|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] merge with xen-unstable.hg
# HG changeset patch # User awilliam@xxxxxxxxxxx # Node ID ae709b250f43768a96c329da23f1de8c7a649a7e # Parent 9a915e2828f340234c1cea2a319ca50ff144c8cf # Parent 1ad06bd6832d478b18b1c1aed9886079c272aeaa merge with xen-unstable.hg diff -r 9a915e2828f3 -r ae709b250f43 README --- a/README Tue Apr 25 22:55:22 2006 -0600 +++ b/README Tue Apr 25 23:35:55 2006 -0600 @@ -1,176 +1,176 @@ -################################ - __ __ _____ ___ - \ \/ /___ _ __ |___ / / _ \ - \ // _ \ '_ \ |_ \| | | | - / \ __/ | | | ___) | |_| | - /_/\_\___|_| |_| |____(_)___/ - -################################ - -http://www.xensource.com/xen/about.html - -What is Xen? -============ - -Xen is a Virtual Machine Monitor (VMM) originally developed by the -Systems Research Group of the University of Cambridge Computer -Laboratory, as part of the UK-EPSRC funded XenoServers project. Xen -is freely-distributable Open Source software, released under the GNU -GPL. Since its initial public release, Xen has grown a large -development community, spearheaded by XenSource Inc, a company created -by the original Xen development team to build enterprise products -around Xen. - -The 3.0 release offers excellent performance, hardware support and -enterprise-grade features such as x86_32-PAE, x86_64, SMP guests and -live relocation of VMs. This install tree contains source for a Linux -2.6 guest; ports to Linux 2.4, NetBSD, FreeBSD and Solaris will follow -later (and are already available for previous Xen releases). - -This file contains some quick-start instructions to install Xen on -your system. For full documentation, see the Xen User Manual. If this -is a pre-built release then you can find the manual at: - dist/install/usr/share/doc/xen/pdf/user.pdf -If you have a source release, then 'make -C docs' will build the -manual at docs/pdf/user.pdf. - -Quick-Start Guide - Pre-Built Binary Release -============================================ - -[NB. Unless noted otherwise, all the following steps should be -performed with root privileges.] - -1. Install the binary distribution onto your filesystem: - - # sh ./install.sh - - Among other things, this will install Xen and Xen-ready Linux - kernel files in /boot, kernel modules and Python packages in /lib, - and various control tools in standard 'bin' directories. - -2. Configure your bootloader to boot Xen and an initial Linux virtual - machine. Note that Xen currently only works with GRUB and pxelinux - derived boot loaders: less common alternatives such as LILO are - *not* supported. You can most likely find your GRUB menu file at - /boot/grub/menu.lst: edit this file to include an entry like the - following: - - title Xen 3.0 / XenLinux 2.6 - kernel /boot/xen-3.0.gz console=vga - module /boot/vmlinuz-2.6-xen root=<root-dev> ro console=tty0 - module /boot/initrd-2.6-xen.img - - NB: Not all kernel configs need an initial ram disk (initrd), but - if you do specify one you'll need to use the 'module' grub directive - rather than 'initrd'. - - The linux command line takes all the usual options, such as - root=<root-dev> to specify your usual root partition (e.g., - /dev/hda1). - - The Xen command line takes a number of optional arguments described - in the manual. The most common is 'dom0_mem=xxxM' which sets the - amount of memory to allocate for use by your initial virtual - machine (known as domain 0). Note that Xen itself reserves about - 32MB memory for internal use, which is not available for allocation - to virtual machines. - -3. Reboot your system and select the "Xen 3.0 / XenLinux 2.6" menu - option. After booting Xen, Linux will start and your initialisation - scripts should execute in the usual way. - -Quick-Start Guide - Source Release -================================== - -First, there are a number of prerequisites for building a Xen source -release. Make sure you have all the following installed, either by -visiting the project webpage or installing a pre-built package -provided by your Linux distributor: - * GCC (preferably v3.2.x or v3.3.x; older versions are unsupported) - * GNU Make - * GNU Binutils - * Development install of zlib (e.g., zlib-dev) - * Development install of Python v2.3 or later (e.g., python-dev) - * bridge-utils package (/sbin/brctl) - * iproute package (/sbin/ip) - * hotplug or udev - -[NB. Unless noted otherwise, all the following steps should be -performed with root privileges.] - -1. Download and untar the source tarball file. This will be a - file named xen-unstable-src.tgz, or xen-$version-src.tgz. - You can also pull the current version from the SCMS - that is being used (Bitkeeper, scheduled to change shortly). - - # tar xzf xen-unstable-src.tgz - - Assuming you are using the unstable tree, this will - untar into xen-unstable. The rest of the instructions - use the unstable tree as an example, substitute the - version for unstable. - -2. cd to xen-unstable (or whatever you sensibly rename it to). - The Linux, netbsd and freebsd kernel source trees are in - the $os-$version-xen-sparse directories. - -On Linux: - -3. For the very first build, or if you want to destroy existing - .configs and build trees, perform the following steps: - - # make world - # make install - - This will create and install onto the local machine. It will build - the xen binary (xen.gz), and a linux kernel and modules that can be - used in both dom0 and an unprivileged guest kernel (vmlinuz-2.6.x-xen), - the tools and the documentation. - - You can override the destination for make install by setting DESTDIR - to some value. - - The make command line defaults to building the kernel vmlinuz-2.6.x-xen. - You can override this default by specifying KERNELS=kernelname. For - example, you can make two kernels - linux-2.6-xen0 - and linux-2.6-xenU - which are smaller builds containing only selected - modules, intended primarily for developers that don't like to wait - for a full -xen kernel to build. The -xenU kernel is particularly small, - as it does not contain any physical device drivers, and hence is - only useful for guest domains. - - To make these two kernels, simply specify - - KERNELS="linux-2.6-xen0 linux-2.6-xenU" - - in the make command line. - - If you want to build an x86_32 PAE capable xen and kernel to work - on machines with >= 4GB of memory, use XEN_TARGET_X86_PAE=y on the - make command line. - -4. To rebuild an existing tree without modifying the config: - # make dist - - This will build and install xen, kernels, tools, and - docs into the local dist/ directory. - - You can override the destination for make install by setting DISTDIR - to some value. - - make install and make dist differ in that make install does the - right things for your local machine (installing the appropriate - version of hotplug or udev scripts, for example), but make dist - includes all versions of those scripts, so that you can copy the dist - directory to another machine and install from that distribution. - -5. To rebuild a kernel with a modified config: - - # make linux-2.6-xen-config CONFIGMODE=menuconfig (or xconfig) - # make linux-2.6-xen-build - # make linux-2.6-xen-install - - Depending on your config, you may need to use 'mkinitrd' to create - an initial ram disk, just like a native system e.g. - # depmod 2.6.16-xen - # mkinitrd -v -f --with=aacraid --with=sd_mod --with=scsi_mod initrd-2.6.16-xen.img 2.6.16-xen +################################ + __ __ _____ ___ + \ \/ /___ _ __ |___ / / _ \ + \ // _ \ '_ \ |_ \| | | | + / \ __/ | | | ___) | |_| | + /_/\_\___|_| |_| |____(_)___/ + +################################ + +http://www.xensource.com/xen/about.html + +What is Xen? +============ + +Xen is a Virtual Machine Monitor (VMM) originally developed by the +Systems Research Group of the University of Cambridge Computer +Laboratory, as part of the UK-EPSRC funded XenoServers project. Xen +is freely-distributable Open Source software, released under the GNU +GPL. Since its initial public release, Xen has grown a large +development community, spearheaded by XenSource Inc, a company created +by the original Xen development team to build enterprise products +around Xen. + +The 3.0 release offers excellent performance, hardware support and +enterprise-grade features such as x86_32-PAE, x86_64, SMP guests and +live relocation of VMs. This install tree contains source for a Linux +2.6 guest; ports to Linux 2.4, NetBSD, FreeBSD and Solaris will follow +later (and are already available for previous Xen releases). + +This file contains some quick-start instructions to install Xen on +your system. For full documentation, see the Xen User Manual. If this +is a pre-built release then you can find the manual at: + dist/install/usr/share/doc/xen/pdf/user.pdf +If you have a source release, then 'make -C docs' will build the +manual at docs/pdf/user.pdf. + +Quick-Start Guide - Pre-Built Binary Release +============================================ + +[NB. Unless noted otherwise, all the following steps should be +performed with root privileges.] + +1. Install the binary distribution onto your filesystem: + + # sh ./install.sh + + Among other things, this will install Xen and Xen-ready Linux + kernel files in /boot, kernel modules and Python packages in /lib, + and various control tools in standard 'bin' directories. + +2. Configure your bootloader to boot Xen and an initial Linux virtual + machine. Note that Xen currently only works with GRUB and pxelinux + derived boot loaders: less common alternatives such as LILO are + *not* supported. You can most likely find your GRUB menu file at + /boot/grub/menu.lst: edit this file to include an entry like the + following: + + title Xen 3.0 / XenLinux 2.6 + kernel /boot/xen-3.0.gz console=vga + module /boot/vmlinuz-2.6-xen root=<root-dev> ro console=tty0 + module /boot/initrd-2.6-xen.img + + NB: Not all kernel configs need an initial ram disk (initrd), but + if you do specify one you'll need to use the 'module' grub directive + rather than 'initrd'. + + The linux command line takes all the usual options, such as + root=<root-dev> to specify your usual root partition (e.g., + /dev/hda1). + + The Xen command line takes a number of optional arguments described + in the manual. The most common is 'dom0_mem=xxxM' which sets the + amount of memory to allocate for use by your initial virtual + machine (known as domain 0). Note that Xen itself reserves about + 32MB memory for internal use, which is not available for allocation + to virtual machines. + +3. Reboot your system and select the "Xen 3.0 / XenLinux 2.6" menu + option. After booting Xen, Linux will start and your initialisation + scripts should execute in the usual way. + +Quick-Start Guide - Source Release +================================== + +First, there are a number of prerequisites for building a Xen source +release. Make sure you have all the following installed, either by +visiting the project webpage or installing a pre-built package +provided by your Linux distributor: + * GCC (preferably v3.2.x or v3.3.x; older versions are unsupported) + * GNU Make + * GNU Binutils + * Development install of zlib (e.g., zlib-dev) + * Development install of Python v2.3 or later (e.g., python-dev) + * bridge-utils package (/sbin/brctl) + * iproute package (/sbin/ip) + * hotplug or udev + +[NB. Unless noted otherwise, all the following steps should be +performed with root privileges.] + +1. Download and untar the source tarball file. This will be a + file named xen-unstable-src.tgz, or xen-$version-src.tgz. + You can also pull the current version from the SCMS + that is being used (Bitkeeper, scheduled to change shortly). + + # tar xzf xen-unstable-src.tgz + + Assuming you are using the unstable tree, this will + untar into xen-unstable. The rest of the instructions + use the unstable tree as an example, substitute the + version for unstable. + +2. cd to xen-unstable (or whatever you sensibly rename it to). + The Linux, netbsd and freebsd kernel source trees are in + the $os-$version-xen-sparse directories. + +On Linux: + +3. For the very first build, or if you want to destroy existing + .configs and build trees, perform the following steps: + + # make world + # make install + + This will create and install onto the local machine. It will build + the xen binary (xen.gz), and a linux kernel and modules that can be + used in both dom0 and an unprivileged guest kernel (vmlinuz-2.6.x-xen), + the tools and the documentation. + + You can override the destination for make install by setting DESTDIR + to some value. + + The make command line defaults to building the kernel vmlinuz-2.6.x-xen. + You can override this default by specifying KERNELS=kernelname. For + example, you can make two kernels - linux-2.6-xen0 + and linux-2.6-xenU - which are smaller builds containing only selected + modules, intended primarily for developers that don't like to wait + for a full -xen kernel to build. The -xenU kernel is particularly small, + as it does not contain any physical device drivers, and hence is + only useful for guest domains. + + To make these two kernels, simply specify + + KERNELS="linux-2.6-xen0 linux-2.6-xenU" + + in the make command line. + + If you want to build an x86_32 PAE capable xen and kernel to work + on machines with >= 4GB of memory, use XEN_TARGET_X86_PAE=y on the + make command line. + +4. To rebuild an existing tree without modifying the config: + # make dist + + This will build and install xen, kernels, tools, and + docs into the local dist/ directory. + + You can override the destination for make install by setting DISTDIR + to some value. + + make install and make dist differ in that make install does the + right things for your local machine (installing the appropriate + version of hotplug or udev scripts, for example), but make dist + includes all versions of those scripts, so that you can copy the dist + directory to another machine and install from that distribution. + +5. To rebuild a kernel with a modified config: + + # make linux-2.6-xen-config CONFIGMODE=menuconfig (or xconfig) + # make linux-2.6-xen-build + # make linux-2.6-xen-install + + Depending on your config, you may need to use 'mkinitrd' to create + an initial ram disk, just like a native system e.g. + # depmod 2.6.16-xen + # mkinitrd -v -f --with=aacraid --with=sd_mod --with=scsi_mod initrd-2.6.16-xen.img 2.6.16-xen diff -r 9a915e2828f3 -r ae709b250f43 buildconfigs/linux-defconfig_xen_x86_32 --- a/buildconfigs/linux-defconfig_xen_x86_32 Tue Apr 25 22:55:22 2006 -0600 +++ b/buildconfigs/linux-defconfig_xen_x86_32 Tue Apr 25 23:35:55 2006 -0600 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Linux kernel version: 2.6.16-rc3-xen0 -# Thu Feb 16 22:54:14 2006 +# Linux kernel version: 2.6.16-xen +# Thu Apr 20 17:07:18 2006 # CONFIG_X86_32=y CONFIG_SEMAPHORE_SLEEPERS=y @@ -28,16 +28,18 @@ CONFIG_SYSVIPC=y CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y -# CONFIG_BSD_PROCESS_ACCT_V3 is not set +CONFIG_BSD_PROCESS_ACCT_V3=y CONFIG_SYSCTL=y -# CONFIG_AUDIT is not set -# CONFIG_IKCONFIG is not set -# CONFIG_CPUSETS is not set +CONFIG_AUDIT=y +CONFIG_AUDITSYSCALL=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_CPUSETS=y CONFIG_INITRAMFS_SOURCE="" CONFIG_UID16=y CONFIG_VM86=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set -CONFIG_EMBEDDED=y +# CONFIG_EMBEDDED is not set CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_ALL is not set # CONFIG_KALLSYMS_EXTRA_PASS is not set @@ -67,7 +69,7 @@ CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_OBSOLETE_MODPARM=y CONFIG_MODVERSIONS=y -# CONFIG_MODULE_SRCVERSION_ALL is not set +CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_KMOD=y CONFIG_STOP_MACHINE=y @@ -83,11 +85,11 @@ CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y -CONFIG_DEFAULT_AS=y +# CONFIG_DEFAULT_AS is not set # CONFIG_DEFAULT_DEADLINE is not set -# CONFIG_DEFAULT_CFQ is not set +CONFIG_DEFAULT_CFQ=y # CONFIG_DEFAULT_NOOP is not set -CONFIG_DEFAULT_IOSCHED="anticipatory" +CONFIG_DEFAULT_IOSCHED="cfq" # # Processor type and features @@ -124,10 +126,10 @@ CONFIG_M686=y # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set -# CONFIG_X86_GENERIC is not set +CONFIG_X86_GENERIC=y CONFIG_X86_CMPXCHG=y CONFIG_X86_XADD=y -CONFIG_X86_L1_CACHE_SHIFT=5 +CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_X86_PPRO_FENCE=y @@ -137,13 +139,14 @@ CONFIG_X86_POPAD_OK=y CONFIG_X86_POPAD_OK=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_GOOD_APIC=y +CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_SMP=y CONFIG_SMP_ALTERNATIVES=y -CONFIG_NR_CPUS=8 -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set +CONFIG_NR_CPUS=32 +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y # CONFIG_PREEMPT is not set CONFIG_PREEMPT_BKL=y CONFIG_X86_LOCAL_APIC=y @@ -178,7 +181,7 @@ CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set CONFIG_SPLIT_PTLOCK_CPUS=4096 CONFIG_MTRR=y -# CONFIG_REGPARM is not set +CONFIG_REGPARM=y CONFIG_SECCOMP=y CONFIG_HZ_100=y # CONFIG_HZ_250 is not set @@ -214,7 +217,6 @@ CONFIG_ACPI_EC=y CONFIG_ACPI_EC=y CONFIG_ACPI_POWER=y CONFIG_ACPI_SYSTEM=y -# CONFIG_X86_PM_TIMER is not set CONFIG_ACPI_CONTAINER=m # @@ -269,7 +271,8 @@ CONFIG_PCCARD_NONSTATIC=m # CONFIG_HOTPLUG_PCI=m CONFIG_HOTPLUG_PCI_FAKE=m -# CONFIG_HOTPLUG_PCI_ACPI is not set +CONFIG_HOTPLUG_PCI_ACPI=m +CONFIG_HOTPLUG_PCI_ACPI_IBM=m CONFIG_HOTPLUG_PCI_CPCI=y CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m @@ -296,7 +299,7 @@ CONFIG_PACKET_MMAP=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y -CONFIG_XFRM_USER=y +CONFIG_XFRM_USER=m CONFIG_NET_KEY=m CONFIG_INET=y CONFIG_IP_MULTICAST=y @@ -518,7 +521,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=m CONFIG_BRIDGE_EBT_REDIRECT=m CONFIG_BRIDGE_EBT_SNAT=m CONFIG_BRIDGE_EBT_LOG=m -# CONFIG_BRIDGE_EBT_ULOG is not set +CONFIG_BRIDGE_EBT_ULOG=m # # DCCP Configuration (EXPERIMENTAL) @@ -551,18 +554,10 @@ CONFIG_SCTP_HMAC_MD5=y # # TIPC Configuration (EXPERIMENTAL) # -CONFIG_TIPC=m -CONFIG_TIPC_ADVANCED=y -CONFIG_TIPC_ZONES=3 -CONFIG_TIPC_CLUSTERS=1 -CONFIG_TIPC_NODES=255 -CONFIG_TIPC_SLAVE_NODES=0 -CONFIG_TIPC_PORTS=8191 -CONFIG_TIPC_LOG=0 -# CONFIG_TIPC_DEBUG is not set -CONFIG_ATM=y -CONFIG_ATM_CLIP=y -# CONFIG_ATM_CLIP_NO_ICMP is not set +# CONFIG_TIPC is not set +CONFIG_ATM=m +CONFIG_ATM_CLIP=m +CONFIG_ATM_CLIP_NO_ICMP=y CONFIG_ATM_LANE=m CONFIG_ATM_MPOA=m CONFIG_ATM_BR2684=m @@ -570,7 +565,8 @@ CONFIG_BRIDGE=m CONFIG_BRIDGE=m CONFIG_VLAN_8021Q=m CONFIG_DECNET=m -# CONFIG_DECNET_ROUTER is not set +CONFIG_DECNET_ROUTER=y +CONFIG_DECNET_ROUTE_FWMARK=y CONFIG_LLC=y CONFIG_LLC2=m CONFIG_IPX=m @@ -623,8 +619,8 @@ CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m -# CONFIG_CLS_U32_PERF is not set -# CONFIG_CLS_U32_MARK is not set +CONFIG_CLS_U32_PERF=y +CONFIG_CLS_U32_MARK=y CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_EMATCH=y @@ -717,13 +713,13 @@ CONFIG_ACT200L_DONGLE=m # CONFIG_USB_IRDA=m CONFIG_SIGMATEL_FIR=m -# CONFIG_NSC_FIR is not set -# CONFIG_WINBOND_FIR is not set -# CONFIG_TOSHIBA_FIR is not set -# CONFIG_SMC_IRCC_FIR is not set -# CONFIG_ALI_FIR is not set +CONFIG_NSC_FIR=m +CONFIG_WINBOND_FIR=m +CONFIG_TOSHIBA_FIR=m +CONFIG_SMC_IRCC_FIR=m +CONFIG_ALI_FIR=m CONFIG_VLSI_FIR=m -# CONFIG_VIA_FIR is not set +CONFIG_VIA_FIR=m CONFIG_BT=m CONFIG_BT_L2CAP=m CONFIG_BT_SCO=m @@ -744,7 +740,7 @@ CONFIG_BT_HCIUART_H4=y CONFIG_BT_HCIUART_H4=y CONFIG_BT_HCIUART_BCSP=y CONFIG_BT_HCIBCM203X=m -# CONFIG_BT_HCIBPA10X is not set +CONFIG_BT_HCIBPA10X=m CONFIG_BT_HCIBFUSB=m CONFIG_BT_HCIDTL1=m CONFIG_BT_HCIBT3C=m @@ -805,7 +801,11 @@ CONFIG_MTD_CFI=m CONFIG_MTD_CFI=m CONFIG_MTD_JEDECPROBE=m CONFIG_MTD_GEN_PROBE=m -# CONFIG_MTD_CFI_ADV_OPTIONS is not set +CONFIG_MTD_CFI_ADV_OPTIONS=y +CONFIG_MTD_CFI_NOSWAP=y +# CONFIG_MTD_CFI_BE_BYTE_SWAP is not set +# CONFIG_MTD_CFI_LE_BYTE_SWAP is not set +# CONFIG_MTD_CFI_GEOMETRY is not set CONFIG_MTD_MAP_BANK_WIDTH_1=y CONFIG_MTD_MAP_BANK_WIDTH_2=y CONFIG_MTD_MAP_BANK_WIDTH_4=y @@ -816,6 +816,7 @@ CONFIG_MTD_CFI_I2=y CONFIG_MTD_CFI_I2=y # CONFIG_MTD_CFI_I4 is not set # CONFIG_MTD_CFI_I8 is not set +# CONFIG_MTD_OTP is not set CONFIG_MTD_CFI_INTELEXT=m CONFIG_MTD_CFI_AMDSTD=m CONFIG_MTD_CFI_AMDSTD_RETRY=0 @@ -840,13 +841,13 @@ CONFIG_MTD_TS5500=m CONFIG_MTD_TS5500=m CONFIG_MTD_SBC_GXX=m CONFIG_MTD_SCx200_DOCFLASH=m -# CONFIG_MTD_AMD76XROM is not set -# CONFIG_MTD_ICHXROM is not set -# CONFIG_MTD_SCB2_FLASH is not set +CONFIG_MTD_AMD76XROM=m +CONFIG_MTD_ICHXROM=m +CONFIG_MTD_SCB2_FLASH=m CONFIG_MTD_NETtel=m CONFIG_MTD_DILNETPC=m CONFIG_MTD_DILNETPC_BOOTSIZE=0x80000 -# CONFIG_MTD_L440GX is not set +CONFIG_MTD_L440GX=m CONFIG_MTD_PCI=m CONFIG_MTD_PLATRAM=m @@ -864,7 +865,7 @@ CONFIG_MTDRAM_TOTAL_SIZE=4096 CONFIG_MTDRAM_TOTAL_SIZE=4096 CONFIG_MTDRAM_ERASE_SIZE=128 CONFIG_MTD_BLKMTD=m -# CONFIG_MTD_BLOCK2MTD is not set +CONFIG_MTD_BLOCK2MTD=m # # Disk-On-Chip Device Drivers @@ -886,8 +887,8 @@ CONFIG_MTD_NAND_DISKONCHIP=m CONFIG_MTD_NAND_DISKONCHIP=m # CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0 -# CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE is not set -# CONFIG_MTD_NAND_NANDSIM is not set +CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE=y +CONFIG_MTD_NAND_NANDSIM=y # # OneNAND Flash Device Drivers @@ -902,7 +903,7 @@ CONFIG_PARPORT_PC=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m CONFIG_PARPORT_PC_FIFO=y -# CONFIG_PARPORT_PC_SUPERIO is not set +CONFIG_PARPORT_PC_SUPERIO=y CONFIG_PARPORT_PC_PCMCIA=m CONFIG_PARPORT_NOT_PC=y # CONFIG_PARPORT_GSC is not set @@ -912,7 +913,7 @@ CONFIG_PARPORT_1284=y # Plug and Play support # CONFIG_PNP=y -CONFIG_PNP_DEBUG=y +# CONFIG_PNP_DEBUG is not set # # Protocols @@ -922,7 +923,7 @@ CONFIG_PNPACPI=y # # Block devices # -CONFIG_BLK_DEV_FD=m +CONFIG_BLK_DEV_FD=y CONFIG_PARIDE=m CONFIG_PARIDE_PARPORT=m @@ -946,7 +947,7 @@ CONFIG_PARIDE_FIT2=m CONFIG_PARIDE_FIT2=m CONFIG_PARIDE_FIT3=m CONFIG_PARIDE_EPAT=m -# CONFIG_PARIDE_EPATC8 is not set +CONFIG_PARIDE_EPATC8=y CONFIG_PARIDE_EPIA=m CONFIG_PARIDE_FRIQ=m CONFIG_PARIDE_FRPW=m @@ -960,7 +961,7 @@ CONFIG_BLK_DEV_DAC960=m CONFIG_BLK_DEV_DAC960=m CONFIG_BLK_DEV_UMEM=m # CONFIG_BLK_DEV_COW_COMMON is not set -CONFIG_BLK_DEV_LOOP=m +CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=m CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_SX8=m @@ -971,7 +972,7 @@ CONFIG_BLK_DEV_INITRD=y CONFIG_BLK_DEV_INITRD=y CONFIG_CDROM_PKTCDVD=m CONFIG_CDROM_PKTCDVD_BUFFERS=8 -# CONFIG_CDROM_PKTCDVD_WCACHE is not set +CONFIG_CDROM_PKTCDVD_WCACHE=y CONFIG_ATA_OVER_ETH=m # @@ -985,59 +986,59 @@ CONFIG_BLK_DEV_IDE=y # # CONFIG_BLK_DEV_IDE_SATA is not set # CONFIG_BLK_DEV_HD_IDE is not set -CONFIG_BLK_DEV_IDEDISK=y +CONFIG_BLK_DEV_IDEDISK=m CONFIG_IDEDISK_MULTI_MODE=y CONFIG_BLK_DEV_IDECS=m -CONFIG_BLK_DEV_IDECD=y +CONFIG_BLK_DEV_IDECD=m CONFIG_BLK_DEV_IDETAPE=m -CONFIG_BLK_DEV_IDEFLOPPY=y +CONFIG_BLK_DEV_IDEFLOPPY=m CONFIG_BLK_DEV_IDESCSI=m # CONFIG_IDE_TASK_IOCTL is not set # # IDE chipset support/bugfixes # -CONFIG_IDE_GENERIC=y +CONFIG_IDE_GENERIC=m CONFIG_BLK_DEV_CMD640=y CONFIG_BLK_DEV_CMD640_ENHANCED=y CONFIG_BLK_DEV_IDEPNP=y CONFIG_BLK_DEV_IDEPCI=y CONFIG_IDEPCI_SHARE_IRQ=y -# CONFIG_BLK_DEV_OFFBOARD is not set +CONFIG_BLK_DEV_OFFBOARD=y CONFIG_BLK_DEV_GENERIC=y CONFIG_BLK_DEV_OPTI621=m -CONFIG_BLK_DEV_RZ1000=y +CONFIG_BLK_DEV_RZ1000=m CONFIG_BLK_DEV_IDEDMA_PCI=y # CONFIG_BLK_DEV_IDEDMA_FORCED is not set CONFIG_IDEDMA_PCI_AUTO=y # CONFIG_IDEDMA_ONLYDISK is not set -CONFIG_BLK_DEV_AEC62XX=y -CONFIG_BLK_DEV_ALI15X3=y +CONFIG_BLK_DEV_AEC62XX=m +CONFIG_BLK_DEV_ALI15X3=m # CONFIG_WDC_ALI15X3 is not set -CONFIG_BLK_DEV_AMD74XX=y -CONFIG_BLK_DEV_ATIIXP=y -CONFIG_BLK_DEV_CMD64X=y -CONFIG_BLK_DEV_TRIFLEX=y -CONFIG_BLK_DEV_CY82C693=y -CONFIG_BLK_DEV_CS5520=y -CONFIG_BLK_DEV_CS5530=y +CONFIG_BLK_DEV_AMD74XX=m +CONFIG_BLK_DEV_ATIIXP=m +CONFIG_BLK_DEV_CMD64X=m +CONFIG_BLK_DEV_TRIFLEX=m +CONFIG_BLK_DEV_CY82C693=m +CONFIG_BLK_DEV_CS5520=m +CONFIG_BLK_DEV_CS5530=m CONFIG_BLK_DEV_CS5535=m -CONFIG_BLK_DEV_HPT34X=y -# CONFIG_HPT34X_AUTODMA is not set -CONFIG_BLK_DEV_HPT366=y +CONFIG_BLK_DEV_HPT34X=m +CONFIG_HPT34X_AUTODMA=y +CONFIG_BLK_DEV_HPT366=m CONFIG_BLK_DEV_SC1200=m -CONFIG_BLK_DEV_PIIX=y +CONFIG_BLK_DEV_PIIX=m CONFIG_BLK_DEV_IT821X=m CONFIG_BLK_DEV_NS87415=m -CONFIG_BLK_DEV_PDC202XX_OLD=y +CONFIG_BLK_DEV_PDC202XX_OLD=m CONFIG_PDC202XX_BURST=y -CONFIG_BLK_DEV_PDC202XX_NEW=y -CONFIG_BLK_DEV_SVWKS=y -CONFIG_BLK_DEV_SIIMAGE=y -CONFIG_BLK_DEV_SIS5513=y -CONFIG_BLK_DEV_SLC90E66=y +CONFIG_BLK_DEV_PDC202XX_NEW=m +CONFIG_BLK_DEV_SVWKS=m +CONFIG_BLK_DEV_SIIMAGE=m +CONFIG_BLK_DEV_SIS5513=m +CONFIG_BLK_DEV_SLC90E66=m CONFIG_BLK_DEV_TRM290=m -CONFIG_BLK_DEV_VIA82CXXX=y +CONFIG_BLK_DEV_VIA82CXXX=m # CONFIG_IDE_ARM is not set CONFIG_BLK_DEV_IDEDMA=y # CONFIG_IDEDMA_IVB is not set @@ -1112,7 +1113,7 @@ CONFIG_SCSI_SATA_MV=m CONFIG_SCSI_SATA_MV=m CONFIG_SCSI_SATA_NV=m CONFIG_SCSI_PDC_ADMA=m -# CONFIG_SCSI_SATA_QSTOR is not set +CONFIG_SCSI_SATA_QSTOR=m CONFIG_SCSI_SATA_PROMISE=m CONFIG_SCSI_SATA_SX4=m CONFIG_SCSI_SATA_SIL=m @@ -1122,14 +1123,18 @@ CONFIG_SCSI_SATA_VIA=m CONFIG_SCSI_SATA_VIA=m CONFIG_SCSI_SATA_VITESSE=m CONFIG_SCSI_SATA_INTEL_COMBINED=y -# CONFIG_SCSI_BUSLOGIC is not set +CONFIG_SCSI_BUSLOGIC=m +# CONFIG_SCSI_OMIT_FLASHPOINT is not set CONFIG_SCSI_DMX3191D=m -# CONFIG_SCSI_EATA is not set +CONFIG_SCSI_EATA=m +CONFIG_SCSI_EATA_TAGGED_QUEUE=y +CONFIG_SCSI_EATA_LINKED_COMMANDS=y +CONFIG_SCSI_EATA_MAX_TAGS=16 CONFIG_SCSI_FUTURE_DOMAIN=m -# CONFIG_SCSI_GDTH is not set +CONFIG_SCSI_GDTH=m CONFIG_SCSI_IPS=m -# CONFIG_SCSI_INITIO is not set -# CONFIG_SCSI_INIA100 is not set +CONFIG_SCSI_INITIO=m +CONFIG_SCSI_INIA100=m CONFIG_SCSI_PPA=m CONFIG_SCSI_IMM=m # CONFIG_SCSI_IZIP_EPP16 is not set @@ -1140,8 +1145,8 @@ CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 # CONFIG_SCSI_SYM53C8XX_IOMAPPED is not set CONFIG_SCSI_IPR=m -# CONFIG_SCSI_IPR_TRACE is not set -# CONFIG_SCSI_IPR_DUMP is not set +CONFIG_SCSI_IPR_TRACE=y +CONFIG_SCSI_IPR_DUMP=y CONFIG_SCSI_QLOGIC_FC=m CONFIG_SCSI_QLOGIC_FC_FIRMWARE=y CONFIG_SCSI_QLOGIC_1280=m @@ -1166,7 +1171,7 @@ CONFIG_PCMCIA_SYM53C500=m # Multi-device support (RAID and LVM) # CONFIG_MD=y -CONFIG_BLK_DEV_MD=m +CONFIG_BLK_DEV_MD=y CONFIG_MD_LINEAR=m CONFIG_MD_RAID0=m CONFIG_MD_RAID1=m @@ -1206,7 +1211,7 @@ CONFIG_IEEE1394=m # CONFIG_IEEE1394_OUI_DB is not set CONFIG_IEEE1394_EXTRA_CONFIG_ROMS=y CONFIG_IEEE1394_CONFIG_ROM_IP1394=y -# CONFIG_IEEE1394_EXPORT_FULL_API is not set +CONFIG_IEEE1394_EXPORT_FULL_API=y # # Device Drivers @@ -1254,12 +1259,11 @@ CONFIG_ARCNET_1201=m CONFIG_ARCNET_1201=m CONFIG_ARCNET_1051=m CONFIG_ARCNET_RAW=m -# CONFIG_ARCNET_CAP is not set +CONFIG_ARCNET_CAP=m CONFIG_ARCNET_COM90xx=m CONFIG_ARCNET_COM90xxIO=m CONFIG_ARCNET_RIM_I=m -CONFIG_ARCNET_COM20020=m -CONFIG_ARCNET_COM20020_PCI=m +# CONFIG_ARCNET_COM20020 is not set # # PHY device support @@ -1295,7 +1299,8 @@ CONFIG_TULIP=m CONFIG_TULIP=m # CONFIG_TULIP_MWI is not set # CONFIG_TULIP_MMIO is not set -# CONFIG_TULIP_NAPI is not set +CONFIG_TULIP_NAPI=y +CONFIG_TULIP_NAPI_HW_MITIGATION=y CONFIG_DE4X5=m CONFIG_WINBOND_840=m CONFIG_DM9102=m @@ -1307,10 +1312,10 @@ CONFIG_AMD8111_ETH=m CONFIG_AMD8111_ETH=m # CONFIG_AMD8111E_NAPI is not set CONFIG_ADAPTEC_STARFIRE=m -# CONFIG_ADAPTEC_STARFIRE_NAPI is not set +CONFIG_ADAPTEC_STARFIRE_NAPI=y CONFIG_B44=m CONFIG_FORCEDETH=m -# CONFIG_DGRS is not set +CONFIG_DGRS=m CONFIG_EEPRO100=m CONFIG_E100=m CONFIG_FEALNX=m @@ -1318,8 +1323,8 @@ CONFIG_NE2K_PCI=m CONFIG_NE2K_PCI=m CONFIG_8139CP=m CONFIG_8139TOO=m -CONFIG_8139TOO_PIO=y -CONFIG_8139TOO_TUNE_TWISTER=y +# CONFIG_8139TOO_PIO is not set +# CONFIG_8139TOO_TUNE_TWISTER is not set CONFIG_8139TOO_8129=y # CONFIG_8139_OLD_RX_RESET is not set CONFIG_SIS900=m @@ -1329,22 +1334,26 @@ CONFIG_TLAN=m CONFIG_TLAN=m CONFIG_VIA_RHINE=m # CONFIG_VIA_RHINE_MMIO is not set -# CONFIG_NET_POCKET is not set +CONFIG_NET_POCKET=y +CONFIG_ATP=m +CONFIG_DE600=m +CONFIG_DE620=m # # Ethernet (1000 Mbit) # -# CONFIG_ACENIC is not set +CONFIG_ACENIC=m +# CONFIG_ACENIC_OMIT_TIGON_I is not set CONFIG_DL2K=m CONFIG_E1000=m -# CONFIG_E1000_NAPI is not set +CONFIG_E1000_NAPI=y # CONFIG_E1000_DISABLE_PACKET_SPLIT is not set CONFIG_NS83820=m CONFIG_HAMACHI=m CONFIG_YELLOWFIN=m CONFIG_R8169=m # CONFIG_R8169_NAPI is not set -# CONFIG_R8169_VLAN is not set +CONFIG_R8169_VLAN=y CONFIG_SIS190=m CONFIG_SKGE=m CONFIG_SKY2=m @@ -1358,9 +1367,9 @@ CONFIG_BNX2=m # CONFIG_CHELSIO_T1=m CONFIG_IXGB=m -# CONFIG_IXGB_NAPI is not set +CONFIG_IXGB_NAPI=y CONFIG_S2IO=m -# CONFIG_S2IO_NAPI is not set +CONFIG_S2IO_NAPI=y # # Token Ring devices @@ -1398,7 +1407,7 @@ CONFIG_IPW2100_MONITOR=y # CONFIG_IPW2100_DEBUG is not set CONFIG_IPW2200=m # CONFIG_IPW2200_DEBUG is not set -# CONFIG_AIRO is not set +CONFIG_AIRO=m CONFIG_HERMES=m CONFIG_PLX_HERMES=m CONFIG_TMD_HERMES=m @@ -1421,7 +1430,8 @@ CONFIG_PCMCIA_WL3501=m # CONFIG_PRISM54=m CONFIG_HOSTAP=m -# CONFIG_HOSTAP_FIRMWARE is not set +CONFIG_HOSTAP_FIRMWARE=y +CONFIG_HOSTAP_FIRMWARE_NVRAM=y CONFIG_HOSTAP_PLX=m CONFIG_HOSTAP_PCI=m CONFIG_HOSTAP_CS=m @@ -1439,7 +1449,6 @@ CONFIG_PCMCIA_SMC91C92=m CONFIG_PCMCIA_SMC91C92=m CONFIG_PCMCIA_XIRC2PS=m CONFIG_PCMCIA_AXNET=m -CONFIG_ARCNET_COM20020_CS=m CONFIG_PCMCIA_IBMTR=m # @@ -1487,11 +1496,11 @@ CONFIG_ATM_ZATM=m CONFIG_ATM_ZATM=m # CONFIG_ATM_ZATM_DEBUG is not set CONFIG_ATM_NICSTAR=m -# CONFIG_ATM_NICSTAR_USE_SUNI is not set -# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set +CONFIG_ATM_NICSTAR_USE_SUNI=y +CONFIG_ATM_NICSTAR_USE_IDT77105=y CONFIG_ATM_IDT77252=m # CONFIG_ATM_IDT77252_DEBUG is not set -# CONFIG_ATM_IDT77252_RCV_ALL is not set +CONFIG_ATM_IDT77252_RCV_ALL=y CONFIG_ATM_IDT77252_USE_SUNI=y CONFIG_ATM_AMBASSADOR=m # CONFIG_ATM_AMBASSADOR_DEBUG is not set @@ -1502,18 +1511,18 @@ CONFIG_ATM_FORE200E_MAYBE=m CONFIG_ATM_FORE200E_MAYBE=m CONFIG_ATM_FORE200E_PCA=y CONFIG_ATM_FORE200E_PCA_DEFAULT_FW=y -# CONFIG_ATM_FORE200E_USE_TASKLET is not set +CONFIG_ATM_FORE200E_USE_TASKLET=y CONFIG_ATM_FORE200E_TX_RETRY=16 CONFIG_ATM_FORE200E_DEBUG=0 CONFIG_ATM_FORE200E=m CONFIG_ATM_HE=m CONFIG_ATM_HE_USE_SUNI=y CONFIG_FDDI=y -CONFIG_DEFXX=m +# CONFIG_DEFXX is not set CONFIG_SKFP=m CONFIG_HIPPI=y CONFIG_ROADRUNNER=m -# CONFIG_ROADRUNNER_LARGE_RINGS is not set +CONFIG_ROADRUNNER_LARGE_RINGS=y CONFIG_PLIP=m CONFIG_PPP=m CONFIG_PPP_MULTILINK=y @@ -1533,8 +1542,8 @@ CONFIG_SHAPER=m CONFIG_SHAPER=m CONFIG_NETCONSOLE=m CONFIG_NETPOLL=y -# CONFIG_NETPOLL_RX is not set -# CONFIG_NETPOLL_TRAP is not set +CONFIG_NETPOLL_RX=y +CONFIG_NETPOLL_TRAP=y CONFIG_NET_POLL_CONTROLLER=y # @@ -1558,7 +1567,7 @@ CONFIG_ISDN_X25=y # # ISDN feature submodules # -# CONFIG_ISDN_DIVERSION is not set +CONFIG_ISDN_DIVERSION=m # # ISDN4Linux hardware drivers @@ -1775,7 +1784,8 @@ CONFIG_SERIAL_8250_RUNTIME_UARTS=4 # # Non-8250 serial port support # -# CONFIG_SERIAL_JSM is not set +CONFIG_SERIAL_CORE=m +CONFIG_SERIAL_JSM=m CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y CONFIG_LEGACY_PTY_COUNT=256 @@ -1890,7 +1900,11 @@ CONFIG_HANGCHECK_TIMER=m # # TPM devices # -# CONFIG_TCG_TPM is not set +CONFIG_TCG_TPM=m +CONFIG_TCG_NSC=m +CONFIG_TCG_ATMEL=m +CONFIG_TCG_INFINEON=m +CONFIG_TCG_XEN=m CONFIG_TELCLOCK=m # @@ -1981,7 +1995,7 @@ CONFIG_W1_THERM=m CONFIG_W1_THERM=m CONFIG_W1_SMEM=m CONFIG_W1_DS2433=m -# CONFIG_W1_DS2433_CRC is not set +CONFIG_W1_DS2433_CRC=y # # Hardware Monitoring support @@ -2016,7 +2030,7 @@ CONFIG_SENSORS_PC87360=m CONFIG_SENSORS_PC87360=m CONFIG_SENSORS_SIS5595=m CONFIG_SENSORS_SMSC47M1=m -# CONFIG_SENSORS_SMSC47B397 is not set +CONFIG_SENSORS_SMSC47B397=m CONFIG_SENSORS_VIA686A=m CONFIG_SENSORS_VT8231=m CONFIG_SENSORS_W83781D=m @@ -2050,7 +2064,7 @@ CONFIG_VIDEO_DEV=m # # CONFIG_VIDEO_ADV_DEBUG is not set CONFIG_VIDEO_BT848=m -# CONFIG_VIDEO_BT848_DVB is not set +CONFIG_VIDEO_BT848_DVB=y CONFIG_VIDEO_SAA6588=m CONFIG_VIDEO_BWQCAM=m CONFIG_VIDEO_CQCAM=m @@ -2069,14 +2083,19 @@ CONFIG_VIDEO_ZORAN_LML33=m CONFIG_VIDEO_ZORAN_LML33=m CONFIG_VIDEO_ZORAN_LML33R10=m CONFIG_VIDEO_MEYE=m -# CONFIG_VIDEO_SAA7134 is not set +CONFIG_VIDEO_SAA7134=m +CONFIG_VIDEO_SAA7134_ALSA=m +# CONFIG_VIDEO_SAA7134_OSS is not set +CONFIG_VIDEO_SAA7134_DVB=m +CONFIG_VIDEO_SAA7134_DVB_ALL_FRONTENDS=y CONFIG_VIDEO_MXB=m CONFIG_VIDEO_DPC=m CONFIG_VIDEO_HEXIUM_ORION=m CONFIG_VIDEO_HEXIUM_GEMINI=m CONFIG_VIDEO_CX88=m -# CONFIG_VIDEO_CX88_DVB is not set CONFIG_VIDEO_CX88_ALSA=m +CONFIG_VIDEO_CX88_DVB=m +CONFIG_VIDEO_CX88_DVB_ALL_FRONTENDS=y CONFIG_VIDEO_CX88_VP3054=m CONFIG_VIDEO_EM28XX=m CONFIG_VIDEO_OVCAMCHIP=m @@ -2100,7 +2119,7 @@ CONFIG_DVB_CORE=m # Supported SAA7146 based PCI Adapters # CONFIG_DVB_AV7110=m -# CONFIG_DVB_AV7110_OSD is not set +CONFIG_DVB_AV7110_OSD=y CONFIG_DVB_BUDGET=m CONFIG_DVB_BUDGET_CI=m CONFIG_DVB_BUDGET_AV=m @@ -2198,6 +2217,7 @@ CONFIG_VIDEO_VIDEOBUF=m CONFIG_VIDEO_VIDEOBUF=m CONFIG_VIDEO_TUNER=m CONFIG_VIDEO_BUF=m +CONFIG_VIDEO_BUF_DVB=m CONFIG_VIDEO_BTCX=m CONFIG_VIDEO_IR=m CONFIG_VIDEO_TVEEPROM=m @@ -2206,9 +2226,9 @@ CONFIG_VIDEO_TVEEPROM=m # Graphics support # CONFIG_FB=y -CONFIG_FB_CFB_FILLRECT=m -CONFIG_FB_CFB_COPYAREA=m -CONFIG_FB_CFB_IMAGEBLIT=m +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y # CONFIG_FB_MACMODES is not set CONFIG_FB_MODE_HELPERS=y CONFIG_FB_TILEBLITTING=y @@ -2220,7 +2240,7 @@ CONFIG_FB_ARC=m # CONFIG_FB_ASILIANT is not set # CONFIG_FB_IMSTT is not set CONFIG_FB_VGA16=m -# CONFIG_FB_VESA is not set +CONFIG_FB_VESA=y CONFIG_VIDEO_SELECT=y CONFIG_FB_HGA=m # CONFIG_FB_HGA_ACCEL is not set @@ -2237,10 +2257,10 @@ CONFIG_FB_MATROX=m CONFIG_FB_MATROX=m CONFIG_FB_MATROX_MILLENIUM=y CONFIG_FB_MATROX_MYSTIQUE=y -# CONFIG_FB_MATROX_G is not set -CONFIG_FB_MATROX_I2C=m +CONFIG_FB_MATROX_G=y +# CONFIG_FB_MATROX_I2C is not set CONFIG_FB_MATROX_MULTIHEAD=y -CONFIG_FB_RADEON_OLD=m +# CONFIG_FB_RADEON_OLD is not set CONFIG_FB_RADEON=m CONFIG_FB_RADEON_I2C=y # CONFIG_FB_RADEON_DEBUG is not set @@ -2282,7 +2302,11 @@ CONFIG_FONT_8x16=y # Logo configuration # # CONFIG_LOGO is not set -# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +CONFIG_BACKLIGHT_LCD_SUPPORT=y +CONFIG_BACKLIGHT_CLASS_DEVICE=m +CONFIG_BACKLIGHT_DEVICE=y +CONFIG_LCD_CLASS_DEVICE=m +CONFIG_LCD_DEVICE=y # # Sound @@ -2328,7 +2352,7 @@ CONFIG_SND_MPU401=m # PCI devices # CONFIG_SND_AD1889=m -# CONFIG_SND_ALS4000 is not set +CONFIG_SND_ALS4000=m CONFIG_SND_ALI5451=m CONFIG_SND_ATIIXP=m CONFIG_SND_ATIIXP_MODEM=m @@ -2345,7 +2369,7 @@ CONFIG_SND_CS46XX_NEW_DSP=y CONFIG_SND_CS46XX_NEW_DSP=y CONFIG_SND_CS5535AUDIO=m CONFIG_SND_EMU10K1=m -# CONFIG_SND_EMU10K1X is not set +CONFIG_SND_EMU10K1X=m CONFIG_SND_ENS1370=m CONFIG_SND_ENS1371=m CONFIG_SND_ES1938=m @@ -2402,7 +2426,7 @@ CONFIG_SOUND_TVMIXER=m # CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB_ARCH_HAS_OHCI=y -CONFIG_USB=y +CONFIG_USB=m # CONFIG_USB_DEBUG is not set # @@ -2417,7 +2441,7 @@ CONFIG_USB_BANDWIDTH=y # # USB Host Controller Drivers # -CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_HCD=m CONFIG_USB_EHCI_SPLIT_ISO=y CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_ISP116X_HCD=m @@ -2461,14 +2485,17 @@ CONFIG_USB_HID=m CONFIG_USB_HID=m CONFIG_USB_HIDINPUT=y # CONFIG_USB_HIDINPUT_POWERBOOK is not set -# CONFIG_HID_FF is not set +CONFIG_HID_FF=y +CONFIG_HID_PID=y +CONFIG_LOGITECH_FF=y +CONFIG_THRUSTMASTER_FF=y CONFIG_USB_HIDDEV=y # # USB HID Boot Protocol drivers # -CONFIG_USB_KBD=m -CONFIG_USB_MOUSE=m +# CONFIG_USB_KBD is not set +# CONFIG_USB_MOUSE is not set CONFIG_USB_AIPTEK=m CONFIG_USB_WACOM=m CONFIG_USB_ACECAD=m @@ -2493,7 +2520,7 @@ CONFIG_USB_MICROTEK=m # # USB Multimedia devices # -# CONFIG_USB_DABUSB is not set +CONFIG_USB_DABUSB=m CONFIG_USB_VICAM=m CONFIG_USB_DSBR=m CONFIG_USB_ET61X251=m @@ -2554,30 +2581,30 @@ CONFIG_USB_SERIAL_IR=m CONFIG_USB_SERIAL_IR=m CONFIG_USB_SERIAL_EDGEPORT=m CONFIG_USB_SERIAL_EDGEPORT_TI=m -# CONFIG_USB_SERIAL_GARMIN is not set +CONFIG_USB_SERIAL_GARMIN=m CONFIG_USB_SERIAL_IPW=m CONFIG_USB_SERIAL_KEYSPAN_PDA=m CONFIG_USB_SERIAL_KEYSPAN=m -# CONFIG_USB_SERIAL_KEYSPAN_MPR is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA28 is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA28X is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA28XA is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA28XB is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA19 is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA18X is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA19W is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA19QW is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA19QI is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA49W is not set -# CONFIG_USB_SERIAL_KEYSPAN_USA49WLC is not set +CONFIG_USB_SERIAL_KEYSPAN_MPR=y +CONFIG_USB_SERIAL_KEYSPAN_USA28=y +CONFIG_USB_SERIAL_KEYSPAN_USA28X=y +CONFIG_USB_SERIAL_KEYSPAN_USA28XA=y +CONFIG_USB_SERIAL_KEYSPAN_USA28XB=y +CONFIG_USB_SERIAL_KEYSPAN_USA19=y +CONFIG_USB_SERIAL_KEYSPAN_USA18X=y +CONFIG_USB_SERIAL_KEYSPAN_USA19W=y +CONFIG_USB_SERIAL_KEYSPAN_USA19QW=y +CONFIG_USB_SERIAL_KEYSPAN_USA19QI=y +CONFIG_USB_SERIAL_KEYSPAN_USA49W=y +CONFIG_USB_SERIAL_KEYSPAN_USA49WLC=y CONFIG_USB_SERIAL_KLSI=m CONFIG_USB_SERIAL_KOBIL_SCT=m CONFIG_USB_SERIAL_MCT_U232=m CONFIG_USB_SERIAL_PL2303=m CONFIG_USB_SERIAL_HP4X=m CONFIG_USB_SERIAL_SAFE=m -# CONFIG_USB_SERIAL_SAFE_PADDED is not set -# CONFIG_USB_SERIAL_TI is not set +CONFIG_USB_SERIAL_SAFE_PADDED=y +CONFIG_USB_SERIAL_TI=m CONFIG_USB_SERIAL_CYBERJACK=m CONFIG_USB_SERIAL_XIRCOM=m CONFIG_USB_SERIAL_OPTION=m @@ -2587,8 +2614,8 @@ CONFIG_USB_EZUSB=y # # USB Miscellaneous drivers # -# CONFIG_USB_EMI62 is not set -# CONFIG_USB_EMI26 is not set +CONFIG_USB_EMI62=m +CONFIG_USB_EMI26=m CONFIG_USB_AUERSWALD=m CONFIG_USB_RIO500=m CONFIG_USB_LEGOTOWER=m @@ -2597,9 +2624,9 @@ CONFIG_USB_CYTHERM=m CONFIG_USB_CYTHERM=m CONFIG_USB_PHIDGETKIT=m CONFIG_USB_PHIDGETSERVO=m -# CONFIG_USB_IDMOUSE is not set +CONFIG_USB_IDMOUSE=m CONFIG_USB_SISUSBVGA=m -# CONFIG_USB_SISUSBVGA_CON is not set +CONFIG_USB_SISUSBVGA_CON=y CONFIG_USB_LD=m CONFIG_USB_TEST=m @@ -2637,19 +2664,25 @@ CONFIG_USB_G_SERIAL=m # # MMC/SD Card support # -# CONFIG_MMC is not set +CONFIG_MMC=m +# CONFIG_MMC_DEBUG is not set +CONFIG_MMC_BLOCK=m +CONFIG_MMC_WBSD=m # # InfiniBand support # -# CONFIG_INFINIBAND is not set - -# -# SN Devices -# - -# -# EDAC - error detection and reporting (RAS) +CONFIG_INFINIBAND=m +CONFIG_INFINIBAND_USER_MAD=m +CONFIG_INFINIBAND_USER_ACCESS=m +CONFIG_INFINIBAND_MTHCA=m +# CONFIG_INFINIBAND_MTHCA_DEBUG is not set +CONFIG_INFINIBAND_IPOIB=m +# CONFIG_INFINIBAND_IPOIB_DEBUG is not set +CONFIG_INFINIBAND_SRP=m + +# +# EDAC - error detection and reporting (RAS) (EXPERIMENTAL) # CONFIG_EDAC=m @@ -2685,7 +2718,9 @@ CONFIG_REISERFS_FS=m CONFIG_REISERFS_FS=m # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set -# CONFIG_REISERFS_FS_XATTR is not set +CONFIG_REISERFS_FS_XATTR=y +CONFIG_REISERFS_FS_POSIX_ACL=y +CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFS_FS=m CONFIG_JFS_POSIX_ACL=y # CONFIG_JFS_SECURITY is not set @@ -2694,7 +2729,7 @@ CONFIG_FS_POSIX_ACL=y CONFIG_FS_POSIX_ACL=y CONFIG_XFS_FS=m CONFIG_XFS_EXPORT=y -# CONFIG_XFS_QUOTA is not set +CONFIG_XFS_QUOTA=y CONFIG_XFS_SECURITY=y CONFIG_XFS_POSIX_ACL=y CONFIG_XFS_RT=y @@ -2768,7 +2803,7 @@ CONFIG_JFFS2_ZLIB=y CONFIG_JFFS2_ZLIB=y CONFIG_JFFS2_RTIME=y # CONFIG_JFFS2_RUBIN is not set -CONFIG_CRAMFS=y +CONFIG_CRAMFS=m CONFIG_VXFS_FS=m CONFIG_HPFS_FS=m CONFIG_QNX4FS_FS=m @@ -2780,27 +2815,32 @@ CONFIG_UFS_FS=m # CONFIG_NFS_FS=m CONFIG_NFS_V3=y -# CONFIG_NFS_V3_ACL is not set +CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFS_DIRECTIO=y CONFIG_NFSD=m +CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y -# CONFIG_NFSD_V3_ACL is not set +CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_NFSD_TCP=y CONFIG_LOCKD=m CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=m +CONFIG_NFS_ACL_SUPPORT=m CONFIG_NFS_COMMON=y CONFIG_SUNRPC=m CONFIG_SUNRPC_GSS=m CONFIG_RPCSEC_GSS_KRB5=m CONFIG_RPCSEC_GSS_SPKM3=m CONFIG_SMB_FS=m -# CONFIG_SMB_NLS_DEFAULT is not set +CONFIG_SMB_NLS_DEFAULT=y +CONFIG_SMB_NLS_REMOTE="cp850" CONFIG_CIFS=m -# CONFIG_CIFS_STATS is not set -# CONFIG_CIFS_XATTR is not set +CONFIG_CIFS_STATS=y +CONFIG_CIFS_STATS2=y +CONFIG_CIFS_XATTR=y +# CONFIG_CIFS_POSIX is not set # CONFIG_CIFS_EXPERIMENTAL is not set CONFIG_NCP_FS=m CONFIG_NCPFS_PACKET_SIGNING=y @@ -2821,20 +2861,14 @@ CONFIG_9P_FS=m # Partition Types # CONFIG_PARTITION_ADVANCED=y -CONFIG_ACORN_PARTITION=y -CONFIG_ACORN_PARTITION_CUMANA=y -# CONFIG_ACORN_PARTITION_EESOX is not set -CONFIG_ACORN_PARTITION_ICS=y -# CONFIG_ACORN_PARTITION_ADFS is not set -# CONFIG_ACORN_PARTITION_POWERTEC is not set -CONFIG_ACORN_PARTITION_RISCIX=y +# CONFIG_ACORN_PARTITION is not set CONFIG_OSF_PARTITION=y -CONFIG_AMIGA_PARTITION=y +# CONFIG_AMIGA_PARTITION is not set CONFIG_ATARI_PARTITION=y CONFIG_MAC_PARTITION=y CONFIG_MSDOS_PARTITION=y CONFIG_BSD_DISKLABEL=y -CONFIG_MINIX_SUBPARTITION=y +# CONFIG_MINIX_SUBPARTITION is not set CONFIG_SOLARIS_X86_PARTITION=y CONFIG_UNIXWARE_DISKLABEL=y CONFIG_LDM_PARTITION=y @@ -2849,7 +2883,7 @@ CONFIG_EFI_PARTITION=y # Native Language Support # CONFIG_NLS=y -CONFIG_NLS_DEFAULT="cp437" +CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=m CONFIG_NLS_CODEPAGE_737=m CONFIG_NLS_CODEPAGE_775=m @@ -2910,15 +2944,15 @@ CONFIG_DETECT_SOFTLOCKUP=y # CONFIG_DEBUG_SPINLOCK_SLEEP is not set # CONFIG_DEBUG_KOBJECT is not set # CONFIG_DEBUG_HIGHMEM is not set -# CONFIG_DEBUG_BUGVERBOSE is not set +CONFIG_DEBUG_BUGVERBOSE=y # CONFIG_DEBUG_INFO is not set # CONFIG_DEBUG_FS is not set # CONFIG_DEBUG_VM is not set # CONFIG_FRAME_POINTER is not set CONFIG_FORCED_INLINING=y # CONFIG_RCU_TORTURE_TEST is not set -# CONFIG_EARLY_PRINTK is not set -# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_EARLY_PRINTK=y +CONFIG_DEBUG_STACKOVERFLOW=y # CONFIG_DEBUG_STACK_USAGE is not set # CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_RODATA is not set @@ -2932,10 +2966,12 @@ CONFIG_KEYS=y CONFIG_KEYS=y # CONFIG_KEYS_DEBUG_PROC_KEYS is not set CONFIG_SECURITY=y -# CONFIG_SECURITY_NETWORK is not set +CONFIG_SECURITY_NETWORK=y +# CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_CAPABILITIES=y CONFIG_SECURITY_ROOTPLUG=m CONFIG_SECURITY_SECLVL=m +# CONFIG_SECURITY_SELINUX is not set # # Cryptographic options @@ -2972,7 +3008,7 @@ CONFIG_CRYPTO_TEST=m # # CONFIG_CRYPTO_DEV_PADLOCK is not set CONFIG_XEN=y -CONFIG_NO_IDLE_HZ=y +CONFIG_XEN_INTERFACE_VERSION=0x00030101 # # XEN @@ -2980,9 +3016,9 @@ CONFIG_XEN_PRIVILEGED_GUEST=y CONFIG_XEN_PRIVILEGED_GUEST=y # CONFIG_XEN_UNPRIVILEGED_GUEST is not set CONFIG_XEN_BACKEND=y -CONFIG_XEN_PCIDEV_BACKEND=y -# CONFIG_XEN_PCIDEV_BACKEND_VPCI is not set -CONFIG_XEN_PCIDEV_BACKEND_PASS=y +CONFIG_XEN_PCIDEV_BACKEND=m +CONFIG_XEN_PCIDEV_BACKEND_VPCI=y +# CONFIG_XEN_PCIDEV_BACKEND_PASS is not set # CONFIG_XEN_PCIDEV_BE_DEBUG is not set CONFIG_XEN_BLKDEV_BACKEND=y # CONFIG_XEN_BLKDEV_TAP_BE is not set @@ -2993,12 +3029,13 @@ CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y # CONFIG_XEN_BLKDEV_TAP is not set -# CONFIG_XEN_TPMDEV_FRONTEND is not set +CONFIG_XEN_TPMDEV_FRONTEND=m CONFIG_XEN_SCRUB_PAGES=y CONFIG_XEN_DISABLE_SERIAL=y -CONFIG_XEN_SYSFS=m +CONFIG_XEN_SYSFS=y CONFIG_HAVE_ARCH_ALLOC_SKB=y CONFIG_HAVE_ARCH_DEV_ALLOC_SKB=y +CONFIG_NO_IDLE_HZ=y # # Library routines @@ -3007,7 +3044,7 @@ CONFIG_CRC16=m CONFIG_CRC16=m CONFIG_CRC32=y CONFIG_LIBCRC32C=m -CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_INFLATE=m CONFIG_ZLIB_DEFLATE=m CONFIG_REED_SOLOMON=m CONFIG_REED_SOLOMON_DEC16=y @@ -3021,4 +3058,6 @@ CONFIG_X86_SMP=y CONFIG_X86_SMP=y CONFIG_X86_BIOS_REBOOT=y CONFIG_X86_TRAMPOLINE=y +CONFIG_X86_NO_TSS=y +CONFIG_X86_NO_IDT=y CONFIG_KTIME_SCALAR=y diff -r 9a915e2828f3 -r ae709b250f43 buildconfigs/linux-defconfig_xen_x86_64 --- a/buildconfigs/linux-defconfig_xen_x86_64 Tue Apr 25 22:55:22 2006 -0600 +++ b/buildconfigs/linux-defconfig_xen_x86_64 Tue Apr 25 23:35:55 2006 -0600 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.16-xen -# Thu Apr 13 15:01:04 2006 +# Thu Apr 20 17:05:48 2006 # CONFIG_X86_64=y CONFIG_64BIT=y @@ -31,16 +31,19 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_SWAP=y CONFIG_SYSVIPC=y -# CONFIG_POSIX_MQUEUE is not set -# CONFIG_BSD_PROCESS_ACCT is not set +CONFIG_POSIX_MQUEUE=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y CONFIG_SYSCTL=y -# CONFIG_AUDIT is not set -# CONFIG_IKCONFIG is not set -# CONFIG_CPUSETS is not set +CONFIG_AUDIT=y +CONFIG_AUDITSYSCALL=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_CPUSETS=y CONFIG_INITRAMFS_SOURCE="" CONFIG_UID16=y CONFIG_VM86=y -# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_EMBEDDED is not set CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_ALL is not set @@ -68,9 +71,9 @@ CONFIG_OBSOLETE_INTERMODULE=m # CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y -# CONFIG_MODULE_FORCE_UNLOAD is not set +CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_OBSOLETE_MODPARM=y -# CONFIG_MODVERSIONS is not set +CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_KMOD=y CONFIG_STOP_MACHINE=y @@ -87,11 +90,11 @@ CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y -CONFIG_DEFAULT_AS=y +# CONFIG_DEFAULT_AS is not set # CONFIG_DEFAULT_DEADLINE is not set -# CONFIG_DEFAULT_CFQ is not set +CONFIG_DEFAULT_CFQ=y # CONFIG_DEFAULT_NOOP is not set -CONFIG_DEFAULT_IOSCHED="anticipatory" +CONFIG_DEFAULT_IOSCHED="cfq" # # Processor type and features @@ -108,15 +111,15 @@ CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_GOOD_APIC=y CONFIG_MICROCODE=y -# CONFIG_X86_MSR is not set -# CONFIG_X86_CPUID is not set +CONFIG_X86_MSR=m +CONFIG_X86_CPUID=m CONFIG_X86_IO_APIC=y CONFIG_X86_XEN_GENAPIC=y CONFIG_X86_LOCAL_APIC=y CONFIG_MTRR=y CONFIG_SMP=y -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y # CONFIG_PREEMPT is not set CONFIG_PREEMPT_BKL=y CONFIG_ARCH_SPARSEMEM_ENABLE=y @@ -129,7 +132,7 @@ CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set CONFIG_SPLIT_PTLOCK_CPUS=4096 -CONFIG_NR_CPUS=8 +CONFIG_NR_CPUS=32 CONFIG_HOTPLUG_CPU=y CONFIG_SWIOTLB=y # CONFIG_CRASH_DUMP is not set @@ -226,9 +229,9 @@ CONFIG_HOTPLUG_PCI=m # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y -CONFIG_BINFMT_MISC=y +CONFIG_BINFMT_MISC=m CONFIG_IA32_EMULATION=y -# CONFIG_IA32_AOUT is not set +CONFIG_IA32_AOUT=y CONFIG_COMPAT=y CONFIG_SYSVIPC_COMPAT=y @@ -245,7 +248,7 @@ CONFIG_PACKET_MMAP=y CONFIG_PACKET_MMAP=y CONFIG_UNIX=y CONFIG_XFRM=y -CONFIG_XFRM_USER=y +CONFIG_XFRM_USER=m CONFIG_NET_KEY=m CONFIG_INET=y CONFIG_IP_MULTICAST=y @@ -258,7 +261,10 @@ CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_MULTIPATH=y # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set CONFIG_IP_ROUTE_VERBOSE=y -# CONFIG_IP_PNP is not set +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y @@ -441,6 +447,11 @@ CONFIG_IP6_NF_RAW=m CONFIG_IP6_NF_RAW=m # +# DECnet: Netfilter Configuration +# +# CONFIG_DECNET_NF_GRABULATOR is not set + +# # Bridge: Netfilter Configuration # CONFIG_BRIDGE_NF_EBTABLES=m @@ -507,20 +518,23 @@ CONFIG_ATM_BR2684=m # CONFIG_ATM_BR2684_IPFILTER is not set CONFIG_BRIDGE=m CONFIG_VLAN_8021Q=m -# CONFIG_DECNET is not set +CONFIG_DECNET=m +# CONFIG_DECNET_ROUTER is not set CONFIG_LLC=y -# CONFIG_LLC2 is not set +CONFIG_LLC2=m CONFIG_IPX=m -# CONFIG_IPX_INTERN is not set +CONFIG_IPX_INTERN=y CONFIG_ATALK=m CONFIG_DEV_APPLETALK=y CONFIG_IPDDP=m CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP_DECAP=y -# CONFIG_X25 is not set -# CONFIG_LAPB is not set +CONFIG_X25=m +CONFIG_LAPB=m CONFIG_NET_DIVERT=y -# CONFIG_ECONET is not set +CONFIG_ECONET=m +# CONFIG_ECONET_AUNUDP is not set +# CONFIG_ECONET_NATIVE is not set CONFIG_WAN_ROUTER=m # @@ -577,8 +591,27 @@ CONFIG_NET_ESTIMATOR=y # # Network testing # -# CONFIG_NET_PKTGEN is not set -# CONFIG_HAMRADIO is not set +CONFIG_NET_PKTGEN=m +CONFIG_HAMRADIO=y + +# +# Packet Radio protocols +# +CONFIG_AX25=m +CONFIG_AX25_DAMA_SLAVE=y +CONFIG_NETROM=m +CONFIG_ROSE=m + +# +# AX.25 network device drivers +# +CONFIG_MKISS=m +CONFIG_6PACK=m +CONFIG_BPQETHER=m +CONFIG_BAYCOM_SER_FDX=m +CONFIG_BAYCOM_SER_HDX=m +CONFIG_BAYCOM_PAR=m +CONFIG_YAM=m CONFIG_IRDA=m # @@ -587,7 +620,7 @@ CONFIG_IRLAN=m CONFIG_IRLAN=m CONFIG_IRNET=m CONFIG_IRCOMM=m -# CONFIG_IRDA_ULTRA is not set +CONFIG_IRDA_ULTRA=y # # IrDA options @@ -680,13 +713,14 @@ CONFIG_IEEE80211_CRYPT_TKIP=m # CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y -CONFIG_FW_LOADER=y +CONFIG_FW_LOADER=m # CONFIG_DEBUG_DRIVER is not set # # Connector - unified userspace <-> kernelspace linker # -CONFIG_CONNECTOR=m +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y # # Memory Technology Devices (MTD) @@ -719,7 +753,11 @@ CONFIG_MTD_CFI=m CONFIG_MTD_CFI=m CONFIG_MTD_JEDECPROBE=m CONFIG_MTD_GEN_PROBE=m -# CONFIG_MTD_CFI_ADV_OPTIONS is not set +CONFIG_MTD_CFI_ADV_OPTIONS=y +CONFIG_MTD_CFI_NOSWAP=y +# CONFIG_MTD_CFI_BE_BYTE_SWAP is not set +# CONFIG_MTD_CFI_LE_BYTE_SWAP is not set +# CONFIG_MTD_CFI_GEOMETRY is not set CONFIG_MTD_MAP_BANK_WIDTH_1=y CONFIG_MTD_MAP_BANK_WIDTH_2=y CONFIG_MTD_MAP_BANK_WIDTH_4=y @@ -730,13 +768,14 @@ CONFIG_MTD_CFI_I2=y CONFIG_MTD_CFI_I2=y # CONFIG_MTD_CFI_I4 is not set # CONFIG_MTD_CFI_I8 is not set +# CONFIG_MTD_OTP is not set CONFIG_MTD_CFI_INTELEXT=m CONFIG_MTD_CFI_AMDSTD=m CONFIG_MTD_CFI_AMDSTD_RETRY=3 CONFIG_MTD_CFI_STAA=m CONFIG_MTD_CFI_UTIL=m CONFIG_MTD_RAM=m -CONFIG_MTD_ROM=m +# CONFIG_MTD_ROM is not set CONFIG_MTD_ABSENT=m # CONFIG_MTD_OBSOLETE_CHIPS is not set @@ -744,7 +783,10 @@ CONFIG_MTD_ABSENT=m # Mapping drivers for chip access # CONFIG_MTD_COMPLEX_MAPPINGS=y -# CONFIG_MTD_PHYSMAP is not set +CONFIG_MTD_PHYSMAP=m +CONFIG_MTD_PHYSMAP_START=0x8000000 +CONFIG_MTD_PHYSMAP_LEN=0x4000000 +CONFIG_MTD_PHYSMAP_BANKWIDTH=2 # CONFIG_MTD_PNC2000 is not set CONFIG_MTD_SC520CDP=m CONFIG_MTD_NETSC520=m @@ -779,12 +821,14 @@ CONFIG_MTD_BLOCK2MTD=m # Disk-On-Chip Device Drivers # CONFIG_MTD_DOC2000=m -# CONFIG_MTD_DOC2001 is not set +CONFIG_MTD_DOC2001=m CONFIG_MTD_DOC2001PLUS=m CONFIG_MTD_DOCPROBE=m CONFIG_MTD_DOCECC=m -# CONFIG_MTD_DOCPROBE_ADVANCED is not set -CONFIG_MTD_DOCPROBE_ADDRESS=0 +CONFIG_MTD_DOCPROBE_ADVANCED=y +CONFIG_MTD_DOCPROBE_ADDRESS=0x0000 +CONFIG_MTD_DOCPROBE_HIGH=y +CONFIG_MTD_DOCPROBE_55AA=y # # NAND Flash Device Drivers @@ -792,8 +836,11 @@ CONFIG_MTD_NAND=m CONFIG_MTD_NAND=m # CONFIG_MTD_NAND_VERIFY_WRITE is not set CONFIG_MTD_NAND_IDS=m -# CONFIG_MTD_NAND_DISKONCHIP is not set -# CONFIG_MTD_NAND_NANDSIM is not set +CONFIG_MTD_NAND_DISKONCHIP=m +# CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set +CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0 +CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE=y +CONFIG_MTD_NAND_NANDSIM=y # # OneNAND Flash Device Drivers @@ -864,7 +911,7 @@ CONFIG_BLK_DEV_DAC960=m CONFIG_BLK_DEV_DAC960=m CONFIG_BLK_DEV_UMEM=m # CONFIG_BLK_DEV_COW_COMMON is not set -CONFIG_BLK_DEV_LOOP=m +CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_CRYPTOLOOP=m CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_SX8=m @@ -889,58 +936,58 @@ CONFIG_BLK_DEV_IDE=y # # CONFIG_BLK_DEV_IDE_SATA is not set # CONFIG_BLK_DEV_HD_IDE is not set -CONFIG_BLK_DEV_IDEDISK=y +CONFIG_BLK_DEV_IDEDISK=m CONFIG_IDEDISK_MULTI_MODE=y # CONFIG_BLK_DEV_IDECS is not set -CONFIG_BLK_DEV_IDECD=y -# CONFIG_BLK_DEV_IDETAPE is not set -CONFIG_BLK_DEV_IDEFLOPPY=y +CONFIG_BLK_DEV_IDECD=m +CONFIG_BLK_DEV_IDETAPE=m +CONFIG_BLK_DEV_IDEFLOPPY=m CONFIG_BLK_DEV_IDESCSI=m # CONFIG_IDE_TASK_IOCTL is not set # # IDE chipset support/bugfixes # -CONFIG_IDE_GENERIC=y +CONFIG_IDE_GENERIC=m CONFIG_BLK_DEV_CMD640=y CONFIG_BLK_DEV_CMD640_ENHANCED=y CONFIG_BLK_DEV_IDEPNP=y CONFIG_BLK_DEV_IDEPCI=y CONFIG_IDEPCI_SHARE_IRQ=y -# CONFIG_BLK_DEV_OFFBOARD is not set +CONFIG_BLK_DEV_OFFBOARD=y CONFIG_BLK_DEV_GENERIC=y # CONFIG_BLK_DEV_OPTI621 is not set -CONFIG_BLK_DEV_RZ1000=y +CONFIG_BLK_DEV_RZ1000=m CONFIG_BLK_DEV_IDEDMA_PCI=y # CONFIG_BLK_DEV_IDEDMA_FORCED is not set CONFIG_IDEDMA_PCI_AUTO=y # CONFIG_IDEDMA_ONLYDISK is not set -CONFIG_BLK_DEV_AEC62XX=y -CONFIG_BLK_DEV_ALI15X3=y +CONFIG_BLK_DEV_AEC62XX=m +CONFIG_BLK_DEV_ALI15X3=m # CONFIG_WDC_ALI15X3 is not set -CONFIG_BLK_DEV_AMD74XX=y -CONFIG_BLK_DEV_ATIIXP=y -CONFIG_BLK_DEV_CMD64X=y -CONFIG_BLK_DEV_TRIFLEX=y -CONFIG_BLK_DEV_CY82C693=y -CONFIG_BLK_DEV_CS5520=y -CONFIG_BLK_DEV_CS5530=y -CONFIG_BLK_DEV_HPT34X=y -# CONFIG_HPT34X_AUTODMA is not set -CONFIG_BLK_DEV_HPT366=y -# CONFIG_BLK_DEV_SC1200 is not set -CONFIG_BLK_DEV_PIIX=y +CONFIG_BLK_DEV_AMD74XX=m +CONFIG_BLK_DEV_ATIIXP=m +CONFIG_BLK_DEV_CMD64X=m +CONFIG_BLK_DEV_TRIFLEX=m +CONFIG_BLK_DEV_CY82C693=m +CONFIG_BLK_DEV_CS5520=m +CONFIG_BLK_DEV_CS5530=m +CONFIG_BLK_DEV_HPT34X=m +CONFIG_HPT34X_AUTODMA=y +CONFIG_BLK_DEV_HPT366=m +CONFIG_BLK_DEV_SC1200=m +CONFIG_BLK_DEV_PIIX=m CONFIG_BLK_DEV_IT821X=m -# CONFIG_BLK_DEV_NS87415 is not set -CONFIG_BLK_DEV_PDC202XX_OLD=y -# CONFIG_PDC202XX_BURST is not set -CONFIG_BLK_DEV_PDC202XX_NEW=y -CONFIG_BLK_DEV_SVWKS=y -CONFIG_BLK_DEV_SIIMAGE=y -CONFIG_BLK_DEV_SIS5513=y -CONFIG_BLK_DEV_SLC90E66=y +CONFIG_BLK_DEV_NS87415=m +CONFIG_BLK_DEV_PDC202XX_OLD=m +CONFIG_PDC202XX_BURST=y +CONFIG_BLK_DEV_PDC202XX_NEW=m +CONFIG_BLK_DEV_SVWKS=m +CONFIG_BLK_DEV_SIIMAGE=m +CONFIG_BLK_DEV_SIS5513=m +CONFIG_BLK_DEV_SLC90E66=m # CONFIG_BLK_DEV_TRM290 is not set -CONFIG_BLK_DEV_VIA82CXXX=y +CONFIG_BLK_DEV_VIA82CXXX=m # CONFIG_IDE_ARM is not set CONFIG_BLK_DEV_IDEDMA=y # CONFIG_IDEDMA_IVB is not set @@ -951,13 +998,13 @@ CONFIG_IDEDMA_AUTO=y # SCSI device support # CONFIG_RAID_ATTRS=m -CONFIG_SCSI=y +CONFIG_SCSI=m CONFIG_SCSI_PROC_FS=y # # SCSI support type (disk, tape, CD-ROM) # -CONFIG_BLK_DEV_SD=y +CONFIG_BLK_DEV_SD=m CONFIG_CHR_DEV_ST=m CONFIG_CHR_DEV_OSST=m CONFIG_BLK_DEV_SR=m @@ -1007,10 +1054,10 @@ CONFIG_MEGARAID_MAILBOX=m CONFIG_MEGARAID_MAILBOX=m CONFIG_MEGARAID_LEGACY=m CONFIG_MEGARAID_SAS=m -CONFIG_SCSI_SATA=y +CONFIG_SCSI_SATA=m CONFIG_SCSI_SATA_AHCI=m CONFIG_SCSI_SATA_SVW=m -CONFIG_SCSI_ATA_PIIX=y +CONFIG_SCSI_ATA_PIIX=m CONFIG_SCSI_SATA_MV=m CONFIG_SCSI_SATA_NV=m CONFIG_SCSI_PDC_ADMA=m @@ -1026,9 +1073,12 @@ CONFIG_SCSI_SATA_INTEL_COMBINED=y CONFIG_SCSI_SATA_INTEL_COMBINED=y CONFIG_SCSI_BUSLOGIC=m # CONFIG_SCSI_OMIT_FLASHPOINT is not set -# CONFIG_SCSI_DMX3191D is not set -# CONFIG_SCSI_EATA is not set -# CONFIG_SCSI_FUTURE_DOMAIN is not set +CONFIG_SCSI_DMX3191D=m +CONFIG_SCSI_EATA=m +CONFIG_SCSI_EATA_TAGGED_QUEUE=y +CONFIG_SCSI_EATA_LINKED_COMMANDS=y +CONFIG_SCSI_EATA_MAX_TAGS=16 +CONFIG_SCSI_FUTURE_DOMAIN=m CONFIG_SCSI_GDTH=m CONFIG_SCSI_IPS=m CONFIG_SCSI_INITIO=m @@ -1043,7 +1093,8 @@ CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 # CONFIG_SCSI_SYM53C8XX_IOMAPPED is not set # CONFIG_SCSI_IPR is not set -# CONFIG_SCSI_QLOGIC_FC is not set +CONFIG_SCSI_QLOGIC_FC=m +CONFIG_SCSI_QLOGIC_FC_FIRMWARE=y CONFIG_SCSI_QLOGIC_1280=m CONFIG_SCSI_QLA_FC=m # CONFIG_SCSI_QLA2XXX_EMBEDDED_FIRMWARE is not set @@ -1148,7 +1199,15 @@ CONFIG_NET_SB1000=m # # ARCnet devices # -# CONFIG_ARCNET is not set +CONFIG_ARCNET=m +CONFIG_ARCNET_1201=m +CONFIG_ARCNET_1051=m +CONFIG_ARCNET_RAW=m +CONFIG_ARCNET_CAP=m +CONFIG_ARCNET_COM90xx=m +CONFIG_ARCNET_COM90xxIO=m +CONFIG_ARCNET_RIM_I=m +# CONFIG_ARCNET_COM20020 is not set # # PHY device support @@ -1183,21 +1242,22 @@ CONFIG_DE2104X=m CONFIG_DE2104X=m CONFIG_TULIP=m # CONFIG_TULIP_MWI is not set -CONFIG_TULIP_MMIO=y -# CONFIG_TULIP_NAPI is not set +# CONFIG_TULIP_MMIO is not set +CONFIG_TULIP_NAPI=y +CONFIG_TULIP_NAPI_HW_MITIGATION=y CONFIG_DE4X5=m CONFIG_WINBOND_840=m CONFIG_DM9102=m CONFIG_ULI526X=m -# CONFIG_PCMCIA_XIRCOM is not set -# CONFIG_HP100 is not set +CONFIG_PCMCIA_XIRCOM=m +CONFIG_HP100=m CONFIG_NET_PCI=y CONFIG_PCNET32=m CONFIG_AMD8111_ETH=m CONFIG_AMD8111E_NAPI=y CONFIG_ADAPTEC_STARFIRE=m CONFIG_ADAPTEC_STARFIRE_NAPI=y -# CONFIG_B44 is not set +CONFIG_B44=m CONFIG_FORCEDETH=m CONFIG_DGRS=m CONFIG_EEPRO100=m @@ -1207,7 +1267,7 @@ CONFIG_NE2K_PCI=m CONFIG_NE2K_PCI=m CONFIG_8139CP=m CONFIG_8139TOO=m -CONFIG_8139TOO_PIO=y +# CONFIG_8139TOO_PIO is not set # CONFIG_8139TOO_TUNE_TWISTER is not set CONFIG_8139TOO_8129=y # CONFIG_8139_OLD_RX_RESET is not set @@ -1216,11 +1276,8 @@ CONFIG_SUNDANCE=m CONFIG_SUNDANCE=m # CONFIG_SUNDANCE_MMIO is not set CONFIG_VIA_RHINE=m -CONFIG_VIA_RHINE_MMIO=y -CONFIG_NET_POCKET=y -CONFIG_ATP=m -CONFIG_DE600=m -CONFIG_DE620=m +# CONFIG_VIA_RHINE_MMIO is not set +# CONFIG_NET_POCKET is not set # # Ethernet (1000 Mbit) @@ -1272,14 +1329,14 @@ CONFIG_NET_RADIO=y # # Obsolete Wireless cards support (pre-802.11) # -# CONFIG_STRIP is not set -# CONFIG_PCMCIA_WAVELAN is not set -# CONFIG_PCMCIA_NETWAVE is not set +CONFIG_STRIP=m +CONFIG_PCMCIA_WAVELAN=m +CONFIG_PCMCIA_NETWAVE=m # # Wireless 802.11 Frequency Hopping cards support # -# CONFIG_PCMCIA_RAYCS is not set +CONFIG_PCMCIA_RAYCS=m # # Wireless 802.11b ISA/PCI cards support @@ -1312,7 +1369,8 @@ CONFIG_PCI_ATMEL=m # CONFIG_PRISM54=m CONFIG_HOSTAP=m -# CONFIG_HOSTAP_FIRMWARE is not set +CONFIG_HOSTAP_FIRMWARE=y +CONFIG_HOSTAP_FIRMWARE_NVRAM=y CONFIG_HOSTAP_PLX=m CONFIG_HOSTAP_PCI=m # CONFIG_HOSTAP_CS is not set @@ -1354,7 +1412,9 @@ CONFIG_FDDI=y CONFIG_FDDI=y # CONFIG_DEFXX is not set CONFIG_SKFP=m -# CONFIG_HIPPI is not set +CONFIG_HIPPI=y +CONFIG_ROADRUNNER=m +CONFIG_ROADRUNNER_LARGE_RINGS=y CONFIG_PLIP=m CONFIG_PPP=m CONFIG_PPP_MULTILINK=y @@ -1362,19 +1422,19 @@ CONFIG_PPP_ASYNC=m CONFIG_PPP_ASYNC=m CONFIG_PPP_SYNC_TTY=m CONFIG_PPP_DEFLATE=m -# CONFIG_PPP_BSDCOMP is not set +CONFIG_PPP_BSDCOMP=m CONFIG_PPP_MPPE=m CONFIG_PPPOE=m CONFIG_PPPOATM=m CONFIG_SLIP=m CONFIG_SLIP_COMPRESSED=y CONFIG_SLIP_SMART=y -# CONFIG_SLIP_MODE_SLIP6 is not set +CONFIG_SLIP_MODE_SLIP6=y CONFIG_NET_FC=y -# CONFIG_SHAPER is not set +CONFIG_SHAPER=m CONFIG_NETCONSOLE=m CONFIG_NETPOLL=y -# CONFIG_NETPOLL_RX is not set +CONFIG_NETPOLL_RX=y CONFIG_NETPOLL_TRAP=y CONFIG_NET_POLL_CONTROLLER=y @@ -1391,9 +1451,10 @@ CONFIG_ISDN_PPP_VJ=y CONFIG_ISDN_PPP_VJ=y CONFIG_ISDN_MPP=y CONFIG_IPPP_FILTER=y -# CONFIG_ISDN_PPP_BSDCOMP is not set +CONFIG_ISDN_PPP_BSDCOMP=m CONFIG_ISDN_AUDIO=y CONFIG_ISDN_TTY_FAX=y +CONFIG_ISDN_X25=y # # ISDN feature submodules @@ -1499,7 +1560,9 @@ CONFIG_ISDN_DRV_AVMB1_C4=m # # Telephony Support # -# CONFIG_PHONE is not set +CONFIG_PHONE=m +CONFIG_PHONE_IXJ=m +CONFIG_PHONE_IXJ_PCMCIA=m # # Input device support @@ -1510,11 +1573,13 @@ CONFIG_INPUT=y # Userland interfaces # CONFIG_INPUT_MOUSEDEV=y -# CONFIG_INPUT_MOUSEDEV_PSAUX is not set +CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 CONFIG_INPUT_JOYDEV=m -# CONFIG_INPUT_TSDEV is not set +CONFIG_INPUT_TSDEV=m +CONFIG_INPUT_TSDEV_SCREEN_X=240 +CONFIG_INPUT_TSDEV_SCREEN_Y=320 CONFIG_INPUT_EVDEV=y # CONFIG_INPUT_EVBUG is not set @@ -1523,14 +1588,14 @@ CONFIG_INPUT_EVDEV=y # CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ATKBD=y -# CONFIG_KEYBOARD_SUNKBD is not set +CONFIG_KEYBOARD_SUNKBD=m # CONFIG_KEYBOARD_LKKBD is not set -# CONFIG_KEYBOARD_XTKBD is not set -# CONFIG_KEYBOARD_NEWTON is not set +CONFIG_KEYBOARD_XTKBD=m +CONFIG_KEYBOARD_NEWTON=m CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=y CONFIG_MOUSE_SERIAL=m -CONFIG_MOUSE_VSXXXAA=m +# CONFIG_MOUSE_VSXXXAA is not set CONFIG_INPUT_JOYSTICK=y CONFIG_JOYSTICK_ANALOG=m CONFIG_JOYSTICK_A3D=m @@ -1571,12 +1636,12 @@ CONFIG_INPUT_UINPUT=m # CONFIG_SERIO=y CONFIG_SERIO_I8042=y -CONFIG_SERIO_SERPORT=y -# CONFIG_SERIO_CT82C710 is not set -# CONFIG_SERIO_PARKBD is not set -# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_SERPORT=m +CONFIG_SERIO_CT82C710=m +CONFIG_SERIO_PARKBD=m +CONFIG_SERIO_PCIPS2=m CONFIG_SERIO_LIBPS2=y -# CONFIG_SERIO_RAW is not set +CONFIG_SERIO_RAW=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -1600,7 +1665,8 @@ CONFIG_HW_CONSOLE=y # # CONFIG_SERIAL_JSM is not set CONFIG_UNIX98_PTYS=y -# CONFIG_LEGACY_PTYS is not set +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=64 CONFIG_PRINTER=m CONFIG_LP_CONSOLE=y CONFIG_PPDEV=m @@ -1610,7 +1676,8 @@ CONFIG_TIPAR=m # IPMI # CONFIG_IPMI_HANDLER=m -# CONFIG_IPMI_PANIC_EVENT is not set +CONFIG_IPMI_PANIC_EVENT=y +# CONFIG_IPMI_PANIC_STRING is not set CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m CONFIG_IPMI_WATCHDOG=m @@ -1638,7 +1705,7 @@ CONFIG_I6300ESB_WDT=m CONFIG_I6300ESB_WDT=m CONFIG_I8XX_TCO=m CONFIG_SC1200_WDT=m -# CONFIG_60XX_WDT is not set +CONFIG_60XX_WDT=m CONFIG_SBC8360_WDT=m CONFIG_CPU5_WDT=m CONFIG_W83627HF_WDT=m @@ -1659,21 +1726,27 @@ CONFIG_WDT_501_PCI=y # CONFIG_USBPCWATCHDOG=m CONFIG_HW_RANDOM=m -# CONFIG_NVRAM is not set +CONFIG_NVRAM=y CONFIG_RTC=y CONFIG_DTLK=m CONFIG_R3964=m -# CONFIG_APPLICOM is not set +CONFIG_APPLICOM=m # # Ftape, the floppy tape device driver # -# CONFIG_AGP is not set +CONFIG_AGP=m +CONFIG_AGP_AMD64=m +CONFIG_AGP_INTEL=m CONFIG_DRM=m CONFIG_DRM_TDFX=m CONFIG_DRM_R128=m CONFIG_DRM_RADEON=m +CONFIG_DRM_I810=m +# CONFIG_DRM_I830 is not set +CONFIG_DRM_I915=m CONFIG_DRM_MGA=m +# CONFIG_DRM_SIS is not set CONFIG_DRM_VIA=m CONFIG_DRM_SAVAGE=m @@ -1691,7 +1764,11 @@ CONFIG_HANGCHECK_TIMER=m # # TPM devices # -# CONFIG_TCG_TPM is not set +CONFIG_TCG_TPM=m +CONFIG_TCG_NSC=m +CONFIG_TCG_ATMEL=m +CONFIG_TCG_INFINEON=m +CONFIG_TCG_XEN=m CONFIG_TELCLOCK=m # @@ -1710,24 +1787,24 @@ CONFIG_I2C_ALGOPCA=m # # I2C Hardware Bus support # -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set +CONFIG_I2C_ALI1535=m +CONFIG_I2C_ALI1563=m +CONFIG_I2C_ALI15X3=m CONFIG_I2C_AMD756=m CONFIG_I2C_AMD756_S4882=m CONFIG_I2C_AMD8111=m -# CONFIG_I2C_I801 is not set -# CONFIG_I2C_I810 is not set -# CONFIG_I2C_PIIX4 is not set +CONFIG_I2C_I801=m +CONFIG_I2C_I810=m +CONFIG_I2C_PIIX4=m CONFIG_I2C_ISA=m CONFIG_I2C_NFORCE2=m -# CONFIG_I2C_PARPORT is not set -# CONFIG_I2C_PARPORT_LIGHT is not set +CONFIG_I2C_PARPORT=m +CONFIG_I2C_PARPORT_LIGHT=m CONFIG_I2C_PROSAVAGE=m CONFIG_I2C_SAVAGE4=m -# CONFIG_SCx200_ACB is not set -# CONFIG_I2C_SIS5595 is not set -# CONFIG_I2C_SIS630 is not set +CONFIG_SCx200_ACB=m +CONFIG_I2C_SIS5595=m +CONFIG_I2C_SIS630=m CONFIG_I2C_SIS96X=m CONFIG_I2C_STUB=m CONFIG_I2C_VIA=m @@ -1779,7 +1856,7 @@ CONFIG_W1_THERM=m CONFIG_W1_THERM=m CONFIG_W1_SMEM=m CONFIG_W1_DS2433=m -# CONFIG_W1_DS2433_CRC is not set +CONFIG_W1_DS2433_CRC=y # # Hardware Monitoring support @@ -1828,7 +1905,7 @@ CONFIG_SENSORS_HDAPS=m # # Misc devices # -# CONFIG_IBM_ASM is not set +CONFIG_IBM_ASM=m # # Multimedia Capabilities Port drivers @@ -1848,7 +1925,7 @@ CONFIG_VIDEO_DEV=m # # CONFIG_VIDEO_ADV_DEBUG is not set CONFIG_VIDEO_BT848=m -# CONFIG_VIDEO_BT848_DVB is not set +CONFIG_VIDEO_BT848_DVB=y CONFIG_VIDEO_SAA6588=m CONFIG_VIDEO_BWQCAM=m CONFIG_VIDEO_CQCAM=m @@ -2021,18 +2098,20 @@ CONFIG_FB_TILEBLITTING=y CONFIG_FB_TILEBLITTING=y CONFIG_FB_CIRRUS=m # CONFIG_FB_PM2 is not set -# CONFIG_FB_CYBER2000 is not set +CONFIG_FB_CYBER2000=m CONFIG_FB_ARC=m # CONFIG_FB_ASILIANT is not set # CONFIG_FB_IMSTT is not set CONFIG_FB_VGA16=m CONFIG_FB_VESA=y CONFIG_VIDEO_SELECT=y -# CONFIG_FB_HGA is not set -# CONFIG_FB_S1D13XXX is not set -# CONFIG_FB_NVIDIA is not set +CONFIG_FB_HGA=m +CONFIG_FB_HGA_ACCEL=y +CONFIG_FB_S1D13XXX=m +CONFIG_FB_NVIDIA=m +CONFIG_FB_NVIDIA_I2C=y CONFIG_FB_RIVA=m -# CONFIG_FB_RIVA_I2C is not set +CONFIG_FB_RIVA_I2C=y # CONFIG_FB_RIVA_DEBUG is not set CONFIG_FB_MATROX=m CONFIG_FB_MATROX_MILLENIUM=y @@ -2053,7 +2132,9 @@ CONFIG_FB_SAVAGE=m CONFIG_FB_SAVAGE=m CONFIG_FB_SAVAGE_I2C=y CONFIG_FB_SAVAGE_ACCEL=y -# CONFIG_FB_SIS is not set +CONFIG_FB_SIS=m +CONFIG_FB_SIS_300=y +CONFIG_FB_SIS_315=y CONFIG_FB_NEOMAGIC=m CONFIG_FB_KYRO=m CONFIG_FB_3DFX=m @@ -2061,8 +2142,9 @@ CONFIG_FB_VOODOO1=m CONFIG_FB_VOODOO1=m CONFIG_FB_TRIDENT=m CONFIG_FB_TRIDENT_ACCEL=y -# CONFIG_FB_GEODE is not set -# CONFIG_FB_VIRTUAL is not set +CONFIG_FB_GEODE=y +CONFIG_FB_GEODE_GX1=m +CONFIG_FB_VIRTUAL=m # # Console display driver support @@ -2070,7 +2152,7 @@ CONFIG_VGA_CONSOLE=y CONFIG_VGA_CONSOLE=y CONFIG_DUMMY_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE=y -# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set +CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y # CONFIG_FONTS is not set CONFIG_FONT_8x8=y CONFIG_FONT_8x16=y @@ -2109,7 +2191,7 @@ CONFIG_SND_SEQUENCER_OSS=y CONFIG_SND_SEQUENCER_OSS=y CONFIG_SND_RTCTIMER=m CONFIG_SND_SEQ_RTCTIMER_DEFAULT=y -# CONFIG_SND_DYNAMIC_MINORS is not set +CONFIG_SND_DYNAMIC_MINORS=y CONFIG_SND_SUPPORT_OLD_API=y # CONFIG_SND_VERBOSE_PRINTK is not set # CONFIG_SND_DEBUG is not set @@ -2125,7 +2207,7 @@ CONFIG_SND_DUMMY=m CONFIG_SND_DUMMY=m CONFIG_SND_VIRMIDI=m CONFIG_SND_MTPAV=m -# CONFIG_SND_SERIAL_U16550 is not set +CONFIG_SND_SERIAL_U16550=m CONFIG_SND_MPU401=m # @@ -2197,7 +2279,7 @@ CONFIG_SND_USB_USX2Y=m # CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB_ARCH_HAS_OHCI=y -CONFIG_USB=y +CONFIG_USB=m # CONFIG_USB_DEBUG is not set # @@ -2253,7 +2335,7 @@ CONFIG_USB_STORAGE_JUMPSHOT=y # # USB Input Devices # -CONFIG_USB_HID=y +CONFIG_USB_HID=m CONFIG_USB_HIDINPUT=y # CONFIG_USB_HIDINPUT_POWERBOOK is not set CONFIG_HID_FF=y @@ -2261,6 +2343,12 @@ CONFIG_LOGITECH_FF=y CONFIG_LOGITECH_FF=y CONFIG_THRUSTMASTER_FF=y CONFIG_USB_HIDDEV=y + +# +# USB HID Boot Protocol drivers +# +CONFIG_USB_KBD=m +CONFIG_USB_MOUSE=m CONFIG_USB_AIPTEK=m CONFIG_USB_WACOM=m CONFIG_USB_ACECAD=m @@ -2317,7 +2405,7 @@ CONFIG_USB_AN2720=y CONFIG_USB_AN2720=y CONFIG_USB_BELKIN=y CONFIG_USB_ARMLINUX=y -# CONFIG_USB_EPSON2888 is not set +CONFIG_USB_EPSON2888=y CONFIG_USB_NET_ZAURUS=m CONFIG_USB_ZD1201=m CONFIG_USB_MON=y @@ -2380,18 +2468,18 @@ CONFIG_USB_EZUSB=y # USB Miscellaneous drivers # CONFIG_USB_EMI62=m -# CONFIG_USB_EMI26 is not set +CONFIG_USB_EMI26=m CONFIG_USB_AUERSWALD=m CONFIG_USB_RIO500=m CONFIG_USB_LEGOTOWER=m CONFIG_USB_LCD=m CONFIG_USB_LED=m -# CONFIG_USB_CYTHERM is not set +CONFIG_USB_CYTHERM=m CONFIG_USB_PHIDGETKIT=m CONFIG_USB_PHIDGETSERVO=m CONFIG_USB_IDMOUSE=m CONFIG_USB_SISUSBVGA=m -# CONFIG_USB_SISUSBVGA_CON is not set +CONFIG_USB_SISUSBVGA_CON=y CONFIG_USB_LD=m CONFIG_USB_TEST=m @@ -2482,17 +2570,17 @@ CONFIG_FS_POSIX_ACL=y CONFIG_FS_POSIX_ACL=y CONFIG_XFS_FS=m CONFIG_XFS_EXPORT=y -# CONFIG_XFS_QUOTA is not set +CONFIG_XFS_QUOTA=y CONFIG_XFS_SECURITY=y CONFIG_XFS_POSIX_ACL=y -# CONFIG_XFS_RT is not set +CONFIG_XFS_RT=y CONFIG_OCFS2_FS=m CONFIG_MINIX_FS=m CONFIG_ROMFS_FS=m CONFIG_INOTIFY=y CONFIG_QUOTA=y # CONFIG_QFMT_V1 is not set -CONFIG_QFMT_V2=y +CONFIG_QFMT_V2=m CONFIG_QUOTACTL=y CONFIG_DNOTIFY=y CONFIG_AUTOFS_FS=m @@ -2516,8 +2604,10 @@ CONFIG_MSDOS_FS=m CONFIG_MSDOS_FS=m CONFIG_VFAT_FS=m CONFIG_FAT_DEFAULT_CODEPAGE=437 -CONFIG_FAT_DEFAULT_IOCHARSET="ascii" -# CONFIG_NTFS_FS is not set +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +CONFIG_NTFS_FS=m +# CONFIG_NTFS_DEBUG is not set +# CONFIG_NTFS_RW is not set # # Pseudo filesystems @@ -2534,7 +2624,8 @@ CONFIG_CONFIGFS_FS=m # # Miscellaneous filesystems # -# CONFIG_ADFS_FS is not set +CONFIG_ADFS_FS=m +# CONFIG_ADFS_FS_RW is not set CONFIG_AFFS_FS=m CONFIG_HFS_FS=m CONFIG_HFSPLUS_FS=m @@ -2542,18 +2633,23 @@ CONFIG_BEFS_FS=m # CONFIG_BEFS_DEBUG is not set CONFIG_BFS_FS=m CONFIG_EFS_FS=m -# CONFIG_JFFS_FS is not set +CONFIG_JFFS_FS=m +CONFIG_JFFS_FS_VERBOSE=0 +CONFIG_JFFS_PROC_FS=y CONFIG_JFFS2_FS=m CONFIG_JFFS2_FS_DEBUG=0 CONFIG_JFFS2_FS_WRITEBUFFER=y -# CONFIG_JFFS2_SUMMARY is not set -# CONFIG_JFFS2_COMPRESSION_OPTIONS is not set +CONFIG_JFFS2_SUMMARY=y +CONFIG_JFFS2_COMPRESSION_OPTIONS=y CONFIG_JFFS2_ZLIB=y CONFIG_JFFS2_RTIME=y # CONFIG_JFFS2_RUBIN is not set -CONFIG_CRAMFS=y +# CONFIG_JFFS2_CMODE_NONE is not set +CONFIG_JFFS2_CMODE_PRIORITY=y +# CONFIG_JFFS2_CMODE_SIZE is not set +CONFIG_CRAMFS=m CONFIG_VXFS_FS=m -# CONFIG_HPFS_FS is not set +CONFIG_HPFS_FS=m CONFIG_QNX4FS_FS=m CONFIG_SYSV_FS=m CONFIG_UFS_FS=m @@ -2563,26 +2659,30 @@ CONFIG_UFS_FS=m # CONFIG_NFS_FS=m CONFIG_NFS_V3=y -# CONFIG_NFS_V3_ACL is not set +CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y CONFIG_NFS_DIRECTIO=y CONFIG_NFSD=m +CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y -# CONFIG_NFSD_V3_ACL is not set +CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y CONFIG_NFSD_TCP=y CONFIG_LOCKD=m CONFIG_LOCKD_V4=y CONFIG_EXPORTFS=m +CONFIG_NFS_ACL_SUPPORT=m CONFIG_NFS_COMMON=y CONFIG_SUNRPC=m CONFIG_SUNRPC_GSS=m CONFIG_RPCSEC_GSS_KRB5=m CONFIG_RPCSEC_GSS_SPKM3=m CONFIG_SMB_FS=m -# CONFIG_SMB_NLS_DEFAULT is not set +CONFIG_SMB_NLS_DEFAULT=y +CONFIG_SMB_NLS_REMOTE="cp850" CONFIG_CIFS=m -# CONFIG_CIFS_STATS is not set +CONFIG_CIFS_STATS=y +# CONFIG_CIFS_STATS2 is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y # CONFIG_CIFS_EXPERIMENTAL is not set @@ -2595,8 +2695,10 @@ CONFIG_NCPFS_SMALLDOS=y CONFIG_NCPFS_SMALLDOS=y CONFIG_NCPFS_NLS=y CONFIG_NCPFS_EXTRAS=y -# CONFIG_CODA_FS is not set -# CONFIG_AFS_FS is not set +CONFIG_CODA_FS=m +# CONFIG_CODA_FS_OLD_API is not set +CONFIG_AFS_FS=m +CONFIG_RXRPC=m CONFIG_9P_FS=m # @@ -2625,7 +2727,7 @@ CONFIG_EFI_PARTITION=y # CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" -CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_CODEPAGE_437=m CONFIG_NLS_CODEPAGE_737=m CONFIG_NLS_CODEPAGE_775=m CONFIG_NLS_CODEPAGE_850=m @@ -2648,7 +2750,7 @@ CONFIG_NLS_ISO8859_8=m CONFIG_NLS_ISO8859_8=m CONFIG_NLS_CODEPAGE_1250=m CONFIG_NLS_CODEPAGE_1251=m -CONFIG_NLS_ASCII=y +CONFIG_NLS_ASCII=m CONFIG_NLS_ISO8859_1=m CONFIG_NLS_ISO8859_2=m CONFIG_NLS_ISO8859_3=m @@ -2699,10 +2801,11 @@ CONFIG_KEYS_DEBUG_PROC_KEYS=y CONFIG_KEYS_DEBUG_PROC_KEYS=y CONFIG_SECURITY=y CONFIG_SECURITY_NETWORK=y -CONFIG_SECURITY_NETWORK_XFRM=y +# CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_CAPABILITIES=y -# CONFIG_SECURITY_ROOTPLUG is not set -# CONFIG_SECURITY_SECLVL is not set +CONFIG_SECURITY_ROOTPLUG=m +CONFIG_SECURITY_SECLVL=m +# CONFIG_SECURITY_SELINUX is not set # # Cryptographic options @@ -2712,7 +2815,7 @@ CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y -CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA1=m CONFIG_CRYPTO_SHA256=m CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_WP512=m @@ -2732,7 +2835,7 @@ CONFIG_CRYPTO_DEFLATE=m CONFIG_CRYPTO_DEFLATE=m CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_CRC32C=m -# CONFIG_CRYPTO_TEST is not set +CONFIG_CRYPTO_TEST=m # # Hardware crypto devices @@ -2746,7 +2849,7 @@ CONFIG_XEN_PRIVILEGED_GUEST=y CONFIG_XEN_PRIVILEGED_GUEST=y # CONFIG_XEN_UNPRIVILEGED_GUEST is not set CONFIG_XEN_BACKEND=y -CONFIG_XEN_PCIDEV_BACKEND=y +CONFIG_XEN_PCIDEV_BACKEND=m # CONFIG_XEN_PCIDEV_BACKEND_VPCI is not set CONFIG_XEN_PCIDEV_BACKEND_PASS=y # CONFIG_XEN_PCIDEV_BE_DEBUG is not set @@ -2755,14 +2858,15 @@ CONFIG_XEN_NETDEV_BACKEND=y CONFIG_XEN_NETDEV_BACKEND=y # CONFIG_XEN_NETDEV_PIPELINED_TRANSMITTER is not set CONFIG_XEN_NETDEV_LOOPBACK=y -# CONFIG_XEN_TPMDEV_BACKEND is not set +CONFIG_XEN_TPMDEV_BACKEND=m +# CONFIG_XEN_TPMDEV_CLOSE_IF_VTPM_FAILS is not set CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_XEN_NETDEV_FRONTEND=y # CONFIG_XEN_BLKDEV_TAP is not set -# CONFIG_XEN_TPMDEV_FRONTEND is not set +CONFIG_XEN_TPMDEV_FRONTEND=m CONFIG_XEN_SCRUB_PAGES=y CONFIG_XEN_DISABLE_SERIAL=y -CONFIG_XEN_SYSFS=m +CONFIG_XEN_SYSFS=y CONFIG_HAVE_ARCH_ALLOC_SKB=y CONFIG_HAVE_ARCH_DEV_ALLOC_SKB=y CONFIG_NO_IDLE_HZ=y @@ -2776,6 +2880,8 @@ CONFIG_LIBCRC32C=m CONFIG_LIBCRC32C=m CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=m +CONFIG_REED_SOLOMON=m +CONFIG_REED_SOLOMON_DEC16=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m diff -r 9a915e2828f3 -r ae709b250f43 docs/man/xend-config.sxp.pod.5 --- a/docs/man/xend-config.sxp.pod.5 Tue Apr 25 22:55:22 2006 -0600 +++ b/docs/man/xend-config.sxp.pod.5 Tue Apr 25 23:35:55 2006 -0600 @@ -109,6 +109,12 @@ A boolean value that tells xend whether A boolean value that tells xend whether or not core dumps of guest domains should be saved when a crash occurrs. Defaults to I<no>. +=item I<external-migration-tool> + +The name of an application or script that can handle external device +migration, such as for example virtual TPM migration. An example +script is I</etc/xen/scripts/external-device-migrate>. + =back =head1 EXAMPLES diff -r 9a915e2828f3 -r ae709b250f43 docs/man/xm.pod.1 --- a/docs/man/xm.pod.1 Tue Apr 25 22:55:22 2006 -0600 +++ b/docs/man/xm.pod.1 Tue Apr 25 23:35:55 2006 -0600 @@ -136,7 +136,7 @@ The I<--long> option prints out the comp The I<--long> option prints out the complete set of B<xm> subcommands, grouped by function. -=item B<list> I<[--long]> I<[domain-id, ...]> +=item B<list> I<[--long | --label]> I<[domain-id, ...]> Prints information about one or more domains. If no domains are specified it prints out information about all domains. @@ -212,6 +212,18 @@ Use at your own risk. Use at your own risk. =back + +B<LABEL OUTPUT> + +=over 4 + +If I<--label> is specified, the security labels are added to the +output of xm list and the lines are sorted by the labels (ignoring +case). The I<--long> option prints the labels by default and cannot be +combined with I<--label>. See the ACCESS CONTROL SUBCOMMAND section of +this man page for more information about labels. + +==back B<NOTES> @@ -775,6 +787,262 @@ Delete a vnet. =back +=head1 ACCESS CONTROL SUBCOMMANDS + +Access Control in Xen consists of two components: (i) The Access +Control Policy (ACP) defines security labels and access rules based on +these labels. (ii) The Access Control Module (ACM) makes access control +decisions by interpreting the policy when domains require to +communicate or to access resources. The Xen access control has +sufficient mechanisms in place to enforce the access decisions even +against maliciously acting user domains (mandatory access control). + +Access rights for domains in Xen are determined by the domain security +label only and not based on the domain Name or ID. The ACP specifies +security labels that can then be assigned to domains and +resources. Every domain must be assigned exactly one security label, +otherwise access control decisions could become indeterministic. ACPs +are distinguished by their name, which is a parameter to most of the +subcommands described below. Currently, the ACP specifies two ways to +interpret labels: + +(1) Simple Type Enforcement: Labels are interpreted to decide access +of domains to comunication means and virtual or physical +resources. Communication between domains as well as access to +resources are forbidden by default and can only take place if they are +explicitly allowed by the security policy. The proper assignment of +labels to domains controls the sharing of information (directly +through communication or indirectly through shared resources) between +domains. This interpretation allows to control the overt (intended) +communication channels in Xen. + +(2) Chinese Wall: Labels are interpreted to decide which domains can +co-exist (be run simultaneously) on the same system. This +interpretation allows to prevent direct covert (unintended) channels +and mitigates risks caused by imperfect core domain isolation +(trade-off between security and other system requirements). For a +short introduction to covert channels, please refer to +http://www.multicians.org/timing-chn.html. + +The following subcommands help you to manage security policies in Xen +and to assign security labels to domains. To enable access control +security in Xen, you must compile Xen with ACM support enabled as +described under "Configuring Security" below. There, you will find +also examples of each subcommand described here. + +=item B<makepolicy> I<policy> + +Compiles the XML source representation of the security I<policy>. It +creates a mapping (.map) as well as a binary (.bin) version of the +policy. The compiled policy can be loaded into Xen with the +B<loadpolicy> subcommand or can be configured to be loaded at boot +time with the B<cfgbootpolicy> subcommand. + +=over 4 + +I<policy> is a dot-separated list of names. The last part is the file +name pre-fix for the policy xml file. The preceding name parts are +translated into the local path pointing to the policy xml file +relative to the global policy root directory +(/etc/xen/acm-security/policies). For example, +example.chwall_ste.client_v1 denotes the policy file +example/chwall_ste/client_v1-security_policy.xml relative to the +global policy root directory. + +=back + +=item B<loadpolicy> I<policy> + +Loads the binary representation of the I<policy> into Xen. The binary +representation can be created with the B<makepolicy> subcommand. + +=item B<cfgbootpolicy> I<policy> [I<kernelversion>] + +Configures I<policy> as the boot policy for Xen. It copies the binary +policy representation into the /boot directory and adds a module line +specifying the binary policy to the /boot/grub/menu.lst file. If your +boot configuration includes multiple Xen boot titles, then use the +I<kernelversion> parameter to select the proper title. + +=item B<dumppolicy> + +Prints the current security policy state information of Xen. + +=item B<labels> [I<policy>] [I<type>=dom|res|any] + +Lists all labels of a I<type> (domain, resource, or both) that are +defined in the I<policy>. Unless specified, the default I<policy> is +the currently enforced access control policy. The default for I<type> +is 'dom'. The labels are arranged in alphabetical order. + +=item B<addlabel> I<configfile> I<label> [I<policy>] + +Adds the security label with name I<label> to a domain +I<configfile>. Unless specified, the default I<policy> is the +currently enforced access control policy. This subcommand also +verifies that the I<policy> definition supports the specified I<label> +name. + +B<CONFIGURING SECURITY> + +=over 4 + +In xen_source_dir/Config.mk set the following parameters: + + ACM_SECURITY ?= y + ACM_DEFAULT_SECURITY_POLICY ?= \ + ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY + +Then recompile and install xen and the security tools and then reboot: + + cd xen_source_dir/xen; make clean; make; cp xen.gz /boot; + cd xen_source_dir/tools/security; make install; + reboot into xen + +=back + +B<COMPILING A SECURITY POLICY> + +=over 4 + +This step creates client_v1.map and client_v1.bin files in +/etc/xen/acm-security/policies/example/chwall_ste. + + xm makepolicy example.chwall_ste.client_v1 + +=back + +B<LOADING A SECURITY POLICY> + +=over 4 + +This step activates client_v1.bin as new security policy in Xen. You +can use the dumppolicy subcommand before and afterwards to see the +change in the Xen policy state. + + xm loadpolicy example.chwall_ste.client_v1 + +=back + +B<CONFIGURING A BOOT SECURITY POLICY> + +=over 4 + +This configures the boot loader to load client_v1.bin at boot +time. During system start, the ACM configures Xen with this policy and +Xen enforces this policy from then on. + + xm cfgbootpolicy example.chwall_ste.client_v1 + +=back + +B<LISTING SECURITY LABELS> + +=over 4 + +This subcommand shows all labels that are defined and which can be +attached to domains. + + xm labels example.chwall_ste.client_v1 type=dom + +will print for our example policy: + + dom_BoincClient + dom_Fun + dom_HomeBanking + dom_NetworkDomain + dom_StorageDomain + dom_SystemManagement + +=back + +B<ATTACHING A SECURITY LABEL TO A DOMAIN> + +=over 4 + +This subcommand attaches a security label to a domain configuration +file, here a HomeBanking label. The example policy ensures that this +domain does not share information with other non-hombanking user +domains (i.e., domains labeled as dom_Fun or dom_Boinc) and that it +will not run simultaneously with domains labeled as dom_Fun. + +We assume that the specified myconfig.xm configuration file actually +instantiates a domain that runs workloads related to home-banking, +probably just a browser environment for online-banking. + + xm addlabel myconfig.xm dom_HomeBanking + +The very simple configuration file might now look as printed +below. The I<addlabel> subcommand added the B<access_control> entry at +the end of the file, consisting of a label name and the policy that +specifies this label name: + + kernel = "/boot/vmlinuz-2.6.16-xen" + ramdisk="/boot/U1_home_banking_ramdisk.img" + memory = 164 + name = "homebanking" + vif = [ '' ] + dhcp = "dhcp" + access_control = ['policy=example.chwall_ste.client_v1, + label=dom_HomeBanking'] + +Security labels must be assigned to domain configurations because +these labels are essential for making access control decisions as +early as during the configuration phase of a newly instantiated +domain. Consequently, a security-enabled Xen hypervisor will only +start domains that have a security label configured and whose security +label is consistent with the currently enforced policy. Otherwise, +starting the domain will fail with the error condition "operation not +permitted". + +=back + +B<STARTING AND LISTING LABELED DOMAINS> + +=over 4 + + xm create myconfig.xm + + xm list --label + + Name ID ... Time(s) Label + homebanking 23 ... 4.4 dom_HomeBanking + Domain-0 0 ... 2658.8 dom_SystemManagement + +=back + +B<POLICY REPRESENTATIONS> + +=over 4 + +We distinguish three representations of the Xen access control policy: +the I<source XML> version, its I<binary> counterpart, and a I<mapping> +representation that enables the tools to deterministically translate +back and forth between label names of the XML policy and label +identifiers of the binary policy. All three versions must be kept +consistent to achieve predictable security guarantees. + +The XML version is the version that users are supposed to create or +change, either by manually editing the XML file or by using the Xen +policy generation tool (B<xensec_gen>). After changing the XML file, +run the B<makepolicy> subcommand to ensure that these changes are +reflected in the other versions. Use, for example, the subcommand +B<cfgbootpolicy> to activate the changes during the next system +reboot. + +The binary version of the policy is derived from the XML policy by +tokenizing the specified labels and is used inside Xen only. It is +created with the B<makepolicy> subcommand. Essentially, the binary +version is much more compact than the XML version and is easier to +evaluate during access control decisions. + +The mapping version of the policy is created during the XML-to-binary +policy translation (B<makepolicy>) and is used by the Xen management +tools to translate between label names used as input to the tools and +their binary identifiers (ssidrefs) used inside Xen. + +=back + =head1 EXAMPLES =head1 SEE ALSO @@ -791,5 +1059,6 @@ Operating Systems Review, pages 261-267 Sean Dague <sean at dague dot net> Daniel Stekloff <dsteklof at us dot ibm dot com> + Reiner Sailer <sailer at us dot ibm dot com> =head1 BUGS diff -r 9a915e2828f3 -r ae709b250f43 docs/misc/vtpm.txt --- a/docs/misc/vtpm.txt Tue Apr 25 22:55:22 2006 -0600 +++ b/docs/misc/vtpm.txt Tue Apr 25 23:35:55 2006 -0600 @@ -17,13 +17,8 @@ Compiling XEN tree: Compiling XEN tree: ------------------- -Compile the XEN tree as usual. - -make uninstall; make mrproper; make install - -After compiling the tree, verify that in the linux-2.6.XX-xen0/.config -file at least the following entries are set as below (they should be set -by default): +Compile the XEN tree as usual after the following lines set in the +linux-2.6.??-xen/.config file: CONFIG_XEN_TPMDEV_BACKEND=y CONFIG_XEN_TPMDEV_GRANT=y @@ -32,18 +27,20 @@ CONFIG_TCG_NSC=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m +You must also enable the virtual TPM to be built: -Verify that in the linux-2.6.XX-xenU/.config file at least the -Following entries are set as below (they should be set by default): +In Config.mk in the Xen root directory set the line -CONFIG_XEN_TPMDEV_FRONTEND=y -CONFIG_XEN_TPMDEV_GRANT=y +VTPM_TOOLS ?= y -CONFIG_TCG_TPM=y -CONFIG_TCG_XEN=y +Now build the Xen sources from Xen's root directory: +make install -Reboot the machine with the created XEN-0 kernel. + +Also build the initial RAM disk if necessary. + +Reboot the machine with the created Xen kernel. Note: If you do not want any TPM-related code compiled into your kernel or built as module then comment all the above lines like diff -r 9a915e2828f3 -r ae709b250f43 docs/src/user.tex --- a/docs/src/user.tex Tue Apr 25 22:55:22 2006 -0600 +++ b/docs/src/user.tex Tue Apr 25 23:35:55 2006 -0600 @@ -1983,8 +1983,7 @@ editing \path{grub.conf}. kilobytes. In previous versions of Xen, suffixes were not supported and the value is always interpreted as kilobytes. \item [ tbuf\_size=xxx ] Set the size of the per-cpu trace buffers, in - pages (default 1). Note that the trace buffers are only enabled in - debug builds. Most users can ignore this feature completely. + pages (default 0). \item [ sched=xxx ] Select the CPU scheduler Xen should use. The current possibilities are `sedf' (default) and `bvt'. \item [ apic\_verbosity=debug,verbose ] Print more detailed diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/Kconfig --- a/linux-2.6-xen-sparse/arch/i386/Kconfig Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/Kconfig Tue Apr 25 23:35:55 2006 -0600 @@ -1180,11 +1180,6 @@ config X86_NO_TSS depends on X86_XEN default y -config X86_SYSENTER - bool - depends on !X86_NO_TSS - default y - config X86_NO_IDT bool depends on X86_XEN diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/kernel/Makefile --- a/linux-2.6-xen-sparse/arch/i386/kernel/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -49,14 +49,12 @@ vsyscall_note := vsyscall-note.o vsyscall_note := vsyscall-note.o endif -VSYSCALL_TYPES-y := int80 -VSYSCALL_TYPES-$(CONFIG_X86_SYSENTER) += sysenter # vsyscall.o contains the vsyscall DSO images as __initdata. # We must build both images before we can assemble it. # Note: kbuild does not track this dependency due to usage of .incbin -$(obj)/vsyscall.o: $(foreach F,$(VSYSCALL_TYPES-y),$(obj)/vsyscall-$F.so) -targets += $(foreach F,$(VSYSCALL_TYPES-y),vsyscall-$F.o vsyscall-$F.so) -targets += $(vsyscall_note) vsyscall.lds +$(obj)/vsyscall.o: $(obj)/vsyscall-int80.so $(obj)/vsyscall-sysenter.so +targets += $(foreach F,int80 sysenter,vsyscall-$F.o vsyscall-$F.so) +targets += vsyscall-note.o vsyscall.lds # The DSO images are built using a special linker script. quiet_cmd_syscall = SYSCALL $@ @@ -83,8 +81,7 @@ extra-y += vsyscall-syms.o SYSCFLAGS_vsyscall-syms.o = -r $(obj)/vsyscall-syms.o: $(src)/vsyscall.lds \ - $(foreach F,$(VSYSCALL_TYPES-y),$(obj)/vsyscall-$F.o) \ - $(obj)/$(vsyscall_note) FORCE + $(obj)/vsyscall-sysenter.o $(obj)/$(vsyscall_note) FORCE $(call if_changed,syscall) ifdef CONFIG_XEN diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/kernel/asm-offsets.c --- a/linux-2.6-xen-sparse/arch/i386/kernel/asm-offsets.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/asm-offsets.c Tue Apr 25 23:35:55 2006 -0600 @@ -64,10 +64,13 @@ void foo(void) OFFSET(pbe_orig_address, pbe, orig_address); OFFSET(pbe_next, pbe, next); -#ifdef CONFIG_X86_SYSENTER +#ifndef CONFIG_X86_NO_TSS /* Offset from the sysenter stack to tss.esp0 */ - DEFINE(TSS_sysenter_esp0, offsetof(struct tss_struct, esp0) - + DEFINE(SYSENTER_stack_esp0, offsetof(struct tss_struct, esp0) - sizeof(struct tss_struct)); +#else + /* sysenter stack points directly to esp0 */ + DEFINE(SYSENTER_stack_esp0, 0); #endif DEFINE(PAGE_SIZE_asm, PAGE_SIZE); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/kernel/entry-xen.S --- a/linux-2.6-xen-sparse/arch/i386/kernel/entry-xen.S Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/entry-xen.S Tue Apr 25 23:35:55 2006 -0600 @@ -202,13 +202,12 @@ need_resched: jmp need_resched #endif -#ifdef CONFIG_X86_SYSENTER /* SYSENTER_RETURN points to after the "sysenter" instruction in the vsyscall page. See vsyscall-sysentry.S, which defines the symbol. */ # sysenter call handler stub ENTRY(sysenter_entry) - movl TSS_sysenter_esp0(%esp),%esp + movl SYSENTER_stack_esp0(%esp),%esp sysenter_past_esp: sti pushl $(__USER_DS) @@ -240,7 +239,7 @@ 1: movl (%ebp),%ebp jae syscall_badsys call *sys_call_table(,%eax,4) movl %eax,EAX(%esp) - cli + DISABLE_INTERRUPTS movl TI_flags(%ebp), %ecx testw $_TIF_ALLWORK_MASK, %cx jne syscall_exit_work @@ -248,9 +247,23 @@ 1: movl (%ebp),%ebp movl EIP(%esp), %edx movl OLDESP(%esp), %ecx xorl %ebp,%ebp +#ifdef CONFIG_XEN + __ENABLE_INTERRUPTS +sysexit_scrit: /**** START OF SYSEXIT CRITICAL REGION ****/ + __TEST_PENDING + jnz 14f # process more events if necessary... + movl ESI(%esp), %esi + sysexit +14: __DISABLE_INTERRUPTS +sysexit_ecrit: /**** END OF SYSEXIT CRITICAL REGION ****/ + push %esp + call evtchn_do_upcall + add $4,%esp + jmp ret_from_intr +#else sti sysexit -#endif /* CONFIG_X86_SYSENTER */ +#endif /* !CONFIG_XEN */ # system call handler stub @@ -532,6 +545,11 @@ error_code: # So, on entry to the handler we detect whether we interrupted an # existing activation in its critical region -- if so, we pop the current # activation and restart the handler using the previous one. +# +# The sysexit critical region is slightly different. sysexit +# atomically removes the entire stack frame. If we interrupt in the +# critical region we know that the entire frame is present and correct +# so we can simply throw away the new one. ENTRY(hypervisor_callback) pushl %eax SAVE_ALL @@ -540,6 +558,11 @@ ENTRY(hypervisor_callback) jb 11f cmpl $ecrit,%eax jb critical_region_fixup + cmpl $sysexit_scrit,%eax + jb 11f + cmpl $sysexit_ecrit,%eax + ja 11f + addl $0x34,%esp # Remove cs...ebx from stack frame. 11: push %esp call evtchn_do_upcall add $4,%esp @@ -683,13 +706,13 @@ device_available_emulate: call math_state_restore jmp ret_from_exception -#ifdef CONFIG_X86_SYSENTER +#ifndef CONFIG_XEN /* * Debug traps and NMI can happen at the one SYSENTER instruction * that sets up the real kernel stack. Check here, since we can't * allow the wrong stack to be used. * - * "TSS_sysenter_esp0+12" is because the NMI/debug handler will have + * "SYSENTER_stack_esp0+12" is because the NMI/debug handler will have * already pushed 3 words if it hits on the sysenter instruction: * eflags, cs and eip. * @@ -701,19 +724,19 @@ device_available_emulate: cmpw $__KERNEL_CS,4(%esp); \ jne ok; \ label: \ - movl TSS_sysenter_esp0+offset(%esp),%esp; \ + movl SYSENTER_stack_esp0+offset(%esp),%esp; \ pushfl; \ pushl $__KERNEL_CS; \ pushl $sysenter_past_esp -#endif /* CONFIG_X86_SYSENTER */ +#endif /* CONFIG_XEN */ KPROBE_ENTRY(debug) -#ifdef CONFIG_X86_SYSENTER +#ifndef CONFIG_XEN cmpl $sysenter_entry,(%esp) jne debug_stack_correct FIX_STACK(12, debug_stack_correct, debug_esp_fix_insn) debug_stack_correct: -#endif /* !CONFIG_X86_SYSENTER */ +#endif /* !CONFIG_XEN */ pushl $-1 # mark this as an int SAVE_ALL xorl %edx,%edx # error code 0 diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/kernel/io_apic-xen.c --- a/linux-2.6-xen-sparse/arch/i386/kernel/io_apic-xen.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/io_apic-xen.c Tue Apr 25 23:35:55 2006 -0600 @@ -1205,7 +1205,6 @@ u8 irq_vector[NR_IRQ_VECTORS] __read_mos int assign_irq_vector(int irq) { - static int current_vector = FIRST_DEVICE_VECTOR; physdev_op_t op; BUG_ON(irq >= NR_IRQ_VECTORS); @@ -1216,13 +1215,12 @@ int assign_irq_vector(int irq) op.u.irq_op.irq = irq; if (HYPERVISOR_physdev_op(&op)) return -ENOSPC; - current_vector = op.u.irq_op.vector; - - vector_irq[current_vector] = irq; + + vector_irq[op.u.irq_op.vector] = irq; if (irq != AUTO_ASSIGN) - IO_APIC_VECTOR(irq) = current_vector; - - return current_vector; + IO_APIC_VECTOR(irq) = op.u.irq_op.vector; + + return op.u.irq_op.vector; } #ifndef CONFIG_XEN @@ -2485,6 +2483,12 @@ static int __init io_apic_bug_finalize(v { if(sis_apic_bug == -1) sis_apic_bug = 0; + if (xen_start_info->flags & SIF_INITDOMAIN) { + dom0_op_t op = { .cmd = DOM0_PLATFORM_QUIRK }; + op.u.platform_quirk.quirk_id = sis_apic_bug ? + QUIRK_IOAPIC_BAD_REGSEL : QUIRK_IOAPIC_GOOD_REGSEL; + HYPERVISOR_dom0_op(&op); + } return 0; } diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/kernel/sysenter.c --- a/linux-2.6-xen-sparse/arch/i386/kernel/sysenter.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/sysenter.c Tue Apr 25 23:35:55 2006 -0600 @@ -20,11 +20,15 @@ #include <asm/pgtable.h> #include <asm/unistd.h> +#ifdef CONFIG_XEN +#include <xen/interface/callback.h> +#endif + extern asmlinkage void sysenter_entry(void); void enable_sep_cpu(void) { -#ifdef CONFIG_X86_SYSENTER +#ifndef CONFIG_X86_NO_TSS int cpu = get_cpu(); struct tss_struct *tss = &per_cpu(init_tss, cpu); @@ -54,14 +58,24 @@ int __init sysenter_setup(void) { syscall_page = (void *)get_zeroed_page(GFP_ATOMIC); -#ifdef CONFIG_X86_SYSENTER +#ifdef CONFIG_XEN + if (boot_cpu_has(X86_FEATURE_SEP)) { + struct callback_register sysenter = { + .type = CALLBACKTYPE_sysenter, + .address = { __KERNEL_CS, (unsigned long)sysenter_entry }, + }; + + if (HYPERVISOR_callback_op(CALLBACKOP_register, &sysenter) < 0) + clear_bit(X86_FEATURE_SEP, boot_cpu_data.x86_capability); + } +#endif + if (boot_cpu_has(X86_FEATURE_SEP)) { memcpy(syscall_page, &vsyscall_sysenter_start, &vsyscall_sysenter_end - &vsyscall_sysenter_start); return 0; } -#endif memcpy(syscall_page, &vsyscall_int80_start, diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/kernel/vsyscall.S --- a/linux-2.6-xen-sparse/arch/i386/kernel/vsyscall.S Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/vsyscall.S Tue Apr 25 23:35:55 2006 -0600 @@ -7,11 +7,9 @@ vsyscall_int80_start: .incbin "arch/i386/kernel/vsyscall-int80.so" vsyscall_int80_end: -#ifdef CONFIG_X86_SYSENTER .globl vsyscall_sysenter_start, vsyscall_sysenter_end vsyscall_sysenter_start: .incbin "arch/i386/kernel/vsyscall-sysenter.so" vsyscall_sysenter_end: -#endif __FINIT diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/mm/pgtable-xen.c --- a/linux-2.6-xen-sparse/arch/i386/mm/pgtable-xen.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/mm/pgtable-xen.c Tue Apr 25 23:35:55 2006 -0600 @@ -306,14 +306,14 @@ void pgd_ctor(void *pgd, kmem_cache_t *c BUG_ON(rc); } if (HAVE_SHARED_KERNEL_PMD) - memcpy((pgd_t *)pgd + USER_PTRS_PER_PGD, - swapper_pg_dir + USER_PTRS_PER_PGD, - (PTRS_PER_PGD - USER_PTRS_PER_PGD) * sizeof(pgd_t)); + clone_pgd_range((pgd_t *)pgd + USER_PTRS_PER_PGD, + swapper_pg_dir + USER_PTRS_PER_PGD, + KERNEL_PGD_PTRS); } else { spin_lock_irqsave(&pgd_lock, flags); - memcpy((pgd_t *)pgd + USER_PTRS_PER_PGD, - swapper_pg_dir + USER_PTRS_PER_PGD, - (PTRS_PER_PGD - USER_PTRS_PER_PGD) * sizeof(pgd_t)); + clone_pgd_range((pgd_t *)pgd + USER_PTRS_PER_PGD, + swapper_pg_dir + USER_PTRS_PER_PGD, + KERNEL_PGD_PTRS); memset(pgd, 0, USER_PTRS_PER_PGD*sizeof(pgd_t)); pgd_list_add(pgd); spin_unlock_irqrestore(&pgd_lock, flags); @@ -360,7 +360,7 @@ pgd_t *pgd_alloc(struct mm_struct *mm) pmd_t *pmd = kmem_cache_alloc(pmd_cache, GFP_KERNEL); if (!pmd) goto out_oom; - set_pgd(&pgd[USER_PTRS_PER_PGD], __pgd(1 + __pa(pmd))); + set_pgd(&pgd[i], __pgd(1 + __pa(pmd))); } spin_lock_irqsave(&pgd_lock, flags); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/i386/oprofile/xenoprof.c --- a/linux-2.6-xen-sparse/arch/i386/oprofile/xenoprof.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/i386/oprofile/xenoprof.c Tue Apr 25 23:35:55 2006 -0600 @@ -35,8 +35,9 @@ void * vm_map_xen_pages(unsigned long ma void * vm_map_xen_pages(unsigned long maddr, int vm_size, pgprot_t prot); static int xenoprof_enabled = 0; -static int num_events = 0; +static unsigned int num_events = 0; static int is_primary = 0; +static int active_defined; /* sample buffers shared with Xen */ xenoprof_buf_t * xenoprof_buf[MAX_VIRT_CPUS]; @@ -106,7 +107,7 @@ xenoprof_ovf_interrupt(int irq, void * d xenoprof_ovf_interrupt(int irq, void * dev_id, struct pt_regs * regs) { int head, tail, size; - xenoprof_buf_t * buf; + struct xenoprof_buf * buf; int cpu; cpu = smp_processor_id(); @@ -196,28 +197,49 @@ static int xenoprof_setup(void) static int xenoprof_setup(void) { int ret; + int i; ret = bind_virq(); if (ret) return ret; if (is_primary) { - ret = HYPERVISOR_xenoprof_op(XENOPROF_reserve_counters, - (unsigned long)NULL, - (unsigned long)NULL); + struct xenoprof_counter counter; + + /* Define dom0 as an active domain if not done yet */ + if (!active_defined) { + domid_t domid; + ret = HYPERVISOR_xenoprof_op(XENOPROF_reset_active_list, NULL); + if (ret) + goto err; + domid = 0; + ret = HYPERVISOR_xenoprof_op(XENOPROF_set_active, &domid); + if (ret) + goto err; + active_defined = 1; + } + + ret = HYPERVISOR_xenoprof_op(XENOPROF_reserve_counters, NULL); if (ret) goto err; - - ret = HYPERVISOR_xenoprof_op(XENOPROF_setup_events, - (unsigned long)&counter_config, - (unsigned long)num_events); + for (i=0; i<num_events; i++) { + counter.ind = i; + counter.count = (uint64_t)counter_config[i].count; + counter.enabled = (uint32_t)counter_config[i].enabled; + counter.event = (uint32_t)counter_config[i].event; + counter.kernel = (uint32_t)counter_config[i].kernel; + counter.user = (uint32_t)counter_config[i].user; + counter.unit_mask = (uint64_t)counter_config[i].unit_mask; + HYPERVISOR_xenoprof_op(XENOPROF_counter, + &counter); + } + ret = HYPERVISOR_xenoprof_op(XENOPROF_setup_events, NULL); + if (ret) goto err; } - ret = HYPERVISOR_xenoprof_op(XENOPROF_enable_virq, - (unsigned long)NULL, - (unsigned long)NULL); + ret = HYPERVISOR_xenoprof_op(XENOPROF_enable_virq, NULL); if (ret) goto err; @@ -233,17 +255,15 @@ static void xenoprof_shutdown(void) { xenoprof_enabled = 0; - HYPERVISOR_xenoprof_op(XENOPROF_disable_virq, - (unsigned long)NULL, - (unsigned long)NULL); + HYPERVISOR_xenoprof_op(XENOPROF_disable_virq, NULL); if (is_primary) { - HYPERVISOR_xenoprof_op(XENOPROF_release_counters, - (unsigned long)NULL, - (unsigned long)NULL); + HYPERVISOR_xenoprof_op(XENOPROF_release_counters, NULL); + active_defined = 0; } unbind_virq(); + } @@ -252,9 +272,8 @@ static int xenoprof_start(void) int ret = 0; if (is_primary) - ret = HYPERVISOR_xenoprof_op(XENOPROF_start, - (unsigned long)NULL, - (unsigned long)NULL); + ret = HYPERVISOR_xenoprof_op(XENOPROF_start, NULL); + return ret; } @@ -262,20 +281,43 @@ static void xenoprof_stop(void) static void xenoprof_stop(void) { if (is_primary) - HYPERVISOR_xenoprof_op(XENOPROF_stop, - (unsigned long)NULL, - (unsigned long)NULL); + HYPERVISOR_xenoprof_op(XENOPROF_stop, NULL); } static int xenoprof_set_active(int * active_domains, - unsigned int adomains) + unsigned int adomains) { int ret = 0; - if (is_primary) - ret = HYPERVISOR_xenoprof_op(XENOPROF_set_active, - (unsigned long)active_domains, - (unsigned long)adomains); + int i; + int set_dom0 = 0; + domid_t domid; + + if (!is_primary) + return 0; + + if (adomains > MAX_OPROF_DOMAINS) + return -E2BIG; + + ret = HYPERVISOR_xenoprof_op(XENOPROF_reset_active_list, NULL); + if (ret) + return ret; + + for (i=0; i<adomains; i++) { + domid = active_domains[i]; + ret = HYPERVISOR_xenoprof_op(XENOPROF_set_active, &domid); + if (ret) + return (ret); + if (active_domains[i] == 0) + set_dom0 = 1; + } + /* dom0 must always be active but may not be in the list */ + if (!set_dom0) { + domid = 0; + ret = HYPERVISOR_xenoprof_op(XENOPROF_set_active, &domid); + } + + active_defined = 1; return ret; } @@ -325,44 +367,48 @@ static int using_xenoprof; int __init oprofile_arch_init(struct oprofile_operations * ops) { - xenoprof_init_result_t result; - xenoprof_buf_t * buf; - int max_samples = 16; + struct xenoprof_init init; + struct xenoprof_buf * buf; int vm_size; int npages; + int ret; int i; - int ret = HYPERVISOR_xenoprof_op(XENOPROF_init, - (unsigned long)max_samples, - (unsigned long)&result); + init.max_samples = 16; + ret = HYPERVISOR_xenoprof_op(XENOPROF_init, &init); if (!ret) { pgprot_t prot = __pgprot(_KERNPG_TABLE); - num_events = result.num_events; - is_primary = result.is_primary; - nbuf = result.nbuf; - - npages = (result.bufsize * nbuf - 1) / PAGE_SIZE + 1; + num_events = init.num_events; + is_primary = init.is_primary; + nbuf = init.nbuf; + + /* just in case - make sure we do not overflow event list + (i.e. counter_config list) */ + if (num_events > OP_MAX_COUNTER) + num_events = OP_MAX_COUNTER; + + npages = (init.bufsize * nbuf - 1) / PAGE_SIZE + 1; vm_size = npages * PAGE_SIZE; - shared_buffer = (char *) vm_map_xen_pages(result.buf_maddr, - vm_size, prot); + shared_buffer = (char *)vm_map_xen_pages(init.buf_maddr, + vm_size, prot); if (!shared_buffer) { ret = -ENOMEM; goto out; } for (i=0; i< nbuf; i++) { - buf = (xenoprof_buf_t*) - &shared_buffer[i * result.bufsize]; + buf = (struct xenoprof_buf*) + &shared_buffer[i * init.bufsize]; BUG_ON(buf->vcpu_id >= MAX_VIRT_CPUS); xenoprof_buf[buf->vcpu_id] = buf; } /* cpu_type is detected by Xen */ cpu_type[XENOPROF_CPU_TYPE_SIZE-1] = 0; - strncpy(cpu_type, result.cpu_type, XENOPROF_CPU_TYPE_SIZE - 1); + strncpy(cpu_type, init.cpu_type, XENOPROF_CPU_TYPE_SIZE - 1); xenoprof_ops.cpu_type = cpu_type; init_driverfs(); @@ -371,6 +417,8 @@ int __init oprofile_arch_init(struct opr for (i=0; i<NR_CPUS; i++) ovf_irq[i] = -1; + + active_defined = 0; } out: printk(KERN_INFO "oprofile_arch_init: ret %d, events %d, " @@ -389,7 +437,5 @@ void __exit oprofile_arch_exit(void) shared_buffer = NULL; } if (is_primary) - HYPERVISOR_xenoprof_op(XENOPROF_shutdown, - (unsigned long)NULL, - (unsigned long)NULL); -} + HYPERVISOR_xenoprof_op(XENOPROF_shutdown, NULL); +} diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/arch/x86_64/kernel/io_apic-xen.c --- a/linux-2.6-xen-sparse/arch/x86_64/kernel/io_apic-xen.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/arch/x86_64/kernel/io_apic-xen.c Tue Apr 25 23:35:55 2006 -0600 @@ -869,7 +869,6 @@ u8 irq_vector[NR_IRQ_VECTORS] __read_mos int assign_irq_vector(int irq) { - static int current_vector = FIRST_DEVICE_VECTOR; physdev_op_t op; BUG_ON(irq != AUTO_ASSIGN && (unsigned)irq >= NR_IRQ_VECTORS); @@ -880,13 +879,12 @@ int assign_irq_vector(int irq) op.u.irq_op.irq = irq; if (HYPERVISOR_physdev_op(&op)) return -ENOSPC; - current_vector = op.u.irq_op.vector; - - vector_irq[current_vector] = irq; + + vector_irq[op.u.irq_op.vector] = irq; if (irq != AUTO_ASSIGN) - IO_APIC_VECTOR(irq) = current_vector; - - return current_vector; + IO_APIC_VECTOR(irq) = op.u.irq_op.vector; + + return op.u.irq_op.vector; } extern void (*interrupt[NR_IRQS])(void); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/pciback/pciback.h --- a/linux-2.6-xen-sparse/drivers/xen/pciback/pciback.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/pciback/pciback.h Tue Apr 25 23:35:55 2006 -0600 @@ -11,12 +11,17 @@ #include <xen/xenbus.h> #include <linux/list.h> #include <linux/spinlock.h> +#include <linux/workqueue.h> +#include <asm/atomic.h> #include <xen/interface/io/pciif.h> struct pci_dev_entry { struct list_head list; struct pci_dev *dev; }; + +#define _PDEVF_op_active (0) +#define PDEVF_op_active (1<<(_PDEVF_op_active)) struct pciback_device { void *pci_dev_data; @@ -29,7 +34,12 @@ struct pciback_device { int evtchn_irq; + struct vm_struct *sh_area; struct xen_pci_sharedinfo *sh_info; + + unsigned long flags; + + struct work_struct op_work; }; struct pciback_dev_data { @@ -70,6 +80,7 @@ void pciback_release_devices(struct pcib /* Handles events from front-end */ irqreturn_t pciback_handle_event(int irq, void *dev_id, struct pt_regs *regs); +void pciback_do_op(void *data); int pciback_xenbus_register(void); void pciback_xenbus_unregister(void); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/pciback/pciback_ops.c --- a/linux-2.6-xen-sparse/drivers/xen/pciback/pciback_ops.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/pciback/pciback_ops.c Tue Apr 25 23:35:55 2006 -0600 @@ -40,17 +40,24 @@ void pciback_reset_device(struct pci_dev pciback_config_reset(dev); } -irqreturn_t pciback_handle_event(int irq, void *dev_id, struct pt_regs *regs) +static inline void test_and_schedule_op(struct pciback_device *pdev) { - struct pciback_device *pdev = dev_id; + /* Check that frontend is requesting an operation and that we are not + * already processing a request */ + if (test_bit(_XEN_PCIF_active, (unsigned long *)&pdev->sh_info->flags) + && !test_and_set_bit(_PDEVF_op_active, &pdev->flags)) + schedule_work(&pdev->op_work); +} + +/* Performing the configuration space reads/writes must not be done in atomic + * context because some of the pci_* functions can sleep (mostly due to ACPI + * use of semaphores). This function is intended to be called from a work + * queue in process context taking a struct pciback_device as a parameter */ +void pciback_do_op(void *data) +{ + struct pciback_device *pdev = data; struct pci_dev *dev; struct xen_pci_op *op = &pdev->sh_info->op; - - if (unlikely(!test_bit(_XEN_PCIF_active, - (unsigned long *)&pdev->sh_info->flags))) { - pr_debug("pciback: interrupt, but no active operation\n"); - goto out; - } dev = pciback_get_pci_dev(pdev, op->domain, op->bus, op->devfn); @@ -65,10 +72,26 @@ irqreturn_t pciback_handle_event(int irq else op->err = XEN_PCI_ERR_not_implemented; + /* Tell the driver domain that we're done. */ wmb(); clear_bit(_XEN_PCIF_active, (unsigned long *)&pdev->sh_info->flags); notify_remote_via_irq(pdev->evtchn_irq); - out: + /* Mark that we're done. */ + smp_mb__before_clear_bit(); /* /after/ clearing PCIF_active */ + clear_bit(_PDEVF_op_active, &pdev->flags); + smp_mb__after_clear_bit(); /* /before/ final check for work */ + + /* Check to see if the driver domain tried to start another request in + * between clearing _XEN_PCIF_active and clearing _PDEVF_op_active. */ + test_and_schedule_op(pdev); +} + +irqreturn_t pciback_handle_event(int irq, void *dev_id, struct pt_regs *regs) +{ + struct pciback_device *pdev = dev_id; + + test_and_schedule_op(pdev); + return IRQ_HANDLED; } diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/pciback/xenbus.c --- a/linux-2.6-xen-sparse/drivers/xen/pciback/xenbus.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/pciback/xenbus.c Tue Apr 25 23:35:55 2006 -0600 @@ -26,10 +26,13 @@ static struct pciback_device *alloc_pdev spin_lock_init(&pdev->dev_lock); + pdev->sh_area = NULL; pdev->sh_info = NULL; pdev->evtchn_irq = INVALID_EVTCHN_IRQ; pdev->be_watching = 0; + INIT_WORK(&pdev->op_work, pciback_do_op, pdev); + if (pciback_init_devices(pdev)) { kfree(pdev); pdev = NULL; @@ -47,8 +50,13 @@ static void free_pdev(struct pciback_dev if (pdev->evtchn_irq != INVALID_EVTCHN_IRQ) unbind_from_irqhandler(pdev->evtchn_irq, pdev); + /* If the driver domain started an op, make sure we complete it or + * delete it before releasing the shared memory */ + cancel_delayed_work(&pdev->op_work); + flush_scheduled_work(); + if (pdev->sh_info) - xenbus_unmap_ring_vfree(pdev->xdev, pdev->sh_info); + xenbus_unmap_ring_vfree(pdev->xdev, pdev->sh_area); pciback_release_devices(pdev); @@ -63,15 +71,19 @@ static int pciback_do_attach(struct pcib { int err = 0; int evtchn; + struct vm_struct *area; + dev_dbg(&pdev->xdev->dev, "Attaching to frontend resources - gnt_ref=%d evtchn=%d\n", gnt_ref, remote_evtchn); - err = - xenbus_map_ring_valloc(pdev->xdev, gnt_ref, - (void **)&pdev->sh_info); - if (err) - goto out; + area = xenbus_map_ring_valloc(pdev->xdev, gnt_ref); + if (IS_ERR(area)) { + err = PTR_ERR(area); + goto out; + } + pdev->sh_area = area; + pdev->sh_info = area->addr; err = xenbus_bind_evtchn(pdev->xdev, remote_evtchn, &evtchn); if (err) diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/tpmback/common.h --- a/linux-2.6-xen-sparse/drivers/xen/tpmback/common.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/tpmback/common.h Tue Apr 25 23:35:55 2006 -0600 @@ -49,6 +49,7 @@ typedef struct tpmif_st { grant_handle_t shmem_handle; grant_ref_t shmem_ref; + struct page *pagerange; } tpmif_t; void tpmif_disconnect_complete(tpmif_t * tpmif); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/tpmback/interface.c --- a/linux-2.6-xen-sparse/drivers/xen/tpmback/interface.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/tpmback/interface.c Tue Apr 25 23:35:55 2006 -0600 @@ -22,7 +22,6 @@ LIST_HEAD(tpmif_list); static tpmif_t *alloc_tpmif(domid_t domid, long int instance) { - struct page *page; tpmif_t *tpmif; tpmif = kmem_cache_alloc(tpmif_cachep, GFP_KERNEL); @@ -35,9 +34,10 @@ static tpmif_t *alloc_tpmif(domid_t domi tpmif->tpm_instance = instance; atomic_set(&tpmif->refcnt, 1); - page = balloon_alloc_empty_page_range(TPMIF_TX_RING_SIZE); - BUG_ON(page == NULL); - tpmif->mmap_vstart = (unsigned long)pfn_to_kaddr(page_to_pfn(page)); + tpmif->pagerange = balloon_alloc_empty_page_range(TPMIF_TX_RING_SIZE); + BUG_ON(tpmif->pagerange == NULL); + tpmif->mmap_vstart = (unsigned long)pfn_to_kaddr( + page_to_pfn(tpmif->pagerange)); list_add(&tpmif->tpmif_list, &tpmif_list); num_frontends++; @@ -49,6 +49,7 @@ static void free_tpmif(tpmif_t * tpmif) { num_frontends--; list_del(&tpmif->tpmif_list); + balloon_dealloc_empty_page_range(tpmif->pagerange, TPMIF_TX_RING_SIZE); kmem_cache_free(tpmif_cachep, tpmif); } @@ -115,11 +116,11 @@ int tpmif_map(tpmif_t *tpmif, unsigned l .cmd = EVTCHNOP_bind_interdomain, .u.bind_interdomain.remote_dom = tpmif->domid, .u.bind_interdomain.remote_port = evtchn, - }; + }; - if (tpmif->irq) { - return 0; - } + if (tpmif->irq) { + return 0; + } if ((tpmif->tx_area = alloc_vm_area(PAGE_SIZE)) == NULL) return -ENOMEM; diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/tpmback/tpmback.c --- a/linux-2.6-xen-sparse/drivers/xen/tpmback/tpmback.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/tpmback/tpmback.c Tue Apr 25 23:35:55 2006 -0600 @@ -271,6 +271,7 @@ int _packet_write(struct packet *pak, struct gnttab_map_grant_ref map_op; struct gnttab_unmap_grant_ref unmap_op; tpmif_tx_request_t *tx; + unsigned long pfn, mfn, mfn_orig; tx = &tpmif->tx->ring[i].req; @@ -293,9 +294,12 @@ int _packet_write(struct packet *pak, DPRINTK(" Grant table operation failure !\n"); return 0; } - set_phys_to_machine(__pa(MMAP_VADDR(tpmif, i)) >> PAGE_SHIFT, - FOREIGN_FRAME(map_op. - dev_bus_addr >> PAGE_SHIFT)); + + pfn = __pa(MMAP_VADDR(tpmif, i)) >> PAGE_SHIFT; + mfn = FOREIGN_FRAME(map_op.dev_bus_addr >> PAGE_SHIFT); + mfn_orig = phys_to_machine_mapping[pfn]; + + set_phys_to_machine(pfn, mfn); tocopy = MIN(size - offset, PAGE_SIZE); @@ -306,6 +310,8 @@ int _packet_write(struct packet *pak, return -EFAULT; } tx->size = tocopy; + + set_phys_to_machine(pfn, mfn_orig); gnttab_set_unmap_op(&unmap_op, MMAP_VADDR(tpmif, i), GNTMAP_host_map, handle); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/tpmback/xenbus.c --- a/linux-2.6-xen-sparse/drivers/xen/tpmback/xenbus.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/tpmback/xenbus.c Tue Apr 25 23:35:55 2006 -0600 @@ -49,6 +49,8 @@ static int tpmback_remove(struct xenbus_ { struct backend_info *be = dev->data; + if (!be) return 0; + if (be->backend_watch.node) { unregister_xenbus_watch(&be->backend_watch); kfree(be->backend_watch.node); @@ -119,37 +121,9 @@ static void backend_changed(struct xenbu return; } - if (be->is_instance_set != 0 && be->instance != instance) { - printk(KERN_WARNING - "tpmback: changing instance (from %ld to %ld) " - "not allowed.\n", - be->instance, instance); - return; - } - if (be->is_instance_set == 0) { - be->tpmif = tpmif_find(dev->otherend_id, - instance); - if (IS_ERR(be->tpmif)) { - err = PTR_ERR(be->tpmif); - be->tpmif = NULL; - xenbus_dev_fatal(dev,err,"creating block interface"); - return; - } be->instance = instance; be->is_instance_set = 1; - - /* - * There's an unfortunate problem: - * Sometimes after a suspend/resume the - * state switch to XenbusStateInitialised happens - * *before* I get to this point here. Since then - * the connect_ring() must have failed (be->tpmif is - * still NULL), I just call it here again indirectly. - */ - if (be->frontend_state == XenbusStateInitialised) { - frontend_changed(dev, be->frontend_state); - } } } @@ -186,6 +160,7 @@ static void frontend_changed(struct xenb */ tpmif_vtpm_close(be->instance); device_unregister(&be->dev->dev); + tpmback_remove(dev); break; case XenbusStateUnknown: @@ -279,6 +254,18 @@ static int connect_ring(struct backend_i dev->otherend); return err; } + + if (!be->tpmif) { + be->tpmif = tpmif_find(dev->otherend_id, + be->instance); + if (IS_ERR(be->tpmif)) { + err = PTR_ERR(be->tpmif); + be->tpmif = NULL; + xenbus_dev_fatal(dev,err,"creating vtpm interface"); + return err; + } + } + if (be->tpmif != NULL) { err = tpmif_map(be->tpmif, ring_ref, evtchn); if (err) { diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_backend_client.c --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_backend_client.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_backend_client.c Tue Apr 25 23:35:55 2006 -0600 @@ -30,21 +30,20 @@ * IN THE SOFTWARE. */ +#include <linux/err.h> #include <xen/gnttab.h> #include <xen/xenbus.h> #include <xen/driver_util.h> /* Based on Rusty Russell's skeleton driver's map_page */ -int xenbus_map_ring_valloc(struct xenbus_device *dev, int gnt_ref, void **vaddr) +struct vm_struct *xenbus_map_ring_valloc(struct xenbus_device *dev, int gnt_ref) { struct gnttab_map_grant_ref op; struct vm_struct *area; - *vaddr = NULL; - area = alloc_vm_area(PAGE_SIZE); if (!area) - return -ENOMEM; + return ERR_PTR(-ENOMEM); gnttab_set_map_op(&op, (unsigned long)area->addr, GNTMAP_host_map, gnt_ref, dev->otherend_id); @@ -58,14 +57,14 @@ int xenbus_map_ring_valloc(struct xenbus xenbus_dev_fatal(dev, op.status, "mapping in shared page %d from domain %d", gnt_ref, dev->otherend_id); - return op.status; + BUG_ON(!IS_ERR(ERR_PTR(op.status))); + return ERR_PTR(op.status); } /* Stuff the handle in an unused field */ area->phys_addr = (unsigned long)op.handle; - *vaddr = area->addr; - return 0; + return area; } EXPORT_SYMBOL_GPL(xenbus_map_ring_valloc); @@ -92,31 +91,11 @@ EXPORT_SYMBOL_GPL(xenbus_map_ring); /* Based on Rusty Russell's skeleton driver's unmap_page */ -int xenbus_unmap_ring_vfree(struct xenbus_device *dev, void *vaddr) +int xenbus_unmap_ring_vfree(struct xenbus_device *dev, struct vm_struct *area) { - struct vm_struct *area; struct gnttab_unmap_grant_ref op; - /* It'd be nice if linux/vmalloc.h provided a find_vm_area(void *addr) - * method so that we don't have to muck with vmalloc internals here. - * We could force the user to hang on to their struct vm_struct from - * xenbus_map_ring_valloc, but these 6 lines considerably simplify - * this API. - */ - read_lock(&vmlist_lock); - for (area = vmlist; area != NULL; area = area->next) { - if (area->addr == vaddr) - break; - } - read_unlock(&vmlist_lock); - - if (!area) { - xenbus_dev_error(dev, -ENOENT, - "can't find mapped virtual address %p", vaddr); - return GNTST_bad_virt_addr; - } - - gnttab_set_unmap_op(&op, (unsigned long)vaddr, GNTMAP_host_map, + gnttab_set_unmap_op(&op, (unsigned long)area->addr, GNTMAP_host_map, (grant_handle_t)area->phys_addr); lock_vm_area(area); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/hypercall.h --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/hypercall.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/hypercall.h Tue Apr 25 23:35:55 2006 -0600 @@ -338,9 +338,9 @@ HYPERVISOR_callback_op( static inline int HYPERVISOR_xenoprof_op( - int op, unsigned long arg1, unsigned long arg2) -{ - return _hypercall3(int, xenoprof_op, op, arg1, arg2); + int op, void *arg) +{ + return _hypercall2(int, xenoprof_op, op, arg); } diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/processor.h --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/processor.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/processor.h Tue Apr 25 23:35:55 2006 -0600 @@ -497,13 +497,11 @@ static inline void __load_esp0(struct ts static inline void __load_esp0(struct tss_struct *tss, struct thread_struct *thread) { tss->esp0 = thread->esp0; -#ifdef CONFIG_X86_SYSENTER /* This can only happen when SEP is enabled, no need to test "SEP"arately */ if (unlikely(tss->ss1 != thread->sysenter_cs)) { tss->ss1 = thread->sysenter_cs; wrmsr(MSR_IA32_SYSENTER_CS, thread->sysenter_cs, 0); } -#endif } #define load_esp0(tss, thread) \ __load_esp0(tss, thread) diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/include/asm-i386/mach-xen/setup_arch_post.h --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/setup_arch_post.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/setup_arch_post.h Tue Apr 25 23:35:55 2006 -0600 @@ -24,6 +24,7 @@ extern void nmi(void); static void __init machine_specific_arch_setup(void) { + int ret; struct xen_platform_parameters pp; struct callback_register event = { .type = CALLBACKTYPE_event, @@ -33,7 +34,10 @@ static void __init machine_specific_arch .type = CALLBACKTYPE_failsafe, .address = { __KERNEL_CS, (unsigned long)failsafe_callback }, }; - struct xennmi_callback cb; + struct callback_register nmi_cb = { + .type = CALLBACKTYPE_nmi, + .address = { __KERNEL_CS, (unsigned long)nmi }, + }; if (xen_feature(XENFEAT_auto_translated_physmap) && xen_start_info->shared_info < xen_start_info->nr_pages) { @@ -42,11 +46,22 @@ static void __init machine_specific_arch memset(empty_zero_page, 0, sizeof(empty_zero_page)); } - HYPERVISOR_callback_op(CALLBACKOP_register, &event); - HYPERVISOR_callback_op(CALLBACKOP_register, &failsafe); + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &event); + if (ret == 0) + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &failsafe); + if (ret == -ENOSYS) + ret = HYPERVISOR_set_callbacks( + event.address.cs, event.address.eip, + failsafe.address.cs, failsafe.address.eip); + BUG_ON(ret); - cb.handler_address = (unsigned long)&nmi; - HYPERVISOR_nmi_op(XENNMI_register_callback, &cb); + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &nmi_cb); + if (ret == -ENOSYS) { + struct xennmi_callback cb; + + cb.handler_address = nmi_cb.address.eip; + HYPERVISOR_nmi_op(XENNMI_register_callback, &cb); + } if (HYPERVISOR_xen_version(XENVER_platform_parameters, &pp) == 0) diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/setup_arch_post.h --- a/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/setup_arch_post.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/setup_arch_post.h Tue Apr 25 23:35:55 2006 -0600 @@ -14,6 +14,7 @@ extern void nmi(void); static void __init machine_specific_arch_setup(void) { + int ret; struct callback_register event = { .type = CALLBACKTYPE_event, .address = (unsigned long) hypervisor_callback, @@ -27,15 +28,31 @@ static void __init machine_specific_arch .address = (unsigned long)system_call, }; #ifdef CONFIG_X86_LOCAL_APIC - struct xennmi_callback cb; + struct callback_register nmi_cb = { + .type = CALLBACKTYPE_nmi, + .address = (unsigned long)nmi, + }; #endif - HYPERVISOR_callback_op(CALLBACKOP_register, &event); - HYPERVISOR_callback_op(CALLBACKOP_register, &failsafe); - HYPERVISOR_callback_op(CALLBACKOP_register, &syscall); + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &event); + if (ret == 0) + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &failsafe); + if (ret == 0) + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &syscall); + if (ret == -ENOSYS) + ret = HYPERVISOR_set_callbacks( + event.address, + failsafe.address, + syscall.address); + BUG_ON(ret); #ifdef CONFIG_X86_LOCAL_APIC - cb.handler_address = (unsigned long)&nmi; - HYPERVISOR_nmi_op(XENNMI_register_callback, &cb); + ret = HYPERVISOR_callback_op(CALLBACKOP_register, &nmi_cb); + if (ret == -ENOSYS) { + struct xennmi_callback cb; + + cb.handler_address = nmi_cb.address; + HYPERVISOR_nmi_op(XENNMI_register_callback, &cb); + } #endif } diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/include/xen/xenbus.h --- a/linux-2.6-xen-sparse/include/xen/xenbus.h Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/include/xen/xenbus.h Tue Apr 25 23:35:55 2006 -0600 @@ -228,8 +228,8 @@ int xenbus_grant_ring(struct xenbus_devi * or -ENOMEM on error. If an error is returned, device will switch to * XenbusStateClosing and the error message will be saved in XenStore. */ -int xenbus_map_ring_valloc(struct xenbus_device *dev, - int gnt_ref, void **vaddr); +struct vm_struct *xenbus_map_ring_valloc(struct xenbus_device *dev, + int gnt_ref); int xenbus_map_ring(struct xenbus_device *dev, int gnt_ref, grant_handle_t *handle, void *vaddr); @@ -241,7 +241,7 @@ int xenbus_map_ring(struct xenbus_device * Returns 0 on success and returns GNTST_* on error * (see xen/include/interface/grant_table.h). */ -int xenbus_unmap_ring_vfree(struct xenbus_device *dev, void *vaddr); +int xenbus_unmap_ring_vfree(struct xenbus_device *dev, struct vm_struct *); int xenbus_unmap_ring(struct xenbus_device *dev, grant_handle_t handle, void *vaddr); diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/mm/memory.c --- a/linux-2.6-xen-sparse/mm/memory.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/mm/memory.c Tue Apr 25 23:35:55 2006 -0600 @@ -405,7 +405,7 @@ struct page *vm_normal_page(struct vm_ar * Remove this test eventually! */ if (unlikely(!pfn_valid(pfn))) { - if (!vma->vm_flags & VM_RESERVED) + if (!(vma->vm_flags & VM_RESERVED)) print_bad_pte(vma, pte, addr); return NULL; } diff -r 9a915e2828f3 -r ae709b250f43 linux-2.6-xen-sparse/net/core/dev.c --- a/linux-2.6-xen-sparse/net/core/dev.c Tue Apr 25 22:55:22 2006 -0600 +++ b/linux-2.6-xen-sparse/net/core/dev.c Tue Apr 25 23:35:55 2006 -0600 @@ -1220,62 +1220,15 @@ int __skb_linearize(struct sk_buff *skb, } \ } -/** - * dev_queue_xmit - transmit a buffer - * @skb: buffer to transmit - * - * Queue a buffer for transmission to a network device. The caller must - * have set the device and priority and built the buffer before calling - * this function. The function can be called from an interrupt. - * - * A negative errno code is returned on a failure. A success does not - * guarantee the frame will be transmitted as it may be dropped due - * to congestion or traffic shaping. - * - * ----------------------------------------------------------------------------------- - * I notice this method can also return errors from the queue disciplines, - * including NET_XMIT_DROP, which is a positive value. So, errors can also - * be positive. - * - * Regardless of the return value, the skb is consumed, so it is currently - * difficult to retry a send to this method. (You can bump the ref count - * before sending to hold a reference for retry if you are careful.) - * - * When calling this method, interrupts MUST be enabled. This is because - * the BH enable code must have IRQs enabled so that it will not deadlock. - * --BLG - */ - -int dev_queue_xmit(struct sk_buff *skb) -{ - struct net_device *dev = skb->dev; - struct Qdisc *q; - int rc = -ENOMEM; - - if (skb_shinfo(skb)->frag_list && - !(dev->features & NETIF_F_FRAGLIST) && - __skb_linearize(skb, GFP_ATOMIC)) - goto out_kfree_skb; - - /* Fragmented skb is linearized if device does not support SG, - * or if at least one of fragments is in highmem and device - * does not support DMA from it. - */ - if (skb_shinfo(skb)->nr_frags && - (!(dev->features & NETIF_F_SG) || illegal_highdma(dev, skb)) && - __skb_linearize(skb, GFP_ATOMIC)) - goto out_kfree_skb; - #ifdef CONFIG_XEN - /* If a checksum-deferred packet is forwarded to a device that needs a - * checksum, correct the pointers and force checksumming. - */ +inline int skb_checksum_setup(struct sk_buff *skb) +{ if (skb->proto_csum_blank) { if (skb->protocol != htons(ETH_P_IP)) - goto out_kfree_skb; + goto out; skb->h.raw = (unsigned char *)skb->nh.iph + 4*skb->nh.iph->ihl; if (skb->h.raw >= skb->tail) - goto out_kfree_skb; + goto out; switch (skb->nh.iph->protocol) { case IPPROTO_TCP: skb->csum = offsetof(struct tcphdr, check); @@ -1288,16 +1241,74 @@ int dev_queue_xmit(struct sk_buff *skb) printk(KERN_ERR "Attempting to checksum a non-" "TCP/UDP packet, dropping a protocol" " %d packet", skb->nh.iph->protocol); - rc = -EPROTO; - goto out_kfree_skb; + goto out; } if ((skb->h.raw + skb->csum + 2) > skb->tail) - goto out_kfree_skb; + goto out; skb->ip_summed = CHECKSUM_HW; skb->proto_csum_blank = 0; } + return 0; +out: + return -EPROTO; +} +#else +inline int skb_checksum_setup(struct sk_buff *skb) { return 0; } #endif + +/** + * dev_queue_xmit - transmit a buffer + * @skb: buffer to transmit + * + * Queue a buffer for transmission to a network device. The caller must + * have set the device and priority and built the buffer before calling + * this function. The function can be called from an interrupt. + * + * A negative errno code is returned on a failure. A success does not + * guarantee the frame will be transmitted as it may be dropped due + * to congestion or traffic shaping. + * + * ----------------------------------------------------------------------------------- + * I notice this method can also return errors from the queue disciplines, + * including NET_XMIT_DROP, which is a positive value. So, errors can also + * be positive. + * + * Regardless of the return value, the skb is consumed, so it is currently + * difficult to retry a send to this method. (You can bump the ref count + * before sending to hold a reference for retry if you are careful.) + * + * When calling this method, interrupts MUST be enabled. This is because + * the BH enable code must have IRQs enabled so that it will not deadlock. + * --BLG + */ + +int dev_queue_xmit(struct sk_buff *skb) +{ + struct net_device *dev = skb->dev; + struct Qdisc *q; + int rc = -ENOMEM; + + if (skb_shinfo(skb)->frag_list && + !(dev->features & NETIF_F_FRAGLIST) && + __skb_linearize(skb, GFP_ATOMIC)) + goto out_kfree_skb; + + /* Fragmented skb is linearized if device does not support SG, + * or if at least one of fragments is in highmem and device + * does not support DMA from it. + */ + if (skb_shinfo(skb)->nr_frags && + (!(dev->features & NETIF_F_SG) || illegal_highdma(dev, skb)) && + __skb_linearize(skb, GFP_ATOMIC)) + goto out_kfree_skb; + + /* If a checksum-deferred packet is forwarded to a device that needs a + * checksum, correct the pointers and force checksumming. + */ + if(skb_checksum_setup(skb)) + goto out_kfree_skb; + /* If packet is not checksummed and device does not support * checksumming for this protocol, complete checksumming here. */ @@ -3351,6 +3362,7 @@ EXPORT_SYMBOL(net_enable_timestamp); EXPORT_SYMBOL(net_enable_timestamp); EXPORT_SYMBOL(net_disable_timestamp); EXPORT_SYMBOL(dev_get_flags); +EXPORT_SYMBOL(skb_checksum_setup); #if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) EXPORT_SYMBOL(br_handle_frame_hook); diff -r 9a915e2828f3 -r ae709b250f43 patches/linux-2.6.16/net-csum.patch --- a/patches/linux-2.6.16/net-csum.patch Tue Apr 25 22:55:22 2006 -0600 +++ b/patches/linux-2.6.16/net-csum.patch Tue Apr 25 23:35:55 2006 -0600 @@ -39,3 +39,26 @@ diff -pruN ../pristine-linux-2.6.16/net/ *portptr = newport; return 1; } +diff -r 601fa226a761 net/ipv4/xfrm4_output.c +--- a/net/ipv4/xfrm4_output.c Wed Apr 19 18:52:30 2006 ++++ b/net/ipv4/xfrm4_output.c Thu Apr 20 15:49:40 2006 +@@ -16,6 +16,8 @@ + #include <net/ip.h> + #include <net/xfrm.h> + #include <net/icmp.h> ++ ++extern int skb_checksum_setup(struct sk_buff *skb); + + /* Add encapsulation header. + * +@@ -103,6 +105,10 @@ + struct xfrm_state *x = dst->xfrm; + int err; + ++ err = skb_checksum_setup(skb); ++ if (err) ++ goto error_nolock; ++ + if (skb->ip_summed == CHECKSUM_HW) { + err = skb_checksum_help(skb, 0); + if (err) diff -r 9a915e2828f3 -r ae709b250f43 tools/debugger/gdb/gdb-6.2.1-xen-sparse/gdb/gdbserver/server.c --- a/tools/debugger/gdb/gdb-6.2.1-xen-sparse/gdb/gdbserver/server.c Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/debugger/gdb/gdb-6.2.1-xen-sparse/gdb/gdbserver/server.c Tue Apr 25 23:35:55 2006 -0600 @@ -664,17 +664,13 @@ main (int argc, char *argv[]) For the traditional remote protocol close the connection, and re-open it at the top of the loop. */ - if (extended_protocol) - { - remote_close (); + detach_inferior (); + remote_close (); + if (extended_protocol) exit (0); - } - else - { + else fprintf (stderr, "Remote side has terminated connection. " "GDBserver will reopen the connection.\n"); - remote_close (); - } sigaction(SIGINT, &old_sigaction, NULL); } } diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/Makefile --- a/tools/examples/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -28,9 +28,11 @@ XEN_SCRIPTS += block-enbd block-nbd XEN_SCRIPTS += block-enbd block-nbd XEN_SCRIPTS += vtpm vtpm-delete XEN_SCRIPTS += xen-hotplug-cleanup +XEN_SCRIPTS += external-device-migrate XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh +XEN_SCRIPT_DATA += vtpm-migration.sh XEN_HOTPLUG_DIR = /etc/hotplug XEN_HOTPLUG_SCRIPTS = xen-backend.agent diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/vtpm-common.sh --- a/tools/examples/vtpm-common.sh Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/vtpm-common.sh Tue Apr 25 23:35:55 2006 -0600 @@ -46,6 +46,12 @@ if [ -z "$VTPM_IMPL_DEFINED" ]; then true } function vtpm_delete() { + true + } + function vtpm_migrate() { + echo "Error: vTPM migration accross machines not implemented." + } + function vtpm_migrate_recover() { true } fi @@ -60,7 +66,7 @@ function vtpmdb_find_instance () { function vtpmdb_find_instance () { local vmname=$1 local ret=0 - instance=`cat $VTPMDB | \ + instance=$(cat $VTPMDB | \ awk -vvmname=$vmname \ '{ \ if ( 1 != index($1,"#")) { \ @@ -69,7 +75,7 @@ function vtpmdb_find_instance () { exit; \ } \ } \ - }'` + }') if [ "$instance" != "" ]; then ret=$instance fi @@ -86,13 +92,13 @@ function vtpmdb_is_free_instancenum () { if [ $instance -eq 0 -o $instance -gt 255 ]; then avail=0 else - instances=`cat $VTPMDB | \ + instances=$(cat $VTPMDB | \ gawk \ '{ \ if (1 != index($1,"#")) { \ printf("%s ",$2); \ } \ - }'` + }') for i in $instances; do if [ $i -eq $instance ]; then avail=0 @@ -110,13 +116,13 @@ function vtpmdb_get_free_instancenum () local ctr local instances local don - instances=`cat $VTPMDB | \ + instances=$(cat $VTPMDB | \ gawk \ '{ \ if (1 != index($1,"#")) { \ printf("%s ",$2); \ } \ - }'` + }') ctr=1 don=0 while [ $don -eq 0 ]; do @@ -163,7 +169,7 @@ function vtpmdb_validate_entry () { local vmname=$1 local inst=$2 - res=`cat $VTPMDB | \ + res=$(cat $VTPMDB | \ gawk -vvmname=$vmname \ -vinst=$inst \ '{ \ @@ -179,7 +185,7 @@ function vtpmdb_validate_entry () { printf("2"); \ exit; \ } \ - }'` + }') if [ "$res" == "1" ]; then let rc=1 @@ -196,13 +202,13 @@ function vtpmdb_remove_entry () { local vmname=$1 local instance=$2 local VTPMDB_TMP="$VTPMDB".tmp - `cat $VTPMDB | \ + $(cat $VTPMDB | \ gawk -vvmname=$vmname \ '{ \ if ( $1 != vmname ) { \ print $0; \ } \ - '} > $VTPMDB_TMP` + '} > $VTPMDB_TMP) if [ -e $VTPMDB_TMP ]; then mv -f $VTPMDB_TMP $VTPMDB vtpm_delete $instance @@ -300,3 +306,62 @@ function vtpm_delete_instance () { release_lock vtpmdb } + +# Determine whether the given address is local to this machine +# Return values: +# "-1" : the given machine name is invalid +# "0" : this is not an address of this machine +# "1" : this is an address local to this machine +function isLocalAddress() { + local addr=$(ping $1 -c 1 | \ + gawk '{ print substr($3,2,length($3)-2); exit }') + if [ "$addr" == "" ]; then + echo "-1" + return + fi + local res=$(ifconfig | grep "inet addr" | \ + gawk -vaddr=$addr \ + '{ \ + if ( addr == substr($2, 6)) {\ + print "1"; \ + } \ + }' \ + ) + if [ "$res" == "" ]; then + echo "0" + return + fi + echo "1" +} + +# Perform a migration step. This function differentiates between migration +# to the local host or to a remote machine. +# Parameters: +# 1st: destination host to migrate to +# 2nd: name of the domain to migrate +# 3rd: the migration step to perform +function vtpm_migration_step() { + local instance=$(vtpmdb_find_instance $2) + if [ "$instance" == "" ]; then + echo "Error: Translation of domain name ($2) to instance failed. Check /etc/xen/vtpm.db" + log err "Error during translation of domain name" + else + res=$(isLocalAddress $1) + if [ "$res" == "0" ]; then + vtpm_migrate $1 $2 $3 + fi + fi +} + +# Recover from migration due to an error. This function differentiates +# between migration to the local host or to a remote machine. +# Parameters: +# 1st: destination host the migration was going to +# 2nd: name of the domain that was to be migrated +# 3rd: the last successful migration step that was done +function vtpm_recover() { + res=$(isLocalAddress $1) + if [ "$res" == "0" ]; then + vtpm_migrate_recover $1 $2 $3 + fi +} diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/xmexample.hvm --- a/tools/examples/xmexample.hvm Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/xmexample.hvm Tue Apr 25 23:35:55 2006 -0600 @@ -21,6 +21,10 @@ builder='hvm' builder='hvm' # Initial memory allocation (in megabytes) for the new domain. +# +# WARNING: Creating a domain with insufficient memory may cause out of +# memory errors. The domain needs enough memory to boot kernel +# and modules. Allocating less than 32MBs is not recommended. memory = 128 # A name for your domain. All domains must have different names. diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/xmexample.nbd --- a/tools/examples/xmexample.nbd Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/xmexample.nbd Tue Apr 25 23:35:55 2006 -0600 @@ -10,7 +10,12 @@ kernel = "/boot/vmlinuz-2.6.13-15b-xen" ramdisk = "/boot/initrd-2.6.13-15b-xen" + +# WARNING: Creating a domain with insufficient memory may cause out of +# memory errors. The domain needs enough memory to boot kernel +# and modules. Allocating less than 32MBs is not recommended. memory = 128 + name = "nbd4" vif = [ '' ] # Please change PORT diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/xmexample.vti --- a/tools/examples/xmexample.vti Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/xmexample.vti Tue Apr 25 23:35:55 2006 -0600 @@ -18,6 +18,10 @@ builder='hvm' builder='hvm' # Initial memory allocation (in megabytes) for the new domain. +# +# WARNING: Creating a domain with insufficient memory may cause out of +# memory errors. The domain needs enough memory to boot kernel +# and modules. Allocating less than 32MBs is not recommended. memory = 256 # A name for your domain. All domains must have different names. diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/xmexample1 --- a/tools/examples/xmexample1 Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/xmexample1 Tue Apr 25 23:35:55 2006 -0600 @@ -17,6 +17,10 @@ kernel = "/boot/vmlinuz-2.6.10-xenU" #builder='linux' # Initial memory allocation (in megabytes) for the new domain. +# +# WARNING: Creating a domain with insufficient memory may cause out of +# memory errors. The domain needs enough memory to boot kernel +# and modules. Allocating less than 32MBs is not recommended. memory = 64 # A name for your domain. All domains must have different names. diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/xmexample2 --- a/tools/examples/xmexample2 Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/xmexample2 Tue Apr 25 23:35:55 2006 -0600 @@ -45,6 +45,10 @@ kernel = "/boot/vmlinuz-2.6.10-xenU" #builder='linux' # Initial memory allocation (in megabytes) for the new domain. +# +# WARNING: Creating a domain with insufficient memory may cause out of +# memory errors. The domain needs enough memory to boot kernel +# and modules. Allocating less than 32MBs is not recommended. memory = 64 # A name for the new domain. All domains have to have different names, diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/xmexample3 --- a/tools/examples/xmexample3 Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/examples/xmexample3 Tue Apr 25 23:35:55 2006 -0600 @@ -45,6 +45,10 @@ kernel = "/path/to/domU/kernel" #builder='linux' # Initial memory allocation (in megabytes) for the new domain. +# +# WARNING: Creating a domain with insufficient memory may cause out of +# memory errors. The domain needs enough memory to boot kernel +# and modules. Allocating less than 32MBs is not recommended. memory = 64 # A name for the new domain. All domains have to have different names, diff -r 9a915e2828f3 -r ae709b250f43 tools/ioemu/hw/pc.c --- a/tools/ioemu/hw/pc.c Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/ioemu/hw/pc.c Tue Apr 25 23:35:55 2006 -0600 @@ -40,7 +40,6 @@ int dummy_refresh_clock; int dummy_refresh_clock; static fdctrl_t *floppy_controller; static RTCState *rtc_state; -static PITState *pit; static void ioport80_write(void *opaque, uint32_t addr, uint32_t data) { @@ -243,17 +242,13 @@ static void cmos_init(uint64_t ram_size, static void speaker_ioport_write(void *opaque, uint32_t addr, uint32_t val) { - speaker_data_on = (val >> 1) & 1; - pit_set_gate(pit, 2, val & 1); + fprintf(stderr, "speaker port should not be handled in DM!\n"); } static uint32_t speaker_ioport_read(void *opaque, uint32_t addr) { - int out; - out = pit_get_out(pit, 2, qemu_get_clock(vm_clock)); - dummy_refresh_clock ^= 1; - return (speaker_data_on << 1) | pit_get_gate(pit, 2) | (out << 5) | - (dummy_refresh_clock << 4); + fprintf(stderr, "speaker port should not be handled in DM!\n"); + return 0; } static void ioport92_write(void *opaque, uint32_t addr, uint32_t val) @@ -529,7 +524,6 @@ void pc_init(uint64_t ram_size, int vga_ register_ioport_write(0x92, 1, 1, ioport92_write, NULL); pic_init(); - pit = pit_init(0x40, 0); for(i = 0; i < MAX_SERIAL_PORTS; i++) { if (serial_hds[i]) { diff -r 9a915e2828f3 -r ae709b250f43 tools/ioemu/keyboard_rdesktop.c --- a/tools/ioemu/keyboard_rdesktop.c Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/ioemu/keyboard_rdesktop.c Tue Apr 25 23:35:55 2006 -0600 @@ -75,7 +75,7 @@ static kbd_layout_t* parse_keyboard_layo char* file_name=malloc(strlen(prefix)+strlen(language)+strlen(bios_dir)+1); if(!k) - k=calloc(sizeof(kbd_layout_t),1); + k=calloc(1, sizeof(kbd_layout_t)); strcpy(file_name,bios_dir); strcat(file_name,prefix); strcat(file_name,language); diff -r 9a915e2828f3 -r ae709b250f43 tools/ioemu/target-i386-dm/Makefile --- a/tools/ioemu/target-i386-dm/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/ioemu/target-i386-dm/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -277,7 +277,7 @@ endif # Hardware support VL_OBJS+= ide.o ne2000.o pckbd.o vga.o dma.o -VL_OBJS+= fdc.o mc146818rtc.o serial.o i8259_stub.o i8254.o pc.o port-e9.o +VL_OBJS+= fdc.o mc146818rtc.o serial.o i8259_stub.o pc.o port-e9.o VL_OBJS+= cirrus_vga.o pcnet.o VL_OBJS+= $(SOUND_HW) $(AUDIODRV) mixeng.o diff -r 9a915e2828f3 -r ae709b250f43 tools/libxc/xc_linux_restore.c --- a/tools/libxc/xc_linux_restore.c Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/libxc/xc_linux_restore.c Tue Apr 25 23:35:55 2006 -0600 @@ -183,9 +183,9 @@ int xc_linux_restore(int xc_handle, int /* We want zeroed memory so use calloc rather than malloc. */ - p2m = calloc(sizeof(unsigned long), max_pfn); - pfn_type = calloc(sizeof(unsigned long), max_pfn); - region_mfn = calloc(sizeof(unsigned long), MAX_BATCH_SIZE); + p2m = calloc(max_pfn, sizeof(unsigned long)); + pfn_type = calloc(max_pfn, sizeof(unsigned long)); + region_mfn = calloc(MAX_BATCH_SIZE, sizeof(unsigned long)); if ((p2m == NULL) || (pfn_type == NULL) || (region_mfn == NULL)) { ERR("memory alloc failed"); diff -r 9a915e2828f3 -r ae709b250f43 tools/pygrub/Makefile --- a/tools/pygrub/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/pygrub/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -11,7 +11,7 @@ build: .PHONY: install ifndef XEN_PYTHON_NATIVE_INSTALL install: all - CFLAGS="$(CFLAGS)" python setup.py install --home="$(DESTDIR)/usr" + CFLAGS="$(CFLAGS)" python setup.py install --home="$(DESTDIR)/usr" --prefix="" else install: all CFLAGS="$(CFLAGS)" python setup.py install --root="$(DESTDIR)" diff -r 9a915e2828f3 -r ae709b250f43 tools/python/Makefile --- a/tools/python/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -11,7 +11,7 @@ build: .PHONY: install ifndef XEN_PYTHON_NATIVE_INSTALL install: all - CFLAGS="$(CFLAGS)" python setup.py install --home="$(DESTDIR)/usr" --force + CFLAGS="$(CFLAGS)" python setup.py install --home="$(DESTDIR)/usr" --prefix="" --force else install: all CFLAGS="$(CFLAGS)" python setup.py install --root="$(DESTDIR)" --force diff -r 9a915e2828f3 -r ae709b250f43 tools/python/setup.py --- a/tools/python/setup.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/setup.py Tue Apr 25 23:35:55 2006 -0600 @@ -31,6 +31,13 @@ xs = Extension("xs", libraries = libraries, sources = [ "xen/lowlevel/xs/xs.c" ]) +acm = Extension("acm", + extra_compile_args = extra_compile_args, + include_dirs = include_dirs + [ "xen/lowlevel/acm" ], + library_dirs = library_dirs, + libraries = libraries, + sources = [ "xen/lowlevel/acm/acm.c" ]) + setup(name = 'xen', version = '3.0', description = 'Xen', @@ -50,7 +57,7 @@ setup(name = 'xen', 'xen.xm.tests' ], ext_package = "xen.lowlevel", - ext_modules = [ xc, xs ] + ext_modules = [ xc, xs, acm ] ) os.chdir('logging') diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/util/diagnose.py --- a/tools/python/xen/util/diagnose.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/util/diagnose.py Tue Apr 25 23:35:55 2006 -0600 @@ -11,10 +11,11 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# Copyright (c) 2005 XenSource Ltd +# Copyright (c) 2005-2006 XenSource Inc import re +import socket import sys from xen.xend import sxp @@ -45,7 +46,6 @@ def diagnose(dom): state = sxp.child_value(domain, 'state') domid = int(sxp.child_value(domain, 'domid')) name = sxp.child_value(domain, 'name') - dompath = '/local/domain/%d' % domid print "Domain ID is %d." % domid print "Domain name is %s." % name @@ -55,12 +55,23 @@ def diagnose(dom): if state.find('c') != -1: print "Domain has crashed." + except socket.error, exn: + print "Cannot contact Xend." - diagnose_console() - - diagnose_devices() + try: + domid = int(dom) + name = dom + except ValueError: + print \ +"Without Xend, you will have to specify the domain ID, not the domain name." + sys.exit(1) except xen.xend.XendProtocol.XendError, exn: print exn + sys.exit(1) + + dompath = '/local/domain/%d' % domid + diagnose_console() + diagnose_devices() def diagnose_console(): diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xend/XendCheckpoint.py --- a/tools/python/xen/xend/XendCheckpoint.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/xend/XendCheckpoint.py Tue Apr 25 23:35:55 2006 -0600 @@ -21,7 +21,8 @@ import balloon import balloon from XendError import XendError from XendLogging import log - +from XendDomainInfo import DEV_MIGRATE_STEP1, DEV_MIGRATE_STEP2 +from XendDomainInfo import DEV_MIGRATE_STEP3 SIGNATURE = "LinuxGuestRecord" XC_SAVE = "xc_save" @@ -65,7 +66,7 @@ def save(fd, dominfo, live, dst): dominfo.setName('migrating-' + domain_name) try: - dominfo.migrateDevices(live, dst, 1, domain_name) + dominfo.migrateDevices(live, dst, DEV_MIGRATE_STEP1, domain_name) write_exact(fd, pack("!i", len(config)), "could not write guest state file: config len") @@ -87,9 +88,11 @@ def save(fd, dominfo, live, dst): log.debug("Suspending %d ...", dominfo.getDomid()) dominfo.shutdown('suspend') dominfo.waitForShutdown() - dominfo.migrateDevices(live, dst, 2, domain_name) + dominfo.migrateDevices(live, dst, DEV_MIGRATE_STEP2, + domain_name) log.info("Domain %d suspended.", dominfo.getDomid()) - dominfo.migrateDevices(live, dst, 3, domain_name) + dominfo.migrateDevices(live, dst, DEV_MIGRATE_STEP3, + domain_name) tochild.write("done\n") tochild.flush() log.debug('Written done') diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xend/XendDomain.py --- a/tools/python/xen/xend/XendDomain.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/xend/XendDomain.py Tue Apr 25 23:35:55 2006 -0600 @@ -38,6 +38,7 @@ from xen.xend.XendLogging import log from xen.xend.XendLogging import log from xen.xend.xenstore.xstransact import xstransact from xen.xend.xenstore.xswatch import xswatch +from xen.util import security xc = xen.lowlevel.xc.xc() @@ -265,7 +266,7 @@ class XendDomain: # handling in the relocation-socket handling code (relocate.py) is # poor, so we need to log this for debugging. log.exception("Restore failed") - raise + raise XendError("Restore failed") def restore_(self, config): @@ -283,6 +284,7 @@ class XendDomain: """ self.domains_lock.acquire() try: + security.refresh_ssidref(config) dominfo = XendDomainInfo.restore(config) self._add_domain(dominfo) return dominfo diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xend/XendDomainInfo.py --- a/tools/python/xen/xend/XendDomainInfo.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/xend/XendDomainInfo.py Tue Apr 25 23:35:55 2006 -0600 @@ -33,7 +33,7 @@ import xen.lowlevel.xc import xen.lowlevel.xc from xen.util import asserts from xen.util.blkif import blkdev_uname_to_file - +from xen.util import security import balloon import image import sxp @@ -86,6 +86,12 @@ SHUTDOWN_TIMEOUT = 30.0 SHUTDOWN_TIMEOUT = 30.0 ZOMBIE_PREFIX = 'Zombie-' + +"""Constants for the different stages of ext. device migration """ +DEV_MIGRATE_TEST = 0 +DEV_MIGRATE_STEP1 = 1 +DEV_MIGRATE_STEP2 = 2 +DEV_MIGRATE_STEP3 = 3 """Minimum time between domain restarts in seconds.""" MINIMUM_RESTART_TIME = 20 @@ -120,7 +126,6 @@ VM_CONFIG_PARAMS = [ # file, so those are handled separately. ROUNDTRIPPING_CONFIG_ENTRIES = [ ('uuid', str), - ('ssidref', int), ('vcpus', int), ('vcpu_avail', int), ('cpu_weight', float), @@ -138,7 +143,6 @@ ROUNDTRIPPING_CONFIG_ENTRIES += VM_CONFI # VM_STORE_ENTRIES = [ ('uuid', str), - ('ssidref', int), ('vcpus', int), ('vcpu_avail', int), ('memory', int), @@ -291,6 +295,9 @@ def parseConfig(config): result['cpu'] = get_cfg('cpu', int) result['cpus'] = get_cfg('cpus', str) result['image'] = get_cfg('image') + tmp_security = get_cfg('security') + if tmp_security: + result['security'] = tmp_security try: if result['image']: @@ -437,7 +444,7 @@ class XendDomainInfo: self.validateInfo() self.image = None - + self.security = None self.store_port = None self.store_mfn = None self.console_port = None @@ -515,6 +522,7 @@ class XendDomainInfo: else: entries = VM_STORE_ENTRIES entries.append(('image', str)) + entries.append(('security', str)) map(lambda x, y: useIfNeeded(x[0], y), entries, self.readVMDetails(entries)) @@ -538,7 +546,6 @@ class XendDomainInfo: try: defaultInfo('name', lambda: "Domain-%d" % self.domid) - defaultInfo('ssidref', lambda: 0) defaultInfo('on_poweroff', lambda: "destroy") defaultInfo('on_reboot', lambda: "restart") defaultInfo('on_crash', lambda: "restart") @@ -565,11 +572,15 @@ class XendDomainInfo: defaultInfo('backend', lambda: []) defaultInfo('device', lambda: []) defaultInfo('image', lambda: None) + defaultInfo('security', lambda: None) self.check_name(self.info['name']) if isinstance(self.info['image'], str): self.info['image'] = sxp.from_string(self.info['image']) + + if isinstance(self.info['security'], str): + self.info['security'] = sxp.from_string(self.info['security']) if self.info['memory'] == 0: if self.infoIsSet('mem_kb'): @@ -667,6 +678,20 @@ class XendDomainInfo: if self.infoIsSet('image'): to_store['image'] = sxp.to_string(self.info['image']) + + if self.infoIsSet('security'): + security = self.info['security'] + to_store['security'] = sxp.to_string(security) + for idx in range(0, len(security)): + if security[idx][0] == 'access_control': + to_store['security/access_control'] = sxp.to_string([ security[idx][1] , security[idx][2] ]) + for aidx in range(1, len(security[idx])): + if security[idx][aidx][0] == 'label': + to_store['security/access_control/label'] = security[idx][aidx][1] + if security[idx][aidx][0] == 'policy': + to_store['security/access_control/policy'] = security[idx][aidx][1] + if security[idx][0] == 'ssidref': + to_store['security/ssidref'] = str(security[idx][1]) log.debug("Storing VM details: %s", to_store) @@ -760,9 +785,8 @@ class XendDomainInfo: self.storeVm('vcpu_avail', self.info['vcpu_avail']) self.writeDom(self.vcpuDomDetails()) - - def getSsidref(self): - return self.info['ssidref'] + def getLabel(self): + return security.get_security_info(self.info, 'label') def getMemoryTarget(self): """Get this domain's target memory size, in KB.""" @@ -954,12 +978,21 @@ class XendDomainInfo: """ log.trace("XendDomainInfo.update(%s) on domain %d", info, self.domid) - if not info: info = dom_get(self.domid) if not info: return + #manually update ssidref / security fields + if security.on() and info.has_key('ssidref'): + if (info['ssidref'] != 0) and self.info.has_key('security'): + security_field = self.info['security'] + if not security_field: + #create new security element + self.info.update({'security': [['ssidref', str(info['ssidref'])]]}) + #ssidref field not used any longer + info.pop('ssidref') + self.info.update(info) self.validateInfo() self.refreshShutdown(info) @@ -996,7 +1029,6 @@ class XendDomainInfo: s += " id=" + str(self.domid) s += " name=" + self.info['name'] s += " memory=" + str(self.info['memory']) - s += " ssidref=" + str(self.info['ssidref']) s += ">" return s @@ -1057,6 +1089,9 @@ class XendDomainInfo: if self.infoIsSet('image'): sxpr.append(['image', self.info['image']]) + + if self.infoIsSet('security'): + sxpr.append(['security', self.info['security']]) for cls in controllerClasses: for config in self.getDeviceConfigurations(cls): @@ -1159,12 +1194,11 @@ class XendDomainInfo: @raise: VmError on error """ - log.debug('XendDomainInfo.construct: %s %s', - self.domid, - self.info['ssidref']) + log.debug('XendDomainInfo.construct: %s', + self.domid) self.domid = xc.domain_create( - dom = 0, ssidref = self.info['ssidref'], + dom = 0, ssidref = security.get_security_info(self.info, 'ssidref'), handle = uuid.fromString(self.info['uuid'])) if self.domid < 0: @@ -1402,7 +1436,7 @@ class XendDomainInfo: @raise: XendError for a device that cannot be migrated """ for (n, c) in self.info['device']: - rc = self.migrateDevice(n, c, live, dst, 0) + rc = self.migrateDevice(n, c, live, dst, DEV_MIGRATE_TEST) if rc != 0: raise XendError("Device of type '%s' refuses migration." % n) diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xend/server/tpmif.py --- a/tools/python/xen/xend/server/tpmif.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/xend/server/tpmif.py Tue Apr 25 23:35:55 2006 -0600 @@ -25,6 +25,7 @@ from xen.xend.XendLogging import log from xen.xend.XendLogging import log from xen.xend.XendError import XendError from xen.xend import XendRoot +from xen.xend.XendDomainInfo import DEV_MIGRATE_TEST from xen.xend.server.DevController import DevController @@ -78,7 +79,7 @@ class TPMifController(DevController): log.info("Request to live-migrate device to %s. step=%d.", dst, step) - if step == 0: + if step == DEV_MIGRATE_TEST: """Assuming for now that everything is ok and migration with the given tool can proceed. """ @@ -90,8 +91,8 @@ class TPMifController(DevController): for line in fd.readlines(): mo = re.search('Error', line) if mo: - raise XendError("vtpm: Fatal error in migration step %d." % - step) + raise XendError("vtpm: Fatal error in migration step %d: %s" % + (step, line)) return 0 else: log.debug("External migration tool not in configuration.") diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/create.py --- a/tools/python/xen/xm/create.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/xm/create.py Tue Apr 25 23:35:55 2006 -0600 @@ -35,6 +35,7 @@ from xen.xend.XendClient import server from xen.xend.XendClient import server from xen.xend.XendBootloader import bootloader from xen.util import blkif +from xen.util import security from xen.xm.opts import * @@ -144,10 +145,6 @@ gopts.var('memory', val='MEMORY', gopts.var('memory', val='MEMORY', fn=set_int, default=128, use="Domain memory in MB.") - -gopts.var('ssidref', val='SSIDREF', - fn=set_u32, default=0, - use="Security Identifier.") gopts.var('maxmem', val='MEMORY', fn=set_int, default=None, @@ -293,6 +290,14 @@ gopts.var('vtpm', val="instance=INSTANCE number can be found in /etc/xen/vtpm.db. Use the backend in the given domain.""") +gopts.var('access_control', val="policy=POLICY,label=LABEL", + fn=append_value, default=[], + use="""Add a security label and the security policy reference that defines it. + The local ssid reference is calculated when starting/resuming the domain. At + this time, the policy is checked against the active policy as well. This way, + migrating through save/restore is covered and local labels are automatically + created correctly on the system where a domain is started / resumed.""") + gopts.var('nics', val="NUM", fn=set_int, default=-1, use="""DEPRECATED. Use empty vif entries instead. @@ -501,6 +506,43 @@ def configure_usb(config_devs, vals): for path in vals.usb: config_usb = ['usb', ['path', path]] config_devs.append(['device', config_usb]) + + +def configure_security(config, vals): + """Create the config for ACM security labels. + """ + access_control = vals.access_control + num = len(access_control) + if num == 1: + d = access_control[0] + policy = d.get('policy') + label = d.get('label') + if policy != security.active_policy: + err("Security policy (" + policy + ") incompatible with enforced policy (" + + security.active_policy + ")." ) + config_access_control = ['access_control', + ['policy', policy], + ['label', label] ] + + #ssidref cannot be specified together with access_control + if sxp.child_value(config, 'ssidref'): + err("ERROR: SSIDREF and access_control are mutually exclusive but both specified!") + #else calculate ssidre from label + ssidref = security.label2ssidref(label, policy) + if not ssidref : + err("ERROR calculating ssidref from access_control.") + security_label = ['security', [ config_access_control, ['ssidref' , ssidref ] ] ] + config.append(security_label) + elif num == 0: + if hasattr(vals, 'ssidref'): + if not security.on(): + err("ERROR: Security ssidref specified but no policy active.") + ssidref = getattr(vals, 'ssidref') + security_label = ['security', [ [ 'ssidref' , int(ssidref) ] ] ] + config.append(security_label) + elif num > 1: + err("VM config error: Multiple access_control definitions!") + def configure_vtpm(config_devs, vals): """Create the config for virtual TPM interfaces. @@ -595,9 +637,9 @@ def make_config(vals): if v: config.append([n, v]) - map(add_conf, ['name', 'memory', 'ssidref', 'maxmem', 'restart', - 'on_poweroff', 'on_reboot', 'on_crash', 'vcpus']) - + map(add_conf, ['name', 'memory', 'maxmem', 'restart', 'on_poweroff', + 'on_reboot', 'on_crash', 'vcpus']) + if vals.uuid is not None: config.append(['uuid', vals.uuid]) if vals.cpu is not None: @@ -628,6 +670,7 @@ def make_config(vals): configure_vifs(config_devs, vals) configure_usb(config_devs, vals) configure_vtpm(config_devs, vals) + configure_security(config, vals) config += config_devs return config @@ -696,6 +739,29 @@ def preprocess_vtpm(vals): vtpms.append(d) vals.vtpm = vtpms +def preprocess_access_control(vals): + if not vals.access_control: + return + access_controls = [] + num = len(vals.access_control) + if num == 1: + access_control = (vals.access_control)[0] + d = {} + a = access_control.split(',') + if len(a) > 2: + err('Too many elements in access_control specifier: ' + access_control) + for b in a: + (k, v) = b.strip().split('=', 1) + k = k.strip() + v = v.strip() + if k not in ['policy','label']: + err('Invalid access_control specifier: ' + access_control) + d[k] = v + access_controls.append(d) + vals.access_control = access_controls + elif num > 1: + err('Multiple access_control definitions.') + def preprocess_ip(vals): if vals.ip or vals.dhcp != 'off': dummy_nfs_server = '1.2.3.4' @@ -785,6 +851,7 @@ def preprocess(vals): preprocess_nfs(vals) preprocess_vnc(vals) preprocess_vtpm(vals) + preprocess_access_control(vals) def comma_sep_kv_to_dict(c): diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/main.py --- a/tools/python/xen/xm/main.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/python/xen/xm/main.py Tue Apr 25 23:35:55 2006 -0600 @@ -40,6 +40,7 @@ import console import console import xen.xend.XendClient from xen.xend.XendClient import server +from xen.util import security # getopt.gnu_getopt is better, but only exists in Python 2.3+. Use # getopt.getopt if gnu_getopt is not available. This will mean that options @@ -55,6 +56,8 @@ destroy_help = "destroy <DomId> destroy_help = "destroy <DomId> Terminate a domain immediately" help_help = "help Display this message" list_help = "list [--long] [DomId, ...] List information about domains" +list_label_help = "list [--label] [DomId, ...] List information about domains including their labels" + mem_max_help = "mem-max <DomId> <Mem> Set maximum memory reservation for a domain" mem_set_help = "mem-set <DomId> <Mem> Adjust the current memory usage for a domain" migrate_help = "migrate <DomId> <Host> Migrate a domain to another machine" @@ -114,6 +117,12 @@ vnet_create_help = "vnet-create <config> vnet_create_help = "vnet-create <config> create a vnet from a config file" vnet_delete_help = "vnet-delete <vnetid> delete a vnet" vtpm_list_help = "vtpm-list <DomId> [--long] list virtual TPM devices" +addlabel_help = "addlabel <ConfigFile> <label> Add security label to ConfigFile" +cfgbootpolicy_help = "cfgbootpolicy <policy> Add policy to boot configuration " +dumppolicy_help = "dumppolicy Print hypervisor ACM state information" +loadpolicy_help = "loadpolicy <policy> Load binary policy into hypervisor" +makepolicy_help = "makepolicy <policy> Build policy and create .bin/.map files" +labels_help = "labels [policy] [type=DOM|..] List <type> labels for (active) policy." short_command_list = [ "console", @@ -140,6 +149,7 @@ domain_commands = [ "domid", "domname", "list", + "list_label", "mem-max", "mem-set", "migrate", @@ -185,8 +195,17 @@ vnet_commands = [ "vnet-delete", ] +acm_commands = [ + "labels", + "addlabel", + "makepolicy", + "loadpolicy", + "cfgbootpolicy", + "dumppolicy" + ] + all_commands = (domain_commands + host_commands + scheduler_commands + - device_commands + vnet_commands) + device_commands + vnet_commands + acm_commands) def commandToHelp(cmd): @@ -224,6 +243,9 @@ xm full list of subcommands: Vnet commands: """ + help_spacer.join(map(commandToHelp, vnet_commands)) + """ + + Access Control commands: + """ + help_spacer.join(map(commandToHelp, acm_commands)) + """ <DomName> can be substituted for <DomId> in xm subcommands. @@ -332,8 +354,9 @@ def xm_list(args): def xm_list(args): use_long = 0 show_vcpus = 0 + show_labels = 0 try: - (options, params) = getopt.gnu_getopt(args, 'lv', ['long','vcpus']) + (options, params) = getopt.gnu_getopt(args, 'lv', ['long','vcpus','label']) except getopt.GetoptError, opterr: err(opterr) sys.exit(1) @@ -343,6 +366,8 @@ def xm_list(args): use_long = 1 if k in ['-v', '--vcpus']: show_vcpus = 1 + if k in ['--label']: + show_labels = 1 if show_vcpus: print >>sys.stderr, ( @@ -354,6 +379,8 @@ def xm_list(args): if use_long: map(PrettyPrint.prettyprint, doms) + elif show_labels: + xm_label_list(doms) else: xm_brief_list(doms) @@ -369,7 +396,7 @@ def parse_doms_info(info): 'vcpus' : get_info('online_vcpus', int, 0), 'state' : get_info('state', str, '??'), 'cpu_time' : get_info('cpu_time', float, 0), - 'ssidref' : get_info('ssidref', int, 0), + 'seclabel' : security.get_security_printlabel(info), } @@ -391,13 +418,29 @@ def xm_brief_list(doms): print 'Name ID Mem(MiB) VCPUs State Time(s)' for dom in doms: d = parse_doms_info(dom) - if (d['ssidref'] != 0): - d['ssidstr'] = (" s:%04x/p:%04x" % - ((d['ssidref'] >> 16) & 0xffff, - d['ssidref'] & 0xffff)) + print ("%(name)-32s %(dom)3d %(mem)8d %(vcpus)5d %(state)5s %(cpu_time)7.1f" % d) + + +def xm_label_list(doms): + output = [] + print 'Name ID Mem(MiB) VCPUs State Time(s) Label' + for dom in doms: + d = parse_doms_info(dom) + l = "%(name)-32s %(dom)3d %(mem)8d %(vcpus)5d %(state)5s %(cpu_time)7.1f " % d + if security.active_policy not in ['INACTIVE', 'NULL', 'DEFAULT']: + if d['seclabel']: + line = (l, d['seclabel']) + else: + line = (l, "ERROR") + elif security.active_policy in ['DEFAULT']: + line = (l, "DEFAULT") else: - d['ssidstr'] = "" - print ("%(name)-32s %(dom)3d %(mem)8d %(vcpus)5d %(state)5s %(cpu_time)7.1f%(ssidstr)s" % d) + line = (l, "INACTIVE") + output.append(line) + #sort by labels + output.sort(lambda x,y: cmp( x[1].lower(), y[1].lower())) + for l in output: + print l[0] + l[1] def xm_vcpu_list(args): @@ -1010,7 +1053,13 @@ subcommands = [ 'create', 'migrate', 'sysrq', - 'shutdown' + 'shutdown', + 'labels', + 'addlabel', + 'cfgbootpolicy', + 'makepolicy', + 'loadpolicy', + 'dumppolicy' ] for c in subcommands: diff -r 9a915e2828f3 -r ae709b250f43 tools/security/Makefile --- a/tools/security/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -30,28 +30,23 @@ OBJS_TOOL := $(patsubst %.c,%.o,$(fil OBJS_TOOL := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_TOOL))) SRCS_XML2BIN = secpol_xml2bin.c secpol_xml2bin.h OBJS_XML2BIN := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_XML2BIN))) -SRCS_GETD = get_decision.c -OBJS_GETD := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD))) ACM_INST_TOOLS = xensec_tool xensec_xml2bin xensec_gen -ACM_NOINST_TOOLS = get_decision ACM_OBJS = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD) -ACM_SCRIPTS = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh +ACM_SCRIPTS = python/xensec_tools/acm_getlabel python/xensec_tools/acm_getdecision ACM_CONFIG_DIR = /etc/xen/acm-security ACM_POLICY_DIR = $(ACM_CONFIG_DIR)/policies ACM_SCRIPT_DIR = $(ACM_CONFIG_DIR)/scripts ACM_INST_HTML = python/xensec_gen/index.html -ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi \ - python/xensec_gen/cgi-bin/policylabel.cgi +ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin ACM_SCHEMA = security_policy.xsd -ACM_EXAMPLES = null chwall ste chwall_ste +ACM_EXAMPLES = chwall ste chwall_ste ACM_POLICY_SUFFIX = security_policy.xml -ACM_LABEL_SUFFIX = security_label_template.xml ifeq ($(ACM_SECURITY),y) .PHONY: all @@ -64,10 +59,10 @@ install: all $(ACM_CONFIG_FILE) $(INSTALL_DIR) -p $(DESTDIR)$(ACM_CONFIG_DIR) $(INSTALL_DIR) -p $(DESTDIR)$(ACM_POLICY_DIR) $(INSTALL_DATA) -p policies/$(ACM_SCHEMA) $(DESTDIR)$(ACM_POLICY_DIR) + $(INSTALL_DIR) -p $(DESTDIR)$(ACM_POLICY_DIR)/example for i in $(ACM_EXAMPLES); do \ - $(INSTALL_DIR) -p $(DESTDIR)$(ACM_POLICY_DIR)/$$i; \ - $(INSTALL_DATA) -p policies/$$i/$$i-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/$$i; \ - $(INSTALL_DATA) -p policies/$$i/$$i-$(ACM_LABEL_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/$$i; \ + $(INSTALL_DIR) -p $(DESTDIR)$(ACM_POLICY_DIR)/example/$$i; \ + $(INSTALL_DATA) -p policies/example/$$i/client_v1-$(ACM_POLICY_SUFFIX) $(DESTDIR)$(ACM_POLICY_DIR)/example/$$i; \ done $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR) $(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR) @@ -99,9 +94,6 @@ xensec_xml2bin: $(OBJS_XML2BIN) xensec_xml2bin: $(OBJS_XML2BIN) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ -get_decision: $(OBJS_GETD) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ - xensec_gen: xensec_gen.py cp -f $^ $@ @@ -116,8 +108,4 @@ clean: .PHONY: mrproper mrproper: clean -.PHONY: boot_install -boot_install: install - $(ACM_SCRIPT_DIR)/updategrub.sh $(POLICY) $(KERNEL_VERSION) - -include $(PROG_DEPS) diff -r 9a915e2828f3 -r ae709b250f43 tools/security/example.txt --- a/tools/security/example.txt Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/example.txt Tue Apr 25 23:35:55 2006 -0600 @@ -3,119 +3,79 @@ # # Author: # Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx> +# 04/07/2006 update to using labels instead of ssidref # # # This file introduces into the tools to manage policies # and to label domains and resources. ## -We will show how to install and use the example chwall_ste policy. -Other policies work similarly. Feedback welcome! - - - -1. Using xensec_xml2bin to translate the chwall_ste policy: -=========================================================== - -#xensec_xml2bin chwall_ste - -Successful execution should print: - - [root@laptopxn security]# xensec_xml2bin chwall_ste - Validating label file /etc/xen/acm-security/policies/chwall_ste/chwall_ste-security_label_template.xml... - XML Schema /etc/xen/acm-security/policies/security_policy.xsd valid. - Validating policy file /etc/xen/acm-security/policies/chwall_ste/chwall_ste-security_policy.xml... - XML Schema /etc/xen/acm-security/policies/security_policy.xsd valid. - Creating ssid mappings ... - Creating label mappings ... - Max chwall labels: 7 - Max chwall-types: 4 - Max chwall-ssids: 5 - Max ste labels: 14 - Max ste-types: 6 - Max ste-ssids: 10 +We will show how to install and use the example one of the client_v1 +policies. Other policies work similarly. Feedback welcome! + + + +1. Using xm tools to translate example.chwall_ste.client_v1 policy: +=================================================================== + +#xm makepolicy example.chwall_ste.client_v1 By default, the tool looks in directory /etc/xen/acm-security/policies -for a directory that matches the policy name (i.e. chwall_ste) to find -the label and policy files. -The '-d' option can be used to override the /etc/xen/acm-security/policies -directory, for example if running the tool in the Xen security tool build -directory. +for a directory that matches the policy name +(here:example/chwall_ste/client_v1-security_policy.xml) to find the +policy files. The '-d' option can be used to override the default +/etc/xen/acm-security/policies policy-root directory. The default policy directory structure under /etc/xen/acm-security (and the Xen security tool build directory - tools/security) looks like: policies |-- security_policy.xsd -|-- chwall -| |-- chwall-security_label_template.xml -| `-- chwall-security_policy.xml -|-- chwall_ste -| |-- chwall_ste-security_label_template.xml -| `-- chwall_ste-security_policy.xml -|-- null -| |-- null-security_label_template.xml -| `-- null-security_policy.xml -`-- ste - |-- ste-security_label_template.xml - `-- ste-security_policy.xml - -The security_policy.xsd file contains the schema against which both the -label-template and the policy files must validate during translation. - -The files ending in -security_policy.xml define the policies and the -types known to the policies. - -The files ending in -security_label_template.xml contain the label -definitions that group types together and make them easier to use for -users. - -After executing the above xensec_xml2bin command, you will find 2 new -files in the /etc/xen/acm-security/policies/chwall_ste sub-directory: - - chwall_ste.map ... this file includes the mapping +|-- example + |-- chwall + | |-- client_v1-security_policy.xml + | + |-- chwall_ste + | |-- client_v1-security_policy.xml + | + |-- ste + |-- client_v1-security_policy.xml + +The security_policy.xsd file contains the schema against which the +policy files must validate during translation. + +The policy files, ending in -security_policy.xml, define the policies, +the types known to the policies, and the label definitions that group +types together and make them easier to use for users. + +After executing the above 'xm makepolicy' command, you will find 2 new +files in the /etc/xen/acm-security/policies/example/chwall_ste +sub-directory: + + client_v1.map ... this file includes the mapping of names from the xml files into their binary code representation. - chwall_ste.bin ... this is the binary policy file, - the result of parsing the xml files and using the mapping to extract a - binary version that can be loaded into the hypervisor. + client_v1.bin ... this is the binary policy file, the result of + parsing the xml files and using the mapping to create a binary + version that can be loaded into the hypervisor. 2. Loading and activating the policy: ===================================== -We assume that xen is already configured to use the chwall_ste policy; +We assume that xen is already configured for security; please refer to install.txt for instructions. -To activate the policy from the command line (assuming that the -currently established policy is the minimal boot-policy that is -hard-coded into the hypervisor): - -# xensec_tool loadpolicy /etc/xen/acm-security/policies/chwall_ste/chwall_ste.bin - -To activate the policy at next reboot: - -# cp /etc/xen/acm-security/policies/chwall_ste/chwall_ste.bin /boot - -Add a module line to your /boot/grub/grub.conf Xen entry. -My boot entry with chwall_ste enabled looks like this: - - title Xen (2.6.12) - root (hd0,5) - kernel /boot/xen.gz dom0_mem=1200000 console=vga - module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb - module /boot/initrd-2.6.12-xen0.img - module /boot/chwall_ste.bin - -This tells the grub boot-loader to load the binary policy, which -the hypervisor will recognize. The hypervisor will then establish -this binary policy during boot instead of the minimal policy that -is hardcoded as default. - -If you have any trouble here, maks sure you have the access control -framework enabled (see: install.txt). - +To activate the policy from the command line: + +# xm loadpolicy example.chwall_ste.client_v1 + +See install.txt for how to install a policy at boot time. This the +recommended default. You can only load a policy if the currently +enforced policy is "DEFAULT", a minimal startup policy, or if the +currently enforced policy has the same name as the new one. Support +for dynamic policy changes at run-time are a current working item. 3. Labeling domains: @@ -127,156 +87,143 @@ The chwall_ste-security_label_template.x "bootstrap", which is set to the label name that will be assigned to Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0). -b) Labeling User Domains: - -Use the script tools/security/setlabel.sh to choose a label and to -assign labels to user domains. - -To show available labels for the chwall_ste policy: - -# /etc/xen/acm-security/scripts/setlabel.sh -l - -lists all available labels. For the default chwall_ste it should print -the following: - - [root@laptopxn security]# /etc/xen/acm-security/scripts/setlabel.sh -l chwall_ste - The following labels are available: - dom_SystemManagement - dom_HomeBanking - dom_Fun - dom_BoincClient - dom_StorageDomain - dom_NetworkDomain - -You need to have compiled the policy beforehand so that a .map file -exists. Setlabel.sh uses the mapping file created throughout the -policy translation to translate a user-friendly label string into a -ssidref-number that is eventually used by the Xen hypervisor. +b) Labeling User Domains (domains started from dom0 using xm commands): We distinguish two kinds of labels: a) VM labels (for domains) and RES -Labels (for resources). We are currently working on support for -resource labeling but will focus here on VM labels. - -Setlabel.sh only prints VM labels (which we have prefixed with "dom_") -since only those are used at this time. - -If you would like to assign the dom_HomeBanking label to one of your -user domains (which you hopefully keep clean), look at the hypothetical -domain configuration contained in /etc/xen/homebanking.xm: - - #------HOMEBANKING--------- - kernel = "/boot/vmlinuz-2.6.12-xenU" +Labels (for resources). We focus here on VM labels. Resource labels +will be supported later. + +To list all available domain labels of a policy, use: + #xm labels example.chwall_ste.client_v1 + +To list all available labels including resource labels (their support +is current work), use: + + #xm labels example.chwall_ste.client_v1 type=any + +The policy parameter is optional. The currently enforced hypervisor +policy is used by default. + +If you would like to assign the dom_HomeBanking label to one of your user domains, +look at the hypothetical domain configuration contained in /etc/xen/homebanking.xm: + + #------FOR HOME/ONLINE BANKING--------- + kernel = "/boot/vmlinuz-2.6.16-xen" ramdisk="/boot/U1_ramdisk.img" - memory = 65 - name = "test34" - cpu = -1 # leave to Xen to pick - # Number of network interfaces. Default is 1. - nics=1 - dhcp="dhcp" + memory = 164 + name = "homebanking" + vif=[''] + dhcp = "dhcp" #------------------------- -Now we label this domain - -[root@laptopxn security]# /etc/xen/acm-securit/scripts/setlabel.sh /etc/xen/homebanking.xm dom_HomeBanking chwall_ste -Mapped label 'dom_HomeBanking' to ssidref '0x00020002'. - -The domain configuration my look now like: - - [root@laptopxn security]# cat homebanking.xm - #------HOMEBANKING--------- - kernel = "/boot/vmlinuz-2.6.12-xenU" +Now we label this domain (policy name is optional, see above): + + # xm addlabel homebanking.xm dom_HomeBanking example.chwall_ste.client_v1 + +The domain configuration should look now like: + + # cat homebanking.xm + #------FOR HOME/ONLINE BANKING--------- + kernel = "/boot/vmlinuz-2.6.16-xen" ramdisk="/boot/U1_ramdisk.img" - memory = 65 - name = "test34" - cpu = -1 # leave to Xen to pick - # Number of network interfaces. Default is 1. - nics=1 - dhcp="dhcp" - #------------------------- - #ACM_POLICY=chwall_ste-security_policy.xml - #ACM_LABEL=dom_HomeBanking - ssidref = 0x00020002 - -You can see 3 new entries, two of which are comments. The only value -that the hypervisor cares about is the ssidref that will reference -those types assigned to this label. You can look them up in the -xml label-template file for the chwall_ste policy. - -This script will eventually move into the domain management and will -be called when the domain is instantiated. For now, the setlabel -script must be run on domains whenever the policy files change since -the mapping between label names and ssidrefs can change in this case. + memory = 164 + name = "homebanking" + vif=[''] + dhcp = "dhcp" + access_control = ['policy=example.chwall_ste.client_v1, label=dom_HomeBanking'] + +You can see the access_control line that was added to the +configuration. This label will be translated into a local ssidref when +a domain is created or resumed (also after migration and +live-migration). The ssidref is a local security reference that is +used inside the hypervisor instead of the security label for +efficiency reasons. Since the same label can be mapped onto different +ssidrefs in different policy translations (e.g., if the position of +the label definition is changed in the policy file) or on different +systems, the ssidref is re-calculated from the label each time a +domain is instantiated or re-instantiated. + +Currently, the labels are not held in the hypervisor but only in +.map files in the /etc/xen/acm-security/policies subdirectories. Only +ssidrefs are known inside the hypervisr. This of course can change in +the future. 4. Starting a labeled domain ============================ Now, start the domain: - #xm create -c homebanking.xm - - -If you label another domain configuration as dom_Fun and try to start -it afterwards, its start will fail. Why? - -Because the running homebanking domain has the chinese wall type -"cw_Sensitive". The new domain dom_Fun has the chinese wall label -"cw_Distrusted". This domain is not allowed to run simultaneously -because of the defined conflict set + + #xm create homebanking.xm + Using config file "homebanking.xm". + Started domain fun + + +[root@941e-4 VMconfigs]# xm list --label + +Name ID Mem(MiB) VCPUs State Time(s) Label +fun 1 64 1 -b---- 5.9 dom_HomeBanking +Domain-0 0 1954 1 r----- 1321.4 dom_SystemManagement + + + +If you label another domain configuration as dom_Fun and if +you try to start it afterwards, this create will fail. + +Why? -- Because the running 'homebanking' domain has the chinese +wall type "cw_Sensitive". The new domain 'fun' has the chinese wall +label "cw_Distrusted". These domains are not allowed to run simultaneously +on the same system because of the defined conflict set <conflictset name="Protection1"> <type>cw_Sensitive</type> <type>cw_Distrusted</type> </conflictset> -(in chwall_ste-security_policy.xml), which says that only one of the +(in client_v1-security_policy.xml), which says that only one of the types cw_Sensitive and cw_Distrusted can run at a time. -If you save or shutdown the HomeBanking domain, you will be able to -start the "Fun" domain. You can look into the Xen log to see if a +If you save or shutdown the 'homebanking' domain, you will be able to +start the 'fun' domain. You can look into the Xen log to see if a domain was denied to start because of the access control framework with the command 'xm dmesg'. It is important (and usually non-trivial) to define the labels in a way that the semantics of the labels are enforced and supported by the -types and the conflict sets. +types and the conflict sets. Usually, a workload abstraction seems +helpful on the hypervisor level. Note: While the chinese wall policy enforcement is complete, the type -enforcement is currently enforced in the Xen hypervisor +enforcement is currently enforced inside the Xen hypervisor only. Therefore, only point-to-point sharing with regard to the type -enforcement is currently controlled. We are working on enhancements to -Dom0 that enforce types also for network traffic that is routed -through Dom0 and on the enforcement of resource labeling when binding -resources to domains (e.g., enforcing types between domains and -hardware resources, such as disk partitions). - - -4. Adding your own policies +enforcement is currently controlled. Enforcing the STE policy while +sharing virtual resources is ongoing work and assumed to be complete +by year end as well as enforcing the STE policy for network traffic +routed through dom0. + + +5. Adding your own policies =========================== -Writing your own policy (e.g. "mypolicy") requires the following: - -a) the policy definition (types etc.) file -b) the label template definition (labels etc.) file - -If your policy name is "mypolicy", you need to create a -subdirectory mypolicy in /etc/xen/acm-security/policies. - -Then you create -/etc/xen/acm-security/policies/mypolicy/mypolicy-security_policy.xml and -/etc/xen/acm-security/policies/mypolicy/mypolicy-security_label_template.xml. +Writing your own policy (e.g. "mypolicy.chwall.test") requires the policy +definition (types etc.) and the label definitions. Any policy name +must have chwall, ste, or chwall_ste in its name. This is used by the +configuration tool to identify existing binary policy entries in the +boot configuration file (menu.lst, grub.con). This part should, of +course, be consistent with policy type that is defined. + +First, you create +/etc/xen/acm-security/policies/mypolicy/chwall/test-security_policy.xml. You need to keep to the schema as defined in -/etc/xen/acm-security/security_policy.xsd since the translation tool -xensec_xml2bin is written against this schema. - -If you keep to the security policy schema, then you can use all the -tools described above. Refer to install.txt to install it. +/etc/xen/acm-security/security_policy.xsd since the translation tools +are written against this schema. You can hand-edit the xml files to create your policy or you can use the xensec_gen utility. -5. Generating policy files using xensec_gen: +6. Generating policy files using xensec_gen: ============================================ The xensec_gen utility starts a web-server that can be used to generate the @@ -290,25 +237,28 @@ Once the xensec_gen utility is running, Once the xensec_gen utility is running, point a browser at the host and port on which the utility is running (e.g. http://localhost:7777/). You will be presented with a web page that allows you to create or modify the XML policy -files: - - - The Security Policy section allows you to create or modify a policy - definition file +file: + + - The Security Policy types section allows you to create or modify + the policy types and conflict set definitions - The Security Policy Labeling section allows you to create or modify a - label template definition file - - Security Policy: - ---------------- - The Security Policy section allows you to modify an existing policy definition - file or create a new policy definition file. To modify an existing policy - definition, enter the full path to the existing file (the "Browse" button can - be used to aid in this) in the Policy File entry field. To create a new - policy definition file leave the Policy File entry field blank. At this point - click the "Create" button to begin modifying or creating your policy definition. - - You will then be presented with a web page that will allow you to create either - Simple Type Enforcement types or Chinese Wall types or both. + label definitions + +The policy generation tool allows you to modify an existing policy +definition or create a new policy definition file. To modify an +existing policy definition, enter the full path to the existing file +(the "Browse" button can be used to aid in this) in the Policy File +entry field. To create a new policy definition file leave the Policy +File entry field blank. At this point click the "Create" button to +begin modifying or creating your policy definition. + + Security Policy Types Section + ----------------------------- + +You will then be presented with a web page. The upper part of it will +allow you to create either Simple Type Enforcement types or Chinese +Wall types or both, as well as Chinese Wall conflict type sets. As an example: - To add a Simple Type Enforcement type: @@ -326,32 +276,13 @@ files: Wall Conflict Set will allow you to add Chinese Wall types from the list of defined Chinese Wall types. - To create your policy definition file, click on the "Generate XML" button on - the top of the page. This will present you with a dialog box to save the - generated XML file on your system. The default name will be security_policy.xml - which you should change to follow the policy file naming conventions based on - the policy name that you choose to use. - - To get a feel for the tool, you could use one of the example policy definition - files from /etc/xen/acm-security/policies as input. - - Security Policy Labeling: ------------------------- - The Security Policy Labeling section allows you to modify an existing label - template definition file or create a new label template definition file. To - modify an existing label template definition, enter the full path to the - existing file (the "Browse" button can be used to aid in this) in the Policy - Labeling File entry field. Whether creating a new label template definition - file or modifying an existing one, you will need to specify the policy - definition file that is or will be associated with this label template - definition file. At this point click the "Create" button to begin modifying - or creating your label template definition file. - - You will then be presented with a web page that will allow you to create labels - for classes of virtual machines. The input policy definition file will provide - the available types (Simple Type Enforcement and/or Chinese Wall) that can be - assigned to a virtual machine class. + + The security policy label section of the web page allows you to create labels + for classes of virtual machines. The input policy type definitions on the upper + part of the web page will provide the available types (Simple Type Enforcement + and/or Chinese Wall) that can be assigned to a virtual machine class. As an example: - To add a Virtual Machine class (the name entered will become the label @@ -372,11 +303,74 @@ files: bootstrap domain (or Dom0 domain). By default, the first Virtual Machine class created will be associated as the bootstrap domain. - To create your label template definition file, click on the "Generate XML" button + To save your policy definition file, click on the "Generate XML" button on the top of the page. This will present you with a dialog box to save the generated XML file on your system. The default name will be - security_label_template.xml which you should change to follow the policy file + security_policy.xml which you should change to follow the policy file naming conventions based on the policy name that you choose to use. - To get a feel for the tool, you could use one of the example policy definition - and label template definition files from /etc/xen/acm-security/policies as input. + To get a feel for the tool, you could use one of the example policy definitions + files from /etc/xen/acm-security/policies/example as input. + + +7. Hypervisor - OS Security Interface +===================================== + +We currently provide 2 hypercalls through which user operating systems +can interact with the hypervisor Access Control Module. Examples of +using them are under "xen_root"/tools/security/python/xensec_tools: + + +I) acm_getdecision -i domainid -l labelname + Call this example script without arguments to show its usage + information. + + This script enables a domain to retrieve an access control decision + regarding the STE policy from the hypervisor. It will be used to + control access to virtual/real resources in hosting domains. + + The script can be provided with any combination of domain ids or + labelnames. Before calling into the hypervisor, labels are translated + into ssidrefs. The hypervisor then retrieves for any domain id + paramter the ssidref before deciding access. + + Example: + #/etc/xen/acm-security/scripts/acm_getdecision -l dom_Fun + -l dom_SystemManagement + PERMITTED + + #/etc/xen/acm-security/scripts/acm_getdecision -i 0 -i 1 + PERMITTED + + #/etc/xen/acm-security/scripts/acm_getdecision -i 0 -l dom_Fun + PERMITTED + + #/etc/xen/acm-security/scripts/acm_getdecision -i 0 -l no_label + ACMError: Label 'nolabel' not found. + + Now, assume domain 123454 does not exist: + #/etc/xen/acm-security/scripts/acm_getdecision -i 123454 -l dom_Fun + ACMError: Cannot determine decision (Invalid parameter). + + Return values: + * DENIED: access is denied based on the current hypervisor + policy + + * PERMITTED: access is permitted based on the current + + * Exception ACMError: one of the parameters was illegal, + i.e. an unknown label or a + non-existing domain id + +I) acm_getlabel -i domainid + Retrieves the label of a runing domain. This function can be used + by domains to determine their own label or (if authorized) the label + other domains. + + Example (result is broken up into different lines to simplify description): + # /etc/xen/acm-security/scripts/acm_getlabel -i 0 + ('example.chwall.client_v1', <--- policy describing labels etc. + 'dom_SystemManagement', <--- label name of the domain + 'CHINESE WALL', <--- policy type + 65537) <--- hypervisor internal ssidref + diff -r 9a915e2828f3 -r ae709b250f43 tools/security/install.txt --- a/tools/security/install.txt Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/install.txt Tue Apr 25 23:35:55 2006 -0600 @@ -3,10 +3,11 @@ # # Author: # Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx> +# 03/18/2006 update: new labeling # # # This file shows how to activate and install the access control -# framework. +# framework for Xen. ## @@ -20,43 +21,54 @@ below to activate the Chinese Wall OR th below to activate the Chinese Wall OR the Type Enforcement policy exclusively (chwall_ste --> {chwall, ste}). +0. build and install the xm man page. It includes the description of + available management commands for the security policy for Xen and + the labeling of domains. If not installed by default, you can make + and install the xm man page as follows: + # cd "xen_root"/doc + # make install + Then, use man xm to read it: + # man xm + 1. enable access control in Xen # cd "xen_root" # edit/xemacs/vi Config.mk change the lines: ACM_SECURITY ?= n - ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY - to: ACM_SECURITY ?= y + + Now the hypervisor will boot into the policy that is specified + in the grub configuration. If you would like to boot into a + specific policy (even if you can't specify a boot policy but + need to set the policy later using the 'xensec_tool + loadpolicy'), then use the other config parameter to change + from NULL to any other default policy, e.g.: ACM_DEFAULT_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY - # make all + # make dist # ./install.sh -2. compile the policy from xml to a binary format that can be loaded - into the hypervisor for enforcement +2. Build acm and policy tools and create boot-able policy: # cd tools/security - # make + # make install - manual steps (alternative to make boot_install): - # ./xensec_xml2bin -d policies/ chwall_ste - # cp policies/chwall_ste/chwall_ste.bin /boot - # edit /boot/grub/grub.conf - add the follwoing line to your xen boot entry: - "module /boot/chwall_ste.bin" + For description of the following commands, please see the xm + man page (docs/man1/xm.1). If it is not built, then you can + create it manually: cd "xen_root"/docs; make; man man1/xm.1 - alternatively, you can try our automatic translation and - installation of the policy: - # make boot_install + Step1: Building binary version of an example policy: + # xm makepolicy example.chwall_ste.client_v1 + # xm cfgbootpolicy example.chwall_ste.client_v1 - [we try hard to do the right thing to the right boot entry but - please verify boot entry in /boot/grub/grub.conf afterwards; - your xen boot entry should have an additional module line - specifying a chwall_ste.bin file with the correct directory - (e.g. "/" or "/boot").] - + Please verify boot entry in /boot/grub/grub.conf (or menu.lst): + title Xen (2.6.16) + root (hd0,0) + kernel /xen.gz dom0_mem=2000000 console=vga + module /vmlinuz-2.6.16-xen ro root=/dev/VolGroup00/LogVol00 rhgb + module /initrd-2.6.165-xen-U.img + module /example.chwall_ste.client_v1.bin 3. reboot into the newly compiled hypervisor @@ -64,6 +76,12 @@ 3. reboot into the newly compiled hyperv # xm dmesg should show an entry about the policy being loaded during the boot process - # xensec_tool getpolicy - should print the new chwall_ste binary policy representation + # xm dumppolicy + should print the new binary policy representation + including the policy name example.chwall_ste.client_v1 + # xm list --label + should show security label names behind the running domains + +For more information about how to use the security-enabled Xen, see +the examples.txt file in this directory. diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/security_policy.xsd --- a/tools/security/policies/security_policy.xsd Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/policies/security_policy.xsd Tue Apr 25 23:35:55 2006 -0600 @@ -1,22 +1,50 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com --> <!-- This file defines the schema, which is used to define --> -<!-- the security policy and the security labels in Xe. --> +<!-- the security policy and the security labels in Xen. --> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"; targetNamespace="http://www.ibm.com"; xmlns="http://www.ibm.com"; elementFormDefault="qualified"> <xsd:element name="SecurityPolicyDefinition"> <xsd:complexType> <xsd:sequence> - <xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element> + <xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element> <xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element> <xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element> + <xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element> </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="PolicyHeader"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element> + <xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> + <xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" /> + <xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> + <xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="ChineseWall"> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" /> + <xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" /> + </xsd:sequence> + <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> + </xsd:complexType> + </xsd:element> + <xsd:element name="SimpleTypeEnforcement"> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="SimpleTypeEnforcementTypes" /> + </xsd:sequence> + <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> </xsd:complexType> </xsd:element> <xsd:element name="SecurityLabelTemplate"> <xsd:complexType> <xsd:sequence> - <xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element> <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:sequence> @@ -33,40 +61,6 @@ </xsd:complexType> </xsd:element> </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="PolicyHeader"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="Name" minOccurs="1" maxOccurs="1" /> - <xsd:element ref="Date" minOccurs="1" maxOccurs="1" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="LabelHeader"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="Name"></xsd:element> - <xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element> - <xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="SimpleTypeEnforcement"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="SimpleTypeEnforcementTypes" /> - </xsd:sequence> - <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> - </xsd:complexType> - </xsd:element> - <xsd:element name="ChineseWall"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="ChineseWallTypes" /> - <xsd:element ref="ConflictSets" /> - </xsd:sequence> - <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute> </xsd:complexType> </xsd:element> <xsd:element name="ChineseWallTypes"> @@ -115,24 +109,11 @@ </xsd:sequence> </xsd:complexType> </xsd:element> - <xsd:element name="PolicyName"> - <xsd:complexType> - <xsd:sequence> - <xsd:element ref="Url" /> - <xsd:element ref="Reference" /> - </xsd:sequence> - </xsd:complexType> - </xsd:element> - <xsd:element name="Date" type="xsd:string" /> <xsd:element name="Name" type="xsd:string" /> <xsd:element name="Type" type="xsd:string" /> - <xsd:element name="Reference" type="xsd:string" /> - <xsd:element name="Url"></xsd:element> - <xsd:simpleType name="PolicyOrder"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration> </xsd:restriction> </xsd:simpleType> - </xsd:schema> diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policy.txt --- a/tools/security/policy.txt Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/policy.txt Tue Apr 25 23:35:55 2006 -0600 @@ -59,22 +59,34 @@ configuration (see i. and ii.) if the op configuration (see i. and ii.) if the operation proceeds of if the operation is aborted (denied). - In general, security policy instantiations in the Xen access control -framework are defined by two files: - -a) a single "policy-name"-security_policy.xml file that defines the -types known to the ACM and policy rules based on these types - -b) a single "policy-name"-security_label_template.xml file that -defines labels based on known types - -Every security policy has its own sub-directory under -"Xen-root"/tools/security/policies in order to simplify their -management and the security policy tools. We will describe those files -for our example policy (Chinese Wall and Simple Type Enforcement) in -more detail as we go along. Eventually, we will move towards a system -installation where the policies will reside under /etc. +framework are defined by XML policy files. Each security policy has +exactly one file including all the information the hypervisor needs to +enforce the policy. + +The name of a policy is unique and consists of a colon-separated list +of names, which can be translated into the location (subtree) where +this policy must be located. The last part of the name is the file +name pre-fix for the policy xml file. The preceding name parts are +translated into the local path relative to the global policy root +(/etc/xen/acm-security/policies) pointing to the policy xml file. For +example: example.chwall_ste.client_v1 denotes the policy file +example/chwall_ste/client_v1-security_policy.xml relative to the +global policy root directory. + +Every security policy has its own sub-directory under the global +policy root directory /etc/xen/acm-security/policies, which is +installed during the Xen installation or can be manually installed +(when switching from a "security disabled" Xen to a "security enabled" +Xen AFTER configuring security, see install.txt) by the command +sequence: + + cd "Xen-root"/tools/security/policies; make install + +We will describe those files for our example policy (Chinese Wall and +Simple Type Enforcement) in more detail as we go along. Eventually, we +will move towards a system installation where the policies will reside +under /etc. CHINESE WALL @@ -117,9 +129,9 @@ Example of a Chinese Wall Policy Instant Example of a Chinese Wall Policy Instantiation ---------------------------------------------- -The file chwall-security_policy.xml defines the Chinese Wall types as -well as the conflict sets for our example policy (you find it in the -directory "xen_root"/tools/security/policies/chwall). +The file client_v1-security_policy.xml defines the Chinese Wall types +as well as the conflict sets for our example policy (you find it in +the directory "policy_root"/example/chwall). It defines four Chinese Wall types (prefixed with cw_) with the following meaning: @@ -168,11 +180,11 @@ SIMPLE TYPE ENFORCEMENT SIMPLE TYPE ENFORCEMENT ======================= -The file ste-security_policy.xml defines the simple type enforcement -types for our example policy (you find it in the directory -"xen_root"/tools/security/policies/ste). The Simple Type Enforcement -policy defines which domains can share information with which other -domains. To this end, it controls +The file client_v1-security_policy.xml defines the simple type +enforcement types for our example policy (you find it in the directory +"policy_root"/example/ste). The Simple Type Enforcement policy defines +which domains can share information with which other domains. To this +end, it controls i) inter-domain communication channels (e.g., network traffic, events, and shared memory). diff -r 9a915e2828f3 -r ae709b250f43 tools/security/python/xensec_gen/cgi-bin/policy.cgi --- a/tools/security/python/xensec_gen/cgi-bin/policy.cgi Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi Tue Apr 25 23:35:55 2006 -0600 @@ -2,7 +2,7 @@ # # The Initial Developer of the Original Code is International # Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005 International Business +# Corporation are Copyright (C) 2005, 2006 International Business # Machines Corporation. All Rights Reserved. # # This program is free software; you can redistribute it and/or modify @@ -31,9 +31,9 @@ from sets import Set from sets import Set def getSavedData( ): - global formData, policyXml, formVariables, formCSNames - global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd - global allCSMTypes + global formData, policyXml + global formVariables, formCSNames, formVmNames, formResNames + global allCSMTypes, allVmChWs, allVmStes, allResStes # Process the XML upload policy file if formData.has_key( 'i_policy' ): @@ -64,6 +64,46 @@ def getSavedData( ): if len( dataList ) > 0: exec 'allCSMTypes[csName][1] = ' + dataList[0] + # The form can contain any number of "Virtual Machines" + # so update the list of form variables to include + # each virtual machine (hidden input variable) + for vmName in formVmNames[1]: + newVm( vmName ) + + vmFormVar = allVmChWs[vmName] + if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): + dataList = formData.getlist( vmFormVar[2] ) + if len( dataList ) > 0: + if isinstance( vmFormVar[1], list ): + exec 'vmFormVar[1] = ' + dataList[0] + else: + vmFormVar[1] = dataList[0] + + vmFormVar = allVmStes[vmName] + if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): + dataList = formData.getlist( vmFormVar[2] ) + if len( dataList ) > 0: + if isinstance( vmFormVar[1], list ): + exec 'vmFormVar[1] = ' + dataList[0] + else: + vmFormVar[1] = dataList[0] + + # The form can contain any number of "Resources" + # so update the list of form variables to include + # each resource (hidden input variable) + for resName in formResNames[1]: + newRes( resName ) + + resFormVar = allResStes[resName] + if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ): + dataList = formData.getlist( resFormVar[2] ) + if len( dataList ) > 0: + if isinstance( resFormVar[1], list ): + exec 'resFormVar[1] = ' + dataList[0] + else: + resFormVar[1] = dataList[0] + + def getCurrentTime( ): return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) ) @@ -77,14 +117,49 @@ def getName( domNode ): for childNode in nameNodes[0].childNodes: if childNode.nodeType == xml.dom.Node.TEXT_NODE: name = name + childNode.data - return name + +def getPolicyName( domNode ): + nameNodes = domNode.getElementsByTagName( 'PolicyName' ) + if len( nameNodes ) == 0: + formatXmlError( '"<PolicyName>" tag is missing' ) + return None + + name = '' + for childNode in nameNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + name = name + childNode.data + + return name + +def getUrl( domNode ): + urlNodes = domNode.getElementsByTagName( 'PolicyUrl' ) + if len( urlNodes ) == 0: + return '' + + url = '' + for childNode in urlNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + url = url + childNode.data + + return url + +def getRef( domNode ): + refNodes = domNode.getElementsByTagName( 'Reference' ) + if len( refNodes ) == 0: + return '' + + ref = '' + for childNode in refNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + ref = ref + childNode.data + + return ref def getDate( domNode ): dateNodes = domNode.getElementsByTagName( 'Date' ) if len( dateNodes ) == 0: - formatXmlError( '"<Date>" tag is missing' ) - return None + return '' date = '' for childNode in dateNodes[0].childNodes: @@ -92,6 +167,18 @@ def getDate( domNode ): date = date + childNode.data return date + +def getNSUrl( domNode ): + urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' ) + if len( urlNodes ) == 0: + return '' + + url = '' + for childNode in urlNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + url = url + childNode.data + + return url def getSteTypes( domNode, missingIsError = 0 ): steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' ) @@ -170,9 +257,7 @@ def formatXmlGenError( msg ): xmlMessages.append( cgi.escape( msg ) ) def parseXml( xmlInput ): - global xmlMessages, xmlError, xmlLine, xmlColumn - - xmlParser = xml.sax.make_parser( ) + xmlParser = xml.sax.make_parser( ) try: domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser ) @@ -198,14 +283,16 @@ def parseXml( xmlInput ): def parsePolicyXml( ): global policyXml - global formPolicyName, formPolicyDate, formPolicyOrder - global formSteTypes, formChWallTypes - global allCSMTypes + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder + global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0 + global allCSMTypes, allVmStes, allVmChWs domDoc = parseXml( policyXml ) if domDoc == None: return + # Process the PolicyHeader domRoot = domDoc.documentElement domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' ) if len( domHeaders ) == 0: @@ -215,7 +302,7 @@ def parsePolicyXml( ): formatXmlError( msg ) return - pName = getName( domHeaders[0] ) + pName = getPolicyName( domHeaders[0] ) if pName == None: msg = '' msg = msg + 'Error processing the Policy header information.\n' @@ -223,18 +310,13 @@ def parsePolicyXml( ): formatXmlError( msg ) return - formPolicyName[1] = pName - - pDate = getDate( domHeaders[0] ) - if pDate == None: - msg = '' - msg = msg + 'Error processing the Policy header information.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - formPolicyDate[1] = pDate - + formPolicyName[1] = pName + formPolicyUrl[1] = getUrl( domHeaders[0] ) + formPolicyRef[1] = getRef( domHeaders[0] ) + formPolicyDate[1] = getDate( domHeaders[0] ) + formPolicyNSUrl[1] = getNSUrl( domHeaders[0] ) + + # Process the STEs pOrder = '' domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' ) if len( domStes ) > 0: @@ -259,6 +341,7 @@ def parsePolicyXml( ): formSteTypes[1] = steTypes + # Process the ChineseWalls and Conflict Sets domChWalls = domRoot.getElementsByTagName( 'ChineseWall' ) if len( domChWalls ) > 0: if domChWalls[0].hasAttribute( 'priority' ): @@ -291,45 +374,39 @@ def parsePolicyXml( ): formChWallTypes[1] = chwTypes csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' ) - if len( csNodes ) == 0: - msg = '' - msg = msg + 'Required "<ConflictSets>" tag missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) - if len( cNodes ) == 0: - msg = '' - msg = msg + 'Required "<Conflict>" tag missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - for cNode in cNodes: - csName = cNode.getAttribute( 'name' ) - newCS( csName, 1 ) - - csMemberList = getTypes( cNode ) - if csMemberList == None: + if csNodes and (len( csNodes ) > 0): + cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) + if not cNodes or len( cNodes ) == 0: msg = '' - msg = msg + 'Error processing the Conflict Set members.\n' + msg = msg + 'Required "<Conflict>" tag missing.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) return - # Verify the conflict set members are valid types - ctSet = Set( formChWallTypes[1] ) - csSet = Set( csMemberList ) - if not csSet.issubset( ctSet ): - msg = '' - msg = msg + 'Error processing Conflict Set "' + csName + '".\n' - msg = msg + 'Members of the conflict set are not valid ' - msg = msg + 'Chinese Wall types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - - allCSMTypes[csName][1] = csMemberList + for cNode in cNodes: + csName = cNode.getAttribute( 'name' ) + newCS( csName, 1 ) + + csMemberList = getTypes( cNode ) + if csMemberList == None: + msg = '' + msg = msg + 'Error processing the Conflict Set members.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + # Verify the conflict set members are valid types + ctSet = Set( formChWallTypes[1] ) + csSet = Set( csMemberList ) + if not csSet.issubset( ctSet ): + msg = '' + msg = msg + 'Error processing Conflict Set "' + csName + '".\n' + msg = msg + 'Members of the conflict set are not valid ' + msg = msg + 'Chinese Wall types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + + allCSMTypes[csName][1] = csMemberList if pOrder != '': formPolicyOrder[1] = pOrder @@ -341,6 +418,74 @@ def parsePolicyXml( ): msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) return + + # Process the Labels + domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' ) + if not domLabels or (len( domLabels ) == 0): + msg = '' + msg = msg + '<SecurityLabelTemplate> tag is missing.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + + # Process the VMs + domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' ) + if len( domSubjects ) > 0: + formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' ) + domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' ) + for domNode in domNodes: + vmName = getName( domNode ) + if vmName == None: + msg = '' + msg = msg + 'Error processing the VirtualMachineLabel name.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + continue + + steTypes = getSteTypes( domNode ) + if steTypes == None: + msg = '' + msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + chwTypes = getChWTypes( domNode ) + if chwTypes == None: + msg = '' + msg = msg + 'Error processing the ChineseWall types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + newVm( vmName, 1 ) + allVmStes[vmName][1] = steTypes + allVmChWs[vmName][1] = chwTypes + + # Process the Resources + domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' ) + if len( domObjects ) > 0: + domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' ) + for domNode in domNodes: + resName = getName( domNode ) + if resName == None: + msg = '' + msg = msg + 'Error processing the ResourceLabel name.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + continue + + steTypes = getSteTypes( domNode ) + if steTypes == None: + msg = '' + msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + newRes( resName, 1 ) + allResStes[resName][1] = steTypes def modFormTemplate( formTemplate, suffix ): formVar = [x for x in formTemplate] @@ -383,18 +528,79 @@ def newCS( csName, addToList = 0 ): formCSNames[1].append( csName ) formCSNames[1] = removeDups( formCSNames[1] ) +def newVm( vmName, addToList = 0 ): + global formVmNames + global templateVmDel, allVmDel, templateVmDom0, allVmDom0 + global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd + global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd + global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd + global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd + + # Make sure we have an actual name and check one of the 'all' + # variables to be sure it hasn't been previously defined + if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )): + vmSuffix = '_' + vmName + allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix ) + allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix ) + allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix ) + allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix ) + allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix ) + allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix ) + allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix ) + allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix ) + allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix ) + allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix ) + if addToList == 1: + formVmNames[1].append( vmName ) + formVmNames[1] = removeDups( formVmNames[1] ) + +def newRes( resName, addToList = 0 ): + global formResNames + global templateResDel, allResDel + global templateResStes, templateResSteDel, templateResSte, templateResSteAdd + global allResStes, allResSteDel, allResSteType, allResSteAdd + + # Make sure we have an actual name and check one of the 'all' + # variables to be sure it hasn't been previously defined + if (len( resName ) > 0) and (not allResDel.has_key( resName )): + resSuffix = '_' + resName + allResDel[resName] = modFormTemplate( templateResDel, resSuffix ) + allResStes[resName] = modFormTemplate( templateResStes, resSuffix ) + allResSteDel[resName] = modFormTemplate( templateResSteDel, resSuffix ) + allResSte[resName] = modFormTemplate( templateResSte, resSuffix ) + allResSteAdd[resName] = modFormTemplate( templateResSteAdd, resSuffix ) + if addToList == 1: + formResNames[1].append( resName ) + formResNames[1] = removeDups( formResNames[1] ) + def updateInfo( ): - global formData, formPolicyName, formPolicyDate, formPolicyOrder + global formData, formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder if formData.has_key( formPolicyName[3] ): formPolicyName[1] = formData[formPolicyName[3]].value elif formData.has_key( formPolicyUpdate[3] ): formPolicyName[1] = '' + if formData.has_key( formPolicyUrl[3] ): + formPolicyUrl[1] = formData[formPolicyUrl[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyUrl[1] = '' + + if formData.has_key( formPolicyRef[3] ): + formPolicyRef[1] = formData[formPolicyRef[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyRef[1] = '' + if formData.has_key( formPolicyDate[3] ): formPolicyDate[1] = formData[formPolicyDate[3]].value elif formData.has_key( formPolicyUpdate[3] ): formPolicyDate[1] = '' + + if formData.has_key( formPolicyNSUrl[3] ): + formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyNSUrl[1] = '' if formData.has_key( formPolicyOrder[3] ): formPolicyOrder[1] = formData[formPolicyOrder[3]].value @@ -483,6 +689,136 @@ def delCSMember( csName ): csm = csm.strip( ) formVar[1].remove( csm ) +def addVm( ): + global formData, fromVmName, formVmNames, formVmNameDom0 + + if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )): + if formData.has_key( formVmName[3] ): + vmName = formData[formVmName[3]].value + vmName = vmName.strip( ) + newVm( vmName, 1 ) + if formVmNameDom0[1] == '': + formVmNameDom0[1] = vmName + +def delVm( vmName ): + global formVmNames, formVmNameDom0 + global allVmDel, allVmDom0 + global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd + global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd + + vmName = vmName.strip( ) + formVmNames[1].remove( vmName ) + del allVmDom0[vmName] + del allVmDel[vmName] + del allVmChWs[vmName] + del allVmChWDel[vmName] + del allVmChW[vmName] + del allVmChWAdd[vmName] + del allVmStes[vmName] + del allVmSteDel[vmName] + del allVmSte[vmName] + del allVmSteAdd[vmName] + + if formVmNameDom0[1] == vmName: + if len( formVmNames[1] ) > 0: + formVmNameDom0[1] = formVmNames[1][0] + else: + formVmNameDom0[1] = '' + +def makeVmDom0( vmName ): + global formVmNameDom0 + + vmName = vmName.strip( ) + formVmNameDom0[1] = vmName + +def addVmChW( vmName ): + global formData, allVmChW, allVmChWs + + formVar = allVmChW[vmName] + if formData.has_key( formVar[3] ): + chwList = formData.getlist( formVar[3] ) + formVar = allVmChWs[vmName] + for chw in chwList: + chw = chw.strip( ) + formVar[1].append( chw ) + formVar[1] = removeDups( formVar[1] ) + +def delVmChW( vmName ): + global formData, allVmChWs + + formVar = allVmChWs[vmName] + if formData.has_key( formVar[3] ): + chwList = formData.getlist( formVar[3] ) + for chw in chwList: + chw = chw.strip( ) + formVar[1].remove( chw ) + +def addVmSte( vmName ): + global formData, allVmSte, allVmStes + + formVar = allVmSte[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + formVar = allVmStes[vmName] + for ste in steList: + ste = ste.strip( ) + formVar[1].append( ste ) + formVar[1] = removeDups( formVar[1] ) + +def delVmSte( vmName ): + global formData, allVmStes + + formVar = allVmStes[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + for ste in steList: + ste = ste.strip( ) + formVar[1].remove( ste ) + +def addRes( ): + global formData, fromResName, formResNames + + if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formResAdd[3] )): + if formData.has_key( formResName[3] ): + resName = formData[formResName[3]].value + resName = resName.strip( ) + newRes( resName, 1 ) + +def delRes( resName ): + global formResNames + global allResDel + global allResStes, allResSteDel, allResSteType, allResSteAdd + + resName = resName.strip( ) + formResNames[1].remove( resName ) + del allResDel[resName] + del allResStes[resName] + del allResSteDel[resName] + del allResSte[resName] + del allResSteAdd[resName] + +def addResSte( vmName ): + global formData, allResSte, allResStes + + formVar = allResSte[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + formVar = allResStes[vmName] + for ste in steList: + ste = ste.strip( ) + formVar[1].append( ste ) + formVar[1] = removeDups( formVar[1] ) + +def delResSte( vmName ): + global formData, allResStes + + formVar = allResStes[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + for ste in steList: + ste = ste.strip( ) + formVar[1].remove( ste ) + def processRequest( ): global policyXml global formData, formPolicyUpdate @@ -490,6 +826,12 @@ def processRequest( ): global formChWallAdd, formChWallDel global formCSAdd, allCSDel global formCSNames, allCSMAdd, allCSMDel + global formVmAdd + global formVmNames, allVmDel, allVmDom0 + global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel + global formResAdd + global formResNames, allResDel + global allResSteAdd, allResSteDel if policyXml != '': parsePolicyXml( ) @@ -498,11 +840,13 @@ def processRequest( ): # an action is performed updateInfo( ) - # Allow the adding of types/sets if the user has hit the - # enter key when attempting to add a type/set + # Allow the adding of types/sets/vms if the user has hit the + # enter key when attempting to add a type/set/vm addSteType( ) addChWallType( ) addCS( ) + addVm( ) + addRes( ) if formData.has_key( formSteDel[3] ): delSteType( ) @@ -521,6 +865,37 @@ def processRequest( ): elif formData.has_key( allCSMDel[csName][3] ): delCSMember( csName ) + + for vmName in formVmNames[1]: + if formData.has_key( allVmDel[vmName][3] ): + delVm( vmName ) + continue + + if formData.has_key( allVmDom0[vmName][3] ): + makeVmDom0( vmName ) + + if formData.has_key( allVmChWAdd[vmName][3] ): + addVmChW( vmName ) + + elif formData.has_key( allVmChWDel[vmName][3] ): + delVmChW( vmName ) + + elif formData.has_key( allVmSteAdd[vmName][3] ): + addVmSte( vmName ) + + elif formData.has_key( allVmSteDel[vmName][3] ): + delVmSte( vmName ) + + for resName in formResNames[1]: + if formData.has_key( allResDel[resName][3] ): + delRes( resName ) + continue + + if formData.has_key( allResSteAdd[resName][3] ): + addResSte( resName ) + + elif formData.has_key( allResSteDel[resName][3] ): + delResSte( resName ) def makeName( name, suffix='' ): rName = name @@ -553,7 +928,7 @@ def makeValueAttr( value, suffix='' ): def makeValueAttr( value, suffix='' ): return 'value="' + makeValue( value, suffix ) + '"' -def sendHtmlFormVar( formVar, attrs='' ): +def sendHtmlFormVar( formVar, attrs='', rb_select=0 ): nameAttr = '' valueAttr = '' htmlText = '' @@ -614,7 +989,7 @@ def sendHtmlFormVar( formVar, attrs='' ) print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText, '<BR>' - if formVar[2] != '': + if ( formVar[2] != '' ) and ( rb_select == 0 ): nameAttr = makeNameAttr( formVar[2] ) valueAttr = makeValueAttr( formVar[1] ) print '<INPUT type="hidden"', nameAttr, valueAttr, '>' @@ -625,7 +1000,9 @@ def sendHtmlHeaders( ): print def sendPolicyHtml( ): - global xmlError, xmlIncomplete, xmlMessages, formXmlGen + global xmlError, xmlIncomplete, xmlMessages + global formDefaultButton, formXmlGen + global formVmNameDom0 print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"' print ' "http://www.w3.org/TR/html4/loose.dtd";>' @@ -704,12 +1081,17 @@ def sendPolicyHtml( ): print ' <TR>' print ' <TD>' print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="49%">' + print ' <COL width="2%">' + print ' <COL width="49%">' + print ' </COLGROUP>' print ' <TR>' - print ' <TD width="49%">' + print ' <TD>' sendPSteHtml( ) print ' </TD>' - print ' <TD width="2%"> </TD>' - print ' <TD width="49%">' + print ' <TD> </TD>' + print ' <TD>' sendPChWallHtml( ) print ' </TD>' print ' </TR>' @@ -717,7 +1099,57 @@ def sendPolicyHtml( ): print ' </TD>' print ' </TR>' + # Separator + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + + # Policy Labels (vms) + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD>' + sendPLSubHtml( ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + + # Separator + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + + # Policy Labels (resources) + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD>' + sendPLObjHtml( ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + print '</TABLE>' + + # Send some data that needs to be available across sessions + sendHtmlFormVar( formVmNameDom0 ) + print '</FORM>' print '</CENTER>' @@ -733,8 +1165,8 @@ def sendHtmlHead( ): print '<!--' print 'BODY {background-color: #EEEEFF;}' print 'TABLE.container {width: 90%; border: 1px solid black; border-collapse: seperate;}' - print 'TABLE.fullbox {width: 100%; border: 1px solid black; border-collapse: collapse;}' - print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse;}' + print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' + print 'TABLE.fullbox {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' print 'THEAD {font-weight: bold; font-size: larger;}' print 'TD {border: 0px solid black; vertical-align: top;}' print 'TD.heading {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}' @@ -752,7 +1184,8 @@ def sendHtmlHead( ): print '</HEAD>' def sendPHeaderHtml( ): - global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder, formPolicyUpdate # Policy header definition print '<TABLE class="full">' @@ -770,9 +1203,27 @@ def sendPHeaderHtml( ): print ' </TD>' print ' </TR>' print ' <TR>' + print ' <TD align="right">Url:</TD>' + print ' <TD align="left">' + sendHtmlFormVar( formPolicyUrl, 'class="full"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD align="right">Reference:</TD>' + print ' <TD align="left">' + sendHtmlFormVar( formPolicyRef, 'class="full"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' print ' <TD align="right">Date:</TD>' print ' <TD align="left">' sendHtmlFormVar( formPolicyDate, 'class="full"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD align="right">NameSpace URL:</TD>' + print ' <TD align="left">' + sendHtmlFormVar( formPolicyNSUrl, 'class="full"' ) print ' </TD>' print ' </TR>' print ' <TR>' @@ -983,17 +1434,335 @@ def sendPChWallHtml( ): print '</TABLE>' +def sendPLSubHtml( ): + global formVmNames, formVmDel, formVmName, formVmAdd + global allVmDel, allVmDom0 + global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd + global allVmStes, allVmSteDel, allVmSte, allVmSteAdd + global formSteTypes, formChWallTypes + + print '<TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + + # Virtual Machines... + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="40%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + sendHtmlFormVar( formVmName, 'class="full"' ) + sendHtmlFormVar( formVmNames ) + print ' </TD>' + print ' <TD> </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + sendHtmlFormVar( formVmAdd, 'class="full"' ) + print ' </TD>' + print ' <TD colspan="2">' + print ' Create a new VM class with the above name' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + if len( formVmNames[1] ) > 0: + print ' <TR>' + print ' <TD colspan="1">' + print ' ' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="fullbox">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="40%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <THEAD>' + print ' <TR>' + print ' <TD class="fullbox">Dom 0?</TD>' + print ' <TD class="fullbox">Name</TD>' + print ' <TD class="fullbox">Actions</TD>' + print ' </TR>' + print ' </THEAD>' + for i, vmName in enumerate( formVmNames[1] ): + print ' <TR>' + print ' <TD class="fullbox">' + if formVmNameDom0[1] == vmName: + print 'Yes' + else: + print ' ' + print ' </TD>' + print ' <TD class="fullbox">' + vmName + '</TD>' + print ' <TD class="fullbox">' + print ' <A href="#' + vmName + '">Edit</A>' + formVar = allVmDel[vmName] + sendHtmlFormVar( formVar, 'class="link"' ) + formVar = allVmDom0[vmName] + sendHtmlFormVar( formVar, 'class="link"' ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + for vmName in formVmNames[1]: + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="39%">' + print ' <COL width="2%">' + print ' <COL width="10%">' + print ' <COL width="39%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD colspan="5" align="center" class="heading">' + print ' <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' + print ' <TD> </TD>' + print ' <TD colspan="2" align="center">Chinese Wall Types</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + formVar = allVmStes[vmName]; + sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) + print ' </TD>' + print ' <TD> </TD>' + print ' <TD colspan="2">' + formVar = allVmChWs[vmName]; + sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allVmSteDel[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Delete the type(s) selected above' + print ' </TD>' + print ' <TD> </TD>' + print ' <TD>' + formVar = allVmChWDel[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Delete the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + stSet = Set( formSteTypes[1] ) + vmSet = Set( allVmStes[vmName][1] ) + formVar = allVmSte[vmName] + formVar[1] = [] + for steType in stSet.difference( vmSet ): + formVar[1].append( steType ) + formVar[1].sort( ) + sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) + print ' </TD>' + print ' <TD> </TD>' + print ' <TD colspan="2">' + ctSet = Set( formChWallTypes[1] ) + vmSet = Set( allVmChWs[vmName][1] ) + formVar = allVmChW[vmName] + formVar[1] = [] + for chwallType in ctSet.difference( vmSet ): + formVar[1].append( chwallType ) + formVar[1].sort( ) + sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allVmSteAdd[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Add the type(s) selected above' + print ' </TD>' + print ' <TD> </TD>' + print ' <TD>' + formVar = allVmChWAdd[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Add the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + + print '</TABLE>' + +def sendPLObjHtml( ): + global formResNames, formResDel, formResName, formResAdd + global allResDel + global allResStes, allResSteDel, allResSte, allResSteAdd + global formSteTypes, formChWallTypes + + print '<TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + + # Resources... + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="40%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD class="heading" align="center" colspan="3">Resource Classes</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + sendHtmlFormVar( formResName, 'class="full"' ) + sendHtmlFormVar( formResNames ) + print ' </TD>' + print ' <TD> </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + sendHtmlFormVar( formResAdd, 'class="full"' ) + print ' </TD>' + print ' <TD colspan="2">' + print ' Create a new Resource class with the above name' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + if len( formResNames[1] ) > 0: + print ' <TR>' + print ' <TD colspan="1">' + print ' ' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="fullbox">' + print ' <COLGROUP>' + print ' <COL width="50%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <THEAD>' + print ' <TR>' + print ' <TD class="fullbox">Name</TD>' + print ' <TD class="fullbox">Actions</TD>' + print ' </TR>' + print ' </THEAD>' + for i, resName in enumerate( formResNames[1] ): + print ' <TR>' + print ' <TD class="fullbox">' + resName + '</TD>' + print ' <TD class="fullbox">' + print ' <A href="#' + resName + '">Edit</A>' + formVar = allResDel[resName] + sendHtmlFormVar( formVar, 'class="link"' ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + for resName in formResNames[1]: + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="90%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD colspan="2" align="center" class="heading">' + print ' <A name="' + resName + '">Resource Class: ' + resName + '</A>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + formVar = allResStes[resName]; + sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allResSteDel[resName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Delete the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + stSet = Set( formSteTypes[1] ) + resSet = Set( allResStes[resName][1] ) + formVar = allResSte[resName] + formVar[1] = [] + for steType in stSet.difference( resSet ): + formVar[1].append( steType ) + formVar[1].sort( ) + sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allResSteAdd[resName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Add the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + + print '</TABLE>' + def checkXmlData( ): global xmlIncomplete + global formPolicyName, formPolicyOrder + global formChWallTypes, formSteTypes, formCSNames # Validate the Policy Header requirements - if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ): - if ( len( formPolicyName[1] ) == 0 ) or ( len( formPolicyDate[1] ) == 0 ): - msg = '' - msg = msg + 'The XML policy schema requires that the Policy ' - msg = msg + 'Information Name and Date fields both have values ' - msg = msg + 'or both not have values.' - formatXmlGenError( msg ) + if ( len( formPolicyName[1] ) == 0 ): + msg = '' + msg = msg + 'The XML policy schema requires that the Policy ' + msg = msg + 'Information Name field have a value.' + formatXmlGenError( msg ) if formPolicyOrder[1] == 'v_ChWall': if len( formChWallTypes[1] ) == 0: @@ -1014,14 +1783,6 @@ def checkXmlData( ): msg = msg + 'primary policy.' formatXmlGenError( msg ) - # Validate the Chinese Wall required data - if len( formChWallTypes[1] ) > 0: - if len( formCSNames[1] ) == 0: - msg = '' - msg = msg + 'The XML policy schema for the Chinese Wall ' - msg = msg + 'requires at least one Conflict Set be defined.' - formatXmlGenError( msg ) - def sendXmlHeaders( ): # HTML headers print 'Content-Type: text/xml' @@ -1042,17 +1803,28 @@ def sendPolicyXml( ): sendPSteXml( ) sendPChWallXml( ) + # Policy Labels (subjects and objects) + print '<SecurityLabelTemplate>' + sendPLSubXml( ) + sendPLObjXml( ) + print '</SecurityLabelTemplate>' print '</SecurityPolicyDefinition>' def sendPHeaderXml( ): - global formPolicyName, formPolicyDate + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl # Policy header definition - if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ): - print '<PolicyHeader>' - print ' <Name>' + formPolicyName[1] + '</Name>' + print '<PolicyHeader>' + print ' <PolicyName>' + formPolicyName[1] + '</PolicyName>' + if len( formPolicyUrl[1] ) > 0: + print ' <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>' + if len( formPolicyRef[1] ) > 0: + print ' <Reference>' + formPolicyRef[1] + '</Reference>' + if len( formPolicyDate[1] ) > 0: print ' <Date>' + formPolicyDate[1] + '</Date>' - print '</PolicyHeader>' + if len( formPolicyNSUrl[1] ) > 0: + print ' <NameSpaceUrl>' + formPolicyNSUrl[1] + '</NameSpaceUrl>' + print '</PolicyHeader>' def sendPSteXml( ): global formPolicyOrder, formSteTypes @@ -1091,19 +1863,71 @@ def sendPChWallXml( ): print ' <Type>' + chWallType + '</Type>' print ' </ChineseWallTypes>' - # Chinese Wall Conflict Sets... - print ' <ConflictSets>' - for cs in formCSNames[1]: - formVar = allCSMTypes[cs] - if len( formVar[1] ) == 0: - continue - print ' <Conflict name="' + cs + '">' - for csm in formVar[1]: - print ' <Type>' + csm + '</Type>' - print ' </Conflict>' - print ' </ConflictSets>' + # Chinese Wall Conflict Sets (if any) ... + if len( formCSNames[1] ) > 0: + print ' <ConflictSets>' + for cs in formCSNames[1]: + formVar = allCSMTypes[cs] + if len( formVar[1] ) == 0: + continue + print ' <Conflict name="' + cs + '">' + for csm in formVar[1]: + print ' <Type>' + csm + '</Type>' + print ' </Conflict>' + print ' </ConflictSets>' print '</ChineseWall>' + +def sendPLSubXml( ): + global formVmNames, allVmChWs, allVmStes + + # Virtual machines... + if len( formVmNames[1] ) == 0: + return + + print ' <SubjectLabels bootstrap="' + formVmNameDom0[1] + '">' + for vmName in formVmNames[1]: + print ' <VirtualMachineLabel>' + print ' <Name>' + vmName + '</Name>' + formVar = allVmStes[vmName] + if len( formVar[1] ) > 0: + print ' <SimpleTypeEnforcementTypes>' + for ste in formVar[1]: + print ' <Type>' + ste + '</Type>' + print ' </SimpleTypeEnforcementTypes>' + + formVar = allVmChWs[vmName] + if len( formVar[1] ) > 0: + print ' <ChineseWallTypes>' + for chw in formVar[1]: + print ' <Type>' + chw + '</Type>' + print ' </ChineseWallTypes>' + + print ' </VirtualMachineLabel>' + + print ' </SubjectLabels>' + +def sendPLObjXml( ): + global formResNames, allResStes + + # Resources... + if len( formResNames[1] ) == 0: + return + + print ' <ObjectLabels>' + for resName in formResNames[1]: + print ' <ResourceLabel>' + print ' <Name>' + resName + '</Name>' + formVar = allResStes[resName] + if len( formVar[1] ) > 0: + print ' <SimpleTypeEnforcementTypes>' + for ste in formVar[1]: + print ' <Type>' + ste + '</Type>' + print ' </SimpleTypeEnforcementTypes>' + + print ' </ResourceLabel>' + + print ' </ObjectLabels>' # Set up initial HTML variables @@ -1125,6 +1949,20 @@ formPolicyName = [ 'text', '', '', ] +formPolicyUrl = [ 'text', + '', + 'h_policyUrl', + 'i_policyUrl', + '', + '', + ] +formPolicyRef = [ 'text', + '', + 'h_policyRef', + 'i_policyRef', + '', + '', + ] formPolicyDate = [ 'text', getCurrentTime( ), 'h_policyDate', @@ -1132,6 +1970,13 @@ formPolicyDate = [ 'text', '', '', ] +formPolicyNSUrl = [ 'text', + '', + 'h_policyNSUrl', + 'i_policyNSUrl', + '', + '', + ] formPolicyOrder = [ 'radiobutton-all', 'v_ChWall', 'h_policyOrder', @@ -1289,13 +2134,218 @@ allCSMType = {}; allCSMType = {}; allCSMAdd = {}; +formVmNames = [ '', + [], + 'h_vmNames', + '', + '', + '', + ] +formVmDel = [ 'button', + '', + '', + 'i_vmDel', + 'Delete', + '', + ] +formVmName = [ 'text', + '', + '', + 'i_vmName', + '', + '', + ] +formVmAdd = [ 'button', + '', + '', + 'i_vmAdd', + 'New', + '', + ] + +formVmNameDom0 = [ '', + '', + 'h_vmDom0', + '', + '', + '', + ] + +# This is a set of templates used for each virtual machine +# Each virtual machine is initially assigned these templates, +# then each form attribute value is changed to append +# "_virtual-machine-name" for uniqueness. +templateVmDel = [ 'button', + '', + '', + 'i_vmDel', + 'Delete', + '', + ] +templateVmDom0 = [ 'button', + '', + '', + 'i_vmDom0', + 'SetDom0', + '', + ] +allVmDel = {}; +allVmDom0 = {}; + +templateVmChWs = [ 'list', + [], + 'h_vmChWs', + 'i_vmChWs', + '', + '', + ] +templateVmChWDel = [ 'button', + '', + '', + 'i_vmChWDel', + 'Delete', + '', + ] +templateVmChW = [ 'list', + [], + '', + 'i_vmChW', + '', + '', + ] +templateVmChWAdd = [ 'button', + '', + '', + 'i_vmChWAdd', + 'Add', + '', + ] +allVmChWs = {}; +allVmChWDel = {}; +allVmChW = {}; +allVmChWAdd = {}; + +templateVmStes = [ 'list', + [], + 'h_vmStes', + 'i_vmStes', + '', + '', + ] +templateVmSteDel = [ 'button', + '', + '', + 'i_vmSteDel', + 'Delete', + '', + ] +templateVmSte = [ 'list', + [], + '', + 'i_vmSte', + '', + '', + ] +templateVmSteAdd = [ 'button', + '', + '', + 'i_vmSteAdd', + 'Add', + '', + ] +allVmStes = {}; +allVmSteDel = {}; +allVmSte = {}; +allVmSteAdd = {}; + +formResNames = [ '', + [], + 'h_resNames', + '', + '', + '', + ] +formResDel = [ 'button', + '', + '', + 'i_resDel', + 'Delete', + '', + ] +formResName = [ 'text', + '', + '', + 'i_resName', + '', + '', + ] +formResAdd = [ 'button', + '', + '', + 'i_resAdd', + 'New', + '', + ] + +# This is a set of templates used for each resource +# Each resource is initially assigned these templates, +# then each form attribute value is changed to append +# "_resource-name" for uniqueness. +templateResDel = [ 'button', + '', + '', + 'i_resDel', + 'Delete', + '', + ] +allResDel = {}; + +templateResStes = [ 'list', + [], + 'h_resStes', + 'i_resStes', + '', + '', + ] +templateResSteDel = [ 'button', + '', + '', + 'i_resSteDel', + 'Delete', + '', + ] +templateResSte = [ 'list', + [], + '', + 'i_resSte', + '', + '', + ] +templateResSteAdd = [ 'button', + '', + '', + 'i_resSteAdd', + 'Add', + '', + ] +allResStes = {}; +allResSteDel = {}; +allResSte = {}; +allResSteAdd = {}; + # A list of all form variables used for saving info across requests formVariables = [ formPolicyName, + formPolicyUrl, + formPolicyRef, formPolicyDate, + formPolicyNSUrl, formPolicyOrder, formSteTypes, formChWallTypes, formCSNames, + formVmNames, + formVmNameDom0, + formResNames, ] policyXml = '' diff -r 9a915e2828f3 -r ae709b250f43 tools/security/python/xensec_gen/index.html --- a/tools/security/python/xensec_gen/index.html Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/python/xensec_gen/index.html Tue Apr 25 23:35:55 2006 -0600 @@ -1,7 +1,7 @@ <!-- The Initial Developer of the Original Code is International Business Machines Corporation. Portions created by IBM - Corporation are Copyright (C) 2005 International Business + Corporation are Copyright (C) 2005, 2006 International Business Machines Corporation. All Rights Reserved. --> @@ -10,7 +10,7 @@ <HTML> <HEAD> <META name="author" content="Tom Lendacky"> - <META name="copyright" content="Copyright (C) 2005 International Business Machines Corporation. All rights reserved"> + <META name="copyright" content="Copyright (C) 2005, 2006 International Business Machines Corporation. All rights reserved"> <STYLE type="text/css"> <!-- @@ -67,60 +67,6 @@ </TR> </TABLE> </FORM> - - <FORM action="/cgi-bin/policylabel.cgi" method="post" enctype="multipart/form-data"> - <TABLE class="xen"> - <COLGROUP> - <COL width="25%"> - <COL width="20%"> - <COL width="55%"> - </COLGROUP> - - <TR> - <TD valign="top" class="heading"> - Security Policy Labeling - </TD> - <TD valign="top" colspan="2"> - To generate or edit the Xen Security Policy Labeling you <B>must</B> - specify the name of - an existing Xen Security Policy file in the - <B>"Policy File"</B> entry field.<BR> - To generate new Xen Security Policy Labeling leave the - <B>"Policy Labeling File"</B> entry field - empty and click the "Create" button.<BR> - To modify existing Xen Security Policy Labeling enter the - file name containing the labeling in the - <B>"Policy Labeling File"</B> entry field - and click the "Create" button.<HR> - </TD> - </TR> - <TR> - <TD></TD> - <TD> - Policy File: - </TD> - <TD> - <INPUT type="file" size="50" name="i_policy"> - </TD> - </TR> - <TR> - <TD></TD> - <TD> - Policy Labeling File: - </TD> - <TD> - <INPUT type="file" size="50" name="i_policyLabel"> - </TD> - </TR> - <TR> - <TD></TD> - <TD valign="top"> - <INPUT type="submit" name="i_policyLabelCreate" value="Create"> - </TD> - <TD></TD> - </TR> - </TABLE> - </FORM> </CENTER> </BODY> </HTML> diff -r 9a915e2828f3 -r ae709b250f43 tools/security/readme.txt --- a/tools/security/readme.txt Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/readme.txt Tue Apr 25 23:35:55 2006 -0600 @@ -10,20 +10,25 @@ # the access control policy and tools in Xen. ## -1. policy.txt: +1. 'xm' man page + + describes the commands related to Xen management, including the + commands to manage security policies and labels. Read the access + control subcommand section of the xm manual first. If it is not + built by default, check install.txt. + +2. policy.txt: describes the general reasoning and examples for access control policies in Xen -2. install.txt +3. install.txt describes the activation of the access control framework in Xen -3. example.txt +4. example.txt describes the available tools for managing security policies in Xen and the tools to label domains - - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/secpol_tool.c --- a/tools/security/secpol_tool.c Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/secpol_tool.c Tue Apr 25 23:35:55 2006 -0600 @@ -48,9 +48,7 @@ void usage(char *progname) "ACTION is one of:\n" "\t getpolicy\n" "\t dumpstats\n" - "\t loadpolicy <binary policy file>\n" - "\t getssid -d <domainid> [-f]\n" - "\t getssid -s <ssidref> [-f]\n", progname); + "\t loadpolicy <binary policy file>\n", progname); exit(-1); } @@ -68,7 +66,7 @@ static inline int do_xen_hypercall(int x (unsigned long) hypercall); } -static inline int do_acm_op(int xc_handle, struct acm_op * op) +static inline int do_acm_op(int xc_handle, struct acm_op *op) { int ret = -1; privcmd_hypercall_t hypercall; @@ -78,15 +76,13 @@ static inline int do_acm_op(int xc_handl hypercall.op = __HYPERVISOR_acm_op; hypercall.arg[0] = (unsigned long) op; - if (mlock(op, sizeof(*op)) != 0) - { + if (mlock(op, sizeof(*op)) != 0) { PERROR("Could not lock memory for Xen policy hypercall"); goto out1; } - if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0) - { - printf( "ACM operation failed: errno=%d\n", errno ); + if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0) { + printf("ACM operation failed: errno=%d\n", errno); if (errno == EACCES) fprintf(stderr, "ACM operation failed -- need to" " rebuild the user-space tool set?\n"); @@ -108,8 +104,7 @@ void acm_dump_chinesewall_buffer(void *b int i, j; - if (htonl(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) - { + if (htonl(cwbuf->policy_code) != ACM_CHINESE_WALL_POLICY) { printf("CHINESE WALL POLICY CODE not found ERROR!!\n"); return; } @@ -129,8 +124,7 @@ void acm_dump_chinesewall_buffer(void *b printf("\nSSID To CHWALL-Type matrix:\n"); ssids = (domaintype_t *) (buf + ntohl(cwbuf->chwall_ssid_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_ssidrefs); i++) - { + for (i = 0; i < ntohl(cwbuf->chwall_max_ssidrefs); i++) { printf("\n ssidref%2x: ", i); for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) printf("%02x ", @@ -139,8 +133,7 @@ void acm_dump_chinesewall_buffer(void *b printf("\n\nConfict Sets:\n"); conflicts = (domaintype_t *) (buf + ntohl(cwbuf->chwall_conflict_sets_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_conflictsets); i++) - { + for (i = 0; i < ntohl(cwbuf->chwall_max_conflictsets); i++) { printf("\n c-set%2x: ", i); for (j = 0; j < ntohl(cwbuf->chwall_max_types); j++) printf("%02x ", @@ -150,13 +143,11 @@ void acm_dump_chinesewall_buffer(void *b printf("\n"); printf("\nRunning\nTypes: "); - if (ntohl(cwbuf->chwall_running_types_offset)) - { + if (ntohl(cwbuf->chwall_running_types_offset)) { running_types = (domaintype_t *) (buf + ntohl(cwbuf->chwall_running_types_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) - { + for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) { printf("%02x ", ntohs(running_types[i])); } printf("\n"); @@ -164,13 +155,12 @@ void acm_dump_chinesewall_buffer(void *b printf("Not Reported!\n"); } printf("\nConflict\nAggregate Set: "); - if (ntohl(cwbuf->chwall_conflict_aggregate_offset)) - { + if (ntohl(cwbuf->chwall_conflict_aggregate_offset)) { conflict_aggregate = (domaintype_t *) (buf + - ntohl(cwbuf->chwall_conflict_aggregate_offset)); - for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) - { + ntohl(cwbuf-> + chwall_conflict_aggregate_offset)); + for (i = 0; i < ntohl(cwbuf->chwall_max_types); i++) { printf("%02x ", ntohs(conflict_aggregate[i])); } printf("\n\n"); @@ -201,11 +191,11 @@ void acm_dump_ste_buffer(void *buf, int printf("\nSSID To STE-Type matrix:\n"); ssids = (domaintype_t *) (buf + ntohl(stebuf->ste_ssid_offset)); - for (i = 0; i < ntohl(stebuf->ste_max_ssidrefs); i++) - { + for (i = 0; i < ntohl(stebuf->ste_max_ssidrefs); i++) { printf("\n ssidref%2x: ", i); for (j = 0; j < ntohl(stebuf->ste_max_types); j++) - printf("%02x ", ntohs(ssids[i * ntohl(stebuf->ste_max_types) + j])); + printf("%02x ", + ntohs(ssids[i * ntohl(stebuf->ste_max_types) + j])); } printf("\n\n"); } @@ -213,9 +203,12 @@ void acm_dump_policy_buffer(void *buf, i void acm_dump_policy_buffer(void *buf, int buflen) { struct acm_policy_buffer *pol = (struct acm_policy_buffer *) buf; - + char *policy_reference_name = + (buf + ntohl(pol->policy_reference_offset) + + sizeof(struct acm_policy_reference_buffer)); printf("\nPolicy dump:\n"); printf("============\n"); + printf("POLICY REFERENCE = %s.\n", policy_reference_name); printf("PolicyVer = %x.\n", ntohl(pol->policy_version)); printf("Magic = %x.\n", ntohl(pol->magic)); printf("Len = %x.\n", ntohl(pol->len)); @@ -227,8 +220,7 @@ void acm_dump_policy_buffer(void *buf, i ACM_POLICY_NAME(ntohl(pol->secondary_policy_code)), ntohl(pol->secondary_policy_code), ntohl(pol->secondary_buffer_offset)); - switch (ntohl(pol->primary_policy_code)) - { + switch (ntohl(pol->primary_policy_code)) { case ACM_CHINESE_WALL_POLICY: acm_dump_chinesewall_buffer(buf + ntohl(pol->primary_buffer_offset), @@ -250,8 +242,7 @@ void acm_dump_policy_buffer(void *buf, i printf("UNKNOWN POLICY!\n"); } - switch (ntohl(pol->secondary_policy_code)) - { + switch (ntohl(pol->secondary_policy_code)) { case ACM_CHINESE_WALL_POLICY: acm_dump_chinesewall_buffer(buf + ntohl(pol->secondary_buffer_offset), @@ -303,26 +294,22 @@ int acm_domain_loadpolicy(int xc_handle, off_t len; uint8_t *buffer; - if ((ret = stat(filename, &mystat))) - { + if ((ret = stat(filename, &mystat))) { printf("File %s not found.\n", filename); goto out; } len = mystat.st_size; - if ((buffer = malloc(len)) == NULL) - { + if ((buffer = malloc(len)) == NULL) { ret = -ENOMEM; goto out; } - if ((fd = open(filename, O_RDONLY)) <= 0) - { + if ((fd = open(filename, O_RDONLY)) <= 0) { ret = -ENOENT; printf("File %s not found.\n", filename); goto free_out; } - if (len == read(fd, buffer, len)) - { + if (len == read(fd, buffer, len)) { struct acm_op op; /* dump it and then push it down into xen/acm */ acm_dump_policy_buffer(buffer, len); @@ -334,7 +321,7 @@ int acm_domain_loadpolicy(int xc_handle, if (ret) printf - ("ERROR setting policy. Try 'xm dmesg' to see details.\n"); + ("ERROR setting policy.\n"); else printf("Successfully changed policy.\n"); @@ -382,9 +369,9 @@ int acm_domain_dumpstats(int xc_handle) op.u.dumpstats.pullcache_size = sizeof(stats_buffer); ret = do_acm_op(xc_handle, &op); - if (ret < 0) - { - printf("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n"); + if (ret < 0) { + printf + ("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n"); return ret; } stats = (struct acm_stats_buffer *) stats_buffer; @@ -394,8 +381,7 @@ int acm_domain_dumpstats(int xc_handle) printf("Magic = %x.\n", ntohl(stats->magic)); printf("Len = %x.\n", ntohl(stats->len)); - switch (ntohl(stats->primary_policy_code)) - { + switch (ntohl(stats->primary_policy_code)) { case ACM_NULL_POLICY: printf("NULL Policy: No statistics apply.\n"); break; @@ -414,8 +400,7 @@ int acm_domain_dumpstats(int xc_handle) printf("UNKNOWN PRIMARY POLICY ERROR!\n"); } - switch (ntohl(stats->secondary_policy_code)) - { + switch (ntohl(stats->secondary_policy_code)) { case ACM_NULL_POLICY: printf("NULL Policy: No statistics apply.\n"); break; @@ -435,119 +420,6 @@ int acm_domain_dumpstats(int xc_handle) } return ret; } -/************************ get ssidref & types ******************************/ -/* - * the ssid (types) can be looked up either by domain id or by ssidref - */ -int acm_domain_getssid(int xc_handle, int argc, char * const argv[]) -{ - /* this includes header and a set of types */ - #define MAX_SSIDBUFFER 2000 - int ret, i; - struct acm_op op; - struct acm_ssid_buffer *hdr; - unsigned char *buf; - int nice_print = 1; - - op.cmd = ACM_GETSSID; - op.interface_version = ACM_INTERFACE_VERSION; - op.u.getssid.get_ssid_by = UNSET; - /* arguments - -d ... domain id to look up - -s ... ssidref number to look up - -f ... formatted print (scripts depend on this format) - */ - while (1) - { - int c = getopt(argc, argv, "d:s:f"); - if (c == -1) - break; - if (c == 'd') - { - if (op.u.getssid.get_ssid_by != UNSET) - usage(argv[0]); - op.u.getssid.get_ssid_by = DOMAINID; - op.u.getssid.id.domainid = strtoul(optarg, NULL, 0); - } - else if (c== 's') - { - if (op.u.getssid.get_ssid_by != UNSET) - usage(argv[0]); - op.u.getssid.get_ssid_by = SSIDREF; - op.u.getssid.id.ssidref = strtoul(optarg, NULL, 0); - } - else if (c== 'f') - { - nice_print = 0; - } - else - usage(argv[0]); - } - if (op.u.getssid.get_ssid_by == UNSET) - usage(argv[0]); - - buf = malloc(MAX_SSIDBUFFER); - if (!buf) - return -ENOMEM; - - /* dump it and then push it down into xen/acm */ - op.u.getssid.ssidbuf = buf; /* out */ - op.u.getssid.ssidbuf_size = MAX_SSIDBUFFER; - ret = do_acm_op(xc_handle, &op); - - if (ret) - { - printf("ERROR getting ssidref. Try 'xm dmesg' to see details.\n"); - goto out; - } - hdr = (struct acm_ssid_buffer *)buf; - if (hdr->len > MAX_SSIDBUFFER) - { - printf("ERROR: Buffer length inconsistent (ret=%d, hdr->len=%d)!\n", - ret, hdr->len); - return -EIO; - } - if (nice_print) - { - printf("SSID: ssidref = 0x%08x \n", hdr->ssidref); - printf(" P: %s, max_types = %d\n", - ACM_POLICY_NAME(hdr->primary_policy_code), hdr->primary_max_types); - printf(" Types: "); - for (i=0; i< hdr->primary_max_types; i++) - if (buf[hdr->primary_types_offset + i]) - printf("%02x ", i); - else - printf("-- "); - printf("\n"); - - printf(" S: %s, max_types = %d\n", - ACM_POLICY_NAME(hdr->secondary_policy_code), hdr->secondary_max_types); - printf(" Types: "); - for (i=0; i< hdr->secondary_max_types; i++) - if (buf[hdr->secondary_types_offset + i]) - printf("%02x ", i); - else - printf("-- "); - printf("\n"); - } - else - { - /* formatted print for use with scripts (.sh) - * update scripts when updating here (usually - * used in combination with -d to determine a - * running domain's label - */ - printf("SSID: ssidref = 0x%08x \n", hdr->ssidref); - } - - /* return ste ssidref */ - if (hdr->primary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) - ret = (hdr->ssidref) & 0xffff; - else if (hdr->secondary_policy_code == ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) - ret = (hdr->ssidref) >> 16; - out: - return ret; -} /***************************** main **************************************/ @@ -559,8 +431,7 @@ int main(int argc, char **argv) if (argc < 2) usage(argv[0]); - if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) - { + if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { printf("ERROR: Could not open xen privcmd device!\n"); exit(-1); } @@ -577,8 +448,6 @@ int main(int argc, char **argv) if (argc != 2) usage(argv[0]); ret = acm_domain_dumpstats(acm_cmd_fd); - } else if (!strcmp(argv[1], "getssid")) { - ret = acm_domain_getssid(acm_cmd_fd, argc, argv); } else usage(argv[0]); diff -r 9a915e2828f3 -r ae709b250f43 tools/security/secpol_xml2bin.c --- a/tools/security/secpol_xml2bin.c Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/secpol_xml2bin.c Tue Apr 25 23:35:55 2006 -0600 @@ -101,22 +101,30 @@ int have_chwall = 0; /* input/output file names */ char *policy_filename = NULL, - *label_filename = NULL, - *binary_filename = NULL, *mapping_filename = NULL, - *schema_filename = NULL; + *binary_filename = NULL, + *mapping_filename = NULL, *schema_filename = NULL; + +char *policy_reference_name = NULL; + +void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state); void usage(char *prg) { printf("Usage: %s [OPTIONS] POLICYNAME\n", prg); - printf("POLICYNAME is the directory name within the policy directory\n"); - printf("that contains the policy files. The default policy directory\n"); - printf("is '%s' (see the '-d' option below to change it)\n", POLICY_DIR); - printf("The policy files contained in the POLICYNAME directory must be named:\n"); + printf + ("POLICYNAME is the directory name within the policy directory\n"); + printf + ("that contains the policy files. The default policy directory\n"); + printf("is '%s' (see the '-d' option below to change it)\n", + POLICY_DIR); + printf + ("The policy files contained in the POLICYNAME directory must be named:\n"); printf("\tPOLICYNAME-security_policy.xml\n"); printf("\tPOLICYNAME-security_label_template.xml\n\n"); printf("OPTIONS:\n"); printf("\t-d POLICYDIR\n"); - printf("\t\tUse POLICYDIR as the policy directory. This directory must contain\n"); + printf + ("\t\tUse POLICYDIR as the policy directory. This directory must contain\n"); printf("\t\tthe policy schema file 'security_policy.xsd'\n"); exit(EXIT_FAILURE); } @@ -147,8 +155,7 @@ int add_entry(struct tailhead *head, cha int add_entry(struct tailhead *head, char *name, type_t mapping) { struct type_entry *e; - if (lookup(head, name)) - { + if (lookup(head, name)) { printf("Error: Type >%s< defined more than once.\n", name); return -EFAULT; /* already in the list */ } @@ -204,16 +211,14 @@ int register_type(xmlNode * cur_node, xm text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); - if (!text) - { + if (!text) { printf("Error reading type name!\n"); return -EFAULT; } switch (state) { case XML2BIN_stetype_S: - if (add_entry(&ste_head, (char *) text, max_ste_types)) - { + if (add_entry(&ste_head, (char *) text, max_ste_types)) { xmlFree(text); return -EFAULT; } @@ -221,8 +226,7 @@ int register_type(xmlNode * cur_node, xm break; case XML2BIN_chwalltype_S: - if (add_entry(&chwall_head, (char *) text, max_chwall_types)) - { + if (add_entry(&chwall_head, (char *) text, max_chwall_types)) { xmlFree(text); return -EFAULT; } @@ -232,16 +236,15 @@ int register_type(xmlNode * cur_node, xm case XML2BIN_conflictsettype_S: /* a) search the type in the chwall_type list */ e = lookup(&chwall_head, (char *) text); - if (e == NULL) - { + if (e == NULL) { printf("CS type >%s< not a CHWALL type.\n", text); xmlFree(text); return -EFAULT; } /* b) add type entry to the current cs set */ - if (current_conflictset_p->row[e->mapping]) - { - printf("ERROR: Double entry of type >%s< in conflict set %d.\n", + if (current_conflictset_p->row[e->mapping]) { + printf + ("ERROR: Double entry of type >%s< in conflict set %d.\n", text, current_conflictset_p->num); xmlFree(text); return -EFAULT; @@ -262,16 +265,15 @@ void set_component_type(xmlNode * cur_no { xmlChar *order; - if ((order = xmlGetProp(cur_node, (xmlChar *) PRIMARY_COMPONENT_ATTR_NAME))) { - if (strcmp((char *) order, PRIMARY_COMPONENT)) - { + if ((order = + xmlGetProp(cur_node, (xmlChar *) PRIMARY_COMPONENT_ATTR_NAME))) { + if (strcmp((char *) order, PRIMARY_COMPONENT)) { printf("ERROR: Illegal attribut value >order=%s<.\n", (char *) order); xmlFree(order); exit(EXIT_FAILURE); } - if (primary != NULLPOLICY) - { + if (primary != NULLPOLICY) { printf("ERROR: Primary Policy Component set twice!\n"); exit(EXIT_FAILURE); } @@ -285,10 +287,8 @@ void walk_policy(xmlNode * start, xmlDoc xmlNode *cur_node = NULL; int code; - for (cur_node = start; cur_node; cur_node = cur_node->next) - { - if ((code = totoken((char *) cur_node->name)) < 0) - { + for (cur_node = start; cur_node; cur_node = cur_node->next) { + if ((code = totoken((char *) cur_node->name)) < 0) { printf("Unknown token: >%s<. Aborting.\n", cur_node->name); exit(EXIT_FAILURE); } @@ -297,13 +297,32 @@ void walk_policy(xmlNode * start, xmlDoc case XML2BIN_STETYPES: case XML2BIN_CHWALLTYPES: case XML2BIN_CONFLICTSETS: + case XML2BIN_POLICYHEADER: walk_policy(cur_node->children, doc, state | (1 << code)); break; + case XML2BIN_POLICYNAME: /* get policy reference name .... */ + if (state != XML2BIN_PN_S) { + printf("ERROR: >Url< >%s< out of context.\n", + (char *) xmlNodeListGetString(doc, + cur_node-> + xmlChildrenNode, 1)); + exit(EXIT_FAILURE); + } + policy_reference_name = (char *) + xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); + if (!policy_reference_name) { + printf("ERROR: empty >policy reference name (Url)<!\n"); + exit(EXIT_FAILURE); + } else + printf("Policy Reference name (Url): %s\n", + policy_reference_name); + break; + case XML2BIN_STE: - if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION) - { - printf("ERROR: This program was written against another STE version.\n"); + if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION) { + printf + ("ERROR: This program was written against another STE version.\n"); exit(EXIT_FAILURE); } have_ste = 1; @@ -312,9 +331,9 @@ void walk_policy(xmlNode * start, xmlDoc break; case XML2BIN_CHWALL: - if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) - { - printf("ERROR: This program was written against another CHWALL version.\n"); + if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) { + printf + ("ERROR: This program was written against another CHWALL version.\n"); exit(EXIT_FAILURE); } have_chwall = 1; @@ -328,8 +347,7 @@ void walk_policy(xmlNode * start, xmlDoc if (!current_conflictset_name) current_conflictset_name = ""; - if (init_next_conflictset()) - { + if (init_next_conflictset()) { printf ("ERROR: creating new conflictset structure failed.\n"); exit(EXIT_FAILURE); @@ -343,14 +361,18 @@ void walk_policy(xmlNode * start, xmlDoc /* type leaf */ break; + case XML2BIN_LABELTEMPLATE: /* handle in second pass */ case XML2BIN_TEXT: case XML2BIN_COMMENT: - case XML2BIN_POLICYHEADER: + case XML2BIN_DATE: + case XML2BIN_REFERENCE: + case XML2BIN_NSURL: /* for future use: where to find global label / type name mappings */ + case XML2BIN_URL: /* for future use: where to find policy */ /* leaf - nothing to do */ break; default: - printf("Unkonwn token Error (%d)\n", code); + printf("Unkonwn token Error (%d) in Policy\n", code); exit(EXIT_FAILURE); } @@ -358,21 +380,21 @@ void walk_policy(xmlNode * start, xmlDoc return; } -int create_type_mapping(xmlDocPtr doc) -{ - xmlNode *root_element = xmlDocGetRootElement(doc); - struct type_entry *te; - struct ssid_entry *se; - int i; - +void init_type_mapping(void) +{ printf("Creating ssid mappings ...\n"); /* initialize the ste and chwall type lists */ TAILQ_INIT(&ste_head); TAILQ_INIT(&chwall_head); TAILQ_INIT(&conflictsets_head); - - walk_policy(root_element, doc, XML2BIN_NULL); +} + +void post_type_mapping(void) +{ + struct type_entry *te; + struct ssid_entry *se; + int i; /* determine primary/secondary policy component orders */ if ((primary == NULLPOLICY) && have_chwall) @@ -400,19 +422,17 @@ int create_type_mapping(xmlDocPtr doc) } if (!DEBUG) - return 0; + return; /* print queues */ - if (have_ste) - { + if (have_ste) { printf("STE-Type queue (%s):\n", (primary == STE) ? "PRIMARY" : "SECONDARY"); for (te = ste_head.tqh_first; te != NULL; te = te->entries.tqe_next) printf("name=%22s, map=%x\n", te->name, te->mapping); } - if (have_chwall) - { + if (have_chwall) { printf("CHWALL-Type queue (%s):\n", (primary == CHWALL) ? "PRIMARY" : "SECONDARY"); for (te = chwall_head.tqh_first; te != NULL; @@ -421,8 +441,7 @@ int create_type_mapping(xmlDocPtr doc) printf("Conflictset queue (max=%d):\n", max_conflictsets); for (se = conflictsets_head.tqh_first; se != NULL; - se = se->entries.tqe_next) - { + se = se->entries.tqe_next) { printf("conflictset name >%s<\n", se->name ? se->name : "NONAME"); for (i = 0; i < max_chwall_types; i++) @@ -431,7 +450,6 @@ int create_type_mapping(xmlDocPtr doc) printf("\n"); } } - return 0; } @@ -554,8 +572,7 @@ int add_type(xmlNode * cur_node, xmlDocP struct type_entry *e; text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); - if (!text) - { + if (!text) { printf("Error reading type name!\n"); return -EFAULT; } @@ -564,8 +581,7 @@ int add_type(xmlNode * cur_node, xmlDocP case XML2BIN_VM_STE_S: case XML2BIN_RES_STE_S: /* lookup the type mapping and include the type mapping into the array */ - if (!(e = lookup(&ste_head, (char *) text))) - { + if (!(e = lookup(&ste_head, (char *) text))) { printf("ERROR: unknown VM STE type >%s<.\n", text); exit(EXIT_FAILURE); } @@ -577,8 +593,7 @@ int add_type(xmlNode * cur_node, xmlDocP case XML2BIN_VM_CHWALL_S: /* lookup the type mapping and include the type mapping into the array */ - if (!(e = lookup(&chwall_head, (char *) text))) - { + if (!(e = lookup(&chwall_head, (char *) text))) { printf("ERROR: unknown VM CHWALL type >%s<.\n", text); exit(EXIT_FAILURE); } @@ -602,8 +617,9 @@ void set_bootstrap_label(xmlNode * cur_n { xmlChar *order; - if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME))) - bootstrap_label = (char *)order; + if ((order = + xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME))) + bootstrap_label = (char *) order; else { printf("ERROR: No bootstrap label defined!\n"); exit(EXIT_FAILURE); @@ -615,45 +631,40 @@ void walk_labels(xmlNode * start, xmlDoc xmlNode *cur_node = NULL; int code; - for (cur_node = start; cur_node; cur_node = cur_node->next) - { - if ((code = totoken((char *) cur_node->name)) < 0) - { + for (cur_node = start; cur_node; cur_node = cur_node->next) { + if ((code = totoken((char *) cur_node->name)) < 0) { printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name); exit(EXIT_FAILURE); } switch (code) { /* adjust state to new state */ - case XML2BIN_SUBJECTS: set_bootstrap_label(cur_node); /* fall through */ + case XML2BIN_SECPOL: + case XML2BIN_LABELTEMPLATE: case XML2BIN_VM: case XML2BIN_RES: - case XML2BIN_SECTEMPLATE: case XML2BIN_OBJECTS: walk_labels(cur_node->children, doc, state | (1 << code)); break; case XML2BIN_STETYPES: /* create new ssid entry to use and point current to it */ - if (init_next_ste_ssid(state)) - { + if (init_next_ste_ssid(state)) { printf("ERROR: creating new ste ssid structure failed.\n"); exit(EXIT_FAILURE); } walk_labels(cur_node->children, doc, state | (1 << code)); - break; case XML2BIN_CHWALLTYPES: /* create new ssid entry to use and point current to it */ - if (init_next_chwall_ssid(state)) - { - printf("ERROR: creating new chwall ssid structure failed.\n"); + if (init_next_chwall_ssid(state)) { + printf + ("ERROR: creating new chwall ssid structure failed.\n"); exit(EXIT_FAILURE); } walk_labels(cur_node->children, doc, state | (1 << code)); - break; case XML2BIN_TYPE: @@ -663,115 +674,66 @@ void walk_labels(xmlNode * start, xmlDoc break; case XML2BIN_NAME: - if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S)) - { - printf("ERROR: >name< out of VM/RES context.\n"); + if ((state == XML2BIN_VM_S) || (state == XML2BIN_RES_S)) { + current_ssid_name = (char *) + xmlNodeListGetString(doc, cur_node->xmlChildrenNode, + 1); + if (!current_ssid_name) { + printf("ERROR: empty >vm/res name<!\n"); + exit(EXIT_FAILURE); + } + } else { + printf + ("ERROR: >name< >%s< out of context (state = 0x%lx.\n", + (char *) xmlNodeListGetString(doc, + cur_node-> + xmlChildrenNode, 1), + state); exit(EXIT_FAILURE); } - current_ssid_name = (char *) - xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1); - - if (!current_ssid_name) - { - printf("ERROR: empty >name<!\n"); - exit(EXIT_FAILURE); - } break; case XML2BIN_TEXT: case XML2BIN_COMMENT: - case XML2BIN_LABELHEADER: + case XML2BIN_POLICYHEADER: + case XML2BIN_STE: + case XML2BIN_CHWALL: break; default: - printf("Unkonwn token Error (%d)\n", code); + printf("Unkonwn token Error (%d) in Label Template\n", code); exit(EXIT_FAILURE); } - } return; -} - -/* this function walks through a ssid queue - * and transforms double entries into references - * of the first definition (we need to keep the - * entry to map labels but we don't want double - * ssids in the binary policy - */ -void -remove_doubles(struct tailhead_ssid *head, - u_int32_t max_types, u_int32_t * max_ssids) -{ - struct ssid_entry *np, *ni; - - /* walk once through the list */ - for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) - { - /* now search from the start until np for the same entry */ - for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next) - { - if (ni->is_ref) - continue; - if (memcmp(np->row, ni->row, max_types)) - continue; - /* found one, set np reference to ni */ - np->is_ref = 1; - np->num = ni->num; - (*max_ssids)--; - } - } - - /* now minimize the ssid numbers used (doubles introduce holes) */ - (*max_ssids) = 0; /* reset */ - - for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) - { - if (np->is_ref) - continue; - - if (np->num != (*max_ssids)) { - /* first reset all later references to the new max_ssid */ - for (ni = np->entries.tqe_next; ni != NULL; ni = ni->entries.tqe_next) - { - if (ni->num == np->num) - ni->num = (*max_ssids); - } - /* now reset num */ - np->num = (*max_ssids)++; - } - else - (*max_ssids)++; - } } /* * will go away as soon as we have non-static bootstrap ssidref for dom0 */ void fixup_bootstrap_label(struct tailhead_ssid *head, - u_int32_t max_types, u_int32_t * max_ssids) + u_int32_t max_types, u_int32_t * max_ssids) { struct ssid_entry *np; int i; /* should not happen if xml / xsd checks work */ - if (!bootstrap_label) - { + if (!bootstrap_label) { printf("ERROR: No bootstrap label defined.\n"); exit(EXIT_FAILURE); } /* search bootstrap_label */ - for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) - { - if (!strcmp(np->name, bootstrap_label)) - { + for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next) { + if (!strcmp(np->name, bootstrap_label)) { break; } } if (!np) { /* bootstrap label not found */ - printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label); + printf("ERROR: Bootstrap label >%s< not found.\n", + bootstrap_label); exit(EXIT_FAILURE); } @@ -781,16 +743,14 @@ void fixup_bootstrap_label(struct tailhe TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries); /* renumber the ssids (we could also just switch places with 1st element) */ - for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++) - np->num = i; - -} - -int create_ssid_mapping(xmlDocPtr doc) -{ - xmlNode *root_element = xmlDocGetRootElement(doc); - struct ssid_entry *np; - int i; + for (np = head->tqh_first, i = 0; np != NULL; + np = np->entries.tqe_next, i++) + np->num = i; + +} + +void init_label_mapping(void) +{ printf("Creating label mappings ...\n"); /* initialize the ste and chwall type lists */ @@ -798,14 +758,16 @@ int create_ssid_mapping(xmlDocPtr doc) TAILQ_INIT(&ste_ssid_head); /* init with default ssids */ - if (init_ssid_queues()) - { + if (init_ssid_queues()) { printf("ERROR adding default ssids.\n"); exit(EXIT_FAILURE); } - - /* now walk the template DOM tree and fill in ssids */ - walk_labels(root_element, doc, XML2BIN_NULL); +} + +void post_label_mapping(void) +{ + struct ssid_entry *np; + int i; /* * now sort bootstrap label to the head of the list @@ -814,30 +776,20 @@ int create_ssid_mapping(xmlDocPtr doc) */ if (have_chwall) fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types, - &max_chwall_ssids); + &max_chwall_ssids); if (have_ste) fixup_bootstrap_label(&ste_ssid_head, max_ste_types, - &max_ste_ssids); - - /* remove any double entries (insert reference instead) */ - if (have_chwall) - remove_doubles(&chwall_ssid_head, max_chwall_types, - &max_chwall_ssids); - if (have_ste) - remove_doubles(&ste_ssid_head, max_ste_types, - &max_ste_ssids); + &max_ste_ssids); if (!DEBUG) - return 0; + return; /* print queues */ - if (have_chwall) - { + if (have_chwall) { printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids); np = NULL; for (np = chwall_ssid_head.tqh_first; np != NULL; - np = np->entries.tqe_next) - { + np = np->entries.tqe_next) { printf("SSID #%02u (Label=%s)\n", np->num, np->name); if (np->is_ref) printf("REFERENCE"); @@ -848,13 +800,11 @@ int create_ssid_mapping(xmlDocPtr doc) printf("\n\n"); } } - if (have_ste) - { + if (have_ste) { printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids); np = NULL; for (np = ste_ssid_head.tqh_first; np != NULL; - np = np->entries.tqe_next) - { + np = np->entries.tqe_next) { printf("SSID #%02u (Label=%s)\n", np->num, np->name); if (np->is_ref) printf("REFERENCE"); @@ -865,7 +815,19 @@ int create_ssid_mapping(xmlDocPtr doc) printf("\n\n"); } } - return 0; +} + +void create_mappings(xmlDocPtr doc) +{ + xmlNode *doc_root_node = xmlDocGetRootElement(doc); + + /* walk the XML policy tree and fill in types and labels */ + init_type_mapping(); + walk_policy(doc_root_node, doc, XML2BIN_NULL); /* first pass: types */ + post_type_mapping(); + init_label_mapping(); + walk_labels(doc_root_node, doc, XML2BIN_NULL); /* second pass: labels */ + post_label_mapping(); } /***************** writing the binary policy *********************/ @@ -888,19 +850,16 @@ int write_mapping(char *filename) if ((file = fopen(filename, "w")) == NULL) return -EIO; + fprintf(file, "POLICYREFERENCENAME %s\n", policy_reference_name); fprintf(file, "MAGIC %08x\n", ACM_MAGIC); - fprintf(file, "POLICY %s\n", - basename(policy_filename)); - fprintf(file, "BINARY %s\n", - basename(binary_filename)); - if (have_chwall) - { + fprintf(file, "POLICY FILE %s\n", policy_filename); + fprintf(file, "BINARY FILE %s\n", binary_filename); + if (have_chwall) { fprintf(file, "MAX-CHWALL-TYPES %08x\n", max_chwall_types); fprintf(file, "MAX-CHWALL-SSIDS %08x\n", max_chwall_ssids); fprintf(file, "MAX-CHWALL-LABELS %08x\n", max_chwall_labels); } - if (have_ste) - { + if (have_ste) { fprintf(file, "MAX-STE-TYPES %08x\n", max_ste_types); fprintf(file, "MAX-STE-SSIDS %08x\n", max_ste_ssids); fprintf(file, "MAX-STE-LABELS %08x\n", max_ste_labels); @@ -939,11 +898,9 @@ int write_mapping(char *filename) fprintf(file, "\n"); /* first labels to ssid mappings */ - if (have_chwall) - { + if (have_chwall) { for (e = chwall_ssid_head.tqh_first; e != NULL; - e = e->entries.tqe_next) - { + e = e->entries.tqe_next) { fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n", (e->type == VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"), @@ -951,11 +908,9 @@ int write_mapping(char *filename) } fprintf(file, "\n"); } - if (have_ste) - { + if (have_ste) { for (e = ste_ssid_head.tqh_first; e != NULL; - e = e->entries.tqe_next) - { + e = e->entries.tqe_next) { fprintf(file, "LABEL->SSID %s STE %-25s %8x\n", (e->type == VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"), @@ -965,11 +920,9 @@ int write_mapping(char *filename) } /* second ssid to type mappings */ - if (have_chwall) - { + if (have_chwall) { for (e = chwall_ssid_head.tqh_first; e != NULL; - e = e->entries.tqe_next) - { + e = e->entries.tqe_next) { if (e->is_ref) continue; @@ -985,8 +938,7 @@ int write_mapping(char *filename) } if (have_ste) { for (e = ste_ssid_head.tqh_first; e != NULL; - e = e->entries.tqe_next) - { + e = e->entries.tqe_next) { if (e->is_ref) continue; @@ -1001,18 +953,15 @@ int write_mapping(char *filename) fprintf(file, "\n"); } /* third type mappings */ - if (have_chwall) - { - for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next) - { + if (have_chwall) { + for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next) { fprintf(file, "TYPE CHWALL %-25s %8x\n", t->name, t->mapping); } fprintf(file, "\n"); } if (have_ste) { - for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next) - { + for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next) { fprintf(file, "TYPE STE %-25s %8x\n", t->name, t->mapping); } @@ -1021,6 +970,38 @@ int write_mapping(char *filename) fclose(file); return 0; } + + +unsigned char *write_policy_reference_binary(u_int32_t * len_pr) +{ + unsigned char *buf, *ptr; + struct acm_policy_reference_buffer *pr_header; + u_int32_t len; + + if (policy_reference_name == NULL) { + printf("ERROR: No policy reference name found.\n"); + exit(EXIT_FAILURE); + } + len = (sizeof(struct acm_policy_reference_buffer) + + strlen(policy_reference_name) + 1); + buf = malloc(len); + ptr = buf; + + if (!buf) { + printf + ("ERROR: out of memory allocating label reference buffer.\n"); + exit(EXIT_FAILURE); + } + pr_header = (struct acm_policy_reference_buffer *) buf; + pr_header->len = + htonl(strlen(policy_reference_name) + 1 /* strend \'0' */ ); + ptr += sizeof(struct acm_policy_reference_buffer); + strcpy((char *) ptr, policy_reference_name); + + (*len_pr) = len; + return buf; +} + unsigned char *write_chwall_binary(u_int32_t * len_chwall) { @@ -1040,8 +1021,7 @@ unsigned char *write_chwall_binary(u_int buf = malloc(len); ptr = buf; - if (!buf) - { + if (!buf) { printf("ERROR: out of memory allocating chwall buffer.\n"); exit(EXIT_FAILURE); } @@ -1058,14 +1038,13 @@ unsigned char *write_chwall_binary(u_int chwall_header->chwall_conflict_sets_offset = htonl(ntohl(chwall_header->chwall_ssid_offset) + sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types); - chwall_header->chwall_running_types_offset = 0; /* not set, only retrieved */ - chwall_header->chwall_conflict_aggregate_offset = 0; /* not set, only retrieved */ + chwall_header->chwall_running_types_offset = 0; + chwall_header->chwall_conflict_aggregate_offset = 0; ptr += sizeof(struct acm_chwall_policy_buffer); /* types */ for (e = chwall_ssid_head.tqh_first; e != NULL; - e = e->entries.tqe_next) - { + e = e->entries.tqe_next) { if (e->is_ref) continue; @@ -1077,16 +1056,14 @@ unsigned char *write_chwall_binary(u_int /* conflictsets */ for (e = conflictsets_head.tqh_first; e != NULL; - e = e->entries.tqe_next) - { + e = e->entries.tqe_next) { for (i = 0; i < max_chwall_types; i++) ((type_t *) ptr)[i] = htons((type_t) e->row[i]); ptr += sizeof(type_t) * max_chwall_types; } - if ((ptr - buf) != len) - { + if ((ptr - buf) != len) { printf("ERROR: wrong lengths in %s.\n", __func__); exit(EXIT_FAILURE); } @@ -1112,8 +1089,7 @@ unsigned char *write_ste_binary(u_int32_ buf = malloc(len); ptr = buf; - if (!buf) - { + if (!buf) { printf("ERROR: out of memory allocating chwall buffer.\n"); exit(EXIT_FAILURE); } @@ -1130,8 +1106,7 @@ unsigned char *write_ste_binary(u_int32_ ptr += sizeof(struct acm_ste_policy_buffer); /* types */ - for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next) - { + for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next) { if (e->is_ref) continue; @@ -1141,8 +1116,7 @@ unsigned char *write_ste_binary(u_int32_ ptr += sizeof(type_t) * max_ste_types; } - if ((ptr - buf) != len) - { + if ((ptr - buf) != len) { printf("ERROR: wrong lengths in %s.\n", __func__); exit(EXIT_FAILURE); } @@ -1153,16 +1127,21 @@ int write_binary(char *filename) int write_binary(char *filename) { struct acm_policy_buffer header; - unsigned char *ste_buffer = NULL, *chwall_buffer = NULL; + unsigned char *ste_buffer = NULL, *chwall_buffer = + NULL, *policy_reference_buffer = NULL; u_int32_t len; - int fd; - - u_int32_t len_ste = 0, len_chwall = 0; /* length of policy components */ + int fd, ret = 0; + + u_int32_t len_ste = 0, len_chwall = 0, len_pr = 0; /* length of policy components */ /* open binary file */ - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) <= 0) - return -EIO; - + if ((fd = + open(filename, O_WRONLY | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR)) <= 0) { + ret = -EIO; + goto out1; + } + policy_reference_buffer = write_policy_reference_binary(&len_pr); ste_buffer = write_ste_binary(&len_ste); chwall_buffer = write_chwall_binary(&len_chwall); @@ -1175,24 +1154,26 @@ int write_binary(char *filename) len += len_chwall; if (have_ste) len += len_ste; + len += len_pr; /* policy reference is mandatory */ header.len = htonl(len); - header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer)); - if (primary == CHWALL) - { + header.policy_reference_offset = + htonl(sizeof(struct acm_policy_buffer)); + + header.primary_buffer_offset = + htonl(sizeof(struct acm_policy_buffer) + len_pr); + if (primary == CHWALL) { header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY); header.secondary_buffer_offset = - htonl((sizeof(struct acm_policy_buffer)) + len_chwall); - } - else if (primary == STE) - { + htonl((sizeof(struct acm_policy_buffer)) + len_pr + + len_chwall); + } else if (primary == STE) { header.primary_policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY); header.secondary_buffer_offset = - htonl((sizeof(struct acm_policy_buffer)) + len_ste); - } - else - { + htonl((sizeof(struct acm_policy_buffer)) + len_pr + + len_ste); + } else { /* null policy */ header.primary_policy_code = htonl(ACM_NULL_POLICY); header.secondary_buffer_offset = @@ -1208,36 +1189,52 @@ int write_binary(char *filename) header.secondary_policy_code = htonl(ACM_NULL_POLICY); if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer)) - != sizeof(struct acm_policy_buffer)) - return -EIO; - + != sizeof(struct acm_policy_buffer)) { + ret = -EIO; + goto out1; + } + + /* write label reference name */ + if (write(fd, policy_reference_buffer, len_pr) != len_pr) { + ret = -EIO; + goto out1; + } /* write primary policy component */ - if (primary == CHWALL) - { - if (write(fd, chwall_buffer, len_chwall) != len_chwall) - return -EIO; - } - else if (primary == STE) - { - if (write(fd, ste_buffer, len_ste) != len_ste) - return -EIO; - } else - ; /* NULL POLICY has no policy data */ + if (primary == CHWALL) { + if (write(fd, chwall_buffer, len_chwall) != len_chwall) { + ret = -EIO; + goto out1; + } + } else if (primary == STE) { + if (write(fd, ste_buffer, len_ste) != len_ste) { + ret = -EIO; + goto out1; + } + } else; /* NULL POLICY has no policy data */ /* write secondary policy component */ - if (secondary == CHWALL) - { - if (write(fd, chwall_buffer, len_chwall) != len_chwall) - return -EIO; - } - else if (secondary == STE) - { - if (write(fd, ste_buffer, len_ste) != len_ste) - return -EIO; + if (secondary == CHWALL) { + if (write(fd, chwall_buffer, len_chwall) != len_chwall) { + ret = -EIO; + goto out1; + } + } else if (secondary == STE) { + if (write(fd, ste_buffer, len_ste) != len_ste) { + ret = -EIO; + goto out1; + } } else; /* NULL POLICY has no policy data */ + out1: + /* cleanup */ + if (policy_reference_buffer) + free(policy_reference_buffer); + if (chwall_buffer) + free(chwall_buffer); + if (ste_buffer) + free(ste_buffer); close(fd); - return 0; + return ret; } int is_valid(xmlDocPtr doc) @@ -1253,18 +1250,15 @@ int is_valid(xmlDocPtr doc) #ifdef VALIDATE_SCHEMA /* only tested to be available from libxml2-2.6.20 upwards */ - if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1) - { + if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1) { printf("ERROR: Invalid schema file %s (err=%d)\n", schema_filename, err); err = -EIO; goto out; - } - else + } else printf("XML Schema %s valid.\n", schema_filename); #endif - if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc))) - { + if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc))) { err = -EIO; goto out; } @@ -1277,10 +1271,9 @@ int is_valid(xmlDocPtr doc) int main(int argc, char **argv) { - xmlDocPtr labeldoc = NULL; xmlDocPtr policydoc = NULL; - int err = EXIT_SUCCESS; + int err = EXIT_FAILURE; char *file_prefix; int prefix_len; @@ -1288,16 +1281,18 @@ int main(int argc, char **argv) int opt_char; char *policy_dir = POLICY_DIR; - if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION) - { - printf("ERROR: This program was written against an older ACM version.\n"); + if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION) { + printf + ("ERROR: This program was written against an older ACM version.\n"); + printf("ERROR: ACM_POLICY_VERSION=%d, WRITTEN AGAINST= %d.\n", + ACM_POLICY_VERSION, WRITTEN_AGAINST_ACM_POLICY_VERSION); exit(EXIT_FAILURE); } while ((opt_char = getopt(argc, argv, "d:")) != -1) { switch (opt_char) { case 'd': - policy_dir = malloc(strlen(optarg) + 2); // null terminator and possibly "/" + policy_dir = malloc(strlen(optarg) + 2); /* null terminator and possibly "/" */ if (!policy_dir) { printf("ERROR allocating directory name memory.\n"); exit(EXIT_FAILURE); @@ -1315,20 +1310,21 @@ int main(int argc, char **argv) if ((argc - optind) != 1) usage(basename(argv[0])); - prefix_len = strlen(policy_dir) + - strlen(argv[optind]) + 1 /* "/" */ + - strlen(argv[optind]) + 1 /* null terminator */ ; + printf("arg=%s\n", argv[optind]); + + prefix_len = + strlen(policy_dir) + strlen(argv[optind]) + + 1 /* null terminator */ ; file_prefix = malloc(prefix_len); policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION)); - label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION)); binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION)); mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION)); - schema_filename = malloc(strlen(policy_dir) + strlen(SCHEMA_FILENAME) + 1); - - if (!file_prefix || !policy_filename || !label_filename || - !binary_filename || !mapping_filename || !schema_filename) - { + schema_filename = + malloc(strlen(policy_dir) + strlen(SCHEMA_FILENAME) + 1); + + if (!file_prefix || !policy_filename || + !binary_filename || !mapping_filename || !schema_filename) { printf("ERROR allocating file name memory.\n"); goto out2; } @@ -1336,85 +1332,56 @@ int main(int argc, char **argv) /* create input/output filenames out of prefix */ strcpy(file_prefix, policy_dir); strcat(file_prefix, argv[optind]); - strcat(file_prefix, "/"); - strcat(file_prefix, argv[optind]); strcpy(policy_filename, file_prefix); - strcpy(label_filename, file_prefix); strcpy(binary_filename, file_prefix); strcpy(mapping_filename, file_prefix); strcat(policy_filename, POLICY_EXTENSION); - strcat(label_filename, LABEL_EXTENSION); strcat(binary_filename, BINARY_EXTENSION); strcat(mapping_filename, MAPPING_EXTENSION); strcpy(schema_filename, policy_dir); strcat(schema_filename, SCHEMA_FILENAME); - labeldoc = xmlParseFile(label_filename); - - if (labeldoc == NULL) - { + policydoc = xmlParseFile(policy_filename); + + if (policydoc == NULL) { printf("Error: could not parse file %s.\n", argv[optind]); - goto out2; - } - - printf("Validating label file %s...\n", label_filename); - if (!is_valid(labeldoc)) - { - printf("ERROR: Failed schema-validation for file %s (err=%d)\n", - label_filename, err); - goto out1; - } - - policydoc = xmlParseFile(policy_filename); - - if (policydoc == NULL) - { - printf("Error: could not parse file %s.\n", argv[optind]); - goto out1; + goto out; } printf("Validating policy file %s...\n", policy_filename); - if (!is_valid(policydoc)) - { + if (!is_valid(policydoc)) { printf("ERROR: Failed schema-validation for file %s (err=%d)\n", policy_filename, err); goto out; } - /* Init queues and parse policy */ - create_type_mapping(policydoc); - - /* create ssids */ - create_ssid_mapping(labeldoc); + /* create mappings */ + create_mappings(policydoc); /* write label mapping file */ - if (write_mapping(mapping_filename)) - { + if (write_mapping(mapping_filename)) { printf("ERROR: writing mapping file %s.\n", mapping_filename); goto out; } /* write binary file */ - if (write_binary(binary_filename)) - { + if (write_binary(binary_filename)) { printf("ERROR: writing binary file %s.\n", binary_filename); goto out; } - + err = EXIT_SUCCESS; /* write stats */ - if (have_chwall) - { + if (have_chwall) { printf("Max chwall labels: %u\n", max_chwall_labels); printf("Max chwall-types: %u\n", max_chwall_types); printf("Max chwall-ssids: %u\n", max_chwall_ssids); } - if (have_ste) - { + if (have_ste) { printf("Max ste labels: %u\n", max_ste_labels); printf("Max ste-types: %u\n", max_ste_types); printf("Max ste-ssids: %u\n", max_ste_ssids); @@ -1422,10 +1389,17 @@ int main(int argc, char **argv) /* cleanup */ out: xmlFreeDoc(policydoc); - out1: - xmlFreeDoc(labeldoc); out2: xmlCleanupParser(); return err; } +/* + * Local variables: + * mode: C + * c-set-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff -r 9a915e2828f3 -r ae709b250f43 tools/security/secpol_xml2bin.h --- a/tools/security/secpol_xml2bin.h Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/security/secpol_xml2bin.h Tue Apr 25 23:35:55 2006 -0600 @@ -12,37 +12,41 @@ * License. * */ -#define POLICY_DIR "/etc/xen/acm-security/policies/" -#define POLICY_EXTENSION "-security_policy.xml" -#define LABEL_EXTENSION "-security_label_template.xml" -#define BINARY_EXTENSION ".bin" -#define MAPPING_EXTENSION ".map" -#define PRIMARY_COMPONENT_ATTR_NAME "order" -#define BOOTSTRAP_LABEL_ATTR_NAME "bootstrap" -#define PRIMARY_COMPONENT "PrimaryPolicyComponent" -#define SCHEMA_FILENAME "security_policy.xsd" +#define POLICY_DIR "/etc/xen/acm-security/policies/" +#define POLICY_EXTENSION "-security_policy.xml" +#define BINARY_EXTENSION ".bin" +#define MAPPING_EXTENSION ".map" +#define PRIMARY_COMPONENT_ATTR_NAME "order" +#define BOOTSTRAP_LABEL_ATTR_NAME "bootstrap" +#define PRIMARY_COMPONENT "PrimaryPolicyComponent" +#define SCHEMA_FILENAME "security_policy.xsd" /* basic states (used as 1 << X) */ -#define XML2BIN_SECPOL 0 /* policy tokens */ -#define XML2BIN_STE 1 +#define ENDOFLIST_POS 22 /* ADAPT!! this position will be NULL; stay below 32 (bit) */ +#define XML2BIN_SECPOL 0 /* policy tokens */ +#define XML2BIN_STE 1 #define XML2BIN_CHWALL 2 -#define XML2BIN_CONFLICTSETS 3 -#define XML2BIN_CSTYPE 4 +#define XML2BIN_CONFLICTSETS 3 +#define XML2BIN_CSTYPE 4 +#define XML2BIN_POLICYHEADER 5 +#define XML2BIN_NSURL 6 +#define XML2BIN_POLICYNAME 7 +#define XML2BIN_URL 8 +#define XML2BIN_REFERENCE 9 +#define XML2BIN_DATE 10 -#define XML2BIN_SECTEMPLATE 5 /* label tokens */ -#define XML2BIN_POLICYHEADER 6 -#define XML2BIN_LABELHEADER 7 -#define XML2BIN_SUBJECTS 8 -#define XML2BIN_OBJECTS 9 -#define XML2BIN_VM 10 -#define XML2BIN_RES 11 +#define XML2BIN_LABELTEMPLATE 11 /* label tokens */ +#define XML2BIN_SUBJECTS 12 +#define XML2BIN_OBJECTS 13 +#define XML2BIN_VM 14 +#define XML2BIN_RES 15 +#define XML2BIN_NAME 16 -#define XML2BIN_STETYPES 12 /* shared tokens */ -#define XML2BIN_CHWALLTYPES 13 -#define XML2BIN_TYPE 14 -#define XML2BIN_NAME 15 -#define XML2BIN_TEXT 16 -#define XML2BIN_COMMENT 17 +#define XML2BIN_STETYPES 17 /* shared tokens */ +#define XML2BIN_CHWALLTYPES 18 +#define XML2BIN_TYPE 19 +#define XML2BIN_TEXT 20 +#define XML2BIN_COMMENT 21 /* type "data type" (currently 16bit) */ typedef u_int16_t type_t; @@ -51,27 +55,34 @@ typedef u_int16_t type_t; * state constants and token positions must be * * in sync for correct state recognition */ -char *token[20] = /* parser triggers */ +char *token[32] = /* parser triggers */ { - [0] = "SecurityPolicyDefinition", /* policy xml */ - [1] = "SimpleTypeEnforcement", - [2] = "ChineseWall", - [3] = "ConflictSets", - [4] = "Conflict", /* label-template xml */ - [5] = "SecurityLabelTemplate", - [6] = "PolicyHeader", - [7] = "LabelHeader", - [8] = "SubjectLabels", - [9] = "ObjectLabels", - [10] = "VirtualMachineLabel", - [11] = "ResourceLabel", - [12] = "SimpleTypeEnforcementTypes", /* common tags */ - [13] = "ChineseWallTypes", - [14] = "Type", - [15] = "Name", - [16] = "text", - [17] = "comment", - [18] = NULL, + [XML2BIN_SECPOL] = "SecurityPolicyDefinition", /* policy xml */ + [XML2BIN_STE] = "SimpleTypeEnforcement", + [XML2BIN_CHWALL] = "ChineseWall", + [XML2BIN_CONFLICTSETS] = "ConflictSets", + [XML2BIN_CSTYPE] = "Conflict", + [XML2BIN_POLICYHEADER] = "PolicyHeader", + [XML2BIN_NSURL] = "NameSpaceUrl", + [XML2BIN_POLICYNAME] = "PolicyName", + [XML2BIN_URL] = "PolicyUrl", + [XML2BIN_REFERENCE] = "Reference", + [XML2BIN_DATE] = "Date", + + [XML2BIN_LABELTEMPLATE] = "SecurityLabelTemplate", /* label-template xml */ + [XML2BIN_SUBJECTS] = "SubjectLabels", + [XML2BIN_OBJECTS] = "ObjectLabels", + [XML2BIN_VM] = "VirtualMachineLabel", + [XML2BIN_RES] = "ResourceLabel", + [XML2BIN_NAME] = "Name", + + [XML2BIN_STETYPES] = "SimpleTypeEnforcementTypes", /* common tags */ + [XML2BIN_CHWALLTYPES] = "ChineseWallTypes", + [XML2BIN_TYPE] = "Type", + [XML2BIN_TEXT] = "text", + [XML2BIN_COMMENT] = "comment", + [ENDOFLIST_POS] = NULL /* End of LIST, adapt ENDOFLIST_POS + when adding entries */ }; /* important combined states */ @@ -82,47 +93,53 @@ char *token[20] = /* e.g., here we are in a <secpol,ste,stetypes> environment, * * so when finding a type element, we know where to put it */ #define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \ - (1 << XML2BIN_STE) | \ - (1 << XML2BIN_STETYPES)) + (1 << XML2BIN_STE) | \ + (1 << XML2BIN_STETYPES)) #define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \ - (1 << XML2BIN_CHWALL) | \ - (1 << XML2BIN_CHWALLTYPES)) + (1 << XML2BIN_CHWALL) | \ + (1 << XML2BIN_CHWALLTYPES)) #define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \ - (1 << XML2BIN_CHWALL) | \ - (1 << XML2BIN_CONFLICTSETS)) + (1 << XML2BIN_CHWALL) | \ + (1 << XML2BIN_CONFLICTSETS)) #define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \ - (1 << XML2BIN_CHWALL) | \ - (1 << XML2BIN_CONFLICTSETS) | \ - (1 << XML2BIN_CSTYPE)) + (1 << XML2BIN_CHWALL) | \ + (1 << XML2BIN_CONFLICTSETS) | \ + (1 << XML2BIN_CSTYPE)) +#define XML2BIN_PN_S ((1 << XML2BIN_SECPOL) | \ + (1 << XML2BIN_POLICYHEADER)) /* label xml states */ -#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \ - (1 << XML2BIN_SUBJECTS) | \ - (1 << XML2BIN_VM)) +#define XML2BIN_VM_S ((1 << XML2BIN_SECPOL) | \ + (1 << XML2BIN_LABELTEMPLATE) | \ + (1 << XML2BIN_SUBJECTS) | \ + (1 << XML2BIN_VM)) -#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \ - (1 << XML2BIN_OBJECTS) | \ - (1 << XML2BIN_RES)) +#define XML2BIN_RES_S ((1 << XML2BIN_SECPOL) | \ + (1 << XML2BIN_LABELTEMPLATE) | \ + (1 << XML2BIN_OBJECTS) | \ + (1 << XML2BIN_RES)) -#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \ - (1 << XML2BIN_SUBJECTS) | \ - (1 << XML2BIN_VM) | \ - (1 << XML2BIN_STETYPES)) +#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECPOL) | \ + (1 << XML2BIN_LABELTEMPLATE) | \ + (1 << XML2BIN_SUBJECTS) | \ + (1 << XML2BIN_VM) | \ + (1 << XML2BIN_STETYPES)) -#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \ - (1 << XML2BIN_SUBJECTS) | \ - (1 << XML2BIN_VM) | \ - (1 << XML2BIN_CHWALLTYPES)) +#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECPOL) | \ + (1 << XML2BIN_LABELTEMPLATE) | \ + (1 << XML2BIN_SUBJECTS) | \ + (1 << XML2BIN_VM) | \ + (1 << XML2BIN_CHWALLTYPES)) -#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \ - (1 << XML2BIN_OBJECTS) | \ - (1 << XML2BIN_RES) | \ - (1 << XML2BIN_STETYPES)) - +#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECPOL) | \ + (1 << XML2BIN_LABELTEMPLATE) | \ + (1 << XML2BIN_OBJECTS) | \ + (1 << XML2BIN_RES) | \ + (1 << XML2BIN_STETYPES)) /* check versions of headers against which the @@ -130,7 +147,7 @@ char *token[20] = */ /* protects from unnoticed changes in struct acm_policy_buffer */ -#define WRITTEN_AGAINST_ACM_POLICY_VERSION 1 +#define WRITTEN_AGAINST_ACM_POLICY_VERSION 2 /* protects from unnoticed changes in struct acm_chwall_policy_buffer */ #define WRITTEN_AGAINST_ACM_CHWALL_VERSION 1 diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/README --- a/tools/xm-test/README Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/xm-test/README Tue Apr 25 23:35:55 2006 -0600 @@ -212,6 +212,24 @@ Known Issues Known Issues ============ +If you create a domain with a small amount of memory, under 32MBs, you +may run into out of memory situations for the domain. There's no way +to know the amount of memory needed by the kernel and modules used. Xm-test +uses 64MBs as default and that should work. If there are out of memory +issues, the default can be changed. Edit xm-test/lib/XmTestLib/XenDomain.py +and change ParavirtDefaults and HVMDefaults "memory". + +There are two tests that work with small memory, 15_create_smallmem_pos.py +and 16_create_smallmem_neg.py. The first makes sure the default 32 MBs +limit works. The second checks a low memory fail situation. These tests +are located in the xm-test/tests/create directory and can be easily edited +to change the MEM value they should test. If the 32MBs test fails, the +failure should be reported to the Xen xen-devel mailing list. The Xen +tools use 32MBs as a lower acceptable limit for domain creation. The Xen +mailing lists are located here: + +http://lists.xensource.com/ + Reporting Bugs ============== diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/lib/XmTestLib/Console.py --- a/tools/xm-test/lib/XmTestLib/Console.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/xm-test/lib/XmTestLib/Console.py Tue Apr 25 23:35:55 2006 -0600 @@ -46,7 +46,7 @@ class ConsoleError(Exception): class XmConsole: - def __init__(self, domain, historyLimit=256, historySaveAll=True, historySaveCmds=False): + def __init__(self, domain, historyLimit=256, historySaveAll=True, historySaveCmds=False, cLimit=131072): """ Parameters: historyLimit: specifies how many lines of history are maintained @@ -65,7 +65,7 @@ class XmConsole: self.historySaveAll = historySaveAll self.historySaveCmds = historySaveCmds self.debugMe = False - self.limit = None + self.limit = cLimit consoleCmd = ["/usr/sbin/xm", "xm", "console", domain] diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/lib/XmTestLib/XenDomain.py --- a/tools/xm-test/lib/XmTestLib/XenDomain.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/xm-test/lib/XmTestLib/XenDomain.py Tue Apr 25 23:35:55 2006 -0600 @@ -252,7 +252,7 @@ class XmTestDomain(XenDomain): waitForBoot() def minSafeMem(self): - return 16 + return 32 if __name__ == "__main__": diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/tests/create/15_create_smallmem_pos.py --- a/tools/xm-test/tests/create/15_create_smallmem_pos.py Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/xm-test/tests/create/15_create_smallmem_pos.py Tue Apr 25 23:35:55 2006 -0600 @@ -5,7 +5,8 @@ from XmTestLib import * -MEM = 16 +# 32MBs is the default lower limit for creating domains, it should work +MEM = 32 domain = XmTestDomain(extraConfig={"memory": MEM, "extra" :"mem=%iM" % MEM}) @@ -17,7 +18,6 @@ except DomainError, e: try: console = XmConsole(domain.getName()) - console.setLimit(65536) console.sendInput("input") console.runCmd("ls") except ConsoleError, e: diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/tests/create/Makefile.am --- a/tools/xm-test/tests/create/Makefile.am Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/xm-test/tests/create/Makefile.am Tue Apr 25 23:35:55 2006 -0600 @@ -13,7 +13,8 @@ TESTS = 01_create_basic_pos.test \ 12_create_concurrent_stress_pos.test \ 13_create_multinic_pos.test \ 14_create_blockroot_pos.test \ - 15_create_smallmem_pos.test + 15_create_smallmem_pos.test \ + 16_create_smallmem_neg.test EXTRA_DIST = $(TESTS) diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/tests/vtpm/Makefile.am --- a/tools/xm-test/tests/vtpm/Makefile.am Tue Apr 25 22:55:22 2006 -0600 +++ b/tools/xm-test/tests/vtpm/Makefile.am Tue Apr 25 23:35:55 2006 -0600 @@ -2,7 +2,8 @@ SUBDIRS = TESTS = 01_vtpm-list_pos.test \ 02_vtpm-cat_pcrs.test \ - 03_vtpm-susp_res.test + 03_vtpm-susp_res.test \ + 04_vtpm-loc_migr.test XFAIL_TESTS = diff -r 9a915e2828f3 -r ae709b250f43 xen/Makefile --- a/xen/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -13,12 +13,8 @@ default: build .PHONY: dist dist: install -.PHONY: debug -debug: - objdump -D -S $(TARGET)-syms > $(TARGET).s - .PHONY: build install clean cscope TAGS tags -build install clean cscope TAGS tags:: +build install debug clean cscope TAGS tags:: make -f Rules.mk _$@ .PHONY: _build @@ -37,6 +33,10 @@ _install: $(TARGET).gz $(INSTALL_DATA) include/public/*.h $(DESTDIR)/usr/include/xen $(INSTALL_DATA) include/public/io/*.h $(DESTDIR)/usr/include/xen/io $(INSTALL_DATA) include/public/COPYING $(DESTDIR)/usr/include/xen + +.PHONY: _debug +_debug: + objdump -D -S $(TARGET)-syms > $(TARGET).s .PHONY: _clean _clean: delete-unfresh-files diff -r 9a915e2828f3 -r ae709b250f43 xen/acm/acm_core.c --- a/xen/acm/acm_core.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/acm/acm_core.c Tue Apr 25 23:35:55 2006 -0600 @@ -70,14 +70,43 @@ acm_set_endian(void) u32 test = 1; if (*((u8 *)&test) == 1) { - printk("ACM module running in LITTLE ENDIAN.\n"); + printkd("ACM module running in LITTLE ENDIAN.\n"); little_endian = 1; } else { - printk("ACM module running in BIG ENDIAN.\n"); + printkd("ACM module running in BIG ENDIAN.\n"); little_endian = 0; } +} + +int +acm_set_policy_reference(u8 * buf, u32 buf_size) +{ + struct acm_policy_reference_buffer *pr = (struct acm_policy_reference_buffer *)buf; + acm_bin_pol.policy_reference_name = (char *)xmalloc_array(u8, ntohl(pr->len)); + + if (!acm_bin_pol.policy_reference_name) + return -ENOMEM; + + strcpy(acm_bin_pol.policy_reference_name, (char *)(buf + sizeof(struct acm_policy_reference_buffer))); + printk("%s: Activating policy %s\n", __func__, acm_bin_pol.policy_reference_name); + return 0; +} + +int +acm_dump_policy_reference(u8 *buf, u32 buf_size) +{ + struct acm_policy_reference_buffer *pr_buf = (struct acm_policy_reference_buffer *)buf; + int ret = sizeof(struct acm_policy_reference_buffer) + strlen(acm_bin_pol.policy_reference_name) + 1; + + if (buf_size < ret) + return -EINVAL; + + pr_buf->len = htonl(strlen(acm_bin_pol.policy_reference_name) + 1); /* including stringend '\0' */ + strcpy((char *)(buf + sizeof(struct acm_policy_reference_buffer)), + acm_bin_pol.policy_reference_name); + return ret; } int @@ -198,7 +227,7 @@ acm_setup(unsigned int *initrdidx, 0); if (rc == ACM_OK) { - printf("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); + printkd("Policy len 0x%lx, start at %p.\n",_policy_len,_policy_start); if (i == 1) { if (mbi->mods_count > 2) @@ -218,6 +247,8 @@ acm_setup(unsigned int *initrdidx, else { printk("Invalid policy. %d.th module line.\n", i+1); + /* load default policy later */ + acm_active_security_policy = ACM_POLICY_UNDEFINED; } } /* end if a binary policy definition, i.e., (ntohl(pol->magic) == ACM_MAGIC ) */ } @@ -239,10 +270,8 @@ acm_init(unsigned int *initrdidx, if (acm_active_security_policy != ACM_POLICY_UNDEFINED) { - printk("%s: Boot-Policy. Enforcing %s: Primary %s, Secondary %s.\n", __func__, - ACM_POLICY_NAME(acm_active_security_policy), - ACM_POLICY_NAME(acm_bin_pol.primary_policy_code), - ACM_POLICY_NAME(acm_bin_pol.secondary_policy_code)); + printk("%s: Enforcing %s boot policy.\n", __func__, + ACM_POLICY_NAME(acm_active_security_policy)); goto out; } /* else continue with the minimal hardcoded default startup policy */ @@ -254,6 +283,10 @@ acm_init(unsigned int *initrdidx, goto out; } acm_active_security_policy = ACM_DEFAULT_SECURITY_POLICY; + if (acm_active_security_policy != ACM_NULL_POLICY) + acm_bin_pol.policy_reference_name = "DEFAULT"; + else + acm_bin_pol.policy_reference_name = "NULL"; out: if (ret != ACM_OK) @@ -314,7 +347,7 @@ acm_init_domain_ssid(domid_t id, ssidref put_domain(subj); return ACM_INIT_SSID_ERROR; } - printk("%s: assigned domain %x the ssidref=%x.\n", + printkd("%s: assigned domain %x the ssidref=%x.\n", __func__, id, ssid->ssidref); put_domain(subj); return ACM_OK; diff -r 9a915e2828f3 -r ae709b250f43 xen/acm/acm_policy.c --- a/xen/acm/acm_policy.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/acm/acm_policy.c Tue Apr 25 23:35:55 2006 -0600 @@ -85,13 +85,19 @@ acm_set_policy(void *buf, u32 buf_size, /* get bin_policy lock and rewrite policy (release old one) */ write_lock(&acm_bin_pol_rwlock); - /* 3. set primary policy data */ + /* 3. set label reference name */ + if (acm_set_policy_reference(buf + ntohl(pol->policy_reference_offset), + ntohl(pol->primary_buffer_offset) - + ntohl(pol->policy_reference_offset))) + goto error_lock_free; + + /* 4. set primary policy data */ if (acm_primary_ops->set_binary_policy(buf + ntohl(pol->primary_buffer_offset), ntohl(pol->secondary_buffer_offset) - ntohl(pol->primary_buffer_offset))) goto error_lock_free; - /* 4. set secondary policy data */ + /* 5. set secondary policy data */ if (acm_secondary_ops->set_binary_policy(buf + ntohl(pol->secondary_buffer_offset), ntohl(pol->len) - ntohl(pol->secondary_buffer_offset))) @@ -130,9 +136,18 @@ acm_get_policy(void *buf, u32 buf_size) bin_pol->secondary_policy_code = htonl(acm_bin_pol.secondary_policy_code); bin_pol->len = htonl(sizeof(struct acm_policy_buffer)); + bin_pol->policy_reference_offset = htonl(ntohl(bin_pol->len)); bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len)); + ret = acm_dump_policy_reference(policy_buffer + ntohl(bin_pol->policy_reference_offset), + buf_size - ntohl(bin_pol->policy_reference_offset)); + if (ret < 0) + goto error_free_unlock; + + bin_pol->len = htonl(ntohl(bin_pol->len) + ret); + bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len)); + ret = acm_primary_ops->dump_binary_policy (policy_buffer + ntohl(bin_pol->primary_buffer_offset), buf_size - ntohl(bin_pol->primary_buffer_offset)); if (ret < 0) @@ -227,6 +242,14 @@ acm_get_ssid(ssidref_t ssidref, u8 *buf, acm_ssid->ssidref = ssidref; acm_ssid->primary_policy_code = acm_bin_pol.primary_policy_code; acm_ssid->secondary_policy_code = acm_bin_pol.secondary_policy_code; + + acm_ssid->policy_reference_offset = acm_ssid->len; + ret = acm_dump_policy_reference(ssid_buffer + acm_ssid->policy_reference_offset, + buf_size - acm_ssid->policy_reference_offset); + if (ret < 0) + goto error_free_unlock; + + acm_ssid->len += ret; acm_ssid->primary_types_offset = acm_ssid->len; /* ret >= 0 --> ret == max_types */ diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/boot/x86_64.S --- a/xen/arch/x86/boot/x86_64.S Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/boot/x86_64.S Tue Apr 25 23:35:55 2006 -0600 @@ -252,10 +252,10 @@ ENTRY(idle_pg_table_l3) ENTRY(idle_pg_table_l3) .quad idle_pg_table_l2 - __PAGE_OFFSET + 7 -/* Initial PDE -- level-2 page table. Maps first 64MB physical memory. */ +/* Initial PDE -- level-2 page table. Maps first 1GB physical memory. */ .org 0x4000 ENTRY(idle_pg_table_l2) - .macro identmap from=0, count=32 + .macro identmap from=0, count=512 .if \count-1 identmap "(\from+0)","(\count/2)" identmap "(\from+(0x200000*(\count/2)))","(\count/2)" diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/cpu/common.c --- a/xen/arch/x86/cpu/common.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/cpu/common.c Tue Apr 25 23:35:55 2006 -0600 @@ -575,6 +575,8 @@ void __devinit cpu_init(void) #if defined(CONFIG_X86_32) t->ss0 = __HYPERVISOR_DS; t->esp0 = get_stack_bottom(); + if ( supervisor_mode_kernel && cpu_has_sep ) + wrmsr(MSR_IA32_SYSENTER_ESP, &t->esp1, 0); #elif defined(CONFIG_X86_64) /* Bottom-of-stack must be 16-byte aligned! */ BUG_ON((get_stack_bottom() & 15) != 0); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/dom0_ops.c --- a/xen/arch/x86/dom0_ops.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/dom0_ops.c Tue Apr 25 23:35:55 2006 -0600 @@ -379,12 +379,23 @@ long arch_do_dom0_op(struct dom0_op *op, case DOM0_PLATFORM_QUIRK: { extern int opt_noirqbalance; - switch ( op->u.platform_quirk.quirk_id ) + int quirk_id = op->u.platform_quirk.quirk_id; + switch ( quirk_id ) { case QUIRK_NOIRQBALANCING: printk("Platform quirk -- Disabling IRQ balancing/affinity.\n"); opt_noirqbalance = 1; setup_ioapic_dest(); + break; + case QUIRK_IOAPIC_BAD_REGSEL: + case QUIRK_IOAPIC_GOOD_REGSEL: +#ifndef sis_apic_bug + sis_apic_bug = (quirk_id == QUIRK_IOAPIC_BAD_REGSEL); + DPRINTK("Domain 0 says that IO-APIC REGSEL is %s\n", + sis_apic_bug ? "bad" : "good"); +#else + BUG_ON(sis_apic_bug != (quirk_id == QUIRK_IOAPIC_BAD_REGSEL)); +#endif break; default: ret = -EINVAL; diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/domain.c --- a/xen/arch/x86/domain.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/domain.c Tue Apr 25 23:35:55 2006 -0600 @@ -21,6 +21,12 @@ #include <xen/softirq.h> #include <xen/grant_table.h> #include <xen/iocap.h> +#include <xen/kernel.h> +#include <xen/multicall.h> +#include <xen/irq.h> +#include <xen/event.h> +#include <xen/console.h> +#include <xen/percpu.h> #include <asm/regs.h> #include <asm/mc146818rtc.h> #include <asm/system.h> @@ -30,22 +36,12 @@ #include <asm/i387.h> #include <asm/mpspec.h> #include <asm/ldt.h> -#include <xen/irq.h> -#include <xen/event.h> #include <asm/shadow.h> -#include <xen/console.h> -#include <xen/elf.h> #include <asm/hvm/hvm.h> #include <asm/hvm/support.h> #include <asm/msr.h> -#include <xen/kernel.h> -#include <xen/multicall.h> - -struct percpu_ctxt { - struct vcpu *curr_vcpu; - unsigned int dirty_segment_mask; -} __cacheline_aligned; -static struct percpu_ctxt percpu_ctxt[NR_CPUS]; + +DEFINE_PER_CPU(struct vcpu *, curr_vcpu); static void paravirt_ctxt_switch_from(struct vcpu *v); static void paravirt_ctxt_switch_to(struct vcpu *v); @@ -121,11 +117,6 @@ void dump_pageframe_info(struct domain * _p(page_to_maddr(page)), _p(page_to_mfn(page)), page->count_info, page->u.inuse.type_info); } -} - -void set_current_execstate(struct vcpu *v) -{ - percpu_ctxt[smp_processor_id()].curr_vcpu = v; } struct vcpu *alloc_vcpu_struct(struct domain *d, unsigned int vcpu_id) @@ -459,6 +450,7 @@ void new_thread(struct vcpu *d, * allowing load_segments() to avoid some expensive segment loads and * MSR writes. */ +static DEFINE_PER_CPU(unsigned int, dirty_segment_mask); #define DIRTY_DS 0x01 #define DIRTY_ES 0x02 #define DIRTY_FS 0x04 @@ -473,8 +465,8 @@ static void load_segments(struct vcpu *n unsigned int dirty_segment_mask, cpu = smp_processor_id(); /* Load and clear the dirty segment mask. */ - dirty_segment_mask = percpu_ctxt[cpu].dirty_segment_mask; - percpu_ctxt[cpu].dirty_segment_mask = 0; + dirty_segment_mask = per_cpu(dirty_segment_mask, cpu); + per_cpu(dirty_segment_mask, cpu) = 0; /* Either selector != 0 ==> reload. */ if ( unlikely((dirty_segment_mask & DIRTY_DS) | nctxt->user_regs.ds) ) @@ -601,7 +593,7 @@ static void save_segments(struct vcpu *v dirty_segment_mask |= DIRTY_GS_BASE_USER; } - percpu_ctxt[smp_processor_id()].dirty_segment_mask = dirty_segment_mask; + this_cpu(dirty_segment_mask) = dirty_segment_mask; } #define switch_kernel_stack(v) ((void)0) @@ -638,7 +630,7 @@ static void __context_switch(void) { struct cpu_user_regs *stack_regs = guest_cpu_user_regs(); unsigned int cpu = smp_processor_id(); - struct vcpu *p = percpu_ctxt[cpu].curr_vcpu; + struct vcpu *p = per_cpu(curr_vcpu, cpu); struct vcpu *n = current; ASSERT(p != n); @@ -692,7 +684,7 @@ static void __context_switch(void) cpu_clear(cpu, p->domain->domain_dirty_cpumask); cpu_clear(cpu, p->vcpu_dirty_cpumask); - percpu_ctxt[cpu].curr_vcpu = n; + per_cpu(curr_vcpu, cpu) = n; } @@ -716,7 +708,7 @@ void context_switch(struct vcpu *prev, s set_current(next); - if ( (percpu_ctxt[cpu].curr_vcpu == next) || is_idle_vcpu(next) ) + if ( (per_cpu(curr_vcpu, cpu) == next) || is_idle_vcpu(next) ) { local_irq_enable(); } @@ -758,7 +750,7 @@ int __sync_lazy_execstate(void) local_irq_save(flags); - switch_required = (percpu_ctxt[smp_processor_id()].curr_vcpu != current); + switch_required = (this_cpu(curr_vcpu) != current); if ( switch_required ) __context_switch(); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/domain_build.c --- a/xen/arch/x86/domain_build.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/domain_build.c Tue Apr 25 23:35:55 2006 -0600 @@ -443,7 +443,7 @@ int construct_dom0(struct domain *d, v->arch.guest_table = mk_pagetable((unsigned long)l3start); #else l2start = l2tab = (l2_pgentry_t *)mpt_alloc; mpt_alloc += PAGE_SIZE; - memcpy(l2tab, &idle_pg_table[0], PAGE_SIZE); + memcpy(l2tab, idle_pg_table, PAGE_SIZE); l2tab[LINEAR_PT_VIRT_START >> L2_PAGETABLE_SHIFT] = l2e_from_paddr((unsigned long)l2start, __PAGE_HYPERVISOR); v->arch.guest_table = mk_pagetable((unsigned long)l2start); @@ -569,7 +569,7 @@ int construct_dom0(struct domain *d, /* WARNING: The new domain must have its 'processor' field filled in! */ maddr_to_page(mpt_alloc)->u.inuse.type_info = PGT_l4_page_table; l4start = l4tab = __va(mpt_alloc); mpt_alloc += PAGE_SIZE; - memcpy(l4tab, &idle_pg_table[0], PAGE_SIZE); + memcpy(l4tab, idle_pg_table, PAGE_SIZE); l4tab[l4_table_offset(LINEAR_PT_VIRT_START)] = l4e_from_paddr(__pa(l4start), __PAGE_HYPERVISOR); l4tab[l4_table_offset(PERDOMAIN_VIRT_START)] = diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/genapic/probe.c --- a/xen/arch/x86/genapic/probe.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/genapic/probe.c Tue Apr 25 23:35:55 2006 -0600 @@ -81,9 +81,11 @@ int __init mps_oem_check(struct mp_confi int i; for (i = 0; apic_probe[i]; ++i) { if (apic_probe[i]->mps_oem_check(mpc,oem,productid)) { - genapic = apic_probe[i]; - printk(KERN_INFO "Switched to APIC driver `%s'.\n", - genapic->name); + if (!cmdline_apic) { + genapic = apic_probe[i]; + printk(KERN_INFO "Switched to APIC driver `%s'.\n", + genapic->name); + } return 1; } } @@ -95,9 +97,11 @@ int __init acpi_madt_oem_check(char *oem int i; for (i = 0; apic_probe[i]; ++i) { if (apic_probe[i]->acpi_madt_oem_check(oem_id, oem_table_id)) { - genapic = apic_probe[i]; - printk(KERN_INFO "Switched to APIC driver `%s'.\n", - genapic->name); + if (!cmdline_apic) { + genapic = apic_probe[i]; + printk(KERN_INFO "Switched to APIC driver `%s'.\n", + genapic->name); + } return 1; } } diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/Makefile --- a/xen/arch/x86/hvm/Makefile Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/Makefile Tue Apr 25 23:35:55 2006 -0600 @@ -2,6 +2,7 @@ subdir-y += vmx subdir-y += vmx obj-y += hvm.o +obj-y += i8254.o obj-y += i8259.o obj-y += intercept.o obj-y += io.o diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/hvm.c --- a/xen/arch/x86/hvm/hvm.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/hvm.c Tue Apr 25 23:35:55 2006 -0600 @@ -203,6 +203,8 @@ void hvm_setup_platform(struct domain* d spin_lock_init(&d->arch.hvm_domain.round_robin_lock); hvm_vioapic_init(d); } + + pit_init(&platform->vpit, current); } void pic_irq_request(void *data, int level) diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/intercept.c --- a/xen/arch/x86/hvm/intercept.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/intercept.c Tue Apr 25 23:35:55 2006 -0600 @@ -206,139 +206,6 @@ int register_io_handler(unsigned long ad return 1; } -static void pit_cal_count(struct hvm_virpit *vpit) -{ - u64 nsec_delta = (unsigned int)((NOW() - vpit->count_point)); - - nsec_delta += vpit->count_advance; - if (nsec_delta > vpit->period) - HVM_DBG_LOG(DBG_LEVEL_1, - "HVM_PIT: long time has passed from last injection!"); - - if(vpit->init_val == 0) - { - printk("PIT init value == 0!\n"); - domain_crash_synchronous(); - } - - vpit->count = vpit->init_val - - ((nsec_delta * PIT_FREQ / 1000000000ULL) % vpit->init_val); -} - -static void pit_latch_io(struct hvm_virpit *vpit) -{ - pit_cal_count(vpit); - - switch(vpit->read_state) { - case MSByte: - vpit->count_MSB_latched=1; - break; - case LSByte: - vpit->count_LSB_latched=1; - break; - case LSByte_multiple: - vpit->count_LSB_latched=1; - vpit->count_MSB_latched=1; - break; - case MSByte_multiple: - HVM_DBG_LOG(DBG_LEVEL_1, - "HVM_PIT: latch PIT counter before MSB_multiple!"); - vpit->read_state=LSByte_multiple; - vpit->count_LSB_latched=1; - vpit->count_MSB_latched=1; - break; - default: - domain_crash_synchronous(); - } -} - -static int pit_read_io(struct hvm_virpit *vpit) -{ - if(vpit->count_LSB_latched) { - /* Read Least Significant Byte */ - if(vpit->read_state==LSByte_multiple) { - vpit->read_state=MSByte_multiple; - } - vpit->count_LSB_latched=0; - return (vpit->count & 0xFF); - } else if(vpit->count_MSB_latched) { - /* Read Most Significant Byte */ - if(vpit->read_state==MSByte_multiple) { - vpit->read_state=LSByte_multiple; - } - vpit->count_MSB_latched=0; - return ((vpit->count>>8) & 0xFF); - } else { - /* Unlatched Count Read */ - HVM_DBG_LOG(DBG_LEVEL_1, "HVM_PIT: unlatched read"); - pit_cal_count(vpit); - if(!(vpit->read_state & 0x1)) { - /* Read Least Significant Byte */ - if(vpit->read_state==LSByte_multiple) { - vpit->read_state=MSByte_multiple; - } - return (vpit->count & 0xFF); - } else { - /* Read Most Significant Byte */ - if(vpit->read_state==MSByte_multiple) { - vpit->read_state=LSByte_multiple; - } - return ((vpit->count>>8) & 0xFF); - } - } -} - -/* hvm_io_assist light-weight version, specific to PIT DM */ -static void resume_pit_io(ioreq_t *p) -{ - struct cpu_user_regs *regs = guest_cpu_user_regs(); - unsigned long old_eax = regs->eax; - p->state = STATE_INVALID; - - switch(p->size) { - case 1: - regs->eax = (old_eax & 0xffffff00) | (p->u.data & 0xff); - break; - case 2: - regs->eax = (old_eax & 0xffff0000) | (p->u.data & 0xffff); - break; - case 4: - regs->eax = (p->u.data & 0xffffffff); - break; - default: - BUG(); - } -} - -/* the intercept action for PIT DM retval:0--not handled; 1--handled */ -int intercept_pit_io(ioreq_t *p) -{ - struct vcpu *v = current; - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); - - if (p->size != 1 || - p->pdata_valid || - p->type != IOREQ_TYPE_PIO) - return 0; - - if (p->addr == PIT_MODE && - p->dir == 0 && /* write */ - ((p->u.data >> 4) & 0x3) == 0 && /* latch command */ - ((p->u.data >> 6) & 0x3) == (vpit->channel)) {/* right channel */ - pit_latch_io(vpit); - return 1; - } - - if (p->addr == (PIT_CH0 + vpit->channel) && - p->dir == 1) { /* read */ - p->u.data = pit_read_io(vpit); - resume_pit_io(p); - return 1; - } - - return 0; -} - /* hooks function for the HLT instruction emulation wakeup */ void hlt_timer_fn(void *data) { @@ -347,109 +214,6 @@ void hlt_timer_fn(void *data) evtchn_set_pending(v, iopacket_port(v)); } -static __inline__ void missed_ticks(struct hvm_virpit*vpit) -{ - int missed_ticks; - - missed_ticks = (NOW() - vpit->scheduled)/(s_time_t) vpit->period; - if ( missed_ticks++ >= 0 ) { - vpit->pending_intr_nr += missed_ticks; - vpit->scheduled += missed_ticks * vpit->period; - } -} - -/* hooks function for the PIT when the guest is active */ -static void pit_timer_fn(void *data) -{ - struct vcpu *v = data; - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); - - /* pick up missed timer tick */ - missed_ticks(vpit); - if ( test_bit(_VCPUF_running, &v->vcpu_flags) ) { - set_timer(&vpit->pit_timer, vpit->scheduled); - } -} - -/* pick up missed timer ticks at deactive time */ -void pickup_deactive_ticks(struct hvm_virpit *vpit) -{ - if ( !active_timer(&(vpit->pit_timer)) ) { - missed_ticks(vpit); - set_timer(&vpit->pit_timer, vpit->scheduled); - } -} - -/* Only some PIT operations such as load init counter need a hypervisor hook. - * leave all other operations in user space DM - */ -void hvm_hooks_assist(struct vcpu *v) -{ - vcpu_iodata_t *vio = get_vio(v->domain, v->vcpu_id); - ioreq_t *p = &vio->vp_ioreq; - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); - int rw_mode, reinit = 0; - - /* load init count*/ - if (p->state == STATE_IORESP_HOOK) { - /* set up actimer, handle re-init */ - if ( active_timer(&(vpit->pit_timer)) ) { - HVM_DBG_LOG(DBG_LEVEL_1, "HVM_PIT: guest reset PIT with channel %lx!\n", (unsigned long) ((p->u.data >> 24) & 0x3) ); - stop_timer(&(vpit->pit_timer)); - reinit = 1; - - } - else { - init_timer(&vpit->pit_timer, pit_timer_fn, v, v->processor); - } - - /* init count for this channel */ - vpit->init_val = (p->u.data & 0xFFFF) ; - /* frequency(ns) of pit */ - vpit->period = DIV_ROUND(((vpit->init_val) * 1000000000ULL), PIT_FREQ); - HVM_DBG_LOG(DBG_LEVEL_1,"HVM_PIT: guest set init pit freq:%u ns, initval:0x%x\n", vpit->period, vpit->init_val); - if (vpit->period < 900000) { /* < 0.9 ms */ - printk("HVM_PIT: guest programmed too small an init_val: %x\n", - vpit->init_val); - vpit->period = 1000000; - } - vpit->period_cycles = (u64)vpit->period * cpu_khz / 1000000L; - printk("HVM_PIT: guest freq in cycles=%lld\n",(long long)vpit->period_cycles); - - vpit->channel = ((p->u.data >> 24) & 0x3); - vpit->first_injected = 0; - - vpit->count_LSB_latched = 0; - vpit->count_MSB_latched = 0; - - rw_mode = ((p->u.data >> 26) & 0x3); - switch(rw_mode) { - case 0x1: - vpit->read_state=LSByte; - break; - case 0x2: - vpit->read_state=MSByte; - break; - case 0x3: - vpit->read_state=LSByte_multiple; - break; - default: - printk("HVM_PIT:wrong PIT rw_mode!\n"); - break; - } - - vpit->scheduled = NOW() + vpit->period; - set_timer(&vpit->pit_timer, vpit->scheduled); - - /*restore the state*/ - p->state = STATE_IORESP_READY; - - /* register handler to intercept the PIT io when vm_exit */ - if (!reinit) { - register_portio_handler(0x40, 4, intercept_pit_io); - } - } -} /* * Local variables: diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/io.c --- a/xen/arch/x86/hvm/io.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/io.c Tue Apr 25 23:35:55 2006 -0600 @@ -674,8 +674,6 @@ void hvm_io_assist(struct vcpu *v) } p = &vio->vp_ioreq; - if (p->state == STATE_IORESP_HOOK) - hvm_hooks_assist(v); /* clear IO wait HVM flag */ if (test_bit(ARCH_HVM_IO_WAIT, &v->arch.hvm_vcpu.ioflags)) { diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/svm/intr.c --- a/xen/arch/x86/hvm/svm/intr.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/svm/intr.c Tue Apr 25 23:35:55 2006 -0600 @@ -46,44 +46,43 @@ u64 svm_get_guest_time(struct vcpu *v) { - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + struct hvm_time_info *time_info = &(v->domain->arch.hvm_domain.vpit.time_info); u64 host_tsc; rdtscll(host_tsc); - return host_tsc + vpit->cache_tsc_offset; + return host_tsc + time_info->cache_tsc_offset; } void svm_set_guest_time(struct vcpu *v, u64 gtime) { - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + struct hvm_time_info *time_info = &(v->domain->arch.hvm_domain.vpit.time_info); u64 host_tsc; rdtscll(host_tsc); - vpit->cache_tsc_offset = gtime - host_tsc; - v->arch.hvm_svm.vmcb->tsc_offset = vpit->cache_tsc_offset; + time_info->cache_tsc_offset = gtime - host_tsc; + v->arch.hvm_svm.vmcb->tsc_offset = time_info->cache_tsc_offset; } static inline void interrupt_post_injection(struct vcpu * v, int vector, int type) { struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + struct hvm_time_info *time_info = &vpit->time_info; if ( is_pit_irq(v, vector, type) ) { - if ( !vpit->first_injected ) { - vpit->pending_intr_nr = 0; - vpit->last_pit_gtime = svm_get_guest_time(v); - vpit->scheduled = NOW() + vpit->period; - set_timer(&vpit->pit_timer, vpit->scheduled); - vpit->first_injected = 1; + if ( !time_info->first_injected ) { + time_info->pending_intr_nr = 0; + time_info->last_pit_gtime = svm_get_guest_time(v); + time_info->first_injected = 1; } else { - vpit->pending_intr_nr--; + time_info->pending_intr_nr--; } - vpit->count_advance = 0; - vpit->count_point = NOW(); - - vpit->last_pit_gtime += vpit->period_cycles; - svm_set_guest_time(v, vpit->last_pit_gtime); + time_info->count_advance = 0; + time_info->count_point = NOW(); + + time_info->last_pit_gtime += time_info->period_cycles; + svm_set_guest_time(v, time_info->last_pit_gtime); } switch(type) @@ -123,6 +122,7 @@ asmlinkage void svm_intr_assist(void) struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; struct hvm_domain *plat=&v->domain->arch.hvm_domain; struct hvm_virpit *vpit = &plat->vpit; + struct hvm_time_info *time_info = &vpit->time_info; struct hvm_virpic *pic= &plat->vpic; int intr_type = VLAPIC_DELIV_MODE_EXT; int intr_vector = -1; @@ -185,7 +185,7 @@ asmlinkage void svm_intr_assist(void) if ( cpu_has_pending_irq(v) ) { intr_vector = cpu_get_interrupt(v, &intr_type); } - else if ( (v->vcpu_id == 0) && vpit->pending_intr_nr ) { + else if ( (v->vcpu_id == 0) && time_info->pending_intr_nr ) { pic_set_irq(pic, 0, 0); pic_set_irq(pic, 0, 1); intr_vector = cpu_get_interrupt(v, &intr_type); @@ -201,7 +201,7 @@ asmlinkage void svm_intr_assist(void) /* Re-injecting a PIT interruptt? */ if (re_injecting && is_pit_irq(v, intr_vector, intr_type)) { - ++vpit->pending_intr_nr; + ++time_info->pending_intr_nr; } /* let's inject this interrupt */ TRACE_3D(TRC_VMX_INT, v->domain->domain_id, intr_vector, 0); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/svm/svm.c --- a/xen/arch/x86/hvm/svm/svm.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/svm/svm.c Tue Apr 25 23:35:55 2006 -0600 @@ -675,12 +675,12 @@ static void arch_svm_do_launch(struct vc static void svm_freeze_time(struct vcpu *v) { - struct hvm_virpit *vpit = &v->domain->arch.hvm_domain.vpit; + struct hvm_time_info *time_info = &v->domain->arch.hvm_domain.vpit.time_info; - if ( vpit->first_injected && !v->domain->arch.hvm_domain.guest_time ) { + if ( time_info->first_injected && !v->domain->arch.hvm_domain.guest_time ) { v->domain->arch.hvm_domain.guest_time = svm_get_guest_time(v); - vpit->count_advance += (NOW() - vpit->count_point); - stop_timer(&(vpit->pit_timer)); + time_info->count_advance += (NOW() - time_info->count_point); + stop_timer(&(time_info->pit_timer)); } } @@ -750,7 +750,7 @@ static void svm_relinquish_guest_resourc } } - kill_timer(&d->arch.hvm_domain.vpit.pit_timer); + kill_timer(&d->arch.hvm_domain.vpit.time_info.pit_timer); if ( d->arch.hvm_domain.shared_page_va ) unmap_domain_page_global( @@ -780,10 +780,10 @@ void arch_svm_do_resume(struct vcpu *v) void svm_migrate_timers(struct vcpu *v) { - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); - - migrate_timer( &vpit->pit_timer, v->processor ); - migrate_timer( &v->arch.hvm_svm.hlt_timer, v->processor ); + struct hvm_time_info *time_info = &v->domain->arch.hvm_domain.vpit.time_info; + + migrate_timer(&time_info->pit_timer, v->processor); + migrate_timer(&v->arch.hvm_svm.hlt_timer, v->processor); if ( hvm_apic_support(v->domain) && VLAPIC( v )) migrate_timer( &(VLAPIC(v)->vlapic_timer ), v->processor ); } @@ -931,7 +931,13 @@ static void svm_vmexit_do_cpuid(struct v { if ( !hvm_apic_support(v->domain) || !vlapic_global_enabled((VLAPIC(v))) ) + { clear_bit(X86_FEATURE_APIC, &edx); + /* Since the apic is disabled, avoid any confusion about SMP cpus being available */ + clear_bit(X86_FEATURE_HT, &edx); /* clear the hyperthread bit */ + ebx &= 0xFF00FFFF; /* set the logical processor count to 1 */ + ebx |= 0x00010000; + } #if CONFIG_PAGING_LEVELS < 3 clear_bit(X86_FEATURE_NX, &edx); @@ -1843,11 +1849,11 @@ static inline void svm_do_msr_access(str switch (regs->ecx) { case MSR_IA32_TIME_STAMP_COUNTER: { - struct hvm_virpit *vpit; + struct hvm_time_info *time_info; rdtscll(msr_content); - vpit = &(v->domain->arch.hvm_domain.vpit); - msr_content += vpit->cache_tsc_offset; + time_info = &v->domain->arch.hvm_domain.vpit.time_info; + msr_content += time_info->cache_tsc_offset; break; } case MSR_IA32_SYSENTER_CS: diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/svm/vmcb.c --- a/xen/arch/x86/hvm/svm/vmcb.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/svm/vmcb.c Tue Apr 25 23:35:55 2006 -0600 @@ -478,14 +478,15 @@ void svm_do_resume(struct vcpu *v) { struct domain *d = v->domain; struct hvm_virpit *vpit = &d->arch.hvm_domain.vpit; + struct hvm_time_info *time_info = &vpit->time_info; svm_stts(v); /* pick up the elapsed PIT ticks and re-enable pit_timer */ - if ( vpit->first_injected ) { + if ( time_info->first_injected ) { if ( v->domain->arch.hvm_domain.guest_time ) { svm_set_guest_time(v, v->domain->arch.hvm_domain.guest_time); - vpit->count_point = NOW(); + time_info->count_point = NOW(); v->domain->arch.hvm_domain.guest_time = 0; } pickup_deactive_ticks(vpit); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/vmx/io.c --- a/xen/arch/x86/hvm/vmx/io.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/vmx/io.c Tue Apr 25 23:35:55 2006 -0600 @@ -51,44 +51,43 @@ void __set_tsc_offset(u64 offset) u64 get_guest_time(struct vcpu *v) { - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + struct hvm_time_info *time_info = &(v->domain->arch.hvm_domain.vpit.time_info); u64 host_tsc; rdtscll(host_tsc); - return host_tsc + vpit->cache_tsc_offset; + return host_tsc + time_info->cache_tsc_offset; } void set_guest_time(struct vcpu *v, u64 gtime) { - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + struct hvm_time_info *time_info = &(v->domain->arch.hvm_domain.vpit.time_info); u64 host_tsc; rdtscll(host_tsc); - vpit->cache_tsc_offset = gtime - host_tsc; - __set_tsc_offset(vpit->cache_tsc_offset); + time_info->cache_tsc_offset = gtime - host_tsc; + __set_tsc_offset(time_info->cache_tsc_offset); } static inline void interrupt_post_injection(struct vcpu * v, int vector, int type) { struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + struct hvm_time_info *time_info = &vpit->time_info; if ( is_pit_irq(v, vector, type) ) { - if ( !vpit->first_injected ) { - vpit->pending_intr_nr = 0; - vpit->last_pit_gtime = get_guest_time(v); - vpit->scheduled = NOW() + vpit->period; - set_timer(&vpit->pit_timer, vpit->scheduled); - vpit->first_injected = 1; + if ( !time_info->first_injected ) { + time_info->pending_intr_nr = 0; + time_info->last_pit_gtime = get_guest_time(v); + time_info->first_injected = 1; } else { - vpit->pending_intr_nr--; - } - vpit->count_advance = 0; - vpit->count_point = NOW(); - - vpit->last_pit_gtime += vpit->period_cycles; - set_guest_time(v, vpit->last_pit_gtime); + time_info->pending_intr_nr--; + } + time_info->count_advance = 0; + time_info->count_point = NOW(); + + time_info->last_pit_gtime += time_info->period_cycles; + set_guest_time(v, time_info->last_pit_gtime); } switch(type) @@ -152,19 +151,43 @@ asmlinkage void vmx_intr_assist(void) unsigned long eflags; struct vcpu *v = current; struct hvm_domain *plat=&v->domain->arch.hvm_domain; - struct hvm_virpit *vpit = &plat->vpit; + struct hvm_time_info *time_info = &plat->vpit.time_info; struct hvm_virpic *pic= &plat->vpic; + unsigned int idtv_info_field; + unsigned long inst_len; + int has_ext_irq; if ( v->vcpu_id == 0 ) hvm_pic_assist(v); - if ( (v->vcpu_id == 0) && vpit->pending_intr_nr ) { + if ( (v->vcpu_id == 0) && time_info->pending_intr_nr ) { pic_set_irq(pic, 0, 0); pic_set_irq(pic, 0, 1); } - if ( !cpu_has_pending_irq(v) ) return; - + has_ext_irq = cpu_has_pending_irq(v); + __vmread(IDT_VECTORING_INFO_FIELD, &idtv_info_field); + if (idtv_info_field & INTR_INFO_VALID_MASK) { + __vmwrite(VM_ENTRY_INTR_INFO_FIELD, idtv_info_field); + + __vmread(VM_EXIT_INSTRUCTION_LEN, &inst_len); + if (inst_len >= 1 && inst_len <= 15) + __vmwrite(VM_ENTRY_INSTRUCTION_LEN, inst_len); + + if (idtv_info_field & 0x800) { /* valid error code */ + unsigned long error_code; + __vmread(IDT_VECTORING_ERROR_CODE, &error_code); + __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code); + } + if ( has_ext_irq ) + enable_irq_window(v); + + HVM_DBG_LOG(DBG_LEVEL_1, "idtv_info_field=%x", idtv_info_field); + + return; + } + + if ( !has_ext_irq ) return; if ( is_interruptibility_state() ) { /* pre-cleared for emulated instruction */ enable_irq_window(v); HVM_DBG_LOG(DBG_LEVEL_1, "interruptibility"); @@ -203,13 +226,14 @@ void vmx_do_resume(struct vcpu *v) { struct domain *d = v->domain; struct hvm_virpit *vpit = &v->domain->arch.hvm_domain.vpit; + struct hvm_time_info *time_info = &vpit->time_info; vmx_stts(); /* pick up the elapsed PIT ticks and re-enable pit_timer */ - if ( vpit->first_injected ) { + if ( time_info->first_injected ) { if ( v->domain->arch.hvm_domain.guest_time ) { - vpit->count_point = NOW(); + time_info->count_point = NOW(); set_guest_time(v, v->domain->arch.hvm_domain.guest_time); v->domain->arch.hvm_domain.guest_time = 0; } diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/hvm/vmx/vmx.c Tue Apr 25 23:35:55 2006 -0600 @@ -102,7 +102,7 @@ static void vmx_relinquish_guest_resourc } } - kill_timer(&d->arch.hvm_domain.vpit.pit_timer); + kill_timer(&d->arch.hvm_domain.vpit.time_info.pit_timer); if ( d->arch.hvm_domain.shared_page_va ) unmap_domain_page_global( @@ -358,12 +358,12 @@ static inline int long_mode_do_msr_write static void vmx_freeze_time(struct vcpu *v) { - struct hvm_virpit *vpit = &v->domain->arch.hvm_domain.vpit; + struct hvm_time_info *time_info = &(v->domain->arch.hvm_domain.vpit.time_info); - if ( vpit->first_injected && !v->domain->arch.hvm_domain.guest_time ) { + if ( time_info->first_injected && !v->domain->arch.hvm_domain.guest_time ) { v->domain->arch.hvm_domain.guest_time = get_guest_time(v); - vpit->count_advance += (NOW() - vpit->count_point); - stop_timer(&(vpit->pit_timer)); + time_info->count_advance += (NOW() - time_info->count_point); + stop_timer(&(time_info->pit_timer)); } } @@ -393,9 +393,9 @@ int vmx_initialize_guest_resources(struc void vmx_migrate_timers(struct vcpu *v) { - struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); - - migrate_timer(&vpit->pit_timer, v->processor); + struct hvm_time_info *time_info = &v->domain->arch.hvm_domain.vpit.time_info; + + migrate_timer(&time_info->pit_timer, v->processor); migrate_timer(&v->arch.hvm_vmx.hlt_timer, v->processor); if ( hvm_apic_support(v->domain) && VLAPIC(v)) migrate_timer(&(VLAPIC(v)->vlapic_timer), v->processor); @@ -828,9 +828,16 @@ static void vmx_vmexit_do_cpuid(struct c if ( input == 1 ) { - if ( hvm_apic_support(v->domain) && + if ( !hvm_apic_support(v->domain) || !vlapic_global_enabled((VLAPIC(v))) ) + { clear_bit(X86_FEATURE_APIC, &edx); + /* Since the apic is disabled, avoid any confusion about SMP cpus being available */ + clear_bit(X86_FEATURE_HT, &edx); /* clear the hyperthread bit */ + ebx &= 0xFF00FFFF; /* set the logical processor count to 1 */ + ebx |= 0x00010000; + } + #if CONFIG_PAGING_LEVELS < 3 clear_bit(X86_FEATURE_PAE, &edx); @@ -1836,11 +1843,11 @@ static inline void vmx_do_msr_read(struc switch (regs->ecx) { case MSR_IA32_TIME_STAMP_COUNTER: { - struct hvm_virpit *vpit; + struct hvm_time_info *time_info; rdtscll(msr_content); - vpit = &(v->domain->arch.hvm_domain.vpit); - msr_content += vpit->cache_tsc_offset; + time_info = &(v->domain->arch.hvm_domain.vpit.time_info); + msr_content += time_info->cache_tsc_offset; break; } case MSR_IA32_SYSENTER_CS: @@ -2039,7 +2046,7 @@ void restore_cpu_user_regs(struct cpu_us asmlinkage void vmx_vmexit_handler(struct cpu_user_regs regs) { - unsigned int exit_reason, idtv_info_field; + unsigned int exit_reason; unsigned long exit_qualification, eip, inst_len = 0; struct vcpu *v = current; int error; @@ -2048,23 +2055,6 @@ asmlinkage void vmx_vmexit_handler(struc __hvm_bug(®s); perfc_incra(vmexits, exit_reason); - - __vmread(IDT_VECTORING_INFO_FIELD, &idtv_info_field); - if (idtv_info_field & INTR_INFO_VALID_MASK) { - __vmwrite(VM_ENTRY_INTR_INFO_FIELD, idtv_info_field); - - __vmread(VM_EXIT_INSTRUCTION_LEN, &inst_len); - if (inst_len >= 1 && inst_len <= 15) - __vmwrite(VM_ENTRY_INSTRUCTION_LEN, inst_len); - - if (idtv_info_field & 0x800) { /* valid error code */ - unsigned long error_code; - __vmread(IDT_VECTORING_ERROR_CODE, &error_code); - __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code); - } - - HVM_DBG_LOG(DBG_LEVEL_1, "idtv_info_field=%x", idtv_info_field); - } /* don't bother H/W interrutps */ if (exit_reason != EXIT_REASON_EXTERNAL_INTERRUPT && diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/io_apic.c --- a/xen/arch/x86/io_apic.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/io_apic.c Tue Apr 25 23:35:55 2006 -0600 @@ -48,8 +48,17 @@ static struct { int pin, apic; } ioapic_ static struct { int pin, apic; } ioapic_i8259 = { -1, -1 }; static DEFINE_SPINLOCK(ioapic_lock); +static DEFINE_SPINLOCK(vector_lock); int skip_ioapic_setup; + +#ifndef sis_apic_bug +/* + * Is the SiS APIC rmw bug present? + * -1 = don't know, 0 = no, 1 = yes + */ +int sis_apic_bug = -1; +#endif /* * # of IRQ routing registers @@ -661,11 +670,17 @@ u8 irq_vector[NR_IRQ_VECTORS] __read_mos int assign_irq_vector(int irq) { - static int current_vector = FIRST_DYNAMIC_VECTOR, offset = 0; + static unsigned current_vector = FIRST_DYNAMIC_VECTOR, offset = 0; + unsigned vector; BUG_ON(irq >= NR_IRQ_VECTORS); - if (irq != AUTO_ASSIGN && IO_APIC_VECTOR(irq) > 0) + spin_lock(&vector_lock); + + if (irq != AUTO_ASSIGN && IO_APIC_VECTOR(irq) > 0) { + spin_unlock(&vector_lock); return IO_APIC_VECTOR(irq); + } + next: current_vector += 8; @@ -679,16 +694,21 @@ next: if (current_vector > LAST_DYNAMIC_VECTOR) { offset++; - if (!(offset%8)) + if (!(offset%8)) { + spin_unlock(&vector_lock); return -ENOSPC; + } current_vector = FIRST_DYNAMIC_VECTOR + offset; } - vector_irq[current_vector] = irq; + vector = current_vector; + vector_irq[vector] = irq; if (irq != AUTO_ASSIGN) - IO_APIC_VECTOR(irq) = current_vector; - - return current_vector; + IO_APIC_VECTOR(irq) = vector; + + spin_unlock(&vector_lock); + + return vector; } static struct hw_interrupt_type ioapic_level_type; diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/irq.c --- a/xen/arch/x86/irq.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/irq.c Tue Apr 25 23:35:55 2006 -0600 @@ -198,7 +198,7 @@ static void __do_IRQ_guest(int vector) { d = action->guest[i]; if ( (action->ack_type != ACKTYPE_NONE) && - !test_and_set_bit(irq, &d->pirq_mask) ) + !test_and_set_bit(irq, d->pirq_mask) ) action->in_flight++; send_guest_pirq(d, irq); } @@ -235,7 +235,7 @@ static void __set_eoi_ready(irq_desc_t * if ( !(desc->status & IRQ_GUEST) || (action->in_flight != 0) || - !test_and_clear_bit(cpu, &action->cpu_eoi_map) ) + !cpu_test_and_clear(cpu, action->cpu_eoi_map) ) return; sp = pending_eoi_sp(cpu); @@ -285,7 +285,7 @@ static void flush_all_pending_eoi(void * ASSERT(action->ack_type == ACKTYPE_EOI); ASSERT(desc->status & IRQ_GUEST); for ( i = 0; i < action->nr_guests; i++ ) - clear_bit(vector_to_irq(vector), &action->guest[i]->pirq_mask); + clear_bit(vector_to_irq(vector), action->guest[i]->pirq_mask); action->in_flight = 0; spin_unlock(&desc->lock); } @@ -310,8 +310,8 @@ int pirq_guest_unmask(struct domain *d) spin_lock_irq(&desc->lock); - if ( !test_bit(d->pirq_to_evtchn[pirq], &s->evtchn_mask[0]) && - test_and_clear_bit(pirq, &d->pirq_mask) ) + if ( !test_bit(d->pirq_to_evtchn[pirq], s->evtchn_mask) && + test_and_clear_bit(pirq, d->pirq_mask) ) { ASSERT(action->ack_type != ACKTYPE_NONE); if ( --action->in_flight == 0 ) @@ -322,7 +322,7 @@ int pirq_guest_unmask(struct domain *d) } } - if ( __test_and_clear_bit(cpu, &cpu_eoi_map) ) + if ( cpu_test_and_clear(cpu, cpu_eoi_map) ) { __set_eoi_ready(desc); spin_unlock(&desc->lock); @@ -493,13 +493,13 @@ int pirq_guest_unbind(struct domain *d, switch ( action->ack_type ) { case ACKTYPE_UNMASK: - if ( test_and_clear_bit(irq, &d->pirq_mask) && + if ( test_and_clear_bit(irq, d->pirq_mask) && (--action->in_flight == 0) ) desc->handler->end(vector); break; case ACKTYPE_EOI: /* NB. If #guests == 0 then we clear the eoi_map later on. */ - if ( test_and_clear_bit(irq, &d->pirq_mask) && + if ( test_and_clear_bit(irq, d->pirq_mask) && (--action->in_flight == 0) && (action->nr_guests != 0) ) { @@ -511,7 +511,7 @@ int pirq_guest_unbind(struct domain *d, break; } - BUG_ON(test_bit(irq, &d->pirq_mask)); + BUG_ON(test_bit(irq, d->pirq_mask)); if ( action->nr_guests != 0 ) goto out; @@ -587,16 +587,16 @@ static void dump_irqs(unsigned char key) printk("%u(%c%c%c%c)", d->domain_id, (test_bit(d->pirq_to_evtchn[irq], - &d->shared_info->evtchn_pending[0]) ? + d->shared_info->evtchn_pending) ? 'P' : '-'), (test_bit(d->pirq_to_evtchn[irq]/BITS_PER_LONG, &d->shared_info->vcpu_info[0]. evtchn_pending_sel) ? 'S' : '-'), (test_bit(d->pirq_to_evtchn[irq], - &d->shared_info->evtchn_mask[0]) ? + d->shared_info->evtchn_mask) ? 'M' : '-'), - (test_bit(irq, &d->pirq_mask) ? + (test_bit(irq, d->pirq_mask) ? 'M' : '-')); if ( i != action->nr_guests ) printk(","); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/oprofile/nmi_int.c --- a/xen/arch/x86/oprofile/nmi_int.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/oprofile/nmi_int.c Tue Apr 25 23:35:55 2006 -0600 @@ -15,8 +15,8 @@ #include <xen/types.h> #include <xen/errno.h> #include <xen/init.h> +#include <xen/nmi.h> #include <public/xen.h> -#include <asm/nmi.h> #include <asm/msr.h> #include <asm/apic.h> #include <asm/regs.h> diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/oprofile/xenoprof.c --- a/xen/arch/x86/oprofile/xenoprof.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/oprofile/xenoprof.c Tue Apr 25 23:35:55 2006 -0600 @@ -4,6 +4,7 @@ * (email: xenoprof@xxxxxxxxxxxxx) */ +#include <xen/guest_access.h> #include <xen/sched.h> #include <public/xenoprof.h> @@ -12,7 +13,7 @@ /* Limit amount of pages used for shared buffer (per domain) */ #define MAX_OPROF_SHARED_PAGES 32 -int active_domains[MAX_OPROF_DOMAINS]; +domid_t active_domains[MAX_OPROF_DOMAINS]; int active_ready[MAX_OPROF_DOMAINS]; unsigned int adomains; unsigned int activated; @@ -84,7 +85,8 @@ static void xenoprof_reset_buf(struct do int active_index(struct domain *d) { - int i, id = d->domain_id; + int i; + domid_t id = d->domain_id; for ( i = 0; i < adomains; i++ ) if ( active_domains[i] == id ) @@ -137,13 +139,11 @@ int reset_active(struct domain *d) return 0; } -int set_active_domains(int num) -{ - int primary; +int reset_active_list(void) +{ int i; struct domain *d; - /* Reset any existing active domains from previous runs. */ for ( i = 0; i < adomains; i++ ) { if ( active_ready[i] ) @@ -157,24 +157,20 @@ int set_active_domains(int num) } } - adomains = num; - - /* Add primary profiler to list of active domains if not there yet */ - primary = active_index(primary_profiler); - if ( primary == -1 ) - { - /* Return if there is no space left on list. */ - if ( num >= MAX_OPROF_DOMAINS ) - return -E2BIG; - active_domains[num] = primary_profiler->domain_id; - num++; - } - - adomains = num; + adomains = 0; activated = 0; - for ( i = 0; i < adomains; i++ ) - active_ready[i] = 0; + return 0; +} + +int add_active_list (domid_t domid) +{ + if ( adomains >= MAX_OPROF_DOMAINS ) + return -E2BIG; + + active_domains[adomains] = domid; + active_ready[adomains] = 0; + adomains++; return 0; } @@ -353,26 +349,31 @@ void free_xenoprof_pages(struct domain * d->xenoprof = NULL; } -int xenoprof_init(int max_samples, xenoprof_init_result_t *init_result) -{ - xenoprof_init_result_t result; +int xenoprof_op_init(GUEST_HANDLE(void) arg) +{ + struct xenoprof_init xenoprof_init; int is_primary, num_events; struct domain *d = current->domain; int ret; - ret = nmi_init(&num_events, &is_primary, result.cpu_type); + if ( copy_from_guest(&xenoprof_init, arg, 1) ) + return -EFAULT; + + ret = nmi_init(&num_events, + &is_primary, + xenoprof_init.cpu_type); + if ( ret < 0 ) + goto err; + if ( is_primary ) primary_profiler = current->domain; - - if ( ret < 0 ) - goto err; /* * We allocate xenoprof struct and buffers only at first time xenoprof_init * is called. Memory is then kept until domain is destroyed. */ if ( (d->xenoprof == NULL) && - ((ret = alloc_xenoprof_struct(d, max_samples)) < 0) ) + ((ret = alloc_xenoprof_struct(d, xenoprof_init.max_samples)) < 0) ) goto err; xenoprof_reset_buf(d); @@ -381,13 +382,13 @@ int xenoprof_init(int max_samples, xenop d->xenoprof->domain_ready = 0; d->xenoprof->is_primary = is_primary; - result.is_primary = is_primary; - result.num_events = num_events; - result.nbuf = d->xenoprof->nbuf; - result.bufsize = d->xenoprof->bufsize; - result.buf_maddr = __pa(d->xenoprof->rawbuf); - - if ( copy_to_user((void *)init_result, (void *)&result, sizeof(result)) ) + xenoprof_init.is_primary = is_primary; + xenoprof_init.num_events = num_events; + xenoprof_init.nbuf = d->xenoprof->nbuf; + xenoprof_init.bufsize = d->xenoprof->bufsize; + xenoprof_init.buf_maddr = __pa(d->xenoprof->rawbuf); + + if ( copy_to_guest(arg, &xenoprof_init, 1) ) { ret = -EFAULT; goto err; @@ -409,7 +410,7 @@ int xenoprof_init(int max_samples, xenop || (op == XENOPROF_release_counters) \ || (op == XENOPROF_shutdown)) -int do_xenoprof_op(int op, unsigned long arg1, unsigned long arg2) +int do_xenoprof_op(int op, GUEST_HANDLE(void) arg) { int ret = 0; @@ -423,20 +424,24 @@ int do_xenoprof_op(int op, unsigned long switch ( op ) { case XENOPROF_init: - ret = xenoprof_init((int)arg1, (xenoprof_init_result_t *)arg2); - break; - + ret = xenoprof_op_init(arg); + break; + + case XENOPROF_reset_active_list: + { + ret = reset_active_list(); + break; + } case XENOPROF_set_active: + { + domid_t domid; if ( xenoprof_state != XENOPROF_IDLE ) return -EPERM; - if ( arg2 > MAX_OPROF_DOMAINS ) - return -E2BIG; - if ( copy_from_user((void *)&active_domains, - (void *)arg1, arg2*sizeof(int)) ) + if ( copy_from_guest(&domid, arg, 1) ) return -EFAULT; - ret = set_active_domains(arg2); - break; - + ret = add_active_list(domid); + break; + } case XENOPROF_reserve_counters: if ( xenoprof_state != XENOPROF_IDLE ) return -EPERM; @@ -445,15 +450,34 @@ int do_xenoprof_op(int op, unsigned long xenoprof_state = XENOPROF_COUNTERS_RESERVED; break; + case XENOPROF_counter: + { + struct xenoprof_counter counter; + if ( xenoprof_state != XENOPROF_COUNTERS_RESERVED ) + return -EPERM; + if ( adomains == 0 ) + return -EPERM; + + if ( copy_from_guest(&counter, arg, 1) ) + return -EFAULT; + + if ( counter.ind > OP_MAX_COUNTER ) + return -E2BIG; + + counter_config[counter.ind].count = (unsigned long) counter.count; + counter_config[counter.ind].enabled = (unsigned long) counter.enabled; + counter_config[counter.ind].event = (unsigned long) counter.event; + counter_config[counter.ind].kernel = (unsigned long) counter.kernel; + counter_config[counter.ind].user = (unsigned long) counter.user; + counter_config[counter.ind].unit_mask = (unsigned long) counter.unit_mask; + + ret = 0; + break; + } + case XENOPROF_setup_events: if ( xenoprof_state != XENOPROF_COUNTERS_RESERVED ) return -EPERM; - if ( adomains == 0 ) - set_active_domains(0); - - if ( copy_from_user((void *)&counter_config, (void *)arg1, - arg2 * sizeof(struct op_counter_config)) ) - return -EFAULT; ret = nmi_setup_events(); if ( !ret ) xenoprof_state = XENOPROF_READY; @@ -526,3 +550,13 @@ int do_xenoprof_op(int op, unsigned long return ret; } + +/* + * Local variables: + * mode: C + * c-set-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/setup.c --- a/xen/arch/x86/setup.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/setup.c Tue Apr 25 23:35:55 2006 -0600 @@ -14,6 +14,7 @@ #include <xen/domain_page.h> #include <xen/compile.h> #include <xen/gdbstub.h> +#include <xen/percpu.h> #include <public/version.h> #include <asm/bitops.h> #include <asm/smp.h> @@ -159,9 +160,41 @@ void discard_initial_images(void) init_domheap_pages(initial_images_start, initial_images_end); } +extern char __per_cpu_start[], __per_cpu_data_end[], __per_cpu_end[]; + +static void percpu_init_areas(void) +{ + unsigned int i, data_size = __per_cpu_data_end - __per_cpu_start; + + BUG_ON(data_size > PERCPU_SIZE); + + for ( i = 1; i < NR_CPUS; i++ ) + memcpy(__per_cpu_start + (i << PERCPU_SHIFT), + __per_cpu_start, + data_size); +} + +static void percpu_free_unused_areas(void) +{ + unsigned int i, first_unused; + + /* Find first unused CPU number. */ + for ( i = 0; i < NR_CPUS; i++ ) + if ( !cpu_online(i) ) + break; + first_unused = i; + + /* Check that there are no holes in cpu_online_map. */ + for ( ; i < NR_CPUS; i++ ) + BUG_ON(cpu_online(i)); + + init_xenheap_pages(__pa(__per_cpu_start) + (first_unused << PERCPU_SHIFT), + __pa(__per_cpu_end)); +} + void __init __start_xen(multiboot_info_t *mbi) { - char *cmdline; + char __cmdline[] = "", *cmdline = __cmdline; struct domain *idle_domain; unsigned long _initrd_start = 0, _initrd_len = 0; unsigned int initrdidx = 1; @@ -177,7 +210,8 @@ void __init __start_xen(multiboot_info_t /* Parse the command-line options. */ if ( (mbi->flags & MBI_CMDLINE) && (mbi->cmdline != 0) ) - cmdline_parse(__va(mbi->cmdline)); + cmdline = __va(mbi->cmdline); + cmdline_parse(cmdline); set_current((struct vcpu *)0xfffff000); /* debug sanity */ set_processor_id(0); /* needed early, for smp_processor_id() */ @@ -195,6 +229,8 @@ void __init __start_xen(multiboot_info_t init_console(); + printf("Command line: %s\n", cmdline); + /* Check that we have at least one Multiboot module. */ if ( !(mbi->flags & MBI_MODULES) || (mbi->mods_count == 0) ) { @@ -208,6 +244,8 @@ void __init __start_xen(multiboot_info_t printk("FATAL ERROR: Misaligned CPU0 stack.\n"); EARLY_FAIL(); } + + percpu_init_areas(); xenheap_phys_end = opt_xenheap_megabytes << 20; @@ -321,7 +359,7 @@ void __init __start_xen(multiboot_info_t #if defined (CONFIG_X86_64) /* * x86/64 maps all registered RAM. Points to note: - * 1. The initial pagetable already maps low 64MB, so skip that. + * 1. The initial pagetable already maps low 1GB, so skip that. * 2. We must map *only* RAM areas, taking care to avoid I/O holes. * Failure to do this can cause coherency problems and deadlocks * due to cache-attribute mismatches (e.g., AMD/AGP Linux bug). @@ -329,13 +367,14 @@ void __init __start_xen(multiboot_info_t { /* Calculate page-frame range, discarding partial frames. */ unsigned long start, end; + unsigned long init_mapped = 1UL << (30 - PAGE_SHIFT); /* 1GB */ start = PFN_UP(e820.map[i].addr); end = PFN_DOWN(e820.map[i].addr + e820.map[i].size); - /* Clip the range to above 64MB. */ - if ( end < (64UL << (20-PAGE_SHIFT)) ) + /* Clip the range to exclude what the bootstrapper initialised. */ + if ( end < init_mapped ) continue; - if ( start < (64UL << (20-PAGE_SHIFT)) ) - start = 64UL << (20-PAGE_SHIFT); + if ( start < init_mapped ) + start = init_mapped; /* Request the mapping. */ map_pages_to_xen( PAGE_OFFSET + (start << PAGE_SHIFT), @@ -404,7 +443,7 @@ void __init __start_xen(multiboot_info_t BUG_ON(idle_domain == NULL); set_current(idle_domain->vcpu[0]); - set_current_execstate(idle_domain->vcpu[0]); + this_cpu(curr_vcpu) = idle_domain->vcpu[0]; idle_vcpu[0] = current; paging_init(); @@ -480,6 +519,8 @@ void __init __start_xen(multiboot_info_t printk("Brought up %ld CPUs\n", (long)num_online_cpus()); smp_cpus_done(max_cpus); + + percpu_free_unused_areas(); initialise_gdb(); /* could be moved earlier */ @@ -593,7 +634,7 @@ void arch_get_xen_caps(xen_capabilities_ if ( hvm_enabled ) { p += sprintf(p, "hvm-%d.%d-x86_32 ", XEN_VERSION, XEN_SUBVERSION); - //p += sprintf(p, "hvm-%d.%d-x86_32p ", XEN_VERSION, XEN_SUBVERSION); + p += sprintf(p, "hvm-%d.%d-x86_32p ", XEN_VERSION, XEN_SUBVERSION); p += sprintf(p, "hvm-%d.%d-x86_64 ", XEN_VERSION, XEN_SUBVERSION); } diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/shadow_public.c --- a/xen/arch/x86/shadow_public.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/shadow_public.c Tue Apr 25 23:35:55 2006 -0600 @@ -108,7 +108,7 @@ int shadow_set_guest_paging_levels(struc * Need to wait for VCPU0 to complete the on-going shadow ops. */ - if ( v->vcpu_id ) + if ( v->domain == d && v->vcpu_id ) return 1; shadow_lock(d); @@ -327,7 +327,7 @@ static void alloc_monitor_pagetable(stru mmfn = page_to_mfn(mmfn_info); mpl4e = (l4_pgentry_t *) map_domain_page_global(mmfn); - memcpy(mpl4e, &idle_pg_table[0], PAGE_SIZE); + memcpy(mpl4e, idle_pg_table, PAGE_SIZE); mpl4e[l4_table_offset(PERDOMAIN_VIRT_START)] = l4e_from_paddr(__pa(d->arch.mm_perdomain_l3), __PAGE_HYPERVISOR); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/smpboot.c --- a/xen/arch/x86/smpboot.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/smpboot.c Tue Apr 25 23:35:55 2006 -0600 @@ -531,7 +531,7 @@ void __devinit start_secondary(void *unu set_processor_id(cpu); set_current(idle_vcpu[cpu]); - set_current_execstate(idle_vcpu[cpu]); + this_cpu(curr_vcpu) = idle_vcpu[cpu]; percpu_traps_init(); diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/traps.c --- a/xen/arch/x86/traps.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/traps.c Tue Apr 25 23:35:55 2006 -0600 @@ -43,6 +43,7 @@ #include <xen/domain_page.h> #include <xen/symbols.h> #include <xen/iocap.h> +#include <xen/nmi.h> #include <asm/shadow.h> #include <asm/system.h> #include <asm/io.h> @@ -56,7 +57,6 @@ #include <asm/debugger.h> #include <asm/msr.h> #include <asm/x86_emulate.h> -#include <asm/nmi.h> /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -425,7 +425,8 @@ static int emulate_forced_invalid_op(str clear_bit(X86_FEATURE_DE, &d); clear_bit(X86_FEATURE_PSE, &d); clear_bit(X86_FEATURE_PGE, &d); - clear_bit(X86_FEATURE_SEP, &d); + if ( !supervisor_mode_kernel ) + clear_bit(X86_FEATURE_SEP, &d); if ( !IS_PRIV(current->domain) ) clear_bit(X86_FEATURE_MTRR, &d); } diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/x86_32/entry.S --- a/xen/arch/x86/x86_32/entry.S Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/x86_32/entry.S Tue Apr 25 23:35:55 2006 -0600 @@ -682,7 +682,7 @@ ENTRY(hypercall_args_table) .byte 2 /* do_nmi_op */ .byte 2 /* do_arch_sched_op */ .byte 2 /* do_callback_op */ /* 30 */ - .byte 3 /* do_xenoprof_op */ + .byte 2 /* do_xenoprof_op */ .rept NR_hypercalls-(.-hypercall_args_table) .byte 0 /* do_ni_hypercall */ .endr diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/x86_32/traps.c --- a/xen/arch/x86/x86_32/traps.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/x86_32/traps.c Tue Apr 25 23:35:55 2006 -0600 @@ -10,6 +10,7 @@ #include <xen/irq.h> #include <xen/symbols.h> #include <xen/reboot.h> +#include <xen/nmi.h> #include <asm/current.h> #include <asm/flushtlb.h> #include <asm/hvm/hvm.h> @@ -317,6 +318,16 @@ void init_int80_direct_trap(struct vcpu set_int80_direct_trap(v); } +#ifdef CONFIG_X86_SUPERVISOR_MODE_KERNEL +static void do_update_sysenter(void *info) +{ + xen_callback_t *address = info; + + wrmsr(MSR_IA32_SYSENTER_CS, address->cs, 0); + wrmsr(MSR_IA32_SYSENTER_EIP, address->eip, 0); +} +#endif + static long register_guest_callback(struct callback_register *reg) { long ret = 0; @@ -336,6 +347,19 @@ static long register_guest_callback(stru v->arch.guest_context.failsafe_callback_eip = reg->address.eip; break; +#ifdef CONFIG_X86_SUPERVISOR_MODE_KERNEL + case CALLBACKTYPE_sysenter: + if ( ! cpu_has_sep ) + ret = -EINVAL; + else if ( on_each_cpu(do_update_sysenter, ®->address, 1, 1) != 0 ) + ret = -EIO; + break; +#endif + + case CALLBACKTYPE_nmi: + ret = register_guest_nmi_callback(reg->address.eip); + break; + default: ret = -EINVAL; break; @@ -350,6 +374,10 @@ static long unregister_guest_callback(st switch ( unreg->type ) { + case CALLBACKTYPE_nmi: + ret = unregister_guest_nmi_callback(); + break; + default: ret = -EINVAL; break; diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/x86_32/xen.lds.S --- a/xen/arch/x86/x86_32/xen.lds.S Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/x86_32/xen.lds.S Tue Apr 25 23:35:55 2006 -0600 @@ -5,6 +5,7 @@ #include <xen/config.h> #include <asm/page.h> +#include <asm/percpu.h> #undef ENTRY #undef ALIGN @@ -56,8 +57,15 @@ SECTIONS __initcall_start = .; .initcall.init : { *(.initcall.init) } :text __initcall_end = .; + . = ALIGN(PAGE_SIZE); + __init_end = .; + + __per_cpu_start = .; + .data.percpu : { *(.data.percpu) } :text + __per_cpu_data_end = .; + . = __per_cpu_start + (NR_CPUS << PERCPU_SHIFT); . = ALIGN(STACK_SIZE); - __init_end = .; + __per_cpu_end = .; __bss_start = .; /* BSS */ .bss : { diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/x86_64/entry.S --- a/xen/arch/x86/x86_64/entry.S Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/x86_64/entry.S Tue Apr 25 23:35:55 2006 -0600 @@ -590,7 +590,7 @@ ENTRY(hypercall_args_table) .byte 2 /* do_nmi_op */ .byte 2 /* do_arch_sched_op */ .byte 2 /* do_callback_op */ /* 30 */ - .byte 3 /* do_xenoprof_op */ + .byte 2 /* do_xenoprof_op */ .rept NR_hypercalls-(.-hypercall_args_table) .byte 0 /* do_ni_hypercall */ .endr diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/x86_64/traps.c --- a/xen/arch/x86/x86_64/traps.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/x86_64/traps.c Tue Apr 25 23:35:55 2006 -0600 @@ -11,6 +11,7 @@ #include <xen/console.h> #include <xen/sched.h> #include <xen/reboot.h> +#include <xen/nmi.h> #include <asm/current.h> #include <asm/flushtlb.h> #include <asm/msr.h> @@ -339,6 +340,10 @@ static long register_guest_callback(stru v->arch.guest_context.syscall_callback_eip = reg->address; break; + case CALLBACKTYPE_nmi: + ret = register_guest_nmi_callback(reg->address); + break; + default: ret = -EINVAL; break; @@ -353,6 +358,10 @@ static long unregister_guest_callback(st switch ( unreg->type ) { + case CALLBACKTYPE_nmi: + ret = unregister_guest_nmi_callback(); + break; + default: ret = -EINVAL; break; diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/x86_64/xen.lds.S --- a/xen/arch/x86/x86_64/xen.lds.S Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/arch/x86/x86_64/xen.lds.S Tue Apr 25 23:35:55 2006 -0600 @@ -3,6 +3,7 @@ #include <xen/config.h> #include <asm/page.h> +#include <asm/percpu.h> #undef ENTRY #undef ALIGN @@ -54,8 +55,15 @@ SECTIONS __initcall_start = .; .initcall.init : { *(.initcall.init) } :text __initcall_end = .; + . = ALIGN(PAGE_SIZE); + __init_end = .; + + __per_cpu_start = .; + .data.percpu : { *(.data.percpu) } :text + __per_cpu_data_end = .; + . = __per_cpu_start + (NR_CPUS << PERCPU_SHIFT); . = ALIGN(STACK_SIZE); - __init_end = .; + __per_cpu_end = .; __bss_start = .; /* BSS */ .bss : { diff -r 9a915e2828f3 -r ae709b250f43 xen/common/event_channel.c --- a/xen/common/event_channel.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/common/event_channel.c Tue Apr 25 23:35:55 2006 -0600 @@ -477,10 +477,10 @@ void evtchn_set_pending(struct vcpu *v, * others may require explicit memory barriers. */ - if ( test_and_set_bit(port, &s->evtchn_pending[0]) ) + if ( test_and_set_bit(port, s->evtchn_pending) ) return; - if ( !test_bit (port, &s->evtchn_mask[0]) && + if ( !test_bit (port, s->evtchn_mask) && !test_and_set_bit(port / BITS_PER_LONG, &v->vcpu_info->evtchn_pending_sel) && !test_and_set_bit(0, &v->vcpu_info->evtchn_upcall_pending) ) @@ -668,8 +668,8 @@ static long evtchn_unmask(evtchn_unmask_ * These operations must happen in strict order. Based on * include/xen/event.h:evtchn_set_pending(). */ - if ( test_and_clear_bit(port, &s->evtchn_mask[0]) && - test_bit (port, &s->evtchn_pending[0]) && + if ( test_and_clear_bit(port, s->evtchn_mask) && + test_bit (port, s->evtchn_pending) && !test_and_set_bit (port / BITS_PER_LONG, &v->vcpu_info->evtchn_pending_sel) && !test_and_set_bit (0, &v->vcpu_info->evtchn_upcall_pending) ) diff -r 9a915e2828f3 -r ae709b250f43 xen/common/kernel.c --- a/xen/common/kernel.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/common/kernel.c Tue Apr 25 23:35:55 2006 -0600 @@ -43,13 +43,19 @@ void cmdline_parse(char *cmdline) /* Grab the next whitespace-delimited option. */ q = opt; while ( (*p != ' ') && (*p != '\0') ) - *q++ = *p++; + { + if ( (q-opt) < (sizeof(opt)-1) ) /* avoid overflow */ + *q++ = *p; + p++; + } *q = '\0'; /* Search for value part of a key=value option. */ optval = strchr(opt, '='); if ( optval != NULL ) - *optval++ = '\0'; + *optval++ = '\0'; /* nul-terminate the option value */ + else + optval = q; /* default option value is empty string */ for ( param = &__setup_start; param <= &__setup_end; param++ ) { @@ -59,23 +65,18 @@ void cmdline_parse(char *cmdline) switch ( param->type ) { case OPT_STR: - if ( optval != NULL ) - { - strncpy(param->var, optval, param->len); - ((char *)param->var)[param->len-1] = '\0'; - } + strncpy(param->var, optval, param->len); + ((char *)param->var)[param->len-1] = '\0'; break; case OPT_UINT: - if ( optval != NULL ) - *(unsigned int *)param->var = - simple_strtol(optval, (char **)&optval, 0); + *(unsigned int *)param->var = + simple_strtol(optval, (char **)&optval, 0); break; case OPT_BOOL: *(int *)param->var = 1; break; case OPT_CUSTOM: - if ( optval != NULL ) - ((void (*)(char *))param->var)(optval); + ((void (*)(char *))param->var)(optval); break; } } @@ -213,37 +214,51 @@ long do_xen_version(int cmd, GUEST_HANDL return -ENOSYS; } -long do_nmi_op(unsigned int cmd, GUEST_HANDLE(void) arg) +long register_guest_nmi_callback(unsigned long address) { struct vcpu *v = current; struct domain *d = current->domain; + + if ( (d->domain_id != 0) || (v->vcpu_id != 0) ) + return -EINVAL; + + v->nmi_addr = address; +#ifdef CONFIG_X86 + /* + * If no handler was registered we can 'lose the NMI edge'. Re-assert it + * now. + */ + if ( d->shared_info->arch.nmi_reason != 0 ) + set_bit(_VCPUF_nmi_pending, &v->vcpu_flags); +#endif + + return 0; +} + +long unregister_guest_nmi_callback(void) +{ + struct vcpu *v = current; + + v->nmi_addr = 0; + + return 0; +} + +long do_nmi_op(unsigned int cmd, GUEST_HANDLE(void) arg) +{ struct xennmi_callback cb; long rc = 0; switch ( cmd ) { case XENNMI_register_callback: - rc = -EINVAL; - if ( (d->domain_id != 0) || (v->vcpu_id != 0) ) - break; - rc = -EFAULT; if ( copy_from_guest(&cb, arg, 1) ) break; - - v->nmi_addr = cb.handler_address; -#ifdef CONFIG_X86 - /* - * If no handler was registered we can 'lose the NMI edge'. Re-assert - * it now. - */ - if ( d->shared_info->arch.nmi_reason != 0 ) - set_bit(_VCPUF_nmi_pending, &v->vcpu_flags); -#endif - rc = 0; + rc = register_guest_nmi_callback(cb.handler_address); break; case XENNMI_unregister_callback: - v->nmi_addr = 0; + rc = unregister_guest_nmi_callback(); break; default: rc = -ENOSYS; diff -r 9a915e2828f3 -r ae709b250f43 xen/common/keyhandler.c --- a/xen/common/keyhandler.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/common/keyhandler.c Tue Apr 25 23:35:55 2006 -0600 @@ -157,9 +157,9 @@ static void dump_domains(unsigned char k printk(" Notifying guest (virq %d, port %d, stat %d/%d/%d)\n", VIRQ_DEBUG, v->virq_to_evtchn[VIRQ_DEBUG], test_bit(v->virq_to_evtchn[VIRQ_DEBUG], - &d->shared_info->evtchn_pending[0]), + d->shared_info->evtchn_pending), test_bit(v->virq_to_evtchn[VIRQ_DEBUG], - &d->shared_info->evtchn_mask[0]), + d->shared_info->evtchn_mask), test_bit(v->virq_to_evtchn[VIRQ_DEBUG]/BITS_PER_LONG, &v->vcpu_info->evtchn_pending_sel)); send_guest_vcpu_virq(v, VIRQ_DEBUG); diff -r 9a915e2828f3 -r ae709b250f43 xen/common/schedule.c --- a/xen/common/schedule.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/common/schedule.c Tue Apr 25 23:35:55 2006 -0600 @@ -42,7 +42,7 @@ string_param("sched", opt_sched); /* Various timer handlers. */ static void s_timer_fn(void *unused); static void t_timer_fn(void *unused); -static void dom_timer_fn(void *data); +static void vcpu_timer_fn(void *data); static void poll_timer_fn(void *data); /* This is global for now so that private implementations can reach it */ @@ -167,7 +167,7 @@ void sched_add_domain(struct vcpu *v) void sched_add_domain(struct vcpu *v) { /* Initialise the per-domain timers. */ - init_timer(&v->timer, dom_timer_fn, v, v->processor); + init_timer(&v->timer, vcpu_timer_fn, v, v->processor); init_timer(&v->poll_timer, poll_timer_fn, v, v->processor); if ( is_idle_vcpu(v) ) @@ -642,12 +642,10 @@ static void t_timer_fn(void *unused) set_timer(&t_timer[cpu], NOW() + MILLISECS(10)); } -/* Domain timer function, sends a virtual timer interrupt to domain */ -static void dom_timer_fn(void *data) +/* Per-VCPU timer function: sends a virtual timer interrupt. */ +static void vcpu_timer_fn(void *data) { struct vcpu *v = data; - - update_vcpu_system_time(v); send_timer_event(v); } diff -r 9a915e2828f3 -r ae709b250f43 xen/common/timer.c --- a/xen/common/timer.c Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/common/timer.c Tue Apr 25 23:35:55 2006 -0600 @@ -251,12 +251,15 @@ void migrate_timer(struct timer *timer, } if ( active_timer(timer) ) - __stop_timer(timer); - - timer->cpu = new_cpu; - - if ( likely(!timer->killed) ) + { + __stop_timer(timer); + timer->cpu = new_cpu; __add_timer(timer); + } + else + { + timer->cpu = new_cpu; + } spin_unlock(&timers[old_cpu].lock); spin_unlock_irqrestore(&timers[new_cpu].lock, flags); diff -r 9a915e2828f3 -r ae709b250f43 xen/include/acm/acm_core.h --- a/xen/include/acm/acm_core.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/acm/acm_core.h Tue Apr 25 23:35:55 2006 -0600 @@ -26,6 +26,7 @@ /* Xen-internal representation of the binary policy */ struct acm_binary_policy { + char *policy_reference_name; u16 primary_policy_code; u16 secondary_policy_code; }; @@ -124,7 +125,8 @@ int acm_dump_statistics(void *buf, u16 b int acm_dump_statistics(void *buf, u16 buf_size); int acm_get_ssid(ssidref_t ssidref, u8 *buf, u16 buf_size); int acm_get_decision(ssidref_t ssidref1, ssidref_t ssidref2, enum acm_hook_type hook); - +int acm_set_policy_reference(u8 * buf, u32 buf_size); +int acm_dump_policy_reference(u8 *buf, u32 buf_size); #endif /* diff -r 9a915e2828f3 -r ae709b250f43 xen/include/asm-x86/cpufeature.h --- a/xen/include/asm-x86/cpufeature.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/asm-x86/cpufeature.h Tue Apr 25 23:35:55 2006 -0600 @@ -104,6 +104,7 @@ #define cpu_has_pae boot_cpu_has(X86_FEATURE_PAE) #define cpu_has_pge boot_cpu_has(X86_FEATURE_PGE) #define cpu_has_apic boot_cpu_has(X86_FEATURE_APIC) +#define cpu_has_sep boot_cpu_has(X86_FEATURE_SEP) #define cpu_has_mtrr boot_cpu_has(X86_FEATURE_MTRR) #define cpu_has_mmx boot_cpu_has(X86_FEATURE_MMX) #define cpu_has_fxsr boot_cpu_has(X86_FEATURE_FXSR) @@ -125,6 +126,7 @@ #define cpu_has_pae 1 #define cpu_has_pge 1 #define cpu_has_apic boot_cpu_has(X86_FEATURE_APIC) +#define cpu_has_sep 0 #define cpu_has_mtrr 1 #define cpu_has_mmx 1 #define cpu_has_fxsr 1 diff -r 9a915e2828f3 -r ae709b250f43 xen/include/asm-x86/current.h --- a/xen/include/asm-x86/current.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/asm-x86/current.h Tue Apr 25 23:35:55 2006 -0600 @@ -16,7 +16,7 @@ struct cpu_info { struct cpu_info { struct cpu_user_regs guest_cpu_user_regs; unsigned int processor_id; - struct vcpu *current_ed; + struct vcpu *current_vcpu; }; static inline struct cpu_info *get_cpu_info(void) @@ -29,12 +29,12 @@ static inline struct cpu_info *get_cpu_i return cpu_info; } -#define get_current() (get_cpu_info()->current_ed) -#define set_current(_ed) (get_cpu_info()->current_ed = (_ed)) +#define get_current() (get_cpu_info()->current_vcpu) +#define set_current(vcpu) (get_cpu_info()->current_vcpu = (vcpu)) #define current (get_current()) #define get_processor_id() (get_cpu_info()->processor_id) -#define set_processor_id(_id) (get_cpu_info()->processor_id = (_id)) +#define set_processor_id(id) (get_cpu_info()->processor_id = (id)) #define guest_cpu_user_regs() (&get_cpu_info()->guest_cpu_user_regs) @@ -51,8 +51,14 @@ static inline struct cpu_info *get_cpu_i "mov %0,%%"__OP"sp; jmp "STR(__fn) \ : : "r" (guest_cpu_user_regs()) : "memory" ) -#define schedule_tail(_ed) (((_ed)->arch.schedule_tail)(_ed)) +#define schedule_tail(vcpu) (((vcpu)->arch.schedule_tail)(vcpu)) -extern void set_current_execstate(struct vcpu *v); +#include <xen/percpu.h> +/* + * Which VCPU's state is currently running on each CPU? + * This is not necesasrily the same as 'current' as a CPU may be + * executing a lazy state switch. + */ +DECLARE_PER_CPU(struct vcpu *, curr_vcpu); #endif /* __X86_CURRENT_H__ */ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/asm-x86/hvm/svm/vmcb.h --- a/xen/include/asm-x86/hvm/svm/vmcb.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/asm-x86/hvm/svm/vmcb.h Tue Apr 25 23:35:55 2006 -0600 @@ -473,10 +473,10 @@ enum { #define VMCB_EFLAGS_RESERVED_1 0x00000002 /* bitmap for 1 */ /* These bits in the CR4 are owned by the host */ -#ifdef __i386__ -#define SVM_CR4_HOST_MASK (0) +#if CONFIG_PAGING_LEVELS >= 3 +#define SVM_CR4_HOST_MASK (X86_CR4_PAE) #else -#define SVM_CR4_HOST_MASK (X86_CR4_PAE) +#define SVM_CR4_HOST_MASK 0 #endif diff -r 9a915e2828f3 -r ae709b250f43 xen/include/asm-x86/hvm/vpit.h --- a/xen/include/asm-x86/hvm/vpit.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/asm-x86/hvm/vpit.h Tue Apr 25 23:35:55 2006 -0600 @@ -30,47 +30,65 @@ #define PIT_FREQ 1193181 -#define LSByte 0 -#define MSByte 1 -#define LSByte_multiple 2 -#define MSByte_multiple 3 +#define PIT_BASE 0x40 +#define HVM_PIT_ACCEL_MODE 2 -struct hvm_virpit { - /* for simulation of counter 0 in mode 2 */ +typedef struct PITChannelState { + int count; /* can be 65536 */ + u16 latched_count; + u8 count_latched; + u8 status_latched; + u8 status; + u8 read_state; + u8 write_state; + u8 write_latch; + u8 rw_mode; + u8 mode; + u8 bcd; /* not supported */ + u8 gate; /* timer start */ + s64 count_load_time; + /* irq handling */ + s64 next_transition_time; + int irq; + struct hvm_time_info *hvm_time; + u32 period; /* period(ns) based on count */ +} PITChannelState; + +struct hvm_time_info { + /* extra info for the mode 2 channel */ + struct timer pit_timer; + struct vcpu *vcpu; /* which vcpu the ac_timer bound to */ u64 period_cycles; /* pit frequency in cpu cycles */ s_time_t count_advance; /* accumulated count advance since last fire */ s_time_t count_point; /* last point accumulating count advance */ - s_time_t scheduled; /* scheduled timer interrupt */ - struct timer pit_timer; /* periodic timer for mode 2*/ - unsigned int channel; /* the pit channel, counter 0~2 */ unsigned int pending_intr_nr; /* the couner for pending timer interrupts */ - u32 period; /* pit frequency in ns */ int first_injected; /* flag to prevent shadow window */ s64 cache_tsc_offset; /* cache of VMCS TSC_OFFSET offset */ u64 last_pit_gtime; /* guest time when last pit is injected */ +}; - /* virtual PIT state for handle related I/O */ - int read_state; - int count_LSB_latched; - int count_MSB_latched; +typedef struct hvm_virpit { + PITChannelState channels[3]; + struct hvm_time_info time_info; + int speaker_data_on; + int dummy_refresh_clock; +}hvm_virpit; - unsigned int count; /* the 16 bit channel count */ - unsigned int init_val; /* the init value for the counter */ -}; static __inline__ s_time_t get_pit_scheduled( struct vcpu *v, struct hvm_virpit *vpit) { + struct PITChannelState *s = &(vpit->channels[0]); if ( is_irq_enabled(v, 0) ) { - return vpit->scheduled; + return s->next_transition_time; } else return -1; } /* to hook the ioreq packet to get the PIT initialization info */ -extern void hvm_hooks_assist(struct vcpu *v); -void pickup_deactive_ticks(struct hvm_virpit *vpit); +extern void pit_init(struct hvm_virpit *pit, struct vcpu *v); +extern void pickup_deactive_ticks(struct hvm_virpit *vpit); #endif /* __ASM_X86_HVM_VPIT_H__ */ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/asm-x86/io_apic.h --- a/xen/include/asm-x86/io_apic.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/asm-x86/io_apic.h Tue Apr 25 23:35:55 2006 -0600 @@ -139,7 +139,11 @@ static inline void io_apic_write(unsigne * * Older SiS APIC requires we rewrite the index regiser */ -#define sis_apic_bug 0 /* This may need propagating from domain0. */ +#ifdef __i386__ +extern int sis_apic_bug; +#else +#define sis_apic_bug 0 +#endif static inline void io_apic_modify(unsigned int apic, unsigned int reg, unsigned int value) { if (sis_apic_bug) diff -r 9a915e2828f3 -r ae709b250f43 xen/include/public/acm.h --- a/xen/include/public/acm.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/public/acm.h Tue Apr 25 23:35:55 2006 -0600 @@ -51,17 +51,17 @@ /* policy: */ #define ACM_POLICY_NAME(X) \ - ((X) == (ACM_NULL_POLICY)) ? "NULL policy" : \ - ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" : \ - ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \ - ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ - "UNDEFINED policy" + ((X) == (ACM_NULL_POLICY)) ? "NULL" : \ + ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL" : \ + ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT" : \ + ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT" : \ + "UNDEFINED" /* the following policy versions must be increased * whenever the interpretation of the related * policy's data structure changes */ -#define ACM_POLICY_VERSION 1 +#define ACM_POLICY_VERSION 2 #define ACM_CHWALL_VERSION 1 #define ACM_STE_VERSION 1 @@ -113,10 +113,15 @@ struct acm_policy_buffer { uint32_t policy_version; /* ACM_POLICY_VERSION */ uint32_t magic; uint32_t len; + uint32_t policy_reference_offset; uint32_t primary_policy_code; uint32_t primary_buffer_offset; uint32_t secondary_policy_code; uint32_t secondary_buffer_offset; +}; + +struct acm_policy_reference_buffer { + uint32_t len; }; struct acm_chwall_policy_buffer { @@ -160,6 +165,7 @@ struct acm_ssid_buffer { struct acm_ssid_buffer { uint32_t len; ssidref_t ssidref; + uint32_t policy_reference_offset; uint32_t primary_policy_code; uint32_t primary_max_types; uint32_t primary_types_offset; diff -r 9a915e2828f3 -r ae709b250f43 xen/include/public/acm_ops.h --- a/xen/include/public/acm_ops.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/public/acm_ops.h Tue Apr 25 23:35:55 2006 -0600 @@ -17,7 +17,7 @@ * This makes sure that old versions of acm tools will stop working in a * well-defined way (rather than crashing the machine, for instance). */ -#define ACM_INTERFACE_VERSION 0xAAAA0005 +#define ACM_INTERFACE_VERSION 0xAAAA0006 /************************************************************************/ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/public/callback.h --- a/xen/include/public/callback.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/public/callback.h Tue Apr 25 23:35:55 2006 -0600 @@ -21,6 +21,12 @@ #define CALLBACKTYPE_event 0 #define CALLBACKTYPE_failsafe 1 #define CALLBACKTYPE_syscall 2 /* x86_64 only */ +/* + * sysenter is only available on x86_32 with the + * supervisor_mode_kernel option enabled. + */ +#define CALLBACKTYPE_sysenter 3 +#define CALLBACKTYPE_nmi 4 /* * Register a callback. diff -r 9a915e2828f3 -r ae709b250f43 xen/include/public/dom0_ops.h --- a/xen/include/public/dom0_ops.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/public/dom0_ops.h Tue Apr 25 23:35:55 2006 -0600 @@ -404,7 +404,9 @@ DEFINE_GUEST_HANDLE(dom0_getdomaininfoli DEFINE_GUEST_HANDLE(dom0_getdomaininfolist_t); #define DOM0_PLATFORM_QUIRK 39 -#define QUIRK_NOIRQBALANCING 1 +#define QUIRK_NOIRQBALANCING 1 /* Do not restrict IO-APIC RTE targets */ +#define QUIRK_IOAPIC_BAD_REGSEL 2 /* IO-APIC REGSEL forgets its value */ +#define QUIRK_IOAPIC_GOOD_REGSEL 3 /* IO-APIC REGSEL behaves properly */ typedef struct dom0_platform_quirk { /* IN variables. */ uint32_t quirk_id; diff -r 9a915e2828f3 -r ae709b250f43 xen/include/public/xenoprof.h --- a/xen/include/public/xenoprof.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/public/xenoprof.h Tue Apr 25 23:35:55 2006 -0600 @@ -12,18 +12,22 @@ #define __XEN_PUBLIC_XENOPROF_H__ /* - * Commands to HYPERVISOR_pmc_op(). + * Commands to HYPERVISOR_xenoprof_op(). */ -#define XENOPROF_init 0 -#define XENOPROF_set_active 1 -#define XENOPROF_reserve_counters 3 -#define XENOPROF_setup_events 4 -#define XENOPROF_enable_virq 5 -#define XENOPROF_start 6 -#define XENOPROF_stop 7 -#define XENOPROF_disable_virq 8 -#define XENOPROF_release_counters 9 -#define XENOPROF_shutdown 10 +#define XENOPROF_init 0 +#define XENOPROF_reset_active_list 1 +#define XENOPROF_reset_passive_list 2 +#define XENOPROF_set_active 3 +#define XENOPROF_set_passive 4 +#define XENOPROF_reserve_counters 5 +#define XENOPROF_counter 6 +#define XENOPROF_setup_events 7 +#define XENOPROF_enable_virq 8 +#define XENOPROF_start 9 +#define XENOPROF_stop 10 +#define XENOPROF_disable_virq 11 +#define XENOPROF_release_counters 12 +#define XENOPROF_shutdown 13 #define MAX_OPROF_EVENTS 32 #define MAX_OPROF_DOMAINS 25 @@ -50,25 +54,29 @@ typedef struct xenoprof_buf { } xenoprof_buf_t; DEFINE_GUEST_HANDLE(xenoprof_buf_t); -typedef struct xenoprof_init_result { +typedef struct xenoprof_init { + int32_t max_samples; int32_t num_events; int32_t is_primary; int32_t nbuf; int32_t bufsize; uint64_t buf_maddr; char cpu_type[XENOPROF_CPU_TYPE_SIZE]; -} xenoprof_init_result_t; -DEFINE_GUEST_HANDLE(xenoprof_init_result_t); +} xenoprof_init_t; +DEFINE_GUEST_HANDLE(xenoprof_init_t); -typedef struct xenoprof_counter_config { - unsigned long count; - unsigned long enabled; - unsigned long event; - unsigned long kernel; - unsigned long user; - unsigned long unit_mask; -} xenoprof_counter_config_t; -DEFINE_GUEST_HANDLE(xenoprof_counter_config_t); +typedef struct xenoprof_counter { + uint32_t ind; + uint64_t count; + uint32_t enabled; + uint32_t event; + uint32_t hypervisor; + uint32_t kernel; + uint32_t user; + uint64_t unit_mask; +} xenoprof_counter_t; +DEFINE_GUEST_HANDLE(xenoprof_counter_t); + #endif /* __XEN_PUBLIC_XENOPROF_H__ */ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/xen/compiler.h --- a/xen/include/xen/compiler.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/xen/compiler.h Tue Apr 25 23:35:55 2006 -0600 @@ -25,4 +25,17 @@ #define __must_check #endif +/* This macro obfuscates arithmetic on a variable address so that gcc + shouldn't recognize the original var, and make assumptions about it */ +/* + * Versions of the ppc64 compiler before 4.1 had a bug where use of + * RELOC_HIDE could trash r30. The bug can be worked around by changing + * the inline assembly constraint from =g to =r, in this particular + * case either is valid. + */ +#define RELOC_HIDE(ptr, off) \ + ({ unsigned long __ptr; \ + __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ + (typeof(ptr)) (__ptr + (off)); }) + #endif /* __LINUX_COMPILER_H */ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/xen/cpumask.h --- a/xen/include/xen/cpumask.h Tue Apr 25 22:55:22 2006 -0600 +++ b/xen/include/xen/cpumask.h Tue Apr 25 23:35:55 2006 -0600 @@ -111,6 +111,12 @@ static inline int __cpu_test_and_set(int static inline int __cpu_test_and_set(int cpu, cpumask_t *addr) { return test_and_set_bit(cpu, addr->bits); +} + +#define cpu_test_and_clear(cpu, cpumask) __cpu_test_and_clear((cpu), &(cpumask)) +static inline int __cpu_test_and_clear(int cpu, cpumask_t *addr) +{ + return test_and_clear_bit(cpu, addr->bits); } #define cpus_and(dst, src1, src2) __cpus_and(&(dst), &(src1), &(src2), NR_CPUS) diff -r 9a915e2828f3 -r ae709b250f43 patches/linux-2.6.16/rename-TSS_sysenter_esp0-SYSENTER_stack_esp0.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/linux-2.6.16/rename-TSS_sysenter_esp0-SYSENTER_stack_esp0.patch Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,31 @@ +Index: sysenter/linux-2.6-xen-sparse/arch/i386/kernel/entry.S +=================================================================== +--- linux-2.6.16.orig/arch/i386/kernel/entry.S 2006-04-05 11:12:51.000000000 +0100 ++++ linux-2.6.16/arch/i386/kernel/entry.S 2006-04-05 11:12:52.000000000 +0100 +@@ -177,7 +177,7 @@ + + # sysenter call handler stub + ENTRY(sysenter_entry) +- movl TSS_sysenter_esp0(%esp),%esp ++ movl SYSENTER_stack_esp0(%esp),%esp + sysenter_past_esp: + sti + pushl $(__USER_DS) +@@ -492,7 +492,7 @@ + * that sets up the real kernel stack. Check here, since we can't + * allow the wrong stack to be used. + * +- * "TSS_sysenter_esp0+12" is because the NMI/debug handler will have ++ * "SYSENTER_stack_esp0+12" is because the NMI/debug handler will have + * already pushed 3 words if it hits on the sysenter instruction: + * eflags, cs and eip. + * +@@ -504,7 +504,7 @@ + cmpw $__KERNEL_CS,4(%esp); \ + jne ok; \ + label: \ +- movl TSS_sysenter_esp0+offset(%esp),%esp; \ ++ movl SYSENTER_stack_esp0+offset(%esp),%esp; \ + pushfl; \ + pushl $__KERNEL_CS; \ + pushl $sysenter_past_esp diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/external-device-migrate --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/examples/external-device-migrate Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,85 @@ +#!/bin/sh + +# Copyright (c) 2005 IBM Corporation +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + + +# This script is called by XenD for migration of external devices +# It does not handle the migration of those devices itself, but +# passes the requests on to further applications +# It handles the low-level command line parsing and some of the +# synchronization + +dir=$(dirname "$0") +. "$dir/logging.sh" + + +function usage() { + echo " Pass the following command line paremeters to the script:" + echo "" + echo "-step <n> : n-th migration step" + echo "-host <host> : the destination host" + echo "-domname <domain name> : name of the domain that is migrating" + echo "-type <device type> : the type of device that is migrating" + echo "-recover : indicates recovery request; an error" + echo " occurred during migration" + echo "-help : display this help screen" +} + +while [ 1 ]; do + if [ "$1" == "-step" ]; then + shift + step=$1 + elif [ "$1" == "-host" ]; then + shift + host=$1 + elif [ "$1" == "-domname" ]; then + shift + domname=$1 + elif [ "$1" == "-type" ]; then + shift + typ=$1 + elif [ "$1" == "-recover" ]; then + recover=1 + elif [ "$1" == "-help" ]; then + usage + exit + else + break + fi + shift +done + +if [ "$step" == "" -o \ + "$host" == "" -o \ + "$typ" == "" -o \ + "$domname" == "" ]; then + echo "Error: Parameter(s) missing (-step/-host/-type/-domname)" +set + echo "" + echo "$0 --help for usage." + exit +fi + +. "$dir/$typ-migration.sh" + +if [ "$recover" == "1" ]; then + func="$typ"_recover + eval $func $host $domname $step +else + func="$typ"_migration_step + eval $func $host $domname $step +fi diff -r 9a915e2828f3 -r ae709b250f43 tools/examples/vtpm-migration.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/examples/vtpm-migration.sh Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,19 @@ +# +# Copyright (c) 2005 IBM Corporation +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +dir=$(dirname "$0") +. "$dir/vtpm-common.sh" diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/lowlevel/acm/acm.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/lowlevel/acm/acm.c Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,237 @@ +/**************************************************************** + * acm.c + * + * Copyright (C) 2006 IBM Corporation + * + * Authors: + * Reiner Sailer <sailer@xxxxxxxxxxxxxx> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * ACM low-level code that allows Python control code to leverage + * the ACM hypercall interface to retrieve real-time information + * from the Xen hypervisor security module. + * + * indent -i4 -kr -nut + */ +#include <Python.h> + +#include <stdio.h> +#include <fcntl.h> +#include <sys/mman.h> +#include <sys/types.h> +#include <stdlib.h> +#include <sys/ioctl.h> +#include <netinet/in.h> +#include <xen/acm.h> +#include <xen/acm_ops.h> +#include <xen/linux/privcmd.h> + +#define PERROR(_m, _a...) \ +fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ + errno, strerror(errno)) + + + +static inline int do_acm_op(int xc_handle, struct acm_op *op) +{ + int ret = -1; + privcmd_hypercall_t hypercall; + + op->interface_version = ACM_INTERFACE_VERSION; + + hypercall.op = __HYPERVISOR_acm_op; + hypercall.arg[0] = (unsigned long) op; + + if (mlock(op, sizeof(*op)) != 0) { + PERROR("Could not lock memory for Xen policy hypercall"); + goto out1; + } + ret = ioctl(xc_handle, IOCTL_PRIVCMD_HYPERCALL, &hypercall); + if (ret < 0) { + if (errno == EACCES) + PERROR("ACM operation failed."); + goto out2; + } + out2: + munlock(op, sizeof(*op)); + out1: + return ret; +} + + + +/* generic shared function */ +void * __getssid(int domid, uint32_t *buflen) +{ + struct acm_op op; + int acm_cmd_fd; + #define SSID_BUFFER_SIZE 4096 + void *buf = NULL; + + if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) < 0) { + goto out1; + } + if ((buf = malloc(SSID_BUFFER_SIZE)) == NULL) { + PERROR("acm.policytype: Could not allocate ssid buffer!\n"); + goto out2; + } + memset(buf, 0, SSID_BUFFER_SIZE); + op.cmd = ACM_GETSSID; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.getssid.ssidbuf = buf; + op.u.getssid.ssidbuf_size = SSID_BUFFER_SIZE; + op.u.getssid.get_ssid_by = DOMAINID; + op.u.getssid.id.domainid = domid; + + if (do_acm_op(acm_cmd_fd, &op) < 0) { + free(buf); + buf = NULL; + goto out2; + } else { + *buflen = SSID_BUFFER_SIZE; + goto out2; + } + out2: + close(acm_cmd_fd); + out1: + return buf; +} + + +/* retrieve the policytype indirectly by retrieving the + * ssidref for domain 0 (always exists) */ +static PyObject *policy(PyObject * self, PyObject * args) +{ + /* out */ + char *policyreference; + PyObject *ret = NULL; + void *ssid_buffer; + uint32_t buf_len; + + if (!PyArg_ParseTuple(args, "", NULL)) { + goto out1; + } + ssid_buffer = __getssid(0, &buf_len); + if (ssid_buffer == NULL) { + goto out1; + } else if (buf_len < sizeof(struct acm_ssid_buffer)) { + goto out2; + } else { + struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *)ssid_buffer; + policyreference = (char *)(ssid_buffer + ssid->policy_reference_offset + + sizeof (struct acm_policy_reference_buffer)); + } + ret = Py_BuildValue("s", policyreference); + out2: + free(ssid_buffer); + out1: + return ret; +} + + +/* retrieve ssid info for a domain domid*/ +static PyObject *getssid(PyObject * self, PyObject * args) +{ + /* in */ + uint32_t domid; + /* out */ + char *policytype, *policyreference; + uint32_t ssidref; + + void *ssid_buffer; + uint32_t buf_len; + + if (!PyArg_ParseTuple(args, "i", &domid)) { + return NULL; + } + ssid_buffer = __getssid(domid, &buf_len); + if (ssid_buffer == NULL) { + return NULL; + } else if (buf_len < sizeof(struct acm_ssid_buffer)) { + free(ssid_buffer); + return NULL; + } else { + struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *) ssid_buffer; + policytype = ACM_POLICY_NAME(ssid->secondary_policy_code << 4 | + ssid->primary_policy_code); + ssidref = ssid->ssidref; + policyreference = (char *)(ssid_buffer + ssid->policy_reference_offset + + sizeof (struct acm_policy_reference_buffer)); + } + free(ssid_buffer); + return Py_BuildValue("{s:s,s:s,s:i}", + "policyreference", policyreference, + "policytype", policytype, + "ssidref", ssidref); +} + + +/* retrieve access decision based on domain ids or ssidrefs */ +static PyObject *getdecision(PyObject * self, PyObject * args) +{ + char *arg1_name, *arg1, *arg2_name, *arg2, *decision = NULL; + struct acm_op op; + int acm_cmd_fd, ret; + + if (!PyArg_ParseTuple(args, "ssss", &arg1_name, &arg1, &arg2_name, &arg2)) { + return NULL; + } + + if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { + PERROR("Could not open xen privcmd device!\n"); + return NULL; + } + + if ((strcmp(arg1_name, "domid") && strcmp(arg1_name, "ssidref")) || + (strcmp(arg2_name, "domid") && strcmp(arg2_name, "ssidref"))) + return NULL; + + op.cmd = ACM_GETDECISION; + op.interface_version = ACM_INTERFACE_VERSION; + op.u.getdecision.hook = SHARING; + if (!strcmp(arg1_name, "domid")) { + op.u.getdecision.get_decision_by1 = DOMAINID; + op.u.getdecision.id1.domainid = atoi(arg1); + } else { + op.u.getdecision.get_decision_by1 = SSIDREF; + op.u.getdecision.id1.ssidref = atol(arg1); + } + if (!strcmp(arg2_name, "domid")) { + op.u.getdecision.get_decision_by2 = DOMAINID; + op.u.getdecision.id2.domainid = atoi(arg2); + } else { + op.u.getdecision.get_decision_by2 = SSIDREF; + op.u.getdecision.id2.ssidref = atol(arg2); + } + + ret = do_acm_op(acm_cmd_fd, &op); + close(acm_cmd_fd); + + if (op.u.getdecision.acm_decision == ACM_ACCESS_PERMITTED) + decision = "PERMITTED"; + else if (op.u.getdecision.acm_decision == ACM_ACCESS_DENIED) + decision = "DENIED"; + + return Py_BuildValue("s", decision); +} + +/*=================General Python Extension Declarations=================*/ + +/* methods */ +static PyMethodDef acmMethods[] = { + {"policy", policy, METH_VARARGS, "Retrieve Active ACM Policy Reference Name"}, + {"getssid", getssid, METH_VARARGS, "Retrieve label information and ssidref for a domain"}, + {"getdecision", getdecision, METH_VARARGS, "Retrieve ACM access control decision"}, + /* end of list (extend list above this line) */ + {NULL, NULL, 0, NULL} +}; + +/* inits */ +PyMODINIT_FUNC initacm(void) +{ + Py_InitModule("acm", acmMethods); +} diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/util/security.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/util/security.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,504 @@ +#=========================================================================== +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer +#============================================================================ + +import commands +import logging +import sys, os, string, re +import traceback +import shutil +from xen.lowlevel import acm +from xen.xend import sxp + +#global directories and tools for security management +policy_dir_prefix = "/etc/xen/acm-security/policies" +boot_filename = "/boot/grub/menu.lst" +xensec_xml2bin = "/usr/sbin/xensec_xml2bin" +xensec_tool = "/usr/sbin/xensec_tool" + +#global patterns for map file +#police_reference_tagname = "POLICYREFERENCENAME" +primary_entry_re = re.compile("\s*PRIMARY\s+.*", re.IGNORECASE) +secondary_entry_re = re.compile("\s*SECONDARY\s+.*", re.IGNORECASE) +label_template_re = re.compile(".*security_label_template.xml", re.IGNORECASE) +mapping_filename_re = re.compile(".*\.map", re.IGNORECASE) +policy_reference_entry_re = re.compile("\s*POLICYREFERENCENAME\s+.*", re.IGNORECASE) +vm_label_re = re.compile("\s*LABEL->SSID\s+VM\s+.*", re.IGNORECASE) +res_label_re = re.compile("\s*LABEL->SSID\s+RES\s+.*", re.IGNORECASE) +all_label_re = re.compile("\s*LABEL->SSID\s+.*", re.IGNORECASE) +access_control_re = re.compile("\s*access_control\s*=", re.IGNORECASE) + +#global patterns for boot configuration file +xen_title_re = re.compile("\s*title\s+XEN", re.IGNORECASE) +any_title_re = re.compile("\s*title\s", re.IGNORECASE) +xen_kernel_re = re.compile("\s*kernel.*xen.*\.gz", re.IGNORECASE) +kernel_ver_re = re.compile("\s*module.*vmlinuz", re.IGNORECASE) +any_module_re = re.compile("\s*module\s", re.IGNORECASE) +empty_line_re = re.compile("^\s*$") +binary_name_re = re.compile(".*[chwall|ste|chwall_ste].*\.bin", re.IGNORECASE) +policy_name_re = re.compile(".*[chwall|ste|chwall_ste].*", re.IGNORECASE) + + + +log = logging.getLogger("xend.util.security") + +# Our own exception definition. It is masked (pass) if raised and +# whoever raises this exception must provide error information. +class ACMError(Exception): + def __init__(self,value): + self.value = value + def __str__(self): + return repr(self.value) + + + +def err(msg): + """Raise ACM exception. + """ + sys.stderr.write("ACMError: " + msg + "\n") + raise ACMError(msg) + + + +active_policy = None + + +def refresh_security_policy(): + """ + retrieves security policy + """ + global active_policy + + try: + active_policy = acm.policy() + except: + active_policy = "INACTIVE" + +# now set active_policy +refresh_security_policy() + +def on(): + """ + returns none if security policy is off (not compiled), + any string otherwise, use it: if not security.on() ... + """ + refresh_security_policy() + return (active_policy not in ['INACTIVE', 'NULL']) + + + +# Assumes a 'security' info [security access_control ...] [ssidref ...] +def get_security_info(info, field): + """retrieves security field from self.info['security']) + allowed search fields: ssidref, label, policy + """ + if isinstance(info, dict): + security = info['security'] + elif isinstance(info, list): + security = sxp.child_value(info, 'security', ) + if not security: + if field == 'ssidref': + #return default ssid + return 0 + else: + err("Security information not found in info struct.") + + if field == 'ssidref': + search = 'ssidref' + elif field in ['policy', 'label']: + search = 'access_control' + else: + err("Illegal field in get_security_info.") + + for idx in range(0, len(security)): + if search != security[idx][0]: + continue + if search == 'ssidref': + return int(security[idx][1]) + else: + for aidx in range(0, len(security[idx])): + if security[idx][aidx][0] == field: + return str(security[idx][aidx][1]) + + if search == 'ssidref': + return 0 + else: + return None + + + +def get_security_printlabel(info): + """retrieves printable security label from self.info['security']), + preferably the label name and otherwise (if label is not specified + in config and cannot be found in mapping file) a hex string of the + ssidref or none if both not available + """ + try: + if not on(): + return "INACTIVE" + if active_policy in ["DEFAULT"]: + return "DEFAULT" + + printlabel = get_security_info(info, 'label') + if printlabel: + return printlabel + ssidref = get_security_info(info, 'ssidref') + if not ssidref: + return None + #try to translate ssidref to a label + result = ssidref2label(ssidref) + if not result: + printlabel = "0x%08x" % ssidref + else: + printlabel = result + return printlabel + except ACMError: + #don't throw an exception in xm list + return "ERROR" + + + +def getmapfile(policyname): + """ + in: if policyname is None then the currently + active hypervisor policy is used + out: 1. primary policy, 2. secondary policy, + 3. open file descriptor for mapping file, and + 4. True if policy file is available, False otherwise + """ + if not policyname: + policyname = active_policy + map_file_ok = False + primary = None + secondary = None + #strip last part of policy as file name part + policy_dir_list = string.split(policyname, ".") + policy_file = policy_dir_list.pop() + if len(policy_dir_list) > 0: + policy_dir = string.join(policy_dir_list, "/") + "/" + else: + policy_dir = "" + + map_filename = policy_dir_prefix + "/" + policy_dir + policy_file + ".map" + # check if it is there, if not check if policy file is there + if not os.path.isfile(map_filename): + policy_filename = policy_dir_prefix + "/" + policy_dir + policy_file + "-security_policy.xml" + if not os.path.isfile(policy_filename): + err("Policy file \'" + policy_filename + "\' not found.") + else: + err("Mapping file \'" + map_filename + "\' not found." + + " Use xm makepolicy to create it.") + + f = open(map_filename) + for line in f: + if policy_reference_entry_re.match(line): + l = line.split() + if (len(l) == 2) and (l[1] == policyname): + map_file_ok = True + elif primary_entry_re.match(line): + l = line.split() + if len(l) == 2: + primary = l[1] + elif secondary_entry_re.match(line): + l = line.split() + if len(l) == 2: + secondary = l[1] + f.close() + f = open(map_filename) + if map_file_ok and primary and secondary: + return (primary, secondary, f, True) + else: + err("Mapping file inconsistencies found. Try makepolicy to create a new one.") + + + +def ssidref2label(ssidref_var): + """ + returns labelname corresponding to ssidref; + maps current policy to default directory + to find mapping file + """ + #1. translated permitted input formats + if isinstance(ssidref_var, str): + ssidref_var.strip() + if ssidref_var[0:2] == "0x": + ssidref = int(ssidref_var[2:], 16) + else: + ssidref = int(ssidref_var) + elif isinstance(ssidref_var, int): + ssidref = ssidref_var + else: + err("Instance type of ssidref not supported (must be of type 'str' or 'int')") + + (primary, secondary, f, pol_exists) = getmapfile(None) + if not f: + if (pol_exists): + err("Mapping file for policy \'" + policyname + "\' not found.\n" + + "Please use makepolicy command to create mapping file!") + else: + err("Policy file for \'" + active_policy + "\' not found.") + + #2. get labelnames for both ssidref parts + pri_ssid = ssidref & 0xffff + sec_ssid = ssidref >> 16 + pri_labels = [] + sec_labels = [] + labels = [] + + for line in f: + l = line.split() + if (len(l) < 5) or (l[0] != "LABEL->SSID"): + continue + if primary and (l[2] == primary) and (int(l[4], 16) == pri_ssid): + pri_labels.append(l[3]) + if secondary and (l[2] == secondary) and (int(l[4], 16) == sec_ssid): + sec_labels.append(l[3]) + f.close() + + #3. get the label that is in both lists (combination must be a single label) + if secondary == "NULL": + labels = pri_labels + else: + for i in pri_labels: + for j in sec_labels: + if (i==j): + labels.append(i) + if len(labels) != 1: + err("Label for ssidref \'" + str(ssidref) + + "\' unknown or not unique in policy \'" + active_policy + "\'") + + return labels[0] + + + +def label2ssidref(labelname, policyname): + """ + returns ssidref corresponding to labelname; + maps current policy to default directory + to find mapping file """ + + if policyname in ['NULL', 'INACTIVE', 'DEFAULT']: + err("Cannot translate labels for \'" + policyname + "\' policy.") + + (primary, secondary, f, pol_exists) = getmapfile(policyname) + + #2. get labelnames for ssidref parts and find a common label + pri_ssid = [] + sec_ssid = [] + for line in f: + l = line.split() + if (len(l) < 5) or (l[0] != "LABEL->SSID"): + continue + if primary and (l[2] == primary) and (l[3] == labelname): + pri_ssid.append(int(l[4], 16)) + if secondary and (l[2] == secondary) and (l[3] == labelname): + sec_ssid.append(int(l[4], 16)) + f.close() + + #3. sanity check and composition of ssidref + if (len(pri_ssid) == 0) or ((len(sec_ssid) == 0) and (secondary != "NULL")): + err("Label \'" + labelname + "\' not found.") + elif (len(pri_ssid) > 1) or (len(sec_ssid) > 1): + err("Label \'" + labelname + "\' not unique in policy (policy error)") + if secondary == "NULL": + return pri_ssid[0] + else: + return (sec_ssid[0] << 16) | pri_ssid[0] + + + +def refresh_ssidref(config): + """ + looks up ssidref from security field + and refreshes the value if label exists + """ + #called by dom0, policy could have changed after xen.utils.security was initialized + refresh_security_policy() + + security = None + if isinstance(config, dict): + security = config['security'] + elif isinstance(config, list): + security = sxp.child_value(config, 'security',) + else: + err("Instance type of config parameter not supported.") + if not security: + #nothing to do (no security label attached) + return config + + policyname = None + labelname = None + # compose new security field + for idx in range(0, len(security)): + if security[idx][0] == 'ssidref': + security.pop(idx) + break + elif security[idx][0] == 'access_control': + for jdx in [1, 2]: + if security[idx][jdx][0] == 'label': + labelname = security[idx][jdx][1] + elif security[idx][jdx][0] == 'policy': + policyname = security[idx][jdx][1] + else: + err("Illegal field in access_control") + #verify policy is correct + if active_policy != policyname: + err("Policy \'" + policyname + "\' in label does not match active policy \'" + + active_policy +"\'!") + + new_ssidref = label2ssidref(labelname, policyname) + if not new_ssidref: + err("SSIDREF refresh failed!") + + security.append([ 'ssidref',str(new_ssidref)]) + security = ['security', security ] + + for idx in range(0,len(config)): + if config[idx][0] == 'security': + config.pop(idx) + break + config.append(security) + + + +def get_ssid(domain): + """ + enables domains to retrieve the label / ssidref of a running domain + """ + if not on(): + err("No policy active.") + + if isinstance(domain, str): + domain_int = int(domain) + elif isinstance(domain, int): + domain_int = domain + else: + err("Illegal parameter type.") + try: + ssid_info = acm.getssid(int(domain_int)) + except: + err("Cannot determine security information.") + + if active_policy in ["DEFAULT"]: + label = "DEFAULT" + else: + label = ssidref2label(ssid_info["ssidref"]) + return(ssid_info["policyreference"], + label, + ssid_info["policytype"], + ssid_info["ssidref"]) + + + +def get_decision(arg1, arg2): + """ + enables domains to retrieve access control decisions from + the hypervisor Access Control Module. + IN: args format = ['domid', id] or ['ssidref', ssidref] + or ['access_control', ['policy', policy], ['label', label]] + """ + + if not on(): + err("No policy active.") + + #translate labels before calling low-level function + if arg1[0] == 'access_control': + if (arg1[1][0] != 'policy') or (arg1[2][0] != 'label') : + err("Argument type not supported.") + ssidref = label2ssidref(arg1[2][1], arg1[1][1]) + arg1 = ['ssidref', str(ssidref)] + if arg2[0] == 'access_control': + if (arg2[1][0] != 'policy') or (arg2[2][0] != 'label') : + err("Argument type not supported.") + ssidref = label2ssidref(arg2[2][1], arg2[1][1]) + arg2 = ['ssidref', str(ssidref)] + try: + decision = acm.getdecision(arg1[0], arg1[1], arg2[0], arg2[1]) + except: + err("Cannot determine decision.") + + if decision: + return decision + else: + err("Cannot determine decision (Invalid parameter).") + + + +def make_policy(policy_name): + policy_file = string.join(string.split(policy_name, "."), "/") + if not os.path.isfile(policy_dir_prefix + "/" + policy_file + "-security_policy.xml"): + err("Unknown policy \'" + policy_name + "\'") + + (ret, output) = commands.getstatusoutput(xensec_xml2bin + " -d " + policy_dir_prefix + " " + policy_file) + if ret: + err("Creating policy failed:\n" + output) + + + +def load_policy(policy_name): + global active_policy + policy_file = policy_dir_prefix + "/" + string.join(string.split(policy_name, "."), "/") + if not os.path.isfile(policy_file + ".bin"): + if os.path.isfile(policy_file + "-security_policy.xml"): + err("Binary file does not exist." + + "Please use makepolicy to build the policy binary.") + else: + err("Unknown Policy " + policy_name) + + #require this policy to be the first or the same as installed + if active_policy not in ['DEFAULT', policy_name]: + err("Active policy \'" + active_policy + + "\' incompatible with new policy \'" + policy_name + "\'") + (ret, output) = commands.getstatusoutput(xensec_tool + " loadpolicy " + policy_file + ".bin") + if ret: + err("Loading policy failed:\n" + output) + else: + # refresh active policy + refresh_security_policy() + + + +def dump_policy(): + if active_policy in ['NULL', 'INACTIVE']: + err("\'" + active_policy + "\' policy. Nothing to dump.") + + (ret, output) = commands.getstatusoutput(xensec_tool + " getpolicy") + if ret: + err("Dumping hypervisor policy failed:\n" + output) + print output + + + +def list_labels(policy_name, condition): + if (not policy_name) and (active_policy) in ["NULL", "INACTIVE", "DEFAULT"]: + err("Current policy \'" + active_policy + "\' has no labels defined.\n") + + (primary, secondary, f, pol_exists) = getmapfile(policy_name) + if not f: + if pol_exists: + err("Cannot find mapfile for policy \'" + policy_name + + "\'.\nPlease use makepolicy to create mapping file.") + else: + err("Unknown policy \'" + policy_name + "\'") + + labels = [] + for line in f: + if condition.match(line): + label = line.split()[3] + if label not in labels: + labels.append(label) + return labels diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/addlabel.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/addlabel.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,76 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer <sailer@xxxxxxxxxx> +#============================================================================ + +"""Labeling a domain configuration file. +""" +import sys, os +import traceback + + +from xen.util.security import ACMError, err, active_policy, label2ssidref, on, access_control_re + + +def usage(): + print "\nUsage: xm addlabel <configfile> <label> [<policy>]\n" + print " This program adds an acm_label entry into the 'configfile'." + print " It derives the policy from the running hypervisor if it" + print " is not given (optional parameter). If the configfile is" + print " already labeled, then addlabel fails.\n" + err("Usage") + + +def main(argv): + try: + policyref = None + if len(argv) not in [3,4]: + usage() + configfile = argv[1] + label = argv[2] + + if len(argv) == 4: + policyref = argv[3] + elif on(): + policyref = active_policy + else: + err("No active policy. Policy must be specified in command line.") + + #sanity checks: make sure this label can be instantiated later on + ssidref = label2ssidref(label, policyref) + + new_label = "access_control = ['policy=%s,label=%s']\n" % (policyref, label) + if not os.path.isfile(configfile): + err("Configuration file \'" + configfile + "\' not found.") + config_fd = open(configfile, "ra+") + for line in config_fd: + if not access_control_re.match(line): + continue + config_fd.close() + err("Config file \'" + configfile + "\' is already labeled.") + config_fd.write(new_label) + config_fd.close() + + except ACMError: + pass + except: + traceback.print_exc(limit=1) + + +if __name__ == '__main__': + main(sys.argv) + + diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/cfgbootpolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/cfgbootpolicy.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,188 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer <sailer@xxxxxxxxxx> +#============================================================================ +"""Configuring a security policy into the boot configuration +""" + +import sys +import traceback +import tempfile +import os, stat +import re +import commands +import shutil +import string +from xen.util.security import ACMError, err +from xen.util.security import policy_dir_prefix, boot_filename, xen_title_re +from xen.util.security import any_title_re, xen_kernel_re, kernel_ver_re, any_module_re +from xen.util.security import empty_line_re, binary_name_re, policy_name_re + + +def usage(): + print "\nUsage: xm cfgbootpolicy <policy> [<kernelversion>]\n" + print " Adds a 'module' line to the Xen grub.conf entry" + print " so that xen boots into a specific access control" + print " policy. If kernelversion is not given, then this" + print " script tries to determine it by looking for a grub" + print " entry with a line kernel xen.* If there are multiple" + print " Xen entries, then it must be called with an explicit" + print " version (it will fail otherwise).\n" + err("Usage") + + + +def determine_kernelversion(user_specified): + within_xen_title = 0 + within_xen_entry = 0 + version_list = [] + guess_version = None + + grub_fd = open(boot_filename) + for line in grub_fd: + if xen_title_re.match(line): + within_xen_title = 1 + elif within_xen_title and xen_kernel_re.match(line): + within_xen_entry = 1 + elif within_xen_title and within_xen_entry and kernel_ver_re.match(line): + for i in line.split(): + if (i.find("vmlinuz-") >= 0): + # skip start until "vmlinuz-" + guess_version = i[i.find("vmlinuz-") + len("vmlinuz-"):] + if user_specified: + if (guess_version == user_specified): + version_list.append(guess_version) + else: + version_list.append(guess_version) + elif len(line.split()) > 0: + if line.split()[0] == "title": + within_xen_title = 0 + within_xen_entry = 0 + if len(version_list) > 1: + err("Cannot decide between entries for kernels: " + version_list) + elif len(version_list) == 0: + err("Cannot find a boot entry candidate (please create a Xen boot entry first).") + else: + return version_list[0] + + + +def insert_policy(boot_file, kernel_version, policy_name): + """ + inserts policy binary file as last line of the grub entry + matching the kernel_version version + """ + within_xen_title = 0 + within_xen_entry = 0 + insert_at_end_of_entry = 0 + path_prefix = '' + done = False + (tmp_fd, tmp_grub) = tempfile.mkstemp() + #follow symlink since menue.lst might be linked to grub.conf + if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]): + new_name = os.readlink(boot_file) + if new_name[0] == "/": + boot_file = new_name + else: + path = boot_file.split('/') + path[len(path)-1] = new_name + boot_file = '/'.join(path) + if not os.path.exists(boot_file): + err("Boot file \'" + boot_file + "\' not found.") + grub_fd = open(boot_file) + for line in grub_fd: + if xen_title_re.match(line): + within_xen_title = 1 + elif within_xen_title and xen_kernel_re.match(line): + within_xen_entry = 1 + elif within_xen_title and within_xen_entry and kernel_ver_re.match(line): + for i in line.split(): + if (i.find("vmlinuz-") >= 0): + if kernel_version == i[i.find("vmlinuz-") + len("vmlinuz-"):]: + insert_at_end_of_entry = 1 + path_prefix = i[0:i.find("vmlinuz-")] + elif any_module_re.match(line) and insert_at_end_of_entry: + if binary_name_re.match(line): + #delete existing policy module line + line='' + elif any_title_re.match(line): + within_xen_title = 0 + within_xen_entry = 0 + + if (empty_line_re.match(line) or any_title_re.match(line)) and insert_at_end_of_entry: + #newline or new title: we insert the policy module line here + os.write(tmp_fd, "\tmodule " + path_prefix + policy_name + ".bin\n") + insert_at_end_of_entry = 0 + #write the line that was read (except potential existing policy entry) + os.write(tmp_fd, line) + + if insert_at_end_of_entry: + #last entry, no empty line at end of file + os.write(tmp_fd, "\tmodule " + path_prefix + policy_name + ".bin\n") + + #temp file might be destroyed when closing it, first copy ... + shutil.move(boot_file, boot_file+"_save") + shutil.copyfile(tmp_grub, boot_file) + os.close(tmp_fd) + #temp file did not disappear on my system ... + try: + os.remove(tmp_grub) + except: + pass + + + +def main(argv): + try: + user_kver = None + policy = None + if len(argv) == 2: + policy = argv[1] + elif len(argv) == 3: + policy = argv[1] + user_kver = argv[2] + else: + usage() + + if not policy_name_re.match(policy): + err("Illegal policy name \'" + policy + "\'") + + policy_file = policy_dir_prefix + "/" + string.join(string.split(policy, "."), "/") + src_binary_policy_file = policy_file + ".bin" + #check if .bin exists or if policy file exists + if not os.path.isfile(src_binary_policy_file): + if not os.path.isfile(policy_file + "-security_policy.xml"): + err("Unknown policy \'" + policy +"\'") + else: + err("Cannot find binary file for policy \'" + policy + + "\'. Please use makepolicy to create binary file.") + dst_binary_policy_file = "/boot/" + policy + ".bin" + shutil.copyfile(src_binary_policy_file, dst_binary_policy_file) + + kernel_version = determine_kernelversion(user_kver) + insert_policy(boot_filename, kernel_version, policy) + print "Boot entry created and \'%s\' copied to /boot" % (policy + ".bin") + + except ACMError: + pass + except: + traceback.print_exc(limit=1) + + + +if __name__ == '__main__': + main(sys.argv) + diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/dumppolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/dumppolicy.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,49 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer <sailer@xxxxxxxxxx> +#============================================================================ +"""Display currently enforced policy (low-level hypervisor representation). +""" +import sys +import traceback +import os +import commands +import shutil +import string +from xen.util.security import ACMError, err, dump_policy + + +def usage(): + print "\nUsage: xm dumppolicy\n" + print " Retrieve and print currently enforced" + print " hypervisor policy information (low-level).\n" + err("Usage") + + +def main(argv): + try: + dump_policy() + + except ACMError: + pass + except: + traceback.print_exc(limit=1) + + +if __name__ == '__main__': + main(sys.argv) + + diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/labels.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/labels.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,85 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer <sailer@xxxxxxxxxx> +#============================================================================ + +"""Listing available labels for a policy. +""" +import sys +import traceback +import os +import commands +import shutil +import string +from xen.util.security import ACMError, err, list_labels, active_policy +from xen.util.security import vm_label_re, res_label_re, all_label_re + +def usage(): + print "\nUsage: xm labels [<policy>] [<type=dom|res|any>]\n" + print " Prints labels of the specified type (default is dom)" + print " that are defined in policy (default is current" + print " hypervisor policy).\n" + err("Usage") + + +def main(argv): + try: + policy = None + type = None + for i in argv[1:]: + i_s = string.split(i, '=') + if len(i_s) > 1: + if (i_s[0] == 'type') and (len(i_s) == 2): + if not type: + type = i_s[1] + else: + usage() + else: + usage() + else: + if not policy: + policy = i + else: + usage() + + if not policy: + policy = active_policy + if active_policy in ['NULL', 'INACTIVE', 'DEFAULT']: + err("No policy active. Please specify the <policy> parameter.") + + if not type or (type in ['DOM', 'dom']): + condition = vm_label_re + elif type in ['RES', 'res']: + condition = res_label_re + elif type in ['ANY', 'any']: + condition = all_label_re + else: + err("Unknown label type \'" + type + "\'") + + labels = list_labels(policy, condition) + labels.sort() + for label in labels: + print label + except ACMError: + pass + except: + traceback.print_exc(limit=1) + + +if __name__ == '__main__': + main(sys.argv) + + diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/loadpolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/loadpolicy.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,51 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer <sailer@xxxxxxxxxx> +#============================================================================ + +"""Loading a compiled binary policy into the hypervisor. +""" +import sys +import traceback +import os +import commands +import shutil +import string +from xen.util.security import ACMError, err, load_policy + + +def usage(): + print "\nUsage: xm loadpolicy <policy>\n" + print " Load the compiled binary (.bin) policy" + print " into the running hypervisor.\n" + err("Usage") + +def main(argv): + try: + if len(argv) != 2: + usage() + load_policy(argv[1]) + except ACMError: + pass + except: + traceback.print_exc(limit=1) + + + +if __name__ == '__main__': + main(sys.argv) + + diff -r 9a915e2828f3 -r ae709b250f43 tools/python/xen/xm/makepolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/makepolicy.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,53 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2006 International Business Machines Corp. +# Author: Reiner Sailer <sailer@xxxxxxxxxx> +#============================================================================ +"""Compiling a XML source policy file into mapping and binary versions. +""" +import sys +import traceback +import os +import commands +import shutil +import string +from xen.util.security import ACMError, err, make_policy + + +def usage(): + print "\nUsage: xm makepolicy <policy>\n" + print " Translate an XML source policy and create" + print " mapping file and binary policy.\n" + err("Usage") + + + +def main(argv): + try: + if len(argv) != 2: + usage() + make_policy(argv[1]) + + except ACMError: + pass + except: + traceback.print_exc(limit=1) + + + +if __name__ == '__main__': + main(sys.argv) + + diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/example/chwall/client_v1-security_policy.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/security/policies/example/chwall/client_v1-security_policy.xml Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> +<!-- This file defines the security policies, which --> +<!-- can be enforced by the Xen Access Control Module. --> +<!-- Currently: Chinese Wall and Simple Type Enforcement--> +<SecurityPolicyDefinition xmlns="http://www.ibm.com"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> + <PolicyHeader> + <PolicyName>example.chwall.client_v1</PolicyName> + <PolicyUrl>www.ibm.com/example/chwall/client_v1</PolicyUrl> + <Date>2006-03-31</Date> + </PolicyHeader> + <!-- --> + <!-- example of a chinese wall type definition --> + <!-- along with its conflict sets --> + <!-- (typse in a confict set are exclusive, i.e. --> + <!-- once a Domain with one type of a set is --> + <!-- running, no other Domain with another type --> + <!-- of the same conflict set can start.) --> + <ChineseWall priority="PrimaryPolicyComponent"> + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + <Type>cw_Sensitive</Type> + <Type>cw_Isolated</Type> + <Type>cw_Distrusted</Type> + </ChineseWallTypes> + <ConflictSets> + <Conflict name="Protection1"> + <Type>cw_Sensitive</Type> + <Type>cw_Distrusted</Type> + </Conflict> + </ConflictSets> + </ChineseWall> + <SecurityLabelTemplate> + <SubjectLabels bootstrap="dom_SystemManagement"> + <!-- single ste typed domains --> + <!-- ACM enforces that only domains with --> + <!-- the same type can share information --> + <!-- --> + <!-- Bootstrap label is assigned to Dom0 --> + <VirtualMachineLabel> + <Name>dom_HomeBanking</Name> + <ChineseWallTypes> + <Type>cw_Sensitive</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <Name>dom_Fun</Name> + <ChineseWallTypes> + <Type>cw_Distrusted</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- donating some cycles to seti@home --> + <Name>dom_BoincClient</Name> + <ChineseWallTypes> + <Type>cw_Isolated</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <!-- Domains with multiple ste types services; such domains --> + <!-- must keep the types inside their domain safely confined. --> + <VirtualMachineLabel> + <Name>dom_SystemManagement</Name> + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- serves persistent storage to other domains --> + <Name>dom_StorageDomain</Name> + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- serves network access to other domains --> + <Name>dom_NetworkDomain</Name> + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + </SubjectLabels> + </SecurityLabelTemplate> + +</SecurityPolicyDefinition> + diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/example/chwall_ste/client_v1-security_policy.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/security/policies/example/chwall_ste/client_v1-security_policy.xml Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,194 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> +<!-- This file defines the security policies, which --> +<!-- can be enforced by the Xen Access Control Module. --> +<!-- Currently: Chinese Wall and Simple Type Enforcement--> +<SecurityPolicyDefinition xmlns="http://www.ibm.com"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> + <PolicyHeader> + <PolicyName>example.chwall_ste.client_v1</PolicyName> + <PolicyUrl>www.ibm.com/example/chwall_ste/client_v1</PolicyUrl> + <Date>2006-03-31</Date> + </PolicyHeader> + <!-- --> + <!-- example of a simple type enforcement policy definition --> + <!-- --> + <SimpleTypeEnforcement> + <SimpleTypeEnforcementTypes> + <Type>ste_SystemManagement</Type><!-- machine/security management --> + <Type>ste_PersonalFinances</Type><!-- personal finances --> + <Type>ste_InternetInsecure</Type><!-- games, active X, etc. --> + <Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home --> + <Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A--> + <Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0--> + </SimpleTypeEnforcementTypes> + </SimpleTypeEnforcement> + <!-- --> + <!-- example of a chinese wall type definition --> + <!-- along with its conflict sets --> + <!-- (typse in a confict set are exclusive, i.e. --> + <!-- once a Domain with one type of a set is --> + <!-- running, no other Domain with another type --> + <!-- of the same conflict set can start.) --> + <ChineseWall priority="PrimaryPolicyComponent"> + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + <Type>cw_Sensitive</Type> + <Type>cw_Isolated</Type> + <Type>cw_Distrusted</Type> + </ChineseWallTypes> + + <ConflictSets> + <Conflict name="Protection1"> + <Type>cw_Sensitive</Type> + <Type>cw_Distrusted</Type> + </Conflict> + </ConflictSets> + </ChineseWall> + <SecurityLabelTemplate> + <SubjectLabels bootstrap="dom_SystemManagement"> + <!-- single ste typed domains --> + <!-- ACM enforces that only domains with --> + <!-- the same type can share information --> + <!-- --> + <!-- Bootstrap label is assigned to Dom0 --> + <VirtualMachineLabel> + <Name>dom_HomeBanking</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersonalFinances</Type> + </SimpleTypeEnforcementTypes> + + <ChineseWallTypes> + <Type>cw_Sensitive</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <Name>dom_Fun</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_InternetInsecure</Type> + </SimpleTypeEnforcementTypes> + + <ChineseWallTypes> + <Type>cw_Distrusted</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- donating some cycles to seti@home --> + <Name>dom_BoincClient</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_DonatedCycles</Type> + </SimpleTypeEnforcementTypes> + + <ChineseWallTypes> + <Type>cw_Isolated</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <!-- Domains with multiple ste types services; such domains --> + <!-- must keep the types inside their domain safely confined. --> + <VirtualMachineLabel> + <Name>dom_SystemManagement</Name> + <SimpleTypeEnforcementTypes> + <!-- since dom0 needs access to every domain and --> + <!-- resource right now ... --> + <Type>ste_SystemManagement</Type> + <Type>ste_PersonalFinances</Type> + <Type>ste_InternetInsecure</Type> + <Type>ste_DonatedCycles</Type> + <Type>ste_PersistentStorageA</Type> + <Type>ste_NetworkAdapter0</Type> + </SimpleTypeEnforcementTypes> + + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- serves persistent storage to other domains --> + <Name>dom_StorageDomain</Name> + <SimpleTypeEnforcementTypes> + <!-- access right to the resource (hard drive a) --> + <Type>ste_PersistentStorageA</Type> + <!-- can serve following types --> + <Type>ste_PersonalFinances</Type> + <Type>ste_InternetInsecure</Type> + </SimpleTypeEnforcementTypes> + + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- serves network access to other domains --> + <Name>dom_NetworkDomain</Name> + <SimpleTypeEnforcementTypes> + <!-- access right to the resource (ethernet card) --> + <Type>ste_NetworkAdapter0</Type> + <!-- can serve following types --> + <Type>ste_PersonalFinances</Type> + <Type>ste_InternetInsecure</Type> + <Type>ste_DonatedCycles</Type> + </SimpleTypeEnforcementTypes> + + <ChineseWallTypes> + <Type>cw_SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + </SubjectLabels> + + <ObjectLabels> + <ResourceLabel> + <Name>res_ManagementResource</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_SystemManagement</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_HardDrive(hda)</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersistentStorageA</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_LogicalDiskPartition1(hda1)</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersonalFinances</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_LogicalDiskPartition2(hda2)</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_InternetInsecure</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_EthernetCard</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_NetworkAdapter0</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_SecurityToken</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersonalFinances</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_GraphicsAdapter</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_SystemManagement</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + </ObjectLabels> + </SecurityLabelTemplate> +</SecurityPolicyDefinition> + diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/example/ste/client_v1-security_policy.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/security/policies/example/ste/client_v1-security_policy.xml Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,149 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> +<!-- This file defines the security policies, which --> +<!-- can be enforced by the Xen Access Control Module. --> +<!-- Currently: Chinese Wall and Simple Type Enforcement--> +<SecurityPolicyDefinition xmlns="http://www.ibm.com"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> + <PolicyHeader> + <PolicyName>example.ste.client_v1</PolicyName> + <PolicyUrl>www.ibm.com/example/ste/client_v1</PolicyUrl> + <Date>2006-03-31</Date> + </PolicyHeader> + <!-- --> + <!-- example of a simple type enforcement policy definition --> + <!-- --> + <SimpleTypeEnforcement> + <SimpleTypeEnforcementTypes> + <Type>ste_SystemManagement</Type><!-- machine/security management --> + <Type>ste_PersonalFinances</Type><!-- personal finances --> + <Type>ste_InternetInsecure</Type><!-- games, active X, etc. --> + <Type>ste_DonatedCycles</Type><!-- donation to BOINC/seti@home --> + <Type>ste_PersistentStorageA</Type><!-- domain managing the harddrive A--> + <Type>ste_NetworkAdapter0</Type><!-- type of the domain managing ethernet adapter 0--> + </SimpleTypeEnforcementTypes> + </SimpleTypeEnforcement> + <SecurityLabelTemplate> + <SubjectLabels bootstrap="dom_SystemManagement"> + <!-- single ste typed domains --> + <!-- ACM enforces that only domains with --> + <!-- the same type can share information --> + <!-- --> + <!-- Bootstrap label is assigned to Dom0 --> + <VirtualMachineLabel> + <Name>dom_HomeBanking</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersonalFinances</Type> + </SimpleTypeEnforcementTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <Name>dom_Fun</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_InternetInsecure</Type> + </SimpleTypeEnforcementTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- donating some cycles to seti@home --> + <Name>dom_BoincClient</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_DonatedCycles</Type> + </SimpleTypeEnforcementTypes> + </VirtualMachineLabel> + + <!-- Domains with multiple ste types services; such domains --> + <!-- must keep the types inside their domain safely confined. --> + <VirtualMachineLabel> + <Name>dom_SystemManagement</Name> + <SimpleTypeEnforcementTypes> + <!-- since dom0 needs access to every domain and --> + <!-- resource right now ... --> + <Type>ste_SystemManagement</Type> + <Type>ste_PersonalFinances</Type> + <Type>ste_InternetInsecure</Type> + <Type>ste_DonatedCycles</Type> + <Type>ste_PersistentStorageA</Type> + <Type>ste_NetworkAdapter0</Type> + </SimpleTypeEnforcementTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- serves persistent storage to other domains --> + <Name>dom_StorageDomain</Name> + <SimpleTypeEnforcementTypes> + <!-- access right to the resource (hard drive a) --> + <Type>ste_PersistentStorageA</Type> + <!-- can serve following types --> + <Type>ste_PersonalFinances</Type> + <Type>ste_InternetInsecure</Type> + </SimpleTypeEnforcementTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <!-- serves network access to other domains --> + <Name>dom_NetworkDomain</Name> + <SimpleTypeEnforcementTypes> + <!-- access right to the resource (ethernet card) --> + <Type>ste_NetworkAdapter0</Type> + <!-- can serve following types --> + <Type>ste_PersonalFinances</Type> + <Type>ste_InternetInsecure</Type> + <Type>ste_DonatedCycles</Type> + </SimpleTypeEnforcementTypes> + </VirtualMachineLabel> + </SubjectLabels> + + <ObjectLabels> + <ResourceLabel> + <Name>res_ManagementResource</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_SystemManagement</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_HardDrive(hda)</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersistentStorageA</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_LogicalDiskPartition1(hda1)</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersonalFinances</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_LogicalDiskPartition2(hda2)</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_InternetInsecure</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_EthernetCard</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_NetworkAdapter0</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_SecurityToken</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_PersonalFinances</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>res_GraphicsAdapter</Name> + <SimpleTypeEnforcementTypes> + <Type>ste_SystemManagement</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + </ObjectLabels> + </SecurityLabelTemplate> + +</SecurityPolicyDefinition> + diff -r 9a915e2828f3 -r ae709b250f43 tools/security/python/xensec_tools/acm_getdecision --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/security/python/xensec_tools/acm_getdecision Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,55 @@ +#!/usr/bin/env python +# -*- mode: python; -*- +import sys +import traceback +import getopt + +# add fallback path for non-native python path installs if needed +sys.path.insert(-1, '/usr/lib/python') +sys.path.insert(-1, '/usr/lib64/python') + +from xen.util.security import ACMError, err, get_decision, active_policy + +def usage(): + print "Usage: acm_getdecision -i domainid --label labelname" + print " Test program illustrating the retrieval of" + print " access control decisions from Xen. At this time," + print " only sharing (STE) policy decisions are supported." + print " Arguments are two paramters in any combination:" + print "\t -i domain_id or --domid domain_id" + print "\t -l labelname or --label labelname" + print " Return value:" + print "\t PERMITTED if access is permitted" + print "\t DENIED if access is denied" + print "\t ACMError -- e.g., unknown label or domain id" + err("Usage") + +try: + + if len(sys.argv) != 5: + usage() + + decision_args = [] + + for idx in range(1, len(sys.argv), 2): + if sys.argv[idx] in ['-i', '--domid']: + decision_args.append(['domid', sys.argv[idx+1]]) + elif sys.argv[idx] in ['-l', '--label']: + decision_args.append(['access_control', + ['policy', active_policy], + ['label', sys.argv[idx+1]] + ]) + else: + print "unknown argument %s" % sys.argv[idx] + usage() + + if len(decision_args) != 2: + print "too many arguments" + usage() + + print get_decision(decision_args[0], decision_args[1]) + +except ACMError: + pass +except: + traceback.print_exc(limit=1) diff -r 9a915e2828f3 -r ae709b250f43 tools/security/python/xensec_tools/acm_getlabel --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/security/python/xensec_tools/acm_getlabel Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,48 @@ +#!/usr/bin/env python +# -*- mode: python; -*- +import sys +import traceback +import getopt + +# add fallback path for non-native python path installs if needed +sys.path.insert(-1, '/usr/lib/python') +sys.path.insert(-1, '/usr/lib64/python') + +from xen.util.security import ACMError, err, get_ssid + +# getopt.gnu_getopt is better, but only exists in Python 2.3+. Use +# getopt.getopt if gnu_getopt is not available. This will mean that options +# may only be specified before positional arguments. +if not hasattr(getopt, 'gnu_getopt'): + getopt.gnu_getopt = getopt.getopt + +def usage(): + print "Usage: acm_getlabel -i domainid" + print " Test program illustrating the retrieval of" + print " label information (for domains) from Xen." + print " Argument is one paramter describing the domain" + print " for which the label is retrieved." + print "\t -i domain_id or --domid=domain_id" + print " Return value:" + print "\t none -- Error (e.g., unknown ssidref, label, or domain id)" + print "\t (labelname, policyname, ssidref)" + err("Usage") + +try: + domid = None + (options, params) = getopt.gnu_getopt(sys.argv[1:], ':i:', ['domid=']) + for (k, v) in options: + if k in ['-i', '--domid']: + if not domid: + domid = v + else: + usage() + if not domid: + usage() + + print get_ssid(domid) + +except ACMError: + pass +except: + traceback.print_exc(limit=1) diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/tests/create/16_create_smallmem_neg.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/xm-test/tests/create/16_create_smallmem_neg.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,32 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2005 +# Author: Dan Smith <danms@xxxxxxxxxx> + +from XmTestLib import * + +# This is under the default lower limit of 32 and we expect this test +# to fail. 16MBs isn't enough for the -xen kernel. +MEM = 16 + +domain = XmTestDomain(extraConfig={"memory": MEM, + "extra" :"mem=%iM" % MEM}) + +try: + domain.start() +except DomainError, e: + FAIL("Unable to start a domain with %i MB" % MEM) + +try: + console = XmConsole(domain.getName()) + console.sendInput("input") + console.runCmd("ls") +except ConsoleError, e: + if e.reason == RUNAWAY: + print "Domain with %i MB has runaway console as expected" % MEM + else: + print "Starting a domain with %i MB failed as expected" % MEM +else: + FAIL("Starting a console with %i MB passed, expected test to fail" % MEM) + +domain.destroy() diff -r 9a915e2828f3 -r ae709b250f43 tools/xm-test/tests/vtpm/04_vtpm-loc_migr.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/xm-test/tests/vtpm/04_vtpm-loc_migr.py Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,99 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@xxxxxxxxxx> + +# Positive Test: create domain with virtual TPM attached at build time, +# check list of pcrs; locally migrate the domain and +# check list of pcrs again + +from XmTestLib import * +from vtpm_utils import * +import commands +import os +import os.path + +config = {"vtpm":"instance=1,backend=0"} +domain = XmTestDomain(extraConfig=config) + +try: + domain.start() +except DomainError, e: + if verbose: + print e.extra + vtpm_cleanup(domain.getName()) + FAIL("Unable to create domain") + +domName = domain.getName() + +try: + console = XmConsole(domain.getName()) +except ConsoleError, e: + vtpm_cleanup(domName) + FAIL(str(e)) + +try: + console.sendInput("input") +except ConsoleError, e: + saveLog(console.getHistory()) + vtpm_cleanup(domName) + FAIL(str(e)) + +try: + run = console.runCmd("cat /sys/devices/platform/tpm_vtpm/pcrs") +except ConsoleError, e: + saveLog(console.getHistory()) + vtpm_cleanup(domName) + FAIL(str(e)) + +if re.search("No such file",run["output"]): + vtpm_cleanup(domName) + FAIL("TPM frontend support not compiled into (domU?) kernel") + +console.closeConsole() + +old_domid = domid(domName) + +try: + status, ouptut = traceCommand("xm migrate -l %s localhost" % + domName, + timeout=90) +except TimeoutError, e: + saveLog(console.getHistory()) + vtpm_cleanup(domName) + FAIL(str(e)) + +if status != 0: + saveLog(console.getHistory()) + vtpm_cleanup(domName) + FAIL("xm migrate did not succeed. External device migration activated?") + + +domName = domain.getName() +new_domid = domid(domName) + +if (old_domid == new_domid): + vtpm_cleanup(domName) + FAIL("xm migrate failed, domain id is still %s" % old_domid) + +try: + console = XmConsole(domain.getName()) +except ConsoleError, e: + vtpm_cleanup(domName) + FAIL(str(e)) + +try: + run = console.runCmd("cat /sys/devices/platform/tpm_vtpm/pcrs") +except ConsoleError, e: + saveLog(console.getHistory()) + vtpm_cleanup(domName) + FAIL(str(e)) + +console.closeConsole() + +domain.stop() + +vtpm_cleanup(domName) + +if not re.search("PCR-00:",run["output"]): + FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") diff -r 9a915e2828f3 -r ae709b250f43 xen/arch/x86/hvm/i8254.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/x86/hvm/i8254.c Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,595 @@ +/* + * QEMU 8253/8254 interval timer emulation + * + * Copyright (c) 2003-2004 Fabrice Bellard + * Copyright (c) 2006 Intel Corperation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +/* Edwin Zhai <edwin.zhai@xxxxxxxxx> + * Ported to xen: + * use actimer for intr generation; + * move speaker io access to hypervisor; + * use new method for counter/intrs calculation + */ + +#include <xen/config.h> +#include <xen/types.h> +#include <xen/mm.h> +#include <xen/xmalloc.h> +#include <xen/lib.h> +#include <xen/errno.h> +#include <xen/sched.h> +#include <asm/hvm/hvm.h> +#include <asm/hvm/io.h> +#include <asm/hvm/support.h> +#include <asm/hvm/vpit.h> +#include <asm/current.h> + +/*#define DEBUG_PIT*/ + +#define RW_STATE_LSB 1 +#define RW_STATE_MSB 2 +#define RW_STATE_WORD0 3 +#define RW_STATE_WORD1 4 + +#ifndef NSEC_PER_SEC +#define NSEC_PER_SEC (1000000000ULL) +#endif + +#ifndef TIMER_SLOP +#define TIMER_SLOP (50*1000) /* ns */ +#endif + +static void pit_irq_timer_update(PITChannelState *s, s64 current_time); + +s_time_t hvm_get_clock(void) +{ + /* TODO: add pause/unpause support */ + return NOW(); +} + +static int pit_get_count(PITChannelState *s) +{ + u64 d; + u64 counter; + + d = hvm_get_clock() - s->count_load_time; + switch(s->mode) { + case 0: + case 1: + case 4: + case 5: + counter = (s->period - d) & 0xffff; + break; + case 3: + /* XXX: may be incorrect for odd counts */ + counter = s->period - ((2 * d) % s->period); + break; + default: + /* mod 2 counter handle */ + d = hvm_get_clock() - s->hvm_time->count_point; + d += s->hvm_time->count_advance; + counter = s->period - (d % s->period); + break; + } + /* change from ns to pit counter */ + counter = DIV_ROUND( (counter * PIT_FREQ), NSEC_PER_SEC); + return counter; +} + +/* get pit output bit */ +static int pit_get_out1(PITChannelState *s, s64 current_time) +{ + u64 d; + int out; + + d = current_time - s->count_load_time; + switch(s->mode) { + default: + case 0: + out = (d >= s->period); + break; + case 1: + out = (d < s->period); + break; + case 2: + /* mod2 out is no meaning, since intr are generated in background */ + if ((d % s->period) == 0 && d != 0) + out = 1; + else + out = 0; + break; + case 3: + out = (d % s->period) < ((s->period + 1) >> 1); + break; + case 4: + case 5: + out = (d == s->period); + break; + } + return out; +} + +int pit_get_out(hvm_virpit *pit, int channel, s64 current_time) +{ + PITChannelState *s = &pit->channels[channel]; + return pit_get_out1(s, current_time); +} + +static __inline__ s64 missed_ticks(PITChannelState *s, s64 current_time) +{ + struct hvm_time_info *hvm_time = s->hvm_time; + struct domain *d = (void *) s - + offsetof(struct domain, arch.hvm_domain.vpit.channels[0]); + + /* ticks from current time(expected time) to NOW */ + int missed_ticks; + /* current_time is expected time for next intr, check if it's true + * (actimer has a TIMER_SLOP in advance) + */ + s64 missed_time = hvm_get_clock() + TIMER_SLOP - current_time; + + if (missed_time >= 0) { + missed_ticks = missed_time/(s_time_t)s->period + 1; + if (test_bit(_DOMF_debugging, &d->domain_flags)) { + hvm_time->pending_intr_nr++; + } else { + hvm_time->pending_intr_nr += missed_ticks; + } + s->next_transition_time = current_time + (missed_ticks ) * s->period; + } + + return s->next_transition_time; +} + +/* only rearm the actimer when return value > 0 + * -2: init state + * -1: the mode has expired + * 0: current VCPU is not running + * >0: the next fired time + */ +s64 pit_get_next_transition_time(PITChannelState *s, + s64 current_time) +{ + s64 d, next_time, base; + int period2; + struct hvm_time_info *hvm_time = s->hvm_time; + + d = current_time - s->count_load_time; + switch(s->mode) { + default: + case 0: + case 1: + if (d < s->period) + next_time = s->period; + else + return -1; + break; + case 2: + next_time = missed_ticks(s, current_time); + if ( !test_bit(_VCPUF_running, &(hvm_time->vcpu->vcpu_flags)) ) + return 0; + break; + case 3: + base = (d / s->period) * s->period; + period2 = ((s->period + 1) >> 1); + if ((d - base) < period2) + next_time = base + period2; + else + next_time = base + s->period; + break; + case 4: + case 5: + if (d < s->period) + next_time = s->period; + else if (d == s->period) + next_time = s->period + 1; + else + return -1; + break; + case 0xff: + return -2; /* for init state */ + break; + } + /* XXX: better solution: use a clock at PIT_FREQ Hz */ + if (next_time <= current_time){ +#ifdef DEBUG_PIT + printk("HVM_PIT:next_time <= current_time. next=0x%llx, current=0x%llx!\n",next_time, current_time); +#endif + next_time = current_time + 1; + } + return next_time; +} + +/* val must be 0 or 1 */ +void pit_set_gate(hvm_virpit *pit, int channel, int val) +{ + PITChannelState *s = &pit->channels[channel]; + + switch(s->mode) { + default: + case 0: + case 4: + /* XXX: just disable/enable counting */ + break; + case 1: + case 5: + if (s->gate < val) { + /* restart counting on rising edge */ + s->count_load_time = hvm_get_clock(); + pit_irq_timer_update(s, s->count_load_time); + } + break; + case 2: + case 3: + if (s->gate < val) { + /* restart counting on rising edge */ + s->count_load_time = hvm_get_clock(); + pit_irq_timer_update(s, s->count_load_time); + } + /* XXX: disable/enable counting */ + break; + } + s->gate = val; +} + +int pit_get_gate(hvm_virpit *pit, int channel) +{ + PITChannelState *s = &pit->channels[channel]; + return s->gate; +} + +static inline void pit_load_count(PITChannelState *s, int val) +{ + if (val == 0) + val = 0x10000; + + s->count_load_time = hvm_get_clock(); + s->count = val; + s->period = DIV_ROUND(((s->count) * NSEC_PER_SEC), PIT_FREQ); + +#ifdef DEBUG_PIT + printk("HVM_PIT: pit-load-counter, count=0x%x,period=0x%u us,mode=%d, load_time=%lld\n", + val, + s->period / 1000, + s->mode, + s->count_load_time); +#endif + + if (s->mode == HVM_PIT_ACCEL_MODE) { + if (!s->hvm_time) { + printk("HVM_PIT:guest should only set mod 2 on channel 0!\n"); + return; + } + s->hvm_time->period_cycles = (u64)s->period * cpu_khz / 1000000L; + s->hvm_time->first_injected = 0; + + if (s->period < 900000) { /* < 0.9 ms */ + printk("HVM_PIT: guest programmed too small an count: %x\n", + s->count); + s->period = 1000000; + } + } + + pit_irq_timer_update(s, s->count_load_time); +} + +/* if already latched, do not latch again */ +static void pit_latch_count(PITChannelState *s) +{ + if (!s->count_latched) { + s->latched_count = pit_get_count(s); + s->count_latched = s->rw_mode; + } +} + +static void pit_ioport_write(void *opaque, u32 addr, u32 val) +{ + hvm_virpit *pit = opaque; + int channel, access; + PITChannelState *s; + val &= 0xff; + + addr &= 3; + if (addr == 3) { + channel = val >> 6; + if (channel == 3) { + /* read back command */ + for(channel = 0; channel < 3; channel++) { + s = &pit->channels[channel]; + if (val & (2 << channel)) { + if (!(val & 0x20)) { + pit_latch_count(s); + } + if (!(val & 0x10) && !s->status_latched) { + /* status latch */ + /* XXX: add BCD and null count */ + s->status = (pit_get_out1(s, hvm_get_clock()) << 7) | + (s->rw_mode << 4) | + (s->mode << 1) | + s->bcd; + s->status_latched = 1; + } + } + } + } else { + s = &pit->channels[channel]; + access = (val >> 4) & 3; + if (access == 0) { + pit_latch_count(s); + } else { + s->rw_mode = access; + s->read_state = access; + s->write_state = access; + + s->mode = (val >> 1) & 7; + s->bcd = val & 1; + /* XXX: update irq timer ? */ + } + } + } else { + s = &pit->channels[addr]; + switch(s->write_state) { + default: + case RW_STATE_LSB: + pit_load_count(s, val); + break; + case RW_STATE_MSB: + pit_load_count(s, val << 8); + break; + case RW_STATE_WORD0: + s->write_latch = val; + s->write_state = RW_STATE_WORD1; + break; + case RW_STATE_WORD1: + pit_load_count(s, s->write_latch | (val << 8)); + s->write_state = RW_STATE_WORD0; + break; + } + } +} + +static u32 pit_ioport_read(void *opaque, u32 addr) +{ + hvm_virpit *pit = opaque; + int ret, count; + PITChannelState *s; + + addr &= 3; + s = &pit->channels[addr]; + if (s->status_latched) { + s->status_latched = 0; + ret = s->status; + } else if (s->count_latched) { + switch(s->count_latched) { + default: + case RW_STATE_LSB: + ret = s->latched_count & 0xff; + s->count_latched = 0; + break; + case RW_STATE_MSB: + ret = s->latched_count >> 8; + s->count_latched = 0; + break; + case RW_STATE_WORD0: + ret = s->latched_count & 0xff; + s->count_latched = RW_STATE_MSB; + break; + } + } else { + switch(s->read_state) { + default: + case RW_STATE_LSB: + count = pit_get_count(s); + ret = count & 0xff; + break; + case RW_STATE_MSB: + count = pit_get_count(s); + ret = (count >> 8) & 0xff; + break; + case RW_STATE_WORD0: + count = pit_get_count(s); + ret = count & 0xff; + s->read_state = RW_STATE_WORD1; + break; + case RW_STATE_WORD1: + count = pit_get_count(s); + ret = (count >> 8) & 0xff; + s->read_state = RW_STATE_WORD0; + break; + } + } + return ret; +} + +static void pit_irq_timer_update(PITChannelState *s, s64 current_time) +{ + s64 expire_time; + int irq_level; + struct vcpu *v = current; + struct hvm_virpic *pic= &v->domain->arch.hvm_domain.vpic; + + if (!s->hvm_time || s->mode == 0xff) + return; + + expire_time = pit_get_next_transition_time(s, current_time); + /* not generate intr by direct pic_set_irq in mod 2 + * XXX:mod 3 should be same as mod 2 + */ + if (s->mode != HVM_PIT_ACCEL_MODE) { + irq_level = pit_get_out1(s, current_time); + pic_set_irq(pic, s->irq, irq_level); + s->next_transition_time = expire_time; +#ifdef DEBUG_PIT + printk("HVM_PIT:irq_level=%d next_delay=%l ns\n", + irq_level, + (expire_time - current_time)); +#endif + } + + if (expire_time > 0) + set_timer(&(s->hvm_time->pit_timer), s->next_transition_time); + +} + +static void pit_irq_timer(void *data) +{ + PITChannelState *s = data; + + pit_irq_timer_update(s, s->next_transition_time); +} + +static void pit_reset(void *opaque) +{ + hvm_virpit *pit = opaque; + PITChannelState *s; + int i; + + for(i = 0;i < 3; i++) { + s = &pit->channels[i]; + s->mode = 0xff; /* the init mode */ + s->gate = (i != 2); + pit_load_count(s, 0); + } +} + +/* hvm_io_assist light-weight version, specific to PIT DM */ +static void resume_pit_io(ioreq_t *p) +{ + struct cpu_user_regs *regs = guest_cpu_user_regs(); + unsigned long old_eax = regs->eax; + p->state = STATE_INVALID; + + switch(p->size) { + case 1: + regs->eax = (old_eax & 0xffffff00) | (p->u.data & 0xff); + break; + case 2: + regs->eax = (old_eax & 0xffff0000) | (p->u.data & 0xffff); + break; + case 4: + regs->eax = (p->u.data & 0xffffffff); + break; + default: + BUG(); + } +} + +/* the intercept action for PIT DM retval:0--not handled; 1--handled */ +int handle_pit_io(ioreq_t *p) +{ + struct vcpu *v = current; + struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + + if (p->size != 1 || + p->pdata_valid || + p->type != IOREQ_TYPE_PIO){ + printk("HVM_PIT:wrong PIT IO!\n"); + return 1; + } + + if (p->dir == 0) {/* write */ + pit_ioport_write(vpit, p->addr, p->u.data); + } else if (p->dir == 1) { /* read */ + p->u.data = pit_ioport_read(vpit, p->addr); + resume_pit_io(p); + } + + /* always return 1, since PIT sit in HV now */ + return 1; +} + +static void speaker_ioport_write(void *opaque, uint32_t addr, uint32_t val) +{ + hvm_virpit *pit = opaque; + val &= 0xff; + pit->speaker_data_on = (val >> 1) & 1; + pit_set_gate(pit, 2, val & 1); +} + +static uint32_t speaker_ioport_read(void *opaque, uint32_t addr) +{ + int out; + hvm_virpit *pit = opaque; + out = pit_get_out(pit, 2, hvm_get_clock()); + pit->dummy_refresh_clock ^= 1; + + return (pit->speaker_data_on << 1) | pit_get_gate(pit, 2) | (out << 5) | + (pit->dummy_refresh_clock << 4); +} + +int handle_speaker_io(ioreq_t *p) +{ + struct vcpu *v = current; + struct hvm_virpit *vpit = &(v->domain->arch.hvm_domain.vpit); + + if (p->size != 1 || + p->pdata_valid || + p->type != IOREQ_TYPE_PIO){ + printk("HVM_SPEAKER:wrong SPEAKER IO!\n"); + return 1; + } + + if (p->dir == 0) {/* write */ + speaker_ioport_write(vpit, p->addr, p->u.data); + } else if (p->dir == 1) {/* read */ + p->u.data = speaker_ioport_read(vpit, p->addr); + resume_pit_io(p); + } + + return 1; +} + +/* pick up missed timer ticks at deactive time */ +void pickup_deactive_ticks(struct hvm_virpit *vpit) +{ + s64 next_time; + PITChannelState *s = &(vpit->channels[0]); + if ( !active_timer(&(vpit->time_info.pit_timer)) ) { + next_time = pit_get_next_transition_time(s, s->next_transition_time); + if (next_time >= 0) + set_timer(&(s->hvm_time->pit_timer), s->next_transition_time); + } +} + +void pit_init(struct hvm_virpit *pit, struct vcpu *v) +{ + PITChannelState *s; + struct hvm_time_info *hvm_time; + + s = &pit->channels[0]; + /* the timer 0 is connected to an IRQ */ + s->irq = 0; + /* channel 0 need access the related time info for intr injection */ + hvm_time = s->hvm_time = &pit->time_info; + hvm_time->vcpu = v; + + init_timer(&(hvm_time->pit_timer), pit_irq_timer, s, v->processor); + + register_portio_handler(PIT_BASE, 4, handle_pit_io); + + /* register the speaker port */ + register_portio_handler(0x61, 1, handle_speaker_io); + + pit_reset(pit); + + return; + +} diff -r 9a915e2828f3 -r ae709b250f43 xen/include/asm-x86/percpu.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/include/asm-x86/percpu.h Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,20 @@ +#ifndef __X86_PERCPU_H__ +#define __X86_PERCPU_H__ + +#define PERCPU_SHIFT 12 +#define PERCPU_SIZE (1UL << PERCPU_SHIFT) + +/* Separate out the type, so (int[3], foo) works. */ +#define DEFINE_PER_CPU(type, name) \ + __attribute__((__section__(".data.percpu"))) \ + __typeof__(type) per_cpu__##name + +/* var is in discarded region: offset to particular copy we want */ +#define per_cpu(var, cpu) \ + (*RELOC_HIDE(&per_cpu__##var, ((unsigned int)(cpu))<<PERCPU_SHIFT)) +#define __get_cpu_var(var) \ + (per_cpu(var, smp_processor_id())) + +#define DECLARE_PER_CPU(type, name) extern __typeof__(type) per_cpu__##name + +#endif /* __X86_PERCPU_H__ */ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/xen/nmi.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/include/xen/nmi.h Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,29 @@ +/****************************************************************************** + * nmi.h + * + * Register and unregister NMI callbacks. + * + * Copyright (c) 2006, Ian Campbell <ian.campbell@xxxxxxxxxxxxx> + */ + +#ifndef __XEN_NMI_H__ +#define __XEN_NMI_H__ + +#include <asm/nmi.h> + +/** + * register_guest_nmi_callback + * + * The default NMI handler passes the NMI to a guest callback. This + * function registers the address of that callback. + */ +extern long register_guest_nmi_callback(unsigned long address); + +/** + * unregister_guest_nmi_callback + * + * Unregister a guest NMI handler. + */ +extern long unregister_guest_nmi_callback(void); + +#endif /* __XEN_NMI_H__ */ diff -r 9a915e2828f3 -r ae709b250f43 xen/include/xen/percpu.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/include/xen/percpu.h Tue Apr 25 23:35:55 2006 -0600 @@ -0,0 +1,15 @@ +#ifndef __XEN_PERCPU_H__ +#define __XEN_PERCPU_H__ + +#include <xen/config.h> +#include <xen/smp.h> +#include <asm/percpu.h> + +/* Preferred on Xen. Also see arch-defined per_cpu(). */ +#define this_cpu(var) __get_cpu_var(var) + +/* Linux compatibility. */ +#define get_cpu_var(var) this_cpu(var) +#define put_cpu_var(var) + +#endif /* __XEN_PERCPU_H__ */ diff -r 9a915e2828f3 -r ae709b250f43 tools/security/get_decision.c --- a/tools/security/get_decision.c Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,176 +0,0 @@ -/**************************************************************** - * get_decision.c - * - * Copyright (C) 2005 IBM Corporation - * - * Authors: - * Reiner Sailer <sailer@xxxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * An example program that shows how to retrieve an access control - * decision from the hypervisor ACM based on the currently active policy. - * - */ - -#include <unistd.h> -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> -#include <getopt.h> -#include <sys/mman.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <stdlib.h> -#include <sys/ioctl.h> -#include <string.h> -#include <netinet/in.h> -#include <xen/acm.h> -#include <xen/acm_ops.h> -#include <xen/linux/privcmd.h> - -#define PERROR(_m, _a...) \ -fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a , \ - errno, strerror(errno)) - -void usage(char *progname) -{ - printf("Use: %s \n", progname); - printf(" Test program illustrating the retrieval of\n"); - printf(" access control decisions from xen. At this time,\n"); - printf(" only sharing (STE) policy decisions are supported.\n"); - printf(" parameter options:\n"); - printf("\t -i domid -i domid\n"); - printf("\t -i domid -s ssidref\n"); - printf("\t -s ssidref -s ssidref\n\n"); - exit(-1); -} - -static inline int do_policycmd(int xc_handle, unsigned int cmd, - unsigned long data) -{ - return ioctl(xc_handle, cmd, data); -} - -static inline int do_xen_hypercall(int xc_handle, - privcmd_hypercall_t * hypercall) -{ - return do_policycmd(xc_handle, - IOCTL_PRIVCMD_HYPERCALL, - (unsigned long) hypercall); -} - -static inline int do_acm_op(int xc_handle, struct acm_op *op) -{ - int ret = -1; - privcmd_hypercall_t hypercall; - - op->interface_version = ACM_INTERFACE_VERSION; - - hypercall.op = __HYPERVISOR_acm_op; - hypercall.arg[0] = (unsigned long) op; - - if (mlock(op, sizeof(*op)) != 0) { - PERROR("Could not lock memory for Xen policy hypercall"); - goto out1; - } - - if ((ret = do_xen_hypercall(xc_handle, &hypercall)) < 0) { - if (errno == EACCES) - fprintf(stderr, "ACM operation failed -- need to" - " rebuild the user-space tool set?\n"); - goto out2; - } - - out2:(void) munlock(op, sizeof(*op)); - out1:return ret; -} - - -/************************ get decision ******************************/ - -/* this example uses two domain ids and retrieves the decision if these domains - * can share information (useful, i.e., to enforce policy onto network traffic in dom0 - */ -int acm_get_decision(int xc_handle, int argc, char *const argv[]) -{ - struct acm_op op; - int ret; - - op.cmd = ACM_GETDECISION; - op.interface_version = ACM_INTERFACE_VERSION; - op.u.getdecision.get_decision_by1 = UNSET; - op.u.getdecision.get_decision_by2 = UNSET; - op.u.getdecision.hook = SHARING; - - while (1) { - int c = getopt(argc, argv, "i:s:"); - if (c == -1) - break; - - if (c == 'i') { - if (op.u.getdecision.get_decision_by1 == UNSET) { - op.u.getdecision.get_decision_by1 = DOMAINID; - op.u.getdecision.id1.domainid = strtoul(optarg, NULL, 0); - } else if (op.u.getdecision.get_decision_by2 == UNSET) { - op.u.getdecision.get_decision_by2 = DOMAINID; - op.u.getdecision.id2.domainid = strtoul(optarg, NULL, 0); - } else - usage(argv[0]); - } else if (c == 's') { - if (op.u.getdecision.get_decision_by1 == UNSET) { - op.u.getdecision.get_decision_by1 = SSIDREF; - op.u.getdecision.id1.ssidref = strtoul(optarg, NULL, 0); - } else if (op.u.getdecision.get_decision_by2 == UNSET) { - op.u.getdecision.get_decision_by2 = SSIDREF; - op.u.getdecision.id2.ssidref = strtoul(optarg, NULL, 0); - } else - usage(argv[0]); - } else - usage(argv[0]); - } - if ((op.u.getdecision.get_decision_by1 == UNSET) || - (op.u.getdecision.get_decision_by2 == UNSET)) - usage(argv[0]); - - if ((ret = do_acm_op(xc_handle, &op))) { - printf("%s: Error getting decision (%d).\n", __func__, ret); - printf("%s: decision = %s.\n", __func__, - (op.u.getdecision.acm_decision == - ACM_ACCESS_PERMITTED) ? "PERMITTED" : ((op.u.getdecision. - acm_decision == - ACM_ACCESS_DENIED) - ? "DENIED" : - "ERROR")); - return ret; - } - return op.u.getdecision.acm_decision; -} - -/***************************** main **************************************/ - -int main(int argc, char **argv) -{ - - int acm_cmd_fd, ret = 0; - - if (argc < 5) - usage(argv[0]); - - if ((acm_cmd_fd = open("/proc/xen/privcmd", O_RDONLY)) <= 0) { - printf("ERROR: Could not open xen privcmd device!\n"); - exit(-1); - } - - ret = acm_get_decision(acm_cmd_fd, argc, argv); - - printf("Decision: %s (%d)\n", - (ret == ACM_ACCESS_PERMITTED) ? "PERMITTED" : - ((ret == ACM_ACCESS_DENIED) ? "DENIED" : "ERROR"), ret); - - close(acm_cmd_fd); - return ret; -} diff -r 9a915e2828f3 -r ae709b250f43 tools/security/getlabel.sh --- a/tools/security/getlabel.sh Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,94 +0,0 @@ -#!/bin/sh -# * -# * getlabel -# * -# * Copyright (C) 2005 IBM Corporation -# * -# * Authors: -# * Stefan Berger <stefanb@xxxxxxxxxx> -# * -# * This program is free software; you can redistribute it and/or -# * modify it under the terms of the GNU General Public License as -# * published by the Free Software Foundation, version 2 of the -# * License. -# * -# * 'getlabel' tries to find the labels corresponding to the ssidref -# * -# * 'getlabel -?' shows the usage of the program -# * -# * 'getlabel -sid <ssidref> [<policy name>]' lists the label corresponding -# * to the given ssidref. -# * -# * 'getlabel -dom <domain id> [<policy name>]' lists the label of the -# * domain with given id -# * -# - -if [ -z "$runbash" ]; then - runbash="1" - export runbash - exec sh -c "bash $0 $*" -fi - - -export PATH=$PATH:. -dir=`dirname $0` -source $dir/labelfuncs.sh - -usage () -{ - prg=`basename $0` -echo "Use this tool to display the label of a domain or the label that is -corresponding to an ssidref given the name of the running policy. - -Usage: $prg -sid <ssidref> [<policy name> [<policy dir>]] or - $prg -dom <domid> [<policy name> [<policy dir>]] - -policy name : the name of the policy, i.e. 'chwall' - If the policy name is omitted, the grub.conf - entry of the running system is tried to be read - and the policy name determined from there. -policy dir : the directory where the <policy name> policy is located - The default location is '/etc/xen/acm-security/policies' -ssidref : an ssidref in hex or decimal format, i.e., '0x00010002' - or '65538' -domid : id of the domain, i.e., '1'; Use numbers from the 2nd - column shown when invoking 'xm list' -" -} - - - -if [ "$1" == "-h" ]; then - usage - exit 0 -elif [ "$1" == "-dom" ]; then - mode="domid" - shift -elif [ "$1" == "-sid" ]; then - mode="sid" - shift -else - usage - exit -1 -fi - -setPolicyVars $2 $3 -findMapFile $policy $policydir -ret=$? -if [ $ret -eq 0 ]; then - echo "Could not find map file for policy '$policy'." - exit -1 -fi - -if [ "$mode" == "domid" ]; then - getSSIDUsingSecpolTool $1 - ret=$? - if [ $ret -eq 0 ]; then - echo "Could not determine the SSID of the domain." - exit -1 - fi - translateSSIDREF $ssid $mapfile -else # mode == sid - translateSSIDREF $1 $mapfile -fi diff -r 9a915e2828f3 -r ae709b250f43 tools/security/labelfuncs.sh --- a/tools/security/labelfuncs.sh Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,799 +0,0 @@ -# * -# * labelfuncs.sh -# * -# * Copyright (C) 2005 IBM Corporation -# * -# * Authors: -# * Stefan Berger <stefanb@xxxxxxxxxx> -# * -# * This program is free software; you can redistribute it and/or -# * modify it under the terms of the GNU General Public License as -# * published by the Free Software Foundation, version 2 of the -# * License. -# * -# * -# * A collection of functions to handle polcies, mapfiles, -# * and ssidrefs. -# - - -#Some global variables for tools using this module -ACM_DEFAULT_ROOT="/etc/xen/acm-security" - -# Set the policy and policydir variables -# Parameters: -# 1st : possible policy name -# 2nd : possible policy directory -# Results: -# The variables policy and policydir will hold the values for locating -# policy information -# If there are no errors, the functions returns a '1', -# a '0' otherwise. -setPolicyVars () -{ - local ret - # Set default values - policydir="$ACM_DEFAULT_ROOT/policies" - policy="" - - if [ "$1" == "" ]; then - findGrubConf - ret=$? - if [ $ret -eq 0 ]; then - echo "Could not find grub.conf." - return 0; - fi - findPolicyInGrub $grubconf - if [ "$policy" == "" ]; then - echo "Could not find policy in grub.conf. Looked for entry using kernel $linux." - return 0; - fi - echo "Assuming policy to be '$policy'."; - else - policy=$1 - if [ "$2" != "" ]; then - policydir=$2 - fi - fi - - return 1 -} - -# Find the mapfile given a policy nmame -# Parameters: -# 1st : the name of the policy whose map file is to be found, i.e., -# chwall -# 2nd : the policy directory for locating the map file -# Results: -# The variable mapfile will hold the realtive path to the mapfile -# for the given policy. -# In case the mapfile could be found, the functions returns a '1', -# a '0' otherwise. -findMapFile () -{ - mapfile="$2/$1/$1.map" - if [ -r "$mapfile" ]; then - return 1 - fi - return 0 -} - - -# Determine the name of the primary policy -# Parameters -# 1st : the path to the mapfile; the path may be relative -# to the current directory -# Results -# The variable primary will hold the name of the primary policy -getPrimaryPolicy () -{ - local mapfile=$1 - primary=`cat $mapfile | \ - awk ' \ - { \ - if ( $1 == "PRIMARY" ) { \ - res=$2; \ - } \ - } END { \ - print res; \ - } '` -} - - -# Determine the name of the secondary policy -# Parameters -# 1st : the path to the mapfile; the path may be relative -# to the current directory -# Results -# The variable secondary will hold the name of the secondary policy -getSecondaryPolicy () -{ - local mapfile=$1 - secondary=`cat $mapfile | \ - awk ' \ - { \ - if ( $1 == "SECONDARY" ) { \ - res=$2; \ - } \ - } END { \ - print res; \ - } '` -} - - -#Return where the grub.conf file is. -#I only know of one place it can be. -#Returns: -# 1 : if the file is writeable and readable -# 2 : if the file is only readable -# 0 : if the file does not exist -findGrubConf() -{ - grubconf="/boot/grub/grub.conf" - if [ -w $grubconf ]; then - return 1 - fi - if [ -r $grubconf ]; then - return 2 - fi - return 0 -} - - -# This function sets the global variable 'linux' -# to the name and version of the Linux kernel that was compiled -# for domain 0. -# If this variable could not be found, the variable 'linux' -# will hold a pattern -# Parameters: -# 1st: the path to reach the root directory of the XEN build tree -# where linux-*-xen0 is located at -# Results: -# The variable linux holds then name and version of the compiled -# kernel, i.e., 'vmlinuz-2.6.12-xen0' -getLinuxVersion () -{ - local path - local versionfile - local lnx - if [ "$1" == "" ]; then - path="/lib/modules/*-xen0" - else - path="/lib/modules/$1" - fi - - linux="" - for f in $path/linux-*-xen0 ; do - versionfile=$f/build/include/linux/version.h - if [ -r $versionfile ]; then - lnx=`cat $versionfile | \ - grep UTS_RELEASE | \ - awk '{ \ - len=length($3); \ - version=substr($3,2,len-2); \ - split(version,numbers,"."); \ - if (numbers[4]=="") { \ - printf("%s.%s.%s", \ - numbers[1], \ - numbers[2], \ - numbers[3]); \ - } else { \ - printf("%s.%s.%s[.0-9]*-xen0",\ - numbers[1], \ - numbers[2], \ - numbers[3]); \ - } \ - }'` - fi - if [ "$lnx" != "" ]; then - linux="[./0-9a-zA-z]*$lnx" - return; - fi - done - - #Last resort. - linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$" -} - - -# Find out with which policy the hypervisor was booted with. -# Parameters -# 1st : The complete path to grub.conf, i.e., /boot/grub/grub.conf -# Result: -# Sets the variable 'policy' to the name of the policy -findPolicyInGrub () -{ - local grubconf=$1 - local linux=`uname -r` - policy=`cat $grubconf | \ - awk -vlinux=$linux '{ \ - if ( $1 == "title" ) { \ - kernelfound = 0; \ - policymaycome = 0; \ - } \ - else if ( $1 == "kernel" ) { \ - if ( match($2,"xen.gz$") ) { \ - pathlen=RSTART; \ - kernelfound = 1; \ - } \ - } \ - else if ( $1 == "module" && \ - kernelfound == 1 && \ - match($2,linux) ) { \ - policymaycome = 1; \ - } \ - else if ( $1 == "module" && \ - kernelfound == 1 && \ - policymaycome == 1 && \ - match($2,"[0-9a-zA-Z_]*.bin$") ) { \ - policymaycome = 0; \ - kernelfound = 0; \ - polname = substr($2,pathlen); \ - len=length(polname); \ - polname = substr(polname,0,len-4); \ - } \ - } END { \ - print polname \ - }'` -} - - -# Get the SSID of a domain -# Parameters: -# 1st : domain ID, i.e. '1' -# Results -# If the ssid could be found, the variable 'ssid' will hold -# the currently used ssid in the hex format, i.e., '0x00010001'. -# The funtion returns '1' on success, '0' on failure -getSSIDUsingSecpolTool () -{ - local domid=$1 - export PATH=$PATH:. - ssid=`xensec_tool getssid -d $domid -f | \ - grep -E "SSID:" | \ - awk '{ print $4 }'` - - if [ "$ssid" != "" ]; then - return 1 - fi - return 0 -} - - -# Break the ssid identifier into its high and low values, -# which are equal to the secondary and primary policy references. -# Parameters: -# 1st: ssid to break into high and low value, i.e., '0x00010002' -# Results: -# The variable ssidlo_int and ssidhi_int will hold the low and -# high ssid values as integers. -getSSIDLOHI () -{ - local ssid=$1 - ssidlo_int=`echo $ssid | awk \ - '{ \ - len=length($0); \ - beg=substr($0,1,2); \ - if ( beg == "0x" ) { \ - dig = len - 2; \ - if (dig <= 0) { \ - exit; \ - } \ - if (dig > 4) { \ - dig=4; \ - } \ - lo=sprintf("0x%s",substr($0,len-dig+1,dig)); \ - print strtonum(lo);\ - } else { \ - lo=strtonum($0); \ - if (lo < 65536) { \ - print lo; \ - } else { \ - hi=lo; \ - hi2= (hi / 65536);\ - hi2_str=sprintf("%d",hi2); \ - hi2=strtonum(hi2_str);\ - lo=hi-(hi2*65536); \ - printf("%d",lo); \ - } \ - } \ - }'` - ssidhi_int=`echo $ssid | awk \ - '{ \ - len=length($0); \ - beg=substr($0,1,2); \ - if ( beg == "0x" ) { \ - dig = len - 2; \ - if (dig <= 0 || \ - dig > 8) { \ - exit; \ - } \ - if (dig < 4) { \ - print 0; \ - exit; \ - } \ - dig -= 4; \ - hi=sprintf("0x%s",substr($0,len-4-dig+1,dig)); \ - print strtonum(hi);\ - } else { \ - hi=strtonum($0); \ - if (hi >= 65536) { \ - hi = hi / 65536; \ - printf ("%d",hi);\ - } else { \ - printf ("0"); \ - } \ - } \ - }'` - if [ "$ssidhi_int" == "" -o \ - "$ssidlo_int" == "" ]; then - return 0; - fi - return 1 -} - - -#Update the grub configuration file. -#Search for existing entries and replace the current -#policy entry with the policy passed to this script -# -#Arguments passed to this function -# 1st : the grub configuration file with full path -# 2nd : the binary policy file name, i.e. chwall.bin -# 3rd : the name or pattern of the linux kernel name to match -# (this determines where the module entry will be made) -# -# The algorithm here is based on pattern matching -# and is working correctly if -# - under a title a line beginning with 'kernel' is found -# whose following item ends with "xen.gz" -# Example: kernel /xen.gz dom0_mem=.... -# - a module line matching the 3rd parameter is found -# -updateGrub () -{ - local grubconf=$1 - local policyfile=$2 - local linux=$3 - - local tmpfile="/tmp/new_grub.conf" - - cat $grubconf | \ - awk -vpolicy=$policyfile \ - -vlinux=$linux '{ \ - if ( $1 == "title" ) { \ - kernelfound = 0; \ - if ( policymaycome == 1 ){ \ - printf ("\tmodule %s%s\n", path, policy); \ - } \ - policymaycome = 0; \ - } \ - else if ( $1 == "kernel" ) { \ - if ( match($2,"xen.gz$") ) { \ - path=substr($2,1,RSTART-1); \ - kernelfound = 1; \ - } \ - } \ - else if ( $1 == "module" && \ - kernelfound == 1 && \ - match($2,linux) ) { \ - policymaycome = 1; \ - } \ - else if ( $1 == "module" && \ - kernelfound == 1 && \ - policymaycome == 1 && \ - match($2,"[0-9a-zA-Z]*.bin$") ) { \ - printf ("\tmodule %s%s\n", path, policy); \ - policymaycome = 0; \ - kernelfound = 0; \ - dontprint = 1; \ - } \ - else if ( $1 == "" && \ - kernelfound == 1 && \ - policymaycome == 1) { \ - dontprint = 1; \ - } \ - if (dontprint == 0) { \ - printf ("%s\n", $0); \ - } \ - dontprint = 0; \ - } END { \ - if ( policymaycome == 1 ) { \ - printf ("\tmodule %s%s\n", path, policy); \ - } \ - }' > $tmpfile - if [ ! -r $tmpfile ]; then - echo "Could not create temporary file! Aborting." - exit -1 - fi - diff $tmpfile $grubconf > /dev/null - RES=$? - if [ "$RES" == "0" ]; then - echo "No changes were made to $grubconf." - else - echo "Successfully updated $grubconf." - mv -f $tmpfile $grubconf - fi -} - - -#Compile a policy into its binary representation -# Parameters: -# 1st: The directory where the ./policies directory is located at -# 2nd: The name of the policy -genBinPolicy () -{ - local root=$1 - local policy=$2 - pushd $root > /dev/null - xensec_xml2bin -d policies $policy > /dev/null - popd > /dev/null -} - - -# Copy the bootpolicy into the destination directory -# Generate the policy's .bin and .map files if necessary -# Parameters: -# 1st: Destination directory -# 2nd: The root directory of the security tools; this is where the -# policies directory is located at -# 3rd: The policy name -# Returns '1' on success, '0' on failure. -cpBootPolicy () -{ - local dest=$1 - local root=$2 - local policy=$3 - local binfile=$root/policies/$policy/$policy.bin - local dstfile=$dest/$policy.bin - if [ ! -e $binfile ]; then - genBinPolicy $root $policy - if [ ! -e $binfile ]; then - echo "Could not compile policy '$policy'." - return 0 - fi - fi - - if [ ! -e $dstfile -o \ - $binfile -nt $dstfile ]; then - cp -f $binfile $dstfile - fi - return 1 -} - - -# Display all the labels in a given mapfile -# Parameters -# 1st: Full or relative path to the policy's mapfile -showLabels () -{ - local mapfile=$1 - local line - local ITEM - local found=0 - - if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then - echo "Cannot read from vm configuration file $vmfile." - return -1 - fi - - getPrimaryPolicy $mapfile - getSecondaryPolicy $mapfile - - echo "The following labels are available:" - let line=1 - while [ 1 ]; do - ITEM=`cat $mapfile | \ - awk -vline=$line \ - -vprimary=$primary \ - '{ \ - if ($1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == primary ) { \ - ctr++; \ - if (ctr == line) { \ - print $4; \ - } \ - } \ - } END { \ - }'` - - if [ "$ITEM" == "" ]; then - break - fi - if [ "$secondary" != "NULL" ]; then - LABEL=`cat $mapfile | \ - awk -vitem=$ITEM \ - '{ - if ($1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == "CHWALL" && \ - $4 == item ) { \ - result = item; \ - } \ - } END { \ - print result \ - }'` - else - LABEL=$ITEM - fi - - if [ "$LABEL" != "" ]; then - echo "$LABEL" - found=1 - fi - let line=line+1 - done - if [ "$found" != "1" ]; then - echo "No labels found." - fi -} - - -# Get the default SSID given a mapfile and the policy name -# Parameters -# 1st: Full or relative path to the policy's mapfile -# 2nd: the name of the policy -getDefaultSsid () -{ - local mapfile=$1 - local pol=$2 - RES=`cat $mapfile \ - awk -vpol=$pol \ - { \ - if ($1 == "LABEL->SSID" && \ - $2 == "ANY" && \ - $3 == pol && \ - $4 == "DEFAULT" ) {\ - res=$5; \ - } \ - } END { \ - printf "%04x", strtonum(res) \ - }'` - echo "default NULL mapping is $RES" - defaultssid=$RES -} - - -#Relabel a VM configuration file -# Parameters -# 1st: Full or relative path to the VM configuration file -# 2nd: The label to translate into an ssidref -# 3rd: Full or relative path to the policy's map file -# 4th: The mode this function is supposed to operate in: -# 'relabel' : Relabels the file without querying the user -# other : Prompts the user whether to proceed -relabel () -{ - local vmfile=$1 - local label=$2 - local mapfile=$3 - local mode=$4 - local SSIDLO - local SSIDHI - local RES - - if [ ! -r "$vmfile" ]; then - echo "Cannot read from vm configuration file $vmfile." - return -1 - fi - - if [ ! -w "$vmfile" ]; then - echo "Cannot write to vm configuration file $vmfile." - return -1 - fi - - if [ ! -r "$mapfile" ] ; then - echo "Cannot read mapping file $mapfile." - return -1 - fi - - # Determine which policy is primary, which sec. - getPrimaryPolicy $mapfile - getSecondaryPolicy $mapfile - - # Calculate the primary policy's SSIDREF - if [ "$primary" == "NULL" ]; then - SSIDLO="0001" - else - SSIDLO=`cat $mapfile | \ - awk -vlabel=$label \ - -vprimary=$primary \ - '{ \ - if ( $1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == primary && \ - $4 == label ) { \ - result=$5 \ - } \ - } END { \ - if (result != "" ) \ - {printf "%04x", strtonum(result)}\ - }'` - fi - - # Calculate the secondary policy's SSIDREF - if [ "$secondary" == "NULL" ]; then - if [ "$primary" == "NULL" ]; then - SSIDHI="0001" - else - SSIDHI="0000" - fi - else - SSIDHI=`cat $mapfile | \ - awk -vlabel=$label \ - -vsecondary=$secondary \ - '{ \ - if ( $1 == "LABEL->SSID" && \ - $2 == "VM" && \ - $3 == secondary && \ - $4 == label ) { \ - result=$5 \ - } \ - } END { \ - if (result != "" ) \ - {printf "%04x", strtonum(result)}\ - }'` - fi - - if [ "$SSIDLO" == "" -o \ - "$SSIDHI" == "" ]; then - echo "Could not map the given label '$label'." - return -1 - fi - - ACM_POLICY=`cat $mapfile | \ - awk ' { if ( $1 == "POLICY" ) { \ - result=$2 \ - } \ - } \ - END { \ - if (result != "") { \ - printf result \ - } \ - }'` - - if [ "$ACM_POLICY" == "" ]; then - echo "Could not find 'POLICY' entry in map file." - return -1 - fi - - SSIDREF="0x$SSIDHI$SSIDLO" - - if [ "$mode" != "relabel" ]; then - RES=`cat $vmfile | \ - awk '{ \ - if ( substr($1,0,7) == "ssidref" ) {\ - print $0; \ - } \ - }'` - if [ "$RES" != "" ]; then - echo "Do you want to overwrite the existing mapping ($RES)? (y/N)" - read user - if [ "$user" != "y" -a "$user" != "Y" ]; then - echo "Aborted." - return 0 - fi - fi - fi - - #Write the output - local vmtmp1="/tmp/__setlabel.tmp1" - local vmtmp2="/tmp/__setlabel.tmp2" - touch $vmtmp1 - touch $vmtmp2 - if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then - echo "Cannot create temporary files. Aborting." - return -1 - fi - RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1` - RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2` - RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1` - echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1 - echo "#ACM_LABEL=$label" >> $vmtmp1 - echo "ssidref = $SSIDREF" >> $vmtmp1 - mv -f $vmtmp1 $vmfile - rm -rf $vmtmp1 $vmtmp2 - echo "Mapped label '$label' to ssidref '$SSIDREF'." -} - - -# Translate an ssidref into its label. This does the reverse lookup -# to the relabel function above. -# This function displays the results. -# Parameters: -# 1st: The ssidref to translate; must be in the form '0x00010002' -# 2nd: Full or relative path to the policy's mapfile -translateSSIDREF () -{ - local ssidref=$1 - local mapfile=$2 - local line1 - local line2 - - if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then - echo "Cannot read from vm configuration file $vmfile." - return -1 - fi - - getPrimaryPolicy $mapfile - getSecondaryPolicy $mapfile - - if [ "$primary" == "NULL" -a "$secondary" == "NULL" ]; then - echo "There are no labels for the NULL policy." - return - fi - - getSSIDLOHI $ssidref - ret=$? - if [ $ret -ne 1 ]; then - echo "Error while parsing the ssid ref number '$ssidref'." - fi; - - let line1=0 - let line2=0 - while [ 1 ]; do - ITEM1=`cat $mapfile | \ - awk -vprimary=$primary \ - -vssidlo=$ssidlo_int \ - -vline=$line1 \ - '{ \ - if ( $1 == "LABEL->SSID" && \ - $3 == primary && \ - int($5) == ssidlo ) { \ - if (l == line) { \ - print $4; \ - exit; \ - } \ - l++; \ - } \ - }'` - - ITEM2=`cat $mapfile | \ - awk -vsecondary=$secondary \ - -vssidhi=$ssidhi_int \ - -vline=$line2 \ - '{ \ - if ( $1 == "LABEL->SSID" && \ - $3 == secondary && \ - int($5) == ssidhi ) { \ - if (l == line) { \ - print $4; \ - exit; \ - } \ - l++; \ - } \ - }'` - - if [ "$secondary" != "NULL" ]; then - if [ "$ITEM1" == "" ]; then - let line1=0 - let line2=line2+1 - else - let line1=line1+1 - fi - - if [ "$ITEM1" == "" -a \ - "$ITEM2" == "" ]; then - echo "Could not determine the referenced label." - break - fi - - if [ "$ITEM1" == "$ITEM2" ]; then - echo "Label: $ITEM1" - break - fi - else - if [ "$ITEM1" != "" ]; then - echo "Label: $ITEM1" - else - if [ "$found" == "0" ]; then - found=1 - else - break - fi - fi - let line1=line1+1 - fi - done -} diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/chwall/chwall-security_label_template.xml --- a/tools/security/policies/chwall/chwall-security_label_template.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,76 +0,0 @@ -<?xml version="1.0"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security labels, which can --> -<!-- be attached to Domains and resources. Based on --> -<!-- these labels, the access control module decides --> -<!-- about sharing between Domains and about access --> -<!-- of Domains to real resources. --> - -<SecurityLabelTemplate - xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> - <LabelHeader> - <Name>chwall-security_label_template</Name> - <Date>2005-08-10</Date> - <PolicyName> - <Url>chwall-security_policy.xml</Url> - <Reference>abcdef123456abcdef</Reference> - </PolicyName> - </LabelHeader> - - <SubjectLabels bootstrap="dom_SystemManagement"> - <!-- single ste typed domains --> - <!-- ACM enforces that only domains with --> - <!-- the same type can share information --> - <!-- --> - <!-- Bootstrap label is assigned to Dom0 --> - <VirtualMachineLabel> - <Name>dom_HomeBanking</Name> - <ChineseWallTypes> - <Type>cw_Sensitive</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>dom_Fun</Name> - <ChineseWallTypes> - <Type>cw_Distrusted</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- donating some cycles to seti@home --> - <Name>dom_BoincClient</Name> - <ChineseWallTypes> - <Type>cw_Isolated</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <!-- Domains with multiple ste types services; such domains --> - <!-- must keep the types inside their domain safely confined. --> - <VirtualMachineLabel> - <Name>dom_SystemManagement</Name> - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves persistent storage to other domains --> - <Name>dom_StorageDomain</Name> - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves network access to other domains --> - <Name>dom_NetworkDomain</Name> - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - </SubjectLabels> -</SecurityLabelTemplate> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/chwall/chwall-security_policy.xml --- a/tools/security/policies/chwall/chwall-security_policy.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,36 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security policies, which --> -<!-- can be enforced by the Xen Access Control Module. --> -<!-- Currently: Chinese Wall and Simple Type Enforcement--> -<SecurityPolicyDefinition xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> -<PolicyHeader> - <Name>chwall-security_policy</Name> - <Date>2005-08-10</Date> -</PolicyHeader> -<!-- --> -<!-- example of a chinese wall type definition --> -<!-- along with its conflict sets --> -<!-- (typse in a confict set are exclusive, i.e. --> -<!-- once a Domain with one type of a set is --> -<!-- running, no other Domain with another type --> -<!-- of the same conflict set can start.) --> - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - <Type>cw_Sensitive</Type> - <Type>cw_Isolated</Type> - <Type>cw_Distrusted</Type> - </ChineseWallTypes> - - <ConflictSets> - <Conflict name="Protection1"> - <Type>cw_Sensitive</Type> - <Type>cw_Distrusted</Type> - </Conflict> - </ConflictSets> - </ChineseWall> -</SecurityPolicyDefinition> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml --- a/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,167 +0,0 @@ -<?xml version="1.0"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security labels, which can --> -<!-- be attached to Domains and resources. Based on --> -<!-- these labels, the access control module decides --> -<!-- about sharing between Domains and about access --> -<!-- of Domains to real resources. --> - -<SecurityLabelTemplate - xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> - <LabelHeader> - <Name>chwall_ste-security_label_template</Name> - <Date>2005-08-10</Date> - <PolicyName> - <Url>chwall_ste-security_policy.xml</Url> - <Reference>abcdef123456abcdef</Reference> - </PolicyName> - </LabelHeader> - - <SubjectLabels bootstrap="dom_SystemManagement"> - <!-- single ste typed domains --> - <!-- ACM enforces that only domains with --> - <!-- the same type can share information --> - <!-- --> - <!-- Bootstrap label is assigned to Dom0 --> - <VirtualMachineLabel> - <Name>dom_HomeBanking</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_Sensitive</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>dom_Fun</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_Distrusted</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- donating some cycles to seti@home --> - <Name>dom_BoincClient</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_DonatedCycles</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_Isolated</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <!-- Domains with multiple ste types services; such domains --> - <!-- must keep the types inside their domain safely confined. --> - <VirtualMachineLabel> - <Name>dom_SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <!-- since dom0 needs access to every domain and --> - <!-- resource right now ... --> - <Type>ste_SystemManagement</Type> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - <Type>ste_DonatedCycles</Type> - <Type>ste_PersistentStorageA</Type> - <Type>ste_NetworkAdapter0</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves persistent storage to other domains --> - <Name>dom_StorageDomain</Name> - <SimpleTypeEnforcementTypes> - <!-- access right to the resource (hard drive a) --> - <Type>ste_PersistentStorageA</Type> - <!-- can serve following types --> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves network access to other domains --> - <Name>dom_NetworkDomain</Name> - <SimpleTypeEnforcementTypes> - <!-- access right to the resource (ethernet card) --> - <Type>ste_NetworkAdapter0</Type> - <!-- can serve following types --> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - <Type>ste_DonatedCycles</Type> - </SimpleTypeEnforcementTypes> - - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - </ChineseWallTypes> - </VirtualMachineLabel> - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>res_ManagementResource</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_HardDrive (hda)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersistentStorageA</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_LogicalDiskPartition1 (hda1)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_LogicalDiskPartition2 (hda2)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_EthernetCard</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_NetworkAdapter0</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_SecurityToken</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_GraphicsAdapter</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - </ObjectLabels> -</SecurityLabelTemplate> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/chwall_ste/chwall_ste-security_policy.xml --- a/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,49 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security policies, which --> -<!-- can be enforced by the Xen Access Control Module. --> -<!-- Currently: Chinese Wall and Simple Type Enforcement--> -<SecurityPolicyDefinition xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> -<PolicyHeader> - <Name>chwall_ste-security_policy</Name> - <Date>2005-08-10</Date> -</PolicyHeader> -<!-- --> -<!-- example of a simple type enforcement policy definition --> -<!-- --> - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> <!-- machine/security management --> - <Type>ste_PersonalFinances</Type> <!-- personal finances --> - <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. --> - <Type>ste_DonatedCycles</Type> <!-- donation to BOINC/seti@home --> - <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A--> - <Type>ste_NetworkAdapter0</Type> <!-- type of the domain managing ethernet adapter 0--> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> -<!-- --> -<!-- example of a chinese wall type definition --> -<!-- along with its conflict sets --> -<!-- (typse in a confict set are exclusive, i.e. --> -<!-- once a Domain with one type of a set is --> -<!-- running, no other Domain with another type --> -<!-- of the same conflict set can start.) --> - <ChineseWall priority="PrimaryPolicyComponent"> - <ChineseWallTypes> - <Type>cw_SystemManagement</Type> - <Type>cw_Sensitive</Type> - <Type>cw_Isolated</Type> - <Type>cw_Distrusted</Type> - </ChineseWallTypes> - - <ConflictSets> - <Conflict name="Protection1"> - <Type>cw_Sensitive</Type> - <Type>cw_Distrusted</Type> - </Conflict> - </ConflictSets> - </ChineseWall> -</SecurityPolicyDefinition> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/null/null-security_label_template.xml --- a/tools/security/policies/null/null-security_label_template.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -<?xml version="1.0"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security labels, which can --> -<!-- be attached to Domains and resources. Based on --> -<!-- these labels, the access control module decides --> -<!-- about sharing between Domains and about access --> -<!-- of Domains to real resources. --> - -<SecurityLabelTemplate - xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> - <LabelHeader> - <Name>null-security_label_template</Name> - - <Date>2005-08-10</Date> - <PolicyName> - <Url>null-security_policy.xml</Url> - - <Reference>abcdef123456abcdef</Reference> - </PolicyName> - </LabelHeader> -</SecurityLabelTemplate> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/null/null-security_policy.xml --- a/tools/security/policies/null/null-security_policy.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,14 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security policies, which --> -<!-- can be enforced by the Xen Access Control Module. --> -<!-- Currently: Chinese Wall and Simple Type Enforcement--> -<SecurityPolicyDefinition xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> -<PolicyHeader> - <Name>null-security_policy</Name> - <Date>2005-08-10</Date> -</PolicyHeader> -</SecurityPolicyDefinition> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/ste/ste-security_label_template.xml --- a/tools/security/policies/ste/ste-security_label_template.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,143 +0,0 @@ -<?xml version="1.0"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security labels, which can --> -<!-- be attached to Domains and resources. Based on --> -<!-- these labels, the access control module decides --> -<!-- about sharing between Domains and about access --> -<!-- of Domains to real resources. --> - -<SecurityLabelTemplate - xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> - <LabelHeader> - <Name>ste-security_label_template</Name> - <Date>2005-08-10</Date> - <PolicyName> - <Url>ste-security_policy.xml</Url> - <Reference>abcdef123456abcdef</Reference> - </PolicyName> - </LabelHeader> - - <SubjectLabels bootstrap="dom_SystemManagement"> - <!-- single ste typed domains --> - <!-- ACM enforces that only domains with --> - <!-- the same type can share information --> - <!-- --> - <!-- Bootstrap label is assigned to Dom0 --> - <VirtualMachineLabel> - <Name>dom_HomeBanking</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <Name>dom_Fun</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- donating some cycles to seti@home --> - <Name>dom_BoincClient</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_DonatedCycles</Type> - </SimpleTypeEnforcementTypes> - </VirtualMachineLabel> - - <!-- Domains with multiple ste types services; such domains --> - <!-- must keep the types inside their domain safely confined. --> - <VirtualMachineLabel> - <Name>dom_SystemManagement</Name> - <SimpleTypeEnforcementTypes> - <!-- since dom0 needs access to every domain and --> - <!-- resource right now ... --> - <Type>ste_SystemManagement</Type> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - <Type>ste_DonatedCycles</Type> - <Type>ste_PersistentStorageA</Type> - <Type>ste_NetworkAdapter0</Type> - </SimpleTypeEnforcementTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves persistent storage to other domains --> - <Name>dom_StorageDomain</Name> - <SimpleTypeEnforcementTypes> - <!-- access right to the resource (hard drive a) --> - <Type>ste_PersistentStorageA</Type> - <!-- can serve following types --> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - </VirtualMachineLabel> - - <VirtualMachineLabel> - <!-- serves network access to other domains --> - <Name>dom_NetworkDomain</Name> - <SimpleTypeEnforcementTypes> - <!-- access right to the resource (ethernet card) --> - <Type>ste_NetworkAdapter0</Type> - <!-- can serve following types --> - <Type>ste_PersonalFinances</Type> - <Type>ste_InternetInsecure</Type> - <Type>ste_DonatedCycles</Type> - </SimpleTypeEnforcementTypes> - </VirtualMachineLabel> - </SubjectLabels> - - <ObjectLabels> - <ResourceLabel> - <Name>res_ManagementResource</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_HardDrive (hda)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersistentStorageA</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_LogicalDiskPartition1 (hda1)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_LogicalDiskPartition2 (hda2)</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_InternetInsecure</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_EthernetCard</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_NetworkAdapter0</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_SecurityToken</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_PersonalFinances</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - - <ResourceLabel> - <Name>res_GraphicsAdapter</Name> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> - </SimpleTypeEnforcementTypes> - </ResourceLabel> - </ObjectLabels> -</SecurityLabelTemplate> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/policies/ste/ste-security_policy.xml --- a/tools/security/policies/ste/ste-security_policy.xml Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com --> -<!-- This file defines the security policies, which --> -<!-- can be enforced by the Xen Access Control Module. --> -<!-- Currently: Chinese Wall and Simple Type Enforcement--> -<SecurityPolicyDefinition xmlns="http://www.ibm.com"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://www.ibm.com security_policy.xsd"> -<PolicyHeader> - <Name>ste-security_policy</Name> - <Date>2005-08-10</Date> -</PolicyHeader> -<!-- --> -<!-- example of a simple type enforcement policy definition --> -<!-- --> - <SimpleTypeEnforcement> - <SimpleTypeEnforcementTypes> - <Type>ste_SystemManagement</Type> <!-- machine/security management --> - <Type>ste_PersonalFinances</Type> <!-- personal finances --> - <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. --> - <Type>ste_DonatedCycles</Type> <!-- donation to BOINC/seti@home --> - <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A--> - <Type>ste_NetworkAdapter0</Type> <!-- type of the domain managing ethernet adapter 0--> - </SimpleTypeEnforcementTypes> - </SimpleTypeEnforcement> -</SecurityPolicyDefinition> - diff -r 9a915e2828f3 -r ae709b250f43 tools/security/python/xensec_gen/cgi-bin/policylabel.cgi --- a/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1396 +0,0 @@ -#!/usr/bin/python -# -# The Initial Developer of the Original Code is International -# Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005 International Business -# Machines Corporation. All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, -# or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import os -import cgi -import cgitb; cgitb.enable( ) -import time -import xml.dom.minidom -import xml.sax -import xml.sax.handler -from StringIO import StringIO -from sets import Set - -def getSavedData( ): - global formData, policyXml, policyLabelXml - global formVariables, formVmNames - global allVmChWs, allVmStes - - # Process the XML upload policy file - if formData.has_key( 'i_policy' ): - dataList = formData.getlist( 'i_policy' ) - if len( dataList ) > 0: - policyXml = dataList[0].strip( ) - - # The XML upload policy file must be specified at the start - if formData.has_key( 'i_policyLabelCreate' ): - if policyXml == '': - msg = '' - msg = msg + 'A Policy file was not supplied. A Policy file ' - msg = msg + 'must be supplied in order to successfully create ' - msg = msg + 'a Policy Labeling file.' - formatXmlError( msg ) - - # Process the XML upload policy label file - if formData.has_key( 'i_policyLabel' ): - dataList = formData.getlist( 'i_policyLabel' ) - if len( dataList ) > 0: - policyLabelXml = dataList[0].strip( ) - - # Process all the hidden input variables (if present) - for formVar in formVariables: - if formVar[2] == '': - continue - - if formData.has_key( formVar[2] ): - dataList = formData.getlist( formVar[2] ) - if len( dataList ) > 0: - if isinstance( formVar[1], list ): - exec 'formVar[1] = ' + dataList[0] - else: - formVar[1] = dataList[0] - - # The form can contain any number of "Virtual Machines" - # so update the list of form variables to include - # each virtual machine (hidden input variable) - for vmName in formVmNames[1]: - newVm( vmName ) - - vmFormVar = allVmChWs[vmName] - if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): - dataList = formData.getlist( vmFormVar[2] ) - if len( dataList ) > 0: - if isinstance( vmFormVar[1], list ): - exec 'vmFormVar[1] = ' + dataList[0] - else: - vmFormVar[1] = dataList[0] - - vmFormVar = allVmStes[vmName] - if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): - dataList = formData.getlist( vmFormVar[2] ) - if len( dataList ) > 0: - if isinstance( vmFormVar[1], list ): - exec 'vmFormVar[1] = ' + dataList[0] - else: - vmFormVar[1] = dataList[0] - -def getCurrentTime( ): - return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) ) - -def getName( domNode ): - nameNodes = domNode.getElementsByTagName( 'Name' ) - if len( nameNodes ) == 0: - formatXmlError( '"<Name>" tag is missing' ) - return None - - name = '' - for childNode in nameNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - name = name + childNode.data - - return name - -def getDate( domNode ): - dateNodes = domNode.getElementsByTagName( 'Date' ) - if len( dateNodes ) == 0: - formatXmlError( '"<Date>" tag is missing' ) - return None - - date = '' - for childNode in dateNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - date = date + childNode.data - - return date - -def getDefUrl( domNode ): - domNodes = domNode.getElementsByTagName( 'PolicyName' ) - if len( domNodes ) == 0: - formatXmlError( '"<PolicyName>" tag is missing' ) - return None - - urlNodes = domNode.getElementsByTagName( 'Url' ) - if len( urlNodes ) == 0: - formatXmlError( '"<Url>" tag is missing' ) - return None - - url = '' - for childNode in urlNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - url = url + childNode.data - - return url - -def getDefRef( domNode ): - domNodes = domNode.getElementsByTagName( 'PolicyName' ) - if len( domNodes ) == 0: - formatXmlError( '"<PolicyName>" tag is missing' ) - return None - - refNodes = domNode.getElementsByTagName( 'Reference' ) - if len( refNodes ) == 0: - formatXmlError( '"<Reference>" tag is missing' ) - return None - - ref = '' - for childNode in refNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - ref = ref + childNode.data - - return ref - -def getSteTypes( domNode, missingIsError = 0 ): - steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' ) - if len( steNodes ) == 0: - if missingIsError == 1: - formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' ) - return None - else: - return [] - - return getTypes( steNodes[0] ) - -def getChWTypes( domNode, missingIsError = 0 ): - chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' ) - if len( chwNodes ) == 0: - if missingIsError == 1: - formatXmlError( '"<ChineseWallTypes>" tag is missing' ) - return None - else: - return [] - - return getTypes( chwNodes[0] ) - -def getTypes( domNode ): - types = [] - - domNodes = domNode.getElementsByTagName( 'Type' ) - if len( domNodes ) == 0: - formatXmlError( '"<Type>" tag is missing' ) - return None - - for domNode in domNodes: - typeText = '' - for childNode in domNode.childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - typeText = typeText + childNode.data - - if typeText == '': - formatXmlError( 'No text associated with the "<Type>" tag' ) - return None - - types.append( typeText ) - - return types - -def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ): - global xmlMessages, xmlError - - xmlError = 1 - addMsg = cgi.escape( msg ) - - if lineNum != -1: - sio = StringIO( xml ) - for xmlLine in sio: - lineNum = lineNum - 1 - if lineNum == 0: - break; - - addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) ) - - if colNum != -1: - errLine = '' - for i in range( colNum ): - errLine = errLine + '-' - - addMsg += '\n' + errLine + '^' - - addMsg += '</PRE>' - - xmlMessages.append( addMsg ) - -def formatXmlGenError( msg ): - global xmlMessages, xmlIncomplete - - xmlIncomplete = 1 - xmlMessages.append( cgi.escape( msg ) ) - -def parseXml( xmlInput ): - global xmlMessages, xmlError, xmlLine, xmlColumn - - xmlParser = xml.sax.make_parser( ) - try: - domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser ) - - except xml.sax.SAXParseException, xmlErr: - msg = '' - msg = msg + 'XML parsing error occurred at line ' - msg = msg + `xmlErr.getLineNumber( )` - msg = msg + ', column ' - msg = msg + `xmlErr.getColumnNumber( )` - msg = msg + ': reason = "' - msg = msg + xmlErr.getMessage( ) - msg = msg + '"' - formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) ) - return None - - except xml.sax.SAXException, xmlErr: - msg = '' - msg = msg + 'XML Parsing error: ' + `xmlErr` - formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) ) - return None - - return domDoc - -def parsePolicyXml( ): - global policyXml - global formSteTypes, formChWallTypes - - domDoc = parseXml( policyXml ) - if domDoc == None: - return - - domRoot = domDoc.documentElement - domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' ) - if len( domNodes ) > 0: - steTypes = getSteTypes( domNodes[0], 1 ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy Definition file used.' - formatXmlError( msg ) - return - - formSteTypes[1] = steTypes - - domNodes = domRoot.getElementsByTagName( 'ChineseWall' ) - if len( domNodes ) > 0: - chwTypes = getChWTypes( domNodes[0], 1 ) - if chwTypes == None: - msg = '' - msg = msg + 'Error processing the ChineseWall types.\n' - msg = msg + 'Please validate the Policy Definition file used.' - formatXmlError( msg ) - return - - formChWallTypes[1] = chwTypes - -def parsePolicyLabelXml( ): - global policyLabelXml - - domDoc = parseXml( policyLabelXml ) - if domDoc == None: - return - - domRoot = domDoc.documentElement - domHeaders = domRoot.getElementsByTagName( 'LabelHeader' ) - if len( domHeaders ) == 0: - msg = '' - msg = msg + '"<LabelHeader>" tag is missing.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - pName = getName( domHeaders[0] ) - if pName == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyLabelName[1] = pName - - pDate = getDate( domHeaders[0] ) - if pDate == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyLabelDate[1] = pDate - - pUrl = getDefUrl( domHeaders[0] ) - if pUrl == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyUrl[1] = pUrl - - pRef = getDefRef( domHeaders[0] ) - if pRef == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyRef[1] = pRef - - domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' ) - if len( domSubjects ) > 0: - formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' ) - domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' ) - for domNode in domNodes: - vmName = getName( domNode ) - if vmName == None: - msg = '' - msg = msg + 'Error processing the VirtualMachineLabel name.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - continue - - steTypes = getSteTypes( domNode ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - chwTypes = getChWTypes( domNode ) - if chwTypes == None: - msg = '' - msg = msg + 'Error processing the ChineseWall types.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - newVm( vmName, 1 ) - allVmStes[vmName][1] = steTypes - allVmChWs[vmName][1] = chwTypes - -def removeDups( curList ): - newList = [] - curSet = Set( curList ) - for x in curSet: - newList.append( x ) - newList.sort( ) - - return newList - -def newVm( vmName, addToList = 0 ): - global formVmNames - global templateVmDel, allVmDel, templateVmDom0, allVmDom0 - global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd - global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd - global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd - global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd - - # Make sure we have an actual name and check one of the 'all' - # variables to be sure it hasn't been previously defined - if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )): - vmSuffix = '_' + vmName - allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix ) - allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix ) - allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix ) - allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix ) - allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix ) - allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix ) - allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix ) - allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix ) - allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix ) - allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix ) - if addToList == 1: - formVmNames[1].append( vmName ) - formVmNames[1] = removeDups( formVmNames[1] ) - -def updateInfo( ): - global formData, formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - - if formData.has_key( formPolicyLabelName[3] ): - formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyLabelName[1] = '' - - if formData.has_key( formPolicyLabelDate[3] ): - formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyLabelDate[1] = '' - - if formData.has_key( formPolicyUrl[3] ): - formPolicyUrl[1] = formData[formPolicyUrl[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyUrl[1] = '' - - if formData.has_key( formPolicyRef[3] ): - formPolicyRef[1] = formData[formPolicyRef[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyRef[1] = '' - -def addVm( ): - global formData, fromVmName, formVmNames, formVmNameDom0 - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )): - if formData.has_key( formVmName[3] ): - vmName = formData[formVmName[3]].value - vmName = vmName.strip( ) - newVm( vmName, 1 ) - if formVmNameDom0[1] == '': - formVmNameDom0[1] = vmName - -def delVm( vmName ): - global formVmNames, formVmNameDom0 - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd - global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd - - vmName = vmName.strip( ) - formVmNames[1].remove( vmName ) - del allVmDom0[vmName] - del allVmDel[vmName] - del allVmChWs[vmName] - del allVmChWDel[vmName] - del allVmChW[vmName] - del allVmChWAdd[vmName] - del allVmStes[vmName] - del allVmSteDel[vmName] - del allVmSte[vmName] - del allVmSteAdd[vmName] - - if formVmNameDom0[1] == vmName: - if len( formVmNames[1] ) > 0: - formVmNameDom0[1] = formVmNames[1][0] - else: - formVmNameDom0[1] = '' - -def makeVmDom0( vmName ): - global formVmNameDom0 - - vmName = vmName.strip( ) - formVmNameDom0[1] = vmName - -def addVmChW( chwName ): - global formData, allVmChW, allVmChWs - - formVar = allVmChW[chwName] - if formData.has_key( formVar[3] ): - chwList = formData.getlist( formVar[3] ) - formVar = allVmChWs[chwName] - for chw in chwList: - chw = chw.strip( ) - formVar[1].append( chw ) - formVar[1] = removeDups( formVar[1] ) - -def delVmChW( chwName ): - global formData, allVmChWs - - formVar = allVmChWs[chwName] - if formData.has_key( formVar[3] ): - chwList = formData.getlist( formVar[3] ) - for chw in chwList: - chw = chw.strip( ) - formVar[1].remove( chw ) - -def addVmSte( steName ): - global formData, allVmSte, allVmStes - - formVar = allVmSte[steName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - formVar = allVmStes[steName] - for ste in steList: - ste = ste.strip( ) - formVar[1].append( ste ) - formVar[1] = removeDups( formVar[1] ) - -def delVmSte( steName ): - global formData, allVmStes - - formVar = allVmStes[steName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - for ste in steList: - ste = ste.strip( ) - formVar[1].remove( ste ) - -def processRequest( ): - global formData, policyXml, policyLabelXml, formPolicyLabelUpdate - global formVmAdd - global formVmNames, allVmDel, allVmDom0 - global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel - - if policyXml != '': - parsePolicyXml( ) - - if policyLabelXml != '': - parsePolicyLabelXml( ) - - # Allow the updating of the header information whenever - # an action is performed - updateInfo( ) - - # Allow the adding of labels if the user has hit the - # enter key when attempting to add a type/set - addVm( ) - - for vmName in formVmNames[1]: - if formData.has_key( allVmDel[vmName][3] ): - delVm( vmName ) - continue - - if formData.has_key( allVmDom0[vmName][3] ): - makeVmDom0( vmName ) - - if formData.has_key( allVmChWAdd[vmName][3] ): - addVmChW( vmName ) - - elif formData.has_key( allVmChWDel[vmName][3] ): - delVmChW( vmName ) - - elif formData.has_key( allVmSteAdd[vmName][3] ): - addVmSte( vmName ) - - elif formData.has_key( allVmSteDel[vmName][3] ): - delVmSte( vmName ) - -def modFormTemplate( formTemplate, suffix ): - formVar = [x for x in formTemplate] - - if formVar[2] != '': - formVar[2] = formVar[2] + suffix - if formVar[3] != '': - formVar[3] = formVar[3] + suffix - if (formVar[0] != 'button') and (formVar[4] != ''): - formVar[4] = formVar[4] + suffix - - return formVar; - -def makeName( name, suffix='' ): - rName = name - if suffix != '': - rName = rName + '_' + suffix - - return rName - -def makeNameAttr( name, suffix='' ): - return 'name="' + makeName( name, suffix ) + '"' - -def makeValue( value, suffix='' ): - rValue = value - - if isinstance( value, list ): - rValue = '[' - for val in value: - rValue = rValue + '\'' + val - if suffix != '': - rValue = rValue + '_' + suffix - rValue = rValue + '\',' - rValue = rValue + ']' - - else: - if suffix != '': - rValue = rValue + '_' + suffix - - return rValue - -def makeValueAttr( value, suffix='' ): - return 'value="' + makeValue( value, suffix ) + '"' - -def sendHtmlFormVar( formVar, attrs='', rb_select=0 ): - nameAttr = '' - valueAttr = '' - htmlText = '' - - if formVar[0] == 'text': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - valueAttr = makeValueAttr( formVar[1] ) - - print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>' - - elif formVar[0] == 'list': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - - print '<SELECT', nameAttr, attrs, '>' - for option in formVar[1]: - print '<OPTION>' + option + '</OPTION>' - print '</SELECT>' - - elif formVar[0] == 'button': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - if formVar[4] != '': - valueAttr = makeValueAttr( formVar[4] ) - - print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>' - - elif formVar[0] == 'radiobutton': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - valueAttr = makeValueAttr( formVar[4][rb_select] ) - htmlText = formVar[5][rb_select] - if formVar[4][rb_select] == formVar[1]: - checked = 'checked' - else: - checked = '' - - print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText - - elif formVar[0] == 'radiobutton-all': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - buttonVals = formVar[4] - for i, buttonVal in enumerate( buttonVals ): - htmlText = '' - addAttrs = '' - checked = '' - - valueAttr = makeValueAttr( buttonVal ) - if formVar[5] != '': - htmlText = formVar[5][i] - if attrs != '': - addAttrs = attrs[i] - if buttonVal == formVar[1]: - checked = 'checked' - - print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText - - if ( formVar[2] != '' ) and ( rb_select == 0 ): - nameAttr = makeNameAttr( formVar[2] ) - valueAttr = makeValueAttr( formVar[1] ) - print '<INPUT type="hidden"', nameAttr, valueAttr, '>' - -def sendHtmlHeaders( ): - # HTML headers - print 'Content-Type: text/html' - print - -def sendPolicyLabelHtml( ): - global xmlError, xmlIncomplete, xmlMessages, formXmlGen - global formVmNameDom0, formSteTypes, formChWallTypes - - print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"' - print ' "http://www.w3.org/TR/html4/loose.dtd";>' - - print '<HTML>' - - sendHtmlHead( ) - - print '<BODY>' - - # An input XML file was specified that had errors, output the - # error information - if xmlError == 1: - print '<P>' - print 'An error has been encountered while processing the input' - print 'XML file:' - print '<UL>' - for msg in xmlMessages: - print '<LI>' - print msg - print '</UL>' - print '</BODY>' - print '</HTML>' - return - - # When attempting to generate the XML output, all required data was not - # present, output the error information - if xmlIncomplete == 1: - print '<P>' - print 'An error has been encountered while validating the data' - print 'required for the output XML file:' - print '<UL>' - for msg in xmlMessages: - print '<LI>' - print msg - print '</UL>' - print '</BODY>' - print '</HTML>' - return - - print '<CENTER>' - print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">' - print '<TABLE class="container">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formDefaultButton, 'class="hidden"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formXmlGen ) - print ' </TD>' - print ' </TR>' - - # Policy Labeling header - print ' <TR>' - print ' <TD>' - sendPLHeaderHtml( ) - print ' </TD>' - print ' </TR>' - - # Separator - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - - # Policy Labels (vms) - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <TR>' - print ' <TD width="100%">' - sendPLSubHtml( ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - - # Send some data that needs to be available across sessions - sendHtmlFormVar( formVmNameDom0 ) - sendHtmlFormVar( formSteTypes ) - sendHtmlFormVar( formChWallTypes ) - - print '</FORM>' - print '</CENTER>' - - print '</BODY>' - - print '</HTML>' - -def sendHtmlHead( ): - global headTitle - - print '<HEAD>' - print '<STYLE type="text/css">' - print '<!--' - print 'BODY {background-color: #EEEEFF;}' - print 'TABLE.container {width: 90%; border: 1px solid black; border-collapse: seperate;}' - print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' - print 'TABLE.fullbox {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' - print 'THEAD {font-weight: bold; font-size: larger;}' - print 'TD {border: 0px solid black; vertical-align: top;}' - print 'TD.heading {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}' - print 'TD.subheading {border: 0px solid black; vertical-align: top; font-size: smaller;}' - print 'TD.fullbox {border: 1px solid black; vertical-align: top;}' - print 'SELECT.full {width: 100%;}' - print 'INPUT.full {width: 100%;}' - print 'INPUT.link {cursor: pointer; background-color: #EEEEFF; border: 0px; text-decoration: underline; color: blue;}' - print 'INPUT.hidden {visibility: hidden; width: 1px; height: 1px;}' - print ':link {color: blue;}' - print ':visited {color: red;}' - print '-->' - print '</STYLE>' - print '<TITLE>', headTitle, '</TITLE>' - print '</HEAD>' - -def sendPLHeaderHtml( ): - global formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - global formPolicyLabelUpdate - - # Policy Labeling header definition - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="20%">' - print ' <COL width="80%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD class="heading" align="center" colspan="2">Policy Labeling Information</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Name:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyLabelName, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Date:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyLabelDate, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Policy URL:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyUrl, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Policy Reference:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyRef, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="2">' - sendHtmlFormVar( formPolicyLabelUpdate ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="subheading">' - print ' (The Policy Labeling Information is updated whenever an action is performed' - print ' or it can be updated separately using the "Update" button)' - print ' </TD>' - print ' </TR>' - print '</TABLE>' - -def sendPLSubHtml( ): - global formVmNames, formVmDel, formVmName, formVmAdd - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd - global allVmStes, allVmSteDel, allVmSte, allVmSteAdd - global formSteTypes, formChWallTypes - - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - # Virtual Machines... - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formVmName, 'class="full"' ) - sendHtmlFormVar( formVmNames ) - print ' </TD>' - print ' <TD> </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formVmAdd, 'class="full"' ) - print ' </TD>' - print ' <TD colspan="2">' - print ' Create a new VM class with the above name' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - if len( formVmNames[1] ) > 0: - print ' <TR>' - print ' <TD colspan="1">' - print ' ' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="fullbox">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <THEAD>' - print ' <TR>' - print ' <TD class="fullbox">Dom 0?</TD>' - print ' <TD class="fullbox">Name</TD>' - print ' <TD class="fullbox">Actions</TD>' - print ' </TR>' - print ' </THEAD>' - for i, vmName in enumerate( formVmNames[1] ): - print ' <TR>' - print ' <TD class="fullbox">' - if formVmNameDom0[1] == vmName: - print 'Yes' - else: - print ' ' - print ' </TD>' - print ' <TD class="fullbox">' + vmName + '</TD>' - print ' <TD class="fullbox">' - print ' <A href="#' + vmName + '">Edit</A>' - formVar = allVmDel[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - formVar = allVmDom0[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - for vmName in formVmNames[1]: - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="39%">' - print ' <COL width="2%">' - print ' <COL width="10%">' - print ' <COL width="39%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD colspan="5" align="center" class="heading">' - print ' <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' - print ' <TD> </TD>' - print ' <TD colspan="2" align="center">Chinese Wall Types</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - formVar = allVmStes[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD colspan="2">' - formVar = allVmChWs[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allVmSteDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - formVar = allVmChWDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - stSet = Set( formSteTypes[1] ) - vmSet = Set( allVmStes[vmName][1] ) - formVar = allVmSte[vmName] - formVar[1] = [] - for steType in stSet.difference( vmSet ): - formVar[1].append( steType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD colspan="2">' - ctSet = Set( formChWallTypes[1] ) - vmSet = Set( allVmChWs[vmName][1] ) - formVar = allVmChW[vmName] - formVar[1] = [] - for chwallType in ctSet.difference( vmSet ): - formVar[1].append( chwallType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allVmSteAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - formVar = allVmChWAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - -def sendPLObjHtml( ): - - # Resources... - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="60%">' - print ' <COL width="20%">' - print ' <COL width="20%">' - print ' </COLGROUP>' - - print ' <TR>' - print ' <TD align="center" colspan="3" class="heading">Resources</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' <TD>' - #sendHtmlFormVar( formVmDel, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - #sendHtmlFormVar( formVmName, 'class="full"' ) - print ' </TD>' - print ' <TD>' - #sendHtmlFormVar( formVmAdd, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print '</TABLE>' - -def checkXmlData( ): - global xmlIncomplete - - # Validate the Policy Label Header requirements - if ( len( formPolicyLabelName[1] ) == 0 ) or \ - ( len( formPolicyLabelDate[1] ) == 0 ) or \ - ( len( formPolicyUrl[1] ) == 0 ) or \ - ( len( formPolicyRef[1] ) == 0 ): - msg = '' - msg = msg + 'The XML policy label schema requires that the Policy ' - msg = msg + 'Labeling Information Name, Date, Policy URL and ' - msg = msg + 'Policy Reference fields all have values.' - formatXmlGenError( msg ) - -def sendXmlHeaders( ): - # HTML headers - print 'Content-Type: text/xml' - print 'Content-Disposition: attachment; filename=security_label_template.xml' - print - -def sendPolicyLabelXml( ): - print '<?xml version="1.0"?>' - - print '<SecurityLabelTemplate xmlns="http://www.ibm.com";' - print ' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";' - print ' xsi:schemaLocation="http://www.ibm.com security_policy.xsd">' - - # Policy Labeling header - sendPLHeaderXml( ) - - # Policy Labels (subjects and objects) - sendPLSubXml( ) - #sendPLObjXml( ) - - print '</SecurityLabelTemplate>' - -def sendPLHeaderXml( ): - global formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - - # Policy Labeling header definition - print '<LabelHeader>' - print ' <Name>' + formPolicyLabelName[1] + '</Name>' - print ' <Date>' + formPolicyLabelDate[1] + '</Date>' - print ' <PolicyName>' - print ' <Url>' + formPolicyUrl[1] + '</Url>' - print ' <Reference>' + formPolicyRef[1] + '</Reference>' - print ' </PolicyName>' - print '</LabelHeader>' - -def sendPLSubXml( ): - global formVmNames, allVmChWs, allVmStes - - # Virtual machines... - if len( formVmNames[1] ) == 0: - return - - print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">' - for vmName in formVmNames[1]: - print ' <VirtualMachineLabel>' - print ' <Name>' + vmName + '</Name>' - formVar = allVmStes[vmName] - if len( formVar[1] ) > 0: - print ' <SimpleTypeEnforcementTypes>' - for ste in formVar[1]: - print ' <Type>' + ste + '</Type>' - print ' </SimpleTypeEnforcementTypes>' - - formVar = allVmChWs[vmName] - if len( formVar[1] ) > 0: - print ' <ChineseWallTypes>' - for chw in formVar[1]: - print ' <Type>' + chw + '</Type>' - print ' </ChineseWallTypes>' - - print ' </VirtualMachineLabel>' - - print '</SubjectLabels>' - - -# Set up initial HTML variables -headTitle = 'Xen Policy Labeling Generation' - -# Form variables -# The format of these variables is as follows: -# [ p0, p1, p2, p3, p4, p5 ] -# p0 = input type -# p1 = the current value of the variable -# p2 = the hidden input name attribute -# p3 = the name attribute -# p4 = the value attribute -# p5 = text to associate with the tag -formPolicyLabelName = [ 'text', - '', - 'h_policyLabelName', - 'i_policyLabelName', - '', - '', - ] -formPolicyLabelDate = [ 'text', - getCurrentTime( ), - 'h_policyLabelDate', - 'i_policyLabelDate', - '', - '', - ] -formPolicyUrl = [ 'text', - '', - 'h_policyUrl', - 'i_policyUrl', - '', - '', - ] -formPolicyRef = [ 'text', - '', - 'h_policyRef', - 'i_policyRef', - '', - '', - ] -formPolicyLabelUpdate = [ 'button', - '', - '', - 'i_PolicyLabelUpdate', - 'Update', - '', - ] - -formVmNames = [ '', - [], - 'h_vmNames', - '', - '', - '', - ] -formVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -formVmName = [ 'text', - '', - '', - 'i_vmName', - '', - '', - ] -formVmAdd = [ 'button', - '', - '', - 'i_vmAdd', - 'New', - '', - ] - -formVmNameDom0 = [ '', - '', - 'h_vmDom0', - '', - '', - '', - ] - -formXmlGen = [ 'button', - '', - '', - 'i_xmlGen', - 'Generate XML', - '', - ] - -formDefaultButton = [ 'button', - '', - '', - 'i_defaultButton', - '.', - '', - ] - -formSteTypes = [ '', - [], - 'h_steTypes', - '', - '', - '', - ] -formChWallTypes = [ '', - [], - 'h_chwallTypes', - '', - '', - '', - ] - -# This is a set of templates used for each virtual machine -# Each virtual machine is initially assigned these templates, -# then each form attribute value is changed to append -# "_virtual-machine-name" for uniqueness. -templateVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -templateVmDom0 = [ 'button', - '', - '', - 'i_vmDom0', - 'SetDom0', - '', - ] -allVmDel = {}; -allVmDom0 = {}; - -templateVmChWs = [ 'list', - [], - 'h_vmChWs', - 'i_vmChWs', - '', - '', - ] -templateVmChWDel = [ 'button', - '', - '', - 'i_vmChWDel', - 'Delete', - '', - ] -templateVmChW = [ 'list', - [], - '', - 'i_vmChW', - '', - '', - ] -templateVmChWAdd = [ 'button', - '', - '', - 'i_vmChWAdd', - 'Add', - '', - ] -allVmChWs = {}; -allVmChWDel = {}; -allVmChW = {}; -allVmChWAdd = {}; - -templateVmStes = [ 'list', - [], - 'h_vmStes', - 'i_vmStes', - '', - '', - ] -templateVmSteDel = [ 'button', - '', - '', - 'i_vmSteDel', - 'Delete', - '', - ] -templateVmSte = [ 'list', - [], - '', - 'i_vmSte', - '', - '', - ] -templateVmSteAdd = [ 'button', - '', - '', - 'i_vmSteAdd', - 'Add', - '', - ] -allVmStes = {}; -allVmSteDel = {}; -allVmSte = {}; -allVmSteAdd = {}; - -# A list of all form variables used for saving info across requests -formVariables = [ formPolicyLabelName, - formPolicyLabelDate, - formPolicyUrl, - formPolicyRef, - formVmNames, - formVmNameDom0, - formSteTypes, - formChWallTypes, - ] - -policyXml = '' -policyLabelXml = '' -xmlError = 0 -xmlIncomplete = 0 -xmlMessages = [] - - -# Extract any form data -formData = cgi.FieldStorage( ) - -# Process the form -getSavedData( ) -processRequest( ) - -if formData.has_key( formXmlGen[3] ): - # Generate and send the XML file - checkXmlData( ) - - if xmlIncomplete == 0: - sendXmlHeaders( ) - sendPolicyLabelXml( ) - -if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ): - # Send HTML to continue processing the form - sendHtmlHeaders( ) - sendPolicyLabelHtml( ) diff -r 9a915e2828f3 -r ae709b250f43 tools/security/setlabel.sh --- a/tools/security/setlabel.sh Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,106 +0,0 @@ -#!/bin/sh -# * -# * setlabel -# * -# * Copyright (C) 2005 IBM Corporation -# * -# * Authors: -# * Stefan Berger <stefanb@xxxxxxxxxx> -# * -# * This program is free software; you can redistribute it and/or -# * modify it under the terms of the GNU General Public License as -# * published by the Free Software Foundation, version 2 of the -# * License. -# * -# * 'setlabel' labels virtual machine (domain) configuration files with -# * security identifiers that can be enforced in Xen. -# * -# * 'setlabel -?' shows the usage of the program -# * -# * 'setlabel -l vmconfig-file' lists all available labels (only VM -# * labels are used right now) -# * -# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref' -# * that corresponds to the security-label under the -# * current policy (if policy changes, 'label' -# * must be re-run over the configuration files; -# * map-file is created during policy translation and -# * is found in the policy's directory -# - -if [ -z "$runbash" ]; then - runbash="1" - export runbash - exec sh -c "bash $0 $*" -fi - -export PATH=$PATH:. -dir=`dirname $0` -source $dir/labelfuncs.sh - -usage () -{ - prg=`basename $0` -echo "Use this tool to put the ssidref corresponding to a label of a policy into -the VM configuration file, or use it to display all labels of a policy. - -Usage: $prg [-r] <vmfile> <label> [<policy name> [<policy dir>]] or - $prg -l [<policy name> [<policy dir>]] - --r : to relabel a file without being prompted --l : to show the valid labels in a map file -vmfile : XEN vm configuration file; give complete path -label : the label to map to an ssidref -policy name : the name of the policy, i.e. 'chwall' - If the policy name is omitted, it is attempted - to find the current policy's name in grub.conf. -policy dir : the directory where the <policy name> policy is located - The default location is '/etc/xen/acm-security/policies' -" -} - -if [ "$1" == "-r" ]; then - mode="relabel" - shift -elif [ "$1" == "-l" ]; then - mode="show" - shift -elif [ "$1" == "-h" ]; then - mode="usage" -fi - -if [ "$mode" == "usage" ]; then - usage -elif [ "$mode" == "show" ]; then - setPolicyVars $1 $2 - ret=$? - if [ $ret -eq 0 ]; then - echo "Error when trying to find policy-related information." - exit -1 - fi - findMapFile $policy $policydir - ret=$? - if [ $ret -eq 0 ]; then - echo "Could not find map file for policy '$policy'." - exit -1 - fi - showLabels $mapfile -else - if [ "$2" == "" ]; then - usage - exit -1 - fi - setPolicyVars $3 $4 - ret=$? - if [ $ret -eq 0 ]; then - echo "Error when trying to find policy-related information." - exit -1 - fi - findMapFile $policy $policydir - ret=$? - if [ $ret -eq 0 ]; then - echo "Could not find map file for policy '$policy'." - exit -1 - fi - relabel $1 $2 $mapfile $mode -fi diff -r 9a915e2828f3 -r ae709b250f43 tools/security/updategrub.sh --- a/tools/security/updategrub.sh Tue Apr 25 22:55:22 2006 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,90 +0,0 @@ -#!/bin/sh -# * -# * updategrub -# * -# * Copyright (C) 2005 IBM Corporation -# * -# * Authors: -# * Stefan Berger <stefanb@xxxxxxxxxx> -# * -# * This program is free software; you can redistribute it and/or -# * modify it under the terms of the GNU General Public License as -# * published by the Free Software Foundation, version 2 of the -# * License. -# * -# * -# - -if [ -z "$runbash" ]; then - runbash="1" - export runbash - exec sh -c "bash $0 $*" - exit -fi - -dir=`dirname $0` -source $dir/labelfuncs.sh - -acmroot=$ACM_DEFAULT_ROOT - - -# Show usage of this program -usage () -{ - prg=`basename $0` -echo "Use this tool to add the binary policy to the Xen grub entry and -have Xen automatically enforce the policy when starting. - -Usage: $prg [-d <policies root>] <policy name> [<kernel version>] - -<policies root> : The directory where the policies directory is located in; - default is $acmroot -<policy name> : The name of the policy, i.e. xen_null -<kernel version> : The version of the kernel to apply the policy - against, i.e. 2.6.12.6-xen0 - If not specified, a kernel version ending with '-xen0' - will be searched for in '/lib/modules' -" -} - - - -if [ "$1" == "-h" ]; then - usage - exit 0 -elif [ "$1" == "-d" ]; then - shift - acmroot=$1 - shift -fi - -if [ "$1" == "" ]; then - echo "Error: Not enough command line parameters." - echo "" - usage - exit -1 -fi - - -policy=$1 -policyfile=$policy.bin - -getLinuxVersion $2 - -findGrubConf -ret=$? -if [ $ret -eq 0 ]; then - echo "Could not find grub.conf." - exit -1 -elif [ $ret -eq 2 ]; then - echo "Need to have write-access to $grubconf. Exiting." - exit -1 -fi - -cpBootPolicy /boot $acmroot $policy -ret=$? -if [ $ret -ne 1 ]; then - echo "Error copying or generating the binary policy." - exit -1 -fi -updateGrub $grubconf $policyfile $linux _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |