direct-io.hg

changeset 5546:76346519b28e

bitkeeper revision 1.1728 (42ba7c8fYqjC4xLUEtbo7JJInxdnqA)

Merge firebug.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into firebug.cl.cam.ac.uk:/local/scratch/cl349/xen-unstable.bk
author cl349@firebug.cl.cam.ac.uk
date Thu Jun 23 09:10:39 2005 +0000 (2005-06-23)
parents f10eeee5e6e8 76f16636bbb5
children 84b9630129d7
files .rootkeys BitKeeper/etc/ignore tools/libxc/xc.h tools/libxc/xc_domain.c tools/libxc/xc_evtchn.c tools/libxc/xc_gnttab.c tools/libxc/xc_misc.c tools/libxc/xc_private.c tools/libxc/xc_private.h tools/policy/policy_tool.c tools/python/xen/xm/create.py xen/Makefile xen/Rules.mk xen/arch/x86/mm.c xen/arch/x86/setup.c xen/common/policy_ops.c xen/include/acm/acm_hooks.h xen/include/asm-x86/page.h xen/include/asm-x86/x86_32/page-2level.h xen/include/asm-x86/x86_32/page-3level.h xen/include/asm-x86/x86_32/page.h xen/include/public/acm_dom0_setup.h
line diff
     1.1 --- a/.rootkeys	Tue Jun 21 11:09:54 2005 +0000
     1.2 +++ b/.rootkeys	Thu Jun 23 09:10:39 2005 +0000
     1.3 @@ -1513,7 +1513,6 @@ 404f1bc4tWkB9Qr8RkKtZGW5eMQzhw xen/inclu
     1.4  422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h
     1.5  400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING
     1.6  42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h
     1.7 -42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h
     1.8  421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h
     1.9  404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h
    1.10  404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h
     3.1 --- a/tools/libxc/xc.h	Tue Jun 21 11:09:54 2005 +0000
     3.2 +++ b/tools/libxc/xc.h	Thu Jun 23 09:10:39 2005 +0000
     3.3 @@ -25,6 +25,7 @@ typedef int64_t            s64;
     3.4  #include <xen/dom0_ops.h>
     3.5  #include <xen/event_channel.h>
     3.6  #include <xen/sched_ctl.h>
     3.7 +#include <xen/acm.h>
     3.8  
     3.9  /*
    3.10   *  DEFINITIONS FOR CPU BARRIERS
     4.1 --- a/tools/libxc/xc_domain.c	Tue Jun 21 11:09:54 2005 +0000
     4.2 +++ b/tools/libxc/xc_domain.c	Thu Jun 23 09:10:39 2005 +0000
     4.3 @@ -128,7 +128,7 @@ int xc_domain_get_vcpu_context(int xc_ha
     4.4                                 u32 vcpu,
     4.5                                 vcpu_guest_context_t *ctxt)
     4.6  {
     4.7 -    int rc, errno_saved;
     4.8 +    int rc;
     4.9      dom0_op_t op;
    4.10  
    4.11      op.cmd = DOM0_GETVCPUCONTEXT;
    4.12 @@ -143,11 +143,7 @@ int xc_domain_get_vcpu_context(int xc_ha
    4.13      rc = do_dom0_op(xc_handle, &op);
    4.14  
    4.15      if ( ctxt != NULL )
    4.16 -    {
    4.17 -        errno_saved = errno;
    4.18 -        (void)munlock(ctxt, sizeof(*ctxt));
    4.19 -        errno = errno_saved;
    4.20 -    }
    4.21 +        safe_munlock(ctxt, sizeof(*ctxt));
    4.22  
    4.23      if ( rc > 0 )
    4.24          return -ESRCH;
     5.1 --- a/tools/libxc/xc_evtchn.c	Tue Jun 21 11:09:54 2005 +0000
     5.2 +++ b/tools/libxc/xc_evtchn.c	Thu Jun 23 09:10:39 2005 +0000
     5.3 @@ -26,7 +26,7 @@ static int do_evtchn_op(int xc_handle, e
     5.4      if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0)
     5.5          ERROR("do_evtchn_op: HYPERVISOR_event_channel_op failed: %d", ret);
     5.6  
     5.7 -    (void)munlock(op, sizeof(*op));
     5.8 +    safe_munlock(op, sizeof(*op));
     5.9   out:
    5.10      return ret;
    5.11  }
     6.1 --- a/tools/libxc/xc_gnttab.c	Tue Jun 21 11:09:54 2005 +0000
     6.2 +++ b/tools/libxc/xc_gnttab.c	Thu Jun 23 09:10:39 2005 +0000
     6.3 @@ -33,7 +33,7 @@ do_gnttab_op( int xc_handle,
     6.4      if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 )
     6.5          ERROR("do_gnttab_op: HYPERVISOR_grant_table_op failed: %d", ret);
     6.6  
     6.7 -    (void)munlock(op, sizeof(*op));
     6.8 +    safe_munlock(op, sizeof(*op));
     6.9   out:
    6.10      return ret;
    6.11  }
     7.1 --- a/tools/libxc/xc_misc.c	Tue Jun 21 11:09:54 2005 +0000
     7.2 +++ b/tools/libxc/xc_misc.c	Thu Jun 23 09:10:39 2005 +0000
     7.3 @@ -43,7 +43,7 @@ int xc_readconsolering(int xc_handle,
     7.4          *pnr_chars = op.u.readconsole.count;
     7.5      }
     7.6  
     7.7 -    (void)munlock(buffer, nr_chars);
     7.8 +    safe_munlock(buffer, nr_chars);
     7.9  
    7.10      return ret;
    7.11  }    
     8.1 --- a/tools/libxc/xc_private.c	Tue Jun 21 11:09:54 2005 +0000
     8.2 +++ b/tools/libxc/xc_private.c	Thu Jun 23 09:10:39 2005 +0000
     8.3 @@ -22,8 +22,10 @@ void *xc_map_foreign_batch(int xc_handle
     8.4      ioctlx.arr=arr;
     8.5      if ( ioctl( xc_handle, IOCTL_PRIVCMD_MMAPBATCH, &ioctlx ) < 0 )
     8.6      {
     8.7 +        int saved_errno = errno;
     8.8  	perror("XXXXXXXX");
     8.9 -	munmap(addr, num*PAGE_SIZE);
    8.10 +	(void)munmap(addr, num*PAGE_SIZE);
    8.11 +        errno = saved_errno;
    8.12  	return NULL;
    8.13      }
    8.14      return addr;
    8.15 @@ -51,7 +53,9 @@ void *xc_map_foreign_range(int xc_handle
    8.16      entry.npages=(size+PAGE_SIZE-1)>>PAGE_SHIFT;
    8.17      if ( ioctl( xc_handle, IOCTL_PRIVCMD_MMAP, &ioctlx ) < 0 )
    8.18      {
    8.19 -	munmap(addr, size);
    8.20 +        int saved_errno = errno;
    8.21 +	(void)munmap(addr, size);
    8.22 +        errno = saved_errno;
    8.23  	return NULL;
    8.24      }
    8.25      return addr;
    8.26 @@ -134,8 +138,8 @@ static int flush_mmu_updates(int xc_hand
    8.27      }
    8.28  
    8.29      mmu->idx = 0;
    8.30 -    
    8.31 -    (void)munlock(mmu->updates, sizeof(mmu->updates));
    8.32 +
    8.33 +    safe_munlock(mmu->updates, sizeof(mmu->updates));
    8.34  
    8.35   out:
    8.36      return err;
    8.37 @@ -232,7 +236,7 @@ int xc_get_pfn_list(int xc_handle,
    8.38  
    8.39      ret = do_dom0_op(xc_handle, &op);
    8.40  
    8.41 -    (void)munlock(pfn_buf, max_pfns * sizeof(unsigned long));
    8.42 +    safe_munlock(pfn_buf, max_pfns * sizeof(unsigned long));
    8.43  
    8.44  #if 0
    8.45  #ifdef DEBUG
     9.1 --- a/tools/libxc/xc_private.h	Tue Jun 21 11:09:54 2005 +0000
     9.2 +++ b/tools/libxc/xc_private.h	Thu Jun 23 09:10:39 2005 +0000
     9.3 @@ -101,12 +101,28 @@ struct load_funcs
     9.4      loadimagefunc loadimage;
     9.5  };
     9.6  
     9.7 -#define ERROR(_m, _a...)  \
     9.8 -    fprintf(stderr, "ERROR: " _m "\n" , ## _a )
     9.9 +#define ERROR(_m, _a...)                                \
    9.10 +do {                                                    \
    9.11 +    int __saved_errno = errno;                          \
    9.12 +    fprintf(stderr, "ERROR: " _m "\n" , ## _a );        \
    9.13 +    errno = __saved_errno;                              \
    9.14 +} while (0)
    9.15 +
    9.16  
    9.17 -#define PERROR(_m, _a...) \
    9.18 -    fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \
    9.19 -            errno, strerror(errno))
    9.20 +#define PERROR(_m, _a...)                                       \
    9.21 +do {                                                            \
    9.22 +    int __saved_errno = errno;                                  \
    9.23 +    fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,       \
    9.24 +            __saved_errno, strerror(__saved_errno));            \
    9.25 +    errno = __saved_errno;                                      \
    9.26 +} while (0)
    9.27 +
    9.28 +static inline void safe_munlock(const void *addr, size_t len)
    9.29 +{
    9.30 +    int saved_errno = errno;
    9.31 +    (void)munlock(addr, len);
    9.32 +    errno = saved_errno;
    9.33 +}
    9.34  
    9.35  static inline int do_privcmd(int xc_handle,
    9.36                               unsigned int cmd, 
    9.37 @@ -125,7 +141,7 @@ static inline int do_xen_hypercall(int x
    9.38  
    9.39  static inline int do_dom0_op(int xc_handle, dom0_op_t *op)
    9.40  {
    9.41 -    int ret = -1, errno_saved;
    9.42 +    int ret = -1;
    9.43      privcmd_hypercall_t hypercall;
    9.44  
    9.45      op->interface_version = DOM0_INTERFACE_VERSION;
    9.46 @@ -146,9 +162,7 @@ static inline int do_dom0_op(int xc_hand
    9.47                      " rebuild the user-space tool set?\n");
    9.48      }
    9.49  
    9.50 -    errno_saved = errno;
    9.51 -    (void)munlock(op, sizeof(*op));
    9.52 -    errno = errno_saved;
    9.53 +    safe_munlock(op, sizeof(*op));
    9.54  
    9.55   out1:
    9.56      return ret;
    9.57 @@ -163,7 +177,6 @@ static inline int do_dom_mem_op(int     
    9.58  {
    9.59      privcmd_hypercall_t hypercall;
    9.60      long ret = -EINVAL;
    9.61 -    int errno_saved;
    9.62  
    9.63      hypercall.op     = __HYPERVISOR_dom_mem_op;
    9.64      hypercall.arg[0] = (unsigned long)memop;
    9.65 @@ -186,11 +199,7 @@ static inline int do_dom_mem_op(int     
    9.66      }
    9.67  
    9.68      if ( extent_list != NULL )
    9.69 -    {
    9.70 -        errno_saved = errno;
    9.71 -        (void)munlock(extent_list, nr_extents*sizeof(unsigned long));
    9.72 -        errno = errno_saved;
    9.73 -    }
    9.74 +        safe_munlock(extent_list, nr_extents*sizeof(unsigned long));
    9.75  
    9.76   out1:
    9.77      return ret;
    9.78 @@ -204,7 +213,6 @@ static inline int do_mmuext_op(
    9.79  {
    9.80      privcmd_hypercall_t hypercall;
    9.81      long ret = -EINVAL;
    9.82 -    int errno_saved;
    9.83  
    9.84      hypercall.op     = __HYPERVISOR_mmuext_op;
    9.85      hypercall.arg[0] = (unsigned long)op;
    9.86 @@ -224,9 +232,7 @@ static inline int do_mmuext_op(
    9.87                      " rebuild the user-space tool set?\n",ret,errno);
    9.88      }
    9.89  
    9.90 -    errno_saved = errno;
    9.91 -    (void)munlock(op, nr_ops*sizeof(*op));
    9.92 -    errno = errno_saved;
    9.93 +    safe_munlock(op, nr_ops*sizeof(*op));
    9.94  
    9.95   out1:
    9.96      return ret;
    10.1 --- a/tools/policy/policy_tool.c	Tue Jun 21 11:09:54 2005 +0000
    10.2 +++ b/tools/policy/policy_tool.c	Thu Jun 23 09:10:39 2005 +0000
    10.3 @@ -14,7 +14,7 @@
    10.4   *
    10.5   * sHype policy management tool. This code runs in a domain and
    10.6   *     manages the Xen security policy by interacting with the
    10.7 - *     Xen access control module via a /proc/xen/policycmd proc-ioctl, 
    10.8 + *     Xen access control module via a /proc/xen/privcmd proc-ioctl, 
    10.9   *     which is translated into a policy_op hypercall into Xen.
   10.10   * 
   10.11   * todo: implement setpolicy to dynamically set a policy cache.
