigned char *write_ste_binary(u_int32_t * len_ste) 68.1092 +{ 68.1093 + unsigned char *buf, *ptr; 68.1094 + struct acm_ste_policy_buffer *ste_header; 68.1095 + struct ssid_entry *e; 68.1096 + u_int32_t len; 68.1097 + int i; 68.1098 + 68.1099 + if (!have_ste) 68.1100 + return NULL; 68.1101 + 68.1102 + len = sizeof(struct acm_ste_policy_buffer) + 68.1103 + sizeof(type_t) * max_ste_types * max_ste_ssids; 68.1104 + 68.1105 + buf = malloc(len); 68.1106 + ptr = buf; 68.1107 + 68.1108 + if (!buf) 68.1109 + { 68.1110 + printf("ERROR: out of memory allocating chwall buffer.\n"); 68.1111 + exit(EXIT_FAILURE); 68.1112 + } 68.1113 + 68.1114 + /* fill buffer */ 68.1115 + ste_header = (struct acm_ste_policy_buffer *) buf; 68.1116 + ste_header->policy_version = htonl(ACM_STE_VERSION); 68.1117 + ste_header->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 68.1118 + ste_header->ste_max_types = htonl(max_ste_types); 68.1119 + ste_header->ste_max_ssidrefs = htonl(max_ste_ssids); 68.1120 + ste_header->ste_ssid_offset = 68.1121 + htonl(sizeof(struct acm_ste_policy_buffer)); 68.1122 + 68.1123 + ptr += sizeof(struct acm_ste_policy_buffer); 68.1124 + 68.1125 + /* types */ 68.1126 + for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next) 68.1127 + { 68.1128 + if (e->is_ref) 68.1129 + continue; 68.1130 + 68.1131 + for (i = 0; i < max_ste_types; i++) 68.1132 + ((type_t *) ptr)[i] = htons((type_t) e->row[i]); 68.1133 + 68.1134 + ptr += sizeof(type_t) * max_ste_types; 68.1135 + } 68.1136 + 68.1137 + if ((ptr - buf) != len) 68.1138 + { 68.1139 + printf("ERROR: wrong lengths in %s.\n", __func__); 68.1140 + exit(EXIT_FAILURE); 68.1141 + } 68.1142 + (*len_ste) = len; 68.1143 + return buf; /* for now */ 68.1144 +} 68.1145 + 68.1146 +int write_binary(char *filename) 68.1147 +{ 68.1148 + struct acm_policy_buffer header; 68.1149 + unsigned char *ste_buffer = NULL, *chwall_buffer = NULL; 68.1150 + u_int32_t len; 68.1151 + int fd; 68.1152 + 68.1153 + u_int32_t len_ste = 0, len_chwall = 0; /* length of policy components */ 68.1154 + 68.1155 + /* open binary file */ 68.1156 + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) <= 0) 68.1157 + return -EIO; 68.1158 + 68.1159 + ste_buffer = write_ste_binary(&len_ste); 68.1160 + chwall_buffer = write_chwall_binary(&len_chwall); 68.1161 + 68.1162 + /* determine primary component (default chwall) */ 68.1163 + header.policy_version = htonl(ACM_POLICY_VERSION); 68.1164 + header.magic = htonl(ACM_MAGIC); 68.1165 + 68.1166 + len = sizeof(struct acm_policy_buffer); 68.1167 + if (have_chwall) 68.1168 + len += len_chwall; 68.1169 + if (have_ste) 68.1170 + len += len_ste; 68.1171 + header.len = htonl(len); 68.1172 + 68.1173 + header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer)); 68.1174 + if (primary == CHWALL) 68.1175 + { 68.1176 + header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY); 68.1177 + header.secondary_buffer_offset = 68.1178 + htonl((sizeof(struct acm_policy_buffer)) + len_chwall); 68.1179 + } 68.1180 + else if (primary == STE) 68.1181 + { 68.1182 + header.primary_policy_code = 68.1183 + htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 68.1184 + header.secondary_buffer_offset = 68.1185 + htonl((sizeof(struct acm_policy_buffer)) + len_ste); 68.1186 + } 68.1187 + else 68.1188 + { 68.1189 + /* null policy */ 68.1190 + header.primary_policy_code = htonl(ACM_NULL_POLICY); 68.1191 + header.secondary_buffer_offset = 68.1192 + htonl(header.primary_buffer_offset); 68.1193 + } 68.1194 + 68.1195 + if (secondary == CHWALL) 68.1196 + header.secondary_policy_code = htonl(ACM_CHINESE_WALL_POLICY); 68.1197 + else if (secondary == STE) 68.1198 + header.secondary_policy_code = 68.1199 + htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 68.1200 + else 68.1201 + header.secondary_policy_code = htonl(ACM_NULL_POLICY); 68.1202 + 68.1203 + if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer)) 68.1204 + != sizeof(struct acm_policy_buffer)) 68.1205 + return -EIO; 68.1206 + 68.1207 + /* write primary policy component */ 68.1208 + if (primary == CHWALL) 68.1209 + { 68.1210 + if (write(fd, chwall_buffer, len_chwall) != len_chwall) 68.1211 + return -EIO; 68.1212 + } 68.1213 + else if (primary == STE) 68.1214 + { 68.1215 + if (write(fd, ste_buffer, len_ste) != len_ste) 68.1216 + return -EIO; 68.1217 + } else 68.1218 + ; /* NULL POLICY has no policy data */ 68.1219 + 68.1220 + /* write secondary policy component */ 68.1221 + if (secondary == CHWALL) 68.1222 + { 68.1223 + if (write(fd, chwall_buffer, len_chwall) != len_chwall) 68.1224 + return -EIO; 68.1225 + } 68.1226 + else if (secondary == STE) 68.1227 + { 68.1228 + if (write(fd, ste_buffer, len_ste) != len_ste) 68.1229 + return -EIO; 68.1230 + } else; /* NULL POLICY has no policy data */ 68.1231 + 68.1232 + close(fd); 68.1233 + return 0; 68.1234 +} 68.1235 + 68.1236 +int is_valid(xmlDocPtr doc) 68.1237 +{ 68.1238 + int err = 0; 68.1239 + xmlSchemaPtr schema_ctxt = NULL; 68.1240 + xmlSchemaParserCtxtPtr schemaparser_ctxt = NULL; 68.1241 + xmlSchemaValidCtxtPtr schemavalid_ctxt = NULL; 68.1242 + 68.1243 + schemaparser_ctxt = xmlSchemaNewParserCtxt(SCHEMA_FILENAME); 68.1244 + schema_ctxt = xmlSchemaParse(schemaparser_ctxt); 68.1245 + schemavalid_ctxt = xmlSchemaNewValidCtxt(schema_ctxt); 68.1246 + 68.1247 +#ifdef VALIDATE_SCHEMA 68.1248 + /* only tested to be available from libxml2-2.6.20 upwards */ 68.1249 + if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1) 68.1250 + { 68.1251 + printf("ERROR: Invalid schema file %s (err=%d)\n", 68.1252 + SCHEMA_FILENAME, err); 68.1253 + err = -EIO; 68.1254 + goto out; 68.1255 + } 68.1256 + else 68.1257 + printf("XML Schema %s valid.\n", SCHEMA_FILENAME); 68.1258 +#endif 68.1259 + if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc))) 68.1260 + { 68.1261 + err = -EIO; 68.1262 + goto out; 68.1263 + } 68.1264 + out: 68.1265 + xmlSchemaFreeValidCtxt(schemavalid_ctxt); 68.1266 + xmlSchemaFreeParserCtxt(schemaparser_ctxt); 68.1267 + xmlSchemaFree(schema_ctxt); 68.1268 + return (err != 0) ? 0 : 1; 68.1269 +} 68.1270 + 68.1271 +int main(int argc, char **argv) 68.1272 +{ 68.1273 + xmlDocPtr labeldoc = NULL; 68.1274 + xmlDocPtr policydoc = NULL; 68.1275 + 68.1276 + int err = EXIT_SUCCESS; 68.1277 + 68.1278 + char *file_prefix; 68.1279 + int prefix_len; 68.1280 + 68.1281 + if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION) 68.1282 + { 68.1283 + printf("ERROR: This program was written against an older ACM version.\n"); 68.1284 + exit(EXIT_FAILURE); 68.1285 + } 68.1286 + 68.1287 + if (argc != 2) 68.1288 + usage(basename(argv[0])); 68.1289 + 68.1290 + prefix_len = strlen(POLICY_SUBDIR) + 68.1291 + strlen(argv[1]) + 1 /* "/" */ + 68.1292 + strlen(argv[1]) + 1 /* "/" */ ; 68.1293 + 68.1294 + file_prefix = malloc(prefix_len); 68.1295 + policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION)); 68.1296 + label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION)); 68.1297 + binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION)); 68.1298 + mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION)); 68.1299 + 68.1300 + if (!file_prefix || !policy_filename || !label_filename || 68.1301 + !binary_filename || !mapping_filename) 68.1302 + { 68.1303 + printf("ERROR allocating file name memory.\n"); 68.1304 + goto out2; 68.1305 + } 68.1306 + 68.1307 + /* create input/output filenames out of prefix */ 68.1308 + strcat(file_prefix, POLICY_SUBDIR); 68.1309 + strcat(file_prefix, argv[1]); 68.1310 + strcat(file_prefix, "/"); 68.1311 + strcat(file_prefix, argv[1]); 68.1312 + 68.1313 + strcpy(policy_filename, file_prefix); 68.1314 + strcpy(label_filename, file_prefix); 68.1315 + strcpy(binary_filename, file_prefix); 68.1316 + strcpy(mapping_filename, file_prefix); 68.1317 + 68.1318 + strcat(policy_filename, POLICY_EXTENSION); 68.1319 + strcat(label_filename, LABEL_EXTENSION); 68.1320 + strcat(binary_filename, BINARY_EXTENSION); 68.1321 + strcat(mapping_filename, MAPPING_EXTENSION); 68.1322 + 68.1323 + labeldoc = xmlParseFile(label_filename); 68.1324 + 68.1325 + if (labeldoc == NULL) 68.1326 + { 68.1327 + printf("Error: could not parse file %s.\n", argv[1]); 68.1328 + goto out2; 68.1329 + } 68.1330 + 68.1331 + printf("Validating label file %s...\n", label_filename); 68.1332 + if (!is_valid(labeldoc)) 68.1333 + { 68.1334 + printf("ERROR: Failed schema-validation for file %s (err=%d)\n", 68.1335 + label_filename, err); 68.1336 + goto out1; 68.1337 + } 68.1338 + 68.1339 + policydoc = xmlParseFile(policy_filename); 68.1340 + 68.1341 + if (policydoc == NULL) 68.1342 + { 68.1343 + printf("Error: could not parse file %s.\n", argv[1]); 68.1344 + goto out1; 68.1345 + } 68.1346 + 68.1347 + printf("Validating policy file %s...\n", policy_filename); 68.1348 + 68.1349 + if (!is_valid(policydoc)) 68.1350 + { 68.1351 + printf("ERROR: Failed schema-validation for file %s (err=%d)\n", 68.1352 + policy_filename, err); 68.1353 + goto out; 68.1354 + } 68.1355 + 68.1356 + /* Init queues and parse policy */ 68.1357 + create_type_mapping(policydoc); 68.1358 + 68.1359 + /* create ssids */ 68.1360 + create_ssid_mapping(labeldoc); 68.1361 + 68.1362 + /* write label mapping file */ 68.1363 + if (write_mapping(mapping_filename)) 68.1364 + { 68.1365 + printf("ERROR: writing mapping file %s.\n", mapping_filename); 68.1366 + goto out; 68.1367 + } 68.1368 + 68.1369 + /* write binary file */ 68.1370 + if (write_binary(binary_filename)) 68.1371 + { 68.1372 + printf("ERROR: writing binary file %s.\n", binary_filename); 68.1373 + goto out; 68.1374 + } 68.1375 + 68.1376 + /* write stats */ 68.1377 + if (have_chwall) 68.1378 + { 68.1379 + printf("Max chwall labels: %u\n", max_chwall_labels); 68.1380 + printf("Max chwall-types: %u\n", max_chwall_types); 68.1381 + printf("Max chwall-ssids: %u\n", max_chwall_ssids); 68.1382 + } 68.1383 + 68.1384 + if (have_ste) 68.1385 + { 68.1386 + printf("Max ste labels: %u\n", max_ste_labels); 68.1387 + printf("Max ste-types: %u\n", max_ste_types); 68.1388 + printf("Max ste-ssids: %u\n", max_ste_ssids); 68.1389 + } 68.1390 + /* cleanup */ 68.1391 + out: 68.1392 + xmlFreeDoc(policydoc); 68.1393 + out1: 68.1394 + xmlFreeDoc(labeldoc); 68.1395 + out2: 68.1396 + xmlCleanupParser(); 68.1397 + return err; 68.1398 +} 68.1399 +
69.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 69.2 +++ b/tools/security/secpol_xml2bin.h Fri Aug 19 10:50:15 2005 +0000 69.3 @@ -0,0 +1,139 @@ 69.4 +/**************************************************************** 69.5 + * secpol_xml2bin.h 69.6 + * 69.7 + * Copyright (C) 2005 IBM Corporation 69.8 + * 69.9 + * Authors: 69.10 + * Reiner Sailer <sailer@watson.ibm.com> 69.11 + * 69.12 + * This program is free software; you can redistribute it and/or 69.13 + * modify it under the terms of the GNU General Public License as 69.14 + * published by the Free Software Foundation, version 2 of the 69.15 + * License. 69.16 + * 69.17 + */ 69.18 +#define POLICY_SUBDIR "policies/" 69.19 +#define POLICY_EXTENSION "-security_policy.xml" 69.20 +#define LABEL_EXTENSION "-security_label_template.xml" 69.21 +#define BINARY_EXTENSION ".bin" 69.22 +#define MAPPING_EXTENSION ".map" 69.23 +#define PRIMARY_COMPONENT_ATTR_NAME "order" 69.24 +#define BOOTSTRAP_LABEL_ATTR_NAME "bootstrap" 69.25 +#define PRIMARY_COMPONENT "PrimaryPolicyComponent" 69.26 +#define SCHEMA_FILENAME "policies/security_policy.xsd" 69.27 + 69.28 +/* basic states (used as 1 << X) */ 69.29 +#define XML2BIN_SECPOL 0 /* policy tokens */ 69.30 +#define XML2BIN_STE 1 69.31 +#define XML2BIN_CHWALL 2 69.32 +#define XML2BIN_CONFLICTSETS 3 69.33 +#define XML2BIN_CSTYPE 4 69.34 + 69.35 +#define XML2BIN_SECTEMPLATE 5 /* label tokens */ 69.36 +#define XML2BIN_POLICYHEADER 6 69.37 +#define XML2BIN_LABELHEADER 7 69.38 +#define XML2BIN_SUBJECTS 8 69.39 +#define XML2BIN_OBJECTS 9 69.40 +#define XML2BIN_VM 10 69.41 +#define XML2BIN_RES 11 69.42 + 69.43 +#define XML2BIN_STETYPES 12 /* shared tokens */ 69.44 +#define XML2BIN_CHWALLTYPES 13 69.45 +#define XML2BIN_TYPE 14 69.46 +#define XML2BIN_NAME 15 69.47 +#define XML2BIN_TEXT 16 69.48 +#define XML2BIN_COMMENT 17 69.49 + 69.50 +/* type "data type" (currently 16bit) */ 69.51 +typedef u_int16_t type_t; 69.52 + 69.53 +/* list of known elements and token equivalent * 69.54 + * state constants and token positions must be * 69.55 + * in sync for correct state recognition */ 69.56 + 69.57 +char *token[20] = /* parser triggers */ 69.58 +{ 69.59 + [0] = "SecurityPolicyDefinition", /* policy xml */ 69.60 + [1] = "SimpleTypeEnforcement", 69.61 + [2] = "ChineseWall", 69.62 + [3] = "ConflictSets", 69.63 + [4] = "Conflict", /* label-template xml */ 69.64 + [5] = "SecurityLabelTemplate", 69.65 + [6] = "PolicyHeader", 69.66 + [7] = "LabelHeader", 69.67 + [8] = "SubjectLabels", 69.68 + [9] = "ObjectLabels", 69.69 + [10] = "VirtualMachineLabel", 69.70 + [11] = "ResourceLabel", 69.71 + [12] = "SimpleTypeEnforcementTypes", /* common tags */ 69.72 + [13] = "ChineseWallTypes", 69.73 + [14] = "Type", 69.74 + [15] = "Name", 69.75 + [16] = "text", 69.76 + [17] = "comment", 69.77 + [18] = NULL, 69.78 +}; 69.79 + 69.80 +/* important combined states */ 69.81 +#define XML2BIN_NULL 0 69.82 + 69.83 +/* policy xml parsing states _S */ 69.84 + 69.85 +/* e.g., here we are in a <secpol,ste,stetypes> environment, * 69.86 + * so when finding a type element, we know where to put it */ 69.87 +#define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \ 69.88 + (1 << XML2BIN_STE) | \ 69.89 + (1 << XML2BIN_STETYPES)) 69.90 + 69.91 +#define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \ 69.92 + (1 << XML2BIN_CHWALL) | \ 69.93 + (1 << XML2BIN_CHWALLTYPES)) 69.94 + 69.95 +#define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \ 69.96 + (1 << XML2BIN_CHWALL) | \ 69.97 + (1 << XML2BIN_CONFLICTSETS)) 69.98 + 69.99 +#define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \ 69.100 + (1 << XML2BIN_CHWALL) | \ 69.101 + (1 << XML2BIN_CONFLICTSETS) | \ 69.102 + (1 << XML2BIN_CSTYPE)) 69.103 + 69.104 + 69.105 +/* label xml states */ 69.106 +#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \ 69.107 + (1 << XML2BIN_SUBJECTS) | \ 69.108 + (1 << XML2BIN_VM)) 69.109 + 69.110 +#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \ 69.111 + (1 << XML2BIN_OBJECTS) | \ 69.112 + (1 << XML2BIN_RES)) 69.113 + 69.114 +#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \ 69.115 + (1 << XML2BIN_SUBJECTS) | \ 69.116 + (1 << XML2BIN_VM) | \ 69.117 + (1 << XML2BIN_STETYPES)) 69.118 + 69.119 +#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \ 69.120 + (1 << XML2BIN_SUBJECTS) | \ 69.121 + (1 << XML2BIN_VM) | \ 69.122 + (1 << XML2BIN_CHWALLTYPES)) 69.123 + 69.124 +#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \ 69.125 + (1 << XML2BIN_OBJECTS) | \ 69.126 + (1 << XML2BIN_RES) | \ 69.127 + (1 << XML2BIN_STETYPES)) 69.128 + 69.129 + 69.130 + 69.131 +/* check versions of headers against which the 69.132 + * xml2bin translation tool was written 69.133 + */ 69.134 + 69.135 +/* protects from unnoticed changes in struct acm_policy_buffer */ 69.136 +#define WRITTEN_AGAINST_ACM_POLICY_VERSION 1 69.137 + 69.138 +/* protects from unnoticed changes in struct acm_chwall_policy_buffer */ 69.139 +#define WRITTEN_AGAINST_ACM_CHWALL_VERSION 1 69.140 + 69.141 +/* protects from unnoticed changes in struct acm_ste_policy_buffer */ 69.142 +#define WRITTEN_AGAINST_ACM_STE_VERSION 1
70.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 70.2 +++ b/tools/security/setlabel.sh Fri Aug 19 10:50:15 2005 +0000 70.3 @@ -0,0 +1,345 @@ 70.4 +#!/bin/sh 70.5 +# * 70.6 +# * setlabel 70.7 +# * 70.8 +# * Copyright (C) 2005 IBM Corporation 70.9 +# * 70.10 +# * Authors: 70.11 +# * Stefan Berger <stefanb@us.ibm.com> 70.12 +# * 70.13 +# * This program is free software; you can redistribute it and/or 70.14 +# * modify it under the terms of the GNU General Public License as 70.15 +# * published by the Free Software Foundation, version 2 of the 70.16 +# * License. 70.17 +# * 70.18 +# * 'setlabel' labels virtual machine (domain) configuration files with 70.19 +# * security identifiers that can be enforced in Xen. 70.20 +# * 70.21 +# * 'setlabel -?' shows the usage of the program 70.22 +# * 70.23 +# * 'setlabel -l vmconfig-file' lists all available labels (only VM 70.24 +# * labels are used right now) 70.25 +# * 70.26 +# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref' 70.27 +# * that corresponds to the security-label under the 70.28 +# * current policy (if policy changes, 'label' 70.29 +# * must be re-run over the configuration files; 70.30 +# * map-file is created during policy translation and 70.31 +# * is found in the policy's directory 70.32 +# 70.33 + 70.34 +if [ -z "$runbash" ]; then 70.35 + runbash="1" 70.36 + export runbash 70.37 + exec sh -c "bash $0 $*" 70.38 +fi 70.39 + 70.40 + 70.41 +usage () 70.42 +{ 70.43 + echo "Usage: $0 [Option] <vmfile> <label> <policy name> " 70.44 + echo " or $0 -l <policy name>" 70.45 + echo "" 70.46 + echo "Valid Options are:" 70.47 + echo "-r : to relabel a file without being prompted" 70.48 + echo "" 70.49 + echo "vmfile : XEN vm configuration file" 70.50 + echo "label : the label to map" 70.51 + echo "policy name : the name of the policy, i.e. 'chwall'" 70.52 + echo "" 70.53 + echo "-l <policy name> is used to show valid labels in the map file" 70.54 + echo "" 70.55 +} 70.56 + 70.57 + 70.58 +findMapFile () 70.59 +{ 70.60 + mapfile="./$1.map" 70.61 + if [ -r "$mapfile" ]; then 70.62 + return 1 70.63 + fi 70.64 + 70.65 + mapfile="./policies/$1/$1.map" 70.66 + if [ -r "$mapfile" ]; then 70.67 + return 1 70.68 + fi 70.69 + 70.70 + return 0 70.71 +} 70.72 + 70.73 +showLabels () 70.74 +{ 70.75 + mapfile=$1 70.76 + if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then 70.77 + echo "Cannot read from vm configuration file $vmfile." 70.78 + return -1 70.79 + fi 70.80 + 70.81 + getPrimaryPolicy $mapfile 70.82 + getSecondaryPolicy $mapfile 70.83 + 70.84 + echo "The following labels are available:" 70.85 + let line=1 70.86 + while [ 1 ]; do 70.87 + ITEM=`cat $mapfile | \ 70.88 + awk -vline=$line \ 70.89 + -vprimary=$primary \ 70.90 + '{ \ 70.91 + if ($1 == "LABEL->SSID" && \ 70.92 + $2 == "VM" && \ 70.93 + $3 == primary ) { \ 70.94 + ctr++; \ 70.95 + if (ctr == line) { \ 70.96 + print $4; \ 70.97 + } \ 70.98 + } \ 70.99 + } END { \ 70.100 + }'` 70.101 + 70.102 + if [ "$ITEM" == "" ]; then 70.103 + break 70.104 + fi 70.105 + if [ "$secondary" != "NULL" ]; then 70.106 + LABEL=`cat $mapfile | \ 70.107 + awk -vitem=$ITEM \ 70.108 + '{ 70.109 + if ($1 == "LABEL->SSID" && \ 70.110 + $2 == "VM" && \ 70.111 + $3 == "CHWALL" && \ 70.112 + $4 == item ) { \ 70.113 + result = item; \ 70.114 + } \ 70.115 + } END { \ 70.116 + print result \ 70.117 + }'` 70.118 + else 70.119 + LABEL=$ITEM 70.120 + fi 70.121 + 70.122 + if [ "$LABEL" != "" ]; then 70.123 + echo "$LABEL" 70.124 + found=1 70.125 + fi 70.126 + let line=line+1 70.127 + done 70.128 + if [ "$found" != "1" ]; then 70.129 + echo "No labels found." 70.130 + fi 70.131 +} 70.132 + 70.133 +getPrimaryPolicy () 70.134 +{ 70.135 + mapfile=$1 70.136 + primary=`cat $mapfile | \ 70.137 + awk ' \ 70.138 + { \ 70.139 + if ( $1 == "PRIMARY" ) { \ 70.140 + res=$2; \ 70.141 + } \ 70.142 + } END { \ 70.143 + print res; \ 70.144 + } '` 70.145 +} 70.146 + 70.147 +getSecondaryPolicy () 70.148 +{ 70.149 + mapfile=$1 70.150 + secondary=`cat $mapfile | \ 70.151 + awk ' \ 70.152 + { \ 70.153 + if ( $1 == "SECONDARY" ) { \ 70.154 + res=$2; \ 70.155 + } \ 70.156 + } END { \ 70.157 + print res; \ 70.158 + } '` 70.159 +} 70.160 + 70.161 + 70.162 +getDefaultSsid () 70.163 +{ 70.164 + mapfile=$1 70.165 + pol=$2 70.166 + RES=`cat $mapfile \ 70.167 + awk -vpol=$pol \ 70.168 + { \ 70.169 + if ($1 == "LABEL->SSID" && \ 70.170 + $2 == "ANY" && \ 70.171 + $3 == pol && \ 70.172 + $4 == "DEFAULT" ) {\ 70.173 + res=$5; \ 70.174 + } \ 70.175 + } END { \ 70.176 + printf "%04x", strtonum(res) \ 70.177 + }'` 70.178 + echo "default NULL mapping is $RES" 70.179 + defaultssid=$RES 70.180 +} 70.181 + 70.182 +relabel () 70.183 +{ 70.184 + vmfile=$1 70.185 + label=$2 70.186 + mapfile=$3 70.187 + mode=$4 70.188 + 70.189 + if [ ! -r "$vmfile" ]; then 70.190 + echo "Cannot read from vm configuration file $vmfile." 70.191 + return -1 70.192 + fi 70.193 + 70.194 + if [ ! -w "$vmfile" ]; then 70.195 + echo "Cannot write to vm configuration file $vmfile." 70.196 + return -1 70.197 + fi 70.198 + 70.199 + if [ ! -r "$mapfile" ] ; then 70.200 + echo "Cannot read mapping file $mapfile." 70.201 + return -1 70.202 + fi 70.203 + 70.204 + # Determine which policy is primary, which sec. 70.205 + getPrimaryPolicy $mapfile 70.206 + getSecondaryPolicy $mapfile 70.207 + 70.208 + # Calculate the primary policy's SSIDREF 70.209 + if [ "$primary" == "NULL" ]; then 70.210 + SSIDLO="0000" 70.211 + else 70.212 + SSIDLO=`cat $mapfile | \ 70.213 + awk -vlabel=$label \ 70.214 + -vprimary=$primary \ 70.215 + '{ \ 70.216 + if ( $1 == "LABEL->SSID" && \ 70.217 + $2 == "VM" && \ 70.218 + $3 == primary && \ 70.219 + $4 == label ) { \ 70.220 + result=$5 \ 70.221 + } \ 70.222 + } END { \ 70.223 + if (result != "" ) \ 70.224 + {printf "%04x", strtonum(result)}\ 70.225 + }'` 70.226 + fi 70.227 + 70.228 + # Calculate the secondary policy's SSIDREF 70.229 + if [ "$secondary" == "NULL" ]; then 70.230 + SSIDHI="0000" 70.231 + else 70.232 + SSIDHI=`cat $mapfile | \ 70.233 + awk -vlabel=$label \ 70.234 + -vsecondary=$secondary \ 70.235 + '{ \ 70.236 + if ( $1 == "LABEL->SSID" && \ 70.237 + $2 == "VM" && \ 70.238 + $3 == secondary && \ 70.239 + $4 == label ) { \ 70.240 + result=$5 \ 70.241 + } \ 70.242 + } END { \ 70.243 + if (result != "" ) \ 70.244 + {printf "%04x", strtonum(result)}\ 70.245 + }'` 70.246 + fi 70.247 + 70.248 + if [ "$SSIDLO" == "" -o \ 70.249 + "$SSIDHI" == "" ]; then 70.250 + echo "Could not map the given label '$label'." 70.251 + return -1 70.252 + fi 70.253 + 70.254 + ACM_POLICY=`cat $mapfile | \ 70.255 + awk ' { if ( $1 == "POLICY" ) { \ 70.256 + result=$2 \ 70.257 + } \ 70.258 + } \ 70.259 + END { \ 70.260 + if (result != "") { \ 70.261 + printf result \ 70.262 + } \ 70.263 + }'` 70.264 + 70.265 + if [ "$ACM_POLICY" == "" ]; then 70.266 + echo "Could not find 'POLICY' entry in map file." 70.267 + return -1 70.268 + fi 70.269 + 70.270 + SSIDREF="0x$SSIDHI$SSIDLO" 70.271 + 70.272 + if [ "$mode" != "relabel" ]; then 70.273 + RES=`cat $vmfile | \ 70.274 + awk '{ \ 70.275 + if ( substr($1,0,7) == "ssidref" ) {\ 70.276 + print $0; \ 70.277 + } \ 70.278 + }'` 70.279 + if [ "$RES" != "" ]; then 70.280 + echo "Do you want to overwrite the existing mapping ($RES)? (y/N)" 70.281 + read user 70.282 + if [ "$user" != "y" -a "$user" != "Y" ]; then 70.283 + echo "Aborted." 70.284 + return 0 70.285 + fi 70.286 + fi 70.287 + fi 70.288 + 70.289 + #Write the output 70.290 + vmtmp1="/tmp/__setlabel.tmp1" 70.291 + vmtmp2="/tmp/__setlabel.tmp2" 70.292 + touch $vmtmp1 70.293 + touch $vmtmp2 70.294 + if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then 70.295 + echo "Cannot create temporary files. Aborting." 70.296 + return -1 70.297 + fi 70.298 + RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1` 70.299 + RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2` 70.300 + RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1` 70.301 + echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1 70.302 + echo "#ACM_LABEL=$label" >> $vmtmp1 70.303 + echo "ssidref = $SSIDREF" >> $vmtmp1 70.304 + mv -f $vmtmp1 $vmfile 70.305 + rm -rf $vmtmp1 $vmtmp2 70.306 + echo "Mapped label '$label' to ssidref '$SSIDREF'." 70.307 +} 70.308 + 70.309 + 70.310 + 70.311 +if [ "$1" == "-r" ]; then 70.312 + mode="relabel" 70.313 + shift 70.314 +elif [ "$1" == "-l" ]; then 70.315 + mode="show" 70.316 + shift 70.317 +elif [ "$1" == "-?" ]; then 70.318 + mode="usage" 70.319 +fi 70.320 + 70.321 +if [ "$mode" == "show" ]; then 70.322 + if [ "$1" == "" ]; then 70.323 + usage 70.324 + exit -1; 70.325 + fi 70.326 + findMapFile $1 70.327 + res=$? 70.328 + if [ "$res" != "0" ]; then 70.329 + showLabels $mapfile 70.330 + else 70.331 + echo "Could not find map file for policy '$1'." 70.332 + fi 70.333 +elif [ "$mode" == "usage" ]; then 70.334 + usage 70.335 +else 70.336 + if [ "$3" == "" ]; then 70.337 + usage 70.338 + exit -1; 70.339 + fi 70.340 + findMapFile $3 70.341 + res=$? 70.342 + if [ "$res" != "0" ]; then 70.343 + relabel $1 $2 $mapfile $mode 70.344 + else 70.345 + echo "Could not find map file for policy '$3'." 70.346 + fi 70.347 + 70.348 +fi
71.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 71.2 +++ b/tools/security/updategrub.sh Fri Aug 19 10:50:15 2005 +0000 71.3 @@ -0,0 +1,171 @@ 71.4 +#!/bin/sh 71.5 +# * 71.6 +# * updategrub 71.7 +# * 71.8 +# * Copyright (C) 2005 IBM Corporation 71.9 +# * 71.10 +# * Authors: 71.11 +# * Stefan Berger <stefanb@us.ibm.com> 71.12 +# * 71.13 +# * This program is free software; you can redistribute it and/or 71.14 +# * modify it under the terms of the GNU General Public License as 71.15 +# * published by the Free Software Foundation, version 2 of the 71.16 +# * License. 71.17 +# * 71.18 +# * 71.19 +# 71.20 + 71.21 +if [ -z "$runbash" ]; then 71.22 + runbash="1" 71.23 + export runbash 71.24 + exec sh -c "bash $0 $*" 71.25 + exit 71.26 +fi 71.27 + 71.28 + 71.29 +# Show usage of this program 71.30 +usage () 71.31 +{ 71.32 + echo "Usage: $0 <policy name> <root of xen repository>" 71.33 + echo "" 71.34 + echo "<policy name> : The name of the policy, i.e. xen_null" 71.35 + echo "<root of xen repository> : The root of the XEN repositrory." 71.36 + echo "" 71.37 +} 71.38 + 71.39 +# This function sets the global variable 'linux' 71.40 +# to the name of the linux kernel that was compiled 71.41 +# For now a pattern should do the trick 71.42 +getLinuxVersion () 71.43 +{ 71.44 + path=$1 71.45 + linux="" 71.46 + for f in $path/linux-*-xen0 ; do 71.47 + versionfile=$f/include/linux/version.h 71.48 + if [ -r $versionfile ]; then 71.49 + lnx=`cat $versionfile | \ 71.50 + grep UTS_RELEASE | \ 71.51 + awk '{ \ 71.52 + len=length($3); \ 71.53 + print substr($3,2,len-2) }'` 71.54 + fi 71.55 + if [ "$lnx" != "" ]; then 71.56 + linux="[./0-9a-zA-z]*$lnx" 71.57 + return; 71.58 + fi 71.59 + done 71.60 + 71.61 + #Last resort. 71.62 + linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$" 71.63 +} 71.64 + 71.65 +#Return where the grub.conf file is. 71.66 +#I only know of one place it can be. 71.67 +findGrubConf() 71.68 +{ 71.69 + grubconf="/boot/grub/grub.conf" 71.70 + if [ -w $grubconf ]; then 71.71 + return 1 71.72 + fi 71.73 + return 0 71.74 +} 71.75 + 71.76 + 71.77 +#Update the grub configuration file. 71.78 +#Search for existing entries and replace the current 71.79 +#policy entry with the policy passed to this script 71.80 +# 71.81 +#Arguments passed to this function 71.82 +# 1st : the grub configuration file 71.83 +# 2nd : the binary policy file name 71.84 +# 3rd : the name or pattern of the linux kernel name to match 71.85 +# 71.86 +# The algorithm here is based on pattern matching 71.87 +# and is working correctly if 71.88 +# - under a title a line beginning with 'kernel' is found 71.89 +# whose following item ends with "xen.gz" 71.90 +# Example: kernel /xen.gz dom0_mem=.... 71.91 +# - a module line matching the 3rd parameter is found 71.92 +# 71.93 +updateGrub () 71.94 +{ 71.95 + grubconf=$1 71.96 + policyfile=$2 71.97 + linux=$3 71.98 + 71.99 + tmpfile="/tmp/new_grub.conf" 71.100 + 71.101 + cat $grubconf | \ 71.102 + awk -vpolicy=$policyfile \ 71.103 + -vlinux=$linux '{ \ 71.104 + if ( $1 == "title" ) { \ 71.105 + kernelfound = 0; \ 71.106 + if ( policymaycome == 1 ){ \ 71.107 + printf ("\tmodule %s%s\n", path, policy); \ 71.108 + } \ 71.109 + policymaycome = 0; \ 71.110 + } \ 71.111 + else if ( $1 == "kernel" ) { \ 71.112 + if ( match($2,"xen.gz$") ) { \ 71.113 + path=substr($2,1,RSTART-1); \ 71.114 + kernelfound = 1; \ 71.115 + } \ 71.116 + } \ 71.117 + else if ( $1 == "module" && \ 71.118 + kernelfound == 1 && \ 71.119 + match($2,linux) ) { \ 71.120 + policymaycome = 1; \ 71.121 + } \ 71.122 + else if ( $1 == "module" && \ 71.123 + kernelfound == 1 && \ 71.124 + policymaycome == 1 && \ 71.125 + match($2,"[0-9a-zA-Z]*.bin$") ) { \ 71.126 + printf ("\tmodule %s%s\n", path, policy); \ 71.127 + policymaycome = 0; \ 71.128 + kernelfound = 0; \ 71.129 + dontprint = 1; \ 71.130 + } \ 71.131 + else if ( $1 == "" && \ 71.132 + kernelfound == 1 && \ 71.133 + policymaycome == 1) { \ 71.134 + dontprint = 1; \ 71.135 + } \ 71.136 + if (dontprint == 0) { \ 71.137 + printf ("%s\n", $0); \ 71.138 + } \ 71.139 + dontprint = 0; \ 71.140 + } END { \ 71.141 + if ( policymaycome == 1 ) { \ 71.142 + printf ("\tmodule %s%s\n", path, policy); \ 71.143 + } \ 71.144 + }' > $tmpfile 71.145 + if [ ! -r $tmpfile ]; then 71.146 + echo "Could not create temporary file! Aborting." 71.147 + exit -1 71.148 + fi 71.149 + mv -f $tmpfile $grubconf 71.150 +} 71.151 + 71.152 +if [ "$1" == "" -o "$2" == "" ]; then 71.153 + usage 71.154 + exit -1 71.155 +fi 71.156 + 71.157 +if [ "$1" == "-?" ]; then 71.158 + usage 71.159 + exit 0 71.160 +fi 71.161 + 71.162 +policy=$1 71.163 +policyfile=$policy.bin 71.164 + 71.165 +getLinuxVersion $2 71.166 + 71.167 +findGrubConf 71.168 +ERR=$? 71.169 +if [ $ERR -eq 0 ]; then 71.170 + echo "Could not find grub.conf. Aborting." 71.171 + exit -1 71.172 +fi 71.173 + 71.174 +updateGrub $grubconf $policyfile $linux
72.1 --- a/xen/Rules.mk Fri Aug 19 10:18:53 2005 +0000 72.2 +++ b/xen/Rules.mk Fri Aug 19 10:50:15 2005 +0000 72.3 @@ -11,14 +11,6 @@ optimize ?= y 72.4 domu_debug ?= n 72.5 crash_debug ?= n 72.6 72.7 -# ACM_USE_SECURITY_POLICY is set to security policy of Xen 72.8 -# Supported models are: 72.9 -# ACM_NULL_POLICY (ACM will not be built with this policy) 72.10 -# ACM_CHINESE_WALL_POLICY 72.11 -# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 72.12 -# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 72.13 -ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY 72.14 - 72.15 include $(BASEDIR)/../Config.mk 72.16 72.17 # Set ARCH/SUBARCH appropriately.
74.1 --- a/xen/arch/x86/domain_build.c Fri Aug 19 10:18:53 2005 +0000 74.2 +++ b/xen/arch/x86/domain_build.c Fri Aug 19 10:50:15 2005 +0000 74.3 @@ -22,16 +22,28 @@ 74.4 #include <asm/i387.h> 74.5 #include <asm/shadow.h> 74.6 74.7 -/* opt_dom0_mem: memory allocated to domain 0. */ 74.8 -static unsigned int opt_dom0_mem; 74.9 +static long dom0_nrpages; 74.10 + 74.11 +/* 74.12 + * dom0_mem: 74.13 + * If +ve: 74.14 + * * The specified amount of memory is allocated to domain 0. 74.15 + * If -ve: 74.16 + * * All of memory is allocated to domain 0, minus the specified amount. 74.17 + * If not specified: 74.18 + * * All of memory is allocated to domain 0, minus 1/16th which is reserved 74.19 + * for uses such as DMA buffers (the reservation is clamped to 128MB). 74.20 + */ 74.21 static void parse_dom0_mem(char *s) 74.22 { 74.23 - unsigned long long bytes = parse_size_and_unit(s); 74.24 - /* If no unit is specified we default to kB units, not bytes. */ 74.25 - if ( isdigit(s[strlen(s)-1]) ) 74.26 - opt_dom0_mem = (unsigned int)bytes; 74.27 - else 74.28 - opt_dom0_mem = (unsigned int)(bytes >> 10); 74.29 + unsigned long long bytes; 74.30 + char *t = s; 74.31 + if ( *s == '-' ) 74.32 + t++; 74.33 + bytes = parse_size_and_unit(t); 74.34 + dom0_nrpages = bytes >> PAGE_SHIFT; 74.35 + if ( *s == '-' ) 74.36 + dom0_nrpages = -dom0_nrpages; 74.37 } 74.38 custom_param("dom0_mem", parse_dom0_mem); 74.39 74.40 @@ -137,12 +149,30 @@ int construct_dom0(struct domain *d, 74.41 74.42 printk("*** LOADING DOMAIN 0 ***\n"); 74.43 74.44 - /* By default DOM0 is allocated all available memory. */ 74.45 d->max_pages = ~0U; 74.46 - if ( (nr_pages = opt_dom0_mem >> (PAGE_SHIFT - 10)) == 0 ) 74.47 + 74.48 + /* 74.49 + * If domain 0 allocation isn't specified, reserve 1/16th of available 74.50 + * memory for things like DMA buffers. This reservation is clamped to 74.51 + * a maximum of 128MB. 74.52 + */ 74.53 + if ( dom0_nrpages == 0 ) 74.54 + { 74.55 + dom0_nrpages = avail_domheap_pages() + 74.56 + ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) + 74.57 + ((image_len + PAGE_SIZE - 1) >> PAGE_SHIFT); 74.58 + dom0_nrpages = min(dom0_nrpages / 16, 128L << (20 - PAGE_SHIFT)); 74.59 + dom0_nrpages = -dom0_nrpages; 74.60 + } 74.61 + 74.62 + /* Negative memory specification means "all memory - specified amount". */ 74.63 + if ( dom0_nrpages < 0 ) 74.64 nr_pages = avail_domheap_pages() + 74.65 ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) + 74.66 - ((image_len + PAGE_SIZE - 1) >> PAGE_SHIFT); 74.67 + ((image_len + PAGE_SIZE - 1) >> PAGE_SHIFT) + 74.68 + dom0_nrpages; 74.69 + else 74.70 + nr_pages = dom0_nrpages; 74.71 74.72 if ( (rc = parseelfimage(&dsi)) != 0 ) 74.73 return rc;
75.1 --- a/xen/arch/x86/mm.c Fri Aug 19 10:18:53 2005 +0000 75.2 +++ b/xen/arch/x86/mm.c Fri Aug 19 10:50:15 2005 +0000 75.3 @@ -3061,7 +3061,7 @@ static int ptwr_emulated_update( 75.4 } 75.5 75.6 /* Turn a sub-word access into a full-word access. */ 75.7 - if (bytes != sizeof(physaddr_t)) 75.8 + if ( bytes != sizeof(physaddr_t) ) 75.9 { 75.10 int rc; 75.11 physaddr_t full; 75.12 @@ -3078,6 +3078,10 @@ static int ptwr_emulated_update( 75.13 val &= (((physaddr_t)1 << (bytes*8)) - 1); 75.14 val <<= (offset)*8; 75.15 val |= full; 75.16 + /* Also fill in missing parts of the cmpxchg old value. */ 75.17 + old &= (((physaddr_t)1 << (bytes*8)) - 1); 75.18 + old <<= (offset)*8; 75.19 + old |= full; 75.20 } 75.21 75.22 /* Read the PTE that maps the page being updated. */ 75.23 @@ -3113,7 +3117,7 @@ static int ptwr_emulated_update( 75.24 if ( do_cmpxchg ) 75.25 { 75.26 ol1e = l1e_from_intpte(old); 75.27 - if ( cmpxchg((unsigned long *)pl1e, old, val) != old ) 75.28 + if ( cmpxchg((intpte_t *)pl1e, old, val) != old ) 75.29 { 75.30 unmap_domain_page(pl1e); 75.31 put_page_from_l1e(nl1e, d); 75.32 @@ -3301,8 +3305,8 @@ int ptwr_do_page_fault(struct domain *d, 75.33 75.34 /* Finally, make the p.t. page writable by the guest OS. */ 75.35 l1e_add_flags(pte, _PAGE_RW); 75.36 - if ( unlikely(__copy_to_user(&linear_pg_table[l1_linear_offset(addr)], 75.37 - &pte, sizeof(pte))) ) 75.38 + if ( unlikely(__put_user(pte.l1, 75.39 + &linear_pg_table[l1_linear_offset(addr)].l1)) ) 75.40 { 75.41 MEM_LOG("ptwr: Could not update pte at %p", (unsigned long *) 75.42 &linear_pg_table[l1_linear_offset(addr)]);
76.1 --- a/xen/arch/x86/setup.c Fri Aug 19 10:18:53 2005 +0000 76.2 +++ b/xen/arch/x86/setup.c Fri Aug 19 10:50:15 2005 +0000 76.3 @@ -244,6 +244,8 @@ static void __init start_of_day(void) 76.4 76.5 #define EARLY_FAIL() for ( ; ; ) __asm__ __volatile__ ( "hlt" ) 76.6 76.7 +static struct e820entry e820_raw[E820MAX]; 76.8 + 76.9 void __init __start_xen(multiboot_info_t *mbi) 76.10 { 76.11 char *cmdline; 76.12 @@ -253,7 +255,6 @@ void __init __start_xen(multiboot_info_t 76.13 unsigned long _initrd_start = 0, _initrd_len = 0; 76.14 unsigned int initrdidx = 1; 76.15 physaddr_t s, e; 76.16 - struct e820entry e820_raw[E820MAX]; 76.17 int i, e820_raw_nr = 0, bytes = 0; 76.18 struct ns16550_defaults ns16550 = { 76.19 .data_bits = 8,
78.1 --- a/xen/arch/x86/traps.c Fri Aug 19 10:18:53 2005 +0000 78.2 +++ b/xen/arch/x86/traps.c Fri Aug 19 10:50:15 2005 +0000 78.3 @@ -159,10 +159,8 @@ void show_trace(unsigned long *esp) 78.4 addr = *stack++; 78.5 if ( is_kernel_text(addr) ) 78.6 { 78.7 - if ( (i != 0) && ((i % 6) == 0) ) 78.8 - printk("\n "); 78.9 printk("[<%p>]", _p(addr)); 78.10 - print_symbol(" %s\n", addr); 78.11 + print_symbol(" %s\n ", addr); 78.12 i++; 78.13 } 78.14 }
79.1 --- a/xen/arch/x86/x86_32/traps.c Fri Aug 19 10:18:53 2005 +0000 79.2 +++ b/xen/arch/x86/x86_32/traps.c Fri Aug 19 10:50:15 2005 +0000 79.3 @@ -66,8 +66,9 @@ void show_registers(struct cpu_user_regs 79.4 79.5 printk("CPU: %d\nEIP: %04lx:[<%08lx>]", 79.6 smp_processor_id(), (unsigned long)0xffff & regs->cs, eip); 79.7 - print_symbol(" %s\n", eip); 79.8 - printk("EFLAGS: %08lx CONTEXT: %s\n", eflags, context); 79.9 + if ( !GUEST_MODE(regs) ) 79.10 + print_symbol(" %s", eip); 79.11 + printk("\nEFLAGS: %08lx CONTEXT: %s\n", eflags, context); 79.12 printk("eax: %08x ebx: %08x ecx: %08x edx: %08x\n", 79.13 regs->eax, regs->ebx, regs->ecx, regs->edx); 79.14 printk("esi: %08x edi: %08x ebp: %08x esp: %08lx\n",
80.1 --- a/xen/arch/x86/x86_64/traps.c Fri Aug 19 10:18:53 2005 +0000 80.2 +++ b/xen/arch/x86/x86_64/traps.c Fri Aug 19 10:50:15 2005 +0000 80.3 @@ -17,8 +17,9 @@ void show_registers(struct cpu_user_regs 80.4 { 80.5 printk("CPU: %d\nEIP: %04x:[<%016lx>]", 80.6 smp_processor_id(), 0xffff & regs->cs, regs->rip); 80.7 - print_symbol(" %s\n", regs->rip); 80.8 - printk("EFLAGS: %016lx\n", regs->eflags); 80.9 + if ( !GUEST_MODE(regs) ) 80.10 + print_symbol(" %s", regs->rip); 80.11 + printk("\nEFLAGS: %016lx\n", regs->eflags); 80.12 printk("rax: %016lx rbx: %016lx rcx: %016lx rdx: %016lx\n", 80.13 regs->rax, regs->rbx, regs->rcx, regs->rdx); 80.14 printk("rsi: %016lx rdi: %016lx rbp: %016lx rsp: %016lx\n",
83.1 --- a/xen/common/lib.c Fri Aug 19 10:18:53 2005 +0000 83.2 +++ b/xen/common/lib.c Fri Aug 19 10:50:15 2005 +0000 83.3 @@ -450,8 +450,10 @@ unsigned long long parse_size_and_unit(c 83.4 ret <<= 10; 83.5 case 'M': case 'm': 83.6 ret <<= 10; 83.7 - case 'K': case 'k': 83.8 + case 'K': case 'k': default: 83.9 ret <<= 10; 83.10 + case 'B': case 'b': 83.11 + break; 83.12 } 83.13 83.14 return ret;
85.1 --- a/xen/drivers/char/console.c Fri Aug 19 10:18:53 2005 +0000 85.2 +++ b/xen/drivers/char/console.c Fri Aug 19 10:50:15 2005 +0000 85.3 @@ -652,8 +652,9 @@ static int __init debugtrace_init(void) 85.4 void panic(const char *fmt, ...) 85.5 { 85.6 va_list args; 85.7 - char buf[128], cpustr[10]; 85.8 + char buf[128]; 85.9 unsigned long flags; 85.10 + static spinlock_t lock = SPIN_LOCK_UNLOCKED; 85.11 extern void machine_restart(char *); 85.12 85.13 debugtrace_dump(); 85.14 @@ -665,16 +666,13 @@ void panic(const char *fmt, ...) 85.15 debugger_trap_immediate(); 85.16 85.17 /* Spit out multiline message in one go. */ 85.18 - spin_lock_irqsave(&console_lock, flags); 85.19 - __putstr("\n****************************************\n"); 85.20 - __putstr("Panic on CPU"); 85.21 - sprintf(cpustr, "%d", smp_processor_id()); 85.22 - __putstr(cpustr); 85.23 - __putstr(":\n"); 85.24 - __putstr(buf); 85.25 - __putstr("****************************************\n\n"); 85.26 - __putstr("Reboot in five seconds...\n"); 85.27 - spin_unlock_irqrestore(&console_lock, flags); 85.28 + spin_lock_irqsave(&lock, flags); 85.29 + printk("\n****************************************\n"); 85.30 + printk("Panic on CPU %d:\n", smp_processor_id()); 85.31 + printk(buf); 85.32 + printk("****************************************\n\n"); 85.33 + printk("Reboot in five seconds...\n"); 85.34 + spin_unlock_irqrestore(&lock, flags); 85.35 85.36 watchdog_disable(); 85.37 mdelay(5000);
86.1 --- a/xen/include/asm-x86/e820.h Fri Aug 19 10:18:53 2005 +0000 86.2 +++ b/xen/include/asm-x86/e820.h Fri Aug 19 10:50:15 2005 +0000 86.3 @@ -3,7 +3,7 @@ 86.4 86.5 #include <asm/page.h> 86.6 86.7 -#define E820MAX 32 86.8 +#define E820MAX 128 86.9 86.10 #define E820_RAM 1 86.11 #define E820_RESERVED 2
87.1 --- a/xen/include/asm-x86/uaccess.h Fri Aug 19 10:18:53 2005 +0000 87.2 +++ b/xen/include/asm-x86/uaccess.h Fri Aug 19 10:50:15 2005 +0000 87.3 @@ -125,22 +125,20 @@ extern void __put_user_bad(void); 87.4 __pu_err; \ 87.5 }) 87.6 87.7 -#define __get_user_nocheck(x,ptr,size) \ 87.8 -({ \ 87.9 - long __gu_err, __gu_val; \ 87.10 - __get_user_size(__gu_val,(ptr),(size),__gu_err,-EFAULT);\ 87.11 - (x) = (__typeof__(*(ptr)))__gu_val; \ 87.12 - __gu_err; \ 87.13 +#define __get_user_nocheck(x,ptr,size) \ 87.14 +({ \ 87.15 + long __gu_err; \ 87.16 + __get_user_size((x),(ptr),(size),__gu_err,-EFAULT); \ 87.17 + __gu_err; \ 87.18 }) 87.19 87.20 -#define __get_user_check(x,ptr,size) \ 87.21 -({ \ 87.22 - long __gu_err, __gu_val; \ 87.23 - __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ 87.24 - __get_user_size(__gu_val,__gu_addr,(size),__gu_err,-EFAULT); \ 87.25 - (x) = (__typeof__(*(ptr)))__gu_val; \ 87.26 - if (!__addr_ok(__gu_addr)) __gu_err = -EFAULT; \ 87.27 - __gu_err; \ 87.28 +#define __get_user_check(x,ptr,size) \ 87.29 +({ \ 87.30 + long __gu_err; \ 87.31 + __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ 87.32 + __get_user_size((x),__gu_addr,(size),__gu_err,-EFAULT); \ 87.33 + if (!__addr_ok(__gu_addr)) __gu_err = -EFAULT; \ 87.34 + __gu_err; \ 87.35 }) 87.36 87.37 struct __large_struct { unsigned long buf[100]; };