[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] xsm: Add security label to IRQ debug output



# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328195831 0
# Node ID d82a1e3d3c65ff9dd8b318bbe402273b96c4938b
# Parent  837f3fb6d61f6d5e679be6327220864eb9a3d283
xsm: Add security label to IRQ debug output

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---


diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c        Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/arch/x86/irq.c        Thu Feb 02 15:17:11 2012 +0000
@@ -2001,6 +2001,7 @@
     struct domain *d;
     const struct pirq *info;
     unsigned long flags;
+    char *ssid;
 
     printk("Guest interrupt information:\n");
 
@@ -2012,6 +2013,8 @@
         if ( !irq_desc_initialized(desc) || desc->handler == &no_irq_type )
             continue;
 
+        ssid = xsm_show_irq_sid(irq);
+
         spin_lock_irqsave(&desc->lock, flags);
 
         cpumask_scnprintf(keyhandler_scratch, sizeof(keyhandler_scratch),
@@ -2021,6 +2024,9 @@
                irq, keyhandler_scratch, desc->arch.vector,
                desc->handler->typename, desc->status);
 
+        if ( ssid )
+            printk("Z=%-25s ", ssid);
+
         if ( !(desc->status & IRQ_GUEST) )
             printk("mapped, unbound\n");
         else
@@ -2053,6 +2059,8 @@
         }
 
         spin_unlock_irqrestore(&desc->lock, flags);
+
+        xfree(ssid);
     }
 
     dump_ioapic_irq_info();
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h     Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/include/xsm/xsm.h     Thu Feb 02 15:17:11 2012 +0000
@@ -113,6 +113,8 @@
 
     int (*kexec) (void);
     int (*schedop_shutdown) (struct domain *d1, struct domain *d2);
+
+    char *(*show_irq_sid) (int irq);
     int (*irq_permission) (struct domain *d, int pirq, uint8_t allow);
     int (*iomem_permission) (struct domain *d, uint64_t s, uint64_t e, uint8_t 
allow);
     int (*pci_config_permission) (struct domain *d, uint32_t machine_bdf, 
uint16_t start, uint16_t end, uint8_t access);
@@ -477,6 +479,11 @@
     return xsm_call(schedop_shutdown(d1, d2));
 }
 
+static inline char *xsm_show_irq_sid (int irq)
+{
+    return xsm_call(show_irq_sid(irq));
+}
+
 static inline int xsm_irq_permission (struct domain *d, int pirq, uint8_t 
allow)
 {
     return xsm_call(irq_permission(d, pirq, allow));
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/xsm/dummy.c
--- a/xen/xsm/dummy.c   Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/xsm/dummy.c   Thu Feb 02 15:17:11 2012 +0000
@@ -365,12 +365,16 @@
     return 0;
 }
 
-
 static long dummy___do_xsm_op(XEN_GUEST_HANDLE(xsm_op_t) op)
 {
     return -ENOSYS;
 }
 
+static char *dummy_show_irq_sid (int irq)
+{
+    return NULL;
+}
+
 static int dummy_irq_permission (struct domain *d, int pirq, uint8_t allow)
 {
     return 0;
@@ -655,6 +659,7 @@
     set_to_dummy_if_null(ops, kexec);
     set_to_dummy_if_null(ops, schedop_shutdown);
 
+    set_to_dummy_if_null(ops, show_irq_sid);
     set_to_dummy_if_null(ops, irq_permission);
     set_to_dummy_if_null(ops, iomem_permission);
     set_to_dummy_if_null(ops, pci_config_permission);
diff -r 837f3fb6d61f -r d82a1e3d3c65 xen/xsm/flask/hooks.c
--- a/xen/xsm/flask/hooks.c     Thu Feb 02 15:16:34 2012 +0000
+++ b/xen/xsm/flask/hooks.c     Thu Feb 02 15:17:11 2012 +0000
@@ -712,6 +712,20 @@
         return RESOURCE__REMOVE;
 }
 
+static char *flask_show_irq_sid (int irq)
+{
+    u32 sid, ctx_len;
+    char *ctx;
+    int rc = security_irq_sid(irq, &sid);
+    if ( rc )
+        return NULL;
+
+    if (security_sid_to_context(sid, &ctx, &ctx_len))
+        return NULL;
+
+    return ctx;
+}
+
 static int flask_irq_permission (struct domain *d, int pirq, uint8_t access)
 {
     u32 perm;
@@ -1543,6 +1557,8 @@
     .kexec = flask_kexec,
     .schedop_shutdown = flask_schedop_shutdown,
 
+    .show_irq_sid = flask_show_irq_sid,
+
     .irq_permission = flask_irq_permission,
     .iomem_permission = flask_iomem_permission,
     .pci_config_permission = flask_pci_config_permission,

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.