ia64/xen-unstable

view xen/xsm/xsm_core.c @ 17062:0769835cf50f

x86 shadow: Reduce scope of shadow lock.

emulate_map_dest doesn't require holding lock, since
only shadow related operation possibly involved is to
remove shadow which is less frequent and can acquire
lock inside. Rest are either guest table walk or
per-vcpu monitor table manipulation

Signed-off-by Kevin Tian <kevin.tian@intel.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Feb 14 10:33:12 2008 +0000 (2008-02-14)
parents 96f64f4c42f0
children
line source
1 /*
2 * This work is based on the LSM implementation in Linux 2.6.13.4.
3 *
4 * Author: George Coker, <gscoker@alpha.ncsc.mil>
5 *
6 * Contributors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2,
10 * as published by the Free Software Foundation.
11 */
13 #include <xen/init.h>
14 #include <xen/errno.h>
15 #include <xen/lib.h>
17 #include <xsm/xsm.h>
19 #ifdef XSM_ENABLE
21 #define XSM_FRAMEWORK_VERSION "1.0.0"
23 extern struct xsm_operations dummy_xsm_ops;
24 extern void xsm_fixup_ops(struct xsm_operations *ops);
26 struct xsm_operations *xsm_ops;
28 static inline int verify(struct xsm_operations *ops)
29 {
30 /* verify the security_operations structure exists */
31 if ( !ops )
32 return -EINVAL;
33 xsm_fixup_ops(ops);
34 return 0;
35 }
37 static void __init do_xsm_initcalls(void)
38 {
39 xsm_initcall_t *call;
40 call = __xsm_initcall_start;
41 while ( call < __xsm_initcall_end )
42 {
43 (*call) ();
44 call++;
45 }
46 }
48 int __init xsm_init(unsigned int *initrdidx, const multiboot_info_t *mbi,
49 unsigned long initial_images_start)
50 {
51 int ret = 0;
53 printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
55 if ( XSM_MAGIC )
56 {
57 ret = xsm_policy_init(initrdidx, mbi, initial_images_start);
58 if ( ret )
59 {
60 printk("%s: Error initializing policy.\n", __FUNCTION__);
61 return -EINVAL;
62 }
63 }
65 if ( verify(&dummy_xsm_ops) )
66 {
67 printk("%s could not verify "
68 "dummy_xsm_ops structure.\n", __FUNCTION__);
69 return -EIO;
70 }
72 xsm_ops = &dummy_xsm_ops;
73 do_xsm_initcalls();
75 return 0;
76 }
78 int register_xsm(struct xsm_operations *ops)
79 {
80 if ( verify(ops) )
81 {
82 printk("%s could not verify "
83 "security_operations structure.\n", __FUNCTION__);
84 return -EINVAL;
85 }
87 if ( xsm_ops != &dummy_xsm_ops )
88 return -EAGAIN;
90 xsm_ops = ops;
92 return 0;
93 }
96 int unregister_xsm(struct xsm_operations *ops)
97 {
98 if ( ops != xsm_ops )
99 {
100 printk("%s: trying to unregister "
101 "a security_opts structure that is not "
102 "registered, failing.\n", __FUNCTION__);
103 return -EINVAL;
104 }
106 xsm_ops = &dummy_xsm_ops;
108 return 0;
109 }
111 #endif
113 long do_xsm_op (XEN_GUEST_HANDLE(xsm_op_t) op)
114 {
115 return __do_xsm_op(op);
116 }