|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Merge with xen-ia64-unstable.hg.
# HG changeset patch # User kaf24@xxxxxxxxxxxxxxxxxxxx # Node ID 6a666940fa043260b8b95de750f078f137182f2d # Parent c35a32f96d2095e92d2e873d9ee842877fa30127 # Parent 715184c8174997f68be3becf502b5df6d6b5a08f Merge with xen-ia64-unstable.hg. diff -r c35a32f96d20 -r 6a666940fa04 Config.mk --- a/Config.mk Sat Nov 19 21:41:08 2005 +++ b/Config.mk Sun Nov 20 09:19:38 2005 @@ -44,13 +44,21 @@ # Choose the best mirror to download linux kernel KERNEL_REPO = http://www.kernel.org -# ACM_USE_SECURITY_POLICY is set to security policy of Xen +# If ACM_SECURITY = y, then the access control module is compiled +# into Xen and the policy type can be set by the boot policy file +# y - Build the Xen ACM framework +# n - Do not build the Xen ACM framework +ACM_SECURITY ?= n + +# If ACM_SECURITY = y and no boot policy file is installed, +# then the ACM defaults to the security policy set by +# ACM_DEFAULT_SECURITY_POLICY # Supported models are: -# ACM_NULL_POLICY (ACM will not be built with this policy) +# ACM_NULL_POLICY # ACM_CHINESE_WALL_POLICY # ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY # ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY -ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY +ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY # Optional components XENSTAT_XENTOP ?= y diff -r c35a32f96d20 -r 6a666940fa04 linux-2.6-xen-sparse/arch/xen/x86_64/Kconfig --- a/linux-2.6-xen-sparse/arch/xen/x86_64/Kconfig Sat Nov 19 21:41:08 2005 +++ b/linux-2.6-xen-sparse/arch/xen/x86_64/Kconfig Sun Nov 20 09:19:38 2005 @@ -288,10 +288,10 @@ # actually 64 maximum, but you need to fix the APIC code first # to use clustered mode or whatever your big iron needs config NR_CPUS - int "Maximum number of CPUs (2-8)" - range 2 8 + int "Maximum number of CPUs (2-255)" + range 2 255 depends on SMP - default "8" + default "16" help This allows you to specify the maximum number of CPUs which this kernel will support. The maximum supported value is 32 and the diff -r c35a32f96d20 -r 6a666940fa04 linux-2.6-xen-sparse/drivers/char/tpm/tpm_xen.c --- a/linux-2.6-xen-sparse/drivers/char/tpm/tpm_xen.c Sat Nov 19 21:41:08 2005 +++ b/linux-2.6-xen-sparse/drivers/char/tpm/tpm_xen.c Sun Nov 20 09:19:38 2005 @@ -22,7 +22,7 @@ #include <asm/uaccess.h> #include <linux/list.h> -#include <linux/tpmfe.h> +#include <asm-xen/tpmfe.h> #include <linux/device.h> #include <linux/interrupt.h> #include "tpm.h" diff -r c35a32f96d20 -r 6a666940fa04 linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c --- a/linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c Sat Nov 19 21:41:08 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c Sun Nov 20 09:19:38 2005 @@ -38,7 +38,7 @@ #include <linux/errno.h> #include <linux/interrupt.h> #include <linux/init.h> -#include <linux/tpmfe.h> +#include <asm-xen/tpmfe.h> #include <linux/err.h> #include <asm/semaphore.h> diff -r c35a32f96d20 -r 6a666940fa04 tools/python/xen/lowlevel/xs/xs.c --- a/tools/python/xen/lowlevel/xs/xs.c Sat Nov 19 21:41:08 2005 +++ b/tools/python/xen/lowlevel/xs/xs.c Sun Nov 20 09:19:38 2005 @@ -172,7 +172,7 @@ char *path; char **xsval; - int xsval_n; + unsigned int xsval_n; if (!parse_transaction_path(self, args, kwds, &xh, &th, &path)) return NULL; diff -r c35a32f96d20 -r 6a666940fa04 tools/python/xen/xm/create.py --- a/tools/python/xen/xm/create.py Sat Nov 19 21:41:08 2005 +++ b/tools/python/xen/xm/create.py Sun Nov 20 09:19:38 2005 @@ -905,9 +905,6 @@ opts.setopt('name', os.path.basename(opts.getopt('defconfig'))) config = make_config(opts.vals) - if type(config) == str: - config = sxp.parse(file(config))[0] - return (opts, config) diff -r c35a32f96d20 -r 6a666940fa04 tools/security/Makefile --- a/tools/security/Makefile Sat Nov 19 21:41:08 2005 +++ b/tools/security/Makefile Sun Nov 20 09:19:38 2005 @@ -12,21 +12,21 @@ XML2VERSION = $(shell xml2-config --version ) VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; ) -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY) +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_NULL_POLICY) POLICY=null endif -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY) +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY) POLICY=chwall endif -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) POLICY=ste endif -ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) +ifeq ($(ACM_DEFAULT_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) POLICY=chwall_ste endif POLICYFILE=./policies/$(POLICY)/$(POLICY).bin -ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY) +ifeq ($(ACM_SECURITY),y) all: build install:all @@ -55,7 +55,7 @@ $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $< clean: - rm -rf secpol_tool secpol_xml2bin xen + rm -rf secpol_tool secpol_xml2bin xen get_decision policy_clean: rm -rf policies/*/*.bin policies/*/*.map diff -r c35a32f96d20 -r 6a666940fa04 tools/security/install.txt --- a/tools/security/install.txt Sat Nov 19 21:41:08 2005 +++ b/tools/security/install.txt Sun Nov 20 09:19:38 2005 @@ -24,11 +24,13 @@ # cd "xen_root" # edit/xemacs/vi Config.mk - change the line: - ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY + change the lines: + ACM_SECURITY ?= n + ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY to: - ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY + ACM_SECURITY ?= y + ACM_DEFAULT_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY # make all # ./install.sh diff -r c35a32f96d20 -r 6a666940fa04 tools/xenmon/xenmon.py --- a/tools/xenmon/xenmon.py Sat Nov 19 21:41:08 2005 +++ b/tools/xenmon/xenmon.py Sun Nov 20 09:19:38 2005 @@ -58,6 +58,8 @@ EXCOUNT = "Exec Count" # globals +dom_in_use = [] + # our curses screen stdscr = None @@ -88,18 +90,18 @@ # encapsulate information about a domain class DomainInfo: def __init__(self): - self.allocated_samples = [] - self.gotten_samples = [] - self.blocked_samples = [] - self.waited_samples = [] - self.execcount_samples = [] - self.iocount_samples = [] + self.allocated_sum = 0 + self.gotten_sum = 0 + self.blocked_sum = 0 + self.waited_sum = 0 + self.exec_count = 0; + self.iocount_sum = 0 self.ffp_samples = [] def gotten_stats(self, passed): - total = float(sum(self.gotten_samples)) + total = float(self.gotten_sum) per = 100*total/passed - exs = sum(self.execcount_samples) + exs = self.exec_count if exs > 0: avg = total/exs else: @@ -107,9 +109,9 @@ return [total/(float(passed)/10**9), per, avg] def waited_stats(self, passed): - total = float(sum(self.waited_samples)) + total = float(self.waited_sum) per = 100*total/passed - exs = sum(self.execcount_samples) + exs = self.exec_count if exs > 0: avg = total/exs else: @@ -117,9 +119,9 @@ return [total/(float(passed)/10**9), per, avg] def blocked_stats(self, passed): - total = float(sum(self.blocked_samples)) + total = float(self.blocked_sum) per = 100*total/passed - ios = sum(self.iocount_samples) + ios = self.iocount_sum if ios > 0: avg = total/float(ios) else: @@ -127,20 +129,20 @@ return [total/(float(passed)/10**9), per, avg] def allocated_stats(self, passed): - total = sum(self.allocated_samples) - exs = sum(self.execcount_samples) + total = self.allocated_sum + exs = self.exec_count if exs > 0: return float(total)/exs else: return 0 def ec_stats(self, passed): - total = float(sum(self.execcount_samples))/(float(passed)/10**9) - return total + total = float(self.exec_count/(float(passed)/10**9)) + return total def io_stats(self, passed): - total = float(sum(self.iocount_samples)) - exs = sum(self.execcount_samples) + total = float(self.iocount_sum) + exs = self.exec_count if exs > 0: avg = total/exs else: @@ -165,12 +167,13 @@ while passed < duration: for i in range(0, NDOMAINS): - dominfos[i].gotten_samples.append(samples[curid][0*NDOMAINS + i]) - dominfos[i].allocated_samples.append(samples[curid][1*NDOMAINS + i]) - dominfos[i].waited_samples.append(samples[curid][2*NDOMAINS + i]) - dominfos[i].blocked_samples.append(samples[curid][3*NDOMAINS + i]) - dominfos[i].execcount_samples.append(samples[curid][4*NDOMAINS + i]) - dominfos[i].iocount_samples.append(samples[curid][5*NDOMAINS + i]) + if dom_in_use[i]: + dominfos[i].gotten_sum += samples[curid][0*NDOMAINS + i] + dominfos[i].allocated_sum += samples[curid][1*NDOMAINS + i] + dominfos[i].waited_sum += samples[curid][2*NDOMAINS + i] + dominfos[i].blocked_sum += samples[curid][3*NDOMAINS + i] + dominfos[i].exec_count += samples[curid][4*NDOMAINS + i] + dominfos[i].iocount_sum += samples[curid][5*NDOMAINS + i] passed += samples[curid][6*NDOMAINS] lost_samples.append(samples[curid][6*NDOMAINS + 2]) @@ -187,7 +190,13 @@ lostinfo = [min(lost_samples), sum(lost_samples), max(lost_samples)] ffpinfo = [min(ffp_samples), sum(ffp_samples), max(ffp_samples)] - ldoms = map(lambda x: dominfos[x].stats(passed), range(0, NDOMAINS)) + + ldoms = [] + for x in range(0, NDOMAINS): + if dom_in_use[x]: + ldoms.append(dominfos[x].stats(passed)) + else: + ldoms.append(0) return [ldoms, lostinfo, ffpinfo] @@ -222,6 +231,7 @@ cpu = 0 # cpu of interest to display data for ncpu = 1 # number of cpu's on this platform slen = 0 # size of shared data structure, incuding padding + global dom_in_use # mmap the (the first chunk of the) file shmf = open(SHM_FILE, "r+") @@ -229,6 +239,7 @@ samples = [] doms = [] + dom_in_use = [] # initialize curses stdscr = _c.initscr() @@ -238,9 +249,7 @@ stdscr.keypad(1) stdscr.timeout(1000) [maxy, maxx] = stdscr.getmaxyx() - - - + # display in a loop while True: @@ -264,6 +273,11 @@ len = struct.calcsize(ST_DOM_INFO) dom = struct.unpack(ST_DOM_INFO, shm[idx:idx+len]) doms.append(dom) +# (last_update_time, start_time, runnable_start_time, blocked_start_time, +# ns_since_boot, ns_oncpu_since_boot, runnable_at_last_update, +# runnable, in_use, domid, name) = dom +# dom_in_use.append(in_use) + dom_in_use.append(dom[8]) idx += len len = struct.calcsize("4i") @@ -293,6 +307,7 @@ [h1, l1, f1] = summarize(startat, endat, 10**9, samples) [h2, l2, f2] = summarize(startat, endat, 10 * 10**9, samples) + # the actual display code row = 0 display(stdscr, row, 1, "CPU = %d" % cpu, _c.A_STANDOUT) @@ -305,6 +320,9 @@ total_h2_cpu = 0 for dom in range(0, NDOMAINS): + if not dom_in_use[dom]: + continue + if h1[dom][0][1] > 0 or dom == NDOMAINS - 1: # display gotten row += 1 @@ -475,6 +493,7 @@ def writelog(): global options + global dom_in_use ncpu = 1 # number of cpu's slen = 0 # size of shared structure inc. padding @@ -490,11 +509,13 @@ while options.duration == 0 or interval < (options.duration * 1000): for cpuidx in range(0, ncpu): + idx = cpuidx * slen # offset needed in mmap file samples = [] doms = [] + dom_in_use = [] for i in range(0, NSAMPLES): len = struct.calcsize(ST_QDATA) @@ -505,7 +526,11 @@ for i in range(0, NDOMAINS): len = struct.calcsize(ST_DOM_INFO) dom = struct.unpack(ST_DOM_INFO, shm[idx:idx+len]) - doms.append(dom) +# doms.append(dom) +# (last_update_time, start_time, runnable_start_time, blocked_start_time, +# ns_since_boot, ns_oncpu_since_boot, runnable_at_last_update, +# runnable, in_use, domid, name) = dom + dom_in_use.append(dom[8]) idx += len len = struct.calcsize("4i") @@ -524,6 +549,8 @@ [h1,l1, f1] = summarize(startat, endat, options.interval * 10**6, samples) for dom in range(0, NDOMAINS): + if not dom_in_use[dom]: + continue if h1[dom][0][1] > 0 or dom == NDOMAINS - 1: outfiles[dom].write("%.3f %d %d %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f\n" % (interval, cpuidx, dom, diff -r c35a32f96d20 -r 6a666940fa04 xen/Makefile --- a/xen/Makefile Sat Nov 19 21:41:08 2005 +++ b/xen/Makefile Sun Nov 20 09:19:38 2005 @@ -57,7 +57,7 @@ $(MAKE) include/asm-$(TARGET_ARCH)/asm-offsets.h $(MAKE) -C common $(MAKE) -C drivers -ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY) +ifeq ($(ACM_SECURITY),y) $(MAKE) -C acm endif $(MAKE) -C arch/$(TARGET_ARCH) @@ -79,8 +79,8 @@ echo " *"; \ echo " */"; \ echo ""; \ - echo "#ifndef ACM_USE_SECURITY_POLICY"; \ - echo "#define ACM_USE_SECURITY_POLICY $(ACM_USE_SECURITY_POLICY)"; \ + echo "#ifndef ACM_DEFAULT_SECURITY_POLICY"; \ + echo "#define ACM_DEFAULT_SECURITY_POLICY $(ACM_DEFAULT_SECURITY_POLICY)"; \ echo "#endif") >$@ # compile.h contains dynamic build info. Rebuilt on every 'make' invocation. diff -r c35a32f96d20 -r 6a666940fa04 xen/Rules.mk --- a/xen/Rules.mk Sat Nov 19 21:41:08 2005 +++ b/xen/Rules.mk Sun Nov 20 09:19:38 2005 @@ -37,8 +37,9 @@ ALL_OBJS := $(BASEDIR)/common/common.o ALL_OBJS += $(BASEDIR)/drivers/char/driver.o ALL_OBJS += $(BASEDIR)/drivers/acpi/driver.o -ifneq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY) +ifeq ($(ACM_SECURITY),y) ALL_OBJS += $(BASEDIR)/acm/acm.o +CFLAGS += -DACM_SECURITY endif ALL_OBJS += $(BASEDIR)/arch/$(TARGET_ARCH)/arch.o diff -r c35a32f96d20 -r 6a666940fa04 xen/acm/acm_core.c --- a/xen/acm/acm_core.c Sat Nov 19 21:41:08 2005 +++ b/xen/acm/acm_core.c Sun Nov 20 09:19:38 2005 @@ -49,6 +49,9 @@ extern struct acm_operations acm_chinesewall_ops, acm_simple_type_enforcement_ops, acm_null_ops; +/* global ACM policy (now dynamically determined at boot time) */ +u16 acm_active_security_policy = ACM_POLICY_UNDEFINED; + /* global ops structs called by the hooks */ struct acm_operations *acm_primary_ops = NULL; /* called in hook if-and-only-if primary succeeds */ @@ -61,7 +64,8 @@ /* until we have endian support in Xen, we discover it at runtime */ u8 little_endian = 1; -void acm_set_endian(void) +void +acm_set_endian(void) { u32 test = 1; if (*((u8 *)&test) == 1) @@ -76,14 +80,82 @@ } } -/* initialize global security policy for Xen; policy write-locked already */ -static void -acm_init_binary_policy(void *primary, void *secondary) -{ - acm_bin_pol.primary_policy_code = 0; - acm_bin_pol.secondary_policy_code = 0; - acm_bin_pol.primary_binary_policy = primary; - acm_bin_pol.secondary_binary_policy = secondary; +int +acm_init_binary_policy(u32 policy_code) +{ + int ret = ACM_OK; + + acm_bin_pol.primary_policy_code = (policy_code & 0x0f); + acm_bin_pol.secondary_policy_code = (policy_code >> 4) & 0x0f; + + write_lock(&acm_bin_pol_rwlock); + + /* set primary policy component */ + switch ((policy_code) & 0x0f) + { + + case ACM_CHINESE_WALL_POLICY: + acm_init_chwall_policy(); + acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY; + acm_primary_ops = &acm_chinesewall_ops; + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + acm_init_ste_policy(); + acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; + acm_primary_ops = &acm_simple_type_enforcement_ops; + break; + + case ACM_NULL_POLICY: + acm_bin_pol.primary_policy_code = ACM_NULL_POLICY; + acm_primary_ops = &acm_null_ops; + break; + + default: + /* Unknown policy not allowed primary */ + ret = -EINVAL; + goto out; + } + + /* secondary policy component part */ + switch ((policy_code) >> 4) + { + + case ACM_NULL_POLICY: + acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; + acm_secondary_ops = &acm_null_ops; + break; + + case ACM_CHINESE_WALL_POLICY: + if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY) + { /* not a valid combination */ + ret = -EINVAL; + goto out; + } + acm_init_chwall_policy(); + acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY; + acm_secondary_ops = &acm_chinesewall_ops; + break; + + case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: + if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) + { /* not a valid combination */ + ret = -EINVAL; + goto out; + } + acm_init_ste_policy(); + acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; + acm_secondary_ops = &acm_simple_type_enforcement_ops; + break; + + default: + ret = -EINVAL; + goto out; + } + + out: + write_unlock(&acm_bin_pol_rwlock); + return ret; } static int @@ -161,83 +233,35 @@ int ret = ACM_OK; acm_set_endian(); - write_lock(&acm_bin_pol_rwlock); - acm_init_binary_policy(NULL, NULL); - - /* set primary policy component */ - switch ((ACM_USE_SECURITY_POLICY) & 0x0f) - { - - case ACM_CHINESE_WALL_POLICY: - acm_init_chwall_policy(); - acm_bin_pol.primary_policy_code = ACM_CHINESE_WALL_POLICY; - acm_primary_ops = &acm_chinesewall_ops; - break; - - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - acm_init_ste_policy(); - acm_bin_pol.primary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; - acm_primary_ops = &acm_simple_type_enforcement_ops; - break; - - default: - /* NULL or Unknown policy not allowed primary; - * NULL/NULL will not compile this code */ + + /* first try to load the boot policy (uses its own locks) */ + acm_setup(initrdidx, mbi, initial_images_start); + + if (acm_active_security_policy != ACM_POLICY_UNDEFINED) + { + printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n", __func__, + ACM_POLICY_NAME(acm_active_security_policy), + ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), + ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); + goto out; + } + /* else continue with the minimal hardcoded default startup policy */ + printk("%s: Loading default policy (%s).\n", + __func__, ACM_POLICY_NAME(ACM_DEFAULT_SECURITY_POLICY)); + + if (acm_init_binary_policy(ACM_DEFAULT_SECURITY_POLICY)) { ret = -EINVAL; goto out; } - - /* secondary policy component part */ - switch ((ACM_USE_SECURITY_POLICY) >> 4) { - case ACM_NULL_POLICY: - acm_bin_pol.secondary_policy_code = ACM_NULL_POLICY; - acm_secondary_ops = &acm_null_ops; - break; - - case ACM_CHINESE_WALL_POLICY: - if (acm_bin_pol.primary_policy_code == ACM_CHINESE_WALL_POLICY) - { /* not a valid combination */ - ret = -EINVAL; - goto out; - } - acm_init_chwall_policy(); - acm_bin_pol.secondary_policy_code = ACM_CHINESE_WALL_POLICY; - acm_secondary_ops = &acm_chinesewall_ops; - break; - - case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY: - if (acm_bin_pol.primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) - { /* not a valid combination */ - ret = -EINVAL; - goto out; - } - acm_init_ste_policy(); - acm_bin_pol.secondary_policy_code = ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY; - acm_secondary_ops = &acm_simple_type_enforcement_ops; - break; - - default: - ret = -EINVAL; - goto out; - } + acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY; out: - write_unlock(&acm_bin_pol_rwlock); - if (ret != ACM_OK) { printk("%s: Error initializing policies.\n", __func__); /* here one could imagine a clean panic */ return -EINVAL; } - if (acm_setup(initrdidx, mbi, initial_images_start) != ACM_OK) - { - printk("%s: Error loading policy at boot time.\n", __func__); - /* ignore, just continue with the minimal hardcoded startup policy */ - } - printk("%s: Enforcing Primary %s, Secondary %s.\n", __func__, - ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), - ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); return ret; } @@ -265,7 +289,7 @@ ssid->primary_ssid = NULL; ssid->secondary_ssid = NULL; - if (ACM_USE_SECURITY_POLICY != ACM_NULL_POLICY) + if (acm_active_security_policy != ACM_NULL_POLICY) ssid->ssidref = ssidref; else ssid->ssidref = ACM_DEFAULT_SSID; diff -r c35a32f96d20 -r 6a666940fa04 xen/acm/acm_policy.c --- a/xen/acm/acm_policy.c Sat Nov 19 21:41:08 2005 +++ b/xen/acm/acm_policy.c Sun Nov 20 09:19:38 2005 @@ -56,17 +56,29 @@ /* 2. some sanity checking */ pol = (struct acm_policy_buffer *)policy_buffer; - if ((ntohl(pol->magic) != ACM_MAGIC) || - (ntohl(pol->policy_version) != ACM_POLICY_VERSION) || - (ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || + if ((ntohl(pol->magic) != ACM_MAGIC) || + (buf_size != ntohl(pol->len)) || + (ntohl(pol->policy_version) != ACM_POLICY_VERSION)) + { + printk("%s: ERROR in Magic, Version, or buf size.\n", __func__); + goto error_free; + } + + if (acm_active_security_policy == ACM_POLICY_UNDEFINED) { + /* setup the policy with the boot policy */ + if (acm_init_binary_policy((ntohl(pol->secondary_policy_code) << 4) | + ntohl(pol->primary_policy_code))) { + goto error_free; + } + acm_active_security_policy = + (acm_bin_pol.secondary_policy_code << 4) | acm_bin_pol.primary_policy_code; + } + + /* once acm_active_security_policy is set, it cannot be changed */ + if ((ntohl(pol->primary_policy_code) != acm_bin_pol.primary_policy_code) || (ntohl(pol->secondary_policy_code) != acm_bin_pol.secondary_policy_code)) { - printkd("%s: Wrong policy magics or versions!\n", __func__); - goto error_free; - } - if (buf_size != ntohl(pol->len)) - { - printk("%s: ERROR in buf size.\n", __func__); + printkd("%s: Wrong policy type in boot policy!\n", __func__); goto error_free; } diff -r c35a32f96d20 -r 6a666940fa04 xen/arch/x86/shadow.c --- a/xen/arch/x86/shadow.c Sat Nov 19 21:41:08 2005 +++ b/xen/arch/x86/shadow.c Sun Nov 20 09:19:38 2005 @@ -47,13 +47,14 @@ #if CONFIG_PAGING_LEVELS == 3 static unsigned long shadow_l3_table( struct domain *d, unsigned long gpfn, unsigned long gmfn); -static inline void validate_bl2e_change( struct domain *d, - guest_root_pgentry_t *new_gle_p, pgentry_64_t *shadow_l3, int index); #endif #if CONFIG_PAGING_LEVELS == 4 static unsigned long shadow_l4_table( struct domain *d, unsigned long gpfn, unsigned long gmfn); +#endif + +#if CONFIG_PAGING_LEVELS >= 3 static void shadow_map_into_current(struct vcpu *v, unsigned long va, unsigned int from, unsigned int to); static inline void validate_bl2e_change( struct domain *d, @@ -669,6 +670,7 @@ } } +#if CONFIG_PAGING_LEVELS == 2 static void shadow_set_l1e(unsigned long va, l1_pgentry_t new_spte, int create_l1_shadow) { @@ -750,7 +752,6 @@ shadow_update_min_max(l2e_get_pfn(sl2e), l1_table_offset(va)); } -#if CONFIG_PAGING_LEVELS == 2 static void shadow_invlpg_32(struct vcpu *v, unsigned long va) { struct domain *d = v->domain; @@ -780,6 +781,73 @@ shadow_unlock(d); } #endif /* CONFIG_PAGING_LEVELS == 2 */ + +#if CONFIG_PAGING_LEVELS >= 3 +static void shadow_set_l1e_64( + unsigned long va, pgentry_64_t *sl1e_p, + int create_l1_shadow) +{ + struct vcpu *v = current; + struct domain *d = v->domain; + pgentry_64_t sle; + pgentry_64_t sle_up = {0}; + l1_pgentry_t old_spte; + l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p; + int i; + unsigned long orig_va = 0; + + if ( d->arch.ops->guest_paging_levels == PAGING_L2 ) + { + /* This is for 32-bit VMX guest on 64-bit host */ + orig_va = va; + va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1)); + } + + for ( i = PAGING_L4; i >= PAGING_L2; i-- ) + { + if ( !__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i) ) + { + sl1e = l1e_empty(); + goto out; + } + if ( !