xen-vtx-unstable
changeset 5546:76346519b28e
bitkeeper revision 1.1728 (42ba7c8fYqjC4xLUEtbo7JJInxdnqA)
Merge firebug.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into firebug.cl.cam.ac.uk:/local/scratch/cl349/xen-unstable.bk
Merge firebug.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into firebug.cl.cam.ac.uk:/local/scratch/cl349/xen-unstable.bk
| author | cl349@firebug.cl.cam.ac.uk |
|---|---|
| date | Thu Jun 23 09:10:39 2005 +0000 (2005-06-23) |
| parents | f10eeee5e6e8 76f16636bbb5 |
| children | 84b9630129d7 |
| files | .rootkeys BitKeeper/etc/ignore tools/libxc/xc.h tools/libxc/xc_domain.c tools/libxc/xc_evtchn.c tools/libxc/xc_gnttab.c tools/libxc/xc_misc.c tools/libxc/xc_private.c tools/libxc/xc_private.h tools/policy/policy_tool.c tools/python/xen/xm/create.py xen/Makefile xen/Rules.mk xen/arch/x86/mm.c xen/arch/x86/setup.c xen/common/policy_ops.c xen/include/acm/acm_hooks.h xen/include/asm-x86/page.h xen/include/asm-x86/x86_32/page-2level.h xen/include/asm-x86/x86_32/page-3level.h xen/include/asm-x86/x86_32/page.h xen/include/public/acm_dom0_setup.h |
line diff
1.1 --- a/.rootkeys Tue Jun 21 11:09:54 2005 +0000 1.2 +++ b/.rootkeys Thu Jun 23 09:10:39 2005 +0000 1.3 @@ -1513,7 +1513,6 @@ 404f1bc4tWkB9Qr8RkKtZGW5eMQzhw xen/inclu 1.4 422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h 1.5 400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING 1.6 42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h 1.7 -42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h 1.8 421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h 1.9 404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h 1.10 404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h
3.1 --- a/tools/libxc/xc.h Tue Jun 21 11:09:54 2005 +0000 3.2 +++ b/tools/libxc/xc.h Thu Jun 23 09:10:39 2005 +0000 3.3 @@ -25,6 +25,7 @@ typedef int64_t s64; 3.4 #include <xen/dom0_ops.h> 3.5 #include <xen/event_channel.h> 3.6 #include <xen/sched_ctl.h> 3.7 +#include <xen/acm.h> 3.8 3.9 /* 3.10 * DEFINITIONS FOR CPU BARRIERS
4.1 --- a/tools/libxc/xc_domain.c Tue Jun 21 11:09:54 2005 +0000 4.2 +++ b/tools/libxc/xc_domain.c Thu Jun 23 09:10:39 2005 +0000 4.3 @@ -128,7 +128,7 @@ int xc_domain_get_vcpu_context(int xc_ha 4.4 u32 vcpu, 4.5 vcpu_guest_context_t *ctxt) 4.6 { 4.7 - int rc, errno_saved; 4.8 + int rc; 4.9 dom0_op_t op; 4.10 4.11 op.cmd = DOM0_GETVCPUCONTEXT; 4.12 @@ -143,11 +143,7 @@ int xc_domain_get_vcpu_context(int xc_ha 4.13 rc = do_dom0_op(xc_handle, &op); 4.14 4.15 if ( ctxt != NULL ) 4.16 - { 4.17 - errno_saved = errno; 4.18 - (void)munlock(ctxt, sizeof(*ctxt)); 4.19 - errno = errno_saved; 4.20 - } 4.21 + safe_munlock(ctxt, sizeof(*ctxt)); 4.22 4.23 if ( rc > 0 ) 4.24 return -ESRCH;
5.1 --- a/tools/libxc/xc_evtchn.c Tue Jun 21 11:09:54 2005 +0000 5.2 +++ b/tools/libxc/xc_evtchn.c Thu Jun 23 09:10:39 2005 +0000 5.3 @@ -26,7 +26,7 @@ static int do_evtchn_op(int xc_handle, e 5.4 if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0) 5.5 ERROR("do_evtchn_op: HYPERVISOR_event_channel_op failed: %d", ret); 5.6 5.7 - (void)munlock(op, sizeof(*op)); 5.8 + safe_munlock(op, sizeof(*op)); 5.9 out: 5.10 return ret; 5.11 }
6.1 --- a/tools/libxc/xc_gnttab.c Tue Jun 21 11:09:54 2005 +0000 6.2 +++ b/tools/libxc/xc_gnttab.c Thu Jun 23 09:10:39 2005 +0000 6.3 @@ -33,7 +33,7 @@ do_gnttab_op( int xc_handle, 6.4 if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 ) 6.5 ERROR("do_gnttab_op: HYPERVISOR_grant_table_op failed: %d", ret); 6.6 6.7 - (void)munlock(op, sizeof(*op)); 6.8 + safe_munlock(op, sizeof(*op)); 6.9 out: 6.10 return ret; 6.11 }
7.1 --- a/tools/libxc/xc_misc.c Tue Jun 21 11:09:54 2005 +0000 7.2 +++ b/tools/libxc/xc_misc.c Thu Jun 23 09:10:39 2005 +0000 7.3 @@ -43,7 +43,7 @@ int xc_readconsolering(int xc_handle, 7.4 *pnr_chars = op.u.readconsole.count; 7.5 } 7.6 7.7 - (void)munlock(buffer, nr_chars); 7.8 + safe_munlock(buffer, nr_chars); 7.9 7.10 return ret; 7.11 }
8.1 --- a/tools/libxc/xc_private.c Tue Jun 21 11:09:54 2005 +0000 8.2 +++ b/tools/libxc/xc_private.c Thu Jun 23 09:10:39 2005 +0000 8.3 @@ -22,8 +22,10 @@ void *xc_map_foreign_batch(int xc_handle 8.4 ioctlx.arr=arr; 8.5 if ( ioctl( xc_handle, IOCTL_PRIVCMD_MMAPBATCH, &ioctlx ) < 0 ) 8.6 { 8.7 + int saved_errno = errno; 8.8 perror("XXXXXXXX"); 8.9 - munmap(addr, num*PAGE_SIZE); 8.10 + (void)munmap(addr, num*PAGE_SIZE); 8.11 + errno = saved_errno; 8.12 return NULL; 8.13 } 8.14 return addr; 8.15 @@ -51,7 +53,9 @@ void *xc_map_foreign_range(int xc_handle 8.16 entry.npages=(size+PAGE_SIZE-1)>>PAGE_SHIFT; 8.17 if ( ioctl( xc_handle, IOCTL_PRIVCMD_MMAP, &ioctlx ) < 0 ) 8.18 { 8.19 - munmap(addr, size); 8.20 + int saved_errno = errno; 8.21 + (void)munmap(addr, size); 8.22 + errno = saved_errno; 8.23 return NULL; 8.24 } 8.25 return addr; 8.26 @@ -134,8 +138,8 @@ static int flush_mmu_updates(int xc_hand 8.27 } 8.28 8.29 mmu->idx = 0; 8.30 - 8.31 - (void)munlock(mmu->updates, sizeof(mmu->updates)); 8.32 + 8.33 + safe_munlock(mmu->updates, sizeof(mmu->updates)); 8.34 8.35 out: 8.36 return err; 8.37 @@ -232,7 +236,7 @@ int xc_get_pfn_list(int xc_handle, 8.38 8.39 ret = do_dom0_op(xc_handle, &op); 8.40 8.41 - (void)munlock(pfn_buf, max_pfns * sizeof(unsigned long)); 8.42 + safe_munlock(pfn_buf, max_pfns * sizeof(unsigned long)); 8.43 8.44 #if 0 8.45 #ifdef DEBUG
9.1 --- a/tools/libxc/xc_private.h Tue Jun 21 11:09:54 2005 +0000 9.2 +++ b/tools/libxc/xc_private.h Thu Jun 23 09:10:39 2005 +0000 9.3 @@ -101,12 +101,28 @@ struct load_funcs 9.4 loadimagefunc loadimage; 9.5 }; 9.6 9.7 -#define ERROR(_m, _a...) \ 9.8 - fprintf(stderr, "ERROR: " _m "\n" , ## _a ) 9.9 +#define ERROR(_m, _a...) \ 9.10 +do { \ 9.11 + int __saved_errno = errno; \ 9.12 + fprintf(stderr, "ERROR: " _m "\n" , ## _a ); \ 9.13 + errno = __saved_errno; \ 9.14 +} while (0) 9.15 + 9.16 9.17 -#define PERROR(_m, _a...) \ 9.18 - fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ 9.19 - errno, strerror(errno)) 9.20 +#define PERROR(_m, _a...) \ 9.21 +do { \ 9.22 + int __saved_errno = errno; \ 9.23 + fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ 9.24 + __saved_errno, strerror(__saved_errno)); \ 9.25 + errno = __saved_errno; \ 9.26 +} while (0) 9.27 + 9.28 +static inline void safe_munlock(const void *addr, size_t len) 9.29 +{ 9.30 + int saved_errno = errno; 9.31 + (void)munlock(addr, len); 9.32 + errno = saved_errno; 9.33 +} 9.34 9.35 static inline int do_privcmd(int xc_handle, 9.36 unsigned int cmd, 9.37 @@ -125,7 +141,7 @@ static inline int do_xen_hypercall(int x 9.38 9.39 static inline int do_dom0_op(int xc_handle, dom0_op_t *op) 9.40 { 9.41 - int ret = -1, errno_saved; 9.42 + int ret = -1; 9.43 privcmd_hypercall_t hypercall; 9.44 9.45 op->interface_version = DOM0_INTERFACE_VERSION; 9.46 @@ -146,9 +162,7 @@ static inline int do_dom0_op(int xc_hand 9.47 " rebuild the user-space tool set?\n"); 9.48 } 9.49 9.50 - errno_saved = errno; 9.51 - (void)munlock(op, sizeof(*op)); 9.52 - errno = errno_saved; 9.53 + safe_munlock(op, sizeof(*op)); 9.54 9.55 out1: 9.56 return ret; 9.57 @@ -163,7 +177,6 @@ static inline int do_dom_mem_op(int 9.58 { 9.59 privcmd_hypercall_t hypercall; 9.60 long ret = -EINVAL; 9.61 - int errno_saved; 9.62 9.63 hypercall.op = __HYPERVISOR_dom_mem_op; 9.64 hypercall.arg[0] = (unsigned long)memop; 9.65 @@ -186,11 +199,7 @@ static inline int do_dom_mem_op(int 9.66 } 9.67 9.68 if ( extent_list != NULL ) 9.69 - { 9.70 - errno_saved = errno; 9.71 - (void)munlock(extent_list, nr_extents*sizeof(unsigned long)); 9.72 - errno = errno_saved; 9.73 - } 9.74 + safe_munlock(extent_list, nr_extents*sizeof(unsigned long)); 9.75 9.76 out1: 9.77 return ret; 9.78 @@ -204,7 +213,6 @@ static inline int do_mmuext_op( 9.79 { 9.80 privcmd_hypercall_t hypercall; 9.81 long ret = -EINVAL; 9.82 - int errno_saved; 9.83 9.84 hypercall.op = __HYPERVISOR_mmuext_op; 9.85 hypercall.arg[0] = (unsigned long)op; 9.86 @@ -224,9 +232,7 @@ static inline int do_mmuext_op( 9.87 " rebuild the user-space tool set?\n",ret,errno); 9.88 } 9.89 9.90 - errno_saved = errno; 9.91 - (void)munlock(op, nr_ops*sizeof(*op)); 9.92 - errno = errno_saved; 9.93 + safe_munlock(op, nr_ops*sizeof(*op)); 9.94 9.95 out1: 9.96 return ret;
10.1 --- a/tools/policy/policy_tool.c Tue Jun 21 11:09:54 2005 +0000 10.2 +++ b/tools/policy/policy_tool.c Thu Jun 23 09:10:39 2005 +0000 10.3 @@ -14,7 +14,7 @@ 10.4 * 10.5 * sHype policy management tool. This code runs in a domain and 10.6 * manages the Xen security policy by interacting with the 10.7 - * Xen access control module via a /proc/xen/policycmd proc-ioctl, 10.8 + * Xen access control module via a /proc/xen/privcmd proc-ioctl, 10.9 * which is translated into a policy_op hypercall into Xen. 10.10 * 10.11 * todo: implement setpolicy to dynamically set a policy cache. 10.12 @@ -229,7 +229,6 @@ void acm_dump_policy_buffer(void *buf, i 10.13 default: 10.14 printf("UNKNOWN POLICY!\n"); 10.15 } 10.16 - printf("\nPolicy dump End.\n\n"); 10.17 } 10.18 10.19 /*************************** set policy ****************************/ 10.20 @@ -519,39 +518,35 @@ usage(char *progname){ 10.21 int 10.22 main(int argc, char **argv) { 10.23 10.24 - int policycmd_fd; 10.25 + int policycmd_fd, ret; 10.26 10.27 - if (argc < 2) 10.28 + if (argc < 2) 10.29 usage(argv[0]); 10.30 10.31 if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { 10.32 - printf("ERROR: Could not open xen policycmd device!\n"); 10.33 + printf("ERROR: Could not open xen privcmd device!\n"); 10.34 exit(-1); 10.35 } 10.36 10.37 if (!strcmp(argv[1], "setpolicy")) { 10.38 if (argc != 2) 10.39 usage(argv[0]); 10.40 - acm_domain_setpolicy(policycmd_fd); 10.41 - 10.42 + ret = acm_domain_setpolicy(policycmd_fd); 10.43 } else if (!strcmp(argv[1], "getpolicy")) { 10.44 if (argc != 2) 10.45 usage(argv[0]); 10.46 - acm_domain_getpolicy(policycmd_fd); 10.47 - 10.48 + ret = acm_domain_getpolicy(policycmd_fd); 10.49 } else if (!strcmp(argv[1], "loadpolicy")) { 10.50 if (argc != 3) 10.51 usage(argv[0]); 10.52 - acm_domain_loadpolicy(policycmd_fd, argv[2]); 10.53 - 10.54 + ret = acm_domain_loadpolicy(policycmd_fd, argv[2]); 10.55 } else if (!strcmp(argv[1], "dumpstats")) { 10.56 if (argc != 2) 10.57 usage(argv[0]); 10.58 - acm_domain_dumpstats(policycmd_fd); 10.59 - 10.60 + ret = acm_domain_dumpstats(policycmd_fd); 10.61 } else 10.62 usage(argv[0]); 10.63 10.64 close(policycmd_fd); 10.65 - return 0; 10.66 + return ret; 10.67 }
11.1 --- a/tools/python/xen/xm/create.py Tue Jun 21 11:09:54 2005 +0000 11.2 +++ b/tools/python/xen/xm/create.py Thu Jun 23 09:10:39 2005 +0000 11.3 @@ -121,7 +121,7 @@ gopts.var('memory', val='MEMORY', 11.4 use="Domain memory in MB.") 11.5 11.6 gopts.var('ssidref', val='SSIDREF', 11.7 - fn=set_u32, default=0xffffffff, 11.8 + fn=set_u32, default=-1, 11.9 use="Security Identifier.") 11.10 11.11 gopts.var('maxmem', val='MEMORY',
12.1 --- a/xen/Makefile Tue Jun 21 11:09:54 2005 +0000 12.2 +++ b/xen/Makefile Thu Jun 23 09:10:39 2005 +0000 12.3 @@ -59,7 +59,9 @@ clean: delete-unfresh-files 12.4 $(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h 12.5 $(MAKE) -C common 12.6 $(MAKE) -C drivers 12.7 +ifdef ACM_USE_SECURITY_POLICY 12.8 $(MAKE) -C acm 12.9 +endif 12.10 $(MAKE) -C arch/$(TARGET_ARCH) 12.11 12.12 # drivers/char/console.o may contain static banner/compile info. Blow it away.
13.1 --- a/xen/Rules.mk Tue Jun 21 11:09:54 2005 +0000 13.2 +++ b/xen/Rules.mk Thu Jun 23 09:10:39 2005 +0000 13.3 @@ -35,7 +35,9 @@ OBJS += $(patsubst %.c,%.o,$(C_SRCS)) 13.4 ALL_OBJS := $(BASEDIR)/common/common.o 13.5 ALL_OBJS += $(BASEDIR)/drivers/char/driver.o 13.6 ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o 13.7 +ifdef ACM_USE_SECURITY_POLICY 13.8 ALL_OBJS += $(BASEDIR)/acm/acm.o 13.9 +endif 13.10 ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o 13.11 13.12
14.1 --- a/xen/arch/x86/mm.c Tue Jun 21 11:09:54 2005 +0000 14.2 +++ b/xen/arch/x86/mm.c Thu Jun 23 09:10:39 2005 +0000 14.3 @@ -753,7 +753,7 @@ static inline int l1_backptr( 14.4 #else 14.5 # define create_pae_xen_mappings(pl3e) (1) 14.6 # define l1_backptr(bp,l2o,l2t) \ 14.7 - ({ *(bp) = (l2o) << L2_PAGETABLE_SHIFT; 1; }) 14.8 + ({ *(bp) = (unsigned long)(l2o) << L2_PAGETABLE_SHIFT; 1; }) 14.9 #endif 14.10 14.11 static int alloc_l2_table(struct pfn_info *page, unsigned int type) 14.12 @@ -821,7 +821,7 @@ static int alloc_l3_table(struct pfn_inf 14.13 pl3e = map_domain_page(pfn); 14.14 for ( i = 0; i < L3_PAGETABLE_ENTRIES; i++ ) 14.15 { 14.16 - vaddr = i << L3_PAGETABLE_SHIFT; 14.17 + vaddr = (unsigned long)i << L3_PAGETABLE_SHIFT; 14.18 if ( is_guest_l3_slot(i) && 14.19 unlikely(!get_page_from_l3e(pl3e[i], pfn, d, vaddr)) ) 14.20 goto fail; 14.21 @@ -2793,12 +2793,24 @@ static int ptwr_emulated_cmpxchg( 14.22 return ptwr_emulated_update(addr, old, new, bytes, 1); 14.23 } 14.24 14.25 +static int ptwr_emulated_cmpxchg8b( 14.26 + unsigned long addr, 14.27 + unsigned long old, 14.28 + unsigned long old_hi, 14.29 + unsigned long new, 14.30 + unsigned long new_hi) 14.31 +{ 14.32 + return ptwr_emulated_update( 14.33 + addr, ((u64)old_hi << 32) | old, ((u64)new_hi << 32) | new, 8, 1); 14.34 +} 14.35 + 14.36 static struct x86_mem_emulator ptwr_mem_emulator = { 14.37 - .read_std = x86_emulate_read_std, 14.38 - .write_std = x86_emulate_write_std, 14.39 - .read_emulated = x86_emulate_read_std, 14.40 - .write_emulated = ptwr_emulated_write, 14.41 - .cmpxchg_emulated = ptwr_emulated_cmpxchg 14.42 + .read_std = x86_emulate_read_std, 14.43 + .write_std = x86_emulate_write_std, 14.44 + .read_emulated = x86_emulate_read_std, 14.45 + .write_emulated = ptwr_emulated_write, 14.46 + .cmpxchg_emulated = ptwr_emulated_cmpxchg, 14.47 + .cmpxchg8b_emulated = ptwr_emulated_cmpxchg8b 14.48 }; 14.49 14.50 /* Write page fault handler: check if guest is trying to modify a PTE. */
15.1 --- a/xen/arch/x86/setup.c Tue Jun 21 11:09:54 2005 +0000 15.2 +++ b/xen/arch/x86/setup.c Thu Jun 23 09:10:39 2005 +0000 15.3 @@ -20,7 +20,7 @@ 15.4 #include <asm/desc.h> 15.5 #include <asm/shadow.h> 15.6 #include <asm/e820.h> 15.7 -#include <public/acm_dom0_setup.h> 15.8 +#include <acm/acm_hooks.h> 15.9 15.10 extern void dmi_scan_machine(void); 15.11 extern void generic_apic_probe(void); 15.12 @@ -188,7 +188,7 @@ static void __init start_of_day(void) 15.13 15.14 arch_init_memory(); 15.15 15.16 - scheduler_init(); 15.17 + scheduler_init(); 15.18 15.19 identify_cpu(&boot_cpu_data); 15.20 if ( cpu_has_fxsr ) 15.21 @@ -262,7 +262,8 @@ void __init __start_xen(multiboot_info_t 15.22 /* Check that we have at least one Multiboot module. */ 15.23 if ( !(mbi->flags & MBI_MODULES) || (mbi->mods_count == 0) ) 15.24 { 15.25 - printk("FATAL ERROR: Require at least one Multiboot module.\n"); 15.26 + printk("FATAL ERROR: dom0 kernel not specified." 15.27 + " Check bootloader configuration.\n"); 15.28 EARLY_FAIL(); 15.29 } 15.30 15.31 @@ -383,8 +384,8 @@ void __init __start_xen(multiboot_info_t 15.32 15.33 init_xenheap_pages(xenheap_phys_start, xenheap_phys_end); 15.34 printk("Xen heap: %luMB (%lukB)\n", 15.35 - (xenheap_phys_end-xenheap_phys_start) >> 20, 15.36 - (xenheap_phys_end-xenheap_phys_start) >> 10); 15.37 + (xenheap_phys_end-xenheap_phys_start) >> 20, 15.38 + (xenheap_phys_end-xenheap_phys_start) >> 10); 15.39 15.40 early_boot = 0; 15.41
16.1 --- a/xen/common/policy_ops.c Tue Jun 21 11:09:54 2005 +0000 16.2 +++ b/xen/common/policy_ops.c Thu Jun 23 09:10:39 2005 +0000 16.3 @@ -1,5 +1,5 @@ 16.4 /****************************************************************************** 16.5 - *policy_ops.c 16.6 + * policy_ops.c 16.7 * 16.8 * Copyright (C) 2005 IBM Corporation 16.9 * 16.10 @@ -14,6 +14,7 @@ 16.11 * Process policy command requests from guest OS. 16.12 * 16.13 */ 16.14 + 16.15 #include <xen/config.h> 16.16 #include <xen/types.h> 16.17 #include <xen/lib.h> 16.18 @@ -27,29 +28,39 @@ 16.19 #include <public/sched_ctl.h> 16.20 #include <acm/acm_hooks.h> 16.21 16.22 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 16.23 + 16.24 +long do_policy_op(policy_op_t *u_policy_op) 16.25 +{ 16.26 + return -ENOSYS; 16.27 +} 16.28 + 16.29 +#else 16.30 + 16.31 /* function prototypes defined in acm/acm_policy.c */ 16.32 int acm_set_policy(void *buf, u16 buf_size, u16 policy); 16.33 int acm_get_policy(void *buf, u16 buf_size); 16.34 int acm_dump_statistics(void *buf, u16 buf_size); 16.35 16.36 typedef enum policyoperation { 16.37 - POLICY, /* access to policy interface (early drop) */ 16.38 - GETPOLICY, /* dump policy cache */ 16.39 - SETPOLICY, /* set policy cache (controls security) */ 16.40 - DUMPSTATS /* dump policy statistics */ 16.41 + POLICY, /* access to policy interface (early drop) */ 16.42 + GETPOLICY, /* dump policy cache */ 16.43 + SETPOLICY, /* set policy cache (controls security) */ 16.44 + DUMPSTATS /* dump policy statistics */ 16.45 } policyoperation_t; 16.46 16.47 int 16.48 acm_authorize_policyops(struct domain *d, policyoperation_t pops) 16.49 { 16.50 - /* currently, all policy management functions are restricted to privileged domains, 16.51 - * soon we will introduce finer-grained privileges for policy operations 16.52 - */ 16.53 - if (!IS_PRIV(d)) { 16.54 - printk("%s: Policy management authorization denied ERROR!\n", __func__); 16.55 - return ACM_ACCESS_DENIED; 16.56 - } 16.57 - return ACM_ACCESS_PERMITTED; 16.58 + /* all policy management functions are restricted to privileged domains, 16.59 + * soon we will introduce finer-grained privileges for policy operations 16.60 + */ 16.61 + if (!IS_PRIV(d)) { 16.62 + printk("%s: Policy management authorization denied ERROR!\n", 16.63 + __func__); 16.64 + return ACM_ACCESS_DENIED; 16.65 + } 16.66 + return ACM_ACCESS_PERMITTED; 16.67 } 16.68 16.69 long do_policy_op(policy_op_t *u_policy_op) 16.70 @@ -60,7 +71,7 @@ long do_policy_op(policy_op_t *u_policy_ 16.71 /* check here policy decision for policy commands */ 16.72 /* for now allow DOM0 only, later indepedently */ 16.73 if (acm_authorize_policyops(current->domain, POLICY)) 16.74 - return -EACCES; 16.75 + return -EACCES; 16.76 16.77 if ( copy_from_user(op, u_policy_op, sizeof(*op)) ) 16.78 return -EFAULT; 16.79 @@ -73,9 +84,12 @@ long do_policy_op(policy_op_t *u_policy_ 16.80 case POLICY_SETPOLICY: 16.81 { 16.82 if (acm_authorize_policyops(current->domain, SETPOLICY)) 16.83 - return -EACCES; 16.84 - printkd("%s: setting policy.\n", __func__); 16.85 - ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type); 16.86 + return -EACCES; 16.87 + printkd("%s: setting policy.\n", __func__); 16.88 + ret = acm_set_policy( 16.89 + op->u.setpolicy.pushcache, 16.90 + op->u.setpolicy.pushcache_size, 16.91 + op->u.setpolicy.policy_type); 16.92 if (ret == ACM_OK) 16.93 ret = 0; 16.94 else 16.95 @@ -86,9 +100,11 @@ long do_policy_op(policy_op_t *u_policy_ 16.96 case POLICY_GETPOLICY: 16.97 { 16.98 if (acm_authorize_policyops(current->domain, GETPOLICY)) 16.99 - return -EACCES; 16.100 + return -EACCES; 16.101 printkd("%s: getting policy.\n", __func__); 16.102 - ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size); 16.103 + ret = acm_get_policy( 16.104 + op->u.getpolicy.pullcache, 16.105 + op->u.getpolicy.pullcache_size); 16.106 if (ret == ACM_OK) 16.107 ret = 0; 16.108 else 16.109 @@ -99,9 +115,11 @@ long do_policy_op(policy_op_t *u_policy_ 16.110 case POLICY_DUMPSTATS: 16.111 { 16.112 if (acm_authorize_policyops(current->domain, DUMPSTATS)) 16.113 - return -EACCES; 16.114 - printkd("%s: dumping statistics.\n", __func__); 16.115 - ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size); 16.116 + return -EACCES; 16.117 + printkd("%s: dumping statistics.\n", __func__); 16.118 + ret = acm_dump_statistics( 16.119 + op->u.dumpstats.pullcache, 16.120 + op->u.dumpstats.pullcache_size); 16.121 if (ret == ACM_OK) 16.122 ret = 0; 16.123 else 16.124 @@ -115,3 +133,5 @@ long do_policy_op(policy_op_t *u_policy_ 16.125 } 16.126 return ret; 16.127 } 16.128 + 16.129 +#endif
17.1 --- a/xen/include/acm/acm_hooks.h Tue Jun 21 11:09:54 2005 +0000 17.2 +++ b/xen/include/acm/acm_hooks.h Thu Jun 23 09:10:39 2005 +0000 17.3 @@ -30,21 +30,42 @@ 17.4 #include <public/event_channel.h> 17.5 #include <asm/current.h> 17.6 17.7 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 17.8 + 17.9 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 17.10 +{ return 0; } 17.11 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 17.12 +{ return; } 17.13 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 17.14 +{ return; } 17.15 +static inline int acm_pre_event_channel(evtchn_op_t *op) 17.16 +{ return 0; } 17.17 +static inline int acm_pre_grant_map_ref(domid_t id) 17.18 +{ return 0; } 17.19 +static inline int acm_pre_grant_setup(domid_t id) 17.20 +{ return 0; } 17.21 +static inline int acm_init(void) 17.22 +{ return 0; } 17.23 +static inline void acm_post_domain0_create(domid_t domid) 17.24 +{ return; } 17.25 + 17.26 +#else 17.27 + 17.28 /* if ACM_TRACE_MODE defined, all hooks should 17.29 * print a short trace message */ 17.30 /* #define ACM_TRACE_MODE */ 17.31 17.32 #ifdef ACM_TRACE_MODE 17.33 -# define traceprintk(fmt, args...) printk(fmt,## args) 17.34 +# define traceprintk(fmt, args...) printk(fmt,## args) 17.35 #else 17.36 -# define traceprintk(fmt, args...) 17.37 +# define traceprintk(fmt, args...) 17.38 #endif 17.39 17.40 /* global variables */ 17.41 extern struct acm_operations *acm_primary_ops; 