   10.12 @@ -229,7 +229,6 @@ void acm_dump_policy_buffer(void *buf, i
   10.13  	default:
   10.14  		printf("UNKNOWN POLICY!\n");
   10.15  	}
   10.16 -	printf("\nPolicy dump End.\n\n");
   10.17  }
   10.18  
   10.19  /*************************** set policy ****************************/
   10.20 @@ -519,39 +518,35 @@ usage(char *progname){
   10.21  int
   10.22  main(int argc, char **argv) {
   10.23  
   10.24 -	int policycmd_fd;
   10.25 +	int policycmd_fd, ret;
   10.26  
   10.27 -	if (argc < 2)
   10.28 +	if (argc < 2) 
   10.29  		usage(argv[0]);
   10.30  		
   10.31  	if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) {
   10.32 -		    printf("ERROR: Could not open xen policycmd device!\n");
   10.33 +		    printf("ERROR: Could not open xen privcmd device!\n");
   10.34  		    exit(-1);
   10.35  	}
   10.36  	    
   10.37  	if (!strcmp(argv[1], "setpolicy")) {
   10.38  		if (argc != 2)
   10.39  			usage(argv[0]);
   10.40 -		acm_domain_setpolicy(policycmd_fd);
   10.41 -
   10.42 +		ret = acm_domain_setpolicy(policycmd_fd);
   10.43  	} else if (!strcmp(argv[1], "getpolicy")) {
   10.44  		if (argc != 2)
   10.45  			usage(argv[0]);
   10.46 -		acm_domain_getpolicy(policycmd_fd);
   10.47 -
   10.48 +		ret = acm_domain_getpolicy(policycmd_fd);
   10.49  	} else if (!strcmp(argv[1], "loadpolicy")) {
   10.50  		if (argc != 3) 
   10.51  			usage(argv[0]);
   10.52 -		acm_domain_loadpolicy(policycmd_fd, argv[2]);
   10.53 -
   10.54 +		ret = acm_domain_loadpolicy(policycmd_fd, argv[2]);
   10.55  	} else if (!strcmp(argv[1], "dumpstats")) {
   10.56  		if (argc != 2) 
   10.57  			usage(argv[0]);
   10.58 -		acm_domain_dumpstats(policycmd_fd);
   10.59 -
   10.60 +		ret = acm_domain_dumpstats(policycmd_fd);
   10.61  	} else
   10.62  		usage(argv[0]);
   10.63  
   10.64  	close(policycmd_fd);
   10.65 -	return 0;
   10.66 +	return ret;
   10.67  }
    11.1 --- a/tools/python/xen/xm/create.py	Tue Jun 21 11:09:54 2005 +0000
    11.2 +++ b/tools/python/xen/xm/create.py	Thu Jun 23 09:10:39 2005 +0000
    11.3 @@ -121,7 +121,7 @@ gopts.var('memory', val='MEMORY',
    11.4            use="Domain memory in MB.")
    11.5  
    11.6  gopts.var('ssidref', val='SSIDREF',
    11.7 -          fn=set_u32, default=0xffffffff,
    11.8 +          fn=set_u32, default=-1, 
    11.9            use="Security Identifier.")
   11.10  
   11.11  gopts.var('maxmem', val='MEMORY',
    12.1 --- a/xen/Makefile	Tue Jun 21 11:09:54 2005 +0000
    12.2 +++ b/xen/Makefile	Thu Jun 23 09:10:39 2005 +0000
    12.3 @@ -59,7 +59,9 @@ clean: delete-unfresh-files
    12.4  	$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
    12.5  	$(MAKE) -C common
    12.6  	$(MAKE) -C drivers
    12.7 +ifdef ACM_USE_SECURITY_POLICY
    12.8  	$(MAKE) -C acm
    12.9 +endif
   12.10  	$(MAKE) -C arch/$(TARGET_ARCH)
   12.11  
   12.12  # drivers/char/console.o may contain static banner/compile info. Blow it away.
    13.1 --- a/xen/Rules.mk	Tue Jun 21 11:09:54 2005 +0000
    13.2 +++ b/xen/Rules.mk	Thu Jun 23 09:10:39 2005 +0000
    13.3 @@ -35,7 +35,9 @@ OBJS    += $(patsubst %.c,%.o,$(C_SRCS))
    13.4  ALL_OBJS := $(BASEDIR)/common/common.o
    13.5  ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
    13.6  ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
    13.7 +ifdef ACM_USE_SECURITY_POLICY
    13.8  ALL_OBJS += $(BASEDIR)/acm/acm.o
    13.9 +endif
   13.10  ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
   13.11  
   13.12  
    14.1 --- a/xen/arch/x86/mm.c	Tue Jun 21 11:09:54 2005 +0000
    14.2 +++ b/xen/arch/x86/mm.c	Thu Jun 23 09:10:39 2005 +0000
    14.3 @@ -753,7 +753,7 @@ static inline int l1_backptr(
    14.4  #else
    14.5  # define create_pae_xen_mappings(pl3e) (1)
    14.6  # define l1_backptr(bp,l2o,l2t) \
    14.7 -    ({ *(bp) = (l2o) << L2_PAGETABLE_SHIFT; 1; })
    14.8 +    ({ *(bp) = (unsigned long)(l2o) << L2_PAGETABLE_SHIFT; 1; })
    14.9  #endif
   14.10  
   14.11  static int alloc_l2_table(struct pfn_info *page, unsigned int type)
   14.12 @@ -821,7 +821,7 @@ static int alloc_l3_table(struct pfn_inf
   14.13      pl3e = map_domain_page(pfn);
   14.14      for ( i = 0; i < L3_PAGETABLE_ENTRIES; i++ )
   14.15      {
   14.16 -        vaddr = i << L3_PAGETABLE_SHIFT;
   14.17 +        vaddr = (unsigned long)i << L3_PAGETABLE_SHIFT;
   14.18          if ( is_guest_l3_slot(i) &&
   14.19               unlikely(!get_page_from_l3e(pl3e[i], pfn, d, vaddr)) )
   14.20              goto fail;
   14.21 @@ -2793,12 +2793,24 @@ static int ptwr_emulated_cmpxchg(
   14.22      return ptwr_emulated_update(addr, old, new, bytes, 1);
   14.23  }
   14.24  
   14.25 +static int ptwr_emulated_cmpxchg8b(
   14.26 +    unsigned long addr,
   14.27 +    unsigned long old,
   14.28 +    unsigned long old_hi,
   14.29 +    unsigned long new,
   14.30 +    unsigned long new_hi)
   14.31 +{
   14.32 +    return ptwr_emulated_update(
   14.33 +        addr, ((u64)old_hi << 32) | old, ((u64)new_hi << 32) | new, 8, 1);
   14.34 +}
   14.35 +
   14.36  static struct x86_mem_emulator ptwr_mem_emulator = {
   14.37 -    .read_std         = x86_emulate_read_std,
   14.38 -    .write_std        = x86_emulate_write_std,
   14.39 -    .read_emulated    = x86_emulate_read_std,
   14.40 -    .write_emulated   = ptwr_emulated_write,
   14.41 -    .cmpxchg_emulated = ptwr_emulated_cmpxchg
   14.42 +    .read_std           = x86_emulate_read_std,
   14.43 +    .write_std          = x86_emulate_write_std,
   14.44 +    .read_emulated      = x86_emulate_read_std,
   14.45 +    .write_emulated     = ptwr_emulated_write,
   14.46 +    .cmpxchg_emulated   = ptwr_emulated_cmpxchg,
   14.47 +    .cmpxchg8b_emulated = ptwr_emulated_cmpxchg8b
   14.48  };
   14.49  
   14.50  /* Write page fault handler: check if guest is trying to modify a PTE. */
    15.1 --- a/xen/arch/x86/setup.c	Tue Jun 21 11:09:54 2005 +0000
    15.2 +++ b/xen/arch/x86/setup.c	Thu Jun 23 09:10:39 2005 +0000
    15.3 @@ -20,7 +20,7 @@
    15.4  #include <asm/desc.h>
    15.5  #include <asm/shadow.h>
    15.6  #include <asm/e820.h>
    15.7 -#include <public/acm_dom0_setup.h>
    15.8 +#include <acm/acm_hooks.h>
    15.9  
   15.10  extern void dmi_scan_machine(void);
   15.11  extern void generic_apic_probe(void);
   15.12 @@ -188,7 +188,7 @@ static void __init start_of_day(void)
   15.13  
   15.14      arch_init_memory();
   15.15  
   15.16 -    scheduler_init();	
   15.17 +    scheduler_init();
   15.18  
   15.19      identify_cpu(&boot_cpu_data);
   15.20      if ( cpu_has_fxsr )
   15.21 @@ -262,7 +262,8 @@ void __init __start_xen(multiboot_info_t
   15.22      /* Check that we have at least one Multiboot module. */
   15.23      if ( !(mbi->flags & MBI_MODULES) || (mbi->mods_count == 0) )
   15.24      {
   15.25 -        printk("FATAL ERROR: Require at least one Multiboot module.\n");
   15.26 +        printk("FATAL ERROR: dom0 kernel not specified."
   15.27 +               " Check bootloader configuration.\n");
   15.28          EARLY_FAIL();
   15.29      }
   15.30  
   15.31 @@ -383,8 +384,8 @@ void __init __start_xen(multiboot_info_t
   15.32  
   15.33      init_xenheap_pages(xenheap_phys_start, xenheap_phys_end);
   15.34      printk("Xen heap: %luMB (%lukB)\n",
   15.35 -	   (xenheap_phys_end-xenheap_phys_start) >> 20,
   15.36 -	   (xenheap_phys_end-xenheap_phys_start) >> 10);
   15.37 +           (xenheap_phys_end-xenheap_phys_start) >> 20,
   15.38 +           (xenheap_phys_end-xenheap_phys_start) >> 10);
   15.39  
   15.40      early_boot = 0;
   15.41  
    16.1 --- a/xen/common/policy_ops.c	Tue Jun 21 11:09:54 2005 +0000
    16.2 +++ b/xen/common/policy_ops.c	Thu Jun 23 09:10:39 2005 +0000
    16.3 @@ -1,5 +1,5 @@
    16.4  /******************************************************************************
    16.5 - *policy_ops.c
    16.6 + * policy_ops.c
    16.7   * 
    16.8   * Copyright (C) 2005 IBM Corporation
    16.9   *
   16.10 @@ -14,6 +14,7 @@
   16.11   * Process policy command requests from guest OS.
   16.12   *
   16.13   */
   16.14 +
   16.15  #include <xen/config.h>
   16.16  #include <xen/types.h>
   16.17  #include <xen/lib.h>
   16.18 @@ -27,29 +28,39 @@
   16.19  #include <public/sched_ctl.h>
   16.20  #include <acm/acm_hooks.h>
   16.21  
   16.22 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   16.23 +
   16.24 +long do_policy_op(policy_op_t *u_policy_op)
   16.25 +{
   16.26 +    return -ENOSYS;
   16.27 +}
   16.28 +
   16.29 +#else
   16.30 +
   16.31  /* function prototypes defined in acm/acm_policy.c */
   16.32  int acm_set_policy(void *buf, u16 buf_size, u16 policy);
   16.33  int acm_get_policy(void *buf, u16 buf_size);
   16.34  int acm_dump_statistics(void *buf, u16 buf_size);
   16.35  
   16.36  typedef enum policyoperation {
   16.37 -	POLICY,     /* access to policy interface (early drop) */
   16.38 -	GETPOLICY,  /* dump policy cache */
   16.39 -	SETPOLICY,  /* set policy cache (controls security) */
   16.40 -	DUMPSTATS   /* dump policy statistics */
   16.41 +    POLICY,     /* access to policy interface (early drop) */
   16.42 +    GETPOLICY,  /* dump policy cache */
   16.43 +    SETPOLICY,  /* set policy cache (controls security) */
   16.44 +    DUMPSTATS   /* dump policy statistics */
   16.45  } policyoperation_t;
   16.46  
   16.47  int
   16.48  acm_authorize_policyops(struct domain *d, policyoperation_t pops)
   16.49  {
   16.50 -	/* currently, all policy management functions are restricted to privileged domains,
   16.51 -	 * soon we will introduce finer-grained privileges for policy operations 
   16.52 -	 */
   16.53 -	if (!IS_PRIV(d)) {
   16.54 -		printk("%s: Policy management authorization denied ERROR!\n", __func__);
   16.55 -		return ACM_ACCESS_DENIED;
   16.56 -	}
   16.57 -	return ACM_ACCESS_PERMITTED;
   16.58 +    /* all policy management functions are restricted to privileged domains,
   16.59 +     * soon we will introduce finer-grained privileges for policy operations 
   16.60 +     */
   16.61 +    if (!IS_PRIV(d)) {
   16.62 +        printk("%s: Policy management authorization denied ERROR!\n",
   16.63 +               __func__);
   16.64 +        return ACM_ACCESS_DENIED;
   16.65 +    }
   16.66 +    return ACM_ACCESS_PERMITTED;
   16.67  }
   16.68  
   16.69  long do_policy_op(policy_op_t *u_policy_op)
   16.70 @@ -60,7 +71,7 @@ long do_policy_op(policy_op_t *u_policy_
   16.71      /* check here policy decision for policy commands */
   16.72      /* for now allow DOM0 only, later indepedently    */
   16.73      if (acm_authorize_policyops(current->domain, POLICY))
   16.74 -	    return -EACCES;
   16.75 +        return -EACCES;
   16.76  
   16.77      if ( copy_from_user(op, u_policy_op, sizeof(*op)) )
   16.78          return -EFAULT;
   16.79 @@ -73,9 +84,12 @@ long do_policy_op(policy_op_t *u_policy_
   16.80      case POLICY_SETPOLICY:
   16.81      {
   16.82          if (acm_authorize_policyops(current->domain, SETPOLICY))
   16.83 -		return -EACCES;
   16.84 -	printkd("%s: setting policy.\n", __func__);
   16.85 -	ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type);
   16.86 +            return -EACCES;
   16.87 +        printkd("%s: setting policy.\n", __func__);
   16.88 +        ret = acm_set_policy(
   16.89 +            op->u.setpolicy.pushcache, 
   16.90 +            op->u.setpolicy.pushcache_size, 
   16.91 +            op->u.setpolicy.policy_type);
   16.92          if (ret == ACM_OK)
   16.93              ret = 0;
   16.94          else
   16.95 @@ -86,9 +100,11 @@ long do_policy_op(policy_op_t *u_policy_
   16.96      case POLICY_GETPOLICY:
   16.97      {
   16.98          if (acm_authorize_policyops(current->domain, GETPOLICY))
   16.99 -		return -EACCES;
  16.100 +            return -EACCES;
  16.101          printkd("%s: getting policy.\n", __func__);
  16.102 -	ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size);
  16.103 +        ret = acm_get_policy(
  16.104 +            op->u.getpolicy.pullcache, 
  16.105 +            op->u.getpolicy.pullcache_size);
  16.106          if (ret == ACM_OK)
  16.107              ret = 0;
  16.108          else
  16.109 @@ -99,9 +115,11 @@ long do_policy_op(policy_op_t *u_policy_
  16.110      case POLICY_DUMPSTATS:
  16.111      {
  16.112          if (acm_authorize_policyops(current->domain, DUMPSTATS))
  16.113 -		return -EACCES;
  16.114 -	printkd("%s: dumping statistics.\n", __func__);
  16.115 -	ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size);
  16.116 +            return -EACCES;
  16.117 +        printkd("%s: dumping statistics.\n", __func__);
  16.118 +        ret = acm_dump_statistics(
  16.119 +            op->u.dumpstats.pullcache, 
  16.120 +            op->u.dumpstats.pullcache_size);
  16.121          if (ret == ACM_OK)
  16.122              ret = 0;
  16.123          else
  16.124 @@ -115,3 +133,5 @@ long do_policy_op(policy_op_t *u_policy_
  16.125      }
  16.126      return ret;
  16.127  }
  16.128 +
  16.129 +#endif
    17.1 --- a/xen/include/acm/acm_hooks.h	Tue Jun 21 11:09:54 2005 +0000
    17.2 +++ b/xen/include/acm/acm_hooks.h	Thu Jun 23 09:10:39 2005 +0000
    17.3 @@ -30,21 +30,42 @@
    17.4  #include <public/event_channel.h>
    17.5  #include <asm/current.h>
    17.6  
    17.7 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
    17.8 +
    17.9 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
   17.10 +{ return 0; }
   17.11 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
   17.12 +{ return; }
   17.13 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
   17.14 +{ return; }
   17.15 +static inline int acm_pre_event_channel(evtchn_op_t *op) 
   17.16 +{ return 0; }
   17.17 +static inline int acm_pre_grant_map_ref(domid_t id) 
   17.18 +{ return 0; }
   17.19 +static inline int acm_pre_grant_setup(domid_t id) 
   17.20 +{ return 0; }
   17.21 +static inline int acm_init(void)
   17.22 +{ return 0; }
   17.23 +static inline void acm_post_domain0_create(domid_t domid) 
   17.24 +{ return; }
   17.25 +
   17.26 +#else
   17.27 +
   17.28  /* if ACM_TRACE_MODE defined, all hooks should
   17.29   * print a short trace message */
   17.30  /* #define ACM_TRACE_MODE */
   17.31  
   17.32  #ifdef ACM_TRACE_MODE
   17.33 -#  define traceprintk(fmt, args...) printk(fmt,## args)
   17.34 +# define traceprintk(fmt, args...) printk(fmt,## args)
   17.35  #else
   17.36 -#  define traceprintk(fmt, args...)
   17.37 +# define traceprintk(fmt, args...)
   17.38  #endif
   17.39  
   17.40  /* global variables */
   17.41  extern struct acm_operations *acm_primary_ops;
   17.42  extern struct acm_operations *acm_secondary_ops;
   17.43  
   17.44 -/**********************************************************************************************
   17.45 +/*********************************************************************
   17.46   * HOOK structure and meaning (justifies a few words about our model):
   17.47   * 
   17.48   * General idea: every policy-controlled system operation is reflected in a 
   17.49 @@ -60,7 +81,8 @@ extern struct acm_operations *acm_second
   17.50   *      ======================
   17.51   *      PRE-Hooks
   17.52   *		a) general authorization to guard a controlled system operation
   17.53 - *		b) prepare security state change (means: fail hook must be able to "undo" this)
   17.54 + *		b) prepare security state change
   17.55 + *                 (means: fail hook must be able to "undo" this)
   17.56   *
   17.57   *	POST-Hooks
   17.58   *		a) commit prepared state change
   17.59 @@ -100,238 +122,228 @@ extern struct acm_operations *acm_second
   17.60   *                                             \
   17.61   *                                            sys-ops error
   17.62   *
   17.63 - *************************************************************************************************/
   17.64 + ********************************************************************/
   17.65  
   17.66  struct acm_operations {
   17.67 -	/* policy management functions (must always be defined!) */
   17.68 -	int  (*init_domain_ssid)	       	(void **ssid, ssidref_t ssidref);
   17.69 -	void (*free_domain_ssid)	       	(void *ssid);
   17.70 -	int  (*dump_binary_policy)		(u8 *buffer, u16 buf_size);
   17.71 -	int  (*set_binary_policy)		(u8 *buffer, u16 buf_size);	
   17.72 -	int  (*dump_statistics)			(u8 *buffer, u16 buf_size);
   17.73 -	/* domain management control hooks (can be NULL) */
   17.74 -	int  (*pre_domain_create)              	(void *subject_ssid, ssidref_t ssidref);
   17.75 -	void (*post_domain_create) 		(domid_t domid, ssidref_t ssidref);
   17.76 -	void (*fail_domain_create)             	(void *subject_ssid, ssidref_t ssidref);
   17.77 -	void (*post_domain_destroy)		(void *object_ssid, domid_t id);
   17.78 -	/* event channel control hooks  (can be NULL) */
   17.79 -	int  (*pre_eventchannel_unbound)       	(domid_t id);
   17.80 -	void (*fail_eventchannel_unbound)      	(domid_t id);
   17.81 -	int  (*pre_eventchannel_interdomain)	(domid_t id1, domid_t id2);
   17.82 -	int  (*fail_eventchannel_interdomain)	(domid_t id1, domid_t id2);
   17.83 -	/* grant table control hooks (can be NULL)  */
   17.84 -	int  (*pre_grant_map_ref)       	(domid_t id);
   17.85 -	void (*fail_grant_map_ref)		(domid_t id);
   17.86 -	int  (*pre_grant_setup)       		(domid_t id);
   17.87 -	void (*fail_grant_setup)		(domid_t id);
   17.88 +    /* policy management functions (must always be defined!) */
   17.89 +    int  (*init_domain_ssid)           (void **ssid, ssidref_t ssidref);
   17.90 +    void (*free_domain_ssid)           (void *ssid);
   17.91 +    int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
   17.92 +    int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
   17.93 +    int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
   17.94 +    /* domain management control hooks (can be NULL) */
   17.95 +    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
   17.96 +    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
   17.97 +    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
   17.98 +    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
   17.99 +    /* event channel control hooks  (can be NULL) */
  17.100 +    int  (*pre_eventchannel_unbound)      (domid_t id);
  17.101 +    void (*fail_eventchannel_unbound)     (domid_t id);
  17.102 +    int  (*pre_eventchannel_interdomain)  (domid_t id1, domid_t id2);
  17.103 +    int  (*fail_eventchannel_interdomain) (domid_t id1, domid_t id2);
  17.104 +    /* grant table control hooks (can be NULL)  */
  17.105 +    int  (*pre_grant_map_ref)          (domid_t id);
  17.106 +    void (*fail_grant_map_ref)         (domid_t id);
  17.107 +    int  (*pre_grant_setup)            (domid_t id);
  17.108 +    void (*fail_grant_setup)           (domid_t id);
  17.109  };
  17.110  
  17.111 -static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref)
  17.112 +static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
  17.113  {
  17.114 -	if ((acm_primary_ops->pre_domain_create != NULL) && 
  17.115 -		 acm_primary_ops->pre_domain_create (subject_ssid, ssidref))
  17.116 -		return ACM_ACCESS_DENIED;
  17.117 -	else if ((acm_secondary_ops->pre_domain_create != NULL) && 
  17.118 -		 acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) {
  17.119 -		/* roll-back primary */
  17.120 -		if (acm_primary_ops->fail_domain_create != NULL)
  17.121 -			acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
  17.122 -		return ACM_ACCESS_DENIED;
  17.123 -	} else
  17.124 -		return ACM_ACCESS_PERMITTED;
  17.125 +    if ((acm_primary_ops->pre_domain_create != NULL) && 
  17.126 +        acm_primary_ops->pre_domain_create(subject_ssid, ssidref))
  17.127 +        return ACM_ACCESS_DENIED;
  17.128 +    else if ((acm_secondary_ops->pre_domain_create != NULL) && 
  17.129 +             acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) {
  17.130 +        /* roll-back primary */
  17.131 +        if (acm_primary_ops->fail_domain_create != NULL)
  17.132 +            acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
  17.133 +        return ACM_ACCESS_DENIED;
  17.134 +    } else
  17.135 +        return ACM_ACCESS_PERMITTED;
  17.136  }
  17.137  
  17.138 -static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref)
  17.139 +static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref)
  17.140  {
  17.141 -	if (acm_primary_ops->post_domain_create != NULL)
  17.142 -		acm_primary_ops->post_domain_create (domid, ssidref);
  17.143 -	if (acm_secondary_ops->post_domain_create != NULL)
  17.144 -		acm_secondary_ops->post_domain_create (domid, ssidref);
  17.145 +    if (acm_primary_ops->post_domain_create != NULL)
  17.146 +        acm_primary_ops->post_domain_create(domid, ssidref);
  17.147 +    if (acm_secondary_ops->post_domain_create != NULL)
  17.148 +        acm_secondary_ops->post_domain_create(domid, ssidref);
  17.149  }
  17.150  
  17.151 -static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref)
  17.152 +static inline void acm_fail_domain_create(
  17.153 +    void *subject_ssid, ssidref_t ssidref)
  17.154  {
  17.155 -	if (acm_primary_ops->fail_domain_create != NULL)
  17.156 -		acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
  17.157 -	if (acm_secondary_ops->fail_domain_create != NULL)
  17.158 -		acm_secondary_ops->fail_domain_create (subject_ssid, ssidref);
  17.159 +    if (acm_primary_ops->fail_domain_create != NULL)
  17.160 +        acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
  17.161 +    if (acm_secondary_ops->fail_domain_create != NULL)
  17.162 +        acm_secondary_ops->fail_domain_create(subject_ssid, ssidref);
  17.163  }
  17.164  
  17.165 -static inline void acm_post_domain_destroy (void *object_ssid, domid_t id)
  17.166 +static inline void acm_post_domain_destroy(void *object_ssid, domid_t id)
  17.167  {
  17.168 -	if (acm_primary_ops->post_domain_destroy != NULL)
  17.169 -		acm_primary_ops->post_domain_destroy (object_ssid, id);
  17.170 -	if (acm_secondary_ops->post_domain_destroy != NULL)
  17.171 -		acm_secondary_ops->post_domain_destroy (object_ssid, id);
  17.172 -	return;
  17.173 +    if (acm_primary_ops->post_domain_destroy != NULL)
  17.174 +        acm_primary_ops->post_domain_destroy(object_ssid, id);
  17.175 +    if (acm_secondary_ops->post_domain_destroy != NULL)
  17.176 +        acm_secondary_ops->post_domain_destroy(object_ssid, id);
  17.177 +    return;
  17.178  }
  17.179  
  17.180 -/*   event channel ops */
  17.181 -
  17.182 -static inline int acm_pre_eventchannel_unbound (domid_t id)
  17.183 +static inline int acm_pre_eventchannel_unbound(domid_t id)
  17.184  {
  17.185 -	if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 
  17.186 -	    acm_primary_ops->pre_eventchannel_unbound (id))
  17.187 -		return ACM_ACCESS_DENIED;
  17.188 -	else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 
  17.189 -		 acm_secondary_ops->pre_eventchannel_unbound (id)) {
  17.190 -		/* roll-back primary */
  17.191 -		if (acm_primary_ops->fail_eventchannel_unbound != NULL)
  17.192 -			acm_primary_ops->fail_eventchannel_unbound (id);
  17.193 -		return ACM_ACCESS_DENIED;
  17.194 -	} else
  17.195 -		return ACM_ACCESS_PERMITTED;
  17.196 +    if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 
  17.197 +        acm_primary_ops->pre_eventchannel_unbound(id))
  17.198 +        return ACM_ACCESS_DENIED;
  17.199 +    else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 
  17.200 +             acm_secondary_ops->pre_eventchannel_unbound(id)) {
  17.201 +        /* roll-back primary */
  17.202 +        if (acm_primary_ops->fail_eventchannel_unbound != NULL)
  17.203 +            acm_primary_ops->fail_eventchannel_unbound(id);
  17.204 +        return ACM_ACCESS_DENIED;
  17.205 +    } else
  17.206 +        return ACM_ACCESS_PERMITTED;
  17.207  }
  17.208  
  17.209 -static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2)
  17.210 -{	
  17.211 -	if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
  17.212 -	    acm_primary_ops->pre_eventchannel_interdomain (id1, id2))
  17.213 -		return ACM_ACCESS_DENIED;
  17.214 -	else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
  17.215 -		 acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) {
  17.216 -		/* roll-back primary */
  17.217 -		if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
  17.218 -			acm_primary_ops->fail_eventchannel_interdomain (id1, id2);
  17.219 -		return ACM_ACCESS_DENIED;
  17.220 -	} else
  17.221 -		return ACM_ACCESS_PERMITTED;
  17.222 +static inline int acm_pre_eventchannel_interdomain(domid_t id1, domid_t id2)
  17.223 +{
  17.224 +    if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
  17.225 +        acm_primary_ops->pre_eventchannel_interdomain(id1, id2))
  17.226 +        return ACM_ACCESS_DENIED;
  17.227 +    else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
  17.228 +             acm_secondary_ops->pre_eventchannel_interdomain(id1, id2)) {
  17.229 +        /* roll-back primary */
  17.230 +        if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
  17.231 +            acm_primary_ops->fail_eventchannel_interdomain(id1, id2);
  17.232 +        return ACM_ACCESS_DENIED;
  17.233 +    } else
  17.234 +        return ACM_ACCESS_PERMITTED;
  17.235  }
  17.236  
  17.237 -/************ Xen inline hooks ***************/
  17.238 -
  17.239 -/* small macro to make the hooks more readable 
  17.240 - * (eliminates hooks if NULL policy is active)
  17.241 - */
  17.242 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  17.243 -static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
  17.244 -{ return 0; }
  17.245 -#else
  17.246  static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
  17.247  {
  17.248 -	int ret = -EACCES;
  17.249 -	struct domain *d;
  17.250 +    int ret = -EACCES;
  17.251 +    struct domain *d;
  17.252  
  17.253 -	switch(op->cmd) {
  17.254 -	case DOM0_CREATEDOMAIN:
  17.255 -		ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref);
  17.256 -		break;
  17.257 -	case DOM0_DESTROYDOMAIN:
  17.258 -		d = find_domain_by_id(op->u.destroydomain.domain);
  17.259 -		if (d != NULL) {
  17.260 -			*ssid = d->ssid; /* save for post destroy when d is gone */
  17.261 -			/* no policy-specific hook */
  17.262 -			put_domain(d);
  17.263 -			ret = 0;
  17.264 -		}
  17.265 -		break;
  17.266 -	default:
  17.267 -		ret = 0; /* ok */
  17.268 -	}
  17.269 -	return ret;
  17.270 +    switch(op->cmd) {
  17.271 +    case DOM0_CREATEDOMAIN:
  17.272 +        ret = acm_pre_domain_create(
  17.273 +            current->domain->ssid, op->u.createdomain.ssidref);
  17.274 +        break;
  17.275 +    case DOM0_DESTROYDOMAIN:
  17.276 +        d = find_domain_by_id(op->u.destroydomain.domain);
  17.277 +        if (d != NULL) {
  17.278 +            *ssid = d->ssid; /* save for post destroy when d is gone */
  17.279 +            /* no policy-specific hook */
  17.280 +            put_domain(d);
  17.281 +            ret = 0;
  17.282 +        }
  17.283 +        break;
  17.284 +    default:
  17.285 +        ret = 0; /* ok */
  17.286 +    }
  17.287 +    return ret;
  17.288  }
  17.289 -#endif
  17.290  
  17.291 -
  17.292 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  17.293 -static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
  17.294 -{ return; }
  17.295 -#else
  17.296  static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
  17.297  {
  17.298 -	switch(op->cmd) {
  17.299 -	case DOM0_CREATEDOMAIN:
  17.300 -		/* initialialize shared sHype security labels for new domain */
  17.301 -		acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref);
  17.302 -		acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref);
  17.303 -		break;
  17.304 -	case DOM0_DESTROYDOMAIN:
  17.305 -		acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
  17.306 -		/* free security ssid for the destroyed domain (also if running null policy */
  17.307 -		acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
  17.308 -		break;
  17.309 -	}
  17.310 +    switch(op->cmd) {
  17.311 +    case DOM0_CREATEDOMAIN:
  17.312 +        /* initialialize shared sHype security labels for new domain */
  17.313 +        acm_init_domain_ssid(
  17.314 +            op->u.createdomain.domain, op->u.createdomain.ssidref);
  17.315 +        acm_post_domain_create(
  17.316 +            op->u.createdomain.domain, op->u.createdomain.ssidref);
  17.317 +        break;
  17.318 +    case DOM0_DESTROYDOMAIN:
  17.319 +        acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
  17.320 +        /* free security ssid for the destroyed domain (also if null policy */
  17.321 +        acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
  17.322 +        break;
  17.323 +    }
  17.324  }
  17.325 -#endif
  17.326  
  17.327 -
  17.328 -#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY)
  17.329 -static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
  17.330 -{ return; }
  17.331 -#else
  17.332  static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
  17.333  {
  17.334 -	switch(op->cmd) {
  17.335 -	case DOM0_CREATEDOMAIN:
  17.336 -		acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref);
  17.337 -		break;
  17.338 -	}
  17.339 +    switch(op->cmd) {
  17.340 +    case DOM0_CREATEDOMAIN:
  17.341 +        acm_fail_domain_create(
  17.342 +            current->domain->ssid, op->u.createdomain.ssidref);
  17.343 +        break;
  17.344 +    }
  17.345 +}
  17.346 +
  17.347 +static inline int acm_pre_event_channel(evtchn_op_t *op) 
  17.348 +{
  17.349 +    int ret = -EACCES;
  17.350 +
  17.351 +    switch(op->cmd) {
  17.352 +    case EVTCHNOP_alloc_unbound:
  17.353 +        ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
  17.354 +        break;
  17.355 +    case EVTCHNOP_bind_interdomain:
  17.356 +        ret = acm_pre_eventchannel_interdomain(
  17.357 +            op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2);
  17.358 +        break;
  17.359 +    default:
  17.360 +        ret = 0; /* ok */
  17.361 +    }
  17.362 +    return ret;
  17.363  }
  17.364 +
  17.365 +static inline int acm_pre_grant_map_ref(domid_t id)
  17.366 +{
  17.367 +    if ( (acm_primary_ops->pre_grant_map_ref != NULL) &&
  17.368 +         acm_primary_ops->pre_grant_map_ref(id) )
  17.369 +    {
  17.370 +        return ACM_ACCESS_DENIED;
  17.371 +    }
  17.372 +    else if ( (acm_secondary_ops->pre_grant_map_ref != NULL) &&
  17.373 +              acm_secondary_ops->pre_grant_map_ref(id) )
  17.374 +    {
  17.375 +        /* roll-back primary */
  17.376 +        if ( acm_primary_ops->fail_grant_map_ref != NULL )
  17.377 +            acm_primary_ops->fail_grant_map_ref(id);
  17.378 +        return ACM_ACCESS_DENIED;
  17.379 +    }
  17.380 +    else
  17.381 +    {
  17.382 +        return ACM_ACCESS_PERMITTED;
  17.383 +    }
  17.384 +}
  17.385 +
  17.386 +static inline int acm_pre_grant_setup(domid_t id)
  17.387 +{
  17.388 +    if ( (acm_primary_ops->pre_grant_setup != NULL) &&
  17.389 +         acm_primary_ops->pre_grant_setup(id) )
  17.390 +    {
  17.391 +        return ACM_ACCESS_DENIED;
  17.392 +    }
  17.393 +    else if ( (acm_secondary_ops->pre_grant_setup != NULL) &&
  17.394 +              acm_secondary_ops->pre_grant_setup(id) )
  17.395 +    {
  17.396 +        /* roll-back primary */
  17.397 +        if (acm_primary_ops->fail_grant_setup != NULL)
  17.398 +            acm_primary_ops->fail_grant_setup(id);
  17.399 +        return ACM_ACCESS_DENIED;
  17.400 +    }
  17.401 +    else
  17.402 +    {
  17.403 +        return ACM_ACCESS_PERMITTED;
  17.404 +    }
  17.405 +}
  17.406 +
  17.407 +/* predefined ssidref for DOM0 used by xen when creating DOM0 */
  17.408 +#define ACM_DOM0_SSIDREF        0
  17.409 +
  17.410 +static inline void acm_post_domain0_create(domid_t domid)
  17.411 +{
  17.412 +    /* initialialize shared sHype security labels for new domain */
  17.413 +    acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
  17.414 +    acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
  17.415 +}
  17.416 +
  17.417 +extern int acm_init(void);
  17.418 +
  17.419  #endif
  17.420  
  17.421 -
  17.422 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  17.423 -static inline int acm_pre_event_channel(evtchn_op_t *op) 
  17.424 -{ return 0; }
  17.425 -#else
  17.426 -static inline int acm_pre_event_channel(evtchn_op_t *op) 
  17.427 -{
  17.428 -	int ret = -EACCES;
  17.429 -
  17.430 -	switch(op->cmd) {
  17.431 -	case EVTCHNOP_alloc_unbound:
  17.432 -		ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
  17.433 -		break;
  17.434 -	case EVTCHNOP_bind_interdomain:
  17.435 -		ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2);
  17.436 -		break;
  17.437 -	default:
  17.438 -		ret = 0; /* ok */
  17.439 -	}
  17.440 -	return ret;
  17.441 -}
  17.442  #endif
  17.443 -
  17.444 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  17.445 -static inline int acm_pre_grant_map_ref(domid_t id) 
  17.446 -{ return 0; }
  17.447 -#else
  17.448 -static inline int acm_pre_grant_map_ref (domid_t id)
  17.449 -{
  17.450 -	if ((acm_primary_ops->pre_grant_map_ref != NULL) &&
  17.451 -	    acm_primary_ops->pre_grant_map_ref (id))
  17.452 -		return ACM_ACCESS_DENIED;
  17.453 -	else if ((acm_secondary_ops->pre_grant_map_ref != NULL) &&
  17.454 -		 acm_secondary_ops->pre_grant_map_ref (id)) {
  17.455 -		/* roll-back primary */
  17.456 -		if (acm_primary_ops->fail_grant_map_ref != NULL)
  17.457 -			acm_primary_ops->fail_grant_map_ref (id);
  17.458 -		return ACM_ACCESS_DENIED;
  17.459 -	} else
  17.460 -		return ACM_ACCESS_PERMITTED;
  17.461 -}
  17.462 -#endif
  17.463 -
  17.464 -
  17.465 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  17.466 -static inline int acm_pre_grant_setup(domid_t id) 
  17.467 -{ return 0; }
  17.468 -#else
  17.469 -static inline int acm_pre_grant_setup (domid_t id)
  17.470 -{
  17.471 -	if ((acm_primary_ops->pre_grant_setup != NULL) &&
  17.472 -	    acm_primary_ops->pre_grant_setup (id))
  17.473 -		return ACM_ACCESS_DENIED;
  17.474 -	else if ((acm_secondary_ops->pre_grant_setup != NULL) &&
  17.475 -		 acm_secondary_ops->pre_grant_setup (id)) {
  17.476 -		/* roll-back primary */
  17.477 -		if (acm_primary_ops->fail_grant_setup != NULL)
  17.478 -			acm_primary_ops->fail_grant_setup (id);
  17.479 -		return ACM_ACCESS_DENIED;
  17.480 -	} else
  17.481 -		return ACM_ACCESS_PERMITTED;
  17.482 -}
  17.483 -#endif
  17.484 -
  17.485 -
  17.486 -#endif
    18.1 --- a/xen/include/asm-x86/page.h	Tue Jun 21 11:09:54 2005 +0000
    18.2 +++ b/xen/include/asm-x86/page.h	Thu Jun 23 09:10:39 2005 +0000
    18.3 @@ -2,13 +2,13 @@
    18.4  #ifndef __X86_PAGE_H__
    18.5  #define __X86_PAGE_H__
    18.6  
    18.7 -#ifndef __ASSEMBLY__
    18.8 -#define PAGE_SIZE           (1UL << PAGE_SHIFT)
    18.9 -#else
   18.10 +/*
   18.11 + * It is important that the masks are signed quantities. This ensures that
   18.12 + * the compiler sign-extends a 32-bit mask to 64 bits if that is required.
   18.13 + */
   18.14  #define PAGE_SIZE           (1 << PAGE_SHIFT)
   18.15 -#endif
   18.16 -#define PAGE_MASK           (~(intpte_t)(PAGE_SIZE-1))
   18.17 -#define PAGE_FLAG_MASK      (~0U)
   18.18 +#define PAGE_MASK           (~(PAGE_SIZE-1))
   18.19 +#define PAGE_FLAG_MASK      (~0)
   18.20  
   18.21  #ifndef __ASSEMBLY__
   18.22  # include <asm/types.h>
    19.1 --- a/xen/include/asm-x86/x86_32/page-2level.h	Tue Jun 21 11:09:54 2005 +0000
    19.2 +++ b/xen/include/asm-x86/x86_32/page-2level.h	Thu Jun 23 09:10:39 2005 +0000
    19.3 @@ -46,6 +46,8 @@ typedef l2_pgentry_t root_pgentry_t;
    19.4   *  12-bit flags = (pte[11:0])
    19.5   */
    19.6  
    19.7 +#define _PAGE_NX                0U
    19.8 +
    19.9  /* Extract flags into 12-bit integer, or turn 12-bit flags into a pte mask. */
   19.10  #define get_pte_flags(x) ((int)(x) & 0xFFF)
   19.11  #define put_pte_flags(x) ((intpte_t)((x) & 0xFFF))
    20.1 --- a/xen/include/asm-x86/x86_32/page-3level.h	Tue Jun 21 11:09:54 2005 +0000
    20.2 +++ b/xen/include/asm-x86/x86_32/page-3level.h	Thu Jun 23 09:10:39 2005 +0000
    20.3 @@ -59,6 +59,8 @@ typedef l3_pgentry_t root_pgentry_t;
    20.4   *  32-bit flags = (pte[63:44],pte[11:0])
    20.5   */
    20.6  
    20.7 +#define _PAGE_NX (cpu_has_nx ? (1<<31) : 0)
    20.8 +
    20.9  /* Extract flags into 32-bit integer, or turn 32-bit flags into a pte mask. */
   20.10  #define get_pte_flags(x) (((int)((x) >> 32) & ~0xFFF) | ((int)(x) & 0xFFF))
   20.11  #define put_pte_flags(x) (((intpte_t)((x) & ~0xFFF) << 40) | ((x) & 0xFFF))
    21.1 --- a/xen/include/asm-x86/x86_32/page.h	Tue Jun 21 11:09:54 2005 +0000
    21.2 +++ b/xen/include/asm-x86/x86_32/page.h	Thu Jun 23 09:10:39 2005 +0000
    21.3 @@ -7,8 +7,6 @@
    21.4  #define VADDR_BITS              32
    21.5  #define VADDR_MASK              (~0UL)
    21.6  
    21.7 -#define _PAGE_NX                0U
    21.8 -
    21.9  #include <xen/config.h>
   21.10  #ifdef CONFIG_X86_PAE
   21.11  # include <asm/x86_32/page-3level.h>
    22.1 --- a/xen/include/public/acm_dom0_setup.h	Tue Jun 21 11:09:54 2005 +0000
    22.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    22.3 @@ -1,34 +0,0 @@
    22.4 -/****************************************************************
    22.5 - * acm_dom0_setup.h
    22.6 - * 
    22.7 - * Copyright (C) 2005 IBM Corporation
    22.8 - *
    22.9 - * Author:
   22.10 - * Reiner Sailer <sailer@watson.ibm.com>
   22.11 - *
   22.12 - * Includes necessary definitions to bring-up dom0
   22.13 - */
   22.14 -#include <acm/acm_hooks.h>
   22.15 -
   22.16 -extern int acm_init(void);
   22.17 -
   22.18 -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   22.19 -
   22.20 -static inline void acm_post_domain0_create(domid_t domid) 
   22.21 -{ 
   22.22 -	return; 
   22.23 -}
   22.24 -
   22.25 -#else
   22.26 -
   22.27 -/* predefined ssidref for DOM0 used by xen when creating DOM0 */
   22.28 -#define ACM_DOM0_SSIDREF	0
   22.29 -
   22.30 -static inline void acm_post_domain0_create(domid_t domid)
   22.31 -{
   22.32 -	/* initialialize shared sHype security labels for new domain */
   22.33 -	acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
   22.34 -	acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
   22.35 -}
   22.36 -
   22.37 -#endif