|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] xsm: Add security label to IRQ debug output
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328195831 0
# Node ID d82a1e3d3c65ff9dd8b318bbe402273b96c4938b
# Parent 837f3fb6d61f6d5e679be6327220864eb9a3d283
xsm: Add security label to IRQ debug output
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/arch/x86/irq.c Thu Feb 02 15:17:11 2012 +0000
@@ -2001,6 +2001,7 @@
struct domain *d;
const struct pirq *info;
unsigned long flags;
+ char *ssid;
printk("Guest interrupt information:\n");
@@ -2012,6 +2013,8 @@
if ( !irq_desc_initialized(desc) || desc->handler == &no_irq_type )
continue;
+ ssid = xsm_show_irq_sid(irq);
+
spin_lock_irqsave(&desc->lock, flags);
cpumask_scnprintf(keyhandler_scratch, sizeof(keyhandler_scratch),
@@ -2021,6 +2024,9 @@
irq, keyhandler_scratch, desc->arch.vector,
desc->handler->typename, desc->status);
+ if ( ssid )
+ printk("Z=%-25s ", ssid);
+
if ( !(desc->status & IRQ_GUEST) )
printk("mapped, unbound\n");
else
@@ -2053,6 +2059,8 @@
}
spin_unlock_irqrestore(&desc->lock, flags);
+
+ xfree(ssid);
}
dump_ioapic_irq_info();
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/include/xsm/xsm.h Thu Feb 02 15:17:11 2012 +0000
@@ -113,6 +113,8 @@
int (*kexec) (void);
int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
+
+ char *(*show_irq_sid) (int irq);
int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t
allow);
int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf,
uint16_t start, uint16_t end, uint8_t access);
@@ -477,6 +479,11 @@
return xsm_call(schedop_shutdown(d1, d2));
}
+static inline char *xsm_show_irq_sid (int irq)
+{
+ return xsm_call(show_irq_sid(irq));
+}
+
static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t
allow)
{
return xsm_call(irq_permission(d, pirq, allow));
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/xsm/dummy.c
--- a/xen/xsm/dummy.c Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/xsm/dummy.c Thu Feb 02 15:17:11 2012 +0000
@@ -365,12 +365,16 @@
return 0;
}
-
static long dummy___do_xsm_op(XEN_GUEST_HANDLE(xsm_op_t) op)
{
return -ENOSYS;
}
+static char *dummy_show_irq_sid (int irq)
+{
+ return NULL;
+}
+
static int dummy_irq_permission (struct domain *d, int pirq, uint8_t allow)
{
return 0;
@@ -655,6 +659,7 @@
set_to_dummy_if_null(ops, kexec);
set_to_dummy_if_null(ops, schedop_shutdown);
+ set_to_dummy_if_null(ops, show_irq_sid);
set_to_dummy_if_null(ops, irq_permission);
set_to_dummy_if_null(ops, iomem_permission);
set_to_dummy_if_null(ops, pci_config_permission);
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/xsm/flask/hooks.c Thu Feb 02 15:17:11 2012 +0000
@@ -712,6 +712,20 @@
return RESOURCE__REMOVE;
}
+static char *flask_show_irq_sid (int irq)
+{
+ u32 sid, ctx_len;
+ char *ctx;
+ int rc = security_irq_sid(irq, &sid);
+ if ( rc )
+ return NULL;
+
+ if (security_sid_to_context(sid, &ctx, &ctx_len))
+ return NULL;
+
+ return ctx;
+}
+
static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
{
u32 perm;
@@ -1543,6 +1557,8 @@
.kexec = flask_kexec,
.schedop_shutdown = flask_schedop_shutdown,
+ .show_irq_sid = flask_show_irq_sid,
+
.irq_permission = flask_irq_permission,
.iomem_permission = flask_iomem_permission,
.pci_config_permission = flask_pci_config_permission,
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |