|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] xsm: Add security labels to event-channel dump
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328195794 0
# Node ID 837f3fb6d61f6d5e679be6327220864eb9a3d283
# Parent fcc071c31e3a3ccc5dfaefd091eedbb608604928
xsm: Add security labels to event-channel dump
In FLASK, event channel labels are distinct from the labels of the
domain using them. When debugging policy issues, it is useful to be
able to view the current label of event channels; add this label to
the event channel dump.
This patch also adds the IRQ associated with a PIRQ for event channels
bound to a PIRQ, and moves the xen_consumer flag to the front to
create more consistent alignment in the output.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---
diff -r fcc071c31e3a -r 837f3fb6d61f xen/common/event_channel.c
--- a/xen/common/event_channel.c Thu Feb 02 13:50:48 2012 +0000
+++ b/xen/common/event_channel.c Thu Feb 02 15:16:34 2012 +0000
@@ -1256,6 +1256,7 @@
static void domain_dump_evtchn_info(struct domain *d)
{
unsigned int port;
+ int irq;
bitmap_scnlistprintf(keyhandler_scratch, sizeof(keyhandler_scratch),
d->poll_mask, d->max_vcpus);
@@ -1268,6 +1269,7 @@
for ( port = 1; port < MAX_EVTCHNS(d); ++port )
{
const struct evtchn *chn;
+ char *ssid;
if ( !port_is_valid(d, port) )
continue;
@@ -1275,11 +1277,12 @@
if ( chn->state == ECS_FREE )
continue;
- printk(" %4u [%d/%d]: s=%d n=%d",
+ printk(" %4u [%d/%d]: s=%d n=%d x=%d",
port,
!!test_bit(port, &shared_info(d, evtchn_pending)),
!!test_bit(port, &shared_info(d, evtchn_mask)),
- chn->state, chn->notify_vcpu_id);
+ chn->state, chn->notify_vcpu_id, chn->xen_consumer);
+
switch ( chn->state )
{
case ECS_UNBOUND:
@@ -1291,13 +1294,21 @@
chn->u.interdomain.remote_port);
break;
case ECS_PIRQ:
- printk(" p=%d", chn->u.pirq.irq);
+ irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+ printk(" p=%d i=%d", chn->u.pirq.irq, irq);
break;
case ECS_VIRQ:
printk(" v=%d", chn->u.virq);
break;
}
- printk(" x=%d\n", chn->xen_consumer);
+
+ ssid = xsm_show_security_evtchn(d, chn);
+ if (ssid) {
+ printk(" Z=%s\n", ssid);
+ xfree(ssid);
+ } else {
+ printk("\n");
+ }
}
spin_unlock(&d->event_lock);
diff -r fcc071c31e3a -r 837f3fb6d61f xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h Thu Feb 02 13:50:48 2012 +0000
+++ b/xen/include/xsm/xsm.h Thu Feb 02 15:16:34 2012 +0000
@@ -99,6 +99,7 @@
void (*free_security_domain) (struct domain *d);
int (*alloc_security_evtchn) (struct evtchn *chn);
void (*free_security_evtchn) (struct evtchn *chn);
+ char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
int (*get_pod_target) (struct domain *d);
int (*set_pod_target) (struct domain *d);
@@ -424,6 +425,11 @@
(void)xsm_call(free_security_evtchn(chn));
}
+static inline char *xsm_show_security_evtchn (struct domain *d, const struct
evtchn *chn)
+{
+ return xsm_call(show_security_evtchn(d, chn));
+}
+
static inline int xsm_get_pod_target (struct domain *d)
{
return xsm_call(get_pod_target(d));
diff -r fcc071c31e3a -r 837f3fb6d61f xen/xsm/dummy.c
--- a/xen/xsm/dummy.c Thu Feb 02 13:50:48 2012 +0000
+++ b/xen/xsm/dummy.c Thu Feb 02 15:16:34 2012 +0000
@@ -290,6 +290,11 @@
return;
}
+static char *dummy_show_security_evtchn (struct domain *d, const struct evtchn
*chn)
+{
+ return NULL;
+}
+
static int dummy_test_assign_device (uint32_t machine_bdf)
{
return 0;
@@ -637,6 +642,7 @@
set_to_dummy_if_null(ops, free_security_domain);
set_to_dummy_if_null(ops, alloc_security_evtchn);
set_to_dummy_if_null(ops, free_security_evtchn);
+ set_to_dummy_if_null(ops, show_security_evtchn);
set_to_dummy_if_null(ops, memory_adjust_reservation);
set_to_dummy_if_null(ops, memory_stat_reservation);
diff -r fcc071c31e3a -r 837f3fb6d61f xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c Thu Feb 02 13:50:48 2012 +0000
+++ b/xen/xsm/flask/hooks.c Thu Feb 02 15:16:34 2012 +0000
@@ -274,6 +274,35 @@
xfree(esec);
}
+static char *flask_show_security_evtchn(struct domain *d, const struct evtchn
*chn)
+{
+ struct evtchn_security_struct *esec;
+ int irq;
+ u32 sid = 0;
+ char *ctx;
+ u32 ctx_len;
+
+ switch ( chn->state )
+ {
+ case ECS_UNBOUND:
+ case ECS_INTERDOMAIN:
+ esec = chn->ssid;
+ if ( esec )
+ sid = esec->sid;
+ break;
+ case ECS_PIRQ:
+ irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+ if (irq)
+ security_irq_sid(irq, &sid);
+ break;
+ }
+ if ( !sid )
+ return NULL;
+ if (security_sid_to_context(sid, &ctx, &ctx_len))
+ return NULL;
+ return ctx;
+}
+
static int flask_grant_mapref(struct domain *d1, struct domain *d2,
uint32_t flags)
{
@@ -1499,6 +1528,7 @@
.free_security_domain = flask_domain_free_security,
.alloc_security_evtchn = flask_alloc_security_evtchn,
.free_security_evtchn = flask_free_security_evtchn,
+ .show_security_evtchn = flask_show_security_evtchn,
.get_pod_target = flask_get_pod_target,
.set_pod_target = flask_set_pod_target,
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |