Xen project Mailing List

[Xen-changelog] Attached is the patch that changes the default ssid from 0xffffffff to 0

From: BitKeeper Bot <riel@xxxxxxxxxxx>

Date: Sun, 26 Jun 2005 12:08:53 +0000

Delivery-date: Sun, 26 Jun 2005 13:01:06 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

ChangeSet 1.1757, 2005/06/26 13:08:53+01:00, kaf24@xxxxxxxxxxxxxxxxxxxx Attached is the patch that changes the default ssid from 0xffffffff to 0 as discussed in previous emails. Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> tools/policy/policy_tool.c | 44 ++++++++++++++-------------- tools/python/xen/lowlevel/xc/xc.c | 2 - tools/python/xen/xm/main.py | 6 +-- xen/acm/acm_chinesewall_hooks.c | 9 +++-- xen/acm/acm_simple_type_enforcement_hooks.c | 18 ++++++----- xen/include/acm/acm_hooks.h | 2 - xen/include/public/acm.h | 4 +- xen/include/public/dom0_ops.h | 2 - xen/include/public/policy_ops.h | 2 - 9 files changed, 46 insertions(+), 43 deletions(-) diff -Nru a/tools/policy/policy_tool.c b/tools/policy/policy_tool.c --- a/tools/policy/policy_tool.c 2005-06-26 09:02:13 -04:00 +++ b/tools/policy/policy_tool.c 2005-06-26 09:02:13 -04:00 @@ -234,14 +234,14 @@ /*************************** set policy ****************************/ int acm_domain_set_chwallpolicy(void *bufstart, int buflen) { -#define CWALL_MAX_SSIDREFS 5 +#define CWALL_MAX_SSIDREFS 6 #define CWALL_MAX_TYPES 10 #define CWALL_MAX_CONFLICTSETS 2 struct acm_chwall_policy_buffer *chwall_bin_pol = (struct acm_chwall_policy_buffer *)bufstart; domaintype_t *ssidrefs, *conflicts; int ret = 0; - int i,j; + int j; chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES); chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS); @@ -261,13 +261,13 @@ return -1; /* not enough space */ ssidrefs = (domaintype_t *)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset)); - for(i=0; i< CWALL_MAX_SSIDREFS; i++) { - for (j=0; j< CWALL_MAX_TYPES; j++) - ssidrefs[i*CWALL_MAX_TYPES + j] = htons(0); - /* here, set type i for ssidref i; generally, a ssidref can have multiple chwall types */ - if (i < CWALL_MAX_SSIDREFS) - ssidrefs[i*CWALL_MAX_TYPES + i] = htons(1); - } + memset(ssidrefs, 0, CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t)); + + /* now set type j-1 for ssidref i+1 */ + for(j=0; j<= CWALL_MAX_SSIDREFS; j++) + if ((0 < j) &&( j <= CWALL_MAX_TYPES)) + ssidrefs[j*CWALL_MAX_TYPES + j - 1] = htons(1); + ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t); if ((buflen - ret) < (CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t))) return -1; /* not enough space */ @@ -276,10 +276,10 @@ conflicts = (domaintype_t *)(bufstart + ntohs(chwall_bin_pol->chwall_conflict_sets_offset)); memset((void *)conflicts, 0, CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)); - /* just 1 conflict set [0]={2,3}, [1]={0,5,6} */ + /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */ if (CWALL_MAX_TYPES > 3) { conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */ - conflicts[CWALL_MAX_TYPES] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); + conflicts[CWALL_MAX_TYPES+1] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */ } ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES; @@ -287,12 +287,12 @@ } int acm_domain_set_stepolicy(void *bufstart, int buflen) { -#define STE_MAX_SSIDREFS 5 -#define STE_MAX_TYPES 5 +#define STE_MAX_SSIDREFS 6 +#define STE_MAX_TYPES 5 struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer *)bufstart; domaintype_t *ssidrefs; - int i,j, ret = 0; + int j, ret = 0; ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES); ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS); @@ -304,14 +304,14 @@ return -1; /* not enough space */ ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset)); - for(i=0; i< STE_MAX_SSIDREFS; i++) { - for (j=0; j< STE_MAX_TYPES; j++) - ssidrefs[i*STE_MAX_TYPES + j] = htons(0); - /* set type i in ssidref 0 and ssidref i */ - ssidrefs[i] = htons(1); /* ssidref 0 has all types set */ - if (i < STE_MAX_SSIDREFS) - ssidrefs[i*STE_MAX_TYPES + i] = htons(1); - } + memset(ssidrefs, 0, STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t)); + /* all types 1 for ssidref 1 */ + for(j=0; j< STE_MAX_TYPES; j++) + ssidrefs[1*STE_MAX_TYPES +j] = htons(1); + /* now set type j-1 for ssidref j */ + for(j=0; j< STE_MAX_SSIDREFS; j++) + if ((0 < j) &&( j <= STE_MAX_TYPES)) + ssidrefs[j*STE_MAX_TYPES + j - 1] = htons(1); ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t); return ret; } diff -Nru a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c --- a/tools/python/xen/lowlevel/xc/xc.c 2005-06-26 09:02:13 -04:00 +++ b/tools/python/xen/lowlevel/xc/xc.c 2005-06-26 09:02:14 -04:00 @@ -78,7 +78,7 @@ u32 dom = 0; int ret; - u32 ssidref = 0xFFFFFFFF; + u32 ssidref = 0x0; static char *kwd_list[] = { "dom", "ssidref", NULL }; diff -Nru a/tools/python/xen/xm/main.py b/tools/python/xen/xm/main.py --- a/tools/python/xen/xm/main.py 2005-06-26 09:02:13 -04:00 +++ b/tools/python/xen/xm/main.py 2005-06-26 09:02:13 -04:00 @@ -399,9 +399,9 @@ d['port'] = sxp.child_value(console, 'console_port') else: d['port'] = '' - if ((int(sxp.child_value(info, 'ssidref', '-1'))) != -1): - d['ssidref1'] = int(sxp.child_value(info, 'ssidref', '-1')) & 0xffff - d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '-1')) >> 16) & 0xffff + if ((int(sxp.child_value(info, 'ssidref', '0'))) != 0): + d['ssidref1'] = int(sxp.child_value(info, 'ssidref', '0')) & 0xffff + d['ssidref2'] = (int(sxp.child_value(info, 'ssidref', '0')) >> 16) & 0xffff print ("%(name)-16s %(dom)3d %(mem)7d %(cpu)3d %(vcpus)5d %(state)5s %(cpu_time)7.1f %(port)4s s:%(ssidref2)02x/p:%(ssidref1)02x" % d) else: print ("%(name)-16s %(dom)3d %(mem)7d %(cpu)3d %(vcpus)5d %(state)5s %(cpu_time)7.1f %(port)4s" % d) diff -Nru a/xen/acm/acm_chinesewall_hooks.c b/xen/acm/acm_chinesewall_hooks.c --- a/xen/acm/acm_chinesewall_hooks.c 2005-06-26 09:02:13 -04:00 +++ b/xen/acm/acm_chinesewall_hooks.c 2005-06-26 09:02:13 -04:00 @@ -50,7 +50,7 @@ { /* minimal startup policy; policy write-locked already */ chwall_bin_pol.max_types = 1; - chwall_bin_pol.max_ssidrefs = 1; + chwall_bin_pol.max_ssidrefs = 2; chwall_bin_pol.max_conflictsets = 1; chwall_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_ssidrefs*chwall_bin_pol.max_types); chwall_bin_pol.conflict_sets = (domaintype_t *)xmalloc_array(domaintype_t, chwall_bin_pol.max_conflictsets*chwall_bin_pol.max_types); @@ -81,9 +81,10 @@ * part of the global ssidref (same way we'll get the partial ssid pointer) */ chwall_ssidp->chwall_ssidref = GET_SSIDREF(ACM_CHINESE_WALL_POLICY, ssidref); - if (chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) { - printkd("%s: ERROR chwall_ssidref(%x) > max(%x).\n", - __func__, chwall_ssidp->chwall_ssidref, chwall_bin_pol.max_ssidrefs-1); + if ((chwall_ssidp->chwall_ssidref >= chwall_bin_pol.max_ssidrefs) || + (chwall_ssidp->chwall_ssidref == ACM_DEFAULT_LOCAL_SSID)) { + printkd("%s: ERROR chwall_ssidref(%x) undefined (>max) or unset (0).\n", + __func__, chwall_ssidp->chwall_ssidref); xfree(chwall_ssidp); return ACM_INIT_SSID_ERROR; } diff -Nru a/xen/acm/acm_simple_type_enforcement_hooks.c b/xen/acm/acm_simple_type_enforcement_hooks.c --- a/xen/acm/acm_simple_type_enforcement_hooks.c 2005-06-26 09:02:13 -04:00 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c 2005-06-26 09:02:13 -04:00 @@ -73,14 +73,15 @@ { /* minimal startup policy; policy write-locked already */ ste_bin_pol.max_types = 1; - ste_bin_pol.max_ssidrefs = 1; - ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 1); - + ste_bin_pol.max_ssidrefs = 2; + ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 2); + memset(ste_bin_pol.ssidrefs, 0, 2); + if (ste_bin_pol.ssidrefs == NULL) return ACM_INIT_SSID_ERROR; - /* initialize state */ - ste_bin_pol.ssidrefs[0] = 1; + /* initialize state so that dom0 can start up and communicate with itself */ + ste_bin_pol.ssidrefs[1] = 1; /* init stats */ atomic_set(&(ste_bin_pol.ec_eval_count), 0); @@ -106,9 +107,10 @@ /* get policy-local ssid reference */ ste_ssidp->ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref); - if (ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) { - printkd("%s: ERROR ste_ssidref (%x) > max(%x).\n", - __func__, ste_ssidp->ste_ssidref, ste_bin_pol.max_ssidrefs-1); + if ((ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) || + (ste_ssidp->ste_ssidref == ACM_DEFAULT_LOCAL_SSID)) { + printkd("%s: ERROR ste_ssidref (%x) undefined or unset (0).\n", + __func__, ste_ssidp->ste_ssidref); xfree(ste_ssidp); return ACM_INIT_SSID_ERROR; } diff -Nru a/xen/include/acm/acm_hooks.h b/xen/include/acm/acm_hooks.h --- a/xen/include/acm/acm_hooks.h 2005-06-26 09:02:14 -04:00 +++ b/xen/include/acm/acm_hooks.h 2005-06-26 09:02:14 -04:00 @@ -328,7 +328,7 @@ } /* predefined ssidref for DOM0 used by xen when creating DOM0 */ -#define ACM_DOM0_SSIDREF 0 +#define ACM_DOM0_SSIDREF 0x00010001 static inline void acm_post_domain0_create(domid_t domid) { diff -Nru a/xen/include/public/acm.h b/xen/include/public/acm.h --- a/xen/include/public/acm.h 2005-06-26 09:02:13 -04:00 +++ b/xen/include/public/acm.h 2005-06-26 09:02:13 -04:00 @@ -41,8 +41,8 @@ #endif /* default ssid reference value if not supplied */ -#define ACM_DEFAULT_SSID 0xffffffff -#define ACM_DEFAULT_LOCAL_SSID 0xffff +#define ACM_DEFAULT_SSID 0x0 +#define ACM_DEFAULT_LOCAL_SSID 0x0 /* Internal ACM ERROR types */ #define ACM_OK 0 diff -Nru a/xen/include/public/dom0_ops.h b/xen/include/public/dom0_ops.h --- a/xen/include/public/dom0_ops.h 2005-06-26 09:02:14 -04:00 +++ b/xen/include/public/dom0_ops.h 2005-06-26 09:02:14 -04:00 @@ -19,7 +19,7 @@ * This makes sure that old versions of dom0 tools will stop working in a * well-defined way (rather than crashing the machine, for instance). */ -#define DOM0_INTERFACE_VERSION 0xAAAA1007 +#define DOM0_INTERFACE_VERSION 0xAAAA1008 /************************************************************************/ diff -Nru a/xen/include/public/policy_ops.h b/xen/include/public/policy_ops.h --- a/xen/include/public/policy_ops.h 2005-06-26 09:02:13 -04:00 +++ b/xen/include/public/policy_ops.h 2005-06-26 09:02:13 -04:00 @@ -28,7 +28,7 @@ * This makes sure that old versions of policy tools will stop working in a * well-defined way (rather than crashing the machine, for instance). */ -#define POLICY_INTERFACE_VERSION 0xAAAA0001 +#define POLICY_INTERFACE_VERSION 0xAAAA0002 /************************************************************************/ _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.