ia64/xen-unstable

changeset 5582:8ad10be47849

bitkeeper revision 1.1757 (42be9ad5TTWQjsCBju5noyzBrTMyjA)

Attached is the patch that changes the default ssid from 0xffffffff to 0
as discussed in previous emails.

Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Sun Jun 26 12:08:53 2005 +0000 (2005-06-26)
parents 4ed21996131d
children 4a7652a70a9d
files tools/policy/policy_tool.c tools/python/xen/lowlevel/xc/xc.c tools/python/xen/xm/main.py xen/acm/acm_chinesewall_hooks.c xen/acm/acm_simple_type_enforcement_hooks.c xen/include/acm/acm_hooks.h xen/include/public/acm.h xen/include/public/dom0_ops.h xen/include/public/policy_ops.h
line diff
     1.1 --- a/tools/policy/policy_tool.c	Sat Jun 25 09:50:35 2005 +0000
     1.2 +++ b/tools/policy/policy_tool.c	Sun Jun 26 12:08:53 2005 +0000
     1.3 @@ -234,14 +234,14 @@ void acm_dump_policy_buffer(void *buf, i
     1.4  /*************************** set policy ****************************/
     1.5  
     1.6  int acm_domain_set_chwallpolicy(void *bufstart, int buflen) {
     1.7 -#define CWALL_MAX_SSIDREFS      	5
     1.8 +#define CWALL_MAX_SSIDREFS      	6
     1.9  #define CWALL_MAX_TYPES  		10
    1.10  #define CWALL_MAX_CONFLICTSETS		2
    1.11  
    1.12       struct acm_chwall_policy_buffer *chwall_bin_pol = (struct acm_chwall_policy_buffer *)bufstart;
    1.13       domaintype_t *ssidrefs, *conflicts;
    1.14       int ret = 0;
    1.15 -     int i,j;
    1.16 +     int j;
    1.17  
    1.18       chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES);
    1.19       chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS);
    1.20 @@ -261,13 +261,13 @@ int acm_domain_set_chwallpolicy(void *bu
    1.21  			   return -1; /* not enough space */
    1.22  
    1.23       ssidrefs = (domaintype_t *)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset));
    1.24 -     for(i=0; i< CWALL_MAX_SSIDREFS; i++) {
    1.25 -	     for (j=0; j< CWALL_MAX_TYPES; j++)
    1.26 -		     ssidrefs[i*CWALL_MAX_TYPES + j] = htons(0);
    1.27 -	     /* here, set type i for ssidref i; generally, a ssidref can have multiple chwall types */
    1.28 -	     if (i < CWALL_MAX_SSIDREFS)
    1.29 -		     ssidrefs[i*CWALL_MAX_TYPES + i] = htons(1);
    1.30 -     }
    1.31 +     memset(ssidrefs, 0, CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t));
    1.32 +
    1.33 +     /* now set type j-1 for ssidref i+1 */
    1.34 +     for(j=0; j<= CWALL_MAX_SSIDREFS; j++)
    1.35 +         if ((0 < j) &&( j <= CWALL_MAX_TYPES))
    1.36 +             ssidrefs[j*CWALL_MAX_TYPES + j - 1] = htons(1);
    1.37 +
    1.38       ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t);
    1.39       if ((buflen - ret) < (CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)))
    1.40  			   return -1; /* not enough space */
    1.41 @@ -276,10 +276,10 @@ int acm_domain_set_chwallpolicy(void *bu
    1.42       conflicts = (domaintype_t *)(bufstart + 
    1.43  				  ntohs(chwall_bin_pol->chwall_conflict_sets_offset));
    1.44       memset((void *)conflicts, 0, CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t));
    1.45 -     /* just 1 conflict set [0]={2,3}, [1]={0,5,6} */
    1.46 +     /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
    1.47       if (CWALL_MAX_TYPES > 3) {
    1.48  	     conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */
    1.49 -	     conflicts[CWALL_MAX_TYPES] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); 
    1.50 +	     conflicts[CWALL_MAX_TYPES+1] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); 
    1.51  	     conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */
    1.52       }
    1.53       ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES;
    1.54 @@ -287,12 +287,12 @@ int acm_domain_set_chwallpolicy(void *bu
    1.55  }
    1.56  
    1.57  int acm_domain_set_stepolicy(void *bufstart, int buflen) {
    1.58 -#define STE_MAX_SSIDREFS      	5
    1.59 -#define STE_MAX_TYPES  		5
    1.60 +#define STE_MAX_SSIDREFS        6
    1.61 +#define STE_MAX_TYPES  	        5
    1.62  	
    1.63      struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer *)bufstart;
    1.64      domaintype_t *ssidrefs;
    1.65 -    int i,j, ret = 0;
    1.66 +    int j, ret = 0;
    1.67  
    1.68      ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES);
    1.69      ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS);
    1.70 @@ -304,14 +304,14 @@ int acm_domain_set_stepolicy(void *bufst
    1.71  	    return -1; /* not enough space */
    1.72  
    1.73       ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset));
    1.74 -     for(i=0; i< STE_MAX_SSIDREFS; i++) {
    1.75 -	     for (j=0; j< STE_MAX_TYPES; j++)
    1.76 -		     ssidrefs[i*STE_MAX_TYPES + j] = htons(0);
    1.77 -	     /* set type i in ssidref 0 and ssidref i */
    1.78 -	     ssidrefs[i] = htons(1); /* ssidref 0 has all types set */
    1.79 -	     if (i < STE_MAX_SSIDREFS)
    1.80 -		     ssidrefs[i*STE_MAX_TYPES + i] = htons(1);
    1.81 -     }
    1.82 +     memset(ssidrefs, 0, STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t));
    1.83 +     /* all types 1 for ssidref 1 */
    1.84 +     for(j=0; j< STE_MAX_TYPES; j++)
    1.85 +	 ssidrefs[1*STE_MAX_TYPES +j] = htons(1);
    1.86 +     /* now set type j-1 for ssidref j */
    1.87 +     for(j=0; j< STE_MAX_SSIDREFS; j++)
    1.88 +	     if ((0 < j) &&( j <= STE_MAX_TYPES))
    1.89 +		     ssidrefs[j*STE_MAX_TYPES + j - 1] = htons(1);
    1.90       ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t);
    1.91       return ret;
    1.92  }
     2.1 --- a/tools/python/xen/lowlevel/xc/xc.c	Sat Jun 25 09:50:35 2005 +0000
     2.2 +++ b/tools/python/xen/lowlevel/xc/xc.c	Sun Jun 26 12:08:53 2005 +0000
     2.3 @@ -78,7 +78,7 @@ static PyObject *pyxc_domain_create(PyOb
     2.4  
     2.5      u32          dom = 0;
     2.6      int          ret;
     2.7 -    u32          ssidref = 0xFFFFFFFF;
     2.8 +    u32          ssidref = 0x0;
     2.9  
    2.10      static char *kwd_list[] = { "dom", "ssidref", NULL };
    2.11  
     3.1 --- a/tools/python/xen/xm/main.py	Sat Jun 25 09:50:35 2005 +0000
     3.2 +++ b/tools/python/xen/xm/main.py	Sun Jun 26 12:08:53 2005 +0000
     3.3 @@ -399,9 +399,9 @@ class ProgList(Prog):
     3.4                  d['port'] = sxp.child_value(console, 'console_port')
     3.5              else:
     3.6                  d['port'] = ''
     3.7 -            if ((int(sxp.child_value(info, 'ssidref', '-1'))) != -1):
     3.8 -                d['ssidref1'] =  int(sxp.child_value(info, 'ssidref', '-1')) & 0xffff
     3.9 -                d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '-1')) >> 16) & 0xffff
    3.10 +            if ((int(sxp.child_value(info, 'ssidref', '0'))) != 0):
    3.11 +                d['ssidref1'] =  int(sxp.child_value(info, 'ssidref', '0')) & 0xffff
    3.12 +                d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '0')) >> 16) & 0xffff
    3.13                  print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   %(state)5s  %(cpu_time)7.1f     %(port)4s    s:%(ssidref2)02x/p:%(ssidref1)02x" % d)
    3.14              else:
    3.15                  print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   %(state)5s  %(cpu_time)7.1f     %(port)4s" % d)
     4.1 --- a/xen/acm/acm_chinesewall_hooks.c	Sat Jun 25 09:50:35 2005 +0000
     4.2 +++ b/xen/acm/acm_chinesewall_hooks.c	Sun Jun 26 12:08:53 2005 +0000
     4.3 @@ -50,7 +50,7 @@ int acm_init_chwall_policy(void)
     4.4  {
     4.5  	/* minimal startup policy; policy write-locked already */
     4.6  	chwall_bin_pol.max_types = 1;
     4.7 -	chwall_bin_pol.max_ssidrefs = 1;
     4.8 +	chwall_bin_pol.max_ssidrefs = 2;
     4.9  	chwall_bin_pol.max_conflictsets = 1;
    4.10  	chwall_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types);
    4.11  	chwall_bin_pol.conflict_sets = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types);
    4.12 @@ -81,9 +81,10 @@ chwall_init_domain_ssid(void **chwall_ss
    4.13  	 * part of the global ssidref (same way we'll get the partial ssid pointer)
    4.14  	 */
    4.15  	chwall_ssidp->chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
    4.16 -	if (chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) {
    4.17 -		printkd("%s: ERROR chwall_ssidref(%x) > max(%x).\n",
    4.18 -			__func__, chwall_ssidp->chwall_ssidref, chwall_bin_pol.max_ssidrefs-1);
    4.19 +	if ((chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) ||
    4.20 +	    (chwall_ssidp->chwall_ssidref == ACM_DEFAULT_LOCAL_SSID)) {
    4.21 +		printkd("%s: ERROR chwall_ssidref(%x) undefined (>max) or unset (0).\n",
    4.22 +			__func__, chwall_ssidp->chwall_ssidref);
    4.23  		xfree(chwall_ssidp);
    4.24  		return ACM_INIT_SSID_ERROR;
    4.25  	}
     5.1 --- a/xen/acm/acm_simple_type_enforcement_hooks.c	Sat Jun 25 09:50:35 2005 +0000
     5.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c	Sun Jun 26 12:08:53 2005 +0000
     5.3 @@ -73,14 +73,15 @@ int acm_init_ste_policy(void)
     5.4  {
     5.5  	/* minimal startup policy; policy write-locked already */
     5.6  	ste_bin_pol.max_types = 1;
     5.7 -	ste_bin_pol.max_ssidrefs = 1;
     5.8 -	ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 1);
     5.9 -	
    5.10 +	ste_bin_pol.max_ssidrefs = 2;
    5.11 +	ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 2);
    5.12 +	memset(ste_bin_pol.ssidrefs, 0, 2);
    5.13 +
    5.14  	if (ste_bin_pol.ssidrefs == NULL)
    5.15  		return ACM_INIT_SSID_ERROR;
    5.16  
    5.17 -	/* initialize state */
    5.18 -	ste_bin_pol.ssidrefs[0] = 1;
    5.19 +	/* initialize state so that dom0 can start up and communicate with itself */
    5.20 +	ste_bin_pol.ssidrefs[1] = 1;
    5.21  
    5.22  	/* init stats */
    5.23  	atomic_set(&(ste_bin_pol.ec_eval_count), 0);
    5.24 @@ -106,9 +107,10 @@ ste_init_domain_ssid(void **ste_ssid, ss
    5.25  
    5.26  	/* get policy-local ssid reference */
    5.27  	ste_ssidp->ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref);
    5.28 -	if (ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) {
    5.29 -		printkd("%s: ERROR ste_ssidref (%x) > max(%x).\n",
    5.30 -			__func__, ste_ssidp->ste_ssidref, ste_bin_pol.max_ssidrefs-1);
    5.31 +	if ((ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) ||
    5.32 +	    (ste_ssidp->ste_ssidref == ACM_DEFAULT_LOCAL_SSID))	{
    5.33 +		printkd("%s: ERROR ste_ssidref (%x) undefined or unset (0).\n",
    5.34 +			__func__, ste_ssidp->ste_ssidref);
    5.35  		xfree(ste_ssidp);
    5.36  		return ACM_INIT_SSID_ERROR;
    5.37  	}
     6.1 --- a/xen/include/acm/acm_hooks.h	Sat Jun 25 09:50:35 2005 +0000
     6.2 +++ b/xen/include/acm/acm_hooks.h	Sun Jun 26 12:08:53 2005 +0000
     6.3 @@ -328,7 +328,7 @@ static inline int acm_pre_grant_setup(do
     6.4  }
     6.5  
     6.6  /* predefined ssidref for DOM0 used by xen when creating DOM0 */
     6.7 -#define ACM_DOM0_SSIDREF        0
     6.8 +#define ACM_DOM0_SSIDREF       0x00010001 
     6.9  
    6.10  static inline void acm_post_domain0_create(domid_t domid)
    6.11  {
     7.1 --- a/xen/include/public/acm.h	Sat Jun 25 09:50:35 2005 +0000
     7.2 +++ b/xen/include/public/acm.h	Sun Jun 26 12:08:53 2005 +0000
     7.3 @@ -41,8 +41,8 @@
     7.4  #endif
     7.5  
     7.6  /* default ssid reference value if not supplied */
     7.7 -#define ACM_DEFAULT_SSID 	0xffffffff
     7.8 -#define ACM_DEFAULT_LOCAL_SSID  0xffff
     7.9 +#define ACM_DEFAULT_SSID 	0x0
    7.10 +#define ACM_DEFAULT_LOCAL_SSID  0x0
    7.11  
    7.12  /* Internal ACM ERROR types */
    7.13  #define ACM_OK				 0
     8.1 --- a/xen/include/public/dom0_ops.h	Sat Jun 25 09:50:35 2005 +0000
     8.2 +++ b/xen/include/public/dom0_ops.h	Sun Jun 26 12:08:53 2005 +0000
     8.3 @@ -19,7 +19,7 @@
     8.4   * This makes sure that old versions of dom0 tools will stop working in a
     8.5   * well-defined way (rather than crashing the machine, for instance).
     8.6   */
     8.7 -#define DOM0_INTERFACE_VERSION   0xAAAA1007
     8.8 +#define DOM0_INTERFACE_VERSION   0xAAAA1008
     8.9  
    8.10  /************************************************************************/
    8.11  
     9.1 --- a/xen/include/public/policy_ops.h	Sat Jun 25 09:50:35 2005 +0000
     9.2 +++ b/xen/include/public/policy_ops.h	Sun Jun 26 12:08:53 2005 +0000
     9.3 @@ -28,7 +28,7 @@
     9.4   * This makes sure that old versions of policy tools will stop working in a
     9.5   * well-defined way (rather than crashing the machine, for instance).
     9.6   */
     9.7 -#define POLICY_INTERFACE_VERSION   0xAAAA0001
     9.8 +#define POLICY_INTERFACE_VERSION   0xAAAA0002
     9.9  
    9.10  /************************************************************************/
    9.11