Xen project Mailing List

[Xen-changelog] Merging with xen-unstable

From: Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Wed, 03 Aug 2005 05:26:30 -0400

Delivery-date: Wed, 03 Aug 2005 09:29:07 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User djm@xxxxxxxxxxxxxxx # Node ID e173a853dc46f7b7f066a6dea2990a54e2a86295 # Parent 9be7fe98a5565bf8f6297332e0367cd6904f52af # Parent dcdcec634c2d5624988d9f4907ade378ff575c51 Merging with xen-unstable diff -r 9be7fe98a556 -r e173a853dc46 .hgignore --- a/.hgignore Tue Aug 2 10:47:41 2005 +++ b/.hgignore Tue Aug 2 17:20:46 2005 @@ -86,6 +86,8 @@ ^tools/check/\..*$ ^tools/cmdline/.*$ ^tools/cmdline/xen/.*$ +^tools/consoled/consoled$ +^tools/consoled/xc_console$ ^tools/debugger/pdb/pdb$ ^tools/debugger/pdb/linux-[0-9.]*-module/.*\.ko$ ^tools/debugger/pdb/linux-[0-9.]*-module/.*\.mod.c$ @@ -128,8 +130,8 @@ ^tools/misc/xc_shadow$ ^tools/misc/xen_cpuperf$ ^tools/misc/xenperf$ -^tools/policy/policy_tool$ -^tools/policy/xen/.*$ +^tools/security/secpol_tool$ +^tools/security/xen/.*$ ^tools/pygrub/build/.*$ ^tools/python/build/.*$ ^tools/tests/test_x86_emulator$ diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 Tue Aug 2 10:47:41 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 Tue Aug 2 17:20:46 2005 @@ -18,8 +18,8 @@ CONFIG_XEN_NETDEV_BACKEND=y CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y - CONFIG_XEN_NETDEV_GRANT_RX=y +#CONFIG_XEN_NETDEV_GRANT_TX=y +#CONFIG_XEN_NETDEV_GRANT_RX=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 Tue Aug 2 10:47:41 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 Tue Aug 2 17:20:46 2005 @@ -15,8 +15,8 @@ CONFIG_XEN_BLKDEV_GRANT=y CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +#CONFIG_XEN_NETDEV_GRANT_TX=y +#CONFIG_XEN_NETDEV_GRANT_RX=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/arch/xen/i386/mm/fault.c --- a/linux-2.6-xen-sparse/arch/xen/i386/mm/fault.c Tue Aug 2 10:47:41 2005 +++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/fault.c Tue Aug 2 17:20:46 2005 @@ -204,6 +204,63 @@ fastcall void do_invalid_op(struct pt_regs *, unsigned long); +#ifdef CONFIG_X86_PAE +static void dump_fault_path(unsigned long address) +{ + unsigned long *p, page; + + page = __pa(per_cpu(cur_pgd, smp_processor_id())); + p = (unsigned long *)__va(page); + p += (address >> 30) * 2; + printk(KERN_ALERT "%08lx -> *pde = %08lx:%08lx\n", page, p[1], p[0]); + if (p[0] & 1) { + page = p[0] & PAGE_MASK; + address &= 0x3fffffff; + page = machine_to_phys(page); + p = (unsigned long *)__va(page); + p += (address >> 21) * 2; + printk(KERN_ALERT "%08lx -> *pme = %08lx:%08lx\n", page, p[1], p[0]); +#ifndef CONFIG_HIGHPTE + if (p[0] & 1) { + page = p[0] & PAGE_MASK; + address &= 0x001fffff; + page = machine_to_phys(page); + p = (unsigned long *) __va(page); + p += (address >> 12) * 2; + printk(KERN_ALERT "%08lx -> *pte = %08lx:%08lx\n", page, p[1], p[0]); + } +#endif + } +} +#else +static void dump_fault_path(unsigned long address) +{ + unsigned long page; + + page = ((unsigned long *) per_cpu(cur_pgd, smp_processor_id())) + [address >> 22]; + printk(KERN_ALERT "*pde = ma %08lx pa %08lx\n", page, + machine_to_phys(page)); + /* + * We must not directly access the pte in the highpte + * case, the page table might be allocated in highmem. + * And lets rather not kmap-atomic the pte, just in case + * it's allocated already. + */ +#ifndef CONFIG_HIGHPTE + if (page & 1) { + page &= PAGE_MASK; + address &= 0x003ff000; + page = machine_to_phys(page); + page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT]; + printk(KERN_ALERT "*pte = ma %08lx pa %08lx\n", page, + machine_to_phys(page)); + } +#endif +} +#endif + + /* * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate @@ -220,7 +277,6 @@ struct task_struct *tsk; struct mm_struct *mm; struct vm_area_struct * vma; - unsigned long page; int write; siginfo_t info; @@ -454,26 +510,7 @@ printk(" at virtual address %08lx\n",address); printk(KERN_ALERT " printing eip:\n"); printk("%08lx\n", regs->eip); - page = ((unsigned long *) per_cpu(cur_pgd, smp_processor_id())) - [address >> 22]; - printk(KERN_ALERT "*pde = ma %08lx pa %08lx\n", page, - machine_to_phys(page)); - /* - * We must not directly access the pte in the highpte - * case, the page table might be allocated in highmem. - * And lets rather not kmap-atomic the pte, just in case - * it's allocated already. - */ -#ifndef CONFIG_HIGHPTE - if (page & 1) { - page &= PAGE_MASK; - address &= 0x003ff000; - page = machine_to_phys(page); - page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT]; - printk(KERN_ALERT "*pte = ma %08lx pa %08lx\n", page, - machine_to_phys(page)); - } -#endif + dump_fault_path(address); die("Oops", regs, error_code); bust_spinlocks(0); do_exit(SIGKILL); diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c --- a/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c Tue Aug 2 10:47:41 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c Tue Aug 2 17:20:46 2005 @@ -5,6 +5,7 @@ * * Copyright (c) 2003, B Dragovic * Copyright (c) 2003-2004, M Williamson, K Fraser + * Copyright (c) 2005 Dan M. Smith, IBM Corporation * * This file may be distributed separately from the Linux kernel, or * incorporated into other software packages, subject to the following license: @@ -42,7 +43,6 @@ #include <linux/vmalloc.h> #include <asm-xen/xen_proc.h> #include <asm-xen/hypervisor.h> -#include <asm-xen/ctrl_if.h> #include <asm-xen/balloon.h> #include <asm/pgalloc.h> #include <asm/pgtable.h> @@ -50,6 +50,10 @@ #include <asm/tlb.h> #include <linux/list.h> +#include<asm-xen/xenbus.h> + +#define PAGES2KB(_p) ((_p)<<(PAGE_SHIFT-10)) + static struct proc_dir_entry *balloon_pde; static DECLARE_MUTEX(balloon_mutex); @@ -77,11 +81,17 @@ static DECLARE_WORK(balloon_worker, balloon_process, NULL); static struct timer_list balloon_timer; +/* Flag for dom0 xenstore workaround */ +static int balloon_xenbus_init=0; + +/* Init Function */ +void balloon_init_watcher(void); + #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) /* Use the private and mapping fields of struct page as a list. */ #define PAGE_TO_LIST(p) ( (struct list_head *)&p->private ) #define LIST_TO_PAGE(l) ( list_entry( ((unsigned long *)l), \ - struct page, private ) ) + struct page, private ) ) #define UNLIST_PAGE(p) do { list_del(PAGE_TO_LIST(p)); \ p->mapping = NULL; \ p->private = 0; } while(0) @@ -297,25 +307,96 @@ schedule_work(&balloon_worker); } -static void balloon_ctrlif_rx(ctrl_msg_t *msg, unsigned long id) -{ - switch ( msg->subtype ) - { - case CMSG_MEM_REQUEST_SET: - { - mem_request_t *req = (mem_request_t *)&msg->msg[0]; - set_new_target(req->target); - req->status = 0; - } - break; - - default: - msg->length = 0; - break; - } - - ctrl_if_send_response(msg); -} +static struct xenbus_watch xb_watch = +{ + .node = "memory" +}; + +/* FIXME: This is part of a dom0 sequencing workaround */ +static struct xenbus_watch root_watch = +{ + .node = "/" +}; + +/* React to a change in the target key */ +static void watch_target(struct xenbus_watch *watch, const char *node) +{ + unsigned long new_target; + int err; + + if(watch == &root_watch) + { + /* FIXME: This is part of a dom0 sequencing workaround */ + if(register_xenbus_watch(&xb_watch) == 0) + { + /* + We successfully set a watch on memory/target: + now we can stop watching root + */ + unregister_xenbus_watch(&root_watch); + balloon_xenbus_init=1; + } + else + { + return; + } + } + + err = xenbus_scanf("memory", "target", "%lu", &new_target); + + if(err != 1) + { + IPRINTK("Unable to read memory/target\n"); + return; + } + + set_new_target(new_target >> PAGE_SHIFT); + +} + +/* + Try to set up our watcher, if not already set + +*/ +void balloon_init_watcher(void) +{ + int err; + + if(!xen_start_info.store_evtchn) + { + IPRINTK("Delaying watcher init until xenstore is available\n"); + return; + } + + down(&xenbus_lock); + + if(! balloon_xenbus_init) + { + err = register_xenbus_watch(&xb_watch); + if(err) + { + /* BIG FAT FIXME: dom0 sequencing workaround + * dom0 can't set a watch on memory/target until + * after the tools create it. So, we have to watch + * the whole store until that happens. + * + * This will go away when we have the ability to watch + * non-existant keys + */ + register_xenbus_watch(&root_watch); + } + else + { + IPRINTK("Balloon xenbus watcher initialized\n"); + balloon_xenbus_init = 1; + } + } + + up(&xenbus_lock); + +} + +EXPORT_SYMBOL(balloon_init_watcher); static int balloon_write(struct file *file, const char __user *buffer, unsigned long count, void *data) @@ -346,7 +427,6 @@ { int len; -#define K(_p) ((_p)<<(PAGE_SHIFT-10)) len = sprintf( page, "Current allocation: %8lu kB\n" @@ -354,13 +434,14 @@ "Low-mem balloon: %8lu kB\n" "High-mem balloon: %8lu kB\n" "Xen hard limit: ", - K(current_pages), K(target_pages), K(balloon_low), K(balloon_high)); + PAGES2KB(current_pages), PAGES2KB(target_pages), + PAGES2KB(balloon_low), PAGES2KB(balloon_high)); if ( hard_limit != ~0UL ) len += sprintf( page + len, "%8lu kB (inc. %8lu kB driver headroom)\n", - K(hard_limit), K(driver_pages)); + PAGES2KB(hard_limit), PAGES2KB(driver_pages)); else len += sprintf( page + len, @@ -396,9 +477,7 @@ balloon_pde->read_proc = balloon_read; balloon_pde->write_proc = balloon_write; - - (void)ctrl_if_register_receiver(CMSG_MEM_REQUEST, balloon_ctrlif_rx, 0); - + /* Initialise the balloon with excess memory space. */ for ( pfn = xen_start_info.nr_pages; pfn < max_pfn; pfn++ ) { @@ -406,6 +485,11 @@ if ( !PageReserved(page) ) balloon_append(page); } + + xb_watch.callback = watch_target; + root_watch.callback = watch_target; + + balloon_init_watcher(); return 0; } diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c Tue Aug 2 10:47:41 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c Tue Aug 2 17:20:46 2005 @@ -309,6 +309,9 @@ return err; } + /* Initialize non-xenbus drivers */ + balloon_init_watcher(); + down(&xenbus_lock); /* Enumerate devices in xenstore. */ xenbus_probe_devices("device"); diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/mm/memory.c --- a/linux-2.6-xen-sparse/mm/memory.c Tue Aug 2 10:47:41 2005 +++ b/linux-2.6-xen-sparse/mm/memory.c Tue Aug 2 17:20:46 2005 @@ -1814,12 +1814,12 @@ page_add_anon_rmap(page, vma, addr); } - set_pte_at(vma, addr, page_table, entry); + set_pte_at(mm, addr, page_table, entry); pte_unmap(page_table); /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, addr, entry); - lazy_mmu_prot_update(entry); + lazy_mmu_prot_update(entry); spin_unlock(&mm->page_table_lock); out: return VM_FAULT_MINOR; @@ -1928,7 +1928,7 @@ entry = mk_pte(new_page, vma->vm_page_prot); if (write_access) entry = maybe_mkwrite(pte_mkdirty(entry), vma); - set_pte_at(vma, address, page_table, entry); + set_pte_at(mm, address, page_table, entry); if (anon) { lru_cache_add_active(new_page); page_add_anon_rmap(new_page, vma, address); diff -r 9be7fe98a556 -r e173a853dc46 tools/Makefile --- a/tools/Makefile Tue Aug 2 10:47:41 2005 +++ b/tools/Makefile Tue Aug 2 17:20:46 2005 @@ -10,9 +10,10 @@ SUBDIRS += python SUBDIRS += xcs SUBDIRS += xcutils -SUBDIRS += pygrub +#SUBDIRS += pygrub SUBDIRS += firmware -SUBDIRS += policy +SUBDIRS += security +#SUBDIRS += consoled .PHONY: all install clean check check_clean ioemu eioemuinstall ioemuclean diff -r 9be7fe98a556 -r e173a853dc46 tools/Rules.mk --- a/tools/Rules.mk Tue Aug 2 10:47:41 2005 +++ b/tools/Rules.mk Tue Aug 2 17:20:46 2005 @@ -4,6 +4,8 @@ XEN_XC = $(XEN_ROOT)/tools/python/xen/lowlevel/xc XEN_LIBXC = $(XEN_ROOT)/tools/libxc +XEN_XCS = $(XEN_ROOT)/tools/xcs +XEN_XENSTORE = $(XEN_ROOT)/tools/xenstore ifeq ($(XEN_TARGET_ARCH),x86_32) CFLAGS += -m32 -march=i686 diff -r 9be7fe98a556 -r e173a853dc46 tools/misc/policyprocessor/XmlToBin.java --- a/tools/misc/policyprocessor/XmlToBin.java Tue Aug 2 10:47:41 2005 +++ b/tools/misc/policyprocessor/XmlToBin.java Tue Aug 2 17:20:46 2005 @@ -4,6 +4,9 @@ * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $ * * Author: Ray Valdez + * + * Contributors: + * Reiner Sailer - adjust type-lengths * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -490,175 +493,139 @@ try { - /* Write magic */ - writeIntToStream(binBuffer,ACM_MAGIC,index); - index = u32Size; - - /* Write policy version */ - writeIntToStream(binBuffer,POLICY_INTERFACE_VERSION,index); - index = index + u32Size; - - /* write len */ - writeIntToStream(binBuffer,binBuffer.length,index); - index = index + u32Size; + index = 0; + /* fill in General Policy Version */ + writeIntToStream(binBuffer, ACM_POLICY_VERSION, index); + index += u32Size; + + /* Write magic */ + writeIntToStream(binBuffer, ACM_MAGIC, index); + index += u32Size; + + /* write len */ + writeIntToStream(binBuffer, binBuffer.length, index); + index += u32Size; } catch (IOException ee) { - System.out.println(" GBPB:: got exception : " + ee); - return null; + System.out.println(" GBPB:: got exception : " + ee); + return null; } int offset, address; address = index; if (null != partMap) - offset = binaryBufferHeaderSz + resourceOffsetSz; + offset = binaryBufferHeaderSz + resourceOffsetSz; else - offset = binaryBufferHeaderSz; + offset = binaryBufferHeaderSz; try { - - if (null == chwPolicy || null == stePolicy) - { - writeShortToStream(binBuffer,ACM_NULL_POLICY,index); - index = index + u16Size; - - writeShortToStream(binBuffer,(short) 0,index); - index = index + u16Size; - - writeShortToStream(binBuffer,ACM_NULL_POLICY,index); - index = index + u16Size; - - writeShortToStream(binBuffer,(short) 0,index); - index = index + u16Size; - - } - index = address; - if (null != chwPolicy) - { + int skip = 0; + + /* init with NULL policy setting */ + writeIntToStream(binBuffer, ACM_NULL_POLICY, index); + writeIntToStream(binBuffer, 0, index + u32Size); + writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size); + writeIntToStream(binBuffer, 0, index + 3*u32Size); - /* Write policy name */ - writeShortToStream(binBuffer,ACM_CHINESE_WALL_POLICY,index); - index = index + u16Size; - - /* Write offset */ - writeShortToStream(binBuffer,(short) offset,index); - index = index + u16Size; - - /* Write payload. No need increment index */ - address = offset; - System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length); - address = address + chwPolicy.length; + index = address; + if (null != chwPolicy) { + /* Write policy name */ + writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index); + index += u32Size; + + /* Write offset */ + writeIntToStream(binBuffer, offset, index); + index += u32Size; + + /* Write payload. No need increment index */ + address = offset; + System.arraycopy(chwPolicy, 0, binBuffer,address, chwPolicy.length); + address = address + chwPolicy.length; + } else + skip += 2*u32Size; + if (null != stePolicy) { /* Write policy name */ - writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); - index = index + u16Size; + writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index); + index += u32Size; /* Write offset */ - writeShortToStream(binBuffer,(short) address,index); - index = index + u16Size; + writeIntToStream(binBuffer, address, index); + index += u32Size; /* Copy array */ System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); /* Update address */ address = address + stePolicy.length; + } else + skip += 2*u32Size; + + /* Skip writing policy name and offset for each null policy*/ + index += skip; + + int size; + /* Assumes that you will always have a partition defined in policy */ + if ( 0 < partMap.length) { + writeIntToStream(binBuffer, address, index); + index = address; + + /* Compute num of VMs */ + size = partMap.length / (3 * u16Size); + + writeShortToStream(binBuffer, (short)size,index); + index = index + u16Size; + + /* part, vlan and slot: each one consists of two entries */ + offset = 3 * (2 * u16Size); + writeShortToStream(binBuffer, (short) offset,index); + + /* Write partition array at offset */ + System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length); + index = index + u16Size; + offset = offset + partMap.length; + } + + if ( 0 < vlanMap.length) { + size = vlanMap.length / (2 * u16Size); + writeShortToStream(binBuffer, (short) size,index); + index = index + u16Size; + + writeShortToStream(binBuffer, (short) offset,index); + index = index + u16Size; + System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length); } else { - /* Skip writing policy name and offset */ - index = index + 2 * u16Size; - - } - - } else { - - if (null != stePolicy) - { - /* Write policy name */ - writeShortToStream(binBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); - index = index + u16Size; - - /* Write offset */ - address = offset; - writeShortToStream(binBuffer, (short) offset,index); - index = index + u16Size; - - /* Copy array */ - System.arraycopy(stePolicy, 0, binBuffer,address, stePolicy.length); - /* Update address */ - address = address + stePolicy.length; - - /* Increment index, since there is no secondary */ - index = index + secondaryPolicyCodeSz + secondaryBufferOffsetSz; - - } - - } - int size; - /* Assumes that you will always have a partition defined in policy */ - if ( 0 < partMap.length) - { - writeShortToStream(binBuffer, (short) address,index); - index = address; - - /* Compute num of VMs */ - size = partMap.length / (3 * u16Size); - - writeShortToStream(binBuffer, (short)size,index); - index = index + u16Size; - - /* part, vlan and slot: each one consists of two entries */ - offset = 3 * (2 * u16Size); - writeShortToStream(binBuffer, (short) offset,index); - - /* Write partition array at offset */ - System.arraycopy(partMap, 0, binBuffer,(offset + address), partMap.length); - index = index + u16Size; - offset = offset + partMap.length; - } - - if ( 0 < vlanMap.length) - { - size = vlanMap.length / (2 * u16Size); - writeShortToStream(binBuffer, (short) size,index); - index = index + u16Size; - - writeShortToStream(binBuffer, (short) offset,index); - index = index + u16Size; - System.arraycopy(vlanMap, 0, binBuffer,(offset + address), vlanMap.length); - } else { - /* Write vlan max */ - writeShortToStream(binBuffer, (short) 0,index); - index = index + u16Size; + /* Write vlan max */ + writeShortToStream(binBuffer, (short) 0,index); + index = index + u16Size; - /* Write vlan offset */ - writeShortToStream(binBuffer, (short) 0,index); - index = index + u16Size; - - } - - offset = offset + vlanMap.length; - if ( 0 < slotMap.length) - { - size = slotMap.length / (3 * u16Size); - writeShortToStream(binBuffer, (short) size,index); - index = index + u16Size; - - writeShortToStream(binBuffer, (short) offset,index); - index = index + u16Size; - System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length); - } - - } catch (IOException ee) - { - System.out.println(" GBPB:: got exception : " + ee); - return null; - } - - printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); - if (debug) - printHex(binBuffer,binBuffer.length); - - return binBuffer; + /* Write vlan offset */ + writeShortToStream(binBuffer, (short) 0,index); + index = index + u16Size; + } + + offset = offset + vlanMap.length; + if ( 0 < slotMap.length) { + size = slotMap.length / (3 * u16Size); + writeShortToStream(binBuffer, (short) size,index); + index = index + u16Size; + + writeShortToStream(binBuffer, (short) offset,index); + index = index + u16Size; + System.arraycopy(slotMap, 0, binBuffer,(offset + address), slotMap.length); + } + } catch (IOException ee) { + System.out.println(" GBPB:: got exception : " + ee); + return null; + } + + printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length); + if (debug) + printHex(binBuffer,binBuffer.length); + + return binBuffer; } public byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector ColorTypes) @@ -668,28 +635,20 @@ int position = 0; /* Get number of rTypes */ - short maxTypes = (short) ColorTypes.size(); + int maxTypes = ColorTypes.size(); /* Get number of SSids entry */ - short maxSsids = (short) Ssids.size(); + int maxSsids = Ssids.size(); /* Get number of conflict sets */ - short maxConflict = (short) ConflictSsids.size(); + int maxConflict = ConflictSsids.size(); if (maxTypes * maxSsids == 0) return null; /* - data structure acm_chwall_policy_buffer_t; - - uint16 policy_code; - uint16 chwall_max_types; - uint16 chwall_max_ssidrefs; - uint16 chwall_max_conflictsets; - uint16 chwall_ssid_offset; - uint16 chwall_conflict_sets_offset; - uint16 chwall_running_types_offset; - uint16 chwall_conflict_aggregate_offset; + data structure acm_chwall_policy_buffer + se XmlToBinInterface.java */ int totalBytes = chwHeaderSize + u16Size *(maxTypes * (maxSsids + maxConflict)); @@ -699,34 +658,38 @@ printDebug(" gCB:: chwall totalbytes : "+totalBytes); try { - index = 0; - writeShortToStream(chwBuffer,ACM_CHINESE_WALL_POLICY,index); - index = u16Size; - - writeShortToStream(chwBuffer,maxTypes,index); - index = index + u16Size; - - writeShortToStream(chwBuffer,maxSsids,index); - index = index + u16Size; - - writeShortToStream(chwBuffer,maxConflict,index); - index = index + u16Size; - - /* Write chwall_ssid_offset */ - writeShortToStream(chwBuffer,chwHeaderSize,index); - index = index + u16Size; - - /* Write chwall_conflict_sets_offset */ - writeShortToStream(chwBuffer,(short) address,index); - index = index + u16Size; - - /* Write chwall_running_types_offset */ - writeShortToStream(chwBuffer,(short) 0,index); - index = index + u16Size; - - /* Write chwall_conflict_aggregate_offset */ - writeShortToStream(chwBuffer,(short) 0,index); - index = index + u16Size; + index = 0; + /* fill in General Policy Version */ + writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index); + index += u32Size; + + writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index); + index += u32Size; + + writeIntToStream(chwBuffer, maxTypes, index); + index += u32Size; + + writeIntToStream(chwBuffer, maxSsids, index); + index += u32Size; + + writeIntToStream(chwBuffer, maxConflict, index); + index += u32Size; + + /* Write chwall_ssid_offset */ + writeIntToStream(chwBuffer, chwHeaderSize, index); + index += u32Size; + + /* Write chwall_conflict_sets_offset */ + writeIntToStream(chwBuffer, address, index); + index += u32Size; + + /* Write chwall_running_types_offset */ + writeIntToStream(chwBuffer, 0, index); + index += u32Size; + + /* Write chwall_conflict_aggregate_offset */ + writeIntToStream(chwBuffer, 0, index); + index += u32Size; } catch (IOException ee) { System.out.println(" gCB:: got exception : " + ee); @@ -737,7 +700,6 @@ /* Create the SSids entry */ for (int i = 0; i < maxSsids; i++) { - SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i); /* Get chwall types */ ssidEntry.chwSsidPosition = i; @@ -821,22 +783,16 @@ int position = 0; /* Get number of colorTypes */ - short numColorTypes = (short) ColorTypes.size(); + int numColorTypes = ColorTypes.size(); /* Get number of SSids entry */ - short numSsids = (short) Ssids.size(); + int numSsids = Ssids.size(); if (numColorTypes * numSsids == 0) return null; - /* data structure: acm_ste_policy_buffer_t - * - * policy code (uint16) > - * max_types (uint16) > - * max_ssidrefs (uint16) > steHeaderSize - * ssid_offset (uint16) > - * DATA (colorTypes(size) * Ssids(size) *unit16) - * + /* data structure: acm_ste_policy_buffer + * see XmlToBinInterface.java * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size) * */ @@ -844,18 +800,22 @@ try { - index = 0; - writeShortToStream(steBuffer,ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,index); - index = u16Size; - - writeShortToStream(steBuffer,numColorTypes,index); - index = index + u16Size; - - writeShortToStream(steBuffer,numSsids,index); - index = index + u16Size; - - writeShortToStream(steBuffer,(short)steHeaderSize,index); - index = index + u16Size; + index = 0; + writeIntToStream(steBuffer, ACM_STE_VERSION, index); + index += u32Size; + + writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, index); + index += u32Size; + + writeIntToStream(steBuffer, numColorTypes, index); + index += u32Size; + + writeIntToStream(steBuffer, numSsids, index); + index += u32Size; + + writeIntToStream(steBuffer, steHeaderSize, index); + index += u32Size; + } catch (IOException ee) { System.out.println(" gSB:: got exception : " + ee); @@ -1469,6 +1429,17 @@ XmlToBin genObj = new XmlToBin(); + policy_version active_policy = new policy_version(); + + if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) || + (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) || + (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) { + System.out.println("ACM policy versions differ."); + System.out.println("Please verify that data structures are correct"); + System.out.println("and then adjust the version numbers in XmlToBinInterface.java."); + return; + } + for (int i = 0 ; i < args.length ; i++) { diff -r 9be7fe98a556 -r e173a853dc46 tools/misc/policyprocessor/XmlToBinInterface.java --- a/tools/misc/policyprocessor/XmlToBinInterface.java Tue Aug 2 10:47:41 2005 +++ b/tools/misc/policyprocessor/XmlToBinInterface.java Tue Aug 2 17:20:46 2005 @@ -19,37 +19,37 @@ * * policy binary structures * - * typedef struct { - * u32 magic; + * struct acm_policy_buffer { + * u32 policy_version; * ACM_POLICY_VERSION * + * u32 magic; + * u32 len; + * u32 primary_policy_code; + * u32 primary_buffer_offset; + * u32 secondary_policy_code; + * u32 secondary_buffer_offset; + * +u32 resource offset (not used yet in Xen) + * }; * - * u32 policyversion; - * u32 len; * - * u16 primary_policy_code; - * u16 primary_buffer_offset; - * u16 secondary_policy_code; - * u16 secondary_buffer_offset; - * u16 resource_offset; + * struct acm_ste_policy_buffer { + * u32 policy_version; * ACM_STE_VERSION * + * u32 policy_code; + * u32 ste_max_types; + * u32 ste_max_ssidrefs; + * u32 ste_ssid_offset; + * }; * - * } acm_policy_buffer_t; - * - * typedef struct { - * u16 policy_code; - * u16 ste_max_types; - * u16 ste_max_ssidrefs; - * u16 ste_ssid_offset; - * } acm_ste_policy_buffer_t; - * - * typedef struct { - * uint16 policy_code; - * uint16 chwall_max_types; - * uint16 chwall_max_ssidrefs; - * uint16 chwall_max_conflictsets; - * uint16 chwall_ssid_offset; - * uint16 chwall_conflict_sets_offset; - * uint16 chwall_running_types_offset; - * uint16 chwall_conflict_aggregate_offset; - * } acm_chwall_policy_buffer_t; + * struct acm_chwall_policy_buffer { + * u32 policy_version; * ACM_CHWALL_VERSION * + * u32 policy_code; + * u32 chwall_max_types; + * u32 chwall_max_ssidrefs; + * u32 chwall_max_conflictsets; + * u32 chwall_ssid_offset; + * u32 chwall_conflict_sets_offset; + * u32 chwall_running_types_offset; + * u32 chwall_conflict_aggregate_offset; + * }; * * typedef struct { * u16 partition_max; @@ -100,16 +100,17 @@ final int u16Size = 2; /* num of bytes for acm_ste_policy_buffer_t */ - final short steHeaderSize = (4 * u16Size); + final int steHeaderSize = (5 * u32Size); + /* byte for acm_chinese_wall_policy_buffer_t */ - final short chwHeaderSize = (8 * u16Size); + final int chwHeaderSize = (9 * u32Size); - final short primaryPolicyCodeSize = u16Size; - final short primaryBufferOffsetSize = u16Size ; + final int primaryPolicyCodeSize = u32Size; + final int primaryBufferOffsetSize = u32Size ; - final int secondaryPolicyCodeSz = u16Size; - final int secondaryBufferOffsetSz = u16Size; - final short resourceOffsetSz = u16Size; + final int secondaryPolicyCodeSz = u32Size; + final int secondaryBufferOffsetSz = u32Size; + final int resourceOffsetSz = u32Size; final short partitionBufferSz = (2 * u16Size); final short partitionEntrySz = (3 * u16Size); @@ -120,16 +121,18 @@ final short vlanBufferSz = (2 * u16Size); final short vlanEntrySz = (2 * u16Size); - final short binaryBufferHeaderSz = (3 * u32Size + 4* u16Size); - - /* copied directlty from policy_ops.h */ - final int POLICY_INTERFACE_VERSION = 0xAAAA0003; + final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */ /* copied directly from acm.h */ final int ACM_MAGIC = 0x0001debc; - final short ACM_NULL_POLICY = 0; - final short ACM_CHINESE_WALL_POLICY = 1; - final short ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2; - final short ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3; - final short ACM_EMPTY_POLICY = 4; + final int ACM_NULL_POLICY = 0; + final int ACM_CHINESE_WALL_POLICY = 1; + final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2; + final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3; + final int ACM_EMPTY_POLICY = 4; + + /* version for compatibility check */ + final int ACM_POLICY_VERSION = 1; + final int ACM_STE_VERSION = 1; + final int ACM_CHWALL_VERSION = 1; } diff -r 9be7fe98a556 -r e173a853dc46 tools/misc/policyprocessor/xen_sample_def.xml --- a/tools/misc/policyprocessor/xen_sample_def.xml Tue Aug 2 10:47:41 2005 +++ b/tools/misc/policyprocessor/xen_sample_def.xml Tue Aug 2 17:20:46 2005 @@ -37,7 +37,7 @@ </ConflictSet> <ConflictSet> - <ChWall>Q-Company</ChWall> + <ChWall>R-Company</ChWall> <ChWall>V-Company</ChWall> <ChWall>W-Company</ChWall> </ConflictSet> diff -r 9be7fe98a556 -r e173a853dc46 tools/pygrub/setup.py --- a/tools/pygrub/setup.py Tue Aug 2 10:47:41 2005 +++ b/tools/pygrub/setup.py Tue Aug 2 17:20:46 2005 @@ -23,7 +23,7 @@ fsys_pkgs.append("grub.fsys.reiser") setup(name='pygrub', - version='0.2', + version='0.3', description='Boot loader that looks a lot like grub for Xen', author='Jeremy Katz', author_email='katzj@xxxxxxxxxx', diff -r 9be7fe98a556 -r e173a853dc46 tools/pygrub/src/fsys/ext2/__init__.py --- a/tools/pygrub/src/fsys/ext2/__init__.py Tue Aug 2 10:47:41 2005 +++ b/tools/pygrub/src/fsys/ext2/__init__.py Tue Aug 2 17:20:46 2005 @@ -32,7 +32,7 @@ def open_fs(self, fn, offset = 0): if not self.sniff_magic(fn, offset): raise ValueError, "Not an ext2 filesystem" - return Ext2Fs(fn) + return Ext2Fs(fn, offset = offset) register_fstype(Ext2FileSystemType()) diff -r 9be7fe98a556 -r e173a853dc46 tools/pygrub/src/fsys/ext2/ext2module.c --- a/tools/pygrub/src/fsys/ext2/ext2module.c Tue Aug 2 10:47:41 2005 +++ b/tools/pygrub/src/fsys/ext2/ext2module.c Tue Aug 2 17:20:46 2005 @@ -208,23 +208,29 @@ ext2_fs_open (Ext2Fs *fs, PyObject *args, PyObject *kwargs) { static char *kwlist[] = { "name", "flags", "superblock", - "block_size", NULL }; + "block_size", "offset", NULL }; char * name; - int flags = 0, superblock = 0, err; + int flags = 0, superblock = 0, offset = 0, err; unsigned int block_size = 0; ext2_filsys efs; - - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|iii", kwlist, - &name, &flags, &superblock, &block_size)) - return NULL; + char offsetopt[30]; + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|iiii", kwlist, + &name, &flags, &superblock, + &block_size, &offset)) + return NULL; if (fs->fs != NULL) { PyErr_SetString(PyExc_ValueError, "already have an fs object"); return NULL; } - err = ext2fs_open(name, flags, superblock, block_size, - unix_io_manager, &efs); + if (offset != 0) { + snprintf(offsetopt, 29, "offset=%d", offset); + } + + err = ext2fs_open2(name, offsetopt, flags, superblock, block_size, + unix_io_manager, &efs); if (err) { PyErr_SetString(PyExc_ValueError, "unable to open file"); return NULL; @@ -323,14 +329,15 @@ ext2_fs_new(PyObject *o, PyObject *args, PyObject *kwargs) { static char *kwlist[] = { "name", "flags", "superblock", - "block_size", NULL }; + "block_size", "offset", NULL }; char * name; - int flags = 0, superblock = 0; + int flags = 0, superblock = 0, offset; unsigned int block_size = 0; Ext2Fs *pfs; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|iii", kwlist, - &name, &flags, &superblock, &block_size)) + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|iiii", kwlist, + &name, &flags, &superblock, &block_size, + &offset)) return NULL; pfs = (Ext2Fs *) PyObject_NEW(Ext2Fs, &Ext2FsType); @@ -339,8 +346,8 @@ pfs->fs = NULL; if (!ext2_fs_open(pfs, - Py_BuildValue("siii", name, flags, superblock, block_size), - NULL)) + Py_BuildValue("siiii", name, flags, superblock, + block_size, offset), NULL)) return NULL; return (PyObject *)pfs; diff -r 9be7fe98a556 -r e173a853dc46 tools/pygrub/src/pygrub --- a/tools/pygrub/src/pygrub Tue Aug 2 10:47:41 2005 +++ b/tools/pygrub/src/pygrub Tue Aug 2 17:20:46 2005 @@ -24,7 +24,7 @@ import grub.GrubConf import grub.fsys -PYGRUB_VER = 0.02 +PYGRUB_VER = 0.3 def draw_window(): @@ -77,9 +77,21 @@ buf = os.read(fd, 512) os.close(fd) - if len(buf) >= 512 and struct.unpack("H", buf[0x1fe: 0x200]) == (0xaaff): + if len(buf) >= 512 and struct.unpack("H", buf[0x1fe: 0x200]) == (0xaa55,): return True return False + +SECTOR_SIZE=512 +def get_active_offset(file): + """Find the offset for the start of the first active partition in the + disk image file.""" + fd = os.open(file, os.O_RDONLY) + buf = os.read(fd, 512) + for poff in (446, 462, 478, 494): # partition offsets + # active partition has 0x80 as the first byte + if struct.unpack("<c", buf[p:p+1]) == ('\x80',): + return struct.unpack("<", buf[p+8:p+12])[0] * SECTOR_SIZE + return -1 def get_config(fn): if not os.access(fn, os.R_OK): @@ -87,14 +99,17 @@ cf = grub.GrubConf.GrubConfigFile() + offset = 0 if is_disk_image(fn): - raise RuntimeError, "appears to be a full disk image... unable to handle this yet" + offset = get_active_offset(fn) + if offset == -1: + raise RuntimeError, "Unable to find active partition on disk" # open the image and read the grub config fs = None for fstype in grub.fsys.fstypes.values(): - if fstype.sniff_magic(fn): - fs = fstype.open_fs(fn) + if fstype.sniff_magic(fn, offset): + fs = fstype.open_fs(fn, offset) break if fs is not None: @@ -244,14 +259,17 @@ if img.initrd: print " initrd: %s" %(img.initrd[1],) + offset = 0 if is_disk_image(file): - raise RuntimeError, "unable to handle full disk images yet" + offset = get_active_offset(fn) + if offset == -1: + raise RuntimeError, "Unable to find active partition on disk" # read the kernel and initrd onto the hostfs fs = None for fstype in grub.fsys.fstypes.values(): - if fstype.sniff_magic(file): - fs = fstype.open_fs(file) + if fstype.sniff_magic(file, offset): + fs = fstype.open_fs(file, offset) break if fs is None: diff -r 9be7fe98a556 -r e173a853dc46 tools/python/xen/util/blkif.py --- a/tools/python/xen/util/blkif.py Tue Aug 2 10:47:41 2005 +++ b/tools/python/xen/util/blkif.py Tue Aug 2 17:20:46 2005 @@ -24,14 +24,17 @@ log.debug("exception looking up device number for %s: %s", name, ex) pass - if re.match( '/dev/sd[a-p]([0-9]|1[0-5])', n): - return 8 * 256 + 16 * (ord(n[7:8]) - ord('a')) + int(n[8:]) + if re.match( '/dev/sd[a-p]([1-9]|1[0-5])?', n): + return 8 * 256 + 16 * (ord(n[7:8]) - ord('a')) + int(n[8:] or 0) if re.match( '/dev/hd[a-t]([1-9]|[1-5][0-9]|6[0-3])?', n): ide_majors = [ 3, 22, 33, 34, 56, 57, 88, 89, 90, 91 ] major = ide_majors[(ord(n[7:8]) - ord('a')) / 2] minor = ((ord(n[7:8]) - ord('a')) % 2) * 64 + int(n[8:] or 0) return major * 256 + minor + + if re.match( '/dev/xvd[a-p]([1-9]|1[0-5])?', n): + return 202 * 256 + 16 * (ord(n[8:9]) - ord('a')) + int(n[9:] or 0) # see if this is a hex device number if re.match( '^(0x)?[0-9a-fA-F]+$', name ): diff -r 9be7fe98a556 -r e173a853dc46 tools/python/xen/xend/XendDomainInfo.py --- a/tools/python/xen/xend/XendDomainInfo.py Tue Aug 2 10:47:41 2005 +++ b/tools/python/xen/xend/XendDomainInfo.py Tue Aug 2 17:20:46 2005 @@ -152,6 +152,9 @@ vm = cls(db) vm.construct(config) vm.saveToDB(sync=True) + # Flush info to xenstore immediately + vm.exportToDB() + return vm create = classmethod(create) @@ -172,6 +175,7 @@ log.debug('config=' + prettyprintstring(config)) vm.memory = info['mem_kb']/1024 + vm.target = info['mem_kb'] * 1024 if config: try: @@ -222,6 +226,7 @@ DBVar('restart_state', ty='str'), DBVar('restart_time', ty='float'), DBVar('restart_count', ty='int'), + DBVar('target', ty='long', path="memory/target"), ] def __init__(self, db): @@ -239,6 +244,8 @@ self.memory = None self.ssidref = None self.image = None + + self.target = None self.channel = None self.store_channel = None @@ -315,6 +322,7 @@ self.info = info self.memory = self.info['mem_kb'] / 1024 self.ssidref = self.info['ssidref'] + self.target = self.info['mem_kb'] * 1024 def state_set(self, state): self.state_updated.acquire() @@ -399,7 +407,8 @@ ['id', self.id], ['name', self.name], ['memory', self.memory], - ['ssidref', self.ssidref] ] + ['ssidref', self.ssidref], + ['target', self.target] ] if self.uuid: sxpr.append(['uuid', self.uuid]) if self.info: @@ -536,6 +545,7 @@ self.memory = int(sxp.child_value(config, 'memory')) if self.memory is None: raise VmError('missing memory size') + self.target = self.memory * (1 << 20) self.ssidref = int(sxp.child_value(config, 'ssidref')) cpu = sxp.child_value(config, 'cpu') if self.recreate and self.id and cpu is not None and int(cpu) >= 0: @@ -947,11 +957,12 @@ index[field_name] = field_index + 1 def mem_target_set(self, target): - """Set domain memory target in pages. - """ - if self.channel: - msg = messages.packMsg('mem_request_t', { 'target' : target * (1 << 8)} ) - self.channel.writeRequest(msg) + """Set domain memory target in bytes. + """ + if target: + self.target = target * (1 << 20) + # Commit to XenStore immediately + self.exportToDB() def vcpu_hotplug(self, vcpu, state): """Disable or enable VCPU in domain. diff -r 9be7fe98a556 -r e173a853dc46 xen/acm/acm_chinesewall_hooks.c --- a/xen/acm/acm_chinesewall_hooks.c Tue Aug 2 10:47:41 2005 +++ b/xen/acm/acm_chinesewall_hooks.c Tue Aug 2 17:20:46 2005 @@ -110,45 +110,45 @@ struct acm_chwall_policy_buffer *chwall_buf = (struct acm_chwall_policy_buffer *)buf; int ret = 0; - chwall_buf->chwall_max_types = htons(chwall_bin_pol.max_types); - chwall_buf->chwall_max_ssidrefs = htons(chwall_bin_pol.max_ssidrefs); - chwall_buf->policy_code = htons(ACM_CHINESE_WALL_POLICY); - chwall_buf->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer)); - chwall_buf->chwall_max_conflictsets = htons(chwall_bin_pol.max_conflictsets); + chwall_buf->chwall_max_types = htonl(chwall_bin_pol.max_types); + chwall_buf->chwall_max_ssidrefs = htonl(chwall_bin_pol.max_ssidrefs); + chwall_buf->policy_code = htonl(ACM_CHINESE_WALL_POLICY); + chwall_buf->chwall_ssid_offset = htonl(sizeof(struct acm_chwall_policy_buffer)); + chwall_buf->chwall_max_conflictsets = htonl(chwall_bin_pol.max_conflictsets); chwall_buf->chwall_conflict_sets_offset = - htons( - ntohs(chwall_buf->chwall_ssid_offset) + + htonl( + ntohl(chwall_buf->chwall_ssid_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types); chwall_buf->chwall_running_types_offset = - htons( - ntohs(chwall_buf->chwall_conflict_sets_offset) + + htonl( + ntohl(chwall_buf->chwall_conflict_sets_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types); chwall_buf->chwall_conflict_aggregate_offset = - htons( - ntohs(chwall_buf->chwall_running_types_offset) + + htonl( + ntohl(chwall_buf->chwall_running_types_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_types); - ret = ntohs(chwall_buf->chwall_conflict_aggregate_offset) + + ret = ntohl(chwall_buf->chwall_conflict_aggregate_offset) + sizeof(domaintype_t) * chwall_bin_pol.max_types; /* now copy buffers over */ - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_ssid_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_ssid_offset)), chwall_bin_pol.ssidrefs, chwall_bin_pol.max_ssidrefs * chwall_bin_pol.max_types); - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_sets_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_conflict_sets_offset)), chwall_bin_pol.conflict_sets, chwall_bin_pol.max_conflictsets * chwall_bin_pol.max_types); - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_running_types_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_running_types_offset)), chwall_bin_pol.running_types, chwall_bin_pol.max_types); - arrcpy16((u16 *)(buf + ntohs(chwall_buf->chwall_conflict_aggregate_offset)), + arrcpy16((u16 *)(buf + ntohl(chwall_buf->chwall_conflict_aggregate_offset)), chwall_bin_pol.conflict_aggregate_set, chwall_bin_pol.max_types); return ret; @@ -226,14 +226,20 @@ void *ssids = NULL, *conflict_sets = NULL, *running_types = NULL, *conflict_aggregate_set = NULL; /* rewrite the policy due to endianess */ - chwall_buf->policy_code = ntohs(chwall_buf->policy_code); - chwall_buf->chwall_max_types = ntohs(chwall_buf->chwall_max_types); - chwall_buf->chwall_max_ssidrefs = ntohs(chwall_buf->chwall_max_ssidrefs); - chwall_buf->chwall_max_conflictsets = ntohs(chwall_buf->chwall_max_conflictsets); - chwall_buf->chwall_ssid_offset = ntohs(chwall_buf->chwall_ssid_offset); - chwall_buf->chwall_conflict_sets_offset = ntohs(chwall_buf->chwall_conflict_sets_offset); - chwall_buf->chwall_running_types_offset = ntohs(chwall_buf->chwall_running_types_offset); - chwall_buf->chwall_conflict_aggregate_offset = ntohs(chwall_buf->chwall_conflict_aggregate_offset); + chwall_buf->policy_code = ntohl(chwall_buf->policy_code); + chwall_buf->policy_version = ntohl(chwall_buf->policy_version); + chwall_buf->chwall_max_types = ntohl(chwall_buf->chwall_max_types); + chwall_buf->chwall_max_ssidrefs = ntohl(chwall_buf->chwall_max_ssidrefs); + chwall_buf->chwall_max_conflictsets = ntohl(chwall_buf->chwall_max_conflictsets); + chwall_buf->chwall_ssid_offset = ntohl(chwall_buf->chwall_ssid_offset); + chwall_buf->chwall_conflict_sets_offset = ntohl(chwall_buf->chwall_conflict_sets_offset); + chwall_buf->chwall_running_types_offset = ntohl(chwall_buf->chwall_running_types_offset); + chwall_buf->chwall_conflict_aggregate_offset = ntohl(chwall_buf->chwall_conflict_aggregate_offset); + + /* policy type and version checks */ + if ((chwall_buf->policy_code != ACM_CHINESE_WALL_POLICY) || + (chwall_buf->policy_version != ACM_CHWALL_VERSION)) + return -EINVAL; /* 1. allocate new buffers */ ssids = xmalloc_array(domaintype_t, chwall_buf->chwall_max_types*chwall_buf->chwall_max_ssidrefs); diff -r 9be7fe98a556 -r e173a853dc46 xen/acm/acm_core.c --- a/xen/acm/acm_core.c Tue Aug 2 10:47:41 2005 +++ b/xen/acm/acm_core.c Tue Aug 2 17:20:46 2005 @@ -120,7 +120,6 @@ if (ntohl(pol->magic) == ACM_MAGIC) { rc = acm_set_policy((void *)_policy_start, (u16)_policy_len, - ACM_USE_SECURITY_POLICY, 0); if (rc == ACM_OK) { printf("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); diff -r 9be7fe98a556 -r e173a853dc46 xen/acm/acm_policy.c --- a/xen/acm/acm_policy.c Tue Aug 2 10:47:41 2005 +++ b/xen/acm/acm_policy.c Tue Aug 2 17:20:46 2005 @@ -6,9 +6,8 @@ * Author: * Reiner Sailer <sailer@xxxxxxxxxxxxxx> * - * Contributions: + * Contributors: * Stefan Berger <stefanb@xxxxxxxxxxxxxx> - * support for network-byte-order binary policies * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -27,29 +26,20 @@ #include <xen/lib.h> #include <xen/delay.h> #include <xen/sched.h> -#include <public/policy_ops.h> +#include <public/acm_ops.h> #include <acm/acm_core.h> #include <acm/acm_hooks.h> #include <acm/acm_endian.h> int -acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer) +acm_set_policy(void *buf, u16 buf_size, int isuserbuffer) { u8 *policy_buffer = NULL; struct acm_policy_buffer *pol; - if (policy != ACM_USE_SECURITY_POLICY) { - printk("%s: Loading incompatible policy (running: %s).\n", __func__, - ACM_POLICY_NAME(ACM_USE_SECURITY_POLICY)); - return -EFAULT; - } - /* now check correct buffer sizes for policy combinations */ - if (policy == ACM_NULL_POLICY) { - printkd("%s: NULL Policy, no policy needed.\n", __func__); - goto out; - } if (buf_size < sizeof(struct acm_policy_buffer)) return -EFAULT; + /* 1. copy buffer from domain */ if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL) goto error_free; @@ -58,17 +48,17 @@ printk("%s: Error copying!\n",__func__); goto error_free; } - } else { + } else memcpy(policy_buffer, buf, buf_size); - } + /* 2. some sanity checking */ pol = (struct acm_policy_buffer *)policy_buffer; if ((ntohl(pol->magic) != ACM_MAGIC) || - (ntohs(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || - (ntohs(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code) || - (ntohl(pol->policyversion) != POLICY_INTERFACE_VERSION)) { - printkd("%s: Wrong policy magics!\n", __func__); + (ntohl(pol->policy_version) != ACM_POLICY_VERSION) || + (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || + (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) { + printkd("%s: Wrong policy magics or versions!\n", __func__); goto error_free; } if (buf_size != ntohl(pol->len)) { @@ -79,21 +69,19 @@ /* get bin_policy lock and rewrite policy (release old one) */ write_lock(&acm_bin_pol_rwlock); - /* 3. now get/set primary policy data */ - if (acm_primary_ops->set_binary_policy(buf + ntohs(pol->primary_buffer_offset), - ntohs(pol->secondary_buffer_offset) - - ntohs(pol->primary_buffer_offset))) { + /* 3. set primary policy data */ + if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset), + ntohl(pol->secondary_buffer_offset) - + ntohl(pol->primary_buffer_offset))) { goto error_lock_free; } - /* 4. now get/set secondary policy data */ - if (acm_secondary_ops->set_binary_policy(buf + ntohs(pol->secondary_buffer_offset), + /* 4. set secondary policy data */ + if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset), ntohl(pol->len) - - ntohs(pol->secondary_buffer_offset))) { + ntohl(pol->secondary_buffer_offset))) { goto error_lock_free; } write_unlock(&acm_bin_pol_rwlock); - out: - printk("%s: Done .\n", __func__); if (policy_buffer != NULL) xfree(policy_buffer); return ACM_OK; @@ -121,26 +109,25 @@ /* future: read policy from file and set it */ bin_pol = (struct acm_policy_buffer *)policy_buffer; bin_pol->magic = htonl(ACM_MAGIC); - bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION); - bin_pol->primary_policy_code = htons(acm_bin_pol.primary_policy_code); - bin_pol->secondary_policy_code = htons(acm_bin_pol.secondary_policy_code); + bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code); + bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code); bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); - bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len)); - bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); + bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); + bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); - ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohs(bin_pol->primary_buffer_offset), - buf_size - ntohs(bin_pol->primary_buffer_offset)); + ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset), + buf_size - ntohl(bin_pol->primary_buffer_offset)); if (ret < 0) { printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); read_unlock(&acm_bin_pol_rwlock); return -1; } bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); + bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); - ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohs(bin_pol->secondary_buffer_offset), - buf_size - ntohs(bin_pol->secondary_buffer_offset)); + ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohl(bin_pol->secondary_buffer_offset), + buf_size - ntohl(bin_pol->secondary_buffer_offset)); if (ret < 0) { printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); read_unlock(&acm_bin_pol_rwlock); @@ -178,11 +165,10 @@ goto error_lock_free; acm_stats.magic = htonl(ACM_MAGIC); - acm_stats.policyversion = htonl(POLICY_INTERFACE_VERSION); - acm_stats.primary_policy_code = htons(acm_bin_pol.primary_policy_code); - acm_stats.secondary_policy_code = htons(acm_bin_pol.secondary_policy_code); - acm_stats.primary_stats_offset = htons(sizeof(struct acm_stats_buffer)); - acm_stats.secondary_stats_offset = htons(sizeof(struct acm_stats_buffer) + len1); + acm_stats.primary_policy_code = htonl(acm_bin_pol.primary_policy_code); + acm_stats.secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code); + acm_stats.primary_stats_offset = htonl(sizeof(struct acm_stats_buffer)); + acm_stats.secondary_stats_offset = htonl(sizeof(struct acm_stats_buffer) + len1); acm_stats.len = htonl(sizeof(struct acm_stats_buffer) + len1 + len2); memcpy(stats_buffer, &acm_stats, sizeof(struct acm_stats_buffer)); diff -r 9be7fe98a556 -r e173a853dc46 xen/acm/acm_simple_type_enforcement_hooks.c --- a/xen/acm/acm_simple_type_enforcement_hooks.c Tue Aug 2 10:47:41 2005 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c Tue Aug 2 17:20:46 2005 @@ -140,15 +140,15 @@ struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf; int ret = 0; - ste_buf->ste_max_types = htons(ste_bin_pol.max_types); - ste_buf->ste_max_ssidrefs = htons(ste_bin_pol.max_ssidrefs); - ste_buf->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); - ste_buf->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer)); - ret = ntohs(ste_buf->ste_ssid_offset) + + ste_buf->ste_max_types = htonl(ste_bin_pol.max_types); + ste_buf->ste_max_ssidrefs = htonl(ste_bin_pol.max_ssidrefs); + ste_buf->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); + ste_buf->ste_ssid_offset = htonl(sizeof(struct acm_ste_policy_buffer)); + ret = ntohl(ste_buf->ste_ssid_offset) + sizeof(domaintype_t)*ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types; /* now copy buffer over */ - arrcpy(buf + ntohs(ste_buf->ste_ssid_offset), + arrcpy(buf + ntohl(ste_buf->ste_ssid_offset), ste_bin_pol.ssidrefs, sizeof(domaintype_t), ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types); @@ -276,10 +276,16 @@ int i; /* Convert endianess of policy */ - ste_buf->policy_code = ntohs(ste_buf->policy_code); - ste_buf->ste_max_types = ntohs(ste_buf->ste_max_types); - ste_buf->ste_max_ssidrefs = ntohs(ste_buf->ste_max_ssidrefs); - ste_buf->ste_ssid_offset = ntohs(ste_buf->ste_ssid_offset); + ste_buf->policy_code = ntohl(ste_buf->policy_code); + ste_buf->policy_version = ntohl(ste_buf->policy_version); + ste_buf->ste_max_types = ntohl(ste_buf->ste_max_types); + ste_buf->ste_max_ssidrefs = ntohl(ste_buf->ste_max_ssidrefs); + ste_buf->ste_ssid_offset = ntohl(ste_buf->ste_ssid_offset); + + /* policy type and version checks */ + if ((ste_buf->policy_code != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) || + (ste_buf->policy_version != ACM_STE_VERSION)) + return -EINVAL; /* 1. create and copy-in new ssidrefs buffer */ ssidrefsbuf = xmalloc_array(u8, sizeof(domaintype_t)*ste_buf->ste_max_types*ste_buf->ste_max_ssidrefs); diff -r 9be7fe98a556 -r e173a853dc46 xen/arch/x86/shadow_public.c --- a/xen/arch/x86/shadow_public.c Tue Aug 2 10:47:41 2005 +++ b/xen/arch/x86/shadow_public.c Tue Aug 2 17:20:46 2005 @@ -30,7 +30,7 @@ #include <xen/sched.h> #include <xen/trace.h> -#if CONFIG_PAGING_LEVELS >= 4 +#if CONFIG_PAGING_LEVELS >= 3 #include <asm/shadow_64.h> extern struct shadow_ops MODE_F_HANDLER; @@ -233,7 +233,20 @@ v->arch.monitor_vtable = 0; } +#elif CONFIG_PAGING_LEVELS == 3 + +static void alloc_monitor_pagetable(struct vcpu *v) +{ + BUG(); /* PAE not implemented yet */ +} + +void free_monitor_pagetable(struct vcpu *v) +{ + BUG(); /* PAE not implemented yet */ +} + #elif CONFIG_PAGING_LEVELS == 2 + static void alloc_monitor_pagetable(struct vcpu *v) { unsigned long mmfn; diff -r 9be7fe98a556 -r e173a853dc46 xen/arch/x86/x86_32/entry.S --- a/xen/arch/x86/x86_32/entry.S Tue Aug 2 10:47:41 2005 +++ b/xen/arch/x86/x86_32/entry.S Tue Aug 2 17:20:46 2005 @@ -751,7 +751,7 @@ .long do_boot_vcpu .long do_ni_hypercall /* 25 */ .long do_mmuext_op - .long do_policy_op /* 27 */ + .long do_acm_op /* 27 */ .rept NR_hypercalls-((.-hypercall_table)/4) .long do_ni_hypercall .endr diff -r 9be7fe98a556 -r e173a853dc46 xen/arch/x86/x86_64/entry.S --- a/xen/arch/x86/x86_64/entry.S Tue Aug 2 10:47:41 2005 +++ b/xen/arch/x86/x86_64/entry.S Tue Aug 2 17:20:46 2005 @@ -587,7 +587,7 @@ .quad do_boot_vcpu .quad do_set_segment_base /* 25 */ .quad do_mmuext_op - .quad do_policy_op + .quad do_acm_op .rept NR_hypercalls-((.-hypercall_table)/4) .quad do_ni_hypercall .endr diff -r 9be7fe98a556 -r e173a853dc46 xen/include/acm/acm_core.h --- a/xen/include/acm/acm_core.h Tue Aug 2 10:47:41 2005 +++ b/xen/include/acm/acm_core.h Tue Aug 2 17:20:46 2005 @@ -21,7 +21,7 @@ #include <xen/spinlock.h> #include <public/acm.h> #include <xen/acm_policy.h> -#include <public/policy_ops.h> +#include <public/acm_ops.h> /* Xen-internal representation of the binary policy */ struct acm_binary_policy { @@ -113,7 +113,7 @@ /* protos */ int acm_init_domain_ssid(domid_t id, ssidref_t ssidref); int acm_free_domain_ssid(struct acm_ssid_domain *ssid); -int acm_set_policy(void *buf, u16 buf_size, u16 policy, int isuserbuffer); +int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer); int acm_get_policy(void *buf, u16 buf_size); int acm_dump_statistics(void *buf, u16 buf_size); diff -r 9be7fe98a556 -r e173a853dc46 xen/include/public/acm.h --- a/xen/include/public/acm.h Tue Aug 2 10:47:41 2005 +++ b/xen/include/public/acm.h Tue Aug 2 17:20:46 2005 @@ -71,6 +71,14 @@ (X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ "UNDEFINED policy" +/* the following policy versions must be increased + * whenever the interpretation of the related + * policy's data structure changes + */ +#define ACM_POLICY_VERSION 1 +#define ACM_CHWALL_VERSION 1 +#define ACM_STE_VERSION 1 + /* defines a ssid reference used by xen */ typedef u32 ssidref_t; @@ -102,46 +110,53 @@ #define ACM_MAGIC 0x0001debc /* each offset in bytes from start of the struct they - * the are part of */ + * are part of */ + /* each buffer consists of all policy information for * the respective policy given in the policy code + * + * acm_policy_buffer, acm_chwall_policy_buffer, + * and acm_ste_policy_buffer need to stay 32-bit aligned + * because we create binary policies also with external + * tools that assume packed representations (e.g. the java tool) */ struct acm_policy_buffer { + u32 policy_version; /* ACM_POLICY_VERSION */ u32 magic; - u32 policyversion; u32 len; - u16 primary_policy_code; - u16 primary_buffer_offset; - u16 secondary_policy_code; - u16 secondary_buffer_offset; + u32 primary_policy_code; + u32 primary_buffer_offset; + u32 secondary_policy_code; + u32 secondary_buffer_offset; }; struct acm_chwall_policy_buffer { - u16 policy_code; - u16 chwall_max_types; - u16 chwall_max_ssidrefs; - u16 chwall_max_conflictsets; - u16 chwall_ssid_offset; - u16 chwall_conflict_sets_offset; - u16 chwall_running_types_offset; - u16 chwall_conflict_aggregate_offset; + u32 policy_version; /* ACM_CHWALL_VERSION */ + u32 policy_code; + u32 chwall_max_types; + u32 chwall_max_ssidrefs; + u32 chwall_max_conflictsets; + u32 chwall_ssid_offset; + u32 chwall_conflict_sets_offset; + u32 chwall_running_types_offset; + u32 chwall_conflict_aggregate_offset; }; struct acm_ste_policy_buffer { - u16 policy_code; - u16 ste_max_types; - u16 ste_max_ssidrefs; - u16 ste_ssid_offset; + u32 policy_version; /* ACM_STE_VERSION */ + u32 policy_code; + u32 ste_max_types; + u32 ste_max_ssidrefs; + u32 ste_ssid_offset; }; struct acm_stats_buffer { u32 magic; - u32 policyversion; u32 len; - u16 primary_policy_code; - u16 primary_stats_offset; - u16 secondary_policy_code; - u16 secondary_stats_offset; + u32 primary_policy_code; + u32 primary_stats_offset; + u32 secondary_policy_code; + u32 secondary_stats_offset; }; struct acm_ste_stats_buffer { diff -r 9be7fe98a556 -r e173a853dc46 xen/include/public/xen.h --- a/xen/include/public/xen.h Tue Aug 2 10:47:41 2005 +++ b/xen/include/public/xen.h Tue Aug 2 17:20:46 2005 @@ -58,7 +58,7 @@ #define __HYPERVISOR_boot_vcpu 24 #define __HYPERVISOR_set_segment_base 25 /* x86/64 only */ #define __HYPERVISOR_mmuext_op 26 -#define __HYPERVISOR_policy_op 27 +#define __HYPERVISOR_acm_op 27 /* * VIRTUAL INTERRUPTS diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/Makefile --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/Makefile Tue Aug 2 17:20:46 2005 @@ -0,0 +1,48 @@ +# Makefile for consoled +# based on xcs Makefile +# Anthony Liguori 2005 + +XEN_ROOT=../.. +include $(XEN_ROOT)/tools/Rules.mk + +CONSOLED_INSTALL_DIR = /usr/sbin +XC_CONSOLE_INSTALL_DIR = /usr/libexec/xen + +INSTALL = install +INSTALL_PROG = $(INSTALL) -m0755 +INSTALL_DIR = $(INSTALL) -d -m0755 + +CC = gcc +CFLAGS = -Wall -Werror -g3 + +CFLAGS += -I $(XEN_XCS) +CFLAGS += -I $(XEN_LIBXC) +CFLAGS += -I $(XEN_XENSTORE) + +SRCS := +SRCS += main.c utils.c io.c + +HDRS = $(wildcard *.h) +OBJS = $(patsubst %.c,%.o,$(SRCS)) +BIN = consoled xc_console + +all: $(BIN) + +clean: + $(RM) *.a *.so *.o *.rpm $(BIN) + +consoled: $(OBJS) + $(CC) $(CFLAGS) $^ -o $@ -L$(XEN_LIBXC) -L$(XEN_XENSTORE) \ + -lxc -lxenstore + +xc_console: xc_console.o + $(CC) $(CFLAGS) $^ -o $@ -L$(XEN_LIBXC) -L$(XEN_XENSTORE) \ + -lxc -lxenstore + +$(OBJS): $(HDRS) + +install: $(BIN) + $(INSTALL_DIR) -p $(DESTDIR)/$(CONSOLED_INSTALL_DIR) + $(INSTALL_PROG) consoled $(DESTDIR)/$(CONSOLED_INSTALL_DIR) + $(INSTALL_DIR) -p $(DESTDIR)/$(XC_CONSOLE_INSTALL_DIR) + $(INSTALL_PROG) xc_console $(DESTDIR)/$(XC_CONSOLE_INSTALL_DIR) diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/io.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/io.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,328 @@ +/*\ + * Copyright (C) International Business Machines Corp., 2005 + * Author(s): Anthony Liguori <aliguori@xxxxxxxxxx> + * + * Xen Console Daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +\*/ + +#define _GNU_SOURCE + +#include "utils.h" +#include "io.h" + +#include "xc.h" +#include "xs.h" +#include "xen/io/domain_controller.h" +#include "xcs_proto.h" + +#include <malloc.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> +#include <sys/select.h> +#include <fcntl.h> +#include <unistd.h> +#include <termios.h> + +#define MAX(a, b) (((a) > (b)) ? (a) : (b)) +#define MIN(a, b) (((a) < (b)) ? (a) : (b)) + +struct buffer +{ + char *data; + size_t size; + size_t capacity; + size_t max_capacity; +}; + +void buffer_append(struct buffer *buffer, const void *data, size_t size) +{ + if ((buffer->capacity - buffer->size) < size) { + buffer->capacity += (size + 1024); + buffer->data = realloc(buffer->data, buffer->capacity); + if (buffer->data == NULL) { + dolog(LOG_ERR, "Memory allocation failed"); + exit(ENOMEM); + } + } + + memcpy(buffer->data + buffer->size, data, size); + buffer->size += size; + + if (buffer->max_capacity && + buffer->size > buffer->max_capacity) { + memmove(buffer->data + (buffer->size - buffer->max_capacity), + buffer->data, buffer->max_capacity); + buffer->data = realloc(buffer->data, buffer->max_capacity); + buffer->capacity = buffer->max_capacity; + } +} + +bool buffer_empty(struct buffer *buffer) +{ + return buffer->size == 0; +} + +void buffer_advance(struct buffer *buffer, size_t size) +{ + size = MIN(size, buffer->size); + memmove(buffer->data, buffer + size, buffer->size - size); + buffer->size -= size; +} + +struct domain +{ + int domid; + int tty_fd; + struct buffer buffer; + struct domain *next; +}; + +static struct domain *dom_head; + +bool domain_is_valid(int domid) +{ + bool ret; + xc_dominfo_t info; + + ret = (xc_domain_getinfo(xc, domid, 1, &info) == 1 && + info.domid == domid); + + return ret; +} + +int domain_create_tty(int domid) +{ + char path[1024]; + int master; + + if ((master = getpt()) == -1 || + grantpt(master) == -1 || unlockpt(master) == -1) { + dolog(LOG_ERR, "Failed to create tty for domain-%d", domid); + master = -1; + } else { + const char *slave = ptsname(master); + struct termios term; + + if (tcgetattr(master, &term) != -1) { + cfmakeraw(&term); + tcsetattr(master, TCSAFLUSH, &term); + } + + xs_mkdir(xs, "/console"); + snprintf(path, sizeof(path), "/console/%d", domid); + xs_mkdir(xs, path); + strcat(path, "/tty"); + + xs_write(xs, path, slave, strlen(slave), O_CREAT); + } + + return master; +} + +struct domain *create_domain(int domid) +{ + struct domain *dom; + char *data; + unsigned int len; + char path[1024]; + + dom = (struct domain *)malloc(sizeof(struct domain)); + if (dom == NULL) { + dolog(LOG_ERR, "Out of memory %s:%s():L%d", + __FILE__, __FUNCTION__, __LINE__); + exit(ENOMEM); + } + + dom->domid = domid; + dom->tty_fd = domain_create_tty(domid); + dom->buffer.data = 0; + dom->buffer.size = 0; + dom->buffer.capacity = 0; + dom->buffer.max_capacity = 0; + + snprintf(path, sizeof(path), "/console/%d/limit", domid); + data = xs_read(xs, path, &len); + if (data) { + dom->buffer.max_capacity = strtoul(data, 0, 0); + free(data); + } + + dolog(LOG_DEBUG, "New domain %d", domid); + + return dom; +} + +struct domain *lookup_domain(int domid) +{ + struct domain **pp; + + for (pp = &dom_head; *pp; pp = &(*pp)->next) { + struct domain *dom = *pp; + + if (dom->domid == domid) { + return dom; + } else if (dom->domid > domid) { + *pp = create_domain(domid); + (*pp)->next = dom; + return *pp; + } + } + + *pp = create_domain(domid); + return *pp; +} + +void remove_domain(struct domain *dom) +{ + struct domain **pp; + + dolog(LOG_DEBUG, "Removing domain-%d", dom->domid); + + for (pp = &dom_head; *pp; pp = &(*pp)->next) { + struct domain *d = *pp; + + if (dom->domid == d->domid) { + *pp = d->next; + free(d); + break; + } + } +} + +void handle_tty_read(struct domain *dom) +{ + ssize_t len; + xcs_msg_t msg; + + msg.type = XCS_REQUEST; + msg.u.control.remote_dom = dom->domid; + msg.u.control.msg.type = CMSG_CONSOLE; + msg.u.control.msg.subtype = CMSG_CONSOLE_DATA; + msg.u.control.msg.id = 1; + + len = read(dom->tty_fd, msg.u.control.msg.msg, 60); + if (len < 1) { + close(dom->tty_fd); + + if (domain_is_valid(dom->domid)) { + dom->tty_fd = domain_create_tty(dom->domid); + } else { + remove_domain(dom); + } + } else if (domain_is_valid(dom->domid)) { + msg.u.control.msg.length = len; + + if (!write_sync(xcs_data_fd, &msg, sizeof(msg))) { + dolog(LOG_ERR, "Write to xcs failed: %m"); + } + } else { + close(dom->tty_fd); + remove_domain(dom); + } +} + +void handle_tty_write(struct domain *dom) +{ + ssize_t len; + + len = write(dom->tty_fd, dom->buffer.data, dom->buffer.size); + if (len < 1) { + close(dom->tty_fd); + + if (domain_is_valid(dom->domid)) { + dom->tty_fd = domain_create_tty(dom->domid); + } else { + remove_domain(dom); + } + } else { + buffer_advance(&dom->buffer, len); + } +} + +void handle_xcs_msg(int fd) +{ + xcs_msg_t msg; + + if (!read_sync(fd, &msg, sizeof(msg))) { + dolog(LOG_ERR, "read from xcs failed! %m"); + } else if (msg.type == XCS_REQUEST) { + struct domain *dom; + + dom = lookup_domain(msg.u.control.remote_dom); + buffer_append(&dom->buffer, + msg.u.control.msg.msg, + msg.u.control.msg.length); + } +} + +static void enum_domains(void) +{ + int domid = 0; + xc_dominfo_t dominfo; + + while (xc_domain_getinfo(xc, domid, 1, &dominfo) == 1) { + lookup_domain(dominfo.domid); + domid = dominfo.domid + 1; + } +} + +void handle_io(void) +{ + fd_set readfds, writefds; + int ret; + int max_fd = -1; + + do { + struct domain *d; + struct timeval tv = { 1, 0 }; + + FD_ZERO(&readfds); + FD_ZERO(&writefds); + + FD_SET(xcs_data_fd, &readfds); + max_fd = MAX(xcs_data_fd, max_fd); + + for (d = dom_head; d; d = d->next) { + if (d->tty_fd != -1) { + FD_SET(d->tty_fd, &readfds); + } + + if (d->tty_fd != -1 && !buffer_empty(&d->buffer)) { + FD_SET(d->tty_fd, &writefds); + } + + max_fd = MAX(d->tty_fd, max_fd); + } + + ret = select(max_fd + 1, &readfds, &writefds, 0, &tv); + enum_domains(); + + if (FD_ISSET(xcs_data_fd, &readfds)) { + handle_xcs_msg(xcs_data_fd); + } + + for (d = dom_head; d; d = d->next) { + if (FD_ISSET(d->tty_fd, &readfds)) { + handle_tty_read(d); + } + + if (FD_ISSET(d->tty_fd, &writefds)) { + handle_tty_write(d); + } + } + } while (ret > -1); +} diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/io.h --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/io.h Tue Aug 2 17:20:46 2005 @@ -0,0 +1,26 @@ +/*\ + * Copyright (C) International Business Machines Corp., 2005 + * Author(s): Anthony Liguori <aliguori@xxxxxxxxxx> + * + * Xen Console Daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +\*/ + +#ifndef CONSOLED_IO_H +#define CONSOLED_IO_H + +void handle_io(void); + +#endif diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/main.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/main.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,93 @@ +/*\ + * Copyright (C) International Business Machines Corp., 2005 + * Author(s): Anthony Liguori <aliguori@xxxxxxxxxx> + * + * Xen Console Daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +\*/ + +#include <getopt.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <unistd.h> +#include <sys/types.h> + +#include "xc.h" +#include "xen/io/domain_controller.h" +#include "xcs_proto.h" + +#include "utils.h" +#include "io.h" + +int main(int argc, char **argv) +{ + const char *sopts = "hVvi"; + struct option lopts[] = { + { "help", 0, 0, 'h' }, + { "version", 0, 0, 'V' }, + { "verbose", 0, 0, 'v' }, + { "interactive", 0, 0, 'i' }, + { 0 }, + }; + bool is_interactive = false; + int ch; + int syslog_option = LOG_CONS; + int syslog_mask = LOG_WARNING; + int opt_ind = 0; + + while ((ch = getopt_long(argc, argv, sopts, lopts, &opt_ind)) != -1) { + switch (ch) { + case 'h': + //usage(argv[0]); + exit(0); + case 'V': + //version(argv[0]); + exit(0); + case 'v': + syslog_option |= LOG_PERROR; + syslog_mask = LOG_DEBUG; + break; + case 'i': + is_interactive = true; + break; + case '?': + fprintf(stderr, + "Try `%s --help' for more information\n", + argv[0]); + exit(EINVAL); + } + } + + if (geteuid() != 0) { + fprintf(stderr, "%s requires root to run.\n", argv[0]); + exit(EPERM); + } + + openlog("consoled", syslog_option, LOG_DAEMON); + setlogmask(syslog_mask); + + if (!is_interactive) { + daemonize("/var/run/consoled.pid"); + } + + xen_setup(); + + handle_io(); + + closelog(); + + return 0; +} diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/utils.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/utils.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,251 @@ +/*\ + * Copyright (C) International Business Machines Corp., 2005 + * Author(s): Anthony Liguori <aliguori@xxxxxxxxxx> + * + * Xen Console Daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +\*/ + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/wait.h> +#include <unistd.h> +#include <stdlib.h> +#include <fcntl.h> +#include <err.h> +#include <errno.h> +#include <stdio.h> +#include <getopt.h> +#include <stdbool.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <string.h> + +#include "xc.h" +#include "xen/io/domain_controller.h" +#include "xcs_proto.h" + +#include "utils.h" + +struct xs_handle *xs; +int xc; + +int xcs_ctrl_fd = -1; +int xcs_data_fd = -1; + +bool _read_write_sync(int fd, void *data, size_t size, bool do_read) +{ + size_t offset = 0; + ssize_t len; + + while (offset < size) { + if (do_read) { + len = read(fd, data + offset, size - offset); + } else { + len = write(fd, data + offset, size - offset); + } + + if (len < 1) { + if (len == -1 && (errno == EAGAIN || errno == EINTR)) { + return false; + } + } else { + offset += len; + } + } + + return true; +} + +static int open_domain_socket(const char *path) +{ + struct sockaddr_un addr; + int sock; + size_t addr_len; + + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) { + goto out; + } + + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, path); + addr_len = sizeof(addr.sun_family) + strlen(XCS_SUN_PATH) + 1; + + if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) { + goto out_close_sock; + } + + return sock; + + out_close_sock: + close(sock); + out: + return -1; +} + +static void child_exit(int sig) +{ + while (waitpid(-1, NULL, WNOHANG) > 0); +} + +void daemonize(const char *pidfile) +{ + pid_t pid; + int fd; + int len; + int i; + char buf[100]; + + if (getppid() == 1) { + return; + } + + if ((pid = fork()) > 0) { + exit(0); + } else if (pid == -1) { + err(errno, "fork() failed"); + } + + setsid(); + + /* redirect fd 0,1,2 to /dev/null */ + if ((fd = open("/dev/null",O_RDWR)) == -1) { + exit(1); + } + + for (i = 0; i <= 2; i++) { + close(i); + dup2(fd, i); + } + + close(fd); + + umask(027); + chdir("/"); + + fd = open(pidfile, O_RDWR | O_CREAT); + if (fd == -1) { + exit(1); + } + + if (lockf(fd, F_TLOCK, 0) == -1) { + exit(1); + } + + len = sprintf(buf, "%d\n", getpid()); + write(fd, buf, len); + + signal(SIGCHLD, child_exit); + signal(SIGTSTP, SIG_IGN); + signal(SIGTTOU, SIG_IGN); + signal(SIGTTIN, SIG_IGN); +} + +/* synchronized send/recv strictly for setting up xcs */ +/* always use asychronize callbacks any other time */ +static bool xcs_send_recv(int fd, xcs_msg_t *msg) +{ + bool ret = false; + + if (!write_sync(fd, msg, sizeof(*msg))) { + dolog(LOG_ERR, "Write failed at %s:%s():L%d? Possible bug.", + __FILE__, __FUNCTION__, __LINE__); + goto out; + } + + if (!read_sync(fd, msg, sizeof(*msg))) { + dolog(LOG_ERR, "Read failed at %s:%s():L%d? Possible bug.", + __FILE__, __FUNCTION__, __LINE__); + goto out; + } + + ret = true; + + out: + return ret; +} + +bool xen_setup(void) +{ + int sock; + xcs_msg_t msg; + + xs = xs_daemon_open(); + if (xs == NULL) { + dolog(LOG_ERR, + "Failed to contact xenstore (%m). Is it running?"); + goto out; + } + + xc = xc_interface_open(); + if (xc == -1) { + dolog(LOG_ERR, "Failed to contact hypervisor (%m)"); + goto out; + } + + sock = open_domain_socket(XCS_SUN_PATH); + if (sock == -1) { + dolog(LOG_ERR, "Failed to contact xcs (%m). Is it running?"); + goto out_close_store; + } + + xcs_ctrl_fd = sock; + + sock = open_domain_socket(XCS_SUN_PATH); + if (sock == -1) { + dolog(LOG_ERR, "Failed to contact xcs (%m). Is it running?"); + goto out_close_ctrl; + } + + xcs_data_fd = sock; + + memset(&msg, 0, sizeof(msg)); + msg.type = XCS_CONNECT_CTRL; + if (!xcs_send_recv(xcs_ctrl_fd, &msg) || msg.result != XCS_RSLT_OK) { + dolog(LOG_ERR, "xcs control connect failed. Possible bug."); + goto out_close_data; + } + + msg.type = XCS_CONNECT_DATA; + if (!xcs_send_recv(xcs_data_fd, &msg) || msg.result != XCS_RSLT_OK) { + dolog(LOG_ERR, "xcs data connect failed. Possible bug."); + goto out_close_data; + } + + /* Since the vast majority of control messages are console messages + it's just easier to ignore other messages that try to bind to + a specific type. */ + msg.type = XCS_MSG_BIND; + msg.u.bind.port = PORT_WILDCARD; + msg.u.bind.type = TYPE_WILDCARD; + if (!xcs_send_recv(xcs_ctrl_fd, &msg) || msg.result != XCS_RSLT_OK) { + dolog(LOG_ERR, "xcs vind failed. Possible bug."); + goto out_close_data; + } + + return true; + + out_close_data: + close(xcs_ctrl_fd); + xcs_data_fd = -1; + out_close_ctrl: + close(xcs_ctrl_fd); + xcs_ctrl_fd = -1; + out_close_store: + xs_daemon_close(xs); + out: + return false; +} + diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/utils.h --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/utils.h Tue Aug 2 17:20:46 2005 @@ -0,0 +1,47 @@ +/*\ + * Copyright (C) International Business Machines Corp., 2005 + * Author(s): Anthony Liguori <aliguori@xxxxxxxxxx> + * + * Xen Console Daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +\*/ + +#ifndef CONSOLED_UTILS_H +#define CONSOLED_UTILS_H + +#include <stdbool.h> +#include <syslog.h> +#include <stdio.h> + +#include "xs.h" + +void daemonize(const char *pidfile); +bool xen_setup(void); +#define read_sync(fd, buffer, size) _read_write_sync(fd, buffer, size, true) +#define write_sync(fd, buffer, size) _read_write_sync(fd, buffer, size, false) +bool _read_write_sync(int fd, void *data, size_t size, bool do_read); + +extern int xcs_ctrl_fd; +extern int xcs_data_fd; +extern struct xs_handle *xs; +extern int xc; + +#if 1 +#define dolog(val, fmt, ...) syslog(val, fmt, ## __VA_ARGS__) +#else +#define dolog(val, fmt, ...) fprintf(stderr, fmt "\n", ## __VA_ARGS__) +#endif + +#endif diff -r 9be7fe98a556 -r e173a853dc46 tools/consoled/xc_console.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/consoled/xc_console.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,236 @@ +/*\ + * Copyright (C) International Business Machines Corp., 2005 + * Author(s): Anthony Liguori <aliguori@xxxxxxxxxx> + * + * Xen Console Daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +\*/ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <stdio.h> +#include <unistd.h> +#include <errno.h> +#include <stdlib.h> +#include <time.h> +#include <fcntl.h> +#include <sys/wait.h> +#include <termios.h> +#include <signal.h> +#include <getopt.h> +#include <sys/select.h> +#include <err.h> +#include <errno.h> +#include <pty.h> + +#include "xc.h" +#include "xs.h" + +#define ESCAPE_CHARACTER 0x1d + +static volatile sig_atomic_t received_signal = 0; + +static void sighandler(int signum) +{ + received_signal = 1; +} + +static bool write_sync(int fd, const void *data, size_t size) +{ + size_t offset = 0; + ssize_t len; + + while (offset < size) { + len = write(fd, data + offset, size - offset); + if (len < 1) { + return false; + } + offset += len; + } + + return true; +} + +static void usage(const char *program) { + printf("Usage: %s [OPTION] DOMID\n" + "Attaches to a virtual domain console\n" + "\n" + " -h, --help display this help and exit\n" + , program); +} + +/* don't worry too much if setting terminal attributes fail */ +static void init_term(int fd, struct termios *old) +{ + struct termios new_term; + + if (tcgetattr(fd, old) == -1) { + perror("tcgetattr() failed"); + return; + } + + new_term = *old; + cfmakeraw(&new_term); + + if (tcsetattr(fd, TCSAFLUSH, &new_term) == -1) { + perror("tcsetattr() failed"); + } +} + +static void restore_term(int fd, struct termios *old) +{ + if (tcsetattr(fd, TCSAFLUSH, old) == -1) { + perror("tcsetattr() failed"); + } +} + +static int console_loop(int xc_handle, domid_t domid, int fd) +{ + int ret; + + do { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(STDIN_FILENO, &fds); + FD_SET(fd, &fds); + + ret = select(fd + 1, &fds, NULL, NULL, NULL); + if (ret == -1) { + if (errno == EINTR || errno == EAGAIN) { + continue; + } + perror("select() failed"); + return -1; + } + + if (FD_ISSET(STDIN_FILENO, &fds)) { + ssize_t len; + char msg[60]; + + len = read(STDIN_FILENO, msg, sizeof(msg)); + if (len == 1 && msg[0] == ESCAPE_CHARACTER) { + return 0; + } + + if (len == 0 && len == -1) { + if (len == -1 && + (errno == EINTR || errno == EAGAIN)) { + continue; + } + perror("select() failed"); + return -1; + } + + if (!write_sync(fd, msg, len)) { + perror("write() failed"); + return -1; + } + } + + if (FD_ISSET(fd, &fds)) { + ssize_t len; + char msg[512]; + + len = read(fd, msg, sizeof(msg)); + if (len == 0 || len == -1) { + if (len == -1 && + (errno == EINTR || errno == EAGAIN)) { + continue; + } + perror("select() failed"); + return -1; + } + + if (!write_sync(STDOUT_FILENO, msg, len)) { + perror("write() failed"); + return -1; + } + } + } while (received_signal == 0); + + return 0; +} + +int main(int argc, char **argv) +{ + struct termios attr; + int domid; + int xc_handle; + char *sopt = "hf:pc"; + int ch; + int opt_ind=0; + struct option lopt[] = { + { "help", 0, 0, 'h' }, + { "file", 1, 0, 'f' }, + { "pty", 0, 0, 'p' }, + { "ctty", 0, 0, 'c' }, + { 0 }, + + }; + char *str_pty; + char path[1024]; + int spty; + unsigned int len = 0; + struct xs_handle *xs; + + while((ch = getopt_long(argc, argv, sopt, lopt, &opt_ind)) != -1) { + switch(ch) { + case 'h': + usage(argv[0]); + exit(0); + break; + } + } + + if ((argc - optind) != 1) { + fprintf(stderr, "Invalid number of arguments\n"); + fprintf(stderr, "Try `%s --help' for more information.\n", + argv[0]); + exit(EINVAL); + } + + domid = atoi(argv[optind]); + + xs = xs_daemon_open(); + if (xs == NULL) { + err(errno, "Could not contact XenStore"); + } + + xc_handle = xc_interface_open(); + if (xc_handle == -1) { + err(errno, "xc_interface_open()"); + } + + signal(SIGTERM, sighandler); + + snprintf(path, sizeof(path), "/console/%d/tty", domid); + str_pty = xs_read(xs, path, &len); + if (str_pty == NULL) { + err(errno, "Could not read tty from store"); + } + spty = open(str_pty, O_RDWR | O_NOCTTY); + if (spty == -1) { + err(errno, "Could not open tty `%s'", str_pty); + } + free(str_pty); + + init_term(STDIN_FILENO, &attr); + console_loop(xc_handle, domid, spty); + restore_term(STDIN_FILENO, &attr); + + return 0; + } diff -r 9be7fe98a556 -r e173a853dc46 tools/libxc/xc_ia64_stubs.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/libxc/xc_ia64_stubs.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,39 @@ +#include "xc_private.h" + +int xc_linux_save(int xc_handle, int io_fd, u32 dom) +{ + PERROR("xc_linux_save not implemented\n"); + return -1; +} + +int xc_linux_restore(int xc_handle, int io_fd, u32 dom, unsigned long nr_pfns) +{ + PERROR("xc_linux_restore not implemented\n"); + return -1; +} + +int xc_vmx_build(int xc_handle, + u32 domid, + int memsize, + const char *image_name, + struct mem_map *mem_mapp, + const char *ramdisk_name, + const char *cmdline, + unsigned int control_evtchn, + unsigned long flags) +{ + PERROR("xc_vmx_build not implemented\n"); + return -1; +} + +int +xc_plan9_build(int xc_handle, + u32 domid, + const char *image_name, + const char *cmdline, + unsigned int control_evtchn, unsigned long flags) +{ + PERROR("xc_plan9_build not implemented\n"); + return -1; +} + diff -r 9be7fe98a556 -r e173a853dc46 tools/misc/policyprocessor/Makefile --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/misc/policyprocessor/Makefile Tue Aug 2 17:20:46 2005 @@ -0,0 +1,42 @@ +XEN_ROOT = ../../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -static +CFLAGS += -Wall +CFLAGS += -Werror +CFLAGS += -O3 +CFLAGS += -fno-strict-aliasing +CFLAGS += -I. + +all: build + +build: mk-symlinks + $(MAKE) xml_to_bin + +default: all + +install: all + +xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java SecurityLabel.java myHandler.java + javac XmlToBin.java + +make_include : c2j_include + ./c2j_include + +c2j_include: c2j_include.c + $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< + +clean: + rm -rf *.class xen c2j_include policy_version.java *.bin + + +LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse +mk-symlinks: + [ -e xen/linux ] || mkdir -p xen/linux + [ -e xen/io ] || mkdir -p xen/io + ( cd xen >/dev/null ; \ + ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) + ( cd xen/io >/dev/null ; \ + ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) + ( cd xen/linux >/dev/null ; \ + ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . ) diff -r 9be7fe98a556 -r e173a853dc46 tools/misc/policyprocessor/c2j_include.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/misc/policyprocessor/c2j_include.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,57 @@ +/**************************************************************** + * c2j_include.c + * + * Copyright (C) 2005 IBM Corporation + * + * Authors: + * Reiner Sailer <sailer@xxxxxxxxxxxxxx> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * This tool makes some constants from acm.h available to the + * java policyprocessor for version checking. + */ +#include <stdio.h> +#include <errno.h> +#include <stdlib.h> +#include <stdint.h> + +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; +typedef uint64_t u64; +typedef int8_t s8; +typedef int16_t s16; +typedef int32_t s32; +typedef int64_t s64; + +#include <xen/acm.h> + +char *filename = "policy_version.java"; + +int main(int argc, char **argv) +{ + + FILE *fd; + if ((fd = fopen(filename, "w")) <= 0) + { + printf("File %s not found.\n", filename); + exit(-ENOENT); + } + + fprintf(fd, "/*\n * This file was automatically generated\n"); + fprintf(fd, " * Do not change it manually!\n */\n"); + fprintf(fd, "public class policy_version {\n"); + fprintf(fd, " final int ACM_POLICY_VERSION = %x;\n", + ACM_POLICY_VERSION); + fprintf(fd, " final int ACM_CHWALL_VERSION = %x;\n", + ACM_CHWALL_VERSION); + fprintf(fd, " final int ACM_STE_VERSION = %x;\n", + ACM_STE_VERSION); + fprintf(fd, "}\n"); + fclose(fd); + return 0; +} diff -r 9be7fe98a556 -r e173a853dc46 tools/security/Makefile --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/security/Makefile Tue Aug 2 17:20:46 2005 @@ -0,0 +1,36 @@ +XEN_ROOT = ../.. +include $(XEN_ROOT)/tools/Rules.mk + +SRCS = secpol_tool.c +CFLAGS += -static +CFLAGS += -Wall +CFLAGS += -Werror +CFLAGS += -O3 +CFLAGS += -fno-strict-aliasing +CFLAGS += -I. + +all: build +build: mk-symlinks + $(MAKE) secpol_tool + +default: all + +install: all + +secpol_tool : secpol_tool.c + $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< + +clean: + rm -rf secpol_tool xen + + +LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse +mk-symlinks: + [ -e xen/linux ] || mkdir -p xen/linux + [ -e xen/io ] || mkdir -p xen/io + ( cd xen >/dev/null ; \ + ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) + ( cd xen/io >/dev/null ; \ + ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) + ( cd xen/linux >/dev/null ; \ + ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . ) diff -r 9be7fe98a556 -r e173a853dc46 tools/security/secpol_tool.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/tools/security/secpol_tool.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,648 @@ +/**************************************************************** + * secpol_tool.c + * + * Copyright (C) 2005 IBM Corporation + * + * Authors: + * Reiner Sailer <sailer@xxxxxxxxxxxxxx> + * Stefan Berger <stefanb@xxxxxxxxxxxxxx> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * sHype policy management tool. This code runs in a domain and + * manages the Xen security policy by interacting with the + * Xen access control module via a /proc/xen/privcmd proc-ioctl, + * which is translated into a acm_op hypercall into Xen. + * + * indent -i4 -kr -nut + */ + + +#include <unistd.h> +#include <stdio.h> +#include <errno.h> +#include <fcntl.h> +#include <sys/mman.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <sys/ioctl.h> +#include <string.h> +#include <stdint.h> +#include <netinet/in.h> + +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; +typedef uint64_t u64; +typedef int8_t s8; +typedef int16_t s16; +typedef int32_t s32; +typedef int64_t s64; + +#include <xen/acm.h> +#include <xen/acm_ops.h> +#include <xen/linux/privcmd.h> + +#define PERROR(_m, _a...) \ +fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ + errno, strerror(errno)) + +static inline int do_policycmd(int xc_handle, unsigned int cmd, + unsigned long data) +{ + return ioctl(xc_handle, cmd, data); +} + +static inline int do_xen_hypercall(int xc_handle, + privcmd_hypercall_t * hypercall) +{ + return do_policycmd(xc_handle, + IOCTL_PRIVCMD_HYPERCALL, + (unsigned long) hypercall); +} + +static inline int do_acm_op(int xc_handle, acm_op_t * op) +{ + int ret = -1; + privcmd_hypercall_t hypercall; + + op->interface_version = ACM_INTERFACE_VERSION; + + hypercall.op = __HYPERVISOR_acm_op; + hypercall.arg[0] = (unsigned long) op; + + if (mlock(op, sizeof(*op)) != 0) + { + PERROR("Could not lock memory for Xen policy hypercall"); + goto out1; + } + + if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0) + { + if (errno == EACCES) + fprintf(stderr, "ACM operation failed -- need to" + " rebuild the user-space tool set?\n"); + goto out2; + } + + out2:(void) munlock(op, sizeof(*op)); + out1:return ret; +} + +/*************************** DUMPS *******************************/ + +void acm_dump_chinesewall_buffer(void *buf, int buflen) +{ + + struct acm_chwall_policy_buffer *cwbuf = + (struct acm_chwall_policy_buffer *) buf; + domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate; + int i, j; + + + if (htonl(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) + { + printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); + return; + } + printf("\n\nChinese Wall policy:\n"); + printf("====================\n"); + printf("Policy version= %x.\n", ntohl(cwbuf->policy_version)); + printf("Max Types = %x.\n", ntohl(cwbuf->chwall_max_types)); + printf("Max Ssidrefs = %x.\n", ntohl(cwbuf->chwall_max_ssidrefs)); + printf("Max ConfSets = %x.\n", ntohl(cwbuf->chwall_max_conflictsets)); + printf("Ssidrefs Off = %x.\n", ntohl(cwbuf->chwall_ssid_offset)); + printf("Conflicts Off = %x.\n", + ntohl(cwbuf->chwall_conflict_sets_offset)); + printf("Runing T. Off = %x.\n", + ntohl(cwbuf->chwall_running_types_offset)); + printf("C. Agg. Off = %x.\n", + ntohl(cwbuf->chwall_conflict_aggregate_offset)); + printf("\nSSID To CHWALL-Type matrix:\n"); + + ssids = (domaintype_t *) (buf + ntohl(cwbuf->chwall_ssid_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_ssidrefs); i++) + { + printf("\n ssidref%2x: ", i); + for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) + printf("%02x ", + ntohs(ssids[i * ntohl(cwbuf->chwall_max_types) + j])); + } + printf("\n\nConfict Sets:\n"); + conflicts = + (domaintype_t *) (buf + ntohl(cwbuf->chwall_conflict_sets_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_conflictsets); i++) + { + printf("\n c-set%2x: ", i); + for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) + printf("%02x ", + ntohs(conflicts + [i * ntohl(cwbuf->chwall_max_types) + j])); + } + printf("\n"); + + printf("\nRunning\nTypes: "); + if (ntohl(cwbuf->chwall_running_types_offset)) + { + running_types = + (domaintype_t *) (buf + + ntohl(cwbuf->chwall_running_types_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) + { + printf("%02x ", ntohs(running_types[i])); + } + printf("\n"); + } else { + printf("Not Reported!\n"); + } + printf("\nConflict\nAggregate Set: "); + if (ntohl(cwbuf->chwall_conflict_aggregate_offset)) + { + conflict_aggregate = + (domaintype_t *) (buf + + ntohl(cwbuf->chwall_conflict_aggregate_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) + { + printf("%02x ", ntohs(conflict_aggregate[i])); + } + printf("\n\n"); + } else { + printf("Not Reported!\n"); + } +} + +void acm_dump_ste_buffer(void *buf, int buflen) +{ + + struct acm_ste_policy_buffer *stebuf = + (struct acm_ste_policy_buffer *) buf; + domaintype_t *ssids; + int i, j; + + + if (ntohl(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { + printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n"); + return; + } + printf("\nSimple Type Enforcement policy:\n"); + printf("===============================\n"); + printf("Policy version= %x.\n", ntohl(stebuf->policy_version)); + printf("Max Types = %x.\n", ntohl(stebuf->ste_max_types)); + printf("Max Ssidrefs = %x.\n", ntohl(stebuf->ste_max_ssidrefs)); + printf("Ssidrefs Off = %x.\n", ntohl(stebuf->ste_ssid_offset)); + printf("\nSSID To STE-Type matrix:\n"); + + ssids = (domaintype_t *) (buf + ntohl(stebuf->ste_ssid_offset)); + for (i = 0; i < ntohl(stebuf->ste_max_ssidrefs); i++) + { + printf("\n ssidref%2x: ", i); + for (j = 0; j < ntohl(stebuf->ste_max_types); j++) + printf("%02x ", ntohs(ssids[i * ntohl(stebuf->ste_max_types) + j])); + } + printf("\n\n"); +} + +void acm_dump_policy_buffer(void *buf, int buflen) +{ + struct acm_policy_buffer *pol = (struct acm_policy_buffer *) buf; + + printf("\nPolicy dump:\n"); + printf("============\n"); + printf("PolicyVer = %x.\n", ntohl(pol->policy_version)); + printf("Magic = %x.\n", ntohl(pol->magic)); + printf("Len = %x.\n", ntohl(pol->len)); + printf("Primary = %s (c=%x, off=%x).\n", + ACM_POLICY_NAME(ntohl(pol->primary_policy_code)), + ntohl(pol->primary_policy_code), + ntohl(pol->primary_buffer_offset)); + printf("Secondary = %s (c=%x, off=%x).\n", + ACM_POLICY_NAME(ntohl(pol->secondary_policy_code)), + ntohl(pol->secondary_policy_code), + ntohl(pol->secondary_buffer_offset)); + switch (ntohl(pol->primary_policy_code)) + { + case ACM_CHINESE_WALL_POLICY: + acm_dump_chinesewall_buffer(buf + + ntohl(pol->primary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->primary_buffer_offset)); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + acm_dump_ste_buffer(buf + ntohl(pol->primary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->primary_buffer_offset)); + break; + + case ACM_NULL_POLICY: + printf("Primary policy is NULL Policy (n/a).\n"); + break; + + default: + printf("UNKNOWN POLICY!\n"); + } + + switch (ntohl(pol->secondary_policy_code)) + { + case ACM_CHINESE_WALL_POLICY: + acm_dump_chinesewall_buffer(buf + + ntohl(pol->secondary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->secondary_buffer_offset)); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + acm_dump_ste_buffer(buf + ntohl(pol->secondary_buffer_offset), + ntohl(pol->len) - + ntohl(pol->secondary_buffer_offset)); + break; + + case ACM_NULL_POLICY: + printf("Secondary policy is NULL Policy (n/a).\n"); + break; + + default: + printf("UNKNOWN POLICY!\n"); + } +} + +/*************************** set policy ****************************/ + +int acm_domain_set_chwallpolicy(void *bufstart, int buflen) +{ +#define CWALL_MAX_SSIDREFS 6 +#define CWALL_MAX_TYPES 10 +#define CWALL_MAX_CONFLICTSETS 2 + + struct acm_chwall_policy_buffer *chwall_bin_pol = + (struct acm_chwall_policy_buffer *) bufstart; + domaintype_t *ssidrefs, *conflicts; + int ret = 0; + int j; + + chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES); + chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS); + chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY); + chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION); + chwall_bin_pol->chwall_ssid_offset = + htonl(sizeof(struct acm_chwall_policy_buffer)); + chwall_bin_pol->chwall_max_conflictsets = + htonl(CWALL_MAX_CONFLICTSETS); + chwall_bin_pol->chwall_conflict_sets_offset = + htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) + + sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES); + chwall_bin_pol->chwall_running_types_offset = 0; /* not set */ + chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */ + ret += sizeof(struct acm_chwall_policy_buffer); + /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */ + /* check buffer size */ + if ((buflen - ret) < + (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t))) + return -1; /* not enough space */ + + ssidrefs = (domaintype_t *) (bufstart + + ntohl(chwall_bin_pol->chwall_ssid_offset)); + memset(ssidrefs, 0, + CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)); + + /* now set type j-1 for ssidref i+1 */ + for (j = 0; j <= CWALL_MAX_SSIDREFS; j++) + if ((0 < j) && (j <= CWALL_MAX_TYPES)) + ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1); + + ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t); + if ((buflen - ret) < + (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t))) + return -1; /* not enough space */ + + /* now the chinese wall policy conflict sets */ + conflicts = (domaintype_t *) (bufstart + + ntohl(chwall_bin_pol-> + chwall_conflict_sets_offset)); + memset((void *) conflicts, 0, + CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * + sizeof(domaintype_t)); + /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */ + if (CWALL_MAX_TYPES > 3) + { + conflicts[2] = htons(1); + conflicts[3] = htons(1); /* {2,3} */ + conflicts[CWALL_MAX_TYPES + 1] = htons(1); + conflicts[CWALL_MAX_TYPES + 5] = htons(1); + conflicts[CWALL_MAX_TYPES + 6] = htons(1); /* {0,5,6} */ + } + ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES; + return ret; +} + +int acm_domain_set_stepolicy(void *bufstart, int buflen) +{ +#define STE_MAX_SSIDREFS 6 +#define STE_MAX_TYPES 5 + + struct acm_ste_policy_buffer *ste_bin_pol = + (struct acm_ste_policy_buffer *) bufstart; + domaintype_t *ssidrefs; + int j, ret = 0; + + ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES); + ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS); + ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); + ste_bin_pol->policy_version = htonl(ACM_STE_VERSION); + ste_bin_pol->ste_ssid_offset = + htonl(sizeof(struct acm_ste_policy_buffer)); + ret += sizeof(struct acm_ste_policy_buffer); + /* check buffer size */ + if ((buflen - ret) < + (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t))) + return -1; /* not enough space */ + + ssidrefs = + (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset)); + memset(ssidrefs, 0, + STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)); + /* all types 1 for ssidref 1 */ + for (j = 0; j < STE_MAX_TYPES; j++) + ssidrefs[1 * STE_MAX_TYPES + j] = htons(1); + /* now set type j-1 for ssidref j */ + for (j = 0; j < STE_MAX_SSIDREFS; j++) + if ((0 < j) && (j <= STE_MAX_TYPES)) + ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1); + ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t); + return ret; +} + +#define MAX_PUSH_BUFFER 16384 +u8 push_buffer[MAX_PUSH_BUFFER]; + +int acm_domain_setpolicy(int xc_handle) +{ + int ret; + struct acm_policy_buffer *bin_pol; + acm_op_t op; + + /* future: read policy from file and set it */ + bin_pol = (struct acm_policy_buffer *) push_buffer; + bin_pol->policy_version = htonl(ACM_POLICY_VERSION); + bin_pol->magic = htonl(ACM_MAGIC); + bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY); + bin_pol->secondary_policy_code = + htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); + + bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); + bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); + ret = + acm_domain_set_chwallpolicy(push_buffer + + ntohl(bin_pol->primary_buffer_offset), + MAX_PUSH_BUFFER - + ntohl(bin_pol->primary_buffer_offset)); + if (ret < 0) + { + printf("ERROR creating chwallpolicy buffer.\n"); + return -1; + } + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); + bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); + ret = acm_domain_set_stepolicy(push_buffer + + ntohl(bin_pol->secondary_buffer_offset), + MAX_PUSH_BUFFER - + ntohl(bin_pol->secondary_buffer_offset)); + if (ret < 0) + { + printf("ERROR creating chwallpolicy buffer.\n"); + return -1; + } + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); + + /* dump it and then push it down into xen/acm */ + acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len)); + + op.cmd = ACM_SETPOLICY; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.setpolicy.pushcache = (void *) push_buffer; + op.u.setpolicy.pushcache_size = ntohl(bin_pol->len); + ret = do_acm_op(xc_handle, &op); + + if (ret) + printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); + else + printf("Successfully changed policy.\n"); + + return ret; +} + +/******************************* get policy ******************************/ + +#define PULL_CACHE_SIZE 8192 +u8 pull_buffer[PULL_CACHE_SIZE]; +int acm_domain_getpolicy(int xc_handle) +{ + acm_op_t op; + int ret; + + memset(pull_buffer, 0x00, sizeof(pull_buffer)); + op.cmd = ACM_GETPOLICY; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.getpolicy.pullcache = (void *) pull_buffer; + op.u.getpolicy.pullcache_size = sizeof(pull_buffer); + ret = do_acm_op(xc_handle, &op); + /* dump policy */ + acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer)); + return ret; +} + +/************************ load binary policy ******************************/ + +int acm_domain_loadpolicy(int xc_handle, const char *filename) +{ + struct stat mystat; + int ret, fd; + off_t len; + u8 *buffer; + + if ((ret = stat(filename, &mystat))) + { + printf("File %s not found.\n", filename); + goto out; + } + + len = mystat.st_size; + if ((buffer = malloc(len)) == NULL) + { + ret = -ENOMEM; + goto out; + } + if ((fd = open(filename, O_RDONLY)) <= 0) + { + ret = -ENOENT; + printf("File %s not found.\n", filename); + goto free_out; + } + if (len == read(fd, buffer, len)) + { + acm_op_t op; + /* dump it and then push it down into xen/acm */ + acm_dump_policy_buffer(buffer, len); + op.cmd = ACM_SETPOLICY; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.setpolicy.pushcache = (void *) buffer; + op.u.setpolicy.pushcache_size = len; + ret = do_acm_op(xc_handle, &op); + + if (ret) + printf + ("ERROR setting policy. Use 'xm dmesg' to see details.\n"); + else + printf("Successfully changed policy.\n"); + + } else { + ret = -1; + } + close(fd); + free_out: + free(buffer); + out: + return ret; +} + +/************************ dump hook statistics ******************************/ +void dump_ste_stats(struct acm_ste_stats_buffer *ste_stats) +{ + printf("STE-Policy Security Hook Statistics:\n"); + printf("ste: event_channel eval_count = %d\n", + ntohl(ste_stats->ec_eval_count)); + printf("ste: event_channel denied_count = %d\n", + ntohl(ste_stats->ec_denied_count)); + printf("ste: event_channel cache_hit_count = %d\n", + ntohl(ste_stats->ec_cachehit_count)); + printf("ste:\n"); + printf("ste: grant_table eval_count = %d\n", + ntohl(ste_stats->gt_eval_count)); + printf("ste: grant_table denied_count = %d\n", + ntohl(ste_stats->gt_denied_count)); + printf("ste: grant_table cache_hit_count = %d\n", + ntohl(ste_stats->gt_cachehit_count)); +} + +#define PULL_STATS_SIZE 8192 +int acm_domain_dumpstats(int xc_handle) +{ + u8 stats_buffer[PULL_STATS_SIZE]; + acm_op_t op; + int ret; + struct acm_stats_buffer *stats; + + memset(stats_buffer, 0x00, sizeof(stats_buffer)); + op.cmd = ACM_DUMPSTATS; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.dumpstats.pullcache = (void *) stats_buffer; + op.u.dumpstats.pullcache_size = sizeof(stats_buffer); + ret = do_acm_op(xc_handle, &op); + + if (ret < 0) + { + printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); + return ret; + } + stats = (struct acm_stats_buffer *) stats_buffer; + + printf("\nPolicy dump:\n"); + printf("============\n"); + printf("Magic = %x.\n", ntohl(stats->magic)); + printf("Len = %x.\n", ntohl(stats->len)); + + switch (ntohl(stats->primary_policy_code)) + { + case ACM_NULL_POLICY: + printf("NULL Policy: No statistics apply.\n"); + break; + + case ACM_CHINESE_WALL_POLICY: + printf("Chinese Wall Policy: No statistics apply.\n"); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + dump_ste_stats((struct acm_ste_stats_buffer *) (stats_buffer + + ntohl(stats-> + primary_stats_offset))); + break; + + default: + printf("UNKNOWN PRIMARY POLICY ERROR!\n"); + } + + switch (ntohl(stats->secondary_policy_code)) + { + case ACM_NULL_POLICY: + printf("NULL Policy: No statistics apply.\n"); + break; + + case ACM_CHINESE_WALL_POLICY: + printf("Chinese Wall Policy: No statistics apply.\n"); + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + dump_ste_stats((struct acm_ste_stats_buffer *) (stats_buffer + + ntohl(stats-> + secondary_stats_offset))); + break; + + default: + printf("UNKNOWN SECONDARY POLICY ERROR!\n"); + } + return ret; +} + +/***************************** main **************************************/ + +void usage(char *progname) +{ + printf("Use: %s \n" + "\t setpolicy\n" + "\t getpolicy\n" + "\t dumpstats\n" + "\t loadpolicy <binary policy file>\n", progname); + exit(-1); +} + +int main(int argc, char **argv) +{ + + int acm_cmd_fd, ret; + + if (argc < 2) + usage(argv[0]); + + if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) + { + printf("ERROR: Could not open xen privcmd device!\n"); + exit(-1); + } + + if (!strcmp(argv[1], "setpolicy")) + { + if (argc != 2) + usage(argv[0]); + ret = acm_domain_setpolicy(acm_cmd_fd); + } else if (!strcmp(argv[1], "getpolicy")) { + if (argc != 2) + usage(argv[0]); + ret = acm_domain_getpolicy(acm_cmd_fd); + } else if (!strcmp(argv[1], "loadpolicy")) { + if (argc != 3) + usage(argv[0]); + ret = acm_domain_loadpolicy(acm_cmd_fd, argv[2]); + } else if (!strcmp(argv[1], "dumpstats")) { + if (argc != 2) + usage(argv[0]); + ret = acm_domain_dumpstats(acm_cmd_fd); + } else + usage(argv[0]); + + close(acm_cmd_fd); + return ret; +} diff -r 9be7fe98a556 -r e173a853dc46 xen/common/acm_ops.c --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/xen/common/acm_ops.c Tue Aug 2 17:20:46 2005 @@ -0,0 +1,127 @@ +/****************************************************************************** + * acm_ops.c + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer <sailer@xxxxxxxxxxxxxx> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * Process acm command requests from guest OS. + * + */ + +#include <xen/config.h> +#include <xen/types.h> +#include <xen/lib.h> +#include <xen/mm.h> +#include <public/acm_ops.h> +#include <xen/sched.h> +#include <xen/event.h> +#include <xen/trace.h> +#include <xen/console.h> +#include <asm/shadow.h> +#include <public/sched_ctl.h> +#include <acm/acm_hooks.h> + +#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) + +long do_acm_op(acm_op_t * u_acm_op) +{ + return -ENOSYS; +} + +#else + +typedef enum acm_operation { + POLICY, /* access to policy interface (early drop) */ + GETPOLICY, /* dump policy cache */ + SETPOLICY, /* set policy cache (controls security) */ + DUMPSTATS /* dump policy statistics */ +} acm_operation_t; + +int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops) +{ + /* all policy management functions are restricted to privileged domains, + * soon we will introduce finer-grained privileges for policy operations + */ + if (!IS_PRIV(d)) + { + printk("%s: ACM management authorization denied ERROR!\n", __func__); + return ACM_ACCESS_DENIED; + } + return ACM_ACCESS_PERMITTED; +} + +long do_acm_op(acm_op_t * u_acm_op) +{ + long ret = 0; + acm_op_t curop, *op = &curop; + + /* check here policy decision for policy commands */ + /* for now allow DOM0 only, later indepedently */ + if (acm_authorize_acm_ops(current->domain, POLICY)) + return -EACCES; + + if (copy_from_user(op, u_acm_op, sizeof(*op))) + return -EFAULT; + + if (op->interface_version != ACM_INTERFACE_VERSION) + return -EACCES; + + switch (op->cmd) + { + case ACM_SETPOLICY: + { + if (acm_authorize_acm_ops(current->domain, SETPOLICY)) + return -EACCES; + printkd("%s: setting policy.\n", __func__); + ret = acm_set_policy(op->u.setpolicy.pushcache, + op->u.setpolicy.pushcache_size, 1); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + + case ACM_GETPOLICY: + { + if (acm_authorize_acm_ops(current->domain, GETPOLICY)) + return -EACCES; + printkd("%s: getting policy.\n", __func__); + ret = acm_get_policy(op->u.getpolicy.pullcache, + op->u.getpolicy.pullcache_size); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + + case ACM_DUMPSTATS: + { + if (acm_authorize_acm_ops(current->domain, DUMPSTATS)) + return -EACCES; + printkd("%s: dumping statistics.\n", __func__); + ret = acm_dump_statistics(op->u.dumpstats.pullcache, + op->u.dumpstats.pullcache_size); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + + default: + ret = -ESRCH; + + } + return ret; +} + +#endif diff -r 9be7fe98a556 -r e173a853dc46 xen/include/public/acm_ops.h --- /dev/null Tue Aug 2 10:47:41 2005 +++ b/xen/include/public/acm_ops.h Tue Aug 2 17:20:46 2005 @@ -0,0 +1,66 @@ +/****************************************************************************** + * acm_ops.h + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer <sailer@xxxxxxxxxxxxxx> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * Process acm policy command requests from guest OS. + * access checked by policy; not restricted to DOM0 + * + */ + +#ifndef __XEN_PUBLIC_ACM_OPS_H__ +#define __XEN_PUBLIC_ACM_OPS_H__ + +#include "xen.h" +#include "sched_ctl.h" + +/* + * Make sure you increment the interface version whenever you modify this file! + * This makes sure that old versions of acm tools will stop working in a + * well-defined way (rather than crashing the machine, for instance). + */ +#define ACM_INTERFACE_VERSION 0xAAAA0003 + +/************************************************************************/ + +#define ACM_SETPOLICY 4 +typedef struct acm_setpolicy { + /* OUT variables */ + void *pushcache; + u16 pushcache_size; +} acm_setpolicy_t; + + +#define ACM_GETPOLICY 5 +typedef struct acm_getpolicy { + /* OUT variables */ + void *pullcache; + u16 pullcache_size; +} acm_getpolicy_t; + +#define ACM_DUMPSTATS 6 +typedef struct acm_dumpstats { + void *pullcache; + u16 pullcache_size; +} acm_dumpstats_t; + + +typedef struct acm_op { + u32 cmd; + u32 interface_version; /* ACM_INTERFACE_VERSION */ + union { + acm_setpolicy_t setpolicy; + acm_getpolicy_t getpolicy; + acm_dumpstats_t dumpstats; + } u; +} acm_op_t; + +#endif /* __XEN_PUBLIC_ACM_OPS_H__ */ diff -r 9be7fe98a556 -r e173a853dc46 linux-2.6-xen-sparse/kernel/ptrace.c --- a/linux-2.6-xen-sparse/kernel/ptrace.c Tue Aug 2 10:47:41 2005 +++ /dev/null Tue Aug 2 17:20:46 2005 @@ -1,391 +0,0 @@ -/* - * linux/kernel/ptrace.c - * - * (C) Copyright 1999 Linus Torvalds - * - * Common interfaces for "ptrace()" which we do not want - * to continually duplicate across every architecture. - */ - -#include <linux/module.h> -#include <linux/sched.h> -#include <linux/errno.h> -#include <linux/mm.h> -#include <linux/highmem.h> -#include <linux/pagemap.h> -#include <linux/smp_lock.h> -#include <linux/ptrace.h> -#include <linux/security.h> -#include <linux/signal.h> - -#include <asm/pgtable.h> -#include <asm/uaccess.h> - -/* - * ptrace a task: make the debugger its new parent and - * move it to the ptrace list. - * - * Must be called with the tasklist lock write-held. - */ -void __ptrace_link(task_t *child, task_t *new_parent) -{ - if (!list_empty(&child->ptrace_list)) - BUG(); - if (child->parent == new_parent) - return; - list_add(&child->ptrace_list, &child->parent->ptrace_children); - REMOVE_LINKS(child); - child->parent = new_parent; - SET_LINKS(child); -} - -/* - * Turn a tracing stop into a normal stop now, since with no tracer there - * would be no way to wake it up with SIGCONT or SIGKILL. If there was a - * signal sent that would resume the child, but didn't because it was in - * TASK_TRACED, resume it now. - * Requires that irqs be disabled. - */ -void ptrace_untrace(task_t *child) -{ - spin_lock(&child->sighand->siglock); - if (child->state == TASK_TRACED) { - if (child->signal->flags & SIGNAL_STOP_STOPPED) { - child->state = TASK_STOPPED; - } else { - signal_wake_up(child, 1); - } - } - spin_unlock(&child->sighand->siglock); -} - -/* - * unptrace a task: move it back to its original parent and - * remove it from the ptrace list. - * - * Must be called with the tasklist lock write-held. - */ -void __ptrace_unlink(task_t *child) -{ - if (!child->ptrace) - BUG(); - child->ptrace = 0; - if (!list_empty(&child->ptrace_list)) { - list_del_init(&child->ptrace_list); - REMOVE_LINKS(child); - child->parent = child->real_parent; - SET_LINKS(child); - } - - if (child->state == TASK_TRACED) - ptrace_untrace(child); -} - -/* - * Check that we have indeed attached to the thing.. - */ -int ptrace_check_attach(struct task_struct *child, int kill) -{ - int ret = -ESRCH; - - /* - * We take the read lock around doing both checks to close a - * possible race where someone else was tracing our child and - * detached between these two checks. After this locked check, - * we are sure that this is our traced child and that can only - * be changed by us so it's not changing right after this. - */ - read_lock(&tasklist_lock); - if ((child->ptrace & PT_PTRACED) && child->parent == current && - (!(child->ptrace & PT_ATTACHED) || child->real_parent != current) - && child->signal != NULL) { - ret = 0; - spin_lock_irq(&child->sighand->siglock); - if (child->state == TASK_STOPPED) { - child->state = TASK_TRACED; - } else if (child->state != TASK_TRACED && !kill) { - ret = -ESRCH; - } - spin_unlock_irq(&child->sighand->siglock); - } - read_unlock(&tasklist_lock); - - if (!ret && !kill) { - wait_task_inactive(child); - } - - /* All systems go.. */ - return ret; -} - -int ptrace_attach(struct task_struct *task) -{ - int retval; - task_lock(task); - retval = -EPERM; - if (task->pid <= 1) - goto bad; - if (task == current) - goto bad; - if (!task->mm) - goto bad; - if(((current->uid != task->euid) || - (current->uid != task->suid) || - (current->uid != task->uid) || - (current->gid != task->egid) || - (current->gid != task->sgid) || - (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) - goto bad; - smp_rmb(); - if (!task->mm->dumpable && !capable(CAP_SYS_PTRACE)) - goto bad; - /* the same process cannot be attached many times */ - if (task->ptrace & PT_PTRACED) - goto bad; - retval = security_ptrace(current, task); - if (retval) - goto bad; - - /* Go */ - task->ptrace |= PT_PTRACED | ((task->real_parent != current) - ? PT_ATTACHED : 0); - if (capable(CAP_SYS_PTRACE)) - task->ptrace |= PT_PTRACE_CAP; - task_unlock(task); - - write_lock_irq(&tasklist_lock); - __ptrace_link(task, current); - write_unlock_irq(&tasklist_lock); - - force_sig_specific(SIGSTOP, task); - return 0; - -bad: - task_unlock(task); - return retval; -} - -int ptrace_detach(struct task_struct *child, unsigned int data) -{ - if (!valid_signal(data)) - return -EIO; - - /* Architecture-specific hardware disable .. */ - ptrace_disable(child); - - /* .. re-parent .. */ - child->exit_code = data; - - write_lock_irq(&tasklist_lock); - __ptrace_unlink(child); - /* .. and wake it up. */ - if (child->exit_state != EXIT_ZOMBIE) - wake_up_process(child); - write_unlock_irq(&tasklist_lock); - - return 0; -} - -/* - * Access another process' address space. - * Source/target buffer must be kernel space, - * Do not walk the page table directly, use get_user_pages - */ - -int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write) -{ - struct mm_struct *mm; - struct vm_area_struct *vma; - struct page *page; - void *old_buf = buf; - - mm = get_task_mm(tsk); - if (!mm) - return 0; - - down_read(&mm->mmap_sem); - /* ignore errors, just check how much was sucessfully transfered */ - while (len) { - int bytes, ret, offset; - void *maddr; - - ret = get_user_pages(tsk, mm, addr, 1, - write, 1, &page, &vma); - if (ret <= 0) - break; - - bytes = len; - offset = addr & (PAGE_SIZE-1); - if (bytes > PAGE_SIZE-offset) - bytes = PAGE_SIZE-offset; - - maddr = kmap(page); - if (write) { - copy_to_user_page(vma, page, addr, - maddr + offset, buf, bytes); - set_page_dirty_lock(page); - } else { - copy_from_user_page(vma, page, addr, - buf, maddr + offset, bytes); - } - kunmap(page); - page_cache_release(page); - len -= bytes; - buf += bytes; - addr += bytes; - } - up_read(&mm->mmap_sem); - mmput(mm); - - return buf - old_buf; -} -EXPORT_SYMBOL(access_process_vm); - -int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len) -{ - int copied = 0; - - while (len > 0) { - char buf[128]; - int this_len, retval; - - this_len = (len > sizeof(buf)) ? sizeof(buf) : len; - retval = access_process_vm(tsk, src, buf, this_len, 0); - if (!retval) { - if (copied) - break; - return -EIO; - } - if (copy_to_user(dst, buf, retval)) - return -EFAULT; - copied += retval; - src += retval; - dst += retval; - len -= retval; - } - return copied; -} - -int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len) -{ - int copied = 0; - - while (len > 0) { - char buf[128]; - int this_len, retval; - - this_len = (len > sizeof(buf)) ? sizeof(buf) : len; - if (copy_from_user(buf, src, this_len)) - return -EFAULT; - retval = access_process_vm(tsk, dst, buf, this_len, 1); - if (!retval) { - if (copied) - break; - return -EIO; - } - copied += retval; - src += retval; - dst += retval; - len -= retval; - } - return copied; -} - -static int ptrace_setoptions(struct task_struct *child, long data) -{ - child->ptrace &= ~PT_TRACE_MASK; - - if (data & PTRACE_O_TRACESYSGOOD) - child->ptrace |= PT_TRACESYSGOOD; - - if (data & PTRACE_O_TRACEFORK) - child->ptrace |= PT_TRACE_FORK; - - if (data & PTRACE_O_TRACEVFORK) - child->ptrace |= PT_TRACE_VFORK; - - if (data & PTRACE_O_TRACECLONE) - child->ptrace |= PT_TRACE_CLONE; - - if (data & PTRACE_O_TRACEEXEC) - child->ptrace |= PT_TRACE_EXEC; - - if (data & PTRACE_O_TRACEVFORKDONE) - child->ptrace |= PT_TRACE_VFORK_DONE; - - if (data & PTRACE_O_TRACEEXIT) - child->ptrace |= PT_TRACE_EXIT; - - return (data & ~PTRACE_O_MASK) ? -EINVAL : 0; -} - -static int ptrace_getsiginfo(struct task_struct *child, siginfo_t __user * data) -{ - siginfo_t lastinfo; - int error = -ESRCH; - - read_lock(&tasklist_lock); - if (likely(child->sighand != NULL)) { - error = -EINVAL; - spin_lock_irq(&child->sighand->siglock); - if (likely(child->last_siginfo != NULL)) { - lastinfo = *child->last_siginfo; - error = 0; - } - spin_unlock_irq(&child->sighand->siglock); - } - read_unlock(&tasklist_lock); - if (!error) - return copy_siginfo_to_user(data, &lastinfo); - return error; -} - -static int ptrace_setsiginfo(struct task_struct *child, siginfo_t __user * data) -{ - siginfo_t newinfo; - int error = -ESRCH; - - if (copy_from_user(&newinfo, data, sizeof (siginfo_t))) - return -EFAULT; - - read_lock(&tasklist_lock); - if (likely(child->sighand != NULL)) { - error = -EINVAL; - spin_lock_irq(&child->sighand->siglock); - if (likely(child->last_siginfo != NULL)) { - *child->last_siginfo = newinfo; - error = 0; - } - spin_unlock_irq(&child->sighand->siglock); - } - read_unlock(&tasklist_lock); - return error; -} - -int ptrace_request(struct task_struct *child, long request, - long addr, long data) -{ - int ret = -EIO; - - switch (request) { -#ifdef PTRACE_OLDSETOPTIONS - case PTRACE_OLDSETOPTIONS: -#endif - case PTRACE_SETOPTIONS: - ret = ptrace_setoptions(child, data); - break; - case PTRACE_GETEVENTMSG: - ret = put_user(child->ptrace_message, (unsigned long __user *) data); - break; - case PTRACE_GETSIGINFO: - ret = ptrace_getsiginfo(child, (siginfo_t __user *) data); - break; - case PTRACE_SETSIGINFO: - ret = ptrace_setsiginfo(child, (siginfo_t __user *) data); - break; - default: - break; - } - - return ret; -} diff -r 9be7fe98a556 -r e173a853dc46 tools/policy/Makefile --- a/tools/policy/Makefile Tue Aug 2 10:47:41 2005 +++ /dev/null Tue Aug 2 17:20:46 2005 @@ -1,36 +0,0 @@ -XEN_ROOT = ../.. -include $(XEN_ROOT)/tools/Rules.mk - -SRCS = policy_tool.c -CFLAGS += -static -CFLAGS += -Wall -CFLAGS += -Werror -CFLAGS += -O3 -CFLAGS += -fno-strict-aliasing -CFLAGS += -I. - -all: build -build: mk-symlinks - $(MAKE) policy_tool - -default: all - -install: all - -policy_tool : policy_tool.c - $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< - -clean: - rm -rf policy_tool xen - - -LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse -mk-symlinks: - [ -e xen/linux ] || mkdir -p xen/linux - [ -e xen/io ] || mkdir -p xen/io - ( cd xen >/dev/null ; \ - ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . ) - ( cd xen/io >/dev/null ; \ - ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . ) - ( cd xen/linux >/dev/null ; \ - ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . ) diff -r 9be7fe98a556 -r e173a853dc46 tools/policy/policy_tool.c --- a/tools/policy/policy_tool.c Tue Aug 2 10:47:41 2005 +++ /dev/null Tue Aug 2 17:20:46 2005 @@ -1,552 +0,0 @@ -/**************************************************************** - * policy_tool.c - * - * Copyright (C) 2005 IBM Corporation - * - * Authors: - * Reiner Sailer <sailer@xxxxxxxxxxxxxx> - * Stefan Berger <stefanb@xxxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * sHype policy management tool. This code runs in a domain and - * manages the Xen security policy by interacting with the - * Xen access control module via a /proc/xen/privcmd proc-ioctl, - * which is translated into a policy_op hypercall into Xen. - * - * todo: implement setpolicy to dynamically set a policy cache. - */ -#include <unistd.h> -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> -#include <sys/mman.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <stdlib.h> -#include <sys/ioctl.h> -#include <string.h> -#include <stdint.h> -#include <netinet/in.h> - -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; -typedef uint64_t u64; -typedef int8_t s8; -typedef int16_t s16; -typedef int32_t s32; -typedef int64_t s64; - -#include <xen/acm.h> - -#include <xen/policy_ops.h> - -#include <xen/linux/privcmd.h> - -#define ERROR(_m, _a...) \ - fprintf(stderr, "ERROR: " _m "\n" , ## _a ) - -#define PERROR(_m, _a...) \ - fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ - errno, strerror(errno)) - -static inline int do_policycmd(int xc_handle, - unsigned int cmd, - unsigned long data) -{ - return ioctl(xc_handle, cmd, data); -} - -static inline int do_xen_hypercall(int xc_handle, - privcmd_hypercall_t *hypercall) -{ - return do_policycmd(xc_handle, - IOCTL_PRIVCMD_HYPERCALL, - (unsigned long)hypercall); -} - -static inline int do_policy_op(int xc_handle, policy_op_t *op) -{ - int ret = -1; - privcmd_hypercall_t hypercall; - - op->interface_version = POLICY_INTERFACE_VERSION; - - hypercall.op = __HYPERVISOR_policy_op; - hypercall.arg[0] = (unsigned long)op; - - if ( mlock(op, sizeof(*op)) != 0 ) - { - PERROR("Could not lock memory for Xen policy hypercall"); - goto out1; - } - - if ( (ret = do_xen_hypercall(xc_handle, &hypercall)) < 0 ) - { - if ( errno == EACCES ) - fprintf(stderr, "POLICY operation failed -- need to" - " rebuild the user-space tool set?\n"); - goto out2; - } - - out2: (void)munlock(op, sizeof(*op)); - out1: return ret; -} - -/*************************** DUMPS *******************************/ - -void acm_dump_chinesewall_buffer(void *buf, int buflen) { - - struct acm_chwall_policy_buffer *cwbuf = (struct acm_chwall_policy_buffer *)buf; - domaintype_t *ssids, *conflicts, *running_types, *conflict_aggregate; - int i,j; - - - if (htons(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) { - printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); - return; - } - printf("\n\nChinese Wall policy:\n"); - printf("====================\n"); - printf("Max Types = %x.\n", ntohs(cwbuf->chwall_max_types)); - printf("Max Ssidrefs = %x.\n", ntohs(cwbuf->chwall_max_ssidrefs)); - printf("Max ConfSets = %x.\n", ntohs(cwbuf->chwall_max_conflictsets)); - printf("Ssidrefs Off = %x.\n", ntohs(cwbuf->chwall_ssid_offset)); - printf("Conflicts Off = %x.\n", ntohs(cwbuf->chwall_conflict_sets_offset)); - printf("Runing T. Off = %x.\n", ntohs(cwbuf->chwall_running_types_offset)); - printf("C. Agg. Off = %x.\n", ntohs(cwbuf->chwall_conflict_aggregate_offset)); - printf("\nSSID To CHWALL-Type matrix:\n"); - - ssids = (domaintype_t *)(buf + ntohs(cwbuf->chwall_ssid_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_ssidrefs); i++) { - printf("\n ssidref%2x: ", i); - for(j=0; j< ntohs(cwbuf->chwall_max_types); j++) - printf("%02x ", ntohs(ssids[i*ntohs(cwbuf->chwall_max_types) + j])); - } - printf("\n\nConfict Sets:\n"); - conflicts = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_sets_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_conflictsets); i++) { - printf("\n c-set%2x: ", i); - for(j=0; j< ntohs(cwbuf->chwall_max_types); j++) - printf("%02x ", ntohs(conflicts[i*ntohs(cwbuf->chwall_max_types) +j])); - } - printf("\n"); - - printf("\nRunning\nTypes: "); - if (ntohs(cwbuf->chwall_running_types_offset)) { - running_types = (domaintype_t *)(buf + ntohs(cwbuf->chwall_running_types_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) { - printf("%02x ", ntohs(running_types[i])); - } - printf("\n"); - } else { - printf("Not Reported!\n"); - } - printf("\nConflict\nAggregate Set: "); - if (ntohs(cwbuf->chwall_conflict_aggregate_offset)) { - conflict_aggregate = (domaintype_t *)(buf + ntohs(cwbuf->chwall_conflict_aggregate_offset)); - for(i=0; i< ntohs(cwbuf->chwall_max_types); i++) { - printf("%02x ", ntohs(conflict_aggregate[i])); - } - printf("\n\n"); - } else { - printf("Not Reported!\n"); - } -} - -void acm_dump_ste_buffer(void *buf, int buflen) { - - struct acm_ste_policy_buffer *stebuf = (struct acm_ste_policy_buffer *)buf; - domaintype_t *ssids; - int i,j; - - - if (ntohs(stebuf->policy_code) != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { - printf("SIMPLE TYPE ENFORCEMENT POLICY CODE not found ERROR!!\n"); - return; - } - printf("\nSimple Type Enforcement policy:\n"); - printf("===============================\n"); - printf("Max Types = %x.\n", ntohs(stebuf->ste_max_types)); - printf("Max Ssidrefs = %x.\n", ntohs(stebuf->ste_max_ssidrefs)); - printf("Ssidrefs Off = %x.\n", ntohs(stebuf->ste_ssid_offset)); - printf("\nSSID To STE-Type matrix:\n"); - - ssids = (domaintype_t *)(buf + ntohs(stebuf->ste_ssid_offset)); - for(i=0; i< ntohs(stebuf->ste_max_ssidrefs); i++) { - printf("\n ssidref%2x: ", i); - for(j=0; j< ntohs(stebuf->ste_max_types); j++) - printf("%02x ", ntohs(ssids[i*ntohs(stebuf->ste_max_types) +j])); - } - printf("\n\n"); -} - -void acm_dump_policy_buffer(void *buf, int buflen) { - struct acm_policy_buffer *pol = (struct acm_policy_buffer *)buf; - - printf("\nPolicy dump:\n"); - printf("============\n"); - printf("Magic = %x.\n", ntohl(pol->magic)); - printf("PolVer = %x.\n", ntohl(pol->policyversion)); - printf("Len = %x.\n", ntohl(pol->len)); - printf("Primary = %s (c=%x, off=%x).\n", - ACM_POLICY_NAME(ntohs(pol->primary_policy_code)), - ntohs(pol->primary_policy_code), ntohs(pol->primary_buffer_offset)); - printf("Secondary = %s (c=%x, off=%x).\n", - ACM_POLICY_NAME(ntohs(pol->secondary_policy_code)), - ntohs(pol->secondary_policy_code), ntohs(pol->secondary_buffer_offset)); - switch (ntohs(pol->primary_policy_code)) { - case ACM_CHINESE_WALL_POLICY: - acm_dump_chinesewall_buffer(buf+ntohs(pol->primary_buffer_offset), - ntohl(pol->len) - ntohs(pol->primary_buffer_offset)); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_dump_ste_buffer(buf+ntohs(pol->primary_buffer_offset), - ntohl(pol->len) - ntohs(pol->primary_buffer_offset)); - break; - case ACM_NULL_POLICY: - printf("Primary policy is NULL Policy (n/a).\n"); - break; - default: - printf("UNKNOWN POLICY!\n"); - } - switch (ntohs(pol->secondary_policy_code)) { - case ACM_CHINESE_WALL_POLICY: - acm_dump_chinesewall_buffer(buf+ntohs(pol->secondary_buffer_offset), - ntohl(pol->len) - ntohs(pol->secondary_buffer_offset)); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_dump_ste_buffer(buf+ntohs(pol->secondary_buffer_offset), - ntohl(pol->len) - ntohs(pol->secondary_buffer_offset)); - break; - case ACM_NULL_POLICY: - printf("Secondary policy is NULL Policy (n/a).\n"); - break; - default: - printf("UNKNOWN POLICY!\n"); - } -} - -/*************************** set policy ****************************/ - -int acm_domain_set_chwallpolicy(void *bufstart, int buflen) { -#define CWALL_MAX_SSIDREFS 6 -#define CWALL_MAX_TYPES 10 -#define CWALL_MAX_CONFLICTSETS 2 - - struct acm_chwall_policy_buffer *chwall_bin_pol = (struct acm_chwall_policy_buffer *)bufstart; - domaintype_t *ssidrefs, *conflicts; - int ret = 0; - int j; - - chwall_bin_pol->chwall_max_types = htons(CWALL_MAX_TYPES); - chwall_bin_pol->chwall_max_ssidrefs = htons(CWALL_MAX_SSIDREFS); - chwall_bin_pol->policy_code = htons(ACM_CHINESE_WALL_POLICY); - chwall_bin_pol->chwall_ssid_offset = htons(sizeof(struct acm_chwall_policy_buffer)); - chwall_bin_pol->chwall_max_conflictsets = htons(CWALL_MAX_CONFLICTSETS); - chwall_bin_pol->chwall_conflict_sets_offset = - htons( - ntohs(chwall_bin_pol->chwall_ssid_offset) + - sizeof(domaintype_t)*CWALL_MAX_SSIDREFS*CWALL_MAX_TYPES); - chwall_bin_pol->chwall_running_types_offset = 0; /* not set */ - chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */ - ret += sizeof(struct acm_chwall_policy_buffer); - /* now push example ssids into the buffer (max_ssidrefs x max_types entries) */ - /* check buffer size */ - if ((buflen - ret) < (CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t))) - return -1; /* not enough space */ - - ssidrefs = (domaintype_t *)(bufstart+ntohs(chwall_bin_pol->chwall_ssid_offset)); - memset(ssidrefs, 0, CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t)); - - /* now set type j-1 for ssidref i+1 */ - for(j=0; j<= CWALL_MAX_SSIDREFS; j++) - if ((0 < j) &&( j <= CWALL_MAX_TYPES)) - ssidrefs[j*CWALL_MAX_TYPES + j - 1] = htons(1); - - ret += CWALL_MAX_TYPES*CWALL_MAX_SSIDREFS*sizeof(domaintype_t); - if ((buflen - ret) < (CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t))) - return -1; /* not enough space */ - - /* now the chinese wall policy conflict sets*/ - conflicts = (domaintype_t *)(bufstart + - ntohs(chwall_bin_pol->chwall_conflict_sets_offset)); - memset((void *)conflicts, 0, CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES*sizeof(domaintype_t)); - /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */ - if (CWALL_MAX_TYPES > 3) { - conflicts[2] = htons(1); conflicts[3] = htons(1); /* {2,3} */ - conflicts[CWALL_MAX_TYPES+1] = htons(1); conflicts[CWALL_MAX_TYPES+5] = htons(1); - conflicts[CWALL_MAX_TYPES+6] = htons(1);/* {0,5,6} */ - } - ret += sizeof(domaintype_t)*CWALL_MAX_CONFLICTSETS*CWALL_MAX_TYPES; - return ret; -} - -int acm_domain_set_stepolicy(void *bufstart, int buflen) { -#define STE_MAX_SSIDREFS 6 -#define STE_MAX_TYPES 5 - - struct acm_ste_policy_buffer *ste_bin_pol = (struct acm_ste_policy_buffer *)bufstart; - domaintype_t *ssidrefs; - int j, ret = 0; - - ste_bin_pol->ste_max_types = htons(STE_MAX_TYPES); - ste_bin_pol->ste_max_ssidrefs = htons(STE_MAX_SSIDREFS); - ste_bin_pol->policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); - ste_bin_pol->ste_ssid_offset = htons(sizeof(struct acm_ste_policy_buffer)); - ret += sizeof(struct acm_ste_policy_buffer); - /* check buffer size */ - if ((buflen - ret) < (STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t))) - return -1; /* not enough space */ - - ssidrefs = (domaintype_t *)(bufstart+ntohs(ste_bin_pol->ste_ssid_offset)); - memset(ssidrefs, 0, STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t)); - /* all types 1 for ssidref 1 */ - for(j=0; j< STE_MAX_TYPES; j++) - ssidrefs[1*STE_MAX_TYPES +j] = htons(1); - /* now set type j-1 for ssidref j */ - for(j=0; j< STE_MAX_SSIDREFS; j++) - if ((0 < j) &&( j <= STE_MAX_TYPES)) - ssidrefs[j*STE_MAX_TYPES + j - 1] = htons(1); - ret += STE_MAX_TYPES*STE_MAX_SSIDREFS*sizeof(domaintype_t); - return ret; -} - -#define MAX_PUSH_BUFFER 16384 -u8 push_buffer[MAX_PUSH_BUFFER]; - -int acm_domain_setpolicy(int xc_handle) -{ - int ret; - struct acm_policy_buffer *bin_pol; - policy_op_t op; - - /* future: read policy from file and set it */ - bin_pol = (struct acm_policy_buffer *)push_buffer; - bin_pol->magic = htonl(ACM_MAGIC); - bin_pol->policyversion = htonl(POLICY_INTERFACE_VERSION); - bin_pol->primary_policy_code = htons(ACM_CHINESE_WALL_POLICY); - bin_pol->secondary_policy_code = htons(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); - - bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); - bin_pol->primary_buffer_offset = htons(ntohl(bin_pol->len)); - ret = acm_domain_set_chwallpolicy(push_buffer + ntohs(bin_pol->primary_buffer_offset), - MAX_PUSH_BUFFER - ntohs(bin_pol->primary_buffer_offset)); - if (ret < 0) { - printf("ERROR creating chwallpolicy buffer.\n"); - return -1; - } - bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - bin_pol->secondary_buffer_offset = htons(ntohl(bin_pol->len)); - ret = acm_domain_set_stepolicy(push_buffer + ntohs(bin_pol->secondary_buffer_offset), - MAX_PUSH_BUFFER - ntohs(bin_pol->secondary_buffer_offset)); - if (ret < 0) { - printf("ERROR creating chwallpolicy buffer.\n"); - return -1; - } - bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - - /* dump it and then push it down into xen/acm */ - acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len)); - op.cmd = POLICY_SETPOLICY; - op.u.setpolicy.pushcache = (void *)push_buffer; - op.u.setpolicy.pushcache_size = ntohl(bin_pol->len); - op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY; - ret = do_policy_op(xc_handle, &op); - - if (ret) - printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); - else - printf("Successfully changed policy.\n"); - return ret; -} - -/******************************* get policy ******************************/ - -#define PULL_CACHE_SIZE 8192 -u8 pull_buffer[PULL_CACHE_SIZE]; -int acm_domain_getpolicy(int xc_handle) -{ - policy_op_t op; - int ret; - - memset(pull_buffer, 0x00, sizeof(pull_buffer)); - op.cmd = POLICY_GETPOLICY; - op.u.getpolicy.pullcache = (void *)pull_buffer; - op.u.getpolicy.pullcache_size = sizeof(pull_buffer); - ret = do_policy_op(xc_handle, &op); - /* dump policy */ - acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer)); - return ret; -} - -/************************ load binary policy ******************************/ - -int acm_domain_loadpolicy(int xc_handle, - const char *filename) -{ - struct stat mystat; - int ret, fd; - off_t len; - u8 *buffer; - - if ((ret = stat(filename, &mystat))) { - printf("File %s not found.\n",filename); - goto out; - } - - len = mystat.st_size; - if ((buffer = malloc(len)) == NULL) { - ret = -ENOMEM; - goto out; - } - if ((fd = open(filename, O_RDONLY)) <= 0) { - ret = -ENOENT; - printf("File %s not found.\n",filename); - goto free_out; - } - if (len == read(fd, buffer, len)) { - policy_op_t op; - /* dump it and then push it down into xen/acm */ - acm_dump_policy_buffer(buffer, len); - op.cmd = POLICY_SETPOLICY; - op.u.setpolicy.pushcache = (void *)buffer; - op.u.setpolicy.pushcache_size = len; - op.u.setpolicy.policy_type = ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY; - ret = do_policy_op(xc_handle, &op); - - if (ret) - printf("ERROR setting policy. Use 'xm dmesg' to see details.\n"); - else - printf("Successfully changed policy.\n"); - - } else { - ret = -1; - } - close(fd); - free_out: - free(buffer); - out: - return ret; -} - -/************************ dump hook statistics ******************************/ -void -dump_ste_stats(struct acm_ste_stats_buffer *ste_stats) -{ - printf("STE-Policy Security Hook Statistics:\n"); - printf("ste: event_channel eval_count = %d\n", ntohl(ste_stats->ec_eval_count)); - printf("ste: event_channel denied_count = %d\n", ntohl(ste_stats->ec_denied_count)); - printf("ste: event_channel cache_hit_count = %d\n", ntohl(ste_stats->ec_cachehit_count)); - printf("ste:\n"); - printf("ste: grant_table eval_count = %d\n", ntohl(ste_stats->gt_eval_count)); - printf("ste: grant_table denied_count = %d\n", ntohl(ste_stats->gt_denied_count)); - printf("ste: grant_table cache_hit_count = %d\n", ntohl(ste_stats->gt_cachehit_count)); -} - -#define PULL_STATS_SIZE 8192 -int acm_domain_dumpstats(int xc_handle) -{ - u8 stats_buffer[PULL_STATS_SIZE]; - policy_op_t op; - int ret; - struct acm_stats_buffer *stats; - - memset(stats_buffer, 0x00, sizeof(stats_buffer)); - op.cmd = POLICY_DUMPSTATS; - op.u.dumpstats.pullcache = (void *)stats_buffer; - op.u.dumpstats.pullcache_size = sizeof(stats_buffer); - ret = do_policy_op(xc_handle, &op); - - if (ret < 0) { - printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); - return ret; - } - stats = (struct acm_stats_buffer *)stats_buffer; - - printf("\nPolicy dump:\n"); - printf("============\n"); - printf("Magic = %x.\n", ntohl(stats->magic)); - printf("PolVer = %x.\n", ntohl(stats->policyversion)); - printf("Len = %x.\n", ntohl(stats->len)); - - switch(ntohs(stats->primary_policy_code)) { - case ACM_NULL_POLICY: - printf("NULL Policy: No statistics apply.\n"); - break; - case ACM_CHINESE_WALL_POLICY: - printf("Chinese Wall Policy: No statistics apply.\n"); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->primary_stats_offset))); - break; - default: - printf("UNKNOWN PRIMARY POLICY ERROR!\n"); - } - switch(ntohs(stats->secondary_policy_code)) { - case ACM_NULL_POLICY: - printf("NULL Policy: No statistics apply.\n"); - break; - case ACM_CHINESE_WALL_POLICY: - printf("Chinese Wall Policy: No statistics apply.\n"); - break; - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - dump_ste_stats((struct acm_ste_stats_buffer *)(stats_buffer + ntohs(stats->secondary_stats_offset))); - break; - default: - printf("UNKNOWN SECONDARY POLICY ERROR!\n"); - } - return ret; -} - -/***************************** main **************************************/ - -void -usage(char *progname){ - printf("Use: %s \n" - "\t setpolicy\n" - "\t getpolicy\n" - "\t dumpstats\n" - "\t loadpolicy <binary policy file>\n", progname); - exit(-1); -} - -int -main(int argc, char **argv) { - - int policycmd_fd, ret; - - if (argc < 2) - usage(argv[0]); - - if ((policycmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { - printf("ERROR: Could not open xen privcmd device!\n"); - exit(-1); - } - - if (!strcmp(argv[1], "setpolicy")) { - if (argc != 2) - usage(argv[0]); - ret = acm_domain_setpolicy(policycmd_fd); - } else if (!strcmp(argv[1], "getpolicy")) { - if (argc != 2) - usage(argv[0]); - ret = acm_domain_getpolicy(policycmd_fd); - } else if (!strcmp(argv[1], "loadpolicy")) { - if (argc != 3) - usage(argv[0]); - ret = acm_domain_loadpolicy(policycmd_fd, argv[2]); - } else if (!strcmp(argv[1], "dumpstats")) { - if (argc != 2) - usage(argv[0]); - ret = acm_domain_dumpstats(policycmd_fd); - } else - usage(argv[0]); - - close(policycmd_fd); - return ret; -} diff -r 9be7fe98a556 -r e173a853dc46 xen/common/policy_ops.c --- a/xen/common/policy_ops.c Tue Aug 2 10:47:41 2005 +++ /dev/null Tue Aug 2 17:20:46 2005 @@ -1,133 +0,0 @@ -/****************************************************************************** - * policy_ops.c - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer <sailer@xxxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * Process policy command requests from guest OS. - * - */ - -#include <xen/config.h> -#include <xen/types.h> -#include <xen/lib.h> -#include <xen/mm.h> -#include <public/policy_ops.h> -#include <xen/sched.h> -#include <xen/event.h> -#include <xen/trace.h> -#include <xen/console.h> -#include <asm/shadow.h> -#include <public/sched_ctl.h> -#include <acm/acm_hooks.h> - -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) - -long do_policy_op(policy_op_t *u_policy_op) -{ - return -ENOSYS; -} - -#else - -typedef enum policyoperation { - POLICY, /* access to policy interface (early drop) */ - GETPOLICY, /* dump policy cache */ - SETPOLICY, /* set policy cache (controls security) */ - DUMPSTATS /* dump policy statistics */ -} policyoperation_t; - -int -acm_authorize_policyops(struct domain *d, policyoperation_t pops) -{ - /* all policy management functions are restricted to privileged domains, - * soon we will introduce finer-grained privileges for policy operations - */ - if (!IS_PRIV(d)) { - printk("%s: Policy management authorization denied ERROR!\n", - __func__); - return ACM_ACCESS_DENIED; - } - return ACM_ACCESS_PERMITTED; -} - -long do_policy_op(policy_op_t *u_policy_op) -{ - long ret = 0; - policy_op_t curop, *op = &curop; - - /* check here policy decision for policy commands */ - /* for now allow DOM0 only, later indepedently */ - if (acm_authorize_policyops(current->domain, POLICY)) - return -EACCES; - - if ( copy_from_user(op, u_policy_op, sizeof(*op)) ) - return -EFAULT; - - if ( op->interface_version != POLICY_INTERFACE_VERSION ) - return -EACCES; - - switch ( op->cmd ) - { - case POLICY_SETPOLICY: - { - if (acm_authorize_policyops(current->domain, SETPOLICY)) - return -EACCES; - printkd("%s: setting policy.\n", __func__); - ret = acm_set_policy( - op->u.setpolicy.pushcache, - op->u.setpolicy.pushcache_size, - op->u.setpolicy.policy_type, - 1); - if (ret == ACM_OK) - ret = 0; - else - ret = -ESRCH; - } - break; - - case POLICY_GETPOLICY: - { - if (acm_authorize_policyops(current->domain, GETPOLICY)) - return -EACCES; - printkd("%s: getting policy.\n", __func__); - ret = acm_get_policy( - op->u.getpolicy.pullcache, - op->u.getpolicy.pullcache_size); - if (ret == ACM_OK) - ret = 0; - else - ret = -ESRCH; - } - break; - - case POLICY_DUMPSTATS: - { - if (acm_authorize_policyops(current->domain, DUMPSTATS)) - return -EACCES; - printkd("%s: dumping statistics.\n", __func__); - ret = acm_dump_statistics( - op->u.dumpstats.pullcache, - op->u.dumpstats.pullcache_size); - if (ret == ACM_OK) - ret = 0; - else - ret = -ESRCH; - } - break; - - default: - ret = -ESRCH; - - } - return ret; -} - -#endif diff -r 9be7fe98a556 -r e173a853dc46 xen/include/public/policy_ops.h --- a/xen/include/public/policy_ops.h Tue Aug 2 10:47:41 2005 +++ /dev/null Tue Aug 2 17:20:46 2005 @@ -1,70 +0,0 @@ -/****************************************************************************** - * policy_ops.h - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer <sailer@xxxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * Process policy command requests from guest OS. - * access checked by policy; not restricted to DOM0 - * - */ - -#ifndef __XEN_PUBLIC_POLICY_OPS_H__ -#define __XEN_PUBLIC_POLICY_OPS_H__ - -#include "xen.h" -#include "sched_ctl.h" - -/* - * Make sure you increment the interface version whenever you modify this file! - * This makes sure that old versions of policy tools will stop working in a - * well-defined way (rather than crashing the machine, for instance). - */ -#define POLICY_INTERFACE_VERSION 0xAAAA0003 - -/************************************************************************/ - -#define POLICY_SETPOLICY 4 -typedef struct policy_setpolicy { - /* IN variables. */ - u16 policy_type; - /* OUT variables */ - void *pushcache; - u16 pushcache_size; -} policy_setpolicy_t; - - -#define POLICY_GETPOLICY 5 -typedef struct policy_getpolicy { - /* IN variables. */ - u16 policy_type; - /* OUT variables */ - void *pullcache; - u16 pullcache_size; -} policy_getpolicy_t; - -#define POLICY_DUMPSTATS 6 -typedef struct policy_dumpstats { - void *pullcache; - u16 pullcache_size; -} policy_dumpstats_t; - - -typedef struct policy_op { - u32 cmd; - u32 interface_version; /* POLICY_INTERFACE_VERSION */ - union { - policy_setpolicy_t setpolicy; - policy_getpolicy_t getpolicy; - policy_dumpstats_t dumpstats; - } u; -} policy_op_t; - -#endif /* __XEN_PUBLIC_POLICY_OPS_H__ */ _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.