# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 6a666940fa043260b8b95de750f078f137182f2d
# Parent c35a32f96d2095e92d2e873d9ee842877fa30127
# Parent 715184c8174997f68be3becf502b5df6d6b5a08f
Merge with xen-ia64-unstable.hg.
diff -r c35a32f96d20 -r 6a666940fa04 Config.mk
--- a/Config.mk Sat Nov 19 21:41:08 2005
+++ b/Config.mk Sun Nov 20 09:19:38 2005
@@ -44,13 +44,21 @@
# Choose the best mirror to download linux kernel
KERNEL_REPO = http://www.kernel.org
-# ACM_USE_SECURITY_POLICY is set to security policy of Xen
+# If ACM_SECURITY = y, then the access control module is compiled
+# into Xen and the policy type can be set by the boot policy file
+# y - Build the Xen ACM framework
+# n - Do not build the Xen ACM framework
+ACM_SECURITY ?= n
+
+# If ACM_SECURITY = y and no boot policy file is installed,
+# then the ACM defaults to the security policy set by
+# ACM_DEFAULT_SECURITY_POLICY
# Supported models are:
-# ACM_NULL_POLICY (ACM will not be built with this policy)
+# ACM_NULL_POLICY
# ACM_CHINESE_WALL_POLICY
# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
-ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
# Optional components
XENSTAT_XENTOP ?= y
diff -r c35a32f96d20 -r 6a666940fa04
linux-2.6-xen-sparse/arch/xen/x86_64/Kconfig
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/Kconfig Sat Nov 19 21:41:08 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/Kconfig Sun Nov 20 09:19:38 2005
@@ -288,10 +288,10 @@
# actually 64 maximum, but you need to fix the APIC code first
# to use clustered mode or whatever your big iron needs
config NR_CPUS
- int "Maximum number of CPUs (2-8)"
- range 2 8
+ int "Maximum number of CPUs (2-255)"
+ range 2 255
depends on SMP
- default "8"
+ default "16"
help
This allows you to specify the maximum number of CPUs which this
kernel will support. The maximum supported value is 32 and the
diff -r c35a32f96d20 -r 6a666940fa04
linux-2.6-xen-sparse/drivers/char/tpm/tpm_xen.c
--- a/linux-2.6-xen-sparse/drivers/char/tpm/tpm_xen.c Sat Nov 19 21:41:08 2005
+++ b/linux-2.6-xen-sparse/drivers/char/tpm/tpm_xen.c Sun Nov 20 09:19:38 2005
@@ -22,7 +22,7 @@
#include <asm/uaccess.h>
#include <linux/list.h>
-#include <linux/tpmfe.h>
+#include <asm-xen/tpmfe.h>
#include <linux/device.h>
#include <linux/interrupt.h>
#include "tpm.h"
diff -r c35a32f96d20 -r 6a666940fa04
linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c Sat Nov 19
21:41:08 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c Sun Nov 20
09:19:38 2005
@@ -38,7 +38,7 @@
#include <linux/errno.h>
#include <linux/interrupt.h>
#include <linux/init.h>
-#include <linux/tpmfe.h>
+#include <asm-xen/tpmfe.h>
#include <linux/err.h>
#include <asm/semaphore.h>
diff -r c35a32f96d20 -r 6a666940fa04 tools/python/xen/lowlevel/xs/xs.c
--- a/tools/python/xen/lowlevel/xs/xs.c Sat Nov 19 21:41:08 2005
+++ b/tools/python/xen/lowlevel/xs/xs.c Sun Nov 20 09:19:38 2005
@@ -172,7 +172,7 @@
char *path;
char **xsval;
- int xsval_n;
+ unsigned int xsval_n;
if (!parse_transaction_path(self, args, kwds, &xh, &th, &path))
return NULL;
diff -r c35a32f96d20 -r 6a666940fa04 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Sat Nov 19 21:41:08 2005
+++ b/tools/python/xen/xm/create.py Sun Nov 20 09:19:38 2005
@@ -905,9 +905,6 @@
opts.setopt('name', os.path.basename(opts.getopt('defconfig')))
config = make_config(opts.vals)
- if type(config) == str:
- config = sxp.parse(file(config))[0]
-
return (opts, config)
diff -r c35a32f96d20 -r 6a666940fa04 tools/security/Makefile
--- a/tools/security/Makefile Sat Nov 19 21:41:08 2005
+++ b/tools/security/Makefile Sun Nov 20 09:19:38 2005
@@ -12,21 +12,21 @@
XML2VERSION = $(shell xml2-config --version )
VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else
echo "-DVALIDATE_SCHEMA"; fi; )
-ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
+ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_NULL_POLICY)
POLICY=null
endif
-ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
+ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
POLICY=chwall
endif
-ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
POLICY=ste
endif
-ifeq
($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+ifeq
($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
POLICY=chwall_ste
endif
POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
-ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
+ifeq ($(ACM_SECURITY),y)
all: build
install:all
@@ -55,7 +55,7 @@
$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@
$<
clean:
- rm -rf secpol_tool secpol_xml2bin xen
+ rm -rf secpol_tool secpol_xml2bin xen get_decision
policy_clean:
rm -rf policies/*/*.bin policies/*/*.map
diff -r c35a32f96d20 -r 6a666940fa04 tools/security/install.txt
--- a/tools/security/install.txt Sat Nov 19 21:41:08 2005
+++ b/tools/security/install.txt Sun Nov 20 09:19:38 2005
@@ -24,11 +24,13 @@
# cd "xen_root"
# edit/xemacs/vi Config.mk
- change the line:
- ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+ change the lines:
+ ACM_SECURITY ?= n
+ ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
to:
- ACM_USE_SECURITY_POLICY ?=
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ ACM_SECURITY ?= y
+ ACM_DEFAULT_SECURITY_POLICY ?=
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
# make all
# ./install.sh
diff -r c35a32f96d20 -r 6a666940fa04 tools/xenmon/xenmon.py
--- a/tools/xenmon/xenmon.py Sat Nov 19 21:41:08 2005
+++ b/tools/xenmon/xenmon.py Sun Nov 20 09:19:38 2005
@@ -58,6 +58,8 @@
EXCOUNT = "Exec Count"
# globals
+dom_in_use = []
+
# our curses screen
stdscr = None
@@ -88,18 +90,18 @@
# encapsulate information about a domain
class DomainInfo:
def __init__(self):
- self.allocated_samples = []
- self.gotten_samples = []
- self.blocked_samples = []
- self.waited_samples = []
- self.execcount_samples = []
- self.iocount_samples = []
+ self.allocated_sum = 0
+ self.gotten_sum = 0
+ self.blocked_sum = 0
+ self.waited_sum = 0
+ self.exec_count = 0;
+ self.iocount_sum = 0
self.ffp_samples = []
def gotten_stats(self, passed):
- total = float(sum(self.gotten_samples))
+ total = float(self.gotten_sum)
per = 100*total/passed
- exs = sum(self.execcount_samples)
+ exs = self.exec_count
if exs > 0:
avg = total/exs
else:
@@ -107,9 +109,9 @@
return [total/(float(passed)/10**9), per, avg]
def waited_stats(self, passed):
- total = float(sum(self.waited_samples))
+ total = float(self.waited_sum)
per = 100*total/passed
- exs = sum(self.execcount_samples)
+ exs = self.exec_count
if exs > 0:
avg = total/exs
else:
@@ -117,9 +119,9 @@
return [total/(float(passed)/10**9), per, avg]
def blocked_stats(self, passed):
- total = float(sum(self.blocked_samples))
+ total = float(self.blocked_sum)
per = 100*total/passed
- ios = sum(self.iocount_samples)
+ ios = self.iocount_sum
if ios > 0:
avg = total/float(ios)
else:
@@ -127,20 +129,20 @@
return [total/(float(passed)/10**9), per, avg]
def allocated_stats(self, passed):
- total = sum(self.allocated_samples)
- exs = sum(self.execcount_samples)
+ total = self.allocated_sum
+ exs = self.exec_count
if exs > 0:
return float(total)/exs
else:
return 0
def ec_stats(self, passed):
- total = float(sum(self.execcount_samples))/(float(passed)/10**9)
- return total
+ total = float(self.exec_count/(float(passed)/10**9))
+ return total
def io_stats(self, passed):
- total = float(sum(self.iocount_samples))
- exs = sum(self.execcount_samples)
+ total = float(self.iocount_sum)
+ exs = self.exec_count
if exs > 0:
avg = total/exs
else:
@@ -165,12 +167,13 @@
while passed < duration:
for i in range(0, NDOMAINS):
- dominfos[i].gotten_samples.append(samples[curid][0*NDOMAINS + i])
- dominfos[i].allocated_samples.append(samples[curid][1*NDOMAINS +
i])
- dominfos[i].waited_samples.append(samples[curid][2*NDOMAINS + i])
- dominfos[i].blocked_samples.append(samples[curid][3*NDOMAINS + i])
- dominfos[i].execcount_samples.append(samples[curid][4*NDOMAINS +
i])
- dominfos[i].iocount_samples.append(samples[curid][5*NDOMAINS + i])
+ if dom_in_use[i]:
+ dominfos[i].gotten_sum += samples[curid][0*NDOMAINS + i]
+ dominfos[i].allocated_sum += samples[curid][1*NDOMAINS + i]
+ dominfos[i].waited_sum += samples[curid][2*NDOMAINS + i]
+ dominfos[i].blocked_sum += samples[curid][3*NDOMAINS + i]
+ dominfos[i].exec_count += samples[curid][4*NDOMAINS + i]
+ dominfos[i].iocount_sum += samples[curid][5*NDOMAINS + i]
passed += samples[curid][6*NDOMAINS]
lost_samples.append(samples[curid][6*NDOMAINS + 2])
@@ -187,7 +190,13 @@
lostinfo = [min(lost_samples), sum(lost_samples), max(lost_samples)]
ffpinfo = [min(ffp_samples), sum(ffp_samples), max(ffp_samples)]
- ldoms = map(lambda x: dominfos[x].stats(passed), range(0, NDOMAINS))
+
+ ldoms = []
+ for x in range(0, NDOMAINS):
+ if dom_in_use[x]:
+ ldoms.append(dominfos[x].stats(passed))
+ else:
+ ldoms.append(0)
return [ldoms, lostinfo, ffpinfo]
@@ -222,6 +231,7 @@
cpu = 0 # cpu of interest to display data for
ncpu = 1 # number of cpu's on this platform
slen = 0 # size of shared data structure, incuding padding
+ global dom_in_use
# mmap the (the first chunk of the) file
shmf = open(SHM_FILE, "r+")
@@ -229,6 +239,7 @@
samples = []
doms = []
+ dom_in_use = []
# initialize curses
stdscr = _c.initscr()
@@ -238,9 +249,7 @@
stdscr.keypad(1)
stdscr.timeout(1000)
[maxy, maxx] = stdscr.getmaxyx()
-
-
-
+
# display in a loop
while True:
@@ -264,6 +273,11 @@
len = struct.calcsize(ST_DOM_INFO)
dom = struct.unpack(ST_DOM_INFO, shm[idx:idx+len])
doms.append(dom)
+# (last_update_time, start_time, runnable_start_time,
blocked_start_time,
+# ns_since_boot, ns_oncpu_since_boot, runnable_at_last_update,
+# runnable, in_use, domid, name) = dom
+# dom_in_use.append(in_use)
+ dom_in_use.append(dom[8])
idx += len
len = struct.calcsize("4i")
@@ -293,6 +307,7 @@
[h1, l1, f1] = summarize(startat, endat, 10**9, samples)
[h2, l2, f2] = summarize(startat, endat, 10 * 10**9, samples)
+
# the actual display code
row = 0
display(stdscr, row, 1, "CPU = %d" % cpu, _c.A_STANDOUT)
@@ -305,6 +320,9 @@
total_h2_cpu = 0
for dom in range(0, NDOMAINS):
+ if not dom_in_use[dom]:
+ continue
+
if h1[dom][0][1] > 0 or dom == NDOMAINS - 1:
# display gotten
row += 1
@@ -475,6 +493,7 @@
def writelog():
global options
+ global dom_in_use
ncpu = 1 # number of cpu's
slen = 0 # size of shared structure inc. padding
@@ -490,11 +509,13 @@
while options.duration == 0 or interval < (options.duration * 1000):
for cpuidx in range(0, ncpu):
+
idx = cpuidx * slen # offset needed in mmap file
samples = []
doms = []
+ dom_in_use = []
for i in range(0, NSAMPLES):
len = struct.calcsize(ST_QDATA)
@@ -505,7 +526,11 @@
for i in range(0, NDOMAINS):
len = struct.calcsize(ST_DOM_INFO)
dom = struct.unpack(ST_DOM_INFO, shm[idx:idx+len])
- doms.append(dom)
+# doms.append(dom)
+# (last_update_time, start_time, runnable_start_time,
blocked_start_time,
+# ns_since_boot, ns_oncpu_since_boot, runnable_at_last_update,
+# runnable, in_use, domid, name) = dom
+ dom_in_use.append(dom[8])
idx += len
len = struct.calcsize("4i")
@@ -524,6 +549,8 @@
[h1,l1, f1] = summarize(startat, endat, options.interval * 10**6,
samples)
for dom in range(0, NDOMAINS):
+ if not dom_in_use[dom]:
+ continue
if h1[dom][0][1] > 0 or dom == NDOMAINS - 1:
outfiles[dom].write("%.3f %d %d %.3f %.3f %.3f %.3f %.3f
%.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f\n" %
(interval, cpuidx, dom,
diff -r c35a32f96d20 -r 6a666940fa04 xen/Makefile
--- a/xen/Makefile Sat Nov 19 21:41:08 2005
+++ b/xen/Makefile Sun Nov 20 09:19:38 2005
@@ -57,7 +57,7 @@
$(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h
$(MAKE) -C common
$(MAKE) -C drivers
-ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
+ifeq ($(ACM_SECURITY),y)
$(MAKE) -C acm
endif
$(MAKE) -C arch/$(TARGET_ARCH)
@@ -79,8 +79,8 @@
echo " *"; \
echo " */"; \
echo ""; \
- echo "#ifndef ACM_USE_SECURITY_POLICY"; \
- echo "#define ACM_USE_SECURITY_POLICY $(ACM_USE_SECURITY_POLICY)"; \
+ echo "#ifndef ACM_DEFAULT_SECURITY_POLICY"; \
+ echo "#define ACM_DEFAULT_SECURITY_POLICY
$(ACM_DEFAULT_SECURITY_POLICY)"; \
echo "#endif") >$@
# compile.h contains dynamic build info. Rebuilt on every 'make' invocation.
diff -r c35a32f96d20 -r 6a666940fa04 xen/Rules.mk
--- a/xen/Rules.mk Sat Nov 19 21:41:08 2005
+++ b/xen/Rules.mk Sun Nov 20 09:19:38 2005
@@ -37,8 +37,9 @@
ALL_OBJS := $(BASEDIR)/common/common.o
ALL_OBJS += $(BASEDIR)/drivers/char/driver.o
ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o
-ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
+ifeq ($(ACM_SECURITY),y)
ALL_OBJS += $(BASEDIR)/acm/acm.o
+CFLAGS += -DACM_SECURITY
endif
ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o
diff -r c35a32f96d20 -r 6a666940fa04 xen/acm/acm_core.c
--- a/xen/acm/acm_core.c Sat Nov 19 21:41:08 2005
+++ b/xen/acm/acm_core.c Sun Nov 20 09:19:38 2005
@@ -49,6 +49,9 @@
extern struct acm_operations acm_chinesewall_ops,
acm_simple_type_enforcement_ops, acm_null_ops;
+/* global ACM policy (now dynamically determined at boot time) */
+u16 acm_active_security_policy = ACM_POLICY_UNDEFINED;
+
/* global ops structs called by the hooks */
struct acm_operations *acm_primary_ops = NULL;
/* called in hook if-and-only-if primary succeeds */
@@ -61,7 +64,8 @@
/* until we have endian support in Xen, we discover it at runtime */
u8 little_endian = 1;
-void acm_set_endian(void)
+void
+acm_set_endian(void)
{
u32 test = 1;
if (*((u8 *)&test) == 1)
@@ -76,14 +80,82 @@
}
}
-/* initialize global security policy for Xen; policy write-locked already */
-static void
-acm_init_binary_policy(void *primary, void *secondary)
-{
- acm_bin_pol.primary_policy_code = 0;
- acm_bin_pol.secondary_policy_code = 0;
- acm_bin_pol.primary_binary_policy = primary;
- acm_bin_pol.secondary_binary_policy = secondary;
+int
+acm_init_binary_policy(u32 policy_code)
+{
+ int ret = ACM_OK;
+
+ acm_bin_pol.primary_policy_code = (policy_code & 0x0f);
+ acm_bin_pol.secondary_policy_code = (policy_code >> 4) & 0x0f;
+
+ write_lock(&acm_bin_pol_rwlock);
+
+ /* set primary policy component */
+ switch ((policy_code) & 0x0f)
+ {
+
+ case ACM_CHINESE_WALL_POLICY:
+ acm_init_chwall_policy();
+ acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
+ acm_primary_ops = &acm_chinesewall_ops;
+ break;
+
+ case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
+ acm_init_ste_policy();
+ acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
+ acm_primary_ops = &acm_simple_type_enforcement_ops;
+ break;
+
+ case ACM_NULL_POLICY:
+ acm_bin_pol.primary_policy_code = ACM_NULL_POLICY;
+ acm_primary_ops = &acm_null_ops;
+ break;
+
+ default:
+ /* Unknown policy not allowed primary */
+ ret = -EINVAL;
+ goto out;
+ }
+
+ /* secondary policy component part */
+ switch ((policy_code) >> 4)
+ {
+
+ case ACM_NULL_POLICY:
+ acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
+ acm_secondary_ops = &acm_null_ops;
+ break;
+
+ case ACM_CHINESE_WALL_POLICY:
+ if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
+ { /* not a valid combination */
+ ret = -EINVAL;
+ goto out;
+ }
+ acm_init_chwall_policy();
+ acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
+ acm_secondary_ops = &acm_chinesewall_ops;
+ break;
+
+ case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
+ if (acm_bin_pol.primary_policy_code ==
ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+ { /* not a valid combination */
+ ret = -EINVAL;
+ goto out;
+ }
+ acm_init_ste_policy();
+ acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
+ acm_secondary_ops = &acm_simple_type_enforcement_ops;
+ break;
+
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+
+ out:
+ write_unlock(&acm_bin_pol_rwlock);
+ return ret;
}
static int
@@ -161,83 +233,35 @@
int ret = ACM_OK;
acm_set_endian();
- write_lock(&acm_bin_pol_rwlock);
- acm_init_binary_policy(NULL, NULL);
-
- /* set primary policy component */
- switch ((ACM_USE_SECURITY_POLICY) & 0x0f)
- {
-
- case ACM_CHINESE_WALL_POLICY:
- acm_init_chwall_policy();
- acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY;
- acm_primary_ops = &acm_chinesewall_ops;
- break;
-
- case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
- acm_init_ste_policy();
- acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
- acm_primary_ops = &acm_simple_type_enforcement_ops;
- break;
-
- default:
- /* NULL or Unknown policy not allowed primary;
- * NULL/NULL will not compile this code */
+
+ /* first try to load the boot policy (uses its own locks) */
+ acm_setup(initrdidx, mbi, initial_images_start);
+
+ if (acm_active_security_policy != ACM_POLICY_UNDEFINED)
+ {
+ printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n",
__func__,
+ ACM_POLICY_NAME(acm_active_security_policy),
+ ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
+ ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
+ goto out;
+ }
+ /* else continue with the minimal hardcoded default startup policy */
+ printk("%s: Loading default policy (%s).\n",
+ __func__, ACM_POLICY_NAME(ACM_DEFAULT_SECURITY_POLICY));
+
+ if (acm_init_binary_policy(ACM_DEFAULT_SECURITY_POLICY)) {
ret = -EINVAL;
goto out;
}
-
- /* secondary policy component part */
- switch ((ACM_USE_SECURITY_POLICY) >> 4) {
- case ACM_NULL_POLICY:
- acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY;
- acm_secondary_ops = &acm_null_ops;
- break;
-
- case ACM_CHINESE_WALL_POLICY:
- if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY)
- { /* not a valid combination */
- ret = -EINVAL;
- goto out;
- }
- acm_init_chwall_policy();
- acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY;
- acm_secondary_ops = &acm_chinesewall_ops;
- break;
-
- case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
- if (acm_bin_pol.primary_policy_code ==
ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
- { /* not a valid combination */
- ret = -EINVAL;
- goto out;
- }
- acm_init_ste_policy();
- acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY;
- acm_secondary_ops = &acm_simple_type_enforcement_ops;
- break;
-
- default:
- ret = -EINVAL;
- goto out;
- }
+ acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY;
out:
- write_unlock(&acm_bin_pol_rwlock);
-
if (ret != ACM_OK)
{
printk("%s: Error initializing policies.\n", __func__);
/* here one could imagine a clean panic */
return -EINVAL;
}
- if (acm_setup(initrdidx, mbi, initial_images_start) != ACM_OK)
- {
- printk("%s: Error loading policy at boot time.\n", __func__);
- /* ignore, just continue with the minimal hardcoded startup policy */
- }
- printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__,
- ACM_POLICY_NAME(acm_bin_pol.primary_policy_code),
- ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code));
return ret;
}
@@ -265,7 +289,7 @@
ssid->primary_ssid = NULL;
ssid->secondary_ssid = NULL;
- if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY)
+ if (acm_active_security_policy != ACM_NULL_POLICY)
ssid->ssidref = ssidref;
else
ssid->ssidref = ACM_DEFAULT_SSID;
diff -r c35a32f96d20 -r 6a666940fa04 xen/acm/acm_policy.c
--- a/xen/acm/acm_policy.c Sat Nov 19 21:41:08 2005
+++ b/xen/acm/acm_policy.c Sun Nov 20 09:19:38 2005
@@ -56,17 +56,29 @@
/* 2. some sanity checking */
pol = (struct acm_policy_buffer *)policy_buffer;
- if ((ntohl(pol->magic) != ACM_MAGIC) ||
- (ntohl(pol->policy_version) != ACM_POLICY_VERSION) ||
- (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
+ if ((ntohl(pol->magic) != ACM_MAGIC) ||
+ (buf_size != ntohl(pol->len)) ||
+ (ntohl(pol->policy_version) != ACM_POLICY_VERSION))
+ {
+ printk("%s: ERROR in Magic, Version, or buf size.\n", __func__);
+ goto error_free;
+ }
+
+ if (acm_active_security_policy == ACM_POLICY_UNDEFINED) {
+ /* setup the policy with the boot policy */
+ if (acm_init_binary_policy((ntohl(pol->secondary_policy_code) << 4) |
+ ntohl(pol->primary_policy_code))) {
+ goto error_free;
+ }
+ acm_active_security_policy =
+ (acm_bin_pol.secondary_policy_code << 4) |
acm_bin_pol.primary_policy_code;
+ }
+
+ /* once acm_active_security_policy is set, it cannot be changed */
+ if ((ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) ||
(ntohl(pol->secondary_policy_code) !=
acm_bin_pol.secondary_policy_code))
{
- printkd("%s: Wrong policy magics or versions!\n", __func__);
- goto error_free;
- }
- if (buf_size != ntohl(pol->len))
- {
- printk("%s: ERROR in buf size.\n", __func__);
+ printkd("%s: Wrong policy type in boot policy!\n", __func__);
goto error_free;
}
diff -r c35a32f96d20 -r 6a666940fa04 xen/arch/x86/shadow.c
--- a/xen/arch/x86/shadow.c Sat Nov 19 21:41:08 2005
+++ b/xen/arch/x86/shadow.c Sun Nov 20 09:19:38 2005
@@ -47,13 +47,14 @@
#if CONFIG_PAGING_LEVELS == 3
static unsigned long shadow_l3_table(
struct domain *d, unsigned long gpfn, unsigned long gmfn);
-static inline void validate_bl2e_change( struct domain *d,
- guest_root_pgentry_t *new_gle_p, pgentry_64_t *shadow_l3, int index);
#endif
#if CONFIG_PAGING_LEVELS == 4
static unsigned long shadow_l4_table(
struct domain *d, unsigned long gpfn, unsigned long gmfn);
+#endif
+
+#if CONFIG_PAGING_LEVELS >= 3
static void shadow_map_into_current(struct vcpu *v,
unsigned long va, unsigned int from, unsigned int to);
static inline void validate_bl2e_change( struct domain *d,
@@ -669,6 +670,7 @@
}
}
+#if CONFIG_PAGING_LEVELS == 2
static void
shadow_set_l1e(unsigned long va, l1_pgentry_t new_spte, int create_l1_shadow)
{
@@ -750,7 +752,6 @@
shadow_update_min_max(l2e_get_pfn(sl2e), l1_table_offset(va));
}
-#if CONFIG_PAGING_LEVELS == 2
static void shadow_invlpg_32(struct vcpu *v, unsigned long va)
{
struct domain *d = v->domain;
@@ -780,6 +781,73 @@
shadow_unlock(d);
}
#endif /* CONFIG_PAGING_LEVELS == 2 */
+
+#if CONFIG_PAGING_LEVELS >= 3
+static void shadow_set_l1e_64(
+ unsigned long va, pgentry_64_t *sl1e_p,
+ int create_l1_shadow)
+{
+ struct vcpu *v = current;
+ struct domain *d = v->domain;
+ pgentry_64_t sle;
+ pgentry_64_t sle_up = {0};
+ l1_pgentry_t old_spte;
+ l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p;
+ int i;
+ unsigned long orig_va = 0;
+
+ if ( d->arch.ops->guest_paging_levels == PAGING_L2 )
+ {
+ /* This is for 32-bit VMX guest on 64-bit host */
+ orig_va = va;
+ va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1));
+ }
+
+ for ( i = PAGING_L4; i >= PAGING_L2; i-- )
+ {
+ if ( !__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i) )
+ {
+ sl1e = l1e_empty();
+ goto out;
+ }
+ if ( !(entry_get_flags(sle) & _PAGE_PRESENT) )
+ {
+ if ( create_l1_shadow )
+ {
+ perfc_incrc(shadow_set_l3e_force_map);
+ shadow_map_into_current(v, va, i-1, i);
+ __rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i);
+ }
+ }
+ if ( i < PAGING_L4 )
+ shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va,
i));
+ sle_up = sle;
+ }
+
+ if ( d->arch.ops->guest_paging_levels == PAGING_L2 )
+ {
+ va = orig_va;
+ }
+
+ if ( shadow_mode_refcounts(d) )
+ {
+ __shadow_get_l1e(v, va, &old_spte);
+ if ( l1e_has_changed(old_spte, sl1e, _PAGE_RW | _PAGE_PRESENT) )
+ {
+ if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) &&
+ !shadow_get_page_from_l1e(sl1e, d) )
+ sl1e = l1e_empty();
+ if ( l1e_get_flags(old_spte) & _PAGE_PRESENT )
+ put_page_from_l1e(old_spte, d);
+ }
+ }
+
+out:
+ __shadow_set_l1e(v, va, &sl1e);
+
+ shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va));
+}
+#endif /* CONFIG_PAGING_LEVELS >= 3 */
static struct out_of_sync_entry *
shadow_alloc_oos_entry(struct domain *d)
@@ -1996,8 +2064,11 @@
__shadow_sync_va(v, va);
l1pte_propagate_from_guest(d, *(guest_l1_pgentry_t *)&val, &spte);
+#if CONFIG_PAGING_LEVELS == 2
shadow_set_l1e(va, spte, 0);
-
+#elif CONFIG_PAGING_LEVELS >= 3
+ shadow_set_l1e_64(va, (pgentry_64_t *) &spte, 0);
+#endif
/*
* If we're in log-dirty mode then we need to note that we've updated
* the PTE in the PT-holding page. We need the machine frame number
@@ -3012,71 +3083,6 @@
}
-static void shadow_set_l1e_64(
- unsigned long va, pgentry_64_t *sl1e_p,
- int create_l1_shadow)
-{
- struct vcpu *v = current;
- struct domain *d = v->domain;
- pgentry_64_t sle;
- pgentry_64_t sle_up = {0};
- l1_pgentry_t old_spte;
- l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p;
- int i;
- unsigned long orig_va = 0;
-
- if ( d->arch.ops->guest_paging_levels == PAGING_L2 )
- {
- /* This is for 32-bit VMX guest on 64-bit host */
- orig_va = va;
- va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1));
- }
-
- for (i = PAGING_L4; i >= PAGING_L2; i--)
- {
- if (!__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i)) {
- printk("<%s> i = %d\n", __func__, i);
- BUG();
- }
- if ( !(entry_get_flags(sle) & _PAGE_PRESENT) ) {
- if ( create_l1_shadow ) {
- perfc_incrc(shadow_set_l3e_force_map);
- shadow_map_into_current(v, va, i-1, i);
- __rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i);
- } else {
-#if 0
- printk("For non VMX shadow, create_l1_shadow:%d\n",
create_l1_shadow);
-#endif
- }
- }
- if( i < PAGING_L4 )
- shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va,
i));
- sle_up = sle;
- }
-
- if ( d->arch.ops->guest_paging_levels == PAGING_L2 ) {
- va = orig_va;
- }
-
- if ( shadow_mode_refcounts(d) )
- {
- __shadow_get_l1e(v, va, &old_spte);
- ESH_LOG("old_sl1e: %lx, new_sl1e: %lx\n", l1e_get_intpte(old_spte),
l1e_get_intpte(sl1e));
- if ( l1e_has_changed(old_spte, sl1e, _PAGE_RW | _PAGE_PRESENT) )
- {
- if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) &&
- !shadow_get_page_from_l1e(sl1e, d) )
- sl1e = l1e_empty();
- if ( l1e_get_flags(old_spte) & _PAGE_PRESENT )
- put_page_from_l1e(old_spte, d);
- }
- }
-
- __shadow_set_l1e(v, va, &sl1e);
-
- shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va));
-}
-
/* As 32-bit guest don't support 4M page yet,
* we don't concern double compile for this function
*/
diff -r c35a32f96d20 -r 6a666940fa04 xen/common/acm_ops.c
--- a/xen/common/acm_ops.c Sat Nov 19 21:41:08 2005
+++ b/xen/common/acm_ops.c Sun Nov 20 09:19:38 2005
@@ -29,7 +29,7 @@
#include <public/sched_ctl.h>
#include <acm/acm_hooks.h>
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
+#ifndef ACM_SECURITY
long do_acm_op(struct acm_op * u_acm_op)
{
diff -r c35a32f96d20 -r 6a666940fa04 xen/include/acm/acm_core.h
--- a/xen/include/acm/acm_core.h Sat Nov 19 21:41:08 2005
+++ b/xen/include/acm/acm_core.h Sun Nov 20 09:19:38 2005
@@ -28,9 +28,6 @@
struct acm_binary_policy {
u16 primary_policy_code;
u16 secondary_policy_code;
- void *primary_binary_policy;
- void *secondary_binary_policy;
-
};
struct chwall_binary_policy {
@@ -53,6 +50,7 @@
};
/* global acm policy */
+extern u16 acm_active_security_policy;
extern struct acm_binary_policy acm_bin_pol;
extern struct chwall_binary_policy chwall_bin_pol;
extern struct ste_binary_policy ste_bin_pol;
@@ -120,6 +118,7 @@
/* protos */
int acm_init_domain_ssid(domid_t id, ssidref_t ssidref);
void acm_free_domain_ssid(struct acm_ssid_domain *ssid);
+int acm_init_binary_policy(u32 policy_code);
int acm_set_policy(void *buf, u32 buf_size, int isuserbuffer);
int acm_get_policy(void *buf, u32 buf_size);
int acm_dump_statistics(void *buf, u16 buf_size);
diff -r c35a32f96d20 -r 6a666940fa04 xen/include/acm/acm_hooks.h
--- a/xen/include/acm/acm_hooks.h Sat Nov 19 21:41:08 2005
+++ b/xen/include/acm/acm_hooks.h Sun Nov 20 09:19:38 2005
@@ -127,7 +127,7 @@
# define traceprintk(fmt, args...)
#endif
-#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY)
+#ifndef ACM_SECURITY
static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid)
{ return 0; }
diff -r c35a32f96d20 -r 6a666940fa04 xen/include/public/acm.h
--- a/xen/include/public/acm.h Sat Nov 19 21:41:08 2005
+++ b/xen/include/public/acm.h Sun Nov 20 09:19:38 2005
@@ -60,6 +60,7 @@
#define ACM_NULL_POLICY 0
#define ACM_CHINESE_WALL_POLICY 1
#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2
+#define ACM_POLICY_UNDEFINED 15
/* combinations have secondary policy component in higher 4bit */
#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \
diff -r c35a32f96d20 -r 6a666940fa04
linux-2.6-xen-sparse/include/asm-xen/tpmfe.h
--- /dev/null Sat Nov 19 21:41:08 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/tpmfe.h Sun Nov 20 09:19:38 2005
@@ -0,0 +1,33 @@
+#ifndef TPM_FE_H
+#define TPM_FE_H
+
+struct tpmfe_device {
+ /*
+ * Let upper layer receive data from front-end
+ */
+ int (*receive)(const u8 *buffer, size_t count, const void *ptr);
+ /*
+ * Indicate the status of the front-end to the upper
+ * layer.
+ */
+ void (*status)(unsigned int flags);
+
+ /*
+ * This field indicates the maximum size the driver can
+ * transfer in one chunk. It is filled out by the front-end
+ * driver and should be propagated to the generic tpm driver
+ * for allocation of buffers.
+ */
+ unsigned int max_tx_size;
+};
+
+enum {
+ TPMFE_STATUS_DISCONNECTED = 0x0,
+ TPMFE_STATUS_CONNECTED = 0x1
+};
+
+int tpm_fe_send(const u8 * buf, size_t count, void *ptr);
+int tpm_fe_register_receiver(struct tpmfe_device *);
+void tpm_fe_unregister_receiver(void);
+
+#endif
diff -r c35a32f96d20 -r 6a666940fa04 linux-2.6-xen-sparse/include/linux/tpmfe.h
--- a/linux-2.6-xen-sparse/include/linux/tpmfe.h Sat Nov 19 21:41:08 2005
+++ /dev/null Sun Nov 20 09:19:38 2005
@@ -1,33 +0,0 @@
-#ifndef TPM_FE_H
-#define TPM_FE_H
-
-struct tpmfe_device {
- /*
- * Let upper layer receive data from front-end
- */
- int (*receive)(const u8 *buffer, size_t count, const void *ptr);
- /*
- * Indicate the status of the front-end to the upper
- * layer.
- */
- void (*status)(unsigned int flags);
-
- /*
- * This field indicates the maximum size the driver can
- * transfer in one chunk. It is filled out by the front-end
- * driver and should be propagated to the generic tpm driver
- * for allocation of buffers.
- */
- unsigned int max_tx_size;
-};
-
-enum {
- TPMFE_STATUS_DISCONNECTED = 0x0,
- TPMFE_STATUS_CONNECTED = 0x1
-};
-
-int tpm_fe_send(const u8 * buf, size_t count, void *ptr);
-int tpm_fe_register_receiver(struct tpmfe_device *);
-void tpm_fe_unregister_receiver(void);
-
-#endif
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home