WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] Attached is the patch that changes the default ssid from

from [BitKeeper Bot] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] Attached is the patch that changes the default ssid from 0xffffffff to 0
From: BitKeeper Bot <riel@xxxxxxxxxxx>
Date: Sun, 26 Jun 2005 12:08:53 +0000
Cc: james@xxxxxxxxxxxxx
Delivery-date: Sun, 26 Jun 2005 13:01:06 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: Xen Development List <xen-devel@xxxxxxxxxxxxxxxxxxx>
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
ChangeSet 1.1757, 2005/06/26 13:08:53+01:00, kaf24@xxxxxxxxxxxxxxxxxxxx

        Attached is the patch that changes the default ssid from 0xffffffff to 
0 
        as discussed in previous emails. 
        
        Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx>
        Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>



 tools/policy/policy_tool.c                  |   44 ++++++++++++++--------------
 tools/python/xen/lowlevel/xc/xc.c           |    2 -
 tools/python/xen/xm/main.py                 |    6 +--
 xen/acm/acm_chinesewall_hooks.c             |    9 +++--
 xen/acm/acm_simple_type_enforcement_hooks.c |   18 ++++++-----
 xen/include/acm/acm_hooks.h                 |    2 -
 xen/include/public/acm.h                    |    4 +-
 xen/include/public/dom0_ops.h               |    2 -
 xen/include/public/policy_ops.h             |    2 -
 9 files changed, 46 insertions(+), 43 deletions(-)


diff -Nru a/tools/policy/policy_tool.c b/tools/policy/policy_tool.c
--- a/tools/policy/policy_tool.c        2005-06-26 09:02:13 -04:00
+++ b/tools/policy/policy_tool.c        2005-06-26 09:02:13 -04:00
@@ -234,14 +234,14 @@
 /*************************** set policy ****************************/
 
 int acm_domain_set_chwallpolicy(void *bufstart, int buflen) {
-#define CWALL_MAX_SSIDREFS             5
+#define CWALL_MAX_SSIDREFS             6
 #define CWALL_MAX_TYPES                10
 #define CWALL_MAX_CONFLICTSETS         2
 
      struct acm_chwall_policy_buffer *chwall_bin_pol = (struct 
acm_chwall_policy_buffer *)bufstart;
      domaintype_t *ssidrefs, *conflicts;
      int ret = 0;
-     int i,j;
+     int j;
 
      chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES);
      chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS);
@@ -261,13 +261,13 @@
                           return -1; /* not enough space */
 
      ssidrefs = (domaintype_t 
*)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset));
-     for(i=0; i< CWALL_MAX_SSIDREFS; i++) {
-            for (j=0; j< CWALL_MAX_TYPES; j++)
-                    ssidrefs[i*CWALL_MAX_TYPES + j] = htons(0);
-            /* here, set type i for ssidref i; generally, a ssidref can have 
multiple chwall types */
-            if (i < CWALL_MAX_SSIDREFS)
-                    ssidrefs[i*CWALL_MAX_TYPES + i] = htons(1);
-     }
+     memset(ssidrefs, 0, 
CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t));
+
+     /* now set type j-1 for ssidref i+1 */
+     for(j=0; j<= CWALL_MAX_SSIDREFS; j++)
+         if ((0 < j) &&( j <= CWALL_MAX_TYPES))
+             ssidrefs[j*CWALL_MAX_TYPES + j - 1] = htons(1);
+
      ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t);
      if ((buflen - ret) < 
(CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)))
                           return -1; /* not enough space */
@@ -276,10 +276,10 @@
      conflicts = (domaintype_t *)(bufstart + 
                                  
ntohs(chwall_bin_pol->chwall_conflict_sets_offset));
      memset((void *)conflicts, 0, 
CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t));
-     /* just 1 conflict set [0]={2,3}, [1]={0,5,6} */
+     /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
      if (CWALL_MAX_TYPES > 3) {
             conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */
-            conflicts[CWALL_MAX_TYPES] = htons(1); 
conflicts[CWALL_MAX_TYPES+5] = htons(1); 
+            conflicts[CWALL_MAX_TYPES+1] = htons(1); 
conflicts[CWALL_MAX_TYPES+5] = htons(1); 
             conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */
      }
      ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES;
@@ -287,12 +287,12 @@
 }
 
 int acm_domain_set_stepolicy(void *bufstart, int buflen) {
-#define STE_MAX_SSIDREFS       5
-#define STE_MAX_TYPES                  5
+#define STE_MAX_SSIDREFS        6
+#define STE_MAX_TYPES                  5
        
     struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer 
*)bufstart;
     domaintype_t *ssidrefs;
-    int i,j, ret = 0;
+    int j, ret = 0;
 
     ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES);
     ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS);
@@ -304,14 +304,14 @@
            return -1; /* not enough space */
 
      ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset));
-     for(i=0; i< STE_MAX_SSIDREFS; i++) {
-            for (j=0; j< STE_MAX_TYPES; j++)
-                    ssidrefs[i*STE_MAX_TYPES + j] = htons(0);
-            /* set type i in ssidref 0 and ssidref i */
-            ssidrefs[i] = htons(1); /* ssidref 0 has all types set */
-            if (i < STE_MAX_SSIDREFS)
-                    ssidrefs[i*STE_MAX_TYPES + i] = htons(1);
-     }
+     memset(ssidrefs, 0, STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t));
+     /* all types 1 for ssidref 1 */
+     for(j=0; j< STE_MAX_TYPES; j++)
+        ssidrefs[1*STE_MAX_TYPES +j] = htons(1);
+     /* now set type j-1 for ssidref j */
+     for(j=0; j< STE_MAX_SSIDREFS; j++)
+            if ((0 < j) &&( j <= STE_MAX_TYPES))
+                    ssidrefs[j*STE_MAX_TYPES + j - 1] = htons(1);
      ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t);
      return ret;
 }
diff -Nru a/tools/python/xen/lowlevel/xc/xc.c 
b/tools/python/xen/lowlevel/xc/xc.c
--- a/tools/python/xen/lowlevel/xc/xc.c 2005-06-26 09:02:13 -04:00
+++ b/tools/python/xen/lowlevel/xc/xc.c 2005-06-26 09:02:14 -04:00
@@ -78,7 +78,7 @@
 
     u32          dom = 0;
     int          ret;
-    u32          ssidref = 0xFFFFFFFF;
+    u32          ssidref = 0x0;
 
     static char *kwd_list[] = { "dom", "ssidref", NULL };
 
diff -Nru a/tools/python/xen/xm/main.py b/tools/python/xen/xm/main.py
--- a/tools/python/xen/xm/main.py       2005-06-26 09:02:13 -04:00
+++ b/tools/python/xen/xm/main.py       2005-06-26 09:02:13 -04:00
@@ -399,9 +399,9 @@
                 d['port'] = sxp.child_value(console, 'console_port')
             else:
                 d['port'] = ''
-            if ((int(sxp.child_value(info, 'ssidref', '-1'))) != -1):
-                d['ssidref1'] =  int(sxp.child_value(info, 'ssidref', '-1')) & 
0xffff
-                d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '-1')) 
>> 16) & 0xffff
+            if ((int(sxp.child_value(info, 'ssidref', '0'))) != 0):
+                d['ssidref1'] =  int(sxp.child_value(info, 'ssidref', '0')) & 
0xffff
+                d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '0')) >> 
16) & 0xffff
                 print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   
%(state)5s  %(cpu_time)7.1f     %(port)4s    s:%(ssidref2)02x/p:%(ssidref1)02x" 
% d)
             else:
                 print ("%(name)-16s %(dom)3d  %(mem)7d  %(cpu)3d  %(vcpus)5d   
%(state)5s  %(cpu_time)7.1f     %(port)4s" % d)
diff -Nru a/xen/acm/acm_chinesewall_hooks.c b/xen/acm/acm_chinesewall_hooks.c
--- a/xen/acm/acm_chinesewall_hooks.c   2005-06-26 09:02:13 -04:00
+++ b/xen/acm/acm_chinesewall_hooks.c   2005-06-26 09:02:13 -04:00
@@ -50,7 +50,7 @@
 {
        /* minimal startup policy; policy write-locked already */
        chwall_bin_pol.max_types = 1;
-       chwall_bin_pol.max_ssidrefs = 1;
+       chwall_bin_pol.max_ssidrefs = 2;
        chwall_bin_pol.max_conflictsets = 1;
        chwall_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 
chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types);
        chwall_bin_pol.conflict_sets = (domaintype_t 
*)xmalloc_array(domaintype_t, 
chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types);
@@ -81,9 +81,10 @@
         * part of the global ssidref (same way we'll get the partial ssid 
pointer)
         */
        chwall_ssidp->chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, 
ssidref);
-       if (chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) {
-               printkd("%s: ERROR chwall_ssidref(%x) > max(%x).\n",
-                       __func__, chwall_ssidp->chwall_ssidref, 
chwall_bin_pol.max_ssidrefs-1);
+       if ((chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) ||
+           (chwall_ssidp->chwall_ssidref == ACM_DEFAULT_LOCAL_SSID)) {
+               printkd("%s: ERROR chwall_ssidref(%x) undefined (>max) or unset 
(0).\n",
+                       __func__, chwall_ssidp->chwall_ssidref);
                xfree(chwall_ssidp);
                return ACM_INIT_SSID_ERROR;
        }
diff -Nru a/xen/acm/acm_simple_type_enforcement_hooks.c 
b/xen/acm/acm_simple_type_enforcement_hooks.c
--- a/xen/acm/acm_simple_type_enforcement_hooks.c       2005-06-26 09:02:13 
-04:00
+++ b/xen/acm/acm_simple_type_enforcement_hooks.c       2005-06-26 09:02:13 
-04:00
@@ -73,14 +73,15 @@
 {
        /* minimal startup policy; policy write-locked already */
        ste_bin_pol.max_types = 1;
-       ste_bin_pol.max_ssidrefs = 1;
-       ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 1);
-       
+       ste_bin_pol.max_ssidrefs = 2;
+       ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 2);
+       memset(ste_bin_pol.ssidrefs, 0, 2);
+
        if (ste_bin_pol.ssidrefs == NULL)
                return ACM_INIT_SSID_ERROR;
 
-       /* initialize state */
-       ste_bin_pol.ssidrefs[0] = 1;
+       /* initialize state so that dom0 can start up and communicate with 
itself */
+       ste_bin_pol.ssidrefs[1] = 1;
 
        /* init stats */
        atomic_set(&(ste_bin_pol.ec_eval_count), 0);
@@ -106,9 +107,10 @@
 
        /* get policy-local ssid reference */
        ste_ssidp->ste_ssidref = 
GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref);
-       if (ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) {
-               printkd("%s: ERROR ste_ssidref (%x) > max(%x).\n",
-                       __func__, ste_ssidp->ste_ssidref, 
ste_bin_pol.max_ssidrefs-1);
+       if ((ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) ||
+           (ste_ssidp->ste_ssidref == ACM_DEFAULT_LOCAL_SSID)) {
+               printkd("%s: ERROR ste_ssidref (%x) undefined or unset (0).\n",
+                       __func__, ste_ssidp->ste_ssidref);
                xfree(ste_ssidp);
                return ACM_INIT_SSID_ERROR;
        }
diff -Nru a/xen/include/acm/acm_hooks.h b/xen/include/acm/acm_hooks.h
--- a/xen/include/acm/acm_hooks.h       2005-06-26 09:02:14 -04:00
+++ b/xen/include/acm/acm_hooks.h       2005-06-26 09:02:14 -04:00
@@ -328,7 +328,7 @@
 }
 
 /* predefined ssidref for DOM0 used by xen when creating DOM0 */
-#define ACM_DOM0_SSIDREF        0
+#define ACM_DOM0_SSIDREF       0x00010001 
 
 static inline void acm_post_domain0_create(domid_t domid)
 {
diff -Nru a/xen/include/public/acm.h b/xen/include/public/acm.h
--- a/xen/include/public/acm.h  2005-06-26 09:02:13 -04:00
+++ b/xen/include/public/acm.h  2005-06-26 09:02:13 -04:00
@@ -41,8 +41,8 @@
 #endif
 
 /* default ssid reference value if not supplied */
-#define ACM_DEFAULT_SSID       0xffffffff
-#define ACM_DEFAULT_LOCAL_SSID  0xffff
+#define ACM_DEFAULT_SSID       0x0
+#define ACM_DEFAULT_LOCAL_SSID  0x0
 
 /* Internal ACM ERROR types */
 #define ACM_OK                          0
diff -Nru a/xen/include/public/dom0_ops.h b/xen/include/public/dom0_ops.h
--- a/xen/include/public/dom0_ops.h     2005-06-26 09:02:14 -04:00
+++ b/xen/include/public/dom0_ops.h     2005-06-26 09:02:14 -04:00
@@ -19,7 +19,7 @@
  * This makes sure that old versions of dom0 tools will stop working in a
  * well-defined way (rather than crashing the machine, for instance).
  */
-#define DOM0_INTERFACE_VERSION   0xAAAA1007
+#define DOM0_INTERFACE_VERSION   0xAAAA1008
 
 /************************************************************************/
 
diff -Nru a/xen/include/public/policy_ops.h b/xen/include/public/policy_ops.h
--- a/xen/include/public/policy_ops.h   2005-06-26 09:02:13 -04:00
+++ b/xen/include/public/policy_ops.h   2005-06-26 09:02:13 -04:00
@@ -28,7 +28,7 @@
  * This makes sure that old versions of policy tools will stop working in a
  * well-defined way (rather than crashing the machine, for instance).
  */
-#define POLICY_INTERFACE_VERSION   0xAAAA0001
+#define POLICY_INTERFACE_VERSION   0xAAAA0002
 
 /************************************************************************/
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] Attached is the patch that changes the default ssid from 0xffffffff to 0, BitKeeper Bot <=
Previous by Date:  [Xen-changelog] Allow setting of ACM security policy at build time., BitKeeper Bot
Next by Date:  [Xen-changelog] Fix out of source tree build bugs:, BitKeeper Bot
Previous by Thread:  [Xen-changelog] Allow setting of ACM security policy at build time., BitKeeper Bot
Next by Thread:  [Xen-changelog] Fix out of source tree build bugs:, BitKeeper Bot
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy