WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] Merge.

# HG changeset patch
# User adsharma@xxxxxxxxxxxxxxxxxxxx
# Node ID 81576d3d1ca891cdcd81fada9025b2279a974458
# Parent  99914b54f7bffc8c27757a1ac2bc7a0d97597ac8
# Parent  0608852073c86cfa432ac32cb9223531950be896
Merge.

diff -r 99914b54f7bf -r 81576d3d1ca8 Config.mk
--- a/Config.mk Thu Aug 18 18:40:02 2005
+++ b/Config.mk Fri Aug 19 18:19:28 2005
@@ -35,3 +35,11 @@
 
 # Choose the best mirror to download linux kernel
 KERNEL_REPO = http://www.kernel.org
+
+# ACM_USE_SECURITY_POLICY is set to security policy of Xen
+# Supported models are:
+#      ACM_NULL_POLICY (ACM will not be built with this policy)
+#      ACM_CHINESE_WALL_POLICY
+#      ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
+#      ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
diff -r 99914b54f7bf -r 81576d3d1ca8 docs/src/user.tex
--- a/docs/src/user.tex Thu Aug 18 18:40:02 2005
+++ b/docs/src/user.tex Fri Aug 19 18:19:28 2005
@@ -1763,7 +1763,7 @@
  physical address in the memory map will be ignored. This parameter
  may be specified with a B, K, M or G suffix, representing bytes,
  kilobytes, megabytes and gigabytes respectively. The
- default unit, if no suffix is specified, is bytes.
+ default unit, if no suffix is specified, is kilobytes.
 
 \item [dom0\_mem=xxx ] 
  Set the amount of memory to be allocated to domain0. In Xen 3.x the parameter
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile        Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile        Fri Aug 19 
18:19:28 2005
@@ -14,8 +14,7 @@
 
 c-obj-y        := semaphore.o vm86.o \
                ptrace.o sys_i386.o \
-               i387.o dmi_scan.o bootflag.o \
-               doublefault.o
+               i387.o dmi_scan.o bootflag.o
 s-obj-y        :=
 
 obj-y                          += cpu/
@@ -85,7 +84,7 @@
                        $(obj)/vsyscall-sysenter.o FORCE
        $(call if_changed,syscall)
 
-c-link := init_task.o
+c-link :=
 s-link := vsyscall-int80.o vsyscall-sysenter.o vsyscall-sigreturn.o 
vsyscall.lds.o syscall_table.o
 
 $(patsubst %.o,$(obj)/%.c,$(c-obj-y) $(c-obj-m) $(c-link)) $(patsubst 
%.o,$(obj)/%.S,$(s-obj-y) $(s-link)):
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/cpu/common.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/cpu/common.c    Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/cpu/common.c    Fri Aug 19 
18:19:28 2005
@@ -569,7 +569,7 @@
        for (va = gdt_descr->address, f = 0;
             va < gdt_descr->address + gdt_descr->size;
             va += PAGE_SIZE, f++) {
-               frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+               frames[f] = virt_to_mfn(va);
                make_page_readonly((void *)va);
        }
        if (HYPERVISOR_set_gdt(frames, gdt_descr->size / 8))
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/head.S
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/head.S  Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/head.S  Fri Aug 19 18:19:28 2005
@@ -136,9 +136,6 @@
 ENTRY(empty_zero_page)
 
 .org 0x2000
-ENTRY(swapper_pg_dir)
-
-.org 0x3000
 ENTRY(cpu_gdt_table)
        .quad 0x0000000000000000        /* NULL descriptor */
        .quad 0x0000000000000000        /* 0x0b reserved */
@@ -190,10 +187,10 @@
        .quad 0x0000000000000000        /* 0xf8 - GDT entry 31: double-fault 
TSS */
        .fill GDT_ENTRIES-32,8,0
 
-.org 0x4000
+.org 0x3000
 ENTRY(default_ldt)
 
-.org 0x5000
+.org 0x4000
 /*
  * Real beginning of normal "text" segment
  */
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/ioport.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/ioport.c        Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/ioport.c        Fri Aug 19 
18:19:28 2005
@@ -80,7 +80,7 @@
                t->io_bitmap_ptr = bitmap;
 
                op.cmd = PHYSDEVOP_SET_IOBITMAP;
-               op.u.set_iobitmap.bitmap   = (unsigned long)bitmap;
+               op.u.set_iobitmap.bitmap   = (char *)bitmap;
                op.u.set_iobitmap.nr_ports = IO_BITMAP_BITS;
                HYPERVISOR_physdev_op(&op);
        }
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/ldt.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/ldt.c   Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/ldt.c   Fri Aug 19 18:19:28 2005
@@ -198,7 +198,7 @@
 {
        struct mm_struct * mm = current->mm;
        __u32 entry_1, entry_2, *lp;
-       unsigned long mach_lp;
+       maddr_t mach_lp;
        int error;
        struct user_desc ldt_info;
 
@@ -245,7 +245,8 @@
 
        /* Install the new entry ...  */
 install:
-       error = HYPERVISOR_update_descriptor(mach_lp, entry_1, entry_2);
+       error = HYPERVISOR_update_descriptor(
+               mach_lp, (u64)entry_1 | ((u64)entry_2<<32));
 
 out_unlock:
        up(&mm->context.sem);
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c       Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c       Fri Aug 19 
18:19:28 2005
@@ -115,20 +115,12 @@
 /* We don't actually take CPU down, just spin without interrupts. */
 static inline void play_dead(void)
 {
-       /* Ack it */
-       __get_cpu_var(cpu_state) = CPU_DEAD;
-
-       /* We shouldn't have to disable interrupts while dead, but
-        * some interrupts just don't seem to go away, and this makes
-        * it "work" for testing purposes. */
        /* Death loop */
        while (__get_cpu_var(cpu_state) != CPU_UP_PREPARE)
                HYPERVISOR_yield();
 
-       local_irq_disable();
        __flush_tlb_all();
        cpu_set(smp_processor_id(), cpu_online_map);
-       local_irq_enable();
 }
 #else
 static inline void play_dead(void)
@@ -156,12 +148,19 @@
                        rmb();
 
                        if (cpu_is_offline(cpu)) {
+                               local_irq_disable();
+                               /* Ack it.  From this point on until
+                                  we get woken up, we're not allowed
+                                  to take any locks.  In particular,
+                                  don't printk. */
+                               __get_cpu_var(cpu_state) = CPU_DEAD;
 #if defined(CONFIG_XEN) && defined(CONFIG_HOTPLUG_CPU)
                                /* Tell hypervisor to take vcpu down. */
                                HYPERVISOR_vcpu_down(cpu);
 #endif
                                play_dead();
-         }
+                               local_irq_enable();
+                       }
 
                        __get_cpu_var(irq_stat).idle_timestamp = jiffies;
                        xen_idle();
@@ -523,16 +522,15 @@
         * Load the per-thread Thread-Local Storage descriptor.
         * This is load_TLS(next, cpu) with multicalls.
         */
-#define C(i) do {                                                       \
-       if (unlikely(next->tls_array[i].a != prev->tls_array[i].a ||    \
-                    next->tls_array[i].b != prev->tls_array[i].b)) {   \
-               mcl->op      = __HYPERVISOR_update_descriptor;          \
-               mcl->args[0] = virt_to_machine(&get_cpu_gdt_table(cpu)  \
-                                        [GDT_ENTRY_TLS_MIN + i]);      \
-               mcl->args[1] = ((u32 *)&next->tls_array[i])[0];         \
-               mcl->args[2] = ((u32 *)&next->tls_array[i])[1];         \
-               mcl++;                                                  \
-       }                                                               \
+#define C(i) do {                                                      \
+       if (unlikely(next->tls_array[i].a != prev->tls_array[i].a ||    \
+                    next->tls_array[i].b != prev->tls_array[i].b)) {   \
+               mcl->op = __HYPERVISOR_update_descriptor;               \
+               *(u64 *)&mcl->args[0] = virt_to_machine(                \
+                       &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN + i]);\
+               *(u64 *)&mcl->args[2] = *(u64 *)&next->tls_array[i];    \
+               mcl++;                                                  \
+       }                                                               \
 } while (0)
        C(0); C(1); C(2);
 #undef C
@@ -549,7 +547,7 @@
                iobmp_op.cmd                     =
                        PHYSDEVOP_SET_IOBITMAP;
                iobmp_op.u.set_iobitmap.bitmap   =
-                       (unsigned long)next->io_bitmap_ptr;
+                       (char *)next->io_bitmap_ptr;
                iobmp_op.u.set_iobitmap.nr_ports =
                        next->io_bitmap_ptr ? IO_BITMAP_BITS : 0;
                mcl->op      = __HYPERVISOR_physdev_op;
@@ -791,3 +789,10 @@
                sp -= get_random_int() % 8192;
        return sp & ~0xf;
 }
+
+
+#ifndef CONFIG_X86_SMP
+void _restore_vcpu(void)
+{
+}
+#endif
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/setup.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/setup.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/setup.c Fri Aug 19 18:19:28 2005
@@ -1604,11 +1604,10 @@
        for ( i=0, j=0; i < max_pfn; i+=(PAGE_SIZE/sizeof(unsigned long)), j++ )
        {       
             pfn_to_mfn_frame_list[j] = 
-                 virt_to_machine(&phys_to_machine_mapping[i]) >> PAGE_SHIFT;
+                 virt_to_mfn(&phys_to_machine_mapping[i]);
        }
        HYPERVISOR_shared_info->arch.pfn_to_mfn_frame_list =
-            virt_to_machine(pfn_to_mfn_frame_list) >> PAGE_SHIFT;
-
+            virt_to_mfn(pfn_to_mfn_frame_list);
 
        /*
         * NOTE: at this point the bootmem allocator is fully available.
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c       Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c       Fri Aug 19 
18:19:28 2005
@@ -904,7 +904,7 @@
                for (va = cpu_gdt_descr[cpu].address, f = 0;
                     va < cpu_gdt_descr[cpu].address + cpu_gdt_descr[cpu].size;
                     va += PAGE_SIZE, f++) {
-                       ctxt.gdt_frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+                       ctxt.gdt_frames[f] = virt_to_mfn(va);
                        make_page_readonly((void *)va);
                }
                ctxt.gdt_ents = cpu_gdt_descr[cpu].size / 8;
@@ -920,7 +920,7 @@
        ctxt.failsafe_callback_cs  = __KERNEL_CS;
        ctxt.failsafe_callback_eip = (unsigned long)failsafe_callback;
 
-       ctxt.ctrlreg[3] = (unsigned long)virt_to_machine(swapper_pg_dir);
+       ctxt.ctrlreg[3] = virt_to_mfn(swapper_pg_dir) << PAGE_SHIFT;
 
        boot_error = HYPERVISOR_boot_vcpu(cpu, &ctxt);
        printk("boot error: %ld\n", boot_error);
@@ -1616,3 +1616,21 @@
        smp_intr_init();
        local_setup_timer_irq();
 }
+
+DECLARE_PER_CPU(int, timer_irq);
+
+void _restore_vcpu(void)
+{
+       int cpu = smp_processor_id();
+       extern atomic_t vcpus_rebooting;
+
+       /* We are the first thing the vcpu runs when it comes back,
+          and we are supposed to restore the IPIs and timer
+          interrupts etc.  When we return, the vcpu's idle loop will
+          start up again. */
+       _bind_virq_to_irq(VIRQ_TIMER, cpu, per_cpu(timer_irq, cpu));
+       _bind_virq_to_irq(VIRQ_DEBUG, cpu, per_cpu(ldebug_irq, cpu));
+       _bind_ipi_to_irq(RESCHEDULE_VECTOR, cpu, per_cpu(resched_irq, cpu) );
+       _bind_ipi_to_irq(CALL_FUNCTION_VECTOR, cpu, per_cpu(callfunc_irq, cpu) 
);
+       atomic_dec(&vcpus_rebooting);
+}
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c       Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c       Fri Aug 19 
18:19:28 2005
@@ -94,9 +94,6 @@
                iotlb_nslabs = simple_strtoul(str, &str, 0) <<
                        (20 - IO_TLB_SHIFT);
                iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
-               /* Round up to power of two (xen_create_contiguous_region). */
-               while (iotlb_nslabs & (iotlb_nslabs-1))
-                       iotlb_nslabs += iotlb_nslabs & ~(iotlb_nslabs-1);
        }
        if (*str == ',')
                ++str;
@@ -123,9 +120,6 @@
        if (!iotlb_nslabs) {
                iotlb_nslabs = (default_size >> IO_TLB_SHIFT);
                iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
-               /* Round up to power of two (xen_create_contiguous_region). */
-               while (iotlb_nslabs & (iotlb_nslabs-1))
-                       iotlb_nslabs += iotlb_nslabs & ~(iotlb_nslabs-1);
        }
 
        bytes = iotlb_nslabs * (1UL << IO_TLB_SHIFT);
@@ -135,10 +129,14 @@
         */
        iotlb_virt_start = alloc_bootmem_low_pages(bytes);
        if (!iotlb_virt_start)
-               panic("Cannot allocate SWIOTLB buffer");
-
-       xen_create_contiguous_region(
-               (unsigned long)iotlb_virt_start, get_order(bytes));
+               panic("Cannot allocate SWIOTLB buffer!\n"
+                     "Use dom0_mem Xen boot parameter to reserve\n"
+                     "some DMA memory (e.g., dom0_mem=-128M).\n");
+
+       for (i = 0; i < iotlb_nslabs; i += IO_TLB_SEGSIZE)
+               xen_create_contiguous_region(
+                       (unsigned long)iotlb_virt_start + (i << IO_TLB_SHIFT),
+                       get_order(IO_TLB_SEGSIZE << IO_TLB_SHIFT));
 
        iotlb_virt_end = iotlb_virt_start + bytes;
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c  Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c  Fri Aug 19 18:19:28 2005
@@ -745,7 +745,7 @@
 #endif
 
 /* Dynamically-mapped IRQ. */
-static DEFINE_PER_CPU(int, timer_irq);
+DEFINE_PER_CPU(int, timer_irq);
 
 static struct irqaction irq_timer = {
        timer_interrupt, SA_INTERRUPT, CPU_MASK_NONE, "timer0",
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/mm/init.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c      Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c      Fri Aug 19 18:19:28 2005
@@ -342,11 +342,15 @@
 extern void __init remap_numa_kva(void);
 #endif
 
+pgd_t *swapper_pg_dir;
+
 static void __init pagetable_init (void)
 {
        unsigned long vaddr;
-       pgd_t *pgd_base = swapper_pg_dir;
-       pgd_t *old_pgd = (pgd_t *)xen_start_info.pt_base;
+       pgd_t *pgd_base = (pgd_t *)xen_start_info.pt_base;
+
+       swapper_pg_dir = pgd_base;
+       init_mm.pgd    = pgd_base;
 
 #ifdef CONFIG_X86_PAE
        int i;
@@ -366,44 +370,6 @@
                __PAGE_KERNEL |= _PAGE_GLOBAL;
                __PAGE_KERNEL_EXEC |= _PAGE_GLOBAL;
        }
-
-       /*
-        * Switch to proper mm_init page directory. Initialise from the current
-        * page directory, write-protect the new page directory, then switch to
-        * it. We clean up by write-enabling and then freeing the old page dir.
-        */
-#ifndef CONFIG_X86_PAE
-       memcpy(pgd_base, old_pgd, PTRS_PER_PGD_NO_HV*sizeof(pgd_t));
-       make_page_readonly(pgd_base);
-       xen_pgd_pin(__pa(pgd_base));
-       load_cr3(pgd_base);
-       xen_pgd_unpin(__pa(old_pgd));
-       make_page_writable(old_pgd);
-       __flush_tlb_all();
-       free_bootmem(__pa(old_pgd), PAGE_SIZE);
-#else
-       {
-               pud_t *old_pud = pud_offset(old_pgd+3, PAGE_OFFSET);
-               pmd_t *old_pmd = pmd_offset(old_pud, PAGE_OFFSET);
-               pmd_t *new_pmd = alloc_bootmem_low_pages(PAGE_SIZE);
-
-               memcpy(new_pmd,  old_pmd, PAGE_SIZE);
-               memcpy(pgd_base, old_pgd, PTRS_PER_PGD_NO_HV*sizeof(pgd_t));
-               set_pgd(&pgd_base[3], __pgd(__pa(new_pmd) | _PAGE_PRESENT));
-
-               make_page_readonly(new_pmd);
-               make_page_readonly(pgd_base);
-               xen_pgd_pin(__pa(pgd_base));
-               load_cr3(pgd_base);
-               xen_pgd_unpin(__pa(old_pgd));
-               make_page_writable(old_pgd);
-               make_page_writable(old_pmd);
-               __flush_tlb_all();
-
-               free_bootmem(__pa(old_pgd), PAGE_SIZE);
-               free_bootmem(__pa(old_pmd), PAGE_SIZE);
-       }
-#endif
 
        init_mm.context.pinned = 1;
        kernel_physical_mapping_init(pgd_base);
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c   Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c   Fri Aug 19 18:19:28 2005
@@ -306,7 +306,7 @@
 {
        mmu_update_t **v = (mmu_update_t **)data;
 
-       (*v)->ptr = ((physaddr_t)pfn_to_mfn(page_to_pfn(pte_page)) <<
+       (*v)->ptr = ((maddr_t)pfn_to_mfn(page_to_pfn(pte_page)) <<
                     PAGE_SHIFT) | ((unsigned long)pte & ~PAGE_MASK);
        (*v)++;
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/mm/pgtable.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/mm/pgtable.c   Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/pgtable.c   Fri Aug 19 18:19:28 2005
@@ -170,7 +170,7 @@
        __flush_tlb_one(vaddr);
 }
 
-void __set_fixmap (enum fixed_addresses idx, unsigned long phys, pgprot_t 
flags)
+void __set_fixmap (enum fixed_addresses idx, maddr_t phys, pgprot_t flags)
 {
        unsigned long address = __fix_to_virt(idx);
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c
--- a/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c     Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c     Fri Aug 19 18:19:28 2005
@@ -144,7 +144,7 @@
     vcpu_info_t   *vcpu_info = &s->vcpu_data[cpu];
 
     vcpu_info->evtchn_upcall_pending = 0;
-    
+
     /* NB. No need for a barrier here -- XCHG is a barrier on x86. */
     l1 = xchg(&vcpu_info->evtchn_pending_sel, 0);
     while ( l1 != 0 )
@@ -158,9 +158,9 @@
             l2 &= ~(1 << l2i);
             
             port = (l1i << 5) + l2i;
-            if ( (irq = evtchn_to_irq[port]) != -1 )
+            if ( (irq = evtchn_to_irq[port]) != -1 ) {
                 do_IRQ(irq, regs);
-            else
+           } else
                 evtchn_device_upcall(port);
         }
     }
@@ -243,6 +243,74 @@
     }
 
     spin_unlock(&irq_mapping_update_lock);
+}
+
+/* This is only used when a vcpu from an xm save.  The ipi is expected
+   to have been bound before we suspended, and so all of the xenolinux
+   state is set up; we only need to restore the Xen side of things.
+   The irq number has to be the same, but the evtchn number can
+   change. */
+void _bind_ipi_to_irq(int ipi, int vcpu, int irq)
+{
+    evtchn_op_t op;
+    int evtchn;
+
+    spin_lock(&irq_mapping_update_lock);
+
+    op.cmd = EVTCHNOP_bind_ipi;
+    if ( HYPERVISOR_event_channel_op(&op) != 0 )
+       panic("Failed to bind virtual IPI %d on cpu %d\n", ipi, vcpu);
+    evtchn = op.u.bind_ipi.port;
+
+    printk("<0>IPI %d, old evtchn %d, evtchn %d.\n",
+          ipi, per_cpu(ipi_to_evtchn, vcpu)[ipi],
+          evtchn);
+
+    evtchn_to_irq[irq_to_evtchn[irq]] = -1;
+    irq_to_evtchn[irq] = -1;
+
+    evtchn_to_irq[evtchn] = irq;
+    irq_to_evtchn[irq]    = evtchn;
+
+    printk("<0>evtchn_to_irq[%d] = %d.\n", evtchn,
+          evtchn_to_irq[evtchn]);
+    per_cpu(ipi_to_evtchn, vcpu)[ipi] = evtchn;
+
+    bind_evtchn_to_cpu(evtchn, vcpu);
+
+    spin_unlock(&irq_mapping_update_lock);
+
+    clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_mask);
+    clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_pending);
+}
+
+void _bind_virq_to_irq(int virq, int cpu, int irq)
+{
+    evtchn_op_t op;
+    int evtchn;
+
+    spin_lock(&irq_mapping_update_lock);
+
+    op.cmd              = EVTCHNOP_bind_virq;
+    op.u.bind_virq.virq = virq;
+    if ( HYPERVISOR_event_channel_op(&op) != 0 )
+            panic("Failed to bind virtual IRQ %d\n", virq);
+    evtchn = op.u.bind_virq.port;
+
+    evtchn_to_irq[irq_to_evtchn[irq]] = -1;
+    irq_to_evtchn[irq] = -1;
+
+    evtchn_to_irq[evtchn] = irq;
+    irq_to_evtchn[irq]    = evtchn;
+
+    per_cpu(virq_to_irq, cpu)[virq] = irq;
+
+    bind_evtchn_to_cpu(evtchn, cpu);
+
+    spin_unlock(&irq_mapping_update_lock);
+
+    clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_mask);
+    clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_pending);
 }
 
 int bind_ipi_to_irq(int ipi)
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/kernel/reboot.c
--- a/linux-2.6-xen-sparse/arch/xen/kernel/reboot.c     Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/kernel/reboot.c     Fri Aug 19 18:19:28 2005
@@ -16,6 +16,8 @@
 #include <asm-xen/queues.h>
 #include <asm-xen/xenbus.h>
 #include <asm-xen/ctrl_if.h>
+#include <linux/cpu.h>
+#include <linux/kthread.h>
 
 #define SHUTDOWN_INVALID  -1
 #define SHUTDOWN_POWEROFF  0
@@ -58,20 +60,74 @@
 /* Ignore multiple shutdown requests. */
 static int shutting_down = SHUTDOWN_INVALID;
 
-static void __do_suspend(void)
+#ifndef CONFIG_HOTPLUG_CPU
+#define cpu_down(x) (-EOPNOTSUPP)
+#define cpu_up(x) (-EOPNOTSUPP)
+#endif
+
+static void save_vcpu_context(int vcpu, vcpu_guest_context_t *ctxt)
+{
+    int r;
+    int gdt_pages;
+    r = HYPERVISOR_vcpu_pickle(vcpu, ctxt);
+    if (r != 0)
+       panic("pickling vcpu %d -> %d!\n", vcpu, r);
+
+    /* Translate from machine to physical addresses where necessary,
+       so that they can be translated to our new machine address space
+       after resume.  libxc is responsible for doing this to vcpu0,
+       but we do it to the others. */
+    gdt_pages = (ctxt->gdt_ents + 511) / 512;
+    ctxt->ctrlreg[3] = machine_to_phys(ctxt->ctrlreg[3]);
+    for (r = 0; r < gdt_pages; r++)
+       ctxt->gdt_frames[r] = mfn_to_pfn(ctxt->gdt_frames[r]);
+}
+
+void _restore_vcpu(int cpu);
+
+atomic_t vcpus_rebooting;
+
+static int restore_vcpu_context(int vcpu, vcpu_guest_context_t *ctxt)
+{
+    int r;
+    int gdt_pages = (ctxt->gdt_ents + 511) / 512;
+
+    /* This is kind of a hack, and implicitly relies on the fact that
+       the vcpu stops in a place where all of the call clobbered
+       registers are already dead. */
+    ctxt->user_regs.esp -= 4;
+    ((unsigned long *)ctxt->user_regs.esp)[0] = ctxt->user_regs.eip;
+    ctxt->user_regs.eip = (unsigned long)_restore_vcpu;
+
+    /* De-canonicalise.  libxc handles this for vcpu 0, but we need
+       to do it for the other vcpus. */
+    ctxt->ctrlreg[3] = phys_to_machine(ctxt->ctrlreg[3]);
+    for (r = 0; r < gdt_pages; r++)
+       ctxt->gdt_frames[r] = pfn_to_mfn(ctxt->gdt_frames[r]);
+
+    atomic_set(&vcpus_rebooting, 1);
+    r = HYPERVISOR_boot_vcpu(vcpu, ctxt);
+    if (r != 0) {
+       printk(KERN_EMERG "Failed to reboot vcpu %d (%d)\n", vcpu, r);
+       return -1;
+    }
+
+    /* Make sure we wait for the new vcpu to come up before trying to do
+       anything with it or starting the next one. */
+    while (atomic_read(&vcpus_rebooting))
+       barrier();
+
+    return 0;
+}
+
+static int __do_suspend(void *ignore)
 {
     int i, j;
     suspend_record_t *suspend_record;
+    static vcpu_guest_context_t suspended_cpu_records[NR_CPUS];
 
     /* Hmmm... a cleaner interface to suspend/resume blkdevs would be nice. */
        /* XXX SMH: yes it would :-( */ 
-#ifdef CONFIG_XEN_BLKDEV_FRONTEND
-    extern void blkdev_suspend(void);
-    extern void blkdev_resume(void);
-#else
-#define blkdev_suspend() do{}while(0)
-#define blkdev_resume()  do{}while(0)
-#endif
 
 #ifdef CONFIG_XEN_NETDEV_FRONTEND
     extern void netif_suspend(void);
@@ -104,13 +160,63 @@
     extern unsigned long max_pfn;
     extern unsigned int *pfn_to_mfn_frame_list;
 
+    cpumask_t prev_online_cpus, prev_present_cpus;
+    int err = 0;
+
+    BUG_ON(smp_processor_id() != 0);
+    BUG_ON(in_interrupt());
+
+#if defined(CONFIG_SMP) && !defined(CONFIG_HOTPLUG_CPU)
+    if (num_online_cpus() > 1) {
+       printk(KERN_WARNING "Can't suspend SMP guests without 
CONFIG_HOTPLUG_CPU\n");
+       return -EOPNOTSUPP;
+    }
+#endif
+
     suspend_record = (suspend_record_t *)__get_free_page(GFP_KERNEL);
     if ( suspend_record == NULL )
         goto out;
 
+    /* Take all of the other cpus offline.  We need to be careful not
+       to get preempted between the final test for num_online_cpus()
+       == 1 and disabling interrupts, since otherwise userspace could
+       bring another cpu online, and then we'd be stuffed.  At the
+       same time, cpu_down can reschedule, so we need to enable
+       preemption while doing that.  This kind of sucks, but should be
+       correct. */
+    /* (We don't need to worry about other cpus bringing stuff up,
+       since by the time num_online_cpus() == 1, there aren't any
+       other cpus) */
+    cpus_clear(prev_online_cpus);
+    preempt_disable();
+    while (num_online_cpus() > 1) {
+       preempt_enable();
+       for_each_online_cpu(i) {
+           if (i == 0)
+               continue;
+           err = cpu_down(i);
+           if (err != 0) {
+               printk(KERN_CRIT "Failed to take all CPUs down: %d.\n", err);
+               goto out_reenable_cpus;
+           }
+           cpu_set(i, prev_online_cpus);
+       }
+       preempt_disable();
+    }
+
     suspend_record->nr_pfns = max_pfn; /* final number of pfns */
 
     __cli();
+
+    preempt_enable();
+
+    cpus_clear(prev_present_cpus);
+    for_each_present_cpu(i) {
+       if (i == 0)
+           continue;
+       save_vcpu_context(i, &suspended_cpu_records[i]);
+       cpu_set(i, prev_present_cpus);
+    }
 
 #ifdef __i386__
     mm_pin_all();
@@ -119,8 +225,6 @@
 
     netif_suspend();
 
-    blkdev_suspend();
-
     time_suspend();
 
 #ifdef CONFIG_SMP
@@ -141,7 +245,9 @@
     memcpy(&suspend_record->resume_info, &xen_start_info,
            sizeof(xen_start_info));
 
-    HYPERVISOR_suspend(virt_to_machine(suspend_record) >> PAGE_SHIFT);
+    /* We'll stop somewhere inside this hypercall.  When it returns,
+       we'll start resuming after the restore. */
+    HYPERVISOR_suspend(virt_to_mfn(suspend_record));
 
     shutting_down = SHUTDOWN_INVALID; 
 
@@ -157,10 +263,10 @@
     for ( i=0, j=0; i < max_pfn; i+=(PAGE_SIZE/sizeof(unsigned long)), j++ )
     {
         pfn_to_mfn_frame_list[j] = 
-            virt_to_machine(&phys_to_machine_mapping[i]) >> PAGE_SHIFT;
+            virt_to_mfn(&phys_to_machine_mapping[i]);
     }
     HYPERVISOR_shared_info->arch.pfn_to_mfn_frame_list =
-        virt_to_machine(pfn_to_mfn_frame_list) >> PAGE_SHIFT;
+        virt_to_mfn(pfn_to_mfn_frame_list);
 
     gnttab_resume();
 
@@ -176,17 +282,30 @@
 
     time_resume();
 
-    blkdev_resume();
-
     netif_resume();
 
     usbif_resume();
 
+    for_each_cpu_mask(i, prev_present_cpus) {
+       restore_vcpu_context(i, &suspended_cpu_records[i]);
+    }
+
     __sti();
+
+ out_reenable_cpus:
+    for_each_cpu_mask(i, prev_online_cpus) {
+       j = cpu_up(i);
+       if (j != 0) {
+           printk(KERN_CRIT "Failed to bring cpu %d back up (%d).\n",
+                  i, j);
+           err = j;
+       }
+    }
 
  out:
     if ( suspend_record != NULL )
         free_page((unsigned long)suspend_record);
+    return err;
 }
 
 static int shutdown_process(void *__unused)
@@ -233,6 +352,18 @@
     return 0;
 }
 
+static struct task_struct *kthread_create_on_cpu(int (*f)(void *arg),
+                                                void *arg,
+                                                const char *name,
+                                                int cpu)
+{
+    struct task_struct *p;
+    p = kthread_create(f, arg, name);
+    kthread_bind(p, cpu);
+    wake_up_process(p);
+    return p;
+}
+
 static void __shutdown_handler(void *unused)
 {
     int err;
@@ -245,7 +376,7 @@
     }
     else
     {
-        __do_suspend();
+       kthread_create_on_cpu(__do_suspend, NULL, "suspender", 0);
     }
 }
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/process.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/process.c     Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/process.c     Fri Aug 19 
18:19:28 2005
@@ -453,8 +453,8 @@
 #define C(i) do {                                                      \
        if (unlikely(next->tls_array[i] != prev->tls_array[i])) {       \
                mcl->op      = __HYPERVISOR_update_descriptor;          \
-               mcl->args[0] = virt_to_machine(&get_cpu_gdt_table(cpu)  \
-                                              [GDT_ENTRY_TLS_MIN + i]); \
+               mcl->args[0] = virt_to_machine(                         \
+                       &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN + i]);\
                mcl->args[1] = next->tls_array[i];                      \
                mcl++;                                                  \
        }                                                               \
@@ -474,7 +474,7 @@
                iobmp_op.cmd                     =
                        PHYSDEVOP_SET_IOBITMAP;
                iobmp_op.u.set_iobitmap.bitmap   =
-                       (unsigned long)next->io_bitmap_ptr;
+                       (char *)next->io_bitmap_ptr;
                iobmp_op.u.set_iobitmap.nr_ports =
                        next->io_bitmap_ptr ? IO_BITMAP_BITS : 0;
                mcl->op      = __HYPERVISOR_physdev_op;
@@ -743,3 +743,9 @@
                sp -= get_random_int() % 8192;
        return sp & ~0xf;
 }
+
+#ifndef CONFIG_SMP
+void _restore_vcpu(void)
+{
+}
+#endif
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c       Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c       Fri Aug 19 
18:19:28 2005
@@ -795,7 +795,7 @@
                for ( i=0, j=0; i < end_pfn; i+=(PAGE_SIZE/sizeof(unsigned 
long)), j++ )
                {       
                        pfn_to_mfn_frame_list[j] = 
-                               virt_to_machine(&phys_to_machine_mapping[i]) >> 
PAGE_SHIFT;
+                               virt_to_mfn(&phys_to_machine_mapping[i]);
                }
 
        }
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c     Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c     Fri Aug 19 
18:19:28 2005
@@ -139,7 +139,7 @@
        for (va = gdt_descr->address, f = 0;
             va < gdt_descr->address + gdt_descr->size;
             va += PAGE_SIZE, f++) {
-               frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+               frames[f] = virt_to_mfn(va);
                make_page_readonly((void *)va);
        }
        if (HYPERVISOR_set_gdt(frames, gdt_descr->size /
@@ -280,19 +280,16 @@
        if (cpu) {
                memcpy(cpu_gdt_table[cpu], cpu_gdt_table[0], GDT_SIZE);
        }       
-#endif
 
        cpu_gdt_descr[cpu].size = GDT_SIZE;
        cpu_gdt_descr[cpu].address = (unsigned long)cpu_gdt_table[cpu];
 
-        cpu_gdt_init(&cpu_gdt_descr[cpu]);
-
-#ifndef CONFIG_XEN 
        memcpy(me->thread.tls_array, cpu_gdt_table[cpu], GDT_ENTRY_TLS_ENTRIES 
* 8);
-
 #else
        memcpy(me->thread.tls_array, &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN],
            GDT_ENTRY_TLS_ENTRIES * 8);
+
+    cpu_gdt_init(&cpu_gdt_descr[cpu]);
 #endif
        
        /*
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/smpboot.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/smpboot.c     Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/smpboot.c     Fri Aug 19 
18:19:28 2005
@@ -780,7 +780,7 @@
                for (va = cpu_gdt_descr[cpu].address, f = 0;
                     va < cpu_gdt_descr[cpu].address + cpu_gdt_descr[cpu].size;
                     va += PAGE_SIZE, f++) {
-                       ctxt.gdt_frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+                       ctxt.gdt_frames[f] = virt_to_mfn(va);
                        make_page_readonly((void *)va);
                }
                ctxt.gdt_ents = GDT_ENTRIES;
@@ -795,7 +795,7 @@
        ctxt.failsafe_callback_eip = (unsigned long)failsafe_callback;
        ctxt.syscall_callback_eip  = (unsigned long)system_call;
 
-       ctxt.ctrlreg[3] = (unsigned long)virt_to_machine(init_level4_pgt);
+       ctxt.ctrlreg[3] = virt_to_mfn(init_level4_pgt) << PAGE_SHIFT;
 
        boot_error = HYPERVISOR_boot_vcpu(cpu, &ctxt);
 
@@ -1286,4 +1286,10 @@
        smp_intr_init();
        local_setup_timer_irq();
 }
-#endif
+
+void _restore_vcpu(void)
+{
+       /* XXX need to write this */
+}
+
+#endif
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c    Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c    Fri Aug 19 18:19:28 2005
@@ -742,7 +742,7 @@
                                set_fixmap(FIX_ISAMAP_BEGIN - i, i * PAGE_SIZE);
                        else
                                __set_fixmap(FIX_ISAMAP_BEGIN - i,
-                                            virt_to_machine(empty_zero_page),
+                                            virt_to_mfn(empty_zero_page) << 
PAGE_SHIFT,
                                             PAGE_KERNEL_RO);
        }
 #endif
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/Makefile
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/Makefile Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/Makefile Fri Aug 19 18:19:28 2005
@@ -1,2 +1,2 @@
 
-obj-y  := blkback.o control.o interface.o vbd.o
+obj-y  := blkback.o xenbus.o interface.o vbd.o
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c        Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c        Fri Aug 19 
18:19:28 2005
@@ -104,7 +104,6 @@
 #endif
 
 static int do_block_io_op(blkif_t *blkif, int max_to_do);
-static void dispatch_probe(blkif_t *blkif, blkif_request_t *req);
 static void dispatch_rw_block_io(blkif_t *blkif, blkif_request_t *req);
 static void make_response(blkif_t *blkif, unsigned long id, 
                           unsigned short op, int st);
@@ -349,10 +348,6 @@
             dispatch_rw_block_io(blkif, req);
             break;
 
-        case BLKIF_OP_PROBE:
-            dispatch_probe(blkif, req);
-            break;
-
         default:
             DPRINTK("error: unknown block io operation [%d]\n",
                     req->operation);
@@ -363,66 +358,6 @@
 
     blk_ring->req_cons = i;
     return more_to_do;
-}
-
-static void dispatch_probe(blkif_t *blkif, blkif_request_t *req)
-{
-    int rsp = BLKIF_RSP_ERROR;
-    int pending_idx = pending_ring[MASK_PEND_IDX(pending_cons)];
-
-    /* We expect one buffer only. */
-    if ( unlikely(req->nr_segments != 1) )
-        goto out;
-
-    /* Make sure the buffer is page-sized. */
-    if ( (blkif_first_sect(req->frame_and_sects[0]) != 0) ||
-         (blkif_last_sect(req->frame_and_sects[0]) != ((PAGE_SIZE/512)-1)) )
-        goto out;
-
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    {
-        struct gnttab_map_grant_ref map;
-
-        map.host_addr = MMAP_VADDR(pending_idx, 0);
-        map.flags = GNTMAP_host_map;
-        map.ref = blkif_gref_from_fas(req->frame_and_sects[0]);
-        map.dom = blkif->domid;
-
-        if ( unlikely(HYPERVISOR_grant_table_op(
-                        GNTTABOP_map_grant_ref, &map, 1)))
-            BUG();
-
-        if ( map.handle < 0 )
-            goto out;
-
-        pending_handle(pending_idx, 0) = map.handle;
-    }
-#else /* else CONFIG_XEN_BLKDEV_GRANT */
-
-#ifdef CONFIG_XEN_BLKDEV_TAP_BE
-    /* Grab the real frontend out of the probe message. */
-    if (req->frame_and_sects[1] == BLKTAP_COOKIE) 
-        blkif->is_blktap = 1;
-#endif
-
-
-    if ( HYPERVISOR_update_va_mapping_otherdomain(
-        MMAP_VADDR(pending_idx, 0),
-        pfn_pte_ma(req->frame_and_sects[0] >> PAGE_SHIFT, PAGE_KERNEL),
-#ifdef CONFIG_XEN_BLKDEV_TAP_BE
-        0, (blkif->is_blktap ? ID_TO_DOM(req->id) : blkif->domid) ) )
-#else
-        0, blkif->domid) )
-#endif
-        goto out;
-#endif /* endif CONFIG_XEN_BLKDEV_GRANT */
-   
-    rsp = vbd_probe(blkif, (vdisk_t *)MMAP_VADDR(pending_idx, 0), 
-                    PAGE_SIZE / sizeof(vdisk_t));
-
- out:
-    fast_flush_area(pending_idx, 1);
-    make_response(blkif, req->id, req->operation, rsp);
 }
 
 static void dispatch_rw_block_io(blkif_t *blkif, blkif_request_t *req)
@@ -460,7 +395,7 @@
         goto bad_descriptor;
     }
 
-    preq.dev           = req->device;
+    preq.dev           = req->handle;
     preq.sector_number = req->sector_number;
     preq.nr_sects      = 0;
 
@@ -730,8 +665,8 @@
         0, SLAB_HWCACHE_ALIGN, NULL, NULL);
 #endif
 
-    blkif_ctrlif_init();
-    
+    blkif_xenbus_init();
+
 #ifdef CONFIG_XEN_BLKDEV_GRANT
     memset( pending_grant_handles,  BLKBACK_INVALID_HANDLE, MMAP_PAGES );
     printk(KERN_ALERT "Blkif backend is using grant tables.\n");
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/common.h
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/common.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/common.h Fri Aug 19 18:19:28 2005
@@ -13,7 +13,6 @@
 #include <asm/io.h>
 #include <asm/setup.h>
 #include <asm/pgalloc.h>
-#include <asm-xen/ctrl_if.h>
 #include <asm-xen/evtchn.h>
 #include <asm-xen/hypervisor.h>
 #include <asm-xen/xen-public/io/blkif.h>
@@ -47,6 +46,7 @@
     /* Physical parameters of the comms window. */
     unsigned long     shmem_frame;
     unsigned int      evtchn;
+    unsigned int      remote_evtchn;
     /* Comms information. */
     blkif_back_ring_t blk_ring;
     /* VBDs attached to this interface. */
@@ -71,7 +71,7 @@
     struct work_struct work;
 #ifdef CONFIG_XEN_BLKDEV_GRANT
     u16 shmem_handle;
-    memory_t shmem_vaddr;
+    unsigned long shmem_vaddr;
     grant_ref_t shmem_ref;
 #endif
 } blkif_t;
@@ -81,17 +81,29 @@
 void blkif_connect(blkif_be_connect_t *connect);
 int  blkif_disconnect(blkif_be_disconnect_t *disconnect, u8 rsp_id);
 void blkif_disconnect_complete(blkif_t *blkif);
-blkif_t *blkif_find_by_handle(domid_t domid, unsigned int handle);
+blkif_t *blkif_find(domid_t domid);
+void free_blkif(blkif_t *blkif);
+int blkif_map(blkif_t *blkif, unsigned long shared_page, unsigned int evtchn);
+
 #define blkif_get(_b) (atomic_inc(&(_b)->refcnt))
 #define blkif_put(_b)                             \
     do {                                          \
         if ( atomic_dec_and_test(&(_b)->refcnt) ) \
-            blkif_disconnect_complete(_b);        \
+            free_blkif(_b);                      \
     } while (0)
 
-void vbd_create(blkif_be_vbd_create_t *create); 
+struct vbd;
+void vbd_free(blkif_t *blkif, struct vbd *vbd);
+
+/* Creates inactive vbd. */
+struct vbd *vbd_create(blkif_t *blkif, blkif_vdev_t vdevice, blkif_pdev_t 
pdevice, int readonly);
+int vbd_is_active(struct vbd *vbd);
+void vbd_activate(blkif_t *blkif, struct vbd *vbd);
+
+unsigned long vbd_size(struct vbd *vbd);
+unsigned int vbd_info(struct vbd *vbd);
+unsigned long vbd_secsize(struct vbd *vbd);
 void vbd_destroy(blkif_be_vbd_destroy_t *delete); 
-int vbd_probe(blkif_t *blkif, vdisk_t *vbd_info, int max_vbds);
 void destroy_all_vbds(blkif_t *blkif);
 
 struct phys_req {
@@ -104,9 +116,10 @@
 int vbd_translate(struct phys_req *req, blkif_t *blkif, int operation); 
 
 void blkif_interface_init(void);
-void blkif_ctrlif_init(void);
 
 void blkif_deschedule(blkif_t *blkif);
+
+void blkif_xenbus_init(void);
 
 irqreturn_t blkif_be_int(int irq, void *dev_id, struct pt_regs *regs);
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/interface.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/interface.c      Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/interface.c      Fri Aug 19 
18:19:28 2005
@@ -7,24 +7,135 @@
  */
 
 #include "common.h"
+#include <asm-xen/ctrl_if.h>
+#include <asm-xen/evtchn.h>
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
 #define VMALLOC_VMADDR(x) ((unsigned long)(x))
 #endif
 
 #define BLKIF_HASHSZ 1024
-#define BLKIF_HASH(_d,_h) (((int)(_d)^(int)(_h))&(BLKIF_HASHSZ-1))
+#define BLKIF_HASH(_d) (((int)(_d))&(BLKIF_HASHSZ-1))
 
 static kmem_cache_t *blkif_cachep;
 static blkif_t      *blkif_hash[BLKIF_HASHSZ];
 
-blkif_t *blkif_find_by_handle(domid_t domid, unsigned int handle)
-{
-    blkif_t *blkif = blkif_hash[BLKIF_HASH(domid, handle)];
-    while ( (blkif != NULL) && 
-            ((blkif->domid != domid) || (blkif->handle != handle)) )
+blkif_t *blkif_find(domid_t domid)
+{
+    blkif_t *blkif = blkif_hash[BLKIF_HASH(domid)];
+
+    while (blkif) {
+       if (blkif->domid == domid) {
+           blkif_get(blkif);
+           return blkif;
+       }
         blkif = blkif->hash_next;
+    }
+
+    blkif = kmem_cache_alloc(blkif_cachep, GFP_KERNEL);
+    if (!blkif)
+           return ERR_PTR(-ENOMEM);
+
+    memset(blkif, 0, sizeof(*blkif));
+    blkif->domid = domid;
+    blkif->status = DISCONNECTED;
+    spin_lock_init(&blkif->vbd_lock);
+    spin_lock_init(&blkif->blk_ring_lock);
+    atomic_set(&blkif->refcnt, 1);
+
+    blkif->hash_next = blkif_hash[BLKIF_HASH(domid)];
+    blkif_hash[BLKIF_HASH(domid)] = blkif;
     return blkif;
+}
+
+#ifndef CONFIG_XEN_BLKDEV_GRANT
+static int map_frontend_page(blkif_t *blkif, unsigned long localaddr,
+                            unsigned long shared_page)
+{
+    return direct_remap_area_pages(&init_mm, localaddr,
+                                  shared_page<<PAGE_SHIFT, PAGE_SIZE,
+                                  __pgprot(_KERNPG_TABLE), blkif->domid);
+}
+
+static void unmap_frontend_page(blkif_t *blkif)
+{
+}
+#else
+static int map_frontend_page(blkif_t *blkif, unsigned long localaddr,
+                            unsigned long shared_page)
+{
+    struct gnttab_map_grant_ref op;
+    op.host_addr = localaddr;
+    op.flags = GNTMAP_host_map;
+    op.ref = shared_page;
+    op.dom = blkif->domid;
+       
+    BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
+
+    if (op.handle < 0) {
+       DPRINTK(" Grant table operation failure !\n");
+       return op.handle;
+    }
+
+    blkif->shmem_ref = shared_page;
+    blkif->shmem_handle = op.handle;
+    blkif->shmem_vaddr = localaddr;
+    return 0;
+}
+
+static void unmap_frontend_page(blkif_t *blkif)
+{
+    struct gnttab_unmap_grant_ref op;
+
+    op.host_addr = blkif->shmem_vaddr;
+    op.handle = blkif->shmem_handle;
+    op.dev_bus_addr = 0;
+    BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
+}
+#endif /* CONFIG_XEN_BLKDEV_GRANT */
+
+int blkif_map(blkif_t *blkif, unsigned long shared_page, unsigned int evtchn)
+{
+    struct vm_struct *vma;
+    blkif_sring_t *sring;
+    evtchn_op_t op = { .cmd = EVTCHNOP_bind_interdomain };
+    int err;
+
+    BUG_ON(blkif->remote_evtchn);
+
+    if ( (vma = get_vm_area(PAGE_SIZE, VM_IOREMAP)) == NULL )
+       return -ENOMEM;
+
+    err = map_frontend_page(blkif, VMALLOC_VMADDR(vma->addr), shared_page);
+    if (err) {
+        vfree(vma->addr);
+       return err;
+    }
+
+    op.u.bind_interdomain.dom1 = DOMID_SELF;
+    op.u.bind_interdomain.dom2 = blkif->domid;
+    op.u.bind_interdomain.port1 = 0;
+    op.u.bind_interdomain.port2 = evtchn;
+    err = HYPERVISOR_event_channel_op(&op);
+    if (err) {
+       unmap_frontend_page(blkif);
+       vfree(vma->addr);
+       return err;
+    }
+
+    blkif->evtchn = op.u.bind_interdomain.port1;
+    blkif->remote_evtchn = evtchn;
+
+    sring = (blkif_sring_t *)vma->addr;
+    SHARED_RING_INIT(sring);
+    BACK_RING_INIT(&blkif->blk_ring, sring, PAGE_SIZE);
+
+    bind_evtchn_to_irqhandler(blkif->evtchn, blkif_be_int, 0, "blkif-backend",
+                             blkif);
+    blkif->status        = CONNECTED;
+    blkif->shmem_frame   = shared_page;
+
+    return 0;
 }
 
 static void __blkif_disconnect_complete(void *arg)
@@ -32,21 +143,13 @@
     blkif_t              *blkif = (blkif_t *)arg;
     ctrl_msg_t            cmsg;
     blkif_be_disconnect_t disc;
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    struct gnttab_unmap_grant_ref op;
-#endif
 
     /*
      * These can't be done in blkif_disconnect() because at that point there
      * may be outstanding requests at the disc whose asynchronous responses
      * must still be notified to the remote driver.
      */
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    op.host_addr      = blkif->shmem_vaddr;
-    op.handle         = blkif->shmem_handle;
-    op.dev_bus_addr   = 0;
-    BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
-#endif
+    unmap_frontend_page(blkif);
     vfree(blkif->blk_ring.sring);
 
     /* Construct the deferred response message. */
@@ -81,200 +184,35 @@
     schedule_work(&blkif->work);
 }
 
-void blkif_create(blkif_be_create_t *create)
-{
-    domid_t       domid  = create->domid;
-    unsigned int  handle = create->blkif_handle;
-    blkif_t     **pblkif, *blkif;
-
-    if ( (blkif = kmem_cache_alloc(blkif_cachep, GFP_KERNEL)) == NULL )
+void free_blkif(blkif_t *blkif)
+{
+    blkif_t     **pblkif;
+    evtchn_op_t op = { .cmd = EVTCHNOP_close };
+
+    op.u.close.port = blkif->evtchn;
+    op.u.close.dom = DOMID_SELF;
+    HYPERVISOR_event_channel_op(&op);
+    op.u.close.port = blkif->remote_evtchn;
+    op.u.close.dom = blkif->domid;
+    HYPERVISOR_event_channel_op(&op);
+
+    if (blkif->evtchn)
+        unbind_evtchn_from_irqhandler(blkif->evtchn, blkif);
+
+    if (blkif->blk_ring.sring) {
+       unmap_frontend_page(blkif);
+       vfree(blkif->blk_ring.sring);
+    }
+
+    pblkif = &blkif_hash[BLKIF_HASH(blkif->domid)];
+    while ( *pblkif != blkif )
     {
-        DPRINTK("Could not create blkif: out of memory\n");
-        create->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
-        return;
-    }
-
-    memset(blkif, 0, sizeof(*blkif));
-    blkif->domid  = domid;
-    blkif->handle = handle;
-    blkif->status = DISCONNECTED;
-    spin_lock_init(&blkif->vbd_lock);
-    spin_lock_init(&blkif->blk_ring_lock);
-    atomic_set(&blkif->refcnt, 0);
-
-    pblkif = &blkif_hash[BLKIF_HASH(domid, handle)];
-    while ( *pblkif != NULL )
-    {
-        if ( ((*pblkif)->domid == domid) && ((*pblkif)->handle == handle) )
-        {
-            DPRINTK("Could not create blkif: already exists\n");
-            create->status = BLKIF_BE_STATUS_INTERFACE_EXISTS;
-            kmem_cache_free(blkif_cachep, blkif);
-            return;
-        }
+       BUG_ON(!*pblkif);
         pblkif = &(*pblkif)->hash_next;
     }
-
-    blkif->hash_next = *pblkif;
-    *pblkif = blkif;
-
-    DPRINTK("Successfully created blkif\n");
-    create->status = BLKIF_BE_STATUS_OKAY;
-}
-
-void blkif_destroy(blkif_be_destroy_t *destroy)
-{
-    domid_t       domid  = destroy->domid;
-    unsigned int  handle = destroy->blkif_handle;
-    blkif_t     **pblkif, *blkif;
-
-    pblkif = &blkif_hash[BLKIF_HASH(domid, handle)];
-    while ( (blkif = *pblkif) != NULL )
-    {
-        if ( (blkif->domid == domid) && (blkif->handle == handle) )
-        {
-            if ( blkif->status != DISCONNECTED )
-                goto still_connected;
-            goto destroy;
-        }
-        pblkif = &blkif->hash_next;
-    }
-
-    destroy->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
-    return;
-
- still_connected:
-    destroy->status = BLKIF_BE_STATUS_INTERFACE_CONNECTED;
-    return;
-
- destroy:
     *pblkif = blkif->hash_next;
     destroy_all_vbds(blkif);
     kmem_cache_free(blkif_cachep, blkif);
-    destroy->status = BLKIF_BE_STATUS_OKAY;
-}
-
-void blkif_connect(blkif_be_connect_t *connect)
-{
-    domid_t        domid  = connect->domid;
-    unsigned int   handle = connect->blkif_handle;
-    unsigned int   evtchn = connect->evtchn;
-    unsigned long  shmem_frame = connect->shmem_frame;
-    struct vm_struct *vma;
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    int ref = connect->shmem_ref;
-#else
-    pgprot_t       prot;
-    int            error;
-#endif
-    blkif_t       *blkif;
-    blkif_sring_t *sring;
-
-    blkif = blkif_find_by_handle(domid, handle);
-    if ( unlikely(blkif == NULL) )
-    {
-        DPRINTK("blkif_connect attempted for non-existent blkif (%u,%u)\n", 
-                connect->domid, connect->blkif_handle); 
-        connect->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
-        return;
-    }
-
-    if ( (vma = get_vm_area(PAGE_SIZE, VM_IOREMAP)) == NULL )
-    {
-        connect->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
-        return;
-    }
-
-#ifndef CONFIG_XEN_BLKDEV_GRANT
-    prot = __pgprot(_KERNPG_TABLE);
-    error = direct_remap_area_pages(&init_mm, VMALLOC_VMADDR(vma->addr),
-                                    shmem_frame<<PAGE_SHIFT, PAGE_SIZE,
-                                    prot, domid);
-    if ( error != 0 )
-    {
-        if ( error == -ENOMEM )
-            connect->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
-        else if ( error == -EFAULT )
-            connect->status = BLKIF_BE_STATUS_MAPPING_ERROR;
-        else
-            connect->status = BLKIF_BE_STATUS_ERROR;
-        vfree(vma->addr);
-        return;
-    }
-#else
-    { /* Map: Use the Grant table reference */
-        struct gnttab_map_grant_ref op;
-        op.host_addr      = VMALLOC_VMADDR(vma->addr);
-        op.flags          = GNTMAP_host_map;
-        op.ref            = ref;
-        op.dom            = domid;
-       
-        BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
-       
-        handle = op.handle;
-       
-        if (op.handle < 0) {
-            DPRINTK(" Grant table operation failure !\n");
-            connect->status = BLKIF_BE_STATUS_MAPPING_ERROR;
-            vfree(vma->addr);
-            return;
-        }
-
-        blkif->shmem_ref = ref;
-        blkif->shmem_handle = handle;
-        blkif->shmem_vaddr = VMALLOC_VMADDR(vma->addr);
-    }
-#endif
-
-    if ( blkif->status != DISCONNECTED )
-    {
-        connect->status = BLKIF_BE_STATUS_INTERFACE_CONNECTED;
-        vfree(vma->addr);
-        return;
-    }
-    sring = (blkif_sring_t *)vma->addr;
-    SHARED_RING_INIT(sring);
-    BACK_RING_INIT(&blkif->blk_ring, sring, PAGE_SIZE);
-    
-    blkif->evtchn        = evtchn;
-    blkif->shmem_frame   = shmem_frame;
-    blkif->status        = CONNECTED;
-    blkif_get(blkif);
-
-    bind_evtchn_to_irqhandler(
-        blkif->evtchn, blkif_be_int, 0, "blkif-backend", blkif);
-
-    connect->status = BLKIF_BE_STATUS_OKAY;
-}
-
-int blkif_disconnect(blkif_be_disconnect_t *disconnect, u8 rsp_id)
-{
-    domid_t       domid  = disconnect->domid;
-    unsigned int  handle = disconnect->blkif_handle;
-    blkif_t      *blkif;
-
-    blkif = blkif_find_by_handle(domid, handle);
-    if ( unlikely(blkif == NULL) )
-    {
-        DPRINTK("blkif_disconnect attempted for non-existent blkif"
-                " (%u,%u)\n", disconnect->domid, disconnect->blkif_handle); 
-        disconnect->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
-        return 1; /* Caller will send response error message. */
-    }
-
-    if ( blkif->status == CONNECTED )
-    {
-        blkif->status = DISCONNECTING;
-        blkif->disconnect_rspid = rsp_id;
-        wmb(); /* Let other CPUs see the status change. */
-        unbind_evtchn_from_irqhandler(blkif->evtchn, blkif);
-        blkif_deschedule(blkif);
-        blkif_put(blkif);
-        return 0; /* Caller should not send response message. */
-    }
-
-    disconnect->status = BLKIF_BE_STATUS_OKAY;
-    return 1;
 }
 
 void __init blkif_interface_init(void)
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/vbd.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/vbd.c    Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/vbd.c    Fri Aug 19 18:19:28 2005
@@ -11,13 +11,16 @@
  */
 
 #include "common.h"
+#include <asm-xen/xenbus.h>
 
 struct vbd { 
-    blkif_vdev_t   vdevice;     /* what the domain refers to this vbd as */
+    blkif_vdev_t   handle;     /* what the domain refers to this vbd as */
     unsigned char  readonly;    /* Non-zero -> read-only */
     unsigned char  type;        /* VDISK_xxx */
     blkif_pdev_t   pdevice;     /* phys device that this vbd maps to */
     struct block_device *bdev;
+
+    int active;
     rb_node_t      rb;          /* for linking into R-B tree lookup struct */
 }; 
 
@@ -33,140 +36,128 @@
 #define bdev_hardsect_size(_b) 512
 #endif
 
-void vbd_create(blkif_be_vbd_create_t *create) 
+unsigned long vbd_size(struct vbd *vbd)
+{
+       return vbd_sz(vbd);
+}
+
+unsigned int vbd_info(struct vbd *vbd)
+{
+       return vbd->type | (vbd->readonly?VDISK_READONLY:0);
+}
+
+unsigned long vbd_secsize(struct vbd *vbd)
+{
+       return bdev_hardsect_size(vbd->bdev);
+}
+
+int vbd_is_active(struct vbd *vbd)
+{
+       return vbd->active;
+}
+
+struct vbd *vbd_create(blkif_t *blkif, blkif_vdev_t handle,
+                      blkif_pdev_t pdevice, int readonly)
 {
     struct vbd  *vbd; 
+
+    if ( unlikely((vbd = kmalloc(sizeof(struct vbd), GFP_KERNEL)) == NULL) )
+    {
+        DPRINTK("vbd_create: out of memory\n");
+       return ERR_PTR(-ENOMEM);
+    }
+
+    vbd->handle   = handle; 
+    vbd->readonly = readonly;
+    vbd->type     = 0;
+    vbd->active   = 0;
+
+    vbd->pdevice  = pdevice;
+
+    /* FIXME: Who frees vbd on failure? --RR */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+    vbd->bdev = open_by_devnum(
+        vbd_map_devnum(vbd->pdevice),
+        vbd->readonly ? FMODE_READ : FMODE_WRITE);
+    if ( IS_ERR(vbd->bdev) )
+    {
+        DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
+        return ERR_PTR(-ENOENT);
+    }
+
+    if ( (vbd->bdev->bd_disk == NULL) )
+    {
+        DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
+        bdev_put(vbd->bdev);
+        return ERR_PTR(-ENOENT);
+    }
+
+    if ( vbd->bdev->bd_disk->flags & GENHD_FL_CD )
+        vbd->type |= VDISK_CDROM;
+    if ( vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE )
+        vbd->type |= VDISK_REMOVABLE;
+
+#else
+    if ( (blk_size[MAJOR(vbd->pdevice)] == NULL) || (vbd_sz(vbd) == 0) )
+    {
+        DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
+        return ERR_PTR(-ENOENT);
+    }
+#endif
+
+    DPRINTK("Successful creation of handle=%04x (dom=%u)\n",
+            handle, blkif->domid);
+    return vbd;
+}
+
+void vbd_activate(blkif_t *blkif, struct vbd *vbd)
+{
     rb_node_t  **rb_p, *rb_parent = NULL;
-    blkif_t     *blkif;
-    blkif_vdev_t vdevice = create->vdevice;
-
-    blkif = blkif_find_by_handle(create->domid, create->blkif_handle);
-    if ( unlikely(blkif == NULL) )
-    {
-        DPRINTK("vbd_create attempted for non-existent blkif (%u,%u)\n", 
-                create->domid, create->blkif_handle); 
-        create->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
-        return;
-    }
-
+    struct vbd *i;
+    BUG_ON(vbd_is_active(vbd));
+
+    /* Find where to put it. */
     rb_p = &blkif->vbd_rb.rb_node;
     while ( *rb_p != NULL )
     {
         rb_parent = *rb_p;
-        vbd = rb_entry(rb_parent, struct vbd, rb);
-        if ( vdevice < vbd->vdevice )
+        i = rb_entry(rb_parent, struct vbd, rb);
+        if ( vbd->handle < i->handle )
         {
             rb_p = &rb_parent->rb_left;
         }
-        else if ( vdevice > vbd->vdevice )
+        else if ( vbd->handle > i->handle )
         {
             rb_p = &rb_parent->rb_right;
         }
         else
         {
-            DPRINTK("vbd_create attempted for already existing vbd\n");
-            create->status = BLKIF_BE_STATUS_VBD_EXISTS;
-            return;
+           /* We never create two of same vbd, so not possible. */
+           BUG();
         }
     }
 
-    if ( unlikely((vbd = kmalloc(sizeof(struct vbd), GFP_KERNEL)) == NULL) )
-    {
-        DPRINTK("vbd_create: out of memory\n");
-        create->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
-        return;
-    }
-
-    vbd->vdevice  = vdevice; 
-    vbd->readonly = create->readonly;
-    vbd->type     = 0;
-
-    /* Mask to 16-bit for compatibility with old tools */
-    vbd->pdevice  = create->pdevice & 0xffff;
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
-    vbd->bdev = open_by_devnum(
-        vbd_map_devnum(vbd->pdevice),
-        vbd->readonly ? FMODE_READ : FMODE_WRITE);
-    if ( IS_ERR(vbd->bdev) )
-    {
-        DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
-        create->status = BLKIF_BE_STATUS_PHYSDEV_NOT_FOUND;
-        return;
-    }
-
-    if ( (vbd->bdev->bd_disk == NULL) )
-    {
-        DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
-        create->status = BLKIF_BE_STATUS_PHYSDEV_NOT_FOUND;
-        bdev_put(vbd->bdev);
-        return;
-    }
-
-    if ( vbd->bdev->bd_disk->flags & GENHD_FL_CD )
-        vbd->type |= VDISK_CDROM;
-    if ( vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE )
-        vbd->type |= VDISK_REMOVABLE;
-
-#else
-    if ( (blk_size[MAJOR(vbd->pdevice)] == NULL) || (vbd_sz(vbd) == 0) )
-    {
-        DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
-        create->status = BLKIF_BE_STATUS_PHYSDEV_NOT_FOUND;
-        return;
-    }
-#endif
+    /* Now we're active. */
+    vbd->active = 1;
+    blkif_get(blkif);
 
     spin_lock(&blkif->vbd_lock);
     rb_link_node(&vbd->rb, rb_parent, rb_p);
     rb_insert_color(&vbd->rb, &blkif->vbd_rb);
     spin_unlock(&blkif->vbd_lock);
-
-    DPRINTK("Successful creation of vdev=%04x (dom=%u)\n",
-            vdevice, create->domid);
-    create->status = BLKIF_BE_STATUS_OKAY;
-}
-
-
-void vbd_destroy(blkif_be_vbd_destroy_t *destroy) 
-{
-    blkif_t           *blkif;
-    struct vbd        *vbd;
-    rb_node_t         *rb;
-    blkif_vdev_t       vdevice = destroy->vdevice;
-
-    blkif = blkif_find_by_handle(destroy->domid, destroy->blkif_handle);
-    if ( unlikely(blkif == NULL) )
-    {
-        DPRINTK("vbd_destroy attempted for non-existent blkif (%u,%u)\n", 
-                destroy->domid, destroy->blkif_handle); 
-        destroy->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
-        return;
-    }
-
-    rb = blkif->vbd_rb.rb_node;
-    while ( rb != NULL )
-    {
-        vbd = rb_entry(rb, struct vbd, rb);
-        if ( vdevice < vbd->vdevice )
-            rb = rb->rb_left;
-        else if ( vdevice > vbd->vdevice )
-            rb = rb->rb_right;
-        else
-            goto found;
-    }
-
-    destroy->status = BLKIF_BE_STATUS_VBD_NOT_FOUND;
-    return;
-
- found:
-    spin_lock(&blkif->vbd_lock);
-    rb_erase(rb, &blkif->vbd_rb);
-    spin_unlock(&blkif->vbd_lock);
+}
+
+void vbd_free(blkif_t *blkif, struct vbd *vbd)
+{
+    if (vbd_is_active(vbd)) {
+       spin_lock(&blkif->vbd_lock);
+       rb_erase(&vbd->rb, &blkif->vbd_rb);
+       spin_unlock(&blkif->vbd_lock);
+       blkif_put(blkif);
+    }
     bdev_put(vbd->bdev);
     kfree(vbd);
 }
-
 
 void destroy_all_vbds(blkif_t *blkif)
 {
@@ -183,73 +174,11 @@
         bdev_put(vbd->bdev);
         kfree(vbd);
         spin_lock(&blkif->vbd_lock);
+        blkif_put(blkif);
     }
 
     spin_unlock(&blkif->vbd_lock);
 }
-
-
-static void vbd_probe_single(
-    blkif_t *blkif, vdisk_t *vbd_info, struct vbd *vbd)
-{
-    vbd_info->device      = vbd->vdevice; 
-    vbd_info->info        = vbd->type | (vbd->readonly ? VDISK_READONLY : 0);
-    vbd_info->capacity    = vbd_sz(vbd);
-    vbd_info->sector_size = bdev_hardsect_size(vbd->bdev);
-}
-
-
-int vbd_probe(blkif_t *blkif, vdisk_t *vbd_info, int max_vbds)
-{
-    int        rc = 0, nr_vbds = 0;
-    rb_node_t *rb;
-
-    spin_lock(&blkif->vbd_lock);
-
-    if ( (rb = blkif->vbd_rb.rb_node) == NULL )
-        goto out;
-
- new_subtree:
-    /* STEP 1. Find least node (it'll be left-most). */
-    while ( rb->rb_left != NULL )
-        rb = rb->rb_left;
-
-    for ( ; ; )
-    {
-        /* STEP 2. Dealt with left subtree. Now process current node. */
-        vbd_probe_single(blkif, &vbd_info[nr_vbds],
-                         rb_entry(rb, struct vbd, rb));
-        if ( ++nr_vbds == max_vbds )
-            goto out;
-
-        /* STEP 3. Process right subtree, if any. */
-        if ( rb->rb_right != NULL )
-        {
-            rb = rb->rb_right;
-            goto new_subtree;
-        }
-
-        /* STEP 4. Done both subtrees. Head back through ancesstors. */
-        for ( ; ; ) 
-        {
-            /* We're done when we get back to the root node. */
-            if ( rb->rb_parent == NULL )
-                goto out;
-            /* If we are left of parent, then parent is next to process. */
-            if ( rb->rb_parent->rb_left == rb )
-                break;
-            /* If we are right of parent, then we climb to grandparent. */
-            rb = rb->rb_parent;
-        }
-
-        rb = rb->rb_parent;
-    }
-
- out:
-    spin_unlock(&blkif->vbd_lock);
-    return (rc == 0) ? nr_vbds : rc;  
-}
-
 
 int vbd_translate(struct phys_req *req, blkif_t *blkif, int operation)
 {
@@ -264,9 +193,9 @@
     while ( rb != NULL )
     {
         vbd = rb_entry(rb, struct vbd, rb);
-        if ( req->dev < vbd->vdevice )
+        if ( req->dev < vbd->handle )
             rb = rb->rb_left;
-        else if ( req->dev > vbd->vdevice )
+        else if ( req->dev > vbd->handle )
             rb = rb->rb_right;
         else
             goto found;
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c      Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c      Fri Aug 19 
18:19:28 2005
@@ -53,8 +53,8 @@
 #include <linux/sched.h>
 #include <linux/interrupt.h>
 #include <scsi/scsi.h>
-#include <asm-xen/ctrl_if.h>
 #include <asm-xen/evtchn.h>
+#include <asm-xen/xenbus.h>
 #ifdef CONFIG_XEN_BLKDEV_GRANT
 #include <asm-xen/xen-public/grant_table.h>
 #include <asm-xen/gnttab.h>
@@ -65,22 +65,14 @@
 /* Control whether runtime update of vbds is enabled. */
 #define ENABLE_VBD_UPDATE 1
 
-#if ENABLE_VBD_UPDATE
-static void vbd_update(void);
-#else
-static void vbd_update(void){};
-#endif
-
 #define BLKIF_STATE_CLOSED       0
 #define BLKIF_STATE_DISCONNECTED 1
 #define BLKIF_STATE_CONNECTED    2
 
-static int blkif_handle = 0;
 static unsigned int blkif_state = BLKIF_STATE_CLOSED;
 static unsigned int blkif_evtchn = 0;
-
-static int blkif_control_rsp_valid;
-static blkif_response_t blkif_control_rsp;
+static unsigned int blkif_vbds = 0;
+static unsigned int blkif_vbds_connected = 0;
 
 static blkif_front_ring_t blk_ring;
 
@@ -92,6 +84,7 @@
 #define MAXIMUM_OUTSTANDING_BLOCK_REQS \
     (BLKIF_MAX_SEGMENTS_PER_REQUEST * BLKIF_RING_SIZE)
 #define GRANTREF_INVALID (1<<15)
+static int shmem_ref;
 #endif
 
 static struct blk_shadow {
@@ -105,7 +98,7 @@
 
 static void kick_pending_request_queues(void);
 
-int __init xlblk_init(void);
+static int __init xlblk_init(void);
 
 static void blkif_completion(struct blk_shadow *s);
 
@@ -179,19 +172,6 @@
 
 module_init(xlblk_init);
 
-#if ENABLE_VBD_UPDATE
-static void update_vbds_task(void *unused)
-{ 
-    xlvbd_update_vbds();
-}
-
-static void vbd_update(void)
-{
-    static DECLARE_WORK(update_tq, update_vbds_task, NULL);
-    schedule_work(&update_tq);
-}
-#endif /* ENABLE_VBD_UPDATE */
-
 static struct xlbd_disk_info *head_waiting = NULL;
 static void kick_pending_request_queues(void)
 {
@@ -221,16 +201,7 @@
 
 int blkif_release(struct inode *inode, struct file *filep)
 {
-    struct gendisk *gd = inode->i_bdev->bd_disk;
-    struct xlbd_disk_info *di = (struct xlbd_disk_info *)gd->private_data;
-
-    /*
-     * When usage drops to zero it may allow more VBD updates to occur.
-     * Update of usage count is protected by a per-device semaphore.
-     */
-    if ( --di->mi->usage == 0 )
-        vbd_update();
-
+    /* FIXME: This is where we can actually free up majors, etc. --RR */
     return 0;
 }
 
@@ -301,7 +272,7 @@
     ring_req->operation = rq_data_dir(req) ? BLKIF_OP_WRITE :
         BLKIF_OP_READ;
     ring_req->sector_number = (blkif_sector_t)req->sector;
-    ring_req->device = di->xd_device;
+    ring_req->handle = di->handle;
 
     ring_req->nr_segments = 0;
     rq_for_each_bio(bio, req)
@@ -446,10 +417,6 @@
             end_that_request_last(req);
 
             break;
-        case BLKIF_OP_PROBE:
-            memcpy(&blkif_control_rsp, bret, sizeof(*bret));
-            blkif_control_rsp_valid = 1;
-            break;
         default:
             BUG();
         }
@@ -483,28 +450,6 @@
 #define blkif_io_lock io_request_lock
 
 
/*============================================================================*/
-#if ENABLE_VBD_UPDATE
-
-/*
- * blkif_update_int/update-vbds_task - handle VBD update events.
- *  Schedule a task for keventd to run, which will update the VBDs and perform 
- *  the corresponding updates to our view of VBD state.
- */
-static void update_vbds_task(void *unused)
-{ 
-    xlvbd_update_vbds();
-}
-
-static void vbd_update(void)
-{
-    static struct tq_struct update_tq;
-    update_tq.routine = update_vbds_task;
-    schedule_task(&update_tq);
-}
-
-#endif /* ENABLE_VBD_UPDATE */
-/*============================================================================*/
-
 static void kick_pending_request_queues(void)
 {
     /* We kick pending request queues if the ring is reasonably empty. */
@@ -757,7 +702,8 @@
                                char *          buffer,
                                unsigned long   sector_number,
                                unsigned short  nr_sectors,
-                               kdev_t          device)
+                               kdev_t          device,
+                              blkif_vdev_t    handle)
 {
     unsigned long       buffer_ma = virt_to_bus(buffer);
     unsigned long       xid;
@@ -871,7 +817,7 @@
     req->id            = xid;
     req->operation     = operation;
     req->sector_number = (blkif_sector_t)sector_number;
-    req->device        = device; 
+    req->handle        = handle; 
     req->nr_segments   = 1;
 #ifdef CONFIG_XEN_BLKDEV_GRANT
     /* install a grant reference. */
@@ -1047,108 +993,10 @@
 
 /*****************************  COMMON CODE  *******************************/
 
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-void blkif_control_probe_send(blkif_request_t *req, blkif_response_t *rsp,
-                              unsigned long address)
-{
-    int ref = gnttab_claim_grant_reference(&gref_head, gref_terminal);
-    ASSERT( ref != -ENOSPC );
-
-    gnttab_grant_foreign_access_ref( ref, rdomid, address >> PAGE_SHIFT, 0 );
-
-    req->frame_and_sects[0] = blkif_fas_from_gref(ref, 0, (PAGE_SIZE/512)-1);
-
-    blkif_control_send(req, rsp);
-}
-#endif
-
-void blkif_control_send(blkif_request_t *req, blkif_response_t *rsp)
-{
-    unsigned long flags, id;
-    blkif_request_t *req_d;
-
- retry:
-    while ( RING_FULL(&blk_ring) )
-    {
-        set_current_state(TASK_INTERRUPTIBLE);
-        schedule_timeout(1);
-    }
-
-    spin_lock_irqsave(&blkif_io_lock, flags);
-    if ( RING_FULL(&blk_ring) )
-    {
-        spin_unlock_irqrestore(&blkif_io_lock, flags);
-        goto retry;
-    }
-
-    DISABLE_SCATTERGATHER();
-    req_d = RING_GET_REQUEST(&blk_ring, blk_ring.req_prod_pvt);
-    *req_d = *req;    
-
-    id = GET_ID_FROM_FREELIST();
-    req_d->id = id;
-    blk_shadow[id].request = (unsigned long)req;
-
-    pickle_request(&blk_shadow[id], req);
-
-    blk_ring.req_prod_pvt++;
-    flush_requests();
-
-    spin_unlock_irqrestore(&blkif_io_lock, flags);
-
-    while ( !blkif_control_rsp_valid )
-    {
-        set_current_state(TASK_INTERRUPTIBLE);
-        schedule_timeout(1);
-    }
-
-    memcpy(rsp, &blkif_control_rsp, sizeof(*rsp));
-    blkif_control_rsp_valid = 0;
-}
-
-
-/* Send a driver status notification to the domain controller. */
-static void send_driver_status(int ok)
-{
-    ctrl_msg_t cmsg = {
-        .type    = CMSG_BLKIF_FE,
-        .subtype = CMSG_BLKIF_FE_DRIVER_STATUS,
-        .length  = sizeof(blkif_fe_driver_status_t),
-    };
-    blkif_fe_driver_status_t *msg = (void*)cmsg.msg;
-    
-    msg->status = (ok ? BLKIF_DRIVER_STATUS_UP : BLKIF_DRIVER_STATUS_DOWN);
-
-    ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
-}
-
-/* Tell the controller to bring up the interface. */
-static void blkif_send_interface_connect(void)
-{
-    ctrl_msg_t cmsg = {
-        .type    = CMSG_BLKIF_FE,
-        .subtype = CMSG_BLKIF_FE_INTERFACE_CONNECT,
-        .length  = sizeof(blkif_fe_interface_connect_t),
-    };
-    blkif_fe_interface_connect_t *msg = (void*)cmsg.msg;
-    
-    msg->handle      = 0;
-    msg->shmem_frame = (virt_to_machine(blk_ring.sring) >> PAGE_SHIFT);
-    
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    msg->shmem_ref   = gnttab_claim_grant_reference( &gref_head, gref_terminal 
);
-    ASSERT( msg->shmem_ref != -ENOSPC );
-    gnttab_grant_foreign_access_ref ( msg->shmem_ref , rdomid, 
msg->shmem_frame, 0 );
-#endif
-
-    ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
-}
-
 static void blkif_free(void)
 {
     /* Prevent new requests being issued until we fix things up. */
     spin_lock_irq(&blkif_io_lock);
-    recovery = 1;
     blkif_state = BLKIF_STATE_DISCONNECTED;
     spin_unlock_irq(&blkif_io_lock);
 
@@ -1160,31 +1008,6 @@
     }
     unbind_evtchn_from_irqhandler(blkif_evtchn, NULL);
     blkif_evtchn = 0;
-}
-
-static void blkif_close(void)
-{
-}
-
-/* Move from CLOSED to DISCONNECTED state. */
-static void blkif_disconnect(void)
-{
-    blkif_sring_t *sring;
-    
-    if ( blk_ring.sring != NULL )
-        free_page((unsigned long)blk_ring.sring);
-    
-    sring = (blkif_sring_t *)__get_free_page(GFP_KERNEL);
-    SHARED_RING_INIT(sring);
-    FRONT_RING_INIT(&blk_ring, sring, PAGE_SIZE);
-    blkif_state  = BLKIF_STATE_DISCONNECTED;
-    blkif_send_interface_connect();
-}
-
-static void blkif_reset(void)
-{
-    blkif_free();
-    blkif_disconnect();
 }
 
 static void blkif_recover(void)
@@ -1257,11 +1080,14 @@
     blkif_state = BLKIF_STATE_CONNECTED;
 }
 
-static void blkif_connect(blkif_fe_interface_status_t *status)
+static void blkif_connect(u16 evtchn, domid_t domid)
 {
     int err = 0;
 
-    blkif_evtchn = status->evtchn;
+    blkif_evtchn = evtchn;
+#ifdef CONFIG_XEN_BLKDEV_GRANT
+    rdomid       = domid;
+#endif
 
     err = bind_evtchn_to_irqhandler(
         blkif_evtchn, blkif_int, SA_SAMPLE_RANDOM, "blkif", NULL);
@@ -1270,142 +1096,318 @@
         WPRINTK("bind_evtchn_to_irqhandler failed (err=%d)\n", err);
         return;
     }
-
-    if ( recovery ) 
-    {
-        blkif_recover();
-    } 
-    else 
-    {
-        /* Transition to connected in case we need to do 
-         *  a partition probe on a whole disk. */
-        blkif_state = BLKIF_STATE_CONNECTED;
-        
-        /* Probe for discs attached to the interface. */
-        xlvbd_init();
-    }
-    
-    /* Kick pending requests. */
-    spin_lock_irq(&blkif_io_lock);
-    kick_pending_request_queues();
-    spin_unlock_irq(&blkif_io_lock);
-}
-
-static void unexpected(blkif_fe_interface_status_t *status)
-{
-    DPRINTK(" Unexpected blkif status %u in state %u\n", 
-            status->status, blkif_state);
-}
-
-static void blkif_status(blkif_fe_interface_status_t *status)
-{
+}
+
+
+static struct xenbus_device_id blkfront_ids[] = {
+       { "vbd" },
+       { "" }
+};
+
+struct blkfront_info
+{
+       /* We watch the backend */
+       struct xenbus_watch watch;
+       int vdevice;
+       u16 handle;
+       int connected;
+       struct xenbus_device *dev;
+       char *backend;
+};
+
+static void watch_for_status(struct xenbus_watch *watch, const char *node)
+{
+       struct blkfront_info *info;
+       unsigned int binfo;
+       unsigned long sectors, sector_size;
+       int err;
+
+       info = container_of(watch, struct blkfront_info, watch);
+       node += strlen(watch->node);
+
+       /* FIXME: clean up when error on the other end. */
+       if (info->connected)
+               return;
+
+       err = xenbus_gather(watch->node, 
+                           "sectors", "%lu", &sectors,
+                           "info", "%u", &binfo,
+                           "sector-size", "%lu", &sector_size,
+                           NULL);
+
+       if (err)
+               xenbus_dev_error(info->dev, err, "reading backend fields");
+       else {
+               xlvbd_add(sectors, info->vdevice, info->handle, binfo,
+                         sector_size);
+               info->connected = 1;
+
+               /* First to connect?  blkif is now connected. */
+               if (blkif_vbds_connected++ == 0)
+                       blkif_state = BLKIF_STATE_CONNECTED;
+
+               xenbus_dev_ok(info->dev);
+
+               /* Kick pending requests. */
+               spin_lock_irq(&blkif_io_lock);
+               kick_pending_request_queues();
+               spin_unlock_irq(&blkif_io_lock);
+       }
+}
+
+static int setup_blkring(struct xenbus_device *dev, unsigned int backend_id)
+{
+       blkif_sring_t *sring;
+       evtchn_op_t op = { .cmd = EVTCHNOP_alloc_unbound };
+       int err;
+
+       sring = (void *)__get_free_page(GFP_KERNEL);
+       if (!sring) {
+               xenbus_dev_error(dev, -ENOMEM, "allocating shared ring");
+               return -ENOMEM;
+       }
+       SHARED_RING_INIT(sring);
+       FRONT_RING_INIT(&blk_ring, sring, PAGE_SIZE);
+
 #ifdef CONFIG_XEN_BLKDEV_GRANT
-    rdomid       = status->domid; /* need to set rdomid early */
-#endif
-
-    if ( status->handle != blkif_handle )
-    {
-        WPRINTK(" Invalid blkif: handle=%u\n", status->handle);
-        unexpected(status);
-        return;
-    }
-
-    switch ( status->status ) 
-    {
-    case BLKIF_INTERFACE_STATUS_CLOSED:
-        switch ( blkif_state )
-        {
-        case BLKIF_STATE_CLOSED:
-            unexpected(status);
-            break;
-        case BLKIF_STATE_DISCONNECTED:
-        case BLKIF_STATE_CONNECTED:
-            unexpected(status);
-            blkif_close();
-            break;
-        }
-        break;
-
-    case BLKIF_INTERFACE_STATUS_DISCONNECTED:
-        switch ( blkif_state )
-        {
-        case BLKIF_STATE_CLOSED:
-            blkif_disconnect();
-            break;
-        case BLKIF_STATE_DISCONNECTED:
-        case BLKIF_STATE_CONNECTED:
-            /* unexpected(status); */ /* occurs during suspend/resume */
-            blkif_reset();
-            break;
-        }
-        break;
-
-    case BLKIF_INTERFACE_STATUS_CONNECTED:
-        switch ( blkif_state )
-        {
-        case BLKIF_STATE_CLOSED:
-            unexpected(status);
-            blkif_disconnect();
-            blkif_connect(status);
-            break;
-        case BLKIF_STATE_DISCONNECTED:
-            blkif_connect(status);
-            break;
-        case BLKIF_STATE_CONNECTED:
-            unexpected(status);
-            blkif_connect(status);
-            break;
-        }
-        break;
-
-    case BLKIF_INTERFACE_STATUS_CHANGED:
-        switch ( blkif_state )
-        {
-        case BLKIF_STATE_CLOSED:
-        case BLKIF_STATE_DISCONNECTED:
-            unexpected(status);
-            break;
-        case BLKIF_STATE_CONNECTED:
-            vbd_update();
-            break;
-        }
-        break;
-
-    default:
-        WPRINTK(" Invalid blkif status: %d\n", status->status);
-        break;
-    }
-}
-
-
-static void blkif_ctrlif_rx(ctrl_msg_t *msg, unsigned long id)
-{
-    switch ( msg->subtype )
-    {
-    case CMSG_BLKIF_FE_INTERFACE_STATUS:
-        blkif_status((blkif_fe_interface_status_t *)
-                     &msg->msg[0]);
-        break;
-    default:
-        msg->length = 0;
-        break;
-    }
-
-    ctrl_if_send_response(msg);
-}
-
-int wait_for_blkif(void)
+       shmem_ref = gnttab_claim_grant_reference(&gref_head,
+                                                gref_terminal);
+       ASSERT(shmem_ref != -ENOSPC);
+       gnttab_grant_foreign_access_ref(shmem_ref,
+                                       backend_id,
+                                       virt_to_mfn(blk_ring.sring),
+                                       0);
+#endif
+
+       op.u.alloc_unbound.dom = backend_id;
+       err = HYPERVISOR_event_channel_op(&op);
+       if (err) {
+               free_page((unsigned long)blk_ring.sring);
+               blk_ring.sring = 0;
+               xenbus_dev_error(dev, err, "allocating event channel");
+               return err;
+       }
+       blkif_connect(op.u.alloc_unbound.port, backend_id);
+       return 0;
+}
+
+/* Common code used when first setting up, and when resuming. */
+static int talk_to_backend(struct xenbus_device *dev,
+                          struct blkfront_info *info)
+{
+       char *backend;
+       const char *message;
+       int err, backend_id;
+
+       backend = xenbus_read(dev->nodename, "backend", NULL);
+       if (IS_ERR(backend)) {
+               err = PTR_ERR(backend);
+               if (err == -ENOENT)
+                       goto out;
+               xenbus_dev_error(dev, err, "reading %s/backend",
+                                dev->nodename);
+               goto out;
+       }
+       if (strlen(backend) == 0) {
+               err = -ENOENT;
+               goto free_backend;
+       }
+
+       /* FIXME: This driver can't handle backends on different
+        * domains.  Check and fail gracefully. */
+       err = xenbus_scanf(dev->nodename, "backend-id", "%i", &backend_id);
+       if (err == -ENOENT)
+               goto free_backend;
+       if (err < 0) {
+               xenbus_dev_error(dev, err, "reading %s/backend-id",
+                                dev->nodename);
+               goto free_backend;
+       }
+
+       /* First device?  We create shared ring, alloc event channel. */
+       if (blkif_vbds == 0) {
+               err = setup_blkring(dev, backend_id);
+               if (err)
+                       goto free_backend;
+       }
+
+       err = xenbus_transaction_start(dev->nodename);
+       if (err) {
+               xenbus_dev_error(dev, err, "starting transaction");
+               goto destroy_blkring;
+       }
+
+#ifdef CONFIG_XEN_BLKDEV_GRANT
+       err = xenbus_printf(dev->nodename, "grant-id","%u", shmem_ref);
+       if (err) {
+               message = "writing grant-id";
+               goto abort_transaction;
+       }
+#else
+       err = xenbus_printf(dev->nodename, "shared-frame", "%lu",
+                           virt_to_mfn(blk_ring.sring));
+       if (err) {
+               message = "writing shared-frame";
+               goto abort_transaction;
+       }
+#endif
+       err = xenbus_printf(dev->nodename,
+                           "event-channel", "%u", blkif_evtchn);
+       if (err) {
+               message = "writing event-channel";
+               goto abort_transaction;
+       }
+
+       info->watch.node = info->backend = backend;
+       info->watch.callback = watch_for_status;
+
+       err = register_xenbus_watch(&info->watch);
+       if (err) {
+               message = "registering watch on backend";
+               goto abort_transaction;
+       }
+
+       err = xenbus_transaction_end(0);
+       if (err) {
+               xenbus_dev_error(dev, err, "completing transaction");
+               goto destroy_blkring;
+       }
+       return 0;
+
+abort_transaction:
+       xenbus_transaction_end(1);
+       /* Have to do this *outside* transaction.  */
+       xenbus_dev_error(dev, err, "%s", message);
+destroy_blkring:
+       if (blkif_vbds == 0)
+               blkif_free();
+free_backend:
+       kfree(backend);
+out:
+       printk("%s:%u = %i\n", __FILE__, __LINE__, err);
+       return err;
+}
+
+/* Setup supplies the backend dir, virtual device.
+
+   We place an event channel and shared frame entries.
+   We watch backend to wait if it's ok. */
+static int blkfront_probe(struct xenbus_device *dev,
+                         const struct xenbus_device_id *id)
+{
+       int err;
+       struct blkfront_info *info;
+       int vdevice;
+
+       /* FIXME: Use dynamic device id if this is not set. */
+       err = xenbus_scanf(dev->nodename, "virtual-device", "%i", &vdevice);
+       if (err == -ENOENT)
+               return err;
+       if (err < 0) {
+               xenbus_dev_error(dev, err, "reading virtual-device");
+               return err;
+       }
+
+       info = kmalloc(sizeof(*info), GFP_KERNEL);
+       if (!info) {
+               xenbus_dev_error(dev, err, "allocating info structure");
+               return err;
+       }
+       info->dev = dev;
+       info->vdevice = vdevice;
+       info->connected = 0;
+       /* Front end dir is a number, which is used as the id. */
+       info->handle = simple_strtoul(strrchr(dev->nodename,'/')+1, NULL, 0);
+       dev->data = info;
+
+       err = talk_to_backend(dev, info);
+       if (err) {
+               kfree(info);
+               return err;
+       }
+
+       /* Call once in case entries already there. */
+       watch_for_status(&info->watch, info->watch.node);
+       blkif_vbds++;
+       return 0;
+}
+
+static int blkfront_remove(struct xenbus_device *dev)
+{
+       struct blkfront_info *info = dev->data;
+
+       if (info->backend)
+               unregister_xenbus_watch(&info->watch);
+
+       if (info->connected) {
+               xlvbd_del(info->handle);
+               blkif_vbds_connected--;
+       }
+       kfree(info->backend);
+       kfree(info);
+
+       if (--blkif_vbds == 0)
+               blkif_free();
+
+       return 0;
+}
+
+static int blkfront_suspend(struct xenbus_device *dev)
+{
+       struct blkfront_info *info = dev->data;
+
+       unregister_xenbus_watch(&info->watch);
+       kfree(info->backend);
+       info->backend = NULL;
+
+       if (--blkif_vbds == 0) {
+               recovery = 1;
+               blkif_free();
+       }
+
+       return 0;
+}
+
+static int blkfront_resume(struct xenbus_device *dev)
+{
+       struct blkfront_info *info = dev->data;
+       int err;
+
+       /* FIXME: Check geometry hasn't changed here... */
+       err = talk_to_backend(dev, info);
+       if (!err) {
+               if (blkif_vbds++ == 0)
+                       blkif_recover();
+       }
+       return err;
+}
+
+static struct xenbus_driver blkfront = {
+       .name = "vbd",
+       .owner = THIS_MODULE,
+       .ids = blkfront_ids,
+       .probe = blkfront_probe,
+       .remove = blkfront_remove,
+       .resume = blkfront_resume,
+       .suspend = blkfront_suspend,
+};
+
+static void __init init_blk_xenbus(void)
+{
+       xenbus_register_device(&blkfront);
+}
+
+static int wait_for_blkif(void)
 {
     int err = 0;
     int i;
-    send_driver_status(1);
 
     /*
      * We should read 'nr_interfaces' from response message and wait
      * for notifications before proceeding. For now we assume that we
      * will be notified of exactly one interface.
      */
-    for ( i=0; (blkif_state != BLKIF_STATE_CONNECTED) && (i < 10*HZ); i++ )
+    for ( i=0; blkif_state != BLKIF_STATE_CONNECTED && (i < 10*HZ); i++ )
     {
         set_current_state(TASK_INTERRUPTIBLE);
         schedule_timeout(1);
@@ -1419,7 +1421,7 @@
     return err;
 }
 
-int __init xlblk_init(void)
+static int __init xlblk_init(void)
 {
     int i;
 
@@ -1443,27 +1445,11 @@
         blk_shadow[i].req.id = i+1;
     blk_shadow[BLK_RING_SIZE-1].req.id = 0x0fffffff;
 
-    (void)ctrl_if_register_receiver(CMSG_BLKIF_FE, blkif_ctrlif_rx,
-                                    CALLBACK_IN_BLOCKING_CONTEXT);
+    init_blk_xenbus();
 
     wait_for_blkif();
 
     return 0;
-}
-
-void blkdev_suspend(void)
-{
-}
-
-void blkdev_resume(void)
-{
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    int i, j;
-    for ( i = 0; i < BLK_RING_SIZE; i++ )
-        for ( j = 0; j < BLKIF_MAX_SEGMENTS_PER_REQUEST; j++ )
-            blk_shadow[i].req.frame_and_sects[j] |= GRANTREF_INVALID;
-#endif
-    send_driver_status(1);
 }
 
 static void blkif_completion(struct blk_shadow *s)
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkfront/block.h
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/block.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/block.h Fri Aug 19 18:19:28 2005
@@ -100,6 +100,7 @@
 
 struct xlbd_disk_info {
     int xd_device;
+    blkif_vdev_t handle;
     struct xlbd_major_info *mi;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
     struct xlbd_disk_info  *next_waiting;
@@ -119,17 +120,10 @@
                        unsigned command, unsigned long argument);
 extern int blkif_check(dev_t dev);
 extern int blkif_revalidate(dev_t dev);
-extern void blkif_control_send(blkif_request_t *req, blkif_response_t *rsp);
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-extern void blkif_control_probe_send(
-    blkif_request_t *req, blkif_response_t *rsp, unsigned long address);
-#endif
 extern void do_blkif_request (request_queue_t *rq); 
 
-extern void xlvbd_update_vbds(void);
-
 /* Virtual block-device subsystem. */
-extern int  xlvbd_init(void);
-extern void xlvbd_cleanup(void); 
-
+int xlvbd_add(blkif_sector_t capacity, int device, blkif_vdev_t handle,
+             u16 info, u16 sector_size);
+void xlvbd_del(blkif_vdev_t handle);
 #endif /* __XEN_DRIVERS_BLOCK_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkfront/vbd.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/vbd.c   Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/vbd.c   Fri Aug 19 18:19:28 2005
@@ -46,8 +46,9 @@
 struct lvdisk
 {
     blkif_sector_t capacity; /*  0: Size in terms of 512-byte sectors.   */
-    blkif_vdev_t   device;   /*  8: Device number (opaque 16 bit value). */
-    u16            info; 
+    blkif_vdev_t   handle;   /*  8: Device number (opaque 16 bit value). */
+    u16            info;
+    dev_t          dev;
     struct list_head list;
 };
 
@@ -85,7 +86,7 @@
 
 /* Information about our VBDs. */
 #define MAX_VBDS 64
-struct list_head vbds_list;
+static LIST_HEAD(vbds_list);
 
 #define MAJOR_XEN(dev) ((dev)>>8)
 #define MINOR_XEN(dev) ((dev) & 0xff)
@@ -116,49 +117,6 @@
 {
     list_del(&disk->list);
     kfree(disk);
-}
-
-static vdisk_t *xlvbd_probe(int *ret)
-{
-    blkif_response_t rsp;
-    blkif_request_t req;
-    vdisk_t *disk_info = NULL;
-    unsigned long buf;
-    int nr;
-
-    buf = __get_free_page(GFP_KERNEL);
-    if ((void *)buf == NULL)
-        goto out;
-
-    memset(&req, 0, sizeof(req));
-    req.operation = BLKIF_OP_PROBE;
-    req.nr_segments = 1;
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-    blkif_control_probe_send(&req, &rsp,
-                             (unsigned long)(virt_to_machine(buf)));
-#else
-    req.frame_and_sects[0] = blkif_fas(virt_to_machine(buf), 0, 
(PAGE_SIZE/512)-1);
-
-    blkif_control_send(&req, &rsp);
-#endif
-    if ( rsp.status <= 0 ) {
-        WPRINTK("Could not probe disks (%d)\n", rsp.status);
-        goto out;
-    }
-    nr = rsp.status;
-    if ( nr > MAX_VBDS )
-        nr = MAX_VBDS;
-
-    disk_info = kmalloc(nr * sizeof(vdisk_t), GFP_KERNEL);
-    if (disk_info != NULL)
-        memcpy(disk_info, (void *) buf, nr * sizeof(vdisk_t));
-
-    if (ret != NULL)
-        *ret = nr;
-
-out:
-    free_page(buf);
-    return disk_info;
 }
 
 static struct xlbd_major_info *xlbd_alloc_major_info(
@@ -189,6 +147,7 @@
         break;
     }
     
+    printk("Registering block device major %i\n", ptr->major);
     if (register_blkdev(ptr->major, ptr->type->devname)) {
         WPRINTK("can't get major %d with name %s\n",
                 ptr->major, ptr->type->devname);
@@ -231,7 +190,7 @@
             xlbd_alloc_major_info(major, minor, index));
 }
 
-static int xlvbd_init_blk_queue(struct gendisk *gd, vdisk_t *disk)
+static int xlvbd_init_blk_queue(struct gendisk *gd, u16 sector_size)
 {
     request_queue_t *rq;
 
@@ -242,7 +201,7 @@
     elevator_init(rq, "noop");
 
     /* Hard sector size and max sectors impersonate the equiv. hardware. */
-    blk_queue_hardsect_size(rq, disk->sector_size);
+    blk_queue_hardsect_size(rq, sector_size);
     blk_queue_max_sectors(rq, 512);
 
     /* Each segment in a request is up to an aligned page in size. */
@@ -261,8 +220,9 @@
     return 0;
 }
 
-struct gendisk *xlvbd_alloc_gendisk(
-    struct xlbd_major_info *mi, int minor, vdisk_t *disk)
+static struct gendisk *xlvbd_alloc_gendisk(
+    struct xlbd_major_info *mi, int minor, blkif_sector_t capacity,
+    int device, blkif_vdev_t handle, u16 info, u16 sector_size)
 {
     struct gendisk *gd;
     struct xlbd_disk_info *di;
@@ -273,7 +233,8 @@
         return NULL;
     memset(di, 0, sizeof(*di));
     di->mi = mi;
-    di->xd_device = disk->device;
+    di->xd_device = device;
+    di->handle = handle;
 
     if ((minor & ((1 << mi->type->partn_shift) - 1)) == 0)
         nr_minors = 1 << mi->type->partn_shift;
@@ -296,22 +257,22 @@
     gd->first_minor = minor;
     gd->fops = &xlvbd_block_fops;
     gd->private_data = di;
-    set_capacity(gd, disk->capacity);
-
-    if (xlvbd_init_blk_queue(gd, disk)) {
+    set_capacity(gd, capacity);
+
+    if (xlvbd_init_blk_queue(gd, sector_size)) {
         del_gendisk(gd);
         goto out;
     }
 
     di->rq = gd->queue;
 
-    if (disk->info & VDISK_READONLY)
+    if (info & VDISK_READONLY)
         set_disk_ro(gd, 1);
 
-    if (disk->info & VDISK_REMOVABLE)
+    if (info & VDISK_REMOVABLE)
         gd->flags |= GENHD_FL_REMOVABLE;
 
-    if (disk->info & VDISK_CDROM)
+    if (info & VDISK_CDROM)
         gd->flags |= GENHD_FL_CD;
 
     add_disk(gd);
@@ -323,38 +284,36 @@
     return NULL;
 }
 
-static int xlvbd_device_add(struct list_head *list, vdisk_t *disk)
+int xlvbd_add(blkif_sector_t capacity, int device, blkif_vdev_t handle,
+             u16 info, u16 sector_size)
 {
     struct lvdisk *new;
-    int minor;
-    dev_t device;
     struct block_device *bd;
     struct gendisk *gd;
     struct xlbd_major_info *mi;
 
-    mi = xlbd_get_major_info(disk->device);
+    mi = xlbd_get_major_info(device);
     if (mi == NULL)
         return -EPERM;
 
     new = xlvbd_device_alloc();
     if (new == NULL)
-        return -1;
-    new->capacity = disk->capacity;
-    new->device = disk->device;
-    new->info = disk->info;
-    
-    minor = MINOR_XEN(disk->device);
-    device = MKDEV(mi->major, minor);
-    
-    bd = bdget(device);
+        return -ENOMEM;
+    new->capacity = capacity;
+    new->info = info;
+    new->handle = handle;
+    new->dev = MKDEV(MAJOR_XEN(device), MINOR_XEN(device));
+
+    bd = bdget(new->dev);
     if (bd == NULL)
         goto out;
     
-    gd = xlvbd_alloc_gendisk(mi, minor, disk);
+    gd = xlvbd_alloc_gendisk(mi, MINOR_XEN(device), capacity, device, handle,
+                            info, sector_size);
     if (gd == NULL)
         goto out_bd;
 
-    list_add(&new->list, list);
+    list_add(&new->list, &vbds_list);
 out_bd:
     bdput(bd);
 out:
@@ -363,27 +322,26 @@
 
 static int xlvbd_device_del(struct lvdisk *disk)
 {
-    dev_t device;
     struct block_device *bd;
     struct gendisk *gd;
     struct xlbd_disk_info *di;
     int ret = 0, unused;
     request_queue_t *rq;
 
-    device = MKDEV(MAJOR_XEN(disk->device), MINOR_XEN(disk->device));
-
-    bd = bdget(device);
+    bd = bdget(disk->dev);
     if (bd == NULL)
         return -1;
 
-    gd = get_gendisk(device, &unused);
+    gd = get_gendisk(disk->dev, &unused);
     di = gd->private_data;
 
+#if 0 /* This is wrong: hda and hdb share same major, for example. */
     if (di->mi->usage != 0) {
-        WPRINTK("disk removal failed: used [dev=%x]\n", device);
+        WPRINTK("disk removal failed: used [dev=%x]\n", disk->dev);
         ret = -1;
         goto out;
     }
+#endif
 
     rq = gd->queue;
     del_gendisk(gd);
@@ -391,110 +349,19 @@
     blk_cleanup_queue(rq);
 
     xlvbd_device_free(disk);
-out:
     bdput(bd);
     return ret;
 }
 
-static int xlvbd_device_update(struct lvdisk *ldisk, vdisk_t *disk)
-{
-    dev_t device;
-    struct block_device *bd;
-    struct gendisk *gd;
-    int unused;
-
-    if ((ldisk->capacity == disk->capacity) && (ldisk->info == disk->info))
-        return 0;    
-
-    device = MKDEV(MAJOR_XEN(ldisk->device), MINOR_XEN(ldisk->device));
-
-    bd = bdget(device);
-    if (bd == NULL)
-        return -1;
-
-    gd = get_gendisk(device, &unused);
-    set_capacity(gd, disk->capacity);    
-    ldisk->capacity = disk->capacity;
-
-    bdput(bd);
-
-    return 0;
-}
-
-void xlvbd_refresh(void)
-{
-    vdisk_t *newdisks;
-    struct list_head *tmp, *tmp2;
-    struct lvdisk *disk;
-    int i, nr;
-
-    newdisks = xlvbd_probe(&nr);
-    if (newdisks == NULL) {
-        WPRINTK("failed to probe\n");
-        return;
-    }
-    
-    i = 0;
-    list_for_each_safe(tmp, tmp2, &vbds_list) {
-        disk = list_entry(tmp, struct lvdisk, list);
-        
-        for (i = 0; i < nr; i++) {
-            if ( !newdisks[i].device )
-                continue;
-            if ( disk->device == newdisks[i].device ) {
-                xlvbd_device_update(disk, &newdisks[i]);
-                newdisks[i].device = 0;
-                break;
-            }
-        }
-        if (i == nr) {
-            xlvbd_device_del(disk);
-            newdisks[i].device = 0;
-        }
-    }
-    for (i = 0; i < nr; i++)
-        if ( newdisks[i].device )
-            xlvbd_device_add(&vbds_list, &newdisks[i]);
-    kfree(newdisks);
-}
-
-/*
- * xlvbd_update_vbds - reprobes the VBD status and performs updates driver
- * state. The VBDs need to be updated in this way when the domain is
- * initialised and also each time we receive an XLBLK_UPDATE event.
- */
-void xlvbd_update_vbds(void)
-{
-    xlvbd_refresh();
-}
-
-/*
- * Set up all the linux device goop for the virtual block devices
- * (vbd's) that we know about. Note that although from the backend
- * driver's p.o.v. VBDs are addressed simply an opaque 16-bit device
- * number, the domain creation tools conventionally allocate these
- * numbers to correspond to those used by 'real' linux -- this is just
- * for convenience as it means e.g. that the same /etc/fstab can be
- * used when booting with or without Xen.
- */
-int xlvbd_init(void)
-{
-    int i, nr;
-    vdisk_t *disks;
-
-    INIT_LIST_HEAD(&vbds_list);
-
-    memset(major_info, 0, sizeof(major_info));
-    
-    disks = xlvbd_probe(&nr);
-    if (disks == NULL) {
-        WPRINTK("failed to probe\n");
-        return -1;
-    }
-
-    for (i = 0; i < nr; i++)
-        xlvbd_device_add(&vbds_list, &disks[i]);
-
-    kfree(disks);
-    return 0;
-}
+void xlvbd_del(blkif_vdev_t handle)
+{
+       struct lvdisk *i;
+
+       list_for_each_entry(i, &vbds_list, list) {
+               if (i->handle == handle) {
+                       xlvbd_device_del(i);
+                       return;
+               }
+       }
+       BUG();
+}
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blktap/blktap.h
--- a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.h  Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.h  Fri Aug 19 18:19:28 2005
@@ -87,7 +87,7 @@
     struct work_struct work;
 #ifdef CONFIG_XEN_BLKDEV_GRANT
     u16 shmem_handle;
-    memory_t shmem_vaddr;
+    unsigned long shmem_vaddr;
     grant_ref_t shmem_ref;
 #endif
 } blkif_t;
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blktap/blktap_controlmsg.c
--- a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap_controlmsg.c       Thu Aug 
18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap_controlmsg.c       Fri Aug 
19 18:19:28 2005
@@ -320,7 +320,7 @@
     };
     blkif_fe_interface_connect_t *msg = (void*)cmsg.msg;
     msg->handle      = 0;
-    msg->shmem_frame = virt_to_machine(blktap_be_ring.sring) >> PAGE_SHIFT;
+    msg->shmem_frame = virt_to_mfn(blktap_be_ring.sring);
     
     ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
 }
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/netback/common.h
--- a/linux-2.6-xen-sparse/drivers/xen/netback/common.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netback/common.h Fri Aug 19 18:19:28 2005
@@ -49,13 +49,13 @@
     unsigned long    tx_shmem_frame;
 #ifdef CONFIG_XEN_NETDEV_GRANT_TX
     u16              tx_shmem_handle;
-    memory_t         tx_shmem_vaddr; 
+    unsigned long    tx_shmem_vaddr; 
     grant_ref_t      tx_shmem_ref; 
 #endif
     unsigned long    rx_shmem_frame;
 #ifdef CONFIG_XEN_NETDEV_GRANT_RX
     u16              rx_shmem_handle;
-    memory_t         rx_shmem_vaddr; 
+    unsigned long    rx_shmem_vaddr; 
     grant_ref_t      rx_shmem_ref; 
 #endif
     unsigned int     evtchn;
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/netback/netback.c
--- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c        Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c        Fri Aug 19 
18:19:28 2005
@@ -43,7 +43,7 @@
 static int  make_rx_response(netif_t *netif, 
                              u16      id, 
                              s8       st,
-                             memory_t addr,
+                             unsigned long addr,
                              u16      size,
                              u16      csum_valid);
 
@@ -251,7 +251,7 @@
 #else
     struct mmuext_op *mmuext;
 #endif
-    unsigned long vdata, mdata, new_mfn;
+    unsigned long vdata, old_mfn, new_mfn;
     struct sk_buff_head rxq;
     struct sk_buff *skb;
     u16 notify_list[NETIF_RX_RING_SIZE];
@@ -271,7 +271,7 @@
     {
         netif   = netdev_priv(skb->dev);
         vdata   = (unsigned long)skb->data;
-        mdata   = virt_to_machine(vdata);
+        old_mfn = virt_to_mfn(vdata);
 
         /* Memory squeeze? Back off for an arbitrary while. */
         if ( (new_mfn = alloc_mfn()) == 0 )
@@ -293,7 +293,7 @@
         mcl++;
 
 #ifdef CONFIG_XEN_NETDEV_GRANT_RX
-        gop->mfn = mdata >> PAGE_SHIFT;
+        gop->mfn = old_mfn;
         gop->domid = netif->domid;
         gop->handle = netif->rx->ring[
         MASK_NETIF_RX_IDX(netif->rx_resp_prod_copy)].req.gref;
@@ -308,7 +308,7 @@
         mcl++;
 
         mmuext->cmd = MMUEXT_REASSIGN_PAGE;
-        mmuext->mfn = mdata >> PAGE_SHIFT;
+        mmuext->mfn = old_mfn;
         mmuext++;
 #endif
         mmu->ptr = (new_mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE;
@@ -318,7 +318,7 @@
         __skb_queue_tail(&rxq, skb);
 
 #ifdef DEBUG_GRANT
-        dump_packet('a', mdata, vdata);
+        dump_packet('a', old_mfn, vdata);
 #endif
         /* Filled the batch queue? */
         if ( (mcl - rx_mcl) == ARRAY_SIZE(rx_mcl) )
@@ -345,10 +345,8 @@
 
     mcl = rx_mcl;
 #ifdef CONFIG_XEN_NETDEV_GRANT_RX
-    if (unlikely(HYPERVISOR_grant_table_op(GNTTABOP_donate,
-                                           grant_rx_op, gop - grant_rx_op))) {
-        BUG();
-    }
+    BUG_ON(HYPERVISOR_grant_table_op(
+        GNTTABOP_donate, grant_rx_op, gop - grant_rx_op));
     gop = grant_rx_op;
 #else
     mmuext = rx_mmuext;
@@ -361,10 +359,9 @@
         /* Rederive the machine addresses. */
         new_mfn = mcl[0].args[1] >> PAGE_SHIFT;
 #ifdef CONFIG_XEN_NETDEV_GRANT_RX
-        mdata = (unsigned long)skb->data & ~PAGE_MASK;
-#else
-        mdata   = ((mmuext[0].mfn << PAGE_SHIFT) |
-                   ((unsigned long)skb->data & ~PAGE_MASK));
+        old_mfn = 0; /* XXX Fix this so we can free_mfn() on error! */
+#else
+        old_mfn = mmuext[0].mfn;
 #endif
         atomic_set(&(skb_shinfo(skb)->dataref), 1);
         skb_shinfo(skb)->nr_frags = 0;
@@ -379,18 +376,20 @@
         /* Check the reassignment error code. */
         status = NETIF_RSP_OKAY;
 #ifdef CONFIG_XEN_NETDEV_GRANT_RX
-        BUG_ON(gop->status != 0);
+        BUG_ON(gop->status != 0); /* XXX */
 #else
         if ( unlikely(mcl[1].result != 0) )
         {
             DPRINTK("Failed MMU update transferring to DOM%u\n", netif->domid);
-            free_mfn(mdata >> PAGE_SHIFT);
+            free_mfn(old_mfn);
             status = NETIF_RSP_ERROR;
         }
 #endif
         evtchn = netif->evtchn;
         id = netif->rx->ring[MASK_NETIF_RX_IDX(netif->rx_resp_prod)].req.id;
-        if ( make_rx_response(netif, id, status, mdata,
+        if ( make_rx_response(netif, id, status,
+                              (old_mfn << PAGE_SHIFT) | /* XXX */
+                              ((unsigned long)skb->data & ~PAGE_MASK),
                               size, skb->proto_csum_valid) &&
              (rx_notify[evtchn] == 0) )
         {
@@ -888,7 +887,7 @@
 static int make_rx_response(netif_t *netif, 
                             u16      id, 
                             s8       st,
-                            memory_t addr,
+                            unsigned long addr,
                             u16      size,
                             u16      csum_valid)
 {
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c      Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c      Fri Aug 19 
18:19:28 2005
@@ -448,11 +448,10 @@
         }
         grant_rx_ref[id] = ref;
         gnttab_grant_foreign_transfer_ref(ref, rdomid,
-                                          virt_to_machine(
-                                              skb->head) >> PAGE_SHIFT);
+                                          virt_to_mfn(skb->head));
         np->rx->ring[MASK_NETIF_RX_IDX(req_prod + i)].req.gref = ref;
 #endif
-        rx_pfn_array[i] = virt_to_machine(skb->head) >> PAGE_SHIFT;
+        rx_pfn_array[i] = virt_to_mfn(skb->head);
 
        /* Remove this page from pseudo phys map before passing back to Xen. */
        phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] 
@@ -543,13 +542,14 @@
         printk(KERN_ALERT "#### netfront can't claim tx grant reference\n");
         BUG();
     }
-    mfn = virt_to_machine(skb->data) >> PAGE_SHIFT;
+    mfn = virt_to_mfn(skb->data);
     gnttab_grant_foreign_access_ref(ref, rdomid, mfn, GNTMAP_readonly);
-    tx->addr = (ref << PAGE_SHIFT) | ((unsigned long)skb->data & ~PAGE_MASK);
+    tx->addr = ref << PAGE_SHIFT;
     grant_tx_ref[id] = ref;
 #else
-    tx->addr = virt_to_machine(skb->data);
-#endif
+    tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT;
+#endif
+    tx->addr |= (unsigned long)skb->data & ~PAGE_MASK;
     tx->size = skb->len;
     tx->csum_blank = (skb->ip_summed == CHECKSUM_HW);
 
@@ -720,7 +720,7 @@
     while ((skb = __skb_dequeue(&rxq)) != NULL) {
 #ifdef GRANT_DEBUG
         printk(KERN_ALERT "#### rx_poll     dequeue vdata=%p mfn=%lu\n",
-               skb->data, virt_to_machine(skb->data)>>PAGE_SHIFT);
+               skb->data, virt_to_mfn(skb->data));
         dump_packet('d', skb->data, (unsigned long)skb->data);
 #endif
         /*
@@ -854,18 +854,23 @@
      * interface has been down.
      */
     for (requeue_idx = 0, i = 1; i <= NETIF_TX_RING_SIZE; i++) {
-            if ((unsigned long)np->tx_skbs[i] >= __PAGE_OFFSET) {
-                struct sk_buff *skb = np->tx_skbs[i];
-                
-                tx = &np->tx->ring[requeue_idx++].req;
-                
-                tx->id   = i;
-                tx->addr = virt_to_machine(skb->data);
-                tx->size = skb->len;
-                
-                np->stats.tx_bytes += skb->len;
-                np->stats.tx_packets++;
-            }
+        if ((unsigned long)np->tx_skbs[i] >= __PAGE_OFFSET) {
+            struct sk_buff *skb = np->tx_skbs[i];
+
+            tx = &np->tx->ring[requeue_idx++].req;
+
+            tx->id   = i;
+#ifdef CONFIG_XEN_NETDEV_GRANT_TX
+            tx->addr = 0; /*(ref << PAGE_SHIFT) |*/
+#else
+            tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT;
+#endif
+            tx->addr |= (unsigned long)skb->data & ~PAGE_MASK;
+            tx->size = skb->len;
+
+            np->stats.tx_bytes += skb->len;
+            np->stats.tx_packets++;
+        }
     }
     wmb();
     np->tx->req_prod = requeue_idx;
@@ -922,7 +927,7 @@
     netif_fe_interface_connect_t *msg = (void*)cmsg.msg;
 
     msg->handle = np->handle;
-    msg->tx_shmem_frame = (virt_to_machine(np->tx) >> PAGE_SHIFT);
+    msg->tx_shmem_frame = virt_to_mfn(np->tx);
 #ifdef CONFIG_XEN_NETDEV_GRANT_TX
     msg->tx_shmem_ref   = (u32)gnttab_claim_grant_reference(&gref_tx_head, 
                                                             gref_tx_terminal);
@@ -934,7 +939,7 @@
                                      msg->tx_shmem_frame, 0);
 #endif
 
-    msg->rx_shmem_frame = (virt_to_machine(np->rx) >> PAGE_SHIFT);
+    msg->rx_shmem_frame = virt_to_mfn(np->rx);
 #ifdef CONFIG_XEN_NETDEV_GRANT_RX
     msg->rx_shmem_ref   = (u32)gnttab_claim_grant_reference(&gref_rx_head, 
                                                             gref_rx_terminal);
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/usbback/usbback.c
--- a/linux-2.6-xen-sparse/drivers/xen/usbback/usbback.c        Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/usbback/usbback.c        Fri Aug 19 
18:19:28 2005
@@ -657,8 +657,8 @@
         phys_to_machine_mapping[__pa(MMAP_VADDR(pending_idx, i))>>PAGE_SHIFT] =
             FOREIGN_FRAME((buffer_mach + offset) >> PAGE_SHIFT);
 
-        ASSERT(virt_to_machine(MMAP_VADDR(pending_idx, i))
-               == buffer_mach + i << PAGE_SHIFT);
+        ASSERT(virt_to_mfn(MMAP_VADDR(pending_idx, i))
+               == ((buffer_mach >> PAGE_SHIFT) + i));
     }
 
     if ( req->pipe_type == 0 && req->num_iso > 0 ) /* Maybe schedule ISO... */
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/usbfront/usbfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/usbfront/usbfront.c      Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/usbfront/usbfront.c      Fri Aug 19 
18:19:28 2005
@@ -195,7 +195,7 @@
         }
 
         urb_priv->schedule = schedule;
-       req->iso_schedule = virt_to_machine(schedule);
+       req->iso_schedule = virt_to_mfn(schedule) << PAGE_SHIFT;
 
         return 0;
 }
@@ -212,7 +212,7 @@
 #if DEBUG
         printk(KERN_DEBUG
                "usbif = %p, req_prod = %d (@ 0x%lx), resp_prod = %d, resp_cons 
= %d\n",
-               usbif, usbif->req_prod, virt_to_machine(&usbif->req_prod),
+               usbif, usbif->req_prod, virt_to_mfn(&usbif->req_prod),
                usbif->resp_prod, xhci->usb_resp_cons);
 #endif
         
@@ -232,7 +232,7 @@
         req->operation       = USBIF_OP_IO;
         req->port            = 0; /* We don't care what the port is. */
         req->id              = (unsigned long) urb->hcpriv;
-        req->transfer_buffer = virt_to_machine(urb->transfer_buffer);
+        req->transfer_buffer = virt_to_mfn(urb->transfer_buffer) << PAGE_SHIFT;
        req->devnum          = usb_pipedevice(urb->pipe);
         req->direction       = usb_pipein(urb->pipe);
        req->speed           = usb_pipeslow(urb->pipe);
@@ -280,7 +280,7 @@
        printk(KERN_DEBUG
                "queuing probe: req_prod = %d (@ 0x%lx), resp_prod = %d, "
                "resp_cons = %d\n", usbif->req_prod,
-               virt_to_machine(&usbif->req_prod),
+               virt_to_mfn(&usbif->req_prod),
               usbif->resp_prod, xhci->usb_resp_cons);
 #endif
  
@@ -1555,7 +1555,7 @@
         cmsg.type      = CMSG_USBIF_FE;
         cmsg.subtype   = CMSG_USBIF_FE_INTERFACE_CONNECT;
         cmsg.length    = sizeof(usbif_fe_interface_connect_t);
-        up.shmem_frame = virt_to_machine(sring) >> PAGE_SHIFT;
+        up.shmem_frame = virt_to_mfn(sring);
         memcpy(cmsg.msg, &up, sizeof(up));
         
         /* Tell the controller to bring up the interface. */
@@ -1599,7 +1599,7 @@
 
        DPRINTK(KERN_INFO __FILE__
                 ": USB XHCI: SHM at %p (0x%lx), EVTCHN %d\n",
-                xhci->usb_ring.sring, virt_to_machine(xhci->usbif),
+                xhci->usb_ring.sring, virt_to_mfn(xhci->usbif),
                 xhci->evtchn);
 
         xhci->state = USBIF_STATE_CONNECTED;
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c    Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c    Fri Aug 19 
18:19:28 2005
@@ -48,13 +48,12 @@
 
 static inline struct ringbuf_head *outbuf(void)
 {
-       return machine_to_virt(xen_start_info.store_mfn << PAGE_SHIFT);
+       return mfn_to_virt(xen_start_info.store_mfn);
 }
 
 static inline struct ringbuf_head *inbuf(void)
 {
-       return machine_to_virt(xen_start_info.store_mfn << PAGE_SHIFT)
-               + PAGE_SIZE/2;
+       return mfn_to_virt(xen_start_info.store_mfn) + PAGE_SIZE/2;
 }
 
 static irqreturn_t wake_waiting(int irq, void *unused, struct pt_regs *regs)
@@ -219,8 +218,7 @@
        }
 
        /* FIXME zero out page -- domain builder should probably do this*/
-       memset(machine_to_virt(xen_start_info.store_mfn << PAGE_SHIFT),
-              0, PAGE_SIZE);
+       memset(mfn_to_virt(xen_start_info.store_mfn), 0, PAGE_SIZE);
 
        return 0;
 }
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c    Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c    Fri Aug 19 
18:19:28 2005
@@ -48,15 +48,7 @@
 match_device(const struct xenbus_device_id *arr, struct xenbus_device *dev)
 {
        for (; !streq(arr->devicetype, ""); arr++) {
-               if (!streq(arr->devicetype, dev->devicetype))
-                       continue;
-
-               /* If they don't care what subtype, it's a match. */
-               if (streq(arr->subtype, ""))
-                       return arr;
-
-               /* If they care, device must have (same) subtype. */
-               if (dev->subtype && streq(arr->subtype, dev->subtype))
+               if (streq(arr->devicetype, dev->devicetype))
                        return arr;
        }
        return NULL;
@@ -72,10 +64,102 @@
        return match_device(drv->ids, to_xenbus_device(_dev)) != NULL;
 }
 
+struct xen_bus_type
+{
+       char *root;
+       unsigned int levels;
+       int (*get_bus_id)(char bus_id[BUS_ID_SIZE], const char *nodename);
+       int (*probe)(const char *type, const char *dir);
+       struct bus_type bus;
+       struct device dev;
+};
+
+/* device/<type>/<id> => <type>-<id> */
+static int frontend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
+{
+       nodename = strchr(nodename, '/');
+       if (!nodename || strlen(nodename + 1) >= BUS_ID_SIZE) {
+               printk(KERN_WARNING "XENBUS: bad frontend %s\n", nodename);
+               return -EINVAL;
+       }
+
+       strlcpy(bus_id, nodename + 1, BUS_ID_SIZE);
+       if (!strchr(bus_id, '/')) {
+               printk(KERN_WARNING "XENBUS: bus_id %s no slash\n", bus_id);
+               return -EINVAL;
+       }
+       *strchr(bus_id, '/') = '-';
+       return 0;
+}
+
 /* Bus type for frontend drivers. */
-static struct bus_type xenbus_type = {
-       .name  = "xenbus",
-       .match = xenbus_match,
+static int xenbus_probe_frontend(const char *type, const char *name);
+static struct xen_bus_type xenbus_frontend = {
+       .root = "device",
+       .levels = 2,            /* device/type/<id> */
+       .get_bus_id = frontend_bus_id,
+       .probe = xenbus_probe_frontend,
+       .bus = {
+               .name  = "xen",
+               .match = xenbus_match,
+       },
+       .dev = {
+               .bus_id = "xen",
+       },
+};
+
+/* backend/<type>/<fe-uuid>/<id> => <type>-<fe-domid>-<id> */
+static int backend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
+{
+       int domid, err;
+       const char *devid, *type, *frontend;
+       unsigned int typelen;
+
+       type = strchr(nodename, '/');
+       if (!type)
+               return -EINVAL;
+       type++;
+       typelen = strcspn(type, "/");
+       if (!typelen || type[typelen] != '/')
+               return -EINVAL;
+
+       devid = strrchr(nodename, '/') + 1;
+
+       err = xenbus_gather(nodename, "frontend-id", "%i", &domid,
+                           "frontend", NULL, &frontend,
+                           NULL);
+       if (err)
+               return err;
+       if (strlen(frontend) == 0)
+               err = -ERANGE;
+
+       if (!err && !xenbus_exists(frontend, ""))
+               err = -ENOENT;
+
+       if (err) {
+               kfree(frontend);
+               return err;
+       }
+
+       if (snprintf(bus_id, BUS_ID_SIZE,
+                    "%.*s-%i-%s", typelen, type, domid, devid) >= BUS_ID_SIZE)
+               return -ENOSPC;
+       return 0;
+}
+
+static int xenbus_probe_backend(const char *type, const char *uuid);
+static struct xen_bus_type xenbus_backend = {
+       .root = "backend",
+       .levels = 3,            /* backend/type/<frontend>/<id> */
+       .get_bus_id = backend_bus_id,
+       .probe = xenbus_probe_backend,
+       .bus = {
+               .name  = "xen-backend",
+               .match = xenbus_match,
+       },
+       .dev = {
+               .bus_id = "xen-backend",
+       },
 };
 
 static int xenbus_dev_probe(struct device *_dev)
@@ -104,12 +188,13 @@
        return drv->remove(dev);
 }
 
-int xenbus_register_driver(struct xenbus_driver *drv)
+static int xenbus_register_driver(struct xenbus_driver *drv,
+                                 struct xen_bus_type *bus)
 {
        int err;
 
        drv->driver.name = drv->name;
-       drv->driver.bus = &xenbus_type;
+       drv->driver.bus = &bus->bus;
        drv->driver.owner = drv->owner;
        drv->driver.probe = xenbus_dev_probe;
        drv->driver.remove = xenbus_dev_remove;
@@ -120,6 +205,16 @@
        return err;
 }
 
+int xenbus_register_device(struct xenbus_driver *drv)
+{
+       return xenbus_register_driver(drv, &xenbus_frontend);
+}
+
+int xenbus_register_backend(struct xenbus_driver *drv)
+{
+       return xenbus_register_driver(drv, &xenbus_backend);
+}
+
 void xenbus_unregister_driver(struct xenbus_driver *drv)
 {
        down(&xenbus_lock);
@@ -130,52 +225,98 @@
 struct xb_find_info
 {
        struct xenbus_device *dev;
-       const char *busid;
+       const char *nodename;
 };
 
 static int cmp_dev(struct device *dev, void *data)
 {
+       struct xenbus_device *xendev = to_xenbus_device(dev);
        struct xb_find_info *info = data;
 
-       if (streq(dev->bus_id, info->busid)) {
-               info->dev = container_of(get_device(dev),
-                                        struct xenbus_device, dev);
+       if (streq(xendev->nodename, info->nodename)) {
+               info->dev = xendev;
+               get_device(dev);
                return 1;
        }
        return 0;
 }
 
-/* FIXME: device_find is fixed in 2.6.13-rc2 according to Greg KH --RR */
-struct xenbus_device *xenbus_device_find(const char *busid)
-{
-       struct xb_find_info info = { .dev = NULL, .busid = busid };
-
-       bus_for_each_dev(&xenbus_type, NULL, &info, cmp_dev);
+struct xenbus_device *xenbus_device_find(const char *nodename,
+                                        struct bus_type *bus)
+{
+       struct xb_find_info info = { .dev = NULL, .nodename = nodename };
+
+       bus_for_each_dev(bus, NULL, &info, cmp_dev);
        return info.dev;
 }
 
+static int cleanup_dev(struct device *dev, void *data)
+{
+       struct xenbus_device *xendev = to_xenbus_device(dev);
+       struct xb_find_info *info = data;
+       int len = strlen(info->nodename);
+
+       if (!strncmp(xendev->nodename, info->nodename, len)) {
+               info->dev = xendev;
+               get_device(dev);
+               return 1;
+       }
+       return 0;
+}
+
+static void xenbus_cleanup_devices(const char *path, struct bus_type *bus)
+{
+       struct xb_find_info info = { .nodename = path };
+
+       do {
+               info.dev = NULL;
+               bus_for_each_dev(bus, NULL, &info, cleanup_dev);
+               if (info.dev) {
+                       device_unregister(&info.dev->dev);
+                       put_device(&info.dev->dev);
+               }
+       } while (info.dev);
+}
 
 static void xenbus_release_device(struct device *dev)
 {
        if (dev) {
                struct xenbus_device *xendev = to_xenbus_device(dev);
 
-               kfree(xendev->subtype);
                kfree(xendev);
        }
 }
-/* devices/<typename>/<name> */
-static int xenbus_probe_device(const char *dirpath, const char *devicetype,
-                              const char *name)
+
+/* Simplified asprintf. */
+static char *kasprintf(const char *fmt, ...)
+{
+       va_list ap;
+       unsigned int len;
+       char *p, dummy[1];
+
+       va_start(ap, fmt);
+       /* FIXME: vsnprintf has a bug, NULL should work */
+       len = vsnprintf(dummy, 0, fmt, ap);
+       va_end(ap);
+
+       p = kmalloc(len + 1, GFP_KERNEL);
+       if (!p)
+               return NULL;
+       va_start(ap, fmt);
+       vsprintf(p, fmt, ap);
+       va_end(ap);
+       return p;
+}
+
+static int xenbus_probe_node(struct xen_bus_type *bus,
+                            const char *type,
+                            const char *nodename)
 {
        int err;
        struct xenbus_device *xendev;
        unsigned int stringlen;
 
-       /* Nodename: /device/<typename>/<name>/ */
-       stringlen = strlen(dirpath) + strlen(devicetype) + strlen(name) + 3;
-       /* Typename */
-       stringlen += strlen(devicetype) + 1;
+       stringlen = strlen(nodename) + 1 + strlen(type) + 1;
        xendev = kmalloc(sizeof(*xendev) + stringlen, GFP_KERNEL);
        if (!xendev)
                return -ENOMEM;
@@ -183,38 +324,103 @@
 
        /* Copy the strings into the extra space. */
        xendev->nodename = (char *)(xendev + 1);
-       sprintf(xendev->nodename, "%s/%s/%s", dirpath, devicetype, name);
+       strcpy(xendev->nodename, nodename);
        xendev->devicetype = xendev->nodename + strlen(xendev->nodename) + 1;
-       strcpy(xendev->devicetype, devicetype);
-
-       /* FIXME: look for "subtype" field. */
-       snprintf(xendev->dev.bus_id, BUS_ID_SIZE, "%s-%s", devicetype, name);
-       xendev->dev.bus = &xenbus_type;
+       strcpy(xendev->devicetype, type);
+
+       xendev->dev.parent = &bus->dev;
+       xendev->dev.bus = &bus->bus;
        xendev->dev.release = xenbus_release_device;
+
+       err = bus->get_bus_id(xendev->dev.bus_id, xendev->nodename);
+       if (err) {
+               kfree(xendev);
+               return err;
+       }
 
        /* Register with generic device framework. */
        err = device_register(&xendev->dev);
        if (err) {
-               printk("XENBUS: Registering device %s: error %i\n",
-                      xendev->dev.bus_id, err);
+               printk("XENBUS: Registering %s device %s: error %i\n",
+                      bus->bus.name, xendev->dev.bus_id, err);
                kfree(xendev);
        }
        return err;
 }
 
-static int xenbus_probe_device_type(const char *dirpath, const char *typename)
+/* device/<typename>/<name> */
+static int xenbus_probe_frontend(const char *type, const char *name)
+{
+       char *nodename;
+       int err;
+
+       nodename = kasprintf("%s/%s/%s", xenbus_frontend.root, type, name);
+       if (!nodename)
+               return -ENOMEM;
+       
+       err = xenbus_probe_node(&xenbus_frontend, type, nodename);
+       kfree(nodename);
+       return err;
+}
+
+/* backend/<typename>/<frontend-uuid>/<name> */
+static int xenbus_probe_backend_unit(const char *dir,
+                                    const char *type,
+                                    const char *name)
+{
+       char *nodename;
+       int err;
+
+       nodename = kasprintf("%s/%s", dir, name);
+       if (!nodename)
+               return -ENOMEM;
+
+       err = xenbus_probe_node(&xenbus_backend, type, nodename);
+       kfree(nodename);
+       return err;
+}
+
+/* backend/<typename>/<frontend-uuid> */
+static int xenbus_probe_backend(const char *type, const char *uuid)
+{
+       char *nodename;
+       int err = 0;
+       char **dir;
+       unsigned int i, dir_n = 0;
+
+       nodename = kasprintf("%s/%s/%s", xenbus_backend.root, type, uuid);
+       if (!nodename)
+               return -ENOMEM;
+
+       dir = xenbus_directory(nodename, "", &dir_n);
+       if (IS_ERR(dir)) {
+               kfree(nodename);
+               return PTR_ERR(dir);
+       }
+
+       for (i = 0; i < dir_n; i++) {
+               err = xenbus_probe_backend_unit(nodename, type, dir[i]);
+               if (err)
+                       break;
+       }
+       kfree(dir);
+       kfree(nodename);
+       return err;
+}
+
+static int xenbus_probe_device_type(struct xen_bus_type *bus, const char *type)
 {
        int err = 0;
        char **dir;
        unsigned int dir_n = 0;
        int i;
 
-       dir = xenbus_directory(dirpath, typename, &dir_n);
+       dir = xenbus_directory(bus->root, type, &dir_n);
        if (IS_ERR(dir))
                return PTR_ERR(dir);
 
        for (i = 0; i < dir_n; i++) {
-               err = xenbus_probe_device(dirpath, typename, dir[i]);
+               err = bus->probe(type, dir[i]);
                if (err)
                        break;
        }
@@ -222,18 +428,18 @@
        return err;
 }
 
-static int xenbus_probe_devices(const char *path)
+static int xenbus_probe_devices(struct xen_bus_type *bus)
 {
        int err = 0;
        char **dir;
        unsigned int i, dir_n;
 
-       dir = xenbus_directory(path, "", &dir_n);
+       dir = xenbus_directory(bus->root, "", &dir_n);
        if (IS_ERR(dir))
                return PTR_ERR(dir);
 
        for (i = 0; i < dir_n; i++) {
-               err = xenbus_probe_device_type(path, dir[i]);
+               err = xenbus_probe_device_type(bus, dir[i]);
                if (err)
                        break;
        }
@@ -251,58 +457,117 @@
        return ret;
 }
 
-static void dev_changed(struct xenbus_watch *watch, const char *node)
-{
-       char busid[BUS_ID_SIZE];
-       int exists;
+static int strsep_len(const char *str, char c, unsigned int len)
+{
+       unsigned int i;
+
+       for (i = 0; str[i]; i++)
+               if (str[i] == c) {
+                       if (len == 0)
+                               return i;
+                       len--;
+               }
+       return (len == 0) ? i : -ERANGE;
+}
+
+static void dev_changed(const char *node, struct xen_bus_type *bus)
+{
+       int exists, rootlen;
        struct xenbus_device *dev;
-       char *p;
-
-       /* Node is of form device/<type>/<identifier>[/...] */
-       if (char_count(node, '/') != 2)
+       char type[BUS_ID_SIZE];
+       const char *p, *root;
+
+       if (char_count(node, '/') < 2)
+               return;
+
+       exists = xenbus_exists(node, "");
+       if (!exists) {
+               xenbus_cleanup_devices(node, &bus->bus);
                return;
-
-       /* Created or deleted? */
-       exists = xenbus_exists(node, "");
-
+       }
+
+       /* backend/<type>/... or device/<type>/... */
        p = strchr(node, '/') + 1;
-       if (strlen(p) + 1 > BUS_ID_SIZE) {
-               printk("Device for node %s is too big!\n", node);
+       snprintf(type, BUS_ID_SIZE, "%.*s", strcspn(p, "/"), p);
+       type[BUS_ID_SIZE-1] = '\0';
+
+       rootlen = strsep_len(node, '/', bus->levels);
+       if (rootlen < 0)
                return;
-       }
-       /* Bus ID is name with / changed to - */
-       strcpy(busid, p);
-       *strchr(busid, '/') = '-';
-
-       dev = xenbus_device_find(busid);
-       printk("xenbus: device %s %s\n", busid, dev ? "exists" : "new");
-       if (dev && !exists) {
-               printk("xenbus: Unregistering device %s\n", busid);
-               /* FIXME: free? */
-               device_unregister(&dev->dev);
-       } else if (!dev && exists) {
-               printk("xenbus: Adding device %s\n", busid);
-               /* Hack bus id back into two strings. */
-               *strrchr(busid, '-') = '\0';
-               xenbus_probe_device("device", busid, busid+strlen(busid)+1);
-       } else
-               printk("xenbus: strange, %s already %s\n", busid,
-                      exists ? "exists" : "gone");
-       if (dev)
+       root = kasprintf("%.*s", rootlen, node);
+       if (!root)
+               return;
+
+       dev = xenbus_device_find(root, &bus->bus);
+       if (!dev)
+               xenbus_probe_node(bus, type, root);
+       else
                put_device(&dev->dev);
+
+       kfree(root);
+}
+
+static void frontend_changed(struct xenbus_watch *watch, const char *node)
+{
+       dev_changed(node, &xenbus_frontend);
+}
+
+static void backend_changed(struct xenbus_watch *watch, const char *node)
+{
+       dev_changed(node, &xenbus_backend);
 }
 
 /* We watch for devices appearing and vanishing. */
-static struct xenbus_watch dev_watch = {
-       /* FIXME: Ideally we'd only watch for changes 2 levels deep... */
+static struct xenbus_watch fe_watch = {
        .node = "device",
-       .callback = dev_changed,
+       .callback = frontend_changed,
 };
+
+static struct xenbus_watch be_watch = {
+       .node = "backend",
+       .callback = backend_changed,
+};
+
+static int suspend_dev(struct device *dev, void *data)
+{
+       int err = 0;
+       struct xenbus_driver *drv;
+       struct xenbus_device *xdev;
+
+       if (dev->driver == NULL)
+               return 0;
+       drv = to_xenbus_driver(dev->driver);
+       xdev = container_of(dev, struct xenbus_device, dev);
+       if (drv->suspend)
+               err = drv->suspend(xdev);
+       if (err)
+               printk("xenbus: suspend %s failed: %i\n", dev->bus_id, err);
+       return 0;
+}
+
+static int resume_dev(struct device *dev, void *data)
+{
+       int err = 0;
+       struct xenbus_driver *drv;
+       struct xenbus_device *xdev;
+
+       if (dev->driver == NULL)
+               return 0;
+       drv = to_xenbus_driver(dev->driver);
+       xdev = container_of(dev, struct xenbus_device, dev);
+       if (drv->resume)
+               err = drv->resume(xdev);
+       if (err)
+               printk("xenbus: resume %s failed: %i\n", dev->bus_id, err);
+       return 0;
+}
 
 void xenbus_suspend(void)
 {
        /* We keep lock, so no comms can happen as page moves. */
        down(&xenbus_lock);
+       bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, suspend_dev);
+       bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, suspend_dev);
        xb_suspend_comms();
 }
 
@@ -310,6 +575,8 @@
 {
        xb_init_comms();
        reregister_xenbus_watches();
+       bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, resume_dev);
+       bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, resume_dev);
        up(&xenbus_lock);
 }
 
@@ -354,30 +621,23 @@
        }
 
        down(&xenbus_lock);
-       err = notifier_call_chain(&xenstore_chain, 0, 0);
+       /* Enumerate devices in xenstore. */
+       xenbus_probe_devices(&xenbus_frontend);
+       xenbus_probe_devices(&xenbus_backend);
+       /* Watch for changes. */
+       register_xenbus_watch(&fe_watch);
+       register_xenbus_watch(&be_watch);
        up(&xenbus_lock);
-
-       if (err == NOTIFY_BAD) {
-               printk("%s: calling xenstore notify chain failed\n",
-                      __FUNCTION__);
-               return -EINVAL;
-       }
-
-       err = 0;
-
-       down(&xenbus_lock);
-       /* Enumerate devices in xenstore. */
-       xenbus_probe_devices("device");
-       /* Watch for changes. */
-       register_xenbus_watch(&dev_watch);
-       up(&xenbus_lock);
        return 0;
 }
 
 static int __init xenbus_probe_init(void)
 {
-       bus_register(&xenbus_type);
-
+       bus_register(&xenbus_frontend.bus);
+       bus_register(&xenbus_backend.bus);
+       device_register(&xenbus_frontend.dev);
+       device_register(&xenbus_backend.dev);
+       
        if (!xen_start_info.store_evtchn)
                return 0;
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c       Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c       Fri Aug 19 
18:19:28 2005
@@ -187,6 +187,7 @@
        static char buffer[4096];
 
        BUG_ON(down_trylock(&xenbus_lock) == 0);
+       /* XXX FIXME: might not be correct if name == "" */
        BUG_ON(strlen(dir) + strlen("/") + strlen(name) + 1 > sizeof(buffer));
 
        strcpy(buffer, dir);
@@ -399,9 +400,12 @@
                        ret = PTR_ERR(p);
                        break;
                }
-               if (sscanf(p, fmt, result) == 0)
-                       ret = -EINVAL;
-               kfree(p);
+               if (fmt) {
+                       if (sscanf(p, fmt, result) == 0)
+                               ret = -EINVAL;
+                       kfree(p);
+               } else
+                       *(char **)result = p;
        }
        va_end(ap);
        return ret;
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-i386/desc.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/desc.h      Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/desc.h      Fri Aug 19 
18:19:28 2005
@@ -93,7 +93,7 @@
 
 static inline void load_TLS(struct thread_struct *t, unsigned int cpu)
 {
-#define C(i) 
HYPERVISOR_update_descriptor(virt_to_machine(&get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN
 + i]), ((u32 *)&t->tls_array[i])[0], ((u32 *)&t->tls_array[i])[1])
+#define C(i) 
HYPERVISOR_update_descriptor(virt_to_machine(&get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN
 + i]), *(u64 *)&t->tls_array[i])
        C(0); C(1); C(2);
 #undef C
 }
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-i386/fixmap.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/fixmap.h    Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/fixmap.h    Fri Aug 19 
18:19:28 2005
@@ -102,8 +102,8 @@
        __end_of_fixed_addresses
 };
 
-extern void __set_fixmap (enum fixed_addresses idx,
-                                       unsigned long phys, pgprot_t flags);
+extern void __set_fixmap(
+       enum fixed_addresses idx, maddr_t phys, pgprot_t flags);
 
 #define set_fixmap(idx, phys) \
                __set_fixmap(idx, phys, PAGE_KERNEL)
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h Fri Aug 19 
18:19:28 2005
@@ -163,7 +163,7 @@
         TRAP_INSTR
         : "=a" (ret), "=b" (ign)
        : "0" (__HYPERVISOR_sched_op), "1" (SCHEDOP_yield)
-       : "memory" );
+       : "memory", "ecx" );
 
     return ret;
 }
@@ -178,7 +178,7 @@
         TRAP_INSTR
         : "=a" (ret), "=b" (ign1)
        : "0" (__HYPERVISOR_sched_op), "1" (SCHEDOP_block)
-       : "memory" );
+       : "memory", "ecx" );
 
     return ret;
 }
@@ -194,7 +194,7 @@
         : "=a" (ret), "=b" (ign1)
        : "0" (__HYPERVISOR_sched_op),
          "1" (SCHEDOP_shutdown | (SHUTDOWN_poweroff << SCHEDOP_reasonshift))
-        : "memory" );
+        : "memory", "ecx" );
 
     return ret;
 }
@@ -210,7 +210,7 @@
         : "=a" (ret), "=b" (ign1)
        : "0" (__HYPERVISOR_sched_op),
          "1" (SCHEDOP_shutdown | (SHUTDOWN_reboot << SCHEDOP_reasonshift))
-        : "memory" );
+        : "memory", "ecx" );
 
     return ret;
 }
@@ -228,7 +228,7 @@
         : "=a" (ret), "=b" (ign1), "=S" (ign2)
        : "0" (__HYPERVISOR_sched_op),
         "b" (SCHEDOP_shutdown | (SHUTDOWN_suspend << SCHEDOP_reasonshift)), 
-        "S" (srec) : "memory");
+        "S" (srec) : "memory", "ecx");
 
     return ret;
 }
@@ -244,7 +244,7 @@
         : "=a" (ret), "=b" (ign1)
        : "0" (__HYPERVISOR_sched_op),
          "1" (SCHEDOP_shutdown | (SHUTDOWN_crash << SCHEDOP_reasonshift))
-        : "memory" );
+        : "memory", "ecx" );
 
     return ret;
 }
@@ -316,16 +316,17 @@
 
 static inline int
 HYPERVISOR_update_descriptor(
-    unsigned long ma, unsigned long word1, unsigned long word2)
-{
-    int ret;
-    unsigned long ign1, ign2, ign3;
-
-    __asm__ __volatile__ (
-        TRAP_INSTR
-        : "=a" (ret), "=b" (ign1), "=c" (ign2), "=d" (ign3)
-       : "0" (__HYPERVISOR_update_descriptor), "1" (ma), "2" (word1),
-         "3" (word2)
+    u64 ma, u64 desc)
+{
+    int ret;
+    unsigned long ign1, ign2, ign3, ign4;
+
+    __asm__ __volatile__ (
+        TRAP_INSTR
+        : "=a" (ret), "=b" (ign1), "=c" (ign2), "=d" (ign3), "=S" (ign4)
+       : "0" (__HYPERVISOR_update_descriptor),
+         "1" ((unsigned long)ma), "2" ((unsigned long)(ma>>32)),
+         "3" ((unsigned long)desc), "4" ((unsigned long)(desc>>32))
        : "memory" );
 
     return ret;
@@ -529,12 +530,15 @@
 {
     int ret;
     unsigned long ign1;
+    /* Yes, I really do want to clobber edx here: when we resume a
+       vcpu after unpickling a multi-processor domain, it returns
+       here, but clobbers all of the call clobbered registers. */
     __asm__ __volatile__ (
         TRAP_INSTR
         : "=a" (ret), "=b" (ign1)
        : "0" (__HYPERVISOR_sched_op),
          "1" (SCHEDOP_vcpu_down | (vcpu << SCHEDOP_vcpushift))
-        : "memory" );
+        : "memory", "ecx", "edx" );
 
     return ret;
 }
@@ -550,8 +554,26 @@
         : "=a" (ret), "=b" (ign1)
        : "0" (__HYPERVISOR_sched_op),
          "1" (SCHEDOP_vcpu_up | (vcpu << SCHEDOP_vcpushift))
+        : "memory", "ecx" );
+
+    return ret;
+}
+
+static inline int
+HYPERVISOR_vcpu_pickle(
+    int vcpu, vcpu_guest_context_t *ctxt)
+{
+    int ret;
+    unsigned long ign1, ign2;
+    __asm__ __volatile__ (
+        TRAP_INSTR
+        : "=a" (ret), "=b" (ign1), "=c" (ign2)
+       : "0" (__HYPERVISOR_sched_op),
+         "1" (SCHEDOP_vcpu_pickle | (vcpu << SCHEDOP_vcpushift)),
+         "2" (ctxt)
         : "memory" );
 
     return ret;
 }
+
 #endif /* __HYPERCALL_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-i386/page.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/page.h      Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/page.h      Fri Aug 19 
18:19:28 2005
@@ -63,20 +63,25 @@
 extern unsigned int *phys_to_machine_mapping;
 #define pfn_to_mfn(_pfn) ((unsigned long)(phys_to_machine_mapping[(_pfn)]))
 #define mfn_to_pfn(_mfn) ((unsigned long)(machine_to_phys_mapping[(_mfn)]))
+
+/* Definitions for machine and pseudophysical addresses. */
 #ifdef CONFIG_X86_PAE
-typedef unsigned long long physaddr_t;
-#else
-typedef unsigned long physaddr_t;
-#endif
-static inline physaddr_t phys_to_machine(physaddr_t phys)
-{
-       physaddr_t machine = pfn_to_mfn(phys >> PAGE_SHIFT);
+typedef unsigned long long paddr_t;
+typedef unsigned long long maddr_t;
+#else
+typedef unsigned long paddr_t;
+typedef unsigned long maddr_t;
+#endif
+
+static inline maddr_t phys_to_machine(paddr_t phys)
+{
+       maddr_t machine = pfn_to_mfn(phys >> PAGE_SHIFT);
        machine = (machine << PAGE_SHIFT) | (phys & ~PAGE_MASK);
        return machine;
 }
-static inline physaddr_t machine_to_phys(physaddr_t machine)
-{
-       physaddr_t phys = mfn_to_pfn(machine >> PAGE_SHIFT);
+static inline paddr_t machine_to_phys(maddr_t machine)
+{
+       paddr_t phys = mfn_to_pfn(machine >> PAGE_SHIFT);
        phys = (phys << PAGE_SHIFT) | (machine & ~PAGE_MASK);
        return phys;
 }
@@ -233,8 +238,10 @@
                 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
 
 /* VIRT <-> MACHINE conversion */
-#define virt_to_machine(_a)    (phys_to_machine(__pa(_a)))
-#define machine_to_virt(_m)    (__va(machine_to_phys(_m)))
+#define virt_to_machine(v)     (phys_to_machine(__pa(v)))
+#define machine_to_virt(m)     (__va(machine_to_phys(m)))
+#define virt_to_mfn(v)         (pfn_to_mfn(__pa(v) >> PAGE_SHIFT))
+#define mfn_to_virt(m)         (__va(mfn_to_pfn(m) << PAGE_SHIFT))
 
 #endif /* __KERNEL__ */
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-i386/pgtable.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/pgtable.h   Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/pgtable.h   Fri Aug 19 
18:19:28 2005
@@ -32,7 +32,7 @@
  */
 #define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page))
 extern unsigned long empty_zero_page[1024];
-extern pgd_t swapper_pg_dir[1024];
+extern pgd_t *swapper_pg_dir;
 extern kmem_cache_t *pgd_cache;
 extern kmem_cache_t *pmd_cache;
 extern spinlock_t pgd_lock;
@@ -450,7 +450,7 @@
 #define arbitrary_virt_to_machine(__va)                                        
\
 ({                                                                     \
        pte_t *__pte = virt_to_ptep(__va);                              \
-       unsigned long __pa = (*(unsigned long *)__pte) & PAGE_MASK;     \
+       maddr_t __pa = (maddr_t)pte_mfn(*__pte) << PAGE_SHIFT;          \
        __pa | ((unsigned long)(__va) & (PAGE_SIZE-1));                 \
 })
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/hypercall.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/hypercall.h       Thu Aug 
18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/hypercall.h       Fri Aug 
19 18:19:28 2005
@@ -502,4 +502,21 @@
     return ret;
 }
 
+static inline int
+HYPERVISOR_vcpu_pickle(
+    int vcpu, vcpu_guest_context_t *ctxt)
+{
+    int ret;
+    unsigned long ign1, ign2;
+    __asm__ __volatile__ (
+        TRAP_INSTR
+        : "=a" (ret), "=b" (ign1), "=c" (ign2)
+       : "0" (__HYPERVISOR_sched_op),
+         "1" (SCHEDOP_vcpu_pickle | (vcpu << SCHEDOP_vcpushift)),
+         "2" (ctxt)
+        : __syscall_clobber );
+
+    return ret;
+}
+
 #endif /* __HYPERCALL_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h    Thu Aug 18 
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h    Fri Aug 19 
18:19:28 2005
@@ -65,16 +65,21 @@
 extern u32 *phys_to_machine_mapping;
 #define pfn_to_mfn(_pfn) ((unsigned long) phys_to_machine_mapping[(unsigned 
int)(_pfn)])
 #define mfn_to_pfn(_mfn) ((unsigned long) machine_to_phys_mapping[(unsigned 
int)(_mfn)])
-static inline unsigned long phys_to_machine(unsigned long phys)
-{
-       unsigned long machine = pfn_to_mfn(phys >> PAGE_SHIFT);
+
+/* Definitions for machine and pseudophysical addresses. */
+typedef unsigned long paddr_t;
+typedef unsigned long maddr_t;
+
+static inline maddr_t phys_to_machine(paddr_t phys)
+{
+       maddr_t machine = pfn_to_mfn(phys >> PAGE_SHIFT);
        machine = (machine << PAGE_SHIFT) | (phys & ~PAGE_MASK);
        return machine;
 }
 
-static inline unsigned long machine_to_phys(unsigned long machine)
-{
-       unsigned long phys = mfn_to_pfn(machine >> PAGE_SHIFT);
+static inline paddr_t machine_to_phys(maddr_t machine)
+{
+       paddr_t phys = mfn_to_pfn(machine >> PAGE_SHIFT);
        phys = (phys << PAGE_SHIFT) | (machine & ~PAGE_MASK);
        return phys;
 }
@@ -211,8 +216,10 @@
 #define pfn_to_kaddr(pfn)      __va((pfn) << PAGE_SHIFT)
 
 /* VIRT <-> MACHINE conversion */
-#define virt_to_machine(_a)    (phys_to_machine(__pa(_a)))
-#define machine_to_virt(_m)    (__va(machine_to_phys(_m)))
+#define virt_to_machine(v)     (phys_to_machine(__pa(v)))
+#define machine_to_virt(m)     (__va(machine_to_phys(m)))
+#define virt_to_mfn(v)         (pfn_to_mfn(__pa(v) >> PAGE_SHIFT))
+#define mfn_to_virt(m)         (__va(mfn_to_pfn(m) << PAGE_SHIFT))
 
 #define VM_DATA_DEFAULT_FLAGS \
        (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/include/asm-xen/xenbus.h
--- a/linux-2.6-xen-sparse/include/asm-xen/xenbus.h     Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/xenbus.h     Fri Aug 19 18:19:28 2005
@@ -37,7 +37,6 @@
 /* A xenbus device. */
 struct xenbus_device {
        char *devicetype;
-       char *subtype;
        char *nodename;
        struct device dev;
        int has_error;
@@ -53,7 +52,6 @@
 {
        /* .../device/<device_type>/<identifier> */
        char devicetype[32];    /* General class of device. */
-       char subtype[32];       /* Contents of "subtype" for this device */
 };
 
 /* A xenbus driver. */
@@ -61,9 +59,11 @@
        char *name;
        struct module *owner;
        const struct xenbus_device_id *ids;
-       int  (*probe)    (struct xenbus_device * dev,
-                         const struct xenbus_device_id * id);
-       int  (*remove)   (struct xenbus_device * dev);
+       int (*probe)(struct xenbus_device *dev,
+                    const struct xenbus_device_id *id);
+       int (*remove)(struct xenbus_device *dev);
+       int (*suspend)(struct xenbus_device *dev);
+       int (*resume)(struct xenbus_device *dev);
        struct device_driver driver;
 };
 
@@ -72,7 +72,8 @@
        return container_of(drv, struct xenbus_driver, driver);
 }
 
-int xenbus_register_driver(struct xenbus_driver *drv);
+int xenbus_register_device(struct xenbus_driver *drv);
+int xenbus_register_backend(struct xenbus_driver *drv);
 void xenbus_unregister_driver(struct xenbus_driver *drv);
 
 /* Caller must hold this lock to call these functions: it's also held
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/libxendebug/xendebug.c
--- a/tools/debugger/libxendebug/xendebug.c     Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/libxendebug/xendebug.c     Fri Aug 19 18:19:28 2005
@@ -40,7 +40,7 @@
 typedef struct bwcpoint                           /* break/watch/catch point */
 {
     struct list_head list;
-    memory_t address;
+    unsigned long address;
     u32 domain;
     u8 old_value;                             /* old value for software bkpt */
 } bwcpoint_t, *bwcpoint_p;
@@ -311,7 +311,7 @@
 /* access to one page */
 static int
 xendebug_memory_page (domain_context_p ctxt, int xc_handle, u32 vcpu,
-                      int protection, memory_t address, int length, u8 *buffer)
+                      int protection, unsigned long address, int length, u8 
*buffer)
 {
     vcpu_guest_context_t *vcpu_ctxt = &ctxt->context[vcpu];
     unsigned long pde, page;
@@ -407,7 +407,7 @@
 /* divide a memory operation into accesses to individual pages */
 static int
 xendebug_memory_op (domain_context_p ctxt, int xc_handle, u32 vcpu,
-                    int protection, memory_t address, int length, u8 *buffer)
+                    int protection, unsigned long address, int length, u8 
*buffer)
 {
     int      remain;              /* number of bytes to touch past this page */
     int      bytes   = 0;
@@ -431,7 +431,7 @@
 xendebug_read_memory(int xc_handle,
                      u32 domid,
                      u32 vcpu,
-                     memory_t address,
+                     unsigned long address,
                      u32 length,
                      u8 *data)
 {
@@ -451,7 +451,7 @@
 xendebug_write_memory(int xc_handle,
                       u32 domid,
                       u32 vcpu,
-                      memory_t address,
+                      unsigned long address,
                       u32 length,
                       u8 *data)
 {
@@ -471,7 +471,7 @@
 xendebug_insert_memory_breakpoint(int xc_handle,
                                   u32 domid,
                                   u32 vcpu,
-                                  memory_t address,
+                                  unsigned long address,
                                   u32 length)
 {
     bwcpoint_p bkpt;
@@ -517,7 +517,7 @@
 xendebug_remove_memory_breakpoint(int xc_handle,
                                   u32 domid,
                                   u32 vcpu,
-                                  memory_t address,
+                                  unsigned long address,
                                   u32 length)
 {
     bwcpoint_p bkpt = NULL;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/libxendebug/xendebug.h
--- a/tools/debugger/libxendebug/xendebug.h     Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/libxendebug/xendebug.h     Fri Aug 19 18:19:28 2005
@@ -45,7 +45,7 @@
 int xendebug_read_memory(int xc_handle,
                         u32 domid,
                         u32 vcpu,
-                        memory_t address,
+                        unsigned long address,
                         u32 length,
                         u8 *data);
 
@@ -53,7 +53,7 @@
 int xendebug_write_memory(int xc_handle,
                          u32 domid,
                          u32 vcpu,
-                         memory_t address,
+                         unsigned long address,
                          u32 length,
                          u8 *data);
 
@@ -61,13 +61,13 @@
 int xendebug_insert_memory_breakpoint(int xc_handle,
                                      u32 domid,
                                      u32 vcpu,
-                                     memory_t address,
+                                     unsigned long address,
                                      u32 length);
 
 int xendebug_remove_memory_breakpoint(int xc_handle,
                                      u32 domid,
                                      u32 vcpu,
-                                     memory_t address,
+                                     unsigned long address,
                                      u32 length);
 
 int xendebug_query_domain_stop(int xc_handle,
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/linux-2.6-module/debug.c
--- a/tools/debugger/pdb/linux-2.6-module/debug.c       Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/linux-2.6-module/debug.c       Fri Aug 19 18:19:28 2005
@@ -26,7 +26,7 @@
 typedef struct bwcpoint                           /* break/watch/catch point */
 {
     struct list_head list;
-    memory_t address;
+    unsigned long address;
     int length;
 
     u8  type;                                                     /* BWC_??? */
@@ -109,7 +109,7 @@
 }
 
 bwcpoint_p
-pdb_search_watchpoint (u32 process, memory_t address)
+pdb_search_watchpoint (u32 process, unsigned long address)
 {
     bwcpoint_p bwc_watch = (bwcpoint_p) 0;
     bwcpoint_p bwc_entry = (bwcpoint_p) 0;
@@ -364,7 +364,7 @@
 
 int
 pdb_insert_memory_breakpoint (struct task_struct *target, 
-                              memory_t address, u32 length)
+                              unsigned long address, u32 length)
 {
     int rc = 0;
     bwcpoint_p bkpt;
@@ -399,7 +399,7 @@
 
 int
 pdb_remove_memory_breakpoint (struct task_struct *target,
-                              memory_t address, u32 length)
+                              unsigned long address, u32 length)
 {
     int rc = 0;
     bwcpoint_p bkpt = NULL;
@@ -760,7 +760,7 @@
 {
     pdb_response_t resp;
     bwcpoint_p bkpt = NULL;
-    memory_t address = regs->eip - 1;
+    unsigned long address = regs->eip - 1;
 
     struct list_head *entry;
     list_for_each(entry, &bwcpoint_list)
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/debugger/pdb/linux-2.6-module/module.c
--- a/tools/debugger/pdb/linux-2.6-module/module.c      Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/linux-2.6-module/module.c      Fri Aug 19 18:19:28 2005
@@ -199,7 +199,7 @@
 }
 
 static void
-pdb_send_connection_status(int status, memory_t ring)
+pdb_send_connection_status(int status, unsigned long ring)
 {
     ctrl_msg_t cmsg = 
     {
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/debugger/pdb/linux-2.6-module/pdb_debug.h
--- a/tools/debugger/pdb/linux-2.6-module/pdb_debug.h   Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/linux-2.6-module/pdb_debug.h   Fri Aug 19 18:19:28 2005
@@ -18,9 +18,9 @@
 int pdb_step (struct task_struct *target);
 
 int pdb_insert_memory_breakpoint (struct task_struct *target, 
-                                  memory_t address, u32 length);
+                                  unsigned long address, u32 length);
 int pdb_remove_memory_breakpoint (struct task_struct *target,
-                                  memory_t address, u32 length);
+                                  unsigned long address, u32 length);
 int pdb_insert_watchpoint (struct task_struct *target,
                            pdb_op_watchpt_p watchpt);
 int pdb_remove_watchpoint (struct task_struct *target,
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/pdb_caml_domain.c
--- a/tools/debugger/pdb/pdb_caml_domain.c      Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/pdb_caml_domain.c      Fri Aug 19 18:19:28 2005
@@ -203,7 +203,7 @@
     context_t ctx;
     int loop;
     char *buffer;
-    memory_t my_address = Int32_val(address);
+    unsigned long my_address = Int32_val(address);
     u32 my_length = Int_val(length);
 
     printf ("(pdb) read memory\n");
@@ -259,7 +259,7 @@
     context_t ctx;
 
     char buffer[4096];  /* a big buffer */
-    memory_t  my_address;
+    unsigned long  my_address;
     u32 length = 0;
 
     printf ("(pdb) write memory\n");
@@ -279,7 +279,7 @@
     }
     buffer[length++] = Int_val(Field(node, 0));
 
-    my_address = (memory_t) Int32_val(address);
+    my_address = (unsigned long) Int32_val(address);
 
     if ( xendebug_write_memory(xc_handle, ctx.domain, ctx.vcpu,
                                my_address, length, buffer) )
@@ -344,7 +344,7 @@
     CAMLparam3(context, address, length);
 
     context_t ctx;
-    memory_t my_address = (memory_t) Int32_val(address);
+    unsigned long my_address = (unsigned long) Int32_val(address);
     int my_length = Int_val(length);
 
     decode_context(&ctx, context);
@@ -373,7 +373,7 @@
 
     context_t ctx;
 
-    memory_t my_address = (memory_t) Int32_val(address);
+    unsigned long my_address = (unsigned long) Int32_val(address);
     int my_length = Int_val(length);
 
     printf ("(pdb) remove memory breakpoint 0x%lx %d\n",
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/pdb_caml_process.c
--- a/tools/debugger/pdb/pdb_caml_process.c     Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/pdb_caml_process.c     Fri Aug 19 18:19:28 2005
@@ -495,7 +495,7 @@
 
     req.operation = PDB_OPCODE_SET_BKPT;
     req.process = ctx.process;
-    req.u.bkpt.address = (memory_t) Int32_val(address);
+    req.u.bkpt.address = (unsigned long) Int32_val(address);
     req.u.bkpt.length  =  Int_val(length);
 
     send_request(ctx.ring, ctx.evtchn, &req);
@@ -518,7 +518,7 @@
 
     req.operation = PDB_OPCODE_CLR_BKPT;
     req.process = ctx.process;
-    req.u.bkpt.address = (memory_t) Int32_val(address);
+    req.u.bkpt.address = (unsigned long) Int32_val(address);
     req.u.bkpt.length  =  Int_val(length);
 
     send_request(ctx.ring, ctx.evtchn, &req);
@@ -542,7 +542,7 @@
     req.operation = PDB_OPCODE_SET_WATCHPT;
     req.process = ctx.process;
     req.u.watchpt.type    =  Int_val(kind);
-    req.u.watchpt.address = (memory_t) Int32_val(address);
+    req.u.watchpt.address = (unsigned long) Int32_val(address);
     req.u.watchpt.length  =  Int_val(length);
 
     send_request(ctx.ring, ctx.evtchn, &req);
@@ -566,7 +566,7 @@
     req.operation = PDB_OPCODE_CLR_WATCHPT;
     req.process = ctx.process;
     req.u.watchpt.type    =  Int_val(kind);
-    req.u.watchpt.address = (memory_t) Int32_val(address);
+    req.u.watchpt.address = (unsigned long) Int32_val(address);
     req.u.watchpt.length  =  Int_val(length);
 
     send_request(ctx.ring, ctx.evtchn, &req);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/pdb_caml_xcs.c
--- a/tools/debugger/pdb/pdb_caml_xcs.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/pdb_caml_xcs.c Fri Aug 19 18:19:28 2005
@@ -50,7 +50,7 @@
 {
     CAMLparam2(domain, ring);
     int my_domain = Int_val(domain);
-    memory_t my_ring = Int32_val(ring);
+    unsigned long my_ring = Int32_val(ring);
 
     pdb_front_ring_t *front_ring;
     pdb_sring_t *sring;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/libxc/xc.h
--- a/tools/libxc/xc.h  Thu Aug 18 18:40:02 2005
+++ b/tools/libxc/xc.h  Fri Aug 19 18:19:28 2005
@@ -515,25 +515,25 @@
  */
 int xc_grant_interface_close(int xc_handle);
 
-int xc_gnttab_map_grant_ref(int         xc_handle,
-                            memory_t    host_virt_addr,
-                            u32         dom,
-                            u16         ref,
-                            u16         flags,
-                            s16        *handle,
-                            memory_t   *dev_bus_addr);
-
-int xc_gnttab_unmap_grant_ref(int       xc_handle,
-                              memory_t  host_virt_addr,
-                              memory_t  dev_bus_addr,
-                              u16       handle,
-                              s16      *status);
+int xc_gnttab_map_grant_ref(int  xc_handle,
+                            u64  host_virt_addr,
+                            u32  dom,
+                            u16  ref,
+                            u16  flags,
+                            s16 *handle,
+                            u64 *dev_bus_addr);
+
+int xc_gnttab_unmap_grant_ref(int  xc_handle,
+                              u64  host_virt_addr,
+                              u64  dev_bus_addr,
+                              u16  handle,
+                              s16 *status);
 
 int xc_gnttab_setup_table(int        xc_handle,
                           u32        dom,
                           u16        nr_frames,
                           s16       *status,
-                          memory_t **frame_list);
+                          unsigned long **frame_list);
 
 /* Grant debug builds only: */
 int xc_gnttab_dump_table(int        xc_handle,
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/libxc/xc_gnttab.c
--- a/tools/libxc/xc_gnttab.c   Thu Aug 18 18:40:02 2005
+++ b/tools/libxc/xc_gnttab.c   Fri Aug 19 18:19:28 2005
@@ -40,12 +40,12 @@
 
 
 int xc_gnttab_map_grant_ref(int         xc_handle,
-                            memory_t    host_virt_addr,
+                            u64    host_virt_addr,
                             u32         dom,
                             u16         ref,
                             u16         flags,
                             s16        *handle,
-                            memory_t   *dev_bus_addr)
+                            u64   *dev_bus_addr)
 {
     struct gnttab_map_grant_ref op;
     int rc;
@@ -67,8 +67,8 @@
 
 
 int xc_gnttab_unmap_grant_ref(int       xc_handle,
-                              memory_t  host_virt_addr,
-                              memory_t  dev_bus_addr,
+                              u64  host_virt_addr,
+                              u64  dev_bus_addr,
                               u16       handle,
                               s16      *status)
 {
@@ -92,7 +92,7 @@
                           u32        dom,
                           u16        nr_frames,
                           s16       *status,
-                          memory_t **frame_list)
+                          unsigned long **frame_list)
 {
     struct gnttab_setup_table op;
     int rc, i;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/lowlevel/xu/xu.c
--- a/tools/python/xen/lowlevel/xu/xu.c Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/lowlevel/xu/xu.c Fri Aug 19 18:19:28 2005
@@ -844,7 +844,7 @@
     case TYPE(CMSG_BLKIF_BE, CMSG_BLKIF_BE_CONNECT):
         P2C(blkif_be_connect_t, domid,        u32);
         P2C(blkif_be_connect_t, blkif_handle, u32);
-        P2C(blkif_be_connect_t, shmem_frame,  memory_t);
+        P2C(blkif_be_connect_t, shmem_frame,  unsigned long);
         P2C(blkif_be_connect_t, shmem_ref,    u32);
         P2C(blkif_be_connect_t, evtchn,       u16);
         break;
@@ -906,9 +906,9 @@
     case TYPE(CMSG_NETIF_BE, CMSG_NETIF_BE_CONNECT):
         P2C(netif_be_connect_t, domid,          u32);
         P2C(netif_be_connect_t, netif_handle,   u32);
-        P2C(netif_be_connect_t, tx_shmem_frame, memory_t);
+        P2C(netif_be_connect_t, tx_shmem_frame, unsigned long);
         P2C(netif_be_connect_t, tx_shmem_ref,   u32); 
-        P2C(netif_be_connect_t, rx_shmem_frame, memory_t);
+        P2C(netif_be_connect_t, rx_shmem_frame, unsigned long);
         P2C(netif_be_connect_t, rx_shmem_ref,   u32); 
         P2C(netif_be_connect_t, evtchn,         u16); 
         break;
@@ -942,7 +942,7 @@
         P2C(usbif_fe_driver_status_changed_t, status, u32);
         break;
     case TYPE(CMSG_USBIF_FE, CMSG_USBIF_FE_INTERFACE_CONNECT):
-        P2C(usbif_fe_interface_connect_t, shmem_frame, memory_t);
+        P2C(usbif_fe_interface_connect_t, shmem_frame, unsigned long);
         break;
     case TYPE(CMSG_USBIF_FE, CMSG_USBIF_FE_INTERFACE_DISCONNECT):
         break;
@@ -956,7 +956,7 @@
         break;
     case TYPE(CMSG_USBIF_BE, CMSG_USBIF_BE_CONNECT):
         P2C(usbif_be_connect_t, domid, domid_t);
-        P2C(usbif_be_connect_t, shmem_frame, memory_t);
+        P2C(usbif_be_connect_t, shmem_frame, unsigned long);
         P2C(usbif_be_connect_t, evtchn, u32);
         P2C(usbif_be_connect_t, bandwidth, u32);
         P2C(usbif_be_connect_t, status, u32);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py   Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/xend/XendDomainInfo.py   Fri Aug 19 18:19:28 2005
@@ -36,8 +36,10 @@
 from xen.xend.server import SrvDaemon; xend = SrvDaemon.instance()
 from xen.xend.server import messages
 from xen.xend.server.channel import EventChannel, channelFactory
+from xen.util.blkif import blkdev_name_to_number, expand_dev_name
 
 from xen.xend import sxp
+from xen.xend import Blkctl
 from xen.xend.PrettyPrint import prettyprintstring
 from xen.xend.XendBootloader import bootloader
 from xen.xend.XendLogging import log
@@ -380,6 +382,39 @@
         return ctrl
 
     def createDevice(self, type, devconfig, change=False):
+        if type == 'vbd':
+
+            backdom = domain_exists(sxp.child_value(devconfig, 'backend', '0'))
+
+            devnum = blkdev_name_to_number(sxp.child_value(devconfig, 'dev'))
+
+            # create backend db
+            backdb = backdom.db.addChild("/backend/%s/%s/%d" %
+                                         (type, self.uuid, devnum))
+
+            # create frontend db
+            db = self.db.addChild("/device/%s/%d" % (type, devnum))
+            
+            db['virtual-device'] = "%i" % devnum
+            #db['backend'] = sxp.child_value(devconfig, 'backend', '0')
+            db['backend'] = backdb.getPath()
+            db['backend-id'] = "%i" % int(sxp.child_value(devconfig,
+                                                          'backend', '0'))
+
+            backdb['frontend'] = db.getPath()
+            (type, params) = string.split(sxp.child_value(devconfig, 'uname'), 
':', 1)
+            node = Blkctl.block('bind', type, params)
+            backdb['frontend-id'] = "%i" % self.id
+            backdb['physical-device'] = "%li" % blkdev_name_to_number(node)
+            backdb.saveDB(save=True)
+
+            # Ok, super gross, this really doesn't belong in the frontend db...
+            db['type'] = type
+            db['node'] = node
+            db['params'] = params
+            db.saveDB(save=True)
+            
+            return
         ctrl = self.findDeviceController(type)
         return ctrl.createDevice(devconfig, recreate=self.recreate,
                                  change=change)
@@ -671,6 +706,16 @@
         for ctrl in self.getDeviceControllers():
             if ctrl.isDestroyed(): continue
             ctrl.destroyController(reboot=reboot)
+        ddb = self.db.addChild("/device")
+        for type in ddb.keys():
+            if type == 'vbd':
+                typedb = ddb.addChild(type)
+                for dev in typedb.keys():
+                    devdb = typedb.addChild(str(dev))
+                    Blkctl.block('unbind', devdb['type'].getData(),
+                                 devdb['node'].getData())
+                    typedb[dev].delete()
+                typedb.saveDB(save=True)
 
     def show(self):
         """Print virtual machine info.
@@ -926,6 +971,7 @@
         at creation time, for example when it uses NFS root.
 
         """
+        return
         blkif = self.getDeviceController("vbd", error=False)
         if not blkif:
             blkif = self.createDeviceController("vbd")
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/xend/server/event.py
--- a/tools/python/xen/xend/server/event.py     Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/xend/server/event.py     Fri Aug 19 18:19:28 2005
@@ -50,7 +50,7 @@
     def dataReceived(self, data):
         try:
             self.parser.input(data)
-            if self.parser.ready():
+            while(self.parser.ready()):
                 val = self.parser.get_val()
                 res = self.dispatch(val)
                 self.send_result(res)
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/xend/server/relocate.py
--- a/tools/python/xen/xend/server/relocate.py  Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/xend/server/relocate.py  Fri Aug 19 18:19:28 2005
@@ -42,7 +42,7 @@
     def dataReceived(self, data):
         try:
             self.parser.input(data)
-            if self.parser.ready():
+            while(self.parser.ready()):
                 val = self.parser.get_val()
                 res = self.dispatch(val)
                 self.send_result(res)
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/Makefile
--- a/tools/security/Makefile   Thu Aug 18 18:40:02 2005
+++ b/tools/security/Makefile   Fri Aug 19 18:19:28 2005
@@ -2,27 +2,71 @@
 include $(XEN_ROOT)/tools/Rules.mk
 
 SRCS     = secpol_tool.c
-CFLAGS   += -static
 CFLAGS   += -Wall
 CFLAGS   += -Werror
 CFLAGS   += -O3
 CFLAGS   += -fno-strict-aliasing
-CFLAGS   += -I.
+CFLAGS   += -I. -I/usr/include/libxml2
+CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs )
+#if above does not work, try  -L/usr/lib -lxml2 -lz -lpthread -lm
+XML2VERSION = $(shell xml2-config --version )
+VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else 
echo "-DVALIDATE_SCHEMA"; fi; )
 
+ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
+POLICY=null
+endif
+ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
+POLICY=chwall
+endif
+ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+POLICY=ste
+endif
+ifeq 
($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+POLICY=chwall_ste
+endif
+POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
+
+ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
 all: build
+
+install:all
+
+default:all
+else
+all:
+
+install:
+
+default:
+endif
+
 build: mk-symlinks
        $(MAKE) secpol_tool
+       $(MAKE) secpol_xml2bin
+       chmod 700 ./setlabel.sh
+       chmod 700 ./updategrub.sh
 
-default: all
-
-install: all
-
-secpol_tool : secpol_tool.c
+secpol_tool : secpol_tool.c secpol_compat.h
        $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
 
+secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h
+       $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ 
$<
+
 clean:
-       rm -rf secpol_tool xen
+       rm -rf secpol_tool secpol_xml2bin xen
 
+policy_clean:
+       rm -rf policies/*/*.bin policies/*/*.map
+
+mrproper: clean policy_clean
+
+
+$(POLICYFILE) : build
+       @./secpol_xml2bin $(POLICY) > /dev/null
+
+boot_install: $(POLICYFILE)
+       @cp $(POLICYFILE) /boot
+       @./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT)
 
 LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
 mk-symlinks:
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_tool.c
--- a/tools/security/secpol_tool.c      Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_tool.c      Fri Aug 19 18:19:28 2005
@@ -31,18 +31,8 @@
 #include <stdlib.h>
 #include <sys/ioctl.h>
 #include <string.h>
-#include <stdint.h>
 #include <netinet/in.h>
-
-typedef uint8_t u8;
-typedef uint16_t u16;
-typedef uint32_t u32;
-typedef uint64_t u64;
-typedef int8_t s8;
-typedef int16_t s16;
-typedef int32_t s32;
-typedef int64_t s64;
-
+#include "secpol_compat.h"
 #include <xen/acm.h>
 #include <xen/acm_ops.h>
 #include <xen/linux/privcmd.h>
@@ -270,171 +260,6 @@
     }
 }
 
-/*************************** set policy ****************************/
-
-int acm_domain_set_chwallpolicy(void *bufstart, int buflen)
-{
-#define CWALL_MAX_SSIDREFS             6
-#define CWALL_MAX_TYPES             10
-#define CWALL_MAX_CONFLICTSETS         2
-
-    struct acm_chwall_policy_buffer *chwall_bin_pol =
-        (struct acm_chwall_policy_buffer *) bufstart;
-    domaintype_t *ssidrefs, *conflicts;
-    int ret = 0;
-    int j;
-
-    chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES);
-    chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS);
-    chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
-    chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION);
-    chwall_bin_pol->chwall_ssid_offset =
-        htonl(sizeof(struct acm_chwall_policy_buffer));
-    chwall_bin_pol->chwall_max_conflictsets =
-        htonl(CWALL_MAX_CONFLICTSETS);
-    chwall_bin_pol->chwall_conflict_sets_offset =
-        htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) +
-              sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES);
-    chwall_bin_pol->chwall_running_types_offset = 0;    /* not set */
-    chwall_bin_pol->chwall_conflict_aggregate_offset = 0;       /* not set */
-    ret += sizeof(struct acm_chwall_policy_buffer);
-    /* now push example ssids into the buffer (max_ssidrefs x max_types 
entries) */
-    /* check buffer size */
-    if ((buflen - ret) <
-        (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)))
-        return -1;              /* not enough space */
-
-    ssidrefs = (domaintype_t *) (bufstart +
-                          ntohl(chwall_bin_pol->chwall_ssid_offset));
-    memset(ssidrefs, 0,
-           CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t));
-
-    /* now set type j-1 for ssidref i+1 */
-    for (j = 0; j <= CWALL_MAX_SSIDREFS; j++)
-        if ((0 < j) && (j <= CWALL_MAX_TYPES))
-            ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1);
-
-    ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t);
-    if ((buflen - ret) <
-        (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t)))
-        return -1;              /* not enough space */
-
-    /* now the chinese wall policy conflict sets */
-    conflicts = (domaintype_t *) (bufstart +
-                                  ntohl(chwall_bin_pol->
-                                        chwall_conflict_sets_offset));
-    memset((void *) conflicts, 0,
-           CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES *
-           sizeof(domaintype_t));
-    /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
-    if (CWALL_MAX_TYPES > 3)
-    {
-        conflicts[2] = htons(1);
-        conflicts[3] = htons(1);        /* {2,3} */
-        conflicts[CWALL_MAX_TYPES + 1] = htons(1);
-        conflicts[CWALL_MAX_TYPES + 5] = htons(1);
-        conflicts[CWALL_MAX_TYPES + 6] = htons(1);      /* {0,5,6} */
-    }
-    ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES;
-    return ret;
-}
-
-int acm_domain_set_stepolicy(void *bufstart, int buflen)
-{
-#define STE_MAX_SSIDREFS        6
-#define STE_MAX_TYPES                  5
-
-    struct acm_ste_policy_buffer *ste_bin_pol =
-        (struct acm_ste_policy_buffer *) bufstart;
-    domaintype_t *ssidrefs;
-    int j, ret = 0;
-
-    ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES);
-    ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS);
-    ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
-    ste_bin_pol->policy_version = htonl(ACM_STE_VERSION);
-    ste_bin_pol->ste_ssid_offset =
-        htonl(sizeof(struct acm_ste_policy_buffer));
-    ret += sizeof(struct acm_ste_policy_buffer);
-    /* check buffer size */
-    if ((buflen - ret) <
-        (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)))
-        return -1;              /* not enough space */
-
-    ssidrefs =
-        (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset));
-    memset(ssidrefs, 0,
-           STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t));
-    /* all types 1 for ssidref 1 */
-    for (j = 0; j < STE_MAX_TYPES; j++)
-        ssidrefs[1 * STE_MAX_TYPES + j] = htons(1);
-    /* now set type j-1 for ssidref j */
-    for (j = 0; j < STE_MAX_SSIDREFS; j++)
-        if ((0 < j) && (j <= STE_MAX_TYPES))
-            ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1);
-    ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t);
-    return ret;
-}
-
-#define MAX_PUSH_BUFFER        16384
-u8 push_buffer[MAX_PUSH_BUFFER];
-
-int acm_domain_setpolicy(int xc_handle)
-{
-    int ret;
-    struct acm_policy_buffer *bin_pol;
-    acm_op_t op;
-
-    /* future: read policy from file and set it */
-    bin_pol = (struct acm_policy_buffer *) push_buffer;
-    bin_pol->policy_version = htonl(ACM_POLICY_VERSION);
-    bin_pol->magic = htonl(ACM_MAGIC);
-    bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
-    bin_pol->secondary_policy_code =
-        htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
-
-    bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
-    bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
-    ret =
-        acm_domain_set_chwallpolicy(push_buffer +
-                                    ntohl(bin_pol->primary_buffer_offset),
-                                    MAX_PUSH_BUFFER -
-                                    ntohl(bin_pol->primary_buffer_offset));
-    if (ret < 0)
-    {
-        printf("ERROR creating chwallpolicy buffer.\n");
-        return -1;
-    }
-    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
-    bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
-    ret = acm_domain_set_stepolicy(push_buffer +
-                                 ntohl(bin_pol->secondary_buffer_offset),
-                                 MAX_PUSH_BUFFER -
-                                 ntohl(bin_pol->secondary_buffer_offset));
-    if (ret < 0)
-    {
-        printf("ERROR creating chwallpolicy buffer.\n");
-        return -1;
-    }
-    bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
-
-    /* dump it and then push it down into xen/acm */
-    acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
-
-    op.cmd = ACM_SETPOLICY;
-    op.interface_version = ACM_INTERFACE_VERSION;
-    op.u.setpolicy.pushcache = (void *) push_buffer;
-    op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
-    ret = do_acm_op(xc_handle, &op);
-
-    if (ret)
-        printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
-    else
-        printf("Successfully changed policy.\n");
-
-    return ret;
-}
-
 /******************************* get policy ******************************/
 
 #define PULL_CACHE_SIZE                8192
@@ -602,7 +427,6 @@
 void usage(char *progname)
 {
     printf("Use: %s \n"
-           "\t setpolicy\n"
            "\t getpolicy\n"
            "\t dumpstats\n"
            "\t loadpolicy <binary policy file>\n", progname);
@@ -623,12 +447,7 @@
         exit(-1);
     }
 
-    if (!strcmp(argv[1], "setpolicy"))
-    {
-        if (argc != 2)
-            usage(argv[0]);
-        ret = acm_domain_setpolicy(acm_cmd_fd);
-    } else if (!strcmp(argv[1], "getpolicy")) {
+    if (!strcmp(argv[1], "getpolicy")) {
         if (argc != 2)
             usage(argv[0]);
         ret = acm_domain_getpolicy(acm_cmd_fd);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/xentrace/xentrace.c
--- a/tools/xentrace/xentrace.c Thu Aug 18 18:40:02 2005
+++ b/tools/xentrace/xentrace.c Fri Aug 19 18:19:28 2005
@@ -95,13 +95,13 @@
 
 /**
  * get_tbufs - get pointer to and size of the trace buffers
- * @mach_addr: location to store machine address if the trace buffers to
- * @size:      location to store the size of a trace buffer to
+ * @mfn:  location to store mfn of the trace buffers to
+ * @size: location to store the size of a trace buffer to
  *
  * Gets the machine address of the trace pointer area and the size of the
  * per CPU buffers.
  */
-void get_tbufs(unsigned long *mach_addr, unsigned long *size)
+void get_tbufs(unsigned long *mfn, unsigned long *size)
 {
     int ret;
     dom0_op_t op;                        /* dom0 op we'll build             */
@@ -121,19 +121,19 @@
         exit(EXIT_FAILURE);
     }
 
-    *mach_addr = op.u.tbufcontrol.mach_addr;
-    *size      = op.u.tbufcontrol.size;
+    *mfn  = op.u.tbufcontrol.buffer_mfn;
+    *size = op.u.tbufcontrol.size;
 }
 
 /**
  * map_tbufs - memory map Xen trace buffers into user space
- * @tbufs:     machine address of the trace buffers
+ * @tbufs_mfn: mfn of the trace buffers
  * @num:       number of trace buffers to map
  * @size:      size of each trace buffer
  *
  * Maps the Xen trace buffers them into process address space.
  */
-struct t_buf *map_tbufs(unsigned long tbufs_mach, unsigned int num,
+struct t_buf *map_tbufs(unsigned long tbufs_mfn, unsigned int num,
                         unsigned long size)
 {
     int xc_handle;                  /* file descriptor for /proc/xen/privcmd */
@@ -149,7 +149,7 @@
 
     tbufs_mapped = xc_map_foreign_range(xc_handle, 0 /* Dom 0 ID */,
                                         size * num, PROT_READ,
-                                        tbufs_mach >> PAGE_SHIFT);
+                                        tbufs_mfn);
 
     xc_interface_close(xc_handle);
 
@@ -231,7 +231,7 @@
 
 /**
  * init_rec_ptrs - initialises data area pointers to locations in user space
- * @tbufs_mach:    machine base address of the trace buffer area
+ * @tbufs_mfn:     base mfn of the trace buffer area
  * @tbufs_mapped:  user virtual address of base of trace buffer area
  * @meta:          array of user-space pointers to struct t_buf's of metadata
  * @num:           number of trace buffers
@@ -240,7 +240,7 @@
  * mapped in user space.  Note that the trace buffer metadata contains machine
  * pointers - the array returned allows more convenient access to them.
  */
-struct t_rec **init_rec_ptrs(unsigned long tbufs_mach,
+struct t_rec **init_rec_ptrs(unsigned long tbufs_mfn,
                              struct t_buf *tbufs_mapped,
                              struct t_buf **meta,
                              unsigned int num)
@@ -256,7 +256,7 @@
     }
 
     for ( i = 0; i < num; i++ )
-        data[i] = (struct t_rec *)(meta[i]->rec_addr - tbufs_mach
+        data[i] = (struct t_rec *)(meta[i]->rec_addr - 
(tbufs_mfn<<XC_PAGE_SHIFT) /* XXX */
                                    + (unsigned long)tbufs_mapped);
 
     return data;
@@ -330,7 +330,7 @@
     struct t_rec **data;         /* pointers to the trace buffer data areas
                                   * where they are mapped into user space.   */
     unsigned long *cons;         /* store tail indexes for the trace buffers */
-    unsigned long tbufs_mach;    /* machine address of the tbufs             */
+    unsigned long tbufs_mfn;     /* mfn of the tbufs                         */
     unsigned int  num;           /* number of trace buffers / logical CPUS   */
     unsigned long size;          /* size of a single trace buffer            */
 
@@ -340,14 +340,14 @@
     num = get_num_cpus();
 
     /* setup access to trace buffers */
-    get_tbufs(&tbufs_mach, &size);
-    tbufs_mapped = map_tbufs(tbufs_mach, num, size);
+    get_tbufs(&tbufs_mfn, &size);
+    tbufs_mapped = map_tbufs(tbufs_mfn, num, size);
 
     size_in_recs = (size - sizeof(struct t_buf)) / sizeof(struct t_rec);
 
     /* build arrays of convenience ptrs */
     meta  = init_bufs_ptrs (tbufs_mapped, num, size);
-    data  = init_rec_ptrs  (tbufs_mach, tbufs_mapped, meta, num);
+    data  = init_rec_ptrs  (tbufs_mfn, tbufs_mapped, meta, num);
     cons  = init_tail_idxs (meta, num);
 
     /* now, scan buffers for events */
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/Rules.mk
--- a/xen/Rules.mk      Thu Aug 18 18:40:02 2005
+++ b/xen/Rules.mk      Fri Aug 19 18:19:28 2005
@@ -10,14 +10,6 @@
 optimize    ?= y
 domu_debug  ?= n
 crash_debug ?= n
-
-# ACM_USE_SECURITY_POLICY is set to security policy of Xen
-# Supported models are:
-#      ACM_NULL_POLICY (ACM will not be built with this policy)
-#      ACM_CHINESE_WALL_POLICY
-#      ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
-#      ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
-ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
 
 include $(BASEDIR)/../Config.mk
 
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c     Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/domain.c     Fri Aug 19 18:19:28 2005
@@ -217,8 +217,16 @@
     return xmalloc(struct vcpu);
 }
 
+/* We assume that vcpu 0 is always the last one to be freed in a
+   domain i.e. if v->vcpu_id == 0, the domain should be
+   single-processor. */
 void arch_free_vcpu_struct(struct vcpu *v)
 {
+    struct vcpu *p;
+    for_each_vcpu(v->domain, p) {
+        if (p->next_in_list == v)
+            p->next_in_list = v->next_in_list;
+    }
     xfree(v);
 }
 
@@ -403,7 +411,7 @@
     {
         if ( ((c->user_regs.cs & 3) == 0) ||
              ((c->user_regs.ss & 3) == 0) )
-                return -EINVAL;
+            return -EINVAL;
     }
 
     clear_bit(_VCPUF_fpu_initialised, &v->vcpu_flags);
@@ -457,7 +465,7 @@
         if ( !(c->flags & VGCF_VMX_GUEST) )
 #endif
             if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d, 
-                  PGT_base_page_table) )
+                                    PGT_base_page_table) )
                 return -EINVAL;
     }
 
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/domain_build.c
--- a/xen/arch/x86/domain_build.c       Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/domain_build.c       Fri Aug 19 18:19:28 2005
@@ -22,16 +22,28 @@
 #include <asm/i387.h>
 #include <asm/shadow.h>
 
-/* opt_dom0_mem: memory allocated to domain 0. */
-static unsigned int opt_dom0_mem;
+static long dom0_nrpages;
+
+/*
+ * dom0_mem:
+ *  If +ve:
+ *   * The specified amount of memory is allocated to domain 0.
+ *  If -ve:
+ *   * All of memory is allocated to domain 0, minus the specified amount.
+ *  If not specified: 
+ *   * All of memory is allocated to domain 0, minus 1/16th which is reserved
+ *     for uses such as DMA buffers (the reservation is clamped to 128MB).
+ */
 static void parse_dom0_mem(char *s)
 {
-    unsigned long long bytes = parse_size_and_unit(s);
-    /* If no unit is specified we default to kB units, not bytes. */
-    if ( isdigit(s[strlen(s)-1]) )
-        opt_dom0_mem = (unsigned int)bytes;
-    else
-        opt_dom0_mem = (unsigned int)(bytes >> 10);
+    unsigned long long bytes;
+    char *t = s;
+    if ( *s == '-' )
+        t++;
+    bytes = parse_size_and_unit(t);
+    dom0_nrpages = bytes >> PAGE_SHIFT;
+    if ( *s == '-' )
+        dom0_nrpages = -dom0_nrpages;
 }
 custom_param("dom0_mem", parse_dom0_mem);
 
@@ -137,12 +149,30 @@
 
     printk("*** LOADING DOMAIN 0 ***\n");
 
-    /* By default DOM0 is allocated all available memory. */
     d->max_pages = ~0U;
-    if ( (nr_pages = opt_dom0_mem >> (PAGE_SHIFT - 10)) == 0 )
+
+    /*
+     * If domain 0 allocation isn't specified, reserve 1/16th of available
+     * memory for things like DMA buffers. This reservation is clamped to 
+     * a maximum of 128MB.
+     */
+    if ( dom0_nrpages == 0 )
+    {
+        dom0_nrpages = avail_domheap_pages() +
+            ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
+            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT);
+        dom0_nrpages = min(dom0_nrpages / 16, 128L << (20 - PAGE_SHIFT));
+        dom0_nrpages = -dom0_nrpages;
+    }
+
+    /* Negative memory specification means "all memory - specified amount". */
+    if ( dom0_nrpages < 0 )
         nr_pages = avail_domheap_pages() +
             ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
-            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT);
+            ((image_len  + PAGE_SIZE - 1) >> PAGE_SHIFT) +
+            dom0_nrpages;
+    else
+        nr_pages = dom0_nrpages;
 
     if ( (rc = parseelfimage(&dsi)) != 0 )
         return rc;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/mm.c Fri Aug 19 18:19:28 2005
@@ -2633,14 +2633,16 @@
 
     if ( entries > FIRST_RESERVED_GDT_ENTRY )
         return -EINVAL;
-    
+
     shadow_sync_all(d);
 
     /* Check the pages in the new GDT. */
-    for ( i = 0; i < nr_pages; i++ )
-        if ( ((pfn = frames[i]) >= max_page) ||
-             !get_page_and_type(&frame_table[pfn], d, PGT_gdt_page) )
+    for ( i = 0; i < nr_pages; i++ ) {
+        pfn = frames[i];
+        if ((pfn >= max_page) ||
+            !get_page_and_type(&frame_table[pfn], d, PGT_gdt_page) )
             goto fail;
+    }
 
     /* Tear down the old GDT. */
     destroy_gdt(v);
@@ -2687,22 +2689,24 @@
 }
 
 
-long do_update_descriptor(unsigned long pa, u64 desc)
+long do_update_descriptor(u64 pa, u64 desc)
 {
     struct domain *dom = current->domain;
     unsigned long gpfn = pa >> PAGE_SHIFT;
     unsigned long mfn;
-    unsigned int  offset = (pa & ~PAGE_MASK) / sizeof(struct desc_struct);
+    unsigned int  offset;
     struct desc_struct *gdt_pent, d;
     struct pfn_info *page;
     long ret = -EINVAL;
 
+    offset = ((unsigned int)pa & ~PAGE_MASK) / sizeof(struct desc_struct);
+
     *(u64 *)&d = desc;
 
     LOCK_BIGLOCK(dom);
 
     if ( !VALID_MFN(mfn = __gpfn_to_mfn(dom, gpfn)) ||
-         ((pa % sizeof(struct desc_struct)) != 0) ||
+         (((unsigned int)pa % sizeof(struct desc_struct)) != 0) ||
          (mfn >= max_page) ||
          !check_descriptor(&d) )
     {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/physdev.c
--- a/xen/arch/x86/physdev.c    Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/physdev.c    Fri Aug 19 18:19:28 2005
@@ -106,7 +106,7 @@
              (op.u.set_iobitmap.nr_ports > 65536) )
             break;
         ret = 0;
-        current->arch.iobmp       = (u8 *)op.u.set_iobitmap.bitmap;
+        current->arch.iobmp       = op.u.set_iobitmap.bitmap;
         current->arch.iobmp_limit = op.u.set_iobitmap.nr_ports;
         break;
     default:
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/event_channel.c
--- a/xen/common/event_channel.c        Thu Aug 18 18:40:02 2005
+++ b/xen/common/event_channel.c        Fri Aug 19 18:19:28 2005
@@ -588,7 +588,6 @@
     long           rc = 0;
 
     if ( (vcpu >= MAX_VIRT_CPUS) || (d->vcpu[vcpu] == NULL) ) {
-        printf("vcpu %d bad.\n", vcpu);
         return -EINVAL;
     }
 
@@ -596,7 +595,6 @@
 
     if ( !port_is_valid(d, port) )
     {
-        printf("port %d bad.\n", port);
         rc = -EINVAL;
         goto out;
     }
@@ -610,7 +608,6 @@
         chn->notify_vcpu_id = vcpu;
         break;
     default:
-        printf("evtchn type %d can't be rebound.\n", chn->state);
         rc = -EINVAL;
         break;
     }
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/lib.c
--- a/xen/common/lib.c  Thu Aug 18 18:40:02 2005
+++ b/xen/common/lib.c  Fri Aug 19 18:19:28 2005
@@ -450,8 +450,10 @@
                ret <<= 10;
        case 'M': case 'm':
                ret <<= 10;
-       case 'K': case 'k':
+       case 'K': case 'k': default:
                ret <<= 10;
+       case 'B': case 'b':
+               break;
        }
 
        return ret;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/schedule.c
--- a/xen/common/schedule.c     Thu Aug 18 18:40:02 2005
+++ b/xen/common/schedule.c     Fri Aug 19 18:19:28 2005
@@ -38,6 +38,8 @@
 #include <xen/mm.h>
 #include <public/sched_ctl.h>
 
+extern void arch_getdomaininfo_ctxt(struct vcpu *,
+                                    struct vcpu_guest_context *);
 /* opt_sched: scheduler - default to SEDF */
 static char opt_sched[10] = "sedf";
 string_param("sched", opt_sched);
@@ -82,7 +84,8 @@
     int i;
 
     SCHED_OP(free_task, d);
-    for (i = 0; i < MAX_VIRT_CPUS; i++)
+    /* vcpu 0 has to be the last one destructed. */
+    for (i = MAX_VIRT_CPUS-1; i >= 0; i--)
         if ( d->vcpu[i] )
             arch_free_vcpu_struct(d->vcpu[i]);
 
@@ -295,10 +298,36 @@
     return 0;
 }
 
+static long do_vcpu_pickle(int vcpu, unsigned long arg)
+{
+    struct vcpu *v;
+    vcpu_guest_context_t *c;
+    int ret = 0;
+
+    if (vcpu >= MAX_VIRT_CPUS)
+        return -EINVAL;
+    v = current->domain->vcpu[vcpu];
+    if (!v)
+        return -ESRCH;
+    /* Don't pickle vcpus which are currently running */
+    if (!test_bit(_VCPUF_down, &v->vcpu_flags)) {
+        return -EBUSY;
+    }
+    c = xmalloc(vcpu_guest_context_t);
+    if (!c)
+        return -ENOMEM;
+    arch_getdomaininfo_ctxt(v, c);
+    if (copy_to_user((vcpu_guest_context_t *)arg,
+                     (const vcpu_guest_context_t *)c, sizeof(*c)))
+        ret = -EFAULT;
+    xfree(c);
+    return ret;
+}
+
 /*
  * Demultiplex scheduler-related hypercalls.
  */
-long do_sched_op(unsigned long op)
+long do_sched_op(unsigned long op, unsigned long arg)
 {
     long ret = 0;
 
@@ -332,6 +361,11 @@
     case SCHEDOP_vcpu_up:
     {
         ret = do_vcpu_up((int)(op >> SCHEDOP_vcpushift));
+        break;
+    }
+    case SCHEDOP_vcpu_pickle:
+    {
+        ret = do_vcpu_pickle((int)(op >> SCHEDOP_vcpushift), arg);
         break;
     }
 
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/trace.c
--- a/xen/common/trace.c        Thu Aug 18 18:40:02 2005
+++ b/xen/common/trace.c        Fri Aug 19 18:19:28 2005
@@ -113,10 +113,10 @@
     switch ( tbc->op)
     {
     case DOM0_TBUF_GET_INFO:
-        tbc->cpu_mask  = tb_cpu_mask;
-        tbc->evt_mask  = tb_event_mask;
-        tbc->mach_addr = __pa(t_bufs[0]);
-        tbc->size      = opt_tbuf_size * PAGE_SIZE;
+        tbc->cpu_mask   = tb_cpu_mask;
+        tbc->evt_mask   = tb_event_mask;
+        tbc->buffer_mfn = __pa(t_bufs[0]) >> PAGE_SHIFT;
+        tbc->size       = opt_tbuf_size * PAGE_SIZE;
         break;
     case DOM0_TBUF_SET_CPU_MASK:
         tb_cpu_mask = tbc->cpu_mask;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/arch-ia64.h
--- a/xen/include/public/arch-ia64.h    Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/arch-ia64.h    Fri Aug 19 18:19:28 2005
@@ -12,9 +12,6 @@
 #define MAX_VIRT_CPUS 1
 
 #ifndef __ASSEMBLY__
-
-/* NB. Both the following are 64 bits each. */
-typedef unsigned long memory_t;   /* Full-sized pointer/address/memory-size. */
 
 #define MAX_NR_SECTION  32  // at most 32 memory holes
 typedef struct {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/arch-x86_32.h
--- a/xen/include/public/arch-x86_32.h  Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/arch-x86_32.h  Fri Aug 19 18:19:28 2005
@@ -63,9 +63,6 @@
 
 #ifndef __ASSEMBLY__
 
-/* NB. Both the following are 32 bits each. */
-typedef unsigned long memory_t;   /* Full-sized pointer/address/memory-size. */
-
 /*
  * Send an array of these to HYPERVISOR_set_trap_table()
  */
@@ -74,10 +71,10 @@
 #define TI_SET_DPL(_ti,_dpl) ((_ti)->flags |= (_dpl))
 #define TI_SET_IF(_ti,_if)   ((_ti)->flags |= ((!!(_if))<<2))
 typedef struct trap_info {
-    u8       vector;  /* exception vector                              */
-    u8       flags;   /* 0-3: privilege level; 4: clear event enable?  */
-    u16      cs;      /* code selector                                 */
-    memory_t address; /* code address                                  */
+    u8       vector;       /* exception vector                              */
+    u8       flags;        /* 0-3: privilege level; 4: clear event enable?  */
+    u16      cs;           /* code selector                                 */
+    unsigned long address; /* code offset                                   */
 } trap_info_t;
 
 typedef struct cpu_user_regs {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/arch-x86_64.h
--- a/xen/include/public/arch-x86_64.h  Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/arch-x86_64.h  Fri Aug 19 18:19:28 2005
@@ -103,9 +103,6 @@
     /* Bottom of switch_to_user stack frame. */
 };
 
-/* NB. Both the following are 64 bits each. */
-typedef unsigned long memory_t;   /* Full-sized pointer/address/memory-size. */
-
 /*
  * Send an array of these to HYPERVISOR_set_trap_table().
  * N.B. As in x86/32 mode, the privilege level specifies which modes may enter
@@ -121,10 +118,10 @@
 #define TI_SET_DPL(_ti,_dpl) ((_ti)->flags |= (_dpl))
 #define TI_SET_IF(_ti,_if)   ((_ti)->flags |= ((!!(_if))<<2))
 typedef struct trap_info {
-    u8       vector;  /* exception vector                              */
-    u8       flags;   /* 0-3: privilege level; 4: clear event enable?  */
-    u16      cs;      /* code selector                                 */
-    memory_t address; /* code address                                  */
+    u8       vector;       /* exception vector                              */
+    u8       flags;        /* 0-3: privilege level; 4: clear event enable?  */
+    u16      cs;           /* code selector                                 */
+    unsigned long address; /* code offset                                   */
 } trap_info_t;
 
 typedef struct cpu_user_regs {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/dom0_ops.h
--- a/xen/include/public/dom0_ops.h     Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/dom0_ops.h     Fri Aug 19 18:19:28 2005
@@ -19,7 +19,7 @@
  * This makes sure that old versions of dom0 tools will stop working in a
  * well-defined way (rather than crashing the machine, for instance).
  */
-#define DOM0_INTERFACE_VERSION   0xAAAA100E
+#define DOM0_INTERFACE_VERSION   0xAAAA100F
 
 /************************************************************************/
 
@@ -27,10 +27,10 @@
 typedef struct {
     /* IN variables. */
     domid_t       domain;
-    memory_t      max_pfns;
+    unsigned long max_pfns;
     void         *buffer;
     /* OUT variables. */
-    memory_t      num_pfns;
+    unsigned long num_pfns;
 } dom0_getmemlist_t;
 
 #define DOM0_SCHEDCTL          6
@@ -83,9 +83,9 @@
 #define DOMFLAGS_SHUTDOWNMASK 255 /* DOMFLAGS_SHUTDOWN guest-supplied code.  */
 #define DOMFLAGS_SHUTDOWNSHIFT 16
     u32      flags;
-    memory_t tot_pages;
-    memory_t max_pages;
-    memory_t shared_info_frame;       /* MFN of shared_info struct */
+    unsigned long tot_pages;
+    unsigned long max_pages;
+    unsigned long shared_info_frame;       /* MFN of shared_info struct */
     u64      cpu_time;
     u32      n_vcpu;
     s32      vcpu_to_cpu[MAX_VIRT_CPUS];  /* current mapping   */
@@ -155,7 +155,7 @@
 
 typedef struct {
     /* IN variables. */
-    memory_t pfn;          /* Machine page frame number to query.       */
+    unsigned long pfn;     /* Machine page frame number to query.       */
     domid_t domain;        /* To which domain does the frame belong?    */
     /* OUT variables. */
     /* Is the page PINNED to a type? */
@@ -197,7 +197,7 @@
     unsigned long cpu_mask;
     u32           evt_mask;
     /* OUT variables */
-    memory_t mach_addr;
+    unsigned long buffer_mfn;
     u32      size;
 } dom0_tbufcontrol_t;
 
@@ -211,8 +211,8 @@
     u32      sockets_per_node;
     u32      nr_nodes;
     u32      cpu_khz;
-    memory_t total_pages;
-    memory_t free_pages;
+    unsigned long total_pages;
+    unsigned long free_pages;
 } dom0_physinfo_t;
 
 /*
@@ -252,7 +252,7 @@
     u32            op;
     unsigned long *dirty_bitmap; /* pointer to locked buffer */
     /* IN/OUT variables. */
-    memory_t       pages;        /* size of buffer, updated with actual size */
+    unsigned long  pages;        /* size of buffer, updated with actual size */
     /* OUT variables. */
     dom0_shadow_control_stats_t stats;
 } dom0_shadow_control_t;
@@ -260,15 +260,15 @@
 #define DOM0_SETDOMAINMAXMEM   28
 typedef struct {
     /* IN variables. */
-    domid_t     domain;
-    memory_t    max_memkb;
+    domid_t       domain;
+    unsigned long max_memkb;
 } dom0_setdomainmaxmem_t;
 
 #define DOM0_GETPAGEFRAMEINFO2 29   /* batched interface */
 typedef struct {
     /* IN variables. */
-    domid_t  domain;
-    memory_t num;
+    domid_t        domain;
+    unsigned long  num;
     /* IN/OUT variables. */
     unsigned long *array;
 } dom0_getpageframeinfo2_t;
@@ -283,12 +283,12 @@
 #define DOM0_ADD_MEMTYPE         31
 typedef struct {
     /* IN variables. */
-    memory_t pfn;
-    memory_t nr_pfns;
-    u32      type;
-    /* OUT variables. */
-    u32      handle;
-    u32      reg;
+    unsigned long pfn;
+    unsigned long nr_pfns;
+    u32           type;
+    /* OUT variables. */
+    u32           handle;
+    u32           reg;
 } dom0_add_memtype_t;
 
 /*
@@ -311,8 +311,8 @@
     /* IN variables. */
     u32      reg;
     /* OUT variables. */
-    memory_t pfn;
-    memory_t nr_pfns;
+    unsigned long pfn;
+    unsigned long nr_pfns;
     u32      type;
 } dom0_read_memtype_t;
 
@@ -361,10 +361,10 @@
 typedef struct {
     /* IN variables. */
     domid_t               first_domain;
-    memory_t              max_domains;
+    unsigned int          max_domains;
     dom0_getdomaininfo_t *buffer;
     /* OUT variables. */
-    memory_t              num_domains;
+    unsigned int          num_domains;
 } dom0_getdomaininfolist_t;
 
 #define DOM0_PLATFORM_QUIRK      39  
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/grant_table.h
--- a/xen/include/public/grant_table.h  Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/grant_table.h  Fri Aug 19 18:19:28 2005
@@ -153,13 +153,13 @@
 #define GNTTABOP_map_grant_ref        0
 typedef struct gnttab_map_grant_ref {
     /* IN parameters. */
-    memory_t    host_addr;
+    u64         host_addr;
     domid_t     dom;
     grant_ref_t ref;
     u16         flags;                /* GNTMAP_* */
     /* OUT parameters. */
     s16         handle;               /* +ve: handle; -ve: GNTST_* */
-    memory_t    dev_bus_addr;
+    u64         dev_bus_addr;
 } gnttab_map_grant_ref_t;
 
 /*
@@ -176,8 +176,8 @@
 #define GNTTABOP_unmap_grant_ref      1
 typedef struct gnttab_unmap_grant_ref {
     /* IN parameters. */
-    memory_t    host_addr;
-    memory_t    dev_bus_addr;
+    u64         host_addr;
+    u64         dev_bus_addr;
     u16         handle;
     /* OUT parameters. */
     s16         status;               /* GNTST_* */
@@ -223,7 +223,7 @@
  */
 #define GNTTABOP_donate                4
 typedef struct {
-    memory_t    mfn;                 /*  0 */
+    unsigned long mfn;               /*  0 */
     domid_t     domid;               /*  4 */
     u16         handle;               /*  8 */
     s16         status;               /*  10: GNTST_* */
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/io/blkif.h
--- a/xen/include/public/io/blkif.h     Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/io/blkif.h     Fri Aug 19 18:19:28 2005
@@ -18,7 +18,6 @@
 
 #define BLKIF_OP_READ      0
 #define BLKIF_OP_WRITE     1
-#define BLKIF_OP_PROBE     2
 
 /* NB. Ring size must be small enough for sizeof(blkif_ring_t) <= PAGE_SIZE. */
 #define BLKIF_RING_SIZE        64
@@ -33,7 +32,7 @@
 typedef struct blkif_request {
     u8             operation;    /* BLKIF_OP_???                         */
     u8             nr_segments;  /* number of segments                   */
-    blkif_vdev_t   device;       /* only for read/write requests         */
+    blkif_vdev_t   handle;       /* only for read/write requests         */
     unsigned long  id;           /* private guest value, echoed in resp  */
     blkif_sector_t sector_number;/* start sector idx on disk (r/w only)  */
     /* @f_a_s[4:0]=last_sect ; @f_a_s[9:5]=first_sect                        */
@@ -71,31 +70,8 @@
 
 DEFINE_RING_TYPES(blkif, blkif_request_t, blkif_response_t);
 
-/*
- * BLKIF_OP_PROBE:
- * The request format for a probe request is constrained as follows:
- *  @operation   == BLKIF_OP_PROBE
- *  @nr_segments == size of probe buffer in pages
- *  @device      == unused (zero)
- *  @id          == any value (echoed in response message)
- *  @sector_num  == unused (zero)
- *  @frame_and_sects == list of page-sized buffers.
- *                       (i.e., @first_sect == 0, @last_sect == 7).
- * 
- * The response is a list of vdisk_t elements copied into the out-of-band
- * probe buffer. On success the response status field contains the number
- * of vdisk_t elements.
- */
-
 #define VDISK_CDROM        0x1
 #define VDISK_REMOVABLE    0x2
 #define VDISK_READONLY     0x4
 
-typedef struct vdisk {
-    blkif_sector_t capacity;     /* Size in terms of 512-byte sectors.   */
-    blkif_vdev_t   device;       /* Device number (opaque 16 bit value). */
-    u16            info;         /* Device type and flags (VDISK_*).     */
-    u16            sector_size;  /* Minimum alignment for requests.      */
-} vdisk_t; /* 16 bytes */
-
 #endif /* __XEN_PUBLIC_IO_BLKIF_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/io/domain_controller.h
--- a/xen/include/public/io/domain_controller.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/io/domain_controller.h Fri Aug 19 18:19:28 2005
@@ -139,7 +139,7 @@
  */
 typedef struct blkif_fe_interface_connect {
     u32      handle;
-    memory_t shmem_frame;
+    unsigned long shmem_frame;
     int      shmem_ref;
 } blkif_fe_interface_connect_t;
 
@@ -249,7 +249,7 @@
     /* IN */
     domid_t    domid;         /* Domain attached to new interface.   */
     u32        blkif_handle;  /* Domain-specific interface handle.   */
-    memory_t   shmem_frame;   /* Page cont. shared comms window.     */
+    unsigned long shmem_frame;/* Page cont. shared comms window.     */
     int        shmem_ref;     /* Grant table reference.              */
     u32        evtchn;        /* Event channel for notifications.    */
     /* OUT */
@@ -364,11 +364,11 @@
  *  STATUS_CONNECTED message.
  */
 typedef struct netif_fe_interface_connect {
-    u32        handle;
-    memory_t   tx_shmem_frame; 
-    int        tx_shmem_ref;
-    memory_t   rx_shmem_frame;
-    int        rx_shmem_ref;
+    u32           handle;
+    unsigned long tx_shmem_frame; 
+    int           tx_shmem_ref;
+    unsigned long rx_shmem_frame;
+    int           rx_shmem_ref;
 } netif_fe_interface_connect_t;
 
 /*
@@ -486,13 +486,13 @@
  */
 typedef struct netif_be_connect { 
     /* IN */
-    domid_t    domid;          /* Domain attached to new interface.   */
-    u32        netif_handle;   /* Domain-specific interface handle.   */
-    memory_t   tx_shmem_frame; /* Page cont. tx shared comms window.  */
-    int        tx_shmem_ref;   /* Grant reference for above           */
-    memory_t   rx_shmem_frame; /* Page cont. rx shared comms window.  */
-    int        rx_shmem_ref;   /* Grant reference for above           */
-    u16        evtchn;         /* Event channel for notifications.    */
+    domid_t    domid;            /* Domain attached to new interface.   */
+    u32        netif_handle;     /* Domain-specific interface handle.   */
+    unsigned long tx_shmem_frame;/* Page cont. tx shared comms window.  */
+    int        tx_shmem_ref;     /* Grant reference for above           */
+    unsigned long rx_shmem_frame;/* Page cont. rx shared comms window.  */
+    int        rx_shmem_ref;     /* Grant reference for above           */
+    u16        evtchn;           /* Event channel for notifications.    */
     /* OUT */
     u32        status;
 } netif_be_connect_t;
@@ -577,7 +577,7 @@
  *  STATUS_CONNECTED message.
  */
 typedef struct usbif_fe_interface_connect {
-    memory_t shmem_frame;
+    unsigned long shmem_frame;
 } usbif_fe_interface_connect_t;
 
 /*
@@ -660,7 +660,7 @@
 typedef struct usbif_be_connect { 
     /* IN */
     domid_t    domid;         /* Domain attached to new interface.   */
-    memory_t   shmem_frame;   /* Page cont. shared comms window.     */
+    unsigned long shmem_frame;/* Page cont. shared comms window.     */
     u32        evtchn;        /* Event channel for notifications.    */
     u32        bandwidth;     /* Bandwidth allocated for isoch / int - us
                                * per 1ms frame (ie between 0 and 900 or 800
@@ -780,7 +780,7 @@
 #define PDB_CONNECTION_STATUS_UP   1
 #define PDB_CONNECTION_STATUS_DOWN 2
     u32      status;
-    memory_t ring;       /* status: UP */
+    unsigned long ring;  /* status: UP */
     u32      evtchn;     /* status: UP */
 } pdb_connection_t, *pdb_connection_p;
 
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/io/netif.h
--- a/xen/include/public/io/netif.h     Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/io/netif.h     Fri Aug 19 18:19:28 2005
@@ -10,7 +10,7 @@
 #define __XEN_PUBLIC_IO_NETIF_H__
 
 typedef struct netif_tx_request {
-    memory_t addr;   /* Machine address of packet.  */
+    unsigned long addr;   /* Machine address of packet.  */
     u16      csum_blank:1; /* Proto csum field blank?   */
     u16      id:15;  /* Echoed in response message. */
     u16      size;   /* Packet size in bytes.       */
@@ -32,7 +32,7 @@
 #ifdef CONFIG_XEN_NETDEV_GRANT_TX
     u32      addr;   /*  0: Offset in page of start of received packet  */
 #else
-    memory_t addr;   /* Machine address of packet.              */
+    unsigned long addr; /* Machine address of packet.              */
 #endif
     u16      csum_valid:1; /* Protocol checksum is validated?       */
     u16      id:15;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/physdev.h
--- a/xen/include/public/physdev.h      Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/physdev.h      Fri Aug 19 18:19:28 2005
@@ -27,8 +27,8 @@
 
 typedef struct physdevop_set_iobitmap {
     /* IN */
-    memory_t bitmap;
-    u32      nr_ports;
+    char *bitmap;
+    u32   nr_ports;
 } physdevop_set_iobitmap_t;
 
 typedef struct physdevop_apic {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/xen.h
--- a/xen/include/public/xen.h  Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/xen.h  Fri Aug 19 18:19:28 2005
@@ -171,9 +171,9 @@
     unsigned int cmd;
     union {
         /* [UN]PIN_TABLE, NEW_BASEPTR, NEW_USER_BASEPTR, REASSIGN_PAGE */
-        memory_t mfn;
+        unsigned long mfn;
         /* INVLPG_LOCAL, INVLPG_ALL, SET_LDT */
-        memory_t linear_addr;
+        unsigned long linear_addr;
     };
     union {
         /* SET_LDT */
@@ -203,6 +203,7 @@
 #define SCHEDOP_shutdown        2   /* Stop executing this domain.        */
 #define SCHEDOP_vcpu_down       3   /* make target VCPU not-runnable.     */
 #define SCHEDOP_vcpu_up         4   /* make target VCPU runnable.         */
+#define SCHEDOP_vcpu_pickle     5   /* save a vcpu's context to memory.   */
 #define SCHEDOP_cmdmask       255   /* 8-bit command. */
 #define SCHEDOP_reasonshift     8   /* 8-bit reason code. (SCHEDOP_shutdown) */
 #define SCHEDOP_vcpushift       8   /* 8-bit VCPU target. (SCHEDOP_up|down) */
@@ -437,18 +438,18 @@
 #define MAX_GUEST_CMDLINE 1024
 typedef struct start_info {
     /* THE FOLLOWING ARE FILLED IN BOTH ON INITIAL BOOT AND ON RESUME.    */
-    memory_t nr_pages;        /* Total pages allocated to this domain.    */
-    memory_t shared_info;     /* MACHINE address of shared info struct.   */
+    unsigned long nr_pages;   /* Total pages allocated to this domain.    */
+    unsigned long shared_info;/* MACHINE address of shared info struct.   */
     u32      flags;           /* SIF_xxx flags.                           */
     u16      domain_controller_evtchn;
     /* THE FOLLOWING ARE ONLY FILLED IN ON INITIAL BOOT (NOT RESUME).     */
-    memory_t pt_base;         /* VIRTUAL address of page directory.       */
-    memory_t nr_pt_frames;    /* Number of bootstrap p.t. frames.         */
-    memory_t mfn_list;        /* VIRTUAL address of page-frame list.      */
-    memory_t mod_start;       /* VIRTUAL address of pre-loaded module.    */
-    memory_t mod_len;         /* Size (bytes) of pre-loaded module.       */
+    unsigned long pt_base;    /* VIRTUAL address of page directory.       */
+    unsigned long nr_pt_frames;/* Number of bootstrap p.t. frames.        */
+    unsigned long mfn_list;   /* VIRTUAL address of page-frame list.      */
+    unsigned long mod_start;  /* VIRTUAL address of pre-loaded module.    */
+    unsigned long mod_len;    /* Size (bytes) of pre-loaded module.       */
     s8 cmd_line[MAX_GUEST_CMDLINE];
-    memory_t store_mfn;       /* MACHINE page number of shared page.      */
+    unsigned long store_mfn;  /* MACHINE page number of shared page.      */
     u16      store_evtchn;    /* Event channel for store communication.   */
 } start_info_t;
 
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/arch/xen/i386/kernel/init_task.c
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/init_task.c     Fri Aug 19 
18:19:28 2005
@@ -0,0 +1,49 @@
+#include <linux/mm.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/init.h>
+#include <linux/init_task.h>
+#include <linux/fs.h>
+#include <linux/mqueue.h>
+
+#include <asm/uaccess.h>
+#include <asm/pgtable.h>
+#include <asm/desc.h>
+
+static struct fs_struct init_fs = INIT_FS;
+static struct files_struct init_files = INIT_FILES;
+static struct signal_struct init_signals = INIT_SIGNALS(init_signals);
+static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand);
+
+#define swapper_pg_dir ((pgd_t *)NULL)
+struct mm_struct init_mm = INIT_MM(init_mm);
+#undef swapper_pg_dir
+
+EXPORT_SYMBOL(init_mm);
+
+/*
+ * Initial thread structure.
+ *
+ * We need to make sure that this is THREAD_SIZE aligned due to the
+ * way process stacks are handled. This is done by having a special
+ * "init_task" linker map entry..
+ */
+union thread_union init_thread_union 
+       __attribute__((__section__(".data.init_task"))) =
+               { INIT_THREAD_INFO(init_task) };
+
+/*
+ * Initial task structure.
+ *
+ * All other task structs will be allocated on slabs in fork.c
+ */
+struct task_struct init_task = INIT_TASK(init_task);
+
+EXPORT_SYMBOL(init_task);
+
+/*
+ * per-CPU TSS segments. Threads are completely 'soft' on Linux,
+ * no more per-task TSS's.
+ */ 
+DEFINE_PER_CPU(struct tss_struct, init_tss) ____cacheline_maxaligned_in_smp = 
INIT_TSS;
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c Fri Aug 19 18:19:28 2005
@@ -0,0 +1,308 @@
+/*  Xenbus code for blkif backend
+    Copyright (C) 2005 Rusty Russell <rusty@xxxxxxxxxxxxxxx>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*/
+#include <stdarg.h>
+#include <linux/module.h>
+#include <asm-xen/xenbus.h>
+#include "common.h"
+
+struct backend_info
+{
+       struct xenbus_device *dev;
+
+       /* our communications channel */
+       blkif_t *blkif;
+       struct vbd *vbd;
+
+       long int frontend_id;
+       long int pdev;
+       long int readonly;
+
+       /* watch back end for changes */
+       struct xenbus_watch backend_watch;
+
+       /* watch front end for changes */
+       struct xenbus_watch watch;
+       char *frontpath;
+};
+
+static int blkback_remove(struct xenbus_device *dev)
+{
+       struct backend_info *be = dev->data;
+
+       if (be->watch.node)
+               unregister_xenbus_watch(&be->watch);
+       unregister_xenbus_watch(&be->backend_watch);
+       if (be->vbd)
+               vbd_free(be->blkif, be->vbd);
+       if (be->blkif)
+               blkif_put(be->blkif);
+       if (be->frontpath)
+               kfree(be->frontpath);
+       kfree(be);
+       return 0;
+}
+
+/* Front end tells us frame. */
+static void frontend_changed(struct xenbus_watch *watch, const char *node)
+{
+       unsigned long sharedmfn;
+       unsigned int evtchn;
+       int err;
+       struct backend_info *be
+               = container_of(watch, struct backend_info, watch);
+
+       /* If other end is gone, delete ourself. */
+       if (!xenbus_exists(be->frontpath, "")) {
+               xenbus_rm(be->dev->nodename, "");
+               device_unregister(&be->dev->dev);
+               return;
+       }
+       if (vbd_is_active(be->vbd))
+               return;
+
+#ifndef CONFIG_XEN_BLKDEV_GRANT
+       err = xenbus_gather(be->frontpath, "shared-frame", "%lu", &sharedmfn,
+                           "event-channel", "%u", &evtchn, NULL);
+       if (err) {
+               xenbus_dev_error(be->dev, err, 
+                                "reading %s/shared-frame and event-channel",
+                                be->frontpath);
+               return;
+       }
+#else
+       err = xenbus_gather(be->frontpath, "grant-id", "%lu", &sharedmfn,
+                           "event-channel", "%u", &evtchn, NULL);
+       if (err) {
+               xenbus_dev_error(be->dev, err, 
+                                "reading %s/grant-id and event-channel",
+                                be->frontpath);
+               return;
+       }
+#endif
+
+       /* Domains must use same shared frame for all vbds. */
+       if (be->blkif->status == CONNECTED &&
+           (evtchn != be->blkif->remote_evtchn ||
+            sharedmfn != be->blkif->shmem_frame)) {
+               xenbus_dev_error(be->dev, err,
+                                "Shared frame/evtchn %li/%u not same as"
+                                " old %li/%u",
+                                sharedmfn, evtchn,
+                                be->blkif->shmem_frame,
+                                be->blkif->remote_evtchn);
+               return;
+       }
+
+       /* Supply the information about the device the frontend needs */
+       err = xenbus_transaction_start(be->dev->nodename);
+       if (err) {
+               xenbus_dev_error(be->dev, err, "starting transaction");
+               return;
+       }
+
+       err = xenbus_printf(be->dev->nodename, "sectors", "%lu",
+                           vbd_size(be->vbd));
+       if (err) {
+               xenbus_dev_error(be->dev, err, "writing %s/sectors",
+                                be->dev->nodename);
+               goto abort;
+       }
+
+       /* FIXME: use a typename instead */
+       err = xenbus_printf(be->dev->nodename, "info", "%u",
+                           vbd_info(be->vbd));
+       if (err) {
+               xenbus_dev_error(be->dev, err, "writing %s/info",
+                                be->dev->nodename);
+               goto abort;
+       }
+       err = xenbus_printf(be->dev->nodename, "sector-size", "%lu",
+                           vbd_secsize(be->vbd));
+       if (err) {
+               xenbus_dev_error(be->dev, err, "writing %s/sector-size",
+                                be->dev->nodename);
+               goto abort;
+       }
+
+       /* First vbd?  We need to map the shared frame, irq etc. */
+       if (be->blkif->status != CONNECTED) {
+               err = blkif_map(be->blkif, sharedmfn, evtchn);
+               if (err) {
+                       xenbus_dev_error(be->dev, err,
+                                        "mapping shared-frame %lu port %u",
+                                        sharedmfn, evtchn);
+                       goto abort;
+               }
+       }
+
+       /* We're ready, activate. */
+       vbd_activate(be->blkif, be->vbd);
+
+       xenbus_transaction_end(0);
+       xenbus_dev_ok(be->dev);
+
+       return;
+
+abort:
+       xenbus_transaction_end(1);
+}
+
+/* 
+   Setup supplies physical device.  
+   We provide event channel and device details to front end.
+   Frontend supplies shared frame and event channel.
+ */
+static void backend_changed(struct xenbus_watch *watch, const char *node)
+{
+       int err;
+       char *p;
+       char *frontend;
+       long int handle, pdev;
+       struct backend_info *be
+               = container_of(watch, struct backend_info, backend_watch);
+       struct xenbus_device *dev = be->dev;
+
+       frontend = NULL;
+       err = xenbus_gather(dev->nodename,
+                           "frontend-id", "%li", &be->frontend_id,
+                           "frontend", NULL, &frontend,
+                           NULL);
+       if (err == -ENOENT || err == -ERANGE ||
+           strlen(frontend) == 0 || !xenbus_exists(frontend, "")) {
+               if (frontend)
+                       kfree(frontend);
+               /* If we can't get a frontend path and a frontend-id,
+                * then our bus-id is no longer valid and we need to
+                * destroy the backend device.
+                */
+               goto device_fail;
+       }
+
+       if (!be->frontpath || strcmp(frontend, be->frontpath)) {
+               if (be->watch.node)
+                       unregister_xenbus_watch(&be->watch);
+               if (be->frontpath)
+                       kfree(be->frontpath);
+               be->frontpath = frontend;
+               be->watch.node = be->frontpath;
+               be->watch.callback = frontend_changed;
+               err = register_xenbus_watch(&be->watch);
+               if (err) {
+                       be->watch.node = NULL;
+                       goto device_fail;
+               }
+       } else
+               kfree(frontend);
+
+       err = xenbus_scanf(dev->nodename, "physical-device", "%li", &pdev);
+       if (err == -ENOENT || err == -ERANGE)
+               goto out;
+       if (err < 0) {
+               xenbus_dev_error(dev, err, "Reading physical-device");
+               goto device_fail;
+       }
+       if (be->pdev && be->pdev != pdev) {
+               printk(KERN_WARNING
+                      "changing physical-device not supported\n");
+               goto device_fail;
+       }
+       be->pdev = pdev;
+
+       /* If there's a read-only node, we're read only. */
+       p = xenbus_read(dev->nodename, "read-only", NULL);
+       if (!IS_ERR(p)) {
+               be->readonly = 1;
+               kfree(p);
+       }
+
+       if (be->blkif == NULL) {
+               /* Front end dir is a number, which is used as the handle. */
+               p = strrchr(be->frontpath, '/') + 1;
+               handle = simple_strtoul(p, NULL, 0);
+
+               be->blkif = blkif_find(be->frontend_id);
+               if (IS_ERR(be->blkif)) {
+                       err = PTR_ERR(be->blkif);
+                       be->blkif = NULL;
+                       goto device_fail;
+               }
+
+               be->vbd = vbd_create(be->blkif, handle, be->pdev,
+                                    be->readonly);
+               if (IS_ERR(be->vbd)) {
+                       err = PTR_ERR(be->vbd);
+                       be->vbd = NULL;
+                       goto device_fail;
+               }
+
+               frontend_changed(&be->watch, be->frontpath);
+       }
+
+       return;
+
+ device_fail:
+       device_unregister(&be->dev->dev);
+ out:
+       return;
+}
+
+static int blkback_probe(struct xenbus_device *dev,
+                        const struct xenbus_device_id *id)
+{
+       struct backend_info *be;
+       int err;
+
+       be = kmalloc(sizeof(*be), GFP_KERNEL);
+       if (!be)
+               return -ENOMEM;
+
+       memset(be, 0, sizeof(*be));
+
+       be->dev = dev;
+       be->backend_watch.node = dev->nodename;
+       be->backend_watch.callback = backend_changed;
+       err = register_xenbus_watch(&be->backend_watch);
+       if (err)
+               goto free_be;
+
+       dev->data = be;
+
+       backend_changed(&be->backend_watch, dev->nodename);
+       return err;
+ free_be:
+       kfree(be);
+       return err;
+}
+
+static struct xenbus_device_id blkback_ids[] = {
+       { "vbd" },
+       { "" }
+};
+
+static struct xenbus_driver blkback = {
+       .name = "vbd",
+       .owner = THIS_MODULE,
+       .ids = blkback_ids,
+       .probe = blkback_probe,
+       .remove = blkback_remove,
+};
+
+void blkif_xenbus_init(void)
+{
+       xenbus_register_backend(&blkback);
+}
diff -r 99914b54f7bf -r 81576d3d1ca8 
patches/linux-2.6.12/workaround_double_br_del_if.patch
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/patches/linux-2.6.12/workaround_double_br_del_if.patch    Fri Aug 19 
18:19:28 2005
@@ -0,0 +1,11 @@
+--- linux-2.6.12/net/bridge/br_if.c    2005-06-17 14:48:29.000000000 -0500
++++ linux-2.6.12-xen0-smp/net/bridge/br_if.c   2005-08-18 15:17:27.302615846 
-0500
+@@ -382,7 +382,7 @@
+ {
+       struct net_bridge_port *p = dev->br_port;
+       
+-      if (!p || p->br != br) 
++      if (!p || p->br != br || p->state == BR_STATE_DISABLED)
+               return -EINVAL;
+ 
+       br_sysfs_removeif(p);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/example.txt
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/example.txt        Fri Aug 19 18:19:28 2005
@@ -0,0 +1,269 @@
+##
+# example.txt <description to the xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file introduces into the tools to manage policies
+# and to label domains and resources.
+##
+
+We will show how to install and use the chwall_ste policy.
+Other policies work similarly. Feedback welcome!
+
+
+
+1. Using secpol_xml2bin to translate the chwall_ste policy:
+===========================================================
+
+#tools/security/secpol_xml2bin chwall_ste
+
+Successful execution should print:
+
+    [root@laptopxn security]# ./secpol_xml2bin chwall_ste
+    Validating label file 
policies/chwall_ste/chwall_ste-security_label_template.xml...
+    XML Schema policies/security_policy.xsd valid.
+    Validating policy file 
policies/chwall_ste/chwall_ste-security_policy.xml...
+    XML Schema policies/security_policy.xsd valid.
+    Creating ssid mappings ...
+    Creating label mappings ...
+    Max chwall labels:  7
+    Max chwall-types:   4
+    Max chwall-ssids:   5
+    Max ste labels:     14
+    Max ste-types:      6
+    Max ste-ssids:      10
+
+The tool looks in directory policies/chwall_ste for
+the label and policy files.
+
+The default policy directory structure under tools/security looks like:
+
+policies
+|-- security_policy.xsd
+|-- chwall
+|   |-- chwall-security_label_template.xml
+|   `-- chwall-security_policy.xml
+|-- chwall_ste
+|   |-- chwall_ste-security_label_template.xml
+|   `-- chwall_ste-security_policy.xml
+|-- null
+|   |-- null-security_label_template.xml
+|   `-- null-security_policy.xml
+`-- ste
+    |-- ste-security_label_template.xml
+    `-- ste-security_policy.xml
+
+policies/security_policy.xsd contains the schema against which both the
+label-template and the policy files must validate during translation.
+
+policies/chwall_ste/chwall_ste-security_policy.xml defines the
+policies and the types known to the policies.
+
+policies/chwall_ste/chwall_ste-security_label_template.xml contains
+label definitions that group chwall and ste types together and make
+them easier to use for users
+
+After executing the above secpol_xml2bin command, you will find 2 new
+files in the policies/chwall_ste sub-directory:
+
+policies/chwall_ste/chwall_ste.map ... this file includes the mapping
+of names from the xml files into their binary code representation.
+
+policies/chwall_ste/chwall_ste.bin ... this is the binary policy file,
+the result of parsing the xml files and using the mapping to extract a
+binary version that can be loaded into the hypervisor.
+
+
+
+2. Loading and activating the policy:
+=====================================
+
+We assume that xen is already configured to use the chwall_ste policy;
+please refer to install.txt for instructions.
+
+To activate the policy from the command line (assuming that the
+currently established policy is the minimal boot-policy that is
+hard-coded into the hypervisor:
+
+# ./secpol_tool loadpolicy policies/chwall_ste/chwall_ste.bin
+
+To activate the policy at next reboot:
+
+# cp policies/chwall_ste/chwall_ste.bin /boot
+
+Add a module line to your /boot/grub/grub.conf Xen entry.
+My boot entry with chwall_ste enabled looks like this:
+
+    title Xen (2.6.12)
+        root (hd0,5)
+        kernel /boot/xen.gz dom0_mem=1200000 console=vga
+        module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb
+        module /boot/initrd-2.6.12-xen0.img
+        module /boot/chwall_ste.bin
+
+This tells the grub boot-loader to load the binary policy, which
+the hypervisor will recognize. The hypervisor will then establish
+this binary policy during boot instead of the minimal policy that
+is hardcoded as default.
+
+If you have any trouble here, maks sure you have the access control
+framework enabled (see: install.txt).
+
+
+
+3. Labeling domains:
+====================
+
+a) Labeling Domain0:
+
+The chwall_ste-security_label_template.xml file includes an attribute
+"bootstrap", which is set to the label name that will be assigned to
+Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0).
+
+b) Labeling User Domains:
+
+Use the script tools/security/setlabel.sh to choose a label and to
+assign labels to user domains.
+
+To show available labels for the chwall_ste policy:
+
+#tools/security/setlabel.sh -l
+
+lists all available labels. For the default chwall_ste it should print
+the following:
+
+    [root@laptopxn security]# ./setlabel.sh -l chwall_ste
+    The following labels are available:
+    dom_SystemManagement
+    dom_HomeBanking
+    dom_Fun
+    dom_BoincClient
+    dom_StorageDomain
+    dom_NetworkDomain
+
+You need to have compiled the policy beforehand so that a .map file
+exists. Setlabel.sh uses the mapping file created throughout the
+policy translation to translate a user-friendly label string into a
+ssidref-number that is eventually used by the Xen hypervisor.
+
+We distinguish two kinds of labels: a) VM labels (for domains) and RES
+Labels (for resources). We are currently working on support for
+resource labeling but will focus here on VM labels.
+
+Setlabel.sh only prints VM labels (which we have prefixed with "dom_")
+since only those are used at this time.
+
+If you would like to assign the dom_HomeBanking label to one of your
+user domains (which you hopefully keep clean), look at an example
+domain configuration homebanking.xm:
+
+    #------HOMEBANKING---------
+    kernel = "/boot/vmlinuz-2.6.12-xenU"
+    ramdisk="/boot/U1_ramdisk.img"
+    memory = 65
+    name = "test34"
+    cpu = -1   # leave to Xen to pick
+    # Number of network interfaces. Default is 1.
+    nics=1
+    dhcp="dhcp"
+    #-------------------------
+
+Now we label this domain
+
+[root@laptopxn security]# ./setlabel.sh homebanking.xm dom_HomeBanking 
chwall_ste
+Mapped label 'dom_HomeBanking' to ssidref '0x00020002'.
+
+The domain configuration my look now like:
+
+    [root@laptopxn security]# cat homebanking.xm
+    #------HOMEBANKING---------
+    kernel = "/boot/vmlinuz-2.6.12-xenU"
+    ramdisk="/boot/U1_ramdisk.img"
+    memory = 65
+    name = "test34"
+    cpu = -1   # leave to Xen to pick
+    # Number of network interfaces. Default is 1.
+    nics=1
+    dhcp="dhcp"
+    #-------------------------
+    #ACM_POLICY=chwall_ste-security_policy.xml
+    #ACM_LABEL=dom_HomeBanking
+    ssidref = 0x00020002
+
+You can see 3 new entries, two of which are comments.  The only value
+that the hypervisor cares about is the ssidref that will reference
+those types assigned to this label. You can look them up in the
+xml label-template file for the chwall_ste policy.
+
+This script will eventually move into the domain management and will
+be called when the domain is instantiated. For now, the setlabel
+script must be run on domains whenever the policy files change since
+the mapping between label names and ssidrefs can change in this case.
+
+
+4. Starting a labeled domain
+============================
+
+Now, start the domain:
+    #xm create -c homebanking.xm
+
+
+If you label another domain configuration as dom_Fun and try to start
+it afterwards, its start will fail. Why?
+
+Because the running homebanking domain has the chinese wall type
+"cw_Sensitive". The new domain dom_Fun has the chinese wall label
+"cw_Distrusted". This domain is not allowed to run simultaneously
+because of the defined conflict set
+
+                       <conflictset name="Protection1">
+                               <type>cw_Sensitive</type>
+                               <type>cw_Distrusted</type>
+                       </conflictset>
+
+(in policies/chwall_ste/chwall_ste-security_policy.xml), which says
+that only one of the types cw_sensitive and cw_Distrusted can run at a
+time.
+
+If you save or shutdown the HomeBanking domain, you will be able to
+start the "Fun" domain. You can look into the Xen log to see if a
+domain was denied to start because of the access control framework
+with the command 'xm dmesg'.
+
+It is important (and usually non-trivial) to define the labels in a
+way that the semantics of the labels are enforced and supported by the
+types and the conflict sets.
+
+Note: While the chinese wall policy enforcement is complete, the type
+enforcement is currently enforced in the Xen hypervisor
+only. Therefore, only point-to-point sharing with regard to the type
+enforcement is currently controlled. We are working on enhancements to
+Dom0 that enforce types also for network traffic that is routed
+through Dom0 and on the enforcement of resource labeling when binding
+resources to domains (e.g., enforcing types between domains and
+hardware resources, such as disk partitions).
+
+
+4. Adding your own policies
+===========================
+
+Writing your own policy (e.g. "mypolicy") requires the following:
+
+a) the policy definition (types etc.) file
+b) the label template definition (labels etc.) file
+
+If your policy name is "mypolicy", you need to create a
+subdirectory mypolicy in tools/security/policies.
+
+Then you create
+tools/security/policies/mypolicy/mypolicy-security_policy.xml and
+tools/security/policies/mypolicy/mypolicy-security_label_template.xml.
+
+You need to keep to the schema as defined in
+tools/security/security_policy.xsd since the translation tool
+secpol_xml2bin is written against this schema.
+
+If you keep to the security policy schema, then you can use all the
+tools described above. Refer to install.txt to install it.
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/install.txt
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/install.txt        Fri Aug 19 18:19:28 2005
@@ -0,0 +1,67 @@
+##
+# install.txt <description to the xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file shows how to activate and install the access control
+# framework.
+##
+
+
+INSTALLING A SECURITY POLICY IN XEN
+===================================
+
+By default, the access control architecture is disabled in Xen. To
+enable the access control architecture in Xen follow the steps below.
+This description assumes that you want to install the Chinese Wall and
+Simple Type Enforcement policy. Some file names need to be replaced
+below to activate the Chinese Wall OR the Type Enforcement policy
+exclusively (chwall_ste --> {chwall, ste}).
+
+1. enable access control in Xen
+       # cd "xen_root"
+       # edit/xemacs/vi Config.mk
+
+       change the line:
+       ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+
+       to:
+       ACM_USE_SECURITY_POLICY ?= 
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+
+       # make all
+       # ./install.sh
+
+2. compile the policy from xml to a binary format that can be loaded
+   into the hypervisor for enforcement
+       # cd tools/security
+       # make
+
+       manual steps (alternative to make boot_install):
+       #./secpol_xml2bin chwall_ste
+       #cp policies/chwall_ste/chwall_ste.bin /boot
+       #edit /boot/grub/grub.conf
+        add the follwoing line to your xen boot entry:
+       "module chwall_ste.bin"
+
+       alternatively, you can try our automatic translation and
+       installation of the policy:
+       # make boot_install
+
+       [we try hard to do the right thing to the right boot entry but
+        please verify boot entry in /boot/grub/grub.conf afterwards;
+        your xen boot entry should have an additional module line
+        specifying a chwall_ste.bin file with the correct directory
+        (e.g. "/" or "/boot").]
+
+
+3. reboot into the newly compiled hypervisor
+
+        after boot
+       #xm dmesg should show an entry about the policy being loaded
+            during the boot process
+
+        #tools/security/secpol_tool getpolicy
+            should print the new chwall_ste binary policy representation
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/chwall/chwall-security_label_template.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall/chwall-security_label_template.xml Fri Aug 
19 18:19:28 2005
@@ -0,0 +1,76 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--              This file defines the security labels, which can  -->
+<!--              be attached to Domains and resources. Based on    -->
+<!--              these labels, the access control module decides   -->
+<!--              about sharing between Domains and about access    -->
+<!--              of Domains to real resources.                     -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+   <LabelHeader>
+      <Name>chwall-security_label_template</Name>
+      <Date>2005-08-10</Date>
+      <PolicyName>
+         <Url>chwall-security_policy.xml</Url>
+         <Reference>abcdef123456abcdef</Reference>
+      </PolicyName>
+   </LabelHeader>
+
+   <SubjectLabels bootstrap="dom_SystemManagement">
+      <!-- single ste typed domains            -->
+      <!-- ACM enforces that only domains with -->
+      <!-- the same type can share information -->
+      <!--                                     -->
+      <!-- Bootstrap label is assigned to Dom0 -->
+      <VirtualMachineLabel>
+       <Name>dom_HomeBanking</Name>
+         <ChineseWallTypes>
+            <Type>cw_Sensitive</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+       <Name>dom_Fun</Name>
+         <ChineseWallTypes>
+            <Type>cw_Distrusted</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- donating some cycles to seti@home -->
+       <Name>dom_BoincClient</Name>
+         <ChineseWallTypes>
+            <Type>cw_Isolated</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <!-- Domains with multiple ste types services; such domains   -->
+      <!-- must keep the types inside their domain safely confined. -->
+      <VirtualMachineLabel>
+       <Name>dom_SystemManagement</Name>
+         <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- serves persistent storage to other domains -->
+       <Name>dom_StorageDomain</Name>
+         <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- serves network access to other domains -->
+       <Name>dom_NetworkDomain</Name>
+         <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+   </SubjectLabels>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/chwall/chwall-security_policy.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall/chwall-security_policy.xml Fri Aug 19 
18:19:28 2005
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+               <Name>chwall-security_policy</Name>
+               <Date>2005-08-10</Date>
+</PolicyHeader>
+<!--                                             -->
+<!-- example of a chinese wall type definition   -->
+<!-- along with its conflict sets                -->
+<!-- (typse in a confict set are exclusive, i.e. -->
+<!--  once a Domain with one type of a set is    -->
+<!--  running, no other Domain with another type -->
+<!--  of the same conflict set can start.)       -->
+       <ChineseWall priority="PrimaryPolicyComponent">
+        <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+            <Type>cw_Sensitive</Type>
+            <Type>cw_Isolated</Type>
+            <Type>cw_Distrusted</Type>
+        </ChineseWallTypes>
+
+        <ConflictSets>
+        <Conflict name="Protection1">
+            <Type>cw_Sensitive</Type>
+            <Type>cw_Distrusted</Type>
+        </Conflict>
+        </ConflictSets>
+       </ChineseWall>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml 
Fri Aug 19 18:19:28 2005
@@ -0,0 +1,167 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--              This file defines the security labels, which can  -->
+<!--              be attached to Domains and resources. Based on    -->
+<!--              these labels, the access control module decides   -->
+<!--              about sharing between Domains and about access    -->
+<!--              of Domains to real resources.                     -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+   <LabelHeader>
+      <Name>chwall_ste-security_label_template</Name>
+      <Date>2005-08-10</Date>
+      <PolicyName>
+         <Url>chwall_ste-security_policy.xml</Url>
+         <Reference>abcdef123456abcdef</Reference>
+      </PolicyName>
+   </LabelHeader>
+
+   <SubjectLabels bootstrap="dom_SystemManagement">
+      <!-- single ste typed domains            -->
+      <!-- ACM enforces that only domains with -->
+      <!-- the same type can share information -->
+      <!--                                     -->
+      <!-- Bootstrap label is assigned to Dom0 -->
+      <VirtualMachineLabel>
+       <Name>dom_HomeBanking</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersonalFinances</Type>
+         </SimpleTypeEnforcementTypes>
+
+         <ChineseWallTypes>
+            <Type>cw_Sensitive</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+       <Name>dom_Fun</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_InternetInsecure</Type>
+         </SimpleTypeEnforcementTypes>
+
+         <ChineseWallTypes>
+            <Type>cw_Distrusted</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- donating some cycles to seti@home -->
+       <Name>dom_BoincClient</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_DonatedCycles</Type>
+         </SimpleTypeEnforcementTypes>
+
+         <ChineseWallTypes>
+            <Type>cw_Isolated</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <!-- Domains with multiple ste types services; such domains   -->
+      <!-- must keep the types inside their domain safely confined. -->
+      <VirtualMachineLabel>
+       <Name>dom_SystemManagement</Name>
+         <SimpleTypeEnforcementTypes>
+            <!-- since dom0 needs access to every domain and -->
+            <!-- resource right now ... -->
+            <Type>ste_SystemManagement</Type>
+            <Type>ste_PersonalFinances</Type>
+            <Type>ste_InternetInsecure</Type>
+            <Type>ste_DonatedCycles</Type>
+            <Type>ste_PersistentStorageA</Type>
+            <Type>ste_NetworkAdapter0</Type>
+         </SimpleTypeEnforcementTypes>
+
+         <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- serves persistent storage to other domains -->
+       <Name>dom_StorageDomain</Name>
+         <SimpleTypeEnforcementTypes>
+            <!-- access right to the resource (hard drive a) -->
+            <Type>ste_PersistentStorageA</Type>
+            <!-- can serve following types -->
+            <Type>ste_PersonalFinances</Type>
+            <Type>ste_InternetInsecure</Type>
+         </SimpleTypeEnforcementTypes>
+
+         <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- serves network access to other domains -->
+       <Name>dom_NetworkDomain</Name>
+         <SimpleTypeEnforcementTypes>
+            <!-- access right to the resource (ethernet card) -->
+            <Type>ste_NetworkAdapter0</Type>
+            <!-- can serve following types -->
+            <Type>ste_PersonalFinances</Type>
+            <Type>ste_InternetInsecure</Type>
+            <Type>ste_DonatedCycles</Type>
+         </SimpleTypeEnforcementTypes>
+
+         <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+         </ChineseWallTypes>
+      </VirtualMachineLabel>
+   </SubjectLabels>
+
+   <ObjectLabels>
+      <ResourceLabel>
+       <Name>res_ManagementResource</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_SystemManagement</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_HardDrive (hda)</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersistentStorageA</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_LogicalDiskPartition1 (hda1)</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersonalFinances</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_LogicalDiskPartition2 (hda2)</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_InternetInsecure</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_EthernetCard</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_NetworkAdapter0</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_SecurityToken</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersonalFinances</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_GraphicsAdapter</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_SystemManagement</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+   </ObjectLabels>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/chwall_ste/chwall_ste-security_policy.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml Fri Aug 
19 18:19:28 2005
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+               <Name>chwall_ste-security_policy</Name>
+               <Date>2005-08-10</Date>
+</PolicyHeader>
+<!--                                                        -->
+<!-- example of a simple type enforcement policy definition -->
+<!--                                                        -->
+       <SimpleTypeEnforcement>
+        <SimpleTypeEnforcementTypes>
+            <Type>ste_SystemManagement</Type>   <!-- machine/security 
management -->
+            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
+            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
+            <Type>ste_DonatedCycles</Type>      <!-- donation to 
BOINC/seti@home -->
+            <Type>ste_PersistentStorageA</Type> <!-- domain managing the 
harddrive A-->
+            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain 
managing ethernet adapter 0-->
+        </SimpleTypeEnforcementTypes>
+       </SimpleTypeEnforcement>
+<!--                                             -->
+<!-- example of a chinese wall type definition   -->
+<!-- along with its conflict sets                -->
+<!-- (typse in a confict set are exclusive, i.e. -->
+<!--  once a Domain with one type of a set is    -->
+<!--  running, no other Domain with another type -->
+<!--  of the same conflict set can start.)       -->
+       <ChineseWall priority="PrimaryPolicyComponent">
+        <ChineseWallTypes>
+            <Type>cw_SystemManagement</Type>
+            <Type>cw_Sensitive</Type>
+            <Type>cw_Isolated</Type>
+            <Type>cw_Distrusted</Type>
+        </ChineseWallTypes>
+
+        <ConflictSets>
+        <Conflict name="Protection1">
+            <Type>cw_Sensitive</Type>
+            <Type>cw_Distrusted</Type>
+        </Conflict>
+        </ConflictSets>
+       </ChineseWall>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/null/null-security_label_template.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/null/null-security_label_template.xml     Fri Aug 
19 18:19:28 2005
@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--              This file defines the security labels, which can  -->
+<!--              be attached to Domains and resources. Based on    -->
+<!--              these labels, the access control module decides   -->
+<!--              about sharing between Domains and about access    -->
+<!--              of Domains to real resources.                     -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+   <LabelHeader>
+      <Name>null-security_label_template</Name>
+
+      <Date>2005-08-10</Date>
+      <PolicyName>
+         <Url>null-security_policy.xml</Url>
+
+         <Reference>abcdef123456abcdef</Reference>
+      </PolicyName>
+   </LabelHeader>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/null/null-security_policy.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/null/null-security_policy.xml     Fri Aug 19 
18:19:28 2005
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+               <Name>null-security_policy</Name>
+               <Date>2005-08-10</Date>
+</PolicyHeader>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/policies/security_policy.xsd
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/security_policy.xsd       Fri Aug 19 18:19:28 2005
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
+<!--         This file defines the schema, which is used to define -->
+<!--         the security policy and the security labels in Xe.    -->
+
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
targetNamespace="http://www.ibm.com"; xmlns="http://www.ibm.com"; 
elementFormDefault="qualified">
+       <xsd:element name="SecurityPolicyDefinition">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="PolicyHeader" minOccurs="0" 
maxOccurs="1"></xsd:element>
+                               <xsd:element ref="SimpleTypeEnforcement" 
minOccurs="0" maxOccurs="1"></xsd:element>
+                               <xsd:element ref="ChineseWall" minOccurs="0" 
maxOccurs="1"></xsd:element>
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="SecurityLabelTemplate">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="LabelHeader" minOccurs="1" 
maxOccurs="1"></xsd:element>
+                               <xsd:element name="SubjectLabels" minOccurs="0" 
maxOccurs="1">
+                                       <xsd:complexType>
+                                               <xsd:sequence>
+                                                       <xsd:element 
ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+                                               </xsd:sequence>
+                                               <xsd:attribute name="bootstrap" 
type="xsd:string" use="required"></xsd:attribute>
+                                       </xsd:complexType>
+                               </xsd:element>
+                               <xsd:element name="ObjectLabels" minOccurs="0" 
maxOccurs="1">
+                                       <xsd:complexType>
+                                               <xsd:sequence>
+                                                       <xsd:element 
ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+                                               </xsd:sequence>
+                                       </xsd:complexType>
+                               </xsd:element>
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="PolicyHeader">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="Name" minOccurs="1" 
maxOccurs="1" />
+                               <xsd:element ref="Date" minOccurs="1" 
maxOccurs="1" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="LabelHeader">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="Name"></xsd:element>
+                               <xsd:element ref="Date" minOccurs="1" 
maxOccurs="1"></xsd:element>
+                               <xsd:element ref="PolicyName" minOccurs="1" 
maxOccurs="1"></xsd:element>
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="SimpleTypeEnforcement">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="SimpleTypeEnforcementTypes" />
+                       </xsd:sequence>
+                       <xsd:attribute name="priority" type="PolicyOrder" 
use="optional"></xsd:attribute>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="ChineseWall">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="ChineseWallTypes" />
+                               <xsd:element ref="ConflictSets" />
+                       </xsd:sequence>
+                       <xsd:attribute name="priority" type="PolicyOrder" 
use="optional"></xsd:attribute>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="ChineseWallTypes">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Type" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="ConflictSets">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Conflict" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="SimpleTypeEnforcementTypes">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Type" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="Conflict">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element maxOccurs="unbounded" 
minOccurs="1" ref="Type" />
+                       </xsd:sequence>
+                       <xsd:attribute name="name" type="xsd:string" 
use="optional"></xsd:attribute>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="VirtualMachineLabel">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="Name"></xsd:element>
+                               <xsd:element ref="SimpleTypeEnforcementTypes" 
minOccurs="0" maxOccurs="unbounded" />
+                               <xsd:element ref="ChineseWallTypes" 
minOccurs="0" maxOccurs="unbounded" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="ResourceLabel">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="Name"></xsd:element>
+                               <xsd:element ref="SimpleTypeEnforcementTypes" 
minOccurs="0" maxOccurs="unbounded" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="PolicyName">
+               <xsd:complexType>
+                       <xsd:sequence>
+                               <xsd:element ref="Url" />
+                               <xsd:element ref="Reference" />
+                       </xsd:sequence>
+               </xsd:complexType>
+       </xsd:element>
+       <xsd:element name="Date" type="xsd:string" />
+       <xsd:element name="Name" type="xsd:string" />
+       <xsd:element name="Type" type="xsd:string" />
+       <xsd:element name="Reference" type="xsd:string" />
+       <xsd:element name="Url"></xsd:element>
+
+       <xsd:simpleType name="PolicyOrder">
+               <xsd:restriction base="xsd:string">
+                       <xsd:enumeration 
value="PrimaryPolicyComponent"></xsd:enumeration>
+               </xsd:restriction>
+       </xsd:simpleType>
+
+</xsd:schema>
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/ste/ste-security_label_template.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/ste/ste-security_label_template.xml       Fri Aug 
19 18:19:28 2005
@@ -0,0 +1,143 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--              This file defines the security labels, which can  -->
+<!--              be attached to Domains and resources. Based on    -->
+<!--              these labels, the access control module decides   -->
+<!--              about sharing between Domains and about access    -->
+<!--              of Domains to real resources.                     -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+   <LabelHeader>
+      <Name>ste-security_label_template</Name>
+      <Date>2005-08-10</Date>
+      <PolicyName>
+         <Url>ste-security_policy.xml</Url>
+         <Reference>abcdef123456abcdef</Reference>
+      </PolicyName>
+   </LabelHeader>
+
+   <SubjectLabels bootstrap="dom_SystemManagement">
+      <!-- single ste typed domains            -->
+      <!-- ACM enforces that only domains with -->
+      <!-- the same type can share information -->
+      <!--                                     -->
+      <!-- Bootstrap label is assigned to Dom0 -->
+      <VirtualMachineLabel>
+       <Name>dom_HomeBanking</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersonalFinances</Type>
+         </SimpleTypeEnforcementTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+       <Name>dom_Fun</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_InternetInsecure</Type>
+         </SimpleTypeEnforcementTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- donating some cycles to seti@home -->
+       <Name>dom_BoincClient</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_DonatedCycles</Type>
+         </SimpleTypeEnforcementTypes>
+      </VirtualMachineLabel>
+
+      <!-- Domains with multiple ste types services; such domains   -->
+      <!-- must keep the types inside their domain safely confined. -->
+      <VirtualMachineLabel>
+       <Name>dom_SystemManagement</Name>
+         <SimpleTypeEnforcementTypes>
+            <!-- since dom0 needs access to every domain and -->
+            <!-- resource right now ... -->
+            <Type>ste_SystemManagement</Type>
+            <Type>ste_PersonalFinances</Type>
+            <Type>ste_InternetInsecure</Type>
+            <Type>ste_DonatedCycles</Type>
+            <Type>ste_PersistentStorageA</Type>
+            <Type>ste_NetworkAdapter0</Type>
+         </SimpleTypeEnforcementTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- serves persistent storage to other domains -->
+       <Name>dom_StorageDomain</Name>
+         <SimpleTypeEnforcementTypes>
+            <!-- access right to the resource (hard drive a) -->
+            <Type>ste_PersistentStorageA</Type>
+            <!-- can serve following types -->
+            <Type>ste_PersonalFinances</Type>
+            <Type>ste_InternetInsecure</Type>
+         </SimpleTypeEnforcementTypes>
+      </VirtualMachineLabel>
+
+      <VirtualMachineLabel>
+        <!-- serves network access to other domains -->
+       <Name>dom_NetworkDomain</Name>
+         <SimpleTypeEnforcementTypes>
+            <!-- access right to the resource (ethernet card) -->
+            <Type>ste_NetworkAdapter0</Type>
+            <!-- can serve following types -->
+            <Type>ste_PersonalFinances</Type>
+            <Type>ste_InternetInsecure</Type>
+            <Type>ste_DonatedCycles</Type>
+         </SimpleTypeEnforcementTypes>
+      </VirtualMachineLabel>
+   </SubjectLabels>
+
+   <ObjectLabels>
+      <ResourceLabel>
+       <Name>res_ManagementResource</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_SystemManagement</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_HardDrive (hda)</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersistentStorageA</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_LogicalDiskPartition1 (hda1)</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersonalFinances</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_LogicalDiskPartition2 (hda2)</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_InternetInsecure</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_EthernetCard</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_NetworkAdapter0</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_SecurityToken</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_PersonalFinances</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+
+      <ResourceLabel>
+       <Name>res_GraphicsAdapter</Name>
+         <SimpleTypeEnforcementTypes>
+            <Type>ste_SystemManagement</Type>
+         </SimpleTypeEnforcementTypes>
+      </ResourceLabel>
+   </ObjectLabels>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/security/policies/ste/ste-security_policy.xml
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/ste/ste-security_policy.xml       Fri Aug 19 
18:19:28 2005
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com  -->
+<!--             This file defines the security policies, which     -->
+<!--             can be enforced by the Xen Access Control Module.  -->
+<!--             Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+               <Name>ste-security_policy</Name>
+               <Date>2005-08-10</Date>
+</PolicyHeader>
+<!--                                                        -->
+<!-- example of a simple type enforcement policy definition -->
+<!--                                                        -->
+       <SimpleTypeEnforcement>
+        <SimpleTypeEnforcementTypes>
+            <Type>ste_SystemManagement</Type>   <!-- machine/security 
management -->
+            <Type>ste_PersonalFinances</Type>   <!-- personal finances -->
+            <Type>ste_InternetInsecure</Type>   <!-- games, active X, etc. -->
+            <Type>ste_DonatedCycles</Type>      <!-- donation to 
BOINC/seti@home -->
+            <Type>ste_PersistentStorageA</Type> <!-- domain managing the 
harddrive A-->
+            <Type>ste_NetworkAdapter0</Type>    <!-- type of the domain 
managing ethernet adapter 0-->
+        </SimpleTypeEnforcementTypes>
+       </SimpleTypeEnforcement>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/policy.txt
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/policy.txt Fri Aug 19 18:19:28 2005
@@ -0,0 +1,405 @@
+##
+# policy.txt <description to the Xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file gives an overview of the security policies currently
+# provided and also gives some reasoning about how to assign
+# labels to domains.
+##
+
+Xen access control policies
+
+
+General explanation of supported security policies:
+=====================================================
+
+We have implemented the mandatory access control architecture of our
+hypervisor security architecture (sHype) for the Xen hypervisor. It
+controls communication (in Xen: event channels, grant tables) between
+Virtual Machines (from here on called domains) and through this the
+virtual block devices, networking, and shared memory are implemented
+on top of these communication means. While we have implemented the
+described policies and access control architecture for other
+hypervisor systems, we will describe below specifically its
+implementation and use in the Xen hypervisor. The policy enforcement
+is called mandatory regarding user domains since the policy it is
+given by the security administration and enforced independently of the
+user domains by the Xen hypervisor in cooperation with the domain
+management.
+
+The access control architecture consists of three parts:
+
+i) The access control policy determines the "command set" of the ACM
+and the hooks with which they can be configured to constrain the
+sharing of virtual resources. The current access control architecture
+implemented for Xen supports two policies: Chinese Wall and Simple
+Type Enforcement, which we describe in turn below.
+
+
+ii) The actually enforced policy instantiation uses the policy
+language (i) to configure the Xen access control in a way that suits
+the specific application (home desktop environment, company desktop,
+Web server system, etc.). We have defined an exemplary policy
+instantiation for Chinese Wall (chwall policy) and Simple Type
+Enforcement (ste policy) for a desktop system. We offer these policies
+in combination since they are controlling orthogonal events.
+
+
+iii) The access control module (ACM) and related hooks are part of the
+core hypervisor and their controls cannot be bypassed by domains. The
+ACM and hooks are the active security components. We refer to
+publications that describe how access control is enforced in the Xen
+hypervisor using the ACM (access decision) and the hooks (decision
+enforcement) inserted into the setup of event channels and grant
+tables, and into domain operations (create, destroy, save, restore,
+migrate). These controls decide based on the active policy
+configuration (see i. and ii.) if the operation proceeds of if the
+operation is aborted (denied).
+
+
+In general, security policy instantiations in the Xen access control
+framework are defined by two files:
+
+a) a single "policy-name"-security_policy.xml file that defines the
+types known to the ACM and policy rules based on these types
+
+b) a single "policy-name"-security_label_template.xml file that
+defines labels based on known types
+
+Every security policy has its own sub-directory under
+"Xen-root"/tools/security/policies in order to simplify their
+management and the security policy tools. We will describe those files
+for our example policy (Chinese Wall and Simple Type Enforcement) in
+more detail as we go along. Eventually, we will move towards a system
+installation where the policies will reside under /etc.
+
+
+CHINESE WALL
+============
+
+The Chinese Wall policy enables the user to define "which workloads
+(domain payloads) cannot run on a single physical system at the same
+time". Why would we want to prevent workloads from running at the same
+time on the same system? This supports requirements that can (but
+don't have to) be rooted in the measure of trust into the isolation of
+different domains that share the same hardware. Since the access
+control architecture aims at high performance and non-intrusive
+implementation, it currently does not address covert (timing) channels
+and aims at medium assurance. Users can apply the Chinese Wall policy
+to guarantee an air-gap between very sensitive payloads both regarding
+covert information channels and regarding resource starvation.
+
+To enable the CW control, each domain is labeled with a set of Chinese
+Wall types and CW Conflict Sets are defined which include those CW
+types that cannot run simultaneously on the same hardware. This
+interpretation of conflict sets is the only policy rule for the Chines
+Wall policy.
+
+This is enforced by controlling the start of domains according to
+their assigned CW worload types. Domains with Chinese Wall types that
+appear in a common conflict set are running mutually exclusive on a
+platform, i.e., once a domain with one of the cw-types of a conflict
+set is running, no domain with another cw-type of the same conflict
+set can start until the first domain is destroyed, paused, or migrated
+away from the physical system (this assumes that such a partition can
+no longer be observed). The idea is to assign cw-types according to
+the type of payload that a domain runs and to use the Chinese Wall
+policy to ensure that payload types can be differentiated by the
+hypervisor and can be prevented from being executed on the same system
+at the same time. Using the flexible CW policy maintains system
+consolidation and workload-balancing while introducing guaranteed
+constraints where necessary.
+
+
+Example of a Chinese Wall Policy Instantiation
+----------------------------------------------
+
+The file chwall-security_policy.xml defines the Chinese Wall types as
+well as the conflict sets for our example policy (you find it in the
+directory "xen_root"/tools/security/policies/chwall).
+
+It defines four Chinese Wall types (prefixed with cw_) with the
+following meaning:
+
+* cw_SystemsManagement is a type identifying workloads for systems
+management, e.g., domain management, device management, or hypervisor
+management.
+
+* cw_Sensitive is identifying workloads that are critical to the user
+for one reason or another.
+
+* cw_Distrusted is identifying workloads a user does not have much
+confidence in. E.g. a domain used for surfing in the internet without
+protection( i.e., active-X, java, java-script, executing web content)
+or for (Internet) Games should be typed this way.
+
+* cw_Isolated is identifying workloads that are supposedly isolated by
+use of the type enforcement policy (described below). For example, if
+a user wants to donate cycles to seti@home, she can setup a separate
+domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable
+this domain from accessing the hard drive and from communicating to
+other local domains, and type it as cw_Isolated. We will look at a
+specific example later.
+
+The example policy uses the defined types to define one conflict set:
+Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells
+the hypervisor that once a domain typed as cw_Sensitive is running, a
+domain typed as cw_Distrusted cannot run concurrently (and the other
+way round). With this policy, a domain typed as cw_Isolated is allowed
+to run simultaneously with domains tagged as cw_Sensitive.
+
+Consequently, the access control module in the Xen hypervisor
+distinguishes in this example policy 4 different workload types in
+this example policy. It is the user's responsibility to type the
+domains in a way that reflects the workloads of these domains and, in
+the case of cw_Isolated, its properties, e.g. by configuring the
+sharing capabilities of the domain accordingly by using the simple
+type enforcement policy.
+
+Users can define their own or change the existing example policy
+according to their working environment and security requirements. To
+do so, replace the file chwall-security_policy.xml with the new
+policy.
+
+
+SIMPLE TYPE ENFORCEMENT
+=======================
+
+The file ste-security_policy.xml defines the simple type enforcement
+types for our example policy (you find it in the directory
+"xen_root"/tools/security/policies/ste). The Simple Type Enforcement
+policy defines which domains can share information with which other
+domains. To this end, it controls
+
+i) inter-domain communication channels (e.g., network traffic, events,
+and shared memory).
+
+ii) access of domains to physical resources (e.g., hard drive, network
+cards, graphics adapter, keyboard).
+
+In order to enable the hypervisor to distinguish different domains and
+the user to express access rules, the simple type enforcement defines
+a set of types (ste_types).
+
+The policy defines that communication between domains is allowed if
+the domains share a common STE type. As with the chwall types, STE
+types should enable the differentiation of workloads. The simple type
+enforcement access control implementation in the hypervisor enforces
+that domains can only communicate (setup event channels, grant tables)
+if they share a common type, i.e., both domains have assigned at least
+on type in common. A domain can access a resource, if the domain and
+the resource share a common type. Hence, assigning STE types to
+domains and resources allows users to define constraints on sharing
+between domains and to keep sensitive data confined from distrusted
+domains.
+
+Domain <--> Domain Sharing
+''''''''''''''''''''''''''
+(implemented but its effective use requires factorization of Dom0)
+
+a) Domains with a single STE type (general user domains): Sharing
+between such domains is enforced entirely by the hypervisor access
+control. It is independent of the domains and does not require their
+co-operation.
+
+b) Domains with multiple STE types: One example is a domain that
+virtualizes a physical resource (e.g., hard drive) and serves it as
+multiple virtual resources (virtual block drives) to other domains of
+different types. The idea is that only a specific device domain has
+assigned the type required to access the physical hard-drive. Logical
+drives are then assigned the types of domains that have access to this
+logical drive. Since the Xen hypervisor cannot distinguish between the
+logical drives, the access control (type enforcement) is delegated to
+the device domain, which has access to the types of domains requesting
+to mount a logical drive as well as the types assigned to the
+different available logical drives.
+
+Currently in Xen, Dom0 controls all hardware, needs to communicate
+with all domains during their setup, and intercepts all communication
+between domains. Consequently, Dom0 needs to be assigned all types
+used and must be completely trusted to maintain the separation of
+informatio ncoming from domains with different STE types. Thus a
+refactoring of Dom0 is recommended for stronger confinement
+guarantees.
+
+Domain --> RESOURCES Access
+'''''''''''''''''''''''''''
+(current work)
+
+We define for each resource that we want to distinguish a separate STE
+type. Each STE type is assigned to the respective resource and to
+those domains that are allowed to access this resource. Type
+enforcement will guarantee that other domains cannot access this
+resource since they don't share the resource's STE type.
+
+Since in the current implementation of Xen, Dom0 controls access to
+all hardware (e.g., disk drives, network), Domain-->Resource access
+control enforcement must be implemented in Dom0. This is possible
+since Dom0 has access to both the domain configuration (including the
+domain STE types) and the resource configuration (including the
+resource STE types).
+
+For purposes of gaining higher assurance in the resulting system, it
+may be desirable to reduce the size of dom0 by adding one or more
+"device domains" (DDs). These DDs, e.g. providing storage or network
+access, can support one or more physical devices, and manage
+enforcement of MAC policy relevant for said devices. Security benefits
+come from the smaller size of these DDs, as they can be more easily
+audited than monolithic device driver domains. DDs can help to obtain
+maximum security benefit from sHype.
+
+
+Example of a Simple Type Enforcement Policy Instantiation
+---------------------------------------------------------
+
+We define the following types:
+
+* ste_SystemManagement identifies workloads (and domains that runs
+them) that must share information to accomplish the management of the
+system
+
+* ste_PersonalFinances identifies workloads that are related to
+sensitive programs such as HomeBanking applications or safely
+configured web browsers for InternetBanking
+
+* ste_InternetInsecure identifies workloads that are very
+function-rich and unrestricted to offer for example an environment
+where internet games can run efficiently
+
+* ste_DonatedCycles identifies workloads that run on behalf of others,
+e.g. a Boinc client
+
+* ste_PersistentStorage identifies workloads that have direct access
+to persistent storage (e.g., hard drive)
+
+* ste_NetworkAccess identifies workload that have direct access to
+network cards and related networks
+
+
+
+SECURITY LABEL TEMPLATES
+========================
+
+We introduce security label templates because it is difficult for
+users to ensure tagging of domains consistently and since there are
+--as we have seen in the case of isolation-- useful dependencies
+between the policies. Security Label Templates define type sets that
+can be addressed by more user-friendly label names,
+e.g. dom_Homebanking describes a typical typeset tagged to domains
+used for sensitive Homebanking work-loads. Labels are defined in the
+file
+
+Using Security Label Templates has multiple advantages:
+a) easy reference of typical sets of type assignments
+b) consistent interpretation of type combinations
+c) meaningful application-level label names
+
+The definition of label templates depends on the combination of
+policies that are used. We will describe some of the labels defined
+for the Chinese Wall and Simple Type Enforcement combination.
+
+In the BoincClient example, the label_template file specifies that
+this Label is assigned the Chinese Wall type cw_Isolated. We do this
+assuming that this BoincClient is isolated against the rest of the
+system infrastructure (no persistent memory, no sharing with local
+domains). Since cw_Isolated is not included in any conflict set, it
+can run at any time concurrently with any other domain. The
+ste_DonatedCycles type assigned to the BoincClient reflect the
+isolation assumption: it is only assigned to the dom_NetworkDomain
+giving the BoincClient domain access to the network to communicate
+with its BoincServer.
+
+The strategy for combining types into Labels is the following: First
+we define a label for each type of general user domain
+(workload-oriented). Then we define a new label for each physical
+resource that shall be shared using a DD domain (e.g., disk) and for
+each logical resource offered through this physical resource (logical
+disk partition). We define then device domain labels (here:
+dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which
+include the types of the physical resources (e.g. hda) their domains
+need to connect to. Such physical resources can only be accessed
+directly by device domains types with the respective device's STE
+type. Additionally we assign to such a device domain Label the STE
+types of those user domains that are allowed to access one of the
+logical resources (e.g., hda1, hda2) built on top of this physical
+resource through the device domain.
+
+
+Label Construction Example:
+---------------------------
+
+We define here a storage domain label for a domain that owns a real
+disk drive and creates the logical disk partitions hda1 and hda2 which
+it serves to domains labeled dom_HomeBanking and dom_Fun
+respectively. The labels we refer to are defined in the label template
+file policies/chwall_ste/chwall_ste-security-label-template.xml.
+
+step1: To distinguish different shared disk drives, we create a
+separate Label and STE type for each of them. Here: we create a type
+ste_PersistentStorageA for disk drive hda. If you have another disk
+drive, you may define another persistent storage type
+ste_PersistentStorageB in the chwall_ste-security_policy.xml.
+
+step2: To distinguish different domains, we create multiple domain
+labels including different types. Here: label dom_HomeBanking includes
+STE type ste_PersonalFinances, label dom_Fun includes STE type
+ste_InternetInsecure.
+
+step3: The storage domain in charge of the hard drive A needs access
+to this hard drive. Therefore the storage domain label
+dom_StorageDomain must include the type assigned to the hard drive
+(ste_PersistentStorageA).
+
+step4: In order to serve dom hda1 to domains labeled dom_HomeBanking
+and hda2 to domains labeled dom_Fun, the storage domain label must
+include the types of those domains as well (ste_PersonalFinance,
+ste_InternetInsecure).
+
+step5: In order to keep the data for different types safely apart, the
+different logical disk partitions must be assigned unique labels and
+types, which are used inside the storage domain to extend the ACM
+access enforcement to logical resources served from inside the storage
+domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign
+it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to
+hda2. These labels must include the STE types of those domains that
+are allowed to use them (e.g., ste_PersonalFinances for hda1).
+
+The overall mandatory access control is then enforced in 3 different
+Xen components and these components use a single consistent policy to
+co-operatively enforce the policy. In the storage domain example, we
+have three components that co-operate:
+
+1. The ACM module inside the hypervisor enforces: communication between
+user domains and the storage domain (only domains including types
+ste_PersonalFinances or ste_InternetInsecure can communicate with the
+storage domain and request access to logical resource). This confines
+the sharing to the types assigned to the storage domain.
+
+2. The domain management will enforce (work in progress): assignment of
+real resources (hda) to domains (storage domain) that share a
+type with the resource.
+
+3. If the storage domain serves multiple STE types (as in our example),
+it enforces (work in progress): that domains can access (mount)
+logical resources only if they share an STE type with the respective
+resource. In our example, domains with the STE type
+ste_PersonalFinances can request access (mount) to logical resource
+hda1 from the storage domain.
+
+If you look at the virtual machine label dom_StorageDomain, you will
+see the minimal set of types assigned to our domain manageing disk
+drive hda for serving logical disk partitions exclusively to
+dom_HomeBanking and dom_Fun.
+
+Similary, network domains can confine access to the network or
+network communication between user domains.
+
+As a result, device domains (e.g., storage domain, network domain)
+must be simple and small to ensure their correct co-operation in the
+type enforcement model. If such trust is not possible, then hardware
+should be assigned exclusively to a single type (or to a single
+partition) in which case the hypervisor ACM enforcement enforces the
+types independently.
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/readme.txt
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/readme.txt Fri Aug 19 18:19:28 2005
@@ -0,0 +1,29 @@
+
+##
+# readme.txt <description to the xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file is a toc for information regarding
+# the access control policy and tools in Xen.
+##
+
+1. policy.txt:
+
+   describes the general reasoning and examples for access
+   control policies in Xen
+
+
+2. install.txt
+
+   describes the activation of the access control framework
+   in Xen
+
+3. example.txt
+
+   describes the available tools for managing security policies
+   in Xen and the tools to label domains
+
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_compat.h
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_compat.h    Fri Aug 19 18:19:28 2005
@@ -0,0 +1,14 @@
+/* secpol_compat.h
+ *     'translates' data types necessary to
+ *     include <xen/acm.h>
+ */
+#include <stdint.h>
+
+typedef uint8_t  u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint64_t u64;
+typedef int8_t   s8;
+typedef int16_t  s16;
+typedef int32_t  s32;
+typedef int64_t  s64;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_xml2bin.c
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_xml2bin.c   Fri Aug 19 18:19:28 2005
@@ -0,0 +1,1396 @@
+/****************************************************************
+ * secpol_xml2bin.c
+ *
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Author: Reiner Sailer <sailer@xxxxxxxxxx>
+ *
+ * Maintained:
+ * Reiner Sailer <sailer@xxxxxxxxxx>
+ * Ray Valdez <rvaldez@xxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * sHype policy translation tool. This tool takes an XML
+ * policy specification as input and produces a binary
+ * policy file that can be loaded into Xen through the
+ * ACM operations (secpol_tool loadpolicy) interface or at
+ * boot time (grub module parameter)
+ *
+ * indent -i4 -kr -nut
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <libgen.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/queue.h>
+#include <netinet/in.h>
+#include <libxml/xmlschemas.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+#include <libxml/xmlreader.h>
+#include "secpol_compat.h"
+#include <xen/acm.h>
+
+#include "secpol_xml2bin.h"
+
+#define DEBUG    0
+
+/* primary / secondary policy component setting */
+enum policycomponent { CHWALL, STE, NULLPOLICY }
+    primary = NULLPOLICY, secondary = NULLPOLICY;
+
+/* general list element for ste and chwall type queues */
+struct type_entry {
+    TAILQ_ENTRY(type_entry) entries;
+    char *name;                 /* name of type from xml file */
+    type_t mapping;             /* type mapping into 16bit */
+};
+
+TAILQ_HEAD(tailhead, type_entry) ste_head, chwall_head;
+
+/* general list element for all label queues */
+enum label_type { VM, RES, ANY };
+struct ssid_entry {
+    TAILQ_ENTRY(ssid_entry) entries;
+    char *name;                 /* label name */
+    enum label_type type;       /* type: VM / RESOURCE LABEL */
+    u_int32_t num;              /* ssid or referenced ssid */
+    int is_ref;                 /* if this entry references earlier ssid 
number */
+    unsigned char *row;         /* index of types (if not a reference) */
+};
+
+TAILQ_HEAD(tailhead_ssid, ssid_entry) ste_ssid_head, chwall_ssid_head,
+    conflictsets_head;
+struct ssid_entry *current_chwall_ssid_p = NULL;
+struct ssid_entry *current_ste_ssid_p = NULL;
+struct ssid_entry *current_conflictset_p = NULL;
+
+/* which label to assign to dom0 during boot */
+char *bootstrap_label;
+
+u_int32_t max_ste_ssids = 0;
+u_int32_t max_chwall_ssids = 0;
+u_int32_t max_chwall_labels = 0;
+u_int32_t max_ste_labels = 0;
+u_int32_t max_conflictsets = 0;
+
+char *current_ssid_name;        /* store name until structure is allocated */
+char *current_conflictset_name; /* store name until structure is allocated */
+
+/* dynamic list of type mappings for STE */
+u_int32_t max_ste_types = 0;
+
+/* dynamic list of type mappings for CHWALL */
+u_int32_t max_chwall_types = 0;
+
+/* dynamic list of conflict sets */
+int max_conflict_set = 0;
+
+/* which policies are defined */
+int have_ste = 0;
+int have_chwall = 0;
+
+/* input/output file names */
+char *policy_filename = NULL,
+    *label_filename = NULL,
+    *binary_filename = NULL, *mapping_filename = NULL;
+
+void usage(char *prg)
+{
+    printf("usage:\n%s policyname[-policy.xml/-security_label_template.xml]\n",
+         prg);
+    exit(EXIT_FAILURE);
+}
+
+
+/***************** policy-related parsing *********************/
+
+char *type_by_mapping(struct tailhead *head, u_int32_t mapping)
+{
+    struct type_entry *np;
+    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+        if (np->mapping == mapping)
+            return np->name;
+    return NULL;
+}
+
+
+struct type_entry *lookup(struct tailhead *head, char *name)
+{
+    struct type_entry *np;
+    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+        if (!(strcmp(np->name, name)))
+            return np;
+    return NULL;
+}
+
+/* enforces single-entry lists */
+int add_entry(struct tailhead *head, char *name, type_t mapping)
+{
+    struct type_entry *e;
+    if (lookup(head, name))
+    {
+        printf("Error: Type >%s< defined more than once.\n", name);
+        return -EFAULT;         /* already in the list */
+    }
+    if (!(e = malloc(sizeof(struct type_entry))))
+        return -ENOMEM;
+
+    e->name = name;
+    e->mapping = mapping;
+    TAILQ_INSERT_TAIL(head, e, entries);
+    return 0;
+}
+
+int totoken(char *tok)
+{
+    int i;
+    for (i = 0; token[i] != NULL; i++)
+        if (!strcmp(token[i], tok))
+            return i;
+    return -EFAULT;
+}
+
+/* conflictsets use the same data structure as ssids; since
+ * they are similar in structure (set of types)
+ */
+int init_next_conflictset(void)
+{
+    struct ssid_entry *conflictset = malloc(sizeof(struct ssid_entry));
+
+    if (!conflictset)
+        return -ENOMEM;
+
+    conflictset->name = current_conflictset_name;
+    conflictset->num = max_conflictsets++;
+    conflictset->is_ref = 0;    /* n/a for conflictsets */
+        /**
+         *  row: allocate one byte per type;
+         *  [i] != 0 --> mapped type >i< is part of the conflictset
+         */
+    conflictset->row = malloc(max_chwall_types);
+    if (!conflictset->row)
+        return -ENOMEM;
+
+    memset(conflictset->row, 0, max_chwall_types);
+    TAILQ_INSERT_TAIL(&conflictsets_head, conflictset, entries);
+    current_conflictset_p = conflictset;
+    return 0;
+}
+
+int register_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
+{
+    xmlChar *text;
+    struct type_entry *e;
+
+
+    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
+    if (!text)
+    {
+        printf("Error reading type name!\n");
+        return -EFAULT;
+    }
+
+    switch (state) {
+    case XML2BIN_stetype_S:
+        if (add_entry(&ste_head, (char *) text, max_ste_types))
+        {
+            xmlFree(text);
+            return -EFAULT;
+        }
+        max_ste_types++;
+        break;
+
+    case XML2BIN_chwalltype_S:
+        if (add_entry(&chwall_head, (char *) text, max_chwall_types))
+        {
+            xmlFree(text);
+            return -EFAULT;
+        }
+        max_chwall_types++;
+        break;
+
+    case XML2BIN_conflictsettype_S:
+        /* a) search the type in the chwall_type list */
+        e = lookup(&chwall_head, (char *) text);
+        if (e == NULL)
+        {
+            printf("CS type >%s< not a CHWALL type.\n", text);
+            xmlFree(text);
+            return -EFAULT;
+        }
+        /* b) add type entry to the current cs set */
+        if (current_conflictset_p->row[e->mapping])
+        {
+            printf("ERROR: Double entry of type >%s< in conflict set %d.\n",
+                 text, current_conflictset_p->num);
+            xmlFree(text);
+            return -EFAULT;
+        }
+        current_conflictset_p->row[e->mapping] = 1;
+        break;
+
+    default:
+        printf("Incorrect type environment (state = %lx, text = %s).\n",
+               state, text);
+        xmlFree(text);
+        return -EFAULT;
+    }
+    return 0;
+}
+
+void set_component_type(xmlNode * cur_node, enum policycomponent pc)
+{
+    xmlChar *order;
+
+    if ((order = xmlGetProp(cur_node, (xmlChar *) 
PRIMARY_COMPONENT_ATTR_NAME))) {
+        if (strcmp((char *) order, PRIMARY_COMPONENT))
+        {
+            printf("ERROR: Illegal attribut value >order=%s<.\n",
+                   (char *) order);
+            xmlFree(order);
+            exit(EXIT_FAILURE);
+        }
+        if (primary != NULLPOLICY)
+        {
+            printf("ERROR: Primary Policy Component set twice!\n");
+            exit(EXIT_FAILURE);
+        }
+        primary = pc;
+        xmlFree(order);
+    }
+}
+
+void walk_policy(xmlNode * start, xmlDocPtr doc, unsigned long state)
+{
+    xmlNode *cur_node = NULL;
+    int code;
+
+    for (cur_node = start; cur_node; cur_node = cur_node->next)
+    {
+        if ((code = totoken((char *) cur_node->name)) < 0)
+        {
+            printf("Unknown token: >%s<. Aborting.\n", cur_node->name);
+            exit(EXIT_FAILURE);
+        }
+        switch (code) {         /* adjust state to new state */
+        case XML2BIN_SECPOL:
+        case XML2BIN_STETYPES:
+        case XML2BIN_CHWALLTYPES:
+        case XML2BIN_CONFLICTSETS:
+            walk_policy(cur_node->children, doc, state | (1 << code));
+            break;
+
+        case XML2BIN_STE:
+            if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION)
+            {
+                printf("ERROR: This program was written against another STE 
version.\n");
+                exit(EXIT_FAILURE);
+            }
+            have_ste = 1;
+            set_component_type(cur_node, STE);
+            walk_policy(cur_node->children, doc, state | (1 << code));
+            break;
+
+        case XML2BIN_CHWALL:
+            if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION)
+            {
+                printf("ERROR: This program was written against another CHWALL 
version.\n");
+                exit(EXIT_FAILURE);
+            }
+            have_chwall = 1;
+            set_component_type(cur_node, CHWALL);
+            walk_policy(cur_node->children, doc, state | (1 << code));
+            break;
+
+        case XML2BIN_CSTYPE:
+            current_conflictset_name =
+                (char *) xmlGetProp(cur_node, (xmlChar *) "name");
+            if (!current_conflictset_name)
+                current_conflictset_name = "";
+
+            if (init_next_conflictset())
+            {
+                printf
+                    ("ERROR: creating new conflictset structure failed.\n");
+                exit(EXIT_FAILURE);
+            }
+            walk_policy(cur_node->children, doc, state | (1 << code));
+            break;
+
+        case XML2BIN_TYPE:
+            if (register_type(cur_node, doc, state))
+                exit(EXIT_FAILURE);
+            /* type leaf */
+            break;
+
+        case XML2BIN_TEXT:
+        case XML2BIN_COMMENT:
+        case XML2BIN_POLICYHEADER:
+            /* leaf - nothing to do */
+            break;
+
+        default:
+            printf("Unkonwn token Error (%d)\n", code);
+            exit(EXIT_FAILURE);
+        }
+
+    }
+    return;
+}
+
+int create_type_mapping(xmlDocPtr doc)
+{
+    xmlNode *root_element = xmlDocGetRootElement(doc);
+    struct type_entry *te;
+    struct ssid_entry *se;
+    int i;
+
+    printf("Creating ssid mappings ...\n");
+
+    /* initialize the ste and chwall type lists */
+    TAILQ_INIT(&ste_head);
+    TAILQ_INIT(&chwall_head);
+    TAILQ_INIT(&conflictsets_head);
+
+    walk_policy(root_element, doc, XML2BIN_NULL);
+
+    /* determine primary/secondary policy component orders */
+    if ((primary == NULLPOLICY) && have_chwall)
+        primary = CHWALL;       /* default if not set */
+    else if ((primary == NULLPOLICY) && have_ste)
+        primary = STE;
+
+    switch (primary) {
+
+    case CHWALL:
+        if (have_ste)
+            secondary = STE;
+        /* else default = NULLPOLICY */
+        break;
+
+    case STE:
+        if (have_chwall)
+            secondary = CHWALL;
+        /* else default = NULLPOLICY */
+        break;
+
+    default:
+        /* NULL/NULL policy */
+        break;
+    }
+
+    if (!DEBUG)
+        return 0;
+
+    /* print queues */
+    if (have_ste)
+    {
+        printf("STE-Type queue (%s):\n",
+               (primary == STE) ? "PRIMARY" : "SECONDARY");
+        for (te = ste_head.tqh_first; te != NULL;
+             te = te->entries.tqe_next)
+            printf("name=%22s, map=%x\n", te->name, te->mapping);
+    }
+    if (have_chwall)
+    {
+        printf("CHWALL-Type queue (%s):\n",
+               (primary == CHWALL) ? "PRIMARY" : "SECONDARY");
+        for (te = chwall_head.tqh_first; te != NULL;
+             te = te->entries.tqe_next)
+            printf("name=%s, map=%x\n", te->name, te->mapping);
+
+        printf("Conflictset queue (max=%d):\n", max_conflictsets);
+        for (se = conflictsets_head.tqh_first; se != NULL;
+             se = se->entries.tqe_next)
+        {
+            printf("conflictset name >%s<\n",
+                   se->name ? se->name : "NONAME");
+            for (i = 0; i < max_chwall_types; i++)
+                if (se->row[i])
+                    printf("#%x ", i);
+            printf("\n");
+        }
+    }
+    return 0;
+}
+
+
+/***************** template-related parsing *********************/
+
+/* add default ssid at head of ssid queues */
+int init_ssid_queues(void)
+{
+    struct ssid_entry *default_ssid_chwall, *default_ssid_ste;
+
+    default_ssid_chwall = malloc(sizeof(struct ssid_entry));
+    default_ssid_ste = malloc(sizeof(struct ssid_entry));
+
+    if ((!default_ssid_chwall) || (!default_ssid_ste))
+        return -ENOMEM;
+
+    /* default chwall ssid */
+    default_ssid_chwall->name = "DEFAULT";
+    default_ssid_chwall->num = max_chwall_ssids++;
+    default_ssid_chwall->is_ref = 0;
+    default_ssid_chwall->type = ANY;
+
+    default_ssid_chwall->row = malloc(max_chwall_types);
+
+    if (!default_ssid_chwall->row)
+        return -ENOMEM;
+
+    memset(default_ssid_chwall->row, 0, max_chwall_types);
+
+    TAILQ_INSERT_TAIL(&chwall_ssid_head, default_ssid_chwall, entries);
+    current_chwall_ssid_p = default_ssid_chwall;
+    max_chwall_labels++;
+
+    /* default ste ssid */
+    default_ssid_ste->name = "DEFAULT";
+    default_ssid_ste->num = max_ste_ssids++;
+    default_ssid_ste->is_ref = 0;
+    default_ssid_ste->type = ANY;
+
+    default_ssid_ste->row = malloc(max_ste_types);
+
+    if (!default_ssid_ste->row)
+        return -ENOMEM;
+
+    memset(default_ssid_ste->row, 0, max_ste_types);
+
+    TAILQ_INSERT_TAIL(&ste_ssid_head, default_ssid_ste, entries);
+    current_ste_ssid_p = default_ssid_ste;
+    max_ste_labels++;
+    return 0;
+}
+
+int init_next_chwall_ssid(unsigned long state)
+{
+    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
+
+    if (!ssid)
+        return -ENOMEM;
+
+    ssid->name = current_ssid_name;
+    ssid->num = max_chwall_ssids++;
+    ssid->is_ref = 0;
+
+    if (state & (1 << XML2BIN_VM))
+        ssid->type = VM;
+    else
+        ssid->type = RES;
+        /**
+         *  row: allocate one byte per type;
+         *  [i] != 0 --> mapped type >i< is part of the ssid
+         */
+    ssid->row = malloc(max_chwall_types);
+    if (!ssid->row)
+        return -ENOMEM;
+
+    memset(ssid->row, 0, max_chwall_types);
+    TAILQ_INSERT_TAIL(&chwall_ssid_head, ssid, entries);
+    current_chwall_ssid_p = ssid;
+    max_chwall_labels++;
+    return 0;
+}
+
+int init_next_ste_ssid(unsigned long state)
+{
+    struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
+
+    if (!ssid)
+        return -ENOMEM;
+
+    ssid->name = current_ssid_name;
+    ssid->num = max_ste_ssids++;
+    ssid->is_ref = 0;
+
+    if (state & (1 << XML2BIN_VM))
+        ssid->type = VM;
+    else
+        ssid->type = RES;
+
+        /**
+         *  row: allocate one byte per type;
+         *  [i] != 0 --> mapped type >i< is part of the ssid
+         */
+    ssid->row = malloc(max_ste_types);
+    if (!ssid->row)
+        return -ENOMEM;
+
+    memset(ssid->row, 0, max_ste_types);
+    TAILQ_INSERT_TAIL(&ste_ssid_head, ssid, entries);
+    current_ste_ssid_p = ssid;
+    max_ste_labels++;
+
+    return 0;
+}
+
+
+/* adds a type to the current ssid */
+int add_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
+{
+    xmlChar *text;
+    struct type_entry *e;
+
+    text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
+    if (!text)
+    {
+        printf("Error reading type name!\n");
+        return -EFAULT;
+    }
+    /* same for all: 1. lookup type mapping, 2. mark type in ssid */
+    switch (state) {
+    case XML2BIN_VM_STE_S:
+    case XML2BIN_RES_STE_S:
+        /* lookup the type mapping and include the type mapping into the array 
*/
+        if (!(e = lookup(&ste_head, (char *) text)))
+        {
+            printf("ERROR: unknown VM STE type >%s<.\n", text);
+            exit(EXIT_FAILURE);
+        }
+        if (current_ste_ssid_p->row[e->mapping])
+            printf("Warning: double entry of VM STE type >%s<.\n", text);
+
+        current_ste_ssid_p->row[e->mapping] = 1;
+        break;
+
+    case XML2BIN_VM_CHWALL_S:
+        /* lookup the type mapping and include the type mapping into the array 
*/
+        if (!(e = lookup(&chwall_head, (char *) text)))
+        {
+            printf("ERROR: unknown VM CHWALL type >%s<.\n", text);
+            exit(EXIT_FAILURE);
+        }
+        if (current_chwall_ssid_p->row[e->mapping])
+            printf("Warning: double entry of VM CHWALL type >%s<.\n",
+                   text);
+
+        current_chwall_ssid_p->row[e->mapping] = 1;
+        break;
+
+    default:
+        printf("Incorrect type environment (state = %lx, text = %s).\n",
+               state, text);
+        xmlFree(text);
+        return -EFAULT;
+    }
+    return 0;
+}
+
+void set_bootstrap_label(xmlNode * cur_node)
+{
+    xmlChar *order;
+
+    if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME)))
+        bootstrap_label = (char *)order;
+    else {
+        printf("ERROR: No bootstrap label defined!\n");
+        exit(EXIT_FAILURE);
+    }
+}
+
+void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state)
+{
+    xmlNode *cur_node = NULL;
+    int code;
+
+    for (cur_node = start; cur_node; cur_node = cur_node->next)
+    {
+        if ((code = totoken((char *) cur_node->name)) < 0)
+        {
+            printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name);
+            exit(EXIT_FAILURE);
+        }
+        switch (code) {         /* adjust state to new state */
+
+        case XML2BIN_SUBJECTS:
+            set_bootstrap_label(cur_node);
+            /* fall through */
+        case XML2BIN_VM:
+        case XML2BIN_RES:
+        case XML2BIN_SECTEMPLATE:
+        case XML2BIN_OBJECTS:
+            walk_labels(cur_node->children, doc, state | (1 << code));
+            break;
+
+        case XML2BIN_STETYPES:
+            /* create new ssid entry to use and point current to it */
+            if (init_next_ste_ssid(state))
+            {
+                printf("ERROR: creating new ste ssid structure failed.\n");
+                exit(EXIT_FAILURE);
+            }
+            walk_labels(cur_node->children, doc, state | (1 << code));
+
+            break;
+
+        case XML2BIN_CHWALLTYPES:
+            /* create new ssid entry to use and point current to it */
+            if (init_next_chwall_ssid(state))
+            {
+                printf("ERROR: creating new chwall ssid structure failed.\n");
+                exit(EXIT_FAILURE);
+            }
+            walk_labels(cur_node->children, doc, state | (1 << code));
+
+            break;
+
+        case XML2BIN_TYPE:
+            /* add type to current ssid */
+            if (add_type(cur_node, doc, state))
+                exit(EXIT_FAILURE);
+            break;
+
+        case XML2BIN_NAME:
+            if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S))
+            {
+                printf("ERROR: >name< out of VM/RES context.\n");
+                exit(EXIT_FAILURE);
+            }
+            current_ssid_name = (char *)
+                xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
+
+            if (!current_ssid_name)
+            {
+                printf("ERROR: empty >name<!\n");
+                exit(EXIT_FAILURE);
+            }
+            break;
+
+        case XML2BIN_TEXT:
+        case XML2BIN_COMMENT:
+        case XML2BIN_LABELHEADER:
+            break;
+
+        default:
+            printf("Unkonwn token Error (%d)\n", code);
+            exit(EXIT_FAILURE);
+        }
+
+    }
+    return;
+}
+
+/* this function walks through a ssid queue
+ * and transforms double entries into references
+ * of the first definition (we need to keep the
+ * entry to map labels but we don't want double
+ * ssids in the binary policy
+ */
+void
+remove_doubles(struct tailhead_ssid *head,
+                        u_int32_t max_types, u_int32_t * max_ssids)
+{
+    struct ssid_entry *np, *ni;
+
+    /* walk once through the list */
+    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+    {
+        /* now search from the start until np for the same entry */
+        for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next)
+        {
+            if (ni->is_ref)
+                continue;
+            if (memcmp(np->row, ni->row, max_types))
+                continue;
+            /* found one, set np reference to ni */
+            np->is_ref = 1;
+            np->num = ni->num;
+            (*max_ssids)--;
+        }
+    }
+
+    /* now minimize the ssid numbers used (doubles introduce holes) */
+    (*max_ssids) = 0; /* reset */
+
+    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+    {
+        if (np->is_ref)
+            continue;
+
+        if (np->num != (*max_ssids)) {
+                /* first reset all later references to the new max_ssid */
+                for (ni = np->entries.tqe_next; ni != NULL; ni = 
ni->entries.tqe_next)
+                {
+                    if (ni->num == np->num)
+                        ni->num = (*max_ssids);
+                }
+                /* now reset num */
+                np->num = (*max_ssids)++;
+        }
+        else
+            (*max_ssids)++;
+    }
+}
+
+/*
+ * will go away as soon as we have non-static bootstrap ssidref for dom0
+ */
+void fixup_bootstrap_label(struct tailhead_ssid *head,
+                         u_int32_t max_types, u_int32_t * max_ssids)
+{
+    struct ssid_entry *np;
+    int i;
+
+    /* should not happen if xml / xsd checks work */
+    if (!bootstrap_label)
+    {
+        printf("ERROR: No bootstrap label defined.\n");
+        exit(EXIT_FAILURE);
+    }
+
+    /* search bootstrap_label */
+    for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+    {
+        if (!strcmp(np->name, bootstrap_label))
+        {
+            break;
+        }
+    }
+
+    if (!np) {
+        /* bootstrap label not found */
+        printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label);
+        exit(EXIT_FAILURE);
+    }
+
+    /* move this entry ahead in the list right after the default entry so it
+     * receives ssidref 1/1 */
+    TAILQ_REMOVE(head, np, entries);
+    TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries);
+
+    /* renumber the ssids (we could also just switch places with 1st element) 
*/
+    for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++)
+        np->num   = i;
+
+}
+
+int create_ssid_mapping(xmlDocPtr doc)
+{
+    xmlNode *root_element = xmlDocGetRootElement(doc);
+    struct ssid_entry *np;
+    int i;
+
+    printf("Creating label mappings ...\n");
+    /* initialize the ste and chwall type lists */
+    TAILQ_INIT(&chwall_ssid_head);
+    TAILQ_INIT(&ste_ssid_head);
+
+    /* init with default ssids */
+    if (init_ssid_queues())
+    {
+        printf("ERROR adding default ssids.\n");
+        exit(EXIT_FAILURE);
+    }
+
+    /* now walk the template DOM tree and fill in ssids */
+    walk_labels(root_element, doc, XML2BIN_NULL);
+
+    /*
+     * now sort bootstrap label to the head of the list
+     * (for now), dom0 assumes its label in the first
+     * defined ssidref (1/1). 0/0 is the default non-Label
+     */
+    if (have_chwall)
+        fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types,
+                                &max_chwall_ssids);
+    if (have_ste)
+        fixup_bootstrap_label(&ste_ssid_head, max_ste_types,
+                                &max_ste_ssids);
+
+    /* remove any double entries (insert reference instead) */
+    if (have_chwall)
+        remove_doubles(&chwall_ssid_head, max_chwall_types,
+                       &max_chwall_ssids);
+    if (have_ste)
+        remove_doubles(&ste_ssid_head, max_ste_types,
+                       &max_ste_ssids);
+
+    if (!DEBUG)
+        return 0;
+
+    /* print queues */
+    if (have_chwall)
+    {
+        printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids);
+        np = NULL;
+        for (np = chwall_ssid_head.tqh_first; np != NULL;
+             np = np->entries.tqe_next)
+        {
+            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
+            if (np->is_ref)
+                printf("REFERENCE");
+            else
+                for (i = 0; i < max_chwall_types; i++)
+                    if (np->row[i])
+                        printf("#%02d ", i);
+            printf("\n\n");
+        }
+    }
+    if (have_ste)
+    {
+        printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids);
+        np = NULL;
+        for (np = ste_ssid_head.tqh_first; np != NULL;
+             np = np->entries.tqe_next)
+        {
+            printf("SSID #%02u (Label=%s)\n", np->num, np->name);
+            if (np->is_ref)
+                printf("REFERENCE");
+            else
+                for (i = 0; i < max_ste_types; i++)
+                    if (np->row[i])
+                        printf("#%02d ", i);
+            printf("\n\n");
+        }
+    }
+    return 0;
+}
+
+/***************** writing the binary policy *********************/
+
+/*
+ * the mapping file is ascii-based since it will likely be used from
+ * within scripts (using awk, grep, etc.);
+ *
+ * We print from high-level to low-level information so that with one
+ * pass, any symbol can be resolved (e.g. Label -> types)
+ */
+int write_mapping(char *filename)
+{
+
+    struct ssid_entry *e;
+    struct type_entry *t;
+    int i;
+    FILE *file;
+
+    if ((file = fopen(filename, "w")) == NULL)
+        return -EIO;
+
+    fprintf(file, "MAGIC                  %08x\n", ACM_MAGIC);
+    fprintf(file, "POLICY                 %s\n",
+            basename(policy_filename));
+    fprintf(file, "BINARY                 %s\n",
+            basename(binary_filename));
+    if (have_chwall)
+    {
+        fprintf(file, "MAX-CHWALL-TYPES       %08x\n", max_chwall_types);
+        fprintf(file, "MAX-CHWALL-SSIDS       %08x\n", max_chwall_ssids);
+        fprintf(file, "MAX-CHWALL-LABELS      %08x\n", max_chwall_labels);
+    }
+    if (have_ste)
+    {
+        fprintf(file, "MAX-STE-TYPES          %08x\n", max_ste_types);
+        fprintf(file, "MAX-STE-SSIDS          %08x\n", max_ste_ssids);
+        fprintf(file, "MAX-STE-LABELS         %08x\n", max_ste_labels);
+    }
+    fprintf(file, "\n");
+
+    /* primary / secondary order for combined ssid synthesis/analysis
+     * if no primary is named, then chwall is primary */
+    switch (primary) {
+    case CHWALL:
+        fprintf(file, "PRIMARY                CHWALL\n");
+        break;
+
+    case STE:
+        fprintf(file, "PRIMARY                STE\n");
+        break;
+
+    default:
+        fprintf(file, "PRIMARY                NULL\n");
+        break;
+    }
+
+    switch (secondary) {
+    case CHWALL:
+        fprintf(file, "SECONDARY              CHWALL\n");
+        break;
+
+    case STE:
+        fprintf(file, "SECONDARY              STE\n");
+        break;
+
+    default:
+        fprintf(file, "SECONDARY              NULL\n");
+        break;
+    }
+    fprintf(file, "\n");
+
+    /* first labels to ssid mappings */
+    if (have_chwall)
+    {
+        for (e = chwall_ssid_head.tqh_first; e != NULL;
+             e = e->entries.tqe_next)
+        {
+            fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n",
+                    (e->type ==
+                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
+                    e->name, e->num);
+        }
+        fprintf(file, "\n");
+    }
+    if (have_ste)
+    {
+        for (e = ste_ssid_head.tqh_first; e != NULL;
+             e = e->entries.tqe_next)
+        {
+            fprintf(file, "LABEL->SSID %s STE    %-25s %8x\n",
+                    (e->type ==
+                     VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
+                    e->name, e->num);
+        }
+        fprintf(file, "\n");
+    }
+
+    /* second ssid to type mappings */
+    if (have_chwall)
+    {
+        for (e = chwall_ssid_head.tqh_first; e != NULL;
+             e = e->entries.tqe_next)
+        {
+            if (e->is_ref)
+                continue;
+
+            fprintf(file, "SSID->TYPE CHWALL      %08x", e->num);
+
+            for (i = 0; i < max_chwall_types; i++)
+                if (e->row[i])
+                    fprintf(file, " %s", type_by_mapping(&chwall_head, i));
+
+            fprintf(file, "\n");
+        }
+        fprintf(file, "\n");
+    }
+    if (have_ste) {
+        for (e = ste_ssid_head.tqh_first; e != NULL;
+             e = e->entries.tqe_next)
+        {
+            if (e->is_ref)
+                continue;
+
+            fprintf(file, "SSID->TYPE STE         %08x", e->num);
+
+            for (i = 0; i < max_ste_types; i++)
+                if (e->row[i])
+                    fprintf(file, " %s", type_by_mapping(&ste_head, i));
+
+            fprintf(file, "\n");
+        }
+        fprintf(file, "\n");
+    }
+    /* third type mappings */
+    if (have_chwall)
+    {
+        for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next)
+        {
+            fprintf(file, "TYPE CHWALL            %-25s %8x\n",
+                    t->name, t->mapping);
+        }
+        fprintf(file, "\n");
+    }
+    if (have_ste) {
+        for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next)
+        {
+            fprintf(file, "TYPE STE               %-25s %8x\n",
+                    t->name, t->mapping);
+        }
+        fprintf(file, "\n");
+    }
+    fclose(file);
+    return 0;
+}
+
+unsigned char *write_chwall_binary(u_int32_t * len_chwall)
+{
+    unsigned char *buf, *ptr;
+    struct acm_chwall_policy_buffer *chwall_header;
+    u_int32_t len;
+    struct ssid_entry *e;
+    int i;
+
+    if (!have_chwall)
+        return NULL;
+
+    len = sizeof(struct acm_chwall_policy_buffer) +
+        sizeof(type_t) * max_chwall_types * max_chwall_ssids +
+        sizeof(type_t) * max_chwall_types * max_conflictsets;
+
+    buf = malloc(len);
+    ptr = buf;
+
+    if (!buf)
+    {
+        printf("ERROR: out of memory allocating chwall buffer.\n");
+        exit(EXIT_FAILURE);
+    }
+    /* chwall has 3 parts : header, types, conflictsets */
+
+    chwall_header = (struct acm_chwall_policy_buffer *) buf;
+    chwall_header->chwall_max_types = htonl(max_chwall_types);
+    chwall_header->chwall_max_ssidrefs = htonl(max_chwall_ssids);
+    chwall_header->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+    chwall_header->policy_version = htonl(ACM_CHWALL_VERSION);
+    chwall_header->chwall_ssid_offset =
+        htonl(sizeof(struct acm_chwall_policy_buffer));
+    chwall_header->chwall_max_conflictsets = htonl(max_conflictsets);
+    chwall_header->chwall_conflict_sets_offset =
+        htonl(ntohl(chwall_header->chwall_ssid_offset) +
+              sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types);
+    chwall_header->chwall_running_types_offset = 0;     /* not set, only 
retrieved */
+    chwall_header->chwall_conflict_aggregate_offset = 0;        /* not set, 
only retrieved */
+    ptr += sizeof(struct acm_chwall_policy_buffer);
+
+    /* types */
+    for (e = chwall_ssid_head.tqh_first; e != NULL;
+         e = e->entries.tqe_next)
+    {
+        if (e->is_ref)
+            continue;
+
+        for (i = 0; i < max_chwall_types; i++)
+            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
+
+        ptr += sizeof(type_t) * max_chwall_types;
+    }
+
+    /* conflictsets */
+    for (e = conflictsets_head.tqh_first; e != NULL;
+         e = e->entries.tqe_next)
+    {
+        for (i = 0; i < max_chwall_types; i++)
+            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
+
+        ptr += sizeof(type_t) * max_chwall_types;
+    }
+
+    if ((ptr - buf) != len)
+    {
+        printf("ERROR: wrong lengths in %s.\n", __func__);
+        exit(EXIT_FAILURE);
+    }
+
+    (*len_chwall) = len;
+    return buf;
+}
+
+unsigned char *write_ste_binary(u_int32_t * len_ste)
+{
+    unsigned char *buf, *ptr;
+    struct acm_ste_policy_buffer *ste_header;
+    struct ssid_entry *e;
+    u_int32_t len;
+    int i;
+
+    if (!have_ste)
+        return NULL;
+
+    len = sizeof(struct acm_ste_policy_buffer) +
+        sizeof(type_t) * max_ste_types * max_ste_ssids;
+
+    buf = malloc(len);
+    ptr = buf;
+
+    if (!buf)
+    {
+        printf("ERROR: out of memory allocating chwall buffer.\n");
+        exit(EXIT_FAILURE);
+    }
+
+    /* fill buffer */
+    ste_header = (struct acm_ste_policy_buffer *) buf;
+    ste_header->policy_version = htonl(ACM_STE_VERSION);
+    ste_header->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+    ste_header->ste_max_types = htonl(max_ste_types);
+    ste_header->ste_max_ssidrefs = htonl(max_ste_ssids);
+    ste_header->ste_ssid_offset =
+        htonl(sizeof(struct acm_ste_policy_buffer));
+
+    ptr += sizeof(struct acm_ste_policy_buffer);
+
+    /* types */
+    for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next)
+    {
+        if (e->is_ref)
+            continue;
+
+        for (i = 0; i < max_ste_types; i++)
+            ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
+
+        ptr += sizeof(type_t) * max_ste_types;
+    }
+
+    if ((ptr - buf) != len)
+    {
+        printf("ERROR: wrong lengths in %s.\n", __func__);
+        exit(EXIT_FAILURE);
+    }
+    (*len_ste) = len;
+    return buf;                 /* for now */
+}
+
+int write_binary(char *filename)
+{
+    struct acm_policy_buffer header;
+    unsigned char *ste_buffer = NULL, *chwall_buffer = NULL;
+    u_int32_t len;
+    int fd;
+
+    u_int32_t len_ste = 0, len_chwall = 0;      /* length of policy components 
*/
+
+    /* open binary file */
+    if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) 
<= 0)
+        return -EIO;
+
+    ste_buffer = write_ste_binary(&len_ste);
+    chwall_buffer = write_chwall_binary(&len_chwall);
+
+    /* determine primary component (default chwall) */
+    header.policy_version = htonl(ACM_POLICY_VERSION);
+    header.magic = htonl(ACM_MAGIC);
+
+    len = sizeof(struct acm_policy_buffer);
+    if (have_chwall)
+        len += len_chwall;
+    if (have_ste)
+        len += len_ste;
+    header.len = htonl(len);
+
+    header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer));
+    if (primary == CHWALL)
+    {
+        header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+        header.secondary_buffer_offset =
+            htonl((sizeof(struct acm_policy_buffer)) + len_chwall);
+    }
+    else if (primary == STE)
+    {
+        header.primary_policy_code =
+            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+        header.secondary_buffer_offset =
+            htonl((sizeof(struct acm_policy_buffer)) + len_ste);
+    }
+    else
+    {
+        /* null policy */
+        header.primary_policy_code = htonl(ACM_NULL_POLICY);
+        header.secondary_buffer_offset =
+            htonl(header.primary_buffer_offset);
+    }
+
+    if (secondary == CHWALL)
+        header.secondary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+    else if (secondary == STE)
+        header.secondary_policy_code =
+            htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+    else
+        header.secondary_policy_code = htonl(ACM_NULL_POLICY);
+
+    if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer))
+        != sizeof(struct acm_policy_buffer))
+        return -EIO;
+
+    /* write primary policy component */
+    if (primary == CHWALL)
+    {
+        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
+            return -EIO;
+    }
+    else if (primary == STE)
+    {
+        if (write(fd, ste_buffer, len_ste) != len_ste)
+            return -EIO;
+    } else
+        ;                     /* NULL POLICY has no policy data */
+
+    /* write secondary policy component */
+    if (secondary == CHWALL)
+    {
+        if (write(fd, chwall_buffer, len_chwall) != len_chwall)
+            return -EIO;
+    }
+    else if (secondary == STE)
+    {
+        if (write(fd, ste_buffer, len_ste) != len_ste)
+            return -EIO;
+    } else;                     /* NULL POLICY has no policy data */
+
+    close(fd);
+    return 0;
+}
+
+int is_valid(xmlDocPtr doc)
+{
+    int err = 0;
+    xmlSchemaPtr schema_ctxt = NULL;
+    xmlSchemaParserCtxtPtr schemaparser_ctxt = NULL;
+    xmlSchemaValidCtxtPtr schemavalid_ctxt = NULL;
+
+    schemaparser_ctxt = xmlSchemaNewParserCtxt(SCHEMA_FILENAME);
+    schema_ctxt = xmlSchemaParse(schemaparser_ctxt);
+    schemavalid_ctxt = xmlSchemaNewValidCtxt(schema_ctxt);
+
+#ifdef VALIDATE_SCHEMA
+    /* only tested to be available from libxml2-2.6.20 upwards */
+    if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1)
+    {
+        printf("ERROR: Invalid schema file %s (err=%d)\n",
+               SCHEMA_FILENAME, err);
+        err = -EIO;
+        goto out;
+    }
+    else
+        printf("XML Schema %s valid.\n", SCHEMA_FILENAME);
+#endif
+    if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc)))
+    {
+        err = -EIO;
+        goto out;
+    }
+  out:
+    xmlSchemaFreeValidCtxt(schemavalid_ctxt);
+    xmlSchemaFreeParserCtxt(schemaparser_ctxt);
+    xmlSchemaFree(schema_ctxt);
+    return (err != 0) ? 0 : 1;
+}
+
+int main(int argc, char **argv)
+{
+    xmlDocPtr labeldoc = NULL;
+    xmlDocPtr policydoc = NULL;
+
+    int err = EXIT_SUCCESS;
+
+    char *file_prefix;
+    int prefix_len;
+
+    if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION)
+    {
+        printf("ERROR: This program was written against an older ACM 
version.\n");
+        exit(EXIT_FAILURE);
+    }
+
+    if (argc != 2)
+        usage(basename(argv[0]));
+
+    prefix_len = strlen(POLICY_SUBDIR) +
+        strlen(argv[1]) + 1 /* "/" */  +
+        strlen(argv[1]) + 1 /* "/" */ ;
+
+    file_prefix = malloc(prefix_len);
+    policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION));
+    label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION));
+    binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION));
+    mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION));
+
+    if (!file_prefix || !policy_filename || !label_filename ||
+        !binary_filename || !mapping_filename)
+    {
+        printf("ERROR allocating file name memory.\n");
+        goto out2;
+    }
+
+    /* create input/output filenames out of prefix */
+    strcat(file_prefix, POLICY_SUBDIR);
+    strcat(file_prefix, argv[1]);
+    strcat(file_prefix, "/");
+    strcat(file_prefix, argv[1]);
+
+    strcpy(policy_filename, file_prefix);
+    strcpy(label_filename, file_prefix);
+    strcpy(binary_filename, file_prefix);
+    strcpy(mapping_filename, file_prefix);
+
+    strcat(policy_filename, POLICY_EXTENSION);
+    strcat(label_filename, LABEL_EXTENSION);
+    strcat(binary_filename, BINARY_EXTENSION);
+    strcat(mapping_filename, MAPPING_EXTENSION);
+
+    labeldoc = xmlParseFile(label_filename);
+
+    if (labeldoc == NULL)
+    {
+        printf("Error: could not parse file %s.\n", argv[1]);
+        goto out2;
+    }
+
+    printf("Validating label file %s...\n", label_filename);
+    if (!is_valid(labeldoc))
+    {
+        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
+               label_filename, err);
+        goto out1;
+    }
+
+    policydoc = xmlParseFile(policy_filename);
+
+    if (policydoc == NULL)
+    {
+        printf("Error: could not parse file %s.\n", argv[1]);
+        goto out1;
+    }
+
+    printf("Validating policy file %s...\n", policy_filename);
+
+    if (!is_valid(policydoc))
+    {
+        printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
+               policy_filename, err);
+        goto out;
+    }
+
+    /* Init queues and parse policy */
+    create_type_mapping(policydoc);
+
+    /* create ssids */
+    create_ssid_mapping(labeldoc);
+
+    /* write label mapping file */
+    if (write_mapping(mapping_filename))
+    {
+        printf("ERROR: writing mapping file %s.\n", mapping_filename);
+        goto out;
+    }
+
+    /* write binary file */
+    if (write_binary(binary_filename))
+    {
+        printf("ERROR: writing binary file %s.\n", binary_filename);
+        goto out;
+    }
+
+    /* write stats */
+    if (have_chwall)
+    {
+        printf("Max chwall labels:  %u\n", max_chwall_labels);
+        printf("Max chwall-types:   %u\n", max_chwall_types);
+        printf("Max chwall-ssids:   %u\n", max_chwall_ssids);
+    }
+
+    if (have_ste)
+    {
+        printf("Max ste labels:     %u\n", max_ste_labels);
+        printf("Max ste-types:      %u\n", max_ste_types);
+        printf("Max ste-ssids:      %u\n", max_ste_ssids);
+    }
+    /* cleanup */
+  out:
+    xmlFreeDoc(policydoc);
+  out1:
+    xmlFreeDoc(labeldoc);
+  out2:
+    xmlCleanupParser();
+    return err;
+}
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_xml2bin.h
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_xml2bin.h   Fri Aug 19 18:19:28 2005
@@ -0,0 +1,139 @@
+/****************************************************************
+ * secpol_xml2bin.h
+ *
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Authors:
+ * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ */
+#define POLICY_SUBDIR       "policies/"
+#define POLICY_EXTENSION    "-security_policy.xml"
+#define LABEL_EXTENSION     "-security_label_template.xml"
+#define BINARY_EXTENSION    ".bin"
+#define MAPPING_EXTENSION   ".map"
+#define PRIMARY_COMPONENT_ATTR_NAME "order"
+#define BOOTSTRAP_LABEL_ATTR_NAME   "bootstrap"
+#define PRIMARY_COMPONENT   "PrimaryPolicyComponent"
+#define SCHEMA_FILENAME     "policies/security_policy.xsd"
+
+/* basic states (used as 1 << X) */
+#define XML2BIN_SECPOL             0   /* policy tokens */
+#define XML2BIN_STE                    1
+#define XML2BIN_CHWALL          2
+#define XML2BIN_CONFLICTSETS           3
+#define XML2BIN_CSTYPE         4
+
+#define XML2BIN_SECTEMPLATE        5   /* label tokens */
+#define XML2BIN_POLICYHEADER           6
+#define XML2BIN_LABELHEADER     7
+#define XML2BIN_SUBJECTS        8
+#define XML2BIN_OBJECTS            9
+#define XML2BIN_VM                 10
+#define XML2BIN_RES            11
+
+#define XML2BIN_STETYPES           12  /* shared tokens */
+#define XML2BIN_CHWALLTYPES        13
+#define XML2BIN_TYPE               14
+#define XML2BIN_NAME            15
+#define XML2BIN_TEXT               16
+#define XML2BIN_COMMENT                17
+
+/* type "data type" (currently 16bit) */
+typedef u_int16_t type_t;
+
+/* list of known elements and token equivalent  *
+ * state constants and token positions must be  *
+ * in sync for correct state recognition        */
+
+char *token[20] =                       /* parser triggers */
+{
+    [0] = "SecurityPolicyDefinition",   /* policy xml */
+    [1] = "SimpleTypeEnforcement",
+    [2] = "ChineseWall",
+    [3] = "ConflictSets",
+    [4] = "Conflict",                   /* label-template xml */
+    [5] = "SecurityLabelTemplate",
+    [6] = "PolicyHeader",
+    [7] = "LabelHeader",
+    [8] = "SubjectLabels",
+    [9] = "ObjectLabels",
+    [10] = "VirtualMachineLabel",
+    [11] = "ResourceLabel",
+    [12] = "SimpleTypeEnforcementTypes",                  /* common tags */
+    [13] = "ChineseWallTypes",
+    [14] = "Type",
+    [15] = "Name",
+    [16] = "text",
+    [17] = "comment",
+    [18] = NULL,
+};
+
+/* important combined states */
+#define XML2BIN_NULL           0
+
+/* policy xml parsing states _S */
+
+/* e.g., here we are in a <secpol,ste,stetypes> environment,  *
+ * so when finding a type element, we know where to put it    */
+#define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
+                                (1 << XML2BIN_STE) |    \
+                                (1 << XML2BIN_STETYPES))
+
+#define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
+                                (1 << XML2BIN_CHWALL) | \
+                                (1 << XML2BIN_CHWALLTYPES))
+
+#define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
+                                (1 << XML2BIN_CHWALL) | \
+                                (1 << XML2BIN_CONFLICTSETS))
+
+#define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
+                                (1 << XML2BIN_CHWALL) | \
+                                (1 << XML2BIN_CONFLICTSETS) | \
+                                (1 << XML2BIN_CSTYPE))
+
+
+/* label xml states */
+#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
+                      (1 << XML2BIN_SUBJECTS) |    \
+                      (1 << XML2BIN_VM))
+
+#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
+                       (1 << XML2BIN_OBJECTS) |     \
+                       (1 << XML2BIN_RES))
+
+#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
+                        (1 << XML2BIN_SUBJECTS) | \
+                        (1 << XML2BIN_VM) | \
+                        (1 << XML2BIN_STETYPES))
+
+#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
+                           (1 << XML2BIN_SUBJECTS) | \
+                           (1 << XML2BIN_VM) | \
+                           (1 << XML2BIN_CHWALLTYPES))
+
+#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
+                         (1 << XML2BIN_OBJECTS) | \
+                         (1 << XML2BIN_RES) | \
+                         (1 << XML2BIN_STETYPES))
+
+
+
+/* check versions of headers against which the
+ * xml2bin translation tool was written
+ */
+
+/* protects from unnoticed changes in struct acm_policy_buffer */
+#define WRITTEN_AGAINST_ACM_POLICY_VERSION  1
+
+/* protects from unnoticed changes in struct acm_chwall_policy_buffer */
+#define WRITTEN_AGAINST_ACM_CHWALL_VERSION  1
+
+/* protects from unnoticed changes in struct acm_ste_policy_buffer */
+#define WRITTEN_AGAINST_ACM_STE_VERSION     1
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/setlabel.sh
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/setlabel.sh        Fri Aug 19 18:19:28 2005
@@ -0,0 +1,345 @@
+#!/bin/sh
+# *
+# * setlabel
+# *
+# * Copyright (C) 2005 IBM Corporation
+# *
+# * Authors:
+# * Stefan Berger <stefanb@xxxxxxxxxx>
+# *
+# * This program is free software; you can redistribute it and/or
+# * modify it under the terms of the GNU General Public License as
+# * published by the Free Software Foundation, version 2 of the
+# * License.
+# *
+# * 'setlabel' labels virtual machine (domain) configuration files with
+# * security identifiers that can be enforced in Xen.
+# *
+# * 'setlabel -?' shows the usage of the program
+# *
+# * 'setlabel -l vmconfig-file' lists all available labels (only VM
+# *            labels are used right now)
+# *
+# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
+# *                       that corresponds to the security-label under the
+# *                       current policy (if policy changes, 'label'
+# *                       must be re-run over the configuration files;
+# *                       map-file is created during policy translation and
+# *                       is found in the policy's directory
+#
+
+if [ -z "$runbash" ]; then
+       runbash="1"
+       export runbash
+       exec sh -c "bash $0 $*"
+fi
+
+
+usage ()
+{
+       echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
+       echo "    or $0 -l <policy name>"
+       echo ""
+       echo "Valid Options are:"
+       echo "-r          : to relabel a file without being prompted"
+       echo ""
+       echo "vmfile      : XEN vm configuration file"
+       echo "label       : the label to map"
+       echo "policy name : the name of the policy, i.e. 'chwall'"
+       echo ""
+       echo "-l <policy name> is used to show valid labels in the map file"
+       echo ""
+}
+
+
+findMapFile ()
+{
+       mapfile="./$1.map"
+       if [ -r "$mapfile" ]; then
+               return 1
+       fi
+
+       mapfile="./policies/$1/$1.map"
+       if [ -r "$mapfile" ]; then
+               return 1
+       fi
+
+       return 0
+}
+
+showLabels ()
+{
+       mapfile=$1
+       if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
+               echo "Cannot read from vm configuration file $vmfile."
+               return -1
+       fi
+
+       getPrimaryPolicy $mapfile
+       getSecondaryPolicy $mapfile
+
+       echo "The following labels are available:"
+       let line=1
+       while [ 1 ]; do
+               ITEM=`cat $mapfile |         \
+                     awk -vline=$line       \
+                         -vprimary=$primary \
+                     '{                     \
+                        if ($1 == "LABEL->SSID" &&  \
+                            $2 == "VM" &&           \
+                            $3 == primary ) {       \
+                          ctr++;                    \
+                          if (ctr == line) {        \
+                            print $4;               \
+                          }                         \
+                        }                           \
+                      } END {                       \
+                      }'`
+
+               if [ "$ITEM" == "" ]; then
+                       break
+               fi
+               if [ "$secondary" != "NULL" ]; then
+                       LABEL=`cat $mapfile |     \
+                              awk -vitem=$ITEM   \
+                              '{
+                                 if ($1 == "LABEL->SSID" && \
+                                     $2 == "VM" &&          \
+                                     $3 == "CHWALL" &&      \
+                                     $4 == item ) {         \
+                                   result = item;           \
+                                 }                          \
+                               } END {                      \
+                                   print result             \
+                               }'`
+               else
+                       LABEL=$ITEM
+               fi
+
+               if [ "$LABEL" != "" ]; then
+                       echo "$LABEL"
+                       found=1
+               fi
+               let line=line+1
+       done
+       if [ "$found" != "1" ]; then
+               echo "No labels found."
+       fi
+}
+
+getPrimaryPolicy ()
+{
+       mapfile=$1
+       primary=`cat $mapfile  |   \
+                awk '             \
+                 {                \
+                   if ( $1 == "PRIMARY" ) { \
+                     res=$2;                \
+                   }                        \
+                 } END {                    \
+                   print res;               \
+                 } '`
+}
+
+getSecondaryPolicy ()
+{
+       mapfile=$1
+       secondary=`cat $mapfile  |   \
+                awk '             \
+                 {                \
+                   if ( $1 == "SECONDARY" ) { \
+                     res=$2;                \
+                   }                        \
+                 } END {                    \
+                   print res;               \
+                 } '`
+}
+
+
+getDefaultSsid ()
+{
+       mapfile=$1
+       pol=$2
+       RES=`cat $mapfile    \
+            awk -vpol=$pol  \
+             {              \
+               if ($1 == "LABEL->SSID" && \
+                   $2 == "ANY"         && \
+                   $3 == pol           && \
+                   $4 == "DEFAULT"       ) {\
+                     res=$5;                \
+               }                            \
+             } END {                        \
+               printf "%04x", strtonum(res) \
+            }'`
+       echo "default NULL mapping is $RES"
+       defaultssid=$RES
+}
+
+relabel ()
+{
+       vmfile=$1
+       label=$2
+       mapfile=$3
+       mode=$4
+
+       if [ ! -r "$vmfile" ]; then
+               echo "Cannot read from vm configuration file $vmfile."
+               return -1
+       fi
+
+       if [ ! -w "$vmfile" ]; then
+               echo "Cannot write to vm configuration file $vmfile."
+               return -1
+       fi
+
+       if [ ! -r "$mapfile" ] ; then
+               echo "Cannot read mapping file $mapfile."
+               return -1
+       fi
+
+       # Determine which policy is primary, which sec.
+       getPrimaryPolicy $mapfile
+       getSecondaryPolicy $mapfile
+
+       # Calculate the primary policy's SSIDREF
+       if [ "$primary" == "NULL" ]; then
+               SSIDLO="0000"
+       else
+               SSIDLO=`cat $mapfile |                    \
+                       awk -vlabel=$label                \
+                           -vprimary=$primary            \
+                          '{                             \
+                             if ( $1 == "LABEL->SSID" && \
+                                  $2 == "VM" &&          \
+                                  $3 == primary  &&      \
+                                  $4 == label ) {        \
+                               result=$5                 \
+                             }                           \
+                          } END {                        \
+                            if (result != "" )           \
+                              {printf "%04x", strtonum(result)}\
+                          }'`
+       fi
+
+       # Calculate the secondary policy's SSIDREF
+       if [ "$secondary" == "NULL" ]; then
+               SSIDHI="0000"
+       else
+               SSIDHI=`cat $mapfile |                    \
+                       awk -vlabel=$label                \
+                           -vsecondary=$secondary        \
+                          '{                             \
+                             if ( $1 == "LABEL->SSID" && \
+                                  $2 == "VM"          && \
+                                  $3 == secondary     && \
+                                  $4 == label ) {        \
+                               result=$5                 \
+                             }                           \
+                           }  END {                      \
+                             if (result != "" )          \
+                               {printf "%04x", strtonum(result)}\
+                           }'`
+       fi
+
+       if [ "$SSIDLO" == "" -o \
+            "$SSIDHI" == "" ]; then
+               echo "Could not map the given label '$label'."
+               return -1
+       fi
+
+       ACM_POLICY=`cat $mapfile |             \
+           awk ' { if ( $1 == "POLICY" ) {    \
+                     result=$2                \
+                   }                          \
+                 }                            \
+                 END {                        \
+                   if (result != "") {        \
+                     printf result            \
+                   }                          \
+                 }'`
+
+       if [ "$ACM_POLICY" == "" ]; then
+               echo "Could not find 'POLICY' entry in map file."
+               return -1
+       fi
+
+       SSIDREF="0x$SSIDHI$SSIDLO"
+
+       if [ "$mode" != "relabel" ]; then
+               RES=`cat $vmfile |  \
+                    awk '{         \
+                      if ( substr($1,0,7) == "ssidref" ) {\
+                        print $0;             \
+                      }                       \
+                    }'`
+               if [ "$RES" != "" ]; then
+                       echo "Do you want to overwrite the existing mapping 
($RES)? (y/N)"
+                       read user
+                       if [ "$user" != "y" -a "$user" != "Y" ]; then
+                               echo "Aborted."
+                               return 0
+                       fi
+               fi
+       fi
+
+       #Write the output
+       vmtmp1="/tmp/__setlabel.tmp1"
+       vmtmp2="/tmp/__setlabel.tmp2"
+       touch $vmtmp1
+       touch $vmtmp2
+       if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
+               echo "Cannot create temporary files. Aborting."
+               return -1
+       fi
+       RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
+       RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
+       RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
+       echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
+       echo "#ACM_LABEL=$label" >> $vmtmp1
+       echo "ssidref = $SSIDREF" >> $vmtmp1
+       mv -f $vmtmp1 $vmfile
+       rm -rf $vmtmp1 $vmtmp2
+       echo "Mapped label '$label' to ssidref '$SSIDREF'."
+}
+
+
+
+if [ "$1" == "-r" ]; then
+       mode="relabel"
+       shift
+elif [ "$1" == "-l" ]; then
+       mode="show"
+       shift
+elif [ "$1" == "-?" ]; then
+       mode="usage"
+fi
+
+if [ "$mode" == "show" ]; then
+       if [ "$1" == "" ]; then
+               usage
+               exit -1;
+       fi
+       findMapFile $1
+       res=$?
+       if [ "$res" != "0" ]; then
+               showLabels $mapfile
+       else
+               echo "Could not find map file for policy '$1'."
+       fi
+elif [ "$mode" == "usage" ]; then
+       usage
+else
+       if [ "$3" == "" ]; then
+               usage
+               exit -1;
+       fi
+       findMapFile $3
+       res=$?
+       if [ "$res" != "0" ]; then
+               relabel $1 $2 $mapfile $mode
+       else
+               echo "Could not find map file for policy '$3'."
+       fi
+
+fi
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/updategrub.sh
--- /dev/null   Thu Aug 18 18:40:02 2005
+++ b/tools/security/updategrub.sh      Fri Aug 19 18:19:28 2005
@@ -0,0 +1,171 @@
+#!/bin/sh
+# *
+# * updategrub
+# *
+# * Copyright (C) 2005 IBM Corporation
+# *
+# * Authors:
+# * Stefan Berger <stefanb@xxxxxxxxxx>
+# *
+# * This program is free software; you can redistribute it and/or
+# * modify it under the terms of the GNU General Public License as
+# * published by the Free Software Foundation, version 2 of the
+# * License.
+# *
+# *
+#
+
+if [ -z "$runbash" ]; then
+       runbash="1"
+       export runbash
+       exec sh -c "bash $0 $*"
+       exit
+fi
+
+
+# Show usage of this program
+usage ()
+{
+       echo "Usage: $0 <policy name> <root of xen repository>"
+       echo ""
+       echo "<policy name>             : The name of the policy, i.e. xen_null"
+       echo "<root of xen repository>  : The root of the XEN repositrory."
+       echo ""
+}
+
+# This function sets the global variable 'linux'
+# to the name of the linux kernel that was compiled
+# For now a pattern should do the trick
+getLinuxVersion ()
+{
+       path=$1
+       linux=""
+       for f in $path/linux-*-xen0 ; do
+               versionfile=$f/include/linux/version.h
+               if [ -r $versionfile ]; then
+                       lnx=`cat $versionfile | \
+                            grep UTS_RELEASE | \
+                            awk '{             \
+                              len=length($3);  \
+                              print substr($3,2,len-2) }'`
+               fi
+               if [ "$lnx" != "" ]; then
+                       linux="[./0-9a-zA-z]*$lnx"
+                       return;
+               fi
+       done
+
+       #Last resort.
+       linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
+}
+
+#Return where the grub.conf file is.
+#I only know of one place it can be.
+findGrubConf()
+{
+       grubconf="/boot/grub/grub.conf"
+       if [ -w $grubconf ]; then
+               return 1
+       fi
+       return 0
+}
+
+
+#Update the grub configuration file.
+#Search for existing entries and replace the current
+#policy entry with the policy passed to this script
+#
+#Arguments passed to this function
+# 1st : the grub configuration file
+# 2nd : the binary policy file name
+# 3rd : the name or pattern of the linux kernel name to match
+#
+# The algorithm here is based on pattern matching
+# and is working correctly if
+# - under a title a line beginning with 'kernel' is found
+#   whose following item ends with "xen.gz"
+#   Example:  kernel /xen.gz dom0_mem=....
+# - a module line matching the 3rd parameter is found
+#
+updateGrub ()
+{
+       grubconf=$1
+       policyfile=$2
+       linux=$3
+
+       tmpfile="/tmp/new_grub.conf"
+
+       cat $grubconf |                                \
+                awk -vpolicy=$policyfile              \
+                    -vlinux=$linux '{                 \
+                  if ( $1 == "title" ) {              \
+                    kernelfound = 0;                  \
+                    if ( policymaycome == 1 ){        \
+                      printf ("\tmodule %s%s\n", path, policy);      \
+                    }                                 \
+                    policymaycome = 0;                \
+                  }                                   \
+                  else if ( $1 == "kernel" ) {        \
+                    if ( match($2,"xen.gz$") ) {      \
+                      path=substr($2,1,RSTART-1);     \
+                      kernelfound = 1;                \
+                    }                                 \
+                  }                                   \
+                  else if ( $1 == "module" &&         \
+                            kernelfound == 1 &&       \
+                            match($2,linux) ) {       \
+                     policymaycome = 1;               \
+                  }                                   \
+                  else if ( $1 == "module" &&         \
+                            kernelfound == 1 &&       \
+                            policymaycome == 1 &&     \
+                            match($2,"[0-9a-zA-Z]*.bin$") ) { \
+                     printf ("\tmodule %s%s\n", path, policy); \
+                     policymaycome = 0;               \
+                     kernelfound = 0;                 \
+                     dontprint = 1;                   \
+                  }                                   \
+                  else if ( $1 == "" &&               \
+                            kernelfound == 1 &&       \
+                            policymaycome == 1) {     \
+                     dontprint = 1;                   \
+                  }                                   \
+                  if (dontprint == 0) {               \
+                    printf ("%s\n", $0);              \
+                  }                                   \
+                  dontprint = 0;                      \
+                } END {                               \
+                  if ( policymaycome == 1 ) {         \
+                    printf ("\tmodule %s%s\n", path, policy);  \
+                  }                                   \
+                }' > $tmpfile
+       if [ ! -r $tmpfile ]; then
+               echo "Could not create temporary file! Aborting."
+               exit -1
+       fi
+       mv -f $tmpfile $grubconf
+}
+
+if [ "$1" == "" -o "$2" == "" ]; then
+       usage
+       exit -1
+fi
+
+if [ "$1" == "-?" ]; then
+       usage
+       exit 0
+fi
+
+policy=$1
+policyfile=$policy.bin
+
+getLinuxVersion $2
+
+findGrubConf
+ERR=$?
+if [ $ERR -eq 0 ]; then
+       echo "Could not find grub.conf. Aborting."
+       exit -1
+fi
+
+updateGrub $grubconf $policyfile $linux
diff -r 99914b54f7bf -r 81576d3d1ca8 docs/misc/shype4xen_readme.txt
--- a/docs/misc/shype4xen_readme.txt    Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,588 +0,0 @@
-Copyright: IBM Corporation (C)
-20 June 2005
-Author: Reiner Sailer
-
-This document is a very short introduction into the sHype access control 
-security architecture implementation and how it is perceived by users. It 
-is a very preliminary draft  for the courageous ones to get "their feet wet" 
-and to be able to give feedback (via the xen-devel/xense-devel mailing lists).
-
-Install:
-
-cd into xeno-unstable.bk 
-(use --dry-run option if you want to test the patch only)
-patch -p1 -g0 < *tools.diff
-patch -p1 -g0 < *xen.diff
-
-(no rejects, probably some line offsets)
-
-make uninstall; make mrproper; make; ./install.sh should install the default 
-sHype into Xen (rebuild your initrd images if necessary). Reboot.
-
-Debug output: there are two triggers for debug output:
-a) General sHype debug:
-    xeno-unstable.bk/xen/include/public/acm.h
-    undefine ACM_DEBUG to switch this debug off
-
-b) sHype enforcement hook trace: This prints a small trace for each 
enforcement 
-hook that is executed. The trigger is in
-    xeno-unstable.bk/xen/include/acm/acm_hooks.h
-    undefine ACM_TRACE_MODE to switch this debug off
-
-1. The default NULL policy
-***************************
-When you apply the patches and startup xen, you should at first not notice any 
-difference because the default policy is the "NULL" policy, which as the name 
-implies does not enforce anything.
-
-To display the currently enforced policy, use the policy tool under xeno-
-unstable.bk/tools/policy: policy_tool getpolicy. You should see output like 
the 
-one below.
-
-[root@laptop policy]#./policy_tool getpolicy
-
-Policy dump:
-============
-Magic     = 1debc.
-PolVer    = aaaa0000.
-Len       = 14.
-Primary   = NULL policy (c=0, off=14).
-Secondary = NULL policy (c=0, off=14).
-No primary policy (NULL).
-No secondary policy (NULL).
-
-Policy dump End.
-
-Since this is a dump of a binary policy, it's not pretty. The important parts 
-are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype 
-currently allows to set two independent policies; thus the two SSID-REF parts 
-shown in 'xm list'. Right here: primary policy only means this policy is 
-checked first, the secondary policy is checked if the primary results in 
-"permitted access". The result of the combined policy is "permitted" if both 
-policies return permitted (NULL policy always returns permitted). The result 
is 
-"denied" if at least one of the policies returns "denied". Look into xeno-
-unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure 
-integrating the policy decisions (if you like, you won't need it for the rest 
-of the Readme file).
-
-2. Setting Chinese Wall and Simple Type Enforcement policies:
-*************************************************************
-
-We'll get fast to the point. However, in order to understand what we are 
doing, 
-we must at least understand the purpose of the policies that we are going to 
-enforce. The two policies presented here are just examples and the 
-implementation encourages adding new policies easily.
-
-2.1. Chinese Wall policy: "decides whether a domain can be started based on 
-this domain's ssidref and the ssidrefs of the currently running domains". 
-Generally, the Chinese wall policy allows specifying certain types (or classes 
-or categories, whatever the preferred word) that conflict; we usually assign a 
-type to a workload and the set of types of those workloads running in a domain 
-make up the type set for this domain.  Each domain is assigned a set of types 
-through its SSID-REF (we register Chinese Wall as primary policy, so the 
-ssidref used for determining the Chinese Wall types is the one annotated with 
-"p:" in xm list) since each SSID-REF points at a set of types. We'll see how 
-SSIDREFs are represented in Xen later when we will look at the policy. (A good 
-read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.)
-
-So let's assume the Chinese Wall policy we are running distinguishes 10 types: 
-t0 ... t9. Let us assume further that each SSID-REF points to a set that 
-includes exactly one type (attached to domains that run workloads of a single 
-type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to 
-{t9}. [This is actually the example policy we are going to push into xen later]
-
-Now the Chinese Wall policy allows you to define "Conflict type sets" and it 
-guarantees that of any conflict set at most one type is "running" at any time. 
-As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}. 
-Specifying these conflict sets, sHype ensures that at most one type of each 
set 
-is running (either t2 or t3 but not both; either t0 or t5 or t6 but not 
-multiple of them).
-
-The effect is that administrators can define which workload types cannot run 
-simultaneously on a single Xen system. This is useful to limit the covert 
-timing channels between such payloads or to ensure that payloads don't 
-interfere with each other through existing resource dependencies.
-
-2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can 
-share data, e.g., setup event channels or grant tables to each other, based on 
-the two domains' ssidref. This, as the name says, is a simple policy. Think of 
-each type as of a single color. Each domain has one or more colors, i.e., the 
-domains ssid for the ste policy points to a set that has set one or multiple 
-types. Let us assume in our example policy we differentiate 5 colors (types) 
-and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have 
-exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types 
-set, i.e., has all defined colors.
-
-Sharing is enforced by the ste policy by requiring that two domains that want 
-to establish an event channel or grant pages to each other must have a common 
-color. Currently all domains communicate through DOM0 by default; i.e., 
Domain0 
-will necessarily have all colors to be able to create domains (thus, we will 
-assign ssidref(0) to Domain0 in our example below.
-
-More complex mandatory access control policies governing sharing will follow; 
-such policies are more sophisticated than the "color" scheme above by allowing 
-more flexible (and complex :_) access control decisions than "share a color" 
or 
-"don't share a color" and will be able to express finer-grained policies.
-
-
-2.3 Binary Policy:
-In the future, we will have a policy tool that takes as input a more humane 
-policy description, using types such as development, home-banking, donated-
-Grid, CorpA-Payload ... and translates the respective policy into what we see 
-today as the binary policy using 1s and 0s and sets of them. For now, we must 
-live with the binary policy when working with sHype.
-
-    
-2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy, 
-edit the file (yes, this will soon be a compile option):
-  xeno-unstable.bk/xen/include/public/acm.h
-  Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
-   To : #define ACM_USE_SECURITY_POLICY 
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
-   cd xeno-unstable.bk
-   make mrproper
-   make uninstall (manually remove /etc/xen.old if necessary)
-   make
-   ./install.sh      (recreate your kernel initrd's if necessary)
-   Reboot into new xen.gz
-     
-After booting, check out 'xm dmesg'; should show somewhere in the middle:
-
-(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE 
-ENFORCEMENT policy.
-
-Even though you can activate those policies in any combination and also 
-independently, the policy tool currently only supports setting the policy for 
-the above combination.
-
-Now look at the minimal startup policy with:
-                xeno-unstable.bk/tools/policytool getpolicy
-
-You should see something like:
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic     = 1debc.
-PolVer    = aaaa0000.
-Len       = 36.
-Primary   = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c).
-
-
-Chinese Wall policy:
-====================
-Max Types     = 1.
-Max Ssidrefs  = 1.
-Max ConfSets  = 1.
-Ssidrefs Off  = 10.
-Conflicts Off = 12.
-Runing T. Off = 14.
-C. Agg. Off   = 16.
-
-SSID To CHWALL-Type matrix:
-
-   ssidref 0:  00 
-
-Confict Sets:
-
-   c-set 0:    00 
-
-Running
-Types:         00 
-
-Conflict
-Aggregate Set: 00 
-
-
-Simple Type Enforcement policy:
-===============================
-Max Types     = 1.
-Max Ssidrefs  = 1.
-Ssidrefs Off  = 8.
-
-SSID To STE-Type matrix:
-
-   ssidref 0: 01 
-
-
-Policy dump End.
-
-This is a minimal policy (of little use), except it will disable starting any 
-domain that does not have ssidref set to 0x0. The Chinese Wall policy has 
-nothing to enforce and the ste policy only knows one type, which is set for 
the 
-only defined ssidref.
-
-The item that defines the ssidref in a domain configuration is:
-
-ssidref = 0x12345678
-
-Where ssidref is interpreted as a 32bit number, where the lower 16bits become 
-the ssidref for the primary policy and the higher 16bits become the ssidref 
for 
-the secondary policy. sHype currently supports two policies but this is an 
-implementation decision and can be extended if necessary.
-
-This reference defines the security information of a domain. The meaning of 
the 
-SSID-REF depends on the policy, so we explain it when we explain the real 
-policies.
-
-
-Setting a new Security Policy:
-******************************
-The policy tool with all its current limitations has one usable example policy 
-compiled-in. Please try at this time to use the setpolicy command:
-       xeno-unstable.bk/tools/policy/policy_tool setpolicy
-
-You should see a dump of the policy you are setting. It should say at the very 
-end: 
-
-Policy successfully set.
-
-Now try to dump the currently enforced policy, which is the policy we have 
just 
-set and the dynamic security state information of this policy 
-(<<< ... some additional explanations)
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic     = 1debc.
-PolVer    = aaaa0000.
-Len       = 112.
-Primary   = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
-
-
-Chinese Wall policy:
-====================
-Max Types     = a.
-Max Ssidrefs  = 5.
-Max ConfSets  = 2.
-Ssidrefs Off  = 10.
-Conflicts Off = 74.
-Runing T. Off = 9c.
-C. Agg. Off   = b0.
-
-SSID To CHWALL-Type matrix:
-
-   ssidref 0:  01 00 00 00 00 00 00 00 00 00  <<< type0 is set for ssidref0
-   ssidref 1:  00 01 00 00 00 00 00 00 00 00 
-   ssidref 2:  00 00 01 00 00 00 00 00 00 00 
-   ssidref 3:  00 00 00 01 00 00 00 00 00 00 
-   ssidref 4:  00 00 00 00 01 00 00 00 00 00  <<< type4 is set for ssidref4
-                                              <<< types 5-9 are unused
-Confict Sets:
-
-   c-set 0:    00 00 01 01 00 00 00 00 00 00  <<< type2 and type3 never run 
together
-   c-set 1:    01 00 00 00 00 01 01 00 00 00  <<< only one of types 0, 5 or 6 
-                                              <<<   can run simultaneously
-Running
-Types:         01 00 00 00 00 00 00 00 00 00  <<< ref-count for types of 
running domains
-
-Conflict
-Aggregate Set: 00 00 00 00 00 01 01 00 00 00  <<< aggregated set of types that 
                 
-                                              <<< cannot run because they 
-                                              <<< are in conflict set 1 and
-                                              <<< (domain 0 is running w t0)
-                                             
-
-Simple Type Enforcement policy:
-===============================
-Max Types     = 5.
-Max Ssidrefs  = 5.
-Ssidrefs Off  = 8.
-
-SSID To STE-Type matrix:
-
-   ssidref 0: 01 01 01 01 01                  <<< ssidref0 points to a set 
that                  
-                                              <<< has all types set (colors)
-   ssidref 1: 00 01 00 00 00                  <<< ssidref1 has color1 set
-   ssidref 2: 00 00 01 00 00                  <<< ...
-   ssidref 3: 00 00 00 01 00 
-   ssidref 4: 00 00 00 00 01 
-
-
-Policy dump End.
-
-
-This is a small example policy with which we will demonstrate the enforcement.
-
-Starting Domains with policy enforcement
-========================================
-Now let us play with this policy. 
-
-Define 3 or 4 domain configurations. I use the following config using a 
ramdisk 
-only and about 8MBytes of memory for each DomU (test purposes):
-
-#-------configuration xmsec1-------------------------
-kernel = "/boot/vmlinuz-2.6.11-xenU"
-ramdisk="/boot/U1_ramdisk.img"
-#security reference identifier
-ssidref= 0x00010001
-memory = 10
-name = "xmsec1"
-cpu = -1   # leave to Xen to pick
-# Number of network interfaces. Default is 1.
-nics=1
-dhcp="dhcp"
-#-----------------------------------------------------
-
-xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use 
-your domain config file and add "ssidref = 0x00010001" to the first (xmsec1),  
-"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003" 
 
-to the third (we will call this one xmsec3).
-
-First start xmsec1: xm create -c xmsec1 (succeeds)
-
-Then
-[root@laptop policy]# xm list 
-Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
-Domain-0           0      620   0  r----     42.3            s:00/p:00
-xmnosec            1        9   0  -b---      0.3    9601    s:00/p:05
-xmsec1             2        9   0  -b---      0.2    9602    s:01/p:01
-
-Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1 
-and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are  
-independent and can differ for a domain.
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic     = 1debc.
-PolVer    = aaaa0000.
-Len       = 112.
-Primary   = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
-
-
-Chinese Wall policy:
-====================
-Max Types     = a.
-Max Ssidrefs  = 5.
-Max ConfSets  = 2.
-Ssidrefs Off  = 10.
-Conflicts Off = 74.
-Runing T. Off = 9c.
-C. Agg. Off   = b0.
-
-SSID To CHWALL-Type matrix:
-
-   ssidref 0:  01 00 00 00 00 00 00 00 00 00
-   ssidref 1:  00 01 00 00 00 00 00 00 00 00
-   ssidref 2:  00 00 01 00 00 00 00 00 00 00
-   ssidref 3:  00 00 00 01 00 00 00 00 00 00
-   ssidref 4:  00 00 00 00 01 00 00 00 00 00
-
-Confict Sets:
-
-   c-set 0:    00 00 01 01 00 00 00 00 00 00
-   c-set 1:    01 00 00 00 00 01 01 00 00 00   <<< t1 is not part of any c-set
-
-Running
-Types:         01 01 00 00 00 00 00 00 00 00   <<< xmsec1 has ssidref 1->type1
-                  ^^                           <<< ref-count at position 1 incr
-Conflict
-Aggregate Set: 00 00 00 00 00 01 01 00 00 00   <<< domain 1 was allowed to     
  
-                                               <<< start since type 1 was not
-                                               <<< in conflict with running 
-                                               <<< types
-                                            
-Simple Type Enforcement policy:
-===============================
-Max Types     = 5.
-Max Ssidrefs  = 5.
-Ssidrefs Off  = 8.
-
-SSID To STE-Type matrix:
-
-   ssidref 0: 01 01 01 01 01           <<< the ste policy does not maintain; we
-   ssidref 1: 00 01 00 00 00   <--     <<< see that domain xmsec1 has ste 
-   ssidref 2: 00 00 01 00 00           <<< ssidref1->type1 and has this type in
-   ssidref 3: 00 00 00 01 00           <<< common with dom0
-   ssidref 4: 00 00 00 00 01
-
-
-Policy dump End.
-
-Look at sHype output in xen dmesg:
-
-[root@laptop xen]# xm dmesg
-.
-.
-[somewhere near the very end]
-(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1.
-(XEN) ste_init_domain_ssid.
-(XEN) ste_init_domain_ssid: determined ste_ssidref to 1.
-(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01.
-(XEN) chwall_post_domain_create.
-(XEN) ste_pre_eventchannel_interdomain.
-(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
-(XEN) shype_authorize_domops.
-(XEN) ste_pre_eventchannel_interdomain.
-(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
-(XEN) ste_pre_eventchannel_interdomain.
-(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
-
-
-You can see that the chinese wall policy does not complain and that the ste 
-policy makes three access control decisions for three event-channels setup 
-between domain 0 and the new domain 1. Each time, the two domains share the 
-type1 and setting up the eventchannel is permitted.
-
-
-Starting up a second domain xmsec2:
-
-[root@laptop xen]# xm create -c xmsec2
-Using config file "xmsec2".
-Started domain xmsec2, console on port 9602
-************ REMOTE CONSOLE: CTRL-] TO QUIT ********
-Linux version 2.6.11-xenU (root@xxxxxxxxxxxxxxx) (gcc version 3.4.2 20041017 
-(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005
-.
-.
-.
-[root@laptop policy]# xm list
-Name              Id  Mem(MB)  CPU  State  Time(s)  Console  
-Domain-0           0      620   0  r----     71.7            s:00/p:00
-xmsec1             1        9   0  -b---      0.3    9601    s:01/p:01
-xmsec2             2        7   0  -b---      0.3    9602    s:02/p:02   << 
our domain runs both policies with ssidref 2
-
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic     = 1debc.
-PolVer    = aaaa0000.
-Len       = 112.
-Primary   = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
-
-
-Chinese Wall policy:
-====================
-Max Types     = a.
-Max Ssidrefs  = 5.
-Max ConfSets  = 2.
-Ssidrefs Off  = 10.
-Conflicts Off = 74.
-Runing T. Off = 9c.
-C. Agg. Off   = b0.
-
-SSID To CHWALL-Type matrix:
-
-   ssidref 0:  01 00 00 00 00 00 00 00 00 00
-   ssidref 1:  00 01 00 00 00 00 00 00 00 00
-   ssidref 2:  00 00 01 00 00 00 00 00 00 00   <<< our domain has type 2 set
-   ssidref 3:  00 00 00 01 00 00 00 00 00 00
-   ssidref 4:  00 00 00 00 01 00 00 00 00 00
-
-Confict Sets:
-
-   c-set 0:    00 00 01 01 00 00 00 00 00 00   <<< t2 is in c-set0 with type 3
-   c-set 1:    01 00 00 00 00 01 01 00 00 00
-
-Running
-Types:         01 01 01 00 00 00 00 00 00 00   <<< t2 is running since the 
-                     ^^                        <<< current aggregate conflict
-                                               <<< set (see above) does not 
-                                               <<< include type 2
-Conflict
-Aggregate Set: 00 00 00 01 00 01 01 00 00 00   <<< type 3 is added to the 
-                                               <<< conflict aggregate
-
-
-Simple Type Enforcement policy:
-===============================
-Max Types     = 5.
-Max Ssidrefs  = 5.
-Ssidrefs Off  = 8.
-
-SSID To STE-Type matrix:
-
-   ssidref 0: 01 01 01 01 01
-   ssidref 1: 00 01 00 00 00
-   ssidref 2: 00 00 01 00 00
-   ssidref 3: 00 00 00 01 00
-   ssidref 4: 00 00 00 00 01
-
-
-Policy dump End.
-
-
-The sHype xen dmesg output looks similar to the one above when starting the 
-first domain.
-
-Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which 
-conflicts with running type2 (from xmsec2). As expected, creating this domain 
-fails for security policy enforcement reasons.
-
-[root@laptop xen]# xm create -c xmsec3
-Using config file "xmsec3".
-Error: Error creating domain: (22, 'Invalid argument')
-[root@laptop xen]#
-
-[root@laptop xen]# xm dmesg
-.
-.
-[somewhere near the very end]
-(XEN) chwall_pre_domain_create.
-(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03.
-
-xmsec3 ssidref3 points to type3, which is in the current conflict aggregate 
-set. This domain cannot start until domain xmsec2 is destroyed, at which time 
-the aggregate conflict set is reduced and type3 is excluded from it. Then, 
-xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it.
-
-3. Policy tool
-**************
-toos/policy/policy_tool.c
-
-a) ./policy_tool getpolicy
-      prints the currently enforced policy
-      (see for example section 1.)
-
-b) ./policy_tool setpolicy
-      sets a predefined and hardcoded security
-      policy (the one described in section 2.)
-
-c) ./policy_tool dumpstats
-      prints some status information about the caching
-      of access control decisions (number of cache hits
-      and number of policy evaluations for grant_table
-      and event channels).
-
-d) ./policy_tool loadpolicy <binary_policy_file>
-      sets the policy defined in the <binary_policy_file>
-      please use the policy_processor that is posted to this
-      mailing list to create such a binary policy from an XML
-      policy description
-
-4. Policy interface:
-********************
-The Policy interface is working in "network-byte-order" (big endian). The 
reason for this
-is that policy files/management should be portable and independent of the 
platforms.
-
-Our policy interface enables managers to create a single binary policy file in 
a trusted
-environment and distributed it to multiple systems for enforcement.
-
-5. Booting with a binary policy:
-********************************
-The grub configuration file can be adapted to boot the hypervisor with an
-already active policy. To do this, a binary policy file - this can be
-the same file as used by the policy_tool - should be placed into the boot
-partition. The following entry from the grub configuration file shows how
-a binary policy can be added to the system during boot time. Note that the 
-binary policy must be of the same type that the hypervisor was compiled 
-for. The policy module line should also only be added as the last module
-line if XEN was compiled with the access control module (ACM).
-
-title XEN0 3.0 Devel
-       kernel /xen.gz dom0_mem=400000
-       module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0
-       module /initrd-2.6.12-xen0.img
-       module /xen_sample_policy.bin
-
-
-====================end-of file=======================================
diff -r 99914b54f7bf -r 81576d3d1ca8 
linux-2.6-xen-sparse/drivers/xen/blkback/control.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/control.c        Thu Aug 18 
18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,61 +0,0 @@
-/******************************************************************************
- * arch/xen/drivers/blkif/backend/control.c
- * 
- * Routines for interfacing with the control plane.
- * 
- * Copyright (c) 2004, Keir Fraser
- */
-
-#include "common.h"
-
-static void blkif_ctrlif_rx(ctrl_msg_t *msg, unsigned long id)
-{
-    DPRINTK("Received blkif backend message, subtype=%d\n", msg->subtype);
-    
-    switch ( msg->subtype )
-    {
-    case CMSG_BLKIF_BE_CREATE:
-        blkif_create((blkif_be_create_t *)&msg->msg[0]);
-        break;        
-    case CMSG_BLKIF_BE_DESTROY:
-        blkif_destroy((blkif_be_destroy_t *)&msg->msg[0]);
-        break;        
-    case CMSG_BLKIF_BE_CONNECT:
-        blkif_connect((blkif_be_connect_t *)&msg->msg[0]);
-        break;        
-    case CMSG_BLKIF_BE_DISCONNECT:
-        if ( !blkif_disconnect((blkif_be_disconnect_t *)&msg->msg[0],msg->id) )
-            return; /* Sending the response is deferred until later. */
-        break;        
-    case CMSG_BLKIF_BE_VBD_CREATE:
-        vbd_create((blkif_be_vbd_create_t *)&msg->msg[0]);
-        break;
-    case CMSG_BLKIF_BE_VBD_DESTROY:
-        vbd_destroy((blkif_be_vbd_destroy_t *)&msg->msg[0]);
-        break;
-    default:
-        DPRINTK("Parse error while reading message subtype %d, len %d\n",
-                msg->subtype, msg->length);
-        msg->length = 0;
-        break;
-    }
-
-    ctrl_if_send_response(msg);
-}
-
-void blkif_ctrlif_init(void)
-{
-    ctrl_msg_t cmsg;
-    blkif_be_driver_status_t st;
-
-    (void)ctrl_if_register_receiver(CMSG_BLKIF_BE, blkif_ctrlif_rx, 
-                                    CALLBACK_IN_BLOCKING_CONTEXT);
-
-    /* Send a driver-UP notification to the domain controller. */
-    cmsg.type      = CMSG_BLKIF_BE;
-    cmsg.subtype   = CMSG_BLKIF_BE_DRIVER_STATUS;
-    cmsg.length    = sizeof(blkif_be_driver_status_t);
-    st.status      = BLKIF_DRIVER_STATUS_UP;
-    memcpy(cmsg.msg, &st, sizeof(st));
-    ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/Makefile
--- a/tools/misc/policyprocessor/Makefile       Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,42 +0,0 @@
-XEN_ROOT = ../../..
-include $(XEN_ROOT)/tools/Rules.mk
-
-CFLAGS   += -static
-CFLAGS   += -Wall
-CFLAGS   += -Werror
-CFLAGS   += -O3
-CFLAGS   += -fno-strict-aliasing
-CFLAGS   += -I.
-
-all: build
-
-build: mk-symlinks
-       $(MAKE) xml_to_bin
-
-default: all
-
-install: all
-
-xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java 
SecurityLabel.java myHandler.java
-       javac XmlToBin.java
-
-make_include : c2j_include
-       ./c2j_include
-
-c2j_include: c2j_include.c
-       $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
-
-clean:
-       rm -rf *.class xen c2j_include policy_version.java *.bin
-
-
-LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
-mk-symlinks:
-       [ -e xen/linux ] || mkdir -p xen/linux
-       [ -e xen/io ]    || mkdir -p xen/io
-       ( cd xen >/dev/null ; \
-         ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
-       ( cd xen/io >/dev/null ; \
-         ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
-       ( cd xen/linux >/dev/null ; \
-         ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/misc/policyprocessor/SecurityLabel.java
--- a/tools/misc/policyprocessor/SecurityLabel.java     Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,34 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * SecurityLabel Class.  
- *
- * <p>
- *
- * Keeps track of types.
- *
- * <p>
- *
- *
- */
-import java.util.*;
-public class SecurityLabel
-{
- Vector ids;
- Vector vlans;
- Vector slots;
- Vector steTypes;
- int steSsidPosition;
- Vector chwIDs;
- Vector chwTypes;
- int chwSsidPosition;
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/misc/policyprocessor/SecurityPolicySpec.xsd
--- a/tools/misc/policyprocessor/SecurityPolicySpec.xsd Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Ray Valdez, rvaldez@xxxxxxxxxx -->
-<!-- xml schema definition for xen xml policies -->
-<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema";
-targetNamespace="http://www.ibm.com";
-xmlns="http://www.ibm.com"; 
-elementFormDefault="qualified">
-
-<xsd:element name="TE" type="xsd:string" />
-<xsd:element name="ChWall" type="xsd:string" />
-
-<xsd:element name="Definition">
-  <xsd:complexType>
-       <xsd:sequence>
-
-         <!-- simple type enforcement -->
-         <xsd:element name="Types" minOccurs ="0" maxOccurs="1">
-               <xsd:complexType>
-                 <xsd:sequence>
-                       <xsd:element ref="TE" minOccurs ="1" maxOccurs 
="unbounded"/>
-                 </xsd:sequence>
-               </xsd:complexType>
-         </xsd:element>
-
-         <!-- chinese wall -->
-         <!--   type definition -->
-         <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1">
-               <xsd:complexType>
-                 <xsd:sequence>
-                       <xsd:element ref="ChWall"  minOccurs ="1" maxOccurs 
="unbounded"/>
-
-               </xsd:sequence>
-          </xsd:complexType>
-       </xsd:element>
-
-       <!--   conflict set -->
-         <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded">
-               <xsd:complexType>
-                 <xsd:sequence>
-                       <xsd:element ref="ChWall"  minOccurs ="2" maxOccurs 
="unbounded"/>
-                 </xsd:sequence>
-               </xsd:complexType>
-       </xsd:element>
-
-       </xsd:sequence>
-  </xsd:complexType>
-</xsd:element>
-
-<xsd:element name="Policy">
-    <xsd:complexType>
-      <xsd:sequence>
-
-       <xsd:element name="PolicyHeader">
-       <xsd:complexType>
-          <xsd:all>
-               <xsd:element name = "Name" type="xsd:string"/>
-               <xsd:element name = "DateTime" type="xsd:dateTime"/>
-               <xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1" 
type="xsd:string"/>
-               <xsd:element name = "TypeDefinition">
-               <xsd:complexType>
-                 <xsd:all>
-                       <xsd:element name = "url" type="xsd:string"/>
-                       <xsd:element name = "hash" minOccurs ="0" maxOccurs 
="1" type="xsd:string"/>
-                 </xsd:all>
-               </xsd:complexType>
-               </xsd:element>
-
-          </xsd:all>
-       </xsd:complexType>
-       </xsd:element>
-
-       <xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded">
-         <xsd:complexType>
-          <xsd:sequence>
-               <xsd:element name="id" type="xsd:integer"/>
-               <xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" />
-               <xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/>
-          </xsd:sequence>
-         </xsd:complexType>
-       </xsd:element>
-
-       <xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded">
-         <xsd:complexType>
-          <xsd:sequence>
-               <xsd:element name="vid" type="xsd:integer"/>
-               <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
-          </xsd:sequence>
-         </xsd:complexType>
-       </xsd:element>
-
-       <xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded">
-         <xsd:complexType>
-          <xsd:sequence>
-               <xsd:element name="bus" type="xsd:integer"/>
-               <xsd:element name="slot" type="xsd:integer"/>
-               <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
-          </xsd:sequence>
-         </xsd:complexType>
-       </xsd:element>
-
-
-      </xsd:sequence>
-    </xsd:complexType>
-</xsd:element>
-
-<!-- root element -->
-<xsd:element name="SecurityPolicySpec">
-    <xsd:complexType>
-      <xsd:choice>
-               <xsd:element ref="Definition" minOccurs ="1" 
maxOccurs="unbounded"/>
-               <xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/>
-      </xsd:choice>
-    </xsd:complexType>
-</xsd:element>
-</xsd:schema>
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/SsidsEntry.java
--- a/tools/misc/policyprocessor/SsidsEntry.java        Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,29 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $
- *
- * Author: Ray Valdez
- * 
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * SsidsEntry Class.  
- * <p>
- *
- * Holds ssid information.
- *
- * <p>
- *
- *
- */
-public class SsidsEntry 
- {
-  int id;      /* used for partition and vlan */
-  int bus;     /* used for slots */
-  int slot;
-  int ste = 0xffffffff;
-  int chw = 0xffffffff;
- }
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/XmlToBin.java
--- a/tools/misc/policyprocessor/XmlToBin.java  Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,1570 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * Contributors:
- *         Reiner Sailer - adjust type-lengths
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * XmlToBin  Class.  
- * <p>
- *
- * Translates a xml representation of a SHYPE policy into a binary  
- * format.  The class processes an xml policy file based on elment tags 
- * defined in a schema definition files: SecurityPolicySpec.xsd.
- *
- * XmlToBin Command line Options: 
- *
- *      -i              inputFile:      name of policyfile (.xml)
- *      -o              outputFile:     name of binary policy file (Big Endian)
- *      -xssid          SsidFile:       xen ssids to types text file
- *      -xssidconf      SsidConf:      xen conflict ssids to types text file
- *      -debug                          turn on debug messages
- *      -help                           help. This printout
- *
- * <p>
- *
- *
- */
-import java.util.*;
-import java.io.*;
-import java.io.IOException;
-import java.io.FileNotFoundException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.Attr;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.NamedNodeMap;
-import org.xml.sax.*;
-import javax.xml.parsers.*;
-import org.xml.sax.helpers.*;
-
-public class XmlToBin 
- implements XmlToBinInterface
-{
-  class SlotInfo {
-       String bus;
-       String slot;
-  }
-
- boolean LittleEndian = false;
- boolean debug = false;
-
- static final String JAXP_SCHEMA_LANGUAGE = 
"http://java.sun.com/xml/jaxp/properties/schemaLanguage";;
-
- static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";;
-
- public static void printUsage()
- {
-  System.out.println("XmlToBin Command line Options: ");
-  System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)");
-  System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big 
Endian)");
-  System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text 
file");
-  System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named 
types text file");
-  System.out.println("\t-debug\t\t\t\tturn on debug messages");
-  System.out.println("\t-help\t\t\t\thelp. This printout");
-  return;
- }
-
- public void printDebug(String message) 
- {
-  if (debug)
-    System.out.println(message);
- }
-
- public void writeBinPolicy(byte[] binPolicy, String outputFileName)
-  throws Exception
- {
-    if (debug) 
-       printHex(binPolicy,binPolicy.length);
-
-    DataOutputStream writeObj = new DataOutputStream(
-                                new FileOutputStream(outputFileName));
-
-    writeObj.write(binPolicy);
-    writeObj.flush();
-    writeObj.close();
-    System.out.println(" wBP:: wrote outputfile: " + outputFileName);
-
-    return; 
- }  
-
- public void writeXenTypeVectorFile(Vector list, String outputFileName)
-  throws Exception
- {
-  PrintWriter out;
-
-  if (0 == list.size())
-  {
-       printDebug(" wSTF : size of input is zero when writing :" + 
outputFileName); 
-       return;
-  }
- out = new PrintWriter(
-               new BufferedWriter(
-                      new FileWriter(outputFileName)));
-
-
-  for (int i = 0; i < list.size(); i++)
-  {
-       Vector  ee = (Vector) list.elementAt(i);
-       out.println(i + " " +ee.toString());
-  } 
-    out.close();
-   
-    return; 
- }
-
- public void writeXenTypeFile(Vector list, String outputFileName, boolean 
slabel)
-  throws Exception
- {
-  Vector entry; 
-  String strTypes = "";
-  SecurityLabel ee;
-  PrintWriter out;
-
-  if (0 == list.size())
-  {
-       printDebug(" wSTF : size of input is zero when writing :" + 
outputFileName); 
-       return;
-  }
-  out = new PrintWriter(
-               new BufferedWriter(
-                      new FileWriter(outputFileName)));
-
-  for (int i = 0; i < list.size(); i++)
-  {
-       ee = (SecurityLabel) list.elementAt(i);
-
-       if (slabel)
-       {
-               entry = ee.steTypes; 
-       } else {
-
-               entry = ee.chwTypes; 
-       }
-       if (null == entry) continue;
-
-       Enumeration e = entry.elements(); 
-       while (e.hasMoreElements())
-       {
-         String typeName = (String) e.nextElement(); 
-         strTypes = strTypes + " " + typeName;
-        }
-         printDebug(" WXTF:: ssid : "+i +" :"+strTypes); 
-         out.println(i +" "+strTypes);
-         strTypes = "";
-  } 
-  out.close();
-   
-  return; 
- }
-
- public void setDebug(boolean value)
- {
-  debug=value;
- }
-
- public void setEndian(boolean value)
- {
-  LittleEndian = value;
- }
-
- public byte[] generateVlanSsids(Vector bagOfSsids)
-  throws Exception
- {
-  /**
-        typedef struct {
-        u16 vlan;
-        u16 ssid_ste;
-        } acm_vlan_entry_t;
-  **/
-
-  Hashtable  vlanSsid = new Hashtable();
-  printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size());
-
-  /* Get the number of partitions */
-  for (int i = 0; i < bagOfSsids.size(); i++)
-  {
-       SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
-
-       if (null == entry.vlans)
-         continue;
-
-       Enumeration e = entry.vlans.elements(); 
-       while (e.hasMoreElements())
-       {
-         String id = (String) e.nextElement(); 
-         printDebug(" gVS:: vlan: " + id + "has ste ssid: " + 
entry.steSsidPosition);
-         if (-1 == entry.steSsidPosition)
-               continue;  
-
-         /* Only use ste for vlan */
-         SsidsEntry  ssidsObj = new SsidsEntry();
-
-         ssidsObj.id = Integer.parseInt(id); 
-         ssidsObj.ste = entry.steSsidPosition;
-
-         if (vlanSsid.contains(id))
-               printDebug(" gVS:: Error already in the Hash part:" + 
ssidsObj.id);
-         else 
-               vlanSsid.put(id, ssidsObj);
-               printDebug(" gVS:: added part: " + id + "has ste ssid: " + 
entry.steSsidPosition);
-       }
-  }
-
-  /* allocate array */ 
-  int numOfVlan = vlanSsid.size();
-  int totalSize = (numOfVlan * vlanEntrySz);  
-
-  if (0 == numOfVlan) 
-  {
-       printDebug(" gVS:: vlan: binary ==> zero");
-        return new byte[0];
-  }
-
-  byte[] vlanArray = new byte[totalSize];
-
-  int index = 0;
-
-  Enumeration e = vlanSsid.elements(); 
-  while (e.hasMoreElements())
-  {
-       SsidsEntry entry = (SsidsEntry) e.nextElement(); 
-       printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste);
-
-       /* Write id */
-       writeShortToStream(vlanArray,(short)entry.id,index);
-       index = index + u16Size;
-
-       /* write ste ssid */
-       writeShortToStream(vlanArray,(short) entry.ste,index);
-       index = index + u16Size;
-  }
-
-  printDebug(" gVS:: vlan: num of vlans  " + numOfVlan);
-  printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length);
-
-  if (debug) 
-       printHex(vlanArray,vlanArray.length);
-  printDebug("\n");
-
-  return vlanArray; 
- }  
-
- public byte[] generateSlotSsids(Vector bagOfSsids)
-  throws Exception
- {
-  /**
-        typedef struct {
-        u16 slot_max;
-        u16 slot_offset;
-        } acm_slot_buffer_t;
-
-        typedef struct {
-        u16 bus;
-        u16 slot;
-        u16 ssid_ste;
-        } acm_slot_entry_t;
-  **/
-  Hashtable  slotSsid = new Hashtable();
-  printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size());
-
-  /* Find the number of VMs */ 
-  for (int i = 0; i < bagOfSsids.size(); i++)
-  {
-       SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
-
-       if (null == entry.slots)
-         continue;
-
-       Enumeration e = entry.slots.elements(); 
-       while (e.hasMoreElements())
-       {
-         SlotInfo item = (SlotInfo) e.nextElement(); 
-         printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " +  
entry.steSsidPosition);
-         if (-1 == entry.steSsidPosition)
-               continue;  
-
-         SsidsEntry  ssidsObj = new SsidsEntry();
-
-         String id = item.bus +" "+item.slot;
-         ssidsObj.bus = Integer.parseInt(item.bus); 
-         ssidsObj.slot = Integer.parseInt(item.slot); 
-         /* set ste ssid */
-         ssidsObj.ste = entry.steSsidPosition;
-
-         if (slotSsid.contains(id))
-               printDebug(" gSS:: Error already in the Hash part:" + id);
-         else 
-               slotSsid.put(id, ssidsObj);
-
-               printDebug(" gSS:: added slot: " + id + "has ste ssid: " + 
entry.steSsidPosition);
-       }
-  }
-
-  /* allocate array */
-  int numOfSlot = slotSsid.size();
-
-  if (0 == numOfSlot) 
-  {
-       printDebug(" gVS:: slot: binary ==> zero");
-        return new byte[0];
-  }
-
-  int totalSize = (numOfSlot * slotEntrySz);  
-
-  byte[] slotArray = new byte[totalSize];
-
-  int index = 0;
-
-  Enumeration e = slotSsid.elements(); 
-  while (e.hasMoreElements())
-  {
-       SsidsEntry entry = (SsidsEntry) e.nextElement(); 
-       System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot + 
" ste ssid: " + entry.ste);
-
-       /* Write bus */
-       writeShortToStream(slotArray,(short)entry.bus,index);
-       index = index + u16Size;
-
-       /* Write slot */ 
-       writeShortToStream(slotArray,(short)entry.slot,index);
-       index = index + u16Size;
-
-       /* Write ste ssid */
-       writeShortToStream(slotArray,(short) entry.ste,index);
-       index = index + u16Size;
-
-  }
-   
-  printDebug(" gSS:: slot: num of vlans  " + numOfSlot);
-  printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length);
-
-  if (debug) 
-        printHex(slotArray,slotArray.length);
-  printDebug("\n");
-
-  return slotArray; 
-
- }  
-
- public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids)
-  throws Exception
- {
-  /**
-        typedef struct {
-        u16 id;
-        u16 ssid_ste;
-        u16 ssid_chwall;
-        } acm_partition_entry_t;
-
-  **/
-  Hashtable  partSsid = new Hashtable();
-  printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size());
-
-  /* Find the number of VMs */ 
-  for (int i = 0; i < bagOfSsids.size(); i++)
-  {
-       SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
-
-       if (null == entry.ids)
-         continue;
-
-       Enumeration e = entry.ids.elements(); 
-       while (e.hasMoreElements())
-       {
-         String id = (String) e.nextElement(); 
-         printDebug(" gPS:: part: " + id + "has ste ssid: " + 
entry.steSsidPosition);
-         if (-1 == entry.steSsidPosition)
-               continue;  
-
-         SsidsEntry  ssidsObj = new SsidsEntry();
-
-         ssidsObj.id = Integer.parseInt(id); 
-         ssidsObj.ste = entry.steSsidPosition;
-
-         if (partSsid.contains(id))
-               printDebug(" gPS:: Error already in the Hash part:" + 
ssidsObj.id);
-         else 
-               partSsid.put(id, ssidsObj);
-               printDebug(" gPS:: added part: " + id + "has ste ssid: " + 
entry.steSsidPosition);
-       }
-
-  }
-
-  for (int i = 0; i < bagOfChwSsids.size(); i++)
-  {
-       SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i);
-
-       Enumeration e = entry.chwIDs.elements(); 
-       while (e.hasMoreElements())
-       {
-         String id = (String) e.nextElement(); 
-         printDebug(" gPS:: part: " + id + "has chw ssid: " + 
entry.chwSsidPosition);
-         if (partSsid.containsKey(id))
-         {
-               SsidsEntry item = (SsidsEntry) partSsid.get(id);
-               item.chw = entry.chwSsidPosition;
-               printDebug(" gPS:: added :" + item.id +" chw: " + item.chw);
-         }
-         else 
-         {
-               printDebug(" gPS:: creating :" + id +" chw: " + 
entry.chwSsidPosition);
-               SsidsEntry  ssidsObj = new SsidsEntry();
-               ssidsObj.id = Integer.parseInt(id); 
-               ssidsObj.chw = entry.chwSsidPosition;
-               partSsid.put(id, ssidsObj);
-
-         }
-       }
-  }      
-
-  /* Allocate array */
-  int numOfPar = partSsid.size();
-  int totalSize =  (numOfPar * partitionEntrySz);  
-
-  if (0 == numOfPar) 
-  {
-       printDebug(" gPS:: part: binary ==> zero");
-        return new byte[0];
-  }
-
-  byte[] partArray = new byte[totalSize];
-
-  int index = 0;
-
-  Enumeration e = partSsid.elements(); 
-  while (e.hasMoreElements())
-  {
-       SsidsEntry entry = (SsidsEntry) e.nextElement(); 
-       printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + " 
chw ssid: "+ entry.chw);
-
-       /* Write id */
-       writeShortToStream(partArray,(short)entry.id,index);
-       index = index + u16Size;
-
-       /* Write ste ssid */
-       writeShortToStream(partArray,(short) entry.ste,index);
-       index = index + u16Size;
-
-       /* Write chw ssid */
-       writeShortToStream(partArray,(short) entry.chw,index);
-       index = index + u16Size;
-  }
-
-  printDebug(" gPS:: part: num of partitions  " + numOfPar);
-  printDebug(" gPS:: part: binary ==> Length " + partArray.length);
-
-  if (debug) 
-       printHex(partArray,partArray.length);
-  printDebug("\n");
-   
-   return partArray; 
- }
-
- public  byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte 
[] partMap, byte[] vlanMap, byte[] slotMap)
- {
-  byte[] binBuffer;
-  short chwSize =0;
-  short steSize =0;
-  int  index = 0;
-
-  /* Builds data structure acm_policy_buffer_t */
-  /* Get number of colorTypes */
-  if (null != chwPolicy)
-       chwSize = (short) chwPolicy.length;
-
-  if (null != stePolicy)
-       steSize = (short) stePolicy.length;
-
-  int totalDataSize = chwSize + steSize + resourceOffsetSz +  3 *(2 * u16Size);
-
-  /*  Add vlan and slot */ 
-  totalDataSize = totalDataSize +partMap.length + vlanMap.length + 
slotMap.length; 
-  binBuffer = new byte[binaryBufferHeaderSz +totalDataSize];
-       
-
-  try {
-         index = 0;
-         /* fill in General Policy Version */
-         writeIntToStream(binBuffer, ACM_POLICY_VERSION, index);
-         index += u32Size;
-
-         /* Write magic */
-         writeIntToStream(binBuffer, ACM_MAGIC, index);
-         index += u32Size;
-
-         /* write len */
-         writeIntToStream(binBuffer, binBuffer.length, index);
-         index += u32Size;
-
-  } catch (IOException ee) {
-         System.out.println(" GBPB:: got exception : " + ee);
-         return null;
-  }
-
-  int offset, address;
-  address = index;
-
-  if (null != partMap) 
-         offset = binaryBufferHeaderSz + resourceOffsetSz;
-  else
-         offset = binaryBufferHeaderSz;
-
-  try {
-         int skip = 0;
-
-         /* init with NULL policy setting */
-         writeIntToStream(binBuffer, ACM_NULL_POLICY, index);
-         writeIntToStream(binBuffer, 0, index + u32Size);
-         writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size);
-         writeIntToStream(binBuffer, 0, index + 3*u32Size);
-         
-         index = address;
-         if (null != chwPolicy) {
-         
-                 /* Write policy name */
-                 writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index);
-                 index += u32Size;
-
-                 /* Write offset */
-                 writeIntToStream(binBuffer, offset, index);
-                 index += u32Size;
-
-                 /* Write payload. No need increment index */
-                 address = offset;
-                 System.arraycopy(chwPolicy, 0, binBuffer,address, 
chwPolicy.length);
-                 address = address + chwPolicy.length;
-         } else
-                 skip += 2*u32Size;
-
-         if (null != stePolicy) 
-         {     
-               /* Write policy name */
-               writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
index);
-               index += u32Size;
-
-               /* Write offset */
-               writeIntToStream(binBuffer, address, index);
-               index += u32Size;
-
-               /* Copy array */
-               System.arraycopy(stePolicy, 0, binBuffer,address, 
stePolicy.length);
-               /* Update address */
-               address = address + stePolicy.length;
-         } else
-                skip += 2*u32Size;
-
-         /* Skip writing policy name and offset for each null policy*/
-         index +=  skip;
-
-         int size;
-         /* Assumes that you will always have a partition defined in policy */
-         if ( 0 < partMap.length) {
-                 writeIntToStream(binBuffer, address, index);
-                 index = address;
-
-                 /* Compute num of VMs */
-                 size = partMap.length / (3 * u16Size);
-
-                 writeShortToStream(binBuffer, (short)size,index);
-                 index = index + u16Size;
-
-                 /* part, vlan and slot: each one consists of two entries */
-                 offset = 3 * (2 * u16Size);
-                 writeShortToStream(binBuffer, (short) offset,index);
-
-                 /* Write partition array at offset */
-                 System.arraycopy(partMap, 0, binBuffer,(offset + address), 
partMap.length);
-                 index = index + u16Size;
-                 offset = offset + partMap.length;
-         }
-
-         if ( 0 < vlanMap.length) {
-                 size = vlanMap.length / (2 * u16Size);
-                 writeShortToStream(binBuffer, (short) size,index);
-                 index = index + u16Size;
-
-                 writeShortToStream(binBuffer, (short) offset,index);
-                 index = index + u16Size;
-                 System.arraycopy(vlanMap, 0, binBuffer,(offset + address), 
vlanMap.length);
-         } else {
-                 /* Write vlan max */
-                 writeShortToStream(binBuffer, (short) 0,index);
-                 index = index + u16Size;
- 
-                 /* Write vlan offset */
-                 writeShortToStream(binBuffer, (short) 0,index);
-                 index = index + u16Size;
-         }
-
-         offset = offset + vlanMap.length;
-         if ( 0 < slotMap.length) {
-                 size = slotMap.length / (3 * u16Size);
-                 writeShortToStream(binBuffer, (short) size,index);
-                 index = index + u16Size;
-
-                 writeShortToStream(binBuffer, (short) offset,index);
-                 index = index + u16Size;
-                 System.arraycopy(slotMap, 0, binBuffer,(offset + address), 
slotMap.length);
-         }
-  } catch (IOException ee) {
-         System.out.println(" GBPB:: got exception : " + ee);
-         return null;
-  }
-
-  printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
-  if (debug)
-         printHex(binBuffer,binBuffer.length);
-
-  return  binBuffer;
- } 
-
- public  byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector 
ColorTypes)
- {
-  byte[] chwBuffer;
-  int index = 0;
-  int position = 0;
-
-  /* Get number of rTypes */
-  int maxTypes = ColorTypes.size();
-
-  /* Get number of SSids entry */
-  int maxSsids = Ssids.size();
-
-  /* Get number of conflict sets */
-  int maxConflict = ConflictSsids.size();
-
-   
-  if (maxTypes * maxSsids == 0)
-       return null; 
-  /*
-     data structure acm_chwall_policy_buffer
-     se XmlToBinInterface.java
-  */
-  int totalBytes = chwHeaderSize  + u16Size *(maxTypes * (maxSsids + 
maxConflict)); 
-
-  chwBuffer = new byte[ totalBytes ];
-  int address = chwHeaderSize + (u16Size * maxTypes * maxSsids );
-
-  printDebug(" gCB:: chwall totalbytes : "+totalBytes); 
-
-  try {
-         index = 0;
-         /* fill in General Policy Version */
-         writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index);
-         index += u32Size;
-
-         writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index);
-         index += u32Size;
-
-         writeIntToStream(chwBuffer, maxTypes, index);
-         index += u32Size;
-
-         writeIntToStream(chwBuffer, maxSsids, index);
-         index += u32Size;
-
-         writeIntToStream(chwBuffer, maxConflict, index);
-         index += u32Size;
-
-         /*  Write chwall_ssid_offset */
-         writeIntToStream(chwBuffer, chwHeaderSize, index);
-         index += u32Size;
-
-         /* Write chwall_conflict_sets_offset */
-         writeIntToStream(chwBuffer, address, index);
-         index += u32Size;
-
-         /*  Write chwall_running_types_offset */
-         writeIntToStream(chwBuffer, 0, index);
-         index += u32Size;
-
-         /*  Write chwall_conflict_aggregate_offset */
-         writeIntToStream(chwBuffer, 0, index);
-         index += u32Size;
-
-  } catch (IOException ee) {
-       System.out.println(" gCB:: got exception : " + ee); 
-       return null;
-  }
-  int markPos = 0;
-
-  /* Create the SSids entry */
-  for (int i = 0; i < maxSsids; i++)
-  {
-       SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
-       /* Get chwall types */
-       ssidEntry.chwSsidPosition = i;
-       Enumeration e = ssidEntry.chwTypes.elements(); 
-       while (e.hasMoreElements())
-       {
-         String typeName = (String) e.nextElement(); 
-         printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName);
-         position = ColorTypes.indexOf(typeName);
-
-         if (position < 0) 
-         {
-               System.out.println (" gCB:: Error type : " + typeName + " not 
found in ColorTypes"); 
-               return null; 
-         }
-         printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at 
position: " + position); 
-         markPos = ((i * maxTypes + position) * u16Size) + index;      
-
-         try {
-               writeShortToStream(chwBuffer,markSymbol,markPos);
-         } catch (IOException ee) {
-               System.out.println(" gCB:: got exception : "); 
-               return null; 
-         }
-       }
-  }
-
-  if (debug) 
-      printHex(chwBuffer,chwBuffer.length);
-
-  /* Add conflict set */
-  index = address;
-  for (int i = 0; i < maxConflict; i++)
-  {
-       /* Get ste types */
-       Vector entry = (Vector) ConflictSsids.elementAt(i);
-       Enumeration e = entry.elements(); 
-       while (e.hasMoreElements())
-       {
-         String typeName = (String) e.nextElement(); 
-         printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName);
-         position = ColorTypes.indexOf(typeName);
-
-         if (position < 0) 
-         {
-               System.out.println (" GCB:: Error type : " + typeName + " not 
found in ColorTypes"); 
-               return null; 
-         }
-         printDebug(" GCB:: type : " + typeName + "  found in ColorTypes at 
position: " + position); 
-         markPos = ((i * maxTypes + position) * u16Size) + index;      
-
-         try {
-               writeShortToStream(chwBuffer,markSymbol,markPos);
-         } catch (IOException ee) {
-               System.out.println(" GCB:: got exception : "); 
-               return null; 
-         }
-       }
-               
-  } 
-  printDebug(" gSB:: chw binary  ==> Length " + chwBuffer.length); 
-  if (debug) 
-       printHex(chwBuffer,chwBuffer.length);
-  printDebug("\n");
-
-  return chwBuffer;
- }
-
-/**********************************************************************
- Generate byte representation of policy using type information
- <p>
- @param Ssids                  Vector
- @param ColorTypes             Vector
- <p>
- @return bytes represenation of simple type enforcement policy 
-**********************************************************************/
- public  byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes)
- {
-  byte[] steBuffer;
-  int index = 0;
-  int position = 0;
-
-  /* Get number of colorTypes */
-  int numColorTypes = ColorTypes.size();
-
-  /* Get number of SSids entry */
-  int numSsids = Ssids.size();
-   
-  if (numColorTypes * numSsids == 0)
-       return null; 
-
-  /* data structure: acm_ste_policy_buffer
-   * see XmlToBinInterface.java
-   * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
-   * 
-  */
-  steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2];
-
-  try {
-       
-         index = 0;
-         writeIntToStream(steBuffer, ACM_STE_VERSION, index);
-         index += u32Size;
-
-         writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
index);
-         index += u32Size;
-
-         writeIntToStream(steBuffer, numColorTypes, index);
-         index += u32Size;
-
-         writeIntToStream(steBuffer, numSsids, index);
-         index += u32Size;
-
-         writeIntToStream(steBuffer, steHeaderSize, index);
-         index += u32Size;
-
-
-  } catch (IOException ee) {
-       System.out.println(" gSB:: got exception : " + ee); 
-       return null; 
-  }
-  int markPos = 0;
-  for (int i = 0; i < numSsids; i++)
-  {
-       
-       SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
-       ssidEntry.steSsidPosition = i;
-       /* Get ste types */
-       Enumeration e = ssidEntry.steTypes.elements(); 
-       while (e.hasMoreElements())
-       {
-         String typeName = (String) e.nextElement(); 
-         printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName);
-         position = ColorTypes.indexOf(typeName);
-
-         if (position < 0) 
-         {
-               printDebug(" gSB:: Error type : " + typeName + " not found in 
ColorTypes"); 
-               return null; 
-         }
-         printDebug(" gSB:: type : " + typeName + "  found in ColorTypes at 
position: " + position); 
-         markPos = ((i * numColorTypes + position) * u16Size) + index; 
-
-         try {
-               writeShortToStream(steBuffer,markSymbol,markPos);
-         } catch (IOException ee)
-         {
-               System.out.println(" gSB:: got exception : "); 
-               return null; 
-         }
-       }
-               
-  } 
-
-  printDebug(" gSB:: ste binary  ==> Length " + steBuffer.length); 
-  if (debug) 
-       printHex(steBuffer,steBuffer.length);
-  printDebug("\n");
-
-  return steBuffer;
- }
-
- public static  void printHex(byte [] dataArray, int length)
- {
-  char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7',
-                '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-  int hexIndex;
-  int value;
-  int arraylength;
-
-  arraylength = length;
-
-  if (dataArray == null)
-  {
-        System.err.print("printHex: input byte array is null");
-  }
-
-  if (length > dataArray.length || length < 0)
-        arraylength = dataArray.length;
-
-  System.out.print("\n\t");
-
-  int i;
-  for(i = 0; i < arraylength; )
-  {
-        value = dataArray[i] & 0xFF;
-        hexIndex = (value >>> 4);
-        System.out.print(hexChars[hexIndex]);
-        hexIndex = (value & 0x0F);
-        System.out.print(hexChars[hexIndex]);
-
-        i++;
-        /* if done, print a final newline */
-        if (i == arraylength) {
-            if (arraylength < dataArray.length) {
-                System.out.print("...");
-            }
-            System.out.println();
-        }
-        else if ((i % 24) == 0) {
-            System.out.print("\n\t");
-        }
-        else if ((i % 4) == 0) {
-                System.out.print(" ");
-        }
-  }
-
-  return;
- }
-
-  
- private void writeShortToStream(byte[] stream, short value, int index)
-  throws IOException
- {
-  int littleEndian = 0;
-  int byteVal;
-
-  if (index + 2 > stream.length)
-  {
-      throw new IOException("Writing beyond stream length: " +
-                            stream.length + " writing at locations from: " + 
index + " to " + (index + 4));
-  }
-
-  if (!LittleEndian)
-  {
-
-       byteVal = value >> 8;
-       stream[index ] = (byte) byteVal;
-
-       byteVal = value;
-       stream[index + 1] = (byte) byteVal;
-  } else {
-       stream[index]  = (byte) ((value & 0x00ff) );
-       stream[index + 1]  = (byte) ((value & 0xff00) >> 8);
- }
-  return;
- }
-
- private void writeIntToStream(byte[] stream, int value, int index)
-  throws IOException
- {
-  int littleEndian = 0;
-  int byteVal;
-
-  if (4 > stream.length)
-  {
-      throw new IOException("writeIntToStream: stream length less than 4 bytes 
" +
-                            stream.length);
-  }
-
-  /* Do not Write beyond range */
-  if (index + 4 > stream.length)
-  {
-      throw new IOException("writeIntToStream: writing beyond stream length: " 
+
-                            stream.length + " writing at locations from: " + 
index + " to " + (index + 4));
-  }
-  if (!LittleEndian)
-  {
-       byteVal = value >>> 24;
-       stream[index] = (byte) byteVal;
-
-       byteVal = value >> 16;
-       stream[index + 1] = (byte) byteVal;
-
-       byteVal = value >> 8;
-       stream[index + 2] = (byte) byteVal;
-
-       byteVal = value;
-       stream[index + 3] = (byte) byteVal;
-  } else {
-       stream[index] = (byte) value;
-       stream[index + 1]  = (byte) ((value & 0x0000ff00) >> 8);
-       stream[index + 2]  = (byte) ((value & 0x00ff0000) >> 16);
-       stream[index + 3] = (byte) ( value >>> 24);
-  }
-  return;
- }
-
- public Document getDomTree(String xmlFileName)
-  throws Exception, SAXException, ParserConfigurationException
- {
-  javax.xml.parsers.DocumentBuilderFactory dbf = 
-       javax.xml.parsers.DocumentBuilderFactory.newInstance();
-
-  /* Turn on namespace aware and validation */
-  dbf.setNamespaceAware(true); 
-  dbf.setValidating(true);     
-  dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA);
-
-  /* Checks that the document is well-formed */
-  javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
-
-  myHandler errHandler= new myHandler();
-  db.setErrorHandler(errHandler);
-  Document doc = db.parse(xmlFileName);
-
-  /* Checks for validation errors */
-  if (errHandler.isValid)
-       printDebug(" gDT:: Xml file: " + xmlFileName + " is valid");
-   else
-      throw new Exception("Xml file: " + xmlFileName + " is NOT valid");
-
-  return doc;
- }  
-
- public void processDomTree(
-       Document doc,
-       Vector bagOfSsids,      
-       Vector bagOfTypes, 
-       Vector bagOfChwSsids, 
-       Vector bagOfChwTypes, 
-       Vector bagOfConflictSsids)
-  throws Exception, SAXException, ParserConfigurationException
- {
-  boolean found;
-
-  /* print the root Element */
-  Element root = doc.getDocumentElement();
-  printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() + 
",Value = " + root.getNodeValue());
-
-  /* Go through the list of the root Element's Attributes */
-  NamedNodeMap nnm = root.getAttributes();
-  printDebug (" pDT:: # of Attributes: " + nnm.getLength());
-  for (int i = 0; i < nnm.getLength(); i++)
-  {
-         Node n = nnm.item (i);
-        printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value = 
" 
-             + n.getNodeValue());
-  }
-
-  /* Retrieve the policy definition */ 
-  NodeList elementList = root.getElementsByTagName ("url");
-  String definitionFileName = 
elementList.item(0).getFirstChild().getNodeValue();  
-
-  String definitionHash = null;
-
-  /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */
-  elementList = root.getElementsByTagName ("hash");
-  if (0 != elementList.getLength())
-       definitionHash = elementList.item(0).getFirstChild().getNodeValue();  
-
-  Document definitionDoc = 
pGetDomDefinition(definitionFileName,definitionHash);
-  pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids);
-
-
-  /* Get VM security information */
-  elementList = root.getElementsByTagName ("VM");
-  printDebug ("\n pDT:: partition length of NodeList:" + 
elementList.getLength());
-  /* Add default Ssid to Ste and Chw bags */                   
-  SecurityLabel defEntry = new SecurityLabel();
-
-  defEntry.chwTypes = new Vector();
-  defEntry.steTypes = new Vector();
-  defEntry.chwIDs = new Vector();
-  defEntry.ids = new Vector();
-
-  defEntry.steSsidPosition =0;
-  defEntry.chwSsidPosition =0;
-  bagOfChwSsids.add(defEntry);
-  bagOfSsids.add(defEntry);
-
-  for (int x = 0; x < elementList.getLength(); x++)
-  {
-       found = false;
-
-        Node node = elementList.item (x);          
-
-       if (node.getNodeType() == Node.ELEMENT_NODE)
-       {
-         printDebug (" pDT:: child: " + x + " is an element node" );
-         Element e1 = (Element) node;
-
-         /* Get id */
-         NodeList elist = e1.getElementsByTagName ("id");
-         String idStr = elist.item(0).getFirstChild().getNodeValue();  
-         printDebug (" pDT:: id:" + idStr);
-
-         /* Get TE */
-         Vector colorTypes = new Vector();
-         pConflictEntries(e1, "TE", bagOfTypes, colorTypes);
-
-         Enumeration e = bagOfSsids.elements();
-         while (e.hasMoreElements())
-         {
-               SecurityLabel elem = (SecurityLabel) e.nextElement(); 
-               if ( elem.steTypes.size() == colorTypes.size() && 
elem.steTypes.containsAll(colorTypes))
-               {
-                 found = true;
-                 elem.ids.add(idStr);
-               }
-               
-         }
-               if (!found && (0 < colorTypes.size()))
-               {
-                SecurityLabel entry = new SecurityLabel();
-                entry.steTypes = colorTypes;
-                entry.ids = new Vector();
-                entry.ids.add(idStr);
-                bagOfSsids.add(entry);
-               }
-
-               /* Get Chinese wall type */
-               Vector chwTypes = new Vector();
-               pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes);
-
-               found = false;
-               e = bagOfChwSsids.elements();
-
-               while (e.hasMoreElements())
-               {
-                 SecurityLabel elem = (SecurityLabel) e.nextElement(); 
-                 if ( elem.chwTypes.size() == chwTypes.size() && 
elem.chwTypes.containsAll(chwTypes))
-                 {
-                   found = true;
-                   elem.chwIDs.add(idStr);
-                 }
-               
-               }
-
-               if (!found && (0 < chwTypes.size()))
-               {
-                SecurityLabel entry = new SecurityLabel();
-                entry.chwTypes = chwTypes;
-                entry.chwIDs = new Vector();
-                entry.chwIDs.add(idStr);
-                bagOfChwSsids.add(entry);
-               }
-      }
-  } 
-  return;
- }
-
- public Document pGetDomDefinition(
-       String definitionFileName, 
-       String definitionHash) 
-  throws Exception, SAXException, ParserConfigurationException
- {
-  printDebug("\n pGDD:: definition file name: " + definitionFileName);
-  printDebug("\n pGDD:: definition file hash: " + definitionHash);
-  
-  Document doc =  getDomTree(definitionFileName);
-  return doc; 
- }
-
- public void pGetTypes(
-       Document defDoc,
-       Vector bagOfTypes, 
-       Vector bagOfChwTypes, 
-       Vector bagOfConflictSsids)
-  throws Exception
- {
-
-
-  if (null == defDoc)
-      throw new Exception(" pGT:: definition file DOM is null ");
-
-  Element root = defDoc.getDocumentElement();
-
-  /* Get list of TE types */
-  NodeList elementList = root.getElementsByTagName ("Types");
-  printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength());
-  Element e1 = (Element) elementList.item (0);          
-  pGetEntries(e1,"TE",bagOfTypes);
-
-  /* Get list of Chinese types */
-  elementList = root.getElementsByTagName ("ChWallTypes");
-  printDebug ("\n pGT:: ChwTypes length of NodeList:" + 
elementList.getLength());
-  if (0 ==  elementList.getLength())
-  {
-       printDebug ("\n pGT:: ChWallTypes has zero length: :" + 
elementList.getLength());
-  } else {
-       e1 = (Element) elementList.item (0);          
-       pGetEntries(e1,"ChWall",bagOfChwTypes);
-  }
-  printDebug (" pGT:: Total number of unique chw types: " + 
bagOfChwTypes.size());
-
-  /* Get Chinese type conflict sets */
-  elementList = root.getElementsByTagName ("ConflictSet");
-  printDebug ("\n pGT:: Conflict sets length of NodeList:" + 
elementList.getLength());
-  for (int x = 0; x < elementList.getLength(); x++)
-  {
-       Vector conflictEntry  = new Vector();
-       e1 = (Element) elementList.item (x);          
-       printDebug ("\n pGT:: Conflict sets : " + x);
-
-       pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry);
-
-       if (conflictEntry.size() > 0)
-       {
-         boolean found = false;
-         Enumeration e = bagOfConflictSsids.elements();
-       
-         while (e.hasMoreElements())
-         {
-               Vector elem = (Vector) e.nextElement(); 
-               if (elem.size() == conflictEntry.size() && 
elem.containsAll(conflictEntry))
-               {
-                 found = true;
-               }
-               
-         }
-         if (!found)
-         {
-               bagOfConflictSsids.add(conflictEntry);
-         }
-       }
-  }
-
- }
-
- public void  pGetEntries(Element doc, String tag, Vector typeBag)
-  throws Exception
- {
-
-  if (null == doc)
-      throw new Exception(" pGE:: Element doc is null");
-
-  if (null == typeBag)
-      throw new Exception(" pGE:: typeBag  is null");
-
-  NodeList elist = doc.getElementsByTagName (tag);
-  for (int j = 0; j < elist.getLength(); j++)
-  {
-       Node knode = elist.item (j);          
-               Node childNode = knode.getFirstChild();     
-               String value = childNode.getNodeValue();
-
-       printDebug (" pGT:: "+ tag +" type: " + value);
-
-        /* Check if value is known */
-       if (!typeBag.contains(value))
-               typeBag.addElement(value);
-  }
- }
-
- public void  pConflictEntries(Element doc, String tag, Vector typeBag, Vector 
conflictEntry)
-  throws Exception
- {
-
-  if (null == doc)
-      throw new Exception(" pGE:: Element doc is null");
-
-  if (null == typeBag)
-      throw new Exception(" pGE:: typeBag  is null");
-
-  if (null == conflictEntry)
-      throw new Exception(" pGE:: typeBag  is null");
-
-
-  NodeList elist = doc.getElementsByTagName (tag);
-
-  for (int j = 0; j < elist.getLength(); j++)
-  {
-       Node knode = elist.item (j);          
-               Node childNode = knode.getFirstChild();     
-               String value = childNode.getNodeValue();
-
-       printDebug (" pGE:: "+ tag +" type: " + value);
-
-        /* Check if value is known */
-       if (!typeBag.contains(value))
-               throw new Exception(" pCE:: found undefined type set " + value);
-
-       if (!conflictEntry.contains(value))
-               conflictEntry.addElement(value);
-
-  }
- }
-
-  public void processDomTreeVlanSlot(
-       Document doc,
-       Vector bagOfSsids,      
-       Vector bagOfTypes)      
-  throws Exception
- {
-      boolean found;
-
-  printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size());
-  Element root = doc.getDocumentElement();
-
-  NodeList elementList = root.getElementsByTagName ("Vlan");
-  printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength());
-
-  for (int x = 0; x < elementList.getLength(); x++)
-  {
-       found = false;
-
-        Node node = elementList.item (x);          
-
-       if (node.getNodeType() == Node.ELEMENT_NODE)
-       {
-         printDebug(" pDTVS:: child: " + x + " is an element node" );
-         Element e1 = (Element) node;
-
-         /* Get vid */
-         NodeList elist = e1.getElementsByTagName ("vid");
-         String idStr = elist.item(0).getFirstChild().getNodeValue();  
-         printDebug (" pDTVS:: vid:" + idStr);
-
-         /* Get TE */
-         elist = e1.getElementsByTagName ("TE");
-          printDebug (" pDTVS:: Total ste types: " + elist.getLength());
-
-         Vector colorTypes = new Vector();
-         for (int j = 0; j < elist.getLength(); j++)
-         {
-               Node knode = elist.item (j);          
-               Node childNode = knode.getFirstChild();     
-               String value = childNode.getNodeValue();
-
-               printDebug (" pDT:: My color is: " + value);
-               if (!bagOfTypes.contains(value))
-               {
-                 throw new IOException("pDT:: Vlan: " + idStr+ " has unknown 
type : "+ value);
-               }
-
-               if (!colorTypes.contains(value))
-                 colorTypes.addElement(value);
-         }
-         Enumeration e = bagOfSsids.elements();
-         while (e.hasMoreElements())
-         {
-               SecurityLabel elem = (SecurityLabel) e.nextElement(); 
-               if ( elem.steTypes.size() == colorTypes.size() && 
elem.steTypes.containsAll(colorTypes))
-               {
-                 found = true;
-                 if (null == elem.vlans)
-                       elem.vlans = new Vector();
-                  elem.vlans.add(idStr);
-               }
-               
-         }
-         if (!found && (0 < colorTypes.size()))
-         {
-                SecurityLabel entry = new SecurityLabel();
-                entry.steTypes = colorTypes;
-                entry.vlans = new Vector();
-                entry.vlans.add(idStr);
-                bagOfSsids.add(entry);
-         }
-
-       }
-  } 
-  printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size());
-
-  elementList = root.getElementsByTagName ("Slot");
-  printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength());
-
-  for (int x = 0; x < elementList.getLength(); x++)
-  {
-       found = false;
-
-        Node node = elementList.item (x);          
-
-       if (node.getNodeType() == Node.ELEMENT_NODE)
-       {
-         printDebug(" pDT:: child: " + x + " is an element node" );
-         Element e1 = (Element) node;
-
-
-         /* Get slot and bus */
-         SlotInfo item = new SlotInfo();
-
-         NodeList elist = e1.getElementsByTagName ("bus");
-         item.bus = elist.item(0).getFirstChild().getNodeValue();  
-         elist = e1.getElementsByTagName ("slot");
-         item.slot = elist.item(0).getFirstChild().getNodeValue();  
-         printDebug (" pDT:: bus and slot:" + item.bus + " "+ item.slot);
-
-         /* Get TE */
-         elist = e1.getElementsByTagName ("TE");
-          printDebug (" pDT:: Total ste types: " + elist.getLength());
-
-         Vector colorTypes = new Vector();
-         for (int j = 0; j < elist.getLength(); j++)
-         {
-               Node knode = elist.item (j);          
-               Node childNode = knode.getFirstChild();     
-               String value = childNode.getNodeValue();
-
-               printDebug (" pDT:: My color is: " + value);
-               if (!bagOfTypes.contains(value))
-               {
-                 throw new IOException("pDT:: bus: " + item.bus + " slot: "+ 
item.slot + " has unknown type : "+ value);
-               }
-
-               if (!colorTypes.contains(value))
-                 colorTypes.addElement(value);
-               }
-
-               Enumeration e = bagOfSsids.elements();
-               while (e.hasMoreElements())
-               {
-                 SecurityLabel elem = (SecurityLabel) e.nextElement(); 
-                 if ( elem.steTypes.size() == colorTypes.size() && 
elem.steTypes.containsAll(colorTypes))
-                 {
-                       found = true;
-                       if (null == elem.slots)
-                         elem.slots = new Vector();
-                       elem.slots.add(item);
-
-                 }
-               
-               }
-
-               if (!found && (0 < colorTypes.size()))
-               {
-                 SecurityLabel entry = new SecurityLabel();
-                 entry.steTypes = colorTypes;
-                 entry.slots = new Vector();
-                 entry.slots.add(item);
-                 bagOfSsids.add(entry);
-               }
-
-       }
-  }
-  return;
- }
-
- public static void main (String[] args) 
- {
-  String xmlFileName = null;           /* policy file */ 
-  String outputFileName = null;        /* binary policy file */
-  String xenSsidOutputFileName = null;         /* outputfile ssid to named 
types */    
-                                       /* outputfile conflicts ssid to named 
types */  
-  String xenSsidConfOutputFileName = null;     
-
-  XmlToBin genObj = new XmlToBin(); 
-
-  policy_version active_policy = new policy_version();
-
-  if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) ||
-      (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) ||
-      (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) {
-         System.out.println("ACM policy versions differ.");
-         System.out.println("Please verify that data structures are correct");
-         System.out.println("and then adjust the version numbers in 
XmlToBinInterface.java.");
-         return;
-  }
-
-
-  for (int i = 0 ; i < args.length ; i++) {
-
-       if ( args[i].equals("-help"))  {
-          printUsage();
-          System.exit(1);
-
-        } else if ( args[i].equals("-i"))  {
-          i++;
-          if (i < args.length) {
-               xmlFileName = args[i];   
-          } else  {
-                System.out.println("-i argument needs parameter");
-                System.exit(1);
-          }
-
-       } else if ( args[i].equals("-o"))  {
-          i++;
-          if (i < args.length) {
-                outputFileName = args[i];   
-          } else {
-                System.out.println("-o argument needs parameter");
-                System.exit(1);
-          }
-
-       } else if ( args[i].equals("-xssid"))  {
-          i++;
-          if (i < args.length) {
-                 xenSsidOutputFileName = args[i];   
-          } else {
-                System.out.println("-xssid argument needs parameter");
-                System.exit(1);
-          }
-
-       } else if ( args[i].equals("-xssidconf"))  {
-          i++;
-          if (i < args.length) {
-                xenSsidConfOutputFileName = args[i]; 
-          } else {
-                System.out.println("-xssidconf argument needs parameter");
-                System.exit(1);
-          }
-       } else if ( args[i].equals("-debug"))  { /* turn on debug msg */
-               genObj.setDebug(true);
-        } else {
-          System.out.println("bad command line argument: " + args[i]);
-          printUsage();
-          System.exit(1);
-        }
-
-  }
-
-  if (xmlFileName == null)
-  { 
-       System.out.println("Need to specify input file -i option");
-        printUsage();
-        System.exit(1);
-  }
-
-
-  try 
-  {
-       /* Parse and validate */
-       Document doc =  genObj.getDomTree(xmlFileName);
-
-       /* Vectors to hold sets of types */
-       Vector bagOfSsids = new Vector();
-       Vector bagOfTypes = new Vector();
-       Vector bagOfChwSsids = new Vector();
-       Vector bagOfChwTypes = new Vector();
-       Vector bagOfConflictSsids = new Vector();
-
-       Vector vlanMapSsids = new Vector();
-       Vector slotMapSsids = new Vector();
-
-       genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids, 
bagOfChwTypes, bagOfConflictSsids);
-
-       genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes);
-
-       /* Get binary representation of policies */
-       byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes);
-       byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids, 
bagOfConflictSsids,bagOfChwTypes);
-
-       byte[] binPolicy = null;
-       byte[] binaryPartionSsid = null;
-       byte[] binaryVlanSsid = null;
-       byte[] binarySlotSsid = null;
-
-       /* Get binary representation of partition to ssid mapping */
-       binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids);
-
-       /* Get binary representation of vlan to ssid mapping */
-       binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids);
-
-       /* Get binary representation of slot to ssid mapping */
-       binarySlotSsid = genObj.generateSlotSsids(bagOfSsids);
-
-       /* Generate binary representation: policy, partition, slot and vlan */
-       binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy, 
binaryPartionSsid, binaryVlanSsid, binarySlotSsid);
-
-
-       /* Write binary policy into file */
-       if (null != outputFileName)
-       {
-               genObj.writeBinPolicy(binPolicy, outputFileName);
-       } else {
-               System.out.println (" No binary policy generated, 
outputFileName:  " + outputFileName);
-       }
-
-       /* Print total number of types */
-       System.out.println (" Total number of unique ste types: " + 
bagOfTypes.size());
-       System.out.println (" Total number of Ssids : " + bagOfSsids.size());
-       System.out.println (" Total number of unique chw types: " + 
bagOfChwTypes.size());
-       System.out.println (" Total number of conflict ssids : " + 
bagOfConflictSsids.size());
-       System.out.println (" Total number of chw Ssids : " + 
bagOfChwSsids.size());
-
-       if (null != xenSsidOutputFileName)
-               genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName, 
true);
-
-       if (null != xenSsidConfOutputFileName)
-               genObj.writeXenTypeFile(bagOfChwSsids, 
xenSsidConfOutputFileName, false);
-    } 
-    catch (Exception e) 
-    {
-      e.printStackTrace();
-    }
-  }
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/misc/policyprocessor/XmlToBinInterface.java
--- a/tools/misc/policyprocessor/XmlToBinInterface.java Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,138 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: XmlToBinInterface.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * XmlToBinInterface Class.  
- * <p>
- *
- * Defines constants used by XmToBin.
- *
- * <p>
- *
- *     policy binary structures
- *
- * struct acm_policy_buffer {
- *     u32 policy_version; * ACM_POLICY_VERSION *
- *      u32 magic;
- *     u32 len;
- *     u32 primary_policy_code;
- *     u32 primary_buffer_offset;
- *     u32 secondary_policy_code;
- *     u32 secondary_buffer_offset;
- *      +u32 resource offset (not used yet in Xen)
- * };
- *
- *
- * struct acm_ste_policy_buffer {
- *     u32 policy_version; * ACM_STE_VERSION *
- *     u32 policy_code;
- *     u32 ste_max_types;
- *     u32 ste_max_ssidrefs;
- *     u32 ste_ssid_offset;
- * };
- *
- * struct acm_chwall_policy_buffer {
- *     u32 policy_version; * ACM_CHWALL_VERSION *
- *     u32 policy_code;
- *     u32 chwall_max_types;
- *     u32 chwall_max_ssidrefs;
- *     u32 chwall_max_conflictsets;
- *     u32 chwall_ssid_offset;
- *     u32 chwall_conflict_sets_offset;
- *     u32 chwall_running_types_offset;
- *     u32 chwall_conflict_aggregate_offset;
- * };
- *
- *     typedef struct {
- *     u16 partition_max;
- *     u16 partition_offset;
- *     u16 vlan_max;
- *     u16 vlan_offset;
- *     u16 slot_max;
- *     u16 slot_offset;
- *     } acm_resource_buffer_t;
- *
- *     typedef struct {
- *     u16 id;
- *     u16 ssid_ste;
- *     u16 ssid_chwall;
- *     } acm_partition_entry_t;
- *
- *     typedef struct {
- *     u16 vlan;
- *     u16 ssid_ste;
- *     } acm_vlan_entry_t;
- *
- *     typedef struct {
- *     u16 bus;
- *     u16 slot;
- *     u16 ssid_ste;
- *     } acm_slot_entry_t;
- *
- *       
- *
- */
-public interface XmlToBinInterface
-{
-  /* policy code  (uint16) */
-  final int policyCodeSize = 2;
-
-  /* max_types    (uint16) */
-  final int maxTypesSize = 2;
-
-  /* max_ssidrefs (uint16) */
-  final int maxSsidrefSize = 2;
-
-  /* ssid_offset  (uint32) */
-  final int ssidOffsetSize = 2;
-
-  final short markSymbol = 0x0001;
-
-  final int u32Size = 4;
-  final int u16Size = 2;
-
-  /* num of bytes for acm_ste_policy_buffer_t */
-  final int steHeaderSize = (5 * u32Size);
-
-  /* byte for acm_chinese_wall_policy_buffer_t */
-  final int chwHeaderSize = (9 * u32Size);
-
-  final int primaryPolicyCodeSize = u32Size;
-  final int primaryBufferOffsetSize = u32Size ;
-
-  final int secondaryPolicyCodeSz = u32Size;
-  final int secondaryBufferOffsetSz = u32Size;
-  final int resourceOffsetSz = u32Size;
-
-  final short partitionBufferSz = (2 * u16Size);
-  final short partitionEntrySz = (3 * u16Size);
-
-  final short slotBufferSz = (2 * u16Size);
-  final short slotEntrySz = (3 * u16Size);
-
-  final short vlanBufferSz = (2 * u16Size);
-  final short vlanEntrySz = (2 * u16Size);
-
-  final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */
-
-  /* copied directly from acm.h */
-  final int ACM_MAGIC  =  0x0001debc;
-  final int ACM_NULL_POLICY = 0;
-  final int ACM_CHINESE_WALL_POLICY = 1;
-  final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
-  final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
-  final int ACM_EMPTY_POLICY = 4;
-
-  /* version for compatibility check */
-  final int ACM_POLICY_VERSION = 1;
-  final int ACM_STE_VERSION    = 1;
-  final int ACM_CHWALL_VERSION = 1;
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/c2j_include.c
--- a/tools/misc/policyprocessor/c2j_include.c  Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,57 +0,0 @@
-/****************************************************************
- * c2j_include.c
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Authors:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * This tool makes some constants from acm.h available to the
- * java policyprocessor for version checking.
- */
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-typedef uint8_t  u8;
-typedef uint16_t u16;
-typedef uint32_t u32;
-typedef uint64_t u64;
-typedef int8_t   s8;
-typedef int16_t  s16;
-typedef int32_t  s32;
-typedef int64_t  s64;
-
-#include <xen/acm.h>
-
-char *filename = "policy_version.java";
-
-int main(int argc, char **argv)
-{
-
-    FILE *fd;
-    if ((fd = fopen(filename, "w")) <= 0)
-    {
-        printf("File %s not found.\n", filename);
-        exit(-ENOENT);
-    }
-
-    fprintf(fd, "/*\n * This file was automatically generated\n");
-    fprintf(fd, " * Do not change it manually!\n */\n");
-    fprintf(fd, "public class policy_version {\n");
-    fprintf(fd, "      final int ACM_POLICY_VERSION = %x;\n",
-            ACM_POLICY_VERSION);
-    fprintf(fd, "      final int ACM_CHWALL_VERSION = %x;\n",
-            ACM_CHWALL_VERSION);
-    fprintf(fd, "      final int ACM_STE_VERSION = %x;\n",
-            ACM_STE_VERSION);
-    fprintf(fd, "}\n");
-    fclose(fd);
-    return 0;
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/myHandler.java
--- a/tools/misc/policyprocessor/myHandler.java Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,47 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * myHandler Class.  
- *
- * <p>
- *
- * A dummy class used for detecting XML validating/parsing errors.
- *
- * <p>
- *
- *
- */
-import org.xml.sax.helpers.*;
-import org.xml.sax.SAXParseException;
-
-class myHandler extends DefaultHandler 
-{ 
- public boolean isValid = true;
-
- /* Notification of a recoverable error. */
- public void error(SAXParseException se) 
- { 
-  isValid = false;
- } 
-
- /* Notification of a non-recoverable error. */
- public void fatalError(SAXParseException se) 
- { 
-  isValid = false;
- } 
-
- /* Notification of a warning. */
- public void warning(SAXParseException se) 
- {
-  isValid = false;
- }
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/readme.install
--- a/tools/misc/policyprocessor/readme.install Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,33 +0,0 @@
-# Author: Ray Valdez, rvaldez@xxxxxxxxxx 
-# Version: 1.0
-#
-# install readme
-#
-PREREQUISITES:
-
-Prior to installation of the policy processor tool (XmlToBin) you must have...
-
- 1. Java version 1.4.2
- 2. xmlParserAPIs.jar and xercesImpl.jar
-
-The above can be obtained from the Sun Developer Network web site at
-http://java.sun.com/j2se/1.4.2/download.html.
-
-XmlParserAPIs and xercesImpl jars can be obtained from
-http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz,
-for example).
-
-The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit
-INTEL).
-
-INSTALLATION
-
-1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin
-   where $HOME_JAVA is your java installation directory
-
-2. Compile XmlToBin:
-   javac XmlToBin.java
-       
-USAGE
-
- See readme.xen
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/readme.xen
--- a/tools/misc/policyprocessor/readme.xen     Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,65 +0,0 @@
-# Author: Ray Valdez, rvaldez@xxxxxxxxxx 
-# Version: 1.0
-#
-# This readme describes the policy processor tool for sHype.
-#
-
-Java program:
-
- java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf 
<SsidConf>
-
- Command line options:
-
-        -i              inputFile:      name of policyfile (.xml)
-        -o              outputFile:     name of binary policy file (Big Endian)
-        -xssid          SsidFile:       xen ssids to named types text file
-        -xssidconf      SsidConf:      xen conflict ssids to types text file
-        -debug                          turn on debug messages
-        -help                           help. This printout
-
-Where:
-
-file.xml is the (input) xml policy file to be parsed and validated.
-The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
-file.bin is the (output) binary policy file generated by XmlToBin.
-This binary policy can be activated in sHype. The binary policy file
-is laid out in network byte order (i.e., big endian).  The SsidFile
-file contains the mapping of type enforcement (TE) ssids to the "named
-types".  Similarly, the SsidConf file contains the mapping of Chinese
-Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
-files are used by Xen.
-
-Xml Schema and policy:
-
-The SecurityPolicySpec.xsd defines the syntax of a policy file. It
-declares the tags that are used by XmlToBin to generate the binary
-policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
-etc.  The xml files that describe a policy are simple.  Semantic
-checking of a policy is performed mostly by XmlToBin.  A type, for
-example, is a string. No fixed values are defined for types in Xml.
-  
-A policy consists of two Xml files: definition and policy. The
-definition Xml declares the types that are permitted in the policy
-Xml.  The policy Xml contains the assignment of labels to
-subject/object (e.g., vm). This Xml file contains an explicit
-reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
-The policy Xml is the one provided as a command line argument.
-
-
-Files:
-
-*.java                 - policy processor source 
-xen_sample_policy.xml  - sample xml policy file
-xen_sample_def.xml     - sample user defined types
-SecurityPolicySpec.xsd         - schema definition file
-
-
-To generate the sample binary policy: 
-
-export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
-
-java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
-
-where $XERCES_HOME is the installation directory of the Apache Xerces-J
-
-
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/misc/policyprocessor/xen_sample_def.xml
--- a/tools/misc/policyprocessor/xen_sample_def.xml     Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,46 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Ray Valdez, rvaldez@xxxxxxxxxx -->
-<!-- example policy type definition -->
-<SecurityPolicySpec
-xmlns="http://www.ibm.com";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
-
-<Definition>
-<!-- an example of a simple type enforcement type definition -->
-  <Types>
-        <TE>LOCAL-management</TE>
-        <TE>R-Company-development</TE>
-        <TE>S-Company-order</TE>
-        <TE>T-Company-advertising</TE>
-        <TE>U-Company-computing</TE>
-                <!-- TE nondevelopment  -->
-  </Types>
-
-<!-- an example of a chinese wall type definition along with conflict sets-->
-  <ChWallTypes>
-                <ChWall>Q-Company</ChWall>
-                <ChWall>R-Company</ChWall>
-                <ChWall>S-Company</ChWall>
-                <ChWall>T-Company</ChWall>
-                <ChWall>U-Company</ChWall>
-                <ChWall>V-Company</ChWall>
-                <ChWall>W-Company</ChWall>
-                <ChWall>X-Company</ChWall>
-                <ChWall>Y-Company</ChWall>
-                <ChWall>Z-Company</ChWall>
-  </ChWallTypes>
-
-  <ConflictSet>
-                <ChWall>T-Company</ChWall>
-                <ChWall>S-Company</ChWall>
-   </ConflictSet>
-
-   <ConflictSet>
-                <ChWall>R-Company</ChWall>
-                <ChWall>V-Company</ChWall>
-                <ChWall>W-Company</ChWall>
-   </ConflictSet>
-
-</Definition>
-</SecurityPolicySpec>
diff -r 99914b54f7bf -r 81576d3d1ca8 
tools/misc/policyprocessor/xen_sample_policy.xml
--- a/tools/misc/policyprocessor/xen_sample_policy.xml  Thu Aug 18 18:40:02 2005
+++ /dev/null   Fri Aug 19 18:19:28 2005
@@ -1,58 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Ray Valdez, rvaldez@xxxxxxxxxx -->
-<!-- example xen policy file -->
-
-<SecurityPolicySpec
-xmlns="http://www.ibm.com";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
-<Policy>
- <PolicyHeader>
-        <Name>xen sample policy</Name>
-        <DateTime>2005-05-20T16:56:00</DateTime>
-        <Tag>foobar</Tag>
-        <TypeDefinition>
-          <url>xen_sample_def.xml</url>
-          <hash>abcdef123456abcdef</hash>
-        </TypeDefinition>
- </PolicyHeader>
-
- <VM>
-        <id> 0 </id>
-        <TE>LOCAL-management</TE>
-        <TE>R-Company-development</TE>
-        <TE>S-Company-order</TE>
-        <TE>T-Company-advertising</TE>
-        <TE>U-Company-computing</TE>
-                <ChWall>Q-Company</ChWall>
- </VM>
-
- <VM>
-        <id> 1 </id>
-        <TE>R-Company-development</TE>
-                <ChWall>R-Company</ChWall>
- </VM>
-
- <VM>
-        <id> 2 </id>
-        <TE>S-Company-order</TE>
-                <ChWall>S-Company</ChWall>
-
- </VM>
-
- <VM>
-        <id> 3 </id>
-        <TE>T-Company-advertising</TE>
-                <ChWall>T-Company</ChWall>
- </VM>
-
-
- <VM>
-        <id> 4 </id>
-        <TE>U-Company-computing</TE>
-                <ChWall>U-Company</ChWall>
- </VM>
-
-
-</Policy>
-</SecurityPolicySpec>

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>