ia64/xen-unstable

changeset 5518:649cd37aa1ab

bitkeeper revision 1.1720 (42b7bb86ag6KD5OEx2v6YdSnS1BhGQ)

Merge freefall.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xen-unstable.bk
into freefall.cl.cam.ac.uk:/auto/groups/xeno/users/iap10/xeno-clone/xen-unstable.bk
author iap10@freefall.cl.cam.ac.uk
date Tue Jun 21 07:02:30 2005 +0000 (2005-06-21)
parents 0d1166678d9b 10e9028c8e3d
children dbca2f11731d
files .rootkeys BitKeeper/etc/logging_ok Config.mk buildconfigs/Rules.mk docs/misc/shype4xen_readme.txt linux-2.6.11-xen-sparse/drivers/xen/netfront/netfront.c tools/Makefile tools/libxc/xc.h tools/libxc/xc_domain.c tools/misc/policyprocessor/SecurityLabel.java tools/misc/policyprocessor/SecurityPolicySpec.xsd tools/misc/policyprocessor/SsidsEntry.java tools/misc/policyprocessor/XmlToBin.java tools/misc/policyprocessor/XmlToBinInterface.java tools/misc/policyprocessor/myHandler.java tools/misc/policyprocessor/readme.install tools/misc/policyprocessor/readme.xen tools/misc/policyprocessor/xen_sample_def.xml tools/misc/policyprocessor/xen_sample_policy.xml tools/policy/Makefile tools/policy/policy_tool.c tools/python/xen/lowlevel/xc/xc.c tools/python/xen/lowlevel/xs/xs.c tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xend/image.py tools/python/xen/xend/server/SrvDomainDir.py tools/python/xen/xend/server/blkif.py tools/python/xen/xend/server/netif.py tools/python/xen/xend/xenstore/xsnode.py tools/python/xen/xm/create.py tools/python/xen/xm/main.py tools/python/xen/xm/opts.py xen/Makefile xen/Rules.mk xen/acm/Makefile xen/acm/acm_chinesewall_hooks.c xen/acm/acm_core.c xen/acm/acm_null_hooks.c xen/acm/acm_policy.c xen/acm/acm_simple_type_enforcement_hooks.c xen/arch/ia64/Makefile xen/arch/ia64/asm-offsets.c xen/arch/ia64/dom0_ops.c xen/arch/ia64/domain.c xen/arch/ia64/hypercall.c xen/arch/ia64/hyperprivop.S xen/arch/ia64/ivt.S xen/arch/ia64/patch/linux-2.6.11/io.h xen/arch/ia64/patch/linux-2.6.11/ptrace.h xen/arch/ia64/patch/linux-2.6.11/uaccess.h xen/arch/ia64/privop.c xen/arch/ia64/process.c xen/arch/ia64/regionreg.c xen/arch/ia64/tools/mkbuildtree xen/arch/ia64/vcpu.c xen/arch/ia64/vhpt.c xen/arch/ia64/vmmu.c xen/arch/ia64/vmx_ivt.S xen/arch/ia64/vmx_minstate.h xen/arch/ia64/vmx_process.c xen/arch/ia64/vtlb.c xen/arch/ia64/xenmem.c xen/arch/ia64/xenmisc.c xen/arch/x86/cpu/amd.c xen/arch/x86/cpu/common.c xen/arch/x86/cpu/cpu.h xen/arch/x86/cpu/intel.c xen/arch/x86/dom0_ops.c xen/arch/x86/setup.c xen/arch/x86/smpboot.c xen/arch/x86/x86_32/entry.S xen/common/Makefile xen/common/dom0_ops.c xen/common/event_channel.c xen/common/grant_table.c xen/common/kernel.c xen/common/policy_ops.c xen/include/acm/acm_core.h xen/include/acm/acm_endian.h xen/include/acm/acm_hooks.h xen/include/asm-ia64/config.h xen/include/asm-ia64/domain.h xen/include/asm-ia64/event.h xen/include/asm-ia64/mm.h xen/include/asm-ia64/tlb.h xen/include/asm-ia64/vcpu.h xen/include/asm-ia64/vhpt.h xen/include/asm-ia64/vmmu.h xen/include/asm-ia64/vmx_platform.h xen/include/asm-ia64/vmx_ptrace.h xen/include/asm-ia64/vmx_vpd.h xen/include/asm-x86/event.h xen/include/asm-x86/processor.h xen/include/asm-x86/smp.h xen/include/public/acm.h xen/include/public/acm_dom0_setup.h xen/include/public/arch-ia64.h xen/include/public/arch-x86_32.h xen/include/public/arch-x86_64.h xen/include/public/dom0_ops.h xen/include/public/policy_ops.h xen/include/public/version.h xen/include/public/xen.h xen/include/xen/event.h xen/include/xen/sched.h xen/include/xen/smp.h xen/include/xen/string.h
line diff
     1.1 --- a/.rootkeys	Sat Jun 18 00:49:11 2005 +0000
     1.2 +++ b/.rootkeys	Tue Jun 21 07:02:30 2005 +0000
     1.3 @@ -21,6 +21,7 @@ 412f4bd9sm5mCQ8BkrgKcAKZGadq7Q docs/misc
     1.4  420b949cy9ZGzED74Fz_DaWlK7tT4g docs/misc/crashdb.txt
     1.5  4251a1f82AexscYEiF4Iku8Gc_kWfQ docs/misc/grant-tables.txt
     1.6  424d462b5GuApQ_NyMsRFt9LbrsWow docs/misc/sedf_scheduler_mini-HOWTO.txt
     1.7 +42b7434c-M2l4Og0klGf6xSAARqa2w docs/misc/shype4xen_readme.txt
     1.8  40d6ccbfKKBq8jE0ula4eHEzBiQuDA docs/misc/xen_config.html
     1.9  410a4c2bAO_m_l4RsiiPHnZ4ixHWbQ docs/misc/xend.tex
    1.10  3f9e7d564bWFB-Czjv1qdmE6o0GqNg docs/src/interface.tex
    1.11 @@ -777,6 +778,16 @@ 3f6dc142IHaf6XIcAYGmhV9nNSIHFQ tools/mis
    1.12  40c9c469kT0H9COWzA4XzPBjWK0WsA tools/misc/netfix
    1.13  4022a73cEKvrYe_DVZW2JlAxobg9wg tools/misc/nsplitd/Makefile
    1.14  4022a73cKms4Oq030x2JBzUB426lAQ tools/misc/nsplitd/nsplitd.c
    1.15 +42b74436oXEaaUH_dPcGFviMiwNgCQ tools/misc/policyprocessor/SecurityLabel.java
    1.16 +42b74436fIW8ZI3pUpu13-Ox6G2cOA tools/misc/policyprocessor/SecurityPolicySpec.xsd
    1.17 +42b74436T4CN4HMWsuaHD2zS8jY1BA tools/misc/policyprocessor/SsidsEntry.java
    1.18 +42b74436Dk3WKJl6-SyP3LEBo3DXkQ tools/misc/policyprocessor/XmlToBin.java
    1.19 +42b74436ABj4SOVBWqY_IEIboFUkeA tools/misc/policyprocessor/XmlToBinInterface.java
    1.20 +42b7443684kBOrEBKFod4fGvnJ-rdA tools/misc/policyprocessor/myHandler.java
    1.21 +42b74436JjvZmOp2DfMb-TnpGZXQ8w tools/misc/policyprocessor/readme.install
    1.22 +42b74436-0Ig0yb-w1BYyCAFVTwqUg tools/misc/policyprocessor/readme.xen
    1.23 +42b74436WAJ6lmTO3foadk2527PFBQ tools/misc/policyprocessor/xen_sample_def.xml
    1.24 +42b744365VrTALmqRroQOBZ9EopUsw tools/misc/policyprocessor/xen_sample_policy.xml
    1.25  42308df9dv_ZuP49nNPIROEMQ3F_LA tools/misc/xc_shadow.c
    1.26  3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone
    1.27  3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README
    1.28 @@ -785,6 +796,8 @@ 40c9c4697z76HDfkCLdMhmaEwzFoNQ tools/mis
    1.29  41adc641dV-0cDLSyzMs5BT8nL7v3Q tools/misc/xenperf.c
    1.30  4056f5155QYZdsk-1fLdjsZPFTnlhg tools/misc/xensymoops
    1.31  40cf2937dqM1jWW87O5OoOYND8leuA tools/misc/xm
    1.32 +42b742f6JFcp6LFpYu-B4AEsfQwSFw tools/policy/Makefile
    1.33 +42b742f66XOdRMrwaHvbCdSSQyCrFw tools/policy/policy_tool.c
    1.34  4270cc81g3nSNYCZ1ryCMDEbLtMtbQ tools/pygrub/Makefile
    1.35  4270deeccyRsJn6jLnRh9odRtMW9SA tools/pygrub/README
    1.36  4270cc81EIl7NyaS3Av6IPRk2c2a6Q tools/pygrub/setup.py
    1.37 @@ -1101,6 +1114,12 @@ 4050c413NtuyIq5lsYJV4P7KIjujXw tools/xen
    1.38  3f72f1bdJPsV3JCnBqs9ddL9tr6D2g xen/COPYING
    1.39  3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile
    1.40  3ddb79bcWnTwYsQRWl_PaneJfa6p0w xen/Rules.mk
    1.41 +42b742f6XHTfIEm_hUPtzjKr37LVhw xen/acm/Makefile
    1.42 +42b742f6tHzn0fZWH3TjPva8gbqpow xen/acm/acm_chinesewall_hooks.c
    1.43 +42b742f6bM8kZwuIUbepHZ8SQQkjJA xen/acm/acm_core.c
    1.44 +42b742f6cwfrPubqH47gQpke8xkYSA xen/acm/acm_null_hooks.c
    1.45 +42b742f69qSxm5MM-wtPaWtCqyI3KA xen/acm/acm_policy.c
    1.46 +42b742f6VbmdlwekQRMhXugjcu9QXg xen/acm/acm_simple_type_enforcement_hooks.c
    1.47  421098b25A0RvuYN3rP28ga3_FN3_Q xen/arch/ia64/Makefile
    1.48  421098b2okIeYXS9w9avmSozls61xA xen/arch/ia64/Rules.mk
    1.49  421098b21p12UcKjHBrLh_LjlvNEwA xen/arch/ia64/acpi.c
    1.50 @@ -1146,6 +1165,7 @@ 425ae516p4ICTkjqNYEfYFxqULj4dw xen/arch/
    1.51  425ae516juUB257qrwUdsL9AsswrqQ xen/arch/ia64/patch/linux-2.6.11/time.c
    1.52  425ae5167zQn7zYcgKtDUDX2v-e8mw xen/arch/ia64/patch/linux-2.6.11/tlb.c
    1.53  425ae5162bIl2Dgd19x-FceB4L9oGw xen/arch/ia64/patch/linux-2.6.11/types.h
    1.54 +42ae01f01KDfSgVQnscwJ0psRmEaCw xen/arch/ia64/patch/linux-2.6.11/uaccess.h
    1.55  425ae516cFUNY2jHD46bujcF5NJheA xen/arch/ia64/patch/linux-2.6.11/unaligned.c
    1.56  421098b39QFMC-1t1r38CA7NxAYBPA xen/arch/ia64/patch/linux-2.6.7/bootmem.h
    1.57  421098b3SIA1vZX9fFUjo1T3o_jMCQ xen/arch/ia64/patch/linux-2.6.7/current.h
    1.58 @@ -1323,6 +1343,7 @@ 3ddb79bduhSEZI8xa7IbGQCpap5y2A xen/commo
    1.59  41a61536SZbR6cj1ukWTb0DYU-vz9w xen/common/multicall.c
    1.60  3ddb79bdD4SLmmdMD7yLW5HcUWucXw xen/common/page_alloc.c
    1.61  3e54c38dkHAev597bPr71-hGzTdocg xen/common/perfc.c
    1.62 +42b742f6mgq9puEr7lUrLST0VEpsig xen/common/policy_ops.c
    1.63  40589968dD2D1aejwSOvrROg7fOvGQ xen/common/sched_bvt.c
    1.64  41ebbfe9oF1BF3cH5v7yE3eOL9uPbA xen/common/sched_sedf.c
    1.65  3e397e6619PgAfBbw2XFbXkewvUWgw xen/common/schedule.c
    1.66 @@ -1338,6 +1359,9 @@ 3e4a8cb7alzQCDKS7MlioPoHBKYkdQ xen/drive
    1.67  4049e6bfNSIq7s7OV-Bd69QD0RpR2Q xen/drivers/char/console.c
    1.68  4298e018XQtZkCdufpyFimOGZqqsFA xen/drivers/char/ns16550.c
    1.69  3e4a8cb7nMChlro4wvOBo76n__iCFA xen/drivers/char/serial.c
    1.70 +42b742f6OteAMPWnoqxqfRX3yxD0yw xen/include/acm/acm_core.h
    1.71 +42b742f6XfIijctEwA0YWL2BoWtDNg xen/include/acm/acm_endian.h
    1.72 +42b742f6jXvp1vdbU2v2WJjTPku65A xen/include/acm/acm_hooks.h
    1.73  40715b2cFpte_UNWnBZW0Du7z9AhTQ xen/include/acpi/acconfig.h
    1.74  40715b2ctNvVZ058w8eM8DR9hOat_A xen/include/acpi/acexcep.h
    1.75  40715b2com8I01qcHcAw47e93XsCqQ xen/include/acpi/acglobal.h
    1.76 @@ -1364,6 +1388,7 @@ 421098b6Y3xqcv873Gvg1rQ5CChfFw xen/inclu
    1.77  421098b6ZcIrn_gdqjUtdJyCE0YkZQ xen/include/asm-ia64/debugger.h
    1.78  421098b6z0zSuW1rcSJK1gR8RUi-fw xen/include/asm-ia64/dom_fw.h
    1.79  421098b6Nn0I7hGB8Mkd1Cis0KMkhA xen/include/asm-ia64/domain.h
    1.80 +42b1d2d0rkNCmG2nFOnL-OfhJG9mDw xen/include/asm-ia64/event.h
    1.81  4241e880hAyo_dk0PPDYj3LsMIvf-Q xen/include/asm-ia64/flushtlb.h
    1.82  421098b6X3Fs2yht42TE2ufgKqt2Fw xen/include/asm-ia64/ia64_int.h
    1.83  421098b7psFAn8kbeR-vcRCdc860Vw xen/include/asm-ia64/init.h
    1.84 @@ -1388,7 +1413,6 @@ 428b9f387tov0OtOEeF8fVWSR2v5Pg xen/inclu
    1.85  428b9f38is0zTsIm96_BKo4MLw0SzQ xen/include/asm-ia64/vmx_pal_vsa.h
    1.86  428b9f38iDqbugHUheJrcTCD7zlb4g xen/include/asm-ia64/vmx_phy_mode.h
    1.87  428b9f38grd_B0AGB1yp0Gi2befHaQ xen/include/asm-ia64/vmx_platform.h
    1.88 -428b9f38lm0ntDBusHggeQXkx1-1HQ xen/include/asm-ia64/vmx_ptrace.h
    1.89  428b9f38XgwHchZEpOzRtWfz0agFNQ xen/include/asm-ia64/vmx_vcpu.h
    1.90  428b9f38tDTTJbkoONcAB9ODP8CiVg xen/include/asm-ia64/vmx_vpd.h
    1.91  428b9f38_o0U5uJqmxZf_bqi6_PqVw xen/include/asm-ia64/vtm.h
    1.92 @@ -1412,6 +1436,7 @@ 3ddb79c34BFiXjBJ_cCKB0aCsV1IDw xen/inclu
    1.93  40715b2dTokMLYGSuD58BnxOqyWVew xen/include/asm-x86/div64.h
    1.94  4204e7acwzqgXyTAPKa1nM-L7Ec0Qw xen/include/asm-x86/domain.h
    1.95  41d3eaaeIBzW621S1oa0c2yk7X43qQ xen/include/asm-x86/e820.h
    1.96 +42b1d2caFkOByU5n4LuMnT05f3kJFg xen/include/asm-x86/event.h
    1.97  3ddb79c3NU8Zy40OTrq3D-i30Y3t4A xen/include/asm-x86/fixmap.h
    1.98  3e2d29944GI24gf7vOP_7x8EyuqxeA xen/include/asm-x86/flushtlb.h
    1.99  4294b5eep4lWuDtYUR74gYwt-_FnHA xen/include/asm-x86/genapic.h
   1.100 @@ -1487,6 +1512,8 @@ 404f1bb86rAXB3aLS1vYdcqpJiEcyg xen/inclu
   1.101  404f1bc4tWkB9Qr8RkKtZGW5eMQzhw xen/include/asm-x86/x86_64/uaccess.h
   1.102  422f27c8RHFkePhD34VIEpMMqofZcA xen/include/asm-x86/x86_emulate.h
   1.103  400304fcmRQmDdFYEzDh0wcBba9alg xen/include/public/COPYING
   1.104 +42b742f6duiOTlZvysQkRYZHYBXqvg xen/include/public/acm.h
   1.105 +42b742f7TIMsQgUaNDJXp3QlBve2SQ xen/include/public/acm_dom0_setup.h
   1.106  421098b7OKb9YH_EUA_UpCxBjaqtgA xen/include/public/arch-ia64.h
   1.107  404f1bc68SXxmv0zQpXBWGrCzSyp8w xen/include/public/arch-x86_32.h
   1.108  404f1bc7IwU-qnH8mJeVu0YsNGMrcw xen/include/public/arch-x86_64.h
   1.109 @@ -1500,8 +1527,10 @@ 40f5623cTZ80EwjWUBlh44A9F9i_Lg xen/inclu
   1.110  41d40e9b8zCk5VDqhVbuQyhc7G3lqA xen/include/public/io/ring.h
   1.111  41ee5e8c6mLxIx82KPsbpt_uts_vSA xen/include/public/io/usbif.h
   1.112  4051db79512nOCGweabrFWO2M2h5ng xen/include/public/physdev.h
   1.113 +42b742f7Lzy8SKKG25L_-fgk5FHA2Q xen/include/public/policy_ops.h
   1.114  40589968wmhPmV5-ENbBYmMjnedgKw xen/include/public/sched_ctl.h
   1.115  404f3d2eR2Owk-ZcGOx9ULGHg3nrww xen/include/public/trace.h
   1.116 +42b5a5f2QC1IxeuwCwwsOEhvcJ2BJg xen/include/public/version.h
   1.117  4266bd01Ul-pC01ZVvBkhBnv5eqzvw xen/include/public/vmx_assist.h
   1.118  3ddb79c25UE59iu4JJcbRalx95mvcg xen/include/public/xen.h
   1.119  3e397e66m2tO3s-J8Jnr7Ws_tGoPTg xen/include/xen/ac_timer.h
     2.1 --- a/BitKeeper/etc/logging_ok	Sat Jun 18 00:49:11 2005 +0000
     2.2 +++ b/BitKeeper/etc/logging_ok	Tue Jun 21 07:02:30 2005 +0000
     2.3 @@ -39,6 +39,7 @@ iap10@labyrinth.cl.cam.ac.uk
     2.4  iap10@nidd.cl.cam.ac.uk
     2.5  iap10@pb001.cl.cam.ac.uk
     2.6  iap10@pb007.cl.cam.ac.uk
     2.7 +iap10@spot.cl.cam.ac.uk
     2.8  iap10@striker.cl.cam.ac.uk
     2.9  iap10@tetris.cl.cam.ac.uk
    2.10  jrb44@plym.cl.cam.ac.uk
     3.1 --- a/Config.mk	Sat Jun 18 00:49:11 2005 +0000
     3.2 +++ b/Config.mk	Tue Jun 21 07:02:30 2005 +0000
     3.3 @@ -31,3 +31,6 @@ endif
     3.4  
     3.5  LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i)) 
     3.6  CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i))
     3.7 +
     3.8 +# Choose the best mirror to download linux kernel
     3.9 +KERNEL_REPO = http://www.kernel.org
     4.1 --- a/buildconfigs/Rules.mk	Sat Jun 18 00:49:11 2005 +0000
     4.2 +++ b/buildconfigs/Rules.mk	Tue Jun 21 07:02:30 2005 +0000
     4.3 @@ -27,7 +27,7 @@ vpath linux-%.tar.bz2 $(LINUX_SRC_PATH)
     4.4  linux-%.tar.bz2: override _LINUX_VDIR = $(word 1,$(subst ., ,$*)).$(word 2,$(subst ., ,$*))
     4.5  linux-%.tar.bz2:
     4.6  	@echo "Cannot find $@ in path $(LINUX_SRC_PATH)"
     4.7 -	wget http://www.kernel.org/pub/linux/kernel/v$(_LINUX_VDIR)/$@ -O./$@
     4.8 +	wget $(KERNEL_REPO)/pub/linux/kernel/v$(_LINUX_VDIR)/$@ -O./$@
     4.9  
    4.10  # Expand NetBSD release to NetBSD version
    4.11  NETBSD_RELEASE  ?= 2.0
    4.12 @@ -57,6 +57,7 @@ endif
    4.13  	mkdir -p tmp-pristine-$*
    4.14  	touch tmp-pristine-$*/.bk_skip
    4.15  	tar -C tmp-pristine-$* -jxf $<
    4.16 +	-@rm tmp-pristine-$*/pax_global_header
    4.17  	mv tmp-pristine-$*/* $(@D)
    4.18  	@rm -rf tmp-pristine-$*
    4.19  	touch $@ # update timestamp to avoid rebuild
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/docs/misc/shype4xen_readme.txt	Tue Jun 21 07:02:30 2005 +0000
     5.3 @@ -0,0 +1,580 @@
     5.4 +Copyright: IBM Corporation (C)
     5.5 +20 June 2005
     5.6 +Author: Reiner Sailer
     5.7 +
     5.8 +This document is a very short introduction into the sHype access control 
     5.9 +security architecture implementation and how it is perceived by users. It 
    5.10 +is a very preliminary draft  for the courageous ones to get "their feet wet" 
    5.11 +and to be able to give feedback (via the xen-devel/xense-devel mailing lists).
    5.12 +
    5.13 +Install:
    5.14 +
    5.15 +cd into xeno-unstable.bk 
    5.16 +(use --dry-run option if you want to test the patch only)
    5.17 +patch -p1 -g0 < *tools.diff
    5.18 +patch -p1 -g0 < *xen.diff
    5.19 +
    5.20 +(no rejects, probably some line offsets)
    5.21 +
    5.22 +make uninstall; make mrproper; make; ./install.sh should install the default 
    5.23 +sHype into Xen (rebuild your initrd images if necessary). Reboot.
    5.24 +
    5.25 +Debug output: there are two triggers for debug output:
    5.26 +a) General sHype debug:
    5.27 +    xeno-unstable.bk/xen/include/public/acm.h
    5.28 +    undefine ACM_DEBUG to switch this debug off
    5.29 +
    5.30 +b) sHype enforcement hook trace: This prints a small trace for each enforcement 
    5.31 +hook that is executed. The trigger is in
    5.32 +    xeno-unstable.bk/xen/include/acm/acm_hooks.h
    5.33 +    undefine ACM_TRACE_MODE to switch this debug off
    5.34 +
    5.35 +1. The default NULL policy
    5.36 +***************************
    5.37 +When you apply the patches and startup xen, you should at first not notice any 
    5.38 +difference because the default policy is the "NULL" policy, which as the name 
    5.39 +implies does not enforce anything.
    5.40 +
    5.41 +However, when you try
    5.42 +
    5.43 +[root@laptop policy]# xm list
    5.44 +Name              Id  Mem(MB)  CPU  State  Time(s)  Console  SSID-REF
    5.45 +Domain-0           0      620   0  r----     25.6            default
    5.46 +
    5.47 +You might detect a new parameter "SSID-REF" displayed for domains. This 
    5.48 +parameter describes the subject security identifier reference of the domain. It 
    5.49 +is shown as "default" since there is no policy to be enforced.
    5.50 +
    5.51 +To display the currently enforced policy, use the policy tool under xeno-
    5.52 +unstable.bk/tools/policy: policy_tool getpolicy. You should see output like the 
    5.53 +one below.
    5.54 +
    5.55 +[root@laptop policy]#./policy_tool getpolicy
    5.56 +
    5.57 +Policy dump:
    5.58 +============
    5.59 +Magic     = 1debc.
    5.60 +PolVer    = aaaa0000.
    5.61 +Len       = 14.
    5.62 +Primary   = NULL policy (c=0, off=14).
    5.63 +Secondary = NULL policy (c=0, off=14).
    5.64 +No primary policy (NULL).
    5.65 +No secondary policy (NULL).
    5.66 +
    5.67 +Policy dump End.
    5.68 +
    5.69 +Since this is a dump of a binary policy, it's not pretty. The important parts 
    5.70 +are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 
    5.71 +currently allows to set two independent policies; thus the two SSID-REF parts 
    5.72 +shown in 'xm list'. Right here: primary policy only means this policy is 
    5.73 +checked first, the secondary policy is checked if the primary results in 
    5.74 +"permitted access". The result of the combined policy is "permitted" if both 
    5.75 +policies return permitted (NULL policy always returns permitted). The result is 
    5.76 +"denied" if at least one of the policies returns "denied". Look into xeno-
    5.77 +unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 
    5.78 +integrating the policy decisions (if you like, you won't need it for the rest 
    5.79 +of the Readme file).
    5.80 +
    5.81 +2. Setting Chinese Wall and Simple Type Enforcement policies:
    5.82 +*************************************************************
    5.83 +
    5.84 +We'll get fast to the point. However, in order to understand what we are doing, 
    5.85 +we must at least understand the purpose of the policies that we are going to 
    5.86 +enforce. The two policies presented here are just examples and the 
    5.87 +implementation encourages adding new policies easily.
    5.88 +
    5.89 +2.1. Chinese Wall policy: "decides whether a domain can be started based on 
    5.90 +this domain's ssidref and the ssidrefs of the currently running domains". 
    5.91 +Generally, the Chinese wall policy allows specifying certain types (or classes 
    5.92 +or categories, whatever the preferred word) that conflict; we usually assign a 
    5.93 +type to a workload and the set of types of those workloads running in a domain 
    5.94 +make up the type set for this domain.  Each domain is assigned a set of types 
    5.95 +through its SSID-REF (we register Chinese Wall as primary policy, so the 
    5.96 +ssidref used for determining the Chinese Wall types is the one annotated with 
    5.97 +"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 
    5.98 +SSIDREFs are represented in Xen later when we will look at the policy. (A good 
    5.99 +read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.)
   5.100 +
   5.101 +So let's assume the Chinese Wall policy we are running distinguishes 10 types: 
   5.102 +t0 ... t9. Let us assume further that each SSID-REF points to a set that 
   5.103 +includes exactly one type (attached to domains that run workloads of a single 
   5.104 +type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 
   5.105 +{t9}. [This is actually the example policy we are going to push into xen later]
   5.106 +
   5.107 +Now the Chinese Wall policy allows you to define "Conflict type sets" and it 
   5.108 +guarantees that of any conflict set at most one type is "running" at any time. 
   5.109 +As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 
   5.110 +Specifying these conflict sets, sHype ensures that at most one type of each set 
   5.111 +is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 
   5.112 +multiple of them).
   5.113 +
   5.114 +The effect is that administrators can define which workload types cannot run 
   5.115 +simultaneously on a single Xen system. This is useful to limit the covert 
   5.116 +timing channels between such payloads or to ensure that payloads don't 
   5.117 +interfere with each other through existing resource dependencies.
   5.118 +
   5.119 +2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 
   5.120 +share data, e.g., setup event channels or grant tables to each other, based on 
   5.121 +the two domains' ssidref. This, as the name says, is a simple policy. Think of 
   5.122 +each type as of a single color. Each domain has one or more colors, i.e., the 
   5.123 +domains ssid for the ste policy points to a set that has set one or multiple 
   5.124 +types. Let us assume in our example policy we differentiate 5 colors (types) 
   5.125 +and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 
   5.126 +exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 
   5.127 +set, i.e., has all defined colors.
   5.128 +
   5.129 +Sharing is enforced by the ste policy by requiring that two domains that want 
   5.130 +to establish an event channel or grant pages to each other must have a common 
   5.131 +color. Currently all domains communicate through DOM0 by default; i.e., Domain0 
   5.132 +will necessarily have all colors to be able to create domains (thus, we will 
   5.133 +assign ssidref(0) to Domain0 in our example below.
   5.134 +
   5.135 +More complex mandatory access control policies governing sharing will follow; 
   5.136 +such policies are more sophisticated than the "color" scheme above by allowing 
   5.137 +more flexible (and complex :_) access control decisions than "share a color" or 
   5.138 +"don't share a color" and will be able to express finer-grained policies.
   5.139 +
   5.140 +
   5.141 +2.3 Binary Policy:
   5.142 +In the future, we will have a policy tool that takes as input a more humane 
   5.143 +policy description, using types such as development, home-banking, donated-
   5.144 +Grid, CorpA-Payload ... and translates the respective policy into what we see 
   5.145 +today as the binary policy using 1s and 0s and sets of them. For now, we must 
   5.146 +live with the binary policy when working with sHype.
   5.147 +
   5.148 +    
   5.149 +2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 
   5.150 +edit the file (yes, this will soon be a compile option):
   5.151 +  xeno-unstable.bk/xen/include/public/acm.h
   5.152 +  Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
   5.153 +   To : #define ACM_USE_SECURITY_POLICY ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
   5.154 +   cd xeno-unstable.bk
   5.155 +   make mrproper
   5.156 +   make uninstall (manually remove /etc/xen.old if necessary)
   5.157 +   make
   5.158 +   ./install.sh      (recreate your kernel initrd's if necessary)
   5.159 +   Reboot into new xen.gz
   5.160 +     
   5.161 +After booting, check out 'xm dmesg'; should show somewhere in the middle:
   5.162 +
   5.163 +(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 
   5.164 +ENFORCEMENT policy.
   5.165 +
   5.166 +Even though you can activate those policies in any combination and also 
   5.167 +independently, the policy tool currently only supports setting the policy for 
   5.168 +the above combination.
   5.169 +
   5.170 +Now look at the minimal startup policy with:
   5.171 +                xeno-unstable.bk/tools/policytool getpolicy
   5.172 +
   5.173 +You should see something like:
   5.174 +
   5.175 +[root@laptop policy]# ./policy_tool getpolicy
   5.176 +
   5.177 +Policy dump:
   5.178 +============
   5.179 +Magic     = 1debc.
   5.180 +PolVer    = aaaa0000.
   5.181 +Len       = 36.
   5.182 +Primary   = CHINESE WALL policy (c=1, off=14).
   5.183 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c).
   5.184 +
   5.185 +
   5.186 +Chinese Wall policy:
   5.187 +====================
   5.188 +Max Types     = 1.
   5.189 +Max Ssidrefs  = 1.
   5.190 +Max ConfSets  = 1.
   5.191 +Ssidrefs Off  = 10.
   5.192 +Conflicts Off = 12.
   5.193 +Runing T. Off = 14.
   5.194 +C. Agg. Off   = 16.
   5.195 +
   5.196 +SSID To CHWALL-Type matrix:
   5.197 +
   5.198 +   ssidref 0:  00 
   5.199 +
   5.200 +Confict Sets:
   5.201 +
   5.202 +   c-set 0:    00 
   5.203 +
   5.204 +Running
   5.205 +Types:         00 
   5.206 +
   5.207 +Conflict
   5.208 +Aggregate Set: 00 
   5.209 +
   5.210 +
   5.211 +Simple Type Enforcement policy:
   5.212 +===============================
   5.213 +Max Types     = 1.
   5.214 +Max Ssidrefs  = 1.
   5.215 +Ssidrefs Off  = 8.
   5.216 +
   5.217 +SSID To STE-Type matrix:
   5.218 +
   5.219 +   ssidref 0: 01 
   5.220 +
   5.221 +
   5.222 +Policy dump End.
   5.223 +
   5.224 +This is a minimal policy (of little use), except it will disable starting any 
   5.225 +domain that does not have ssidref set to 0x0. The Chinese Wall policy has 
   5.226 +nothing to enforce and the ste policy only knows one type, which is set for the 
   5.227 +only defined ssidref.
   5.228 +
   5.229 +The item that defines the ssidref in a domain configuration is:
   5.230 +
   5.231 +ssidref = 0x12345678
   5.232 +
   5.233 +Where ssidref is interpreted as a 32bit number, where the lower 16bits become 
   5.234 +the ssidref for the primary policy and the higher 16bits become the ssidref for 
   5.235 +the secondary policy. sHype currently supports two policies but this is an 
   5.236 +implementation decision and can be extended if necessary.
   5.237 +
   5.238 +This reference defines the security information of a domain. The meaning of the 
   5.239 +SSID-REF depends on the policy, so we explain it when we explain the real 
   5.240 +policies.
   5.241 +
   5.242 +
   5.243 +Setting a new Security Policy:
   5.244 +******************************
   5.245 +The policy tool with all its current limitations has one usable example policy 
   5.246 +compiled-in. Please try at this time to use the setpolicy command:
   5.247 +       xeno-unstable.bk/tools/policy/policy_tool setpolicy
   5.248 +
   5.249 +You should see a dump of the policy you are setting. It should say at the very 
   5.250 +end: 
   5.251 +
   5.252 +Policy successfully set.
   5.253 +
   5.254 +Now try to dump the currently enforced policy, which is the policy we have just 
   5.255 +set and the dynamic security state information of this policy 
   5.256 +(<<< ... some additional explanations)
   5.257 +
   5.258 +[root@laptop policy]# ./policy_tool getpolicy
   5.259 +
   5.260 +Policy dump:
   5.261 +============
   5.262 +Magic     = 1debc.
   5.263 +PolVer    = aaaa0000.
   5.264 +Len       = 112.
   5.265 +Primary   = CHINESE WALL policy (c=1, off=14).
   5.266 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   5.267 +
   5.268 +
   5.269 +Chinese Wall policy:
   5.270 +====================
   5.271 +Max Types     = a.
   5.272 +Max Ssidrefs  = 5.
   5.273 +Max ConfSets  = 2.
   5.274 +Ssidrefs Off  = 10.
   5.275 +Conflicts Off = 74.
   5.276 +Runing T. Off = 9c.
   5.277 +C. Agg. Off   = b0.
   5.278 +
   5.279 +SSID To CHWALL-Type matrix:
   5.280 +
   5.281 +   ssidref 0:  01 00 00 00 00 00 00 00 00 00  <<< type0 is set for ssidref0
   5.282 +   ssidref 1:  00 01 00 00 00 00 00 00 00 00 
   5.283 +   ssidref 2:  00 00 01 00 00 00 00 00 00 00 
   5.284 +   ssidref 3:  00 00 00 01 00 00 00 00 00 00 
   5.285 +   ssidref 4:  00 00 00 00 01 00 00 00 00 00  <<< type4 is set for ssidref4
   5.286 +                                              <<< types 5-9 are unused
   5.287 +Confict Sets:
   5.288 +
   5.289 +   c-set 0:    00 00 01 01 00 00 00 00 00 00  <<< type2 and type3 never run together
   5.290 +   c-set 1:    01 00 00 00 00 01 01 00 00 00  <<< only one of types 0, 5 or 6 
   5.291 +                                              <<<   can run simultaneously
   5.292 +Running
   5.293 +Types:         01 00 00 00 00 00 00 00 00 00  <<< ref-count for types of running domains
   5.294 +
   5.295 +Conflict
   5.296 +Aggregate Set: 00 00 00 00 00 01 01 00 00 00  <<< aggregated set of types that                  
   5.297 +                                              <<< cannot run because they 
   5.298 +                                              <<< are in conflict set 1 and
   5.299 +                                              <<< (domain 0 is running w t0)
   5.300 +                                             
   5.301 +
   5.302 +Simple Type Enforcement policy:
   5.303 +===============================
   5.304 +Max Types     = 5.
   5.305 +Max Ssidrefs  = 5.
   5.306 +Ssidrefs Off  = 8.
   5.307 +
   5.308 +SSID To STE-Type matrix:
   5.309 +
   5.310 +   ssidref 0: 01 01 01 01 01                  <<< ssidref0 points to a set that                  
   5.311 +                                              <<< has all types set (colors)
   5.312 +   ssidref 1: 00 01 00 00 00                  <<< ssidref1 has color1 set
   5.313 +   ssidref 2: 00 00 01 00 00                  <<< ...
   5.314 +   ssidref 3: 00 00 00 01 00 
   5.315 +   ssidref 4: 00 00 00 00 01 
   5.316 +
   5.317 +
   5.318 +Policy dump End.
   5.319 +
   5.320 +
   5.321 +This is a small example policy with which we will demonstrate the enforcement.
   5.322 +
   5.323 +Starting Domains with policy enforcement
   5.324 +========================================
   5.325 +Now let us play with this policy. 
   5.326 +
   5.327 +Define 3 or 4 domain configurations. I use the following config using a ramdisk 
   5.328 +only and about 8MBytes of memory for each DomU (test purposes):
   5.329 +
   5.330 +#-------configuration xmsec1-------------------------
   5.331 +kernel = "/boot/vmlinuz-2.6.11-xenU"
   5.332 +ramdisk="/boot/U1_ramdisk.img"
   5.333 +#security reference identifier
   5.334 +ssidref= 0x00010001
   5.335 +memory = 10
   5.336 +name = "xmsec1"
   5.337 +cpu = -1   # leave to Xen to pick
   5.338 +# Number of network interfaces. Default is 1.
   5.339 +nics=1
   5.340 +dhcp="dhcp"
   5.341 +#-----------------------------------------------------
   5.342 +
   5.343 +xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 
   5.344 +your domain config file and add "ssidref = 0x00010001" to the first (xmsec1),  
   5.345 +"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003"  
   5.346 +to the third (we will call this one xmsec3).
   5.347 +
   5.348 +First start xmsec1: xm create -c xmsec1 (succeeds)
   5.349 +
   5.350 +Then
   5.351 +[root@laptop policy]# xm list 
   5.352 +Name              Id  Mem(MB)  CPU  State  Time(s)  Console  SSID-REF
   5.353 +Domain-0           0      620   0  r----     42.3            s:00/p:00
   5.354 +xmnosec            1        9   0  -b---      0.3    9601    s:00/p:05
   5.355 +xmsec1             2        9   0  -b---      0.2    9602    s:01/p:01
   5.356 +
   5.357 +Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 
   5.358 +and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are  
   5.359 +independent and can differ for a domain.
   5.360 +
   5.361 +[root@laptop policy]# ./policy_tool getpolicy
   5.362 +
   5.363 +Policy dump:
   5.364 +============
   5.365 +Magic     = 1debc.
   5.366 +PolVer    = aaaa0000.
   5.367 +Len       = 112.
   5.368 +Primary   = CHINESE WALL policy (c=1, off=14).
   5.369 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   5.370 +
   5.371 +
   5.372 +Chinese Wall policy:
   5.373 +====================
   5.374 +Max Types     = a.
   5.375 +Max Ssidrefs  = 5.
   5.376 +Max ConfSets  = 2.
   5.377 +Ssidrefs Off  = 10.
   5.378 +Conflicts Off = 74.
   5.379 +Runing T. Off = 9c.
   5.380 +C. Agg. Off   = b0.
   5.381 +
   5.382 +SSID To CHWALL-Type matrix:
   5.383 +
   5.384 +   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   5.385 +   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   5.386 +   ssidref 2:  00 00 01 00 00 00 00 00 00 00
   5.387 +   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   5.388 +   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   5.389 +
   5.390 +Confict Sets:
   5.391 +
   5.392 +   c-set 0:    00 00 01 01 00 00 00 00 00 00
   5.393 +   c-set 1:    01 00 00 00 00 01 01 00 00 00   <<< t1 is not part of any c-set
   5.394 +
   5.395 +Running
   5.396 +Types:         01 01 00 00 00 00 00 00 00 00   <<< xmsec1 has ssidref 1->type1
   5.397 +                  ^^                           <<< ref-count at position 1 incr
   5.398 +Conflict
   5.399 +Aggregate Set: 00 00 00 00 00 01 01 00 00 00   <<< domain 1 was allowed to       
   5.400 +                                               <<< start since type 1 was not
   5.401 +                                               <<< in conflict with running 
   5.402 +                                               <<< types
   5.403 +                                            
   5.404 +Simple Type Enforcement policy:
   5.405 +===============================
   5.406 +Max Types     = 5.
   5.407 +Max Ssidrefs  = 5.
   5.408 +Ssidrefs Off  = 8.
   5.409 +
   5.410 +SSID To STE-Type matrix:
   5.411 +
   5.412 +   ssidref 0: 01 01 01 01 01           <<< the ste policy does not maintain; we
   5.413 +   ssidref 1: 00 01 00 00 00   <--     <<< see that domain xmsec1 has ste 
   5.414 +   ssidref 2: 00 00 01 00 00           <<< ssidref1->type1 and has this type in
   5.415 +   ssidref 3: 00 00 00 01 00           <<< common with dom0
   5.416 +   ssidref 4: 00 00 00 00 01
   5.417 +
   5.418 +
   5.419 +Policy dump End.
   5.420 +
   5.421 +Look at sHype output in xen dmesg:
   5.422 +
   5.423 +[root@laptop xen]# xm dmesg
   5.424 +.
   5.425 +.
   5.426 +[somewhere near the very end]
   5.427 +(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1.
   5.428 +(XEN) ste_init_domain_ssid.
   5.429 +(XEN) ste_init_domain_ssid: determined ste_ssidref to 1.
   5.430 +(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01.
   5.431 +(XEN) chwall_post_domain_create.
   5.432 +(XEN) ste_pre_eventchannel_interdomain.
   5.433 +(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   5.434 +(XEN) shype_authorize_domops.
   5.435 +(XEN) ste_pre_eventchannel_interdomain.
   5.436 +(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   5.437 +(XEN) ste_pre_eventchannel_interdomain.
   5.438 +(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
   5.439 +
   5.440 +
   5.441 +You can see that the chinese wall policy does not complain and that the ste 
   5.442 +policy makes three access control decisions for three event-channels setup 
   5.443 +between domain 0 and the new domain 1. Each time, the two domains share the 
   5.444 +type1 and setting up the eventchannel is permitted.
   5.445 +
   5.446 +
   5.447 +Starting up a second domain xmsec2:
   5.448 +
   5.449 +[root@laptop xen]# xm create -c xmsec2
   5.450 +Using config file "xmsec2".
   5.451 +Started domain xmsec2, console on port 9602
   5.452 +************ REMOTE CONSOLE: CTRL-] TO QUIT ********
   5.453 +Linux version 2.6.11-xenU (root@laptop.home.org) (gcc version 3.4.2 20041017 
   5.454 +(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005
   5.455 +.
   5.456 +.
   5.457 +.
   5.458 +[root@laptop policy]# xm list
   5.459 +Name              Id  Mem(MB)  CPU  State  Time(s)  Console  SSID-REF
   5.460 +Domain-0           0      620   0  r----     71.7            s:00/p:00
   5.461 +xmsec1             1        9   0  -b---      0.3    9601    s:01/p:01
   5.462 +xmsec2             2        7   0  -b---      0.3    9602    s:02/p:02   << our domain runs both policies with ssidref 2
   5.463 +
   5.464 +
   5.465 +[root@laptop policy]# ./policy_tool getpolicy
   5.466 +
   5.467 +Policy dump:
   5.468 +============
   5.469 +Magic     = 1debc.
   5.470 +PolVer    = aaaa0000.
   5.471 +Len       = 112.
   5.472 +Primary   = CHINESE WALL policy (c=1, off=14).
   5.473 +Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
   5.474 +
   5.475 +
   5.476 +Chinese Wall policy:
   5.477 +====================
   5.478 +Max Types     = a.
   5.479 +Max Ssidrefs  = 5.
   5.480 +Max ConfSets  = 2.
   5.481 +Ssidrefs Off  = 10.
   5.482 +Conflicts Off = 74.
   5.483 +Runing T. Off = 9c.
   5.484 +C. Agg. Off   = b0.
   5.485 +
   5.486 +SSID To CHWALL-Type matrix:
   5.487 +
   5.488 +   ssidref 0:  01 00 00 00 00 00 00 00 00 00
   5.489 +   ssidref 1:  00 01 00 00 00 00 00 00 00 00
   5.490 +   ssidref 2:  00 00 01 00 00 00 00 00 00 00   <<< our domain has type 2 set
   5.491 +   ssidref 3:  00 00 00 01 00 00 00 00 00 00
   5.492 +   ssidref 4:  00 00 00 00 01 00 00 00 00 00
   5.493 +
   5.494 +Confict Sets:
   5.495 +
   5.496 +   c-set 0:    00 00 01 01 00 00 00 00 00 00   <<< t2 is in c-set0 with type 3
   5.497 +   c-set 1:    01 00 00 00 00 01 01 00 00 00
   5.498 +
   5.499 +Running
   5.500 +Types:         01 01 01 00 00 00 00 00 00 00   <<< t2 is running since the 
   5.501 +                     ^^                        <<< current aggregate conflict
   5.502 +                                               <<< set (see above) does not 
   5.503 +                                               <<< include type 2
   5.504 +Conflict
   5.505 +Aggregate Set: 00 00 00 01 00 01 01 00 00 00   <<< type 3 is added to the 
   5.506 +                                               <<< conflict aggregate
   5.507 +
   5.508 +
   5.509 +Simple Type Enforcement policy:
   5.510 +===============================
   5.511 +Max Types     = 5.
   5.512 +Max Ssidrefs  = 5.
   5.513 +Ssidrefs Off  = 8.
   5.514 +
   5.515 +SSID To STE-Type matrix:
   5.516 +
   5.517 +   ssidref 0: 01 01 01 01 01
   5.518 +   ssidref 1: 00 01 00 00 00
   5.519 +   ssidref 2: 00 00 01 00 00
   5.520 +   ssidref 3: 00 00 00 01 00
   5.521 +   ssidref 4: 00 00 00 00 01
   5.522 +
   5.523 +
   5.524 +Policy dump End.
   5.525 +
   5.526 +
   5.527 +The sHype xen dmesg output looks similar to the one above when starting the 
   5.528 +first domain.
   5.529 +
   5.530 +Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 
   5.531 +conflicts with running type2 (from xmsec2). As expected, creating this domain 
   5.532 +fails for security policy enforcement reasons.
   5.533 +
   5.534 +[root@laptop xen]# xm create -c xmsec3
   5.535 +Using config file "xmsec3".
   5.536 +Error: Error creating domain: (22, 'Invalid argument')
   5.537 +[root@laptop xen]#
   5.538 +
   5.539 +[root@laptop xen]# xm dmesg
   5.540 +.
   5.541 +.
   5.542 +[somewhere near the very end]
   5.543 +(XEN) chwall_pre_domain_create.
   5.544 +(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03.
   5.545 +
   5.546 +xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 
   5.547 +set. This domain cannot start until domain xmsec2 is destroyed, at which time 
   5.548 +the aggregate conflict set is reduced and type3 is excluded from it. Then, 
   5.549 +xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it.
   5.550 +
   5.551 +3. Policy tool
   5.552 +**************
   5.553 +toos/policy/policy_tool.c
   5.554 +
   5.555 +a) ./policy_tool getpolicy
   5.556 +      prints the currently enforced policy
   5.557 +      (see for example section 1.)
   5.558 +
   5.559 +b) ./policy_tool setpolicy
   5.560 +      sets a predefined and hardcoded security
   5.561 +      policy (the one described in section 2.)
   5.562 +
   5.563 +c) ./policy_tool dumpstats
   5.564 +      prints some status information about the caching
   5.565 +      of access control decisions (number of cache hits
   5.566 +      and number of policy evaluations for grant_table
   5.567 +      and event channels).
   5.568 +
   5.569 +d) ./policy_tool loadpolicy <binary_policy_file>
   5.570 +      sets the policy defined in the <binary_policy_file>
   5.571 +      please use the policy_processor that is posted to this
   5.572 +      mailing list to create such a binary policy from an XML
   5.573 +      policy description
   5.574 +
   5.575 +4. Policy interface:
   5.576 +********************
   5.577 +The Policy interface is working in "network-byte-order" (big endian). The reason for this
   5.578 +is that policy files/management should be portable and independent of the platforms.
   5.579 +
   5.580 +Our policy interface enables managers to create a single binary policy file in a trusted
   5.581 +environment and distributed it to multiple systems for enforcement.
   5.582 +
   5.583 +====================end-of file=======================================
   5.584 \ No newline at end of file
     6.1 --- a/linux-2.6.11-xen-sparse/drivers/xen/netfront/netfront.c	Sat Jun 18 00:49:11 2005 +0000
     6.2 +++ b/linux-2.6.11-xen-sparse/drivers/xen/netfront/netfront.c	Tue Jun 21 07:02:30 2005 +0000
     6.3 @@ -623,7 +623,7 @@ static int netif_poll(struct net_device 
     6.4              /* Only copy the packet if it fits in the current MTU. */
     6.5              if (skb->len <= (dev->mtu + ETH_HLEN)) {
     6.6                  if ((skb->tail > skb->end) && net_ratelimit())
     6.7 -                    printk(KERN_INFO "Received packet needs %d bytes more "
     6.8 +                    printk(KERN_INFO "Received packet needs %zd bytes more "
     6.9                             "headroom.\n", skb->tail - skb->end);
    6.10  
    6.11                  if ((nskb = alloc_xen_skb(skb->len + 2)) != NULL) {
    6.12 @@ -967,9 +967,9 @@ static int create_netdev(int handle, str
    6.13  
    6.14      /* Initialise {tx,rx}_skbs to be a free chain containing every entry. */
    6.15      for (i = 0; i <= NETIF_TX_RING_SIZE; i++)
    6.16 -        np->tx_skbs[i] = (void *)(i+1);
    6.17 +        np->tx_skbs[i] = (void *)((unsigned long) i+1);
    6.18      for (i = 0; i <= NETIF_RX_RING_SIZE; i++)
    6.19 -        np->rx_skbs[i] = (void *)(i+1);
    6.20 +        np->rx_skbs[i] = (void *)((unsigned long) i+1);
    6.21  
    6.22      dev->open            = network_open;
    6.23      dev->hard_start_xmit = network_start_xmit;
    6.24 @@ -1343,7 +1343,7 @@ static int xennet_proc_read(
    6.25  {
    6.26      struct net_device *dev = (struct net_device *)((unsigned long)data & ~3UL);
    6.27      struct net_private *np = netdev_priv(dev);
    6.28 -    int len = 0, which_target = (int)data & 3;
    6.29 +    int len = 0, which_target = (unsigned long) data & 3;
    6.30      
    6.31      switch (which_target)
    6.32      {
    6.33 @@ -1368,7 +1368,7 @@ static int xennet_proc_write(
    6.34  {
    6.35      struct net_device *dev = (struct net_device *)((unsigned long)data & ~3UL);
    6.36      struct net_private *np = netdev_priv(dev);
    6.37 -    int which_target = (int)data & 3;
    6.38 +    int which_target = (unsigned long) data & 3;
    6.39      char string[64];
    6.40      long target;
    6.41  
     7.1 --- a/tools/Makefile	Sat Jun 18 00:49:11 2005 +0000
     7.2 +++ b/tools/Makefile	Tue Jun 21 07:02:30 2005 +0000
     7.3 @@ -12,6 +12,7 @@ SUBDIRS += xcs
     7.4  SUBDIRS += xcutils
     7.5  SUBDIRS += pygrub
     7.6  SUBDIRS += firmware
     7.7 +SUBDIRS += policy
     7.8  
     7.9  .PHONY: all install clean check check_clean ioemu eioemuinstall ioemuclean
    7.10  
     8.1 --- a/tools/libxc/xc.h	Sat Jun 18 00:49:11 2005 +0000
     8.2 +++ b/tools/libxc/xc.h	Tue Jun 21 07:02:30 2005 +0000
     8.3 @@ -110,6 +110,7 @@ int xc_waitdomain_core(int domain,
     8.4  
     8.5  typedef struct {
     8.6      u32           domid;
     8.7 +    u32           ssidref;
     8.8      unsigned int  dying:1, crashed:1, shutdown:1, 
     8.9                    paused:1, blocked:1, running:1;
    8.10      unsigned int  shutdown_reason; /* only meaningful if shutdown==1 */
    8.11 @@ -124,6 +125,7 @@ typedef struct {
    8.12  
    8.13  typedef dom0_getdomaininfo_t xc_domaininfo_t;
    8.14  int xc_domain_create(int xc_handle, 
    8.15 +                     u32 ssidref,
    8.16                       u32 *pdomid);
    8.17  
    8.18  
     9.1 --- a/tools/libxc/xc_domain.c	Sat Jun 18 00:49:11 2005 +0000
     9.2 +++ b/tools/libxc/xc_domain.c	Tue Jun 21 07:02:30 2005 +0000
     9.3 @@ -9,6 +9,7 @@
     9.4  #include "xc_private.h"
     9.5  
     9.6  int xc_domain_create(int xc_handle,
     9.7 +                     u32 ssidref,
     9.8                       u32 *pdomid)
     9.9  {
    9.10      int err;
    9.11 @@ -16,6 +17,7 @@ int xc_domain_create(int xc_handle,
    9.12  
    9.13      op.cmd = DOM0_CREATEDOMAIN;
    9.14      op.u.createdomain.domain = (domid_t)*pdomid;
    9.15 +    op.u.createdomain.ssidref = ssidref;
    9.16      if ( (err = do_dom0_op(xc_handle, &op)) != 0 )
    9.17          return err;
    9.18  
    9.19 @@ -101,6 +103,7 @@ int xc_domain_getinfo(int xc_handle,
    9.20              info->crashed  = 1;
    9.21          }
    9.22  
    9.23 +        info->ssidref  = op.u.getdomaininfo.ssidref;
    9.24          info->nr_pages = op.u.getdomaininfo.tot_pages;
    9.25          info->max_memkb = op.u.getdomaininfo.max_pages<<(PAGE_SHIFT);
    9.26          info->shared_info_frame = op.u.getdomaininfo.shared_info_frame;
    10.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    10.2 +++ b/tools/misc/policyprocessor/SecurityLabel.java	Tue Jun 21 07:02:30 2005 +0000
    10.3 @@ -0,0 +1,34 @@
    10.4 +/**
    10.5 + * (C) Copyright IBM Corp. 2005
    10.6 + *
    10.7 + * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    10.8 + *
    10.9 + * Author: Ray Valdez
   10.10 + *
   10.11 + * This program is free software; you can redistribute it and/or
   10.12 + * modify it under the terms of the GNU General Public License as
   10.13 + * published by the Free Software Foundation, version 2 of the
   10.14 + * License.
   10.15 + *
   10.16 + * SecurityLabel Class.  
   10.17 + *
   10.18 + * <p>
   10.19 + *
   10.20 + * Keeps track of types.
   10.21 + *
   10.22 + * <p>
   10.23 + *
   10.24 + *
   10.25 + */
   10.26 +import java.util.*;
   10.27 +public class SecurityLabel
   10.28 +{
   10.29 + Vector ids;
   10.30 + Vector vlans;
   10.31 + Vector slots;
   10.32 + Vector steTypes;
   10.33 + int steSsidPosition;
   10.34 + Vector chwIDs;
   10.35 + Vector chwTypes;
   10.36 + int chwSsidPosition;
   10.37 +}
    11.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    11.2 +++ b/tools/misc/policyprocessor/SecurityPolicySpec.xsd	Tue Jun 21 07:02:30 2005 +0000
    11.3 @@ -0,0 +1,115 @@
    11.4 +<?xml version="1.0" encoding="UTF-8"?>
    11.5 +<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    11.6 +<!-- xml schema definition for xen xml policies -->
    11.7 +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    11.8 +targetNamespace="http://www.ibm.com"
    11.9 +xmlns="http://www.ibm.com" 
   11.10 +elementFormDefault="qualified">
   11.11 +
   11.12 +<xsd:element name="TE" type="xsd:string" />
   11.13 +<xsd:element name="ChWall" type="xsd:string" />
   11.14 +
   11.15 +<xsd:element name="Definition">
   11.16 +  <xsd:complexType>
   11.17 + 	<xsd:sequence>
   11.18 +
   11.19 +	  <!-- simple type enforcement -->
   11.20 +	  <xsd:element name="Types" minOccurs ="0" maxOccurs="1">
   11.21 +		<xsd:complexType>
   11.22 +		  <xsd:sequence>
   11.23 +			<xsd:element ref="TE" minOccurs ="1" maxOccurs ="unbounded"/>
   11.24 +		  </xsd:sequence>
   11.25 +		</xsd:complexType>
   11.26 +	  </xsd:element>
   11.27 +
   11.28 +	  <!-- chinese wall -->
   11.29 +	  <!--   type definition -->
   11.30 +	  <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1">
   11.31 +		<xsd:complexType>
   11.32 +		  <xsd:sequence>
   11.33 +			<xsd:element ref="ChWall"  minOccurs ="1" maxOccurs ="unbounded"/>
   11.34 +
   11.35 +      	   	</xsd:sequence>
   11.36 +          </xsd:complexType>
   11.37 +	</xsd:element>
   11.38 +
   11.39 +  	<!--   conflict set -->
   11.40 +	  <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded">
   11.41 +		<xsd:complexType>
   11.42 +		  <xsd:sequence>
   11.43 +			<xsd:element ref="ChWall"  minOccurs ="2" maxOccurs ="unbounded"/>
   11.44 +		  </xsd:sequence>
   11.45 +		</xsd:complexType>
   11.46 +	</xsd:element>
   11.47 +
   11.48 +	</xsd:sequence>
   11.49 +  </xsd:complexType>
   11.50 +</xsd:element>
   11.51 +
   11.52 +<xsd:element name="Policy">
   11.53 +    <xsd:complexType>
   11.54 +      <xsd:sequence>
   11.55 +
   11.56 +	<xsd:element name="PolicyHeader">
   11.57 +    	<xsd:complexType>
   11.58 +      	   <xsd:all>
   11.59 +		<xsd:element name = "Name" type="xsd:string"/>
   11.60 +		<xsd:element name = "DateTime" type="xsd:dateTime"/>
   11.61 +		<xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" type="xsd:string"/>
   11.62 +		<xsd:element name = "TypeDefinition">
   11.63 +    		<xsd:complexType>
   11.64 +      	   	  <xsd:all>
   11.65 +			<xsd:element name = "url" type="xsd:string"/>
   11.66 +			<xsd:element name = "hash" minOccurs ="0" maxOccurs ="1" type="xsd:string"/>
   11.67 +      	   	  </xsd:all>
   11.68 +    		</xsd:complexType>
   11.69 +		</xsd:element>
   11.70 +
   11.71 +      	   </xsd:all>
   11.72 +    	</xsd:complexType>
   11.73 +	</xsd:element>
   11.74 +
   11.75 +	<xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded">
   11.76 +    	  <xsd:complexType>
   11.77 +      	   <xsd:sequence>
   11.78 +		<xsd:element name="id" type="xsd:integer"/>
   11.79 +		<xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" />
   11.80 +		<xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/>
   11.81 +      	   </xsd:sequence>
   11.82 +    	  </xsd:complexType>
   11.83 +	</xsd:element>
   11.84 +
   11.85 +	<xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded">
   11.86 +    	  <xsd:complexType>
   11.87 +      	   <xsd:sequence>
   11.88 +		<xsd:element name="vid" type="xsd:integer"/>
   11.89 +		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
   11.90 +      	   </xsd:sequence>
   11.91 +    	  </xsd:complexType>
   11.92 +	</xsd:element>
   11.93 +
   11.94 +	<xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded">
   11.95 +    	  <xsd:complexType>
   11.96 +      	   <xsd:sequence>
   11.97 +		<xsd:element name="bus" type="xsd:integer"/>
   11.98 +		<xsd:element name="slot" type="xsd:integer"/>
   11.99 +		<xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
  11.100 +      	   </xsd:sequence>
  11.101 +    	  </xsd:complexType>
  11.102 +	</xsd:element>
  11.103 +
  11.104 +
  11.105 +      </xsd:sequence>
  11.106 +    </xsd:complexType>
  11.107 +</xsd:element>
  11.108 +
  11.109 +<!-- root element -->
  11.110 +<xsd:element name="SecurityPolicySpec">
  11.111 +    <xsd:complexType>
  11.112 +      <xsd:choice>
  11.113 +		<xsd:element ref="Definition" minOccurs ="1" maxOccurs="unbounded"/>
  11.114 +		<xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/>
  11.115 +      </xsd:choice>
  11.116 +    </xsd:complexType>
  11.117 +</xsd:element>
  11.118 +</xsd:schema>
    12.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    12.2 +++ b/tools/misc/policyprocessor/SsidsEntry.java	Tue Jun 21 07:02:30 2005 +0000
    12.3 @@ -0,0 +1,29 @@
    12.4 +/**
    12.5 + * (C) Copyright IBM Corp. 2005
    12.6 + *
    12.7 + * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $
    12.8 + *
    12.9 + * Author: Ray Valdez
   12.10 + * 
   12.11 + * This program is free software; you can redistribute it and/or
   12.12 + * modify it under the terms of the GNU General Public License as
   12.13 + * published by the Free Software Foundation, version 2 of the
   12.14 + * License.
   12.15 + *
   12.16 + * SsidsEntry Class.  
   12.17 + * <p>
   12.18 + *
   12.19 + * Holds ssid information.
   12.20 + *
   12.21 + * <p>
   12.22 + *
   12.23 + *
   12.24 + */
   12.25 +public class SsidsEntry 
   12.26 + {
   12.27 +  int id;	/* used for partition and vlan */
   12.28 +  int bus;	/* used for slots */
   12.29 +  int slot;
   12.30 +  int ste = 0xffffffff;
   12.31 +  int chw = 0xffffffff;
   12.32 + }
    13.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    13.2 +++ b/tools/misc/policyprocessor/XmlToBin.java	Tue Jun 21 07:02:30 2005 +0000
    13.3 @@ -0,0 +1,1588 @@
    13.4 +/**
    13.5 + * (C) Copyright IBM Corp. 2005
    13.6 + *
    13.7 + * $Id: XmlToBin.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    13.8 + *
    13.9 + * Author: Ray Valdez
   13.10 + *
   13.11 + * This program is free software; you can redistribute it and/or
   13.12 + * modify it under the terms of the GNU General Public License as
   13.13 + * published by the Free Software Foundation, version 2 of the
   13.14 + * License.
   13.15 + *
   13.16 + * XmlToBin  Class.  
   13.17 + * <p>
   13.18 + *
   13.19 + * Translates a xml representation of a SHYPE policy into a binary  
   13.20 + * format.  The class processes an xml policy file based on elment tags 
   13.21 + * defined in a schema definition files: SecurityPolicySpec.xsd.
   13.22 + *
   13.23 + * XmlToBin Command line Options: 
   13.24 + *
   13.25 + *      -i              inputFile:      name of policyfile (.xml)
   13.26 + *      -o              outputFile:     name of binary policy file (Big Endian)
   13.27 + *      -xssid          SsidFile:       xen ssids to types text file
   13.28 + *      -xssidconf      SsidConf:   	xen conflict ssids to types text file
   13.29 + *      -debug                          turn on debug messages
   13.30 + *      -help                           help. This printout
   13.31 + *
   13.32 + * <p>
   13.33 + *
   13.34 + *
   13.35 + */
   13.36 +import java.util.*;
   13.37 +import java.io.*;
   13.38 +import java.io.IOException;
   13.39 +import java.io.FileNotFoundException;
   13.40 +import org.w3c.dom.Document;
   13.41 +import org.w3c.dom.Element;
   13.42 +import org.w3c.dom.Node;
   13.43 +import org.w3c.dom.Attr;
   13.44 +import org.w3c.dom.NodeList;
   13.45 +import org.w3c.dom.NamedNodeMap;
   13.46 +import org.xml.sax.*;
   13.47 +import javax.xml.parsers.*;
   13.48 +import org.xml.sax.helpers.*;
   13.49 +
   13.50 +public class XmlToBin 
   13.51 + implements XmlToBinInterface
   13.52 +{
   13.53 +  class SlotInfo {
   13.54 +	String bus;
   13.55 +	String slot;
   13.56 +  }
   13.57 +
   13.58 + boolean LittleEndian = false;
   13.59 + boolean debug = false;
   13.60 +
   13.61 + static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
   13.62 +
   13.63 + static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
   13.64 +
   13.65 + public static void printUsage()
   13.66 + {
   13.67 +  System.out.println("XmlToBin Command line Options: ");
   13.68 +  System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)");
   13.69 +  System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big Endian)");
   13.70 +  System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text file");
   13.71 +  System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named types text file");
   13.72 +  System.out.println("\t-debug\t\t\t\tturn on debug messages");
   13.73 +  System.out.println("\t-help\t\t\t\thelp. This printout");
   13.74 +  return;
   13.75 + }
   13.76 +
   13.77 + public void printDebug(String message) 
   13.78 + {
   13.79 +  if (debug)
   13.80 +    System.out.println(message);
   13.81 + }
   13.82 +
   13.83 + public void writeBinPolicy(byte[] binPolicy, String outputFileName)
   13.84 +  throws Exception
   13.85 + {
   13.86 +    if (debug) 
   13.87 +    	printHex(binPolicy,binPolicy.length);
   13.88 +
   13.89 +    DataOutputStream writeObj = new DataOutputStream(
   13.90 +                                new FileOutputStream(outputFileName));
   13.91 +
   13.92 +    writeObj.write(binPolicy);
   13.93 +    writeObj.flush();
   13.94 +    writeObj.close();
   13.95 +    System.out.println(" wBP:: wrote outputfile: " + outputFileName);
   13.96 +
   13.97 +    return; 
   13.98 + }  
   13.99 +
  13.100 + public void writeXenTypeVectorFile(Vector list, String outputFileName)
  13.101 +  throws Exception
  13.102 + {
  13.103 +  PrintWriter out;
  13.104 +
  13.105 +  if (0 == list.size())
  13.106 +  {
  13.107 +   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
  13.108 +	return;
  13.109 +  }
  13.110 + out = new PrintWriter(
  13.111 +	 	new BufferedWriter(
  13.112 +                      new FileWriter(outputFileName)));
  13.113 +
  13.114 +
  13.115 +  for (int i = 0; i < list.size(); i++)
  13.116 +  {
  13.117 +	Vector	ee = (Vector) list.elementAt(i);
  13.118 +   	out.println(i + " " +ee.toString());
  13.119 +  } 
  13.120 +    out.close();
  13.121 +   
  13.122 +    return; 
  13.123 + }
  13.124 +
  13.125 + public void writeXenTypeFile(Vector list, String outputFileName, boolean slabel)
  13.126 +  throws Exception
  13.127 + {
  13.128 +  Vector entry; 
  13.129 +  String strTypes = "";
  13.130 +  SecurityLabel ee;
  13.131 +  PrintWriter out;
  13.132 +
  13.133 +  if (0 == list.size())
  13.134 +  {
  13.135 +   	printDebug(" wSTF : size of input is zero when writing :" + outputFileName); 
  13.136 +	return;
  13.137 +  }
  13.138 +  out = new PrintWriter(
  13.139 +	 	new BufferedWriter(
  13.140 +                      new FileWriter(outputFileName)));
  13.141 +
  13.142 +  for (int i = 0; i < list.size(); i++)
  13.143 +  {
  13.144 +	ee = (SecurityLabel) list.elementAt(i);
  13.145 +
  13.146 +	if (slabel)
  13.147 +	{
  13.148 +		entry = ee.steTypes; 
  13.149 +	} else {
  13.150 +
  13.151 +		entry = ee.chwTypes; 
  13.152 +	}
  13.153 +	if (null == entry) continue;
  13.154 +
  13.155 +	Enumeration e = entry.elements(); 
  13.156 +	while (e.hasMoreElements())
  13.157 +	{
  13.158 +  	  String typeName = (String) e.nextElement(); 
  13.159 +	  strTypes = strTypes + " " + typeName;
  13.160 +        }
  13.161 +    	  printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 
  13.162 +   	  out.println(i +" "+strTypes);
  13.163 +	  strTypes = "";
  13.164 +  } 
  13.165 +  out.close();
  13.166 +   
  13.167 +  return; 
  13.168 + }
  13.169 +
  13.170 + public void setDebug(boolean value)
  13.171 + {
  13.172 +  debug=value;
  13.173 + }
  13.174 +
  13.175 + public void setEndian(boolean value)
  13.176 + {
  13.177 +  LittleEndian = value;
  13.178 + }
  13.179 +
  13.180 + public byte[] generateVlanSsids(Vector bagOfSsids)
  13.181 +  throws Exception
  13.182 + {
  13.183 +  /**
  13.184 +        typedef struct {
  13.185 +        u16 vlan;
  13.186 +        u16 ssid_ste;
  13.187 +        } acm_vlan_entry_t;
  13.188 +  **/
  13.189 +
  13.190 +  Hashtable  vlanSsid = new Hashtable();
  13.191 +  printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size());
  13.192 +
  13.193 +  /* Get the number of partitions */
  13.194 +  for (int i = 0; i < bagOfSsids.size(); i++)
  13.195 +  {
  13.196 +	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  13.197 +
  13.198 +	if (null == entry.vlans)
  13.199 +	  continue;
  13.200 +
  13.201 +	Enumeration e = entry.vlans.elements(); 
  13.202 +	while (e.hasMoreElements())
  13.203 +	{
  13.204 +  	  String id = (String) e.nextElement(); 
  13.205 +      	  printDebug(" gVS:: vlan: " + id + "has ste ssid: " + entry.steSsidPosition);
  13.206 +	  if (-1 == entry.steSsidPosition)
  13.207 +		continue;  
  13.208 +
  13.209 +	  /* Only use ste for vlan */
  13.210 +	  SsidsEntry  ssidsObj = new SsidsEntry();
  13.211 +
  13.212 +	  ssidsObj.id = Integer.parseInt(id); 
  13.213 +	  ssidsObj.ste = entry.steSsidPosition;
  13.214 +
  13.215 +	  if (vlanSsid.contains(id))
  13.216 +      	  	printDebug(" gVS:: Error already in the Hash part:" + ssidsObj.id);
  13.217 +	  else 
  13.218 + 		vlanSsid.put(id, ssidsObj);
  13.219 +      	  	printDebug(" gVS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
  13.220 +	}
  13.221 +  }
  13.222 +
  13.223 +  /* allocate array */ 
  13.224 +  int numOfVlan = vlanSsid.size();
  13.225 +  int totalSize = (numOfVlan * vlanEntrySz);  
  13.226 +
  13.227 +  if (0 == numOfVlan) 
  13.228 +  {
  13.229 +  	printDebug(" gVS:: vlan: binary ==> zero");
  13.230 +        return new byte[0];
  13.231 +  }
  13.232 +
  13.233 +  byte[] vlanArray = new byte[totalSize];
  13.234 +
  13.235 +  int index = 0;
  13.236 +
  13.237 +  Enumeration e = vlanSsid.elements(); 
  13.238 +  while (e.hasMoreElements())
  13.239 +  {
  13.240 +  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  13.241 +      	printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste);
  13.242 +
  13.243 +	/* Write id */
  13.244 +   	writeShortToStream(vlanArray,(short)entry.id,index);
  13.245 +	index = index + u16Size;
  13.246 +
  13.247 +	/* write ste ssid */
  13.248 +   	writeShortToStream(vlanArray,(short) entry.ste,index);
  13.249 +	index = index + u16Size;
  13.250 +  }
  13.251 +
  13.252 +  printDebug(" gVS:: vlan: num of vlans  " + numOfVlan);
  13.253 +  printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length);
  13.254 +
  13.255 +  if (debug) 
  13.256 +	printHex(vlanArray,vlanArray.length);
  13.257 +  printDebug("\n");
  13.258 +
  13.259 +  return vlanArray; 
  13.260 + }  
  13.261 +
  13.262 + public byte[] generateSlotSsids(Vector bagOfSsids)
  13.263 +  throws Exception
  13.264 + {
  13.265 +  /**
  13.266 +        typedef struct {
  13.267 +        u16 slot_max;
  13.268 +        u16 slot_offset;
  13.269 +        } acm_slot_buffer_t;
  13.270 +
  13.271 +        typedef struct {
  13.272 +        u16 bus;
  13.273 +        u16 slot;
  13.274 +        u16 ssid_ste;
  13.275 +        } acm_slot_entry_t;
  13.276 +  **/
  13.277 +  Hashtable  slotSsid = new Hashtable();
  13.278 +  printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size());
  13.279 +
  13.280 +  /* Find the number of VMs */ 
  13.281 +  for (int i = 0; i < bagOfSsids.size(); i++)
  13.282 +  {
  13.283 +	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  13.284 +
  13.285 +	if (null == entry.slots)
  13.286 +	  continue;
  13.287 +
  13.288 +	Enumeration e = entry.slots.elements(); 
  13.289 +	while (e.hasMoreElements())
  13.290 +	{
  13.291 +  	  SlotInfo item = (SlotInfo) e.nextElement(); 
  13.292 +      	  printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " +  entry.steSsidPosition);
  13.293 +	  if (-1 == entry.steSsidPosition)
  13.294 +		continue;  
  13.295 +
  13.296 +	  SsidsEntry  ssidsObj = new SsidsEntry();
  13.297 +
  13.298 +	  String id = item.bus +" "+item.slot;
  13.299 +	  ssidsObj.bus = Integer.parseInt(item.bus); 
  13.300 +	  ssidsObj.slot = Integer.parseInt(item.slot); 
  13.301 +	  /* set ste ssid */
  13.302 +	  ssidsObj.ste = entry.steSsidPosition;
  13.303 +
  13.304 +	  if (slotSsid.contains(id))
  13.305 +      	  	printDebug(" gSS:: Error already in the Hash part:" + id);
  13.306 +	  else 
  13.307 +	  	slotSsid.put(id, ssidsObj);
  13.308 +
  13.309 +      	  	printDebug(" gSS:: added slot: " + id + "has ste ssid: " + entry.steSsidPosition);
  13.310 +	}
  13.311 +  }
  13.312 +
  13.313 +  /* allocate array */
  13.314 +  int numOfSlot = slotSsid.size();
  13.315 +
  13.316 +  if (0 == numOfSlot) 
  13.317 +  {
  13.318 +  	printDebug(" gVS:: slot: binary ==> zero");
  13.319 +        return new byte[0];
  13.320 +  }
  13.321 +
  13.322 +  int totalSize = (numOfSlot * slotEntrySz);  
  13.323 +
  13.324 +  byte[] slotArray = new byte[totalSize];
  13.325 +
  13.326 +  int index = 0;
  13.327 +
  13.328 +  Enumeration e = slotSsid.elements(); 
  13.329 +  while (e.hasMoreElements())
  13.330 +  {
  13.331 +  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  13.332 +      	System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + " ste ssid: " + entry.ste);
  13.333 +
  13.334 +	/* Write bus */
  13.335 +   	writeShortToStream(slotArray,(short)entry.bus,index);
  13.336 +	index = index + u16Size;
  13.337 +
  13.338 +	/* Write slot */ 
  13.339 +   	writeShortToStream(slotArray,(short)entry.slot,index);
  13.340 +	index = index + u16Size;
  13.341 +
  13.342 +	/* Write ste ssid */
  13.343 +   	writeShortToStream(slotArray,(short) entry.ste,index);
  13.344 +	index = index + u16Size;
  13.345 +
  13.346 +  }
  13.347 +   
  13.348 +  printDebug(" gSS:: slot: num of vlans  " + numOfSlot);
  13.349 +  printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length);
  13.350 +
  13.351 +  if (debug) 
  13.352 + 	 printHex(slotArray,slotArray.length);
  13.353 +  printDebug("\n");
  13.354 +
  13.355 +  return slotArray; 
  13.356 +
  13.357 + }  
  13.358 +
  13.359 + public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids)
  13.360 +  throws Exception
  13.361 + {
  13.362 +  /**
  13.363 +        typedef struct {
  13.364 +        u16 id;
  13.365 +        u16 ssid_ste;
  13.366 +        u16 ssid_chwall;
  13.367 +        } acm_partition_entry_t;
  13.368 +
  13.369 +  **/
  13.370 +  Hashtable  partSsid = new Hashtable();
  13.371 +  printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size());
  13.372 +
  13.373 +  /* Find the number of VMs */ 
  13.374 +  for (int i = 0; i < bagOfSsids.size(); i++)
  13.375 +  {
  13.376 +	SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
  13.377 +
  13.378 +	if (null == entry.ids)
  13.379 +	  continue;
  13.380 +
  13.381 +	Enumeration e = entry.ids.elements(); 
  13.382 +	while (e.hasMoreElements())
  13.383 +	{
  13.384 +  	  String id = (String) e.nextElement(); 
  13.385 +      	  printDebug(" gPS:: part: " + id + "has ste ssid: " + entry.steSsidPosition);
  13.386 +	  if (-1 == entry.steSsidPosition)
  13.387 +		continue;  
  13.388 +
  13.389 +	  SsidsEntry  ssidsObj = new SsidsEntry();
  13.390 +
  13.391 +	  ssidsObj.id = Integer.parseInt(id); 
  13.392 +	  ssidsObj.ste = entry.steSsidPosition;
  13.393 +
  13.394 +	  if (partSsid.contains(id))
  13.395 +      	  	printDebug(" gPS:: Error already in the Hash part:" + ssidsObj.id);
  13.396 +	  else 
  13.397 + 		partSsid.put(id, ssidsObj);
  13.398 +      	  	printDebug(" gPS:: added part: " + id + "has ste ssid: " + entry.steSsidPosition);
  13.399 +	}
  13.400 +
  13.401 +  }
  13.402 +
  13.403 +  for (int i = 0; i < bagOfChwSsids.size(); i++)
  13.404 +  {
  13.405 +	SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i);
  13.406 +
  13.407 +	Enumeration e = entry.chwIDs.elements(); 
  13.408 +	while (e.hasMoreElements())
  13.409 +	{
  13.410 +  	  String id = (String) e.nextElement(); 
  13.411 +      	  printDebug(" gPS:: part: " + id + "has chw ssid: " + entry.chwSsidPosition);
  13.412 +	  if (partSsid.containsKey(id))
  13.413 +	  {
  13.414 +		SsidsEntry item = (SsidsEntry) partSsid.get(id);
  13.415 +		item.chw = entry.chwSsidPosition;
  13.416 +      	  	printDebug(" gPS:: added :" + item.id +" chw: " + item.chw);
  13.417 +	  }
  13.418 +	  else 
  13.419 +	  {
  13.420 +      	  	printDebug(" gPS:: creating :" + id +" chw: " + entry.chwSsidPosition);
  13.421 +	  	SsidsEntry  ssidsObj = new SsidsEntry();
  13.422 +	  	ssidsObj.id = Integer.parseInt(id); 
  13.423 +	  	ssidsObj.chw = entry.chwSsidPosition;
  13.424 + 		partSsid.put(id, ssidsObj);
  13.425 +
  13.426 +	  }
  13.427 +	}
  13.428 +  }	  
  13.429 +
  13.430 +  /* Allocate array */
  13.431 +  int numOfPar = partSsid.size();
  13.432 +  int totalSize =  (numOfPar * partitionEntrySz);  
  13.433 +
  13.434 +  if (0 == numOfPar) 
  13.435 +  {
  13.436 +  	printDebug(" gPS:: part: binary ==> zero");
  13.437 +        return new byte[0];
  13.438 +  }
  13.439 +
  13.440 +  byte[] partArray = new byte[totalSize];
  13.441 +
  13.442 +  int index = 0;
  13.443 +
  13.444 +  Enumeration e = partSsid.elements(); 
  13.445 +  while (e.hasMoreElements())
  13.446 +  {
  13.447 +  	SsidsEntry entry = (SsidsEntry) e.nextElement(); 
  13.448 +      	printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " chw ssid: "+ entry.chw);
  13.449 +
  13.450 +	/* Write id */
  13.451 +   	writeShortToStream(partArray,(short)entry.id,index);
  13.452 +	index = index + u16Size;
  13.453 +
  13.454 +	/* Write ste ssid */
  13.455 +   	writeShortToStream(partArray,(short) entry.ste,index);
  13.456 +	index = index + u16Size;
  13.457 +
  13.458 +	/* Write chw ssid */
  13.459 +   	writeShortToStream(partArray,(short) entry.chw,index);
  13.460 +	index = index + u16Size;
  13.461 +  }
  13.462 +
  13.463 +  printDebug(" gPS:: part: num of partitions  " + numOfPar);
  13.464 +  printDebug(" gPS:: part: binary ==> Length " + partArray.length);
  13.465 +
  13.466 +  if (debug) 
  13.467 +	printHex(partArray,partArray.length);
  13.468 +  printDebug("\n");
  13.469 +   
  13.470 +   return partArray; 
  13.471 + }
  13.472 +
  13.473 + public  byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte [] partMap, byte[] vlanMap, byte[] slotMap)
  13.474 + {
  13.475 +  byte[] binBuffer;
  13.476 +  short chwSize =0;
  13.477 +  short steSize =0;
  13.478 +  int	index = 0;
  13.479 +
  13.480 +  /* Builds data structure acm_policy_buffer_t */
  13.481 +  /* Get number of colorTypes */
  13.482 +  if (null != chwPolicy)
  13.483 +	chwSize = (short) chwPolicy.length;
  13.484 +
  13.485 +  if (null != stePolicy)
  13.486 +    	steSize = (short) stePolicy.length;
  13.487 +
  13.488 +  int totalDataSize = chwSize + steSize + resourceOffsetSz +  3 *(2 * u16Size);
  13.489 +
  13.490 +  /*  Add vlan and slot */ 
  13.491 +  totalDataSize = totalDataSize +partMap.length + vlanMap.length + slotMap.length; 
  13.492 +  binBuffer = new byte[binaryBufferHeaderSz +totalDataSize];
  13.493 +	
  13.494 +
  13.495 +  try {
  13.496 +	/* Write magic */
  13.497 +	writeIntToStream(binBuffer,ACM_MAGIC,index);
  13.498 +	index = u32Size;
  13.499 +
  13.500 +	/* Write policy version */
  13.501 +	writeIntToStream(binBuffer,POLICY_INTERFACE_VERSION,index);
  13.502 +  	index = index + u32Size;
  13.503 +
  13.504 +	/* write len */
  13.505 +	writeIntToStream(binBuffer,binBuffer.length,index);
  13.506 +  	index = index + u32Size;
  13.507 +
  13.508 +  } catch (IOException ee) {
  13.509 +    	System.out.println(" GBPB:: got exception : " + ee); 
  13.510 +	return null;
  13.511 +  }
  13.512 +
  13.513 +  int offset, address;
  13.514 +  address = index;
  13.515 +
  13.516 +  if (null != partMap) 
  13.517 +	offset = binaryBufferHeaderSz + resourceOffsetSz; 
  13.518 +  else
  13.519 +	offset = binaryBufferHeaderSz; 
  13.520 +
  13.521 +  try {
  13.522 +
  13.523 +	if (null == chwPolicy || null == stePolicy) 
  13.524 +	{
  13.525 +	  writeShortToStream(binBuffer,ACM_NULL_POLICY,index);
  13.526 +  	  index = index + u16Size;
  13.527 +
  13.528 +	  writeShortToStream(binBuffer,(short) 0,index);
  13.529 +  	  index = index + u16Size;
  13.530 +
  13.531 +	  writeShortToStream(binBuffer,ACM_NULL_POLICY,index);
  13.532 +  	  index = index + u16Size;
  13.533 +
  13.534 +	  writeShortToStream(binBuffer,(short) 0,index);
  13.535 +  	  index = index + u16Size;
  13.536 +
  13.537 +	}
  13.538 +    	index = address;
  13.539 +	if (null != chwPolicy) 
  13.540 +	{
  13.541 +	  
  13.542 +	  /* Write policy name */
  13.543 +	  writeShortToStream(binBuffer,ACM_CHINESE_WALL_POLICY,index);
  13.544 +  	  index = index + u16Size;
  13.545 +
  13.546 +	  /* Write offset */
  13.547 +	  writeShortToStream(binBuffer,(short) offset,index);
  13.548 +  	  index = index + u16Size;
  13.549 +
  13.550 +	  /* Write payload. No need increment index */
  13.551 +	  address = offset;
  13.552 +	  System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length);
  13.553 +	  address = address + chwPolicy.length;
  13.554 +	  
  13.555 +	  if (null != stePolicy) 
  13.556 +	  {	
  13.557 +	  	/* Write policy name */
  13.558 +	  	writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index);
  13.559 +  	  	index = index + u16Size;
  13.560 +
  13.561 +	  	/* Write offset */
  13.562 +	  	writeShortToStream(binBuffer,(short) address,index);
  13.563 +  	  	index = index + u16Size;
  13.564 +
  13.565 +		/* Copy array */
  13.566 +	  	System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length);
  13.567 +		/* Update address */
  13.568 +		address = address + stePolicy.length;
  13.569 +	  } else {
  13.570 +	  	/* Skip writing policy name and offset */
  13.571 +  	  	index = index +  2 * u16Size;
  13.572 +
  13.573 +          }
  13.574 +
  13.575 +	} else {
  13.576 +
  13.577 +	  if (null != stePolicy) 
  13.578 +	  {	
  13.579 +	  	/* Write policy name */
  13.580 +	  	writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index);
  13.581 +  	  	index = index + u16Size;
  13.582 +
  13.583 +	  	/* Write offset */
  13.584 +		address = offset;
  13.585 +	  	writeShortToStream(binBuffer, (short) offset,index);
  13.586 +  	  	index = index + u16Size;
  13.587 +		
  13.588 +		/* Copy array */
  13.589 +	  	System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length);
  13.590 +		/* Update address */
  13.591 +		address = address + stePolicy.length;
  13.592 +
  13.593 +		/* Increment index, since there is no secondary */
  13.594 +  	  	index = index + secondaryPolicyCodeSz + secondaryBufferOffsetSz;
  13.595 +		
  13.596 +	  } 
  13.597 +
  13.598 +	}
  13.599 +   	int size;
  13.600 +	/* Assumes that you will always have a partition defined in policy */ 
  13.601 +	if ( 0 < partMap.length)
  13.602 +	{
  13.603 +	  writeShortToStream(binBuffer, (short) address,index);
  13.604 +	  index = address;
  13.605 +
  13.606 +	  /* Compute num of VMs */
  13.607 +	  size = partMap.length / (3 * u16Size);
  13.608 +
  13.609 +	  writeShortToStream(binBuffer, (short)size,index);
  13.610 +  	  index = index + u16Size;
  13.611 +
  13.612 +	  /* part, vlan and slot: each one consists of two entries */
  13.613 +	  offset = 3 * (2 * u16Size); 
  13.614 +	  writeShortToStream(binBuffer, (short) offset,index);
  13.615 +
  13.616 +	  /* Write partition array at offset */
  13.617 +	  System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length);
  13.618 +  	  index = index + u16Size;
  13.619 +	  offset = offset + partMap.length;
  13.620 +	}
  13.621 +
  13.622 +	if ( 0 < vlanMap.length)
  13.623 +	{
  13.624 +	  size = vlanMap.length / (2 * u16Size);
  13.625 +	  writeShortToStream(binBuffer, (short) size,index);
  13.626 +  	  index = index + u16Size;
  13.627 +
  13.628 +	  writeShortToStream(binBuffer, (short) offset,index);
  13.629 +  	  index = index + u16Size;
  13.630 +	  System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length);
  13.631 +	} else {
  13.632 +	  /* Write vlan max */
  13.633 +	  writeShortToStream(binBuffer, (short) 0,index);
  13.634 +  	  index = index + u16Size;
  13.635 + 
  13.636 +	  /* Write vlan offset */
  13.637 +	  writeShortToStream(binBuffer, (short) 0,index);
  13.638 +  	  index = index + u16Size;
  13.639 +	  
  13.640 +   	}
  13.641 +
  13.642 +	offset = offset + vlanMap.length;
  13.643 +	if ( 0 < slotMap.length)
  13.644 +	{
  13.645 +	  size = slotMap.length / (3 * u16Size);
  13.646 +	  writeShortToStream(binBuffer, (short) size,index);
  13.647 +  	  index = index + u16Size;
  13.648 +
  13.649 +	  writeShortToStream(binBuffer, (short) offset,index);
  13.650 +  	  index = index + u16Size;
  13.651 +	  System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length);
  13.652 +	}
  13.653 +
  13.654 +     } catch (IOException ee)
  13.655 +    {
  13.656 +    	System.out.println(" GBPB:: got exception : " + ee); 
  13.657 +	return null; 
  13.658 +    }
  13.659 +
  13.660 +    printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); 
  13.661 +    if (debug) 
  13.662 +   	printHex(binBuffer,binBuffer.length);
  13.663 +
  13.664 +   return  binBuffer;   
  13.665 + } 
  13.666 +
  13.667 + public  byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes)
  13.668 + {
  13.669 +  byte[] chwBuffer;
  13.670 +  int index = 0;
  13.671 +  int position = 0;
  13.672 +
  13.673 +  /* Get number of rTypes */
  13.674 +  short maxTypes = (short) ColorTypes.size();
  13.675 +
  13.676 +  /* Get number of SSids entry */
  13.677 +  short maxSsids = (short) Ssids.size();
  13.678 +
  13.679 +  /* Get number of conflict sets */
  13.680 +  short maxConflict = (short) ConflictSsids.size();
  13.681 +
  13.682 +   
  13.683 +  if (maxTypes * maxSsids == 0)
  13.684 +	return null; 
  13.685 +  /*
  13.686 +     data structure acm_chwall_policy_buffer_t;
  13.687 +    
  13.688 +     uint16 policy_code;
  13.689 +     uint16 chwall_max_types;
  13.690 +     uint16 chwall_max_ssidrefs;
  13.691 +     uint16 chwall_max_conflictsets;
  13.692 +     uint16 chwall_ssid_offset;
  13.693 +     uint16 chwall_conflict_sets_offset;
  13.694 +     uint16 chwall_running_types_offset;
  13.695 +     uint16 chwall_conflict_aggregate_offset;
  13.696 +  */
  13.697 +  int totalBytes = chwHeaderSize  + u16Size *(maxTypes * (maxSsids + maxConflict)); 
  13.698 +
  13.699 +  chwBuffer = new byte[ totalBytes ];
  13.700 +  int address = chwHeaderSize + (u16Size * maxTypes * maxSsids );
  13.701 +
  13.702 +  printDebug(" gCB:: chwall totalbytes : "+totalBytes); 
  13.703 +
  13.704 +  try {
  13.705 +	index = 0;
  13.706 +	writeShortToStream(chwBuffer,ACM_CHINESE_WALL_POLICY,index);
  13.707 +	index = u16Size; 
  13.708 +
  13.709 +	writeShortToStream(chwBuffer,maxTypes,index);
  13.710 +	index = index + u16Size; 
  13.711 +
  13.712 +	writeShortToStream(chwBuffer,maxSsids,index);
  13.713 +	index = index + u16Size; 
  13.714 +
  13.715 +	writeShortToStream(chwBuffer,maxConflict,index);
  13.716 +	index = index + u16Size; 
  13.717 +
  13.718 +        /*  Write chwall_ssid_offset */
  13.719 +	writeShortToStream(chwBuffer,chwHeaderSize,index);
  13.720 +	index = index + u16Size; 
  13.721 +
  13.722 +	/* Write chwall_conflict_sets_offset */
  13.723 +	writeShortToStream(chwBuffer,(short) address,index);
  13.724 +	index = index + u16Size; 
  13.725 +
  13.726 +	/*  Write chwall_running_types_offset */
  13.727 +	writeShortToStream(chwBuffer,(short) 0,index);
  13.728 +	index = index + u16Size; 
  13.729 +
  13.730 +	/*  Write chwall_conflict_aggregate_offset */
  13.731 +	writeShortToStream(chwBuffer,(short) 0,index);
  13.732 +	index = index + u16Size; 
  13.733 +
  13.734 +  } catch (IOException ee) {
  13.735 +    	System.out.println(" gCB:: got exception : " + ee); 
  13.736 +	return null;
  13.737 +  }
  13.738 +  int markPos = 0;
  13.739 +
  13.740 +  /* Create the SSids entry */
  13.741 +  for (int i = 0; i < maxSsids; i++)
  13.742 +  {
  13.743 +	
  13.744 +	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
  13.745 +   	/* Get chwall types */
  13.746 +	ssidEntry.chwSsidPosition = i;
  13.747 +	Enumeration e = ssidEntry.chwTypes.elements(); 
  13.748 +	while (e.hasMoreElements())
  13.749 +	{
  13.750 +  	  String typeName = (String) e.nextElement(); 
  13.751 +      	  printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName);
  13.752 +	  position = ColorTypes.indexOf(typeName);
  13.753 +
  13.754 +	  if (position < 0) 
  13.755 +	  {
  13.756 +      	  	System.out.println (" gCB:: Error type : " + typeName + " not found in ColorTypes"); 
  13.757 +		return null; 
  13.758 +	  }
  13.759 +   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  13.760 +	  markPos = ((i * maxTypes + position) * u16Size) + index;	
  13.761 +
  13.762 +	  try {
  13.763 +	  	writeShortToStream(chwBuffer,markSymbol,markPos);
  13.764 +  	  } catch (IOException ee) {
  13.765 +   	  	System.out.println(" gCB:: got exception : "); 
  13.766 +		return null; 
  13.767 +  	  }
  13.768 +	}
  13.769 +  }
  13.770 +
  13.771 +  if (debug) 
  13.772 +      printHex(chwBuffer,chwBuffer.length);
  13.773 +
  13.774 +  /* Add conflict set */
  13.775 +  index = address;
  13.776 +  for (int i = 0; i < maxConflict; i++)
  13.777 +  {
  13.778 +   	/* Get ste types */
  13.779 +	Vector entry = (Vector) ConflictSsids.elementAt(i);
  13.780 +	Enumeration e = entry.elements(); 
  13.781 +	while (e.hasMoreElements())
  13.782 +	{
  13.783 +  	  String typeName = (String) e.nextElement(); 
  13.784 +      	  printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName);
  13.785 +	  position = ColorTypes.indexOf(typeName);
  13.786 +
  13.787 +	  if (position < 0) 
  13.788 +	  {
  13.789 +      	  	System.out.println (" GCB:: Error type : " + typeName + " not found in ColorTypes"); 
  13.790 +		return null; 
  13.791 +	  }
  13.792 +   	  printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  13.793 +	  markPos = ((i * maxTypes + position) * u16Size) + index;	
  13.794 +
  13.795 +	  try {
  13.796 +	  	writeShortToStream(chwBuffer,markSymbol,markPos);
  13.797 +  	  } catch (IOException ee) {
  13.798 +   	  	System.out.println(" GCB:: got exception : "); 
  13.799 +		return null; 
  13.800 +  	  }
  13.801 +	}
  13.802 +		
  13.803 +  } 
  13.804 +  printDebug(" gSB:: chw binary  ==> Length " + chwBuffer.length); 
  13.805 +  if (debug) 
  13.806 +   	printHex(chwBuffer,chwBuffer.length);
  13.807 +  printDebug("\n");
  13.808 +
  13.809 +  return chwBuffer;
  13.810 + }
  13.811 +
  13.812 +/**********************************************************************
  13.813 + Generate byte representation of policy using type information
  13.814 + <p>
  13.815 + @param Ssids    	      	Vector
  13.816 + @param ColorTypes         	Vector
  13.817 + <p>
  13.818 + @return bytes represenation of simple type enforcement policy 
  13.819 +**********************************************************************/
  13.820 + public  byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes)
  13.821 + {
  13.822 +  byte[] steBuffer;
  13.823 +  int index = 0;
  13.824 +  int position = 0;
  13.825 +
  13.826 +  /* Get number of colorTypes */
  13.827 +  short numColorTypes = (short) ColorTypes.size();
  13.828 +
  13.829 +  /* Get number of SSids entry */
  13.830 +  short numSsids = (short) Ssids.size();
  13.831 +   
  13.832 +  if (numColorTypes * numSsids == 0)
  13.833 +	return null; 
  13.834 +
  13.835 +  /* data structure: acm_ste_policy_buffer_t
  13.836 +   * 
  13.837 +   * policy code  (uint16)    >
  13.838 +   *  max_types    (uint16)    >
  13.839 +   * max_ssidrefs (uint16)    >  steHeaderSize
  13.840 +   * ssid_offset  (uint16)    >
  13.841 +   * DATA 	(colorTypes(size) * Ssids(size) *unit16)
  13.842 +   * 
  13.843 +   * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
  13.844 +   * 
  13.845 +  */
  13.846 +  steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2];
  13.847 +
  13.848 +  try {
  13.849 +	
  13.850 +	index = 0;
  13.851 +	writeShortToStream(steBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index);
  13.852 +	index = u16Size; 
  13.853 +
  13.854 +	writeShortToStream(steBuffer,numColorTypes,index);
  13.855 +	index = index + u16Size; 
  13.856 +
  13.857 +	writeShortToStream(steBuffer,numSsids,index);
  13.858 +	index = index + u16Size; 
  13.859 +
  13.860 +	writeShortToStream(steBuffer,(short)steHeaderSize,index);
  13.861 +	index = index + u16Size; 
  13.862 +
  13.863 +  } catch (IOException ee) {
  13.864 +	System.out.println(" gSB:: got exception : " + ee); 
  13.865 +	return null; 
  13.866 +  }
  13.867 +  int markPos = 0;
  13.868 +  for (int i = 0; i < numSsids; i++)
  13.869 +  {
  13.870 +	
  13.871 +	SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
  13.872 +	ssidEntry.steSsidPosition = i;
  13.873 +   	/* Get ste types */
  13.874 +	Enumeration e = ssidEntry.steTypes.elements(); 
  13.875 +	while (e.hasMoreElements())
  13.876 +	{
  13.877 +  	  String typeName = (String) e.nextElement(); 
  13.878 +      	  printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName);
  13.879 +	  position = ColorTypes.indexOf(typeName);
  13.880 +
  13.881 +	  if (position < 0) 
  13.882 +	  {
  13.883 +      	  	printDebug(" gSB:: Error type : " + typeName + " not found in ColorTypes"); 
  13.884 +		return null; 
  13.885 +	  }
  13.886 +   	  printDebug(" gSB:: type : " + typeName + "  found in ColorTypes at position: " + position); 
  13.887 +	  markPos = ((i * numColorTypes + position) * u16Size) + index;	
  13.888 +
  13.889 +	  try {
  13.890 +	  	writeShortToStream(steBuffer,markSymbol,markPos);
  13.891 +  	  } catch (IOException ee)
  13.892 +  	  {
  13.893 +   	  	System.out.println(" gSB:: got exception : "); 
  13.894 +		return null; 
  13.895 +  	  }
  13.896 +	}
  13.897 +		
  13.898 +  } 
  13.899 +
  13.900 +  printDebug(" gSB:: ste binary  ==> Length " + steBuffer.length); 
  13.901 +  if (debug) 
  13.902 + 	printHex(steBuffer,steBuffer.length);
  13.903 +  printDebug("\n");
  13.904 +
  13.905 +  return steBuffer;
  13.906 + }
  13.907 +
  13.908 + public static  void printHex(byte [] dataArray, int length)
  13.909 + {
  13.910 +  char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7',
  13.911 +                '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
  13.912 +  int hexIndex;
  13.913 +  int value;
  13.914 +  int arraylength;
  13.915 +
  13.916 +  arraylength = length;
  13.917 +
  13.918 +  if (dataArray == null)
  13.919 +  {
  13.920 +        System.err.print("printHex: input byte array is null");
  13.921 +  }
  13.922 +
  13.923 +  if (length > dataArray.length || length < 0)
  13.924 +        arraylength = dataArray.length;
  13.925 +
  13.926 +  System.out.print("\n\t");
  13.927 +
  13.928 +  int i;
  13.929 +  for(i = 0; i < arraylength; )
  13.930 +  {
  13.931 +        value = dataArray[i] & 0xFF;
  13.932 +        hexIndex = (value >>> 4);
  13.933 +        System.out.print(hexChars[hexIndex]);
  13.934 +        hexIndex = (value & 0x0F);
  13.935 +        System.out.print(hexChars[hexIndex]);
  13.936 +
  13.937 +        i++;
  13.938 +        /* if done, print a final newline */
  13.939 +        if (i == arraylength) {
  13.940 +            if (arraylength < dataArray.length) {
  13.941 +                System.out.print("...");
  13.942 +            }
  13.943 +            System.out.println();
  13.944 +        }
  13.945 +        else if ((i % 24) == 0) {
  13.946 +            System.out.print("\n\t");
  13.947 +        }
  13.948 +        else if ((i % 4) == 0) {
  13.949 +                System.out.print(" ");
  13.950 +        }
  13.951 +  }
  13.952 +
  13.953 +  return;
  13.954 + }
  13.955 +
  13.956 +  
  13.957 + private void writeShortToStream(byte[] stream, short value, int index)
  13.958 +  throws IOException
  13.959 + {
  13.960 +  int littleEndian = 0;
  13.961 +  int byteVal;
  13.962 +
  13.963 +  if (index + 2 > stream.length)
  13.964 +  {
  13.965 +      throw new IOException("Writing beyond stream length: " +
  13.966 +                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
  13.967 +  }
  13.968 +
  13.969 +  if (!LittleEndian)
  13.970 +  {
  13.971 +
  13.972 +	byteVal = value >> 8;
  13.973 +	stream[index ] = (byte) byteVal;
  13.974 +
  13.975 +	byteVal = value;
  13.976 +	stream[index + 1] = (byte) byteVal;
  13.977 +  } else {
  13.978 +	stream[index]  = (byte) ((value & 0x00ff) );
  13.979 +	stream[index + 1]  = (byte) ((value & 0xff00) >> 8);
  13.980 + }
  13.981 +  return;
  13.982 + }
  13.983 +
  13.984 + private void writeIntToStream(byte[] stream, int value, int index)
  13.985 +  throws IOException
  13.986 + {
  13.987 +  int littleEndian = 0;
  13.988 +  int byteVal;
  13.989 +
  13.990 +  if (4 > stream.length)
  13.991 +  {
  13.992 +      throw new IOException("writeIntToStream: stream length less than 4 bytes " +
  13.993 +                            stream.length);
  13.994 +  }
  13.995 +
  13.996 +  /* Do not Write beyond range */
  13.997 +  if (index + 4 > stream.length)
  13.998 +  {
  13.999 +      throw new IOException("writeIntToStream: writing beyond stream length: " +
 13.1000 +                            stream.length + " writing at locations from: " + index + " to " + (index + 4));
 13.1001 +  }
 13.1002 +  if (!LittleEndian)
 13.1003 +  {
 13.1004 +	byteVal = value >>> 24;
 13.1005 +	stream[index] = (byte) byteVal;
 13.1006 +
 13.1007 +	byteVal = value >> 16;
 13.1008 +	stream[index + 1] = (byte) byteVal;
 13.1009 +
 13.1010 +	byteVal = value >> 8;
 13.1011 +	stream[index + 2] = (byte) byteVal;
 13.1012 +
 13.1013 +	byteVal = value;
 13.1014 +	stream[index + 3] = (byte) byteVal;
 13.1015 +  } else {
 13.1016 +	stream[index] = (byte) value;
 13.1017 +	stream[index + 1]  = (byte) ((value & 0x0000ff00) >> 8);
 13.1018 +	stream[index + 2]  = (byte) ((value & 0x00ff0000) >> 16);
 13.1019 +	stream[index + 3] = (byte) ( value >>> 24);
 13.1020 +  }
 13.1021 +  return;
 13.1022 + }
 13.1023 +
 13.1024 + public Document getDomTree(String xmlFileName)
 13.1025 +  throws Exception, SAXException, ParserConfigurationException
 13.1026 + {
 13.1027 +  javax.xml.parsers.DocumentBuilderFactory dbf = 
 13.1028 +	javax.xml.parsers.DocumentBuilderFactory.newInstance();
 13.1029 +
 13.1030 +  /* Turn on namespace aware and validation */
 13.1031 +  dbf.setNamespaceAware(true);	
 13.1032 +  dbf.setValidating(true);	
 13.1033 +  dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA);
 13.1034 +
 13.1035 +  /* Checks that the document is well-formed */
 13.1036 +  javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
 13.1037 +
 13.1038 +  myHandler errHandler= new myHandler();
 13.1039 +  db.setErrorHandler(errHandler);
 13.1040 +  Document doc = db.parse(xmlFileName);
 13.1041 +
 13.1042 +  /* Checks for validation errors */
 13.1043 +  if (errHandler.isValid)
 13.1044 +       printDebug(" gDT:: Xml file: " + xmlFileName + " is valid");
 13.1045 +   else
 13.1046 +      throw new Exception("Xml file: " + xmlFileName + " is NOT valid");
 13.1047 +
 13.1048 +  return doc;
 13.1049 + }  
 13.1050 +
 13.1051 + public void processDomTree(
 13.1052 +	Document doc,
 13.1053 +	Vector bagOfSsids, 	
 13.1054 +	Vector bagOfTypes, 
 13.1055 +	Vector bagOfChwSsids, 
 13.1056 +	Vector bagOfChwTypes, 
 13.1057 +	Vector bagOfConflictSsids)
 13.1058 +  throws Exception, SAXException, ParserConfigurationException
 13.1059 + {
 13.1060 +  boolean found;
 13.1061 +
 13.1062 +  /* print the root Element */
 13.1063 +  Element root = doc.getDocumentElement();
 13.1064 +  printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + ",Value = " + root.getNodeValue());
 13.1065 +
 13.1066 +  /* Go through the list of the root Element's Attributes */
 13.1067 +  NamedNodeMap nnm = root.getAttributes();
 13.1068 +  printDebug (" pDT:: # of Attributes: " + nnm.getLength());
 13.1069 +  for (int i = 0; i < nnm.getLength(); i++)
 13.1070 +  {
 13.1071 +         Node n = nnm.item (i);
 13.1072 +        printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = " 
 13.1073 +             + n.getNodeValue());
 13.1074 +  }
 13.1075 +
 13.1076 +  /* Retrieve the policy definition */ 
 13.1077 +  NodeList elementList = root.getElementsByTagName ("url");
 13.1078 +  String definitionFileName = elementList.item(0).getFirstChild().getNodeValue();  
 13.1079 +
 13.1080 +  String definitionHash = null;
 13.1081 +
 13.1082 +  /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */
 13.1083 +  elementList = root.getElementsByTagName ("hash");
 13.1084 +  if (0 != elementList.getLength())
 13.1085 +      	definitionHash = elementList.item(0).getFirstChild().getNodeValue();  
 13.1086 +
 13.1087 +  Document definitionDoc = pGetDomDefinition(definitionFileName,definitionHash);
 13.1088 +  pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids);
 13.1089 +
 13.1090 +
 13.1091 +  /* Get VM security information */
 13.1092 +  elementList = root.getElementsByTagName ("VM");
 13.1093 +  printDebug ("\n pDT:: partition length of NodeList:" + elementList.getLength());
 13.1094 +
 13.1095 +
 13.1096 +  for (int x = 0; x < elementList.getLength(); x++)
 13.1097 +  {
 13.1098 +	found = false;
 13.1099 +
 13.1100 +        Node node = elementList.item (x);          
 13.1101 +
 13.1102 +	if (node.getNodeType() == Node.ELEMENT_NODE)
 13.1103 +	{
 13.1104 +	  printDebug (" pDT:: child: " + x + " is an element node" );
 13.1105 +	  Element e1 = (Element) node;
 13.1106 +
 13.1107 +  	  /* Get id */
 13.1108 +      	  NodeList elist = e1.getElementsByTagName ("id");
 13.1109 +      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
 13.1110 +      	  printDebug (" pDT:: id:" + idStr);
 13.1111 +
 13.1112 +	  /* Get TE */
 13.1113 +	  Vector colorTypes = new Vector();
 13.1114 +	  pConflictEntries(e1, "TE", bagOfTypes, colorTypes);
 13.1115 +
 13.1116 +	  Enumeration e = bagOfSsids.elements();
 13.1117 +	  while (e.hasMoreElements())
 13.1118 +	  {
 13.1119 +		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 13.1120 +		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 13.1121 +		{
 13.1122 +		  found = true;
 13.1123 +		  elem.ids.add(idStr);
 13.1124 +		}
 13.1125 +		
 13.1126 +	  }
 13.1127 +		if (!found && (0 < colorTypes.size()))
 13.1128 +		{
 13.1129 +		 SecurityLabel entry = new SecurityLabel();
 13.1130 +		 entry.steTypes = colorTypes;
 13.1131 +		 entry.ids = new Vector();
 13.1132 +		 entry.ids.add(idStr);
 13.1133 +		 bagOfSsids.add(entry);
 13.1134 +		}
 13.1135 +
 13.1136 +		/* Get Chinese wall type */
 13.1137 +	 	Vector chwTypes = new Vector();
 13.1138 +		pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes);
 13.1139 +
 13.1140 +	        found = false;
 13.1141 +		e = bagOfChwSsids.elements();
 13.1142 +
 13.1143 +		while (e.hasMoreElements())
 13.1144 +		{
 13.1145 +  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 13.1146 +		  if ( elem.chwTypes.size() == chwTypes.size() && elem.chwTypes.containsAll(chwTypes))
 13.1147 +		  {
 13.1148 +		    found = true;
 13.1149 +		    elem.chwIDs.add(idStr);
 13.1150 +		  }
 13.1151 +		
 13.1152 +		}
 13.1153 +
 13.1154 +		if (!found && (0 < chwTypes.size()))
 13.1155 +		{
 13.1156 +		 SecurityLabel entry = new SecurityLabel();
 13.1157 +		 entry.chwTypes = chwTypes;
 13.1158 +		 entry.chwIDs = new Vector();
 13.1159 +		 entry.chwIDs.add(idStr);
 13.1160 +		 bagOfChwSsids.add(entry);
 13.1161 +		}
 13.1162 +      }
 13.1163 +  } 
 13.1164 +  return;
 13.1165 + }
 13.1166 +
 13.1167 + public Document pGetDomDefinition(
 13.1168 +	String definitionFileName, 
 13.1169 +	String definitionHash) 
 13.1170 +  throws Exception, SAXException, ParserConfigurationException
 13.1171 + {
 13.1172 +  printDebug("\n pGDD:: definition file name: " + definitionFileName);
 13.1173 +  printDebug("\n pGDD:: definition file hash: " + definitionHash);
 13.1174 +  
 13.1175 +  Document doc =  getDomTree(definitionFileName);
 13.1176 +  return doc; 
 13.1177 + }
 13.1178 +
 13.1179 + public void pGetTypes(
 13.1180 +	Document defDoc,
 13.1181 +	Vector bagOfTypes, 
 13.1182 +	Vector bagOfChwTypes, 
 13.1183 +	Vector bagOfConflictSsids)
 13.1184 +  throws Exception
 13.1185 + {
 13.1186 +
 13.1187 +
 13.1188 +  if (null == defDoc)
 13.1189 +      throw new Exception(" pGT:: definition file DOM is null ");
 13.1190 +
 13.1191 +  Element root = defDoc.getDocumentElement();
 13.1192 +
 13.1193 +  /* Get list of TE types */
 13.1194 +  NodeList elementList = root.getElementsByTagName ("Types");
 13.1195 +  printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength());
 13.1196 +  Element e1 = (Element) elementList.item (0);          
 13.1197 +  pGetEntries(e1,"TE",bagOfTypes);
 13.1198 +
 13.1199 +  /* Get list of Chinese types */
 13.1200 +  elementList = root.getElementsByTagName ("ChWallTypes");
 13.1201 +  printDebug ("\n pGT:: ChwTypes length of NodeList:" + elementList.getLength());
 13.1202 +  if (0 ==  elementList.getLength())
 13.1203 +  {
 13.1204 +  	printDebug ("\n pGT:: ChWallTypes has zero length: :" + elementList.getLength());
 13.1205 +  } else {
 13.1206 +	e1 = (Element) elementList.item (0);          
 13.1207 +	pGetEntries(e1,"ChWall",bagOfChwTypes);
 13.1208 +  }
 13.1209 +  printDebug (" pGT:: Total number of unique chw types: " + bagOfChwTypes.size());
 13.1210 +
 13.1211 +  /* Get Chinese type conflict sets */
 13.1212 +  elementList = root.getElementsByTagName ("ConflictSet");
 13.1213 +  printDebug ("\n pGT:: Conflict sets length of NodeList:" + elementList.getLength());
 13.1214 +  for (int x = 0; x < elementList.getLength(); x++)
 13.1215 +  {
 13.1216 + 	Vector conflictEntry  = new Vector();
 13.1217 +  	e1 = (Element) elementList.item (x);          
 13.1218 +  	printDebug ("\n pGT:: Conflict sets : " + x);
 13.1219 +
 13.1220 +	pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry);
 13.1221 +
 13.1222 +	if (conflictEntry.size() > 0)
 13.1223 +	{
 13.1224 +	  boolean found = false;
 13.1225 +	  Enumeration e = bagOfConflictSsids.elements();
 13.1226 +	
 13.1227 +	  while (e.hasMoreElements())
 13.1228 +	  {
 13.1229 +		Vector elem = (Vector) e.nextElement(); 
 13.1230 +		if (elem.size() == conflictEntry.size() && elem.containsAll(conflictEntry))
 13.1231 +	  	{
 13.1232 +	    	  found = true;
 13.1233 +	  	}
 13.1234 +		
 13.1235 +	  }
 13.1236 +	  if (!found)
 13.1237 +	  {
 13.1238 +		bagOfConflictSsids.add(conflictEntry);
 13.1239 +	  }
 13.1240 +  	}
 13.1241 +  }
 13.1242 +
 13.1243 + }
 13.1244 +
 13.1245 + public void  pGetEntries(Element doc, String tag, Vector typeBag)
 13.1246 +  throws Exception
 13.1247 + {
 13.1248 +
 13.1249 +  if (null == doc)
 13.1250 +      throw new Exception(" pGE:: Element doc is null");
 13.1251 +
 13.1252 +  if (null == typeBag)
 13.1253 +      throw new Exception(" pGE:: typeBag  is null");
 13.1254 +
 13.1255 +  NodeList elist = doc.getElementsByTagName (tag);
 13.1256 +  for (int j = 0; j < elist.getLength(); j++)
 13.1257 +  {
 13.1258 +  	Node knode = elist.item (j);          
 13.1259 +       	Node childNode = knode.getFirstChild();     
 13.1260 +       	String value = childNode.getNodeValue();
 13.1261 +
 13.1262 +	printDebug (" pGT:: "+ tag +" type: " + value);
 13.1263 +
 13.1264 +        /* Check if value is known */
 13.1265 +	if (!typeBag.contains(value))
 13.1266 +		typeBag.addElement(value);
 13.1267 +  }
 13.1268 + }
 13.1269 +
 13.1270 + public void  pConflictEntries(Element doc, String tag, Vector typeBag, Vector conflictEntry)
 13.1271 +  throws Exception
 13.1272 + {
 13.1273 +
 13.1274 +  if (null == doc)
 13.1275 +      throw new Exception(" pGE:: Element doc is null");
 13.1276 +
 13.1277 +  if (null == typeBag)
 13.1278 +      throw new Exception(" pGE:: typeBag  is null");
 13.1279 +
 13.1280 +  if (null == conflictEntry)
 13.1281 +      throw new Exception(" pGE:: typeBag  is null");
 13.1282 +
 13.1283 +
 13.1284 +  NodeList elist = doc.getElementsByTagName (tag);
 13.1285 +
 13.1286 +  for (int j = 0; j < elist.getLength(); j++)
 13.1287 +  {
 13.1288 +  	Node knode = elist.item (j);          
 13.1289 +       	Node childNode = knode.getFirstChild();     
 13.1290 +       	String value = childNode.getNodeValue();
 13.1291 +
 13.1292 +	printDebug (" pGE:: "+ tag +" type: " + value);
 13.1293 +
 13.1294 +        /* Check if value is known */
 13.1295 +	if (!typeBag.contains(value))
 13.1296 +      		throw new Exception(" pCE:: found undefined type set " + value);
 13.1297 +
 13.1298 +	if (!conflictEntry.contains(value))
 13.1299 +		conflictEntry.addElement(value);
 13.1300 +
 13.1301 +  }
 13.1302 + }
 13.1303 +
 13.1304 +  public void processDomTreeVlanSlot(
 13.1305 +	Document doc,
 13.1306 +	Vector bagOfSsids, 	
 13.1307 +	Vector bagOfTypes) 	
 13.1308 +  throws Exception
 13.1309 + {
 13.1310 +      boolean found;
 13.1311 +
 13.1312 +  printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size());
 13.1313 +  Element root = doc.getDocumentElement();
 13.1314 +
 13.1315 +  NodeList elementList = root.getElementsByTagName ("Vlan");
 13.1316 +  printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength());
 13.1317 +
 13.1318 +  for (int x = 0; x < elementList.getLength(); x++)
 13.1319 +  {
 13.1320 +	found = false;
 13.1321 +
 13.1322 +        Node node = elementList.item (x);          
 13.1323 +
 13.1324 +	if (node.getNodeType() == Node.ELEMENT_NODE)
 13.1325 +	{
 13.1326 +	  printDebug(" pDTVS:: child: " + x + " is an element node" );
 13.1327 +	  Element e1 = (Element) node;
 13.1328 +
 13.1329 +	  /* Get vid */
 13.1330 +      	  NodeList elist = e1.getElementsByTagName ("vid");
 13.1331 +      	  String idStr = elist.item(0).getFirstChild().getNodeValue();  
 13.1332 +      	  printDebug ("pDTVS:: vid:" + idStr);
 13.1333 +
 13.1334 +	  /* Get TE */
 13.1335 +      	  elist = e1.getElementsByTagName ("TE");
 13.1336 +          printDebug ("pDTVS:: Total ste types: " + elist.getLength());
 13.1337 +
 13.1338 +	  Vector colorTypes = new Vector();
 13.1339 +	  for (int j = 0; j < elist.getLength(); j++)
 13.1340 +	  {
 13.1341 +		Node knode = elist.item (j);          
 13.1342 +        	Node childNode = knode.getFirstChild();     
 13.1343 +        	String value = childNode.getNodeValue();
 13.1344 +
 13.1345 +		printDebug (" pDT:: My color is: " + value);
 13.1346 +		if (!bagOfTypes.contains(value))
 13.1347 +		{
 13.1348 +      		  throw new IOException("pDT:: Vlan: " + idStr+ " has unknown type : "+ value);
 13.1349 +		}
 13.1350 +
 13.1351 +		if (!colorTypes.contains(value))
 13.1352 +		  colorTypes.addElement(value);
 13.1353 +	  }
 13.1354 +	  Enumeration e = bagOfSsids.elements();
 13.1355 +	  while (e.hasMoreElements())
 13.1356 +	  {
 13.1357 +		SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 13.1358 +		if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 13.1359 +		{
 13.1360 +		  found = true;
 13.1361 +		  if (null == elem.vlans)
 13.1362 +			elem.vlans = new Vector();
 13.1363 +		   elem.vlans.add(idStr);
 13.1364 +		}
 13.1365 +		
 13.1366 +	  }
 13.1367 +	  if (!found && (0 < colorTypes.size()))
 13.1368 +	  {
 13.1369 +		 SecurityLabel entry = new SecurityLabel();
 13.1370 +		 entry.steTypes = colorTypes;
 13.1371 +		 entry.vlans = new Vector();
 13.1372 +		 entry.vlans.add(idStr);
 13.1373 +		 bagOfSsids.add(entry);
 13.1374 +	  }
 13.1375 +
 13.1376 +	}
 13.1377 +  } 
 13.1378 +  printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size());
 13.1379 +
 13.1380 +  elementList = root.getElementsByTagName ("Slot");
 13.1381 +  printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength());
 13.1382 +
 13.1383 +  for (int x = 0; x < elementList.getLength(); x++)
 13.1384 +  {
 13.1385 +	found = false;
 13.1386 +
 13.1387 +        Node node = elementList.item (x);          
 13.1388 +
 13.1389 +	if (node.getNodeType() == Node.ELEMENT_NODE)
 13.1390 +	{
 13.1391 +	  printDebug(" pDT:: child: " + x + " is an element node" );
 13.1392 +	  Element e1 = (Element) node;
 13.1393 +
 13.1394 +
 13.1395 +	  /* Get slot and bus */
 13.1396 +	  SlotInfo item = new SlotInfo();
 13.1397 +
 13.1398 +	  NodeList elist = e1.getElementsByTagName ("bus");
 13.1399 +	  item.bus = elist.item(0).getFirstChild().getNodeValue();  
 13.1400 +      	  elist = e1.getElementsByTagName ("slot");
 13.1401 +      	  item.slot = elist.item(0).getFirstChild().getNodeValue();  
 13.1402 +      	  printDebug ("pDT:: bus and slot:" + item.bus + " "+ item.slot);
 13.1403 +
 13.1404 +	  /* Get TE */
 13.1405 +      	  elist = e1.getElementsByTagName ("TE");
 13.1406 +          printDebug ("pDT:: Total ste types: " + elist.getLength());
 13.1407 +
 13.1408 +	  Vector colorTypes = new Vector();
 13.1409 +	  for (int j = 0; j < elist.getLength(); j++)
 13.1410 +	  {
 13.1411 +        	Node knode = elist.item (j);          
 13.1412 +        	Node childNode = knode.getFirstChild();     
 13.1413 +        	String value = childNode.getNodeValue();
 13.1414 +
 13.1415 +		printDebug ("pDT:: My color is: " + value);
 13.1416 +		if (!bagOfTypes.contains(value))
 13.1417 +		{
 13.1418 +		  throw new IOException("pDT:: bus: " + item.bus + " slot: "+ item.slot + " has unknown type : "+ value);
 13.1419 +		}
 13.1420 +
 13.1421 +		if (!colorTypes.contains(value))
 13.1422 +		  colorTypes.addElement(value);
 13.1423 +		}
 13.1424 +
 13.1425 +		Enumeration e = bagOfSsids.elements();
 13.1426 +		while (e.hasMoreElements())
 13.1427 +		{
 13.1428 +  		  SecurityLabel elem = (SecurityLabel) e.nextElement(); 
 13.1429 +		  if ( elem.steTypes.size() == colorTypes.size() && elem.steTypes.containsAll(colorTypes))
 13.1430 +		  {
 13.1431 +			found = true;
 13.1432 +			if (null == elem.slots)
 13.1433 +			  elem.slots = new Vector();
 13.1434 +			elem.slots.add(item);
 13.1435 +
 13.1436 +		  }
 13.1437 +		
 13.1438 +		}
 13.1439 +
 13.1440 +		if (!found && (0 < colorTypes.size()))
 13.1441 +		{
 13.1442 +		  SecurityLabel entry = new SecurityLabel();
 13.1443 +		  entry.steTypes = colorTypes;
 13.1444 +		  entry.slots = new Vector();
 13.1445 +		  entry.slots.add(item);
 13.1446 +		  bagOfSsids.add(entry);
 13.1447 +		}
 13.1448 +
 13.1449 +	}
 13.1450 +  }
 13.1451 +  return;
 13.1452 + }
 13.1453 +
 13.1454 + public static void main (String[] args) 
 13.1455 + {
 13.1456 +  String xmlFileName = null;        	/* policy file */ 
 13.1457 +  String outputFileName = null;     	/* binary policy file */
 13.1458 +  String xenSsidOutputFileName = null; 	/* outputfile ssid to named types */	
 13.1459 +					/* outputfile conflicts ssid to named types */	
 13.1460 +  String xenSsidConfOutputFileName = null; 	
 13.1461 +
 13.1462 +  XmlToBin genObj = new XmlToBin(); 
 13.1463 +
 13.1464 +
 13.1465 +  for (int i = 0 ; i < args.length ; i++) {
 13.1466 +
 13.1467 +	if ( args[i].equals("-help"))  {
 13.1468 +          printUsage();
 13.1469 +          System.exit(1);
 13.1470 +
 13.1471 +        } else if ( args[i].equals("-i"))  {
 13.1472 +          i++;
 13.1473 +          if (i < args.length) {
 13.1474 +               xmlFileName = args[i];   
 13.1475 +          } else  {
 13.1476 +                System.out.println("-i argument needs parameter");
 13.1477 +                System.exit(1);
 13.1478 +          }
 13.1479 +
 13.1480 +	} else if ( args[i].equals("-o"))  {
 13.1481 +          i++;
 13.1482 +          if (i < args.length) {
 13.1483 +                outputFileName = args[i];   
 13.1484 +          } else {
 13.1485 +                System.out.println("-o argument needs parameter");
 13.1486 +                System.exit(1);
 13.1487 +          }
 13.1488 +
 13.1489 +	} else if ( args[i].equals("-xssid"))  {
 13.1490 +          i++;
 13.1491 +          if (i < args.length) {
 13.1492 +                 xenSsidOutputFileName = args[i];   
 13.1493 +          } else {
 13.1494 +                System.out.println("-xssid argument needs parameter");
 13.1495 +                System.exit(1);
 13.1496 +          }
 13.1497 +
 13.1498 +	} else if ( args[i].equals("-xssidconf"))  {
 13.1499 +          i++;
 13.1500 +          if (i < args.length) {
 13.1501 +                xenSsidConfOutputFileName = args[i]; 
 13.1502 +          } else {
 13.1503 +                System.out.println("-xssidconf argument needs parameter");
 13.1504 +                System.exit(1);
 13.1505 +          }
 13.1506 +	} else if ( args[i].equals("-debug"))  { /* turn on debug msg */
 13.1507 +	 	genObj.setDebug(true);
 13.1508 +        } else {
 13.1509 +          System.out.println("bad command line argument: " + args[i]);
 13.1510 +          printUsage();
 13.1511 +          System.exit(1);
 13.1512 +        }
 13.1513 +
 13.1514 +  }
 13.1515 +
 13.1516 +  if (xmlFileName == null)
 13.1517 +  { 
 13.1518 +	System.out.println("Need to specify input file -i option");
 13.1519 +        printUsage();
 13.1520 +        System.exit(1);
 13.1521 +  }
 13.1522 +
 13.1523 +
 13.1524 +  try 
 13.1525 +  {
 13.1526 +	/* Parse and validate */
 13.1527 + 	Document doc =  genObj.getDomTree(xmlFileName);
 13.1528 +
 13.1529 +	/* Vectors to hold sets of types */
 13.1530 +	Vector bagOfSsids = new Vector();
 13.1531 +	Vector bagOfTypes = new Vector();
 13.1532 +	Vector bagOfChwSsids = new Vector();
 13.1533 +	Vector bagOfChwTypes = new Vector();
 13.1534 +	Vector bagOfConflictSsids = new Vector();
 13.1535 +
 13.1536 +	Vector vlanMapSsids = new Vector();
 13.1537 +	Vector slotMapSsids = new Vector();
 13.1538 +
 13.1539 +	genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, bagOfChwTypes, bagOfConflictSsids);
 13.1540 +
 13.1541 +	genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes);
 13.1542 +
 13.1543 +	/* Get binary representation of policies */
 13.1544 +  	byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes);
 13.1545 +  	byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, bagOfConflictSsids,bagOfChwTypes);
 13.1546 +
 13.1547 +  	byte[] binPolicy = null;
 13.1548 + 	byte[] binaryPartionSsid = null;
 13.1549 +  	byte[] binaryVlanSsid = null;
 13.1550 +  	byte[] binarySlotSsid = null;
 13.1551 +
 13.1552 +	/* Get binary representation of partition to ssid mapping */
 13.1553 +  	binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids);
 13.1554 +
 13.1555 +	/* Get binary representation of vlan to ssid mapping */
 13.1556 +  	binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids);
 13.1557 +
 13.1558 +	/* Get binary representation of slot to ssid mapping */
 13.1559 +  	binarySlotSsid = genObj.generateSlotSsids(bagOfSsids);
 13.1560 +
 13.1561 +	/* Generate binary representation: policy, partition, slot and vlan */
 13.1562 +  	binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, binaryPartionSsid, binaryVlanSsid, binarySlotSsid);
 13.1563 +
 13.1564 +
 13.1565 +	/* Write binary policy into file */
 13.1566 +	if (null != outputFileName)
 13.1567 +	{
 13.1568 +  		genObj.writeBinPolicy(binPolicy, outputFileName);
 13.1569 +	} else {
 13.1570 +		System.out.println (" No binary policy generated, outputFileName:  " + outputFileName);
 13.1571 +	}
 13.1572 +
 13.1573 +	/* Print total number of types */
 13.1574 +	System.out.println (" Total number of unique ste types: " + bagOfTypes.size());
 13.1575 +	System.out.println (" Total number of Ssids : " + bagOfSsids.size());
 13.1576 +	System.out.println (" Total number of unique chw types: " + bagOfChwTypes.size());
 13.1577 +	System.out.println (" Total number of conflict ssids : " + bagOfConflictSsids.size());
 13.1578 +	System.out.println (" Total number of chw Ssids : " + bagOfChwSsids.size());
 13.1579 +
 13.1580 +   	if (null != xenSsidOutputFileName)
 13.1581 +  		genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, true);
 13.1582 +
 13.1583 +   	if (null != xenSsidConfOutputFileName)
 13.1584 +  		genObj.writeXenTypeFile(bagOfChwSsids, xenSsidConfOutputFileName, false);
 13.1585 +    } 
 13.1586 +    catch (Exception e) 
 13.1587 +    {
 13.1588 +      e.printStackTrace();
 13.1589 +    }
 13.1590 +  }
 13.1591 +}
    14.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    14.2 +++ b/tools/misc/policyprocessor/XmlToBinInterface.java	Tue Jun 21 07:02:30 2005 +0000
    14.3 @@ -0,0 +1,135 @@
    14.4 +/**
    14.5 + * (C) Copyright IBM Corp. 2005
    14.6 + *
    14.7 + * $Id: XmlToBinInterface.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    14.8 + *
    14.9 + * Author: Ray Valdez
   14.10 + *
   14.11 + * This program is free software; you can redistribute it and/or
   14.12 + * modify it under the terms of the GNU General Public License as
   14.13 + * published by the Free Software Foundation, version 2 of the
   14.14 + * License.
   14.15 + *
   14.16 + * XmlToBinInterface Class.  
   14.17 + * <p>
   14.18 + *
   14.19 + * Defines constants used by XmToBin.
   14.20 + *
   14.21 + * <p>
   14.22 + *
   14.23 + *	policy binary structures
   14.24 + *
   14.25 + *	typedef struct {
   14.26 + *        u32 magic;
   14.27 + *
   14.28 + *        u32 policyversion;
   14.29 + *        u32 len;
   14.30 + *
   14.31 + *        u16 primary_policy_code;
   14.32 + *        u16 primary_buffer_offset;
   14.33 + *        u16 secondary_policy_code;
   14.34 + *        u16 secondary_buffer_offset;
   14.35 + *	u16 resource_offset;
   14.36 + *
   14.37 + *	} acm_policy_buffer_t;
   14.38 + *
   14.39 + *	typedef struct {
   14.40 + *        u16 policy_code;
   14.41 + *        u16 ste_max_types;
   14.42 + *        u16 ste_max_ssidrefs;
   14.43 + *        u16 ste_ssid_offset;
   14.44 + *	} acm_ste_policy_buffer_t;
   14.45 + *
   14.46 + *  	typedef struct {
   14.47 + *        uint16 policy_code;
   14.48 + *        uint16 chwall_max_types;
   14.49 + *        uint16 chwall_max_ssidrefs;
   14.50 + *        uint16 chwall_max_conflictsets;
   14.51 + *        uint16 chwall_ssid_offset;
   14.52 + *        uint16 chwall_conflict_sets_offset;
   14.53 + *        uint16 chwall_running_types_offset;
   14.54 + *        uint16 chwall_conflict_aggregate_offset;
   14.55 + *	} acm_chwall_policy_buffer_t;
   14.56 + *
   14.57 + *	typedef struct {
   14.58 + *	u16 partition_max;
   14.59 + *	u16 partition_offset;
   14.60 + *	u16 vlan_max;
   14.61 + *	u16 vlan_offset;
   14.62 + *	u16 slot_max;
   14.63 + *	u16 slot_offset;
   14.64 + *	} acm_resource_buffer_t;
   14.65 + *
   14.66 + *	typedef struct {
   14.67 + *	u16 id;
   14.68 + *	u16 ssid_ste;
   14.69 + *	u16 ssid_chwall;
   14.70 + *	} acm_partition_entry_t;
   14.71 + *
   14.72 + *	typedef struct {
   14.73 + *	u16 vlan;
   14.74 + *	u16 ssid_ste;
   14.75 + *	} acm_vlan_entry_t;
   14.76 + *
   14.77 + *	typedef struct {
   14.78 + *	u16 bus;
   14.79 + *	u16 slot;
   14.80 + *	u16 ssid_ste;
   14.81 + *	} acm_slot_entry_t;
   14.82 + *
   14.83 + *       
   14.84 + *
   14.85 + */
   14.86 +public interface XmlToBinInterface
   14.87 +{
   14.88 +  /* policy code  (uint16) */
   14.89 +  final int policyCodeSize = 2;
   14.90 +
   14.91 +  /* max_types    (uint16) */
   14.92 +  final int maxTypesSize = 2;
   14.93 +
   14.94 +  /* max_ssidrefs (uint16) */
   14.95 +  final int maxSsidrefSize = 2;
   14.96 +
   14.97 +  /* ssid_offset  (uint32) */
   14.98 +  final int ssidOffsetSize = 2;
   14.99 +
  14.100 +  final short markSymbol = 0x0001;
  14.101 +
  14.102 +  final int u32Size = 4;
  14.103 +  final int u16Size = 2;
  14.104 +
  14.105 +  /* num of bytes for acm_ste_policy_buffer_t */
  14.106 +  final short steHeaderSize = (4 * u16Size); 
  14.107 +  /* byte for acm_chinese_wall_policy_buffer_t */
  14.108 +  final short chwHeaderSize = (8 * u16Size); 
  14.109 +
  14.110 +  final short primaryPolicyCodeSize = u16Size;
  14.111 +  final short primaryBufferOffsetSize = u16Size ;
  14.112 +
  14.113 +  final int secondaryPolicyCodeSz = u16Size;
  14.114 +  final int secondaryBufferOffsetSz = u16Size;
  14.115 +  final short resourceOffsetSz = u16Size;
  14.116 +
  14.117 +  final short partitionBufferSz = (2 * u16Size);
  14.118 +  final short partitionEntrySz = (3 * u16Size);
  14.119 +
  14.120 +  final short slotBufferSz = (2 * u16Size);
  14.121 +  final short slotEntrySz = (3 * u16Size);
  14.122 +
  14.123 +  final short vlanBufferSz = (2 * u16Size);
  14.124 +  final short vlanEntrySz = (2 * u16Size);
  14.125 +
  14.126 +  final short binaryBufferHeaderSz = (3 * u32Size + 4* u16Size);
  14.127 +
  14.128 +  /* copied directlty from policy_ops.h */
  14.129 +  final int POLICY_INTERFACE_VERSION = 0xAAAA0000;
  14.130 +
  14.131 +  /* copied directly from acm.h */
  14.132 +  final int ACM_MAGIC  =  0x0001debc;
  14.133 +  final short ACM_NULL_POLICY = 0;
  14.134 +  final short ACM_CHINESE_WALL_POLICY = 1;
  14.135 +  final short ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
  14.136 +  final short ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
  14.137 +  final short ACM_EMPTY_POLICY = 4;
  14.138 +}
    15.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    15.2 +++ b/tools/misc/policyprocessor/myHandler.java	Tue Jun 21 07:02:30 2005 +0000
    15.3 @@ -0,0 +1,47 @@
    15.4 +/**
    15.5 + * (C) Copyright IBM Corp. 2005
    15.6 + *
    15.7 + * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
    15.8 + *
    15.9 + * Author: Ray Valdez
   15.10 + *
   15.11 + * This program is free software; you can redistribute it and/or
   15.12 + * modify it under the terms of the GNU General Public License as
   15.13 + * published by the Free Software Foundation, version 2 of the
   15.14 + * License.
   15.15 + *
   15.16 + * myHandler Class.  
   15.17 + *
   15.18 + * <p>
   15.19 + *
   15.20 + * A dummy class used for detecting XML validating/parsing errors.
   15.21 + *
   15.22 + * <p>
   15.23 + *
   15.24 + *
   15.25 + */
   15.26 +import org.xml.sax.helpers.*;
   15.27 +import org.xml.sax.SAXParseException;
   15.28 +
   15.29 +class myHandler extends DefaultHandler 
   15.30 +{ 
   15.31 + public boolean isValid = true;
   15.32 +
   15.33 + /* Notification of a recoverable error. */
   15.34 + public void error(SAXParseException se) 
   15.35 + { 
   15.36 +  isValid = false;
   15.37 + } 
   15.38 +
   15.39 + /* Notification of a non-recoverable error. */
   15.40 + public void fatalError(SAXParseException se) 
   15.41 + { 
   15.42 +  isValid = false;
   15.43 + } 
   15.44 +
   15.45 + /* Notification of a warning. */
   15.46 + public void warning(SAXParseException se) 
   15.47 + {
   15.48 +  isValid = false;
   15.49 + }
   15.50 +}
    16.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    16.2 +++ b/tools/misc/policyprocessor/readme.install	Tue Jun 21 07:02:30 2005 +0000
    16.3 @@ -0,0 +1,33 @@
    16.4 +# Author: Ray Valdez, rvaldez@us.ibm.com 
    16.5 +# Version: 1.0
    16.6 +#
    16.7 +# install readme
    16.8 +#
    16.9 +PREREQUISITES:
   16.10 +
   16.11 +Prior to installation of the policy processor tool (XmlToBin) you must have...
   16.12 +
   16.13 + 1. Java version 1.4.2
   16.14 + 2. xmlParserAPIs.jar and xercesImpl.jar
   16.15 +
   16.16 +The above can be obtained from the Sun Developer Network web site at
   16.17 +http://java.sun.com/j2se/1.4.2/download.html.
   16.18 +
   16.19 +XmlParserAPIs and xercesImpl jars can be obtained from
   16.20 +http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz,
   16.21 +for example).
   16.22 +
   16.23 +The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit
   16.24 +INTEL).
   16.25 +
   16.26 +INSTALLATION
   16.27 +
   16.28 +1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin
   16.29 +   where $HOME_JAVA is your java installation directory
   16.30 +
   16.31 +2. Compile XmlToBin:
   16.32 +   javac XmlToBin.java
   16.33 +	
   16.34 +USAGE
   16.35 +
   16.36 + See readme.xen
    17.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    17.2 +++ b/tools/misc/policyprocessor/readme.xen	Tue Jun 21 07:02:30 2005 +0000
    17.3 @@ -0,0 +1,65 @@
    17.4 +# Author: Ray Valdez, rvaldez@us.ibm.com 
    17.5 +# Version: 1.0
    17.6 +#
    17.7 +# This readme describes the policy processor tool for sHype.
    17.8 +#
    17.9 +
   17.10 +Java program:
   17.11 +
   17.12 + java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf <SsidConf>
   17.13 +
   17.14 + Command line options:
   17.15 +
   17.16 +        -i              inputFile:      name of policyfile (.xml)
   17.17 +        -o              outputFile:     name of binary policy file (Big Endian)
   17.18 +        -xssid          SsidFile:       xen ssids to named types text file
   17.19 +        -xssidconf      SsidConf:   	xen conflict ssids to types text file
   17.20 +        -debug                          turn on debug messages
   17.21 +        -help                           help. This printout
   17.22 +
   17.23 +Where:
   17.24 +
   17.25 +file.xml is the (input) xml policy file to be parsed and validated.
   17.26 +The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
   17.27 +file.bin is the (output) binary policy file generated by XmlToBin.
   17.28 +This binary policy can be activated in sHype. The binary policy file
   17.29 +is laid out in network byte order (i.e., big endian).  The SsidFile
   17.30 +file contains the mapping of type enforcement (TE) ssids to the "named
   17.31 +types".  Similarly, the SsidConf file contains the mapping of Chinese
   17.32 +Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
   17.33 +files are used by Xen.
   17.34 +
   17.35 +Xml Schema and policy:
   17.36 +
   17.37 +The SecurityPolicySpec.xsd defines the syntax of a policy file. It
   17.38 +declares the tags that are used by XmlToBin to generate the binary
   17.39 +policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
   17.40 +etc.  The xml files that describe a policy are simple.  Semantic
   17.41 +checking of a policy is performed mostly by XmlToBin.  A type, for
   17.42 +example, is a string. No fixed values are defined for types in Xml.
   17.43 +  
   17.44 +A policy consists of two Xml files: definition and policy. The
   17.45 +definition Xml declares the types that are permitted in the policy
   17.46 +Xml.  The policy Xml contains the assignment of labels to
   17.47 +subject/object (e.g., vm). This Xml file contains an explicit
   17.48 +reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
   17.49 +The policy Xml is the one provided as a command line argument.
   17.50 +
   17.51 +
   17.52 +Files:
   17.53 +
   17.54 +*.java		      	- policy processor source 
   17.55 +xen_sample_policy.xml	- sample xml policy file
   17.56 +xen_sample_def.xml	- sample user defined types
   17.57 +SecurityPolicySpec.xsd 	- schema definition file
   17.58 +
   17.59 +
   17.60 +To generate the sample binary policy: 
   17.61 +
   17.62 +export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
   17.63 +
   17.64 +java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
   17.65 +
   17.66 +where $XERCES_HOME is the installation directory of the Apache Xerces-J
   17.67 +
   17.68 +
    18.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    18.2 +++ b/tools/misc/policyprocessor/xen_sample_def.xml	Tue Jun 21 07:02:30 2005 +0000
    18.3 @@ -0,0 +1,46 @@
    18.4 +<?xml version="1.0"?>
    18.5 +<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    18.6 +<!-- example policy type definition -->
    18.7 +<SecurityPolicySpec
    18.8 +xmlns="http://www.ibm.com"
    18.9 +xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   18.10 +xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   18.11 +
   18.12 +<Definition>
   18.13 +<!-- an example of a simple type enforcement type definition -->
   18.14 +  <Types>
   18.15 +        <TE>LOCAL-management</TE>
   18.16 +        <TE>R-Company-development</TE>
   18.17 +        <TE>S-Company-order</TE>
   18.18 +        <TE>T-Company-advertising</TE>
   18.19 +        <TE>U-Company-computing</TE>
   18.20 +		 <!-- TE nondevelopment  -->
   18.21 +  </Types>
   18.22 +
   18.23 +<!-- an example of a chinese wall type definition along with conflict sets-->
   18.24 +  <ChWallTypes>
   18.25 +		 <ChWall>Q-Company</ChWall>
   18.26 +		 <ChWall>R-Company</ChWall>
   18.27 +		 <ChWall>S-Company</ChWall>
   18.28 +		 <ChWall>T-Company</ChWall>
   18.29 +		 <ChWall>U-Company</ChWall>
   18.30 +		 <ChWall>V-Company</ChWall>
   18.31 +		 <ChWall>W-Company</ChWall>
   18.32 +		 <ChWall>X-Company</ChWall>
   18.33 +		 <ChWall>Y-Company</ChWall>
   18.34 +		 <ChWall>Z-Company</ChWall>
   18.35 +  </ChWallTypes>
   18.36 +
   18.37 +  <ConflictSet>
   18.38 +		 <ChWall>T-Company</ChWall>
   18.39 +		 <ChWall>S-Company</ChWall>
   18.40 +   </ConflictSet>
   18.41 +
   18.42 +   <ConflictSet>
   18.43 +		 <ChWall>Q-Company</ChWall>
   18.44 +		 <ChWall>V-Company</ChWall>
   18.45 +		 <ChWall>W-Company</ChWall>
   18.46 +   </ConflictSet>
   18.47 +
   18.48 +</Definition>
   18.49 +</SecurityPolicySpec>
    19.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    19.2 +++ b/tools/misc/policyprocessor/xen_sample_policy.xml	Tue Jun 21 07:02:30 2005 +0000
    19.3 @@ -0,0 +1,58 @@
    19.4 +<?xml version="1.0"?>
    19.5 +<!-- Author: Ray Valdez, rvaldez@us.ibm.com -->
    19.6 +<!-- example xen policy file -->
    19.7 +
    19.8 +<SecurityPolicySpec
    19.9 +xmlns="http://www.ibm.com"
   19.10 +xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   19.11 +xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
   19.12 +<Policy>
   19.13 + <PolicyHeader>
   19.14 +        <Name>xen sample policy</Name>
   19.15 +        <DateTime>2005-05-20T16:56:00</DateTime>
   19.16 +        <Tag>foobar</Tag>
   19.17 +        <TypeDefinition>
   19.18 +          <url>xen_sample_def.xml</url>
   19.19 +          <hash>abcdef123456abcdef</hash>
   19.20 +        </TypeDefinition>
   19.21 + </PolicyHeader>
   19.22 +
   19.23 + <VM>
   19.24 +        <id> 0 </id>
   19.25 +        <TE>LOCAL-management</TE>
   19.26 +        <TE>R-Company-development</TE>
   19.27 +        <TE>S-Company-order</TE>
   19.28 +        <TE>T-Company-advertising</TE>
   19.29 +        <TE>U-Company-computing</TE>
   19.30 +		 <ChWall>Q-Company</ChWall>
   19.31 + </VM>
   19.32 +
   19.33 + <VM>
   19.34 +        <id> 1 </id>
   19.35 +        <TE>R-Company-development</TE>
   19.36 +		 <ChWall>R-Company</ChWall>
   19.37 + </VM>
   19.38 +
   19.39 + <VM>
   19.40 +        <id> 2 </id>
   19.41 +        <TE>S-Company-order</TE>
   19.42 +		 <ChWall>S-Company</ChWall>
   19.43 +
   19.44 + </VM>
   19.45 +
   19.46 + <VM>
   19.47 +        <id> 3 </id>
   19.48 +        <TE>T-Company-advertising</TE>
   19.49 +		 <ChWall>T-Company</ChWall>
   19.50 + </VM>
   19.51 +
   19.52 +
   19.53 + <VM>
   19.54 +        <id> 4 </id>
   19.55 +        <TE>U-Company-computing</TE>
   19.56 +		 <ChWall>U-Company</ChWall>
   19.57 + </VM>
   19.58 +
   19.59 +
   19.60 +</Policy>
   19.61 +</SecurityPolicySpec>
    20.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    20.2 +++ b/tools/policy/Makefile	Tue Jun 21 07:02:30 2005 +0000
    20.3 @@ -0,0 +1,36 @@
    20.4 +XEN_ROOT = ../..
    20.5 +include $(XEN_ROOT)/tools/Rules.mk
    20.6 +
    20.7 +SRCS     = policy_tool.c
    20.8 +CFLAGS   += -static
    20.9 +CFLAGS   += -Wall
   20.10 +CFLAGS   += -Werror
   20.11 +CFLAGS   += -O3
   20.12 +CFLAGS   += -fno-strict-aliasing
   20.13 +CFLAGS   += -I.
   20.14 +
   20.15 +all: build
   20.16 +build: mk-symlinks
   20.17 +	$(MAKE) policy_tool
   20.18 +
   20.19 +default: all
   20.20 +
   20.21 +install: all
   20.22 +
   20.23 +policy_tool : policy_tool.c
   20.24 +	$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
   20.25 +
   20.26 +clean:
   20.27 +	rm -rf policy_tool xen
   20.28 +
   20.29 +
   20.30 +LINUX_ROOT := $(wildcard $(XEN_ROOT)/linux-2.6.*-xen-sparse)
   20.31 +mk-symlinks:
   20.32 +	[ -e xen/linux ] || mkdir -p xen/linux
   20.33 +	[ -e xen/io ]    || mkdir -p xen/io
   20.34 +	( cd xen >/dev/null ; \
   20.35 +	  ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
   20.36 +	( cd xen/io >/dev/null ; \
   20.37 +	  ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
   20.38 +	( cd xen/linux >/dev/null ; \
   20.39 +	  ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
    21.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    21.2 +++ b/tools/policy/policy_tool.c	Tue Jun 21 07:02:30 2005 +0000
    21.3 @@ -0,0 +1,557 @@
    21.4 +/****************************************************************
    21.5 + * policy_tool.c
    21.6 + * 
    21.7 + * Copyright (C) 2005 IBM Corporation
    21.8 + *
    21.9 + * Authors:
   21.10 + * Reiner Sailer <sailer@watson.ibm.com>
   21.11 + * Stefan Berger <stefanb@watson.ibm.com>
   21.12 + *
   21.13 + * This program is free software; you can redistribute it and/or
   21.14 + * modify it under the terms of the GNU General Public License as
   21.15 + * published by the Free Software Foundation, version 2 of the
   21.16 + * License. 
   21.17 + *
   21.18 + * sHype policy management tool. This code runs in a domain and
   21.19 + *     manages the Xen security policy by interacting with the
   21.20 + *     Xen access control module via a /proc/xen/policycmd proc-ioctl, 
   21.21 + *     which is translated into a policy_op hypercall into Xen.
   21.22 + * 
   21.23 + * todo: implement setpolicy to dynamically set a policy cache.
   21.24 + */
   21.25 +#include <unistd.h>
   21.26 +#include <stdio.h>
   21.27 +#include <errno.h>
   21.28 +#include <fcntl.h>
   21.29 +#include <sys/mman.h>
   21.30 +#include <sys/types.h>
   21.31 +#include <sys/stat.h>
   21.32 +#include <stdlib.h>
   21.33 +#include <sys/ioctl.h>
   21.34 +#include <string.h>
   21.35 +#include <stdint.h>
   21.36 +#include <netinet/in.h>
   21.37 +
   21.38 +typedef uint8_t            u8;
   21.39 +typedef uint16_t           u16;
   21.40 +typedef uint32_t           u32;
   21.41 +typedef uint64_t           u64;
   21.42 +typedef int8_t             s8;
   21.43 +typedef int16_t            s16;
   21.44 +typedef int32_t            s32;
   21.45 +typedef int64_t            s64;
   21.46 +
   21.47 +#include <xen/acm.h>
   21.48 +
   21.49 +#include <xen/policy_ops.h>
   21.50 +
   21.51 +#include <xen/linux/privcmd.h>
   21.52 +
   21.53 +#define ERROR(_m, _a...)	\
   21.54 +	fprintf(stderr, "ERROR: " _m "\n" , ## _a )
   21.55 +
   21.56 +#define PERROR(_m, _a...) \
   21.57 +	fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,	\
   21.58 +            errno, strerror(errno))
   21.59 +
   21.60 +static inline int do_policycmd(int xc_handle,
   21.61 +                             unsigned int cmd, 
   21.62 +                             unsigned long data)
   21.63 +{
   21.64 +    return ioctl(xc_handle, cmd, data);
   21.65 +}
   21.66 +
   21.67 +static inline int do_xen_hypercall(int xc_handle,
   21.68 +                                   privcmd_hypercall_t *hypercall)
   21.69 +{
   21.70 +    return do_policycmd(xc_handle,
   21.71 +                      IOCTL_PRIVCMD_HYPERCALL, 
   21.72 +                      (unsigned long)hypercall);
   21.73 +}
   21.74 +
   21.75 +static inline int do_policy_op(int xc_handle, policy_op_t *op)
   21.76 +{
   21.77 +    int ret = -1;
   21.78 +    privcmd_hypercall_t hypercall;
   21.79 +
   21.80 +    op->interface_version = POLICY_INTERFACE_VERSION;
   21.81 +
   21.82 +    hypercall.op     = __HYPERVISOR_policy_op;
   21.83 +    hypercall.arg[0] = (unsigned long)op;
   21.84 +
   21.85 +    if ( mlock(op, sizeof(*op)) != 0 )
   21.86 +    {
   21.87 +        PERROR("Could not lock memory for Xen policy hypercall");
   21.88 +        goto out1;
   21.89 +    }
   21.90 +
   21.91 +    if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 )
   21.92 +    {
   21.93 +        if ( errno == EACCES )
   21.94 +            fprintf(stderr, "POLICY operation failed -- need to"
   21.95 +                    " rebuild the user-space tool set?\n");
   21.96 +        goto out2;
   21.97 +    }
   21.98 +
   21.99 + out2: (void)munlock(op, sizeof(*op));
  21.100 + out1: return ret;
  21.101 +}
  21.102 +
  21.103 +/*************************** DUMPS *******************************/
  21.104 +
  21.105 +void acm_dump_chinesewall_buffer(void *buf, int buflen) {
  21.106 +
  21.107 +	struct acm_chwall_policy_buffer *cwbuf = (struct acm_chwall_policy_buffer *)buf;
  21.108 +	domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate;
  21.109 +	int i,j;
  21.110 +
  21.111 +       
  21.112 +	if (htons(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) {
  21.113 +		printf("CHINESE WALL POLICY CODE not found ERROR!!\n");
  21.114 +		return;
  21.115 +	}
  21.116 +	printf("\n\nChinese Wall policy:\n");
  21.117 +	printf("====================\n");
  21.118 +	printf("Max Types     = %x.\n", ntohs(cwbuf->chwall_max_types));
  21.119 +	printf("Max Ssidrefs  = %x.\n", ntohs(cwbuf->chwall_max_ssidrefs));
  21.120 +	printf("Max ConfSets  = %x.\n", ntohs(cwbuf->chwall_max_conflictsets));
  21.121 +	printf("Ssidrefs Off  = %x.\n", ntohs(cwbuf->chwall_ssid_offset));
  21.122 +	printf("Conflicts Off = %x.\n", ntohs(cwbuf->chwall_conflict_sets_offset));
  21.123 +	printf("Runing T. Off = %x.\n", ntohs(cwbuf->chwall_running_types_offset));
  21.124 +	printf("C. Agg. Off   = %x.\n", ntohs(cwbuf->chwall_conflict_aggregate_offset));
  21.125 +	printf("\nSSID To CHWALL-Type matrix:\n");
  21.126 +
  21.127 +	ssids = (domaintype_t *)(buf + ntohs(cwbuf->chwall_ssid_offset));
  21.128 +	for(i=0; i< ntohs(cwbuf->chwall_max_ssidrefs); i++) {
  21.129 +		printf("\n   ssidref%2x:  ", i);
  21.130 +		for(j=0; j< ntohs(cwbuf->chwall_max_types); j++)
  21.131 +			printf("%02x ", ntohs(ssids[i*ntohs(cwbuf->chwall_max_types) + j]));
  21.132 +	}
  21.133 +	printf("\n\nConfict Sets:\n");
  21.134 +	conflicts = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_sets_offset));
  21.135 +	for(i=0; i< ntohs(cwbuf->chwall_max_conflictsets); i++) {
  21.136 +		printf("\n   c-set%2x:    ", i);
  21.137 +		for(j=0; j< ntohs(cwbuf->chwall_max_types); j++)
  21.138 +			printf("%02x ", ntohs(conflicts[i*ntohs(cwbuf->chwall_max_types) +j]));
  21.139 +	}
  21.140 +	printf("\n");
  21.141 +
  21.142 +	printf("\nRunning\nTypes:         ");
  21.143 +	if (ntohs(cwbuf->chwall_running_types_offset)) {
  21.144 +		running_types = (domaintype_t *)(buf + ntohs(cwbuf->chwall_running_types_offset));
  21.145 +		for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) {
  21.146 +			printf("%02x ", ntohs(running_types[i]));
  21.147 +		}
  21.148 +		printf("\n");
  21.149 +	} else {
  21.150 +		printf("Not Reported!\n");
  21.151 +	}
  21.152 +	printf("\nConflict\nAggregate Set: ");
  21.153 +	if (ntohs(cwbuf->chwall_conflict_aggregate_offset)) {
  21.154 +		conflict_aggregate = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_aggregate_offset));
  21.155 +		for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) {
  21.156 +			printf("%02x ", ntohs(conflict_aggregate[i]));
  21.157 +		}
  21.158 +		printf("\n\n");
  21.159 +	} else {
  21.160 +		printf("Not Reported!\n");
  21.161 +	}
  21.162 +}
  21.163 +
  21.164 +void acm_dump_ste_buffer(void *buf, int buflen) {
  21.165 +
  21.166 +	struct acm_ste_policy_buffer *stebuf = (struct acm_ste_policy_buffer *)buf;
  21.167 +	domaintype_t *ssids;
  21.168 +	int i,j;
  21.169 +
  21.170 +       
  21.171 +	if (ntohs(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  21.172 +		printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n");
  21.173 +		return;
  21.174 +	}
  21.175 +	printf("\nSimple Type Enforcement policy:\n");
  21.176 +	printf("===============================\n");
  21.177 +	printf("Max Types     = %x.\n", ntohs(stebuf->ste_max_types));
  21.178 +	printf("Max Ssidrefs  = %x.\n", ntohs(stebuf->ste_max_ssidrefs));
  21.179 +	printf("Ssidrefs Off  = %x.\n", ntohs(stebuf->ste_ssid_offset));
  21.180 +	printf("\nSSID To STE-Type matrix:\n");
  21.181 +	
  21.182 +	ssids = (domaintype_t *)(buf + ntohs(stebuf->ste_ssid_offset));
  21.183 +	for(i=0; i< ntohs(stebuf->ste_max_ssidrefs); i++) {
  21.184 +		printf("\n   ssidref%2x: ", i);
  21.185 +		for(j=0; j< ntohs(stebuf->ste_max_types); j++)
  21.186 +			printf("%02x ", ntohs(ssids[i*ntohs(stebuf->ste_max_types) +j]));
  21.187 +	}
  21.188 +	printf("\n\n");
  21.189 +}
  21.190 +
  21.191 +void acm_dump_policy_buffer(void *buf, int buflen) {
  21.192 +	struct acm_policy_buffer *pol = (struct acm_policy_buffer *)buf;
  21.193 +
  21.194 +	printf("\nPolicy dump:\n");
  21.195 +	printf("============\n");
  21.196 +	printf("Magic     = %x.\n", ntohl(pol->magic));
  21.197 +	printf("PolVer    = %x.\n", ntohl(pol->policyversion));
  21.198 +	printf("Len       = %x.\n", ntohl(pol->len));
  21.199 +	printf("Primary   = %s (c=%x, off=%x).\n",
  21.200 +	       ACM_POLICY_NAME(ntohs(pol->primary_policy_code)),
  21.201 +	       ntohs(pol->primary_policy_code), ntohs(pol->primary_buffer_offset));
  21.202 +	printf("Secondary = %s (c=%x, off=%x).\n",
  21.203 +	       ACM_POLICY_NAME(ntohs(pol->secondary_policy_code)),
  21.204 +	       ntohs(pol->secondary_policy_code), ntohs(pol->secondary_buffer_offset));
  21.205 +	switch (ntohs(pol->primary_policy_code)) {
  21.206 +	case ACM_CHINESE_WALL_POLICY:
  21.207 +		acm_dump_chinesewall_buffer(buf+ntohs(pol->primary_buffer_offset), 
  21.208 +					     ntohl(pol->len) - ntohs(pol->primary_buffer_offset));
  21.209 +		break;
  21.210 +	case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  21.211 +		acm_dump_ste_buffer(buf+ntohs(pol->primary_buffer_offset), 
  21.212 +				    ntohl(pol->len) - ntohs(pol->primary_buffer_offset));
  21.213 +		break;
  21.214 +	case ACM_NULL_POLICY:
  21.215 +		printf("Primary policy is NULL Policy (n/a).\n");
  21.216 +		break;
  21.217 +	default:
  21.218 +		printf("UNKNOWN POLICY!\n");
  21.219 +	}
  21.220 +	switch (ntohs(pol->secondary_policy_code)) {
  21.221 +	case ACM_CHINESE_WALL_POLICY:
  21.222 +		acm_dump_chinesewall_buffer(buf+ntohs(pol->secondary_buffer_offset), 
  21.223 +					     ntohl(pol->len) - ntohs(pol->secondary_buffer_offset));
  21.224 +		break;
  21.225 +	case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  21.226 +		acm_dump_ste_buffer(buf+ntohs(pol->secondary_buffer_offset), 
  21.227 +				    ntohl(pol->len) - ntohs(pol->secondary_buffer_offset));
  21.228 +		break;
  21.229 +	case ACM_NULL_POLICY:
  21.230 +		printf("Secondary policy is NULL Policy (n/a).\n");
  21.231 +		break;
  21.232 +	default:
  21.233 +		printf("UNKNOWN POLICY!\n");
  21.234 +	}
  21.235 +	printf("\nPolicy dump End.\n\n");
  21.236 +}
  21.237 +
  21.238 +/*************************** set policy ****************************/
  21.239 +
  21.240 +int acm_domain_set_chwallpolicy(void *bufstart, int buflen) {
  21.241 +#define CWALL_MAX_SSIDREFS      	5
  21.242 +#define CWALL_MAX_TYPES  		10
  21.243 +#define CWALL_MAX_CONFLICTSETS		2
  21.244 +
  21.245 +     struct acm_chwall_policy_buffer *chwall_bin_pol = (struct acm_chwall_policy_buffer *)bufstart;
  21.246 +     domaintype_t *ssidrefs, *conflicts;
  21.247 +     int ret = 0;
  21.248 +     int i,j;
  21.249 +
  21.250 +     chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES);
  21.251 +     chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS);
  21.252 +     chwall_bin_pol->policy_code = htons(ACM_CHINESE_WALL_POLICY);
  21.253 +     chwall_bin_pol->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer));
  21.254 +     chwall_bin_pol->chwall_max_conflictsets = htons(CWALL_MAX_CONFLICTSETS);
  21.255 +     chwall_bin_pol->chwall_conflict_sets_offset =
  21.256 +	 htons(
  21.257 +	     ntohs(chwall_bin_pol->chwall_ssid_offset) + 
  21.258 +	     sizeof(domaintype_t)*CWALL_MAX_SSIDREFS*CWALL_MAX_TYPES);
  21.259 +     chwall_bin_pol->chwall_running_types_offset = 0; /* not set */
  21.260 +     chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */
  21.261 +     ret += sizeof(struct acm_chwall_policy_buffer);
  21.262 +     /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */
  21.263 +     /* check buffer size */
  21.264 +     if ((buflen - ret) < (CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t)))
  21.265 +			   return -1; /* not enough space */
  21.266 +
  21.267 +     ssidrefs = (domaintype_t *)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset));
  21.268 +     for(i=0; i< CWALL_MAX_SSIDREFS; i++) {
  21.269 +	     for (j=0; j< CWALL_MAX_TYPES; j++)
  21.270 +		     ssidrefs[i*CWALL_MAX_TYPES + j] = htons(0);
  21.271 +	     /* here, set type i for ssidref i; generally, a ssidref can have multiple chwall types */
  21.272 +	     if (i < CWALL_MAX_SSIDREFS)
  21.273 +		     ssidrefs[i*CWALL_MAX_TYPES + i] = htons(1);
  21.274 +     }
  21.275 +     ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t);
  21.276 +     if ((buflen - ret) < (CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)))
  21.277 +			   return -1; /* not enough space */
  21.278 +
  21.279 +     /* now the chinese wall policy conflict sets*/
  21.280 +     conflicts = (domaintype_t *)(bufstart + 
  21.281 +				  ntohs(chwall_bin_pol->chwall_conflict_sets_offset));
  21.282 +     memset((void *)conflicts, 0, CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t));
  21.283 +     /* just 1 conflict set [0]={2,3}, [1]={0,5,6} */
  21.284 +     if (CWALL_MAX_TYPES > 3) {
  21.285 +	     conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */
  21.286 +	     conflicts[CWALL_MAX_TYPES] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); 
  21.287 +	     conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */
  21.288 +     }
  21.289 +     ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES;
  21.290 +     return ret;
  21.291 +}
  21.292 +
  21.293 +int acm_domain_set_stepolicy(void *bufstart, int buflen) {
  21.294 +#define STE_MAX_SSIDREFS      	5
  21.295 +#define STE_MAX_TYPES  		5
  21.296 +	
  21.297 +    struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer *)bufstart;
  21.298 +    domaintype_t *ssidrefs;
  21.299 +    int i,j, ret = 0;
  21.300 +
  21.301 +    ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES);
  21.302 +    ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS);
  21.303 +    ste_bin_pol->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  21.304 +    ste_bin_pol->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer));
  21.305 +    ret += sizeof(struct acm_ste_policy_buffer);
  21.306 +    /* check buffer size */
  21.307 +    if ((buflen - ret) < (STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t)))
  21.308 +	    return -1; /* not enough space */
  21.309 +
  21.310 +     ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset));
  21.311 +     for(i=0; i< STE_MAX_SSIDREFS; i++) {
  21.312 +	     for (j=0; j< STE_MAX_TYPES; j++)
  21.313 +		     ssidrefs[i*STE_MAX_TYPES + j] = htons(0);
  21.314 +	     /* set type i in ssidref 0 and ssidref i */
  21.315 +	     ssidrefs[i] = htons(1); /* ssidref 0 has all types set */
  21.316 +	     if (i < STE_MAX_SSIDREFS)
  21.317 +		     ssidrefs[i*STE_MAX_TYPES + i] = htons(1);
  21.318 +     }
  21.319 +     ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t);
  21.320 +     return ret;
  21.321 +}
  21.322 +
  21.323 +#define MAX_PUSH_BUFFER 	16384
  21.324 +u8 push_buffer[MAX_PUSH_BUFFER];
  21.325 +
  21.326 +int acm_domain_setpolicy(int xc_handle)
  21.327 +{
  21.328 +     int ret;
  21.329 +     struct acm_policy_buffer *bin_pol;
  21.330 +     policy_op_t op;
  21.331 +
  21.332 +     /* future: read policy from file and set it */
  21.333 +     bin_pol = (struct acm_policy_buffer *)push_buffer;
  21.334 +     bin_pol->magic = htonl(ACM_MAGIC);
  21.335 +     bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION);
  21.336 +     bin_pol->primary_policy_code = htons(ACM_CHINESE_WALL_POLICY);
  21.337 +     bin_pol->secondary_policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  21.338 +
  21.339 +     bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
  21.340 +     bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len));
  21.341 +     ret = acm_domain_set_chwallpolicy(push_buffer + ntohs(bin_pol->primary_buffer_offset), 
  21.342 +				       MAX_PUSH_BUFFER - ntohs(bin_pol->primary_buffer_offset));
  21.343 +     if (ret < 0) {
  21.344 +	     printf("ERROR creating chwallpolicy buffer.\n");
  21.345 +	     return -1;
  21.346 +     }
  21.347 +     bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  21.348 +     bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
  21.349 +     ret = acm_domain_set_stepolicy(push_buffer + ntohs(bin_pol->secondary_buffer_offset), 
  21.350 +				    MAX_PUSH_BUFFER - ntohs(bin_pol->secondary_buffer_offset));
  21.351 +     if (ret < 0) {
  21.352 +	     printf("ERROR creating chwallpolicy buffer.\n");
  21.353 +	     return -1;
  21.354 +     }
  21.355 +     bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  21.356 +
  21.357 +     /* dump it and then push it down into xen/acm */
  21.358 +     acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
  21.359 +     op.cmd = POLICY_SETPOLICY;
  21.360 +     op.u.setpolicy.pushcache = (void *)push_buffer;
  21.361 +     op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
  21.362 +     op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  21.363 +     ret = do_policy_op(xc_handle, &op);
  21.364 +
  21.365 +     if (ret)
  21.366 +	     printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
  21.367 +     else
  21.368 +	     printf("Successfully changed policy.\n");
  21.369 +     return ret;
  21.370 +}
  21.371 +
  21.372 +/******************************* get policy ******************************/
  21.373 +
  21.374 +#define PULL_CACHE_SIZE		8192
  21.375 +u8 pull_buffer[PULL_CACHE_SIZE];
  21.376 +int acm_domain_getpolicy(int xc_handle)
  21.377 +{
  21.378 +     policy_op_t op;
  21.379 +     int ret;
  21.380 +
  21.381 +     memset(pull_buffer, 0x00, sizeof(pull_buffer));
  21.382 +     op.cmd = POLICY_GETPOLICY;
  21.383 +     op.u.getpolicy.pullcache = (void *)pull_buffer;
  21.384 +     op.u.getpolicy.pullcache_size = sizeof(pull_buffer);
  21.385 +     ret = do_policy_op(xc_handle, &op);
  21.386 +     /* dump policy  */
  21.387 +     acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer));
  21.388 +     return ret;
  21.389 +}
  21.390 +
  21.391 +/************************ load binary policy ******************************/
  21.392 +
  21.393 +int acm_domain_loadpolicy(int xc_handle,
  21.394 +                          const char *filename)
  21.395 +{
  21.396 +     struct stat mystat;
  21.397 +     int ret, fd;
  21.398 +     off_t len;
  21.399 +     u8 *buffer;
  21.400 +
  21.401 +     if ((ret = stat(filename, &mystat))) {
  21.402 +	     printf("File %s not found.\n",filename);
  21.403 +	     goto out;
  21.404 +     }
  21.405 +
  21.406 +     len = mystat.st_size;
  21.407 +     if ((buffer = malloc(len)) == NULL) {
  21.408 +	     ret = -ENOMEM;
  21.409 +	     goto out;
  21.410 +     }
  21.411 +     if ((fd = open(filename, O_RDONLY)) <= 0) {
  21.412 +	     ret = -ENOENT;
  21.413 +	     printf("File %s not found.\n",filename);
  21.414 +	     goto free_out;
  21.415 +     }
  21.416 +     if (len == read(fd, buffer, len)) {
  21.417 +	     policy_op_t op;
  21.418 +	     /* dump it and then push it down into xen/acm */
  21.419 +	     acm_dump_policy_buffer(buffer, len);
  21.420 +	     op.cmd = POLICY_SETPOLICY;
  21.421 +	     op.u.setpolicy.pushcache = (void *)buffer;
  21.422 +	     op.u.setpolicy.pushcache_size = len;
  21.423 +	     op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  21.424 +	     ret = do_policy_op(xc_handle, &op);
  21.425 +                     
  21.426 +	     if (ret)
  21.427 +		     printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
  21.428 +	     else
  21.429 +		     printf("Successfully changed policy.\n");
  21.430 +                     
  21.431 +     } else {
  21.432 +	     ret = -1;
  21.433 +     }
  21.434 +     close(fd);
  21.435 + free_out:
  21.436 +     free(buffer);
  21.437 + out:
  21.438 +     return ret;
  21.439 +}
  21.440 +
  21.441 +/************************ dump hook statistics ******************************/
  21.442 +void 
  21.443 +dump_ste_stats(struct acm_ste_stats_buffer *ste_stats)
  21.444 +{
  21.445 +    printf("STE-Policy Security Hook Statistics:\n");
  21.446 +    printf("ste: event_channel eval_count      = %d\n", ntohl(ste_stats->ec_eval_count));
  21.447 +    printf("ste: event_channel denied_count    = %d\n", ntohl(ste_stats->ec_denied_count)); 
  21.448 +    printf("ste: event_channel cache_hit_count = %d\n", ntohl(ste_stats->ec_cachehit_count));
  21.449 +    printf("ste:\n");
  21.450 +    printf("ste: grant_table   eval_count      = %d\n", ntohl(ste_stats->gt_eval_count));
  21.451 +    printf("ste: grant_table   denied_count    = %d\n", ntohl(ste_stats->gt_denied_count)); 
  21.452 +    printf("ste: grant_table   cache_hit_count = %d\n", ntohl(ste_stats->gt_cachehit_count));
  21.453 +}
  21.454 +
  21.455 +#define PULL_STATS_SIZE		8192
  21.456 +int acm_domain_dumpstats(int xc_handle)
  21.457 +{
  21.458 +    u8 stats_buffer[PULL_STATS_SIZE];
  21.459 +    policy_op_t op;
  21.460 +    int ret;
  21.461 +    struct acm_stats_buffer *stats;
  21.462 +
  21.463 +    memset(stats_buffer, 0x00, sizeof(stats_buffer));
  21.464 +    op.cmd = POLICY_DUMPSTATS;
  21.465 +    op.u.dumpstats.pullcache = (void *)stats_buffer;
  21.466 +    op.u.dumpstats.pullcache_size = sizeof(stats_buffer);
  21.467 +    ret = do_policy_op(xc_handle, &op);
  21.468 +
  21.469 +    if (ret < 0) {
  21.470 +	printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); 
  21.471 +	return ret;
  21.472 +    }
  21.473 +    stats = (struct acm_stats_buffer *)stats_buffer;
  21.474 +
  21.475 +    printf("\nPolicy dump:\n");
  21.476 +    printf("============\n");
  21.477 +    printf("Magic     = %x.\n", ntohl(stats->magic));
  21.478 +    printf("PolVer    = %x.\n", ntohl(stats->policyversion));
  21.479 +    printf("Len       = %x.\n", ntohl(stats->len));
  21.480 +
  21.481 +    switch(ntohs(stats->primary_policy_code)) {
  21.482 +    case ACM_NULL_POLICY:
  21.483 +	    printf("NULL Policy: No statistics apply.\n");
  21.484 +	    break;
  21.485 +    case ACM_CHINESE_WALL_POLICY:
  21.486 +	    printf("Chinese Wall Policy: No statistics apply.\n");
  21.487 +	    break;
  21.488 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  21.489 +	    dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->primary_stats_offset)));
  21.490 +	    break;
  21.491 +    default:
  21.492 +	    printf("UNKNOWN PRIMARY POLICY ERROR!\n");
  21.493 +    }
  21.494 +    switch(ntohs(stats->secondary_policy_code)) {
  21.495 +    case ACM_NULL_POLICY:
  21.496 +	    printf("NULL Policy: No statistics apply.\n");
  21.497 +	    break;
  21.498 +    case ACM_CHINESE_WALL_POLICY:
  21.499 +	    printf("Chinese Wall Policy: No statistics apply.\n");
  21.500 +	    break;
  21.501 +    case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
  21.502 +	    dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->secondary_stats_offset)));
  21.503 +	    break;
  21.504 +    default:
  21.505 +	    printf("UNKNOWN SECONDARY POLICY ERROR!\n");
  21.506 +    }                
  21.507 +    return ret;
  21.508 +}
  21.509 +
  21.510 +/***************************** main **************************************/
  21.511 +
  21.512 +void
  21.513 +usage(char *progname){
  21.514 +	printf("Use: %s \n"
  21.515 +	       "\t setpolicy\n"
  21.516 +	       "\t getpolicy\n"
  21.517 +	       "\t dumpstats\n"
  21.518 +	       "\t loadpolicy <binary policy file>\n", progname);
  21.519 +	exit(-1);
  21.520 +}
  21.521 +
  21.522 +int
  21.523 +main(int argc, char **argv) {
  21.524 +
  21.525 +	int policycmd_fd;
  21.526 +
  21.527 +	if (argc < 2)
  21.528 +		usage(argv[0]);
  21.529 +		
  21.530 +	if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) {
  21.531 +		    printf("ERROR: Could not open xen policycmd device!\n");
  21.532 +		    exit(-1);
  21.533 +	}
  21.534 +	    
  21.535 +	if (!strcmp(argv[1], "setpolicy")) {
  21.536 +		if (argc != 2)
  21.537 +			usage(argv[0]);
  21.538 +		acm_domain_setpolicy(policycmd_fd);
  21.539 +
  21.540 +	} else if (!strcmp(argv[1], "getpolicy")) {
  21.541 +		if (argc != 2)
  21.542 +			usage(argv[0]);
  21.543 +		acm_domain_getpolicy(policycmd_fd);
  21.544 +
  21.545 +	} else if (!strcmp(argv[1], "loadpolicy")) {
  21.546 +		if (argc != 3) 
  21.547 +			usage(argv[0]);
  21.548 +		acm_domain_loadpolicy(policycmd_fd, argv[2]);
  21.549 +
  21.550 +	} else if (!strcmp(argv[1], "dumpstats")) {
  21.551 +		if (argc != 2) 
  21.552 +			usage(argv[0]);
  21.553 +		acm_domain_dumpstats(policycmd_fd);
  21.554 +
  21.555 +	} else
  21.556 +		usage(argv[0]);
  21.557 +
  21.558 +	close(policycmd_fd);
  21.559 +	return 0;
  21.560 +}
    22.1 --- a/tools/python/xen/lowlevel/xc/xc.c	Sat Jun 18 00:49:11 2005 +0000
    22.2 +++ b/tools/python/xen/lowlevel/xc/xc.c	Tue Jun 21 07:02:30 2005 +0000
    22.3 @@ -78,13 +78,14 @@ static PyObject *pyxc_domain_create(PyOb
    22.4  
    22.5      u32          dom = 0;
    22.6      int          ret;
    22.7 +    u32          ssidref = 0xFFFFFFFF;
    22.8  
    22.9 -    static char *kwd_list[] = { "dom", NULL };
   22.10 +    static char *kwd_list[] = { "dom", "ssidref", NULL };
   22.11  
   22.12 -    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "|i", kwd_list, &dom))
   22.13 +    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "|ii", kwd_list, &dom, &ssidref))
   22.14          return NULL;
   22.15  
   22.16 -    if ( (ret = xc_domain_create(xc->xc_handle, &dom)) < 0 )
   22.17 +    if ( (ret = xc_domain_create(xc->xc_handle, ssidref, &dom)) < 0 )
   22.18          return PyErr_SetFromErrno(xc_error);
   22.19  
   22.20      return PyInt_FromLong(dom);
   22.21 @@ -230,7 +231,7 @@ static PyObject *pyxc_domain_getinfo(PyO
   22.22          }
   22.23                   
   22.24          info_dict = Py_BuildValue("{s:i,s:i,s:i,s:i,s:i,s:i,s:i,s:i"
   22.25 -                                  ",s:l,s:L,s:l,s:i}",
   22.26 +                                  ",s:l,s:L,s:l,s:i,s:i}",
   22.27                                    "dom",       info[i].domid,
   22.28                                    "vcpus",     info[i].vcpus,
   22.29                                    "dying",     info[i].dying,
   22.30 @@ -242,6 +243,7 @@ static PyObject *pyxc_domain_getinfo(PyO
   22.31                                    "mem_kb",    info[i].nr_pages*4,
   22.32                                    "cpu_time",  info[i].cpu_time,
   22.33                                    "maxmem_kb", info[i].max_memkb,
   22.34 +                                  "ssidref",   info[i].ssidref,
   22.35                                    "shutdown_reason", info[i].shutdown_reason);
   22.36          PyDict_SetItemString( info_dict, "vcpu_to_cpu", vcpu_list );
   22.37          PyDict_SetItemString( info_dict, "cpumap", cpumap_list );
    23.1 --- a/tools/python/xen/lowlevel/xs/xs.c	Sat Jun 18 00:49:11 2005 +0000
    23.2 +++ b/tools/python/xen/lowlevel/xs/xs.c	Tue Jun 21 07:02:30 2005 +0000
    23.3 @@ -1,7 +1,7 @@
    23.4  /* 
    23.5 -    Python interface to the Xen Store Daemon.
    23.6 -    Copyright (C) 2005 Mike Wray Hewlett-Packard
    23.7 -*/
    23.8 + * Python interface to the Xen Store Daemon.
    23.9 + * Copyright (C) 2005 Mike Wray Hewlett-Packard
   23.10 + */
   23.11  
   23.12  #include <Python.h>
   23.13  
   23.14 @@ -196,6 +196,7 @@ static PyObject *xspy_mkdir(PyObject *se
   23.15  #define xspy_rm_doc "\n"			\
   23.16  	"Remove a path.\n"			\
   23.17  	" path [string] : path to remove\n"	\
   23.18 +	"\n"					\
   23.19  	"Returns: [int] 0 on success.\n"	\
   23.20  	"Raises RuntimeError on error.\n"	\
   23.21  	"\n"
   23.22 @@ -339,13 +340,14 @@ static PyObject *xspy_set_permissions(Py
   23.23      return val;
   23.24  }
   23.25  
   23.26 -#define xspy_watch_doc "\n"					\
   23.27 -	"Watch a path, get notifications when it changes.\n"	\
   23.28 -	" path  [string] : xenstore path.\n"			\
   23.29 -	" token [string] : returned in watch notification\n"	\
   23.30 -	"\n"							\
   23.31 -	"Returns: [int] 0 on success.\n"			\
   23.32 -	"Raises RuntimeError on error.\n"			\
   23.33 +#define xspy_watch_doc "\n"						\
   23.34 +	"Watch a path, get notifications when it changes.\n"		\
   23.35 +	" path     [string] : xenstore path.\n"				\
   23.36 +	" priority [int]    : watch priority (default 0).\n"		\
   23.37 +	" token    [string] : returned in watch notification.\n"	\
   23.38 +	"\n"								\
   23.39 +	"Returns: [int] 0 on success.\n"				\
   23.40 +	"Raises RuntimeError on error.\n"				\
   23.41  	"\n"
   23.42  
   23.43  static PyObject *xspy_watch(PyObject *self, PyObject *args, PyObject *kwds)
   23.44 @@ -371,12 +373,14 @@ static PyObject *xspy_watch(PyObject *se
   23.45      return val;
   23.46  }
   23.47  
   23.48 -#define xspy_read_watch_doc "\n"		\
   23.49 -	"Read a watch notification.\n"		\
   23.50 -	" path [string]: xenstore path.\n"	\
   23.51 -	"\n"					\
   23.52 -	"Returns: [tuple] (path, token).\n"	\
   23.53 -	"Raises RuntimeError on error.\n"	\
   23.54 +#define xspy_read_watch_doc "\n"				\
   23.55 +	"Read a watch notification.\n"				\
   23.56 +	"The notification must be acknowledged by passing\n"	\
   23.57 +	"the token to acknowledge_watch().\n"			\
   23.58 +	" path [string]: xenstore path.\n"			\
   23.59 +	"\n"							\
   23.60 +	"Returns: [tuple] (path, token).\n"			\
   23.61 +	"Raises RuntimeError on error.\n"			\
   23.62  	"\n"
   23.63  
   23.64  static PyObject *xspy_read_watch(PyObject *self, PyObject *args,
   23.65 @@ -408,7 +412,7 @@ static PyObject *xspy_read_watch(PyObjec
   23.66  
   23.67  #define xspy_acknowledge_watch_doc "\n"					\
   23.68  	"Acknowledge a watch notification that has been read.\n"	\
   23.69 -	" token [string] : returned in watch notification\n"		\
   23.70 +	" token [string] : from the watch notification\n"		\
   23.71  	"\n"								\
   23.72  	"Returns: [int] 0 on success.\n"				\
   23.73  	"Raises RuntimeError on error.\n"				\
   23.74 @@ -499,7 +503,7 @@ static PyObject *xspy_transaction_start(
   23.75  #define xspy_transaction_end_doc "\n"					\
   23.76  	"End the current transaction.\n"				\
   23.77  	"Attempts to commit the transaction unless abort is true.\n"	\
   23.78 -	" abort [int]: Abort flag..\n"					\
   23.79 +	" abort [int]: abort flag (default 0).\n"			\
   23.80  	"\n"								\
   23.81  	"Returns: [int] 0 on success.\n"				\
   23.82  	"Raises RuntimeError on error.\n"				\
   23.83 @@ -556,10 +560,7 @@ static PyObject *xspy_introduce_domain(P
   23.84      if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec,
   23.85                                       &dom, &page, &port, &path))
   23.86          goto exit;
   23.87 -    printf("%s> dom=%u page=0x%08lx port=%u path=%s\n", __FUNCTION__, dom,
   23.88 -	   page, port, path);
   23.89      xsval = xs_introduce_domain(xh, dom, page, port, path);
   23.90 -    printf("%s> xsval=%d\n", __FUNCTION__, xsval);
   23.91      val = pyvalue_int(xsval);
   23.92   exit:
   23.93      return val;
   23.94 @@ -590,9 +591,7 @@ static PyObject *xspy_release_domain(PyO
   23.95      if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec,
   23.96                                       &dom))
   23.97          goto exit;
   23.98 -    printf("%s> dom=%u\n", __FUNCTION__, dom);
   23.99      xsval = xs_release_domain(xh, dom);
  23.100 -    printf("%s> xsval=%d\n", __FUNCTION__, xsval);
  23.101      val = pyvalue_int(xsval);
  23.102   exit:
  23.103      return val;
  23.104 @@ -651,6 +650,28 @@ static PyObject *xspy_shutdown(PyObject 
  23.105      return val;
  23.106  }
  23.107  
  23.108 +#define xspy_fileno_doc "\n"					\
  23.109 +	"Get the file descriptor of the xenstore socket.\n"	\
  23.110 +	"Allows an xs object to be passed to select().\n"	\
  23.111 +	"\n"							\
  23.112 +	"Returns: [int] file descriptor.\n"			\
  23.113 +	"\n"
  23.114 +
  23.115 +static PyObject *xspy_fileno(PyObject *self, PyObject *args, PyObject *kwds)
  23.116 +{
  23.117 +    static char *kwd_spec[] = { NULL };
  23.118 +    static char *arg_spec = "";
  23.119 +
  23.120 +    struct xs_handle *xh = xshandle(self);
  23.121 +    PyObject *val = NULL;
  23.122 +
  23.123 +    if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec))
  23.124 +        goto exit;
  23.125 +    val = PyInt_FromLong((xh ? xs_fileno(xh) : -1));
  23.126 + exit:
  23.127 +    return val;
  23.128 +}
  23.129 +
  23.130  #define XSPY_METH(_name) {			\
  23.131      .ml_name  = #_name,				\
  23.132      .ml_meth  = (PyCFunction) xspy_ ## _name,	\
  23.133 @@ -675,17 +696,14 @@ static PyMethodDef xshandle_methods[] = 
  23.134       XSPY_METH(release_domain),
  23.135       XSPY_METH(close),
  23.136       XSPY_METH(shutdown),
  23.137 +     XSPY_METH(fileno),
  23.138       { /* Terminator. */ },
  23.139  };
  23.140  
  23.141  static PyObject *xshandle_getattr(PyObject *self, char *name)
  23.142  {
  23.143      PyObject *val = NULL;
  23.144 -    if (strcmp(name, "fileno") == 0) {
  23.145 -        struct xs_handle *xh = xshandle(self);
  23.146 -        val = PyInt_FromLong((xh ? xs_fileno(xh) : -1));
  23.147 -    } else
  23.148 -        val = Py_FindMethod(xshandle_methods, self, name);
  23.149 +    val = Py_FindMethod(xshandle_methods, self, name);
  23.150      return val;
  23.151  }
  23.152  
  23.153 @@ -754,7 +772,7 @@ static PyMethodDef xs_methods[] = {
  23.154        "Raises RuntimeError on error.\n"
  23.155        "\n"
  23.156      },
  23.157 -    { NULL, NULL, 0, NULL }
  23.158 +    { /* Terminator. */ }
  23.159  };
  23.160  
  23.161  PyMODINIT_FUNC initxs (void)
    24.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Sat Jun 18 00:49:11 2005 +0000
    24.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Tue Jun 21 07:02:30 2005 +0000
    24.3 @@ -202,7 +202,9 @@ class XendDomainInfo:
    24.4          """
    24.5          db = parentdb.addChild(uuid)
    24.6          vm = cls(db)
    24.7 -        id = xc.domain_create()
    24.8 +        ssidref = int(sxp.child_value(config, 'ssidref'))
    24.9 +        log.debug('restoring with ssidref='+str(ssidref))
   24.10 +        id = xc.domain_create(ssidref = ssidref)
   24.11          vm.setdom(id)
   24.12          try:
   24.13              vm.restore = True
   24.14 @@ -241,6 +243,7 @@ class XendDomainInfo:
   24.15          self.start_time = None
   24.16          self.name = None
   24.17          self.memory = None
   24.18 +        self.ssidref = None
   24.19          self.image = None
   24.20  
   24.21          self.channel = None
   24.22 @@ -316,6 +319,7 @@ class XendDomainInfo:
   24.23          """
   24.24          self.info = info
   24.25          self.memory = self.info['mem_kb'] / 1024
   24.26 +        self.ssidref = self.info['ssidref']
   24.27  
   24.28      def state_set(self, state):
   24.29          self.state_updated.acquire()
   24.30 @@ -336,6 +340,7 @@ class XendDomainInfo:
   24.31          s += " id=" + str(self.id)
   24.32          s += " name=" + self.name
   24.33          s += " memory=" + str(self.memory)
   24.34 +        s += " ssidref=" + str(self.ssidref)
   24.35          console = self.getConsole()
   24.36          if console:
   24.37              s += " console=" + str(console.console_port)
   24.38 @@ -398,7 +403,8 @@ class XendDomainInfo:
   24.39          sxpr = ['domain',
   24.40                  ['id', self.id],
   24.41                  ['name', self.name],
   24.42 -                ['memory', self.memory] ]
   24.43 +                ['memory', self.memory],
   24.44 +                ['ssidref', self.ssidref] ]
   24.45          if self.uuid:
   24.46              sxpr.append(['uuid', self.uuid])
   24.47          if self.info:
   24.48 @@ -511,7 +517,7 @@ class XendDomainInfo:
   24.49              self.configure_restart()
   24.50              self.construct_image()
   24.51              self.configure()
   24.52 -            self.exportToDB()
   24.53 +            self.exportToDB(save=True)
   24.54          except Exception, ex:
   24.55              # Catch errors, cleanup and re-raise.
   24.56              print 'Domain construction error:', ex
   24.57 @@ -523,7 +529,7 @@ class XendDomainInfo:
   24.58      def register_domain(self):
   24.59          xd = get_component('xen.xend.XendDomain')
   24.60          xd._add_domain(self)
   24.61 -        self.exportToDB()
   24.62 +        self.exportToDB(save=True)
   24.63  
   24.64      def configure_cpus(self, config):
   24.65          try:
   24.66 @@ -533,6 +539,7 @@ class XendDomainInfo:
   24.67          self.memory = int(sxp.child_value(config, 'memory'))
   24.68          if self.memory is None:
   24.69              raise VmError('missing memory size')
   24.70 +        self.ssidref = int(sxp.child_value(config, 'ssidref'))
   24.71          cpu = sxp.child_value(config, 'cpu')
   24.72          if self.recreate and self.id and cpu is not None and int(cpu) >= 0:
   24.73              xc.domain_pincpu(self.id, 0, 1<<int(cpu))
   24.74 @@ -644,7 +651,7 @@ class XendDomainInfo:
   24.75      def show(self):
   24.76          """Print virtual machine info.
   24.77          """
   24.78 -        print "[VM dom=%d name=%s memory=%d" % (self.id, self.name, self.memory)
   24.79 +        print "[VM dom=%d name=%s memory=%d ssidref=%d" % (self.id, self.name, self.memory, self.ssidref)
   24.80          print "image:"
   24.81          sxp.show(self.image)
   24.82          print "]"
   24.83 @@ -660,7 +667,7 @@ class XendDomainInfo:
   24.84              cpu = int(sxp.child_value(self.config, 'cpu', '-1'))
   24.85          except:
   24.86              raise VmError('invalid cpu')
   24.87 -        id = self.image.initDomain(self.id, self.memory, cpu, self.cpu_weight)
   24.88 +        id = self.image.initDomain(self.id, self.memory, self.ssidref, cpu, self.cpu_weight)
   24.89          log.debug('init_domain> Created domain=%d name=%s memory=%d',
   24.90                    id, self.name, self.memory)
   24.91          self.setdom(id)
   24.92 @@ -1011,6 +1018,7 @@ addImageHandlerClass(VmxImageHandler)
   24.93  # Ignore the fields we already handle.
   24.94  add_config_handler('name',       vm_field_ignore)
   24.95  add_config_handler('memory',     vm_field_ignore)
   24.96 +add_config_handler('ssidref',    vm_field_ignore)
   24.97  add_config_handler('cpu',        vm_field_ignore)
   24.98  add_config_handler('cpu_weight', vm_field_ignore)
   24.99  add_config_handler('console',    vm_field_ignore)
    25.1 --- a/tools/python/xen/xend/image.py	Sat Jun 18 00:49:11 2005 +0000
    25.2 +++ b/tools/python/xen/xend/image.py	Tue Jun 21 07:02:30 2005 +0000
    25.3 @@ -111,7 +111,7 @@ class ImageHandler:
    25.4          except OSError, ex:
    25.5              log.warning("error removing bootloader file '%s': %s", f, ex)
    25.6  
    25.7 -    def initDomain(self, dom, memory, cpu, cpu_weight):
    25.8 +    def initDomain(self, dom, memory, ssidref, cpu, cpu_weight):
    25.9          """Initial domain create.
   25.10  
   25.11          @return domain id
   25.12 @@ -119,14 +119,14 @@ class ImageHandler:
   25.13  
   25.14          mem_kb = self.getDomainMemory(memory)
   25.15          if not self.vm.restore:
   25.16 -            dom = xc.domain_create(dom = dom or 0)
   25.17 +            dom = xc.domain_create(dom = dom or 0, ssidref = ssidref)
   25.18              # if bootloader, unlink here. But should go after buildDomain() ?
   25.19              if self.vm.bootloader:
   25.20                  self.unlink(self.kernel)
   25.21                  self.unlink(self.ramdisk)
   25.22              if dom <= 0:
   25.23                  raise VmError('Creating domain failed: name=%s' % self.vm.name)
   25.24 -        log.debug("initDomain: cpu=%d mem_kb=%d dom=%d", cpu, mem_kb, dom)
   25.25 +        log.debug("initDomain: cpu=%d mem_kb=%d ssidref=%d dom=%d", cpu, mem_kb, ssidref, dom)
   25.26          # xc.domain_setuuid(dom, uuid)
   25.27          xc.domain_setcpuweight(dom, cpu_weight)
   25.28          xc.domain_setmaxmem(dom, mem_kb)
    26.1 --- a/tools/python/xen/xend/server/SrvDomainDir.py	Sat Jun 18 00:49:11 2005 +0000
    26.2 +++ b/tools/python/xen/xend/server/SrvDomainDir.py	Tue Jun 21 07:02:30 2005 +0000
    26.3 @@ -142,6 +142,7 @@ class SrvDomainDir(SrvDir):
    26.4                           % (url, d.name, d.name))
    26.5                 req.write('id=%s' % d.id)
    26.6                 req.write('memory=%d'% d.memory)
    26.7 +               req.write('ssidref=%d'% d.ssidref)
    26.8                 req.write('</li>')
    26.9              req.write('</ul>')
   26.10  
    27.1 --- a/tools/python/xen/xend/server/blkif.py	Sat Jun 18 00:49:11 2005 +0000
    27.2 +++ b/tools/python/xen/xend/server/blkif.py	Tue Jun 21 07:02:30 2005 +0000
    27.3 @@ -50,6 +50,9 @@ class BlkifBackend:
    27.4      def getId(self):
    27.5          return self.id
    27.6  
    27.7 +    def getEvtchn(self):
    27.8 +        return self.evtchn
    27.9 +
   27.10      def closeEvtchn(self):
   27.11          if self.evtchn:
   27.12              channel.eventChannelClose(self.evtchn)
   27.13 @@ -198,7 +201,7 @@ class BlkDev(Dev):
   27.14          backend = self.getBackend()
   27.15          if backend and backend.evtchn:
   27.16              db = self.db.addChild("evtchn")
   27.17 -            backend.evtchn.exportToDB(db, save=save)
   27.18 +            backend.evtchn.saveToDB(db, save=save)
   27.19  
   27.20      def init(self, recreate=False, reboot=False):
   27.21          self.frontendDomain = self.getDomain()
    28.1 --- a/tools/python/xen/xend/server/netif.py	Sat Jun 18 00:49:11 2005 +0000
    28.2 +++ b/tools/python/xen/xend/server/netif.py	Tue Jun 21 07:02:30 2005 +0000
    28.3 @@ -95,7 +95,7 @@ class NetDev(Dev):
    28.4          Dev.exportToDB(self, save=save)
    28.5          if self.evtchn:
    28.6              db = self.db.addChild("evtchn")
    28.7 -            self.evtchn.exportToDB(db, save=save)
    28.8 +            self.evtchn.saveToDB(db, save=save)
    28.9  
   28.10      def init(self, recreate=False, reboot=False):
   28.11          self.destroyed = False
    29.1 --- a/tools/python/xen/xend/xenstore/xsnode.py	Sat Jun 18 00:49:11 2005 +0000
    29.2 +++ b/tools/python/xen/xend/xenstore/xsnode.py	Tue Jun 21 07:02:30 2005 +0000
    29.3 @@ -64,7 +64,7 @@ class Watcher:
    29.4  
    29.5      def fileno(self):
    29.6          if self.xs:
    29.7 -            return self.xs.fileno
    29.8 +            return self.xs.fileno()
    29.9          else:
   29.10              return -1
   29.11  
    30.1 --- a/tools/python/xen/xm/create.py	Sat Jun 18 00:49:11 2005 +0000
    30.2 +++ b/tools/python/xen/xm/create.py	Tue Jun 21 07:02:30 2005 +0000
    30.3 @@ -120,6 +120,10 @@ gopts.var('memory', val='MEMORY',
    30.4            fn=set_int, default=128,
    30.5            use="Domain memory in MB.")
    30.6  
    30.7 +gopts.var('ssidref', val='SSIDREF',
    30.8 +          fn=set_u32, default=0xffffffff,
    30.9 +          use="Security Identifier.")
   30.10 +
   30.11  gopts.var('maxmem', val='MEMORY',
   30.12            fn=set_int, default=None,
   30.13            use="Maximum domain memory in MB.")
   30.14 @@ -405,7 +409,8 @@ def make_config(opts, vals):
   30.15      
   30.16      config = ['vm',
   30.17                ['name', vals.name ],
   30.18 -              ['memory', vals.memory ]]
   30.19 +              ['memory', vals.memory ],
   30.20 +              ['ssidref', vals.ssidref ]]
   30.21      if vals.maxmem:
   30.22          config.append(['maxmem', vals.maxmem])
   30.23      if vals.cpu is not None:
    31.1 --- a/tools/python/xen/xm/main.py	Sat Jun 18 00:49:11 2005 +0000
    31.2 +++ b/tools/python/xen/xm/main.py	Tue Jun 21 07:02:30 2005 +0000
    31.3 @@ -383,7 +383,7 @@ class ProgList(Prog):
    31.4              self.brief_list(doms)
    31.5  
    31.6      def brief_list(self, doms):
    31.7 -        print 'Name              Id  Mem(MB)  CPU VCPU(s)  State  Time(s)  Console'
    31.8 +        print 'Name              Id  Mem(MB)  CPU VCPU(s)  State  Time(s)  Console  SSID-REF'
    31.9          for dom in doms:
   31.10              info = server.xend_domain(dom)
   31.11              d = {}
   31.12 @@ -399,8 +399,12 @@ class ProgList(Prog):
   31.13                  d['port'] = sxp.child_value(console, 'console_port')
   31.14              else:
   31.15                  d['port'] = ''
   31.16 -            print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   %(state)5s  %(cpu_time)7.1f     %(port)4s"
   31.17 -                   % d)
   31.18 +            if ((int(sxp.child_value(info, 'ssidref', '-1'))) != -1):
   31.19 +                d['ssidref1'] =  int(sxp.child_value(info, 'ssidref', '-1')) & 0xffff
   31.20 +                d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '-1')) >> 16) & 0xffff
   31.21 +                print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   %(state)5s  %(cpu_time)7.1f     %(port)4s    s:%(ssidref2)02x/p:%(ssidref1)02x" % d)
   31.22 +            else:
   31.23 +                print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   %(state)5s  %(cpu_time)7.1f     %(port)4s     default" % d)
   31.24  
   31.25      def show_vcpus(self, doms):
   31.26          print 'Name              Id  VCPU  CPU  CPUMAP'
    32.1 --- a/tools/python/xen/xm/opts.py	Sat Jun 18 00:49:11 2005 +0000
    32.2 +++ b/tools/python/xen/xm/opts.py	Tue Jun 21 07:02:30 2005 +0000
    32.3 @@ -451,6 +451,13 @@ def set_bool(opt, k, v):
    32.4      else:
    32.5          opt.opts.err('Invalid value:' +v)
    32.6          
    32.7 +def set_u32(opt, k, v):
    32.8 +    """Set an option to an u32 value."""
    32.9 +    try:
   32.10 +        v = u32(v)
   32.11 +    except:
   32.12 +        opt.opts.err('Invalid value: ' + str(v))
   32.13 +    opt.set(v)
   32.14  
   32.15  def set_value(opt, k, v):
   32.16      """Set an option to a value."""
    33.1 --- a/xen/Makefile	Sat Jun 18 00:49:11 2005 +0000
    33.2 +++ b/xen/Makefile	Tue Jun 21 07:02:30 2005 +0000
    33.3 @@ -46,6 +46,7 @@ clean: delete-unfresh-files
    33.4  	$(MAKE) -C tools clean
    33.5  	$(MAKE) -C common clean
    33.6  	$(MAKE) -C drivers clean
    33.7 +	$(MAKE) -C acm clean
    33.8  	$(MAKE) -C arch/$(TARGET_ARCH) clean
    33.9  	rm -f include/asm *.o $(TARGET)* *~ core
   33.10  	rm -f include/asm-*/asm-offsets.h
   33.11 @@ -58,6 +59,7 @@ clean: delete-unfresh-files
   33.12  	$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
   33.13  	$(MAKE) -C common
   33.14  	$(MAKE) -C drivers
   33.15 +	$(MAKE) -C acm
   33.16  	$(MAKE) -C arch/$(TARGET_ARCH)
   33.17  
   33.18  # drivers/char/console.o may contain static banner/compile info. Blow it away.
   33.19 @@ -109,7 +111,7 @@ include/asm-$(TARGET_ARCH)/asm-offsets.h
   33.20  
   33.21  .PHONY: default debug install dist clean delete-unfresh-files TAGS tags
   33.22  
   33.23 -SUBDIRS = arch/$(TARGET_ARCH) common drivers 
   33.24 +SUBDIRS = acm arch/$(TARGET_ARCH) common drivers 
   33.25  define all_sources
   33.26      ( find include/asm-$(TARGET_ARCH) -name SCCS -prune -o -name '*.h' -print; \
   33.27        find include -type d -name SCCS -prune -o \( -name "asm-*" -o \
    34.1 --- a/xen/Rules.mk	Sat Jun 18 00:49:11 2005 +0000
    34.2 +++ b/xen/Rules.mk	Tue Jun 21 07:02:30 2005 +0000
    34.3 @@ -35,6 +35,7 @@ OBJS    += $(patsubst %.c,%.o,$(C_SRCS))
    34.4  ALL_OBJS := $(BASEDIR)/common/common.o
    34.5  ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
    34.6  ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
    34.7 +ALL_OBJS += $(BASEDIR)/acm/acm.o
    34.8  ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
    34.9  
   34.10  
    35.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    35.2 +++ b/xen/acm/Makefile	Tue Jun 21 07:02:30 2005 +0000
    35.3 @@ -0,0 +1,15 @@
    35.4 +
    35.5 +include $(BASEDIR)/Rules.mk
    35.6 +OBJS =  acm_core.o 
    35.7 +OBJS += acm_policy.o
    35.8 +OBJS += acm_simple_type_enforcement_hooks.o
    35.9 +OBJS += acm_chinesewall_hooks.o
   35.10 +OBJS += acm_null_hooks.o
   35.11 +
   35.12 +default: acm.o
   35.13 +
   35.14 +acm.o: $(OBJS)
   35.15 +	$(LD) $(LDFLAGS) -r -o acm.o $(OBJS)
   35.16 +
   35.17 +clean:
   35.18 +	rm -f *.o *~ core
    36.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    36.2 +++ b/xen/acm/acm_chinesewall_hooks.c	Tue Jun 21 07:02:30 2005 +0000
    36.3 @@ -0,0 +1,503 @@
    36.4 +/****************************************************************
    36.5 + * acm_chinesewall_hooks.c
    36.6 + * 
    36.7 + * Copyright (C) 2005 IBM Corporation
    36.8 + *
    36.9 + * Author:
   36.10 + * Reiner Sailer <sailer@watson.ibm.com>
   36.11 + *
   36.12 + * Contributions:
   36.13 + * Stefan Berger <stefanb@watson.ibm.com>
   36.14 + *
   36.15 + * This program is free software; you can redistribute it and/or
   36.16 + * modify it under the terms of the GNU General Public License as
   36.17 + * published by the Free Software Foundation, version 2 of the
   36.18 + * License.
   36.19 + *
   36.20 + * sHype Chinese Wall Policy for Xen
   36.21 + *    This code implements the hooks that are called
   36.22 + *    throughout Xen operations and decides authorization
   36.23 + *    based on domain types and Chinese Wall conflict type 
   36.24 + *    sets. The CHWALL policy decides if a new domain can be started
   36.25 + *    based on the types of running domains and the type of the
   36.26 + *    new domain to be started. If the new domain's type is in
   36.27 + *    conflict with types of running domains, then this new domain
   36.28 + *    is not allowed to be created. A domain can have multiple types,
   36.29 + *    in which case all types of a new domain must be conflict-free
   36.30 + *    with all types of already running domains.
   36.31 + *
   36.32 + */
   36.33 +#include <xen/config.h>
   36.34 +#include <xen/errno.h>
   36.35 +#include <xen/types.h>
   36.36 +#include <xen/lib.h>
   36.37 +#include <xen/delay.h>
   36.38 +#include <xen/sched.h>
   36.39 +#include <public/acm.h>
   36.40 +#include <asm/atomic.h>
   36.41 +#include <acm/acm_core.h>
   36.42 +#include <acm/acm_hooks.h>
   36.43 +#include <acm/acm_endian.h>
   36.44 +
   36.45 +/* local cache structures for chinese wall policy */
   36.46 +struct chwall_binary_policy chwall_bin_pol;
   36.47 +
   36.48 +/*
   36.49 + * Initializing chinese wall policy (will be filled by policy partition
   36.50 + * using setpolicy command)
   36.51 + */
   36.52 +int acm_init_chwall_policy(void)
   36.53 +{
   36.54 +	/* minimal startup policy; policy write-locked already */
   36.55 +	chwall_bin_pol.max_types = 1;
   36.56 +	chwall_bin_pol.max_ssidrefs = 1;
   36.57 +	chwall_bin_pol.max_conflictsets = 1;
   36.58 +	chwall_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types);
   36.59 +	chwall_bin_pol.conflict_sets = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types);
   36.60 +	chwall_bin_pol.running_types = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_types);
   36.61 +	chwall_bin_pol.conflict_aggregate_set = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_types);
   36.62 +	
   36.63 +	if ((chwall_bin_pol.conflict_sets == NULL) || (chwall_bin_pol.running_types == NULL) ||
   36.64 +	    (chwall_bin_pol.ssidrefs == NULL) || (chwall_bin_pol.conflict_aggregate_set == NULL))
   36.65 +		return ACM_INIT_SSID_ERROR;
   36.66 +
   36.67 +	/* initialize state */
   36.68 +	memset((void *)chwall_bin_pol.ssidrefs, 0, chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types*sizeof(domaintype_t));
   36.69 +	memset((void *)chwall_bin_pol.conflict_sets, 0, chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types*sizeof(domaintype_t));
   36.70 +	memset((void *)chwall_bin_pol.running_types, 0, chwall_bin_pol.max_types*sizeof(domaintype_t));
   36.71 +	memset((void *)chwall_bin_pol.conflict_aggregate_set, 0, chwall_bin_pol.max_types*sizeof(domaintype_t));	
   36.72 +	return ACM_OK;
   36.73 +}
   36.74 +
   36.75 +static int
   36.76 +chwall_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref)
   36.77 +{
   36.78 +	struct chwall_ssid *chwall_ssidp = xmalloc(struct chwall_ssid);
   36.79 +	traceprintk("%s.\n", __func__);
   36.80 +	if (chwall_ssidp == NULL)
   36.81 +		return ACM_INIT_SSID_ERROR;
   36.82 +	/* 
   36.83 +	 * depending on wheter chwall is primary or secondary, get the respective
   36.84 +	 * part of the global ssidref (same way we'll get the partial ssid pointer)
   36.85 +	 */
   36.86 +	chwall_ssidp->chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
   36.87 +	if (chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) {
   36.88 +		printkd("%s: ERROR chwall_ssidref(%x) > max(%x).\n",
   36.89 +			__func__, chwall_ssidp->chwall_ssidref, chwall_bin_pol.max_ssidrefs-1);
   36.90 +		xfree(chwall_ssidp);
   36.91 +		return ACM_INIT_SSID_ERROR;
   36.92 +	}
   36.93 +	(*chwall_ssid) = chwall_ssidp;
   36.94 +	printkd("%s: determined chwall_ssidref to %x.\n", 
   36.95 +	       __func__, chwall_ssidp->chwall_ssidref);
   36.96 +	return ACM_OK;
   36.97 +}
   36.98 +
   36.99 +static void
  36.100 +chwall_free_domain_ssid(void *chwall_ssid)
  36.101 +{
  36.102 +	traceprintk("%s.\n", __func__);
  36.103 +	if (chwall_ssid != NULL)
  36.104 +		xfree(chwall_ssid);
  36.105 +	return;
  36.106 +}
  36.107 +
  36.108 +
  36.109 +/* dump chinese wall cache; policy read-locked already */
  36.110 +static int
  36.111 +chwall_dump_policy(u8 *buf, u16 buf_size) {	
  36.112 +     struct acm_chwall_policy_buffer *chwall_buf = (struct acm_chwall_policy_buffer *)buf;
  36.113 +     int ret = 0;
  36.114 +
  36.115 +     chwall_buf->chwall_max_types = htons(chwall_bin_pol.max_types);
  36.116 +     chwall_buf->chwall_max_ssidrefs = htons(chwall_bin_pol.max_ssidrefs);
  36.117 +     chwall_buf->policy_code = htons(ACM_CHINESE_WALL_POLICY);
  36.118 +     chwall_buf->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer));
  36.119 +     chwall_buf->chwall_max_conflictsets = htons(chwall_bin_pol.max_conflictsets);
  36.120 +     chwall_buf->chwall_conflict_sets_offset =
  36.121 +	     htons(
  36.122 +		   ntohs(chwall_buf->chwall_ssid_offset) + 
  36.123 +		   sizeof(domaintype_t) * chwall_bin_pol.max_ssidrefs * 
  36.124 +		   chwall_bin_pol.max_types);
  36.125 +
  36.126 +     chwall_buf->chwall_running_types_offset = 
  36.127 +	     htons(
  36.128 +		   ntohs(chwall_buf->chwall_conflict_sets_offset) +
  36.129 +		   sizeof(domaintype_t) * chwall_bin_pol.max_conflictsets *
  36.130 +		   chwall_bin_pol.max_types);
  36.131 +
  36.132 +     chwall_buf->chwall_conflict_aggregate_offset =
  36.133 +	     htons(
  36.134 +		   ntohs(chwall_buf->chwall_running_types_offset) +
  36.135 +		   sizeof(domaintype_t) * chwall_bin_pol.max_types);
  36.136 +
  36.137 +     ret = ntohs(chwall_buf->chwall_conflict_aggregate_offset) +
  36.138 +	     sizeof(domaintype_t) * chwall_bin_pol.max_types;
  36.139 +
  36.140 +     /* now copy buffers over */
  36.141 +     arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_ssid_offset)),
  36.142 +	      chwall_bin_pol.ssidrefs,
  36.143 +	      chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types);
  36.144 +
  36.145 +     arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_sets_offset)),
  36.146 +	      chwall_bin_pol.conflict_sets,
  36.147 +	      chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types);
  36.148 +
  36.149 +     arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_running_types_offset)),
  36.150 +	      chwall_bin_pol.running_types,
  36.151 +	      chwall_bin_pol.max_types);
  36.152 +
  36.153 +     arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_aggregate_offset)),
  36.154 +	      chwall_bin_pol.conflict_aggregate_set,
  36.155 +	      chwall_bin_pol.max_types);
  36.156 +     return ret;
  36.157 +}
  36.158 +
  36.159 +/* adapt security state (running_types and conflict_aggregate_set) to all running
  36.160 + * domains; chwall_init_state is called when a policy is changed to bring the security
  36.161 + * information into a consistent state and to detect violations (return != 0).
  36.162 + * from a security point of view, we simulate that all running domains are re-started
  36.163 + */ 
  36.164 +static int
  36.165 +chwall_init_state(struct acm_chwall_policy_buffer *chwall_buf, domaintype_t *ssidrefs, domaintype_t *conflict_sets,
  36.166 +		  domaintype_t *running_types, domaintype_t *conflict_aggregate_set)
  36.167 +{
  36.168 +	int violation = 0, i, j;
  36.169 +	struct chwall_ssid *chwall_ssid;
  36.170 +	ssidref_t chwall_ssidref;
  36.171 +	struct domain **pd;
  36.172 +
  36.173 +        write_lock(&domlist_lock);
  36.174 +	/* go through all domains and adjust policy as if this domain was started now */
  36.175 +        pd = &domain_list;
  36.176 +        for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
  36.177 +		chwall_ssid = GET_SSIDP(ACM_CHINESE_WALL_POLICY, (struct acm_ssid_domain *)(*pd)->ssid);
  36.178 +		chwall_ssidref = chwall_ssid->chwall_ssidref;
  36.179 +		traceprintk("%s: validating policy for domain %x (chwall-REF=%x).\n", 
  36.180 +			__func__, (*pd)->domain_id, chwall_ssidref);
  36.181 +		/* a) adjust types ref-count for running domains */
  36.182 +		for (i=0; i< chwall_buf->chwall_max_types; i++)
  36.183 +			running_types[i] +=
  36.184 +				ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + i];
  36.185 +
  36.186 +		/* b) check for conflict */
  36.187 +		for (i=0; i< chwall_buf->chwall_max_types; i++)
  36.188 +			if (conflict_aggregate_set[i] && 
  36.189 +			    ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + i]) {
  36.190 +				printk("%s: CHINESE WALL CONFLICT in type %02x.\n", __func__, i);
  36.191 +				violation = 1;
  36.192 +				goto out;
  36.193 +			}
  36.194 +		/* set violation and break out of the loop */
  36.195 +		/* c) adapt conflict aggregate set for this domain (notice conflicts) */
  36.196 +		for (i=0; i<chwall_buf->chwall_max_conflictsets; i++) {
  36.197 +			int common = 0;
  36.198 +			/* check if conflict_set_i and ssidref have common types */
  36.199 +			for (j=0; j<chwall_buf->chwall_max_types; j++)
  36.200 +				if (conflict_sets[i*chwall_buf->chwall_max_types + j] &&
  36.201 +				    ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + j]) {
  36.202 +					common = 1;
  36.203 +					break;
  36.204 +				}
  36.205 +			if (common == 0)
  36.206 +				continue; /* try next conflict set */
  36.207 +			/* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */
  36.208 +			for (j=0; j<chwall_buf->chwall_max_types; j++)
  36.209 +				if (conflict_sets[i*chwall_buf->chwall_max_types + j] &&
  36.210 +				    !ssidrefs[chwall_ssidref*chwall_buf->chwall_max_types + j])
  36.211 +					conflict_aggregate_set[j]++;
  36.212 +		}	
  36.213 +	}
  36.214 + out:
  36.215 +        write_unlock(&domlist_lock);
  36.216 +	return violation;
  36.217 +	/* returning "violation != 0" means that the currently running set of domains would 
  36.218 +	 * not be possible if the new policy had been enforced before starting them; for chinese
  36.219 +	 * wall, this means that the new policy includes at least one conflict set of which 
  36.220 +	 * more than one type is currently running */
  36.221 +}
  36.222 +
  36.223 +static int
  36.224 +chwall_set_policy(u8 *buf, u16 buf_size) 
  36.225 +{	
  36.226 +	/* policy write-locked already */
  36.227 +	struct acm_chwall_policy_buffer *chwall_buf = (struct acm_chwall_policy_buffer *)buf;
  36.228 +	void *ssids = NULL, *conflict_sets = NULL, *running_types = NULL, *conflict_aggregate_set = NULL;	
  36.229 +
  36.230 +        /* rewrite the policy due to endianess */
  36.231 +        chwall_buf->policy_code                      = ntohs(chwall_buf->policy_code);
  36.232 +        chwall_buf->chwall_max_types                 = ntohs(chwall_buf->chwall_max_types);
  36.233 +        chwall_buf->chwall_max_ssidrefs              = ntohs(chwall_buf->chwall_max_ssidrefs);
  36.234 +        chwall_buf->chwall_max_conflictsets          = ntohs(chwall_buf->chwall_max_conflictsets);
  36.235 +        chwall_buf->chwall_ssid_offset               = ntohs(chwall_buf->chwall_ssid_offset);
  36.236 +        chwall_buf->chwall_conflict_sets_offset      = ntohs(chwall_buf->chwall_conflict_sets_offset);
  36.237 +        chwall_buf->chwall_running_types_offset      = ntohs(chwall_buf->chwall_running_types_offset);
  36.238 +        chwall_buf->chwall_conflict_aggregate_offset = ntohs(chwall_buf->chwall_conflict_aggregate_offset);
  36.239 +
  36.240 +	/* 1. allocate new buffers */
  36.241 +	ssids = xmalloc_array(domaintype_t, chwall_buf->chwall_max_types*chwall_buf->chwall_max_ssidrefs);
  36.242 +	conflict_sets = xmalloc_array(domaintype_t, chwall_buf->chwall_max_conflictsets*chwall_buf->chwall_max_types);
  36.243 +	running_types = xmalloc_array(domaintype_t,chwall_buf->chwall_max_types);
  36.244 +	conflict_aggregate_set = xmalloc_array(domaintype_t, chwall_buf->chwall_max_types);
  36.245 +
  36.246 +	if ((ssids == NULL)||(conflict_sets == NULL)||(running_types == NULL)||(conflict_aggregate_set == NULL))
  36.247 +		goto error_free;
  36.248 +
  36.249 +	/* 2. set new policy */
  36.250 +	if (chwall_buf->chwall_ssid_offset + sizeof(domaintype_t) * 
  36.251 +	    chwall_buf->chwall_max_types * chwall_buf->chwall_max_ssidrefs > buf_size)
  36.252 +		goto error_free;
  36.253 +	arrcpy(ssids, buf + chwall_buf->chwall_ssid_offset,
  36.254 +	       sizeof(domaintype_t),  
  36.255 +	       chwall_buf->chwall_max_types * chwall_buf->chwall_max_ssidrefs);
  36.256 +
  36.257 +	if (chwall_buf->chwall_conflict_sets_offset + sizeof(domaintype_t) * 
  36.258 +	    chwall_buf->chwall_max_types * chwall_buf->chwall_max_conflictsets > buf_size)
  36.259 +		goto error_free;
  36.260 +
  36.261 +	arrcpy(conflict_sets, buf + chwall_buf->chwall_conflict_sets_offset,
  36.262 +	       sizeof(domaintype_t),
  36.263 +	       chwall_buf->chwall_max_types * chwall_buf->chwall_max_conflictsets);
  36.264 +
  36.265 +	/* we also use new state buffers since max_types can change */
  36.266 +	memset(running_types, 0, sizeof(domaintype_t)*chwall_buf->chwall_max_types);
  36.267 +	memset(conflict_aggregate_set, 0, sizeof(domaintype_t)*chwall_buf->chwall_max_types);
  36.268 +
  36.269 +	/* 3. now re-calculate the state for the new policy based on running domains; 
  36.270 +	 *    this can fail if new policy is conflicting with running domains */
  36.271 +	if (chwall_init_state(chwall_buf, ssids, conflict_sets, running_types, conflict_aggregate_set)) {
  36.272 +		printk("%s: New policy conflicts with running domains. Policy load aborted.\n", __func__);
  36.273 +		goto error_free; /* new policy conflicts with running domains */
  36.274 +	}
  36.275 +	/* 4. free old policy buffers, replace with new ones */
  36.276 +	chwall_bin_pol.max_types = chwall_buf->chwall_max_types;
  36.277 +	chwall_bin_pol.max_ssidrefs = chwall_buf->chwall_max_ssidrefs;
  36.278 +	chwall_bin_pol.max_conflictsets = chwall_buf->chwall_max_conflictsets;
  36.279 +	if (chwall_bin_pol.ssidrefs != NULL) 
  36.280 +		xfree(chwall_bin_pol.ssidrefs);
  36.281 +	if (chwall_bin_pol.conflict_aggregate_set != NULL) 
  36.282 +		xfree(chwall_bin_pol.conflict_aggregate_set);
  36.283 +	if (chwall_bin_pol.running_types != NULL) 
  36.284 +		xfree(chwall_bin_pol.running_types);
  36.285 +	if (chwall_bin_pol.conflict_sets != NULL) 
  36.286 +		xfree(chwall_bin_pol.conflict_sets);
  36.287 +	chwall_bin_pol.ssidrefs = ssids;
  36.288 +	chwall_bin_pol.conflict_aggregate_set = conflict_aggregate_set;
  36.289 +	chwall_bin_pol.running_types = running_types;
  36.290 +	chwall_bin_pol.conflict_sets = conflict_sets;
  36.291 +	return ACM_OK;
  36.292 +
  36.293 +error_free:
  36.294 +	printk("%s: ERROR setting policy.\n", __func__);
  36.295 +	if (ssids != NULL) xfree(ssids);
  36.296 +	if (conflict_sets != NULL) xfree(conflict_sets);
  36.297 +	if (running_types != NULL) xfree(running_types);
  36.298 +	if (conflict_aggregate_set != NULL) xfree(conflict_aggregate_set);
  36.299 +	return -EFAULT;
  36.300 +}
  36.301 +	
  36.302 +static int 
  36.303 +chwall_dump_stats(u8 *buf, u16 len)
  36.304 +{
  36.305 +	/* no stats for Chinese Wall Policy */
  36.306 +	return 0;
  36.307 +}
  36.308 +
  36.309 +/***************************
  36.310 + * Authorization functions
  36.311 + ***************************/
  36.312 +
  36.313 +
  36.314 +/* -------- DOMAIN OPERATION HOOKS -----------*/
  36.315 +
  36.316 +static int 
  36.317 +chwall_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
  36.318 +{
  36.319 +	ssidref_t chwall_ssidref;
  36.320 +	int i,j;
  36.321 +	traceprintk("%s.\n", __func__);
  36.322 +
  36.323 +	read_lock(&acm_bin_pol_rwlock);
  36.324 +	chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
  36.325 +	if (chwall_ssidref == ACM_DEFAULT_LOCAL_SSID) {
  36.326 +		printk("%s: ERROR CHWALL SSID is NOT SET but policy enforced.\n", __func__);
  36.327 +		read_unlock(&acm_bin_pol_rwlock);
  36.328 +		return ACM_ACCESS_DENIED; /* catching and indicating config error */
  36.329 +	}
  36.330 +	if (chwall_ssidref >= chwall_bin_pol.max_ssidrefs) {
  36.331 +		printk("%s: ERROR chwall_ssidref > max(%x).\n",
  36.332 +		       __func__, chwall_bin_pol.max_ssidrefs-1);
  36.333 +		read_unlock(&acm_bin_pol_rwlock);
  36.334 +		return ACM_ACCESS_DENIED;
  36.335 +	}
  36.336 +	/* A: chinese wall check for conflicts */
  36.337 +	for (i=0; i< chwall_bin_pol.max_types; i++)
  36.338 +		if (chwall_bin_pol.conflict_aggregate_set[i] && 
  36.339 +		    chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + i]) {
  36.340 +			printk("%s: CHINESE WALL CONFLICT in type %02x.\n", __func__, i);
  36.341 +			read_unlock(&acm_bin_pol_rwlock);
  36.342 +		        return ACM_ACCESS_DENIED;
  36.343 +		}
  36.344 +
  36.345 +	/* B: chinese wall conflict set adjustment (so that other 
  36.346 +	 *	other domains simultaneously created are evaluated against this new set)*/
  36.347 +	for (i=0; i<chwall_bin_pol.max_conflictsets; i++) {
  36.348 +		int common = 0;
  36.349 +		/* check if conflict_set_i and ssidref have common types */
  36.350 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.351 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.352 +			    chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) {
  36.353 +				common = 1;
  36.354 +				break;
  36.355 +			}
  36.356 +		if (common == 0)
  36.357 +			continue; /* try next conflict set */
  36.358 +		/* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */
  36.359 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.360 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.361 +			    !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j])
  36.362 +				chwall_bin_pol.conflict_aggregate_set[j]++;
  36.363 +	}
  36.364 +	read_unlock(&acm_bin_pol_rwlock);
  36.365 +	return ACM_ACCESS_PERMITTED;
  36.366 +}
  36.367 +
  36.368 +static void
  36.369 +chwall_post_domain_create(domid_t domid, ssidref_t ssidref)
  36.370 +{
  36.371 +	int i,j;
  36.372 +	ssidref_t chwall_ssidref;
  36.373 +	traceprintk("%s.\n", __func__);
  36.374 +	
  36.375 +	read_lock(&acm_bin_pol_rwlock);
  36.376 +	chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
  36.377 +	/* adjust types ref-count for running domains */
  36.378 +	for (i=0; i< chwall_bin_pol.max_types; i++)
  36.379 +		chwall_bin_pol.running_types[i] +=
  36.380 +			chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + i];
  36.381 +	if (domid) {
  36.382 +		read_unlock(&acm_bin_pol_rwlock);
  36.383 +		return;
  36.384 +	}
  36.385 +	/* Xen does not call pre-create hook for DOM0;
  36.386 +	 * to consider type conflicts of any domain with DOM0, we need
  36.387 +	 * to adjust the conflict_aggregate for DOM0 here the same way it
  36.388 +	 * is done for non-DOM0 domains in the pre-hook */
  36.389 +	printkd("%s: adjusting security state for DOM0 (ssidref=%x, chwall_ssidref=%x).\n", 
  36.390 +		__func__, ssidref, chwall_ssidref);
  36.391 +
  36.392 +	/* chinese wall conflict set adjustment (so that other 
  36.393 +	 *	other domains simultaneously created are evaluated against this new set)*/
  36.394 +	for (i=0; i<chwall_bin_pol.max_conflictsets; i++) {
  36.395 +		int common = 0;
  36.396 +		/* check if conflict_set_i and ssidref have common types */
  36.397 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.398 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.399 +			    chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) {
  36.400 +				common = 1;
  36.401 +				break;
  36.402 +			}
  36.403 +		if (common == 0)
  36.404 +			continue; /* try next conflict set */
  36.405 +		/* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */
  36.406 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.407 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.408 +			    !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j])
  36.409 +				chwall_bin_pol.conflict_aggregate_set[j]++;
  36.410 +	}
  36.411 +	read_unlock(&acm_bin_pol_rwlock);
  36.412 +	return;
  36.413 +}
  36.414 +
  36.415 +static void
  36.416 +chwall_fail_domain_create(void *subject_ssid, ssidref_t ssidref)
  36.417 +{
  36.418 +	int i, j;
  36.419 +	ssidref_t chwall_ssidref;
  36.420 +	traceprintk("%s.\n", __func__);
  36.421 +
  36.422 +	read_lock(&acm_bin_pol_rwlock);
  36.423 +	chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
  36.424 +	/* roll-back: re-adjust conflicting types aggregate */
  36.425 +	for (i=0; i<chwall_bin_pol.max_conflictsets; i++) {
  36.426 +		int common = 0;
  36.427 +		/* check if conflict_set_i and ssidref have common types */
  36.428 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.429 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.430 +			    chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) {
  36.431 +				common = 1;
  36.432 +				break;
  36.433 +			}
  36.434 +		if (common == 0)
  36.435 +			continue; /* try next conflict set, this one does not include any type of chwall_ssidref */
  36.436 +		/* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */
  36.437 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.438 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.439 +			    !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j])
  36.440 +				chwall_bin_pol.conflict_aggregate_set[j]--;
  36.441 +	}
  36.442 +	read_unlock(&acm_bin_pol_rwlock);
  36.443 +}
  36.444 +
  36.445 +
  36.446 +static void
  36.447 +chwall_post_domain_destroy(void *object_ssid, domid_t id) 
  36.448 +{
  36.449 +	int i,j;
  36.450 +	struct chwall_ssid *chwall_ssidp = 
  36.451 +		GET_SSIDP(ACM_CHINESE_WALL_POLICY, (struct acm_ssid_domain *)object_ssid);
  36.452 +	ssidref_t chwall_ssidref = chwall_ssidp->chwall_ssidref;
  36.453 +
  36.454 +	traceprintk("%s.\n", __func__);
  36.455 +
  36.456 +	read_lock(&acm_bin_pol_rwlock);
  36.457 +	/* adjust running types set */
  36.458 +	for (i=0; i< chwall_bin_pol.max_types; i++)
  36.459 +		chwall_bin_pol.running_types[i] -=
  36.460 +			chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + i];
  36.461 +
  36.462 +	/* roll-back: re-adjust conflicting types aggregate */
  36.463 +	for (i=0; i<chwall_bin_pol.max_conflictsets; i++) {
  36.464 +		int common = 0;
  36.465 +		/* check if conflict_set_i and ssidref have common types */
  36.466 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.467 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.468 +			    chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j]) {
  36.469 +				common = 1;
  36.470 +				break;
  36.471 +			}
  36.472 +		if (common == 0)
  36.473 +			continue; /* try next conflict set, this one does not include any type of chwall_ssidref */
  36.474 +		/* now add types of the conflict set to conflict_aggregate_set (except types in chwall_ssidref) */
  36.475 +		for (j=0; j<chwall_bin_pol.max_types; j++)
  36.476 +			if (chwall_bin_pol.conflict_sets[i*chwall_bin_pol.max_types + j] &&
  36.477 +			    !chwall_bin_pol.ssidrefs[chwall_ssidref*chwall_bin_pol.max_types + j])
  36.478 +				chwall_bin_pol.conflict_aggregate_set[j]--;
  36.479 +	}
  36.480 +	read_unlock(&acm_bin_pol_rwlock);
  36.481 +	return;
  36.482 +}
  36.483 +
  36.484 +struct acm_operations acm_chinesewall_ops = {
  36.485 +	/* policy management services */
  36.486 +	.init_domain_ssid		= chwall_init_domain_ssid,
  36.487 +	.free_domain_ssid		= chwall_free_domain_ssid,
  36.488 +	.dump_binary_policy		= chwall_dump_policy,
  36.489 +	.set_binary_policy		= chwall_set_policy,
  36.490 +	.dump_statistics		= chwall_dump_stats,
  36.491 +	/* domain management control hooks */
  36.492 +	.pre_domain_create     		= chwall_pre_domain_create,
  36.493 +	.post_domain_create		= chwall_post_domain_create,
  36.494 +	.fail_domain_create		= chwall_fail_domain_create,
  36.495 +	.post_domain_destroy		= chwall_post_domain_destroy,
  36.496 +	/* event channel control hooks */
  36.497 +	.pre_eventchannel_unbound      	= NULL,
  36.498 +	.fail_eventchannel_unbound	= NULL,
  36.499 +	.pre_eventchannel_interdomain	= NULL,
  36.500 +	.fail_eventchannel_interdomain  = NULL,
  36.501 +	/* grant table control hooks */
  36.502 +	.pre_grant_map_ref       	= NULL,
  36.503 +	.fail_grant_map_ref		= NULL,
  36.504 +	.pre_grant_setup	       	= NULL,
  36.505 +	.fail_grant_setup		= NULL,
  36.506 +};
    37.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    37.2 +++ b/xen/acm/acm_core.c	Tue Jun 21 07:02:30 2005 +0000
    37.3 @@ -0,0 +1,205 @@
    37.4 +/****************************************************************
    37.5 + * acm_core.c
    37.6 + * 
    37.7 + * Copyright (C) 2005 IBM Corporation
    37.8 + *
    37.9 + * Author:
   37.10 + * Reiner Sailer <sailer@watson.ibm.com>
   37.11 + *
   37.12 + * This program is free software; you can redistribute it and/or
   37.13 + * modify it under the terms of the GNU General Public License as
   37.14 + * published by the Free Software Foundation, version 2 of the
   37.15 + * License.
   37.16 + *
   37.17 + * sHype access control module (ACM)
   37.18 + *       This file handles initialization of the ACM
   37.19 + *       as well as initializing/freeing security 
   37.20 + *       identifiers for domains (it calls on active
   37.21 + *       policy hook functions).
   37.22 + *
   37.23 + */
   37.24 +
   37.25 +#include <xen/config.h>
   37.26 +#include <xen/errno.h>
   37.27 +#include <xen/types.h>
   37.28 +#include <xen/lib.h>
   37.29 +#include <xen/delay.h>
   37.30 +#include <xen/sched.h>
   37.31 +#include <acm/acm_hooks.h>
   37.32 +#include <acm/acm_endian.h>
   37.33 +
   37.34 +/* debug: 
   37.35 + *   include/acm/acm_hooks.h defines a constant ACM_TRACE_MODE;
   37.36 + *   define/undefine this constant to receive / suppress any
   37.37 + *   security hook debug output of sHype
   37.38 + *
   37.39 + *   include/public/acm.h defines a constant ACM_DEBUG
   37.40 + *   define/undefine this constant to receive non-hook-related
   37.41 + *   debug output.
   37.42 + */
   37.43 +
   37.44 +/* function prototypes */
   37.45 +void acm_init_chwall_policy(void);
   37.46 +void acm_init_ste_policy(void);
   37.47 +
   37.48 +extern struct acm_operations acm_chinesewall_ops, 
   37.49 +	acm_simple_type_enforcement_ops, acm_null_ops;
   37.50 +
   37.51 +/* global ops structs called by the hooks */
   37.52 +struct acm_operations *acm_primary_ops = NULL;
   37.53 +/* called in hook if-and-only-if primary succeeds */
   37.54 +struct acm_operations *acm_secondary_ops = NULL;
   37.55 +
   37.56 +/* acm global binary policy (points to 'local' primary and secondary policies */
   37.57 +struct acm_binary_policy acm_bin_pol;
   37.58 +/* acm binary policy lock */
   37.59 +rwlock_t acm_bin_pol_rwlock = RW_LOCK_UNLOCKED;
   37.60 +
   37.61 +/* until we have endian support in Xen, we discover it at runtime */
   37.62 +u8 little_endian = 1;
   37.63 +void acm_set_endian(void)
   37.64 +{
   37.65 +    u32 test = 1;
   37.66 +    if (*((u8 *)&test) == 1) {
   37.67 +      	printk("ACM module running in LITTLE ENDIAN.\n");
   37.68 +	little_endian = 1;
   37.69 +    } else {
   37.70 +	printk("ACM module running in BIG ENDIAN.\n");
   37.71 +	little_endian = 0;
   37.72 +    }
   37.73 +}
   37.74 +
   37.75 +/* initialize global security policy for Xen; policy write-locked already */
   37.76 +static void
   37.77 +acm_init_binary_policy(void *primary, void *secondary)
   37.78 +{
   37.79 +	acm_bin_pol.primary_policy_code = 0;
   37.80 +	acm_bin_pol.secondary_policy_code = 0;
   37.81 +	acm_bin_pol.primary_binary_policy = primary;
   37.82 +	acm_bin_pol.secondary_binary_policy = secondary;
   37.83 +}
   37.84 +
   37.85 +int
   37.86 +acm_init(void)
   37.87 +{
   37.88 +	int ret = -EINVAL;
   37.89 +
   37.90 +	acm_set_endian();
   37.91 +	write_lock(&acm_bin_pol_rwlock);
   37.92 +
   37.93 +	if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) {
   37.94 +		acm_init_binary_policy(NULL, NULL);
   37.95 +		acm_init_chwall_policy();
   37.96 +		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
   37.97 +		acm_primary_ops = &acm_chinesewall_ops;
   37.98 +		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
   37.99 +		acm_secondary_ops = &acm_null_ops;
  37.100 +		ret = ACM_OK;
  37.101 +	} else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  37.102 +		acm_init_binary_policy(NULL, NULL);
  37.103 +		acm_init_ste_policy();
  37.104 +		acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  37.105 +		acm_primary_ops = &acm_simple_type_enforcement_ops;
  37.106 +		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  37.107 +		acm_secondary_ops = &acm_null_ops;
  37.108 +		ret = ACM_OK;
  37.109 +	} else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) {
  37.110 +		acm_init_binary_policy(NULL, NULL);
  37.111 +		acm_init_chwall_policy();
  37.112 +		acm_init_ste_policy();
  37.113 +		acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
  37.114 +		acm_primary_ops = &acm_chinesewall_ops;
  37.115 +		acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
  37.116 +		acm_secondary_ops = &acm_simple_type_enforcement_ops;
  37.117 +		ret = ACM_OK;
  37.118 +	} else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) {
  37.119 +		acm_init_binary_policy(NULL, NULL);
  37.120 +		acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
  37.121 +		acm_primary_ops = &acm_null_ops;
  37.122 +		acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
  37.123 +		acm_secondary_ops = &acm_null_ops;
  37.124 +		ret = ACM_OK;
  37.125 +	}
  37.126 +	write_unlock(&acm_bin_pol_rwlock);
  37.127 +
  37.128 +	if (ret != ACM_OK)
  37.129 +		return -EINVAL;		
  37.130 +	printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, 
  37.131 +	       ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
  37.132 +	return ACM_OK;
  37.133 +}
  37.134 +
  37.135 +
  37.136 +int
  37.137 +acm_init_domain_ssid(domid_t id, ssidref_t ssidref)
  37.138 +{
  37.139 +	struct acm_ssid_domain *ssid;
  37.140 +	struct domain *subj = find_domain_by_id(id);
  37.141 +	int ret1, ret2;
  37.142 +	
  37.143 +	if (subj == NULL) {
  37.144 +		printk("%s: ACM_NULL_POINTER ERROR (id=%x).\n", __func__, id);
  37.145 +		return ACM_NULL_POINTER_ERROR;
  37.146 +	}
  37.147 +	if ((ssid = xmalloc(struct acm_ssid_domain)) == NULL)
  37.148 +		return ACM_INIT_SSID_ERROR;
  37.149 +
  37.150 +	ssid->datatype       = DOMAIN;
  37.151 +	ssid->subject  	     = subj;
  37.152 +	ssid->domainid	     = subj->domain_id;
  37.153 +	ssid->primary_ssid   = NULL;
  37.154 +	ssid->secondary_ssid = NULL;
  37.155 +
  37.156 +	if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY)
  37.157 +		ssid->ssidref = ssidref;
  37.158 +	else
  37.159 +		ssid->ssidref = ACM_DEFAULT_SSID;
  37.160 +
  37.161 +	subj->ssid           = ssid;
  37.162 +	/* now fill in primary and secondary parts; we only get here through hooks */
  37.163 +	if (acm_primary_ops->init_domain_ssid != NULL)
  37.164 +		ret1 = acm_primary_ops->init_domain_ssid(&(ssid->primary_ssid), ssidref);
  37.165 +	else
  37.166 +		ret1 = ACM_OK;
  37.167 +
  37.168 +	if (acm_secondary_ops->init_domain_ssid != NULL)
  37.169 +		ret2 = acm_secondary_ops->init_domain_ssid(&(ssid->secondary_ssid), ssidref);
  37.170 +	else
  37.171 +		ret2 = ACM_OK;
  37.172 +
  37.173 +	if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) {
  37.174 +		printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n",
  37.175 +		       __func__, subj->domain_id);
  37.176 +		acm_free_domain_ssid(ssid);	
  37.177 +	        put_domain(subj);
  37.178 +		return ACM_INIT_SSID_ERROR;
  37.179 +	}
  37.180 +	printk("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref);
  37.181 +	put_domain(subj);
  37.182 +	return ACM_OK;
  37.183 +}
  37.184 +
  37.185 +
  37.186 +int
  37.187 +acm_free_domain_ssid(struct acm_ssid_domain *ssid)
  37.188 +{
  37.189 +	domid_t id;
  37.190 +
  37.191 +	/* domain is already gone, just ssid is left */
  37.192 +	if (ssid == NULL) {
  37.193 +		printk("%s: ACM_NULL_POINTER ERROR.\n", __func__);
  37.194 +		return ACM_NULL_POINTER_ERROR;
  37.195 +	}
  37.196 +       	id = ssid->domainid;
  37.197 +	ssid->subject  	     = NULL;
  37.198 +
  37.199 +	if (acm_primary_ops->free_domain_ssid != NULL) /* null policy */
  37.200 +		acm_primary_ops->free_domain_ssid(ssid->primary_ssid);
  37.201 +	ssid->primary_ssid = NULL;
  37.202 +	if (acm_secondary_ops->free_domain_ssid != NULL)
  37.203 +		acm_secondary_ops->free_domain_ssid(ssid->secondary_ssid);
  37.204 +	ssid->secondary_ssid = NULL;
  37.205 +	xfree(ssid);
  37.206 +	printkd("%s: Freed individual domain ssid (domain=%02x).\n",__func__, id);
  37.207 +	return ACM_OK;
  37.208 +}
    38.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    38.2 +++ b/xen/acm/acm_null_hooks.c	Tue Jun 21 07:02:30 2005 +0000
    38.3 @@ -0,0 +1,76 @@
    38.4 +/****************************************************************
    38.5 + * acm_null_hooks.c
    38.6 + * 
    38.7 + * Copyright (C) 2005 IBM Corporation
    38.8 + *
    38.9 + * Author:
   38.10 + * Reiner Sailer <sailer@watson.ibm.com>
   38.11 + *
   38.12 + * This program is free software; you can redistribute it and/or
   38.13 + * modify it under the terms of the GNU General Public License as
   38.14 + * published by the Free Software Foundation, version 2 of the
   38.15 + * License.
   38.16 + */
   38.17 +#include <acm/acm_hooks.h>
   38.18 +
   38.19 +static int
   38.20 +null_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref)
   38.21 +{
   38.22 +	return ACM_OK;
   38.23 +}
   38.24 +
   38.25 +
   38.26 +static void
   38.27 +null_free_domain_ssid(void *chwall_ssid)
   38.28 +{
   38.29 +	return;
   38.30 +}
   38.31 +
   38.32 +
   38.33 +static int
   38.34 +null_dump_binary_policy(u8 *buf, u16 buf_size) 
   38.35 +{	
   38.36 +	return 0;
   38.37 +}
   38.38 +
   38.39 +
   38.40 +
   38.41 +static int
   38.42 +null_set_binary_policy(u8 *buf, u16 buf_size) 
   38.43 +{	
   38.44 +	return -1;
   38.45 +}
   38.46 +
   38.47 +	
   38.48 +static int 
   38.49 +null_dump_stats(u8 *buf, u16 buf_size)
   38.50 +{
   38.51 +	/* no stats for NULL policy */
   38.52 +	return 0;
   38.53 +}
   38.54 +
   38.55 +
   38.56 +/* now define the hook structure similarly to LSM */
   38.57 +struct acm_operations acm_null_ops = {
   38.58 +	.init_domain_ssid		= null_init_domain_ssid,
   38.59 +	.free_domain_ssid		= null_free_domain_ssid,
   38.60 +	.dump_binary_policy           	= null_dump_binary_policy,
   38.61 +	.set_binary_policy		= null_set_binary_policy,
   38.62 +	.dump_statistics	        = null_dump_stats,
   38.63 +	/* domain management control hooks */
   38.64 +	.pre_domain_create     		= NULL,
   38.65 +	.post_domain_create		= NULL,
   38.66 +	.fail_domain_create		= NULL,
   38.67 +	.post_domain_destroy		= NULL,
   38.68 +	/* event channel control hooks */
   38.69 +	.pre_eventchannel_unbound      	= NULL,
   38.70 +	.fail_eventchannel_unbound	= NULL,
   38.71 +	.pre_eventchannel_interdomain	= NULL,
   38.72 +	.fail_eventchannel_interdomain	= NULL,
   38.73 +	/* grant table control hooks */
   38.74 +	.pre_grant_map_ref       	= NULL,
   38.75 +	.fail_grant_map_ref		= NULL,
   38.76 +	.pre_grant_setup	       	= NULL,
   38.77 +	.fail_grant_setup		= NULL
   38.78 +
   38.79 +};
    39.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    39.2 +++ b/xen/acm/acm_policy.c	Tue Jun 21 07:02:30 2005 +0000
    39.3 @@ -0,0 +1,197 @@
    39.4 +/****************************************************************
    39.5 + * acm_policy.c
    39.6 + * 
    39.7 + * Copyright (C) 2005 IBM Corporation
    39.8 + *
    39.9 + * Author:
   39.10 + * Reiner Sailer <sailer@watson.ibm.com>
   39.11 + *
   39.12 + * Contributions:
   39.13 + * Stefan Berger <stefanb@watson.ibm.com>
   39.14 + *	support for network-byte-order binary policies
   39.15 + *
   39.16 + * This program is free software; you can redistribute it and/or
   39.17 + * modify it under the terms of the GNU General Public License as
   39.18 + * published by the Free Software Foundation, version 2 of the
   39.19 + * License.
   39.20 + *
   39.21 + * sHype access control policy management for Xen.
   39.22 + *       This interface allows policy tools in authorized
   39.23 + *       domains to interact with the Xen access control module
   39.24 + * 
   39.25 + */
   39.26 +
   39.27 +#include <xen/config.h>
   39.28 +#include <xen/errno.h>
   39.29 +#include <xen/types.h>
   39.30 +#include <xen/lib.h>
   39.31 +#include <xen/delay.h>
   39.32 +#include <xen/sched.h>
   39.33 +#include <public/policy_ops.h>
   39.34 +#include <acm/acm_core.h>
   39.35 +#include <acm/acm_hooks.h>
   39.36 +#include <acm/acm_endian.h>
   39.37 +
   39.38 +int
   39.39 +acm_set_policy(void *buf, u16 buf_size, u16 policy)
   39.40 +{
   39.41 +	u8 *policy_buffer = NULL;
   39.42 +	struct acm_policy_buffer *pol;
   39.43 +	
   39.44 +	if (policy != ACM_USE_SECURITY_POLICY) {
   39.45 +		printk("%s: Loading incompatible policy (running: %s).\n", __func__,
   39.46 +		       ACM_POLICY_NAME(ACM_USE_SECURITY_POLICY));
   39.47 +		return -EFAULT;
   39.48 +	}
   39.49 +	/* now check correct buffer sizes for policy combinations */
   39.50 +	if (policy == ACM_NULL_POLICY) {
   39.51 +		printkd("%s: NULL Policy, no policy needed.\n", __func__);
   39.52 +		goto out;
   39.53 +	}
   39.54 +     	if (buf_size < sizeof(struct acm_policy_buffer))
   39.55 +		return -EFAULT;
   39.56 +	/* 1. copy buffer from domain */
   39.57 +	if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
   39.58 +	    goto error_free;
   39.59 +        if (copy_from_user(policy_buffer, buf, buf_size)) {
   39.60 +		printk("%s: Error copying!\n",__func__);
   39.61 +		goto error_free;
   39.62 +	}
   39.63 +	/* 2. some sanity checking */
   39.64 +	pol = (struct acm_policy_buffer *)policy_buffer;
   39.65 +
   39.66 +	if ((ntohl(pol->magic) != ACM_MAGIC) || 
   39.67 +	    (ntohs(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
   39.68 +	    (ntohs(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) {
   39.69 +		printkd("%s: Wrong policy magics!\n", __func__);
   39.70 +		goto error_free;
   39.71 +	}
   39.72 +	if (buf_size != ntohl(pol->len)) {
   39.73 +		printk("%s: ERROR in buf size.\n", __func__);
   39.74 +		goto error_free;
   39.75 +	}
   39.76 +
   39.77 +	/* get bin_policy lock and rewrite policy (release old one) */
   39.78 +	write_lock(&acm_bin_pol_rwlock);
   39.79 +
   39.80 +	/* 3. now get/set primary policy data */
   39.81 +	if (acm_primary_ops->set_binary_policy(buf + ntohs(pol->primary_buffer_offset), 
   39.82 +                                               ntohs(pol->secondary_buffer_offset) -
   39.83 +					       ntohs(pol->primary_buffer_offset))) {
   39.84 +		goto error_lock_free;
   39.85 +	}
   39.86 +	/* 4. now get/set secondary policy data */
   39.87 +	if (acm_secondary_ops->set_binary_policy(buf + ntohs(pol->secondary_buffer_offset),
   39.88 +						 ntohl(pol->len) - 
   39.89 +						 ntohs(pol->secondary_buffer_offset))) {
   39.90 +		goto error_lock_free;
   39.91 +	}
   39.92 +	write_unlock(&acm_bin_pol_rwlock);
   39.93 + out:
   39.94 +	printk("%s: Done .\n", __func__);
   39.95 +	if (policy_buffer != NULL)
   39.96 +		xfree(policy_buffer);
   39.97 +	return ACM_OK;
   39.98 +
   39.99 + error_lock_free:
  39.100 +	write_unlock(&acm_bin_pol_rwlock);
  39.101 + error_free:
  39.102 +	printk("%s: Error setting policy.\n", __func__);
  39.103 +	if (policy_buffer != NULL)
  39.104 +		xfree(policy_buffer);
  39.105 +	return -ENOMEM;
  39.106 +}
  39.107 +
  39.108 +int
  39.109 +acm_get_policy(void *buf, u16 buf_size)
  39.110 +{	
  39.111 +     u8 *policy_buffer;
  39.112 +     int ret;
  39.113 +     struct acm_policy_buffer *bin_pol;
  39.114 +	
  39.115 +     if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL)
  39.116 +	    return -ENOMEM;
  39.117 +
  39.118 +     read_lock(&acm_bin_pol_rwlock);
  39.119 +     /* future: read policy from file and set it */
  39.120 +     bin_pol = (struct acm_policy_buffer *)policy_buffer;
  39.121 +     bin_pol->magic = htonl(ACM_MAGIC);
  39.122 +     bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION);
  39.123 +     bin_pol->primary_policy_code = htons(acm_bin_pol.primary_policy_code);
  39.124 +     bin_pol->secondary_policy_code = htons(acm_bin_pol.secondary_policy_code);
  39.125 +
  39.126 +     bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
  39.127 +     bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len));
  39.128 +     bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
  39.129 +     
  39.130 +     ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohs(bin_pol->primary_buffer_offset),
  39.131 +				       buf_size - ntohs(bin_pol->primary_buffer_offset));
  39.132 +     if (ret < 0) {
  39.133 +	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
  39.134 +	     read_unlock(&acm_bin_pol_rwlock);
  39.135 +	     return -1;
  39.136 +     }
  39.137 +     bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  39.138 +     bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len));
  39.139 +
  39.140 +     ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohs(bin_pol->secondary_buffer_offset), 
  39.141 +				    buf_size - ntohs(bin_pol->secondary_buffer_offset));
  39.142 +     if (ret < 0) {
  39.143 +	     printk("%s: ERROR creating chwallpolicy buffer.\n", __func__);
  39.144 +	     read_unlock(&acm_bin_pol_rwlock);
  39.145 +	     return -1;
  39.146 +     }
  39.147 +     bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
  39.148 +     read_unlock(&acm_bin_pol_rwlock);
  39.149 +     if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len)))
  39.150 +	     return -EFAULT;
  39.151 +     xfree(policy_buffer);
  39.152 +     return ACM_OK;
  39.153 +}
  39.154 +
  39.155 +int
  39.156 +acm_dump_statistics(void *buf, u16 buf_size)
  39.157 +{	
  39.158 +    /* send stats to user space */
  39.159 +     u8 *stats_buffer;
  39.160 +     int len1, len2;
  39.161 +     struct acm_stats_buffer acm_stats;
  39.162 +
  39.163 +     if ((stats_buffer = xmalloc_array(u8, buf_size)) == NULL)
  39.164 +	    return -ENOMEM;
  39.165 +
  39.166 +     read_lock(&acm_bin_pol_rwlock);
  39.167 +     
  39.168 +     len1 = acm_primary_ops->dump_statistics(stats_buffer + sizeof(struct acm_stats_buffer),
  39.169 +					     buf_size - sizeof(struct acm_stats_buffer));
  39.170 +     if (len1 < 0)
  39.171 +	     goto error_lock_free;
  39.172 +	     
  39.173 +     len2 = acm_secondary_ops->dump_statistics(stats_buffer + sizeof(struct acm_stats_buffer) + len1,
  39.174 +					       buf_size - sizeof(struct acm_stats_buffer) - len1);
  39.175 +     if (len2 < 0)
  39.176 +	     goto error_lock_free;
  39.177 +
  39.178 +     acm_stats.magic = htonl(ACM_MAGIC);
  39.179 +     acm_stats.policyversion = htonl(POLICY_INTERFACE_VERSION);
  39.180 +     acm_stats.primary_policy_code = htons(acm_bin_pol.primary_policy_code);
  39.181 +     acm_stats.secondary_policy_code = htons(acm_bin_pol.secondary_policy_code);
  39.182 +     acm_stats.primary_stats_offset = htons(sizeof(struct acm_stats_buffer));
  39.183 +     acm_stats.secondary_stats_offset = htons(sizeof(struct acm_stats_buffer) + len1);
  39.184 +     acm_stats.len = htonl(sizeof(struct acm_stats_buffer) + len1 + len2);
  39.185 +     memcpy(stats_buffer, &acm_stats, sizeof(struct acm_stats_buffer));
  39.186 +
  39.187 +     if (copy_to_user(buf, stats_buffer, sizeof(struct acm_stats_buffer) + len1 + len2))
  39.188 +	     goto error_lock_free;
  39.189 +
  39.190 +     read_unlock(&acm_bin_pol_rwlock);
  39.191 +     xfree(stats_buffer);
  39.192 +     return ACM_OK;
  39.193 +
  39.194 + error_lock_free:
  39.195 +     read_unlock(&acm_bin_pol_rwlock);
  39.196 +     xfree(stats_buffer);
  39.197 +     return -EFAULT;
  39.198 +}
  39.199 +
  39.200 +/*eof*/
    40.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    40.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c	Tue Jun 21 07:02:30 2005 +0000
    40.3 @@ -0,0 +1,638 @@
    40.4 +/****************************************************************
    40.5 + * acm_simple_type_enforcement_hooks.c
    40.6 + * 
    40.7 + * Copyright (C) 2005 IBM Corporation
    40.8 + *
    40.9 + * Author:
   40.10 + * Reiner Sailer <sailer@watson.ibm.com>
   40.11 + *
   40.12 + * Contributors:
   40.13 + * Stefan Berger <stefanb@watson.ibm.com>
   40.14 + *         support for network order binary policies
   40.15 + *
   40.16 + * This program is free software; you can redistribute it and/or
   40.17 + * modify it under the terms of the GNU General Public License as
   40.18 + * published by the Free Software Foundation, version 2 of the
   40.19 + * License.
   40.20 + *
   40.21 + * sHype Simple Type Enforcement for Xen
   40.22 + *     STE allows to control which domains can setup sharing
   40.23 + *     (eventchannels right now) with which other domains. Hooks
   40.24 + *     are defined and called throughout Xen when domains bind to
   40.25 + *     shared resources (setup eventchannels) and a domain is allowed
   40.26 + *     to setup sharing with another domain if and only if both domains
   40.27 + *     share at least on common type.
   40.28 + *
   40.29 + */
   40.30 +#include <xen/lib.h>
   40.31 +#include <asm/types.h>
   40.32 +#include <asm/current.h>
   40.33 +#include <acm/acm_hooks.h>
   40.34 +#include <asm/atomic.h>
   40.35 +#include <acm/acm_endian.h>
   40.36 +
   40.37 +/* local cache structures for chinese wall policy */
   40.38 +struct ste_binary_policy ste_bin_pol;
   40.39 +
   40.40 +static inline int have_common_type (ssidref_t ref1, ssidref_t ref2) {
   40.41 +	int i;
   40.42 +	for(i=0; i< ste_bin_pol.max_types; i++)
   40.43 +		if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] && 
   40.44 +		     ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i]) {
   40.45 +			printkd("%s: common type #%02x.\n", __func__, i);
   40.46 +			return 1;
   40.47 +		}
   40.48 +	return 0;
   40.49 +}
   40.50 +
   40.51 +/* Helper function: return = (subj and obj share a common type) */
   40.52 +static int share_common_type(struct domain *subj, struct domain *obj)
   40.53 +{
   40.54 +	ssidref_t ref_s, ref_o;
   40.55 +	int ret;
   40.56 +
   40.57 +	if ((subj == NULL) || (obj == NULL) || (subj->ssid == NULL) || (obj->ssid == NULL))
   40.58 +		return 0;
   40.59 +	read_lock(&acm_bin_pol_rwlock);
   40.60 +	/* lookup the policy-local ssids */
   40.61 +	ref_s = ((struct ste_ssid *)(GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
   40.62 +				    (struct acm_ssid_domain *)subj->ssid)))->ste_ssidref;
   40.63 +	ref_o = ((struct ste_ssid *)(GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
   40.64 +				    (struct acm_ssid_domain *)obj->ssid)))->ste_ssidref;
   40.65 +        /* check whether subj and obj share a common ste type */
   40.66 +	ret = have_common_type(ref_s, ref_o);
   40.67 +	read_unlock(&acm_bin_pol_rwlock);
   40.68 +	return ret;
   40.69 +}
   40.70 +
   40.71 +/*
   40.72 + * Initializing chinese wall policy (will be filled by policy partition
   40.73 + * using setpolicy command)
   40.74 + */
   40.75 +int acm_init_ste_policy(void)
   40.76 +{
   40.77 +	/* minimal startup policy; policy write-locked already */
   40.78 +	ste_bin_pol.max_types = 1;
   40.79 +	ste_bin_pol.max_ssidrefs = 1;
   40.80 +	ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 1);
   40.81 +	
   40.82 +	if (ste_bin_pol.ssidrefs == NULL)
   40.83 +		return ACM_INIT_SSID_ERROR;
   40.84 +
   40.85 +	/* initialize state */
   40.86 +	ste_bin_pol.ssidrefs[0] = 1;
   40.87 +
   40.88 +	/* init stats */
   40.89 +	atomic_set(&(ste_bin_pol.ec_eval_count), 0);
   40.90 +	atomic_set(&(ste_bin_pol.ec_denied_count), 0); 
   40.91 +	atomic_set(&(ste_bin_pol.ec_cachehit_count), 0);
   40.92 +	atomic_set(&(ste_bin_pol.gt_eval_count), 0);
   40.93 +	atomic_set(&(ste_bin_pol.gt_denied_count), 0); 
   40.94 +	atomic_set(&(ste_bin_pol.gt_cachehit_count), 0);
   40.95 +	return ACM_OK;
   40.96 +}
   40.97 +
   40.98 +
   40.99 +/* ste initialization function hooks */
  40.100 +static int
  40.101 +ste_init_domain_ssid(void **ste_ssid, ssidref_t ssidref)
  40.102 +{
  40.103 +	int i;
  40.104 +	struct ste_ssid *ste_ssidp = xmalloc(struct ste_ssid); 
  40.105 +	traceprintk("%s.\n", __func__);
  40.106 +
  40.107 +	if (ste_ssidp == NULL)
  40.108 +		return ACM_INIT_SSID_ERROR;
  40.109 +
  40.110 +	/* get policy-local ssid reference */
  40.111 +	ste_ssidp->ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref);
  40.112 +	if (ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) {
  40.113 +		printkd("%s: ERROR ste_ssidref (%x) > max(%x).\n",
  40.114 +			__func__, ste_ssidp->ste_ssidref, ste_bin_pol.max_ssidrefs-1);
  40.115 +		xfree(ste_ssidp);
  40.116 +		return ACM_INIT_SSID_ERROR;
  40.117 +	}
  40.118 +	/* clean ste cache */
  40.119 +	for (i=0; i<ACM_TE_CACHE_SIZE; i++)
  40.120 +		ste_ssidp->ste_cache[i].valid = FREE;
  40.121 +
  40.122 +	(*ste_ssid) = ste_ssidp;
  40.123 +	printkd("%s: determined ste_ssidref to %x.\n", 
  40.124 +	       __func__, ste_ssidp->ste_ssidref);
  40.125 +	return ACM_OK;
  40.126 +}
  40.127 +
  40.128 +
  40.129 +static void
  40.130 +ste_free_domain_ssid(void *ste_ssid)
  40.131 +{
  40.132 +	traceprintk("%s.\n", __func__);
  40.133 +	if (ste_ssid != NULL)
  40.134 +		xfree(ste_ssid);
  40.135 +	return;
  40.136 +}
  40.137 +
  40.138 +/* dump type enforcement cache; policy read-locked already */
  40.139 +static int 
  40.140 +ste_dump_policy(u8 *buf, u16 buf_size) {
  40.141 +     struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf;
  40.142 +     int ret = 0;
  40.143 +
  40.144 +     ste_buf->ste_max_types = htons(ste_bin_pol.max_types);
  40.145 +     ste_buf->ste_max_ssidrefs = htons(ste_bin_pol.max_ssidrefs);
  40.146 +     ste_buf->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
  40.147 +     ste_buf->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer));
  40.148 +     ret = ntohs(ste_buf->ste_ssid_offset) +
  40.149 +	     sizeof(domaintype_t)*ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types;
  40.150 +
  40.151 +     /* now copy buffer over */
  40.152 +     arrcpy(buf + ntohs(ste_buf->ste_ssid_offset),
  40.153 +	    ste_bin_pol.ssidrefs,
  40.154 +	    sizeof(domaintype_t),
  40.155 +             ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types);
  40.156 +
  40.157 +     return ret;
  40.158 +}
  40.159 +
  40.160 +/* ste_init_state is called when a policy is changed to detect violations (return != 0).
  40.161 + * from a security point of view, we simulate that all running domains are re-started and
  40.162 + * all sharing decisions are replayed to detect violations or current sharing behavior
  40.163 + * (right now: event_channels, future: also grant_tables)
  40.164 + */ 
  40.165 +static int
  40.166 +ste_init_state(struct acm_ste_policy_buffer *ste_buf, domaintype_t *ssidrefs)
  40.167 +{
  40.168 +    int violation = 1;
  40.169 +    struct ste_ssid *ste_ssid, *ste_rssid;
  40.170 +    ssidref_t ste_ssidref, ste_rssidref;
  40.171 +    struct domain **pd, *rdom;
  40.172 +    domid_t rdomid;
  40.173 +    grant_entry_t sha_copy;
  40.174 +    int port, i;
  40.175 +
  40.176 +    read_lock(&domlist_lock); /* go by domain? or directly by global? event/grant list */
  40.177 +    /* go through all domains and adjust policy as if this domain was started now */
  40.178 +    pd = &domain_list;
  40.179 +    for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
  40.180 +	    ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.181 +				 (struct acm_ssid_domain *)(*pd)->ssid);
  40.182 +	    ste_ssidref = ste_ssid->ste_ssidref;
  40.183 +	    traceprintk("%s: validating policy for eventch domain %x (ste-Ref=%x).\n",
  40.184 +		    __func__, (*pd)->domain_id, ste_ssidref);
  40.185 +	    /* a) check for event channel conflicts */
  40.186 +	    for (port=0; port < NR_EVTCHN_BUCKETS; port++) {
  40.187 +		    spin_lock(&(*pd)->evtchn_lock);
  40.188 +		    if ((*pd)->evtchn[port] == NULL) {
  40.189 +                            spin_unlock(&(*pd)->evtchn_lock);
  40.190 +		            continue;
  40.191 +		    }
  40.192 +		    if ((*pd)->evtchn[port]->state == ECS_INTERDOMAIN) {
  40.193 +			    rdom = (*pd)->evtchn[port]->u.interdomain.remote_dom;
  40.194 +			    rdomid = rdom->domain_id;
  40.195 +			    /* rdom now has remote domain */
  40.196 +			    ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.197 +						  (struct acm_ssid_domain *)(rdom->ssid));
  40.198 +			    ste_rssidref = ste_rssid->ste_ssidref;
  40.199 +		    } else if ((*pd)->evtchn[port]->state == ECS_UNBOUND) {
  40.200 +			    rdomid = (*pd)->evtchn[port]->u.unbound.remote_domid;
  40.201 +			    if ((rdom = find_domain_by_id(rdomid)) == NULL) {
  40.202 +				    printk("%s: Error finding domain to id %x!\n", __func__, rdomid);
  40.203 +				    goto out;
  40.204 +			    }
  40.205 +			    /* rdom now has remote domain */
  40.206 +			    ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.207 +						  (struct acm_ssid_domain *)(rdom->ssid));
  40.208 +			    ste_rssidref = ste_rssid->ste_ssidref;
  40.209 +			    put_domain(rdom);
  40.210 +		    } else {
  40.211 +			    spin_unlock(&(*pd)->evtchn_lock);
  40.212 +			    continue; /* port unused */
  40.213 +		    }
  40.214 +		    spin_unlock(&(*pd)->evtchn_lock);
  40.215 +
  40.216 +		    /* rdom now has remote domain */
  40.217 +		    ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.218 +					     (struct acm_ssid_domain *)(rdom->ssid));
  40.219 +		    ste_rssidref = ste_rssid->ste_ssidref;
  40.220 +		    traceprintk("%s: eventch: domain %x (ssidref %x) --> domain %x (rssidref %x) used (port %x).\n", 
  40.221 +			    __func__, (*pd)->domain_id, ste_ssidref, rdom->domain_id, ste_rssidref, port);  
  40.222 +		    /* check whether on subj->ssid, obj->ssid share a common type*/
  40.223 +		    if (!have_common_type(ste_ssidref, ste_rssidref)) {
  40.224 +			    printkd("%s: Policy violation in event channel domain %x -> domain %x.\n",
  40.225 +				    __func__, (*pd)->domain_id, rdomid);
  40.226 +			    goto out;
  40.227 +		    }
  40.228 +	    }	
  40.229 +	    /* b) check for grant table conflicts on shared pages */
  40.230 +	    if ((*pd)->grant_table->shared == NULL) {
  40.231 +		    printkd("%s: Grant ... sharing for domain %x not setup!\n", __func__, (*pd)->domain_id);
  40.232 +		    continue;
  40.233 +	    }
  40.234 +	    for ( i = 0; i < NR_GRANT_ENTRIES; i++ ) {
  40.235 +		    sha_copy =  (*pd)->grant_table->shared[i];
  40.236 +		    if ( sha_copy.flags ) {
  40.237 +			    printkd("%s: grant dom (%hu) SHARED (%d) flags:(%hx) dom:(%hu) frame:(%lx)\n",
  40.238 +				    __func__, (*pd)->domain_id, i, sha_copy.flags, sha_copy.domid, 
  40.239 +				    (unsigned long)sha_copy.frame);
  40.240 +			    rdomid = sha_copy.domid;
  40.241 +			    if ((rdom = find_domain_by_id(rdomid)) == NULL) {
  40.242 +			    	    printkd("%s: domain not found ERROR!\n", __func__);
  40.243 +			    	    goto out;
  40.244 +			    };
  40.245 +			    /* rdom now has remote domain */
  40.246 +			    ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.247 +			    			  (struct acm_ssid_domain *)(rdom->ssid));
  40.248 +			    ste_rssidref = ste_rssid->ste_ssidref;
  40.249 +			    put_domain(rdom);
  40.250 +			    if (!have_common_type(ste_ssidref, ste_rssidref)) {
  40.251 +			    	    printkd("%s: Policy violation in grant table sharing domain %x -> domain %x.\n",
  40.252 +			    		    __func__, (*pd)->domain_id, rdomid);
  40.253 +			    	    goto out;
  40.254 +			    }
  40.255 +		    }
  40.256 +	    }
  40.257 +    }
  40.258 +    violation = 0;
  40.259 + out:
  40.260 +    read_unlock(&domlist_lock);
  40.261 +    return violation;
  40.262 +    /* returning "violation != 0" means that existing sharing between domains would not 
  40.263 +     * have been allowed if the new policy had been enforced before the sharing; for ste, 
  40.264 +     * this means that there are at least 2 domains that have established sharing through 
  40.265 +     * event-channels or grant-tables but these two domains don't have no longer a common 
  40.266 +     * type in their typesets referenced by their ssidrefs */
  40.267 +}
  40.268 +
  40.269 +/* set new policy; policy write-locked already */
  40.270 +static int
  40.271 +ste_set_policy(u8 *buf, u16 buf_size) 
  40.272 +{
  40.273 +     struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf;
  40.274 +     void *ssidrefsbuf;
  40.275 +     struct ste_ssid *ste_ssid;
  40.276 +     struct domain **pd;
  40.277 +     int i;
  40.278 +
  40.279 +     /* Convert endianess of policy */
  40.280 +     ste_buf->policy_code = ntohs(ste_buf->policy_code);
  40.281 +     ste_buf->ste_max_types = ntohs(ste_buf->ste_max_types);
  40.282 +     ste_buf->ste_max_ssidrefs = ntohs(ste_buf->ste_max_ssidrefs);
  40.283 +     ste_buf->ste_ssid_offset = ntohs(ste_buf->ste_ssid_offset);
  40.284 +
  40.285 +     /* 1. create and copy-in new ssidrefs buffer */
  40.286 +     ssidrefsbuf = xmalloc_array(u8, sizeof(domaintype_t)*ste_buf->ste_max_types*ste_buf->ste_max_ssidrefs);
  40.287 +     if (ssidrefsbuf == NULL) {
  40.288 +	     return -ENOMEM;
  40.289 +     }
  40.290 +     if (ste_buf->ste_ssid_offset + sizeof(domaintype_t) * ste_buf->ste_max_ssidrefs*ste_buf->ste_max_types > buf_size)
  40.291 +         goto error_free;
  40.292 +
  40.293 +     arrcpy(ssidrefsbuf, 
  40.294 +            buf + ste_buf->ste_ssid_offset,
  40.295 +            sizeof(domaintype_t),
  40.296 +	    ste_buf->ste_max_ssidrefs*ste_buf->ste_max_types);
  40.297 +
  40.298 +     /* 2. now re-calculate sharing decisions based on running domains; 
  40.299 +      *    this can fail if new policy is conflicting with sharing of running domains 
  40.300 +      *    now: reject violating new policy; future: adjust sharing through revoking sharing */
  40.301 +     if (ste_init_state(ste_buf, (domaintype_t *)ssidrefsbuf)) {
  40.302 +	     printk("%s: New policy conflicts with running domains. Policy load aborted.\n", __func__);
  40.303 +	     goto error_free; /* new policy conflicts with sharing of running domains */
  40.304 +     }
  40.305 +     /* 3. replace old policy (activate new policy) */
  40.306 +     ste_bin_pol.max_types = ste_buf->ste_max_types;
  40.307 +     ste_bin_pol.max_ssidrefs = ste_buf->ste_max_ssidrefs;
  40.308 +     if (ste_bin_pol.ssidrefs) 
  40.309 +	     xfree(ste_bin_pol.ssidrefs);
  40.310 +     ste_bin_pol.ssidrefs = (domaintype_t *)ssidrefsbuf;
  40.311 +
  40.312 +     /* clear all ste caches */
  40.313 +     read_lock(&domlist_lock);
  40.314 +     pd = &domain_list;
  40.315 +     for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
  40.316 +	 ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.317 +			 (struct acm_ssid_domain *)(*pd)->ssid);
  40.318 + 	 for (i=0; i<ACM_TE_CACHE_SIZE; i++)
  40.319 +		ste_ssid->ste_cache[i].valid = FREE;
  40.320 +     }
  40.321 +     read_unlock(&domlist_lock);
  40.322 +     return ACM_OK;
  40.323 +
  40.324 +error_free:
  40.325 +	printk("%s: ERROR setting policy.\n", __func__);
  40.326 +	if (ssidrefsbuf != NULL) xfree(ssidrefsbuf);
  40.327 +	return -EFAULT;
  40.328 +}
  40.329 +
  40.330 +static int 
  40.331 +ste_dump_stats(u8 *buf, u16 buf_len)
  40.332 +{
  40.333 +    struct acm_ste_stats_buffer stats;
  40.334 +
  40.335 +#ifdef ACM_DEBUG
  40.336 +    int i;
  40.337 +    struct ste_ssid *ste_ssid;
  40.338 +    struct domain **pd;
  40.339 +
  40.340 +    printk("ste: Decision caches:\n");
  40.341 +    /* go through all domains and adjust policy as if this domain was started now */
  40.342 +    read_lock(&domlist_lock); /* go by domain? or directly by global? event/grant list */
  40.343 +    pd = &domain_list;
  40.344 +    for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
  40.345 +        printk("ste: Cache Domain %02x.\n", (*pd)->domain_id);
  40.346 +	ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.347 +			 (struct acm_ssid_domain *)(*pd)->ssid);
  40.348 +	for (i=0; i<ACM_TE_CACHE_SIZE; i++)
  40.349 +		printk("\t\tcache[%02x] = %s, domid=%x.\n", i,
  40.350 +		       (ste_ssid->ste_cache[i].valid == VALID) ? 
  40.351 +		       "VALID" : "FREE",
  40.352 +		       (ste_ssid->ste_cache[i].valid == VALID) ? 
  40.353 +		       ste_ssid->ste_cache[i].id : 0xffffffff);
  40.354 +    }
  40.355 +    read_unlock(&domlist_lock);
  40.356 +    /* init stats */
  40.357 +    printk("STE-Policy Security Hook Statistics:\n");
  40.358 +    printk("ste: event_channel eval_count      = %x\n", atomic_read(&(ste_bin_pol.ec_eval_count)));
  40.359 +    printk("ste: event_channel denied_count    = %x\n", atomic_read(&(ste_bin_pol.ec_denied_count))); 
  40.360 +    printk("ste: event_channel cache_hit_count = %x\n", atomic_read(&(ste_bin_pol.ec_cachehit_count)));
  40.361 +    printk("ste:\n");
  40.362 +    printk("ste: grant_table   eval_count      = %x\n", atomic_read(&(ste_bin_pol.gt_eval_count)));
  40.363 +    printk("ste: grant_table   denied_count    = %x\n", atomic_read(&(ste_bin_pol.gt_denied_count))); 
  40.364 +    printk("ste: grant_table   cache_hit_count = %x\n", atomic_read(&(ste_bin_pol.gt_cachehit_count)));
  40.365 +#endif
  40.366 +
  40.367 +    if (buf_len < sizeof(struct acm_ste_stats_buffer))
  40.368 +	    return -ENOMEM;
  40.369 +
  40.370 +    /* now send the hook counts to user space */
  40.371 +    stats.ec_eval_count = htonl(atomic_read(&ste_bin_pol.ec_eval_count));
  40.372 +    stats.gt_eval_count = htonl(atomic_read(&ste_bin_pol.gt_eval_count));
  40.373 +    stats.ec_denied_count = htonl(atomic_read(&ste_bin_pol.ec_denied_count));
  40.374 +    stats.gt_denied_count = htonl(atomic_read(&ste_bin_pol.gt_denied_count)); 
  40.375 +    stats.ec_cachehit_count = htonl(atomic_read(&ste_bin_pol.ec_cachehit_count));
  40.376 +    stats.gt_cachehit_count = htonl(atomic_read(&ste_bin_pol.gt_cachehit_count));
  40.377 +    memcpy(buf, &stats, sizeof(struct acm_ste_stats_buffer));
  40.378 +    return sizeof(struct acm_ste_stats_buffer);
  40.379 +}
  40.380 +
  40.381 +
  40.382 +/* we need to go through this before calling the hooks,
  40.383 + * returns 1 == cache hit */
  40.384 +static int inline
  40.385 +check_cache(struct domain *dom, domid_t rdom) {
  40.386 +	struct ste_ssid *ste_ssid;
  40.387 +	int i;
  40.388 +
  40.389 +	printkd("checking cache: %x --> %x.\n", dom->domain_id, rdom);
  40.390 +	ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.391 +			 (struct acm_ssid_domain *)(dom)->ssid);
  40.392 +
  40.393 +	for(i=0; i< ACM_TE_CACHE_SIZE; i++) {
  40.394 +		if ((ste_ssid->ste_cache[i].valid == VALID) &&
  40.395 +		    (ste_ssid->ste_cache[i].id == rdom)) {
  40.396 +			printkd("cache hit (entry %x, id= %x!\n", i, ste_ssid->ste_cache[i].id);
  40.397 +			return 1;
  40.398 +		}
  40.399 +	}
  40.400 +	return 0;
  40.401 +}
  40.402 +
  40.403 +
  40.404 +/* we only get here if there is NO entry yet; no duplication check! */
  40.405 +static void inline
  40.406 +cache_result(struct domain *subj, struct domain *obj) {
  40.407 +	struct ste_ssid *ste_ssid;
  40.408 +	int i;
  40.409 +	printkd("caching from doms: %x --> %x.\n", subj->domain_id, obj->domain_id);
  40.410 +	ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.411 +			 (struct acm_ssid_domain *)(subj)->ssid);
  40.412 +	for(i=0; i< ACM_TE_CACHE_SIZE; i++)
  40.413 +		if (ste_ssid->ste_cache[i].valid == FREE)
  40.414 +			break;
  40.415 +	if (i< ACM_TE_CACHE_SIZE) {
  40.416 +		ste_ssid->ste_cache[i].valid = VALID;
  40.417 +		ste_ssid->ste_cache[i].id = obj->domain_id;
  40.418 +	} else
  40.419 +		printk ("Cache of dom %x is full!\n", subj->domain_id);
  40.420 +}
  40.421 +
  40.422 +/* deletes entries for domain 'id' from all caches (re-use) */
  40.423 +static void inline
  40.424 +clean_id_from_cache(domid_t id) 
  40.425 +{
  40.426 +    struct ste_ssid *ste_ssid;
  40.427 +    int i;
  40.428 +    struct domain **pd;
  40.429 +
  40.430 +    printkd("deleting cache for dom %x.\n", id);
  40.431 +
  40.432 +    read_lock(&domlist_lock); /* look through caches of all domains */
  40.433 +    pd = &domain_list;
  40.434 +    for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
  40.435 +	ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
  40.436 +			 (struct acm_ssid_domain *)(*pd)->ssid);
  40.437 +	for (i=0; i<ACM_TE_CACHE_SIZE; i++)
  40.438 +	    if ((ste_ssid->ste_cache[i].valid == VALID) &&
  40.439 +		(ste_ssid->ste_cache[i].id = id))
  40.440 +		    ste_ssid->ste_cache[i].valid = FREE;
  40.441 +    }
  40.442 +    read_unlock(&domlist_lock);
  40.443 +}
  40.444 +
  40.445 +/***************************
  40.446 + * Authorization functions
  40.447 + **************************/
  40.448 +
  40.449 +static int 
  40.450 +ste_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
  40.451 +{      
  40.452 +    /* check for ssidref in range for policy */
  40.453 +    ssidref_t ste_ssidref;
  40.454 +    traceprintk("%s.\n", __func__);
  40.455 +
  40.456 +    read_lock(&acm_bin_pol_rwlock);
  40.457 +    ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref);
  40.458 +    if (ste_ssidref == ACM_DEFAULT_LOCAL_SSID) {
  40.459 +	printk("%s: ERROR STE SSID is NOT SET but policy enforced.\n", __func__);
  40.460 +	read_unlock(&acm_bin_pol_rwlock);
  40.461 +	return ACM_ACCESS_DENIED; /* catching and indicating config error */
  40.462 +    }
  40.463 +    if (ste_ssidref >= ste_bin_pol.max_ssidrefs) {
  40.464 +	printk("%s: ERROR ste_ssidref > max(%x).\n", 
  40.465 +	       __func__, ste_bin_pol.max_ssidrefs-1);
  40.466 +	read_unlock(&acm_bin_pol_rwlock);
  40.467 +	return ACM_ACCESS_DENIED;
  40.468 +    }
  40.469 +    read_unlock(&acm_bin_pol_rwlock);
  40.470 +    return ACM_ACCESS_PERMITTED;
  40.471 +}
  40.472 +
  40.473 +static void 
  40.474 +ste_post_domain_destroy(void *subject_ssid, domid_t id)
  40.475 +{
  40.476 +    /* clean all cache entries for destroyed domain (might be re-used) */
  40.477 +    clean_id_from_cache(id);
  40.478 +}
  40.479 +
  40.480 +/* -------- EVENTCHANNEL OPERATIONS -----------*/
  40.481 +static int
  40.482 +ste_pre_eventchannel_unbound(domid_t id) {
  40.483 +	struct domain *subj, *obj;
  40.484 +	int ret;
  40.485 +	traceprintk("%s: dom%x-->dom%x.\n", 
  40.486 +		    __func__, current->domain->domain_id, id);
  40.487 +
  40.488 +	if (check_cache(current->domain, id)) {
  40.489 +		atomic_inc(&ste_bin_pol.ec_cachehit_count);
  40.490 +		return ACM_ACCESS_PERMITTED;
  40.491 +	}
  40.492 +	atomic_inc(&ste_bin_pol.ec_eval_count);
  40.493 +	subj = current->domain;
  40.494 +	obj = find_domain_by_id(id);
  40.495 +
  40.496 +	if (share_common_type(subj, obj)) {
  40.497 +		cache_result(subj, obj);
  40.498 +		ret = ACM_ACCESS_PERMITTED;
  40.499 +	} else {
  40.500 +		atomic_inc(&ste_bin_pol.ec_denied_count); 
  40.501 +		ret = ACM_ACCESS_DENIED;	
  40.502 +	}
  40.503 +	if (obj != NULL)
  40.504 +		put_domain(obj);
  40.505 +	return ret;
  40.506 +}
  40.507 +
  40.508 +static int
  40.509 +ste_pre_eventchannel_interdomain(domid_t id1, domid_t id2)
  40.510 +{
  40.511 +	struct domain *subj, *obj;
  40.512 +	int ret;
  40.513 +	traceprintk("%s: dom%x-->dom%x.\n", __func__,
  40.514 +		    (id1 == DOMID_SELF) ? current->domain->domain_id : id1,
  40.515 +		    (id2 == DOMID_SELF) ? current->domain->domain_id : id2);
  40.516 +
  40.517 +	/* following is a bit longer but ensures that we
  40.518 +         * "put" only domains that we where "find"-ing 
  40.519 +	 */
  40.520 +	if (id1 == DOMID_SELF) id1 = current->domain->domain_id;
  40.521 +	if (id2 == DOMID_SELF) id2 = current->domain->domain_id;
  40.522 +
  40.523 +	subj = find_domain_by_id(id1);
  40.524 +	obj  = find_domain_by_id(id2);
  40.525 +	if ((subj == NULL) || (obj == NULL)) {
  40.526 +		ret = ACM_ACCESS_DENIED;
  40.527 +		goto out;
  40.528 +	}
  40.529 +	/* cache check late, but evtchn is not on performance critical path */
  40.530 +	if (check_cache(subj, obj->domain_id)) {
  40.531 +		atomic_inc(&ste_bin_pol.ec_cachehit_count);
  40.532 +		ret = ACM_ACCESS_PERMITTED;
  40.533 +		goto out;
  40.534 +	}
  40.535 +	atomic_inc(&ste_bin_pol.ec_eval_count);
  40.536 +
  40.537 +	if (share_common_type(subj, obj)) {
  40.538 +		cache_result(subj, obj);
  40.539 +		ret = ACM_ACCESS_PERMITTED;
  40.540 +	} else {
  40.541 +		atomic_inc(&ste_bin_pol.ec_denied_count); 
  40.542 +		ret = ACM_ACCESS_DENIED;	
  40.543 +	}
  40.544 + out:
  40.545 +	if (obj != NULL)
  40.546 +		put_domain(obj);
  40.547 +	if (subj != NULL)
  40.548 +		put_domain(subj);
  40.549 +	return ret;
  40.550 +}
  40.551 +
  40.552 +/* -------- SHARED MEMORY OPERATIONS -----------*/
  40.553 +
  40.554 +static int
  40.555 +ste_pre_grant_map_ref (domid_t id) {
  40.556 +	struct domain *obj, *subj;
  40.557 +	int ret;
  40.558 +	traceprintk("%s: dom%x-->dom%x.\n", __func__,
  40.559 +		    current->domain->domain_id, id);
  40.560 +
  40.561 +	if (check_cache(current->domain, id)) {
  40.562 +		atomic_inc(&ste_bin_pol.gt_cachehit_count);
  40.563 +		return ACM_ACCESS_PERMITTED;
  40.564 +	}
  40.565 +	atomic_inc(&ste_bin_pol.gt_eval_count);
  40.566 +	subj = current->domain;
  40.567 +	obj = find_domain_by_id(id);
  40.568 +
  40.569 +	if (share_common_type(subj, obj)) {
  40.570 +		cache_result(subj, obj);
  40.571 +		ret = ACM_ACCESS_PERMITTED;
  40.572 +	} else {
  40.573 +		atomic_inc(&ste_bin_pol.gt_denied_count); 
  40.574 +		printkd("%s: ACCESS DENIED!\n", __func__);
  40.575 +		ret = ACM_ACCESS_DENIED;	
  40.576 +	}
  40.577 +	if (obj != NULL)
  40.578 +		put_domain(obj);
  40.579 +	return ret;
  40.580 +}
  40.581 +
  40.582 +/* since setting up grant tables involves some implicit information
  40.583 +   flow from the creating domain to the domain that is setup, we 
  40.584 +   check types in addition to the general authorization */
  40.585 +static int
  40.586 +ste_pre_grant_setup (domid_t id) {
  40.587 +	struct domain *obj, *subj;
  40.588 +	int ret;
  40.589 +	traceprintk("%s: dom%x-->dom%x.\n", __func__,
  40.590 +		    current->domain->domain_id, id);
  40.591 +
  40.592 +	if (check_cache(current->domain, id)) {
  40.593 +		atomic_inc(&ste_bin_pol.gt_cachehit_count);
  40.594 +		return ACM_ACCESS_PERMITTED;
  40.595 +	}
  40.596 +	atomic_inc(&ste_bin_pol.gt_eval_count);
  40.597 +	/* a) check authorization (eventually use specific capabilities) */
  40.598 +	if (!IS_PRIV(current->domain)) {
  40.599 +		printk("%s: Grant table management authorization denied ERROR!\n", __func__);
  40.600 +		return ACM_ACCESS_DENIED;
  40.601 +	}
  40.602 +	/* b) check types */
  40.603 +	subj = current->domain;
  40.604 +	obj = find_domain_by_id(id);
  40.605 +
  40.606 +	if (share_common_type(subj, obj)) {
  40.607 +		cache_result(subj, obj);
  40.608 +		ret = ACM_ACCESS_PERMITTED;
  40.609 +	} else {
  40.610 +		atomic_inc(&ste_bin_pol.gt_denied_count); 
  40.611 +		ret = ACM_ACCESS_DENIED;	
  40.612 +	}
  40.613 +	if (obj != NULL)
  40.614 +		put_domain(obj);
  40.615 +	return ret;
  40.616 +}
  40.617 +
  40.618 +/* now define the hook structure similarly to LSM */
  40.619 +struct acm_operations acm_simple_type_enforcement_ops = {
  40.620 +	/* policy management services */
  40.621 +	.init_domain_ssid		= ste_init_domain_ssid,
  40.622 +	.free_domain_ssid		= ste_free_domain_ssid,
  40.623 +	.dump_binary_policy    	       	= ste_dump_policy,
  40.624 +	.set_binary_policy     		= ste_set_policy,
  40.625 +	.dump_statistics		= ste_dump_stats,
  40.626 +	/* domain management control hooks */
  40.627 +	.pre_domain_create     		= ste_pre_domain_create,
  40.628 +	.post_domain_create		= NULL,
  40.629 +	.fail_domain_create		= NULL,
  40.630 +	.post_domain_destroy		= ste_post_domain_destroy,
  40.631 +	/* event channel control hooks */
  40.632 +	.pre_eventchannel_unbound      	= ste_pre_eventchannel_unbound,
  40.633 +	.fail_eventchannel_unbound	= NULL,
  40.634 +	.pre_eventchannel_interdomain	= ste_pre_eventchannel_interdomain,
  40.635 +	.fail_eventchannel_interdomain  = NULL,
  40.636 +	/* grant table control hooks */
  40.637 +	.pre_grant_map_ref       	= ste_pre_grant_map_ref,
  40.638 +	.fail_grant_map_ref		= NULL,
  40.639 +	.pre_grant_setup	       	= ste_pre_grant_setup,
  40.640 +	.fail_grant_setup		= NULL,
  40.641 +};
    41.1 --- a/xen/arch/ia64/Makefile	Sat Jun 18 00:49:11 2005 +0000
    41.2 +++ b/xen/arch/ia64/Makefile	Tue Jun 21 07:02:30 2005 +0000
    41.3 @@ -15,7 +15,7 @@ OBJS = xensetup.o setup.o time.o irq.o i
    41.4  ifeq ($(CONFIG_VTI),y)
    41.5  OBJS += vmx_init.o vmx_virt.o vmx_vcpu.o vmx_process.o vmx_vsa.o vmx_ivt.o \
    41.6  	vmx_phy_mode.o vmx_utility.o vmx_interrupt.o vmx_entry.o vmmu.o \
    41.7 -	vtlb.o mmio.o vlsapic.o
    41.8 +	vtlb.o mmio.o vlsapic.o vmx_hypercall.o mm.o
    41.9  endif
   41.10  # perfmon.o
   41.11  # unwind.o needed for kernel unwinding (rare)
    42.1 --- a/xen/arch/ia64/asm-offsets.c	Sat Jun 18 00:49:11 2005 +0000
    42.2 +++ b/xen/arch/ia64/asm-offsets.c	Tue Jun 21 07:02:30 2005 +0000
    42.3 @@ -75,6 +75,9 @@ void foo(void)
    42.4  	DEFINE(IA64_VCPU_META_SAVED_RR0_OFFSET, offsetof (struct vcpu, arch.metaphysical_saved_rr0));
    42.5  	DEFINE(IA64_VCPU_BREAKIMM_OFFSET, offsetof (struct vcpu, arch.breakimm));
    42.6  	DEFINE(IA64_VCPU_IVA_OFFSET, offsetof (struct vcpu, arch.iva));
    42.7 +	DEFINE(IA64_VCPU_IRR0_OFFSET, offsetof (struct vcpu, arch.irr[0]));
    42.8 +	DEFINE(IA64_VCPU_IRR3_OFFSET, offsetof (struct vcpu, arch.irr[3]));
    42.9 +	DEFINE(IA64_VCPU_INSVC3_OFFSET, offsetof (struct vcpu, arch.insvc[3]));
   42.10  
   42.11  	BLANK();
   42.12  
    43.1 --- a/xen/arch/ia64/dom0_ops.c	Sat Jun 18 00:49:11 2005 +0000
    43.2 +++ b/xen/arch/ia64/dom0_ops.c	Tue Jun 21 07:02:30 2005 +0000
    43.3 @@ -18,14 +18,6 @@
    43.4  #include <xen/console.h>
    43.5  #include <public/sched_ctl.h>
    43.6  
    43.7 -#define TRC_DOM0OP_ENTER_BASE  0x00020000
    43.8 -#define TRC_DOM0OP_LEAVE_BASE  0x00030000
    43.9 -
   43.10 -static int msr_cpu_mask;
   43.11 -static unsigned long msr_addr;
   43.12 -static unsigned long msr_lo;
   43.13 -static unsigned long msr_hi;
   43.14 -
   43.15  long arch_do_dom0_op(dom0_op_t *op, dom0_op_t *u_dom0_op)
   43.16  {
   43.17      long ret = 0;
   43.18 @@ -35,6 +27,49 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
   43.19  
   43.20      switch ( op->cmd )
   43.21      {
   43.22 +    /*
   43.23 +     * NOTE: DOM0_GETMEMLIST has somewhat different semantics on IA64 -
   43.24 +     * it actually allocates and maps pages.
   43.25 +     */
   43.26 +    case DOM0_GETMEMLIST:
   43.27 +    {
   43.28 +        unsigned long i;
   43.29 +        struct domain *d = find_domain_by_id(op->u.getmemlist.domain);
   43.30 +        unsigned long start_page = op->u.getmemlist.max_pfns >> 32;
   43.31 +        unsigned long nr_pages = op->u.getmemlist.max_pfns & 0xffffffff;
   43.32 +        unsigned long pfn;
   43.33 +        unsigned long *buffer = op->u.getmemlist.buffer;
   43.34 +        struct page *page;
   43.35 +
   43.36 +        ret = -EINVAL;
   43.37 +        if ( d != NULL )
   43.38 +        {
   43.39 +            ret = 0;
   43.40 +
   43.41 +            for ( i = start_page; i < (start_page + nr_pages); i++ )
   43.42 +            {
   43.43 +                page = map_new_domain_page(d, i << PAGE_SHIFT);
   43.44 +                if ( page == NULL )
   43.45 +                {
   43.46 +                    ret = -ENOMEM;
   43.47 +                    break;
   43.48 +                }
   43.49 +                pfn = page_to_pfn(page);
   43.50 +                if ( put_user(pfn, buffer) )
   43.51 +                {
   43.52 +                    ret = -EFAULT;
   43.53 +                    break;
   43.54 +                }
   43.55 +                buffer++;
   43.56 +            }
   43.57 +
   43.58 +            op->u.getmemlist.num_pfns = i - start_page;
   43.59 +            copy_to_user(u_dom0_op, op, sizeof(*op));
   43.60 +            
   43.61 +            put_domain(d);
   43.62 +        }
   43.63 +    }
   43.64 +    break;
   43.65  
   43.66      default:
   43.67          ret = -ENOSYS;
   43.68 @@ -43,10 +78,3 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
   43.69  
   43.70      return ret;
   43.71  }
   43.72 -
   43.73 -void arch_getdomaininfo_ctxt(struct domain *d, struct vcpu_guest_context *c)
   43.74 -{ 
   43.75 -    int i;
   43.76 -
   43.77 -	dummy();
   43.78 -}
    44.1 --- a/xen/arch/ia64/domain.c	Sat Jun 18 00:49:11 2005 +0000
    44.2 +++ b/xen/arch/ia64/domain.c	Tue Jun 21 07:02:30 2005 +0000
    44.3 @@ -76,7 +76,7 @@ extern unsigned long dom_fw_setup(struct
    44.4  /* this belongs in include/asm, but there doesn't seem to be a suitable place */
    44.5  void free_perdomain_pt(struct domain *d)
    44.6  {
    44.7 -	dummy();
    44.8 +	printf("free_perdomain_pt: not implemented\n");
    44.9  	//free_page((unsigned long)d->mm.perdomain_pt);
   44.10  }
   44.11  
   44.12 @@ -166,27 +166,49 @@ void arch_free_vcpu_struct(struct vcpu *
   44.13  	free_xenheap_pages(v, KERNEL_STACK_SIZE_ORDER);
   44.14  }
   44.15  
   44.16 +static void init_switch_stack(struct vcpu *v)
   44.17 +{
   44.18 +	struct pt_regs *regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1;
   44.19 +	struct switch_stack *sw = (struct switch_stack *) regs - 1;
   44.20 +	extern void ia64_ret_from_clone;
   44.21 +
   44.22 +	memset(sw, 0, sizeof(struct switch_stack) + sizeof(struct pt_regs));
   44.23 +	sw->ar_bspstore = (unsigned long)v + IA64_RBS_OFFSET;
   44.24 +	sw->b0 = (unsigned long) &ia64_ret_from_clone;
   44.25 +	sw->ar_fpsr = FPSR_DEFAULT;
   44.26 +	v->arch._thread.ksp = (unsigned long) sw - 16;
   44.27 +	// stay on kernel stack because may get interrupts!
   44.28 +	// ia64_ret_from_clone (which b0 gets in new_thread) switches
   44.29 +	// to user stack
   44.30 +	v->arch._thread.on_ustack = 0;
   44.31 +	memset(v->arch._thread.fph,0,sizeof(struct ia64_fpreg)*96);
   44.32 +}
   44.33 +
   44.34  #ifdef CONFIG_VTI
   44.35  void arch_do_createdomain(struct vcpu *v)
   44.36  {
   44.37  	struct domain *d = v->domain;
   44.38  	struct thread_info *ti = alloc_thread_info(v);
   44.39  
   44.40 -	/* If domain is VMX domain, shared info area is created
   44.41 -	 * by domain and then domain notifies HV by specific hypercall.
   44.42 -	 * If domain is xenolinux, shared info area is created by
   44.43 -	 * HV.
   44.44 -	 * Since we have no idea about whether domain is VMX now,
   44.45 -	 * (dom0 when parse and domN when build), postpone possible
   44.46 -	 * allocation.
   44.47 -	 */
   44.48 +	/* Clear thread_info to clear some important fields, like preempt_count */
   44.49 +	memset(ti, 0, sizeof(struct thread_info));
   44.50 +	init_switch_stack(v);
   44.51 +
   44.52 + 	/* Shared info area is required to be allocated at domain
   44.53 + 	 * creation, since control panel will write some I/O info
   44.54 + 	 * between front end and back end to that area. However for
   44.55 + 	 * vmx domain, our design is to let domain itself to allcoate
   44.56 + 	 * shared info area, to keep machine page contiguous. So this
   44.57 + 	 * page will be released later when domainN issues request
   44.58 + 	 * after up.
   44.59 + 	 */
   44.60 + 	d->shared_info = (void *)alloc_xenheap_page();
   44.61  
   44.62  	/* FIXME: Because full virtual cpu info is placed in this area,
   44.63  	 * it's unlikely to put it into one shareinfo page. Later
   44.64  	 * need split vcpu context from vcpu_info and conforms to
   44.65  	 * normal xen convention.
   44.66  	 */
   44.67 -	d->shared_info = NULL;
   44.68  	v->vcpu_info = (void *)alloc_xenheap_page();
   44.69  	if (!v->vcpu_info) {
   44.70     		printk("ERROR/HALTING: CAN'T ALLOC PAGE\n");
   44.71 @@ -194,9 +216,6 @@ void arch_do_createdomain(struct vcpu *v
   44.72  	}
   44.73  	memset(v->vcpu_info, 0, PAGE_SIZE);
   44.74  
   44.75 -	/* Clear thread_info to clear some important fields, like preempt_count */
   44.76 -	memset(ti, 0, sizeof(struct thread_info));
   44.77 -
   44.78  	/* Allocate per-domain vTLB and vhpt */
   44.79  	v->arch.vtlb = init_domain_tlb(v);
   44.80  
   44.81 @@ -211,38 +230,25 @@ void arch_do_createdomain(struct vcpu *v
   44.82  	d->xen_vastart = 0xf000000000000000;
   44.83  	d->xen_vaend = 0xf300000000000000;
   44.84  	d->arch.breakimm = 0x1000;
   44.85 -
   44.86 -	// stay on kernel stack because may get interrupts!
   44.87 -	// ia64_ret_from_clone (which b0 gets in new_thread) switches
   44.88 -	// to user stack
   44.89 -	v->arch._thread.on_ustack = 0;
   44.90  }
   44.91  #else // CONFIG_VTI
   44.92  void arch_do_createdomain(struct vcpu *v)
   44.93  {
   44.94  	struct domain *d = v->domain;
   44.95 +	struct thread_info *ti = alloc_thread_info(v);
   44.96 +
   44.97 +	/* Clear thread_info to clear some important fields, like preempt_count */
   44.98 +	memset(ti, 0, sizeof(struct thread_info));
   44.99 +	init_switch_stack(v);
  44.100  
  44.101  	d->shared_info = (void *)alloc_xenheap_page();
  44.102 -	v->vcpu_info = (void *)alloc_xenheap_page();
  44.103 -	if (!v->vcpu_info) {
  44.104 +	if (!d->shared_info) {
  44.105     		printk("ERROR/HALTING: CAN'T ALLOC PAGE\n");
  44.106     		while (1);
  44.107  	}
  44.108 -	memset(v->vcpu_info, 0, PAGE_SIZE);
  44.109 -	/* pin mapping */
  44.110 -	// FIXME: Does this belong here?  Or do only at domain switch time?
  44.111 -#if 0
  44.112 -	// this is now done in ia64_new_rr7
  44.113 -	{
  44.114 -		/* WARNING: following must be inlined to avoid nested fault */
  44.115 -		unsigned long psr = ia64_clear_ic();
  44.116 -		ia64_itr(0x2, IA64_TR_SHARED_INFO, SHAREDINFO_ADDR,
  44.117 -		 pte_val(pfn_pte(ia64_tpa(d->shared_info) >> PAGE_SHIFT, PAGE_KERNEL)),
  44.118 -		 PAGE_SHIFT);
  44.119 -		ia64_set_psr(psr);
  44.120 -		ia64_srlz_i();
  44.121 -	}
  44.122 -#endif
  44.123 +	memset(d->shared_info, 0, PAGE_SIZE);
  44.124 +	v->vcpu_info = &(d->shared_info->vcpu_data[0]);
  44.125 +
  44.126  	d->max_pages = (128*1024*1024)/PAGE_SIZE; // 128MB default // FIXME
  44.127  	if ((d->arch.metaphysical_rr0 = allocate_metaphysical_rr0()) == -1UL)
  44.128  		BUG();
  44.129 @@ -258,33 +264,63 @@ void arch_do_createdomain(struct vcpu *v
  44.130  	d->shared_info_va = 0xf100000000000000;
  44.131  	d->arch.breakimm = 0x1000;
  44.132  	v->arch.breakimm = d->arch.breakimm;
  44.133 -	// stay on kernel stack because may get interrupts!
  44.134 -	// ia64_ret_from_clone (which b0 gets in new_thread) switches
  44.135 -	// to user stack
  44.136 -	v->arch._thread.on_ustack = 0;
  44.137 +
  44.138 +	d->arch.mm = xmalloc(struct mm_struct);
  44.139 +	if (unlikely(!d->arch.mm)) {
  44.140 +		printk("Can't allocate mm_struct for domain %d\n",d->domain_id);
  44.141 +		return -ENOMEM;
  44.142 +	}
  44.143 +	memset(d->arch.mm, 0, sizeof(*d->arch.mm));
  44.144 +	d->arch.mm->pgd = pgd_alloc(d->arch.mm);
  44.145 +	if (unlikely(!d->arch.mm->pgd)) {
  44.146 +		printk("Can't allocate pgd for domain %d\n",d->domain_id);
  44.147 +		return -ENOMEM;
  44.148 +	}
  44.149  }
  44.150  #endif // CONFIG_VTI
  44.151  
  44.152 -void arch_do_boot_vcpu(struct vcpu *v)
  44.153 +void arch_getdomaininfo_ctxt(struct vcpu *v, struct vcpu_guest_context *c)
  44.154  {
  44.155 -	return;
  44.156 +	struct pt_regs *regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1;
  44.157 +
  44.158 +	printf("arch_getdomaininfo_ctxt\n");
  44.159 +	c->regs = *regs;
  44.160 +	c->vcpu = v->vcpu_info->arch;
  44.161 +	c->shared = v->domain->shared_info->arch;
  44.162  }
  44.163  
  44.164  int arch_set_info_guest(struct vcpu *v, struct vcpu_guest_context *c)
  44.165  {
  44.166 -	dummy();
  44.167 -	return 1;
  44.168 +	struct pt_regs *regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1;
  44.169 +
  44.170 +	printf("arch_set_info_guest\n");
  44.171 +	*regs = c->regs;
  44.172 +	regs->cr_ipsr = IA64_PSR_IT|IA64_PSR_DT|IA64_PSR_RT|IA64_PSR_IC|IA64_PSR_I|IA64_PSR_DFH|IA64_PSR_BN|IA64_PSR_SP|IA64_PSR_DI;
  44.173 +	regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT;
  44.174 +	regs->ar_rsc |= (2 << 2); /* force PL2/3 */
  44.175 +
  44.176 +	v->vcpu_info->arch = c->vcpu;
  44.177 +	init_all_rr(v);
  44.178 +
  44.179 +	// this should be in userspace
  44.180 +	regs->r28 = dom_fw_setup(v->domain,"nomca nosmp xencons=ttyS console=ttyS0",256L);  //FIXME
  44.181 +	v->vcpu_info->arch.banknum = 1;
  44.182 +	v->vcpu_info->arch.metaphysical_mode = 1;
  44.183 +
  44.184 +	v->domain->shared_info->arch = c->shared;
  44.185 +	return 0;
  44.186  }
  44.187  
  44.188 -int arch_final_setup_guest(struct vcpu *v, struct vcpu_guest_context *c)
  44.189 +void arch_do_boot_vcpu(struct vcpu *v)
  44.190  {
  44.191 -	dummy();
  44.192 -	return 1;
  44.193 +	printf("arch_do_boot_vcpu: not implemented\n");
  44.194 +	return;
  44.195  }
  44.196  
  44.197  void domain_relinquish_resources(struct domain *d)
  44.198  {
  44.199 -	dummy();
  44.200 +	/* FIXME */
  44.201 +	printf("domain_relinquish_resources: not implemented\n");
  44.202  }
  44.203  
  44.204  #ifdef CONFIG_VTI
  44.205 @@ -294,10 +330,8 @@ void new_thread(struct vcpu *v,
  44.206                  unsigned long start_info)
  44.207  {
  44.208  	struct domain *d = v->domain;
  44.209 -	struct switch_stack *sw;
  44.210  	struct xen_regs *regs;
  44.211  	struct ia64_boot_param *bp;
  44.212 -	extern char ia64_ret_from_clone;
  44.213  	extern char saved_command_line[];
  44.214  	//char *dom0_cmdline = "BOOT_IMAGE=scsi0:\EFI\redhat\xenlinux nomca root=/dev/sdb1 ro";
  44.215  
  44.216 @@ -305,11 +339,8 @@ void new_thread(struct vcpu *v,
  44.217  #ifdef CONFIG_DOMAIN0_CONTIGUOUS
  44.218  	if (d == dom0) start_pc += dom0_start;
  44.219  #endif
  44.220 -	regs = (struct xen_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1;
  44.221 -	sw = (struct switch_stack *) regs - 1;
  44.222 -	/* Sanity Clear */
  44.223 -	memset(sw, 0, sizeof(struct xen_regs) + sizeof(struct switch_stack));
  44.224  
  44.225 +	regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1;
  44.226  	if (VMX_DOMAIN(v)) {
  44.227  		/* dt/rt/it:1;i/ic:1, si:1, vm/bn:1, ac:1 */
  44.228  		regs->cr_ipsr = 0x501008826008; /* Need to be expanded as macro */
  44.229 @@ -320,33 +351,23 @@ void new_thread(struct vcpu *v,
  44.230  		regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; // domain runs at PL2
  44.231  	}
  44.232  	regs->cr_iip = start_pc;
  44.233 -	regs->ar_rsc = 0x0;
  44.234 -	regs->cr_ifs = 0x0;
  44.235 -	regs->ar_fpsr = sw->ar_fpsr = FPSR_DEFAULT;
  44.236 -	sw->ar_bspstore = (unsigned long)v + IA64_RBS_OFFSET;
  44.237 -	printf("new_thread: v=%p, regs=%p, sw=%p, new_rbs=%p, IA64_STK_OFFSET=%p, &r8=%p\n",
  44.238 -		v,regs,sw,sw->ar_bspstore,IA64_STK_OFFSET,&regs->r8);
  44.239 -	printf("iip:0x%lx,ipsr:0x%lx\n", regs->cr_iip, regs->cr_ipsr);
  44.240 -
  44.241 -	sw->b0 = (unsigned long) &ia64_ret_from_clone;
  44.242 -	v->arch._thread.ksp = (unsigned long) sw - 16;
  44.243 -	printk("new_thread, about to call init_all_rr\n");
  44.244 +	regs->cr_ifs = 0; /* why? - matthewc */
  44.245 +	regs->ar_fpsr = FPSR_DEFAULT;
  44.246  	if (VMX_DOMAIN(v)) {
  44.247  		vmx_init_all_rr(v);
  44.248  	} else
  44.249  		init_all_rr(v);
  44.250 -	// set up boot parameters (and fake firmware)
  44.251 -	printk("new_thread, about to call dom_fw_setup\n");
  44.252 -	VMX_VPD(v,vgr[12]) = dom_fw_setup(d,saved_command_line,256L);  //FIXME
  44.253 -	printk("new_thread, done with dom_fw_setup\n");
  44.254  
  44.255  	if (VMX_DOMAIN(v)) {
  44.256 +		VMX_VPD(v,vgr[12]) = dom_fw_setup(d,saved_command_line,256L);
  44.257  		/* Virtual processor context setup */
  44.258  		VMX_VPD(v, vpsr) = IA64_PSR_BN;
  44.259  		VPD_CR(v, dcr) = 0;
  44.260  	} else {
  44.261 -		// don't forget to set this!
  44.262 +		regs->r28 = dom_fw_setup(d,saved_command_line,256L);
  44.263  		v->vcpu_info->arch.banknum = 1;
  44.264 +		v->vcpu_info->arch.metaphysical_mode = 1;
  44.265 +		d->shared_info->arch.flags = (d == dom0) ? (SIF_INITDOMAIN|SIF_PRIVILEGED|SIF_BLK_BE_DOMAIN|SIF_NET_BE_DOMAIN|SIF_USB_BE_DOMAIN) : 0;
  44.266  	}
  44.267  }
  44.268  #else // CONFIG_VTI
  44.269 @@ -359,54 +380,27 @@ void new_thread(struct vcpu *v,
  44.270  	            unsigned long start_info)
  44.271  {
  44.272  	struct domain *d = v->domain;
  44.273 -	struct switch_stack *sw;
  44.274  	struct pt_regs *regs;
  44.275 -	unsigned long new_rbs;
  44.276  	struct ia64_boot_param *bp;
  44.277 -	extern char ia64_ret_from_clone;
  44.278  	extern char saved_command_line[];
  44.279  
  44.280  #ifdef CONFIG_DOMAIN0_CONTIGUOUS
  44.281  	if (d == dom0) start_pc += dom0_start;
  44.282  #endif
  44.283 +
  44.284  	regs = (struct pt_regs *) ((unsigned long) v + IA64_STK_OFFSET) - 1;
  44.285 -	sw = (struct switch_stack *) regs - 1;
  44.286 -	memset(sw,0,sizeof(struct switch_stack)+sizeof(struct pt_regs));
  44.287 -	new_rbs = (unsigned long) v + IA64_RBS_OFFSET;
  44.288  	regs->cr_ipsr = ia64_getreg(_IA64_REG_PSR)
  44.289  		| IA64_PSR_BITS_TO_SET | IA64_PSR_BN
  44.290  		& ~(IA64_PSR_BITS_TO_CLEAR | IA64_PSR_RI | IA64_PSR_IS);
  44.291  	regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; // domain runs at PL2
  44.292  	regs->cr_iip = start_pc;
  44.293 -	regs->ar_rsc = 0;		/* lazy mode */
  44.294 -	regs->ar_rnat = 0;
  44.295 -	regs->ar_fpsr = sw->ar_fpsr = FPSR_DEFAULT;
  44.296 -	regs->loadrs = 0;
  44.297 -	//regs->r8 = current->mm->dumpable; /* set "don't zap registers" flag */
  44.298 -	//regs->r8 = 0x01234567890abcdef; // FIXME: temp marker
  44.299 -	//regs->r12 = ((unsigned long) regs - 16);	/* 16 byte scratch */
  44.300  	regs->cr_ifs = 1UL << 63;
  44.301 -	regs->pr = 0;
  44.302 -	sw->pr = 0;
  44.303 -	regs->ar_pfs = 0;
  44.304 -	sw->caller_unat = 0;
  44.305 -	sw->ar_pfs = 0;
  44.306 -	sw->ar_bspstore = new_rbs;
  44.307 -	//regs->r13 = (unsigned long) v;
  44.308 -printf("new_thread: v=%p, start_pc=%p, regs=%p, sw=%p, new_rbs=%p, IA64_STK_OFFSET=%p, &r8=%p\n",
  44.309 -v,start_pc,regs,sw,new_rbs,IA64_STK_OFFSET,&regs->r8);
  44.310 -	sw->b0 = (unsigned long) &ia64_ret_from_clone;
  44.311 -	v->arch._thread.ksp = (unsigned long) sw - 16;
  44.312 -	//v->thread_info->flags = 0;
  44.313 -printk("new_thread, about to call init_all_rr\n");
  44.314 +	regs->ar_fpsr = FPSR_DEFAULT;
  44.315  	init_all_rr(v);
  44.316 -	// set up boot parameters (and fake firmware)
  44.317 -printk("new_thread, about to call dom_fw_setup\n");
  44.318  	regs->r28 = dom_fw_setup(d,saved_command_line,256L);  //FIXME
  44.319 -printk("new_thread, done with dom_fw_setup\n");
  44.320 -	// don't forget to set this!
  44.321  	v->vcpu_info->arch.banknum = 1;
  44.322 -	memset(v->arch._thread.fph,0,sizeof(struct ia64_fpreg)*96);
  44.323 +	v->vcpu_info->arch.metaphysical_mode = 1;
  44.324 +	d->shared_info->arch.flags = (d == dom0) ? (SIF_INITDOMAIN|SIF_PRIVILEGED|SIF_BLK_BE_DOMAIN|SIF_NET_BE_DOMAIN|SIF_USB_BE_DOMAIN) : 0;
  44.325  }
  44.326  #endif // CONFIG_VTI
  44.327  
  44.328 @@ -1037,21 +1031,6 @@ int construct_dom0(struct domain *d,
  44.329  	strcpy(d->name,"Domain0");
  44.330  #endif
  44.331  
  44.332 -	// prepare domain0 pagetable (maps METAphysical to physical)
  44.333 -	// following is roughly mm_init() in linux/kernel/fork.c
  44.334 -	d->arch.mm = xmalloc(struct mm_struct);
  44.335 -	if (unlikely(!d->arch.mm)) {
  44.336 -	    	printk("Can't allocate mm_struct for domain0\n");
  44.337 -	    	return -ENOMEM;
  44.338 -	}
  44.339 -	memset(d->arch.mm, 0, sizeof(*d->arch.mm));
  44.340 -	d->arch.mm->pgd = pgd_alloc(d->arch.mm);
  44.341 -	if (unlikely(!d->arch.mm->pgd)) {
  44.342 -	    	printk("Can't allocate pgd for domain0\n");
  44.343 -	    	return -ENOMEM;
  44.344 -	}
  44.345 -
  44.346 -
  44.347  	/* Mask all upcalls... */
  44.348  	for ( i = 0; i < MAX_VIRT_CPUS; i++ )
  44.349  	    d->shared_info->vcpu_data[i].evtchn_upcall_mask = 1;
  44.350 @@ -1146,19 +1125,6 @@ int construct_domU(struct domain *d,
  44.351  	printk("parsedomainelfimage returns %d\n",rc);
  44.352  	if ( rc != 0 ) return rc;
  44.353  
  44.354 -	d->arch.mm = xmalloc(struct mm_struct);
  44.355 -	if (unlikely(!d->arch.mm)) {
  44.356 -	    	printk("Can't allocate mm_struct for domain %d\n",d->domain_id);
  44.357 -	    	return -ENOMEM;
  44.358 -	}
  44.359 -	memset(d->arch.mm, 0, sizeof(*d->arch.mm));
  44.360 -	d->arch.mm->pgd = pgd_alloc(d->arch.mm);
  44.361 -	if (unlikely(!d->arch.mm->pgd)) {
  44.362 -	    	printk("Can't allocate pgd for domain %d\n",d->domain_id);
  44.363 -	    	return -ENOMEM;
  44.364 -	}
  44.365 -
  44.366 -
  44.367  	/* Mask all upcalls... */
  44.368  	for ( i = 0; i < MAX_VIRT_CPUS; i++ )
  44.369  		d->shared_info->vcpu_data[i].evtchn_upcall_mask = 1;
  44.370 @@ -1231,10 +1197,10 @@ void machine_halt(void)
  44.371  	while(1);
  44.372  }
  44.373  
  44.374 -void dummy(void)
  44.375 +void dummy_called(char *function)
  44.376  {
  44.377  	if (platform_is_hp_ski()) asm("break 0;;");
  44.378 -	printf("dummy called: spinning....\n");
  44.379 +	printf("dummy called in %s: spinning....\n", function);
  44.380  	while(1);
  44.381  }
  44.382  
    45.1 --- a/xen/arch/ia64/hypercall.c	Sat Jun 18 00:49:11 2005 +0000
    45.2 +++ b/xen/arch/ia64/hypercall.c	Tue Jun 21 07:02:30 2005 +0000
    45.3 @@ -19,8 +19,6 @@ extern unsigned long translate_domain_mp
    45.4  extern struct ia64_sal_retval pal_emulator_static(UINT64);
    45.5  extern struct ia64_sal_retval sal_emulator(UINT64,UINT64,UINT64,UINT64,UINT64,UINT64,UINT64,UINT64);
    45.6  
    45.7 -void fooefi(void) {}
    45.8 -
    45.9  int
   45.10  ia64_hypercall (struct pt_regs *regs)
   45.11  {
   45.12 @@ -122,6 +120,31 @@ ia64_hypercall (struct pt_regs *regs)
   45.13  	    case 0xfffb: // test dummy hypercall
   45.14  		regs->r8 = domU_staging_read_8(vcpu_get_gr(v,32));
   45.15  		break;
   45.16 +
   45.17 +	    case __HYPERVISOR_dom0_op:
   45.18 +		regs->r8 = do_dom0_op(regs->r14);
   45.19 +		break;
   45.20 +
   45.21 +	    case __HYPERVISOR_dom_mem_op:
   45.22 +#ifdef CONFIG_VTI
   45.23 +		regs->r8 = do_dom_mem_op(regs->r14, regs->r15, regs->r16, regs->r17, regs->r18); 
   45.24 +#else
   45.25 +		/* we don't handle reservations; just return success */
   45.26 +		regs->r8 = regs->r16;
   45.27 +#endif
   45.28 +		break;
   45.29 +
   45.30 +	    case __HYPERVISOR_event_channel_op:
   45.31 +		regs->r8 = do_event_channel_op(regs->r14);
   45.32 +		break;
   45.33 +
   45.34 +	    case __HYPERVISOR_console_io:
   45.35 +		regs->r8 = do_console_io(regs->r14, regs->r15, regs->r16);
   45.36 +		break;
   45.37 +
   45.38 +	    default:
   45.39 +		printf("unknown hypercall %x\n", regs->r2);
   45.40 +		regs->r8 = (unsigned long)-1;
   45.41  	}
   45.42  	return 1;
   45.43  }
    46.1 --- a/xen/arch/ia64/hyperprivop.S	Sat Jun 18 00:49:11 2005 +0000
    46.2 +++ b/xen/arch/ia64/hyperprivop.S	Tue Jun 21 07:02:30 2005 +0000
    46.3 @@ -41,40 +41,46 @@
    46.4  //	r19 == vpsr.ic (low 32 bits) | vpsr.i (high 32 bits)
    46.5  //	r31 == pr
    46.6  GLOBAL_ENTRY(fast_hyperprivop)
    46.7 -#if 1
    46.8  	// HYPERPRIVOP_SSM_I?
    46.9  	// assumes domain interrupts pending, so just do it
   46.10  	cmp.eq p7,p6=XEN_HYPER_SSM_I,r17
   46.11  (p7)	br.sptk.many hyper_ssm_i;;
   46.12 -#endif
   46.13 -#if 1
   46.14 -	// if domain interrupts pending, give up for now and do it the slow way
   46.15 +
   46.16 +	// FIXME. This algorithm gives up (goes to the slow path) if there
   46.17 +	// are ANY interrupts pending, even if they are currently
   46.18 +	// undeliverable.  This should be improved later...
   46.19  	adds r20=XSI_PEND_OFS-XSI_PSR_IC_OFS,r18 ;;
   46.20 -	ld8 r20=[r20] ;;
   46.21 -	cmp.ne p7,p0=r0,r20
   46.22 -(p7)	br.sptk.many dispatch_break_fault ;;
   46.23 +	ld4 r20=[r20] ;;
   46.24 +	cmp.eq p7,p0=r0,r20
   46.25 +(p7)	br.cond.sptk.many 1f
   46.26 +	mov r20=IA64_KR(CURRENT);;
   46.27 +	adds r21=IA64_VCPU_IRR0_OFFSET,r20;
   46.28 +	adds r22=IA64_VCPU_IRR0_OFFSET+8,r20;;
   46.29 +	ld8 r23=[r21],16; ld8 r24=[r22],16;;
   46.30 +	ld8 r21=[r21]; ld8 r22=[r22];;
   46.31 +	or r23=r23,r24; or r21=r21,r22;;
   46.32 +	or r20=r23,r21;;
   46.33 +1:	// when we get to here r20=~=interrupts pending
   46.34  
   46.35  	// HYPERPRIVOP_RFI?
   46.36  	cmp.eq p7,p6=XEN_HYPER_RFI,r17
   46.37  (p7)	br.sptk.many hyper_rfi;;
   46.38  
   46.39 +	cmp.ne p7,p0=r20,r0
   46.40 +(p7)	br.spnt.many dispatch_break_fault ;;
   46.41 +
   46.42  // hard to test, because only called from rbs_switch
   46.43  	// HYPERPRIVOP_COVER?
   46.44  	cmp.eq p7,p6=XEN_HYPER_COVER,r17
   46.45  (p7)	br.sptk.many hyper_cover;;
   46.46 -#endif
   46.47  
   46.48 -#if 1
   46.49  	// HYPERPRIVOP_SSM_DT?
   46.50  	cmp.eq p7,p6=XEN_HYPER_SSM_DT,r17
   46.51  (p7)	br.sptk.many hyper_ssm_dt;;
   46.52 -#endif
   46.53  
   46.54 -#if 1
   46.55  	// HYPERPRIVOP_RSM_DT?
   46.56  	cmp.eq p7,p6=XEN_HYPER_RSM_DT,r17
   46.57  (p7)	br.sptk.many hyper_rsm_dt;;
   46.58 -#endif
   46.59  
   46.60  	// if not one of the above, give up for now and do it the slow way
   46.61  	br.sptk.many dispatch_break_fault ;;
   46.62 @@ -336,12 +342,16 @@ GLOBAL_ENTRY(fast_break_reflect)
   46.63  
   46.64  // ensure that, if giving up, registers at entry to fast_hyperprivop unchanged
   46.65  ENTRY(hyper_rfi)
   46.66 -#ifdef FAST_HYPERPRIVOP_CNT
   46.67 -	movl r20=fast_hyperpriv_cnt+(8*XEN_HYPER_RFI);;
   46.68 -	ld8 r21=[r20];;
   46.69 -	adds r21=1,r21;;
   46.70 -	st8 [r20]=r21;;
   46.71 -#endif
   46.72 +	// if no interrupts pending, proceed
   46.73 +	cmp.eq p7,p0=r20,r0
   46.74 +(p7)	br.sptk.many 1f
   46.75 +	// interrupts pending, if rfi'ing to interrupts on, go slow way
   46.76 +	adds r20=XSI_IPSR_OFS-XSI_PSR_IC_OFS,r18 ;;
   46.77 +	ld8 r21=[r20];;		// r21 = vcr.ipsr
   46.78 +	extr.u r22=r21,IA64_PSR_I_BIT,1 ;;
   46.79 +	cmp.ne p7,p0=r22,r0 ;;
   46.80 +(p7)	br.spnt.many dispatch_break_fault ;;
   46.81 +1:
   46.82  	adds r20=XSI_IPSR_OFS-XSI_PSR_IC_OFS,r18 ;;
   46.83  	ld8 r21=[r20];;		// r21 = vcr.ipsr
   46.84  	extr.u r22=r21,IA64_PSR_BE_BIT,1 ;;
   46.85 @@ -375,7 +385,13 @@ ENTRY(hyper_rfi)
   46.86  (p7)	br.sptk.many dispatch_break_fault ;;
   46.87  
   46.88  	// OK now, let's do an rfi.
   46.89 -	// r18=&vpsr.i|vpsr.ic, r21==vpsr, r20==&vcr.iip, r22=vcr.iip
   46.90 +#ifdef FAST_HYPERPRIVOP_CNT
   46.91 +	movl r20=fast_hyperpriv_cnt+(8*XEN_HYPER_RFI);;
   46.92 +	ld8 r23=[r20];;
   46.93 +	adds r23=1,r23;;
   46.94 +	st8 [r20]=r23;;
   46.95 +#endif
   46.96 +	// r18=&vpsr.i|vpsr.ic, r21==vpsr, r22=vcr.iip
   46.97  	mov cr.iip=r22;;
   46.98  	adds r20=XSI_INCOMPL_REG_OFS-XSI_PSR_IC_OFS,r18 ;;
   46.99  	st4 [r20]=r0 ;;
    47.1 --- a/xen/arch/ia64/ivt.S	Sat Jun 18 00:49:11 2005 +0000
    47.2 +++ b/xen/arch/ia64/ivt.S	Tue Jun 21 07:02:30 2005 +0000
    47.3 @@ -348,12 +348,23 @@ ENTRY(alt_itlb_miss)
    47.4  //	;;
    47.5  //#endif
    47.6  #endif
    47.7 +#ifdef XEN
    47.8 +	mov r31=pr
    47.9 +	mov r16=cr.ifa		// get address that caused the TLB miss
   47.10 +	;;
   47.11 +late_alt_itlb_miss:
   47.12 +	movl r17=PAGE_KERNEL
   47.13 +	mov r21=cr.ipsr
   47.14 +	movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff)
   47.15 +	;;
   47.16 +#else
   47.17  	mov r16=cr.ifa		// get address that caused the TLB miss
   47.18  	movl r17=PAGE_KERNEL
   47.19  	mov r21=cr.ipsr
   47.20  	movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff)
   47.21  	mov r31=pr
   47.22  	;;
   47.23 +#endif
   47.24  #ifdef CONFIG_DISABLE_VHPT
   47.25  	shr.u r22=r16,61			// get the region number into r21
   47.26  	;;
   47.27 @@ -367,9 +378,15 @@ ENTRY(alt_itlb_miss)
   47.28  #endif
   47.29  	extr.u r23=r21,IA64_PSR_CPL0_BIT,2	// extract psr.cpl
   47.30  	and r19=r19,r16		// clear ed, reserved bits, and PTE control bits
   47.31 +#ifdef XEN
   47.32 +	shr.u r18=r16,55	// move address bit 59 to bit 4
   47.33 +	;;
   47.34 +	and r18=0x10,r18	// bit 4=address-bit(59)
   47.35 +#else
   47.36  	shr.u r18=r16,57	// move address bit 61 to bit 4
   47.37  	;;
   47.38  	andcm r18=0x10,r18	// bit 4=~address-bit(61)
   47.39 +#endif
   47.40  	cmp.ne p8,p0=r0,r23	// psr.cpl != 0?
   47.41  	or r19=r17,r19		// insert PTE control bits into r19
   47.42  	;;
   47.43 @@ -393,13 +410,18 @@ ENTRY(alt_dtlb_miss)
   47.44  //	;;
   47.45  //#endif
   47.46  #endif
   47.47 +#ifdef XEN
   47.48 +	mov r31=pr
   47.49  	mov r16=cr.ifa		// get address that caused the TLB miss
   47.50 +	;;
   47.51 +late_alt_dtlb_miss:
   47.52  	movl r17=PAGE_KERNEL
   47.53  	mov r20=cr.isr
   47.54  	movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff)
   47.55  	mov r21=cr.ipsr
   47.56 -	mov r31=pr
   47.57  	;;
   47.58 +#else
   47.59 +#endif
   47.60  #ifdef CONFIG_DISABLE_VHPT
   47.61  	shr.u r22=r16,61			// get the region number into r21
   47.62  	;;
   47.63 @@ -414,24 +436,33 @@ ENTRY(alt_dtlb_miss)
   47.64  	extr.u r23=r21,IA64_PSR_CPL0_BIT,2	// extract psr.cpl
   47.65  	and r22=IA64_ISR_CODE_MASK,r20		// get the isr.code field
   47.66  	tbit.nz p6,p7=r20,IA64_ISR_SP_BIT	// is speculation bit on?
   47.67 +#ifdef XEN
   47.68 +	shr.u r18=r16,55			// move address bit 59 to bit 4
   47.69 +	and r19=r19,r16				// clear ed, reserved bits, and PTE control bits
   47.70 +	tbit.nz p9,p0=r20,IA64_ISR_NA_BIT	// is non-access bit on?
   47.71 +	;;
   47.72 +	and r18=0x10,r18	// bit 4=address-bit(59)
   47.73 +#else
   47.74  	shr.u r18=r16,57			// move address bit 61 to bit 4
   47.75  	and r19=r19,r16				// clear ed, reserved bits, and PTE control bits
   47.76  	tbit.nz p9,p0=r20,IA64_ISR_NA_BIT	// is non-access bit on?
   47.77  	;;
   47.78  	andcm r18=0x10,r18	// bit 4=~address-bit(61)
   47.79 +#endif
   47.80  	cmp.ne p8,p0=r0,r23
   47.81  (p9)	cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22	// check isr.code field
   47.82  (p8)	br.cond.spnt page_fault
   47.83  #ifdef XEN
   47.84  	;;
   47.85 -	// FIXME: inadequate test, this is where we test for Xen address
   47.86 -	// note that 0xf000 (cached) and 0xd000 (uncached) addresses
   47.87 -	// should be OK.  (Though no I/O is done in Xen, EFI needs uncached
   47.88 -	// addresses and some domain EFI calls are passed through)
   47.89 -	tbit.nz p0,p8=r16,60
   47.90 -(p8)	br.cond.spnt page_fault
   47.91 -//(p8)	br.cond.spnt 0
   47.92 -	;;
   47.93 +	// Test for Xen address, if not handle via page_fault
   47.94 +	// note that 0xf000 (cached) and 0xe800 (uncached) addresses
   47.95 +	// should be OK.
   47.96 +	extr.u r22=r16,59,5;;
   47.97 +	cmp.eq p8,p0=0x1e,r22
   47.98 +(p8)	br.cond.spnt 1f;;
   47.99 +	cmp.ne p8,p0=0x1d,r22
  47.100 +(p8)	br.cond.sptk page_fault ;;
  47.101 +1:
  47.102  #endif
  47.103  
  47.104  	dep r21=-1,r21,IA64_PSR_ED_BIT,1
    48.1 --- a/xen/arch/ia64/patch/linux-2.6.11/io.h	Sat Jun 18 00:49:11 2005 +0000
    48.2 +++ b/xen/arch/ia64/patch/linux-2.6.11/io.h	Tue Jun 21 07:02:30 2005 +0000
    48.3 @@ -5,7 +5,7 @@
    48.4   #define SLOW_DOWN_IO	do { } while (0)
    48.5   
    48.6  +#ifdef XEN
    48.7 -+#define __IA64_UNCACHED_OFFSET	0xd000000000000000UL	/* region 6 */
    48.8 ++#define __IA64_UNCACHED_OFFSET	0xe800000000000000UL
    48.9  +#else
   48.10   #define __IA64_UNCACHED_OFFSET	0xc000000000000000UL	/* region 6 */
   48.11  +#endif
    49.1 --- a/xen/arch/ia64/patch/linux-2.6.11/ptrace.h	Sat Jun 18 00:49:11 2005 +0000
    49.2 +++ b/xen/arch/ia64/patch/linux-2.6.11/ptrace.h	Tue Jun 21 07:02:30 2005 +0000
    49.3 @@ -4,9 +4,9 @@
    49.4    * (because the memory stack pointer MUST ALWAYS be aligned this way)
    49.5    *
    49.6    */
    49.7 -+#ifdef CONFIG_VTI
    49.8 -+#include "vmx_ptrace.h"
    49.9 -+#else  //CONFIG_VTI
   49.10 ++#ifdef XEN
   49.11 ++#include <public/arch-ia64.h>
   49.12 ++#else
   49.13   struct pt_regs {
   49.14   	/* The following registers are saved by SAVE_MIN: */
   49.15   	unsigned long b6;		/* scratch */
   49.16 @@ -14,7 +14,7 @@
   49.17   	struct ia64_fpreg f10;		/* scratch */
   49.18   	struct ia64_fpreg f11;		/* scratch */
   49.19   };
   49.20 -+#endif // CONFIG_VTI
   49.21 ++#endif
   49.22   
   49.23   /*
   49.24    * This structure contains the addition registers that need to
    50.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    50.2 +++ b/xen/arch/ia64/patch/linux-2.6.11/uaccess.h	Tue Jun 21 07:02:30 2005 +0000
    50.3 @@ -0,0 +1,22 @@
    50.4 +--- ../../linux-2.6.11/include/asm-ia64/uaccess.h	2005-06-06 10:36:23.000000000 -0600
    50.5 ++++ include/asm-ia64/uaccess.h	2005-06-10 18:08:06.000000000 -0600
    50.6 +@@ -60,6 +60,11 @@
    50.7 +  * address TASK_SIZE is never valid.  We also need to make sure that the address doesn't
    50.8 +  * point inside the virtually mapped linear page table.
    50.9 +  */
   50.10 ++#ifdef XEN
   50.11 ++/* VT-i reserves bit 60 for the VMM; guest addresses have bit 60 = bit 59 */
   50.12 ++#define IS_VMM_ADDRESS(addr) ((((addr) >> 60) ^ ((addr) >> 59)) & 1)
   50.13 ++#define __access_ok(addr, size, segment) (!IS_VMM_ADDRESS((unsigned long)(addr)))
   50.14 ++#else
   50.15 + #define __access_ok(addr, size, segment)						\
   50.16 + ({											\
   50.17 + 	__chk_user_ptr(addr);								\
   50.18 +@@ -67,6 +72,7 @@
   50.19 + 	 && ((segment).seg == KERNEL_DS.seg						\
   50.20 + 	     || likely(REGION_OFFSET((unsigned long) (addr)) < RGN_MAP_LIMIT)));	\
   50.21 + })
   50.22 ++#endif
   50.23 + #define access_ok(type, addr, size)	__access_ok((addr), (size), get_fs())
   50.24 + 
   50.25 + static inline int
    51.1 --- a/xen/arch/ia64/privop.c	Sat Jun 18 00:49:11 2005 +0000
    51.2 +++ b/xen/arch/ia64/privop.c	Tue Jun 21 07:02:30 2005 +0000
    51.3 @@ -748,10 +748,22 @@ priv_emulate(VCPU *vcpu, REGS *regs, UIN
    51.4  #define HYPERPRIVOP_ITC_D		0x5
    51.5  #define HYPERPRIVOP_ITC_I		0x6
    51.6  #define HYPERPRIVOP_SSM_I		0x7
    51.7 -#define HYPERPRIVOP_MAX			0x7
    51.8 +#define HYPERPRIVOP_GET_IVR		0x8
    51.9 +#define HYPERPRIVOP_GET_TPR		0x9
   51.10 +#define HYPERPRIVOP_SET_TPR		0xa
   51.11 +#define HYPERPRIVOP_EOI			0xb
   51.12 +#define HYPERPRIVOP_SET_ITM		0xc
   51.13 +#define HYPERPRIVOP_THASH		0xd
   51.14 +#define HYPERPRIVOP_PTC_GA		0xe
   51.15 +#define HYPERPRIVOP_ITR_D		0xf
   51.16 +#define HYPERPRIVOP_GET_RR		0x10
   51.17 +#define HYPERPRIVOP_SET_RR		0x11
   51.18 +#define HYPERPRIVOP_MAX			0x11
   51.19  
   51.20  char *hyperpriv_str[HYPERPRIVOP_MAX+1] = {
   51.21  	0, "rfi", "rsm.dt", "ssm.dt", "cover", "itc.d", "itc.i", "ssm.i",
   51.22 +	"=ivr", "=tpr", "tpr=", "eoi", "itm=", "thash", "ptc.ga", "itr.d",
   51.23 +	"=rr", "rr=",
   51.24  	0
   51.25  };
   51.26  
   51.27 @@ -766,6 +778,7 @@ ia64_hyperprivop(unsigned long iim, REGS
   51.28  	struct vcpu *v = (struct domain *) current;
   51.29  	INST64 inst;
   51.30  	UINT64 val;
   51.31 +	UINT64 itir, ifa;
   51.32  
   51.33  // FIXME: Handle faults appropriately for these
   51.34  	if (!iim || iim > HYPERPRIVOP_MAX) {
   51.35 @@ -797,6 +810,44 @@ ia64_hyperprivop(unsigned long iim, REGS
   51.36  	    case HYPERPRIVOP_SSM_I:
   51.37  		(void)vcpu_set_psr_i(v);
   51.38  		return 1;
   51.39 +	    case HYPERPRIVOP_GET_IVR:
   51.40 +		(void)vcpu_get_ivr(v,&val);
   51.41 +		regs->r8 = val;
   51.42 +		return 1;
   51.43 +	    case HYPERPRIVOP_GET_TPR:
   51.44 +		(void)vcpu_get_tpr(v,&val);
   51.45 +		regs->r8 = val;
   51.46 +		return 1;
   51.47 +	    case HYPERPRIVOP_SET_TPR:
   51.48 +		(void)vcpu_set_tpr(v,regs->r8);
   51.49 +		return 1;
   51.50 +	    case HYPERPRIVOP_EOI:
   51.51 +		(void)vcpu_set_eoi(v,0L);
   51.52 +		return 1;
   51.53 +	    case HYPERPRIVOP_SET_ITM:
   51.54 +		(void)vcpu_set_itm(v,regs->r8);
   51.55 +		return 1;
   51.56 +	    case HYPERPRIVOP_THASH:
   51.57 +		(void)vcpu_thash(v,regs->r8,&val);
   51.58 +		regs->r8 = val;
   51.59 +		return 1;
   51.60 +	    case HYPERPRIVOP_PTC_GA:
   51.61 +		// FIXME: this doesn't seem to work yet, turned off
   51.62 +		//(void)vcpu_ptc_ga(v,regs->r8,regs->r9);
   51.63 +		//return 1;
   51.64 +		break;
   51.65 +	    case HYPERPRIVOP_ITR_D:
   51.66 +		(void)vcpu_get_itir(v,&itir);
   51.67 +		(void)vcpu_get_ifa(v,&ifa);
   51.68 +		(void)vcpu_itr_d(v,regs->r8,regs->r9,itir,ifa);
   51.69 +		return 1;
   51.70 +	    case HYPERPRIVOP_GET_RR:
   51.71 +		(void)vcpu_get_rr(v,regs->r8,&val);
   51.72 +		regs->r8 = val;
   51.73 +		return 1;
   51.74 +	    case HYPERPRIVOP_SET_RR:
   51.75 +		(void)vcpu_set_rr(v,regs->r8,regs->r9);
   51.76 +		return 1;
   51.77  	}
   51.78  	return 0;
   51.79  }
    52.1 --- a/xen/arch/ia64/process.c	Sat Jun 18 00:49:11 2005 +0000
    52.2 +++ b/xen/arch/ia64/process.c	Tue Jun 21 07:02:30 2005 +0000
    52.3 @@ -313,45 +313,31 @@ void xen_handle_domain_access(unsigned l
    52.4  	}
    52.5  if (address < 0x4000) printf("WARNING: page_fault @%p, iip=%p\n",address,iip);
    52.6  		
    52.7 +	if (trp = match_tr(current,address)) {
    52.8 +		// FIXME address had better be pre-validated on insert
    52.9 +		pteval = translate_domain_pte(trp->page_flags,address,trp->itir);
   52.10 +		vcpu_itc_no_srlz(current,6,address,pteval,-1UL,(trp->itir>>2)&0x3f);
   52.11 +		return;
   52.12 +	}
   52.13  	// if we are fortunate enough to have it in the 1-entry TLB...
   52.14  	if (pteval = match_dtlb(ed,address,&ps,NULL)) {
   52.15  		vcpu_itc_no_srlz(ed,6,address,pteval,-1UL,ps);
   52.16  		return;
   52.17  	}
   52.18 -	// look in the TRs
   52.19 -	fault = vcpu_tpa(ed,address,&mpaddr);
   52.20 -	if (fault != IA64_NO_FAULT) {
   52.21 -		static int uacnt = 0;
   52.22 -		// can't translate it, just fail (poor man's exception)
   52.23 -		// which results in retrying execution
   52.24 -//printk("*** xen_handle_domain_access: poor man's exception cnt=%i iip=%p, addr=%p...\n",uacnt++,iip,address);
   52.25 -		if (ia64_done_with_exception(regs)) {
   52.26 +	if (ia64_done_with_exception(regs)) {
   52.27  //if (!(uacnt++ & 0x3ff)) printk("*** xen_handle_domain_access: successfully handled cnt=%d iip=%p, addr=%p...\n",uacnt,iip,address);
   52.28  			return;
   52.29 -		}
   52.30 -		else {
   52.31 -			// should never happen.  If it does, region 0 addr may
   52.32 -			// indicate a bad xen pointer
   52.33 -			printk("*** xen_handle_domain_access: exception table"
   52.34 -                               " lookup failed, iip=%p, addr=%p, spinning...\n",
   52.35 -				iip,address);
   52.36 -			panic_domain(regs,"*** xen_handle_domain_access: exception table"
   52.37 -                               " lookup failed, iip=%p, addr=%p, spinning...\n",
   52.38 -				iip,address);
   52.39 -		}
   52.40  	}
   52.41 -	if (d == dom0) {
   52.42 -		if (mpaddr < dom0_start || mpaddr >= dom0_start + dom0_size) {
   52.43 -			printk("xen_handle_domain_access: vcpu_tpa returned out-of-bounds dom0 mpaddr %p! continuing...\n",mpaddr);
   52.44 -			tdpfoo();
   52.45 -		}
   52.46 +	else {
   52.47 +		// should never happen.  If it does, region 0 addr may
   52.48 +		// indicate a bad xen pointer
   52.49 +		printk("*** xen_handle_domain_access: exception table"
   52.50 +                       " lookup failed, iip=%p, addr=%p, spinning...\n",
   52.51 +			iip,address);
   52.52 +		panic_domain(regs,"*** xen_handle_domain_access: exception table"
   52.53 +                       " lookup failed, iip=%p, addr=%p, spinning...\n",
   52.54 +			iip,address);
   52.55  	}
   52.56 -//printk("*** xen_handle_domain_access: tpa resolved miss @%p...\n",address);
   52.57 -	pteval = lookup_domain_mpa(d,mpaddr);
   52.58 -	// would be nice to have a counter here
   52.59 -	//printf("Handling privop data TLB miss\n");
   52.60 -	// FIXME, must be inlined or potential for nested fault here!
   52.61 -	vcpu_itc_no_srlz(ed,2,address,pteval,-1UL,PAGE_SHIFT);
   52.62  }
   52.63  
   52.64  void ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs, unsigned long itir)
   52.65 @@ -441,7 +427,7 @@ panic_domain(0,"ia64_do_page_fault: @%p?
   52.66  				if (pteval & _PAGE_P)
   52.67  				{
   52.68  					pteval = translate_domain_pte(pteval,address,itir);
   52.69 -					vcpu_itc_no_srlz(current,is_data?2:1,address,pteval,-1UL,(itir>>2)&0x3f);
   52.70 +					vcpu_itc_no_srlz(current,is_data?6:1,address,pteval,-1UL,(itir>>2)&0x3f);
   52.71  					return;
   52.72  				}
   52.73  				else vector = is_data ? IA64_DATA_TLB_VECTOR : IA64_INST_TLB_VECTOR;
   52.74 @@ -768,7 +754,7 @@ if (!running_on_sim) { printf("SSC_OPEN,
   52.75  		vcpu_set_gr(current,8,-1L);
   52.76  		break;
   52.77  	    default:
   52.78 -		printf("ia64_handle_break: bad ssc code %lx, iip=%p\n",ssc,regs->cr_iip);
   52.79 +		printf("ia64_handle_break: bad ssc code %lx, iip=%p, b0=%p\n",ssc,regs->cr_iip,regs->b0);
   52.80  		break;
   52.81  	}
   52.82  	vcpu_increment_iip(current);
    53.1 --- a/xen/arch/ia64/regionreg.c	Sat Jun 18 00:49:11 2005 +0000
    53.2 +++ b/xen/arch/ia64/regionreg.c	Tue Jun 21 07:02:30 2005 +0000
    53.3 @@ -274,6 +274,7 @@ int set_one_rr(unsigned long rr, unsigne
    53.4  		return 0;
    53.5  	}
    53.6  
    53.7 +#ifdef CONFIG_VTI
    53.8  	memrrv.rrval = rrv.rrval;
    53.9  	if (rreg == 7) {
   53.10  		newrrv.rid = newrid;
   53.11 @@ -290,6 +291,15 @@ int set_one_rr(unsigned long rr, unsigne
   53.12  		if (rreg == 0) v->arch.metaphysical_saved_rr0 = newrrv.rrval;
   53.13  		set_rr(rr,newrrv.rrval);
   53.14  	}
   53.15 +#else
   53.16 +	memrrv.rrval = rrv.rrval;
   53.17 +	newrrv.rid = newrid;
   53.18 +	newrrv.ve = 1;  // VHPT now enabled for region 7!!
   53.19 +	newrrv.ps = PAGE_SHIFT;
   53.20 +	if (rreg == 0) v->arch.metaphysical_saved_rr0 = newrrv.rrval;
   53.21 +	if (rreg == 7) ia64_new_rr7(vmMangleRID(newrrv.rrval),v->vcpu_info);
   53.22 +	else set_rr(rr,newrrv.rrval);
   53.23 +#endif
   53.24  	return 1;
   53.25  }
   53.26  
    54.1 --- a/xen/arch/ia64/tools/mkbuildtree	Sat Jun 18 00:49:11 2005 +0000
    54.2 +++ b/xen/arch/ia64/tools/mkbuildtree	Tue Jun 21 07:02:30 2005 +0000
    54.3 @@ -259,7 +259,7 @@ softlink include/asm-ia64/string.h inclu
    54.4  softlink include/asm-ia64/thread_info.h include/asm-ia64/thread_info.h
    54.5  softlink include/asm-ia64/timex.h include/asm-ia64/timex.h
    54.6  softlink include/asm-ia64/topology.h include/asm-ia64/topology.h
    54.7 -softlink include/asm-ia64/uaccess.h include/asm-ia64/uaccess.h
    54.8 +cp_patch include/asm-ia64/uaccess.h include/asm-ia64/uaccess.h uaccess.h
    54.9  softlink include/asm-ia64/unaligned.h include/asm-ia64/unaligned.h
   54.10  softlink include/asm-ia64/unistd.h include/asm-ia64/unistd.h
   54.11  softlink include/asm-ia64/unwind.h include/asm-ia64/unwind.h
    55.1 --- a/xen/arch/ia64/vcpu.c	Sat Jun 18 00:49:11 2005 +0000
    55.2 +++ b/xen/arch/ia64/vcpu.c	Tue Jun 21 07:02:30 2005 +0000
    55.3 @@ -43,8 +43,9 @@ typedef	union {
    55.4  
    55.5  #ifdef PRIVOP_ADDR_COUNT
    55.6  struct privop_addr_count privop_addr_counter[PRIVOP_COUNT_NINSTS] = {
    55.7 -	{ "rsm", { 0 }, { 0 }, 0 },
    55.8 -	{ "ssm", { 0 }, { 0 }, 0 }
    55.9 +	{ "=ifa", { 0 }, { 0 }, 0 },
   55.10 +	{ "thash", { 0 }, { 0 }, 0 },
   55.11 +	0
   55.12  };
   55.13  extern void privop_count_addr(unsigned long addr, int inst);
   55.14  #define	PRIVOP_COUNT_ADDR(regs,inst) privop_count_addr(regs->cr_iip,inst)
   55.15 @@ -135,7 +136,7 @@ IA64FAULT vcpu_reset_psr_sm(VCPU *vcpu, 
   55.16  	struct ia64_psr psr, imm, *ipsr;
   55.17  	REGS *regs = vcpu_regs(vcpu);
   55.18  
   55.19 -	PRIVOP_COUNT_ADDR(regs,_RSM);
   55.20 +	//PRIVOP_COUNT_ADDR(regs,_RSM);
   55.21  	// TODO: All of these bits need to be virtualized
   55.22  	// TODO: Only allowed for current vcpu
   55.23  	__asm__ __volatile ("mov %0=psr;;" : "=r"(psr) :: "memory");
   55.24 @@ -183,7 +184,7 @@ IA64FAULT vcpu_set_psr_sm(VCPU *vcpu, UI
   55.25  	REGS *regs = vcpu_regs(vcpu);
   55.26  	UINT64 mask, enabling_interrupts = 0;
   55.27  
   55.28 -	PRIVOP_COUNT_ADDR(regs,_SSM);
   55.29 +	//PRIVOP_COUNT_ADDR(regs,_SSM);
   55.30  	// TODO: All of these bits need to be virtualized
   55.31  	__asm__ __volatile ("mov %0=psr;;" : "=r"(psr) :: "memory");
   55.32  	imm = *(struct ia64_psr *)&imm24;
   55.33 @@ -369,6 +370,8 @@ IA64FAULT vcpu_get_iip(VCPU *vcpu, UINT6
   55.34  IA64FAULT vcpu_get_ifa(VCPU *vcpu, UINT64 *pval)
   55.35  {
   55.36  	UINT64 val = PSCB(vcpu,ifa);
   55.37 +	REGS *regs = vcpu_regs(vcpu);
   55.38 +	PRIVOP_COUNT_ADDR(regs,_GET_IFA);
   55.39  	*pval = val;
   55.40  	return (IA64_NO_FAULT);
   55.41  }
   55.42 @@ -422,6 +425,8 @@ IA64FAULT vcpu_get_iha(VCPU *vcpu, UINT6
   55.43  {
   55.44  	//return vcpu_thash(vcpu,PSCB(vcpu,ifa),pval);
   55.45  	UINT64 val = PSCB(vcpu,iha);
   55.46 +	REGS *regs = vcpu_regs(vcpu);
   55.47 +	PRIVOP_COUNT_ADDR(regs,_THASH);
   55.48  	*pval = val;
   55.49  	return (IA64_NO_FAULT);
   55.50  }
   55.51 @@ -539,7 +544,7 @@ void vcpu_pend_interrupt(VCPU *vcpu, UIN
   55.52      } else
   55.53  #endif // CONFIG_VTI
   55.54      {
   55.55 -	if (!test_bit(vector,PSCB(vcpu,delivery_mask))) return;
   55.56 +	/* if (!test_bit(vector,PSCB(vcpu,delivery_mask))) return; */
   55.57  	if (test_bit(vector,PSCBX(vcpu,irr))) {
   55.58  //printf("vcpu_pend_interrupt: overrun\n");
   55.59  	}
   55.60 @@ -569,10 +574,10 @@ UINT64 vcpu_check_pending_interrupts(VCP
   55.61  	UINT64 *p, *q, *r, bits, bitnum, mask, i, vector;
   55.62  
   55.63  	p = &PSCBX(vcpu,irr[3]);
   55.64 -	q = &PSCB(vcpu,delivery_mask[3]);
   55.65 +	/* q = &PSCB(vcpu,delivery_mask[3]); */
   55.66  	r = &PSCBX(vcpu,insvc[3]);
   55.67  	for (i = 3; ; p--, q--, r--, i--) {
   55.68 -		bits = *p & *q;
   55.69 +		bits = *p /* & *q */;
   55.70  		if (bits) break; // got a potential interrupt
   55.71  		if (*r) {
   55.72  			// nothing in this word which is pending+inservice
   55.73 @@ -1589,7 +1594,8 @@ void vcpu_itc_no_srlz(VCPU *vcpu, UINT64
   55.74  		// addresses never get flushed.  More work needed if this
   55.75  		// ever happens.
   55.76  //printf("vhpt_insert(%p,%p,%p)\n",vaddr,pte,1L<<logps);
   55.77 -		vhpt_insert(vaddr,pte,logps<<2);
   55.78 +		if (logps > PAGE_SHIFT) vhpt_multiple_insert(vaddr,pte,logps);
   55.79 +		else vhpt_insert(vaddr,pte,logps<<2);
   55.80  	}
   55.81  	// even if domain pagesize is larger than PAGE_SIZE, just put
   55.82  	// PAGE_SIZE mapping in the vhpt for now, else purging is complicated
    56.1 --- a/xen/arch/ia64/vhpt.c	Sat Jun 18 00:49:11 2005 +0000
    56.2 +++ b/xen/arch/ia64/vhpt.c	Tue Jun 21 07:02:30 2005 +0000
    56.3 @@ -87,6 +87,37 @@ void vhpt_map(void)
    56.4  	ia64_srlz_i();
    56.5  }
    56.6  
    56.7 +void vhpt_multiple_insert(unsigned long vaddr, unsigned long pte, unsigned long logps)
    56.8 +{
    56.9 +	unsigned long mask = (1L << logps) - 1;
   56.10 +	int i;
   56.11 +
   56.12 +	if (logps-PAGE_SHIFT > 10) {
   56.13 +		// if this happens, we may want to revisit this algorithm
   56.14 +		printf("vhpt_multiple_insert:logps-PAGE_SHIFT>10,spinning..\n");
   56.15 +		while(1);
   56.16 +	}
   56.17 +	if (logps-PAGE_SHIFT > 2) {
   56.18 +		// FIXME: Should add counter here to see how often this
   56.19 +		//  happens (e.g. for 16MB pages!) and determine if it
   56.20 +		//  is a performance problem.  On a quick look, it takes
   56.21 +		//  about 39000 instrs for a 16MB page and it seems to occur
   56.22 +		//  only a few times/second, so OK for now.
   56.23 +		//  An alternate solution would be to just insert the one
   56.24 +		//  16KB in the vhpt (but with the full mapping)?
   56.25 +		//printf("vhpt_multiple_insert: logps-PAGE_SHIFT==%d,"
   56.26 +			//"va=%p, pa=%p, pa-masked=%p\n",
   56.27 +			//logps-PAGE_SHIFT,vaddr,pte&_PFN_MASK,
   56.28 +			//(pte&_PFN_MASK)&~mask);
   56.29 +	}
   56.30 +	vaddr &= ~mask;
   56.31 +	pte = ((pte & _PFN_MASK) & ~mask) | (pte & ~_PFN_MASK);
   56.32 +	for (i = 1L << (logps-PAGE_SHIFT); i > 0; i--) {
   56.33 +		vhpt_insert(vaddr,pte,logps<<2);
   56.34 +		vaddr += PAGE_SIZE;
   56.35 +	}
   56.36 +}
   56.37 +
   56.38  void vhpt_init(void)
   56.39  {
   56.40  	unsigned long vhpt_total_size, vhpt_alignment, vhpt_imva;
    57.1 --- a/xen/arch/ia64/vmmu.c	Sat Jun 18 00:49:11 2005 +0000
    57.2 +++ b/xen/arch/ia64/vmmu.c	Tue Jun 21 07:02:30 2005 +0000
    57.3 @@ -454,12 +454,13 @@ IA64FAULT vmx_vcpu_itc_i(VCPU *vcpu, UIN
    57.4      data.page_flags=pte & ~PAGE_FLAGS_RV_MASK;
    57.5      data.itir=itir;
    57.6      data.vadr=PAGEALIGN(ifa,data.ps);
    57.7 -    data.section=THASH_TLB_TC;
    57.8 +    data.tc = 1;
    57.9      data.cl=ISIDE_TLB;
   57.10      vmx_vcpu_get_rr(vcpu, ifa, &vrr);
   57.11      data.rid = vrr.rid;
   57.12      
   57.13 -    sections.v = THASH_SECTION_TR;
   57.14 +    sections.tr = 1;
   57.15 +    sections.tc = 0;
   57.16  
   57.17      ovl = thash_find_overlap(hcb, &data, sections);
   57.18      while (ovl) {
   57.19 @@ -467,9 +468,7 @@ IA64FAULT vmx_vcpu_itc_i(VCPU *vcpu, UIN
   57.20          panic("Tlb conflict!!");
   57.21          return;
   57.22      }
   57.23 -    sections.v = THASH_SECTION_TC;
   57.24 -    thash_purge_entries(hcb, &data, sections);
   57.25 -    thash_insert(hcb, &data, ifa);
   57.26 +    thash_purge_and_insert(hcb, &data);
   57.27      return IA64_NO_FAULT;
   57.28  }
   57.29  
   57.30 @@ -488,11 +487,12 @@ IA64FAULT vmx_vcpu_itc_d(VCPU *vcpu, UIN
   57.31      data.page_flags=pte & ~PAGE_FLAGS_RV_MASK;
   57.32      data.itir=itir;
   57.33      data.vadr=PAGEALIGN(ifa,data.ps);
   57.34 -    data.section=THASH_TLB_TC;
   57.35 +    data.tc = 1;
   57.36      data.cl=DSIDE_TLB;
   57.37      vmx_vcpu_get_rr(vcpu, ifa, &vrr);
   57.38      data.rid = vrr.rid;
   57.39 -    sections.v = THASH_SECTION_TR;
   57.40 +    sections.tr = 1;
   57.41 +    sections.tc = 0;
   57.42  
   57.43      ovl = thash_find_overlap(hcb, &data, sections);
   57.44      if (ovl) {
   57.45 @@ -500,42 +500,27 @@ IA64FAULT vmx_vcpu_itc_d(VCPU *vcpu, UIN
   57.46          panic("Tlb conflict!!");
   57.47          return;
   57.48      }
   57.49 -    sections.v = THASH_SECTION_TC;
   57.50 -    thash_purge_entries(hcb, &data, sections);
   57.51 -    thash_insert(hcb, &data, ifa);
   57.52 +    thash_purge_and_insert(hcb, &data);
   57.53      return IA64_NO_FAULT;
   57.54  }
   57.55  
   57.56 -IA64FAULT insert_foreignmap(VCPU *vcpu, UINT64 pte, UINT64 ps, UINT64 va)
   57.57 +/*
   57.58 + * Return TRUE/FALSE for success of lock operation
   57.59 + */
   57.60 +int vmx_lock_guest_dtc (VCPU *vcpu, UINT64 va, int lock)
   57.61  {
   57.62  
   57.63 -    thash_data_t data, *ovl;
   57.64      thash_cb_t  *hcb;
   57.65 -    search_section_t sections;
   57.66 -    rr_t    vrr;
   57.67 +    rr_t  vrr;
   57.68 +    u64	  preferred_size;
   57.69  
   57.70 -    hcb = vmx_vcpu_get_vtlb(vcpu);
   57.71 -    data.page_flags=pte & ~PAGE_FLAGS_RV_MASK;
   57.72 -    data.itir=0;
   57.73 -    data.ps = ps;
   57.74 -    data.vadr=PAGEALIGN(va,ps);
   57.75 -    data.section=THASH_TLB_FM;
   57.76 -    data.cl=DSIDE_TLB;
   57.77      vmx_vcpu_get_rr(vcpu, va, &vrr);
   57.78 -    data.rid = vrr.rid;
   57.79 -    sections.v = THASH_SECTION_TR|THASH_SECTION_TC|THASH_SECTION_FM;
   57.80 -
   57.81 -    ovl = thash_find_overlap(hcb, &data, sections);
   57.82 -    if (ovl) {
   57.83 -          // generate MCA.
   57.84 -        panic("Foreignmap Tlb conflict!!");
   57.85 -        return;
   57.86 -    }
   57.87 -    thash_insert(hcb, &data, va);
   57.88 -    return IA64_NO_FAULT;
   57.89 +    hcb = vmx_vcpu_get_vtlb(vcpu);
   57.90 +    va = PAGEALIGN(va,vrr.ps);
   57.91 +    preferred_size = PSIZE(vrr.ps);
   57.92 +    return thash_lock_tc(hcb, va, preferred_size, vrr.rid, DSIDE_TLB, lock);
   57.93  }
   57.94  
   57.95 -
   57.96  IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, UINT64 pte, UINT64 itir, UINT64 ifa, UINT64 idx)
   57.97  {
   57.98  
   57.99 @@ -548,11 +533,12 @@ IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, UIN
  57.100      data.page_flags=pte & ~PAGE_FLAGS_RV_MASK;
  57.101      data.itir=itir;
  57.102      data.vadr=PAGEALIGN(ifa,data.ps);
  57.103 -    data.section=THASH_TLB_TR;
  57.104 +    data.tc = 0;
  57.105      data.cl=ISIDE_TLB;
  57.106      vmx_vcpu_get_rr(vcpu, ifa, &vrr);
  57.107      data.rid = vrr.rid;
  57.108 -    sections.v = THASH_SECTION_TR;
  57.109 +    sections.tr = 1;
  57.110 +    sections.tc = 0;
  57.111  
  57.112      ovl = thash_find_overlap(hcb, &data, sections);
  57.113      if (ovl) {
  57.114 @@ -560,7 +546,8 @@ IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, UIN
  57.115          panic("Tlb conflict!!");
  57.116          return;
  57.117      }
  57.118 -    sections.v=THASH_SECTION_TC;
  57.119 +    sections.tr = 0;
  57.120 +    sections.tc = 1;
  57.121      thash_purge_entries(hcb, &data, sections);
  57.122      thash_tr_insert(hcb, &data, ifa, idx);
  57.123      return IA64_NO_FAULT;
  57.124 @@ -579,11 +566,12 @@ IA64FAULT vmx_vcpu_itr_d(VCPU *vcpu, UIN
  57.125      data.page_flags=pte & ~PAGE_FLAGS_RV_MASK;
  57.126      data.itir=itir;
  57.127      data.vadr=PAGEALIGN(ifa,data.ps);
  57.128 -    data.section=THASH_TLB_TR;
  57.129 +    data.tc = 0;
  57.130      data.cl=DSIDE_TLB;
  57.131      vmx_vcpu_get_rr(vcpu, ifa, &vrr);
  57.132      data.rid = vrr.rid;
  57.133 -    sections.v = THASH_SECTION_TR;
  57.134 +    sections.tr = 1;
  57.135 +    sections.tc = 0;
  57.136  
  57.137      ovl = thash_find_overlap(hcb, &data, sections);
  57.138      while (ovl) {
  57.139 @@ -591,7 +579,8 @@ IA64FAULT vmx_vcpu_itr_d(VCPU *vcpu, UIN
  57.140          panic("Tlb conflict!!");
  57.141          return;
  57.142      }
  57.143 -    sections.v=THASH_SECTION_TC;
  57.144 +    sections.tr = 0;
  57.145 +    sections.tc = 1;
  57.146      thash_purge_entries(hcb, &data, sections);
  57.147      thash_tr_insert(hcb, &data, ifa, idx);
  57.148      return IA64_NO_FAULT;
  57.149 @@ -607,7 +596,8 @@ IA64FAULT vmx_vcpu_ptr_d(VCPU *vcpu,UINT
  57.150  
  57.151      hcb = vmx_vcpu_get_vtlb(vcpu);
  57.152      rr=vmx_vcpu_rr(vcpu,vadr);
  57.153 -    sections.v = THASH_SECTION_TR | THASH_SECTION_TC;
  57.154 +    sections.tr = 1;
  57.155 +    sections.tc = 1;
  57.156      thash_purge_entries_ex(hcb,rr.rid,vadr,ps,sections,DSIDE_TLB);
  57.157      return IA64_NO_FAULT;
  57.158  }
  57.159 @@ -619,7 +609,8 @@ IA64FAULT vmx_vcpu_ptr_i(VCPU *vcpu,UINT
  57.160      search_section_t sections;
  57.161      hcb = vmx_vcpu_get_vtlb(vcpu);
  57.162      rr=vmx_vcpu_rr(vcpu,vadr);
  57.163 -    sections.v = THASH_SECTION_TR | THASH_SECTION_TC;
  57.164 +    sections.tr = 1;
  57.165 +    sections.tc = 1;
  57.166      thash_purge_entries_ex(hcb,rr.rid,vadr,ps,sections,ISIDE_TLB);
  57.167      return IA64_NO_FAULT;
  57.168  }
  57.169 @@ -632,7 +623,8 @@ IA64FAULT vmx_vcpu_ptc_l(VCPU *vcpu, UIN
  57.170      thash_data_t data, *ovl;
  57.171      hcb = vmx_vcpu_get_vtlb(vcpu);
  57.172      vrr=vmx_vcpu_rr(vcpu,vadr);
  57.173 -    sections.v = THASH_SECTION_TC;
  57.174 +    sections.tr = 0;
  57.175 +    sections.tc = 1;
  57.176      vadr = PAGEALIGN(vadr, ps);
  57.177  
  57.178      thash_purge_entries_ex(hcb,vrr.rid,vadr,ps,sections,DSIDE_TLB);
    58.1 --- a/xen/arch/ia64/vmx_ivt.S	Sat Jun 18 00:49:11 2005 +0000
    58.2 +++ b/xen/arch/ia64/vmx_ivt.S	Tue Jun 21 07:02:30 2005 +0000
    58.3 @@ -180,7 +180,7 @@ ENTRY(vmx_dtlb_miss)
    58.4      mov r29=cr.ipsr;
    58.5      ;;
    58.6      tbit.z p6,p7=r29,IA64_PSR_VM_BIT;
    58.7 -(p6)br.sptk vmx_fault_1
    58.8 +(p6)br.sptk vmx_fault_2
    58.9      mov r16 = cr.ifa
   58.10      ;;
   58.11      thash r17 = r16
   58.12 @@ -249,9 +249,9 @@ ENTRY(vmx_alt_itlb_miss)
   58.13  	movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff)
   58.14  	;;
   58.15  	and r19=r19,r16		// clear ed, reserved bits, and PTE control bits
   58.16 -	shr.u r18=r16,57	// move address bit 61 to bit 4
   58.17 +	shr.u r18=r16,55	// move address bit 59 to bit 4
   58.18  	;;
   58.19 -	andcm r18=0x10,r18	// bit 4=~address-bit(61)
   58.20 +	and r18=0x10,r18	// bit 4=address-bit(61)
   58.21  	or r19=r17,r19		// insert PTE control bits into r19
   58.22  	;;
   58.23  	or r19=r19,r18		// set bit 4 (uncached) if the access was to region 6
   58.24 @@ -280,11 +280,11 @@ ENTRY(vmx_alt_dtlb_miss)
   58.25  	;;
   58.26  	and r22=IA64_ISR_CODE_MASK,r20		// get the isr.code field
   58.27  	tbit.nz p6,p7=r20,IA64_ISR_SP_BIT	// is speculation bit on?
   58.28 -	shr.u r18=r16,57			// move address bit 61 to bit 4
   58.29 +	shr.u r18=r16,55			// move address bit 59 to bit 4
   58.30  	and r19=r19,r16				// clear ed, reserved bits, and PTE control bits
   58.31  	tbit.nz p9,p0=r20,IA64_ISR_NA_BIT	// is non-access bit on?
   58.32  	;;
   58.33 -	andcm r18=0x10,r18	// bit 4=~address-bit(61)
   58.34 +	and r18=0x10,r18	// bit 4=address-bit(61)
   58.35  (p9) cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22	// check isr.code field
   58.36  	dep r24=-1,r24,IA64_PSR_ED_BIT,1
   58.37  	or r19=r19,r17		// insert PTE control bits into r19
   58.38 @@ -346,7 +346,12 @@ END(vmx_daccess_bit)
   58.39  ENTRY(vmx_break_fault)
   58.40  	mov r31=pr
   58.41      mov r19=11
   58.42 -    br.sptk.many vmx_dispatch_break_fault
   58.43 +    mov r30=cr.iim
   58.44 +    mov r29=0x1100
   58.45 +    ;;
   58.46 +    cmp4.eq  p6,p7=r29,r30
   58.47 +    (p6) br.dptk.few vmx_hypercall_dispatch
   58.48 +    (p7) br.sptk.many vmx_dispatch_break_fault
   58.49  END(vmx_break_fault)
   58.50  
   58.51  	.org vmx_ia64_ivt+0x3000
   58.52 @@ -929,9 +934,8 @@ END(vmx_dispatch_tlb_miss)
   58.53  
   58.54  
   58.55  ENTRY(vmx_dispatch_break_fault)
   58.56 -    cmp.ne pEml,pNonEml=r0,r0       /* force pNonEml =1, don't save r4 ~ r7 */
   58.57 +    VMX_SAVE_MIN_WITH_COVER_R19
   58.58      ;;
   58.59 -    VMX_SAVE_MIN_WITH_COVER_R19
   58.60      ;;
   58.61      alloc r14=ar.pfs,0,0,4,0 // now it's safe (must be first in insn group!)
   58.62      mov out0=cr.ifa
   58.63 @@ -951,9 +955,37 @@ ENTRY(vmx_dispatch_break_fault)
   58.64      ;;
   58.65      mov rp=r14
   58.66      br.call.sptk.many b6=vmx_ia64_handle_break
   58.67 +    ;;
   58.68  END(vmx_dispatch_break_fault)
   58.69  
   58.70  
   58.71 +ENTRY(vmx_hypercall_dispatch)
   58.72 +    VMX_SAVE_MIN_WITH_COVER
   58.73 +    ssm psr.ic
   58.74 +    ;;
   58.75 +    srlz.i                  // guarantee that interruption collection is on
   58.76 +    ;;
   58.77 +    ssm psr.i               // restore psr.i
   58.78 +    adds r3=16,r2                // set up second base pointer
   58.79 +    ;;
   58.80 +    VMX_SAVE_REST
   58.81 +    ;;
   58.82 +    movl r14=ia64_leave_hypervisor
   58.83 +    movl r2=hyper_call_table
   58.84 +    ;;
   58.85 +    mov rp=r14
   58.86 +    shladd r2=r15,3,r2
   58.87 +    ;;
   58.88 +    ld8 r2=[r2]
   58.89 +    ;;
   58.90 +    mov b6=r2
   58.91 +    ;;
   58.92 +    br.call.sptk.many b6=b6
   58.93 +    ;;
   58.94 +END(vmx_hypercall_dispatch)
   58.95 +
   58.96 +
   58.97 +
   58.98  ENTRY(vmx_dispatch_interrupt)
   58.99      cmp.ne pEml,pNonEml=r0,r0       /* force pNonEml =1, don't save r4 ~ r7 */
  58.100      ;;
  58.101 @@ -976,3 +1008,39 @@ ENTRY(vmx_dispatch_interrupt)
  58.102  	mov rp=r14
  58.103  	br.call.sptk.many b6=vmx_ia64_handle_irq
  58.104  END(vmx_dispatch_interrupt)
  58.105 +
  58.106 +
  58.107 +
  58.108 +    .rodata
  58.109 +    .align 8
  58.110 +    .globl hyper_call_table
  58.111 +hyper_call_table:
  58.112 +    data8 hyper_not_support     //hyper_set_trap_table     /*  0 */
  58.113 +    data8 hyper_mmu_update
  58.114 +    data8 hyper_not_support     //hyper_set_gdt
  58.115 +    data8 hyper_not_support     //hyper_stack_switch
  58.116 +    data8 hyper_not_support     //hyper_set_callbacks
  58.117 +    data8 hyper_not_support     //hyper_fpu_taskswitch     /*  5 */
  58.118 +    data8 hyper_sched_op
  58.119 +    data8 hyper_dom0_op
  58.120 +    data8 hyper_not_support     //hyper_set_debugreg
  58.121 +    data8 hyper_not_support     //hyper_get_debugreg
  58.122 +    data8 hyper_not_support     //hyper_update_descriptor  /* 10 */
  58.123 +    data8 hyper_not_support     //hyper_set_fast_trap
  58.124 +    data8 hyper_dom_mem_op
  58.125 +    data8 hyper_not_support     //hyper_multicall
  58.126 +    data8 hyper_not_support     //hyper_update_va_mapping
  58.127 +    data8 hyper_not_support     //hyper_set_timer_op       /* 15 */
  58.128 +    data8 hyper_event_channel_op
  58.129 +    data8 hyper_xen_version
  58.130 +    data8 hyper_not_support     //hyper_console_io
  58.131 +    data8 hyper_not_support     //hyper_physdev_op
  58.132 +    data8 hyper_not_support     //hyper_grant_table_op     /* 20 */
  58.133 +    data8 hyper_not_support     //hyper_vm_assist
  58.134 +    data8 hyper_not_support     //hyper_update_va_mapping_otherdomain
  58.135 +    data8 hyper_not_support     //hyper_switch_vm86
  58.136 +    data8 hyper_not_support     //hyper_boot_vcpu
  58.137 +    data8 hyper_not_support     //hyper_ni_hypercall       /* 25 */
  58.138 +    data8 hyper_not_support     //hyper_mmuext_op
  58.139 +    data8 hyper_lock_page
  58.140 +    data8 hyper_set_shared_page
    59.1 --- a/xen/arch/ia64/vmx_minstate.h	Sat Jun 18 00:49:11 2005 +0000
    59.2 +++ b/xen/arch/ia64/vmx_minstate.h	Tue Jun 21 07:02:30 2005 +0000
    59.3 @@ -282,11 +282,9 @@
    59.4      ;;                  \
    59.5  .mem.offset 0,0; st8.spill [r4]=r20,16;     \
    59.6  .mem.offset 8,0; st8.spill [r5]=r21,16;     \
    59.7 -    mov r18=b6;         \
    59.8      ;;                  \
    59.9  .mem.offset 0,0; st8.spill [r4]=r22,16;     \
   59.10  .mem.offset 8,0; st8.spill [r5]=r23,16;     \
   59.11 -    mov r19=b7;     \
   59.12      ;;                  \
   59.13  .mem.offset 0,0; st8.spill [r4]=r24,16;     \
   59.14  .mem.offset 8,0; st8.spill [r5]=r25,16;     \
   59.15 @@ -296,9 +294,11 @@
   59.16      ;;                  \
   59.17  .mem.offset 0,0; st8.spill [r4]=r28,16;     \
   59.18  .mem.offset 8,0; st8.spill [r5]=r29,16;     \
   59.19 +    mov r26=b6;         \
   59.20      ;;                  \
   59.21  .mem.offset 0,0; st8.spill [r4]=r30,16;     \
   59.22  .mem.offset 8,0; st8.spill [r5]=r31,16;     \
   59.23 +    mov r27=b7;     \
   59.24      ;;                  \
   59.25      mov r30=ar.unat;    \
   59.26      ;;      \
   59.27 @@ -317,8 +317,8 @@
   59.28      adds r2=PT(B6)-PT(F10),r2;      \
   59.29      adds r3=PT(B7)-PT(F11),r3;      \
   59.30      ;;          \
   59.31 -    st8 [r2]=r18,16;       /* b6 */    \
   59.32 -    st8 [r3]=r19,16;       /* b7 */    \
   59.33 +    st8 [r2]=r26,16;       /* b6 */    \
   59.34 +    st8 [r3]=r27,16;       /* b7 */    \
   59.35      ;;                  \
   59.36      st8 [r2]=r9;           /* ar.csd */    \
   59.37      st8 [r3]=r10;          /* ar.ssd */    \
    60.1 --- a/xen/arch/ia64/vmx_process.c	Sat Jun 18 00:49:11 2005 +0000
    60.2 +++ b/xen/arch/ia64/vmx_process.c	Tue Jun 21 07:02:30 2005 +0000
    60.3 @@ -116,7 +116,6 @@ vmx_ia64_handle_break (unsigned long ifa
    60.4  		    case FW_HYPERCALL_EFI_GET_TIME:
    60.5  			{
    60.6  			unsigned long *tv, *tc;
    60.7 -			fooefi();
    60.8  			vmx_vcpu_get_gr(v, 32, &tv);
    60.9  			vmx_vcpu_get_gr(v, 33, &tc);
   60.10  			printf("efi_get_time(%p,%p) called...",tv,tc);
    61.1 --- a/xen/arch/ia64/vtlb.c	Sat Jun 18 00:49:11 2005 +0000
    61.2 +++ b/xen/arch/ia64/vtlb.c	Tue Jun 21 07:02:30 2005 +0000
    61.3 @@ -252,7 +252,7 @@ static thash_data_t *_vtlb_next_overlap_
    61.4  
    61.5      /* Find overlap TLB entry */
    61.6      for (cch=priv->cur_cch; cch; cch = cch->next) {
    61.7 -        if ( ((1UL<<cch->section) & priv->s_sect.v) &&
    61.8 +        if ( ( cch->tc ? priv->s_sect.tc : priv->s_sect.tr )  &&
    61.9              __is_tlb_overlap(hcb, cch, priv->rid, priv->cl,
   61.10                  priv->_curva, priv->_eva) ) {
   61.11              return cch;
   61.12 @@ -322,7 +322,7 @@ int __tlb_to_vhpt(thash_cb_t *hcb,
   61.13  
   61.14  void thash_tr_insert(thash_cb_t *hcb, thash_data_t *entry, u64 va, int idx)
   61.15  {
   61.16 -    if ( hcb->ht != THASH_TLB || entry->section != THASH_TLB_TR ) {
   61.17 +    if ( hcb->ht != THASH_TLB || entry->tc ) {
   61.18          panic("wrong parameter\n");
   61.19      }
   61.20      entry->vadr = PAGEALIGN(entry->vadr,entry->ps);
   61.21 @@ -356,7 +356,7 @@ thash_data_t *__alloc_chain(thash_cb_t *
   61.22   *  3: The caller need to make sure the new entry will not overlap 
   61.23   *     with any existed entry.
   61.24   */
   61.25 -static void vtlb_insert(thash_cb_t *hcb, thash_data_t *entry, u64 va)
   61.26 +void vtlb_insert(thash_cb_t *hcb, thash_data_t *entry, u64 va)
   61.27  {
   61.28      thash_data_t    *hash_table, *cch;
   61.29      rr_t  vrr;
   61.30 @@ -411,7 +411,7 @@ void thash_insert(thash_cb_t *hcb, thash
   61.31      rr_t  vrr;
   61.32      
   61.33      vrr = (hcb->get_rr_fn)(hcb->vcpu,entry->vadr);
   61.34 -    if ( entry->ps != vrr.ps && entry->section==THASH_TLB_TC) {
   61.35 +    if ( entry->ps != vrr.ps && entry->tc ) {
   61.36          panic("Not support for multiple page size now\n");
   61.37      }
   61.38      entry->vadr = PAGEALIGN(entry->vadr,entry->ps);
   61.39 @@ -450,7 +450,7 @@ static void rem_vtlb(thash_cb_t *hcb, th
   61.40      thash_internal_t *priv = &hcb->priv;
   61.41      int idx;
   61.42      
   61.43 -    if ( entry->section == THASH_TLB_TR ) {
   61.44 +    if ( !entry->tc ) {
   61.45          return rem_tr(hcb, entry->cl, entry->tr_idx);
   61.46      }
   61.47      rem_thash(hcb, entry);
   61.48 @@ -525,19 +525,19 @@ thash_data_t *thash_find_overlap(thash_c
   61.49              thash_data_t *in, search_section_t s_sect)
   61.50  {
   61.51      return (hcb->find_overlap)(hcb, in->vadr, 
   61.52 -            in->ps, in->rid, in->cl, s_sect);
   61.53 +            PSIZE(in->ps), in->rid, in->cl, s_sect);
   61.54  }
   61.55  
   61.56  static thash_data_t *vtlb_find_overlap(thash_cb_t *hcb, 
   61.57 -        u64 va, u64 ps, int rid, char cl, search_section_t s_sect)
   61.58 +        u64 va, u64 size, int rid, char cl, search_section_t s_sect)
   61.59  {
   61.60      thash_data_t    *hash_table;
   61.61      thash_internal_t *priv = &hcb->priv;
   61.62      u64     tag;
   61.63      rr_t    vrr;
   61.64  
   61.65 -    priv->_curva = PAGEALIGN(va,ps);
   61.66 -    priv->_eva = priv->_curva + PSIZE(ps);
   61.67 +    priv->_curva = va & ~(size-1);
   61.68 +    priv->_eva = priv->_curva + size;
   61.69      priv->rid = rid;
   61.70      vrr = (hcb->get_rr_fn)(hcb->vcpu,va);
   61.71      priv->ps = vrr.ps;
   61.72 @@ -553,15 +553,15 @@ static thash_data_t *vtlb_find_overlap(t
   61.73  }
   61.74  
   61.75  static thash_data_t *vhpt_find_overlap(thash_cb_t *hcb, 
   61.76 -        u64 va, u64 ps, int rid, char cl, search_section_t s_sect)
   61.77 +        u64 va, u64 size, int rid, char cl, search_section_t s_sect)
   61.78  {
   61.79      thash_data_t    *hash_table;
   61.80      thash_internal_t *priv = &hcb->priv;
   61.81      u64     tag;
   61.82      rr_t    vrr;
   61.83  
   61.84 -    priv->_curva = PAGEALIGN(va,ps);
   61.85 -    priv->_eva = priv->_curva + PSIZE(ps);
   61.86 +    priv->_curva = va & ~(size-1);
   61.87 +    priv->_eva = priv->_curva + size;
   61.88      priv->rid = rid;
   61.89      vrr = (hcb->get_rr_fn)(hcb->vcpu,va);
   61.90      priv->ps = vrr.ps;
   61.91 @@ -691,13 +691,46 @@ void thash_purge_entries_ex(thash_cb_t *
   61.92  {
   61.93      thash_data_t    *ovl;
   61.94  
   61.95 -    ovl = (hcb->find_overlap)(hcb, va, ps, rid, cl, p_sect);
   61.96 +    ovl = (hcb->find_overlap)(hcb, va, PSIZE(ps), rid, cl, p_sect);
   61.97      while ( ovl != NULL ) {
   61.98          (hcb->rem_hash)(hcb, ovl);
   61.99          ovl = (hcb->next_overlap)(hcb);
  61.100      };
  61.101  }
  61.102  
  61.103 +/*
  61.104 + * Purge overlap TCs and then insert the new entry to emulate itc ops.
  61.105 + *    Notes: Only TC entry can purge and insert.
  61.106 + */
  61.107 +void thash_purge_and_insert(thash_cb_t *hcb, thash_data_t *in)
  61.108 +{
  61.109 +    thash_data_t    *ovl;
  61.110 +    search_section_t sections;
  61.111 +
  61.112 +#ifdef   XEN_DEBUGGER
  61.113 +    vrr = (hcb->get_rr_fn)(hcb->vcpu,in->vadr);
  61.114 +	if ( in->ps != vrr.ps || hcb->ht != THASH_TLB || !in->tc ) {
  61.115 +		panic ("Oops, wrong call for purge_and_insert\n");
  61.116 +		return;
  61.117 +	}
  61.118 +#endif
  61.119 +    in->vadr = PAGEALIGN(in->vadr,in->ps);
  61.120 +    in->ppn = PAGEALIGN(in->ppn, in->ps-12);
  61.121 +    sections.tr = 0;
  61.122 +    sections.tc = 1;
  61.123 +    ovl = (hcb->find_overlap)(hcb, in->vadr, PSIZE(in->ps),
  61.124 +    				 in->rid, in->cl, sections);
  61.125 +    if(ovl)
  61.126 +        (hcb->rem_hash)(hcb, ovl);
  61.127 +#ifdef   XEN_DEBUGGER
  61.128 +    ovl = (hcb->next_overlap)(hcb);
  61.129 +    if ( ovl ) {
  61.130 +		panic ("Oops, 2+ overlaps for purge_and_insert\n");
  61.131 +		return;
  61.132 +    }
  61.133 +#endif
  61.134 +    (hcb->ins_hash)(hcb, in, in->vadr);
  61.135 +}
  61.136  
  61.137  /*
  61.138   * Purge all TCs or VHPT entries including those in Hash table.
  61.139 @@ -766,6 +799,42 @@ thash_data_t *vtlb_lookup_ex(thash_cb_t 
  61.140      return NULL;
  61.141  }
  61.142  
  61.143 +/*
  61.144 + * Lock/Unlock TC if found.
  61.145 + *     NOTES: Only the page in prefered size can be handled.
  61.146 + *   return:
  61.147 + *          1: failure
  61.148 + *          0: success
  61.149 + */
  61.150 +int thash_lock_tc(thash_cb_t *hcb, u64 va, u64 size, int rid, char cl, int lock)
  61.151 +{
  61.152 +	thash_data_t	*ovl;
  61.153 +	search_section_t	sections;
  61.154 +
  61.155 +    sections.tr = 1;
  61.156 +    sections.tc = 1;
  61.157 +	ovl = (hcb->find_overlap)(hcb, va, size, rid, cl, sections);
  61.158 +	if ( ovl ) {
  61.159 +		if ( !ovl->tc ) {
  61.160 +//			panic("Oops, TR for lock\n");
  61.161 +			return 0;
  61.162 +		}
  61.163 +		else if ( lock ) {
  61.164 +			if ( ovl->locked ) {
  61.165 +				DPRINTK("Oops, already locked entry\n");
  61.166 +			}
  61.167 +			ovl->locked = 1;
  61.168 +		}
  61.169 +		else if ( !lock ) {
  61.170 +			if ( !ovl->locked ) {
  61.171 +				DPRINTK("Oops, already unlocked entry\n");
  61.172 +			}
  61.173 +			ovl->locked = 0;
  61.174 +		}
  61.175 +		return 0;
  61.176 +	}
  61.177 +	return 1;
  61.178 +}
  61.179  
  61.180  /*
  61.181   * Notifier when TLB is deleted from hash table and its collision chain.
  61.182 @@ -824,7 +893,6 @@ void thash_init(thash_cb_t *hcb, u64 sz)
  61.183      }
  61.184  }
  61.185  
  61.186 -
  61.187  #ifdef  VTLB_DEBUG
  61.188  static  u64 cch_length_statistics[MAX_CCH_LENGTH+1];
  61.189  u64  sanity_check=0;
    62.1 --- a/xen/arch/ia64/xenmem.c	Sat Jun 18 00:49:11 2005 +0000
    62.2 +++ b/xen/arch/ia64/xenmem.c	Tue Jun 21 07:02:30 2005 +0000
    62.3 @@ -52,7 +52,7 @@ paging_init (void)
    62.4  		panic("Not enough memory to bootstrap Xen.\n");
    62.5  
    62.6  	printk("machine to physical table: 0x%lx\n", (u64)mpt_table);
    62.7 -	memset(mpt_table, 0x55, mpt_table_size);
    62.8 +	memset(mpt_table, INVALID_M2P_ENTRY, mpt_table_size);
    62.9  
   62.10  	/* Any more setup here? On VMX enabled platform,
   62.11  	 * there's no need to keep guest linear pg table,
    63.1 --- a/xen/arch/ia64/xenmisc.c	Sat Jun 18 00:49:11 2005 +0000
    63.2 +++ b/xen/arch/ia64/xenmisc.c	Tue Jun 21 07:02:30 2005 +0000
    63.3 @@ -63,13 +63,7 @@ void sync_lazy_execstate_mask(cpumask_t 
    63.4  void sync_lazy_execstate_all(void) {}
    63.5  
    63.6  int grant_table_create(struct domain *d) { return 0; }
    63.7 -void grant_table_destroy(struct domain *d)
    63.8 -{
    63.9 -	printf("grant_table_destroy: domain_destruct not tested!!!\n");
   63.10 -	printf("grant_table_destroy: ensure atomic_* calls work in domain_destruct!!\n");
   63.11 -	dummy();
   63.12 -	return;
   63.13 -}
   63.14 +void grant_table_destroy(struct domain *d) { return; }
   63.15  
   63.16  struct pt_regs *guest_cpu_user_regs(void) { return ia64_task_regs(current); }
   63.17  
    64.1 --- a/xen/arch/x86/cpu/amd.c	Sat Jun 18 00:49:11 2005 +0000
    64.2 +++ b/xen/arch/x86/cpu/amd.c	Tue Jun 21 07:02:30 2005 +0000
    64.3 @@ -193,23 +193,30 @@ static void __init init_amd(struct cpuin
    64.4  	}
    64.5  
    64.6  	display_cacheinfo(c);
    64.7 -	detect_ht(c);
    64.8 -
    64.9 -#ifdef CONFIG_X86_HT
   64.10 -	/* AMD dual core looks like HT but isn't really. Hide it from the
   64.11 -	   scheduler. This works around problems with the domain scheduler.
   64.12 -	   Also probably gives slightly better scheduling and disables
   64.13 -	   SMT nice which is harmful on dual core.
   64.14 -	   TBD tune the domain scheduler for dual core. */
   64.15 -	if (cpu_has(c, X86_FEATURE_CMP_LEGACY))
   64.16 -		smp_num_siblings = 1;
   64.17 -#endif
   64.18  
   64.19  	if (cpuid_eax(0x80000000) >= 0x80000008) {
   64.20  		c->x86_num_cores = (cpuid_ecx(0x80000008) & 0xff) + 1;
   64.21  		if (c->x86_num_cores & (c->x86_num_cores - 1))
   64.22  			c->x86_num_cores = 1;
   64.23  	}
   64.24 +
   64.25 +#ifdef CONFIG_X86_HT
   64.26 +	/*
   64.27 +	 * On a AMD dual core setup the lower bits of the APIC id
   64.28 +	 * distingush the cores.  Assumes number of cores is a power
   64.29 +	 * of two.
   64.30 +	 */
   64.31 +	if (c->x86_num_cores > 1) {
   64.32 +		int cpu = smp_processor_id();
   64.33 +		unsigned bits = 0;
   64.34 +		while ((1 << bits) < c->x86_num_cores)
   64.35 +			bits++;
   64.36 +		cpu_core_id[cpu] = phys_proc_id[cpu] & ((1<<bits)-1);
   64.37 +		phys_proc_id[cpu] >>= bits;
   64.38 +		printk(KERN_INFO "CPU %d(%d) -> Core %d\n",
   64.39 +		       cpu, c->x86_num_cores, cpu_core_id[cpu]);
   64.40 +	}
   64.41 +#endif
   64.42  }
   64.43  
   64.44  static unsigned int amd_size_cache(struct cpuinfo_x86 * c, unsigned int size)
    65.1 --- a/xen/arch/x86/cpu/common.c	Sat Jun 18 00:49:11 2005 +0000
    65.2 +++ b/xen/arch/x86/cpu/common.c	Tue Jun 21 07:02:30 2005 +0000
    65.3 @@ -186,7 +186,7 @@ static inline int flag_is_changeable_p(u
    65.4  
    65.5  
    65.6  /* Probe for the CPUID instruction */
    65.7 -int __init have_cpuid_p(void)
    65.8 +static int __init have_cpuid_p(void)
    65.9  {
   65.10  	return flag_is_changeable_p(X86_EFLAGS_ID);
   65.11  }
   65.12 @@ -194,7 +194,7 @@ int __init have_cpuid_p(void)
   65.13  /* Do minimum CPU detection early.
   65.14     Fields really needed: vendor, cpuid_level, family, model, mask, cache alignment.
   65.15     The others are not touched to avoid unwanted side effects. */
   65.16 -void __init early_cpu_detect(void)
   65.17 +static void __init early_cpu_detect(void)
   65.18  {
   65.19  	struct cpuinfo_x86 *c = &boot_cpu_data;
   65.20  
   65.21 @@ -228,6 +228,10 @@ void __init early_cpu_detect(void)
   65.22  	}
   65.23  
   65.24  	early_intel_workaround(c);
   65.25 +
   65.26 +#ifdef CONFIG_X86_HT
   65.27 +	phys_proc_id[smp_processor_id()] = (cpuid_ebx(1) >> 24) & 0xff;
   65.28 +#endif
   65.29  }
   65.30  
   65.31  void __init generic_identify(struct cpuinfo_x86 * c)
   65.32 @@ -416,25 +420,15 @@ void __init identify_cpu(struct cpuinfo_
   65.33  	mcheck_init(c);
   65.34  #endif
   65.35  }
   65.36 -/*
   65.37 - *	Perform early boot up checks for a valid TSC. See arch/i386/kernel/time.c
   65.38 - */
   65.39 - 
   65.40 -void __init dodgy_tsc(void)
   65.41 -{
   65.42 -	if (( boot_cpu_data.x86_vendor == X86_VENDOR_CYRIX ) ||
   65.43 -	    ( boot_cpu_data.x86_vendor == X86_VENDOR_NSC   ))
   65.44 -		cpu_devs[X86_VENDOR_CYRIX]->c_init(&boot_cpu_data);
   65.45 -}
   65.46  
   65.47  #ifdef CONFIG_X86_HT
   65.48  void __init detect_ht(struct cpuinfo_x86 *c)
   65.49  {
   65.50  	u32 	eax, ebx, ecx, edx;
   65.51 -	int 	index_lsb, index_msb, tmp;
   65.52 +	int 	index_msb, tmp;
   65.53  	int 	cpu = smp_processor_id();
   65.54  
   65.55 -	if (!cpu_has(c, X86_FEATURE_HT))
   65.56 +	if (!cpu_has(c, X86_FEATURE_HT) || cpu_has(c, X86_FEATURE_CMP_LEGACY))
   65.57  		return;
   65.58  
   65.59  	cpuid(1, &eax, &ebx, &ecx, &edx);
   65.60 @@ -443,7 +437,6 @@ void __init detect_ht(struct cpuinfo_x86
   65.61  	if (smp_num_siblings == 1) {
   65.62  		printk(KERN_INFO  "CPU: Hyper-Threading is disabled\n");
   65.63  	} else if (smp_num_siblings > 1 ) {
   65.64 -		index_lsb = 0;
   65.65  		index_msb = 31;
   65.66  
   65.67  		if (smp_num_siblings > NR_CPUS) {
   65.68 @@ -452,21 +445,34 @@ void __init detect_ht(struct cpuinfo_x86
   65.69  			return;
   65.70  		}
   65.71  		tmp = smp_num_siblings;
   65.72 -		while ((tmp & 1) == 0) {
   65.73 -			tmp >>=1 ;
   65.74 -			index_lsb++;
   65.75 -		}
   65.76 -		tmp = smp_num_siblings;
   65.77  		while ((tmp & 0x80000000 ) == 0) {
   65.78  			tmp <<=1 ;
   65.79  			index_msb--;
   65.80  		}
   65.81 -		if (index_lsb != index_msb )
   65.82 +		if (smp_num_siblings & (smp_num_siblings - 1))
   65.83  			index_msb++;
   65.84  		phys_proc_id[cpu] = phys_pkg_id((ebx >> 24) & 0xFF, index_msb);
   65.85  
   65.86  		printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
   65.87  		       phys_proc_id[cpu]);
   65.88 +
   65.89 +		smp_num_siblings = smp_num_siblings / c->x86_num_cores;
   65.90 +
   65.91 +		tmp = smp_num_siblings;
   65.92 +		index_msb = 31;
   65.93 +		while ((tmp & 0x80000000) == 0) {
   65.94 +			tmp <<=1 ;
   65.95 +			index_msb--;
   65.96 +		}
   65.97 +
   65.98 +		if (smp_num_siblings & (smp_num_siblings - 1))
   65.99 +			index_msb++;
  65.100 +
  65.101 +		cpu_core_id[cpu] = phys_pkg_id((ebx >> 24) & 0xFF, index_msb);
  65.102 +
  65.103 +		if (c->x86_num_cores > 1)
  65.104 +			printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
  65.105 +			       cpu_core_id[cpu]);
  65.106  	}
  65.107  }
  65.108  #endif
  65.109 @@ -511,7 +517,6 @@ extern int amd_init_cpu(void);
  65.110  extern int centaur_init_cpu(void);
  65.111  extern int transmeta_init_cpu(void);
  65.112  extern int rise_init_cpu(void);
  65.113 -void early_cpu_detect(void);
  65.114  
  65.115  void __init early_cpu_init(void)
  65.116  {
    66.1 --- a/xen/arch/x86/cpu/cpu.h	Sat Jun 18 00:49:11 2005 +0000
    66.2 +++ b/xen/arch/x86/cpu/cpu.h	Tue Jun 21 07:02:30 2005 +0000
    66.3 @@ -25,7 +25,6 @@ extern int get_model_name(struct cpuinfo
    66.4  extern void display_cacheinfo(struct cpuinfo_x86 *c);
    66.5  
    66.6  extern void generic_identify(struct cpuinfo_x86 * c);
    66.7 -extern int have_cpuid_p(void);
    66.8  
    66.9  extern void early_intel_workaround(struct cpuinfo_x86 *c);
   66.10  
    67.1 --- a/xen/arch/x86/cpu/intel.c	Sat Jun 18 00:49:11 2005 +0000
    67.2 +++ b/xen/arch/x86/cpu/intel.c	Tue Jun 21 07:02:30 2005 +0000
    67.3 @@ -74,6 +74,27 @@ static void __init Intel_errata_workarou
    67.4  }
    67.5  
    67.6  
    67.7 +/*
    67.8 + * find out the number of processor cores on the die
    67.9 + */
   67.10 +static int __init num_cpu_cores(struct cpuinfo_x86 *c)
   67.11 +{
   67.12 +	unsigned int eax;
   67.13 +
   67.14 +	if (c->cpuid_level < 4)
   67.15 +		return 1;
   67.16 +
   67.17 +	__asm__("cpuid"
   67.18 +		: "=a" (eax)
   67.19 +		: "0" (4), "c" (0)
   67.20 +		: "bx", "dx");
   67.21 +
   67.22 +	if (eax & 0x1f)
   67.23 +		return ((eax >> 26) + 1);
   67.24 +	else
   67.25 +		return 1;
   67.26 +}
   67.27 +
   67.28  static void __init init_intel(struct cpuinfo_x86 *c)
   67.29  {
   67.30  	unsigned int l2 = 0;
   67.31 @@ -136,6 +157,8 @@ static void __init init_intel(struct cpu
   67.32  	if ( p )
   67.33  		strcpy(c->x86_model_id, p);
   67.34  	
   67.35 +	c->x86_num_cores = num_cpu_cores(c);
   67.36 +
   67.37  	detect_ht(c);
   67.38  
   67.39  	/* Work around errata */
    68.1 --- a/xen/arch/x86/dom0_ops.c	Sat Jun 18 00:49:11 2005 +0000
    68.2 +++ b/xen/arch/x86/dom0_ops.c	Tue Jun 21 07:02:30 2005 +0000
    68.3 @@ -179,8 +179,8 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    68.4      {
    68.5          dom0_physinfo_t *pi = &op->u.physinfo;
    68.6  
    68.7 -        pi->ht_per_core = ht_per_core;
    68.8 -        pi->cores       = num_online_cpus() / ht_per_core;
    68.9 +        pi->ht_per_core = smp_num_siblings;
   68.10 +        pi->cores       = boot_cpu_data.x86_num_cores;
   68.11          pi->total_pages = max_page;
   68.12          pi->free_pages  = avail_domheap_pages();
   68.13          pi->cpu_khz     = cpu_khz;
    69.1 --- a/xen/arch/x86/setup.c	Sat Jun 18 00:49:11 2005 +0000
    69.2 +++ b/xen/arch/x86/setup.c	Tue Jun 21 07:02:30 2005 +0000
    69.3 @@ -20,6 +20,7 @@
    69.4  #include <asm/desc.h>
    69.5  #include <asm/shadow.h>
    69.6  #include <asm/e820.h>
    69.7 +#include <public/acm_dom0_setup.h>
    69.8  
    69.9  extern void dmi_scan_machine(void);
   69.10  extern void generic_apic_probe(void);
   69.11 @@ -66,7 +67,6 @@ boolean_param("noapic", skip_ioapic_setu
   69.12  
   69.13  int early_boot = 1;
   69.14  
   69.15 -int ht_per_core = 1;
   69.16  cpumask_t cpu_present_map;
   69.17  
   69.18  /* Limits of Xen heap, used to initialise the allocator. */
   69.19 @@ -394,12 +394,17 @@ void __init __start_xen(multiboot_info_t
   69.20  
   69.21      shadow_mode_init();
   69.22  
   69.23 +    /* initialize access control security module */
   69.24 +    acm_init();
   69.25 +
   69.26      /* Create initial domain 0. */
   69.27      dom0 = do_createdomain(0, 0);
   69.28      if ( dom0 == NULL )
   69.29          panic("Error creating domain 0\n");
   69.30  
   69.31      set_bit(_DOMF_privileged, &dom0->domain_flags);
   69.32 +    /* post-create hooks sets security label */
   69.33 +    acm_post_domain0_create(dom0->domain_id);
   69.34  
   69.35      /* Grab the DOM0 command line. */
   69.36      cmdline = (char *)(mod[0].string ? __va(mod[0].string) : NULL);
    70.1 --- a/xen/arch/x86/smpboot.c	Sat Jun 18 00:49:11 2005 +0000
    70.2 +++ b/xen/arch/x86/smpboot.c	Tue Jun 21 07:02:30 2005 +0000
    70.3 @@ -62,6 +62,8 @@ static int __initdata smp_b_stepping;
    70.4  int smp_num_siblings = 1;
    70.5  int phys_proc_id[NR_CPUS]; /* Package ID of each logical CPU */
    70.6  EXPORT_SYMBOL(phys_proc_id);
    70.7 +int cpu_core_id[NR_CPUS]; /* Core ID of each logical CPU */
    70.8 +EXPORT_SYMBOL(cpu_core_id);
    70.9  
   70.10  /* bitmap of online cpus */
   70.11  cpumask_t cpu_online_map;
   70.12 @@ -923,6 +925,8 @@ static int boot_cpu_logical_apicid;
   70.13  void *xquad_portio;
   70.14  
   70.15  cpumask_t cpu_sibling_map[NR_CPUS] __cacheline_aligned;
   70.16 +cpumask_t cpu_core_map[NR_CPUS] __cacheline_aligned;
   70.17 +EXPORT_SYMBOL(cpu_core_map);
   70.18  
   70.19  static void __init smp_boot_cpus(unsigned int max_cpus)
   70.20  {
   70.21 @@ -947,6 +951,9 @@ static void __init smp_boot_cpus(unsigne
   70.22  	cpus_clear(cpu_sibling_map[0]);
   70.23  	cpu_set(0, cpu_sibling_map[0]);
   70.24  
   70.25 +	cpus_clear(cpu_core_map[0]);
   70.26 +	cpu_set(0, cpu_core_map[0]);
   70.27 +
   70.28  	/*
   70.29  	 * If we couldn't find an SMP configuration at boot time,
   70.30  	 * get out of here now!
   70.31 @@ -959,6 +966,8 @@ static void __init smp_boot_cpus(unsigne
   70.32  			printk(KERN_NOTICE "Local APIC not detected."
   70.33  					   " Using dummy APIC emulation.\n");
   70.34  		map_cpu_to_logical_apicid();
   70.35 +		cpu_set(0, cpu_sibling_map[0]);
   70.36 +		cpu_set(0, cpu_core_map[0]);
   70.37  		return;
   70.38  	}
   70.39  
   70.40 @@ -1079,10 +1088,13 @@ static void __init smp_boot_cpus(unsigne
   70.41  	 * construct cpu_sibling_map[], so that we can tell sibling CPUs
   70.42  	 * efficiently.
   70.43  	 */
   70.44 -	for (cpu = 0; cpu < NR_CPUS; cpu++)
   70.45 +	for (cpu = 0; cpu < NR_CPUS; cpu++) {
   70.46  		cpus_clear(cpu_sibling_map[cpu]);
   70.47 +		cpus_clear(cpu_core_map[cpu]);
   70.48 +	}
   70.49  
   70.50  	for (cpu = 0; cpu < NR_CPUS; cpu++) {
   70.51 +		struct cpuinfo_x86 *c = cpu_data + cpu;
   70.52  		int siblings = 0;
   70.53  		int i;
   70.54  		if (!cpu_isset(cpu, cpu_callout_map))
   70.55 @@ -1092,7 +1104,7 @@ static void __init smp_boot_cpus(unsigne
   70.56  			for (i = 0; i < NR_CPUS; i++) {
   70.57  				if (!cpu_isset(i, cpu_callout_map))
   70.58  					continue;
   70.59 -				if (phys_proc_id[cpu] == phys_proc_id[i]) {
   70.60 +				if (cpu_core_id[cpu] == cpu_core_id[i]) {
   70.61  					siblings++;
   70.62  					cpu_set(i, cpu_sibling_map[cpu]);
   70.63  				}
   70.64 @@ -1102,8 +1114,22 @@ static void __init smp_boot_cpus(unsigne
   70.65  			cpu_set(cpu, cpu_sibling_map[cpu]);
   70.66  		}
   70.67  
   70.68 -		if (siblings != smp_num_siblings)
   70.69 +		if (siblings != smp_num_siblings) {
   70.70  			printk(KERN_WARNING "WARNING: %d siblings found for CPU%d, should be %d\n", siblings, cpu, smp_num_siblings);
   70.71 +			smp_num_siblings = siblings;
   70.72 +		}
   70.73 +
   70.74 +		if (c->x86_num_cores > 1) {
   70.75 +			for (i = 0; i < NR_CPUS; i++) {
   70.76 +				if (!cpu_isset(i, cpu_callout_map))
   70.77 +					continue;
   70.78 +				if (phys_proc_id[cpu] == phys_proc_id[i]) {
   70.79 +					cpu_set(i, cpu_core_map[cpu]);
   70.80 +				}
   70.81 +			}
   70.82 +		} else {
   70.83 +			cpu_core_map[cpu] = cpu_sibling_map[cpu];
   70.84 +		}
   70.85  	}
   70.86  
   70.87  	if (nmi_watchdog == NMI_LOCAL_APIC)
    71.1 --- a/xen/arch/x86/x86_32/entry.S	Sat Jun 18 00:49:11 2005 +0000
    71.2 +++ b/xen/arch/x86/x86_32/entry.S	Tue Jun 21 07:02:30 2005 +0000
    71.3 @@ -751,6 +751,7 @@ ENTRY(hypercall_table)
    71.4          .long do_boot_vcpu
    71.5          .long do_ni_hypercall       /* 25 */
    71.6          .long do_mmuext_op
    71.7 +	 .long do_policy_op          /* 27 */
    71.8          .rept NR_hypercalls-((.-hypercall_table)/4)
    71.9          .long do_ni_hypercall
   71.10          .endr
    72.1 --- a/xen/common/Makefile	Sat Jun 18 00:49:11 2005 +0000
    72.2 +++ b/xen/common/Makefile	Tue Jun 21 07:02:30 2005 +0000
    72.3 @@ -1,8 +1,8 @@
    72.4  
    72.5  include $(BASEDIR)/Rules.mk
    72.6  
    72.7 -ifeq ($(TARGET_ARCH),ia64) 
    72.8 -OBJS := $(subst dom_mem_ops.o,,$(OBJS))
    72.9 +ifeq ($(TARGET_ARCH),ia64)
   72.10 +#OBJS := $(subst dom_mem_ops.o,,$(OBJS))
   72.11  OBJS := $(subst grant_table.o,,$(OBJS))
   72.12  endif
   72.13  
    73.1 --- a/xen/common/dom0_ops.c	Sat Jun 18 00:49:11 2005 +0000
    73.2 +++ b/xen/common/dom0_ops.c	Tue Jun 21 07:02:30 2005 +0000
    73.3 @@ -19,6 +19,7 @@
    73.4  #include <asm/current.h>
    73.5  #include <public/dom0_ops.h>
    73.6  #include <public/sched_ctl.h>
    73.7 +#include <acm/acm_hooks.h>
    73.8  
    73.9  extern long arch_do_dom0_op(dom0_op_t *op, dom0_op_t *u_dom0_op);
   73.10  extern void arch_getdomaininfo_ctxt(
   73.11 @@ -91,6 +92,7 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
   73.12  {
   73.13      long ret = 0;
   73.14      dom0_op_t curop, *op = &curop;
   73.15 +    void *ssid = NULL; /* save security ptr between pre and post/fail hooks */
   73.16  
   73.17      if ( !IS_PRIV(current->domain) )
   73.18          return -EPERM;
   73.19 @@ -101,6 +103,9 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
   73.20      if ( op->interface_version != DOM0_INTERFACE_VERSION )
   73.21          return -EACCES;
   73.22  
   73.23 +    if ( acm_pre_dom0_op(op, &ssid) )
   73.24 +        return -EACCES;
   73.25 +
   73.26      switch ( op->cmd )
   73.27      {
   73.28  
   73.29 @@ -184,8 +189,8 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
   73.30           * domains will all share the second HT of each CPU. Since dom0 is on 
   73.31  	     * CPU 0, we favour high numbered CPUs in the event of a tie.
   73.32           */
   73.33 -        pro = ht_per_core - 1;
   73.34 -        for ( i = pro; i < num_online_cpus(); i += ht_per_core )
   73.35 +        pro = smp_num_siblings - 1;
   73.36 +        for ( i = pro; i < num_online_cpus(); i += smp_num_siblings )
   73.37              if ( cnt[i] <= cnt[pro] )
   73.38                  pro = i;
   73.39  
   73.40 @@ -357,6 +362,11 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
   73.41              ((d->domain_flags & DOMF_shutdown) ? DOMFLAGS_SHUTDOWN : 0) |
   73.42              d->shutdown_code << DOMFLAGS_SHUTDOWNSHIFT;
   73.43  
   73.44 +        if (d->ssid != NULL)
   73.45 +            op->u.getdomaininfo.ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref;
   73.46 +        else    
   73.47 +            op->u.getdomaininfo.ssidref = ACM_DEFAULT_SSID;
   73.48 +
   73.49          op->u.getdomaininfo.tot_pages   = d->tot_pages;
   73.50          op->u.getdomaininfo.max_pages   = d->max_pages;
   73.51          op->u.getdomaininfo.shared_info_frame = 
   73.52 @@ -493,7 +503,10 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
   73.53          ret = arch_do_dom0_op(op,u_dom0_op);
   73.54  
   73.55      }
   73.56 -
   73.57 +    if (!ret)
   73.58 +        acm_post_dom0_op(op, ssid);
   73.59 +    else
   73.60 +        acm_fail_dom0_op(op, ssid);
   73.61      return ret;
   73.62  }
   73.63  
    74.1 --- a/xen/common/event_channel.c	Sat Jun 18 00:49:11 2005 +0000
    74.2 +++ b/xen/common/event_channel.c	Tue Jun 21 07:02:30 2005 +0000
    74.3 @@ -26,6 +26,7 @@
    74.4  
    74.5  #include <public/xen.h>
    74.6  #include <public/event_channel.h>
    74.7 +#include <acm/acm_hooks.h>
    74.8  
    74.9  #define bucket_from_port(d,p) \
   74.10      ((d)->evtchn[(p)/EVTCHNS_PER_BUCKET])
   74.11 @@ -587,6 +588,9 @@ long do_event_channel_op(evtchn_op_t *uo
   74.12      if ( copy_from_user(&op, uop, sizeof(op)) != 0 )
   74.13          return -EFAULT;
   74.14  
   74.15 +    if (acm_pre_event_channel(&op))
   74.16 +        return -EACCES;
   74.17 +
   74.18      switch ( op.cmd )
   74.19      {
   74.20      case EVTCHNOP_alloc_unbound:
    75.1 --- a/xen/common/grant_table.c	Sat Jun 18 00:49:11 2005 +0000
    75.2 +++ b/xen/common/grant_table.c	Tue Jun 21 07:02:30 2005 +0000
    75.3 @@ -30,6 +30,7 @@
    75.4  #include <xen/sched.h>
    75.5  #include <xen/shadow.h>
    75.6  #include <xen/mm.h>
    75.7 +#include <acm/acm_hooks.h>
    75.8  
    75.9  #define PIN_FAIL(_lbl, _rc, _f, _a...)   \
   75.10      do {                           \
   75.11 @@ -357,6 +358,11 @@ static int
   75.12          return GNTST_bad_gntref;
   75.13      }
   75.14  
   75.15 +    if (acm_pre_grant_map_ref(dom)) {
   75.16 +        (void)__put_user(GNTST_permission_denied, &uop->handle);
   75.17 +        return GNTST_permission_denied;
   75.18 +    }
   75.19 +
   75.20      if ( unlikely((rd = find_domain_by_id(dom)) == NULL) ||
   75.21           unlikely(ld == rd) )
   75.22      {
    76.1 --- a/xen/common/kernel.c	Sat Jun 18 00:49:11 2005 +0000
    76.2 +++ b/xen/common/kernel.c	Tue Jun 21 07:02:30 2005 +0000
    76.3 @@ -1,10 +1,7 @@
    76.4  /******************************************************************************
    76.5   * kernel.c
    76.6   * 
    76.7 - * This file should contain architecture-independent bootstrap and low-level
    76.8 - * help routines. It's a bit x86/PC specific right now!
    76.9 - * 
   76.10 - * Copyright (c) 2002-2003 K A Fraser
   76.11 + * Copyright (c) 2002-2005 K A Fraser
   76.12   */
   76.13  
   76.14  #include <xen/config.h>
   76.15 @@ -14,6 +11,7 @@
   76.16  #include <xen/compile.h>
   76.17  #include <xen/sched.h>
   76.18  #include <asm/current.h>
   76.19 +#include <public/version.h>
   76.20  
   76.21  void cmdline_parse(char *cmdline)
   76.22  {
   76.23 @@ -83,11 +81,38 @@ void cmdline_parse(char *cmdline)
   76.24   * Simple hypercalls.
   76.25   */
   76.26  
   76.27 -long do_xen_version(int cmd)
   76.28 +long do_xen_version(int cmd, void *arg)
   76.29  {
   76.30 -    if ( cmd != 0 )
   76.31 -        return -ENOSYS;
   76.32 -    return (XEN_VERSION<<16) | (XEN_SUBVERSION);
   76.33 +    switch ( cmd )
   76.34 +    {
   76.35 +    case XENVER_version:
   76.36 +    {
   76.37 +        return (XEN_VERSION<<16) | (XEN_SUBVERSION);
   76.38 +    }
   76.39 +
   76.40 +    case XENVER_extraversion:
   76.41 +    {
   76.42 +        char extraversion[16];
   76.43 +        safe_strcpy(extraversion, XEN_EXTRAVERSION);
   76.44 +        if ( copy_to_user(arg, extraversion, sizeof(extraversion)) )
   76.45 +            return -EFAULT;
   76.46 +        return 0;
   76.47 +    }
   76.48 +
   76.49 +    case XENVER_compile_info:
   76.50 +    {
   76.51 +        struct xen_compile_info info;
   76.52 +        safe_strcpy(info.compiler,       XEN_COMPILER);
   76.53 +        safe_strcpy(info.compile_by,     XEN_COMPILE_BY);
   76.54 +        safe_strcpy(info.compile_domain, XEN_COMPILE_DOMAIN);
   76.55 +        safe_strcpy(info.compile_date,   XEN_COMPILE_DATE);
   76.56 +        if ( copy_to_user(arg, &info, sizeof(info)) )
   76.57 +            return -EFAULT;
   76.58 +        return 0;
   76.59 +    }
   76.60 +    }
   76.61 +
   76.62 +    return -ENOSYS;
   76.63  }
   76.64  
   76.65  long do_vm_assist(unsigned int cmd, unsigned int type)
    77.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    77.2 +++ b/xen/common/policy_ops.c	Tue Jun 21 07:02:30 2005 +0000
    77.3 @@ -0,0 +1,117 @@
    77.4 +/******************************************************************************
    77.5 + *policy_ops.c
    77.6 + * 
    77.7 + * Copyright (C) 2005 IBM Corporation
    77.8 + *
    77.9 + * Author:
   77.10 + * Reiner Sailer <sailer@watson.ibm.com>
   77.11 + *
   77.12 + * This program is free software; you can redistribute it and/or
   77.13 + * modify it under the terms of the GNU General Public License as
   77.14 + * published by the Free Software Foundation, version 2 of the
   77.15 + * License.
   77.16 + *
   77.17 + * Process policy command requests from guest OS.
   77.18 + *
   77.19 + */
   77.20 +#include <xen/config.h>
   77.21 +#include <xen/types.h>
   77.22 +#include <xen/lib.h>
   77.23 +#include <xen/mm.h>
   77.24 +#include <public/policy_ops.h>
   77.25 +#include <xen/sched.h>
   77.26 +#include <xen/event.h>
   77.27 +#include <xen/trace.h>
   77.28 +#include <xen/console.h>
   77.29 +#include <asm/shadow.h>
   77.30 +#include <public/sched_ctl.h>
   77.31 +#include <acm/acm_hooks.h>
   77.32 +
   77.33 +/* function prototypes defined in acm/acm_policy.c */
   77.34 +int acm_set_policy(void *buf, u16 buf_size, u16 policy);
   77.35 +int acm_get_policy(void *buf, u16 buf_size);
   77.36 +int acm_dump_statistics(void *buf, u16 buf_size);
   77.37 +
   77.38 +typedef enum policyoperation {
   77.39 +	POLICY,     /* access to policy interface (early drop) */
   77.40 +	GETPOLICY,  /* dump policy cache */
   77.41 +	SETPOLICY,  /* set policy cache (controls security) */
   77.42 +	DUMPSTATS   /* dump policy statistics */
   77.43 +} policyoperation_t;
   77.44 +
   77.45 +int
   77.46 +acm_authorize_policyops(struct domain *d, policyoperation_t pops)
   77.47 +{
   77.48 +	/* currently, all policy management functions are restricted to privileged domains,
   77.49 +	 * soon we will introduce finer-grained privileges for policy operations 
   77.50 +	 */
   77.51 +	if (!IS_PRIV(d)) {
   77.52 +		printk("%s: Policy management authorization denied ERROR!\n", __func__);
   77.53 +		return ACM_ACCESS_DENIED;
   77.54 +	}
   77.55 +	return ACM_ACCESS_PERMITTED;
   77.56 +}
   77.57 +
   77.58 +long do_policy_op(policy_op_t *u_policy_op)
   77.59 +{
   77.60 +    long ret = 0;
   77.61 +    policy_op_t curop, *op = &curop;
   77.62 +
   77.63 +    /* check here policy decision for policy commands */
   77.64 +    /* for now allow DOM0 only, later indepedently    */
   77.65 +    if (acm_authorize_policyops(current->domain, POLICY))
   77.66 +	    return -EACCES;
   77.67 +
   77.68 +    if ( copy_from_user(op, u_policy_op, sizeof(*op)) )
   77.69 +        return -EFAULT;
   77.70 +
   77.71 +    if ( op->interface_version != POLICY_INTERFACE_VERSION )
   77.72 +        return -EACCES;
   77.73 +
   77.74 +    switch ( op->cmd )
   77.75 +    {
   77.76 +    case POLICY_SETPOLICY:
   77.77 +    {
   77.78 +        if (acm_authorize_policyops(current->domain, SETPOLICY))
   77.79 +		return -EACCES;
   77.80 +	printkd("%s: setting policy.\n", __func__);
   77.81 +	ret = acm_set_policy(op->u.setpolicy.pushcache, op->u.setpolicy.pushcache_size, op->u.setpolicy.policy_type);
   77.82 +        if (ret == ACM_OK)
   77.83 +            ret = 0;
   77.84 +        else
   77.85 +            ret = -ESRCH;
   77.86 +    }
   77.87 +    break;
   77.88 +
   77.89 +    case POLICY_GETPOLICY:
   77.90 +    {
   77.91 +        if (acm_authorize_policyops(current->domain, GETPOLICY))
   77.92 +		return -EACCES;
   77.93 +        printkd("%s: getting policy.\n", __func__);
   77.94 +	ret = acm_get_policy(op->u.getpolicy.pullcache, op->u.getpolicy.pullcache_size);
   77.95 +        if (ret == ACM_OK)
   77.96 +            ret = 0;
   77.97 +        else
   77.98 +            ret = -ESRCH;
   77.99 +    }
  77.100 +    break;
  77.101 +
  77.102 +    case POLICY_DUMPSTATS:
  77.103 +    {
  77.104 +        if (acm_authorize_policyops(current->domain, DUMPSTATS))
  77.105 +		return -EACCES;
  77.106 +	printkd("%s: dumping statistics.\n", __func__);
  77.107 +	ret = acm_dump_statistics(op->u.dumpstats.pullcache, op->u.dumpstats.pullcache_size);
  77.108 +        if (ret == ACM_OK)
  77.109 +            ret = 0;
  77.110 +        else
  77.111 +            ret = -ESRCH;
  77.112 +    }
  77.113 +    break;
  77.114 +
  77.115 +    default:
  77.116 +        ret = -ESRCH;
  77.117 +
  77.118 +    }
  77.119 +    return ret;
  77.120 +}
    78.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    78.2 +++ b/xen/include/acm/acm_core.h	Tue Jun 21 07:02:30 2005 +0000
    78.3 @@ -0,0 +1,117 @@
    78.4 +/****************************************************************
    78.5 + * acm_core.h 
    78.6 + * 
    78.7 + * Copyright (C) 2005 IBM Corporation
    78.8 + *
    78.9 + * Author:
   78.10 + * Reiner Sailer <sailer@watson.ibm.com>
   78.11 + *
   78.12 + * This program is free software; you can redistribute it and/or
   78.13 + * modify it under the terms of the GNU General Public License as
   78.14 + * published by the Free Software Foundation, version 2 of the
   78.15 + * License.
   78.16 + *
   78.17 + * sHype header file describing core data types and constants
   78.18 + *    for the access control module and relevant policies
   78.19 + *
   78.20 + */
   78.21 +#ifndef _ACM_CORE_H
   78.22 +#define _ACM_CORE_H
   78.23 +
   78.24 +#include <xen/spinlock.h>
   78.25 +#include <public/acm.h>
   78.26 +#include <public/policy_ops.h>
   78.27 +
   78.28 +/* Xen-internal representation of the binary policy */
   78.29 +struct acm_binary_policy {
   78.30 +	u16 primary_policy_code;
   78.31 +	u16 secondary_policy_code;
   78.32 +	void *primary_binary_policy;                                 
   78.33 +	void *secondary_binary_policy;
   78.34 +	
   78.35 +};
   78.36 +
   78.37 +struct chwall_binary_policy {
   78.38 +	u16 max_types;
   78.39 +	u16 max_ssidrefs;
   78.40 +	u16 max_conflictsets;
   78.41 +	domaintype_t *ssidrefs;			/* [max_ssidrefs][max_types] 	*/
   78.42 +	domaintype_t *conflict_aggregate_set; 	/* [max_types] 			*/
   78.43 +	domaintype_t *running_types; 		/* [max_types] 			*/
   78.44 +	domaintype_t *conflict_sets;		/* [max_conflictsets][max_types]*/
   78.45 +};
   78.46 +
   78.47 +struct ste_binary_policy {
   78.48 +	u16 max_types;
   78.49 +	u16 max_ssidrefs;
   78.50 +	domaintype_t *ssidrefs;			/* [max_ssidrefs][max_types] 	*/
   78.51 +	atomic_t ec_eval_count, gt_eval_count;
   78.52 +	atomic_t ec_denied_count, gt_denied_count; 
   78.53 +	atomic_t ec_cachehit_count, gt_cachehit_count;
   78.54 +};
   78.55 +
   78.56 +/* global acm policy */
   78.57 +extern struct acm_binary_policy acm_bin_pol;
   78.58 +extern struct chwall_binary_policy chwall_bin_pol;
   78.59 +extern struct ste_binary_policy ste_bin_pol;
   78.60 +/* use the lock when reading / changing binary policy ! */
   78.61 +extern rwlock_t acm_bin_pol_rwlock;
   78.62 +
   78.63 +/* subject and object type definitions */
   78.64 +enum acm_datatype { DOMAIN };
   78.65 +
   78.66 +/* defines number of access decisions to other domains can be cached
   78.67 + * one entry per domain, TE does not distinguish evtchn or grant_table */
   78.68 +#define ACM_TE_CACHE_SIZE	8
   78.69 +enum acm_ste_flag { VALID, FREE };
   78.70 +
   78.71 +/* cache line:
   78.72 + * if cache_line.valid==VALID, then
   78.73 + *    STE decision is cached as "permitted" 
   78.74 + *                 on domain cache_line.id
   78.75 + */
   78.76 +struct acm_ste_cache_line {
   78.77 +	enum acm_ste_flag valid;
   78.78 +	domid_t id;
   78.79 +};
   78.80 +
   78.81 +/* general definition of a subject security id */
   78.82 +struct acm_ssid_domain {
   78.83 +	enum acm_datatype datatype;		/* type of subject (e.g., partition) */
   78.84 +	ssidref_t	  ssidref;		/* combined security reference */
   78.85 +	void           	  *primary_ssid; 	/* primary policy ssid part (e.g. chinese wall) */
   78.86 +	void	          *secondary_ssid;  	/* secondary policy ssid part (e.g. type enforcement) */
   78.87 +	struct domain     *subject;	       	/* backpointer to subject structure */
   78.88 +	domid_t		  domainid;		/* replicate id */
   78.89 +};
   78.90 +
   78.91 +/* chinese wall ssid type */
   78.92 +struct chwall_ssid {
   78.93 +	ssidref_t chwall_ssidref;
   78.94 +};
   78.95 +
   78.96 +/* simple type enforcement ssid type */
   78.97 +struct ste_ssid {
   78.98 +	ssidref_t ste_ssidref;
   78.99 +	struct acm_ste_cache_line ste_cache[ACM_TE_CACHE_SIZE]; /* decision cache */
  78.100 +};
  78.101 +
  78.102 +/* macros to access ssidref for primary / secondary policy 
  78.103 + *	primary ssidref   = lower 16 bit
  78.104 + *      secondary ssidref = higher 16 bit
  78.105 + */
  78.106 +#define GET_SSIDREF(POLICY, ssidref) \
  78.107 +	((POLICY) == acm_bin_pol.primary_policy_code) ? \
  78.108 +	((ssidref) & 0xffff) : ((ssidref) >> 16)
  78.109 +
  78.110 +/* macros to access ssid pointer for primary / secondary policy */
  78.111 +#define GET_SSIDP(POLICY, ssid) \
  78.112 +	((POLICY) == acm_bin_pol.primary_policy_code) ? \
  78.113 +	((ssid)->primary_ssid) : ((ssid)->secondary_ssid)
  78.114 +
  78.115 +/* protos */
  78.116 +int acm_init_domain_ssid(domid_t id, ssidref_t ssidref);
  78.117 +int acm_free_domain_ssid(struct acm_ssid_domain *ssid);
  78.118 +
  78.119 +#endif
  78.120 +
    79.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    79.2 +++ b/xen/include/acm/acm_endian.h	Tue Jun 21 07:02:30 2005 +0000
    79.3 @@ -0,0 +1,88 @@
    79.4 +/****************************************************************
    79.5 + * acm_endian.h 
    79.6 + * 
    79.7 + * Copyright (C) 2005 IBM Corporation
    79.8 + *
    79.9 + * Author:
   79.10 + * Stefan Berger <stefanb@watson.ibm.com>
   79.11 + * 
   79.12 + * Contributions:
   79.13 + * Reiner Sailer <sailer@watson.ibm.com>
   79.14 + *
   79.15 + * This program is free software; you can redistribute it and/or
   79.16 + * modify it under the terms of the GNU General Public License as
   79.17 + * published by the Free Software Foundation, version 2 of the
   79.18 + * License.
   79.19 + *
   79.20 + * sHype header file defining endian-dependent functions for the
   79.21 + * big-endian policy interface
   79.22 + *
   79.23 + */
   79.24 +#ifndef _ACM_ENDIAN_H
   79.25 +#define _ACM_ENDIAN_H
   79.26 +
   79.27 +/* don't use these functions in performance critical sections! */
   79.28 +
   79.29 +/* set during initialization by testing */
   79.30 +extern u8 little_endian;
   79.31 +
   79.32 +static inline u32 ntohl(u32 x) 
   79.33 +{
   79.34 +    if (little_endian)
   79.35 +        return 
   79.36 +	    ( (((x) >> 24) & 0xff      )| 
   79.37 +	      (((x) >>  8) & 0xff00    )| 
   79.38 +	      (((x) <<  8) & 0xff0000  )|
   79.39 +	      (((x) << 24) & 0xff000000) );
   79.40 +    else
   79.41 +        return x;
   79.42 +}
   79.43 +
   79.44 +static inline u16 ntohs(u16 x) 
   79.45 +{
   79.46 +    if (little_endian)
   79.47 +        return 
   79.48 +	    ( (((x) >> 8) & 0xff   )|
   79.49 +	      (((x) << 8) & 0xff00 ) );
   79.50 +    else
   79.51 +	return x;
   79.52 +}
   79.53 +
   79.54 +#define htonl(x) ntohl(x)
   79.55 +#define htons(x) ntohs(x)
   79.56 +
   79.57 +static inline void arrcpy16(u16 *dest, const u16 *src, size_t n)
   79.58 +{
   79.59 +    unsigned int i = 0;
   79.60 +    while (i < n) {
   79.61 +       	dest[i] = htons(src[i]);
   79.62 +       	i++;
   79.63 +    }
   79.64 +}
   79.65 +
   79.66 +static inline void arrcpy32(u32 *dest, const u32 *src, size_t n)
   79.67 +{
   79.68 +    unsigned int i = 0;
   79.69 +    while (i < n) {
   79.70 +	dest[i] = htonl(src[i]);
   79.71 +	i++;
   79.72 +    }
   79.73 +}
   79.74 +
   79.75 +static inline void arrcpy(void *dest, const void *src, unsigned int elsize, size_t n)
   79.76 +{
   79.77 +    switch (elsize) {
   79.78 +    case sizeof(u16):
   79.79 +        arrcpy16((u16 *)dest, (u16 *)src, n);
   79.80 +        break;
   79.81 +
   79.82 +    case sizeof(u32):
   79.83 +        arrcpy32((u32 *)dest, (u32 *)src, n);
   79.84 +        break;
   79.85 +
   79.86 +    default:
   79.87 +        memcpy(dest, src, elsize*n);
   79.88 +    }
   79.89 +}
   79.90 +
   79.91 +#endif
    80.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    80.2 +++ b/xen/include/acm/acm_hooks.h	Tue Jun 21 07:02:30 2005 +0000
    80.3 @@ -0,0 +1,337 @@
    80.4 +/****************************************************************
    80.5 + * acm_hooks.h 
    80.6 + * 
    80.7 + * Copyright (C) 2005 IBM Corporation
    80.8 + *
    80.9 + * Author:
   80.10 + * Reiner Sailer <sailer@watson.ibm.com>
   80.11 + *
   80.12 + * This program is free software; you can redistribute it and/or
   80.13 + * modify it under the terms of the GNU General Public License as
   80.14 + * published by the Free Software Foundation, version 2 of the
   80.15 + * License.
   80.16 + *
   80.17 + * acm header file implementing the global (policy-independent)
   80.18 + *      sHype hooks that are called throughout Xen.
   80.19 + * 
   80.20 + */
   80.21 +#ifndef _ACM_HOOKS_H
   80.22 +#define _ACM_HOOKS_H
   80.23 +
   80.24 +#include <xen/config.h>
   80.25 +#include <xen/errno.h>
   80.26 +#include <xen/types.h>
   80.27 +#include <xen/lib.h>
   80.28 +#include <xen/delay.h>
   80.29 +#include <xen/sched.h>
   80.30 +#include <public/acm.h>
   80.31 +#include <acm/acm_core.h>
   80.32 +#include <public/dom0_ops.h>
   80.33 +#include <public/event_channel.h>
   80.34 +#include <asm/current.h>
   80.35 +
   80.36 +/* if ACM_TRACE_MODE defined, all hooks should
   80.37 + * print a short trace message */
   80.38 +/* #define ACM_TRACE_MODE */
   80.39 +
   80.40 +#ifdef ACM_TRACE_MODE
   80.41 +#  define traceprintk(fmt, args...) printk(fmt,## args)
   80.42 +#else
   80.43 +#  define traceprintk(fmt, args...)
   80.44 +#endif
   80.45 +
   80.46 +/* global variables */
   80.47 +extern struct acm_operations *acm_primary_ops;
   80.48 +extern struct acm_operations *acm_secondary_ops;
   80.49 +
   80.50 +/**********************************************************************************************
   80.51 + * HOOK structure and meaning (justifies a few words about our model):
   80.52 + * 
   80.53 + * General idea: every policy-controlled system operation is reflected in a 
   80.54 + *               transaction in the system's security state
   80.55 + *
   80.56 + *	Keeping the security state consistent requires "atomic" transactions.
   80.57 + *      The name of the hooks to place around policy-controlled transactions
   80.58 + *      reflects this. If authorizations do not involve security state changes,
   80.59 + *      then and only then POST and FAIL hooks remain empty since we don't care
   80.60 + *      about the eventual outcome of the operation from a security viewpoint.
   80.61 + *
   80.62 + *	PURPOSE of hook types:
   80.63 + *      ======================
   80.64 + *      PRE-Hooks
   80.65 + *		a) general authorization to guard a controlled system operation
   80.66 + *		b) prepare security state change (means: fail hook must be able to "undo" this)
   80.67 + *
   80.68 + *	POST-Hooks
   80.69 + *		a) commit prepared state change
   80.70 + *
   80.71 + *      FAIL-Hooks
   80.72 + *		a) roll-back prepared security state change from PRE-Hook
   80.73 + *
   80.74 + *
   80.75 + *      PLACEMENT of hook types:
   80.76 + *      ========================
   80.77 + *	PRE-Hooks must be called:
   80.78 + *		a) before a guarded/controlled system operation is started
   80.79 + *		(return is ACM_ACCESS_PERMITTED or ACM_ACCESS_DENIED or error)
   80.80 + *		   --> operation must be aborted if return is != ACM_ACCESS_PERMITTED
   80.81 + *
   80.82 + *	POST-Hooks must be called:
   80.83 + *		a) after successful transaction (no return value; commit shall never fail)
   80.84 + *
   80.85 + *	FAIL-Hooks must be called:
   80.86 + *		a) if system transaction (operation) fails somewhen after calling the PRE-hook
   80.87 + *		   (obviously the POST-Hook is not called in this case)
   80.88 + *		b) if another (secondary) policy denies access in its PRE-Hook
   80.89 + *		   (policy layering is useful but requires additional handling)
   80.90 + *
   80.91 + *
   80.92 + *
   80.93 + *       Hook model from a security transaction viewpoint:
   80.94 + *
   80.95 + *          start-sys-ops--> prepare ----succeed-----> commit --> sys-ops success
   80.96 + *                          (pre-hook)  \           (post-hook)
   80.97 + *                                       \
   80.98 + *                                       fail
   80.99 + *                                         \
  80.100 + *                                          \
  80.101 + *                                        roll-back
  80.102 + *                                       (fail-hook)
  80.103 + *                                             \
  80.104 + *                                            sys-ops error
  80.105 + *
  80.106 + *************************************************************************************************/
  80.107 +
  80.108 +struct acm_operations {
  80.109 +	/* policy management functions (must always be defined!) */
  80.110 +	int  (*init_domain_ssid)	       	(void **ssid, ssidref_t ssidref);
  80.111 +	void (*free_domain_ssid)	       	(void *ssid);
  80.112 +	int  (*dump_binary_policy)		(u8 *buffer, u16 buf_size);
  80.113 +	int  (*set_binary_policy)		(u8 *buffer, u16 buf_size);	
  80.114 +	int  (*dump_statistics)			(u8 *buffer, u16 buf_size);
  80.115 +	/* domain management control hooks (can be NULL) */
  80.116 +	int  (*pre_domain_create)              	(void *subject_ssid, ssidref_t ssidref);
  80.117 +	void (*post_domain_create) 		(domid_t domid, ssidref_t ssidref);
  80.118 +	void (*fail_domain_create)             	(void *subject_ssid, ssidref_t ssidref);
  80.119 +	void (*post_domain_destroy)		(void *object_ssid, domid_t id);
  80.120 +	/* event channel control hooks  (can be NULL) */
  80.121 +	int  (*pre_eventchannel_unbound)       	(domid_t id);
  80.122 +	void (*fail_eventchannel_unbound)      	(domid_t id);
  80.123 +	int  (*pre_eventchannel_interdomain)	(domid_t id1, domid_t id2);
  80.124 +	int  (*fail_eventchannel_interdomain)	(domid_t id1, domid_t id2);
  80.125 +	/* grant table control hooks (can be NULL)  */
  80.126 +	int  (*pre_grant_map_ref)       	(domid_t id);
  80.127 +	void (*fail_grant_map_ref)		(domid_t id);
  80.128 +	int  (*pre_grant_setup)       		(domid_t id);
  80.129 +	void (*fail_grant_setup)		(domid_t id);
  80.130 +};
  80.131 +
  80.132 +static inline int acm_pre_domain_create (void *subject_ssid, ssidref_t ssidref)
  80.133 +{
  80.134 +	if ((acm_primary_ops->pre_domain_create != NULL) && 
  80.135 +		 acm_primary_ops->pre_domain_create (subject_ssid, ssidref))
  80.136 +		return ACM_ACCESS_DENIED;
  80.137 +	else if ((acm_secondary_ops->pre_domain_create != NULL) && 
  80.138 +		 acm_secondary_ops->pre_domain_create (subject_ssid, ssidref)) {
  80.139 +		/* roll-back primary */
  80.140 +		if (acm_primary_ops->fail_domain_create != NULL)
  80.141 +			acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
  80.142 +		return ACM_ACCESS_DENIED;
  80.143 +	} else
  80.144 +		return ACM_ACCESS_PERMITTED;
  80.145 +}
  80.146 +
  80.147 +static inline void acm_post_domain_create (domid_t domid, ssidref_t ssidref)
  80.148 +{
  80.149 +	if (acm_primary_ops->post_domain_create != NULL)
  80.150 +		acm_primary_ops->post_domain_create (domid, ssidref);
  80.151 +	if (acm_secondary_ops->post_domain_create != NULL)
  80.152 +		acm_secondary_ops->post_domain_create (domid, ssidref);
  80.153 +}
  80.154 +
  80.155 +static inline void acm_fail_domain_create (void *subject_ssid, ssidref_t ssidref)
  80.156 +{
  80.157 +	if (acm_primary_ops->fail_domain_create != NULL)
  80.158 +		acm_primary_ops->fail_domain_create (subject_ssid, ssidref);
  80.159 +	if (acm_secondary_ops->fail_domain_create != NULL)
  80.160 +		acm_secondary_ops->fail_domain_create (subject_ssid, ssidref);
  80.161 +}
  80.162 +
  80.163 +static inline void acm_post_domain_destroy (void *object_ssid, domid_t id)
  80.164 +{
  80.165 +	if (acm_primary_ops->post_domain_destroy != NULL)
  80.166 +		acm_primary_ops->post_domain_destroy (object_ssid, id);
  80.167 +	if (acm_secondary_ops->post_domain_destroy != NULL)
  80.168 +		acm_secondary_ops->post_domain_destroy (object_ssid, id);
  80.169 +	return;
  80.170 +}
  80.171 +
  80.172 +/*   event channel ops */
  80.173 +
  80.174 +static inline int acm_pre_eventchannel_unbound (domid_t id)
  80.175 +{
  80.176 +	if ((acm_primary_ops->pre_eventchannel_unbound != NULL) && 
  80.177 +	    acm_primary_ops->pre_eventchannel_unbound (id))
  80.178 +		return ACM_ACCESS_DENIED;
  80.179 +	else if ((acm_secondary_ops->pre_eventchannel_unbound != NULL) && 
  80.180 +		 acm_secondary_ops->pre_eventchannel_unbound (id)) {
  80.181 +		/* roll-back primary */
  80.182 +		if (acm_primary_ops->fail_eventchannel_unbound != NULL)
  80.183 +			acm_primary_ops->fail_eventchannel_unbound (id);
  80.184 +		return ACM_ACCESS_DENIED;
  80.185 +	} else
  80.186 +		return ACM_ACCESS_PERMITTED;
  80.187 +}
  80.188 +
  80.189 +static inline int acm_pre_eventchannel_interdomain (domid_t id1, domid_t id2)
  80.190 +{	
  80.191 +	if ((acm_primary_ops->pre_eventchannel_interdomain != NULL) &&
  80.192 +	    acm_primary_ops->pre_eventchannel_interdomain (id1, id2))
  80.193 +		return ACM_ACCESS_DENIED;
  80.194 +	else if ((acm_secondary_ops->pre_eventchannel_interdomain != NULL) &&
  80.195 +		 acm_secondary_ops->pre_eventchannel_interdomain (id1, id2)) {
  80.196 +		/* roll-back primary */
  80.197 +		if (acm_primary_ops->fail_eventchannel_interdomain != NULL)
  80.198 +			acm_primary_ops->fail_eventchannel_interdomain (id1, id2);
  80.199 +		return ACM_ACCESS_DENIED;
  80.200 +	} else
  80.201 +		return ACM_ACCESS_PERMITTED;
  80.202 +}
  80.203 +
  80.204 +/************ Xen inline hooks ***************/
  80.205 +
  80.206 +/* small macro to make the hooks more readable 
  80.207 + * (eliminates hooks if NULL policy is active)
  80.208 + */
  80.209 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  80.210 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
  80.211 +{ return 0; }
  80.212 +#else
  80.213 +static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) 
  80.214 +{
  80.215 +	int ret = -EACCES;
  80.216 +	struct domain *d;
  80.217 +
  80.218 +	switch(op->cmd) {
  80.219 +	case DOM0_CREATEDOMAIN:
  80.220 +		ret = acm_pre_domain_create(current->domain->ssid, op->u.createdomain.ssidref);
  80.221 +		break;
  80.222 +	case DOM0_DESTROYDOMAIN:
  80.223 +		d = find_domain_by_id(op->u.destroydomain.domain);
  80.224 +		if (d != NULL) {
  80.225 +			*ssid = d->ssid; /* save for post destroy when d is gone */
  80.226 +			/* no policy-specific hook */
  80.227 +			put_domain(d);
  80.228 +			ret = 0;
  80.229 +		}
  80.230 +		break;
  80.231 +	default:
  80.232 +		ret = 0; /* ok */
  80.233 +	}
  80.234 +	return ret;
  80.235 +}
  80.236 +#endif
  80.237 +
  80.238 +
  80.239 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  80.240 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
  80.241 +{ return; }
  80.242 +#else
  80.243 +static inline void acm_post_dom0_op(dom0_op_t *op, void *ssid) 
  80.244 +{
  80.245 +	switch(op->cmd) {
  80.246 +	case DOM0_CREATEDOMAIN:
  80.247 +		/* initialialize shared sHype security labels for new domain */
  80.248 +		acm_init_domain_ssid(op->u.createdomain.domain, op->u.createdomain.ssidref);
  80.249 +		acm_post_domain_create(op->u.createdomain.domain, op->u.createdomain.ssidref);
  80.250 +		break;
  80.251 +	case DOM0_DESTROYDOMAIN:
  80.252 +		acm_post_domain_destroy(ssid, op->u.destroydomain.domain);
  80.253 +		/* free security ssid for the destroyed domain (also if running null policy */
  80.254 +		acm_free_domain_ssid((struct acm_ssid_domain *)ssid);
  80.255 +		break;
  80.256 +	}
  80.257 +}
  80.258 +#endif
  80.259 +
  80.260 +
  80.261 +#if (ACM_USE_SECURITY_POLICy == ACM_NULL_POLICY)
  80.262 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
  80.263 +{ return; }
  80.264 +#else
  80.265 +static inline void acm_fail_dom0_op(dom0_op_t *op, void *ssid) 
  80.266 +{
  80.267 +	switch(op->cmd) {
  80.268 +	case DOM0_CREATEDOMAIN:
  80.269 +		acm_fail_domain_create(current->domain->ssid, op->u.createdomain.ssidref);
  80.270 +		break;
  80.271 +	}
  80.272 +}
  80.273 +#endif
  80.274 +
  80.275 +
  80.276 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  80.277 +static inline int acm_pre_event_channel(evtchn_op_t *op) 
  80.278 +{ return 0; }
  80.279 +#else
  80.280 +static inline int acm_pre_event_channel(evtchn_op_t *op) 
  80.281 +{
  80.282 +	int ret = -EACCES;
  80.283 +
  80.284 +	switch(op->cmd) {
  80.285 +	case EVTCHNOP_alloc_unbound:
  80.286 +		ret = acm_pre_eventchannel_unbound(op->u.alloc_unbound.dom);
  80.287 +		break;
  80.288 +	case EVTCHNOP_bind_interdomain:
  80.289 +		ret = acm_pre_eventchannel_interdomain(op->u.bind_interdomain.dom1, op->u.bind_interdomain.dom2);
  80.290 +		break;
  80.291 +	default:
  80.292 +		ret = 0; /* ok */
  80.293 +	}
  80.294 +	return ret;
  80.295 +}
  80.296 +#endif
  80.297 +
  80.298 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  80.299 +static inline int acm_pre_grant_map_ref(domid_t id) 
  80.300 +{ return 0; }
  80.301 +#else
  80.302 +static inline int acm_pre_grant_map_ref (domid_t id)
  80.303 +{
  80.304 +	if ((acm_primary_ops->pre_grant_map_ref != NULL) &&
  80.305 +	    acm_primary_ops->pre_grant_map_ref (id))
  80.306 +		return ACM_ACCESS_DENIED;
  80.307 +	else if ((acm_secondary_ops->pre_grant_map_ref != NULL) &&
  80.308 +		 acm_secondary_ops->pre_grant_map_ref (id)) {
  80.309 +		/* roll-back primary */
  80.310 +		if (acm_primary_ops->fail_grant_map_ref != NULL)
  80.311 +			acm_primary_ops->fail_grant_map_ref (id);
  80.312 +		return ACM_ACCESS_DENIED;
  80.313 +	} else
  80.314 +		return ACM_ACCESS_PERMITTED;
  80.315 +}
  80.316 +#endif
  80.317 +
  80.318 +
  80.319 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
  80.320 +static inline int acm_pre_grant_setup(domid_t id) 
  80.321 +{ return 0; }
  80.322 +#else
  80.323 +static inline int acm_pre_grant_setup (domid_t id)
  80.324 +{
  80.325 +	if ((acm_primary_ops->pre_grant_setup != NULL) &&
  80.326 +	    acm_primary_ops->pre_grant_setup (id))
  80.327 +		return ACM_ACCESS_DENIED;
  80.328 +	else if ((acm_secondary_ops->pre_grant_setup != NULL) &&
  80.329 +		 acm_secondary_ops->pre_grant_setup (id)) {
  80.330 +		/* roll-back primary */
  80.331 +		if (acm_primary_ops->fail_grant_setup != NULL)
  80.332 +			acm_primary_ops->fail_grant_setup (id);
  80.333 +		return ACM_ACCESS_DENIED;
  80.334 +	} else
  80.335 +		return ACM_ACCESS_PERMITTED;
  80.336 +}
  80.337 +#endif
  80.338 +
  80.339 +
  80.340 +#endif
    81.1 --- a/xen/include/asm-ia64/config.h	Sat Jun 18 00:49:11 2005 +0000
    81.2 +++ b/xen/include/asm-ia64/config.h	Tue Jun 21 07:02:30 2005 +0000
    81.3 @@ -177,8 +177,7 @@ void sort_main_extable(void);
    81.4  // see include/asm-x86/atomic.h (different from standard linux)
    81.5  #define _atomic_set(v,i) (((v).counter) = (i))
    81.6  #define _atomic_read(v) ((v).counter)
    81.7 -// FIXME following needs work
    81.8 -#define atomic_compareandswap(old, new, v) old
    81.9 +#define atomic_compareandswap(old, new, v) ((atomic_t){ cmpxchg(v, _atomic_read(old), _atomic_read(new)) })
   81.10  
   81.11  // see include/asm-ia64/mm.h, handle remaining pfn_info uses until gone
   81.12  #define pfn_info page
   81.13 @@ -227,6 +226,8 @@ struct screen_info { };
   81.14  
   81.15  #define FORCE_CRASH()	asm("break 0;;");
   81.16  
   81.17 +#define dummy()	dummy_called(__FUNCTION__)
   81.18 +
   81.19  // these declarations got moved at some point, find a better place for them
   81.20  extern int ht_per_core;
   81.21  
    82.1 --- a/xen/include/asm-ia64/domain.h	Sat Jun 18 00:49:11 2005 +0000
    82.2 +++ b/xen/include/asm-ia64/domain.h	Tue Jun 21 07:02:30 2005 +0000
    82.3 @@ -2,18 +2,17 @@
    82.4  #define __ASM_DOMAIN_H__
    82.5  
    82.6  #include <linux/thread_info.h>
    82.7 +#include <asm/tlb.h>
    82.8  #ifdef CONFIG_VTI
    82.9  #include <asm/vmx_vpd.h>
   82.10  #include <asm/vmmu.h>
   82.11  #include <asm/regionreg.h>
   82.12 +#include <public/arch-ia64.h>
   82.13  #endif // CONFIG_VTI
   82.14  #include <xen/list.h>
   82.15  
   82.16  extern void arch_do_createdomain(struct vcpu *);
   82.17  
   82.18 -extern int arch_final_setup_guestos(
   82.19 -    struct vcpu *, struct vcpu_guest_context *);
   82.20 -
   82.21  extern void domain_relinquish_resources(struct domain *);
   82.22  
   82.23  #ifdef CONFIG_VTI
   82.24 @@ -36,7 +35,15 @@ struct arch_domain {
   82.25      int imp_va_msb;
   82.26      ia64_rr emul_phy_rr0;
   82.27      ia64_rr emul_phy_rr4;
   82.28 -    u64 *pmt;	/* physical to machine table */
   82.29 +    unsigned long *pmt;	/* physical to machine table */
   82.30 +    /*
   82.31 +     * max_pfn is the maximum page frame in guest physical space, including
   82.32 +     * inter-middle I/O ranges and memory holes. This is different with
   82.33 +     * max_pages in domain struct, which indicates maximum memory size
   82.34 +     */
   82.35 +    unsigned long max_pfn;
   82.36 +    unsigned int section_nr;
   82.37 +    mm_section_t *sections;	/* Describe memory hole except for Dom0 */
   82.38  #endif  //CONFIG_VTI
   82.39      u64 xen_vastart;
   82.40      u64 xen_vaend;
    83.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    83.2 +++ b/xen/include/asm-ia64/event.h	Tue Jun 21 07:02:30 2005 +0000
    83.3 @@ -0,0 +1,16 @@
    83.4 +/******************************************************************************
    83.5 + * event.h
    83.6 + *
    83.7 + * A nice interface for passing asynchronous events to guest OSes.
    83.8 + * (architecture-dependent part)
    83.9 + *
   83.10 + */
   83.11 +
   83.12 +#ifndef __ASM_EVENT_H__
   83.13 +#define __ASM_EVENT_H__
   83.14 +
   83.15 +static inline void evtchn_notify(struct vcpu *v)
   83.16 +{
   83.17 +}
   83.18 +
   83.19 +#endif
    84.1 --- a/xen/include/asm-ia64/mm.h	Sat Jun 18 00:49:11 2005 +0000
    84.2 +++ b/xen/include/asm-ia64/mm.h	Tue Jun 21 07:02:30 2005 +0000
    84.3 @@ -27,43 +27,12 @@ typedef unsigned long page_flags_t;
    84.4  
    84.5  /*
    84.6   * Per-page-frame information.
    84.7 + * 
    84.8 + * Every architecture must ensure the following:
    84.9 + *  1. 'struct pfn_info' contains a 'struct list_head list'.
   84.10 + *  2. Provide a PFN_ORDER() macro for accessing the order of a free page.
   84.11   */
   84.12 -
   84.13 -//FIXME: This can go away when common/dom0_ops.c is fully arch-independent
   84.14 -#if 0
   84.15 -struct pfn_info
   84.16 -{
   84.17 -    /* Each frame can be threaded onto a doubly-linked list. */
   84.18 -    struct list_head list;
   84.19 -    /* Context-dependent fields follow... */
   84.20 -    union {
   84.21 -
   84.22 -        /* Page is in use by a domain. */
   84.23 -        struct {
   84.24 -            /* Owner of this page. */
   84.25 -            struct domain *domain;
   84.26 -            /* Reference count and various PGC_xxx flags and fields. */
   84.27 -            u32 count_info;
   84.28 -            /* Type reference count and various PGT_xxx flags and fields. */
   84.29 -            u32 type_info;
   84.30 -        } inuse;
   84.31 -
   84.32 -        /* Page is on a free list. */
   84.33 -        struct {
   84.34 -            /* Mask of possibly-tainted TLBs. */
   84.35 -            unsigned long cpu_mask;
   84.36 -            /* Must be at same offset as 'u.inuse.count_flags'. */
   84.37 -            u32 __unavailable;
   84.38 -            /* Order-size of the free chunk this page is the head of. */
   84.39 -            u8 order;
   84.40 -        } free;
   84.41 -
   84.42 -    } u;
   84.43 -
   84.44 -    /* Timestamp from 'TLB clock', used to reduce need for safety flushes. */
   84.45 -    u32 tlbflush_timestamp;
   84.46 -};
   84.47 -#endif
   84.48 +#define PFN_ORDER(_pfn)	((_pfn)->u.free.order)
   84.49  
   84.50  struct page
   84.51  {
   84.52 @@ -82,7 +51,7 @@ struct page
   84.53          /* Page is in use by a domain. */
   84.54          struct {
   84.55              /* Owner of this page. */
   84.56 -            u64	_domain;
   84.57 +            u32	_domain;
   84.58              /* Type reference count and various PGT_xxx flags and fields. */
   84.59              u32 type_info;
   84.60          } inuse;
   84.61 @@ -104,37 +73,49 @@ struct page
   84.62  
   84.63  #define set_page_count(p,v) 	atomic_set(&(p)->_count, v - 1)
   84.64  
   84.65 -//FIXME: These can go away when common/dom0_ops.c is fully arch-independent
   84.66 - /* The following page types are MUTUALLY EXCLUSIVE. */
   84.67 +/* Still small set of flags defined by far on IA-64 */
   84.68 +/* The following page types are MUTUALLY EXCLUSIVE. */
   84.69  #define PGT_none            (0<<29) /* no special uses of this page */
   84.70  #define PGT_l1_page_table   (1<<29) /* using this page as an L1 page table? */
   84.71  #define PGT_l2_page_table   (2<<29) /* using this page as an L2 page table? */
   84.72  #define PGT_l3_page_table   (3<<29) /* using this page as an L3 page table? */
   84.73  #define PGT_l4_page_table   (4<<29) /* using this page as an L4 page table? */
   84.74 -#define PGT_gdt_page        (5<<29) /* using this page in a GDT? */
   84.75 -#define PGT_ldt_page        (6<<29) /* using this page in an LDT? */
   84.76 -#define PGT_writeable_page  (7<<29) /* has writable mappings of this page? */
   84.77 -#define PGT_type_mask       (7<<29) /* Bits 29-31. */
   84.78 +#define PGT_writeable_page  (5<<29) /* has writable mappings of this page? */
   84.79 +#define PGT_type_mask       (5<<29) /* Bits 29-31. */
   84.80 +
   84.81   /* Has this page been validated for use as its current type? */
   84.82  #define _PGT_validated      28
   84.83  #define PGT_validated       (1<<_PGT_validated)
   84.84 - /* 28-bit count of uses of this frame as its current type. */
   84.85 -#define PGT_count_mask      ((1<<28)-1)
   84.86 +/* Owning guest has pinned this page to its current type? */
   84.87 +#define _PGT_pinned         27
   84.88 +#define PGT_pinned          (1U<<_PGT_pinned)
   84.89 +
   84.90 +/* 27-bit count of uses of this frame as its current type. */
   84.91 +#define PGT_count_mask      ((1U<<27)-1)
   84.92  
   84.93  /* Cleared when the owning guest 'frees' this page. */
   84.94  #define _PGC_allocated      31
   84.95  #define PGC_allocated       (1U<<_PGC_allocated)
   84.96 -#define PFN_ORDER(_pfn)	((_pfn)->u.free.order)
   84.97 +/* Set when the page is used as a page table */
   84.98 +#define _PGC_page_table     30
   84.99 +#define PGC_page_table      (1U<<_PGC_page_table)
  84.100 +/* 30-bit count of references to this frame. */
  84.101 +#define PGC_count_mask      ((1U<<30)-1)
  84.102  
  84.103  #define IS_XEN_HEAP_FRAME(_pfn) ((page_to_phys(_pfn) < xenheap_phys_end) \
  84.104  				 && (page_to_phys(_pfn) >= xen_pstart))
  84.105  
  84.106 -#define pickle_domptr(_d)	((u64)(_d))
  84.107 -#define unpickle_domptr(_d)	((struct domain*)(_d))
  84.108 +static inline struct domain *unpickle_domptr(u32 _d)
  84.109 +{ return (_d == 0) ? NULL : __va(_d); }
  84.110 +static inline u32 pickle_domptr(struct domain *_d)
  84.111 +{ return (_d == NULL) ? 0 : (u32)__pa(_d); }
  84.112  
  84.113  #define page_get_owner(_p)	(unpickle_domptr((_p)->u.inuse._domain))
  84.114  #define page_set_owner(_p, _d)	((_p)->u.inuse._domain = pickle_domptr(_d))
  84.115  
  84.116 +/* Dummy now */
  84.117 +#define SHARE_PFN_WITH_DOMAIN(_pfn, _dom) do { } while (0)
  84.118 +
  84.119  extern struct pfn_info *frame_table;
  84.120  extern unsigned long frame_table_size;
  84.121  extern struct list_head free_list;
  84.122 @@ -151,16 +132,46 @@ void add_to_domain_alloc_list(unsigned l
  84.123  
  84.124  static inline void put_page(struct pfn_info *page)
  84.125  {
  84.126 -	dummy();
  84.127 +    u32 nx, x, y = page->count_info;
  84.128 +
  84.129 +    do {
  84.130 +	x = y;
  84.131 +	nx = x - 1;
  84.132 +    }
  84.133 +    while (unlikely((y = cmpxchg(&page->count_info, x, nx)) != x));
  84.134 +
  84.135 +    if (unlikely((nx & PGC_count_mask) == 0))
  84.136 +	free_domheap_page(page);
  84.137  }
  84.138  
  84.139 -
  84.140 +/* count_info and ownership are checked atomically. */
  84.141  static inline int get_page(struct pfn_info *page,
  84.142                             struct domain *domain)
  84.143  {
  84.144 -	dummy();
  84.145 +    u64 x, nx, y = *((u64*)&page->count_info);
  84.146 +    u32 _domain = pickle_domptr(domain);
  84.147 +
  84.148 +    do {
  84.149 +	x = y;
  84.150 +	nx = x + 1;
  84.151 +	if (unlikely((x & PGC_count_mask) == 0) ||	/* Not allocated? */
  84.152 +	    unlikely((nx & PGC_count_mask) == 0) ||	/* Count overflow? */
  84.153 +	    unlikely((x >> 32) != _domain)) {		/* Wrong owner? */
  84.154 +	    DPRINTK("Error pfn %lx: rd=%p, od=%p, caf=%08x, taf=%08x\n",
  84.155 +		page_to_pfn(page), domain, unpickle_domptr(d),
  84.156 +		x, page->u.inuse.typeinfo);
  84.157 +	    return 0;
  84.158 +	}
  84.159 +    }
  84.160 +    while(unlikely(y = cmpxchg(&page->count_info, x, nx)) != x);
  84.161 +
  84.162 +    return 1;
  84.163  }
  84.164  
  84.165 +/* No type info now */
  84.166 +#define put_page_and_type(page) put_page((page))
  84.167 +#define get_page_and_type(page, domain, type) get_page((page))
  84.168 +
  84.169  #define	set_machinetophys(_mfn, _pfn) do { } while(0);
  84.170  
  84.171  #ifdef MEMORY_GUARD
  84.172 @@ -364,17 +375,40 @@ extern unsigned long *mpt_table;
  84.173  #undef machine_to_phys_mapping
  84.174  #define machine_to_phys_mapping	mpt_table
  84.175  
  84.176 +#define INVALID_M2P_ENTRY        (~0U)
  84.177 +#define VALID_M2P(_e)            (!((_e) & (1U<<63)))
  84.178 +#define IS_INVALID_M2P_ENTRY(_e) (!VALID_M2P(_e))
  84.179  /* If pmt table is provided by control pannel later, we need __get_user
  84.180  * here. However if it's allocated by HV, we should access it directly
  84.181  */
  84.182 -#define phys_to_machine_mapping(d, gpfn)	\
  84.183 -    ((d) == dom0 ? gpfn : (d)->arch.pmt[(gpfn)])
  84.184 +#define phys_to_machine_mapping(d, gpfn)			\
  84.185 +    ((d) == dom0 ? gpfn : 					\
  84.186 +	(gpfn <= d->arch.max_pfn ? (d)->arch.pmt[(gpfn)] :	\
  84.187 +		INVALID_MFN))
  84.188  
  84.189  #define __mfn_to_gpfn(_d, mfn)			\
  84.190      machine_to_phys_mapping[(mfn)]
  84.191  
  84.192  #define __gpfn_to_mfn(_d, gpfn)			\
  84.193      phys_to_machine_mapping((_d), (gpfn))
  84.194 +
  84.195 +#define __gpfn_invalid(_d, gpfn)			\
  84.196 +	(__gpfn_to_mfn((_d), (gpfn)) & GPFN_INV_MASK)
  84.197 +
  84.198 +#define __gpfn_valid(_d, gpfn)	!__gpfn_invalid(_d, gpfn)
  84.199 +
  84.200 +/* Return I/O type if trye */
  84.201 +#define __gpfn_is_io(_d, gpfn)				\
  84.202 +	(__gpfn_valid(_d, gpfn) ? 			\
  84.203 +	(__gpfn_to_mfn((_d), (gpfn)) & GPFN_IO_MASK) : 0)
  84.204 +
  84.205 +#define __gpfn_is_mem(_d, gpfn)				\
  84.206 +	(__gpfn_valid(_d, gpfn) ?			\
  84.207 +	((__gpfn_to_mfn((_d), (gpfn)) & GPFN_IO_MASK) == GPFN_MEM) : 0)
  84.208 +
  84.209 +
  84.210 +#define __gpa_to_mpa(_d, gpa)   \
  84.211 +    ((__gpfn_to_mfn((_d),(gpa)>>PAGE_SHIFT)<<PAGE_SHIFT)|((gpa)&~PAGE_MASK))
  84.212  #endif // CONFIG_VTI
  84.213  
  84.214  #endif /* __ASM_IA64_MM_H__ */
    85.1 --- a/xen/include/asm-ia64/tlb.h	Sat Jun 18 00:49:11 2005 +0000
    85.2 +++ b/xen/include/asm-ia64/tlb.h	Tue Jun 21 07:02:30 2005 +0000
    85.3 @@ -39,11 +39,11 @@ typedef struct {
    85.4  typedef union {
    85.5          unsigned long   value;
    85.6          struct {
    85.7 -                uint64_t ve : 1;
    85.8 -                uint64_t rv1 : 1;
    85.9 -                uint64_t ps  : 6;
   85.10 -                uint64_t rid : 24;
   85.11 -                uint64_t rv2 : 32;
   85.12 +                unsigned long ve : 1;
   85.13 +                unsigned long rv1 : 1;
   85.14 +                unsigned long ps  : 6;
   85.15 +                unsigned long rid : 24;
   85.16 +                unsigned long rv2 : 32;
   85.17          };
   85.18  } rr_t;
   85.19  #endif // CONFIG_VTI
    86.1 --- a/xen/include/asm-ia64/vcpu.h	Sat Jun 18 00:49:11 2005 +0000
    86.2 +++ b/xen/include/asm-ia64/vcpu.h	Tue Jun 21 07:02:30 2005 +0000
    86.3 @@ -23,8 +23,8 @@ typedef struct pt_regs REGS;
    86.4  
    86.5  #define PRIVOP_ADDR_COUNT
    86.6  #ifdef PRIVOP_ADDR_COUNT
    86.7 -#define _RSM 0
    86.8 -#define _SSM 1
    86.9 +#define _GET_IFA 0
   86.10 +#define _THASH 1
   86.11  #define PRIVOP_COUNT_NINSTS 2
   86.12  #define PRIVOP_COUNT_NADDRS 30
   86.13  
    87.1 --- a/xen/include/asm-ia64/vhpt.h	Sat Jun 18 00:49:11 2005 +0000
    87.2 +++ b/xen/include/asm-ia64/vhpt.h	Tue Jun 21 07:02:30 2005 +0000
    87.3 @@ -140,12 +140,20 @@ CC_##Name:;							\
    87.4  	mov r16 = cr.ifa;					\
    87.5  	movl r30 = int_counts;					\
    87.6  	;;							\
    87.7 +	extr.u r17=r16,59,5					\
    87.8 +	;;							\
    87.9 +	cmp.eq p6,p0=0x1e,r17;					\
   87.10 +(p6)	br.cond.spnt	.Alt_##Name				\
   87.11 +	;;							\
   87.12 +	cmp.eq p6,p0=0x1d,r17;					\
   87.13 +(p6)	br.cond.spnt	.Alt_##Name				\
   87.14 +	;;							\
   87.15  	thash r28 = r16;					\
   87.16  	adds  r30 = CAUSE_VHPT_CC_HANDLED << 3, r30;		\
   87.17  	;;							\
   87.18  	ttag r19 = r16;						\
   87.19 -	ld8 r27 = [r30];					\
   87.20 -	adds r17 = VLE_CCHAIN_OFFSET, r28;			\
   87.21 +ld8 r27 = [r30];					\
   87.22 +adds r17 = VLE_CCHAIN_OFFSET, r28;			\
   87.23  	;;							\
   87.24  	ld8 r17 = [r17];					\
   87.25  	;;							\
   87.26 @@ -192,6 +200,11 @@ CC_##Name:;							\
   87.27  	rfi;							\
   87.28  	;;							\
   87.29  								\
   87.30 +.Alt_##Name:;							\
   87.31 +	mov pr = r31, 0x1ffff;					\
   87.32 +	;;							\
   87.33 +	br.cond.sptk late_alt_##Name				\
   87.34 +	;;							\
   87.35  .Out_##Name:;							\
   87.36  	mov pr = r31, 0x1ffff;					\
   87.37  	;;							\
    88.1 --- a/xen/include/asm-ia64/vmmu.h	Sat Jun 18 00:49:11 2005 +0000
    88.2 +++ b/xen/include/asm-ia64/vmmu.h	Tue Jun 21 07:02:30 2005 +0000
    88.3 @@ -28,13 +28,13 @@
    88.4  #include "public/xen.h"
    88.5  #include "asm/tlb.h"
    88.6  
    88.7 -#define         THASH_TLB_TR            0
    88.8 -#define         THASH_TLB_TC            1
    88.9 -#define         THASH_TLB_FM            2       // foreign map
   88.10 +//#define         THASH_TLB_TR            0
   88.11 +//#define         THASH_TLB_TC            1
   88.12  
   88.13 -#define         THASH_SECTION_TR        (1<<0)
   88.14 -#define         THASH_SECTION_TC        (1<<1)
   88.15 -#define         THASH_SECTION_FM        (1<<2)
   88.16 +
   88.17 +// bit definition of TR, TC search cmobination
   88.18 +//#define         THASH_SECTION_TR        (1<<0)
   88.19 +//#define         THASH_SECTION_TC        (1<<1)
   88.20  
   88.21  /*
   88.22   * Next bit definition must be same with THASH_TLB_XX
   88.23 @@ -43,8 +43,7 @@ typedef union search_section {
   88.24          struct {
   88.25                  u32 tr : 1;
   88.26                  u32 tc : 1;
   88.27 -                u32 fm : 1;
   88.28 -                u32 rsv: 29;
   88.29 +                u32 rsv: 30;
   88.30          };
   88.31          u32     v;
   88.32  } search_section_t;
   88.33 @@ -80,12 +79,10 @@ typedef struct thash_data {
   88.34              u64 ig1  :  11; //53-63
   88.35          };
   88.36          struct {
   88.37 -            u64 __rv1 : 12;
   88.38 -            // sizeof(domid_t) must be less than 38!!! Refer to its definition
   88.39 -            u64 fm_dom : 38; // 12-49 foreign map domain ID
   88.40 -            u64 __rv2 : 3;   // 50-52
   88.41 +            u64 __rv1 : 53;	// 0-52
   88.42              // next extension to ig1, only for TLB instance
   88.43 -            u64 section : 2;     // 53-54 TR, TC or FM (thash_TLB_XX)
   88.44 +            u64 tc : 1;     // 53 TR or TC
   88.45 +            u64 locked  : 1;	// 54 entry locked or not
   88.46              CACHE_LINE_TYPE cl : 1; // I side or D side cache line
   88.47              u64 nomap : 1;   // entry cann't be inserted into machine TLB.
   88.48              u64 __ig1  :  5; // 56-61
   88.49 @@ -227,8 +224,8 @@ typedef struct thash_cb {
   88.50             INVALID_ENTRY(hcb, hash) = 1;        \
   88.51             hash->next = NULL; }
   88.52  
   88.53 -#define PURGABLE_ENTRY(hcb,en)          \
   88.54 -                ((hcb)->ht == THASH_VHPT || (en)->section == THASH_TLB_TC)
   88.55 +#define PURGABLE_ENTRY(hcb,en)  \
   88.56 +		((hcb)->ht == THASH_VHPT || ( (en)->tc && !(en->locked)) )
   88.57  
   88.58  
   88.59  /*
   88.60 @@ -306,7 +303,7 @@ extern void thash_purge_entries_ex(thash
   88.61                          u64 rid, u64 va, u64 sz, 
   88.62                          search_section_t p_sect, 
   88.63                          CACHE_LINE_TYPE cl);
   88.64 -extern thash_cb_t *init_domain_tlb(struct vcpu *d);
   88.65 +extern void thash_purge_and_insert(thash_cb_t *hcb, thash_data_t *in);
   88.66  
   88.67  /*
   88.68   * Purge all TCs or VHPT entries including those in Hash table.
   88.69 @@ -323,6 +320,7 @@ extern thash_data_t *vtlb_lookup(thash_c
   88.70                          thash_data_t *in);
   88.71  extern thash_data_t *vtlb_lookup_ex(thash_cb_t *hcb, 
   88.72                          u64 rid, u64 va,CACHE_LINE_TYPE cl);
   88.73 +extern int thash_lock_tc(thash_cb_t *hcb, u64 va, u64 size, int rid, char cl, int lock);
   88.74  
   88.75  
   88.76  #define   ITIR_RV_MASK      (((1UL<<32)-1)<<32 | 0x3)
   88.77 @@ -332,6 +330,7 @@ extern u64 machine_thash(PTA pta, u64 va
   88.78  extern void purge_machine_tc_by_domid(domid_t domid);
   88.79  extern void machine_tlb_insert(struct vcpu *d, thash_data_t *tlb);
   88.80  extern rr_t vmmu_get_rr(struct vcpu *vcpu, u64 va);
   88.81 +extern thash_cb_t *init_domain_tlb(struct vcpu *d);
   88.82  
   88.83  #define   VTLB_DEBUG
   88.84  #ifdef   VTLB_DEBUG
    89.1 --- a/xen/include/asm-ia64/vmx_platform.h	Sat Jun 18 00:49:11 2005 +0000
    89.2 +++ b/xen/include/asm-ia64/vmx_platform.h	Tue Jun 21 07:02:30 2005 +0000
    89.3 @@ -25,7 +25,7 @@
    89.4  struct mmio_list;
    89.5  typedef struct virutal_platform_def {
    89.6      //unsigned long          *real_mode_data; /* E820, etc. */
    89.7 -    //unsigned long          shared_page_va;
    89.8 +    unsigned long          shared_page_va;
    89.9      //struct vmx_virpit_t    vmx_pit;
   89.10      //struct vmx_handler_t   vmx_handler;
   89.11      //struct mi_per_cpu_info mpci;            /* MMIO */
    90.1 --- a/xen/include/asm-ia64/vmx_ptrace.h	Sat Jun 18 00:49:11 2005 +0000
    90.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    90.3 @@ -1,97 +0,0 @@
    90.4 -/*
    90.5 - * Copyright (C) 1998-2003 Hewlett-Packard Co
    90.6 - *  David Mosberger-Tang <davidm@hpl.hp.com>
    90.7 - *  Stephane Eranian <eranian@hpl.hp.com>
    90.8 - * Copyright (C) 2003 Intel Co
    90.9 - *  Suresh Siddha <suresh.b.siddha@intel.com>
   90.10 - *  Fenghua Yu <fenghua.yu@intel.com>
   90.11 - *  Arun Sharma <arun.sharma@intel.com>
   90.12 - *
   90.13 - * 12/07/98 S. Eranian  added pt_regs & switch_stack
   90.14 - * 12/21/98 D. Mosberger    updated to match latest code
   90.15 - *  6/17/99 D. Mosberger    added second unat member to "struct switch_stack"
   90.16 - *  4/28/05 Anthony Xu	  ported to Xen
   90.17 - *
   90.18 - */
   90.19 -
   90.20 -struct pt_regs {
   90.21 -	/* The following registers are saved by SAVE_MIN: */
   90.22 -	unsigned long b6;		/* scratch */
   90.23 -	unsigned long b7;		/* scratch */
   90.24 -
   90.25 -	unsigned long ar_csd;           /* used by cmp8xchg16 (scratch) */
   90.26 -	unsigned long ar_ssd;           /* reserved for future use (scratch) */
   90.27 -
   90.28 -	unsigned long r8;		/* scratch (return value register 0) */
   90.29 -	unsigned long r9;		/* scratch (return value register 1) */
   90.30 -	unsigned long r10;		/* scratch (return value register 2) */
   90.31 -	unsigned long r11;		/* scratch (return value register 3) */
   90.32 -
   90.33 -	unsigned long cr_ipsr;		/* interrupted task's psr */
   90.34 -	unsigned long cr_iip;		/* interrupted task's instruction pointer */
   90.35 -	unsigned long cr_ifs;		/* interrupted task's function state */
   90.36 -
   90.37 -	unsigned long ar_unat;		/* interrupted task's NaT register (preserved) */
   90.38 -	unsigned long ar_pfs;		/* prev function state  */
   90.39 -	unsigned long ar_rsc;		/* RSE configuration */
   90.40 -	/* The following two are valid only if cr_ipsr.cpl > 0: */
   90.41 -	unsigned long ar_rnat;		/* RSE NaT */
   90.42 -	unsigned long ar_bspstore;	/* RSE bspstore */
   90.43 -
   90.44 -	unsigned long pr;		/* 64 predicate registers (1 bit each) */
   90.45 -	unsigned long b0;		/* return pointer (bp) */
   90.46 -	unsigned long loadrs;		/* size of dirty partition << 16 */
   90.47 -
   90.48 -	unsigned long r1;		/* the gp pointer */
   90.49 -	unsigned long r12;		/* interrupted task's memory stack pointer */
   90.50 -	unsigned long r13;		/* thread pointer */
   90.51 -
   90.52 -	unsigned long ar_fpsr;		/* floating point status (preserved) */
   90.53 -	unsigned long r15;		/* scratch */
   90.54 -
   90.55 -	/* The remaining registers are NOT saved for system calls.  */
   90.56 -
   90.57 -	unsigned long r14;		/* scratch */
   90.58 -	unsigned long r2;		/* scratch */
   90.59 -	unsigned long r3;		/* scratch */
   90.60 -	unsigned long r4;		/* preserved */
   90.61 -	unsigned long r5;		/* preserved */
   90.62 -	unsigned long r6;		/* preserved */
   90.63 -	unsigned long r7;		/* preserved */
   90.64 -    unsigned long cr_iipa;   /* for emulation */
   90.65 -    unsigned long cr_isr;    /* for emulation */
   90.66 -    unsigned long eml_unat;    /* used for emulating instruction */
   90.67 -    unsigned long rfi_pfs;     /* used for elulating rfi */
   90.68 -
   90.69 -	/* The following registers are saved by SAVE_REST: */
   90.70 -	unsigned long r16;		/* scratch */
   90.71 -	unsigned long r17;		/* scratch */
   90.72 -	unsigned long r18;		/* scratch */
   90.73 -	unsigned long r19;		/* scratch */
   90.74 -	unsigned long r20;		/* scratch */
   90.75 -	unsigned long r21;		/* scratch */
   90.76 -	unsigned long r22;		/* scratch */
   90.77 -	unsigned long r23;		/* scratch */
   90.78 -	unsigned long r24;		/* scratch */
   90.79 -	unsigned long r25;		/* scratch */
   90.80 -	unsigned long r26;		/* scratch */
   90.81 -	unsigned long r27;		/* scratch */
   90.82 -	unsigned long r28;		/* scratch */
   90.83 -	unsigned long r29;		/* scratch */
   90.84 -	unsigned long r30;		/* scratch */
   90.85 -	unsigned long r31;		/* scratch */
   90.86 -
   90.87 -	unsigned long ar_ccv;		/* compare/exchange value (scratch) */
   90.88 -
   90.89 -	/*
   90.90 -	 * Floating point registers that the kernel considers scratch:
   90.91 -	 */
   90.92 -	struct ia64_fpreg f6;		/* scratch */
   90.93 -	struct ia64_fpreg f7;		/* scratch */
   90.94 -	struct ia64_fpreg f8;		/* scratch */
   90.95 -	struct ia64_fpreg f9;		/* scratch */
   90.96 -	struct ia64_fpreg f10;		/* scratch */
   90.97 -	struct ia64_fpreg f11;		/* scratch */
   90.98 -};
   90.99 -
  90.100 -
    91.1 --- a/xen/include/asm-ia64/vmx_vpd.h	Sat Jun 18 00:49:11 2005 +0000
    91.2 +++ b/xen/include/asm-ia64/vmx_vpd.h	Tue Jun 21 07:02:30 2005 +0000
    91.3 @@ -26,6 +26,7 @@
    91.4  
    91.5  #include <asm/vtm.h>
    91.6  #include <asm/vmx_platform.h>
    91.7 +#include <public/arch-ia64.h>
    91.8  
    91.9  #define VPD_SHIFT	17	/* 128K requirement */
   91.10  #define VPD_SIZE	(1 << VPD_SHIFT)
    92.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    92.2 +++ b/xen/include/asm-x86/event.h	Tue Jun 21 07:02:30 2005 +0000
    92.3 @@ -0,0 +1,16 @@
    92.4 +/******************************************************************************
    92.5 + * event.h
    92.6 + *
    92.7 + * A nice interface for passing asynchronous events to guest OSes.
    92.8 + * (architecture-dependent part)
    92.9 + *
   92.10 + */
   92.11 +
   92.12 +#ifndef __ASM_EVENT_H__
   92.13 +#define __ASM_EVENT_H__
   92.14 +
   92.15 +static inline void evtchn_notify(struct vcpu *v)
   92.16 +{
   92.17 +}
   92.18 +
   92.19 +#endif
    93.1 --- a/xen/include/asm-x86/processor.h	Sat Jun 18 00:49:11 2005 +0000
    93.2 +++ b/xen/include/asm-x86/processor.h	Tue Jun 21 07:02:30 2005 +0000
    93.3 @@ -181,6 +181,7 @@ extern struct cpuinfo_x86 cpu_data[];
    93.4  #endif
    93.5  
    93.6  extern int phys_proc_id[NR_CPUS];
    93.7 +extern int cpu_core_id[NR_CPUS];
    93.8  
    93.9  extern void identify_cpu(struct cpuinfo_x86 *);
   93.10  extern void print_cpu_info(struct cpuinfo_x86 *);
    94.1 --- a/xen/include/asm-x86/smp.h	Sat Jun 18 00:49:11 2005 +0000
    94.2 +++ b/xen/include/asm-x86/smp.h	Tue Jun 21 07:02:30 2005 +0000
    94.3 @@ -8,6 +8,7 @@
    94.4  #include <xen/config.h>
    94.5  #include <xen/kernel.h>
    94.6  #include <xen/cpumask.h>
    94.7 +#include <asm/current.h>
    94.8  #endif
    94.9  
   94.10  #ifdef CONFIG_X86_LOCAL_APIC
   94.11 @@ -34,6 +35,7 @@ extern void smp_alloc_memory(void);
   94.12  extern int pic_mode;
   94.13  extern int smp_num_siblings;
   94.14  extern cpumask_t cpu_sibling_map[];
   94.15 +extern cpumask_t cpu_core_map[];
   94.16  
   94.17  extern void smp_flush_tlb(void);
   94.18  extern void smp_invalidate_rcv(void);		/* Process an NMI */
    95.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    95.2 +++ b/xen/include/public/acm.h	Tue Jun 21 07:02:30 2005 +0000
    95.3 @@ -0,0 +1,161 @@
    95.4 +/****************************************************************
    95.5 + * acm.h
    95.6 + * 
    95.7 + * Copyright (C) 2005 IBM Corporation
    95.8 + *
    95.9 + * Author:
   95.10 + * Reiner Sailer <sailer@watson.ibm.com>
   95.11 + *
   95.12 + * Contributors:
   95.13 + * Stefan Berger <stefanb@watson.ibm.com> 
   95.14 + *	added network byte order support for binary policies
   95.15 + *
   95.16 + * This program is free software; you can redistribute it and/or
   95.17 + * modify it under the terms of the GNU General Public License as
   95.18 + * published by the Free Software Foundation, version 2 of the
   95.19 + * License.
   95.20 + *
   95.21 + * sHype general access control module header file.
   95.22 + *     here are all definitions that are shared between
   95.23 + *     xen-core, guest-kernels, and applications.
   95.24 + *
   95.25 + * todo: move from static policy choice to compile option.
   95.26 + */
   95.27 +
   95.28 +#ifndef _XEN_PUBLIC_SHYPE_H
   95.29 +#define _XEN_PUBLIC_SHYPE_H
   95.30 +
   95.31 +#include "xen.h"
   95.32 +#include "sched_ctl.h"
   95.33 +
   95.34 +/* if ACM_DEBUG defined, all hooks should
   95.35 + * print a short trace message (comment it out
   95.36 + * when not in testing mode )
   95.37 + */
   95.38 +/* #define ACM_DEBUG */
   95.39 +
   95.40 +#ifdef ACM_DEBUG
   95.41 +#  define printkd(fmt, args...) printk(fmt,## args)
   95.42 +#else
   95.43 +#  define printkd(fmt, args...)
   95.44 +#endif
   95.45 +
   95.46 +/* default ssid reference value if not supplied */
   95.47 +#define ACM_DEFAULT_SSID 	0xffffffff
   95.48 +#define ACM_DEFAULT_LOCAL_SSID  0xffff
   95.49 +
   95.50 +/* Internal ACM ERROR types */
   95.51 +#define ACM_OK				 0
   95.52 +#define ACM_UNDEF			-1
   95.53 +#define ACM_INIT_SSID_ERROR		-2
   95.54 +#define ACM_INIT_SOID_ERROR		-3
   95.55 +#define ACM_ERROR		        -4
   95.56 +
   95.57 +/* External ACCESS DECISIONS */
   95.58 +#define ACM_ACCESS_PERMITTED		0
   95.59 +#define ACM_ACCESS_DENIED		-111
   95.60 +#define ACM_NULL_POINTER_ERROR		-200
   95.61 +
   95.62 +#define ACM_MAX_POLICY  3
   95.63 +
   95.64 +#define ACM_NULL_POLICY	0
   95.65 +#define ACM_CHINESE_WALL_POLICY	1
   95.66 +#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
   95.67 +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3
   95.68 +
   95.69 +/* policy: */
   95.70 +#define ACM_POLICY_NAME(X) \
   95.71 +	(X == ACM_NULL_POLICY) ? "NULL policy" : \
   95.72 +	(X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \
   95.73 +	(X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \
   95.74 +	(X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \
   95.75 +	"UNDEFINED policy"
   95.76 +
   95.77 +#ifndef ACM_USE_SECURITY_POLICY
   95.78 +#define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
   95.79 +#endif
   95.80 +
   95.81 +/* defines a ssid reference used by xen */
   95.82 +typedef u32 ssidref_t;
   95.83 +
   95.84 +/* -------security policy relevant type definitions-------- */
   95.85 +
   95.86 +/* type identifier; compares to "equal" or "not equal" */
   95.87 +typedef u16 domaintype_t;
   95.88 +
   95.89 +/* CHINESE WALL POLICY DATA STRUCTURES
   95.90 + *
   95.91 + * current accumulated conflict type set:
   95.92 + * When a domain is started and has a type that is in
   95.93 + * a conflict set, the conflicting types are incremented in
   95.94 + * the aggregate set. When a domain is destroyed, the 
   95.95 + * conflicting types to its type are decremented.
   95.96 + * If a domain has multiple types, this procedure works over
   95.97 + * all those types.
   95.98 + *
   95.99 + * conflict_aggregate_set[i] holds the number of
  95.100 + *   running domains that have a conflict with type i.
  95.101 + *
  95.102 + * running_types[i] holds the number of running domains
  95.103 + *        that include type i in their ssidref-referenced type set
  95.104 + *
  95.105 + * conflict_sets[i][j] is "0" if type j has no conflict
  95.106 + *    with type i and is "1" otherwise.
  95.107 + */
  95.108 +/* high-16 = version, low-16 = check magic */
  95.109 +#define ACM_MAGIC		0x0001debc
  95.110 +
  95.111 +/* each offset in bytes from start of the struct they
  95.112 + *   the are part of */
  95.113 +/* each buffer consists of all policy information for
  95.114 + * the respective policy given in the policy code
  95.115 + */
  95.116 +struct acm_policy_buffer {
  95.117 +        u32 magic;
  95.118 +	u32 policyversion;
  95.119 +	u32 len;
  95.120 +	u16 primary_policy_code;
  95.121 +	u16 primary_buffer_offset;
  95.122 +	u16 secondary_policy_code;
  95.123 +	u16 secondary_buffer_offset;
  95.124 +};
  95.125 +
  95.126 +struct acm_chwall_policy_buffer {
  95.127 +	u16 policy_code;
  95.128 +	u16 chwall_max_types;
  95.129 +	u16 chwall_max_ssidrefs;
  95.130 +	u16 chwall_max_conflictsets;
  95.131 +	u16 chwall_ssid_offset;
  95.132 +	u16 chwall_conflict_sets_offset;
  95.133 +	u16 chwall_running_types_offset;
  95.134 +	u16 chwall_conflict_aggregate_offset;
  95.135 +};
  95.136 +
  95.137 +struct acm_ste_policy_buffer {
  95.138 +	u16 policy_code;
  95.139 +	u16 ste_max_types;
  95.140 +	u16 ste_max_ssidrefs;
  95.141 +	u16 ste_ssid_offset;
  95.142 +};
  95.143 +
  95.144 +struct acm_stats_buffer {
  95.145 +        u32 magic;
  95.146 +	u32 policyversion;
  95.147 +	u32 len;
  95.148 +	u16 primary_policy_code;
  95.149 +	u16 primary_stats_offset;
  95.150 +	u16 secondary_policy_code;
  95.151 +	u16 secondary_stats_offset;
  95.152 +};
  95.153 +
  95.154 +struct acm_ste_stats_buffer {
  95.155 +	u32 ec_eval_count;
  95.156 +	u32 gt_eval_count;
  95.157 +	u32 ec_denied_count;
  95.158 +	u32 gt_denied_count; 
  95.159 +	u32 ec_cachehit_count;
  95.160 +	u32 gt_cachehit_count;
  95.161 +};
  95.162 +
  95.163 +
  95.164 +#endif
    96.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    96.2 +++ b/xen/include/public/acm_dom0_setup.h	Tue Jun 21 07:02:30 2005 +0000
    96.3 @@ -0,0 +1,34 @@
    96.4 +/****************************************************************
    96.5 + * acm_dom0_setup.h
    96.6 + * 
    96.7 + * Copyright (C) 2005 IBM Corporation
    96.8 + *
    96.9 + * Author:
   96.10 + * Reiner Sailer <sailer@watson.ibm.com>
   96.11 + *
   96.12 + * Includes necessary definitions to bring-up dom0
   96.13 + */
   96.14 +#include <acm/acm_hooks.h>
   96.15 +
   96.16 +extern int acm_init(void);
   96.17 +
   96.18 +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
   96.19 +
   96.20 +static inline void acm_post_domain0_create(domid_t domid) 
   96.21 +{ 
   96.22 +	return; 
   96.23 +}
   96.24 +
   96.25 +#else
   96.26 +
   96.27 +/* predefined ssidref for DOM0 used by xen when creating DOM0 */
   96.28 +#define ACM_DOM0_SSIDREF	0
   96.29 +
   96.30 +static inline void acm_post_domain0_create(domid_t domid)
   96.31 +{
   96.32 +	/* initialialize shared sHype security labels for new domain */
   96.33 +	acm_init_domain_ssid(domid, ACM_DOM0_SSIDREF);
   96.34 +	acm_post_domain_create(domid, ACM_DOM0_SSIDREF);
   96.35 +}
   96.36 +
   96.37 +#endif
    97.1 --- a/xen/include/public/arch-ia64.h	Sat Jun 18 00:49:11 2005 +0000
    97.2 +++ b/xen/include/public/arch-ia64.h	Tue Jun 21 07:02:30 2005 +0000
    97.3 @@ -14,11 +14,41 @@
    97.4  #define _MEMORY_PADDING(_X)
    97.5  #define MEMORY_PADDING 
    97.6  
    97.7 +/* Maximum number of virtual CPUs in multi-processor guests. */
    97.8 +/* WARNING: before changing this, check that shared_info fits on a page */
    97.9 +#define MAX_VIRT_CPUS 1
   97.10 +
   97.11  #ifndef __ASSEMBLY__
   97.12  
   97.13  /* NB. Both the following are 64 bits each. */
   97.14  typedef unsigned long memory_t;   /* Full-sized pointer/address/memory-size. */
   97.15  
   97.16 +#define MAX_NR_SECTION  32  // at most 32 memory holes
   97.17 +typedef struct {
   97.18 +    unsigned long	start; 	/* start of memory hole */
   97.19 +    unsigned long	end;	/* end of memory hole */
   97.20 +} mm_section_t;
   97.21 +
   97.22 +typedef struct {
   97.23 +    unsigned long	mfn : 56;
   97.24 +    unsigned long	type: 8;
   97.25 +} pmt_entry_t;
   97.26 +
   97.27 +#define GPFN_MEM		(0UL << 56)	/* Guest pfn is normal mem */
   97.28 +#define GPFN_FRAME_BUFFER	(1UL << 56)	/* VGA framebuffer */
   97.29 +#define GPFN_LOW_MMIO		(2UL << 56)	/* Low MMIO range */
   97.30 +#define GPFN_PIB		(3UL << 56)	/* PIB base */
   97.31 +#define GPFN_IOSAPIC		(4UL << 56)	/* IOSAPIC base */
   97.32 +#define GPFN_LEGACY_IO		(5UL << 56)	/* Legacy I/O base */
   97.33 +#define GPFN_GFW		(6UL << 56)	/* Guest Firmware */
   97.34 +#define GPFN_HIGH_MMIO		(7UL << 56)	/* High MMIO range */
   97.35 +
   97.36 +#define GPFN_IO_MASK		(7UL << 56)	/* Guest pfn is I/O type */
   97.37 +#define GPFN_INV_MASK		(31UL << 59)	/* Guest pfn is invalid */
   97.38 +
   97.39 +#define INVALID_MFN              (~0UL)
   97.40 +
   97.41 +
   97.42  typedef struct
   97.43  {
   97.44  } PACKED cpu_user_regs;
   97.45 @@ -28,11 +58,99 @@ typedef struct
   97.46   * structure size will still be 8 bytes, so no other alignments will change.
   97.47   */
   97.48  typedef struct {
   97.49 -    u32  tsc_bits;      /* 0: 32 bits read from the CPU's TSC. */
   97.50 -    u32  tsc_bitshift;  /* 4: 'tsc_bits' uses N:N+31 of TSC.   */
   97.51 +    unsigned int  tsc_bits;      /* 0: 32 bits read from the CPU's TSC. */
   97.52 +    unsigned int  tsc_bitshift;  /* 4: 'tsc_bits' uses N:N+31 of TSC.   */
   97.53  } PACKED tsc_timestamp_t; /* 8 bytes */
   97.54  
   97.55 -#include <asm/tlb.h>	/* TR_ENTRY */
   97.56 +struct pt_fpreg {
   97.57 +        union {
   97.58 +                unsigned long bits[2];
   97.59 +                long double __dummy;    /* force 16-byte alignment */
   97.60 +        } u;
   97.61 +};
   97.62 +
   97.63 +struct pt_regs {
   97.64 +	/* The following registers are saved by SAVE_MIN: */
   97.65 +	unsigned long b6;		/* scratch */
   97.66 +	unsigned long b7;		/* scratch */
   97.67 +
   97.68 +	unsigned long ar_csd;           /* used by cmp8xchg16 (scratch) */
   97.69 +	unsigned long ar_ssd;           /* reserved for future use (scratch) */
   97.70 +
   97.71 +	unsigned long r8;		/* scratch (return value register 0) */
   97.72 +	unsigned long r9;		/* scratch (return value register 1) */
   97.73 +	unsigned long r10;		/* scratch (return value register 2) */
   97.74 +	unsigned long r11;		/* scratch (return value register 3) */
   97.75 +
   97.76 +	unsigned long cr_ipsr;		/* interrupted task's psr */
   97.77 +	unsigned long cr_iip;		/* interrupted task's instruction pointer */
   97.78 +	unsigned long cr_ifs;		/* interrupted task's function state */
   97.79 +
   97.80 +	unsigned long ar_unat;		/* interrupted task's NaT register (preserved) */
   97.81 +	unsigned long ar_pfs;		/* prev function state  */
   97.82 +	unsigned long ar_rsc;		/* RSE configuration */
   97.83 +	/* The following two are valid only if cr_ipsr.cpl > 0: */
   97.84 +	unsigned long ar_rnat;		/* RSE NaT */
   97.85 +	unsigned long ar_bspstore;	/* RSE bspstore */
   97.86 +
   97.87 +	unsigned long pr;		/* 64 predicate registers (1 bit each) */
   97.88 +	unsigned long b0;		/* return pointer (bp) */
   97.89 +	unsigned long loadrs;		/* size of dirty partition << 16 */
   97.90 +
   97.91 +	unsigned long r1;		/* the gp pointer */
   97.92 +	unsigned long r12;		/* interrupted task's memory stack pointer */
   97.93 +	unsigned long r13;		/* thread pointer */
   97.94 +
   97.95 +	unsigned long ar_fpsr;		/* floating point status (preserved) */
   97.96 +	unsigned long r15;		/* scratch */
   97.97 +
   97.98 +	/* The remaining registers are NOT saved for system calls.  */
   97.99 +
  97.100 +	unsigned long r14;		/* scratch */
  97.101 +	unsigned long r2;		/* scratch */
  97.102 +	unsigned long r3;		/* scratch */
  97.103 +
  97.104 +#ifdef CONFIG_VTI
  97.105 +	unsigned long r4;		/* preserved */
  97.106 +	unsigned long r5;		/* preserved */
  97.107 +	unsigned long r6;		/* preserved */
  97.108 +	unsigned long r7;		/* preserved */
  97.109 +	unsigned long cr_iipa;   /* for emulation */
  97.110 +	unsigned long cr_isr;    /* for emulation */
  97.111 +	unsigned long eml_unat;    /* used for emulating instruction */
  97.112 +	unsigned long rfi_pfs;     /* used for elulating rfi */
  97.113 +#endif
  97.114 +
  97.115 +	/* The following registers are saved by SAVE_REST: */
  97.116 +	unsigned long r16;		/* scratch */
  97.117 +	unsigned long r17;		/* scratch */
  97.118 +	unsigned long r18;		/* scratch */
  97.119 +	unsigned long r19;		/* scratch */
  97.120 +	unsigned long r20;		/* scratch */
  97.121 +	unsigned long r21;		/* scratch */
  97.122 +	unsigned long r22;		/* scratch */
  97.123 +	unsigned long r23;		/* scratch */
  97.124 +	unsigned long r24;		/* scratch */
  97.125 +	unsigned long r25;		/* scratch */
  97.126 +	unsigned long r26;		/* scratch */
  97.127 +	unsigned long r27;		/* scratch */
  97.128 +	unsigned long r28;		/* scratch */
  97.129 +	unsigned long r29;		/* scratch */
  97.130 +	unsigned long r30;		/* scratch */
  97.131 +	unsigned long r31;		/* scratch */
  97.132 +
  97.133 +	unsigned long ar_ccv;		/* compare/exchange value (scratch) */
  97.134 +
  97.135 +	/*
  97.136 +	 * Floating point registers that the kernel considers scratch:
  97.137 +	 */
  97.138 +	struct pt_fpreg f6;		/* scratch */
  97.139 +	struct pt_fpreg f7;		/* scratch */
  97.140 +	struct pt_fpreg f8;		/* scratch */
  97.141 +	struct pt_fpreg f9;		/* scratch */
  97.142 +	struct pt_fpreg f10;		/* scratch */
  97.143 +	struct pt_fpreg f11;		/* scratch */
  97.144 +};
  97.145  
  97.146  typedef struct {
  97.147  	unsigned long ipsr;
  97.148 @@ -64,18 +182,20 @@ typedef struct {
  97.149  	unsigned long krs[8];	// kernel registers
  97.150  	unsigned long pkrs[8];	// protection key registers
  97.151  	unsigned long tmp[8];	// temp registers (e.g. for hyperprivops)
  97.152 -//} PACKED arch_shared_info_t;
  97.153 +//} PACKED arch_vcpu_info_t;
  97.154  } arch_vcpu_info_t;		// DON'T PACK 
  97.155  
  97.156  typedef struct {
  97.157 +	int evtchn_vector;
  97.158 +	int domain_controller_evtchn;
  97.159 +	unsigned int flags;
  97.160 +//} PACKED arch_shared_info_t;
  97.161  } arch_shared_info_t;		// DON'T PACK 
  97.162  
  97.163 -/*
  97.164 - * The following is all CPU context. Note that the i387_ctxt block is filled 
  97.165 - * in by FXSAVE if the CPU has feature FXSR; otherwise FSAVE is used.
  97.166 - */
  97.167  typedef struct vcpu_guest_context {
  97.168 -    //unsigned long flags;
  97.169 +	struct pt_regs regs;
  97.170 +	arch_vcpu_info_t vcpu;
  97.171 +	arch_shared_info_t shared;
  97.172  } PACKED vcpu_guest_context_t;
  97.173  
  97.174  #endif /* !__ASSEMBLY__ */
    98.1 --- a/xen/include/public/arch-x86_32.h	Sat Jun 18 00:49:11 2005 +0000
    98.2 +++ b/xen/include/public/arch-x86_32.h	Tue Jun 21 07:02:30 2005 +0000
    98.3 @@ -73,6 +73,9 @@
    98.4  #define machine_to_phys_mapping ((u32 *)HYPERVISOR_VIRT_START)
    98.5  #endif
    98.6  
    98.7 +/* Maximum number of virtual CPUs in multi-processor guests. */
    98.8 +#define MAX_VIRT_CPUS 32
    98.9 +
   98.10  #ifndef __ASSEMBLY__
   98.11  
   98.12  /* NB. Both the following are 32 bits each. */
    99.1 --- a/xen/include/public/arch-x86_64.h	Sat Jun 18 00:49:11 2005 +0000
    99.2 +++ b/xen/include/public/arch-x86_64.h	Tue Jun 21 07:02:30 2005 +0000
    99.3 @@ -73,6 +73,9 @@
    99.4  #define HYPERVISOR_VIRT_END   (0xFFFF880000000000UL)
    99.5  #endif
    99.6  
    99.7 +/* Maximum number of virtual CPUs in multi-processor guests. */
    99.8 +#define MAX_VIRT_CPUS 32
    99.9 +
   99.10  #ifndef __ASSEMBLY__
   99.11  
   99.12  /* The machine->physical mapping table starts at this address, read-only. */
   100.1 --- a/xen/include/public/dom0_ops.h	Sat Jun 18 00:49:11 2005 +0000
   100.2 +++ b/xen/include/public/dom0_ops.h	Tue Jun 21 07:02:30 2005 +0000
   100.3 @@ -43,6 +43,8 @@ typedef struct sched_adjdom_cmd dom0_adj
   100.4  
   100.5  #define DOM0_CREATEDOMAIN      8
   100.6  typedef struct {
   100.7 +    /* IN parameters */
   100.8 +    u32 ssidref;
   100.9      /* IN/OUT parameters. */
  100.10      /* Identifier for new domain (auto-allocate if zero is specified). */
  100.11      domid_t domain;
  100.12 @@ -88,6 +90,7 @@ typedef struct {
  100.13      u32      n_vcpu;
  100.14      s32      vcpu_to_cpu[MAX_VIRT_CPUS];  /* current mapping   */
  100.15      cpumap_t cpumap[MAX_VIRT_CPUS];       /* allowable mapping */
  100.16 +    u32	     ssidref;
  100.17  } dom0_getdomaininfo_t;
  100.18  
  100.19  #define DOM0_SETDOMAININFO      13
   101.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
   101.2 +++ b/xen/include/public/policy_ops.h	Tue Jun 21 07:02:30 2005 +0000
   101.3 @@ -0,0 +1,74 @@
   101.4 +/******************************************************************************
   101.5 + * policy_ops.h
   101.6 + * 
   101.7 + * Copyright (C) 2005 IBM Corporation
   101.8 + *
   101.9 + * Author:
  101.10 + * Reiner Sailer <sailer@watson.ibm.com>
  101.11 + *
  101.12 + * This program is free software; you can redistribute it and/or
  101.13 + * modify it under the terms of the GNU General Public License as
  101.14 + * published by the Free Software Foundation, version 2 of the
  101.15 + * License. 
  101.16 + *
  101.17 + * Process policy command requests from guest OS.
  101.18 + * access checked by policy; not restricted to DOM0
  101.19 + * 
  101.20 + */
  101.21 +
  101.22 +
  101.23 +#ifndef __XEN_PUBLIC_POLICY_OPS_H__
  101.24 +#define __XEN_PUBLIC_POLICY_OPS_H__
  101.25 +
  101.26 +#include "xen.h"
  101.27 +#include "sched_ctl.h"
  101.28 +
  101.29 +/*
  101.30 + * Make sure you increment the interface version whenever you modify this file!
  101.31 + * This makes sure that old versions of policy tools will stop working in a
  101.32 + * well-defined way (rather than crashing the machine, for instance).
  101.33 + */
  101.34 +#define POLICY_INTERFACE_VERSION   0xAAAA0001
  101.35 +
  101.36 +/************************************************************************/
  101.37 +
  101.38 +#define POLICY_SETPOLICY        	4
  101.39 +typedef struct {
  101.40 +    /* IN variables. */
  101.41 +    u16           policy_type;
  101.42 +    u16		  padding1;
  101.43 +    /* OUT variables */
  101.44 +    void  	  *pushcache;
  101.45 +    u16           pushcache_size;
  101.46 +} PACKED policy_setpolicy_t;          
  101.47 +
  101.48 +
  101.49 +#define POLICY_GETPOLICY        	5
  101.50 +typedef struct {
  101.51 +    /* IN variables. */
  101.52 +    u16           policy_type;
  101.53 +    u16		  padding1;
  101.54 +    /* OUT variables */
  101.55 +    void  	  *pullcache;
  101.56 +    u16           pullcache_size;
  101.57 +} PACKED policy_getpolicy_t;       
  101.58 +
  101.59 +#define POLICY_DUMPSTATS        	6
  101.60 +typedef struct {
  101.61 +    void  	  *pullcache;
  101.62 +    u16           pullcache_size;
  101.63 +} PACKED policy_dumpstats_t;            
  101.64 + 
  101.65 +
  101.66 +typedef struct {
  101.67 +    u32 cmd;                          /* 0 */
  101.68 +    u32 interface_version;            /* 4 */ /* POLICY_INTERFACE_VERSION */
  101.69 +	union {			      /* 8 */
  101.70 +        u32	                 dummy[14];  /* 72bytes */
  101.71 +	policy_setpolicy_t       setpolicy;
  101.72 +        policy_getpolicy_t       getpolicy;
  101.73 +	policy_dumpstats_t	 dumpstats;
  101.74 +    } PACKED u;
  101.75 +} PACKED policy_op_t;            /* 80 bytes */
  101.76 +
  101.77 +#endif /* __XEN_PUBLIC_POLICY_OPS_H__ */
   102.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
   102.2 +++ b/xen/include/public/version.h	Tue Jun 21 07:02:30 2005 +0000
   102.3 @@ -0,0 +1,30 @@
   102.4 +/******************************************************************************
   102.5 + * version.h
   102.6 + * 
   102.7 + * Xen version, type, and compile information.
   102.8 + * 
   102.9 + * Copyright (c) 2005, Nguyen Anh Quynh <aquynh@gmail.com>
  102.10 + * Copyright (c) 2005, Keir Fraser <keir@xensource.com>
  102.11 + */
  102.12 +
  102.13 +#ifndef __XEN_PUBLIC_VERSION_H__
  102.14 +#define __XEN_PUBLIC_VERSION_H__
  102.15 +
  102.16 +/* NB. All ops return zero on success, except XENVER_version. */
  102.17 +
  102.18 +/* arg == NULL; returns major:minor (16:16). */
  102.19 +#define XENVER_version      0
  102.20 +
  102.21 +/* arg == 16-char string buffer. */
  102.22 +#define XENVER_extraversion 1
  102.23 +
  102.24 +/* arg == xenversion_compile_info_t. */
  102.25 +#define XENVER_compile_info 2
  102.26 +typedef struct xen_compile_info {
  102.27 +    char compiler[64];
  102.28 +    char compile_by[16];
  102.29 +    char compile_domain[32];
  102.30 +    char compile_date[32];
  102.31 +} xen_compile_info_t;
  102.32 +
  102.33 +#endif /* __XEN_PUBLIC_VERSION_H__ */
   103.1 --- a/xen/include/public/xen.h	Sat Jun 18 00:49:11 2005 +0000
   103.2 +++ b/xen/include/public/xen.h	Tue Jun 21 07:02:30 2005 +0000
   103.3 @@ -58,6 +58,7 @@
   103.4  #define __HYPERVISOR_boot_vcpu            24
   103.5  #define __HYPERVISOR_set_segment_base     25 /* x86/64 only */
   103.6  #define __HYPERVISOR_mmuext_op            26
   103.7 +#define __HYPERVISOR_policy_op		  27
   103.8  
   103.9  /* 
  103.10   * VIRTUAL INTERRUPTS
  103.11 @@ -287,9 +288,6 @@ typedef struct
  103.12  /* Event channel endpoints per domain. */
  103.13  #define NR_EVENT_CHANNELS 1024
  103.14  
  103.15 -/* Support for multi-processor guests. */
  103.16 -#define MAX_VIRT_CPUS 32
  103.17 -
  103.18  /*
  103.19   * Per-VCPU information goes here. This will be cleaned up more when Xen 
  103.20   * actually supports multi-VCPU guests.
   104.1 --- a/xen/include/xen/event.h	Sat Jun 18 00:49:11 2005 +0000
   104.2 +++ b/xen/include/xen/event.h	Tue Jun 21 07:02:30 2005 +0000
   104.3 @@ -13,6 +13,7 @@
   104.4  #include <xen/sched.h>
   104.5  #include <xen/smp.h>
   104.6  #include <asm/bitops.h>
   104.7 +#include <asm/event.h>
   104.8  
   104.9  /*
  104.10   * EVENT-CHANNEL NOTIFICATIONS
  104.11 @@ -34,6 +35,7 @@ static inline void evtchn_set_pending(st
  104.12      {
  104.13          /* The VCPU pending flag must be set /after/ update to evtchn-pend. */
  104.14          set_bit(0, &v->vcpu_info->evtchn_upcall_pending);
  104.15 +        evtchn_notify(v);
  104.16  
  104.17          /*
  104.18           * NB1. 'vcpu_flags' and 'processor' must be checked /after/ update of
   105.1 --- a/xen/include/xen/sched.h	Sat Jun 18 00:49:11 2005 +0000
   105.2 +++ b/xen/include/xen/sched.h	Tue Jun 21 07:02:30 2005 +0000
   105.3 @@ -137,6 +137,8 @@ struct domain
   105.4      cpumask_t        cpumask;
   105.5  
   105.6      struct arch_domain arch;
   105.7 +
   105.8 +    void *ssid; /* sHype security subject identifier */
   105.9  };
  105.10  
  105.11  struct domain_setup_info
   106.1 --- a/xen/include/xen/smp.h	Sat Jun 18 00:49:11 2005 +0000
   106.2 +++ b/xen/include/xen/smp.h	Tue Jun 21 07:02:30 2005 +0000
   106.3 @@ -58,8 +58,6 @@ static inline int on_each_cpu(void (*fun
   106.4      return ret;
   106.5  }
   106.6  
   106.7 -extern int ht_per_core;
   106.8 -
   106.9  extern volatile unsigned long smp_msg_data;
  106.10  extern volatile int smp_src_cpu;
  106.11  extern volatile int smp_msg_id;
   107.1 --- a/xen/include/xen/string.h	Sat Jun 18 00:49:11 2005 +0000
   107.2 +++ b/xen/include/xen/string.h	Tue Jun 21 07:02:30 2005 +0000
   107.3 @@ -81,4 +81,9 @@ extern void * memchr(const void *,int,__
   107.4  }
   107.5  #endif
   107.6  
   107.7 +#define safe_strcpy(d,s)                        \
   107.8 +do { strncpy((d),(s),sizeof((d)));              \
   107.9 +     (d)[sizeof((d))-1] = '\0';                 \
  107.10 +} while (0)
  107.11 +
  107.12  #endif /* _LINUX_STRING_H_ */