ia64/xen-unstable

changeset 6604:291e816acbf4

merge?
author cl349@firebug.cl.cam.ac.uk
date Fri Sep 02 14:17:08 2005 +0000 (2005-09-02)
parents edd1616cf8cb fc12b08bf4fe
children cac138ea9284
files extras/mini-os/README extras/mini-os/domain_config extras/mini-os/include/hypervisor.h extras/mini-os/include/list.h linux-2.6-xen-sparse/arch/xen/Kconfig linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32 linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64 linux-2.6-xen-sparse/arch/xen/kernel/gnttab.c linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c linux-2.6-xen-sparse/drivers/xen/netback/common.h linux-2.6-xen-sparse/drivers/xen/netback/interface.c linux-2.6-xen-sparse/drivers/xen/netback/netback.c linux-2.6-xen-sparse/drivers/xen/netback/xenbus.c linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c linux-2.6-xen-sparse/include/asm-xen/xenbus.h tools/Makefile tools/check/check_brctl tools/check/check_iproute tools/check/check_logging tools/check/check_python tools/check/check_zlib_devel tools/check/check_zlib_lib tools/check/chk tools/console/daemon/utils.c tools/examples/xen-backend.agent tools/python/xen/xend/XendDomainInfo.py tools/security/Makefile tools/security/getlabel.sh tools/security/labelfuncs.sh tools/security/secpol_tool.c tools/security/setlabel.sh xen/Rules.mk xen/acm/acm_chinesewall_hooks.c xen/acm/acm_core.c xen/acm/acm_null_hooks.c xen/acm/acm_policy.c xen/acm/acm_simple_type_enforcement_hooks.c xen/arch/x86/Makefile xen/arch/x86/Rules.mk xen/arch/x86/apic.c xen/arch/x86/boot/x86_32.S xen/arch/x86/boot/x86_64.S xen/arch/x86/shadow.c xen/arch/x86/shadow_guest32.c xen/arch/x86/shadow_public.c xen/arch/x86/traps.c xen/arch/x86/vmx.c xen/arch/x86/x86_32/traps.c xen/arch/x86/x86_64/traps.c xen/common/acm_ops.c xen/common/domain.c xen/common/grant_table.c xen/include/acm/acm_core.h xen/include/acm/acm_hooks.h xen/include/asm-x86/page-guest32.h xen/include/asm-x86/processor.h xen/include/asm-x86/shadow.h xen/include/asm-x86/shadow_64.h xen/include/asm-x86/shadow_ops.h xen/include/asm-x86/shadow_public.h xen/include/asm-x86/x86_32/asm_defns.h xen/include/asm-x86/x86_64/asm_defns.h xen/include/public/acm.h xen/include/public/acm_ops.h xen/include/public/io/netif.h
line diff
     1.1 --- a/extras/mini-os/README	Fri Sep 02 14:15:49 2005 +0000
     1.2 +++ b/extras/mini-os/README	Fri Sep 02 14:17:08 2005 +0000
     1.3 @@ -23,13 +23,8 @@ Stuff it doesn't show:
     1.4  
     1.5  - to build it just type make.
     1.6  
     1.7 -- copy image.final somewhere where dom0 can access it
     1.8 +- to start it do the following in domain0 (assuming xend is running)
     1.9 +  # xm create domain_config
    1.10  
    1.11 -- in dom0
    1.12 -  # xi_create 16000 test
    1.13 -    <domid>
    1.14 -  # xi_build <domid> image.final 0
    1.15 -  # xi_start <domid>
    1.16 -
    1.17 -this prints out a bunch of stuff and then every 1000 timer interrupts the
    1.18 -system time.
    1.19 +this starts the kernel and prints out a bunch of stuff and then every
    1.20 +1000 timer interrupts the system time.
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/extras/mini-os/domain_config	Fri Sep 02 14:17:08 2005 +0000
     2.3 @@ -0,0 +1,17 @@
     2.4 +#  -*- mode: python; -*-
     2.5 +#============================================================================
     2.6 +# Python configuration setup for 'xm create'.
     2.7 +# This script sets the parameters used when a domain is created using 'xm create'.
     2.8 +# You use a separate script for each domain you want to create, or 
     2.9 +# you can set the parameters for the domain on the xm command line.
    2.10 +#============================================================================
    2.11 +
    2.12 +#----------------------------------------------------------------------------
    2.13 +# Kernel image file.
    2.14 +kernel = "mini-os.elf"
    2.15 +
    2.16 +# Initial memory allocation (in megabytes) for the new domain.
    2.17 +memory = 32
    2.18 +
    2.19 +# A name for your domain. All domains must have different names.
    2.20 +name = "Mini-OS"
     3.1 --- a/extras/mini-os/include/hypervisor.h	Fri Sep 02 14:15:49 2005 +0000
     3.2 +++ b/extras/mini-os/include/hypervisor.h	Fri Sep 02 14:17:08 2005 +0000
     3.3 @@ -329,7 +329,7 @@ static __inline__ int HYPERVISOR_dom_mem
     3.4      int ret;
     3.5      __asm__ __volatile__ (
     3.6          TRAP_INSTR
     3.7 -        : "=a" (ret) : "0" (__HYPERVISOR_dom_mem_op),
     3.8 +        : "=a" (ret) : "0" (__HYPERVISOR_memory_op),
     3.9          _a1 (dom_mem_op) : "memory" );
    3.10  
    3.11      return ret;
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/extras/mini-os/include/list.h	Fri Sep 02 14:17:08 2005 +0000
     4.3 @@ -0,0 +1,184 @@
     4.4 +#ifndef _LINUX_LIST_H
     4.5 +#define _LINUX_LIST_H
     4.6 +
     4.7 +/*
     4.8 + * Simple doubly linked list implementation.
     4.9 + *
    4.10 + * Some of the internal functions ("__xxx") are useful when
    4.11 + * manipulating whole lists rather than single entries, as
    4.12 + * sometimes we already know the next/prev entries and we can
    4.13 + * generate better code by using them directly rather than
    4.14 + * using the generic single-entry routines.
    4.15 + */
    4.16 +
    4.17 +struct list_head {
    4.18 +	struct list_head *next, *prev;
    4.19 +};
    4.20 +
    4.21 +#define LIST_HEAD_INIT(name) { &(name), &(name) }
    4.22 +
    4.23 +#define LIST_HEAD(name) \
    4.24 +	struct list_head name = LIST_HEAD_INIT(name)
    4.25 +
    4.26 +#define INIT_LIST_HEAD(ptr) do { \
    4.27 +	(ptr)->next = (ptr); (ptr)->prev = (ptr); \
    4.28 +} while (0)
    4.29 +
    4.30 +/*
    4.31 + * Insert a new entry between two known consecutive entries. 
    4.32 + *
    4.33 + * This is only for internal list manipulation where we know
    4.34 + * the prev/next entries already!
    4.35 + */
    4.36 +static __inline__ void __list_add(struct list_head * new,
    4.37 +	struct list_head * prev,
    4.38 +	struct list_head * next)
    4.39 +{
    4.40 +	next->prev = new;
    4.41 +	new->next = next;
    4.42 +	new->prev = prev;
    4.43 +	prev->next = new;
    4.44 +}
    4.45 +
    4.46 +/**
    4.47 + * list_add - add a new entry
    4.48 + * @new: new entry to be added
    4.49 + * @head: list head to add it after
    4.50 + *
    4.51 + * Insert a new entry after the specified head.
    4.52 + * This is good for implementing stacks.
    4.53 + */
    4.54 +static __inline__ void list_add(struct list_head *new, struct list_head *head)
    4.55 +{
    4.56 +	__list_add(new, head, head->next);
    4.57 +}
    4.58 +
    4.59 +/**
    4.60 + * list_add_tail - add a new entry
    4.61 + * @new: new entry to be added
    4.62 + * @head: list head to add it before
    4.63 + *
    4.64 + * Insert a new entry before the specified head.
    4.65 + * This is useful for implementing queues.
    4.66 + */
    4.67 +static __inline__ void list_add_tail(struct list_head *new, struct list_head *head)
    4.68 +{
    4.69 +	__list_add(new, head->prev, head);
    4.70 +}
    4.71 +
    4.72 +/*
    4.73 + * Delete a list entry by making the prev/next entries
    4.74 + * point to each other.
    4.75 + *
    4.76 + * This is only for internal list manipulation where we know
    4.77 + * the prev/next entries already!
    4.78 + */
    4.79 +static __inline__ void __list_del(struct list_head * prev,
    4.80 +				  struct list_head * next)
    4.81 +{
    4.82 +	next->prev = prev;
    4.83 +	prev->next = next;
    4.84 +}
    4.85 +
    4.86 +/**
    4.87 + * list_del - deletes entry from list.
    4.88 + * @entry: the element to delete from the list.
    4.89 + * Note: list_empty on entry does not return true after this, the entry is in an undefined state.
    4.90 + */
    4.91 +static __inline__ void list_del(struct list_head *entry)
    4.92 +{
    4.93 +	__list_del(entry->prev, entry->next);
    4.94 +}
    4.95 +
    4.96 +/**
    4.97 + * list_del_init - deletes entry from list and reinitialize it.
    4.98 + * @entry: the element to delete from the list.
    4.99 + */
   4.100 +static __inline__ void list_del_init(struct list_head *entry)
   4.101 +{
   4.102 +	__list_del(entry->prev, entry->next);
   4.103 +	INIT_LIST_HEAD(entry); 
   4.104 +}
   4.105 +
   4.106 +/**
   4.107 + * list_empty - tests whether a list is empty
   4.108 + * @head: the list to test.
   4.109 + */
   4.110 +static __inline__ int list_empty(struct list_head *head)
   4.111 +{
   4.112 +	return head->next == head;
   4.113 +}
   4.114 +
   4.115 +/**
   4.116 + * list_splice - join two lists
   4.117 + * @list: the new list to add.
   4.118 + * @head: the place to add it in the first list.
   4.119 + */
   4.120 +static __inline__ void list_splice(struct list_head *list, struct list_head *head)
   4.121 +{
   4.122 +	struct list_head *first = list->next;
   4.123 +
   4.124 +	if (first != list) {
   4.125 +		struct list_head *last = list->prev;
   4.126 +		struct list_head *at = head->next;
   4.127 +
   4.128 +		first->prev = head;
   4.129 +		head->next = first;
   4.130 +
   4.131 +		last->next = at;
   4.132 +		at->prev = last;
   4.133 +	}
   4.134 +}
   4.135 +
   4.136 +/**
   4.137 + * list_entry - get the struct for this entry
   4.138 + * @ptr:	the &struct list_head pointer.
   4.139 + * @type:	the type of the struct this is embedded in.
   4.140 + * @member:	the name of the list_struct within the struct.
   4.141 + */
   4.142 +#define list_entry(ptr, type, member) \
   4.143 +	((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member)))
   4.144 +
   4.145 +/**
   4.146 + * list_for_each	-	iterate over a list
   4.147 + * @pos:	the &struct list_head to use as a loop counter.
   4.148 + * @head:	the head for your list.
   4.149 + */
   4.150 +#define list_for_each(pos, head) \
   4.151 +	for (pos = (head)->next; pos != (head); pos = pos->next)
   4.152 +        	
   4.153 +/**
   4.154 + * list_for_each_safe	-	iterate over a list safe against removal of list entry
   4.155 + * @pos:	the &struct list_head to use as a loop counter.
   4.156 + * @n:		another &struct list_head to use as temporary storage
   4.157 + * @head:	the head for your list.
   4.158 + */
   4.159 +#define list_for_each_safe(pos, n, head) \
   4.160 +	for (pos = (head)->next, n = pos->next; pos != (head); \
   4.161 +		pos = n, n = pos->next)
   4.162 +
   4.163 +/**
   4.164 + * list_for_each_entry	-	iterate over list of given type
   4.165 + * @pos:	the type * to use as a loop counter.
   4.166 + * @head:	the head for your list.
   4.167 + * @member:	the name of the list_struct within the struct.
   4.168 + */
   4.169 +#define list_for_each_entry(pos, head, member)				\
   4.170 +	for (pos = list_entry((head)->next, typeof(*pos), member);	\
   4.171 +	     &pos->member != (head); 					\
   4.172 +	     pos = list_entry(pos->member.next, typeof(*pos), member))
   4.173 +
   4.174 +/**
   4.175 + * list_for_each_entry_safe - iterate over list of given type safe against removal of list entry
   4.176 + * @pos:	the type * to use as a loop counter.
   4.177 + * @n:		another type * to use as temporary storage
   4.178 + * @head:	the head for your list.
   4.179 + * @member:	the name of the list_struct within the struct.
   4.180 + */
   4.181 +#define list_for_each_entry_safe(pos, n, head, member)			\
   4.182 +	for (pos = list_entry((head)->next, typeof(*pos), member),	\
   4.183 +		n = list_entry(pos->member.next, typeof(*pos), member);	\
   4.184 +	     &pos->member != (head); 					\
   4.185 +	     pos = n, n = list_entry(n->member.next, typeof(*n), member))
   4.186 +#endif /* _LINUX_LIST_H */
   4.187 +
     5.1 --- a/linux-2.6-xen-sparse/arch/xen/Kconfig	Fri Sep 02 14:15:49 2005 +0000
     5.2 +++ b/linux-2.6-xen-sparse/arch/xen/Kconfig	Fri Sep 02 14:17:08 2005 +0000
     5.3 @@ -109,15 +109,8 @@ config XEN_NETDEV_FRONTEND
     5.4  	  dedicated device-driver domain, or your master control domain
     5.5  	  (domain 0), then you almost certainly want to say Y here.
     5.6  
     5.7 -config XEN_NETDEV_GRANT_TX
     5.8 -        bool "Grant table substrate for net drivers tx path (DANGEROUS)"
     5.9 -        default n
    5.10 -        help
    5.11 -          This introduces the use of grant tables as a data exhange mechanism
    5.12 -          between the frontend and backend network drivers.
    5.13 -
    5.14 -config XEN_NETDEV_GRANT_RX
    5.15 -        bool "Grant table substrate for net drivers rx path (DANGEROUS)"
    5.16 +config XEN_NETDEV_GRANT
    5.17 +        bool "Grant table substrate for network drivers (DANGEROUS)"
    5.18          default n
    5.19          help
    5.20            This introduces the use of grant tables as a data exhange mechanism
     6.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Sep 02 14:15:49 2005 +0000
     6.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32	Fri Sep 02 14:17:08 2005 +0000
     6.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
     6.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     6.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     6.6  CONFIG_XEN_NETDEV_FRONTEND=y
     6.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     6.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     6.9 +CONFIG_XEN_NETDEV_GRANT=y
    6.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    6.11  # CONFIG_XEN_BLKDEV_TAP is not set
    6.12  # CONFIG_XEN_SHADOW_MODE is not set
    6.13 @@ -1124,7 +1123,7 @@ CONFIG_RAMFS=y
    6.14  # CONFIG_BEFS_FS is not set
    6.15  # CONFIG_BFS_FS is not set
    6.16  # CONFIG_EFS_FS is not set
    6.17 -# CONFIG_CRAMFS is not set
    6.18 +CONFIG_CRAMFS=y
    6.19  # CONFIG_VXFS_FS is not set
    6.20  # CONFIG_HPFS_FS is not set
    6.21  # CONFIG_QNX4FS_FS is not set
     7.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Sep 02 14:15:49 2005 +0000
     7.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64	Fri Sep 02 14:17:08 2005 +0000
     7.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
     7.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     7.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     7.6  CONFIG_XEN_NETDEV_FRONTEND=y
     7.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     7.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     7.9 +CONFIG_XEN_NETDEV_GRANT=y
    7.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    7.11  # CONFIG_XEN_BLKDEV_TAP is not set
    7.12  # CONFIG_XEN_SHADOW_MODE is not set
    7.13 @@ -1033,7 +1032,7 @@ CONFIG_RAMFS=y
    7.14  # CONFIG_BEFS_FS is not set
    7.15  # CONFIG_BFS_FS is not set
    7.16  # CONFIG_EFS_FS is not set
    7.17 -# CONFIG_CRAMFS is not set
    7.18 +CONFIG_CRAMFS=y
    7.19  # CONFIG_VXFS_FS is not set
    7.20  # CONFIG_HPFS_FS is not set
    7.21  # CONFIG_QNX4FS_FS is not set
     8.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32	Fri Sep 02 14:15:49 2005 +0000
     8.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32	Fri Sep 02 14:17:08 2005 +0000
     8.3 @@ -16,8 +16,7 @@ CONFIG_NO_IDLE_HZ=y
     8.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     8.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     8.6  CONFIG_XEN_NETDEV_FRONTEND=y
     8.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     8.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     8.9 +CONFIG_XEN_NETDEV_GRANT=y
    8.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    8.11  # CONFIG_XEN_BLKDEV_TAP is not set
    8.12  # CONFIG_XEN_SHADOW_MODE is not set
     9.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Sep 02 14:15:49 2005 +0000
     9.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64	Fri Sep 02 14:17:08 2005 +0000
     9.3 @@ -16,8 +16,7 @@ CONFIG_NO_IDLE_HZ=y
     9.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
     9.5  CONFIG_XEN_BLKDEV_FRONTEND=y
     9.6  CONFIG_XEN_NETDEV_FRONTEND=y
     9.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
     9.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
     9.9 +CONFIG_XEN_NETDEV_GRANT=y
    9.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    9.11  # CONFIG_XEN_BLKDEV_TAP is not set
    9.12  # CONFIG_XEN_SHADOW_MODE is not set
    10.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32	Fri Sep 02 14:15:49 2005 +0000
    10.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32	Fri Sep 02 14:17:08 2005 +0000
    10.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
    10.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
    10.5  CONFIG_XEN_BLKDEV_FRONTEND=y
    10.6  CONFIG_XEN_NETDEV_FRONTEND=y
    10.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
    10.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
    10.9 +CONFIG_XEN_NETDEV_GRANT=y
   10.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
   10.11  # CONFIG_XEN_BLKDEV_TAP is not set
   10.12  # CONFIG_XEN_SHADOW_MODE is not set
    11.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64	Fri Sep 02 14:15:49 2005 +0000
    11.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64	Fri Sep 02 14:17:08 2005 +0000
    11.3 @@ -19,8 +19,7 @@ CONFIG_XEN_NETDEV_BACKEND=y
    11.4  # CONFIG_XEN_TPMDEV_BACKEND is not set
    11.5  CONFIG_XEN_BLKDEV_FRONTEND=y
    11.6  CONFIG_XEN_NETDEV_FRONTEND=y
    11.7 -CONFIG_XEN_NETDEV_GRANT_TX=y
    11.8 -CONFIG_XEN_NETDEV_GRANT_RX=y
    11.9 +CONFIG_XEN_NETDEV_GRANT=y
   11.10  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
   11.11  # CONFIG_XEN_BLKDEV_TAP is not set
   11.12  # CONFIG_XEN_SHADOW_MODE is not set
    13.1 --- a/linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU	Fri Sep 02 14:15:49 2005 +0000
    13.2 +++ b/linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU	Fri Sep 02 14:17:08 2005 +0000
    13.3 @@ -19,7 +19,7 @@ config TCG_TPM
    13.4  
    13.5  config TCG_XEN
    13.6  	tristate "XEN TPM Interface"
    13.7 -	depends on TCG_TPM && ARCH_XEN
    13.8 +	depends on TCG_TPM && ARCH_XEN && XEN_TPMDEV_FRONTEND
    13.9  	---help---
   13.10  	  If you want to make TPM support available to a Xen
   13.11  	  user domain, say Yes and it will
    14.1 --- a/linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c	Fri Sep 02 14:15:49 2005 +0000
    14.2 +++ b/linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c	Fri Sep 02 14:17:08 2005 +0000
    14.3 @@ -105,7 +105,7 @@ int xencons_ring_init(void)
    14.4  		xen_start_info.console_evtchn, handle_input,
    14.5  		0, "xencons", inring());
    14.6  	if (err) {
    14.7 -		xprintk(KERN_ERR "XEN console request irq failed %i\n", err);
    14.8 +		xprintk("XEN console request irq failed %i\n", err);
    14.9  		unbind_evtchn_from_irq(xen_start_info.console_evtchn);
   14.10  		return err;
   14.11  	}
    15.1 --- a/linux-2.6-xen-sparse/drivers/xen/netback/common.h	Fri Sep 02 14:15:49 2005 +0000
    15.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/common.h	Fri Sep 02 14:17:08 2005 +0000
    15.3 @@ -20,9 +20,12 @@
    15.4  #include <asm/io.h>
    15.5  #include <asm/pgalloc.h>
    15.6  
    15.7 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
    15.8 +#ifdef CONFIG_XEN_NETDEV_GRANT
    15.9  #include <asm-xen/xen-public/grant_table.h>
   15.10  #include <asm-xen/gnttab.h>
   15.11 +
   15.12 +#define GRANT_INVALID_REF (0xFFFF)
   15.13 +
   15.14  #endif
   15.15  
   15.16  
   15.17 @@ -37,6 +40,11 @@
   15.18  #define ASSERT(_p) ((void)0)
   15.19  #define DPRINTK(_f, _a...) ((void)0)
   15.20  #endif
   15.21 +#define IPRINTK(fmt, args...) \
   15.22 +    printk(KERN_INFO "xen_net: " fmt, ##args)
   15.23 +#define WPRINTK(fmt, args...) \
   15.24 +    printk(KERN_WARNING "xen_net: " fmt, ##args)
   15.25 +
   15.26  
   15.27  typedef struct netif_st {
   15.28      /* Unique identifier for this interface. */
   15.29 @@ -47,13 +55,13 @@ typedef struct netif_st {
   15.30  
   15.31      /* Physical parameters of the comms window. */
   15.32      unsigned long    tx_shmem_frame;
   15.33 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   15.34 +#ifdef CONFIG_XEN_NETDEV_GRANT
   15.35      u16              tx_shmem_handle;
   15.36      unsigned long    tx_shmem_vaddr; 
   15.37      grant_ref_t      tx_shmem_ref; 
   15.38  #endif
   15.39      unsigned long    rx_shmem_frame;
   15.40 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   15.41 +#ifdef CONFIG_XEN_NETDEV_GRANT
   15.42      u16              rx_shmem_handle;
   15.43      unsigned long    rx_shmem_vaddr; 
   15.44      grant_ref_t      rx_shmem_ref; 
   15.45 @@ -68,7 +76,7 @@ typedef struct netif_st {
   15.46      /* Private indexes into shared ring. */
   15.47      NETIF_RING_IDX rx_req_cons;
   15.48      NETIF_RING_IDX rx_resp_prod; /* private version of shared variable */
   15.49 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   15.50 +#ifdef CONFIG_XEN_NETDEV_GRANT
   15.51      NETIF_RING_IDX rx_resp_prod_copy; /* private version of shared variable */
   15.52  #endif
   15.53      NETIF_RING_IDX tx_req_cons;
    16.1 --- a/linux-2.6-xen-sparse/drivers/xen/netback/interface.c	Fri Sep 02 14:15:49 2005 +0000
    16.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/interface.c	Fri Sep 02 14:17:08 2005 +0000
    16.3 @@ -111,65 +111,57 @@ netif_t *alloc_netif(domid_t domid, unsi
    16.4      return netif;
    16.5  }
    16.6  
    16.7 -static int map_frontend_page(netif_t *netif, unsigned long localaddr,
    16.8 -			     unsigned long tx_ring_ref, unsigned long rx_ring_ref)
    16.9 +static int map_frontend_pages(netif_t *netif, unsigned long localaddr,
   16.10 +                              unsigned long tx_ring_ref, 
   16.11 +                              unsigned long rx_ring_ref)
   16.12  {
   16.13 -#if !defined(CONFIG_XEN_NETDEV_GRANT_TX)||!defined(CONFIG_XEN_NETDEV_GRANT_RX)
   16.14 +#ifdef CONFIG_XEN_NETDEV_GRANT
   16.15 +    struct gnttab_map_grant_ref op;
   16.16 +
   16.17 +    /* Map: Use the Grant table reference */
   16.18 +    op.host_addr = localaddr;
   16.19 +    op.flags     = GNTMAP_host_map;
   16.20 +    op.ref       = tx_ring_ref;
   16.21 +    op.dom       = netif->domid;
   16.22 +    
   16.23 +    BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   16.24 +    if (op.handle < 0) { 
   16.25 +        DPRINTK(" Grant table operation failure mapping tx_ring_ref!\n");
   16.26 +        return op.handle;
   16.27 +    }
   16.28 +
   16.29 +    netif->tx_shmem_ref    = tx_ring_ref;
   16.30 +    netif->tx_shmem_handle = op.handle;
   16.31 +    netif->tx_shmem_vaddr  = localaddr;
   16.32 +
   16.33 +    /* Map: Use the Grant table reference */
   16.34 +    op.host_addr = localaddr + PAGE_SIZE;
   16.35 +    op.flags     = GNTMAP_host_map;
   16.36 +    op.ref       = rx_ring_ref;
   16.37 +    op.dom       = netif->domid;
   16.38 +
   16.39 +    BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   16.40 +    if (op.handle < 0) { 
   16.41 +        DPRINTK(" Grant table operation failure mapping rx_ring_ref!\n");
   16.42 +        return op.handle;
   16.43 +    }
   16.44 +
   16.45 +    netif->rx_shmem_ref    = rx_ring_ref;
   16.46 +    netif->rx_shmem_handle = op.handle;
   16.47 +    netif->rx_shmem_vaddr  = localaddr + PAGE_SIZE;
   16.48 +
   16.49 +#else
   16.50      pgprot_t      prot = __pgprot(_KERNPG_TABLE);
   16.51      int           err;
   16.52 -#endif
   16.53 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX)
   16.54 -    {
   16.55 -        struct gnttab_map_grant_ref op;
   16.56  
   16.57 -        /* Map: Use the Grant table reference */
   16.58 -        op.host_addr = localaddr;
   16.59 -        op.flags     = GNTMAP_host_map;
   16.60 -        op.ref       = tx_ring_ref;
   16.61 -        op.dom       = netif->domid;
   16.62 -       
   16.63 -	BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   16.64 -        if (op.handle < 0) { 
   16.65 -            DPRINTK(" Grant table operation failure !\n");
   16.66 -            return op.handle;
   16.67 -        }
   16.68 -
   16.69 -        netif->tx_shmem_ref    = tx_ring_ref;
   16.70 -        netif->tx_shmem_handle = op.handle;
   16.71 -        netif->tx_shmem_vaddr  = localaddr;
   16.72 -    }
   16.73 -#else 
   16.74      err = direct_remap_area_pages(&init_mm, localaddr,
   16.75  				  tx_ring_ref<<PAGE_SHIFT, PAGE_SIZE,
   16.76  				  prot, netif->domid); 
   16.77 -    if (err)
   16.78 -	return err;
   16.79 -#endif
   16.80 -
   16.81 -#if defined(CONFIG_XEN_NETDEV_GRANT_RX)
   16.82 -    {
   16.83 -        struct gnttab_map_grant_ref op;
   16.84 -
   16.85 -        /* Map: Use the Grant table reference */
   16.86 -        op.host_addr = localaddr + PAGE_SIZE;
   16.87 -        op.flags     = GNTMAP_host_map;
   16.88 -        op.ref       = rx_ring_ref;
   16.89 -        op.dom       = netif->domid;
   16.90 -
   16.91 -	BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
   16.92 -        if (op.handle < 0) { 
   16.93 -            DPRINTK(" Grant table operation failure !\n");
   16.94 -            return op.handle;
   16.95 -        }
   16.96 -
   16.97 -        netif->rx_shmem_ref    = rx_ring_ref;
   16.98 -        netif->rx_shmem_handle = op.handle;
   16.99 -        netif->rx_shmem_vaddr  = localaddr + PAGE_SIZE;
  16.100 -    }
  16.101 -#else 
  16.102 -    err = direct_remap_area_pages(&init_mm, localaddr + PAGE_SIZE,
  16.103 +    
  16.104 +    err |= direct_remap_area_pages(&init_mm, localaddr + PAGE_SIZE,
  16.105  				  rx_ring_ref<<PAGE_SHIFT, PAGE_SIZE,
  16.106  				  prot, netif->domid);
  16.107 +
  16.108      if (err)
  16.109  	return err;
  16.110  #endif
  16.111 @@ -177,25 +169,23 @@ static int map_frontend_page(netif_t *ne
  16.112      return 0;
  16.113  }
  16.114  
  16.115 -static void unmap_frontend_page(netif_t *netif)
  16.116 +static void unmap_frontend_pages(netif_t *netif)
  16.117  {
  16.118 -#if defined(CONFIG_XEN_NETDEV_GRANT_RX) || defined(CONFIG_XEN_NETDEV_GRANT_TX)
  16.119 +#ifdef CONFIG_XEN_NETDEV_GRANT
  16.120      struct gnttab_unmap_grant_ref op;
  16.121 -#endif
  16.122  
  16.123 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  16.124      op.host_addr    = netif->tx_shmem_vaddr;
  16.125      op.handle       = netif->tx_shmem_handle;
  16.126      op.dev_bus_addr = 0;
  16.127      BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
  16.128 -#endif
  16.129  
  16.130 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  16.131      op.host_addr    = netif->rx_shmem_vaddr;
  16.132      op.handle       = netif->rx_shmem_handle;
  16.133      op.dev_bus_addr = 0;
  16.134      BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
  16.135  #endif
  16.136 +
  16.137 +    return; 
  16.138  }
  16.139  
  16.140  int netif_map(netif_t *netif, unsigned long tx_ring_ref,
  16.141 @@ -209,8 +199,8 @@ int netif_map(netif_t *netif, unsigned l
  16.142      if (vma == NULL)
  16.143          return -ENOMEM;
  16.144  
  16.145 -    err = map_frontend_page(netif, (unsigned long)vma->addr, tx_ring_ref,
  16.146 -			    rx_ring_ref);
  16.147 +    err = map_frontend_pages(netif, (unsigned long)vma->addr, tx_ring_ref,
  16.148 +                             rx_ring_ref);
  16.149      if (err) {
  16.150          vfree(vma->addr);
  16.151  	return err;
  16.152 @@ -222,7 +212,7 @@ int netif_map(netif_t *netif, unsigned l
  16.153      op.u.bind_interdomain.port2 = evtchn;
  16.154      err = HYPERVISOR_event_channel_op(&op);
  16.155      if (err) {
  16.156 -	unmap_frontend_page(netif);
  16.157 +	unmap_frontend_pages(netif);
  16.158  	vfree(vma->addr);
  16.159  	return err;
  16.160      }
  16.161 @@ -267,7 +257,7 @@ static void free_netif(void *arg)
  16.162      unregister_netdev(netif->dev);
  16.163  
  16.164      if (netif->tx) {
  16.165 -	unmap_frontend_page(netif);
  16.166 +	unmap_frontend_pages(netif);
  16.167  	vfree(netif->tx); /* Frees netif->rx as well. */
  16.168      }
  16.169  
    17.1 --- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c	Fri Sep 02 14:15:49 2005 +0000
    17.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c	Fri Sep 02 14:17:08 2005 +0000
    17.3 @@ -14,23 +14,6 @@
    17.4  #include <asm-xen/balloon.h>
    17.5  #include <asm-xen/xen-public/memory.h>
    17.6  
    17.7 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
    17.8 -#include <asm-xen/xen-public/grant_table.h>
    17.9 -#include <asm-xen/gnttab.h>
   17.10 -#ifdef GRANT_DEBUG
   17.11 -static void
   17.12 -dump_packet(int tag, u32 addr, unsigned char *p)
   17.13 -{
   17.14 -	int i;
   17.15 -
   17.16 -	printk(KERN_ALERT "#### rx_action %c %08x ", tag & 0xff, addr);
   17.17 -	for (i = 0; i < 20; i++) {
   17.18 -		printk("%02x", p[i]);
   17.19 -	}
   17.20 -	printk("\n");
   17.21 -}
   17.22 -#endif
   17.23 -#endif
   17.24  
   17.25  static void netif_idx_release(u16 pending_idx);
   17.26  static void netif_page_release(struct page *page);
   17.27 @@ -57,7 +40,8 @@ static struct timer_list net_timer;
   17.28  static struct sk_buff_head rx_queue;
   17.29  static multicall_entry_t rx_mcl[NETIF_RX_RING_SIZE*2+1];
   17.30  static mmu_update_t rx_mmu[NETIF_RX_RING_SIZE];
   17.31 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   17.32 +
   17.33 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.34  static gnttab_donate_t grant_rx_op[MAX_PENDING_REQS];
   17.35  #else
   17.36  static struct mmuext_op rx_mmuext[NETIF_RX_RING_SIZE];
   17.37 @@ -88,18 +72,15 @@ static PEND_RING_IDX dealloc_prod, deall
   17.38  
   17.39  static struct sk_buff_head tx_queue;
   17.40  
   17.41 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   17.42 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.43  static u16 grant_tx_ref[MAX_PENDING_REQS];
   17.44  static gnttab_unmap_grant_ref_t tx_unmap_ops[MAX_PENDING_REQS];
   17.45  static gnttab_map_grant_ref_t tx_map_ops[MAX_PENDING_REQS];
   17.46 +
   17.47  #else
   17.48  static multicall_entry_t tx_mcl[MAX_PENDING_REQS];
   17.49  #endif
   17.50  
   17.51 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
   17.52 -#define GRANT_INVALID_REF (0xFFFF)
   17.53 -#endif
   17.54 -
   17.55  static struct list_head net_schedule_list;
   17.56  static spinlock_t net_schedule_list_lock;
   17.57  
   17.58 @@ -127,7 +108,7 @@ static unsigned long alloc_mfn(void)
   17.59      return mfn;
   17.60  }
   17.61  
   17.62 -#ifndef CONFIG_XEN_NETDEV_GRANT_RX
   17.63 +#ifndef CONFIG_XEN_NETDEV_GRANT
   17.64  static void free_mfn(unsigned long mfn)
   17.65  {
   17.66      unsigned long flags;
   17.67 @@ -200,7 +181,7 @@ int netif_be_start_xmit(struct sk_buff *
   17.68          dev_kfree_skb(skb);
   17.69          skb = nskb;
   17.70      }
   17.71 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   17.72 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.73  #ifdef DEBUG_GRANT
   17.74      printk(KERN_ALERT "#### be_xmit: req_prod=%d req_cons=%d id=%04x gr=%04x\n",
   17.75             netif->rx->req_prod,
   17.76 @@ -246,12 +227,12 @@ int xen_network_done(void)
   17.77  
   17.78  static void net_rx_action(unsigned long unused)
   17.79  {
   17.80 -    netif_t *netif;
   17.81 +    netif_t *netif = NULL; 
   17.82      s8 status;
   17.83      u16 size, id, evtchn;
   17.84      multicall_entry_t *mcl;
   17.85      mmu_update_t *mmu;
   17.86 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   17.87 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.88      gnttab_donate_t *gop;
   17.89  #else
   17.90      struct mmuext_op *mmuext;
   17.91 @@ -266,7 +247,7 @@ static void net_rx_action(unsigned long 
   17.92  
   17.93      mcl = rx_mcl;
   17.94      mmu = rx_mmu;
   17.95 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   17.96 +#ifdef CONFIG_XEN_NETDEV_GRANT
   17.97      gop = grant_rx_op;
   17.98  #else
   17.99      mmuext = rx_mmuext;
  17.100 @@ -282,7 +263,7 @@ static void net_rx_action(unsigned long 
  17.101          if ( (new_mfn = alloc_mfn()) == 0 )
  17.102          {
  17.103              if ( net_ratelimit() )
  17.104 -                printk(KERN_WARNING "Memory squeeze in netback driver.\n");
  17.105 +                WPRINTK("Memory squeeze in netback driver.\n");
  17.106              mod_timer(&net_timer, jiffies + HZ);
  17.107              skb_queue_head(&rx_queue, skb);
  17.108              break;
  17.109 @@ -297,7 +278,7 @@ static void net_rx_action(unsigned long 
  17.110  				pfn_pte_ma(new_mfn, PAGE_KERNEL), 0);
  17.111          mcl++;
  17.112  
  17.113 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.114 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.115          gop->mfn = old_mfn;
  17.116          gop->domid = netif->domid;
  17.117          gop->handle = netif->rx->ring[
  17.118 @@ -340,7 +321,7 @@ static void net_rx_action(unsigned long 
  17.119      mcl->args[3] = DOMID_SELF;
  17.120      mcl++;
  17.121  
  17.122 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.123 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.124      mcl[-2].args[MULTI_UVMFLAGS_INDEX] = UVMF_TLB_FLUSH|UVMF_ALL;
  17.125  #else
  17.126      mcl[-3].args[MULTI_UVMFLAGS_INDEX] = UVMF_TLB_FLUSH|UVMF_ALL;
  17.127 @@ -349,9 +330,17 @@ static void net_rx_action(unsigned long 
  17.128          BUG();
  17.129  
  17.130      mcl = rx_mcl;
  17.131 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.132 -    BUG_ON(HYPERVISOR_grant_table_op(
  17.133 -        GNTTABOP_donate, grant_rx_op, gop - grant_rx_op));
  17.134 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.135 +    if(HYPERVISOR_grant_table_op(GNTTABOP_donate, grant_rx_op, 
  17.136 +                                 gop - grant_rx_op)) { 
  17.137 +        /* 
  17.138 +        ** The other side has given us a bad grant ref, or has no headroom, 
  17.139 +        ** or has gone away. Unfortunately the current grant table code 
  17.140 +        ** doesn't inform us which is the case, so not much we can do. 
  17.141 +        */
  17.142 +        DPRINTK("net_rx: donate to DOM%u failed; dropping (up to) %d "
  17.143 +                "packets.\n", grant_rx_op[0].domid, gop - grant_rx_op); 
  17.144 +    }
  17.145      gop = grant_rx_op;
  17.146  #else
  17.147      mmuext = rx_mmuext;
  17.148 @@ -363,7 +352,7 @@ static void net_rx_action(unsigned long 
  17.149  
  17.150          /* Rederive the machine addresses. */
  17.151          new_mfn = mcl[0].args[1] >> PAGE_SHIFT;
  17.152 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.153 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.154          old_mfn = 0; /* XXX Fix this so we can free_mfn() on error! */
  17.155  #else
  17.156          old_mfn = mmuext[0].mfn;
  17.157 @@ -380,8 +369,13 @@ static void net_rx_action(unsigned long 
  17.158  
  17.159          /* Check the reassignment error code. */
  17.160          status = NETIF_RSP_OKAY;
  17.161 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.162 -        BUG_ON(gop->status != 0); /* XXX */
  17.163 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.164 +        if(gop->status != 0) { 
  17.165 +            DPRINTK("Bad status %d from grant donate to DOM%u\n", 
  17.166 +                    gop->status, netif->domid);
  17.167 +            /* XXX SMH: should free 'old_mfn' here */
  17.168 +            status = NETIF_RSP_ERROR; 
  17.169 +        } 
  17.170  #else
  17.171          if ( unlikely(mcl[1].result != 0) )
  17.172          {
  17.173 @@ -404,7 +398,7 @@ static void net_rx_action(unsigned long 
  17.174  
  17.175          netif_put(netif);
  17.176          dev_kfree_skb(skb);
  17.177 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.178 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.179          mcl++;
  17.180          gop++;
  17.181  #else
  17.182 @@ -420,6 +414,7 @@ static void net_rx_action(unsigned long 
  17.183          notify_via_evtchn(evtchn);
  17.184      }
  17.185  
  17.186 +  out: 
  17.187      /* More work to do? */
  17.188      if ( !skb_queue_empty(&rx_queue) && !timer_pending(&net_timer) )
  17.189          tasklet_schedule(&net_rx_tasklet);
  17.190 @@ -496,7 +491,7 @@ static void tx_credit_callback(unsigned 
  17.191  
  17.192  inline static void net_tx_action_dealloc(void)
  17.193  {
  17.194 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.195 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.196      gnttab_unmap_grant_ref_t *gop;
  17.197  #else
  17.198      multicall_entry_t *mcl;
  17.199 @@ -508,7 +503,7 @@ inline static void net_tx_action_dealloc
  17.200      dc = dealloc_cons;
  17.201      dp = dealloc_prod;
  17.202  
  17.203 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.204 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.205      /*
  17.206       * Free up any grants we have finished using
  17.207       */
  17.208 @@ -542,7 +537,7 @@ inline static void net_tx_action_dealloc
  17.209  #endif
  17.210      while ( dealloc_cons != dp )
  17.211      {
  17.212 -#ifndef CONFIG_XEN_NETDEV_GRANT_TX
  17.213 +#ifndef CONFIG_XEN_NETDEV_GRANT
  17.214          /* The update_va_mapping() must not fail. */
  17.215          BUG_ON(mcl[0].result != 0);
  17.216  #endif
  17.217 @@ -569,7 +564,7 @@ inline static void net_tx_action_dealloc
  17.218          
  17.219          netif_put(netif);
  17.220  
  17.221 -#ifndef CONFIG_XEN_NETDEV_GRANT_TX
  17.222 +#ifndef CONFIG_XEN_NETDEV_GRANT
  17.223          mcl++;
  17.224  #endif
  17.225      }
  17.226 @@ -585,7 +580,7 @@ static void net_tx_action(unsigned long 
  17.227      netif_tx_request_t txreq;
  17.228      u16 pending_idx;
  17.229      NETIF_RING_IDX i;
  17.230 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.231 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.232      gnttab_map_grant_ref_t *mop;
  17.233  #else
  17.234      multicall_entry_t *mcl;
  17.235 @@ -595,7 +590,7 @@ static void net_tx_action(unsigned long 
  17.236      if ( dealloc_cons != dealloc_prod )
  17.237          net_tx_action_dealloc();
  17.238  
  17.239 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.240 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.241      mop = tx_map_ops;
  17.242  #else
  17.243      mcl = tx_mcl;
  17.244 @@ -696,7 +691,7 @@ static void net_tx_action(unsigned long 
  17.245  
  17.246          /* Packets passed to netif_rx() must have some headroom. */
  17.247          skb_reserve(skb, 16);
  17.248 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.249 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.250          mop->host_addr = MMAP_VADDR(pending_idx);
  17.251          mop->dom       = netif->domid;
  17.252          mop->ref       = txreq.addr >> PAGE_SHIFT;
  17.253 @@ -719,7 +714,7 @@ static void net_tx_action(unsigned long 
  17.254  
  17.255          pending_cons++;
  17.256  
  17.257 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.258 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.259          if ( (mop - tx_map_ops) >= ARRAY_SIZE(tx_map_ops) )
  17.260              break;
  17.261  #else
  17.262 @@ -729,7 +724,7 @@ static void net_tx_action(unsigned long 
  17.263  #endif
  17.264      }
  17.265  
  17.266 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.267 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.268      if ( mop == tx_map_ops )
  17.269          return;
  17.270  
  17.271 @@ -752,7 +747,7 @@ static void net_tx_action(unsigned long 
  17.272          memcpy(&txreq, &pending_tx_info[pending_idx].req, sizeof(txreq));
  17.273  
  17.274          /* Check the remap error code. */
  17.275 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.276 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.277          /* 
  17.278             XXX SMH: error returns from grant operations are pretty poorly
  17.279             specified/thought out, but the below at least conforms with 
  17.280 @@ -826,7 +821,7 @@ static void net_tx_action(unsigned long 
  17.281          netif_rx(skb);
  17.282          netif->dev->last_rx = jiffies;
  17.283  
  17.284 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.285 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.286          mop++;
  17.287  #else
  17.288          mcl++;
  17.289 @@ -949,12 +944,9 @@ static int __init netback_init(void)
  17.290           !(xen_start_info.flags & SIF_INITDOMAIN) )
  17.291          return 0;
  17.292  
  17.293 -    printk("Initialising Xen netif backend\n");
  17.294 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  17.295 -    printk("#### netback tx using grant tables\n");
  17.296 -#endif
  17.297 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  17.298 -    printk("#### netback rx using grant tables\n");
  17.299 +    IPRINTK("Initialising Xen netif backend.\n");
  17.300 +#ifdef CONFIG_XEN_NETDEV_GRANT
  17.301 +    IPRINTK("Using grant tables.\n");
  17.302  #endif
  17.303  
  17.304      /* We can increase reservation by this much in net_rx_action(). */
    19.1 --- a/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c	Fri Sep 02 14:15:49 2005 +0000
    19.2 +++ b/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c	Fri Sep 02 14:17:08 2005 +0000
    19.3 @@ -55,9 +55,18 @@
    19.4  #include <asm/page.h>
    19.5  #include <asm/uaccess.h>
    19.6  
    19.7 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
    19.8 +#ifdef CONFIG_XEN_NETDEV_GRANT
    19.9  #include <asm-xen/xen-public/grant_table.h>
   19.10  #include <asm-xen/gnttab.h>
   19.11 +
   19.12 +static grant_ref_t gref_tx_head;
   19.13 +static grant_ref_t grant_tx_ref[NETIF_TX_RING_SIZE + 1]; 
   19.14 +
   19.15 +static grant_ref_t gref_rx_head;
   19.16 +static grant_ref_t grant_rx_ref[NETIF_RX_RING_SIZE + 1];
   19.17 +
   19.18 +#define GRANT_INVALID_REF	(0xFFFF)
   19.19 +
   19.20  #ifdef GRANT_DEBUG
   19.21  static void
   19.22  dump_packet(int tag, void *addr, u32 ap)
   19.23 @@ -71,9 +80,18 @@ dump_packet(int tag, void *addr, u32 ap)
   19.24      }
   19.25      printk("\n");
   19.26  }
   19.27 +
   19.28 +#define GDPRINTK(_f, _a...) printk(KERN_ALERT "(file=%s, line=%d) " _f, \
   19.29 +                           __FILE__ , __LINE__ , ## _a )
   19.30 +#else 
   19.31 +#define dump_packet(x,y,z)  ((void)0)  
   19.32 +#define GDPRINTK(_f, _a...) ((void)0)
   19.33  #endif
   19.34 +
   19.35  #endif
   19.36  
   19.37 +
   19.38 +
   19.39  #ifndef __GFP_NOWARN
   19.40  #define __GFP_NOWARN 0
   19.41  #endif
   19.42 @@ -102,23 +120,11 @@ dump_packet(int tag, void *addr, u32 ap)
   19.43  #define TX_TEST_IDX req_cons  /* conservative: not seen all our requests? */
   19.44  #endif
   19.45  
   19.46 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   19.47 -static grant_ref_t gref_tx_head;
   19.48 -static grant_ref_t grant_tx_ref[NETIF_TX_RING_SIZE + 1];
   19.49 -#endif
   19.50 -
   19.51 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   19.52 -static grant_ref_t gref_rx_head;
   19.53 -static grant_ref_t grant_rx_ref[NETIF_RX_RING_SIZE + 1];
   19.54 -#endif
   19.55 -
   19.56 -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX)
   19.57 -#define GRANT_INVALID_REF	(0xFFFF)
   19.58 -#endif
   19.59  
   19.60  #define NETIF_STATE_DISCONNECTED 0
   19.61  #define NETIF_STATE_CONNECTED    1
   19.62  
   19.63 +
   19.64  static unsigned int netif_state = NETIF_STATE_DISCONNECTED;
   19.65  
   19.66  static void network_tx_buf_gc(struct net_device *dev);
   19.67 @@ -279,7 +285,7 @@ static void network_tx_buf_gc(struct net
   19.68          for (i = np->tx_resp_cons; i != prod; i++) {
   19.69              id  = np->tx->ring[MASK_NETIF_TX_IDX(i)].resp.id;
   19.70              skb = np->tx_skbs[id];
   19.71 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   19.72 +#ifdef CONFIG_XEN_NETDEV_GRANT
   19.73              if (unlikely(gnttab_query_foreign_access(grant_tx_ref[id]) != 0)) {
   19.74                  /* other domain is still using this grant - shouldn't happen
   19.75                     but if it does, we'll try to reclaim the grant later */
   19.76 @@ -310,7 +316,7 @@ static void network_tx_buf_gc(struct net
   19.77          mb();
   19.78      } while (prod != np->tx->resp_prod);
   19.79  
   19.80 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   19.81 +#ifdef CONFIG_XEN_NETDEV_GRANT
   19.82    out: 
   19.83  #endif
   19.84  
   19.85 @@ -330,8 +336,8 @@ static void network_alloc_rx_buffers(str
   19.86      int i, batch_target;
   19.87      NETIF_RING_IDX req_prod = np->rx->req_prod;
   19.88      struct xen_memory_reservation reservation;
   19.89 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
   19.90 -    int ref;
   19.91 +#ifdef CONFIG_XEN_NETDEV_GRANT
   19.92 +    grant_ref_t ref;
   19.93  #endif
   19.94  
   19.95      if (unlikely(np->backend_state != BEST_CONNECTED))
   19.96 @@ -365,9 +371,9 @@ static void network_alloc_rx_buffers(str
   19.97          np->rx_skbs[id] = skb;
   19.98          
   19.99          np->rx->ring[MASK_NETIF_RX_IDX(req_prod + i)].req.id = id;
  19.100 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.101 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.102  	ref = gnttab_claim_grant_reference(&gref_rx_head);
  19.103 -        if (unlikely(ref < 0)) {
  19.104 +        if (unlikely((signed short)ref < 0)) {
  19.105              printk(KERN_ALERT "#### netfront can't claim rx reference\n");
  19.106              BUG();
  19.107          }
  19.108 @@ -426,8 +432,8 @@ static int network_start_xmit(struct sk_
  19.109      struct net_private *np = netdev_priv(dev);
  19.110      netif_tx_request_t *tx;
  19.111      NETIF_RING_IDX i;
  19.112 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.113 -    unsigned int ref;
  19.114 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.115 +    grant_ref_t ref;
  19.116      unsigned long mfn;
  19.117  #endif
  19.118  
  19.119 @@ -464,9 +470,9 @@ static int network_start_xmit(struct sk_
  19.120      tx = &np->tx->ring[MASK_NETIF_TX_IDX(i)].req;
  19.121  
  19.122      tx->id   = id;
  19.123 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.124 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.125      ref = gnttab_claim_grant_reference(&gref_tx_head);
  19.126 -    if (unlikely(ref < 0)) {
  19.127 +    if (unlikely((signed short)ref < 0)) {
  19.128          printk(KERN_ALERT "#### netfront can't claim tx grant reference\n");
  19.129          BUG();
  19.130      }
  19.131 @@ -519,7 +525,7 @@ static irqreturn_t netif_int(int irq, vo
  19.132      network_tx_buf_gc(dev);
  19.133      spin_unlock_irqrestore(&np->tx_lock, flags);
  19.134  
  19.135 -    if ((np->rx_resp_cons != np->rx->resp_prod) && (np->user_state == UST_OPEN))
  19.136 +    if((np->rx_resp_cons != np->rx->resp_prod) && (np->user_state == UST_OPEN))
  19.137          netif_rx_schedule(dev);
  19.138  
  19.139      return IRQ_HANDLED;
  19.140 @@ -537,7 +543,7 @@ static int netif_poll(struct net_device 
  19.141      int work_done, budget, more_to_do = 1;
  19.142      struct sk_buff_head rxq;
  19.143      unsigned long flags;
  19.144 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.145 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.146      unsigned long mfn;
  19.147      grant_ref_t ref;
  19.148  #endif
  19.149 @@ -574,8 +580,19 @@ static int netif_poll(struct net_device 
  19.150              continue;
  19.151          }
  19.152  
  19.153 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.154 -        ref = grant_rx_ref[rx->id];
  19.155 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.156 +        ref = grant_rx_ref[rx->id]; 
  19.157 +
  19.158 +        if(ref == GRANT_INVALID_REF) { 
  19.159 +            printk(KERN_WARNING "Bad rx grant reference %d from dom %d.\n",
  19.160 +                   ref, np->backend_id);
  19.161 +            np->rx->ring[MASK_NETIF_RX_IDX(np->rx->req_prod)].req.id = rx->id;
  19.162 +            wmb();
  19.163 +            np->rx->req_prod++;
  19.164 +            work_done--;
  19.165 +            continue;
  19.166 +        }
  19.167 +
  19.168          grant_rx_ref[rx->id] = GRANT_INVALID_REF;
  19.169          mfn = gnttab_end_foreign_transfer_ref(ref);
  19.170          gnttab_release_grant_reference(&gref_rx_head, ref);
  19.171 @@ -585,7 +602,7 @@ static int netif_poll(struct net_device 
  19.172          ADD_ID_TO_FREELIST(np->rx_skbs, rx->id);
  19.173  
  19.174          /* NB. We handle skb overflow later. */
  19.175 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.176 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.177          skb->data = skb->head + rx->addr;
  19.178  #else
  19.179          skb->data = skb->head + (rx->addr & ~PAGE_MASK);
  19.180 @@ -600,14 +617,14 @@ static int netif_poll(struct net_device 
  19.181          np->stats.rx_bytes += rx->status;
  19.182  
  19.183          /* Remap the page. */
  19.184 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.185 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.186          mmu->ptr = mfn << PAGE_SHIFT | MMU_MACHPHYS_UPDATE;
  19.187  #else
  19.188          mmu->ptr  = (rx->addr & PAGE_MASK) | MMU_MACHPHYS_UPDATE;
  19.189  #endif
  19.190          mmu->val  = __pa(skb->head) >> PAGE_SHIFT;
  19.191          mmu++;
  19.192 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.193 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.194  	MULTI_update_va_mapping(mcl, (unsigned long)skb->head,
  19.195  				pfn_pte_ma(mfn, PAGE_KERNEL), 0);
  19.196  #else
  19.197 @@ -617,20 +634,20 @@ static int netif_poll(struct net_device 
  19.198  #endif
  19.199          mcl++;
  19.200  
  19.201 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.202 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.203          phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] = mfn;
  19.204 +        GDPRINTK("#### rx_poll     enqueue vdata=%p mfn=%lu ref=%x\n",
  19.205 +                skb->data, mfn, ref);
  19.206  #else
  19.207          phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] = 
  19.208              rx->addr >> PAGE_SHIFT;
  19.209 -#endif
  19.210 +#endif 
  19.211  
  19.212 -#ifdef GRANT_DEBUG
  19.213 -        printk(KERN_ALERT "#### rx_poll     enqueue vdata=%p mfn=%lu ref=%x\n",
  19.214 -               skb->data, mfn, ref);
  19.215 -#endif
  19.216 +
  19.217          __skb_queue_tail(&rxq, skb);
  19.218      }
  19.219  
  19.220 +
  19.221      /* Some pages are no longer absent... */
  19.222      balloon_update_driver_allowance(-work_done);
  19.223  
  19.224 @@ -646,9 +663,9 @@ static int netif_poll(struct net_device 
  19.225      }
  19.226  
  19.227      while ((skb = __skb_dequeue(&rxq)) != NULL) {
  19.228 -#ifdef GRANT_DEBUG
  19.229 -        printk(KERN_ALERT "#### rx_poll     dequeue vdata=%p mfn=%lu\n",
  19.230 -               skb->data, virt_to_mfn(skb->data));
  19.231 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.232 +        GDPRINTK("#### rx_poll     dequeue vdata=%p mfn=%lu\n",
  19.233 +                skb->data, virt_to_mfn(skb->data));
  19.234          dump_packet('d', skb->data, (unsigned long)skb->data);
  19.235  #endif
  19.236          /*
  19.237 @@ -747,7 +764,6 @@ static struct net_device_stats *network_
  19.238      return &np->stats;
  19.239  }
  19.240  
  19.241 -
  19.242  static void network_connect(struct net_device *dev)
  19.243  {
  19.244      struct net_private *np;
  19.245 @@ -787,8 +803,11 @@ static void network_connect(struct net_d
  19.246              tx = &np->tx->ring[requeue_idx++].req;
  19.247  
  19.248              tx->id   = i;
  19.249 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.250 -            tx->addr = 0; /*(ref << PAGE_SHIFT) |*/
  19.251 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.252 +            gnttab_grant_foreign_access_ref(grant_tx_ref[i], np->backend_id, 
  19.253 +                                            virt_to_mfn(np->tx_skbs[i]->data),
  19.254 +                                            GNTMAP_readonly); 
  19.255 +            tx->addr = grant_tx_ref[i] << PAGE_SHIFT; 
  19.256  #else
  19.257              tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT;
  19.258  #endif
  19.259 @@ -803,9 +822,20 @@ static void network_connect(struct net_d
  19.260      np->tx->req_prod = requeue_idx;
  19.261  
  19.262      /* Rebuild the RX buffer freelist and the RX ring itself. */
  19.263 -    for (requeue_idx = 0, i = 1; i <= NETIF_RX_RING_SIZE; i++)
  19.264 -        if ((unsigned long)np->rx_skbs[i] >= __PAGE_OFFSET)
  19.265 -            np->rx->ring[requeue_idx++].req.id = i;
  19.266 +    for (requeue_idx = 0, i = 1; i <= NETIF_RX_RING_SIZE; i++) { 
  19.267 +        if ((unsigned long)np->rx_skbs[i] >= __PAGE_OFFSET) {
  19.268 +#ifdef CONFIG_XEN_NETDEV_GRANT 
  19.269 +            /* Reinstate the grant ref so backend can 'donate' mfn to us. */
  19.270 +            gnttab_grant_foreign_transfer_ref(grant_rx_ref[i], np->backend_id,
  19.271 +                                              virt_to_mfn(np->rx_skbs[i]->head)
  19.272 +                );
  19.273 +            np->rx->ring[requeue_idx].req.gref = grant_rx_ref[i];
  19.274 +#endif
  19.275 +            np->rx->ring[requeue_idx].req.id   = i;
  19.276 +            requeue_idx++; 
  19.277 +        }
  19.278 +    }
  19.279 +
  19.280      wmb();                
  19.281      np->rx->req_prod = requeue_idx;
  19.282  
  19.283 @@ -901,13 +931,14 @@ static int create_netdev(int handle, str
  19.284      /* Initialise {tx,rx}_skbs to be a free chain containing every entry. */
  19.285      for (i = 0; i <= NETIF_TX_RING_SIZE; i++) {
  19.286          np->tx_skbs[i] = (void *)((unsigned long) i+1);
  19.287 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.288 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.289          grant_tx_ref[i] = GRANT_INVALID_REF;
  19.290  #endif
  19.291      }
  19.292 +
  19.293      for (i = 0; i <= NETIF_RX_RING_SIZE; i++) {
  19.294          np->rx_skbs[i] = (void *)((unsigned long) i+1);
  19.295 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.296 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.297          grant_rx_ref[i] = GRANT_INVALID_REF;
  19.298  #endif
  19.299      }
  19.300 @@ -991,10 +1022,8 @@ static int setup_device(struct xenbus_de
  19.301  	evtchn_op_t op = { .cmd = EVTCHNOP_alloc_unbound };
  19.302  	int err;
  19.303  
  19.304 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.305 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.306  	info->tx_ring_ref = GRANT_INVALID_REF;
  19.307 -#endif
  19.308 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.309  	info->rx_ring_ref = GRANT_INVALID_REF;
  19.310  #endif
  19.311  
  19.312 @@ -1014,7 +1043,7 @@ static int setup_device(struct xenbus_de
  19.313  	memset(info->rx, 0, PAGE_SIZE);
  19.314  	info->backend_state = BEST_DISCONNECTED;
  19.315  
  19.316 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.317 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.318  	err = gnttab_grant_foreign_access(info->backend_id,
  19.319  					  virt_to_mfn(info->tx), 0);
  19.320  	if (err < 0) {
  19.321 @@ -1022,11 +1051,7 @@ static int setup_device(struct xenbus_de
  19.322  		goto out;
  19.323  	}
  19.324  	info->tx_ring_ref = err;
  19.325 -#else
  19.326 -	info->tx_ring_ref = virt_to_mfn(info->tx);
  19.327 -#endif
  19.328  
  19.329 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.330  	err = gnttab_grant_foreign_access(info->backend_id,
  19.331  					  virt_to_mfn(info->rx), 0);
  19.332  	if (err < 0) {
  19.333 @@ -1034,7 +1059,9 @@ static int setup_device(struct xenbus_de
  19.334  		goto out;
  19.335  	}
  19.336  	info->rx_ring_ref = err;
  19.337 +
  19.338  #else
  19.339 +	info->tx_ring_ref = virt_to_mfn(info->tx);
  19.340  	info->rx_ring_ref = virt_to_mfn(info->rx);
  19.341  #endif
  19.342  
  19.343 @@ -1054,16 +1081,17 @@ static int setup_device(struct xenbus_de
  19.344  	if (info->rx)
  19.345  		free_page((unsigned long)info->rx);
  19.346  	info->rx = 0;
  19.347 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.348 +
  19.349 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.350  	if (info->tx_ring_ref != GRANT_INVALID_REF)
  19.351  		gnttab_end_foreign_access(info->tx_ring_ref, 0);
  19.352  	info->tx_ring_ref = GRANT_INVALID_REF;
  19.353 -#endif
  19.354 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.355 +
  19.356  	if (info->rx_ring_ref != GRANT_INVALID_REF)
  19.357  		gnttab_end_foreign_access(info->rx_ring_ref, 0);
  19.358  	info->rx_ring_ref = GRANT_INVALID_REF;
  19.359  #endif
  19.360 +
  19.361  	return err;
  19.362  }
  19.363  
  19.364 @@ -1075,16 +1103,17 @@ static void netif_free(struct netfront_i
  19.365  	if (info->rx)
  19.366  		free_page((unsigned long)info->rx);
  19.367  	info->rx = 0;
  19.368 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.369 +
  19.370 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.371  	if (info->tx_ring_ref != GRANT_INVALID_REF)
  19.372  		gnttab_end_foreign_access(info->tx_ring_ref, 0);
  19.373  	info->tx_ring_ref = GRANT_INVALID_REF;
  19.374 -#endif
  19.375 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.376 +
  19.377  	if (info->rx_ring_ref != GRANT_INVALID_REF)
  19.378  		gnttab_end_foreign_access(info->rx_ring_ref, 0);
  19.379  	info->rx_ring_ref = GRANT_INVALID_REF;
  19.380  #endif
  19.381 +
  19.382  	unbind_evtchn_from_irqhandler(info->evtchn, info->netdev);
  19.383  	info->evtchn = 0;
  19.384  }
  19.385 @@ -1294,6 +1323,7 @@ static int netfront_resume(struct xenbus
  19.386  	int err;
  19.387  
  19.388  	err = talk_to_backend(dev, np);
  19.389 +
  19.390  	return err;
  19.391  }
  19.392  
  19.393 @@ -1342,29 +1372,28 @@ static int __init netif_init(void)
  19.394      if (xen_start_info.flags & SIF_INITDOMAIN)
  19.395          return 0;
  19.396  
  19.397 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.398 -    /* A grant for every ring slot */
  19.399 +    if ((err = xennet_proc_init()) != 0)
  19.400 +        return err;
  19.401 +
  19.402 +    IPRINTK("Initialising virtual ethernet driver.\n");
  19.403 +
  19.404 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.405 +    IPRINTK("Using grant tables.\n"); 
  19.406 +
  19.407 +    /* A grant for every tx ring slot */
  19.408      if (gnttab_alloc_grant_references(NETIF_TX_RING_SIZE,
  19.409                                        &gref_tx_head) < 0) {
  19.410          printk(KERN_ALERT "#### netfront can't alloc tx grant refs\n");
  19.411          return 1;
  19.412      }
  19.413 -    printk(KERN_ALERT "Netdev frontend (TX) is using grant tables.\n"); 
  19.414 -#endif
  19.415 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.416 -    /* A grant for every ring slot */
  19.417 +    /* A grant for every rx ring slot */
  19.418      if (gnttab_alloc_grant_references(NETIF_RX_RING_SIZE,
  19.419                                        &gref_rx_head) < 0) {
  19.420          printk(KERN_ALERT "#### netfront can't alloc rx grant refs\n");
  19.421          return 1;
  19.422      }
  19.423 -    printk(KERN_ALERT "Netdev frontend (RX) is using grant tables.\n"); 
  19.424  #endif
  19.425  
  19.426 -    if ((err = xennet_proc_init()) != 0)
  19.427 -        return err;
  19.428 -
  19.429 -    IPRINTK("Initialising virtual ethernet driver.\n");
  19.430  
  19.431      (void)register_inetaddr_notifier(&notifier_inetdev);
  19.432  
  19.433 @@ -1377,10 +1406,8 @@ static int __init netif_init(void)
  19.434  
  19.435  static void netif_exit(void)
  19.436  {
  19.437 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
  19.438 +#ifdef CONFIG_XEN_NETDEV_GRANT
  19.439      gnttab_free_grant_references(gref_tx_head);
  19.440 -#endif
  19.441 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
  19.442      gnttab_free_grant_references(gref_rx_head);
  19.443  #endif
  19.444  }
    20.1 --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c	Fri Sep 02 14:15:49 2005 +0000
    20.2 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c	Fri Sep 02 14:17:08 2005 +0000
    20.3 @@ -212,7 +212,7 @@ int xb_init_comms(void)
    20.4  		xen_start_info.store_evtchn, wake_waiting,
    20.5  		0, "xenbus", &xb_waitq);
    20.6  	if (err) {
    20.7 -		printk(KERN_ERR "XENBUS request irq failed %i\n", err);
    20.8 +		xprintk("XENBUS request irq failed %i\n", err);
    20.9  		unbind_evtchn_from_irq(xen_start_info.store_evtchn);
   20.10  		return err;
   20.11  	}
    24.1 --- a/tools/check/check_brctl	Fri Sep 02 14:15:49 2005 +0000
    24.2 +++ b/tools/check/check_brctl	Fri Sep 02 14:17:08 2005 +0000
    24.3 @@ -2,8 +2,9 @@
    24.4  # CHECK-INSTALL
    24.5  
    24.6  function error {
    24.7 -   echo 'Check for the bridge control utils (brctl) failed.'
    24.8 +   echo
    24.9 +   echo '  *** Check for the bridge control utils (brctl) FAILED'
   24.10     exit 1
   24.11  }
   24.12  
   24.13 -brctl show || error
   24.14 \ No newline at end of file
   24.15 +which brctl 1>/dev/null 2>&1 || error
    25.1 --- a/tools/check/check_iproute	Fri Sep 02 14:15:49 2005 +0000
    25.2 +++ b/tools/check/check_iproute	Fri Sep 02 14:17:08 2005 +0000
    25.3 @@ -2,9 +2,10 @@
    25.4  # CHECK-INSTALL
    25.5  
    25.6  function error {
    25.7 -   echo 'Check for iproute (ip addr) failed.'
    25.8 +   echo
    25.9 +   echo '  *** Check for iproute (ip addr) FAILED'
   25.10     exit 1
   25.11  }
   25.12  
   25.13 -ip addr list || error
   25.14 +ip addr list 1>/dev/null 2>&1 || error
   25.15  
    26.1 --- a/tools/check/check_logging	Fri Sep 02 14:15:49 2005 +0000
    26.2 +++ b/tools/check/check_logging	Fri Sep 02 14:17:08 2005 +0000
    26.3 @@ -18,11 +18,12 @@ def check_logging():
    26.4          import logging
    26.5      except ImportError:
    26.6          hline()
    26.7 -        msg("Python logging is not installed.")
    26.8 -        msg("Use 'make install-logging' at the xen root to install.")
    26.9          msg("")
   26.10 -        msg("Alternatively download and install from")
   26.11 -        msg("http://www.red-dove.com/python_logging.html")
   26.12 +        msg("  *** Python logging is not installed.")
   26.13 +        msg("  *** Use 'make install-logging' at the xen root to install.")
   26.14 +        msg("  *** ")
   26.15 +        msg("  *** Alternatively download and install from")
   26.16 +        msg("  *** http://www.red-dove.com/python_logging.html")
   26.17          hline()
   26.18          sys.exit(1)
   26.19  
    27.1 --- a/tools/check/check_python	Fri Sep 02 14:15:49 2005 +0000
    27.2 +++ b/tools/check/check_python	Fri Sep 02 14:17:08 2005 +0000
    27.3 @@ -2,9 +2,9 @@
    27.4  # CHECK-BUILD CHECK-INSTALL
    27.5  
    27.6  function error {
    27.7 -    echo "Check for Python version 2.2 or higher failed."
    27.8 +    echo
    27.9 +    echo "  *** Check for Python version >= 2.2 FAILED"
   27.10      exit 1
   27.11  }
   27.12  
   27.13 -python -V
   27.14  python -V 2>&1 | cut -d ' ' -f 2 | grep -q -E '^2.2|^2.3|^2.4' || error
    28.1 --- a/tools/check/check_zlib_devel	Fri Sep 02 14:15:49 2005 +0000
    28.2 +++ b/tools/check/check_zlib_devel	Fri Sep 02 14:17:08 2005 +0000
    28.3 @@ -2,9 +2,10 @@
    28.4  # CHECK-BUILD
    28.5  
    28.6  function error {
    28.7 -    echo 'Check for zlib includes failed.'
    28.8 +    echo
    28.9 +    echo "  *** Check for zlib headers FAILED"
   28.10      exit 1
   28.11  }
   28.12  
   28.13  set -e
   28.14 -[ -e /usr/include/zlib.h ] || error
   28.15 \ No newline at end of file
   28.16 +[ -e /usr/include/zlib.h ] || error
    29.1 --- a/tools/check/check_zlib_lib	Fri Sep 02 14:15:49 2005 +0000
    29.2 +++ b/tools/check/check_zlib_lib	Fri Sep 02 14:17:08 2005 +0000
    29.3 @@ -2,9 +2,10 @@
    29.4  # CHECK-BUILD CHECK-INSTALL
    29.5  
    29.6  function error {
    29.7 -    echo 'Check for zlib library failed.'
    29.8 +    echo
    29.9 +    echo "  *** Check for zlib library FAILED"
   29.10      exit 1
   29.11  }
   29.12  
   29.13  set -e
   29.14 -ldconfig -p | grep libz.so || error
   29.15 \ No newline at end of file
   29.16 +ldconfig -p | grep -q libz.so || error
    30.1 --- a/tools/check/chk	Fri Sep 02 14:15:49 2005 +0000
    30.2 +++ b/tools/check/chk	Fri Sep 02 14:17:08 2005 +0000
    30.3 @@ -17,14 +17,11 @@ export PATH=${PATH}:/sbin:/usr/sbin
    30.4  case $1 in
    30.5      build)
    30.6          check="CHECK-BUILD"
    30.7 -        info=".chkbuild"
    30.8          ;;
    30.9      install)
   30.10          check="CHECK-INSTALL"
   30.11 -        info=".chkinstall"
   30.12          ;;
   30.13      clean)
   30.14 -        rm -f .chkbuild .chkinstall
   30.15          exit 0
   30.16          ;;
   30.17      *)
   30.18 @@ -34,7 +31,7 @@ esac
   30.19  
   30.20  failed=0
   30.21  
   30.22 -echo "Xen ${check} " $(date) > ${info}
   30.23 +echo "Xen ${check} " $(date)
   30.24  for f in check_* ; do
   30.25      case $f in
   30.26          *~)
   30.27 @@ -49,24 +46,12 @@ for f in check_* ; do
   30.28      if ! grep -q ${check} $f ; then
   30.29          continue
   30.30      fi
   30.31 -    echo ' ' >> ${info}
   30.32 -    echo "Checking $f" >> ${info}
   30.33 -    if ./$f 1>>${info} 2>&1 ; then
   30.34 -        echo OK >> ${info}
   30.35 +    echo -n "Checking $f: "
   30.36 +    if ./$f 2>&1 ; then
   30.37 +        echo OK
   30.38      else
   30.39          failed=1
   30.40 -        echo "FAILED $f"
   30.41 -        echo FAILED >> ${info}
   30.42      fi
   30.43  done
   30.44  
   30.45 -echo >> ${info}
   30.46 -
   30.47 -if [ "$failed" == "1" ] ; then
   30.48 -    echo "Checks failed. See `pwd`/${info} for details."
   30.49 -    echo "FAILED" >> ${info}
   30.50 -    exit 1
   30.51 -else
   30.52 -    echo "OK" >> ${info}
   30.53 -    exit 0
   30.54 -fi
   30.55 +exit $failed
    31.1 --- a/tools/console/daemon/utils.c	Fri Sep 02 14:15:49 2005 +0000
    31.2 +++ b/tools/console/daemon/utils.c	Fri Sep 02 14:17:08 2005 +0000
    31.3 @@ -234,7 +234,7 @@ bool xen_setup(void)
    31.4  	}
    31.5  
    31.6  	if (!xs_watch(xs, "/console", "console")) {
    31.7 -		dolog(LOG_ERR, "xenstore watch on /console failes.");
    31.8 +		dolog(LOG_ERR, "xenstore watch on /console fails.");
    31.9  		goto out_close_data;
   31.10  	}
   31.11  
    33.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Fri Sep 02 14:15:49 2005 +0000
    33.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Fri Sep 02 14:17:08 2005 +0000
    33.3 @@ -1028,6 +1028,7 @@ class XendDomainInfo:
    33.4  
    33.5          """
    33.6          try:
    33.7 +            self.clear_shutdown()
    33.8              self.state = STATE_VM_OK
    33.9              self.shutdown_pending = None
   33.10              self.restart_check()
    34.1 --- a/tools/security/Makefile	Fri Sep 02 14:15:49 2005 +0000
    34.2 +++ b/tools/security/Makefile	Fri Sep 02 14:17:08 2005 +0000
    34.3 @@ -45,6 +45,7 @@ build: mk-symlinks
    34.4  	$(MAKE) secpol_xml2bin
    34.5  	chmod 700 ./setlabel.sh
    34.6  	chmod 700 ./updategrub.sh
    34.7 +	chmod 700 ./getlabel.sh
    34.8  
    34.9  secpol_tool : secpol_tool.c secpol_compat.h
   34.10  	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
    35.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    35.2 +++ b/tools/security/getlabel.sh	Fri Sep 02 14:17:08 2005 +0000
    35.3 @@ -0,0 +1,130 @@
    35.4 +#!/bin/sh
    35.5 +# *
    35.6 +# * getlabel
    35.7 +# *
    35.8 +# * Copyright (C) 2005 IBM Corporation
    35.9 +# *
   35.10 +# * Authors:
   35.11 +# * Stefan Berger <stefanb@us.ibm.com>
   35.12 +# *
   35.13 +# * This program is free software; you can redistribute it and/or
   35.14 +# * modify it under the terms of the GNU General Public License as
   35.15 +# * published by the Free Software Foundation, version 2 of the
   35.16 +# * License.
   35.17 +# *
   35.18 +# * 'getlabel' tries to find the labels corresponding to the ssidref
   35.19 +# *
   35.20 +# * 'getlabel -?' shows the usage of the program
   35.21 +# *
   35.22 +# * 'getlabel -sid <ssidref> [<policy name>]' lists the label corresponding
   35.23 +# *                              to the given ssidref.
   35.24 +# *
   35.25 +# * 'getlabel -dom <domain id> [<policy name>]' lists the label of the
   35.26 +# *                              domain with given id
   35.27 +# *
   35.28 +#
   35.29 +
   35.30 +if [ -z "$runbash" ]; then
   35.31 +	runbash="1"
   35.32 +	export runbash
   35.33 +	exec sh -c "bash $0 $*"
   35.34 +fi
   35.35 +
   35.36 +
   35.37 +export PATH=$PATH:.
   35.38 +source labelfuncs.sh
   35.39 +
   35.40 +usage ()
   35.41 +{
   35.42 +	echo "Usage: $0 -sid <ssidref> [<policy name>] or"
   35.43 +	echo "       $0 -dom <domid>   [<policy name>]  "
   35.44 +	echo ""
   35.45 +	echo "policy name : the name of the policy, i.e. 'chwall'"
   35.46 +	echo "              If the policy name is omitted, the grub.conf"
   35.47 +	echo "              entry of the running system is tried to be read"
   35.48 +	echo "              and the policy name determined from there."
   35.49 +	echo "ssidref     : an ssidref in hex or decimal format, i.e., '0x00010002'"
   35.50 +	echo "              or '65538'"
   35.51 +	echo "domid       : id of the domain, i.e., '1'; Use numbers from the 2nd"
   35.52 +	echo "              column shown when invoking 'xm list'"
   35.53 +	echo ""
   35.54 +}
   35.55 +
   35.56 +
   35.57 +
   35.58 +if [ "$1" == "-?" ]; then
   35.59 +	mode="usage"
   35.60 +elif [ "$1" == "-dom" ]; then
   35.61 +	mode="domid"
   35.62 +	shift
   35.63 +elif [ "$1" == "-sid" ]; then
   35.64 +	mode="sid"
   35.65 +	shift
   35.66 +elif [ "$1" == "" ]; then
   35.67 +	usage
   35.68 +	exit -1
   35.69 +fi
   35.70 +
   35.71 +
   35.72 +if [ "$mode" == "usage" ]; then
   35.73 +	usage
   35.74 +elif [ "$mode" == "domid" ]; then
   35.75 +	if [ "$2" == "" ]; then
   35.76 +		findGrubConf
   35.77 +		ret=$?
   35.78 +		if [ $ret -eq 0 ]; then
   35.79 +			echo "Could not find grub.conf"
   35.80 +			exit -1;
   35.81 +		fi
   35.82 +		findPolicyInGrub $grubconf
   35.83 +		if [ "$policy" != "" ]; then
   35.84 +			echo "Assuming policy to be '$policy'.";
   35.85 +		else
   35.86 +			echo "Could not find policy."
   35.87 +			exit -1;
   35.88 +		fi
   35.89 +	else
   35.90 +		policy=$2
   35.91 +	fi
   35.92 +	findMapFile $policy
   35.93 +	res=$?
   35.94 +	if [ "$res" != "0" ]; then
   35.95 +		getSSIDUsingSecpolTool $1
   35.96 +		res=$?
   35.97 +		if [ "$res" != "0" ]; then
   35.98 +			translateSSIDREF $ssid $mapfile
   35.99 +		else
  35.100 +			echo "Could not determine the SSID of the domain."
  35.101 +		fi
  35.102 +	else
  35.103 +		echo "Could not find map file for policy '$policy'."
  35.104 +	fi
  35.105 +elif [ "$mode" == "sid" ]; then
  35.106 +	if [ "$2" == "" ]; then
  35.107 +		findGrubConf
  35.108 +		ret=$?
  35.109 +		if [ $ret -eq 0 ]; then
  35.110 +			echo "Could not find grub.conf"
  35.111 +			exit -1;
  35.112 +		fi
  35.113 +		findPolicyInGrub $grubconf
  35.114 +		if [ "$policy" != "" ]; then
  35.115 +			echo "Assuming policy to be '$policy'.";
  35.116 +		else
  35.117 +			echo "Could not find policy."
  35.118 +			exit -1;
  35.119 +		fi
  35.120 +	else
  35.121 +		policy=$2
  35.122 +	fi
  35.123 +	findMapFile $policy
  35.124 +	res=$?
  35.125 +	if [ "$res" != "0" ]; then
  35.126 +		translateSSIDREF $1 $mapfile
  35.127 +	else
  35.128 +		echo "Could not find map file for policy '$policy'."
  35.129 +	fi
  35.130 +
  35.131 +else
  35.132 +    usage
  35.133 +fi
    36.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    36.2 +++ b/tools/security/labelfuncs.sh	Fri Sep 02 14:17:08 2005 +0000
    36.3 @@ -0,0 +1,675 @@
    36.4 +# *
    36.5 +# * labelfuncs.sh
    36.6 +# *
    36.7 +# * Copyright (C) 2005 IBM Corporation
    36.8 +# *
    36.9 +# * Authors:
   36.10 +# * Stefan Berger <stefanb@us.ibm.com>
   36.11 +# *
   36.12 +# * This program is free software; you can redistribute it and/or
   36.13 +# * modify it under the terms of the GNU General Public License as
   36.14 +# * published by the Free Software Foundation, version 2 of the
   36.15 +# * License.
   36.16 +# *
   36.17 +# *
   36.18 +# * A collection of functions to handle polcies, mapfiles,
   36.19 +# * and ssidrefs.
   36.20 +#
   36.21 +
   36.22 +
   36.23 +# Find the mapfile given a policy nmame
   36.24 +# Parameters:
   36.25 +# 1st : the name of the policy whose map file is to be found, i.e.,
   36.26 +#       chwall
   36.27 +# Results:
   36.28 +# The variable mapfile will hold the realtive path to the mapfile
   36.29 +# for the given policy.
   36.30 +# In case the mapfile could be found, the functions returns a '1',
   36.31 +# a '0' otherwise.
   36.32 +findMapFile ()
   36.33 +{
   36.34 +	mapfile="./$1.map"
   36.35 +	if [ -r "$mapfile" ]; then
   36.36 +		return 1
   36.37 +	fi
   36.38 +
   36.39 +	mapfile="./policies/$1/$1.map"
   36.40 +	if [ -r "$mapfile" ]; then
   36.41 +		return 1
   36.42 +	fi
   36.43 +
   36.44 +	return 0
   36.45 +}
   36.46 +
   36.47 +
   36.48 +# Determine the name of the primary policy
   36.49 +# Parameters
   36.50 +# 1st : the path to the mapfile; the path may be relative
   36.51 +#       to the current directory
   36.52 +# Results
   36.53 +# The variable primary will hold the name of the primary policy
   36.54 +getPrimaryPolicy ()
   36.55 +{
   36.56 +	mapfile=$1
   36.57 +	primary=`cat $mapfile  |   \
   36.58 +	         awk '             \
   36.59 +	          {                \
   36.60 +	            if ( $1 == "PRIMARY" ) { \
   36.61 +	              res=$2;                \
   36.62 +	            }                        \
   36.63 +	          } END {                    \
   36.64 +	            print res;               \
   36.65 +	          } '`
   36.66 +}
   36.67 +
   36.68 +
   36.69 +# Determine the name of the secondary policy
   36.70 +# Parameters
   36.71 +# 1st : the path to the mapfile; the path may be relative
   36.72 +#       to the current directory
   36.73 +# Results
   36.74 +# The variable secondary will hold the name of the secondary policy
   36.75 +getSecondaryPolicy ()
   36.76 +{
   36.77 +	mapfile=$1
   36.78 +	secondary=`cat $mapfile  |   \
   36.79 +	         awk '             \
   36.80 +	          {                \
   36.81 +	            if ( $1 == "SECONDARY" ) { \
   36.82 +	              res=$2;                \
   36.83 +	            }                        \
   36.84 +	          } END {                    \
   36.85 +	            print res;               \
   36.86 +	          } '`
   36.87 +}
   36.88 +
   36.89 +
   36.90 +#Return where the grub.conf file is.
   36.91 +#I only know of one place it can be.
   36.92 +findGrubConf()
   36.93 +{
   36.94 +	grubconf="/boot/grub/grub.conf"
   36.95 +	if [ -w $grubconf ]; then
   36.96 +		return 1
   36.97 +	fi
   36.98 +	if [ -r $grubconf ]; then
   36.99 +		return 2
  36.100 +	fi
  36.101 +	return 0
  36.102 +}
  36.103 +
  36.104 +
  36.105 +# This function sets the global variable 'linux'
  36.106 +# to the name and version of the Linux kernel that was compiled
  36.107 +# for domain 0.
  36.108 +# If this variable could not be found, the variable 'linux'
  36.109 +# will hold a pattern
  36.110 +# Parameters:
  36.111 +# 1st: the path to reach the root directory of the XEN build tree
  36.112 +#      where linux-*-xen0 is located at
  36.113 +# Results:
  36.114 +# The variable linux holds then name and version of the compiled
  36.115 +# kernel, i.e., 'vmlinuz-2.6.12-xen0'
  36.116 +getLinuxVersion ()
  36.117 +{
  36.118 +	path=$1
  36.119 +	linux=""
  36.120 +	for f in $path/linux-*-xen0 ; do
  36.121 +		versionfile=$f/include/linux/version.h
  36.122 +		if [ -r $versionfile ]; then
  36.123 +			lnx=`cat $versionfile | \
  36.124 +			     grep UTS_RELEASE | \
  36.125 +			     awk '{             \
  36.126 +			       len=length($3);  \
  36.127 +			       print substr($3,2,len-2) }'`
  36.128 +		fi
  36.129 +		if [ "$lnx" != "" ]; then
  36.130 +			linux="[./0-9a-zA-z]*$lnx"
  36.131 +			return;
  36.132 +		fi
  36.133 +	done
  36.134 +
  36.135 +	#Last resort.
  36.136 +	linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
  36.137 +}
  36.138 +
  36.139 +
  36.140 +# Find out with which policy the hypervisor was booted with.
  36.141 +# Parameters
  36.142 +# 1st : The complete path to grub.conf, i.e., /boot/grub/grub.conf
  36.143 +#
  36.144 +findPolicyInGrub ()
  36.145 +{
  36.146 +	grubconf=$1
  36.147 +	linux=`uname -r`
  36.148 +	policy=`cat $grubconf |                        \
  36.149 +	         awk -vlinux=$linux '{                 \
  36.150 +	           if ( $1 == "title" ) {              \
  36.151 +	             kernelfound = 0;                  \
  36.152 +	             policymaycome = 0;                \
  36.153 +	           }                                   \
  36.154 +	           else if ( $1 == "kernel" ) {        \
  36.155 +	             if ( match($2,"xen.gz$") ) {      \
  36.156 +	               pathlen=RSTART;                 \
  36.157 +	               kernelfound = 1;                \
  36.158 +	             }                                 \
  36.159 +	           }                                   \
  36.160 +	           else if ( $1 == "module" &&         \
  36.161 +	                     kernelfound == 1 &&       \
  36.162 +	                     match($2,linux) ) {       \
  36.163 +	              policymaycome = 1;               \
  36.164 +	           }                                   \
  36.165 +	           else if ( $1 == "module" &&         \
  36.166 +	                     kernelfound == 1 &&       \
  36.167 +	                     policymaycome == 1 &&     \
  36.168 +	                     match($2,"[0-9a-zA-Z_]*.bin$") ) { \
  36.169 +	              policymaycome = 0;               \
  36.170 +	              kernelfound = 0;                 \
  36.171 +	              polname = substr($2,pathlen);    \
  36.172 +	              len=length(polname);             \
  36.173 +	              polname = substr(polname,0,len-4); \
  36.174 +	           }                                   \
  36.175 +	         } END {                               \
  36.176 +	           print polname                       \
  36.177 +	         }'`
  36.178 +}
  36.179 +
  36.180 +
  36.181 +# Get the SSID of a domain
  36.182 +# Parameters:
  36.183 +# 1st : domain ID, i.e. '1'
  36.184 +# Results
  36.185 +# If the ssid could be found, the variable 'ssid' will hold
  36.186 +# the currently used ssid in the hex format, i.e., '0x00010001'.
  36.187 +# The funtion returns '1' on success, '0' on failure
  36.188 +getSSIDUsingSecpolTool ()
  36.189 +{
  36.190 +	domid=$1
  36.191 +	export PATH=$PATH:.
  36.192 +	ssid=`secpol_tool getssid -d $domid -f | \
  36.193 +	        grep -E "SSID:" |          \
  36.194 +	        awk '{ print $4 }'`
  36.195 +
  36.196 +	if [ "$ssid" != "" ]; then
  36.197 +		return 1
  36.198 +	fi
  36.199 +	return 0
  36.200 +}
  36.201 +
  36.202 +
  36.203 +# Break the ssid identifier into its high and low values,
  36.204 +# which are equal to the secondary and primary policy references.
  36.205 +# Parameters:
  36.206 +# 1st: ssid to break into high and low value, i.e., '0x00010002'
  36.207 +# Results:
  36.208 +# The variable ssidlo_int and ssidhi_int will hold the low and
  36.209 +# high ssid values as integers.
  36.210 +getSSIDLOHI ()
  36.211 +{
  36.212 +	ssid=$1
  36.213 +	ssidlo_int=`echo $ssid | awk          \
  36.214 +	            '{                        \
  36.215 +	               len=length($0);        \
  36.216 +	               beg=substr($0,1,2);    \
  36.217 +	               if ( beg == "0x" ) {   \
  36.218 +	                   dig = len - 2;     \
  36.219 +	                   if (dig <= 0) {    \
  36.220 +	                     exit;            \
  36.221 +	                   }                  \
  36.222 +	                   if (dig > 4) {     \
  36.223 +	                     dig=4;           \
  36.224 +	                   }                  \
  36.225 +	                   lo=sprintf("0x%s",substr($0,len-dig+1,dig)); \
  36.226 +	                   print strtonum(lo);\
  36.227 +	               } else {               \
  36.228 +	                   lo=strtonum($0);   \
  36.229 +	                   if (lo < 65536) {  \
  36.230 +	                     print lo;        \
  36.231 +	                   } else {           \
  36.232 +	                     hi=lo;           \
  36.233 +	                     hi2= (hi / 65536);\
  36.234 +	                     hi2_str=sprintf("%d",hi2); \
  36.235 +	                     hi2=strtonum(hi2_str);\
  36.236 +	                     lo=hi-(hi2*65536); \
  36.237 +	                     printf("%d",lo); \
  36.238 +	                   }                  \
  36.239 +			}                     \
  36.240 +	            }'`
  36.241 +	ssidhi_int=`echo $ssid | awk          \
  36.242 +	            '{                        \
  36.243 +	               len=length($0);        \
  36.244 +	               beg=substr($0,1,2);    \
  36.245 +	               if ( beg == "0x" ) {   \
  36.246 +	                   dig = len - 2;     \
  36.247 +	                   if (dig <= 0 ||    \
  36.248 +	                     dig >  8) {      \
  36.249 +	                     exit;            \
  36.250 +	                   }                  \
  36.251 +	                   if (dig < 4) {     \
  36.252 +	                     print 0;         \
  36.253 +	                     exit;            \
  36.254 +	                   }                  \
  36.255 +	                   dig -= 4;          \
  36.256 +	                   hi=sprintf("0x%s",substr($0,len-4-dig+1,dig)); \
  36.257 +	                   print strtonum(hi);\
  36.258 +	               } else {               \
  36.259 +	                   hi=strtonum($0);   \
  36.260 +	                   if (hi >= 65536) { \
  36.261 +	                     hi = hi / 65536; \
  36.262 +	                     printf ("%d",hi);\
  36.263 +	                   } else {           \
  36.264 +	                     printf ("0");    \
  36.265 +	                   }                  \
  36.266 +	               }                      \
  36.267 +	            }'`
  36.268 +	if [ "$ssidhi_int" == "" -o \
  36.269 +	     "$ssidlo_int" == "" ]; then
  36.270 +		return 0;
  36.271 +	fi
  36.272 +	return 1
  36.273 +}
  36.274 +
  36.275 +
  36.276 +#Update the grub configuration file.
  36.277 +#Search for existing entries and replace the current
  36.278 +#policy entry with the policy passed to this script
  36.279 +#
  36.280 +#Arguments passed to this function
  36.281 +# 1st : the grub configuration file with full path
  36.282 +# 2nd : the binary policy file name, i.e. chwall.bin
  36.283 +# 3rd : the name or pattern of the linux kernel name to match
  36.284 +#       (this determines where the module entry will be made)
  36.285 +#
  36.286 +# The algorithm here is based on pattern matching
  36.287 +# and is working correctly if
  36.288 +# - under a title a line beginning with 'kernel' is found
  36.289 +#   whose following item ends with "xen.gz"
  36.290 +#   Example:  kernel /xen.gz dom0_mem=....
  36.291 +# - a module line matching the 3rd parameter is found
  36.292 +#
  36.293 +updateGrub ()
  36.294 +{
  36.295 +	grubconf=$1
  36.296 +	policyfile=$2
  36.297 +	linux=$3
  36.298 +
  36.299 +	tmpfile="/tmp/new_grub.conf"
  36.300 +
  36.301 +	cat $grubconf |                                \
  36.302 +	         awk -vpolicy=$policyfile              \
  36.303 +	             -vlinux=$linux '{                 \
  36.304 +	           if ( $1 == "title" ) {              \
  36.305 +	             kernelfound = 0;                  \
  36.306 +	             if ( policymaycome == 1 ){        \
  36.307 +	               printf ("\tmodule %s%s\n", path, policy);      \
  36.308 +	             }                                 \
  36.309 +	             policymaycome = 0;                \
  36.310 +	           }                                   \
  36.311 +	           else if ( $1 == "kernel" ) {        \
  36.312 +	             if ( match($2,"xen.gz$") ) {      \
  36.313 +	               path=substr($2,1,RSTART-1);     \
  36.314 +	               kernelfound = 1;                \
  36.315 +	             }                                 \
  36.316 +	           }                                   \
  36.317 +	           else if ( $1 == "module" &&         \
  36.318 +	                     kernelfound == 1 &&       \
  36.319 +	                     match($2,linux) ) {       \
  36.320 +	              policymaycome = 1;               \
  36.321 +	           }                                   \
  36.322 +	           else if ( $1 == "module" &&         \
  36.323 +	                     kernelfound == 1 &&       \
  36.324 +	                     policymaycome == 1 &&     \
  36.325 +	                     match($2,"[0-9a-zA-Z]*.bin$") ) { \
  36.326 +	              printf ("\tmodule %s%s\n", path, policy); \
  36.327 +	              policymaycome = 0;               \
  36.328 +	              kernelfound = 0;                 \
  36.329 +	              dontprint = 1;                   \
  36.330 +	           }                                   \
  36.331 +	           else if ( $1 == "" &&               \
  36.332 +	                     kernelfound == 1 &&       \
  36.333 +	                     policymaycome == 1) {     \
  36.334 +	              dontprint = 1;                   \
  36.335 +	           }                                   \
  36.336 +	           if (dontprint == 0) {               \
  36.337 +	             printf ("%s\n", $0);              \
  36.338 +	           }                                   \
  36.339 +	           dontprint = 0;                      \
  36.340 +	         } END {                               \
  36.341 +	           if ( policymaycome == 1 ) {         \
  36.342 +	             printf ("\tmodule %s%s\n", path, policy);  \
  36.343 +	           }                                   \
  36.344 +	         }' > $tmpfile
  36.345 +	if [ ! -r $tmpfile ]; then
  36.346 +		echo "Could not create temporary file! Aborting."
  36.347 +		exit -1
  36.348 +	fi
  36.349 +	mv -f $tmpfile $grubconf
  36.350 +}
  36.351 +
  36.352 +
  36.353 +# Display all the labels in a given mapfile
  36.354 +# Parameters
  36.355 +# 1st: Full or relative path to the policy's mapfile
  36.356 +showLabels ()
  36.357 +{
  36.358 +	mapfile=$1
  36.359 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
  36.360 +		echo "Cannot read from vm configuration file $vmfile."
  36.361 +		return -1
  36.362 +	fi
  36.363 +
  36.364 +	getPrimaryPolicy $mapfile
  36.365 +	getSecondaryPolicy $mapfile
  36.366 +
  36.367 +	echo "The following labels are available:"
  36.368 +	let line=1
  36.369 +	while [ 1 ]; do
  36.370 +		ITEM=`cat $mapfile |         \
  36.371 +		      awk -vline=$line       \
  36.372 +		          -vprimary=$primary \
  36.373 +		      '{                     \
  36.374 +		         if ($1 == "LABEL->SSID" &&  \
  36.375 +		             $2 == "VM" &&           \
  36.376 +		             $3 == primary ) {       \
  36.377 +		           ctr++;                    \
  36.378 +		           if (ctr == line) {        \
  36.379 +		             print $4;               \
  36.380 +		           }                         \
  36.381 +		         }                           \
  36.382 +		       } END {                       \
  36.383 +		       }'`
  36.384 +
  36.385 +		if [ "$ITEM" == "" ]; then
  36.386 +			break
  36.387 +		fi
  36.388 +		if [ "$secondary" != "NULL" ]; then
  36.389 +			LABEL=`cat $mapfile |     \
  36.390 +			       awk -vitem=$ITEM   \
  36.391 +			       '{
  36.392 +			          if ($1 == "LABEL->SSID" && \
  36.393 +			              $2 == "VM" &&          \
  36.394 +			              $3 == "CHWALL" &&      \
  36.395 +			              $4 == item ) {         \
  36.396 +			            result = item;           \
  36.397 +			          }                          \
  36.398 +			        } END {                      \
  36.399 +			            print result             \
  36.400 +			        }'`
  36.401 +		else
  36.402 +			LABEL=$ITEM
  36.403 +		fi
  36.404 +
  36.405 +		if [ "$LABEL" != "" ]; then
  36.406 +			echo "$LABEL"
  36.407 +			found=1
  36.408 +		fi
  36.409 +		let line=line+1
  36.410 +	done
  36.411 +	if [ "$found" != "1" ]; then
  36.412 +		echo "No labels found."
  36.413 +	fi
  36.414 +}
  36.415 +
  36.416 +
  36.417 +# Get the default SSID given a mapfile and the policy name
  36.418 +# Parameters
  36.419 +# 1st: Full or relative path to the policy's mapfile
  36.420 +# 2nd: the name of the policy
  36.421 +getDefaultSsid ()
  36.422 +{
  36.423 +	mapfile=$1
  36.424 +	pol=$2
  36.425 +	RES=`cat $mapfile    \
  36.426 +	     awk -vpol=$pol  \
  36.427 +	      {              \
  36.428 +	        if ($1 == "LABEL->SSID" && \
  36.429 +	            $2 == "ANY"         && \
  36.430 +	            $3 == pol           && \
  36.431 +	            $4 == "DEFAULT"       ) {\
  36.432 +	              res=$5;                \
  36.433 +	        }                            \
  36.434 +	      } END {                        \
  36.435 +	        printf "%04x", strtonum(res) \
  36.436 +	     }'`
  36.437 +	echo "default NULL mapping is $RES"
  36.438 +	defaultssid=$RES
  36.439 +}
  36.440 +
  36.441 +
  36.442 +#Relabel a VM configuration file
  36.443 +# Parameters
  36.444 +# 1st: Full or relative path to the VM configuration file
  36.445 +# 2nd: The label to translate into an ssidref
  36.446 +# 3rd: Full or relative path to the policy's map file
  36.447 +# 4th: The mode this function is supposed to operate in:
  36.448 +#      'relabel' : Relabels the file without querying the user
  36.449 +#      other     : Prompts the user whether to proceed
  36.450 +relabel ()
  36.451 +{
  36.452 +	vmfile=$1
  36.453 +	label=$2
  36.454 +	mapfile=$3
  36.455 +	mode=$4
  36.456 +
  36.457 +	if [ ! -r "$vmfile" ]; then
  36.458 +		echo "Cannot read from vm configuration file $vmfile."
  36.459 +		return -1
  36.460 +	fi
  36.461 +
  36.462 +	if [ ! -w "$vmfile" ]; then
  36.463 +		echo "Cannot write to vm configuration file $vmfile."
  36.464 +		return -1
  36.465 +	fi
  36.466 +
  36.467 +	if [ ! -r "$mapfile" ] ; then
  36.468 +		echo "Cannot read mapping file $mapfile."
  36.469 +		return -1
  36.470 +	fi
  36.471 +
  36.472 +	# Determine which policy is primary, which sec.
  36.473 +	getPrimaryPolicy $mapfile
  36.474 +	getSecondaryPolicy $mapfile
  36.475 +
  36.476 +	# Calculate the primary policy's SSIDREF
  36.477 +	if [ "$primary" == "NULL" ]; then
  36.478 +		SSIDLO="0001"
  36.479 +	else
  36.480 +		SSIDLO=`cat $mapfile |                    \
  36.481 +		        awk -vlabel=$label                \
  36.482 +		            -vprimary=$primary            \
  36.483 +		           '{                             \
  36.484 +		              if ( $1 == "LABEL->SSID" && \
  36.485 +		                   $2 == "VM" &&          \
  36.486 +		                   $3 == primary  &&      \
  36.487 +		                   $4 == label ) {        \
  36.488 +		                result=$5                 \
  36.489 +		              }                           \
  36.490 +		           } END {                        \
  36.491 +		             if (result != "" )           \
  36.492 +		               {printf "%04x", strtonum(result)}\
  36.493 +		           }'`
  36.494 +	fi
  36.495 +
  36.496 +	# Calculate the secondary policy's SSIDREF
  36.497 +	if [ "$secondary" == "NULL" ]; then
  36.498 +		if [ "$primary" == "NULL" ]; then
  36.499 +			SSIDHI="0001"
  36.500 +		else
  36.501 +			SSIDHI="0000"
  36.502 +		fi
  36.503 +	else
  36.504 +		SSIDHI=`cat $mapfile |                    \
  36.505 +		        awk -vlabel=$label                \
  36.506 +		            -vsecondary=$secondary        \
  36.507 +		           '{                             \
  36.508 +		              if ( $1 == "LABEL->SSID" && \
  36.509 +		                   $2 == "VM"          && \
  36.510 +		                   $3 == secondary     && \
  36.511 +		                   $4 == label ) {        \
  36.512 +		                result=$5                 \
  36.513 +		              }                           \
  36.514 +		            }  END {                      \
  36.515 +		              if (result != "" )          \
  36.516 +		                {printf "%04x", strtonum(result)}\
  36.517 +		            }'`
  36.518 +	fi
  36.519 +
  36.520 +	if [ "$SSIDLO" == "" -o \
  36.521 +	     "$SSIDHI" == "" ]; then
  36.522 +		echo "Could not map the given label '$label'."
  36.523 +		return -1
  36.524 +	fi
  36.525 +
  36.526 +	ACM_POLICY=`cat $mapfile |             \
  36.527 +	    awk ' { if ( $1 == "POLICY" ) {    \
  36.528 +	              result=$2                \
  36.529 +	            }                          \
  36.530 +	          }                            \
  36.531 +	          END {                        \
  36.532 +	            if (result != "") {        \
  36.533 +	              printf result            \
  36.534 +	            }                          \
  36.535 +	          }'`
  36.536 +
  36.537 +	if [ "$ACM_POLICY" == "" ]; then
  36.538 +		echo "Could not find 'POLICY' entry in map file."
  36.539 +		return -1
  36.540 +	fi
  36.541 +
  36.542 +	SSIDREF="0x$SSIDHI$SSIDLO"
  36.543 +
  36.544 +	if [ "$mode" != "relabel" ]; then
  36.545 +		RES=`cat $vmfile |  \
  36.546 +		     awk '{         \
  36.547 +		       if ( substr($1,0,7) == "ssidref" ) {\
  36.548 +		         print $0;             \
  36.549 +		       }                       \
  36.550 +		     }'`
  36.551 +		if [ "$RES" != "" ]; then
  36.552 +			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  36.553 +			read user
  36.554 +			if [ "$user" != "y" -a "$user" != "Y" ]; then
  36.555 +				echo "Aborted."
  36.556 +				return 0
  36.557 +			fi
  36.558 +		fi
  36.559 +	fi
  36.560 +
  36.561 +	#Write the output
  36.562 +	vmtmp1="/tmp/__setlabel.tmp1"
  36.563 +	vmtmp2="/tmp/__setlabel.tmp2"
  36.564 +	touch $vmtmp1
  36.565 +	touch $vmtmp2
  36.566 +	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  36.567 +		echo "Cannot create temporary files. Aborting."
  36.568 +		return -1
  36.569 +	fi
  36.570 +	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  36.571 +	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  36.572 +	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  36.573 +	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  36.574 +	echo "#ACM_LABEL=$label" >> $vmtmp1
  36.575 +	echo "ssidref = $SSIDREF" >> $vmtmp1
  36.576 +	mv -f $vmtmp1 $vmfile
  36.577 +	rm -rf $vmtmp1 $vmtmp2
  36.578 +	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  36.579 +}
  36.580 +
  36.581 +
  36.582 +# Translate an ssidref into its label. This does the reverse lookup
  36.583 +# to the relabel function above.
  36.584 +# This function displays the results.
  36.585 +# Parameters:
  36.586 +# 1st: The ssidref to translate; must be in the form '0x00010002'
  36.587 +# 2nd: Full or relative path to the policy's mapfile
  36.588 +translateSSIDREF ()
  36.589 +{
  36.590 +	ssidref=$1
  36.591 +	mapfile=$2
  36.592 +
  36.593 +	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
  36.594 +		echo "Cannot read from vm configuration file $vmfile."
  36.595 +		return -1
  36.596 +	fi
  36.597 +
  36.598 +	getPrimaryPolicy $mapfile
  36.599 +	getSecondaryPolicy $mapfile
  36.600 +
  36.601 +	if [ "$primary" == "NULL" -a "$secondary" == "NULL" ]; then
  36.602 +		echo "There are no labels for the NULL policy."
  36.603 +		return
  36.604 +	fi
  36.605 +
  36.606 +	getSSIDLOHI $ssidref
  36.607 +	ret=$?
  36.608 +	if [ $ret -ne 1 ]; then
  36.609 +		echo "Error while parsing the ssid ref number '$ssidref'."
  36.610 +	fi;
  36.611 +
  36.612 +	let line1=0
  36.613 +	let line2=0
  36.614 +	while [ 1 ]; do
  36.615 +		ITEM1=`cat $mapfile |                       \
  36.616 +		      awk -vprimary=$primary                \
  36.617 +		          -vssidlo=$ssidlo_int              \
  36.618 +		          -vline=$line1                     \
  36.619 +		      '{                                    \
  36.620 +		         if ( $1 == "LABEL->SSID" &&        \
  36.621 +		              $3 == primary &&              \
  36.622 +		              int($5) == ssidlo     ) {     \
  36.623 +		             if (l == line) {               \
  36.624 +		                 print $4;                  \
  36.625 +		                 exit;                      \
  36.626 +		             }                              \
  36.627 +		             l++;                           \
  36.628 +		         }                                  \
  36.629 +		       }'`
  36.630 +
  36.631 +		ITEM2=`cat $mapfile |                       \
  36.632 +		      awk -vsecondary=$secondary            \
  36.633 +		          -vssidhi=$ssidhi_int              \
  36.634 +		          -vline=$line2                     \
  36.635 +		      '{                                    \
  36.636 +		         if ( $1 == "LABEL->SSID" &&        \
  36.637 +		              $3 == secondary &&            \
  36.638 +		              int($5) == ssidhi     ) {     \
  36.639 +		             if (l == line) {               \
  36.640 +		                 print $4;                  \
  36.641 +		                 exit;                      \
  36.642 +		             }                              \
  36.643 +		             l++;                           \
  36.644 +		         }                                  \
  36.645 +		       }'`
  36.646 +
  36.647 +		if [ "$secondary" != "NULL" ]; then
  36.648 +			if [ "$ITEM1" == "" ]; then
  36.649 +				let line1=0
  36.650 +				let line2=line2+1
  36.651 +			else
  36.652 +				let line1=line1+1
  36.653 +			fi
  36.654 +
  36.655 +			if [ "$ITEM1" == "" -a \
  36.656 +			     "$ITEM2" == "" ]; then
  36.657 +				echo "Could not determine the referenced label."
  36.658 +				break
  36.659 +			fi
  36.660 +
  36.661 +			if [ "$ITEM1" == "$ITEM2" ]; then
  36.662 +				echo "Label: $ITEM1"
  36.663 +				break
  36.664 +			fi
  36.665 +		else
  36.666 +			if [ "$ITEM1" != "" ]; then
  36.667 +				echo "Label: $ITEM1"
  36.668 +			else
  36.669 +				if [ "$found" == "0" ]; then
  36.670 +					found=1
  36.671 +				else
  36.672 +					break
  36.673 +				fi
  36.674 +			fi
  36.675 +			let line1=line1+1
  36.676 +		fi
  36.677 +	done
  36.678 +}
    37.1 --- a/tools/security/secpol_tool.c	Fri Sep 02 14:15:49 2005 +0000
    37.2 +++ b/tools/security/secpol_tool.c	Fri Sep 02 14:17:08 2005 +0000
    37.3 @@ -25,6 +25,7 @@
    37.4  #include <stdio.h>
    37.5  #include <errno.h>
    37.6  #include <fcntl.h>
    37.7 +#include <getopt.h>
    37.8  #include <sys/mman.h>
    37.9  #include <sys/types.h>
   37.10  #include <sys/stat.h>
   37.11 @@ -41,6 +42,17 @@
   37.12  fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,	\
   37.13                  errno, strerror(errno))
   37.14  
   37.15 +void usage(char *progname)
   37.16 +{
   37.17 +    printf("Use: %s \n"
   37.18 +           "\t getpolicy\n"
   37.19 +           "\t dumpstats\n"
   37.20 +           "\t loadpolicy <binary policy file>\n"
   37.21 +           "\t getssid -d <domainid> [-f]\n"
   37.22 +		   "\t getssid -s <ssidref> [-f]\n", progname);
   37.23 +    exit(-1);
   37.24 +}
   37.25 +
   37.26  static inline int do_policycmd(int xc_handle, unsigned int cmd,
   37.27                                 unsigned long data)
   37.28  {
   37.29 @@ -320,7 +332,7 @@ int acm_domain_loadpolicy(int xc_handle,
   37.30  
   37.31          if (ret)
   37.32              printf
   37.33 -                ("ERROR setting policy. Use 'xm dmesg' to see details.\n");
   37.34 +                ("ERROR setting policy. Try 'xm dmesg' to see details.\n");
   37.35          else
   37.36              printf("Successfully changed policy.\n");
   37.37  
   37.38 @@ -370,7 +382,7 @@ int acm_domain_dumpstats(int xc_handle)
   37.39  
   37.40      if (ret < 0)
   37.41      {
   37.42 -        printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n");
   37.43 +        printf("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n");
   37.44          return ret;
   37.45      }
   37.46      stats = (struct acm_stats_buffer *) stats_buffer;
   37.47 @@ -421,18 +433,122 @@ int acm_domain_dumpstats(int xc_handle)
   37.48      }
   37.49      return ret;
   37.50  }
   37.51 +/************************ get ssidref & types ******************************/
   37.52 +/*
   37.53 + * the ssid (types) can be looked up either by domain id or by ssidref
   37.54 + */
   37.55 +int acm_domain_getssid(int xc_handle, int argc, char * const argv[])
   37.56 +{
   37.57 +    /* this includes header and a set of types */
   37.58 +    #define MAX_SSIDBUFFER  2000
   37.59 +    int ret, i;
   37.60 +    acm_op_t op;
   37.61 +    struct acm_ssid_buffer *hdr;
   37.62 +    unsigned char *buf;
   37.63 +	int nice_print = 1;
   37.64 +
   37.65 +    op.cmd = ACM_GETSSID;
   37.66 +    op.interface_version = ACM_INTERFACE_VERSION;
   37.67 +	op.u.getssid.get_ssid_by = UNSET;
   37.68 +	/* arguments
   37.69 +	   -d ... domain id to look up
   37.70 +	   -s ... ssidref number to look up
   37.71 +	   -f ... formatted print (scripts depend on this format)
   37.72 +	*/
   37.73 +	while (1)
   37.74 +    {
   37.75 +		int c = getopt(argc, argv, "d:s:f");
   37.76 +		if (c == -1)
   37.77 +			break;
   37.78 +		if (c == 'd')
   37.79 +        {
   37.80 +			if (op.u.getssid.get_ssid_by != UNSET)
   37.81 +				usage(argv[0]);
   37.82 +			op.u.getssid.get_ssid_by = DOMAINID;
   37.83 +			op.u.getssid.id.domainid = strtoul(optarg, NULL, 0);
   37.84 +		}
   37.85 +		else if (c== 's')
   37.86 +        {
   37.87 +			if (op.u.getssid.get_ssid_by != UNSET)
   37.88 +				usage(argv[0]);
   37.89 +			op.u.getssid.get_ssid_by = SSIDREF;
   37.90 +			op.u.getssid.id.ssidref = strtoul(optarg, NULL, 0);
   37.91 +		}
   37.92 +		else if (c== 'f')
   37.93 +		{
   37.94 +			nice_print = 0;
   37.95 +		}
   37.96 +		else
   37.97 +			usage(argv[0]);
   37.98 +	}
   37.99 +	if (op.u.getssid.get_ssid_by == UNSET)
  37.100 +		usage(argv[0]);
  37.101 +
  37.102 +	buf = malloc(MAX_SSIDBUFFER);
  37.103 +    if (!buf)
  37.104 +        return -ENOMEM;
  37.105 +
  37.106 +    /* dump it and then push it down into xen/acm */
  37.107 +    op.u.getssid.ssidbuf = buf;   /* out */
  37.108 +    op.u.getssid.ssidbuf_size = MAX_SSIDBUFFER;
  37.109 +    ret = do_acm_op(xc_handle, &op);
  37.110 +
  37.111 +    if (ret)
  37.112 +    {
  37.113 +        printf("ERROR getting ssidref. Try 'xm dmesg' to see details.\n");
  37.114 +        goto out;
  37.115 +    }
  37.116 +    hdr = (struct acm_ssid_buffer *)buf;
  37.117 +    if (hdr->len > MAX_SSIDBUFFER)
  37.118 +    {
  37.119 +        printf("ERROR: Buffer length inconsistent (ret=%d, hdr->len=%d)!\n",
  37.120 +               ret, hdr->len);
  37.121 +            return -EIO;
  37.122 +    }
  37.123 +	if (nice_print)
  37.124 +    {
  37.125 +		printf("SSID: ssidref = 0x%08x \n", hdr->ssidref);
  37.126 +		printf("      P: %s, max_types = %d\n",
  37.127 +			   ACM_POLICY_NAME(hdr->primary_policy_code), hdr->primary_max_types);
  37.128 +		printf("	  Types: ");
  37.129 +		for (i=0; i< hdr->primary_max_types; i++)
  37.130 +			if (buf[hdr->primary_types_offset + i])
  37.131 +				printf("%02x ", i);
  37.132 +			else
  37.133 +				printf("-- ");
  37.134 +		printf("\n");
  37.135 +
  37.136 +		printf("      S: %s, max_types = %d\n",
  37.137 +			   ACM_POLICY_NAME(hdr->secondary_policy_code), hdr->secondary_max_types);
  37.138 +		printf("	  Types: ");
  37.139 +		for (i=0; i< hdr->secondary_max_types; i++)
  37.140 +			if (buf[hdr->secondary_types_offset + i])
  37.141 +				printf("%02x ", i);
  37.142 +			else
  37.143 +				printf("-- ");
  37.144 +		printf("\n");
  37.145 +	}
  37.146 +	else
  37.147 +    {
  37.148 +		/* formatted print for use with scripts (.sh)
  37.149 +		 *  update scripts when updating here (usually
  37.150 +		 *  used in combination with -d to determine a
  37.151 +		 *  running domain's label
  37.152 +		 */
  37.153 +		printf("SSID: ssidref = 0x%08x \n", hdr->ssidref);
  37.154 +	}
  37.155 +
  37.156 +    /* return ste ssidref */
  37.157 +    if (hdr->primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
  37.158 +        ret = (hdr->ssidref) & 0xffff;
  37.159 +    else if (hdr->secondary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
  37.160 +        ret = (hdr->ssidref) >> 16;
  37.161 + out:
  37.162 +    return ret;
  37.163 +}
  37.164  
  37.165  /***************************** main **************************************/
  37.166  
  37.167 -void usage(char *progname)
  37.168 -{
  37.169 -    printf("Use: %s \n"
  37.170 -           "\t getpolicy\n"
  37.171 -           "\t dumpstats\n"
  37.172 -           "\t loadpolicy <binary policy file>\n", progname);
  37.173 -    exit(-1);
  37.174 -}
  37.175 -
  37.176  int main(int argc, char **argv)
  37.177  {
  37.178  
  37.179 @@ -459,6 +575,8 @@ int main(int argc, char **argv)
  37.180          if (argc != 2)
  37.181              usage(argv[0]);
  37.182          ret = acm_domain_dumpstats(acm_cmd_fd);
  37.183 +    } else if (!strcmp(argv[1], "getssid")) {
  37.184 +        ret = acm_domain_getssid(acm_cmd_fd, argc, argv);
  37.185      } else
  37.186          usage(argv[0]);
  37.187  
    38.1 --- a/tools/security/setlabel.sh	Fri Sep 02 14:15:49 2005 +0000
    38.2 +++ b/tools/security/setlabel.sh	Fri Sep 02 14:17:08 2005 +0000
    38.3 @@ -34,277 +34,29 @@ if [ -z "$runbash" ]; then
    38.4  	exec sh -c "bash $0 $*"
    38.5  fi
    38.6  
    38.7 +export PATH=$PATH:.
    38.8 +source labelfuncs.sh
    38.9  
   38.10  usage ()
   38.11  {
   38.12 -	echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
   38.13 -	echo "    or $0 -l <policy name>"
   38.14 +	echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
   38.15 +	echo "    or $0 -l [<policy name>]"
   38.16  	echo ""
   38.17 -	echo "Valid Options are:"
   38.18 +	echo "Valid options are:"
   38.19  	echo "-r          : to relabel a file without being prompted"
   38.20  	echo ""
   38.21  	echo "vmfile      : XEN vm configuration file"
   38.22 -	echo "label       : the label to map"
   38.23 +	echo "label       : the label to map to an ssidref"
   38.24  	echo "policy name : the name of the policy, i.e. 'chwall'"
   38.25 +	echo "              If the policy name is omitted, it is attempted"
   38.26 +	echo "              to find the current policy's name in grub.conf."
   38.27  	echo ""
   38.28 -	echo "-l <policy name> is used to show valid labels in the map file"
   38.29 +	echo "-l [<policy name>] is used to show valid labels in the map file of"
   38.30 +	echo "                   the given or current policy."
   38.31  	echo ""
   38.32  }
   38.33  
   38.34  
   38.35 -findMapFile ()
   38.36 -{
   38.37 -	mapfile="./$1.map"
   38.38 -	if [ -r "$mapfile" ]; then
   38.39 -		return 1
   38.40 -	fi
   38.41 -
   38.42 -	mapfile="./policies/$1/$1.map"
   38.43 -	if [ -r "$mapfile" ]; then
   38.44 -		return 1
   38.45 -	fi
   38.46 -
   38.47 -	return 0
   38.48 -}
   38.49 -
   38.50 -showLabels ()
   38.51 -{
   38.52 -	mapfile=$1
   38.53 -	if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
   38.54 -		echo "Cannot read from vm configuration file $vmfile."
   38.55 -		return -1
   38.56 -	fi
   38.57 -
   38.58 -	getPrimaryPolicy $mapfile
   38.59 -	getSecondaryPolicy $mapfile
   38.60 -
   38.61 -	echo "The following labels are available:"
   38.62 -	let line=1
   38.63 -	while [ 1 ]; do
   38.64 -		ITEM=`cat $mapfile |         \
   38.65 -		      awk -vline=$line       \
   38.66 -		          -vprimary=$primary \
   38.67 -		      '{                     \
   38.68 -		         if ($1 == "LABEL->SSID" &&  \
   38.69 -		             $2 == "VM" &&           \
   38.70 -		             $3 == primary ) {       \
   38.71 -		           ctr++;                    \
   38.72 -		           if (ctr == line) {        \
   38.73 -		             print $4;               \
   38.74 -		           }                         \
   38.75 -		         }                           \
   38.76 -		       } END {                       \
   38.77 -		       }'`
   38.78 -
   38.79 -		if [ "$ITEM" == "" ]; then
   38.80 -			break
   38.81 -		fi
   38.82 -		if [ "$secondary" != "NULL" ]; then
   38.83 -			LABEL=`cat $mapfile |     \
   38.84 -			       awk -vitem=$ITEM   \
   38.85 -			       '{
   38.86 -			          if ($1 == "LABEL->SSID" && \
   38.87 -			              $2 == "VM" &&          \
   38.88 -			              $3 == "CHWALL" &&      \
   38.89 -			              $4 == item ) {         \
   38.90 -			            result = item;           \
   38.91 -			          }                          \
   38.92 -			        } END {                      \
   38.93 -			            print result             \
   38.94 -			        }'`
   38.95 -		else
   38.96 -			LABEL=$ITEM
   38.97 -		fi
   38.98 -
   38.99 -		if [ "$LABEL" != "" ]; then
  38.100 -			echo "$LABEL"
  38.101 -			found=1
  38.102 -		fi
  38.103 -		let line=line+1
  38.104 -	done
  38.105 -	if [ "$found" != "1" ]; then
  38.106 -		echo "No labels found."
  38.107 -	fi
  38.108 -}
  38.109 -
  38.110 -getPrimaryPolicy ()
  38.111 -{
  38.112 -	mapfile=$1
  38.113 -	primary=`cat $mapfile  |   \
  38.114 -	         awk '             \
  38.115 -	          {                \
  38.116 -	            if ( $1 == "PRIMARY" ) { \
  38.117 -	              res=$2;                \
  38.118 -	            }                        \
  38.119 -	          } END {                    \
  38.120 -	            print res;               \
  38.121 -	          } '`
  38.122 -}
  38.123 -
  38.124 -getSecondaryPolicy ()
  38.125 -{
  38.126 -	mapfile=$1
  38.127 -	secondary=`cat $mapfile  |   \
  38.128 -	         awk '             \
  38.129 -	          {                \
  38.130 -	            if ( $1 == "SECONDARY" ) { \
  38.131 -	              res=$2;                \
  38.132 -	            }                        \
  38.133 -	          } END {                    \
  38.134 -	            print res;               \
  38.135 -	          } '`
  38.136 -}
  38.137 -
  38.138 -
  38.139 -getDefaultSsid ()
  38.140 -{
  38.141 -	mapfile=$1
  38.142 -	pol=$2
  38.143 -	RES=`cat $mapfile    \
  38.144 -	     awk -vpol=$pol  \
  38.145 -	      {              \
  38.146 -	        if ($1 == "LABEL->SSID" && \
  38.147 -	            $2 == "ANY"         && \
  38.148 -	            $3 == pol           && \
  38.149 -	            $4 == "DEFAULT"       ) {\
  38.150 -	              res=$5;                \
  38.151 -	        }                            \
  38.152 -	      } END {                        \
  38.153 -	        printf "%04x", strtonum(res) \
  38.154 -	     }'`
  38.155 -	echo "default NULL mapping is $RES"
  38.156 -	defaultssid=$RES
  38.157 -}
  38.158 -
  38.159 -relabel ()
  38.160 -{
  38.161 -	vmfile=$1
  38.162 -	label=$2
  38.163 -	mapfile=$3
  38.164 -	mode=$4
  38.165 -
  38.166 -	if [ ! -r "$vmfile" ]; then
  38.167 -		echo "Cannot read from vm configuration file $vmfile."
  38.168 -		return -1
  38.169 -	fi
  38.170 -
  38.171 -	if [ ! -w "$vmfile" ]; then
  38.172 -		echo "Cannot write to vm configuration file $vmfile."
  38.173 -		return -1
  38.174 -	fi
  38.175 -
  38.176 -	if [ ! -r "$mapfile" ] ; then
  38.177 -		echo "Cannot read mapping file $mapfile."
  38.178 -		return -1
  38.179 -	fi
  38.180 -
  38.181 -	# Determine which policy is primary, which sec.
  38.182 -	getPrimaryPolicy $mapfile
  38.183 -	getSecondaryPolicy $mapfile
  38.184 -
  38.185 -	# Calculate the primary policy's SSIDREF
  38.186 -	if [ "$primary" == "NULL" ]; then
  38.187 -		SSIDLO="0000"
  38.188 -	else
  38.189 -		SSIDLO=`cat $mapfile |                    \
  38.190 -		        awk -vlabel=$label                \
  38.191 -		            -vprimary=$primary            \
  38.192 -		           '{                             \
  38.193 -		              if ( $1 == "LABEL->SSID" && \
  38.194 -		                   $2 == "VM" &&          \
  38.195 -		                   $3 == primary  &&      \
  38.196 -		                   $4 == label ) {        \
  38.197 -		                result=$5                 \
  38.198 -		              }                           \
  38.199 -		           } END {                        \
  38.200 -		             if (result != "" )           \
  38.201 -		               {printf "%04x", strtonum(result)}\
  38.202 -		           }'`
  38.203 -	fi
  38.204 -
  38.205 -	# Calculate the secondary policy's SSIDREF
  38.206 -	if [ "$secondary" == "NULL" ]; then
  38.207 -		SSIDHI="0000"
  38.208 -	else
  38.209 -		SSIDHI=`cat $mapfile |                    \
  38.210 -		        awk -vlabel=$label                \
  38.211 -		            -vsecondary=$secondary        \
  38.212 -		           '{                             \
  38.213 -		              if ( $1 == "LABEL->SSID" && \
  38.214 -		                   $2 == "VM"          && \
  38.215 -		                   $3 == secondary     && \
  38.216 -		                   $4 == label ) {        \
  38.217 -		                result=$5                 \
  38.218 -		              }                           \
  38.219 -		            }  END {                      \
  38.220 -		              if (result != "" )          \
  38.221 -		                {printf "%04x", strtonum(result)}\
  38.222 -		            }'`
  38.223 -	fi
  38.224 -
  38.225 -	if [ "$SSIDLO" == "" -o \
  38.226 -	     "$SSIDHI" == "" ]; then
  38.227 -		echo "Could not map the given label '$label'."
  38.228 -		return -1
  38.229 -	fi
  38.230 -
  38.231 -	ACM_POLICY=`cat $mapfile |             \
  38.232 -	    awk ' { if ( $1 == "POLICY" ) {    \
  38.233 -	              result=$2                \
  38.234 -	            }                          \
  38.235 -	          }                            \
  38.236 -	          END {                        \
  38.237 -	            if (result != "") {        \
  38.238 -	              printf result            \
  38.239 -	            }                          \
  38.240 -	          }'`
  38.241 -
  38.242 -	if [ "$ACM_POLICY" == "" ]; then
  38.243 -		echo "Could not find 'POLICY' entry in map file."
  38.244 -		return -1
  38.245 -	fi
  38.246 -
  38.247 -	SSIDREF="0x$SSIDHI$SSIDLO"
  38.248 -
  38.249 -	if [ "$mode" != "relabel" ]; then
  38.250 -		RES=`cat $vmfile |  \
  38.251 -		     awk '{         \
  38.252 -		       if ( substr($1,0,7) == "ssidref" ) {\
  38.253 -		         print $0;             \
  38.254 -		       }                       \
  38.255 -		     }'`
  38.256 -		if [ "$RES" != "" ]; then
  38.257 -			echo "Do you want to overwrite the existing mapping ($RES)? (y/N)"
  38.258 -			read user
  38.259 -			if [ "$user" != "y" -a "$user" != "Y" ]; then
  38.260 -				echo "Aborted."
  38.261 -				return 0
  38.262 -			fi
  38.263 -		fi
  38.264 -	fi
  38.265 -
  38.266 -	#Write the output
  38.267 -	vmtmp1="/tmp/__setlabel.tmp1"
  38.268 -	vmtmp2="/tmp/__setlabel.tmp2"
  38.269 -	touch $vmtmp1
  38.270 -	touch $vmtmp2
  38.271 -	if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
  38.272 -		echo "Cannot create temporary files. Aborting."
  38.273 -		return -1
  38.274 -	fi
  38.275 -	RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
  38.276 -	RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
  38.277 -	RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
  38.278 -	echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
  38.279 -	echo "#ACM_LABEL=$label" >> $vmtmp1
  38.280 -	echo "ssidref = $SSIDREF" >> $vmtmp1
  38.281 -	mv -f $vmtmp1 $vmfile
  38.282 -	rm -rf $vmtmp1 $vmtmp2
  38.283 -	echo "Mapped label '$label' to ssidref '$SSIDREF'."
  38.284 -}
  38.285 -
  38.286 -
  38.287 -
  38.288  if [ "$1" == "-r" ]; then
  38.289  	mode="relabel"
  38.290  	shift
  38.291 @@ -317,10 +69,25 @@ fi
  38.292  
  38.293  if [ "$mode" == "show" ]; then
  38.294  	if [ "$1" == "" ]; then
  38.295 -		usage
  38.296 -		exit -1;
  38.297 +		findGrubConf
  38.298 +		ret=$?
  38.299 +		if [ $ret -eq 0 ]; then
  38.300 +			echo "Could not find grub.conf"
  38.301 +			exit -1;
  38.302 +		fi
  38.303 +		findPolicyInGrub $grubconf
  38.304 +		if [ "$policy" != "" ]; then
  38.305 +			echo "Assuming policy to be '$policy'.";
  38.306 +		else
  38.307 +			echo "Could not find policy."
  38.308 +			exit -1;
  38.309 +		fi
  38.310 +	else
  38.311 +		policy=$3;
  38.312  	fi
  38.313 -	findMapFile $1
  38.314 +
  38.315 +
  38.316 +	findMapFile $policy
  38.317  	res=$?
  38.318  	if [ "$res" != "0" ]; then
  38.319  		showLabels $mapfile
  38.320 @@ -330,11 +97,29 @@ if [ "$mode" == "show" ]; then
  38.321  elif [ "$mode" == "usage" ]; then
  38.322  	usage
  38.323  else
  38.324 -	if [ "$3" == "" ]; then
  38.325 +	if [ "$2" == "" ]; then
  38.326  		usage
  38.327 -		exit -1;
  38.328 +		exit -1
  38.329  	fi
  38.330 -	findMapFile $3
  38.331 +	if [ "$3" == "" ]; then
  38.332 +		findGrubConf
  38.333 +		ret=$?
  38.334 +		if [ $ret -eq 0 ]; then
  38.335 +			echo "Could not find grub.conf"
  38.336 +			exit -1;
  38.337 +		fi
  38.338 +		findPolicyInGrub $grubconf
  38.339 +		if [ "$policy" != "" ]; then
  38.340 +			echo "Assuming policy to be '$policy'.";
  38.341 +		else
  38.342 +			echo "Could not find policy."
  38.343 +			exit -1;
  38.344 +		fi
  38.345 +
  38.346 +	else
  38.347 +		policy=$3;
  38.348 +	fi
  38.349 +	findMapFile $policy
  38.350  	res=$?
  38.351  	if [ "$res" != "0" ]; then
  38.352  		relabel $1 $2 $mapfile $mode
    39.1 --- a/xen/Rules.mk	Fri Sep 02 14:15:49 2005 +0000
    39.2 +++ b/xen/Rules.mk	Fri Sep 02 14:17:08 2005 +0000
    39.3 @@ -7,7 +7,6 @@ debug       ?= n
    39.4  perfc       ?= n
    39.5  perfc_arrays?= n
    39.6  trace       ?= n
    39.7 -optimize    ?= y
    39.8  domu_debug  ?= n
    39.9  crash_debug ?= n
   39.10  
    40.1 --- a/xen/acm/acm_chinesewall_hooks.c	Fri Sep 02 14:15:49 2005 +0000
    40.2 +++ b/xen/acm/acm_chinesewall_hooks.c	Fri Sep 02 14:17:08 2005 +0000
    40.3 @@ -310,6 +310,28 @@ chwall_dump_stats(u8 *buf, u16 len)
    40.4  	return 0;
    40.5  }
    40.6  
    40.7 +static int
    40.8 +chwall_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
    40.9 +{
   40.10 +    int i;
   40.11 +
   40.12 +    /* fill in buffer */
   40.13 +    if (chwall_bin_pol.max_types > len)
   40.14 +        return -EFAULT;
   40.15 +
   40.16 +	if (ssidref >= chwall_bin_pol.max_ssidrefs)
   40.17 +		return -EFAULT;
   40.18 +
   40.19 +    /* read types for chwall ssidref */
   40.20 +    for(i=0; i< chwall_bin_pol.max_types; i++) {
   40.21 +        if (chwall_bin_pol.ssidrefs[ssidref * chwall_bin_pol.max_types + i])
   40.22 +            buf[i] = 1;
   40.23 +        else
   40.24 +            buf[i] = 0;
   40.25 +    }
   40.26 +    return chwall_bin_pol.max_types;
   40.27 +}
   40.28 +
   40.29  /***************************
   40.30   * Authorization functions
   40.31   ***************************/
   40.32 @@ -492,6 +514,7 @@ struct acm_operations acm_chinesewall_op
   40.33  	.dump_binary_policy		= chwall_dump_policy,
   40.34  	.set_binary_policy		= chwall_set_policy,
   40.35  	.dump_statistics		= chwall_dump_stats,
   40.36 +    .dump_ssid_types        = chwall_dump_ssid_types,
   40.37  	/* domain management control hooks */
   40.38  	.pre_domain_create     		= chwall_pre_domain_create,
   40.39  	.post_domain_create		= chwall_post_domain_create,
    41.1 --- a/xen/acm/acm_core.c	Fri Sep 02 14:15:49 2005 +0000
    41.2 +++ b/xen/acm/acm_core.c	Fri Sep 02 14:17:08 2005 +0000
    41.3 @@ -64,17 +64,18 @@ u8 little_endian = 1;
    41.4  void acm_set_endian(void)
    41.5  {
    41.6      u32 test = 1;
    41.7 -    if (*((u8 *)&test) == 1) {
    41.8 +    if (*((u8 *)&test) == 1)
    41.9 +    {
   41.10        	printk("ACM module running in LITTLE ENDIAN.\n");
   41.11 -	little_endian = 1;
   41.12 -    } else {
   41.13 -	printk("ACM module running in BIG ENDIAN.\n");
   41.14 -	little_endian = 0;
   41.15 +        little_endian = 1;
   41.16 +    }
   41.17 +    else
   41.18 +    {
   41.19 +        printk("ACM module running in BIG ENDIAN.\n");
   41.20 +        little_endian = 0;
   41.21      }
   41.22  }
   41.23  
   41.24 -#if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY)
   41.25 -
   41.26  /* initialize global security policy for Xen; policy write-locked already */
   41.27  static void
   41.28  acm_init_binary_policy(void *primary, void *secondary)
   41.29 @@ -101,7 +102,8 @@ acm_setup(unsigned int *initrdidx,
   41.30       * Try all modules and see whichever could be the binary policy.
   41.31       * Adjust the initrdidx if module[1] is the binary policy.
   41.32       */
   41.33 -    for (i = mbi->mods_count-1; i >= 1; i--) {
   41.34 +    for (i = mbi->mods_count-1; i >= 1; i--)
   41.35 +    {
   41.36          struct acm_policy_buffer *pol;
   41.37          char *_policy_start; 
   41.38          unsigned long _policy_len;
   41.39 @@ -117,23 +119,32 @@ acm_setup(unsigned int *initrdidx,
   41.40  		continue; /* not a policy */
   41.41  
   41.42          pol = (struct acm_policy_buffer *)_policy_start;
   41.43 -        if (ntohl(pol->magic) == ACM_MAGIC) {
   41.44 +        if (ntohl(pol->magic) == ACM_MAGIC)
   41.45 +        {
   41.46              rc = acm_set_policy((void *)_policy_start,
   41.47                                  (u16)_policy_len,
   41.48                                  0);
   41.49 -            if (rc == ACM_OK) {
   41.50 +            if (rc == ACM_OK)
   41.51 +            {
   41.52                  printf("Policy len  0x%lx, start at %p.\n",_policy_len,_policy_start);
   41.53 -                if (i == 1) {
   41.54 -                    if (mbi->mods_count > 2) {
   41.55 +                if (i == 1)
   41.56 +                {
   41.57 +                    if (mbi->mods_count > 2)
   41.58 +                    {
   41.59                          *initrdidx = 2;
   41.60 -                    } else {
   41.61 +                    }
   41.62 +                    else {
   41.63                          *initrdidx = 0;
   41.64                      }
   41.65 -                } else {
   41.66 +                }
   41.67 +                else
   41.68 +                {
   41.69                      *initrdidx = 1;
   41.70                  }
   41.71                  break;
   41.72 -            } else {
   41.73 +            }
   41.74 +            else
   41.75 +            {
   41.76              	printk("Invalid policy. %d.th module line.\n", i+1);
   41.77              }
   41.78          } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */
   41.79 @@ -147,57 +158,85 @@ acm_init(unsigned int *initrdidx,
   41.80           const multiboot_info_t *mbi,
   41.81           unsigned long initial_images_start)
   41.82  {
   41.83 -	int ret = -EINVAL;
   41.84 +	int ret = ACM_OK;
   41.85  
   41.86 -	acm_set_endian();
   41.87 +    acm_set_endian();
   41.88  	write_lock(&acm_bin_pol_rwlock);
   41.89 +    acm_init_binary_policy(NULL, NULL);
   41.90  
   41.91 -	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
   41.92 -		acm_init_binary_policy(NULL, NULL);
   41.93 -		acm_init_chwall_policy();
   41.94 +    /* set primary policy component */
   41.95 +    switch ((ACM_USE_SECURITY_POLICY) & 0x0f)
   41.96 +    {
   41.97 +
   41.98 +    case ACM_CHINESE_WALL_POLICY:
   41.99 +        acm_init_chwall_policy();
  41.100  		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
  41.101  		acm_primary_ops = &acm_chinesewall_ops;
  41.102 -		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  41.103 -		acm_secondary_ops = &acm_null_ops;
  41.104 -		ret = ACM_OK;
  41.105 -	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  41.106 -		acm_init_binary_policy(NULL, NULL);
  41.107 -		acm_init_ste_policy();
  41.108 +        break;
  41.109 +
  41.110 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  41.111 +        acm_init_ste_policy();
  41.112  		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  41.113  		acm_primary_ops = &acm_simple_type_enforcement_ops;
  41.114 +        break;
  41.115 +
  41.116 +    default:
  41.117 +        /* NULL or Unknown policy not allowed primary;
  41.118 +         * NULL/NULL will not compile this code */
  41.119 +        ret = -EINVAL;
  41.120 +        goto out;
  41.121 +    }
  41.122 +
  41.123 +    /* secondary policy component part */
  41.124 +    switch ((ACM_USE_SECURITY_POLICY) >> 4) {
  41.125 +    case ACM_NULL_POLICY:
  41.126  		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  41.127  		acm_secondary_ops = &acm_null_ops;
  41.128 -		ret = ACM_OK;
  41.129 -	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  41.130 -		acm_init_binary_policy(NULL, NULL);
  41.131 +		break;
  41.132 +
  41.133 +    case ACM_CHINESE_WALL_POLICY:
  41.134 +        if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
  41.135 +        {   /* not a valid combination */
  41.136 +            ret = -EINVAL;
  41.137 +            goto out;
  41.138 +        }
  41.139  		acm_init_chwall_policy();
  41.140 +        acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
  41.141 +		acm_secondary_ops = &acm_chinesewall_ops;
  41.142 +        break;
  41.143 +
  41.144 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  41.145 +        if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
  41.146 +        {   /* not a valid combination */
  41.147 +            ret = -EINVAL;
  41.148 +            goto out;
  41.149 +        }
  41.150  		acm_init_ste_policy();
  41.151 -		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
  41.152 -		acm_primary_ops = &acm_chinesewall_ops;
  41.153  		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  41.154  		acm_secondary_ops = &acm_simple_type_enforcement_ops;
  41.155 -		ret = ACM_OK;
  41.156 -	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
  41.157 -		acm_init_binary_policy(NULL, NULL);
  41.158 -		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
  41.159 -		acm_primary_ops = &acm_null_ops;
  41.160 -		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  41.161 -		acm_secondary_ops = &acm_null_ops;
  41.162 -		ret = ACM_OK;
  41.163 -	}
  41.164 +        break;
  41.165 +
  41.166 +    default:
  41.167 +        ret = -EINVAL;
  41.168 +        goto out;
  41.169 +    }
  41.170 +
  41.171 + out:
  41.172  	write_unlock(&acm_bin_pol_rwlock);
  41.173  
  41.174  	if (ret != ACM_OK)
  41.175 -		return -EINVAL;		
  41.176 +    {
  41.177 +        printk("%s: Error setting policies.\n", __func__);
  41.178 +        /* here one could imagine a clean panic */
  41.179 +		return -EINVAL;
  41.180 +	}
  41.181  	acm_setup(initrdidx, mbi, initial_images_start);
  41.182  	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
  41.183 -	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
  41.184 +	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
  41.185 +           ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
  41.186  	return ret;
  41.187  }
  41.188  
  41.189 -
  41.190 -#endif
  41.191 -
  41.192  int
  41.193  acm_init_domain_ssid(domid_t id, ssidref_t ssidref)
  41.194  {
  41.195 @@ -205,7 +244,8 @@ acm_init_domain_ssid(domid_t id, ssidref
  41.196  	struct domain *subj = find_domain_by_id(id);
  41.197  	int ret1, ret2;
  41.198  	
  41.199 -	if (subj == NULL) {
  41.200 +	if (subj == NULL)
  41.201 +    {
  41.202  		printk("%s: ACM_NULL_POINTER ERROR (id=%x).\n", __func__, id);
  41.203  		return ACM_NULL_POINTER_ERROR;
  41.204  	}
  41.205 @@ -235,14 +275,16 @@ acm_init_domain_ssid(domid_t id, ssidref
  41.206  	else
  41.207  		ret2 = ACM_OK;
  41.208  
  41.209 -	if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) {
  41.210 +	if ((ret1 != ACM_OK) || (ret2 != ACM_OK))
  41.211 +    {
  41.212  		printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n",
  41.213  		       __func__, subj->domain_id);
  41.214  		acm_free_domain_ssid(ssid);	
  41.215  	        put_domain(subj);
  41.216  		return ACM_INIT_SSID_ERROR;
  41.217  	}
  41.218 -	printk("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref);
  41.219 +	printk("%s: assigned domain %x the ssidref=%x.\n",
  41.220 +           __func__, id, ssid->ssidref);
  41.221  	put_domain(subj);
  41.222  	return ACM_OK;
  41.223  }
  41.224 @@ -254,11 +296,12 @@ acm_free_domain_ssid(struct acm_ssid_dom
  41.225  	domid_t id;
  41.226  
  41.227  	/* domain is already gone, just ssid is left */
  41.228 -	if (ssid == NULL) {
  41.229 +	if (ssid == NULL)
  41.230 +    {
  41.231  		printk("%s: ACM_NULL_POINTER ERROR.\n", __func__);
  41.232  		return ACM_NULL_POINTER_ERROR;
  41.233  	}
  41.234 -       	id = ssid->domainid;
  41.235 +    id = ssid->domainid;
  41.236  	ssid->subject  	     = NULL;
  41.237  
  41.238  	if (acm_primary_ops->free_domain_ssid != NULL) /* null policy */
  41.239 @@ -268,6 +311,7 @@ acm_free_domain_ssid(struct acm_ssid_dom
  41.240  		acm_secondary_ops->free_domain_ssid(ssid->secondary_ssid);
  41.241  	ssid->secondary_ssid = NULL;
  41.242  	xfree(ssid);
  41.243 -	printkd("%s: Freed individual domain ssid (domain=%02x).\n",__func__, id);
  41.244 +	printkd("%s: Freed individual domain ssid (domain=%02x).\n",
  41.245 +            __func__, id);
  41.246  	return ACM_OK;
  41.247  }
    42.1 --- a/xen/acm/acm_null_hooks.c	Fri Sep 02 14:15:49 2005 +0000
    42.2 +++ b/xen/acm/acm_null_hooks.c	Fri Sep 02 14:17:08 2005 +0000
    42.3 @@ -14,13 +14,13 @@
    42.4  #include <acm/acm_hooks.h>
    42.5  
    42.6  static int
    42.7 -null_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref)
    42.8 +null_init_domain_ssid(void **ssid, ssidref_t ssidref)
    42.9  {
   42.10  	return ACM_OK;
   42.11  }
   42.12  
   42.13  static void
   42.14 -null_free_domain_ssid(void *chwall_ssid)
   42.15 +null_free_domain_ssid(void *ssid)
   42.16  {
   42.17  	return;
   42.18  }
   42.19 @@ -44,6 +44,14 @@ null_dump_stats(u8 *buf, u16 buf_size)
   42.20  	return 0;
   42.21  }
   42.22  
   42.23 +static int
   42.24 +null_dump_ssid_types(ssidref_t ssidref, u8 *buffer, u16 buf_size)
   42.25 +{
   42.26 +    /* no types */
   42.27 +    return 0;
   42.28 +}
   42.29 +
   42.30 +
   42.31  /* now define the hook structure similarly to LSM */
   42.32  struct acm_operations acm_null_ops = {
   42.33  	.init_domain_ssid		= null_init_domain_ssid,
   42.34 @@ -51,6 +59,7 @@ struct acm_operations acm_null_ops = {
   42.35  	.dump_binary_policy           	= null_dump_binary_policy,
   42.36  	.set_binary_policy		= null_set_binary_policy,
   42.37  	.dump_statistics	        = null_dump_stats,
   42.38 +    .dump_ssid_types        = null_dump_ssid_types,
   42.39  	/* domain management control hooks */
   42.40  	.pre_domain_create     		= NULL,
   42.41  	.post_domain_create		= NULL,
    43.1 --- a/xen/acm/acm_policy.c	Fri Sep 02 14:15:49 2005 +0000
    43.2 +++ b/xen/acm/acm_policy.c	Fri Sep 02 14:17:08 2005 +0000
    43.3 @@ -26,8 +26,8 @@
    43.4  #include <xen/lib.h>
    43.5  #include <xen/delay.h>
    43.6  #include <xen/sched.h>
    43.7 +#include <acm/acm_core.h>
    43.8  #include <public/acm_ops.h>
    43.9 -#include <acm/acm_core.h>
   43.10  #include <acm/acm_hooks.h>
   43.11  #include <acm/acm_endian.h>
   43.12  
   43.13 @@ -37,14 +37,16 @@ acm_set_policy(void *buf, u16 buf_size, 
   43.14  	u8 *policy_buffer = NULL;
   43.15  	struct acm_policy_buffer *pol;
   43.16  	
   43.17 -     	if (buf_size < sizeof(struct acm_policy_buffer))
   43.18 +    if (buf_size < sizeof(struct acm_policy_buffer))
   43.19  		return -EFAULT;
   43.20  
   43.21  	/* 1. copy buffer from domain */
   43.22  	if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
   43.23 -	    goto error_free;
   43.24 +	    return -ENOMEM;
   43.25 +
   43.26  	if (isuserbuffer) {
   43.27 -		if (copy_from_user(policy_buffer, buf, buf_size)) {
   43.28 +		if (copy_from_user(policy_buffer, buf, buf_size))
   43.29 +        {
   43.30  			printk("%s: Error copying!\n",__func__);
   43.31  			goto error_free;
   43.32  		}
   43.33 @@ -57,11 +59,13 @@ acm_set_policy(void *buf, u16 buf_size, 
   43.34  	if ((ntohl(pol->magic) != ACM_MAGIC) || 
   43.35  	    (ntohl(pol->policy_version) != ACM_POLICY_VERSION) ||
   43.36  	    (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
   43.37 -	    (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) {
   43.38 +	    (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code))
   43.39 +    {
   43.40  		printkd("%s: Wrong policy magics or versions!\n", __func__);
   43.41  		goto error_free;
   43.42  	}
   43.43 -	if (buf_size != ntohl(pol->len)) {
   43.44 +	if (buf_size != ntohl(pol->len))
   43.45 +    {
   43.46  		printk("%s: ERROR in buf size.\n", __func__);
   43.47  		goto error_free;
   43.48  	}
   43.49 @@ -72,27 +76,25 @@ acm_set_policy(void *buf, u16 buf_size, 
   43.50  	/* 3. set primary policy data */
   43.51  	if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset),
   43.52                                                 ntohl(pol->secondary_buffer_offset) -
   43.53 -					       ntohl(pol->primary_buffer_offset))) {
   43.54 +					       ntohl(pol->primary_buffer_offset)))
   43.55  		goto error_lock_free;
   43.56 -	}
   43.57 +
   43.58  	/* 4. set secondary policy data */
   43.59  	if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset),
   43.60  						 ntohl(pol->len) - 
   43.61 -						 ntohl(pol->secondary_buffer_offset))) {
   43.62 +						 ntohl(pol->secondary_buffer_offset)))
   43.63  		goto error_lock_free;
   43.64 -	}
   43.65 +
   43.66  	write_unlock(&acm_bin_pol_rwlock);
   43.67 -	if (policy_buffer != NULL)
   43.68 -		xfree(policy_buffer);
   43.69 +	xfree(policy_buffer);
   43.70  	return ACM_OK;
   43.71  
   43.72   error_lock_free:
   43.73  	write_unlock(&acm_bin_pol_rwlock);
   43.74   error_free:
   43.75  	printk("%s: Error setting policy.\n", __func__);
   43.76 -	if (policy_buffer != NULL)
   43.77 -		xfree(policy_buffer);
   43.78 -	return -ENOMEM;
   43.79 +    xfree(policy_buffer);
   43.80 +	return -EFAULT;
   43.81  }
   43.82  
   43.83  int
   43.84 @@ -102,11 +104,14 @@ acm_get_policy(void *buf, u16 buf_size)
   43.85       int ret;
   43.86       struct acm_policy_buffer *bin_pol;
   43.87  	
   43.88 +    if (buf_size < sizeof(struct acm_policy_buffer))
   43.89 +		return -EFAULT;
   43.90 +
   43.91       if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
   43.92  	    return -ENOMEM;
   43.93  
   43.94       read_lock(&acm_bin_pol_rwlock);
   43.95 -     /* future: read policy from file and set it */
   43.96 +
   43.97       bin_pol = (struct acm_policy_buffer *)policy_buffer;
   43.98       bin_pol->magic = htonl(ACM_MAGIC);
   43.99       bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code);
  43.100 @@ -118,27 +123,30 @@ acm_get_policy(void *buf, u16 buf_size)
  43.101       
  43.102       ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset),
  43.103  				       buf_size - ntohl(bin_pol->primary_buffer_offset));
  43.104 -     if (ret < 0) {
  43.105 -	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
  43.106 -	     read_unlock(&acm_bin_pol_rwlock);
  43.107 -	     return -1;
  43.108 -     }
  43.109 +     if (ret < 0)
  43.110 +         goto error_free_unlock;
  43.111 +
  43.112       bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  43.113       bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
  43.114  
  43.115       ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohl(bin_pol->secondary_buffer_offset),
  43.116  				    buf_size - ntohl(bin_pol->secondary_buffer_offset));
  43.117 -     if (ret < 0) {
  43.118 -	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
  43.119 -	     read_unlock(&acm_bin_pol_rwlock);
  43.120 -	     return -1;
  43.121 -     }
  43.122 +     if (ret < 0)
  43.123 +         goto error_free_unlock;
  43.124 +
  43.125       bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  43.126 +     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
  43.127 +	     goto error_free_unlock;
  43.128 +
  43.129       read_unlock(&acm_bin_pol_rwlock);
  43.130 -     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
  43.131 -	     return -EFAULT;
  43.132       xfree(policy_buffer);
  43.133       return ACM_OK;
  43.134 +
  43.135 + error_free_unlock:
  43.136 +     read_unlock(&acm_bin_pol_rwlock);
  43.137 +     printk("%s: Error getting policy.\n", __func__);
  43.138 +     xfree(policy_buffer);
  43.139 +     return -EFAULT;
  43.140  }
  43.141  
  43.142  int
  43.143 @@ -185,4 +193,62 @@ acm_dump_statistics(void *buf, u16 buf_s
  43.144       return -EFAULT;
  43.145  }
  43.146  
  43.147 +
  43.148 +int
  43.149 +acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size)
  43.150 +{
  43.151 +    /* send stats to user space */
  43.152 +     u8 *ssid_buffer;
  43.153 +     int ret;
  43.154 +     struct acm_ssid_buffer *acm_ssid;
  43.155 +     if (buf_size < sizeof(struct acm_ssid_buffer))
  43.156 +		return -EFAULT;
  43.157 +
  43.158 +     if ((ssid_buffer = xmalloc_array(u8, buf_size)) == NULL)
  43.159 +	    return -ENOMEM;
  43.160 +
  43.161 +     read_lock(&acm_bin_pol_rwlock);
  43.162 +
  43.163 +     acm_ssid = (struct acm_ssid_buffer *)ssid_buffer;
  43.164 +     acm_ssid->len = sizeof(struct acm_ssid_buffer);
  43.165 +     acm_ssid->ssidref = ssidref;
  43.166 +     acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code;
  43.167 +     acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code;
  43.168 +     acm_ssid->primary_types_offset = acm_ssid->len;
  43.169 +
  43.170 +     /* ret >= 0 --> ret == max_types */
  43.171 +     ret = acm_primary_ops->dump_ssid_types(ACM_PRIMARY(ssidref),
  43.172 +                                            ssid_buffer + acm_ssid->primary_types_offset,
  43.173 +                                            buf_size - acm_ssid->primary_types_offset);
  43.174 +     if (ret < 0)
  43.175 +         goto error_free_unlock;
  43.176 +
  43.177 +     acm_ssid->len += ret;
  43.178 +     acm_ssid->primary_max_types = ret;
  43.179 +
  43.180 +     acm_ssid->secondary_types_offset = acm_ssid->len;
  43.181 +
  43.182 +     ret = acm_secondary_ops->dump_ssid_types(ACM_SECONDARY(ssidref),
  43.183 +                                              ssid_buffer + acm_ssid->secondary_types_offset,
  43.184 +                                              buf_size - acm_ssid->secondary_types_offset);
  43.185 +     if (ret < 0)
  43.186 +         goto error_free_unlock;
  43.187 +
  43.188 +     acm_ssid->len += ret;
  43.189 +     acm_ssid->secondary_max_types = ret;
  43.190 +
  43.191 +     if (copy_to_user(buf, ssid_buffer, acm_ssid->len))
  43.192 +	     goto error_free_unlock;
  43.193 +
  43.194 +     read_unlock(&acm_bin_pol_rwlock);
  43.195 +     xfree(ssid_buffer);
  43.196 +     return ACM_OK;
  43.197 +
  43.198 + error_free_unlock:
  43.199 +     read_unlock(&acm_bin_pol_rwlock);
  43.200 +     printk("%s: Error getting ssid.\n", __func__);
  43.201 +     xfree(ssid_buffer);
  43.202 +     return -ENOMEM;
  43.203 +}
  43.204 +
  43.205  /*eof*/
    44.1 --- a/xen/acm/acm_simple_type_enforcement_hooks.c	Fri Sep 02 14:15:49 2005 +0000
    44.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c	Fri Sep 02 14:17:08 2005 +0000
    44.3 @@ -383,6 +383,27 @@ ste_dump_stats(u8 *buf, u16 buf_len)
    44.4      return sizeof(struct acm_ste_stats_buffer);
    44.5  }
    44.6  
    44.7 +static int
    44.8 +ste_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
    44.9 +{
   44.10 +    int i;
   44.11 +
   44.12 +    /* fill in buffer */
   44.13 +    if (ste_bin_pol.max_types > len)
   44.14 +        return -EFAULT;
   44.15 +
   44.16 +	if (ssidref >= ste_bin_pol.max_ssidrefs)
   44.17 +		return -EFAULT;
   44.18 +
   44.19 +    /* read types for chwall ssidref */
   44.20 +    for(i=0; i< ste_bin_pol.max_types; i++) {
   44.21 +		if (ste_bin_pol.ssidrefs[ssidref * ste_bin_pol.max_types + i])
   44.22 +            buf[i] = 1;
   44.23 +        else
   44.24 +            buf[i] = 0;
   44.25 +    }
   44.26 +    return ste_bin_pol.max_types;
   44.27 +}
   44.28  
   44.29  /* we need to go through this before calling the hooks,
   44.30   * returns 1 == cache hit */
   44.31 @@ -625,22 +646,23 @@ struct acm_operations acm_simple_type_en
   44.32  	/* policy management services */
   44.33  	.init_domain_ssid		= ste_init_domain_ssid,
   44.34  	.free_domain_ssid		= ste_free_domain_ssid,
   44.35 -	.dump_binary_policy    	       	= ste_dump_policy,
   44.36 -	.set_binary_policy     		= ste_set_policy,
   44.37 +	.dump_binary_policy     = ste_dump_policy,
   44.38 +	.set_binary_policy      = ste_set_policy,
   44.39  	.dump_statistics		= ste_dump_stats,
   44.40 +    .dump_ssid_types        = ste_dump_ssid_types,
   44.41  	/* domain management control hooks */
   44.42  	.pre_domain_create     		= ste_pre_domain_create,
   44.43 -	.post_domain_create		= NULL,
   44.44 -	.fail_domain_create		= NULL,
   44.45 -	.post_domain_destroy		= ste_post_domain_destroy,
   44.46 +	.post_domain_create	    = NULL,
   44.47 +	.fail_domain_create     = NULL,
   44.48 +	.post_domain_destroy    = ste_post_domain_destroy,
   44.49  	/* event channel control hooks */
   44.50 -	.pre_eventchannel_unbound      	= ste_pre_eventchannel_unbound,
   44.51 +	.pre_eventchannel_unbound   = ste_pre_eventchannel_unbound,
   44.52  	.fail_eventchannel_unbound	= NULL,
   44.53  	.pre_eventchannel_interdomain	= ste_pre_eventchannel_interdomain,
   44.54  	.fail_eventchannel_interdomain  = NULL,
   44.55  	/* grant table control hooks */
   44.56 -	.pre_grant_map_ref       	= ste_pre_grant_map_ref,
   44.57 -	.fail_grant_map_ref		= NULL,
   44.58 -	.pre_grant_setup	       	= ste_pre_grant_setup,
   44.59 -	.fail_grant_setup		= NULL,
   44.60 +	.pre_grant_map_ref      = ste_pre_grant_map_ref,
   44.61 +	.fail_grant_map_ref     = NULL,
   44.62 +	.pre_grant_setup        = ste_pre_grant_setup,
   44.63 +	.fail_grant_setup       = NULL,
   44.64  };
    45.1 --- a/xen/arch/x86/Makefile	Fri Sep 02 14:15:49 2005 +0000
    45.2 +++ b/xen/arch/x86/Makefile	Fri Sep 02 14:17:08 2005 +0000
    45.3 @@ -17,7 +17,7 @@ endif
    45.4  
    45.5  OBJS := $(patsubst shadow%.o,,$(OBJS))	# drop all
    45.6  ifeq ($(TARGET_SUBARCH),x86_64) 
    45.7 - OBJS += shadow.o shadow_public.o	# x86_64: new code
    45.8 + OBJS += shadow.o shadow_public.o shadow_guest32.o	# x86_64: new code
    45.9  endif
   45.10  ifeq ($(TARGET_SUBARCH),x86_32) 
   45.11   ifneq ($(pae),n)
    46.1 --- a/xen/arch/x86/Rules.mk	Fri Sep 02 14:15:49 2005 +0000
    46.2 +++ b/xen/arch/x86/Rules.mk	Fri Sep 02 14:17:08 2005 +0000
    46.3 @@ -13,10 +13,8 @@ CFLAGS  += -I$(BASEDIR)/include
    46.4  CFLAGS  += -I$(BASEDIR)/include/asm-x86/mach-generic
    46.5  CFLAGS  += -I$(BASEDIR)/include/asm-x86/mach-default
    46.6  
    46.7 -ifeq ($(optimize),y)
    46.8 +ifneq ($(debug),y)
    46.9  CFLAGS  += -O3 -fomit-frame-pointer
   46.10 -else
   46.11 -x86_32/usercopy.o: CFLAGS += -O1
   46.12  endif
   46.13  
   46.14  # Prevent floating-point variables from creeping into Xen.
    48.1 --- a/xen/arch/x86/boot/x86_32.S	Fri Sep 02 14:15:49 2005 +0000
    48.2 +++ b/xen/arch/x86/boot/x86_32.S	Fri Sep 02 14:17:08 2005 +0000
    48.3 @@ -9,6 +9,8 @@
    48.4         	.text
    48.5  
    48.6  ENTRY(start)
    48.7 +ENTRY(stext)
    48.8 +ENTRY(_stext)
    48.9          jmp __start
   48.10  
   48.11          .align	4
   48.12 @@ -260,6 +262,3 @@ ENTRY(idle_pg_table_l2) # Initial page d
   48.13          .org 0x2000 + STACK_SIZE + PAGE_SIZE
   48.14  
   48.15  #endif /* CONFIG_X86_PAE */
   48.16 -
   48.17 -ENTRY(stext)
   48.18 -ENTRY(_stext)
    49.1 --- a/xen/arch/x86/boot/x86_64.S	Fri Sep 02 14:15:49 2005 +0000
    49.2 +++ b/xen/arch/x86/boot/x86_64.S	Fri Sep 02 14:17:08 2005 +0000
    49.3 @@ -10,6 +10,8 @@
    49.4          .code32
    49.5  
    49.6  ENTRY(start)
    49.7 +ENTRY(stext)
    49.8 +ENTRY(_stext)
    49.9          jmp __start
   49.10  
   49.11          .org    0x004
   49.12 @@ -267,5 +269,3 @@ ENTRY(idle_pg_table_l2)
   49.13  
   49.14          .org 0x4000 + STACK_SIZE + PAGE_SIZE
   49.15          .code64
   49.16 -ENTRY(stext)
   49.17 -ENTRY(_stext)
    50.1 --- a/xen/arch/x86/shadow.c	Fri Sep 02 14:15:49 2005 +0000
    50.2 +++ b/xen/arch/x86/shadow.c	Fri Sep 02 14:17:08 2005 +0000
    50.3 @@ -53,6 +53,9 @@ static unsigned long shadow_l4_table(
    50.4      struct domain *d, unsigned long gpfn, unsigned long gmfn);
    50.5  static void shadow_map_into_current(struct vcpu *v,
    50.6      unsigned long va, unsigned int from, unsigned int to);
    50.7 +static inline void validate_bl2e_change( struct domain *d,
    50.8 +	guest_root_pgentry_t *new_gle_p, pgentry_64_t *shadow_l3, int index);
    50.9 +
   50.10  #endif
   50.11  
   50.12  /********
   50.13 @@ -217,10 +220,38 @@ alloc_shadow_page(struct domain *d,
   50.14          }
   50.15          else
   50.16          {
   50.17 -            page = alloc_domheap_page(NULL);
   50.18 -            void *l1 = map_domain_page(page_to_pfn(page));
   50.19 -            memset(l1, 0, PAGE_SIZE);
   50.20 -            unmap_domain_page(l1);
   50.21 +            if (d->arch.ops->guest_paging_levels == PAGING_L2)
   50.22 +            {
   50.23 +#if CONFIG_PAGING_LEVELS >= 4
   50.24 +                /* For 32-bit VMX guest, 2 shadow L1s to simulate 1 guest L1
   50.25 +                 * So need allocate 2 continues shadow L1 each time.
   50.26 +                 */
   50.27 +                page = alloc_domheap_pages(NULL, SL1_ORDER, 0);
   50.28 +                if (!page)
   50.29 +                    domain_crash_synchronous();
   50.30 +
   50.31 +                void *l1_0 = map_domain_page(page_to_pfn(page));
   50.32 +                memset(l1_0,0,PAGE_SIZE);
   50.33 +                unmap_domain_page(l1_0);
   50.34 +                void *l1_1 = map_domain_page(page_to_pfn(page+1));
   50.35 +                memset(l1_1,0,PAGE_SIZE);
   50.36 +                unmap_domain_page(l1_1);
   50.37 +#else
   50.38 +                page = alloc_domheap_page(NULL);
   50.39 +                if (!page)
   50.40 +                    domain_crash_synchronous();
   50.41 +                void *l1 = map_domain_page(page_to_pfn(page));
   50.42 +                memset(l1, 0, PAGE_SIZE);
   50.43 +                unmap_domain_page(l1);
   50.44 +#endif
   50.45 +            }
   50.46 +            else
   50.47 +            {
   50.48 +                page = alloc_domheap_page(NULL);
   50.49 +                void *l1 = map_domain_page(page_to_pfn(page));
   50.50 +                memset(l1, 0, PAGE_SIZE);
   50.51 +                unmap_domain_page(l1);
   50.52 +            }
   50.53          }
   50.54      }
   50.55      else {
   50.56 @@ -331,7 +362,21 @@ alloc_shadow_page(struct domain *d,
   50.57    fail:
   50.58      FSH_LOG("promotion of pfn=%lx mfn=%lx failed!  external gnttab refs?",
   50.59              gpfn, gmfn);
   50.60 -    free_domheap_page(page);
   50.61 +    if (psh_type == PGT_l1_shadow)
   50.62 +    {
   50.63 +        if (d->arch.ops->guest_paging_levels == PAGING_L2)
   50.64 +        {
   50.65 +#if CONFIG_PAGING_LEVELS >=4
   50.66 +            free_domheap_pages(page, SL1_ORDER);
   50.67 +#else
   50.68 +            free_domheap_page(page);
   50.69 +#endif
   50.70 +        }
   50.71 +        else
   50.72 +            free_domheap_page(page);
   50.73 +    }
   50.74 +    else
   50.75 +        free_domheap_page(page);
   50.76      return 0;
   50.77  }
   50.78  
   50.79 @@ -478,8 +523,10 @@ static void shadow_map_l1_into_current_l
   50.80  { 
   50.81      struct vcpu *v = current;
   50.82      struct domain *d = v->domain;
   50.83 -    l1_pgentry_t *gpl1e, *spl1e;
   50.84 -    l2_pgentry_t gl2e, sl2e;
   50.85 +    l1_pgentry_t *spl1e;
   50.86 +    l2_pgentry_t sl2e;
   50.87 +    guest_l1_pgentry_t *gpl1e;
   50.88 +    guest_l2_pgentry_t gl2e;
   50.89      unsigned long gl1pfn, gl1mfn, sl1mfn;
   50.90      int i, init_table = 0;
   50.91  
   50.92 @@ -523,28 +570,49 @@ static void shadow_map_l1_into_current_l
   50.93      ASSERT( !(l2e_get_flags(old_sl2e) & _PAGE_PRESENT) );
   50.94  #endif
   50.95  
   50.96 -    if ( !get_shadow_ref(sl1mfn) )
   50.97 -        BUG();
   50.98 -    l2pde_general(d, &gl2e, &sl2e, sl1mfn);
   50.99 -    __guest_set_l2e(v, va, &gl2e);
  50.100 -    __shadow_set_l2e(v, va, &sl2e);
  50.101 +#if CONFIG_PAGING_LEVELS >=4
  50.102 +    if (d->arch.ops->guest_paging_levels == PAGING_L2)
  50.103 +    {
  50.104 +        /* for 32-bit VMX guest on 64-bit host, 
  50.105 +         * need update two L2 entries each time
  50.106 +         */
  50.107 +        if ( !get_shadow_ref(sl1mfn))
  50.108 +                BUG();
  50.109 +        l2pde_general(d, &gl2e, &sl2e, sl1mfn);
  50.110 +        __guest_set_l2e(v, va, &gl2e);
  50.111 +        __shadow_set_l2e(v, va & ~((1<<L2_PAGETABLE_SHIFT_32) - 1), &sl2e);
  50.112 +        if ( !get_shadow_ref(sl1mfn+1))
  50.113 +            BUG();
  50.114 +        sl2e = l2e_empty();
  50.115 +        l2pde_general(d, &gl2e, &sl2e, sl1mfn+1);
  50.116 +        __shadow_set_l2e(v,((va & ~((1<<L2_PAGETABLE_SHIFT_32) - 1)) + (1 << L2_PAGETABLE_SHIFT)) , &sl2e);
  50.117 +    } else
  50.118 +#endif
  50.119 +    {
  50.120 +        if ( !get_shadow_ref(sl1mfn) )
  50.121 +            BUG();
  50.122 +        l2pde_general(d, &gl2e, &sl2e, sl1mfn);
  50.123 +        __guest_set_l2e(v, va, &gl2e);
  50.124 +        __shadow_set_l2e(v, va , &sl2e);
  50.125 +    }
  50.126  
  50.127      if ( init_table )
  50.128      {
  50.129          l1_pgentry_t sl1e;
  50.130 -        int index = l1_table_offset(va);
  50.131 +        int index = guest_l1_table_offset(va);
  50.132          int min = 1, max = 0;
  50.133          
  50.134          unsigned long entries, pt_va;
  50.135          l1_pgentry_t tmp_sl1e;
  50.136 -        l1_pgentry_t tmp_gl1e;//Prepare for double compile
  50.137 -
  50.138 -
  50.139 -        entries = PAGE_SIZE / sizeof(l1_pgentry_t);
  50.140 +        guest_l1_pgentry_t tmp_gl1e;//Prepare for double compile
  50.141 +
  50.142 +
  50.143 +        entries = PAGE_SIZE / sizeof(guest_l1_pgentry_t);
  50.144          pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(entries - 1)) << L1_PAGETABLE_SHIFT;
  50.145 -        gpl1e = (l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gl1e);
  50.146 -
  50.147 -        entries = PAGE_SIZE / sizeof(l1_pgentry_t);
  50.148 +        gpl1e = (guest_l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gl1e);
  50.149 +
  50.150 +        /* If the PGT_l1_shadow has two continual pages */
  50.151 +        entries = PAGE_SIZE / sizeof(guest_l1_pgentry_t); //1024 entry!!!
  50.152          pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(entries - 1)) << L1_PAGETABLE_SHIFT;
  50.153          spl1e = (l1_pgentry_t *) __shadow_get_l1e(v, pt_va, &tmp_sl1e);
  50.154  
  50.155 @@ -555,7 +623,7 @@ static void shadow_map_l1_into_current_l
  50.156          spl1e = &(shadow_linear_pg_table[l1_linear_offset(va) &
  50.157                                       ~(L1_PAGETABLE_ENTRIES-1)]);*/
  50.158  
  50.159 -        for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ )
  50.160 +        for ( i = 0; i < GUEST_L1_PAGETABLE_ENTRIES; i++ )
  50.161          {
  50.162              l1pte_propagate_from_guest(d, gpl1e[i], &sl1e);
  50.163              if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) &&
  50.164 @@ -584,7 +652,7 @@ static void shadow_map_l1_into_current_l
  50.165      }
  50.166  }
  50.167  
  50.168 -static void 
  50.169 +static void
  50.170  shadow_set_l1e(unsigned long va, l1_pgentry_t new_spte, int create_l1_shadow)
  50.171  {
  50.172      struct vcpu *v = current;
  50.173 @@ -616,7 +684,7 @@ shadow_set_l1e(unsigned long va, l1_pgen
  50.174                  perfc_incrc(shadow_set_l1e_unlinked);
  50.175                  if ( !get_shadow_ref(sl1mfn) )
  50.176                      BUG();
  50.177 -                l2pde_general(d, &gpde, &sl2e, sl1mfn);
  50.178 +                l2pde_general(d, (guest_l2_pgentry_t *)&gpde, &sl2e, sl1mfn);
  50.179                  __guest_set_l2e(v, va, &gpde);
  50.180                  __shadow_set_l2e(v, va, &sl2e);
  50.181              }
  50.182 @@ -651,6 +719,7 @@ shadow_set_l1e(unsigned long va, l1_pgen
  50.183      shadow_update_min_max(l2e_get_pfn(sl2e), l1_table_offset(va));
  50.184  }
  50.185  
  50.186 +#if CONFIG_PAGING_LEVELS <= 3
  50.187  static void shadow_invlpg_32(struct vcpu *v, unsigned long va)
  50.188  {
  50.189      struct domain *d = v->domain;
  50.190 @@ -679,6 +748,7 @@ static void shadow_invlpg_32(struct vcpu
  50.191  
  50.192      shadow_unlock(d);
  50.193  }
  50.194 +#endif
  50.195  
  50.196  static struct out_of_sync_entry *
  50.197  shadow_alloc_oos_entry(struct domain *d)
  50.198 @@ -759,8 +829,8 @@ shadow_make_snapshot(
  50.199      length = max - min + 1;
  50.200      perfc_incr_histo(snapshot_copies, length, PT_UPDATES);
  50.201  
  50.202 -    min *= sizeof(l1_pgentry_t);
  50.203 -    length *= sizeof(l1_pgentry_t);
  50.204 +    min *= sizeof(guest_l1_pgentry_t);
  50.205 +    length *= sizeof(guest_l1_pgentry_t);
  50.206  
  50.207      original = map_domain_page(gmfn);
  50.208      snapshot = map_domain_page(smfn);
  50.209 @@ -841,7 +911,7 @@ static void shadow_mark_va_out_of_sync(
  50.210  
  50.211          __shadow_get_l4e(v, va, &sl4e);
  50.212          if ( !(l4e_get_flags(sl4e) & _PAGE_PRESENT)) {
  50.213 -            shadow_map_into_current(v, va, L3, L4);
  50.214 +            shadow_map_into_current(v, va, PAGING_L3, PAGING_L4);
  50.215          }
  50.216  
  50.217          if (!__shadow_get_l3e(v, va, &sl3e)) {
  50.218 @@ -849,7 +919,7 @@ static void shadow_mark_va_out_of_sync(
  50.219          }
  50.220  
  50.221          if ( !(l3e_get_flags(sl3e) & _PAGE_PRESENT)) {
  50.222 -            shadow_map_into_current(v, va, L2, L3);
  50.223 +            shadow_map_into_current(v, va, PAGING_L2, PAGING_L3);
  50.224          }
  50.225      }
  50.226  #endif
  50.227 @@ -887,11 +957,11 @@ static void shadow_mark_va_out_of_sync(
  50.228   * Returns 0 otherwise.
  50.229   */
  50.230  static int snapshot_entry_matches(
  50.231 -    struct domain *d, l1_pgentry_t *guest_pt,
  50.232 +    struct domain *d, guest_l1_pgentry_t *guest_pt,
  50.233      unsigned long gpfn, unsigned index)
  50.234  {
  50.235      unsigned long smfn = __shadow_status(d, gpfn, PGT_snapshot);
  50.236 -    l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ...
  50.237 +    guest_l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ...
  50.238      int entries_match;
  50.239  
  50.240      perfc_incrc(snapshot_entry_matches_calls);
  50.241 @@ -908,7 +978,7 @@ static int snapshot_entry_matches(
  50.242      // This could probably be smarter, but this is sufficent for
  50.243      // our current needs.
  50.244      //
  50.245 -    entries_match = !l1e_has_changed(gpte, snapshot[index],
  50.246 +    entries_match = !guest_l1e_has_changed(gpte, snapshot[index],
  50.247                                       PAGE_FLAG_MASK);
  50.248  
  50.249      unmap_domain_page(snapshot);
  50.250 @@ -936,10 +1006,10 @@ static int is_out_of_sync(struct vcpu *v
  50.251      unsigned long l2mfn = pagetable_get_pfn(v->arch.guest_table);
  50.252  #endif
  50.253      unsigned long l2pfn = __mfn_to_gpfn(d, l2mfn);
  50.254 -    l2_pgentry_t l2e;
  50.255 +    guest_l2_pgentry_t l2e;
  50.256      unsigned long l1pfn, l1mfn;
  50.257 -    l1_pgentry_t *guest_pt;
  50.258 -    l1_pgentry_t tmp_gle;
  50.259 +    guest_l1_pgentry_t *guest_pt;
  50.260 +    guest_l1_pgentry_t tmp_gle;
  50.261      unsigned long pt_va;
  50.262  
  50.263      ASSERT(shadow_lock_is_acquired(d));
  50.264 @@ -948,7 +1018,7 @@ static int is_out_of_sync(struct vcpu *v
  50.265      perfc_incrc(shadow_out_of_sync_calls);
  50.266  
  50.267  #if CONFIG_PAGING_LEVELS >= 4
  50.268 -    if (d->arch.ops->guest_paging_levels == L4) { /* Mode F */
  50.269 +    if (d->arch.ops->guest_paging_levels == PAGING_L4) { /* Mode F */
  50.270          pgentry_64_t le;
  50.271          unsigned long gmfn;
  50.272          unsigned long gpfn;
  50.273 @@ -956,9 +1026,9 @@ static int is_out_of_sync(struct vcpu *v
  50.274  
  50.275          gmfn = l2mfn;
  50.276          gpfn = l2pfn;
  50.277 -        guest_pt = (l1_pgentry_t *)v->arch.guest_vtable;
  50.278 -
  50.279 -        for (i = L4; i >= L3; i--) {
  50.280 +        guest_pt = (guest_l1_pgentry_t *)v->arch.guest_vtable;
  50.281 +
  50.282 +        for (i = PAGING_L4; i >= PAGING_L3; i--) {
  50.283              if ( page_out_of_sync(&frame_table[gmfn]) &&
  50.284                !snapshot_entry_matches(
  50.285                    d, guest_pt, gpfn, table_offset_64(va, i)) )
  50.286 @@ -972,7 +1042,7 @@ static int is_out_of_sync(struct vcpu *v
  50.287              if ( !VALID_MFN(gmfn) )
  50.288                  return 0;
  50.289              /* Todo: check!*/
  50.290 -            guest_pt = (l1_pgentry_t *)map_domain_page(gmfn);
  50.291 +            guest_pt = (guest_l1_pgentry_t *)map_domain_page(gmfn);
  50.292  
  50.293          }
  50.294  
  50.295 @@ -986,13 +1056,13 @@ static int is_out_of_sync(struct vcpu *v
  50.296  #endif
  50.297  
  50.298      if ( page_out_of_sync(&frame_table[l2mfn]) &&
  50.299 -         !snapshot_entry_matches(d, (l1_pgentry_t *)v->arch.guest_vtable,
  50.300 -                                 l2pfn, l2_table_offset(va)) )
  50.301 +         !snapshot_entry_matches(d, (guest_l1_pgentry_t *)v->arch.guest_vtable,
  50.302 +                                 l2pfn, guest_l2_table_offset(va)) )
  50.303          return 1;
  50.304  
  50.305      __guest_get_l2e(v, va, &l2e);
  50.306 -    if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || 
  50.307 -         (l2e_get_flags(l2e) & _PAGE_PSE))
  50.308 +    if ( !(guest_l2e_get_flags(l2e) & _PAGE_PRESENT) || 
  50.309 +         (guest_l2e_get_flags(l2e) & _PAGE_PSE))
  50.310          return 0;
  50.311  
  50.312      l1pfn = l2e_get_pfn(l2e);
  50.313 @@ -1001,20 +1071,20 @@ static int is_out_of_sync(struct vcpu *v
  50.314      // If the l1 pfn is invalid, it can't be out of sync...
  50.315      if ( !VALID_MFN(l1mfn) )
  50.316          return 0;
  50.317 -    
  50.318 -    pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(L1_PAGETABLE_ENTRIES - 1))
  50.319 +
  50.320 +    pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(GUEST_L1_PAGETABLE_ENTRIES - 1))
  50.321        << L1_PAGETABLE_SHIFT;
  50.322 -    guest_pt = (l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gle);
  50.323 +    guest_pt = (guest_l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gle);
  50.324  
  50.325      if ( page_out_of_sync(&frame_table[l1mfn]) &&
  50.326           !snapshot_entry_matches(
  50.327 -             d, guest_pt, l1pfn, l1_table_offset(va)) )
  50.328 +             d, guest_pt, l1pfn, guest_l1_table_offset(va)) )
  50.329          return 1;
  50.330  
  50.331      return 0;
  50.332  }
  50.333  
  50.334 -#define GPFN_TO_GPTEPAGE(_gpfn) ((_gpfn) / (PAGE_SIZE / sizeof(l1_pgentry_t)))
  50.335 +#define GPFN_TO_GPTEPAGE(_gpfn) ((_gpfn) / (PAGE_SIZE / sizeof(guest_l1_pgentry_t)))
  50.336  static inline unsigned long
  50.337  predict_writable_pte_page(struct domain *d, unsigned long gpfn)
  50.338  {
  50.339 @@ -1108,7 +1178,7 @@ static u32 remove_all_write_access_in_pt
  50.340          return (found == max_refs_to_find);
  50.341      }
  50.342  
  50.343 -    i = readonly_gpfn & (L1_PAGETABLE_ENTRIES - 1);
  50.344 +    i = readonly_gpfn & (GUEST_L1_PAGETABLE_ENTRIES - 1);
  50.345      if ( !l1e_has_changed(pt[i], match, flags) && fix_entry(i) )
  50.346      {
  50.347          perfc_incrc(remove_write_fast_exit);
  50.348 @@ -1117,7 +1187,7 @@ static u32 remove_all_write_access_in_pt
  50.349          return found;
  50.350      }
  50.351   
  50.352 -    for (i = 0; i < L1_PAGETABLE_ENTRIES; i++)
  50.353 +    for (i = 0; i < GUEST_L1_PAGETABLE_ENTRIES; i++)
  50.354      {
  50.355          if ( unlikely(!l1e_has_changed(pt[i], match, flags)) && fix_entry(i) )
  50.356              break;
  50.357 @@ -1282,15 +1352,15 @@ static int resync_all(struct domain *d, 
  50.358          switch ( stype ) {
  50.359          case PGT_l1_shadow:
  50.360          {
  50.361 -            l1_pgentry_t *guest1 = guest;
  50.362 +            guest_l1_pgentry_t *guest1 = guest;
  50.363              l1_pgentry_t *shadow1 = shadow;
  50.364 -            l1_pgentry_t *snapshot1 = snapshot;
  50.365 +            guest_l1_pgentry_t *snapshot1 = snapshot;
  50.366  
  50.367              ASSERT(VM_ASSIST(d, VMASST_TYPE_writable_pagetables) ||
  50.368                     shadow_mode_write_all(d));
  50.369  
  50.370              if ( !shadow_mode_refcounts(d) )
  50.371 -                revalidate_l1(d, guest1, snapshot1);
  50.372 +                revalidate_l1(d, (l1_pgentry_t *)guest1, (l1_pgentry_t *)snapshot1);
  50.373  
  50.374              if ( !smfn )
  50.375                  break;
  50.376 @@ -1301,7 +1371,7 @@ static int resync_all(struct domain *d, 
  50.377              for ( i = min_shadow; i <= max_shadow; i++ )
  50.378              {
  50.379                  if ( (i < min_snapshot) || (i > max_snapshot) ||
  50.380 -                     l1e_has_changed(guest1[i], snapshot1[i], PAGE_FLAG_MASK) )
  50.381 +                     guest_l1e_has_changed(guest1[i], snapshot1[i], PAGE_FLAG_MASK) )
  50.382                  {
  50.383                      need_flush |= validate_pte_change(d, guest1[i], &shadow1[i]);
  50.384  
  50.385 @@ -1431,32 +1501,36 @@ static int resync_all(struct domain *d, 
  50.386          {
  50.387              int max = -1;
  50.388  
  50.389 -            l4_pgentry_t *guest4 = guest;
  50.390 +            guest_root_pgentry_t *guest_root = guest;
  50.391              l4_pgentry_t *shadow4 = shadow;
  50.392 -            l4_pgentry_t *snapshot4 = snapshot;
  50.393 +            guest_root_pgentry_t *snapshot_root = snapshot;
  50.394  
  50.395              changed = 0;
  50.396 -            for ( i = 0; i < L4_PAGETABLE_ENTRIES; i++ )
  50.397 +            for ( i = 0; i < GUEST_ROOT_PAGETABLE_ENTRIES; i++ )
  50.398              {
  50.399                  if ( !is_guest_l4_slot(i) && !external )
  50.400                      continue;
  50.401 -                l4_pgentry_t new_l4e = guest4[i];
  50.402 -                if ( l4e_has_changed(new_l4e, snapshot4[i], PAGE_FLAG_MASK))
  50.403 +                guest_root_pgentry_t new_root_e = guest_root[i];
  50.404 +                if ( root_entry_has_changed(
  50.405 +                        new_root_e, snapshot_root[i], PAGE_FLAG_MASK))
  50.406                  {
  50.407 -                    need_flush |= validate_entry_change(
  50.408 -                      d, (pgentry_64_t *)&new_l4e,
  50.409 -                      (pgentry_64_t *)&shadow4[i], shadow_type_to_level(stype));
  50.410 -
  50.411 +                    if (d->arch.ops->guest_paging_levels == PAGING_L4) {
  50.412 +                        need_flush |= validate_entry_change(
  50.413 +                          d, (pgentry_64_t *)&new_root_e,
  50.414 +                          (pgentry_64_t *)&shadow4[i], shadow_type_to_level(stype));
  50.415 +                    } else {
  50.416 +                        validate_bl2e_change(d, &new_root_e, shadow, i);
  50.417 +                    }
  50.418                      changed++;
  50.419                      ESH_LOG("%d: shadow4 mfn: %lx, shadow root: %lx\n", i,
  50.420                        smfn, pagetable_get_paddr(current->arch.shadow_table));
  50.421                  }
  50.422 -                if ( l4e_get_intpte(new_l4e) != 0 ) /* FIXME: check flags? */
  50.423 +                if ( guest_root_get_intpte(new_root_e) != 0 ) /* FIXME: check flags? */
  50.424                      max = i;
  50.425  
  50.426                  //  Need a better solution in the long term.
  50.427 -                if ( !(l4e_get_flags(new_l4e) & _PAGE_PRESENT) &&
  50.428 -                  unlikely(l4e_get_intpte(new_l4e) != 0) &&
  50.429 +                if ( !(guest_root_get_flags(new_root_e) & _PAGE_PRESENT) &&
  50.430 +                  unlikely(guest_root_get_intpte(new_root_e) != 0) &&
  50.431                    !unshadow &&
  50.432                    (frame_table[smfn].u.inuse.type_info & PGT_pinned) )
  50.433                      unshadow = 1;
  50.434 @@ -1555,8 +1629,14 @@ static void sync_all(struct domain *d)
  50.435      if ( shadow_mode_translate(d) )
  50.436          need_flush |= resync_all(d, PGT_hl2_shadow);
  50.437  #endif
  50.438 -    need_flush |= resync_all(d, PGT_l2_shadow);
  50.439 -    need_flush |= resync_all(d, PGT_l3_shadow);
  50.440 +
  50.441 +    /*
  50.442 +     * Fixme: for i386 host
  50.443 +     */
  50.444 +    if (d->arch.ops->guest_paging_levels == PAGING_L4) {
  50.445 +        need_flush |= resync_all(d, PGT_l2_shadow);
  50.446 +        need_flush |= resync_all(d, PGT_l3_shadow);
  50.447 +    }
  50.448      need_flush |= resync_all(d, PGT_l4_shadow);
  50.449  
  50.450      if ( need_flush && !unlikely(shadow_mode_external(d)) )
  50.451 @@ -1566,11 +1646,11 @@ static void sync_all(struct domain *d)
  50.452  }
  50.453  
  50.454  static inline int l1pte_write_fault(
  50.455 -    struct vcpu *v, l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p,
  50.456 +    struct vcpu *v, guest_l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p,
  50.457      unsigned long va)
  50.458  {
  50.459      struct domain *d = v->domain;
  50.460 -    l1_pgentry_t gpte = *gpte_p;
  50.461 +    guest_l1_pgentry_t gpte = *gpte_p;
  50.462      l1_pgentry_t spte;
  50.463      unsigned long gpfn = l1e_get_pfn(gpte);
  50.464      unsigned long gmfn = __gpfn_to_mfn(d, gpfn);
  50.465 @@ -1585,8 +1665,8 @@ static inline int l1pte_write_fault(
  50.466      }
  50.467  
  50.468      ASSERT(l1e_get_flags(gpte) & _PAGE_RW);
  50.469 -    l1e_add_flags(gpte, _PAGE_DIRTY | _PAGE_ACCESSED);
  50.470 -    spte = l1e_from_pfn(gmfn, l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  50.471 +    guest_l1e_add_flags(gpte, _PAGE_DIRTY | _PAGE_ACCESSED);
  50.472 +    spte = l1e_from_pfn(gmfn, guest_l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  50.473  
  50.474      SH_VVLOG("l1pte_write_fault: updating spte=0x%" PRIpte " gpte=0x%" PRIpte,
  50.475               l1e_get_intpte(spte), l1e_get_intpte(gpte));
  50.476 @@ -1604,9 +1684,9 @@ static inline int l1pte_write_fault(
  50.477  }
  50.478  
  50.479  static inline int l1pte_read_fault(
  50.480 -    struct domain *d, l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p)
  50.481 +    struct domain *d, guest_l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p)
  50.482  { 
  50.483 -    l1_pgentry_t gpte = *gpte_p;
  50.484 +    guest_l1_pgentry_t gpte = *gpte_p;
  50.485      l1_pgentry_t spte = *spte_p;
  50.486      unsigned long pfn = l1e_get_pfn(gpte);
  50.487      unsigned long mfn = __gpfn_to_mfn(d, pfn);
  50.488 @@ -1618,10 +1698,10 @@ static inline int l1pte_read_fault(
  50.489          return 0;
  50.490      }
  50.491  
  50.492 -    l1e_add_flags(gpte, _PAGE_ACCESSED);
  50.493 -    spte = l1e_from_pfn(mfn, l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  50.494 -
  50.495 -    if ( shadow_mode_log_dirty(d) || !(l1e_get_flags(gpte) & _PAGE_DIRTY) ||
  50.496 +    guest_l1e_add_flags(gpte, _PAGE_ACCESSED);
  50.497 +    spte = l1e_from_pfn(mfn, guest_l1e_get_flags(gpte) & ~_PAGE_GLOBAL);
  50.498 +
  50.499 +    if ( shadow_mode_log_dirty(d) || !(guest_l1e_get_flags(gpte) & _PAGE_DIRTY) ||
  50.500           mfn_is_page_table(mfn) )
  50.501      {
  50.502          l1e_remove_flags(spte, _PAGE_RW);
  50.503 @@ -1634,7 +1714,7 @@ static inline int l1pte_read_fault(
  50.504  
  50.505      return 1;
  50.506  }
  50.507 -
  50.508 +#if CONFIG_PAGING_LEVELS <= 3
  50.509  static int shadow_fault_32(unsigned long va, struct cpu_user_regs *regs)
  50.510  {
  50.511      l1_pgentry_t gpte, spte, orig_gpte;
  50.512 @@ -1768,6 +1848,7 @@ static int shadow_fault_32(unsigned long
  50.513      shadow_unlock(d);
  50.514      return 0;
  50.515  }
  50.516 +#endif
  50.517  
  50.518  static int do_update_va_mapping(unsigned long va,
  50.519                                  l1_pgentry_t val,
  50.520 @@ -1787,7 +1868,7 @@ static int do_update_va_mapping(unsigned
  50.521      //
  50.522      __shadow_sync_va(v, va);
  50.523  
  50.524 -    l1pte_propagate_from_guest(d, val, &spte);
  50.525 +    l1pte_propagate_from_guest(d, *(guest_l1_pgentry_t *)&val, &spte);
  50.526      shadow_set_l1e(va, spte, 0);
  50.527  
  50.528      /*
  50.529 @@ -1848,7 +1929,7 @@ static void shadow_update_pagetables(str
  50.530  #if CONFIG_PAGING_LEVELS == 2
  50.531      unsigned long hl2mfn;
  50.532  #endif
  50.533 -  
  50.534 +
  50.535      int max_mode = ( shadow_mode_external(d) ? SHM_external
  50.536                       : shadow_mode_translate(d) ? SHM_translate
  50.537                       : shadow_mode_enabled(d) ? SHM_enable
  50.538 @@ -1954,17 +2035,6 @@ static void shadow_update_pagetables(str
  50.539  #endif
  50.540  }
  50.541  
  50.542 -struct shadow_ops MODE_A_HANDLER = {
  50.543 -    .guest_paging_levels        = 2,
  50.544 -    .invlpg                     = shadow_invlpg_32,
  50.545 -    .fault                      = shadow_fault_32,
  50.546 -    .update_pagetables          = shadow_update_pagetables,
  50.547 -    .sync_all                   = sync_all,
  50.548 -    .remove_all_write_access    = remove_all_write_access,
  50.549 -    .do_update_va_mapping       = do_update_va_mapping,
  50.550 -    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  50.551 -    .is_out_of_sync             = is_out_of_sync,
  50.552 -};
  50.553  
  50.554  /************************************************************************/
  50.555  /************************************************************************/
  50.556 @@ -2445,12 +2515,90 @@ static unsigned long shadow_l3_table(
  50.557      BUG();                      /* not implemenated yet */
  50.558      return 42;
  50.559  }
  50.560 +static unsigned long gva_to_gpa_pae(unsigned long gva)
  50.561 +{
  50.562 +    BUG();
  50.563 +    return 43;
  50.564 +}
  50.565  #endif
  50.566  
  50.567  #if CONFIG_PAGING_LEVELS >= 4
  50.568  /****************************************************************************/
  50.569  /* 64-bit shadow-mode code testing */
  50.570  /****************************************************************************/
  50.571 +/*
  50.572 + * validate_bl2e_change()
  50.573 + * The code is for 32-bit VMX gues on 64-bit host.
  50.574 + * To sync guest L2.
  50.575 + */
  50.576 +
  50.577 +static inline void
  50.578 +validate_bl2e_change(
  50.579 +  struct domain *d,
  50.580 +  guest_root_pgentry_t *new_gle_p,
  50.581 +  pgentry_64_t *shadow_l3,
  50.582 +  int index)
  50.583 +{
  50.584 +    int sl3_idx, sl2_idx;
  50.585 +    unsigned long sl2mfn, sl1mfn;
  50.586 +    pgentry_64_t *sl2_p;
  50.587 +
  50.588 +    /* Using guest l2 pte index to get shadow l3&l2 index
  50.589 +     * index: 0 ~ 1023, PAGETABLE_ENTRIES: 512
  50.590 +     */
  50.591 +    sl3_idx = index / (PAGETABLE_ENTRIES / 2);
  50.592 +    sl2_idx = (index % (PAGETABLE_ENTRIES / 2)) * 2;
  50.593 +
  50.594 +    sl2mfn = entry_get_pfn(shadow_l3[sl3_idx]);
  50.595 +    sl2_p = (pgentry_64_t *)map_domain_page(sl2mfn);
  50.596 +
  50.597 +    validate_pde_change(
  50.598 +        d, *(guest_l2_pgentry_t *)new_gle_p, (l2_pgentry_t *)&sl2_p[sl2_idx]);
  50.599 +
  50.600 +    /* Mapping the second l1 shadow page */
  50.601 +    if (entry_get_flags(sl2_p[sl2_idx]) & _PAGE_PRESENT) {
  50.602 +       sl1mfn = entry_get_pfn(sl2_p[sl2_idx]);
  50.603 +       sl2_p[sl2_idx + 1] =
  50.604 +            entry_from_pfn(sl1mfn + 1, entry_get_flags(sl2_p[sl2_idx]));
  50.605 +    }
  50.606 +    unmap_domain_page(sl2_p);
  50.607 +
  50.608 +}
  50.609 +
  50.610 +/*
  50.611 + * init_bl2() is for 32-bit VMX guest on 64-bit host
  50.612 + * Using 1 shadow L4(l3) and 4 shadow L2s to simulate guest L2
  50.613 + */
  50.614 +static inline unsigned long init_bl2(l4_pgentry_t *spl4e, unsigned long smfn)
  50.615 +{
  50.616 +    unsigned int count;
  50.617 +    unsigned long sl2mfn;
  50.618 +    struct pfn_info *page;
  50.619 +
  50.620 +    memset(spl4e, 0, PAGE_SIZE);
  50.621 +
  50.622 +    /* Map the self entry, L4&L3 share the same page */
  50.623 +    spl4e[PAE_SHADOW_SELF_ENTRY] = l4e_from_pfn(smfn, __PAGE_HYPERVISOR);
  50.624 +
  50.625 +    /* Allocate 4 shadow L2s */
  50.626 +    page = alloc_domheap_pages(NULL, SL2_ORDER, 0);
  50.627 +    if (!page)
  50.628 +        domain_crash_synchronous();
  50.629 +
  50.630 +    for (count = 0; count < PDP_ENTRIES; count++)
  50.631 +    {
  50.632 +        sl2mfn = page_to_pfn(page+count);
  50.633 +        void *l2 = map_domain_page(sl2mfn);
  50.634 +        memset(l2, 0, PAGE_SIZE);
  50.635 +        unmap_domain_page(l2);
  50.636 +        spl4e[count] = l4e_from_pfn(sl2mfn, _PAGE_PRESENT);
  50.637 +    }
  50.638 +
  50.639 +    unmap_domain_page(spl4e);
  50.640 +    return smfn;
  50.641 +
  50.642 +
  50.643 +}
  50.644  
  50.645  static unsigned long shadow_l4_table(
  50.646    struct domain *d, unsigned long gpfn, unsigned long gmfn)
  50.647 @@ -2464,11 +2612,16 @@ static unsigned long shadow_l4_table(
  50.648  
  50.649      if ( unlikely(!(smfn = alloc_shadow_page(d, gpfn, gmfn, PGT_l4_shadow))) )
  50.650      {
  50.651 -        printk("Couldn't alloc an L2 shadow for pfn=%lx mfn=%lx\n", gpfn, gmfn);
  50.652 +        printk("Couldn't alloc an L4 shadow for pfn=%lx mfn=%lx\n", gpfn, gmfn);
  50.653          BUG(); /* XXX Deal gracefully with failure. */
  50.654      }
  50.655  
  50.656      spl4e = (l4_pgentry_t *)map_domain_page(smfn);
  50.657 +
  50.658 +    if (d->arch.ops->guest_paging_levels == PAGING_L2) {
  50.659 +        return init_bl2(spl4e, smfn);
  50.660 +    }
  50.661 +
  50.662      /* Install hypervisor and 4x linear p.t. mapings. */
  50.663      if ( (PGT_base_page_table == PGT_l4_page_table) &&
  50.664        !shadow_mode_external(d) )
  50.665 @@ -2576,7 +2729,7 @@ static void shadow_map_into_current(stru
  50.666      pgentry_64_t gle, sle;
  50.667      unsigned long gpfn, smfn;
  50.668  
  50.669 -    if (from == L1 && to == L2) {
  50.670 +    if (from == PAGING_L1 && to == PAGING_L2) {
  50.671          shadow_map_l1_into_current_l2(va);
  50.672          return;
  50.673      }
  50.674 @@ -2608,7 +2761,7 @@ static void shadow_set_l2e_64(unsigned l
  50.675      if (!(l4e_get_flags(sl4e) & _PAGE_PRESENT)) {
  50.676          if (create_l2_shadow) {
  50.677              perfc_incrc(shadow_set_l3e_force_map);
  50.678 -            shadow_map_into_current(v, va, L3, L4);
  50.679 +            shadow_map_into_current(v, va, PAGING_L3, PAGING_L4);
  50.680              __shadow_get_l4e(v, va, &sl4e);
  50.681          } else {
  50.682              printk("For non VMX shadow, create_l1_shadow:%d\n", create_l2_shadow);
  50.683 @@ -2619,7 +2772,7 @@ static void shadow_set_l2e_64(unsigned l
  50.684      if (!(l3e_get_flags(sl3e) & _PAGE_PRESENT)) {
  50.685           if (create_l2_shadow) {
  50.686              perfc_incrc(shadow_set_l2e_force_map);
  50.687 -            shadow_map_into_current(v, va, L2, L3);
  50.688 +            shadow_map_into_current(v, va, PAGING_L2, PAGING_L3);
  50.689              __shadow_get_l3e(v, va, &sl3e);
  50.690          } else {
  50.691              printk("For non VMX shadow, create_l1_shadow:%d\n", create_l2_shadow);
  50.692 @@ -2655,8 +2808,15 @@ static void shadow_set_l1e_64(unsigned l
  50.693      l1_pgentry_t old_spte;
  50.694      l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p;
  50.695      int i;
  50.696 -
  50.697 -    for (i = L4; i >= L2; i--) {
  50.698 +    unsigned long orig_va = 0;
  50.699 +
  50.700 +    if (d->arch.ops->guest_paging_levels == PAGING_L2) {
  50.701 +        /* This is for 32-bit VMX guest on 64-bit host */
  50.702 +        orig_va = va;
  50.703 +        va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1));
  50.704 +    }
  50.705 +
  50.706 +    for (i = PAGING_L4; i >= PAGING_L2; i--) {
  50.707          if (!__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i)) {
  50.708              printk("<%s> i = %d\n", __func__, i);
  50.709              BUG();
  50.710 @@ -2672,11 +2832,15 @@ static void shadow_set_l1e_64(unsigned l
  50.711  #endif
  50.712              }
  50.713          }
  50.714 -        if(i < L4)
  50.715 +        if(i < PAGING_L4)
  50.716              shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, i));
  50.717          sle_up = sle;
  50.718      }
  50.719  
  50.720 +    if (d->arch.ops->guest_paging_levels == PAGING_L2) {
  50.721 +        va = orig_va;
  50.722 +    }
  50.723 +
  50.724      if ( shadow_mode_refcounts(d) )
  50.725      {
  50.726          __shadow_get_l1e(v, va, &old_spte);
  50.727 @@ -2692,9 +2856,13 @@ static void shadow_set_l1e_64(unsigned l
  50.728      }
  50.729  
  50.730      __shadow_set_l1e(v, va, &sl1e);
  50.731 -    shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, L1));
  50.732 +
  50.733 +    shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va));
  50.734  }
  50.735  
  50.736 +/* As 32-bit guest don't support 4M page yet,
  50.737 + * we don't concern double compile for this function
  50.738 + */
  50.739  static inline int l2e_rw_fault(
  50.740      struct vcpu *v, l2_pgentry_t *gl2e_p, unsigned long va, int rw)
  50.741  {
  50.742 @@ -2825,12 +2993,120 @@ static inline int l2e_rw_fault(
  50.743  
  50.744  }
  50.745  
  50.746 +/*
  50.747 + * Check P, R/W, U/S bits in the guest page table.
  50.748 + * If the fault belongs to guest return 1,
  50.749 + * else return 0.
  50.750 + */
  50.751 +#if defined( GUEST_PGENTRY_32 )
  50.752 +static inline int guest_page_fault(struct vcpu *v,
  50.753 +  unsigned long va, unsigned int error_code, 
  50.754 +  guest_l2_pgentry_t *gpl2e, guest_l1_pgentry_t *gpl1e)
  50.755 +{
  50.756 +    /* The following check for 32-bit guest on 64-bit host */
  50.757 +
  50.758 +    __guest_get_l2e(v, va, gpl2e);
  50.759 +
  50.760 +    /* Check the guest L2 page-table entry first*/
  50.761 +    if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_PRESENT)))
  50.762 +        return 1;
  50.763 +
  50.764 +    if (error_code & ERROR_W) {
  50.765 +        if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_RW)))
  50.766 +            return 1;
  50.767 +    }
  50.768 +    if (error_code & ERROR_U) {
  50.769 +        if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_USER)))
  50.770 +            return 1;
  50.771 +    }
  50.772 +
  50.773 +    if (guest_l2e_get_flags(*gpl2e) & _PAGE_PSE)
  50.774 +        return 0;
  50.775 +
  50.776 +    __guest_get_l1e(v, va, gpl1e);
  50.777 +
  50.778 +    /* Then check the guest L1 page-table entry */
  50.779 +    if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_PRESENT)))
  50.780 +        return 1;
  50.781 +
  50.782 +    if (error_code & ERROR_W) {
  50.783 +        if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_RW)))
  50.784 +            return 1;
  50.785 +    }
  50.786 +    if (error_code & ERROR_U) {
  50.787 +        if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_USER)))
  50.788 +            return 1;
  50.789 +    }
  50.790 +
  50.791 +    return 0;
  50.792 +}
  50.793 +#else
  50.794 +static inline int guest_page_fault(struct vcpu *v,
  50.795 +  unsigned long va, unsigned int error_code, 
  50.796 +  guest_l2_pgentry_t *gpl2e, guest_l1_pgentry_t *gpl1e)
  50.797 +{
  50.798 +    struct domain *d = v->domain;
  50.799 +    pgentry_64_t gle, *lva;
  50.800 +    unsigned long mfn;
  50.801 +    int i;
  50.802 +
  50.803 +    __rw_entry(v, va, &gle, GUEST_ENTRY | GET_ENTRY | PAGING_L4);
  50.804 +    if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  50.805 +        return 1;
  50.806 +
  50.807 +    if (error_code & ERROR_W) {
  50.808 +        if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  50.809 +            return 1;
  50.810 +    }
  50.811 +    if (error_code & ERROR_U) {
  50.812 +        if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  50.813 +            return 1;
  50.814 +    }
  50.815 +    for (i = PAGING_L3; i >= PAGING_L1; i--) {
  50.816 +        /*
  50.817 +         * If it's not external mode, then mfn should be machine physical.
  50.818 +         */
  50.819 +        mfn = __gpfn_to_mfn(d, (entry_get_value(gle) >> PAGE_SHIFT));
  50.820 +
  50.821 +        lva = (pgentry_64_t *) phys_to_virt(
  50.822 +          mfn << PAGE_SHIFT);
  50.823 +        gle = lva[table_offset_64(va, i)];
  50.824 +
  50.825 +        if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  50.826 +            return 1;
  50.827 +
  50.828 +        if (error_code & ERROR_W) {
  50.829 +            if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  50.830 +                return 1;
  50.831 +        }
  50.832 +        if (error_code & ERROR_U) {
  50.833 +            if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  50.834 +                return 1;
  50.835 +        }
  50.836 +
  50.837 +        if (i == PAGING_L2) {
  50.838 +            if (gpl2e)
  50.839 +                gpl2e->l2 = gle.lo;
  50.840 +
  50.841 +            if (likely(entry_get_flags(gle) & _PAGE_PSE))
  50.842 +                return 0;
  50.843 +
  50.844 +        }
  50.845 +
  50.846 +        if (i == PAGING_L1)
  50.847 +            if (gpl1e)
  50.848 +                gpl1e->l1 = gle.lo;
  50.849 +    }
  50.850 +    return 0;
  50.851 +}
  50.852 +#endif
  50.853  static int shadow_fault_64(unsigned long va, struct cpu_user_regs *regs)
  50.854  {
  50.855      struct vcpu *v = current;
  50.856      struct domain *d = v->domain;
  50.857 -    l2_pgentry_t gl2e;
  50.858 -    l1_pgentry_t sl1e, gl1e;
  50.859 +    guest_l2_pgentry_t gl2e;
  50.860 +    guest_l1_pgentry_t gl1e;
  50.861 +    l1_pgentry_t sl1e;
  50.862  
  50.863      perfc_incrc(shadow_fault_calls);
  50.864  
  50.865 @@ -2853,12 +3129,11 @@ static int shadow_fault_64(unsigned long
  50.866       * STEP 2. Check if the fault belongs to guest
  50.867       */
  50.868      if ( guest_page_fault(
  50.869 -            v, va, regs->error_code, 
  50.870 -            (pgentry_64_t *)&gl2e, (pgentry_64_t *)&gl1e) ) {
  50.871 +            v, va, regs->error_code, &gl2e, &gl1e) ) {
  50.872          goto fail;
  50.873      }
  50.874      
  50.875 -    if ( unlikely(!(l2e_get_flags(gl2e) & _PAGE_PSE)) ) {
  50.876 +    if ( unlikely(!(guest_l2e_get_flags(gl2e) & _PAGE_PSE)) ) {
  50.877          /*
  50.878           * Handle 4K pages here
  50.879           */
  50.880 @@ -2892,11 +3167,11 @@ static int shadow_fault_64(unsigned long
  50.881           */
  50.882          /* Write fault? */
  50.883          if ( regs->error_code & 2 ) {
  50.884 -            if ( !l2e_rw_fault(v, &gl2e, va, WRITE_FAULT) ) {
  50.885 +            if ( !l2e_rw_fault(v, (l2_pgentry_t *)&gl2e, va, WRITE_FAULT) ) {
  50.886                  goto fail;
  50.887              }
  50.888          } else {
  50.889 -            l2e_rw_fault(v, &gl2e, va, READ_FAULT);
  50.890 +            l2e_rw_fault(v, (l2_pgentry_t *)&gl2e, va, READ_FAULT);
  50.891          }
  50.892  
  50.893          /*
  50.894 @@ -2944,7 +3219,27 @@ static void shadow_invlpg_64(struct vcpu
  50.895      shadow_unlock(d);
  50.896  }
  50.897  
  50.898 -#ifndef PGENTRY_32
  50.899 +static unsigned long gva_to_gpa_64(unsigned long gva)
  50.900 +{
  50.901 +    struct vcpu *v = current;
  50.902 +    guest_l1_pgentry_t gl1e = {0};
  50.903 +    guest_l2_pgentry_t gl2e = {0};
  50.904 +    unsigned long gpa;
  50.905 +
  50.906 +    if (guest_page_fault(v, gva, 0, &gl2e, &gl1e))
  50.907 +        return 0;
  50.908 +    
  50.909 +    if (guest_l2e_get_flags(gl2e) & _PAGE_PSE)
  50.910 +        gpa = guest_l2e_get_paddr(gl2e) + (gva & ((1 << GUEST_L2_PAGETABLE_SHIFT) - 1));
  50.911 +    else
  50.912 +        gpa = guest_l1e_get_paddr(gl1e) + (gva & ~PAGE_MASK);
  50.913 +
  50.914 +    return gpa;
  50.915 +
  50.916 +}
  50.917 +
  50.918 +#ifndef GUEST_PGENTRY_32
  50.919 +
  50.920  struct shadow_ops MODE_F_HANDLER = {
  50.921      .guest_paging_levels              = 4,
  50.922      .invlpg                     = shadow_invlpg_64,
  50.923 @@ -2955,11 +3250,43 @@ struct shadow_ops MODE_F_HANDLER = {
  50.924      .do_update_va_mapping       = do_update_va_mapping,
  50.925      .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  50.926      .is_out_of_sync             = is_out_of_sync,
  50.927 +    .gva_to_gpa                 = gva_to_gpa_64,
  50.928  };
  50.929  #endif
  50.930  
  50.931  #endif
  50.932  
  50.933 +#if CONFIG_PAGING_LEVELS == 2
  50.934 +struct shadow_ops MODE_A_HANDLER = {
  50.935 +    .guest_paging_levels        = 2,
  50.936 +    .invlpg                     = shadow_invlpg_32,
  50.937 +    .fault                      = shadow_fault_32,
  50.938 +    .update_pagetables          = shadow_update_pagetables,
  50.939 +    .sync_all                   = sync_all,
  50.940 +    .remove_all_write_access    = remove_all_write_access,
  50.941 +    .do_update_va_mapping       = do_update_va_mapping,
  50.942 +    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  50.943 +    .is_out_of_sync             = is_out_of_sync,
  50.944 +    .gva_to_gpa                 = gva_to_gpa_64,
  50.945 +};
  50.946 +
  50.947 +#elif CONFIG_PAGING_LEVELS == 3
  50.948 +struct shadow_ops MODE_B_HANDLER = {
  50.949 +    .guest_paging_levels              = 3,
  50.950 +    .invlpg                     = shadow_invlpg_32,
  50.951 +    .fault                      = shadow_fault_32,
  50.952 +    .update_pagetables          = shadow_update_pagetables,
  50.953 +    .sync_all                   = sync_all,
  50.954 +    .remove_all_write_access    = remove_all_write_access,
  50.955 +    .do_update_va_mapping       = do_update_va_mapping,
  50.956 +    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
  50.957 +    .is_out_of_sync             = is_out_of_sync,
  50.958 +    .gva_to_gpa                 = gva_to_gpa_pae,
  50.959 +};
  50.960 +
  50.961 +#endif
  50.962 +
  50.963 +
  50.964  /*
  50.965   * Local variables:
  50.966   * mode: C
    51.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    51.2 +++ b/xen/arch/x86/shadow_guest32.c	Fri Sep 02 14:17:08 2005 +0000
    51.3 @@ -0,0 +1,18 @@
    51.4 +#define GUEST_PGENTRY_32
    51.5 +#if defined (__x86_64__)
    51.6 +
    51.7 +#include "shadow.c"
    51.8 +struct shadow_ops MODE_D_HANDLER = {
    51.9 +    .guest_paging_levels              = 2,
   51.10 +    .invlpg                     = shadow_invlpg_64,
   51.11 +    .fault                      = shadow_fault_64,
   51.12 +    .update_pagetables          = shadow_update_pagetables,
   51.13 +    .sync_all                   = sync_all,
   51.14 +    .remove_all_write_access    = remove_all_write_access,
   51.15 +    .do_update_va_mapping       = do_update_va_mapping,
   51.16 +    .mark_mfn_out_of_sync       = mark_mfn_out_of_sync,
   51.17 +    .is_out_of_sync             = is_out_of_sync,
   51.18 +    .gva_to_gpa                 = gva_to_gpa_64,
   51.19 +};
   51.20 +
   51.21 +#endif
    52.1 --- a/xen/arch/x86/shadow_public.c	Fri Sep 02 14:15:49 2005 +0000
    52.2 +++ b/xen/arch/x86/shadow_public.c	Fri Sep 02 14:17:08 2005 +0000
    52.3 @@ -33,11 +33,15 @@
    52.4  #if CONFIG_PAGING_LEVELS >= 3
    52.5  #include <asm/shadow_64.h>
    52.6  
    52.7 +#endif
    52.8 +#if CONFIG_PAGING_LEVELS == 4
    52.9  extern struct shadow_ops MODE_F_HANDLER;
   52.10 +extern struct shadow_ops MODE_D_HANDLER;
   52.11  #endif
   52.12  
   52.13  extern struct shadow_ops MODE_A_HANDLER;
   52.14  
   52.15 +#define SHADOW_MAX_GUEST32(_encoded) ((L1_PAGETABLE_ENTRIES_32 - 1) - ((_encoded) >> 16))
   52.16  /****************************************************************************/
   52.17  /************* export interface functions ***********************************/
   52.18  /****************************************************************************/
   52.19 @@ -48,7 +52,7 @@ int shadow_set_guest_paging_levels(struc
   52.20      shadow_lock(d);
   52.21  
   52.22      switch(levels) {
   52.23 -#if CONFIG_PAGING_LEVELS >= 4 
   52.24 +#if CONFIG_PAGING_LEVELS >= 4
   52.25      case 4:
   52.26  	if ( d->arch.ops != &MODE_F_HANDLER )
   52.27  	    d->arch.ops = &MODE_F_HANDLER;
   52.28 @@ -56,9 +60,14 @@ int shadow_set_guest_paging_levels(struc
   52.29          return 1;
   52.30  #endif
   52.31      case 3:
   52.32 -    case 2:                     
   52.33 +    case 2:
   52.34 +#if CONFIG_PAGING_LEVELS == 2
   52.35  	if ( d->arch.ops != &MODE_A_HANDLER )
   52.36  	    d->arch.ops = &MODE_A_HANDLER;
   52.37 +#elif CONFIG_PAGING_LEVELS == 4
   52.38 +	if ( d->arch.ops != &MODE_D_HANDLER )
   52.39 +	    d->arch.ops = &MODE_D_HANDLER;
   52.40 +#endif
   52.41  	shadow_unlock(d);
   52.42          return 1;
   52.43     default:
   52.44 @@ -122,13 +131,17 @@ int __shadow_out_of_sync(struct vcpu *v,
   52.45      return d->arch.ops->is_out_of_sync(v, va);
   52.46  }
   52.47  
   52.48 +unsigned long gva_to_gpa(unsigned long gva)
   52.49 +{
   52.50 +    struct domain *d = current->domain;
   52.51 +    return d->arch.ops->gva_to_gpa(gva);
   52.52 +}
   52.53  /****************************************************************************/
   52.54  /****************************************************************************/
   52.55  #if CONFIG_PAGING_LEVELS >= 4
   52.56  /*
   52.57   * Convert PAE 3-level page-table to 4-level page-table
   52.58   */
   52.59 -#define PDP_ENTRIES   4
   52.60  static pagetable_t page_table_convert(struct domain *d)
   52.61  {
   52.62      struct pfn_info *l4page, *l3page;
   52.63 @@ -203,20 +216,42 @@ free_shadow_fl1_table(struct domain *d, 
   52.64  /*
   52.65   * Free l2, l3, l4 shadow tables
   52.66   */
   52.67 +
   52.68 +void free_fake_shadow_l2(struct domain *d,unsigned long smfn);
   52.69 +
   52.70  static void inline
   52.71  free_shadow_tables(struct domain *d, unsigned long smfn, u32 level)
   52.72  {
   52.73      pgentry_64_t *ple = map_domain_page(smfn);
   52.74      int i, external = shadow_mode_external(d);
   52.75 +    struct pfn_info *page = &frame_table[smfn];
   52.76  
   52.77 -    for ( i = 0; i < PAGETABLE_ENTRIES; i++ )
   52.78 -        if ( external || is_guest_l4_slot(i) )
   52.79 -            if ( entry_get_flags(ple[i]) & _PAGE_PRESENT )
   52.80 -                put_shadow_ref(entry_get_pfn(ple[i]));
   52.81 +    if (d->arch.ops->guest_paging_levels == PAGING_L2)
   52.82 +    {
   52.83 +#if CONFIG_PAGING_LEVELS >=4
   52.84 +        for ( i = 0; i < PDP_ENTRIES; i++ )
   52.85 +        {
   52.86 +            if (entry_get_flags(ple[i]) & _PAGE_PRESENT )
   52.87 +                free_fake_shadow_l2(d,entry_get_pfn(ple[i]));
   52.88 +        }
   52.89 +   
   52.90 +        page = &frame_table[entry_get_pfn(ple[0])];
   52.91 +        free_domheap_pages(page, SL2_ORDER);
   52.92 +        unmap_domain_page(ple);
   52.93 +#endif
   52.94 +    }
   52.95 +    else
   52.96 +    {
   52.97 +        for ( i = 0; i < PAGETABLE_ENTRIES; i++ )
   52.98 +            if ( external || is_guest_l4_slot(i) )
   52.99 +                if ( entry_get_flags(ple[i]) & _PAGE_PRESENT )
  52.100 +                        put_shadow_ref(entry_get_pfn(ple[i]));
  52.101  
  52.102 -    unmap_domain_page(ple);
  52.103 +        unmap_domain_page(ple);
  52.104 +    }
  52.105  }
  52.106  
  52.107 +
  52.108  void free_monitor_pagetable(struct vcpu *v)
  52.109  {
  52.110      unsigned long mfn;
  52.111 @@ -453,7 +488,12 @@ free_shadow_l1_table(struct domain *d, u
  52.112      struct pfn_info *spage = pfn_to_page(smfn);
  52.113      u32 min_max = spage->tlbflush_timestamp;
  52.114      int min = SHADOW_MIN(min_max);
  52.115 -    int max = SHADOW_MAX(min_max);
  52.116 +    int max;
  52.117 +    
  52.118 +    if (d->arch.ops->guest_paging_levels == PAGING_L2)
  52.119 +        max = SHADOW_MAX_GUEST32(min_max);
  52.120 +    else
  52.121 +        max = SHADOW_MAX(min_max);
  52.122  
  52.123      for ( i = min; i <= max; i++ )
  52.124      {
  52.125 @@ -512,9 +552,24 @@ free_shadow_l2_table(struct domain *d, u
  52.126      unmap_domain_page(pl2e);
  52.127  }
  52.128  
  52.129 +void free_fake_shadow_l2(struct domain *d, unsigned long smfn)
  52.130 +{
  52.131 +    pgentry_64_t *ple = map_domain_page(smfn);
  52.132 +    int i;
  52.133 +
  52.134 +    for ( i = 0; i < PAGETABLE_ENTRIES; i = i + 2 )
  52.135 +    {
  52.136 +        if ( entry_get_flags(ple[i]) & _PAGE_PRESENT )
  52.137 +            put_shadow_ref(entry_get_pfn(ple[i]));
  52.138 +    }
  52.139 +
  52.140 +    unmap_domain_page(ple);
  52.141 +}
  52.142 +
  52.143  void free_shadow_page(unsigned long smfn)
  52.144  {
  52.145      struct pfn_info *page = &frame_table[smfn];
  52.146 +
  52.147      unsigned long gmfn = page->u.inuse.type_info & PGT_mfn_mask;
  52.148      struct domain *d = page_get_owner(pfn_to_page(gmfn));
  52.149      unsigned long gpfn = __mfn_to_gpfn(d, gmfn);
  52.150 @@ -531,6 +586,7 @@ void free_shadow_page(unsigned long smfn
  52.151              gpfn |= (1UL << 63);
  52.152      }
  52.153  #endif
  52.154 +
  52.155      delete_shadow_status(d, gpfn, gmfn, type);
  52.156  
  52.157      switch ( type )
  52.158 @@ -687,7 +743,7 @@ void free_shadow_pages(struct domain *d)
  52.159      int                   i;
  52.160      struct shadow_status *x;
  52.161      struct vcpu          *v;
  52.162 - 
  52.163 +
  52.164      /*
  52.165       * WARNING! The shadow page table must not currently be in use!
  52.166       * e.g., You are expected to have paused the domain and synchronized CR3.
  52.167 @@ -794,7 +850,16 @@ void free_shadow_pages(struct domain *d)
  52.168          perfc_decr(free_l1_pages);
  52.169  
  52.170          struct pfn_info *page = list_entry(list_ent, struct pfn_info, list);
  52.171 -        free_domheap_page(page);
  52.172 +	if (d->arch.ops->guest_paging_levels == PAGING_L2)
  52.173 +	{
  52.174 +#if CONFIG_PAGING_LEVELS >=4
  52.175 +        free_domheap_pages(page, SL1_ORDER);
  52.176 +#else
  52.177 +	free_domheap_page(page);
  52.178 +#endif
  52.179 +	}
  52.180 +	else
  52.181 +	free_domheap_page(page);
  52.182      }
  52.183  
  52.184      shadow_audit(d, 0);
  52.185 @@ -1191,7 +1256,7 @@ int shadow_mode_control(struct domain *d
  52.186      {
  52.187          DPRINTK("Don't try to do a shadow op on yourself!\n");
  52.188          return -EINVAL;
  52.189 -    }   
  52.190 +    }
  52.191  
  52.192      domain_pause(d);
  52.193  
    53.1 --- a/xen/arch/x86/traps.c	Fri Sep 02 14:15:49 2005 +0000
    53.2 +++ b/xen/arch/x86/traps.c	Fri Sep 02 14:17:08 2005 +0000
    53.3 @@ -100,7 +100,14 @@ unsigned long do_get_debugreg(int reg);
    53.4  
    53.5  static int debug_stack_lines = 20;
    53.6  integer_param("debug_stack_lines", debug_stack_lines);
    53.7 -#define stack_words_per_line (32 / BYTES_PER_LONG)
    53.8 +
    53.9 +#ifdef CONFIG_X86_32
   53.10 +#define stack_words_per_line 8
   53.11 +#define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)&regs->esp)
   53.12 +#else
   53.13 +#define stack_words_per_line 4
   53.14 +#define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)regs->esp)
   53.15 +#endif
   53.16  
   53.17  int is_kernel_text(unsigned long addr)
   53.18  {
   53.19 @@ -118,17 +125,16 @@ unsigned long kernel_text_end(void)
   53.20      return (unsigned long) &_etext;
   53.21  }
   53.22  
   53.23 -void show_guest_stack(void)
   53.24 +static void show_guest_stack(struct cpu_user_regs *regs)
   53.25  {
   53.26      int i;
   53.27 -    struct cpu_user_regs *regs = guest_cpu_user_regs();
   53.28      unsigned long *stack = (unsigned long *)regs->esp, addr;
   53.29  
   53.30      printk("Guest stack trace from "__OP"sp=%p:\n   ", stack);
   53.31  
   53.32      for ( i = 0; i < (debug_stack_lines*stack_words_per_line); i++ )
   53.33      {
   53.34 -        if ( ((long)stack & (STACK_SIZE-1)) == 0 )
   53.35 +        if ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0 )
   53.36              break;
   53.37          if ( get_user(addr, stack) )
   53.38          {
   53.39 @@ -148,38 +154,98 @@ void show_guest_stack(void)
   53.40      printk("\n");
   53.41  }
   53.42  
   53.43 -void show_trace(unsigned long *esp)
   53.44 +#ifdef NDEBUG
   53.45 +
   53.46 +static void show_trace(struct cpu_user_regs *regs)
   53.47  {
   53.48 -    unsigned long *stack = esp, addr;
   53.49 -    int i = 0;
   53.50 +    unsigned long *stack = ESP_BEFORE_EXCEPTION(regs), addr;
   53.51 +
   53.52 +    printk("Xen call trace:\n   ");
   53.53  
   53.54 -    printk("Xen call trace from "__OP"sp=%p:\n   ", stack);
   53.55 +    printk("[<%p>]", _p(regs->eip));
   53.56 +    print_symbol(" %s\n   ", regs->eip);
   53.57  
   53.58 -    while ( ((long) stack & (STACK_SIZE-1)) != 0 )
   53.59 +    while ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) != 0 )
   53.60      {
   53.61          addr = *stack++;
   53.62          if ( is_kernel_text(addr) )
   53.63          {
   53.64              printk("[<%p>]", _p(addr));
   53.65              print_symbol(" %s\n   ", addr);
   53.66 -            i++;
   53.67          }
   53.68      }
   53.69 -    if ( i == 0 )
   53.70 -        printk("Trace empty.");
   53.71 +
   53.72      printk("\n");
   53.73  }
   53.74  
   53.75 -void show_stack(unsigned long *esp)
   53.76 +#else
   53.77 +
   53.78 +static void show_trace(struct cpu_user_regs *regs)
   53.79  {
   53.80 -    unsigned long *stack = esp, addr;
   53.81 +    unsigned long *frame, next, addr, low, high;
   53.82 +
   53.83 +    printk("Xen call trace:\n   ");
   53.84 +
   53.85 +    printk("[<%p>]", _p(regs->eip));
   53.86 +    print_symbol(" %s\n   ", regs->eip);
   53.87 +
   53.88 +    /* Bounds for range of valid frame pointer. */
   53.89 +    low  = (unsigned long)(ESP_BEFORE_EXCEPTION(regs) - 2);
   53.90 +    high = (low & ~(STACK_SIZE - 1)) + (STACK_SIZE - sizeof(struct cpu_info));
   53.91 +
   53.92 +    /* The initial frame pointer. */
   53.93 +    next = regs->ebp;
   53.94 +
   53.95 +    for ( ; ; )
   53.96 +    {
   53.97 +        /* Valid frame pointer? */
   53.98 +        if ( (next < low) || (next > high) )
   53.99 +        {
  53.100 +            /*
  53.101 +             * Exception stack frames have a different layout, denoted by an
  53.102 +             * inverted frame pointer.
  53.103 +             */
  53.104 +            next = ~next;
  53.105 +            if ( (next < low) || (next > high) )
  53.106 +                break;
  53.107 +            frame = (unsigned long *)next;
  53.108 +            next  = frame[0];
  53.109 +            addr  = frame[(offsetof(struct cpu_user_regs, eip) -
  53.110 +                           offsetof(struct cpu_user_regs, ebp))
  53.111 +                         / BYTES_PER_LONG];
  53.112 +        }
  53.113 +        else
  53.114 +        {
  53.115 +            /* Ordinary stack frame. */
  53.116 +            frame = (unsigned long *)next;
  53.117 +            next  = frame[0];
  53.118 +            addr  = frame[1];
  53.119 +        }
  53.120 +
  53.121 +        printk("[<%p>]", _p(addr));
  53.122 +        print_symbol(" %s\n   ", addr);
  53.123 +
  53.124 +        low = (unsigned long)&frame[2];
  53.125 +    }
  53.126 +
  53.127 +    printk("\n");
  53.128 +}
  53.129 +
  53.130 +#endif
  53.131 +
  53.132 +void show_stack(struct cpu_user_regs *regs)
  53.133 +{
  53.134 +    unsigned long *stack = ESP_BEFORE_EXCEPTION(regs), addr;
  53.135      int i;
  53.136  
  53.137 +    if ( GUEST_MODE(regs) )
  53.138 +        return show_guest_stack(regs);
  53.139 +
  53.140      printk("Xen stack trace from "__OP"sp=%p:\n   ", stack);
  53.141  
  53.142      for ( i = 0; i < (debug_stack_lines*stack_words_per_line); i++ )
  53.143      {
  53.144 -        if ( ((long)stack & (STACK_SIZE-1)) == 0 )
  53.145 +        if ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0 )
  53.146              break;
  53.147          if ( (i != 0) && ((i % stack_words_per_line) == 0) )
  53.148              printk("\n   ");
  53.149 @@ -190,7 +256,7 @@ void show_stack(unsigned long *esp)
  53.150          printk("Stack empty.");
  53.151      printk("\n");
  53.152  
  53.153 -    show_trace(esp);
  53.154 +    show_trace(regs);
  53.155  }
  53.156  
  53.157  /*
    54.1 --- a/xen/arch/x86/vmx.c	Fri Sep 02 14:15:49 2005 +0000
    54.2 +++ b/xen/arch/x86/vmx.c	Fri Sep 02 14:17:08 2005 +0000
    54.3 @@ -412,7 +412,7 @@ static int vmx_do_page_fault(unsigned lo
    54.4      if ( !result )
    54.5      {
    54.6          __vmread(GUEST_RIP, &eip);
    54.7 -        printk("vmx pgfault to guest va=%p eip=%p\n", va, eip);
    54.8 +        printk("vmx pgfault to guest va=%lx eip=%lx\n", va, eip);
    54.9      }
   54.10  #endif
   54.11  
   54.12 @@ -456,7 +456,16 @@ static void vmx_vmexit_do_cpuid(unsigned
   54.13          clear_bit(X86_FEATURE_PSE, &edx);
   54.14          clear_bit(X86_FEATURE_PAE, &edx);
   54.15          clear_bit(X86_FEATURE_PSE36, &edx);
   54.16 +#else
   54.17 +        struct vcpu *d = current;
   54.18 +        if (d->domain->arch.ops->guest_paging_levels == PAGING_L2)
   54.19 +        {
   54.20 +            clear_bit(X86_FEATURE_PSE, &edx);
   54.21 +            clear_bit(X86_FEATURE_PAE, &edx);
   54.22 +            clear_bit(X86_FEATURE_PSE36, &edx);
   54.23 +        }
   54.24  #endif
   54.25 +
   54.26      }
   54.27  
   54.28      regs->eax = (unsigned long) eax;
   54.29 @@ -650,7 +659,7 @@ static void vmx_io_instruction(struct cp
   54.30          p->df = (eflags & X86_EFLAGS_DF) ? 1 : 0;
   54.31  
   54.32          if (test_bit(5, &exit_qualification)) /* "rep" prefix */
   54.33 -	    p->count = vm86 ? regs->ecx & 0xFFFF : regs->ecx;
   54.34 +            p->count = vm86 ? regs->ecx & 0xFFFF : regs->ecx;
   54.35  
   54.36          /*
   54.37           * Split up string I/O operations that cross page boundaries. Don't
   54.38 @@ -1011,6 +1020,15 @@ static int vmx_set_cr0(unsigned long val
   54.39              }
   54.40  #endif
   54.41          }
   54.42 +        else
   54.43 +        {
   54.44 +#if CONFIG_PAGING_LEVELS >= 4
   54.45 +            if(!shadow_set_guest_paging_levels(d->domain, 2)) {
   54.46 +                printk("Unsupported guest paging levels\n");
   54.47 +                domain_crash_synchronous(); /* need to take a clean path */
   54.48 +            }
   54.49 +#endif
   54.50 +        }
   54.51  
   54.52  	unsigned long crn;
   54.53          /* update CR4's PAE if needed */
    55.1 --- a/xen/arch/x86/x86_32/traps.c	Fri Sep 02 14:15:49 2005 +0000
    55.2 +++ b/xen/arch/x86/x86_32/traps.c	Fri Sep 02 14:17:08 2005 +0000
    55.3 @@ -79,11 +79,8 @@ void show_registers(struct cpu_user_regs
    55.4             "ss: %04lx   cs: %04lx\n",
    55.5             ds, es, fs, gs, ss, cs);
    55.6  
    55.7 -    if ( GUEST_MODE(regs) )
    55.8 -        show_guest_stack();
    55.9 -    else
   55.10 -        show_stack((unsigned long *)&regs->esp);
   55.11 -} 
   55.12 +    show_stack(regs);
   55.13 +}
   55.14  
   55.15  void show_page_walk(unsigned long addr)
   55.16  {
    56.1 --- a/xen/arch/x86/x86_64/traps.c	Fri Sep 02 14:15:49 2005 +0000
    56.2 +++ b/xen/arch/x86/x86_64/traps.c	Fri Sep 02 14:17:08 2005 +0000
    56.3 @@ -32,10 +32,7 @@ void show_registers(struct cpu_user_regs
    56.4             regs->r12, regs->r13, regs->r14);
    56.5      printk("r15: %016lx\n", regs->r15);
    56.6  
    56.7 -    if ( GUEST_MODE(regs) )
    56.8 -        show_guest_stack();
    56.9 -    else
   56.10 -        show_stack((unsigned long *)regs->rsp);
   56.11 +    show_stack(regs);
   56.12  }
   56.13  
   56.14  void show_page_walk(unsigned long addr)
    57.1 --- a/xen/common/acm_ops.c	Fri Sep 02 14:15:49 2005 +0000
    57.2 +++ b/xen/common/acm_ops.c	Fri Sep 02 14:17:08 2005 +0000
    57.3 @@ -19,6 +19,7 @@
    57.4  #include <xen/types.h>
    57.5  #include <xen/lib.h>
    57.6  #include <xen/mm.h>
    57.7 +#include <public/acm.h>
    57.8  #include <public/acm_ops.h>
    57.9  #include <xen/sched.h>
   57.10  #include <xen/event.h>
   57.11 @@ -41,7 +42,8 @@ typedef enum acm_operation {
   57.12      POLICY,                     /* access to policy interface (early drop) */
   57.13      GETPOLICY,                  /* dump policy cache */
   57.14      SETPOLICY,                  /* set policy cache (controls security) */
   57.15 -    DUMPSTATS                   /* dump policy statistics */
   57.16 +    DUMPSTATS,                  /* dump policy statistics */
   57.17 +    GETSSID                     /* retrieve ssidref for domain id */
   57.18  } acm_operation_t;
   57.19  
   57.20  int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops)
   57.21 @@ -117,6 +119,35 @@ long do_acm_op(acm_op_t * u_acm_op)
   57.22          }
   57.23          break;
   57.24  
   57.25 +    case ACM_GETSSID:
   57.26 +        {
   57.27 +			ssidref_t ssidref;
   57.28 +
   57.29 +            if (acm_authorize_acm_ops(current->domain, GETSSID))
   57.30 +                return -EACCES;
   57.31 +
   57.32 +			if (op->u.getssid.get_ssid_by == SSIDREF)
   57.33 +				ssidref = op->u.getssid.id.ssidref;
   57.34 +			else if (op->u.getssid.get_ssid_by == DOMAINID) {
   57.35 +				struct domain *subj = find_domain_by_id(op->u.getssid.id.domainid);
   57.36 +				if (!subj)
   57.37 +					return -ESRCH; /* domain not found */
   57.38 +
   57.39 +				ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref;
   57.40 +				put_domain(subj);
   57.41 +			} else
   57.42 +				return -ESRCH;
   57.43 +
   57.44 +            ret = acm_get_ssid(ssidref,
   57.45 +                               op->u.getssid.ssidbuf,
   57.46 +                               op->u.getssid.ssidbuf_size);
   57.47 +            if (ret == ACM_OK)
   57.48 +                ret = 0;
   57.49 +            else
   57.50 +                ret = -ESRCH;
   57.51 +        }
   57.52 +        break;
   57.53 +
   57.54      default:
   57.55          ret = -ESRCH;
   57.56  
    58.1 --- a/xen/common/domain.c	Fri Sep 02 14:15:49 2005 +0000
    58.2 +++ b/xen/common/domain.c	Fri Sep 02 14:17:08 2005 +0000
    58.3 @@ -178,6 +178,9 @@ void domain_shutdown(u8 reason)
    58.4      struct domain *d = current->domain;
    58.5      struct vcpu *v;
    58.6  
    58.7 +    if(reason == SHUTDOWN_crash) 
    58.8 +        printk("Domain %d crash detected.\n", d->domain_id); 
    58.9 +
   58.10      if ( d->domain_id == 0 )
   58.11      {
   58.12          extern void machine_restart(char *);
    59.1 --- a/xen/common/grant_table.c	Fri Sep 02 14:15:49 2005 +0000
    59.2 +++ b/xen/common/grant_table.c	Fri Sep 02 14:17:08 2005 +0000
    59.3 @@ -887,21 +887,21 @@ gnttab_donate(gnttab_donate_t *uop, unsi
    59.4                     e->tot_pages, e->max_pages);
    59.5              spin_unlock(&e->page_alloc_lock);
    59.6              put_domain(e);
    59.7 -            result = GNTST_general_error;
    59.8 +            gop->status = result = GNTST_general_error;
    59.9              break;
   59.10          }
   59.11          if (unlikely(test_bit(DOMFLAGS_DYING, &e->domain_flags))) {
   59.12              printk("gnttab_donate: target domain is dying\n");
   59.13              spin_unlock(&e->page_alloc_lock);
   59.14              put_domain(e);
   59.15 -            result = GNTST_general_error;
   59.16 +            gop->status = result = GNTST_general_error;
   59.17              break;
   59.18          }
   59.19          if (unlikely(!gnttab_prepare_for_transfer(e, d, gop->handle))) {
   59.20 -            printk("gnttab_donate: gnttab_prepare_for_transfer fails\n");
   59.21 +            printk("gnttab_donate: gnttab_prepare_for_transfer fails.\n");
   59.22              spin_unlock(&e->page_alloc_lock);
   59.23              put_domain(e);
   59.24 -            result = GNTST_general_error;
   59.25 +            gop->status = result = GNTST_general_error;
   59.26              break;
   59.27          }
   59.28  #else
   59.29 @@ -914,7 +914,8 @@ gnttab_donate(gnttab_donate_t *uop, unsi
   59.30                     e->tot_pages, e->max_pages, gop->handle, e->d_flags);
   59.31              spin_unlock(&e->page_alloc_lock);
   59.32              put_domain(e);
   59.33 -            result = GNTST_general_error;
   59.34 +            /* XXX SMH: better error return here would be useful */
   59.35 +            gop->status = result = GNTST_general_error;
   59.36              break;
   59.37          }
   59.38  #endif
   59.39 @@ -1020,7 +1021,7 @@ gnttab_check_unmap(
   59.40      lgt = ld->grant_table;
   59.41      
   59.42  #if GRANT_DEBUG_VERBOSE
   59.43 -    if ( ld->domain_ id != 0 ) {
   59.44 +    if ( ld->domain_id != 0 ) {
   59.45              DPRINTK("Foreign unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
   59.46                      rd->domain_id, ld->domain_id, frame, readonly);
   59.47        }
    60.1 --- a/xen/include/acm/acm_core.h	Fri Sep 02 14:15:49 2005 +0000
    60.2 +++ b/xen/include/acm/acm_core.h	Fri Sep 02 14:17:08 2005 +0000
    60.3 @@ -101,9 +101,15 @@ struct ste_ssid {
    60.4   *	primary ssidref   = lower 16 bit
    60.5   *      secondary ssidref = higher 16 bit
    60.6   */
    60.7 +#define ACM_PRIMARY(ssidref) \
    60.8 +	((ssidref) & 0xffff)
    60.9 +
   60.10 +#define ACM_SECONDARY(ssidref) \
   60.11 +	((ssidref) >> 16)
   60.12 +
   60.13  #define GET_SSIDREF(POLICY, ssidref) \
   60.14  	((POLICY) == acm_bin_pol.primary_policy_code) ? \
   60.15 -	((ssidref) & 0xffff) : ((ssidref) >> 16)
   60.16 +	ACM_PRIMARY(ssidref) : ACM_SECONDARY(ssidref)
   60.17  
   60.18  /* macros to access ssid pointer for primary / secondary policy */
   60.19  #define GET_SSIDP(POLICY, ssid) \
   60.20 @@ -116,6 +122,7 @@ int acm_free_domain_ssid(struct acm_ssid
   60.21  int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer);
   60.22  int acm_get_policy(void *buf, u16 buf_size);
   60.23  int acm_dump_statistics(void *buf, u16 buf_size);
   60.24 +int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size);
   60.25  
   60.26  #endif
   60.27  
    61.1 --- a/xen/include/acm/acm_hooks.h	Fri Sep 02 14:15:49 2005 +0000
    61.2 +++ b/xen/include/acm/acm_hooks.h	Fri Sep 02 14:17:08 2005 +0000
    61.3 @@ -92,6 +92,7 @@ struct acm_operations {
    61.4      int  (*dump_binary_policy)         (u8 *buffer, u16 buf_size);
    61.5      int  (*set_binary_policy)          (u8 *buffer, u16 buf_size);
    61.6      int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
    61.7 +    int  (*dump_ssid_types)            (ssidref_t ssidref, u8 *buffer, u16 buf_size);
    61.8      /* domain management control hooks (can be NULL) */
    61.9      int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
   61.10      void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
    62.1 --- a/xen/include/asm-x86/page-guest32.h	Fri Sep 02 14:15:49 2005 +0000
    62.2 +++ b/xen/include/asm-x86/page-guest32.h	Fri Sep 02 14:17:08 2005 +0000
    62.3 @@ -33,6 +33,11 @@ typedef l2_pgentry_t root_pgentry_32_t;
    62.4  #define l1e_get_flags_32(x)           (get_pte_flags_32((x).l1))
    62.5  #define l2e_get_flags_32(x)           (get_pte_flags_32((x).l2))
    62.6  
    62.7 +#define l1e_get_paddr_32(x)           \
    62.8 +    ((physaddr_t)(((x).l1 & (PADDR_MASK&PAGE_MASK))))
    62.9 +#define l2e_get_paddr_32(x)           \
   62.10 +    ((physaddr_t)(((x).l2 & (PADDR_MASK&PAGE_MASK))))
   62.11 +
   62.12  /* Construct an empty pte. */
   62.13  #define l1e_empty_32()                ((l1_pgentry_32_t) { 0 })
   62.14  #define l2e_empty_32()                ((l2_pgentry_32_t) { 0 })
    63.1 --- a/xen/include/asm-x86/processor.h	Fri Sep 02 14:15:49 2005 +0000
    63.2 +++ b/xen/include/asm-x86/processor.h	Fri Sep 02 14:17:08 2005 +0000
    63.3 @@ -496,9 +496,7 @@ extern inline void prefetchw(const void 
    63.4  
    63.5  #endif
    63.6  
    63.7 -void show_guest_stack();
    63.8 -void show_trace(unsigned long *esp);
    63.9 -void show_stack(unsigned long *esp);
   63.10 +void show_stack(struct cpu_user_regs *regs);
   63.11  void show_registers(struct cpu_user_regs *regs);
   63.12  void show_page_walk(unsigned long addr);
   63.13  asmlinkage void fatal_trap(int trapnr, struct cpu_user_regs *regs);
    64.1 --- a/xen/include/asm-x86/shadow.h	Fri Sep 02 14:15:49 2005 +0000
    64.2 +++ b/xen/include/asm-x86/shadow.h	Fri Sep 02 14:17:08 2005 +0000
    64.3 @@ -34,6 +34,8 @@
    64.4  #include <asm/vmx.h>
    64.5  #include <public/dom0_ops.h>
    64.6  #include <asm/shadow_public.h>
    64.7 +#include <asm/page-guest32.h>
    64.8 +#include <asm/shadow_ops.h>
    64.9  
   64.10  /* Shadow PT operation mode : shadow-mode variable in arch_domain. */
   64.11  
   64.12 @@ -104,9 +106,9 @@ do {                                    
   64.13  } while (0)
   64.14  #endif
   64.15  
   64.16 -#define SHADOW_ENCODE_MIN_MAX(_min, _max) ((((L1_PAGETABLE_ENTRIES - 1) - (_max)) << 16) | (_min))
   64.17 +#define SHADOW_ENCODE_MIN_MAX(_min, _max) ((((GUEST_L1_PAGETABLE_ENTRIES - 1) - (_max)) << 16) | (_min))
   64.18  #define SHADOW_MIN(_encoded) ((_encoded) & ((1u<<16) - 1))
   64.19 -#define SHADOW_MAX(_encoded) ((L1_PAGETABLE_ENTRIES - 1) - ((_encoded) >> 16))
   64.20 +#define SHADOW_MAX(_encoded) ((GUEST_L1_PAGETABLE_ENTRIES - 1) - ((_encoded) >> 16))
   64.21  
   64.22  extern void shadow_mode_init(void);
   64.23  extern int shadow_mode_control(struct domain *p, dom0_shadow_control_t *sc);
   64.24 @@ -132,6 +134,7 @@ extern void shadow_l2_normal_pt_update(s
   64.25                                         struct domain_mmap_cache *cache);
   64.26  #if CONFIG_PAGING_LEVELS >= 3
   64.27  #include <asm/page-guest32.h>
   64.28 +extern unsigned long gva_to_gpa(unsigned long gva);
   64.29  extern void shadow_l3_normal_pt_update(struct domain *d,
   64.30                                         unsigned long pa, l3_pgentry_t l3e,
   64.31                                         struct domain_mmap_cache *cache);
   64.32 @@ -794,22 +797,22 @@ static inline int l1pte_read_fault(
   64.33  #endif
   64.34  
   64.35  static inline void l1pte_propagate_from_guest(
   64.36 -    struct domain *d, l1_pgentry_t gpte, l1_pgentry_t *spte_p)
   64.37 +    struct domain *d, guest_l1_pgentry_t gpte, l1_pgentry_t *spte_p)
   64.38  { 
   64.39      unsigned long mfn;
   64.40      l1_pgentry_t spte;
   64.41  
   64.42      spte = l1e_empty();
   64.43  
   64.44 -    if ( ((l1e_get_flags(gpte) & (_PAGE_PRESENT|_PAGE_ACCESSED) ) ==
   64.45 +    if ( ((guest_l1e_get_flags(gpte) & (_PAGE_PRESENT|_PAGE_ACCESSED) ) ==
   64.46            (_PAGE_PRESENT|_PAGE_ACCESSED)) &&
   64.47           VALID_MFN(mfn = __gpfn_to_mfn(d, l1e_get_pfn(gpte))) )
   64.48      {
   64.49          spte = l1e_from_pfn(
   64.50 -            mfn, l1e_get_flags(gpte) & ~(_PAGE_GLOBAL | _PAGE_AVAIL));
   64.51 +            mfn, guest_l1e_get_flags(gpte) & ~(_PAGE_GLOBAL | _PAGE_AVAIL));
   64.52  
   64.53          if ( shadow_mode_log_dirty(d) ||
   64.54 -             !(l1e_get_flags(gpte) & _PAGE_DIRTY) ||
   64.55 +             !(guest_l1e_get_flags(gpte) & _PAGE_DIRTY) ||
   64.56               mfn_is_page_table(mfn) )
   64.57          {
   64.58              l1e_remove_flags(spte, _PAGE_RW);
   64.59 @@ -859,22 +862,22 @@ static inline void hl2e_propagate_from_g
   64.60  
   64.61  static inline void l2pde_general(
   64.62      struct domain *d,
   64.63 -    l2_pgentry_t *gpde_p,
   64.64 +    guest_l2_pgentry_t *gpde_p,
   64.65      l2_pgentry_t *spde_p,
   64.66      unsigned long sl1mfn)
   64.67  {
   64.68 -    l2_pgentry_t gpde = *gpde_p;
   64.69 +    guest_l2_pgentry_t gpde = *gpde_p;
   64.70      l2_pgentry_t spde;
   64.71  
   64.72      spde = l2e_empty();
   64.73 -    if ( (l2e_get_flags(gpde) & _PAGE_PRESENT) && (sl1mfn != 0) )
   64.74 +    if ( (guest_l2e_get_flags(gpde) & _PAGE_PRESENT) && (sl1mfn != 0) )
   64.75      {
   64.76          spde = l2e_from_pfn(
   64.77 -            sl1mfn, 
   64.78 -            (l2e_get_flags(gpde) | _PAGE_RW | _PAGE_ACCESSED) & ~_PAGE_AVAIL);
   64.79 +            sl1mfn,
   64.80 +            (guest_l2e_get_flags(gpde) | _PAGE_RW | _PAGE_ACCESSED) & ~_PAGE_AVAIL);
   64.81  
   64.82          /* N.B. PDEs do not have a dirty bit. */
   64.83 -        l2e_add_flags(gpde, _PAGE_ACCESSED);
   64.84 +        guest_l2e_add_flags(gpde, _PAGE_ACCESSED);
   64.85  
   64.86          *gpde_p = gpde;
   64.87      }
   64.88 @@ -887,12 +890,12 @@ static inline void l2pde_general(
   64.89  }
   64.90  
   64.91  static inline void l2pde_propagate_from_guest(
   64.92 -    struct domain *d, l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p)
   64.93 +    struct domain *d, guest_l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p)
   64.94  {
   64.95 -    l2_pgentry_t gpde = *gpde_p;
   64.96 +    guest_l2_pgentry_t gpde = *gpde_p;
   64.97      unsigned long sl1mfn = 0;
   64.98  
   64.99 -    if ( l2e_get_flags(gpde) & _PAGE_PRESENT )
  64.100 +    if ( guest_l2e_get_flags(gpde) & _PAGE_PRESENT )
  64.101          sl1mfn =  __shadow_status(d, l2e_get_pfn(gpde), PGT_l1_shadow);
  64.102      l2pde_general(d, gpde_p, spde_p, sl1mfn);
  64.103  }
  64.104 @@ -904,7 +907,7 @@ static inline void l2pde_propagate_from_
  64.105  static int inline
  64.106  validate_pte_change(
  64.107      struct domain *d,
  64.108 -    l1_pgentry_t new_pte,
  64.109 +    guest_l1_pgentry_t new_pte,
  64.110      l1_pgentry_t *shadow_pte_p)
  64.111  {
  64.112      l1_pgentry_t old_spte, new_spte;
  64.113 @@ -1004,7 +1007,7 @@ validate_hl2e_change(
  64.114  static int inline
  64.115  validate_pde_change(
  64.116      struct domain *d,
  64.117 -    l2_pgentry_t new_gpde,
  64.118 +    guest_l2_pgentry_t new_gpde,
  64.119      l2_pgentry_t *shadow_pde_p)
  64.120  {
  64.121      l2_pgentry_t old_spde, new_spde;
    65.1 --- a/xen/include/asm-x86/shadow_64.h	Fri Sep 02 14:15:49 2005 +0000
    65.2 +++ b/xen/include/asm-x86/shadow_64.h	Fri Sep 02 14:17:08 2005 +0000
    65.3 @@ -27,6 +27,7 @@
    65.4  #ifndef _XEN_SHADOW_64_H
    65.5  #define _XEN_SHADOW_64_H
    65.6  #include <asm/shadow.h>
    65.7 +#include <asm/shadow_ops.h>
    65.8  
    65.9  #define READ_FAULT  0
   65.10  #define WRITE_FAULT 1
   65.11 @@ -42,14 +43,14 @@
   65.12  #define ESH_LOG(_f, _a...) ((void)0)
   65.13  #endif
   65.14  
   65.15 -#define L4      4UL
   65.16 -#define L3      3UL
   65.17 -#define L2      2UL
   65.18 -#define L1      1UL
   65.19 +#define PAGING_L4      4UL
   65.20 +#define PAGING_L3      3UL
   65.21 +#define PAGING_L2      2UL
   65.22 +#define PAGING_L1      1UL
   65.23  #define L_MASK  0xff
   65.24  
   65.25 -#define ROOT_LEVEL_64   L4
   65.26 -#define ROOT_LEVEL_32   L2
   65.27 +#define ROOT_LEVEL_64   PAGING_L4
   65.28 +#define ROOT_LEVEL_32   PAGING_L2
   65.29  
   65.30  #define SHADOW_ENTRY    (2UL << 16)
   65.31  #define GUEST_ENTRY     (1UL << 16)
   65.32 @@ -59,6 +60,10 @@
   65.33  
   65.34  #define PAGETABLE_ENTRIES    (1<<PAGETABLE_ORDER)
   65.35  
   65.36 +/* For 32-bit VMX guest to allocate shadow L1 & L2*/
   65.37 +#define SL1_ORDER   1
   65.38 +#define SL2_ORDER   2
   65.39 +
   65.40  typedef struct { intpte_t lo; } pgentry_64_t;
   65.41  #define shadow_level_to_type(l)    (l << 29)
   65.42  #define shadow_type_to_level(t)    (t >> 29)
   65.43 @@ -76,6 +81,10 @@ typedef struct { intpte_t lo; } pgentry_
   65.44  #define entry_remove_flags(x, flags) ((x).lo &= ~put_pte_flags(flags))
   65.45  #define entry_has_changed(x,y,flags) \
   65.46          ( !!(((x).lo ^ (y).lo) & ((PADDR_MASK&PAGE_MASK)|put_pte_flags(flags))) )
   65.47 +
   65.48 +#define PAE_SHADOW_SELF_ENTRY   259
   65.49 +#define PDP_ENTRIES   4
   65.50 +
   65.51  static inline int  table_offset_64(unsigned long va, int level)
   65.52  {
   65.53      switch(level) {
   65.54 @@ -86,8 +95,13 @@ static inline int  table_offset_64(unsig
   65.55          case 3:
   65.56              return  (((va) >> L3_PAGETABLE_SHIFT) & (L3_PAGETABLE_ENTRIES - 1));
   65.57  #if CONFIG_PAGING_LEVELS >= 4
   65.58 +#ifndef GUEST_PGENTRY_32
   65.59          case 4:
   65.60              return  (((va) >> L4_PAGETABLE_SHIFT) & (L4_PAGETABLE_ENTRIES - 1));
   65.61 +#else
   65.62 +        case 4:
   65.63 +            return PAE_SHADOW_SELF_ENTRY; 
   65.64 +#endif
   65.65  #endif
   65.66          default:
   65.67              //printk("<table_offset_64> level %d is too big\n", level);
   65.68 @@ -165,30 +179,30 @@ static inline pgentry_64_t *__rw_entry(
   65.69      return le_e;
   65.70  }
   65.71  #define __shadow_set_l4e(v, va, value) \
   65.72 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L4)
   65.73 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L4)
   65.74  #define __shadow_get_l4e(v, va, sl4e) \
   65.75 -  __rw_entry(v, va, sl4e, SHADOW_ENTRY | GET_ENTRY | L4)
   65.76 +  __rw_entry(v, va, sl4e, SHADOW_ENTRY | GET_ENTRY | PAGING_L4)
   65.77  #define __shadow_set_l3e(v, va, value) \
   65.78 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L3)
   65.79 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L3)
   65.80  #define __shadow_get_l3e(v, va, sl3e) \
   65.81 -  __rw_entry(v, va, sl3e, SHADOW_ENTRY | GET_ENTRY | L3)
   65.82 +  __rw_entry(v, va, sl3e, SHADOW_ENTRY | GET_ENTRY | PAGING_L3)
   65.83  #define __shadow_set_l2e(v, va, value) \
   65.84 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L2)
   65.85 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L2)
   65.86  #define __shadow_get_l2e(v, va, sl2e) \
   65.87 -  __rw_entry(v, va, sl2e, SHADOW_ENTRY | GET_ENTRY | L2)
   65.88 +  __rw_entry(v, va, sl2e, SHADOW_ENTRY | GET_ENTRY | PAGING_L2)
   65.89  #define __shadow_set_l1e(v, va, value) \
   65.90 -  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L1)
   65.91 +  __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L1)
   65.92  #define __shadow_get_l1e(v, va, sl1e) \
   65.93 -  __rw_entry(v, va, sl1e, SHADOW_ENTRY | GET_ENTRY | L1)
   65.94 +  __rw_entry(v, va, sl1e, SHADOW_ENTRY | GET_ENTRY | PAGING_L1)
   65.95  
   65.96  #define __guest_set_l4e(v, va, value) \
   65.97 -  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L4)
   65.98 +  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L4)
   65.99  #define __guest_get_l4e(v, va, gl4e) \
  65.100 -  __rw_entry(v, va, gl4e, GUEST_ENTRY | GET_ENTRY | L4)
  65.101 +  __rw_entry(v, va, gl4e, GUEST_ENTRY | GET_ENTRY | PAGING_L4)
  65.102  #define __guest_set_l3e(v, va, value) \
  65.103 -  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L3)
  65.104 +  __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L3)
  65.105  #define __guest_get_l3e(v, va, sl3e) \
  65.106 -  __rw_entry(v, va, gl3e, GUEST_ENTRY | GET_ENTRY | L3)
  65.107 +  __rw_entry(v, va, gl3e, GUEST_ENTRY | GET_ENTRY | PAGING_L3)
  65.108  
  65.109  static inline void *  __guest_set_l2e(
  65.110      struct vcpu *v, u64 va, void *value, int size)
  65.111 @@ -205,7 +219,7 @@ static inline void *  __guest_set_l2e(
  65.112                  return &l2va[l2_table_offset_32(va)];
  65.113              }
  65.114          case 8:
  65.115 -            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L2);
  65.116 +            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L2);
  65.117          default:
  65.118              BUG();
  65.119              return NULL;
  65.120 @@ -230,7 +244,7 @@ static inline void * __guest_get_l2e(
  65.121                  return &l2va[l2_table_offset_32(va)];
  65.122              }
  65.123          case 8:
  65.124 -            return __rw_entry(v, va, gl2e, GUEST_ENTRY | GET_ENTRY | L2);
  65.125 +            return __rw_entry(v, va, gl2e, GUEST_ENTRY | GET_ENTRY | PAGING_L2);
  65.126          default:
  65.127              BUG();
  65.128              return NULL;
  65.129 @@ -269,7 +283,7 @@ static inline void *  __guest_set_l1e(
  65.130              }
  65.131  
  65.132          case 8:
  65.133 -            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L1);
  65.134 +            return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L1);
  65.135          default:
  65.136              BUG();
  65.137              return NULL;
  65.138 @@ -310,7 +324,7 @@ static inline void *  __guest_get_l1e(
  65.139              }
  65.140          case 8:
  65.141              // 64-bit guest
  65.142 -            return __rw_entry(v, va, gl1e, GUEST_ENTRY | GET_ENTRY | L1);
  65.143 +            return __rw_entry(v, va, gl1e, GUEST_ENTRY | GET_ENTRY | PAGING_L1);
  65.144          default:
  65.145              BUG();
  65.146              return NULL;
  65.147 @@ -334,7 +348,7 @@ static inline void entry_general(
  65.148      sle = entry_empty();
  65.149      if ( (entry_get_flags(gle) & _PAGE_PRESENT) && (smfn != 0) )
  65.150      {
  65.151 -        if ((entry_get_flags(gle) & _PAGE_PSE) && level == L2) {
  65.152 +        if ((entry_get_flags(gle) & _PAGE_PSE) && level == PAGING_L2) {
  65.153              sle = entry_from_pfn(smfn, entry_get_flags(gle));
  65.154              entry_remove_flags(sle, _PAGE_PSE);
  65.155  
  65.156 @@ -376,7 +390,7 @@ static inline void entry_propagate_from_
  65.157      unsigned long smfn = 0;
  65.158  
  65.159      if ( entry_get_flags(gle) & _PAGE_PRESENT ) {
  65.160 -        if ((entry_get_flags(gle) & _PAGE_PSE) && level == L2) {
  65.161 +        if ((entry_get_flags(gle) & _PAGE_PSE) && level == PAGING_L2) {
  65.162              smfn =  __shadow_status(d, entry_get_value(gle) >> PAGE_SHIFT, PGT_fl1_shadow);
  65.163          } else {
  65.164              smfn =  __shadow_status(d, entry_get_pfn(gle), 
  65.165 @@ -421,88 +435,6 @@ validate_entry_change(
  65.166      return 1;
  65.167  }
  65.168  
  65.169 -/*
  65.170 - * Check P, R/W, U/S bits in the guest page table.
  65.171 - * If the fault belongs to guest return 1,
  65.172 - * else return 0.
  65.173 - */
  65.174 -static inline int guest_page_fault(struct vcpu *v,
  65.175 -  unsigned long va, unsigned int error_code, pgentry_64_t *gpl2e, pgentry_64_t *gpl1e)
  65.176 -{
  65.177 -    struct domain *d = v->domain;
  65.178 -    pgentry_64_t gle, *lva;
  65.179 -    unsigned long mfn;
  65.180 -    int i;
  65.181 -
  65.182 -    __rw_entry(v, va, &gle, GUEST_ENTRY | GET_ENTRY | L4);
  65.183 -    if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  65.184 -        return 1;
  65.185 -
  65.186 -    if (error_code & ERROR_W) {
  65.187 -        if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  65.188 -            return 1;
  65.189 -    }
  65.190 -    if (error_code & ERROR_U) {
  65.191 -        if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  65.192 -            return 1;
  65.193 -    }
  65.194 -    for (i = L3; i >= L1; i--) {
  65.195 -	/*
  65.196 -	 * If it's not external mode, then mfn should be machine physical.
  65.197 -	 */
  65.198 -	mfn = __gpfn_to_mfn(d, (entry_get_paddr(gle) >> PAGE_SHIFT));
  65.199 -        if (mfn == -1)
  65.200 -            return 1;
  65.201 -
  65.202 -        lva = (pgentry_64_t *) phys_to_virt(
  65.203 -	    mfn << PAGE_SHIFT);
  65.204 -        gle = lva[table_offset_64(va, i)];
  65.205 -
  65.206 -        if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT)))
  65.207 -            return 1;
  65.208 -
  65.209 -        if (error_code & ERROR_W) {
  65.210 -            if (unlikely(!(entry_get_flags(gle) & _PAGE_RW)))
  65.211 -                return 1;
  65.212 -        }
  65.213 -        if (error_code & ERROR_U) {
  65.214 -            if (unlikely(!(entry_get_flags(gle) & _PAGE_USER)))
  65.215 -                return 1;
  65.216 -        }
  65.217 -
  65.218 -        if (i == L2) {
  65.219 -            if (gpl2e)
  65.220 -                *gpl2e = gle;
  65.221 -
  65.222 -            if (likely(entry_get_flags(gle) & _PAGE_PSE))
  65.223 -                return 0;
  65.224 -
  65.225 -        }
  65.226 -
  65.227 -        if (i == L1)
  65.228 -            if (gpl1e)
  65.229 -                *gpl1e = gle;
  65.230 -    }
  65.231 -    return 0;
  65.232 -}
  65.233 -
  65.234 -static inline unsigned long gva_to_gpa(unsigned long gva)
  65.235 -{
  65.236 -    struct vcpu *v = current;
  65.237 -    pgentry_64_t gl1e = {0};
  65.238 -    pgentry_64_t gl2e = {0};
  65.239 -    unsigned long gpa;
  65.240 -
  65.241 -    if (guest_page_fault(v, gva, 0, &gl2e, &gl1e))
  65.242 -        return 0;
  65.243 -    if (entry_get_flags(gl2e) & _PAGE_PSE)
  65.244 -        gpa = entry_get_paddr(gl2e) + (gva & ((1 << L2_PAGETABLE_SHIFT) - 1));
  65.245 -    else
  65.246 -        gpa = entry_get_paddr(gl1e) + (gva & ~PAGE_MASK);
  65.247 -
  65.248 -    return gpa;
  65.249 -
  65.250 -}
  65.251  #endif
  65.252  
  65.253  
    66.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    66.2 +++ b/xen/include/asm-x86/shadow_ops.h	Fri Sep 02 14:17:08 2005 +0000
    66.3 @@ -0,0 +1,130 @@
    66.4 +/******************************************************************************
    66.5 + * include/asm-x86/shadow_ops.h
    66.6 + * 
    66.7 + * Copyright (c) 2005 Michael A Fetterman
    66.8 + * Based on an earlier implementation by Ian Pratt et al
    66.9 + * 
   66.10 + * This program is free software; you can redistribute it and/or modify
   66.11 + * it under the terms of the GNU General Public License as published by
   66.12 + * the Free Software Foundation; either version 2 of the License, or
   66.13 + * (at your option) any later version.
   66.14 + * 
   66.15 + * This program is distributed in the hope that it will be useful,
   66.16 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
   66.17 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   66.18 + * GNU General Public License for more details.
   66.19 + * 
   66.20 + * You should have received a copy of the GNU General Public License
   66.21 + * along with this program; if not, write to the Free Software
   66.22 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   66.23 + */
   66.24 +
   66.25 +#ifndef _XEN_SHADOW_OPS_H
   66.26 +#define _XEN_SHADOW_OPS_H
   66.27 +
   66.28 +#if defined( GUEST_PGENTRY_32 )
   66.29 +
   66.30 +#define GUEST_L1_PAGETABLE_ENTRIES     L1_PAGETABLE_ENTRIES_32
   66.31 +#define GUEST_L2_PAGETABLE_ENTRIES     L2_PAGETABLE_ENTRIES_32
   66.32 +#define GUEST_ROOT_PAGETABLE_ENTRIES   ROOT_PAGETABLE_ENTRIES_32
   66.33 +#define GUEST_L2_PAGETABLE_SHIFT       L2_PAGETABLE_SHIFT_32
   66.34 +
   66.35 +#define guest_l1_pgentry_t      l1_pgentry_32_t
   66.36 +#define guest_l2_pgentry_t      l2_pgentry_32_t
   66.37 +#define guest_root_pgentry_t    l2_pgentry_32_t
   66.38 +
   66.39 +#define guest_l1e_get_paddr     l1e_get_paddr_32
   66.40 +#define guest_l2e_get_paddr     l2e_get_paddr_32
   66.41 +
   66.42 +#define guest_get_pte_flags     get_pte_flags_32
   66.43 +#define guest_put_pte_flags     put_pte_flags_32
   66.44 +
   66.45 +#define guest_l1e_get_flags     l1e_get_flags_32
   66.46 +#define guest_l2e_get_flags     l2e_get_flags_32
   66.47 +#define guest_root_get_flags          l2e_get_flags_32
   66.48 +#define guest_root_get_intpte         l2e_get_intpte
   66.49 +
   66.50 +#define guest_l1e_empty         l1e_empty_32
   66.51 +#define guest_l2e_empty         l2e_empty_32
   66.52 +
   66.53 +#define guest_l1e_from_pfn      l1e_from_pfn_32
   66.54 +#define guest_l2e_from_pfn      l2e_from_pfn_32
   66.55 +
   66.56 +#define guest_l1e_from_paddr    l1e_from_paddr_32
   66.57 +#define guest_l2e_from_paddr    l2e_from_paddr_32
   66.58 +
   66.59 +#define guest_l1e_from_page     l1e_from_page_32
   66.60 +#define guest_l2e_from_page     l2e_from_page_32
   66.61 +
   66.62 +#define guest_l1e_add_flags     l1e_add_flags_32
   66.63 +#define guest_l2e_add_flags     l2e_add_flags_32
   66.64 +
   66.65 +#define guest_l1e_remove_flag   l1e_remove_flags_32
   66.66 +#define guest_l2e_remove_flag   l2e_remove_flags_32
   66.67 +
   66.68 +#define guest_l1e_has_changed   l1e_has_changed_32
   66.69 +#define guest_l2e_has_changed   l2e_has_changed_32
   66.70 +#define root_entry_has_changed  l2e_has_changed_32
   66.71 +
   66.72 +#define guest_l1_table_offset   l1_table_offset_32
   66.73 +#define guest_l2_table_offset   l2_table_offset_32
   66.74 +
   66.75 +#define guest_linear_l1_table   linear_pg_table_32
   66.76 +#define guest_linear_l2_table   linear_l2_table_32
   66.77 +
   66.78 +#define guest_va_to_l1mfn       va_to_l1mfn_32
   66.79 +
   66.80 +#else
   66.81 +
   66.82 +#define GUEST_L1_PAGETABLE_ENTRIES      L1_PAGETABLE_ENTRIES
   66.83 +#define GUEST_L2_PAGETABLE_ENTRIES      L2_PAGETABLE_ENTRIES
   66.84 +#define GUEST_ROOT_PAGETABLE_ENTRIES    ROOT_PAGETABLE_ENTRIES
   66.85 +#define GUEST_L2_PAGETABLE_SHIFT        L2_PAGETABLE_SHIFT
   66.86 +
   66.87 +#define guest_l1_pgentry_t      l1_pgentry_t
   66.88 +#define guest_l2_pgentry_t      l2_pgentry_t
   66.89 +#define guest_root_pgentry_t    l4_pgentry_t
   66.90 +
   66.91 +#define guest_l1e_get_paddr     l1e_get_paddr
   66.92 +#define guest_l2e_get_paddr     l2e_get_paddr
   66.93 +
   66.94 +#define guest_get_pte_flags     get_pte_flags
   66.95 +#define guest_put_pte_flags     put_pte_flags
   66.96 +
   66.97 +#define guest_l1e_get_flags     l1e_get_flags
   66.98 +#define guest_l2e_get_flags     l2e_get_flags
   66.99 +#define guest_root_get_flags    l4e_get_flags
  66.100 +#define guest_root_get_intpte   l4e_get_intpte
  66.101 +
  66.102 +#define guest_l1e_empty         l1e_empty
  66.103 +#define guest_l2e_empty         l2e_empty
  66.104 +
  66.105 +#define guest_l1e_from_pfn      l1e_from_pfn
  66.106 +#define guest_l2e_from_pfn      l2e_from_pfn
  66.107 +
  66.108 +#define guest_l1e_from_paddr    l1e_from_paddr
  66.109 +#define guest_l2e_from_paddr    l2e_from_paddr
  66.110 +
  66.111 +#define guest_l1e_from_page     l1e_from_page
  66.112 +#define guest_l2e_from_page     l2e_from_page
  66.113 +
  66.114 +#define guest_l1e_add_flags     l1e_add_flags
  66.115 +#define guest_l2e_add_flags     l2e_add_flags
  66.116 +
  66.117 +#define guest_l1e_remove_flag   l1e_remove_flags
  66.118 +#define guest_l2e_remove_flag   l2e_remove_flags
  66.119 +
  66.120 +#define guest_l1e_has_changed   l1e_has_changed
  66.121 +#define guest_l2e_has_changed   l2e_has_changed
  66.122 +#define root_entry_has_changed  l4e_has_changed
  66.123 +
  66.124 +#define guest_l1_table_offset   l1_table_offset
  66.125 +#define guest_l2_table_offset   l2_table_offset
  66.126 +
  66.127 +#define guest_linear_l1_table   linear_pg_table
  66.128 +#define guest_linear_l2_table   linear_l2_table
  66.129 +
  66.130 +#define guest_va_to_l1mfn       va_to_l1mfn
  66.131 +#endif
  66.132 +
  66.133 +#endif	/* _XEN_SHADOW_OPS_H */
    67.1 --- a/xen/include/asm-x86/shadow_public.h	Fri Sep 02 14:15:49 2005 +0000
    67.2 +++ b/xen/include/asm-x86/shadow_public.h	Fri Sep 02 14:17:08 2005 +0000
    67.3 @@ -49,6 +49,7 @@ struct shadow_ops {
    67.4           (*mark_mfn_out_of_sync)(struct vcpu *v, unsigned long gpfn,
    67.5                                unsigned long mfn);
    67.6      int  (*is_out_of_sync)(struct vcpu *v, unsigned long va);
    67.7 +    unsigned long (*gva_to_gpa)(unsigned long gva);
    67.8  };
    67.9  #endif
   67.10  
    68.1 --- a/xen/include/asm-x86/x86_32/asm_defns.h	Fri Sep 02 14:15:49 2005 +0000
    68.2 +++ b/xen/include/asm-x86/x86_32/asm_defns.h	Fri Sep 02 14:17:08 2005 +0000
    68.3 @@ -1,10 +1,20 @@
    68.4  #ifndef __X86_32_ASM_DEFNS_H__
    68.5  #define __X86_32_ASM_DEFNS_H__
    68.6  
    68.7 +#ifndef NDEBUG
    68.8 +/* Indicate special exception stack frame by inverting the frame pointer. */
    68.9 +#define SETUP_EXCEPTION_FRAME_POINTER           \
   68.10 +        movl  %esp,%ebp;                        \
   68.11 +        notl  %ebp
   68.12 +#else
   68.13 +#define SETUP_EXCEPTION_FRAME_POINTER
   68.14 +#endif
   68.15 +
   68.16  #define __SAVE_ALL_PRE                                  \
   68.17          cld;                                            \
   68.18          pushl %eax;                                     \
   68.19          pushl %ebp;                                     \
   68.20 +        SETUP_EXCEPTION_FRAME_POINTER;                  \
   68.21          pushl %edi;                                     \
   68.22          pushl %esi;                                     \
   68.23          pushl %edx;                                     \
    69.1 --- a/xen/include/asm-x86/x86_64/asm_defns.h	Fri Sep 02 14:15:49 2005 +0000
    69.2 +++ b/xen/include/asm-x86/x86_64/asm_defns.h	Fri Sep 02 14:17:08 2005 +0000
    69.3 @@ -1,6 +1,15 @@
    69.4  #ifndef __X86_64_ASM_DEFNS_H__
    69.5  #define __X86_64_ASM_DEFNS_H__
    69.6  
    69.7 +#ifndef NDEBUG
    69.8 +/* Indicate special exception stack frame by inverting the frame pointer. */
    69.9 +#define SETUP_EXCEPTION_FRAME_POINTER           \
   69.10 +        movq  %rsp,%rbp;                        \
   69.11 +        notq  %rbp
   69.12 +#else
   69.13 +#define SETUP_EXCEPTION_FRAME_POINTER
   69.14 +#endif
   69.15 +
   69.16  #define SAVE_ALL                                \
   69.17          cld;                                    \
   69.18          pushq %rdi;                             \
   69.19 @@ -14,6 +23,7 @@
   69.20          pushq %r11;                             \
   69.21          pushq %rbx;                             \
   69.22          pushq %rbp;                             \
   69.23 +        SETUP_EXCEPTION_FRAME_POINTER;          \
   69.24          pushq %r12;                             \
   69.25          pushq %r13;                             \
   69.26          pushq %r14;                             \
    70.1 --- a/xen/include/public/acm.h	Fri Sep 02 14:15:49 2005 +0000
    70.2 +++ b/xen/include/public/acm.h	Fri Sep 02 14:17:08 2005 +0000
    70.3 @@ -56,20 +56,22 @@
    70.4  #define ACM_ACCESS_DENIED		-111
    70.5  #define ACM_NULL_POINTER_ERROR		-200
    70.6  
    70.7 -#define ACM_MAX_POLICY  3
    70.8 -
    70.9 +/* primary policy in lower 4 bits */
   70.10  #define ACM_NULL_POLICY	0
   70.11  #define ACM_CHINESE_WALL_POLICY	1
   70.12  #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
   70.13 -#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3
   70.14 +
   70.15 +/* combinations have secondary policy component in higher 4bit */
   70.16 +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
   70.17 +    ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY)
   70.18  
   70.19  /* policy: */
   70.20  #define ACM_POLICY_NAME(X) \
   70.21 -	(X == ACM_NULL_POLICY) ? "NULL policy" : \
   70.22 -	(X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \
   70.23 -	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   70.24 -	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   70.25 -	"UNDEFINED policy"
   70.26 +	((X) == (ACM_NULL_POLICY)) ? "NULL policy" :                        \
   70.27 +    ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" :        \
   70.28 +    ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   70.29 +    ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   70.30 +     "UNDEFINED policy"
   70.31  
   70.32  /* the following policy versions must be increased
   70.33   * whenever the interpretation of the related
   70.34 @@ -122,7 +124,7 @@ typedef u16 domaintype_t;
   70.35   */
   70.36  struct acm_policy_buffer {
   70.37  	u32 policy_version; /* ACM_POLICY_VERSION */
   70.38 -        u32 magic;
   70.39 +    u32 magic;
   70.40  	u32 len;
   70.41  	u32 primary_policy_code;
   70.42  	u32 primary_buffer_offset;
   70.43 @@ -151,7 +153,7 @@ struct acm_ste_policy_buffer {
   70.44  };
   70.45  
   70.46  struct acm_stats_buffer {
   70.47 -        u32 magic;
   70.48 +    u32 magic;
   70.49  	u32 len;
   70.50  	u32 primary_policy_code;
   70.51  	u32 primary_stats_offset;
   70.52 @@ -168,5 +170,15 @@ struct acm_ste_stats_buffer {
   70.53  	u32 gt_cachehit_count;
   70.54  };
   70.55  
   70.56 +struct acm_ssid_buffer {
   70.57 +	u32 len;
   70.58 +    ssidref_t ssidref;
   70.59 +	u32 primary_policy_code;
   70.60 +	u32 primary_max_types;
   70.61 +    u32 primary_types_offset;
   70.62 +	u32 secondary_policy_code;
   70.63 +    u32 secondary_max_types;
   70.64 +	u32 secondary_types_offset;
   70.65 +};
   70.66  
   70.67  #endif
    71.1 --- a/xen/include/public/acm_ops.h	Fri Sep 02 14:15:49 2005 +0000
    71.2 +++ b/xen/include/public/acm_ops.h	Fri Sep 02 14:17:08 2005 +0000
    71.3 @@ -1,3 +1,4 @@
    71.4 +
    71.5  /******************************************************************************
    71.6   * acm_ops.h
    71.7   *
    71.8 @@ -27,7 +28,7 @@
    71.9   * This makes sure that old versions of acm tools will stop working in a
   71.10   * well-defined way (rather than crashing the machine, for instance).
   71.11   */
   71.12 -#define ACM_INTERFACE_VERSION   0xAAAA0003
   71.13 +#define ACM_INTERFACE_VERSION   0xAAAA0004
   71.14  
   71.15  /************************************************************************/
   71.16  
   71.17 @@ -46,6 +47,7 @@ typedef struct acm_getpolicy {
   71.18      u16 pullcache_size;
   71.19  } acm_getpolicy_t;
   71.20  
   71.21 +
   71.22  #define ACM_DUMPSTATS        	6
   71.23  typedef struct acm_dumpstats {
   71.24      void *pullcache;
   71.25 @@ -53,6 +55,18 @@ typedef struct acm_dumpstats {
   71.26  } acm_dumpstats_t;
   71.27  
   71.28  
   71.29 +#define ACM_GETSSID          	7
   71.30 +enum get_type {UNSET, SSIDREF, DOMAINID};
   71.31 +typedef struct acm_getssid {
   71.32 +	enum get_type get_ssid_by;
   71.33 +	union {
   71.34 +		domaintype_t domainid;
   71.35 +		ssidref_t    ssidref;
   71.36 +	} id;
   71.37 +    void *ssidbuf;
   71.38 +    u16 ssidbuf_size;
   71.39 +} acm_getssid_t;
   71.40 +
   71.41  typedef struct acm_op {
   71.42      u32 cmd;
   71.43      u32 interface_version;      /* ACM_INTERFACE_VERSION */
   71.44 @@ -60,6 +74,7 @@ typedef struct acm_op {
   71.45          acm_setpolicy_t setpolicy;
   71.46          acm_getpolicy_t getpolicy;
   71.47          acm_dumpstats_t dumpstats;
   71.48 +        acm_getssid_t getssid;
   71.49      } u;
   71.50  } acm_op_t;
   71.51  
    72.1 --- a/xen/include/public/io/netif.h	Fri Sep 02 14:15:49 2005 +0000
    72.2 +++ b/xen/include/public/io/netif.h	Fri Sep 02 14:17:08 2005 +0000
    72.3 @@ -23,13 +23,13 @@ typedef struct netif_tx_response {
    72.4  
    72.5  typedef struct {
    72.6      u16       id;    /* Echoed in response message.        */
    72.7 -#ifdef CONFIG_XEN_NETDEV_GRANT_RX
    72.8 +#ifdef CONFIG_XEN_NETDEV_GRANT
    72.9      grant_ref_t gref;	/* 2: Reference to incoming granted frame */
   72.10  #endif
   72.11  } netif_rx_request_t;
   72.12  
   72.13  typedef struct {
   72.14 -#ifdef CONFIG_XEN_NETDEV_GRANT_TX
   72.15 +#ifdef CONFIG_XEN_NETDEV_GRANT
   72.16      u32      addr;   /*  0: Offset in page of start of received packet  */
   72.17  #else
   72.18      unsigned long addr; /* Machine address of packet.              */