direct-io.hg
changeset 5518:649cd37aa1ab
bitkeeper revision 1.1720 (42b7bb86ag6KD5OEx2v6YdSnS1BhGQ)
Merge freefall.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into freefall.cl.cam.ac.uk:/auto/groups/xeno/users/iap10/xeno-clone/xen-unstable.bk
Merge freefall.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into freefall.cl.cam.ac.uk:/auto/groups/xeno/users/iap10/xeno-clone/xen-unstable.bk
line diff
1.1 --- a/.rootkeys Sat Jun 18 00:49:11 2005 +0000 1.2 +++ b/.rootkeys Tue Jun 21 07:02:30 2005 +0000 1.3 @@ -21,6 +21,7 @@ 412f4bd9sm5mCQ8BkrgKcAKZGadq7Q docs/misc 1.4 420b949cy9ZGzED74Fz_DaWlK7tT4g docs/misc/crashdb.txt 1.5 4251a1f82AexscYEiF4Iku8Gc_kWfQ docs/misc/grant-tables.txt 1.6 424d462b5GuApQ_NyMsRFt9LbrsWow docs/misc/sedf_scheduler_mini-HOWTO.txt 1.7 +42b7434c-M2l4Og0klGf6xSAARqa2w docs/misc/shype4xen_readme.txt 1.8 40d6ccbfKKBq8jE0ula4eHEzBiQuDA docs/misc/xen_config.html 1.9 410a4c2bAO_m_l4RsiiPHnZ4ixHWbQ docs/misc/xend.tex 1.10 3f9e7d564bWFB-Czjv1qdmE6o0GqNg docs/src/interface.tex 1.11 @@ -777,6 +778,16 @@ 3f6dc142IHaf6XIcAYGmhV9nNSIHFQ tools/mis 1.12 40c9c469kT0H9COWzA4XzPBjWK0WsA tools/misc/netfix 1.13 4022a73cEKvrYe_DVZW2JlAxobg9wg tools/misc/nsplitd/Makefile 1.14 4022a73cKms4Oq030x2JBzUB426lAQ tools/misc/nsplitd/nsplitd.c 1.15 +42b74436oXEaaUH_dPcGFviMiwNgCQ tools/misc/policyprocessor/SecurityLabel.java 1.16 +42b74436fIW8ZI3pUpu13-Ox6G2cOA tools/misc/policyprocessor/SecurityPolicySpec.xsd 1.17 +42b74436T4CN4HMWsuaHD2zS8jY1BA tools/misc/policyprocessor/SsidsEntry.java 1.18 +42b74436Dk3WKJl6-SyP3LEBo3DXkQ tools/misc/policyprocessor/XmlToBin.java 1.19 +42b74436ABj4SOVBWqY_IEIboFUkeA tools/misc/policyprocessor/XmlToBinInterface.java 1.20 +42b7443684kBOrEBKFod4fGvnJ-rdA tools/misc/policyprocessor/myHandler.java 1.21 +42b74436JjvZmOp2DfMb-TnpGZXQ8w tools/misc/policyprocessor/readme.install 1.22 +42b74436-0Ig0yb-w1BYyCAFVTwqUg tools/misc/policyprocessor/readme.xen 1.23 +42b74436WAJ6lmTO3foadk2527PFBQ tools/misc/policyprocessor/xen_sample_def.xml 1.24 +42b744365VrTALmqRroQOBZ9EopUsw tools/misc/policyprocessor/xen_sample_policy.xml 1.25 42308df9dv_ZuP49nNPIROEMQ3F_LA tools/misc/xc_shadow.c 1.26 3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone 1.27 3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README 1.28 @@ -785,6 +796,8 @@ 40c9c4697z76HDfkCLdMhmaEwzFoNQ tools/mis 1.29 41adc641dV-0cDLSyzMs5BT8nL7v3Q tools/misc/xenperf.c 1.30 4056f5155QYZdsk-1fLdjsZPFTnlhg tools/misc/xensymoops 1.31 40cf2937dqM1jWW87O5OoOYND8leuA tools/misc/xm 1.32 +42b742f6JFcp6LFpYu-B4AEsfQwSFw tools/policy/Makefile 1.33 +42b742f66XOdRMrwaHvbCdSSQyCrFw tools/policy/policy_tool.c 1.34 4270cc81g3nSNYCZ1ryCMDEbLtMtbQ tools/pygrub/Makefile 1.35 4270deeccyRsJn6jLnRh9odRtMW9SA tools/pygrub/README 1.36 4270cc81EIl7NyaS3Av6IPRk2c2a6Q tools/pygrub/setup.py 1.37 @@ -1101,6 +1114,12 @@ 4050c413NtuyIq5lsYJV4P7KIjujXw tools/xen 1.38 3f72f1bdJPsV3JCnBqs9ddL9tr6D2g xen/COPYING 1.39 3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile 1.40 3ddb79bcWnTwYsQRWl_PaneJfa6p0w xen/Rules.mk 1.41 +42b742f6XHTfIEm_hUPtzjKr37LVhw xen/acm/Makefile 1.42 +42b742f6tHzn0fZWH3TjPva8gbqpow xen/acm/acm_chinesewall_hooks.c 1.43 +42b742f6bM8kZwuIUbepHZ8SQQkjJA xen/acm/acm_core.c 1.44 +42b742f6cwfrPubqH47gQpke8xkYSA xen/acm/acm_null_hooks.c 1.45 +42b742f69qSxm5MM-wtPaWtCqyI3KA xen/acm/acm_policy.c 1.46 +42b742f6VbmdlwekQRMhXugjcu9QXg xen/acm/acm_simple_type_enforcement_hooks.c 1.47 421098b25A0RvuYN3rP28ga3_FN3_Q xen/arch/ia64/Makefile 1.48 421098b2okIeYXS9w9avmSozls61xA xen/arch/ia64/Rules.mk 1.49 421098b21p12UcKjHBrLh_LjlvNEwA xen/arch/ia64/acpi.c 1.50 @@ -1146,6 +1165,7 @@ 425ae516p4ICTkjqNYEfYFxqULj4dw xen/arch/ 1.51 425ae516juUB257qrwUdsL9AsswrqQ xen/arch/ia64/patch/linux-2.6.11/time.c 1.52 425ae5167zQn7zYcgKtDUDX2v-e8mw xen/arch/ia64/patch/linux-2.6.11/tlb.c 1.53 425ae5162bIl2Dgd19x-FceB4L9oGw xen/arch/ia64/patch/linux-2.6.11/types.h 1.54 +42ae01f01KDfSgVQnscwJ0psRmEaCw xen/arch/ia64/patch/linux-2.6.11/uaccess.h 1.55 425ae516cFUNY2jHD46bujcF5NJheA xen/arch/ia64/patch/linux-2.6.11/unaligned.c 1.56 421098b39QFMC-1t1r38CA7NxAYBPA xen/arch/ia64/patch/linux-2.6.7/bootmem.h 1.57 421098b3SIA1vZX9fFUjo1T3o_jMCQ xen/arch/ia64/patch/linux-2.6.7/current.h 1.58 @@ -1323,6 +1343,7 @@ 3ddb79bduhSEZI8xa7IbGQCpap5y2A xen/commo 1.59 41a61536SZbR6cj1ukWTb0DYU-vz9w xen/common/multicall.c 1.60 3ddb79bdD4SLmmdMD7yLW5HcUWucXw xen/common/page_alloc.c 1.61 3e54c38dkHAev597bPr71-hGzTdocg xen/common/perfc.c 1.62 +42b742f6mgq9puEr7lUrLST0VEpsig xen/common/policy_ops.c 1.63 40589968dD2D1aejwSOvrROg7fOvGQ xen/common/sched_bvt.c 1.64 41ebbfe9oF1BF3cH5v7yE3eOL9uPbA xen/common/sched_sedf.c 1.65 3e397e6619PgAfBbw2XFbXkewvUWgw xen/common/schedule.c 1.66 @@ -1338,6 +1359,9 @@ 3e4a8cb7alzQCDKS7MlioPoHBKYkdQ xen/drive 1.67 4049e6bfNSIq7s7OV-Bd69QD0RpR2Q xen/drivers/char/console.c 1.68 4298e018XQtZkCdufpyFimOGZqqsFA xen/drivers/char/ns16550.c 1.69 3e4a8cb7nMChlro4wvOBo76n__iCFA xen/drivers/char/serial.c 1.70 +42b742f6OteAMPWnoqxqfRX3yxD0yw xen/include/acm/acm_core.h 1.71 +42b742f6XfIijctEwA0YWL2BoWtDNg xen/include/acm/acm_endian.h 1.72 +42b742f6jXvp1vdbU2v2WJjTPku65A xen/include/acm/acm_hooks.h 1.73 40715b2cFpte_UNWnBZW0Du7z9AhTQ xen/include/acpi/acconfig.h 1.74 40715b2ctNvVZ058w8eM8DR9hOat_A xen/include/acpi/acexcep.h 1.75 40715b2com8I01qcHcAw47e93XsCqQ xen/include/acpi/acglobal.h 1.76 @@ -1364,6 +1388,7 @@ 421098b6Y3xqcv873Gvg1rQ5CChfFw xen/inclu 1.77 421098b6ZcIrn_gdqjUtdJyCE0YkZQ xen/include/asm-ia64/debugger.h 1.78 421098b6z0zSuW1rcSJK1gR8RUi-fw xen/include/asm-ia64/dom_fw.h 1.79 421098b6Nn0I7hGB8Mkd1Cis0KMkhA xen/include/asm-ia64/domain.h 1.80 +42b1d2d0rkNCmG2nFOnL-OfhJG9mDw xen/include/asm-ia64/event.h 1.81 4241e880hAyo_dk0PPDYj3LsMIvf-Q xen/include/asm-ia64/flushtlb.h 1.82 421098b6X3Fs2yht42TE2ufgKqt2Fw xen/include/asm-ia64/ia64_int.h 1.83 421098b7psFAn8kbeR-vcRCdc860Vw xen/include/asm-ia64/init.h 1.84 @@ -1388,7 +1413,6 @@ 428b9f387tov0OtOEeF8fVWSR2v5Pg xen/inclu 1.85 428b9f38is0zTsIm96_BKo4MLw0SzQ xen/include/asm-ia64/vmx_pal_vsa.h 1.86 428b9f38iDqbugHUheJrcTCD7zlb4g xen/include/asm-ia64/vmx_phy_mode.h 1.87 428b9f38grd_B0AGB1yp0Gi2befHaQ xen/include/asm-ia64/vmx_platform.h 1.88 -428b9f38lm0ntDBusHggeQXkx1-1HQ xen/include/asm-ia64/vmx_ptrace.h 1.89 428b9f38XgwHchZEpOzRtWfz0agFNQ xen/include/asm-ia64/vmx_vcpu.h 1.90 428b9f38tDTTJbkoONcAB9ODP8CiVg xen/include/asm-ia64/vmx_vpd.h 1.91 428b9f38_o0U5uJqmxZf_bqi6_PqVw xen/include/asm-ia64/vtm.h 1.92 @@ -1412,6 +1436,7 @@ 3ddb79c34BFiXjBJ_cCKB0aCsV1IDw xen/inclu 1.93 40715b2dTokMLYGSuD58BnxOqyWVew xen/include/asm-x86/div64.h 1.94 4204e7acwzqgXyTAPKa1nM-L7Ec0Qw xen/include/asm-x86/domain.h 1.95 41d3eaaeIBzW621S1oa0c2yk7X43qQ xen/include/asm-x86/e820.h 1.96 +42b1d2caFkOByU5n4LuMnT05f3kJFg xen/include/asm-x86/event.h 1.97 3ddb79c3NU8Zy40OTrq3D-i30Y3t4A xen/include/asm-x86/fixmap.h 1.98 3e2d29944GI24gf7vOP_7x8EyuqxeA xen/include/asm-x86/flushtlb.h 1.99 4294b5eep4lWuDtYUR74gYwt-_FnHA xen/include/asm-x86/genapic.h 1.100 @@ -1487,6 +1512,8 @@ 404f1bb86rAXB3aLS1vYdcqpJiEcyg xen/inclu 1.101 404f1bc4tWkB9Qr8RkKtZGW5eMQzhw xen/include/asm-x86/x86_64/uaccess.h 1.102 422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h 1.103 400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING 1.104 +42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h 1.105 +42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h 1.106 421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h 1.107 404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h 1.108 404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h 1.109 @@ -1500,8 +1527,10 @@ 40f5623cTZ80EwjWUBlh44A9F9i_Lg xen/inclu 1.110 41d40e9b8zCk5VDqhVbuQyhc7G3lqA xen/include/public/io/ring.h 1.111 41ee5e8c6mLxIx82KPsbpt_uts_vSA xen/include/public/io/usbif.h 1.112 4051db79512nOCGweabrFWO2M2h5ng xen/include/public/physdev.h 1.113 +42b742f7Lzy8SKKG25L_-fgk5FHA2Q xen/include/public/policy_ops.h 1.114 40589968wmhPmV5-ENbBYmMjnedgKw xen/include/public/sched_ctl.h 1.115 404f3d2eR2Owk-ZcGOx9ULGHg3nrww xen/include/public/trace.h 1.116 +42b5a5f2QC1IxeuwCwwsOEhvcJ2BJg xen/include/public/version.h 1.117 4266bd01Ul-pC01ZVvBkhBnv5eqzvw xen/include/public/vmx_assist.h 1.118 3ddb79c25UE59iu4JJcbRalx95mvcg xen/include/public/xen.h 1.119 3e397e66m2tO3s-J8Jnr7Ws_tGoPTg xen/include/xen/ac_timer.h
2.1 --- a/BitKeeper/etc/logging_ok Sat Jun 18 00:49:11 2005 +0000 2.2 +++ b/BitKeeper/etc/logging_ok Tue Jun 21 07:02:30 2005 +0000 2.3 @@ -39,6 +39,7 @@ iap10@labyrinth.cl.cam.ac.uk 2.4 iap10@nidd.cl.cam.ac.uk 2.5 iap10@pb001.cl.cam.ac.uk 2.6 iap10@pb007.cl.cam.ac.uk 2.7 +iap10@spot.cl.cam.ac.uk 2.8 iap10@striker.cl.cam.ac.uk 2.9 iap10@tetris.cl.cam.ac.uk 2.10 jrb44@plym.cl.cam.ac.uk
3.1 --- a/Config.mk Sat Jun 18 00:49:11 2005 +0000 3.2 +++ b/Config.mk Tue Jun 21 07:02:30 2005 +0000 3.3 @@ -31,3 +31,6 @@ endif 3.4 3.5 LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i)) 3.6 CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i)) 3.7 + 3.8 +# Choose the best mirror to download linux kernel 3.9 +KERNEL_REPO = http://www.kernel.org
4.1 --- a/buildconfigs/Rules.mk Sat Jun 18 00:49:11 2005 +0000 4.2 +++ b/buildconfigs/Rules.mk Tue Jun 21 07:02:30 2005 +0000 4.3 @@ -27,7 +27,7 @@ vpath linux-%.tar.bz2 $(LINUX_SRC_PATH) 4.4 linux-%.tar.bz2: override _LINUX_VDIR = $(word 1,$(subst ., ,$*)).$(word 2,$(subst ., ,$*)) 4.5 linux-%.tar.bz2: 4.6 @echo "Cannot find $@ in path $(LINUX_SRC_PATH)" 4.7 - wget http://www.kernel.org/pub/linux/kernel/v$(_LINUX_VDIR)/$@ -O./$@ 4.8 + wget $(KERNEL_REPO)/pub/linux/kernel/v$(_LINUX_VDIR)/$@ -O./$@ 4.9 4.10 # Expand NetBSD release to NetBSD version 4.11 NETBSD_RELEASE ?= 2.0 4.12 @@ -57,6 +57,7 @@ endif 4.13 mkdir -p tmp-pristine-$* 4.14 touch tmp-pristine-$*/.bk_skip 4.15 tar -C tmp-pristine-$* -jxf $< 4.16 + -@rm tmp-pristine-$*/pax_global_header 4.17 mv tmp-pristine-$*/* $(@D) 4.18 @rm -rf tmp-pristine-$* 4.19 touch $@ # update timestamp to avoid rebuild
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/docs/misc/shype4xen_readme.txt Tue Jun 21 07:02:30 2005 +0000 5.3 @@ -0,0 +1,580 @@ 5.4 +Copyright: IBM Corporation (C) 5.5 +20 June 2005 5.6 +Author: Reiner Sailer 5.7 + 5.8 +This document is a very short introduction into the sHype access control 5.9 +security architecture implementation and how it is perceived by users. It 5.10 +is a very preliminary draft for the courageous ones to get "their feet wet" 5.11 +and to be able to give feedback (via the xen-devel/xense-devel mailing lists). 5.12 + 5.13 +Install: 5.14 + 5.15 +cd into xeno-unstable.bk 5.16 +(use --dry-run option if you want to test the patch only) 5.17 +patch -p1 -g0 < *tools.diff 5.18 +patch -p1 -g0 < *xen.diff 5.19 + 5.20 +(no rejects, probably some line offsets) 5.21 + 5.22 +make uninstall; make mrproper; make; ./install.sh should install the default 5.23 +sHype into Xen (rebuild your initrd images if necessary). Reboot. 5.24 + 5.25 +Debug output: there are two triggers for debug output: 5.26 +a) General sHype debug: 5.27 + xeno-unstable.bk/xen/include/public/acm.h 5.28 + undefine ACM_DEBUG to switch this debug off 5.29 + 5.30 +b) sHype enforcement hook trace: This prints a small trace for each enforcement 5.31 +hook that is executed. The trigger is in 5.32 + xeno-unstable.bk/xen/include/acm/acm_hooks.h 5.33 + undefine ACM_TRACE_MODE to switch this debug off 5.34 + 5.35 +1. The default NULL policy 5.36 +*************************** 5.37 +When you apply the patches and startup xen, you should at first not notice any 5.38 +difference because the default policy is the "NULL" policy, which as the name 5.39 +implies does not enforce anything. 5.40 + 5.41 +However, when you try 5.42 + 5.43 +[root@laptop policy]# xm list 5.44 +Name Id Mem(MB) CPU State Time(s) Console SSID-REF 5.45 +Domain-0 0 620 0 r---- 25.6 default 5.46 + 5.47 +You might detect a new parameter "SSID-REF" displayed for domains. This 5.48 +parameter describes the subject security identifier reference of the domain. It 5.49 +is shown as "default" since there is no policy to be enforced. 5.50 + 5.51 +To display the currently enforced policy, use the policy tool under xeno- 5.52 +unstable.bk/tools/policy: policy_tool getpolicy. You should see output like the 5.53 +one below. 5.54 + 5.55 +[root@laptop policy]#./policy_tool getpolicy 5.56 + 5.57 +Policy dump: 5.58 +============ 5.59 +Magic = 1debc. 5.60 +PolVer = aaaa0000. 5.61 +Len = 14. 5.62 +Primary = NULL policy (c=0, off=14). 5.63 +Secondary = NULL policy (c=0, off=14). 5.64 +No primary policy (NULL). 5.65 +No secondary policy (NULL). 5.66 + 5.67 +Policy dump End. 5.68 + 5.69 +Since this is a dump of a binary policy, it's not pretty. The important parts 5.70 +are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 5.71 +currently allows to set two independent policies; thus the two SSID-REF parts 5.72 +shown in 'xm list'. Right here: primary policy only means this policy is 5.73 +checked first, the secondary policy is checked if the primary results in 5.74 +"permitted access". The result of the combined policy is "permitted" if both 5.75 +policies return permitted (NULL policy always returns permitted). The result is 5.76 +"denied" if at least one of the policies returns "denied". Look into xeno- 5.77 +unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 5.78 +integrating the policy decisions (if you like, you won't need it for the rest 5.79 +of the Readme file). 5.80 + 5.81 +2. Setting Chinese Wall and Simple Type Enforcement policies: 5.82 +************************************************************* 5.83 + 5.84 +We'll get fast to the point. However, in order to understand what we are doing, 5.85 +we must at least understand the purpose of the policies that we are going to 5.86 +enforce. The two policies presented here are just examples and the 5.87 +implementation encourages adding new policies easily. 5.88 + 5.89 +2.1. Chinese Wall policy: "decides whether a domain can be started based on 5.90 +this domain's ssidref and the ssidrefs of the currently running domains". 5.91 +Generally, the Chinese wall policy allows specifying certain types (or classes 5.92 +or categories, whatever the preferred word) that conflict; we usually assign a 5.93 +type to a workload and the set of types of those workloads running in a domain 5.94 +make up the type set for this domain. Each domain is assigned a set of types 5.95 +through its SSID-REF (we register Chinese Wall as primary policy, so the 5.96 +ssidref used for determining the Chinese Wall types is the one annotated with 5.97 +"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 5.98 +SSIDREFs are represented in Xen later when we will look at the policy. (A good 5.99 +read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.) 5.100 + 5.101 +So let's assume the Chinese Wall policy we are running distinguishes 10 types: 5.102 +t0 ... t9. Let us assume further that each SSID-REF points to a set that 5.103 +includes exactly one type (attached to domains that run workloads of a single 5.104 +type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 5.105 +{t9}. [This is actually the example policy we are going to push into xen later] 5.106 + 5.107 +Now the Chinese Wall policy allows you to define "Conflict type sets" and it 5.108 +guarantees that of any conflict set at most one type is "running" at any time. 5.109 +As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 5.110 +Specifying these conflict sets, sHype ensures that at most one type of each set 5.111 +is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 5.112 +multiple of them). 5.113 + 5.114 +The effect is that administrators can define which workload types cannot run 5.115 +simultaneously on a single Xen system. This is useful to limit the covert 5.116 +timing channels between such payloads or to ensure that payloads don't 5.117 +interfere with each other through existing resource dependencies. 5.118 + 5.119 +2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 5.120 +share data, e.g., setup event channels or grant tables to each other, based on 5.121 +the two domains' ssidref. This, as the name says, is a simple policy. Think of 5.122 +each type as of a single color. Each domain has one or more colors, i.e., the 5.123 +domains ssid for the ste policy points to a set that has set one or multiple 5.124 +types. Let us assume in our example policy we differentiate 5 colors (types) 5.125 +and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 5.126 +exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 5.127 +set, i.e., has all defined colors. 5.128 + 5.129 +Sharing is enforced by the ste policy by requiring that two domains that want 5.130 +to establish an event channel or grant pages to each other must have a common 5.131 +color. Currently all domains communicate through DOM0 by default; i.e., Domain0 5.132 +will necessarily have all colors to be able to create domains (thus, we will 5.133 +assign ssidref(0) to Domain0 in our example below. 5.134 + 5.135 +More complex mandatory access control policies governing sharing will follow; 5.136 +such policies are more sophisticated than the "color" scheme above by allowing 5.137 +more flexible (and complex :_) access control decisions than "share a color" or 5.138 +"don't share a color" and will be able to express finer-grained policies. 5.139 + 5.140 + 5.141 +2.3 Binary Policy: 5.142 +In the future, we will have a policy tool that takes as input a more humane 5.143 +policy description, using types such as development, home-banking, donated- 5.144 +Grid, CorpA-Payload ... and translates the respective policy into what we see 5.145 +today as the binary policy using 1s and 0s and sets of them. For now, we must 5.146 +live with the binary policy when working with sHype. 5.147 + 5.148 + 5.149 +2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 5.150 +edit the file (yes, this will soon be a compile option): 5.151 + xeno-unstable.bk/xen/include/public/acm.h 5.152 + Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY 5.153 + To : #define ACM_USE_SECURITY_POLICY ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 5.154 + cd xeno-unstable.bk 5.155 + make mrproper 5.156 + make uninstall (manually remove /etc/xen.old if necessary) 5.157 + make 5.158 + ./install.sh (recreate your kernel initrd's if necessary) 5.159 + Reboot into new xen.gz 5.160 + 5.161 +After booting, check out 'xm dmesg'; should show somewhere in the middle: 5.162 + 5.163 +(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 5.164 +ENFORCEMENT policy. 5.165 + 5.166 +Even though you can activate those policies in any combination and also 5.167 +independently, the policy tool currently only supports setting the policy for 5.168 +the above combination. 5.169 + 5.170 +Now look at the minimal startup policy with: 5.171 + xeno-unstable.bk/tools/policytool getpolicy 5.172 + 5.173 +You should see something like: 5.174 + 5.175 +[root@laptop policy]# ./policy_tool getpolicy 5.176 + 5.177 +Policy dump: 5.178 +============ 5.179 +Magic = 1debc. 5.180 +PolVer = aaaa0000. 5.181 +Len = 36. 5.182 +Primary = CHINESE WALL policy (c=1, off=14). 5.183 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c). 5.184 + 5.185 + 5.186 +Chinese Wall policy: 5.187 +==================== 5.188 +Max Types = 1. 5.189 +Max Ssidrefs = 1. 5.190 +Max ConfSets = 1. 5.191 +Ssidrefs Off = 10. 5.192 +Conflicts Off = 12. 5.193 +Runing T. Off = 14. 5.194 +C. Agg. Off = 16. 5.195 + 5.196 +SSID To CHWALL-Type matrix: 5.197 + 5.198 + ssidref 0: 00 5.199 + 5.200 +Confict Sets: 5.201 + 5.202 + c-set 0: 00 5.203 + 5.204 +Running 5.205 +Types: 00 5.206 + 5.207 +Conflict 5.208 +Aggregate Set: 00 5.209 + 5.210 + 5.211 +Simple Type Enforcement policy: 5.212 +=============================== 5.213 +Max Types = 1. 5.214 +Max Ssidrefs = 1. 5.215 +Ssidrefs Off = 8. 5.216 + 5.217 +SSID To STE-Type matrix: 5.218 + 5.219 + ssidref 0: 01 5.220 + 5.221 + 5.222 +Policy dump End. 5.223 + 5.224 +This is a minimal policy (of little use), except it will disable starting any 5.225 +domain that does not have ssidref set to 0x0. The Chinese Wall policy has 5.226 +nothing to enforce and the ste policy only knows one type, which is set for the 5.227 +only defined ssidref. 5.228 + 5.229 +The item that defines the ssidref in a domain configuration is: 5.230 + 5.231 +ssidref = 0x12345678 5.232 + 5.233 +Where ssidref is interpreted as a 32bit number, where the lower 16bits become 5.234 +the ssidref for the primary policy and the higher 16bits become the ssidref for 5.235 +the secondary policy. sHype currently supports two policies but this is an 5.236 +implementation decision and can be extended if necessary. 5.237 + 5.238 +This reference defines the security information of a domain. The meaning of the 5.239 +SSID-REF depends on the policy, so we explain it when we explain the real 5.240 +policies. 5.241 + 5.242 + 5.243 +Setting a new Security Policy: 5.244 +****************************** 5.245 +The policy tool with all its current limitations has one usable example policy 5.246 +compiled-in. Please try at this time to use the setpolicy command: 5.247 + xeno-unstable.bk/tools/policy/policy_tool setpolicy 5.248 + 5.249 +You should see a dump of the policy you are setting. It should say at the very 5.250 +end: 5.251 + 5.252 +Policy successfully set. 5.253 + 5.254 +Now try to dump the currently enforced policy, which is the policy we have just 5.255 +set and the dynamic security state information of this policy 5.256 +(<<< ... some additional explanations) 5.257 + 5.258 +[root@laptop policy]# ./policy_tool getpolicy 5.259 + 5.260 +Policy dump: 5.261 +============ 5.262 +Magic = 1debc. 5.263 +PolVer = aaaa0000. 5.264 +Len = 112. 5.265 +Primary = CHINESE WALL policy (c=1, off=14). 5.266 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8). 5.267 + 5.268 + 5.269 +Chinese Wall policy: 5.270 +==================== 5.271 +Max Types = a. 5.272 +Max Ssidrefs = 5. 5.273 +Max ConfSets = 2. 5.274 +Ssidrefs Off = 10. 5.275 +Conflicts Off = 74. 5.276 +Runing T. Off = 9c. 5.277 +C. Agg. Off = b0. 5.278 + 5.279 +SSID To CHWALL-Type matrix: 5.280 + 5.281 + ssidref 0: 01 00 00 00 00 00 00 00 00 00 <<< type0 is set for ssidref0 5.282 + ssidref 1: 00 01 00 00 00 00 00 00 00 00 5.283 + ssidref 2: 00 00 01 00 00 00 00 00 00 00 5.284 + ssidref 3: 00 00 00 01 00 00 00 00 00 00 5.285 + ssidref 4: 00 00 00 00 01 00 00 00 00 00 <<< type4 is set for ssidref4 5.286 + <<< types 5-9 are unused 5.287 +Confict Sets: 5.288 + 5.289 + c-set 0: 00 00 01 01 00 00 00 00 00 00 <<< type2 and type3 never run together 5.290 + c-set 1: 01 00 00 00 00 01 01 00 00 00 <<< only one of types 0, 5 or 6 5.291 + <<< can run simultaneously 5.292 +Running 5.293 +Types: 01 00 00 00 00 00 00 00 00 00 <<< ref-count for types of running domains 5.294 + 5.295 +Conflict 5.296 +Aggregate Set: 00 00 00 00 00 01 01 00 00 00 <<< aggregated set of types that 5.297 + <<< cannot run because they 5.298 + <<< are in conflict set 1 and 5.299 + <<< (domain 0 is running w t0) 5.300 + 5.301 + 5.302 +Simple Type Enforcement policy: 5.303 +=============================== 5.304 +Max Types = 5. 5.305 +Max Ssidrefs = 5. 5.306 +Ssidrefs Off = 8. 5.307 + 5.308 +SSID To STE-Type matrix: 5.309 + 5.310 + ssidref 0: 01 01 01 01 01 <<< ssidref0 points to a set that 5.311 + <<< has all types set (colors) 5.312 + ssidref 1: 00 01 00 00 00 <<< ssidref1 has color1 set 5.313 + ssidref 2: 00 00 01 00 00 <<< ... 5.314 + ssidref 3: 00 00 00 01 00 5.315 + ssidref 4: 00 00 00 00 01 5.316 + 5.317 + 5.318 +Policy dump End. 5.319 + 5.320 + 5.321 +This is a small example policy with which we will demonstrate the enforcement. 5.322 + 5.323 +Starting Domains with policy enforcement 5.324 +======================================== 5.325 +Now let us play with this policy. 5.326 + 5.327 +Define 3 or 4 domain configurations. I use the following config using a ramdisk 5.328 +only and about 8MBytes of memory for each DomU (test purposes): 5.329 + 5.330 +#-------configuration xmsec1------------------------- 5.331 +kernel = "/boot/vmlinuz-2.6.11-xenU" 5.332 +ramdisk="/boot/U1_ramdisk.img" 5.333 +#security reference identifier 5.334 +ssidref= 0x00010001 5.335 +memory = 10 5.336 +name = "xmsec1" 5.337 +cpu = -1 # leave to Xen to pick 5.338 +# Number of network interfaces. Default is 1. 5.339 +nics=1 5.340 +dhcp="dhcp" 5.341 +#----------------------------------------------------- 5.342 + 5.343 +xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 5.344 +your domain config file and add "ssidref = 0x00010001" to the first (xmsec1), 5.345 +"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003" 5.346 +to the third (we will call this one xmsec3). 5.347 + 5.348 +First start xmsec1: xm create -c xmsec1 (succeeds) 5.349 + 5.350 +Then 5.351 +[root@laptop policy]# xm list 5.352 +Name Id Mem(MB) CPU State Time(s) Console SSID-REF 5.353 +Domain-0 0 620 0 r---- 42.3 s:00/p:00 5.354 +xmnosec 1 9 0 -b--- 0.3 9601 s:00/p:05 5.355 +xmsec1 2 9 0 -b--- 0.2 9602 s:01/p:01 5.356 + 5.357 +Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 5.358 +and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are 5.359 +independent and can differ for a domain. 5.360 + 5.361 +[root@laptop policy]# ./policy_tool getpolicy 5.362 + 5.363 +Policy dump: 5.364 +============ 5.365 +Magic = 1debc. 5.366 +PolVer = aaaa0000. 5.367 +Len = 112. 5.368 +Primary = CHINESE WALL policy (c=1, off=14). 5.369 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8). 5.370 + 5.371 + 5.372 +Chinese Wall policy: 5.373 +==================== 5.374 +Max Types = a. 5.375 +Max Ssidrefs = 5. 5.376 +Max ConfSets = 2. 5.377 +Ssidrefs Off = 10. 5.378 +Conflicts Off = 74. 5.379 +Runing T. Off = 9c. 5.380 +C. Agg. Off = b0. 5.381 + 5.382 +SSID To CHWALL-Type matrix: 5.383 + 5.384 + ssidref 0: 01 00 00 00 00 00 00 00 00 00 5.385 + ssidref 1: 00 01 00 00 00 00 00 00 00 00 5.386 + ssidref 2: 00 00 01 00 00 00 00 00 00 00 5.387 + ssidref 3: 00 00 00 01 00 00 00 00 00 00 5.388 + ssidref 4: 00 00 00 00 01 00 00 00 00 00 5.389 + 5.390 +Confict Sets: 5.391 + 5.392 + c-set 0: 00 00 01 01 00 00 00 00 00 00 5.393 + c-set 1: 01 00 00 00 00 01 01 00 00 00 <<< t1 is not part of any c-set 5.394 + 5.395 +Running 5.396 +Types: 01 01 00 00 00 00 00 00 00 00 <<< xmsec1 has ssidref 1->type1 5.397 + ^^ <<< ref-count at position 1 incr 5.398 +Conflict 5.399 +Aggregate Set: 00 00 00 00 00 01 01 00 00 00 <<< domain 1 was allowed to 5.400 + <<< start since type 1 was not 5.401 + <<< in conflict with running 5.402 + <<< types 5.403 + 5.404 +Simple Type Enforcement policy: 5.405 +=============================== 5.406 +Max Types = 5. 5.407 +Max Ssidrefs = 5. 5.408 +Ssidrefs Off = 8. 5.409 + 5.410 +SSID To STE-Type matrix: 5.411 + 5.412 + ssidref 0: 01 01 01 01 01 <<< the ste policy does not maintain; we 5.413 + ssidref 1: 00 01 00 00 00 <-- <<< see that domain xmsec1 has ste 5.414 + ssidref 2: 00 00 01 00 00 <<< ssidref1->type1 and has this type in 5.415 + ssidref 3: 00 00 00 01 00 <<< common with dom0 5.416 + ssidref 4: 00 00 00 00 01 5.417 + 5.418 + 5.419 +Policy dump End. 5.420 + 5.421 +Look at sHype output in xen dmesg: 5.422 + 5.423 +[root@laptop xen]# xm dmesg 5.424 +. 5.425 +. 5.426 +[somewhere near the very end] 5.427 +(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1. 5.428 +(XEN) ste_init_domain_ssid. 5.429 +(XEN) ste_init_domain_ssid: determined ste_ssidref to 1. 5.430 +(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01. 5.431 +(XEN) chwall_post_domain_create. 5.432 +(XEN) ste_pre_eventchannel_interdomain. 5.433 +(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01. 5.434 +(XEN) shype_authorize_domops. 5.435 +(XEN) ste_pre_eventchannel_interdomain. 5.436 +(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01. 5.437 +(XEN) ste_pre_eventchannel_interdomain. 5.438 +(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01. 5.439 + 5.440 + 5.441 +You can see that the chinese wall policy does not complain and that the ste 5.442 +policy makes three access control decisions for three event-channels setup 5.443 +between domain 0 and the new domain 1. Each time, the two domains share the 5.444 +type1 and setting up the eventchannel is permitted. 5.445 + 5.446 + 5.447 +Starting up a second domain xmsec2: 5.448 + 5.449 +[root@laptop xen]# xm create -c xmsec2 5.450 +Using config file "xmsec2". 5.451 +Started domain xmsec2, console on port 9602 5.452 +************ REMOTE CONSOLE: CTRL-] TO QUIT ******** 5.453 +Linux version 2.6.11-xenU (root@laptop.home.org) (gcc version 3.4.2 20041017 5.454 +(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005 5.455 +. 5.456 +. 5.457 +. 5.458 +[root@laptop policy]# xm list 5.459 +Name Id Mem(MB) CPU State Time(s) Console SSID-REF 5.460 +Domain-0 0 620 0 r---- 71.7 s:00/p:00 5.461 +xmsec1 1 9 0 -b--- 0.3 9601 s:01/p:01 5.462 +xmsec2 2 7 0 -b--- 0.3 9602 s:02/p:02 << our domain runs both policies with ssidref 2 5.463 + 5.464 + 5.465 +[root@laptop policy]# ./policy_tool getpolicy 5.466 + 5.467 +Policy dump: 5.468 +============ 5.469 +Magic = 1debc. 5.470 +PolVer = aaaa0000. 5.471 +Len = 112. 5.472 +Primary = CHINESE WALL policy (c=1, off=14). 5.473 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8). 5.474 + 5.475 + 5.476 +Chinese Wall policy: 5.477 +==================== 5.478 +Max Types = a. 5.479 +Max Ssidrefs = 5. 5.480 +Max ConfSets = 2. 5.481 +Ssidrefs Off = 10. 5.482 +Conflicts Off = 74. 5.483 +Runing T. Off = 9c. 5.484 +C. Agg. Off = b0. 5.485 + 5.486 +SSID To CHWALL-Type matrix: 5.487 + 5.488 + ssidref 0: 01 00 00 00 00 00 00 00 00 00 5.489 + ssidref 1: 00 01 00 00 00 00 00 00 00 00 5.490 + ssidref 2: 00 00 01 00 00 00 00 00 00 00 <<< our domain has type 2 set 5.491 + ssidref 3: 00 00 00 01 00 00 00 00 00 00 5.492 + ssidref 4: 00 00 00 00 01 00 00 00 00 00 5.493 + 5.494 +Confict Sets: 5.495 + 5.496 + c-set 0: 00 00 01 01 00 00 00 00 00 00 <<< t2 is in c-set0 with type 3 5.497 + c-set 1: 01 00 00 00 00 01 01 00 00 00 5.498 + 5.499 +Running 5.500 +Types: 01 01 01 00 00 00 00 00 00 00 <<< t2 is running since the 5.501 + ^^ <<< current aggregate conflict 5.502 + <<< set (see above) does not 5.503 + <<< include type 2 5.504 +Conflict 5.505 +Aggregate Set: 00 00 00 01 00 01 01 00 00 00 <<< type 3 is added to the 5.506 + <<< conflict aggregate 5.507 + 5.508 + 5.509 +Simple Type Enforcement policy: 5.510 +=============================== 5.511 +Max Types = 5. 5.512 +Max Ssidrefs = 5. 5.513 +Ssidrefs Off = 8. 5.514 + 5.515 +SSID To STE-Type matrix: 5.516 + 5.517 + ssidref 0: 01 01 01 01 01 5.518 + ssidref 1: 00 01 00 00 00 5.519 + ssidref 2: 00 00 01 00 00 5.520 + ssidref 3: 00 00 00 01 00 5.521 + ssidref 4: 00 00 00 00 01 5.522 + 5.523 + 5.524 +Policy dump End. 5.525 + 5.526 + 5.527 +The sHype xen dmesg output looks similar to the one above when starting the 5.528 +first domain. 5.529 + 5.530 +Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 5.531 +conflicts with running type2 (from xmsec2). As expected, creating this domain 5.532 +fails for security policy enforcement reasons. 5.533 + 5.534 +[root@laptop xen]# xm create -c xmsec3 5.535 +Using config file "xmsec3". 5.536 +Error: Error creating domain: (22, 'Invalid argument') 5.537 +[root@laptop xen]# 5.538 + 5.539 +[root@laptop xen]# xm dmesg 5.540 +. 5.541 +. 5.542 +[somewhere near the very end] 5.543 +(XEN) chwall_pre_domain_create. 5.544 +(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03. 5.545 + 5.546 +xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 5.547 +set. This domain cannot start until domain xmsec2 is destroyed, at which time 5.548 +the aggregate conflict set is reduced and type3 is excluded from it. Then, 5.549 +xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it. 5.550 + 5.551 +3. Policy tool 5.552 +************** 5.553 +toos/policy/policy_tool.c 5.554 + 5.555 +a) ./policy_tool getpolicy 5.556 + prints the currently enforced policy 5.557 + (see for example section 1.) 5.558 + 5.559 +b) ./policy_tool setpolicy 5.560 + sets a predefined and hardcoded security 5.561 + policy (the one described in section 2.) 5.562 + 5.563 +c) ./policy_tool dumpstats 5.564 + prints some status information about the caching 5.565 + of access control decisions (number of cache hits 5.566 + and number of policy evaluations for grant_table 5.567 + and event channels). 5.568 + 5.569 +d) ./policy_tool loadpolicy <binary_policy_file> 5.570 + sets the policy defined in the <binary_policy_file> 5.571 + please use the policy_processor that is posted to this 5.572 + mailing list to create such a binary policy from an XML 5.573 + policy description 5.574 + 5.575 +4. Policy interface: 5.576 +******************** 5.577 +The Policy interface is working in "network-byte-order" (big endian). The reason for this 5.578 +is that policy files/management should be portable and independent of the platforms. 5.579 + 5.580 +Our policy interface enables managers to create a single binary policy file in a trusted 5.581 +environment and distributed it to multiple systems for enforcement. 5.582 + 5.583 +====================end-of file======================================= 5.584 \ No newline at end of file
6.1 --- a/linux-2.6.11-xen-sparse/drivers/xen/netfront/netfront.c Sat Jun 18 00:49:11 2005 +0000 6.2 +++ b/linux-2.6.11-xen-sparse/drivers/xen/netfront/netfront.c Tue Jun 21 07:02:30 2005 +0000 6.3 @@ -623,7 +623,7 @@ static int netif_poll(struct net_device 6.4 /* Only copy the packet if it fits in the current MTU. */ 6.5 if (skb->len <= (dev->mtu + ETH_HLEN)) { 6.6 if ((skb->tail > skb->end) && net_ratelimit()) 6.7 - printk(KERN_INFO "Received packet needs %d bytes more " 6.8 + printk(KERN_INFO "Received packet needs %zd bytes more " 6.9 "headroom.\n", skb->tail - skb->end); 6.10 6.11 if ((nskb = alloc_xen_skb(skb->len + 2)) != NULL) { 6.12 @@ -967,9 +967,9 @@ static int create_netdev(int handle, str 6.13 6.14 /* Initialise {tx,rx}_skbs to be a free chain containing every entry. */ 6.15 for (i = 0; i <= NETIF_TX_RING_SIZE; i++) 6.16 - np->tx_skbs[i] = (void *)(i+1); 6.17 + np->tx_skbs[i] = (void *)((unsigned long) i+1); 6.18 for (i = 0; i <= NETIF_RX_RING_SIZE; i++) 6.19 - np->rx_skbs[i] = (void *)(i+1); 6.20 + np->rx_skbs[i] = (void *)((unsigned long) i+1); 6.21 6.22 dev->open = network_open; 6.23 dev->hard_start_xmit = network_start_xmit; 6.24 @@ -1343,7 +1343,7 @@ static int xennet_proc_read( 6.25 { 6.26 struct net_device *dev = (struct net_device *)((unsigned long)data & ~3UL); 6.27 struct net_private *np = netdev_priv(dev); 6.28 - int len = 0, which_target = (int)data & 3; 6.29 + int len = 0, which_target = (unsigned long) data & 3; 6.30 6.31 switch (which_target) 6.32 { 6.33 @@ -1368,7 +1368,7 @@ static int xennet_proc_write( 6.34 { 6.35 struct net_device *dev = (struct net_device *)((unsigned long)data & ~3UL); 6.36 struct net_private *np = netdev_priv(dev); 6.37 - int which_target = (int)data & 3; 6.38 + int which_target = (unsigned long) data & 3; 6.39 char string[64]; 6.40 long target; 6.41
7.1 --- a/tools/Makefile Sat Jun 18 00:49:11 2005 +0000 7.2 +++ b/tools/Makefile Tue Jun 21 07:02:30 2005 +0000 7.3 @@ -12,6 +12,7 @@ SUBDIRS += xcs 7.4 SUBDIRS += xcutils 7.5 SUBDIRS += pygrub 7.6 SUBDIRS += firmware 7.7 +SUBDIRS += policy 7.8 7.9 .PHONY: all install clean check check_clean ioemu eioemuinstall ioemuclean 7.10
8.1 --- a/tools/libxc/xc.h Sat Jun 18 00:49:11 2005 +0000 8.2 +++ b/tools/libxc/xc.h Tue Jun 21 07:02:30 2005 +0000 8.3 @@ -110,6 +110,7 @@ int xc_waitdomain_core(int domain, 8.4 8.5 typedef struct { 8.6 u32 domid; 8.7 + u32 ssidref; 8.8 unsigned int dying:1, crashed:1, shutdown:1, 8.9 paused:1, blocked:1, running:1; 8.10 unsigned int shutdown_reason; /* only meaningful if shutdown==1 */ 8.11 @@ -124,6 +125,7 @@ typedef struct { 8.12 8.13 typedef dom0_getdomaininfo_t xc_domaininfo_t; 8.14 int xc_domain_create(int xc_handle, 8.15 + u32 ssidref, 8.16 u32 *pdomid); 8.17 8.18
9.1 --- a/tools/libxc/xc_domain.c Sat Jun 18 00:49:11 2005 +0000 9.2 +++ b/tools/libxc/xc_domain.c Tue Jun 21 07:02:30 2005 +0000 9.3 @@ -9,6 +9,7 @@ 9.4 #include "xc_private.h" 9.5 9.6 int xc_domain_create(int xc_handle, 9.7 + u32 ssidref, 9.8 u32 *pdomid) 9.9 { 9.10 int err; 9.11 @@ -16,6 +17,7 @@ int xc_domain_create(int xc_handle, 9.12 9.13 op.cmd = DOM0_CREATEDOMAIN; 9.14 op.u.createdomain.domain = (domid_t)*pdomid; 9.15 + op.u.createdomain.ssidref = ssidref; 9.16 if ( (err = do_dom0_op(xc_handle, &op)) != 0 ) 9.17 return err; 9.18 9.19 @@ -101,6 +103,7 @@ int xc_domain_getinfo(int xc_handle, 9.20 info->crashed = 1; 9.21 } 9.22 9.23 + info->ssidref = op.u.getdomaininfo.ssidref; 9.24 info->nr_pages = op.u.getdomaininfo.tot_pages; 9.25 info->max_memkb = op.u.getdomaininfo.max_pages<<(PAGE_SHIFT); 9.26 info->shared_info_frame = op.u.getdomaininfo.shared_info_frame;
10.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 10.2 +++ b/tools/misc/policyprocessor/SecurityLabel.java Tue Jun 21 07:02:30 2005 +0000 10.3 @@ -0,0 +1,34 @@ 10.4 +/** 10.5 + * (C) Copyright IBM Corp. 2005 10.6 + * 10.7 + * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $ 10.8 + * 10.9 + * Author: Ray Valdez 10.10 + * 10.11 + * This program is free software; you can redistribute it and/or 10.12 + * modify it under the terms of the GNU General Public License as 10.13 + * published by the Free Software Foundation, version 2 of the 10.14 + * License. 10.15 + * 10.16 + * SecurityLabel Class. 10.17 + * 10.18 + * <p> 10.19 + * 10.20 + * Keeps track of types. 10.21 + * 10.22 + * <p> 10.23 + * 10.24 + * 10.25 + */ 10.26 +import java.util.*; 10.27 +public class SecurityLabel 10.28 +{ 10.29 + Vector ids; 10.30 + Vector vlans; 10.31 + Vector slots; 10.32 + Vector steTypes; 10.33 + int steSsidPosition; 10.34 + Vector chwIDs; 10.35 + Vector chwTypes; 10.36 + int chwSsidPosition; 10.37 +}
11.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 11.2 +++ b/tools/misc/policyprocessor/SecurityPolicySpec.xsd Tue Jun 21 07:02:30 2005 +0000 11.3 @@ -0,0 +1,115 @@ 11.4 +<?xml version="1.0" encoding="UTF-8"?> 11.5 +<!-- Author: Ray Valdez, rvaldez@us.ibm.com --> 11.6 +<!-- xml schema definition for xen xml policies --> 11.7 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" 11.8 +targetNamespace="http://www.ibm.com" 11.9 +xmlns="http://www.ibm.com" 11.10 +elementFormDefault="qualified"> 11.11 + 11.12 +<xsd:element name="TE" type="xsd:string" /> 11.13 +<xsd:element name="ChWall" type="xsd:string" /> 11.14 + 11.15 +<xsd:element name="Definition"> 11.16 + <xsd:complexType> 11.17 + <xsd:sequence> 11.18 + 11.19 + <!-- simple type enforcement --> 11.20 + <xsd:element name="Types" minOccurs ="0" maxOccurs="1"> 11.21 + <xsd:complexType> 11.22 + <xsd:sequence> 11.23 + <xsd:element ref="TE" minOccurs ="1" maxOccurs ="unbounded"/> 11.24 + </xsd:sequence> 11.25 + </xsd:complexType> 11.26 + </xsd:element> 11.27 + 11.28 + <!-- chinese wall --> 11.29 + <!-- type definition --> 11.30 + <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1"> 11.31 + <xsd:complexType> 11.32 + <xsd:sequence> 11.33 + <xsd:element ref="ChWall" minOccurs ="1" maxOccurs ="unbounded"/> 11.34 + 11.35 + </xsd:sequence> 11.36 + </xsd:complexType> 11.37 + </xsd:element> 11.38 + 11.39 + <!-- conflict set --> 11.40 + <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded"> 11.41 + <xsd:complexType> 11.42 + <xsd:sequence> 11.43 + <xsd:element ref="ChWall" minOccurs ="2" maxOccurs ="unbounded"/> 11.44 + </xsd:sequence> 11.45 + </xsd:complexType> 11.46 + </xsd:element> 11.47 + 11.48 + </xsd:sequence> 11.49 + </xsd:complexType> 11.50 +</xsd:element> 11.51 + 11.52 +<xsd:element name="Policy"> 11.53 + <xsd:complexType> 11.54 + <xsd:sequence> 11.55 + 11.56 + <xsd:element name="PolicyHeader"> 11.57 + <xsd:complexType> 11.58 + <xsd:all> 11.59 + <xsd:element name = "Name" type="xsd:string"/> 11.60 + <xsd:element name = "DateTime" type="xsd:dateTime"/> 11.61 + <xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" type="xsd:string"/> 11.62 + <xsd:element name = "TypeDefinition"> 11.63 + <xsd:complexType> 11.64 + <xsd:all> 11.65 + <xsd:element name = "url" type="xsd:string"/> 11.66 + <xsd:element name = "hash" minOccurs ="0" maxOccurs ="1" type="xsd:string"/> 11.67 + </xsd:all> 11.68 + </xsd:complexType> 11.69 + </xsd:element> 11.70 + 11.71 + </xsd:all> 11.72 + </xsd:complexType> 11.73 + </xsd:element> 11.74 + 11.75 + <xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded"> 11.76 + <xsd:complexType> 11.77 + <xsd:sequence> 11.78 + <xsd:element name="id" type="xsd:integer"/> 11.79 + <xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" /> 11.80 + <xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/> 11.81 + </xsd:sequence> 11.82 + </xsd:complexType> 11.83 + </xsd:element> 11.84 + 11.85 + <xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded"> 11.86 + <xsd:complexType> 11.87 + <xsd:sequence> 11.88 + <xsd:element name="vid" type="xsd:integer"/> 11.89 + <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" /> 11.90 + </xsd:sequence> 11.91 + </xsd:complexType> 11.92 + </xsd:element> 11.93 + 11.94 + <xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded"> 11.95 + <xsd:complexType> 11.96 + <xsd:sequence> 11.97 + <xsd:element name="bus" type="xsd:integer"/> 11.98 + <xsd:element name="slot" type="xsd:integer"/> 11.99 + <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" /> 11.100 + </xsd:sequence> 11.101 + </xsd:complexType> 11.102 + </xsd:element> 11.103 + 11.104 + 11.105 + </xsd:sequence> 11.106 + </xsd:complexType> 11.107 +</xsd:element> 11.108 + 11.109 +<!-- root element --> 11.110 +<xsd:element name="SecurityPolicySpec"> 11.111 + <xsd:complexType> 11.112 + <xsd:choice> 11.113 + <xsd:element ref="Definition" minOccurs ="1" maxOccurs="unbounded"/> 11.114 + <xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/> 11.115 + </xsd:choice> 11.116 + </xsd:complexType> 11.117 +</xsd:element> 11.118 +</xsd:schema>
12.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 12.2 +++ b/tools/misc/policyprocessor/SsidsEntry.java Tue Jun 21 07:02:30 2005 +0000 12.3 @@ -0,0 +1,29 @@ 12.4 +/** 12.5 + * (C) Copyright IBM Corp. 2005 12.6 + * 12.7 + * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $ 12.8 + * 12.9 + * Author: Ray Valdez 12.10 + * 12.11 + * This program is free software; you can redistribute it and/or 12.12 + * modify it under the terms of the GNU General Public License as 12.13 + * published by the Free Software Foundation, version 2 of the 12.14 + * License. 12.15 + * 12.16 + * SsidsEntry Class. 12.17 + * <p> 12.18 + * 12.19 + * Holds ssid information. 12.20 + * 12.21 + * <p> 12.22 + * 12.23 + * 12.24 + */ 12.25 +public class SsidsEntry 12.26 + { 12.27 + int id; /* used for partition and vlan */ 12.28 + int bus; /* used for slots */ 12.29 + int slot; 12.30 + int ste = 0xffffffff; 12.31 + int chw = 0xffffffff; 12.32 + }
13.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 13.2 +++ b/tools/misc/policyprocessor/XmlToBin.java Tue Jun 21 07:02:30 2005 +0000 13.3 @@ -0,0 +1,1588 @@ 13.4 +/** 13.5 + * (C) Copyright IBM Corp. 2005 13.6 + * 13.7 + * $Id: XmlToBin.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $ 13.8 + * 13.9 + * Author: Ray Valdez 13.10 + * 13.11 + * This program is free software; you can redistribute it and/or 13.12 + * modify it under the terms of the GNU General Public License as 13.13 + * published by the Free Software Foundation, version 2 of the 13.14 + * License. 13.15 + * 13.16 + * XmlToBin Class. 13.17 + * <p> 13.18 + * 13.19 + * Translates a xml representation of a SHYPE policy into a binary 13.20 + * format. The class processes an xml policy file based on elment tags 13.21 + * defined in a schema definition files: SecurityPolicySpec.xsd. 13.22 + * 13.23 + * XmlToBin Command line Options: 13.24 + * 13.25 + * -i inputFile: name of policyfile (.xml) 13.26 + * -o outputFile: name of binary policy file (Big Endian) 13.27 + * -xssid SsidFile: xen ssids to types text file 13.28 + * -xssidconf SsidConf: xen conflict ssids to types text file 13.29 + * -debug turn on debug messages 13.30 + * -help help. This printout 13.31 + * 13.32 + * <p> 13.33 + * 13.34 + * 13.35 + */ 13.36 +import java.util.*; 13.37 +import java.io.*; 13.38 +import java.io.IOException; 13.39 +import java.io.FileNotFoundException; 13.40 +import org.w3c.dom.Document; 13.41 +import org.w3c.dom.Element; 13.42 +import org.w3c.dom.Node; 13.43 +import org.w3c.dom.Attr; 13.44 +import org.w3c.dom.NodeList; 13.45 +import org.w3c.dom.NamedNodeMap; 13.46 +import org.xml.sax.*; 13.47 +import javax.xml.parsers.*; 13.48 +import org.xml.sax.helpers.*; 13.49 + 13.50 +public class XmlToBin 13.51 + implements XmlToBinInterface 13.52 +{ 13.53 + class SlotInfo { 13.54 + String bus; 13.55 + String slot; 13.56 + } 13.57 + 13.58 + boolean LittleEndian = false; 13.59 + boolean debug = false; 13.60 + 13.61 + static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 13.62 + 13.63 + static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema"; 13.64 + 13.65 + public static void printUsage() 13.66 + { 13.67 + System.out.println("XmlToBin Command line Options: "); 13.68 + System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)"); 13.69 + System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big Endian)"); 13.70 + System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text file"); 13.71 + System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named types text file"); 13.72 + System.out.println("\t-debug\t\t\t\tturn on debug messages"); 13.73 + System.out.println("\t-help\t\t\t\thelp. This printout"); 13.74 + return; 13.75 + } 13.76 + 13.77 + public void printDebug(String message) 13.78 + { 13.79 + if (debug) 13.80 + System.out.println(message); 13.81 + } 13.82 + 13.83 + public void writeBinPolicy(byte[] binPolicy, String outputFileName) 13.84 + throws Exception 13.85 + { 13.86 + if (debug) 13.87 + printHex(binPolicy,binPolicy.length); 13.88 + 13.89 + DataOutputStream writeObj = new DataOutputStream( 13.90 + new FileOutputStream(outputFileName)); 13.91 + 13.92 + writeObj.write(binPolicy); 13.93 + writeObj.flush(); 13.94 + writeObj.close(); 13.95 + System.out.println(" wBP:: wrote outputfile: " + outputFileName); 13.96 + 13.97 + return; 13.98 + } 13.99 + 13.100 + public void writeXenTypeVectorFile(Vector list, String outputFileName) 13.101 + throws Exception 13.102 + { 13.103 + PrintWriter out; 13.104 + 13.105 + if (0 == list.size()) 13.106 + { 13.107 + printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 13.108 + return; 13.109 + } 13.110 + out = new PrintWriter( 13.111 + new BufferedWriter( 13.112 + new FileWriter(outputFileName))); 13.113 + 13.114 + 13.115 + for (int i = 0; i < list.size(); i++) 13.116 + { 13.117 + Vector ee = (Vector) list.elementAt(i); 13.118 + out.println(i + " " +ee.toString()); 13.119 + } 13.120 + out.close(); 13.121 + 13.122 + return; 13.123 + } 13.124 + 13.125 + public void writeXenTypeFile(Vector list, String outputFileName, boolean slabel) 13.126 + throws Exception 13.127 + { 13.128 + Vector entry; 13.129 + String strTypes = ""; 13.130 + SecurityLabel ee; 13.131 + PrintWriter out; 13.132 + 13.133 + if (0 == list.size()) 13.134 + { 13.135 + printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 13.136 + return; 13.137 + } 13.138 + out = new PrintWriter( 13.139 + new BufferedWriter( 13.140 + new FileWriter(outputFileName))); 13.141 + 13.142 + for (int i = 0; i < list.size(); i++) 13.143 + { 13.144 + ee = (SecurityLabel) list.elementAt(i); 13.145 + 13.146 + if (slabel) 13.147 + { 13.148 + entry = ee.steTypes; 13.149 + } else { 13.150 + 13.151 + entry = ee.chwTypes; 13.152 + } 13.153 + if (null == entry) continue; 13.154 + 13.155 + Enumeration e = entry.elements(); 13.156 + while (e.hasMoreElements()) 13.157 + { 13.158 + String typeName = (String) e.nextElement(); 13.159 + strTypes = strTypes + " " + typeName; 13.160 + } 13.161 + printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 13.162 + out.println(i +" "+strTypes); 13.163 + strTypes = ""; 13.164 + } 13.165 + out.close(); 13.166 + 13.167 + return; 13.168 + } 13.169 + 13.170 + public void setDebug(boolean value) 13.171 + { 13.172 + debug=value; 13.173 + } 13.174 + 13.175 + public void setEndian(boolean value) 13.176 + { 13.177 + LittleEndian = value; 13.178 + } 13.179 + 13.180 + public byte[] generateVlanSsids(Vector bagOfSsids) 13.181 + throws Exception 13.182 + { 13.183 + /** 13.184 + typedef struct { 13.185 + u16 vlan; 13.186 + u16 ssid_ste; 13.187 + } acm_vlan_entry_t; 13.188 + **/ 13.189 + 13.190 + Hashtable vlanSsid = new Hashtable(); 13.191 + printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size()); 13.192 + 13.193 + /* Get the number of partitions */ 13.194 + for (int i = 0; i < bagOfSsids.size(); i++) 13.195 + { 13.196 + SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i); 13.197 + 13.198 + if (null == entry.vlans) 13.199 + continue; 13.200 + 13.201 + Enumeration e = entry.vlans.elements(); 13.202 + while (e.hasMoreElements()) 13.203 + { 13.204 + String id = (String) e.nextElement(); 13.205 + printDebug(" gVS:: vlan: " + id + "has ste ssid: " + entry.steSsidPosition); 13.206 + if (-1 == entry.steSsidPosition) 13.207 + continue; 13.208 + 13.209 + /* Only use ste for vlan */ 13.210 + SsidsEntry ssidsObj = new SsidsEntry(); 13.211 + 13.212 + ssidsObj.id = Integer.parseInt(id); 13.213 + ssidsObj.ste = entry.steSsidPosition; 13.214 + 13.215 + if (vlanSsid.contains(id)) 13.216 + printDebug(" gVS:: Error already in the Hash part:" + ssidsObj.id); 13.217 + else 13.218 + vlanSsid.put(id, ssidsObj); 13.219 + printDebug(" gVS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition); 13.220 + } 13.221 + } 13.222 + 13.223 + /* allocate array */ 13.224 + int numOfVlan = vlanSsid.size(); 13.225 + int totalSize = (numOfVlan * vlanEntrySz); 13.226 + 13.227 + if (0 == numOfVlan) 13.228 + { 13.229 + printDebug(" gVS:: vlan: binary ==> zero"); 13.230 + return new byte[0]; 13.231 + } 13.232 + 13.233 + byte[] vlanArray = new byte[totalSize]; 13.234 + 13.235 + int index = 0; 13.236 + 13.237 + Enumeration e = vlanSsid.elements(); 13.238 + while (e.hasMoreElements()) 13.239 + { 13.240 + SsidsEntry entry = (SsidsEntry) e.nextElement(); 13.241 + printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste); 13.242 + 13.243 + /* Write id */ 13.244 + writeShortToStream(vlanArray,(short)entry.id,index); 13.245 + index = index + u16Size; 13.246 + 13.247 + /* write ste ssid */ 13.248 + writeShortToStream(vlanArray,(short) entry.ste,index); 13.249 + index = index + u16Size; 13.250 + } 13.251 + 13.252 + printDebug(" gVS:: vlan: num of vlans " + numOfVlan); 13.253 + printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length); 13.254 + 13.255 + if (debug) 13.256 + printHex(vlanArray,vlanArray.length); 13.257 + printDebug("\n"); 13.258 + 13.259 + return vlanArray; 13.260 + } 13.261 + 13.262 + public byte[] generateSlotSsids(Vector bagOfSsids) 13.263 + throws Exception 13.264 + { 13.265 + /** 13.266 + typedef struct { 13.267 + u16 slot_max; 13.268 + u16 slot_offset; 13.269 + } acm_slot_buffer_t; 13.270 + 13.271 + typedef struct { 13.272 + u16 bus; 13.273 + u16 slot; 13.274 + u16 ssid_ste; 13.275 + } acm_slot_entry_t; 13.276 + **/ 13.277 + Hashtable slotSsid = new Hashtable(); 13.278 + printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size()); 13.279 + 13.280 + /* Find the number of VMs */ 13.281 + for (int i = 0; i < bagOfSsids.size(); i++) 13.282 + { 13.283 + SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i); 13.284 + 13.285 + if (null == entry.slots) 13.286 + continue; 13.287 + 13.288 + Enumeration e = entry.slots.elements(); 13.289 + while (e.hasMoreElements()) 13.290 + { 13.291 + SlotInfo item = (SlotInfo) e.nextElement(); 13.292 + printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " + entry.steSsidPosition); 13.293 + if (-1 == entry.steSsidPosition) 13.294 + continue; 13.295 + 13.296 + SsidsEntry ssidsObj = new SsidsEntry(); 13.297 + 13.298 + String id = item.bus +" "+item.slot; 13.299 + ssidsObj.bus = Integer.parseInt(item.bus); 13.300 + ssidsObj.slot = Integer.parseInt(item.slot); 13.301 + /* set ste ssid */ 13.302 + ssidsObj.ste = entry.steSsidPosition; 13.303 + 13.304 + if (slotSsid.contains(id)) 13.305 + printDebug(" gSS:: Error already in the Hash part:" + id); 13.306 + else 13.307 + slotSsid.put(id, ssidsObj); 13.308 + 13.309 + printDebug(" gSS:: added slot: " + id + "has ste ssid: " + entry.steSsidPosition); 13.310 + } 13.311 + } 13.312 + 13.313 + /* allocate array */ 13.314 + int numOfSlot = slotSsid.size(); 13.315 + 13.316 + if (0 == numOfSlot) 13.317 + { 13.318 + printDebug(" gVS:: slot: binary ==> zero"); 13.319 + return new byte[0]; 13.320 + } 13.321 + 13.322 + int totalSize = (numOfSlot * slotEntrySz); 13.323 + 13.324 + byte[] slotArray = new byte[totalSize]; 13.325 + 13.326 + int index = 0; 13.327 + 13.328 + Enumeration e = slotSsid.elements(); 13.329 + while (e.hasMoreElements()) 13.330 + { 13.331 + SsidsEntry entry = (SsidsEntry) e.nextElement(); 13.332 + System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + " ste ssid: " + entry.ste); 13.333 + 13.334 + /* Write bus */ 13.335 + writeShortToStream(slotArray,(short)entry.bus,index); 13.336 + index = index + u16Size; 13.337 + 13.338 + /* Write slot */ 13.339 + writeShortToStream(slotArray,(short)entry.slot,index); 13.340 + index = index + u16Size; 13.341 + 13.342 + /* Write ste ssid */ 13.343 + writeShortToStream(slotArray,(short) entry.ste,index); 13.344 + index = index + u16Size; 13.345 + 13.346 + } 13.347 + 13.348 + printDebug(" gSS:: slot: num of vlans " + numOfSlot); 13.349 + printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length); 13.350 + 13.351 + if (debug) 13.352 + printHex(slotArray,slotArray.length); 13.353 + printDebug("\n"); 13.354 + 13.355 + return slotArray; 13.356 + 13.357 + } 13.358 + 13.359 + public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids) 13.360 + throws Exception 13.361 + { 13.362 + /** 13.363 + typedef struct { 13.364 + u16 id; 13.365 + u16 ssid_ste; 13.366 + u16 ssid_chwall; 13.367 + } acm_partition_entry_t; 13.368 + 13.369 + **/ 13.370 + Hashtable partSsid = new Hashtable(); 13.371 + printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size()); 13.372 + 13.373 + /* Find the number of VMs */ 13.374 + for (int i = 0; i < bagOfSsids.size(); i++) 13.375 + { 13.376 + SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i); 13.377 + 13.378 + if (null == entry.ids) 13.379 + continue; 13.380 + 13.381 + Enumeration e = entry.ids.elements(); 13.382 + while (e.hasMoreElements()) 13.383 + { 13.384 + String id = (String) e.nextElement(); 13.385 + printDebug(" gPS:: part: " + id + "has ste ssid: " + entry.steSsidPosition); 13.386 + if (-1 == entry.steSsidPosition) 13.387 + continue; 13.388 + 13.389 + SsidsEntry ssidsObj = new SsidsEntry(); 13.390 + 13.391 + ssidsObj.id = Integer.parseInt(id); 13.392 + ssidsObj.ste = entry.steSsidPosition; 13.393 + 13.394 + if (partSsid.contains(id)) 13.395 + printDebug(" gPS:: Error already in the Hash part:" + ssidsObj.id); 13.396 + else 13.397 + partSsid.put(id, ssidsObj); 13.398 + printDebug(" gPS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition); 13.399 + } 13.400 + 13.401 + } 13.402 + 13.403 + for (int i = 0; i < bagOfChwSsids.size(); i++) 13.404 + { 13.405 + SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i); 13.406 + 13.407 + Enumeration e = entry.chwIDs.elements(); 13.408 + while (e.hasMoreElements()) 13.409 + { 13.410 + String id = (String) e.nextElement(); 13.411 + printDebug(" gPS:: part: " + id + "has chw ssid: " + entry.chwSsidPosition); 13.412 + if (partSsid.containsKey(id)) 13.413 + { 13.414 + SsidsEntry item = (SsidsEntry) partSsid.get(id); 13.415 + item.chw = entry.chwSsidPosition; 13.416 + printDebug(" gPS:: added :" + item.id +" chw: " + item.chw); 13.417 + } 13.418 + else 13.419 + { 13.420 + printDebug(" gPS:: creating :" + id +" chw: " + entry.chwSsidPosition); 13.421 + SsidsEntry ssidsObj = new SsidsEntry(); 13.422 + ssidsObj.id = Integer.parseInt(id); 13.423 + ssidsObj.chw = entry.chwSsidPosition; 13.424 + partSsid.put(id, ssidsObj); 13.425 + 13.426 + } 13.427 + } 13.428 + } 13.429 + 13.430 + /* Allocate array */ 13.431 + int numOfPar = partSsid.size(); 13.432 + int totalSize = (numOfPar * partitionEntrySz); 13.433 + 13.434 + if (0 == numOfPar) 13.435 + { 13.436 + printDebug(" gPS:: part: binary ==> zero"); 13.437 + return new byte[0]; 13.438 + } 13.439 + 13.440 + byte[] partArray = new byte[totalSize]; 13.441 + 13.442 + int index = 0; 13.443 + 13.444 + Enumeration e = partSsid.elements(); 13.445 + while (e.hasMoreElements()) 13.446 + { 13.447 + SsidsEntry entry = (SsidsEntry) e.nextElement(); 13.448 + printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " chw ssid: "+ entry.chw); 13.449 + 13.450 + /* Write id */ 13.451 + writeShortToStream(partArray,(short)entry.id,index); 13.452 + index = index + u16Size; 13.453 + 13.454 + /* Write ste ssid */ 13.455 + writeShortToStream(partArray,(short) entry.ste,index); 13.456 + index = index + u16Size; 13.457 + 13.458 + /* Write chw ssid */ 13.459 + writeShortToStream(partArray,(short) entry.chw,index); 13.460 + index = index + u16Size; 13.461 + } 13.462 + 13.463 + printDebug(" gPS:: part: num of partitions " + numOfPar); 13.464 + printDebug(" gPS:: part: binary ==> Length " + partArray.length); 13.465 + 13.466 + if (debug) 13.467 + printHex(partArray,partArray.length); 13.468 + printDebug("\n"); 13.469 + 13.470 + return partArray; 13.471 + } 13.472 + 13.473 + public byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte [] partMap, byte[] vlanMap, byte[] slotMap) 13.474 + { 13.475 + byte[] binBuffer; 13.476 + short chwSize =0; 13.477 + short steSize =0; 13.478 + int index = 0; 13.479 + 13.480 + /* Builds data structure acm_policy_buffer_t */ 13.481 + /* Get number of colorTypes */ 13.482 + if (null != chwPolicy) 13.483 + chwSize = (short) chwPolicy.length; 13.484 + 13.485 + if (null != stePolicy) 13.486 + steSize = (short) stePolicy.length; 13.487 + 13.488 + int totalDataSize = chwSize + steSize + resourceOffsetSz + 3 *(2 * u16Size); 13.489 + 13.490 + /* Add vlan and slot */ 13.491 + totalDataSize = totalDataSize +partMap.length + vlanMap.length + slotMap.length; 13.492 + binBuffer = new byte[binaryBufferHeaderSz +totalDataSize]; 13.493 + 13.494 + 13.495 + try { 13.496 + /* Write magic */ 13.497 + writeIntToStream(binBuffer,ACM_MAGIC,index); 13.498 + index = u32Size; 13.499 + 13.500 + /* Write policy version */ 13.501 + writeIntToStream(binBuffer,POLICY_INTERFACE_VERSION,index); 13.502 + index = index + u32Size; 13.503 + 13.504 + /* write len */ 13.505 + writeIntToStream(binBuffer,binBuffer.length,index); 13.506 + index = index + u32Size; 13.507 + 13.508 + } catch (IOException ee) { 13.509 + System.out.println(" GBPB:: got exception : " + ee); 13.510 + return null; 13.511 + } 13.512 + 13.513 + int offset, address; 13.514 + address = index; 13.515 + 13.516 + if (null != partMap) 13.517 + offset = binaryBufferHeaderSz + resourceOffsetSz; 13.518 + else 13.519 + offset = binaryBufferHeaderSz; 13.520 + 13.521 + try { 13.522 + 13.523 + if (null == chwPolicy || null == stePolicy) 13.524 + { 13.525 + writeShortToStream(binBuffer,ACM_NULL_POLICY,index); 13.526 + index = index + u16Size; 13.527 + 13.528 + writeShortToStream(binBuffer,(short) 0,index); 13.529 + index = index + u16Size; 13.530 + 13.531 + writeShortToStream(binBuffer,ACM_NULL_POLICY,index); 13.532 + index = index + u16Size; 13.533 + 13.534 + writeShortToStream(binBuffer,(short) 0,index); 13.535 + index = index + u16Size; 13.536 + 13.537 + } 13.538 + index = address; 13.539 + if (null != chwPolicy) 13.540 + { 13.541 + 13.542 + /* Write policy name */ 13.543 + writeShortToStream(binBuffer,ACM_CHINESE_WALL_POLICY,index); 13.544 + index = index + u16Size; 13.545 + 13.546 + /* Write offset */ 13.547 + writeShortToStream(binBuffer,(short) offset,index); 13.548 + index = index + u16Size; 13.549 + 13.550 + /* Write payload. No need increment index */ 13.551 + address = offset; 13.552 + System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length); 13.553 + address = address + chwPolicy.length; 13.554 + 13.555 + if (null != stePolicy) 13.556 + { 13.557 + /* Write policy name */ 13.558 + writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); 13.559 + index = index + u16Size; 13.560 + 13.561 + /* Write offset */ 13.562 + writeShortToStream(binBuffer,(short) address,index); 13.563 + index = index + u16Size; 13.564 + 13.565 + /* Copy array */ 13.566 + System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); 13.567 + /* Update address */ 13.568 + address = address + stePolicy.length; 13.569 + } else { 13.570 + /* Skip writing policy name and offset */ 13.571 + index = index + 2 * u16Size; 13.572 + 13.573 + } 13.574 + 13.575 + } else { 13.576 + 13.577 + if (null != stePolicy) 13.578 + { 13.579 + /* Write policy name */ 13.580 + writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); 13.581 + index = index + u16Size; 13.582 + 13.583 + /* Write offset */ 13.584 + address = offset; 13.585 + writeShortToStream(binBuffer, (short) offset,index); 13.586 + index = index + u16Size; 13.587 + 13.588 + /* Copy array */ 13.589 + System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); 13.590 + /* Update address */ 13.591 + address = address + stePolicy.length; 13.592 + 13.593 + /* Increment index, since there is no secondary */ 13.594 + index = index + secondaryPolicyCodeSz + secondaryBufferOffsetSz; 13.595 + 13.596 + } 13.597 + 13.598 + } 13.599 + int size; 13.600 + /* Assumes that you will always have a partition defined in policy */ 13.601 + if ( 0 < partMap.length) 13.602 + { 13.603 + writeShortToStream(binBuffer, (short) address,index); 13.604 + index = address; 13.605 + 13.606 + /* Compute num of VMs */ 13.607 + size = partMap.length / (3 * u16Size); 13.608 + 13.609 + writeShortToStream(binBuffer, (short)size,index); 13.610 + index = index + u16Size; 13.611 + 13.612 + /* part, vlan and slot: each one consists of two entries */ 13.613 + offset = 3 * (2 * u16Size); 13.614 + writeShortToStream(binBuffer, (short) offset,index); 13.615 + 13.616 + /* Write partition array at offset */ 13.617 + System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length); 13.618 + index = index + u16Size; 13.619 + offset = offset + partMap.length; 13.620 + } 13.621 + 13.622 + if ( 0 < vlanMap.length) 13.623 + { 13.624 + size = vlanMap.length / (2 * u16Size); 13.625 + writeShortToStream(binBuffer, (short) size,index); 13.626 + index = index + u16Size; 13.627 + 13.628 + writeShortToStream(binBuffer, (short) offset,index); 13.629 + index = index + u16Size; 13.630 + System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length); 13.631 + } else { 13.632 + /* Write vlan max */ 13.633 + writeShortToStream(binBuffer, (short) 0,index); 13.634 + index = index + u16Size; 13.635 + 13.636 + /* Write vlan offset */ 13.637 + writeShortToStream(binBuffer, (short) 0,index); 13.638 + index = index + u16Size; 13.639 + 13.640 + } 13.641 + 13.642 + offset = offset + vlanMap.length; 13.643 + if ( 0 < slotMap.length) 13.644 + { 13.645 + size = slotMap.length / (3 * u16Size); 13.646 + writeShortToStream(binBuffer, (short) size,index); 13.647 + index = index + u16Size; 13.648 + 13.649 + writeShortToStream(binBuffer, (short) offset,index); 13.650 + index = index + u16Size; 13.651 + System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length); 13.652 + } 13.653 + 13.654 + } catch (IOException ee) 13.655 + { 13.656 + System.out.println(" GBPB:: got exception : " + ee); 13.657 + return null; 13.658 + } 13.659 + 13.660 + printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); 13.661 + if (debug) 13.662 + printHex(binBuffer,binBuffer.length); 13.663 + 13.664 + return binBuffer; 13.665 + } 13.666 + 13.667 + public byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes) 13.668 + { 13.669 + byte[] chwBuffer; 13.670 + int index = 0; 13.671 + int position = 0; 13.672 + 13.673 + /* Get number of rTypes */ 13.674 + short maxTypes = (short) ColorTypes.size(); 13.675 + 13.676 + /* Get number of SSids entry */ 13.677 + short maxSsids = (short) Ssids.size(); 13.678 + 13.679 + /* Get number of conflict sets */ 13.680 + short maxConflict = (short) ConflictSsids.size(); 13.681 + 13.682 + 13.683 + if (maxTypes * maxSsids == 0) 13.684 + return null; 13.685 + /* 13.686 + data structure acm_chwall_policy_buffer_t; 13.687 + 13.688 + uint16 policy_code; 13.689 + uint16 chwall_max_types; 13.690 + uint16 chwall_max_ssidrefs; 13.691 + uint16 chwall_max_conflictsets; 13.692 + uint16 chwall_ssid_offset; 13.693 + uint16 chwall_conflict_sets_offset; 13.694 + uint16 chwall_running_types_offset; 13.695 + uint16 chwall_conflict_aggregate_offset; 13.696 + */ 13.697 + int totalBytes = chwHeaderSize + u16Size *(maxTypes * (maxSsids + maxConflict)); 13.698 + 13.699 + chwBuffer = new byte[ totalBytes ]; 13.700 + int address = chwHeaderSize + (u16Size * maxTypes * maxSsids ); 13.701 + 13.702 + printDebug(" gCB:: chwall totalbytes : "+totalBytes); 13.703 + 13.704 + try { 13.705 + index = 0; 13.706 + writeShortToStream(chwBuffer,ACM_CHINESE_WALL_POLICY,index); 13.707 + index = u16Size; 13.708 + 13.709 + writeShortToStream(chwBuffer,maxTypes,index); 13.710 + index = index + u16Size; 13.711 + 13.712 + writeShortToStream(chwBuffer,maxSsids,index); 13.713 + index = index + u16Size; 13.714 + 13.715 + writeShortToStream(chwBuffer,maxConflict,index); 13.716 + index = index + u16Size; 13.717 + 13.718 + /* Write chwall_ssid_offset */ 13.719 + writeShortToStream(chwBuffer,chwHeaderSize,index); 13.720 + index = index + u16Size; 13.721 + 13.722 + /* Write chwall_conflict_sets_offset */ 13.723 + writeShortToStream(chwBuffer,(short) address,index); 13.724 + index = index + u16Size; 13.725 + 13.726 + /* Write chwall_running_types_offset */ 13.727 + writeShortToStream(chwBuffer,(short) 0,index); 13.728 + index = index + u16Size; 13.729 + 13.730 + /* Write chwall_conflict_aggregate_offset */ 13.731 + writeShortToStream(chwBuffer,(short) 0,index); 13.732 + index = index + u16Size; 13.733 + 13.734 + } catch (IOException ee) { 13.735 + System.out.println(" gCB:: got exception : " + ee); 13.736 + return null; 13.737 + } 13.738 + int markPos = 0; 13.739 + 13.740 + /* Create the SSids entry */ 13.741 + for (int i = 0; i < maxSsids; i++) 13.742 + { 13.743 + 13.744 + SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i); 13.745 + /* Get chwall types */ 13.746 + ssidEntry.chwSsidPosition = i; 13.747 + Enumeration e = ssidEntry.chwTypes.elements(); 13.748 + while (e.hasMoreElements()) 13.749 + { 13.750 + String typeName = (String) e.nextElement(); 13.751 + printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName); 13.752 + position = ColorTypes.indexOf(typeName); 13.753 + 13.754 + if (position < 0) 13.755 + { 13.756 + System.out.println (" gCB:: Error type : " + typeName + " not found in ColorTypes"); 13.757 + return null; 13.758 + } 13.759 + printDebug(" GCB:: type : " + typeName + " found in ColorTypes at position: " + position); 13.760 + markPos = ((i * maxTypes + position) * u16Size) + index; 13.761 + 13.762 + try { 13.763 + writeShortToStream(chwBuffer,markSymbol,markPos); 13.764 + } catch (IOException ee) { 13.765 + System.out.println(" gCB:: got exception : "); 13.766 + return null; 13.767 + } 13.768 + } 13.769 + } 13.770 + 13.771 + if (debug) 13.772 + printHex(chwBuffer,chwBuffer.length); 13.773 + 13.774 + /* Add conflict set */ 13.775 + index = address; 13.776 + for (int i = 0; i < maxConflict; i++) 13.777 + { 13.778 + /* Get ste types */ 13.779 + Vector entry = (Vector) ConflictSsids.elementAt(i); 13.780 + Enumeration e = entry.elements(); 13.781 + while (e.hasMoreElements()) 13.782 + { 13.783 + String typeName = (String) e.nextElement(); 13.784 + printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName); 13.785 + position = ColorTypes.indexOf(typeName); 13.786 + 13.787 + if (position < 0) 13.788 + { 13.789 + System.out.println (" GCB:: Error type : " + typeName + " not found in ColorTypes"); 13.790 + return null; 13.791 + } 13.792 + printDebug(" GCB:: type : " + typeName + " found in ColorTypes at position: " + position); 13.793 + markPos = ((i * maxTypes + position) * u16Size) + index; 13.794 + 13.795 + try { 13.796 + writeShortToStream(chwBuffer,markSymbol,markPos); 13.797 + } catch (IOException ee) { 13.798 + System.out.println(" GCB:: got exception : "); 13.799 + return null; 13.800 + } 13.801 + } 13.802 + 13.803 + } 13.804 + printDebug(" gSB:: chw binary ==> Length " + chwBuffer.length); 13.805 + if (debug) 13.806 + printHex(chwBuffer,chwBuffer.length); 13.807 + printDebug("\n"); 13.808 + 13.809 + return chwBuffer; 13.810 + } 13.811 + 13.812 +/********************************************************************** 13.813 + Generate byte representation of policy using type information 13.814 + <p> 13.815 + @param Ssids Vector 13.816 + @param ColorTypes Vector 13.817 + <p> 13.818 + @return bytes represenation of simple type enforcement policy 13.819 +**********************************************************************/ 13.820 + public byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes) 13.821 + { 13.822 + byte[] steBuffer; 13.823 + int index = 0; 13.824 + int position = 0; 13.825 + 13.826 + /* Get number of colorTypes */ 13.827 + short numColorTypes = (short) ColorTypes.size(); 13.828 + 13.829 + /* Get number of SSids entry */ 13.830 + short numSsids = (short) Ssids.size(); 13.831 + 13.832 + if (numColorTypes * numSsids == 0) 13.833 + return null; 13.834 + 13.835 + /* data structure: acm_ste_policy_buffer_t 13.836 + * 13.837 + * policy code (uint16) > 13.838 + * max_types (uint16) > 13.839 + * max_ssidrefs (uint16) > steHeaderSize 13.840 + * ssid_offset (uint16) > 13.841 + * DATA (colorTypes(size) * Ssids(size) *unit16) 13.842 + * 13.843 + * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size) 13.844 + * 13.845 + */ 13.846 + steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2]; 13.847 + 13.848 + try { 13.849 + 13.850 + index = 0; 13.851 + writeShortToStream(steBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); 13.852 + index = u16Size; 13.853 + 13.854 + writeShortToStream(steBuffer,numColorTypes,index); 13.855 + index = index + u16Size; 13.856 + 13.857 + writeShortToStream(steBuffer,numSsids,index); 13.858 + index = index + u16Size; 13.859 + 13.860 + writeShortToStream(steBuffer,(short)steHeaderSize,index); 13.861 + index = index + u16Size; 13.862 + 13.863 + } catch (IOException ee) { 13.864 + System.out.println(" gSB:: got exception : " + ee); 13.865 + return null; 13.866 + } 13.867 + int markPos = 0; 13.868 + for (int i = 0; i < numSsids; i++) 13.869 + { 13.870 + 13.871 + SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i); 13.872 + ssidEntry.steSsidPosition = i; 13.873 + /* Get ste types */ 13.874 + Enumeration e = ssidEntry.steTypes.elements(); 13.875 + while (e.hasMoreElements()) 13.876 + { 13.877 + String typeName = (String) e.nextElement(); 13.878 + printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName); 13.879 + position = ColorTypes.indexOf(typeName); 13.880 + 13.881 + if (position < 0) 13.882 + { 13.883 + printDebug(" gSB:: Error type : " + typeName + " not found in ColorTypes"); 13.884 + return null; 13.885 + } 13.886 + printDebug(" gSB:: type : " + typeName + " found in ColorTypes at position: " + position); 13.887 + markPos = ((i * numColorTypes + position) * u16Size) + index; 13.888 + 13.889 + try { 13.890 + writeShortToStream(steBuffer,markSymbol,markPos); 13.891 + } catch (IOException ee) 13.892 + { 13.893 + System.out.println(" gSB:: got exception : "); 13.894 + return null; 13.895 + } 13.896 + } 13.897 + 13.898 + } 13.899 + 13.900 + printDebug(" gSB:: ste binary ==> Length " + steBuffer.length); 13.901 + if (debug) 13.902 + printHex(steBuffer,steBuffer.length); 13.903 + printDebug("\n"); 13.904 + 13.905 + return steBuffer; 13.906 + } 13.907 + 13.908 + public static void printHex(byte [] dataArray, int length) 13.909 + { 13.910 + char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', 13.911 + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; 13.912 + int hexIndex; 13.913 + int value; 13.914 + int arraylength; 13.915 + 13.916 + arraylength = length; 13.917 + 13.918 + if (dataArray == null) 13.919 + { 13.920 + System.err.print("printHex: input byte array is null"); 13.921 + } 13.922 + 13.923 + if (length > dataArray.length || length < 0) 13.924 + arraylength = dataArray.length; 13.925 + 13.926 + System.out.print("\n\t"); 13.927 + 13.928 + int i; 13.929 + for(i = 0; i < arraylength; ) 13.930 + { 13.931 + value = dataArray[i] & 0xFF; 13.932 + hexIndex = (value >>> 4); 13.933 + System.out.print(hexChars[hexIndex]); 13.934 + hexIndex = (value & 0x0F); 13.935 + System.out.print(hexChars[hexIndex]); 13.936 + 13.937 + i++; 13.938 + /* if done, print a final newline */ 13.939 + if (i == arraylength) { 13.940 + if (arraylength < dataArray.length) { 13.941 + System.out.print("..."); 13.942 + } 13.943 + System.out.println(); 13.944 + } 13.945 + else if ((i % 24) == 0) { 13.946 + System.out.print("\n\t"); 13.947 + } 13.948 + else if ((i % 4) == 0) { 13.949 + System.out.print(" "); 13.950 + } 13.951 + } 13.952 + 13.953 + return; 13.954 + } 13.955 + 13.956 + 13.957 + private void writeShortToStream(byte[] stream, short value, int index) 13.958 + throws IOException 13.959 + { 13.960 + int littleEndian = 0; 13.961 + int byteVal; 13.962 + 13.963 + if (index + 2 > stream.length) 13.964 + { 13.965 + throw new IOException("Writing beyond stream length: " + 13.966 + stream.length + " writing at locations from: " + index + " to " + (index + 4)); 13.967 + } 13.968 + 13.969 + if (!LittleEndian) 13.970 + { 13.971 + 13.972 + byteVal = value >> 8; 13.973 + stream[index ] = (byte) byteVal; 13.974 + 13.975 + byteVal = value; 13.976 + stream[index + 1] = (byte) byteVal; 13.977 + } else { 13.978 + stream[index] = (byte) ((value & 0x00ff) ); 13.979 + stream[index + 1] = (byte) ((value & 0xff00) >> 8); 13.980 + } 13.981 + return; 13.982 + } 13.983 + 13.984 + private void writeIntToStream(byte[] stream, int value, int index) 13.985 + throws IOException 13.986 + { 13.987 + int littleEndian = 0; 13.988 + int byteVal; 13.989 + 13.990 + if (4 > stream.length) 13.991 + { 13.992 + throw new IOException("writeIntToStream: stream length less than 4 bytes " + 13.993 + stream.length); 13.994 + } 13.995 + 13.996 + /* Do not Write beyond range */ 13.997 + if (index + 4 > stream.length) 13.998 + { 13.999 + throw new IOException("writeIntToStream: writing beyond stream length: " + 13.1000 + stream.length + " writing at locations from: " + index + " to " + (index + 4)); 13.1001 + } 13.1002 + if (!LittleEndian) 13.1003 + { 13.1004 + byteVal = value >>> 24; 13.1005 + stream[index] = (byte) byteVal; 13.1006 + 13.1007 + byteVal = value >> 16; 13.1008 + stream[index + 1] = (byte) byteVal; 13.1009 + 13.1010 + byteVal = value >> 8; 13.1011 + stream[index + 2] = (byte) byteVal; 13.1012 + 13.1013 + byteVal = value; 13.1014 + stream[index + 3] = (byte) byteVal; 13.1015 + } else { 13.1016 + stream[index] = (byte) value; 13.1017 + stream[index + 1] = (byte) ((value & 0x0000ff00) >> 8); 13.1018 + stream[index + 2] = (byte) ((value & 0x00ff0000) >> 16); 13.1019 + stream[index + 3] = (byte) ( value >>> 24); 13.1020 + } 13.1021 + return; 13.1022 + } 13.1023 + 13.1024 + public Document getDomTree(String xmlFileName) 13.1025 + throws Exception, SAXException, ParserConfigurationException 13.1026 + { 13.1027 + javax.xml.parsers.DocumentBuilderFactory dbf = 13.1028 + javax.xml.parsers.DocumentBuilderFactory.newInstance(); 13.1029 + 13.1030 + /* Turn on namespace aware and validation */ 13.1031 + dbf.setNamespaceAware(true); 13.1032 + dbf.setValidating(true); 13.1033 + dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA); 13.1034 + 13.1035 + /* Checks that the document is well-formed */ 13.1036 + javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 13.1037 + 13.1038 + myHandler errHandler= new myHandler(); 13.1039 + db.setErrorHandler(errHandler); 13.1040 + Document doc = db.parse(xmlFileName); 13.1041 + 13.1042 + /* Checks for validation errors */ 13.1043 + if (errHandler.isValid) 13.1044 + printDebug(" gDT:: Xml file: " + xmlFileName + " is valid"); 13.1045 + else 13.1046 + throw new Exception("Xml file: " + xmlFileName + " is NOT valid"); 13.1047 + 13.1048 + return doc; 13.1049 + } 13.1050 + 13.1051 + public void processDomTree( 13.1052 + Document doc, 13.1053 + Vector bagOfSsids, 13.1054 + Vector bagOfTypes, 13.1055 + Vector bagOfChwSsids, 13.1056 + Vector bagOfChwTypes, 13.1057 + Vector bagOfConflictSsids) 13.1058 + throws Exception, SAXException, ParserConfigurationException 13.1059 + { 13.1060 + boolean found; 13.1061 + 13.1062 + /* print the root Element */ 13.1063 + Element root = doc.getDocumentElement(); 13.1064 + printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + ",Value = " + root.getNodeValue()); 13.1065 + 13.1066 + /* Go through the list of the root Element's Attributes */ 13.1067 + NamedNodeMap nnm = root.getAttributes(); 13.1068 + printDebug (" pDT:: # of Attributes: " + nnm.getLength()); 13.1069 + for (int i = 0; i < nnm.getLength(); i++) 13.1070 + { 13.1071 + Node n = nnm.item (i); 13.1072 + printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = " 13.1073 + + n.getNodeValue()); 13.1074 + } 13.1075 + 13.1076 + /* Retrieve the policy definition */ 13.1077 + NodeList elementList = root.getElementsByTagName ("url"); 13.1078 + String definitionFileName = elementList.item(0).getFirstChild().getNodeValue(); 13.1079 + 13.1080 + String definitionHash = null; 13.1081 + 13.1082 + /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */ 13.1083 + elementList = root.getElementsByTagName ("hash"); 13.1084 + if (0 != elementList.getLength()) 13.1085 + definitionHash = elementList.item(0).getFirstChild().getNodeValue(); 13.1086 + 13.1087 + Document definitionDoc = pGetDomDefinition(definitionFileName,definitionHash); 13.1088 + pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids); 13.1089 + 13.1090 + 13.1091 + /* Get VM security information */ 13.1092 + elementList = root.getElementsByTagName ("VM"); 13.1093 + printDebug ("\n pDT:: partition length of NodeList:" + elementList.getLength()); 13.1094 + 13.1095 + 13.1096 + for (int x = 0; x < elementList.getLength(); x++) 13.1097 + { 13.1098 + found = false; 13.1099 + 13.1100 + Node node = elementList.item (x); 13.1101 + 13.1102 + if (node.getNodeType() == Node.ELEMENT_NODE) 13.1103 + { 13.1104 + printDebug (" pDT:: child: " + x + " is an element node" ); 13.1105 + Element e1 = (Element) node; 13.1106 + 13.1107 + /* Get id */ 13.1108 + NodeList elist = e1.getElementsByTagName ("id"); 13.1109 + String idStr = elist.item(0).getFirstChild().getNodeValue(); 13.1110 + printDebug (" pDT:: id:" + idStr); 13.1111 + 13.1112 + /* Get TE */ 13.1113 + Vector colorTypes = new Vector(); 13.1114 + pConflictEntries(e1, "TE", bagOfTypes, colorTypes); 13.1115 + 13.1116 + Enumeration e = bagOfSsids.elements(); 13.1117 + while (e.hasMoreElements()) 13.1118 + { 13.1119 + SecurityLabel elem = (SecurityLabel) e.nextElement(); 13.1120 + if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes)) 13.1121 + { 13.1122 + found = true; 13.1123 + elem.ids.add(idStr); 13.1124 + } 13.1125 + 13.1126 + } 13.1127 + if (!found && (0 < colorTypes.size())) 13.1128 + { 13.1129 + SecurityLabel entry = new SecurityLabel(); 13.1130 + entry.steTypes = colorTypes; 13.1131 + entry.ids = new Vector(); 13.1132 + entry.ids.add(idStr); 13.1133 + bagOfSsids.add(entry); 13.1134 + } 13.1135 + 13.1136 + /* Get Chinese wall type */ 13.1137 + Vector chwTypes = new Vector(); 13.1138 + pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes); 13.1139 + 13.1140 + found = false; 13.1141 + e = bagOfChwSsids.elements(); 13.1142 + 13.1143 + while (e.hasMoreElements()) 13.1144 + { 13.1145 + SecurityLabel elem = (SecurityLabel) e.nextElement(); 13.1146 + if ( elem.chwTypes.size() == chwTypes.size() && elem.chwTypes.containsAll(chwTypes)) 13.1147 + { 13.1148 + found = true; 13.1149 + elem.chwIDs.add(idStr); 13.1150 + } 13.1151 + 13.1152 + } 13.1153 + 13.1154 + if (!found && (0 < chwTypes.size())) 13.1155 + { 13.1156 + SecurityLabel entry = new SecurityLabel(); 13.1157 + entry.chwTypes = chwTypes; 13.1158 + entry.chwIDs = new Vector(); 13.1159 + entry.chwIDs.add(idStr); 13.1160 + bagOfChwSsids.add(entry); 13.1161 + } 13.1162 + } 13.1163 + } 13.1164 + return; 13.1165 + } 13.1166 + 13.1167 + public Document pGetDomDefinition( 13.1168 + String definitionFileName, 13.1169 + String definitionHash) 13.1170 + throws Exception, SAXException, ParserConfigurationException 13.1171 + { 13.1172 + printDebug("\n pGDD:: definition file name: " + definitionFileName); 13.1173 + printDebug("\n pGDD:: definition file hash: " + definitionHash); 13.1174 + 13.1175 + Document doc = getDomTree(definitionFileName); 13.1176 + return doc; 13.1177 + } 13.1178 + 13.1179 + public void pGetTypes( 13.1180 + Document defDoc, 13.1181 + Vector bagOfTypes, 13.1182 + Vector bagOfChwTypes, 13.1183 + Vector bagOfConflictSsids) 13.1184 + throws Exception 13.1185 + { 13.1186 + 13.1187 + 13.1188 + if (null == defDoc) 13.1189 + throw new Exception(" pGT:: definition file DOM is null "); 13.1190 + 13.1191 + Element root = defDoc.getDocumentElement(); 13.1192 + 13.1193 + /* Get list of TE types */ 13.1194 + NodeList elementList = root.getElementsByTagName ("Types"); 13.1195 + printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength()); 13.1196 + Element e1 = (Element) elementList.item (0); 13.1197 + pGetEntries(e1,"TE",bagOfTypes); 13.1198 + 13.1199 + /* Get list of Chinese types */ 13.1200 + elementList = root.getElementsByTagName ("ChWallTypes"); 13.1201 + printDebug ("\n pGT:: ChwTypes length of NodeList:" + elementList.getLength()); 13.1202 + if (0 == elementList.getLength()) 13.1203 + { 13.1204 + printDebug ("\n pGT:: ChWallTypes has zero length: :" + elementList.getLength()); 13.1205 + } else { 13.1206 + e1 = (Element) elementList.item (0); 13.1207 + pGetEntries(e1,"ChWall",bagOfChwTypes); 13.1208 + } 13.1209 + printDebug (" pGT:: Total number of unique chw types: " + bagOfChwTypes.size()); 13.1210 + 13.1211 + /* Get Chinese type conflict sets */ 13.1212 + elementList = root.getElementsByTagName ("ConflictSet"); 13.1213 + printDebug ("\n pGT:: Conflict sets length of NodeList:" + elementList.getLength()); 13.1214 + for (int x = 0; x < elementList.getLength(); x++) 13.1215 + { 13.1216 + Vector conflictEntry = new Vector(); 13.1217 + e1 = (Element) elementList.item (x); 13.1218 + printDebug ("\n pGT:: Conflict sets : " + x); 13.1219 + 13.1220 + pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry); 13.1221 + 13.1222 + if (conflictEntry.size() > 0) 13.1223 + { 13.1224 + boolean found = false; 13.1225 + Enumeration e = bagOfConflictSsids.elements(); 13.1226 + 13.1227 + while (e.hasMoreElements()) 13.1228 + { 13.1229 + Vector elem = (Vector) e.nextElement(); 13.1230 + if (elem.size() == conflictEntry.size() && elem.containsAll(conflictEntry)) 13.1231 + { 13.1232 + found = true; 13.1233 + } 13.1234 + 13.1235 + } 13.1236 + if (!found) 13.1237 + { 13.1238 + bagOfConflictSsids.add(conflictEntry); 13.1239 + } 13.1240 + } 13.1241 + } 13.1242 + 13.1243 + } 13.1244 + 13.1245 + public void pGetEntries(Element doc, String tag, Vector typeBag) 13.1246 + throws Exception 13.1247 + { 13.1248 + 13.1249 + if (null == doc) 13.1250 + throw new Exception(" pGE:: Element doc is null"); 13.1251 + 13.1252 + if (null == typeBag) 13.1253 + throw new Exception(" pGE:: typeBag is null"); 13.1254 + 13.1255 + NodeList elist = doc.getElementsByTagName (tag); 13.1256 + for (int j = 0; j < elist.getLength(); j++) 13.1257 + { 13.1258 + Node knode = elist.item (j); 13.1259 + Node childNode = knode.getFirstChild(); 13.1260 + String value = childNode.getNodeValue(); 13.1261 + 13.1262 + printDebug (" pGT:: "+ tag +" type: " + value); 13.1263 + 13.1264 + /* Check if value is known */ 13.1265 + if (!typeBag.contains(value)) 13.1266 + typeBag.addElement(value); 13.1267 + } 13.1268 + } 13.1269 + 13.1270 + public void pConflictEntries(Element doc, String tag, Vector typeBag, Vector conflictEntry) 13.1271 + throws Exception 13.1272 + { 13.1273 + 13.1274 + if (null == doc) 13.1275 + throw new Exception(" pGE:: Element doc is null"); 13.1276 + 13.1277 + if (null == typeBag) 13.1278 + throw new Exception(" pGE:: typeBag is null"); 13.1279 + 13.1280 + if (null == conflictEntry) 13.1281 + throw new Exception(" pGE:: typeBag is null"); 13.1282 + 13.1283 + 13.1284 + NodeList elist = doc.getElementsByTagName (tag); 13.1285 + 13.1286 + for (int j = 0; j < elist.getLength(); j++) 13.1287 + { 13.1288 + Node knode = elist.item (j); 13.1289 + Node childNode = knode.getFirstChild(); 13.1290 + String value = childNode.getNodeValue(); 13.1291 + 13.1292 + printDebug (" pGE:: "+ tag +" type: " + value); 13.1293 + 13.1294 + /* Check if value is known */ 13.1295 + if (!typeBag.contains(value)) 13.1296 + throw new Exception(" pCE:: found undefined type set " + value); 13.1297 + 13.1298 + if (!conflictEntry.contains(value)) 13.1299 + conflictEntry.addElement(value); 13.1300 + 13.1301 + } 13.1302 + } 13.1303 + 13.1304 + public void processDomTreeVlanSlot( 13.1305 + Document doc, 13.1306 + Vector bagOfSsids, 13.1307 + Vector bagOfTypes) 13.1308 + throws Exception 13.1309 + { 13.1310 + boolean found; 13.1311 + 13.1312 + printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size()); 13.1313 + Element root = doc.getDocumentElement(); 13.1314 + 13.1315 + NodeList elementList = root.getElementsByTagName ("Vlan"); 13.1316 + printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength()); 13.1317 + 13.1318 + for (int x = 0; x < elementList.getLength(); x++) 13.1319 + { 13.1320 + found = false; 13.1321 + 13.1322 + Node node = elementList.item (x); 13.1323 + 13.1324 + if (node.getNodeType() == Node.ELEMENT_NODE) 13.1325 + { 13.1326 + printDebug(" pDTVS:: child: " + x + " is an element node" ); 13.1327 + Element e1 = (Element) node; 13.1328 + 13.1329 + /* Get vid */ 13.1330 + NodeList elist = e1.getElementsByTagName ("vid"); 13.1331 + String idStr = elist.item(0).getFirstChild().getNodeValue(); 13.1332 + printDebug ("pDTVS:: vid:" + idStr); 13.1333 + 13.1334 + /* Get TE */ 13.1335 + elist = e1.getElementsByTagName ("TE"); 13.1336 + printDebug ("pDTVS:: Total ste types: " + elist.getLength()); 13.1337 + 13.1338 + Vector colorTypes = new Vector(); 13.1339 + for (int j = 0; j < elist.getLength(); j++) 13.1340 + { 13.1341 + Node knode = elist.item (j); 13.1342 + Node childNode = knode.getFirstChild(); 13.1343 + String value = childNode.getNodeValue(); 13.1344 + 13.1345 + printDebug (" pDT:: My color is: " + value); 13.1346 + if (!bagOfTypes.contains(value)) 13.1347 + { 13.1348 + throw new IOException("pDT:: Vlan: " + idStr+ " has unknown type : "+ value); 13.1349 + } 13.1350 + 13.1351 + if (!colorTypes.contains(value)) 13.1352 + colorTypes.addElement(value); 13.1353 + } 13.1354 + Enumeration e = bagOfSsids.elements(); 13.1355 + while (e.hasMoreElements()) 13.1356 + { 13.1357 + SecurityLabel elem = (SecurityLabel) e.nextElement(); 13.1358 + if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes)) 13.1359 + { 13.1360 + found = true; 13.1361 + if (null == elem.vlans) 13.1362 + elem.vlans = new Vector(); 13.1363 + elem.vlans.add(idStr); 13.1364 + } 13.1365 + 13.1366 + } 13.1367 + if (!found && (0 < colorTypes.size())) 13.1368 + { 13.1369 + SecurityLabel entry = new SecurityLabel(); 13.1370 + entry.steTypes = colorTypes; 13.1371 + entry.vlans = new Vector(); 13.1372 + entry.vlans.add(idStr); 13.1373 + bagOfSsids.add(entry); 13.1374 + } 13.1375 + 13.1376 + } 13.1377 + } 13.1378 + printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size()); 13.1379 + 13.1380 + elementList = root.getElementsByTagName ("Slot"); 13.1381 + printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength()); 13.1382 + 13.1383 + for (int x = 0; x < elementList.getLength(); x++) 13.1384 + { 13.1385 + found = false; 13.1386 + 13.1387 + Node node = elementList.item (x); 13.1388 + 13.1389 + if (node.getNodeType() == Node.ELEMENT_NODE) 13.1390 + { 13.1391 + printDebug(" pDT:: child: " + x + " is an element node" ); 13.1392 + Element e1 = (Element) node; 13.1393 + 13.1394 + 13.1395 + /* Get slot and bus */ 13.1396 + SlotInfo item = new SlotInfo(); 13.1397 + 13.1398 + NodeList elist = e1.getElementsByTagName ("bus"); 13.1399 + item.bus = elist.item(0).getFirstChild().getNodeValue(); 13.1400 + elist = e1.getElementsByTagName ("slot"); 13.1401 + item.slot = elist.item(0).getFirstChild().getNodeValue(); 13.1402 + printDebug ("pDT:: bus and slot:" + item.bus + " "+ item.slot); 13.1403 + 13.1404 + /* Get TE */ 13.1405 + elist = e1.getElementsByTagName ("TE"); 13.1406 + printDebug ("pDT:: Total ste types: " + elist.getLength()); 13.1407 + 13.1408 + Vector colorTypes = new Vector(); 13.1409 + for (int j = 0; j < elist.getLength(); j++) 13.1410 + { 13.1411 + Node knode = elist.item (j); 13.1412 + Node childNode = knode.getFirstChild(); 13.1413 + String value = childNode.getNodeValue(); 13.1414 + 13.1415 + printDebug ("pDT:: My color is: " + value); 13.1416 + if (!bagOfTypes.contains(value)) 13.1417 + { 13.1418 + throw new IOException("pDT:: bus: " + item.bus + " slot: "+ item.slot + " has unknown type : "+ value); 13.1419 + } 13.1420 + 13.1421 + if (!colorTypes.contains(value)) 13.1422 + colorTypes.addElement(value); 13.1423 + } 13.1424 + 13.1425 + Enumeration e = bagOfSsids.elements(); 13.1426 + while (e.hasMoreElements()) 13.1427 + { 13.1428 + SecurityLabel elem = (SecurityLabel) e.nextElement(); 13.1429 + if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes)) 13.1430 + { 13.1431 + found = true; 13.1432 + if (null == elem.slots) 13.1433 + elem.slots = new Vector(); 13.1434 + elem.slots.add(item); 13.1435 + 13.1436 + } 13.1437 + 13.1438 + } 13.1439 + 13.1440 + if (!found && (0 < colorTypes.size())) 13.1441 + { 13.1442 + SecurityLabel entry = new SecurityLabel(); 13.1443 + entry.steTypes = colorTypes; 13.1444 + entry.slots = new Vector(); 13.1445 + entry.slots.add(item); 13.1446 + bagOfSsids.add(entry); 13.1447 + } 13.1448 + 13.1449 + } 13.1450 + } 13.1451 + return; 13.1452 + } 13.1453 + 13.1454 + public static void main (String[] args) 13.1455 + { 13.1456 + String xmlFileName = null; /* policy file */ 13.1457 + String outputFileName = null; /* binary policy file */ 13.1458 + String xenSsidOutputFileName = null; /* outputfile ssid to named types */ 13.1459 + /* outputfile conflicts ssid to named types */ 13.1460 + String xenSsidConfOutputFileName = null; 13.1461 + 13.1462 + XmlToBin genObj = new XmlToBin(); 13.1463 + 13.1464 + 13.1465 + for (int i = 0 ; i < args.length ; i++) { 13.1466 + 13.1467 + if ( args[i].equals("-help")) { 13.1468 + printUsage(); 13.1469 + System.exit(1); 13.1470 + 13.1471 + } else if ( args[i].equals("-i")) { 13.1472 + i++; 13.1473 + if (i < args.length) { 13.1474 + xmlFileName = args[i]; 13.1475 + } else { 13.1476 + System.out.println("-i argument needs parameter"); 13.1477 + System.exit(1); 13.1478 + } 13.1479 + 13.1480 + } else if ( args[i].equals("-o")) { 13.1481 + i++; 13.1482 + if (i < args.length) { 13.1483 + outputFileName = args[i]; 13.1484 + } else { 13.1485 + System.out.println("-o argument needs parameter"); 13.1486 + System.exit(1); 13.1487 + } 13.1488 + 13.1489 + } else if ( args[i].equals("-xssid")) { 13.1490 + i++; 13.1491 + if (i < args.length) { 13.1492 + xenSsidOutputFileName = args[i]; 13.1493 + } else { 13.1494 + System.out.println("-xssid argument needs parameter"); 13.1495 + System.exit(1); 13.1496 + } 13.1497 + 13.1498 + } else if ( args[i].equals("-xssidconf")) { 13.1499 + i++; 13.1500 + if (i < args.length) { 13.1501 + xenSsidConfOutputFileName = args[i]; 13.1502 + } else { 13.1503 + System.out.println("-xssidconf argument needs parameter"); 13.1504 + System.exit(1); 13.1505 + } 13.1506 + } else if ( args[i].equals("-debug")) { /* turn on debug msg */ 13.1507 + genObj.setDebug(true); 13.1508 + } else { 13.1509 + System.out.println("bad command line argument: " + args[i]); 13.1510 + printUsage(); 13.1511 + System.exit(1); 13.1512 + } 13.1513 + 13.1514 + } 13.1515 + 13.1516 + if (xmlFileName == null) 13.1517 + { 13.1518 + System.out.println("Need to specify input file -i option"); 13.1519 + printUsage(); 13.1520 + System.exit(1); 13.1521 + } 13.1522 + 13.1523 + 13.1524 + try 13.1525 + { 13.1526 + /* Parse and validate */ 13.1527 + Document doc = genObj.getDomTree(xmlFileName); 13.1528 + 13.1529 + /* Vectors to hold sets of types */ 13.1530 + Vector bagOfSsids = new Vector(); 13.1531 + Vector bagOfTypes = new Vector(); 13.1532 + Vector bagOfChwSsids = new Vector(); 13.1533 + Vector bagOfChwTypes = new Vector(); 13.1534 + Vector bagOfConflictSsids = new Vector(); 13.1535 + 13.1536 + Vector vlanMapSsids = new Vector(); 13.1537 + Vector slotMapSsids = new Vector(); 13.1538 + 13.1539 + genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, bagOfChwTypes, bagOfConflictSsids); 13.1540 + 13.1541 + genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes); 13.1542 + 13.1543 + /* Get binary representation of policies */ 13.1544 + byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes); 13.1545 + byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, bagOfConflictSsids,bagOfChwTypes); 13.1546 + 13.1547 + byte[] binPolicy = null; 13.1548 + byte[] binaryPartionSsid = null; 13.1549 + byte[] binaryVlanSsid = null; 13.1550 + byte[] binarySlotSsid = null; 13.1551 + 13.1552 + /* Get binary representation of partition to ssid mapping */ 13.1553 + binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids); 13.1554 + 13.1555 + /* Get binary representation of vlan to ssid mapping */ 13.1556 + binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids); 13.1557 + 13.1558 + /* Get binary representation of slot to ssid mapping */ 13.1559 + binarySlotSsid = genObj.generateSlotSsids(bagOfSsids); 13.1560 + 13.1561 + /* Generate binary representation: policy, partition, slot and vlan */ 13.1562 + binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, binaryPartionSsid, binaryVlanSsid, binarySlotSsid); 13.1563 + 13.1564 + 13.1565 + /* Write binary policy into file */ 13.1566 + if (null != outputFileName) 13.1567 + { 13.1568 + genObj.writeBinPolicy(binPolicy, outputFileName); 13.1569 + } else { 13.1570 + System.out.println (" No binary policy generated, outputFileName: " + outputFileName); 13.1571 + } 13.1572 + 13.1573 + /* Print total number of types */ 13.1574 + System.out.println (" Total number of unique ste types: " + bagOfTypes.size()); 13.1575 + System.out.println (" Total number of Ssids : " + bagOfSsids.size()); 13.1576 + System.out.println (" Total number of unique chw types: " + bagOfChwTypes.size()); 13.1577 + System.out.println (" Total number of conflict ssids : " + bagOfConflictSsids.size()); 13.1578 + System.out.println (" Total number of chw Ssids : " + bagOfChwSsids.size()); 13.1579 + 13.1580 + if (null != xenSsidOutputFileName) 13.1581 + genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, true); 13.1582 + 13.1583 + if (null != xenSsidConfOutputFileName) 13.1584 + genObj.writeXenTypeFile(bagOfChwSsids, xenSsidConfOutputFileName, false); 13.1585 + } 13.1586 + catch (Exception e) 13.1587 + { 13.1588 + e.printStackTrace(); 13.1589 + } 13.1590 + } 13.1591 +}
14.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 14.2 +++ b/tools/misc/policyprocessor/XmlToBinInterface.java Tue Jun 21 07:02:30 2005 +0000 14.3 @@ -0,0 +1,135 @@ 14.4 +/** 14.5 + * (C) Copyright IBM Corp. 2005 14.6 + * 14.7 + * $Id: XmlToBinInterface.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $ 14.8 + * 14.9 + * Author: Ray Valdez 14.10 + * 14.11 + * This program is free software; you can redistribute it and/or 14.12 + * modify it under the terms of the GNU General Public License as 14.13 + * published by the Free Software Foundation, version 2 of the 14.14 + * License. 14.15 + * 14.16 + * XmlToBinInterface Class. 14.17 + * <p> 14.18 + * 14.19 + * Defines constants used by XmToBin. 14.20 + * 14.21 + * <p> 14.22 + * 14.23 + * policy binary structures 14.24 + * 14.25 + * typedef struct { 14.26 + * u32 magic; 14.27 + * 14.28 + * u32 policyversion; 14.29 + * u32 len; 14.30 + * 14.31 + * u16 primary_policy_code; 14.32 + * u16 primary_buffer_offset; 14.33 + * u16 secondary_policy_code; 14.34 + * u16 secondary_buffer_offset; 14.35 + * u16 resource_offset; 14.36 + * 14.37 + * } acm_policy_buffer_t; 14.38 + * 14.39 + * typedef struct { 14.40 + * u16 policy_code; 14.41 + * u16 ste_max_types; 14.42 + * u16 ste_max_ssidrefs; 14.43 + * u16 ste_ssid_offset; 14.44 + * } acm_ste_policy_buffer_t; 14.45 + * 14.46 + * typedef struct { 14.47 + * uint16 policy_code; 14.48 + * uint16 chwall_max_types; 14.49 + * uint16 chwall_max_ssidrefs; 14.50 + * uint16 chwall_max_conflictsets; 14.51 + * uint16 chwall_ssid_offset; 14.52 + * uint16 chwall_conflict_sets_offset; 14.53 + * uint16 chwall_running_types_offset; 14.54 + * uint16 chwall_conflict_aggregate_offset; 14.55 + * } acm_chwall_policy_buffer_t; 14.56 + * 14.57 + * typedef struct { 14.58 + * u16 partition_max; 14.59 + * u16 partition_offset; 14.60 + * u16 vlan_max; 14.61 + * u16 vlan_offset; 14.62 + * u16 slot_max; 14.63 + * u16 slot_offset; 14.64 + * } acm_resource_buffer_t; 14.65 + * 14.66 + * typedef struct { 14.67 + * u16 id; 14.68 + * u16 ssid_ste; 14.69 + * u16 ssid_chwall; 14.70 + * } acm_partition_entry_t; 14.71 + * 14.72 + * typedef struct { 14.73 + * u16 vlan; 14.74 + * u16 ssid_ste; 14.75 + * } acm_vlan_entry_t; 14.76 + * 14.77 + * typedef struct { 14.78 + * u16 bus; 14.79 + * u16 slot; 14.80 + * u16 ssid_ste; 14.81 + * } acm_slot_entry_t; 14.82 + * 14.83 + * 14.84 + * 14.85 + */ 14.86 +public interface XmlToBinInterface 14.87 +{ 14.88 + /* policy code (uint16) */ 14.89 + final int policyCodeSize = 2; 14.90 + 14.91 + /* max_types (uint16) */ 14.92 + final int maxTypesSize = 2; 14.93 + 14.94 + /* max_ssidrefs (uint16) */ 14.95 + final int maxSsidrefSize = 2; 14.96 + 14.97 + /* ssid_offset (uint32) */ 14.98 + final int ssidOffsetSize = 2; 14.99 + 14.100 + final short markSymbol = 0x0001; 14.101 + 14.102 + final int u32Size = 4; 14.103 + final int u16Size = 2; 14.104 + 14.105 + /* num of bytes for acm_ste_policy_buffer_t */ 14.106 + final short steHeaderSize = (4 * u16Size); 14.107 + /* byte for acm_chinese_wall_policy_buffer_t */ 14.108 + final short chwHeaderSize = (8 * u16Size); 14.109 + 14.110 + final short primaryPolicyCodeSize = u16Size; 14.111 + final short primaryBufferOffsetSize = u16Size ; 14.112 + 14.113 + final int secondaryPolicyCodeSz = u16Size; 14.114 + final int secondaryBufferOffsetSz = u16Size; 14.115 + final short resourceOffsetSz = u16Size; 14.116 + 14.117 + final short partitionBufferSz = (2 * u16Size); 14.118 + final short partitionEntrySz = (3 * u16Size); 14.119 + 14.120 + final short slotBufferSz = (2 * u16Size); 14.121 + final short slotEntrySz = (3 * u16Size); 14.122 + 14.123 + final short vlanBufferSz = (2 * u16Size); 14.124 + final short vlanEntrySz = (2 * u16Size); 14.125 + 14.126 + final short binaryBufferHeaderSz = (3 * u32Size + 4* u16Size); 14.127 + 14.128 + /* copied directlty from policy_ops.h */ 14.129 + final int POLICY_INTERFACE_VERSION = 0xAAAA0000; 14.130 + 14.131 + /* copied directly from acm.h */ 14.132 + final int ACM_MAGIC = 0x0001debc; 14.133 + final short ACM_NULL_POLICY = 0; 14.134 + final short ACM_CHINESE_WALL_POLICY = 1; 14.135 + final short ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2; 14.136 + final short ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3; 14.137 + final short ACM_EMPTY_POLICY = 4; 14.138 +}
15.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 15.2 +++ b/tools/misc/policyprocessor/myHandler.java Tue Jun 21 07:02:30 2005 +0000 15.3 @@ -0,0 +1,47 @@ 15.4 +/** 15.5 + * (C) Copyright IBM Corp. 2005 15.6 + * 15.7 + * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $ 15.8 + * 15.9 + * Author: Ray Valdez 15.10 + * 15.11 + * This program is free software; you can redistribute it and/or 15.12 + * modify it under the terms of the GNU General Public License as 15.13 + * published by the Free Software Foundation, version 2 of the 15.14 + * License. 15.15 + * 15.16 + * myHandler Class. 15.17 + * 15.18 + * <p> 15.19 + * 15.20 + * A dummy class used for detecting XML validating/parsing errors. 15.21 + * 15.22 + * <p> 15.23 + * 15.24 + * 15.25 + */ 15.26 +import org.xml.sax.helpers.*; 15.27 +import org.xml.sax.SAXParseException; 15.28 + 15.29 +class myHandler extends DefaultHandler 15.30 +{ 15.31 + public boolean isValid = true; 15.32 + 15.33 + /* Notification of a recoverable error. */ 15.34 + public void error(SAXParseException se) 15.35 + { 15.36 + isValid = false; 15.37 + } 15.38 + 15.39 + /* Notification of a non-recoverable error. */ 15.40 + public void fatalError(SAXParseException se) 15.41 + { 15.42 + isValid = false; 15.43 + } 15.44 + 15.45 + /* Notification of a warning. */ 15.46 + public void warning(SAXParseException se) 15.47 + { 15.48 + isValid = false; 15.49 + } 15.50 +}
16.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 16.2 +++ b/tools/misc/policyprocessor/readme.install Tue Jun 21 07:02:30 2005 +0000 16.3 @@ -0,0 +1,33 @@ 16.4 +# Author: Ray Valdez, rvaldez@us.ibm.com 16.5 +# Version: 1.0 16.6 +# 16.7 +# install readme 16.8 +# 16.9 +PREREQUISITES: 16.10 + 16.11 +Prior to installation of the policy processor tool (XmlToBin) you must have... 16.12 + 16.13 + 1. Java version 1.4.2 16.14 + 2. xmlParserAPIs.jar and xercesImpl.jar 16.15 + 16.16 +The above can be obtained from the Sun Developer Network web site at 16.17 +http://java.sun.com/j2se/1.4.2/download.html. 16.18 + 16.19 +XmlParserAPIs and xercesImpl jars can be obtained from 16.20 +http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz, 16.21 +for example). 16.22 + 16.23 +The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit 16.24 +INTEL). 16.25 + 16.26 +INSTALLATION 16.27 + 16.28 +1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin 16.29 + where $HOME_JAVA is your java installation directory 16.30 + 16.31 +2. Compile XmlToBin: 16.32 + javac XmlToBin.java 16.33 + 16.34 +USAGE 16.35 + 16.36 + See readme.xen
17.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 17.2 +++ b/tools/misc/policyprocessor/readme.xen Tue Jun 21 07:02:30 2005 +0000 17.3 @@ -0,0 +1,65 @@ 17.4 +# Author: Ray Valdez, rvaldez@us.ibm.com 17.5 +# Version: 1.0 17.6 +# 17.7 +# This readme describes the policy processor tool for sHype. 17.8 +# 17.9 + 17.10 +Java program: 17.11 + 17.12 + java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf> 17.13 + 17.14 + Command line options: 17.15 + 17.16 + -i inputFile: name of policyfile (.xml) 17.17 + -o outputFile: name of binary policy file (Big Endian) 17.18 + -xssid SsidFile: xen ssids to named types text file 17.19 + -xssidconf SsidConf: xen conflict ssids to types text file 17.20 + -debug turn on debug messages 17.21 + -help help. This printout 17.22 + 17.23 +Where: 17.24 + 17.25 +file.xml is the (input) xml policy file to be parsed and validated. 17.26 +The syntax for file.xml is defined in the SecurityPolicySpec.xsd file. 17.27 +file.bin is the (output) binary policy file generated by XmlToBin. 17.28 +This binary policy can be activated in sHype. The binary policy file 17.29 +is laid out in network byte order (i.e., big endian). The SsidFile 17.30 +file contains the mapping of type enforcement (TE) ssids to the "named 17.31 +types". Similarly, the SsidConf file contains the mapping of Chinese 17.32 +Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf 17.33 +files are used by Xen. 17.34 + 17.35 +Xml Schema and policy: 17.36 + 17.37 +The SecurityPolicySpec.xsd defines the syntax of a policy file. It 17.38 +declares the tags that are used by XmlToBin to generate the binary 17.39 +policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid, 17.40 +etc. The xml files that describe a policy are simple. Semantic 17.41 +checking of a policy is performed mostly by XmlToBin. A type, for 17.42 +example, is a string. No fixed values are defined for types in Xml. 17.43 + 17.44 +A policy consists of two Xml files: definition and policy. The 17.45 +definition Xml declares the types that are permitted in the policy 17.46 +Xml. The policy Xml contains the assignment of labels to 17.47 +subject/object (e.g., vm). This Xml file contains an explicit 17.48 +reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>). 17.49 +The policy Xml is the one provided as a command line argument. 17.50 + 17.51 + 17.52 +Files: 17.53 + 17.54 +*.java - policy processor source 17.55 +xen_sample_policy.xml - sample xml policy file 17.56 +xen_sample_def.xml - sample user defined types 17.57 +SecurityPolicySpec.xsd - schema definition file 17.58 + 17.59 + 17.60 +To generate the sample binary policy: 17.61 + 17.62 +export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:. 17.63 + 17.64 +java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin 17.65 + 17.66 +where $XERCES_HOME is the installation directory of the Apache Xerces-J 17.67 + 17.68 +
18.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 18.2 +++ b/tools/misc/policyprocessor/xen_sample_def.xml Tue Jun 21 07:02:30 2005 +0000 18.3 @@ -0,0 +1,46 @@ 18.4 +<?xml version="1.0"?> 18.5 +<!-- Author: Ray Valdez, rvaldez@us.ibm.com --> 18.6 +<!-- example policy type definition --> 18.7 +<SecurityPolicySpec 18.8 +xmlns="http://www.ibm.com" 18.9 +xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 18.10 +xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd"> 18.11 + 18.12 +<Definition> 18.13 +<!-- an example of a simple type enforcement type definition --> 18.14 + <Types> 18.15 + <TE>LOCAL-management</TE> 18.16 + <TE>R-Company-development</TE> 18.17 + <TE>S-Company-order</TE> 18.18 + <TE>T-Company-advertising</TE> 18.19 + <TE>U-Company-computing</TE> 18.20 + <!-- TE nondevelopment --> 18.21 + </Types> 18.22 + 18.23 +<!-- an example of a chinese wall type definition along with conflict sets--> 18.24 + <ChWallTypes> 18.25 + <ChWall>Q-Company</ChWall> 18.26 + <ChWall>R-Company</ChWall> 18.27 + <ChWall>S-Company</ChWall> 18.28 + <ChWall>T-Company</ChWall> 18.29 + <ChWall>U-Company</ChWall> 18.30 + <ChWall>V-Company</ChWall> 18.31 + <ChWall>W-Company</ChWall> 18.32 + <ChWall>X-Company</ChWall> 18.33 + <ChWall>Y-Company</ChWall> 18.34 + <ChWall>Z-Company</ChWall> 18.35 + </ChWallTypes> 18.36 + 18.37 + <ConflictSet> 18.38 + <ChWall>T-Company</ChWall> 18.39 + <ChWall>S-Company</ChWall> 18.40 + </ConflictSet> 18.41 + 18.42 + <ConflictSet> 18.43 + <ChWall>Q-Company</ChWall> 18.44 + <ChWall>V-Company</ChWall> 18.45 + <ChWall>W-Company</ChWall> 18.46 + </ConflictSet> 18.47 + 18.48 +</Definition> 18.49 +</SecurityPolicySpec>
19.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 19.2 +++ b/tools/misc/policyprocessor/xen_sample_policy.xml Tue Jun 21 07:02:30 2005 +0000 19.3 @@ -0,0 +1,58 @@ 19.4 +<?xml version="1.0"?> 19.5 +<!-- Author: Ray Valdez, rvaldez@us.ibm.com --> 19.6 +<!-- example xen policy file --> 19.7 + 19.8 +<SecurityPolicySpec 19.9 +xmlns="http://www.ibm.com" 19.10 +xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 19.11 +xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd"> 19.12 +<Policy> 19.13 + <PolicyHeader> 19.14 + <Name>xen sample policy</Name> 19.15 + <DateTime>2005-05-20T16:56:00</DateTime> 19.16 + <Tag>foobar</Tag> 19.17 + <TypeDefinition> 19.18 + <url>xen_sample_def.xml</url> 19.19 + <hash>abcdef123456abcdef</hash> 19.20 + </TypeDefinition> 19.21 + </PolicyHeader> 19.22 + 19.23 + <VM> 19.24 + <id> 0 </id> 19.25 + <TE>LOCAL-management</TE> 19.26 + <TE>R-Company-development</TE> 19.27 + <TE>S-Company-order</TE> 19.28 + <TE>T-Company-advertising</TE> 19.29 + <TE>U-Company-computing</TE> 19.30 + <ChWall>Q-Company</ChWall> 19.31 + </VM> 19.32 + 19.33 + <VM> 19.34 + <id> 1 </id> 19.35 + <TE>R-Company-development</TE> 19.36 + <ChWall>R-Company</ChWall> 19.37 + </VM> 19.38 + 19.39 + <VM> 19.40 + <id> 2 </id> 19.41 + <TE>S-Company-order</TE> 19.42 + <ChWall>S-Company</ChWall> 19.43 + 19.44 + </VM> 19.45 + 19.46 + <VM> 19.47 + <id> 3 </id> 19.48 + <TE>T-Company-advertising</TE> 19.49 + <ChWall>T-Company</ChWall> 19.50 + </VM> 19.51 + 19.52 + 19.53 + <VM> 19.54 + <id> 4 </id> 19.55 + <TE>U-Company-computing</TE> 19.56 + <ChWall>U-Company</ChWall> 19.57 + </VM> 19.58 + 19.59 + 19.60 +</Policy> 19.61 +</SecurityPolicySpec>
20.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 20.2 +++ b/tools/policy/Makefile Tue Jun 21 07:02:30 2005 +0000 20.3 @@ -0,0 +1,36 @@ 20.4 +XEN_ROOT = ../.. 20.5 +include $(XEN_ROOT)/tools/Rules.mk 20.6 + 20.7 +SRCS = policy_tool.c 20.8 +CFLAGS += -static 20.9 +CFLAGS += -Wall 20.10 +CFLAGS += -Werror 20.11 +CFLAGS += -O3 20.12 +CFLAGS += -fno-strict-aliasing 20.13 +CFLAGS += -I. 20.14 + 20.15 +all: build 20.16 +build: mk-symlinks 20.17 + $(MAKE) policy_tool 20.18 + 20.19 +default: all 20.20 + 20.21 +install: all 20.22 + 20.23 +policy_tool : policy_tool.c 20.24 + $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< 20.25 + 20.26 +clean: 20.27 + rm -rf policy_tool xen 20.28 + 20.29 + 20.30 +LINUX_ROOT := $(wildcard $(XEN_ROOT)/linux-2.6.*-xen-sparse) 20.31 +mk-symlinks: 20.32 + [ -e xen/linux ] || mkdir -p xen/linux 20.33 + [ -e xen/io ] || mkdir -p xen/io 20.34 + ( cd xen >/dev/null ; \ 20.35 + ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) 20.36 + ( cd xen/io >/dev/null ; \ 20.37 + ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) 20.38 + ( cd xen/linux >/dev/null ; \ 20.39 + ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
21.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 21.2 +++ b/tools/policy/policy_tool.c Tue Jun 21 07:02:30 2005 +0000 21.3 @@ -0,0 +1,557 @@ 21.4 +/**************************************************************** 21.5 + * policy_tool.c 21.6 + * 21.7 + * Copyright (C) 2005 IBM Corporation 21.8 + * 21.9 + * Authors: 21.10 + * Reiner Sailer <sailer@watson.ibm.com> 21.11 + * Stefan Berger <stefanb@watson.ibm.com> 21.12 + * 21.13 + * This program is free software; you can redistribute it and/or 21.14 + * modify it under the terms of the GNU General Public License as 21.15 + * published by the Free Software Foundation, version 2 of the 21.16 + * License. 21.17 + * 21.18 + * sHype policy management tool. This code runs in a domain and 21.19 + * manages the Xen security policy by interacting with the 21.20 + * Xen access control module via a /proc/xen/policycmd proc-ioctl, 21.21 + * which is translated into a policy_op hypercall into Xen. 21.22 + * 21.23 + * todo: implement setpolicy to dynamically set a policy cache. 21.24 + */ 21.25 +#include <unistd.h> 21.26 +#include <stdio.h> 21.27 +#include <errno.h> 21.28 +#include <fcntl.h> 21.29 +#include <sys/mman.h> 21.30 +#include <sys/types.h> 21.31 +#include <sys/stat.h> 21.32 +#include <stdlib.h> 21.33 +#include <sys/ioctl.h> 21.34 +#include <string.h> 21.35 +#include <stdint.h> 21.36 +#include <netinet/in.h> 21.37 + 21.38 +typedef uint8_t u8; 21.39 +typedef uint16_t u16; 21.40 +typedef uint32_t u32; 21.41 +typedef uint64_t u64; 21.42 +typedef int8_t s8; 21.43 +typedef int16_t s16; 21.44 +typedef int32_t s32; 21.45 +typedef int64_t s64; 21.46 + 21.47 +#include <xen/acm.h> 21.48 + 21.49 +#include <xen/policy_ops.h> 21.50 + 21.51 +#include <xen/linux/privcmd.h> 21.52 + 21.53 +#define ERROR(_m, _a...) \ 21.54 + fprintf(stderr, "ERROR: " _m "\n" , ## _a ) 21.55 + 21.56 +#define PERROR(_m, _a...) \ 21.57 + fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ 21.58 + errno, strerror(errno)) 21.59 + 21.60 +static inline int do_policycmd(int xc_handle, 21.61 + unsigned int cmd, 21.62 + unsigned long data) 21.63 +{ 21.64 + return ioctl(xc_handle, cmd, data); 21.65 +} 21.66 + 21.67 +static inline int do_xen_hypercall(int xc_handle, 21.68 + privcmd_hypercall_t *hypercall) 21.69 +{ 21.70 + return do_policycmd(xc_handle, 21.71 + IOCTL_PRIVCMD_HYPERCALL, 21.72 + (unsigned long)hypercall); 21.73 +} 21.74 + 21.75 +static inline int do_policy_op(int xc_handle, policy_op_t *op) 21.76 +{ 21.77 + int ret = -1; 21.78 + privcmd_hypercall_t hypercall; 21.79 + 21.80 + op->interface_version = POLICY_INTERFACE_VERSION; 21.81 + 21.82 + hypercall.op = __HYPERVISOR_policy_op; 21.83 + hypercall.arg[0] = (unsigned long)op; 21.84 + 21.85 + if ( mlock(op, sizeof(*op)) != 0 ) 21.86 + { 21.87 + PERROR("Could not lock memory for Xen policy hypercall"); 21.88 + goto out1; 21.89 + } 21.90 + 21.91 + if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 ) 21.92 + { 21.93 + if ( errno == EACCES ) 21.94 + fprintf(stderr, "POLICY operation failed -- need to" 21.95 + " rebuild the user-space tool set?\n"); 21.96 + goto out2; 21.97 + } 21.98 + 21.99 + out2: (void)munlock(op, sizeof(*op)); 21.100 + out1: return ret; 21.101 +} 21.102 + 21.103 +/*************************** DUMPS *******************************/ 21.104 + 21.105 +void acm_dump_chinesewall_buffer(void *buf, int buflen) { 21.106 + 21.107 + struct acm_chwall_policy_buffer *cwbuf = (struct acm_chwall_policy_buffer *)buf; 21.108 + domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate; 21.109 + int i,j; 21.110 + 21.111 + 21.112 + if (htons(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) { 21.113 + printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); 21.114 + return; 21.115 + } 21.116 + printf("\n\nChinese Wall policy:\n"); 21.117 + printf("====================\n"); 21.118 + printf("Max Types = %x.\n", ntohs(cwbuf->chwall_max_types)); 21.119 + printf("Max Ssidrefs = %x.\n", ntohs(cwbuf->chwall_max_ssidrefs)); 21.120 + printf("Max ConfSets = %x.\n", ntohs(cwbuf->chwall_max_conflictsets)); 21.121 + printf("Ssidrefs Off = %x.\n", ntohs(cwbuf->chwall_ssid_offset)); 21.122 + printf("Conflicts Off = %x.\n", ntohs(cwbuf->chwall_conflict_sets_offset)); 21.123 + printf("Runing T. Off = %x.\n", ntohs(cwbuf->chwall_running_types_offset)); 21.124 + printf("C. Agg. Off = %x.\n", ntohs(cwbuf->chwall_conflict_aggregate_offset)); 21.125 + printf("\nSSID To CHWALL-Type matrix:\n"); 21.126 + 21.127 + ssids = (domaintype_t *)(buf + ntohs(cwbuf->chwall_ssid_offset)); 21.128 + for(i=0; i< ntohs(cwbuf->chwall_max_ssidrefs); i++) { 21.129 + printf("\n ssidref%2x: ", i); 21.130 + for(j=0; j< ntohs(cwbuf->chwall_max_types); j++) 21.131 + printf("%02x ", ntohs(ssids[i*ntohs(cwbuf->chwall_max_types) + j])); 21.132 + } 21.133 + printf("\n\nConfict Sets:\n"); 21.134 + conflicts = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_sets_offset)); 21.135 + for(i=0; i< ntohs(cwbuf->chwall_max_conflictsets); i++) { 21.136 + printf("\n c-set%2x: ", i); 21.137 + for(j=0; j< ntohs(cwbuf->chwall_max_types); j++) 21.138 + printf("%02x ", ntohs(conflicts[i*ntohs(cwbuf->chwall_max_types) +j])); 21.139 + } 21.140 + printf("\n"); 21.141 + 21.142 + printf("\nRunning\nTypes: "); 21.143 + if (ntohs(cwbuf->chwall_running_types_offset)) { 21.144 + running_types = (domaintype_t *)(buf + ntohs(cwbuf->chwall_running_types_offset)); 21.145 + for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) { 21.146 + printf("%02x ", ntohs(running_types[i])); 21.147 + } 21.148 + printf("\n"); 21.149 + } else { 21.150 + printf("Not Reported!\n"); 21.151 + } 21.152 + printf("\nConflict\nAggregate Set: "); 21.153 + if (ntohs(cwbuf->chwall_conflict_aggregate_offset)) { 21.154 + conflict_aggregate = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_aggregate_offset)); 21.155 + for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) { 21.156 + printf("%02x ", ntohs(conflict_aggregate[i])); 21.157 + } 21.158 + printf("\n\n"); 21.159 + } else { 21.160 + printf("Not Reported!\n"); 21.161 + } 21.162 +} 21.163 + 21.164 +void acm_dump_ste_buffer(void *buf, int buflen) { 21.165 + 21.166 + struct acm_ste_policy_buffer *stebuf = (struct acm_ste_policy_buffer *)buf; 21.167 + domaintype_t *ssids; 21.168 + int i,j; 21.169 + 21.170 + 21.171 + if (ntohs(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { 21.172 + printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n"); 21.173 + return; 21.174 + } 21.175 + printf("\nSimple Type Enforcement policy:\n"); 21.176 + printf("===============================\n"); 21.177 + printf("Max Types = %x.\n", ntohs(stebuf->ste_max_types)); 21.178 + printf("Max Ssidrefs = %x.\n", ntohs(stebuf->ste_max_ssidrefs)); 21.179 + printf("Ssidrefs Off = %x.\n", ntohs(stebuf->ste_ssid_offset)); 21.180 + printf("\nSSID To STE-Type matrix:\n"); 21.181 + 21.182 + ssids = (domaintype_t *)(buf + ntohs(stebuf->ste_ssid_offset)); 21.183 + for(i=0; i< ntohs(stebuf->ste_max_ssidrefs); i++) { 21.184 + printf("\n ssidref%2x: ", i); 21.185 + for(j=0; j< ntohs(stebuf->ste_max_types); j++) 21.186 + printf("%02x ", ntohs(ssids[i*ntohs(stebuf->ste_max_types) +j])); 21.187 + } 21.188 + printf("\n\n"); 21.189 +} 21.190 + 21.191 +void acm_dump_policy_buffer(void *buf, int buflen) { 21.192 + struct acm_policy_buffer *pol = (struct acm_policy_buffer *)buf; 21.193 + 21.194 + printf("\nPolicy dump:\n"); 21.195 + printf("============\n"); 21.196 + printf("Magic = %x.\n", ntohl(pol->magic)); 21.197 + printf("PolVer = %x.\n", ntohl(pol->policyversion)); 21.198 + printf("Len = %x.\n", ntohl(pol->len)); 21.199 + printf("Primary = %s (c=%x, off=%x).\n", 21.200 + ACM_POLICY_NAME(ntohs(pol->primary_policy_code)), 21.201 + ntohs(pol->primary_policy_code), ntohs(pol->primary_buffer_offset)); 21.202 + printf("Secondary = %s (c=%x, off=%x).\n", 21.203 + ACM_POLICY_NAME(ntohs(pol->secondary_policy_code)), 21.204 + ntohs(pol->secondary_policy_code), ntohs(pol->secondary_buffer_offset)); 21.205 + switch (ntohs(pol->primary_policy_code)) { 21.206 + case ACM_CHINESE_WALL_POLICY: 21.207 + acm_dump_chinesewall_buffer(buf+ntohs(pol->primary_buffer_offset), 21.208 + ntohl(pol->len) - ntohs(pol->primary_buffer_offset)); 21.209 + break; 21.210 + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: 21.211 + acm_dump_ste_buffer(buf+ntohs(pol->primary_buffer_offset), 21.212 + ntohl(pol->len) - ntohs(pol->primary_buffer_offset)); 21.213 + break; 21.214 + case ACM_NULL_POLICY: 21.215 + printf("Primary policy is NULL Policy (n/a).\n"); 21.216 + break; 21.217 + default: 21.218 + printf("UNKNOWN POLICY!\n"); 21.219 + } 21.220 + switch (ntohs(pol->secondary_policy_code)) { 21.221 + case ACM_CHINESE_WALL_POLICY: 21.222 + acm_dump_chinesewall_buffer(buf+ntohs(pol->secondary_buffer_offset), 21.223 + ntohl(pol->len) - ntohs(pol->secondary_buffer_offset)); 21.224 + break; 21.225 + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: 21.226 + acm_dump_ste_buffer(buf+ntohs(pol->secondary_buffer_offset), 21.227 + ntohl(pol->len) - ntohs(pol->secondary_buffer_offset)); 21.228 + break; 21.229 + case ACM_NULL_POLICY: 21.230 + printf("Secondary policy is NULL Policy (n/a).\n"); 21.231 + break; 21.232 + default: 21.233 + printf("UNKNOWN POLICY!\n"); 21.234 + } 21.235 + printf("\nPolicy dump End.\n\n"); 21.236 +} 21.237 + 21.238 +/*************************** set policy ****************************/ 21.239 + 21.240 +int acm_domain_set_chwallpolicy(void *bufstart, int buflen) { 21.241 +#define CWALL_MAX_SSIDREFS 5 21.242 +#define CWALL_MAX_TYPES 10 21.243 +#define CWALL_MAX_CONFLICTSETS 2 21.244 + 21.245 + struct acm_chwall_policy_buffer *chwall_bin_pol = (struct acm_chwall_policy_buffer *)bufstart; 21.246 + domaintype_t *ssidrefs, *conflicts; 21.247 + int ret = 0; 21.248 + int i,j; 21.249 + 21.250 + chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES); 21.251 + chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS); 21.252 + chwall_bin_pol->policy_code = htons(ACM_CHINESE_WALL_POLICY); 21.253 + chwall_bin_pol->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer)); 21.254 + chwall_bin_pol->chwall_max_conflictsets = htons(CWALL_MAX_CONFLICTSETS); 21.255 + chwall_bin_pol->chwall_conflict_sets_offset = 21.256 + htons( 21.257 + ntohs(chwall_bin_pol->chwall_ssid_offset) + 21.258 + sizeof(domaintype_t)*CWALL_MAX_SSIDREFS*CWALL_MAX_TYPES); 21.259 + chwall_bin_pol->chwall_running_types_offset = 0; /* not set */ 21.260 + chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */ 21.261 + ret += sizeof(struct acm_chwall_policy_buffer); 21.262 + /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */ 21.263 + /* check buffer size */ 21.264 + if ((buflen - ret) < (CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t))) 21.265 + return -1; /* not enough space */ 21.266 + 21.267 + ssidrefs = (domaintype_t *)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset)); 21.268 + for(i=0; i< CWALL_MAX_SSIDREFS; i++) { 21.269 + for (j=0; j< CWALL_MAX_TYPES; j++) 21.270 + ssidrefs[i*CWALL_MAX_TYPES + j] = htons(0); 21.271 + /* here, set type i for ssidref i; generally, a ssidref can have multiple chwall types */ 21.272 + if (i < CWALL_MAX_SSIDREFS) 21.273 + ssidrefs[i*CWALL_MAX_TYPES + i] = htons(1); 21.274 + } 21.275 + ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t); 21.276 + if ((buflen - ret) < (CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t))) 21.277 + return -1; /* not enough space */ 21.278 + 21.279 + /* now the chinese wall policy conflict sets*/ 21.280 + conflicts = (domaintype_t *)(bufstart + 21.281 + ntohs(chwall_bin_pol->chwall_conflict_sets_offset)); 21.282 + memset((void *)conflicts, 0, CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)); 21.283 + /* just 1 conflict set [0]={2,3}, [1]={0,5,6} */ 21.284 + if (CWALL_MAX_TYPES > 3) { 21.285 + conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */ 21.286 + conflicts[CWALL_MAX_TYPES] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); 21.287 + conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */ 21.288 + } 21.289 + ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES; 21.290 + return ret; 21.291 +} 21.292 + 21.293 +int acm_domain_set_stepolicy(void *bufstart, int buflen) { 21.294 +#define STE_MAX_SSIDREFS 5 21.295 +#define STE_MAX_TYPES 5 21.296 + 21.297 + struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer *)bufstart; 21.298 + domaintype_t *ssidrefs; 21.299 + int i,j, ret = 0; 21.300 + 21.301 + ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES); 21.302 + ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS); 21.303 + ste_bin_pol->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 21.304 + ste_bin_pol->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer)); 21.305 + ret += sizeof(struct acm_ste_policy_buffer); 21.306 + /* check buffer size */ 21.307 + if ((buflen - ret) < (STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t))) 21.308 + return -1; /* not enough space */ 21.309 + 21.310 + ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset)); 21.311 + for(i=0; i< STE_MAX_SSIDREFS; i++) { 21.312 + for (j=0; j< STE_MAX_TYPES; j++) 21.313 + ssidrefs[i*STE_MAX_TYPES + j] = htons(0); 21.314 + /* set type i in ssidref 0 and ssidref i */ 21.315 + ssidrefs[i] = htons(1); /* ssidref 0 has all types set */ 21.316 + if (i < STE_MAX_SSIDREFS) 21.317 + ssidrefs[i*STE_MAX_TYPES + i] = htons(1); 21.318 + } 21.319 + ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t); 21.320 + return ret; 21.321 +} 21.322 + 21.323 +#define MAX_PUSH_BUFFER 16384 21.324 +u8 push_buffer[MAX_PUSH_BUFFER]; 21.325 + 21.326 +int acm_domain_setpolicy(int xc_handle) 21.327 +{ 21.328 + int ret; 21.329 + struct acm_policy_buffer *bin_pol; 21.330 + policy_op_t op; 21.331 + 21.332 + /* future: read policy from file and set it */ 21.333 + bin_pol = (struct acm_policy_buffer *)push_buffer; 21.334 + bin_pol->magic = htonl(ACM_MAGIC); 21.335 + bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION); 21.336 + bin_pol->primary_policy_code = htons(ACM_CHINESE_WALL_POLICY); 21.337 + bin_pol->secondary_policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 21.338 + 21.339 + bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); 21.340 + bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len)); 21.341 + ret = acm_domain_set_chwallpolicy(push_buffer + ntohs(bin_pol->primary_buffer_offset), 21.342 + MAX_PUSH_BUFFER - ntohs(bin_pol->primary_buffer_offset)); 21.343 + if (ret < 0) { 21.344 + printf("ERROR creating chwallpolicy buffer.\n"); 21.345 + return -1; 21.346 + } 21.347 + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 21.348 + bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); 21.349 + ret = acm_domain_set_stepolicy(push_buffer + ntohs(bin_pol->secondary_buffer_offset), 21.350 + MAX_PUSH_BUFFER - ntohs(bin_pol->secondary_buffer_offset)); 21.351 + if (ret < 0) { 21.352 + printf("ERROR creating chwallpolicy buffer.\n"); 21.353 + return -1; 21.354 + } 21.355 + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 21.356 + 21.357 + /* dump it and then push it down into xen/acm */ 21.358 + acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len)); 21.359 + op.cmd = POLICY_SETPOLICY; 21.360 + op.u.setpolicy.pushcache = (void *)push_buffer; 21.361 + op.u.setpolicy.pushcache_size = ntohl(bin_pol->len); 21.362 + op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY; 21.363 + ret = do_policy_op(xc_handle, &op); 21.364 + 21.365 + if (ret) 21.366 + printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); 21.367 + else 21.368 + printf("Successfully changed policy.\n"); 21.369 + return ret; 21.370 +} 21.371 + 21.372 +/******************************* get policy ******************************/ 21.373 + 21.374 +#define PULL_CACHE_SIZE 8192 21.375 +u8 pull_buffer[PULL_CACHE_SIZE]; 21.376 +int acm_domain_getpolicy(int xc_handle) 21.377 +{ 21.378 + policy_op_t op; 21.379 + int ret; 21.380 + 21.381 + memset(pull_buffer, 0x00, sizeof(pull_buffer)); 21.382 + op.cmd = POLICY_GETPOLICY; 21.383 + op.u.getpolicy.pullcache = (void *)pull_buffer; 21.384 + op.u.getpolicy.pullcache_size = sizeof(pull_buffer); 21.385 + ret = do_policy_op(xc_handle, &op); 21.386 + /* dump policy */ 21.387 + acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer)); 21.388 + return ret; 21.389 +} 21.390 + 21.391 +/************************ load binary policy ******************************/ 21.392 + 21.393 +int acm_domain_loadpolicy(int xc_handle, 21.394 + const char *filename) 21.395 +{ 21.396 + struct stat mystat; 21.397 + int ret, fd; 21.398 + off_t len; 21.399 + u8 *buffer; 21.400 + 21.401 + if ((ret = stat(filename, &mystat))) { 21.402 + printf("File %s not found.\n",filename); 21.403 + goto out; 21.404 + } 21.405 + 21.406 + len = mystat.st_size; 21.407 + if ((buffer = malloc(len)) == NULL) { 21.408 + ret = -ENOMEM; 21.409 + goto out; 21.410 + } 21.411 + if ((fd = open(filename, O_RDONLY)) <= 0) { 21.412 + ret = -ENOENT; 21.413 + printf("File %s not found.\n",filename); 21.414 + goto free_out; 21.415 + } 21.416 + if (len == read(fd, buffer, len)) { 21.417 + policy_op_t op; 21.418 + /* dump it and then push it down into xen/acm */ 21.419 + acm_dump_policy_buffer(buffer, len); 21.420 + op.cmd = POLICY_SETPOLICY; 21.421 + op.u.setpolicy.pushcache = (void *)buffer; 21.422 + op.u.setpolicy.pushcache_size = len; 21.423 + op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY; 21.424 + ret = do_policy_op(xc_handle, &op); 21.425 + 21.426 + if (ret) 21.427 + printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); 21.428 + else 21.429 + printf("Successfully changed policy.\n"); 21.430 + 21.431 + } else { 21.432 + ret = -1; 21.433 + } 21.434 + close(fd); 21.435 + free_out: 21.436 + free(buffer); 21.437 + out: 21.438 + return ret; 21.439 +} 21.440 + 21.441 +/************************ dump hook statistics ******************************/ 21.442 +void 21.443 +dump_ste_stats(struct acm_ste_stats_buffer *ste_stats) 21.444 +{ 21.445 + printf("STE-Policy Security Hook Statistics:\n"); 21.446 + printf("ste: event_channel eval_count = %d\n", ntohl(ste_stats->ec_eval_count)); 21.447 + printf("ste: event_channel denied_count = %d\n", ntohl(ste_stats->ec_denied_count)); 21.448 + printf("ste: event_channel cache_hit_count = %d\n", ntohl(ste_stats->ec_cachehit_count)); 21.449 + printf("ste:\n"); 21.450 + printf("ste: grant_table eval_count = %d\n", ntohl(ste_stats->gt_eval_count)); 21.451 + printf("ste: grant_table denied_count = %d\n", ntohl(ste_stats->gt_denied_count)); 21.452 + printf("ste: grant_table cache_hit_count = %d\n", ntohl(ste_stats->gt_cachehit_count)); 21.453 +} 21.454 + 21.455 +#define PULL_STATS_SIZE 8192 21.456 +int acm_domain_dumpstats(int xc_handle) 21.457 +{ 21.458 + u8 stats_buffer[PULL_STATS_SIZE]; 21.459 + policy_op_t op; 21.460 + int ret; 21.461 + struct acm_stats_buffer *stats; 21.462 + 21.463 + memset(stats_buffer, 0x00, sizeof(stats_buffer)); 21.464 + op.cmd = POLICY_DUMPSTATS; 21.465 + op.u.dumpstats.pullcache = (void *)stats_buffer; 21.466 + op.u.dumpstats.pullcache_size = sizeof(stats_buffer); 21.467 + ret = do_policy_op(xc_handle, &op); 21.468 + 21.469 + if (ret < 0) { 21.470 + printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); 21.471 + return ret; 21.472 + } 21.473 + stats = (struct acm_stats_buffer *)stats_buffer; 21.474 + 21.475 + printf("\nPolicy dump:\n"); 21.476 + printf("============\n"); 21.477 + printf("Magic = %x.\n", ntohl(stats->magic)); 21.478 + printf("PolVer = %x.\n", ntohl(stats->policyversion)); 21.479 + printf("Len = %x.\n", ntohl(stats->len)); 21.480 + 21.481 + switch(ntohs(stats->primary_policy_code)) { 21.482 + case ACM_NULL_POLICY: 21.483 + printf("NULL Policy: No statistics apply.\n"); 21.484 + break; 21.485 + case ACM_CHINESE_WALL_POLICY: 21.486 + printf("Chinese Wall Policy: No statistics apply.\n"); 21.487 + break; 21.488 + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: 21.489 + dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->primary_stats_offset))); 21.490 + break; 21.491 + default: 21.492 + printf("UNKNOWN PRIMARY POLICY ERROR!\n"); 21.493 + } 21.494 + switch(ntohs(stats->secondary_policy_code)) { 21.495 + case ACM_NULL_POLICY: 21.496 + printf("NULL Policy: No statistics apply.\n"); 21.497 + break; 21.498 + case ACM_CHINESE_WALL_POLICY: 21.499 + printf("Chinese Wall Policy: No statistics apply.\n"); 21.500 + break; 21.501 + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: 21.502 + dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->secondary_stats_offset))); 21.503 + break; 21.504 + default: 21.505 + printf("UNKNOWN SECONDARY POLICY ERROR!\n"); 21.506 + } 21.507 + return ret; 21.508 +} 21.509 + 21.510 +/***************************** main **************************************/ 21.511 + 21.512 +void 21.513 +usage(char *progname){ 21.514 + printf("Use: %s \n" 21.515 + "\t setpolicy\n" 21.516 + "\t getpolicy\n" 21.517 + "\t dumpstats\n" 21.518 + "\t loadpolicy <binary policy file>\n", progname); 21.519 + exit(-1); 21.520 +} 21.521 + 21.522 +int 21.523 +main(int argc, char **argv) { 21.524 + 21.525 + int policycmd_fd; 21.526 + 21.527 + if (argc < 2) 21.528 + usage(argv[0]); 21.529 + 21.530 + if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { 21.531 + printf("ERROR: Could not open xen policycmd device!\n"); 21.532 + exit(-1); 21.533 + } 21.534 + 21.535 + if (!strcmp(argv[1], "setpolicy")) { 21.536 + if (argc != 2) 21.537 + usage(argv[0]); 21.538 + acm_domain_setpolicy(policycmd_fd); 21.539 + 21.540 + } else if (!strcmp(argv[1], "getpolicy")) { 21.541 + if (argc != 2) 21.542 + usage(argv[0]); 21.543 + acm_domain_getpolicy(policycmd_fd); 21.544 + 21.545 + } else if (!strcmp(argv[1], "loadpolicy")) { 21.546 + if (argc != 3) 21.547 + usage(argv[0]); 21.548 + acm_domain_loadpolicy(policycmd_fd, argv[2]); 21.549 + 21.550 + } else if (!strcmp(argv[1], "dumpstats")) { 21.551 + if (argc != 2) 21.552 + usage(argv[0]); 21.553 + acm_domain_dumpstats(policycmd_fd); 21.554 + 21.555 + } else 21.556 + usage(argv[0]); 21.557 + 21.558 + close(policycmd_fd); 21.559 + return 0; 21.560 +}
22.1 --- a/tools/python/xen/lowlevel/xc/xc.c Sat Jun 18 00:49:11 2005 +0000 22.2 +++ b/tools/python/xen/lowlevel/xc/xc.c Tue Jun 21 07:02:30 2005 +0000 22.3 @@ -78,13 +78,14 @@ static PyObject *pyxc_domain_create(PyOb 22.4 22.5 u32 dom = 0; 22.6 int ret; 22.7 + u32 ssidref = 0xFFFFFFFF; 22.8 22.9 - static char *kwd_list[] = { "dom", NULL }; 22.10 + static char *kwd_list[] = { "dom", "ssidref", NULL }; 22.11 22.12 - if ( !PyArg_ParseTupleAndKeywords(args, kwds, "|i", kwd_list, &dom)) 22.13 + if ( !PyArg_ParseTupleAndKeywords(args, kwds, "|ii", kwd_list, &dom, &ssidref)) 22.14 return NULL; 22.15 22.16 - if ( (ret = xc_domain_create(xc->xc_handle, &dom)) < 0 ) 22.17 + if ( (ret = xc_domain_create(xc->xc_handle, ssidref, &dom)) < 0 ) 22.18 return PyErr_SetFromErrno(xc_error); 22.19 22.20 return PyInt_FromLong(dom); 22.21 @@ -230,7 +231,7 @@ static PyObject *pyxc_domain_getinfo(PyO 22.22 } 22.23 22.24 info_dict = Py_BuildValue("{s:i,s:i,s:i,s:i,s:i,s:i,s:i,s:i" 22.25 - ",s:l,s:L,s:l,s:i}", 22.26 + ",s:l,s:L,s:l,s:i,s:i}", 22.27 "dom", info[i].domid, 22.28 "vcpus", info[i].vcpus, 22.29 "dying", info[i].dying, 22.30 @@ -242,6 +243,7 @@ static PyObject *pyxc_domain_getinfo(PyO 22.31 "mem_kb", info[i].nr_pages*4, 22.32 "cpu_time", info[i].cpu_time, 22.33 "maxmem_kb", info[i].max_memkb, 22.34 + "ssidref", info[i].ssidref, 22.35 "shutdown_reason", info[i].shutdown_reason); 22.36 PyDict_SetItemString( info_dict, "vcpu_to_cpu", vcpu_list ); 22.37 PyDict_SetItemString( info_dict, "cpumap", cpumap_list );
23.1 --- a/tools/python/xen/lowlevel/xs/xs.c Sat Jun 18 00:49:11 2005 +0000 23.2 +++ b/tools/python/xen/lowlevel/xs/xs.c Tue Jun 21 07:02:30 2005 +0000 23.3 @@ -1,7 +1,7 @@ 23.4 /* 23.5 - Python interface to the Xen Store Daemon. 23.6 - Copyright (C) 2005 Mike Wray Hewlett-Packard 23.7 -*/ 23.8 + * Python interface to the Xen Store Daemon. 23.9 + * Copyright (C) 2005 Mike Wray Hewlett-Packard 23.10 + */ 23.11 23.12 #include <Python.h> 23.13 23.14 @@ -196,6 +196,7 @@ static PyObject *xspy_mkdir(PyObject *se 23.15 #define xspy_rm_doc "\n" \ 23.16 "Remove a path.\n" \ 23.17 " path [string] : path to remove\n" \ 23.18 + "\n" \ 23.19 "Returns: [int] 0 on success.\n" \ 23.20 "Raises RuntimeError on error.\n" \ 23.21 "\n" 23.22 @@ -339,13 +340,14 @@ static PyObject *xspy_set_permissions(Py 23.23 return val; 23.24 } 23.25 23.26 -#define xspy_watch_doc "\n" \ 23.27 - "Watch a path, get notifications when it changes.\n" \ 23.28 - " path [string] : xenstore path.\n" \ 23.29 - " token [string] : returned in watch notification\n" \ 23.30 - "\n" \ 23.31 - "Returns: [int] 0 on success.\n" \ 23.32 - "Raises RuntimeError on error.\n" \ 23.33 +#define xspy_watch_doc "\n" \ 23.34 + "Watch a path, get notifications when it changes.\n" \ 23.35 + " path [string] : xenstore path.\n" \ 23.36 + " priority [int] : watch priority (default 0).\n" \ 23.37 + " token [string] : returned in watch notification.\n" \ 23.38 + "\n" \ 23.39 + "Returns: [int] 0 on success.\n" \ 23.40 + "Raises RuntimeError on error.\n" \ 23.41 "\n" 23.42 23.43 static PyObject *xspy_watch(PyObject *self, PyObject *args, PyObject *kwds) 23.44 @@ -371,12 +373,14 @@ static PyObject *xspy_watch(PyObject *se 23.45 return val; 23.46 } 23.47 23.48 -#define xspy_read_watch_doc "\n" \ 23.49 - "Read a watch notification.\n" \ 23.50 - " path [string]: xenstore path.\n" \ 23.51 - "\n" \ 23.52 - "Returns: [tuple] (path, token).\n" \ 23.53 - "Raises RuntimeError on error.\n" \ 23.54 +#define xspy_read_watch_doc "\n" \ 23.55 + "Read a watch notification.\n" \ 23.56 + "The notification must be acknowledged by passing\n" \ 23.57 + "the token to acknowledge_watch().\n" \ 23.58 + " path [string]: xenstore path.\n" \ 23.59 + "\n" \ 23.60 + "Returns: [tuple] (path, token).\n" \ 23.61 + "Raises RuntimeError on error.\n" \ 23.62 "\n" 23.63 23.64 static PyObject *xspy_read_watch(PyObject *self, PyObject *args, 23.65 @@ -408,7 +412,7 @@ static PyObject *xspy_read_watch(PyObjec 23.66 23.67 #define xspy_acknowledge_watch_doc "\n" \ 23.68 "Acknowledge a watch notification that has been read.\n" \ 23.69 - " token [string] : returned in watch notification\n" \ 23.70 + " token [string] : from the watch notification\n" \ 23.71 "\n" \ 23.72 "Returns: [int] 0 on success.\n" \ 23.73 "Raises RuntimeError on error.\n" \ 23.74 @@ -499,7 +503,7 @@ static PyObject *xspy_transaction_start( 23.75 #define xspy_transaction_end_doc "\n" \ 23.76 "End the current transaction.\n" \ 23.77 "Attempts to commit the transaction unless abort is true.\n" \ 23.78 - " abort [int]: Abort flag..\n" \ 23.79 + " abort [int]: abort flag (default 0).\n" \ 23.80 "\n" \ 23.81 "Returns: [int] 0 on success.\n" \ 23.82 "Raises RuntimeError on error.\n" \ 23.83 @@ -556,10 +560,7 @@ static PyObject *xspy_introduce_domain(P 23.84 if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec, 23.85 &dom, &page, &port, &path)) 23.86 goto exit; 23.87 - printf("%s> dom=%u page=0x%08lx port=%u path=%s\n", __FUNCTION__, dom, 23.88 - page, port, path); 23.89 xsval = xs_introduce_domain(xh, dom, page, port, path); 23.90 - printf("%s> xsval=%d\n", __FUNCTION__, xsval); 23.91 val = pyvalue_int(xsval); 23.92 exit: 23.93 return val; 23.94 @@ -590,9 +591,7 @@ static PyObject *xspy_release_domain(PyO 23.95 if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec, 23.96 &dom)) 23.97 goto exit; 23.98 - printf("%s> dom=%u\n", __FUNCTION__, dom); 23.99 xsval = xs_release_domain(xh, dom); 23.100 - printf("%s> xsval=%d\n", __FUNCTION__, xsval); 23.101 val = pyvalue_int(xsval); 23.102 exit: 23.103 return val; 23.104 @@ -651,6 +650,28 @@ static PyObject *xspy_shutdown(PyObject 23.105 return val; 23.106 } 23.107 23.108 +#define xspy_fileno_doc "\n" \ 23.109 + "Get the file descriptor of the xenstore socket.\n" \ 23.110 + "Allows an xs object to be passed to select().\n" \ 23.111 + "\n" \ 23.112 + "Returns: [int] file descriptor.\n" \ 23.113 + "\n" 23.114 + 23.115 +static PyObject *xspy_fileno(PyObject *self, PyObject *args, PyObject *kwds) 23.116 +{ 23.117 + static char *kwd_spec[] = { NULL }; 23.118 + static char *arg_spec = ""; 23.119 + 23.120 + struct xs_handle *xh = xshandle(self); 23.121 + PyObject *val = NULL; 23.122 + 23.123 + if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec)) 23.124 + goto exit; 23.125 + val = PyInt_FromLong((xh ? xs_fileno(xh) : -1)); 23.126 + exit: 23.127 + return val; 23.128 +} 23.129 + 23.130 #define XSPY_METH(_name) { \ 23.131 .ml_name = #_name, \ 23.132 .ml_meth = (PyCFunction) xspy_ ## _name, \ 23.133 @@ -675,17 +696,14 @@ static PyMethodDef xshandle_methods[] = 23.134 XSPY_METH(release_domain), 23.135 XSPY_METH(close), 23.136 XSPY_METH(shutdown), 23.137 + XSPY_METH(fileno), 23.138 { /* Terminator. */ }, 23.139 }; 23.140 23.141 static PyObject *xshandle_getattr(PyObject *self, char *name) 23.142 { 23.143 PyObject *val = NULL; 23.144 - if (strcmp(name, "fileno") == 0) { 23.145 - struct xs_handle *xh = xshandle(self); 23.146 - val = PyInt_FromLong((xh ? xs_fileno(xh) : -1)); 23.147 - } else 23.148 - val = Py_FindMethod(xshandle_methods, self, name); 23.149 + val = Py_FindMethod(xshandle_methods, self, name); 23.150 return val; 23.151 } 23.152 23.153 @@ -754,7 +772,7 @@ static PyMethodDef xs_methods[] = { 23.154 "Raises RuntimeError on error.\n" 23.155 "\n" 23.156 }, 23.157 - { NULL, NULL, 0, NULL } 23.158 + { /* Terminator. */ } 23.159 }; 23.160 23.161 PyMODINIT_FUNC initxs (void)
24.1 --- a/tools/python/xen/xend/XendDomainInfo.py Sat Jun 18 00:49:11 2005 +0000 24.2 +++ b/tools/python/xen/xend/XendDomainInfo.py Tue Jun 21 07:02:30 2005 +0000 24.3 @@ -202,7 +202,9 @@ class XendDomainInfo: 24.4 """ 24.5 db = parentdb.addChild(uuid) 24.6 vm = cls(db) 24.7 - id = xc.domain_create() 24.8 + ssidref = int(sxp.child_value(config, 'ssidref')) 24.9 + log.debug('restoring with ssidref='+str(ssidref)) 24.10 + id = xc.domain_create(ssidref = ssidref) 24.11 vm.setdom(id) 24.12 try: 24.13 vm.restore = True 24.14 @@ -241,6 +243,7 @@ class XendDomainInfo: 24.15 self.start_time = None 24.16 self.name = None 24.17 self.memory = None 24.18 + self.ssidref = None 24.19 self.image = None 24.20 24.21 self.channel = None 24.22 @@ -316,6 +319,7 @@ class XendDomainInfo: 24.23 """ 24.24 self.info = info 24.25 self.memory = self.info['mem_kb'] / 1024 24.26 + self.ssidref = self.info['ssidref'] 24.27 24.28 def state_set(self, state): 24.29 self.state_updated.acquire() 24.30 @@ -336,6 +340,7 @@ class XendDomainInfo: 24.31 s += " id=" + str(self.id) 24.32 s += " name=" + self.name 24.33 s += " memory=" + str(self.memory) 24.34 + s += " ssidref=" + str(self.ssidref) 24.35 console = self.getConsole() 24.36 if console: 24.37 s += " console=" + str(console.console_port) 24.38 @@ -398,7 +403,8 @@ class XendDomainInfo: 24.39 sxpr = ['domain', 24.40 ['id', self.id], 24.41 ['name', self.name], 24.42 - ['memory', self.memory] ] 24.43 + ['memory', self.memory], 24.44 + ['ssidref', self.ssidref] ] 24.45 if self.uuid: 24.46 sxpr.append(['uuid', self.uuid]) 24.47 if self.info: 24.48 @@ -511,7 +517,7 @@ class XendDomainInfo: 24.49 self.configure_restart() 24.50 self.construct_image() 24.51 self.configure() 24.52 - self.exportToDB() 24.53 + self.exportToDB(save=True) 24.54 except Exception, ex: 24.55 # Catch errors, cleanup and re-raise. 24.56 print 'Domain construction error:', ex 24.57 @@ -523,7 +529,7 @@ class XendDomainInfo: 24.58 def register_domain(self): 24.59 xd = get_component('xen.xend.XendDomain') 24.60 xd._add_domain(self) 24.61 - self.exportToDB() 24.62 + self.exportToDB(save=True) 24.63 24.64 def configure_cpus(self, config): 24.65 try: 24.66 @@ -533,6 +539,7 @@ class XendDomainInfo: 24.67 self.memory = int(sxp.child_value(config, 'memory')) 24.68 if self.memory is None: 24.69 raise VmError('missing memory size') 24.70 + self.ssidref = int(sxp.child_value(config, 'ssidref')) 24.71 cpu = sxp.child_value(config, 'cpu') 24.72 if self.recreate and self.id and cpu is not None and int(cpu) >= 0: 24.73 xc.domain_pincpu(self.id, 0, 1<<int(cpu)) 24.74 @@ -644,7 +651,7 @@ class XendDomainInfo: 24.75 def show(self): 24.76 """Print virtual machine info. 24.77 """ 24.78 - print "[VM dom=%d name=%s memory=%d" % (self.id, self.name, self.memory) 24.79 + print "[VM dom=%d name=%s memory=%d ssidref=%d" % (self.id, self.name, self.memory, self.ssidref) 24.80 print "image:" 24.81 sxp.show(self.image) 24.82 print "]" 24.83 @@ -660,7 +667,7 @@ class XendDomainInfo: 24.84 cpu = int(sxp.child_value(self.config, 'cpu', '-1')) 24.85 except: 24.86 raise VmError('invalid cpu') 24.87 - id = self.image.initDomain(self.id, self.memory, cpu, self.cpu_weight) 24.88 + id = self.image.initDomain(self.id, self.memory, self.ssidref, cpu, self.cpu_weight) 24.89 log.debug('init_domain> Created domain=%d name=%s memory=%d', 24.90 id, self.name, self.memory) 24.91 self.setdom(id) 24.92 @@ -1011,6 +1018,7 @@ addImageHandlerClass(VmxImageHandler) 24.93 # Ignore the fields we already handle. 24.94 add_config_handler('name', vm_field_ignore) 24.95 add_config_handler('memory', vm_field_ignore) 24.96 +add_config_handler('ssidref', vm_field_ignore) 24.97 add_config_handler('cpu', vm_field_ignore) 24.98 add_config_handler('cpu_weight', vm_field_ignore) 24.99 add_config_handler('console', vm_field_ignore)
25.1 --- a/tools/python/xen/xend/image.py Sat Jun 18 00:49:11 2005 +0000 25.2 +++ b/tools/python/xen/xend/image.py Tue Jun 21 07:02:30 2005 +0000 25.3 @@ -111,7 +111,7 @@ class ImageHandler: 25.4 except OSError, ex: 25.5 log.warning("error removing bootloader file '%s': %s", f, ex) 25.6 25.7 - def initDomain(self, dom, memory, cpu, cpu_weight): 25.8 + def initDomain(self, dom, memory, ssidref, cpu, cpu_weight): 25.9 """Initial domain create. 25.10 25.11 @return domain id 25.12 @@ -119,14 +119,14 @@ class ImageHandler: 25.13 25.14 mem_kb = self.getDomainMemory(memory) 25.15 if not self.vm.restore: 25.16 - dom = xc.domain_create(dom = dom or 0) 25.17 + dom = xc.domain_create(dom = dom or 0, ssidref = ssidref) 25.18 # if bootloader, unlink here. But should go after buildDomain() ? 25.19 if self.vm.bootloader: 25.20 self.unlink(self.kernel) 25.21 self.unlink(self.ramdisk) 25.22 if dom <= 0: 25.23 raise VmError('Creating domain failed: name=%s' % self.vm.name) 25.24 - log.debug("initDomain: cpu=%d mem_kb=%d dom=%d", cpu, mem_kb, dom) 25.25 + log.debug("initDomain: cpu=%d mem_kb=%d ssidref=%d dom=%d", cpu, mem_kb, ssidref, dom) 25.26 # xc.domain_setuuid(dom, uuid) 25.27 xc.domain_setcpuweight(dom, cpu_weight) 25.28 xc.domain_setmaxmem(dom, mem_kb)
26.1 --- a/tools/python/xen/xend/server/SrvDomainDir.py Sat Jun 18 00:49:11 2005 +0000 26.2 +++ b/tools/python/xen/xend/server/SrvDomainDir.py Tue Jun 21 07:02:30 2005 +0000 26.3 @@ -142,6 +142,7 @@ class SrvDomainDir(SrvDir): 26.4 % (url, d.name, d.name)) 26.5 req.write('id=%s' % d.id) 26.6 req.write('memory=%d'% d.memory) 26.7 + req.write('ssidref=%d'% d.ssidref) 26.8 req.write('</li>') 26.9 req.write('</ul>') 26.10
27.1 --- a/tools/python/xen/xend/server/blkif.py Sat Jun 18 00:49:11 2005 +0000 27.2 +++ b/tools/python/xen/xend/server/blkif.py Tue Jun 21 07:02:30 2005 +0000 27.3 @@ -50,6 +50,9 @@ class BlkifBackend: 27.4 def getId(self): 27.5 return self.id 27.6 27.7 + def getEvtchn(self): 27.8 + return self.evtchn 27.9 + 27.10 def closeEvtchn(self): 27.11 if self.evtchn: 27.12 channel.eventChannelClose(self.evtchn) 27.13 @@ -198,7 +201,7 @@ class BlkDev(Dev): 27.14 backend = self.getBackend() 27.15 if backend and backend.evtchn: 27.16 db = self.db.addChild("evtchn") 27.17 - backend.evtchn.exportToDB(db, save=save) 27.18 + backend.evtchn.saveToDB(db, save=save) 27.19 27.20 def init(self, recreate=False, reboot=False): 27.21 self.frontendDomain = self.getDomain()
28.1 --- a/tools/python/xen/xend/server/netif.py Sat Jun 18 00:49:11 2005 +0000 28.2 +++ b/tools/python/xen/xend/server/netif.py Tue Jun 21 07:02:30 2005 +0000 28.3 @@ -95,7 +95,7 @@ class NetDev(Dev): 28.4 Dev.exportToDB(self, save=save) 28.5 if self.evtchn: 28.6 db = self.db.addChild("evtchn") 28.7 - self.evtchn.exportToDB(db, save=save) 28.8 + self.evtchn.saveToDB(db, save=save) 28.9 28.10 def init(self, recreate=False, reboot=False): 28.11 self.destroyed = False
29.1 --- a/tools/python/xen/xend/xenstore/xsnode.py Sat Jun 18 00:49:11 2005 +0000 29.2 +++ b/tools/python/xen/xend/xenstore/xsnode.py Tue Jun 21 07:02:30 2005 +0000 29.3 @@ -64,7 +64,7 @@ class Watcher: 29.4 29.5 def fileno(self): 29.6 if self.xs: 29.7 - return self.xs.fileno 29.8 + return self.xs.fileno() 29.9 else: 29.10 return -1 29.11
30.1 --- a/tools/python/xen/xm/create.py Sat Jun 18 00:49:11 2005 +0000 30.2 +++ b/tools/python/xen/xm/create.py Tue Jun 21 07:02:30 2005 +0000 30.3 @@ -120,6 +120,10 @@ gopts.var('memory', val='MEMORY', 30.4 fn=set_int, default=128, 30.5 use="Domain memory in MB.") 30.6 30.7 +gopts.var('ssidref', val='SSIDREF', 30.8 + fn=set_u32, default=0xffffffff, 30.9 + use="Security Identifier.") 30.10 + 30.11 gopts.var('maxmem', val='MEMORY', 30.12 fn=set_int, default=None, 30.13 use="Maximum domain memory in MB.") 30.14 @@ -405,7 +409,8 @@ def make_config(opts, vals): 30.15 30.16 config = ['vm', 30.17 ['name', vals.name ], 30.18 - ['memory', vals.memory ]] 30.19 + ['memory', vals.memory ], 30.20 + ['ssidref', vals.ssidref ]] 30.21 if vals.maxmem: 30.22 config.append(['maxmem', vals.maxmem]) 30.23 if vals.cpu is not None:
31.1 --- a/tools/python/xen/xm/main.py Sat Jun 18 00:49:11 2005 +0000 31.2 +++ b/tools/python/xen/xm/main.py Tue Jun 21 07:02:30 2005 +0000 31.3 @@ -383,7 +383,7 @@ class ProgList(Prog): 31.4 self.brief_list(doms) 31.5 31.6 def brief_list(self, doms): 31.7 - print 'Name Id Mem(MB) CPU VCPU(s) State Time(s) Console' 31.8 + print 'Name Id Mem(MB) CPU VCPU(s) State Time(s) Console SSID-REF' 31.9 for dom in doms: 31.10 info = server.xend_domain(dom) 31.11 d = {} 31.12 @@ -399,8 +399,12 @@ class ProgList(Prog): 31.13 d['port'] = sxp.child_value(console, 'console_port') 31.14 else: 31.15 d['port'] = '' 31.16 - print ("%(name)-16s %(dom)3d %(mem)7d %(cpu)3d %(vcpus)5d %(state)5s %(cpu_time)7.1f %(port)4s" 31.17 - % d) 31.18 + if ((int(sxp.child_value(info, 'ssidref', '-1'))) != -1): 31.19 + d['ssidref1'] = int(sxp.child_value(info, 'ssidref', '-1')) & 0xffff 31.20 + d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '-1')) >> 16) & 0xffff 31.21 + print ("%(name)-16s %(dom)3d %(mem)7d %(cpu)3d %(vcpus)5d %(state)5s %(cpu_time)7.1f %(port)4s s:%(ssidref2)02x/p:%(ssidref1)02x" % d) 31.22 + else: 31.23 + print ("%(name)-16s %(dom)3d %(mem)7d %(cpu)3d %(vcpus)5d %(state)5s %(cpu_time)7.1f %(port)4s default" % d) 31.24 31.25 def show_vcpus(self, doms): 31.26 print 'Name Id VCPU CPU CPUMAP'
32.1 --- a/tools/python/xen/xm/opts.py Sat Jun 18 00:49:11 2005 +0000 32.2 +++ b/tools/python/xen/xm/opts.py Tue Jun 21 07:02:30 2005 +0000 32.3 @@ -451,6 +451,13 @@ def set_bool(opt, k, v): 32.4 else: 32.5 opt.opts.err('Invalid value:' +v) 32.6 32.7 +def set_u32(opt, k, v): 32.8 + """Set an option to an u32 value.""" 32.9 + try: 32.10 + v = u32(v) 32.11 + except: 32.12 + opt.opts.err('Invalid value: ' + str(v)) 32.13 + opt.set(v) 32.14 32.15 def set_value(opt, k, v): 32.16 """Set an option to a value."""
33.1 --- a/xen/Makefile Sat Jun 18 00:49:11 2005 +0000 33.2 +++ b/xen/Makefile Tue Jun 21 07:02:30 2005 +0000 33.3 @@ -46,6 +46,7 @@ clean: delete-unfresh-files 33.4 $(MAKE) -C tools clean 33.5 $(MAKE) -C common clean 33.6 $(MAKE) -C drivers clean 33.7 + $(MAKE) -C acm clean 33.8 $(MAKE) -C arch/$(TARGET_ARCH) clean 33.9 rm -f include/asm *.o $(TARGET)* *~ core 33.10 rm -f include/asm-*/asm-offsets.h 33.11 @@ -58,6 +59,7 @@ clean: delete-unfresh-files 33.12 $(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h 33.13 $(MAKE) -C common 33.14 $(MAKE) -C drivers 33.15 + $(MAKE) -C acm 33.16 $(MAKE) -C arch/$(TARGET_ARCH) 33.17 33.18 # drivers/char/console.o may contain static banner/compile info. Blow it away. 33.19 @@ -109,7 +111,7 @@ include/asm-$(TARGET_ARCH)/asm-offsets.h 33.20 33.21 .PHONY: default debug install dist clean delete-unfresh-files TAGS tags 33.22 33.23 -SUBDIRS = arch/$(TARGET_ARCH) common drivers 33.24 +SUBDIRS = acm arch/$(TARGET_ARCH) common drivers 33.25 define all_sources 33.26 ( find include/asm-$(TARGET_ARCH) -name SCCS -prune -o -name '*.h' -print; \ 33.27 find include -type d -name SCCS -prune -o \( -name "asm-*" -o \
34.1 --- a/xen/Rules.mk Sat Jun 18 00:49:11 2005 +0000 34.2 +++ b/xen/Rules.mk Tue Jun 21 07:02:30 2005 +0000 34.3 @@ -35,6 +35,7 @@ OBJS += $(patsubst %.c,%.o,$(C_SRCS)) 34.4 ALL_OBJS := $(BASEDIR)/common/common.o 34.5 ALL_OBJS += $(BASEDIR)/drivers/char/driver.o 34.6 ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o 34.7 +ALL_OBJS += $(BASEDIR)/acm/acm.o 34.8 ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o 34.9 34.10
35.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 35.2 +++ b/xen/acm/Makefile Tue Jun 21 07:02:30 2005 +0000 35.3 @@ -0,0 +1,15 @@ 35.4 + 35.5 +include $(BASEDIR)/Rules.mk 35.6 +OBJS = acm_core.o 35.7 +OBJS += acm_policy.o 35.8 +OBJS += acm_simple_type_enforcement_hooks.o 35.9 +OBJS += acm_chinesewall_hooks.o 35.10 +OBJS += acm_null_hooks.o 35.11 + 35.12 +default: acm.o 35.13 + 35.14 +acm.o: $(OBJS) 35.15 + $(LD) $(LDFLAGS) -r -o acm.o $(OBJS) 35.16 + 35.17 +clean: 35.18 + rm -f *.o *~ core
36.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 36.2 +++ b/xen/acm/acm_chinesewall_hooks.c Tue Jun 21 07:02:30 2005 +0000 36.3 @@ -0,0 +1,503 @@ 36.4 +/**************************************************************** 36.5 + * acm_chinesewall_hooks.c 36.6 + * 36.7 + * Copyright (C) 2005 IBM Corporation 36.8 + * 36.9 + * Author: 36.10 + * Reiner Sailer <sailer@watson.ibm.com> 36.11 + * 36.12 + * Contributions: 36.13 + * Stefan Berger <stefanb@watson.ibm.com> 36.14 + * 36.15 + * This program is free software; you can redistribute it and/or 36.16 + * modify it under the terms of the GNU General Public License as 36.17 + * published by the Free Software Foundation, version 2 of the 36.18 + * License. 36.19 + * 36.20 + * sHype Chinese Wall Policy for Xen 36.21 + * This code implements the hooks that are called 36.22 + * throughout Xen operations and decides authorization 36.23 + * based on domain types and Chinese Wall conflict type 36.24 + * sets. The CHWALL policy decides if a new domain can be started 36.25 + * based on the types of running domains and the type of the 36.26 + * new domain to be started. If the new domain's type is in 36.27 + * conflict with types of running domains, then this new domain 36.28 + * is not allowed to be created. A domain can have multiple types, 36.29 + * in which case all types of a new domain must be conflict-free 36.30 + * with all types of already running domains. 36.31 + * 36.32 + */ 36.33 +#include <xen/config.h> 36.34 +#include <xen/errno.h> 36.35 +#include <xen/types.h> 36.36 +#include <xen/lib.h> 36.37 +#include <xen/delay.h> 36.38 +#include <xen/sched.h> 36.39 +#include <public/acm.h> 36.40 +#include <asm/atomic.h> 36.41 +#include <acm/acm_core.h> 36.42 +#include <acm/acm_hooks.h> 36.43 +#include <acm/acm_endian.h> 36.44 + 36.45 +/* local cache structures for chinese wall policy */ 36.46 +struct chwall_binary_policy chwall_bin_pol; 36.47 + 36.48 +/* 36.49 + * Initializing chinese wall policy (will be filled by policy partition 36.50 + * using setpolicy command) 36.51 + */ 36.52 +int acm_init_chwall_policy(void) 36.53 +{ 36.54 + /* minimal startup policy; policy write-locked already */ 36.55 + chwall_bin_pol.max_types = 1; 36.56 + chwall_bin_pol.max_ssidrefs = 1; 36.57 + chwall_bin_pol.max_conflictsets = 1; 36.58 + chwall_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types); 36.59 + chwall_bin_pol.conflict_sets = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types); 36.60 + chwall_bin_pol.running_types = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_types); 36.61 + chwall_bin_pol.conflict_aggregate_set = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_types); 36.62 + 36.63 + if ((chwall_bin_pol.conflict_sets == NULL) || (chwall_bin_pol.running_types == NULL) || 36.64 + (chwall_bin_pol.ssidrefs == NULL) || (chwall_bin_pol.conflict_aggregate_set == NULL)) 36.65 + return ACM_INIT_SSID_ERROR; 36.66 + 36.67 + /* initialize state */ 36.68 + memset((void *)chwall_bin_pol.ssidrefs, 0, chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types*sizeof(domaintype_t)); 36.69 + memset((void *)chwall_bin_pol.conflict_sets, 0, chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types*sizeof(domaintype_t)); 36.70 + memset((void *)chwall_bin_pol.running_types, 0, chwall_bin_pol.max_types*sizeof(domaintype_t)); 36.71 + memset((void *)chwall_bin_pol.conflict_aggregate_set, 0, chwall_bin_pol.max_types*sizeof(domaintype_t)); 36.72 + return ACM_OK; 36.73 +} 36.74 + 36.75 +static int 36.76 +chwall_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref) 36.77 +{ 36.78 + struct chwall_ssid *chwall_ssidp = xmalloc(struct chwall_ssid); 36.79 + traceprintk("%s.\n", __func__); 36.80 + if (chwall_ssidp == NULL) 36.81 + return ACM_INIT_SSID_ERROR; 36.82 + /* 36.83 + * depending on wheter chwall is primary or secondary, get the respective 36.84 + * part of the global ssidref (same way we'll get the partial ssid pointer) 36.85 + */ 36.86 + chwall_ssidp->chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref); 36.87 + if (chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) { 36.88 + printkd("%s: ERROR chwall_ssidref(%x) > max(%x).\n", 36.89 + __func__, chwall_ssidp->chwall_ssidref, chwall_bin_pol.max_ssidrefs-1); 36.90 + xfree(chwall_ssidp); 36.91 + return ACM_INIT_SSID_ERROR; 36.92 + } 36.93 + (*chwall_ssid) = chwall_ssidp; 36.94 + printkd("%s: determined chwall_ssidref to %x.\n", 36.95 + __func__, chwall_ssidp->chwall_ssidref); 36.96 + return ACM_OK; 36.97 +} 36.98 + 36.99 +static void 36.100 +chwall_free_domain_ssid(void *chwall_ssid) 36.101 +{ 36.102 + traceprintk("%s.\n", __func__); 36.103 + if (chwall_ssid != NULL) 36.104 + xfree(chwall_ssid); 36.105 + return; 36.106 +} 36.107 + 36.108 + 36.109 +/* dump chinese wall cache; policy read-locked already */ 36.110 +static int 36.111 +chwall_dump_policy(u8 *buf, u16 buf_size) { 36.112 + struct acm_chwall_policy_buffer *chwall_buf = (struct acm_chwall_policy_buffer *)buf; 36.113 + int ret = 0; 36.114 + 36.115 + chwall_buf->chwall_max_types = htons(chwall_bin_pol.max_types); 36.116 + chwall_buf->chwall_max_ssidrefs = htons(chwall_bin_pol.max_ssidrefs); 36.117 + chwall_buf->policy_code = htons(ACM_CHINESE_WALL_POLICY); 36.118 + chwall_buf->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer)); 36.119 + chwall_buf->chwall_max_conflictsets = htons(chwall_bin_pol.max_conflictsets); 36.120 + chwall_buf->chwall_conflict_sets_offset = 36.121 + htons( 36.122 + ntohs(chwall_buf->chwall_ssid_offset) + 36.123 + sizeof(domaintype_t) * chwall_bin_pol.max_ssidrefs * 36.124 + chwall_bin_pol.max_types); 36.125 + 36.126 + chwall_buf->chwall_running_types_offset = 36.127 + htons( 36.128 + ntohs(chwall_buf->chwall_conflict_sets_offset) + 36.129 + sizeof(domaintype_t) * chwall_bin_pol.max_conflictsets * 36.130 + chwall_bin_pol.max_types); 36.131 + 36.132 + chwall_buf->chwall_conflict_aggregate_offset = 36.133 + htons( 36.134 + ntohs(chwall_buf->chwall_running_types_offset) + 36.135 + sizeof(domaintype_t) * chwall_bin_pol.max_types); 36.136 + 36.137 + ret = ntohs(chwall_buf->chwall_conflict_aggregate_offset) + 36.138 + sizeof(domaintype_t) * chwall_bin_pol.max_types; 36.139 + 36.140 + /* now copy buffers over */ 36.141 + arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_ssid_offset)), 36.142 + chwall_bin_pol.ssidrefs, 36.143 + chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types); 36.144 + 36.145 + arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_sets_offset)), 36.146 + chwall_bin_pol.conflict_sets, 36.147 + chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types); 36.148 + 36.149 + arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_running_types_offset)), 36.150 + chwall_bin_pol.running_types, 36.151 + chwall_bin_pol.max_types); 36.152 + 36.153 + arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_aggregate_offset)), 36.154 + chwall_bin_pol.conflict_aggregate_set, 36.155 + chwall_bin_pol.max_types); 36.156 + return ret; 36.157 +} 36.158 + 36.159 +/* adapt security state (running_types and conflict_aggregate_set) to all running 36.160 + * domains; chwall_init_state is called when a policy is changed to bring the security 36.161 + * information into a consistent state and to detect violations (return != 0). 36.162 + * from a security point of view, we simulate that all running domains are re-started 36.163 + */ 36.164 +static int 36.165 +chwall_init_state(struct acm_chwall_policy_buffer *chwall_buf, domaintype_t *ssidrefs, domaintype_t *conflict_sets, 36.166 + domaintype_t *running_types, domaintype_t *conflict_aggregate_set) 36.167 +{ 36.168 + int violation = 0, i, j; 36.169 + struct chwall_ssid *chwall_ssid; 36.170 + ssidref_t chwall_ssidref; 36.171 + struct domain **pd; 36.172 + 36.173 + write_lock(&domlist_lock); 36.174 + /* go through all domains and adjust policy as if this domain was started now */ 36.175 + pd = &domain_list; 36.176 + for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) { 36.177 + chwall_ssid = GET_SSIDP(ACM_CHINESE_WALL_POLICY, (struct acm_ssid_domain *)(*pd)->ssid); 36.178 + chwall_ssidref = chwall_ssid->chwall_ssidref; 36.179 + traceprintk("%s: validating policy for domain %x (chwall-REF=%x).\n", 36.180 + __func__, (*pd)->domain_id, chwall_ssidref); 36.181 + /* a) adjust types ref-count for running domains */ 36.182 + for (i=0; i< chwall_buf->chwall_max_types; i++) 36.183 + running_types[i] += 36.184 + ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + i]; 36.185 + 36.186 + /* b) check for conflict */ 36.187 + for (i=0; i< chwall_buf->chwall_max_types; i++) 36.188 + if (conflict_aggregate_set[i] && 36.189 + ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + i]) { 36.190 + printk("%s: CHINESE WALL CONFLICT in type %02x.\n", __func__, i); 36.191 + violation = 1; 36.192 + goto out; 36.193 + } 36.194 + /* set violation and break out of the loop */ 36.195 + /* c) adapt conflict aggregate set for this domain (notice conflicts) */ 36.196 + for (i=0; i<chwall_buf->chwall_max_conflictsets; i++) { 36.197 + int common = 0; 36.198 + /* check if conflict_set_i and ssidref have common types */ 36.199 + for (j=0; j<chwall_buf->chwall_max_types; j++) 36.200 + if (conflict_sets[i*chwall_buf->chwall_max_types + j] && 36.201 + ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + j]) { 36.202 + common = 1; 36.203 + break; 36.204 + } 36.205 + if (common == 0) 36.206 + continue; /* try next conflict set */ 36.207 + /* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */ 36.208 + for (j=0; j<chwall_buf->chwall_max_types; j++) 36.209 + if (conflict_sets[i*chwall_buf->chwall_max_types + j] && 36.210 + !ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + j]) 36.211 + conflict_aggregate_set[j]++; 36.212 + } 36.213 + } 36.214 + out: 36.215 + write_unlock(&domlist_lock); 36.216 + return violation; 36.217 + /* returning "violation != 0" means that the currently running set of domains would 36.218 + * not be possible if the new policy had been enforced before starting them; for chinese 36.219 + * wall, this means that the new policy includes at least one conflict set of which 36.220 + * more than one type is currently running */ 36.221 +} 36.222 + 36.223 +static int 36.224 +chwall_set_policy(u8 *buf, u16 buf_size) 36.225 +{ 36.226 + /* policy write-locked already */ 36.227 + struct acm_chwall_policy_buffer *chwall_buf = (struct acm_chwall_policy_buffer *)buf; 36.228 + void *ssids = NULL, *conflict_sets = NULL, *running_types = NULL, *conflict_aggregate_set = NULL; 36.229 + 36.230 + /* rewrite the policy due to endianess */ 36.231 + chwall_buf->policy_code = ntohs(chwall_buf->policy_code); 36.232 + chwall_buf->chwall_max_types = ntohs(chwall_buf->chwall_max_types); 36.233 + chwall_buf->chwall_max_ssidrefs = ntohs(chwall_buf->chwall_max_ssidrefs); 36.234 + chwall_buf->chwall_max_conflictsets = ntohs(chwall_buf->chwall_max_conflictsets); 36.235 + chwall_buf->chwall_ssid_offset = ntohs(chwall_buf->chwall_ssid_offset); 36.236 + chwall_buf->chwall_conflict_sets_offset = ntohs(chwall_buf->chwall_conflict_sets_offset); 36.237 + chwall_buf->chwall_running_types_offset = ntohs(chwall_buf->chwall_running_types_offset); 36.238 + chwall_buf->chwall_conflict_aggregate_offset = ntohs(chwall_buf->chwall_conflict_aggregate_offset); 36.239 + 36.240 + /* 1. allocate new buffers */ 36.241 + ssids = xmalloc_array(domaintype_t, chwall_buf->chwall_max_types*chwall_buf->chwall_max_ssidrefs); 36.242 + conflict_sets = xmalloc_array(domaintype_t, chwall_buf->chwall_max_conflictsets*chwall_buf->chwall_max_types); 36.243 + running_types = xmalloc_array(domaintype_t,chwall_buf->chwall_max_types); 36.244 + conflict_aggregate_set = xmalloc_array(domaintype_t, chwall_buf->chwall_max_types); 36.245 + 36.246 + if ((ssids == NULL)||(conflict_sets == NULL)||(running_types == NULL)||(conflict_aggregate_set == NULL)) 36.247 + goto error_free; 36.248 + 36.249 + /* 2. set new policy */ 36.250 + if (chwall_buf->chwall_ssid_offset + sizeof(domaintype_t) * 36.251 + chwall_buf->chwall_max_types * chwall_buf->chwall_max_ssidrefs > buf_size) 36.252 + goto error_free; 36.253 + arrcpy(ssids, buf + chwall_buf->chwall_ssid_offset, 36.254 + sizeof(domaintype_t), 36.255 + chwall_buf->chwall_max_types * chwall_buf->chwall_max_ssidrefs); 36.256 + 36.257 + if (chwall_buf->chwall_conflict_sets_offset + sizeof(domaintype_t) * 36.258 + chwall_buf->chwall_max_types * chwall_buf->chwall_max_conflictsets > buf_size) 36.259 + goto error_free; 36.260 + 36.261 + arrcpy(conflict_sets, buf + chwall_buf->chwall_conflict_sets_offset, 36.262 + sizeof(domaintype_t), 36.263 + chwall_buf->chwall_max_types * chwall_buf->chwall_max_conflictsets); 36.264 + 36.265 + /* we also use new state buffers since max_types can change */ 36.266 + memset(running_types, 0, sizeof(domaintype_t)*chwall_buf->chwall_max_types); 36.267 + memset(conflict_aggregate_set, 0, sizeof(domaintype_t)*chwall_buf->chwall_max_types); 36.268 + 36.269 + /* 3. now re-calculate the state for the new policy based on running domains; 36.270 + * this can fail if new policy is conflicting with running domains */ 36.271 + if (chwall_init_state(chwall_buf, ssids, conflict_sets, running_types, conflict_aggregate_set)) { 36.272 + printk("%s: New policy conflicts with running domains. Policy load aborted.\n", __func__); 36.273 + goto error_free; /* new policy conflicts with running domains */ 36.274 + } 36.275 + /* 4. free old policy buffers, replace with new ones */ 36.276 + chwall_bin_pol.max_types = chwall_buf->chwall_max_types; 36.277 + chwall_bin_pol.max_ssidrefs = chwall_buf->chwall_max_ssidrefs; 36.278 + chwall_bin_pol.max_conflictsets = chwall_buf->chwall_max_conflictsets; 36.279 + if (chwall_bin_pol.ssidrefs != NULL) 36.280 + xfree(chwall_bin_pol.ssidrefs); 36.281 + if (chwall_bin_pol.conflict_aggregate_set != NULL) 36.282 + xfree(chwall_bin_pol.conflict_aggregate_set); 36.283 + if (chwall_bin_pol.running_types != NULL) 36.284 + xfree(chwall_bin_pol.running_types); 36.285 + if (chwall_bin_pol.conflict_sets != NULL) 36.286 + xfree(chwall_bin_pol.conflict_sets); 36.287 + chwall_bin_pol.ssidrefs = ssids; 36.288 + chwall_bin_pol.conflict_aggregate_set = conflict_aggregate_set; 36.289 + chwall_bin_pol.running_types = running_types; 36.290 + chwall_bin_pol.conflict_sets = conflict_sets; 36.291 + return ACM_OK; 36.292 + 36.293 +error_free: 36.294 + printk("%s: ERROR setting policy.\n", __func__); 36.295 + if (ssids != NULL) xfree(ssids); 36.296 + if (conflict_sets != NULL) xfree(conflict_sets); 36.297 + if (running_types != NULL) xfree(running_types); 36.298 + if (conflict_aggregate_set != NULL) xfree(conflict_aggregate_set); 36.299 + return -EFAULT; 36.300 +} 36.301 + 36.302 +static int 36.303 +chwall_dump_stats(u8 *buf, u16 len) 36.304 +{ 36.305 + /* no stats for Chinese Wall Policy */ 36.306 + return 0; 36.307 +} 36.308 + 36.309 +/*************************** 36.310 + * Authorization functions 36.311 + ***************************/ 36.312 + 36.313 + 36.314 +/* -------- DOMAIN OPERATION HOOKS -----------*/ 36.315 + 36.316 +static int 36.317 +chwall_pre_domain_create(void *subject_ssid, ssidref_t ssidref) 36.318 +{ 36.319 + ssidref_t chwall_ssidref; 36.320 + int i,j; 36.321 + traceprintk("%s.\n", __func__); 36.322 + 36.323 + read_lock(&acm_bin_pol_rwlock); 36.324 + chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref); 36.325 + if (chwall_ssidref == ACM_DEFAULT_LOCAL_SSID) { 36.326 + printk("%s: ERROR CHWALL SSID is NOT SET but policy enforced.\n", __func__); 36.327 + read_unlock(&acm_bin_pol_rwlock); 36.328 + return ACM_ACCESS_DENIED; /* catching and indicating config error */ 36.329 + } 36.330 + if (chwall_ssidref >= chwall_bin_pol.max_ssidrefs) { 36.331 + printk("%s: ERROR chwall_ssidref > max(%x).\n", 36.332 + __func__, chwall_bin_pol.max_ssidrefs-1); 36.333 + read_unlock(&acm_bin_pol_rwlock); 36.334 + return ACM_ACCESS_DENIED; 36.335 + } 36.336 + /* A: chinese wall check for conflicts */ 36.337 + for (i=0; i< chwall_bin_pol.max_types; i++) 36.338 + if (chwall_bin_pol.conflict_aggregate_set[i] && 36.339 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + i]) { 36.340 + printk("%s: CHINESE WALL CONFLICT in type %02x.\n", __func__, i); 36.341 + read_unlock(&acm_bin_pol_rwlock); 36.342 + return ACM_ACCESS_DENIED; 36.343 + } 36.344 + 36.345 + /* B: chinese wall conflict set adjustment (so that other 36.346 + * other domains simultaneously created are evaluated against this new set)*/ 36.347 + for (i=0; i<chwall_bin_pol.max_conflictsets; i++) { 36.348 + int common = 0; 36.349 + /* check if conflict_set_i and ssidref have common types */ 36.350 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.351 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.352 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) { 36.353 + common = 1; 36.354 + break; 36.355 + } 36.356 + if (common == 0) 36.357 + continue; /* try next conflict set */ 36.358 + /* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */ 36.359 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.360 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.361 + !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) 36.362 + chwall_bin_pol.conflict_aggregate_set[j]++; 36.363 + } 36.364 + read_unlock(&acm_bin_pol_rwlock); 36.365 + return ACM_ACCESS_PERMITTED; 36.366 +} 36.367 + 36.368 +static void 36.369 +chwall_post_domain_create(domid_t domid, ssidref_t ssidref) 36.370 +{ 36.371 + int i,j; 36.372 + ssidref_t chwall_ssidref; 36.373 + traceprintk("%s.\n", __func__); 36.374 + 36.375 + read_lock(&acm_bin_pol_rwlock); 36.376 + chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref); 36.377 + /* adjust types ref-count for running domains */ 36.378 + for (i=0; i< chwall_bin_pol.max_types; i++) 36.379 + chwall_bin_pol.running_types[i] += 36.380 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + i]; 36.381 + if (domid) { 36.382 + read_unlock(&acm_bin_pol_rwlock); 36.383 + return; 36.384 + } 36.385 + /* Xen does not call pre-create hook for DOM0; 36.386 + * to consider type conflicts of any domain with DOM0, we need 36.387 + * to adjust the conflict_aggregate for DOM0 here the same way it 36.388 + * is done for non-DOM0 domains in the pre-hook */ 36.389 + printkd("%s: adjusting security state for DOM0 (ssidref=%x, chwall_ssidref=%x).\n", 36.390 + __func__, ssidref, chwall_ssidref); 36.391 + 36.392 + /* chinese wall conflict set adjustment (so that other 36.393 + * other domains simultaneously created are evaluated against this new set)*/ 36.394 + for (i=0; i<chwall_bin_pol.max_conflictsets; i++) { 36.395 + int common = 0; 36.396 + /* check if conflict_set_i and ssidref have common types */ 36.397 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.398 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.399 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) { 36.400 + common = 1; 36.401 + break; 36.402 + } 36.403 + if (common == 0) 36.404 + continue; /* try next conflict set */ 36.405 + /* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */ 36.406 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.407 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.408 + !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) 36.409 + chwall_bin_pol.conflict_aggregate_set[j]++; 36.410 + } 36.411 + read_unlock(&acm_bin_pol_rwlock); 36.412 + return; 36.413 +} 36.414 + 36.415 +static void 36.416 +chwall_fail_domain_create(void *subject_ssid, ssidref_t ssidref) 36.417 +{ 36.418 + int i, j; 36.419 + ssidref_t chwall_ssidref; 36.420 + traceprintk("%s.\n", __func__); 36.421 + 36.422 + read_lock(&acm_bin_pol_rwlock); 36.423 + chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref); 36.424 + /* roll-back: re-adjust conflicting types aggregate */ 36.425 + for (i=0; i<chwall_bin_pol.max_conflictsets; i++) { 36.426 + int common = 0; 36.427 + /* check if conflict_set_i and ssidref have common types */ 36.428 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.429 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.430 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) { 36.431 + common = 1; 36.432 + break; 36.433 + } 36.434 + if (common == 0) 36.435 + continue; /* try next conflict set, this one does not include any type of chwall_ssidref */ 36.436 + /* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */ 36.437 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.438 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.439 + !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) 36.440 + chwall_bin_pol.conflict_aggregate_set[j]--; 36.441 + } 36.442 + read_unlock(&acm_bin_pol_rwlock); 36.443 +} 36.444 + 36.445 + 36.446 +static void 36.447 +chwall_post_domain_destroy(void *object_ssid, domid_t id) 36.448 +{ 36.449 + int i,j; 36.450 + struct chwall_ssid *chwall_ssidp = 36.451 + GET_SSIDP(ACM_CHINESE_WALL_POLICY, (struct acm_ssid_domain *)object_ssid); 36.452 + ssidref_t chwall_ssidref = chwall_ssidp->chwall_ssidref; 36.453 + 36.454 + traceprintk("%s.\n", __func__); 36.455 + 36.456 + read_lock(&acm_bin_pol_rwlock); 36.457 + /* adjust running types set */ 36.458 + for (i=0; i< chwall_bin_pol.max_types; i++) 36.459 + chwall_bin_pol.running_types[i] -= 36.460 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + i]; 36.461 + 36.462 + /* roll-back: re-adjust conflicting types aggregate */ 36.463 + for (i=0; i<chwall_bin_pol.max_conflictsets; i++) { 36.464 + int common = 0; 36.465 + /* check if conflict_set_i and ssidref have common types */ 36.466 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.467 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.468 + chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) { 36.469 + common = 1; 36.470 + break; 36.471 + } 36.472 + if (common == 0) 36.473 + continue; /* try next conflict set, this one does not include any type of chwall_ssidref */ 36.474 + /* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */ 36.475 + for (j=0; j<chwall_bin_pol.max_types; j++) 36.476 + if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] && 36.477 + !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) 36.478 + chwall_bin_pol.conflict_aggregate_set[j]--; 36.479 + } 36.480 + read_unlock(&acm_bin_pol_rwlock); 36.481 + return; 36.482 +} 36.483 + 36.484 +struct acm_operations acm_chinesewall_ops = { 36.485 + /* policy management services */ 36.486 + .init_domain_ssid = chwall_init_domain_ssid, 36.487 + .free_domain_ssid = chwall_free_domain_ssid, 36.488 + .dump_binary_policy = chwall_dump_policy, 36.489 + .set_binary_policy = chwall_set_policy, 36.490 + .dump_statistics = chwall_dump_stats, 36.491 + /* domain management control hooks */ 36.492 + .pre_domain_create = chwall_pre_domain_create, 36.493 + .post_domain_create = chwall_post_domain_create, 36.494 + .fail_domain_create = chwall_fail_domain_create, 36.495 + .post_domain_destroy = chwall_post_domain_destroy, 36.496 + /* event channel control hooks */ 36.497 + .pre_eventchannel_unbound = NULL, 36.498 + .fail_eventchannel_unbound = NULL, 36.499 + .pre_eventchannel_interdomain = NULL, 36.500 + .fail_eventchannel_interdomain = NULL, 36.501 + /* grant table control hooks */ 36.502 + .pre_grant_map_ref = NULL, 36.503 + .fail_grant_map_ref = NULL, 36.504 + .pre_grant_setup = NULL, 36.505 + .fail_grant_setup = NULL, 36.506 +};
37.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 37.2 +++ b/xen/acm/acm_core.c Tue Jun 21 07:02:30 2005 +0000 37.3 @@ -0,0 +1,205 @@ 37.4 +/**************************************************************** 37.5 + * acm_core.c 37.6 + * 37.7 + * Copyright (C) 2005 IBM Corporation 37.8 + * 37.9 + * Author: 37.10 + * Reiner Sailer <sailer@watson.ibm.com> 37.11 + * 37.12 + * This program is free software; you can redistribute it and/or 37.13 + * modify it under the terms of the GNU General Public License as 37.14 + * published by the Free Software Foundation, version 2 of the 37.15 + * License. 37.16 + * 37.17 + * sHype access control module (ACM) 37.18 + * This file handles initialization of the ACM 37.19 + * as well as initializing/freeing security 37.20 + * identifiers for domains (it calls on active 37.21 + * policy hook functions). 37.22 + * 37.23 + */ 37.24 + 37.25 +#include <xen/config.h> 37.26 +#include <xen/errno.h> 37.27 +#include <xen/types.h> 37.28 +#include <xen/lib.h> 37.29 +#include <xen/delay.h> 37.30 +#include <xen/sched.h> 37.31 +#include <acm/acm_hooks.h> 37.32 +#include <acm/acm_endian.h> 37.33 + 37.34 +/* debug: 37.35 + * include/acm/acm_hooks.h defines a constant ACM_TRACE_MODE; 37.36 + * define/undefine this constant to receive / suppress any 37.37 + * security hook debug output of sHype 37.38 + * 37.39 + * include/public/acm.h defines a constant ACM_DEBUG 37.40 + * define/undefine this constant to receive non-hook-related 37.41 + * debug output. 37.42 + */ 37.43 + 37.44 +/* function prototypes */ 37.45 +void acm_init_chwall_policy(void); 37.46 +void acm_init_ste_policy(void); 37.47 + 37.48 +extern struct acm_operations acm_chinesewall_ops, 37.49 + acm_simple_type_enforcement_ops, acm_null_ops; 37.50 + 37.51 +/* global ops structs called by the hooks */ 37.52 +struct acm_operations *acm_primary_ops = NULL; 37.53 +/* called in hook if-and-only-if primary succeeds */ 37.54 +struct acm_operations *acm_secondary_ops = NULL; 37.55 + 37.56 +/* acm global binary policy (points to 'local' primary and secondary policies */ 37.57 +struct acm_binary_policy acm_bin_pol; 37.58 +/* acm binary policy lock */ 37.59 +rwlock_t acm_bin_pol_rwlock = RW_LOCK_UNLOCKED; 37.60 + 37.61 +/* until we have endian support in Xen, we discover it at runtime */ 37.62 +u8 little_endian = 1; 37.63 +void acm_set_endian(void) 37.64 +{ 37.65 + u32 test = 1; 37.66 + if (*((u8 *)&test) == 1) { 37.67 + printk("ACM module running in LITTLE ENDIAN.\n"); 37.68 + little_endian = 1; 37.69 + } else { 37.70 + printk("ACM module running in BIG ENDIAN.\n"); 37.71 + little_endian = 0; 37.72 + } 37.73 +} 37.74 + 37.75 +/* initialize global security policy for Xen; policy write-locked already */ 37.76 +static void 37.77 +acm_init_binary_policy(void *primary, void *secondary) 37.78 +{ 37.79 + acm_bin_pol.primary_policy_code = 0; 37.80 + acm_bin_pol.secondary_policy_code = 0; 37.81 + acm_bin_pol.primary_binary_policy = primary; 37.82 + acm_bin_pol.secondary_binary_policy = secondary; 37.83 +} 37.84 + 37.85 +int 37.86 +acm_init(void) 37.87 +{ 37.88 + int ret = -EINVAL; 37.89 + 37.90 + acm_set_endian(); 37.91 + write_lock(&acm_bin_pol_rwlock); 37.92 + 37.93 + if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) { 37.94 + acm_init_binary_policy(NULL, NULL); 37.95 + acm_init_chwall_policy(); 37.96 + acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY; 37.97 + acm_primary_ops = &acm_chinesewall_ops; 37.98 + acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; 37.99 + acm_secondary_ops = &acm_null_ops; 37.100 + ret = ACM_OK; 37.101 + } else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { 37.102 + acm_init_binary_policy(NULL, NULL); 37.103 + acm_init_ste_policy(); 37.104 + acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; 37.105 + acm_primary_ops = &acm_simple_type_enforcement_ops; 37.106 + acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; 37.107 + acm_secondary_ops = &acm_null_ops; 37.108 + ret = ACM_OK; 37.109 + } else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) { 37.110 + acm_init_binary_policy(NULL, NULL); 37.111 + acm_init_chwall_policy(); 37.112 + acm_init_ste_policy(); 37.113 + acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY; 37.114 + acm_primary_ops = &acm_chinesewall_ops; 37.115 + acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; 37.116 + acm_secondary_ops = &acm_simple_type_enforcement_ops; 37.117 + ret = ACM_OK; 37.118 + } else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) { 37.119 + acm_init_binary_policy(NULL, NULL); 37.120 + acm_bin_pol.primary_policy_code = ACM_NULL_POLICY; 37.121 + acm_primary_ops = &acm_null_ops; 37.122 + acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; 37.123 + acm_secondary_ops = &acm_null_ops; 37.124 + ret = ACM_OK; 37.125 + } 37.126 + write_unlock(&acm_bin_pol_rwlock); 37.127 + 37.128 + if (ret != ACM_OK) 37.129 + return -EINVAL; 37.130 + printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 37.131 + ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); 37.132 + return ACM_OK; 37.133 +} 37.134 + 37.135 + 37.136 +int 37.137 +acm_init_domain_ssid(domid_t id, ssidref_t ssidref) 37.138 +{ 37.139 + struct acm_ssid_domain *ssid; 37.140 + struct domain *subj = find_domain_by_id(id); 37.141 + int ret1, ret2; 37.142 + 37.143 + if (subj == NULL) { 37.144 + printk("%s: ACM_NULL_POINTER ERROR (id=%x).\n", __func__, id); 37.145 + return ACM_NULL_POINTER_ERROR; 37.146 + } 37.147 + if ((ssid = xmalloc(struct acm_ssid_domain)) == NULL) 37.148 + return ACM_INIT_SSID_ERROR; 37.149 + 37.150 + ssid->datatype = DOMAIN; 37.151 + ssid->subject = subj; 37.152 + ssid->domainid = subj->domain_id; 37.153 + ssid->primary_ssid = NULL; 37.154 + ssid->secondary_ssid = NULL; 37.155 + 37.156 + if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY) 37.157 + ssid->ssidref = ssidref; 37.158 + else 37.159 + ssid->ssidref = ACM_DEFAULT_SSID; 37.160 + 37.161 + subj->ssid = ssid; 37.162 + /* now fill in primary and secondary parts; we only get here through hooks */ 37.163 + if (acm_primary_ops->init_domain_ssid != NULL) 37.164 + ret1 = acm_primary_ops->init_domain_ssid(&(ssid->primary_ssid), ssidref); 37.165 + else 37.166 + ret1 = ACM_OK; 37.167 + 37.168 + if (acm_secondary_ops->init_domain_ssid != NULL) 37.169 + ret2 = acm_secondary_ops->init_domain_ssid(&(ssid->secondary_ssid), ssidref); 37.170 + else 37.171 + ret2 = ACM_OK; 37.172 + 37.173 + if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) { 37.174 + printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n", 37.175 + __func__, subj->domain_id); 37.176 + acm_free_domain_ssid(ssid); 37.177 + put_domain(subj); 37.178 + return ACM_INIT_SSID_ERROR; 37.179 + } 37.180 + printk("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref); 37.181 + put_domain(subj); 37.182 + return ACM_OK; 37.183 +} 37.184 + 37.185 + 37.186 +int 37.187 +acm_free_domain_ssid(struct acm_ssid_domain *ssid) 37.188 +{ 37.189 + domid_t id; 37.190 + 37.191 + /* domain is already gone, just ssid is left */ 37.192 + if (ssid == NULL) { 37.193 + printk("%s: ACM_NULL_POINTER ERROR.\n", __func__); 37.194 + return ACM_NULL_POINTER_ERROR; 37.195 + } 37.196 + id = ssid->domainid; 37.197 + ssid->subject = NULL; 37.198 + 37.199 + if (acm_primary_ops->free_domain_ssid != NULL) /* null policy */ 37.200 + acm_primary_ops->free_domain_ssid(ssid->primary_ssid); 37.201 + ssid->primary_ssid = NULL; 37.202 + if (acm_secondary_ops->free_domain_ssid != NULL) 37.203 + acm_secondary_ops->free_domain_ssid(ssid->secondary_ssid); 37.204 + ssid->secondary_ssid = NULL; 37.205 + xfree(ssid); 37.206 + printkd("%s: Freed individual domain ssid (domain=%02x).\n",__func__, id); 37.207 + return ACM_OK; 37.208 +}
38.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 38.2 +++ b/xen/acm/acm_null_hooks.c Tue Jun 21 07:02:30 2005 +0000 38.3 @@ -0,0 +1,76 @@ 38.4 +/**************************************************************** 38.5 + * acm_null_hooks.c 38.6 + * 38.7 + * Copyright (C) 2005 IBM Corporation 38.8 + * 38.9 + * Author: 38.10 + * Reiner Sailer <sailer@watson.ibm.com> 38.11 + * 38.12 + * This program is free software; you can redistribute it and/or 38.13 + * modify it under the terms of the GNU General Public License as 38.14 + * published by the Free Software Foundation, version 2 of the 38.15 + * License. 38.16 + */ 38.17 +#include <acm/acm_hooks.h> 38.18 + 38.19 +static int 38.20 +null_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref) 38.21 +{ 38.22 + return ACM_OK; 38.23 +} 38.24 + 38.25 + 38.26 +static void 38.27 +null_free_domain_ssid(void *chwall_ssid) 38.28 +{ 38.29 + return; 38.30 +} 38.31 + 38.32 + 38.33 +static int 38.34 +null_dump_binary_policy(u8 *buf, u16 buf_size) 38.35 +{ 38.36 + return 0; 38.37 +} 38.38 + 38.39 + 38.40 + 38.41 +static int 38.42 +null_set_binary_policy(u8 *buf, u16 buf_size) 38.43 +{ 38.44 + return -1; 38.45 +} 38.46 + 38.47 + 38.48 +static int 38.49 +null_dump_stats(u8 *buf, u16 buf_size) 38.50 +{ 38.51 + /* no stats for NULL policy */ 38.52 + return 0; 38.53 +} 38.54 + 38.55 + 38.56 +/* now define the hook structure similarly to LSM */ 38.57 +struct acm_operations acm_null_ops = { 38.58 + .init_domain_ssid = null_init_domain_ssid, 38.59 + .free_domain_ssid = null_free_domain_ssid, 38.60 + .dump_binary_policy = null_dump_binary_policy, 38.61 + .set_binary_policy = null_set_binary_policy, 38.62 + .dump_statistics = null_dump_stats, 38.63 + /* domain management control hooks */ 38.64 + .pre_domain_create = NULL, 38.65 + .post_domain_create = NULL, 38.66 + .fail_domain_create = NULL, 38.67 + .post_domain_destroy = NULL, 38.68 + /* event channel control hooks */ 38.69 + .pre_eventchannel_unbound = NULL, 38.70 + .fail_eventchannel_unbound = NULL, 38.71 + .pre_eventchannel_interdomain = NULL, 38.72 + .fail_eventchannel_interdomain = NULL, 38.73 + /* grant table control hooks */ 38.74 + .pre_grant_map_ref = NULL, 38.75 + .fail_grant_map_ref = NULL, 38.76 + .pre_grant_setup = NULL, 38.77 + .fail_grant_setup = NULL 38.78 + 38.79 +};
39.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 39.2 +++ b/xen/acm/acm_policy.c Tue Jun 21 07:02:30 2005 +0000 39.3 @@ -0,0 +1,197 @@ 39.4 +/**************************************************************** 39.5 + * acm_policy.c 39.6 + * 39.7 + * Copyright (C) 2005 IBM Corporation 39.8 + * 39.9 + * Author: 39.10 + * Reiner Sailer <sailer@watson.ibm.com> 39.11 + * 39.12 + * Contributions: 39.13 + * Stefan Berger <stefanb@watson.ibm.com> 39.14 + * support for network-byte-order binary policies 39.15 + * 39.16 + * This program is free software; you can redistribute it and/or 39.17 + * modify it under the terms of the GNU General Public License as 39.18 + * published by the Free Software Foundation, version 2 of the 39.19 + * License. 39.20 + * 39.21 + * sHype access control policy management for Xen. 39.22 + * This interface allows policy tools in authorized 39.23 + * domains to interact with the Xen access control module 39.24 + * 39.25 + */ 39.26 + 39.27 +#include <xen/config.h> 39.28 +#include <xen/errno.h> 39.29 +#include <xen/types.h> 39.30 +#include <xen/lib.h> 39.31 +#include <xen/delay.h> 39.32 +#include <xen/sched.h> 39.33 +#include <public/policy_ops.h> 39.34 +#include <acm/acm_core.h> 39.35 +#include <acm/acm_hooks.h> 39.36 +#include <acm/acm_endian.h> 39.37 + 39.38 +int 39.39 +acm_set_policy(void *buf, u16 buf_size, u16 policy) 39.40 +{ 39.41 + u8 *policy_buffer = NULL; 39.42 + struct acm_policy_buffer *pol; 39.43 + 39.44 + if (policy != ACM_USE_SECURITY_POLICY) { 39.45 + printk("%s: Loading incompatible policy (running: %s).\n", __func__, 39.46 + ACM_POLICY_NAME(ACM_USE_SECURITY_POLICY)); 39.47 + return -EFAULT; 39.48 + } 39.49 + /* now check correct buffer sizes for policy combinations */ 39.50 + if (policy == ACM_NULL_POLICY) { 39.51 + printkd("%s: NULL Policy, no policy needed.\n", __func__); 39.52 + goto out; 39.53 + } 39.54 + if (buf_size < sizeof(struct acm_policy_buffer)) 39.55 + return -EFAULT; 39.56 + /* 1. copy buffer from domain */ 39.57 + if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL) 39.58 + goto error_free; 39.59 + if (copy_from_user(policy_buffer, buf, buf_size)) { 39.60 + printk("%s: Error copying!\n",__func__); 39.61 + goto error_free; 39.62 + } 39.63 + /* 2. some sanity checking */ 39.64 + pol = (struct acm_policy_buffer *)policy_buffer; 39.65 + 39.66 + if ((ntohl(pol->magic) != ACM_MAGIC) || 39.67 + (ntohs(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || 39.68 + (ntohs(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) { 39.69 + printkd("%s: Wrong policy magics!\n", __func__); 39.70 + goto error_free; 39.71 + } 39.72 + if (buf_size != ntohl(pol->len)) { 39.73 + printk("%s: ERROR in buf size.\n", __func__); 39.74 + goto error_free; 39.75 + } 39.76 + 39.77 + /* get bin_policy lock and rewrite policy (release old one) */ 39.78 + write_lock(&acm_bin_pol_rwlock); 39.79 + 39.80 + /* 3. now get/set primary policy data */ 39.81 + if (acm_primary_ops->set_binary_policy(buf + ntohs(pol->primary_buffer_offset), 39.82 + ntohs(pol->secondary_buffer_offset) - 39.83 + ntohs(pol->primary_buffer_offset))) { 39.84 + goto error_lock_free; 39.85 + } 39.86 + /* 4. now get/set secondary policy data */ 39.87 + if (acm_secondary_ops->set_binary_policy(buf + ntohs(pol->secondary_buffer_offset), 39.88 + ntohl(pol->len) - 39.89 + ntohs(pol->secondary_buffer_offset))) { 39.90 + goto error_lock_free; 39.91 + } 39.92 + write_unlock(&acm_bin_pol_rwlock); 39.93 + out: 39.94 + printk("%s: Done .\n", __func__); 39.95 + if (policy_buffer != NULL) 39.96 + xfree(policy_buffer); 39.97 + return ACM_OK; 39.98 + 39.99 + error_lock_free: 39.100 + write_unlock(&acm_bin_pol_rwlock); 39.101 + error_free: 39.102 + printk("%s: Error setting policy.\n", __func__); 39.103 + if (policy_buffer != NULL) 39.104 + xfree(policy_buffer); 39.105 + return -ENOMEM; 39.106 +} 39.107 + 39.108 +int 39.109 +acm_get_policy(void *buf, u16 buf_size) 39.110 +{ 39.111 + u8 *policy_buffer; 39.112 + int ret; 39.113 + struct acm_policy_buffer *bin_pol; 39.114 + 39.115 + if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL) 39.116 + return -ENOMEM; 39.117 + 39.118 + read_lock(&acm_bin_pol_rwlock); 39.119 + /* future: read policy from file and set it */ 39.120 + bin_pol = (struct acm_policy_buffer *)policy_buffer; 39.121 + bin_pol->magic = htonl(ACM_MAGIC); 39.122 + bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION); 39.123 + bin_pol->primary_policy_code = htons(acm_bin_pol.primary_policy_code); 39.124 + bin_pol->secondary_policy_code = htons(acm_bin_pol.secondary_policy_code); 39.125 + 39.126 + bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); 39.127 + bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len)); 39.128 + bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); 39.129 + 39.130 + ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohs(bin_pol->primary_buffer_offset), 39.131 + buf_size - ntohs(bin_pol->primary_buffer_offset)); 39.132 + if (ret < 0) { 39.133 + printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); 39.134 + read_unlock(&acm_bin_pol_rwlock); 39.135 + return -1; 39.136 + } 39.137 + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 39.138 + bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); 39.139 + 39.140 + ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohs(bin_pol->secondary_buffer_offset), 39.141 + buf_size - ntohs(bin_pol->secondary_buffer_offset)); 39.142 + if (ret < 0) { 39.143 + printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); 39.144 + read_unlock(&acm_bin_pol_rwlock); 39.145 + return -1; 39.146 + } 39.147 + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); 39.148 + read_unlock(&acm_bin_pol_rwlock); 39.149 + if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len))) 39.150 + return -EFAULT; 39.151 + xfree(policy_buffer); 39.152 + return ACM_OK; 39.153 +} 39.154 + 39.155 +int 39.156 +acm_dump_statistics(void *buf, u16 buf_size) 39.157 +{ 39.158 + /* send stats to user space */ 39.159 + u8 *stats_buffer; 39.160 + int len1, len2; 39.161 + struct acm_stats_buffer acm_stats; 39.162 + 39.163 + if ((stats_buffer = xmalloc_array(u8, buf_size)) == NULL) 39.164 + return -ENOMEM; 39.165 + 39.166 + read_lock(&acm_bin_pol_rwlock); 39.167 + 39.168 + len1 = acm_primary_ops->dump_statistics(stats_buffer + sizeof(struct acm_stats_buffer), 39.169 + buf_size - sizeof(struct acm_stats_buffer)); 39.170 + if (len1 < 0) 39.171 + goto error_lock_free; 39.172 + 39.173 + len2 = acm_secondary_ops->dump_statistics(stats_buffer + sizeof(struct acm_stats_buffer) + len1, 39.174 + buf_size - sizeof(struct acm_stats_buffer) - len1); 39.175 + if (len2 < 0) 39.176 + goto error_lock_free; 39.177 + 39.178 + acm_stats.magic = htonl(ACM_MAGIC); 39.179 + acm_stats.policyversion = htonl(POLICY_INTERFACE_VERSION); 39.180 + acm_stats.primary_policy_code = htons(acm_bin_pol.primary_policy_code); 39.181 + acm_stats.secondary_policy_code = htons(acm_bin_pol.secondary_policy_code); 39.182 + acm_stats.primary_stats_offset = htons(sizeof(struct acm_stats_buffer)); 39.183 + acm_stats.secondary_stats_offset = htons(sizeof(struct acm_stats_buffer) + len1); 39.184 + acm_stats.len = htonl(sizeof(struct acm_stats_buffer) + len1 + len2); 39.185 + memcpy(stats_buffer, &acm_stats, sizeof(struct acm_stats_buffer)); 39.186 + 39.187 + if (copy_to_user(buf, stats_buffer, sizeof(struct acm_stats_buffer) + len1 + len2)) 39.188 + goto error_lock_free; 39.189 + 39.190 + read_unlock(&acm_bin_pol_rwlock); 39.191 + xfree(stats_buffer); 39.192 + return ACM_OK; 39.193 + 39.194 + error_lock_free: 39.195 + read_unlock(&acm_bin_pol_rwlock); 39.196 + xfree(stats_buffer); 39.197 + return -EFAULT; 39.198 +} 39.199 + 39.200 +/*eof*/
40.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 40.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c Tue Jun 21 07:02:30 2005 +0000 40.3 @@ -0,0 +1,638 @@ 40.4 +/**************************************************************** 40.5 + * acm_simple_type_enforcement_hooks.c 40.6 + * 40.7 + * Copyright (C) 2005 IBM Corporation 40.8 + * 40.9 + * Author: 40.10 + * Reiner Sailer <sailer@watson.ibm.com> 40.11 + * 40.12 + * Contributors: 40.13 + * Stefan Berger <stefanb@watson.ibm.com> 40.14 + * support for network order binary policies 40.15 + * 40.16 + * This program is free software; you can redistribute it and/or 40.17 + * modify it under the terms of the GNU General Public License as 40.18 + * published by the Free Software Foundation, version 2 of the 40.19 + * License. 40.20 + * 40.21 + * sHype Simple Type Enforcement for Xen 40.22 + * STE allows to control which domains can setup sharing 40.23 + * (eventchannels right now) with which other domains. Hooks 40.24 + * are defined and called throughout Xen when domains bind to 40.25 + * shared resources (setup eventchannels) and a domain is allowed 40.26 + * to setup sharing with another domain if and only if both domains 40.27 + * share at least on common type. 40.28 + * 40.29 + */ 40.30 +#include <xen/lib.h> 40.31 +#include <asm/types.h> 40.32 +#include <asm/current.h> 40.33 +#include <acm/acm_hooks.h> 40.34 +#include <asm/atomic.h> 40.35 +#include <acm/acm_endian.h> 40.36 + 40.37 +/* local cache structures for chinese wall policy */ 40.38 +struct ste_binary_policy ste_bin_pol; 40.39 + 40.40 +static inline int have_common_type (ssidref_t ref1, ssidref_t ref2) { 40.41 + int i; 40.42 + for(i=0; i< ste_bin_pol.max_types; i++) 40.43 + if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] && 40.44 + ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i]) { 40.45 + printkd("%s: common type #%02x.\n", __func__, i); 40.46 + return 1; 40.47 + } 40.48 + return 0; 40.49 +} 40.50 + 40.51 +/* Helper function: return = (subj and obj share a common type) */ 40.52 +static int share_common_type(struct domain *subj, struct domain *obj) 40.53 +{ 40.54 + ssidref_t ref_s, ref_o; 40.55 + int ret; 40.56 + 40.57 + if ((subj == NULL) || (obj == NULL) || (subj->ssid == NULL) || (obj->ssid == NULL)) 40.58 + return 0; 40.59 + read_lock(&acm_bin_pol_rwlock); 40.60 + /* lookup the policy-local ssids */ 40.61 + ref_s = ((struct ste_ssid *)(GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.62 + (struct acm_ssid_domain *)subj->ssid)))->ste_ssidref; 40.63 + ref_o = ((struct ste_ssid *)(GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.64 + (struct acm_ssid_domain *)obj->ssid)))->ste_ssidref; 40.65 + /* check whether subj and obj share a common ste type */ 40.66 + ret = have_common_type(ref_s, ref_o); 40.67 + read_unlock(&acm_bin_pol_rwlock); 40.68 + return ret; 40.69 +} 40.70 + 40.71 +/* 40.72 + * Initializing chinese wall policy (will be filled by policy partition 40.73 + * using setpolicy command) 40.74 + */ 40.75 +int acm_init_ste_policy(void) 40.76 +{ 40.77 + /* minimal startup policy; policy write-locked already */ 40.78 + ste_bin_pol.max_types = 1; 40.79 + ste_bin_pol.max_ssidrefs = 1; 40.80 + ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 1); 40.81 + 40.82 + if (ste_bin_pol.ssidrefs == NULL) 40.83 + return ACM_INIT_SSID_ERROR; 40.84 + 40.85 + /* initialize state */ 40.86 + ste_bin_pol.ssidrefs[0] = 1; 40.87 + 40.88 + /* init stats */ 40.89 + atomic_set(&(ste_bin_pol.ec_eval_count), 0); 40.90 + atomic_set(&(ste_bin_pol.ec_denied_count), 0); 40.91 + atomic_set(&(ste_bin_pol.ec_cachehit_count), 0); 40.92 + atomic_set(&(ste_bin_pol.gt_eval_count), 0); 40.93 + atomic_set(&(ste_bin_pol.gt_denied_count), 0); 40.94 + atomic_set(&(ste_bin_pol.gt_cachehit_count), 0); 40.95 + return ACM_OK; 40.96 +} 40.97 + 40.98 + 40.99 +/* ste initialization function hooks */ 40.100 +static int 40.101 +ste_init_domain_ssid(void **ste_ssid, ssidref_t ssidref) 40.102 +{ 40.103 + int i; 40.104 + struct ste_ssid *ste_ssidp = xmalloc(struct ste_ssid); 40.105 + traceprintk("%s.\n", __func__); 40.106 + 40.107 + if (ste_ssidp == NULL) 40.108 + return ACM_INIT_SSID_ERROR; 40.109 + 40.110 + /* get policy-local ssid reference */ 40.111 + ste_ssidp->ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref); 40.112 + if (ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) { 40.113 + printkd("%s: ERROR ste_ssidref (%x) > max(%x).\n", 40.114 + __func__, ste_ssidp->ste_ssidref, ste_bin_pol.max_ssidrefs-1); 40.115 + xfree(ste_ssidp); 40.116 + return ACM_INIT_SSID_ERROR; 40.117 + } 40.118 + /* clean ste cache */ 40.119 + for (i=0; i<ACM_TE_CACHE_SIZE; i++) 40.120 + ste_ssidp->ste_cache[i].valid = FREE; 40.121 + 40.122 + (*ste_ssid) = ste_ssidp; 40.123 + printkd("%s: determined ste_ssidref to %x.\n", 40.124 + __func__, ste_ssidp->ste_ssidref); 40.125 + return ACM_OK; 40.126 +} 40.127 + 40.128 + 40.129 +static void 40.130 +ste_free_domain_ssid(void *ste_ssid) 40.131 +{ 40.132 + traceprintk("%s.\n", __func__); 40.133 + if (ste_ssid != NULL) 40.134 + xfree(ste_ssid); 40.135 + return; 40.136 +} 40.137 + 40.138 +/* dump type enforcement cache; policy read-locked already */ 40.139 +static int 40.140 +ste_dump_policy(u8 *buf, u16 buf_size) { 40.141 + struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf; 40.142 + int ret = 0; 40.143 + 40.144 + ste_buf->ste_max_types = htons(ste_bin_pol.max_types); 40.145 + ste_buf->ste_max_ssidrefs = htons(ste_bin_pol.max_ssidrefs); 40.146 + ste_buf->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); 40.147 + ste_buf->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer)); 40.148 + ret = ntohs(ste_buf->ste_ssid_offset) + 40.149 + sizeof(domaintype_t)*ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types; 40.150 + 40.151 + /* now copy buffer over */ 40.152 + arrcpy(buf + ntohs(ste_buf->ste_ssid_offset), 40.153 + ste_bin_pol.ssidrefs, 40.154 + sizeof(domaintype_t), 40.155 + ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types); 40.156 + 40.157 + return ret; 40.158 +} 40.159 + 40.160 +/* ste_init_state is called when a policy is changed to detect violations (return != 0). 40.161 + * from a security point of view, we simulate that all running domains are re-started and 40.162 + * all sharing decisions are replayed to detect violations or current sharing behavior 40.163 + * (right now: event_channels, future: also grant_tables) 40.164 + */ 40.165 +static int 40.166 +ste_init_state(struct acm_ste_policy_buffer *ste_buf, domaintype_t *ssidrefs) 40.167 +{ 40.168 + int violation = 1; 40.169 + struct ste_ssid *ste_ssid, *ste_rssid; 40.170 + ssidref_t ste_ssidref, ste_rssidref; 40.171 + struct domain **pd, *rdom; 40.172 + domid_t rdomid; 40.173 + grant_entry_t sha_copy; 40.174 + int port, i; 40.175 + 40.176 + read_lock(&domlist_lock); /* go by domain? or directly by global? event/grant list */ 40.177 + /* go through all domains and adjust policy as if this domain was started now */ 40.178 + pd = &domain_list; 40.179 + for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) { 40.180 + ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.181 + (struct acm_ssid_domain *)(*pd)->ssid); 40.182 + ste_ssidref = ste_ssid->ste_ssidref; 40.183 + traceprintk("%s: validating policy for eventch domain %x (ste-Ref=%x).\n", 40.184 + __func__, (*pd)->domain_id, ste_ssidref); 40.185 + /* a) check for event channel conflicts */ 40.186 + for (port=0; port < NR_EVTCHN_BUCKETS; port++) { 40.187 + spin_lock(&(*pd)->evtchn_lock); 40.188 + if ((*pd)->evtchn[port] == NULL) { 40.189 + spin_unlock(&(*pd)->evtchn_lock); 40.190 + continue; 40.191 + } 40.192 + if ((*pd)->evtchn[port]->state == ECS_INTERDOMAIN) { 40.193 + rdom = (*pd)->evtchn[port]->u.interdomain.remote_dom; 40.194 + rdomid = rdom->domain_id; 40.195 + /* rdom now has remote domain */ 40.196 + ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.197 + (struct acm_ssid_domain *)(rdom->ssid)); 40.198 + ste_rssidref = ste_rssid->ste_ssidref; 40.199 + } else if ((*pd)->evtchn[port]->state == ECS_UNBOUND) { 40.200 + rdomid = (*pd)->evtchn[port]->u.unbound.remote_domid; 40.201 + if ((rdom = find_domain_by_id(rdomid)) == NULL) { 40.202 + printk("%s: Error finding domain to id %x!\n", __func__, rdomid); 40.203 + goto out; 40.204 + } 40.205 + /* rdom now has remote domain */ 40.206 + ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.207 + (struct acm_ssid_domain *)(rdom->ssid)); 40.208 + ste_rssidref = ste_rssid->ste_ssidref; 40.209 + put_domain(rdom); 40.210 + } else { 40.211 + spin_unlock(&(*pd)->evtchn_lock); 40.212 + continue; /* port unused */ 40.213 + } 40.214 + spin_unlock(&(*pd)->evtchn_lock); 40.215 + 40.216 + /* rdom now has remote domain */ 40.217 + ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.218 + (struct acm_ssid_domain *)(rdom->ssid)); 40.219 + ste_rssidref = ste_rssid->ste_ssidref; 40.220 + traceprintk("%s: eventch: domain %x (ssidref %x) --> domain %x (rssidref %x) used (port %x).\n", 40.221 + __func__, (*pd)->domain_id, ste_ssidref, rdom->domain_id, ste_rssidref, port); 40.222 + /* check whether on subj->ssid, obj->ssid share a common type*/ 40.223 + if (!have_common_type(ste_ssidref, ste_rssidref)) { 40.224 + printkd("%s: Policy violation in event channel domain %x -> domain %x.\n", 40.225 + __func__, (*pd)->domain_id, rdomid); 40.226 + goto out; 40.227 + } 40.228 + } 40.229 + /* b) check for grant table conflicts on shared pages */ 40.230 + if ((*pd)->grant_table->shared == NULL) { 40.231 + printkd("%s: Grant ... sharing for domain %x not setup!\n", __func__, (*pd)->domain_id); 40.232 + continue; 40.233 + } 40.234 + for ( i = 0; i < NR_GRANT_ENTRIES; i++ ) { 40.235 + sha_copy = (*pd)->grant_table->shared[i]; 40.236 + if ( sha_copy.flags ) { 40.237 + printkd("%s: grant dom (%hu) SHARED (%d) flags:(%hx) dom:(%hu) frame:(%lx)\n", 40.238 + __func__, (*pd)->domain_id, i, sha_copy.flags, sha_copy.domid, 40.239 + (unsigned long)sha_copy.frame); 40.240 + rdomid = sha_copy.domid; 40.241 + if ((rdom = find_domain_by_id(rdomid)) == NULL) { 40.242 + printkd("%s: domain not found ERROR!\n", __func__); 40.243 + goto out; 40.244 + }; 40.245 + /* rdom now has remote domain */ 40.246 + ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.247 + (struct acm_ssid_domain *)(rdom->ssid)); 40.248 + ste_rssidref = ste_rssid->ste_ssidref; 40.249 + put_domain(rdom); 40.250 + if (!have_common_type(ste_ssidref, ste_rssidref)) { 40.251 + printkd("%s: Policy violation in grant table sharing domain %x -> domain %x.\n", 40.252 + __func__, (*pd)->domain_id, rdomid); 40.253 + goto out; 40.254 + } 40.255 + } 40.256 + } 40.257 + } 40.258 + violation = 0; 40.259 + out: 40.260 + read_unlock(&domlist_lock); 40.261 + return violation; 40.262 + /* returning "violation != 0" means that existing sharing between domains would not 40.263 + * have been allowed if the new policy had been enforced before the sharing; for ste, 40.264 + * this means that there are at least 2 domains that have established sharing through 40.265 + * event-channels or grant-tables but these two domains don't have no longer a common 40.266 + * type in their typesets referenced by their ssidrefs */ 40.267 +} 40.268 + 40.269 +/* set new policy; policy write-locked already */ 40.270 +static int 40.271 +ste_set_policy(u8 *buf, u16 buf_size) 40.272 +{ 40.273 + struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf; 40.274 + void *ssidrefsbuf; 40.275 + struct ste_ssid *ste_ssid; 40.276 + struct domain **pd; 40.277 + int i; 40.278 + 40.279 + /* Convert endianess of policy */ 40.280 + ste_buf->policy_code = ntohs(ste_buf->policy_code); 40.281 + ste_buf->ste_max_types = ntohs(ste_buf->ste_max_types); 40.282 + ste_buf->ste_max_ssidrefs = ntohs(ste_buf->ste_max_ssidrefs); 40.283 + ste_buf->ste_ssid_offset = ntohs(ste_buf->ste_ssid_offset); 40.284 + 40.285 + /* 1. create and copy-in new ssidrefs buffer */ 40.286 + ssidrefsbuf = xmalloc_array(u8, sizeof(domaintype_t)*ste_buf->ste_max_types*ste_buf->ste_max_ssidrefs); 40.287 + if (ssidrefsbuf == NULL) { 40.288 + return -ENOMEM; 40.289 + } 40.290 + if (ste_buf->ste_ssid_offset + sizeof(domaintype_t) * ste_buf->ste_max_ssidrefs*ste_buf->ste_max_types > buf_size) 40.291 + goto error_free; 40.292 + 40.293 + arrcpy(ssidrefsbuf, 40.294 + buf + ste_buf->ste_ssid_offset, 40.295 + sizeof(domaintype_t), 40.296 + ste_buf->ste_max_ssidrefs*ste_buf->ste_max_types); 40.297 + 40.298 + /* 2. now re-calculate sharing decisions based on running domains; 40.299 + * this can fail if new policy is conflicting with sharing of running domains 40.300 + * now: reject violating new policy; future: adjust sharing through revoking sharing */ 40.301 + if (ste_init_state(ste_buf, (domaintype_t *)ssidrefsbuf)) { 40.302 + printk("%s: New policy conflicts with running domains. Policy load aborted.\n", __func__); 40.303 + goto error_free; /* new policy conflicts with sharing of running domains */ 40.304 + } 40.305 + /* 3. replace old policy (activate new policy) */ 40.306 + ste_bin_pol.max_types = ste_buf->ste_max_types; 40.307 + ste_bin_pol.max_ssidrefs = ste_buf->ste_max_ssidrefs; 40.308 + if (ste_bin_pol.ssidrefs) 40.309 + xfree(ste_bin_pol.ssidrefs); 40.310 + ste_bin_pol.ssidrefs = (domaintype_t *)ssidrefsbuf; 40.311 + 40.312 + /* clear all ste caches */ 40.313 + read_lock(&domlist_lock); 40.314 + pd = &domain_list; 40.315 + for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) { 40.316 + ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.317 + (struct acm_ssid_domain *)(*pd)->ssid); 40.318 + for (i=0; i<ACM_TE_CACHE_SIZE; i++) 40.319 + ste_ssid->ste_cache[i].valid = FREE; 40.320 + } 40.321 + read_unlock(&domlist_lock); 40.322 + return ACM_OK; 40.323 + 40.324 +error_free: 40.325 + printk("%s: ERROR setting policy.\n", __func__); 40.326 + if (ssidrefsbuf != NULL) xfree(ssidrefsbuf); 40.327 + return -EFAULT; 40.328 +} 40.329 + 40.330 +static int 40.331 +ste_dump_stats(u8 *buf, u16 buf_len) 40.332 +{ 40.333 + struct acm_ste_stats_buffer stats; 40.334 + 40.335 +#ifdef ACM_DEBUG 40.336 + int i; 40.337 + struct ste_ssid *ste_ssid; 40.338 + struct domain **pd; 40.339 + 40.340 + printk("ste: Decision caches:\n"); 40.341 + /* go through all domains and adjust policy as if this domain was started now */ 40.342 + read_lock(&domlist_lock); /* go by domain? or directly by global? event/grant list */ 40.343 + pd = &domain_list; 40.344 + for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) { 40.345 + printk("ste: Cache Domain %02x.\n", (*pd)->domain_id); 40.346 + ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.347 + (struct acm_ssid_domain *)(*pd)->ssid); 40.348 + for (i=0; i<ACM_TE_CACHE_SIZE; i++) 40.349 + printk("\t\tcache[%02x] = %s, domid=%x.\n", i, 40.350 + (ste_ssid->ste_cache[i].valid == VALID) ? 40.351 + "VALID" : "FREE", 40.352 + (ste_ssid->ste_cache[i].valid == VALID) ? 40.353 + ste_ssid->ste_cache[i].id : 0xffffffff); 40.354 + } 40.355 + read_unlock(&domlist_lock); 40.356 + /* init stats */ 40.357 + printk("STE-Policy Security Hook Statistics:\n"); 40.358 + printk("ste: event_channel eval_count = %x\n", atomic_read(&(ste_bin_pol.ec_eval_count))); 40.359 + printk("ste: event_channel denied_count = %x\n", atomic_read(&(ste_bin_pol.ec_denied_count))); 40.360 + printk("ste: event_channel cache_hit_count = %x\n", atomic_read(&(ste_bin_pol.ec_cachehit_count))); 40.361 + printk("ste:\n"); 40.362 + printk("ste: grant_table eval_count = %x\n", atomic_read(&(ste_bin_pol.gt_eval_count))); 40.363 + printk("ste: grant_table denied_count = %x\n", atomic_read(&(ste_bin_pol.gt_denied_count))); 40.364 + printk("ste: grant_table cache_hit_count = %x\n", atomic_read(&(ste_bin_pol.gt_cachehit_count))); 40.365 +#endif 40.366 + 40.367 + if (buf_len < sizeof(struct acm_ste_stats_buffer)) 40.368 + return -ENOMEM; 40.369 + 40.370 + /* now send the hook counts to user space */ 40.371 + stats.ec_eval_count = htonl(atomic_read(&ste_bin_pol.ec_eval_count)); 40.372 + stats.gt_eval_count = htonl(atomic_read(&ste_bin_pol.gt_eval_count)); 40.373 + stats.ec_denied_count = htonl(atomic_read(&ste_bin_pol.ec_denied_count)); 40.374 + stats.gt_denied_count = htonl(atomic_read(&ste_bin_pol.gt_denied_count)); 40.375 + stats.ec_cachehit_count = htonl(atomic_read(&ste_bin_pol.ec_cachehit_count)); 40.376 + stats.gt_cachehit_count = htonl(atomic_read(&ste_bin_pol.gt_cachehit_count)); 40.377 + memcpy(buf, &stats, sizeof(struct acm_ste_stats_buffer)); 40.378 + return sizeof(struct acm_ste_stats_buffer); 40.379 +} 40.380 + 40.381 + 40.382 +/* we need to go through this before calling the hooks, 40.383 + * returns 1 == cache hit */ 40.384 +static int inline 40.385 +check_cache(struct domain *dom, domid_t rdom) { 40.386 + struct ste_ssid *ste_ssid; 40.387 + int i; 40.388 + 40.389 + printkd("checking cache: %x --> %x.\n", dom->domain_id, rdom); 40.390 + ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.391 + (struct acm_ssid_domain *)(dom)->ssid); 40.392 + 40.393 + for(i=0; i< ACM_TE_CACHE_SIZE; i++) { 40.394 + if ((ste_ssid->ste_cache[i].valid == VALID) && 40.395 + (ste_ssid->ste_cache[i].id == rdom)) { 40.396 + printkd("cache hit (entry %x, id= %x!\n", i, ste_ssid->ste_cache[i].id); 40.397 + return 1; 40.398 + } 40.399 + } 40.400 + return 0; 40.401 +} 40.402 + 40.403 + 40.404 +/* we only get here if there is NO entry yet; no duplication check! */ 40.405 +static void inline 40.406 +cache_result(struct domain *subj, struct domain *obj) { 40.407 + struct ste_ssid *ste_ssid; 40.408 + int i; 40.409 + printkd("caching from doms: %x --> %x.\n", subj->domain_id, obj->domain_id); 40.410 + ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.411 + (struct acm_ssid_domain *)(subj)->ssid); 40.412 + for(i=0; i< ACM_TE_CACHE_SIZE; i++) 40.413 + if (ste_ssid->ste_cache[i].valid == FREE) 40.414 + break; 40.415 + if (i< ACM_TE_CACHE_SIZE) { 40.416 + ste_ssid->ste_cache[i].valid = VALID; 40.417 + ste_ssid->ste_cache[i].id = obj->domain_id; 40.418 + } else 40.419 + printk ("Cache of dom %x is full!\n", subj->domain_id); 40.420 +} 40.421 + 40.422 +/* deletes entries for domain 'id' from all caches (re-use) */ 40.423 +static void inline 40.424 +clean_id_from_cache(domid_t id) 40.425 +{ 40.426 + struct ste_ssid *ste_ssid; 40.427 + int i; 40.428 + struct domain **pd; 40.429 + 40.430 + printkd("deleting cache for dom %x.\n", id); 40.431 + 40.432 + read_lock(&domlist_lock); /* look through caches of all domains */ 40.433 + pd = &domain_list; 40.434 + for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) { 40.435 + ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 40.436 + (struct acm_ssid_domain *)(*pd)->ssid); 40.437 + for (i=0; i<ACM_TE_CACHE_SIZE; i++) 40.438 + if ((ste_ssid->ste_cache[i].valid == VALID) && 40.439 + (ste_ssid->ste_cache[i].id = id)) 40.440 + ste_ssid->ste_cache[i].valid = FREE; 40.441 + } 40.442 + read_unlock(&domlist_lock); 40.443 +} 40.444 + 40.445 +/*************************** 40.446 + * Authorization functions 40.447 + **************************/ 40.448 + 40.449 +static int 40.450 +ste_pre_domain_create(void *subject_ssid, ssidref_t ssidref) 40.451 +{ 40.452 + /* check for ssidref in range for policy */ 40.453 + ssidref_t ste_ssidref; 40.454 + traceprintk("%s.\n", __func__); 40.455 + 40.456 + read_lock(&acm_bin_pol_rwlock); 40.457 + ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref); 40.458 + if (ste_ssidref == ACM_DEFAULT_LOCAL_SSID) { 40.459 + printk("%s: ERROR STE SSID is NOT SET but policy enforced.\n", __func__); 40.460 + read_unlock(&acm_bin_pol_rwlock); 40.461 + return ACM_ACCESS_DENIED; /* catching and indicating config error */ 40.462 + } 40.463 + if (ste_ssidref >= ste_bin_pol.max_ssidrefs) { 40.464 + printk("%s: ERROR ste_ssidref > max(%x).\n", 40.465 + __func__, ste_bin_pol.max_ssidrefs-1); 40.466 + read_unlock(&acm_bin_pol_rwlock); 40.467 + return ACM_ACCESS_DENIED; 40.468 + } 40.469 + read_unlock(&acm_bin_pol_rwlock); 40.470 + return ACM_ACCESS_PERMITTED; 40.471 +} 40.472 + 40.473 +static void 40.474 +ste_post_domain_destroy(void *subject_ssid, domid_t id) 40.475 +{ 40.476 + /* clean all cache entries for destroyed domain (might be re-used) */ 40.477 + clean_id_from_cache(id); 40.478 +} 40.479 + 40.480 +/* -------- EVENTCHANNEL OPERATIONS -----------*/ 40.481 +static int 40.482 +ste_pre_eventchannel_unbound(domid_t id) { 40.483 + struct domain *subj, *obj; 40.484 + int ret; 40.485 + traceprintk("%s: dom%x-->dom%x.\n", 40.486 + __func__, current->domain->domain_id, id); 40.487 + 40.488 + if (check_cache(current->domain, id)) { 40.489 + atomic_inc(&ste_bin_pol.ec_cachehit_count); 40.490 + return ACM_ACCESS_PERMITTED; 40.491 + } 40.492 + atomic_inc(&ste_bin_pol.ec_eval_count); 40.493 + subj = current->domain; 40.494 + obj = find_domain_by_id(id); 40.495 + 40.496 + if (share_common_type(subj, obj)) { 40.497 + cache_result(subj, obj); 40.498 + ret = ACM_ACCESS_PERMITTED; 40.499 + } else { 40.500 + atomic_inc(&ste_bin_pol.ec_denied_count); 40.501 + ret = ACM_ACCESS_DENIED; 40.502 + } 40.503 + if (obj != NULL) 40.504 + put_domain(obj); 40.505 + return ret; 40.506 +} 40.507 + 40.508 +static int 40.509 +ste_pre_eventchannel_interdomain(domid_t id1, domid_t id2) 40.510 +{ 40.511 + struct domain *subj, *obj; 40.512 + int ret; 40.513 + traceprintk("%s: dom%x-->dom%x.\n", __func__, 40.514 + (id1 == DOMID_SELF) ? current->domain->domain_id : id1, 40.515 + (id2 == DOMID_SELF) ? current->domain->domain_id : id2); 40.516 + 40.517 + /* following is a bit longer but ensures that we 40.518 + * "put" only domains that we where "find"-ing 40.519 + */ 40.520 + if (id1 == DOMID_SELF) id1 = current->domain->domain_id; 40.521 + if (id2 == DOMID_SELF) id2 = current->domain->domain_id; 40.522 + 40.523 + subj = find_domain_by_id(id1); 40.524 + obj = find_domain_by_id(id2); 40.525 + if ((subj == NULL) || (obj == NULL)) { 40.526 + ret = ACM_ACCESS_DENIED; 40.527 + goto out; 40.528 + } 40.529 + /* cache check late, but evtchn is not on performance critical path */ 40.530 + if (check_cache(subj, obj->domain_id)) { 40.531 + atomic_inc(&ste_bin_pol.ec_cachehit_count); 40.532 + ret = ACM_ACCESS_PERMITTED; 40.533 + goto out; 40.534 + } 40.535 + atomic_inc(&ste_bin_pol.ec_eval_count); 40.536 + 40.537 + if (share_common_type(subj, obj)) { 40.538 + cache_result(subj, obj); 40.539 + ret = ACM_ACCESS_PERMITTED; 40.540 + } else { 40.541 + atomic_inc(&ste_bin_pol.ec_denied_count); 40.542 + ret = ACM_ACCESS_DENIED; 40.543 + } 40.544 + out: 40.545 + if (obj != NULL) 40.546 + put_domain(obj); 40.547 + if (subj != NULL) 40.548 + put_domain(subj); 40.549 + return ret; 40.550 +} 40.551 + 40.552 +/* -------- SHARED MEMORY OPERATIONS -----------*/ 40.553 + 40.554 +static int 40.555 +ste_pre_grant_map_ref (domid_t id) { 40.556 + struct domain *obj, *subj; 40.557 + int ret; 40.558 + traceprintk("%s: dom%x-->dom%x.\n", __func__, 40.559 + current->domain->domain_id, id); 40.560 + 40.561 + if (check_cache(current->domain, id)) { 40.562 + atomic_inc(&ste_bin_pol.gt_cachehit_count); 40.563 + return ACM_ACCESS_PERMITTED; 40.564 + } 40.565 + atomic_inc(&ste_bin_pol.gt_eval_count); 40.566 + subj = current->domain; 40.567 + obj = find_domain_by_id(id); 40.568 + 40.569 + if (share_common_type(subj, obj)) { 40.570 + cache_result(subj, obj); 40.571 + ret = ACM_ACCESS_PERMITTED; 40.572 + } else { 40.573 + atomic_inc(&ste_bin_pol.gt_denied_count); 40.574 + printkd("%s: ACCESS DENIED!\n", __func__); 40.575 + ret = ACM_ACCESS_DENIED; 40.576 + } 40.577 + if (obj != NULL) 40.578 + put_domain(obj); 40.579 + return ret; 40.580 +} 40.581 + 40.582 +/* since setting up grant tables involves some implicit information 40.583 + flow from the creating domain to the domain that is setup, we 40.584 + check types in addition to the general authorization */ 40.585 +static int 40.586 +ste_pre_grant_setup (domid_t id) { 40.587 + struct domain *obj, *subj; 40.588 + int ret; 40.589 + traceprintk("%s: dom%x-->dom%x.\n", __func__, 40.590 + current->domain->domain_id, id); 40.591 + 40.592 + if (check_cache(current->domain, id)) { 40.593 + atomic_inc(&ste_bin_pol.gt_cachehit_count); 40.594 + return ACM_ACCESS_PERMITTED; 40.595 + } 40.596 + atomic_inc(&ste_bin_pol.gt_eval_count); 40.597 + /* a) check authorization (eventually use specific capabilities) */ 40.598 + if (!IS_PRIV(current->domain)) { 40.599 + printk("%s: Grant table management authorization denied ERROR!\n", __func__); 40.600 + return ACM_ACCESS_DENIED; 40.601 + } 40.602 + /* b) check types */ 40.603 + subj = current->domain; 40.604 + obj = find_domain_by_id(id); 40.605 + 40.606 + if (share_common_type(subj, obj)) { 40.607 + cache_result(subj, obj); 40.608 + ret = ACM_ACCESS_PERMITTED; 40.609 + } else { 40.610 + atomic_inc(&ste_bin_pol.gt_denied_count); 40.611 + ret = ACM_ACCESS_DENIED; 40.612 + } 40.613 + if (obj != NULL) 40.614 + put_domain(obj); 40.615 + return ret; 40.616 +} 40.617 + 40.618 +/* now define the hook structure similarly to LSM */ 40.619 +struct acm_operations acm_simple_type_enforcement_ops = { 40.620 + /* policy management services */ 40.621 + .init_domain_ssid = ste_init_domain_ssid, 40.622 + .free_domain_ssid = ste_free_domain_ssid, 40.623 + .dump_binary_policy = ste_dump_policy, 40.624 + .set_binary_policy = ste_set_policy, 40.625 + .dump_statistics = ste_dump_stats, 40.626 + /* domain management control hooks */ 40.627 + .pre_domain_create = ste_pre_domain_create, 40.628 + .post_domain_create = NULL, 40.629 + .fail_domain_create = NULL, 40.630 + .post_domain_destroy = ste_post_domain_destroy, 40.631 + /* event channel control hooks */ 40.632 + .pre_eventchannel_unbound = ste_pre_eventchannel_unbound, 40.633 + .fail_eventchannel_unbound = NULL, 40.634 + .pre_eventchannel_interdomain = ste_pre_eventchannel_interdomain, 40.635 + .fail_eventchannel_interdomain = NULL, 40.636 + /* grant table control hooks */ 40.637 + .pre_grant_map_ref = ste_pre_grant_map_ref, 40.638 + .fail_grant_map_ref = NULL, 40.639 + .pre_grant_setup = ste_pre_grant_setup, 40.640 + .fail_grant_setup = NULL, 40.641 +};
41.1 --- a/xen/arch/ia64/Makefile Sat Jun 18 00:49:11 2005 +0000 41.2 +++ b/xen/arch/ia64/Makefile Tue Jun 21 07:02:30 2005 +0000 41.3 @@ -15,7 +15,7 @@ OBJS = xensetup.o setup.o time.o irq.o i 41.4 ifeq ($(CONFIG_VTI),y) 41.5 OBJS += vmx_init.o vmx_virt.o vmx_vcpu.o vmx_process.o vmx_vsa.o vmx_ivt.o \ 41.6 vmx_phy_mode.o vmx_utility.o vmx_interrupt.o vmx_entry.o vmmu.o \ 41.7 - vtlb.o mmio.o vlsapic.o 41.8 + vtlb.o mmio.o vlsapic.o vmx_hypercall.o mm.o 41.9 endif 41.10 # perfmon.o 41.11 # unwind.o needed for kernel unwinding (rare)
42.1 --- a/xen/arch/ia64/asm-offsets.c Sat Jun 18 00:49:11 2005 +0000 42.2 +++ b/xen/arch/ia64/asm-offsets.c Tue Jun 21 07:02:30 2005 +0000 42.3 @@ -75,6 +75,9 @@ void foo(void) 42.4 DEFINE(IA64_VCPU_META_SAVED_RR0_OFFSET, offsetof (struct vcpu, arch.metaphysical_saved_rr0)); 42.5 DEFINE(IA64_VCPU_BREAKIMM_OFFSET, offsetof (struct vcpu, arch.breakimm)); 42.6 DEFINE(IA64_VCPU_IVA_OFFSET, offsetof (struct vcpu, arch.iva)); 42.7 + DEFINE(IA64_VCPU_IRR0_OFFSET, offsetof (struct vcpu, arch.irr[0])); 42.8 + DEFINE(IA64_VCPU_IRR3_OFFSET, offsetof (struct vcpu, arch.irr[3])); 42.9 + DEFINE(IA64_VCPU_INSVC3_OFFSET, offsetof (struct vcpu, arch.insvc[3])); 42.10 42.11 BLANK(); 42.12
43.1 --- a/xen/arch/ia64/dom0_ops.c Sat Jun 18 00:49:11 2005 +0000 43.2 +++ b/xen/arch/ia64/dom0_ops.c Tue Jun 21 07:02:30 2005 +0000 43.3 @@ -18,14 +18,6 @@ 43.4 #include <xen/console.h> 43.5 #include <public/sched_ctl.h> 43.6 43.7 -#define TRC_DOM0OP_ENTER_BASE 0x00020000 43.8 -#define TRC_DOM0OP_LEAVE_BASE 0x00030000 43.9 - 43.10 -static int msr_cpu_mask; 43.11 -static unsigned long msr_addr; 43.12 -static unsigned long msr_lo; 43.13 -static unsigned long msr_hi; 43.14 - 43.15 long arch_do_dom0_op(dom0_op_t *op, dom0_op_t *u_dom0_op) 43.16 { 43.17 long ret = 0; 43.18 @@ -35,6 +27,49 @@ long arch_do_dom0_op(dom0_op_t *op, dom0 43.19 43.20 switch ( op->cmd ) 43.21 { 43.22 + /* 43.23 + * NOTE: DOM0_GETMEMLIST has somewhat different semantics on IA64 - 43.24 + * it actually allocates and maps pages. 43.25 + */ 43.26 + case DOM0_GETMEMLIST: 43.27 + { 43.28 + unsigned long i; 43.29 + struct domain *d = find_domain_by_id(op->u.getmemlist.domain); 43.30 + unsigned long start_page = op->u.getmemlist.max_pfns >> 32; 43.31 + unsigned long nr_pages = op->u.getmemlist.max_pfns & 0xffffffff; 43.32 + unsigned long pfn; 43.33 + unsigned long *buffer = op->u.getmemlist.buffer; 43.34 + struct page *page; 43.35 + 43.36 + ret = -EINVAL; 43.37 + if ( d != NULL ) 43.38 + { 43.39 + ret = 0; 43.40 + 43.41 + for ( i = start_page; i < (start_page + nr_pages); i++ ) 43.42 + { 43.43 + page = map_new_domain_page(d, i << PAGE_SHIFT); 43.44 + if ( page == NULL ) 43.45 + { 43.46 + ret = -ENOMEM; 43.47 + break; 43.48 + } 43.49 + pfn = page_to_pfn(page); 43.50 + if ( put_user(pfn, buffer) ) 43.51 + { 43.52 + ret = -EFAULT; 43.53 + break; 43.54 + } 43.55 + buffer++; 43.56 + } 43.57 + 43.58 + op->u.getmemlist.num_pfns = i - start_page; 43.59 + copy_to_user(u_dom0_op, op, sizeof(*op)); 43.60 + 43.61 + put_domain(d); 43.62 + } 43.63 + } 43.64 + break; 43.65 43.66 default: 43.67 ret = -ENOSYS; 43.68 @@ -43,10 +78,3 @@ long arch_do_dom0_op(dom0_op_t *op, dom0 43.69 43.70 return ret; 43.71 } 43.72 - 43.73 -void arch_getdomaininfo_ctxt(struct domain *d, struct vcpu_guest_context *c) 43.74 -{ 43.75 - int i; 43.76 - 43.77 - dummy(); 43.78 -}
44.1 --- a/xen/arch/ia64/domain.c Sat Jun 18 00:49:11 2005 +0000 44.2 +++ b/xen/arch/ia64/domain.c Tue Jun 21 07:02:30 2005 +0000 44.3 @@ -76,7 +76,7 @@ extern unsigned long dom_fw_setup(struct 44.4 /* this belongs in include/asm, but there doesn't seem to be a suitable place */ 44.5 void free_perdomain_pt(struct domain *d) 44.6 { 44.7 - dummy(); 44.8 + printf("free_perdomain_pt: not implemented\n"); 44.9 //free_page((unsigned long)d->mm.perdomain_pt); 44.10 } 44.11 44.12 @@ -166,27 +166,49 @@ void arch_free_vcpu_struct(struct vcpu * 44.13 free_xenheap_pages(v, KERNEL_STACK_SIZE_ORDER); 44.14 } 44.15 44.16 +static void init_switch_stack(struct vcpu *v) 44.17 +{ 44.18 + struct pt_regs *regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1; 44.19 + struct switch_stack *sw = (struct switch_stack *) regs - 1; 44.20 + extern void ia64_ret_from_clone; 44.21 + 44.22 + memset(sw, 0, sizeof(struct switch_stack) + sizeof(struct pt_regs)); 44.23 + sw->ar_bspstore = (unsigned long)v + IA64_RBS_OFFSET; 44.24 + sw->b0 = (unsigned long) &ia64_ret_from_clone; 44.25 + sw->ar_fpsr = FPSR_DEFAULT; 44.26 + v->arch._thread.ksp = (unsigned long) sw - 16; 44.27 + // stay on kernel stack because may get interrupts! 44.28 + // ia64_ret_from_clone (which b0 gets in new_thread) switches 44.29 + // to user stack 44.30 + v->arch._thread.on_ustack = 0; 44.31 + memset(v->arch._thread.fph,0,sizeof(struct ia64_fpreg)*96); 44.32 +} 44.33 + 44.34 #ifdef CONFIG_VTI 44.35 void arch_do_createdomain(struct vcpu *v) 44.36 { 44.37 struct domain *d = v->domain; 44.38 struct thread_info *ti = alloc_thread_info(v); 44.39 44.40 - /* If domain is VMX domain, shared info area is created 44.41 - * by domain and then domain notifies HV by specific hypercall. 44.42 - * If domain is xenolinux, shared info area is created by 44.43 - * HV. 44.44 - * Since we have no idea about whether domain is VMX now, 44.45 - * (dom0 when parse and domN when build), postpone possible 44.46 - * allocation. 44.47 - */ 44.48 + /* Clear thread_info to clear some important fields, like preempt_count */ 44.49 + memset(ti, 0, sizeof(struct thread_info)); 44.50 + init_switch_stack(v); 44.51 + 44.52 + /* Shared info area is required to be allocated at domain 44.53 + * creation, since control panel will write some I/O info 44.54 + * between front end and back end to that area. However for 44.55 + * vmx domain, our design is to let domain itself to allcoate 44.56 + * shared info area, to keep machine page contiguous. So this 44.57 + * page will be released later when domainN issues request 44.58 + * after up. 44.59 + */ 44.60 + d->shared_info = (void *)alloc_xenheap_page(); 44.61 44.62 /* FIXME: Because full virtual cpu info is placed in this area, 44.63 * it's unlikely to put it into one shareinfo page. Later 44.64 * need split vcpu context from vcpu_info and conforms to 44.65 * normal xen convention. 44.66 */ 44.67 - d->shared_info = NULL; 44.68 v->vcpu_info = (void *)alloc_xenheap_page(); 44.69 if (!v->vcpu_info) { 44.70 printk("ERROR/HALTING: CAN'T ALLOC PAGE\n"); 44.71 @@ -194,9 +216,6 @@ void arch_do_createdomain(struct vcpu *v 44.72 } 44.73 memset(v->vcpu_info, 0, PAGE_SIZE); 44.74 44.75 - /* Clear thread_info to clear some important fields, like preempt_count */ 44.76 - memset(ti, 0, sizeof(struct thread_info)); 44.77 - 44.78 /* Allocate per-domain vTLB and vhpt */ 44.79 v->arch.vtlb = init_domain_tlb(v); 44.80 44.81 @@ -211,38 +230,25 @@ void arch_do_createdomain(struct vcpu *v 44.82 d->xen_vastart = 0xf000000000000000; 44.83 d->xen_vaend = 0xf300000000000000; 44.84 d->arch.breakimm = 0x1000; 44.85 - 44.86 - // stay on kernel stack because may get interrupts! 44.87 - // ia64_ret_from_clone (which b0 gets in new_thread) switches 44.88 - // to user stack 44.89 - v->arch._thread.on_ustack = 0; 44.90 } 44.91 #else // CONFIG_VTI 44.92 void arch_do_createdomain(struct vcpu *v) 44.93 { 44.94 struct domain *d = v->domain; 44.95 + struct thread_info *ti = alloc_thread_info(v); 44.96 + 44.97 + /* Clear thread_info to clear some important fields, like preempt_count */ 44.98 + memset(ti, 0, sizeof(struct thread_info)); 44.99 + init_switch_stack(v); 44.100 44.101 d->shared_info = (void *)alloc_xenheap_page(); 44.102 - v->vcpu_info = (void *)alloc_xenheap_page(); 44.103 - if (!v->vcpu_info) { 44.104 + if (!d->shared_info) { 44.105 printk("ERROR/HALTING: CAN'T ALLOC PAGE\n"); 44.106 while (1); 44.107 } 44.108 - memset(v->vcpu_info, 0, PAGE_SIZE); 44.109 - /* pin mapping */ 44.110 - // FIXME: Does this belong here? Or do only at domain switch time? 44.111 -#if 0 44.112 - // this is now done in ia64_new_rr7 44.113 - { 44.114 - /* WARNING: following must be inlined to avoid nested fault */ 44.115 - unsigned long psr = ia64_clear_ic(); 44.116 - ia64_itr(0x2, IA64_TR_SHARED_INFO, SHAREDINFO_ADDR, 44.117 - pte_val(pfn_pte(ia64_tpa(d->shared_info) >> PAGE_SHIFT, PAGE_KERNEL)), 44.118 - PAGE_SHIFT); 44.119 - ia64_set_psr(psr); 44.120 - ia64_srlz_i(); 44.121 - } 44.122 -#endif 44.123 + memset(d->shared_info, 0, PAGE_SIZE); 44.124 + v->vcpu_info = &(d->shared_info->vcpu_data[0]); 44.125 + 44.126 d->max_pages = (128*1024*1024)/PAGE_SIZE; // 128MB default // FIXME 44.127 if ((d->arch.metaphysical_rr0 = allocate_metaphysical_rr0()) == -1UL) 44.128 BUG(); 44.129 @@ -258,33 +264,63 @@ void arch_do_createdomain(struct vcpu *v 44.130 d->shared_info_va = 0xf100000000000000; 44.131 d->arch.breakimm = 0x1000; 44.132 v->arch.breakimm = d->arch.breakimm; 44.133 - // stay on kernel stack because may get interrupts! 44.134 - // ia64_ret_from_clone (which b0 gets in new_thread) switches 44.135 - // to user stack 44.136 - v->arch._thread.on_ustack = 0; 44.137 + 44.138 + d->arch.mm = xmalloc(struct mm_struct); 44.139 + if (unlikely(!d->arch.mm)) { 44.140 + printk("Can't allocate mm_struct for domain %d\n",d->domain_id); 44.141 + return -ENOMEM; 44.142 + } 44.143 + memset(d->arch.mm, 0, sizeof(*d->arch.mm)); 44.144 + d->arch.mm->pgd = pgd_alloc(d->arch.mm); 44.145 + if (unlikely(!d->arch.mm->pgd)) { 44.146 + printk("Can't allocate pgd for domain %d\n",d->domain_id); 44.147 + return -ENOMEM; 44.148 + } 44.149 } 44.150 #endif // CONFIG_VTI 44.151 44.152 -void arch_do_boot_vcpu(struct vcpu *v) 44.153 +void arch_getdomaininfo_ctxt(struct vcpu *v, struct vcpu_guest_context *c) 44.154 { 44.155 - return; 44.156 + struct pt_regs *regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1; 44.157 + 44.158 + printf("arch_getdomaininfo_ctxt\n"); 44.159 + c->regs = *regs; 44.160 + c->vcpu = v->vcpu_info->arch; 44.161 + c->shared = v->domain->shared_info->arch; 44.162 } 44.163 44.164 int arch_set_info_guest(struct vcpu *v, struct vcpu_guest_context *c) 44.165 { 44.166 - dummy(); 44.167 - return 1; 44.168 + struct pt_regs *regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1; 44.169 + 44.170 + printf("arch_set_info_guest\n"); 44.171 + *regs = c->regs; 44.172 + regs->cr_ipsr = IA64_PSR_IT|IA64_PSR_DT|IA64_PSR_RT|IA64_PSR_IC|IA64_PSR_I|IA64_PSR_DFH|IA64_PSR_BN|IA64_PSR_SP|IA64_PSR_DI; 44.173 + regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; 44.174 + regs->ar_rsc |= (2 << 2); /* force PL2/3 */ 44.175 + 44.176 + v->vcpu_info->arch = c->vcpu; 44.177 + init_all_rr(v); 44.178 + 44.179 + // this should be in userspace 44.180 + regs->r28 = dom_fw_setup(v->domain,"nomca nosmp xencons=ttyS console=ttyS0",256L); //FIXME 44.181 + v->vcpu_info->arch.banknum = 1; 44.182 + v->vcpu_info->arch.metaphysical_mode = 1; 44.183 + 44.184 + v->domain->shared_info->arch = c->shared; 44.185 + return 0; 44.186 } 44.187 44.188 -int arch_final_setup_guest(struct vcpu *v, struct vcpu_guest_context *c) 44.189 +void arch_do_boot_vcpu(struct vcpu *v) 44.190 { 44.191 - dummy(); 44.192 - return 1; 44.193 + printf("arch_do_boot_vcpu: not implemented\n"); 44.194 + return; 44.195 } 44.196 44.197 void domain_relinquish_resources(struct domain *d) 44.198 { 44.199 - dummy(); 44.200 + /* FIXME */ 44.201 + printf("domain_relinquish_resources: not implemented\n"); 44.202 } 44.203 44.204 #ifdef CONFIG_VTI 44.205 @@ -294,10 +330,8 @@ void new_thread(struct vcpu *v, 44.206 unsigned long start_info) 44.207 { 44.208 struct domain *d = v->domain; 44.209 - struct switch_stack *sw; 44.210 struct xen_regs *regs; 44.211 struct ia64_boot_param *bp; 44.212 - extern char ia64_ret_from_clone; 44.213 extern char saved_command_line[]; 44.214 //char *dom0_cmdline = "BOOT_IMAGE=scsi0:\EFI\redhat\xenlinux nomca root=/dev/sdb1 ro"; 44.215 44.216 @@ -305,11 +339,8 @@ void new_thread(struct vcpu *v, 44.217 #ifdef CONFIG_DOMAIN0_CONTIGUOUS 44.218 if (d == dom0) start_pc += dom0_start; 44.219 #endif 44.220 - regs = (struct xen_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1; 44.221 - sw = (struct switch_stack *) regs - 1; 44.222 - /* Sanity Clear */ 44.223 - memset(sw, 0, sizeof(struct xen_regs) + sizeof(struct switch_stack)); 44.224 44.225 + regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1; 44.226 if (VMX_DOMAIN(v)) { 44.227 /* dt/rt/it:1;i/ic:1, si:1, vm/bn:1, ac:1 */ 44.228 regs->cr_ipsr = 0x501008826008; /* Need to be expanded as macro */ 44.229 @@ -320,33 +351,23 @@ void new_thread(struct vcpu *v, 44.230 regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; // domain runs at PL2 44.231 } 44.232 regs->cr_iip = start_pc; 44.233 - regs->ar_rsc = 0x0; 44.234 - regs->cr_ifs = 0x0; 44.235 - regs->ar_fpsr = sw->ar_fpsr = FPSR_DEFAULT; 44.236 - sw->ar_bspstore = (unsigned long)v + IA64_RBS_OFFSET; 44.237 - printf("new_thread: v=%p, regs=%p, sw=%p, new_rbs=%p, IA64_STK_OFFSET=%p, &r8=%p\n", 44.238 - v,regs,sw,sw->ar_bspstore,IA64_STK_OFFSET,®s->r8); 44.239 - printf("iip:0x%lx,ipsr:0x%lx\n", regs->cr_iip, regs->cr_ipsr); 44.240 - 44.241 - sw->b0 = (unsigned long) &ia64_ret_from_clone; 44.242 - v->arch._thread.ksp = (unsigned long) sw - 16; 44.243 - printk("new_thread, about to call init_all_rr\n"); 44.244 + regs->cr_ifs = 0; /* why? - matthewc */ 44.245 + regs->ar_fpsr = FPSR_DEFAULT; 44.246 if (VMX_DOMAIN(v)) { 44.247 vmx_init_all_rr(v); 44.248 } else 44.249 init_all_rr(v); 44.250 - // set up boot parameters (and fake firmware) 44.251 - printk("new_thread, about to call dom_fw_setup\n"); 44.252 - VMX_VPD(v,vgr[12]) = dom_fw_setup(d,saved_command_line,256L); //FIXME 44.253 - printk("new_thread, done with dom_fw_setup\n"); 44.254 44.255 if (VMX_DOMAIN(v)) { 44.256 + VMX_VPD(v,vgr[12]) = dom_fw_setup(d,saved_command_line,256L); 44.257 /* Virtual processor context setup */ 44.258 VMX_VPD(v, vpsr) = IA64_PSR_BN; 44.259 VPD_CR(v, dcr) = 0; 44.260 } else { 44.261 - // don't forget to set this! 44.262 + regs->r28 = dom_fw_setup(d,saved_command_line,256L); 44.263 v->vcpu_info->arch.banknum = 1; 44.264 + v->vcpu_info->arch.metaphysical_mode = 1; 44.265 + d->shared_info->arch.flags = (d == dom0) ? (SIF_INITDOMAIN|SIF_PRIVILEGED|SIF_BLK_BE_DOMAIN|SIF_NET_BE_DOMAIN|SIF_USB_BE_DOMAIN) : 0; 44.266 } 44.267 } 44.268 #else // CONFIG_VTI 44.269 @@ -359,54 +380,27 @@ void new_thread(struct vcpu *v, 44.270 unsigned long start_info) 44.271 { 44.272 struct domain *d = v->domain; 44.273 - struct switch_stack *sw; 44.274 struct pt_regs *regs; 44.275 - unsigned long new_rbs; 44.276 struct ia64_boot_param *bp; 44.277 - extern char ia64_ret_from_clone; 44.278 extern char saved_command_line[]; 44.279 44.280 #ifdef CONFIG_DOMAIN0_CONTIGUOUS 44.281 if (d == dom0) start_pc += dom0_start; 44.282 #endif 44.283 + 44.284 regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1; 44.285 - sw = (struct switch_stack *) regs - 1; 44.286 - memset(sw,0,sizeof(struct switch_stack)+sizeof(struct pt_regs)); 44.287 - new_rbs = (unsigned long) v + IA64_RBS_OFFSET; 44.288 regs->cr_ipsr = ia64_getreg(_IA64_REG_PSR) 44.289 | IA64_PSR_BITS_TO_SET | IA64_PSR_BN 44.290 & ~(IA64_PSR_BITS_TO_CLEAR | IA64_PSR_RI | IA64_PSR_IS); 44.291 regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; // domain runs at PL2 44.292 regs->cr_iip = start_pc; 44.293 - regs->ar_rsc = 0; /* lazy mode */ 44.294 - regs->ar_rnat = 0; 44.295 - regs->ar_fpsr = sw->ar_fpsr = FPSR_DEFAULT; 44.296 - regs->loadrs = 0; 44.297 - //regs->r8 = current->mm->dumpable; /* set "don't zap registers" flag */ 44.298 - //regs->r8 = 0x01234567890abcdef; // FIXME: temp marker 44.299 - //regs->r12 = ((unsigned long) regs - 16); /* 16 byte scratch */ 44.300 regs->cr_ifs = 1UL << 63; 44.301 - regs->pr = 0; 44.302 - sw->pr = 0; 44.303 - regs->ar_pfs = 0; 44.304 - sw->caller_unat = 0; 44.305 - sw->ar_pfs = 0; 44.306 - sw->ar_bspstore = new_rbs; 44.307 - //regs->r13 = (unsigned long) v; 44.308 -printf("new_thread: v=%p, start_pc=%p, regs=%p, sw=%p, new_rbs=%p, IA64_STK_OFFSET=%p, &r8=%p\n", 44.309 -v,start_pc,regs,sw,new_rbs,IA64_STK_OFFSET,®s->r8); 44.310 - sw->b0 = (unsigned long) &ia64_ret_from_clone; 44.311 - v->arch._thread.ksp = (unsigned long) sw - 16; 44.312 - //v->thread_info->flags = 0; 44.313 -printk("new_thread, about to call init_all_rr\n"); 44.314 + regs->ar_fpsr = FPSR_DEFAULT; 44.315 init_all_rr(v); 44.316 - // set up boot parameters (and fake firmware) 44.317 -printk("new_thread, about to call dom_fw_setup\n"); 44.318 regs->r28 = dom_fw_setup(d,saved_command_line,256L); //FIXME 44.319 -printk("new_thread, done with dom_fw_setup\n"); 44.320 - // don't forget to set this! 44.321 v->vcpu_info->arch.banknum = 1; 44.322 - memset(v->arch._thread.fph,0,sizeof(struct ia64_fpreg)*96); 44.323 + v->vcpu_info->arch.metaphysical_mode = 1; 44.324 + d->shared_info->arch.flags = (d == dom0) ? (SIF_INITDOMAIN|SIF_PRIVILEGED|SIF_BLK_BE_DOMAIN|SIF_NET_BE_DOMAIN|SIF_USB_BE_DOMAIN) : 0; 44.325 } 44.326 #endif // CONFIG_VTI 44.327 44.328 @@ -1037,21 +1031,6 @@ int construct_dom0(struct domain *d, 44.329 strcpy(d->name,"Domain0"); 44.330 #endif 44.331 44.332 - // prepare domain0 pagetable (maps METAphysical to physical) 44.333 - // following is roughly mm_init() in linux/kernel/fork.c 44.334 - d->arch.mm = xmalloc(struct mm_struct); 44.335 - if (unlikely(!d->arch.mm)) { 44.336 - printk("Can't allocate mm_struct for domain0\n"); 44.337 - return -ENOMEM; 44.338 - } 44.339 - memset(d->arch.mm, 0, sizeof(*d->arch.mm)); 44.340 - d->arch.mm->pgd = pgd_alloc(d->arch.mm); 44.341 - if (unlikely(!d->arch.mm->pgd)) { 44.342 - printk("Can't allocate pgd for domain0\n"); 44.343 - return -ENOMEM; 44.344 - } 44.345 - 44.346 - 44.347 /* Mask all upcalls... */ 44.348 for ( i = 0; i < MAX_VIRT_CPUS; i++ ) 44.349 d->shared_info->vcpu_data[i].evtchn_upcall_mask = 1; 44.350 @@ -1146,19 +1125,6 @@ int construct_domU(struct domain *d, 44.351 printk("parsedomainelfimage returns %d\n",rc); 44.352 if ( rc != 0 ) return rc; 44.353 44.354 - d->arch.mm = xmalloc(struct mm_struct); 44.355 - if (unlikely(!d->arch.mm)) { 44.356 - printk("Can't allocate mm_struct for domain %d\n",d->domain_id); 44.357 - return -ENOMEM; 44.358 - } 44.359 - memset(d->arch.mm, 0, sizeof(*d->arch.mm)); 44.360 - d->arch.mm->pgd = pgd_alloc(d->arch.mm); 44.361 - if (unlikely(!d->arch.mm->pgd)) { 44.362 - printk("Can't allocate pgd for domain %d\n",d->domain_id); 44.363 - return -ENOMEM; 44.364 - } 44.365 - 44.366 - 44.367 /* Mask all upcalls... */ 44.368 for ( i = 0; i < MAX_VIRT_CPUS; i++ ) 44.369 d->shared_info->vcpu_data[i].evtchn_upcall_mask = 1; 44.370 @@ -1231,10 +1197,10 @@ void machine_halt(void) 44.371 while(1); 44.372 } 44.373 44.374 -void dummy(void) 44.375 +void dummy_called(char *function) 44.376 { 44.377 if (platform_is_hp_ski()) asm("break 0;;"); 44.378 - printf("dummy called: spinning....\n"); 44.379 + printf("dummy called in %s: spinning....\n", function); 44.380 while(1); 44.381 } 44.382
45.1 --- a/xen/arch/ia64/hypercall.c Sat Jun 18 00:49:11 2005 +0000 45.2 +++ b/xen/arch/ia64/hypercall.c Tue Jun 21 07:02:30 2005 +0000 45.3 @@ -19,8 +19,6 @@ extern unsigned long translate_domain_mp 45.4 extern struct ia64_sal_retval pal_emulator_static(UINT64); 45.5 extern struct ia64_sal_retval sal_emulator(UINT64,UINT64,UINT64,UINT64,UINT64,UINT64,UINT64,UINT64); 45.6 45.7 -void fooefi(void) {} 45.8 - 45.9 int 45.10 ia64_hypercall (struct pt_regs *regs) 45.11 { 45.12 @@ -122,6 +120,31 @@ ia64_hypercall (struct pt_regs *regs) 45.13 case 0xfffb: // test dummy hypercall 45.14 regs->r8 = domU_staging_read_8(vcpu_get_gr(v,32)); 45.15 break; 45.16 + 45.17 + case __HYPERVISOR_dom0_op: 45.18 + regs->r8 = do_dom0_op(regs->r14); 45.19 + break; 45.20 + 45.21 + case __HYPERVISOR_dom_mem_op: 45.22 +#ifdef CONFIG_VTI 45.23 + regs->r8 = do_dom_mem_op(regs->r14, regs->r15, regs->r16, regs->r17, regs->r18); 45.24 +#else 45.25 + /* we don't handle reservations; just return success */ 45.26 + regs->r8 = regs->r16; 45.27 +#endif 45.28 + break; 45.29 + 45.30 + case __HYPERVISOR_event_channel_op: 45.31 + regs->r8 = do_event_channel_op(regs->r14); 45.32 + break; 45.33 + 45.34 + case __HYPERVISOR_console_io: 45.35 + regs->r8 = do_console_io(regs->r14, regs->r15, regs->r16); 45.36 + break; 45.37 + 45.38 + default: 45.39 + printf("unknown hypercall %x\n", regs->r2); 45.40 + regs->r8 = (unsigned long)-1; 45.41 } 45.42 return 1; 45.43 }
46.1 --- a/xen/arch/ia64/hyperprivop.S Sat Jun 18 00:49:11 2005 +0000 46.2 +++ b/xen/arch/ia64/hyperprivop.S Tue Jun 21 07:02:30 2005 +0000 46.3 @@ -41,40 +41,46 @@ 46.4 // r19 == vpsr.ic (low 32 bits) | vpsr.i (high 32 bits) 46.5 // r31 == pr 46.6 GLOBAL_ENTRY(fast_hyperprivop) 46.7 -#if 1 46.8 // HYPERPRIVOP_SSM_I? 46.9 // assumes domain interrupts pending, so just do it 46.10 cmp.eq p7,p6=XEN_HYPER_SSM_I,r17 46.11 (p7) br.sptk.many hyper_ssm_i;; 46.12 -#endif 46.13 -#if 1 46.14 - // if domain interrupts pending, give up for now and do it the slow way 46.15 + 46.16 + // FIXME. This algorithm gives up (goes to the slow path) if there 46.17 + // are ANY interrupts pending, even if they are currently 46.18 + // undeliverable. This should be improved later... 46.19 adds r20=XSI_PEND_OFS-XSI_PSR_IC_OFS,r18 ;; 46.20 - ld8 r20=[r20] ;; 46.21 - cmp.ne p7,p0=r0,r20 46.22 -(p7) br.sptk.many dispatch_break_fault ;; 46.23 + ld4 r20=[r20] ;; 46.24 + cmp.eq p7,p0=r0,r20 46.25 +(p7) br.cond.sptk.many 1f 46.26 + mov r20=IA64_KR(CURRENT);; 46.27 + adds r21=IA64_VCPU_IRR0_OFFSET,r20; 46.28 + adds r22=IA64_VCPU_IRR0_OFFSET+8,r20;; 46.29 + ld8 r23=[r21],16; ld8 r24=[r22],16;; 46.30 + ld8 r21=[r21]; ld8 r22=[r22];; 46.31 + or r23=r23,r24; or r21=r21,r22;; 46.32 + or r20=r23,r21;; 46.33 +1: // when we get to here r20=~=interrupts pending 46.34 46.35 // HYPERPRIVOP_RFI? 46.36 cmp.eq p7,p6=XEN_HYPER_RFI,r17 46.37 (p7) br.sptk.many hyper_rfi;; 46.38 46.39 + cmp.ne p7,p0=r20,r0 46.40 +(p7) br.spnt.many dispatch_break_fault ;; 46.41 + 46.42 // hard to test, because only called from rbs_switch 46.43 // HYPERPRIVOP_COVER? 46.44 cmp.eq p7,p6=XEN_HYPER_COVER,r17 46.45 (p7) br.sptk.many hyper_cover;; 46.46 -#endif 46.47 46.48 -#if 1 46.49 // HYPERPRIVOP_SSM_DT? 46.50 cmp.eq p7,p6=XEN_HYPER_SSM_DT,r17 46.51 (p7) br.sptk.many hyper_ssm_dt;; 46.52 -#endif 46.53 46.54 -#if 1 46.55 // HYPERPRIVOP_RSM_DT? 46.56 cmp.eq p7,p6=XEN_HYPER_RSM_DT,r17 46.57 (p7) br.sptk.many hyper_rsm_dt;; 46.58 -#endif 46.59 46.60 // if not one of the above, give up for now and do it the slow way 46.61 br.sptk.many dispatch_break_fault ;; 46.62 @@ -336,12 +342,16 @@ GLOBAL_ENTRY(fast_break_reflect) 46.63 46.64 // ensure that, if giving up, registers at entry to fast_hyperprivop unchanged 46.65 ENTRY(hyper_rfi) 46.66 -#ifdef FAST_HYPERPRIVOP_CNT 46.67 - movl r20=fast_hyperpriv_cnt+(8*XEN_HYPER_RFI);; 46.68 - ld8 r21=[r20];; 46.69 - adds r21=1,r21;; 46.70 - st8 [r20]=r21;; 46.71 -#endif 46.72 + // if no interrupts pending, proceed 46.73 + cmp.eq p7,p0=r20,r0 46.74 +(p7) br.sptk.many 1f 46.75 + // interrupts pending, if rfi'ing to interrupts on, go slow way 46.76 + adds r20=XSI_IPSR_OFS-XSI_PSR_IC_OFS,r18 ;; 46.77 + ld8 r21=[r20];; // r21 = vcr.ipsr 46.78 + extr.u r22=r21,IA64_PSR_I_BIT,1 ;; 46.79 + cmp.ne p7,p0=r22,r0 ;; 46.80 +(p7) br.spnt.many dispatch_break_fault ;; 46.81 +1: 46.82 adds r20=XSI_IPSR_OFS-XSI_PSR_IC_OFS,r18 ;; 46.83 ld8 r21=[r20];; // r21 = vcr.ipsr 46.84 extr.u r22=r21,IA64_PSR_BE_BIT,1 ;; 46.85 @@ -375,7 +385,13 @@ ENTRY(hyper_rfi) 46.86 (p7) br.sptk.many dispatch_break_fault ;; 46.87 46.88 // OK now, let's do an rfi. 46.89 - // r18=&vpsr.i|vpsr.ic, r21==vpsr, r20==&vcr.iip, r22=vcr.iip 46.90 +#ifdef FAST_HYPERPRIVOP_CNT 46.91 + movl r20=fast_hyperpriv_cnt+(8*XEN_HYPER_RFI);; 46.92 + ld8 r23=[r20];; 46.93 + adds r23=1,r23;; 46.94 + st8 [r20]=r23;; 46.95 +#endif 46.96 + // r18=&vpsr.i|vpsr.ic, r21==vpsr, r22=vcr.iip 46.97 mov cr.iip=r22;; 46.98 adds r20=XSI_INCOMPL_REG_OFS-XSI_PSR_IC_OFS,r18 ;; 46.99 st4 [r20]=r0 ;;
47.1 --- a/xen/arch/ia64/ivt.S Sat Jun 18 00:49:11 2005 +0000 47.2 +++ b/xen/arch/ia64/ivt.S Tue Jun 21 07:02:30 2005 +0000 47.3 @@ -348,12 +348,23 @@ ENTRY(alt_itlb_miss) 47.4 // ;; 47.5 //#endif 47.6 #endif 47.7 +#ifdef XEN 47.8 + mov r31=pr 47.9 + mov r16=cr.ifa // get address that caused the TLB miss 47.10 + ;; 47.11 +late_alt_itlb_miss: 47.12 + movl r17=PAGE_KERNEL 47.13 + mov r21=cr.ipsr 47.14 + movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 47.15 + ;; 47.16 +#else 47.17 mov r16=cr.ifa // get address that caused the TLB miss 47.18 movl r17=PAGE_KERNEL 47.19 mov r21=cr.ipsr 47.20 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 47.21 mov r31=pr 47.22 ;; 47.23 +#endif 47.24 #ifdef CONFIG_DISABLE_VHPT 47.25 shr.u r22=r16,61 // get the region number into r21 47.26 ;; 47.27 @@ -367,9 +378,15 @@ ENTRY(alt_itlb_miss) 47.28 #endif 47.29 extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl 47.30 and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 47.31 +#ifdef XEN 47.32 + shr.u r18=r16,55 // move address bit 59 to bit 4 47.33 + ;; 47.34 + and r18=0x10,r18 // bit 4=address-bit(59) 47.35 +#else 47.36 shr.u r18=r16,57 // move address bit 61 to bit 4 47.37 ;; 47.38 andcm r18=0x10,r18 // bit 4=~address-bit(61) 47.39 +#endif 47.40 cmp.ne p8,p0=r0,r23 // psr.cpl != 0? 47.41 or r19=r17,r19 // insert PTE control bits into r19 47.42 ;; 47.43 @@ -393,13 +410,18 @@ ENTRY(alt_dtlb_miss) 47.44 // ;; 47.45 //#endif 47.46 #endif 47.47 +#ifdef XEN 47.48 + mov r31=pr 47.49 mov r16=cr.ifa // get address that caused the TLB miss 47.50 + ;; 47.51 +late_alt_dtlb_miss: 47.52 movl r17=PAGE_KERNEL 47.53 mov r20=cr.isr 47.54 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 47.55 mov r21=cr.ipsr 47.56 - mov r31=pr 47.57 ;; 47.58 +#else 47.59 +#endif 47.60 #ifdef CONFIG_DISABLE_VHPT 47.61 shr.u r22=r16,61 // get the region number into r21 47.62 ;; 47.63 @@ -414,24 +436,33 @@ ENTRY(alt_dtlb_miss) 47.64 extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl 47.65 and r22=IA64_ISR_CODE_MASK,r20 // get the isr.code field 47.66 tbit.nz p6,p7=r20,IA64_ISR_SP_BIT // is speculation bit on? 47.67 +#ifdef XEN 47.68 + shr.u r18=r16,55 // move address bit 59 to bit 4 47.69 + and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 47.70 + tbit.nz p9,p0=r20,IA64_ISR_NA_BIT // is non-access bit on? 47.71 + ;; 47.72 + and r18=0x10,r18 // bit 4=address-bit(59) 47.73 +#else 47.74 shr.u r18=r16,57 // move address bit 61 to bit 4 47.75 and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 47.76 tbit.nz p9,p0=r20,IA64_ISR_NA_BIT // is non-access bit on? 47.77 ;; 47.78 andcm r18=0x10,r18 // bit 4=~address-bit(61) 47.79 +#endif 47.80 cmp.ne p8,p0=r0,r23 47.81 (p9) cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22 // check isr.code field 47.82 (p8) br.cond.spnt page_fault 47.83 #ifdef XEN 47.84 ;; 47.85 - // FIXME: inadequate test, this is where we test for Xen address 47.86 - // note that 0xf000 (cached) and 0xd000 (uncached) addresses 47.87 - // should be OK. (Though no I/O is done in Xen, EFI needs uncached 47.88 - // addresses and some domain EFI calls are passed through) 47.89 - tbit.nz p0,p8=r16,60 47.90 -(p8) br.cond.spnt page_fault 47.91 -//(p8) br.cond.spnt 0 47.92 - ;; 47.93 + // Test for Xen address, if not handle via page_fault 47.94 + // note that 0xf000 (cached) and 0xe800 (uncached) addresses 47.95 + // should be OK. 47.96 + extr.u r22=r16,59,5;; 47.97 + cmp.eq p8,p0=0x1e,r22 47.98 +(p8) br.cond.spnt 1f;; 47.99 + cmp.ne p8,p0=0x1d,r22 47.100 +(p8) br.cond.sptk page_fault ;; 47.101 +1: 47.102 #endif 47.103 47.104 dep r21=-1,r21,IA64_PSR_ED_BIT,1
48.1 --- a/xen/arch/ia64/patch/linux-2.6.11/io.h Sat Jun 18 00:49:11 2005 +0000 48.2 +++ b/xen/arch/ia64/patch/linux-2.6.11/io.h Tue Jun 21 07:02:30 2005 +0000 48.3 @@ -5,7 +5,7 @@ 48.4 #define SLOW_DOWN_IO do { } while (0) 48.5 48.6 +#ifdef XEN 48.7 -+#define __IA64_UNCACHED_OFFSET 0xd000000000000000UL /* region 6 */ 48.8 ++#define __IA64_UNCACHED_OFFSET 0xe800000000000000UL 48.9 +#else 48.10 #define __IA64_UNCACHED_OFFSET 0xc000000000000000UL /* region 6 */ 48.11 +#endif
49.1 --- a/xen/arch/ia64/patch/linux-2.6.11/ptrace.h Sat Jun 18 00:49:11 2005 +0000 49.2 +++ b/xen/arch/ia64/patch/linux-2.6.11/ptrace.h Tue Jun 21 07:02:30 2005 +0000 49.3 @@ -4,9 +4,9 @@ 49.4 * (because the memory stack pointer MUST ALWAYS be aligned this way) 49.5 * 49.6 */ 49.7 -+#ifdef CONFIG_VTI 49.8 -+#include "vmx_ptrace.h" 49.9 -+#else //CONFIG_VTI 49.10 ++#ifdef XEN 49.11 ++#include <public/arch-ia64.h> 49.12 ++#else 49.13 struct pt_regs { 49.14 /* The following registers are saved by SAVE_MIN: */ 49.15 unsigned long b6; /* scratch */ 49.16 @@ -14,7 +14,7 @@ 49.17 struct ia64_fpreg f10; /* scratch */ 49.18 struct ia64_fpreg f11; /* scratch */ 49.19 }; 49.20 -+#endif // CONFIG_VTI 49.21 ++#endif 49.22 49.23 /* 49.24 * This structure contains the addition registers that need to
50.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 50.2 +++ b/xen/arch/ia64/patch/linux-2.6.11/uaccess.h Tue Jun 21 07:02:30 2005 +0000 50.3 @@ -0,0 +1,22 @@ 50.4 +--- ../../linux-2.6.11/include/asm-ia64/uaccess.h 2005-06-06 10:36:23.000000000 -0600 50.5 ++++ include/asm-ia64/uaccess.h 2005-06-10 18:08:06.000000000 -0600 50.6 +@@ -60,6 +60,11 @@ 50.7 + * address TASK_SIZE is never valid. We also need to make sure that the address doesn't 50.8 + * point inside the virtually mapped linear page table. 50.9 + */ 50.10 ++#ifdef XEN 50.11 ++/* VT-i reserves bit 60 for the VMM; guest addresses have bit 60 = bit 59 */ 50.12 ++#define IS_VMM_ADDRESS(addr) ((((addr) >> 60) ^ ((addr) >> 59)) & 1) 50.13 ++#define __access_ok(addr, size, segment) (!IS_VMM_ADDRESS((unsigned long)(addr))) 50.14 ++#else 50.15 + #define __access_ok(addr, size, segment) \ 50.16 + ({ \ 50.17 + __chk_user_ptr(addr); \ 50.18 +@@ -67,6 +72,7 @@ 50.19 + && ((segment).seg == KERNEL_DS.seg \ 50.20 + || likely(REGION_OFFSET((unsigned long) (addr)) < RGN_MAP_LIMIT))); \ 50.21 + }) 50.22 ++#endif 50.23 + #define access_ok(type, addr, size) __access_ok((addr), (size), get_fs()) 50.24 + 50.25 + static inline int
51.1 --- a/xen/arch/ia64/privop.c Sat Jun 18 00:49:11 2005 +0000 51.2 +++ b/xen/arch/ia64/privop.c Tue Jun 21 07:02:30 2005 +0000 51.3 @@ -748,10 +748,22 @@ priv_emulate(VCPU *vcpu, REGS *regs, UIN 51.4 #define HYPERPRIVOP_ITC_D 0x5 51.5 #define HYPERPRIVOP_ITC_I 0x6 51.6 #define HYPERPRIVOP_SSM_I 0x7 51.7 -#define HYPERPRIVOP_MAX 0x7 51.8 +#define HYPERPRIVOP_GET_IVR 0x8 51.9 +#define HYPERPRIVOP_GET_TPR 0x9 51.10 +#define HYPERPRIVOP_SET_TPR 0xa 51.11 +#define HYPERPRIVOP_EOI 0xb 51.12 +#define HYPERPRIVOP_SET_ITM 0xc 51.13 +#define HYPERPRIVOP_THASH 0xd 51.14 +#define HYPERPRIVOP_PTC_GA 0xe 51.15 +#define HYPERPRIVOP_ITR_D 0xf 51.16 +#define HYPERPRIVOP_GET_RR 0x10 51.17 +#define HYPERPRIVOP_SET_RR 0x11 51.18 +#define HYPERPRIVOP_MAX 0x11 51.19 51.20 char *hyperpriv_str[HYPERPRIVOP_MAX+1] = { 51.21 0, "rfi", "rsm.dt", "ssm.dt", "cover", "itc.d", "itc.i", "ssm.i", 51.22 + "=ivr", "=tpr", "tpr=", "eoi", "itm=", "thash", "ptc.ga", "itr.d", 51.23 + "=rr", "rr=", 51.24 0 51.25 }; 51.26 51.27 @@ -766,6 +778,7 @@ ia64_hyperprivop(unsigned long iim, REGS 51.28 struct vcpu *v = (struct domain *) current; 51.29 INST64 inst; 51.30 UINT64 val; 51.31 + UINT64 itir, ifa; 51.32 51.33 // FIXME: Handle faults appropriately for these 51.34 if (!iim || iim > HYPERPRIVOP_MAX) { 51.35 @@ -797,6 +810,44 @@ ia64_hyperprivop(unsigned long iim, REGS 51.36 case HYPERPRIVOP_SSM_I: 51.37 (void)vcpu_set_psr_i(v); 51.38 return 1; 51.39 + case HYPERPRIVOP_GET_IVR: 51.40 + (void)vcpu_get_ivr(v,&val); 51.41 + regs->r8 = val; 51.42 + return 1; 51.43 + case HYPERPRIVOP_GET_TPR: 51.44 + (void)vcpu_get_tpr(v,&val); 51.45 + regs->r8 = val; 51.46 + return 1; 51.47 + case HYPERPRIVOP_SET_TPR: 51.48 + (void)vcpu_set_tpr(v,regs->r8); 51.49 + return 1; 51.50 + case HYPERPRIVOP_EOI: 51.51 + (void)vcpu_set_eoi(v,0L); 51.52 + return 1; 51.53 + case HYPERPRIVOP_SET_ITM: 51.54 + (void)vcpu_set_itm(v,regs->r8); 51.55 + return 1; 51.56 + case HYPERPRIVOP_THASH: 51.57 + (void)vcpu_thash(v,regs->r8,&val); 51.58 + regs->r8 = val; 51.59 + return 1; 51.60 + case HYPERPRIVOP_PTC_GA: 51.61 + // FIXME: this doesn't seem to work yet, turned off 51.62 + //(void)vcpu_ptc_ga(v,regs->r8,regs->r9); 51.63 + //return 1; 51.64 + break; 51.65 + case HYPERPRIVOP_ITR_D: 51.66 + (void)vcpu_get_itir(v,&itir); 51.67 + (void)vcpu_get_ifa(v,&ifa); 51.68 + (void)vcpu_itr_d(v,regs->r8,regs->r9,itir,ifa); 51.69 + return 1; 51.70 + case HYPERPRIVOP_GET_RR: 51.71 + (void)vcpu_get_rr(v,regs->r8,&val); 51.72 + regs->r8 = val; 51.73 + return 1; 51.74 + case HYPERPRIVOP_SET_RR: 51.75 + (void)vcpu_set_rr(v,regs->r8,regs->r9); 51.76 + return 1; 51.77 } 51.78 return 0; 51.79 }
52.1 --- a/xen/arch/ia64/process.c Sat Jun 18 00:49:11 2005 +0000 52.2 +++ b/xen/arch/ia64/process.c Tue Jun 21 07:02:30 2005 +0000 52.3 @@ -313,45 +313,31 @@ void xen_handle_domain_access(unsigned l 52.4 } 52.5 if (address < 0x4000) printf("WARNING: page_fault @%p, iip=%p\n",address,iip); 52.6 52.7 + if (trp = match_tr(current,address)) { 52.8 + // FIXME address had better be pre-validated on insert 52.9 + pteval = translate_domain_pte(trp->page_flags,address,trp->itir); 52.10 + vcpu_itc_no_srlz(current,6,address,pteval,-1UL,(trp->itir>>2)&0x3f); 52.11 + return; 52.12 + } 52.13 // if we are fortunate enough to have it in the 1-entry TLB... 52.14 if (pteval = match_dtlb(ed,address,&ps,NULL)) { 52.15 vcpu_itc_no_srlz(ed,6,address,pteval,-1UL,ps); 52.16 return; 52.17 } 52.18 - // look in the TRs 52.19 - fault = vcpu_tpa(ed,address,&mpaddr); 52.20 - if (fault != IA64_NO_FAULT) { 52.21 - static int uacnt = 0; 52.22 - // can't translate it, just fail (poor man's exception) 52.23 - // which results in retrying execution 52.24 -//printk("*** xen_handle_domain_access: poor man's exception cnt=%i iip=%p, addr=%p...\n",uacnt++,iip,address); 52.25 - if (ia64_done_with_exception(regs)) { 52.26 + if (ia64_done_with_exception(regs)) { 52.27 //if (!(uacnt++ & 0x3ff)) printk("*** xen_handle_domain_access: successfully handled cnt=%d iip=%p, addr=%p...\n",uacnt,iip,address); 52.28 return; 52.29 - } 52.30 - else { 52.31 - // should never happen. If it does, region 0 addr may 52.32 - // indicate a bad xen pointer 52.33 - printk("*** xen_handle_domain_access: exception table" 52.34 - " lookup failed, iip=%p, addr=%p, spinning...\n", 52.35 - iip,address); 52.36 - panic_domain(regs,"*** xen_handle_domain_access: exception table" 52.37 - " lookup failed, iip=%p, addr=%p, spinning...\n", 52.38 - iip,address); 52.39 - } 52.40 } 52.41 - if (d == dom0) { 52.42 - if (mpaddr < dom0_start || mpaddr >= dom0_start + dom0_size) { 52.43 - printk("xen_handle_domain_access: vcpu_tpa returned out-of-bounds dom0 mpaddr %p! continuing...\n",mpaddr); 52.44 - tdpfoo(); 52.45 - } 52.46 + else { 52.47 + // should never happen. If it does, region 0 addr may 52.48 + // indicate a bad xen pointer 52.49 + printk("*** xen_handle_domain_access: exception table" 52.50 + " lookup failed, iip=%p, addr=%p, spinning...\n", 52.51 + iip,address); 52.52 + panic_domain(regs,"*** xen_handle_domain_access: exception table" 52.53 + " lookup failed, iip=%p, addr=%p, spinning...\n", 52.54 + iip,address); 52.55 } 52.56 -//printk("*** xen_handle_domain_access: tpa resolved miss @%p...\n",address); 52.57 - pteval = lookup_domain_mpa(d,mpaddr); 52.58 - // would be nice to have a counter here 52.59 - //printf("Handling privop data TLB miss\n"); 52.60 - // FIXME, must be inlined or potential for nested fault here! 52.61 - vcpu_itc_no_srlz(ed,2,address,pteval,-1UL,PAGE_SHIFT); 52.62 } 52.63 52.64 void ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs, unsigned long itir) 52.65 @@ -441,7 +427,7 @@ panic_domain(0,"ia64_do_page_fault: @%p? 52.66 if (pteval & _PAGE_P) 52.67 { 52.68 pteval = translate_domain_pte(pteval,address,itir); 52.69 - vcpu_itc_no_srlz(current,is_data?2:1,address,pteval,-1UL,(itir>>2)&0x3f); 52.70 + vcpu_itc_no_srlz(current,is_data?6:1,address,pteval,-1UL,(itir>>2)&0x3f); 52.71 return; 52.72 } 52.73 else vector = is_data ? IA64_DATA_TLB_VECTOR : IA64_INST_TLB_VECTOR; 52.74 @@ -768,7 +754,7 @@ if (!running_on_sim) { printf("SSC_OPEN, 52.75 vcpu_set_gr(current,8,-1L); 52.76 break; 52.77 default: 52.78 - printf("ia64_handle_break: bad ssc code %lx, iip=%p\n",ssc,regs->cr_iip); 52.79 + printf("ia64_handle_break: bad ssc code %lx, iip=%p, b0=%p\n",ssc,regs->cr_iip,regs->b0); 52.80 break; 52.81 } 52.82 vcpu_increment_iip(current);
53.1 --- a/xen/arch/ia64/regionreg.c Sat Jun 18 00:49:11 2005 +0000 53.2 +++ b/xen/arch/ia64/regionreg.c Tue Jun 21 07:02:30 2005 +0000 53.3 @@ -274,6 +274,7 @@ int set_one_rr(unsigned long rr, unsigne 53.4 return 0; 53.5 } 53.6 53.7 +#ifdef CONFIG_VTI 53.8 memrrv.rrval = rrv.rrval; 53.9 if (rreg == 7) { 53.10 newrrv.rid = newrid; 53.11 @@ -290,6 +291,15 @@ int set_one_rr(unsigned long rr, unsigne 53.12 if (rreg == 0) v->arch.metaphysical_saved_rr0 = newrrv.rrval; 53.13 set_rr(rr,newrrv.rrval); 53.14 } 53.15 +#else 53.16 + memrrv.rrval = rrv.rrval; 53.17 + newrrv.rid = newrid; 53.18 + newrrv.ve = 1; // VHPT now enabled for region 7!! 53.19 + newrrv.ps = PAGE_SHIFT; 53.20 + if (rreg == 0) v->arch.metaphysical_saved_rr0 = newrrv.rrval; 53.21 + if (rreg == 7) ia64_new_rr7(vmMangleRID(newrrv.rrval),v->vcpu_info); 53.22 + else set_rr(rr,newrrv.rrval); 53.23 +#endif 53.24 return 1; 53.25 } 53.26
54.1 --- a/xen/arch/ia64/tools/mkbuildtree Sat Jun 18 00:49:11 2005 +0000 54.2 +++ b/xen/arch/ia64/tools/mkbuildtree Tue Jun 21 07:02:30 2005 +0000 54.3 @@ -259,7 +259,7 @@ softlink include/asm-ia64/string.h inclu 54.4 softlink include/asm-ia64/thread_info.h include/asm-ia64/thread_info.h 54.5 softlink include/asm-ia64/timex.h include/asm-ia64/timex.h 54.6 softlink include/asm-ia64/topology.h include/asm-ia64/topology.h 54.7 -softlink include/asm-ia64/uaccess.h include/asm-ia64/uaccess.h 54.8 +cp_patch include/asm-ia64/uaccess.h include/asm-ia64/uaccess.h uaccess.h 54.9 softlink include/asm-ia64/unaligned.h include/asm-ia64/unaligned.h 54.10 softlink include/asm-ia64/unistd.h include/asm-ia64/unistd.h 54.11 softlink include/asm-ia64/unwind.h include/asm-ia64/unwind.h
55.1 --- a/xen/arch/ia64/vcpu.c Sat Jun 18 00:49:11 2005 +0000 55.2 +++ b/xen/arch/ia64/vcpu.c Tue Jun 21 07:02:30 2005 +0000 55.3 @@ -43,8 +43,9 @@ typedef union { 55.4 55.5 #ifdef PRIVOP_ADDR_COUNT 55.6 struct privop_addr_count privop_addr_counter[PRIVOP_COUNT_NINSTS] = { 55.7 - { "rsm", { 0 }, { 0 }, 0 }, 55.8 - { "ssm", { 0 }, { 0 }, 0 } 55.9 + { "=ifa", { 0 }, { 0 }, 0 }, 55.10 + { "thash", { 0 }, { 0 }, 0 }, 55.11 + 0 55.12 }; 55.13 extern void privop_count_addr(unsigned long addr, int inst); 55.14 #define PRIVOP_COUNT_ADDR(regs,inst) privop_count_addr(regs->cr_iip,inst) 55.15 @@ -135,7 +136,7 @@ IA64FAULT vcpu_reset_psr_sm(VCPU *vcpu, 55.16 struct ia64_psr psr, imm, *ipsr; 55.17 REGS *regs = vcpu_regs(vcpu); 55.18 55.19 - PRIVOP_COUNT_ADDR(regs,_RSM); 55.20 + //PRIVOP_COUNT_ADDR(regs,_RSM); 55.21 // TODO: All of these bits need to be virtualized 55.22 // TODO: Only allowed for current vcpu 55.23 __asm__ __volatile ("mov %0=psr;;" : "=r"(psr) :: "memory"); 55.24 @@ -183,7 +184,7 @@ IA64FAULT vcpu_set_psr_sm(VCPU *vcpu, UI 55.25 REGS *regs = vcpu_regs(vcpu); 55.26 UINT64 mask, enabling_interrupts = 0; 55.27 55.28 - PRIVOP_COUNT_ADDR(regs,_SSM); 55.29 + //PRIVOP_COUNT_ADDR(regs,_SSM); 55.30 // TODO: All of these bits need to be virtualized 55.31 __asm__ __volatile ("mov %0=psr;;" : "=r"(psr) :: "memory"); 55.32 imm = *(struct ia64_psr *)&imm24; 55.33 @@ -369,6 +370,8 @@ IA64FAULT vcpu_get_iip(VCPU *vcpu, UINT6 55.34 IA64FAULT vcpu_get_ifa(VCPU *vcpu, UINT64 *pval) 55.35 { 55.36 UINT64 val = PSCB(vcpu,ifa); 55.37 + REGS *regs = vcpu_regs(vcpu); 55.38 + PRIVOP_COUNT_ADDR(regs,_GET_IFA); 55.39 *pval = val; 55.40 return (IA64_NO_FAULT); 55.41 } 55.42 @@ -422,6 +425,8 @@ IA64FAULT vcpu_get_iha(VCPU *vcpu, UINT6 55.43 { 55.44 //return vcpu_thash(vcpu,PSCB(vcpu,ifa),pval); 55.45 UINT64 val = PSCB(vcpu,iha); 55.46 + REGS *regs = vcpu_regs(vcpu); 55.47 + PRIVOP_COUNT_ADDR(regs,_THASH); 55.48 *pval = val; 55.49 return (IA64_NO_FAULT); 55.50 } 55.51 @@ -539,7 +544,7 @@ void vcpu_pend_interrupt(VCPU *vcpu, UIN 55.52 } else 55.53 #endif // CONFIG_VTI 55.54 { 55.55 - if (!test_bit(vector,PSCB(vcpu,delivery_mask))) return; 55.56 + /* if (!test_bit(vector,PSCB(vcpu,delivery_mask))) return; */ 55.57 if (test_bit(vector,PSCBX(vcpu,irr))) { 55.58 //printf("vcpu_pend_interrupt: overrun\n"); 55.59 } 55.60 @@ -569,10 +574,10 @@ UINT64 vcpu_check_pending_interrupts(VCP 55.61 UINT64 *p, *q, *r, bits, bitnum, mask, i, vector; 55.62 55.63 p = &PSCBX(vcpu,irr[3]); 55.64 - q = &PSCB(vcpu,delivery_mask[3]); 55.65 + /* q = &PSCB(vcpu,delivery_mask[3]); */ 55.66 r = &PSCBX(vcpu,insvc[3]); 55.67 for (i = 3; ; p--, q--, r--, i--) { 55.68 - bits = *p & *q; 55.69 + bits = *p /* & *q */; 55.70 if (bits) break; // got a potential interrupt 55.71 if (*r) { 55.72 // nothing in this word which is pending+inservice 55.73 @@ -1589,7 +1594,8 @@ void vcpu_itc_no_srlz(VCPU *vcpu, UINT64 55.74 // addresses never get flushed. More work needed if this 55.75 // ever happens. 55.76 //printf("vhpt_insert(%p,%p,%p)\n",vaddr,pte,1L<<logps); 55.77 - vhpt_insert(vaddr,pte,logps<<2); 55.78 + if (logps > PAGE_SHIFT) vhpt_multiple_insert(vaddr,pte,logps); 55.79 + else vhpt_insert(vaddr,pte,logps<<2); 55.80 } 55.81 // even if domain pagesize is larger than PAGE_SIZE, just put 55.82 // PAGE_SIZE mapping in the vhpt for now, else purging is complicated
56.1 --- a/xen/arch/ia64/vhpt.c Sat Jun 18 00:49:11 2005 +0000 56.2 +++ b/xen/arch/ia64/vhpt.c Tue Jun 21 07:02:30 2005 +0000 56.3 @@ -87,6 +87,37 @@ void vhpt_map(void) 56.4 ia64_srlz_i(); 56.5 } 56.6 56.7 +void vhpt_multiple_insert(unsigned long vaddr, unsigned long pte, unsigned long logps) 56.8 +{ 56.9 + unsigned long mask = (1L << logps) - 1; 56.10 + int i; 56.11 + 56.12 + if (logps-PAGE_SHIFT > 10) { 56.13 + // if this happens, we may want to revisit this algorithm 56.14 + printf("vhpt_multiple_insert:logps-PAGE_SHIFT>10,spinning..\n"); 56.15 + while(1); 56.16 + } 56.17 + if (logps-PAGE_SHIFT > 2) { 56.18 + // FIXME: Should add counter here to see how often this 56.19 + // happens (e.g. for 16MB pages!) and determine if it 56.20 + // is a performance problem. On a quick look, it takes 56.21 + // about 39000 instrs for a 16MB page and it seems to occur 56.22 + // only a few times/second, so OK for now. 56.23 + // An alternate solution would be to just insert the one 56.24 + // 16KB in the vhpt (but with the full mapping)? 56.25 + //printf("vhpt_multiple_insert: logps-PAGE_SHIFT==%d," 56.26 + //"va=%p, pa=%p, pa-masked=%p\n", 56.27 + //logps-PAGE_SHIFT,vaddr,pte&_PFN_MASK, 56.28 + //(pte&_PFN_MASK)&~mask); 56.29 + } 56.30 + vaddr &= ~mask; 56.31 + pte = ((pte & _PFN_MASK) & ~mask) | (pte & ~_PFN_MASK); 56.32 + for (i = 1L << (logps-PAGE_SHIFT); i > 0; i--) { 56.33 + vhpt_insert(vaddr,pte,logps<<2); 56.34 + vaddr += PAGE_SIZE; 56.35 + } 56.36 +} 56.37 + 56.38 void vhpt_init(void) 56.39 { 56.40 unsigned long vhpt_total_size, vhpt_alignment, vhpt_imva;
57.1 --- a/xen/arch/ia64/vmmu.c Sat Jun 18 00:49:11 2005 +0000 57.2 +++ b/xen/arch/ia64/vmmu.c Tue Jun 21 07:02:30 2005 +0000 57.3 @@ -454,12 +454,13 @@ IA64FAULT vmx_vcpu_itc_i(VCPU *vcpu, UIN 57.4 data.page_flags=pte & ~PAGE_FLAGS_RV_MASK; 57.5 data.itir=itir; 57.6 data.vadr=PAGEALIGN(ifa,data.ps); 57.7 - data.section=THASH_TLB_TC; 57.8 + data.tc = 1; 57.9 data.cl=ISIDE_TLB; 57.10 vmx_vcpu_get_rr(vcpu, ifa, &vrr); 57.11 data.rid = vrr.rid; 57.12 57.13 - sections.v = THASH_SECTION_TR; 57.14 + sections.tr = 1; 57.15 + sections.tc = 0; 57.16 57.17 ovl = thash_find_overlap(hcb, &data, sections); 57.18 while (ovl) { 57.19 @@ -467,9 +468,7 @@ IA64FAULT vmx_vcpu_itc_i(VCPU *vcpu, UIN 57.20 panic("Tlb conflict!!"); 57.21 return; 57.22 } 57.23 - sections.v = THASH_SECTION_TC; 57.24 - thash_purge_entries(hcb, &data, sections); 57.25 - thash_insert(hcb, &data, ifa); 57.26 + thash_purge_and_insert(hcb, &data); 57.27 return IA64_NO_FAULT; 57.28 } 57.29 57.30 @@ -488,11 +487,12 @@ IA64FAULT vmx_vcpu_itc_d(VCPU *vcpu, UIN 57.31 data.page_flags=pte & ~PAGE_FLAGS_RV_MASK; 57.32 data.itir=itir; 57.33 data.vadr=PAGEALIGN(ifa,data.ps); 57.34 - data.section=THASH_TLB_TC; 57.35 + data.tc = 1; 57.36 data.cl=DSIDE_TLB; 57.37 vmx_vcpu_get_rr(vcpu, ifa, &vrr); 57.38 data.rid = vrr.rid; 57.39 - sections.v = THASH_SECTION_TR; 57.40 + sections.tr = 1; 57.41 + sections.tc = 0; 57.42 57.43 ovl = thash_find_overlap(hcb, &data, sections); 57.44 if (ovl) { 57.45 @@ -500,42 +500,27 @@ IA64FAULT vmx_vcpu_itc_d(VCPU *vcpu, UIN 57.46 panic("Tlb conflict!!"); 57.47 return; 57.48 } 57.49 - sections.v = THASH_SECTION_TC; 57.50 - thash_purge_entries(hcb, &data, sections); 57.51 - thash_insert(hcb, &data, ifa); 57.52 + thash_purge_and_insert(hcb, &data); 57.53 return IA64_NO_FAULT; 57.54 } 57.55 57.56 -IA64FAULT insert_foreignmap(VCPU *vcpu, UINT64 pte, UINT64 ps, UINT64 va) 57.57 +/* 57.58 + * Return TRUE/FALSE for success of lock operation 57.59 + */ 57.60 +int vmx_lock_guest_dtc (VCPU *vcpu, UINT64 va, int lock) 57.61 { 57.62 57.63 - thash_data_t data, *ovl; 57.64 thash_cb_t *hcb; 57.65 - search_section_t sections; 57.66 - rr_t vrr; 57.67 + rr_t vrr; 57.68 + u64 preferred_size; 57.69 57.70 - hcb = vmx_vcpu_get_vtlb(vcpu); 57.71 - data.page_flags=pte & ~PAGE_FLAGS_RV_MASK; 57.72 - data.itir=0; 57.73 - data.ps = ps; 57.74 - data.vadr=PAGEALIGN(va,ps); 57.75 - data.section=THASH_TLB_FM; 57.76 - data.cl=DSIDE_TLB; 57.77 vmx_vcpu_get_rr(vcpu, va, &vrr); 57.78 - data.rid = vrr.rid; 57.79 - sections.v = THASH_SECTION_TR|THASH_SECTION_TC|THASH_SECTION_FM; 57.80 - 57.81 - ovl = thash_find_overlap(hcb, &data, sections); 57.82 - if (ovl) { 57.83 - // generate MCA. 57.84 - panic("Foreignmap Tlb conflict!!"); 57.85 - return; 57.86 - } 57.87 - thash_insert(hcb, &data, va); 57.88 - return IA64_NO_FAULT; 57.89 + hcb = vmx_vcpu_get_vtlb(vcpu); 57.90 + va = PAGEALIGN(va,vrr.ps); 57.91 + preferred_size = PSIZE(vrr.ps); 57.92 + return thash_lock_tc(hcb, va, preferred_size, vrr.rid, DSIDE_TLB, lock); 57.93 } 57.94 57.95 - 57.96 IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, UINT64 pte, UINT64 itir, UINT64 ifa, UINT64 idx) 57.97 { 57.98 57.99 @@ -548,11 +533,12 @@ IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, UIN 57.100 data.page_flags=pte & ~PAGE_FLAGS_RV_MASK; 57.101 data.itir=itir; 57.102 data.vadr=PAGEALIGN(ifa,data.ps); 57.103 - data.section=THASH_TLB_TR; 57.104 + data.tc = 0; 57.105 data.cl=ISIDE_TLB; 57.106 vmx_vcpu_get_rr(vcpu, ifa, &vrr); 57.107 data.rid = vrr.rid; 57.108 - sections.v = THASH_SECTION_TR; 57.109 + sections.tr = 1; 57.110 + sections.tc = 0; 57.111 57.112 ovl = thash_find_overlap(hcb, &data, sections); 57.113 if (ovl) { 57.114 @@ -560,7 +546,8 @@ IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, UIN 57.115 panic("Tlb conflict!!"); 57.116 return; 57.117 } 57.118 - sections.v=THASH_SECTION_TC; 57.119 + sections.tr = 0; 57.120 + sections.tc = 1; 57.121 thash_purge_entries(hcb, &data, sections); 57.122 thash_tr_insert(hcb, &data, ifa, idx); 57.123 return IA64_NO_FAULT; 57.124 @@ -579,11 +566,12 @@ IA64FAULT vmx_vcpu_itr_d(VCPU *vcpu, UIN 57.125 data.page_flags=pte & ~PAGE_FLAGS_RV_MASK; 57.126 data.itir=itir; 57.127 data.vadr=PAGEALIGN(ifa,data.ps); 57.128 - data.section=THASH_TLB_TR; 57.129 + data.tc = 0; 57.130 data.cl=DSIDE_TLB; 57.131 vmx_vcpu_get_rr(vcpu, ifa, &vrr); 57.132 data.rid = vrr.rid; 57.133 - sections.v = THASH_SECTION_TR; 57.134 + sections.tr = 1; 57.135 + sections.tc = 0; 57.136 57.137 ovl = thash_find_overlap(hcb, &data, sections); 57.138 while (ovl) { 57.139 @@ -591,7 +579,8 @@ IA64FAULT vmx_vcpu_itr_d(VCPU *vcpu, UIN 57.140 panic("Tlb conflict!!"); 57.141 return; 57.142 } 57.143 - sections.v=THASH_SECTION_TC; 57.144 + sections.tr = 0; 57.145 + sections.tc = 1; 57.146 thash_purge_entries(hcb, &data, sections); 57.147 thash_tr_insert(hcb, &data, ifa, idx); 57.148 return IA64_NO_FAULT; 57.149 @@ -607,7 +596,8 @@ IA64FAULT vmx_vcpu_ptr_d(VCPU *vcpu,UINT 57.150 57.151 hcb = vmx_vcpu_get_vtlb(vcpu); 57.152 rr=vmx_vcpu_rr(vcpu,vadr); 57.153 - sections.v = THASH_SECTION_TR | THASH_SECTION_TC; 57.154 + sections.tr = 1; 57.155 + sections.tc = 1; 57.156 thash_purge_entries_ex(hcb,rr.rid,vadr,ps,sections,DSIDE_TLB); 57.157 return IA64_NO_FAULT; 57.158 } 57.159 @@ -619,7 +609,8 @@ IA64FAULT vmx_vcpu_ptr_i(VCPU *vcpu,UINT 57.160 search_section_t sections; 57.161 hcb = vmx_vcpu_get_vtlb(vcpu); 57.162 rr=vmx_vcpu_rr(vcpu,vadr); 57.163 - sections.v = THASH_SECTION_TR | THASH_SECTION_TC; 57.164 + sections.tr = 1; 57.165 + sections.tc = 1; 57.166 thash_purge_entries_ex(hcb,rr.rid,vadr,ps,sections,ISIDE_TLB); 57.167 return IA64_NO_FAULT; 57.168 } 57.169 @@ -632,7 +623,8 @@ IA64FAULT vmx_vcpu_ptc_l(VCPU *vcpu, UIN 57.170 thash_data_t data, *ovl; 57.171 hcb = vmx_vcpu_get_vtlb(vcpu); 57.172 vrr=vmx_vcpu_rr(vcpu,vadr); 57.173 - sections.v = THASH_SECTION_TC; 57.174 + sections.tr = 0; 57.175 + sections.tc = 1; 57.176 vadr = PAGEALIGN(vadr, ps); 57.177 57.178 thash_purge_entries_ex(hcb,vrr.rid,vadr,ps,sections,DSIDE_TLB);
58.1 --- a/xen/arch/ia64/vmx_ivt.S Sat Jun 18 00:49:11 2005 +0000 58.2 +++ b/xen/arch/ia64/vmx_ivt.S Tue Jun 21 07:02:30 2005 +0000 58.3 @@ -180,7 +180,7 @@ ENTRY(vmx_dtlb_miss) 58.4 mov r29=cr.ipsr; 58.5 ;; 58.6 tbit.z p6,p7=r29,IA64_PSR_VM_BIT; 58.7 -(p6)br.sptk vmx_fault_1 58.8 +(p6)br.sptk vmx_fault_2 58.9 mov r16 = cr.ifa 58.10 ;; 58.11 thash r17 = r16 58.12 @@ -249,9 +249,9 @@ ENTRY(vmx_alt_itlb_miss) 58.13 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 58.14 ;; 58.15 and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 58.16 - shr.u r18=r16,57 // move address bit 61 to bit 4 58.17 + shr.u r18=r16,55 // move address bit 59 to bit 4 58.18 ;; 58.19 - andcm r18=0x10,r18 // bit 4=~address-bit(61) 58.20 + and r18=0x10,r18 // bit 4=address-bit(61) 58.21 or r19=r17,r19 // insert PTE control bits into r19 58.22 ;; 58.23 or r19=r19,r18 // set bit 4 (uncached) if the access was to region 6 58.24 @@ -280,11 +280,11 @@ ENTRY(vmx_alt_dtlb_miss) 58.25 ;; 58.26 and r22=IA64_ISR_CODE_MASK,r20 // get the isr.code field 58.27 tbit.nz p6,p7=r20,IA64_ISR_SP_BIT // is speculation bit on? 58.28 - shr.u r18=r16,57 // move address bit 61 to bit 4 58.29 + shr.u r18=r16,55 // move address bit 59 to bit 4 58.30 and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 58.31 tbit.nz p9,p0=r20,IA64_ISR_NA_BIT // is non-access bit on? 58.32 ;; 58.33 - andcm r18=0x10,r18 // bit 4=~address-bit(61) 58.34 + and r18=0x10,r18 // bit 4=address-bit(61) 58.35 (p9) cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22 // check isr.code field 58.36 dep r24=-1,r24,IA64_PSR_ED_BIT,1 58.37 or r19=r19,r17 // insert PTE control bits into r19 58.38 @@ -346,7 +346,12 @@ END(vmx_daccess_bit) 58.39 ENTRY(vmx_break_fault) 58.40 mov r31=pr 58.41 mov r19=11 58.42 - br.sptk.many vmx_dispatch_break_fault 58.43 + mov r30=cr.iim 58.44 + mov r29=0x1100 58.45 + ;; 58.46 + cmp4.eq p6,p7=r29,r30 58.47 + (p6) br.dptk.few vmx_hypercall_dispatch 58.48 + (p7) br.sptk.many vmx_dispatch_break_fault 58.49 END(vmx_break_fault) 58.50 58.51 .org vmx_ia64_ivt+0x3000 58.52 @@ -929,9 +934,8 @@ END(vmx_dispatch_tlb_miss) 58.53 58.54 58.55 ENTRY(vmx_dispatch_break_fault) 58.56 - cmp.ne pEml,pNonEml=r0,r0 /* force pNonEml =1, don't save r4 ~ r7 */ 58.57 + VMX_SAVE_MIN_WITH_COVER_R19 58.58 ;; 58.59 - VMX_SAVE_MIN_WITH_COVER_R19 58.60 ;; 58.61 alloc r14=ar.pfs,0,0,4,0 // now it's safe (must be first in insn group!) 58.62 mov out0=cr.ifa 58.63 @@ -951,9 +955,37 @@ ENTRY(vmx_dispatch_break_fault) 58.64 ;; 58.65 mov rp=r14 58.66 br.call.sptk.many b6=vmx_ia64_handle_break 58.67 + ;; 58.68 END(vmx_dispatch_break_fault) 58.69 58.70 58.71 +ENTRY(vmx_hypercall_dispatch) 58.72 + VMX_SAVE_MIN_WITH_COVER 58.73 + ssm psr.ic 58.74 + ;; 58.75 + srlz.i // guarantee that interruption collection is on 58.76 + ;; 58.77 + ssm psr.i // restore psr.i 58.78 + adds r3=16,r2 // set up second base pointer 58.79 + ;; 58.80 + VMX_SAVE_REST 58.81 + ;; 58.82 + movl r14=ia64_leave_hypervisor 58.83 + movl r2=hyper_call_table 58.84 + ;; 58.85 + mov rp=r14 58.86 + shladd r2=r15,3,r2 58.87 + ;; 58.88 + ld8 r2=[r2] 58.89 + ;; 58.90 + mov b6=r2 58.91 + ;; 58.92 + br.call.sptk.many b6=b6 58.93 + ;; 58.94 +END(vmx_hypercall_dispatch) 58.95 + 58.96 + 58.97 + 58.98 ENTRY(vmx_dispatch_interrupt) 58.99 cmp.ne pEml,pNonEml=r0,r0 /* force pNonEml =1, don't save r4 ~ r7 */ 58.100 ;; 58.101 @@ -976,3 +1008,39 @@ ENTRY(vmx_dispatch_interrupt) 58.102 mov rp=r14 58.103 br.call.sptk.many b6=vmx_ia64_handle_irq 58.104 END(vmx_dispatch_interrupt) 58.105 + 58.106 + 58.107 + 58.108 + .rodata 58.109 + .align 8 58.110 + .globl hyper_call_table 58.111 +hyper_call_table: 58.112 + data8 hyper_not_support //hyper_set_trap_table /* 0 */ 58.113 + data8 hyper_mmu_update 58.114 + data8 hyper_not_support //hyper_set_gdt 58.115 + data8 hyper_not_support //hyper_stack_switch 58.116 + data8 hyper_not_support //hyper_set_callbacks 58.117 + data8 hyper_not_support //hyper_fpu_taskswitch /* 5 */ 58.118 + data8 hyper_sched_op 58.119 + data8 hyper_dom0_op 58.120 + data8 hyper_not_support //hyper_set_debugreg 58.121 + data8 hyper_not_support //hyper_get_debugreg 58.122 + data8 hyper_not_support //hyper_update_descriptor /* 10 */ 58.123 + data8 hyper_not_support //hyper_set_fast_trap 58.124 + data8 hyper_dom_mem_op 58.125 + data8 hyper_not_support //hyper_multicall 58.126 + data8 hyper_not_support //hyper_update_va_mapping 58.127 + data8 hyper_not_support //hyper_set_timer_op /* 15 */ 58.128 + data8 hyper_event_channel_op 58.129 + data8 hyper_xen_version 58.130 + data8 hyper_not_support //hyper_console_io 58.131 + data8 hyper_not_support //hyper_physdev_op 58.132 + data8 hyper_not_support //hyper_grant_table_op /* 20 */ 58.133 + data8 hyper_not_support //hyper_vm_assist 58.134 + data8 hyper_not_support //hyper_update_va_mapping_otherdomain 58.135 + data8 hyper_not_support //hyper_switch_vm86 58.136 + data8 hyper_not_support //hyper_boot_vcpu 58.137 + data8 hyper_not_support //hyper_ni_hypercall /* 25 */ 58.138 + data8 hyper_not_support //hyper_mmuext_op 58.139 + data8 hyper_lock_page 58.140 + data8 hyper_set_shared_page
59.1 --- a/xen/arch/ia64/vmx_minstate.h Sat Jun 18 00:49:11 2005 +0000 59.2 +++ b/xen/arch/ia64/vmx_minstate.h Tue Jun 21 07:02:30 2005 +0000 59.3 @@ -282,11 +282,9 @@ 59.4 ;; \ 59.5 .mem.offset 0,0; st8.spill [r4]=r20,16; \ 59.6 .mem.offset 8,0; st8.spill [r5]=r21,16; \ 59.7 - mov r18=b6; \ 59.8 ;; \ 59.9 .mem.offset 0,0; st8.spill [r4]=r22,16; \ 59.10 .mem.offset 8,0; st8.spill [r5]=r23,16; \ 59.11 - mov r19=b7; \ 59.12 ;; \ 59.13 .mem.offset 0,0; st8.spill [r4]=r24,16; \ 59.14 .mem.offset 8,0; st8.spill [r5]=r25,16; \ 59.15 @@ -296,9 +294,11 @@ 59.16 ;; \ 59.17 .mem.offset 0,0; st8.spill [r4]=r28,16; \ 59.18 .mem.offset 8,0; st8.spill [r5]=r29,16; \ 59.19 + mov r26=b6; \ 59.20 ;; \ 59.21 .mem.offset 0,0; st8.spill [r4]=r30,16; \ 59.22 .mem.offset 8,0; st8.spill [r5]=r31,16; \ 59.23 + mov r27=b7; \ 59.24 ;; \ 59.25 mov r30=ar.unat; \ 59.26 ;; \ 59.27 @@ -317,8 +317,8 @@ 59.28 adds r2=PT(B6)-PT(F10),r2; \ 59.29 adds r3=PT(B7)-PT(F11),r3; \ 59.30 ;; \ 59.31 - st8 [r2]=r18,16; /* b6 */ \ 59.32 - st8 [r3]=r19,16; /* b7 */ \ 59.33 + st8 [r2]=r26,16; /* b6 */ \ 59.34 + st8 [r3]=r27,16; /* b7 */ \ 59.35 ;; \ 59.36 st8 [r2]=r9; /* ar.csd */ \ 59.37 st8 [r3]=r10; /* ar.ssd */ \
60.1 --- a/xen/arch/ia64/vmx_process.c Sat Jun 18 00:49:11 2005 +0000 60.2 +++ b/xen/arch/ia64/vmx_process.c Tue Jun 21 07:02:30 2005 +0000 60.3 @@ -116,7 +116,6 @@ vmx_ia64_handle_break (unsigned long ifa 60.4 case FW_HYPERCALL_EFI_GET_TIME: 60.5 { 60.6 unsigned long *tv, *tc; 60.7 - fooefi(); 60.8 vmx_vcpu_get_gr(v, 32, &tv); 60.9 vmx_vcpu_get_gr(v, 33, &tc); 60.10 printf("efi_get_time(%p,%p) called...",tv,tc);
61.1 --- a/xen/arch/ia64/vtlb.c Sat Jun 18 00:49:11 2005 +0000 61.2 +++ b/xen/arch/ia64/vtlb.c Tue Jun 21 07:02:30 2005 +0000 61.3 @@ -252,7 +252,7 @@ static thash_data_t *_vtlb_next_overlap_ 61.4 61.5 /* Find overlap TLB entry */ 61.6 for (cch=priv->cur_cch; cch; cch = cch->next) { 61.7 - if ( ((1UL<<cch->section) & priv->s_sect.v) && 61.8 + if ( ( cch->tc ? priv->s_sect.tc : priv->s_sect.tr ) && 61.9 __is_tlb_overlap(hcb, cch, priv->rid, priv->cl, 61.10 priv->_curva, priv->_eva) ) { 61.11 return cch; 61.12 @@ -322,7 +322,7 @@ int __tlb_to_vhpt(thash_cb_t *hcb, 61.13 61.14 void thash_tr_insert(thash_cb_t *hcb, thash_data_t *entry, u64 va, int idx) 61.15 { 61.16 - if ( hcb->ht != THASH_TLB || entry->section != THASH_TLB_TR ) { 61.17 + if ( hcb->ht != THASH_TLB || entry->tc ) { 61.18 panic("wrong parameter\n"); 61.19 } 61.20 entry->vadr = PAGEALIGN(entry->vadr,entry->ps); 61.21 @@ -356,7 +356,7 @@ thash_data_t *__alloc_chain(thash_cb_t * 61.22 * 3: The caller need to make sure the new entry will not overlap 61.23 * with any existed entry. 61.24 */ 61.25 -static void vtlb_insert(thash_cb_t *hcb, thash_data_t *entry, u64 va) 61.26 +void vtlb_insert(thash_cb_t *hcb, thash_data_t *entry, u64 va) 61.27 { 61.28 thash_data_t *hash_table, *cch; 61.29 rr_t vrr; 61.30 @@ -411,7 +411,7 @@ void thash_insert(thash_cb_t *hcb, thash 61.31 rr_t vrr; 61.32 61.33 vrr = (hcb->get_rr_fn)(hcb->vcpu,entry->vadr); 61.34 - if ( entry->ps != vrr.ps && entry->section==THASH_TLB_TC) { 61.35 + if ( entry->ps != vrr.ps && entry->tc ) { 61.36 panic("Not support for multiple page size now\n"); 61.37 } 61.38 entry->vadr = PAGEALIGN(entry->vadr,entry->ps); 61.39 @@ -450,7 +450,7 @@ static void rem_vtlb(thash_cb_t *hcb, th 61.40 thash_internal_t *priv = &hcb->priv; 61.41 int idx; 61.42 61.43 - if ( entry->section == THASH_TLB_TR ) { 61.44 + if ( !entry->tc ) { 61.45 return rem_tr(hcb, entry->cl, entry->tr_idx); 61.46 } 61.47 rem_thash(hcb, entry); 61.48 @@ -525,19 +525,19 @@ thash_data_t *thash_find_overlap(thash_c 61.49 thash_data_t *in, search_section_t s_sect) 61.50 { 61.51 return (hcb->find_overlap)(hcb, in->vadr, 61.52 - in->ps, in->rid, in->cl, s_sect); 61.53 + PSIZE(in->ps), in->rid, in->cl, s_sect); 61.54 } 61.55 61.56 static thash_data_t *vtlb_find_overlap(thash_cb_t *hcb, 61.57 - u64 va, u64 ps, int rid, char cl, search_section_t s_sect) 61.58 + u64 va, u64 size, int rid, char cl, search_section_t s_sect) 61.59 { 61.60 thash_data_t *hash_table; 61.61 thash_internal_t *priv = &hcb->priv; 61.62 u64 tag; 61.63 rr_t vrr; 61.64 61.65 - priv->_curva = PAGEALIGN(va,ps); 61.66 - priv->_eva = priv->_curva + PSIZE(ps); 61.67 + priv->_curva = va & ~(size-1); 61.68 + priv->_eva = priv->_curva + size; 61.69 priv->rid = rid; 61.70 vrr = (hcb->get_rr_fn)(hcb->vcpu,va); 61.71 priv->ps = vrr.ps; 61.72 @@ -553,15 +553,15 @@ static thash_data_t *vtlb_find_overlap(t 61.73 } 61.74 61.75 static thash_data_t *vhpt_find_overlap(thash_cb_t *hcb, 61.76 - u64 va, u64 ps, int rid, char cl, search_section_t s_sect) 61.77 + u64 va, u64 size, int rid, char cl, search_section_t s_sect) 61.78 { 61.79 thash_data_t *hash_table; 61.80 thash_internal_t *priv = &hcb->priv; 61.81 u64 tag; 61.82 rr_t vrr; 61.83 61.84 - priv->_curva = PAGEALIGN(va,ps); 61.85 - priv->_eva = priv->_curva + PSIZE(ps); 61.86 + priv->_curva = va & ~(size-1); 61.87 + priv->_eva = priv->_curva + size; 61.88 priv->rid = rid; 61.89 vrr = (hcb->get_rr_fn)(hcb->vcpu,va); 61.90 priv->ps = vrr.ps; 61.91 @@ -691,13 +691,46 @@ void thash_purge_entries_ex(thash_cb_t * 61.92 { 61.93 thash_data_t *ovl; 61.94 61.95 - ovl = (hcb->find_overlap)(hcb, va, ps, rid, cl, p_sect); 61.96 + ovl = (hcb->find_overlap)(hcb, va, PSIZE(ps), rid, cl, p_sect); 61.97 while ( ovl != NULL ) { 61.98 (hcb->rem_hash)(hcb, ovl); 61.99 ovl = (hcb->next_overlap)(hcb); 61.100 }; 61.101 } 61.102 61.103 +/* 61.104 + * Purge overlap TCs and then insert the new entry to emulate itc ops. 61.105 + * Notes: Only TC entry can purge and insert. 61.106 + */ 61.107 +void thash_purge_and_insert(thash_cb_t *hcb, thash_data_t *in) 61.108 +{ 61.109 + thash_data_t *ovl; 61.110 + search_section_t sections; 61.111 + 61.112 +#ifdef XEN_DEBUGGER 61.113 + vrr = (hcb->get_rr_fn)(hcb->vcpu,in->vadr); 61.114 + if ( in->ps != vrr.ps || hcb->ht != THASH_TLB || !in->tc ) { 61.115 + panic ("Oops, wrong call for purge_and_insert\n"); 61.116 + return; 61.117 + } 61.118 +#endif 61.119 + in->vadr = PAGEALIGN(in->vadr,in->ps); 61.120 + in->ppn = PAGEALIGN(in->ppn, in->ps-12); 61.121 + sections.tr = 0; 61.122 + sections.tc = 1; 61.123 + ovl = (hcb->find_overlap)(hcb, in->vadr, PSIZE(in->ps), 61.124 + in->rid, in->cl, sections); 61.125 + if(ovl) 61.126 + (hcb->rem_hash)(hcb, ovl); 61.127 +#ifdef XEN_DEBUGGER 61.128 + ovl = (hcb->next_overlap)(hcb); 61.129 + if ( ovl ) { 61.130 + panic ("Oops, 2+ overlaps for purge_and_insert\n"); 61.131 + return; 61.132 + } 61.133 +#endif 61.134 + (hcb->ins_hash)(hcb, in, in->vadr); 61.135 +} 61.136 61.137 /* 61.138 * Purge all TCs or VHPT entries including those in Hash table. 61.139 @@ -766,6 +799,42 @@ thash_data_t *vtlb_lookup_ex(thash_cb_t 61.140 return NULL; 61.141 } 61.142 61.143 +/* 61.144 + * Lock/Unlock TC if found. 61.145 + * NOTES: Only the page in prefered size can be handled. 61.146 + * return: 61.147 + * 1: failure 61.148 + * 0: success 61.149 + */ 61.150 +int thash_lock_tc(thash_cb_t *hcb, u64 va, u64 size, int rid, char cl, int lock) 61.151 +{ 61.152 + thash_data_t *ovl; 61.153 + search_section_t sections; 61.154 + 61.155 + sections.tr = 1; 61.156 + sections.tc = 1; 61.157 + ovl = (hcb->find_overlap)(hcb, va, size, rid, cl, sections); 61.158 + if ( ovl ) { 61.159 + if ( !ovl->tc ) { 61.160 +// panic("Oops, TR for lock\n"); 61.161 + return 0; 61.162 + } 61.163 + else if ( lock ) { 61.164 + if ( ovl->locked ) { 61.165 + DPRINTK("Oops, already locked entry\n"); 61.166 + } 61.167 + ovl->locked = 1; 61.168 + } 61.169 + else if ( !lock ) { 61.170 + if ( !ovl->locked ) { 61.171 + DPRINTK("Oops, already unlocked entry\n"); 61.172 + } 61.173 + ovl->locked = 0; 61.174 + } 61.175 + return 0; 61.176 + } 61.177 + return 1; 61.178 +} 61.179 61.180 /* 61.181 * Notifier when TLB is deleted from hash table and its collision chain. 61.182 @@ -824,7 +893,6 @@ void thash_init(thash_cb_t *hcb, u64 sz) 61.183 } 61.184 } 61.185 61.186 - 61.187 #ifdef VTLB_DEBUG 61.188 static u64 cch_length_statistics[MAX_CCH_LENGTH+1]; 61.189 u64 sanity_check=0;
62.1 --- a/xen/arch/ia64/xenmem.c Sat Jun 18 00:49:11 2005 +0000 62.2 +++ b/xen/arch/ia64/xenmem.c Tue Jun 21 07:02:30 2005 +0000 62.3 @@ -52,7 +52,7 @@ paging_init (void) 62.4 panic("Not enough memory to bootstrap Xen.\n"); 62.5 62.6 printk("machine to physical table: 0x%lx\n", (u64)mpt_table); 62.7 - memset(mpt_table, 0x55, mpt_table_size); 62.8 + memset(mpt_table, INVALID_M2P_ENTRY, mpt_table_size); 62.9 62.10 /* Any more setup here? On VMX enabled platform, 62.11 * there's no need to keep guest linear pg table,
63.1 --- a/xen/arch/ia64/xenmisc.c Sat Jun 18 00:49:11 2005 +0000 63.2 +++ b/xen/arch/ia64/xenmisc.c Tue Jun 21 07:02:30 2005 +0000 63.3 @@ -63,13 +63,7 @@ void sync_lazy_execstate_mask(cpumask_t 63.4 void sync_lazy_execstate_all(void) {} 63.5 63.6 int grant_table_create(struct domain *d) { return 0; } 63.7 -void grant_table_destroy(struct domain *d) 63.8 -{ 63.9 - printf("grant_table_destroy: domain_destruct not tested!!!\n"); 63.10 - printf("grant_table_destroy: ensure atomic_* calls work in domain_destruct!!\n"); 63.11 - dummy(); 63.12 - return; 63.13 -} 63.14 +void grant_table_destroy(struct domain *d) { return; } 63.15 63.16 struct pt_regs *guest_cpu_user_regs(void) { return ia64_task_regs(current); } 63.17
64.1 --- a/xen/arch/x86/cpu/amd.c Sat Jun 18 00:49:11 2005 +0000 64.2 +++ b/xen/arch/x86/cpu/amd.c Tue Jun 21 07:02:30 2005 +0000 64.3 @@ -193,23 +193,30 @@ static void __init init_amd(struct cpuin 64.4 } 64.5 64.6 display_cacheinfo(c); 64.7 - detect_ht(c); 64.8 - 64.9 -#ifdef CONFIG_X86_HT 64.10 - /* AMD dual core looks like HT but isn't really. Hide it from the 64.11 - scheduler. This works around problems with the domain scheduler. 64.12 - Also probably gives slightly better scheduling and disables 64.13 - SMT nice which is harmful on dual core. 64.14 - TBD tune the domain scheduler for dual core. */ 64.15 - if (cpu_has(c, X86_FEATURE_CMP_LEGACY)) 64.16 - smp_num_siblings = 1; 64.17 -#endif 64.18 64.19 if (cpuid_eax(0x80000000) >= 0x80000008) { 64.20 c->x86_num_cores = (cpuid_ecx(0x80000008) & 0xff) + 1; 64.21 if (c->x86_num_cores & (c->x86_num_cores - 1)) 64.22 c->x86_num_cores = 1; 64.23 } 64.24 + 64.25 +#ifdef CONFIG_X86_HT 64.26 + /* 64.27 + * On a AMD dual core setup the lower bits of the APIC id 64.28 + * distingush the cores. Assumes number of cores is a power 64.29 + * of two. 64.30 + */ 64.31 + if (c->x86_num_cores > 1) { 64.32 + int cpu = smp_processor_id(); 64.33 + unsigned bits = 0; 64.34 + while ((1 << bits) < c->x86_num_cores) 64.35 + bits++; 64.36 + cpu_core_id[cpu] = phys_proc_id[cpu] & ((1<<bits)-1); 64.37 + phys_proc_id[cpu] >>= bits; 64.38 + printk(KERN_INFO "CPU %d(%d) -> Core %d\n", 64.39 + cpu, c->x86_num_cores, cpu_core_id[cpu]); 64.40 + } 64.41 +#endif 64.42 } 64.43 64.44 static unsigned int amd_size_cache(struct cpuinfo_x86 * c, unsigned int size)
65.1 --- a/xen/arch/x86/cpu/common.c Sat Jun 18 00:49:11 2005 +0000 65.2 +++ b/xen/arch/x86/cpu/common.c Tue Jun 21 07:02:30 2005 +0000 65.3 @@ -186,7 +186,7 @@ static inline int flag_is_changeable_p(u 65.4 65.5 65.6 /* Probe for the CPUID instruction */ 65.7 -int __init have_cpuid_p(void) 65.8 +static int __init have_cpuid_p(void) 65.9 { 65.10 return flag_is_changeable_p(X86_EFLAGS_ID); 65.11 } 65.12 @@ -194,7 +194,7 @@ int __init have_cpuid_p(void) 65.13 /* Do minimum CPU detection early. 65.14 Fields really needed: vendor, cpuid_level, family, model, mask, cache alignment. 65.15 The others are not touched to avoid unwanted side effects. */ 65.16 -void __init early_cpu_detect(void) 65.17 +static void __init early_cpu_detect(void) 65.18 { 65.19 struct cpuinfo_x86 *c = &boot_cpu_data; 65.20 65.21 @@ -228,6 +228,10 @@ void __init early_cpu_detect(void) 65.22 } 65.23 65.24 early_intel_workaround(c); 65.25 + 65.26 +#ifdef CONFIG_X86_HT 65.27 + phys_proc_id[smp_processor_id()] = (cpuid_ebx(1) >> 24) & 0xff; 65.28 +#endif 65.29 } 65.30 65.31 void __init generic_identify(struct cpuinfo_x86 * c) 65.32 @@ -416,25 +420,15 @@ void __init identify_cpu(struct cpuinfo_ 65.33 mcheck_init(c); 65.34 #endif 65.35 } 65.36 -/* 65.37 - * Perform early boot up checks for a valid TSC. See arch/i386/kernel/time.c 65.38 - */ 65.39 - 65.40 -void __init dodgy_tsc(void) 65.41 -{ 65.42 - if (( boot_cpu_data.x86_vendor == X86_VENDOR_CYRIX ) || 65.43 - ( boot_cpu_data.x86_vendor == X86_VENDOR_NSC )) 65.44 - cpu_devs[X86_VENDOR_CYRIX]->c_init(&boot_cpu_data); 65.45 -} 65.46 65.47 #ifdef CONFIG_X86_HT 65.48 void __init detect_ht(struct cpuinfo_x86 *c) 65.49 { 65.50 u32 eax, ebx, ecx, edx; 65.51 - int index_lsb, index_msb, tmp; 65.52 + int index_msb, tmp; 65.53 int cpu = smp_processor_id(); 65.54 65.55 - if (!cpu_has(c, X86_FEATURE_HT)) 65.56 + if (!cpu_has(c, X86_FEATURE_HT) || cpu_has(c, X86_FEATURE_CMP_LEGACY)) 65.57 return; 65.58 65.59 cpuid(1, &eax, &ebx, &ecx, &edx); 65.60 @@ -443,7 +437,6 @@ void __init detect_ht(struct cpuinfo_x86 65.61 if (smp_num_siblings == 1) { 65.62 printk(KERN_INFO "CPU: Hyper-Threading is disabled\n"); 65.63 } else if (smp_num_siblings > 1 ) { 65.64 - index_lsb = 0; 65.65 index_msb = 31; 65.66 65.67 if (smp_num_siblings > NR_CPUS) { 65.68 @@ -452,21 +445,34 @@ void __init detect_ht(struct cpuinfo_x86 65.69 return; 65.70 } 65.71 tmp = smp_num_siblings; 65.72 - while ((tmp & 1) == 0) { 65.73 - tmp >>=1 ; 65.74 - index_lsb++; 65.75 - } 65.76 - tmp = smp_num_siblings; 65.77 while ((tmp & 0x80000000 ) == 0) { 65.78 tmp <<=1 ; 65.79 index_msb--; 65.80 } 65.81 - if (index_lsb != index_msb ) 65.82 + if (smp_num_siblings & (smp_num_siblings - 1)) 65.83 index_msb++; 65.84 phys_proc_id[cpu] = phys_pkg_id((ebx >> 24) & 0xFF, index_msb); 65.85 65.86 printk(KERN_INFO "CPU: Physical Processor ID: %d\n", 65.87 phys_proc_id[cpu]); 65.88 + 65.89 + smp_num_siblings = smp_num_siblings / c->x86_num_cores; 65.90 + 65.91 + tmp = smp_num_siblings; 65.92 + index_msb = 31; 65.93 + while ((tmp & 0x80000000) == 0) { 65.94 + tmp <<=1 ; 65.95 + index_msb--; 65.96 + } 65.97 + 65.98 + if (smp_num_siblings & (smp_num_siblings - 1)) 65.99 + index_msb++; 65.100 + 65.101 + cpu_core_id[cpu] = phys_pkg_id((ebx >> 24) & 0xFF, index_msb); 65.102 + 65.103 + if (c->x86_num_cores > 1) 65.104 + printk(KERN_INFO "CPU: Processor Core ID: %d\n", 65.105 + cpu_core_id[cpu]); 65.106 } 65.107 } 65.108 #endif 65.109 @@ -511,7 +517,6 @@ extern int amd_init_cpu(void); 65.110 extern int centaur_init_cpu(void); 65.111 extern int transmeta_init_cpu(void); 65.112 extern int rise_init_cpu(void); 65.113 -void early_cpu_detect(void); 65.114 65.115 void __init early_cpu_init(void) 65.116 {
66.1 --- a/xen/arch/x86/cpu/cpu.h Sat Jun 18 00:49:11 2005 +0000 66.2 +++ b/xen/arch/x86/cpu/cpu.h Tue Jun 21 07:02:30 2005 +0000 66.3 @@ -25,7 +25,6 @@ extern int get_model_name(struct cpuinfo 66.4 extern void display_cacheinfo(struct cpuinfo_x86 *c); 66.5 66.6 extern void generic_identify(struct cpuinfo_x86 * c); 66.7 -extern int have_cpuid_p(void); 66.8 66.9 extern void early_intel_workaround(struct cpuinfo_x86 *c); 66.10
67.1 --- a/xen/arch/x86/cpu/intel.c Sat Jun 18 00:49:11 2005 +0000 67.2 +++ b/xen/arch/x86/cpu/intel.c Tue Jun 21 07:02:30 2005 +0000 67.3 @@ -74,6 +74,27 @@ static void __init Intel_errata_workarou 67.4 } 67.5 67.6 67.7 +/* 67.8 + * find out the number of processor cores on the die 67.9 + */ 67.10 +static int __init num_cpu_cores(struct cpuinfo_x86 *c) 67.11 +{ 67.12 + unsigned int eax; 67.13 + 67.14 + if (c->cpuid_level < 4) 67.15 + return 1; 67.16 + 67.17 + __asm__("cpuid" 67.18 + : "=a" (eax) 67.19 + : "0" (4), "c" (0) 67.20 + : "bx", "dx"); 67.21 + 67.22 + if (eax & 0x1f) 67.23 + return ((eax >> 26) + 1); 67.24 + else 67.25 + return 1; 67.26 +} 67.27 + 67.28 static void __init init_intel(struct cpuinfo_x86 *c) 67.29 { 67.30 unsigned int l2 = 0; 67.31 @@ -136,6 +157,8 @@ static void __init init_intel(struct cpu 67.32 if ( p ) 67.33 strcpy(c->x86_model_id, p); 67.34 67.35 + c->x86_num_cores = num_cpu_cores(c); 67.36 + 67.37 detect_ht(c); 67.38 67.39 /* Work around errata */
68.1 --- a/xen/arch/x86/dom0_ops.c Sat Jun 18 00:49:11 2005 +0000 68.2 +++ b/xen/arch/x86/dom0_ops.c Tue Jun 21 07:02:30 2005 +0000 68.3 @@ -179,8 +179,8 @@ long arch_do_dom0_op(dom0_op_t *op, dom0 68.4 { 68.5 dom0_physinfo_t *pi = &op->u.physinfo; 68.6 68.7 - pi->ht_per_core = ht_per_core; 68.8 - pi->cores = num_online_cpus() / ht_per_core; 68.9 + pi->ht_per_core = smp_num_siblings; 68.10 + pi->cores = boot_cpu_data.x86_num_cores; 68.11 pi->total_pages = max_page; 68.12 pi->free_pages = avail_domheap_pages(); 68.13 pi->cpu_khz = cpu_khz;
69.1 --- a/xen/arch/x86/setup.c Sat Jun 18 00:49:11 2005 +0000 69.2 +++ b/xen/arch/x86/setup.c Tue Jun 21 07:02:30 2005 +0000 69.3 @@ -20,6 +20,7 @@ 69.4 #include <asm/desc.h> 69.5 #include <asm/shadow.h> 69.6 #include <asm/e820.h> 69.7 +#include <public/acm_dom0_setup.h> 69.8 69.9 extern void dmi_scan_machine(void); 69.10 extern void generic_apic_probe(void); 69.11 @@ -66,7 +67,6 @@ boolean_param("noapic", skip_ioapic_setu 69.12 69.13 int early_boot = 1; 69.14 69.15 -int ht_per_core = 1; 69.16 cpumask_t cpu_present_map; 69.17 69.18 /* Limits of Xen heap, used to initialise the allocator. */ 69.19 @@ -394,12 +394,17 @@ void __init __start_xen(multiboot_info_t 69.20 69.21 shadow_mode_init(); 69.22 69.23 + /* initialize access control security module */ 69.24 + acm_init(); 69.25 + 69.26 /* Create initial domain 0. */ 69.27 dom0 = do_createdomain(0, 0); 69.28 if ( dom0 == NULL ) 69.29 panic("Error creating domain 0\n"); 69.30 69.31 set_bit(_DOMF_privileged, &dom0->domain_flags); 69.32 + /* post-create hooks sets security label */ 69.33 + acm_post_domain0_create(dom0->domain_id); 69.34 69.35 /* Grab the DOM0 command line. */ 69.36 cmdline = (char *)(mod[0].string ? __va(mod[0].string) : NULL);
70.1 --- a/xen/arch/x86/smpboot.c Sat Jun 18 00:49:11 2005 +0000 70.2 +++ b/xen/arch/x86/smpboot.c Tue Jun 21 07:02:30 2005 +0000 70.3 @@ -62,6 +62,8 @@ static int __initdata smp_b_stepping; 70.4 int smp_num_siblings = 1; 70.5 int phys_proc_id[NR_CPUS]; /* Package ID of each logical CPU */ 70.6 EXPORT_SYMBOL(phys_proc_id); 70.7 +int cpu_core_id[NR_CPUS]; /* Core ID of each logical CPU */ 70.8 +EXPORT_SYMBOL(cpu_core_id); 70.9 70.10 /* bitmap of online cpus */ 70.11 cpumask_t cpu_online_map; 70.12 @@ -923,6 +925,8 @@ static int boot_cpu_logical_apicid; 70.13 void *xquad_portio; 70.14 70.15 cpumask_t cpu_sibling_map[NR_CPUS] __cacheline_aligned; 70.16 +cpumask_t cpu_core_map[NR_CPUS] __cacheline_aligned; 70.17 +EXPORT_SYMBOL(cpu_core_map); 70.18 70.19 static void __init smp_boot_cpus(unsigned int max_cpus) 70.20 { 70.21 @@ -947,6 +951,9 @@ static void __init smp_boot_cpus(unsigne 70.22 cpus_clear(cpu_sibling_map[0]); 70.23 cpu_set(0, cpu_sibling_map[0]); 70.24 70.25 + cpus_clear(cpu_core_map[0]); 70.26 + cpu_set(0, cpu_core_map[0]); 70.27 + 70.28 /* 70.29 * If we couldn't find an SMP configuration at boot time, 70.30 * get out of here now! 70.31 @@ -959,6 +966,8 @@ static void __init smp_boot_cpus(unsigne 70.32 printk(KERN_NOTICE "Local APIC not detected." 70.33 " Using dummy APIC emulation.\n"); 70.34 map_cpu_to_logical_apicid(); 70.35 + cpu_set(0, cpu_sibling_map[0]); 70.36 + cpu_set(0, cpu_core_map[0]); 70.37 return; 70.38 } 70.39 70.40 @@ -1079,10 +1088,13 @@ static void __init smp_boot_cpus(unsigne 70.41 * construct cpu_sibling_map[], so that we can tell sibling CPUs 70.42 * efficiently. 70.43 */ 70.44 - for (cpu = 0; cpu < NR_CPUS; cpu++) 70.45 + for (cpu = 0; cpu < NR_CPUS; cpu++) { 70.46 cpus_clear(cpu_sibling_map[cpu]); 70.47 + cpus_clear(cpu_core_map[cpu]); 70.48 + } 70.49 70.50 for (cpu = 0; cpu < NR_CPUS; cpu++) { 70.51 + struct cpuinfo_x86 *c = cpu_data + cpu; 70.52 int siblings = 0; 70.53 int i; 70.54 if (!cpu_isset(cpu, cpu_callout_map)) 70.55 @@ -1092,7 +1104,7 @@ static void __init smp_boot_cpus(unsigne 70.56 for (i = 0; i < NR_CPUS; i++) { 70.57 if (!cpu_isset(i, cpu_callout_map)) 70.58 continue; 70.59 - if (phys_proc_id[cpu] == phys_proc_id[i]) { 70.60 + if (cpu_core_id[cpu] == cpu_core_id[i]) { 70.61 siblings++; 70.62 cpu_set(i, cpu_sibling_map[cpu]); 70.63 } 70.64 @@ -1102,8 +1114,22 @@ static void __init smp_boot_cpus(unsigne 70.65 cpu_set(cpu, cpu_sibling_map[cpu]); 70.66 } 70.67 70.68 - if (siblings != smp_num_siblings) 70.69 + if (siblings != smp_num_siblings) { 70.70 printk(KERN_WARNING "WARNING: %d siblings found for CPU%d, should be %d\n", siblings, cpu, smp_num_siblings); 70.71 + smp_num_siblings = siblings; 70.72 + } 70.73 + 70.74 + if (c->x86_num_cores > 1) { 70.75 + for (i = 0; i < NR_CPUS; i++) { 70.76 + if (!cpu_isset(i, cpu_callout_map)) 70.77 + continue; 70.78 + if (phys_proc_id[cpu] == phys_proc_id[i]) { 70.79 + cpu_set(i, cpu_core_map[cpu]); 70.80 + } 70.81 + } 70.82 + } else { 70.83 + cpu_core_map[cpu] = cpu_sibling_map[cpu]; 70.84 + } 70.85 } 70.86 70.87 if (nmi_watchdog == NMI_LOCAL_APIC)
71.1 --- a/xen/arch/x86/x86_32/entry.S Sat Jun 18 00:49:11 2005 +0000 71.2 +++ b/xen/arch/x86/x86_32/entry.S Tue Jun 21 07:02:30 2005 +0000 71.3 @@ -751,6 +751,7 @@ ENTRY(hypercall_table) 71.4 .long do_boot_vcpu 71.5 .long do_ni_hypercall /* 25 */ 71.6 .long do_mmuext_op 71.7 + .long do_policy_op /* 27 */ 71.8 .rept NR_hypercalls-((.-hypercall_table)/4) 71.9 .long do_ni_hypercall 71.10 .endr
72.1 --- a/xen/common/Makefile Sat Jun 18 00:49:11 2005 +0000 72.2 +++ b/xen/common/Makefile Tue Jun 21 07:02:30 2005 +0000 72.3 @@ -1,8 +1,8 @@ 72.4 72.5 include $(BASEDIR)/Rules.mk 72.6 72.7 -ifeq ($(TARGET_ARCH),ia64) 72.8 -OBJS := $(subst dom_mem_ops.o,,$(OBJS)) 72.9 +ifeq ($(TARGET_ARCH),ia64) 72.10 +#OBJS := $(subst dom_mem_ops.o,,$(OBJS)) 72.11 OBJS := $(subst grant_table.o,,$(OBJS)) 72.12 endif 72.13
73.1 --- a/xen/common/dom0_ops.c Sat Jun 18 00:49:11 2005 +0000 73.2 +++ b/xen/common/dom0_ops.c Tue Jun 21 07:02:30 2005 +0000 73.3 @@ -19,6 +19,7 @@ 73.4 #include <asm/current.h> 73.5 #include <public/dom0_ops.h> 73.6 #include <public/sched_ctl.h> 73.7 +#include <acm/acm_hooks.h> 73.8 73.9 extern long arch_do_dom0_op(dom0_op_t *op, dom0_op_t *u_dom0_op); 73.10 extern void arch_getdomaininfo_ctxt( 73.11 @@ -91,6 +92,7 @@ long do_dom0_op(dom0_op_t *u_dom0_op) 73.12 { 73.13 long ret = 0; 73.14 dom0_op_t curop, *op = &curop; 73.15 + void *ssid = NULL; /* save security ptr between pre and post/fail hooks */ 73.16 73.17 if ( !IS_PRIV(current->domain) ) 73.18 return -EPERM; 73.19 @@ -101,6 +103,9 @@ long do_dom0_op(dom0_op_t *u_dom0_op) 73.20 if ( op->interface_version != DOM0_INTERFACE_VERSION ) 73.21 return -EACCES; 73.22 73.23 + if ( acm_pre_dom0_op(op, &ssid) ) 73.24 + return -EACCES; 73.25 + 73.26 switch ( op->cmd ) 73.27 { 73.28 73.29 @@ -184,8 +189,8 @@ long do_dom0_op(dom0_op_t *u_dom0_op) 73.30 * domains will all share the second HT of each CPU. Since dom0 is on 73.31 * CPU 0, we favour high numbered CPUs in the event of a tie. 73.32 */ 73.33 - pro = ht_per_core - 1; 73.34 - for ( i = pro; i < num_online_cpus(); i += ht_per_core ) 73.35 + pro = smp_num_siblings - 1; 73.36 + for ( i = pro; i < num_online_cpus(); i += smp_num_siblings ) 73.37 if ( cnt[i] <= cnt[pro] ) 73.38 pro = i; 73.39 73.40 @@ -357,6 +362,11 @@ long do_dom0_op(dom0_op_t *u_dom0_op) 73.41 ((d->domain_flags & DOMF_shutdown) ? DOMFLAGS_SHUTDOWN : 0) | 73.42 d->shutdown_code << DOMFLAGS_SHUTDOWNSHIFT; 73.43 73.44 + if (d->ssid != NULL) 73.45 + op->u.getdomaininfo.ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref; 73.46 + else 73.47 + op->u.getdomaininfo.ssidref = ACM_DEFAULT_SSID; 73.48 + 73.49 op->u.getdomaininfo.tot_pages = d->tot_pages; 73.50 op->u.getdomaininfo.max_pages = d->max_pages; 73.51 op->u.getdomaininfo.shared_info_frame = 73.52 @@ -493,7 +503,10 @@ long do_dom0_op(dom0_op_t *u_dom0_op) 73.53 ret = arch_do_dom0_op(op,u_dom0_op); 73.54 73.55 } 73.56 - 73.57 + if (!ret) 73.58 + acm_post_dom0_op(op, ssid); 73.59 + else 73.60 + acm_fail_dom0_op(op, ssid); 73.61 return ret; 73.62 } 73.63
74.1 --- a/xen/common/event_channel.c Sat Jun 18 00:49:11 2005 +0000 74.2 +++ b/xen/common/event_channel.c Tue Jun 21 07:02:30 2005 +0000 74.3 @@ -26,6 +26,7 @@ 74.4 74.5 #include <public/xen.h> 74.6 #include <public/event_channel.h> 74.7 +#include <acm/acm_hooks.h> 74.8 74.9 #define bucket_from_port(d,p) \ 74.10 ((d)->evtchn[(p)/EVTCHNS_PER_BUCKET]) 74.11 @@ -587,6 +588,9 @@ long do_event_channel_op(evtchn_op_t *uo 74.12 if ( copy_from_user(&op, uop, sizeof(op)) != 0 ) 74.13 return -EFAULT; 74.14 74.15 + if (acm_pre_event_channel(&op)) 74.16 + return -EACCES; 74.17 + 74.18 switch ( op.cmd ) 74.19 { 74.20 case EVTCHNOP_alloc_unbound:
75.1 --- a/xen/common/grant_table.c Sat Jun 18 00:49:11 2005 +0000 75.2 +++ b/xen/common/grant_table.c Tue Jun 21 07:02:30 2005 +0000 75.3 @@ -30,6 +30,7 @@ 75.4 #include <xen/sched.h> 75.5 #include <xen/shadow.h> 75.6 #include <xen/mm.h> 75.7 +#include <acm/acm_hooks.h> 75.8 75.9 #define PIN_FAIL(_lbl, _rc, _f, _a...) \ 75.10 do { \ 75.11 @@ -357,6 +358,11 @@ static int 75.12 return GNTST_bad_gntref; 75.13 } 75.14 75.15 + if (acm_pre_grant_map_ref(dom)) { 75.16 + (void)__put_user(GNTST_permission_denied, &uop->handle); 75.17 + return GNTST_permission_denied; 75.18 + } 75.19 + 75.20 if ( unlikely((rd = find_domain_by_id(dom)) == NULL) || 75.21 unlikely(ld == rd) ) 75.22 {
76.1 --- a/xen/common/kernel.c Sat Jun 18 00:49:11 2005 +0000 76.2 +++ b/xen/common/kernel.c Tue Jun 21 07:02:30 2005 +0000 76.3 @@ -1,10 +1,7 @@ 76.4 /****************************************************************************** 76.5 * kernel.c 76.6 * 76.7 - * This file should contain architecture-independent bootstrap and low-level 76.8 - * help routines. It's a bit x86/PC specific right now! 76.9 - * 76.10 - * Copyright (c) 2002-2003 K A Fraser 76.11 + * Copyright (c) 2002-2005 K A Fraser 76.12 */ 76.13 76.14 #include <xen/config.h> 76.15 @@ -14,6 +11,7 @@ 76.16 #include <xen/compile.h> 76.17 #include <xen/sched.h> 76.18 #include <asm/current.h> 76.19 +#include <public/version.h> 76.20 76.21 void cmdline_parse(char *cmdline) 76.22 { 76.23 @@ -83,11 +81,38 @@ void cmdline_parse(char *cmdline) 76.24 * Simple hypercalls. 76.25 */ 76.26 76.27 -long do_xen_version(int cmd) 76.28 +long do_xen_version(int cmd, void *arg) 76.29 { 76.30 - if ( cmd != 0 ) 76.31 - return -ENOSYS; 76.32 - return (XEN_VERSION<<16) | (XEN_SUBVERSION); 76.33 + switch ( cmd ) 76.34 + { 76.35 + case XENVER_version: 76.36 + { 76.37 + return (XEN_VERSION<<16) | (XEN_SUBVERSION); 76.38 + } 76.39 + 76.40 + case XENVER_extraversion: 76.41 + { 76.42 + char extraversion[16]; 76.43 + safe_strcpy(extraversion, XEN_EXTRAVERSION); 76.44 + if ( copy_to_user(arg, extraversion, sizeof(extraversion)) ) 76.45 + return -EFAULT; 76.46 + return 0; 76.47 + } 76.48 + 76.49 + case XENVER_compile_info: 76.50 + { 76.51 + struct xen_compile_info info; 76.52 + safe_strcpy(info.compiler, XEN_COMPILER); 76.53 + safe_strcpy(info.compile_by, XEN_COMPILE_BY); 76.54 + safe_strcpy(info.compile_domain, XEN_COMPILE_DOMAIN); 76.55 + safe_strcpy(info.compile_date, XEN_COMPILE_DATE); 76.56 + if ( copy_to_user(arg, &info, sizeof(info)) ) 76.57 + return -EFAULT; 76.58 + return 0; 76.59 + } 76.60 + } 76.61 + 76.62 + return -ENOSYS; 76.63 } 76.64 76.65 long do_vm_assist(unsigned int cmd, unsigned int type)
77.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 77.2 +++ b/xen/common/policy_ops.c Tue Jun 21 07:02:30 2005 +0000 77.3 @@ -0,0 +1,117 @@ 77.4 +/****************************************************************************** 77.5 + *policy_ops.c 77.6 + * 77.7 + * Copyright (C) 2005 IBM Corporation 77.8 + * 77.9 + * Author: 77.10 + * Reiner Sailer <sailer@watson.ibm.com> 77.11 + * 77.12 + * This program is free software; you can redistribute it and/or 77.13 + * modify it under the terms of the GNU General Public License as 77.14 + * published by the Free Software Foundation, version 2 of the 77.15 + * License. 77.16 + * 77.17 + * Process policy command requests from guest OS. 77.18 + * 77.19 + */ 77.20 +#include <xen/config.h> 77.21 +#include <xen/types.h> 77.22 +#include <xen/lib.h> 77.23 +#include <xen/mm.h> 77.24 +#include <public/policy_ops.h> 77.25 +#include <xen/sched.h> 77.26 +#include <xen/event.h> 77.27 +#include <xen/trace.h> 77.28 +#include <xen/console.h> 77.29 +#include <asm/shadow.h> 77.30 +#include <public/sched_ctl.h> 77.31 +#include <acm/acm_hooks.h> 77.32 + 77.33 +/* function prototypes defined in acm/acm_policy.c */ 77.34 +int acm_set_policy(void *buf, u16 buf_size, u16 policy); 77.35 +int acm_get_policy(void *buf, u16 buf_size); 77.36 +int acm_dump_statistics(void *buf, u16 buf_size); 77.37 + 77.38 +typedef enum policyoperation { 77.39 + POLICY, /* access to policy interface (early drop) */ 77.40 + GETPOLICY, /* dump policy cache */ 77.41 + SETPOLICY, /* set policy cache (controls security) */ 77.42 + DUMPSTATS /* dump policy statistics */ 77.43 +} policyoperation_t; 77.44 + 77.45 +int 77.46 +acm_authorize_policyops(struct domain *d, policyoperation_t pops) 77.47 +{ 77.48 + /* currently, all policy management functions are restricted to privileged domains, 77.49 + * soon we will introduce finer-grained privileges for policy operations 77.50 + */ 77.51 + if (!IS_PRIV(d)) { 77.52 + printk("%s: Policy management authorization denied ERROR!\n", __func__); 77.53 + return ACM_ACCESS_DENIED; 77.54 + } 77.55 + return ACM_ACCESS_PERMITTED; 77.56 +} 77.57 + 77.58 +long do_policy_op(policy_op_t *u_policy_op) 77.59 +{ 77.60 + long ret = 0; 77.61 + policy_op_t curop, *op = &curop; 77.62 + 77.63 + /* check here policy decision for policy commands */ 77.64 + /* for now allow DOM0 only, later indepedently */ 77.65 + if (acm_authorize_policyops(current->domain, POLICY)) 77.66 + return -EACCES; 77.67 + 77.68 + if ( copy_from_user(op, u_policy_op, sizeof(*op)) ) 77.69 + return -EFAULT; 77.70 + 77.71 + if ( op->interface_version != POLICY_INTERFACE_VERSION ) 77.72 + return -EACCES; 77.73 + 77.74 + switch ( op->cmd ) 77.75 + { 77.76 + case POLICY_SETPOLICY: 77.77 + { 77.78 + if (acm_authorize_policyops(current->domain, SETPOLICY)) 77.79 + return -EACCES; 77.80 + printkd("%s: setting policy.\n", __func__); 77.81 + ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type); 77.82 + if (ret == ACM_OK) 77.83 + ret = 0; 77.84 + else 77.85 + ret = -ESRCH; 77.86 + } 77.87 + break; 77.88 + 77.89 + case POLICY_GETPOLICY: 77.90 + { 77.91 + if (acm_authorize_policyops(current->domain, GETPOLICY)) 77.92 + return -EACCES; 77.93 + printkd("%s: getting policy.\n", __func__); 77.94 + ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size); 77.95 + if (ret == ACM_OK) 77.96 + ret = 0; 77.97 + else 77.98 + ret = -ESRCH; 77.99 + } 77.100 + break; 77.101 + 77.102 + case POLICY_DUMPSTATS: 77.103 + { 77.104 + if (acm_authorize_policyops(current->domain, DUMPSTATS)) 77.105 + return -EACCES; 77.106 + printkd("%s: dumping statistics.\n", __func__); 77.107 + ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size); 77.108 + if (ret == ACM_OK) 77.109 + ret = 0; 77.110 + else 77.111 + ret = -ESRCH; 77.112 + } 77.113 + break; 77.114 + 77.115 + default: 77.116 + ret = -ESRCH; 77.117 + 77.118 + } 77.119 + return ret; 77.120 +}
78.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 78.2 +++ b/xen/include/acm/acm_core.h Tue Jun 21 07:02:30 2005 +0000 78.3 @@ -0,0 +1,117 @@ 78.4 +/**************************************************************** 78.5 + * acm_core.h 78.6 + * 78.7 + * Copyright (C) 2005 IBM Corporation 78.8 + * 78.9 + * Author: 78.10 + * Reiner Sailer <sailer@watson.ibm.com> 78.11 + * 78.12 + * This program is free software; you can redistribute it and/or 78.13 + * modify it under the terms of the GNU General Public License as 78.14 + * published by the Free Software Foundation, version 2 of the 78.15 + * License. 78.16 + * 78.17 + * sHype header file describing core data types and constants 78.18 + * for the access control module and relevant policies 78.19 + * 78.20 + */ 78.21 +#ifndef _ACM_CORE_H 78.22 +#define _ACM_CORE_H 78.23 + 78.24 +#include <xen/spinlock.h> 78.25 +#include <public/acm.h> 78.26 +#include <public/policy_ops.h> 78.27 + 78.28 +/* Xen-internal representation of the binary policy */ 78.29 +struct acm_binary_policy { 78.30 + u16 primary_policy_code; 78.31 + u16 secondary_policy_code; 78.32 + void *primary_binary_policy; 78.33 + void *secondary_binary_policy; 78.34 + 78.35 +}; 78.36 + 78.37 +struct chwall_binary_policy { 78.38 + u16 max_types; 78.39 + u16 max_ssidrefs; 78.40 + u16 max_conflictsets; 78.41 + domaintype_t *ssidrefs; /* [max_ssidrefs][max_types] */ 78.42 + domaintype_t *conflict_aggregate_set; /* [max_types] */ 78.43 + domaintype_t *running_types; /* [max_types] */ 78.44 + domaintype_t *conflict_sets; /* [max_conflictsets][max_types]*/ 78.45 +}; 78.46 + 78.47 +struct ste_binary_policy { 78.48 + u16 max_types; 78.49 + u16 max_ssidrefs; 78.50 + domaintype_t *ssidrefs; /* [max_ssidrefs][max_types] */ 78.51 + atomic_t ec_eval_count, gt_eval_count; 78.52 + atomic_t ec_denied_count, gt_denied_count; 78.53 + atomic_t ec_cachehit_count, gt_cachehit_count; 78.54 +}; 78.55 + 78.56 +/* global acm policy */ 78.57 +extern struct acm_binary_policy acm_bin_pol; 78.58 +extern struct chwall_binary_policy chwall_bin_pol; 78.59 +extern struct ste_binary_policy ste_bin_pol; 78.60 +/* use the lock when reading / changing binary policy ! */ 78.61 +extern rwlock_t acm_bin_pol_rwlock; 78.62 + 78.63 +/* subject and object type definitions */ 78.64 +enum acm_datatype { DOMAIN }; 78.65 + 78.66 +/* defines number of access decisions to other domains can be cached 78.67 + * one entry per domain, TE does not distinguish evtchn or grant_table */ 78.68 +#define ACM_TE_CACHE_SIZE 8 78.69 +enum acm_ste_flag { VALID, FREE }; 78.70 + 78.71 +/* cache line: 78.72 + * if cache_line.valid==VALID, then 78.73 + * STE decision is cached as "permitted" 78.74 + * on domain cache_line.id 78.75 + */ 78.76 +struct acm_ste_cache_line { 78.77 + enum acm_ste_flag valid; 78.78 + domid_t id; 78.79 +}; 78.80 + 78.81 +/* general definition of a subject security id */ 78.82 +struct acm_ssid_domain { 78.83 + enum acm_datatype datatype; /* type of subject (e.g., partition) */ 78.84 + ssidref_t ssidref; /* combined security reference */ 78.85 + void *primary_ssid; /* primary policy ssid part (e.g. chinese wall) */ 78.86 + void *secondary_ssid; /* secondary policy ssid part (e.g. type enforcement) */ 78.87 + struct domain *subject; /* backpointer to subject structure */ 78.88 + domid_t domainid; /* replicate id */ 78.89 +}; 78.90 + 78.91 +/* chinese wall ssid type */ 78.92 +struct chwall_ssid { 78.93 + ssidref_t chwall_ssidref; 78.94 +}; 78.95 + 78.96 +/* simple type enforcement ssid type */ 78.97 +struct ste_ssid { 78.98 + ssidref_t ste_ssidref; 78.99 + struct acm_ste_cache_line ste_cache[ACM_TE_CACHE_SIZE]; /* decision cache */ 78.100 +}; 78.101 + 78.102 +/* macros to access ssidref for primary / secondary policy 78.103 + * primary ssidref = lower 16 bit 78.104 + * secondary ssidref = higher 16 bit 78.105 + */ 78.106 +#define GET_SSIDREF(POLICY, ssidref) \ 78.107 + ((POLICY) == acm_bin_pol.primary_policy_code) ? \ 78.108 + ((ssidref) & 0xffff) : ((ssidref) >> 16) 78.109 + 78.110 +/* macros to access ssid pointer for primary / secondary policy */ 78.111 +#define GET_SSIDP(POLICY, ssid) \ 78.112 + ((POLICY) == acm_bin_pol.primary_policy_code) ? \ 78.113 + ((ssid)->primary_ssid) : ((ssid)->secondary_ssid) 78.114 + 78.115 +/* protos */ 78.116 +int acm_init_domain_ssid(domid_t id, ssidref_t ssidref); 78.117 +int acm_free_domain_ssid(struct acm_ssid_domain *ssid); 78.118 + 78.119 +#endif 78.120 +
79.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 79.2 +++ b/xen/include/acm/acm_endian.h Tue Jun 21 07:02:30 2005 +0000 79.3 @@ -0,0 +1,88 @@ 79.4 +/**************************************************************** 79.5 + * acm_endian.h 79.6 + * 79.7 + * Copyright (C) 2005 IBM Corporation 79.8 + * 79.9 + * Author: 79.10 + * Stefan Berger <stefanb@watson.ibm.com> 79.11 + * 79.12 + * Contributions: 79.13 + * Reiner Sailer <sailer@watson.ibm.com> 79.14 + * 79.15 + * This program is free software; you can redistribute it and/or 79.16 + * modify it under the terms of the GNU General Public License as 79.17 + * published by the Free Software Foundation, version 2 of the 79.18 + * License. 79.19 + * 79.20 + * sHype header file defining endian-dependent functions for the 79.21 + * big-endian policy interface 79.22 + * 79.23 + */ 79.24 +#ifndef _ACM_ENDIAN_H 79.25 +#define _ACM_ENDIAN_H 79.26 + 79.27 +/* don't use these functions in performance critical sections! */ 79.28 + 79.29 +/* set during initialization by testing */ 79.30 +extern u8 little_endian; 79.31 + 79.32 +static inline u32 ntohl(u32 x) 79.33 +{ 79.34 + if (little_endian) 79.35 + return 79.36 + ( (((x) >> 24) & 0xff )| 79.37 + (((x) >> 8) & 0xff00 )| 79.38 + (((x) << 8) & 0xff0000 )| 79.39 + (((x) << 24) & 0xff000000) ); 79.40 + else 79.41 + return x; 79.42 +} 79.43 + 79.44 +static inline u16 ntohs(u16 x) 79.45 +{ 79.46 + if (little_endian) 79.47 + return 79.48 + ( (((x) >> 8) & 0xff )| 79.49 + (((x) << 8) & 0xff00 ) ); 79.50 + else 79.51 + return x; 79.52 +} 79.53 + 79.54 +#define htonl(x) ntohl(x) 79.55 +#define htons(x) ntohs(x) 79.56 + 79.57 +static inline void arrcpy16(u16 *dest, const u16 *src, size_t n) 79.58 +{ 79.59 + unsigned int i = 0; 79.60 + while (i < n) { 79.61 + dest[i] = htons(src[i]); 79.62 + i++; 79.63 + } 79.64 +} 79.65 + 79.66 +static inline void arrcpy32(u32 *dest, const u32 *src, size_t n) 79.67 +{ 79.68 + unsigned int i = 0; 79.69 + while (i < n) { 79.70 + dest[i] = htonl(src[i]); 79.71 + i++; 79.72 + } 79.73 +} 79.74 + 79.75 +static inline void arrcpy(void *dest, const void *src, unsigned int elsize, size_t n) 79.76 +{ 79.77 + switch (elsize) { 79.78 + case sizeof(u16): 79.79 + arrcpy16((u16 *)dest, (u16 *)src, n); 79.80 + break; 79.81 + 79.82 + case sizeof(u32): 79.83 + arrcpy32((u32 *)dest, (u32 *)src, n); 79.84 + break; 79.85 + 79.86 + default: 79.87 + memcpy(dest, src, elsize*n); 79.88 + } 79.89 +} 79.90 + 79.91 +#endif
80.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 80.2 +++ b/xen/include/acm/acm_hooks.h Tue Jun 21 07:02:30 2005 +0000 80.3 @@ -0,0 +1,337 @@ 80.4 +/**************************************************************** 80.5 + * acm_hooks.h 80.6 + * 80.7 + * Copyright (C) 2005 IBM Corporation 80.8 + * 80.9 + * Author: 80.10 + * Reiner Sailer <sailer@watson.ibm.com> 80.11 + * 80.12 + * This program is free software; you can redistribute it and/or 80.13 + * modify it under the terms of the GNU General Public License as 80.14 + * published by the Free Software Foundation, version 2 of the 80.15 + * License. 80.16 + * 80.17 + * acm header file implementing the global (policy-independent) 80.18 + * sHype hooks that are called throughout Xen. 80.19 + * 80.20 + */ 80.21 +#ifndef _ACM_HOOKS_H 80.22 +#define _ACM_HOOKS_H 80.23 + 80.24 +#include <xen/config.h> 80.25 +#include <xen/errno.h> 80.26 +#include <xen/types.h> 80.27 +#include <xen/lib.h> 80.28 +#include <xen/delay.h> 80.29 +#include <xen/sched.h> 80.30 +#include <public/acm.h> 80.31 +#include <acm/acm_core.h> 80.32 +#include <public/dom0_ops.h> 80.33 +#include <public/event_channel.h> 80.34 +#include <asm/current.h> 80.35 + 80.36 +/* if ACM_TRACE_MODE defined, all hooks should 80.37 + * print a short trace message */ 80.38 +/* #define ACM_TRACE_MODE */ 80.39 + 80.40 +#ifdef ACM_TRACE_MODE 80.41 +# define traceprintk(fmt, args...) printk(fmt,## args) 80.42 +#else 80.43 +# define traceprintk(fmt, args...) 80.44 +#endif 80.45 + 80.46 +/* global variables */ 80.47 +extern struct acm_operations *acm_primary_ops; 80.48 +extern struct acm_operations *acm_secondary_ops; 80.49 + 80.50 +/********************************************************************************************** 80.51 + * HOOK structure and meaning (justifies a few words about our model): 80.52 + * 80.53 + * General idea: every policy-controlled system operation is reflected in a 80.54 + * transaction in the system's security state 80.55 + * 80.56 + * Keeping the security state consistent requires "atomic" transactions. 80.57 + * The name of the hooks to place around policy-controlled transactions 80.58 + * reflects this. If authorizations do not involve security state changes, 80.59 + * then and only then POST and FAIL hooks remain empty since we don't care 80.60 + * about the eventual outcome of the operation from a security viewpoint. 80.61 + * 80.62 + * PURPOSE of hook types: 80.63 + * ====================== 80.64 + * PRE-Hooks 80.65 + * a) general authorization to guard a controlled system operation 80.66 + * b) prepare security state change (means: fail hook must be able to "undo" this) 80.67 + * 80.68 + * POST-Hooks 80.69 + * a) commit prepared state change 80.70 + * 80.71 + * FAIL-Hooks 80.72 + * a) roll-back prepared security state change from PRE-Hook 80.73 + * 80.74 + * 80.75 + * PLACEMENT of hook types: 80.76 + * ======================== 80.77 + * PRE-Hooks must be called: 80.78 + * a) before a guarded/controlled system operation is started 80.79 + * (return is ACM_ACCESS_PERMITTED or ACM_ACCESS_DENIED or error) 80.80 + * --> operation must be aborted if return is != ACM_ACCESS_PERMITTED 80.81 + * 80.82 + * POST-Hooks must be called: 80.83 + * a) after successful transaction (no return value; commit shall never fail) 80.84 + * 80.85 + * FAIL-Hooks must be called: 80.86 + * a) if system transaction (operation) fails somewhen after calling the PRE-hook 80.87 + * (obviously the POST-Hook is not called in this case) 80.88 + * b) if another (secondary) policy denies access in its PRE-Hook 80.89 + * (policy layering is useful but requires additional handling) 80.90 + * 80.91 + * 80.92 + * 80.93 + * Hook model from a security transaction viewpoint: 80.94 + * 80.95 + * start-sys-ops--> prepare ----succeed-----> commit --> sys-ops success 80.96 + * (pre-hook) \ (post-hook) 80.97 + * \ 80.98 + * fail 80.99 + * \ 80.100 + * \ 80.101 + * roll-back 80.102 + * (fail-hook) 80.103 + * \ 80.104 + * sys-ops error 80.105 + * 80.106 + *************************************************************************************************/ 80.107 + 80.108 +struct acm_operations { 80.109 + /* policy management functions (must always be defined!) */ 80.110 + int (*init_domain_ssid) (void **ssid, ssidref_t ssidref); 80.111 + void (*free_domain_ssid) (void *ssid); 80.112 + int (*dump_binary_policy) (u8 *buffer, u16 buf_size); 80.113 + int (*set_binary_policy) (u8 *buffer, u16 buf_size); 80.114 + int (*dump_statistics) (u8 *buffer, u16 buf_size); 80.115 + /* domain management control hooks (can be NULL) */ 80.116 + int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); 80.117 + void (*post_domain_create) (domid_t domid, ssidref_t ssidref); 80.118 + void (*fail_domain_create) (void *subject_ssid, ssidref_t ssidref); 80.119 + void (*post_domain_destroy) (void *object_ssid, domid_t id); 80.120 + /* event channel control hooks (can be NULL) */ 80.121 + int (*pre_eventchannel_unbound) (domid_t id); 80.122 + void (*fail_eventchannel_unbound) (domid_t id); 80.123 + int (*pre_eventchannel_interdomain) (domid_t id1, domid_t id2); 80.124 + int (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2); 80.125 + /* grant table control hooks (can be NULL) */ 80.126 + int (*pre_grant_map_ref) (domid_t id); 80.127 + void (*fail_grant_map_ref) (domid_t id); 80.128 + int (*pre_grant_setup) (domid_t id); 80.129 + void (*fail_grant_setup) (domid_t id); 80.130 +}; 80.131 + 80.132 +static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref) 80.133 +{ 80.134 + if ((acm_primary_ops->pre_domain_create != NULL) && 80.135 + acm_primary_ops->pre_domain_create (subject_ssid, ssidref)) 80.136 + return ACM_ACCESS_DENIED; 80.137 + else if ((acm_secondary_ops->pre_domain_create != NULL) && 80.138 + acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) { 80.139 + /* roll-back primary */ 80.140 + if (acm_primary_ops->fail_domain_create != NULL) 80.141 + acm_primary_ops->fail_domain_create (subject_ssid, ssidref); 80.142 + return ACM_ACCESS_DENIED; 80.143 + } else 80.144 + return ACM_ACCESS_PERMITTED; 80.145 +} 80.146 + 80.147 +static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref) 80.148 +{ 80.149 + if (acm_primary_ops->post_domain_create != NULL) 80.150 + acm_primary_ops->post_domain_create (domid, ssidref); 80.151 + if (acm_secondary_ops->post_domain_create != NULL) 80.152 + acm_secondary_ops->post_domain_create (domid, ssidref); 80.153 +} 80.154 + 80.155 +static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref) 80.156 +{ 80.157 + if (acm_primary_ops->fail_domain_create != NULL) 80.158 + acm_primary_ops->fail_domain_create (subject_ssid, ssidref); 80.159 + if (acm_secondary_ops->fail_domain_create != NULL) 80.160 + acm_secondary_ops->fail_domain_create (subject_ssid, ssidref); 80.161 +} 80.162 + 80.163 +static inline void acm_post_domain_destroy (void *object_ssid, domid_t id) 80.164 +{ 80.165 + if (acm_primary_ops->post_domain_destroy != NULL) 80.166 + acm_primary_ops->post_domain_destroy (object_ssid, id); 80.167 + if (acm_secondary_ops->post_domain_destroy != NULL) 80.168 + acm_secondary_ops->post_domain_destroy (object_ssid, id); 80.169 + return; 80.170 +} 80.171 + 80.172 +/* event channel ops */ 80.173 + 80.174 +static inline int acm_pre_eventchannel_unbound (domid_t id) 80.175 +{ 80.176 + if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 80.177 + acm_primary_ops->pre_eventchannel_unbound (id)) 80.178 + return ACM_ACCESS_DENIED; 80.179 + else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 80.180 + acm_secondary_ops->pre_eventchannel_unbound (id)) { 80.181 + /* roll-back primary */ 80.182 + if (acm_primary_ops->fail_eventchannel_unbound != NULL) 80.183 + acm_primary_ops->fail_eventchannel_unbound (id); 80.184 + return ACM_ACCESS_DENIED; 80.185 + } else 80.186 + return ACM_ACCESS_PERMITTED; 80.187 +} 80.188 + 80.189 +static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2) 80.190 +{ 80.191 + if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) && 80.192 + acm_primary_ops->pre_eventchannel_interdomain (id1, id2)) 80.193 + return ACM_ACCESS_DENIED; 80.194 + else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) && 80.195 + acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) { 80.196 + /* roll-back primary */ 80.197 + if (acm_primary_ops->fail_eventchannel_interdomain != NULL) 80.198 + acm_primary_ops->fail_eventchannel_interdomain (id1, id2); 80.199 + return ACM_ACCESS_DENIED; 80.200 + } else 80.201 + return ACM_ACCESS_PERMITTED; 80.202 +} 80.203 + 80.204 +/************ Xen inline hooks ***************/ 80.205 + 80.206 +/* small macro to make the hooks more readable 80.207 + * (eliminates hooks if NULL policy is active) 80.208 + */ 80.209 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 80.210 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 80.211 +{ return 0; } 80.212 +#else 80.213 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 80.214 +{ 80.215 + int ret = -EACCES; 80.216 + struct domain *d; 80.217 + 80.218 + switch(op->cmd) { 80.219 + case DOM0_CREATEDOMAIN: 80.220 + ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref); 80.221 + break; 80.222 + case DOM0_DESTROYDOMAIN: 80.223 + d = find_domain_by_id(op->u.destroydomain.domain); 80.224 + if (d != NULL) { 80.225 + *ssid = d->ssid; /* save for post destroy when d is gone */ 80.226 + /* no policy-specific hook */ 80.227 + put_domain(d); 80.228 + ret = 0; 80.229 + } 80.230 + break; 80.231 + default: 80.232 + ret = 0; /* ok */ 80.233 + } 80.234 + return ret; 80.235 +} 80.236 +#endif 80.237 + 80.238 + 80.239 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 80.240 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 80.241 +{ return; } 80.242 +#else 80.243 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 80.244 +{ 80.245 + switch(op->cmd) { 80.246 + case DOM0_CREATEDOMAIN: 80.247 + /* initialialize shared sHype security labels for new domain */ 80.248 + acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref); 80.249 + acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref); 80.250 + break; 80.251 + case DOM0_DESTROYDOMAIN: 80.252 + acm_post_domain_destroy(ssid, op->u.destroydomain.domain); 80.253 + /* free security ssid for the destroyed domain (also if running null policy */ 80.254 + acm_free_domain_ssid((struct acm_ssid_domain *)ssid); 80.255 + break; 80.256 + } 80.257 +} 80.258 +#endif 80.259 + 80.260 + 80.261 +#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY) 80.262 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 80.263 +{ return; } 80.264 +#else 80.265 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 80.266 +{ 80.267 + switch(op->cmd) { 80.268 + case DOM0_CREATEDOMAIN: 80.269 + acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref); 80.270 + break; 80.271 + } 80.272 +} 80.273 +#endif 80.274 + 80.275 + 80.276 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 80.277 +static inline int acm_pre_event_channel(evtchn_op_t *op) 80.278 +{ return 0; } 80.279 +#else 80.280 +static inline int acm_pre_event_channel(evtchn_op_t *op) 80.281 +{ 80.282 + int ret = -EACCES; 80.283 + 80.284 + switch(op->cmd) { 80.285 + case EVTCHNOP_alloc_unbound: 80.286 + ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom); 80.287 + break; 80.288 + case EVTCHNOP_bind_interdomain: 80.289 + ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2); 80.290 + break; 80.291 + default: 80.292 + ret = 0; /* ok */ 80.293 + } 80.294 + return ret; 80.295 +} 80.296 +#endif 80.297 + 80.298 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 80.299 +static inline int acm_pre_grant_map_ref(domid_t id) 80.300 +{ return 0; } 80.301 +#else 80.302 +static inline int acm_pre_grant_map_ref (domid_t id) 80.303 +{ 80.304 + if ((acm_primary_ops->pre_grant_map_ref != NULL) && 80.305 + acm_primary_ops->pre_grant_map_ref (id)) 80.306 + return ACM_ACCESS_DENIED; 80.307 + else if ((acm_secondary_ops->pre_grant_map_ref != NULL) && 80.308 + acm_secondary_ops->pre_grant_map_ref (id)) { 80.309 + /* roll-back primary */ 80.310 + if (acm_primary_ops->fail_grant_map_ref != NULL) 80.311 + acm_primary_ops->fail_grant_map_ref (id); 80.312 + return ACM_ACCESS_DENIED; 80.313 + } else 80.314 + return ACM_ACCESS_PERMITTED; 80.315 +} 80.316 +#endif 80.317 + 80.318 + 80.319 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 80.320 +static inline int acm_pre_grant_setup(domid_t id) 80.321 +{ return 0; } 80.322 +#else 80.323 +static inline int acm_pre_grant_setup (domid_t id) 80.324 +{ 80.325 + if ((acm_primary_ops->pre_grant_setup != NULL) && 80.326 + acm_primary_ops->pre_grant_setup (id)) 80.327 + return ACM_ACCESS_DENIED; 80.328 + else if ((acm_secondary_ops->pre_grant_setup != NULL) && 80.329 + acm_secondary_ops->pre_grant_setup (id)) { 80.330 + /* roll-back primary */ 80.331 + if (acm_primary_ops->fail_grant_setup != NULL) 80.332 + acm_primary_ops->fail_grant_setup (id); 80.333 + return ACM_ACCESS_DENIED; 80.334 + } else 80.335 + return ACM_ACCESS_PERMITTED; 80.336 +} 80.337 +#endif 80.338 + 80.339 + 80.340 +#endif
81.1 --- a/xen/include/asm-ia64/config.h Sat Jun 18 00:49:11 2005 +0000 81.2 +++ b/xen/include/asm-ia64/config.h Tue Jun 21 07:02:30 2005 +0000 81.3 @@ -177,8 +177,7 @@ void sort_main_extable(void); 81.4 // see include/asm-x86/atomic.h (different from standard linux) 81.5 #define _atomic_set(v,i) (((v).counter) = (i)) 81.6 #define _atomic_read(v) ((v).counter) 81.7 -// FIXME following needs work 81.8 -#define atomic_compareandswap(old, new, v) old 81.9 +#define atomic_compareandswap(old, new, v) ((atomic_t){ cmpxchg(v, _atomic_read(old), _atomic_read(new)) }) 81.10 81.11 // see include/asm-ia64/mm.h, handle remaining pfn_info uses until gone 81.12 #define pfn_info page 81.13 @@ -227,6 +226,8 @@ struct screen_info { }; 81.14 81.15 #define FORCE_CRASH() asm("break 0;;"); 81.16 81.17 +#define dummy() dummy_called(__FUNCTION__) 81.18 + 81.19 // these declarations got moved at some point, find a better place for them 81.20 extern int ht_per_core; 81.21
82.1 --- a/xen/include/asm-ia64/domain.h Sat Jun 18 00:49:11 2005 +0000 82.2 +++ b/xen/include/asm-ia64/domain.h Tue Jun 21 07:02:30 2005 +0000 82.3 @@ -2,18 +2,17 @@ 82.4 #define __ASM_DOMAIN_H__ 82.5 82.6 #include <linux/thread_info.h> 82.7 +#include <asm/tlb.h> 82.8 #ifdef CONFIG_VTI 82.9 #include <asm/vmx_vpd.h> 82.10 #include <asm/vmmu.h> 82.11 #include <asm/regionreg.h> 82.12 +#include <public/arch-ia64.h> 82.13 #endif // CONFIG_VTI 82.14 #include <xen/list.h> 82.15 82.16 extern void arch_do_createdomain(struct vcpu *); 82.17 82.18 -extern int arch_final_setup_guestos( 82.19 - struct vcpu *, struct vcpu_guest_context *); 82.20 - 82.21 extern void domain_relinquish_resources(struct domain *); 82.22 82.23 #ifdef CONFIG_VTI 82.24 @@ -36,7 +35,15 @@ struct arch_domain { 82.25 int imp_va_msb; 82.26 ia64_rr emul_phy_rr0; 82.27 ia64_rr emul_phy_rr4; 82.28 - u64 *pmt; /* physical to machine table */ 82.29 + unsigned long *pmt; /* physical to machine table */ 82.30 + /* 82.31 + * max_pfn is the maximum page frame in guest physical space, including 82.32 + * inter-middle I/O ranges and memory holes. This is different with 82.33 + * max_pages in domain struct, which indicates maximum memory size 82.34 + */ 82.35 + unsigned long max_pfn; 82.36 + unsigned int section_nr; 82.37 + mm_section_t *sections; /* Describe memory hole except for Dom0 */ 82.38 #endif //CONFIG_VTI 82.39 u64 xen_vastart; 82.40 u64 xen_vaend;
83.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 83.2 +++ b/xen/include/asm-ia64/event.h Tue Jun 21 07:02:30 2005 +0000 83.3 @@ -0,0 +1,16 @@ 83.4 +/****************************************************************************** 83.5 + * event.h 83.6 + * 83.7 + * A nice interface for passing asynchronous events to guest OSes. 83.8 + * (architecture-dependent part) 83.9 + * 83.10 + */ 83.11 + 83.12 +#ifndef __ASM_EVENT_H__ 83.13 +#define __ASM_EVENT_H__ 83.14 + 83.15 +static inline void evtchn_notify(struct vcpu *v) 83.16 +{ 83.17 +} 83.18 + 83.19 +#endif
84.1 --- a/xen/include/asm-ia64/mm.h Sat Jun 18 00:49:11 2005 +0000 84.2 +++ b/xen/include/asm-ia64/mm.h Tue Jun 21 07:02:30 2005 +0000 84.3 @@ -27,43 +27,12 @@ typedef unsigned long page_flags_t; 84.4 84.5 /* 84.6 * Per-page-frame information. 84.7 + * 84.8 + * Every architecture must ensure the following: 84.9 + * 1. 'struct pfn_info' contains a 'struct list_head list'. 84.10 + * 2. Provide a PFN_ORDER() macro for accessing the order of a free page. 84.11 */ 84.12 - 84.13 -//FIXME: This can go away when common/dom0_ops.c is fully arch-independent 84.14 -#if 0 84.15 -struct pfn_info 84.16 -{ 84.17 - /* Each frame can be threaded onto a doubly-linked list. */ 84.18 - struct list_head list; 84.19 - /* Context-dependent fields follow... */ 84.20 - union { 84.21 - 84.22 - /* Page is in use by a domain. */ 84.23 - struct { 84.24 - /* Owner of this page. */ 84.25 - struct domain *domain; 84.26 - /* Reference count and various PGC_xxx flags and fields. */ 84.27 - u32 count_info; 84.28 - /* Type reference count and various PGT_xxx flags and fields. */ 84.29 - u32 type_info; 84.30 - } inuse; 84.31 - 84.32 - /* Page is on a free list. */ 84.33 - struct { 84.34 - /* Mask of possibly-tainted TLBs. */ 84.35 - unsigned long cpu_mask; 84.36 - /* Must be at same offset as 'u.inuse.count_flags'. */ 84.37 - u32 __unavailable; 84.38 - /* Order-size of the free chunk this page is the head of. */ 84.39 - u8 order; 84.40 - } free; 84.41 - 84.42 - } u; 84.43 - 84.44 - /* Timestamp from 'TLB clock', used to reduce need for safety flushes. */ 84.45 - u32 tlbflush_timestamp; 84.46 -}; 84.47 -#endif 84.48 +#define PFN_ORDER(_pfn) ((_pfn)->u.free.order) 84.49 84.50 struct page 84.51 { 84.52 @@ -82,7 +51,7 @@ struct page 84.53 /* Page is in use by a domain. */ 84.54 struct { 84.55 /* Owner of this page. */ 84.56 - u64 _domain; 84.57 + u32 _domain; 84.58 /* Type reference count and various PGT_xxx flags and fields. */ 84.59 u32 type_info; 84.60 } inuse; 84.61 @@ -104,37 +73,49 @@ struct page 84.62 84.63 #define set_page_count(p,v) atomic_set(&(p)->_count, v - 1) 84.64 84.65 -//FIXME: These can go away when common/dom0_ops.c is fully arch-independent 84.66 - /* The following page types are MUTUALLY EXCLUSIVE. */ 84.67 +/* Still small set of flags defined by far on IA-64 */ 84.68 +/* The following page types are MUTUALLY EXCLUSIVE. */ 84.69 #define PGT_none (0<<29) /* no special uses of this page */ 84.70 #define PGT_l1_page_table (1<<29) /* using this page as an L1 page table? */ 84.71 #define PGT_l2_page_table (2<<29) /* using this page as an L2 page table? */ 84.72 #define PGT_l3_page_table (3<<29) /* using this page as an L3 page table? */ 84.73 #define PGT_l4_page_table (4<<29) /* using this page as an L4 page table? */ 84.74 -#define PGT_gdt_page (5<<29) /* using this page in a GDT? */ 84.75 -#define PGT_ldt_page (6<<29) /* using this page in an LDT? */ 84.76 -#define PGT_writeable_page (7<<29) /* has writable mappings of this page? */ 84.77 -#define PGT_type_mask (7<<29) /* Bits 29-31. */ 84.78 +#define PGT_writeable_page (5<<29) /* has writable mappings of this page? */ 84.79 +#define PGT_type_mask (5<<29) /* Bits 29-31. */ 84.80 + 84.81 /* Has this page been validated for use as its current type? */ 84.82 #define _PGT_validated 28 84.83 #define PGT_validated (1<<_PGT_validated) 84.84 - /* 28-bit count of uses of this frame as its current type. */ 84.85 -#define PGT_count_mask ((1<<28)-1) 84.86 +/* Owning guest has pinned this page to its current type? */ 84.87 +#define _PGT_pinned 27 84.88 +#define PGT_pinned (1U<<_PGT_pinned) 84.89 + 84.90 +/* 27-bit count of uses of this frame as its current type. */ 84.91 +#define PGT_count_mask ((1U<<27)-1) 84.92 84.93 /* Cleared when the owning guest 'frees' this page. */ 84.94 #define _PGC_allocated 31 84.95 #define PGC_allocated (1U<<_PGC_allocated) 84.96 -#define PFN_ORDER(_pfn) ((_pfn)->u.free.order) 84.97 +/* Set when the page is used as a page table */ 84.98 +#define _PGC_page_table 30 84.99 +#define PGC_page_table (1U<<_PGC_page_table) 84.100 +/* 30-bit count of references to this frame. */ 84.101 +#define PGC_count_mask ((1U<<30)-1) 84.102 84.103 #define IS_XEN_HEAP_FRAME(_pfn) ((page_to_phys(_pfn) < xenheap_phys_end) \ 84.104 && (page_to_phys(_pfn) >= xen_pstart)) 84.105 84.106 -#define pickle_domptr(_d) ((u64)(_d)) 84.107 -#define unpickle_domptr(_d) ((struct domain*)(_d)) 84.108 +static inline struct domain *unpickle_domptr(u32 _d) 84.109 +{ return (_d == 0) ? NULL : __va(_d); } 84.110 +static inline u32 pickle_domptr(struct domain *_d) 84.111 +{ return (_d == NULL) ? 0 : (u32)__pa(_d); } 84.112 84.113 #define page_get_owner(_p) (unpickle_domptr((_p)->u.inuse._domain)) 84.114 #define page_set_owner(_p, _d) ((_p)->u.inuse._domain = pickle_domptr(_d)) 84.115 84.116 +/* Dummy now */ 84.117 +#define SHARE_PFN_WITH_DOMAIN(_pfn, _dom) do { } while (0) 84.118 + 84.119 extern struct pfn_info *frame_table; 84.120 extern unsigned long frame_table_size; 84.121 extern struct list_head free_list; 84.122 @@ -151,16 +132,46 @@ void add_to_domain_alloc_list(unsigned l 84.123 84.124 static inline void put_page(struct pfn_info *page) 84.125 { 84.126 - dummy(); 84.127 + u32 nx, x, y = page->count_info; 84.128 + 84.129 + do { 84.130 + x = y; 84.131 + nx = x - 1; 84.132 + } 84.133 + while (unlikely((y = cmpxchg(&page->count_info, x, nx)) != x)); 84.134 + 84.135 + if (unlikely((nx & PGC_count_mask) == 0)) 84.136 + free_domheap_page(page); 84.137 } 84.138 84.139 - 84.140 +/* count_info and ownership are checked atomically. */ 84.141 static inline int get_page(struct pfn_info *page, 84.142 struct domain *domain) 84.143 { 84.144 - dummy(); 84.145 + u64 x, nx, y = *((u64*)&page->count_info); 84.146 + u32 _domain = pickle_domptr(domain); 84.147 + 84.148 + do { 84.149 + x = y; 84.150 + nx = x + 1; 84.151 + if (unlikely((x & PGC_count_mask) == 0) || /* Not allocated? */ 84.152 + unlikely((nx & PGC_count_mask) == 0) || /* Count overflow? */ 84.153 + unlikely((x >> 32) != _domain)) { /* Wrong owner? */ 84.154 + DPRINTK("Error pfn %lx: rd=%p, od=%p, caf=%08x, taf=%08x\n", 84.155 + page_to_pfn(page), domain, unpickle_domptr(d), 84.156 + x, page->u.inuse.typeinfo); 84.157 + return 0; 84.158 + } 84.159 + } 84.160 + while(unlikely(y = cmpxchg(&page->count_info, x, nx)) != x); 84.161 + 84.162 + return 1; 84.163 } 84.164 84.165 +/* No type info now */ 84.166 +#define put_page_and_type(page) put_page((page)) 84.167 +#define get_page_and_type(page, domain, type) get_page((page)) 84.168 + 84.169 #define set_machinetophys(_mfn, _pfn) do { } while(0); 84.170 84.171 #ifdef MEMORY_GUARD 84.172 @@ -364,17 +375,40 @@ extern unsigned long *mpt_table; 84.173 #undef machine_to_phys_mapping 84.174 #define machine_to_phys_mapping mpt_table 84.175 84.176 +#define INVALID_M2P_ENTRY (~0U) 84.177 +#define VALID_M2P(_e) (!((_e) & (1U<<63))) 84.178 +#define IS_INVALID_M2P_ENTRY(_e) (!VALID_M2P(_e)) 84.179 /* If pmt table is provided by control pannel later, we need __get_user 84.180 * here. However if it's allocated by HV, we should access it directly 84.181 */ 84.182 -#define phys_to_machine_mapping(d, gpfn) \ 84.183 - ((d) == dom0 ? gpfn : (d)->arch.pmt[(gpfn)]) 84.184 +#define phys_to_machine_mapping(d, gpfn) \ 84.185 + ((d) == dom0 ? gpfn : \ 84.186 + (gpfn <= d->arch.max_pfn ? (d)->arch.pmt[(gpfn)] : \ 84.187 + INVALID_MFN)) 84.188 84.189 #define __mfn_to_gpfn(_d, mfn) \ 84.190 machine_to_phys_mapping[(mfn)] 84.191 84.192 #define __gpfn_to_mfn(_d, gpfn) \ 84.193 phys_to_machine_mapping((_d), (gpfn)) 84.194 + 84.195 +#define __gpfn_invalid(_d, gpfn) \ 84.196 + (__gpfn_to_mfn((_d), (gpfn)) & GPFN_INV_MASK) 84.197 + 84.198 +#define __gpfn_valid(_d, gpfn) !__gpfn_invalid(_d, gpfn) 84.199 + 84.200 +/* Return I/O type if trye */ 84.201 +#define __gpfn_is_io(_d, gpfn) \ 84.202 + (__gpfn_valid(_d, gpfn) ? \ 84.203 + (__gpfn_to_mfn((_d), (gpfn)) & GPFN_IO_MASK) : 0) 84.204 + 84.205 +#define __gpfn_is_mem(_d, gpfn) \ 84.206 + (__gpfn_valid(_d, gpfn) ? \ 84.207 + ((__gpfn_to_mfn((_d), (gpfn)) & GPFN_IO_MASK) == GPFN_MEM) : 0) 84.208 + 84.209 + 84.210 +#define __gpa_to_mpa(_d, gpa) \ 84.211 + ((__gpfn_to_mfn((_d),(gpa)>>PAGE_SHIFT)<<PAGE_SHIFT)|((gpa)&~PAGE_MASK)) 84.212 #endif // CONFIG_VTI 84.213 84.214 #endif /* __ASM_IA64_MM_H__ */
85.1 --- a/xen/include/asm-ia64/tlb.h Sat Jun 18 00:49:11 2005 +0000 85.2 +++ b/xen/include/asm-ia64/tlb.h Tue Jun 21 07:02:30 2005 +0000 85.3 @@ -39,11 +39,11 @@ typedef struct { 85.4 typedef union { 85.5 unsigned long value; 85.6 struct { 85.7 - uint64_t ve : 1; 85.8 - uint64_t rv1 : 1; 85.9 - uint64_t ps : 6; 85.10 - uint64_t rid : 24; 85.11 - uint64_t rv2 : 32; 85.12 + unsigned long ve : 1; 85.13 + unsigned long rv1 : 1; 85.14 + unsigned long ps : 6; 85.15 + unsigned long rid : 24; 85.16 + unsigned long rv2 : 32; 85.17 }; 85.18 } rr_t; 85.19 #endif // CONFIG_VTI
86.1 --- a/xen/include/asm-ia64/vcpu.h Sat Jun 18 00:49:11 2005 +0000 86.2 +++ b/xen/include/asm-ia64/vcpu.h Tue Jun 21 07:02:30 2005 +0000 86.3 @@ -23,8 +23,8 @@ typedef struct pt_regs REGS; 86.4 86.5 #define PRIVOP_ADDR_COUNT 86.6 #ifdef PRIVOP_ADDR_COUNT 86.7 -#define _RSM 0 86.8 -#define _SSM 1 86.9 +#define _GET_IFA 0 86.10 +#define _THASH 1 86.11 #define PRIVOP_COUNT_NINSTS 2 86.12 #define PRIVOP_COUNT_NADDRS 30 86.13
87.1 --- a/xen/include/asm-ia64/vhpt.h Sat Jun 18 00:49:11 2005 +0000 87.2 +++ b/xen/include/asm-ia64/vhpt.h Tue Jun 21 07:02:30 2005 +0000 87.3 @@ -140,12 +140,20 @@ CC_##Name:; \ 87.4 mov r16 = cr.ifa; \ 87.5 movl r30 = int_counts; \ 87.6 ;; \ 87.7 + extr.u r17=r16,59,5 \ 87.8 + ;; \ 87.9 + cmp.eq p6,p0=0x1e,r17; \ 87.10 +(p6) br.cond.spnt .Alt_##Name \ 87.11 + ;; \ 87.12 + cmp.eq p6,p0=0x1d,r17; \ 87.13 +(p6) br.cond.spnt .Alt_##Name \ 87.14 + ;; \ 87.15 thash r28 = r16; \ 87.16 adds r30 = CAUSE_VHPT_CC_HANDLED << 3, r30; \ 87.17 ;; \ 87.18 ttag r19 = r16; \ 87.19 - ld8 r27 = [r30]; \ 87.20 - adds r17 = VLE_CCHAIN_OFFSET, r28; \ 87.21 +ld8 r27 = [r30]; \ 87.22 +adds r17 = VLE_CCHAIN_OFFSET, r28; \ 87.23 ;; \ 87.24 ld8 r17 = [r17]; \ 87.25 ;; \ 87.26 @@ -192,6 +200,11 @@ CC_##Name:; \ 87.27 rfi; \ 87.28 ;; \ 87.29 \ 87.30 +.Alt_##Name:; \ 87.31 + mov pr = r31, 0x1ffff; \ 87.32 + ;; \ 87.33 + br.cond.sptk late_alt_##Name \ 87.34 + ;; \ 87.35 .Out_##Name:; \ 87.36 mov pr = r31, 0x1ffff; \ 87.37 ;; \
88.1 --- a/xen/include/asm-ia64/vmmu.h Sat Jun 18 00:49:11 2005 +0000 88.2 +++ b/xen/include/asm-ia64/vmmu.h Tue Jun 21 07:02:30 2005 +0000 88.3 @@ -28,13 +28,13 @@ 88.4 #include "public/xen.h" 88.5 #include "asm/tlb.h" 88.6 88.7 -#define THASH_TLB_TR 0 88.8 -#define THASH_TLB_TC 1 88.9 -#define THASH_TLB_FM 2 // foreign map 88.10 +//#define THASH_TLB_TR 0 88.11 +//#define THASH_TLB_TC 1 88.12 + 88.13 88.14 -#define THASH_SECTION_TR (1<<0) 88.15 -#define THASH_SECTION_TC (1<<1) 88.16 -#define THASH_SECTION_FM (1<<2) 88.17 +// bit definition of TR, TC search cmobination 88.18 +//#define THASH_SECTION_TR (1<<0) 88.19 +//#define THASH_SECTION_TC (1<<1) 88.20 88.21 /* 88.22 * Next bit definition must be same with THASH_TLB_XX 88.23 @@ -43,8 +43,7 @@ typedef union search_section { 88.24 struct { 88.25 u32 tr : 1; 88.26 u32 tc : 1; 88.27 - u32 fm : 1; 88.28 - u32 rsv: 29; 88.29 + u32 rsv: 30; 88.30 }; 88.31 u32 v; 88.32 } search_section_t; 88.33 @@ -80,12 +79,10 @@ typedef struct thash_data { 88.34 u64 ig1 : 11; //53-63 88.35 }; 88.36 struct { 88.37 - u64 __rv1 : 12; 88.38 - // sizeof(domid_t) must be less than 38!!! Refer to its definition 88.39 - u64 fm_dom : 38; // 12-49 foreign map domain ID 88.40 - u64 __rv2 : 3; // 50-52 88.41 + u64 __rv1 : 53; // 0-52 88.42 // next extension to ig1, only for TLB instance 88.43 - u64 section : 2; // 53-54 TR, TC or FM (thash_TLB_XX) 88.44 + u64 tc : 1; // 53 TR or TC 88.45 + u64 locked : 1; // 54 entry locked or not 88.46 CACHE_LINE_TYPE cl : 1; // I side or D side cache line 88.47 u64 nomap : 1; // entry cann't be inserted into machine TLB. 88.48 u64 __ig1 : 5; // 56-61 88.49 @@ -227,8 +224,8 @@ typedef struct thash_cb { 88.50 INVALID_ENTRY(hcb, hash) = 1; \ 88.51 hash->next = NULL; } 88.52 88.53 -#define PURGABLE_ENTRY(hcb,en) \ 88.54 - ((hcb)->ht == THASH_VHPT || (en)->section == THASH_TLB_TC) 88.55 +#define PURGABLE_ENTRY(hcb,en) \ 88.56 + ((hcb)->ht == THASH_VHPT || ( (en)->tc && !(en->locked)) ) 88.57 88.58 88.59 /* 88.60 @@ -306,7 +303,7 @@ extern void thash_purge_entries_ex(thash 88.61 u64 rid, u64 va, u64 sz, 88.62 search_section_t p_sect, 88.63 CACHE_LINE_TYPE cl); 88.64 -extern thash_cb_t *init_domain_tlb(struct vcpu *d); 88.65 +extern void thash_purge_and_insert(thash_cb_t *hcb, thash_data_t *in); 88.66 88.67 /* 88.68 * Purge all TCs or VHPT entries including those in Hash table. 88.69 @@ -323,6 +320,7 @@ extern thash_data_t *vtlb_lookup(thash_c 88.70 thash_data_t *in); 88.71 extern thash_data_t *vtlb_lookup_ex(thash_cb_t *hcb, 88.72 u64 rid, u64 va,CACHE_LINE_TYPE cl); 88.73 +extern int thash_lock_tc(thash_cb_t *hcb, u64 va, u64 size, int rid, char cl, int lock); 88.74 88.75 88.76 #define ITIR_RV_MASK (((1UL<<32)-1)<<32 | 0x3) 88.77 @@ -332,6 +330,7 @@ extern u64 machine_thash(PTA pta, u64 va 88.78 extern void purge_machine_tc_by_domid(domid_t domid); 88.79 extern void machine_tlb_insert(struct vcpu *d, thash_data_t *tlb); 88.80 extern rr_t vmmu_get_rr(struct vcpu *vcpu, u64 va); 88.81 +extern thash_cb_t *init_domain_tlb(struct vcpu *d); 88.82 88.83 #define VTLB_DEBUG 88.84 #ifdef VTLB_DEBUG
89.1 --- a/xen/include/asm-ia64/vmx_platform.h Sat Jun 18 00:49:11 2005 +0000 89.2 +++ b/xen/include/asm-ia64/vmx_platform.h Tue Jun 21 07:02:30 2005 +0000 89.3 @@ -25,7 +25,7 @@ 89.4 struct mmio_list; 89.5 typedef struct virutal_platform_def { 89.6 //unsigned long *real_mode_data; /* E820, etc. */ 89.7 - //unsigned long shared_page_va; 89.8 + unsigned long shared_page_va; 89.9 //struct vmx_virpit_t vmx_pit; 89.10 //struct vmx_handler_t vmx_handler; 89.11 //struct mi_per_cpu_info mpci; /* MMIO */
90.1 --- a/xen/include/asm-ia64/vmx_ptrace.h Sat Jun 18 00:49:11 2005 +0000 90.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 90.3 @@ -1,97 +0,0 @@ 90.4 -/* 90.5 - * Copyright (C) 1998-2003 Hewlett-Packard Co 90.6 - * David Mosberger-Tang <davidm@hpl.hp.com> 90.7 - * Stephane Eranian <eranian@hpl.hp.com> 90.8 - * Copyright (C) 2003 Intel Co 90.9 - * Suresh Siddha <suresh.b.siddha@intel.com> 90.10 - * Fenghua Yu <fenghua.yu@intel.com> 90.11 - * Arun Sharma <arun.sharma@intel.com> 90.12 - * 90.13 - * 12/07/98 S. Eranian added pt_regs & switch_stack 90.14 - * 12/21/98 D. Mosberger updated to match latest code 90.15 - * 6/17/99 D. Mosberger added second unat member to "struct switch_stack" 90.16 - * 4/28/05 Anthony Xu ported to Xen 90.17 - * 90.18 - */ 90.19 - 90.20 -struct pt_regs { 90.21 - /* The following registers are saved by SAVE_MIN: */ 90.22 - unsigned long b6; /* scratch */ 90.23 - unsigned long b7; /* scratch */ 90.24 - 90.25 - unsigned long ar_csd; /* used by cmp8xchg16 (scratch) */ 90.26 - unsigned long ar_ssd; /* reserved for future use (scratch) */ 90.27 - 90.28 - unsigned long r8; /* scratch (return value register 0) */ 90.29 - unsigned long r9; /* scratch (return value register 1) */ 90.30 - unsigned long r10; /* scratch (return value register 2) */ 90.31 - unsigned long r11; /* scratch (return value register 3) */ 90.32 - 90.33 - unsigned long cr_ipsr; /* interrupted task's psr */ 90.34 - unsigned long cr_iip; /* interrupted task's instruction pointer */ 90.35 - unsigned long cr_ifs; /* interrupted task's function state */ 90.36 - 90.37 - unsigned long ar_unat; /* interrupted task's NaT register (preserved) */ 90.38 - unsigned long ar_pfs; /* prev function state */ 90.39 - unsigned long ar_rsc; /* RSE configuration */ 90.40 - /* The following two are valid only if cr_ipsr.cpl > 0: */ 90.41 - unsigned long ar_rnat; /* RSE NaT */ 90.42 - unsigned long ar_bspstore; /* RSE bspstore */ 90.43 - 90.44 - unsigned long pr; /* 64 predicate registers (1 bit each) */ 90.45 - unsigned long b0; /* return pointer (bp) */ 90.46 - unsigned long loadrs; /* size of dirty partition << 16 */ 90.47 - 90.48 - unsigned long r1; /* the gp pointer */ 90.49 - unsigned long r12; /* interrupted task's memory stack pointer */ 90.50 - unsigned long r13; /* thread pointer */ 90.51 - 90.52 - unsigned long ar_fpsr; /* floating point status (preserved) */ 90.53 - unsigned long r15; /* scratch */ 90.54 - 90.55 - /* The remaining registers are NOT saved for system calls. */ 90.56 - 90.57 - unsigned long r14; /* scratch */ 90.58 - unsigned long r2; /* scratch */ 90.59 - unsigned long r3; /* scratch */ 90.60 - unsigned long r4; /* preserved */ 90.61 - unsigned long r5; /* preserved */ 90.62 - unsigned long r6; /* preserved */ 90.63 - unsigned long r7; /* preserved */ 90.64 - unsigned long cr_iipa; /* for emulation */ 90.65 - unsigned long cr_isr; /* for emulation */ 90.66 - unsigned long eml_unat; /* used for emulating instruction */ 90.67 - unsigned long rfi_pfs; /* used for elulating rfi */ 90.68 - 90.69 - /* The following registers are saved by SAVE_REST: */ 90.70 - unsigned long r16; /* scratch */ 90.71 - unsigned long r17; /* scratch */ 90.72 - unsigned long r18; /* scratch */ 90.73 - unsigned long r19; /* scratch */ 90.74 - unsigned long r20; /* scratch */ 90.75 - unsigned long r21; /* scratch */ 90.76 - unsigned long r22; /* scratch */ 90.77 - unsigned long r23; /* scratch */ 90.78 - unsigned long r24; /* scratch */ 90.79 - unsigned long r25; /* scratch */ 90.80 - unsigned long r26; /* scratch */ 90.81 - unsigned long r27; /* scratch */ 90.82 - unsigned long r28; /* scratch */ 90.83 - unsigned long r29; /* scratch */ 90.84 - unsigned long r30; /* scratch */ 90.85 - unsigned long r31; /* scratch */ 90.86 - 90.87 - unsigned long ar_ccv; /* compare/exchange value (scratch) */ 90.88 - 90.89 - /* 90.90 - * Floating point registers that the kernel considers scratch: 90.91 - */ 90.92 - struct ia64_fpreg f6; /* scratch */ 90.93 - struct ia64_fpreg f7; /* scratch */ 90.94 - struct ia64_fpreg f8; /* scratch */ 90.95 - struct ia64_fpreg f9; /* scratch */ 90.96 - struct ia64_fpreg f10; /* scratch */ 90.97 - struct ia64_fpreg f11; /* scratch */ 90.98 -}; 90.99 - 90.100 -
91.1 --- a/xen/include/asm-ia64/vmx_vpd.h Sat Jun 18 00:49:11 2005 +0000 91.2 +++ b/xen/include/asm-ia64/vmx_vpd.h Tue Jun 21 07:02:30 2005 +0000 91.3 @@ -26,6 +26,7 @@ 91.4 91.5 #include <asm/vtm.h> 91.6 #include <asm/vmx_platform.h> 91.7 +#include <public/arch-ia64.h> 91.8 91.9 #define VPD_SHIFT 17 /* 128K requirement */ 91.10 #define VPD_SIZE (1 << VPD_SHIFT)
92.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 92.2 +++ b/xen/include/asm-x86/event.h Tue Jun 21 07:02:30 2005 +0000 92.3 @@ -0,0 +1,16 @@ 92.4 +/****************************************************************************** 92.5 + * event.h 92.6 + * 92.7 + * A nice interface for passing asynchronous events to guest OSes. 92.8 + * (architecture-dependent part) 92.9 + * 92.10 + */ 92.11 + 92.12 +#ifndef __ASM_EVENT_H__ 92.13 +#define __ASM_EVENT_H__ 92.14 + 92.15 +static inline void evtchn_notify(struct vcpu *v) 92.16 +{ 92.17 +} 92.18 + 92.19 +#endif
93.1 --- a/xen/include/asm-x86/processor.h Sat Jun 18 00:49:11 2005 +0000 93.2 +++ b/xen/include/asm-x86/processor.h Tue Jun 21 07:02:30 2005 +0000 93.3 @@ -181,6 +181,7 @@ extern struct cpuinfo_x86 cpu_data[]; 93.4 #endif 93.5 93.6 extern int phys_proc_id[NR_CPUS]; 93.7 +extern int cpu_core_id[NR_CPUS]; 93.8 93.9 extern void identify_cpu(struct cpuinfo_x86 *); 93.10 extern void print_cpu_info(struct cpuinfo_x86 *);
94.1 --- a/xen/include/asm-x86/smp.h Sat Jun 18 00:49:11 2005 +0000 94.2 +++ b/xen/include/asm-x86/smp.h Tue Jun 21 07:02:30 2005 +0000 94.3 @@ -8,6 +8,7 @@ 94.4 #include <xen/config.h> 94.5 #include <xen/kernel.h> 94.6 #include <xen/cpumask.h> 94.7 +#include <asm/current.h> 94.8 #endif 94.9 94.10 #ifdef CONFIG_X86_LOCAL_APIC 94.11 @@ -34,6 +35,7 @@ extern void smp_alloc_memory(void); 94.12 extern int pic_mode; 94.13 extern int smp_num_siblings; 94.14 extern cpumask_t cpu_sibling_map[]; 94.15 +extern cpumask_t cpu_core_map[]; 94.16 94.17 extern void smp_flush_tlb(void); 94.18 extern void smp_invalidate_rcv(void); /* Process an NMI */
95.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 95.2 +++ b/xen/include/public/acm.h Tue Jun 21 07:02:30 2005 +0000 95.3 @@ -0,0 +1,161 @@ 95.4 +/**************************************************************** 95.5 + * acm.h 95.6 + * 95.7 + * Copyright (C) 2005 IBM Corporation 95.8 + * 95.9 + * Author: 95.10 + * Reiner Sailer <sailer@watson.ibm.com> 95.11 + * 95.12 + * Contributors: 95.13 + * Stefan Berger <stefanb@watson.ibm.com> 95.14 + * added network byte order support for binary policies 95.15 + * 95.16 + * This program is free software; you can redistribute it and/or 95.17 + * modify it under the terms of the GNU General Public License as 95.18 + * published by the Free Software Foundation, version 2 of the 95.19 + * License. 95.20 + * 95.21 + * sHype general access control module header file. 95.22 + * here are all definitions that are shared between 95.23 + * xen-core, guest-kernels, and applications. 95.24 + * 95.25 + * todo: move from static policy choice to compile option. 95.26 + */ 95.27 + 95.28 +#ifndef _XEN_PUBLIC_SHYPE_H 95.29 +#define _XEN_PUBLIC_SHYPE_H 95.30 + 95.31 +#include "xen.h" 95.32 +#include "sched_ctl.h" 95.33 + 95.34 +/* if ACM_DEBUG defined, all hooks should 95.35 + * print a short trace message (comment it out 95.36 + * when not in testing mode ) 95.37 + */ 95.38 +/* #define ACM_DEBUG */ 95.39 + 95.40 +#ifdef ACM_DEBUG 95.41 +# define printkd(fmt, args...) printk(fmt,## args) 95.42 +#else 95.43 +# define printkd(fmt, args...) 95.44 +#endif 95.45 + 95.46 +/* default ssid reference value if not supplied */ 95.47 +#define ACM_DEFAULT_SSID 0xffffffff 95.48 +#define ACM_DEFAULT_LOCAL_SSID 0xffff 95.49 + 95.50 +/* Internal ACM ERROR types */ 95.51 +#define ACM_OK 0 95.52 +#define ACM_UNDEF -1 95.53 +#define ACM_INIT_SSID_ERROR -2 95.54 +#define ACM_INIT_SOID_ERROR -3 95.55 +#define ACM_ERROR -4 95.56 + 95.57 +/* External ACCESS DECISIONS */ 95.58 +#define ACM_ACCESS_PERMITTED 0 95.59 +#define ACM_ACCESS_DENIED -111 95.60 +#define ACM_NULL_POINTER_ERROR -200 95.61 + 95.62 +#define ACM_MAX_POLICY 3 95.63 + 95.64 +#define ACM_NULL_POLICY 0 95.65 +#define ACM_CHINESE_WALL_POLICY 1 95.66 +#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 95.67 +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3 95.68 + 95.69 +/* policy: */ 95.70 +#define ACM_POLICY_NAME(X) \ 95.71 + (X == ACM_NULL_POLICY) ? "NULL policy" : \ 95.72 + (X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \ 95.73 + (X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \ 95.74 + (X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ 95.75 + "UNDEFINED policy" 95.76 + 95.77 +#ifndef ACM_USE_SECURITY_POLICY 95.78 +#define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY 95.79 +#endif 95.80 + 95.81 +/* defines a ssid reference used by xen */ 95.82 +typedef u32 ssidref_t; 95.83 + 95.84 +/* -------security policy relevant type definitions-------- */ 95.85 + 95.86 +/* type identifier; compares to "equal" or "not equal" */ 95.87 +typedef u16 domaintype_t; 95.88 + 95.89 +/* CHINESE WALL POLICY DATA STRUCTURES 95.90 + * 95.91 + * current accumulated conflict type set: 95.92 + * When a domain is started and has a type that is in 95.93 + * a conflict set, the conflicting types are incremented in 95.94 + * the aggregate set. When a domain is destroyed, the 95.95 + * conflicting types to its type are decremented. 95.96 + * If a domain has multiple types, this procedure works over 95.97 + * all those types. 95.98 + * 95.99 + * conflict_aggregate_set[i] holds the number of 95.100 + * running domains that have a conflict with type i. 95.101 + * 95.102 + * running_types[i] holds the number of running domains 95.103 + * that include type i in their ssidref-referenced type set 95.104 + * 95.105 + * conflict_sets[i][j] is "0" if type j has no conflict 95.106 + * with type i and is "1" otherwise. 95.107 + */ 95.108 +/* high-16 = version, low-16 = check magic */ 95.109 +#define ACM_MAGIC 0x0001debc 95.110 + 95.111 +/* each offset in bytes from start of the struct they 95.112 + * the are part of */ 95.113 +/* each buffer consists of all policy information for 95.114 + * the respective policy given in the policy code 95.115 + */ 95.116 +struct acm_policy_buffer { 95.117 + u32 magic; 95.118 + u32 policyversion; 95.119 + u32 len; 95.120 + u16 primary_policy_code; 95.121 + u16 primary_buffer_offset; 95.122 + u16 secondary_policy_code; 95.123 + u16 secondary_buffer_offset; 95.124 +}; 95.125 + 95.126 +struct acm_chwall_policy_buffer { 95.127 + u16 policy_code; 95.128 + u16 chwall_max_types; 95.129 + u16 chwall_max_ssidrefs; 95.130 + u16 chwall_max_conflictsets; 95.131 + u16 chwall_ssid_offset; 95.132 + u16 chwall_conflict_sets_offset; 95.133 + u16 chwall_running_types_offset; 95.134 + u16 chwall_conflict_aggregate_offset; 95.135 +}; 95.136 + 95.137 +struct acm_ste_policy_buffer { 95.138 + u16 policy_code; 95.139 + u16 ste_max_types; 95.140 + u16 ste_max_ssidrefs; 95.141 + u16 ste_ssid_offset; 95.142 +}; 95.143 + 95.144 +struct acm_stats_buffer { 95.145 + u32 magic; 95.146 + u32 policyversion; 95.147 + u32 len; 95.148 + u16 primary_policy_code; 95.149 + u16 primary_stats_offset; 95.150 + u16 secondary_policy_code; 95.151 + u16 secondary_stats_offset; 95.152 +}; 95.153 + 95.154 +struct acm_ste_stats_buffer { 95.155 + u32 ec_eval_count; 95.156 + u32 gt_eval_count; 95.157 + u32 ec_denied_count; 95.158 + u32 gt_denied_count; 95.159 + u32 ec_cachehit_count; 95.160 + u32 gt_cachehit_count; 95.161 +}; 95.162 + 95.163 + 95.164 +#endif
96.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 96.2 +++ b/xen/include/public/acm_dom0_setup.h Tue Jun 21 07:02:30 2005 +0000 96.3 @@ -0,0 +1,34 @@ 96.4 +/**************************************************************** 96.5 + * acm_dom0_setup.h 96.6 + * 96.7 + * Copyright (C) 2005 IBM Corporation 96.8 + * 96.9 + * Author: 96.10 + * Reiner Sailer <sailer@watson.ibm.com> 96.11 + * 96.12 + * Includes necessary definitions to bring-up dom0 96.13 + */ 96.14 +#include <acm/acm_hooks.h> 96.15 + 96.16 +extern int acm_init(void); 96.17 + 96.18 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) 96.19 + 96.20 +static inline void acm_post_domain0_create(domid_t domid) 96.21 +{ 96.22 + return; 96.23 +} 96.24 + 96.25 +#else 96.26 + 96.27 +/* predefined ssidref for DOM0 used by xen when creating DOM0 */ 96.28 +#define ACM_DOM0_SSIDREF 0 96.29 + 96.30 +static inline void acm_post_domain0_create(domid_t domid) 96.31 +{ 96.32 + /* initialialize shared sHype security labels for new domain */ 96.33 + acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF); 96.34 + acm_post_domain_create(domid, ACM_DOM0_SSIDREF); 96.35 +} 96.36 + 96.37 +#endif
97.1 --- a/xen/include/public/arch-ia64.h Sat Jun 18 00:49:11 2005 +0000 97.2 +++ b/xen/include/public/arch-ia64.h Tue Jun 21 07:02:30 2005 +0000 97.3 @@ -14,11 +14,41 @@ 97.4 #define _MEMORY_PADDING(_X) 97.5 #define MEMORY_PADDING 97.6 97.7 +/* Maximum number of virtual CPUs in multi-processor guests. */ 97.8 +/* WARNING: before changing this, check that shared_info fits on a page */ 97.9 +#define MAX_VIRT_CPUS 1 97.10 + 97.11 #ifndef __ASSEMBLY__ 97.12 97.13 /* NB. Both the following are 64 bits each. */ 97.14 typedef unsigned long memory_t; /* Full-sized pointer/address/memory-size. */ 97.15 97.16 +#define MAX_NR_SECTION 32 // at most 32 memory holes 97.17 +typedef struct { 97.18 + unsigned long start; /* start of memory hole */ 97.19 + unsigned long end; /* end of memory hole */ 97.20 +} mm_section_t; 97.21 + 97.22 +typedef struct { 97.23 + unsigned long mfn : 56; 97.24 + unsigned long type: 8; 97.25 +} pmt_entry_t; 97.26 + 97.27 +#define GPFN_MEM (0UL << 56) /* Guest pfn is normal mem */ 97.28 +#define GPFN_FRAME_BUFFER (1UL << 56) /* VGA framebuffer */ 97.29 +#define GPFN_LOW_MMIO (2UL << 56) /* Low MMIO range */ 97.30 +#define GPFN_PIB (3UL << 56) /* PIB base */ 97.31 +#define GPFN_IOSAPIC (4UL << 56) /* IOSAPIC base */ 97.32 +#define GPFN_LEGACY_IO (5UL << 56) /* Legacy I/O base */ 97.33 +#define GPFN_GFW (6UL << 56) /* Guest Firmware */ 97.34 +#define GPFN_HIGH_MMIO (7UL << 56) /* High MMIO range */ 97.35 + 97.36 +#define GPFN_IO_MASK (7UL << 56) /* Guest pfn is I/O type */ 97.37 +#define GPFN_INV_MASK (31UL << 59) /* Guest pfn is invalid */ 97.38 + 97.39 +#define INVALID_MFN (~0UL) 97.40 + 97.41 + 97.42 typedef struct 97.43 { 97.44 } PACKED cpu_user_regs; 97.45 @@ -28,11 +58,99 @@ typedef struct 97.46 * structure size will still be 8 bytes, so no other alignments will change. 97.47 */ 97.48 typedef struct { 97.49 - u32 tsc_bits; /* 0: 32 bits read from the CPU's TSC. */ 97.50 - u32 tsc_bitshift; /* 4: 'tsc_bits' uses N:N+31 of TSC. */ 97.51 + unsigned int tsc_bits; /* 0: 32 bits read from the CPU's TSC. */ 97.52 + unsigned int tsc_bitshift; /* 4: 'tsc_bits' uses N:N+31 of TSC. */ 97.53 } PACKED tsc_timestamp_t; /* 8 bytes */ 97.54 97.55 -#include <asm/tlb.h> /* TR_ENTRY */ 97.56 +struct pt_fpreg { 97.57 + union { 97.58 + unsigned long bits[2]; 97.59 + long double __dummy; /* force 16-byte alignment */ 97.60 + } u; 97.61 +}; 97.62 + 97.63 +struct pt_regs { 97.64 + /* The following registers are saved by SAVE_MIN: */ 97.65 + unsigned long b6; /* scratch */ 97.66 + unsigned long b7; /* scratch */ 97.67 + 97.68 + unsigned long ar_csd; /* used by cmp8xchg16 (scratch) */ 97.69 + unsigned long ar_ssd; /* reserved for future use (scratch) */ 97.70 + 97.71 + unsigned long r8; /* scratch (return value register 0) */ 97.72 + unsigned long r9; /* scratch (return value register 1) */ 97.73 + unsigned long r10; /* scratch (return value register 2) */ 97.74 + unsigned long r11; /* scratch (return value register 3) */ 97.75 + 97.76 + unsigned long cr_ipsr; /* interrupted task's psr */ 97.77 + unsigned long cr_iip; /* interrupted task's instruction pointer */ 97.78 + unsigned long cr_ifs; /* interrupted task's function state */ 97.79 + 97.80 + unsigned long ar_unat; /* interrupted task's NaT register (preserved) */ 97.81 + unsigned long ar_pfs; /* prev function state */ 97.82 + unsigned long ar_rsc; /* RSE configuration */ 97.83 + /* The following two are valid only if cr_ipsr.cpl > 0: */ 97.84 + unsigned long ar_rnat; /* RSE NaT */ 97.85 + unsigned long ar_bspstore; /* RSE bspstore */ 97.86 + 97.87 + unsigned long pr; /* 64 predicate registers (1 bit each) */ 97.88 + unsigned long b0; /* return pointer (bp) */ 97.89 + unsigned long loadrs; /* size of dirty partition << 16 */ 97.90 + 97.91 + unsigned long r1; /* the gp pointer */ 97.92 + unsigned long r12; /* interrupted task's memory stack pointer */ 97.93 + unsigned long r13; /* thread pointer */ 97.94 + 97.95 + unsigned long ar_fpsr; /* floating point status (preserved) */ 97.96 + unsigned long r15; /* scratch */ 97.97 + 97.98 + /* The remaining registers are NOT saved for system calls. */ 97.99 + 97.100 + unsigned long r14; /* scratch */ 97.101 + unsigned long r2; /* scratch */ 97.102 + unsigned long r3; /* scratch */ 97.103 + 97.104 +#ifdef CONFIG_VTI 97.105 + unsigned long r4; /* preserved */ 97.106 + unsigned long r5; /* preserved */ 97.107 + unsigned long r6; /* preserved */ 97.108 + unsigned long r7; /* preserved */ 97.109 + unsigned long cr_iipa; /* for emulation */ 97.110 + unsigned long cr_isr; /* for emulation */ 97.111 + unsigned long eml_unat; /* used for emulating instruction */ 97.112 + unsigned long rfi_pfs; /* used for elulating rfi */ 97.113 +#endif 97.114 + 97.115 + /* The following registers are saved by SAVE_REST: */ 97.116 + unsigned long r16; /* scratch */ 97.117 + unsigned long r17; /* scratch */ 97.118 + unsigned long r18; /* scratch */ 97.119 + unsigned long r19; /* scratch */ 97.120 + unsigned long r20; /* scratch */ 97.121 + unsigned long r21; /* scratch */ 97.122 + unsigned long r22; /* scratch */ 97.123 + unsigned long r23; /* scratch */ 97.124 + unsigned long r24; /* scratch */ 97.125 + unsigned long r25; /* scratch */ 97.126 + unsigned long r26; /* scratch */ 97.127 + unsigned long r27; /* scratch */ 97.128 + unsigned long r28; /* scratch */ 97.129 + unsigned long r29; /* scratch */ 97.130 + unsigned long r30; /* scratch */ 97.131 + unsigned long r31; /* scratch */ 97.132 + 97.133 + unsigned long ar_ccv; /* compare/exchange value (scratch) */ 97.134 + 97.135 + /* 97.136 + * Floating point registers that the kernel considers scratch: 97.137 + */ 97.138 + struct pt_fpreg f6; /* scratch */ 97.139 + struct pt_fpreg f7; /* scratch */ 97.140 + struct pt_fpreg f8; /* scratch */ 97.141 + struct pt_fpreg f9; /* scratch */ 97.142 + struct pt_fpreg f10; /* scratch */ 97.143 + struct pt_fpreg f11; /* scratch */ 97.144 +}; 97.145 97.146 typedef struct { 97.147 unsigned long ipsr; 97.148 @@ -64,18 +182,20 @@ typedef struct { 97.149 unsigned long krs[8]; // kernel registers 97.150 unsigned long pkrs[8]; // protection key registers 97.151 unsigned long tmp[8]; // temp registers (e.g. for hyperprivops) 97.152 -//} PACKED arch_shared_info_t; 97.153 +//} PACKED arch_vcpu_info_t; 97.154 } arch_vcpu_info_t; // DON'T PACK 97.155 97.156 typedef struct { 97.157 + int evtchn_vector; 97.158 + int domain_controller_evtchn; 97.159 + unsigned int flags; 97.160 +//} PACKED arch_shared_info_t; 97.161 } arch_shared_info_t; // DON'T PACK 97.162 97.163 -/* 97.164 - * The following is all CPU context. Note that the i387_ctxt block is filled 97.165 - * in by FXSAVE if the CPU has feature FXSR; otherwise FSAVE is used. 97.166 - */ 97.167 typedef struct vcpu_guest_context { 97.168 - //unsigned long flags; 97.169 + struct pt_regs regs; 97.170 + arch_vcpu_info_t vcpu; 97.171 + arch_shared_info_t shared; 97.172 } PACKED vcpu_guest_context_t; 97.173 97.174 #endif /* !__ASSEMBLY__ */
98.1 --- a/xen/include/public/arch-x86_32.h Sat Jun 18 00:49:11 2005 +0000 98.2 +++ b/xen/include/public/arch-x86_32.h Tue Jun 21 07:02:30 2005 +0000 98.3 @@ -73,6 +73,9 @@ 98.4 #define machine_to_phys_mapping ((u32 *)HYPERVISOR_VIRT_START) 98.5 #endif 98.6 98.7 +/* Maximum number of virtual CPUs in multi-processor guests. */ 98.8 +#define MAX_VIRT_CPUS 32 98.9 + 98.10 #ifndef __ASSEMBLY__ 98.11 98.12 /* NB. Both the following are 32 bits each. */
99.1 --- a/xen/include/public/arch-x86_64.h Sat Jun 18 00:49:11 2005 +0000 99.2 +++ b/xen/include/public/arch-x86_64.h Tue Jun 21 07:02:30 2005 +0000 99.3 @@ -73,6 +73,9 @@ 99.4 #define HYPERVISOR_VIRT_END (0xFFFF880000000000UL) 99.5 #endif 99.6 99.7 +/* Maximum number of virtual CPUs in multi-processor guests. */ 99.8 +#define MAX_VIRT_CPUS 32 99.9 + 99.10 #ifndef __ASSEMBLY__ 99.11 99.12 /* The machine->physical mapping table starts at this address, read-only. */
100.1 --- a/xen/include/public/dom0_ops.h Sat Jun 18 00:49:11 2005 +0000 100.2 +++ b/xen/include/public/dom0_ops.h Tue Jun 21 07:02:30 2005 +0000 100.3 @@ -43,6 +43,8 @@ typedef struct sched_adjdom_cmd dom0_adj 100.4 100.5 #define DOM0_CREATEDOMAIN 8 100.6 typedef struct { 100.7 + /* IN parameters */ 100.8 + u32 ssidref; 100.9 /* IN/OUT parameters. */ 100.10 /* Identifier for new domain (auto-allocate if zero is specified). */ 100.11 domid_t domain; 100.12 @@ -88,6 +90,7 @@ typedef struct { 100.13 u32 n_vcpu; 100.14 s32 vcpu_to_cpu[MAX_VIRT_CPUS]; /* current mapping */ 100.15 cpumap_t cpumap[MAX_VIRT_CPUS]; /* allowable mapping */ 100.16 + u32 ssidref; 100.17 } dom0_getdomaininfo_t; 100.18 100.19 #define DOM0_SETDOMAININFO 13
101.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 101.2 +++ b/xen/include/public/policy_ops.h Tue Jun 21 07:02:30 2005 +0000 101.3 @@ -0,0 +1,74 @@ 101.4 +/****************************************************************************** 101.5 + * policy_ops.h 101.6 + * 101.7 + * Copyright (C) 2005 IBM Corporation 101.8 + * 101.9 + * Author: 101.10 + * Reiner Sailer <sailer@watson.ibm.com> 101.11 + * 101.12 + * This program is free software; you can redistribute it and/or 101.13 + * modify it under the terms of the GNU General Public License as 101.14 + * published by the Free Software Foundation, version 2 of the 101.15 + * License. 101.16 + * 101.17 + * Process policy command requests from guest OS. 101.18 + * access checked by policy; not restricted to DOM0 101.19 + * 101.20 + */ 101.21 + 101.22 + 101.23 +#ifndef __XEN_PUBLIC_POLICY_OPS_H__ 101.24 +#define __XEN_PUBLIC_POLICY_OPS_H__ 101.25 + 101.26 +#include "xen.h" 101.27 +#include "sched_ctl.h" 101.28 + 101.29 +/* 101.30 + * Make sure you increment the interface version whenever you modify this file! 101.31 + * This makes sure that old versions of policy tools will stop working in a 101.32 + * well-defined way (rather than crashing the machine, for instance). 101.33 + */ 101.34 +#define POLICY_INTERFACE_VERSION 0xAAAA0001 101.35 + 101.36 +/************************************************************************/ 101.37 + 101.38 +#define POLICY_SETPOLICY 4 101.39 +typedef struct { 101.40 + /* IN variables. */ 101.41 + u16 policy_type; 101.42 + u16 padding1; 101.43 + /* OUT variables */ 101.44 + void *pushcache; 101.45 + u16 pushcache_size; 101.46 +} PACKED policy_setpolicy_t; 101.47 + 101.48 + 101.49 +#define POLICY_GETPOLICY 5 101.50 +typedef struct { 101.51 + /* IN variables. */ 101.52 + u16 policy_type; 101.53 + u16 padding1; 101.54 + /* OUT variables */ 101.55 + void *pullcache; 101.56 + u16 pullcache_size; 101.57 +} PACKED policy_getpolicy_t; 101.58 + 101.59 +#define POLICY_DUMPSTATS 6 101.60 +typedef struct { 101.61 + void *pullcache; 101.62 + u16 pullcache_size; 101.63 +} PACKED policy_dumpstats_t; 101.64 + 101.65 + 101.66 +typedef struct { 101.67 + u32 cmd; /* 0 */ 101.68 + u32 interface_version; /* 4 */ /* POLICY_INTERFACE_VERSION */ 101.69 + union { /* 8 */ 101.70 + u32 dummy[14]; /* 72bytes */ 101.71 + policy_setpolicy_t setpolicy; 101.72 + policy_getpolicy_t getpolicy; 101.73 + policy_dumpstats_t dumpstats; 101.74 + } PACKED u; 101.75 +} PACKED policy_op_t; /* 80 bytes */ 101.76 + 101.77 +#endif /* __XEN_PUBLIC_POLICY_OPS_H__ */
102.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 102.2 +++ b/xen/include/public/version.h Tue Jun 21 07:02:30 2005 +0000 102.3 @@ -0,0 +1,30 @@ 102.4 +/****************************************************************************** 102.5 + * version.h 102.6 + * 102.7 + * Xen version, type, and compile information. 102.8 + * 102.9 + * Copyright (c) 2005, Nguyen Anh Quynh <aquynh@gmail.com> 102.10 + * Copyright (c) 2005, Keir Fraser <keir@xensource.com> 102.11 + */ 102.12 + 102.13 +#ifndef __XEN_PUBLIC_VERSION_H__ 102.14 +#define __XEN_PUBLIC_VERSION_H__ 102.15 + 102.16 +/* NB. All ops return zero on success, except XENVER_version. */ 102.17 + 102.18 +/* arg == NULL; returns major:minor (16:16). */ 102.19 +#define XENVER_version 0 102.20 + 102.21 +/* arg == 16-char string buffer. */ 102.22 +#define XENVER_extraversion 1 102.23 + 102.24 +/* arg == xenversion_compile_info_t. */ 102.25 +#define XENVER_compile_info 2 102.26 +typedef struct xen_compile_info { 102.27 + char compiler[64]; 102.28 + char compile_by[16]; 102.29 + char compile_domain[32]; 102.30 + char compile_date[32]; 102.31 +} xen_compile_info_t; 102.32 + 102.33 +#endif /* __XEN_PUBLIC_VERSION_H__ */
103.1 --- a/xen/include/public/xen.h Sat Jun 18 00:49:11 2005 +0000 103.2 +++ b/xen/include/public/xen.h Tue Jun 21 07:02:30 2005 +0000 103.3 @@ -58,6 +58,7 @@ 103.4 #define __HYPERVISOR_boot_vcpu 24 103.5 #define __HYPERVISOR_set_segment_base 25 /* x86/64 only */ 103.6 #define __HYPERVISOR_mmuext_op 26 103.7 +#define __HYPERVISOR_policy_op 27 103.8 103.9 /* 103.10 * VIRTUAL INTERRUPTS 103.11 @@ -287,9 +288,6 @@ typedef struct 103.12 /* Event channel endpoints per domain. */ 103.13 #define NR_EVENT_CHANNELS 1024 103.14 103.15 -/* Support for multi-processor guests. */ 103.16 -#define MAX_VIRT_CPUS 32 103.17 - 103.18 /* 103.19 * Per-VCPU information goes here. This will be cleaned up more when Xen 103.20 * actually supports multi-VCPU guests.
104.1 --- a/xen/include/xen/event.h Sat Jun 18 00:49:11 2005 +0000 104.2 +++ b/xen/include/xen/event.h Tue Jun 21 07:02:30 2005 +0000 104.3 @@ -13,6 +13,7 @@ 104.4 #include <xen/sched.h> 104.5 #include <xen/smp.h> 104.6 #include <asm/bitops.h> 104.7 +#include <asm/event.h> 104.8 104.9 /* 104.10 * EVENT-CHANNEL NOTIFICATIONS 104.11 @@ -34,6 +35,7 @@ static inline void evtchn_set_pending(st 104.12 { 104.13 /* The VCPU pending flag must be set /after/ update to evtchn-pend. */ 104.14 set_bit(0, &v->vcpu_info->evtchn_upcall_pending); 104.15 + evtchn_notify(v); 104.16 104.17 /* 104.18 * NB1. 'vcpu_flags' and 'processor' must be checked /after/ update of
105.1 --- a/xen/include/xen/sched.h Sat Jun 18 00:49:11 2005 +0000 105.2 +++ b/xen/include/xen/sched.h Tue Jun 21 07:02:30 2005 +0000 105.3 @@ -137,6 +137,8 @@ struct domain 105.4 cpumask_t cpumask; 105.5 105.6 struct arch_domain arch; 105.7 + 105.8 + void *ssid; /* sHype security subject identifier */ 105.9 }; 105.10 105.11 struct domain_setup_info
106.1 --- a/xen/include/xen/smp.h Sat Jun 18 00:49:11 2005 +0000 106.2 +++ b/xen/include/xen/smp.h Tue Jun 21 07:02:30 2005 +0000 106.3 @@ -58,8 +58,6 @@ static inline int on_each_cpu(void (*fun 106.4 return ret; 106.5 } 106.6 106.7 -extern int ht_per_core; 106.8 - 106.9 extern volatile unsigned long smp_msg_data; 106.10 extern volatile int smp_src_cpu; 106.11 extern volatile int smp_msg_id;
107.1 --- a/xen/include/xen/string.h Sat Jun 18 00:49:11 2005 +0000 107.2 +++ b/xen/include/xen/string.h Tue Jun 21 07:02:30 2005 +0000 107.3 @@ -81,4 +81,9 @@ extern void * memchr(const void *,int,__ 107.4 } 107.5 #endif 107.6 107.7 +#define safe_strcpy(d,s) \ 107.8 +do { strncpy((d),(s),sizeof((d))); \ 107.9 + (d)[sizeof((d))-1] = '\0'; \ 107.10 +} while (0) 107.11 + 107.12 #endif /* _LINUX_STRING_H_ */