ia64/xen-unstable

view xen/common/acm_ops.c @ 6832:5959fae4722a

Set NE bit for VMX guest CR0. VMCS guest CR0.NE bit must
be set, else it will cause "vm-entry failed".

Signed-off-by: Chengyuan Li <chengyuan.li@intel.com>
author kaf24@firebug.cl.cam.ac.uk
date Wed Sep 14 13:37:50 2005 +0000 (2005-09-14)
parents 291e816acbf4
children b2f4823b6ff0 b35215021b32 9af349b055e5 3233e7ecfa9f
line source
1 /******************************************************************************
2 * acm_ops.c
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Author:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 *
14 * Process acm command requests from guest OS.
15 *
16 */
18 #include <xen/config.h>
19 #include <xen/types.h>
20 #include <xen/lib.h>
21 #include <xen/mm.h>
22 #include <public/acm.h>
23 #include <public/acm_ops.h>
24 #include <xen/sched.h>
25 #include <xen/event.h>
26 #include <xen/trace.h>
27 #include <xen/console.h>
28 #include <asm/shadow.h>
29 #include <public/sched_ctl.h>
30 #include <acm/acm_hooks.h>
32 #if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
34 long do_acm_op(acm_op_t * u_acm_op)
35 {
36 return -ENOSYS;
37 }
39 #else
41 typedef enum acm_operation {
42 POLICY, /* access to policy interface (early drop) */
43 GETPOLICY, /* dump policy cache */
44 SETPOLICY, /* set policy cache (controls security) */
45 DUMPSTATS, /* dump policy statistics */
46 GETSSID /* retrieve ssidref for domain id */
47 } acm_operation_t;
49 int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops)
50 {
51 /* all policy management functions are restricted to privileged domains,
52 * soon we will introduce finer-grained privileges for policy operations
53 */
54 if (!IS_PRIV(d))
55 {
56 printk("%s: ACM management authorization denied ERROR!\n", __func__);
57 return ACM_ACCESS_DENIED;
58 }
59 return ACM_ACCESS_PERMITTED;
60 }
62 long do_acm_op(acm_op_t * u_acm_op)
63 {
64 long ret = 0;
65 acm_op_t curop, *op = &curop;
67 /* check here policy decision for policy commands */
68 /* for now allow DOM0 only, later indepedently */
69 if (acm_authorize_acm_ops(current->domain, POLICY))
70 return -EACCES;
72 if (copy_from_user(op, u_acm_op, sizeof(*op)))
73 return -EFAULT;
75 if (op->interface_version != ACM_INTERFACE_VERSION)
76 return -EACCES;
78 switch (op->cmd)
79 {
80 case ACM_SETPOLICY:
81 {
82 if (acm_authorize_acm_ops(current->domain, SETPOLICY))
83 return -EACCES;
84 printkd("%s: setting policy.\n", __func__);
85 ret = acm_set_policy(op->u.setpolicy.pushcache,
86 op->u.setpolicy.pushcache_size, 1);
87 if (ret == ACM_OK)
88 ret = 0;
89 else
90 ret = -ESRCH;
91 }
92 break;
94 case ACM_GETPOLICY:
95 {
96 if (acm_authorize_acm_ops(current->domain, GETPOLICY))
97 return -EACCES;
98 printkd("%s: getting policy.\n", __func__);
99 ret = acm_get_policy(op->u.getpolicy.pullcache,
100 op->u.getpolicy.pullcache_size);
101 if (ret == ACM_OK)
102 ret = 0;
103 else
104 ret = -ESRCH;
105 }
106 break;
108 case ACM_DUMPSTATS:
109 {
110 if (acm_authorize_acm_ops(current->domain, DUMPSTATS))
111 return -EACCES;
112 printkd("%s: dumping statistics.\n", __func__);
113 ret = acm_dump_statistics(op->u.dumpstats.pullcache,
114 op->u.dumpstats.pullcache_size);
115 if (ret == ACM_OK)
116 ret = 0;
117 else
118 ret = -ESRCH;
119 }
120 break;
122 case ACM_GETSSID:
123 {
124 ssidref_t ssidref;
126 if (acm_authorize_acm_ops(current->domain, GETSSID))
127 return -EACCES;
129 if (op->u.getssid.get_ssid_by == SSIDREF)
130 ssidref = op->u.getssid.id.ssidref;
131 else if (op->u.getssid.get_ssid_by == DOMAINID) {
132 struct domain *subj = find_domain_by_id(op->u.getssid.id.domainid);
133 if (!subj)
134 return -ESRCH; /* domain not found */
136 ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
137 put_domain(subj);
138 } else
139 return -ESRCH;
141 ret = acm_get_ssid(ssidref,
142 op->u.getssid.ssidbuf,
143 op->u.getssid.ssidbuf_size);
144 if (ret == ACM_OK)
145 ret = 0;
146 else
147 ret = -ESRCH;
148 }
149 break;
151 default:
152 ret = -ESRCH;
154 }
155 return ret;
156 }
158 #endif