WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] acm: Code restructuring on domain create/

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] acm: Code restructuring on domain create/destroy.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Apr 2007 14:50:10 -0700
Delivery-date: Tue, 24 Apr 2007 14:49:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1177429935 -3600
# Node ID a99093e602c6646cb2b4617dd0544ea17edef724
# Parent  4bbc509a0b3fbb1bcf87dcea49ef3558c1d069fa
acm: Code restructuring on domain create/destroy.

When a domain is created, the function acm_domain_create() in
domain_create() is called that does what previously the pre- and
post_domain_create functions were doing. Similarly there's a function
acm_domain_destroy() in domain_kill() that reverts changes to state
when destroying a domain. There's no more separate initialization
necessary for domain-0, but domain_create takes one more parameter,
the ssidref. It is usually passed through the hypercall when a domain
is created.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 xen/acm/acm_chinesewall_hooks.c             |  108 +++++--------
 xen/acm/acm_null_hooks.c                    |    6 
 xen/acm/acm_simple_type_enforcement_hooks.c |   17 +-
 xen/arch/ia64/xen/xensetup.c                |    4 
 xen/arch/powerpc/setup.c                    |    7 
 xen/arch/x86/setup.c                        |    7 
 xen/common/domain.c                         |   21 +-
 xen/common/domctl.c                         |   12 -
 xen/include/acm/acm_hooks.h                 |  222 ++++++++--------------------
 xen/include/xen/sched.h                     |    4 
 10 files changed, 152 insertions(+), 256 deletions(-)

diff -r 4bbc509a0b3f -r a99093e602c6 xen/acm/acm_chinesewall_hooks.c
--- a/xen/acm/acm_chinesewall_hooks.c   Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/acm/acm_chinesewall_hooks.c   Tue Apr 24 16:52:15 2007 +0100
@@ -407,26 +407,23 @@ static int chwall_dump_ssid_types(ssidre
 
 /* -------- DOMAIN OPERATION HOOKS -----------*/
 
-static int chwall_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
+static int _chwall_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
 {
     ssidref_t chwall_ssidref;
     int i, j;
     traceprintk("%s.\n", __func__);
 
-    read_lock(&acm_bin_pol_rwlock);
     chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
     if (chwall_ssidref == ACM_DEFAULT_LOCAL_SSID)
     {
         printk("%s: ERROR CHWALL SSID is NOT SET but policy enforced.\n",
                __func__);
-        read_unlock(&acm_bin_pol_rwlock);
         return ACM_ACCESS_DENIED;       /* catching and indicating config 
error */
     }
     if (chwall_ssidref >= chwall_bin_pol.max_ssidrefs)
     {
         printk("%s: ERROR chwall_ssidref > max(%x).\n",
                __func__, chwall_bin_pol.max_ssidrefs - 1);
-        read_unlock(&acm_bin_pol_rwlock);
         return ACM_ACCESS_DENIED;
     }
     /* A: chinese wall check for conflicts */
@@ -436,7 +433,6 @@ static int chwall_pre_domain_create(void
                                    chwall_bin_pol.max_types + i])
         {
             printk("%s: CHINESE WALL CONFLICT in type %02x.\n", __func__, i);
-            read_unlock(&acm_bin_pol_rwlock);
             return ACM_ACCESS_DENIED;
         }
 
@@ -465,17 +461,16 @@ static int chwall_pre_domain_create(void
                                            chwall_bin_pol.max_types + j])
                 chwall_bin_pol.conflict_aggregate_set[j]++;
     }
-    read_unlock(&acm_bin_pol_rwlock);
     return ACM_ACCESS_PERMITTED;
 }
 
-static void chwall_post_domain_create(domid_t domid, ssidref_t ssidref)
+
+static void _chwall_post_domain_create(domid_t domid, ssidref_t ssidref)
 {
     int i, j;
     ssidref_t chwall_ssidref;
     traceprintk("%s.\n", __func__);
 
-    read_lock(&acm_bin_pol_rwlock);
     chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
     /* adjust types ref-count for running domains */
     for (i = 0; i < chwall_bin_pol.max_types; i++)
@@ -484,7 +479,6 @@ static void chwall_post_domain_create(do
                                    chwall_bin_pol.max_types + i];
     if (domid)
     {
-        read_unlock(&acm_bin_pol_rwlock);
         return;
     }
     /* Xen does not call pre-create hook for DOM0;
@@ -519,19 +513,50 @@ static void chwall_post_domain_create(do
                                            chwall_bin_pol.max_types + j])
                 chwall_bin_pol.conflict_aggregate_set[j]++;
     }
+    return;
+}
+
+
+/*
+ * To be called when creating a domain. If this call is unsuccessful,
+ * no state changes have occurred (adjustments of counters etc.). If it
+ * was successful, state was changed and can be undone using
+ * chwall_domain_destroy.
+ */
+static int chwall_domain_create(void *subject_ssid, ssidref_t ssidref,
+                                domid_t domid)
+{
+    int rc;
+    read_lock(&acm_bin_pol_rwlock);
+    rc = _chwall_pre_domain_create(subject_ssid, ssidref);
+    if (rc == ACM_ACCESS_PERMITTED) {
+        _chwall_post_domain_create(domid, ssidref);
+    }
     read_unlock(&acm_bin_pol_rwlock);
-    return;
-}
-
-static void
-chwall_fail_domain_create(void *subject_ssid, ssidref_t ssidref)
+    return rc;
+}
+
+/*
+ * This function undoes everything a successful call to
+ * chwall_domain_create has done.
+ */
+static void chwall_domain_destroy(void *object_ssid, struct domain *d)
 {
     int i, j;
-    ssidref_t chwall_ssidref;
+    struct chwall_ssid *chwall_ssidp = GET_SSIDP(ACM_CHINESE_WALL_POLICY,
+                                                 (struct acm_ssid_domain *)
+                                                 object_ssid);
+    ssidref_t chwall_ssidref = chwall_ssidp->chwall_ssidref;
+
     traceprintk("%s.\n", __func__);
 
     read_lock(&acm_bin_pol_rwlock);
-    chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref);
+    /* adjust running types set */
+    for (i = 0; i < chwall_bin_pol.max_types; i++)
+        chwall_bin_pol.running_types[i] -=
+            chwall_bin_pol.ssidrefs[chwall_ssidref *
+                                   chwall_bin_pol.max_types + i];
+
     /* roll-back: re-adjust conflicting types aggregate */
     for (i = 0; i < chwall_bin_pol.max_conflictsets; i++)
     {
@@ -557,51 +582,6 @@ chwall_fail_domain_create(void *subject_
                 chwall_bin_pol.conflict_aggregate_set[j]--;
     }
     read_unlock(&acm_bin_pol_rwlock);
-}
-
-
-static void chwall_post_domain_destroy(void *object_ssid, domid_t id)
-{
-    int i, j;
-    struct chwall_ssid *chwall_ssidp = GET_SSIDP(ACM_CHINESE_WALL_POLICY,
-                                                 (struct acm_ssid_domain *)
-                                                 object_ssid);
-    ssidref_t chwall_ssidref = chwall_ssidp->chwall_ssidref;
-
-    traceprintk("%s.\n", __func__);
-
-    read_lock(&acm_bin_pol_rwlock);
-    /* adjust running types set */
-    for (i = 0; i < chwall_bin_pol.max_types; i++)
-        chwall_bin_pol.running_types[i] -=
-            chwall_bin_pol.ssidrefs[chwall_ssidref *
-                                   chwall_bin_pol.max_types + i];
-
-    /* roll-back: re-adjust conflicting types aggregate */
-    for (i = 0; i < chwall_bin_pol.max_conflictsets; i++)
-    {
-        int common = 0;
-        /* check if conflict_set_i and ssidref have common types */
-        for (j = 0; j < chwall_bin_pol.max_types; j++)
-            if (chwall_bin_pol.
-                conflict_sets[i * chwall_bin_pol.max_types + j]
-                && chwall_bin_pol.ssidrefs[chwall_ssidref *
-                                          chwall_bin_pol.max_types + j])
-            {
-                common = 1;
-                break;
-            }
-        if (common == 0)
-            continue;           /* try next conflict set, this one does not 
include any type of chwall_ssidref */
-        /* now add types of the conflict set to conflict_aggregate_set (except 
types in chwall_ssidref) */
-        for (j = 0; j < chwall_bin_pol.max_types; j++)
-            if (chwall_bin_pol.
-                conflict_sets[i * chwall_bin_pol.max_types + j]
-                && !chwall_bin_pol.ssidrefs[chwall_ssidref *
-                                           chwall_bin_pol.max_types + j])
-                chwall_bin_pol.conflict_aggregate_set[j]--;
-    }
-    read_unlock(&acm_bin_pol_rwlock);
     return;
 }
 
@@ -614,10 +594,8 @@ struct acm_operations acm_chinesewall_op
     .dump_statistics = chwall_dump_stats,
     .dump_ssid_types = chwall_dump_ssid_types,
     /* domain management control hooks */
-    .pre_domain_create = chwall_pre_domain_create,
-    .post_domain_create = chwall_post_domain_create,
-    .fail_domain_create = chwall_fail_domain_create,
-    .post_domain_destroy = chwall_post_domain_destroy,
+    .domain_create = chwall_domain_create,
+    .domain_destroy = chwall_domain_destroy,
     /* event channel control hooks */
     .pre_eventchannel_unbound = NULL,
     .fail_eventchannel_unbound = NULL,
diff -r 4bbc509a0b3f -r a99093e602c6 xen/acm/acm_null_hooks.c
--- a/xen/acm/acm_null_hooks.c  Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/acm/acm_null_hooks.c  Tue Apr 24 16:52:15 2007 +0100
@@ -62,10 +62,8 @@ struct acm_operations acm_null_ops = {
     .dump_statistics = null_dump_stats,
     .dump_ssid_types = null_dump_ssid_types,
     /* domain management control hooks */
-    .pre_domain_create = NULL,
-    .post_domain_create = NULL,
-    .fail_domain_create = NULL,
-    .post_domain_destroy = NULL,
+    .domain_create = NULL,
+    .domain_destroy = NULL,
     /* event channel control hooks */
     .pre_eventchannel_unbound = NULL,
     .fail_eventchannel_unbound = NULL,
diff -r 4bbc509a0b3f -r a99093e602c6 xen/acm/acm_simple_type_enforcement_hooks.c
--- a/xen/acm/acm_simple_type_enforcement_hooks.c       Tue Apr 24 16:28:37 
2007 +0100
+++ b/xen/acm/acm_simple_type_enforcement_hooks.c       Tue Apr 24 16:52:15 
2007 +0100
@@ -500,11 +500,18 @@ ste_pre_domain_create(void *subject_ssid
     return ACM_ACCESS_PERMITTED;
 }
 
+static int
+ste_domain_create(void *subject_ssid, ssidref_t ssidref, domid_t  domid)
+{
+    return ste_pre_domain_create(subject_ssid, ssidref);
+}
+
+
 static void 
-ste_post_domain_destroy(void *subject_ssid, domid_t id)
+ste_domain_destroy(void *subject_ssid, struct domain *d)
 {
     /* clean all cache entries for destroyed domain (might be re-used) */
-    clean_id_from_cache(id);
+    clean_id_from_cache(d->domain_id);
 }
 
 /* -------- EVENTCHANNEL OPERATIONS -----------*/
@@ -685,10 +692,8 @@ struct acm_operations acm_simple_type_en
     .dump_ssid_types        = ste_dump_ssid_types,
 
     /* domain management control hooks */
-    .pre_domain_create       = ste_pre_domain_create,
-    .post_domain_create     = NULL,
-    .fail_domain_create     = NULL,
-    .post_domain_destroy    = ste_post_domain_destroy,
+    .domain_create = ste_domain_create,
+    .domain_destroy    = ste_domain_destroy,
 
     /* event channel control hooks */
     .pre_eventchannel_unbound   = ste_pre_eventchannel_unbound,
diff -r 4bbc509a0b3f -r a99093e602c6 xen/arch/ia64/xen/xensetup.c
--- a/xen/arch/ia64/xen/xensetup.c      Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/arch/ia64/xen/xensetup.c      Tue Apr 24 16:52:15 2007 +0100
@@ -421,7 +421,7 @@ void start_kernel(void)
 
     scheduler_init();
     idle_vcpu[0] = (struct vcpu*) ia64_r13;
-    idle_domain = domain_create(IDLE_DOMAIN_ID, 0);
+    idle_domain = domain_create(IDLE_DOMAIN_ID, 0, 0);
     if ( (idle_domain == NULL) || (alloc_vcpu(idle_domain, 0, 0) == NULL) )
         BUG();
 
@@ -508,7 +508,7 @@ printk("num_online_cpus=%d, max_cpus=%d\
     expose_p2m_init();
 
     /* Create initial domain 0. */
-    dom0 = domain_create(0, 0);
+    dom0 = domain_create(0, 0, DOM0_SSIDREF);
     if (dom0 == NULL)
         panic("Error creating domain 0\n");
     dom0_vcpu0 = alloc_vcpu(dom0, 0, 0);
diff -r 4bbc509a0b3f -r a99093e602c6 xen/arch/powerpc/setup.c
--- a/xen/arch/powerpc/setup.c  Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/arch/powerpc/setup.c  Tue Apr 24 16:52:15 2007 +0100
@@ -162,7 +162,7 @@ static void __init start_of_day(void)
     scheduler_init();
 
     /* create idle domain */
-    idle_domain = domain_create(IDLE_DOMAIN_ID, 0);
+    idle_domain = domain_create(IDLE_DOMAIN_ID, 0, 0);
     if ((idle_domain == NULL) || (alloc_vcpu(idle_domain, 0, 0) == NULL))
         BUG();
     set_current(idle_domain->vcpu[0]);
@@ -370,7 +370,7 @@ static void __init __start_xen(multiboot
     percpu_free_unused_areas();
 
     /* Create initial domain 0. */
-    dom0 = domain_create(0, 0);
+    dom0 = domain_create(0, 0, DOM0_SSIDREF);
     if (dom0 == NULL)
         panic("Error creating domain 0\n");
 
@@ -379,9 +379,6 @@ static void __init __start_xen(multiboot
     dom0->vcpu[0]->cpu_affinity = cpumask_of_cpu(0);
 
     dom0->is_privileged = 1;
-
-    /* Post-create hook sets security label. */
-    acm_post_domain0_create(dom0->domain_id);
 
     cmdline = (char *)(mod[0].string ? __va((ulong)mod[0].string) : NULL);
 
diff -r 4bbc509a0b3f -r a99093e602c6 xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c      Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/arch/x86/setup.c      Tue Apr 24 16:52:15 2007 +0100
@@ -254,7 +254,7 @@ static void __init init_idle_domain(void
     /* Domain creation requires that scheduler structures are initialised. */
     scheduler_init();
 
-    idle_domain = domain_create(IDLE_DOMAIN_ID, 0);
+    idle_domain = domain_create(IDLE_DOMAIN_ID, 0, 0);
     if ( (idle_domain == NULL) || (alloc_vcpu(idle_domain, 0, 0) == NULL) )
         BUG();
 
@@ -727,14 +727,11 @@ void __init __start_xen(multiboot_info_t
     acm_init(_policy_start, _policy_len);
 
     /* Create initial domain 0. */
-    dom0 = domain_create(0, 0);
+    dom0 = domain_create(0, 0, DOM0_SSIDREF);
     if ( (dom0 == NULL) || (alloc_vcpu(dom0, 0, 0) == NULL) )
         panic("Error creating domain 0\n");
 
     dom0->is_privileged = 1;
-
-    /* Post-create hook sets security label. */
-    acm_post_domain0_create(dom0->domain_id);
 
     /* Grab the DOM0 command line. */
     cmdline = (char *)(mod[0].string ? __va(mod[0].string) : NULL);
diff -r 4bbc509a0b3f -r a99093e602c6 xen/common/domain.c
--- a/xen/common/domain.c       Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/common/domain.c       Tue Apr 24 16:52:15 2007 +0100
@@ -28,6 +28,7 @@
 #include <asm/debugger.h>
 #include <public/sched.h>
 #include <public/vcpu.h>
+#include <acm/acm_hooks.h>
 
 /* Protect updates/reads (resp.) of domain_list and domain_hash. */
 DEFINE_SPINLOCK(domlist_update_lock);
@@ -178,7 +179,7 @@ struct vcpu *alloc_idle_vcpu(unsigned in
         return v;
 
     d = (vcpu_id == 0) ?
-        domain_create(IDLE_DOMAIN_ID, 0) :
+        domain_create(IDLE_DOMAIN_ID, 0, 0) :
         idle_vcpu[cpu_id - vcpu_id]->domain;
     BUG_ON(d == NULL);
 
@@ -188,7 +189,8 @@ struct vcpu *alloc_idle_vcpu(unsigned in
     return v;
 }
 
-struct domain *domain_create(domid_t domid, unsigned int domcr_flags)
+struct domain *domain_create(
+    domid_t domid, unsigned int domcr_flags, ssidref_t ssidref)
 {
     struct domain *d, **pd;
 
@@ -210,18 +212,21 @@ struct domain *domain_create(domid_t dom
 
         if ( grant_table_create(d) != 0 )
             goto fail2;
+
+        if ( acm_domain_create(d, ssidref) != 0 )
+            goto fail3;
     }
 
     if ( arch_domain_create(d) != 0 )
-        goto fail3;
+        goto fail4;
 
     d->iomem_caps = rangeset_new(d, "I/O Memory", RANGESETF_prettyprint_hex);
     d->irq_caps   = rangeset_new(d, "Interrupts", 0);
     if ( (d->iomem_caps == NULL) || (d->irq_caps == NULL) )
-        goto fail4;
+        goto fail5;
 
     if ( sched_init_domain(d) != 0 )
-        goto fail4;
+        goto fail5;
 
     if ( !is_idle_domain(d) )
     {
@@ -243,8 +248,11 @@ struct domain *domain_create(domid_t dom
 
     return d;
 
+ fail5:
+    arch_domain_destroy(d);
  fail4:
-    arch_domain_destroy(d);
+    if ( !is_idle_domain(d) )
+        acm_domain_destroy(d);
  fail3:
     if ( !is_idle_domain(d) )
         grant_table_destroy(d);
@@ -313,6 +321,7 @@ void domain_kill(struct domain *d)
         return;
     }
 
+    acm_domain_destroy(d);
     gnttab_release_mappings(d);
     domain_relinquish_resources(d);
     put_domain(d);
diff -r 4bbc509a0b3f -r a99093e602c6 xen/common/domctl.c
--- a/xen/common/domctl.c       Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/common/domctl.c       Tue Apr 24 16:52:15 2007 +0100
@@ -176,7 +176,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
 {
     long ret = 0;
     struct xen_domctl curop, *op = &curop;
-    void *ssid = NULL; /* save security ptr between pre and post/fail hooks */
     static DEFINE_SPINLOCK(domctl_lock);
 
     if ( !IS_PRIV(current->domain) )
@@ -187,9 +186,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
 
     if ( op->interface_version != XEN_DOMCTL_INTERFACE_VERSION )
         return -EACCES;
-
-    if ( acm_pre_domctl(op, &ssid) )
-        return -EPERM;
 
     spin_lock(&domctl_lock);
 
@@ -334,7 +330,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
             domcr_flags |= DOMCRF_hvm;
 
         ret = -ENOMEM;
-        if ( (d = domain_create(dom, domcr_flags)) == NULL )
+        d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref);
+        if ( d == NULL )
             break;
 
         ret = 0;
@@ -716,11 +713,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
     }
 
     spin_unlock(&domctl_lock);
-
-    if ( ret == 0 )
-        acm_post_domctl(op, &ssid);
-    else
-        acm_fail_domctl(op, &ssid);
 
     return ret;
 }
diff -r 4bbc509a0b3f -r a99093e602c6 xen/include/acm/acm_hooks.h
--- a/xen/include/acm/acm_hooks.h       Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/include/acm/acm_hooks.h       Tue Apr 24 16:52:15 2007 +0100
@@ -96,10 +96,9 @@ struct acm_operations {
     int  (*dump_statistics)            (u8 *buffer, u16 buf_size);
     int  (*dump_ssid_types)            (ssidref_t ssidref, u8 *buffer, u16 
buf_size);
     /* domain management control hooks (can be NULL) */
-    int  (*pre_domain_create)          (void *subject_ssid, ssidref_t ssidref);
-    void (*post_domain_create)         (domid_t domid, ssidref_t ssidref);
-    void (*fail_domain_create)         (void *subject_ssid, ssidref_t ssidref);
-    void (*post_domain_destroy)        (void *object_ssid, domid_t id);
+    int  (*domain_create)              (void *subject_ssid, ssidref_t ssidref,
+                                        domid_t domid);
+    void (*domain_destroy)             (void *object_ssid, struct domain *d);
     /* event channel control hooks  (can be NULL) */
     int  (*pre_eventchannel_unbound)      (domid_t id1, domid_t id2);
     void (*fail_eventchannel_unbound)     (domid_t id1, domid_t id2);
@@ -128,73 +127,32 @@ extern struct acm_operations *acm_second
 # define traceprintk(fmt, args...)
 #endif
 
+
 #ifndef ACM_SECURITY
 
-static inline int acm_pre_domctl(struct xen_domctl *op, void **ssid) 
-{ return 0; }
-static inline void acm_post_domctl(struct xen_domctl *op, void *ssid) 
+static inline int acm_pre_eventchannel_unbound(domid_t id1, domid_t id2)
+{ return 0; }
+static inline int acm_pre_eventchannel_interdomain(domid_t id)
+{ return 0; }
+static inline int acm_pre_grant_map_ref(domid_t id) 
+{ return 0; }
+static inline int acm_pre_grant_setup(domid_t id) 
+{ return 0; }
+static inline int acm_init(char *policy_start, unsigned long policy_len)
+{ return 0; }
+static inline int acm_is_policy(char *buf, unsigned long len)
+{ return 0; }
+static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2)
+{ return 0; }
+static inline int acm_domain_create(struct domain *d, ssidref_t ssidref)
+{ return 0; }
+static inline void acm_domain_destroy(struct domain *d)
 { return; }
-static inline void acm_fail_domctl(struct xen_domctl *op, void *ssid) 
-{ return; }
-static inline int acm_pre_eventchannel_unbound(domid_t id1, domid_t id2)
-{ return 0; }
-static inline int acm_pre_eventchannel_interdomain(domid_t id)
-{ return 0; }
-static inline int acm_pre_grant_map_ref(domid_t id) 
-{ return 0; }
-static inline int acm_pre_grant_setup(domid_t id) 
-{ return 0; }
-static inline int acm_init(char *policy_start, unsigned long policy_len)
-{ return 0; }
-static inline int acm_is_policy(char *buf, unsigned long len)
-{ return 0; }
-static inline void acm_post_domain0_create(domid_t domid) 
-{ return; }
-static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2)
-{ return 0; }
+
+#define DOM0_SSIDREF 0x0
 
 #else
 
-static inline int acm_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
-{
-    if ((acm_primary_ops->pre_domain_create != NULL) && 
-        acm_primary_ops->pre_domain_create(subject_ssid, ssidref))
-        return ACM_ACCESS_DENIED;
-    else if ((acm_secondary_ops->pre_domain_create != NULL) && 
-             acm_secondary_ops->pre_domain_create(subject_ssid, ssidref)) {
-        /* roll-back primary */
-        if (acm_primary_ops->fail_domain_create != NULL)
-            acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
-        return ACM_ACCESS_DENIED;
-    } else
-        return ACM_ACCESS_PERMITTED;
-}
-
-static inline void acm_post_domain_create(domid_t domid, ssidref_t ssidref)
-{
-    if (acm_primary_ops->post_domain_create != NULL)
-        acm_primary_ops->post_domain_create(domid, ssidref);
-    if (acm_secondary_ops->post_domain_create != NULL)
-        acm_secondary_ops->post_domain_create(domid, ssidref);
-}
-
-static inline void acm_fail_domain_create(
-    void *subject_ssid, ssidref_t ssidref)
-{
-    if (acm_primary_ops->fail_domain_create != NULL)
-        acm_primary_ops->fail_domain_create(subject_ssid, ssidref);
-    if (acm_secondary_ops->fail_domain_create != NULL)
-        acm_secondary_ops->fail_domain_create(subject_ssid, ssidref);
-}
-
-static inline void acm_post_domain_destroy(void *object_ssid, domid_t id)
-{
-    if (acm_primary_ops->post_domain_destroy != NULL)
-        acm_primary_ops->post_domain_destroy(object_ssid, id);
-    if (acm_secondary_ops->post_domain_destroy != NULL)
-        acm_secondary_ops->post_domain_destroy(object_ssid, id);
-    return;
-}
 
 static inline int acm_pre_eventchannel_unbound(domid_t id1, domid_t id2)
 {
@@ -226,85 +184,6 @@ static inline int acm_pre_eventchannel_i
         return ACM_ACCESS_PERMITTED;
 }
 
-static inline int acm_pre_domctl(struct xen_domctl *op, void **ssid) 
-{
-    int ret = -EACCES;
-    struct domain *d;
-
-    switch(op->cmd) {
-    case XEN_DOMCTL_createdomain:
-        ret = acm_pre_domain_create(
-            current->domain->ssid, op->u.createdomain.ssidref);
-        break;
-    case XEN_DOMCTL_destroydomain:
-        if (*ssid != NULL) {
-            printkd("%s: Warning. Overlapping destruction.\n", 
-                    __func__);
-            return -EACCES;
-        }
-        d = rcu_lock_domain_by_id(op->domain);
-        if (d != NULL) {
-            *ssid = d->ssid; /* save for post destroy when d is gone */
-            if (*ssid == NULL) {
-                printk("%s: Warning. Destroying domain without ssid 
pointer.\n", 
-                       __func__);
-                rcu_unlock_domain(d);
-                return -EACCES;
-            }
-            d->ssid = NULL; /* make sure it's not used any more */
-             /* no policy-specific hook */
-            rcu_unlock_domain(d);
-            ret = 0;
-        }
-        break;
-    default:
-        ret = 0; /* ok */
-    }
-    return ret;
-}
-
-static inline void acm_post_domctl(struct xen_domctl *op, void **ssid)
-{
-    switch(op->cmd) {
-    case XEN_DOMCTL_createdomain:
-        /* initialialize shared sHype security labels for new domain */
-        acm_init_domain_ssid(
-            op->domain, op->u.createdomain.ssidref);
-        acm_post_domain_create(
-            op->domain, op->u.createdomain.ssidref);
-        break;
-    case XEN_DOMCTL_destroydomain:
-        if (*ssid == NULL) {
-            printkd("%s: ERROR. SSID unset.\n",
-                    __func__);
-            break;
-        }
-        acm_post_domain_destroy(*ssid, op->domain);
-        /* free security ssid for the destroyed domain (also if null policy */
-        acm_free_domain_ssid((struct acm_ssid_domain *)(*ssid));
-        *ssid = NULL;
-        break;
-    }
-}
-
-static inline void acm_fail_domctl(struct xen_domctl *op, void **ssid)
-{
-    switch(op->cmd) {
-    case XEN_DOMCTL_createdomain:
-        acm_fail_domain_create(
-            current->domain->ssid, op->u.createdomain.ssidref);
-        break;
-    case XEN_DOMCTL_destroydomain:
-        /*  we don't handle domain destroy failure but at least free the ssid 
*/
-        if (*ssid == NULL) {
-            printkd("%s: ERROR. SSID unset.\n",
-                    __func__);
-            break;
-        }
-        acm_free_domain_ssid((struct acm_ssid_domain *)(*ssid));
-        *ssid = NULL;
-    }
-}
 
 static inline int acm_pre_grant_map_ref(domid_t id)
 {
@@ -348,14 +227,51 @@ static inline int acm_pre_grant_setup(do
     }
 }
 
-static inline void acm_post_domain0_create(domid_t domid)
-{
-    /* initialialize shared sHype security labels for new domain */
-    int dom0_ssidref = dom0_ste_ssidref << 16 | dom0_chwall_ssidref;
-
-    acm_init_domain_ssid(domid, dom0_ssidref);
-    acm_post_domain_create(domid, dom0_ssidref);
-}
+
+static inline int acm_domain_create(struct domain *d, ssidref_t ssidref)
+{
+    void *subject_ssid = current->domain->ssid;
+    domid_t domid = d->domain_id;
+    int rc;
+
+    /*
+       To be called when a domain is created; returns '0' if the
+       domain is allowed to be created, != '0' if not.
+     */
+    rc = acm_init_domain_ssid_new(d, ssidref);
+    if (rc != ACM_OK)
+        return rc;
+
+    if ((acm_primary_ops->domain_create != NULL) &&
+        acm_primary_ops->domain_create(subject_ssid, ssidref, domid)) {
+        return ACM_ACCESS_DENIED;
+    } else if ((acm_secondary_ops->domain_create != NULL) &&
+                acm_secondary_ops->domain_create(subject_ssid, ssidref,
+                                                 domid)) {
+        /* roll-back primary */
+        if (acm_primary_ops->domain_destroy != NULL)
+            acm_primary_ops->domain_destroy(d->ssid, d);
+        acm_free_domain_ssid(d->ssid);
+        return ACM_ACCESS_DENIED;
+    }
+
+    return 0;
+}
+
+
+static inline void acm_domain_destroy(struct domain *d)
+{
+    void *ssid = d->ssid;
+    if (ssid != NULL) {
+        if (acm_primary_ops->domain_destroy != NULL)
+            acm_primary_ops->domain_destroy(ssid, d);
+        if (acm_secondary_ops->domain_destroy != NULL)
+            acm_secondary_ops->domain_destroy(ssid, d);
+        /* free security ssid for the destroyed domain (also if null policy */
+        acm_free_domain_ssid((struct acm_ssid_domain *)(ssid));
+    }
+}
+
 
 static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2)
 {
@@ -374,6 +290,8 @@ extern int acm_init(char *policy_start, 
 
 /* Return true iff buffer has an acm policy magic number.  */
 extern int acm_is_policy(char *buf, unsigned long len);
+
+#define DOM0_SSIDREF (dom0_ste_ssidref << 16 | dom0_chwall_ssidref)
 
 #endif
 
diff -r 4bbc509a0b3f -r a99093e602c6 xen/include/xen/sched.h
--- a/xen/include/xen/sched.h   Tue Apr 24 16:28:37 2007 +0100
+++ b/xen/include/xen/sched.h   Tue Apr 24 16:52:15 2007 +0100
@@ -10,6 +10,7 @@
 #include <public/xen.h>
 #include <public/domctl.h>
 #include <public/vcpu.h>
+#include <public/acm.h>
 #include <xen/time.h>
 #include <xen/timer.h>
 #include <xen/grant_table.h>
@@ -296,7 +297,8 @@ static inline struct domain *get_current
     return d;
 }
 
-struct domain *domain_create(domid_t domid, unsigned int domcr_flags);
+struct domain *domain_create(
+    domid_t domid, unsigned int domcr_flags, ssidref_t ssidref);
  /* DOMCRF_hvm: Create an HVM domain, as opposed to a PV domain. */
 #define _DOMCRF_hvm 0
 #define DOMCRF_hvm  (1U<<_DOMCRF_hvm)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] acm: Code restructuring on domain create/destroy., Xen patchbot-unstable <=