Xen project Mailing List

[Xen-changelog] [xen-unstable] xsm: Add support for HVMOP_track_dirty_vram.

From: Xen patchbot-unstable <patchbot@xxxxxxx>

Date: Fri, 11 Nov 2011 04:33:36 +0000

Delivery-date: Thu, 10 Nov 2011 20:39:45 -0800

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Jean Guyader <jean.guyader@xxxxxxxxxxxxx> # Date 1320781307 0 # Node ID fb1b32c9d03dfa5af4014688556a97805b118ac9 # Parent 2af5bfbc9fdee08af184d9dfc48c368619719e0f xsm: Add support for HVMOP_track_dirty_vram. Xen try to inforce the xsm policy when a HVMOP_track_dirty_vram is received (xen/arch/x86/hvm/hvm.c:3637). It was failing because in flask_hvmcontext, xsm didn't have any case for this operation. Signed-off-by: Jean Guyader <jean.guyader@xxxxxxxxxxxxx> Committed-by: Keir Fraser <keir@xxxxxxx> --- diff -r 2af5bfbc9fde -r fb1b32c9d03d tools/flask/policy/policy/flask/access_vectors --- a/tools/flask/policy/policy/flask/access_vectors Tue Nov 08 19:35:42 2011 +0000 +++ b/tools/flask/policy/policy/flask/access_vectors Tue Nov 08 19:41:47 2011 +0000 @@ -90,6 +90,7 @@ pciroute bind_irq cacheattr + trackdirtyvram } class event diff -r 2af5bfbc9fde -r fb1b32c9d03d tools/flask/policy/policy/modules/xen/xen.if --- a/tools/flask/policy/policy/modules/xen/xen.if Tue Nov 08 19:35:42 2011 +0000 +++ b/tools/flask/policy/policy/modules/xen/xen.if Tue Nov 08 19:41:47 2011 +0000 @@ -22,7 +22,7 @@ ################################################################################ define(`create_hvm_dom', ` create_domain($1, $2, $3) - allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel pcilevel }; + allow $1 $2:hvm { setparam getparam cacheattr pciroute irqlevel pcilevel trackdirtyvram }; allow $2 $2:hvm setparam; ') diff -r 2af5bfbc9fde -r fb1b32c9d03d xen/xsm/flask/hooks.c --- a/xen/xsm/flask/hooks.c Tue Nov 08 19:35:42 2011 +0000 +++ b/xen/xsm/flask/hooks.c Tue Nov 08 19:41:47 2011 +0000 @@ -816,6 +816,9 @@ case XEN_DOMCTL_gethvmcontext_partial: perm = HVM__GETHVMC; break; + case HVMOP_track_dirty_vram: + perm = HVM__TRACKDIRTYVRAM; + break; default: return -EPERM; } diff -r 2af5bfbc9fde -r fb1b32c9d03d xen/xsm/flask/include/av_perm_to_string.h --- a/xen/xsm/flask/include/av_perm_to_string.h Tue Nov 08 19:35:42 2011 +0000 +++ b/xen/xsm/flask/include/av_perm_to_string.h Tue Nov 08 19:41:47 2011 +0000 @@ -56,6 +56,7 @@ S_(SECCLASS_HVM, HVM__GETHVMC, "gethvmc") S_(SECCLASS_HVM, HVM__SETPARAM, "setparam") S_(SECCLASS_HVM, HVM__GETPARAM, "getparam") + S_(SECCLASS_HVM, HVM__TRACKDIRTYVRAM, "trackdirtyvram") S_(SECCLASS_HVM, HVM__PCILEVEL, "pcilevel") S_(SECCLASS_HVM, HVM__IRQLEVEL, "irqlevel") S_(SECCLASS_HVM, HVM__PCIROUTE, "pciroute") diff -r 2af5bfbc9fde -r fb1b32c9d03d xen/xsm/flask/include/av_permissions.h --- a/xen/xsm/flask/include/av_permissions.h Tue Nov 08 19:35:42 2011 +0000 +++ b/xen/xsm/flask/include/av_permissions.h Tue Nov 08 19:41:47 2011 +0000 @@ -63,6 +63,7 @@ #define HVM__PCIROUTE 0x00000040UL #define HVM__BIND_IRQ 0x00000080UL #define HVM__CACHEATTR 0x00000100UL +#define HVM__TRACKDIRTYVRAM 0x00000200UL #define EVENT__BIND 0x00000001UL #define EVENT__SEND 0x00000002UL _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.