17.42 extern struct acm_operations *acm_secondary_ops; 17.43 17.44 -/********************************************************************************************** 17.45 +/********************************************************************* 17.46 * HOOK structure and meaning (justifies a few words about our model): 17.47 * 17.48 * General idea: every policy-controlled system operation is reflected in a 17.49 @@ -60,7 +81,8 @@ extern struct acm_operations *acm_second 17.50 * ====================== 17.51 * PRE-Hooks 17.52 * a) general authorization to guard a controlled system operation 17.53 - * b) prepare security state change (means: fail hook must be able to "undo" this) 17.54 + * b) prepare security state change 17.55 + * (means: fail hook must be able to "undo" this) 17.56 * 17.57 * POST-Hooks 17.58 * a) commit prepared state change 17.59 @@ -100,238 +122,228 @@ extern struct acm_operations *acm_second 17.60 * \ 17.61 * sys-ops error 17.62 * 17.63 - *************************************************************************************************/ 17.64 + ********************************************************************/ 17.65 17.66 struct acm_operations { 17.67 - /* policy management functions (must always be defined!) */ 17.68 - int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); 17.69 - void (*free_domain_ssid) (void *ssid); 17.70 - int (*dump_binary_policy) (u8 *buffer, u16 buf_size); 17.71 - int (*set_binary_policy) (u8 *buffer, u16 buf_size); 17.72 - int (*dump_statistics) (u8 *buffer, u16 buf_size); 17.73 - /* domain management control hooks (can be NULL) */ 17.74 - int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); 17.75 - void (*post_domain_create) (domid_t domid, ssidref_t ssidref); 17.76 - void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); 17.77 - void (*post_domain_destroy) (void *object_ssid, domid_t id); 17.78 - /* event channel control hooks (can be NULL) */ 17.79 - int (*pre_eventchannel_unbound) (domid_t id); 17.80 - void (*fail_eventchannel_unbound) (domid_t id); 17.81 - int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); 17.82 - int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); 17.83 - /* grant table control hooks (can be NULL) */ 17.84 - int (*pre_grant_map_ref) (domid_t id); 17.85 - void (*fail_grant_map_ref) (domid_t id); 17.86 - int (*pre_grant_setup) (domid_t id); 17.87 - void (*fail_grant_setup) (domid_t id); 17.88 + /* policy management functions (must always be defined!) */ 17.89 + int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); 17.90 + void (*free_domain_ssid) (void *ssid); 17.91 + int (*dump_binary_policy) (u8 *buffer, u16 buf_size); 17.92 + int (*set_binary_policy) (u8 *buffer, u16 buf_size); 17.93 + int (*dump_statistics) (u8 *buffer, u16 buf_size); 17.94 + /* domain management control hooks (can be NULL) */ 17.95 + int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); 17.96 + void (*post_domain_create) (domid_t domid, ssidref_t ssidref); 17.97 + void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); 17.98 + void (*post_domain_destroy) (void *object_ssid, domid_t id); 17.99 + /* event channel control hooks (can be NULL) */ 17.100 + int (*pre_eventchannel_unbound) (domid_t id); 17.101 + void (*fail_eventchannel_unbound) (domid_t id); 17.102 + int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); 17.103 + int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); 17.104 + /* grant table control hooks (can be NULL) */ 17.105 + int (*pre_grant_map_ref) (domid_t id); 17.106 + void (*fail_grant_map_ref) (domid_t id); 17.107 + int (*pre_grant_setup) (domid_t id); 17.108 + void (*fail_grant_setup) (domid_t id); 17.109 }; 17.110 17.111 -static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref) 17.112 +static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref) 17.113 { 17.114 - if ((acm_primary_ops->pre_domain_create != NULL) && 17.115 - acm_primary_ops->pre_domain_create (subject_ssid, ssidref)) 17.116 - return ACM_ACCESS_DENIED; 17.117 - else if ((acm_secondary_ops->pre_domain_create != NULL) && 17.118 - acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) { 17.119 - /* roll-back primary */ 17.120 - if (acm_primary_ops->fail_domain_create != NULL) 17.121 - acm_primary_ops->fail_domain_create (subject_ssid, ssidref); 17.122 - return ACM_ACCESS_DENIED; 17.123 - } else 17.124 - return ACM_ACCESS_PERMITTED; 17.125 + if ((acm_primary_ops->pre_domain_create != NULL) && 17.126 + acm_primary_ops->pre_domain_create(subject_ssid, ssidref)) 17.127 + return ACM_ACCESS_DENIED; 17.128 + else if ((acm_secondary_ops->pre_domain_create != NULL) && 17.129 + acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) { 17.130 + /* roll-back primary */ 17.131 + if (acm_primary_ops->fail_domain_create != NULL) 17.132 + acm_primary_ops->fail_domain_create(subject_ssid, ssidref); 17.133 + return ACM_ACCESS_DENIED; 17.134 + } else 17.135 + return ACM_ACCESS_PERMITTED; 17.136 } 17.137 17.138 -static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref) 17.139 +static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref) 17.140 { 17.141 - if (acm_primary_ops->post_domain_create != NULL) 17.142 - acm_primary_ops->post_domain_create (domid, ssidref); 17.143 - if (acm_secondary_ops->post_domain_create != NULL) 17.144 - acm_secondary_ops->post_domain_create (domid, ssidref); 17.145 + if (acm_primary_ops->post_domain_create != NULL) 17.146 + acm_primary_ops->post_domain_create(domid, ssidref); 17.147 + if (acm_secondary_ops->post_domain_create != NULL) 17.148 + acm_secondary_ops->post_domain_create(domid, ssidref); 17.149 } 17.150 17.151 -static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref) 17.152 +static inline void acm_fail_domain_create( 17.153 + void *subject_ssid, ssidref_t ssidref) 17.154 { 17.155 - if (acm_primary_ops->fail_domain_create != NULL) 17.156 - acm_primary_ops->fail_domain_create (subject_ssid, ssidref); 17.157 - if (acm_secondary_ops->fail_domain_create != NULL) 17.158 - acm_secondary_ops->fail_domain_create (subject_ssid, ssidref); 17.159 + if (acm_primary_ops->fail_domain_create != NULL) 17.160 + acm_primary_ops->fail_domain_create(subject_ssid, ssidref); 17.161 + if (acm_secondary_ops->fail_domain_create != NULL) 17.162 + acm_secondary_ops->fail_domain_create(subject_ssid, ssidref); 17.163 } 17.164 17.165 -static inline void acm_post_domain_destroy (void *object_ssid, domid_t id) 17.166 +static inline void acm_post_domain_destroy(void *object_ssid, domid_t id) 17.167 { 17.168 - if (acm_primary_ops->post_domain_destroy != NULL) 17.169 - acm_primary_ops->post_domain_destroy (object_ssid, id); 17.170 - if (acm_secondary_ops->post_domain_destroy != NULL) 17.171 - acm_secondary_ops->post_domain_destroy (object_ssid, id); 17.172 - return; 17.173 + if (acm_primary_ops->post_domain_destroy != NULL) 17.174 + acm_primary_ops->post_domain_destroy(object_ssid, id); 17.175 + if (acm_secondary_ops->post_domain_destroy != NULL) 17.176 + acm_secondary_ops->post_domain_destroy(object_ssid, id); 17.177 + return; 17.178 } 17.179 17.180 -/* event channel ops */ 17.181 - 17.182 -static inline int acm_pre_eventchannel_unbound (domid_t id) 17.183 +static inline int acm_pre_eventchannel_unbound(domid_t id) 17.184 { 17.185 - if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 17.186 - acm_primary_ops->pre_eventchannel_unbound (id)) 17.187 - return ACM_ACCESS_DENIED; 17.188 - else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 17.189 - acm_secondary_ops->pre_eventchannel_unbound (id)) { 17.190 - /* roll-back primary */ 17.191 - if (acm_primary_ops->fail_eventchannel_unbound != NULL) 17.192 - acm_primary_ops->fail_eventchannel_unbound (id); 17.193 - return ACM_ACCESS_DENIED; 17.194 - } else 17.195 - return ACM_ACCESS_PERMITTED; 17.196 + if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 17.197 + acm_primary_ops->pre_eventchannel_unbound(id)) 17.198 + return ACM_ACCESS_DENIED; 17.199 + else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 17.200 + acm_secondary_ops->pre_eventchannel_unbound(id)) { 17.201 + /* roll-back primary */ 17.202 + if (acm_primary_ops->fail_eventchannel_unbound != NULL) 17.203 + acm_primary_ops->fail_eventchannel_unbound(id); 17.204 + return ACM_ACCESS_DENIED; 17.205 + } else 17.206 + return ACM_ACCESS_PERMITTED; 17.207 } 17.208 17.209 -static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2) 17.210 -{ 17.211 - if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && 17.212 - acm_primary_ops->pre_eventchannel_interdomain (id1, id2)) 17.213 - return ACM_ACCESS_DENIED; 17.214 - else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && 17.215 - acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) { 17.216 - /* roll-back primary */ 17.217 - if (acm_primary_ops->fail_eventchannel_interdomain != NULL) 17.218 - acm_primary_ops->fail_eventchannel_interdomain (id1, id2); 17.219 - return ACM_ACCESS_DENIED; 17.220 - } else 17.221 - return ACM_ACCESS_PERMITTED; 17.222 +static inline int acm_pre_eventchannel_interdomain(domid_t id1, domid_t id2) 17.223 +{ 17.224 + if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && 17.225 + acm_primary_ops->pre_eventchannel_interdomain(id1, id2)) 17.226 + return ACM_ACCESS_DENIED; 17.227 + else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && 17.228 + acm_secondary_ops->pre_eventchannel_interdomain(id1, id2)) { 17.229 + /* roll-back primary */ 17.230 + if (acm_primary_ops->fail_eventchannel_interdomain != NULL) 17.231 + acm_primary_ops->fail_eventchannel_interdomain(id1, id2); 17.232 + return ACM_ACCESS_DENIED; 17.233 + } else 17.234 + return ACM_ACCESS_PERMITTED; 17.235 } 17.236 17.237 -/************ Xen inline hooks ***************/ 17.238 - 17.239 -/* small macro to make the hooks more readable 17.240 - * (eliminates hooks if NULL policy is active) 17.241 - */ 17.242 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 17.243 -static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 17.244 -{ return 0; } 17.245 -#else 17.246 static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 17.247 { 17.248 - int ret = -EACCES; 17.249 - struct domain *d; 17.250 + int ret = -EACCES; 17.251 + struct domain *d; 17.252 17.253 - switch(op->cmd) { 17.254 - case DOM0_CREATEDOMAIN: 17.255 - ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref); 17.256 - break; 17.257 - case DOM0_DESTROYDOMAIN: 17.258 - d = find_domain_by_id(op->u.destroydomain.domain); 17.259 - if (d != NULL) { 17.260 - *ssid = d->ssid; /* save for post destroy when d is gone */ 17.261 - /* no policy-specific hook */ 17.262 - put_domain(d); 17.263 - ret = 0; 17.264 - } 17.265 - break; 17.266 - default: 17.267 - ret = 0; /* ok */ 17.268 - } 17.269 - return ret; 17.270 + switch(op->cmd) { 17.271 + case DOM0_CREATEDOMAIN: 17.272 + ret = acm_pre_domain_create( 17.273 + current->domain->ssid, op->u.createdomain.ssidref); 17.274 + break; 17.275 + case DOM0_DESTROYDOMAIN: 17.276 + d = find_domain_by_id(op->u.destroydomain.domain); 17.277 + if (d != NULL) { 17.278 + *ssid = d->ssid; /* save for post destroy when d is gone */ 17.279 + /* no policy-specific hook */ 17.280 + put_domain(d); 17.281 + ret = 0; 17.282 + } 17.283 + break; 17.284 + default: 17.285 + ret = 0; /* ok */ 17.286 + } 17.287 + return ret; 17.288 } 17.289 -#endif 17.290 17.291 - 17.292 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 17.293 -static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 17.294 -{ return; } 17.295 -#else 17.296 static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 17.297 { 17.298 - switch(op->cmd) { 17.299 - case DOM0_CREATEDOMAIN: 17.300 - /* initialialize shared sHype security labels for new domain */ 17.301 - acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref); 17.302 - acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref); 17.303 - break; 17.304 - case DOM0_DESTROYDOMAIN: 17.305 - acm_post_domain_destroy(ssid, op->u.destroydomain.domain); 17.306 - /* free security ssid for the destroyed domain (also if running null policy */ 17.307 - acm_free_domain_ssid((struct acm_ssid_domain *)ssid); 17.308 - break; 17.309 - } 17.310 + switch(op->cmd) { 17.311 + case DOM0_CREATEDOMAIN: 17.312 + /* initialialize shared sHype security labels for new domain */ 17.313 + acm_init_domain_ssid( 17.314 + op->u.createdomain.domain, op->u.createdomain.ssidref); 17.315 + acm_post_domain_create( 17.316 + op->u.createdomain.domain, op->u.createdomain.ssidref); 17.317 + break; 17.318 + case DOM0_DESTROYDOMAIN: 17.319 + acm_post_domain_destroy(ssid, op->u.destroydomain.domain); 17.320 + /* free security ssid for the destroyed domain (also if null policy */ 17.321 + acm_free_domain_ssid((struct acm_ssid_domain *)ssid); 17.322 + break; 17.323 + } 17.324 } 17.325 -#endif 17.326 17.327 - 17.328 -#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY) 17.329 -static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 17.330 -{ return; } 17.331 -#else 17.332 static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 17.333 { 17.334 - switch(op->cmd) { 17.335 - case DOM0_CREATEDOMAIN: 17.336 - acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref); 17.337 - break; 17.338 - } 17.339 + switch(op->cmd) { 17.340 + case DOM0_CREATEDOMAIN: 17.341 + acm_fail_domain_create( 17.342 + current->domain->ssid, op->u.createdomain.ssidref); 17.343 + break; 17.344 + } 17.345 +} 17.346 + 17.347 +static inline int acm_pre_event_channel(evtchn_op_t *op) 17.348 +{ 17.349 + int ret = -EACCES; 17.350 + 17.351 + switch(op->cmd) { 17.352 + case EVTCHNOP_alloc_unbound: 17.353 + ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); 17.354 + break; 17.355 + case EVTCHNOP_bind_interdomain: 17.356 + ret = acm_pre_eventchannel_interdomain( 17.357 + op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); 17.358 + break; 17.359 + default: 17.360 + ret = 0; /* ok */ 17.361 + } 17.362 + return ret; 17.363 } 17.364 + 17.365 +static inline int acm_pre_grant_map_ref(domid_t id) 17.366 +{ 17.367 + if ( (acm_primary_ops->pre_grant_map_ref != NULL) && 17.368 + acm_primary_ops->pre_grant_map_ref(id) ) 17.369 + { 17.370 + return ACM_ACCESS_DENIED; 17.371 + } 17.372 + else if ( (acm_secondary_ops->pre_grant_map_ref != NULL) && 17.373 + acm_secondary_ops->pre_grant_map_ref(id) ) 17.374 + { 17.375 + /* roll-back primary */ 17.376 + if ( acm_primary_ops->fail_grant_map_ref != NULL ) 17.377 + acm_primary_ops->fail_grant_map_ref(id); 17.378 + return ACM_ACCESS_DENIED; 17.379 + } 17.380 + else 17.381 + { 17.382 + return ACM_ACCESS_PERMITTED; 17.383 + } 17.384 +} 17.385 + 17.386 +static inline int acm_pre_grant_setup(domid_t id) 17.387 +{ 17.388 + if ( (acm_primary_ops->pre_grant_setup != NULL) && 17.389 + acm_primary_ops->pre_grant_setup(id) ) 17.390 + { 17.391 + return ACM_ACCESS_DENIED; 17.392 + } 17.393 + else if ( (acm_secondary_ops->pre_grant_setup != NULL) && 17.394 + acm_secondary_ops->pre_grant_setup(id) ) 17.395 + { 17.396 + /* roll-back primary */ 17.397 + if (acm_primary_ops->fail_grant_setup != NULL) 17.398 + acm_primary_ops->fail_grant_setup(id); 17.399 + return ACM_ACCESS_DENIED; 17.400 + } 17.401 + else 17.402 + { 17.403 + return ACM_ACCESS_PERMITTED; 17.404 + } 17.405 +} 17.406 + 17.407 +/* predefined ssidref for DOM0 used by xen when creating DOM0 */ 17.408 +#define ACM_DOM0_SSIDREF 0 17.409 + 17.410 +static inline void acm_post_domain0_create(domid_t domid) 17.411 +{ 17.412 + /* initialialize shared sHype security labels for new domain */ 17.413 + acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); 17.414 + acm_post_domain_create(domid, ACM_DOM0_SSIDREF); 17.415 +} 17.416 + 17.417 +extern int acm_init(void); 17.418 + 17.419 #endif 17.420 17.421 - 17.422 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 17.423 -static inline int acm_pre_event_channel(evtchn_op_t *op) 17.424 -{ return 0; } 17.425 -#else 17.426 -static inline int acm_pre_event_channel(evtchn_op_t *op) 17.427 -{ 17.428 - int ret = -EACCES; 17.429 - 17.430 - switch(op->cmd) { 17.431 - case EVTCHNOP_alloc_unbound: 17.432 - ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); 17.433 - break; 17.434 - case EVTCHNOP_bind_interdomain: 17.435 - ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); 17.436 - break; 17.437 - default: 17.438 - ret = 0; /* ok */ 17.439 - } 17.440 - return ret; 17.441 -} 17.442 #endif 17.443 - 17.444 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 17.445 -static inline int acm_pre_grant_map_ref(domid_t id) 17.446 -{ return 0; } 17.447 -#else 17.448 -static inline int acm_pre_grant_map_ref (domid_t id) 17.449 -{ 17.450 - if ((acm_primary_ops->pre_grant_map_ref != NULL) && 17.451 - acm_primary_ops->pre_grant_map_ref (id)) 17.452 - return ACM_ACCESS_DENIED; 17.453 - else if ((acm_secondary_ops->pre_grant_map_ref != NULL) && 17.454 - acm_secondary_ops->pre_grant_map_ref (id)) { 17.455 - /* roll-back primary */ 17.456 - if (acm_primary_ops->fail_grant_map_ref != NULL) 17.457 - acm_primary_ops->fail_grant_map_ref (id); 17.458 - return ACM_ACCESS_DENIED; 17.459 - } else 17.460 - return ACM_ACCESS_PERMITTED; 17.461 -} 17.462 -#endif 17.463 - 17.464 - 17.465 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 17.466 -static inline int acm_pre_grant_setup(domid_t id) 17.467 -{ return 0; } 17.468 -#else 17.469 -static inline int acm_pre_grant_setup (domid_t id) 17.470 -{ 17.471 - if ((acm_primary_ops->pre_grant_setup != NULL) && 17.472 - acm_primary_ops->pre_grant_setup (id)) 17.473 - return ACM_ACCESS_DENIED; 17.474 - else if ((acm_secondary_ops->pre_grant_setup != NULL) && 17.475 - acm_secondary_ops->pre_grant_setup (id)) { 17.476 - /* roll-back primary */ 17.477 - if (acm_primary_ops->fail_grant_setup != NULL) 17.478 - acm_primary_ops->fail_grant_setup (id); 17.479 - return ACM_ACCESS_DENIED; 17.480 - } else 17.481 - return ACM_ACCESS_PERMITTED; 17.482 -} 17.483 -#endif 17.484 - 17.485 - 17.486 -#endif
18.1 --- a/xen/include/asm-x86/page.h Tue Jun 21 11:09:54 2005 +0000 18.2 +++ b/xen/include/asm-x86/page.h Thu Jun 23 09:10:39 2005 +0000 18.3 @@ -2,13 +2,13 @@ 18.4 #ifndef __X86_PAGE_H__ 18.5 #define __X86_PAGE_H__ 18.6 18.7 -#ifndef __ASSEMBLY__ 18.8 -#define PAGE_SIZE (1UL << PAGE_SHIFT) 18.9 -#else 18.10 +/* 18.11 + * It is important that the masks are signed quantities. This ensures that 18.12 + * the compiler sign-extends a 32-bit mask to 64 bits if that is required. 18.13 + */ 18.14 #define PAGE_SIZE (1 << PAGE_SHIFT) 18.15 -#endif 18.16 -#define PAGE_MASK (~(intpte_t)(PAGE_SIZE-1)) 18.17 -#define PAGE_FLAG_MASK (~0U) 18.18 +#define PAGE_MASK (~(PAGE_SIZE-1)) 18.19 +#define PAGE_FLAG_MASK (~0) 18.20 18.21 #ifndef __ASSEMBLY__ 18.22 # include <asm/types.h>
19.1 --- a/xen/include/asm-x86/x86_32/page-2level.h Tue Jun 21 11:09:54 2005 +0000 19.2 +++ b/xen/include/asm-x86/x86_32/page-2level.h Thu Jun 23 09:10:39 2005 +0000 19.3 @@ -46,6 +46,8 @@ typedef l2_pgentry_t root_pgentry_t; 19.4 * 12-bit flags = (pte[11:0]) 19.5 */ 19.6 19.7 +#define _PAGE_NX 0U 19.8 + 19.9 /* Extract flags into 12-bit integer, or turn 12-bit flags into a pte mask. */ 19.10 #define get_pte_flags(x) ((int)(x) & 0xFFF) 19.11 #define put_pte_flags(x) ((intpte_t)((x) & 0xFFF))
20.1 --- a/xen/include/asm-x86/x86_32/page-3level.h Tue Jun 21 11:09:54 2005 +0000 20.2 +++ b/xen/include/asm-x86/x86_32/page-3level.h Thu Jun 23 09:10:39 2005 +0000 20.3 @@ -59,6 +59,8 @@ typedef l3_pgentry_t root_pgentry_t; 20.4 * 32-bit flags = (pte[63:44],pte[11:0]) 20.5 */ 20.6 20.7 +#define _PAGE_NX (cpu_has_nx ? (1<<31) : 0) 20.8 + 20.9 /* Extract flags into 32-bit integer, or turn 32-bit flags into a pte mask. */ 20.10 #define get_pte_flags(x) (((int)((x) >> 32) & ~0xFFF) | ((int)(x) & 0xFFF)) 20.11 #define put_pte_flags(x) (((intpte_t)((x) & ~0xFFF) << 40) | ((x) & 0xFFF))
21.1 --- a/xen/include/asm-x86/x86_32/page.h Tue Jun 21 11:09:54 2005 +0000 21.2 +++ b/xen/include/asm-x86/x86_32/page.h Thu Jun 23 09:10:39 2005 +0000 21.3 @@ -7,8 +7,6 @@ 21.4 #define VADDR_BITS 32 21.5 #define VADDR_MASK (~0UL) 21.6 21.7 -#define _PAGE_NX 0U 21.8 - 21.9 #include <xen/config.h> 21.10 #ifdef CONFIG_X86_PAE 21.11 # include <asm/x86_32/page-3level.h>
22.1 --- a/xen/include/public/acm_dom0_setup.h Tue Jun 21 11:09:54 2005 +0000 22.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 22.3 @@ -1,34 +0,0 @@ 22.4 -/**************************************************************** 22.5 - * acm_dom0_setup.h 22.6 - * 22.7 - * Copyright (C) 2005 IBM Corporation 22.8 - * 22.9 - * Author: 22.10 - * Reiner Sailer <sailer@watson.ibm.com> 22.11 - * 22.12 - * Includes necessary definitions to bring-up dom0 22.13 - */ 22.14 -#include <acm/acm_hooks.h> 22.15 - 22.16 -extern int acm_init(void); 22.17 - 22.18 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 22.19 - 22.20 -static inline void acm_post_domain0_create(domid_t domid) 22.21 -{ 22.22 - return; 22.23 -} 22.24 - 22.25 -#else 22.26 - 22.27 -/* predefined ssidref for DOM0 used by xen when creating DOM0 */ 22.28 -#define ACM_DOM0_SSIDREF 0 22.29 - 22.30 -static inline void acm_post_domain0_create(domid_t domid) 22.31 -{ 22.32 - /* initialialize shared sHype security labels for new domain */ 22.33 - acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); 22.34 - acm_post_domain_create(domid, ACM_DOM0_SSIDREF); 22.35 -} 22.36 - 22.37 -#endif