|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 01/10] xsm: Add security labels to event-channel dump
In FLASK, event channel labels are distinct from the labels of the
domain using them. When debugging policy issues, it is useful to be able
to view the current label of event channels; add this label to the event
channel dump.
This patch also adds the IRQ associated with a PIRQ for event channels
bound to a PIRQ, and moves the xen_consumer flag to the front to create
more consistent alignment in the output.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
xen/common/event_channel.c | 19 +++++++++++++++----
xen/include/xsm/xsm.h | 6 ++++++
xen/xsm/dummy.c | 6 ++++++
xen/xsm/flask/hooks.c | 30 ++++++++++++++++++++++++++++++
4 files changed, 57 insertions(+), 4 deletions(-)
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index f784254..989ebae 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -1256,6 +1256,7 @@ void evtchn_move_pirqs(struct vcpu *v)
static void domain_dump_evtchn_info(struct domain *d)
{
unsigned int port;
+ int irq;
bitmap_scnlistprintf(keyhandler_scratch, sizeof(keyhandler_scratch),
d->poll_mask, d->max_vcpus);
@@ -1268,6 +1269,7 @@ static void domain_dump_evtchn_info(struct domain *d)
for ( port = 1; port < MAX_EVTCHNS(d); ++port )
{
const struct evtchn *chn;
+ char *ssid;
if ( !port_is_valid(d, port) )
continue;
@@ -1275,11 +1277,12 @@ static void domain_dump_evtchn_info(struct domain *d)
if ( chn->state == ECS_FREE )
continue;
- printk(" %4u [%d/%d]: s=%d n=%d",
+ printk(" %4u [%d/%d]: s=%d n=%d x=%d",
port,
!!test_bit(port, &shared_info(d, evtchn_pending)),
!!test_bit(port, &shared_info(d, evtchn_mask)),
- chn->state, chn->notify_vcpu_id);
+ chn->state, chn->notify_vcpu_id, chn->xen_consumer);
+
switch ( chn->state )
{
case ECS_UNBOUND:
@@ -1291,13 +1294,21 @@ static void domain_dump_evtchn_info(struct domain *d)
chn->u.interdomain.remote_port);
break;
case ECS_PIRQ:
- printk(" p=%d", chn->u.pirq.irq);
+ irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+ printk(" p=%d i=%d", chn->u.pirq.irq, irq);
break;
case ECS_VIRQ:
printk(" v=%d", chn->u.virq);
break;
}
- printk(" x=%d\n", chn->xen_consumer);
+
+ ssid = xsm_show_security_evtchn(d, chn);
+ if (ssid) {
+ printk(" Z=%s\n", ssid);
+ xfree(ssid);
+ } else {
+ printk("\n");
+ }
}
spin_unlock(&d->event_lock);
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index e3cae60..92204b3 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -99,6 +99,7 @@ struct xsm_operations {
void (*free_security_domain) (struct domain *d);
int (*alloc_security_evtchn) (struct evtchn *chn);
void (*free_security_evtchn) (struct evtchn *chn);
+ char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
int (*get_pod_target) (struct domain *d);
int (*set_pod_target) (struct domain *d);
@@ -424,6 +425,11 @@ static inline void xsm_free_security_evtchn (struct evtchn
*chn)
(void)xsm_call(free_security_evtchn(chn));
}
+static inline char *xsm_show_security_evtchn (struct domain *d, const struct
evtchn *chn)
+{
+ return xsm_call(show_security_evtchn(d, chn));
+}
+
static inline int xsm_get_pod_target (struct domain *d)
{
return xsm_call(get_pod_target(d));
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index d99f886..fca9d7b 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -290,6 +290,11 @@ static void dummy_free_security_evtchn (struct evtchn *chn)
return;
}
+static char *dummy_show_security_evtchn (struct domain *d, const struct evtchn
*chn)
+{
+ return NULL;
+}
+
static int dummy_test_assign_device (uint32_t machine_bdf)
{
return 0;
@@ -637,6 +642,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
set_to_dummy_if_null(ops, free_security_domain);
set_to_dummy_if_null(ops, alloc_security_evtchn);
set_to_dummy_if_null(ops, free_security_evtchn);
+ set_to_dummy_if_null(ops, show_security_evtchn);
set_to_dummy_if_null(ops, memory_adjust_reservation);
set_to_dummy_if_null(ops, memory_stat_reservation);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 543dc77..d207b1d 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -274,6 +274,35 @@ static void flask_free_security_evtchn(struct evtchn *chn)
xfree(esec);
}
+static char *flask_show_security_evtchn(struct domain *d, const struct evtchn
*chn)
+{
+ struct evtchn_security_struct *esec;
+ int irq;
+ u32 sid = 0;
+ char *ctx;
+ u32 ctx_len;
+
+ switch ( chn->state )
+ {
+ case ECS_UNBOUND:
+ case ECS_INTERDOMAIN:
+ esec = chn->ssid;
+ if ( esec )
+ sid = esec->sid;
+ break;
+ case ECS_PIRQ:
+ irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+ if (irq)
+ security_irq_sid(irq, &sid);
+ break;
+ }
+ if ( !sid )
+ return NULL;
+ if (security_sid_to_context(sid, &ctx, &ctx_len))
+ return NULL;
+ return ctx;
+}
+
static int flask_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
@@ -1499,6 +1528,7 @@ static struct xsm_operations flask_ops = {
.free_security_domain = flask_domain_free_security,
.alloc_security_evtchn = flask_alloc_security_evtchn,
.free_security_evtchn = flask_free_security_evtchn,
+ .show_security_evtchn = flask_show_security_evtchn,
.get_pod_target = flask_get_pod_target,
.set_pod_target = flask_set_pod_target,
--
1.7.7.6
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |