Xen project Mailing List

[Xen-changelog] merge?

From: Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Fri, 02 Sep 2005 14:18:11 +0000

Delivery-date: Fri, 02 Sep 2005 14:16:40 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User cl349@xxxxxxxxxxxxxxxxxxxx # Node ID 291e816acbf46071a69b5d1b12ac3b5c46eaa49b # Parent edd1616cf8cb6f0d7ab32600a27d3a98ac8414b2 # Parent fc12b08bf4fe858b29317427cc0db82d29764c5f merge? diff -r edd1616cf8cb -r 291e816acbf4 extras/mini-os/README --- a/extras/mini-os/README Fri Sep 2 14:15:49 2005 +++ b/extras/mini-os/README Fri Sep 2 14:17:08 2005 @@ -23,13 +23,8 @@ - to build it just type make. -- copy image.final somewhere where dom0 can access it +- to start it do the following in domain0 (assuming xend is running) + # xm create domain_config -- in dom0 - # xi_create 16000 test - <domid> - # xi_build <domid> image.final 0 - # xi_start <domid> - -this prints out a bunch of stuff and then every 1000 timer interrupts the -system time. +this starts the kernel and prints out a bunch of stuff and then every +1000 timer interrupts the system time. diff -r edd1616cf8cb -r 291e816acbf4 extras/mini-os/include/hypervisor.h --- a/extras/mini-os/include/hypervisor.h Fri Sep 2 14:15:49 2005 +++ b/extras/mini-os/include/hypervisor.h Fri Sep 2 14:17:08 2005 @@ -329,7 +329,7 @@ int ret; __asm__ __volatile__ ( TRAP_INSTR - : "=a" (ret) : "0" (__HYPERVISOR_dom_mem_op), + : "=a" (ret) : "0" (__HYPERVISOR_memory_op), _a1 (dom_mem_op) : "memory" ); return ret; diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/Kconfig --- a/linux-2.6-xen-sparse/arch/xen/Kconfig Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/Kconfig Fri Sep 2 14:17:08 2005 @@ -109,15 +109,8 @@ dedicated device-driver domain, or your master control domain (domain 0), then you almost certainly want to say Y here. -config XEN_NETDEV_GRANT_TX - bool "Grant table substrate for net drivers tx path (DANGEROUS)" - default n - help - This introduces the use of grant tables as a data exhange mechanism - between the frontend and backend network drivers. - -config XEN_NETDEV_GRANT_RX - bool "Grant table substrate for net drivers rx path (DANGEROUS)" +config XEN_NETDEV_GRANT + bool "Grant table substrate for network drivers (DANGEROUS)" default n help This introduces the use of grant tables as a data exhange mechanism diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_32 Fri Sep 2 14:17:08 2005 @@ -19,8 +19,7 @@ # CONFIG_XEN_TPMDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +CONFIG_XEN_NETDEV_GRANT=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set @@ -1124,7 +1123,7 @@ # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set -# CONFIG_CRAMFS is not set +CONFIG_CRAMFS=y # CONFIG_VXFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen0_defconfig_x86_64 Fri Sep 2 14:17:08 2005 @@ -19,8 +19,7 @@ # CONFIG_XEN_TPMDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +CONFIG_XEN_NETDEV_GRANT=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set @@ -1033,7 +1032,7 @@ # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set -# CONFIG_CRAMFS is not set +CONFIG_CRAMFS=y # CONFIG_VXFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_32 Fri Sep 2 14:17:08 2005 @@ -16,8 +16,7 @@ # CONFIG_XEN_TPMDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +CONFIG_XEN_NETDEV_GRANT=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 --- a/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xenU_defconfig_x86_64 Fri Sep 2 14:17:08 2005 @@ -16,8 +16,7 @@ # CONFIG_XEN_TPMDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +CONFIG_XEN_NETDEV_GRANT=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32 Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32 Fri Sep 2 14:17:08 2005 @@ -19,8 +19,7 @@ # CONFIG_XEN_TPMDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +CONFIG_XEN_NETDEV_GRANT=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64 Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_64 Fri Sep 2 14:17:08 2005 @@ -19,8 +19,7 @@ # CONFIG_XEN_TPMDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y -CONFIG_XEN_NETDEV_GRANT_TX=y -CONFIG_XEN_NETDEV_GRANT_RX=y +CONFIG_XEN_NETDEV_GRANT=y # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set # CONFIG_XEN_BLKDEV_TAP is not set # CONFIG_XEN_SHADOW_MODE is not set diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU --- a/linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/char/tpm/Kconfig.domU Fri Sep 2 14:17:08 2005 @@ -19,7 +19,7 @@ config TCG_XEN tristate "XEN TPM Interface" - depends on TCG_TPM && ARCH_XEN + depends on TCG_TPM && ARCH_XEN && XEN_TPMDEV_FRONTEND ---help--- If you want to make TPM support available to a Xen user domain, say Yes and it will diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c --- a/linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/console/xencons_ring.c Fri Sep 2 14:17:08 2005 @@ -105,7 +105,7 @@ xen_start_info.console_evtchn, handle_input, 0, "xencons", inring()); if (err) { - xprintk(KERN_ERR "XEN console request irq failed %i\n", err); + xprintk("XEN console request irq failed %i\n", err); unbind_evtchn_from_irq(xen_start_info.console_evtchn); return err; } diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/xen/netback/common.h --- a/linux-2.6-xen-sparse/drivers/xen/netback/common.h Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/common.h Fri Sep 2 14:17:08 2005 @@ -20,9 +20,12 @@ #include <asm/io.h> #include <asm/pgalloc.h> -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX) +#ifdef CONFIG_XEN_NETDEV_GRANT #include <asm-xen/xen-public/grant_table.h> #include <asm-xen/gnttab.h> + +#define GRANT_INVALID_REF (0xFFFF) + #endif @@ -37,6 +40,11 @@ #define ASSERT(_p) ((void)0) #define DPRINTK(_f, _a...) ((void)0) #endif +#define IPRINTK(fmt, args...) \ + printk(KERN_INFO "xen_net: " fmt, ##args) +#define WPRINTK(fmt, args...) \ + printk(KERN_WARNING "xen_net: " fmt, ##args) + typedef struct netif_st { /* Unique identifier for this interface. */ @@ -47,13 +55,13 @@ /* Physical parameters of the comms window. */ unsigned long tx_shmem_frame; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT u16 tx_shmem_handle; unsigned long tx_shmem_vaddr; grant_ref_t tx_shmem_ref; #endif unsigned long rx_shmem_frame; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT u16 rx_shmem_handle; unsigned long rx_shmem_vaddr; grant_ref_t rx_shmem_ref; @@ -68,7 +76,7 @@ /* Private indexes into shared ring. */ NETIF_RING_IDX rx_req_cons; NETIF_RING_IDX rx_resp_prod; /* private version of shared variable */ -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT NETIF_RING_IDX rx_resp_prod_copy; /* private version of shared variable */ #endif NETIF_RING_IDX tx_req_cons; diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/xen/netback/interface.c --- a/linux-2.6-xen-sparse/drivers/xen/netback/interface.c Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/interface.c Fri Sep 2 14:17:08 2005 @@ -111,91 +111,81 @@ return netif; } -static int map_frontend_page(netif_t *netif, unsigned long localaddr, - unsigned long tx_ring_ref, unsigned long rx_ring_ref) -{ -#if !defined(CONFIG_XEN_NETDEV_GRANT_TX)||!defined(CONFIG_XEN_NETDEV_GRANT_RX) +static int map_frontend_pages(netif_t *netif, unsigned long localaddr, + unsigned long tx_ring_ref, + unsigned long rx_ring_ref) +{ +#ifdef CONFIG_XEN_NETDEV_GRANT + struct gnttab_map_grant_ref op; + + /* Map: Use the Grant table reference */ + op.host_addr = localaddr; + op.flags = GNTMAP_host_map; + op.ref = tx_ring_ref; + op.dom = netif->domid; + + BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) ); + if (op.handle < 0) { + DPRINTK(" Grant table operation failure mapping tx_ring_ref!\n"); + return op.handle; + } + + netif->tx_shmem_ref = tx_ring_ref; + netif->tx_shmem_handle = op.handle; + netif->tx_shmem_vaddr = localaddr; + + /* Map: Use the Grant table reference */ + op.host_addr = localaddr + PAGE_SIZE; + op.flags = GNTMAP_host_map; + op.ref = rx_ring_ref; + op.dom = netif->domid; + + BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) ); + if (op.handle < 0) { + DPRINTK(" Grant table operation failure mapping rx_ring_ref!\n"); + return op.handle; + } + + netif->rx_shmem_ref = rx_ring_ref; + netif->rx_shmem_handle = op.handle; + netif->rx_shmem_vaddr = localaddr + PAGE_SIZE; + +#else pgprot_t prot = __pgprot(_KERNPG_TABLE); int err; -#endif -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) - { - struct gnttab_map_grant_ref op; - - /* Map: Use the Grant table reference */ - op.host_addr = localaddr; - op.flags = GNTMAP_host_map; - op.ref = tx_ring_ref; - op.dom = netif->domid; - - BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) ); - if (op.handle < 0) { - DPRINTK(" Grant table operation failure !\n"); - return op.handle; - } - - netif->tx_shmem_ref = tx_ring_ref; - netif->tx_shmem_handle = op.handle; - netif->tx_shmem_vaddr = localaddr; - } -#else + err = direct_remap_area_pages(&init_mm, localaddr, tx_ring_ref<<PAGE_SHIFT, PAGE_SIZE, prot, netif->domid); + + err |= direct_remap_area_pages(&init_mm, localaddr + PAGE_SIZE, + rx_ring_ref<<PAGE_SHIFT, PAGE_SIZE, + prot, netif->domid); + if (err) return err; #endif -#if defined(CONFIG_XEN_NETDEV_GRANT_RX) - { - struct gnttab_map_grant_ref op; - - /* Map: Use the Grant table reference */ - op.host_addr = localaddr + PAGE_SIZE; - op.flags = GNTMAP_host_map; - op.ref = rx_ring_ref; - op.dom = netif->domid; - - BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) ); - if (op.handle < 0) { - DPRINTK(" Grant table operation failure !\n"); - return op.handle; - } - - netif->rx_shmem_ref = rx_ring_ref; - netif->rx_shmem_handle = op.handle; - netif->rx_shmem_vaddr = localaddr + PAGE_SIZE; - } -#else - err = direct_remap_area_pages(&init_mm, localaddr + PAGE_SIZE, - rx_ring_ref<<PAGE_SHIFT, PAGE_SIZE, - prot, netif->domid); - if (err) - return err; -#endif - return 0; } -static void unmap_frontend_page(netif_t *netif) -{ -#if defined(CONFIG_XEN_NETDEV_GRANT_RX) || defined(CONFIG_XEN_NETDEV_GRANT_TX) +static void unmap_frontend_pages(netif_t *netif) +{ +#ifdef CONFIG_XEN_NETDEV_GRANT struct gnttab_unmap_grant_ref op; -#endif - -#ifdef CONFIG_XEN_NETDEV_GRANT_TX + op.host_addr = netif->tx_shmem_vaddr; op.handle = netif->tx_shmem_handle; op.dev_bus_addr = 0; BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1)); -#endif - -#ifdef CONFIG_XEN_NETDEV_GRANT_RX + op.host_addr = netif->rx_shmem_vaddr; op.handle = netif->rx_shmem_handle; op.dev_bus_addr = 0; BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1)); #endif + + return; } int netif_map(netif_t *netif, unsigned long tx_ring_ref, @@ -209,8 +199,8 @@ if (vma == NULL) return -ENOMEM; - err = map_frontend_page(netif, (unsigned long)vma->addr, tx_ring_ref, - rx_ring_ref); + err = map_frontend_pages(netif, (unsigned long)vma->addr, tx_ring_ref, + rx_ring_ref); if (err) { vfree(vma->addr); return err; @@ -222,7 +212,7 @@ op.u.bind_interdomain.port2 = evtchn; err = HYPERVISOR_event_channel_op(&op); if (err) { - unmap_frontend_page(netif); + unmap_frontend_pages(netif); vfree(vma->addr); return err; } @@ -267,7 +257,7 @@ unregister_netdev(netif->dev); if (netif->tx) { - unmap_frontend_page(netif); + unmap_frontend_pages(netif); vfree(netif->tx); /* Frees netif->rx as well. */ } diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/xen/netback/netback.c --- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c Fri Sep 2 14:17:08 2005 @@ -14,23 +14,6 @@ #include <asm-xen/balloon.h> #include <asm-xen/xen-public/memory.h> -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX) -#include <asm-xen/xen-public/grant_table.h> -#include <asm-xen/gnttab.h> -#ifdef GRANT_DEBUG -static void -dump_packet(int tag, u32 addr, unsigned char *p) -{ - int i; - - printk(KERN_ALERT "#### rx_action %c %08x ", tag & 0xff, addr); - for (i = 0; i < 20; i++) { - printk("%02x", p[i]); - } - printk("\n"); -} -#endif -#endif static void netif_idx_release(u16 pending_idx); static void netif_page_release(struct page *page); @@ -57,7 +40,8 @@ static struct sk_buff_head rx_queue; static multicall_entry_t rx_mcl[NETIF_RX_RING_SIZE*2+1]; static mmu_update_t rx_mmu[NETIF_RX_RING_SIZE]; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX + +#ifdef CONFIG_XEN_NETDEV_GRANT static gnttab_donate_t grant_rx_op[MAX_PENDING_REQS]; #else static struct mmuext_op rx_mmuext[NETIF_RX_RING_SIZE]; @@ -88,16 +72,13 @@ static struct sk_buff_head tx_queue; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT static u16 grant_tx_ref[MAX_PENDING_REQS]; static gnttab_unmap_grant_ref_t tx_unmap_ops[MAX_PENDING_REQS]; static gnttab_map_grant_ref_t tx_map_ops[MAX_PENDING_REQS]; + #else static multicall_entry_t tx_mcl[MAX_PENDING_REQS]; -#endif - -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX) -#define GRANT_INVALID_REF (0xFFFF) #endif static struct list_head net_schedule_list; @@ -127,7 +108,7 @@ return mfn; } -#ifndef CONFIG_XEN_NETDEV_GRANT_RX +#ifndef CONFIG_XEN_NETDEV_GRANT static void free_mfn(unsigned long mfn) { unsigned long flags; @@ -200,7 +181,7 @@ dev_kfree_skb(skb); skb = nskb; } -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT #ifdef DEBUG_GRANT printk(KERN_ALERT "#### be_xmit: req_prod=%d req_cons=%d id=%04x gr=%04x\n", netif->rx->req_prod, @@ -246,12 +227,12 @@ static void net_rx_action(unsigned long unused) { - netif_t *netif; + netif_t *netif = NULL; s8 status; u16 size, id, evtchn; multicall_entry_t *mcl; mmu_update_t *mmu; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT gnttab_donate_t *gop; #else struct mmuext_op *mmuext; @@ -266,7 +247,7 @@ mcl = rx_mcl; mmu = rx_mmu; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT gop = grant_rx_op; #else mmuext = rx_mmuext; @@ -282,7 +263,7 @@ if ( (new_mfn = alloc_mfn()) == 0 ) { if ( net_ratelimit() ) - printk(KERN_WARNING "Memory squeeze in netback driver.\n"); + WPRINTK("Memory squeeze in netback driver.\n"); mod_timer(&net_timer, jiffies + HZ); skb_queue_head(&rx_queue, skb); break; @@ -297,7 +278,7 @@ pfn_pte_ma(new_mfn, PAGE_KERNEL), 0); mcl++; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT gop->mfn = old_mfn; gop->domid = netif->domid; gop->handle = netif->rx->ring[ @@ -340,7 +321,7 @@ mcl->args[3] = DOMID_SELF; mcl++; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT mcl[-2].args[MULTI_UVMFLAGS_INDEX] = UVMF_TLB_FLUSH|UVMF_ALL; #else mcl[-3].args[MULTI_UVMFLAGS_INDEX] = UVMF_TLB_FLUSH|UVMF_ALL; @@ -349,9 +330,17 @@ BUG(); mcl = rx_mcl; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX - BUG_ON(HYPERVISOR_grant_table_op( - GNTTABOP_donate, grant_rx_op, gop - grant_rx_op)); +#ifdef CONFIG_XEN_NETDEV_GRANT + if(HYPERVISOR_grant_table_op(GNTTABOP_donate, grant_rx_op, + gop - grant_rx_op)) { + /* + ** The other side has given us a bad grant ref, or has no headroom, + ** or has gone away. Unfortunately the current grant table code + ** doesn't inform us which is the case, so not much we can do. + */ + DPRINTK("net_rx: donate to DOM%u failed; dropping (up to) %d " + "packets.\n", grant_rx_op[0].domid, gop - grant_rx_op); + } gop = grant_rx_op; #else mmuext = rx_mmuext; @@ -363,7 +352,7 @@ /* Rederive the machine addresses. */ new_mfn = mcl[0].args[1] >> PAGE_SHIFT; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT old_mfn = 0; /* XXX Fix this so we can free_mfn() on error! */ #else old_mfn = mmuext[0].mfn; @@ -380,8 +369,13 @@ /* Check the reassignment error code. */ status = NETIF_RSP_OKAY; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX - BUG_ON(gop->status != 0); /* XXX */ +#ifdef CONFIG_XEN_NETDEV_GRANT + if(gop->status != 0) { + DPRINTK("Bad status %d from grant donate to DOM%u\n", + gop->status, netif->domid); + /* XXX SMH: should free 'old_mfn' here */ + status = NETIF_RSP_ERROR; + } #else if ( unlikely(mcl[1].result != 0) ) { @@ -404,7 +398,7 @@ netif_put(netif); dev_kfree_skb(skb); -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT mcl++; gop++; #else @@ -420,6 +414,7 @@ notify_via_evtchn(evtchn); } + out: /* More work to do? */ if ( !skb_queue_empty(&rx_queue) && !timer_pending(&net_timer) ) tasklet_schedule(&net_rx_tasklet); @@ -496,7 +491,7 @@ inline static void net_tx_action_dealloc(void) { -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT gnttab_unmap_grant_ref_t *gop; #else multicall_entry_t *mcl; @@ -508,7 +503,7 @@ dc = dealloc_cons; dp = dealloc_prod; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT /* * Free up any grants we have finished using */ @@ -542,7 +537,7 @@ #endif while ( dealloc_cons != dp ) { -#ifndef CONFIG_XEN_NETDEV_GRANT_TX +#ifndef CONFIG_XEN_NETDEV_GRANT /* The update_va_mapping() must not fail. */ BUG_ON(mcl[0].result != 0); #endif @@ -569,7 +564,7 @@ netif_put(netif); -#ifndef CONFIG_XEN_NETDEV_GRANT_TX +#ifndef CONFIG_XEN_NETDEV_GRANT mcl++; #endif } @@ -585,7 +580,7 @@ netif_tx_request_t txreq; u16 pending_idx; NETIF_RING_IDX i; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT gnttab_map_grant_ref_t *mop; #else multicall_entry_t *mcl; @@ -595,7 +590,7 @@ if ( dealloc_cons != dealloc_prod ) net_tx_action_dealloc(); -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT mop = tx_map_ops; #else mcl = tx_mcl; @@ -696,7 +691,7 @@ /* Packets passed to netif_rx() must have some headroom. */ skb_reserve(skb, 16); -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT mop->host_addr = MMAP_VADDR(pending_idx); mop->dom = netif->domid; mop->ref = txreq.addr >> PAGE_SHIFT; @@ -719,7 +714,7 @@ pending_cons++; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT if ( (mop - tx_map_ops) >= ARRAY_SIZE(tx_map_ops) ) break; #else @@ -729,7 +724,7 @@ #endif } -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT if ( mop == tx_map_ops ) return; @@ -752,7 +747,7 @@ memcpy(&txreq, &pending_tx_info[pending_idx].req, sizeof(txreq)); /* Check the remap error code. */ -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT /* XXX SMH: error returns from grant operations are pretty poorly specified/thought out, but the below at least conforms with @@ -826,7 +821,7 @@ netif_rx(skb); netif->dev->last_rx = jiffies; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT mop++; #else mcl++; @@ -949,12 +944,9 @@ !(xen_start_info.flags & SIF_INITDOMAIN) ) return 0; - printk("Initialising Xen netif backend\n"); -#ifdef CONFIG_XEN_NETDEV_GRANT_TX - printk("#### netback tx using grant tables\n"); -#endif -#ifdef CONFIG_XEN_NETDEV_GRANT_RX - printk("#### netback rx using grant tables\n"); + IPRINTK("Initialising Xen netif backend.\n"); +#ifdef CONFIG_XEN_NETDEV_GRANT + IPRINTK("Using grant tables.\n"); #endif /* We can increase reservation by this much in net_rx_action(). */ diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c --- a/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c Fri Sep 2 14:17:08 2005 @@ -55,9 +55,18 @@ #include <asm/page.h> #include <asm/uaccess.h> -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX) +#ifdef CONFIG_XEN_NETDEV_GRANT #include <asm-xen/xen-public/grant_table.h> #include <asm-xen/gnttab.h> + +static grant_ref_t gref_tx_head; +static grant_ref_t grant_tx_ref[NETIF_TX_RING_SIZE + 1]; + +static grant_ref_t gref_rx_head; +static grant_ref_t grant_rx_ref[NETIF_RX_RING_SIZE + 1]; + +#define GRANT_INVALID_REF (0xFFFF) + #ifdef GRANT_DEBUG static void dump_packet(int tag, void *addr, u32 ap) @@ -71,8 +80,17 @@ } printk("\n"); } -#endif -#endif + +#define GDPRINTK(_f, _a...) printk(KERN_ALERT "(file=%s, line=%d) " _f, \ + __FILE__ , __LINE__ , ## _a ) +#else +#define dump_packet(x,y,z) ((void)0) +#define GDPRINTK(_f, _a...) ((void)0) +#endif + +#endif + + #ifndef __GFP_NOWARN #define __GFP_NOWARN 0 @@ -102,22 +120,10 @@ #define TX_TEST_IDX req_cons /* conservative: not seen all our requests? */ #endif -#ifdef CONFIG_XEN_NETDEV_GRANT_TX -static grant_ref_t gref_tx_head; -static grant_ref_t grant_tx_ref[NETIF_TX_RING_SIZE + 1]; -#endif - -#ifdef CONFIG_XEN_NETDEV_GRANT_RX -static grant_ref_t gref_rx_head; -static grant_ref_t grant_rx_ref[NETIF_RX_RING_SIZE + 1]; -#endif - -#if defined(CONFIG_XEN_NETDEV_GRANT_TX) || defined(CONFIG_XEN_NETDEV_GRANT_RX) -#define GRANT_INVALID_REF (0xFFFF) -#endif #define NETIF_STATE_DISCONNECTED 0 #define NETIF_STATE_CONNECTED 1 + static unsigned int netif_state = NETIF_STATE_DISCONNECTED; @@ -279,7 +285,7 @@ for (i = np->tx_resp_cons; i != prod; i++) { id = np->tx->ring[MASK_NETIF_TX_IDX(i)].resp.id; skb = np->tx_skbs[id]; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT if (unlikely(gnttab_query_foreign_access(grant_tx_ref[id]) != 0)) { /* other domain is still using this grant - shouldn't happen but if it does, we'll try to reclaim the grant later */ @@ -310,7 +316,7 @@ mb(); } while (prod != np->tx->resp_prod); -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT out: #endif @@ -330,8 +336,8 @@ int i, batch_target; NETIF_RING_IDX req_prod = np->rx->req_prod; struct xen_memory_reservation reservation; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX - int ref; +#ifdef CONFIG_XEN_NETDEV_GRANT + grant_ref_t ref; #endif if (unlikely(np->backend_state != BEST_CONNECTED)) @@ -365,9 +371,9 @@ np->rx_skbs[id] = skb; np->rx->ring[MASK_NETIF_RX_IDX(req_prod + i)].req.id = id; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT ref = gnttab_claim_grant_reference(&gref_rx_head); - if (unlikely(ref < 0)) { + if (unlikely((signed short)ref < 0)) { printk(KERN_ALERT "#### netfront can't claim rx reference\n"); BUG(); } @@ -426,8 +432,8 @@ struct net_private *np = netdev_priv(dev); netif_tx_request_t *tx; NETIF_RING_IDX i; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX - unsigned int ref; +#ifdef CONFIG_XEN_NETDEV_GRANT + grant_ref_t ref; unsigned long mfn; #endif @@ -464,9 +470,9 @@ tx = &np->tx->ring[MASK_NETIF_TX_IDX(i)].req; tx->id = id; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT ref = gnttab_claim_grant_reference(&gref_tx_head); - if (unlikely(ref < 0)) { + if (unlikely((signed short)ref < 0)) { printk(KERN_ALERT "#### netfront can't claim tx grant reference\n"); BUG(); } @@ -519,7 +525,7 @@ network_tx_buf_gc(dev); spin_unlock_irqrestore(&np->tx_lock, flags); - if ((np->rx_resp_cons != np->rx->resp_prod) && (np->user_state == UST_OPEN)) + if((np->rx_resp_cons != np->rx->resp_prod) && (np->user_state == UST_OPEN)) netif_rx_schedule(dev); return IRQ_HANDLED; @@ -537,7 +543,7 @@ int work_done, budget, more_to_do = 1; struct sk_buff_head rxq; unsigned long flags; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT unsigned long mfn; grant_ref_t ref; #endif @@ -574,8 +580,19 @@ continue; } -#ifdef CONFIG_XEN_NETDEV_GRANT_RX - ref = grant_rx_ref[rx->id]; +#ifdef CONFIG_XEN_NETDEV_GRANT + ref = grant_rx_ref[rx->id]; + + if(ref == GRANT_INVALID_REF) { + printk(KERN_WARNING "Bad rx grant reference %d from dom %d.\n", + ref, np->backend_id); + np->rx->ring[MASK_NETIF_RX_IDX(np->rx->req_prod)].req.id = rx->id; + wmb(); + np->rx->req_prod++; + work_done--; + continue; + } + grant_rx_ref[rx->id] = GRANT_INVALID_REF; mfn = gnttab_end_foreign_transfer_ref(ref); gnttab_release_grant_reference(&gref_rx_head, ref); @@ -585,7 +602,7 @@ ADD_ID_TO_FREELIST(np->rx_skbs, rx->id); /* NB. We handle skb overflow later. */ -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT skb->data = skb->head + rx->addr; #else skb->data = skb->head + (rx->addr & ~PAGE_MASK); @@ -600,14 +617,14 @@ np->stats.rx_bytes += rx->status; /* Remap the page. */ -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT mmu->ptr = mfn << PAGE_SHIFT | MMU_MACHPHYS_UPDATE; #else mmu->ptr = (rx->addr & PAGE_MASK) | MMU_MACHPHYS_UPDATE; #endif mmu->val = __pa(skb->head) >> PAGE_SHIFT; mmu++; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT MULTI_update_va_mapping(mcl, (unsigned long)skb->head, pfn_pte_ma(mfn, PAGE_KERNEL), 0); #else @@ -617,19 +634,19 @@ #endif mcl++; -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] = mfn; + GDPRINTK("#### rx_poll enqueue vdata=%p mfn=%lu ref=%x\n", + skb->data, mfn, ref); #else phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT] = rx->addr >> PAGE_SHIFT; -#endif - -#ifdef GRANT_DEBUG - printk(KERN_ALERT "#### rx_poll enqueue vdata=%p mfn=%lu ref=%x\n", - skb->data, mfn, ref); -#endif +#endif + + __skb_queue_tail(&rxq, skb); } + /* Some pages are no longer absent... */ balloon_update_driver_allowance(-work_done); @@ -646,9 +663,9 @@ } while ((skb = __skb_dequeue(&rxq)) != NULL) { -#ifdef GRANT_DEBUG - printk(KERN_ALERT "#### rx_poll dequeue vdata=%p mfn=%lu\n", - skb->data, virt_to_mfn(skb->data)); +#ifdef CONFIG_XEN_NETDEV_GRANT + GDPRINTK("#### rx_poll dequeue vdata=%p mfn=%lu\n", + skb->data, virt_to_mfn(skb->data)); dump_packet('d', skb->data, (unsigned long)skb->data); #endif /* @@ -747,7 +764,6 @@ return &np->stats; } - static void network_connect(struct net_device *dev) { struct net_private *np; @@ -787,8 +803,11 @@ tx = &np->tx->ring[requeue_idx++].req; tx->id = i; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX - tx->addr = 0; /*(ref << PAGE_SHIFT) |*/ +#ifdef CONFIG_XEN_NETDEV_GRANT + gnttab_grant_foreign_access_ref(grant_tx_ref[i], np->backend_id, + virt_to_mfn(np->tx_skbs[i]->data), + GNTMAP_readonly); + tx->addr = grant_tx_ref[i] << PAGE_SHIFT; #else tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT; #endif @@ -803,9 +822,20 @@ np->tx->req_prod = requeue_idx; /* Rebuild the RX buffer freelist and the RX ring itself. */ - for (requeue_idx = 0, i = 1; i <= NETIF_RX_RING_SIZE; i++) - if ((unsigned long)np->rx_skbs[i] >= __PAGE_OFFSET) - np->rx->ring[requeue_idx++].req.id = i; + for (requeue_idx = 0, i = 1; i <= NETIF_RX_RING_SIZE; i++) { + if ((unsigned long)np->rx_skbs[i] >= __PAGE_OFFSET) { +#ifdef CONFIG_XEN_NETDEV_GRANT + /* Reinstate the grant ref so backend can 'donate' mfn to us. */ + gnttab_grant_foreign_transfer_ref(grant_rx_ref[i], np->backend_id, + virt_to_mfn(np->rx_skbs[i]->head) + ); + np->rx->ring[requeue_idx].req.gref = grant_rx_ref[i]; +#endif + np->rx->ring[requeue_idx].req.id = i; + requeue_idx++; + } + } + wmb(); np->rx->req_prod = requeue_idx; @@ -901,13 +931,14 @@ /* Initialise {tx,rx}_skbs to be a free chain containing every entry. */ for (i = 0; i <= NETIF_TX_RING_SIZE; i++) { np->tx_skbs[i] = (void *)((unsigned long) i+1); -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT grant_tx_ref[i] = GRANT_INVALID_REF; #endif } + for (i = 0; i <= NETIF_RX_RING_SIZE; i++) { np->rx_skbs[i] = (void *)((unsigned long) i+1); -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT grant_rx_ref[i] = GRANT_INVALID_REF; #endif } @@ -991,10 +1022,8 @@ evtchn_op_t op = { .cmd = EVTCHNOP_alloc_unbound }; int err; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT info->tx_ring_ref = GRANT_INVALID_REF; -#endif -#ifdef CONFIG_XEN_NETDEV_GRANT_RX info->rx_ring_ref = GRANT_INVALID_REF; #endif @@ -1014,7 +1043,7 @@ memset(info->rx, 0, PAGE_SIZE); info->backend_state = BEST_DISCONNECTED; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT err = gnttab_grant_foreign_access(info->backend_id, virt_to_mfn(info->tx), 0); if (err < 0) { @@ -1022,11 +1051,7 @@ goto out; } info->tx_ring_ref = err; -#else - info->tx_ring_ref = virt_to_mfn(info->tx); -#endif - -#ifdef CONFIG_XEN_NETDEV_GRANT_RX + err = gnttab_grant_foreign_access(info->backend_id, virt_to_mfn(info->rx), 0); if (err < 0) { @@ -1034,7 +1059,9 @@ goto out; } info->rx_ring_ref = err; + #else + info->tx_ring_ref = virt_to_mfn(info->tx); info->rx_ring_ref = virt_to_mfn(info->rx); #endif @@ -1054,16 +1081,17 @@ if (info->rx) free_page((unsigned long)info->rx); info->rx = 0; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX + +#ifdef CONFIG_XEN_NETDEV_GRANT if (info->tx_ring_ref != GRANT_INVALID_REF) gnttab_end_foreign_access(info->tx_ring_ref, 0); info->tx_ring_ref = GRANT_INVALID_REF; -#endif -#ifdef CONFIG_XEN_NETDEV_GRANT_RX + if (info->rx_ring_ref != GRANT_INVALID_REF) gnttab_end_foreign_access(info->rx_ring_ref, 0); info->rx_ring_ref = GRANT_INVALID_REF; #endif + return err; } @@ -1075,16 +1103,17 @@ if (info->rx) free_page((unsigned long)info->rx); info->rx = 0; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX + +#ifdef CONFIG_XEN_NETDEV_GRANT if (info->tx_ring_ref != GRANT_INVALID_REF) gnttab_end_foreign_access(info->tx_ring_ref, 0); info->tx_ring_ref = GRANT_INVALID_REF; -#endif -#ifdef CONFIG_XEN_NETDEV_GRANT_RX + if (info->rx_ring_ref != GRANT_INVALID_REF) gnttab_end_foreign_access(info->rx_ring_ref, 0); info->rx_ring_ref = GRANT_INVALID_REF; #endif + unbind_evtchn_from_irqhandler(info->evtchn, info->netdev); info->evtchn = 0; } @@ -1294,6 +1323,7 @@ int err; err = talk_to_backend(dev, np); + return err; } @@ -1342,29 +1372,28 @@ if (xen_start_info.flags & SIF_INITDOMAIN) return 0; -#ifdef CONFIG_XEN_NETDEV_GRANT_TX - /* A grant for every ring slot */ + if ((err = xennet_proc_init()) != 0) + return err; + + IPRINTK("Initialising virtual ethernet driver.\n"); + +#ifdef CONFIG_XEN_NETDEV_GRANT + IPRINTK("Using grant tables.\n"); + + /* A grant for every tx ring slot */ if (gnttab_alloc_grant_references(NETIF_TX_RING_SIZE, &gref_tx_head) < 0) { printk(KERN_ALERT "#### netfront can't alloc tx grant refs\n"); return 1; } - printk(KERN_ALERT "Netdev frontend (TX) is using grant tables.\n"); -#endif -#ifdef CONFIG_XEN_NETDEV_GRANT_RX - /* A grant for every ring slot */ + /* A grant for every rx ring slot */ if (gnttab_alloc_grant_references(NETIF_RX_RING_SIZE, &gref_rx_head) < 0) { printk(KERN_ALERT "#### netfront can't alloc rx grant refs\n"); return 1; } - printk(KERN_ALERT "Netdev frontend (RX) is using grant tables.\n"); -#endif - - if ((err = xennet_proc_init()) != 0) - return err; - - IPRINTK("Initialising virtual ethernet driver.\n"); +#endif + (void)register_inetaddr_notifier(&notifier_inetdev); @@ -1377,10 +1406,8 @@ static void netif_exit(void) { -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT gnttab_free_grant_references(gref_tx_head); -#endif -#ifdef CONFIG_XEN_NETDEV_GRANT_RX gnttab_free_grant_references(gref_rx_head); #endif } diff -r edd1616cf8cb -r 291e816acbf4 linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c Fri Sep 2 14:15:49 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c Fri Sep 2 14:17:08 2005 @@ -212,7 +212,7 @@ xen_start_info.store_evtchn, wake_waiting, 0, "xenbus", &xb_waitq); if (err) { - printk(KERN_ERR "XENBUS request irq failed %i\n", err); + xprintk("XENBUS request irq failed %i\n", err); unbind_evtchn_from_irq(xen_start_info.store_evtchn); return err; } diff -r edd1616cf8cb -r 291e816acbf4 tools/check/check_brctl --- a/tools/check/check_brctl Fri Sep 2 14:15:49 2005 +++ b/tools/check/check_brctl Fri Sep 2 14:17:08 2005 @@ -2,8 +2,9 @@ # CHECK-INSTALL function error { - echo 'Check for the bridge control utils (brctl) failed.' + echo + echo ' *** Check for the bridge control utils (brctl) FAILED' exit 1 } -brctl show || error \ No newline at end of file +which brctl 1>/dev/null 2>&1 || error diff -r edd1616cf8cb -r 291e816acbf4 tools/check/check_iproute --- a/tools/check/check_iproute Fri Sep 2 14:15:49 2005 +++ b/tools/check/check_iproute Fri Sep 2 14:17:08 2005 @@ -2,9 +2,10 @@ # CHECK-INSTALL function error { - echo 'Check for iproute (ip addr) failed.' + echo + echo ' *** Check for iproute (ip addr) FAILED' exit 1 } -ip addr list || error +ip addr list 1>/dev/null 2>&1 || error diff -r edd1616cf8cb -r 291e816acbf4 tools/check/check_logging --- a/tools/check/check_logging Fri Sep 2 14:15:49 2005 +++ b/tools/check/check_logging Fri Sep 2 14:17:08 2005 @@ -18,11 +18,12 @@ import logging except ImportError: hline() - msg("Python logging is not installed.") - msg("Use 'make install-logging' at the xen root to install.") msg("") - msg("Alternatively download and install from") - msg("http://www.red-dove.com/python_logging.html";) + msg(" *** Python logging is not installed.") + msg(" *** Use 'make install-logging' at the xen root to install.") + msg(" *** ") + msg(" *** Alternatively download and install from") + msg(" *** http://www.red-dove.com/python_logging.html";) hline() sys.exit(1) diff -r edd1616cf8cb -r 291e816acbf4 tools/check/check_python --- a/tools/check/check_python Fri Sep 2 14:15:49 2005 +++ b/tools/check/check_python Fri Sep 2 14:17:08 2005 @@ -2,9 +2,9 @@ # CHECK-BUILD CHECK-INSTALL function error { - echo "Check for Python version 2.2 or higher failed." + echo + echo " *** Check for Python version >= 2.2 FAILED" exit 1 } -python -V python -V 2>&1 | cut -d ' ' -f 2 | grep -q -E '^2.2|^2.3|^2.4' || error diff -r edd1616cf8cb -r 291e816acbf4 tools/check/check_zlib_devel --- a/tools/check/check_zlib_devel Fri Sep 2 14:15:49 2005 +++ b/tools/check/check_zlib_devel Fri Sep 2 14:17:08 2005 @@ -2,9 +2,10 @@ # CHECK-BUILD function error { - echo 'Check for zlib includes failed.' + echo + echo " *** Check for zlib headers FAILED" exit 1 } set -e -[ -e /usr/include/zlib.h ] || error \ No newline at end of file +[ -e /usr/include/zlib.h ] || error diff -r edd1616cf8cb -r 291e816acbf4 tools/check/check_zlib_lib --- a/tools/check/check_zlib_lib Fri Sep 2 14:15:49 2005 +++ b/tools/check/check_zlib_lib Fri Sep 2 14:17:08 2005 @@ -2,9 +2,10 @@ # CHECK-BUILD CHECK-INSTALL function error { - echo 'Check for zlib library failed.' + echo + echo " *** Check for zlib library FAILED" exit 1 } set -e -ldconfig -p | grep libz.so || error \ No newline at end of file +ldconfig -p | grep -q libz.so || error diff -r edd1616cf8cb -r 291e816acbf4 tools/check/chk --- a/tools/check/chk Fri Sep 2 14:15:49 2005 +++ b/tools/check/chk Fri Sep 2 14:17:08 2005 @@ -17,14 +17,11 @@ case $1 in build) check="CHECK-BUILD" - info=".chkbuild" ;; install) check="CHECK-INSTALL" - info=".chkinstall" ;; clean) - rm -f .chkbuild .chkinstall exit 0 ;; *) @@ -34,7 +31,7 @@ failed=0 -echo "Xen ${check} " $(date) > ${info} +echo "Xen ${check} " $(date) for f in check_* ; do case $f in *~) @@ -49,24 +46,12 @@ if ! grep -q ${check} $f ; then continue fi - echo ' ' >> ${info} - echo "Checking $f" >> ${info} - if ./$f 1>>${info} 2>&1 ; then - echo OK >> ${info} + echo -n "Checking $f: " + if ./$f 2>&1 ; then + echo OK else failed=1 - echo "FAILED $f" - echo FAILED >> ${info} fi done -echo >> ${info} - -if [ "$failed" == "1" ] ; then - echo "Checks failed. See `pwd`/${info} for details." - echo "FAILED" >> ${info} - exit 1 -else - echo "OK" >> ${info} - exit 0 -fi +exit $failed diff -r edd1616cf8cb -r 291e816acbf4 tools/console/daemon/utils.c --- a/tools/console/daemon/utils.c Fri Sep 2 14:15:49 2005 +++ b/tools/console/daemon/utils.c Fri Sep 2 14:17:08 2005 @@ -234,7 +234,7 @@ } if (!xs_watch(xs, "/console", "console")) { - dolog(LOG_ERR, "xenstore watch on /console failes."); + dolog(LOG_ERR, "xenstore watch on /console fails."); goto out_close_data; } diff -r edd1616cf8cb -r 291e816acbf4 tools/python/xen/xend/XendDomainInfo.py --- a/tools/python/xen/xend/XendDomainInfo.py Fri Sep 2 14:15:49 2005 +++ b/tools/python/xen/xend/XendDomainInfo.py Fri Sep 2 14:17:08 2005 @@ -1028,6 +1028,7 @@ """ try: + self.clear_shutdown() self.state = STATE_VM_OK self.shutdown_pending = None self.restart_check() diff -r edd1616cf8cb -r 291e816acbf4 tools/security/Makefile --- a/tools/security/Makefile Fri Sep 2 14:15:49 2005 +++ b/tools/security/Makefile Fri Sep 2 14:17:08 2005 @@ -45,6 +45,7 @@ $(MAKE) secpol_xml2bin chmod 700 ./setlabel.sh chmod 700 ./updategrub.sh + chmod 700 ./getlabel.sh secpol_tool : secpol_tool.c secpol_compat.h $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< diff -r edd1616cf8cb -r 291e816acbf4 tools/security/secpol_tool.c --- a/tools/security/secpol_tool.c Fri Sep 2 14:15:49 2005 +++ b/tools/security/secpol_tool.c Fri Sep 2 14:17:08 2005 @@ -25,6 +25,7 @@ #include <stdio.h> #include <errno.h> #include <fcntl.h> +#include <getopt.h> #include <sys/mman.h> #include <sys/types.h> #include <sys/stat.h> @@ -40,6 +41,17 @@ #define PERROR(_m, _a...) \ fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ errno, strerror(errno)) + +void usage(char *progname) +{ + printf("Use: %s \n" + "\t getpolicy\n" + "\t dumpstats\n" + "\t loadpolicy <binary policy file>\n" + "\t getssid -d <domainid> [-f]\n" + "\t getssid -s <ssidref> [-f]\n", progname); + exit(-1); +} static inline int do_policycmd(int xc_handle, unsigned int cmd, unsigned long data) @@ -320,7 +332,7 @@ if (ret) printf - ("ERROR setting policy. Use 'xm dmesg' to see details.\n"); + ("ERROR setting policy. Try 'xm dmesg' to see details.\n"); else printf("Successfully changed policy.\n"); @@ -370,7 +382,7 @@ if (ret < 0) { - printf("ERROR dumping policy stats. Use 'xm dmesg' to see details.\n"); + printf("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n"); return ret; } stats = (struct acm_stats_buffer *) stats_buffer; @@ -421,17 +433,121 @@ } return ret; } +/************************ get ssidref & types ******************************/ +/* + * the ssid (types) can be looked up either by domain id or by ssidref + */ +int acm_domain_getssid(int xc_handle, int argc, char * const argv[]) +{ + /* this includes header and a set of types */ + #define MAX_SSIDBUFFER 2000 + int ret, i; + acm_op_t op; + struct acm_ssid_buffer *hdr; + unsigned char *buf; + int nice_print = 1; + + op.cmd = ACM_GETSSID; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.getssid.get_ssid_by = UNSET; + /* arguments + -d ... domain id to look up + -s ... ssidref number to look up + -f ... formatted print (scripts depend on this format) + */ + while (1) + { + int c = getopt(argc, argv, "d:s:f"); + if (c == -1) + break; + if (c == 'd') + { + if (op.u.getssid.get_ssid_by != UNSET) + usage(argv[0]); + op.u.getssid.get_ssid_by = DOMAINID; + op.u.getssid.id.domainid = strtoul(optarg, NULL, 0); + } + else if (c== 's') + { + if (op.u.getssid.get_ssid_by != UNSET) + usage(argv[0]); + op.u.getssid.get_ssid_by = SSIDREF; + op.u.getssid.id.ssidref = strtoul(optarg, NULL, 0); + } + else if (c== 'f') + { + nice_print = 0; + } + else + usage(argv[0]); + } + if (op.u.getssid.get_ssid_by == UNSET) + usage(argv[0]); + + buf = malloc(MAX_SSIDBUFFER); + if (!buf) + return -ENOMEM; + + /* dump it and then push it down into xen/acm */ + op.u.getssid.ssidbuf = buf; /* out */ + op.u.getssid.ssidbuf_size = MAX_SSIDBUFFER; + ret = do_acm_op(xc_handle, &op); + + if (ret) + { + printf("ERROR getting ssidref. Try 'xm dmesg' to see details.\n"); + goto out; + } + hdr = (struct acm_ssid_buffer *)buf; + if (hdr->len > MAX_SSIDBUFFER) + { + printf("ERROR: Buffer length inconsistent (ret=%d, hdr->len=%d)!\n", + ret, hdr->len); + return -EIO; + } + if (nice_print) + { + printf("SSID: ssidref = 0x%08x \n", hdr->ssidref); + printf(" P: %s, max_types = %d\n", + ACM_POLICY_NAME(hdr->primary_policy_code), hdr->primary_max_types); + printf(" Types: "); + for (i=0; i< hdr->primary_max_types; i++) + if (buf[hdr->primary_types_offset + i]) + printf("%02x ", i); + else + printf("-- "); + printf("\n"); + + printf(" S: %s, max_types = %d\n", + ACM_POLICY_NAME(hdr->secondary_policy_code), hdr->secondary_max_types); + printf(" Types: "); + for (i=0; i< hdr->secondary_max_types; i++) + if (buf[hdr->secondary_types_offset + i]) + printf("%02x ", i); + else + printf("-- "); + printf("\n"); + } + else + { + /* formatted print for use with scripts (.sh) + * update scripts when updating here (usually + * used in combination with -d to determine a + * running domain's label + */ + printf("SSID: ssidref = 0x%08x \n", hdr->ssidref); + } + + /* return ste ssidref */ + if (hdr->primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) + ret = (hdr->ssidref) & 0xffff; + else if (hdr->secondary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) + ret = (hdr->ssidref) >> 16; + out: + return ret; +} /***************************** main **************************************/ - -void usage(char *progname) -{ - printf("Use: %s \n" - "\t getpolicy\n" - "\t dumpstats\n" - "\t loadpolicy <binary policy file>\n", progname); - exit(-1); -} int main(int argc, char **argv) { @@ -459,6 +575,8 @@ if (argc != 2) usage(argv[0]); ret = acm_domain_dumpstats(acm_cmd_fd); + } else if (!strcmp(argv[1], "getssid")) { + ret = acm_domain_getssid(acm_cmd_fd, argc, argv); } else usage(argv[0]); diff -r edd1616cf8cb -r 291e816acbf4 tools/security/setlabel.sh --- a/tools/security/setlabel.sh Fri Sep 2 14:15:49 2005 +++ b/tools/security/setlabel.sh Fri Sep 2 14:17:08 2005 @@ -34,275 +34,27 @@ exec sh -c "bash $0 $*" fi +export PATH=$PATH:. +source labelfuncs.sh usage () { - echo "Usage: $0 [Option] <vmfile> <label> <policy name> " - echo " or $0 -l <policy name>" + echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]" + echo " or $0 -l [<policy name>]" echo "" - echo "Valid Options are:" + echo "Valid options are:" echo "-r : to relabel a file without being prompted" echo "" echo "vmfile : XEN vm configuration file" - echo "label : the label to map" + echo "label : the label to map to an ssidref" echo "policy name : the name of the policy, i.e. 'chwall'" + echo " If the policy name is omitted, it is attempted" + echo " to find the current policy's name in grub.conf." echo "" - echo "-l <policy name> is used to show valid labels in the map file" + echo "-l [<policy name>] is used to show valid labels in the map file of" + echo " the given or current policy." echo "" } - - -findMapFile () -{ - mapfile="./$1.map" - if [ -r "$mapfile" ]; then - return 1 - fi - - mapfile="./policies/$1/$1.map" - if [ -r "$mapfile" ]; then - return 1 - fi - - return 0 -} - -showLabels () -{ - mapfile=$1 - if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then - echo "Cannot read from vm configuration file $vmfile." - return -1 - fi - - getPrimaryPolicy $mapfile - getSecondaryPolicy $mapfile - - echo "The following labels are available:" - let line=1 - while [ 1 ]; do - ITEM=`cat $mapfile | \ - awk -vline=$line \ - -vprimary=$primary \ - '{ \ - if ($1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == primary ) { \ - ctr++; \ - if (ctr == line) { \ - print $4; \ - } \ - } \ - } END { \ - }'` - - if [ "$ITEM" == "" ]; then - break - fi - if [ "$secondary" != "NULL" ]; then - LABEL=`cat $mapfile | \ - awk -vitem=$ITEM \ - '{ - if ($1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == "CHWALL" && \ - $4 == item ) { \ - result = item; \ - } \ - } END { \ - print result \ - }'` - else - LABEL=$ITEM - fi - - if [ "$LABEL" != "" ]; then - echo "$LABEL" - found=1 - fi - let line=line+1 - done - if [ "$found" != "1" ]; then - echo "No labels found." - fi -} - -getPrimaryPolicy () -{ - mapfile=$1 - primary=`cat $mapfile | \ - awk ' \ - { \ - if ( $1 == "PRIMARY" ) { \ - res=$2; \ - } \ - } END { \ - print res; \ - } '` -} - -getSecondaryPolicy () -{ - mapfile=$1 - secondary=`cat $mapfile | \ - awk ' \ - { \ - if ( $1 == "SECONDARY" ) { \ - res=$2; \ - } \ - } END { \ - print res; \ - } '` -} - - -getDefaultSsid () -{ - mapfile=$1 - pol=$2 - RES=`cat $mapfile \ - awk -vpol=$pol \ - { \ - if ($1 == "LABEL->SSID" && \ - $2 == "ANY" && \ - $3 == pol && \ - $4 == "DEFAULT" ) {\ - res=$5; \ - } \ - } END { \ - printf "%04x", strtonum(res) \ - }'` - echo "default NULL mapping is $RES" - defaultssid=$RES -} - -relabel () -{ - vmfile=$1 - label=$2 - mapfile=$3 - mode=$4 - - if [ ! -r "$vmfile" ]; then - echo "Cannot read from vm configuration file $vmfile." - return -1 - fi - - if [ ! -w "$vmfile" ]; then - echo "Cannot write to vm configuration file $vmfile." - return -1 - fi - - if [ ! -r "$mapfile" ] ; then - echo "Cannot read mapping file $mapfile." - return -1 - fi - - # Determine which policy is primary, which sec. - getPrimaryPolicy $mapfile - getSecondaryPolicy $mapfile - - # Calculate the primary policy's SSIDREF - if [ "$primary" == "NULL" ]; then - SSIDLO="0000" - else - SSIDLO=`cat $mapfile | \ - awk -vlabel=$label \ - -vprimary=$primary \ - '{ \ - if ( $1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == primary && \ - $4 == label ) { \ - result=$5 \ - } \ - } END { \ - if (result != "" ) \ - {printf "%04x", strtonum(result)}\ - }'` - fi - - # Calculate the secondary policy's SSIDREF - if [ "$secondary" == "NULL" ]; then - SSIDHI="0000" - else - SSIDHI=`cat $mapfile | \ - awk -vlabel=$label \ - -vsecondary=$secondary \ - '{ \ - if ( $1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == secondary && \ - $4 == label ) { \ - result=$5 \ - } \ - } END { \ - if (result != "" ) \ - {printf "%04x", strtonum(result)}\ - }'` - fi - - if [ "$SSIDLO" == "" -o \ - "$SSIDHI" == "" ]; then - echo "Could not map the given label '$label'." - return -1 - fi - - ACM_POLICY=`cat $mapfile | \ - awk ' { if ( $1 == "POLICY" ) { \ - result=$2 \ - } \ - } \ - END { \ - if (result != "") { \ - printf result \ - } \ - }'` - - if [ "$ACM_POLICY" == "" ]; then - echo "Could not find 'POLICY' entry in map file." - return -1 - fi - - SSIDREF="0x$SSIDHI$SSIDLO" - - if [ "$mode" != "relabel" ]; then - RES=`cat $vmfile | \ - awk '{ \ - if ( substr($1,0,7) == "ssidref" ) {\ - print $0; \ - } \ - }'` - if [ "$RES" != "" ]; then - echo "Do you want to overwrite the existing mapping ($RES)? (y/N)" - read user - if [ "$user" != "y" -a "$user" != "Y" ]; then - echo "Aborted." - return 0 - fi - fi - fi - - #Write the output - vmtmp1="/tmp/__setlabel.tmp1" - vmtmp2="/tmp/__setlabel.tmp2" - touch $vmtmp1 - touch $vmtmp2 - if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then - echo "Cannot create temporary files. Aborting." - return -1 - fi - RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1` - RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2` - RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1` - echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1 - echo "#ACM_LABEL=$label" >> $vmtmp1 - echo "ssidref = $SSIDREF" >> $vmtmp1 - mv -f $vmtmp1 $vmfile - rm -rf $vmtmp1 $vmtmp2 - echo "Mapped label '$label' to ssidref '$SSIDREF'." -} - if [ "$1" == "-r" ]; then @@ -317,10 +69,25 @@ if [ "$mode" == "show" ]; then if [ "$1" == "" ]; then - usage - exit -1; + findGrubConf + ret=$? + if [ $ret -eq 0 ]; then + echo "Could not find grub.conf" + exit -1; + fi + findPolicyInGrub $grubconf + if [ "$policy" != "" ]; then + echo "Assuming policy to be '$policy'."; + else + echo "Could not find policy." + exit -1; + fi + else + policy=$3; fi - findMapFile $1 + + + findMapFile $policy res=$? if [ "$res" != "0" ]; then showLabels $mapfile @@ -330,11 +97,29 @@ elif [ "$mode" == "usage" ]; then usage else + if [ "$2" == "" ]; then + usage + exit -1 + fi if [ "$3" == "" ]; then - usage - exit -1; + findGrubConf + ret=$? + if [ $ret -eq 0 ]; then + echo "Could not find grub.conf" + exit -1; + fi + findPolicyInGrub $grubconf + if [ "$policy" != "" ]; then + echo "Assuming policy to be '$policy'."; + else + echo "Could not find policy." + exit -1; + fi + + else + policy=$3; fi - findMapFile $3 + findMapFile $policy res=$? if [ "$res" != "0" ]; then relabel $1 $2 $mapfile $mode diff -r edd1616cf8cb -r 291e816acbf4 xen/Rules.mk --- a/xen/Rules.mk Fri Sep 2 14:15:49 2005 +++ b/xen/Rules.mk Fri Sep 2 14:17:08 2005 @@ -7,7 +7,6 @@ perfc ?= n perfc_arrays?= n trace ?= n -optimize ?= y domu_debug ?= n crash_debug ?= n diff -r edd1616cf8cb -r 291e816acbf4 xen/acm/acm_chinesewall_hooks.c --- a/xen/acm/acm_chinesewall_hooks.c Fri Sep 2 14:15:49 2005 +++ b/xen/acm/acm_chinesewall_hooks.c Fri Sep 2 14:17:08 2005 @@ -310,6 +310,28 @@ return 0; } +static int +chwall_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len) +{ + int i; + + /* fill in buffer */ + if (chwall_bin_pol.max_types > len) + return -EFAULT; + + if (ssidref >= chwall_bin_pol.max_ssidrefs) + return -EFAULT; + + /* read types for chwall ssidref */ + for(i=0; i< chwall_bin_pol.max_types; i++) { + if (chwall_bin_pol.ssidrefs[ssidref * chwall_bin_pol.max_types + i]) + buf[i] = 1; + else + buf[i] = 0; + } + return chwall_bin_pol.max_types; +} + /*************************** * Authorization functions ***************************/ @@ -492,6 +514,7 @@ .dump_binary_policy = chwall_dump_policy, .set_binary_policy = chwall_set_policy, .dump_statistics = chwall_dump_stats, + .dump_ssid_types = chwall_dump_ssid_types, /* domain management control hooks */ .pre_domain_create = chwall_pre_domain_create, .post_domain_create = chwall_post_domain_create, diff -r edd1616cf8cb -r 291e816acbf4 xen/acm/acm_core.c --- a/xen/acm/acm_core.c Fri Sep 2 14:15:49 2005 +++ b/xen/acm/acm_core.c Fri Sep 2 14:17:08 2005 @@ -64,16 +64,17 @@ void acm_set_endian(void) { u32 test = 1; - if (*((u8 *)&test) == 1) { + if (*((u8 *)&test) == 1) + { printk("ACM module running in LITTLE ENDIAN.\n"); - little_endian = 1; - } else { - printk("ACM module running in BIG ENDIAN.\n"); - little_endian = 0; - } -} - -#if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY) + little_endian = 1; + } + else + { + printk("ACM module running in BIG ENDIAN.\n"); + little_endian = 0; + } +} /* initialize global security policy for Xen; policy write-locked already */ static void @@ -101,7 +102,8 @@ * Try all modules and see whichever could be the binary policy. * Adjust the initrdidx if module[1] is the binary policy. */ - for (i = mbi->mods_count-1; i >= 1; i--) { + for (i = mbi->mods_count-1; i >= 1; i--) + { struct acm_policy_buffer *pol; char *_policy_start; unsigned long _policy_len; @@ -117,23 +119,32 @@ continue; /* not a policy */ pol = (struct acm_policy_buffer *)_policy_start; - if (ntohl(pol->magic) == ACM_MAGIC) { + if (ntohl(pol->magic) == ACM_MAGIC) + { rc = acm_set_policy((void *)_policy_start, (u16)_policy_len, 0); - if (rc == ACM_OK) { + if (rc == ACM_OK) + { printf("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); - if (i == 1) { - if (mbi->mods_count > 2) { + if (i == 1) + { + if (mbi->mods_count > 2) + { *initrdidx = 2; - } else { + } + else { *initrdidx = 0; } - } else { + } + else + { *initrdidx = 1; } break; - } else { + } + else + { printk("Invalid policy. %d.th module line.\n", i+1); } } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */ @@ -147,56 +158,84 @@ const multiboot_info_t *mbi, unsigned long initial_images_start) { - int ret = -EINVAL; - - acm_set_endian(); + int ret = ACM_OK; + + acm_set_endian(); write_lock(&acm_bin_pol_rwlock); - - if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_POLICY) { - acm_init_binary_policy(NULL, NULL); - acm_init_chwall_policy(); + acm_init_binary_policy(NULL, NULL); + + /* set primary policy component */ + switch ((ACM_USE_SECURITY_POLICY) & 0x0f) + { + + case ACM_CHINESE_WALL_POLICY: + acm_init_chwall_policy(); acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY; acm_primary_ops = &acm_chinesewall_ops; + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + acm_init_ste_policy(); + acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; + acm_primary_ops = &acm_simple_type_enforcement_ops; + break; + + default: + /* NULL or Unknown policy not allowed primary; + * NULL/NULL will not compile this code */ + ret = -EINVAL; + goto out; + } + + /* secondary policy component part */ + switch ((ACM_USE_SECURITY_POLICY) >> 4) { + case ACM_NULL_POLICY: acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; acm_secondary_ops = &acm_null_ops; - ret = ACM_OK; - } else if (ACM_USE_SECURITY_POLICY == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) { - acm_init_binary_policy(NULL, NULL); + break; + + case ACM_CHINESE_WALL_POLICY: + if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY) + { /* not a valid combination */ + ret = -EINVAL; + goto out; + } + acm_init_chwall_policy(); + acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY; + acm_secondary_ops = &acm_chinesewall_ops; + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) + { /* not a valid combination */ + ret = -EINVAL; + goto out; + } acm_init_ste_policy(); - acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; - acm_primary_ops = &acm_simple_type_enforcement_ops; - acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; - acm_secondary_ops = &acm_null_ops; - ret = ACM_OK; - } else if (ACM_USE_SECURITY_POLICY == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) { - acm_init_binary_policy(NULL, NULL); - acm_init_chwall_policy(); - acm_init_ste_policy(); - acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY; - acm_primary_ops = &acm_chinesewall_ops; acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; acm_secondary_ops = &acm_simple_type_enforcement_ops; - ret = ACM_OK; - } else if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) { - acm_init_binary_policy(NULL, NULL); - acm_bin_pol.primary_policy_code = ACM_NULL_POLICY; - acm_primary_ops = &acm_null_ops; - acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; - acm_secondary_ops = &acm_null_ops; - ret = ACM_OK; + break; + + default: + ret = -EINVAL; + goto out; + } + + out: + write_unlock(&acm_bin_pol_rwlock); + + if (ret != ACM_OK) + { + printk("%s: Error setting policies.\n", __func__); + /* here one could imagine a clean panic */ + return -EINVAL; } - write_unlock(&acm_bin_pol_rwlock); - - if (ret != ACM_OK) - return -EINVAL; acm_setup(initrdidx, mbi, initial_images_start); printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, - ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); + ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), + ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); return ret; } - - -#endif int acm_init_domain_ssid(domid_t id, ssidref_t ssidref) @@ -205,7 +244,8 @@ struct domain *subj = find_domain_by_id(id); int ret1, ret2; - if (subj == NULL) { + if (subj == NULL) + { printk("%s: ACM_NULL_POINTER ERROR (id=%x).\n", __func__, id); return ACM_NULL_POINTER_ERROR; } @@ -235,14 +275,16 @@ else ret2 = ACM_OK; - if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) { + if ((ret1 != ACM_OK) || (ret2 != ACM_OK)) + { printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n", __func__, subj->domain_id); acm_free_domain_ssid(ssid); put_domain(subj); return ACM_INIT_SSID_ERROR; } - printk("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref); + printk("%s: assigned domain %x the ssidref=%x.\n", + __func__, id, ssid->ssidref); put_domain(subj); return ACM_OK; } @@ -254,11 +296,12 @@ domid_t id; /* domain is already gone, just ssid is left */ - if (ssid == NULL) { + if (ssid == NULL) + { printk("%s: ACM_NULL_POINTER ERROR.\n", __func__); return ACM_NULL_POINTER_ERROR; } - id = ssid->domainid; + id = ssid->domainid; ssid->subject = NULL; if (acm_primary_ops->free_domain_ssid != NULL) /* null policy */ @@ -268,6 +311,7 @@ acm_secondary_ops->free_domain_ssid(ssid->secondary_ssid); ssid->secondary_ssid = NULL; xfree(ssid); - printkd("%s: Freed individual domain ssid (domain=%02x).\n",__func__, id); + printkd("%s: Freed individual domain ssid (domain=%02x).\n", + __func__, id); return ACM_OK; } diff -r edd1616cf8cb -r 291e816acbf4 xen/acm/acm_null_hooks.c --- a/xen/acm/acm_null_hooks.c Fri Sep 2 14:15:49 2005 +++ b/xen/acm/acm_null_hooks.c Fri Sep 2 14:17:08 2005 @@ -14,13 +14,13 @@ #include <acm/acm_hooks.h> static int -null_init_domain_ssid(void **chwall_ssid, ssidref_t ssidref) +null_init_domain_ssid(void **ssid, ssidref_t ssidref) { return ACM_OK; } static void -null_free_domain_ssid(void *chwall_ssid) +null_free_domain_ssid(void *ssid) { return; } @@ -44,6 +44,14 @@ return 0; } +static int +null_dump_ssid_types(ssidref_t ssidref, u8 *buffer, u16 buf_size) +{ + /* no types */ + return 0; +} + + /* now define the hook structure similarly to LSM */ struct acm_operations acm_null_ops = { .init_domain_ssid = null_init_domain_ssid, @@ -51,6 +59,7 @@ .dump_binary_policy = null_dump_binary_policy, .set_binary_policy = null_set_binary_policy, .dump_statistics = null_dump_stats, + .dump_ssid_types = null_dump_ssid_types, /* domain management control hooks */ .pre_domain_create = NULL, .post_domain_create = NULL, diff -r edd1616cf8cb -r 291e816acbf4 xen/acm/acm_policy.c --- a/xen/acm/acm_policy.c Fri Sep 2 14:15:49 2005 +++ b/xen/acm/acm_policy.c Fri Sep 2 14:17:08 2005 @@ -26,8 +26,8 @@ #include <xen/lib.h> #include <xen/delay.h> #include <xen/sched.h> +#include <acm/acm_core.h> #include <public/acm_ops.h> -#include <acm/acm_core.h> #include <acm/acm_hooks.h> #include <acm/acm_endian.h> @@ -37,14 +37,16 @@ u8 *policy_buffer = NULL; struct acm_policy_buffer *pol; - if (buf_size < sizeof(struct acm_policy_buffer)) + if (buf_size < sizeof(struct acm_policy_buffer)) return -EFAULT; /* 1. copy buffer from domain */ if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL) - goto error_free; + return -ENOMEM; + if (isuserbuffer) { - if (copy_from_user(policy_buffer, buf, buf_size)) { + if (copy_from_user(policy_buffer, buf, buf_size)) + { printk("%s: Error copying!\n",__func__); goto error_free; } @@ -57,11 +59,13 @@ if ((ntohl(pol->magic) != ACM_MAGIC) || (ntohl(pol->policy_version) != ACM_POLICY_VERSION) || (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || - (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) { + (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) + { printkd("%s: Wrong policy magics or versions!\n", __func__); goto error_free; } - if (buf_size != ntohl(pol->len)) { + if (buf_size != ntohl(pol->len)) + { printk("%s: ERROR in buf size.\n", __func__); goto error_free; } @@ -72,27 +76,25 @@ /* 3. set primary policy data */ if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset), ntohl(pol->secondary_buffer_offset) - - ntohl(pol->primary_buffer_offset))) { + ntohl(pol->primary_buffer_offset))) goto error_lock_free; - } + /* 4. set secondary policy data */ if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset), ntohl(pol->len) - - ntohl(pol->secondary_buffer_offset))) { + ntohl(pol->secondary_buffer_offset))) goto error_lock_free; - } + write_unlock(&acm_bin_pol_rwlock); - if (policy_buffer != NULL) - xfree(policy_buffer); + xfree(policy_buffer); return ACM_OK; error_lock_free: write_unlock(&acm_bin_pol_rwlock); error_free: printk("%s: Error setting policy.\n", __func__); - if (policy_buffer != NULL) - xfree(policy_buffer); - return -ENOMEM; + xfree(policy_buffer); + return -EFAULT; } int @@ -102,11 +104,14 @@ int ret; struct acm_policy_buffer *bin_pol; + if (buf_size < sizeof(struct acm_policy_buffer)) + return -EFAULT; + if ((policy_buffer = xmalloc_array(u8, buf_size)) == NULL) return -ENOMEM; read_lock(&acm_bin_pol_rwlock); - /* future: read policy from file and set it */ + bin_pol = (struct acm_policy_buffer *)policy_buffer; bin_pol->magic = htonl(ACM_MAGIC); bin_pol->primary_policy_code = htonl(acm_bin_pol.primary_policy_code); @@ -118,27 +123,30 @@ ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset), buf_size - ntohl(bin_pol->primary_buffer_offset)); - if (ret < 0) { - printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); - read_unlock(&acm_bin_pol_rwlock); - return -1; - } + if (ret < 0) + goto error_free_unlock; + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); ret = acm_secondary_ops->dump_binary_policy(policy_buffer + ntohl(bin_pol->secondary_buffer_offset), buf_size - ntohl(bin_pol->secondary_buffer_offset)); - if (ret < 0) { - printk("%s: ERROR creating chwallpolicy buffer.\n", __func__); - read_unlock(&acm_bin_pol_rwlock); - return -1; - } + if (ret < 0) + goto error_free_unlock; + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); - read_unlock(&acm_bin_pol_rwlock); if (copy_to_user(buf, policy_buffer, ntohl(bin_pol->len))) - return -EFAULT; + goto error_free_unlock; + + read_unlock(&acm_bin_pol_rwlock); xfree(policy_buffer); return ACM_OK; + + error_free_unlock: + read_unlock(&acm_bin_pol_rwlock); + printk("%s: Error getting policy.\n", __func__); + xfree(policy_buffer); + return -EFAULT; } int @@ -185,4 +193,62 @@ return -EFAULT; } + +int +acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size) +{ + /* send stats to user space */ + u8 *ssid_buffer; + int ret; + struct acm_ssid_buffer *acm_ssid; + if (buf_size < sizeof(struct acm_ssid_buffer)) + return -EFAULT; + + if ((ssid_buffer = xmalloc_array(u8, buf_size)) == NULL) + return -ENOMEM; + + read_lock(&acm_bin_pol_rwlock); + + acm_ssid = (struct acm_ssid_buffer *)ssid_buffer; + acm_ssid->len = sizeof(struct acm_ssid_buffer); + acm_ssid->ssidref = ssidref; + acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code; + acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code; + acm_ssid->primary_types_offset = acm_ssid->len; + + /* ret >= 0 --> ret == max_types */ + ret = acm_primary_ops->dump_ssid_types(ACM_PRIMARY(ssidref), + ssid_buffer + acm_ssid->primary_types_offset, + buf_size - acm_ssid->primary_types_offset); + if (ret < 0) + goto error_free_unlock; + + acm_ssid->len += ret; + acm_ssid->primary_max_types = ret; + + acm_ssid->secondary_types_offset = acm_ssid->len; + + ret = acm_secondary_ops->dump_ssid_types(ACM_SECONDARY(ssidref), + ssid_buffer + acm_ssid->secondary_types_offset, + buf_size - acm_ssid->secondary_types_offset); + if (ret < 0) + goto error_free_unlock; + + acm_ssid->len += ret; + acm_ssid->secondary_max_types = ret; + + if (copy_to_user(buf, ssid_buffer, acm_ssid->len)) + goto error_free_unlock; + + read_unlock(&acm_bin_pol_rwlock); + xfree(ssid_buffer); + return ACM_OK; + + error_free_unlock: + read_unlock(&acm_bin_pol_rwlock); + printk("%s: Error getting ssid.\n", __func__); + xfree(ssid_buffer); + return -ENOMEM; +} + /*eof*/ diff -r edd1616cf8cb -r 291e816acbf4 xen/acm/acm_simple_type_enforcement_hooks.c --- a/xen/acm/acm_simple_type_enforcement_hooks.c Fri Sep 2 14:15:49 2005 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c Fri Sep 2 14:17:08 2005 @@ -383,6 +383,27 @@ return sizeof(struct acm_ste_stats_buffer); } +static int +ste_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len) +{ + int i; + + /* fill in buffer */ + if (ste_bin_pol.max_types > len) + return -EFAULT; + + if (ssidref >= ste_bin_pol.max_ssidrefs) + return -EFAULT; + + /* read types for chwall ssidref */ + for(i=0; i< ste_bin_pol.max_types; i++) { + if (ste_bin_pol.ssidrefs[ssidref * ste_bin_pol.max_types + i]) + buf[i] = 1; + else + buf[i] = 0; + } + return ste_bin_pol.max_types; +} /* we need to go through this before calling the hooks, * returns 1 == cache hit */ @@ -625,22 +646,23 @@ /* policy management services */ .init_domain_ssid = ste_init_domain_ssid, .free_domain_ssid = ste_free_domain_ssid, - .dump_binary_policy = ste_dump_policy, - .set_binary_policy = ste_set_policy, + .dump_binary_policy = ste_dump_policy, + .set_binary_policy = ste_set_policy, .dump_statistics = ste_dump_stats, + .dump_ssid_types = ste_dump_ssid_types, /* domain management control hooks */ .pre_domain_create = ste_pre_domain_create, - .post_domain_create = NULL, - .fail_domain_create = NULL, - .post_domain_destroy = ste_post_domain_destroy, + .post_domain_create = NULL, + .fail_domain_create = NULL, + .post_domain_destroy = ste_post_domain_destroy, /* event channel control hooks */ - .pre_eventchannel_unbound = ste_pre_eventchannel_unbound, + .pre_eventchannel_unbound = ste_pre_eventchannel_unbound, .fail_eventchannel_unbound = NULL, .pre_eventchannel_interdomain = ste_pre_eventchannel_interdomain, .fail_eventchannel_interdomain = NULL, /* grant table control hooks */ - .pre_grant_map_ref = ste_pre_grant_map_ref, - .fail_grant_map_ref = NULL, - .pre_grant_setup = ste_pre_grant_setup, - .fail_grant_setup = NULL, + .pre_grant_map_ref = ste_pre_grant_map_ref, + .fail_grant_map_ref = NULL, + .pre_grant_setup = ste_pre_grant_setup, + .fail_grant_setup = NULL, }; diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/Makefile --- a/xen/arch/x86/Makefile Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/Makefile Fri Sep 2 14:17:08 2005 @@ -17,7 +17,7 @@ OBJS := $(patsubst shadow%.o,,$(OBJS)) # drop all ifeq ($(TARGET_SUBARCH),x86_64) - OBJS += shadow.o shadow_public.o # x86_64: new code + OBJS += shadow.o shadow_public.o shadow_guest32.o # x86_64: new code endif ifeq ($(TARGET_SUBARCH),x86_32) ifneq ($(pae),n) diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/Rules.mk --- a/xen/arch/x86/Rules.mk Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/Rules.mk Fri Sep 2 14:17:08 2005 @@ -13,10 +13,8 @@ CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default -ifeq ($(optimize),y) +ifneq ($(debug),y) CFLAGS += -O3 -fomit-frame-pointer -else -x86_32/usercopy.o: CFLAGS += -O1 endif # Prevent floating-point variables from creeping into Xen. diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/boot/x86_32.S --- a/xen/arch/x86/boot/x86_32.S Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/boot/x86_32.S Fri Sep 2 14:17:08 2005 @@ -9,6 +9,8 @@ .text ENTRY(start) +ENTRY(stext) +ENTRY(_stext) jmp __start .align 4 @@ -260,6 +262,3 @@ .org 0x2000 + STACK_SIZE + PAGE_SIZE #endif /* CONFIG_X86_PAE */ - -ENTRY(stext) -ENTRY(_stext) diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/boot/x86_64.S --- a/xen/arch/x86/boot/x86_64.S Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/boot/x86_64.S Fri Sep 2 14:17:08 2005 @@ -10,6 +10,8 @@ .code32 ENTRY(start) +ENTRY(stext) +ENTRY(_stext) jmp __start .org 0x004 @@ -267,5 +269,3 @@ .org 0x4000 + STACK_SIZE + PAGE_SIZE .code64 -ENTRY(stext) -ENTRY(_stext) diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/shadow.c --- a/xen/arch/x86/shadow.c Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/shadow.c Fri Sep 2 14:17:08 2005 @@ -53,6 +53,9 @@ struct domain *d, unsigned long gpfn, unsigned long gmfn); static void shadow_map_into_current(struct vcpu *v, unsigned long va, unsigned int from, unsigned int to); +static inline void validate_bl2e_change( struct domain *d, + guest_root_pgentry_t *new_gle_p, pgentry_64_t *shadow_l3, int index); + #endif /******** @@ -217,10 +220,38 @@ } else { - page = alloc_domheap_page(NULL); - void *l1 = map_domain_page(page_to_pfn(page)); - memset(l1, 0, PAGE_SIZE); - unmap_domain_page(l1); + if (d->arch.ops->guest_paging_levels == PAGING_L2) + { +#if CONFIG_PAGING_LEVELS >= 4 + /* For 32-bit VMX guest, 2 shadow L1s to simulate 1 guest L1 + * So need allocate 2 continues shadow L1 each time. + */ + page = alloc_domheap_pages(NULL, SL1_ORDER, 0); + if (!page) + domain_crash_synchronous(); + + void *l1_0 = map_domain_page(page_to_pfn(page)); + memset(l1_0,0,PAGE_SIZE); + unmap_domain_page(l1_0); + void *l1_1 = map_domain_page(page_to_pfn(page+1)); + memset(l1_1,0,PAGE_SIZE); + unmap_domain_page(l1_1); +#else + page = alloc_domheap_page(NULL); + if (!page) + domain_crash_synchronous(); + void *l1 = map_domain_page(page_to_pfn(page)); + memset(l1, 0, PAGE_SIZE); + unmap_domain_page(l1); +#endif + } + else + { + page = alloc_domheap_page(NULL); + void *l1 = map_domain_page(page_to_pfn(page)); + memset(l1, 0, PAGE_SIZE); + unmap_domain_page(l1); + } } } else { @@ -331,7 +362,21 @@ fail: FSH_LOG("promotion of pfn=%lx mfn=%lx failed! external gnttab refs?", gpfn, gmfn); - free_domheap_page(page); + if (psh_type == PGT_l1_shadow) + { + if (d->arch.ops->guest_paging_levels == PAGING_L2) + { +#if CONFIG_PAGING_LEVELS >=4 + free_domheap_pages(page, SL1_ORDER); +#else + free_domheap_page(page); +#endif + } + else + free_domheap_page(page); + } + else + free_domheap_page(page); return 0; } @@ -478,8 +523,10 @@ { struct vcpu *v = current; struct domain *d = v->domain; - l1_pgentry_t *gpl1e, *spl1e; - l2_pgentry_t gl2e, sl2e; + l1_pgentry_t *spl1e; + l2_pgentry_t sl2e; + guest_l1_pgentry_t *gpl1e; + guest_l2_pgentry_t gl2e; unsigned long gl1pfn, gl1mfn, sl1mfn; int i, init_table = 0; @@ -523,28 +570,49 @@ ASSERT( !(l2e_get_flags(old_sl2e) & _PAGE_PRESENT) ); #endif - if ( !get_shadow_ref(sl1mfn) ) - BUG(); - l2pde_general(d, &gl2e, &sl2e, sl1mfn); - __guest_set_l2e(v, va, &gl2e); - __shadow_set_l2e(v, va, &sl2e); +#if CONFIG_PAGING_LEVELS >=4 + if (d->arch.ops->guest_paging_levels == PAGING_L2) + { + /* for 32-bit VMX guest on 64-bit host, + * need update two L2 entries each time + */ + if ( !get_shadow_ref(sl1mfn)) + BUG(); + l2pde_general(d, &gl2e, &sl2e, sl1mfn); + __guest_set_l2e(v, va, &gl2e); + __shadow_set_l2e(v, va & ~((1<<L2_PAGETABLE_SHIFT_32) - 1), &sl2e); + if ( !get_shadow_ref(sl1mfn+1)) + BUG(); + sl2e = l2e_empty(); + l2pde_general(d, &gl2e, &sl2e, sl1mfn+1); + __shadow_set_l2e(v,((va & ~((1<<L2_PAGETABLE_SHIFT_32) - 1)) + (1 << L2_PAGETABLE_SHIFT)) , &sl2e); + } else +#endif + { + if ( !get_shadow_ref(sl1mfn) ) + BUG(); + l2pde_general(d, &gl2e, &sl2e, sl1mfn); + __guest_set_l2e(v, va, &gl2e); + __shadow_set_l2e(v, va , &sl2e); + } if ( init_table ) { l1_pgentry_t sl1e; - int index = l1_table_offset(va); + int index = guest_l1_table_offset(va); int min = 1, max = 0; unsigned long entries, pt_va; l1_pgentry_t tmp_sl1e; - l1_pgentry_t tmp_gl1e;//Prepare for double compile - - - entries = PAGE_SIZE / sizeof(l1_pgentry_t); + guest_l1_pgentry_t tmp_gl1e;//Prepare for double compile + + + entries = PAGE_SIZE / sizeof(guest_l1_pgentry_t); pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(entries - 1)) << L1_PAGETABLE_SHIFT; - gpl1e = (l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gl1e); - - entries = PAGE_SIZE / sizeof(l1_pgentry_t); + gpl1e = (guest_l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gl1e); + + /* If the PGT_l1_shadow has two continual pages */ + entries = PAGE_SIZE / sizeof(guest_l1_pgentry_t); //1024 entry!!! pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(entries - 1)) << L1_PAGETABLE_SHIFT; spl1e = (l1_pgentry_t *) __shadow_get_l1e(v, pt_va, &tmp_sl1e); @@ -555,7 +623,7 @@ spl1e = &(shadow_linear_pg_table[l1_linear_offset(va) & ~(L1_PAGETABLE_ENTRIES-1)]);*/ - for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ ) + for ( i = 0; i < GUEST_L1_PAGETABLE_ENTRIES; i++ ) { l1pte_propagate_from_guest(d, gpl1e[i], &sl1e); if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) && @@ -584,7 +652,7 @@ } } -static void +static void shadow_set_l1e(unsigned long va, l1_pgentry_t new_spte, int create_l1_shadow) { struct vcpu *v = current; @@ -616,7 +684,7 @@ perfc_incrc(shadow_set_l1e_unlinked); if ( !get_shadow_ref(sl1mfn) ) BUG(); - l2pde_general(d, &gpde, &sl2e, sl1mfn); + l2pde_general(d, (guest_l2_pgentry_t *)&gpde, &sl2e, sl1mfn); __guest_set_l2e(v, va, &gpde); __shadow_set_l2e(v, va, &sl2e); } @@ -651,6 +719,7 @@ shadow_update_min_max(l2e_get_pfn(sl2e), l1_table_offset(va)); } +#if CONFIG_PAGING_LEVELS <= 3 static void shadow_invlpg_32(struct vcpu *v, unsigned long va) { struct domain *d = v->domain; @@ -679,6 +748,7 @@ shadow_unlock(d); } +#endif static struct out_of_sync_entry * shadow_alloc_oos_entry(struct domain *d) @@ -759,8 +829,8 @@ length = max - min + 1; perfc_incr_histo(snapshot_copies, length, PT_UPDATES); - min *= sizeof(l1_pgentry_t); - length *= sizeof(l1_pgentry_t); + min *= sizeof(guest_l1_pgentry_t); + length *= sizeof(guest_l1_pgentry_t); original = map_domain_page(gmfn); snapshot = map_domain_page(smfn); @@ -841,7 +911,7 @@ __shadow_get_l4e(v, va, &sl4e); if ( !(l4e_get_flags(sl4e) & _PAGE_PRESENT)) { - shadow_map_into_current(v, va, L3, L4); + shadow_map_into_current(v, va, PAGING_L3, PAGING_L4); } if (!__shadow_get_l3e(v, va, &sl3e)) { @@ -849,7 +919,7 @@ } if ( !(l3e_get_flags(sl3e) & _PAGE_PRESENT)) { - shadow_map_into_current(v, va, L2, L3); + shadow_map_into_current(v, va, PAGING_L2, PAGING_L3); } } #endif @@ -887,11 +957,11 @@ * Returns 0 otherwise. */ static int snapshot_entry_matches( - struct domain *d, l1_pgentry_t *guest_pt, + struct domain *d, guest_l1_pgentry_t *guest_pt, unsigned long gpfn, unsigned index) { unsigned long smfn = __shadow_status(d, gpfn, PGT_snapshot); - l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ... + guest_l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ... int entries_match; perfc_incrc(snapshot_entry_matches_calls); @@ -908,7 +978,7 @@ // This could probably be smarter, but this is sufficent for // our current needs. // - entries_match = !l1e_has_changed(gpte, snapshot[index], + entries_match = !guest_l1e_has_changed(gpte, snapshot[index], PAGE_FLAG_MASK); unmap_domain_page(snapshot); @@ -936,10 +1006,10 @@ unsigned long l2mfn = pagetable_get_pfn(v->arch.guest_table); #endif unsigned long l2pfn = __mfn_to_gpfn(d, l2mfn); - l2_pgentry_t l2e; + guest_l2_pgentry_t l2e; unsigned long l1pfn, l1mfn; - l1_pgentry_t *guest_pt; - l1_pgentry_t tmp_gle; + guest_l1_pgentry_t *guest_pt; + guest_l1_pgentry_t tmp_gle; unsigned long pt_va; ASSERT(shadow_lock_is_acquired(d)); @@ -948,7 +1018,7 @@ perfc_incrc(shadow_out_of_sync_calls); #if CONFIG_PAGING_LEVELS >= 4 - if (d->arch.ops->guest_paging_levels == L4) { /* Mode F */ + if (d->arch.ops->guest_paging_levels == PAGING_L4) { /* Mode F */ pgentry_64_t le; unsigned long gmfn; unsigned long gpfn; @@ -956,9 +1026,9 @@ gmfn = l2mfn; gpfn = l2pfn; - guest_pt = (l1_pgentry_t *)v->arch.guest_vtable; - - for (i = L4; i >= L3; i--) { + guest_pt = (guest_l1_pgentry_t *)v->arch.guest_vtable; + + for (i = PAGING_L4; i >= PAGING_L3; i--) { if ( page_out_of_sync(&frame_table[gmfn]) && !snapshot_entry_matches( d, guest_pt, gpfn, table_offset_64(va, i)) ) @@ -972,7 +1042,7 @@ if ( !VALID_MFN(gmfn) ) return 0; /* Todo: check!*/ - guest_pt = (l1_pgentry_t *)map_domain_page(gmfn); + guest_pt = (guest_l1_pgentry_t *)map_domain_page(gmfn); } @@ -986,13 +1056,13 @@ #endif if ( page_out_of_sync(&frame_table[l2mfn]) && - !snapshot_entry_matches(d, (l1_pgentry_t *)v->arch.guest_vtable, - l2pfn, l2_table_offset(va)) ) + !snapshot_entry_matches(d, (guest_l1_pgentry_t *)v->arch.guest_vtable, + l2pfn, guest_l2_table_offset(va)) ) return 1; __guest_get_l2e(v, va, &l2e); - if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || - (l2e_get_flags(l2e) & _PAGE_PSE)) + if ( !(guest_l2e_get_flags(l2e) & _PAGE_PRESENT) || + (guest_l2e_get_flags(l2e) & _PAGE_PSE)) return 0; l1pfn = l2e_get_pfn(l2e); @@ -1001,20 +1071,20 @@ // If the l1 pfn is invalid, it can't be out of sync... if ( !VALID_MFN(l1mfn) ) return 0; - - pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(L1_PAGETABLE_ENTRIES - 1)) + + pt_va = ((va >> L1_PAGETABLE_SHIFT) & ~(GUEST_L1_PAGETABLE_ENTRIES - 1)) << L1_PAGETABLE_SHIFT; - guest_pt = (l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gle); + guest_pt = (guest_l1_pgentry_t *) __guest_get_l1e(v, pt_va, &tmp_gle); if ( page_out_of_sync(&frame_table[l1mfn]) && !snapshot_entry_matches( - d, guest_pt, l1pfn, l1_table_offset(va)) ) + d, guest_pt, l1pfn, guest_l1_table_offset(va)) ) return 1; return 0; } -#define GPFN_TO_GPTEPAGE(_gpfn) ((_gpfn) / (PAGE_SIZE / sizeof(l1_pgentry_t))) +#define GPFN_TO_GPTEPAGE(_gpfn) ((_gpfn) / (PAGE_SIZE / sizeof(guest_l1_pgentry_t))) static inline unsigned long predict_writable_pte_page(struct domain *d, unsigned long gpfn) { @@ -1108,7 +1178,7 @@ return (found == max_refs_to_find); } - i = readonly_gpfn & (L1_PAGETABLE_ENTRIES - 1); + i = readonly_gpfn & (GUEST_L1_PAGETABLE_ENTRIES - 1); if ( !l1e_has_changed(pt[i], match, flags) && fix_entry(i) ) { perfc_incrc(remove_write_fast_exit); @@ -1117,7 +1187,7 @@ return found; } - for (i = 0; i < L1_PAGETABLE_ENTRIES; i++) + for (i = 0; i < GUEST_L1_PAGETABLE_ENTRIES; i++) { if ( unlikely(!l1e_has_changed(pt[i], match, flags)) && fix_entry(i) ) break; @@ -1282,15 +1352,15 @@ switch ( stype ) { case PGT_l1_shadow: { - l1_pgentry_t *guest1 = guest; + guest_l1_pgentry_t *guest1 = guest; l1_pgentry_t *shadow1 = shadow; - l1_pgentry_t *snapshot1 = snapshot; + guest_l1_pgentry_t *snapshot1 = snapshot; ASSERT(VM_ASSIST(d, VMASST_TYPE_writable_pagetables) || shadow_mode_write_all(d)); if ( !shadow_mode_refcounts(d) ) - revalidate_l1(d, guest1, snapshot1); + revalidate_l1(d, (l1_pgentry_t *)guest1, (l1_pgentry_t *)snapshot1); if ( !smfn ) break; @@ -1301,7 +1371,7 @@ for ( i = min_shadow; i <= max_shadow; i++ ) { if ( (i < min_snapshot) || (i > max_snapshot) || - l1e_has_changed(guest1[i], snapshot1[i], PAGE_FLAG_MASK) ) + guest_l1e_has_changed(guest1[i], snapshot1[i], PAGE_FLAG_MASK) ) { need_flush |= validate_pte_change(d, guest1[i], &shadow1[i]); @@ -1431,32 +1501,36 @@ { int max = -1; - l4_pgentry_t *guest4 = guest; + guest_root_pgentry_t *guest_root = guest; l4_pgentry_t *shadow4 = shadow; - l4_pgentry_t *snapshot4 = snapshot; + guest_root_pgentry_t *snapshot_root = snapshot; changed = 0; - for ( i = 0; i < L4_PAGETABLE_ENTRIES; i++ ) + for ( i = 0; i < GUEST_ROOT_PAGETABLE_ENTRIES; i++ ) { if ( !is_guest_l4_slot(i) && !external ) continue; - l4_pgentry_t new_l4e = guest4[i]; - if ( l4e_has_changed(new_l4e, snapshot4[i], PAGE_FLAG_MASK)) + guest_root_pgentry_t new_root_e = guest_root[i]; + if ( root_entry_has_changed( + new_root_e, snapshot_root[i], PAGE_FLAG_MASK)) { - need_flush |= validate_entry_change( - d, (pgentry_64_t *)&new_l4e, - (pgentry_64_t *)&shadow4[i], shadow_type_to_level(stype)); - + if (d->arch.ops->guest_paging_levels == PAGING_L4) { + need_flush |= validate_entry_change( + d, (pgentry_64_t *)&new_root_e, + (pgentry_64_t *)&shadow4[i], shadow_type_to_level(stype)); + } else { + validate_bl2e_change(d, &new_root_e, shadow, i); + } changed++; ESH_LOG("%d: shadow4 mfn: %lx, shadow root: %lx\n", i, smfn, pagetable_get_paddr(current->arch.shadow_table)); } - if ( l4e_get_intpte(new_l4e) != 0 ) /* FIXME: check flags? */ + if ( guest_root_get_intpte(new_root_e) != 0 ) /* FIXME: check flags? */ max = i; // Need a better solution in the long term. - if ( !(l4e_get_flags(new_l4e) & _PAGE_PRESENT) && - unlikely(l4e_get_intpte(new_l4e) != 0) && + if ( !(guest_root_get_flags(new_root_e) & _PAGE_PRESENT) && + unlikely(guest_root_get_intpte(new_root_e) != 0) && !unshadow && (frame_table[smfn].u.inuse.type_info & PGT_pinned) ) unshadow = 1; @@ -1555,8 +1629,14 @@ if ( shadow_mode_translate(d) ) need_flush |= resync_all(d, PGT_hl2_shadow); #endif - need_flush |= resync_all(d, PGT_l2_shadow); - need_flush |= resync_all(d, PGT_l3_shadow); + + /* + * Fixme: for i386 host + */ + if (d->arch.ops->guest_paging_levels == PAGING_L4) { + need_flush |= resync_all(d, PGT_l2_shadow); + need_flush |= resync_all(d, PGT_l3_shadow); + } need_flush |= resync_all(d, PGT_l4_shadow); if ( need_flush && !unlikely(shadow_mode_external(d)) ) @@ -1566,11 +1646,11 @@ } static inline int l1pte_write_fault( - struct vcpu *v, l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p, + struct vcpu *v, guest_l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p, unsigned long va) { struct domain *d = v->domain; - l1_pgentry_t gpte = *gpte_p; + guest_l1_pgentry_t gpte = *gpte_p; l1_pgentry_t spte; unsigned long gpfn = l1e_get_pfn(gpte); unsigned long gmfn = __gpfn_to_mfn(d, gpfn); @@ -1585,8 +1665,8 @@ } ASSERT(l1e_get_flags(gpte) & _PAGE_RW); - l1e_add_flags(gpte, _PAGE_DIRTY | _PAGE_ACCESSED); - spte = l1e_from_pfn(gmfn, l1e_get_flags(gpte) & ~_PAGE_GLOBAL); + guest_l1e_add_flags(gpte, _PAGE_DIRTY | _PAGE_ACCESSED); + spte = l1e_from_pfn(gmfn, guest_l1e_get_flags(gpte) & ~_PAGE_GLOBAL); SH_VVLOG("l1pte_write_fault: updating spte=0x%" PRIpte " gpte=0x%" PRIpte, l1e_get_intpte(spte), l1e_get_intpte(gpte)); @@ -1604,9 +1684,9 @@ } static inline int l1pte_read_fault( - struct domain *d, l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p) + struct domain *d, guest_l1_pgentry_t *gpte_p, l1_pgentry_t *spte_p) { - l1_pgentry_t gpte = *gpte_p; + guest_l1_pgentry_t gpte = *gpte_p; l1_pgentry_t spte = *spte_p; unsigned long pfn = l1e_get_pfn(gpte); unsigned long mfn = __gpfn_to_mfn(d, pfn); @@ -1618,10 +1698,10 @@ return 0; } - l1e_add_flags(gpte, _PAGE_ACCESSED); - spte = l1e_from_pfn(mfn, l1e_get_flags(gpte) & ~_PAGE_GLOBAL); - - if ( shadow_mode_log_dirty(d) || !(l1e_get_flags(gpte) & _PAGE_DIRTY) || + guest_l1e_add_flags(gpte, _PAGE_ACCESSED); + spte = l1e_from_pfn(mfn, guest_l1e_get_flags(gpte) & ~_PAGE_GLOBAL); + + if ( shadow_mode_log_dirty(d) || !(guest_l1e_get_flags(gpte) & _PAGE_DIRTY) || mfn_is_page_table(mfn) ) { l1e_remove_flags(spte, _PAGE_RW); @@ -1634,7 +1714,7 @@ return 1; } - +#if CONFIG_PAGING_LEVELS <= 3 static int shadow_fault_32(unsigned long va, struct cpu_user_regs *regs) { l1_pgentry_t gpte, spte, orig_gpte; @@ -1768,6 +1848,7 @@ shadow_unlock(d); return 0; } +#endif static int do_update_va_mapping(unsigned long va, l1_pgentry_t val, @@ -1787,7 +1868,7 @@ // __shadow_sync_va(v, va); - l1pte_propagate_from_guest(d, val, &spte); + l1pte_propagate_from_guest(d, *(guest_l1_pgentry_t *)&val, &spte); shadow_set_l1e(va, spte, 0); /* @@ -1848,7 +1929,7 @@ #if CONFIG_PAGING_LEVELS == 2 unsigned long hl2mfn; #endif - + int max_mode = ( shadow_mode_external(d) ? SHM_external : shadow_mode_translate(d) ? SHM_translate : shadow_mode_enabled(d) ? SHM_enable @@ -1954,17 +2035,6 @@ #endif } -struct shadow_ops MODE_A_HANDLER = { - .guest_paging_levels = 2, - .invlpg = shadow_invlpg_32, - .fault = shadow_fault_32, - .update_pagetables = shadow_update_pagetables, - .sync_all = sync_all, - .remove_all_write_access = remove_all_write_access, - .do_update_va_mapping = do_update_va_mapping, - .mark_mfn_out_of_sync = mark_mfn_out_of_sync, - .is_out_of_sync = is_out_of_sync, -}; /************************************************************************/ /************************************************************************/ @@ -2445,12 +2515,90 @@ BUG(); /* not implemenated yet */ return 42; } +static unsigned long gva_to_gpa_pae(unsigned long gva) +{ + BUG(); + return 43; +} #endif #if CONFIG_PAGING_LEVELS >= 4 /****************************************************************************/ /* 64-bit shadow-mode code testing */ /****************************************************************************/ +/* + * validate_bl2e_change() + * The code is for 32-bit VMX gues on 64-bit host. + * To sync guest L2. + */ + +static inline void +validate_bl2e_change( + struct domain *d, + guest_root_pgentry_t *new_gle_p, + pgentry_64_t *shadow_l3, + int index) +{ + int sl3_idx, sl2_idx; + unsigned long sl2mfn, sl1mfn; + pgentry_64_t *sl2_p; + + /* Using guest l2 pte index to get shadow l3&l2 index + * index: 0 ~ 1023, PAGETABLE_ENTRIES: 512 + */ + sl3_idx = index / (PAGETABLE_ENTRIES / 2); + sl2_idx = (index % (PAGETABLE_ENTRIES / 2)) * 2; + + sl2mfn = entry_get_pfn(shadow_l3[sl3_idx]); + sl2_p = (pgentry_64_t *)map_domain_page(sl2mfn); + + validate_pde_change( + d, *(guest_l2_pgentry_t *)new_gle_p, (l2_pgentry_t *)&sl2_p[sl2_idx]); + + /* Mapping the second l1 shadow page */ + if (entry_get_flags(sl2_p[sl2_idx]) & _PAGE_PRESENT) { + sl1mfn = entry_get_pfn(sl2_p[sl2_idx]); + sl2_p[sl2_idx + 1] = + entry_from_pfn(sl1mfn + 1, entry_get_flags(sl2_p[sl2_idx])); + } + unmap_domain_page(sl2_p); + +} + +/* + * init_bl2() is for 32-bit VMX guest on 64-bit host + * Using 1 shadow L4(l3) and 4 shadow L2s to simulate guest L2 + */ +static inline unsigned long init_bl2(l4_pgentry_t *spl4e, unsigned long smfn) +{ + unsigned int count; + unsigned long sl2mfn; + struct pfn_info *page; + + memset(spl4e, 0, PAGE_SIZE); + + /* Map the self entry, L4&L3 share the same page */ + spl4e[PAE_SHADOW_SELF_ENTRY] = l4e_from_pfn(smfn, __PAGE_HYPERVISOR); + + /* Allocate 4 shadow L2s */ + page = alloc_domheap_pages(NULL, SL2_ORDER, 0); + if (!page) + domain_crash_synchronous(); + + for (count = 0; count < PDP_ENTRIES; count++) + { + sl2mfn = page_to_pfn(page+count); + void *l2 = map_domain_page(sl2mfn); + memset(l2, 0, PAGE_SIZE); + unmap_domain_page(l2); + spl4e[count] = l4e_from_pfn(sl2mfn, _PAGE_PRESENT); + } + + unmap_domain_page(spl4e); + return smfn; + + +} static unsigned long shadow_l4_table( struct domain *d, unsigned long gpfn, unsigned long gmfn) @@ -2464,11 +2612,16 @@ if ( unlikely(!(smfn = alloc_shadow_page(d, gpfn, gmfn, PGT_l4_shadow))) ) { - printk("Couldn't alloc an L2 shadow for pfn=%lx mfn=%lx\n", gpfn, gmfn); + printk("Couldn't alloc an L4 shadow for pfn=%lx mfn=%lx\n", gpfn, gmfn); BUG(); /* XXX Deal gracefully with failure. */ } spl4e = (l4_pgentry_t *)map_domain_page(smfn); + + if (d->arch.ops->guest_paging_levels == PAGING_L2) { + return init_bl2(spl4e, smfn); + } + /* Install hypervisor and 4x linear p.t. mapings. */ if ( (PGT_base_page_table == PGT_l4_page_table) && !shadow_mode_external(d) ) @@ -2576,7 +2729,7 @@ pgentry_64_t gle, sle; unsigned long gpfn, smfn; - if (from == L1 && to == L2) { + if (from == PAGING_L1 && to == PAGING_L2) { shadow_map_l1_into_current_l2(va); return; } @@ -2608,7 +2761,7 @@ if (!(l4e_get_flags(sl4e) & _PAGE_PRESENT)) { if (create_l2_shadow) { perfc_incrc(shadow_set_l3e_force_map); - shadow_map_into_current(v, va, L3, L4); + shadow_map_into_current(v, va, PAGING_L3, PAGING_L4); __shadow_get_l4e(v, va, &sl4e); } else { printk("For non VMX shadow, create_l1_shadow:%d\n", create_l2_shadow); @@ -2619,7 +2772,7 @@ if (!(l3e_get_flags(sl3e) & _PAGE_PRESENT)) { if (create_l2_shadow) { perfc_incrc(shadow_set_l2e_force_map); - shadow_map_into_current(v, va, L2, L3); + shadow_map_into_current(v, va, PAGING_L2, PAGING_L3); __shadow_get_l3e(v, va, &sl3e); } else { printk("For non VMX shadow, create_l1_shadow:%d\n", create_l2_shadow); @@ -2655,8 +2808,15 @@ l1_pgentry_t old_spte; l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p; int i; - - for (i = L4; i >= L2; i--) { + unsigned long orig_va = 0; + + if (d->arch.ops->guest_paging_levels == PAGING_L2) { + /* This is for 32-bit VMX guest on 64-bit host */ + orig_va = va; + va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1)); + } + + for (i = PAGING_L4; i >= PAGING_L2; i--) { if (!__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i)) { printk("<%s> i = %d\n", __func__, i); BUG(); @@ -2672,9 +2832,13 @@ #endif } } - if(i < L4) + if(i < PAGING_L4) shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, i)); sle_up = sle; + } + + if (d->arch.ops->guest_paging_levels == PAGING_L2) { + va = orig_va; } if ( shadow_mode_refcounts(d) ) @@ -2692,9 +2856,13 @@ } __shadow_set_l1e(v, va, &sl1e); - shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, L1)); -} - + + shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va)); +} + +/* As 32-bit guest don't support 4M page yet, + * we don't concern double compile for this function + */ static inline int l2e_rw_fault( struct vcpu *v, l2_pgentry_t *gl2e_p, unsigned long va, int rw) { @@ -2825,12 +2993,120 @@ } +/* + * Check P, R/W, U/S bits in the guest page table. + * If the fault belongs to guest return 1, + * else return 0. + */ +#if defined( GUEST_PGENTRY_32 ) +static inline int guest_page_fault(struct vcpu *v, + unsigned long va, unsigned int error_code, + guest_l2_pgentry_t *gpl2e, guest_l1_pgentry_t *gpl1e) +{ + /* The following check for 32-bit guest on 64-bit host */ + + __guest_get_l2e(v, va, gpl2e); + + /* Check the guest L2 page-table entry first*/ + if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_PRESENT))) + return 1; + + if (error_code & ERROR_W) { + if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_RW))) + return 1; + } + if (error_code & ERROR_U) { + if (unlikely(!(guest_l2e_get_flags(*gpl2e) & _PAGE_USER))) + return 1; + } + + if (guest_l2e_get_flags(*gpl2e) & _PAGE_PSE) + return 0; + + __guest_get_l1e(v, va, gpl1e); + + /* Then check the guest L1 page-table entry */ + if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_PRESENT))) + return 1; + + if (error_code & ERROR_W) { + if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_RW))) + return 1; + } + if (error_code & ERROR_U) { + if (unlikely(!(guest_l1e_get_flags(*gpl1e) & _PAGE_USER))) + return 1; + } + + return 0; +} +#else +static inline int guest_page_fault(struct vcpu *v, + unsigned long va, unsigned int error_code, + guest_l2_pgentry_t *gpl2e, guest_l1_pgentry_t *gpl1e) +{ + struct domain *d = v->domain; + pgentry_64_t gle, *lva; + unsigned long mfn; + int i; + + __rw_entry(v, va, &gle, GUEST_ENTRY | GET_ENTRY | PAGING_L4); + if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT))) + return 1; + + if (error_code & ERROR_W) { + if (unlikely(!(entry_get_flags(gle) & _PAGE_RW))) + return 1; + } + if (error_code & ERROR_U) { + if (unlikely(!(entry_get_flags(gle) & _PAGE_USER))) + return 1; + } + for (i = PAGING_L3; i >= PAGING_L1; i--) { + /* + * If it's not external mode, then mfn should be machine physical. + */ + mfn = __gpfn_to_mfn(d, (entry_get_value(gle) >> PAGE_SHIFT)); + + lva = (pgentry_64_t *) phys_to_virt( + mfn << PAGE_SHIFT); + gle = lva[table_offset_64(va, i)]; + + if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT))) + return 1; + + if (error_code & ERROR_W) { + if (unlikely(!(entry_get_flags(gle) & _PAGE_RW))) + return 1; + } + if (error_code & ERROR_U) { + if (unlikely(!(entry_get_flags(gle) & _PAGE_USER))) + return 1; + } + + if (i == PAGING_L2) { + if (gpl2e) + gpl2e->l2 = gle.lo; + + if (likely(entry_get_flags(gle) & _PAGE_PSE)) + return 0; + + } + + if (i == PAGING_L1) + if (gpl1e) + gpl1e->l1 = gle.lo; + } + return 0; +} +#endif static int shadow_fault_64(unsigned long va, struct cpu_user_regs *regs) { struct vcpu *v = current; struct domain *d = v->domain; - l2_pgentry_t gl2e; - l1_pgentry_t sl1e, gl1e; + guest_l2_pgentry_t gl2e; + guest_l1_pgentry_t gl1e; + l1_pgentry_t sl1e; perfc_incrc(shadow_fault_calls); @@ -2853,12 +3129,11 @@ * STEP 2. Check if the fault belongs to guest */ if ( guest_page_fault( - v, va, regs->error_code, - (pgentry_64_t *)&gl2e, (pgentry_64_t *)&gl1e) ) { + v, va, regs->error_code, &gl2e, &gl1e) ) { goto fail; } - if ( unlikely(!(l2e_get_flags(gl2e) & _PAGE_PSE)) ) { + if ( unlikely(!(guest_l2e_get_flags(gl2e) & _PAGE_PSE)) ) { /* * Handle 4K pages here */ @@ -2892,11 +3167,11 @@ */ /* Write fault? */ if ( regs->error_code & 2 ) { - if ( !l2e_rw_fault(v, &gl2e, va, WRITE_FAULT) ) { + if ( !l2e_rw_fault(v, (l2_pgentry_t *)&gl2e, va, WRITE_FAULT) ) { goto fail; } } else { - l2e_rw_fault(v, &gl2e, va, READ_FAULT); + l2e_rw_fault(v, (l2_pgentry_t *)&gl2e, va, READ_FAULT); } /* @@ -2944,7 +3219,27 @@ shadow_unlock(d); } -#ifndef PGENTRY_32 +static unsigned long gva_to_gpa_64(unsigned long gva) +{ + struct vcpu *v = current; + guest_l1_pgentry_t gl1e = {0}; + guest_l2_pgentry_t gl2e = {0}; + unsigned long gpa; + + if (guest_page_fault(v, gva, 0, &gl2e, &gl1e)) + return 0; + + if (guest_l2e_get_flags(gl2e) & _PAGE_PSE) + gpa = guest_l2e_get_paddr(gl2e) + (gva & ((1 << GUEST_L2_PAGETABLE_SHIFT) - 1)); + else + gpa = guest_l1e_get_paddr(gl1e) + (gva & ~PAGE_MASK); + + return gpa; + +} + +#ifndef GUEST_PGENTRY_32 + struct shadow_ops MODE_F_HANDLER = { .guest_paging_levels = 4, .invlpg = shadow_invlpg_64, @@ -2955,10 +3250,42 @@ .do_update_va_mapping = do_update_va_mapping, .mark_mfn_out_of_sync = mark_mfn_out_of_sync, .is_out_of_sync = is_out_of_sync, + .gva_to_gpa = gva_to_gpa_64, }; #endif #endif + +#if CONFIG_PAGING_LEVELS == 2 +struct shadow_ops MODE_A_HANDLER = { + .guest_paging_levels = 2, + .invlpg = shadow_invlpg_32, + .fault = shadow_fault_32, + .update_pagetables = shadow_update_pagetables, + .sync_all = sync_all, + .remove_all_write_access = remove_all_write_access, + .do_update_va_mapping = do_update_va_mapping, + .mark_mfn_out_of_sync = mark_mfn_out_of_sync, + .is_out_of_sync = is_out_of_sync, + .gva_to_gpa = gva_to_gpa_64, +}; + +#elif CONFIG_PAGING_LEVELS == 3 +struct shadow_ops MODE_B_HANDLER = { + .guest_paging_levels = 3, + .invlpg = shadow_invlpg_32, + .fault = shadow_fault_32, + .update_pagetables = shadow_update_pagetables, + .sync_all = sync_all, + .remove_all_write_access = remove_all_write_access, + .do_update_va_mapping = do_update_va_mapping, + .mark_mfn_out_of_sync = mark_mfn_out_of_sync, + .is_out_of_sync = is_out_of_sync, + .gva_to_gpa = gva_to_gpa_pae, +}; + +#endif + /* * Local variables: diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/shadow_public.c --- a/xen/arch/x86/shadow_public.c Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/shadow_public.c Fri Sep 2 14:17:08 2005 @@ -33,11 +33,15 @@ #if CONFIG_PAGING_LEVELS >= 3 #include <asm/shadow_64.h> +#endif +#if CONFIG_PAGING_LEVELS == 4 extern struct shadow_ops MODE_F_HANDLER; +extern struct shadow_ops MODE_D_HANDLER; #endif extern struct shadow_ops MODE_A_HANDLER; +#define SHADOW_MAX_GUEST32(_encoded) ((L1_PAGETABLE_ENTRIES_32 - 1) - ((_encoded) >> 16)) /****************************************************************************/ /************* export interface functions ***********************************/ /****************************************************************************/ @@ -48,7 +52,7 @@ shadow_lock(d); switch(levels) { -#if CONFIG_PAGING_LEVELS >= 4 +#if CONFIG_PAGING_LEVELS >= 4 case 4: if ( d->arch.ops != &MODE_F_HANDLER ) d->arch.ops = &MODE_F_HANDLER; @@ -56,9 +60,14 @@ return 1; #endif case 3: - case 2: + case 2: +#if CONFIG_PAGING_LEVELS == 2 if ( d->arch.ops != &MODE_A_HANDLER ) d->arch.ops = &MODE_A_HANDLER; +#elif CONFIG_PAGING_LEVELS == 4 + if ( d->arch.ops != &MODE_D_HANDLER ) + d->arch.ops = &MODE_D_HANDLER; +#endif shadow_unlock(d); return 1; default: @@ -122,13 +131,17 @@ return d->arch.ops->is_out_of_sync(v, va); } +unsigned long gva_to_gpa(unsigned long gva) +{ + struct domain *d = current->domain; + return d->arch.ops->gva_to_gpa(gva); +} /****************************************************************************/ /****************************************************************************/ #if CONFIG_PAGING_LEVELS >= 4 /* * Convert PAE 3-level page-table to 4-level page-table */ -#define PDP_ENTRIES 4 static pagetable_t page_table_convert(struct domain *d) { struct pfn_info *l4page, *l3page; @@ -203,19 +216,41 @@ /* * Free l2, l3, l4 shadow tables */ + +void free_fake_shadow_l2(struct domain *d,unsigned long smfn); + static void inline free_shadow_tables(struct domain *d, unsigned long smfn, u32 level) { pgentry_64_t *ple = map_domain_page(smfn); int i, external = shadow_mode_external(d); - - for ( i = 0; i < PAGETABLE_ENTRIES; i++ ) - if ( external || is_guest_l4_slot(i) ) - if ( entry_get_flags(ple[i]) & _PAGE_PRESENT ) - put_shadow_ref(entry_get_pfn(ple[i])); - - unmap_domain_page(ple); -} + struct pfn_info *page = &frame_table[smfn]; + + if (d->arch.ops->guest_paging_levels == PAGING_L2) + { +#if CONFIG_PAGING_LEVELS >=4 + for ( i = 0; i < PDP_ENTRIES; i++ ) + { + if (entry_get_flags(ple[i]) & _PAGE_PRESENT ) + free_fake_shadow_l2(d,entry_get_pfn(ple[i])); + } + + page = &frame_table[entry_get_pfn(ple[0])]; + free_domheap_pages(page, SL2_ORDER); + unmap_domain_page(ple); +#endif + } + else + { + for ( i = 0; i < PAGETABLE_ENTRIES; i++ ) + if ( external || is_guest_l4_slot(i) ) + if ( entry_get_flags(ple[i]) & _PAGE_PRESENT ) + put_shadow_ref(entry_get_pfn(ple[i])); + + unmap_domain_page(ple); + } +} + void free_monitor_pagetable(struct vcpu *v) { @@ -453,7 +488,12 @@ struct pfn_info *spage = pfn_to_page(smfn); u32 min_max = spage->tlbflush_timestamp; int min = SHADOW_MIN(min_max); - int max = SHADOW_MAX(min_max); + int max; + + if (d->arch.ops->guest_paging_levels == PAGING_L2) + max = SHADOW_MAX_GUEST32(min_max); + else + max = SHADOW_MAX(min_max); for ( i = min; i <= max; i++ ) { @@ -512,9 +552,24 @@ unmap_domain_page(pl2e); } +void free_fake_shadow_l2(struct domain *d, unsigned long smfn) +{ + pgentry_64_t *ple = map_domain_page(smfn); + int i; + + for ( i = 0; i < PAGETABLE_ENTRIES; i = i + 2 ) + { + if ( entry_get_flags(ple[i]) & _PAGE_PRESENT ) + put_shadow_ref(entry_get_pfn(ple[i])); + } + + unmap_domain_page(ple); +} + void free_shadow_page(unsigned long smfn) { struct pfn_info *page = &frame_table[smfn]; + unsigned long gmfn = page->u.inuse.type_info & PGT_mfn_mask; struct domain *d = page_get_owner(pfn_to_page(gmfn)); unsigned long gpfn = __mfn_to_gpfn(d, gmfn); @@ -531,6 +586,7 @@ gpfn |= (1UL << 63); } #endif + delete_shadow_status(d, gpfn, gmfn, type); switch ( type ) @@ -687,7 +743,7 @@ int i; struct shadow_status *x; struct vcpu *v; - + /* * WARNING! The shadow page table must not currently be in use! * e.g., You are expected to have paused the domain and synchronized CR3. @@ -794,7 +850,16 @@ perfc_decr(free_l1_pages); struct pfn_info *page = list_entry(list_ent, struct pfn_info, list); - free_domheap_page(page); + if (d->arch.ops->guest_paging_levels == PAGING_L2) + { +#if CONFIG_PAGING_LEVELS >=4 + free_domheap_pages(page, SL1_ORDER); +#else + free_domheap_page(page); +#endif + } + else + free_domheap_page(page); } shadow_audit(d, 0); @@ -1191,7 +1256,7 @@ { DPRINTK("Don't try to do a shadow op on yourself!\n"); return -EINVAL; - } + } domain_pause(d); diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/traps.c --- a/xen/arch/x86/traps.c Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/traps.c Fri Sep 2 14:17:08 2005 @@ -100,7 +100,14 @@ static int debug_stack_lines = 20; integer_param("debug_stack_lines", debug_stack_lines); -#define stack_words_per_line (32 / BYTES_PER_LONG) + +#ifdef CONFIG_X86_32 +#define stack_words_per_line 8 +#define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)&regs->esp) +#else +#define stack_words_per_line 4 +#define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)regs->esp) +#endif int is_kernel_text(unsigned long addr) { @@ -118,17 +125,16 @@ return (unsigned long) &_etext; } -void show_guest_stack(void) +static void show_guest_stack(struct cpu_user_regs *regs) { int i; - struct cpu_user_regs *regs = guest_cpu_user_regs(); unsigned long *stack = (unsigned long *)regs->esp, addr; printk("Guest stack trace from "__OP"sp=%p:\n ", stack); for ( i = 0; i < (debug_stack_lines*stack_words_per_line); i++ ) { - if ( ((long)stack & (STACK_SIZE-1)) == 0 ) + if ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0 ) break; if ( get_user(addr, stack) ) { @@ -148,38 +154,98 @@ printk("\n"); } -void show_trace(unsigned long *esp) -{ - unsigned long *stack = esp, addr; - int i = 0; - - printk("Xen call trace from "__OP"sp=%p:\n ", stack); - - while ( ((long) stack & (STACK_SIZE-1)) != 0 ) +#ifdef NDEBUG + +static void show_trace(struct cpu_user_regs *regs) +{ + unsigned long *stack = ESP_BEFORE_EXCEPTION(regs), addr; + + printk("Xen call trace:\n "); + + printk("[<%p>]", _p(regs->eip)); + print_symbol(" %s\n ", regs->eip); + + while ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) != 0 ) { addr = *stack++; if ( is_kernel_text(addr) ) { printk("[<%p>]", _p(addr)); print_symbol(" %s\n ", addr); - i++; - } - } - if ( i == 0 ) - printk("Trace empty."); + } + } + printk("\n"); } -void show_stack(unsigned long *esp) -{ - unsigned long *stack = esp, addr; +#else + +static void show_trace(struct cpu_user_regs *regs) +{ + unsigned long *frame, next, addr, low, high; + + printk("Xen call trace:\n "); + + printk("[<%p>]", _p(regs->eip)); + print_symbol(" %s\n ", regs->eip); + + /* Bounds for range of valid frame pointer. */ + low = (unsigned long)(ESP_BEFORE_EXCEPTION(regs) - 2); + high = (low & ~(STACK_SIZE - 1)) + (STACK_SIZE - sizeof(struct cpu_info)); + + /* The initial frame pointer. */ + next = regs->ebp; + + for ( ; ; ) + { + /* Valid frame pointer? */ + if ( (next < low) || (next > high) ) + { + /* + * Exception stack frames have a different layout, denoted by an + * inverted frame pointer. + */ + next = ~next; + if ( (next < low) || (next > high) ) + break; + frame = (unsigned long *)next; + next = frame[0]; + addr = frame[(offsetof(struct cpu_user_regs, eip) - + offsetof(struct cpu_user_regs, ebp)) + / BYTES_PER_LONG]; + } + else + { + /* Ordinary stack frame. */ + frame = (unsigned long *)next; + next = frame[0]; + addr = frame[1]; + } + + printk("[<%p>]", _p(addr)); + print_symbol(" %s\n ", addr); + + low = (unsigned long)&frame[2]; + } + + printk("\n"); +} + +#endif + +void show_stack(struct cpu_user_regs *regs) +{ + unsigned long *stack = ESP_BEFORE_EXCEPTION(regs), addr; int i; + if ( GUEST_MODE(regs) ) + return show_guest_stack(regs); + printk("Xen stack trace from "__OP"sp=%p:\n ", stack); for ( i = 0; i < (debug_stack_lines*stack_words_per_line); i++ ) { - if ( ((long)stack & (STACK_SIZE-1)) == 0 ) + if ( ((long)stack & (STACK_SIZE-BYTES_PER_LONG)) == 0 ) break; if ( (i != 0) && ((i % stack_words_per_line) == 0) ) printk("\n "); @@ -190,7 +256,7 @@ printk("Stack empty."); printk("\n"); - show_trace(esp); + show_trace(regs); } /* diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/vmx.c --- a/xen/arch/x86/vmx.c Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/vmx.c Fri Sep 2 14:17:08 2005 @@ -412,7 +412,7 @@ if ( !result ) { __vmread(GUEST_RIP, &eip); - printk("vmx pgfault to guest va=%p eip=%p\n", va, eip); + printk("vmx pgfault to guest va=%lx eip=%lx\n", va, eip); } #endif @@ -456,7 +456,16 @@ clear_bit(X86_FEATURE_PSE, &edx); clear_bit(X86_FEATURE_PAE, &edx); clear_bit(X86_FEATURE_PSE36, &edx); +#else + struct vcpu *d = current; + if (d->domain->arch.ops->guest_paging_levels == PAGING_L2) + { + clear_bit(X86_FEATURE_PSE, &edx); + clear_bit(X86_FEATURE_PAE, &edx); + clear_bit(X86_FEATURE_PSE36, &edx); + } #endif + } regs->eax = (unsigned long) eax; @@ -650,7 +659,7 @@ p->df = (eflags & X86_EFLAGS_DF) ? 1 : 0; if (test_bit(5, &exit_qualification)) /* "rep" prefix */ - p->count = vm86 ? regs->ecx & 0xFFFF : regs->ecx; + p->count = vm86 ? regs->ecx & 0xFFFF : regs->ecx; /* * Split up string I/O operations that cross page boundaries. Don't @@ -1006,6 +1015,15 @@ #if CONFIG_PAGING_LEVELS >= 4 if(!shadow_set_guest_paging_levels(d->domain, 4)) { + printk("Unsupported guest paging levels\n"); + domain_crash_synchronous(); /* need to take a clean path */ + } +#endif + } + else + { +#if CONFIG_PAGING_LEVELS >= 4 + if(!shadow_set_guest_paging_levels(d->domain, 2)) { printk("Unsupported guest paging levels\n"); domain_crash_synchronous(); /* need to take a clean path */ } diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/x86_32/traps.c --- a/xen/arch/x86/x86_32/traps.c Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/x86_32/traps.c Fri Sep 2 14:17:08 2005 @@ -79,11 +79,8 @@ "ss: %04lx cs: %04lx\n", ds, es, fs, gs, ss, cs); - if ( GUEST_MODE(regs) ) - show_guest_stack(); - else - show_stack((unsigned long *)&regs->esp); -} + show_stack(regs); +} void show_page_walk(unsigned long addr) { diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/x86_64/traps.c --- a/xen/arch/x86/x86_64/traps.c Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/x86_64/traps.c Fri Sep 2 14:17:08 2005 @@ -32,10 +32,7 @@ regs->r12, regs->r13, regs->r14); printk("r15: %016lx\n", regs->r15); - if ( GUEST_MODE(regs) ) - show_guest_stack(); - else - show_stack((unsigned long *)regs->rsp); + show_stack(regs); } void show_page_walk(unsigned long addr) diff -r edd1616cf8cb -r 291e816acbf4 xen/common/acm_ops.c --- a/xen/common/acm_ops.c Fri Sep 2 14:15:49 2005 +++ b/xen/common/acm_ops.c Fri Sep 2 14:17:08 2005 @@ -19,6 +19,7 @@ #include <xen/types.h> #include <xen/lib.h> #include <xen/mm.h> +#include <public/acm.h> #include <public/acm_ops.h> #include <xen/sched.h> #include <xen/event.h> @@ -41,7 +42,8 @@ POLICY, /* access to policy interface (early drop) */ GETPOLICY, /* dump policy cache */ SETPOLICY, /* set policy cache (controls security) */ - DUMPSTATS /* dump policy statistics */ + DUMPSTATS, /* dump policy statistics */ + GETSSID /* retrieve ssidref for domain id */ } acm_operation_t; int acm_authorize_acm_ops(struct domain *d, acm_operation_t pops) @@ -117,6 +119,35 @@ } break; + case ACM_GETSSID: + { + ssidref_t ssidref; + + if (acm_authorize_acm_ops(current->domain, GETSSID)) + return -EACCES; + + if (op->u.getssid.get_ssid_by == SSIDREF) + ssidref = op->u.getssid.id.ssidref; + else if (op->u.getssid.get_ssid_by == DOMAINID) { + struct domain *subj = find_domain_by_id(op->u.getssid.id.domainid); + if (!subj) + return -ESRCH; /* domain not found */ + + ssidref = ((struct acm_ssid_domain *)(subj->ssid))->ssidref; + put_domain(subj); + } else + return -ESRCH; + + ret = acm_get_ssid(ssidref, + op->u.getssid.ssidbuf, + op->u.getssid.ssidbuf_size); + if (ret == ACM_OK) + ret = 0; + else + ret = -ESRCH; + } + break; + default: ret = -ESRCH; diff -r edd1616cf8cb -r 291e816acbf4 xen/common/domain.c --- a/xen/common/domain.c Fri Sep 2 14:15:49 2005 +++ b/xen/common/domain.c Fri Sep 2 14:17:08 2005 @@ -178,6 +178,9 @@ struct domain *d = current->domain; struct vcpu *v; + if(reason == SHUTDOWN_crash) + printk("Domain %d crash detected.\n", d->domain_id); + if ( d->domain_id == 0 ) { extern void machine_restart(char *); diff -r edd1616cf8cb -r 291e816acbf4 xen/common/grant_table.c --- a/xen/common/grant_table.c Fri Sep 2 14:15:49 2005 +++ b/xen/common/grant_table.c Fri Sep 2 14:17:08 2005 @@ -887,21 +887,21 @@ e->tot_pages, e->max_pages); spin_unlock(&e->page_alloc_lock); put_domain(e); - result = GNTST_general_error; + gop->status = result = GNTST_general_error; break; } if (unlikely(test_bit(DOMFLAGS_DYING, &e->domain_flags))) { printk("gnttab_donate: target domain is dying\n"); spin_unlock(&e->page_alloc_lock); put_domain(e); - result = GNTST_general_error; + gop->status = result = GNTST_general_error; break; } if (unlikely(!gnttab_prepare_for_transfer(e, d, gop->handle))) { - printk("gnttab_donate: gnttab_prepare_for_transfer fails\n"); + printk("gnttab_donate: gnttab_prepare_for_transfer fails.\n"); spin_unlock(&e->page_alloc_lock); put_domain(e); - result = GNTST_general_error; + gop->status = result = GNTST_general_error; break; } #else @@ -914,7 +914,8 @@ e->tot_pages, e->max_pages, gop->handle, e->d_flags); spin_unlock(&e->page_alloc_lock); put_domain(e); - result = GNTST_general_error; + /* XXX SMH: better error return here would be useful */ + gop->status = result = GNTST_general_error; break; } #endif @@ -1020,7 +1021,7 @@ lgt = ld->grant_table; #if GRANT_DEBUG_VERBOSE - if ( ld->domain_ id != 0 ) { + if ( ld->domain_id != 0 ) { DPRINTK("Foreign unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n", rd->domain_id, ld->domain_id, frame, readonly); } diff -r edd1616cf8cb -r 291e816acbf4 xen/include/acm/acm_core.h --- a/xen/include/acm/acm_core.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/acm/acm_core.h Fri Sep 2 14:17:08 2005 @@ -101,9 +101,15 @@ * primary ssidref = lower 16 bit * secondary ssidref = higher 16 bit */ +#define ACM_PRIMARY(ssidref) \ + ((ssidref) & 0xffff) + +#define ACM_SECONDARY(ssidref) \ + ((ssidref) >> 16) + #define GET_SSIDREF(POLICY, ssidref) \ ((POLICY) == acm_bin_pol.primary_policy_code) ? \ - ((ssidref) & 0xffff) : ((ssidref) >> 16) + ACM_PRIMARY(ssidref) : ACM_SECONDARY(ssidref) /* macros to access ssid pointer for primary / secondary policy */ #define GET_SSIDP(POLICY, ssid) \ @@ -116,6 +122,7 @@ int acm_set_policy(void *buf, u16 buf_size, int isuserbuffer); int acm_get_policy(void *buf, u16 buf_size); int acm_dump_statistics(void *buf, u16 buf_size); +int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size); #endif diff -r edd1616cf8cb -r 291e816acbf4 xen/include/acm/acm_hooks.h --- a/xen/include/acm/acm_hooks.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/acm/acm_hooks.h Fri Sep 2 14:17:08 2005 @@ -92,6 +92,7 @@ int (*dump_binary_policy) (u8 *buffer, u16 buf_size); int (*set_binary_policy) (u8 *buffer, u16 buf_size); int (*dump_statistics) (u8 *buffer, u16 buf_size); + int (*dump_ssid_types) (ssidref_t ssidref, u8 *buffer, u16 buf_size); /* domain management control hooks (can be NULL) */ int (*pre_domain_create) (void *subject_ssid, ssidref_t ssidref); void (*post_domain_create) (domid_t domid, ssidref_t ssidref); diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/page-guest32.h --- a/xen/include/asm-x86/page-guest32.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/page-guest32.h Fri Sep 2 14:17:08 2005 @@ -32,6 +32,11 @@ /* Get pte access flags (unsigned int). */ #define l1e_get_flags_32(x) (get_pte_flags_32((x).l1)) #define l2e_get_flags_32(x) (get_pte_flags_32((x).l2)) + +#define l1e_get_paddr_32(x) \ + ((physaddr_t)(((x).l1 & (PADDR_MASK&PAGE_MASK)))) +#define l2e_get_paddr_32(x) \ + ((physaddr_t)(((x).l2 & (PADDR_MASK&PAGE_MASK)))) /* Construct an empty pte. */ #define l1e_empty_32() ((l1_pgentry_32_t) { 0 }) diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/processor.h --- a/xen/include/asm-x86/processor.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/processor.h Fri Sep 2 14:17:08 2005 @@ -496,9 +496,7 @@ #endif -void show_guest_stack(); -void show_trace(unsigned long *esp); -void show_stack(unsigned long *esp); +void show_stack(struct cpu_user_regs *regs); void show_registers(struct cpu_user_regs *regs); void show_page_walk(unsigned long addr); asmlinkage void fatal_trap(int trapnr, struct cpu_user_regs *regs); diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/shadow.h --- a/xen/include/asm-x86/shadow.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/shadow.h Fri Sep 2 14:17:08 2005 @@ -34,6 +34,8 @@ #include <asm/vmx.h> #include <public/dom0_ops.h> #include <asm/shadow_public.h> +#include <asm/page-guest32.h> +#include <asm/shadow_ops.h> /* Shadow PT operation mode : shadow-mode variable in arch_domain. */ @@ -104,9 +106,9 @@ } while (0) #endif -#define SHADOW_ENCODE_MIN_MAX(_min, _max) ((((L1_PAGETABLE_ENTRIES - 1) - (_max)) << 16) | (_min)) +#define SHADOW_ENCODE_MIN_MAX(_min, _max) ((((GUEST_L1_PAGETABLE_ENTRIES - 1) - (_max)) << 16) | (_min)) #define SHADOW_MIN(_encoded) ((_encoded) & ((1u<<16) - 1)) -#define SHADOW_MAX(_encoded) ((L1_PAGETABLE_ENTRIES - 1) - ((_encoded) >> 16)) +#define SHADOW_MAX(_encoded) ((GUEST_L1_PAGETABLE_ENTRIES - 1) - ((_encoded) >> 16)) extern void shadow_mode_init(void); extern int shadow_mode_control(struct domain *p, dom0_shadow_control_t *sc); @@ -132,6 +134,7 @@ struct domain_mmap_cache *cache); #if CONFIG_PAGING_LEVELS >= 3 #include <asm/page-guest32.h> +extern unsigned long gva_to_gpa(unsigned long gva); extern void shadow_l3_normal_pt_update(struct domain *d, unsigned long pa, l3_pgentry_t l3e, struct domain_mmap_cache *cache); @@ -794,22 +797,22 @@ #endif static inline void l1pte_propagate_from_guest( - struct domain *d, l1_pgentry_t gpte, l1_pgentry_t *spte_p) + struct domain *d, guest_l1_pgentry_t gpte, l1_pgentry_t *spte_p) { unsigned long mfn; l1_pgentry_t spte; spte = l1e_empty(); - if ( ((l1e_get_flags(gpte) & (_PAGE_PRESENT|_PAGE_ACCESSED) ) == + if ( ((guest_l1e_get_flags(gpte) & (_PAGE_PRESENT|_PAGE_ACCESSED) ) == (_PAGE_PRESENT|_PAGE_ACCESSED)) && VALID_MFN(mfn = __gpfn_to_mfn(d, l1e_get_pfn(gpte))) ) { spte = l1e_from_pfn( - mfn, l1e_get_flags(gpte) & ~(_PAGE_GLOBAL | _PAGE_AVAIL)); + mfn, guest_l1e_get_flags(gpte) & ~(_PAGE_GLOBAL | _PAGE_AVAIL)); if ( shadow_mode_log_dirty(d) || - !(l1e_get_flags(gpte) & _PAGE_DIRTY) || + !(guest_l1e_get_flags(gpte) & _PAGE_DIRTY) || mfn_is_page_table(mfn) ) { l1e_remove_flags(spte, _PAGE_RW); @@ -859,22 +862,22 @@ static inline void l2pde_general( struct domain *d, - l2_pgentry_t *gpde_p, + guest_l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p, unsigned long sl1mfn) { - l2_pgentry_t gpde = *gpde_p; + guest_l2_pgentry_t gpde = *gpde_p; l2_pgentry_t spde; spde = l2e_empty(); - if ( (l2e_get_flags(gpde) & _PAGE_PRESENT) && (sl1mfn != 0) ) + if ( (guest_l2e_get_flags(gpde) & _PAGE_PRESENT) && (sl1mfn != 0) ) { spde = l2e_from_pfn( - sl1mfn, - (l2e_get_flags(gpde) | _PAGE_RW | _PAGE_ACCESSED) & ~_PAGE_AVAIL); + sl1mfn, + (guest_l2e_get_flags(gpde) | _PAGE_RW | _PAGE_ACCESSED) & ~_PAGE_AVAIL); /* N.B. PDEs do not have a dirty bit. */ - l2e_add_flags(gpde, _PAGE_ACCESSED); + guest_l2e_add_flags(gpde, _PAGE_ACCESSED); *gpde_p = gpde; } @@ -887,12 +890,12 @@ } static inline void l2pde_propagate_from_guest( - struct domain *d, l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p) -{ - l2_pgentry_t gpde = *gpde_p; + struct domain *d, guest_l2_pgentry_t *gpde_p, l2_pgentry_t *spde_p) +{ + guest_l2_pgentry_t gpde = *gpde_p; unsigned long sl1mfn = 0; - if ( l2e_get_flags(gpde) & _PAGE_PRESENT ) + if ( guest_l2e_get_flags(gpde) & _PAGE_PRESENT ) sl1mfn = __shadow_status(d, l2e_get_pfn(gpde), PGT_l1_shadow); l2pde_general(d, gpde_p, spde_p, sl1mfn); } @@ -904,7 +907,7 @@ static int inline validate_pte_change( struct domain *d, - l1_pgentry_t new_pte, + guest_l1_pgentry_t new_pte, l1_pgentry_t *shadow_pte_p) { l1_pgentry_t old_spte, new_spte; @@ -1004,7 +1007,7 @@ static int inline validate_pde_change( struct domain *d, - l2_pgentry_t new_gpde, + guest_l2_pgentry_t new_gpde, l2_pgentry_t *shadow_pde_p) { l2_pgentry_t old_spde, new_spde; diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/shadow_64.h --- a/xen/include/asm-x86/shadow_64.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/shadow_64.h Fri Sep 2 14:17:08 2005 @@ -27,6 +27,7 @@ #ifndef _XEN_SHADOW_64_H #define _XEN_SHADOW_64_H #include <asm/shadow.h> +#include <asm/shadow_ops.h> #define READ_FAULT 0 #define WRITE_FAULT 1 @@ -42,14 +43,14 @@ #define ESH_LOG(_f, _a...) ((void)0) #endif -#define L4 4UL -#define L3 3UL -#define L2 2UL -#define L1 1UL +#define PAGING_L4 4UL +#define PAGING_L3 3UL +#define PAGING_L2 2UL +#define PAGING_L1 1UL #define L_MASK 0xff -#define ROOT_LEVEL_64 L4 -#define ROOT_LEVEL_32 L2 +#define ROOT_LEVEL_64 PAGING_L4 +#define ROOT_LEVEL_32 PAGING_L2 #define SHADOW_ENTRY (2UL << 16) #define GUEST_ENTRY (1UL << 16) @@ -58,6 +59,10 @@ #define SET_ENTRY (1UL << 8) #define PAGETABLE_ENTRIES (1<<PAGETABLE_ORDER) + +/* For 32-bit VMX guest to allocate shadow L1 & L2*/ +#define SL1_ORDER 1 +#define SL2_ORDER 2 typedef struct { intpte_t lo; } pgentry_64_t; #define shadow_level_to_type(l) (l << 29) @@ -76,6 +81,10 @@ #define entry_remove_flags(x, flags) ((x).lo &= ~put_pte_flags(flags)) #define entry_has_changed(x,y,flags) \ ( !!(((x).lo ^ (y).lo) & ((PADDR_MASK&PAGE_MASK)|put_pte_flags(flags))) ) + +#define PAE_SHADOW_SELF_ENTRY 259 +#define PDP_ENTRIES 4 + static inline int table_offset_64(unsigned long va, int level) { switch(level) { @@ -86,8 +95,13 @@ case 3: return (((va) >> L3_PAGETABLE_SHIFT) & (L3_PAGETABLE_ENTRIES - 1)); #if CONFIG_PAGING_LEVELS >= 4 +#ifndef GUEST_PGENTRY_32 case 4: return (((va) >> L4_PAGETABLE_SHIFT) & (L4_PAGETABLE_ENTRIES - 1)); +#else + case 4: + return PAE_SHADOW_SELF_ENTRY; +#endif #endif default: //printk("<table_offset_64> level %d is too big\n", level); @@ -165,30 +179,30 @@ return le_e; } #define __shadow_set_l4e(v, va, value) \ - __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L4) + __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L4) #define __shadow_get_l4e(v, va, sl4e) \ - __rw_entry(v, va, sl4e, SHADOW_ENTRY | GET_ENTRY | L4) + __rw_entry(v, va, sl4e, SHADOW_ENTRY | GET_ENTRY | PAGING_L4) #define __shadow_set_l3e(v, va, value) \ - __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L3) + __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L3) #define __shadow_get_l3e(v, va, sl3e) \ - __rw_entry(v, va, sl3e, SHADOW_ENTRY | GET_ENTRY | L3) + __rw_entry(v, va, sl3e, SHADOW_ENTRY | GET_ENTRY | PAGING_L3) #define __shadow_set_l2e(v, va, value) \ - __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L2) + __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L2) #define __shadow_get_l2e(v, va, sl2e) \ - __rw_entry(v, va, sl2e, SHADOW_ENTRY | GET_ENTRY | L2) + __rw_entry(v, va, sl2e, SHADOW_ENTRY | GET_ENTRY | PAGING_L2) #define __shadow_set_l1e(v, va, value) \ - __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | L1) + __rw_entry(v, va, value, SHADOW_ENTRY | SET_ENTRY | PAGING_L1) #define __shadow_get_l1e(v, va, sl1e) \ - __rw_entry(v, va, sl1e, SHADOW_ENTRY | GET_ENTRY | L1) + __rw_entry(v, va, sl1e, SHADOW_ENTRY | GET_ENTRY | PAGING_L1) #define __guest_set_l4e(v, va, value) \ - __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L4) + __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L4) #define __guest_get_l4e(v, va, gl4e) \ - __rw_entry(v, va, gl4e, GUEST_ENTRY | GET_ENTRY | L4) + __rw_entry(v, va, gl4e, GUEST_ENTRY | GET_ENTRY | PAGING_L4) #define __guest_set_l3e(v, va, value) \ - __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L3) + __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L3) #define __guest_get_l3e(v, va, sl3e) \ - __rw_entry(v, va, gl3e, GUEST_ENTRY | GET_ENTRY | L3) + __rw_entry(v, va, gl3e, GUEST_ENTRY | GET_ENTRY | PAGING_L3) static inline void * __guest_set_l2e( struct vcpu *v, u64 va, void *value, int size) @@ -205,7 +219,7 @@ return &l2va[l2_table_offset_32(va)]; } case 8: - return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L2); + return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L2); default: BUG(); return NULL; @@ -230,7 +244,7 @@ return &l2va[l2_table_offset_32(va)]; } case 8: - return __rw_entry(v, va, gl2e, GUEST_ENTRY | GET_ENTRY | L2); + return __rw_entry(v, va, gl2e, GUEST_ENTRY | GET_ENTRY | PAGING_L2); default: BUG(); return NULL; @@ -269,7 +283,7 @@ } case 8: - return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | L1); + return __rw_entry(v, va, value, GUEST_ENTRY | SET_ENTRY | PAGING_L1); default: BUG(); return NULL; @@ -310,7 +324,7 @@ } case 8: // 64-bit guest - return __rw_entry(v, va, gl1e, GUEST_ENTRY | GET_ENTRY | L1); + return __rw_entry(v, va, gl1e, GUEST_ENTRY | GET_ENTRY | PAGING_L1); default: BUG(); return NULL; @@ -334,7 +348,7 @@ sle = entry_empty(); if ( (entry_get_flags(gle) & _PAGE_PRESENT) && (smfn != 0) ) { - if ((entry_get_flags(gle) & _PAGE_PSE) && level == L2) { + if ((entry_get_flags(gle) & _PAGE_PSE) && level == PAGING_L2) { sle = entry_from_pfn(smfn, entry_get_flags(gle)); entry_remove_flags(sle, _PAGE_PSE); @@ -376,7 +390,7 @@ unsigned long smfn = 0; if ( entry_get_flags(gle) & _PAGE_PRESENT ) { - if ((entry_get_flags(gle) & _PAGE_PSE) && level == L2) { + if ((entry_get_flags(gle) & _PAGE_PSE) && level == PAGING_L2) { smfn = __shadow_status(d, entry_get_value(gle) >> PAGE_SHIFT, PGT_fl1_shadow); } else { smfn = __shadow_status(d, entry_get_pfn(gle), @@ -421,88 +435,6 @@ return 1; } -/* - * Check P, R/W, U/S bits in the guest page table. - * If the fault belongs to guest return 1, - * else return 0. - */ -static inline int guest_page_fault(struct vcpu *v, - unsigned long va, unsigned int error_code, pgentry_64_t *gpl2e, pgentry_64_t *gpl1e) -{ - struct domain *d = v->domain; - pgentry_64_t gle, *lva; - unsigned long mfn; - int i; - - __rw_entry(v, va, &gle, GUEST_ENTRY | GET_ENTRY | L4); - if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT))) - return 1; - - if (error_code & ERROR_W) { - if (unlikely(!(entry_get_flags(gle) & _PAGE_RW))) - return 1; - } - if (error_code & ERROR_U) { - if (unlikely(!(entry_get_flags(gle) & _PAGE_USER))) - return 1; - } - for (i = L3; i >= L1; i--) { - /* - * If it's not external mode, then mfn should be machine physical. - */ - mfn = __gpfn_to_mfn(d, (entry_get_paddr(gle) >> PAGE_SHIFT)); - if (mfn == -1) - return 1; - - lva = (pgentry_64_t *) phys_to_virt( - mfn << PAGE_SHIFT); - gle = lva[table_offset_64(va, i)]; - - if (unlikely(!(entry_get_flags(gle) & _PAGE_PRESENT))) - return 1; - - if (error_code & ERROR_W) { - if (unlikely(!(entry_get_flags(gle) & _PAGE_RW))) - return 1; - } - if (error_code & ERROR_U) { - if (unlikely(!(entry_get_flags(gle) & _PAGE_USER))) - return 1; - } - - if (i == L2) { - if (gpl2e) - *gpl2e = gle; - - if (likely(entry_get_flags(gle) & _PAGE_PSE)) - return 0; - - } - - if (i == L1) - if (gpl1e) - *gpl1e = gle; - } - return 0; -} - -static inline unsigned long gva_to_gpa(unsigned long gva) -{ - struct vcpu *v = current; - pgentry_64_t gl1e = {0}; - pgentry_64_t gl2e = {0}; - unsigned long gpa; - - if (guest_page_fault(v, gva, 0, &gl2e, &gl1e)) - return 0; - if (entry_get_flags(gl2e) & _PAGE_PSE) - gpa = entry_get_paddr(gl2e) + (gva & ((1 << L2_PAGETABLE_SHIFT) - 1)); - else - gpa = entry_get_paddr(gl1e) + (gva & ~PAGE_MASK); - - return gpa; - -} #endif diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/shadow_public.h --- a/xen/include/asm-x86/shadow_public.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/shadow_public.h Fri Sep 2 14:17:08 2005 @@ -49,6 +49,7 @@ (*mark_mfn_out_of_sync)(struct vcpu *v, unsigned long gpfn, unsigned long mfn); int (*is_out_of_sync)(struct vcpu *v, unsigned long va); + unsigned long (*gva_to_gpa)(unsigned long gva); }; #endif diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/x86_32/asm_defns.h --- a/xen/include/asm-x86/x86_32/asm_defns.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/x86_32/asm_defns.h Fri Sep 2 14:17:08 2005 @@ -1,10 +1,20 @@ #ifndef __X86_32_ASM_DEFNS_H__ #define __X86_32_ASM_DEFNS_H__ + +#ifndef NDEBUG +/* Indicate special exception stack frame by inverting the frame pointer. */ +#define SETUP_EXCEPTION_FRAME_POINTER \ + movl %esp,%ebp; \ + notl %ebp +#else +#define SETUP_EXCEPTION_FRAME_POINTER +#endif #define __SAVE_ALL_PRE \ cld; \ pushl %eax; \ pushl %ebp; \ + SETUP_EXCEPTION_FRAME_POINTER; \ pushl %edi; \ pushl %esi; \ pushl %edx; \ diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/x86_64/asm_defns.h --- a/xen/include/asm-x86/x86_64/asm_defns.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/x86_64/asm_defns.h Fri Sep 2 14:17:08 2005 @@ -1,5 +1,14 @@ #ifndef __X86_64_ASM_DEFNS_H__ #define __X86_64_ASM_DEFNS_H__ + +#ifndef NDEBUG +/* Indicate special exception stack frame by inverting the frame pointer. */ +#define SETUP_EXCEPTION_FRAME_POINTER \ + movq %rsp,%rbp; \ + notq %rbp +#else +#define SETUP_EXCEPTION_FRAME_POINTER +#endif #define SAVE_ALL \ cld; \ @@ -14,6 +23,7 @@ pushq %r11; \ pushq %rbx; \ pushq %rbp; \ + SETUP_EXCEPTION_FRAME_POINTER; \ pushq %r12; \ pushq %r13; \ pushq %r14; \ diff -r edd1616cf8cb -r 291e816acbf4 xen/include/public/acm.h --- a/xen/include/public/acm.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/public/acm.h Fri Sep 2 14:17:08 2005 @@ -56,20 +56,22 @@ #define ACM_ACCESS_DENIED -111 #define ACM_NULL_POINTER_ERROR -200 -#define ACM_MAX_POLICY 3 - +/* primary policy in lower 4 bits */ #define ACM_NULL_POLICY 0 #define ACM_CHINESE_WALL_POLICY 1 #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 -#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY 3 + +/* combinations have secondary policy component in higher 4bit */ +#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \ + ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY) /* policy: */ #define ACM_POLICY_NAME(X) \ - (X == ACM_NULL_POLICY) ? "NULL policy" : \ - (X == ACM_CHINESE_WALL_POLICY) ? "CHINESE WALL policy" : \ - (X == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "SIMPLE TYPE ENFORCEMENT policy" : \ - (X == ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ - "UNDEFINED policy" + ((X) == (ACM_NULL_POLICY)) ? "NULL policy" : \ + ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" : \ + ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \ + ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ + "UNDEFINED policy" /* the following policy versions must be increased * whenever the interpretation of the related @@ -122,7 +124,7 @@ */ struct acm_policy_buffer { u32 policy_version; /* ACM_POLICY_VERSION */ - u32 magic; + u32 magic; u32 len; u32 primary_policy_code; u32 primary_buffer_offset; @@ -151,7 +153,7 @@ }; struct acm_stats_buffer { - u32 magic; + u32 magic; u32 len; u32 primary_policy_code; u32 primary_stats_offset; @@ -168,5 +170,15 @@ u32 gt_cachehit_count; }; +struct acm_ssid_buffer { + u32 len; + ssidref_t ssidref; + u32 primary_policy_code; + u32 primary_max_types; + u32 primary_types_offset; + u32 secondary_policy_code; + u32 secondary_max_types; + u32 secondary_types_offset; +}; #endif diff -r edd1616cf8cb -r 291e816acbf4 xen/include/public/acm_ops.h --- a/xen/include/public/acm_ops.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/public/acm_ops.h Fri Sep 2 14:17:08 2005 @@ -1,3 +1,4 @@ + /****************************************************************************** * acm_ops.h * @@ -27,7 +28,7 @@ * This makes sure that old versions of acm tools will stop working in a * well-defined way (rather than crashing the machine, for instance). */ -#define ACM_INTERFACE_VERSION 0xAAAA0003 +#define ACM_INTERFACE_VERSION 0xAAAA0004 /************************************************************************/ @@ -46,12 +47,25 @@ u16 pullcache_size; } acm_getpolicy_t; + #define ACM_DUMPSTATS 6 typedef struct acm_dumpstats { void *pullcache; u16 pullcache_size; } acm_dumpstats_t; + +#define ACM_GETSSID 7 +enum get_type {UNSET, SSIDREF, DOMAINID}; +typedef struct acm_getssid { + enum get_type get_ssid_by; + union { + domaintype_t domainid; + ssidref_t ssidref; + } id; + void *ssidbuf; + u16 ssidbuf_size; +} acm_getssid_t; typedef struct acm_op { u32 cmd; @@ -60,6 +74,7 @@ acm_setpolicy_t setpolicy; acm_getpolicy_t getpolicy; acm_dumpstats_t dumpstats; + acm_getssid_t getssid; } u; } acm_op_t; diff -r edd1616cf8cb -r 291e816acbf4 xen/include/public/io/netif.h --- a/xen/include/public/io/netif.h Fri Sep 2 14:15:49 2005 +++ b/xen/include/public/io/netif.h Fri Sep 2 14:17:08 2005 @@ -23,13 +23,13 @@ typedef struct { u16 id; /* Echoed in response message. */ -#ifdef CONFIG_XEN_NETDEV_GRANT_RX +#ifdef CONFIG_XEN_NETDEV_GRANT grant_ref_t gref; /* 2: Reference to incoming granted frame */ #endif } netif_rx_request_t; typedef struct { -#ifdef CONFIG_XEN_NETDEV_GRANT_TX +#ifdef CONFIG_XEN_NETDEV_GRANT u32 addr; /* 0: Offset in page of start of received packet */ #else unsigned long addr; /* Machine address of packet. */ diff -r edd1616cf8cb -r 291e816acbf4 extras/mini-os/domain_config --- /dev/null Fri Sep 2 14:15:49 2005 +++ b/extras/mini-os/domain_config Fri Sep 2 14:17:08 2005 @@ -0,0 +1,17 @@ +# -*- mode: python; -*- +#============================================================================ +# Python configuration setup for 'xm create'. +# This script sets the parameters used when a domain is created using 'xm create'. +# You use a separate script for each domain you want to create, or +# you can set the parameters for the domain on the xm command line. +#============================================================================ + +#---------------------------------------------------------------------------- +# Kernel image file. +kernel = "mini-os.elf" + +# Initial memory allocation (in megabytes) for the new domain. +memory = 32 + +# A name for your domain. All domains must have different names. +name = "Mini-OS" diff -r edd1616cf8cb -r 291e816acbf4 extras/mini-os/include/list.h --- /dev/null Fri Sep 2 14:15:49 2005 +++ b/extras/mini-os/include/list.h Fri Sep 2 14:17:08 2005 @@ -0,0 +1,184 @@ +#ifndef _LINUX_LIST_H +#define _LINUX_LIST_H + +/* + * Simple doubly linked list implementation. + * + * Some of the internal functions ("__xxx") are useful when + * manipulating whole lists rather than single entries, as + * sometimes we already know the next/prev entries and we can + * generate better code by using them directly rather than + * using the generic single-entry routines. + */ + +struct list_head { + struct list_head *next, *prev; +}; + +#define LIST_HEAD_INIT(name) { &(name), &(name) } + +#define LIST_HEAD(name) \ + struct list_head name = LIST_HEAD_INIT(name) + +#define INIT_LIST_HEAD(ptr) do { \ + (ptr)->next = (ptr); (ptr)->prev = (ptr); \ +} while (0) + +/* + * Insert a new entry between two known consecutive entries. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static __inline__ void __list_add(struct list_head * new, + struct list_head * prev, + struct list_head * next) +{ + next->prev = new; + new->next = next; + new->prev = prev; + prev->next = new; +} + +/** + * list_add - add a new entry + * @new: new entry to be added + * @head: list head to add it after + * + * Insert a new entry after the specified head. + * This is good for implementing stacks. + */ +static __inline__ void list_add(struct list_head *new, struct list_head *head) +{ + __list_add(new, head, head->next); +} + +/** + * list_add_tail - add a new entry + * @new: new entry to be added + * @head: list head to add it before + * + * Insert a new entry before the specified head. + * This is useful for implementing queues. + */ +static __inline__ void list_add_tail(struct list_head *new, struct list_head *head) +{ + __list_add(new, head->prev, head); +} + +/* + * Delete a list entry by making the prev/next entries + * point to each other. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static __inline__ void __list_del(struct list_head * prev, + struct list_head * next) +{ + next->prev = prev; + prev->next = next; +} + +/** + * list_del - deletes entry from list. + * @entry: the element to delete from the list. + * Note: list_empty on entry does not return true after this, the entry is in an undefined state. + */ +static __inline__ void list_del(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); +} + +/** + * list_del_init - deletes entry from list and reinitialize it. + * @entry: the element to delete from the list. + */ +static __inline__ void list_del_init(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); + INIT_LIST_HEAD(entry); +} + +/** + * list_empty - tests whether a list is empty + * @head: the list to test. + */ +static __inline__ int list_empty(struct list_head *head) +{ + return head->next == head; +} + +/** + * list_splice - join two lists + * @list: the new list to add. + * @head: the place to add it in the first list. + */ +static __inline__ void list_splice(struct list_head *list, struct list_head *head) +{ + struct list_head *first = list->next; + + if (first != list) { + struct list_head *last = list->prev; + struct list_head *at = head->next; + + first->prev = head; + head->next = first; + + last->next = at; + at->prev = last; + } +} + +/** + * list_entry - get the struct for this entry + * @ptr: the &struct list_head pointer. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_struct within the struct. + */ +#define list_entry(ptr, type, member) \ + ((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member))) + +/** + * list_for_each - iterate over a list + * @pos: the &struct list_head to use as a loop counter. + * @head: the head for your list. + */ +#define list_for_each(pos, head) \ + for (pos = (head)->next; pos != (head); pos = pos->next) + +/** + * list_for_each_safe - iterate over a list safe against removal of list entry + * @pos: the &struct list_head to use as a loop counter. + * @n: another &struct list_head to use as temporary storage + * @head: the head for your list. + */ +#define list_for_each_safe(pos, n, head) \ + for (pos = (head)->next, n = pos->next; pos != (head); \ + pos = n, n = pos->next) + +/** + * list_for_each_entry - iterate over list of given type + * @pos: the type * to use as a loop counter. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + */ +#define list_for_each_entry(pos, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.next, typeof(*pos), member)) + +/** + * list_for_each_entry_safe - iterate over list of given type safe against removal of list entry + * @pos: the type * to use as a loop counter. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + */ +#define list_for_each_entry_safe(pos, n, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member), \ + n = list_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = list_entry(n->member.next, typeof(*n), member)) +#endif /* _LINUX_LIST_H */ + diff -r edd1616cf8cb -r 291e816acbf4 tools/security/getlabel.sh --- /dev/null Fri Sep 2 14:15:49 2005 +++ b/tools/security/getlabel.sh Fri Sep 2 14:17:08 2005 @@ -0,0 +1,130 @@ +#!/bin/sh +# * +# * getlabel +# * +# * Copyright (C) 2005 IBM Corporation +# * +# * Authors: +# * Stefan Berger <stefanb@xxxxxxxxxx> +# * +# * This program is free software; you can redistribute it and/or +# * modify it under the terms of the GNU General Public License as +# * published by the Free Software Foundation, version 2 of the +# * License. +# * +# * 'getlabel' tries to find the labels corresponding to the ssidref +# * +# * 'getlabel -?' shows the usage of the program +# * +# * 'getlabel -sid <ssidref> [<policy name>]' lists the label corresponding +# * to the given ssidref. +# * +# * 'getlabel -dom <domain id> [<policy name>]' lists the label of the +# * domain with given id +# * +# + +if [ -z "$runbash" ]; then + runbash="1" + export runbash + exec sh -c "bash $0 $*" +fi + + +export PATH=$PATH:. +source labelfuncs.sh + +usage () +{ + echo "Usage: $0 -sid <ssidref> [<policy name>] or" + echo " $0 -dom <domid> [<policy name>] " + echo "" + echo "policy name : the name of the policy, i.e. 'chwall'" + echo " If the policy name is omitted, the grub.conf" + echo " entry of the running system is tried to be read" + echo " and the policy name determined from there." + echo "ssidref : an ssidref in hex or decimal format, i.e., '0x00010002'" + echo " or '65538'" + echo "domid : id of the domain, i.e., '1'; Use numbers from the 2nd" + echo " column shown when invoking 'xm list'" + echo "" +} + + + +if [ "$1" == "-?" ]; then + mode="usage" +elif [ "$1" == "-dom" ]; then + mode="domid" + shift +elif [ "$1" == "-sid" ]; then + mode="sid" + shift +elif [ "$1" == "" ]; then + usage + exit -1 +fi + + +if [ "$mode" == "usage" ]; then + usage +elif [ "$mode" == "domid" ]; then + if [ "$2" == "" ]; then + findGrubConf + ret=$? + if [ $ret -eq 0 ]; then + echo "Could not find grub.conf" + exit -1; + fi + findPolicyInGrub $grubconf + if [ "$policy" != "" ]; then + echo "Assuming policy to be '$policy'."; + else + echo "Could not find policy." + exit -1; + fi + else + policy=$2 + fi + findMapFile $policy + res=$? + if [ "$res" != "0" ]; then + getSSIDUsingSecpolTool $1 + res=$? + if [ "$res" != "0" ]; then + translateSSIDREF $ssid $mapfile + else + echo "Could not determine the SSID of the domain." + fi + else + echo "Could not find map file for policy '$policy'." + fi +elif [ "$mode" == "sid" ]; then + if [ "$2" == "" ]; then + findGrubConf + ret=$? + if [ $ret -eq 0 ]; then + echo "Could not find grub.conf" + exit -1; + fi + findPolicyInGrub $grubconf + if [ "$policy" != "" ]; then + echo "Assuming policy to be '$policy'."; + else + echo "Could not find policy." + exit -1; + fi + else + policy=$2 + fi + findMapFile $policy + res=$? + if [ "$res" != "0" ]; then + translateSSIDREF $1 $mapfile + else + echo "Could not find map file for policy '$policy'." + fi + +else + usage +fi diff -r edd1616cf8cb -r 291e816acbf4 tools/security/labelfuncs.sh --- /dev/null Fri Sep 2 14:15:49 2005 +++ b/tools/security/labelfuncs.sh Fri Sep 2 14:17:08 2005 @@ -0,0 +1,675 @@ +# * +# * labelfuncs.sh +# * +# * Copyright (C) 2005 IBM Corporation +# * +# * Authors: +# * Stefan Berger <stefanb@xxxxxxxxxx> +# * +# * This program is free software; you can redistribute it and/or +# * modify it under the terms of the GNU General Public License as +# * published by the Free Software Foundation, version 2 of the +# * License. +# * +# * +# * A collection of functions to handle polcies, mapfiles, +# * and ssidrefs. +# + + +# Find the mapfile given a policy nmame +# Parameters: +# 1st : the name of the policy whose map file is to be found, i.e., +# chwall +# Results: +# The variable mapfile will hold the realtive path to the mapfile +# for the given policy. +# In case the mapfile could be found, the functions returns a '1', +# a '0' otherwise. +findMapFile () +{ + mapfile="./$1.map" + if [ -r "$mapfile" ]; then + return 1 + fi + + mapfile="./policies/$1/$1.map" + if [ -r "$mapfile" ]; then + return 1 + fi + + return 0 +} + + +# Determine the name of the primary policy +# Parameters +# 1st : the path to the mapfile; the path may be relative +# to the current directory +# Results +# The variable primary will hold the name of the primary policy +getPrimaryPolicy () +{ + mapfile=$1 + primary=`cat $mapfile | \ + awk ' \ + { \ + if ( $1 == "PRIMARY" ) { \ + res=$2; \ + } \ + } END { \ + print res; \ + } '` +} + + +# Determine the name of the secondary policy +# Parameters +# 1st : the path to the mapfile; the path may be relative +# to the current directory +# Results +# The variable secondary will hold the name of the secondary policy +getSecondaryPolicy () +{ + mapfile=$1 + secondary=`cat $mapfile | \ + awk ' \ + { \ + if ( $1 == "SECONDARY" ) { \ + res=$2; \ + } \ + } END { \ + print res; \ + } '` +} + + +#Return where the grub.conf file is. +#I only know of one place it can be. +findGrubConf() +{ + grubconf="/boot/grub/grub.conf" + if [ -w $grubconf ]; then + return 1 + fi + if [ -r $grubconf ]; then + return 2 + fi + return 0 +} + + +# This function sets the global variable 'linux' +# to the name and version of the Linux kernel that was compiled +# for domain 0. +# If this variable could not be found, the variable 'linux' +# will hold a pattern +# Parameters: +# 1st: the path to reach the root directory of the XEN build tree +# where linux-*-xen0 is located at +# Results: +# The variable linux holds then name and version of the compiled +# kernel, i.e., 'vmlinuz-2.6.12-xen0' +getLinuxVersion () +{ + path=$1 + linux="" + for f in $path/linux-*-xen0 ; do + versionfile=$f/include/linux/version.h + if [ -r $versionfile ]; then + lnx=`cat $versionfile | \ + grep UTS_RELEASE | \ + awk '{ \ + len=length($3); \ + print substr($3,2,len-2) }'` + fi + if [ "$lnx" != "" ]; then + linux="[./0-9a-zA-z]*$lnx" + return; + fi + done + + #Last resort. + linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$" +} + + +# Find out with which policy the hypervisor was booted with. +# Parameters +# 1st : The complete path to grub.conf, i.e., /boot/grub/grub.conf +# +findPolicyInGrub () +{ + grubconf=$1 + linux=`uname -r` + policy=`cat $grubconf | \ + awk -vlinux=$linux '{ \ + if ( $1 == "title" ) { \ + kernelfound = 0; \ + policymaycome = 0; \ + } \ + else if ( $1 == "kernel" ) { \ + if ( match($2,"xen.gz$") ) { \ + pathlen=RSTART; \ + kernelfound = 1; \ + } \ + } \ + else if ( $1 == "module" && \ + kernelfound == 1 && \ + match($2,linux) ) { \ + policymaycome = 1; \ + } \ + else if ( $1 == "module" && \ + kernelfound == 1 && \ + policymaycome == 1 && \ + match($2,"[0-9a-zA-Z_]*.bin$") ) { \ + policymaycome = 0; \ + kernelfound = 0; \ + polname = substr($2,pathlen); \ + len=length(polname); \ + polname = substr(polname,0,len-4); \ + } \ + } END { \ + print polname \ + }'` +} + + +# Get the SSID of a domain +# Parameters: +# 1st : domain ID, i.e. '1' +# Results +# If the ssid could be found, the variable 'ssid' will hold +# the currently used ssid in the hex format, i.e., '0x00010001'. +# The funtion returns '1' on success, '0' on failure +getSSIDUsingSecpolTool () +{ + domid=$1 + export PATH=$PATH:. + ssid=`secpol_tool getssid -d $domid -f | \ + grep -E "SSID:" | \ + awk '{ print $4 }'` + + if [ "$ssid" != "" ]; then + return 1 + fi + return 0 +} + + +# Break the ssid identifier into its high and low values, +# which are equal to the secondary and primary policy references. +# Parameters: +# 1st: ssid to break into high and low value, i.e., '0x00010002' +# Results: +# The variable ssidlo_int and ssidhi_int will hold the low and +# high ssid values as integers. +getSSIDLOHI () +{ + ssid=$1 + ssidlo_int=`echo $ssid | awk \ + '{ \ + len=length($0); \ + beg=substr($0,1,2); \ + if ( beg == "0x" ) { \ + dig = len - 2; \ + if (dig <= 0) { \ + exit; \ + } \ + if (dig > 4) { \ + dig=4; \ + } \ + lo=sprintf("0x%s",substr($0,len-dig+1,dig)); \ + print strtonum(lo);\ + } else { \ + lo=strtonum($0); \ + if (lo < 65536) { \ + print lo; \ + } else { \ + hi=lo; \ + hi2= (hi / 65536);\ + hi2_str=sprintf("%d",hi2); \ + hi2=strtonum(hi2_str);\ + lo=hi-(hi2*65536); \ + printf("%d",lo); \ + } \ + } \ + }'` + ssidhi_int=`echo $ssid | awk \ + '{ \ + len=length($0); \ + beg=substr($0,1,2); \ + if ( beg == "0x" ) { \ + dig = len - 2; \ + if (dig <= 0 || \ + dig > 8) { \ + exit; \ + } \ + if (dig < 4) { \ + print 0; \ + exit; \ + } \ + dig -= 4; \ + hi=sprintf("0x%s",substr($0,len-4-dig+1,dig)); \ + print strtonum(hi);\ + } else { \ + hi=strtonum($0); \ + if (hi >= 65536) { \ + hi = hi / 65536; \ + printf ("%d",hi);\ + } else { \ + printf ("0"); \ + } \ + } \ + }'` + if [ "$ssidhi_int" == "" -o \ + "$ssidlo_int" == "" ]; then + return 0; + fi + return 1 +} + + +#Update the grub configuration file. +#Search for existing entries and replace the current +#policy entry with the policy passed to this script +# +#Arguments passed to this function +# 1st : the grub configuration file with full path +# 2nd : the binary policy file name, i.e. chwall.bin +# 3rd : the name or pattern of the linux kernel name to match +# (this determines where the module entry will be made) +# +# The algorithm here is based on pattern matching +# and is working correctly if +# - under a title a line beginning with 'kernel' is found +# whose following item ends with "xen.gz" +# Example: kernel /xen.gz dom0_mem=.... +# - a module line matching the 3rd parameter is found +# +updateGrub () +{ + grubconf=$1 + policyfile=$2 + linux=$3 + + tmpfile="/tmp/new_grub.conf" + + cat $grubconf | \ + awk -vpolicy=$policyfile \ + -vlinux=$linux '{ \ + if ( $1 == "title" ) { \ + kernelfound = 0; \ + if ( policymaycome == 1 ){ \ + printf ("\tmodule %s%s\n", path, policy); \ + } \ + policymaycome = 0; \ + } \ + else if ( $1 == "kernel" ) { \ + if ( match($2,"xen.gz$") ) { \ + path=substr($2,1,RSTART-1); \ + kernelfound = 1; \ + } \ + } \ + else if ( $1 == "module" && \ + kernelfound == 1 && \ + match($2,linux) ) { \ + policymaycome = 1; \ + } \ + else if ( $1 == "module" && \ + kernelfound == 1 && \ + policymaycome == 1 && \ + match($2,"[0-9a-zA-Z]*.bin$") ) { \ + printf ("\tmodule %s%s\n", path, policy); \ + policymaycome = 0; \ + kernelfound = 0; \ + dontprint = 1; \ + } \ + else if ( $1 == "" && \ + kernelfound == 1 && \ + policymaycome == 1) { \ + dontprint = 1; \ + } \ + if (dontprint == 0) { \ + printf ("%s\n", $0); \ + } \ + dontprint = 0; \ + } END { \ + if ( policymaycome == 1 ) { \ + printf ("\tmodule %s%s\n", path, policy); \ + } \ + }' > $tmpfile + if [ ! -r $tmpfile ]; then + echo "Could not create temporary file! Aborting." + exit -1 + fi + mv -f $tmpfile $grubconf +} + + +# Display all the labels in a given mapfile +# Parameters +# 1st: Full or relative path to the policy's mapfile +showLabels () +{ + mapfile=$1 + if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then + echo "Cannot read from vm configuration file $vmfile." + return -1 + fi + + getPrimaryPolicy $mapfile + getSecondaryPolicy $mapfile + + echo "The following labels are available:" + let line=1 + while [ 1 ]; do + ITEM=`cat $mapfile | \ + awk -vline=$line \ + -vprimary=$primary \ + '{ \ + if ($1 == "LABEL->SSID" && \ + $2 == "VM" && \ + $3 == primary ) { \ + ctr++; \ + if (ctr == line) { \ + print $4; \ + } \ + } \ + } END { \ + }'` + + if [ "$ITEM" == "" ]; then + break + fi + if [ "$secondary" != "NULL" ]; then + LABEL=`cat $mapfile | \ + awk -vitem=$ITEM \ + '{ + if ($1 == "LABEL->SSID" && \ + $2 == "VM" && \ + $3 == "CHWALL" && \ + $4 == item ) { \ + result = item; \ + } \ + } END { \ + print result \ + }'` + else + LABEL=$ITEM + fi + + if [ "$LABEL" != "" ]; then + echo "$LABEL" + found=1 + fi + let line=line+1 + done + if [ "$found" != "1" ]; then + echo "No labels found." + fi +} + + +# Get the default SSID given a mapfile and the policy name +# Parameters +# 1st: Full or relative path to the policy's mapfile +# 2nd: the name of the policy +getDefaultSsid () +{ + mapfile=$1 + pol=$2 + RES=`cat $mapfile \ + awk -vpol=$pol \ + { \ + if ($1 == "LABEL->SSID" && \ + $2 == "ANY" && \ + $3 == pol && \ + $4 == "DEFAULT" ) {\ + res=$5; \ + } \ + } END { \ + printf "%04x", strtonum(res) \ + }'` + echo "default NULL mapping is $RES" + defaultssid=$RES +} + + +#Relabel a VM configuration file +# Parameters +# 1st: Full or relative path to the VM configuration file +# 2nd: The label to translate into an ssidref +# 3rd: Full or relative path to the policy's map file +# 4th: The mode this function is supposed to operate in: +# 'relabel' : Relabels the file without querying the user +# other : Prompts the user whether to proceed +relabel () +{ + vmfile=$1 + label=$2 + mapfile=$3 + mode=$4 + + if [ ! -r "$vmfile" ]; then + echo "Cannot read from vm configuration file $vmfile." + return -1 + fi + + if [ ! -w "$vmfile" ]; then + echo "Cannot write to vm configuration file $vmfile." + return -1 + fi + + if [ ! -r "$mapfile" ] ; then + echo "Cannot read mapping file $mapfile." + return -1 + fi + + # Determine which policy is primary, which sec. + getPrimaryPolicy $mapfile + getSecondaryPolicy $mapfile + + # Calculate the primary policy's SSIDREF + if [ "$primary" == "NULL" ]; then + SSIDLO="0001" + else + SSIDLO=`cat $mapfile | \ + awk -vlabel=$label \ + -vprimary=$primary \ + '{ \ + if ( $1 == "LABEL->SSID" && \ + $2 == "VM" && \ + $3 == primary && \ + $4 == label ) { \ + result=$5 \ + } \ + } END { \ + if (result != "" ) \ + {printf "%04x", strtonum(result)}\ + }'` + fi + + # Calculate the secondary policy's SSIDREF + if [ "$secondary" == "NULL" ]; then + if [ "$primary" == "NULL" ]; then + SSIDHI="0001" + else + SSIDHI="0000" + fi + else + SSIDHI=`cat $mapfile | \ + awk -vlabel=$label \ + -vsecondary=$secondary \ + '{ \ + if ( $1 == "LABEL->SSID" && \ + $2 == "VM" && \ + $3 == secondary && \ + $4 == label ) { \ + result=$5 \ + } \ + } END { \ + if (result != "" ) \ + {printf "%04x", strtonum(result)}\ + }'` + fi + + if [ "$SSIDLO" == "" -o \ + "$SSIDHI" == "" ]; then + echo "Could not map the given label '$label'." + return -1 + fi + + ACM_POLICY=`cat $mapfile | \ + awk ' { if ( $1 == "POLICY" ) { \ + result=$2 \ + } \ + } \ + END { \ + if (result != "") { \ + printf result \ + } \ + }'` + + if [ "$ACM_POLICY" == "" ]; then + echo "Could not find 'POLICY' entry in map file." + return -1 + fi + + SSIDREF="0x$SSIDHI$SSIDLO" + + if [ "$mode" != "relabel" ]; then + RES=`cat $vmfile | \ + awk '{ \ + if ( substr($1,0,7) == "ssidref" ) {\ + print $0; \ + } \ + }'` + if [ "$RES" != "" ]; then + echo "Do you want to overwrite the existing mapping ($RES)? (y/N)" + read user + if [ "$user" != "y" -a "$user" != "Y" ]; then + echo "Aborted." + return 0 + fi + fi + fi + + #Write the output + vmtmp1="/tmp/__setlabel.tmp1" + vmtmp2="/tmp/__setlabel.tmp2" + touch $vmtmp1 + touch $vmtmp2 + if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then + echo "Cannot create temporary files. Aborting." + return -1 + fi + RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1` + RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2` + RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1` + echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1 + echo "#ACM_LABEL=$label" >> $vmtmp1 + echo "ssidref = $SSIDREF" >> $vmtmp1 + mv -f $vmtmp1 $vmfile + rm -rf $vmtmp1 $vmtmp2 + echo "Mapped label '$label' to ssidref '$SSIDREF'." +} + + +# Translate an ssidref into its label. This does the reverse lookup +# to the relabel function above. +# This function displays the results. +# Parameters: +# 1st: The ssidref to translate; must be in the form '0x00010002' +# 2nd: Full or relative path to the policy's mapfile +translateSSIDREF () +{ + ssidref=$1 + mapfile=$2 + + if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then + echo "Cannot read from vm configuration file $vmfile." + return -1 + fi + + getPrimaryPolicy $mapfile + getSecondaryPolicy $mapfile + + if [ "$primary" == "NULL" -a "$secondary" == "NULL" ]; then + echo "There are no labels for the NULL policy." + return + fi + + getSSIDLOHI $ssidref + ret=$? + if [ $ret -ne 1 ]; then + echo "Error while parsing the ssid ref number '$ssidref'." + fi; + + let line1=0 + let line2=0 + while [ 1 ]; do + ITEM1=`cat $mapfile | \ + awk -vprimary=$primary \ + -vssidlo=$ssidlo_int \ + -vline=$line1 \ + '{ \ + if ( $1 == "LABEL->SSID" && \ + $3 == primary && \ + int($5) == ssidlo ) { \ + if (l == line) { \ + print $4; \ + exit; \ + } \ + l++; \ + } \ + }'` + + ITEM2=`cat $mapfile | \ + awk -vsecondary=$secondary \ + -vssidhi=$ssidhi_int \ + -vline=$line2 \ + '{ \ + if ( $1 == "LABEL->SSID" && \ + $3 == secondary && \ + int($5) == ssidhi ) { \ + if (l == line) { \ + print $4; \ + exit; \ + } \ + l++; \ + } \ + }'` + + if [ "$secondary" != "NULL" ]; then + if [ "$ITEM1" == "" ]; then + let line1=0 + let line2=line2+1 + else + let line1=line1+1 + fi + + if [ "$ITEM1" == "" -a \ + "$ITEM2" == "" ]; then + echo "Could not determine the referenced label." + break + fi + + if [ "$ITEM1" == "$ITEM2" ]; then + echo "Label: $ITEM1" + break + fi + else + if [ "$ITEM1" != "" ]; then + echo "Label: $ITEM1" + else + if [ "$found" == "0" ]; then + found=1 + else + break + fi + fi + let line1=line1+1 + fi + done +} diff -r edd1616cf8cb -r 291e816acbf4 xen/arch/x86/shadow_guest32.c --- /dev/null Fri Sep 2 14:15:49 2005 +++ b/xen/arch/x86/shadow_guest32.c Fri Sep 2 14:17:08 2005 @@ -0,0 +1,18 @@ +#define GUEST_PGENTRY_32 +#if defined (__x86_64__) + +#include "shadow.c" +struct shadow_ops MODE_D_HANDLER = { + .guest_paging_levels = 2, + .invlpg = shadow_invlpg_64, + .fault = shadow_fault_64, + .update_pagetables = shadow_update_pagetables, + .sync_all = sync_all, + .remove_all_write_access = remove_all_write_access, + .do_update_va_mapping = do_update_va_mapping, + .mark_mfn_out_of_sync = mark_mfn_out_of_sync, + .is_out_of_sync = is_out_of_sync, + .gva_to_gpa = gva_to_gpa_64, +}; + +#endif diff -r edd1616cf8cb -r 291e816acbf4 xen/include/asm-x86/shadow_ops.h --- /dev/null Fri Sep 2 14:15:49 2005 +++ b/xen/include/asm-x86/shadow_ops.h Fri Sep 2 14:17:08 2005 @@ -0,0 +1,130 @@ +/****************************************************************************** + * include/asm-x86/shadow_ops.h + * + * Copyright (c) 2005 Michael A Fetterman + * Based on an earlier implementation by Ian Pratt et al + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _XEN_SHADOW_OPS_H +#define _XEN_SHADOW_OPS_H + +#if defined( GUEST_PGENTRY_32 ) + +#define GUEST_L1_PAGETABLE_ENTRIES L1_PAGETABLE_ENTRIES_32 +#define GUEST_L2_PAGETABLE_ENTRIES L2_PAGETABLE_ENTRIES_32 +#define GUEST_ROOT_PAGETABLE_ENTRIES ROOT_PAGETABLE_ENTRIES_32 +#define GUEST_L2_PAGETABLE_SHIFT L2_PAGETABLE_SHIFT_32 + +#define guest_l1_pgentry_t l1_pgentry_32_t +#define guest_l2_pgentry_t l2_pgentry_32_t +#define guest_root_pgentry_t l2_pgentry_32_t + +#define guest_l1e_get_paddr l1e_get_paddr_32 +#define guest_l2e_get_paddr l2e_get_paddr_32 + +#define guest_get_pte_flags get_pte_flags_32 +#define guest_put_pte_flags put_pte_flags_32 + +#define guest_l1e_get_flags l1e_get_flags_32 +#define guest_l2e_get_flags l2e_get_flags_32 +#define guest_root_get_flags l2e_get_flags_32 +#define guest_root_get_intpte l2e_get_intpte + +#define guest_l1e_empty l1e_empty_32 +#define guest_l2e_empty l2e_empty_32 + +#define guest_l1e_from_pfn l1e_from_pfn_32 +#define guest_l2e_from_pfn l2e_from_pfn_32 + +#define guest_l1e_from_paddr l1e_from_paddr_32 +#define guest_l2e_from_paddr l2e_from_paddr_32 + +#define guest_l1e_from_page l1e_from_page_32 +#define guest_l2e_from_page l2e_from_page_32 + +#define guest_l1e_add_flags l1e_add_flags_32 +#define guest_l2e_add_flags l2e_add_flags_32 + +#define guest_l1e_remove_flag l1e_remove_flags_32 +#define guest_l2e_remove_flag l2e_remove_flags_32 + +#define guest_l1e_has_changed l1e_has_changed_32 +#define guest_l2e_has_changed l2e_has_changed_32 +#define root_entry_has_changed l2e_has_changed_32 + +#define guest_l1_table_offset l1_table_offset_32 +#define guest_l2_table_offset l2_table_offset_32 + +#define guest_linear_l1_table linear_pg_table_32 +#define guest_linear_l2_table linear_l2_table_32 + +#define guest_va_to_l1mfn va_to_l1mfn_32 + +#else + +#define GUEST_L1_PAGETABLE_ENTRIES L1_PAGETABLE_ENTRIES +#define GUEST_L2_PAGETABLE_ENTRIES L2_PAGETABLE_ENTRIES +#define GUEST_ROOT_PAGETABLE_ENTRIES ROOT_PAGETABLE_ENTRIES +#define GUEST_L2_PAGETABLE_SHIFT L2_PAGETABLE_SHIFT + +#define guest_l1_pgentry_t l1_pgentry_t +#define guest_l2_pgentry_t l2_pgentry_t +#define guest_root_pgentry_t l4_pgentry_t + +#define guest_l1e_get_paddr l1e_get_paddr +#define guest_l2e_get_paddr l2e_get_paddr + +#define guest_get_pte_flags get_pte_flags +#define guest_put_pte_flags put_pte_flags + +#define guest_l1e_get_flags l1e_get_flags +#define guest_l2e_get_flags l2e_get_flags +#define guest_root_get_flags l4e_get_flags +#define guest_root_get_intpte l4e_get_intpte + +#define guest_l1e_empty l1e_empty +#define guest_l2e_empty l2e_empty + +#define guest_l1e_from_pfn l1e_from_pfn +#define guest_l2e_from_pfn l2e_from_pfn + +#define guest_l1e_from_paddr l1e_from_paddr +#define guest_l2e_from_paddr l2e_from_paddr + +#define guest_l1e_from_page l1e_from_page +#define guest_l2e_from_page l2e_from_page + +#define guest_l1e_add_flags l1e_add_flags +#define guest_l2e_add_flags l2e_add_flags + +#define guest_l1e_remove_flag l1e_remove_flags +#define guest_l2e_remove_flag l2e_remove_flags + +#define guest_l1e_has_changed l1e_has_changed +#define guest_l2e_has_changed l2e_has_changed +#define root_entry_has_changed l4e_has_changed + +#define guest_l1_table_offset l1_table_offset +#define guest_l2_table_offset l2_table_offset + +#define guest_linear_l1_table linear_pg_table +#define guest_linear_l2_table linear_l2_table + +#define guest_va_to_l1mfn va_to_l1mfn +#endif + +#endif /* _XEN_SHADOW_OPS_H */ _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.