ia64/xen-unstable

changeset 6604:291e816acbf4

merge?
author cl349@firebug.cl.cam.ac.uk
date Fri Sep 02 14:17:08 2005 +0000 (2005-09-02)
parents edd1616cf8cb fc12b08bf4fe
children cac138ea9284
files extras/mini-os/README extras/mini-os/domain_config extras/mini-os/include/hypervisor.h extras/mini-os/include/list.h linux-2.6-xen-sparse/arch/xen/Kconfig linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/kernel/gnttab.c linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c linux-2.6-xen-sparse/drivers/xen/netback/common.h linux-2.6-xen-sparse/drivers/xen/netback/interface.c linux-2.6-xen-sparse/drivers/xen/netback/netback.c linux-2.6-xen-sparse/drivers/xen/netback/xenbus.c linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c linux-2.6-xen-sparse/include/asm-xen/xenbus.h tools/Makefile tools/check/check_brctl tools/check/check_iproute tools/check/check_logging tools/check/check_python tools/check/check_zlib_devel tools/check/check_zlib_lib tools/check/chk tools/console/daemon/utils.c tools/examples/xen-backend.agent tools/python/xen/xend/XendDomainInfo.py tools/security/Makefile tools/security/getlabel.sh tools/security/labelfuncs.sh tools/security/secpol_tool.c tools/security/setlabel.sh xen/Rules.mk xen/acm/acm_chinesewall_hooks.c xen/acm/acm_core.c xen/acm/acm_null_hooks.c xen/acm/acm_policy.c xen/acm/acm_simple_type_enforcement_hooks.c xen/arch/x86/Makefile xen/arch/x86/Rules.mk xen/arch/x86/apic.c xen/arch/x86/boot/x86_32.S xen/arch/x86/boot/x86_64.S xen/arch/x86/shadow.c xen/arch/x86/shadow_guest32.c xen/arch/x86/shadow_public.c xen/arch/x86/traps.c xen/arch/x86/vmx.c xen/arch/x86/x86_32/traps.c xen/arch/x86/x86_64/traps.c xen/common/acm_ops.c xen/common/domain.c xen/common/grant_table.c xen/include/acm/acm_core.h xen/include/acm/acm_hooks.h xen/include/asm-x86/page-guest32.h xen/include/asm-x86/processor.h xen/include/asm-x86/shadow.h xen/include/asm-x86/shadow_64.h xen/include/asm-x86/shadow_ops.h xen/include/asm-x86/shadow_public.h xen/include/asm-x86/x86_32/asm_defns.h xen/include/asm-x86/x86_64/asm_defns.h xen/include/public/acm.h xen/include/public/acm_ops.h xen/include/public/io/netif.h
line diff
     1.1 --- a/extras/mini-os/README	Fri Sep 02 14:15:49 2005 +0000
     1.2 +++ b/extras/mini-os/README	Fri Sep 02 14:17:08 2005 +0000
     1.3 @@ -23,13 +23,8 @@ Stuff it doesn't show:
     1.4  
     1.5  - to build it just type make.
     1.6  
     1.7 -- copy image.final somewhere where dom0 can access it
     1.8 +- to start it do the following in domain0 (assuming xend is running)
     1.9 +  # xm create domain_config
    1.10  
    1.11 -- in dom0
    1.12 -  # xi_create 16000 test
    1.13 -    <domid>
    1.14 -  # xi_build <domid> image.final 0
    1.15 -  # xi_start <domid>
    1.16 -
    1.17 -this prints out a bunch of stuff and then every 1000 timer interrupts the
    1.18 -system time.
    1.19 +this starts the kernel and prints out a bunch of stuff and then every
    1.20 +1000 timer interrupts the system time.
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/extras/mini-os/domain_config	Fri Sep 02 14:17:08 2005 +0000
     2.3 @@ -0,0 +1,17 @@
     2.4 +#  -*- mode: python; -*-
     2.5 +#============================================================================
     2.6 +# Python configuration setup for 'xm create'.
     2.7 +# This script sets the parameters used when a domain is created using 'xm create'.
     2.8 +# You use a separate script for each domain you want to create, or 
     2.9 +# you can set the parameters for the domain on the xm command line.
    2.10 +#============================================================================
    2.11 +
    2.12 +#----------------------------------------------------------------------------
    2.13 +# Kernel image file.
    2.14 +kernel = "mini-os.elf"
    2.15 +
    2.16 +# Initial memory allocation (in megabytes) for the new domain.
    2.17 +memory = 32
    2.18 +
    2.19 +# A name for your domain. All domains must have different names.
    2.20 +name = "Mini-OS"
     3.1 --- a/extras/mini-os/include/hypervisor.h	Fri Sep 02 14:15:49 2005 +0000
     3.2 +++ b/extras/mini-os/include/hypervisor.h	Fri Sep 02 14:17:08 2005 +0000
     3.3 @@ -329,7 +329,7 @@ static __inline__ int HYPERVISOR_dom_mem
     3.4      int ret;
     3.5      __asm__ __volatile__ (
     3.6          TRAP_INSTR
     3.7 -        : "=a" (ret) : "0" (__HYPERVISOR_dom_mem_op),
     3.8 +        : "=a" (ret) : "0" (__HYPERVISOR_memory_op),
     3.9          _a1 (dom_mem_op) : "memory" );
    3.10  
    3.11      return ret;
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/extras/mini-os/include/list.h	Fri Sep 02 14:17:08 2005 +0000
     4.3 @@ -0,0 +1,184 @@
     4.4 +#ifndef _LINUX_LIST_H
     4.5 +#define _LINUX_LIST_H
     4.6 +
     4.7 +/*
     4.8 + * Simple doubly linked list implementation.
     4.9 + *
    4.10 + * Some of the internal functions ("__xxx") are useful when
    4.11 + * manipulating whole lists rather than single entries, as
    4.12 + * sometimes we already know the next/prev entries and we can
    4.13 + * generate better code by using them directly rather than
    4.14 + * using the generic single-entry routines.
    4.15 + */
    4.16 +
    4.17 +struct list_head {
    4.18 +	struct list_head *next, *prev;
    4.19 +};
    4.20 +
    4.21 +#define LIST_HEAD_INIT(name) { &(name), &(name) }
    4.22 +
    4.23 +#define LIST_HEAD(name) \
    4.24 +	struct list_head name = LIST_HEAD_INIT(name)
    4.25 +
    4.26 +#define INIT_LIST_HEAD(ptr) do { \
    4.27 +	(ptr)->next = (ptr); (ptr)->prev = (ptr); \
    4.28 +} while (0)
    4.29 +
    4.30 +/*
    4.31 + * Insert a new entry between two known consecutive entries. 
    4.32 + *
    4.33 + * This is only for internal list manipulation where we know
    4.34 + * the prev/next entries already!
    4.35 + */
    4.36 +static __inline__ void __list_add(struct list_head * new,
    4.37 +	struct list_head * prev,
    4.38 +	struct list_head * next)
    4.39 +{
    4.40 +	next->prev = new;
    4.41 +	new->next = next;
    4.42 +	new->prev = prev;
    4.43 +	prev->next = new;
    4.44 +}
    4.45 +
    4.46 +/**
    4.47 + * list_add - add a new entry
    4.48 + * @new: new entry to be added
    4.49 + * @head: list head to add it after
    4.50 + *
    4.51 + * Insert a new entry after the specified head.
    4.52 + * This is good for implementing stacks.
    4.53 + */
    4.54 +static __inline__ void list_add(struct list_head *new, struct list_head *head)
    4.55 +{
    4.56 +	__list_add(new, head, head->next);
    4.57 +}
    4.58 +
    4.59 +/**
    4.60 + * list_add_tail - add a new entry
    4.61 + * @new: new entry to be added
    4.62 + * @head: list head to add it before
    4.63 + *
    4.64 + * Insert a new entry before the specified head.
    4.65 + * This is useful for implementing queues.
    4.66 + */
    4.67 +static __inline__ void list_add_tail(struct list_head *new, struct list_head *head)
    4.68 +{
    4.69 +	__list_add(new, head->prev, head);
    4.70 +}
    4.71 +
    4.72 +/*
    4.73 + * Delete a list entry by making the prev/next entries
    4.74 + * point to each other.
    4.75 + *
    4.76 + * This is only for internal list manipulation where we know
    4.77 + * the prev/next entries already!
    4.78 + */
    4.79 +static __inline__ void __list_del(struct list_head * prev,
    4.80 +				  struct list_head * next)
    4.81 +{
    4.82 +	next->prev = prev;
    4.83 +	prev->next = next;
    4.84 +}
    4.85 +
    4.86 +/**
    4.87 + * list_del - deletes entry from list.
    4.88 + * @entry: the element to delete from the list.
    4.89 + * Note: list_empty on entry does not return true after this, the entry is in an undefined state.
    4.90 + */
    4.91 +static __inline__ void list_del(struct list_head *entry)
    4.92 +{
    4.93 +	__list_del(entry->prev, entry->next);
    4.94 +}
    4.95 +
    4.96 +/**
    4.97 + * list_del_init - deletes entry from list and reinitialize it.
    4.98 + * @entry: the element to delete from the list.
    4.99 + */
   4.100 +static __inline__ void list_del_init(struct list_head *entry)
   4.101 +{
   4.102 +	__list_del(entry->prev, entry->next);
   4.103 +	INIT_LIST_HEAD(entry); 
   4.104 +}
   4.105 +
   4.106 +/**
   4.107 + * list_empty - tests whether a list is empty
   4.108 + * @head: the list to test.
   4.109 + */
   4.110 +static __inline__ int list_empty(struct list_head *head)
   4.111 +{
   4.112 +	return head->next == head;
   4.113 +}
   4.114 +
   4.115 +/**
   4.116 + * list_splice - join two lists
   4.117 + * @list: the new list to add.
   4.118 + * @head: the place to add it in the first list.
   4.119 + */
   4.120 +static __inline__ void list_splice(struct list_head *list, struct list_head *head)
   4.121 +{
   4.122 +	struct list_head *first = list->next;
   4.123 +
   4.124 +	if (first != list) {
   4.125 +		struct list_head *last = list->prev;
   4.126 +		struct list_head *at = head->next;
   4.127 +
   4.128 +		first->prev = head;
   4.129 +		head->next = first;
   4.130 +
   4.131 +		last->next = at;
   4.132 +		at->prev = last;
   4.133 +	}
   4.134 +}
   4.135 +
   4.136 +/**
   4.137 + * list_entry - get the struct for this entry
   4.138 + * @ptr:	the &struct list_head pointer.
   4.139 + * @type:	the type of the struct this is embedded in.
   4.140 + * @member:	the name of the list_struct within the struct.
   4.141 + */
   4.142 +#define list_entry(ptr, type, member) \
   4.143 +	((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member)))
   4.144 +
   4.145 +/**
   4.146 + * list_for_each	-	iterate over a list
   4.147 + * @pos:	the &struct list_head to use as a loop counter.
   4.148 + * @head:	the head for your list.
   4.149 + */
   4.150 +#define list_for_each(pos, head) \
   4.151 +	for (pos = (head)->next; pos != (head); pos = pos->next)
   4.152 +        	
   4.153 +/**
   4.154 + * list_for_each_safe	-	iterate over a list safe against removal of list entry
   4.155 + * @pos:	the &struct list_head to use as a loop counter.
   4.156 + * @n:		another &struct list_head to use as temporary storage
   4.157 + * @head:	the head for your list.
   4.158 + */
   4.159 +#define list_for_each_safe(pos, n, head) \
   4.160 +	for (pos = (head)->next, n = pos->next; pos != (head); \
   4.161 +		pos = n, n = pos->next)
   4.162 +
   4.163 +/**
   4.164 + * list_for_each_entry	-	iterate over list of given type
   4.165 + * @pos:	the type * to use as a loop counter.
   4.166 + * @head:	the head for your list.
   4.167 + * @member:	the name of the list_struct within the struct.
   4.168 + */
   4.169 +#define list_for_each_entry(pos, head, member)				\
   4.170 +	for (pos = list_entry((head)->next, typeof(*pos), member);	\
   4.171 +	     &pos->member != (head); 					\
   4.172 +	     pos = list_entry(pos->member.next, typeof(*pos), member))
   4.173 +
   4.174 +/**
   4.175 + * list_for_each_entry_safe - iterate over list of given type safe against removal of list entry
   4.176 + * @pos:	the type * to use as a loop counter.
   4.177 + * @n:		another type * to use as temporary storage
   4.178 + * @head:	the head for your list.
   4.179 + * @member:	the name of the list_struct within the struct.
   4.180 + */
   4.181 +#define list_for_each_entry_safe(pos, n, head, member)			\
   4.182 +	for (pos = list_entry((head)->next, typeof(*pos), member),	\
   4.183 +		n = list_entry(pos->member.next, typeof(*pos), member);	\
   4.184 +	     &pos->member != (head); 					\
   4.185 +	     pos = n, n = list_entry(n->member.next, typeof(*n), member))
   4.186 +#endif /* _LINUX_LIST_H */
   4.187 +
     5.1 --- a/linux-2.6-xen-sparse/arch/xen/Kconfig	Fri Sep 02 14:15:49 2005 +0000
     5.2 +++ b/linux-2.6-xen-sparse/arch/xen/Kconfig	Fri Sep 02 14:17:08 2005 +0000
     5.3 @@ -109,15 +109,8 @@ config XEN_NETDEV_FRONTEND
     5.4  	  dedicated device-driver domain, or your master control domain
     5.5  	  (domain 0), then you almost certainly want to say Y here.
     5.6  
     5.7 -config XEN_NETDEV_GRANT_TX
     5.8 -        bool "Grant table substrate for net drivers tx path (DANGEROUS)"
     5.9 -        default n
    5.10 -        help
    5.11 -          This introduces the use of grant tables as a data exhange mechanism
    5.12 -          between the frontend and backend network drivers.
    5.13 -
    5.14 -config XEN_NETDEV_GRANT_RX
    5.15 -        bool "Grant table substrate for net drivers rx path (DANGEROUS)"
    5.16 +config XEN_NETDEV_GRANT
    5.17 +        bool "Grant table substrate for network drivers (DANGEROUS)"
    5.18          default n
    5.19          help
    5.20            This introduces the use of grant tables as a data exhange mechanism
     6.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Sep 02 14:15:49 2005 +0000
     6.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Sep 02 14:17:08 2005 +0000
     6.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
     6.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     6.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     6.6  CONFIG_XEN_NETDEV_FRONTEND=y
     6.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     6.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     6.9 +CONFIG_XEN_NETDEV_GRANT=y
    6.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    6.11  # CONFIG_XEN_BLKDEV_TAP is not set
    6.12  # CONFIG_XEN_SHADOW_MODE is not set
    6.13 @@ -1124,7 +1123,7 @@ CONFIG_RAMFS=y
    6.14  # CONFIG_BEFS_FS is not set
    6.15  # CONFIG_BFS_FS is not set
    6.16  # CONFIG_EFS_FS is not set
    6.17 -# CONFIG_CRAMFS is not set
    6.18 +CONFIG_CRAMFS=y
    6.19  # CONFIG_VXFS_FS is not set
    6.20  # CONFIG_HPFS_FS is not set
    6.21  # CONFIG_QNX4FS_FS is not set
     7.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Sep 02 14:15:49 2005 +0000
     7.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Sep 02 14:17:08 2005 +0000
     7.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
     7.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     7.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     7.6  CONFIG_XEN_NETDEV_FRONTEND=y
     7.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     7.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     7.9 +CONFIG_XEN_NETDEV_GRANT=y
    7.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    7.11  # CONFIG_XEN_BLKDEV_TAP is not set
    7.12  # CONFIG_XEN_SHADOW_MODE is not set
    7.13 @@ -1033,7 +1032,7 @@ CONFIG_RAMFS=y
    7.14  # CONFIG_BEFS_FS is not set
    7.15  # CONFIG_BFS_FS is not set
    7.16  # CONFIG_EFS_FS is not set
    7.17 -# CONFIG_CRAMFS is not set
    7.18 +CONFIG_CRAMFS=y
    7.19  # CONFIG_VXFS_FS is not set
    7.20  # CONFIG_HPFS_FS is not set
    7.21  # CONFIG_QNX4FS_FS is not set
     8.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32	Fri Sep 02 14:15:49 2005 +0000
     8.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32	Fri Sep 02 14:17:08 2005 +0000
     8.3 @@ -16,8 +16,7 @@ CONFIG_NO_IDLE_HZ=y
     8.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     8.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     8.6  CONFIG_XEN_NETDEV_FRONTEND=y
     8.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     8.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     8.9 +CONFIG_XEN_NETDEV_GRANT=y
    8.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    8.11  # CONFIG_XEN_BLKDEV_TAP is not set
    8.12  # CONFIG_XEN_SHADOW_MODE is not set
     9.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Sep 02 14:15:49 2005 +0000
     9.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Sep 02 14:17:08 2005 +0000
     9.3 @@ -16,8 +16,7 @@ CONFIG_NO_IDLE_HZ=y
     9.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     9.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     9.6  CONFIG_XEN_NETDEV_FRONTEND=y
     9.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     9.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     9.9 +CONFIG_XEN_NETDEV_GRANT=y
    9.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    9.11  # CONFIG_XEN_BLKDEV_TAP is not set
    9.12  # CONFIG_XEN_SHADOW_MODE is not set
    10.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32	Fri Sep 02 14:15:49 2005 +0000
    10.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32	Fri Sep 02 14:17:08 2005 +0000
    10.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
    10.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
    10.5  CONFIG_XEN_BLKDEV_FRONTEND=y
    10.6  CONFIG_XEN_NETDEV_FRONTEND=y
    10.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
    10.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
    10.9 +CONFIG_XEN_NETDEV_GRANT=y
   10.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
   10.11  # CONFIG_XEN_BLKDEV_TAP is not set
   10.12  # CONFIG_XEN_SHADOW_MODE is not set
    11.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64	Fri Sep 02 14:15:49 2005 +0000
    11.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64	Fri Sep 02 14:17:08 2005 +0000
    11.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
    11.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
    11.5  CONFIG_XEN_BLKDEV_FRONTEND=y
    11.6  CONFIG_XEN_NETDEV_FRONTEND=y
    11.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
    11.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
    11.9 +CONFIG_XEN_NETDEV_GRANT=y
   11.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
   11.11  # CONFIG_XEN_BLKDEV_TAP is not set
   11.12  # CONFIG_XEN_SHADOW_MODE is not set
    12.1 --- a/linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU	Fri Sep 02 14:15:49 2005 +0000
    12.2 +++ b/linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU	Fri Sep 02 14:17:08 2005 +0000
    12.3 @@ -19,7 +19,7 @@ config TCG_TPM
    12.4  
    12.5  config TCG_XEN
    12.6  	tristate "XEN TPM Interface"
    12.7 -	depends on TCG_TPM && ARCH_XEN
    12.8 +	depends on TCG_TPM && ARCH_XEN && XEN_TPMDEV_FRONTEND
    12.9  	---help---
   12.10  	  If you want to make TPM support available to a Xen
   12.11  	  user domain, say Yes and it will
    13.1 --- a/linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c	Fri Sep 02 14:15:49 2005 +0000
    13.2 +++ b/linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c	Fri Sep 02 14:17:08 2005 +0000
    13.3 @@ -105,7 +105,7 @@ int xencons_ring_init(void)
    13.4  		xen_start_info.console_evtchn, handle_input,
    13.5  		0, "xencons", inring());
    13.6  	if (err) {
    13.7 -		xprintk(KERN_ERR "XEN console request irq failed %i\n", err);
    13.8 +		xprintk("XEN console request irq failed %i\n", err);
    13.9  		unbind_evtchn_from_irq(xen_start_info.console_evtchn);
   13.10  		return err;
   13.11  	}
    14.1 --- a/linux-2.6-xen-sparse/drivers/xen/netback/common.h	Fri Sep 02 14:15:49 2005 +0000
    14.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/common.h	Fri Sep 02 14:17:08 2005 +0000
    14.3 @@ -20,9 +20,12 @@
    14.4  #include <asm/io.h>
    14.5  #include <asm/pgalloc.h>
    14.6  
    14.7 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
    14.8 +#ifdef CONFIG_XEN_NETDEV_GRANT
    14.9  #include <asm-xen/xen-public/grant_table.h>
   14.10  #include <asm-xen/gnttab.h>
   14.11 +
   14.12 +#define GRANT_INVALID_REF (0xFFFF)
   14.13 +
   14.14  #endif
   14.15  
   14.16  
   14.17 @@ -37,6 +40,11 @@
   14.18  #define ASSERT(_p) ((void)0)
   14.19  #define DPRINTK(_f, _a...) ((void)0)
   14.20  #endif
   14.21 +#define IPRINTK(fmt, args...) \
   14.22 +    printk(KERN_INFO "xen_net: " fmt, ##args)
   14.23 +#define WPRINTK(fmt, args...) \
   14.24 +    printk(KERN_WARNING "xen_net: " fmt, ##args)
   14.25 +
   14.26  
   14.27  typedef struct netif_st {
   14.28      /* Unique identifier for this interface. */
   14.29 @@ -47,13 +55,13 @@ typedef struct netif_st {
   14.30  
   14.31      /* Physical parameters of the comms window. */
   14.32      unsigned long    tx_shmem_frame;
   14.33 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   14.34 +#ifdef CONFIG_XEN_NETDEV_GRANT
   14.35      u16              tx_shmem_handle;
   14.36      unsigned long    tx_shmem_vaddr; 
   14.37      grant_ref_t      tx_shmem_ref; 
   14.38  #endif
   14.39      unsigned long    rx_shmem_frame;
   14.40 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   14.41 +#ifdef CONFIG_XEN_NETDEV_GRANT
   14.42      u16              rx_shmem_handle;
   14.43      unsigned long    rx_shmem_vaddr; 
   14.44      grant_ref_t      rx_shmem_ref; 
   14.45 @@ -68,7 +76,7 @@ typedef struct netif_st {
   14.46      /* Private indexes into shared ring. */
   14.47      NETIF_RING_IDX rx_req_cons;
   14.48      NETIF_RING_IDX rx_resp_prod; /* private version of shared variable */
   14.49 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   14.50 +#ifdef CONFIG_XEN_NETDEV_GRANT
   14.51      NETIF_RING_IDX rx_resp_prod_copy; /* private version of shared variable */
   14.52  #endif
   14.53      NETIF_RING_IDX tx_req_cons;
    15.1 --- a/linux-2.6-xen-sparse/drivers/xen/netback/interface.c	Fri Sep 02 14:15:49 2005 +0000
    15.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/interface.c	Fri Sep 02 14:17:08 2005 +0000
    15.3 @@ -111,65 +111,57 @@ netif_t *alloc_netif(domid_t domid, unsi
    15.4      return netif;
    15.5  }
    15.6  
    15.7 -static int map_frontend_page(netif_t *netif, unsigned long localaddr,
    15.8 -			     unsigned long tx_ring_ref, unsigned long rx_ring_ref)
    15.9 +static int map_frontend_pages(netif_t *netif, unsigned long localaddr,
   15.10 +                              unsigned long tx_ring_ref, 
   15.11 +                              unsigned long rx_ring_ref)
   15.12  {
   15.13 -#if !defined(CONFIG_XEN_NETDEV_GRANT_TX)||!defined(CONFIG_XEN_NETDEV_GRANT_RX)
   15.14 +#ifdef CONFIG_XEN_NETDEV_GRANT
   15.15 +    struct gnttab_map_grant_ref op;
   15.16 +
   15.17 +    /* Map: Use the Grant table reference */
   15.18 +    op.host_addr = localaddr;
   15.19 +    op.flags     = GNTMAP_host_map;
   15.20 +    op.ref       = tx_ring_ref;
   15.21 +    op.dom       = netif->domid;
   15.22 +    
   15.23 +    BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   15.24 +    if (op.handle < 0) { 
   15.25 +        DPRINTK(" Grant table operation failure mapping tx_ring_ref!\n");
   15.26 +        return op.handle;
   15.27 +    }
   15.28 +
   15.29 +    netif->tx_shmem_ref    = tx_ring_ref;
   15.30 +    netif->tx_shmem_handle = op.handle;
   15.31 +    netif->tx_shmem_vaddr  = localaddr;
   15.32 +
   15.33 +    /* Map: Use the Grant table reference */
   15.34 +    op.host_addr = localaddr + PAGE_SIZE;
   15.35 +    op.flags     = GNTMAP_host_map;
   15.36 +    op.ref       = rx_ring_ref;
   15.37 +    op.dom       = netif->domid;
   15.38 +
   15.39 +    BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   15.40 +    if (op.handle < 0) { 
   15.41 +        DPRINTK(" Grant table operation failure mapping rx_ring_ref!\n");
   15.42 +        return op.handle;
   15.43 +    }
   15.44 +
   15.45 +    netif->rx_shmem_ref    = rx_ring_ref;
   15.46 +    netif->rx_shmem_handle = op.handle;
   15.47 +    netif->rx_shmem_vaddr  = localaddr + PAGE_SIZE;
   15.48 +
   15.49 +#else
   15.50      pgprot_t      prot = __pgprot(_KERNPG_TABLE);
   15.51      int           err;
   15.52 -#endif
   15.53 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX)
   15.54 -    {
   15.55 -        struct gnttab_map_grant_ref op;
   15.56  
   15.57 -        /* Map: Use the Grant table reference */
   15.58 -        op.host_addr = localaddr;
   15.59 -        op.flags     = GNTMAP_host_map;
   15.60 -        op.ref       = tx_ring_ref;
   15.61 -        op.dom       = netif->domid;
   15.62 -       
   15.63 -	BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   15.64 -        if (op.handle < 0) { 
   15.65 -            DPRINTK(" Grant table operation failure !\n");
   15.66 -            return op.handle;
   15.67 -        }
   15.68 -
   15.69 -        netif->tx_shmem_ref    = tx_ring_ref;
   15.70 -        netif->tx_shmem_handle = op.handle;
   15.71 -        netif->tx_shmem_vaddr  = localaddr;
   15.72 -    }
   15.73 -#else 
   15.74      err = direct_remap_area_pages(&init_mm, localaddr,
   15.75  				  tx_ring_ref<<PAGE_SHIFT, PAGE_SIZE,
   15.76  				  prot, netif->domid); 
   15.77 -    if (err)
   15.78 -	return err;
   15.79 -#endif
   15.80 -
   15.81 -#if defined(CONFIG_XEN_NETDEV_GRANT_RX)
   15.82 -    {
   15.83 -        struct gnttab_map_grant_ref op;
   15.84 -
   15.85 -        /* Map: Use the Grant table reference */
   15.86 -        op.host_addr = localaddr + PAGE_SIZE;
   15.87 -        op.flags     = GNTMAP_host_map;
   15.88 -        op.ref       = rx_ring_ref;
   15.89 -        op.dom       = netif->domid;
   15.90 -
   15.91 -	BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   15.92 -        if (op.handle < 0) { 
   15.93 -            DPRINTK(" Grant table operation failure !\n");
   15.94 -            return op.handle;
   15.95 -        }
   15.96 -
   15.97 -        netif->rx_shmem_ref    = rx_ring_ref;
   15.98 -        netif->rx_shmem_handle = op.handle;
   15.99 -        netif->rx_shmem_vaddr  = localaddr + PAGE_SIZE;
  15.100 -    }
  15.101 -#else 
  15.102 -    err = direct_remap_area_pages(&init_mm, localaddr + PAGE_SIZE,
  15.103 +    
  15.104 +    err |= direct_remap_area_pages(&init_mm, localaddr + PAGE_SIZE,
  15.105  				  rx_ring_ref<<PAGE_SHIFT, PAGE_SIZE,
  15.106  				  prot, netif->domid);
  15.107 +
  15.108      if (err)
  15.109  	return err;
  15.110  #endif
  15.111 @@ -177,25 +169,23 @@ static int map_frontend_page(netif_t *ne
  15.112      return 0;
  15.113  }
  15.114  
  15.115 -static void unmap_frontend_page(netif_t *netif)
  15.116 +static void unmap_frontend_pages(netif_t *netif)
  15.117  {
  15.118 -#if defined(CONFIG_XEN_NETDEV_GRANT_RX) || defined(CONFIG_XEN_NETDEV_GRANT_TX)
  15.119 +#ifdef CONFIG_XEN_NETDEV_GRANT
  15.120      struct gnttab_unmap_grant_ref op;
  15.121 -#endif
  15.122  
  15.123 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  15.124      op.host_addr    = netif->tx_shmem_vaddr;
  15.125      op.handle       = netif->tx_shmem_handle;
  15.126      op.dev_bus_addr = 0;
  15.127      BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
  15.128 -#endif
  15.129  
  15.130 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  15.131      op.host_addr    = netif->rx_shmem_vaddr;
  15.132      op.handle       = netif->rx_shmem_handle;
  15.133      op.dev_bus_addr = 0;
  15.134      BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
  15.135  #endif
  15.136 +
  15.137 +    return; 
  15.138  }
  15.139  
  15.140  int netif_map(netif_t *netif, unsigned long tx_ring_ref,
  15.141 @@ -209,8 +199,8 @@ int netif_map(netif_t *netif, unsigned l
  15.142      if (vma == NULL)
  15.143          return -ENOMEM;
  15.144  
  15.145 -    err = map_frontend_page(netif, (unsigned long)vma->addr, tx_ring_ref,
  15.146 -			    rx_ring_ref);
  15.147 +    err = map_frontend_pages(netif, (unsigned long)vma->addr, tx_ring_ref,
  15.148 +                             rx_ring_ref);
  15.149      if (err) {
  15.150          vfree(vma->addr);
  15.151  	return err;
  15.152 @@ -222,7 +212,7 @@ int netif_map(netif_t *netif, unsigned l
  15.153      op.u.bind_interdomain.port2 = evtchn;
  15.154      err = HYPERVISOR_event_channel_op(&op);
  15.155      if (err) {
  15.156 -	unmap_frontend_page(netif);
  15.157 +	unmap_frontend_pages(netif);
  15.158  	vfree(vma->addr);
  15.159  	return err;
  15.160      }
  15.161 @@ -267,7 +257,7 @@ static void free_netif(void *arg)
  15.162      unregister_netdev(netif->dev);
  15.163  
  15.164      if (netif->tx) {
  15.165 -	unmap_frontend_page(netif);
  15.166 +	unmap_frontend_pages(netif);
  15.167  	vfree(netif->tx); /* Frees netif->rx as well. */
  15.168      }
  15.169  
    16.1 --- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c	Fri Sep 02 14:15:49 2005 +0000
    16.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c	Fri Sep 02 14:17:08 2005 +0000
    16.3 @@ -14,23 +14,6 @@
    16.4  #include <asm-xen/balloon.h>
    16.5  #include <asm-xen/xen-public/memory.h>
    16.6  
    16.7 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
    16.8 -#include <asm-xen/xen-public/grant_table.h>
    16.9 -#include <asm-xen/gnttab.h>
   16.10 -#ifdef GRANT_DEBUG
   16.11 -static void
   16.12 -dump_packet(int tag, u32 addr, unsigned char *p)
   16.13 -{
   16.14 -	int i;
   16.15 -
   16.16 -	printk(KERN_ALERT "#### rx_action %c %08x ", tag & 0xff, addr);
   16.17 -	for (i = 0; i < 20; i++) {
   16.18 -		printk("%02x", p[i]);
   16.19 -	}
   16.20 -	printk("\n");
   16.21 -}
   16.22 -#endif
   16.23 -#endif
   16.24  
   16.25  static void netif_idx_release(u16 pending_idx);
   16.26  static void netif_page_release(struct page *page);
   16.27 @@ -57,7 +40,8 @@ static struct timer_list net_timer;
   16.28  static struct sk_buff_head rx_queue;
   16.29  static multicall_entry_t rx_mcl[NETIF_RX_RING_SIZE*2+1];
   16.30  static mmu_update_t rx_mmu[NETIF_RX_RING_SIZE];
   16.31 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   16.32 +
   16.33 +#ifdef CONFIG_XEN_NETDEV_GRANT
   16.34  static gnttab_donate_t grant_rx_op[MAX_PENDING_REQS];
   16.35  #else
   16.36  static struct mmuext_op rx_mmuext[NETIF_RX_RING_SIZE];
   16.37 @@ -88,18 +72,15 @@ static PEND_RING_IDX dealloc_prod, deall
   16.38  
   16.39  static struct sk_buff_head tx_queue;
   16.40  
   16.41 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   16.42 +#ifdef CONFIG_XEN_NETDEV_GRANT
   16.43  static u16 grant_tx_ref[MAX_PENDING_REQS];
   16.44  static gnttab_unmap_grant_ref_t tx_unmap_ops[MAX_PENDING_REQS];
   16.45  static gnttab_map_grant_ref_t tx_map_ops[MAX_PENDING_REQS];
   16.46 +
   16.47  #else
   16.48  static multicall_entry_t tx_mcl[MAX_PENDING_REQS];
   16.49  #endif
   16.50  
   16.51 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
   16.52 -#define GRANT_INVALID_REF (0xFFFF)
   16.53 -#endif
   16.54 -
   16.55  static struct list_head net_schedule_list;
   16.56  static spinlock_t net_schedule_list_lock;
   16.57  
   16.58 @@ -127,7 +108,7 @@ static unsigned long alloc_mfn(void)
   16.59      return mfn;
   16.60  }
   16.61  
   16.62 -#ifndef CONFIG_XEN_NETDEV_GRANT_RX
   16.63 +#ifndef CONFIG_XEN_NETDEV_GRANT
   16.64  static void free_mfn(unsigned long mfn)
   16.65  {
   16.66      unsigned long flags;
   16.67 @@ -200,7 +181,7 @@ int netif_be_start_xmit(struct sk_buff *
   16.68          dev_kfree_skb(skb);
   16.69          skb = nskb;
   16.70      }
   16.71 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   16.72 +#ifdef CONFIG_XEN_NETDEV_GRANT
   16.73  #ifdef DEBUG_GRANT
   16.74      printk(KERN_ALERT "#### be_xmit: req_prod=%d req_cons=%d id=%04x gr=%04x\n",
   16.75             netif->rx->req_prod,
   16.76 @@ -246,12 +227,12 @@ int xen_network_done(void)
   16.77  
   16.78  static void net_rx_action(unsigned long unused)
   16.79  {
   16.80 -    netif_t *netif;
   16.81 +    netif_t *netif = NULL; 
   16.82      s8 status;
   16.83      u16 size, id, evtchn;
   16.84      multicall_entry_t *mcl;
   16.85      mmu_update_t *mmu;
   16.86 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   16.87 +#ifdef CONFIG_XEN_NETDEV_GRANT
   16.88      gnttab_donate_t *gop;
   16.89  #else
   16.90      struct mmuext_op *mmuext;
   16.91 @@ -266,7 +247,7 @@ static void net_rx_action(unsigned long 
   16.92  
   16.93      mcl = rx_mcl;
   16.94      mmu = rx_mmu;
   16.95 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   16.96 +#ifdef CONFIG_XEN_NETDEV_GRANT
   16.97      gop = grant_rx_op;
   16.98  #else
   16.99      mmuext = rx_mmuext;
  16.100 @@ -282,7 +263,7 @@ static void net_rx_action(unsigned long 
  16.101          if ( (new_mfn = alloc_mfn()) == 0 )
  16.102          {
  16.103              if ( net_ratelimit() )
  16.104 -                printk(KERN_WARNING "Memory squeeze in netback driver.\n");
  16.105 +                WPRINTK("Memory squeeze in netback driver.\n");
  16.106              mod_timer(&net_timer, jiffies + HZ);
  16.107              skb_queue_head(&rx_queue, skb);
  16.108              break;
  16.109 @@ -297,7 +278,7 @@ static void net_rx_action(unsigned long 
  16.110  				pfn_pte_ma(new_mfn, PAGE_KERNEL), 0);
  16.111          mcl++;
  16.112  
  16.113 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.114 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.115          gop->mfn = old_mfn;
  16.116          gop->domid = netif->domid;
  16.117          gop->handle = netif->rx->ring[
  16.118 @@ -340,7 +321,7 @@ static void net_rx_action(unsigned long 
  16.119      mcl->args[3] = DOMID_SELF;
  16.120      mcl++;
  16.121  
  16.122 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.123 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.124      mcl[-2].args[MULTI_UVMFLAGS_INDEX] = UVMF_TLB_FLUSH|UVMF_ALL;
  16.125  #else
  16.126      mcl[-3].args[MULTI_UVMFLAGS_INDEX] = UVMF_TLB_FLUSH|UVMF_ALL;
  16.127 @@ -349,9 +330,17 @@ static void net_rx_action(unsigned long 
  16.128          BUG();
  16.129  
  16.130      mcl = rx_mcl;
  16.131 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.132 -    BUG_ON(HYPERVISOR_grant_table_op(
  16.133 -        GNTTABOP_donate, grant_rx_op, gop - grant_rx_op));
  16.134 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.135 +    if(HYPERVISOR_grant_table_op(GNTTABOP_donate, grant_rx_op, 
  16.136 +                                 gop - grant_rx_op)) { 
  16.137 +        /* 
  16.138 +        ** The other side has given us a bad grant ref, or has no headroom, 
  16.139 +        ** or has gone away. Unfortunately the current grant table code 
  16.140 +        ** doesn't inform us which is the case, so not much we can do. 
  16.141 +        */
  16.142 +        DPRINTK("net_rx: donate to DOM%u failed; dropping (up to) %d "
  16.143 +                "packets.\n", grant_rx_op[0].domid, gop - grant_rx_op); 
  16.144 +    }
  16.145      gop = grant_rx_op;
  16.146  #else
  16.147      mmuext = rx_mmuext;
  16.148 @@ -363,7 +352,7 @@ static void net_rx_action(unsigned long 
  16.149  
  16.150          /* Rederive the machine addresses. */
  16.151          new_mfn = mcl[0].args[1] >> PAGE_SHIFT;
  16.152 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.153 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.154          old_mfn = 0; /* XXX Fix this so we can free_mfn() on error! */
  16.155  #else
  16.156          old_mfn = mmuext[0].mfn;
  16.157 @@ -380,8 +369,13 @@ static void net_rx_action(unsigned long 
  16.158  
  16.159          /* Check the reassignment error code. */
  16.160          status = NETIF_RSP_OKAY;
  16.161 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.162 -        BUG_ON(gop->status != 0); /* XXX */
  16.163 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.164 +        if(gop->status != 0) { 
  16.165 +            DPRINTK("Bad status %d from grant donate to DOM%u\n", 
  16.166 +                    gop->status, netif->domid);
  16.167 +            /* XXX SMH: should free 'old_mfn' here */
  16.168 +            status = NETIF_RSP_ERROR; 
  16.169 +        } 
  16.170  #else
  16.171          if ( unlikely(mcl[1].result != 0) )
  16.172          {
  16.173 @@ -404,7 +398,7 @@ static void net_rx_action(unsigned long 
  16.174  
  16.175          netif_put(netif);
  16.176          dev_kfree_skb(skb);
  16.177 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.178 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.179          mcl++;
  16.180          gop++;
  16.181  #else
  16.182 @@ -420,6 +414,7 @@ static void net_rx_action(unsigned long 
  16.183          notify_via_evtchn(evtchn);
  16.184      }
  16.185  
  16.186 +  out: 
  16.187      /* More work to do? */
  16.188      if ( !skb_queue_empty(&rx_queue) && !timer_pending(&net_timer) )
  16.189          tasklet_schedule(&net_rx_tasklet);
  16.190 @@ -496,7 +491,7 @@ static void tx_credit_callback(unsigned 
  16.191  
  16.192  inline static void net_tx_action_dealloc(void)
  16.193  {
  16.194 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.195 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.196      gnttab_unmap_grant_ref_t *gop;
  16.197  #else
  16.198      multicall_entry_t *mcl;
  16.199 @@ -508,7 +503,7 @@ inline static void net_tx_action_dealloc
  16.200      dc = dealloc_cons;
  16.201      dp = dealloc_prod;
  16.202  
  16.203 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.204 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.205      /*
  16.206       * Free up any grants we have finished using
  16.207       */
  16.208 @@ -542,7 +537,7 @@ inline static void net_tx_action_dealloc
  16.209  #endif
  16.210      while ( dealloc_cons != dp )
  16.211      {
  16.212 -#ifndef CONFIG_XEN_NETDEV_GRANT_TX
  16.213 +#ifndef CONFIG_XEN_NETDEV_GRANT
  16.214          /* The update_va_mapping() must not fail. */
  16.215          BUG_ON(mcl[0].result != 0);
  16.216  #endif
  16.217 @@ -569,7 +564,7 @@ inline static void net_tx_action_dealloc
  16.218          
  16.219          netif_put(netif);
  16.220  
  16.221 -#ifndef CONFIG_XEN_NETDEV_GRANT_TX
  16.222 +#ifndef CONFIG_XEN_NETDEV_GRANT
  16.223          mcl++;
  16.224  #endif
  16.225      }
  16.226 @@ -585,7 +580,7 @@ static void net_tx_action(unsigned long 
  16.227      netif_tx_request_t txreq;
  16.228      u16 pending_idx;
  16.229      NETIF_RING_IDX i;
  16.230 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.231 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.232      gnttab_map_grant_ref_t *mop;
  16.233  #else
  16.234      multicall_entry_t *mcl;
  16.235 @@ -595,7 +590,7 @@ static void net_tx_action(unsigned long 
  16.236      if ( dealloc_cons != dealloc_prod )
  16.237          net_tx_action_dealloc();
  16.238  
  16.239 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.240 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.241      mop = tx_map_ops;
  16.242  #else
  16.243      mcl = tx_mcl;
  16.244 @@ -696,7 +691,7 @@ static void net_tx_action(unsigned long 
  16.245  
  16.246          /* Packets passed to netif_rx() must have some headroom. */
  16.247          skb_reserve(skb, 16);
  16.248 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.249 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.250          mop->host_addr = MMAP_VADDR(pending_idx);
  16.251          mop->dom       = netif->domid;
  16.252          mop->ref       = txreq.addr >> PAGE_SHIFT;
  16.253 @@ -719,7 +714,7 @@ static void net_tx_action(unsigned long 
  16.254  
  16.255          pending_cons++;
  16.256  
  16.257 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.258 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.259          if ( (mop - tx_map_ops) >= ARRAY_SIZE(tx_map_ops) )
  16.260              break;
  16.261  #else
  16.262 @@ -729,7 +724,7 @@ static void net_tx_action(unsigned long 
  16.263  #endif
  16.264      }
  16.265  
  16.266 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.267 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.268      if ( mop == tx_map_ops )
  16.269          return;
  16.270  
  16.271 @@ -752,7 +747,7 @@ static void net_tx_action(unsigned long 
  16.272          memcpy(&txreq, &pending_tx_info[pending_idx].req, sizeof(txreq));
  16.273  
  16.274          /* Check the remap error code. */
  16.275 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.276 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.277          /* 
  16.278             XXX SMH: error returns from grant operations are pretty poorly
  16.279             specified/thought out, but the below at least conforms with 
  16.280 @@ -826,7 +821,7 @@ static void net_tx_action(unsigned long 
  16.281          netif_rx(skb);
  16.282          netif->dev->last_rx = jiffies;
  16.283  
  16.284 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.285 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.286          mop++;
  16.287  #else
  16.288          mcl++;
  16.289 @@ -949,12 +944,9 @@ static int __init netback_init(void)
  16.290           !(xen_start_info.flags & SIF_INITDOMAIN) )
  16.291          return 0;
  16.292  
  16.293 -    printk("Initialising Xen netif backend\n");
  16.294 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.295 -    printk("#### netback tx using grant tables\n");
  16.296 -#endif
  16.297 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.298 -    printk("#### netback rx using grant tables\n");
  16.299 +    IPRINTK("Initialising Xen netif backend.\n");
  16.300 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.301 +    IPRINTK("Using grant tables.\n");
  16.302  #endif
  16.303  
  16.304      /* We can increase reservation by this much in net_rx_action(). */
    17.1 --- a/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c	Fri Sep 02 14:15:49 2005 +0000
    17.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c	Fri Sep 02 14:17:08 2005 +0000
    17.3 @@ -55,9 +55,18 @@
    17.4  #include <asm/page.h>
    17.5  #include <asm/uaccess.h>
    17.6  
    17.7 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
    17.8 +#ifdef CONFIG_XEN_NETDEV_GRANT
    17.9  #include <asm-xen/xen-public/grant_table.h>
   17.10  #include <asm-xen/gnttab.h>
   17.11 +
   17.12 +static grant_ref_t gref_tx_head;
   17.13 +static grant_ref_t grant_tx_ref[NETIF_TX_RING_SIZE + 1]; 
   17.14 +
   17.15 +static grant_ref_t gref_rx_head;
   17.16 +static grant_ref_t grant_rx_ref[NETIF_RX_RING_SIZE + 1];
   17.17 +
   17.18 +#define GRANT_INVALID_REF	(0xFFFF)
   17.19 +
   17.20  #ifdef GRANT_DEBUG
   17.21  static void
   17.22  dump_packet(int tag, void *addr, u32 ap)
   17.23 @@ -71,9 +80,18 @@ dump_packet(int tag, void *addr, u32 ap)
   17.24      }
   17.25      printk("\n");
   17.26  }
   17.27 +
   17.28 +#define GDPRINTK(_f, _a...) printk(KERN_ALERT "(file=%s, line=%d) " _f, \
   17.29 +                           __FILE__ , __LINE__ , ## _a )
   17.30 +#else 
   17.31 +#define dump_packet(x,y,z)  ((void)0)  
   17.32 +#define GDPRINTK(_f, _a...) ((void)0)
   17.33  #endif
   17.34 +
   17.35  #endif
   17.36  
   17.37 +
   17.38 +
   17.39  #ifndef __GFP_NOWARN
   17.40  #define __GFP_NOWARN 0
   17.41  #endif
   17.42 @@ -102,23 +120,11 @@ dump_packet(int tag, void *addr, u32 ap)
   17.43  #define TX_TEST_IDX req_cons  /* conservative: not seen all our requests? */
   17.44  #endif
   17.45  
   17.46 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   17.47 -static grant_ref_t gref_tx_head;
   17.48 -static grant_ref_t grant_tx_ref[NETIF_TX_RING_SIZE + 1];
   17.49 -#endif
   17.50 -
   17.51 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   17.52 -static grant_ref_t gref_rx_head;
   17.53 -static grant_ref_t grant_rx_ref[NETIF_RX_RING_SIZE + 1];
   17.54 -#endif
   17.55 -
   17.56 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
   17.57 -#define GRANT_INVALID_REF	(0xFFFF)
   17.58 -#endif
   17.59  
   17.60  #define NETIF_STATE_DISCONNECTED 0
   17.61  #define NETIF_STATE_CONNECTED    1
   17.62  
   17.63 +
   17.64  static unsigned int netif_state = NETIF_STATE_DISCONNECTED;
   17.65  
   17.66  static void network_tx_buf_gc(struct net_device *dev);
   17.67 @@ -279,7 +285,7 @@ static void network_tx_buf_gc(struct net
   17.68          for (i = np->tx_resp_cons; i != prod; i++) {
   17.69              id  = np->tx->ring[MASK_NETIF_TX_IDX(i)].resp.id;
   17.70              skb = np->tx_skbs[id];
   17.71 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   17.72 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.73              if (unlikely(gnttab_query_foreign_access(grant_tx_ref[id]) != 0)) {
   17.74                  /* other domain is still using this grant - shouldn't happen
   17.75                     but if it does, we'll try to reclaim the grant later */
   17.76 @@ -310,7 +316,7 @@ static void network_tx_buf_gc(struct net
   17.77          mb();
   17.78      } while (prod != np->tx->resp_prod);
   17.79  
   17.80 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   17.81 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.82    out: 
   17.83  #endif
   17.84  
   17.85 @@ -330,8 +336,8 @@ static void network_alloc_rx_buffers(str
   17.86      int i, batch_target;
   17.87      NETIF_RING_IDX req_prod = np->rx->req_prod;
   17.88      struct xen_memory_reservation reservation;
   17.89 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   17.90 -    int ref;
   17.91 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.92 +    grant_ref_t ref;
   17.93  #endif
   17.94  
   17.95      if (unlikely(np->backend_state != BEST_CONNECTED))
   17.96 @@ -365,9 +371,9 @@ static void network_alloc_rx_buffers(str
   17.97          np->rx_skbs[id] = skb;
   17.98          
   17.99          np->rx->ring[MASK_NETIF_RX_IDX(req_prod + i)].req.id = id;
  17.100 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.101 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.102  	ref = gnttab_claim_grant_reference(&gref_rx_head);
  17.103 -        if (unlikely(ref < 0)) {
  17.104 +        if (unlikely((signed short)ref < 0)) {
  17.105              printk(KERN_ALERT "#### netfront can't claim rx reference\n");
  17.106              BUG();
  17.107          }
  17.108 @@ -426,8 +432,8 @@ static int network_start_xmit(struct sk_
  17.109      struct net_private *np = netdev_priv(dev);
  17.110      netif_tx_request_t *tx;
  17.111      NETIF_RING_IDX i;
  17.112 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.113 -    unsigned int ref;
  17.114 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.115 +    grant_ref_t ref;
  17.116      unsigned long mfn;
  17.117  #endif
  17.118  
  17.119 @@ -464,9 +470,9 @@ static int network_start_xmit(struct sk_
  17.120      tx = &np->tx->ring[MASK_NETIF_TX_IDX(i)].req;
  17.121  
  17.122      tx->id   = id;
  17.123 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.124 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.125      ref = gnttab_claim_grant_reference(&gref_tx_head);
  17.126 -    if (unlikely(ref < 0)) {
  17.127 +    if (unlikely((signed short)ref < 0)) {
  17.128          printk(KERN_ALERT "#### netfront can't claim tx grant reference\n");
  17.129          BUG();
  17.130      }
  17.131 @@ -519,7 +525,7 @@ static irqreturn_t netif_int(int irq, vo
  17.132      network_tx_buf_gc(dev);
  17.133      spin_unlock_irqrestore(&np->tx_lock, flags);
  17.134  
  17.135 -    if ((np->rx_resp_cons != np->rx->resp_prod) && (np->user_state == UST_OPEN))
  17.136 +    if((np->rx_resp_cons != np->rx->resp_prod) && (np->user_state == UST_OPEN))
  17.137          netif_rx_schedule(dev);
  17.138  
  17.139      return IRQ_HANDLED;
  17.140 @@ -537,7 +543,7 @@ static int netif_poll(struct net_device 
  17.141      int work_done, budget, more_to_do = 1;
  17.142      struct sk_buff_head rxq;
  17.143      unsigned long flags;
  17.144 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.145 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.146      unsigned long mfn;
  17.147      grant_ref_t ref;
  17.148  #endif
  17.149 @@ -574,8 +580,19 @@ static int netif_poll(struct net_device 
  17.150              continue;
  17.151          }
  17.152  
  17.153 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.154 -        ref = grant_rx_ref[rx->id];
  17.155 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.156 +        ref = grant_rx_ref[rx->id]; 
  17.157 +
  17.158 +        if(ref == GRANT_INVALID_REF) { 
  17.159 +            printk(KERN_WARNING "Bad rx grant reference %d from dom %d.\n",
  17.160 +                   ref, np->backend_id);
  17.161 +            np->rx->ring[MASK_NETIF_RX_IDX(np->rx->req_prod)].req.id = rx->id;
  17.162 +            wmb();
  17.163 +            np->rx->req_prod++;
  17.164 +            work_done--;
  17.165 +            continue;
  17.166 +        }
  17.167 +
  17.168          grant_rx_ref[rx->id] = GRANT_INVALID_REF;
  17.169          mfn = gnttab_end_foreign_transfer_ref(ref);
  17.170          gnttab_release_grant_reference(&gref_rx_head, ref);
  17.171 @@ -585,7 +602,7 @@ static int netif_poll(struct net_device 
  17.172          ADD_ID_TO_FREELIST(np->rx_skbs, rx->id);
  17.173  
  17.174          /* NB. We handle skb overflow later. */
  17.175 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.176 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.177          skb->data = skb->head + rx->addr;
  17.178  #else
  17.179          skb->data = skb->head + (rx->addr & ~PAGE_MASK);
  17.180 @@ -600,14 +617,14 @@ static int netif_poll(struct net_device 
  17.181          np->stats.rx_bytes += rx->status;
  17.182  
  17.183          /* Remap the page. */
  17.184 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.185 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.186          mmu->ptr = mfn << PAGE_SHIFT | MMU_MACHPHYS_UPDATE;
  17.187  #else
  17.188          mmu->ptr  = (rx->addr & PAGE_MASK) | MMU_MACHPHYS_UPDATE;
  17.189  #endif
  17.190          mmu->val  = __pa(skb->head) >> PAGE_SHIFT;
  17.191          mmu++;
  17.192 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.193 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.194  	MULTI_update_va_mapping(mcl, (unsigned long)skb->head,
  17.195  				pfn_pte_ma(mfn, PAGE_KERNEL), 0);
  17.196  #else
  17.197 @@ -617,20 +634,20 @@ static int netif_poll(struct net_device 
  17.198  #endif
  17.199          mcl++;
  17.200  
  17.201 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.202 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.203          phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] = mfn;
  17.204 +        GDPRINTK("#### rx_poll     enqueue vdata=%p mfn=%lu ref=%x\n",
  17.205 +                skb->data, mfn, ref);
  17.206  #else
  17.207          phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] = 
  17.208              rx->addr >> PAGE_SHIFT;
  17.209 -#endif
  17.210 +#endif 
  17.211  
  17.212 -#ifdef GRANT_DEBUG
  17.213 -        printk(KERN_ALERT "#### rx_poll     enqueue vdata=%p mfn=%lu ref=%x\n",
  17.214 -               skb->data, mfn, ref);
  17.215 -#endif
  17.216 +
  17.217          __skb_queue_tail(&rxq, skb);
  17.218      }
  17.219  
  17.220 +
  17.221      /* Some pages are no longer absent... */
  17.222      balloon_update_driver_allowance(-work_done);
  17.223  
  17.224 @@ -646,9 +663,9 @@ static int netif_poll(struct net_device 
  17.225      }
  17.226  
  17.227      while ((skb = __skb_dequeue(&rxq)) != NULL) {
  17.228 -#ifdef GRANT_DEBUG
  17.229 -        printk(KERN_ALERT "#### rx_poll     dequeue vdata=%p mfn=%lu\n",
  17.230 -               skb->data, virt_to_mfn(skb->data));
  17.231 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.232 +        GDPRINTK("#### rx_poll     dequeue vdata=%p mfn=%lu\n",
  17.233 +                skb->data, virt_to_mfn(skb->data));
  17.234          dump_packet('d', skb->data, (unsigned long)skb->data);
  17.235  #endif
  17.236          /*
  17.237 @@ -747,7 +764,6 @@ static struct net_device_stats *network_
  17.238      return &np->stats;
  17.239  }
  17.240  
  17.241 -
  17.242  static void network_connect(struct net_device *dev)
  17.243  {
  17.244      struct net_private *np;
  17.245 @@ -787,8 +803,11 @@ static void network_connect(struct net_d
  17.246              tx = &np->tx->ring[requeue_idx++].req;
  17.247  
  17.248              tx->id   = i;
  17.249 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.250 -            tx->addr = 0; /*(ref << PAGE_SHIFT) |*/
  17.251 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.252 +            gnttab_grant_foreign_access_ref(grant_tx_ref[i], np->backend_id, 
  17.253 +                                            virt_to_mfn(np->tx_skbs[i]->data),
  17.254 +                                            GNTMAP_readonly); 
  17.255 +            tx->addr = grant_tx_ref[i] << PAGE_SHIFT; 
  17.256  #else
  17.257              tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT;
  17.258  #endif
  17.259 @@ -803,9 +822,20 @@ static void network_connect(struct net_d
  17.260      np->tx->req_prod = requeue_idx;
  17.261  
  17.262      /* Rebuild the RX buffer freelist and the RX ring itself. */
  17.263 -    for (requeue_idx = 0, i = 1; i <= NETIF_RX_RING_SIZE; i++)
  17.264 -        if ((unsigned long)np->rx_skbs[i] >= __PAGE_OFFSET)
  17.265 -            np->rx->ring[requeue_idx++].req.id = i;
  17.266 +    for (requeue_idx = 0, i = 1; i <= NETIF_RX_RING_SIZE; i++) { 
  17.267 +        if ((unsigned long)np->rx_skbs[i] >= __PAGE_OFFSET) {
  17.268 +#ifdef CONFIG_XEN_NETDEV_GRANT 
  17.269 +            /* Reinstate the grant ref so backend can 'donate' mfn to us. */
  17.270 +            gnttab_grant_foreign_transfer_ref(grant_rx_ref[i], np->backend_id,
  17.271 +                                              virt_to_mfn(np->rx_skbs[i]->head)
  17.272 +                );
  17.273 +            np->rx->ring[requeue_idx].req.gref = grant_rx_ref[i];
  17.274 +#endif
  17.275 +            np->rx->ring[requeue_idx].req.id   = i;
  17.276 +            requeue_idx++; 
  17.277 +        }
  17.278 +    }
  17.279 +
  17.280      wmb();                
  17.281      np->rx->req_prod = requeue_idx;
  17.282  
  17.283 @@ -901,13 +931,14 @@ static int create_netdev(int handle, str
  17.284      /* Initialise {tx,rx}_skbs to be a free chain containing every entry. */
  17.285      for (i = 0; i <= NETIF_TX_RING_SIZE; i++) {
  17.286          np->tx_skbs[i] = (void *)((unsigned long) i+1);
  17.287 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.288 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.289          grant_tx_ref[i] = GRANT_INVALID_REF;
  17.290  #endif
  17.291      }
  17.292 +
  17.293      for (i = 0; i <= NETIF_RX_RING_SIZE; i++) {
  17.294          np->rx_skbs[i] = (void *)((unsigned long) i+1);
  17.295 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.296 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.297          grant_rx_ref[i] = GRANT_INVALID_REF;
  17.298  #endif
  17.299      }
  17.300 @@ -991,10 +1022,8 @@ static int setup_device(struct xenbus_de
  17.301  	evtchn_op_t op = { .cmd = EVTCHNOP_alloc_unbound };
  17.302  	int err;
  17.303  
  17.304 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.305 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.306  	info->tx_ring_ref = GRANT_INVALID_REF;
  17.307 -#endif
  17.308 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.309  	info->rx_ring_ref = GRANT_INVALID_REF;
  17.310  #endif
  17.311  
  17.312 @@ -1014,7 +1043,7 @@ static int setup_device(struct xenbus_de
  17.313  	memset(info->rx, 0, PAGE_SIZE);
  17.314  	info->backend_state = BEST_DISCONNECTED;
  17.315  
  17.316 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.317 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.318  	err = gnttab_grant_foreign_access(info->backend_id,
  17.319  					  virt_to_mfn(info->tx), 0);
  17.320  	if (err < 0) {
  17.321 @@ -1022,11 +1051,7 @@ static int setup_device(struct xenbus_de
  17.322  		goto out;
  17.323  	}
  17.324  	info->tx_ring_ref = err;
  17.325 -#else
  17.326 -	info->tx_ring_ref = virt_to_mfn(info->tx);
  17.327 -#endif
  17.328  
  17.329 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.330  	err = gnttab_grant_foreign_access(info->backend_id,
  17.331  					  virt_to_mfn(info->rx), 0);
  17.332  	if (err < 0) {
  17.333 @@ -1034,7 +1059,9 @@ static int setup_device(struct xenbus_de
  17.334  		goto out;
  17.335  	}
  17.336  	info->rx_ring_ref = err;
  17.337 +
  17.338  #else
  17.339 +	info->tx_ring_ref = virt_to_mfn(info->tx);
  17.340  	info->rx_ring_ref = virt_to_mfn(info->rx);
  17.341  #endif
  17.342  
  17.343 @@ -1054,16 +1081,17 @@ static int setup_device(struct xenbus_de
  17.344  	if (info->rx)
  17.345  		free_page((unsigned long)info->rx);
  17.346  	info->rx = 0;
  17.347 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.348 +
  17.349 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.350  	if (info->tx_ring_ref != GRANT_INVALID_REF)
  17.351  		gnttab_end_foreign_access(info->tx_ring_ref, 0);
  17.352  	info->tx_ring_ref = GRANT_INVALID_REF;
  17.353 -#endif
  17.354 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.355 +
  17.356  	if (info->rx_ring_ref != GRANT_INVALID_REF)
  17.357  		gnttab_end_foreign_access(info->rx_ring_ref, 0);
  17.358  	info->rx_ring_ref = GRANT_INVALID_REF;
  17.359  #endif
  17.360 +
  17.361  	return err;
  17.362  }
  17.363  
  17.364 @@ -1075,16 +1103,17 @@ static void netif_free(struct netfront_i
  17.365  	if (info->rx)
  17.366  		free_page((unsigned long)info->rx);
  17.367  	info->rx = 0;
  17.368 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.369 +
  17.370 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.371  	if (info->tx_ring_ref != GRANT_INVALID_REF)
  17.372  		gnttab_end_foreign_access(info->tx_ring_ref, 0);
  17.373  	info->tx_ring_ref = GRANT_INVALID_REF;
  17.374 -#endif
  17.375 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.376 +
  17.377  	if (info->rx_ring_ref != GRANT_INVALID_REF)
  17.378  		gnttab_end_foreign_access(info->rx_ring_ref, 0);
  17.379  	info->rx_ring_ref = GRANT_INVALID_REF;
  17.380  #endif
  17.381 +
  17.382  	unbind_evtchn_from_irqhandler(info->evtchn, info->netdev);
  17.383  	info->evtchn = 0;
  17.384  }
  17.385 @@ -1294,6 +1323,7 @@ static int netfront_resume(struct xenbus
  17.386  	int err;
  17.387  
  17.388  	err = talk_to_backend(dev, np);
  17.389 +
  17.390  	return err;
  17.391  }
  17.392  
  17.393 @@ -1342,29 +1372,28 @@ static int __init netif_init(void)
  17.394      if (xen_start_info.flags & SIF_INITDOMAIN)
  17.395          return 0;
  17.396  
  17.397 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.398 -    /* A grant for every ring slot */
  17.399 +    if ((err = xennet_proc_init()) != 0)
  17.400 +        return err;
  17.401 +
  17.402 +    IPRINTK("Initialising virtual ethernet driver.\n");
  17.403 +
  17.404 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.405 +    IPRINTK("Using grant tables.\n"); 
  17.406 +
  17.407 +    /* A grant for every tx ring slot */
  17.408      if (gnttab_alloc_grant_references(NETIF_TX_RING_SIZE,
  17.409                                        &gref_tx_head) < 0) {
  17.410          printk(KERN_ALERT "#### netfront can't alloc tx grant refs\n");
  17.411          return 1;
  17.412      }
  17.413 -    printk(KERN_ALERT "Netdev frontend (TX) is using grant tables.\n"); 
  17.414 -#endif
  17.415 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.416 -    /* A grant for every ring slot */
  17.417 +    /* A grant for every rx ring slot */
  17.418      if (gnttab_alloc_grant_references(NETIF_RX_RING_SIZE,
  17.419                                        &gref_rx_head) < 0) {
  17.420          printk(KERN_ALERT "#### netfront can't alloc rx grant refs\n");
  17.421          return 1;
  17.422      }
  17.423 -    printk(KERN_ALERT "Netdev frontend (RX) is using grant tables.\n"); 
  17.424  #endif
  17.425  
  17.426 -    if ((err = xennet_proc_init()) != 0)
  17.427 -        return err;
  17.428 -
  17.429 -    IPRINTK("Initialising virtual ethernet driver.\n");
  17.430  
  17.431      (void)register_inetaddr_notifier(&notifier_inetdev);
  17.432  
  17.433 @@ -1377,10 +1406,8 @@ static int __init netif_init(void)
  17.434  
  17.435  static void netif_exit(void)
  17.436  {
  17.437 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.438 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.439      gnttab_free_grant_references(gref_tx_head);
  17.440 -#endif
  17.441 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.442      gnttab_free_grant_references(gref_rx_head);
  17.443  #endif
  17.444  }
    18.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c	Fri Sep 02 14:15:49 2005 +0000
    18.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c	Fri Sep 02 14:17:08 2005 +0000
    18.3 @@ -212,7 +212,7 @@ int xb_init_comms(void)
    18.4  		xen_start_info.store_evtchn, wake_waiting,
    18.5  		0, "xenbus", &xb_waitq);
    18.6  	if (err) {
    18.7 -		printk(KERN_ERR "XENBUS request irq failed %i\n", err);
    18.8 +		xprintk("XENBUS request irq failed %i\n", err);
    18.9  		unbind_evtchn_from_irq(xen_start_info.store_evtchn);
   18.10  		return err;
   18.11  	}
    19.1 --- a/tools/check/check_brctl	Fri Sep 02 14:15:49 2005 +0000
    19.2 +++ b/tools/check/check_brctl	Fri Sep 02 14:17:08 2005 +0000
    19.3 @@ -2,8 +2,9 @@
    19.4  # CHECK-INSTALL
    19.5  
    19.6  function error {
    19.7 -   echo 'Check for the bridge control utils (brctl) failed.'
    19.8 +   echo
    19.9 +   echo '  *** Check for the bridge control utils (brctl) FAILED'
   19.10     exit 1
   19.11  }
   19.12  
   19.13 -brctl show || error
   19.14 \ No newline at end of file
   19.15 +which brctl 1>/dev/null 2>&1 || error
    20.1 --- a/tools/check/check_iproute	Fri Sep 02 14:15:49 2005 +0000
    20.2 +++ b/tools/check/check_iproute	Fri Sep 02 14:17:08 2005 +0000
    20.3 @@ -2,9 +2,10 @@
    20.4  # CHECK-INSTALL
    20.5  
    20.6  function error {
    20.7 -   echo 'Check for iproute (ip addr) failed.'
    20.8 +   echo
    20.9 +   echo '  *** Check for iproute (ip addr) FAILED'
   20.10     exit 1
   20.11  }
   20.12  
   20.13 -ip addr list || error
   20.14 +ip addr list 1>/dev/null 2>&1 || error
   20.15  
    21.1 --- a/tools/check/check_logging	Fri Sep 02 14:15:49 2005 +0000
    21.2 +++ b/tools/check/check_logging	Fri Sep 02 14:17:08 2005 +0000
    21.3 @@ -18,11 +18,12 @@ def check_logging():
    21.4          import logging
    21.5      except ImportError:
    21.6          hline()
    21.7 -        msg("Python logging is not installed.")
    21.8 -        msg("Use 'make install-logging' at the xen root to install.")
    21.9          msg("")
   21.10 -        msg("Alternatively download and install from")
   21.11 -        msg("http://www.red-dove.com/python_logging.html")
   21.12 +        msg("  *** Python logging is not installed.")
   21.13 +        msg("  *** Use 'make install-logging' at the xen root to install.")
   21.14 +        msg("  *** ")
   21.15 +        msg("  *** Alternatively download and install from")
   21.16 +        msg("  *** http://www.red-dove.com/python_logging.html")
   21.17          hline()
   21.18          sys.exit(1)
   21.19  
    22.1 --- a/tools/check/check_python	Fri Sep 02 14:15:49 2005 +0000
    22.2 +++ b/tools/check/check_python	Fri Sep 02 14:17:08 2005 +0000
    22.3 @@ -2,9 +2,9 @@
    22.4  # CHECK-BUILD CHECK-INSTALL
    22.5  
    22.6  function error {
    22.7 -    echo "Check for Python version 2.2 or higher failed."
    22.8 +    echo
    22.9 +    echo "  *** Check for Python version >= 2.2 FAILED"
   22.10      exit 1
   22.11  }
   22.12  
   22.13 -python -V
   22.14  python -V 2>&1 | cut -d ' ' -f 2 | grep -q -E '^2.2|^2.3|^2.4' || error
    23.1 --- a/tools/check/check_zlib_devel	Fri Sep 02 14:15:49 2005 +0000
    23.2 +++ b/tools/check/check_zlib_devel	Fri Sep 02 14:17:08 2005 +0000
    23.3 @@ -2,9 +2,10 @@
    23.4  # CHECK-BUILD
    23.5  
    23.6  function error {
    23.7 -    echo 'Check for zlib includes failed.'
    23.8 +    echo
    23.9 +    echo "  *** Check for zlib headers FAILED"
   23.10      exit 1
   23.11  }
   23.12  
   23.13  set -e
   23.14 -[ -e /usr/include/zlib.h ] || error
   23.15 \ No newline at end of file
   23.16 +[ -e /usr/include/zlib.h ] || error
    24.1 --- a/tools/check/check_zlib_lib	Fri Sep 02 14:15:49 2005 +0000
    24.2 +++ b/tools/check/check_zlib_lib	Fri Sep 02 14:17:08 2005 +0000
    24.3 @@ -2,9 +2,10 @@
    24.4  # CHECK-BUILD CHECK-INSTALL
    24.5  
    24.6  function error {
    24.7 -    echo 'Check for zlib library failed.'
    24.8 +    echo
    24.9 +    echo "  *** Check for zlib library FAILED"
   24.10      exit 1
   24.11  }
   24.12  
   24.13  set -e
   24.14 -ldconfig -p | grep libz.so || error
   24.15 \ No newline at end of file
   24.16 +ldconfig -p | grep -q libz.so || error
    25.1 --- a/tools/check/chk	Fri Sep 02 14:15:49 2005 +0000
    25.2 +++ b/tools/check/chk	Fri Sep 02 14:17:08 2005 +0000
    25.3 @@ -17,14 +17,11 @@ export PATH=${PATH}:/sbin:/usr/sbin
    25.4  case $1 in
    25.5      build)
    25.6          check="CHECK-BUILD"
    25.7 -        info=".chkbuild"
    25.8          ;;
    25.9      install)
   25.10          check="CHECK-INSTALL"
   25.11 -        info=".chkinstall"
   25.12          ;;
   25.13      clean)
   25.14 -        rm -f .chkbuild .chkinstall
   25.15          exit 0
   25.16          ;;
   25.17      *)
   25.18 @@ -34,7 +31,7 @@ esac
   25.19  
   25.20  failed=0
   25.21  
   25.22 -echo "Xen ${check} " $(date) > ${info}
   25.23 +echo "Xen ${check} " $(date)
   25.24  for f in check_* ; do
   25.25      case $f in
   25.26          *~)
   25.27 @@ -49,24 +46,12 @@ for f in check_* ; do
   25.28      if ! grep -q ${check} $f ; then
   25.29          continue
   25.30      fi
   25.31 -    echo ' ' >> ${info}
   25.32 -    echo "Checking $f" >> ${info}
   25.33 -    if ./$f 1>>${info} 2>&1 ; then
   25.34 -        echo OK >> ${info}
   25.35 +    echo -n "Checking $f: "
   25.36 +    if ./$f 2>&1 ; then
   25.37 +        echo OK
   25.38      else
   25.39          failed=1
   25.40 -        echo "FAILED $f"
   25.41 -        echo FAILED >> ${info}
   25.42      fi
   25.43  done
   25.44  
   25.45 -echo >> ${info}
   25.46 -
   25.47 -if [ "$failed" == "1" ] ; then
   25.48 -    echo "Checks failed. See `pwd`/${info} for details."
   25.49 -    echo "FAILED" >> ${info}
   25.50 -    exit 1
   25.51 -else
   25.52 -    echo "OK" >> ${info}
   25.53 -    exit 0
   25.54 -fi
   25.55 +exit $failed
    26.1 --- a/tools/console/daemon/utils.c	Fri Sep 02 14:15:49 2005 +0000
    26.2 +++ b/tools/console/daemon/utils.c	Fri Sep 02 14:17:08 2005 +0000
    26.3 @@ -234,7 +234,7 @@ bool xen_setup(void)
    26.4  	}
    26.5  
    26.6  	if (!xs_watch(xs, "/console", "console")) {
    26.7 -		dolog(LOG_ERR, "xenstore watch on /console failes.");
    26.8 +		dolog(LOG_ERR, "xenstore watch on /console fails.");
    26.9  		goto out_close_data;
   26.10  	}
   26.11  
    27.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Fri Sep 02 14:15:49 2005 +0000
    27.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Fri Sep 02 14:17:08 2005 +0000
    27.3 @@ -1028,6 +1028,7 @@ class XendDomainInfo:
    27.4  
    27.5          """
    27.6          try:
    27.7 +            self.clear_shutdown()
    27.8              self.state = STATE_VM_OK
    27.9              self.shutdown_pending = None
   27.10              self.restart_check()
    28.1 --- a/tools/security/Makefile	Fri Sep 02 14:15:49 2005 +0000
    28.2 +++ b/tools/security/Makefile	Fri Sep 02 14:17:08 2005 +0000
    28.3 @@ -45,6 +45,7 @@ build: mk-symlinks
    28.4  	$(MAKE) secpol_xml2bin
    28.5  	chmod 700 ./setlabel.sh
    28.6  	chmod 700 ./updategrub.sh
    28.7 +	chmod 700 ./getlabel.sh
    28.8  
    28.9  secpol_tool : secpol_tool.c secpol_compat.h
   28.10  	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
    29.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    29.2 +++ b/tools/security/getlabel.sh	Fri Sep 02 14:17:08 2005 +0000
    29.3 @@ -0,0 +1,130 @@
    29.4 +#!/bin/sh
    29.5 +# *
    29.6 +# * getlabel
    29.7 +# *
    29.8 +# * Copyright (C) 2005 IBM Corporation
    29.9 +# *
   29.10 +# * Authors:
   29.11 +# * Stefan Berger <stefanb@us.ibm.com>
   29.12 +# *
   29.13 +# * This program is free software; you can redistribute it and/or
   29.14 +# * modify it under the terms of the GNU General Public License as
   29.15 +# * published by the Free Software Foundation, version 2 of the
   29.16 +# * License.
   29.17 +# *
   29.18 +# * 'getlabel' tries to find the labels corresponding to the ssidref
   29.19 +# *
   29.20 +# * 'getlabel -?' shows the usage of the program
   29.21 +# *
   29.22 +# * 'getlabel -sid <ssidref> [<policy name>]' lists the label corresponding
   29.23 +# *                              to the given ssidref.
   29.24 +# *
   29.25 +# * 'getlabel -dom <domain id> [<policy name>]' lists the label of the
   29.26 +# *                              domain with given id
   29.27 +# *
   29.28 +#
   29.29 +
   29.30 +if [ -z "$runbash" ]; then
   29.31 +	runbash="1"
   29.32 +	export runbash
   29.33 +	exec sh -c "bash $0 $*"
   29.34 +fi
   29.35 +
   29.36 +
   29.37 +export PATH=$PATH:.
   29.38 +source labelfuncs.sh
   29.39 +
   29.40 +usage ()
   29.41 +{
   29.42 +	echo "Usage: $0 -sid <ssidref> [<policy name>] or"
   29.43 +	echo "       $0 -dom <domid>   [<policy name>]  "
   29.44 +	echo ""
   29.45 +	echo "policy name : the name of the policy, i.e. 'chwall'"
   29.46 +	echo "              If the policy name is omitted, the grub.conf"
   29.47 +	echo "              entry of the running system is tried to be read"
   29.48 +	echo "              and the policy name determined from there."
   29.49 +	echo "ssidref     : an ssidref in hex or decimal format, i.e., '0x00010002'"
   29.50 +	echo "              or '65538'"
   29.51 +	echo "domid       : id of the domain, i.e., '1'; Use numbers from the 2nd"
   29.52 +	echo "              column shown when invoking 'xm list'"
   29.53 +	echo ""
   29.54 +}
   29.55 +
   29.56 +
   29.57 +
   29.58 +if [ "$1" == "-?" ]; then
   29.59 +	mode="usage"
   29.60 +elif [ "$1" == "-dom" ]; then
   29.61 +	mode="domid"
   29.62 +	shift
   29.63 +elif [ "$1" == "-sid" ]; then
   29.64 +	mode="sid"
   29.65 +	shift
   29.66 +elif [ "$1" == "" ]; then
   29.67 +	usage
   29.68 +	exit -1
   29.69 +fi
   29.70 +
   29.71 +
   29.72 +if [ "$mode" == "usage" ]; then
   29.73 +	usage
   29.74 +elif [ "$mode" == "domid" ]; then
   29.75 +	if [ "$2" == "" ]; then
   29.76 +		findGrubConf
   29.77 +		ret=$?
   29.78 +		if [ $ret -eq 0 ]; then
   29.79 +			echo "Could not find grub.conf"
   29.80 +			exit -1;
   29.81 +		fi
   29.82 +		findPolicyInGrub $grubconf
   29.83 +		if [ "$policy" != "" ]; then
   29.84 +			echo "Assuming policy to be '$policy'.";
   29.85 +		else
   29.86 +			echo "Could not find policy."
   29.87 +			exit -1;
   29.88 +		fi
   29.89 +	else
   29.90 +		policy=$2
   29.91 +	fi
   29.92 +	findMapFile $policy
   29.93 +	res=$?
   29.94 +	if [ "$res" != "0" ]; then
   29.95 +		getSSIDUsingSecpolTool $1
   29.96 +		res=$?
   29.97 +		if [ "$res" != "0" ]; then
   29.98 +			translateSSIDREF $ssid $mapfile
   29.99 +		else
  29.100 +			echo "Could not determine the SSID of the domain."
  29.101 +		fi
  29.102 +	else
  29.103 +		echo "Could not find map file for policy '$policy'."
  29.104 +	fi
  29.105 +elif [ "$mode" == "sid" ]; then
  29.106 +	if [ "$2" == "" ]; then
  29.107 +		findGrubConf
  29.108 +		ret=$?
  29.109 +		if [ $ret -eq 0 ]; then
  29.110 +			echo "Could not find grub.conf"
  29.111 +			exit -1;
  29.112 +		fi
  29.113 +		findPolicyInGrub $grubconf
  29.114 +		if [ "$policy" != "" ]; then
  29.115 +			echo "Assuming policy to be '$policy'.";
  29.116 +		else
  29.117 +			echo "Could not find policy."
  29.118 +			exit -1;
  29.119 +		fi
  29.120 +	else
  29.121 +		policy=$2
  29.122 +	fi
  29.123 +	findMapFile $policy
  29.124 +	res=$?
  29.125 +	if [ "$res" != "0" ]; then
  29.126 +		translateSSIDREF $1 $mapfile
  29.127 +	else
  29.128 +		echo "Could not find map file for policy '$policy'."
  29.129 +	fi
  29.130 +
  29.131 +else
  29.132 +    usage
  29.133 +fi
    30.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    30.2 +++ b/tools/security/labelfuncs.sh	Fri Sep 02 14:17:08 2005 +0000
    30.3 @@ -0,0 +1,675 @@
    30.4 +# *
    30.5 +# * labelfuncs.sh
    30.6 +# *
    30.7 +# * Copyright (C) 2005 IBM Corporation
    30.8 +# *
    30.9 +# * Authors:
   30.10 +# * Stefan Berger <stefanb@us.ibm.com>
   30.11 +# *
   30.12 +# * This program is free software; you can redistribute it and/or
   30.13 +# * modify it under the terms of the GNU General Public License as
   30.14 +# * published by the Free Software Foundation, version 2 of the
   30.15 +# * License.
   30.16 +# *
   30.17 +# *
   30.18 +# * A collection of functions to handle polcies, mapfiles,
   30.19 +# * and ssidrefs.
   30.20 +#
   30.21 +
   30.22 +
   30.23 +# Find the mapfile given a policy nmame
   30.24 +# Parameters:
   30.25 +# 1st : the name of the policy whose map file is to be found, i.e.,
   30.26 +#       chwall
   30.27 +# Results:
   30.28 +# The variable mapfile will hold the realtive path to the mapfile
   30.29 +# for the given policy.
   30.30 +# In case the mapfile could be found, the functions returns a '1',
   30.31 +# a '0' otherwise.
   30.32 +findMapFile ()
   30.33 +{
   30.34 +	mapfile="./$1.map"
   30.35 +	if [ -r "$mapfile" ]; then
   30.36 +		return 1
   30.37 +	fi
   30.38 +
   30.39 +	mapfile="./policies/$1/$1.map"
   30.40 +	if [ -r "$mapfile" ]; then
   30.41 +		return 1
   30.42 +	fi
   30.43 +
   30.44 +	return 0
   30.45 +}
   30.46 +
   30.47 +
   30.48 +# Determine the name of the primary policy
   30.49 +# Parameters
   30.50 +# 1st : the path to the mapfile; the path may be relative
   30.51 +#       to the current directory
   30.52 +# Results
   30.53 +# The variable primary will hold the name of the primary policy
   30.54 +getPrimaryPolicy ()
   30.55 +{
   30.56 +	mapfile=$1
   30.57 +	primary=`cat $mapfile  |   \
   30.58 +	         awk '             \
   30.59 +	          {                \
   30.60 +	            if ( $1 == "PRIMARY" ) { \
   30.61 +	              res=$2;                \
   30.62 +	            }                        \
   30.63 +	          } END {                    \
   30.64 +	            print res;               \
   30.65 +	          } '`
   30.66 +}
   30.67 +
   30.68 +
   30.69 +# Determine the name of the secondary policy
   30.70 +# Parameters
   30.71 +# 1st : the path to the mapfile; the path may be relative
   30.72 +#       to the current directory
   30.73 +# Results
   30.74 +# The variable secondary will hold the name of the secondary policy
   30.75 +getSecondaryPolicy ()
   30.76 +{
   30.77 +	mapfile=$1
   30.78 +	secondary=`cat $mapfile  |   \
   30.79 +	         awk '             \
   30.80 +	          {                \
   30.81 +	            if ( $1 == "SECONDARY" ) { \
   30.82 +	              res=$2;                \
   30.83 +	            }                        \
   30.84 +	          } END {                    \
   30.85 +	            print res;               \
   30.86 +	          } '`
   30.87 +}
   30.88 +
   30.89 +
   30.90 +#Return where the grub.conf file is.
   30.91 +#I only know of one place it can be.
   30.92 +findGrubConf()
   30.93 +{
   30.94 +	grubconf="/boot/grub/grub.conf"
   30.95 +	if [ -w $grubconf ]; then
   30.96 +		return 1
   30.97 +	fi
   30.98 +	if [ -r $grubconf ]; then
   30.99 +		return 2
  30.100 +	fi
  30.101 +	return 0
  30.102 +}
  30.103 +
  30.104 +
  30.105 +# This function sets the global variable 'linux'
  30.106 +# to the name and version of the Linux kernel that was compiled
  30.107 +# for domain 0.
  30.108 +# If this variable could not be found, the variable 'linux'
  30.109 +# will hold a pattern
  30.110 +# Parameters:
  30.111 +# 1st: the path to reach the root directory of the XEN build tree
  30.112 +#      where linux-*-xen0 is located at
  30.113 +# Results:
  30.114 +# The variable linux holds then name and version of the compiled
  30.115 +# kernel, i.e., 'vmlinuz-2.6.12-xen0'
  30.116 +getLinuxVersion ()
  30.117 +{
  30.118 +	path=$1
  30.119 +	linux=""
  30.120 +	for f in $path/linux-*-xen0 ; do
  30.121 +		versionfile=$f/include/linux/version.h
  30.122 +		if [ -r $versionfile ]; then
  30.123 +			lnx=`cat $versionfile | \
  30.124 +			     grep UTS_RELEASE | \
  30.125 +			     awk '{             \
  30.126 +			       len=length($3);  \
  30.127 +			       print substr($3,2,len-2) }'`
  30.128 +		fi
  30.129 +		if [ "$lnx" != "" ]; then
  30.130 +			linux="[./0-9a-zA-z]*$lnx"
  30.131 +			return;
  30.132 +		fi
  30.133 +	done
  30.134 +
  30.135 +	#Last resort.
  30.136 +	linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
  30.137 +}
  30.138 +
  30.139 +
  30.140 +# Find out with which policy the hypervisor was booted with.
  30.141 +# Parameters
  30.142 +# 1st : The complete path to grub.conf, i.e., /boot/grub/grub.conf
  30.143 +#
  30.144 +findPolicyInGrub ()
  30.145 +{
  30.146 +	grubconf=$1
  30.147 +	linux=`uname -r`
  30.148 +	policy=`cat $grubconf |                        \
  30.149 +	         awk -vlinux=$linux '{                 \
  30.150 +	           if ( $1 == "title" ) {              \
  30.151 +	             kernelfound = 0;                  \
  30.152 +	             policymaycome = 0;                \
  30.153 +	           }                                   \
  30.154 +	           else if ( $1 == "kernel" ) {        \
  30.155 +	             if ( match($2,"xen.gz$") ) {      \
  30.156 +	               pathlen=RSTART;                 \
  30.157 +	               kernelfound = 1;                \
  30.158 +	             }                                 \
  30.159 +	           }                                   \
  30.160 +	           else if ( $1 == "module" &&         \
  30.161 +	                     kernelfound == 1 &&       \
  30.162 +	                     match($2,linux) ) {       \
  30.163 +	              policymaycome = 1;               \
  30.164 +	           }                                   \
  30.165 +	           else if ( $1 == "module" &&         \
  30.166 +	                     kernelfound == 1 &&       \
  30.167 +	                     policymaycome == 1 &&     \
  30.168 +	                     match($2,"[0-9a-zA-Z_]*.bin$") ) { \
  30.169 +	              policymaycome = 0;               \
  30.170 +	              kernelfound = 0;                 \
  30.171 +	              polname = substr($2,pathlen);    \
  30.172 +	              len=length(polname);             \
  30.173 +	              polname = substr(polname,0,len-4); \
  30.174 +	           }                                   \
  30.175 +	         } END {                               \
  30.176 +	           print polname                       \
  30.177 +	         }'`
  30.178 +}
  30.179 +
  30.180 +
  30.181 +# Get the SSID of a domain
  30.182 +# Parameters:
  30.183 +# 1st : domain ID, i.e. '1'
  30.184 +# Results
  30.185 +# If the ssid could be found, the variable 'ssid' will hold
  30.186 +# the currently used ssid in the hex format, i.e., '0x00010001'.
  30.187 +# The funtion returns '1' on success, '0' on failure
  30.188 +getSSIDUsingSecpolTool ()
  30.189 +{
  30.190 +	domid=$1
  30.191 +	export PATH=$PATH:.
  30.192 +	ssid=`secpol_tool getssid -d $domid -f | \
  30.193 +	        grep -E "SSID:" |          \
  30.194 +	        awk '{ print $4 }'`
  30.195 +
  30.196 +	if [ "$ssid" != "" ]; then
  30.197 +		return 1
  30.198 +	fi
  30.199 +	return 0
  30.200 +}
  30.201 +
  30.202 +
  30.203 +# Break the ssid identifier into its high and low values,
  30.204 +# which are equal to the secondary and primary policy references.
  30.205 +# Parameters:
  30.206 +# 1st: ssid to break into high and low value, i.e., '0x00010002'
  30.207 +# Results:
  30.208 +# The variable ssidlo_int and ssidhi_int will hold the low and
  30.209 +# high ssid values as integers.
  30.210 +getSSIDLOHI ()
  30.211 +{
  30.212 +	ssid=$1
  30.213 +	ssidlo_int=`echo $ssid | awk          \
  30.214 +	            '{                        \
  30.215 +	               len=length($0);        \
  30.216 +	               beg=substr($0,1,2);    \
  30.217 +	               if ( beg == "0x" ) {   \
  30.218 +	                   dig = len - 2;     \
  30.219 +	                   if (dig <= 0) {    \
  30.220 +	                     exit;            \
  30.221 +	                   }                  \
  30.222 +	                   if (dig > 4) {     \
  30.223 +	                     dig=4;           \
  30.224 +	                   }                  \
  30.225 +	                   lo=sprintf("0x%s",substr($0,len-dig+1,dig)); \
  30.226 +	                   print strtonum(lo);\
  30.227 +	               } else {               \
  30.228 +	                   lo=strtonum($0);   \
  30.229 +	                   if (lo < 65536) {  \
  30.230 +	                     print lo;        \
  30.231 +	                   } else {           \
  30.232 +	                     hi=lo;           \
  30.233 +	                     hi2= (hi / 65536);\
  30.234 +	                     hi2_str=sprintf("%d",hi2); \
  30.235 +	                     hi2=strtonum(hi2_str);\
  30.236 +	                     lo=hi-(hi2*65536); \
  30.237 +	                     printf("%d",lo); \
  30.238 +	                   }                  \
  30.239 +			}                     \
  30.240 +	            }'`
  30.241 +	ssidhi_int=`echo $ssid | awk          \
  30.242 +	            '{                        \
  30.243 +	               len=length($0);        \
  30.244 +	               beg=substr($0,1,2);    \
  30.245 +	               if ( beg == "0x" ) {   \
  30.246 +	                   dig = len - 2;     \
  30.247 +	                   if (dig <= 0 ||    \
  30.248 +	                     dig >  8) {      \
  30.249 +	                     exit;            \
  30.250 +	                   }                  \
  30.251 +	                   if (dig < 4) {     \
  30.252 +	                     print 0;         \
  30.253 +	                     exit;            \
  30.254 +	                   }                  \
  30.255 +	                   dig -= 4;          \
  30.256 +	                   hi=sprintf("0x%s",substr($0,len-4-dig+1,dig)); \
  30.257 +	                   print strtonum(hi);\
  30.258 +	               } else {               \
  30.259 +	                   hi=strtonum($0);   \
  30.260 +	                   if (hi >= 65536) { \
  30.261 +	                     hi = hi / 65536; \
  30.262 +	                     printf ("%d",hi);\
  30.263 +	                   } else {           \
  30.264 +	                     printf ("0");    \
  30.265 +	                   }                  \
  30.266 +	               }                      \
  30.267 +	            }'`
  30.268 +	if [ "$ssidhi_int" == "" -o \
  30.269 +	     "$ssidlo_int" == "" ]; then
  30.270 +		return 0;
  30.271 +	fi
  30.272 +	return 1
  30.273 +}
  30.274 +
  30.275 +
  30.276 +#Update the grub configuration file.
  30.277 +#Search for existing entries and replace the current
  30.278 +#policy entry with the policy passed to this script
  30.279 +#
  30.280 +#Arguments passed to this function
  30.281 +# 1st : the grub configuration file with full path
  30.282 +# 2nd : the binary policy file name, i.e. chwall.bin
  30.283 +# 3rd : the name or pattern of the linux kernel name to match
  30.284 +#       (this determines where the module entry will be made)
  30.285 +#
  30.286 +# The algorithm here is based on pattern matching
  30.287 +# and is working correctly if
  30.288 +# - under a title a line beginning with 'kernel' is found
  30.289 +#   whose following item ends with "xen.gz"
  30.290 +#   Example:  kernel /xen.gz dom0_mem=....
  30.291 +# - a module line matching the 3rd parameter is found
  30.292 +#
  30.293 +updateGrub ()
  30.294 +{
  30.295 +	grubconf=$1
  30.296 +	policyfile=$2
  30.297 +	linux=$3
  30.298 +
  30.299 +	tmpfile="/tmp/new_grub.conf"
  30.300 +
  30.301 +	cat $grubconf |                                \
  30.302 +	         awk -vpolicy=$policyfile              \
  30.303 +	             -vlinux=$linux '{                 \
  30.304 +	           if ( $1 == "title" ) {              \
  30.305 +	             kernelfound = 0;                  \
  30.306 +	             if ( policymaycome == 1 ){        \
  30.307 +	               printf ("\tmodule %s%s\n", path, policy);      \
  30.308 +	             }                                 \
  30.309 +	             policymaycome = 0;                \
  30.310 +	           }                                   \
  30.311 +	           else if ( $1 == "kernel" ) {        \
  30.312 +	             if ( match($2,"xen.gz$") ) {      \
  30.313 +	               path=substr($2,1,RSTART-1);     \
  30.314 +	               kernelfound = 1;                \
  30.315 +	             }                                 \
  30.316 +	           }                                   \
  30.317 +	           else if ( $1 == "module" &&         \
  30.318 +	                     kernelfound == 1 &&       \
  30.319 +	                     match($2,linux) ) {       \
  30.320 +	              policymaycome = 1;               \
  30.321 +	           }                                   \
  30.322 +	           else if ( $1 == "module" &&         \
  30.323 +	                     kernelfound == 1 &&       \
  30.324 +	                     policymaycome == 1 &&     \
  30.325 +	                     match($2,"[0-9a-zA-Z]*.bin$") ) { \
  30.326 +	              printf ("\tmodule %s%s\n", path, policy); \
  30.327 +	              policymaycome = 0;               \
  30.328 +	              kernelfound = 0;                 \
  30.329 +	              dontprint = 1;                   \
  30.330 +	           }                                   \
  30.331 +	           else if ( $1 == "" &&               \
  30.332 +	                     kernelfound == 1 &&       \
  30.333 +	                     policymaycome == 1) {     \
  30.334 +	              dontprint = 1;                   \
  30.335 +	           }                                   \
  30.336 +	           if (dontprint == 0) {               \
  30.337 +	             printf ("%s\n", $0);              \
  30.338 +	           }                                   \
  30.339 +	           dontprint = 0;                      \
  30.340 +	         } END {                               \
  30.341 +	           if ( policymaycome == 1 ) {         \
  30.342 +	             printf ("\tmodule %s%s\n", path, policy);  \
  30.343 +	           }                                   \
  30.344 +	         }' > $tmpfile
  30.345 +	if [ ! -r $tmpfile ]; then
  30.346 +		echo "Could not create temporary file! Aborting."
  30.347 +		exit -1
  30.348 +	fi
  30.349 +	mv -f $tmpfile $grubconf
  30.350 +}
  30.351 +
  30.352 +
  30.353 +# Display all the labels in a given mapfile
  30.354 +# Parameters
  30.355 +# 1st: Full or relative path to the policy's mapfile
  30.356 +showLabels ()
  30.357 +{
  30.358 +	mapfile=$1
  30.359 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
  30.360 +		echo "Cannot read from vm configuration file $vmfile."
  30.361 +		return -1
  30.362 +	fi
  30.363 +
  30.364 +	getPrimaryPolicy $mapfile
  30.365 +	getSecondaryPolicy $mapfile
  30.366 +
  30.367 +	echo "The following labels are available:"
  30.368 +	let line=1
  30.369 +	while [ 1 ]; do
  30.370 +		ITEM=`cat $mapfile |         \
  30.371 +		      awk -vline=$line       \
  30.372 +		          -vprimary=$primary \
  30.373 +		      '{                     \
  30.374 +		         if ($1 == "LABEL->SSID" &&  \
  30.375 +		             $2 == "VM" &&           \
  30.376 +		             $3 == primary ) {       \
  30.377 +		           ctr++;                    \
  30.378 +		           if (ctr == line) {        \
  30.379 +		             print $4;               \
  30.380 +		           }                         \
  30.381 +		         }                           \
  30.382 +		       } END {                       \
  30.383 +		       }'`
  30.384 +
  30.385 +		if [ "$ITEM" == "" ]; then
  30.386 +			break
  30.387 +		fi
  30.388 +		if [ "$secondary" != "NULL" ]; then
  30.389 +			LABEL=`cat $mapfile |     \
  30.390 +			       awk -vitem=$ITEM   \
  30.391 +			       '{
  30.392 +			          if ($1 == "LABEL->SSID" && \
  30.393 +			              $2 == "VM" &&          \
  30.394 +			              $3 == "CHWALL" &&      \
  30.395 +			              $4 == item ) {         \
  30.396 +			            result = item;           \
  30.397 +			          }                          \
  30.398 +			        } END {                      \
  30.399 +			            print result             \
  30.400 +			        }'`
  30.401 +		else
  30.402 +			LABEL=$ITEM
  30.403 +		fi
  30.404 +
  30.405 +		if [ "$LABEL" != "" ]; then
  30.406 +			echo "$LABEL"
  30.407 +			found=1
  30.408 +		fi
  30.409 +		let line=line+1
  30.410 +	done
  30.411 +	if [ "$found" != "1" ]; then
  30.412 +		echo "No labels found."
  30.413 +	fi
  30.414 +}
  30.415 +
  30.416 +
  30.417 +# Get the default SSID given a mapfile and the policy name
  30.418 +# Parameters
  30.419 +# 1st: Full or relative path to the policy's mapfile
  30.420 +# 2nd: the name of the policy
  30.421 +getDefaultSsid ()
  30.422 +{
  30.423 +	mapfile=$1
  30.424 +	pol=$2
  30.425 +	RES=`cat $mapfile    \
  30.426 +	     awk -vpol=$pol  \
  30.427 +	      {              \
  30.428 +	        if ($1 == "LABEL->SSID" && \
  30.429 +	            $2 == "ANY"         && \
  30.430 +	            $3 == pol           && \
  30.431 +	            $4 == "DEFAULT"       ) {\
  30.432 +	              res=$5;                \
  30.433 +	        }                            \
  30.434 +	      } END {                        \
  30.435 +	        printf "%04x", strtonum(res) \
  30.436 +	     }'`
  30.437 +	echo "default NULL mapping is $RES"
  30.438 +	defaultssid=$RES
  30.439 +}
  30.440 +
  30.441 +
  30.442 +#Relabel a VM configuration file
  30.443 +# Parameters
  30.444 +# 1st: Full or relative path to the VM configuration file
  30.445 +# 2nd: The label to translate into an ssidref
  30.446 +# 3rd: Full or relative path to the policy's map file
  30.447 +# 4th: The mode this function is supposed to operate in:
  30.448 +#      'relabel' : Relabels the file without querying the user
  30.449 +#      other     : Prompts the user whether to proceed
  30.450 +relabel ()
  30.451 +{
  30.452 +	vmfile=$1
  30.453 +	label=$2
  30.454 +	mapfile=$3
  30.455 +	mode=$4
  30.456 +
  30.457 +	if [ ! -r "$vmfile" ]; then
  30.458 +		echo "Cannot read from vm configuration file $vmfile."
  30.459 +		return -1
  30.460 +	fi
  30.461 +
  30.462 +	if [ ! -w "$vmfile" ]; then
  30.463 +		echo "Cannot write to vm configuration file $vmfile."
  30.464 +		return -1
  30.465 +	fi
  30.466 +
  30.467 +	if [ ! -r "$mapfile" ] ; then
  30.468 +		echo "Cannot read mapping file $mapfile."
  30.469 +		return -1
  30.470 +	fi
  30.471 +
  30.472 +	# Determine which policy is primary, which sec.
  30.473 +	getPrimaryPolicy $mapfile
  30.474 +	getSecondaryPolicy $mapfile
  30.475 +
  30.476 +	# Calculate the primary policy's SSIDREF
  30.477 +	if [ "$primary" == "NULL" ]; then
  30.478 +		SSIDLO="0001"
  30.479 +	else
  30.480 +		SSIDLO=`cat $mapfile |                    \
  30.481 +		        awk -vlabel=$label                \
  30.482 +		            -vprimary=$primary            \
  30.483 +		           '{                             \
  30.484 +		              if ( $1 == "LABEL->SSID" && \
  30.485 +		                   $2 == "VM" &&          \
  30.486 +		                   $3 == primary  &&      \
  30.487 +		                   $4 == label ) {        \
  30.488 +		                result=$5                 \
  30.489 +		              }                           \
  30.490 +		           } END {                        \
  30.491 +		             if (result != "" )           \
  30.492 +		               {printf "%04x", strtonum(result)}\
  30.493 +		           }'`
  30.494 +	fi
  30.495 +
  30.496 +	# Calculate the secondary policy's SSIDREF
  30.497 +	if [ "$secondary" == "NULL" ]; then
  30.498 +		if [ "$primary" == "NULL" ]; then
  30.499 +			SSIDHI="0001"
  30.500 +		else
  30.501 +			SSIDHI="0000"
  30.502 +		fi
  30.503 +	else
  30.504 +		SSIDHI=`cat $mapfile |                    \
  30.505 +		        awk -vlabel=$label                \
  30.506 +		            -vsecondary=$secondary        \
  30.507 +		           '{                             \
  30.508 +		              if ( $1 == "LABEL->SSID" && \
  30.509 +		                   $2 == "VM"          && \
  30.510 +		                   $3 == secondary     && \
  30.511 +		                   $4 == label ) {        \
  30.512 +		                result=$5                 \
  30.513 +		              }                           \
  30.514 +		            }  END {                      \
  30.515 +		              if (result != "" )          \
  30.516 +		                {printf "%04x", strtonum(result)}\
  30.517 +		            }'`
  30.518 +	fi
  30.519 +
  30.520 +	if [ "$SSIDLO" == "" -o \
  30.521 +	     "$SSIDHI" == "" ]; then
  30.522 +		echo "Could not map the given label '$label'."
  30.523 +		return -1
  30.524 +	fi
  30.525 +
  30.526 +	ACM_POLICY=`cat $mapfile |             \
  30.527 +	    awk ' { if ( $1 == "POLICY" ) {    \
  30.528 +	              result=$2                \
  30.529 +	            }                          \
  30.530 +	          }                            \
  30.531 +	          END {                        \
  30.532 +	            if (result != "") {        \
  30.533 +	              printf result            \
  30.534 +	            }                          \
  30.535 +	          }'`
  30.536 +
  30.537 +	if [ "$ACM_POLICY" == "" ]; then
  30.538 +		echo "Could not find 'POLICY' entry in map file."
  30.539 +		return -1
  30.540 +	fi
  30.541 +
  30.542 +	SSIDREF="0x$SSIDHI$SSIDLO"
  30.543 +
  30.544 +	if [ "$mode" != "relabel" ]; then
  30.545 +		RES=`cat $vmfile |  \
  30.546 +		     awk '{         \
  30.547 +		       if ( substr($1,0,7) == "ssidref" ) {\
  30.548 +		         print $0;             \
  30.549 +		       }                       \
  30.550 +		     }'`
  30.551 +		if [ "$RES" != "" ]; then
  30.552 +			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  30.553 +			read user
  30.554 +			if [ "$user" != "y" -a "$user" != "Y" ]; then
  30.555 +				echo "Aborted."
  30.556 +				return 0
  30.557 +			fi
  30.558 +		fi
  30.559 +	fi
  30.560 +
  30.561 +	#Write the output
  30.562 +	vmtmp1="/tmp/__setlabel.tmp1"
  30.563 +	vmtmp2="/tmp/__setlabel.tmp2"
  30.564 +	touch $vmtmp1
  30.565 +	touch $vmtmp2
  30.566 +	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  30.567 +		echo "Cannot create temporary files. Aborting."
  30.568 +		return -1
  30.569 +	fi
  30.570 +	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  30.571 +	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  30.572 +	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  30.573 +	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  30.574 +	echo "#ACM_LABEL=$label" >> $vmtmp1
  30.575 +	echo "ssidref = $SSIDREF" >> $vmtmp1
  30.576 +	mv -f $vmtmp1 $vmfile
  30.577 +	rm -rf $vmtmp1 $vmtmp2
  30.578 +	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  30.579 +}
  30.580 +
  30.581 +
  30.582 +# Translate an ssidref into its label. This does the reverse lookup
  30.583 +# to the relabel function above.
  30.584 +# This function displays the results.
  30.585 +# Parameters:
  30.586 +# 1st: The ssidref to translate; must be in the form '0x00010002'
  30.587 +# 2nd: Full or relative path to the policy's mapfile
  30.588 +translateSSIDREF ()
  30.589 +{
  30.590 +	ssidref=$1
  30.591 +	mapfile=$2
  30.592 +
  30.593 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
  30.594 +		echo "Cannot read from vm configuration file $vmfile."
  30.595 +		return -1
  30.596 +	fi
  30.597 +
  30.598 +	getPrimaryPolicy $mapfile
  30.599 +	getSecondaryPolicy $mapfile
  30.600 +
  30.601 +	if [ "$primary" == "NULL" -a "$secondary" == "NULL" ]; then
  30.602 +		echo "There are no labels for the NULL policy."
  30.603 +		return
  30.604 +	fi
  30.605 +
  30.606 +	getSSIDLOHI $ssidref
  30.607 +	ret=$?
  30.608 +	if [ $ret -ne 1 ]; then
  30.609 +		echo "Error while parsing the ssid ref number '$ssidref'."
  30.610 +	fi;
  30.611 +
  30.612 +	let line1=0
  30.613 +	let line2=0
  30.614 +	while [ 1 ]; do
  30.615 +		ITEM1=`cat $mapfile |                       \
  30.616 +		      awk -vprimary=$primary                \
  30.617 +		          -vssidlo=$ssidlo_int              \
  30.618 +		          -vline=$line1                     \
  30.619 +		      '{                                    \
  30.620 +		         if ( $1 == "LABEL->SSID" &&        \
  30.621 +		              $3 == primary &&              \
  30.622 +		              int($5) == ssidlo     ) {     \
  30.623 +		             if (l == line) {               \
  30.624 +		                 print $4;                  \
  30.625 +		                 exit;                      \
  30.626 +		             }                              \
  30.627 +		             l++;                           \
  30.628 +		         }                                  \
  30.629 +		       }'`
  30.630 +
  30.631 +		ITEM2=`cat $mapfile |                       \
  30.632 +		      awk -vsecondary=$secondary            \
  30.633 +		          -vssidhi=$ssidhi_int              \
  30.634 +		          -vline=$line2                     \
  30.635 +		      '{                                    \
  30.636 +		         if ( $1 == "LABEL->SSID" &&        \
  30.637 +		              $3 == secondary &&            \
  30.638 +		              int($5) == ssidhi     ) {     \
  30.639 +		             if (l == line) {               \
  30.640 +		                 print $4;                  \
  30.641 +		                 exit;                      \
  30.642 +		             }                              \
  30.643 +		             l++;                           \
  30.644 +		         }                                  \
  30.645 +		       }'`
  30.646 +
  30.647 +		if [ "$secondary" != "NULL" ]; then
  30.648 +			if [ "$ITEM1" == "" ]; then
  30.649 +				let line1=0
  30.650 +				let line2=line2+1
  30.651 +			else
  30.652 +				let line1=line1+1
  30.653 +			fi
  30.654 +
  30.655 +			if [ "$ITEM1" == "" -a \
  30.656 +			     "$ITEM2" == "" ]; then
  30.657 +				echo "Could not determine the referenced label."
  30.658 +				break
  30.659 +			fi
  30.660 +
  30.661 +			if [ "$ITEM1" == "$ITEM2" ]; then
  30.662 +				echo "Label: $ITEM1"
  30.663 +				break
  30.664 +			fi
  30.665 +		else
  30.666 +			if [ "$ITEM1" != "" ]; then
  30.667 +				echo "Label: $ITEM1"
  30.668 +			else
  30.669 +				if [ "$found" == "0" ]; then
  30.670 +					found=1
  30.671 +				else
  30.672 +					break
  30.673 +				fi
  30.674 +			fi
  30.675 +			let line1=line1+1
  30.676 +		fi
  30.677 +	done
  30.678 +}
    31.1 --- a/tools/security/secpol_tool.c	Fri Sep 02 14:15:49 2005 +0000
    31.2 +++ b/tools/security/secpol_tool.c	Fri Sep 02 14:17:08 2005 +0000
    31.3 @@ -25,6 +25,7 @@
    31.4  #include <stdio.h>
    31.5  #include <errno.h>
    31.6  #include <fcntl.h>
    31.7 +#include <getopt.h>
    31.8  #include <sys/mman.h>
    31.9  #include <sys/types.h>
   31.10  #include <sys/stat.h>
   31.11 @@ -41,6 +42,17 @@
   31.12  fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,	\
   31.13                  errno, strerror(errno))
   31.14  
   31.15 +void usage(char *progname)
   31.16 +{
   31.17 +    printf("Use: %s \n"
   31.18 +           "\t getpolicy\n"
   31.19 +           "\t dumpstats\n"
   31.20 +           "\t loadpolicy <binary policy file>\n"
   31.21 +           "\t getssid -d <domainid> [-f]\n"
   31.22 +		   "\t getssid -s <ssidref> [-f]\n", progname);
   31.23 +    exit(-1);
   31.24 +}
   31.25 +
   31.26  static inline int do_policycmd(int xc_handle, unsigned int cmd,
   31.27                                 unsigned long data)
   31.28  {
   31.29 @@ -320,7 +332,7 @@ int acm_domain_loadpolicy(int xc_handle,
   31.30  
   31.31          if (ret)
   31.32              printf
   31.33 -                ("ERROR setting policy. Use 'xm dmesg' to see details.\n");
   31.34 +                ("ERROR setting policy. Try 'xm dmesg' to see details.\n");
   31.35          else
   31.36              printf("Successfully changed policy.\n");
   31.37  
   31.38 @@ -370,7 +382,7 @@ int acm_domain_dumpstats(int xc_handle)
   31.39  
   31.40      if (ret < 0)
   31.41      {
   31.42 -        printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n");
   31.43 +        printf("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n");
   31.44          return ret;
   31.45      }
   31.46      stats = (struct acm_stats_buffer *) stats_buffer;
   31.47 @@ -421,18 +433,122 @@ int acm_domain_dumpstats(int xc_handle)
   31.48      }
   31.49      return ret;
   31.50  }
   31.51 +/************************ get ssidref & types ******************************/
   31.52 +/*
   31.53 + * the ssid (types) can be looked up either by domain id or by ssidref
   31.54 + */
   31.55 +int acm_domain_getssid(int xc_handle, int argc, char * const argv[])
   31.56 +{
   31.57 +    /* this includes header and a set of types */
   31.58 +    #define MAX_SSIDBUFFER  2000
   31.59 +    int ret, i;
   31.60 +    acm_op_t op;
   31.61 +    struct acm_ssid_buffer *hdr;
   31.62 +    unsigned char *buf;
   31.63 +	int nice_print = 1;
   31.64 +
   31.65 +    op.cmd = ACM_GETSSID;
   31.66 +    op.interface_version = ACM_INTERFACE_VERSION;
   31.67 +	op.u.getssid.get_ssid_by = UNSET;
   31.68 +	/* arguments
   31.69 +	   -d ... domain id to look up
   31.70 +	   -s ... ssidref number to look up
   31.71 +	   -f ... formatted print (scripts depend on this format)
   31.72 +	*/
   31.73 +	while (1)
   31.74 +    {
   31.75 +		int c = getopt(argc, argv, "d:s:f");
   31.76 +		if (c == -1)
   31.77 +			break;
   31.78 +		if (c == 'd')
   31.79 +        {
   31.80 +			if (op.u.getssid.get_ssid_by != UNSET)
   31.81 +				usage(argv[0]);
   31.82 +			op.u.getssid.get_ssid_by = DOMAINID;
   31.83 +			op.u.getssid.id.domainid = strtoul(optarg, NULL, 0);
   31.84 +		}
   31.85 +		else if (c== 's')
   31.86 +        {
   31.87 +			if (op.u.getssid.get_ssid_by != UNSET)
   31.88 +				usage(argv[0]);
   31.89 +			op.u.getssid.get_ssid_by = SSIDREF;
   31.90 +			op.u.getssid.id.ssidref = strtoul(optarg, NULL, 0);
   31.91 +		}
   31.92 +		else if (c== 'f')
   31.93 +		{
   31.94 +			nice_print = 0;
   31.95 +		}
   31.96 +		else
   31.97 +			usage(argv[0]);
   31.98 +	}
   31.99 +	if (op.u.getssid.get_ssid_by == UNSET)
  31.100 +		usage(argv[0]);
  31.101 +
  31.102 +	buf = malloc(MAX_SSIDBUFFER);
  31.103 +    if (!buf)
  31.104 +        return -ENOMEM;
  31.105 +
  31.106 +    /* dump it and then push it down into xen/acm */
  31.107 +    op.u.getssid.ssidbuf = buf;   /* out */
  31.108 +    op.u.getssid.ssidbuf_size = MAX_SSIDBUFFER;
  31.109 +    ret = do_acm_op(xc_handle, &op);
  31.110 +
  31.111 +    if (ret)
  31.112 +    {
  31.113 +        printf("ERROR getting ssidref. Try 'xm dmesg' to see details.\n");
  31.114 +        goto out;
  31.115 +    }
  31.116 +    hdr = (struct acm_ssid_buffer *)buf;
  31.117 +    if (hdr->len > MAX_SSIDBUFFER)
  31.118 +    {
  31.119 +        printf("ERROR: Buffer length inconsistent (ret=%d, hdr->len=%d)!\n",
  31.120 +               ret, hdr->len);
  31.121 +            return -EIO;
  31.122 +    }
  31.123 +	if (nice_print)
  31.124 +    {
  31.125 +		printf("SSID: ssidref = 0x%08x \n", hdr->ssidref);
  31.126 +		printf("      P: %s, max_types = %d\n",
  31.127 +			   ACM_POLICY_NAME(hdr->primary_policy_code), hdr->primary_max_types);
  31.128 +		printf("	  Types: ");
  31.129 +		for (i=0; i< hdr->primary_max_types; i++)
  31.130 +			if (buf[hdr->primary_types_offset + i])
  31.131 +				printf("%02x ", i);
  31.132 +			else
  31.133 +				printf("-- ");
  31.134 +		printf("\n");
  31.135 +
  31.136 +		printf("      S: %s, max_types = %d\n",
  31.137 +			   ACM_POLICY_NAME(hdr->secondary_policy_code), hdr->secondary_max_types);
  31.138 +		printf("	  Types: ");
  31.139 +		for (i=0; i< hdr->secondary_max_types; i++)
  31.140 +			if (buf[hdr->secondary_types_offset + i])
  31.141 +				printf("%02x ", i);
  31.142 +			else
  31.143 +				printf("-- ");
  31.144 +		printf("\n");
  31.145 +	}
  31.146 +	else
  31.147 +    {
  31.148 +		/* formatted print for use with scripts (.sh)
  31.149 +		 *  update scripts when updating here (usually
  31.150 +		 *  used in combination with -d to determine a
  31.151 +		 *  running domain's label
  31.152 +		 */
  31.153 +		printf("SSID: ssidref = 0x%08x \n", hdr->ssidref);
  31.154 +	}
  31.155 +
  31.156 +    /* return ste ssidref */
  31.157 +    if (hdr->primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
  31.158 +        ret = (hdr->ssidref) & 0xffff;
  31.159 +    else if (hdr->secondary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
  31.160 +        ret = (hdr->ssidref) >> 16;
  31.161 + out:
  31.162 +    return ret;
  31.163 +}
  31.164  
  31.165  /***************************** main **************************************/
  31.166  
  31.167 -void usage(char *progname)
  31.168 -{
  31.169 -    printf("Use: %s \n"
  31.170 -           "\t getpolicy\n"
  31.171 -           "\t dumpstats\n"
  31.172 -           "\t loadpolicy <binary policy file>\n", progname);
  31.173 -    exit(-1);
  31.174 -}
  31.175 -
  31.176  int main(int argc, char **argv)
  31.177  {
  31.178  
  31.179 @@ -459,6 +575,8 @@ int main(int argc, char **argv)
  31.180          if (argc != 2)
  31.181              usage(argv[0]);
  31.182          ret = acm_domain_dumpstats(acm_cmd_fd);
  31.183 +    } else if (!strcmp(argv[1], "getssid")) {
  31.184 +        ret = acm_domain_getssid(acm_cmd_fd, argc, argv);
  31.185      } else
  31.186          usage(argv[0]);
  31.187  
    32.1 --- a/tools/security/setlabel.sh	Fri Sep 02 14:15:49 2005 +0000
    32.2 +++ b/tools/security/setlabel.sh	Fri Sep 02 14:17:08 2005 +0000
    32.3 @@ -34,277 +34,29 @@ if [ -z "$runbash" ]; then
    32.4  	exec sh -c "bash $0 $*"
    32.5  fi
    32.6  
    32.7 +export PATH=$PATH:.
    32.8 +source labelfuncs.sh
    32.9  
   32.10  usage ()
   32.11  {
   32.12 -	echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
   32.13 -	echo "    or $0 -l <policy name>"
   32.14 +	echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
   32.15 +	echo "    or $0 -l [<policy name>]"
   32.16  	echo ""
   32.17 -	echo "Valid Options are:"
   32.18 +	echo "Valid options are:"
   32.19  	echo "-r          : to relabel a file without being prompted"
   32.20  	echo ""
   32.21  	echo "vmfile      : XEN vm configuration file"
   32.22 -	echo "label       : the label to map"
   32.23 +	echo "label       : the label to map to an ssidref"
   32.24  	echo "policy name : the name of the policy, i.e. 'chwall'"
   32.25 +	echo "              If the policy name is omitted, it is attempted"
   32.26 +	echo "              to find the current policy's name in grub.conf."
   32.27  	echo ""
   32.28 -	echo "-l <policy name> is used to show valid labels in the map file"
   32.29 +	echo "-l [<policy name>] is used to show valid labels in the map file of"
   32.30 +	echo "                   the given or current policy."
   32.31  	echo ""
   32.32  }
   32.33  
   32.34  
   32.35 -findMapFile ()
   32.36 -{
   32.37 -	mapfile="./$1.map"
   32.38 -	if [ -r "$mapfile" ]; then
   32.39 -		return 1
   32.40 -	fi
   32.41 -
   32.42 -	mapfile="./policies/$1/$1.map"
   32.43 -	if [ -r "$mapfile" ]; then
   32.44 -		return 1
   32.45 -	fi
   32.46 -
   32.47 -	return 0
   32.48 -}
   32.49 -
   32.50 -showLabels ()
   32.51 -{
   32.52 -	mapfile=$1
   32.53 -	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
   32.54 -		echo "Cannot read from vm configuration file $vmfile."
   32.55 -		return -1
   32.56 -	fi
   32.57 -
   32.58 -	getPrimaryPolicy $mapfile
   32.59 -	getSecondaryPolicy $mapfile
   32.60 -
   32.61 -	echo "The following labels are available:"
   32.62 -	let line=1
   32.63 -	while [ 1 ]; do
   32.64 -		ITEM=`cat $mapfile |         \
   32.65 -		      awk -vline=$line       \
   32.66 -		          -vprimary=$primary \
   32.67 -		      '{                     \
   32.68 -		         if ($1 == "LABEL->SSID" &&  \
   32.69 -		             $2 == "VM" &&           \
   32.70 -		             $3 == primary ) {       \
   32.71 -		           ctr++;                    \
   32.72 -		           if (ctr == line) {        \
   32.73 -		             print $4;               \
   32.74 -		           }                         \
   32.75 -		         }                           \
   32.76 -		       } END {                       \
   32.77 -		       }'`
   32.78 -
   32.79 -		if [ "$ITEM" == "" ]; then
   32.80 -			break
   32.81 -		fi
   32.82 -		if [ "$secondary" != "NULL" ]; then
   32.83 -			LABEL=`cat $mapfile |     \
   32.84 -			       awk -vitem=$ITEM   \
   32.85 -			       '{
   32.86 -			          if ($1 == "LABEL->SSID" && \
   32.87 -			              $2 == "VM" &&          \
   32.88 -			              $3 == "CHWALL" &&      \
   32.89 -			              $4 == item ) {         \
   32.90 -			            result = item;           \
   32.91 -			          }                          \
   32.92 -			        } END {                      \
   32.93 -			            print result             \
   32.94 -			        }'`
   32.95 -		else
   32.96 -			LABEL=$ITEM
   32.97 -		fi
   32.98 -
   32.99 -		if [ "$LABEL" != "" ]; then
  32.100 -			echo "$LABEL"
  32.101 -			found=1
  32.102 -		fi
  32.103 -		let line=line+1
  32.104 -	done
  32.105 -	if [ "$found" != "1" ]; then
  32.106 -		echo "No labels found."
  32.107 -	fi
  32.108 -}
  32.109 -
  32.110 -getPrimaryPolicy ()
  32.111 -{
  32.112 -	mapfile=$1
  32.113 -	primary=`cat $mapfile  |   \
  32.114 -	         awk '             \
  32.115 -	          {                \
  32.116 -	            if ( $1 == "PRIMARY" ) { \
  32.117 -	              res=$2;                \
  32.118 -	            }                        \
  32.119 -	          } END {                    \
  32.120 -	            print res;               \
  32.121 -	          } '`
  32.122 -}
  32.123 -
  32.124 -getSecondaryPolicy ()
  32.125 -{
  32.126 -	mapfile=$1
  32.127 -	secondary=`cat $mapfile  |   \
  32.128 -	         awk '             \
  32.129 -	          {                \
  32.130 -	            if ( $1 == "SECONDARY" ) { \
  32.131 -	              res=$2;                \
  32.132 -	            }                        \
  32.133 -	          } END {                    \
  32.134 -	            print res;               \
  32.135 -	          } '`
  32.136 -}
  32.137 -
  32.138 -
  32.139 -getDefaultSsid ()
  32.140 -{
  32.141 -	mapfile=$1
  32.142 -	pol=$2
  32.143 -	RES=`cat $mapfile    \
  32.144 -	     awk -vpol=$pol  \
  32.145 -	      {              \
  32.146 -	        if ($1 == "LABEL->SSID" && \
  32.147 -	            $2 == "ANY"         && \
  32.148 -	            $3 == pol           && \
  32.149 -	            $4 == "DEFAULT"       ) {\
  32.150 -	              res=$5;                \
  32.151 -	        }                            \
  32.152 -	      } END {                        \
  32.153 -	        printf "%04x", strtonum(res) \
  32.154 -	     }'`
  32.155 -	echo "default NULL mapping is $RES"
  32.156 -	defaultssid=$RES
  32.157 -}
  32.158 -
  32.159 -relabel ()
  32.160 -{
  32.161 -	vmfile=$1
  32.162 -	label=$2
  32.163 -	mapfile=$3
  32.164 -	mode=$4
  32.165 -
  32.166 -	if [ ! -r "$vmfile" ]; then
  32.167 -		echo "Cannot read from vm configuration file $vmfile."
  32.168 -		return -1
  32.169 -	fi
  32.170 -
  32.171 -	if [ ! -w "$vmfile" ]; then
  32.172 -		echo "Cannot write to vm configuration file $vmfile."
  32.173 -		return -1
  32.174 -	fi
  32.175 -
  32.176 -	if [ ! -r "$mapfile" ] ; then
  32.177 -		echo "Cannot read mapping file $mapfile."
  32.178 -		return -1
  32.179 -	fi
  32.180 -
  32.181 -	# Determine which policy is primary, which sec.
  32.182 -	getPrimaryPolicy $mapfile
  32.183 -	getSecondaryPolicy $mapfile
  32.184 -
  32.185 -	# Calculate the primary policy's SSIDREF
  32.186 -	if [ "$primary" == "NULL" ]; then
  32.187 -		SSIDLO="0000"
  32.188 -	else
  32.189 -		SSIDLO=`cat $mapfile |                    \
  32.190 -		        awk -vlabel=$label                \
  32.191 -		            -vprimary=$primary            \
  32.192 -		           '{                             \
  32.193 -		              if ( $1 == "LABEL->SSID" && \
  32.194 -		                   $2 == "VM" &&          \
  32.195 -		                   $3 == primary  &&      \
  32.196 -		                   $4 == label ) {        \
  32.197 -		                result=$5                 \
  32.198 -		              }                           \
  32.199 -		           } END {                        \
  32.200 -		             if (result != "" )           \
  32.201 -		               {printf "%04x", strtonum(result)}\
  32.202 -		           }'`
  32.203 -	fi
  32.204 -
  32.205 -	# Calculate the secondary policy's SSIDREF
  32.206 -	if [ "$secondary" == "NULL" ]; then
  32.207 -		SSIDHI="0000"
  32.208 -	else
  32.209 -		SSIDHI=`cat $mapfile |                    \
  32.210 -		        awk -vlabel=$label                \
  32.211 -		            -vsecondary=$secondary        \
  32.212 -		           '{                             \
  32.213 -		              if ( $1 == "LABEL->SSID" && \
  32.214 -		                   $2 == "VM"          && \
  32.215 -		                   $3 == secondary     && \
  32.216 -		                   $4 == label ) {        \
  32.217 -		                result=$5                 \
  32.218 -		              }                           \
  32.219 -		            }  END {                      \
  32.220 -		              if (result != "" )          \
  32.221 -		                {printf "%04x", strtonum(result)}\
  32.222 -		            }'`
  32.223 -	fi
  32.224 -
  32.225 -	if [ "$SSIDLO" == "" -o \
  32.226 -	     "$SSIDHI" == "" ]; then
  32.227 -		echo "Could not map the given label '$label'."
  32.228 -		return -1
  32.229 -	fi
  32.230 -
  32.231 -	ACM_POLICY=`cat $mapfile |             \
  32.232 -	    awk ' { if ( $1 == "POLICY" ) {    \
  32.233 -	              result=$2                \
  32.234 -	            }                          \
  32.235 -	          }                            \
  32.236 -	          END {                        \
  32.237 -	            if (result != "") {        \
  32.238 -	              printf result            \
  32.239 -	            }                          \
  32.240 -	          }'`
  32.241 -
  32.242 -	if [ "$ACM_POLICY" == "" ]; then
  32.243 -		echo "Could not find 'POLICY' entry in map file."
  32.244 -		return -1
  32.245 -	fi
  32.246 -
  32.247 -	SSIDREF="0x$SSIDHI$SSIDLO"
  32.248 -
  32.249 -	if [ "$mode" != "relabel" ]; then
  32.250 -		RES=`cat $vmfile |  \
  32.251 -		     awk '{         \
  32.252 -		       if ( substr($1,0,7) == "ssidref" ) {\
  32.253 -		         print $0;             \
  32.254 -		       }                       \
  32.255 -		     }'`
  32.256 -		if [ "$RES" != "" ]; then
  32.257 -			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  32.258 -			read user
  32.259 -			if [ "$user" != "y" -a "$user" != "Y" ]; then
  32.260 -				echo "Aborted."
  32.261 -				return 0
  32.262 -			fi
  32.263 -		fi
  32.264 -	fi
  32.265 -
  32.266 -	#Write the output
  32.267 -	vmtmp1="/tmp/__setlabel.tmp1"
  32.268 -	vmtmp2="/tmp/__setlabel.tmp2"
  32.269 -	touch $vmtmp1
  32.270 -	touch $vmtmp2
  32.271 -	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  32.272 -		echo "Cannot create temporary files. Aborting."
  32.273 -		return -1
  32.274 -	fi
  32.275 -	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  32.276 -	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  32.277 -	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  32.278 -	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  32.279 -	echo "#ACM_LABEL=$label" >> $vmtmp1
  32.280 -	echo "ssidref = $SSIDREF" >> $vmtmp1
  32.281 -	mv -f $vmtmp1 $vmfile
  32.282 -	rm -rf $vmtmp1 $vmtmp2
  32.283 -	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  32.284 -}
  32.285 -
  32.286 -
  32.287 -
  32.288  if [ "$1" == "-r" ]; then
  32.289  	mode="relabel"
  32.290  	shift
  32.291 @@ -317,10 +69,25 @@ fi
  32.292  
  32.293  if [ "$mode" == "show" ]; then
  32.294  	if [ "$1" == "" ]; then
  32.295 -		usage
  32.296 -		exit -1;
  32.297 +		findGrubConf
  32.298 +		ret=$?
  32.299 +		if [ $ret -eq 0 ]; then
  32.300 +			echo "Could not find grub.conf"
  32.301 +			exit -1;
  32.302 +		fi
  32.303 +		findPolicyInGrub $grubconf
  32.304 +		if [ "$policy" != "" ]; then
  32.305 +			echo "Assuming policy to be '$policy'.";
  32.306 +		else
  32.307 +			echo "Could not find policy."
  32.308 +			exit -1;
  32.309 +		fi
  32.310 +	else
  32.311 +		policy=$3;
  32.312  	fi
  32.313 -	findMapFile $1
  32.314 +
  32.315 +
  32.316 +	findMapFile $policy
  32.317  	res=$?
  32.318  	if [ "$res" != "0" ]; then
  32.319  		showLabels $mapfile
  32.320 @@ -330,11 +97,29 @@ if [ "$mode" == "show" ]; then
  32.321  elif [ "$mode" == "usage" ]; then
  32.322  	usage
  32.323  else
  32.324 -	if [ "$3" == "" ]; then
  32.325 +	if [ "$2" == "" ]; then
  32.326  		usage
  32.327 -		exit -1;
  32.328 +		exit -1
  32.329  	fi
  32.330 -	findMapFile $3
  32.331 +	if [ "$3" == "" ]; then
  32.332 +		findGrubConf
  32.333 +		ret=$?
  32.334 +		if [ $ret -eq 0 ]; then
  32.335 +			echo "Could not find grub.conf"
  32.336 +			exit -1;
  32.337 +		fi
  32.338 +		findPolicyInGrub $grubconf
  32.339 +		if [ "$policy" != "" ]; then
  32.340 +			echo "Assuming policy to be '$policy'.";
  32.341 +		else
  32.342 +			echo "Could not find policy."
  32.343 +			exit -1;
  32.344 +		fi
  32.345 +
  32.346 +	else
  32.347 +		policy=$3;
  32.348 +	fi
  32.349 +	findMapFile $policy
  32.350  	res=$?
  32.351  	if [ "$res" != "0" ]; then
  32.352  		relabel $1 $2 $mapfile $mode
    33.1 --- a/xen/Rules.mk	Fri Sep 02 14:15:49 2005 +0000
    33.2 +++ b/xen/Rules.mk	Fri Sep 02 14:17:08 2005 +0000
    33.3 @@ -7,7 +7,6 @@ debug       ?= n
    33.4  perfc       ?= n
    33.5  perfc_arrays?= n
    33.6  trace       ?= n
    33.7 -optimize    ?= y
    33.8  domu_debug  ?= n
    33.9  crash_debug ?= n
   33.10  
    34.1 --- a/xen/acm/acm_chinesewall_hooks.c	Fri Sep 02 14:15:49 2005 +0000
    34.2 +++ b/xen/acm/acm_chinesewall_hooks.c	Fri Sep 02 14:17:08 2005 +0000
    34.3 @@ -310,6 +310,28 @@ chwall_dump_stats(u8 *buf, u16 len)
    34.4  	return 0;
    34.5  }
    34.6  
    34.7 +static int
    34.8 +chwall_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
    34.9 +{
   34.10 +    int i;
   34.11 +
   34.12 +    /* fill in buffer */
   34.13 +    if (chwall_bin_pol.max_types > len)
   34.14 +        return -EFAULT;
   34.15 +
   34.16 +	if (ssidref >= chwall_bin_pol.max_ssidrefs)
   34.17 +		return -EFAULT;
   34.18 +
   34.19 +    /* read types for chwall ssidref */
   34.20 +    for(i=0; i< chwall_bin_pol.max_types; i++) {
   34.21 +        if (chwall_bin_pol.ssidrefs[ssidref * chwall_bin_pol.max_types + i])
   34.22 +            buf[i] = 1;
   34.23 +        else
   34.24 +            buf[i] = 0;
   34.25 +    }
   34.26 +    return chwall_bin_pol.max_types;
   34.27 +}
   34.28 +
   34.29  /***************************
   34.30   * Authorization functions
   34.31   ***************************/
   34.32 @@ -492,6 +514,7 @@ struct acm_operations acm_chinesewall_op
   34.33  	.dump_binary_policy		= chwall_dump_policy,
   34.34  	.set_binary_policy		= chwall_set_policy,
   34.35  	.dump_statistics		= chwall_dump_stats,
   34.36 +    .dump_ssid_types        = chwall_dump_ssid_types,
   34.37  	/* domain management control hooks */
   34.38  	.pre_domain_create     		= chwall_pre_domain_create,
   34.39  	.post_domain_create		= chwall_post_domain_create,
    35.1 --- a/xen/acm/acm_core.c	Fri Sep 02 14:15:49 2005 +0000
    35.2 +++ b/xen/acm/acm_core.c	Fri Sep 02 14:17:08 2005 +0000
    35.3 @@ -64,17 +64,18 @@ u8 little_endian = 1;
    35.4  void acm_set_endian(void)
    35.5  {
    35.6      u32 test = 1;
    35.7 -    if (*((u8 *)&test) == 1) {
    35.8 +    if (*((u8 *)&test) == 1)
    35.9 +    {
   35.10        	printk("ACM module running in LITTLE ENDIAN.\n");
   35.11 -	little_endian = 1;
   35.12 -    } else {
   35.13 -	printk("ACM module running in BIG ENDIAN.\n");
   35.14 -	little_endian = 0;
   35.15 +        little_endian = 1;
   35.16 +    }
   35.17 +    else
   35.18 +    {
   35.19 +        printk("ACM module running in BIG ENDIAN.\n");
   35.20 +        little_endian = 0;
   35.21      }
   35.22  }
   35.23  
   35.24 -#if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY)
   35.25 -
   35.26  /* initialize global security policy for Xen; policy write-locked already */
   35.27  static void
   35.28  acm_init_binary_policy(void *primary, void *secondary)
   35.29 @@ -101,7 +102,8 @@ acm_setup(unsigned int *initrdidx,
   35.30       * Try all modules and see whichever could be the binary policy.
   35.31       * Adjust the initrdidx if module[1] is the binary policy.
   35.32       */
   35.33 -    for (i = mbi->mods_count-1; i >= 1; i--) {
   35.34 +    for (i = mbi->mods_count-1; i >= 1; i--)
   35.35 +    {
   35.36          struct acm_policy_buffer *pol;
   35.37          char *_policy_start; 
   35.38          unsigned long _policy_len;
   35.39 @@ -117,23 +119,32 @@ acm_setup(unsigned int *initrdidx,
   35.40  		continue; /* not a policy */
   35.41  
   35.42          pol = (struct acm_policy_buffer *)_policy_start;
   35.43 -        if (ntohl(pol->magic) == ACM_MAGIC) {
   35.44 +        if (ntohl(pol->magic) == ACM_MAGIC)
   35.45 +        {
   35.46              rc = acm_set_policy((void *)_policy_start,
   35.47                                  (u16)_policy_len,
   35.48                                  0);
   35.49 -            if (rc == ACM_OK) {
   35.50 +            if (rc == ACM_OK)
   35.51 +            {
   35.52                  printf("Policy len  0x%lx, start at %p.\n",_policy_len,_policy_start);
   35.53 -                if (i == 1) {
   35.54 -                    if (mbi->mods_count > 2) {
   35.55 +                if (i == 1)
   35.56 +                {
   35.57 +                    if (mbi->mods_count > 2)
   35.58 +                    {
   35.59                          *initrdidx = 2;
   35.60 -                    } else {
   35.61 +                    }
   35.62 +                    else {
   35.63                          *initrdidx = 0;
   35.64                      }
   35.65 -                } else {
   35.66 +                }
   35.67 +                else
   35.68 +                {
   35.69                      *initrdidx = 1;
   35.70                  }
   35.71                  break;
   35.72 -            } else {
   35.73 +            }
   35.74 +            else
   35.75 +            {
   35.76              	printk("Invalid policy. %d.th module line.\n", i+1);
   35.77              }
   35.78          } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */
   35.79 @@ -147,57 +158,85 @@ acm_init(unsigned int *initrdidx,
   35.80           const multiboot_info_t *mbi,
   35.81           unsigned long initial_images_start)
   35.82  {
   35.83 -	int ret = -EINVAL;
   35.84 +	int ret = ACM_OK;
   35.85  
   35.86 -	acm_set_endian();
   35.87 +    acm_set_endian();
   35.88  	write_lock(&acm_bin_pol_rwlock);
   35.89 +    acm_init_binary_policy(NULL, NULL);
   35.90  
   35.91 -	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
   35.92 -		acm_init_binary_policy(NULL, NULL);
   35.93 -		acm_init_chwall_policy();
   35.94 +    /* set primary policy component */
   35.95 +    switch ((ACM_USE_SECURITY_POLICY) & 0x0f)
   35.96 +    {
   35.97 +
   35.98 +    case ACM_CHINESE_WALL_POLICY:
   35.99 +        acm_init_chwall_policy();
  35.100  		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
  35.101  		acm_primary_ops = &acm_chinesewall_ops;
  35.102 -		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  35.103 -		acm_secondary_ops = &acm_null_ops;
  35.104 -		ret = ACM_OK;
  35.105 -	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  35.106 -		acm_init_binary_policy(NULL, NULL);
  35.107 -		acm_init_ste_policy();
  35.108 +        break;
  35.109 +
  35.110 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  35.111 +        acm_init_ste_policy();
  35.112  		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  35.113  		acm_primary_ops = &acm_simple_type_enforcement_ops;
  35.114 +        break;
  35.115 +
  35.116 +    default:
  35.117 +        /* NULL or Unknown policy not allowed primary;
  35.118 +         * NULL/NULL will not compile this code */
  35.119 +        ret = -EINVAL;
  35.120 +        goto out;
  35.121 +    }
  35.122 +
  35.123 +    /* secondary policy component part */
  35.124 +    switch ((ACM_USE_SECURITY_POLICY) >> 4) {
  35.125 +    case ACM_NULL_POLICY:
  35.126  		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  35.127  		acm_secondary_ops = &acm_null_ops;
  35.128 -		ret = ACM_OK;
  35.129 -	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  35.130 -		acm_init_binary_policy(NULL, NULL);
  35.131 +		break;
  35.132 +
  35.133 +    case ACM_CHINESE_WALL_POLICY:
  35.134 +        if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
  35.135 +        {   /* not a valid combination */
  35.136 +            ret = -EINVAL;
  35.137 +            goto out;
  35.138 +        }
  35.139  		acm_init_chwall_policy();
  35.140 +        acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
  35.141 +		acm_secondary_ops = &acm_chinesewall_ops;
  35.142 +        break;
  35.143 +
  35.144 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  35.145 +        if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
  35.146 +        {   /* not a valid combination */
  35.147 +            ret = -EINVAL;
  35.148 +            goto out;
  35.149 +        }
  35.150  		acm_init_ste_policy();
  35.151 -		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
  35.152 -		acm_primary_ops = &acm_chinesewall_ops;
  35.153  		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  35.154  		acm_secondary_ops = &acm_simple_type_enforcement_ops;
  35.155 -		ret = ACM_OK;
  35.156 -	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
  35.157 -		acm_init_binary_policy(NULL, NULL);
  35.158 -		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
  35.159 -		acm_primary_ops = &acm_null_ops;
  35.160 -		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  35.161 -		acm_secondary_ops = &acm_null_ops;
  35.162 -		ret = ACM_OK;
  35.163 -	}
  35.164 +        break;
  35.165 +
  35.166 +    default:
  35.167 +        ret = -EINVAL;
  35.168 +        goto out;
  35.169 +    }
  35.170 +
  35.171 + out:
  35.172  	write_unlock(&acm_bin_pol_rwlock);
  35.173  
  35.174  	if (ret != ACM_OK)
  35.175 -		return -EINVAL;		
  35.176 +    {
  35.177 +        printk("%s: Error setting policies.\n", __func__);
  35.178 +        /* here one could imagine a clean panic */
  35.179 +		return -EINVAL;
  35.180 +	}
  35.181  	acm_setup(initrdidx, mbi, initial_images_start);
  35.182  	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
  35.183 -	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
  35.184 +	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
  35.185 +           ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
  35.186  	return ret;
  35.187  }
  35.188  
  35.189 -
  35.190 -#endif
  35.191 -
  35.192  int
  35.193  acm_init_domain_ssid(domid_t id, ssidref_t ssidref)
  35.194  {
  35.195 @@ -205,7 +244,8 @@ acm_init_domain_ssid(domid_t id, ssidref
  35.196  	struct domain *subj = find_domain_by_id(id);
  35.197  	int ret1, ret2;
  35.198  	
  35.199 -	if (subj == NULL) {
  35.200 +	if (subj == NULL)
  35.201 +    {
  35.202  		printk("%s: ACM_NULL_POINTER ERROR (id=%x).\n", __func__, id);
  35.203  		return ACM_NULL_POINTER_ERROR;
  35.204  	}
  35.205 @@ -235,14 +275,16 @@ acm_init_domain_ssid(domid_t id, ssidref
  35.206  	else
  35.207  		ret2 = ACM_OK;
  35.208  
  35.209 -	if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) {
  35.210 +	if ((ret1 != ACM_OK) || (ret2 != ACM_OK))
  35.211 +    {
  35.212  		printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n",
  35.213  		       __func__, subj->domain_id);
  35.214  		acm_free_domain_ssid(ssid);	
  35.215  	        put_domain(subj);
  35.216  		return ACM_INIT_SSID_ERROR;
  35.217  	}
  35.218 -	printk("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref);
  35.219 +	printk("%s: assigned domain %x the ssidref=%x.\n",
  35.220 +           __func__, id, ssid->ssidref);
  35.221  	put_domain(subj);
  35.222  	return ACM_OK;
  35.223  }
  35.224 @@ -254,11 +296,12 @@ acm_free_domain_ssid(struct acm_ssid_dom
  35.225  	domid_t id;
  35.226  
  35.227  	/* domain is already gone, just ssid is left */
  35.228 -	if (ssid == NULL) {
  35.229 +	if (ssid == NULL)
  35.230 +    {
  35.231  		printk("%s: ACM_NULL_POINTER ERROR.\n", __func__);
  35.232  		return ACM_NULL_POINTER_ERROR;
  35.233  	}
  35.234 -       	id = ssid->domainid;
  35.235 +    id = ssid->domainid;
  35.236  	ssid->subject  	     = NULL;
  35.237  
  35.238  	if (acm_primary_ops->free_domain_ssid != NULL) /* null policy */
  35.239 @@ -268,6 +311,7 @@ acm_free_domain_ssid(struct acm_ssid_dom
  35.240  		acm_secondary_ops->free_domain_ssid(ssid->secondary_ssid);
  35.241  	ssid->secondary_ssid = NULL;
  35.242  	xfree(ssid);
  35.243 -	printkd("%s: Freed individual domain ssid (domain=%02x).\n",__func__, id);
  35.244 +	printkd("%s: Freed individual domain ssid (domain=%02x).\n",
  35.245 +            __func__, id);
  35.246  	return ACM_OK;
  35.247  }
    36.1 --- a/xen/acm/acm_null_hooks.c	Fri Sep 02 14:15:49 2005 +0000
    36.2 +++ b/xen/acm/acm_null_hooks.c	Fri Sep 02 14:17:08 2005 +0000
    36.3 @@ -14,13 +14,13 @@
    36.4  #include <acm/acm_hooks.h>
    36.5  
    36.6  static int
    36.7 -null_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref)
    36.8 +null_init_domain_ssid(void **ssid, ssidref_t ssidref)
    36.9  {
   36.10  	return ACM_OK;
   36.11  }
   36.12  
   36.13  static void
   36.14 -null_free_domain_ssid(void *chwall_ssid)
   36.15 +null_free_domain_ssid(void *ssid)
   36.16  {
   36.17  	return;
   36.18  }
   36.19 @@ -44,6 +44,14 @@ null_dump_stats(u8 *buf, u16 buf_size)
   36.20  	return 0;
   36.21  }
   36.22  
   36.23 +static int
   36.24 +null_dump_ssid_types(ssidref_t ssidref, u8 *buffer, u16 buf_size)
   36.25 +{
   36.26 +    /* no types */
   36.27 +    return 0;
   36.28 +}
   36.29 +
   36.30 +
   36.31  /* now define the hook structure similarly to LSM */
   36.32  struct acm_operations acm_null_ops = {
   36.33  	.init_domain_ssid		= null_init_domain_ssid,
   36.34 @@ -51,6 +59,7 @@ struct acm_operations acm_null_ops = {
   36.35  	.dump_binary_policy           	= null_dump_binary_policy,
   36.36  	.set_binary_policy		= null_set_binary_policy,
   36.37  	.dump_statistics	        = null_dump_stats,
   36.38 +    .dump_ssid_types        = null_dump_ssid_types,
   36.39  	/* domain management control hooks */
   36.40  	.pre_domain_create     		= NULL,
   36.41  	.post_domain_create		= NULL,
    37.1 --- a/xen/acm/acm_policy.c	Fri Sep 02 14:15:49 2005 +0000
    37.2 +++ b/xen/acm/acm_policy.c	Fri Sep 02 14:17:08 2005 +0000
    37.3 @@ -26,8 +26,8 @@
    37.4  #include <xen/lib.h>
    37.5  #include <xen/delay.h>
    37.6  #include <xen/sched.h>
    37.7 +#include <acm/acm_core.h>
    37.8  #include <public/acm_ops.h>
    37.9 -#include <acm/acm_core.h>
   37.10  #include <acm/acm_hooks.h>
   37.11  #include <acm/acm_endian.h>
   37.12  
   37.13 @@ -37,14 +37,16 @@ acm_set_policy(void *buf, u16 buf_size, 
   37.14  	u8 *policy_buffer = NULL;
   37.15  	struct acm_policy_buffer *pol;
   37.16  	
   37.17 -     	if (buf_size < sizeof(struct acm_policy_buffer))
   37.18 +    if (buf_size < sizeof(struct acm_policy_buffer))
   37.19  		return -EFAULT;
   37.20  
   37.21  	/* 1. copy buffer from domain */
   37.22  	if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
   37.23 -	    goto error_free;
   37.24 +	    return -ENOMEM;
   37.25 +
   37.26  	if (isuserbuffer) {
   37.27 -		if (copy_from_user(policy_buffer, buf, buf_size)) {
   37.28 +		if (copy_from_user(policy_buffer, buf, buf_size))
   37.29 +        {
   37.30  			printk("%s: Error copying!\n",__func__);
   37.31  			goto error_free;
   37.32  		}
   37.33 @@ -57,11 +59,13 @@ acm_set_policy(void *buf, u16 buf_size, 
   37.34  	if ((ntohl(pol->magic) != ACM_MAGIC) || 
   37.35  	    (ntohl(pol->policy_version) != ACM_POLICY_VERSION) ||
   37.36  	    (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
   37.37 -	    (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) {
   37.38 +	    (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code))
   37.39 +    {
   37.40  		printkd("%s: Wrong policy magics or versions!\n", __func__);
   37.41  		goto error_free;
   37.42  	}
   37.43 -	if (buf_size != ntohl(pol->len)) {
   37.44 +	if (buf_size != ntohl(pol->len))
   37.45 +    {
   37.46  		printk("%s: ERROR in buf size.\n", __func__);
   37.47  		goto error_free;
   37.48  	}
   37.49 @@ -72,27 +76,25 @@ acm_set_policy(void *buf, u16 buf_size, 
   37.50  	/* 3. set primary policy data */
   37.51  	if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset),
   37.52                                                 ntohl(pol->secondary_buffer_offset) -
   37.53 -					       ntohl(pol->primary_buffer_offset))) {
   37.54 +					       ntohl(pol->primary_buffer_offset)))
   37.55  		goto error_lock_free;
   37.56 -	}
   37.57 +
   37.58  	/* 4. set secondary policy data */
   37.59  	if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset),
   37.60  						 ntohl(pol->len) - 
   37.61 -						 ntohl(pol->secondary_buffer_offset))) {
   37.62 +						 ntohl(pol->secondary_buffer_offset)))
   37.63  		goto error_lock_free;
   37.64 -	}
   37.65 +
   37.66  	write_unlock(&acm_bin_pol_rwlock);
   37.67 -	if (policy_buffer != NULL)
   37.68 -		xfree(policy_buffer);
   37.69 +	xfree(policy_buffer);
   37.70  	return ACM_OK;
   37.71  
   37.72   error_lock_free:
   37.73  	write_unlock(&acm_bin_pol_rwlock);
   37.74   error_free:
   37.75  	printk("%s: Error setting policy.\n", __func__);
   37.76 -	if (policy_buffer != NULL)
   37.77 -		xfree(policy_buffer);
   37.78 -	return -ENOMEM;
   37.79 +    xfree(policy_buffer);
   37.80 +	return -EFAULT;
   37.81  }
   37.82  
   37.83  int
   37.84 @@ -102,11 +104,14 @@ acm_get_policy(void *buf, u16 buf_size)
   37.85       int ret;
   37.86       struct acm_policy_buffer *bin_pol;
   37.87  	
   37.88 +    if (buf_size < sizeof(struct acm_policy_buffer))
   37.89 +		return -EFAULT;
   37.90 +
   37.91       if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
   37.92  	    return -ENOMEM;
   37.93  
   37.94       read_lock(&acm_bin_pol_rwlock);
   37.95 -     /* future: read policy from file and set it */
   37.96 +
   37.97       bin_pol = (struct acm_policy_buffer *)policy_buffer;
   37.98       bin_pol->magic = htonl(ACM_MAGIC);
   37.99       bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code);
  37.100 @@ -118,27 +123,30 @@ acm_get_policy(void *buf, u16 buf_size)
  37.101       
  37.102       ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset),
  37.103  				       buf_size - ntohl(bin_pol->primary_buffer_offset));
  37.104 -     if (ret < 0) {
  37.105 -	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
  37.106 -	     read_unlock(&acm_bin_pol_rwlock);
  37.107 -	     return -1;
  37.108 -     }
  37.109 +     if (ret < 0)
  37.110 +         goto error_free_unlock;
  37.111 +
  37.112       bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  37.113       bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
  37.114  
  37.115       ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohl(bin_pol->secondary_buffer_offset),
  37.116  				    buf_size - ntohl(bin_pol->secondary_buffer_offset));
  37.117 -     if (ret < 0) {
  37.118 -	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
  37.119 -	     read_unlock(&acm_bin_pol_rwlock);
  37.120 -	     return -1;
  37.121 -     }
  37.122 +     if (ret < 0)
  37.123 +         goto error_free_unlock;
  37.124 +
  37.125       bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  37.126 +     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
  37.127 +	     goto error_free_unlock;
  37.128 +
  37.129       read_unlock(&acm_bin_pol_rwlock);
  37.130 -     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
  37.131 -	     return -EFAULT;
  37.132       xfree(policy_buffer);
  37.133       return ACM_OK;
  37.134 +
  37.135 + error_free_unlock:
  37.136 +     read_unlock(&acm_bin_pol_rwlock);
  37.137 +     printk("%s: Error getting policy.\n", __func__);
  37.138 +     xfree(policy_buffer);
  37.139 +     return -EFAULT;
  37.140  }
  37.141  
  37.142  int
  37.143 @@ -185,4 +193,62 @@ acm_dump_statistics(void *buf, u16 buf_s
  37.144       return -EFAULT;
  37.145  }
  37.146  
  37.147 +
  37.148 +int
  37.149 +acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size)
  37.150 +{
  37.151 +    /* send stats to user space */
  37.152 +     u8 *ssid_buffer;
  37.153 +     int ret;
  37.154 +     struct acm_ssid_buffer *acm_ssid;
  37.155 +     if (buf_size < sizeof(struct acm_ssid_buffer))
  37.156 +		return -EFAULT;
  37.157 +
  37.158 +     if ((ssid_buffer = xmalloc_array(u8, buf_size)) == NULL)
  37.159 +	    return -ENOMEM;
  37.160 +
  37.161 +     read_lock(&acm_bin_pol_rwlock);
  37.162 +
  37.163 +     acm_ssid = (struct acm_ssid_buffer *)ssid_buffer;
  37.164 +     acm_ssid->len = sizeof(struct acm_ssid_buffer);
  37.165 +     acm_ssid->ssidref = ssidref;
  37.166 +     acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code;
  37.167 +     acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code;
  37.168 +     acm_ssid->primary_types_offset = acm_ssid->len;
  37.169 +
  37.170 +     /* ret >= 0 --> ret == max_types */
  37.171 +     ret = acm_primary_ops->dump_ssid_types(ACM_PRIMARY(ssidref),
  37.172 +                                            ssid_buffer + acm_ssid->primary_types_offset,
  37.173 +                                            buf_size - acm_ssid->primary_types_offset);
  37.174 +     if (ret < 0)
  37.175 +         goto error_free_unlock;
  37.176 +
  37.177 +     acm_ssid->len += ret;
  37.178 +     acm_ssid->primary_max_types = ret;
  37.179 +
  37.180 +     acm_ssid->secondary_types_offset = acm_ssid->len;
  37.181 +
  37.182 +     ret = acm_secondary_ops->dump_ssid_types(ACM_SECONDARY(ssidref),
  37.183 +                                              ssid_buffer + acm_ssid->secondary_types_offset,
  37.184 +                                              buf_size - acm_ssid->secondary_types_offset);
  37.185 +     if (ret < 0)
  37.186 +         goto error_free_unlock;
  37.187 +
  37.188 +     acm_ssid->len += ret;
  37.189 +     acm_ssid->secondary_max_types = ret;
  37.190 +
  37.191 +     if (copy_to_user(buf, ssid_buffer, acm_ssid->len))
  37.192 +	     goto error_free_unlock;
  37.193 +
  37.194 +     read_unlock(&acm_bin_pol_rwlock);
  37.195 +     xfree(ssid_buffer);
  37.196 +     return ACM_OK;
  37.197 +
  37.198 + error_free_unlock:
  37.199 +     read_unlock(&acm_bin_pol_rwlock);
  37.200 +     printk("%s: Error getting ssid.\n", __func__);
  37.201 +     xfree(ssid_buffer);
  37.202 +     return -ENOMEM;
  37.203 +}
  37.204 +
  37.205  /*eof*/
    38.1 --- a/xen/acm/acm_simple_type_enforcement_hooks.c	Fri Sep 02 14:15:49 2005 +0000
    38.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c	Fri Sep 02 14:17:08 2005 +0000
    38.3 @@ -383,6 +383,27 @@ ste_dump_stats(u8 *buf, u16 buf_len)
    38.4      return sizeof(struct acm_ste_stats_buffer);
    38.5  }
    38.6  
    38.7 +static int
    38.8 +ste_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
    38.9 +{
   38.10 +    int i;
   38.11 +
   38.12 +    /* fill in buffer */
   38.13 +    if (ste_bin_pol.max_types > len)
   38.14 +        return -EFAULT;
   38.15 +
   38.16 +	if (ssidref >= ste_bin_pol.max_ssidrefs)
   38.17 +		return -EFAULT;
   38.18 +
   38.19 +    /* read types for chwall ssidref */
   38.20 +    for(i=0; i< ste_bin_pol.max_types; i++) {
   38.21 +		if (ste_bin_pol.ssidrefs[ssidref * ste_bin_pol.max_types + i])
   38.22 +            buf[i] = 1;
   38.23 +        else
   38.24 +            buf[i] = 0;
   38.25 +    }
   38.26 +    return ste_bin_pol.max_types;
   38.27 +}
   38.28  
   38.29  /* we need to go through this before calling the hooks,
   38.30   * returns 1 == cache hit */
   38.31 @@ -625,22 +646,23 @@ struct acm_operations acm_simple_type_en
   38.32  	/* policy management services */
   38.33  	.init_domain_ssid		= ste_init_domain_ssid,
   38.34  	.free_domain_ssid		= ste_free_domain_ssid,
   38.35 -	.dump_binary_policy    	       	= ste_dump_policy,
   38.36 -	.set_binary_policy     		= ste_set_policy,
   38.37 +	.dump_binary_policy     = ste_dump_policy,
   38.38 +	.set_binary_policy      = ste_set_policy,
   38.39  	.dump_statistics		= ste_dump_stats,
   38.40 +    .dump_ssid_types        = ste_dump_ssid_types,
   38.41  	/* domain management control hooks */
   38.42  	.pre_domain_create     		= ste_pre_domain_create,
   38.43 -	.post_domain_create		= NULL,
   38.44 -	.fail_domain_create		= NULL,
   38.45 -	.post_domain_destroy		= ste_post_domain_destroy,
   38.46 +	.post_domain_create	    = NULL,
   38.47 +	.fail_domain_create     = NULL,
   38.48 +	.post_domain_destroy    = ste_post_domain_destroy,
   38.49  	/* event channel control hooks */
   38.50 -	.pre_eventchannel_unbound      	= ste_pre_eventchannel_unbound,
   38.51 +	.pre_eventchannel_unbound   = ste_pre_eventchannel_unbound,
   38.52  	.fail_eventchannel_unbound	= NULL,
   38.53  	.pre_eventchannel_interdomain	= ste_pre_eventchannel_interdomain,
   38.54  	.fail_eventchannel_interdomain  = NULL,
   38.55  	/* grant table control hooks */
   38.56 -	.pre_grant_map_ref       	= ste_pre_grant_map_ref,
   38.57 -	.fail_grant_map_ref		= NULL,
   38.58 -	.pre_grant_setup	       	= ste_pre_grant_setup,
   38.59 -	.fail_grant_setup		= NULL,
   38.60 +	.pre_grant_map_ref      = ste_pre_grant_map_ref,
   38.61 +	.fail_grant_map_ref     = NULL,
   38.62 +	.pre_grant_setup        = ste_pre_grant_setup,
   38.63 +	.fail_grant_setup       = NULL,
   38.64  };
    39.1 --- a/xen/arch/x86/Makefile	Fri Sep 02 14:15:49 2005 +0000
    39.2 +++ b/xen/arch/x86/Makefile	Fri Sep 02 14:17:08 2005 +0000
    39.3 @@ -17,7 +17,7 @@ endif
    39.4  
    39.5  OBJS := $(patsubst shadow%.o,,$(OBJS))	# drop all
    39.6  ifeq ($(TARGET_SUBARCH),x86_64) 
    39.7 - OBJS += shadow.o shadow_public.o	# x86_64: new code
    39.8 + OBJS += shadow.o shadow_public.o shadow_guest32.o	# x86_64: new code
    39.9  endif
   39.10  ifeq ($(TARGET_SUBARCH),x86_32) 
   39.11   ifneq ($(pae),n)
    40.1 --- a/xen/arch/x86/Rules.mk	Fri Sep 02 14:15:49 2005 +0000
    40.2 +++ b/xen/arch/x86/Rules.mk	Fri Sep 02 14:17:08 2005 +0000
    40.3 @@ -13,10 +13,8 @@ CFLAGS  += -I$(BASEDIR)/include
    40.4  CFLAGS  += -I$(BASEDIR)/include/asm-x86/mach-generic
    40.5  CFLAGS  += -I$(BASEDIR)/include/asm-x86/mach-default
    40.6  
    40.7 -ifeq ($(optimize),y)
    40.8 +ifneq ($(debug),y)
    40.9  CFLAGS  += -O3 -fomit-frame-pointer
   40.10 -else
   40.11 -x86_32/usercopy.o: CFLAGS += -O1
   40.12  endif
   40.13  
   40.14  # Prevent floating-point variables from creeping into Xen.
    41.1 --- a/xen/arch/x86/boot/x86_32.S	Fri Sep 02 14:15:49 2005 +0000
    41.2 +++ b/xen/arch/x86/boot/x86_32.S	Fri Sep 02 14:17:08 2005 +0000
    41.3 @@ -9,6 +9,8 @@
    41.4         	.text
    41.5  
    41.6  ENTRY(start)
    41.7 +ENTRY(stext)
    41.8 +ENTRY(_stext)
    41.9          jmp __start
   41.10  
   41.11          .align	4
   41.12 @@ -260,6 +262,3 @@ ENTRY(idle_pg_table_l2) # Initial page d
   41.13          .org 0x2000 + STACK_SIZE + PAGE_SIZE
   41.14  
   41.15  #endif /* CONFIG_X86_PAE */
   41.16 -
   41.17 -ENTRY(stext)
   41.18 -ENTRY(_stext)
    42.1 --- a/xen/arch/x86/boot/x86_64.S	Fri Sep 02 14:15:49 2005 +0000
    42.2 +++ b/xen/arch/x86/boot/x86_64.S	Fri Sep 02 14:17:08 2005 +0000
    42.3 @@ -10,6 +10,8 @@
    42.4          .code32
    42.5  
    42.6  ENTRY(start)
    42.7 +ENTRY(stext)
    42.8 +ENTRY(_stext)
    42.9          jmp __start
   42.10  
   42.11          .org    0x004
   42.12 @@ -267,5 +269,3 @@ ENTRY(idle_pg_table_l2)
   42.13  
   42.14          .org 0x4000 + STACK_SIZE + PAGE_SIZE
   42.15          .code64
   42.16 -ENTRY(stext)
   42.17 -ENTRY(_stext)
    43.1 --- a/xen/arch/x86/shadow.c	Fri Sep 02 14:15:49 2005 +0000
    43.2 +++ b/xen/arch/x86/shadow.c	Fri Sep 02 14:17:08 2005 +0000
    43.3 @@ -53,6 +53,9 @@ static unsigned long shadow_l4_table(
    43.4      struct domain *d, unsigned long gpfn, unsigned long gmfn);
    43.5  static void shadow_map_into_current(struct vcpu *v,
    43.6      unsigned long va, unsigned int from, unsigned int to);
    43.7 +static inline void validate_bl2e_change( struct domain *d,
    43.8 +	guest_root_pgentry_t *new_gle_p, pgentry_64_t *shadow_l3, int index);
    43.9 +
   43.10  #endif
   43.11  
   43.12  /********
   43.13 @@ -217,10 +220,38 @@ alloc_shadow_page(struct domain *d,
   43.14          }
   43.15          else
   43.16          {
   43.17 -            page = alloc_domheap_page(NULL);
   43.18 -            void *l1 = map_domain_page(page_to_pfn(page));
   43.19 -            memset(l1, 0, PAGE_SIZE);
   43.20 -            unmap_domain_page(l1);
   43.21 +            if (d->arch.ops->guest_paging_levels == PAGING_L2)
   43.22 +            {
   43.23 +#if CONFIG_PAGING_LEVELS >= 4
   43.24 +                /* For 32-bit VMX guest, 2 shadow L1s to simulate 1 guest L1
   43.25 +                 * So need allocate 2 continues shadow L1 each time.
   43.26 +                 */
   43.27 +                page = alloc_domheap_pages(NULL, SL1_ORDER, 0);
   43.28 +                if (!page)
   43.29 +                    domain_crash_synchronous();
   43.30 +
   43.31 +                void *l1_0 = map_domain_page(page_to_pfn(page));
   43.32 +                memset(l1_0,0,PAGE_SIZE);
   43.33 +                unmap_domain_page(l1_0);
   43.34 +                void *l1_1 = map_domain_page(page_to_pfn(page+1));
   43.35 +                memset(l1_1,0,PAGE_SIZE);
   43.36 +                unmap_domain_page(l1_1);
   43.37 +#else
   43.38 +                page = alloc_domheap_page(NULL);
   43.39 +                if (!page)
   43.40 +                    domain_crash_synchronous();
   43.41 +                void *l1 = map_domain_page(page_to_pfn(page));
   43.42 +                memset(l1, 0, PAGE_SIZE);
   43.43 +                unmap_domain_page(l1);
   43.44 +#endif
   43.45 +            }
   43.46 +            else
   43.47 +            {
   43.48 +                page = alloc_domheap_page(NULL);
   43.49 +                void *l1 = map_domain_page(page_to_pfn(page));
   43.50 +                memset(l1, 0, PAGE_SIZE);
   43.51 +                unmap_domain_page(l1);
   43.52 +            }
   43.53          }
   43.54      }
   43.55      else {
   43.56 @@ -331,7 +362,21 @@ alloc_shadow_page(struct domain *d,
   43.57    fail:
   43.58      FSH_LOG("promotion of pfn=%lx mfn=%lx failed!  external gnttab refs?",
   43.59              gpfn, gmfn);
   43.60 -    free_domheap_page(page);
   43.61 +    if (psh_type == PGT_l1_shadow)
   43.62 +    {
   43.63 +        if (d->arch.ops->guest_paging_levels == PAGING_L2)
   43.64 +        {
   43.65 +#if CONFIG_PAGING_LEVELS >=4
   43.66 +            free_domheap_pages(page, SL1_ORDER);
   43.67 +#else
   43.68 +            free_domheap_page(page);
   43.69 +#endif
   43.70 +        }
   43.71 +        else
   43.72 +            free_domheap_page(page);
   43.73 +    }
   43.74 +    else
   43.75 +        free_domheap_page(page);
   43.76      return 0;
   43.77  }
   43.78  
   43.79 @@ -478,8 +523,10 @@ static void shadow_map_l1_into_current_l
   43.80  { 
   43.81      struct vcpu *v = current;
   43.82      struct domain *d = v->domain;
   43.83 -    l1_pgentry_t *gpl1e, *spl1e;
   43.84 -    l2_pgentry_t gl2e, sl2e;
   43.85 +    l1_pgentry_t *spl1e;
   43.86 +    l2_pgentry_t sl2e;
   43.87 +    guest_l1_pgentry_t *gpl1e;
   43.88 +    guest_l2_pgentry_t gl2e;
   43.89      unsigned long gl1pfn, gl1mfn, sl1mfn;
   43.90      int i, init_table = 0;
   43.91  
   43.92 @@ -523,28 +570,49 @@ static void shadow_map_l1_into_current_l
   43.93      ASSERT( !(l2e_get_flags(old_sl2e) & _PAGE_PRESENT) );
   43.94  #endif
   43.95  
   43.96 -    if ( !get_shadow_ref(sl1mfn) )
   43.97 -        BUG();
   43.98 -    l2pde_general(d, &gl2e, &sl2e, sl1mfn);
   43.99 -    __guest_set_l2e(v, va, &gl2e);
  43.100 -    __shadow_set_l2e(v, va, &sl2e);
  43.101 +#if CONFIG_PAGING_LEVELS >=4
  43.102 +    if (d->arch.ops->guest_paging_levels == PAGING_L2)
  43.103 +    {
  43.104 +        /* for 32-bit VMX guest on 64-bit host, 
  43.105 +         * need update two L2 entries each time
  43.106 +         */
  43.107 +        if ( !get_shadow_ref(sl1mfn))
  43.108 +                BUG();
  43.109 +        l2pde_general(d, &gl2e, &sl2e, sl1mfn);
  43.110 +        __guest_set_l2e(v, va, &gl2e);
  43.111 +        __shadow_set_l2e(v, va & ~((1<<L2_PAGETABLE_SHIFT_32) - 1), &sl2e);
  43.112 +        if ( !get_shadow_ref(sl1mfn+1))
  43.113 +            BUG();
  43.114 +        sl2e = l2e_empty();
  43.115 +        l2pde_general(d, &gl2e, &sl2e, sl1mfn+1);
  43.116 +        __shadow_set_l2e(v,((va & ~((1<<L2_PAGETABLE_SHIFT_32) - 1)) + (1 << L2_PAGETABLE_SHIFT)) , &sl2e);
  43.117 +    } else
  43.118 +#endif
  43.119 +    {
  43.120 +        if ( !get_shadow_ref(sl1mfn) )
  43.121 +            BUG();
  43.122 +        l2pde_general(d, &gl2e, &sl2e, sl1mfn);
  43.123 +        __guest_set_l2e(v, va, &gl2e);
  43.124 +        __shadow_set_l2e(v, va , &sl2e);
  43.125 +    }
  43.126  
  43.127      if ( init_table )
  43.128      {
  43.129          l1_pgentry_t sl1e;
  43.130 -        int index = l1_table_offset(va);
  43.131 +        int index = guest_l1_table_offset(va);
  43.132          int min = 1, max = 0;
  43.133          
  43.134          unsigned long entries, pt_va;
  43.135          l1_pgentry_t tmp_sl1e;
  43.136 -        l1_pgentry_t tmp_gl1e;//Prepare for double compile
  43.137 -
  43.138 -
  43.139 -        entries = PAGE_SIZE / sizeof(l1_pgentry_t);
  43.140 +        guest_l1_pgentry_t tmp_gl1e;//Prepare for double compile
  43.141 +
  43.142 +
  43.143 +        entries = PAGE_SIZE / sizeof(guest_l1_pgentry_t);
  43.144          pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(entries - 1)) << L1_PAGETABLE_SHIFT;
  43.145 -        gpl1e = (l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gl1e);
  43.146 -
  43.147 -        entries = PAGE_SIZE / sizeof(l1_pgentry_t);
  43.148 +        gpl1e = (guest_l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gl1e);
  43.149 +
  43.150 +        /* If the PGT_l1_shadow has two continual pages */
  43.151 +        entries = PAGE_SIZE / sizeof(guest_l1_pgentry_t); //1024 entry!!!
  43.152          pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(entries - 1)) << L1_PAGETABLE_SHIFT;
  43.153          spl1e = (l1_pgentry_t *) __shadow_get_l1e(v, pt_va, &tmp_sl1e);
  43.154  
  43.155 @@ -555,7 +623,7 @@ static void shadow_map_l1_into_current_l
  43.156          spl1e = &(shadow_linear_pg_table[l1_linear_offset(va) &
  43.157                                       ~(L1_PAGETABLE_ENTRIES-1)]);*/
  43.158  
  43.159 -        for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ )
  43.160 +        for ( i = 0; i < GUEST_L1_PAGETABLE_ENTRIES; i++ )
  43.161          {
  43.162              l1pte_propagate_from_guest(d, gpl1e[i], &sl1e);
  43.163              if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) &&
  43.164 @@ -584,7 +652,7 @@ static void shadow_map_l1_into_current_l
  43.165      }
  43.166  }
  43.167  
  43.168 -static void 
  43.169 +static void
  43.170  shadow_set_l1e(unsigned long va, l1_pgentry_t new_spte, int create_l1_shadow)
  43.171  {
  43.172      struct vcpu *v = current;
  43.173 @@ -616,7 +684,7 @@ shadow_set_l1e(unsigned long va, l1_pgen
  43.174                  perfc_incrc(shadow_set_l1e_unlinked);
  43.175                  if ( !get_shadow_ref(sl1mfn) )
  43.176                      BUG();
  43.177 -                l2pde_general(d, &gpde, &sl2e, sl1mfn);
  43.178 +                l2pde_general(d, (guest_l2_pgentry_t *)&gpde, &sl2e, sl1mfn);
  43.179                  __guest_set_l2e(v, va, &gpde);
  43.180                  __shadow_set_l2e(v, va, &sl2e);
  43.181              }
  43.182 @@ -651,6 +719,7 @@ shadow_set_l1e(unsigned long va, l1_pgen
  43.183      shadow_update_min_max(l2e_get_pfn(sl2e), l1_table_offset(va));
  43.184  }
  43.185  
  43.186 +#if CONFIG_PAGING_LEVELS <= 3
  43.187  static void shadow_invlpg_32(struct vcpu *v, unsigned long va)
  43.188  {
  43.189      struct domain *d = v->domain;
  43.190 @@ -679,6 +748,7 @@ static void shadow_invlpg_32(struct vcpu
  43.191  
  43.192      shadow_unlock(d);
  43.193  }
  43.194 +#endif
  43.195  
  43.196  static struct out_of_sync_entry *
  43.197  shadow_alloc_oos_entry(struct domain *d)
  43.198 @@ -759,8 +829,8 @@ shadow_make_snapshot(
  43.199      length = max - min + 1;
  43.200      perfc_incr_histo(snapshot_copies, length, PT_UPDATES);
  43.201  
  43.202 -    min *= sizeof(l1_pgentry_t);
  43.203 -    length *= sizeof(l1_pgentry_t);
  43.204 +    min *= sizeof(guest_l1_pgentry_t);
  43.205 +    length *= sizeof(guest_l1_pgentry_t);
  43.206  
  43.207      original = map_domain_page(gmfn);
  43.208      snapshot = map_domain_page(smfn);
  43.209 @@ -841,7 +911,7 @@ static void shadow_mark_va_out_of_sync(
  43.210  
  43.211          __shadow_get_l4e(v, va, &sl4e);
  43.212          if ( !(l4e_get_flags(sl4e) & _PAGE_PRESENT)) {
  43.213 -            shadow_map_into_current(v, va, L3, L4);
  43.214 +            shadow_map_into_current(v, va, PAGING_L3, PAGING_L4);
  43.215          }
  43.216  
  43.217          if (!__shadow_get_l3e(v, va, &sl3e)) {
  43.218 @@ -849,7 +919,7 @@ static void shadow_mark_va_out_of_sync(
  43.219          }
  43.220  
  43.221          if ( !(l3e_get_flags(sl3e) & _PAGE_PRESENT)) {
  43.222 -            shadow_map_into_current(v, va, L2, L3);
  43.223 +            shadow_map_into_current(v, va, PAGING_L2, PAGING_L3);
  43.224          }
  43.225      }
  43.226  #endif
  43.227 @@ -887,11 +957,11 @@ static void shadow_mark_va_out_of_sync(
  43.228   * Returns 0 otherwise.
  43.229   */
  43.230  static int snapshot_entry_matches(
  43.231 -    struct domain *d, l1_pgentry_t *guest_pt,
  43.232 +    struct domain *d, guest_l1_pgentry_t *guest_pt,
  43.233      unsigned long gpfn, unsigned index)
  43.234  {
  43.235      unsigned long smfn = __shadow_status(d, gpfn, PGT_snapshot);
  43.236 -    l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ...
  43.237 +    guest_l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ...
  43.238      int entries_match;
  43.239  
  43.240      perfc_incrc(snapshot_entry_matches_calls);
  43.241 @@ -908,7 +978,7 @@ static int snapshot_entry_matches(
  43.242      // This could probably be smarter, but this is sufficent for
  43.243      // our current needs.
  43.244      //
  43.245 -    entries_match = !l1e_has_changed(gpte, snapshot[index],
  43.246 +    entries_match = !guest_l1e_has_changed(gpte, snapshot[index],
  43.247                                       PAGE_FLAG_MASK);
  43.248  
  43.249      unmap_domain_page(snapshot);
  43.250 @@ -936,10 +1006,10 @@ static int is_out_of_sync(struct vcpu *v
  43.251      unsigned long l2mfn = pagetable_get_pfn(v->arch.guest_table);
  43.252  #endif
  43.253      unsigned long l2pfn = __mfn_to_gpfn(d, l2mfn);
  43.254 -    l2_pgentry_t l2e;
  43.255 +    guest_l2_pgentry_t l2e;
  43.256      unsigned long l1pfn, l1mfn;
  43.257 -    l1_pgentry_t *guest_pt;
  43.258 -    l1_pgentry_t tmp_gle;
  43.259 +    guest_l1_pgentry_t *guest_pt;
  43.260 +    guest_l1_pgentry_t tmp_gle;
  43.261      unsigned long pt_va;
  43.262  
  43.263      ASSERT(shadow_lock_is_acquired(d));
  43.264 @@ -948,7 +1018,7 @@ static int is_out_of_sync(struct vcpu *v
  43.265      perfc_incrc(shadow_out_of_sync_calls);
  43.266  
  43.267  #if CONFIG_PAGING_LEVELS >= 4
  43.268 -    if (d->arch.ops->guest_paging_levels == L4) { /* Mode F */
  43.269 +    if (d->arch.ops->guest_paging_levels == PAGING_L4) { /* Mode F */
  43.270          pgentry_64_t le;
  43.271          unsigned long gmfn;
  43.272          unsigned long gpfn;
  43.273 @@ -956,9 +1026,9 @@ static int is_out_of_sync(struct vcpu *v
  43.274  
  43.275          gmfn = l2mfn;
  43.276          gpfn = l2pfn;
  43.277 -        guest_pt = (l1_pgentry_t *)v->arch.guest_vtable;
  43.278 -
  43.279 -        for (i = L4; i >= L3; i--) {
  43.280 +        guest_pt = (guest_l1_pgentry_t *)v->arch.guest_vtable;
  43.281 +
  43.282 +        for (i = PAGING_L4; i >= PAGING_L3; i--) {
  43.283              if ( page_out_of_sync(&frame_table[gmfn]) &&
  43.284                !snapshot_entry_matches(
  43.285                    d, guest_pt, gpfn, table_offset_64(va, i)) )
  43.286 @@ -972,7 +1042,7 @@ static int is_out_of_sync(struct vcpu *v
  43.287              if ( !VALID_MFN(gmfn) )
  43.288                  return 0;
  43.289              /* Todo: check!*/
  43.290 -            guest_pt = (l1_pgentry_t *)map_domain_page(gmfn);
  43.291 +            guest_pt = (guest_l1_pgentry_t *)map_domain_page(gmfn);
  43.292  
  43.293          }
  43.294  
  43.295 @@ -986,13 +1056,13 @@ static int is_out_of_sync(struct vcpu *v
  43.296  #endif
  43.297  
  43.298      if ( page_out_of_sync(&frame_table[l2mfn]) &&
  43.299 -         !snapshot_entry_matches(d, (l1_pgentry_t *)v->arch.guest_vtable,
  43.300 -                                 l2pfn, l2_table_offset(va)) )
  43.301 +         !snapshot_entry_matches(d, (guest_l1_pgentry_t *)v->arch.guest_vtable,
  43.302 +                                 l2pfn, guest_l2_table_offset(va)) )
  43.303          return 1;
  43.304  
  43.305      __guest_get_l2e(v, va, &l2e);
  43.306 -    if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || 
  43.307 -         (l2e_get_flags(l2e) & _PAGE_PSE))
  43.308 +    if ( !(guest_l2e_get_flags(l2e) & _PAGE_PRESENT) || 
  43.309 +         (guest_l2e_get_flags(l2e) & _PAGE_PSE))
  43.310          return 0;
  43.311  
  43.312      l1pfn = l2e_get_pfn(l2e);
  43.313 @@ -1001,20 +1071,20 @@ static int is_out_of_sync(struct vcpu *v
  43.314      // If the l1 pfn is invalid, it can't be out of sync...
  43.315      if ( !VALID_MFN(l1mfn) )
  43.316          return 0;
  43.317 -    
  43.318 -    pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(L1_PAGETABLE_ENTRIES - 1))
  43.319 +
  43.320 +    pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(GUEST_L1_PAGETABLE_ENTRIES - 1))
  43.321        << L1_PAGETABLE_SHIFT;
  43.322 -    guest_pt = (l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gle);
  43.323 +    guest_pt = (guest_l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gle);
  43.324  
  43.325      if ( page_out_of_sync(&frame_table[l1mfn]) &&
  43.326           !snapshot_entry_matches(
  43.327 -             d, guest_pt, l1pfn, l1_table_offset(va)) )
  43.328 +             d, guest_pt, l1pfn, guest_l1_table_offset(va)) )
  43.329          return 1;
  43.330  
  43.331      return 0;
  43.332  }
  43.333  
  43.334 -#define GPFN_TO_GPTEPAGE(_gpfn) ((_gpfn) / (PAGE_SIZE / sizeof(l1_pgentry_t)))
  43.335 +#define GPFN_TO_GPTEPAGE(_gpfn) ((_gpfn) / (PAGE_SIZE / sizeof(guest_l1_pgentry_t)))
  43.336  static inline unsigned long
  43.337  predict_writable_pte_page(struct domain *d, unsigned long gpfn)
  43.338  {
  43.339 @@ -1108,7 +1178,7 @@ static u32 remove_all_write_access_in_pt
  43.340          return (found == max_refs_to_find);
  43.341      }
  43.342  
  43.343 -    i = readonly_gpfn & (L1_PAGETABLE_ENTRIES - 1);
  43.344 +    i = readonly_gpfn & (GUEST_L1_PAGETABLE_ENTRIES - 1);
  43.345      if ( !l1e_has_changed(pt[i], match, flags) && fix_entry(i) )
  43.346      {
  43.347          perfc_incrc(remove_write_fast_exit);
  43.348 @@ -1117,7 +1187,7 @@ static u32 remove_all_write_access_in_pt
  43.349          return found;
  43.350      }
  43.351   
  43.352 -    for (i = 0; i < L1_PAGETABLE_ENTRIES; i++)
  43.353 +    for (i = 0; i < GUEST_L1_PAGETABLE_ENTRIES; i++)
  43.354      {
  43.355          if ( unlikely(!l1e_has_changed(pt[i], match, flags)) && fix_entry(i) )
  43.356              break;
  43.357 @@ -1282,15 +1352,15 @@ static int resync_all(struct domain *d, 
  43.358          switch ( stype ) {
  43.359          case PGT_l1_shadow:
  43.360          {
  43.361 -            l1_pgentry_t *guest1 = guest;
  43.362 +            guest_l1_pgentry_t *guest1 = guest;
  43.363              l1_pgentry_t *shadow1 = shadow;
  43.364 -            l1_pgentry_t *snapshot1 = snapshot;
  43.365 +            guest_l1_pgentry_t *snapshot1 = snapshot;
  43.366  
  43.367              ASSERT(VM_ASSIST(d, VMASST_TYPE_writable_pagetables) ||
  43.368                     shadow_mode_write_all(d));
  43.369  
  43.370              if ( !shadow_mode_refcounts(d) )
  43.371 -                revalidate_l1(d, guest1, snapshot1);
  43.372 +                revalidate_l1(d, (l1_pgentry_t *)guest1, (l1_pgentry_t *)snapshot1);
  43.373  
  43.374              if ( !smfn )
  43.375                  break;
  43.376 @@ -1301,7 +1371,7 @@ static int resync_all(struct domain *d, 
  43.377              for ( i = min_shadow; i <= max_shadow; i++ )
  43.378              {
  43.379                  if ( (i < min_snapshot) || (i > max_snapshot) ||
  43.380 -                     l1e_has_changed(guest1[i], snapshot1[i], PAGE_FLAG_MASK) )
  43.381 +                     guest_l1e_has_changed(guest1[i], snapshot1[i], PAGE_FLAG_MASK) )
  43.382                  {
  43.383                      need_flush |= validate_pte_change(d, guest1[i], &shadow1[i]);
  43.384  
  43.385 @@ -1431,32 +1501,36 @@ static int resync_all(struct domain *d, 
  43.386          {
  43.387              int max = -1;
  43.388  
  43.389 -            l4_pgentry_t *guest4 = guest;
  43.390 +            guest_root_pgentry_t *guest_root = guest;
  43.391              l4_pgentry_t *shadow4 = shadow;
  43.392 -            l4_pgentry_t *snapshot4 = snapshot;
  43.393 +            guest_root_pgentry_t *snapshot_root = snapshot;
  43.394  
  43.395              changed = 0;
  43.396 -            for ( i = 0; i < L4_PAGETABLE_ENTRIES; i++ )
  43.397 +            for ( i = 0; i < GUEST_ROOT_PAGETABLE_ENTRIES; i++ )
  43.398              {
  43.399                  if ( !is_guest_l4_slot(i) && !external )
  43.400                      continue;
  43.401 -                l4_pgentry_t new_l4e = guest4[i];
  43.402 -                if ( l4e_has_changed(new_l4e, snapshot4[i], PAGE_FLAG_MASK))
  43.403 +                guest_root_pgentry_t new_root_e = guest_root[i];
  43.404 +                if ( root_entry_has_changed(
  43.405 +                        new_root_e, snapshot_root[i], PAGE_FLAG_MASK))
  43.406                  {
  43.407 -                    need_flush |= validate_entry_change(
  43.408 -                      d, (pgentry_64_t *)&new_l4e,
  43.409 -                      (pgentry_64_t *)&shadow4[i], shadow_type_to_level(stype));
  43.410 -
  43.411 +                    if (d->arch.ops->guest_paging_levels == PAGING_L4) {
  43.412 +                        need_flush |= validate_entry_change(
  43.413 +                          d, (pgentry_64_t *)&new_root_e,
  43.414 +                          (pgentry_64_t *)&shadow4[i], shadow_type_to_level(stype));
  43.415 +                    } else {
  43.416 +                        validate_bl2e_change(d, &new_root_e, shadow, i);
  43.417 +                    }
  43.418                      changed++;
  43.419                      ESH_LOG("%d: shadow4 mfn: %lx, shadow root: %lx\n", i,
  43.420                        smfn, pagetable_get_paddr(current->arch.shadow_table));
  43.421                  }
  43.422 -                if ( l4e_get_intpte(new_l4e) != 0 ) /* FIXME: check flags? */
  43.423 +                if ( guest_root_get_intpte(new_root_e) != 0 ) /* FIXME: check flags? */
  43.424                      max = i;
  43.425  
  43.426                  //  Need a better solution in the long term.
  43.427 -                if ( !(l4e_get_flags(new_l4e) & _PAGE_PRESENT) &&
  43.428 -                  unlikely(l4e_get_intpte(new_l4e) != 0) &&
  43.429 +                if ( !(guest_root_get_flags(new_root_e) & _PAGE_PRESENT) &&
  43.430 +                  unlikely(guest_root_get_intpte(new_root_e) != 0) &&
  43.431                    !unshadow &&
  43.432                    (frame_table[smfn].u.inuse.type_info & PGT_pinned) )
  43.433                      unshadow = 1;
  43.434 @@ -1555,8 +1629,14 @@ static void sync_all(struct domain *d)
  43.435      if ( shadow_mode_translate(d) )
  43.436          need_flush |= resync_all(d, PGT_hl2_shadow);
  43.437  #endif
  43.438 -    need_flush |= resync_all(d, PGT_l2_shadow);
  43.439 -    need_flush |= resync_all(d, PGT_l3_shadow);
  43.440 +
  43.441 +    /*
  43.442 +     * Fixme: for i386 host
  43.443 +     */
  43.444 +    if (d->arch.ops->guest_paging_levels == PAGING_L4) {
  43.445 +        need_flush |= resync_all(d, PGT_l2_shadow);
  43.446 +        need_flush |= resync_all(d, PGT_l3_shadow);
  43.447 +    }
  43.448      need_flush |= resync_all(d, PGT_l4_shadow);
  43.449  
  43.450      if ( need_flush && !unlikely(shadow_mode_external(d)) )
  43.451 @@ -1566,11 +1646,11 @@ static void sync_all(struct domain *d)
  43.452  }
  43.453  
  43.454  static inline int l1pte_write_fault(
  43.455 -    struct vcpu *v, l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p,
  43.456 +    struct vcpu *v, guest_l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p,
  43.457      unsigned long va)
  43.458  {
  43.459      struct domain *d = v->domain;
  43.460 -    l1_pgentry_t gpte = *gpte_p;
  43.461 +    guest_l1_pgentry_t gpte = *gpte_p;
  43.462      l1_pgentry_t spte;
  43.463      unsigned long gpfn = l1e_get_pfn(gpte);
  43.464      unsigned long gmfn = __gpfn_to_mfn(d, gpfn);
  43.465 @@ -1585,8 +1665,8 @@ static inline int l1pte_write_fault(
  43.466      }
  43.467  
  43.468      ASSERT(l1e_get_flags(gpte) & _PAGE_RW);
  43.469 -    l1e_add_flags(gpte, _PAGE_DIRTY | _PAGE_ACCESSED);
  43.470 -    spte = l1e_from_pfn(gmfn, l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  43.471 +    guest_l1e_add_flags(gpte, _PAGE_DIRTY | _PAGE_ACCESSED);
  43.472 +    spte = l1e_from_pfn(gmfn, guest_l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  43.473  
  43.474      SH_VVLOG("l1pte_write_fault: updating spte=0x%" PRIpte " gpte=0x%" PRIpte,
  43.475               l1e_get_intpte(spte), l1e_get_intpte(gpte));
  43.476 @@ -1604,9 +1684,9 @@ static inline int l1pte_write_fault(
  43.477  }
  43.478  
  43.479  static inline int l1pte_read_fault(
  43.480 -    struct domain *d, l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p)
  43.481 +    struct domain *d, guest_l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p)
  43.482  { 
  43.483 -    l1_pgentry_t gpte = *gpte_p;
  43.484 +    guest_l1_pgentry_t gpte = *gpte_p;
  43.485      l1_pgentry_t spte = *spte_p;
  43.486      unsigned long pfn = l1e_get_pfn(gpte);
  43.487      unsigned long mfn = __gpfn_to_mfn(d, pfn);
  43.488 @@ -1618,10 +1698,10 @@ static inline int l1pte_read_fault(
  43.489          return 0;
  43.490      }
  43.491  
  43.492 -    l1e_add_flags(gpte, _PAGE_ACCESSED);
  43.493 -    spte = l1e_from_pfn(mfn, l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  43.494 -
  43.495 -    if ( shadow_mode_log_dirty(d) || !(l1e_get_flags(gpte) & _PAGE_DIRTY) ||
  43.496 +    guest_l1e_add_flags(gpte, _PAGE_ACCESSED);
  43.497 +    spte = l1e_from_pfn(mfn, guest_l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  43.498 +
  43.499 +    if ( shadow_mode_log_dirty(d) || !(guest_l1e_get_flags(gpte) & _PAGE_DIRTY) ||
  43.500           mfn_is_page_table(mfn) )
  43.501      {
  43.502          l1e_remove_flags(spte, _PAGE_RW);
  43.503 @@ -1634,7 +1714,7 @@ static inline int l1pte_read_fault(
  43.504  
  43.505      return 1;
  43.506  }
  43.507 -
  43.508 +#if CONFIG_PAGING_LEVELS <= 3
  43.509  static int shadow_fault_32(unsigned long va, struct cpu_user_regs *regs)
  43.510  {
  43.511      l1_pgentry_t gpte, spte, orig_gpte;
  43.512 @@ -1768,6 +1848,7 @@ static int shadow_fault_32(unsigned long
  43.513      shadow_unlock(d);
  43.514      return 0;
  43.515  }
  43.516 +#endif
  43.517  
  43.518  static int do_update_va_mapping(unsigned long va,
  43.519                                  l1_pgentry_t val,
  43.520 @@ -1787,7 +1868,7 @@ static int do_update_va_mapping(unsigned
  43.521      //
  43.522      __shadow_sync_va(v, va);
  43.523  
  43.524 -    l1pte_propagate_from_guest(d, val, &spte);
  43.525 +    l1pte_propagate_from_guest(d, *(guest_l1_pgentry_t *)&val, &spte);
  43.526      shadow_set_l1e(va, spte, 0);
  43.527  
  43.528      /*
  43.529 @@ -1848,7 +1929,7 @@ static void shadow_update_pagetables(str
  43.530  #if CONFIG_PAGING_LEVELS == 2
  43.531      unsigned long hl2mfn;
  43.532  #endif
  43.533 -  
  43.534 +
  43.535      int max_mode = ( shadow_mode_external(d) ? SHM_external
  43.536                       : shadow_mode_translate(d) ? SHM_translate
  43.537                       : shadow_mode_enabled(d) ? SHM_enable
  43.538 @@ -1954,17 +2035,6 @@ static void shadow_update_pagetables(str
  43.539  #endif
  43.540  }
  43.541  
  43.542 -struct shadow_ops MODE_A_HANDLER = {
  43.543 -    .guest_paging_levels        = 2,
  43.544 -    .invlpg                     = shadow_invlpg_32,
  43.545 -    .fault                      = shadow_fault_32,
  43.546 -    .update_pagetables          = shadow_update_pagetables,
  43.547 -    .sync_all                   = sync_all,
  43.548 -    .remove_all_write_access    = remove_all_write_access,
  43.549 -    .do_update_va_mapping       = do_update_va_mapping,
  43.550 -    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  43.551 -    .is_out_of_sync             = is_out_of_sync,
  43.552 -};
  43.553  
  43.554  /************************************************************************/
  43.555  /************************************************************************/
  43.556 @@ -2445,12 +2515,90 @@ static unsigned long shadow_l3_table(
  43.557      BUG();                      /* not implemenated yet */
  43.558      return 42;
  43.559  }
  43.560 +static unsigned long gva_to_gpa_pae(unsigned long gva)
  43.561 +{
  43.562 +    BUG();
  43.563 +    return 43;
  43.564 +}
  43.565  #endif
  43.566  
  43.567  #if CONFIG_PAGING_LEVELS >= 4
  43.568  /****************************************************************************/
  43.569  /* 64-bit shadow-mode code testing */
  43.570  /****************************************************************************/
  43.571 +/*
  43.572 + * validate_bl2e_change()
  43.573 + * The code is for 32-bit VMX gues on 64-bit host.
  43.574 + * To sync guest L2.
  43.575 + */
  43.576 +
  43.577 +static inline void
  43.578 +validate_bl2e_change(
  43.579 +  struct domain *d,
  43.580 +  guest_root_pgentry_t *new_gle_p,
  43.581 +  pgentry_64_t *shadow_l3,
  43.582 +  int index)
  43.583 +{
  43.584 +    int sl3_idx, sl2_idx;
  43.585 +    unsigned long sl2mfn, sl1mfn;
  43.586 +    pgentry_64_t *sl2_p;
  43.587 +
  43.588 +    /* Using guest l2 pte index to get shadow l3&l2 index
  43.589 +     * index: 0 ~ 1023, PAGETABLE_ENTRIES: 512
  43.590 +     */
  43.591 +    sl3_idx = index / (PAGETABLE_ENTRIES / 2);
  43.592 +    sl2_idx = (index % (PAGETABLE_ENTRIES / 2)) * 2;
  43.593 +
  43.594 +    sl2mfn = entry_get_pfn(shadow_l3[sl3_idx]);
  43.595 +    sl2_p = (pgentry_64_t *)map_domain_page(sl2mfn);
  43.596 +
  43.597 +    validate_pde_change(
  43.598 +        d, *(guest_l2_pgentry_t *)new_gle_p, (l2_pgentry_t *)&sl2_p[sl2_idx]);
  43.599 +
  43.600 +    /* Mapping the second l1 shadow page */
  43.601 +    if (entry_get_flags(sl2_p[sl2_idx]) & _PAGE_PRESENT) {
  43.602 +       sl1mfn = entry_get_pfn(sl2_p[sl2_idx]);
  43.603 +       sl2_p[sl2_idx + 1] =
  43.604 +            entry_from_pfn(sl1mfn + 1, entry_get_flags(sl2_p[sl2_idx]));
  43.605 +    }
  43.606 +    unmap_domain_page(sl2_p);
  43.607 +
  43.608 +}
  43.609 +
  43.610 +/*
  43.611 + * init_bl2() is for 32-bit VMX guest on 64-bit host
  43.612 + * Using 1 shadow L4(l3) and 4 shadow L2s to simulate guest L2
  43.613 + */
  43.614 +static inline unsigned long init_bl2(l4_pgentry_t *spl4e, unsigned long smfn)
  43.615 +{
  43.616 +    unsigned int count;
  43.617 +    unsigned long sl2mfn;
  43.618 +    struct pfn_info *page;
  43.619 +
  43.620 +    memset(spl4e, 0, PAGE_SIZE);
  43.621 +
  43.622 +    /* Map the self entry, L4&L3 share the same page */
  43.623 +    spl4e[PAE_SHADOW_SELF_ENTRY] = l4e_from_pfn(smfn, __PAGE_HYPERVISOR);
  43.624 +
  43.625 +    /* Allocate 4 shadow L2s */
  43.626 +    page = alloc_domheap_pages(NULL, SL2_ORDER, 0);
  43.627 +    if (!page)
  43.628 +        domain_crash_synchronous();
  43.629 +
  43.630 +    for (count = 0; count < PDP_ENTRIES; count++)
  43.631 +    {
  43.632 +        sl2mfn = page_to_pfn(page+count);
  43.633 +        void *l2 = map_domain_page(sl2mfn);
  43.634 +        memset(l2, 0, PAGE_SIZE);
  43.635 +        unmap_domain_page(l2);
  43.636 +        spl4e[count] = l4e_from_pfn(sl2mfn, _PAGE_PRESENT);
  43.637 +    }
  43.638 +
  43.639 +    unmap_domain_page(spl4e);
  43.640 +    return smfn;
  43.641 +
  43.642 +
  43.643 +}
  43.644  
  43.645  static unsigned long shadow_l4_table(
  43.646    struct domain *d, unsigned long gpfn, unsigned long gmfn)
  43.647 @@ -2464,11 +2612,16 @@ static unsigned long shadow_l4_table(
  43.648  
  43.649      if ( unlikely(!(smfn = alloc_shadow_page(d, gpfn, gmfn, PGT_l4_shadow))) )
  43.650      {
  43.651 -        printk("Couldn't alloc an L2 shadow for pfn=%lx mfn=%lx\n", gpfn, gmfn);
  43.652 +        printk("Couldn't alloc an L4 shadow for pfn=%lx mfn=%lx\n", gpfn, gmfn);
  43.653          BUG(); /* XXX Deal gracefully with failure. */
  43.654      }
  43.655  
  43.656      spl4e = (l4_pgentry_t *)map_domain_page(smfn);
  43.657 +
  43.658 +    if (d->arch.ops->guest_paging_levels == PAGING_L2) {
  43.659 +        return init_bl2(spl4e, smfn);
  43.660 +    }
  43.661 +
  43.662      /* Install hypervisor and 4x linear p.t. mapings. */
  43.663      if ( (PGT_base_page_table == PGT_l4_page_table) &&
  43.664        !shadow_mode_external(d) )
  43.665 @@ -2576,7 +2729,7 @@ static void shadow_map_into_current(stru
  43.666      pgentry_64_t gle, sle;
  43.667      unsigned long gpfn, smfn;
  43.668  
  43.669 -    if (from == L1 && to == L2) {
  43.670 +    if (from == PAGING_L1 && to == PAGING_L2) {
  43.671          shadow_map_l1_into_current_l2(va);
  43.672          return;
  43.673      }
  43.674 @@ -2608,7 +2761,7 @@ static void shadow_set_l2e_64(unsigned l
  43.675      if (!(l4e_get_flags(sl4e) & _PAGE_PRESENT)) {
  43.676          if (create_l2_shadow) {
  43.677              perfc_incrc(shadow_set_l3e_force_map);
  43.678 -            shadow_map_into_current(v, va, L3, L4);
  43.679 +            shadow_map_into_current(v, va, PAGING_L3, PAGING_L4);
  43.680              __shadow_get_l4e(v, va, &sl4e);
  43.681          } else {
  43.682              printk("For non VMX shadow, create_l1_shadow:%d\n", create_l2_shadow);
  43.683 @@ -2619,7 +2772,7 @@ static void shadow_set_l2e_64(unsigned l
  43.684      if (!(l3e_get_flags(sl3e) & _PAGE_PRESENT)) {
  43.685           if (create_l2_shadow) {
  43.686              perfc_incrc(shadow_set_l2e_force_map);
  43.687 -            shadow_map_into_current(v, va, L2, L3);
  43.688 +            shadow_map_into_current(v, va, PAGING_L2, PAGING_L3);
  43.689              __shadow_get_l3e(v, va, &sl3e);
  43.690          } else {
  43.691              printk("For non VMX shadow, create_l1_shadow:%d\n", create_l2_shadow);
  43.692 @@ -2655,8 +2808,15 @@ static void shadow_set_l1e_64(unsigned l
  43.693      l1_pgentry_t old_spte;
  43.694      l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p;
  43.695      int i;
  43.696 -
  43.697 -    for (i = L4; i >= L2; i--) {
  43.698 +    unsigned long orig_va = 0;
  43.699 +
  43.700 +    if (d->arch.ops->guest_paging_levels == PAGING_L2) {
  43.701 +        /* This is for 32-bit VMX guest on 64-bit host */
  43.702 +        orig_va = va;
  43.703 +        va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1));
  43.704 +    }
  43.705 +
  43.706 +    for (i = PAGING_L4; i >= PAGING_L2; i--) {
  43.707          if (!__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i)) {
  43.708              printk("<%s> i = %d\n", __func__, i);
  43.709              BUG();
  43.710 @@ -2672,11 +2832,15 @@ static void shadow_set_l1e_64(unsigned l
  43.711  #endif
  43.712              }
  43.713          }
  43.714 -        if(i < L4)
  43.715 +        if(i < PAGING_L4)
  43.716              shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, i));
  43.717          sle_up = sle;
  43.718      }
  43.719  
  43.720 +    if (d->arch.ops->guest_paging_levels == PAGING_L2) {
  43.721 +        va = orig_va;
  43.722 +    }
  43.723 +
  43.724      if ( shadow_mode_refcounts(d) )
  43.725      {
  43.726          __shadow_get_l1e(v, va, &old_spte);
  43.727 @@ -2692,9 +2856,13 @@ static void shadow_set_l1e_64(unsigned l
  43.728      }
  43.729  
  43.730      __shadow_set_l1e(v, va, &sl1e);
  43.731 -    shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, L1));
  43.732 +
  43.733 +    shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va));
  43.734  }
  43.735  
  43.736 +/* As 32-bit guest don't support 4M page yet,
  43.737 + * we don't concern double compile for this function
  43.738 + */
  43.739  static inline int l2e_rw_fault(
  43.740      struct vcpu *v, l2_pgentry_t *gl2e_p, unsigned long va, int rw)
  43.741  {
  43.742 @@ -2825,12 +2993,120 @@ static inline int l2e_rw_fault(
  43.743  
  43.744  }
  43.745  
  43.746 +/*
  43.747 + * Check P, R/W, U/S bits in the guest page table.
  43.748 + * If the fault belongs to guest return 1,
  43.749 + * else return 0.
  43.750 + */
  43.751 +#if defined( GUEST_PGENTRY_32 )
  43.752 +static inline int guest_page_fault(struct vcpu *v,
  43.753 +  unsigned long va, unsigned int error_code, 
  43.754 +  guest_l2_pgentry_t *gpl2e, guest_l1_pgentry_t *gpl1e)
  43.755 +{
  43.756 +    /* The following check for 32-bit guest on 64-bit host */
  43.757 +
  43.758 +    __guest_get_l2e(v, va, gpl2e);
  43.759 +
  43.760 +    /* Check the guest L2 page-table entry first*/
  43.761 +    if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_PRESENT)))
  43.762 +        return 1;
  43.763 +
  43.764 +    if (error_code & ERROR_W) {
  43.765 +        if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_RW)))
  43.766 +            return 1;
  43.767 +    }
  43.768 +    if (error_code & ERROR_U) {
  43.769 +        if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_USER)))
  43.770 +            return 1;
  43.771 +    }
  43.772 +
  43.773 +    if (guest_l2e_get_flags(*gpl2e) & _PAGE_PSE)
  43.774 +        return 0;
  43.775 +
  43.776 +    __guest_get_l1e(v, va, gpl1e);
  43.777 +
  43.778 +    /* Then check the guest L1 page-table entry */
  43.779 +    if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_PRESENT)))
  43.780 +        return 1;
  43.781 +
  43.782 +    if (error_code & ERROR_W) {
  43.783 +        if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_RW)))
  43.784 +            return 1;
  43.785 +    }
  43.786 +    if (error_code & ERROR_U) {
  43.787 +        if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_USER)))
  43.788 +            return 1;
  43.789 +    }
  43.790 +
  43.791 +    return 0;
  43.792 +}
  43.793 +#else
  43.794 +static inline int guest_page_fault(struct vcpu *v,
  43.795 +  unsigned long va, unsigned int error_code, 
  43.796 +  guest_l2_pgentry_t *gpl2e, guest_l1_pgentry_t *gpl1e)
  43.797 +{
  43.798 +    struct domain *d = v->domain;
  43.799 +    pgentry_64_t gle, *lva;
  43.800 +    unsigned long mfn;
  43.801 +    int i;
  43.802 +
  43.803 +    __rw_entry(v, va, &gle, GUEST_ENTRY | GET_ENTRY | PAGING_L4);
  43.804 +    if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  43.805 +        return 1;
  43.806 +
  43.807 +    if (error_code & ERROR_W) {
  43.808 +        if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  43.809 +            return 1;
  43.810 +    }
  43.811 +    if (error_code & ERROR_U) {
  43.812 +        if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  43.813 +            return 1;
  43.814 +    }
  43.815 +    for (i = PAGING_L3; i >= PAGING_L1; i--) {
  43.816 +        /*
  43.817 +         * If it's not external mode, then mfn should be machine physical.
  43.818 +         */
  43.819 +        mfn = __gpfn_to_mfn(d, (entry_get_value(gle) >> PAGE_SHIFT));
  43.820 +
  43.821 +        lva = (pgentry_64_t *) phys_to_virt(
  43.822 +          mfn << PAGE_SHIFT);
  43.823 +        gle = lva[table_offset_64(va, i)];
  43.824 +
  43.825 +        if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  43.826 +            return 1;
  43.827 +
  43.828 +        if (error_code & ERROR_W) {
  43.829 +            if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  43.830 +                return 1;
  43.831 +        }
  43.832 +        if (error_code & ERROR_U) {
  43.833 +            if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  43.834 +                return 1;
  43.835 +        }
  43.836 +
  43.837 +        if (i == PAGING_L2) {
  43.838 +            if (gpl2e)
  43.839 +                gpl2e->l2 = gle.lo;
  43.840 +
  43.841 +            if (likely(entry_get_flags(gle) & _PAGE_PSE))
  43.842 +                return 0;
  43.843 +
  43.844 +        }
  43.845 +
  43.846 +        if (i == PAGING_L1)
  43.847 +            if (gpl1e)
  43.848 +                gpl1e->l1 = gle.lo;
  43.849 +    }
  43.850 +    return 0;
  43.851 +}
  43.852 +#endif
  43.853  static int shadow_fault_64(unsigned long va, struct cpu_user_regs *regs)
  43.854  {
  43.855      struct vcpu *v = current;
  43.856      struct domain *d = v->domain;
  43.857 -    l2_pgentry_t gl2e;
  43.858 -    l1_pgentry_t sl1e, gl1e;
  43.859 +    guest_l2_pgentry_t gl2e;
  43.860 +    guest_l1_pgentry_t gl1e;
  43.861 +    l1_pgentry_t sl1e;
  43.862  
  43.863      perfc_incrc(shadow_fault_calls);
  43.864  
  43.865 @@ -2853,12 +3129,11 @@ static int shadow_fault_64(unsigned long
  43.866       * STEP 2. Check if the fault belongs to guest
  43.867       */
  43.868      if ( guest_page_fault(
  43.869 -            v, va, regs->error_code, 
  43.870 -            (pgentry_64_t *)&gl2e, (pgentry_64_t *)&gl1e) ) {
  43.871 +            v, va, regs->error_code, &gl2e, &gl1e) ) {
  43.872          goto fail;
  43.873      }
  43.874      
  43.875 -    if ( unlikely(!(l2e_get_flags(gl2e) & _PAGE_PSE)) ) {
  43.876 +    if ( unlikely(!(guest_l2e_get_flags(gl2e) & _PAGE_PSE)) ) {
  43.877          /*
  43.878           * Handle 4K pages here
  43.879           */
  43.880 @@ -2892,11 +3167,11 @@ static int shadow_fault_64(unsigned long
  43.881           */
  43.882          /* Write fault? */
  43.883          if ( regs->error_code & 2 ) {
  43.884 -            if ( !l2e_rw_fault(v, &gl2e, va, WRITE_FAULT) ) {
  43.885 +            if ( !l2e_rw_fault(v, (l2_pgentry_t *)&gl2e, va, WRITE_FAULT) ) {
  43.886                  goto fail;
  43.887              }
  43.888          } else {
  43.889 -            l2e_rw_fault(v, &gl2e, va, READ_FAULT);
  43.890 +            l2e_rw_fault(v, (l2_pgentry_t *)&gl2e, va, READ_FAULT);
  43.891          }
  43.892  
  43.893          /*
  43.894 @@ -2944,7 +3219,27 @@ static void shadow_invlpg_64(struct vcpu
  43.895      shadow_unlock(d);
  43.896  }
  43.897  
  43.898 -#ifndef PGENTRY_32
  43.899 +static unsigned long gva_to_gpa_64(unsigned long gva)
  43.900 +{
  43.901 +    struct vcpu *v = current;
  43.902 +    guest_l1_pgentry_t gl1e = {0};
  43.903 +    guest_l2_pgentry_t gl2e = {0};
  43.904 +    unsigned long gpa;
  43.905 +
  43.906 +    if (guest_page_fault(v, gva, 0, &gl2e, &gl1e))
  43.907 +        return 0;
  43.908 +    
  43.909 +    if (guest_l2e_get_flags(gl2e) & _PAGE_PSE)
  43.910 +        gpa = guest_l2e_get_paddr(gl2e) + (gva & ((1 << GUEST_L2_PAGETABLE_SHIFT) - 1));
  43.911 +    else
  43.912 +        gpa = guest_l1e_get_paddr(gl1e) + (gva & ~PAGE_MASK);
  43.913 +
  43.914 +    return gpa;
  43.915 +
  43.916 +}
  43.917 +
  43.918 +#ifndef GUEST_PGENTRY_32
  43.919 +
  43.920  struct shadow_ops MODE_F_HANDLER = {
  43.921      .guest_paging_levels              = 4,
  43.922      .invlpg                     = shadow_invlpg_64,
  43.923 @@ -2955,11 +3250,43 @@ struct shadow_ops MODE_F_HANDLER = {
  43.924      .do_update_va_mapping       = do_update_va_mapping,
  43.925      .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  43.926      .is_out_of_sync             = is_out_of_sync,
  43.927 +    .gva_to_gpa                 = gva_to_gpa_64,
  43.928  };
  43.929  #endif
  43.930  
  43.931  #endif
  43.932  
  43.933 +#if CONFIG_PAGING_LEVELS == 2
  43.934 +struct shadow_ops MODE_A_HANDLER = {
  43.935 +    .guest_paging_levels        = 2,
  43.936 +    .invlpg                     = shadow_invlpg_32,
  43.937 +    .fault                      = shadow_fault_32,
  43.938 +    .update_pagetables          = shadow_update_pagetables,
  43.939 +    .sync_all                   = sync_all,
  43.940 +    .remove_all_write_access    = remove_all_write_access,
  43.941 +    .do_update_va_mapping       = do_update_va_mapping,
  43.942 +    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  43.943 +    .is_out_of_sync             = is_out_of_sync,
  43.944 +    .gva_to_gpa                 = gva_to_gpa_64,
  43.945 +};
  43.946 +
  43.947 +#elif CONFIG_PAGING_LEVELS == 3
  43.948 +struct shadow_ops MODE_B_HANDLER = {
  43.949 +    .guest_paging_levels              = 3,
  43.950 +    .invlpg                     = shadow_invlpg_32,
  43.951 +    .fault                      = shadow_fault_32,
  43.952 +    .update_pagetables          = shadow_update_pagetables,
  43.953 +    .sync_all                   = sync_all,
  43.954 +    .remove_all_write_access    = remove_all_write_access,
  43.955 +    .do_update_va_mapping       = do_update_va_mapping,
  43.956 +    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  43.957 +    .is_out_of_sync             = is_out_of_sync,
  43.958 +    .gva_to_gpa                 = gva_to_gpa_pae,
  43.959 +};
  43.960 +
  43.961 +#endif
  43.962 +
  43.963 +
  43.964  /*
  43.965   * Local variables:
  43.966   * mode: C
    44.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    44.2 +++ b/xen/arch/x86/shadow_guest32.c	Fri Sep 02 14:17:08 2005 +0000
    44.3 @@ -0,0 +1,18 @@
    44.4 +#define GUEST_PGENTRY_32
    44.5 +#if defined (__x86_64__)
    44.6 +
    44.7 +#include "shadow.c"
    44.8 +struct shadow_ops MODE_D_HANDLER = {
    44.9 +    .guest_paging_levels              = 2,
   44.10 +    .invlpg                     = shadow_invlpg_64,
   44.11 +    .fault                      = shadow_fault_64,
   44.12 +    .update_pagetables          = shadow_update_pagetables,
   44.13 +    .sync_all                   = sync_all,
   44.14 +    .remove_all_write_access    = remove_all_write_access,
   44.15 +    .do_update_va_mapping       = do_update_va_mapping,
   44.16 +    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
   44.17 +    .is_out_of_sync             = is_out_of_sync,
   44.18 +    .gva_to_gpa                 = gva_to_gpa_64,
   44.19 +};
   44.20 +
   44.21 +#endif
    45.1 --- a/xen/arch/x86/shadow_public.c	Fri Sep 02 14:15:49 2005 +0000
    45.2 +++ b/xen/arch/x86/shadow_public.c	Fri Sep 02 14:17:08 2005 +0000
    45.3 @@ -33,11 +33,15 @@
    45.4  #if CONFIG_PAGING_LEVELS >= 3
    45.5  #include <asm/shadow_64.h>
    45.6  
    45.7 +#endif
    45.8 +#if CONFIG_PAGING_LEVELS == 4
    45.9  extern struct shadow_ops MODE_F_HANDLER;
   45.10 +extern struct shadow_ops MODE_D_HANDLER;
   45.11  #endif
   45.12  
   45.13  extern struct shadow_ops MODE_A_HANDLER;
   45.14  
   45.15 +#define SHADOW_MAX_GUEST32(_encoded) ((L1_PAGETABLE_ENTRIES_32 - 1) - ((_encoded) >> 16))
   45.16  /****************************************************************************/
   45.17  /************* export interface functions ***********************************/
   45.18  /****************************************************************************/
   45.19 @@ -48,7 +52,7 @@ int shadow_set_guest_paging_levels(struc
   45.20      shadow_lock(d);
   45.21  
   45.22      switch(levels) {
   45.23 -#if CONFIG_PAGING_LEVELS >= 4 
   45.24 +#if CONFIG_PAGING_LEVELS >= 4
   45.25      case 4:
   45.26  	if ( d->arch.ops != &MODE_F_HANDLER )
   45.27  	    d->arch.ops = &MODE_F_HANDLER;
   45.28 @@ -56,9 +60,14 @@ int shadow_set_guest_paging_levels(struc
   45.29          return 1;
   45.30  #endif
   45.31      case 3:
   45.32 -    case 2:                     
   45.33 +    case 2:
   45.34 +#if CONFIG_PAGING_LEVELS == 2
   45.35  	if ( d->arch.ops != &MODE_A_HANDLER )
   45.36  	    d->arch.ops = &MODE_A_HANDLER;
   45.37 +#elif CONFIG_PAGING_LEVELS == 4
   45.38 +	if ( d->arch.ops != &MODE_D_HANDLER )
   45.39 +	    d->arch.ops = &MODE_D_HANDLER;
   45.40 +#endif
   45.41  	shadow_unlock(d);
   45.42          return 1;
   45.43     default:
   45.44 @@ -122,13 +131,17 @@ int __shadow_out_of_sync(struct vcpu *v,
   45.45      return d->arch.ops->is_out_of_sync(v, va);
   45.46  }
   45.47  
   45.48 +unsigned long gva_to_gpa(unsigned long gva)
   45.49 +{
   45.50 +    struct domain *d = current->domain;
   45.51 +    return d->arch.ops->gva_to_gpa(gva);
   45.52 +}
   45.53  /****************************************************************************/
   45.54  /****************************************************************************/
   45.55  #if CONFIG_PAGING_LEVELS >= 4
   45.56  /*
   45.57   * Convert PAE 3-level page-table to 4-level page-table
   45.58   */
   45.59 -#define PDP_ENTRIES   4
   45.60  static pagetable_t page_table_convert(struct domain *d)
   45.61  {
   45.62      struct pfn_info *l4page, *l3page;
   45.63 @@ -203,20 +216,42 @@ free_shadow_fl1_table(struct domain *d, 
   45.64  /*
   45.65   * Free l2, l3, l4 shadow tables
   45.66   */
   45.67 +
   45.68 +void free_fake_shadow_l2(struct domain *d,unsigned long smfn);
   45.69 +
   45.70  static void inline
   45.71  free_shadow_tables(struct domain *d, unsigned long smfn, u32 level)
   45.72  {
   45.73      pgentry_64_t *ple = map_domain_page(smfn);
   45.74      int i, external = shadow_mode_external(d);
   45.75 +    struct pfn_info *page = &frame_table[smfn];
   45.76  
   45.77 -    for ( i = 0; i < PAGETABLE_ENTRIES; i++ )
   45.78 -        if ( external || is_guest_l4_slot(i) )
   45.79 -            if ( entry_get_flags(ple[i]) & _PAGE_PRESENT )
   45.80 -                put_shadow_ref(entry_get_pfn(ple[i]));
   45.81 +    if (d->arch.ops->guest_paging_levels == PAGING_L2)
   45.82 +    {
   45.83 +#if CONFIG_PAGING_LEVELS >=4
   45.84 +        for ( i = 0; i < PDP_ENTRIES; i++ )
   45.85 +        {
   45.86 +            if (entry_get_flags(ple[i]) & _PAGE_PRESENT )
   45.87 +                free_fake_shadow_l2(d,entry_get_pfn(ple[i]));
   45.88 +        }
   45.89 +   
   45.90 +        page = &frame_table[entry_get_pfn(ple[0])];
   45.91 +        free_domheap_pages(page, SL2_ORDER);
   45.92 +        unmap_domain_page(ple);
   45.93 +#endif
   45.94 +    }
   45.95 +    else
   45.96 +    {
   45.97 +        for ( i = 0; i < PAGETABLE_ENTRIES; i++ )
   45.98 +            if ( external || is_guest_l4_slot(i) )
   45.99 +                if ( entry_get_flags(ple[i]) & _PAGE_PRESENT )
  45.100 +                        put_shadow_ref(entry_get_pfn(ple[i]));
  45.101  
  45.102 -    unmap_domain_page(ple);
  45.103 +        unmap_domain_page(ple);
  45.104 +    }
  45.105  }
  45.106  
  45.107 +
  45.108  void free_monitor_pagetable(struct vcpu *v)
  45.109  {
  45.110      unsigned long mfn;
  45.111 @@ -453,7 +488,12 @@ free_shadow_l1_table(struct domain *d, u
  45.112      struct pfn_info *spage = pfn_to_page(smfn);
  45.113      u32 min_max = spage->tlbflush_timestamp;
  45.114      int min = SHADOW_MIN(min_max);
  45.115 -    int max = SHADOW_MAX(min_max);
  45.116 +    int max;
  45.117 +    
  45.118 +    if (d->arch.ops->guest_paging_levels == PAGING_L2)
  45.119 +        max = SHADOW_MAX_GUEST32(min_max);
  45.120 +    else
  45.121 +        max = SHADOW_MAX(min_max);
  45.122  
  45.123      for ( i = min; i <= max; i++ )
  45.124      {
  45.125 @@ -512,9 +552,24 @@ free_shadow_l2_table(struct domain *d, u
  45.126      unmap_domain_page(pl2e);
  45.127  }
  45.128  
  45.129 +void free_fake_shadow_l2(struct domain *d, unsigned long smfn)
  45.130 +{
  45.131 +    pgentry_64_t *ple = map_domain_page(smfn);
  45.132 +    int i;
  45.133 +
  45.134 +    for ( i = 0; i < PAGETABLE_ENTRIES; i = i + 2 )
  45.135 +    {
  45.136 +        if ( entry_get_flags(ple[i]) & _PAGE_PRESENT )
  45.137 +            put_shadow_ref(entry_get_pfn(ple[i]));
  45.138 +    }
  45.139 +
  45.140 +    unmap_domain_page(ple);
  45.141 +}
  45.142 +
  45.143  void free_shadow_page(unsigned long smfn)
  45.144  {
  45.145      struct pfn_info *page = &frame_table[smfn];
  45.146 +
  45.147      unsigned long gmfn = page->u.inuse.type_info & PGT_mfn_mask;
  45.148      struct domain *d = page_get_owner(pfn_to_page(gmfn));
  45.149      unsigned long gpfn = __mfn_to_gpfn(d, gmfn);
  45.150 @@ -531,6 +586,7 @@ void free_shadow_page(unsigned long smfn
  45.151              gpfn |= (1UL << 63);
  45.152      }
  45.153  #endif
  45.154 +
  45.155      delete_shadow_status(d, gpfn, gmfn, type);
  45.156  
  45.157      switch ( type )
  45.158 @@ -687,7 +743,7 @@ void free_shadow_pages(struct domain *d)
  45.159      int                   i;
  45.160      struct shadow_status *x;
  45.161      struct vcpu          *v;
  45.162 - 
  45.163 +
  45.164      /*
  45.165       * WARNING! The shadow page table must not currently be in use!
  45.166       * e.g., You are expected to have paused the domain and synchronized CR3.
  45.167 @@ -794,7 +850,16 @@ void free_shadow_pages(struct domain *d)
  45.168          perfc_decr(free_l1_pages);
  45.169  
  45.170          struct pfn_info *page = list_entry(list_ent, struct pfn_info, list);
  45.171 -        free_domheap_page(page);
  45.172 +	if (d->arch.ops->guest_paging_levels == PAGING_L2)
  45.173 +	{
  45.174 +#if CONFIG_PAGING_LEVELS >=4
  45.175 +        free_domheap_pages(page, SL1_ORDER);
  45.176 +#else
  45.177 +	free_domheap_page(page);
  45.178 +#endif
  45.179 +	}
  45.180 +	else
  45.181 +	free_domheap_page(page);
  45.182      }
  45.183  
  45.184      shadow_audit(d, 0);
  45.185 @@ -1191,7 +1256,7 @@ int shadow_mode_control(struct domain *d
  45.186      {
  45.187          DPRINTK("Don't try to do a shadow op on yourself!\n");
  45.188          return -EINVAL;
  45.189 -    }   
  45.190 +    }
  45.191  
  45.192      domain_pause(d);
  45.193  
    46.1 --- a/xen/arch/x86/traps.c	Fri Sep 02 14:15:49 2005 +0000
    46.2 +++ b/xen/arch/x86/traps.c	Fri Sep 02 14:17:08 2005 +0000
    46.3 @@ -100,7 +100,14 @@ unsigned long do_get_debugreg(int reg);
    46.4  
    46.5  static int debug_stack_lines = 20;
    46.6  integer_param("debug_stack_lines", debug_stack_lines);
    46.7 -#define stack_words_per_line (32 / BYTES_PER_LONG)
    46.8 +
    46.9 +#ifdef CONFIG_X86_32
   46.10 +#define stack_words_per_line 8
   46.11 +#define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)&regs->esp)
   46.12 +#else
   46.13 +#define stack_words_per_line 4
   46.14 +#define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)regs->esp)
   46.15 +#endif
   46.16  
   46.17  int is_kernel_text(unsigned long addr)
   46.18  {
   46.19 @@ -118,17 +125,16 @@ unsigned long kernel_text_end(void)
   46.20      return (unsigned long) &_etext;
   46.21  }
   46.22  
   46.23 -void show_guest_stack(void)
   46.24 +static void show_guest_stack(struct cpu_user_regs *regs)
   46.25  {
   46.26      int i;
   46.27 -    struct cpu_user_regs *regs = guest_cpu_user_regs();
   46.28      unsigned long *stack = (unsigned long *)regs->esp, addr;
   46.29  
   46.30      printk("Guest stack trace from "__OP"sp=%p:\n   ", stack);
   46.31  
   46.32      for ( i = 0; i < (debug_stack_lines*stack_words_per_line); i++ )
   46.33      {
   46.34 -        if ( ((long)stack & (STACK_SIZE-1)) == 0 )
   46.35 +        if ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0 )
   46.36              break;
   46.37          if ( get_user(addr, stack) )
   46.38          {
   46.39 @@ -148,38 +154,98 @@ void show_guest_stack(void)
   46.40      printk("\n");
   46.41  }
   46.42  
   46.43 -void show_trace(unsigned long *esp)
   46.44 +#ifdef NDEBUG
   46.45 +
   46.46 +static void show_trace(struct cpu_user_regs *regs)
   46.47  {
   46.48 -    unsigned long *stack = esp, addr;
   46.49 -    int i = 0;
   46.50 +    unsigned long *stack = ESP_BEFORE_EXCEPTION(regs), addr;
   46.51  
   46.52 -    printk("Xen call trace from "__OP"sp=%p:\n   ", stack);
   46.53 +    printk("Xen call trace:\n   ");
   46.54  
   46.55 -    while ( ((long) stack & (STACK_SIZE-1)) != 0 )
   46.56 +    printk("[<%p>]", _p(regs->eip));
   46.57 +    print_symbol(" %s\n   ", regs->eip);
   46.58 +
   46.59 +    while ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) != 0 )
   46.60      {
   46.61          addr = *stack++;
   46.62          if ( is_kernel_text(addr) )
   46.63          {
   46.64              printk("[<%p>]", _p(addr));
   46.65              print_symbol(" %s\n   ", addr);
   46.66 -            i++;
   46.67          }
   46.68      }
   46.69 -    if ( i == 0 )
   46.70 -        printk("Trace empty.");
   46.71 +
   46.72      printk("\n");
   46.73  }
   46.74  
   46.75 -void show_stack(unsigned long *esp)
   46.76 +#else
   46.77 +
   46.78 +static void show_trace(struct cpu_user_regs *regs)
   46.79  {
   46.80 -    unsigned long *stack = esp, addr;
   46.81 +    unsigned long *frame, next, addr, low, high;
   46.82 +
   46.83 +    printk("Xen call trace:\n   ");
   46.84 +
   46.85 +    printk("[<%p>]", _p(regs->eip));
   46.86 +    print_symbol(" %s\n   ", regs->eip);
   46.87 +
   46.88 +    /* Bounds for range of valid frame pointer. */
   46.89 +    low  = (unsigned long)(ESP_BEFORE_EXCEPTION(regs) - 2);
   46.90 +    high = (low & ~(STACK_SIZE - 1)) + (STACK_SIZE - sizeof(struct cpu_info));
   46.91 +
   46.92 +    /* The initial frame pointer. */
   46.93 +    next = regs->ebp;
   46.94 +
   46.95 +    for ( ; ; )
   46.96 +    {
   46.97 +        /* Valid frame pointer? */
   46.98 +        if ( (next < low) || (next > high) )
   46.99 +        {
  46.100 +            /*
  46.101 +             * Exception stack frames have a different layout, denoted by an
  46.102 +             * inverted frame pointer.
  46.103 +             */
  46.104 +            next = ~next;
  46.105 +            if ( (next < low) || (next > high) )
  46.106 +                break;
  46.107 +            frame = (unsigned long *)next;
  46.108 +            next  = frame[0];
  46.109 +            addr  = frame[(offsetof(struct cpu_user_regs, eip) -
  46.110 +                           offsetof(struct cpu_user_regs, ebp))
  46.111 +                         / BYTES_PER_LONG];
  46.112 +        }
  46.113 +        else
  46.114 +        {
  46.115 +            /* Ordinary stack frame. */
  46.116 +            frame = (unsigned long *)next;
  46.117 +            next  = frame[0];
  46.118 +            addr  = frame[1];
  46.119 +        }
  46.120 +
  46.121 +        printk("[<%p>]", _p(addr));
  46.122 +        print_symbol(" %s\n   ", addr);
  46.123 +
  46.124 +        low = (unsigned long)&frame[2];
  46.125 +    }
  46.126 +
  46.127 +    printk("\n");
  46.128 +}
  46.129 +
  46.130 +#endif
  46.131 +
  46.132 +void show_stack(struct cpu_user_regs *regs)
  46.133 +{
  46.134 +    unsigned long *stack = ESP_BEFORE_EXCEPTION(regs), addr;
  46.135      int i;
  46.136  
  46.137 +    if ( GUEST_MODE(regs) )
  46.138 +        return show_guest_stack(regs);
  46.139 +
  46.140      printk("Xen stack trace from "__OP"sp=%p:\n   ", stack);
  46.141  
  46.142      for ( i = 0; i < (debug_stack_lines*stack_words_per_line); i++ )
  46.143      {
  46.144 -        if ( ((long)stack & (STACK_SIZE-1)) == 0 )
  46.145 +        if ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0 )
  46.146              break;
  46.147          if ( (i != 0) && ((i % stack_words_per_line) == 0) )
  46.148              printk("\n   ");
  46.149 @@ -190,7 +256,7 @@ void show_stack(unsigned long *esp)
  46.150          printk("Stack empty.");
  46.151      printk("\n");
  46.152  
  46.153 -    show_trace(esp);
  46.154 +    show_trace(regs);
  46.155  }
  46.156  
  46.157  /*
    47.1 --- a/xen/arch/x86/vmx.c	Fri Sep 02 14:15:49 2005 +0000
    47.2 +++ b/xen/arch/x86/vmx.c	Fri Sep 02 14:17:08 2005 +0000
    47.3 @@ -412,7 +412,7 @@ static int vmx_do_page_fault(unsigned lo
    47.4      if ( !result )
    47.5      {
    47.6          __vmread(GUEST_RIP, &eip);
    47.7 -        printk("vmx pgfault to guest va=%p eip=%p\n", va, eip);
    47.8 +        printk("vmx pgfault to guest va=%lx eip=%lx\n", va, eip);
    47.9      }
   47.10  #endif
   47.11  
   47.12 @@ -456,7 +456,16 @@ static void vmx_vmexit_do_cpuid(unsigned
   47.13          clear_bit(X86_FEATURE_PSE, &edx);
   47.14          clear_bit(X86_FEATURE_PAE, &edx);
   47.15          clear_bit(X86_FEATURE_PSE36, &edx);
   47.16 +#else
   47.17 +        struct vcpu *d = current;
   47.18 +        if (d->domain->arch.ops->guest_paging_levels == PAGING_L2)
   47.19 +        {
   47.20 +            clear_bit(X86_FEATURE_PSE, &edx);
   47.21 +            clear_bit(X86_FEATURE_PAE, &edx);
   47.22 +            clear_bit(X86_FEATURE_PSE36, &edx);
   47.23 +        }
   47.24  #endif
   47.25 +
   47.26      }
   47.27  
   47.28      regs->eax = (unsigned long) eax;
   47.29 @@ -650,7 +659,7 @@ static void vmx_io_instruction(struct cp
   47.30          p->df = (eflags & X86_EFLAGS_DF) ? 1 : 0;
   47.31  
   47.32          if (test_bit(5, &exit_qualification)) /* "rep" prefix */
   47.33 -	    p->count = vm86 ? regs->ecx & 0xFFFF : regs->ecx;
   47.34 +            p->count = vm86 ? regs->ecx & 0xFFFF : regs->ecx;
   47.35  
   47.36          /*
   47.37           * Split up string I/O operations that cross page boundaries. Don't
   47.38 @@ -1011,6 +1020,15 @@ static int vmx_set_cr0(unsigned long val
   47.39              }
   47.40  #endif
   47.41          }
   47.42 +        else
   47.43 +        {
   47.44 +#if CONFIG_PAGING_LEVELS >= 4
   47.45 +            if(!shadow_set_guest_paging_levels(d->domain, 2)) {
   47.46 +                printk("Unsupported guest paging levels\n");
   47.47 +                domain_crash_synchronous(); /* need to take a clean path */
   47.48 +            }
   47.49 +#endif
   47.50 +        }
   47.51  
   47.52  	unsigned long crn;
   47.53          /* update CR4's PAE if needed */
    48.1 --- a/xen/arch/x86/x86_32/traps.c	Fri Sep 02 14:15:49 2005 +0000
    48.2 +++ b/xen/arch/x86/x86_32/traps.c	Fri Sep 02 14:17:08 2005 +0000
    48.3 @@ -79,11 +79,8 @@ void show_registers(struct cpu_user_regs
    48.4             "ss: %04lx   cs: %04lx\n",
    48.5             ds, es, fs, gs, ss, cs);
    48.6  
    48.7 -    if ( GUEST_MODE(regs) )
    48.8 -        show_guest_stack();
    48.9 -    else
   48.10 -        show_stack((unsigned long *)&regs->esp);
   48.11 -} 
   48.12 +    show_stack(regs);
   48.13 +}
   48.14  
   48.15  void show_page_walk(unsigned long addr)
   48.16  {
    49.1 --- a/xen/arch/x86/x86_64/traps.c	Fri Sep 02 14:15:49 2005 +0000
    49.2 +++ b/xen/arch/x86/x86_64/traps.c	Fri Sep 02 14:17:08 2005 +0000
    49.3 @@ -32,10 +32,7 @@ void show_registers(struct cpu_user_regs
    49.4             regs->r12, regs->r13, regs->r14);
    49.5      printk("r15: %016lx\n", regs->r15);
    49.6  
    49.7 -    if ( GUEST_MODE(regs) )
    49.8 -        show_guest_stack();
    49.9 -    else
   49.10 -        show_stack((unsigned long *)regs->rsp);
   49.11 +    show_stack(regs);
   49.12  }
   49.13  
   49.14  void show_page_walk(unsigned long addr)
    50.1 --- a/xen/common/acm_ops.c	Fri Sep 02 14:15:49 2005 +0000
    50.2 +++ b/xen/common/acm_ops.c	Fri Sep 02 14:17:08 2005 +0000
    50.3 @@ -19,6 +19,7 @@
    50.4  #include <xen/types.h>
    50.5  #include <xen/lib.h>
    50.6  #include <xen/mm.h>
    50.7 +#include <public/acm.h>
    50.8  #include <public/acm_ops.h>
    50.9  #include <xen/sched.h>
   50.10  #include <xen/event.h>
   50.11 @@ -41,7 +42,8 @@ typedef enum acm_operation {
   50.12      POLICY,                     /* access to policy interface (early drop) */
   50.13      GETPOLICY,                  /* dump policy cache */
   50.14      SETPOLICY,                  /* set policy cache (controls security) */
   50.15 -    DUMPSTATS                   /* dump policy statistics */
   50.16 +    DUMPSTATS,                  /* dump policy statistics */
   50.17 +    GETSSID                     /* retrieve ssidref for domain id */
   50.18  } acm_operation_t;
   50.19  
   50.20  int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops)
   50.21 @@ -117,6 +119,35 @@ long do_acm_op(acm_op_t * u_acm_op)
   50.22          }
   50.23          break;
   50.24  
   50.25 +    case ACM_GETSSID:
   50.26 +        {
   50.27 +			ssidref_t ssidref;
   50.28 +
   50.29 +            if (acm_authorize_acm_ops(current->domain, GETSSID))
   50.30 +                return -EACCES;
   50.31 +
   50.32 +			if (op->u.getssid.get_ssid_by == SSIDREF)
   50.33 +				ssidref = op->u.getssid.id.ssidref;
   50.34 +			else if (op->u.getssid.get_ssid_by == DOMAINID) {
   50.35 +				struct domain *subj = find_domain_by_id(op->u.getssid.id.domainid);
   50.36 +				if (!subj)
   50.37 +					return -ESRCH; /* domain not found */
   50.38 +
   50.39 +				ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
   50.40 +				put_domain(subj);
   50.41 +			} else
   50.42 +				return -ESRCH;
   50.43 +
   50.44 +            ret = acm_get_ssid(ssidref,
   50.45 +                               op->u.getssid.ssidbuf,
   50.46 +                               op->u.getssid.ssidbuf_size);
   50.47 +            if (ret == ACM_OK)
   50.48 +                ret = 0;
   50.49 +            else
   50.50 +                ret = -ESRCH;
   50.51 +        }
   50.52 +        break;
   50.53 +
   50.54      default:
   50.55          ret = -ESRCH;
   50.56  
    51.1 --- a/xen/common/domain.c	Fri Sep 02 14:15:49 2005 +0000
    51.2 +++ b/xen/common/domain.c	Fri Sep 02 14:17:08 2005 +0000
    51.3 @@ -178,6 +178,9 @@ void domain_shutdown(u8 reason)
    51.4      struct domain *d = current->domain;
    51.5      struct vcpu *v;
    51.6  
    51.7 +    if(reason == SHUTDOWN_crash) 
    51.8 +        printk("Domain %d crash detected.\n", d->domain_id); 
    51.9 +
   51.10      if ( d->domain_id == 0 )
   51.11      {
   51.12          extern void machine_restart(char *);
    52.1 --- a/xen/common/grant_table.c	Fri Sep 02 14:15:49 2005 +0000
    52.2 +++ b/xen/common/grant_table.c	Fri Sep 02 14:17:08 2005 +0000
    52.3 @@ -887,21 +887,21 @@ gnttab_donate(gnttab_donate_t *uop, unsi
    52.4                     e->tot_pages, e->max_pages);
    52.5              spin_unlock(&e->page_alloc_lock);
    52.6              put_domain(e);
    52.7 -            result = GNTST_general_error;
    52.8 +            gop->status = result = GNTST_general_error;
    52.9              break;
   52.10          }
   52.11          if (unlikely(test_bit(DOMFLAGS_DYING, &e->domain_flags))) {
   52.12              printk("gnttab_donate: target domain is dying\n");
   52.13              spin_unlock(&e->page_alloc_lock);
   52.14              put_domain(e);
   52.15 -            result = GNTST_general_error;
   52.16 +            gop->status = result = GNTST_general_error;
   52.17              break;
   52.18          }
   52.19          if (unlikely(!gnttab_prepare_for_transfer(e, d, gop->handle))) {
   52.20 -            printk("gnttab_donate: gnttab_prepare_for_transfer fails\n");
   52.21 +            printk("gnttab_donate: gnttab_prepare_for_transfer fails.\n");
   52.22              spin_unlock(&e->page_alloc_lock);
   52.23              put_domain(e);
   52.24 -            result = GNTST_general_error;
   52.25 +            gop->status = result = GNTST_general_error;
   52.26              break;
   52.27          }
   52.28  #else
   52.29 @@ -914,7 +914,8 @@ gnttab_donate(gnttab_donate_t *uop, unsi
   52.30                     e->tot_pages, e->max_pages, gop->handle, e->d_flags);
   52.31              spin_unlock(&e->page_alloc_lock);
   52.32              put_domain(e);
   52.33 -            result = GNTST_general_error;
   52.34 +            /* XXX SMH: better error return here would be useful */
   52.35 +            gop->status = result = GNTST_general_error;
   52.36              break;
   52.37          }
   52.38  #endif
   52.39 @@ -1020,7 +1021,7 @@ gnttab_check_unmap(
   52.40      lgt = ld->grant_table;
   52.41      
   52.42  #if GRANT_DEBUG_VERBOSE
   52.43 -    if ( ld->domain_ id != 0 ) {
   52.44 +    if ( ld->domain_id != 0 ) {
   52.45              DPRINTK("Foreign unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
   52.46                      rd->domain_id, ld->domain_id, frame, readonly);
   52.47        }
    53.1 --- a/xen/include/acm/acm_core.h	Fri Sep 02 14:15:49 2005 +0000
    53.2 +++ b/xen/include/acm/acm_core.h	Fri Sep 02 14:17:08 2005 +0000
    53.3 @@ -101,9 +101,15 @@ struct ste_ssid {
    53.4   *	primary ssidref   = lower 16 bit
    53.5   *      secondary ssidref = higher 16 bit
    53.6   */
    53.7 +#define ACM_PRIMARY(ssidref) \
    53.8 +	((ssidref) & 0xffff)
    53.9 +
   53.10 +#define ACM_SECONDARY(ssidref) \
   53.11 +	((ssidref) >> 16)
   53.12 +
   53.13  #define GET_SSIDREF(POLICY, ssidref) \
   53.14  	((POLICY) == acm_bin_pol.primary_policy_code) ? \
   53.15 -	((ssidref) & 0xffff) : ((ssidref) >> 16)
   53.16 +	ACM_PRIMARY(ssidref) : ACM_SECONDARY(ssidref)
   53.17  
   53.18  /* macros to access ssid pointer for primary / secondary policy */
   53.19  #define GET_SSIDP(POLICY, ssid) \
   53.20 @@ -116,6 +122,7 @@ int acm_free_domain_ssid(struct acm_ssid
   53.21  int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer);
   53.22  int acm_get_policy(void *buf, u16 buf_size);
   53.23  int acm_dump_statistics(void *buf, u16 buf_size);
   53.24 +int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
   53.25  
   53.26  #endif
   53.27  
    54.1 --- a/xen/include/acm/acm_hooks.h	Fri Sep 02 14:15:49 2005 +0000
    54.2 +++ b/xen/include/acm/acm_hooks.h	Fri Sep 02 14:17:08 2005 +0000
    54.3 @@ -92,6 +92,7 @@ struct acm_operations {
    54.4      int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
    54.5      int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
    54.6      int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
    54.7 +    int  (*dump_ssid_types)            (ssidref_t ssidref, u8 *buffer, u16 buf_size);
    54.8      /* domain management control hooks (can be NULL) */
    54.9      int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
   54.10      void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
    55.1 --- a/xen/include/asm-x86/page-guest32.h	Fri Sep 02 14:15:49 2005 +0000
    55.2 +++ b/xen/include/asm-x86/page-guest32.h	Fri Sep 02 14:17:08 2005 +0000
    55.3 @@ -33,6 +33,11 @@ typedef l2_pgentry_t root_pgentry_32_t;
    55.4  #define l1e_get_flags_32(x)           (get_pte_flags_32((x).l1))
    55.5  #define l2e_get_flags_32(x)           (get_pte_flags_32((x).l2))
    55.6  
    55.7 +#define l1e_get_paddr_32(x)           \
    55.8 +    ((physaddr_t)(((x).l1 & (PADDR_MASK&PAGE_MASK))))
    55.9 +#define l2e_get_paddr_32(x)           \
   55.10 +    ((physaddr_t)(((x).l2 & (PADDR_MASK&PAGE_MASK))))
   55.11 +
   55.12  /* Construct an empty pte. */
   55.13  #define l1e_empty_32()                ((l1_pgentry_32_t) { 0 })
   55.14  #define l2e_empty_32()                ((l2_pgentry_32_t) { 0 })
    56.1 --- a/xen/include/asm-x86/processor.h	Fri Sep 02 14:15:49 2005 +0000
    56.2 +++ b/xen/include/asm-x86/processor.h	Fri Sep 02 14:17:08 2005 +0000
    56.3 @@ -496,9 +496,7 @@ extern inline void prefetchw(const void 
    56.4  
    56.5  #endif
    56.6  
    56.7 -void show_guest_stack();
    56.8 -void show_trace(unsigned long *esp);
    56.9 -void show_stack(unsigned long *esp);
   56.10 +void show_stack(struct cpu_user_regs *regs);
   56.11  void show_registers(struct cpu_user_regs *regs);
   56.12  void show_page_walk(unsigned long addr);
   56.13  asmlinkage void fatal_trap(int trapnr, struct cpu_user_regs *regs);
    57.1 --- a/xen/include/asm-x86/shadow.h	Fri Sep 02 14:15:49 2005 +0000
    57.2 +++ b/xen/include/asm-x86/shadow.h	Fri Sep 02 14:17:08 2005 +0000
    57.3 @@ -34,6 +34,8 @@
    57.4  #include <asm/vmx.h>
    57.5  #include <public/dom0_ops.h>
    57.6  #include <asm/shadow_public.h>
    57.7 +#include <asm/page-guest32.h>
    57.8 +#include <asm/shadow_ops.h>
    57.9  
   57.10  /* Shadow PT operation mode : shadow-mode variable in arch_domain. */
   57.11  
   57.12 @@ -104,9 +106,9 @@ do {                                    
   57.13  } while (0)
   57.14  #endif
   57.15  
   57.16 -#define SHADOW_ENCODE_MIN_MAX(_min, _max) ((((L1_PAGETABLE_ENTRIES - 1) - (_max)) << 16) | (_min))
   57.17 +#define SHADOW_ENCODE_MIN_MAX(_min, _max) ((((GUEST_L1_PAGETABLE_ENTRIES - 1) - (_max)) << 16) | (_min))
   57.18  #define SHADOW_MIN(_encoded) ((_encoded) & ((1u<<16) - 1))
   57.19 -#define SHADOW_MAX(_encoded) ((L1_PAGETABLE_ENTRIES - 1) - ((_encoded) >> 16))
   57.20 +#define SHADOW_MAX(_encoded) ((GUEST_L1_PAGETABLE_ENTRIES - 1) - ((_encoded) >> 16))
   57.21  
   57.22  extern void shadow_mode_init(void);
   57.23  extern int shadow_mode_control(struct domain *p, dom0_shadow_control_t *sc);
   57.24 @@ -132,6 +134,7 @@ extern void shadow_l2_normal_pt_update(s
   57.25                                         struct domain_mmap_cache *cache);
   57.26  #if CONFIG_PAGING_LEVELS >= 3
   57.27  #include <asm/page-guest32.h>
   57.28 +extern unsigned long gva_to_gpa(unsigned long gva);
   57.29  extern void shadow_l3_normal_pt_update(struct domain *d,
   57.30                                         unsigned long pa, l3_pgentry_t l3e,
   57.31                                         struct domain_mmap_cache *cache);
   57.32 @@ -794,22 +797,22 @@ static inline int l1pte_read_fault(
   57.33  #endif
   57.34  
   57.35  static inline void l1pte_propagate_from_guest(
   57.36 -    struct domain *d, l1_pgentry_t gpte, l1_pgentry_t *spte_p)
   57.37 +    struct domain *d, guest_l1_pgentry_t gpte, l1_pgentry_t *spte_p)
   57.38  { 
   57.39      unsigned long mfn;
   57.40      l1_pgentry_t spte;
   57.41  
   57.42      spte = l1e_empty();
   57.43  
   57.44 -    if ( ((l1e_get_flags(gpte) & (_PAGE_PRESENT|_PAGE_ACCESSED) ) ==
   57.45 +    if ( ((guest_l1e_get_flags(gpte) & (_PAGE_PRESENT|_PAGE_ACCESSED) ) ==
   57.46            (_PAGE_PRESENT|_PAGE_ACCESSED)) &&
   57.47           VALID_MFN(mfn = __gpfn_to_mfn(d, l1e_get_pfn(gpte))) )
   57.48      {
   57.49          spte = l1e_from_pfn(
   57.50 -            mfn, l1e_get_flags(gpte) & ~(_PAGE_GLOBAL | _PAGE_AVAIL));
   57.51 +            mfn, guest_l1e_get_flags(gpte) & ~(_PAGE_GLOBAL | _PAGE_AVAIL));
   57.52  
   57.53          if ( shadow_mode_log_dirty(d) ||
   57.54 -             !(l1e_get_flags(gpte) & _PAGE_DIRTY) ||
   57.55 +             !(guest_l1e_get_flags(gpte) & _PAGE_DIRTY) ||
   57.56               mfn_is_page_table(mfn) )
   57.57          {
   57.58              l1e_remove_flags(spte, _PAGE_RW);
   57.59 @@ -859,22 +862,22 @@ static inline void hl2e_propagate_from_g
   57.60  
   57.61  static inline void l2pde_general(
   57.62      struct domain *d,
   57.63 -    l2_pgentry_t *gpde_p,
   57.64 +    guest_l2_pgentry_t *gpde_p,
   57.65      l2_pgentry_t *spde_p,
   57.66      unsigned long sl1mfn)
   57.67  {
   57.68 -    l2_pgentry_t gpde = *gpde_p;
   57.69 +    guest_l2_pgentry_t gpde = *gpde_p;
   57.70      l2_pgentry_t spde;
   57.71  
   57.72      spde = l2e_empty();
   57.73 -    if ( (l2e_get_flags(gpde) & _PAGE_PRESENT) && (sl1mfn != 0) )
   57.74 +    if ( (guest_l2e_get_flags(gpde) & _PAGE_PRESENT) && (sl1mfn != 0) )
   57.75      {
   57.76          spde = l2e_from_pfn(
   57.77 -            sl1mfn, 
   57.78 -            (l2e_get_flags(gpde) | _PAGE_RW | _PAGE_ACCESSED) & ~_PAGE_AVAIL);
   57.79 +            sl1mfn,
   57.80 +            (guest_l2e_get_flags(gpde) | _PAGE_RW | _PAGE_ACCESSED) & ~_PAGE_AVAIL);
   57.81  
   57.82          /* N.B. PDEs do not have a dirty bit. */
   57.83 -        l2e_add_flags(gpde, _PAGE_ACCESSED);
   57.84 +        guest_l2e_add_flags(gpde, _PAGE_ACCESSED);
   57.85  
   57.86          *gpde_p = gpde;
   57.87      }
   57.88 @@ -887,12 +890,12 @@ static inline void l2pde_general(
   57.89  }
   57.90  
   57.91  static inline void l2pde_propagate_from_guest(
   57.92 -    struct domain *d, l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p)
   57.93 +    struct domain *d, guest_l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p)
   57.94  {
   57.95 -    l2_pgentry_t gpde = *gpde_p;
   57.96 +    guest_l2_pgentry_t gpde = *gpde_p;
   57.97      unsigned long sl1mfn = 0;
   57.98  
   57.99 -    if ( l2e_get_flags(gpde) & _PAGE_PRESENT )
  57.100 +    if ( guest_l2e_get_flags(gpde) & _PAGE_PRESENT )
  57.101          sl1mfn =  __shadow_status(d, l2e_get_pfn(gpde), PGT_l1_shadow);
  57.102      l2pde_general(d, gpde_p, spde_p, sl1mfn);
  57.103  }
  57.104 @@ -904,7 +907,7 @@ static inline void l2pde_propagate_from_
  57.105  static int inline
  57.106  validate_pte_change(
  57.107      struct domain *d,
  57.108 -    l1_pgentry_t new_pte,
  57.109 +    guest_l1_pgentry_t new_pte,
  57.110      l1_pgentry_t *shadow_pte_p)
  57.111  {
  57.112      l1_pgentry_t old_spte, new_spte;
  57.113 @@ -1004,7 +1007,7 @@ validate_hl2e_change(
  57.114  static int inline
  57.115  validate_pde_change(
  57.116      struct domain *d,
  57.117 -    l2_pgentry_t new_gpde,
  57.118 +    guest_l2_pgentry_t new_gpde,
  57.119      l2_pgentry_t *shadow_pde_p)
  57.120  {
  57.121      l2_pgentry_t old_spde, new_spde;
    58.1 --- a/xen/include/asm-x86/shadow_64.h	Fri Sep 02 14:15:49 2005 +0000
    58.2 +++ b/xen/include/asm-x86/shadow_64.h	Fri Sep 02 14:17:08 2005 +0000
    58.3 @@ -27,6 +27,7 @@
    58.4  #ifndef _XEN_SHADOW_64_H
    58.5  #define _XEN_SHADOW_64_H
    58.6  #include <asm/shadow.h>
    58.7 +#include <asm/shadow_ops.h>
    58.8  
    58.9  #define READ_FAULT  0
   58.10  #define WRITE_FAULT 1
   58.11 @@ -42,14 +43,14 @@
   58.12  #define ESH_LOG(_f, _a...) ((void)0)
   58.13  #endif
   58.14  
   58.15 -#define L4      4UL
   58.16 -#define L3      3UL
   58.17 -#define L2      2UL
   58.18 -#define L1      1UL
   58.19 +#define PAGING_L4      4UL
   58.20 +#define PAGING_L3      3UL
   58.21 +#define PAGING_L2      2UL
   58.22 +#define PAGING_L1      1UL
   58.23  #define L_MASK  0xff
   58.24  
   58.25 -#define ROOT_LEVEL_64   L4
   58.26 -#define ROOT_LEVEL_32   L2
   58.27 +#define ROOT_LEVEL_64   PAGING_L4
   58.28 +#define ROOT_LEVEL_32   PAGING_L2
   58.29  
   58.30  #define SHADOW_ENTRY    (2UL << 16)
   58.31  #define GUEST_ENTRY     (1UL << 16)
   58.32 @@ -59,6 +60,10 @@
   58.33  
   58.34  #define PAGETABLE_ENTRIES    (1<<PAGETABLE_ORDER)
   58.35  
   58.36 +/* For 32-bit VMX guest to allocate shadow L1 & L2*/
   58.37 +#define SL1_ORDER   1
   58.38 +#define SL2_ORDER   2
   58.39 +
   58.40  typedef struct { intpte_t lo; } pgentry_64_t;
   58.41  #define shadow_level_to_type(l)    (l << 29)
   58.42  #define shadow_type_to_level(t)    (t >> 29)
   58.43 @@ -76,6 +81,10 @@ typedef struct { intpte_t lo; } pgentry_
   58.44  #define entry_remove_flags(x, flags) ((x).lo &= ~put_pte_flags(flags))
   58.45  #define entry_has_changed(x,y,flags) \
   58.46          ( !!(((x).lo ^ (y).lo) & ((PADDR_MASK&PAGE_MASK)|put_pte_flags(flags))) )
   58.47 +
   58.48 +#define PAE_SHADOW_SELF_ENTRY   259
   58.49 +#define PDP_ENTRIES   4
   58.50 +
   58.51  static inline int  table_offset_64(unsigned long va, int level)
   58.52  {
   58.53      switch(level) {
   58.54 @@ -86,8 +95,13 @@ static inline int  table_offset_64(unsig
   58.55          case 3:
   58.56              return  (((va) >> L3_PAGETABLE_SHIFT) & (L3_PAGETABLE_ENTRIES - 1));
   58.57  #if CONFIG_PAGING_LEVELS >= 4
   58.58 +#ifndef GUEST_PGENTRY_32
   58.59          case 4:
   58.60              return  (((va) >> L4_PAGETABLE_SHIFT) & (L4_PAGETABLE_ENTRIES - 1));
   58.61 +#else
   58.62 +        case 4:
   58.63 +            return PAE_SHADOW_SELF_ENTRY; 
   58.64 +#endif
   58.65  #endif
   58.66          default:
   58.67              //printk("<table_offset_64> level %d is too big\n", level);
   58.68 @@ -165,30 +179,30 @@ static inline pgentry_64_t *__rw_entry(
   58.69      return le_e;
   58.70  }
   58.71  #define __shadow_set_l4e(v, va, value) \
   58.72 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L4)
   58.73 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L4)
   58.74  #define __shadow_get_l4e(v, va, sl4e) \
   58.75 -  __rw_entry(v, va, sl4e, SHADOW_ENTRY | GET_ENTRY | L4)
   58.76 +  __rw_entry(v, va, sl4e, SHADOW_ENTRY | GET_ENTRY | PAGING_L4)
   58.77  #define __shadow_set_l3e(v, va, value) \
   58.78 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L3)
   58.79 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L3)
   58.80  #define __shadow_get_l3e(v, va, sl3e) \
   58.81 -  __rw_entry(v, va, sl3e, SHADOW_ENTRY | GET_ENTRY | L3)
   58.82 +  __rw_entry(v, va, sl3e, SHADOW_ENTRY | GET_ENTRY | PAGING_L3)
   58.83  #define __shadow_set_l2e(v, va, value) \
   58.84 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L2)
   58.85 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L2)
   58.86  #define __shadow_get_l2e(v, va, sl2e) \
   58.87 -  __rw_entry(v, va, sl2e, SHADOW_ENTRY | GET_ENTRY | L2)
   58.88 +  __rw_entry(v, va, sl2e, SHADOW_ENTRY | GET_ENTRY | PAGING_L2)
   58.89  #define __shadow_set_l1e(v, va, value) \
   58.90 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L1)
   58.91 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L1)
   58.92  #define __shadow_get_l1e(v, va, sl1e) \
   58.93 -  __rw_entry(v, va, sl1e, SHADOW_ENTRY | GET_ENTRY | L1)
   58.94 +  __rw_entry(v, va, sl1e, SHADOW_ENTRY | GET_ENTRY | PAGING_L1)
   58.95  
   58.96  #define __guest_set_l4e(v, va, value) \
   58.97 -  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L4)
   58.98 +  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L4)
   58.99  #define __guest_get_l4e(v, va, gl4e) \
  58.100 -  __rw_entry(v, va, gl4e, GUEST_ENTRY | GET_ENTRY | L4)
  58.101 +  __rw_entry(v, va, gl4e, GUEST_ENTRY | GET_ENTRY | PAGING_L4)
  58.102  #define __guest_set_l3e(v, va, value) \
  58.103 -  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L3)
  58.104 +  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L3)
  58.105  #define __guest_get_l3e(v, va, sl3e) \
  58.106 -  __rw_entry(v, va, gl3e, GUEST_ENTRY | GET_ENTRY | L3)
  58.107 +  __rw_entry(v, va, gl3e, GUEST_ENTRY | GET_ENTRY | PAGING_L3)
  58.108  
  58.109  static inline void *  __guest_set_l2e(
  58.110      struct vcpu *v, u64 va, void *value, int size)
  58.111 @@ -205,7 +219,7 @@ static inline void *  __guest_set_l2e(
  58.112                  return &l2va[l2_table_offset_32(va)];
  58.113              }
  58.114          case 8:
  58.115 -            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L2);
  58.116 +            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L2);
  58.117          default:
  58.118              BUG();
  58.119              return NULL;
  58.120 @@ -230,7 +244,7 @@ static inline void * __guest_get_l2e(
  58.121                  return &l2va[l2_table_offset_32(va)];
  58.122              }
  58.123          case 8:
  58.124 -            return __rw_entry(v, va, gl2e, GUEST_ENTRY | GET_ENTRY | L2);
  58.125 +            return __rw_entry(v, va, gl2e, GUEST_ENTRY | GET_ENTRY | PAGING_L2);
  58.126          default:
  58.127              BUG();
  58.128              return NULL;
  58.129 @@ -269,7 +283,7 @@ static inline void *  __guest_set_l1e(
  58.130              }
  58.131  
  58.132          case 8:
  58.133 -            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L1);
  58.134 +            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L1);
  58.135          default:
  58.136              BUG();
  58.137              return NULL;
  58.138 @@ -310,7 +324,7 @@ static inline void *  __guest_get_l1e(
  58.139              }
  58.140          case 8:
  58.141              // 64-bit guest
  58.142 -            return __rw_entry(v, va, gl1e, GUEST_ENTRY | GET_ENTRY | L1);
  58.143 +            return __rw_entry(v, va, gl1e, GUEST_ENTRY | GET_ENTRY | PAGING_L1);
  58.144          default:
  58.145              BUG();
  58.146              return NULL;
  58.147 @@ -334,7 +348,7 @@ static inline void entry_general(
  58.148      sle = entry_empty();
  58.149      if ( (entry_get_flags(gle) & _PAGE_PRESENT) && (smfn != 0) )
  58.150      {
  58.151 -        if ((entry_get_flags(gle) & _PAGE_PSE) && level == L2) {
  58.152 +        if ((entry_get_flags(gle) & _PAGE_PSE) && level == PAGING_L2) {
  58.153              sle = entry_from_pfn(smfn, entry_get_flags(gle));
  58.154              entry_remove_flags(sle, _PAGE_PSE);
  58.155  
  58.156 @@ -376,7 +390,7 @@ static inline void entry_propagate_from_
  58.157      unsigned long smfn = 0;
  58.158  
  58.159      if ( entry_get_flags(gle) & _PAGE_PRESENT ) {
  58.160 -        if ((entry_get_flags(gle) & _PAGE_PSE) && level == L2) {
  58.161 +        if ((entry_get_flags(gle) & _PAGE_PSE) && level == PAGING_L2) {
  58.162              smfn =  __shadow_status(d, entry_get_value(gle) >> PAGE_SHIFT, PGT_fl1_shadow);
  58.163          } else {
  58.164              smfn =  __shadow_status(d, entry_get_pfn(gle), 
  58.165 @@ -421,88 +435,6 @@ validate_entry_change(
  58.166      return 1;
  58.167  }
  58.168  
  58.169 -/*
  58.170 - * Check P, R/W, U/S bits in the guest page table.
  58.171 - * If the fault belongs to guest return 1,
  58.172 - * else return 0.
  58.173 - */
  58.174 -static inline int guest_page_fault(struct vcpu *v,
  58.175 -  unsigned long va, unsigned int error_code, pgentry_64_t *gpl2e, pgentry_64_t *gpl1e)
  58.176 -{
  58.177 -    struct domain *d = v->domain;
  58.178 -    pgentry_64_t gle, *lva;
  58.179 -    unsigned long mfn;
  58.180 -    int i;
  58.181 -
  58.182 -    __rw_entry(v, va, &gle, GUEST_ENTRY | GET_ENTRY | L4);
  58.183 -    if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  58.184 -        return 1;
  58.185 -
  58.186 -    if (error_code & ERROR_W) {
  58.187 -        if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  58.188 -            return 1;
  58.189 -    }
  58.190 -    if (error_code & ERROR_U) {
  58.191 -        if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  58.192 -            return 1;
  58.193 -    }
  58.194 -    for (i = L3; i >= L1; i--) {
  58.195 -	/*
  58.196 -	 * If it's not external mode, then mfn should be machine physical.
  58.197 -	 */
  58.198 -	mfn = __gpfn_to_mfn(d, (entry_get_paddr(gle) >> PAGE_SHIFT));
  58.199 -        if (mfn == -1)
  58.200 -            return 1;
  58.201 -
  58.202 -        lva = (pgentry_64_t *) phys_to_virt(
  58.203 -	    mfn << PAGE_SHIFT);
  58.204 -        gle = lva[table_offset_64(va, i)];
  58.205 -
  58.206 -        if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  58.207 -            return 1;
  58.208 -
  58.209 -        if (error_code & ERROR_W) {
  58.210 -            if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  58.211 -                return 1;
  58.212 -        }
  58.213 -        if (error_code & ERROR_U) {
  58.214 -            if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  58.215 -                return 1;
  58.216 -        }
  58.217 -
  58.218 -        if (i == L2) {
  58.219 -            if (gpl2e)
  58.220 -                *gpl2e = gle;
  58.221 -
  58.222 -            if (likely(entry_get_flags(gle) & _PAGE_PSE))
  58.223 -                return 0;
  58.224 -
  58.225 -        }
  58.226 -
  58.227 -        if (i == L1)
  58.228 -            if (gpl1e)
  58.229 -                *gpl1e = gle;
  58.230 -    }
  58.231 -    return 0;
  58.232 -}
  58.233 -
  58.234 -static inline unsigned long gva_to_gpa(unsigned long gva)
  58.235 -{
  58.236 -    struct vcpu *v = current;
  58.237 -    pgentry_64_t gl1e = {0};
  58.238 -    pgentry_64_t gl2e = {0};
  58.239 -    unsigned long gpa;
  58.240 -
  58.241 -    if (guest_page_fault(v, gva, 0, &gl2e, &gl1e))
  58.242 -        return 0;
  58.243 -    if (entry_get_flags(gl2e) & _PAGE_PSE)
  58.244 -        gpa = entry_get_paddr(gl2e) + (gva & ((1 << L2_PAGETABLE_SHIFT) - 1));
  58.245 -    else
  58.246 -        gpa = entry_get_paddr(gl1e) + (gva & ~PAGE_MASK);
  58.247 -
  58.248 -    return gpa;
  58.249 -
  58.250 -}
  58.251  #endif
  58.252  
  58.253  
    59.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    59.2 +++ b/xen/include/asm-x86/shadow_ops.h	Fri Sep 02 14:17:08 2005 +0000
    59.3 @@ -0,0 +1,130 @@
    59.4 +/******************************************************************************
    59.5 + * include/asm-x86/shadow_ops.h
    59.6 + * 
    59.7 + * Copyright (c) 2005 Michael A Fetterman
    59.8 + * Based on an earlier implementation by Ian Pratt et al
    59.9 + * 
   59.10 + * This program is free software; you can redistribute it and/or modify
   59.11 + * it under the terms of the GNU General Public License as published by
   59.12 + * the Free Software Foundation; either version 2 of the License, or
   59.13 + * (at your option) any later version.
   59.14 + * 
   59.15 + * This program is distributed in the hope that it will be useful,
   59.16 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
   59.17 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   59.18 + * GNU General Public License for more details.
   59.19 + * 
   59.20 + * You should have received a copy of the GNU General Public License
   59.21 + * along with this program; if not, write to the Free Software
   59.22 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   59.23 + */
   59.24 +
   59.25 +#ifndef _XEN_SHADOW_OPS_H
   59.26 +#define _XEN_SHADOW_OPS_H
   59.27 +
   59.28 +#if defined( GUEST_PGENTRY_32 )
   59.29 +
   59.30 +#define GUEST_L1_PAGETABLE_ENTRIES     L1_PAGETABLE_ENTRIES_32
   59.31 +#define GUEST_L2_PAGETABLE_ENTRIES     L2_PAGETABLE_ENTRIES_32
   59.32 +#define GUEST_ROOT_PAGETABLE_ENTRIES   ROOT_PAGETABLE_ENTRIES_32
   59.33 +#define GUEST_L2_PAGETABLE_SHIFT       L2_PAGETABLE_SHIFT_32
   59.34 +
   59.35 +#define guest_l1_pgentry_t      l1_pgentry_32_t
   59.36 +#define guest_l2_pgentry_t      l2_pgentry_32_t
   59.37 +#define guest_root_pgentry_t    l2_pgentry_32_t
   59.38 +
   59.39 +#define guest_l1e_get_paddr     l1e_get_paddr_32
   59.40 +#define guest_l2e_get_paddr     l2e_get_paddr_32
   59.41 +
   59.42 +#define guest_get_pte_flags     get_pte_flags_32
   59.43 +#define guest_put_pte_flags     put_pte_flags_32
   59.44 +
   59.45 +#define guest_l1e_get_flags     l1e_get_flags_32
   59.46 +#define guest_l2e_get_flags     l2e_get_flags_32
   59.47 +#define guest_root_get_flags          l2e_get_flags_32
   59.48 +#define guest_root_get_intpte         l2e_get_intpte
   59.49 +
   59.50 +#define guest_l1e_empty         l1e_empty_32
   59.51 +#define guest_l2e_empty         l2e_empty_32
   59.52 +
   59.53 +#define guest_l1e_from_pfn      l1e_from_pfn_32
   59.54 +#define guest_l2e_from_pfn      l2e_from_pfn_32
   59.55 +
   59.56 +#define guest_l1e_from_paddr    l1e_from_paddr_32
   59.57 +#define guest_l2e_from_paddr    l2e_from_paddr_32
   59.58 +
   59.59 +#define guest_l1e_from_page     l1e_from_page_32
   59.60 +#define guest_l2e_from_page     l2e_from_page_32
   59.61 +
   59.62 +#define guest_l1e_add_flags     l1e_add_flags_32
   59.63 +#define guest_l2e_add_flags     l2e_add_flags_32
   59.64 +
   59.65 +#define guest_l1e_remove_flag   l1e_remove_flags_32
   59.66 +#define guest_l2e_remove_flag   l2e_remove_flags_32
   59.67 +
   59.68 +#define guest_l1e_has_changed   l1e_has_changed_32
   59.69 +#define guest_l2e_has_changed   l2e_has_changed_32
   59.70 +#define root_entry_has_changed  l2e_has_changed_32
   59.71 +
   59.72 +#define guest_l1_table_offset   l1_table_offset_32
   59.73 +#define guest_l2_table_offset   l2_table_offset_32
   59.74 +
   59.75 +#define guest_linear_l1_table   linear_pg_table_32
   59.76 +#define guest_linear_l2_table   linear_l2_table_32
   59.77 +
   59.78 +#define guest_va_to_l1mfn       va_to_l1mfn_32
   59.79 +
   59.80 +#else
   59.81 +
   59.82 +#define GUEST_L1_PAGETABLE_ENTRIES      L1_PAGETABLE_ENTRIES
   59.83 +#define GUEST_L2_PAGETABLE_ENTRIES      L2_PAGETABLE_ENTRIES
   59.84 +#define GUEST_ROOT_PAGETABLE_ENTRIES    ROOT_PAGETABLE_ENTRIES
   59.85 +#define GUEST_L2_PAGETABLE_SHIFT        L2_PAGETABLE_SHIFT
   59.86 +
   59.87 +#define guest_l1_pgentry_t      l1_pgentry_t
   59.88 +#define guest_l2_pgentry_t      l2_pgentry_t
   59.89 +#define guest_root_pgentry_t    l4_pgentry_t
   59.90 +
   59.91 +#define guest_l1e_get_paddr     l1e_get_paddr
   59.92 +#define guest_l2e_get_paddr     l2e_get_paddr
   59.93 +
   59.94 +#define guest_get_pte_flags     get_pte_flags
   59.95 +#define guest_put_pte_flags     put_pte_flags
   59.96 +
   59.97 +#define guest_l1e_get_flags     l1e_get_flags
   59.98 +#define guest_l2e_get_flags     l2e_get_flags
   59.99 +#define guest_root_get_flags    l4e_get_flags
  59.100 +#define guest_root_get_intpte   l4e_get_intpte
  59.101 +
  59.102 +#define guest_l1e_empty         l1e_empty
  59.103 +#define guest_l2e_empty         l2e_empty
  59.104 +
  59.105 +#define guest_l1e_from_pfn      l1e_from_pfn
  59.106 +#define guest_l2e_from_pfn      l2e_from_pfn
  59.107 +
  59.108 +#define guest_l1e_from_paddr    l1e_from_paddr
  59.109 +#define guest_l2e_from_paddr    l2e_from_paddr
  59.110 +
  59.111 +#define guest_l1e_from_page     l1e_from_page
  59.112 +#define guest_l2e_from_page     l2e_from_page
  59.113 +
  59.114 +#define guest_l1e_add_flags     l1e_add_flags
  59.115 +#define guest_l2e_add_flags     l2e_add_flags
  59.116 +
  59.117 +#define guest_l1e_remove_flag   l1e_remove_flags
  59.118 +#define guest_l2e_remove_flag   l2e_remove_flags
  59.119 +
  59.120 +#define guest_l1e_has_changed   l1e_has_changed
  59.121 +#define guest_l2e_has_changed   l2e_has_changed
  59.122 +#define root_entry_has_changed  l4e_has_changed
  59.123 +
  59.124 +#define guest_l1_table_offset   l1_table_offset
  59.125 +#define guest_l2_table_offset   l2_table_offset
  59.126 +
  59.127 +#define guest_linear_l1_table   linear_pg_table
  59.128 +#define guest_linear_l2_table   linear_l2_table
  59.129 +
  59.130 +#define guest_va_to_l1mfn       va_to_l1mfn
  59.131 +#endif
  59.132 +
  59.133 +#endif	/* _XEN_SHADOW_OPS_H */
    60.1 --- a/xen/include/asm-x86/shadow_public.h	Fri Sep 02 14:15:49 2005 +0000
    60.2 +++ b/xen/include/asm-x86/shadow_public.h	Fri Sep 02 14:17:08 2005 +0000
    60.3 @@ -49,6 +49,7 @@ struct shadow_ops {
    60.4           (*mark_mfn_out_of_sync)(struct vcpu *v, unsigned long gpfn,
    60.5                                unsigned long mfn);
    60.6      int  (*is_out_of_sync)(struct vcpu *v, unsigned long va);
    60.7 +    unsigned long (*gva_to_gpa)(unsigned long gva);
    60.8  };
    60.9  #endif
   60.10  
    61.1 --- a/xen/include/asm-x86/x86_32/asm_defns.h	Fri Sep 02 14:15:49 2005 +0000
    61.2 +++ b/xen/include/asm-x86/x86_32/asm_defns.h	Fri Sep 02 14:17:08 2005 +0000
    61.3 @@ -1,10 +1,20 @@
    61.4  #ifndef __X86_32_ASM_DEFNS_H__
    61.5  #define __X86_32_ASM_DEFNS_H__
    61.6  
    61.7 +#ifndef NDEBUG
    61.8 +/* Indicate special exception stack frame by inverting the frame pointer. */
    61.9 +#define SETUP_EXCEPTION_FRAME_POINTER           \
   61.10 +        movl  %esp,%ebp;                        \
   61.11 +        notl  %ebp
   61.12 +#else
   61.13 +#define SETUP_EXCEPTION_FRAME_POINTER
   61.14 +#endif
   61.15 +
   61.16  #define __SAVE_ALL_PRE                                  \
   61.17          cld;                                            \
   61.18          pushl %eax;                                     \
   61.19          pushl %ebp;                                     \
   61.20 +        SETUP_EXCEPTION_FRAME_POINTER;                  \
   61.21          pushl %edi;                                     \
   61.22          pushl %esi;                                     \
   61.23          pushl %edx;                                     \
    62.1 --- a/xen/include/asm-x86/x86_64/asm_defns.h	Fri Sep 02 14:15:49 2005 +0000
    62.2 +++ b/xen/include/asm-x86/x86_64/asm_defns.h	Fri Sep 02 14:17:08 2005 +0000
    62.3 @@ -1,6 +1,15 @@
    62.4  #ifndef __X86_64_ASM_DEFNS_H__
    62.5  #define __X86_64_ASM_DEFNS_H__
    62.6  
    62.7 +#ifndef NDEBUG
    62.8 +/* Indicate special exception stack frame by inverting the frame pointer. */
    62.9 +#define SETUP_EXCEPTION_FRAME_POINTER           \
   62.10 +        movq  %rsp,%rbp;                        \
   62.11 +        notq  %rbp
   62.12 +#else
   62.13 +#define SETUP_EXCEPTION_FRAME_POINTER
   62.14 +#endif
   62.15 +
   62.16  #define SAVE_ALL                                \
   62.17          cld;                                    \
   62.18          pushq %rdi;                             \
   62.19 @@ -14,6 +23,7 @@
   62.20          pushq %r11;                             \
   62.21          pushq %rbx;                             \
   62.22          pushq %rbp;                             \
   62.23 +        SETUP_EXCEPTION_FRAME_POINTER;          \
   62.24          pushq %r12;                             \
   62.25          pushq %r13;                             \
   62.26          pushq %r14;                             \
    63.1 --- a/xen/include/public/acm.h	Fri Sep 02 14:15:49 2005 +0000
    63.2 +++ b/xen/include/public/acm.h	Fri Sep 02 14:17:08 2005 +0000
    63.3 @@ -56,20 +56,22 @@
    63.4  #define ACM_ACCESS_DENIED		-111
    63.5  #define ACM_NULL_POINTER_ERROR		-200
    63.6  
    63.7 -#define ACM_MAX_POLICY  3
    63.8 -
    63.9 +/* primary policy in lower 4 bits */
   63.10  #define ACM_NULL_POLICY	0
   63.11  #define ACM_CHINESE_WALL_POLICY	1
   63.12  #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
   63.13 -#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3
   63.14 +
   63.15 +/* combinations have secondary policy component in higher 4bit */
   63.16 +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
   63.17 +    ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY)
   63.18  
   63.19  /* policy: */
   63.20  #define ACM_POLICY_NAME(X) \
   63.21 -	(X == ACM_NULL_POLICY) ? "NULL policy" : \
   63.22 -	(X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \
   63.23 -	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   63.24 -	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   63.25 -	"UNDEFINED policy"
   63.26 +	((X) == (ACM_NULL_POLICY)) ? "NULL policy" :                        \
   63.27 +    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" :        \
   63.28 +    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   63.29 +    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   63.30 +     "UNDEFINED policy"
   63.31  
   63.32  /* the following policy versions must be increased
   63.33   * whenever the interpretation of the related
   63.34 @@ -122,7 +124,7 @@ typedef u16 domaintype_t;
   63.35   */
   63.36  struct acm_policy_buffer {
   63.37  	u32 policy_version; /* ACM_POLICY_VERSION */
   63.38 -        u32 magic;
   63.39 +    u32 magic;
   63.40  	u32 len;
   63.41  	u32 primary_policy_code;
   63.42  	u32 primary_buffer_offset;
   63.43 @@ -151,7 +153,7 @@ struct acm_ste_policy_buffer {
   63.44  };
   63.45  
   63.46  struct acm_stats_buffer {
   63.47 -        u32 magic;
   63.48 +    u32 magic;
   63.49  	u32 len;
   63.50  	u32 primary_policy_code;
   63.51  	u32 primary_stats_offset;
   63.52 @@ -168,5 +170,15 @@ struct acm_ste_stats_buffer {
   63.53  	u32 gt_cachehit_count;
   63.54  };
   63.55  
   63.56 +struct acm_ssid_buffer {
   63.57 +	u32 len;
   63.58 +    ssidref_t ssidref;
   63.59 +	u32 primary_policy_code;
   63.60 +	u32 primary_max_types;
   63.61 +    u32 primary_types_offset;
   63.62 +	u32 secondary_policy_code;
   63.63 +    u32 secondary_max_types;
   63.64 +	u32 secondary_types_offset;
   63.65 +};
   63.66  
   63.67  #endif
    64.1 --- a/xen/include/public/acm_ops.h	Fri Sep 02 14:15:49 2005 +0000
    64.2 +++ b/xen/include/public/acm_ops.h	Fri Sep 02 14:17:08 2005 +0000
    64.3 @@ -1,3 +1,4 @@
    64.4 +
    64.5  /******************************************************************************
    64.6   * acm_ops.h
    64.7   *
    64.8 @@ -27,7 +28,7 @@
    64.9   * This makes sure that old versions of acm tools will stop working in a
   64.10   * well-defined way (rather than crashing the machine, for instance).
   64.11   */
   64.12 -#define ACM_INTERFACE_VERSION   0xAAAA0003
   64.13 +#define ACM_INTERFACE_VERSION   0xAAAA0004
   64.14  
   64.15  /************************************************************************/
   64.16  
   64.17 @@ -46,6 +47,7 @@ typedef struct acm_getpolicy {
   64.18      u16 pullcache_size;
   64.19  } acm_getpolicy_t;
   64.20  
   64.21 +
   64.22  #define ACM_DUMPSTATS        	6
   64.23  typedef struct acm_dumpstats {
   64.24      void *pullcache;
   64.25 @@ -53,6 +55,18 @@ typedef struct acm_dumpstats {
   64.26  } acm_dumpstats_t;
   64.27  
   64.28  
   64.29 +#define ACM_GETSSID          	7
   64.30 +enum get_type {UNSET, SSIDREF, DOMAINID};
   64.31 +typedef struct acm_getssid {
   64.32 +	enum get_type get_ssid_by;
   64.33 +	union {
   64.34 +		domaintype_t domainid;
   64.35 +		ssidref_t    ssidref;
   64.36 +	} id;
   64.37 +    void *ssidbuf;
   64.38 +    u16 ssidbuf_size;
   64.39 +} acm_getssid_t;
   64.40 +
   64.41  typedef struct acm_op {
   64.42      u32 cmd;
   64.43      u32 interface_version;      /* ACM_INTERFACE_VERSION */
   64.44 @@ -60,6 +74,7 @@ typedef struct acm_op {
   64.45          acm_setpolicy_t setpolicy;
   64.46          acm_getpolicy_t getpolicy;
   64.47          acm_dumpstats_t dumpstats;
   64.48 +        acm_getssid_t getssid;
   64.49      } u;
   64.50  } acm_op_t;
   64.51  
    65.1 --- a/xen/include/public/io/netif.h	Fri Sep 02 14:15:49 2005 +0000
    65.2 +++ b/xen/include/public/io/netif.h	Fri Sep 02 14:17:08 2005 +0000
    65.3 @@ -23,13 +23,13 @@ typedef struct netif_tx_response {
    65.4  
    65.5  typedef struct {
    65.6      u16       id;    /* Echoed in response message.        */
    65.7 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
    65.8 +#ifdef CONFIG_XEN_NETDEV_GRANT
    65.9      grant_ref_t gref;	/* 2: Reference to incoming granted frame */
   65.10  #endif
   65.11  } netif_rx_request_t;
   65.12  
   65.13  typedef struct {
   65.14 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   65.15 +#ifdef CONFIG_XEN_NETDEV_GRANT
   65.16      u32      addr;   /*  0: Offset in page of start of received packet  */
   65.17  #else
   65.18      unsigned long addr; /* Machine address of packet.              */