(entry_get_flags(sle) & _PAGE_PRESENT) ) + { + if ( create_l1_shadow ) + { + perfc_incrc(shadow_set_l3e_force_map); + shadow_map_into_current(v, va, i-1, i); + __rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i); + } + } + if ( i < PAGING_L4 ) + shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, i)); + sle_up = sle; + } + + if ( d->arch.ops->guest_paging_levels == PAGING_L2 ) + { + va = orig_va; + } + + if ( shadow_mode_refcounts(d) ) + { + __shadow_get_l1e(v, va, &old_spte); + if ( l1e_has_changed(old_spte, sl1e, _PAGE_RW | _PAGE_PRESENT) ) + { + if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) && + !shadow_get_page_from_l1e(sl1e, d) ) + sl1e = l1e_empty(); + if ( l1e_get_flags(old_spte) & _PAGE_PRESENT ) + put_page_from_l1e(old_spte, d); + } + } + +out: + __shadow_set_l1e(v, va, &sl1e); + + shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va)); +} +#endif /* CONFIG_PAGING_LEVELS >= 3 */ static struct out_of_sync_entry * shadow_alloc_oos_entry(struct domain *d) @@ -1996,8 +2064,11 @@ __shadow_sync_va(v, va); l1pte_propagate_from_guest(d, *(guest_l1_pgentry_t *)&val, &spte); +#if CONFIG_PAGING_LEVELS == 2 shadow_set_l1e(va, spte, 0); - +#elif CONFIG_PAGING_LEVELS >= 3 + shadow_set_l1e_64(va, (pgentry_64_t *) &spte, 0); +#endif /* * If we're in log-dirty mode then we need to note that we've updated * the PTE in the PT-holding page. We need the machine frame number @@ -3012,71 +3083,6 @@ } -static void shadow_set_l1e_64( - unsigned long va, pgentry_64_t *sl1e_p, - int create_l1_shadow) -{ - struct vcpu *v = current; - struct domain *d = v->domain; - pgentry_64_t sle; - pgentry_64_t sle_up = {0}; - l1_pgentry_t old_spte; - l1_pgentry_t sl1e = *(l1_pgentry_t *)sl1e_p; - int i; - unsigned long orig_va = 0; - - if ( d->arch.ops->guest_paging_levels == PAGING_L2 ) - { - /* This is for 32-bit VMX guest on 64-bit host */ - orig_va = va; - va = va & (~((1<<L2_PAGETABLE_SHIFT_32)-1)); - } - - for (i = PAGING_L4; i >= PAGING_L2; i--) - { - if (!__rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i)) { - printk("<%s> i = %d\n", __func__, i); - BUG(); - } - if ( !(entry_get_flags(sle) & _PAGE_PRESENT) ) { - if ( create_l1_shadow ) { - perfc_incrc(shadow_set_l3e_force_map); - shadow_map_into_current(v, va, i-1, i); - __rw_entry(v, va, &sle, SHADOW_ENTRY | GET_ENTRY | i); - } else { -#if 0 - printk("For non VMX shadow, create_l1_shadow:%d\n", create_l1_shadow); -#endif - } - } - if( i < PAGING_L4 ) - shadow_update_min_max(entry_get_pfn(sle_up), table_offset_64(va, i)); - sle_up = sle; - } - - if ( d->arch.ops->guest_paging_levels == PAGING_L2 ) { - va = orig_va; - } - - if ( shadow_mode_refcounts(d) ) - { - __shadow_get_l1e(v, va, &old_spte); - ESH_LOG("old_sl1e: %lx, new_sl1e: %lx\n", l1e_get_intpte(old_spte), l1e_get_intpte(sl1e)); - if ( l1e_has_changed(old_spte, sl1e, _PAGE_RW | _PAGE_PRESENT) ) - { - if ( (l1e_get_flags(sl1e) & _PAGE_PRESENT) && - !shadow_get_page_from_l1e(sl1e, d) ) - sl1e = l1e_empty(); - if ( l1e_get_flags(old_spte) & _PAGE_PRESENT ) - put_page_from_l1e(old_spte, d); - } - } - - __shadow_set_l1e(v, va, &sl1e); - - shadow_update_min_max(entry_get_pfn(sle_up), guest_l1_table_offset(va)); -} - /* As 32-bit guest don't support 4M page yet, * we don't concern double compile for this function */ diff -r c35a32f96d20 -r 6a666940fa04 xen/common/acm_ops.c --- a/xen/common/acm_ops.c Sat Nov 19 21:41:08 2005 +++ b/xen/common/acm_ops.c Sun Nov 20 09:19:38 2005 @@ -29,7 +29,7 @@ #include <public/sched_ctl.h> #include <acm/acm_hooks.h> -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) +#ifndef ACM_SECURITY long do_acm_op(struct acm_op * u_acm_op) { diff -r c35a32f96d20 -r 6a666940fa04 xen/include/acm/acm_core.h --- a/xen/include/acm/acm_core.h Sat Nov 19 21:41:08 2005 +++ b/xen/include/acm/acm_core.h Sun Nov 20 09:19:38 2005 @@ -28,9 +28,6 @@ struct acm_binary_policy { u16 primary_policy_code; u16 secondary_policy_code; - void *primary_binary_policy; - void *secondary_binary_policy; - }; struct chwall_binary_policy { @@ -53,6 +50,7 @@ }; /* global acm policy */ +extern u16 acm_active_security_policy; extern struct acm_binary_policy acm_bin_pol; extern struct chwall_binary_policy chwall_bin_pol; extern struct ste_binary_policy ste_bin_pol; @@ -120,6 +118,7 @@ /* protos */ int acm_init_domain_ssid(domid_t id, ssidref_t ssidref); void acm_free_domain_ssid(struct acm_ssid_domain *ssid); +int acm_init_binary_policy(u32 policy_code); int acm_set_policy(void *buf, u32 buf_size, int isuserbuffer); int acm_get_policy(void *buf, u32 buf_size); int acm_dump_statistics(void *buf, u16 buf_size); diff -r c35a32f96d20 -r 6a666940fa04 xen/include/acm/acm_hooks.h --- a/xen/include/acm/acm_hooks.h Sat Nov 19 21:41:08 2005 +++ b/xen/include/acm/acm_hooks.h Sun Nov 20 09:19:38 2005 @@ -127,7 +127,7 @@ # define traceprintk(fmt, args...) #endif -#if (ACM_USE_SECURITY_POLICY == ACM_NULL_POLICY) +#ifndef ACM_SECURITY static inline int acm_pre_dom0_op(dom0_op_t *op, void **ssid) { return 0; } diff -r c35a32f96d20 -r 6a666940fa04 xen/include/public/acm.h --- a/xen/include/public/acm.h Sat Nov 19 21:41:08 2005 +++ b/xen/include/public/acm.h Sun Nov 20 09:19:38 2005 @@ -60,6 +60,7 @@ #define ACM_NULL_POLICY 0 #define ACM_CHINESE_WALL_POLICY 1 #define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 +#define ACM_POLICY_UNDEFINED 15 /* combinations have secondary policy component in higher 4bit */ #define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \ diff -r c35a32f96d20 -r 6a666940fa04 linux-2.6-xen-sparse/include/asm-xen/tpmfe.h --- /dev/null Sat Nov 19 21:41:08 2005 +++ b/linux-2.6-xen-sparse/include/asm-xen/tpmfe.h Sun Nov 20 09:19:38 2005 @@ -0,0 +1,33 @@ +#ifndef TPM_FE_H +#define TPM_FE_H + +struct tpmfe_device { + /* + * Let upper layer receive data from front-end + */ + int (*receive)(const u8 *buffer, size_t count, const void *ptr); + /* + * Indicate the status of the front-end to the upper + * layer. + */ + void (*status)(unsigned int flags); + + /* + * This field indicates the maximum size the driver can + * transfer in one chunk. It is filled out by the front-end + * driver and should be propagated to the generic tpm driver + * for allocation of buffers. + */ + unsigned int max_tx_size; +}; + +enum { + TPMFE_STATUS_DISCONNECTED = 0x0, + TPMFE_STATUS_CONNECTED = 0x1 +}; + +int tpm_fe_send(const u8 * buf, size_t count, void *ptr); +int tpm_fe_register_receiver(struct tpmfe_device *); +void tpm_fe_unregister_receiver(void); + +#endif diff -r c35a32f96d20 -r 6a666940fa04 linux-2.6-xen-sparse/include/linux/tpmfe.h --- a/linux-2.6-xen-sparse/include/linux/tpmfe.h Sat Nov 19 21:41:08 2005 +++ /dev/null Sun Nov 20 09:19:38 2005 @@ -1,33 +0,0 @@ -#ifndef TPM_FE_H -#define TPM_FE_H - -struct tpmfe_device { - /* - * Let upper layer receive data from front-end - */ - int (*receive)(const u8 *buffer, size_t count, const void *ptr); - /* - * Indicate the status of the front-end to the upper - * layer. - */ - void (*status)(unsigned int flags); - - /* - * This field indicates the maximum size the driver can - * transfer in one chunk. It is filled out by the front-end - * driver and should be propagated to the generic tpm driver - * for allocation of buffers. - */ - unsigned int max_tx_size; -}; - -enum { - TPMFE_STATUS_DISCONNECTED = 0x0, - TPMFE_STATUS_CONNECTED = 0x1 -}; - -int tpm_fe_send(const u8 * buf, size_t count, void *ptr); -int tpm_fe_register_receiver(struct tpmfe_device *); -void tpm_fe_unregister_receiver(void); - -#endif _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |