[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 6/7] xsm: add platform QoS related xsm policies

To: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Tue, 03 Dec 2013 08:53:52 -0500
Cc: keir@xxxxxxx, Ian.Campbell@xxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, JBeulich@xxxxxxxx
Delivery-date: Tue, 03 Dec 2013 13:54:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 12/03/2013 03:47 AM, Dongxiao Xu wrote:

Add xsm policies for attach/detach pqos services and get CQM info
hypercalls.

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
---
  tools/flask/policy/policy/modules/xen/xen.if |    2 +-
  tools/flask/policy/policy/modules/xen/xen.te |    5 ++++-
  xen/xsm/flask/hooks.c                        |    7 +++++++
  xen/xsm/flask/policy/access_vectors          |   17 ++++++++++++++---
  4 files changed, 26 insertions(+), 5 deletions(-)

[...]

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index b1e2593..6f9f355 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -730,6 +730,10 @@ static int flask_domctl(struct domain *d, int cmd)
      case XEN_DOMCTL_set_max_evtchn:
          return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_MAX_EVTCHN);

+    case XEN_DOMCTL_attach_pqos:
+    case XEN_DOMCTL_detach_pqos:
+        return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__PQOS_OP);
+
      default:
          printk("flask_domctl: Unknown op %d\n", cmd);
          return -EPERM;
@@ -785,6 +789,9 @@ static int flask_sysctl(int cmd)
      case XEN_SYSCTL_numainfo:
          return domain_has_xen(current->domain, XEN__PHYSINFO);

+    case XEN_SYSCTL_getcqminfo:
+        avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, XEN2__PQOS_OP, 
NULL);
+
      default:
          printk("flask_sysctl: Unknown op %d\n", cmd);
          return -EPERM;


This needs to be "return avc_current_has_perm..."

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v4 0/7] enable Cache QoS Monitoring (CQM) feature
  - From: Dongxiao Xu
- [Xen-devel] [PATCH v4 6/7] xsm: add platform QoS related xsm policies
  - From: Dongxiao Xu

Prev by Date: Re: [Xen-devel] [Xen-ARM: Linux] Grant table address, xen_hvm_resume_frames, is a phys_addr not a pfn
Next by Date: Re: [Xen-devel] PVH and mtrr/PAT.........
Previous by thread: [Xen-devel] [PATCH v4 6/7] xsm: add platform QoS related xsm policies
Next by thread: [Xen-devel] [PATCH v4 7/7] tools: enable Cache QoS Monitoring feature for libxl/libxc
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.