# HG changeset patch
# User adsharma@xxxxxxxxxxxxxxxxxxxx
# Node ID 81576d3d1ca891cdcd81fada9025b2279a974458
# Parent 99914b54f7bffc8c27757a1ac2bc7a0d97597ac8
# Parent 0608852073c86cfa432ac32cb9223531950be896
Merge.
diff -r 99914b54f7bf -r 81576d3d1ca8 Config.mk
--- a/Config.mk Thu Aug 18 18:40:02 2005
+++ b/Config.mk Fri Aug 19 18:19:28 2005
@@ -35,3 +35,11 @@
# Choose the best mirror to download linux kernel
KERNEL_REPO = http://www.kernel.org
+
+# ACM_USE_SECURITY_POLICY is set to security policy of Xen
+# Supported models are:
+# ACM_NULL_POLICY (ACM will not be built with this policy)
+# ACM_CHINESE_WALL_POLICY
+# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
+# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
diff -r 99914b54f7bf -r 81576d3d1ca8 docs/src/user.tex
--- a/docs/src/user.tex Thu Aug 18 18:40:02 2005
+++ b/docs/src/user.tex Fri Aug 19 18:19:28 2005
@@ -1763,7 +1763,7 @@
physical address in the memory map will be ignored. This parameter
may be specified with a B, K, M or G suffix, representing bytes,
kilobytes, megabytes and gigabytes respectively. The
- default unit, if no suffix is specified, is bytes.
+ default unit, if no suffix is specified, is kilobytes.
\item [dom0\_mem=xxx ]
Set the amount of memory to be allocated to domain0. In Xen 3.x the parameter
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/Makefile Fri Aug 19
18:19:28 2005
@@ -14,8 +14,7 @@
c-obj-y := semaphore.o vm86.o \
ptrace.o sys_i386.o \
- i387.o dmi_scan.o bootflag.o \
- doublefault.o
+ i387.o dmi_scan.o bootflag.o
s-obj-y :=
obj-y += cpu/
@@ -85,7 +84,7 @@
$(obj)/vsyscall-sysenter.o FORCE
$(call if_changed,syscall)
-c-link := init_task.o
+c-link :=
s-link := vsyscall-int80.o vsyscall-sysenter.o vsyscall-sigreturn.o
vsyscall.lds.o syscall_table.o
$(patsubst %.o,$(obj)/%.c,$(c-obj-y) $(c-obj-m) $(c-link)) $(patsubst
%.o,$(obj)/%.S,$(s-obj-y) $(s-link)):
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/cpu/common.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/cpu/common.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/cpu/common.c Fri Aug 19
18:19:28 2005
@@ -569,7 +569,7 @@
for (va = gdt_descr->address, f = 0;
va < gdt_descr->address + gdt_descr->size;
va += PAGE_SIZE, f++) {
- frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+ frames[f] = virt_to_mfn(va);
make_page_readonly((void *)va);
}
if (HYPERVISOR_set_gdt(frames, gdt_descr->size / 8))
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/head.S
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/head.S Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/head.S Fri Aug 19 18:19:28 2005
@@ -136,9 +136,6 @@
ENTRY(empty_zero_page)
.org 0x2000
-ENTRY(swapper_pg_dir)
-
-.org 0x3000
ENTRY(cpu_gdt_table)
.quad 0x0000000000000000 /* NULL descriptor */
.quad 0x0000000000000000 /* 0x0b reserved */
@@ -190,10 +187,10 @@
.quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault
TSS */
.fill GDT_ENTRIES-32,8,0
-.org 0x4000
+.org 0x3000
ENTRY(default_ldt)
-.org 0x5000
+.org 0x4000
/*
* Real beginning of normal "text" segment
*/
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/ioport.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/ioport.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/ioport.c Fri Aug 19
18:19:28 2005
@@ -80,7 +80,7 @@
t->io_bitmap_ptr = bitmap;
op.cmd = PHYSDEVOP_SET_IOBITMAP;
- op.u.set_iobitmap.bitmap = (unsigned long)bitmap;
+ op.u.set_iobitmap.bitmap = (char *)bitmap;
op.u.set_iobitmap.nr_ports = IO_BITMAP_BITS;
HYPERVISOR_physdev_op(&op);
}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/ldt.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/ldt.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/ldt.c Fri Aug 19 18:19:28 2005
@@ -198,7 +198,7 @@
{
struct mm_struct * mm = current->mm;
__u32 entry_1, entry_2, *lp;
- unsigned long mach_lp;
+ maddr_t mach_lp;
int error;
struct user_desc ldt_info;
@@ -245,7 +245,8 @@
/* Install the new entry ... */
install:
- error = HYPERVISOR_update_descriptor(mach_lp, entry_1, entry_2);
+ error = HYPERVISOR_update_descriptor(
+ mach_lp, (u64)entry_1 | ((u64)entry_2<<32));
out_unlock:
up(&mm->context.sem);
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/process.c Fri Aug 19
18:19:28 2005
@@ -115,20 +115,12 @@
/* We don't actually take CPU down, just spin without interrupts. */
static inline void play_dead(void)
{
- /* Ack it */
- __get_cpu_var(cpu_state) = CPU_DEAD;
-
- /* We shouldn't have to disable interrupts while dead, but
- * some interrupts just don't seem to go away, and this makes
- * it "work" for testing purposes. */
/* Death loop */
while (__get_cpu_var(cpu_state) != CPU_UP_PREPARE)
HYPERVISOR_yield();
- local_irq_disable();
__flush_tlb_all();
cpu_set(smp_processor_id(), cpu_online_map);
- local_irq_enable();
}
#else
static inline void play_dead(void)
@@ -156,12 +148,19 @@
rmb();
if (cpu_is_offline(cpu)) {
+ local_irq_disable();
+ /* Ack it. From this point on until
+ we get woken up, we're not allowed
+ to take any locks. In particular,
+ don't printk. */
+ __get_cpu_var(cpu_state) = CPU_DEAD;
#if defined(CONFIG_XEN) && defined(CONFIG_HOTPLUG_CPU)
/* Tell hypervisor to take vcpu down. */
HYPERVISOR_vcpu_down(cpu);
#endif
play_dead();
- }
+ local_irq_enable();
+ }
__get_cpu_var(irq_stat).idle_timestamp = jiffies;
xen_idle();
@@ -523,16 +522,15 @@
* Load the per-thread Thread-Local Storage descriptor.
* This is load_TLS(next, cpu) with multicalls.
*/
-#define C(i) do { \
- if (unlikely(next->tls_array[i].a != prev->tls_array[i].a || \
- next->tls_array[i].b != prev->tls_array[i].b)) { \
- mcl->op = __HYPERVISOR_update_descriptor; \
- mcl->args[0] = virt_to_machine(&get_cpu_gdt_table(cpu) \
- [GDT_ENTRY_TLS_MIN + i]); \
- mcl->args[1] = ((u32 *)&next->tls_array[i])[0]; \
- mcl->args[2] = ((u32 *)&next->tls_array[i])[1]; \
- mcl++; \
- } \
+#define C(i) do { \
+ if (unlikely(next->tls_array[i].a != prev->tls_array[i].a || \
+ next->tls_array[i].b != prev->tls_array[i].b)) { \
+ mcl->op = __HYPERVISOR_update_descriptor; \
+ *(u64 *)&mcl->args[0] = virt_to_machine( \
+ &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN + i]);\
+ *(u64 *)&mcl->args[2] = *(u64 *)&next->tls_array[i]; \
+ mcl++; \
+ } \
} while (0)
C(0); C(1); C(2);
#undef C
@@ -549,7 +547,7 @@
iobmp_op.cmd =
PHYSDEVOP_SET_IOBITMAP;
iobmp_op.u.set_iobitmap.bitmap =
- (unsigned long)next->io_bitmap_ptr;
+ (char *)next->io_bitmap_ptr;
iobmp_op.u.set_iobitmap.nr_ports =
next->io_bitmap_ptr ? IO_BITMAP_BITS : 0;
mcl->op = __HYPERVISOR_physdev_op;
@@ -791,3 +789,10 @@
sp -= get_random_int() % 8192;
return sp & ~0xf;
}
+
+
+#ifndef CONFIG_X86_SMP
+void _restore_vcpu(void)
+{
+}
+#endif
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/setup.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/setup.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/setup.c Fri Aug 19 18:19:28 2005
@@ -1604,11 +1604,10 @@
for ( i=0, j=0; i < max_pfn; i+=(PAGE_SIZE/sizeof(unsigned long)), j++ )
{
pfn_to_mfn_frame_list[j] =
- virt_to_machine(&phys_to_machine_mapping[i]) >> PAGE_SHIFT;
+ virt_to_mfn(&phys_to_machine_mapping[i]);
}
HYPERVISOR_shared_info->arch.pfn_to_mfn_frame_list =
- virt_to_machine(pfn_to_mfn_frame_list) >> PAGE_SHIFT;
-
+ virt_to_mfn(pfn_to_mfn_frame_list);
/*
* NOTE: at this point the bootmem allocator is fully available.
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c Fri Aug 19
18:19:28 2005
@@ -904,7 +904,7 @@
for (va = cpu_gdt_descr[cpu].address, f = 0;
va < cpu_gdt_descr[cpu].address + cpu_gdt_descr[cpu].size;
va += PAGE_SIZE, f++) {
- ctxt.gdt_frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+ ctxt.gdt_frames[f] = virt_to_mfn(va);
make_page_readonly((void *)va);
}
ctxt.gdt_ents = cpu_gdt_descr[cpu].size / 8;
@@ -920,7 +920,7 @@
ctxt.failsafe_callback_cs = __KERNEL_CS;
ctxt.failsafe_callback_eip = (unsigned long)failsafe_callback;
- ctxt.ctrlreg[3] = (unsigned long)virt_to_machine(swapper_pg_dir);
+ ctxt.ctrlreg[3] = virt_to_mfn(swapper_pg_dir) << PAGE_SHIFT;
boot_error = HYPERVISOR_boot_vcpu(cpu, &ctxt);
printk("boot error: %ld\n", boot_error);
@@ -1616,3 +1616,21 @@
smp_intr_init();
local_setup_timer_irq();
}
+
+DECLARE_PER_CPU(int, timer_irq);
+
+void _restore_vcpu(void)
+{
+ int cpu = smp_processor_id();
+ extern atomic_t vcpus_rebooting;
+
+ /* We are the first thing the vcpu runs when it comes back,
+ and we are supposed to restore the IPIs and timer
+ interrupts etc. When we return, the vcpu's idle loop will
+ start up again. */
+ _bind_virq_to_irq(VIRQ_TIMER, cpu, per_cpu(timer_irq, cpu));
+ _bind_virq_to_irq(VIRQ_DEBUG, cpu, per_cpu(ldebug_irq, cpu));
+ _bind_ipi_to_irq(RESCHEDULE_VECTOR, cpu, per_cpu(resched_irq, cpu) );
+ _bind_ipi_to_irq(CALL_FUNCTION_VECTOR, cpu, per_cpu(callfunc_irq, cpu)
);
+ atomic_dec(&vcpus_rebooting);
+}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/swiotlb.c Fri Aug 19
18:19:28 2005
@@ -94,9 +94,6 @@
iotlb_nslabs = simple_strtoul(str, &str, 0) <<
(20 - IO_TLB_SHIFT);
iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
- /* Round up to power of two (xen_create_contiguous_region). */
- while (iotlb_nslabs & (iotlb_nslabs-1))
- iotlb_nslabs += iotlb_nslabs & ~(iotlb_nslabs-1);
}
if (*str == ',')
++str;
@@ -123,9 +120,6 @@
if (!iotlb_nslabs) {
iotlb_nslabs = (default_size >> IO_TLB_SHIFT);
iotlb_nslabs = ALIGN(iotlb_nslabs, IO_TLB_SEGSIZE);
- /* Round up to power of two (xen_create_contiguous_region). */
- while (iotlb_nslabs & (iotlb_nslabs-1))
- iotlb_nslabs += iotlb_nslabs & ~(iotlb_nslabs-1);
}
bytes = iotlb_nslabs * (1UL << IO_TLB_SHIFT);
@@ -135,10 +129,14 @@
*/
iotlb_virt_start = alloc_bootmem_low_pages(bytes);
if (!iotlb_virt_start)
- panic("Cannot allocate SWIOTLB buffer");
-
- xen_create_contiguous_region(
- (unsigned long)iotlb_virt_start, get_order(bytes));
+ panic("Cannot allocate SWIOTLB buffer!\n"
+ "Use dom0_mem Xen boot parameter to reserve\n"
+ "some DMA memory (e.g., dom0_mem=-128M).\n");
+
+ for (i = 0; i < iotlb_nslabs; i += IO_TLB_SEGSIZE)
+ xen_create_contiguous_region(
+ (unsigned long)iotlb_virt_start + (i << IO_TLB_SHIFT),
+ get_order(IO_TLB_SEGSIZE << IO_TLB_SHIFT));
iotlb_virt_end = iotlb_virt_start + bytes;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/time.c Fri Aug 19 18:19:28 2005
@@ -745,7 +745,7 @@
#endif
/* Dynamically-mapped IRQ. */
-static DEFINE_PER_CPU(int, timer_irq);
+DEFINE_PER_CPU(int, timer_irq);
static struct irqaction irq_timer = {
timer_interrupt, SA_INTERRUPT, CPU_MASK_NONE, "timer0",
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/mm/init.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/init.c Fri Aug 19 18:19:28 2005
@@ -342,11 +342,15 @@
extern void __init remap_numa_kva(void);
#endif
+pgd_t *swapper_pg_dir;
+
static void __init pagetable_init (void)
{
unsigned long vaddr;
- pgd_t *pgd_base = swapper_pg_dir;
- pgd_t *old_pgd = (pgd_t *)xen_start_info.pt_base;
+ pgd_t *pgd_base = (pgd_t *)xen_start_info.pt_base;
+
+ swapper_pg_dir = pgd_base;
+ init_mm.pgd = pgd_base;
#ifdef CONFIG_X86_PAE
int i;
@@ -366,44 +370,6 @@
__PAGE_KERNEL |= _PAGE_GLOBAL;
__PAGE_KERNEL_EXEC |= _PAGE_GLOBAL;
}
-
- /*
- * Switch to proper mm_init page directory. Initialise from the current
- * page directory, write-protect the new page directory, then switch to
- * it. We clean up by write-enabling and then freeing the old page dir.
- */
-#ifndef CONFIG_X86_PAE
- memcpy(pgd_base, old_pgd, PTRS_PER_PGD_NO_HV*sizeof(pgd_t));
- make_page_readonly(pgd_base);
- xen_pgd_pin(__pa(pgd_base));
- load_cr3(pgd_base);
- xen_pgd_unpin(__pa(old_pgd));
- make_page_writable(old_pgd);
- __flush_tlb_all();
- free_bootmem(__pa(old_pgd), PAGE_SIZE);
-#else
- {
- pud_t *old_pud = pud_offset(old_pgd+3, PAGE_OFFSET);
- pmd_t *old_pmd = pmd_offset(old_pud, PAGE_OFFSET);
- pmd_t *new_pmd = alloc_bootmem_low_pages(PAGE_SIZE);
-
- memcpy(new_pmd, old_pmd, PAGE_SIZE);
- memcpy(pgd_base, old_pgd, PTRS_PER_PGD_NO_HV*sizeof(pgd_t));
- set_pgd(&pgd_base[3], __pgd(__pa(new_pmd) | _PAGE_PRESENT));
-
- make_page_readonly(new_pmd);
- make_page_readonly(pgd_base);
- xen_pgd_pin(__pa(pgd_base));
- load_cr3(pgd_base);
- xen_pgd_unpin(__pa(old_pgd));
- make_page_writable(old_pgd);
- make_page_writable(old_pmd);
- __flush_tlb_all();
-
- free_bootmem(__pa(old_pgd), PAGE_SIZE);
- free_bootmem(__pa(old_pmd), PAGE_SIZE);
- }
-#endif
init_mm.context.pinned = 1;
kernel_physical_mapping_init(pgd_base);
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/ioremap.c Fri Aug 19 18:19:28 2005
@@ -306,7 +306,7 @@
{
mmu_update_t **v = (mmu_update_t **)data;
- (*v)->ptr = ((physaddr_t)pfn_to_mfn(page_to_pfn(pte_page)) <<
+ (*v)->ptr = ((maddr_t)pfn_to_mfn(page_to_pfn(pte_page)) <<
PAGE_SHIFT) | ((unsigned long)pte & ~PAGE_MASK);
(*v)++;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/mm/pgtable.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/mm/pgtable.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/mm/pgtable.c Fri Aug 19 18:19:28 2005
@@ -170,7 +170,7 @@
__flush_tlb_one(vaddr);
}
-void __set_fixmap (enum fixed_addresses idx, unsigned long phys, pgprot_t
flags)
+void __set_fixmap (enum fixed_addresses idx, maddr_t phys, pgprot_t flags)
{
unsigned long address = __fix_to_virt(idx);
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c
--- a/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/kernel/evtchn.c Fri Aug 19 18:19:28 2005
@@ -144,7 +144,7 @@
vcpu_info_t *vcpu_info = &s->vcpu_data[cpu];
vcpu_info->evtchn_upcall_pending = 0;
-
+
/* NB. No need for a barrier here -- XCHG is a barrier on x86. */
l1 = xchg(&vcpu_info->evtchn_pending_sel, 0);
while ( l1 != 0 )
@@ -158,9 +158,9 @@
l2 &= ~(1 << l2i);
port = (l1i << 5) + l2i;
- if ( (irq = evtchn_to_irq[port]) != -1 )
+ if ( (irq = evtchn_to_irq[port]) != -1 ) {
do_IRQ(irq, regs);
- else
+ } else
evtchn_device_upcall(port);
}
}
@@ -243,6 +243,74 @@
}
spin_unlock(&irq_mapping_update_lock);
+}
+
+/* This is only used when a vcpu from an xm save. The ipi is expected
+ to have been bound before we suspended, and so all of the xenolinux
+ state is set up; we only need to restore the Xen side of things.
+ The irq number has to be the same, but the evtchn number can
+ change. */
+void _bind_ipi_to_irq(int ipi, int vcpu, int irq)
+{
+ evtchn_op_t op;
+ int evtchn;
+
+ spin_lock(&irq_mapping_update_lock);
+
+ op.cmd = EVTCHNOP_bind_ipi;
+ if ( HYPERVISOR_event_channel_op(&op) != 0 )
+ panic("Failed to bind virtual IPI %d on cpu %d\n", ipi, vcpu);
+ evtchn = op.u.bind_ipi.port;
+
+ printk("<0>IPI %d, old evtchn %d, evtchn %d.\n",
+ ipi, per_cpu(ipi_to_evtchn, vcpu)[ipi],
+ evtchn);
+
+ evtchn_to_irq[irq_to_evtchn[irq]] = -1;
+ irq_to_evtchn[irq] = -1;
+
+ evtchn_to_irq[evtchn] = irq;
+ irq_to_evtchn[irq] = evtchn;
+
+ printk("<0>evtchn_to_irq[%d] = %d.\n", evtchn,
+ evtchn_to_irq[evtchn]);
+ per_cpu(ipi_to_evtchn, vcpu)[ipi] = evtchn;
+
+ bind_evtchn_to_cpu(evtchn, vcpu);
+
+ spin_unlock(&irq_mapping_update_lock);
+
+ clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_mask);
+ clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_pending);
+}
+
+void _bind_virq_to_irq(int virq, int cpu, int irq)
+{
+ evtchn_op_t op;
+ int evtchn;
+
+ spin_lock(&irq_mapping_update_lock);
+
+ op.cmd = EVTCHNOP_bind_virq;
+ op.u.bind_virq.virq = virq;
+ if ( HYPERVISOR_event_channel_op(&op) != 0 )
+ panic("Failed to bind virtual IRQ %d\n", virq);
+ evtchn = op.u.bind_virq.port;
+
+ evtchn_to_irq[irq_to_evtchn[irq]] = -1;
+ irq_to_evtchn[irq] = -1;
+
+ evtchn_to_irq[evtchn] = irq;
+ irq_to_evtchn[irq] = evtchn;
+
+ per_cpu(virq_to_irq, cpu)[virq] = irq;
+
+ bind_evtchn_to_cpu(evtchn, cpu);
+
+ spin_unlock(&irq_mapping_update_lock);
+
+ clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_mask);
+ clear_bit(evtchn, (unsigned long *)HYPERVISOR_shared_info->evtchn_pending);
}
int bind_ipi_to_irq(int ipi)
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/kernel/reboot.c
--- a/linux-2.6-xen-sparse/arch/xen/kernel/reboot.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/kernel/reboot.c Fri Aug 19 18:19:28 2005
@@ -16,6 +16,8 @@
#include <asm-xen/queues.h>
#include <asm-xen/xenbus.h>
#include <asm-xen/ctrl_if.h>
+#include <linux/cpu.h>
+#include <linux/kthread.h>
#define SHUTDOWN_INVALID -1
#define SHUTDOWN_POWEROFF 0
@@ -58,20 +60,74 @@
/* Ignore multiple shutdown requests. */
static int shutting_down = SHUTDOWN_INVALID;
-static void __do_suspend(void)
+#ifndef CONFIG_HOTPLUG_CPU
+#define cpu_down(x) (-EOPNOTSUPP)
+#define cpu_up(x) (-EOPNOTSUPP)
+#endif
+
+static void save_vcpu_context(int vcpu, vcpu_guest_context_t *ctxt)
+{
+ int r;
+ int gdt_pages;
+ r = HYPERVISOR_vcpu_pickle(vcpu, ctxt);
+ if (r != 0)
+ panic("pickling vcpu %d -> %d!\n", vcpu, r);
+
+ /* Translate from machine to physical addresses where necessary,
+ so that they can be translated to our new machine address space
+ after resume. libxc is responsible for doing this to vcpu0,
+ but we do it to the others. */
+ gdt_pages = (ctxt->gdt_ents + 511) / 512;
+ ctxt->ctrlreg[3] = machine_to_phys(ctxt->ctrlreg[3]);
+ for (r = 0; r < gdt_pages; r++)
+ ctxt->gdt_frames[r] = mfn_to_pfn(ctxt->gdt_frames[r]);
+}
+
+void _restore_vcpu(int cpu);
+
+atomic_t vcpus_rebooting;
+
+static int restore_vcpu_context(int vcpu, vcpu_guest_context_t *ctxt)
+{
+ int r;
+ int gdt_pages = (ctxt->gdt_ents + 511) / 512;
+
+ /* This is kind of a hack, and implicitly relies on the fact that
+ the vcpu stops in a place where all of the call clobbered
+ registers are already dead. */
+ ctxt->user_regs.esp -= 4;
+ ((unsigned long *)ctxt->user_regs.esp)[0] = ctxt->user_regs.eip;
+ ctxt->user_regs.eip = (unsigned long)_restore_vcpu;
+
+ /* De-canonicalise. libxc handles this for vcpu 0, but we need
+ to do it for the other vcpus. */
+ ctxt->ctrlreg[3] = phys_to_machine(ctxt->ctrlreg[3]);
+ for (r = 0; r < gdt_pages; r++)
+ ctxt->gdt_frames[r] = pfn_to_mfn(ctxt->gdt_frames[r]);
+
+ atomic_set(&vcpus_rebooting, 1);
+ r = HYPERVISOR_boot_vcpu(vcpu, ctxt);
+ if (r != 0) {
+ printk(KERN_EMERG "Failed to reboot vcpu %d (%d)\n", vcpu, r);
+ return -1;
+ }
+
+ /* Make sure we wait for the new vcpu to come up before trying to do
+ anything with it or starting the next one. */
+ while (atomic_read(&vcpus_rebooting))
+ barrier();
+
+ return 0;
+}
+
+static int __do_suspend(void *ignore)
{
int i, j;
suspend_record_t *suspend_record;
+ static vcpu_guest_context_t suspended_cpu_records[NR_CPUS];
/* Hmmm... a cleaner interface to suspend/resume blkdevs would be nice. */
/* XXX SMH: yes it would :-( */
-#ifdef CONFIG_XEN_BLKDEV_FRONTEND
- extern void blkdev_suspend(void);
- extern void blkdev_resume(void);
-#else
-#define blkdev_suspend() do{}while(0)
-#define blkdev_resume() do{}while(0)
-#endif
#ifdef CONFIG_XEN_NETDEV_FRONTEND
extern void netif_suspend(void);
@@ -104,13 +160,63 @@
extern unsigned long max_pfn;
extern unsigned int *pfn_to_mfn_frame_list;
+ cpumask_t prev_online_cpus, prev_present_cpus;
+ int err = 0;
+
+ BUG_ON(smp_processor_id() != 0);
+ BUG_ON(in_interrupt());
+
+#if defined(CONFIG_SMP) && !defined(CONFIG_HOTPLUG_CPU)
+ if (num_online_cpus() > 1) {
+ printk(KERN_WARNING "Can't suspend SMP guests without
CONFIG_HOTPLUG_CPU\n");
+ return -EOPNOTSUPP;
+ }
+#endif
+
suspend_record = (suspend_record_t *)__get_free_page(GFP_KERNEL);
if ( suspend_record == NULL )
goto out;
+ /* Take all of the other cpus offline. We need to be careful not
+ to get preempted between the final test for num_online_cpus()
+ == 1 and disabling interrupts, since otherwise userspace could
+ bring another cpu online, and then we'd be stuffed. At the
+ same time, cpu_down can reschedule, so we need to enable
+ preemption while doing that. This kind of sucks, but should be
+ correct. */
+ /* (We don't need to worry about other cpus bringing stuff up,
+ since by the time num_online_cpus() == 1, there aren't any
+ other cpus) */
+ cpus_clear(prev_online_cpus);
+ preempt_disable();
+ while (num_online_cpus() > 1) {
+ preempt_enable();
+ for_each_online_cpu(i) {
+ if (i == 0)
+ continue;
+ err = cpu_down(i);
+ if (err != 0) {
+ printk(KERN_CRIT "Failed to take all CPUs down: %d.\n", err);
+ goto out_reenable_cpus;
+ }
+ cpu_set(i, prev_online_cpus);
+ }
+ preempt_disable();
+ }
+
suspend_record->nr_pfns = max_pfn; /* final number of pfns */
__cli();
+
+ preempt_enable();
+
+ cpus_clear(prev_present_cpus);
+ for_each_present_cpu(i) {
+ if (i == 0)
+ continue;
+ save_vcpu_context(i, &suspended_cpu_records[i]);
+ cpu_set(i, prev_present_cpus);
+ }
#ifdef __i386__
mm_pin_all();
@@ -119,8 +225,6 @@
netif_suspend();
- blkdev_suspend();
-
time_suspend();
#ifdef CONFIG_SMP
@@ -141,7 +245,9 @@
memcpy(&suspend_record->resume_info, &xen_start_info,
sizeof(xen_start_info));
- HYPERVISOR_suspend(virt_to_machine(suspend_record) >> PAGE_SHIFT);
+ /* We'll stop somewhere inside this hypercall. When it returns,
+ we'll start resuming after the restore. */
+ HYPERVISOR_suspend(virt_to_mfn(suspend_record));
shutting_down = SHUTDOWN_INVALID;
@@ -157,10 +263,10 @@
for ( i=0, j=0; i < max_pfn; i+=(PAGE_SIZE/sizeof(unsigned long)), j++ )
{
pfn_to_mfn_frame_list[j] =
- virt_to_machine(&phys_to_machine_mapping[i]) >> PAGE_SHIFT;
+ virt_to_mfn(&phys_to_machine_mapping[i]);
}
HYPERVISOR_shared_info->arch.pfn_to_mfn_frame_list =
- virt_to_machine(pfn_to_mfn_frame_list) >> PAGE_SHIFT;
+ virt_to_mfn(pfn_to_mfn_frame_list);
gnttab_resume();
@@ -176,17 +282,30 @@
time_resume();
- blkdev_resume();
-
netif_resume();
usbif_resume();
+ for_each_cpu_mask(i, prev_present_cpus) {
+ restore_vcpu_context(i, &suspended_cpu_records[i]);
+ }
+
__sti();
+
+ out_reenable_cpus:
+ for_each_cpu_mask(i, prev_online_cpus) {
+ j = cpu_up(i);
+ if (j != 0) {
+ printk(KERN_CRIT "Failed to bring cpu %d back up (%d).\n",
+ i, j);
+ err = j;
+ }
+ }
out:
if ( suspend_record != NULL )
free_page((unsigned long)suspend_record);
+ return err;
}
static int shutdown_process(void *__unused)
@@ -233,6 +352,18 @@
return 0;
}
+static struct task_struct *kthread_create_on_cpu(int (*f)(void *arg),
+ void *arg,
+ const char *name,
+ int cpu)
+{
+ struct task_struct *p;
+ p = kthread_create(f, arg, name);
+ kthread_bind(p, cpu);
+ wake_up_process(p);
+ return p;
+}
+
static void __shutdown_handler(void *unused)
{
int err;
@@ -245,7 +376,7 @@
}
else
{
- __do_suspend();
+ kthread_create_on_cpu(__do_suspend, NULL, "suspender", 0);
}
}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/process.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/process.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/process.c Fri Aug 19
18:19:28 2005
@@ -453,8 +453,8 @@
#define C(i) do { \
if (unlikely(next->tls_array[i] != prev->tls_array[i])) { \
mcl->op = __HYPERVISOR_update_descriptor; \
- mcl->args[0] = virt_to_machine(&get_cpu_gdt_table(cpu) \
- [GDT_ENTRY_TLS_MIN + i]); \
+ mcl->args[0] = virt_to_machine( \
+ &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN + i]);\
mcl->args[1] = next->tls_array[i]; \
mcl++; \
} \
@@ -474,7 +474,7 @@
iobmp_op.cmd =
PHYSDEVOP_SET_IOBITMAP;
iobmp_op.u.set_iobitmap.bitmap =
- (unsigned long)next->io_bitmap_ptr;
+ (char *)next->io_bitmap_ptr;
iobmp_op.u.set_iobitmap.nr_ports =
next->io_bitmap_ptr ? IO_BITMAP_BITS : 0;
mcl->op = __HYPERVISOR_physdev_op;
@@ -743,3 +743,9 @@
sp -= get_random_int() % 8192;
return sp & ~0xf;
}
+
+#ifndef CONFIG_SMP
+void _restore_vcpu(void)
+{
+}
+#endif
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup.c Fri Aug 19
18:19:28 2005
@@ -795,7 +795,7 @@
for ( i=0, j=0; i < end_pfn; i+=(PAGE_SIZE/sizeof(unsigned
long)), j++ )
{
pfn_to_mfn_frame_list[j] =
- virt_to_machine(&phys_to_machine_mapping[i]) >>
PAGE_SHIFT;
+ virt_to_mfn(&phys_to_machine_mapping[i]);
}
}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/setup64.c Fri Aug 19
18:19:28 2005
@@ -139,7 +139,7 @@
for (va = gdt_descr->address, f = 0;
va < gdt_descr->address + gdt_descr->size;
va += PAGE_SIZE, f++) {
- frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+ frames[f] = virt_to_mfn(va);
make_page_readonly((void *)va);
}
if (HYPERVISOR_set_gdt(frames, gdt_descr->size /
@@ -280,19 +280,16 @@
if (cpu) {
memcpy(cpu_gdt_table[cpu], cpu_gdt_table[0], GDT_SIZE);
}
-#endif
cpu_gdt_descr[cpu].size = GDT_SIZE;
cpu_gdt_descr[cpu].address = (unsigned long)cpu_gdt_table[cpu];
- cpu_gdt_init(&cpu_gdt_descr[cpu]);
-
-#ifndef CONFIG_XEN
memcpy(me->thread.tls_array, cpu_gdt_table[cpu], GDT_ENTRY_TLS_ENTRIES
* 8);
-
#else
memcpy(me->thread.tls_array, &get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN],
GDT_ENTRY_TLS_ENTRIES * 8);
+
+ cpu_gdt_init(&cpu_gdt_descr[cpu]);
#endif
/*
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/x86_64/kernel/smpboot.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/smpboot.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/kernel/smpboot.c Fri Aug 19
18:19:28 2005
@@ -780,7 +780,7 @@
for (va = cpu_gdt_descr[cpu].address, f = 0;
va < cpu_gdt_descr[cpu].address + cpu_gdt_descr[cpu].size;
va += PAGE_SIZE, f++) {
- ctxt.gdt_frames[f] = virt_to_machine(va) >> PAGE_SHIFT;
+ ctxt.gdt_frames[f] = virt_to_mfn(va);
make_page_readonly((void *)va);
}
ctxt.gdt_ents = GDT_ENTRIES;
@@ -795,7 +795,7 @@
ctxt.failsafe_callback_eip = (unsigned long)failsafe_callback;
ctxt.syscall_callback_eip = (unsigned long)system_call;
- ctxt.ctrlreg[3] = (unsigned long)virt_to_machine(init_level4_pgt);
+ ctxt.ctrlreg[3] = virt_to_mfn(init_level4_pgt) << PAGE_SHIFT;
boot_error = HYPERVISOR_boot_vcpu(cpu, &ctxt);
@@ -1286,4 +1286,10 @@
smp_intr_init();
local_setup_timer_irq();
}
-#endif
+
+void _restore_vcpu(void)
+{
+ /* XXX need to write this */
+}
+
+#endif
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c
--- a/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/x86_64/mm/init.c Fri Aug 19 18:19:28 2005
@@ -742,7 +742,7 @@
set_fixmap(FIX_ISAMAP_BEGIN - i, i * PAGE_SIZE);
else
__set_fixmap(FIX_ISAMAP_BEGIN - i,
- virt_to_machine(empty_zero_page),
+ virt_to_mfn(empty_zero_page) <<
PAGE_SHIFT,
PAGE_KERNEL_RO);
}
#endif
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/Makefile
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/Makefile Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/Makefile Fri Aug 19 18:19:28 2005
@@ -1,2 +1,2 @@
-obj-y := blkback.o control.o interface.o vbd.o
+obj-y := blkback.o xenbus.o interface.o vbd.o
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/blkback.c Fri Aug 19
18:19:28 2005
@@ -104,7 +104,6 @@
#endif
static int do_block_io_op(blkif_t *blkif, int max_to_do);
-static void dispatch_probe(blkif_t *blkif, blkif_request_t *req);
static void dispatch_rw_block_io(blkif_t *blkif, blkif_request_t *req);
static void make_response(blkif_t *blkif, unsigned long id,
unsigned short op, int st);
@@ -349,10 +348,6 @@
dispatch_rw_block_io(blkif, req);
break;
- case BLKIF_OP_PROBE:
- dispatch_probe(blkif, req);
- break;
-
default:
DPRINTK("error: unknown block io operation [%d]\n",
req->operation);
@@ -363,66 +358,6 @@
blk_ring->req_cons = i;
return more_to_do;
-}
-
-static void dispatch_probe(blkif_t *blkif, blkif_request_t *req)
-{
- int rsp = BLKIF_RSP_ERROR;
- int pending_idx = pending_ring[MASK_PEND_IDX(pending_cons)];
-
- /* We expect one buffer only. */
- if ( unlikely(req->nr_segments != 1) )
- goto out;
-
- /* Make sure the buffer is page-sized. */
- if ( (blkif_first_sect(req->frame_and_sects[0]) != 0) ||
- (blkif_last_sect(req->frame_and_sects[0]) != ((PAGE_SIZE/512)-1)) )
- goto out;
-
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- {
- struct gnttab_map_grant_ref map;
-
- map.host_addr = MMAP_VADDR(pending_idx, 0);
- map.flags = GNTMAP_host_map;
- map.ref = blkif_gref_from_fas(req->frame_and_sects[0]);
- map.dom = blkif->domid;
-
- if ( unlikely(HYPERVISOR_grant_table_op(
- GNTTABOP_map_grant_ref, &map, 1)))
- BUG();
-
- if ( map.handle < 0 )
- goto out;
-
- pending_handle(pending_idx, 0) = map.handle;
- }
-#else /* else CONFIG_XEN_BLKDEV_GRANT */
-
-#ifdef CONFIG_XEN_BLKDEV_TAP_BE
- /* Grab the real frontend out of the probe message. */
- if (req->frame_and_sects[1] == BLKTAP_COOKIE)
- blkif->is_blktap = 1;
-#endif
-
-
- if ( HYPERVISOR_update_va_mapping_otherdomain(
- MMAP_VADDR(pending_idx, 0),
- pfn_pte_ma(req->frame_and_sects[0] >> PAGE_SHIFT, PAGE_KERNEL),
-#ifdef CONFIG_XEN_BLKDEV_TAP_BE
- 0, (blkif->is_blktap ? ID_TO_DOM(req->id) : blkif->domid) ) )
-#else
- 0, blkif->domid) )
-#endif
- goto out;
-#endif /* endif CONFIG_XEN_BLKDEV_GRANT */
-
- rsp = vbd_probe(blkif, (vdisk_t *)MMAP_VADDR(pending_idx, 0),
- PAGE_SIZE / sizeof(vdisk_t));
-
- out:
- fast_flush_area(pending_idx, 1);
- make_response(blkif, req->id, req->operation, rsp);
}
static void dispatch_rw_block_io(blkif_t *blkif, blkif_request_t *req)
@@ -460,7 +395,7 @@
goto bad_descriptor;
}
- preq.dev = req->device;
+ preq.dev = req->handle;
preq.sector_number = req->sector_number;
preq.nr_sects = 0;
@@ -730,8 +665,8 @@
0, SLAB_HWCACHE_ALIGN, NULL, NULL);
#endif
- blkif_ctrlif_init();
-
+ blkif_xenbus_init();
+
#ifdef CONFIG_XEN_BLKDEV_GRANT
memset( pending_grant_handles, BLKBACK_INVALID_HANDLE, MMAP_PAGES );
printk(KERN_ALERT "Blkif backend is using grant tables.\n");
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/common.h
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/common.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/common.h Fri Aug 19 18:19:28 2005
@@ -13,7 +13,6 @@
#include <asm/io.h>
#include <asm/setup.h>
#include <asm/pgalloc.h>
-#include <asm-xen/ctrl_if.h>
#include <asm-xen/evtchn.h>
#include <asm-xen/hypervisor.h>
#include <asm-xen/xen-public/io/blkif.h>
@@ -47,6 +46,7 @@
/* Physical parameters of the comms window. */
unsigned long shmem_frame;
unsigned int evtchn;
+ unsigned int remote_evtchn;
/* Comms information. */
blkif_back_ring_t blk_ring;
/* VBDs attached to this interface. */
@@ -71,7 +71,7 @@
struct work_struct work;
#ifdef CONFIG_XEN_BLKDEV_GRANT
u16 shmem_handle;
- memory_t shmem_vaddr;
+ unsigned long shmem_vaddr;
grant_ref_t shmem_ref;
#endif
} blkif_t;
@@ -81,17 +81,29 @@
void blkif_connect(blkif_be_connect_t *connect);
int blkif_disconnect(blkif_be_disconnect_t *disconnect, u8 rsp_id);
void blkif_disconnect_complete(blkif_t *blkif);
-blkif_t *blkif_find_by_handle(domid_t domid, unsigned int handle);
+blkif_t *blkif_find(domid_t domid);
+void free_blkif(blkif_t *blkif);
+int blkif_map(blkif_t *blkif, unsigned long shared_page, unsigned int evtchn);
+
#define blkif_get(_b) (atomic_inc(&(_b)->refcnt))
#define blkif_put(_b) \
do { \
if ( atomic_dec_and_test(&(_b)->refcnt) ) \
- blkif_disconnect_complete(_b); \
+ free_blkif(_b); \
} while (0)
-void vbd_create(blkif_be_vbd_create_t *create);
+struct vbd;
+void vbd_free(blkif_t *blkif, struct vbd *vbd);
+
+/* Creates inactive vbd. */
+struct vbd *vbd_create(blkif_t *blkif, blkif_vdev_t vdevice, blkif_pdev_t
pdevice, int readonly);
+int vbd_is_active(struct vbd *vbd);
+void vbd_activate(blkif_t *blkif, struct vbd *vbd);
+
+unsigned long vbd_size(struct vbd *vbd);
+unsigned int vbd_info(struct vbd *vbd);
+unsigned long vbd_secsize(struct vbd *vbd);
void vbd_destroy(blkif_be_vbd_destroy_t *delete);
-int vbd_probe(blkif_t *blkif, vdisk_t *vbd_info, int max_vbds);
void destroy_all_vbds(blkif_t *blkif);
struct phys_req {
@@ -104,9 +116,10 @@
int vbd_translate(struct phys_req *req, blkif_t *blkif, int operation);
void blkif_interface_init(void);
-void blkif_ctrlif_init(void);
void blkif_deschedule(blkif_t *blkif);
+
+void blkif_xenbus_init(void);
irqreturn_t blkif_be_int(int irq, void *dev_id, struct pt_regs *regs);
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/interface.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/interface.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/interface.c Fri Aug 19
18:19:28 2005
@@ -7,24 +7,135 @@
*/
#include "common.h"
+#include <asm-xen/ctrl_if.h>
+#include <asm-xen/evtchn.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
#define VMALLOC_VMADDR(x) ((unsigned long)(x))
#endif
#define BLKIF_HASHSZ 1024
-#define BLKIF_HASH(_d,_h) (((int)(_d)^(int)(_h))&(BLKIF_HASHSZ-1))
+#define BLKIF_HASH(_d) (((int)(_d))&(BLKIF_HASHSZ-1))
static kmem_cache_t *blkif_cachep;
static blkif_t *blkif_hash[BLKIF_HASHSZ];
-blkif_t *blkif_find_by_handle(domid_t domid, unsigned int handle)
-{
- blkif_t *blkif = blkif_hash[BLKIF_HASH(domid, handle)];
- while ( (blkif != NULL) &&
- ((blkif->domid != domid) || (blkif->handle != handle)) )
+blkif_t *blkif_find(domid_t domid)
+{
+ blkif_t *blkif = blkif_hash[BLKIF_HASH(domid)];
+
+ while (blkif) {
+ if (blkif->domid == domid) {
+ blkif_get(blkif);
+ return blkif;
+ }
blkif = blkif->hash_next;
+ }
+
+ blkif = kmem_cache_alloc(blkif_cachep, GFP_KERNEL);
+ if (!blkif)
+ return ERR_PTR(-ENOMEM);
+
+ memset(blkif, 0, sizeof(*blkif));
+ blkif->domid = domid;
+ blkif->status = DISCONNECTED;
+ spin_lock_init(&blkif->vbd_lock);
+ spin_lock_init(&blkif->blk_ring_lock);
+ atomic_set(&blkif->refcnt, 1);
+
+ blkif->hash_next = blkif_hash[BLKIF_HASH(domid)];
+ blkif_hash[BLKIF_HASH(domid)] = blkif;
return blkif;
+}
+
+#ifndef CONFIG_XEN_BLKDEV_GRANT
+static int map_frontend_page(blkif_t *blkif, unsigned long localaddr,
+ unsigned long shared_page)
+{
+ return direct_remap_area_pages(&init_mm, localaddr,
+ shared_page<<PAGE_SHIFT, PAGE_SIZE,
+ __pgprot(_KERNPG_TABLE), blkif->domid);
+}
+
+static void unmap_frontend_page(blkif_t *blkif)
+{
+}
+#else
+static int map_frontend_page(blkif_t *blkif, unsigned long localaddr,
+ unsigned long shared_page)
+{
+ struct gnttab_map_grant_ref op;
+ op.host_addr = localaddr;
+ op.flags = GNTMAP_host_map;
+ op.ref = shared_page;
+ op.dom = blkif->domid;
+
+ BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
+
+ if (op.handle < 0) {
+ DPRINTK(" Grant table operation failure !\n");
+ return op.handle;
+ }
+
+ blkif->shmem_ref = shared_page;
+ blkif->shmem_handle = op.handle;
+ blkif->shmem_vaddr = localaddr;
+ return 0;
+}
+
+static void unmap_frontend_page(blkif_t *blkif)
+{
+ struct gnttab_unmap_grant_ref op;
+
+ op.host_addr = blkif->shmem_vaddr;
+ op.handle = blkif->shmem_handle;
+ op.dev_bus_addr = 0;
+ BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
+}
+#endif /* CONFIG_XEN_BLKDEV_GRANT */
+
+int blkif_map(blkif_t *blkif, unsigned long shared_page, unsigned int evtchn)
+{
+ struct vm_struct *vma;
+ blkif_sring_t *sring;
+ evtchn_op_t op = { .cmd = EVTCHNOP_bind_interdomain };
+ int err;
+
+ BUG_ON(blkif->remote_evtchn);
+
+ if ( (vma = get_vm_area(PAGE_SIZE, VM_IOREMAP)) == NULL )
+ return -ENOMEM;
+
+ err = map_frontend_page(blkif, VMALLOC_VMADDR(vma->addr), shared_page);
+ if (err) {
+ vfree(vma->addr);
+ return err;
+ }
+
+ op.u.bind_interdomain.dom1 = DOMID_SELF;
+ op.u.bind_interdomain.dom2 = blkif->domid;
+ op.u.bind_interdomain.port1 = 0;
+ op.u.bind_interdomain.port2 = evtchn;
+ err = HYPERVISOR_event_channel_op(&op);
+ if (err) {
+ unmap_frontend_page(blkif);
+ vfree(vma->addr);
+ return err;
+ }
+
+ blkif->evtchn = op.u.bind_interdomain.port1;
+ blkif->remote_evtchn = evtchn;
+
+ sring = (blkif_sring_t *)vma->addr;
+ SHARED_RING_INIT(sring);
+ BACK_RING_INIT(&blkif->blk_ring, sring, PAGE_SIZE);
+
+ bind_evtchn_to_irqhandler(blkif->evtchn, blkif_be_int, 0, "blkif-backend",
+ blkif);
+ blkif->status = CONNECTED;
+ blkif->shmem_frame = shared_page;
+
+ return 0;
}
static void __blkif_disconnect_complete(void *arg)
@@ -32,21 +143,13 @@
blkif_t *blkif = (blkif_t *)arg;
ctrl_msg_t cmsg;
blkif_be_disconnect_t disc;
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- struct gnttab_unmap_grant_ref op;
-#endif
/*
* These can't be done in blkif_disconnect() because at that point there
* may be outstanding requests at the disc whose asynchronous responses
* must still be notified to the remote driver.
*/
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- op.host_addr = blkif->shmem_vaddr;
- op.handle = blkif->shmem_handle;
- op.dev_bus_addr = 0;
- BUG_ON(HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, &op, 1));
-#endif
+ unmap_frontend_page(blkif);
vfree(blkif->blk_ring.sring);
/* Construct the deferred response message. */
@@ -81,200 +184,35 @@
schedule_work(&blkif->work);
}
-void blkif_create(blkif_be_create_t *create)
-{
- domid_t domid = create->domid;
- unsigned int handle = create->blkif_handle;
- blkif_t **pblkif, *blkif;
-
- if ( (blkif = kmem_cache_alloc(blkif_cachep, GFP_KERNEL)) == NULL )
+void free_blkif(blkif_t *blkif)
+{
+ blkif_t **pblkif;
+ evtchn_op_t op = { .cmd = EVTCHNOP_close };
+
+ op.u.close.port = blkif->evtchn;
+ op.u.close.dom = DOMID_SELF;
+ HYPERVISOR_event_channel_op(&op);
+ op.u.close.port = blkif->remote_evtchn;
+ op.u.close.dom = blkif->domid;
+ HYPERVISOR_event_channel_op(&op);
+
+ if (blkif->evtchn)
+ unbind_evtchn_from_irqhandler(blkif->evtchn, blkif);
+
+ if (blkif->blk_ring.sring) {
+ unmap_frontend_page(blkif);
+ vfree(blkif->blk_ring.sring);
+ }
+
+ pblkif = &blkif_hash[BLKIF_HASH(blkif->domid)];
+ while ( *pblkif != blkif )
{
- DPRINTK("Could not create blkif: out of memory\n");
- create->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
- return;
- }
-
- memset(blkif, 0, sizeof(*blkif));
- blkif->domid = domid;
- blkif->handle = handle;
- blkif->status = DISCONNECTED;
- spin_lock_init(&blkif->vbd_lock);
- spin_lock_init(&blkif->blk_ring_lock);
- atomic_set(&blkif->refcnt, 0);
-
- pblkif = &blkif_hash[BLKIF_HASH(domid, handle)];
- while ( *pblkif != NULL )
- {
- if ( ((*pblkif)->domid == domid) && ((*pblkif)->handle == handle) )
- {
- DPRINTK("Could not create blkif: already exists\n");
- create->status = BLKIF_BE_STATUS_INTERFACE_EXISTS;
- kmem_cache_free(blkif_cachep, blkif);
- return;
- }
+ BUG_ON(!*pblkif);
pblkif = &(*pblkif)->hash_next;
}
-
- blkif->hash_next = *pblkif;
- *pblkif = blkif;
-
- DPRINTK("Successfully created blkif\n");
- create->status = BLKIF_BE_STATUS_OKAY;
-}
-
-void blkif_destroy(blkif_be_destroy_t *destroy)
-{
- domid_t domid = destroy->domid;
- unsigned int handle = destroy->blkif_handle;
- blkif_t **pblkif, *blkif;
-
- pblkif = &blkif_hash[BLKIF_HASH(domid, handle)];
- while ( (blkif = *pblkif) != NULL )
- {
- if ( (blkif->domid == domid) && (blkif->handle == handle) )
- {
- if ( blkif->status != DISCONNECTED )
- goto still_connected;
- goto destroy;
- }
- pblkif = &blkif->hash_next;
- }
-
- destroy->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
- return;
-
- still_connected:
- destroy->status = BLKIF_BE_STATUS_INTERFACE_CONNECTED;
- return;
-
- destroy:
*pblkif = blkif->hash_next;
destroy_all_vbds(blkif);
kmem_cache_free(blkif_cachep, blkif);
- destroy->status = BLKIF_BE_STATUS_OKAY;
-}
-
-void blkif_connect(blkif_be_connect_t *connect)
-{
- domid_t domid = connect->domid;
- unsigned int handle = connect->blkif_handle;
- unsigned int evtchn = connect->evtchn;
- unsigned long shmem_frame = connect->shmem_frame;
- struct vm_struct *vma;
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- int ref = connect->shmem_ref;
-#else
- pgprot_t prot;
- int error;
-#endif
- blkif_t *blkif;
- blkif_sring_t *sring;
-
- blkif = blkif_find_by_handle(domid, handle);
- if ( unlikely(blkif == NULL) )
- {
- DPRINTK("blkif_connect attempted for non-existent blkif (%u,%u)\n",
- connect->domid, connect->blkif_handle);
- connect->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
- return;
- }
-
- if ( (vma = get_vm_area(PAGE_SIZE, VM_IOREMAP)) == NULL )
- {
- connect->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
- return;
- }
-
-#ifndef CONFIG_XEN_BLKDEV_GRANT
- prot = __pgprot(_KERNPG_TABLE);
- error = direct_remap_area_pages(&init_mm, VMALLOC_VMADDR(vma->addr),
- shmem_frame<<PAGE_SHIFT, PAGE_SIZE,
- prot, domid);
- if ( error != 0 )
- {
- if ( error == -ENOMEM )
- connect->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
- else if ( error == -EFAULT )
- connect->status = BLKIF_BE_STATUS_MAPPING_ERROR;
- else
- connect->status = BLKIF_BE_STATUS_ERROR;
- vfree(vma->addr);
- return;
- }
-#else
- { /* Map: Use the Grant table reference */
- struct gnttab_map_grant_ref op;
- op.host_addr = VMALLOC_VMADDR(vma->addr);
- op.flags = GNTMAP_host_map;
- op.ref = ref;
- op.dom = domid;
-
- BUG_ON( HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, &op, 1) );
-
- handle = op.handle;
-
- if (op.handle < 0) {
- DPRINTK(" Grant table operation failure !\n");
- connect->status = BLKIF_BE_STATUS_MAPPING_ERROR;
- vfree(vma->addr);
- return;
- }
-
- blkif->shmem_ref = ref;
- blkif->shmem_handle = handle;
- blkif->shmem_vaddr = VMALLOC_VMADDR(vma->addr);
- }
-#endif
-
- if ( blkif->status != DISCONNECTED )
- {
- connect->status = BLKIF_BE_STATUS_INTERFACE_CONNECTED;
- vfree(vma->addr);
- return;
- }
- sring = (blkif_sring_t *)vma->addr;
- SHARED_RING_INIT(sring);
- BACK_RING_INIT(&blkif->blk_ring, sring, PAGE_SIZE);
-
- blkif->evtchn = evtchn;
- blkif->shmem_frame = shmem_frame;
- blkif->status = CONNECTED;
- blkif_get(blkif);
-
- bind_evtchn_to_irqhandler(
- blkif->evtchn, blkif_be_int, 0, "blkif-backend", blkif);
-
- connect->status = BLKIF_BE_STATUS_OKAY;
-}
-
-int blkif_disconnect(blkif_be_disconnect_t *disconnect, u8 rsp_id)
-{
- domid_t domid = disconnect->domid;
- unsigned int handle = disconnect->blkif_handle;
- blkif_t *blkif;
-
- blkif = blkif_find_by_handle(domid, handle);
- if ( unlikely(blkif == NULL) )
- {
- DPRINTK("blkif_disconnect attempted for non-existent blkif"
- " (%u,%u)\n", disconnect->domid, disconnect->blkif_handle);
- disconnect->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
- return 1; /* Caller will send response error message. */
- }
-
- if ( blkif->status == CONNECTED )
- {
- blkif->status = DISCONNECTING;
- blkif->disconnect_rspid = rsp_id;
- wmb(); /* Let other CPUs see the status change. */
- unbind_evtchn_from_irqhandler(blkif->evtchn, blkif);
- blkif_deschedule(blkif);
- blkif_put(blkif);
- return 0; /* Caller should not send response message. */
- }
-
- disconnect->status = BLKIF_BE_STATUS_OKAY;
- return 1;
}
void __init blkif_interface_init(void)
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/vbd.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/vbd.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/vbd.c Fri Aug 19 18:19:28 2005
@@ -11,13 +11,16 @@
*/
#include "common.h"
+#include <asm-xen/xenbus.h>
struct vbd {
- blkif_vdev_t vdevice; /* what the domain refers to this vbd as */
+ blkif_vdev_t handle; /* what the domain refers to this vbd as */
unsigned char readonly; /* Non-zero -> read-only */
unsigned char type; /* VDISK_xxx */
blkif_pdev_t pdevice; /* phys device that this vbd maps to */
struct block_device *bdev;
+
+ int active;
rb_node_t rb; /* for linking into R-B tree lookup struct */
};
@@ -33,140 +36,128 @@
#define bdev_hardsect_size(_b) 512
#endif
-void vbd_create(blkif_be_vbd_create_t *create)
+unsigned long vbd_size(struct vbd *vbd)
+{
+ return vbd_sz(vbd);
+}
+
+unsigned int vbd_info(struct vbd *vbd)
+{
+ return vbd->type | (vbd->readonly?VDISK_READONLY:0);
+}
+
+unsigned long vbd_secsize(struct vbd *vbd)
+{
+ return bdev_hardsect_size(vbd->bdev);
+}
+
+int vbd_is_active(struct vbd *vbd)
+{
+ return vbd->active;
+}
+
+struct vbd *vbd_create(blkif_t *blkif, blkif_vdev_t handle,
+ blkif_pdev_t pdevice, int readonly)
{
struct vbd *vbd;
+
+ if ( unlikely((vbd = kmalloc(sizeof(struct vbd), GFP_KERNEL)) == NULL) )
+ {
+ DPRINTK("vbd_create: out of memory\n");
+ return ERR_PTR(-ENOMEM);
+ }
+
+ vbd->handle = handle;
+ vbd->readonly = readonly;
+ vbd->type = 0;
+ vbd->active = 0;
+
+ vbd->pdevice = pdevice;
+
+ /* FIXME: Who frees vbd on failure? --RR */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+ vbd->bdev = open_by_devnum(
+ vbd_map_devnum(vbd->pdevice),
+ vbd->readonly ? FMODE_READ : FMODE_WRITE);
+ if ( IS_ERR(vbd->bdev) )
+ {
+ DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
+ return ERR_PTR(-ENOENT);
+ }
+
+ if ( (vbd->bdev->bd_disk == NULL) )
+ {
+ DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
+ bdev_put(vbd->bdev);
+ return ERR_PTR(-ENOENT);
+ }
+
+ if ( vbd->bdev->bd_disk->flags & GENHD_FL_CD )
+ vbd->type |= VDISK_CDROM;
+ if ( vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE )
+ vbd->type |= VDISK_REMOVABLE;
+
+#else
+ if ( (blk_size[MAJOR(vbd->pdevice)] == NULL) || (vbd_sz(vbd) == 0) )
+ {
+ DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
+ return ERR_PTR(-ENOENT);
+ }
+#endif
+
+ DPRINTK("Successful creation of handle=%04x (dom=%u)\n",
+ handle, blkif->domid);
+ return vbd;
+}
+
+void vbd_activate(blkif_t *blkif, struct vbd *vbd)
+{
rb_node_t **rb_p, *rb_parent = NULL;
- blkif_t *blkif;
- blkif_vdev_t vdevice = create->vdevice;
-
- blkif = blkif_find_by_handle(create->domid, create->blkif_handle);
- if ( unlikely(blkif == NULL) )
- {
- DPRINTK("vbd_create attempted for non-existent blkif (%u,%u)\n",
- create->domid, create->blkif_handle);
- create->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
- return;
- }
-
+ struct vbd *i;
+ BUG_ON(vbd_is_active(vbd));
+
+ /* Find where to put it. */
rb_p = &blkif->vbd_rb.rb_node;
while ( *rb_p != NULL )
{
rb_parent = *rb_p;
- vbd = rb_entry(rb_parent, struct vbd, rb);
- if ( vdevice < vbd->vdevice )
+ i = rb_entry(rb_parent, struct vbd, rb);
+ if ( vbd->handle < i->handle )
{
rb_p = &rb_parent->rb_left;
}
- else if ( vdevice > vbd->vdevice )
+ else if ( vbd->handle > i->handle )
{
rb_p = &rb_parent->rb_right;
}
else
{
- DPRINTK("vbd_create attempted for already existing vbd\n");
- create->status = BLKIF_BE_STATUS_VBD_EXISTS;
- return;
+ /* We never create two of same vbd, so not possible. */
+ BUG();
}
}
- if ( unlikely((vbd = kmalloc(sizeof(struct vbd), GFP_KERNEL)) == NULL) )
- {
- DPRINTK("vbd_create: out of memory\n");
- create->status = BLKIF_BE_STATUS_OUT_OF_MEMORY;
- return;
- }
-
- vbd->vdevice = vdevice;
- vbd->readonly = create->readonly;
- vbd->type = 0;
-
- /* Mask to 16-bit for compatibility with old tools */
- vbd->pdevice = create->pdevice & 0xffff;
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
- vbd->bdev = open_by_devnum(
- vbd_map_devnum(vbd->pdevice),
- vbd->readonly ? FMODE_READ : FMODE_WRITE);
- if ( IS_ERR(vbd->bdev) )
- {
- DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
- create->status = BLKIF_BE_STATUS_PHYSDEV_NOT_FOUND;
- return;
- }
-
- if ( (vbd->bdev->bd_disk == NULL) )
- {
- DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
- create->status = BLKIF_BE_STATUS_PHYSDEV_NOT_FOUND;
- bdev_put(vbd->bdev);
- return;
- }
-
- if ( vbd->bdev->bd_disk->flags & GENHD_FL_CD )
- vbd->type |= VDISK_CDROM;
- if ( vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE )
- vbd->type |= VDISK_REMOVABLE;
-
-#else
- if ( (blk_size[MAJOR(vbd->pdevice)] == NULL) || (vbd_sz(vbd) == 0) )
- {
- DPRINTK("vbd_creat: device %08x doesn't exist.\n", vbd->pdevice);
- create->status = BLKIF_BE_STATUS_PHYSDEV_NOT_FOUND;
- return;
- }
-#endif
+ /* Now we're active. */
+ vbd->active = 1;
+ blkif_get(blkif);
spin_lock(&blkif->vbd_lock);
rb_link_node(&vbd->rb, rb_parent, rb_p);
rb_insert_color(&vbd->rb, &blkif->vbd_rb);
spin_unlock(&blkif->vbd_lock);
-
- DPRINTK("Successful creation of vdev=%04x (dom=%u)\n",
- vdevice, create->domid);
- create->status = BLKIF_BE_STATUS_OKAY;
-}
-
-
-void vbd_destroy(blkif_be_vbd_destroy_t *destroy)
-{
- blkif_t *blkif;
- struct vbd *vbd;
- rb_node_t *rb;
- blkif_vdev_t vdevice = destroy->vdevice;
-
- blkif = blkif_find_by_handle(destroy->domid, destroy->blkif_handle);
- if ( unlikely(blkif == NULL) )
- {
- DPRINTK("vbd_destroy attempted for non-existent blkif (%u,%u)\n",
- destroy->domid, destroy->blkif_handle);
- destroy->status = BLKIF_BE_STATUS_INTERFACE_NOT_FOUND;
- return;
- }
-
- rb = blkif->vbd_rb.rb_node;
- while ( rb != NULL )
- {
- vbd = rb_entry(rb, struct vbd, rb);
- if ( vdevice < vbd->vdevice )
- rb = rb->rb_left;
- else if ( vdevice > vbd->vdevice )
- rb = rb->rb_right;
- else
- goto found;
- }
-
- destroy->status = BLKIF_BE_STATUS_VBD_NOT_FOUND;
- return;
-
- found:
- spin_lock(&blkif->vbd_lock);
- rb_erase(rb, &blkif->vbd_rb);
- spin_unlock(&blkif->vbd_lock);
+}
+
+void vbd_free(blkif_t *blkif, struct vbd *vbd)
+{
+ if (vbd_is_active(vbd)) {
+ spin_lock(&blkif->vbd_lock);
+ rb_erase(&vbd->rb, &blkif->vbd_rb);
+ spin_unlock(&blkif->vbd_lock);
+ blkif_put(blkif);
+ }
bdev_put(vbd->bdev);
kfree(vbd);
}
-
void destroy_all_vbds(blkif_t *blkif)
{
@@ -183,73 +174,11 @@
bdev_put(vbd->bdev);
kfree(vbd);
spin_lock(&blkif->vbd_lock);
+ blkif_put(blkif);
}
spin_unlock(&blkif->vbd_lock);
}
-
-
-static void vbd_probe_single(
- blkif_t *blkif, vdisk_t *vbd_info, struct vbd *vbd)
-{
- vbd_info->device = vbd->vdevice;
- vbd_info->info = vbd->type | (vbd->readonly ? VDISK_READONLY : 0);
- vbd_info->capacity = vbd_sz(vbd);
- vbd_info->sector_size = bdev_hardsect_size(vbd->bdev);
-}
-
-
-int vbd_probe(blkif_t *blkif, vdisk_t *vbd_info, int max_vbds)
-{
- int rc = 0, nr_vbds = 0;
- rb_node_t *rb;
-
- spin_lock(&blkif->vbd_lock);
-
- if ( (rb = blkif->vbd_rb.rb_node) == NULL )
- goto out;
-
- new_subtree:
- /* STEP 1. Find least node (it'll be left-most). */
- while ( rb->rb_left != NULL )
- rb = rb->rb_left;
-
- for ( ; ; )
- {
- /* STEP 2. Dealt with left subtree. Now process current node. */
- vbd_probe_single(blkif, &vbd_info[nr_vbds],
- rb_entry(rb, struct vbd, rb));
- if ( ++nr_vbds == max_vbds )
- goto out;
-
- /* STEP 3. Process right subtree, if any. */
- if ( rb->rb_right != NULL )
- {
- rb = rb->rb_right;
- goto new_subtree;
- }
-
- /* STEP 4. Done both subtrees. Head back through ancesstors. */
- for ( ; ; )
- {
- /* We're done when we get back to the root node. */
- if ( rb->rb_parent == NULL )
- goto out;
- /* If we are left of parent, then parent is next to process. */
- if ( rb->rb_parent->rb_left == rb )
- break;
- /* If we are right of parent, then we climb to grandparent. */
- rb = rb->rb_parent;
- }
-
- rb = rb->rb_parent;
- }
-
- out:
- spin_unlock(&blkif->vbd_lock);
- return (rc == 0) ? nr_vbds : rc;
-}
-
int vbd_translate(struct phys_req *req, blkif_t *blkif, int operation)
{
@@ -264,9 +193,9 @@
while ( rb != NULL )
{
vbd = rb_entry(rb, struct vbd, rb);
- if ( req->dev < vbd->vdevice )
+ if ( req->dev < vbd->handle )
rb = rb->rb_left;
- else if ( req->dev > vbd->vdevice )
+ else if ( req->dev > vbd->handle )
rb = rb->rb_right;
else
goto found;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c Fri Aug 19
18:19:28 2005
@@ -53,8 +53,8 @@
#include <linux/sched.h>
#include <linux/interrupt.h>
#include <scsi/scsi.h>
-#include <asm-xen/ctrl_if.h>
#include <asm-xen/evtchn.h>
+#include <asm-xen/xenbus.h>
#ifdef CONFIG_XEN_BLKDEV_GRANT
#include <asm-xen/xen-public/grant_table.h>
#include <asm-xen/gnttab.h>
@@ -65,22 +65,14 @@
/* Control whether runtime update of vbds is enabled. */
#define ENABLE_VBD_UPDATE 1
-#if ENABLE_VBD_UPDATE
-static void vbd_update(void);
-#else
-static void vbd_update(void){};
-#endif
-
#define BLKIF_STATE_CLOSED 0
#define BLKIF_STATE_DISCONNECTED 1
#define BLKIF_STATE_CONNECTED 2
-static int blkif_handle = 0;
static unsigned int blkif_state = BLKIF_STATE_CLOSED;
static unsigned int blkif_evtchn = 0;
-
-static int blkif_control_rsp_valid;
-static blkif_response_t blkif_control_rsp;
+static unsigned int blkif_vbds = 0;
+static unsigned int blkif_vbds_connected = 0;
static blkif_front_ring_t blk_ring;
@@ -92,6 +84,7 @@
#define MAXIMUM_OUTSTANDING_BLOCK_REQS \
(BLKIF_MAX_SEGMENTS_PER_REQUEST * BLKIF_RING_SIZE)
#define GRANTREF_INVALID (1<<15)
+static int shmem_ref;
#endif
static struct blk_shadow {
@@ -105,7 +98,7 @@
static void kick_pending_request_queues(void);
-int __init xlblk_init(void);
+static int __init xlblk_init(void);
static void blkif_completion(struct blk_shadow *s);
@@ -179,19 +172,6 @@
module_init(xlblk_init);
-#if ENABLE_VBD_UPDATE
-static void update_vbds_task(void *unused)
-{
- xlvbd_update_vbds();
-}
-
-static void vbd_update(void)
-{
- static DECLARE_WORK(update_tq, update_vbds_task, NULL);
- schedule_work(&update_tq);
-}
-#endif /* ENABLE_VBD_UPDATE */
-
static struct xlbd_disk_info *head_waiting = NULL;
static void kick_pending_request_queues(void)
{
@@ -221,16 +201,7 @@
int blkif_release(struct inode *inode, struct file *filep)
{
- struct gendisk *gd = inode->i_bdev->bd_disk;
- struct xlbd_disk_info *di = (struct xlbd_disk_info *)gd->private_data;
-
- /*
- * When usage drops to zero it may allow more VBD updates to occur.
- * Update of usage count is protected by a per-device semaphore.
- */
- if ( --di->mi->usage == 0 )
- vbd_update();
-
+ /* FIXME: This is where we can actually free up majors, etc. --RR */
return 0;
}
@@ -301,7 +272,7 @@
ring_req->operation = rq_data_dir(req) ? BLKIF_OP_WRITE :
BLKIF_OP_READ;
ring_req->sector_number = (blkif_sector_t)req->sector;
- ring_req->device = di->xd_device;
+ ring_req->handle = di->handle;
ring_req->nr_segments = 0;
rq_for_each_bio(bio, req)
@@ -446,10 +417,6 @@
end_that_request_last(req);
break;
- case BLKIF_OP_PROBE:
- memcpy(&blkif_control_rsp, bret, sizeof(*bret));
- blkif_control_rsp_valid = 1;
- break;
default:
BUG();
}
@@ -483,28 +450,6 @@
#define blkif_io_lock io_request_lock
/*============================================================================*/
-#if ENABLE_VBD_UPDATE
-
-/*
- * blkif_update_int/update-vbds_task - handle VBD update events.
- * Schedule a task for keventd to run, which will update the VBDs and perform
- * the corresponding updates to our view of VBD state.
- */
-static void update_vbds_task(void *unused)
-{
- xlvbd_update_vbds();
-}
-
-static void vbd_update(void)
-{
- static struct tq_struct update_tq;
- update_tq.routine = update_vbds_task;
- schedule_task(&update_tq);
-}
-
-#endif /* ENABLE_VBD_UPDATE */
-/*============================================================================*/
-
static void kick_pending_request_queues(void)
{
/* We kick pending request queues if the ring is reasonably empty. */
@@ -757,7 +702,8 @@
char * buffer,
unsigned long sector_number,
unsigned short nr_sectors,
- kdev_t device)
+ kdev_t device,
+ blkif_vdev_t handle)
{
unsigned long buffer_ma = virt_to_bus(buffer);
unsigned long xid;
@@ -871,7 +817,7 @@
req->id = xid;
req->operation = operation;
req->sector_number = (blkif_sector_t)sector_number;
- req->device = device;
+ req->handle = handle;
req->nr_segments = 1;
#ifdef CONFIG_XEN_BLKDEV_GRANT
/* install a grant reference. */
@@ -1047,108 +993,10 @@
/***************************** COMMON CODE *******************************/
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-void blkif_control_probe_send(blkif_request_t *req, blkif_response_t *rsp,
- unsigned long address)
-{
- int ref = gnttab_claim_grant_reference(&gref_head, gref_terminal);
- ASSERT( ref != -ENOSPC );
-
- gnttab_grant_foreign_access_ref( ref, rdomid, address >> PAGE_SHIFT, 0 );
-
- req->frame_and_sects[0] = blkif_fas_from_gref(ref, 0, (PAGE_SIZE/512)-1);
-
- blkif_control_send(req, rsp);
-}
-#endif
-
-void blkif_control_send(blkif_request_t *req, blkif_response_t *rsp)
-{
- unsigned long flags, id;
- blkif_request_t *req_d;
-
- retry:
- while ( RING_FULL(&blk_ring) )
- {
- set_current_state(TASK_INTERRUPTIBLE);
- schedule_timeout(1);
- }
-
- spin_lock_irqsave(&blkif_io_lock, flags);
- if ( RING_FULL(&blk_ring) )
- {
- spin_unlock_irqrestore(&blkif_io_lock, flags);
- goto retry;
- }
-
- DISABLE_SCATTERGATHER();
- req_d = RING_GET_REQUEST(&blk_ring, blk_ring.req_prod_pvt);
- *req_d = *req;
-
- id = GET_ID_FROM_FREELIST();
- req_d->id = id;
- blk_shadow[id].request = (unsigned long)req;
-
- pickle_request(&blk_shadow[id], req);
-
- blk_ring.req_prod_pvt++;
- flush_requests();
-
- spin_unlock_irqrestore(&blkif_io_lock, flags);
-
- while ( !blkif_control_rsp_valid )
- {
- set_current_state(TASK_INTERRUPTIBLE);
- schedule_timeout(1);
- }
-
- memcpy(rsp, &blkif_control_rsp, sizeof(*rsp));
- blkif_control_rsp_valid = 0;
-}
-
-
-/* Send a driver status notification to the domain controller. */
-static void send_driver_status(int ok)
-{
- ctrl_msg_t cmsg = {
- .type = CMSG_BLKIF_FE,
- .subtype = CMSG_BLKIF_FE_DRIVER_STATUS,
- .length = sizeof(blkif_fe_driver_status_t),
- };
- blkif_fe_driver_status_t *msg = (void*)cmsg.msg;
-
- msg->status = (ok ? BLKIF_DRIVER_STATUS_UP : BLKIF_DRIVER_STATUS_DOWN);
-
- ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
-}
-
-/* Tell the controller to bring up the interface. */
-static void blkif_send_interface_connect(void)
-{
- ctrl_msg_t cmsg = {
- .type = CMSG_BLKIF_FE,
- .subtype = CMSG_BLKIF_FE_INTERFACE_CONNECT,
- .length = sizeof(blkif_fe_interface_connect_t),
- };
- blkif_fe_interface_connect_t *msg = (void*)cmsg.msg;
-
- msg->handle = 0;
- msg->shmem_frame = (virt_to_machine(blk_ring.sring) >> PAGE_SHIFT);
-
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- msg->shmem_ref = gnttab_claim_grant_reference( &gref_head, gref_terminal
);
- ASSERT( msg->shmem_ref != -ENOSPC );
- gnttab_grant_foreign_access_ref ( msg->shmem_ref , rdomid,
msg->shmem_frame, 0 );
-#endif
-
- ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
-}
-
static void blkif_free(void)
{
/* Prevent new requests being issued until we fix things up. */
spin_lock_irq(&blkif_io_lock);
- recovery = 1;
blkif_state = BLKIF_STATE_DISCONNECTED;
spin_unlock_irq(&blkif_io_lock);
@@ -1160,31 +1008,6 @@
}
unbind_evtchn_from_irqhandler(blkif_evtchn, NULL);
blkif_evtchn = 0;
-}
-
-static void blkif_close(void)
-{
-}
-
-/* Move from CLOSED to DISCONNECTED state. */
-static void blkif_disconnect(void)
-{
- blkif_sring_t *sring;
-
- if ( blk_ring.sring != NULL )
- free_page((unsigned long)blk_ring.sring);
-
- sring = (blkif_sring_t *)__get_free_page(GFP_KERNEL);
- SHARED_RING_INIT(sring);
- FRONT_RING_INIT(&blk_ring, sring, PAGE_SIZE);
- blkif_state = BLKIF_STATE_DISCONNECTED;
- blkif_send_interface_connect();
-}
-
-static void blkif_reset(void)
-{
- blkif_free();
- blkif_disconnect();
}
static void blkif_recover(void)
@@ -1257,11 +1080,14 @@
blkif_state = BLKIF_STATE_CONNECTED;
}
-static void blkif_connect(blkif_fe_interface_status_t *status)
+static void blkif_connect(u16 evtchn, domid_t domid)
{
int err = 0;
- blkif_evtchn = status->evtchn;
+ blkif_evtchn = evtchn;
+#ifdef CONFIG_XEN_BLKDEV_GRANT
+ rdomid = domid;
+#endif
err = bind_evtchn_to_irqhandler(
blkif_evtchn, blkif_int, SA_SAMPLE_RANDOM, "blkif", NULL);
@@ -1270,142 +1096,318 @@
WPRINTK("bind_evtchn_to_irqhandler failed (err=%d)\n", err);
return;
}
-
- if ( recovery )
- {
- blkif_recover();
- }
- else
- {
- /* Transition to connected in case we need to do
- * a partition probe on a whole disk. */
- blkif_state = BLKIF_STATE_CONNECTED;
-
- /* Probe for discs attached to the interface. */
- xlvbd_init();
- }
-
- /* Kick pending requests. */
- spin_lock_irq(&blkif_io_lock);
- kick_pending_request_queues();
- spin_unlock_irq(&blkif_io_lock);
-}
-
-static void unexpected(blkif_fe_interface_status_t *status)
-{
- DPRINTK(" Unexpected blkif status %u in state %u\n",
- status->status, blkif_state);
-}
-
-static void blkif_status(blkif_fe_interface_status_t *status)
-{
+}
+
+
+static struct xenbus_device_id blkfront_ids[] = {
+ { "vbd" },
+ { "" }
+};
+
+struct blkfront_info
+{
+ /* We watch the backend */
+ struct xenbus_watch watch;
+ int vdevice;
+ u16 handle;
+ int connected;
+ struct xenbus_device *dev;
+ char *backend;
+};
+
+static void watch_for_status(struct xenbus_watch *watch, const char *node)
+{
+ struct blkfront_info *info;
+ unsigned int binfo;
+ unsigned long sectors, sector_size;
+ int err;
+
+ info = container_of(watch, struct blkfront_info, watch);
+ node += strlen(watch->node);
+
+ /* FIXME: clean up when error on the other end. */
+ if (info->connected)
+ return;
+
+ err = xenbus_gather(watch->node,
+ "sectors", "%lu", §ors,
+ "info", "%u", &binfo,
+ "sector-size", "%lu", §or_size,
+ NULL);
+
+ if (err)
+ xenbus_dev_error(info->dev, err, "reading backend fields");
+ else {
+ xlvbd_add(sectors, info->vdevice, info->handle, binfo,
+ sector_size);
+ info->connected = 1;
+
+ /* First to connect? blkif is now connected. */
+ if (blkif_vbds_connected++ == 0)
+ blkif_state = BLKIF_STATE_CONNECTED;
+
+ xenbus_dev_ok(info->dev);
+
+ /* Kick pending requests. */
+ spin_lock_irq(&blkif_io_lock);
+ kick_pending_request_queues();
+ spin_unlock_irq(&blkif_io_lock);
+ }
+}
+
+static int setup_blkring(struct xenbus_device *dev, unsigned int backend_id)
+{
+ blkif_sring_t *sring;
+ evtchn_op_t op = { .cmd = EVTCHNOP_alloc_unbound };
+ int err;
+
+ sring = (void *)__get_free_page(GFP_KERNEL);
+ if (!sring) {
+ xenbus_dev_error(dev, -ENOMEM, "allocating shared ring");
+ return -ENOMEM;
+ }
+ SHARED_RING_INIT(sring);
+ FRONT_RING_INIT(&blk_ring, sring, PAGE_SIZE);
+
#ifdef CONFIG_XEN_BLKDEV_GRANT
- rdomid = status->domid; /* need to set rdomid early */
-#endif
-
- if ( status->handle != blkif_handle )
- {
- WPRINTK(" Invalid blkif: handle=%u\n", status->handle);
- unexpected(status);
- return;
- }
-
- switch ( status->status )
- {
- case BLKIF_INTERFACE_STATUS_CLOSED:
- switch ( blkif_state )
- {
- case BLKIF_STATE_CLOSED:
- unexpected(status);
- break;
- case BLKIF_STATE_DISCONNECTED:
- case BLKIF_STATE_CONNECTED:
- unexpected(status);
- blkif_close();
- break;
- }
- break;
-
- case BLKIF_INTERFACE_STATUS_DISCONNECTED:
- switch ( blkif_state )
- {
- case BLKIF_STATE_CLOSED:
- blkif_disconnect();
- break;
- case BLKIF_STATE_DISCONNECTED:
- case BLKIF_STATE_CONNECTED:
- /* unexpected(status); */ /* occurs during suspend/resume */
- blkif_reset();
- break;
- }
- break;
-
- case BLKIF_INTERFACE_STATUS_CONNECTED:
- switch ( blkif_state )
- {
- case BLKIF_STATE_CLOSED:
- unexpected(status);
- blkif_disconnect();
- blkif_connect(status);
- break;
- case BLKIF_STATE_DISCONNECTED:
- blkif_connect(status);
- break;
- case BLKIF_STATE_CONNECTED:
- unexpected(status);
- blkif_connect(status);
- break;
- }
- break;
-
- case BLKIF_INTERFACE_STATUS_CHANGED:
- switch ( blkif_state )
- {
- case BLKIF_STATE_CLOSED:
- case BLKIF_STATE_DISCONNECTED:
- unexpected(status);
- break;
- case BLKIF_STATE_CONNECTED:
- vbd_update();
- break;
- }
- break;
-
- default:
- WPRINTK(" Invalid blkif status: %d\n", status->status);
- break;
- }
-}
-
-
-static void blkif_ctrlif_rx(ctrl_msg_t *msg, unsigned long id)
-{
- switch ( msg->subtype )
- {
- case CMSG_BLKIF_FE_INTERFACE_STATUS:
- blkif_status((blkif_fe_interface_status_t *)
- &msg->msg[0]);
- break;
- default:
- msg->length = 0;
- break;
- }
-
- ctrl_if_send_response(msg);
-}
-
-int wait_for_blkif(void)
+ shmem_ref = gnttab_claim_grant_reference(&gref_head,
+ gref_terminal);
+ ASSERT(shmem_ref != -ENOSPC);
+ gnttab_grant_foreign_access_ref(shmem_ref,
+ backend_id,
+ virt_to_mfn(blk_ring.sring),
+ 0);
+#endif
+
+ op.u.alloc_unbound.dom = backend_id;
+ err = HYPERVISOR_event_channel_op(&op);
+ if (err) {
+ free_page((unsigned long)blk_ring.sring);
+ blk_ring.sring = 0;
+ xenbus_dev_error(dev, err, "allocating event channel");
+ return err;
+ }
+ blkif_connect(op.u.alloc_unbound.port, backend_id);
+ return 0;
+}
+
+/* Common code used when first setting up, and when resuming. */
+static int talk_to_backend(struct xenbus_device *dev,
+ struct blkfront_info *info)
+{
+ char *backend;
+ const char *message;
+ int err, backend_id;
+
+ backend = xenbus_read(dev->nodename, "backend", NULL);
+ if (IS_ERR(backend)) {
+ err = PTR_ERR(backend);
+ if (err == -ENOENT)
+ goto out;
+ xenbus_dev_error(dev, err, "reading %s/backend",
+ dev->nodename);
+ goto out;
+ }
+ if (strlen(backend) == 0) {
+ err = -ENOENT;
+ goto free_backend;
+ }
+
+ /* FIXME: This driver can't handle backends on different
+ * domains. Check and fail gracefully. */
+ err = xenbus_scanf(dev->nodename, "backend-id", "%i", &backend_id);
+ if (err == -ENOENT)
+ goto free_backend;
+ if (err < 0) {
+ xenbus_dev_error(dev, err, "reading %s/backend-id",
+ dev->nodename);
+ goto free_backend;
+ }
+
+ /* First device? We create shared ring, alloc event channel. */
+ if (blkif_vbds == 0) {
+ err = setup_blkring(dev, backend_id);
+ if (err)
+ goto free_backend;
+ }
+
+ err = xenbus_transaction_start(dev->nodename);
+ if (err) {
+ xenbus_dev_error(dev, err, "starting transaction");
+ goto destroy_blkring;
+ }
+
+#ifdef CONFIG_XEN_BLKDEV_GRANT
+ err = xenbus_printf(dev->nodename, "grant-id","%u", shmem_ref);
+ if (err) {
+ message = "writing grant-id";
+ goto abort_transaction;
+ }
+#else
+ err = xenbus_printf(dev->nodename, "shared-frame", "%lu",
+ virt_to_mfn(blk_ring.sring));
+ if (err) {
+ message = "writing shared-frame";
+ goto abort_transaction;
+ }
+#endif
+ err = xenbus_printf(dev->nodename,
+ "event-channel", "%u", blkif_evtchn);
+ if (err) {
+ message = "writing event-channel";
+ goto abort_transaction;
+ }
+
+ info->watch.node = info->backend = backend;
+ info->watch.callback = watch_for_status;
+
+ err = register_xenbus_watch(&info->watch);
+ if (err) {
+ message = "registering watch on backend";
+ goto abort_transaction;
+ }
+
+ err = xenbus_transaction_end(0);
+ if (err) {
+ xenbus_dev_error(dev, err, "completing transaction");
+ goto destroy_blkring;
+ }
+ return 0;
+
+abort_transaction:
+ xenbus_transaction_end(1);
+ /* Have to do this *outside* transaction. */
+ xenbus_dev_error(dev, err, "%s", message);
+destroy_blkring:
+ if (blkif_vbds == 0)
+ blkif_free();
+free_backend:
+ kfree(backend);
+out:
+ printk("%s:%u = %i\n", __FILE__, __LINE__, err);
+ return err;
+}
+
+/* Setup supplies the backend dir, virtual device.
+
+ We place an event channel and shared frame entries.
+ We watch backend to wait if it's ok. */
+static int blkfront_probe(struct xenbus_device *dev,
+ const struct xenbus_device_id *id)
+{
+ int err;
+ struct blkfront_info *info;
+ int vdevice;
+
+ /* FIXME: Use dynamic device id if this is not set. */
+ err = xenbus_scanf(dev->nodename, "virtual-device", "%i", &vdevice);
+ if (err == -ENOENT)
+ return err;
+ if (err < 0) {
+ xenbus_dev_error(dev, err, "reading virtual-device");
+ return err;
+ }
+
+ info = kmalloc(sizeof(*info), GFP_KERNEL);
+ if (!info) {
+ xenbus_dev_error(dev, err, "allocating info structure");
+ return err;
+ }
+ info->dev = dev;
+ info->vdevice = vdevice;
+ info->connected = 0;
+ /* Front end dir is a number, which is used as the id. */
+ info->handle = simple_strtoul(strrchr(dev->nodename,'/')+1, NULL, 0);
+ dev->data = info;
+
+ err = talk_to_backend(dev, info);
+ if (err) {
+ kfree(info);
+ return err;
+ }
+
+ /* Call once in case entries already there. */
+ watch_for_status(&info->watch, info->watch.node);
+ blkif_vbds++;
+ return 0;
+}
+
+static int blkfront_remove(struct xenbus_device *dev)
+{
+ struct blkfront_info *info = dev->data;
+
+ if (info->backend)
+ unregister_xenbus_watch(&info->watch);
+
+ if (info->connected) {
+ xlvbd_del(info->handle);
+ blkif_vbds_connected--;
+ }
+ kfree(info->backend);
+ kfree(info);
+
+ if (--blkif_vbds == 0)
+ blkif_free();
+
+ return 0;
+}
+
+static int blkfront_suspend(struct xenbus_device *dev)
+{
+ struct blkfront_info *info = dev->data;
+
+ unregister_xenbus_watch(&info->watch);
+ kfree(info->backend);
+ info->backend = NULL;
+
+ if (--blkif_vbds == 0) {
+ recovery = 1;
+ blkif_free();
+ }
+
+ return 0;
+}
+
+static int blkfront_resume(struct xenbus_device *dev)
+{
+ struct blkfront_info *info = dev->data;
+ int err;
+
+ /* FIXME: Check geometry hasn't changed here... */
+ err = talk_to_backend(dev, info);
+ if (!err) {
+ if (blkif_vbds++ == 0)
+ blkif_recover();
+ }
+ return err;
+}
+
+static struct xenbus_driver blkfront = {
+ .name = "vbd",
+ .owner = THIS_MODULE,
+ .ids = blkfront_ids,
+ .probe = blkfront_probe,
+ .remove = blkfront_remove,
+ .resume = blkfront_resume,
+ .suspend = blkfront_suspend,
+};
+
+static void __init init_blk_xenbus(void)
+{
+ xenbus_register_device(&blkfront);
+}
+
+static int wait_for_blkif(void)
{
int err = 0;
int i;
- send_driver_status(1);
/*
* We should read 'nr_interfaces' from response message and wait
* for notifications before proceeding. For now we assume that we
* will be notified of exactly one interface.
*/
- for ( i=0; (blkif_state != BLKIF_STATE_CONNECTED) && (i < 10*HZ); i++ )
+ for ( i=0; blkif_state != BLKIF_STATE_CONNECTED && (i < 10*HZ); i++ )
{
set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(1);
@@ -1419,7 +1421,7 @@
return err;
}
-int __init xlblk_init(void)
+static int __init xlblk_init(void)
{
int i;
@@ -1443,27 +1445,11 @@
blk_shadow[i].req.id = i+1;
blk_shadow[BLK_RING_SIZE-1].req.id = 0x0fffffff;
- (void)ctrl_if_register_receiver(CMSG_BLKIF_FE, blkif_ctrlif_rx,
- CALLBACK_IN_BLOCKING_CONTEXT);
+ init_blk_xenbus();
wait_for_blkif();
return 0;
-}
-
-void blkdev_suspend(void)
-{
-}
-
-void blkdev_resume(void)
-{
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- int i, j;
- for ( i = 0; i < BLK_RING_SIZE; i++ )
- for ( j = 0; j < BLKIF_MAX_SEGMENTS_PER_REQUEST; j++ )
- blk_shadow[i].req.frame_and_sects[j] |= GRANTREF_INVALID;
-#endif
- send_driver_status(1);
}
static void blkif_completion(struct blk_shadow *s)
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkfront/block.h
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/block.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/block.h Fri Aug 19 18:19:28 2005
@@ -100,6 +100,7 @@
struct xlbd_disk_info {
int xd_device;
+ blkif_vdev_t handle;
struct xlbd_major_info *mi;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
struct xlbd_disk_info *next_waiting;
@@ -119,17 +120,10 @@
unsigned command, unsigned long argument);
extern int blkif_check(dev_t dev);
extern int blkif_revalidate(dev_t dev);
-extern void blkif_control_send(blkif_request_t *req, blkif_response_t *rsp);
-#ifdef CONFIG_XEN_BLKDEV_GRANT
-extern void blkif_control_probe_send(
- blkif_request_t *req, blkif_response_t *rsp, unsigned long address);
-#endif
extern void do_blkif_request (request_queue_t *rq);
-extern void xlvbd_update_vbds(void);
-
/* Virtual block-device subsystem. */
-extern int xlvbd_init(void);
-extern void xlvbd_cleanup(void);
-
+int xlvbd_add(blkif_sector_t capacity, int device, blkif_vdev_t handle,
+ u16 info, u16 sector_size);
+void xlvbd_del(blkif_vdev_t handle);
#endif /* __XEN_DRIVERS_BLOCK_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkfront/vbd.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/vbd.c Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/vbd.c Fri Aug 19 18:19:28 2005
@@ -46,8 +46,9 @@
struct lvdisk
{
blkif_sector_t capacity; /* 0: Size in terms of 512-byte sectors. */
- blkif_vdev_t device; /* 8: Device number (opaque 16 bit value). */
- u16 info;
+ blkif_vdev_t handle; /* 8: Device number (opaque 16 bit value). */
+ u16 info;
+ dev_t dev;
struct list_head list;
};
@@ -85,7 +86,7 @@
/* Information about our VBDs. */
#define MAX_VBDS 64
-struct list_head vbds_list;
+static LIST_HEAD(vbds_list);
#define MAJOR_XEN(dev) ((dev)>>8)
#define MINOR_XEN(dev) ((dev) & 0xff)
@@ -116,49 +117,6 @@
{
list_del(&disk->list);
kfree(disk);
-}
-
-static vdisk_t *xlvbd_probe(int *ret)
-{
- blkif_response_t rsp;
- blkif_request_t req;
- vdisk_t *disk_info = NULL;
- unsigned long buf;
- int nr;
-
- buf = __get_free_page(GFP_KERNEL);
- if ((void *)buf == NULL)
- goto out;
-
- memset(&req, 0, sizeof(req));
- req.operation = BLKIF_OP_PROBE;
- req.nr_segments = 1;
-#ifdef CONFIG_XEN_BLKDEV_GRANT
- blkif_control_probe_send(&req, &rsp,
- (unsigned long)(virt_to_machine(buf)));
-#else
- req.frame_and_sects[0] = blkif_fas(virt_to_machine(buf), 0,
(PAGE_SIZE/512)-1);
-
- blkif_control_send(&req, &rsp);
-#endif
- if ( rsp.status <= 0 ) {
- WPRINTK("Could not probe disks (%d)\n", rsp.status);
- goto out;
- }
- nr = rsp.status;
- if ( nr > MAX_VBDS )
- nr = MAX_VBDS;
-
- disk_info = kmalloc(nr * sizeof(vdisk_t), GFP_KERNEL);
- if (disk_info != NULL)
- memcpy(disk_info, (void *) buf, nr * sizeof(vdisk_t));
-
- if (ret != NULL)
- *ret = nr;
-
-out:
- free_page(buf);
- return disk_info;
}
static struct xlbd_major_info *xlbd_alloc_major_info(
@@ -189,6 +147,7 @@
break;
}
+ printk("Registering block device major %i\n", ptr->major);
if (register_blkdev(ptr->major, ptr->type->devname)) {
WPRINTK("can't get major %d with name %s\n",
ptr->major, ptr->type->devname);
@@ -231,7 +190,7 @@
xlbd_alloc_major_info(major, minor, index));
}
-static int xlvbd_init_blk_queue(struct gendisk *gd, vdisk_t *disk)
+static int xlvbd_init_blk_queue(struct gendisk *gd, u16 sector_size)
{
request_queue_t *rq;
@@ -242,7 +201,7 @@
elevator_init(rq, "noop");
/* Hard sector size and max sectors impersonate the equiv. hardware. */
- blk_queue_hardsect_size(rq, disk->sector_size);
+ blk_queue_hardsect_size(rq, sector_size);
blk_queue_max_sectors(rq, 512);
/* Each segment in a request is up to an aligned page in size. */
@@ -261,8 +220,9 @@
return 0;
}
-struct gendisk *xlvbd_alloc_gendisk(
- struct xlbd_major_info *mi, int minor, vdisk_t *disk)
+static struct gendisk *xlvbd_alloc_gendisk(
+ struct xlbd_major_info *mi, int minor, blkif_sector_t capacity,
+ int device, blkif_vdev_t handle, u16 info, u16 sector_size)
{
struct gendisk *gd;
struct xlbd_disk_info *di;
@@ -273,7 +233,8 @@
return NULL;
memset(di, 0, sizeof(*di));
di->mi = mi;
- di->xd_device = disk->device;
+ di->xd_device = device;
+ di->handle = handle;
if ((minor & ((1 << mi->type->partn_shift) - 1)) == 0)
nr_minors = 1 << mi->type->partn_shift;
@@ -296,22 +257,22 @@
gd->first_minor = minor;
gd->fops = &xlvbd_block_fops;
gd->private_data = di;
- set_capacity(gd, disk->capacity);
-
- if (xlvbd_init_blk_queue(gd, disk)) {
+ set_capacity(gd, capacity);
+
+ if (xlvbd_init_blk_queue(gd, sector_size)) {
del_gendisk(gd);
goto out;
}
di->rq = gd->queue;
- if (disk->info & VDISK_READONLY)
+ if (info & VDISK_READONLY)
set_disk_ro(gd, 1);
- if (disk->info & VDISK_REMOVABLE)
+ if (info & VDISK_REMOVABLE)
gd->flags |= GENHD_FL_REMOVABLE;
- if (disk->info & VDISK_CDROM)
+ if (info & VDISK_CDROM)
gd->flags |= GENHD_FL_CD;
add_disk(gd);
@@ -323,38 +284,36 @@
return NULL;
}
-static int xlvbd_device_add(struct list_head *list, vdisk_t *disk)
+int xlvbd_add(blkif_sector_t capacity, int device, blkif_vdev_t handle,
+ u16 info, u16 sector_size)
{
struct lvdisk *new;
- int minor;
- dev_t device;
struct block_device *bd;
struct gendisk *gd;
struct xlbd_major_info *mi;
- mi = xlbd_get_major_info(disk->device);
+ mi = xlbd_get_major_info(device);
if (mi == NULL)
return -EPERM;
new = xlvbd_device_alloc();
if (new == NULL)
- return -1;
- new->capacity = disk->capacity;
- new->device = disk->device;
- new->info = disk->info;
-
- minor = MINOR_XEN(disk->device);
- device = MKDEV(mi->major, minor);
-
- bd = bdget(device);
+ return -ENOMEM;
+ new->capacity = capacity;
+ new->info = info;
+ new->handle = handle;
+ new->dev = MKDEV(MAJOR_XEN(device), MINOR_XEN(device));
+
+ bd = bdget(new->dev);
if (bd == NULL)
goto out;
- gd = xlvbd_alloc_gendisk(mi, minor, disk);
+ gd = xlvbd_alloc_gendisk(mi, MINOR_XEN(device), capacity, device, handle,
+ info, sector_size);
if (gd == NULL)
goto out_bd;
- list_add(&new->list, list);
+ list_add(&new->list, &vbds_list);
out_bd:
bdput(bd);
out:
@@ -363,27 +322,26 @@
static int xlvbd_device_del(struct lvdisk *disk)
{
- dev_t device;
struct block_device *bd;
struct gendisk *gd;
struct xlbd_disk_info *di;
int ret = 0, unused;
request_queue_t *rq;
- device = MKDEV(MAJOR_XEN(disk->device), MINOR_XEN(disk->device));
-
- bd = bdget(device);
+ bd = bdget(disk->dev);
if (bd == NULL)
return -1;
- gd = get_gendisk(device, &unused);
+ gd = get_gendisk(disk->dev, &unused);
di = gd->private_data;
+#if 0 /* This is wrong: hda and hdb share same major, for example. */
if (di->mi->usage != 0) {
- WPRINTK("disk removal failed: used [dev=%x]\n", device);
+ WPRINTK("disk removal failed: used [dev=%x]\n", disk->dev);
ret = -1;
goto out;
}
+#endif
rq = gd->queue;
del_gendisk(gd);
@@ -391,110 +349,19 @@
blk_cleanup_queue(rq);
xlvbd_device_free(disk);
-out:
bdput(bd);
return ret;
}
-static int xlvbd_device_update(struct lvdisk *ldisk, vdisk_t *disk)
-{
- dev_t device;
- struct block_device *bd;
- struct gendisk *gd;
- int unused;
-
- if ((ldisk->capacity == disk->capacity) && (ldisk->info == disk->info))
- return 0;
-
- device = MKDEV(MAJOR_XEN(ldisk->device), MINOR_XEN(ldisk->device));
-
- bd = bdget(device);
- if (bd == NULL)
- return -1;
-
- gd = get_gendisk(device, &unused);
- set_capacity(gd, disk->capacity);
- ldisk->capacity = disk->capacity;
-
- bdput(bd);
-
- return 0;
-}
-
-void xlvbd_refresh(void)
-{
- vdisk_t *newdisks;
- struct list_head *tmp, *tmp2;
- struct lvdisk *disk;
- int i, nr;
-
- newdisks = xlvbd_probe(&nr);
- if (newdisks == NULL) {
- WPRINTK("failed to probe\n");
- return;
- }
-
- i = 0;
- list_for_each_safe(tmp, tmp2, &vbds_list) {
- disk = list_entry(tmp, struct lvdisk, list);
-
- for (i = 0; i < nr; i++) {
- if ( !newdisks[i].device )
- continue;
- if ( disk->device == newdisks[i].device ) {
- xlvbd_device_update(disk, &newdisks[i]);
- newdisks[i].device = 0;
- break;
- }
- }
- if (i == nr) {
- xlvbd_device_del(disk);
- newdisks[i].device = 0;
- }
- }
- for (i = 0; i < nr; i++)
- if ( newdisks[i].device )
- xlvbd_device_add(&vbds_list, &newdisks[i]);
- kfree(newdisks);
-}
-
-/*
- * xlvbd_update_vbds - reprobes the VBD status and performs updates driver
- * state. The VBDs need to be updated in this way when the domain is
- * initialised and also each time we receive an XLBLK_UPDATE event.
- */
-void xlvbd_update_vbds(void)
-{
- xlvbd_refresh();
-}
-
-/*
- * Set up all the linux device goop for the virtual block devices
- * (vbd's) that we know about. Note that although from the backend
- * driver's p.o.v. VBDs are addressed simply an opaque 16-bit device
- * number, the domain creation tools conventionally allocate these
- * numbers to correspond to those used by 'real' linux -- this is just
- * for convenience as it means e.g. that the same /etc/fstab can be
- * used when booting with or without Xen.
- */
-int xlvbd_init(void)
-{
- int i, nr;
- vdisk_t *disks;
-
- INIT_LIST_HEAD(&vbds_list);
-
- memset(major_info, 0, sizeof(major_info));
-
- disks = xlvbd_probe(&nr);
- if (disks == NULL) {
- WPRINTK("failed to probe\n");
- return -1;
- }
-
- for (i = 0; i < nr; i++)
- xlvbd_device_add(&vbds_list, &disks[i]);
-
- kfree(disks);
- return 0;
-}
+void xlvbd_del(blkif_vdev_t handle)
+{
+ struct lvdisk *i;
+
+ list_for_each_entry(i, &vbds_list, list) {
+ if (i->handle == handle) {
+ xlvbd_device_del(i);
+ return;
+ }
+ }
+ BUG();
+}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blktap/blktap.h
--- a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.h Fri Aug 19 18:19:28 2005
@@ -87,7 +87,7 @@
struct work_struct work;
#ifdef CONFIG_XEN_BLKDEV_GRANT
u16 shmem_handle;
- memory_t shmem_vaddr;
+ unsigned long shmem_vaddr;
grant_ref_t shmem_ref;
#endif
} blkif_t;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blktap/blktap_controlmsg.c
--- a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap_controlmsg.c Thu Aug
18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap_controlmsg.c Fri Aug
19 18:19:28 2005
@@ -320,7 +320,7 @@
};
blkif_fe_interface_connect_t *msg = (void*)cmsg.msg;
msg->handle = 0;
- msg->shmem_frame = virt_to_machine(blktap_be_ring.sring) >> PAGE_SHIFT;
+ msg->shmem_frame = virt_to_mfn(blktap_be_ring.sring);
ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/netback/common.h
--- a/linux-2.6-xen-sparse/drivers/xen/netback/common.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netback/common.h Fri Aug 19 18:19:28 2005
@@ -49,13 +49,13 @@
unsigned long tx_shmem_frame;
#ifdef CONFIG_XEN_NETDEV_GRANT_TX
u16 tx_shmem_handle;
- memory_t tx_shmem_vaddr;
+ unsigned long tx_shmem_vaddr;
grant_ref_t tx_shmem_ref;
#endif
unsigned long rx_shmem_frame;
#ifdef CONFIG_XEN_NETDEV_GRANT_RX
u16 rx_shmem_handle;
- memory_t rx_shmem_vaddr;
+ unsigned long rx_shmem_vaddr;
grant_ref_t rx_shmem_ref;
#endif
unsigned int evtchn;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/netback/netback.c
--- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c Fri Aug 19
18:19:28 2005
@@ -43,7 +43,7 @@
static int make_rx_response(netif_t *netif,
u16 id,
s8 st,
- memory_t addr,
+ unsigned long addr,
u16 size,
u16 csum_valid);
@@ -251,7 +251,7 @@
#else
struct mmuext_op *mmuext;
#endif
- unsigned long vdata, mdata, new_mfn;
+ unsigned long vdata, old_mfn, new_mfn;
struct sk_buff_head rxq;
struct sk_buff *skb;
u16 notify_list[NETIF_RX_RING_SIZE];
@@ -271,7 +271,7 @@
{
netif = netdev_priv(skb->dev);
vdata = (unsigned long)skb->data;
- mdata = virt_to_machine(vdata);
+ old_mfn = virt_to_mfn(vdata);
/* Memory squeeze? Back off for an arbitrary while. */
if ( (new_mfn = alloc_mfn()) == 0 )
@@ -293,7 +293,7 @@
mcl++;
#ifdef CONFIG_XEN_NETDEV_GRANT_RX
- gop->mfn = mdata >> PAGE_SHIFT;
+ gop->mfn = old_mfn;
gop->domid = netif->domid;
gop->handle = netif->rx->ring[
MASK_NETIF_RX_IDX(netif->rx_resp_prod_copy)].req.gref;
@@ -308,7 +308,7 @@
mcl++;
mmuext->cmd = MMUEXT_REASSIGN_PAGE;
- mmuext->mfn = mdata >> PAGE_SHIFT;
+ mmuext->mfn = old_mfn;
mmuext++;
#endif
mmu->ptr = (new_mfn << PAGE_SHIFT) | MMU_MACHPHYS_UPDATE;
@@ -318,7 +318,7 @@
__skb_queue_tail(&rxq, skb);
#ifdef DEBUG_GRANT
- dump_packet('a', mdata, vdata);
+ dump_packet('a', old_mfn, vdata);
#endif
/* Filled the batch queue? */
if ( (mcl - rx_mcl) == ARRAY_SIZE(rx_mcl) )
@@ -345,10 +345,8 @@
mcl = rx_mcl;
#ifdef CONFIG_XEN_NETDEV_GRANT_RX
- if (unlikely(HYPERVISOR_grant_table_op(GNTTABOP_donate,
- grant_rx_op, gop - grant_rx_op))) {
- BUG();
- }
+ BUG_ON(HYPERVISOR_grant_table_op(
+ GNTTABOP_donate, grant_rx_op, gop - grant_rx_op));
gop = grant_rx_op;
#else
mmuext = rx_mmuext;
@@ -361,10 +359,9 @@
/* Rederive the machine addresses. */
new_mfn = mcl[0].args[1] >> PAGE_SHIFT;
#ifdef CONFIG_XEN_NETDEV_GRANT_RX
- mdata = (unsigned long)skb->data & ~PAGE_MASK;
-#else
- mdata = ((mmuext[0].mfn << PAGE_SHIFT) |
- ((unsigned long)skb->data & ~PAGE_MASK));
+ old_mfn = 0; /* XXX Fix this so we can free_mfn() on error! */
+#else
+ old_mfn = mmuext[0].mfn;
#endif
atomic_set(&(skb_shinfo(skb)->dataref), 1);
skb_shinfo(skb)->nr_frags = 0;
@@ -379,18 +376,20 @@
/* Check the reassignment error code. */
status = NETIF_RSP_OKAY;
#ifdef CONFIG_XEN_NETDEV_GRANT_RX
- BUG_ON(gop->status != 0);
+ BUG_ON(gop->status != 0); /* XXX */
#else
if ( unlikely(mcl[1].result != 0) )
{
DPRINTK("Failed MMU update transferring to DOM%u\n", netif->domid);
- free_mfn(mdata >> PAGE_SHIFT);
+ free_mfn(old_mfn);
status = NETIF_RSP_ERROR;
}
#endif
evtchn = netif->evtchn;
id = netif->rx->ring[MASK_NETIF_RX_IDX(netif->rx_resp_prod)].req.id;
- if ( make_rx_response(netif, id, status, mdata,
+ if ( make_rx_response(netif, id, status,
+ (old_mfn << PAGE_SHIFT) | /* XXX */
+ ((unsigned long)skb->data & ~PAGE_MASK),
size, skb->proto_csum_valid) &&
(rx_notify[evtchn] == 0) )
{
@@ -888,7 +887,7 @@
static int make_rx_response(netif_t *netif,
u16 id,
s8 st,
- memory_t addr,
+ unsigned long addr,
u16 size,
u16 csum_valid)
{
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c Fri Aug 19
18:19:28 2005
@@ -448,11 +448,10 @@
}
grant_rx_ref[id] = ref;
gnttab_grant_foreign_transfer_ref(ref, rdomid,
- virt_to_machine(
- skb->head) >> PAGE_SHIFT);
+ virt_to_mfn(skb->head));
np->rx->ring[MASK_NETIF_RX_IDX(req_prod + i)].req.gref = ref;
#endif
- rx_pfn_array[i] = virt_to_machine(skb->head) >> PAGE_SHIFT;
+ rx_pfn_array[i] = virt_to_mfn(skb->head);
/* Remove this page from pseudo phys map before passing back to Xen. */
phys_to_machine_mapping[__pa(skb->head) >> PAGE_SHIFT]
@@ -543,13 +542,14 @@
printk(KERN_ALERT "#### netfront can't claim tx grant reference\n");
BUG();
}
- mfn = virt_to_machine(skb->data) >> PAGE_SHIFT;
+ mfn = virt_to_mfn(skb->data);
gnttab_grant_foreign_access_ref(ref, rdomid, mfn, GNTMAP_readonly);
- tx->addr = (ref << PAGE_SHIFT) | ((unsigned long)skb->data & ~PAGE_MASK);
+ tx->addr = ref << PAGE_SHIFT;
grant_tx_ref[id] = ref;
#else
- tx->addr = virt_to_machine(skb->data);
-#endif
+ tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT;
+#endif
+ tx->addr |= (unsigned long)skb->data & ~PAGE_MASK;
tx->size = skb->len;
tx->csum_blank = (skb->ip_summed == CHECKSUM_HW);
@@ -720,7 +720,7 @@
while ((skb = __skb_dequeue(&rxq)) != NULL) {
#ifdef GRANT_DEBUG
printk(KERN_ALERT "#### rx_poll dequeue vdata=%p mfn=%lu\n",
- skb->data, virt_to_machine(skb->data)>>PAGE_SHIFT);
+ skb->data, virt_to_mfn(skb->data));
dump_packet('d', skb->data, (unsigned long)skb->data);
#endif
/*
@@ -854,18 +854,23 @@
* interface has been down.
*/
for (requeue_idx = 0, i = 1; i <= NETIF_TX_RING_SIZE; i++) {
- if ((unsigned long)np->tx_skbs[i] >= __PAGE_OFFSET) {
- struct sk_buff *skb = np->tx_skbs[i];
-
- tx = &np->tx->ring[requeue_idx++].req;
-
- tx->id = i;
- tx->addr = virt_to_machine(skb->data);
- tx->size = skb->len;
-
- np->stats.tx_bytes += skb->len;
- np->stats.tx_packets++;
- }
+ if ((unsigned long)np->tx_skbs[i] >= __PAGE_OFFSET) {
+ struct sk_buff *skb = np->tx_skbs[i];
+
+ tx = &np->tx->ring[requeue_idx++].req;
+
+ tx->id = i;
+#ifdef CONFIG_XEN_NETDEV_GRANT_TX
+ tx->addr = 0; /*(ref << PAGE_SHIFT) |*/
+#else
+ tx->addr = virt_to_mfn(skb->data) << PAGE_SHIFT;
+#endif
+ tx->addr |= (unsigned long)skb->data & ~PAGE_MASK;
+ tx->size = skb->len;
+
+ np->stats.tx_bytes += skb->len;
+ np->stats.tx_packets++;
+ }
}
wmb();
np->tx->req_prod = requeue_idx;
@@ -922,7 +927,7 @@
netif_fe_interface_connect_t *msg = (void*)cmsg.msg;
msg->handle = np->handle;
- msg->tx_shmem_frame = (virt_to_machine(np->tx) >> PAGE_SHIFT);
+ msg->tx_shmem_frame = virt_to_mfn(np->tx);
#ifdef CONFIG_XEN_NETDEV_GRANT_TX
msg->tx_shmem_ref = (u32)gnttab_claim_grant_reference(&gref_tx_head,
gref_tx_terminal);
@@ -934,7 +939,7 @@
msg->tx_shmem_frame, 0);
#endif
- msg->rx_shmem_frame = (virt_to_machine(np->rx) >> PAGE_SHIFT);
+ msg->rx_shmem_frame = virt_to_mfn(np->rx);
#ifdef CONFIG_XEN_NETDEV_GRANT_RX
msg->rx_shmem_ref = (u32)gnttab_claim_grant_reference(&gref_rx_head,
gref_rx_terminal);
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/usbback/usbback.c
--- a/linux-2.6-xen-sparse/drivers/xen/usbback/usbback.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/usbback/usbback.c Fri Aug 19
18:19:28 2005
@@ -657,8 +657,8 @@
phys_to_machine_mapping[__pa(MMAP_VADDR(pending_idx, i))>>PAGE_SHIFT] =
FOREIGN_FRAME((buffer_mach + offset) >> PAGE_SHIFT);
- ASSERT(virt_to_machine(MMAP_VADDR(pending_idx, i))
- == buffer_mach + i << PAGE_SHIFT);
+ ASSERT(virt_to_mfn(MMAP_VADDR(pending_idx, i))
+ == ((buffer_mach >> PAGE_SHIFT) + i));
}
if ( req->pipe_type == 0 && req->num_iso > 0 ) /* Maybe schedule ISO... */
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/usbfront/usbfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/usbfront/usbfront.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/usbfront/usbfront.c Fri Aug 19
18:19:28 2005
@@ -195,7 +195,7 @@
}
urb_priv->schedule = schedule;
- req->iso_schedule = virt_to_machine(schedule);
+ req->iso_schedule = virt_to_mfn(schedule) << PAGE_SHIFT;
return 0;
}
@@ -212,7 +212,7 @@
#if DEBUG
printk(KERN_DEBUG
"usbif = %p, req_prod = %d (@ 0x%lx), resp_prod = %d, resp_cons
= %d\n",
- usbif, usbif->req_prod, virt_to_machine(&usbif->req_prod),
+ usbif, usbif->req_prod, virt_to_mfn(&usbif->req_prod),
usbif->resp_prod, xhci->usb_resp_cons);
#endif
@@ -232,7 +232,7 @@
req->operation = USBIF_OP_IO;
req->port = 0; /* We don't care what the port is. */
req->id = (unsigned long) urb->hcpriv;
- req->transfer_buffer = virt_to_machine(urb->transfer_buffer);
+ req->transfer_buffer = virt_to_mfn(urb->transfer_buffer) << PAGE_SHIFT;
req->devnum = usb_pipedevice(urb->pipe);
req->direction = usb_pipein(urb->pipe);
req->speed = usb_pipeslow(urb->pipe);
@@ -280,7 +280,7 @@
printk(KERN_DEBUG
"queuing probe: req_prod = %d (@ 0x%lx), resp_prod = %d, "
"resp_cons = %d\n", usbif->req_prod,
- virt_to_machine(&usbif->req_prod),
+ virt_to_mfn(&usbif->req_prod),
usbif->resp_prod, xhci->usb_resp_cons);
#endif
@@ -1555,7 +1555,7 @@
cmsg.type = CMSG_USBIF_FE;
cmsg.subtype = CMSG_USBIF_FE_INTERFACE_CONNECT;
cmsg.length = sizeof(usbif_fe_interface_connect_t);
- up.shmem_frame = virt_to_machine(sring) >> PAGE_SHIFT;
+ up.shmem_frame = virt_to_mfn(sring);
memcpy(cmsg.msg, &up, sizeof(up));
/* Tell the controller to bring up the interface. */
@@ -1599,7 +1599,7 @@
DPRINTK(KERN_INFO __FILE__
": USB XHCI: SHM at %p (0x%lx), EVTCHN %d\n",
- xhci->usb_ring.sring, virt_to_machine(xhci->usbif),
+ xhci->usb_ring.sring, virt_to_mfn(xhci->usbif),
xhci->evtchn);
xhci->state = USBIF_STATE_CONNECTED;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_comms.c Fri Aug 19
18:19:28 2005
@@ -48,13 +48,12 @@
static inline struct ringbuf_head *outbuf(void)
{
- return machine_to_virt(xen_start_info.store_mfn << PAGE_SHIFT);
+ return mfn_to_virt(xen_start_info.store_mfn);
}
static inline struct ringbuf_head *inbuf(void)
{
- return machine_to_virt(xen_start_info.store_mfn << PAGE_SHIFT)
- + PAGE_SIZE/2;
+ return mfn_to_virt(xen_start_info.store_mfn) + PAGE_SIZE/2;
}
static irqreturn_t wake_waiting(int irq, void *unused, struct pt_regs *regs)
@@ -219,8 +218,7 @@
}
/* FIXME zero out page -- domain builder should probably do this*/
- memset(machine_to_virt(xen_start_info.store_mfn << PAGE_SHIFT),
- 0, PAGE_SIZE);
+ memset(mfn_to_virt(xen_start_info.store_mfn), 0, PAGE_SIZE);
return 0;
}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_probe.c Fri Aug 19
18:19:28 2005
@@ -48,15 +48,7 @@
match_device(const struct xenbus_device_id *arr, struct xenbus_device *dev)
{
for (; !streq(arr->devicetype, ""); arr++) {
- if (!streq(arr->devicetype, dev->devicetype))
- continue;
-
- /* If they don't care what subtype, it's a match. */
- if (streq(arr->subtype, ""))
- return arr;
-
- /* If they care, device must have (same) subtype. */
- if (dev->subtype && streq(arr->subtype, dev->subtype))
+ if (streq(arr->devicetype, dev->devicetype))
return arr;
}
return NULL;
@@ -72,10 +64,102 @@
return match_device(drv->ids, to_xenbus_device(_dev)) != NULL;
}
+struct xen_bus_type
+{
+ char *root;
+ unsigned int levels;
+ int (*get_bus_id)(char bus_id[BUS_ID_SIZE], const char *nodename);
+ int (*probe)(const char *type, const char *dir);
+ struct bus_type bus;
+ struct device dev;
+};
+
+/* device/<type>/<id> => <type>-<id> */
+static int frontend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
+{
+ nodename = strchr(nodename, '/');
+ if (!nodename || strlen(nodename + 1) >= BUS_ID_SIZE) {
+ printk(KERN_WARNING "XENBUS: bad frontend %s\n", nodename);
+ return -EINVAL;
+ }
+
+ strlcpy(bus_id, nodename + 1, BUS_ID_SIZE);
+ if (!strchr(bus_id, '/')) {
+ printk(KERN_WARNING "XENBUS: bus_id %s no slash\n", bus_id);
+ return -EINVAL;
+ }
+ *strchr(bus_id, '/') = '-';
+ return 0;
+}
+
/* Bus type for frontend drivers. */
-static struct bus_type xenbus_type = {
- .name = "xenbus",
- .match = xenbus_match,
+static int xenbus_probe_frontend(const char *type, const char *name);
+static struct xen_bus_type xenbus_frontend = {
+ .root = "device",
+ .levels = 2, /* device/type/<id> */
+ .get_bus_id = frontend_bus_id,
+ .probe = xenbus_probe_frontend,
+ .bus = {
+ .name = "xen",
+ .match = xenbus_match,
+ },
+ .dev = {
+ .bus_id = "xen",
+ },
+};
+
+/* backend/<type>/<fe-uuid>/<id> => <type>-<fe-domid>-<id> */
+static int backend_bus_id(char bus_id[BUS_ID_SIZE], const char *nodename)
+{
+ int domid, err;
+ const char *devid, *type, *frontend;
+ unsigned int typelen;
+
+ type = strchr(nodename, '/');
+ if (!type)
+ return -EINVAL;
+ type++;
+ typelen = strcspn(type, "/");
+ if (!typelen || type[typelen] != '/')
+ return -EINVAL;
+
+ devid = strrchr(nodename, '/') + 1;
+
+ err = xenbus_gather(nodename, "frontend-id", "%i", &domid,
+ "frontend", NULL, &frontend,
+ NULL);
+ if (err)
+ return err;
+ if (strlen(frontend) == 0)
+ err = -ERANGE;
+
+ if (!err && !xenbus_exists(frontend, ""))
+ err = -ENOENT;
+
+ if (err) {
+ kfree(frontend);
+ return err;
+ }
+
+ if (snprintf(bus_id, BUS_ID_SIZE,
+ "%.*s-%i-%s", typelen, type, domid, devid) >= BUS_ID_SIZE)
+ return -ENOSPC;
+ return 0;
+}
+
+static int xenbus_probe_backend(const char *type, const char *uuid);
+static struct xen_bus_type xenbus_backend = {
+ .root = "backend",
+ .levels = 3, /* backend/type/<frontend>/<id> */
+ .get_bus_id = backend_bus_id,
+ .probe = xenbus_probe_backend,
+ .bus = {
+ .name = "xen-backend",
+ .match = xenbus_match,
+ },
+ .dev = {
+ .bus_id = "xen-backend",
+ },
};
static int xenbus_dev_probe(struct device *_dev)
@@ -104,12 +188,13 @@
return drv->remove(dev);
}
-int xenbus_register_driver(struct xenbus_driver *drv)
+static int xenbus_register_driver(struct xenbus_driver *drv,
+ struct xen_bus_type *bus)
{
int err;
drv->driver.name = drv->name;
- drv->driver.bus = &xenbus_type;
+ drv->driver.bus = &bus->bus;
drv->driver.owner = drv->owner;
drv->driver.probe = xenbus_dev_probe;
drv->driver.remove = xenbus_dev_remove;
@@ -120,6 +205,16 @@
return err;
}
+int xenbus_register_device(struct xenbus_driver *drv)
+{
+ return xenbus_register_driver(drv, &xenbus_frontend);
+}
+
+int xenbus_register_backend(struct xenbus_driver *drv)
+{
+ return xenbus_register_driver(drv, &xenbus_backend);
+}
+
void xenbus_unregister_driver(struct xenbus_driver *drv)
{
down(&xenbus_lock);
@@ -130,52 +225,98 @@
struct xb_find_info
{
struct xenbus_device *dev;
- const char *busid;
+ const char *nodename;
};
static int cmp_dev(struct device *dev, void *data)
{
+ struct xenbus_device *xendev = to_xenbus_device(dev);
struct xb_find_info *info = data;
- if (streq(dev->bus_id, info->busid)) {
- info->dev = container_of(get_device(dev),
- struct xenbus_device, dev);
+ if (streq(xendev->nodename, info->nodename)) {
+ info->dev = xendev;
+ get_device(dev);
return 1;
}
return 0;
}
-/* FIXME: device_find is fixed in 2.6.13-rc2 according to Greg KH --RR */
-struct xenbus_device *xenbus_device_find(const char *busid)
-{
- struct xb_find_info info = { .dev = NULL, .busid = busid };
-
- bus_for_each_dev(&xenbus_type, NULL, &info, cmp_dev);
+struct xenbus_device *xenbus_device_find(const char *nodename,
+ struct bus_type *bus)
+{
+ struct xb_find_info info = { .dev = NULL, .nodename = nodename };
+
+ bus_for_each_dev(bus, NULL, &info, cmp_dev);
return info.dev;
}
+static int cleanup_dev(struct device *dev, void *data)
+{
+ struct xenbus_device *xendev = to_xenbus_device(dev);
+ struct xb_find_info *info = data;
+ int len = strlen(info->nodename);
+
+ if (!strncmp(xendev->nodename, info->nodename, len)) {
+ info->dev = xendev;
+ get_device(dev);
+ return 1;
+ }
+ return 0;
+}
+
+static void xenbus_cleanup_devices(const char *path, struct bus_type *bus)
+{
+ struct xb_find_info info = { .nodename = path };
+
+ do {
+ info.dev = NULL;
+ bus_for_each_dev(bus, NULL, &info, cleanup_dev);
+ if (info.dev) {
+ device_unregister(&info.dev->dev);
+ put_device(&info.dev->dev);
+ }
+ } while (info.dev);
+}
static void xenbus_release_device(struct device *dev)
{
if (dev) {
struct xenbus_device *xendev = to_xenbus_device(dev);
- kfree(xendev->subtype);
kfree(xendev);
}
}
-/* devices/<typename>/<name> */
-static int xenbus_probe_device(const char *dirpath, const char *devicetype,
- const char *name)
+
+/* Simplified asprintf. */
+static char *kasprintf(const char *fmt, ...)
+{
+ va_list ap;
+ unsigned int len;
+ char *p, dummy[1];
+
+ va_start(ap, fmt);
+ /* FIXME: vsnprintf has a bug, NULL should work */
+ len = vsnprintf(dummy, 0, fmt, ap);
+ va_end(ap);
+
+ p = kmalloc(len + 1, GFP_KERNEL);
+ if (!p)
+ return NULL;
+ va_start(ap, fmt);
+ vsprintf(p, fmt, ap);
+ va_end(ap);
+ return p;
+}
+
+static int xenbus_probe_node(struct xen_bus_type *bus,
+ const char *type,
+ const char *nodename)
{
int err;
struct xenbus_device *xendev;
unsigned int stringlen;
- /* Nodename: /device/<typename>/<name>/ */
- stringlen = strlen(dirpath) + strlen(devicetype) + strlen(name) + 3;
- /* Typename */
- stringlen += strlen(devicetype) + 1;
+ stringlen = strlen(nodename) + 1 + strlen(type) + 1;
xendev = kmalloc(sizeof(*xendev) + stringlen, GFP_KERNEL);
if (!xendev)
return -ENOMEM;
@@ -183,38 +324,103 @@
/* Copy the strings into the extra space. */
xendev->nodename = (char *)(xendev + 1);
- sprintf(xendev->nodename, "%s/%s/%s", dirpath, devicetype, name);
+ strcpy(xendev->nodename, nodename);
xendev->devicetype = xendev->nodename + strlen(xendev->nodename) + 1;
- strcpy(xendev->devicetype, devicetype);
-
- /* FIXME: look for "subtype" field. */
- snprintf(xendev->dev.bus_id, BUS_ID_SIZE, "%s-%s", devicetype, name);
- xendev->dev.bus = &xenbus_type;
+ strcpy(xendev->devicetype, type);
+
+ xendev->dev.parent = &bus->dev;
+ xendev->dev.bus = &bus->bus;
xendev->dev.release = xenbus_release_device;
+
+ err = bus->get_bus_id(xendev->dev.bus_id, xendev->nodename);
+ if (err) {
+ kfree(xendev);
+ return err;
+ }
/* Register with generic device framework. */
err = device_register(&xendev->dev);
if (err) {
- printk("XENBUS: Registering device %s: error %i\n",
- xendev->dev.bus_id, err);
+ printk("XENBUS: Registering %s device %s: error %i\n",
+ bus->bus.name, xendev->dev.bus_id, err);
kfree(xendev);
}
return err;
}
-static int xenbus_probe_device_type(const char *dirpath, const char *typename)
+/* device/<typename>/<name> */
+static int xenbus_probe_frontend(const char *type, const char *name)
+{
+ char *nodename;
+ int err;
+
+ nodename = kasprintf("%s/%s/%s", xenbus_frontend.root, type, name);
+ if (!nodename)
+ return -ENOMEM;
+
+ err = xenbus_probe_node(&xenbus_frontend, type, nodename);
+ kfree(nodename);
+ return err;
+}
+
+/* backend/<typename>/<frontend-uuid>/<name> */
+static int xenbus_probe_backend_unit(const char *dir,
+ const char *type,
+ const char *name)
+{
+ char *nodename;
+ int err;
+
+ nodename = kasprintf("%s/%s", dir, name);
+ if (!nodename)
+ return -ENOMEM;
+
+ err = xenbus_probe_node(&xenbus_backend, type, nodename);
+ kfree(nodename);
+ return err;
+}
+
+/* backend/<typename>/<frontend-uuid> */
+static int xenbus_probe_backend(const char *type, const char *uuid)
+{
+ char *nodename;
+ int err = 0;
+ char **dir;
+ unsigned int i, dir_n = 0;
+
+ nodename = kasprintf("%s/%s/%s", xenbus_backend.root, type, uuid);
+ if (!nodename)
+ return -ENOMEM;
+
+ dir = xenbus_directory(nodename, "", &dir_n);
+ if (IS_ERR(dir)) {
+ kfree(nodename);
+ return PTR_ERR(dir);
+ }
+
+ for (i = 0; i < dir_n; i++) {
+ err = xenbus_probe_backend_unit(nodename, type, dir[i]);
+ if (err)
+ break;
+ }
+ kfree(dir);
+ kfree(nodename);
+ return err;
+}
+
+static int xenbus_probe_device_type(struct xen_bus_type *bus, const char *type)
{
int err = 0;
char **dir;
unsigned int dir_n = 0;
int i;
- dir = xenbus_directory(dirpath, typename, &dir_n);
+ dir = xenbus_directory(bus->root, type, &dir_n);
if (IS_ERR(dir))
return PTR_ERR(dir);
for (i = 0; i < dir_n; i++) {
- err = xenbus_probe_device(dirpath, typename, dir[i]);
+ err = bus->probe(type, dir[i]);
if (err)
break;
}
@@ -222,18 +428,18 @@
return err;
}
-static int xenbus_probe_devices(const char *path)
+static int xenbus_probe_devices(struct xen_bus_type *bus)
{
int err = 0;
char **dir;
unsigned int i, dir_n;
- dir = xenbus_directory(path, "", &dir_n);
+ dir = xenbus_directory(bus->root, "", &dir_n);
if (IS_ERR(dir))
return PTR_ERR(dir);
for (i = 0; i < dir_n; i++) {
- err = xenbus_probe_device_type(path, dir[i]);
+ err = xenbus_probe_device_type(bus, dir[i]);
if (err)
break;
}
@@ -251,58 +457,117 @@
return ret;
}
-static void dev_changed(struct xenbus_watch *watch, const char *node)
-{
- char busid[BUS_ID_SIZE];
- int exists;
+static int strsep_len(const char *str, char c, unsigned int len)
+{
+ unsigned int i;
+
+ for (i = 0; str[i]; i++)
+ if (str[i] == c) {
+ if (len == 0)
+ return i;
+ len--;
+ }
+ return (len == 0) ? i : -ERANGE;
+}
+
+static void dev_changed(const char *node, struct xen_bus_type *bus)
+{
+ int exists, rootlen;
struct xenbus_device *dev;
- char *p;
-
- /* Node is of form device/<type>/<identifier>[/...] */
- if (char_count(node, '/') != 2)
+ char type[BUS_ID_SIZE];
+ const char *p, *root;
+
+ if (char_count(node, '/') < 2)
+ return;
+
+ exists = xenbus_exists(node, "");
+ if (!exists) {
+ xenbus_cleanup_devices(node, &bus->bus);
return;
-
- /* Created or deleted? */
- exists = xenbus_exists(node, "");
-
+ }
+
+ /* backend/<type>/... or device/<type>/... */
p = strchr(node, '/') + 1;
- if (strlen(p) + 1 > BUS_ID_SIZE) {
- printk("Device for node %s is too big!\n", node);
+ snprintf(type, BUS_ID_SIZE, "%.*s", strcspn(p, "/"), p);
+ type[BUS_ID_SIZE-1] = '\0';
+
+ rootlen = strsep_len(node, '/', bus->levels);
+ if (rootlen < 0)
return;
- }
- /* Bus ID is name with / changed to - */
- strcpy(busid, p);
- *strchr(busid, '/') = '-';
-
- dev = xenbus_device_find(busid);
- printk("xenbus: device %s %s\n", busid, dev ? "exists" : "new");
- if (dev && !exists) {
- printk("xenbus: Unregistering device %s\n", busid);
- /* FIXME: free? */
- device_unregister(&dev->dev);
- } else if (!dev && exists) {
- printk("xenbus: Adding device %s\n", busid);
- /* Hack bus id back into two strings. */
- *strrchr(busid, '-') = '\0';
- xenbus_probe_device("device", busid, busid+strlen(busid)+1);
- } else
- printk("xenbus: strange, %s already %s\n", busid,
- exists ? "exists" : "gone");
- if (dev)
+ root = kasprintf("%.*s", rootlen, node);
+ if (!root)
+ return;
+
+ dev = xenbus_device_find(root, &bus->bus);
+ if (!dev)
+ xenbus_probe_node(bus, type, root);
+ else
put_device(&dev->dev);
+
+ kfree(root);
+}
+
+static void frontend_changed(struct xenbus_watch *watch, const char *node)
+{
+ dev_changed(node, &xenbus_frontend);
+}
+
+static void backend_changed(struct xenbus_watch *watch, const char *node)
+{
+ dev_changed(node, &xenbus_backend);
}
/* We watch for devices appearing and vanishing. */
-static struct xenbus_watch dev_watch = {
- /* FIXME: Ideally we'd only watch for changes 2 levels deep... */
+static struct xenbus_watch fe_watch = {
.node = "device",
- .callback = dev_changed,
+ .callback = frontend_changed,
};
+
+static struct xenbus_watch be_watch = {
+ .node = "backend",
+ .callback = backend_changed,
+};
+
+static int suspend_dev(struct device *dev, void *data)
+{
+ int err = 0;
+ struct xenbus_driver *drv;
+ struct xenbus_device *xdev;
+
+ if (dev->driver == NULL)
+ return 0;
+ drv = to_xenbus_driver(dev->driver);
+ xdev = container_of(dev, struct xenbus_device, dev);
+ if (drv->suspend)
+ err = drv->suspend(xdev);
+ if (err)
+ printk("xenbus: suspend %s failed: %i\n", dev->bus_id, err);
+ return 0;
+}
+
+static int resume_dev(struct device *dev, void *data)
+{
+ int err = 0;
+ struct xenbus_driver *drv;
+ struct xenbus_device *xdev;
+
+ if (dev->driver == NULL)
+ return 0;
+ drv = to_xenbus_driver(dev->driver);
+ xdev = container_of(dev, struct xenbus_device, dev);
+ if (drv->resume)
+ err = drv->resume(xdev);
+ if (err)
+ printk("xenbus: resume %s failed: %i\n", dev->bus_id, err);
+ return 0;
+}
void xenbus_suspend(void)
{
/* We keep lock, so no comms can happen as page moves. */
down(&xenbus_lock);
+ bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, suspend_dev);
+ bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, suspend_dev);
xb_suspend_comms();
}
@@ -310,6 +575,8 @@
{
xb_init_comms();
reregister_xenbus_watches();
+ bus_for_each_dev(&xenbus_frontend.bus, NULL, NULL, resume_dev);
+ bus_for_each_dev(&xenbus_backend.bus, NULL, NULL, resume_dev);
up(&xenbus_lock);
}
@@ -354,30 +621,23 @@
}
down(&xenbus_lock);
- err = notifier_call_chain(&xenstore_chain, 0, 0);
+ /* Enumerate devices in xenstore. */
+ xenbus_probe_devices(&xenbus_frontend);
+ xenbus_probe_devices(&xenbus_backend);
+ /* Watch for changes. */
+ register_xenbus_watch(&fe_watch);
+ register_xenbus_watch(&be_watch);
up(&xenbus_lock);
-
- if (err == NOTIFY_BAD) {
- printk("%s: calling xenstore notify chain failed\n",
- __FUNCTION__);
- return -EINVAL;
- }
-
- err = 0;
-
- down(&xenbus_lock);
- /* Enumerate devices in xenstore. */
- xenbus_probe_devices("device");
- /* Watch for changes. */
- register_xenbus_watch(&dev_watch);
- up(&xenbus_lock);
return 0;
}
static int __init xenbus_probe_init(void)
{
- bus_register(&xenbus_type);
-
+ bus_register(&xenbus_frontend.bus);
+ bus_register(&xenbus_backend.bus);
+ device_register(&xenbus_frontend.dev);
+ device_register(&xenbus_backend.dev);
+
if (!xen_start_info.store_evtchn)
return 0;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c Fri Aug 19
18:19:28 2005
@@ -187,6 +187,7 @@
static char buffer[4096];
BUG_ON(down_trylock(&xenbus_lock) == 0);
+ /* XXX FIXME: might not be correct if name == "" */
BUG_ON(strlen(dir) + strlen("/") + strlen(name) + 1 > sizeof(buffer));
strcpy(buffer, dir);
@@ -399,9 +400,12 @@
ret = PTR_ERR(p);
break;
}
- if (sscanf(p, fmt, result) == 0)
- ret = -EINVAL;
- kfree(p);
+ if (fmt) {
+ if (sscanf(p, fmt, result) == 0)
+ ret = -EINVAL;
+ kfree(p);
+ } else
+ *(char **)result = p;
}
va_end(ap);
return ret;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-i386/desc.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/desc.h Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/desc.h Fri Aug 19
18:19:28 2005
@@ -93,7 +93,7 @@
static inline void load_TLS(struct thread_struct *t, unsigned int cpu)
{
-#define C(i)
HYPERVISOR_update_descriptor(virt_to_machine(&get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN
+ i]), ((u32 *)&t->tls_array[i])[0], ((u32 *)&t->tls_array[i])[1])
+#define C(i)
HYPERVISOR_update_descriptor(virt_to_machine(&get_cpu_gdt_table(cpu)[GDT_ENTRY_TLS_MIN
+ i]), *(u64 *)&t->tls_array[i])
C(0); C(1); C(2);
#undef C
}
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-i386/fixmap.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/fixmap.h Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/fixmap.h Fri Aug 19
18:19:28 2005
@@ -102,8 +102,8 @@
__end_of_fixed_addresses
};
-extern void __set_fixmap (enum fixed_addresses idx,
- unsigned long phys, pgprot_t flags);
+extern void __set_fixmap(
+ enum fixed_addresses idx, maddr_t phys, pgprot_t flags);
#define set_fixmap(idx, phys) \
__set_fixmap(idx, phys, PAGE_KERNEL)
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/hypercall.h Fri Aug 19
18:19:28 2005
@@ -163,7 +163,7 @@
TRAP_INSTR
: "=a" (ret), "=b" (ign)
: "0" (__HYPERVISOR_sched_op), "1" (SCHEDOP_yield)
- : "memory" );
+ : "memory", "ecx" );
return ret;
}
@@ -178,7 +178,7 @@
TRAP_INSTR
: "=a" (ret), "=b" (ign1)
: "0" (__HYPERVISOR_sched_op), "1" (SCHEDOP_block)
- : "memory" );
+ : "memory", "ecx" );
return ret;
}
@@ -194,7 +194,7 @@
: "=a" (ret), "=b" (ign1)
: "0" (__HYPERVISOR_sched_op),
"1" (SCHEDOP_shutdown | (SHUTDOWN_poweroff << SCHEDOP_reasonshift))
- : "memory" );
+ : "memory", "ecx" );
return ret;
}
@@ -210,7 +210,7 @@
: "=a" (ret), "=b" (ign1)
: "0" (__HYPERVISOR_sched_op),
"1" (SCHEDOP_shutdown | (SHUTDOWN_reboot << SCHEDOP_reasonshift))
- : "memory" );
+ : "memory", "ecx" );
return ret;
}
@@ -228,7 +228,7 @@
: "=a" (ret), "=b" (ign1), "=S" (ign2)
: "0" (__HYPERVISOR_sched_op),
"b" (SCHEDOP_shutdown | (SHUTDOWN_suspend << SCHEDOP_reasonshift)),
- "S" (srec) : "memory");
+ "S" (srec) : "memory", "ecx");
return ret;
}
@@ -244,7 +244,7 @@
: "=a" (ret), "=b" (ign1)
: "0" (__HYPERVISOR_sched_op),
"1" (SCHEDOP_shutdown | (SHUTDOWN_crash << SCHEDOP_reasonshift))
- : "memory" );
+ : "memory", "ecx" );
return ret;
}
@@ -316,16 +316,17 @@
static inline int
HYPERVISOR_update_descriptor(
- unsigned long ma, unsigned long word1, unsigned long word2)
-{
- int ret;
- unsigned long ign1, ign2, ign3;
-
- __asm__ __volatile__ (
- TRAP_INSTR
- : "=a" (ret), "=b" (ign1), "=c" (ign2), "=d" (ign3)
- : "0" (__HYPERVISOR_update_descriptor), "1" (ma), "2" (word1),
- "3" (word2)
+ u64 ma, u64 desc)
+{
+ int ret;
+ unsigned long ign1, ign2, ign3, ign4;
+
+ __asm__ __volatile__ (
+ TRAP_INSTR
+ : "=a" (ret), "=b" (ign1), "=c" (ign2), "=d" (ign3), "=S" (ign4)
+ : "0" (__HYPERVISOR_update_descriptor),
+ "1" ((unsigned long)ma), "2" ((unsigned long)(ma>>32)),
+ "3" ((unsigned long)desc), "4" ((unsigned long)(desc>>32))
: "memory" );
return ret;
@@ -529,12 +530,15 @@
{
int ret;
unsigned long ign1;
+ /* Yes, I really do want to clobber edx here: when we resume a
+ vcpu after unpickling a multi-processor domain, it returns
+ here, but clobbers all of the call clobbered registers. */
__asm__ __volatile__ (
TRAP_INSTR
: "=a" (ret), "=b" (ign1)
: "0" (__HYPERVISOR_sched_op),
"1" (SCHEDOP_vcpu_down | (vcpu << SCHEDOP_vcpushift))
- : "memory" );
+ : "memory", "ecx", "edx" );
return ret;
}
@@ -550,8 +554,26 @@
: "=a" (ret), "=b" (ign1)
: "0" (__HYPERVISOR_sched_op),
"1" (SCHEDOP_vcpu_up | (vcpu << SCHEDOP_vcpushift))
+ : "memory", "ecx" );
+
+ return ret;
+}
+
+static inline int
+HYPERVISOR_vcpu_pickle(
+ int vcpu, vcpu_guest_context_t *ctxt)
+{
+ int ret;
+ unsigned long ign1, ign2;
+ __asm__ __volatile__ (
+ TRAP_INSTR
+ : "=a" (ret), "=b" (ign1), "=c" (ign2)
+ : "0" (__HYPERVISOR_sched_op),
+ "1" (SCHEDOP_vcpu_pickle | (vcpu << SCHEDOP_vcpushift)),
+ "2" (ctxt)
: "memory" );
return ret;
}
+
#endif /* __HYPERCALL_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-i386/page.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/page.h Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/page.h Fri Aug 19
18:19:28 2005
@@ -63,20 +63,25 @@
extern unsigned int *phys_to_machine_mapping;
#define pfn_to_mfn(_pfn) ((unsigned long)(phys_to_machine_mapping[(_pfn)]))
#define mfn_to_pfn(_mfn) ((unsigned long)(machine_to_phys_mapping[(_mfn)]))
+
+/* Definitions for machine and pseudophysical addresses. */
#ifdef CONFIG_X86_PAE
-typedef unsigned long long physaddr_t;
-#else
-typedef unsigned long physaddr_t;
-#endif
-static inline physaddr_t phys_to_machine(physaddr_t phys)
-{
- physaddr_t machine = pfn_to_mfn(phys >> PAGE_SHIFT);
+typedef unsigned long long paddr_t;
+typedef unsigned long long maddr_t;
+#else
+typedef unsigned long paddr_t;
+typedef unsigned long maddr_t;
+#endif
+
+static inline maddr_t phys_to_machine(paddr_t phys)
+{
+ maddr_t machine = pfn_to_mfn(phys >> PAGE_SHIFT);
machine = (machine << PAGE_SHIFT) | (phys & ~PAGE_MASK);
return machine;
}
-static inline physaddr_t machine_to_phys(physaddr_t machine)
-{
- physaddr_t phys = mfn_to_pfn(machine >> PAGE_SHIFT);
+static inline paddr_t machine_to_phys(maddr_t machine)
+{
+ paddr_t phys = mfn_to_pfn(machine >> PAGE_SHIFT);
phys = (phys << PAGE_SHIFT) | (machine & ~PAGE_MASK);
return phys;
}
@@ -233,8 +238,10 @@
VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
/* VIRT <-> MACHINE conversion */
-#define virt_to_machine(_a) (phys_to_machine(__pa(_a)))
-#define machine_to_virt(_m) (__va(machine_to_phys(_m)))
+#define virt_to_machine(v) (phys_to_machine(__pa(v)))
+#define machine_to_virt(m) (__va(machine_to_phys(m)))
+#define virt_to_mfn(v) (pfn_to_mfn(__pa(v) >> PAGE_SHIFT))
+#define mfn_to_virt(m) (__va(mfn_to_pfn(m) << PAGE_SHIFT))
#endif /* __KERNEL__ */
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-i386/pgtable.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-i386/pgtable.h Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-i386/pgtable.h Fri Aug 19
18:19:28 2005
@@ -32,7 +32,7 @@
*/
#define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page))
extern unsigned long empty_zero_page[1024];
-extern pgd_t swapper_pg_dir[1024];
+extern pgd_t *swapper_pg_dir;
extern kmem_cache_t *pgd_cache;
extern kmem_cache_t *pmd_cache;
extern spinlock_t pgd_lock;
@@ -450,7 +450,7 @@
#define arbitrary_virt_to_machine(__va)
\
({ \
pte_t *__pte = virt_to_ptep(__va); \
- unsigned long __pa = (*(unsigned long *)__pte) & PAGE_MASK; \
+ maddr_t __pa = (maddr_t)pte_mfn(*__pte) << PAGE_SHIFT; \
__pa | ((unsigned long)(__va) & (PAGE_SIZE-1)); \
})
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/hypercall.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/hypercall.h Thu Aug
18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/hypercall.h Fri Aug
19 18:19:28 2005
@@ -502,4 +502,21 @@
return ret;
}
+static inline int
+HYPERVISOR_vcpu_pickle(
+ int vcpu, vcpu_guest_context_t *ctxt)
+{
+ int ret;
+ unsigned long ign1, ign2;
+ __asm__ __volatile__ (
+ TRAP_INSTR
+ : "=a" (ret), "=b" (ign1), "=c" (ign2)
+ : "0" (__HYPERVISOR_sched_op),
+ "1" (SCHEDOP_vcpu_pickle | (vcpu << SCHEDOP_vcpushift)),
+ "2" (ctxt)
+ : __syscall_clobber );
+
+ return ret;
+}
+
#endif /* __HYPERCALL_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h Thu Aug 18
18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h Fri Aug 19
18:19:28 2005
@@ -65,16 +65,21 @@
extern u32 *phys_to_machine_mapping;
#define pfn_to_mfn(_pfn) ((unsigned long) phys_to_machine_mapping[(unsigned
int)(_pfn)])
#define mfn_to_pfn(_mfn) ((unsigned long) machine_to_phys_mapping[(unsigned
int)(_mfn)])
-static inline unsigned long phys_to_machine(unsigned long phys)
-{
- unsigned long machine = pfn_to_mfn(phys >> PAGE_SHIFT);
+
+/* Definitions for machine and pseudophysical addresses. */
+typedef unsigned long paddr_t;
+typedef unsigned long maddr_t;
+
+static inline maddr_t phys_to_machine(paddr_t phys)
+{
+ maddr_t machine = pfn_to_mfn(phys >> PAGE_SHIFT);
machine = (machine << PAGE_SHIFT) | (phys & ~PAGE_MASK);
return machine;
}
-static inline unsigned long machine_to_phys(unsigned long machine)
-{
- unsigned long phys = mfn_to_pfn(machine >> PAGE_SHIFT);
+static inline paddr_t machine_to_phys(maddr_t machine)
+{
+ paddr_t phys = mfn_to_pfn(machine >> PAGE_SHIFT);
phys = (phys << PAGE_SHIFT) | (machine & ~PAGE_MASK);
return phys;
}
@@ -211,8 +216,10 @@
#define pfn_to_kaddr(pfn) __va((pfn) << PAGE_SHIFT)
/* VIRT <-> MACHINE conversion */
-#define virt_to_machine(_a) (phys_to_machine(__pa(_a)))
-#define machine_to_virt(_m) (__va(machine_to_phys(_m)))
+#define virt_to_machine(v) (phys_to_machine(__pa(v)))
+#define machine_to_virt(m) (__va(machine_to_phys(m)))
+#define virt_to_mfn(v) (pfn_to_mfn(__pa(v) >> PAGE_SHIFT))
+#define mfn_to_virt(m) (__va(mfn_to_pfn(m) << PAGE_SHIFT))
#define VM_DATA_DEFAULT_FLAGS \
(((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/include/asm-xen/xenbus.h
--- a/linux-2.6-xen-sparse/include/asm-xen/xenbus.h Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/xenbus.h Fri Aug 19 18:19:28 2005
@@ -37,7 +37,6 @@
/* A xenbus device. */
struct xenbus_device {
char *devicetype;
- char *subtype;
char *nodename;
struct device dev;
int has_error;
@@ -53,7 +52,6 @@
{
/* .../device/<device_type>/<identifier> */
char devicetype[32]; /* General class of device. */
- char subtype[32]; /* Contents of "subtype" for this device */
};
/* A xenbus driver. */
@@ -61,9 +59,11 @@
char *name;
struct module *owner;
const struct xenbus_device_id *ids;
- int (*probe) (struct xenbus_device * dev,
- const struct xenbus_device_id * id);
- int (*remove) (struct xenbus_device * dev);
+ int (*probe)(struct xenbus_device *dev,
+ const struct xenbus_device_id *id);
+ int (*remove)(struct xenbus_device *dev);
+ int (*suspend)(struct xenbus_device *dev);
+ int (*resume)(struct xenbus_device *dev);
struct device_driver driver;
};
@@ -72,7 +72,8 @@
return container_of(drv, struct xenbus_driver, driver);
}
-int xenbus_register_driver(struct xenbus_driver *drv);
+int xenbus_register_device(struct xenbus_driver *drv);
+int xenbus_register_backend(struct xenbus_driver *drv);
void xenbus_unregister_driver(struct xenbus_driver *drv);
/* Caller must hold this lock to call these functions: it's also held
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/libxendebug/xendebug.c
--- a/tools/debugger/libxendebug/xendebug.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/libxendebug/xendebug.c Fri Aug 19 18:19:28 2005
@@ -40,7 +40,7 @@
typedef struct bwcpoint /* break/watch/catch point */
{
struct list_head list;
- memory_t address;
+ unsigned long address;
u32 domain;
u8 old_value; /* old value for software bkpt */
} bwcpoint_t, *bwcpoint_p;
@@ -311,7 +311,7 @@
/* access to one page */
static int
xendebug_memory_page (domain_context_p ctxt, int xc_handle, u32 vcpu,
- int protection, memory_t address, int length, u8 *buffer)
+ int protection, unsigned long address, int length, u8
*buffer)
{
vcpu_guest_context_t *vcpu_ctxt = &ctxt->context[vcpu];
unsigned long pde, page;
@@ -407,7 +407,7 @@
/* divide a memory operation into accesses to individual pages */
static int
xendebug_memory_op (domain_context_p ctxt, int xc_handle, u32 vcpu,
- int protection, memory_t address, int length, u8 *buffer)
+ int protection, unsigned long address, int length, u8
*buffer)
{
int remain; /* number of bytes to touch past this page */
int bytes = 0;
@@ -431,7 +431,7 @@
xendebug_read_memory(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length,
u8 *data)
{
@@ -451,7 +451,7 @@
xendebug_write_memory(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length,
u8 *data)
{
@@ -471,7 +471,7 @@
xendebug_insert_memory_breakpoint(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length)
{
bwcpoint_p bkpt;
@@ -517,7 +517,7 @@
xendebug_remove_memory_breakpoint(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length)
{
bwcpoint_p bkpt = NULL;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/libxendebug/xendebug.h
--- a/tools/debugger/libxendebug/xendebug.h Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/libxendebug/xendebug.h Fri Aug 19 18:19:28 2005
@@ -45,7 +45,7 @@
int xendebug_read_memory(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length,
u8 *data);
@@ -53,7 +53,7 @@
int xendebug_write_memory(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length,
u8 *data);
@@ -61,13 +61,13 @@
int xendebug_insert_memory_breakpoint(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length);
int xendebug_remove_memory_breakpoint(int xc_handle,
u32 domid,
u32 vcpu,
- memory_t address,
+ unsigned long address,
u32 length);
int xendebug_query_domain_stop(int xc_handle,
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/linux-2.6-module/debug.c
--- a/tools/debugger/pdb/linux-2.6-module/debug.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/linux-2.6-module/debug.c Fri Aug 19 18:19:28 2005
@@ -26,7 +26,7 @@
typedef struct bwcpoint /* break/watch/catch point */
{
struct list_head list;
- memory_t address;
+ unsigned long address;
int length;
u8 type; /* BWC_??? */
@@ -109,7 +109,7 @@
}
bwcpoint_p
-pdb_search_watchpoint (u32 process, memory_t address)
+pdb_search_watchpoint (u32 process, unsigned long address)
{
bwcpoint_p bwc_watch = (bwcpoint_p) 0;
bwcpoint_p bwc_entry = (bwcpoint_p) 0;
@@ -364,7 +364,7 @@
int
pdb_insert_memory_breakpoint (struct task_struct *target,
- memory_t address, u32 length)
+ unsigned long address, u32 length)
{
int rc = 0;
bwcpoint_p bkpt;
@@ -399,7 +399,7 @@
int
pdb_remove_memory_breakpoint (struct task_struct *target,
- memory_t address, u32 length)
+ unsigned long address, u32 length)
{
int rc = 0;
bwcpoint_p bkpt = NULL;
@@ -760,7 +760,7 @@
{
pdb_response_t resp;
bwcpoint_p bkpt = NULL;
- memory_t address = regs->eip - 1;
+ unsigned long address = regs->eip - 1;
struct list_head *entry;
list_for_each(entry, &bwcpoint_list)
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/debugger/pdb/linux-2.6-module/module.c
--- a/tools/debugger/pdb/linux-2.6-module/module.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/linux-2.6-module/module.c Fri Aug 19 18:19:28 2005
@@ -199,7 +199,7 @@
}
static void
-pdb_send_connection_status(int status, memory_t ring)
+pdb_send_connection_status(int status, unsigned long ring)
{
ctrl_msg_t cmsg =
{
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/debugger/pdb/linux-2.6-module/pdb_debug.h
--- a/tools/debugger/pdb/linux-2.6-module/pdb_debug.h Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/linux-2.6-module/pdb_debug.h Fri Aug 19 18:19:28 2005
@@ -18,9 +18,9 @@
int pdb_step (struct task_struct *target);
int pdb_insert_memory_breakpoint (struct task_struct *target,
- memory_t address, u32 length);
+ unsigned long address, u32 length);
int pdb_remove_memory_breakpoint (struct task_struct *target,
- memory_t address, u32 length);
+ unsigned long address, u32 length);
int pdb_insert_watchpoint (struct task_struct *target,
pdb_op_watchpt_p watchpt);
int pdb_remove_watchpoint (struct task_struct *target,
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/pdb_caml_domain.c
--- a/tools/debugger/pdb/pdb_caml_domain.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/pdb_caml_domain.c Fri Aug 19 18:19:28 2005
@@ -203,7 +203,7 @@
context_t ctx;
int loop;
char *buffer;
- memory_t my_address = Int32_val(address);
+ unsigned long my_address = Int32_val(address);
u32 my_length = Int_val(length);
printf ("(pdb) read memory\n");
@@ -259,7 +259,7 @@
context_t ctx;
char buffer[4096]; /* a big buffer */
- memory_t my_address;
+ unsigned long my_address;
u32 length = 0;
printf ("(pdb) write memory\n");
@@ -279,7 +279,7 @@
}
buffer[length++] = Int_val(Field(node, 0));
- my_address = (memory_t) Int32_val(address);
+ my_address = (unsigned long) Int32_val(address);
if ( xendebug_write_memory(xc_handle, ctx.domain, ctx.vcpu,
my_address, length, buffer) )
@@ -344,7 +344,7 @@
CAMLparam3(context, address, length);
context_t ctx;
- memory_t my_address = (memory_t) Int32_val(address);
+ unsigned long my_address = (unsigned long) Int32_val(address);
int my_length = Int_val(length);
decode_context(&ctx, context);
@@ -373,7 +373,7 @@
context_t ctx;
- memory_t my_address = (memory_t) Int32_val(address);
+ unsigned long my_address = (unsigned long) Int32_val(address);
int my_length = Int_val(length);
printf ("(pdb) remove memory breakpoint 0x%lx %d\n",
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/pdb_caml_process.c
--- a/tools/debugger/pdb/pdb_caml_process.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/pdb_caml_process.c Fri Aug 19 18:19:28 2005
@@ -495,7 +495,7 @@
req.operation = PDB_OPCODE_SET_BKPT;
req.process = ctx.process;
- req.u.bkpt.address = (memory_t) Int32_val(address);
+ req.u.bkpt.address = (unsigned long) Int32_val(address);
req.u.bkpt.length = Int_val(length);
send_request(ctx.ring, ctx.evtchn, &req);
@@ -518,7 +518,7 @@
req.operation = PDB_OPCODE_CLR_BKPT;
req.process = ctx.process;
- req.u.bkpt.address = (memory_t) Int32_val(address);
+ req.u.bkpt.address = (unsigned long) Int32_val(address);
req.u.bkpt.length = Int_val(length);
send_request(ctx.ring, ctx.evtchn, &req);
@@ -542,7 +542,7 @@
req.operation = PDB_OPCODE_SET_WATCHPT;
req.process = ctx.process;
req.u.watchpt.type = Int_val(kind);
- req.u.watchpt.address = (memory_t) Int32_val(address);
+ req.u.watchpt.address = (unsigned long) Int32_val(address);
req.u.watchpt.length = Int_val(length);
send_request(ctx.ring, ctx.evtchn, &req);
@@ -566,7 +566,7 @@
req.operation = PDB_OPCODE_CLR_WATCHPT;
req.process = ctx.process;
req.u.watchpt.type = Int_val(kind);
- req.u.watchpt.address = (memory_t) Int32_val(address);
+ req.u.watchpt.address = (unsigned long) Int32_val(address);
req.u.watchpt.length = Int_val(length);
send_request(ctx.ring, ctx.evtchn, &req);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/debugger/pdb/pdb_caml_xcs.c
--- a/tools/debugger/pdb/pdb_caml_xcs.c Thu Aug 18 18:40:02 2005
+++ b/tools/debugger/pdb/pdb_caml_xcs.c Fri Aug 19 18:19:28 2005
@@ -50,7 +50,7 @@
{
CAMLparam2(domain, ring);
int my_domain = Int_val(domain);
- memory_t my_ring = Int32_val(ring);
+ unsigned long my_ring = Int32_val(ring);
pdb_front_ring_t *front_ring;
pdb_sring_t *sring;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/libxc/xc.h
--- a/tools/libxc/xc.h Thu Aug 18 18:40:02 2005
+++ b/tools/libxc/xc.h Fri Aug 19 18:19:28 2005
@@ -515,25 +515,25 @@
*/
int xc_grant_interface_close(int xc_handle);
-int xc_gnttab_map_grant_ref(int xc_handle,
- memory_t host_virt_addr,
- u32 dom,
- u16 ref,
- u16 flags,
- s16 *handle,
- memory_t *dev_bus_addr);
-
-int xc_gnttab_unmap_grant_ref(int xc_handle,
- memory_t host_virt_addr,
- memory_t dev_bus_addr,
- u16 handle,
- s16 *status);
+int xc_gnttab_map_grant_ref(int xc_handle,
+ u64 host_virt_addr,
+ u32 dom,
+ u16 ref,
+ u16 flags,
+ s16 *handle,
+ u64 *dev_bus_addr);
+
+int xc_gnttab_unmap_grant_ref(int xc_handle,
+ u64 host_virt_addr,
+ u64 dev_bus_addr,
+ u16 handle,
+ s16 *status);
int xc_gnttab_setup_table(int xc_handle,
u32 dom,
u16 nr_frames,
s16 *status,
- memory_t **frame_list);
+ unsigned long **frame_list);
/* Grant debug builds only: */
int xc_gnttab_dump_table(int xc_handle,
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/libxc/xc_gnttab.c
--- a/tools/libxc/xc_gnttab.c Thu Aug 18 18:40:02 2005
+++ b/tools/libxc/xc_gnttab.c Fri Aug 19 18:19:28 2005
@@ -40,12 +40,12 @@
int xc_gnttab_map_grant_ref(int xc_handle,
- memory_t host_virt_addr,
+ u64 host_virt_addr,
u32 dom,
u16 ref,
u16 flags,
s16 *handle,
- memory_t *dev_bus_addr)
+ u64 *dev_bus_addr)
{
struct gnttab_map_grant_ref op;
int rc;
@@ -67,8 +67,8 @@
int xc_gnttab_unmap_grant_ref(int xc_handle,
- memory_t host_virt_addr,
- memory_t dev_bus_addr,
+ u64 host_virt_addr,
+ u64 dev_bus_addr,
u16 handle,
s16 *status)
{
@@ -92,7 +92,7 @@
u32 dom,
u16 nr_frames,
s16 *status,
- memory_t **frame_list)
+ unsigned long **frame_list)
{
struct gnttab_setup_table op;
int rc, i;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/lowlevel/xu/xu.c
--- a/tools/python/xen/lowlevel/xu/xu.c Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/lowlevel/xu/xu.c Fri Aug 19 18:19:28 2005
@@ -844,7 +844,7 @@
case TYPE(CMSG_BLKIF_BE, CMSG_BLKIF_BE_CONNECT):
P2C(blkif_be_connect_t, domid, u32);
P2C(blkif_be_connect_t, blkif_handle, u32);
- P2C(blkif_be_connect_t, shmem_frame, memory_t);
+ P2C(blkif_be_connect_t, shmem_frame, unsigned long);
P2C(blkif_be_connect_t, shmem_ref, u32);
P2C(blkif_be_connect_t, evtchn, u16);
break;
@@ -906,9 +906,9 @@
case TYPE(CMSG_NETIF_BE, CMSG_NETIF_BE_CONNECT):
P2C(netif_be_connect_t, domid, u32);
P2C(netif_be_connect_t, netif_handle, u32);
- P2C(netif_be_connect_t, tx_shmem_frame, memory_t);
+ P2C(netif_be_connect_t, tx_shmem_frame, unsigned long);
P2C(netif_be_connect_t, tx_shmem_ref, u32);
- P2C(netif_be_connect_t, rx_shmem_frame, memory_t);
+ P2C(netif_be_connect_t, rx_shmem_frame, unsigned long);
P2C(netif_be_connect_t, rx_shmem_ref, u32);
P2C(netif_be_connect_t, evtchn, u16);
break;
@@ -942,7 +942,7 @@
P2C(usbif_fe_driver_status_changed_t, status, u32);
break;
case TYPE(CMSG_USBIF_FE, CMSG_USBIF_FE_INTERFACE_CONNECT):
- P2C(usbif_fe_interface_connect_t, shmem_frame, memory_t);
+ P2C(usbif_fe_interface_connect_t, shmem_frame, unsigned long);
break;
case TYPE(CMSG_USBIF_FE, CMSG_USBIF_FE_INTERFACE_DISCONNECT):
break;
@@ -956,7 +956,7 @@
break;
case TYPE(CMSG_USBIF_BE, CMSG_USBIF_BE_CONNECT):
P2C(usbif_be_connect_t, domid, domid_t);
- P2C(usbif_be_connect_t, shmem_frame, memory_t);
+ P2C(usbif_be_connect_t, shmem_frame, unsigned long);
P2C(usbif_be_connect_t, evtchn, u32);
P2C(usbif_be_connect_t, bandwidth, u32);
P2C(usbif_be_connect_t, status, u32);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/xend/XendDomainInfo.py Fri Aug 19 18:19:28 2005
@@ -36,8 +36,10 @@
from xen.xend.server import SrvDaemon; xend = SrvDaemon.instance()
from xen.xend.server import messages
from xen.xend.server.channel import EventChannel, channelFactory
+from xen.util.blkif import blkdev_name_to_number, expand_dev_name
from xen.xend import sxp
+from xen.xend import Blkctl
from xen.xend.PrettyPrint import prettyprintstring
from xen.xend.XendBootloader import bootloader
from xen.xend.XendLogging import log
@@ -380,6 +382,39 @@
return ctrl
def createDevice(self, type, devconfig, change=False):
+ if type == 'vbd':
+
+ backdom = domain_exists(sxp.child_value(devconfig, 'backend', '0'))
+
+ devnum = blkdev_name_to_number(sxp.child_value(devconfig, 'dev'))
+
+ # create backend db
+ backdb = backdom.db.addChild("/backend/%s/%s/%d" %
+ (type, self.uuid, devnum))
+
+ # create frontend db
+ db = self.db.addChild("/device/%s/%d" % (type, devnum))
+
+ db['virtual-device'] = "%i" % devnum
+ #db['backend'] = sxp.child_value(devconfig, 'backend', '0')
+ db['backend'] = backdb.getPath()
+ db['backend-id'] = "%i" % int(sxp.child_value(devconfig,
+ 'backend', '0'))
+
+ backdb['frontend'] = db.getPath()
+ (type, params) = string.split(sxp.child_value(devconfig, 'uname'),
':', 1)
+ node = Blkctl.block('bind', type, params)
+ backdb['frontend-id'] = "%i" % self.id
+ backdb['physical-device'] = "%li" % blkdev_name_to_number(node)
+ backdb.saveDB(save=True)
+
+ # Ok, super gross, this really doesn't belong in the frontend db...
+ db['type'] = type
+ db['node'] = node
+ db['params'] = params
+ db.saveDB(save=True)
+
+ return
ctrl = self.findDeviceController(type)
return ctrl.createDevice(devconfig, recreate=self.recreate,
change=change)
@@ -671,6 +706,16 @@
for ctrl in self.getDeviceControllers():
if ctrl.isDestroyed(): continue
ctrl.destroyController(reboot=reboot)
+ ddb = self.db.addChild("/device")
+ for type in ddb.keys():
+ if type == 'vbd':
+ typedb = ddb.addChild(type)
+ for dev in typedb.keys():
+ devdb = typedb.addChild(str(dev))
+ Blkctl.block('unbind', devdb['type'].getData(),
+ devdb['node'].getData())
+ typedb[dev].delete()
+ typedb.saveDB(save=True)
def show(self):
"""Print virtual machine info.
@@ -926,6 +971,7 @@
at creation time, for example when it uses NFS root.
"""
+ return
blkif = self.getDeviceController("vbd", error=False)
if not blkif:
blkif = self.createDeviceController("vbd")
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/xend/server/event.py
--- a/tools/python/xen/xend/server/event.py Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/xend/server/event.py Fri Aug 19 18:19:28 2005
@@ -50,7 +50,7 @@
def dataReceived(self, data):
try:
self.parser.input(data)
- if self.parser.ready():
+ while(self.parser.ready()):
val = self.parser.get_val()
res = self.dispatch(val)
self.send_result(res)
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/python/xen/xend/server/relocate.py
--- a/tools/python/xen/xend/server/relocate.py Thu Aug 18 18:40:02 2005
+++ b/tools/python/xen/xend/server/relocate.py Fri Aug 19 18:19:28 2005
@@ -42,7 +42,7 @@
def dataReceived(self, data):
try:
self.parser.input(data)
- if self.parser.ready():
+ while(self.parser.ready()):
val = self.parser.get_val()
res = self.dispatch(val)
self.send_result(res)
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/Makefile
--- a/tools/security/Makefile Thu Aug 18 18:40:02 2005
+++ b/tools/security/Makefile Fri Aug 19 18:19:28 2005
@@ -2,27 +2,71 @@
include $(XEN_ROOT)/tools/Rules.mk
SRCS = secpol_tool.c
-CFLAGS += -static
CFLAGS += -Wall
CFLAGS += -Werror
CFLAGS += -O3
CFLAGS += -fno-strict-aliasing
-CFLAGS += -I.
+CFLAGS += -I. -I/usr/include/libxml2
+CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs )
+#if above does not work, try -L/usr/lib -lxml2 -lz -lpthread -lm
+XML2VERSION = $(shell xml2-config --version )
+VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else
echo "-DVALIDATE_SCHEMA"; fi; )
+ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY)
+POLICY=null
+endif
+ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY)
+POLICY=chwall
+endif
+ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+POLICY=ste
+endif
+ifeq
($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)
+POLICY=chwall_ste
+endif
+POLICYFILE=./policies/$(POLICY)/$(POLICY).bin
+
+ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY)
all: build
+
+install:all
+
+default:all
+else
+all:
+
+install:
+
+default:
+endif
+
build: mk-symlinks
$(MAKE) secpol_tool
+ $(MAKE) secpol_xml2bin
+ chmod 700 ./setlabel.sh
+ chmod 700 ./updategrub.sh
-default: all
-
-install: all
-
-secpol_tool : secpol_tool.c
+secpol_tool : secpol_tool.c secpol_compat.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
+secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@
$<
+
clean:
- rm -rf secpol_tool xen
+ rm -rf secpol_tool secpol_xml2bin xen
+policy_clean:
+ rm -rf policies/*/*.bin policies/*/*.map
+
+mrproper: clean policy_clean
+
+
+$(POLICYFILE) : build
+ @./secpol_xml2bin $(POLICY) > /dev/null
+
+boot_install: $(POLICYFILE)
+ @cp $(POLICYFILE) /boot
+ @./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT)
LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
mk-symlinks:
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_tool.c
--- a/tools/security/secpol_tool.c Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_tool.c Fri Aug 19 18:19:28 2005
@@ -31,18 +31,8 @@
#include <stdlib.h>
#include <sys/ioctl.h>
#include <string.h>
-#include <stdint.h>
#include <netinet/in.h>
-
-typedef uint8_t u8;
-typedef uint16_t u16;
-typedef uint32_t u32;
-typedef uint64_t u64;
-typedef int8_t s8;
-typedef int16_t s16;
-typedef int32_t s32;
-typedef int64_t s64;
-
+#include "secpol_compat.h"
#include <xen/acm.h>
#include <xen/acm_ops.h>
#include <xen/linux/privcmd.h>
@@ -270,171 +260,6 @@
}
}
-/*************************** set policy ****************************/
-
-int acm_domain_set_chwallpolicy(void *bufstart, int buflen)
-{
-#define CWALL_MAX_SSIDREFS 6
-#define CWALL_MAX_TYPES 10
-#define CWALL_MAX_CONFLICTSETS 2
-
- struct acm_chwall_policy_buffer *chwall_bin_pol =
- (struct acm_chwall_policy_buffer *) bufstart;
- domaintype_t *ssidrefs, *conflicts;
- int ret = 0;
- int j;
-
- chwall_bin_pol->chwall_max_types = htonl(CWALL_MAX_TYPES);
- chwall_bin_pol->chwall_max_ssidrefs = htonl(CWALL_MAX_SSIDREFS);
- chwall_bin_pol->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
- chwall_bin_pol->policy_version = htonl(ACM_CHWALL_VERSION);
- chwall_bin_pol->chwall_ssid_offset =
- htonl(sizeof(struct acm_chwall_policy_buffer));
- chwall_bin_pol->chwall_max_conflictsets =
- htonl(CWALL_MAX_CONFLICTSETS);
- chwall_bin_pol->chwall_conflict_sets_offset =
- htonl(ntohl(chwall_bin_pol->chwall_ssid_offset) +
- sizeof(domaintype_t) * CWALL_MAX_SSIDREFS * CWALL_MAX_TYPES);
- chwall_bin_pol->chwall_running_types_offset = 0; /* not set */
- chwall_bin_pol->chwall_conflict_aggregate_offset = 0; /* not set */
- ret += sizeof(struct acm_chwall_policy_buffer);
- /* now push example ssids into the buffer (max_ssidrefs x max_types
entries) */
- /* check buffer size */
- if ((buflen - ret) <
- (CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t)))
- return -1; /* not enough space */
-
- ssidrefs = (domaintype_t *) (bufstart +
- ntohl(chwall_bin_pol->chwall_ssid_offset));
- memset(ssidrefs, 0,
- CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t));
-
- /* now set type j-1 for ssidref i+1 */
- for (j = 0; j <= CWALL_MAX_SSIDREFS; j++)
- if ((0 < j) && (j <= CWALL_MAX_TYPES))
- ssidrefs[j * CWALL_MAX_TYPES + j - 1] = htons(1);
-
- ret += CWALL_MAX_TYPES * CWALL_MAX_SSIDREFS * sizeof(domaintype_t);
- if ((buflen - ret) <
- (CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES * sizeof(domaintype_t)))
- return -1; /* not enough space */
-
- /* now the chinese wall policy conflict sets */
- conflicts = (domaintype_t *) (bufstart +
- ntohl(chwall_bin_pol->
- chwall_conflict_sets_offset));
- memset((void *) conflicts, 0,
- CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES *
- sizeof(domaintype_t));
- /* just 1 conflict set [0]={2,3}, [1]={1,5,6} */
- if (CWALL_MAX_TYPES > 3)
- {
- conflicts[2] = htons(1);
- conflicts[3] = htons(1); /* {2,3} */
- conflicts[CWALL_MAX_TYPES + 1] = htons(1);
- conflicts[CWALL_MAX_TYPES + 5] = htons(1);
- conflicts[CWALL_MAX_TYPES + 6] = htons(1); /* {0,5,6} */
- }
- ret += sizeof(domaintype_t) * CWALL_MAX_CONFLICTSETS * CWALL_MAX_TYPES;
- return ret;
-}
-
-int acm_domain_set_stepolicy(void *bufstart, int buflen)
-{
-#define STE_MAX_SSIDREFS 6
-#define STE_MAX_TYPES 5
-
- struct acm_ste_policy_buffer *ste_bin_pol =
- (struct acm_ste_policy_buffer *) bufstart;
- domaintype_t *ssidrefs;
- int j, ret = 0;
-
- ste_bin_pol->ste_max_types = htonl(STE_MAX_TYPES);
- ste_bin_pol->ste_max_ssidrefs = htonl(STE_MAX_SSIDREFS);
- ste_bin_pol->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
- ste_bin_pol->policy_version = htonl(ACM_STE_VERSION);
- ste_bin_pol->ste_ssid_offset =
- htonl(sizeof(struct acm_ste_policy_buffer));
- ret += sizeof(struct acm_ste_policy_buffer);
- /* check buffer size */
- if ((buflen - ret) <
- (STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t)))
- return -1; /* not enough space */
-
- ssidrefs =
- (domaintype_t *) (bufstart + ntohl(ste_bin_pol->ste_ssid_offset));
- memset(ssidrefs, 0,
- STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t));
- /* all types 1 for ssidref 1 */
- for (j = 0; j < STE_MAX_TYPES; j++)
- ssidrefs[1 * STE_MAX_TYPES + j] = htons(1);
- /* now set type j-1 for ssidref j */
- for (j = 0; j < STE_MAX_SSIDREFS; j++)
- if ((0 < j) && (j <= STE_MAX_TYPES))
- ssidrefs[j * STE_MAX_TYPES + j - 1] = htons(1);
- ret += STE_MAX_TYPES * STE_MAX_SSIDREFS * sizeof(domaintype_t);
- return ret;
-}
-
-#define MAX_PUSH_BUFFER 16384
-u8 push_buffer[MAX_PUSH_BUFFER];
-
-int acm_domain_setpolicy(int xc_handle)
-{
- int ret;
- struct acm_policy_buffer *bin_pol;
- acm_op_t op;
-
- /* future: read policy from file and set it */
- bin_pol = (struct acm_policy_buffer *) push_buffer;
- bin_pol->policy_version = htonl(ACM_POLICY_VERSION);
- bin_pol->magic = htonl(ACM_MAGIC);
- bin_pol->primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
- bin_pol->secondary_policy_code =
- htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
-
- bin_pol->len = htonl(sizeof(struct acm_policy_buffer));
- bin_pol->primary_buffer_offset = htonl(ntohl(bin_pol->len));
- ret =
- acm_domain_set_chwallpolicy(push_buffer +
- ntohl(bin_pol->primary_buffer_offset),
- MAX_PUSH_BUFFER -
- ntohl(bin_pol->primary_buffer_offset));
- if (ret < 0)
- {
- printf("ERROR creating chwallpolicy buffer.\n");
- return -1;
- }
- bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
- bin_pol->secondary_buffer_offset = htonl(ntohl(bin_pol->len));
- ret = acm_domain_set_stepolicy(push_buffer +
- ntohl(bin_pol->secondary_buffer_offset),
- MAX_PUSH_BUFFER -
- ntohl(bin_pol->secondary_buffer_offset));
- if (ret < 0)
- {
- printf("ERROR creating chwallpolicy buffer.\n");
- return -1;
- }
- bin_pol->len = htonl(ntohl(bin_pol->len) + ret);
-
- /* dump it and then push it down into xen/acm */
- acm_dump_policy_buffer(push_buffer, ntohl(bin_pol->len));
-
- op.cmd = ACM_SETPOLICY;
- op.interface_version = ACM_INTERFACE_VERSION;
- op.u.setpolicy.pushcache = (void *) push_buffer;
- op.u.setpolicy.pushcache_size = ntohl(bin_pol->len);
- ret = do_acm_op(xc_handle, &op);
-
- if (ret)
- printf("ERROR setting policy. Use 'xm dmesg' to see details.\n");
- else
- printf("Successfully changed policy.\n");
-
- return ret;
-}
-
/******************************* get policy ******************************/
#define PULL_CACHE_SIZE 8192
@@ -602,7 +427,6 @@
void usage(char *progname)
{
printf("Use: %s \n"
- "\t setpolicy\n"
"\t getpolicy\n"
"\t dumpstats\n"
"\t loadpolicy <binary policy file>\n", progname);
@@ -623,12 +447,7 @@
exit(-1);
}
- if (!strcmp(argv[1], "setpolicy"))
- {
- if (argc != 2)
- usage(argv[0]);
- ret = acm_domain_setpolicy(acm_cmd_fd);
- } else if (!strcmp(argv[1], "getpolicy")) {
+ if (!strcmp(argv[1], "getpolicy")) {
if (argc != 2)
usage(argv[0]);
ret = acm_domain_getpolicy(acm_cmd_fd);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/xentrace/xentrace.c
--- a/tools/xentrace/xentrace.c Thu Aug 18 18:40:02 2005
+++ b/tools/xentrace/xentrace.c Fri Aug 19 18:19:28 2005
@@ -95,13 +95,13 @@
/**
* get_tbufs - get pointer to and size of the trace buffers
- * @mach_addr: location to store machine address if the trace buffers to
- * @size: location to store the size of a trace buffer to
+ * @mfn: location to store mfn of the trace buffers to
+ * @size: location to store the size of a trace buffer to
*
* Gets the machine address of the trace pointer area and the size of the
* per CPU buffers.
*/
-void get_tbufs(unsigned long *mach_addr, unsigned long *size)
+void get_tbufs(unsigned long *mfn, unsigned long *size)
{
int ret;
dom0_op_t op; /* dom0 op we'll build */
@@ -121,19 +121,19 @@
exit(EXIT_FAILURE);
}
- *mach_addr = op.u.tbufcontrol.mach_addr;
- *size = op.u.tbufcontrol.size;
+ *mfn = op.u.tbufcontrol.buffer_mfn;
+ *size = op.u.tbufcontrol.size;
}
/**
* map_tbufs - memory map Xen trace buffers into user space
- * @tbufs: machine address of the trace buffers
+ * @tbufs_mfn: mfn of the trace buffers
* @num: number of trace buffers to map
* @size: size of each trace buffer
*
* Maps the Xen trace buffers them into process address space.
*/
-struct t_buf *map_tbufs(unsigned long tbufs_mach, unsigned int num,
+struct t_buf *map_tbufs(unsigned long tbufs_mfn, unsigned int num,
unsigned long size)
{
int xc_handle; /* file descriptor for /proc/xen/privcmd */
@@ -149,7 +149,7 @@
tbufs_mapped = xc_map_foreign_range(xc_handle, 0 /* Dom 0 ID */,
size * num, PROT_READ,
- tbufs_mach >> PAGE_SHIFT);
+ tbufs_mfn);
xc_interface_close(xc_handle);
@@ -231,7 +231,7 @@
/**
* init_rec_ptrs - initialises data area pointers to locations in user space
- * @tbufs_mach: machine base address of the trace buffer area
+ * @tbufs_mfn: base mfn of the trace buffer area
* @tbufs_mapped: user virtual address of base of trace buffer area
* @meta: array of user-space pointers to struct t_buf's of metadata
* @num: number of trace buffers
@@ -240,7 +240,7 @@
* mapped in user space. Note that the trace buffer metadata contains machine
* pointers - the array returned allows more convenient access to them.
*/
-struct t_rec **init_rec_ptrs(unsigned long tbufs_mach,
+struct t_rec **init_rec_ptrs(unsigned long tbufs_mfn,
struct t_buf *tbufs_mapped,
struct t_buf **meta,
unsigned int num)
@@ -256,7 +256,7 @@
}
for ( i = 0; i < num; i++ )
- data[i] = (struct t_rec *)(meta[i]->rec_addr - tbufs_mach
+ data[i] = (struct t_rec *)(meta[i]->rec_addr -
(tbufs_mfn<<XC_PAGE_SHIFT) /* XXX */
+ (unsigned long)tbufs_mapped);
return data;
@@ -330,7 +330,7 @@
struct t_rec **data; /* pointers to the trace buffer data areas
* where they are mapped into user space. */
unsigned long *cons; /* store tail indexes for the trace buffers */
- unsigned long tbufs_mach; /* machine address of the tbufs */
+ unsigned long tbufs_mfn; /* mfn of the tbufs */
unsigned int num; /* number of trace buffers / logical CPUS */
unsigned long size; /* size of a single trace buffer */
@@ -340,14 +340,14 @@
num = get_num_cpus();
/* setup access to trace buffers */
- get_tbufs(&tbufs_mach, &size);
- tbufs_mapped = map_tbufs(tbufs_mach, num, size);
+ get_tbufs(&tbufs_mfn, &size);
+ tbufs_mapped = map_tbufs(tbufs_mfn, num, size);
size_in_recs = (size - sizeof(struct t_buf)) / sizeof(struct t_rec);
/* build arrays of convenience ptrs */
meta = init_bufs_ptrs (tbufs_mapped, num, size);
- data = init_rec_ptrs (tbufs_mach, tbufs_mapped, meta, num);
+ data = init_rec_ptrs (tbufs_mfn, tbufs_mapped, meta, num);
cons = init_tail_idxs (meta, num);
/* now, scan buffers for events */
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/Rules.mk
--- a/xen/Rules.mk Thu Aug 18 18:40:02 2005
+++ b/xen/Rules.mk Fri Aug 19 18:19:28 2005
@@ -10,14 +10,6 @@
optimize ?= y
domu_debug ?= n
crash_debug ?= n
-
-# ACM_USE_SECURITY_POLICY is set to security policy of Xen
-# Supported models are:
-# ACM_NULL_POLICY (ACM will not be built with this policy)
-# ACM_CHINESE_WALL_POLICY
-# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY
-# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
-ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
include $(BASEDIR)/../Config.mk
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/domain.c Fri Aug 19 18:19:28 2005
@@ -217,8 +217,16 @@
return xmalloc(struct vcpu);
}
+/* We assume that vcpu 0 is always the last one to be freed in a
+ domain i.e. if v->vcpu_id == 0, the domain should be
+ single-processor. */
void arch_free_vcpu_struct(struct vcpu *v)
{
+ struct vcpu *p;
+ for_each_vcpu(v->domain, p) {
+ if (p->next_in_list == v)
+ p->next_in_list = v->next_in_list;
+ }
xfree(v);
}
@@ -403,7 +411,7 @@
{
if ( ((c->user_regs.cs & 3) == 0) ||
((c->user_regs.ss & 3) == 0) )
- return -EINVAL;
+ return -EINVAL;
}
clear_bit(_VCPUF_fpu_initialised, &v->vcpu_flags);
@@ -457,7 +465,7 @@
if ( !(c->flags & VGCF_VMX_GUEST) )
#endif
if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d,
- PGT_base_page_table) )
+ PGT_base_page_table) )
return -EINVAL;
}
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/domain_build.c
--- a/xen/arch/x86/domain_build.c Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/domain_build.c Fri Aug 19 18:19:28 2005
@@ -22,16 +22,28 @@
#include <asm/i387.h>
#include <asm/shadow.h>
-/* opt_dom0_mem: memory allocated to domain 0. */
-static unsigned int opt_dom0_mem;
+static long dom0_nrpages;
+
+/*
+ * dom0_mem:
+ * If +ve:
+ * * The specified amount of memory is allocated to domain 0.
+ * If -ve:
+ * * All of memory is allocated to domain 0, minus the specified amount.
+ * If not specified:
+ * * All of memory is allocated to domain 0, minus 1/16th which is reserved
+ * for uses such as DMA buffers (the reservation is clamped to 128MB).
+ */
static void parse_dom0_mem(char *s)
{
- unsigned long long bytes = parse_size_and_unit(s);
- /* If no unit is specified we default to kB units, not bytes. */
- if ( isdigit(s[strlen(s)-1]) )
- opt_dom0_mem = (unsigned int)bytes;
- else
- opt_dom0_mem = (unsigned int)(bytes >> 10);
+ unsigned long long bytes;
+ char *t = s;
+ if ( *s == '-' )
+ t++;
+ bytes = parse_size_and_unit(t);
+ dom0_nrpages = bytes >> PAGE_SHIFT;
+ if ( *s == '-' )
+ dom0_nrpages = -dom0_nrpages;
}
custom_param("dom0_mem", parse_dom0_mem);
@@ -137,12 +149,30 @@
printk("*** LOADING DOMAIN 0 ***\n");
- /* By default DOM0 is allocated all available memory. */
d->max_pages = ~0U;
- if ( (nr_pages = opt_dom0_mem >> (PAGE_SHIFT - 10)) == 0 )
+
+ /*
+ * If domain 0 allocation isn't specified, reserve 1/16th of available
+ * memory for things like DMA buffers. This reservation is clamped to
+ * a maximum of 128MB.
+ */
+ if ( dom0_nrpages == 0 )
+ {
+ dom0_nrpages = avail_domheap_pages() +
+ ((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
+ ((image_len + PAGE_SIZE - 1) >> PAGE_SHIFT);
+ dom0_nrpages = min(dom0_nrpages / 16, 128L << (20 - PAGE_SHIFT));
+ dom0_nrpages = -dom0_nrpages;
+ }
+
+ /* Negative memory specification means "all memory - specified amount". */
+ if ( dom0_nrpages < 0 )
nr_pages = avail_domheap_pages() +
((initrd_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
- ((image_len + PAGE_SIZE - 1) >> PAGE_SHIFT);
+ ((image_len + PAGE_SIZE - 1) >> PAGE_SHIFT) +
+ dom0_nrpages;
+ else
+ nr_pages = dom0_nrpages;
if ( (rc = parseelfimage(&dsi)) != 0 )
return rc;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/mm.c Fri Aug 19 18:19:28 2005
@@ -2633,14 +2633,16 @@
if ( entries > FIRST_RESERVED_GDT_ENTRY )
return -EINVAL;
-
+
shadow_sync_all(d);
/* Check the pages in the new GDT. */
- for ( i = 0; i < nr_pages; i++ )
- if ( ((pfn = frames[i]) >= max_page) ||
- !get_page_and_type(&frame_table[pfn], d, PGT_gdt_page) )
+ for ( i = 0; i < nr_pages; i++ ) {
+ pfn = frames[i];
+ if ((pfn >= max_page) ||
+ !get_page_and_type(&frame_table[pfn], d, PGT_gdt_page) )
goto fail;
+ }
/* Tear down the old GDT. */
destroy_gdt(v);
@@ -2687,22 +2689,24 @@
}
-long do_update_descriptor(unsigned long pa, u64 desc)
+long do_update_descriptor(u64 pa, u64 desc)
{
struct domain *dom = current->domain;
unsigned long gpfn = pa >> PAGE_SHIFT;
unsigned long mfn;
- unsigned int offset = (pa & ~PAGE_MASK) / sizeof(struct desc_struct);
+ unsigned int offset;
struct desc_struct *gdt_pent, d;
struct pfn_info *page;
long ret = -EINVAL;
+ offset = ((unsigned int)pa & ~PAGE_MASK) / sizeof(struct desc_struct);
+
*(u64 *)&d = desc;
LOCK_BIGLOCK(dom);
if ( !VALID_MFN(mfn = __gpfn_to_mfn(dom, gpfn)) ||
- ((pa % sizeof(struct desc_struct)) != 0) ||
+ (((unsigned int)pa % sizeof(struct desc_struct)) != 0) ||
(mfn >= max_page) ||
!check_descriptor(&d) )
{
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/arch/x86/physdev.c
--- a/xen/arch/x86/physdev.c Thu Aug 18 18:40:02 2005
+++ b/xen/arch/x86/physdev.c Fri Aug 19 18:19:28 2005
@@ -106,7 +106,7 @@
(op.u.set_iobitmap.nr_ports > 65536) )
break;
ret = 0;
- current->arch.iobmp = (u8 *)op.u.set_iobitmap.bitmap;
+ current->arch.iobmp = op.u.set_iobitmap.bitmap;
current->arch.iobmp_limit = op.u.set_iobitmap.nr_ports;
break;
default:
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/event_channel.c
--- a/xen/common/event_channel.c Thu Aug 18 18:40:02 2005
+++ b/xen/common/event_channel.c Fri Aug 19 18:19:28 2005
@@ -588,7 +588,6 @@
long rc = 0;
if ( (vcpu >= MAX_VIRT_CPUS) || (d->vcpu[vcpu] == NULL) ) {
- printf("vcpu %d bad.\n", vcpu);
return -EINVAL;
}
@@ -596,7 +595,6 @@
if ( !port_is_valid(d, port) )
{
- printf("port %d bad.\n", port);
rc = -EINVAL;
goto out;
}
@@ -610,7 +608,6 @@
chn->notify_vcpu_id = vcpu;
break;
default:
- printf("evtchn type %d can't be rebound.\n", chn->state);
rc = -EINVAL;
break;
}
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/lib.c
--- a/xen/common/lib.c Thu Aug 18 18:40:02 2005
+++ b/xen/common/lib.c Fri Aug 19 18:19:28 2005
@@ -450,8 +450,10 @@
ret <<= 10;
case 'M': case 'm':
ret <<= 10;
- case 'K': case 'k':
+ case 'K': case 'k': default:
ret <<= 10;
+ case 'B': case 'b':
+ break;
}
return ret;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/schedule.c
--- a/xen/common/schedule.c Thu Aug 18 18:40:02 2005
+++ b/xen/common/schedule.c Fri Aug 19 18:19:28 2005
@@ -38,6 +38,8 @@
#include <xen/mm.h>
#include <public/sched_ctl.h>
+extern void arch_getdomaininfo_ctxt(struct vcpu *,
+ struct vcpu_guest_context *);
/* opt_sched: scheduler - default to SEDF */
static char opt_sched[10] = "sedf";
string_param("sched", opt_sched);
@@ -82,7 +84,8 @@
int i;
SCHED_OP(free_task, d);
- for (i = 0; i < MAX_VIRT_CPUS; i++)
+ /* vcpu 0 has to be the last one destructed. */
+ for (i = MAX_VIRT_CPUS-1; i >= 0; i--)
if ( d->vcpu[i] )
arch_free_vcpu_struct(d->vcpu[i]);
@@ -295,10 +298,36 @@
return 0;
}
+static long do_vcpu_pickle(int vcpu, unsigned long arg)
+{
+ struct vcpu *v;
+ vcpu_guest_context_t *c;
+ int ret = 0;
+
+ if (vcpu >= MAX_VIRT_CPUS)
+ return -EINVAL;
+ v = current->domain->vcpu[vcpu];
+ if (!v)
+ return -ESRCH;
+ /* Don't pickle vcpus which are currently running */
+ if (!test_bit(_VCPUF_down, &v->vcpu_flags)) {
+ return -EBUSY;
+ }
+ c = xmalloc(vcpu_guest_context_t);
+ if (!c)
+ return -ENOMEM;
+ arch_getdomaininfo_ctxt(v, c);
+ if (copy_to_user((vcpu_guest_context_t *)arg,
+ (const vcpu_guest_context_t *)c, sizeof(*c)))
+ ret = -EFAULT;
+ xfree(c);
+ return ret;
+}
+
/*
* Demultiplex scheduler-related hypercalls.
*/
-long do_sched_op(unsigned long op)
+long do_sched_op(unsigned long op, unsigned long arg)
{
long ret = 0;
@@ -332,6 +361,11 @@
case SCHEDOP_vcpu_up:
{
ret = do_vcpu_up((int)(op >> SCHEDOP_vcpushift));
+ break;
+ }
+ case SCHEDOP_vcpu_pickle:
+ {
+ ret = do_vcpu_pickle((int)(op >> SCHEDOP_vcpushift), arg);
break;
}
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/common/trace.c
--- a/xen/common/trace.c Thu Aug 18 18:40:02 2005
+++ b/xen/common/trace.c Fri Aug 19 18:19:28 2005
@@ -113,10 +113,10 @@
switch ( tbc->op)
{
case DOM0_TBUF_GET_INFO:
- tbc->cpu_mask = tb_cpu_mask;
- tbc->evt_mask = tb_event_mask;
- tbc->mach_addr = __pa(t_bufs[0]);
- tbc->size = opt_tbuf_size * PAGE_SIZE;
+ tbc->cpu_mask = tb_cpu_mask;
+ tbc->evt_mask = tb_event_mask;
+ tbc->buffer_mfn = __pa(t_bufs[0]) >> PAGE_SHIFT;
+ tbc->size = opt_tbuf_size * PAGE_SIZE;
break;
case DOM0_TBUF_SET_CPU_MASK:
tb_cpu_mask = tbc->cpu_mask;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/arch-ia64.h
--- a/xen/include/public/arch-ia64.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/arch-ia64.h Fri Aug 19 18:19:28 2005
@@ -12,9 +12,6 @@
#define MAX_VIRT_CPUS 1
#ifndef __ASSEMBLY__
-
-/* NB. Both the following are 64 bits each. */
-typedef unsigned long memory_t; /* Full-sized pointer/address/memory-size. */
#define MAX_NR_SECTION 32 // at most 32 memory holes
typedef struct {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/arch-x86_32.h
--- a/xen/include/public/arch-x86_32.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/arch-x86_32.h Fri Aug 19 18:19:28 2005
@@ -63,9 +63,6 @@
#ifndef __ASSEMBLY__
-/* NB. Both the following are 32 bits each. */
-typedef unsigned long memory_t; /* Full-sized pointer/address/memory-size. */
-
/*
* Send an array of these to HYPERVISOR_set_trap_table()
*/
@@ -74,10 +71,10 @@
#define TI_SET_DPL(_ti,_dpl) ((_ti)->flags |= (_dpl))
#define TI_SET_IF(_ti,_if) ((_ti)->flags |= ((!!(_if))<<2))
typedef struct trap_info {
- u8 vector; /* exception vector */
- u8 flags; /* 0-3: privilege level; 4: clear event enable? */
- u16 cs; /* code selector */
- memory_t address; /* code address */
+ u8 vector; /* exception vector */
+ u8 flags; /* 0-3: privilege level; 4: clear event enable? */
+ u16 cs; /* code selector */
+ unsigned long address; /* code offset */
} trap_info_t;
typedef struct cpu_user_regs {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/arch-x86_64.h
--- a/xen/include/public/arch-x86_64.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/arch-x86_64.h Fri Aug 19 18:19:28 2005
@@ -103,9 +103,6 @@
/* Bottom of switch_to_user stack frame. */
};
-/* NB. Both the following are 64 bits each. */
-typedef unsigned long memory_t; /* Full-sized pointer/address/memory-size. */
-
/*
* Send an array of these to HYPERVISOR_set_trap_table().
* N.B. As in x86/32 mode, the privilege level specifies which modes may enter
@@ -121,10 +118,10 @@
#define TI_SET_DPL(_ti,_dpl) ((_ti)->flags |= (_dpl))
#define TI_SET_IF(_ti,_if) ((_ti)->flags |= ((!!(_if))<<2))
typedef struct trap_info {
- u8 vector; /* exception vector */
- u8 flags; /* 0-3: privilege level; 4: clear event enable? */
- u16 cs; /* code selector */
- memory_t address; /* code address */
+ u8 vector; /* exception vector */
+ u8 flags; /* 0-3: privilege level; 4: clear event enable? */
+ u16 cs; /* code selector */
+ unsigned long address; /* code offset */
} trap_info_t;
typedef struct cpu_user_regs {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/dom0_ops.h
--- a/xen/include/public/dom0_ops.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/dom0_ops.h Fri Aug 19 18:19:28 2005
@@ -19,7 +19,7 @@
* This makes sure that old versions of dom0 tools will stop working in a
* well-defined way (rather than crashing the machine, for instance).
*/
-#define DOM0_INTERFACE_VERSION 0xAAAA100E
+#define DOM0_INTERFACE_VERSION 0xAAAA100F
/************************************************************************/
@@ -27,10 +27,10 @@
typedef struct {
/* IN variables. */
domid_t domain;
- memory_t max_pfns;
+ unsigned long max_pfns;
void *buffer;
/* OUT variables. */
- memory_t num_pfns;
+ unsigned long num_pfns;
} dom0_getmemlist_t;
#define DOM0_SCHEDCTL 6
@@ -83,9 +83,9 @@
#define DOMFLAGS_SHUTDOWNMASK 255 /* DOMFLAGS_SHUTDOWN guest-supplied code. */
#define DOMFLAGS_SHUTDOWNSHIFT 16
u32 flags;
- memory_t tot_pages;
- memory_t max_pages;
- memory_t shared_info_frame; /* MFN of shared_info struct */
+ unsigned long tot_pages;
+ unsigned long max_pages;
+ unsigned long shared_info_frame; /* MFN of shared_info struct */
u64 cpu_time;
u32 n_vcpu;
s32 vcpu_to_cpu[MAX_VIRT_CPUS]; /* current mapping */
@@ -155,7 +155,7 @@
typedef struct {
/* IN variables. */
- memory_t pfn; /* Machine page frame number to query. */
+ unsigned long pfn; /* Machine page frame number to query. */
domid_t domain; /* To which domain does the frame belong? */
/* OUT variables. */
/* Is the page PINNED to a type? */
@@ -197,7 +197,7 @@
unsigned long cpu_mask;
u32 evt_mask;
/* OUT variables */
- memory_t mach_addr;
+ unsigned long buffer_mfn;
u32 size;
} dom0_tbufcontrol_t;
@@ -211,8 +211,8 @@
u32 sockets_per_node;
u32 nr_nodes;
u32 cpu_khz;
- memory_t total_pages;
- memory_t free_pages;
+ unsigned long total_pages;
+ unsigned long free_pages;
} dom0_physinfo_t;
/*
@@ -252,7 +252,7 @@
u32 op;
unsigned long *dirty_bitmap; /* pointer to locked buffer */
/* IN/OUT variables. */
- memory_t pages; /* size of buffer, updated with actual size */
+ unsigned long pages; /* size of buffer, updated with actual size */
/* OUT variables. */
dom0_shadow_control_stats_t stats;
} dom0_shadow_control_t;
@@ -260,15 +260,15 @@
#define DOM0_SETDOMAINMAXMEM 28
typedef struct {
/* IN variables. */
- domid_t domain;
- memory_t max_memkb;
+ domid_t domain;
+ unsigned long max_memkb;
} dom0_setdomainmaxmem_t;
#define DOM0_GETPAGEFRAMEINFO2 29 /* batched interface */
typedef struct {
/* IN variables. */
- domid_t domain;
- memory_t num;
+ domid_t domain;
+ unsigned long num;
/* IN/OUT variables. */
unsigned long *array;
} dom0_getpageframeinfo2_t;
@@ -283,12 +283,12 @@
#define DOM0_ADD_MEMTYPE 31
typedef struct {
/* IN variables. */
- memory_t pfn;
- memory_t nr_pfns;
- u32 type;
- /* OUT variables. */
- u32 handle;
- u32 reg;
+ unsigned long pfn;
+ unsigned long nr_pfns;
+ u32 type;
+ /* OUT variables. */
+ u32 handle;
+ u32 reg;
} dom0_add_memtype_t;
/*
@@ -311,8 +311,8 @@
/* IN variables. */
u32 reg;
/* OUT variables. */
- memory_t pfn;
- memory_t nr_pfns;
+ unsigned long pfn;
+ unsigned long nr_pfns;
u32 type;
} dom0_read_memtype_t;
@@ -361,10 +361,10 @@
typedef struct {
/* IN variables. */
domid_t first_domain;
- memory_t max_domains;
+ unsigned int max_domains;
dom0_getdomaininfo_t *buffer;
/* OUT variables. */
- memory_t num_domains;
+ unsigned int num_domains;
} dom0_getdomaininfolist_t;
#define DOM0_PLATFORM_QUIRK 39
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/grant_table.h
--- a/xen/include/public/grant_table.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/grant_table.h Fri Aug 19 18:19:28 2005
@@ -153,13 +153,13 @@
#define GNTTABOP_map_grant_ref 0
typedef struct gnttab_map_grant_ref {
/* IN parameters. */
- memory_t host_addr;
+ u64 host_addr;
domid_t dom;
grant_ref_t ref;
u16 flags; /* GNTMAP_* */
/* OUT parameters. */
s16 handle; /* +ve: handle; -ve: GNTST_* */
- memory_t dev_bus_addr;
+ u64 dev_bus_addr;
} gnttab_map_grant_ref_t;
/*
@@ -176,8 +176,8 @@
#define GNTTABOP_unmap_grant_ref 1
typedef struct gnttab_unmap_grant_ref {
/* IN parameters. */
- memory_t host_addr;
- memory_t dev_bus_addr;
+ u64 host_addr;
+ u64 dev_bus_addr;
u16 handle;
/* OUT parameters. */
s16 status; /* GNTST_* */
@@ -223,7 +223,7 @@
*/
#define GNTTABOP_donate 4
typedef struct {
- memory_t mfn; /* 0 */
+ unsigned long mfn; /* 0 */
domid_t domid; /* 4 */
u16 handle; /* 8 */
s16 status; /* 10: GNTST_* */
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/io/blkif.h
--- a/xen/include/public/io/blkif.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/io/blkif.h Fri Aug 19 18:19:28 2005
@@ -18,7 +18,6 @@
#define BLKIF_OP_READ 0
#define BLKIF_OP_WRITE 1
-#define BLKIF_OP_PROBE 2
/* NB. Ring size must be small enough for sizeof(blkif_ring_t) <= PAGE_SIZE. */
#define BLKIF_RING_SIZE 64
@@ -33,7 +32,7 @@
typedef struct blkif_request {
u8 operation; /* BLKIF_OP_??? */
u8 nr_segments; /* number of segments */
- blkif_vdev_t device; /* only for read/write requests */
+ blkif_vdev_t handle; /* only for read/write requests */
unsigned long id; /* private guest value, echoed in resp */
blkif_sector_t sector_number;/* start sector idx on disk (r/w only) */
/* @f_a_s[4:0]=last_sect ; @f_a_s[9:5]=first_sect */
@@ -71,31 +70,8 @@
DEFINE_RING_TYPES(blkif, blkif_request_t, blkif_response_t);
-/*
- * BLKIF_OP_PROBE:
- * The request format for a probe request is constrained as follows:
- * @operation == BLKIF_OP_PROBE
- * @nr_segments == size of probe buffer in pages
- * @device == unused (zero)
- * @id == any value (echoed in response message)
- * @sector_num == unused (zero)
- * @frame_and_sects == list of page-sized buffers.
- * (i.e., @first_sect == 0, @last_sect == 7).
- *
- * The response is a list of vdisk_t elements copied into the out-of-band
- * probe buffer. On success the response status field contains the number
- * of vdisk_t elements.
- */
-
#define VDISK_CDROM 0x1
#define VDISK_REMOVABLE 0x2
#define VDISK_READONLY 0x4
-typedef struct vdisk {
- blkif_sector_t capacity; /* Size in terms of 512-byte sectors. */
- blkif_vdev_t device; /* Device number (opaque 16 bit value). */
- u16 info; /* Device type and flags (VDISK_*). */
- u16 sector_size; /* Minimum alignment for requests. */
-} vdisk_t; /* 16 bytes */
-
#endif /* __XEN_PUBLIC_IO_BLKIF_H__ */
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/io/domain_controller.h
--- a/xen/include/public/io/domain_controller.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/io/domain_controller.h Fri Aug 19 18:19:28 2005
@@ -139,7 +139,7 @@
*/
typedef struct blkif_fe_interface_connect {
u32 handle;
- memory_t shmem_frame;
+ unsigned long shmem_frame;
int shmem_ref;
} blkif_fe_interface_connect_t;
@@ -249,7 +249,7 @@
/* IN */
domid_t domid; /* Domain attached to new interface. */
u32 blkif_handle; /* Domain-specific interface handle. */
- memory_t shmem_frame; /* Page cont. shared comms window. */
+ unsigned long shmem_frame;/* Page cont. shared comms window. */
int shmem_ref; /* Grant table reference. */
u32 evtchn; /* Event channel for notifications. */
/* OUT */
@@ -364,11 +364,11 @@
* STATUS_CONNECTED message.
*/
typedef struct netif_fe_interface_connect {
- u32 handle;
- memory_t tx_shmem_frame;
- int tx_shmem_ref;
- memory_t rx_shmem_frame;
- int rx_shmem_ref;
+ u32 handle;
+ unsigned long tx_shmem_frame;
+ int tx_shmem_ref;
+ unsigned long rx_shmem_frame;
+ int rx_shmem_ref;
} netif_fe_interface_connect_t;
/*
@@ -486,13 +486,13 @@
*/
typedef struct netif_be_connect {
/* IN */
- domid_t domid; /* Domain attached to new interface. */
- u32 netif_handle; /* Domain-specific interface handle. */
- memory_t tx_shmem_frame; /* Page cont. tx shared comms window. */
- int tx_shmem_ref; /* Grant reference for above */
- memory_t rx_shmem_frame; /* Page cont. rx shared comms window. */
- int rx_shmem_ref; /* Grant reference for above */
- u16 evtchn; /* Event channel for notifications. */
+ domid_t domid; /* Domain attached to new interface. */
+ u32 netif_handle; /* Domain-specific interface handle. */
+ unsigned long tx_shmem_frame;/* Page cont. tx shared comms window. */
+ int tx_shmem_ref; /* Grant reference for above */
+ unsigned long rx_shmem_frame;/* Page cont. rx shared comms window. */
+ int rx_shmem_ref; /* Grant reference for above */
+ u16 evtchn; /* Event channel for notifications. */
/* OUT */
u32 status;
} netif_be_connect_t;
@@ -577,7 +577,7 @@
* STATUS_CONNECTED message.
*/
typedef struct usbif_fe_interface_connect {
- memory_t shmem_frame;
+ unsigned long shmem_frame;
} usbif_fe_interface_connect_t;
/*
@@ -660,7 +660,7 @@
typedef struct usbif_be_connect {
/* IN */
domid_t domid; /* Domain attached to new interface. */
- memory_t shmem_frame; /* Page cont. shared comms window. */
+ unsigned long shmem_frame;/* Page cont. shared comms window. */
u32 evtchn; /* Event channel for notifications. */
u32 bandwidth; /* Bandwidth allocated for isoch / int - us
* per 1ms frame (ie between 0 and 900 or 800
@@ -780,7 +780,7 @@
#define PDB_CONNECTION_STATUS_UP 1
#define PDB_CONNECTION_STATUS_DOWN 2
u32 status;
- memory_t ring; /* status: UP */
+ unsigned long ring; /* status: UP */
u32 evtchn; /* status: UP */
} pdb_connection_t, *pdb_connection_p;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/io/netif.h
--- a/xen/include/public/io/netif.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/io/netif.h Fri Aug 19 18:19:28 2005
@@ -10,7 +10,7 @@
#define __XEN_PUBLIC_IO_NETIF_H__
typedef struct netif_tx_request {
- memory_t addr; /* Machine address of packet. */
+ unsigned long addr; /* Machine address of packet. */
u16 csum_blank:1; /* Proto csum field blank? */
u16 id:15; /* Echoed in response message. */
u16 size; /* Packet size in bytes. */
@@ -32,7 +32,7 @@
#ifdef CONFIG_XEN_NETDEV_GRANT_TX
u32 addr; /* 0: Offset in page of start of received packet */
#else
- memory_t addr; /* Machine address of packet. */
+ unsigned long addr; /* Machine address of packet. */
#endif
u16 csum_valid:1; /* Protocol checksum is validated? */
u16 id:15;
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/physdev.h
--- a/xen/include/public/physdev.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/physdev.h Fri Aug 19 18:19:28 2005
@@ -27,8 +27,8 @@
typedef struct physdevop_set_iobitmap {
/* IN */
- memory_t bitmap;
- u32 nr_ports;
+ char *bitmap;
+ u32 nr_ports;
} physdevop_set_iobitmap_t;
typedef struct physdevop_apic {
diff -r 99914b54f7bf -r 81576d3d1ca8 xen/include/public/xen.h
--- a/xen/include/public/xen.h Thu Aug 18 18:40:02 2005
+++ b/xen/include/public/xen.h Fri Aug 19 18:19:28 2005
@@ -171,9 +171,9 @@
unsigned int cmd;
union {
/* [UN]PIN_TABLE, NEW_BASEPTR, NEW_USER_BASEPTR, REASSIGN_PAGE */
- memory_t mfn;
+ unsigned long mfn;
/* INVLPG_LOCAL, INVLPG_ALL, SET_LDT */
- memory_t linear_addr;
+ unsigned long linear_addr;
};
union {
/* SET_LDT */
@@ -203,6 +203,7 @@
#define SCHEDOP_shutdown 2 /* Stop executing this domain. */
#define SCHEDOP_vcpu_down 3 /* make target VCPU not-runnable. */
#define SCHEDOP_vcpu_up 4 /* make target VCPU runnable. */
+#define SCHEDOP_vcpu_pickle 5 /* save a vcpu's context to memory. */
#define SCHEDOP_cmdmask 255 /* 8-bit command. */
#define SCHEDOP_reasonshift 8 /* 8-bit reason code. (SCHEDOP_shutdown) */
#define SCHEDOP_vcpushift 8 /* 8-bit VCPU target. (SCHEDOP_up|down) */
@@ -437,18 +438,18 @@
#define MAX_GUEST_CMDLINE 1024
typedef struct start_info {
/* THE FOLLOWING ARE FILLED IN BOTH ON INITIAL BOOT AND ON RESUME. */
- memory_t nr_pages; /* Total pages allocated to this domain. */
- memory_t shared_info; /* MACHINE address of shared info struct. */
+ unsigned long nr_pages; /* Total pages allocated to this domain. */
+ unsigned long shared_info;/* MACHINE address of shared info struct. */
u32 flags; /* SIF_xxx flags. */
u16 domain_controller_evtchn;
/* THE FOLLOWING ARE ONLY FILLED IN ON INITIAL BOOT (NOT RESUME). */
- memory_t pt_base; /* VIRTUAL address of page directory. */
- memory_t nr_pt_frames; /* Number of bootstrap p.t. frames. */
- memory_t mfn_list; /* VIRTUAL address of page-frame list. */
- memory_t mod_start; /* VIRTUAL address of pre-loaded module. */
- memory_t mod_len; /* Size (bytes) of pre-loaded module. */
+ unsigned long pt_base; /* VIRTUAL address of page directory. */
+ unsigned long nr_pt_frames;/* Number of bootstrap p.t. frames. */
+ unsigned long mfn_list; /* VIRTUAL address of page-frame list. */
+ unsigned long mod_start; /* VIRTUAL address of pre-loaded module. */
+ unsigned long mod_len; /* Size (bytes) of pre-loaded module. */
s8 cmd_line[MAX_GUEST_CMDLINE];
- memory_t store_mfn; /* MACHINE page number of shared page. */
+ unsigned long store_mfn; /* MACHINE page number of shared page. */
u16 store_evtchn; /* Event channel for store communication. */
} start_info_t;
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/arch/xen/i386/kernel/init_task.c
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/init_task.c Fri Aug 19
18:19:28 2005
@@ -0,0 +1,49 @@
+#include <linux/mm.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/init.h>
+#include <linux/init_task.h>
+#include <linux/fs.h>
+#include <linux/mqueue.h>
+
+#include <asm/uaccess.h>
+#include <asm/pgtable.h>
+#include <asm/desc.h>
+
+static struct fs_struct init_fs = INIT_FS;
+static struct files_struct init_files = INIT_FILES;
+static struct signal_struct init_signals = INIT_SIGNALS(init_signals);
+static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand);
+
+#define swapper_pg_dir ((pgd_t *)NULL)
+struct mm_struct init_mm = INIT_MM(init_mm);
+#undef swapper_pg_dir
+
+EXPORT_SYMBOL(init_mm);
+
+/*
+ * Initial thread structure.
+ *
+ * We need to make sure that this is THREAD_SIZE aligned due to the
+ * way process stacks are handled. This is done by having a special
+ * "init_task" linker map entry..
+ */
+union thread_union init_thread_union
+ __attribute__((__section__(".data.init_task"))) =
+ { INIT_THREAD_INFO(init_task) };
+
+/*
+ * Initial task structure.
+ *
+ * All other task structs will be allocated on slabs in fork.c
+ */
+struct task_struct init_task = INIT_TASK(init_task);
+
+EXPORT_SYMBOL(init_task);
+
+/*
+ * per-CPU TSS segments. Threads are completely 'soft' on Linux,
+ * no more per-task TSS's.
+ */
+DEFINE_PER_CPU(struct tss_struct, init_tss) ____cacheline_maxaligned_in_smp =
INIT_TSS;
+
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c Fri Aug 19 18:19:28 2005
@@ -0,0 +1,308 @@
+/* Xenbus code for blkif backend
+ Copyright (C) 2005 Rusty Russell <rusty@xxxxxxxxxxxxxxx>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+#include <stdarg.h>
+#include <linux/module.h>
+#include <asm-xen/xenbus.h>
+#include "common.h"
+
+struct backend_info
+{
+ struct xenbus_device *dev;
+
+ /* our communications channel */
+ blkif_t *blkif;
+ struct vbd *vbd;
+
+ long int frontend_id;
+ long int pdev;
+ long int readonly;
+
+ /* watch back end for changes */
+ struct xenbus_watch backend_watch;
+
+ /* watch front end for changes */
+ struct xenbus_watch watch;
+ char *frontpath;
+};
+
+static int blkback_remove(struct xenbus_device *dev)
+{
+ struct backend_info *be = dev->data;
+
+ if (be->watch.node)
+ unregister_xenbus_watch(&be->watch);
+ unregister_xenbus_watch(&be->backend_watch);
+ if (be->vbd)
+ vbd_free(be->blkif, be->vbd);
+ if (be->blkif)
+ blkif_put(be->blkif);
+ if (be->frontpath)
+ kfree(be->frontpath);
+ kfree(be);
+ return 0;
+}
+
+/* Front end tells us frame. */
+static void frontend_changed(struct xenbus_watch *watch, const char *node)
+{
+ unsigned long sharedmfn;
+ unsigned int evtchn;
+ int err;
+ struct backend_info *be
+ = container_of(watch, struct backend_info, watch);
+
+ /* If other end is gone, delete ourself. */
+ if (!xenbus_exists(be->frontpath, "")) {
+ xenbus_rm(be->dev->nodename, "");
+ device_unregister(&be->dev->dev);
+ return;
+ }
+ if (vbd_is_active(be->vbd))
+ return;
+
+#ifndef CONFIG_XEN_BLKDEV_GRANT
+ err = xenbus_gather(be->frontpath, "shared-frame", "%lu", &sharedmfn,
+ "event-channel", "%u", &evtchn, NULL);
+ if (err) {
+ xenbus_dev_error(be->dev, err,
+ "reading %s/shared-frame and event-channel",
+ be->frontpath);
+ return;
+ }
+#else
+ err = xenbus_gather(be->frontpath, "grant-id", "%lu", &sharedmfn,
+ "event-channel", "%u", &evtchn, NULL);
+ if (err) {
+ xenbus_dev_error(be->dev, err,
+ "reading %s/grant-id and event-channel",
+ be->frontpath);
+ return;
+ }
+#endif
+
+ /* Domains must use same shared frame for all vbds. */
+ if (be->blkif->status == CONNECTED &&
+ (evtchn != be->blkif->remote_evtchn ||
+ sharedmfn != be->blkif->shmem_frame)) {
+ xenbus_dev_error(be->dev, err,
+ "Shared frame/evtchn %li/%u not same as"
+ " old %li/%u",
+ sharedmfn, evtchn,
+ be->blkif->shmem_frame,
+ be->blkif->remote_evtchn);
+ return;
+ }
+
+ /* Supply the information about the device the frontend needs */
+ err = xenbus_transaction_start(be->dev->nodename);
+ if (err) {
+ xenbus_dev_error(be->dev, err, "starting transaction");
+ return;
+ }
+
+ err = xenbus_printf(be->dev->nodename, "sectors", "%lu",
+ vbd_size(be->vbd));
+ if (err) {
+ xenbus_dev_error(be->dev, err, "writing %s/sectors",
+ be->dev->nodename);
+ goto abort;
+ }
+
+ /* FIXME: use a typename instead */
+ err = xenbus_printf(be->dev->nodename, "info", "%u",
+ vbd_info(be->vbd));
+ if (err) {
+ xenbus_dev_error(be->dev, err, "writing %s/info",
+ be->dev->nodename);
+ goto abort;
+ }
+ err = xenbus_printf(be->dev->nodename, "sector-size", "%lu",
+ vbd_secsize(be->vbd));
+ if (err) {
+ xenbus_dev_error(be->dev, err, "writing %s/sector-size",
+ be->dev->nodename);
+ goto abort;
+ }
+
+ /* First vbd? We need to map the shared frame, irq etc. */
+ if (be->blkif->status != CONNECTED) {
+ err = blkif_map(be->blkif, sharedmfn, evtchn);
+ if (err) {
+ xenbus_dev_error(be->dev, err,
+ "mapping shared-frame %lu port %u",
+ sharedmfn, evtchn);
+ goto abort;
+ }
+ }
+
+ /* We're ready, activate. */
+ vbd_activate(be->blkif, be->vbd);
+
+ xenbus_transaction_end(0);
+ xenbus_dev_ok(be->dev);
+
+ return;
+
+abort:
+ xenbus_transaction_end(1);
+}
+
+/*
+ Setup supplies physical device.
+ We provide event channel and device details to front end.
+ Frontend supplies shared frame and event channel.
+ */
+static void backend_changed(struct xenbus_watch *watch, const char *node)
+{
+ int err;
+ char *p;
+ char *frontend;
+ long int handle, pdev;
+ struct backend_info *be
+ = container_of(watch, struct backend_info, backend_watch);
+ struct xenbus_device *dev = be->dev;
+
+ frontend = NULL;
+ err = xenbus_gather(dev->nodename,
+ "frontend-id", "%li", &be->frontend_id,
+ "frontend", NULL, &frontend,
+ NULL);
+ if (err == -ENOENT || err == -ERANGE ||
+ strlen(frontend) == 0 || !xenbus_exists(frontend, "")) {
+ if (frontend)
+ kfree(frontend);
+ /* If we can't get a frontend path and a frontend-id,
+ * then our bus-id is no longer valid and we need to
+ * destroy the backend device.
+ */
+ goto device_fail;
+ }
+
+ if (!be->frontpath || strcmp(frontend, be->frontpath)) {
+ if (be->watch.node)
+ unregister_xenbus_watch(&be->watch);
+ if (be->frontpath)
+ kfree(be->frontpath);
+ be->frontpath = frontend;
+ be->watch.node = be->frontpath;
+ be->watch.callback = frontend_changed;
+ err = register_xenbus_watch(&be->watch);
+ if (err) {
+ be->watch.node = NULL;
+ goto device_fail;
+ }
+ } else
+ kfree(frontend);
+
+ err = xenbus_scanf(dev->nodename, "physical-device", "%li", &pdev);
+ if (err == -ENOENT || err == -ERANGE)
+ goto out;
+ if (err < 0) {
+ xenbus_dev_error(dev, err, "Reading physical-device");
+ goto device_fail;
+ }
+ if (be->pdev && be->pdev != pdev) {
+ printk(KERN_WARNING
+ "changing physical-device not supported\n");
+ goto device_fail;
+ }
+ be->pdev = pdev;
+
+ /* If there's a read-only node, we're read only. */
+ p = xenbus_read(dev->nodename, "read-only", NULL);
+ if (!IS_ERR(p)) {
+ be->readonly = 1;
+ kfree(p);
+ }
+
+ if (be->blkif == NULL) {
+ /* Front end dir is a number, which is used as the handle. */
+ p = strrchr(be->frontpath, '/') + 1;
+ handle = simple_strtoul(p, NULL, 0);
+
+ be->blkif = blkif_find(be->frontend_id);
+ if (IS_ERR(be->blkif)) {
+ err = PTR_ERR(be->blkif);
+ be->blkif = NULL;
+ goto device_fail;
+ }
+
+ be->vbd = vbd_create(be->blkif, handle, be->pdev,
+ be->readonly);
+ if (IS_ERR(be->vbd)) {
+ err = PTR_ERR(be->vbd);
+ be->vbd = NULL;
+ goto device_fail;
+ }
+
+ frontend_changed(&be->watch, be->frontpath);
+ }
+
+ return;
+
+ device_fail:
+ device_unregister(&be->dev->dev);
+ out:
+ return;
+}
+
+static int blkback_probe(struct xenbus_device *dev,
+ const struct xenbus_device_id *id)
+{
+ struct backend_info *be;
+ int err;
+
+ be = kmalloc(sizeof(*be), GFP_KERNEL);
+ if (!be)
+ return -ENOMEM;
+
+ memset(be, 0, sizeof(*be));
+
+ be->dev = dev;
+ be->backend_watch.node = dev->nodename;
+ be->backend_watch.callback = backend_changed;
+ err = register_xenbus_watch(&be->backend_watch);
+ if (err)
+ goto free_be;
+
+ dev->data = be;
+
+ backend_changed(&be->backend_watch, dev->nodename);
+ return err;
+ free_be:
+ kfree(be);
+ return err;
+}
+
+static struct xenbus_device_id blkback_ids[] = {
+ { "vbd" },
+ { "" }
+};
+
+static struct xenbus_driver blkback = {
+ .name = "vbd",
+ .owner = THIS_MODULE,
+ .ids = blkback_ids,
+ .probe = blkback_probe,
+ .remove = blkback_remove,
+};
+
+void blkif_xenbus_init(void)
+{
+ xenbus_register_backend(&blkback);
+}
diff -r 99914b54f7bf -r 81576d3d1ca8
patches/linux-2.6.12/workaround_double_br_del_if.patch
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/patches/linux-2.6.12/workaround_double_br_del_if.patch Fri Aug 19
18:19:28 2005
@@ -0,0 +1,11 @@
+--- linux-2.6.12/net/bridge/br_if.c 2005-06-17 14:48:29.000000000 -0500
++++ linux-2.6.12-xen0-smp/net/bridge/br_if.c 2005-08-18 15:17:27.302615846
-0500
+@@ -382,7 +382,7 @@
+ {
+ struct net_bridge_port *p = dev->br_port;
+
+- if (!p || p->br != br)
++ if (!p || p->br != br || p->state == BR_STATE_DISABLED)
+ return -EINVAL;
+
+ br_sysfs_removeif(p);
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/example.txt
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/example.txt Fri Aug 19 18:19:28 2005
@@ -0,0 +1,269 @@
+##
+# example.txt <description to the xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file introduces into the tools to manage policies
+# and to label domains and resources.
+##
+
+We will show how to install and use the chwall_ste policy.
+Other policies work similarly. Feedback welcome!
+
+
+
+1. Using secpol_xml2bin to translate the chwall_ste policy:
+===========================================================
+
+#tools/security/secpol_xml2bin chwall_ste
+
+Successful execution should print:
+
+ [root@laptopxn security]# ./secpol_xml2bin chwall_ste
+ Validating label file
policies/chwall_ste/chwall_ste-security_label_template.xml...
+ XML Schema policies/security_policy.xsd valid.
+ Validating policy file
policies/chwall_ste/chwall_ste-security_policy.xml...
+ XML Schema policies/security_policy.xsd valid.
+ Creating ssid mappings ...
+ Creating label mappings ...
+ Max chwall labels: 7
+ Max chwall-types: 4
+ Max chwall-ssids: 5
+ Max ste labels: 14
+ Max ste-types: 6
+ Max ste-ssids: 10
+
+The tool looks in directory policies/chwall_ste for
+the label and policy files.
+
+The default policy directory structure under tools/security looks like:
+
+policies
+|-- security_policy.xsd
+|-- chwall
+| |-- chwall-security_label_template.xml
+| `-- chwall-security_policy.xml
+|-- chwall_ste
+| |-- chwall_ste-security_label_template.xml
+| `-- chwall_ste-security_policy.xml
+|-- null
+| |-- null-security_label_template.xml
+| `-- null-security_policy.xml
+`-- ste
+ |-- ste-security_label_template.xml
+ `-- ste-security_policy.xml
+
+policies/security_policy.xsd contains the schema against which both the
+label-template and the policy files must validate during translation.
+
+policies/chwall_ste/chwall_ste-security_policy.xml defines the
+policies and the types known to the policies.
+
+policies/chwall_ste/chwall_ste-security_label_template.xml contains
+label definitions that group chwall and ste types together and make
+them easier to use for users
+
+After executing the above secpol_xml2bin command, you will find 2 new
+files in the policies/chwall_ste sub-directory:
+
+policies/chwall_ste/chwall_ste.map ... this file includes the mapping
+of names from the xml files into their binary code representation.
+
+policies/chwall_ste/chwall_ste.bin ... this is the binary policy file,
+the result of parsing the xml files and using the mapping to extract a
+binary version that can be loaded into the hypervisor.
+
+
+
+2. Loading and activating the policy:
+=====================================
+
+We assume that xen is already configured to use the chwall_ste policy;
+please refer to install.txt for instructions.
+
+To activate the policy from the command line (assuming that the
+currently established policy is the minimal boot-policy that is
+hard-coded into the hypervisor:
+
+# ./secpol_tool loadpolicy policies/chwall_ste/chwall_ste.bin
+
+To activate the policy at next reboot:
+
+# cp policies/chwall_ste/chwall_ste.bin /boot
+
+Add a module line to your /boot/grub/grub.conf Xen entry.
+My boot entry with chwall_ste enabled looks like this:
+
+ title Xen (2.6.12)
+ root (hd0,5)
+ kernel /boot/xen.gz dom0_mem=1200000 console=vga
+ module /boot/vmlinuz-2.6.12-xen0 ro root=/dev/hda6 rhgb
+ module /boot/initrd-2.6.12-xen0.img
+ module /boot/chwall_ste.bin
+
+This tells the grub boot-loader to load the binary policy, which
+the hypervisor will recognize. The hypervisor will then establish
+this binary policy during boot instead of the minimal policy that
+is hardcoded as default.
+
+If you have any trouble here, maks sure you have the access control
+framework enabled (see: install.txt).
+
+
+
+3. Labeling domains:
+====================
+
+a) Labeling Domain0:
+
+The chwall_ste-security_label_template.xml file includes an attribute
+"bootstrap", which is set to the label name that will be assigned to
+Dom0 (this label will be mapped to ssidref 1/1, the default for Dom0).
+
+b) Labeling User Domains:
+
+Use the script tools/security/setlabel.sh to choose a label and to
+assign labels to user domains.
+
+To show available labels for the chwall_ste policy:
+
+#tools/security/setlabel.sh -l
+
+lists all available labels. For the default chwall_ste it should print
+the following:
+
+ [root@laptopxn security]# ./setlabel.sh -l chwall_ste
+ The following labels are available:
+ dom_SystemManagement
+ dom_HomeBanking
+ dom_Fun
+ dom_BoincClient
+ dom_StorageDomain
+ dom_NetworkDomain
+
+You need to have compiled the policy beforehand so that a .map file
+exists. Setlabel.sh uses the mapping file created throughout the
+policy translation to translate a user-friendly label string into a
+ssidref-number that is eventually used by the Xen hypervisor.
+
+We distinguish two kinds of labels: a) VM labels (for domains) and RES
+Labels (for resources). We are currently working on support for
+resource labeling but will focus here on VM labels.
+
+Setlabel.sh only prints VM labels (which we have prefixed with "dom_")
+since only those are used at this time.
+
+If you would like to assign the dom_HomeBanking label to one of your
+user domains (which you hopefully keep clean), look at an example
+domain configuration homebanking.xm:
+
+ #------HOMEBANKING---------
+ kernel = "/boot/vmlinuz-2.6.12-xenU"
+ ramdisk="/boot/U1_ramdisk.img"
+ memory = 65
+ name = "test34"
+ cpu = -1 # leave to Xen to pick
+ # Number of network interfaces. Default is 1.
+ nics=1
+ dhcp="dhcp"
+ #-------------------------
+
+Now we label this domain
+
+[root@laptopxn security]# ./setlabel.sh homebanking.xm dom_HomeBanking
chwall_ste
+Mapped label 'dom_HomeBanking' to ssidref '0x00020002'.
+
+The domain configuration my look now like:
+
+ [root@laptopxn security]# cat homebanking.xm
+ #------HOMEBANKING---------
+ kernel = "/boot/vmlinuz-2.6.12-xenU"
+ ramdisk="/boot/U1_ramdisk.img"
+ memory = 65
+ name = "test34"
+ cpu = -1 # leave to Xen to pick
+ # Number of network interfaces. Default is 1.
+ nics=1
+ dhcp="dhcp"
+ #-------------------------
+ #ACM_POLICY=chwall_ste-security_policy.xml
+ #ACM_LABEL=dom_HomeBanking
+ ssidref = 0x00020002
+
+You can see 3 new entries, two of which are comments. The only value
+that the hypervisor cares about is the ssidref that will reference
+those types assigned to this label. You can look them up in the
+xml label-template file for the chwall_ste policy.
+
+This script will eventually move into the domain management and will
+be called when the domain is instantiated. For now, the setlabel
+script must be run on domains whenever the policy files change since
+the mapping between label names and ssidrefs can change in this case.
+
+
+4. Starting a labeled domain
+============================
+
+Now, start the domain:
+ #xm create -c homebanking.xm
+
+
+If you label another domain configuration as dom_Fun and try to start
+it afterwards, its start will fail. Why?
+
+Because the running homebanking domain has the chinese wall type
+"cw_Sensitive". The new domain dom_Fun has the chinese wall label
+"cw_Distrusted". This domain is not allowed to run simultaneously
+because of the defined conflict set
+
+ <conflictset name="Protection1">
+ <type>cw_Sensitive</type>
+ <type>cw_Distrusted</type>
+ </conflictset>
+
+(in policies/chwall_ste/chwall_ste-security_policy.xml), which says
+that only one of the types cw_sensitive and cw_Distrusted can run at a
+time.
+
+If you save or shutdown the HomeBanking domain, you will be able to
+start the "Fun" domain. You can look into the Xen log to see if a
+domain was denied to start because of the access control framework
+with the command 'xm dmesg'.
+
+It is important (and usually non-trivial) to define the labels in a
+way that the semantics of the labels are enforced and supported by the
+types and the conflict sets.
+
+Note: While the chinese wall policy enforcement is complete, the type
+enforcement is currently enforced in the Xen hypervisor
+only. Therefore, only point-to-point sharing with regard to the type
+enforcement is currently controlled. We are working on enhancements to
+Dom0 that enforce types also for network traffic that is routed
+through Dom0 and on the enforcement of resource labeling when binding
+resources to domains (e.g., enforcing types between domains and
+hardware resources, such as disk partitions).
+
+
+4. Adding your own policies
+===========================
+
+Writing your own policy (e.g. "mypolicy") requires the following:
+
+a) the policy definition (types etc.) file
+b) the label template definition (labels etc.) file
+
+If your policy name is "mypolicy", you need to create a
+subdirectory mypolicy in tools/security/policies.
+
+Then you create
+tools/security/policies/mypolicy/mypolicy-security_policy.xml and
+tools/security/policies/mypolicy/mypolicy-security_label_template.xml.
+
+You need to keep to the schema as defined in
+tools/security/security_policy.xsd since the translation tool
+secpol_xml2bin is written against this schema.
+
+If you keep to the security policy schema, then you can use all the
+tools described above. Refer to install.txt to install it.
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/install.txt
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/install.txt Fri Aug 19 18:19:28 2005
@@ -0,0 +1,67 @@
+##
+# install.txt <description to the xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file shows how to activate and install the access control
+# framework.
+##
+
+
+INSTALLING A SECURITY POLICY IN XEN
+===================================
+
+By default, the access control architecture is disabled in Xen. To
+enable the access control architecture in Xen follow the steps below.
+This description assumes that you want to install the Chinese Wall and
+Simple Type Enforcement policy. Some file names need to be replaced
+below to activate the Chinese Wall OR the Type Enforcement policy
+exclusively (chwall_ste --> {chwall, ste}).
+
+1. enable access control in Xen
+ # cd "xen_root"
+ # edit/xemacs/vi Config.mk
+
+ change the line:
+ ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
+
+ to:
+ ACM_USE_SECURITY_POLICY ?=
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
+
+ # make all
+ # ./install.sh
+
+2. compile the policy from xml to a binary format that can be loaded
+ into the hypervisor for enforcement
+ # cd tools/security
+ # make
+
+ manual steps (alternative to make boot_install):
+ #./secpol_xml2bin chwall_ste
+ #cp policies/chwall_ste/chwall_ste.bin /boot
+ #edit /boot/grub/grub.conf
+ add the follwoing line to your xen boot entry:
+ "module chwall_ste.bin"
+
+ alternatively, you can try our automatic translation and
+ installation of the policy:
+ # make boot_install
+
+ [we try hard to do the right thing to the right boot entry but
+ please verify boot entry in /boot/grub/grub.conf afterwards;
+ your xen boot entry should have an additional module line
+ specifying a chwall_ste.bin file with the correct directory
+ (e.g. "/" or "/boot").]
+
+
+3. reboot into the newly compiled hypervisor
+
+ after boot
+ #xm dmesg should show an entry about the policy being loaded
+ during the boot process
+
+ #tools/security/secpol_tool getpolicy
+ should print the new chwall_ste binary policy representation
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/chwall/chwall-security_label_template.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall/chwall-security_label_template.xml Fri Aug
19 18:19:28 2005
@@ -0,0 +1,76 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security labels, which can -->
+<!-- be attached to Domains and resources. Based on -->
+<!-- these labels, the access control module decides -->
+<!-- about sharing between Domains and about access -->
+<!-- of Domains to real resources. -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+ <LabelHeader>
+ <Name>chwall-security_label_template</Name>
+ <Date>2005-08-10</Date>
+ <PolicyName>
+ <Url>chwall-security_policy.xml</Url>
+ <Reference>abcdef123456abcdef</Reference>
+ </PolicyName>
+ </LabelHeader>
+
+ <SubjectLabels bootstrap="dom_SystemManagement">
+ <!-- single ste typed domains -->
+ <!-- ACM enforces that only domains with -->
+ <!-- the same type can share information -->
+ <!-- -->
+ <!-- Bootstrap label is assigned to Dom0 -->
+ <VirtualMachineLabel>
+ <Name>dom_HomeBanking</Name>
+ <ChineseWallTypes>
+ <Type>cw_Sensitive</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <Name>dom_Fun</Name>
+ <ChineseWallTypes>
+ <Type>cw_Distrusted</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- donating some cycles to seti@home -->
+ <Name>dom_BoincClient</Name>
+ <ChineseWallTypes>
+ <Type>cw_Isolated</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <!-- Domains with multiple ste types services; such domains -->
+ <!-- must keep the types inside their domain safely confined. -->
+ <VirtualMachineLabel>
+ <Name>dom_SystemManagement</Name>
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- serves persistent storage to other domains -->
+ <Name>dom_StorageDomain</Name>
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- serves network access to other domains -->
+ <Name>dom_NetworkDomain</Name>
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/chwall/chwall-security_policy.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall/chwall-security_policy.xml Fri Aug 19
18:19:28 2005
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security policies, which -->
+<!-- can be enforced by the Xen Access Control Module. -->
+<!-- Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+ <Name>chwall-security_policy</Name>
+ <Date>2005-08-10</Date>
+</PolicyHeader>
+<!-- -->
+<!-- example of a chinese wall type definition -->
+<!-- along with its conflict sets -->
+<!-- (typse in a confict set are exclusive, i.e. -->
+<!-- once a Domain with one type of a set is -->
+<!-- running, no other Domain with another type -->
+<!-- of the same conflict set can start.) -->
+ <ChineseWall priority="PrimaryPolicyComponent">
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ <Type>cw_Sensitive</Type>
+ <Type>cw_Isolated</Type>
+ <Type>cw_Distrusted</Type>
+ </ChineseWallTypes>
+
+ <ConflictSets>
+ <Conflict name="Protection1">
+ <Type>cw_Sensitive</Type>
+ <Type>cw_Distrusted</Type>
+ </Conflict>
+ </ConflictSets>
+ </ChineseWall>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall_ste/chwall_ste-security_label_template.xml
Fri Aug 19 18:19:28 2005
@@ -0,0 +1,167 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security labels, which can -->
+<!-- be attached to Domains and resources. Based on -->
+<!-- these labels, the access control module decides -->
+<!-- about sharing between Domains and about access -->
+<!-- of Domains to real resources. -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+ <LabelHeader>
+ <Name>chwall_ste-security_label_template</Name>
+ <Date>2005-08-10</Date>
+ <PolicyName>
+ <Url>chwall_ste-security_policy.xml</Url>
+ <Reference>abcdef123456abcdef</Reference>
+ </PolicyName>
+ </LabelHeader>
+
+ <SubjectLabels bootstrap="dom_SystemManagement">
+ <!-- single ste typed domains -->
+ <!-- ACM enforces that only domains with -->
+ <!-- the same type can share information -->
+ <!-- -->
+ <!-- Bootstrap label is assigned to Dom0 -->
+ <VirtualMachineLabel>
+ <Name>dom_HomeBanking</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersonalFinances</Type>
+ </SimpleTypeEnforcementTypes>
+
+ <ChineseWallTypes>
+ <Type>cw_Sensitive</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <Name>dom_Fun</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_InternetInsecure</Type>
+ </SimpleTypeEnforcementTypes>
+
+ <ChineseWallTypes>
+ <Type>cw_Distrusted</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- donating some cycles to seti@home -->
+ <Name>dom_BoincClient</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_DonatedCycles</Type>
+ </SimpleTypeEnforcementTypes>
+
+ <ChineseWallTypes>
+ <Type>cw_Isolated</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <!-- Domains with multiple ste types services; such domains -->
+ <!-- must keep the types inside their domain safely confined. -->
+ <VirtualMachineLabel>
+ <Name>dom_SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <!-- since dom0 needs access to every domain and -->
+ <!-- resource right now ... -->
+ <Type>ste_SystemManagement</Type>
+ <Type>ste_PersonalFinances</Type>
+ <Type>ste_InternetInsecure</Type>
+ <Type>ste_DonatedCycles</Type>
+ <Type>ste_PersistentStorageA</Type>
+ <Type>ste_NetworkAdapter0</Type>
+ </SimpleTypeEnforcementTypes>
+
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- serves persistent storage to other domains -->
+ <Name>dom_StorageDomain</Name>
+ <SimpleTypeEnforcementTypes>
+ <!-- access right to the resource (hard drive a) -->
+ <Type>ste_PersistentStorageA</Type>
+ <!-- can serve following types -->
+ <Type>ste_PersonalFinances</Type>
+ <Type>ste_InternetInsecure</Type>
+ </SimpleTypeEnforcementTypes>
+
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- serves network access to other domains -->
+ <Name>dom_NetworkDomain</Name>
+ <SimpleTypeEnforcementTypes>
+ <!-- access right to the resource (ethernet card) -->
+ <Type>ste_NetworkAdapter0</Type>
+ <!-- can serve following types -->
+ <Type>ste_PersonalFinances</Type>
+ <Type>ste_InternetInsecure</Type>
+ <Type>ste_DonatedCycles</Type>
+ </SimpleTypeEnforcementTypes>
+
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+
+ <ObjectLabels>
+ <ResourceLabel>
+ <Name>res_ManagementResource</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_HardDrive (hda)</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersistentStorageA</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_LogicalDiskPartition1 (hda1)</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersonalFinances</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_LogicalDiskPartition2 (hda2)</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_InternetInsecure</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_EthernetCard</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_NetworkAdapter0</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_SecurityToken</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersonalFinances</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_GraphicsAdapter</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+ </ObjectLabels>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/chwall_ste/chwall_ste-security_policy.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/chwall_ste/chwall_ste-security_policy.xml Fri Aug
19 18:19:28 2005
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security policies, which -->
+<!-- can be enforced by the Xen Access Control Module. -->
+<!-- Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+ <Name>chwall_ste-security_policy</Name>
+ <Date>2005-08-10</Date>
+</PolicyHeader>
+<!-- -->
+<!-- example of a simple type enforcement policy definition -->
+<!-- -->
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_SystemManagement</Type> <!-- machine/security
management -->
+ <Type>ste_PersonalFinances</Type> <!-- personal finances -->
+ <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. -->
+ <Type>ste_DonatedCycles</Type> <!-- donation to
BOINC/seti@home -->
+ <Type>ste_PersistentStorageA</Type> <!-- domain managing the
harddrive A-->
+ <Type>ste_NetworkAdapter0</Type> <!-- type of the domain
managing ethernet adapter 0-->
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+<!-- -->
+<!-- example of a chinese wall type definition -->
+<!-- along with its conflict sets -->
+<!-- (typse in a confict set are exclusive, i.e. -->
+<!-- once a Domain with one type of a set is -->
+<!-- running, no other Domain with another type -->
+<!-- of the same conflict set can start.) -->
+ <ChineseWall priority="PrimaryPolicyComponent">
+ <ChineseWallTypes>
+ <Type>cw_SystemManagement</Type>
+ <Type>cw_Sensitive</Type>
+ <Type>cw_Isolated</Type>
+ <Type>cw_Distrusted</Type>
+ </ChineseWallTypes>
+
+ <ConflictSets>
+ <Conflict name="Protection1">
+ <Type>cw_Sensitive</Type>
+ <Type>cw_Distrusted</Type>
+ </Conflict>
+ </ConflictSets>
+ </ChineseWall>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/null/null-security_label_template.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/null/null-security_label_template.xml Fri Aug
19 18:19:28 2005
@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security labels, which can -->
+<!-- be attached to Domains and resources. Based on -->
+<!-- these labels, the access control module decides -->
+<!-- about sharing between Domains and about access -->
+<!-- of Domains to real resources. -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+ <LabelHeader>
+ <Name>null-security_label_template</Name>
+
+ <Date>2005-08-10</Date>
+ <PolicyName>
+ <Url>null-security_policy.xml</Url>
+
+ <Reference>abcdef123456abcdef</Reference>
+ </PolicyName>
+ </LabelHeader>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/null/null-security_policy.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/null/null-security_policy.xml Fri Aug 19
18:19:28 2005
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security policies, which -->
+<!-- can be enforced by the Xen Access Control Module. -->
+<!-- Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+ <Name>null-security_policy</Name>
+ <Date>2005-08-10</Date>
+</PolicyHeader>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/policies/security_policy.xsd
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/security_policy.xsd Fri Aug 19 18:19:28 2005
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
+<!-- This file defines the schema, which is used to define -->
+<!-- the security policy and the security labels in Xe. -->
+
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema";
targetNamespace="http://www.ibm.com"; xmlns="http://www.ibm.com";
elementFormDefault="qualified">
+ <xsd:element name="SecurityPolicyDefinition">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="PolicyHeader" minOccurs="0"
maxOccurs="1"></xsd:element>
+ <xsd:element ref="SimpleTypeEnforcement"
minOccurs="0" maxOccurs="1"></xsd:element>
+ <xsd:element ref="ChineseWall" minOccurs="0"
maxOccurs="1"></xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SecurityLabelTemplate">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="LabelHeader" minOccurs="1"
maxOccurs="1"></xsd:element>
+ <xsd:element name="SubjectLabels" minOccurs="0"
maxOccurs="1">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element
ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="bootstrap"
type="xsd:string" use="required"></xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ObjectLabels" minOccurs="0"
maxOccurs="1">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element
ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="PolicyHeader">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Name" minOccurs="1"
maxOccurs="1" />
+ <xsd:element ref="Date" minOccurs="1"
maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="LabelHeader">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Name"></xsd:element>
+ <xsd:element ref="Date" minOccurs="1"
maxOccurs="1"></xsd:element>
+ <xsd:element ref="PolicyName" minOccurs="1"
maxOccurs="1"></xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SimpleTypeEnforcement">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="SimpleTypeEnforcementTypes" />
+ </xsd:sequence>
+ <xsd:attribute name="priority" type="PolicyOrder"
use="optional"></xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChineseWall">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="ChineseWallTypes" />
+ <xsd:element ref="ConflictSets" />
+ </xsd:sequence>
+ <xsd:attribute name="priority" type="PolicyOrder"
use="optional"></xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChineseWallTypes">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element maxOccurs="unbounded"
minOccurs="1" ref="Type" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ConflictSets">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element maxOccurs="unbounded"
minOccurs="1" ref="Conflict" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SimpleTypeEnforcementTypes">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element maxOccurs="unbounded"
minOccurs="1" ref="Type" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Conflict">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element maxOccurs="unbounded"
minOccurs="1" ref="Type" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string"
use="optional"></xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VirtualMachineLabel">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Name"></xsd:element>
+ <xsd:element ref="SimpleTypeEnforcementTypes"
minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element ref="ChineseWallTypes"
minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ResourceLabel">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Name"></xsd:element>
+ <xsd:element ref="SimpleTypeEnforcementTypes"
minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="PolicyName">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Url" />
+ <xsd:element ref="Reference" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Date" type="xsd:string" />
+ <xsd:element name="Name" type="xsd:string" />
+ <xsd:element name="Type" type="xsd:string" />
+ <xsd:element name="Reference" type="xsd:string" />
+ <xsd:element name="Url"></xsd:element>
+
+ <xsd:simpleType name="PolicyOrder">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration
value="PrimaryPolicyComponent"></xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleType>
+
+</xsd:schema>
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/ste/ste-security_label_template.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/ste/ste-security_label_template.xml Fri Aug
19 18:19:28 2005
@@ -0,0 +1,143 @@
+<?xml version="1.0"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security labels, which can -->
+<!-- be attached to Domains and resources. Based on -->
+<!-- these labels, the access control module decides -->
+<!-- about sharing between Domains and about access -->
+<!-- of Domains to real resources. -->
+
+<SecurityLabelTemplate
+ xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+ <LabelHeader>
+ <Name>ste-security_label_template</Name>
+ <Date>2005-08-10</Date>
+ <PolicyName>
+ <Url>ste-security_policy.xml</Url>
+ <Reference>abcdef123456abcdef</Reference>
+ </PolicyName>
+ </LabelHeader>
+
+ <SubjectLabels bootstrap="dom_SystemManagement">
+ <!-- single ste typed domains -->
+ <!-- ACM enforces that only domains with -->
+ <!-- the same type can share information -->
+ <!-- -->
+ <!-- Bootstrap label is assigned to Dom0 -->
+ <VirtualMachineLabel>
+ <Name>dom_HomeBanking</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersonalFinances</Type>
+ </SimpleTypeEnforcementTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <Name>dom_Fun</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_InternetInsecure</Type>
+ </SimpleTypeEnforcementTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- donating some cycles to seti@home -->
+ <Name>dom_BoincClient</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_DonatedCycles</Type>
+ </SimpleTypeEnforcementTypes>
+ </VirtualMachineLabel>
+
+ <!-- Domains with multiple ste types services; such domains -->
+ <!-- must keep the types inside their domain safely confined. -->
+ <VirtualMachineLabel>
+ <Name>dom_SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <!-- since dom0 needs access to every domain and -->
+ <!-- resource right now ... -->
+ <Type>ste_SystemManagement</Type>
+ <Type>ste_PersonalFinances</Type>
+ <Type>ste_InternetInsecure</Type>
+ <Type>ste_DonatedCycles</Type>
+ <Type>ste_PersistentStorageA</Type>
+ <Type>ste_NetworkAdapter0</Type>
+ </SimpleTypeEnforcementTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- serves persistent storage to other domains -->
+ <Name>dom_StorageDomain</Name>
+ <SimpleTypeEnforcementTypes>
+ <!-- access right to the resource (hard drive a) -->
+ <Type>ste_PersistentStorageA</Type>
+ <!-- can serve following types -->
+ <Type>ste_PersonalFinances</Type>
+ <Type>ste_InternetInsecure</Type>
+ </SimpleTypeEnforcementTypes>
+ </VirtualMachineLabel>
+
+ <VirtualMachineLabel>
+ <!-- serves network access to other domains -->
+ <Name>dom_NetworkDomain</Name>
+ <SimpleTypeEnforcementTypes>
+ <!-- access right to the resource (ethernet card) -->
+ <Type>ste_NetworkAdapter0</Type>
+ <!-- can serve following types -->
+ <Type>ste_PersonalFinances</Type>
+ <Type>ste_InternetInsecure</Type>
+ <Type>ste_DonatedCycles</Type>
+ </SimpleTypeEnforcementTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+
+ <ObjectLabels>
+ <ResourceLabel>
+ <Name>res_ManagementResource</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_HardDrive (hda)</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersistentStorageA</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_LogicalDiskPartition1 (hda1)</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersonalFinances</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_LogicalDiskPartition2 (hda2)</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_InternetInsecure</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_EthernetCard</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_NetworkAdapter0</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_SecurityToken</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_PersonalFinances</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+
+ <ResourceLabel>
+ <Name>res_GraphicsAdapter</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </ResourceLabel>
+ </ObjectLabels>
+</SecurityLabelTemplate>
+
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/security/policies/ste/ste-security_policy.xml
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policies/ste/ste-security_policy.xml Fri Aug 19
18:19:28 2005
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
+<!-- This file defines the security policies, which -->
+<!-- can be enforced by the Xen Access Control Module. -->
+<!-- Currently: Chinese Wall and Simple Type Enforcement-->
+<SecurityPolicyDefinition xmlns="http://www.ibm.com";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
+<PolicyHeader>
+ <Name>ste-security_policy</Name>
+ <Date>2005-08-10</Date>
+</PolicyHeader>
+<!-- -->
+<!-- example of a simple type enforcement policy definition -->
+<!-- -->
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>ste_SystemManagement</Type> <!-- machine/security
management -->
+ <Type>ste_PersonalFinances</Type> <!-- personal finances -->
+ <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. -->
+ <Type>ste_DonatedCycles</Type> <!-- donation to
BOINC/seti@home -->
+ <Type>ste_PersistentStorageA</Type> <!-- domain managing the
harddrive A-->
+ <Type>ste_NetworkAdapter0</Type> <!-- type of the domain
managing ethernet adapter 0-->
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+</SecurityPolicyDefinition>
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/policy.txt
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/policy.txt Fri Aug 19 18:19:28 2005
@@ -0,0 +1,405 @@
+##
+# policy.txt <description to the Xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file gives an overview of the security policies currently
+# provided and also gives some reasoning about how to assign
+# labels to domains.
+##
+
+Xen access control policies
+
+
+General explanation of supported security policies:
+=====================================================
+
+We have implemented the mandatory access control architecture of our
+hypervisor security architecture (sHype) for the Xen hypervisor. It
+controls communication (in Xen: event channels, grant tables) between
+Virtual Machines (from here on called domains) and through this the
+virtual block devices, networking, and shared memory are implemented
+on top of these communication means. While we have implemented the
+described policies and access control architecture for other
+hypervisor systems, we will describe below specifically its
+implementation and use in the Xen hypervisor. The policy enforcement
+is called mandatory regarding user domains since the policy it is
+given by the security administration and enforced independently of the
+user domains by the Xen hypervisor in cooperation with the domain
+management.
+
+The access control architecture consists of three parts:
+
+i) The access control policy determines the "command set" of the ACM
+and the hooks with which they can be configured to constrain the
+sharing of virtual resources. The current access control architecture
+implemented for Xen supports two policies: Chinese Wall and Simple
+Type Enforcement, which we describe in turn below.
+
+
+ii) The actually enforced policy instantiation uses the policy
+language (i) to configure the Xen access control in a way that suits
+the specific application (home desktop environment, company desktop,
+Web server system, etc.). We have defined an exemplary policy
+instantiation for Chinese Wall (chwall policy) and Simple Type
+Enforcement (ste policy) for a desktop system. We offer these policies
+in combination since they are controlling orthogonal events.
+
+
+iii) The access control module (ACM) and related hooks are part of the
+core hypervisor and their controls cannot be bypassed by domains. The
+ACM and hooks are the active security components. We refer to
+publications that describe how access control is enforced in the Xen
+hypervisor using the ACM (access decision) and the hooks (decision
+enforcement) inserted into the setup of event channels and grant
+tables, and into domain operations (create, destroy, save, restore,
+migrate). These controls decide based on the active policy
+configuration (see i. and ii.) if the operation proceeds of if the
+operation is aborted (denied).
+
+
+In general, security policy instantiations in the Xen access control
+framework are defined by two files:
+
+a) a single "policy-name"-security_policy.xml file that defines the
+types known to the ACM and policy rules based on these types
+
+b) a single "policy-name"-security_label_template.xml file that
+defines labels based on known types
+
+Every security policy has its own sub-directory under
+"Xen-root"/tools/security/policies in order to simplify their
+management and the security policy tools. We will describe those files
+for our example policy (Chinese Wall and Simple Type Enforcement) in
+more detail as we go along. Eventually, we will move towards a system
+installation where the policies will reside under /etc.
+
+
+CHINESE WALL
+============
+
+The Chinese Wall policy enables the user to define "which workloads
+(domain payloads) cannot run on a single physical system at the same
+time". Why would we want to prevent workloads from running at the same
+time on the same system? This supports requirements that can (but
+don't have to) be rooted in the measure of trust into the isolation of
+different domains that share the same hardware. Since the access
+control architecture aims at high performance and non-intrusive
+implementation, it currently does not address covert (timing) channels
+and aims at medium assurance. Users can apply the Chinese Wall policy
+to guarantee an air-gap between very sensitive payloads both regarding
+covert information channels and regarding resource starvation.
+
+To enable the CW control, each domain is labeled with a set of Chinese
+Wall types and CW Conflict Sets are defined which include those CW
+types that cannot run simultaneously on the same hardware. This
+interpretation of conflict sets is the only policy rule for the Chines
+Wall policy.
+
+This is enforced by controlling the start of domains according to
+their assigned CW worload types. Domains with Chinese Wall types that
+appear in a common conflict set are running mutually exclusive on a
+platform, i.e., once a domain with one of the cw-types of a conflict
+set is running, no domain with another cw-type of the same conflict
+set can start until the first domain is destroyed, paused, or migrated
+away from the physical system (this assumes that such a partition can
+no longer be observed). The idea is to assign cw-types according to
+the type of payload that a domain runs and to use the Chinese Wall
+policy to ensure that payload types can be differentiated by the
+hypervisor and can be prevented from being executed on the same system
+at the same time. Using the flexible CW policy maintains system
+consolidation and workload-balancing while introducing guaranteed
+constraints where necessary.
+
+
+Example of a Chinese Wall Policy Instantiation
+----------------------------------------------
+
+The file chwall-security_policy.xml defines the Chinese Wall types as
+well as the conflict sets for our example policy (you find it in the
+directory "xen_root"/tools/security/policies/chwall).
+
+It defines four Chinese Wall types (prefixed with cw_) with the
+following meaning:
+
+* cw_SystemsManagement is a type identifying workloads for systems
+management, e.g., domain management, device management, or hypervisor
+management.
+
+* cw_Sensitive is identifying workloads that are critical to the user
+for one reason or another.
+
+* cw_Distrusted is identifying workloads a user does not have much
+confidence in. E.g. a domain used for surfing in the internet without
+protection( i.e., active-X, java, java-script, executing web content)
+or for (Internet) Games should be typed this way.
+
+* cw_Isolated is identifying workloads that are supposedly isolated by
+use of the type enforcement policy (described below). For example, if
+a user wants to donate cycles to seti@home, she can setup a separate
+domain for a Boinc (http://boinc.ssl.berkeley.edu/) client, disable
+this domain from accessing the hard drive and from communicating to
+other local domains, and type it as cw_Isolated. We will look at a
+specific example later.
+
+The example policy uses the defined types to define one conflict set:
+Protection1 = {cw_Sensitive, cw_Distrusted}. This conflict set tells
+the hypervisor that once a domain typed as cw_Sensitive is running, a
+domain typed as cw_Distrusted cannot run concurrently (and the other
+way round). With this policy, a domain typed as cw_Isolated is allowed
+to run simultaneously with domains tagged as cw_Sensitive.
+
+Consequently, the access control module in the Xen hypervisor
+distinguishes in this example policy 4 different workload types in
+this example policy. It is the user's responsibility to type the
+domains in a way that reflects the workloads of these domains and, in
+the case of cw_Isolated, its properties, e.g. by configuring the
+sharing capabilities of the domain accordingly by using the simple
+type enforcement policy.
+
+Users can define their own or change the existing example policy
+according to their working environment and security requirements. To
+do so, replace the file chwall-security_policy.xml with the new
+policy.
+
+
+SIMPLE TYPE ENFORCEMENT
+=======================
+
+The file ste-security_policy.xml defines the simple type enforcement
+types for our example policy (you find it in the directory
+"xen_root"/tools/security/policies/ste). The Simple Type Enforcement
+policy defines which domains can share information with which other
+domains. To this end, it controls
+
+i) inter-domain communication channels (e.g., network traffic, events,
+and shared memory).
+
+ii) access of domains to physical resources (e.g., hard drive, network
+cards, graphics adapter, keyboard).
+
+In order to enable the hypervisor to distinguish different domains and
+the user to express access rules, the simple type enforcement defines
+a set of types (ste_types).
+
+The policy defines that communication between domains is allowed if
+the domains share a common STE type. As with the chwall types, STE
+types should enable the differentiation of workloads. The simple type
+enforcement access control implementation in the hypervisor enforces
+that domains can only communicate (setup event channels, grant tables)
+if they share a common type, i.e., both domains have assigned at least
+on type in common. A domain can access a resource, if the domain and
+the resource share a common type. Hence, assigning STE types to
+domains and resources allows users to define constraints on sharing
+between domains and to keep sensitive data confined from distrusted
+domains.
+
+Domain <--> Domain Sharing
+''''''''''''''''''''''''''
+(implemented but its effective use requires factorization of Dom0)
+
+a) Domains with a single STE type (general user domains): Sharing
+between such domains is enforced entirely by the hypervisor access
+control. It is independent of the domains and does not require their
+co-operation.
+
+b) Domains with multiple STE types: One example is a domain that
+virtualizes a physical resource (e.g., hard drive) and serves it as
+multiple virtual resources (virtual block drives) to other domains of
+different types. The idea is that only a specific device domain has
+assigned the type required to access the physical hard-drive. Logical
+drives are then assigned the types of domains that have access to this
+logical drive. Since the Xen hypervisor cannot distinguish between the
+logical drives, the access control (type enforcement) is delegated to
+the device domain, which has access to the types of domains requesting
+to mount a logical drive as well as the types assigned to the
+different available logical drives.
+
+Currently in Xen, Dom0 controls all hardware, needs to communicate
+with all domains during their setup, and intercepts all communication
+between domains. Consequently, Dom0 needs to be assigned all types
+used and must be completely trusted to maintain the separation of
+informatio ncoming from domains with different STE types. Thus a
+refactoring of Dom0 is recommended for stronger confinement
+guarantees.
+
+Domain --> RESOURCES Access
+'''''''''''''''''''''''''''
+(current work)
+
+We define for each resource that we want to distinguish a separate STE
+type. Each STE type is assigned to the respective resource and to
+those domains that are allowed to access this resource. Type
+enforcement will guarantee that other domains cannot access this
+resource since they don't share the resource's STE type.
+
+Since in the current implementation of Xen, Dom0 controls access to
+all hardware (e.g., disk drives, network), Domain-->Resource access
+control enforcement must be implemented in Dom0. This is possible
+since Dom0 has access to both the domain configuration (including the
+domain STE types) and the resource configuration (including the
+resource STE types).
+
+For purposes of gaining higher assurance in the resulting system, it
+may be desirable to reduce the size of dom0 by adding one or more
+"device domains" (DDs). These DDs, e.g. providing storage or network
+access, can support one or more physical devices, and manage
+enforcement of MAC policy relevant for said devices. Security benefits
+come from the smaller size of these DDs, as they can be more easily
+audited than monolithic device driver domains. DDs can help to obtain
+maximum security benefit from sHype.
+
+
+Example of a Simple Type Enforcement Policy Instantiation
+---------------------------------------------------------
+
+We define the following types:
+
+* ste_SystemManagement identifies workloads (and domains that runs
+them) that must share information to accomplish the management of the
+system
+
+* ste_PersonalFinances identifies workloads that are related to
+sensitive programs such as HomeBanking applications or safely
+configured web browsers for InternetBanking
+
+* ste_InternetInsecure identifies workloads that are very
+function-rich and unrestricted to offer for example an environment
+where internet games can run efficiently
+
+* ste_DonatedCycles identifies workloads that run on behalf of others,
+e.g. a Boinc client
+
+* ste_PersistentStorage identifies workloads that have direct access
+to persistent storage (e.g., hard drive)
+
+* ste_NetworkAccess identifies workload that have direct access to
+network cards and related networks
+
+
+
+SECURITY LABEL TEMPLATES
+========================
+
+We introduce security label templates because it is difficult for
+users to ensure tagging of domains consistently and since there are
+--as we have seen in the case of isolation-- useful dependencies
+between the policies. Security Label Templates define type sets that
+can be addressed by more user-friendly label names,
+e.g. dom_Homebanking describes a typical typeset tagged to domains
+used for sensitive Homebanking work-loads. Labels are defined in the
+file
+
+Using Security Label Templates has multiple advantages:
+a) easy reference of typical sets of type assignments
+b) consistent interpretation of type combinations
+c) meaningful application-level label names
+
+The definition of label templates depends on the combination of
+policies that are used. We will describe some of the labels defined
+for the Chinese Wall and Simple Type Enforcement combination.
+
+In the BoincClient example, the label_template file specifies that
+this Label is assigned the Chinese Wall type cw_Isolated. We do this
+assuming that this BoincClient is isolated against the rest of the
+system infrastructure (no persistent memory, no sharing with local
+domains). Since cw_Isolated is not included in any conflict set, it
+can run at any time concurrently with any other domain. The
+ste_DonatedCycles type assigned to the BoincClient reflect the
+isolation assumption: it is only assigned to the dom_NetworkDomain
+giving the BoincClient domain access to the network to communicate
+with its BoincServer.
+
+The strategy for combining types into Labels is the following: First
+we define a label for each type of general user domain
+(workload-oriented). Then we define a new label for each physical
+resource that shall be shared using a DD domain (e.g., disk) and for
+each logical resource offered through this physical resource (logical
+disk partition). We define then device domain labels (here:
+dom_SystemManagement, dom_StorageDomain, dom_NetworkDomain) which
+include the types of the physical resources (e.g. hda) their domains
+need to connect to. Such physical resources can only be accessed
+directly by device domains types with the respective device's STE
+type. Additionally we assign to such a device domain Label the STE
+types of those user domains that are allowed to access one of the
+logical resources (e.g., hda1, hda2) built on top of this physical
+resource through the device domain.
+
+
+Label Construction Example:
+---------------------------
+
+We define here a storage domain label for a domain that owns a real
+disk drive and creates the logical disk partitions hda1 and hda2 which
+it serves to domains labeled dom_HomeBanking and dom_Fun
+respectively. The labels we refer to are defined in the label template
+file policies/chwall_ste/chwall_ste-security-label-template.xml.
+
+step1: To distinguish different shared disk drives, we create a
+separate Label and STE type for each of them. Here: we create a type
+ste_PersistentStorageA for disk drive hda. If you have another disk
+drive, you may define another persistent storage type
+ste_PersistentStorageB in the chwall_ste-security_policy.xml.
+
+step2: To distinguish different domains, we create multiple domain
+labels including different types. Here: label dom_HomeBanking includes
+STE type ste_PersonalFinances, label dom_Fun includes STE type
+ste_InternetInsecure.
+
+step3: The storage domain in charge of the hard drive A needs access
+to this hard drive. Therefore the storage domain label
+dom_StorageDomain must include the type assigned to the hard drive
+(ste_PersistentStorageA).
+
+step4: In order to serve dom hda1 to domains labeled dom_HomeBanking
+and hda2 to domains labeled dom_Fun, the storage domain label must
+include the types of those domains as well (ste_PersonalFinance,
+ste_InternetInsecure).
+
+step5: In order to keep the data for different types safely apart, the
+different logical disk partitions must be assigned unique labels and
+types, which are used inside the storage domain to extend the ACM
+access enforcement to logical resources served from inside the storage
+domain. We define labels "res_LogicalDiskPartition1 (hda1)" and assign
+it to hda1 and "res_LogicalDiskPartition2 (hda2)" and assign it to
+hda2. These labels must include the STE types of those domains that
+are allowed to use them (e.g., ste_PersonalFinances for hda1).
+
+The overall mandatory access control is then enforced in 3 different
+Xen components and these components use a single consistent policy to
+co-operatively enforce the policy. In the storage domain example, we
+have three components that co-operate:
+
+1. The ACM module inside the hypervisor enforces: communication between
+user domains and the storage domain (only domains including types
+ste_PersonalFinances or ste_InternetInsecure can communicate with the
+storage domain and request access to logical resource). This confines
+the sharing to the types assigned to the storage domain.
+
+2. The domain management will enforce (work in progress): assignment of
+real resources (hda) to domains (storage domain) that share a
+type with the resource.
+
+3. If the storage domain serves multiple STE types (as in our example),
+it enforces (work in progress): that domains can access (mount)
+logical resources only if they share an STE type with the respective
+resource. In our example, domains with the STE type
+ste_PersonalFinances can request access (mount) to logical resource
+hda1 from the storage domain.
+
+If you look at the virtual machine label dom_StorageDomain, you will
+see the minimal set of types assigned to our domain manageing disk
+drive hda for serving logical disk partitions exclusively to
+dom_HomeBanking and dom_Fun.
+
+Similary, network domains can confine access to the network or
+network communication between user domains.
+
+As a result, device domains (e.g., storage domain, network domain)
+must be simple and small to ensure their correct co-operation in the
+type enforcement model. If such trust is not possible, then hardware
+should be assigned exclusively to a single type (or to a single
+partition) in which case the hypervisor ACM enforcement enforces the
+types independently.
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/readme.txt
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/readme.txt Fri Aug 19 18:19:28 2005
@@ -0,0 +1,29 @@
+
+##
+# readme.txt <description to the xen access control architecture>
+#
+# Author:
+# Reiner Sailer 08/15/2005 <sailer@xxxxxxxxxxxxxx>
+#
+#
+# This file is a toc for information regarding
+# the access control policy and tools in Xen.
+##
+
+1. policy.txt:
+
+ describes the general reasoning and examples for access
+ control policies in Xen
+
+
+2. install.txt
+
+ describes the activation of the access control framework
+ in Xen
+
+3. example.txt
+
+ describes the available tools for managing security policies
+ in Xen and the tools to label domains
+
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_compat.h
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_compat.h Fri Aug 19 18:19:28 2005
@@ -0,0 +1,14 @@
+/* secpol_compat.h
+ * 'translates' data types necessary to
+ * include <xen/acm.h>
+ */
+#include <stdint.h>
+
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint64_t u64;
+typedef int8_t s8;
+typedef int16_t s16;
+typedef int32_t s32;
+typedef int64_t s64;
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_xml2bin.c
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_xml2bin.c Fri Aug 19 18:19:28 2005
@@ -0,0 +1,1396 @@
+/****************************************************************
+ * secpol_xml2bin.c
+ *
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Author: Reiner Sailer <sailer@xxxxxxxxxx>
+ *
+ * Maintained:
+ * Reiner Sailer <sailer@xxxxxxxxxx>
+ * Ray Valdez <rvaldez@xxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * sHype policy translation tool. This tool takes an XML
+ * policy specification as input and produces a binary
+ * policy file that can be loaded into Xen through the
+ * ACM operations (secpol_tool loadpolicy) interface or at
+ * boot time (grub module parameter)
+ *
+ * indent -i4 -kr -nut
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <libgen.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/queue.h>
+#include <netinet/in.h>
+#include <libxml/xmlschemas.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+#include <libxml/xmlreader.h>
+#include "secpol_compat.h"
+#include <xen/acm.h>
+
+#include "secpol_xml2bin.h"
+
+#define DEBUG 0
+
+/* primary / secondary policy component setting */
+enum policycomponent { CHWALL, STE, NULLPOLICY }
+ primary = NULLPOLICY, secondary = NULLPOLICY;
+
+/* general list element for ste and chwall type queues */
+struct type_entry {
+ TAILQ_ENTRY(type_entry) entries;
+ char *name; /* name of type from xml file */
+ type_t mapping; /* type mapping into 16bit */
+};
+
+TAILQ_HEAD(tailhead, type_entry) ste_head, chwall_head;
+
+/* general list element for all label queues */
+enum label_type { VM, RES, ANY };
+struct ssid_entry {
+ TAILQ_ENTRY(ssid_entry) entries;
+ char *name; /* label name */
+ enum label_type type; /* type: VM / RESOURCE LABEL */
+ u_int32_t num; /* ssid or referenced ssid */
+ int is_ref; /* if this entry references earlier ssid
number */
+ unsigned char *row; /* index of types (if not a reference) */
+};
+
+TAILQ_HEAD(tailhead_ssid, ssid_entry) ste_ssid_head, chwall_ssid_head,
+ conflictsets_head;
+struct ssid_entry *current_chwall_ssid_p = NULL;
+struct ssid_entry *current_ste_ssid_p = NULL;
+struct ssid_entry *current_conflictset_p = NULL;
+
+/* which label to assign to dom0 during boot */
+char *bootstrap_label;
+
+u_int32_t max_ste_ssids = 0;
+u_int32_t max_chwall_ssids = 0;
+u_int32_t max_chwall_labels = 0;
+u_int32_t max_ste_labels = 0;
+u_int32_t max_conflictsets = 0;
+
+char *current_ssid_name; /* store name until structure is allocated */
+char *current_conflictset_name; /* store name until structure is allocated */
+
+/* dynamic list of type mappings for STE */
+u_int32_t max_ste_types = 0;
+
+/* dynamic list of type mappings for CHWALL */
+u_int32_t max_chwall_types = 0;
+
+/* dynamic list of conflict sets */
+int max_conflict_set = 0;
+
+/* which policies are defined */
+int have_ste = 0;
+int have_chwall = 0;
+
+/* input/output file names */
+char *policy_filename = NULL,
+ *label_filename = NULL,
+ *binary_filename = NULL, *mapping_filename = NULL;
+
+void usage(char *prg)
+{
+ printf("usage:\n%s policyname[-policy.xml/-security_label_template.xml]\n",
+ prg);
+ exit(EXIT_FAILURE);
+}
+
+
+/***************** policy-related parsing *********************/
+
+char *type_by_mapping(struct tailhead *head, u_int32_t mapping)
+{
+ struct type_entry *np;
+ for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+ if (np->mapping == mapping)
+ return np->name;
+ return NULL;
+}
+
+
+struct type_entry *lookup(struct tailhead *head, char *name)
+{
+ struct type_entry *np;
+ for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+ if (!(strcmp(np->name, name)))
+ return np;
+ return NULL;
+}
+
+/* enforces single-entry lists */
+int add_entry(struct tailhead *head, char *name, type_t mapping)
+{
+ struct type_entry *e;
+ if (lookup(head, name))
+ {
+ printf("Error: Type >%s< defined more than once.\n", name);
+ return -EFAULT; /* already in the list */
+ }
+ if (!(e = malloc(sizeof(struct type_entry))))
+ return -ENOMEM;
+
+ e->name = name;
+ e->mapping = mapping;
+ TAILQ_INSERT_TAIL(head, e, entries);
+ return 0;
+}
+
+int totoken(char *tok)
+{
+ int i;
+ for (i = 0; token[i] != NULL; i++)
+ if (!strcmp(token[i], tok))
+ return i;
+ return -EFAULT;
+}
+
+/* conflictsets use the same data structure as ssids; since
+ * they are similar in structure (set of types)
+ */
+int init_next_conflictset(void)
+{
+ struct ssid_entry *conflictset = malloc(sizeof(struct ssid_entry));
+
+ if (!conflictset)
+ return -ENOMEM;
+
+ conflictset->name = current_conflictset_name;
+ conflictset->num = max_conflictsets++;
+ conflictset->is_ref = 0; /* n/a for conflictsets */
+ /**
+ * row: allocate one byte per type;
+ * [i] != 0 --> mapped type >i< is part of the conflictset
+ */
+ conflictset->row = malloc(max_chwall_types);
+ if (!conflictset->row)
+ return -ENOMEM;
+
+ memset(conflictset->row, 0, max_chwall_types);
+ TAILQ_INSERT_TAIL(&conflictsets_head, conflictset, entries);
+ current_conflictset_p = conflictset;
+ return 0;
+}
+
+int register_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
+{
+ xmlChar *text;
+ struct type_entry *e;
+
+
+ text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
+ if (!text)
+ {
+ printf("Error reading type name!\n");
+ return -EFAULT;
+ }
+
+ switch (state) {
+ case XML2BIN_stetype_S:
+ if (add_entry(&ste_head, (char *) text, max_ste_types))
+ {
+ xmlFree(text);
+ return -EFAULT;
+ }
+ max_ste_types++;
+ break;
+
+ case XML2BIN_chwalltype_S:
+ if (add_entry(&chwall_head, (char *) text, max_chwall_types))
+ {
+ xmlFree(text);
+ return -EFAULT;
+ }
+ max_chwall_types++;
+ break;
+
+ case XML2BIN_conflictsettype_S:
+ /* a) search the type in the chwall_type list */
+ e = lookup(&chwall_head, (char *) text);
+ if (e == NULL)
+ {
+ printf("CS type >%s< not a CHWALL type.\n", text);
+ xmlFree(text);
+ return -EFAULT;
+ }
+ /* b) add type entry to the current cs set */
+ if (current_conflictset_p->row[e->mapping])
+ {
+ printf("ERROR: Double entry of type >%s< in conflict set %d.\n",
+ text, current_conflictset_p->num);
+ xmlFree(text);
+ return -EFAULT;
+ }
+ current_conflictset_p->row[e->mapping] = 1;
+ break;
+
+ default:
+ printf("Incorrect type environment (state = %lx, text = %s).\n",
+ state, text);
+ xmlFree(text);
+ return -EFAULT;
+ }
+ return 0;
+}
+
+void set_component_type(xmlNode * cur_node, enum policycomponent pc)
+{
+ xmlChar *order;
+
+ if ((order = xmlGetProp(cur_node, (xmlChar *)
PRIMARY_COMPONENT_ATTR_NAME))) {
+ if (strcmp((char *) order, PRIMARY_COMPONENT))
+ {
+ printf("ERROR: Illegal attribut value >order=%s<.\n",
+ (char *) order);
+ xmlFree(order);
+ exit(EXIT_FAILURE);
+ }
+ if (primary != NULLPOLICY)
+ {
+ printf("ERROR: Primary Policy Component set twice!\n");
+ exit(EXIT_FAILURE);
+ }
+ primary = pc;
+ xmlFree(order);
+ }
+}
+
+void walk_policy(xmlNode * start, xmlDocPtr doc, unsigned long state)
+{
+ xmlNode *cur_node = NULL;
+ int code;
+
+ for (cur_node = start; cur_node; cur_node = cur_node->next)
+ {
+ if ((code = totoken((char *) cur_node->name)) < 0)
+ {
+ printf("Unknown token: >%s<. Aborting.\n", cur_node->name);
+ exit(EXIT_FAILURE);
+ }
+ switch (code) { /* adjust state to new state */
+ case XML2BIN_SECPOL:
+ case XML2BIN_STETYPES:
+ case XML2BIN_CHWALLTYPES:
+ case XML2BIN_CONFLICTSETS:
+ walk_policy(cur_node->children, doc, state | (1 << code));
+ break;
+
+ case XML2BIN_STE:
+ if (WRITTEN_AGAINST_ACM_STE_VERSION != ACM_STE_VERSION)
+ {
+ printf("ERROR: This program was written against another STE
version.\n");
+ exit(EXIT_FAILURE);
+ }
+ have_ste = 1;
+ set_component_type(cur_node, STE);
+ walk_policy(cur_node->children, doc, state | (1 << code));
+ break;
+
+ case XML2BIN_CHWALL:
+ if (WRITTEN_AGAINST_ACM_CHWALL_VERSION != ACM_CHWALL_VERSION)
+ {
+ printf("ERROR: This program was written against another CHWALL
version.\n");
+ exit(EXIT_FAILURE);
+ }
+ have_chwall = 1;
+ set_component_type(cur_node, CHWALL);
+ walk_policy(cur_node->children, doc, state | (1 << code));
+ break;
+
+ case XML2BIN_CSTYPE:
+ current_conflictset_name =
+ (char *) xmlGetProp(cur_node, (xmlChar *) "name");
+ if (!current_conflictset_name)
+ current_conflictset_name = "";
+
+ if (init_next_conflictset())
+ {
+ printf
+ ("ERROR: creating new conflictset structure failed.\n");
+ exit(EXIT_FAILURE);
+ }
+ walk_policy(cur_node->children, doc, state | (1 << code));
+ break;
+
+ case XML2BIN_TYPE:
+ if (register_type(cur_node, doc, state))
+ exit(EXIT_FAILURE);
+ /* type leaf */
+ break;
+
+ case XML2BIN_TEXT:
+ case XML2BIN_COMMENT:
+ case XML2BIN_POLICYHEADER:
+ /* leaf - nothing to do */
+ break;
+
+ default:
+ printf("Unkonwn token Error (%d)\n", code);
+ exit(EXIT_FAILURE);
+ }
+
+ }
+ return;
+}
+
+int create_type_mapping(xmlDocPtr doc)
+{
+ xmlNode *root_element = xmlDocGetRootElement(doc);
+ struct type_entry *te;
+ struct ssid_entry *se;
+ int i;
+
+ printf("Creating ssid mappings ...\n");
+
+ /* initialize the ste and chwall type lists */
+ TAILQ_INIT(&ste_head);
+ TAILQ_INIT(&chwall_head);
+ TAILQ_INIT(&conflictsets_head);
+
+ walk_policy(root_element, doc, XML2BIN_NULL);
+
+ /* determine primary/secondary policy component orders */
+ if ((primary == NULLPOLICY) && have_chwall)
+ primary = CHWALL; /* default if not set */
+ else if ((primary == NULLPOLICY) && have_ste)
+ primary = STE;
+
+ switch (primary) {
+
+ case CHWALL:
+ if (have_ste)
+ secondary = STE;
+ /* else default = NULLPOLICY */
+ break;
+
+ case STE:
+ if (have_chwall)
+ secondary = CHWALL;
+ /* else default = NULLPOLICY */
+ break;
+
+ default:
+ /* NULL/NULL policy */
+ break;
+ }
+
+ if (!DEBUG)
+ return 0;
+
+ /* print queues */
+ if (have_ste)
+ {
+ printf("STE-Type queue (%s):\n",
+ (primary == STE) ? "PRIMARY" : "SECONDARY");
+ for (te = ste_head.tqh_first; te != NULL;
+ te = te->entries.tqe_next)
+ printf("name=%22s, map=%x\n", te->name, te->mapping);
+ }
+ if (have_chwall)
+ {
+ printf("CHWALL-Type queue (%s):\n",
+ (primary == CHWALL) ? "PRIMARY" : "SECONDARY");
+ for (te = chwall_head.tqh_first; te != NULL;
+ te = te->entries.tqe_next)
+ printf("name=%s, map=%x\n", te->name, te->mapping);
+
+ printf("Conflictset queue (max=%d):\n", max_conflictsets);
+ for (se = conflictsets_head.tqh_first; se != NULL;
+ se = se->entries.tqe_next)
+ {
+ printf("conflictset name >%s<\n",
+ se->name ? se->name : "NONAME");
+ for (i = 0; i < max_chwall_types; i++)
+ if (se->row[i])
+ printf("#%x ", i);
+ printf("\n");
+ }
+ }
+ return 0;
+}
+
+
+/***************** template-related parsing *********************/
+
+/* add default ssid at head of ssid queues */
+int init_ssid_queues(void)
+{
+ struct ssid_entry *default_ssid_chwall, *default_ssid_ste;
+
+ default_ssid_chwall = malloc(sizeof(struct ssid_entry));
+ default_ssid_ste = malloc(sizeof(struct ssid_entry));
+
+ if ((!default_ssid_chwall) || (!default_ssid_ste))
+ return -ENOMEM;
+
+ /* default chwall ssid */
+ default_ssid_chwall->name = "DEFAULT";
+ default_ssid_chwall->num = max_chwall_ssids++;
+ default_ssid_chwall->is_ref = 0;
+ default_ssid_chwall->type = ANY;
+
+ default_ssid_chwall->row = malloc(max_chwall_types);
+
+ if (!default_ssid_chwall->row)
+ return -ENOMEM;
+
+ memset(default_ssid_chwall->row, 0, max_chwall_types);
+
+ TAILQ_INSERT_TAIL(&chwall_ssid_head, default_ssid_chwall, entries);
+ current_chwall_ssid_p = default_ssid_chwall;
+ max_chwall_labels++;
+
+ /* default ste ssid */
+ default_ssid_ste->name = "DEFAULT";
+ default_ssid_ste->num = max_ste_ssids++;
+ default_ssid_ste->is_ref = 0;
+ default_ssid_ste->type = ANY;
+
+ default_ssid_ste->row = malloc(max_ste_types);
+
+ if (!default_ssid_ste->row)
+ return -ENOMEM;
+
+ memset(default_ssid_ste->row, 0, max_ste_types);
+
+ TAILQ_INSERT_TAIL(&ste_ssid_head, default_ssid_ste, entries);
+ current_ste_ssid_p = default_ssid_ste;
+ max_ste_labels++;
+ return 0;
+}
+
+int init_next_chwall_ssid(unsigned long state)
+{
+ struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
+
+ if (!ssid)
+ return -ENOMEM;
+
+ ssid->name = current_ssid_name;
+ ssid->num = max_chwall_ssids++;
+ ssid->is_ref = 0;
+
+ if (state & (1 << XML2BIN_VM))
+ ssid->type = VM;
+ else
+ ssid->type = RES;
+ /**
+ * row: allocate one byte per type;
+ * [i] != 0 --> mapped type >i< is part of the ssid
+ */
+ ssid->row = malloc(max_chwall_types);
+ if (!ssid->row)
+ return -ENOMEM;
+
+ memset(ssid->row, 0, max_chwall_types);
+ TAILQ_INSERT_TAIL(&chwall_ssid_head, ssid, entries);
+ current_chwall_ssid_p = ssid;
+ max_chwall_labels++;
+ return 0;
+}
+
+int init_next_ste_ssid(unsigned long state)
+{
+ struct ssid_entry *ssid = malloc(sizeof(struct ssid_entry));
+
+ if (!ssid)
+ return -ENOMEM;
+
+ ssid->name = current_ssid_name;
+ ssid->num = max_ste_ssids++;
+ ssid->is_ref = 0;
+
+ if (state & (1 << XML2BIN_VM))
+ ssid->type = VM;
+ else
+ ssid->type = RES;
+
+ /**
+ * row: allocate one byte per type;
+ * [i] != 0 --> mapped type >i< is part of the ssid
+ */
+ ssid->row = malloc(max_ste_types);
+ if (!ssid->row)
+ return -ENOMEM;
+
+ memset(ssid->row, 0, max_ste_types);
+ TAILQ_INSERT_TAIL(&ste_ssid_head, ssid, entries);
+ current_ste_ssid_p = ssid;
+ max_ste_labels++;
+
+ return 0;
+}
+
+
+/* adds a type to the current ssid */
+int add_type(xmlNode * cur_node, xmlDocPtr doc, unsigned long state)
+{
+ xmlChar *text;
+ struct type_entry *e;
+
+ text = xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
+ if (!text)
+ {
+ printf("Error reading type name!\n");
+ return -EFAULT;
+ }
+ /* same for all: 1. lookup type mapping, 2. mark type in ssid */
+ switch (state) {
+ case XML2BIN_VM_STE_S:
+ case XML2BIN_RES_STE_S:
+ /* lookup the type mapping and include the type mapping into the array
*/
+ if (!(e = lookup(&ste_head, (char *) text)))
+ {
+ printf("ERROR: unknown VM STE type >%s<.\n", text);
+ exit(EXIT_FAILURE);
+ }
+ if (current_ste_ssid_p->row[e->mapping])
+ printf("Warning: double entry of VM STE type >%s<.\n", text);
+
+ current_ste_ssid_p->row[e->mapping] = 1;
+ break;
+
+ case XML2BIN_VM_CHWALL_S:
+ /* lookup the type mapping and include the type mapping into the array
*/
+ if (!(e = lookup(&chwall_head, (char *) text)))
+ {
+ printf("ERROR: unknown VM CHWALL type >%s<.\n", text);
+ exit(EXIT_FAILURE);
+ }
+ if (current_chwall_ssid_p->row[e->mapping])
+ printf("Warning: double entry of VM CHWALL type >%s<.\n",
+ text);
+
+ current_chwall_ssid_p->row[e->mapping] = 1;
+ break;
+
+ default:
+ printf("Incorrect type environment (state = %lx, text = %s).\n",
+ state, text);
+ xmlFree(text);
+ return -EFAULT;
+ }
+ return 0;
+}
+
+void set_bootstrap_label(xmlNode * cur_node)
+{
+ xmlChar *order;
+
+ if ((order = xmlGetProp(cur_node, (xmlChar *) BOOTSTRAP_LABEL_ATTR_NAME)))
+ bootstrap_label = (char *)order;
+ else {
+ printf("ERROR: No bootstrap label defined!\n");
+ exit(EXIT_FAILURE);
+ }
+}
+
+void walk_labels(xmlNode * start, xmlDocPtr doc, unsigned long state)
+{
+ xmlNode *cur_node = NULL;
+ int code;
+
+ for (cur_node = start; cur_node; cur_node = cur_node->next)
+ {
+ if ((code = totoken((char *) cur_node->name)) < 0)
+ {
+ printf("Unkonwn token: >%s<. Aborting.\n", cur_node->name);
+ exit(EXIT_FAILURE);
+ }
+ switch (code) { /* adjust state to new state */
+
+ case XML2BIN_SUBJECTS:
+ set_bootstrap_label(cur_node);
+ /* fall through */
+ case XML2BIN_VM:
+ case XML2BIN_RES:
+ case XML2BIN_SECTEMPLATE:
+ case XML2BIN_OBJECTS:
+ walk_labels(cur_node->children, doc, state | (1 << code));
+ break;
+
+ case XML2BIN_STETYPES:
+ /* create new ssid entry to use and point current to it */
+ if (init_next_ste_ssid(state))
+ {
+ printf("ERROR: creating new ste ssid structure failed.\n");
+ exit(EXIT_FAILURE);
+ }
+ walk_labels(cur_node->children, doc, state | (1 << code));
+
+ break;
+
+ case XML2BIN_CHWALLTYPES:
+ /* create new ssid entry to use and point current to it */
+ if (init_next_chwall_ssid(state))
+ {
+ printf("ERROR: creating new chwall ssid structure failed.\n");
+ exit(EXIT_FAILURE);
+ }
+ walk_labels(cur_node->children, doc, state | (1 << code));
+
+ break;
+
+ case XML2BIN_TYPE:
+ /* add type to current ssid */
+ if (add_type(cur_node, doc, state))
+ exit(EXIT_FAILURE);
+ break;
+
+ case XML2BIN_NAME:
+ if ((state != XML2BIN_VM_S) && (state != XML2BIN_RES_S))
+ {
+ printf("ERROR: >name< out of VM/RES context.\n");
+ exit(EXIT_FAILURE);
+ }
+ current_ssid_name = (char *)
+ xmlNodeListGetString(doc, cur_node->xmlChildrenNode, 1);
+
+ if (!current_ssid_name)
+ {
+ printf("ERROR: empty >name<!\n");
+ exit(EXIT_FAILURE);
+ }
+ break;
+
+ case XML2BIN_TEXT:
+ case XML2BIN_COMMENT:
+ case XML2BIN_LABELHEADER:
+ break;
+
+ default:
+ printf("Unkonwn token Error (%d)\n", code);
+ exit(EXIT_FAILURE);
+ }
+
+ }
+ return;
+}
+
+/* this function walks through a ssid queue
+ * and transforms double entries into references
+ * of the first definition (we need to keep the
+ * entry to map labels but we don't want double
+ * ssids in the binary policy
+ */
+void
+remove_doubles(struct tailhead_ssid *head,
+ u_int32_t max_types, u_int32_t * max_ssids)
+{
+ struct ssid_entry *np, *ni;
+
+ /* walk once through the list */
+ for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+ {
+ /* now search from the start until np for the same entry */
+ for (ni = head->tqh_first; ni != np; ni = ni->entries.tqe_next)
+ {
+ if (ni->is_ref)
+ continue;
+ if (memcmp(np->row, ni->row, max_types))
+ continue;
+ /* found one, set np reference to ni */
+ np->is_ref = 1;
+ np->num = ni->num;
+ (*max_ssids)--;
+ }
+ }
+
+ /* now minimize the ssid numbers used (doubles introduce holes) */
+ (*max_ssids) = 0; /* reset */
+
+ for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+ {
+ if (np->is_ref)
+ continue;
+
+ if (np->num != (*max_ssids)) {
+ /* first reset all later references to the new max_ssid */
+ for (ni = np->entries.tqe_next; ni != NULL; ni =
ni->entries.tqe_next)
+ {
+ if (ni->num == np->num)
+ ni->num = (*max_ssids);
+ }
+ /* now reset num */
+ np->num = (*max_ssids)++;
+ }
+ else
+ (*max_ssids)++;
+ }
+}
+
+/*
+ * will go away as soon as we have non-static bootstrap ssidref for dom0
+ */
+void fixup_bootstrap_label(struct tailhead_ssid *head,
+ u_int32_t max_types, u_int32_t * max_ssids)
+{
+ struct ssid_entry *np;
+ int i;
+
+ /* should not happen if xml / xsd checks work */
+ if (!bootstrap_label)
+ {
+ printf("ERROR: No bootstrap label defined.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* search bootstrap_label */
+ for (np = head->tqh_first; np != NULL; np = np->entries.tqe_next)
+ {
+ if (!strcmp(np->name, bootstrap_label))
+ {
+ break;
+ }
+ }
+
+ if (!np) {
+ /* bootstrap label not found */
+ printf("ERROR: Bootstrap label >%s< not found.\n", bootstrap_label);
+ exit(EXIT_FAILURE);
+ }
+
+ /* move this entry ahead in the list right after the default entry so it
+ * receives ssidref 1/1 */
+ TAILQ_REMOVE(head, np, entries);
+ TAILQ_INSERT_AFTER(head, head->tqh_first, np, entries);
+
+ /* renumber the ssids (we could also just switch places with 1st element)
*/
+ for (np = head->tqh_first, i=0; np != NULL; np = np->entries.tqe_next, i++)
+ np->num = i;
+
+}
+
+int create_ssid_mapping(xmlDocPtr doc)
+{
+ xmlNode *root_element = xmlDocGetRootElement(doc);
+ struct ssid_entry *np;
+ int i;
+
+ printf("Creating label mappings ...\n");
+ /* initialize the ste and chwall type lists */
+ TAILQ_INIT(&chwall_ssid_head);
+ TAILQ_INIT(&ste_ssid_head);
+
+ /* init with default ssids */
+ if (init_ssid_queues())
+ {
+ printf("ERROR adding default ssids.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* now walk the template DOM tree and fill in ssids */
+ walk_labels(root_element, doc, XML2BIN_NULL);
+
+ /*
+ * now sort bootstrap label to the head of the list
+ * (for now), dom0 assumes its label in the first
+ * defined ssidref (1/1). 0/0 is the default non-Label
+ */
+ if (have_chwall)
+ fixup_bootstrap_label(&chwall_ssid_head, max_chwall_types,
+ &max_chwall_ssids);
+ if (have_ste)
+ fixup_bootstrap_label(&ste_ssid_head, max_ste_types,
+ &max_ste_ssids);
+
+ /* remove any double entries (insert reference instead) */
+ if (have_chwall)
+ remove_doubles(&chwall_ssid_head, max_chwall_types,
+ &max_chwall_ssids);
+ if (have_ste)
+ remove_doubles(&ste_ssid_head, max_ste_types,
+ &max_ste_ssids);
+
+ if (!DEBUG)
+ return 0;
+
+ /* print queues */
+ if (have_chwall)
+ {
+ printf("CHWALL SSID queue (max ssidrefs=%d):\n", max_chwall_ssids);
+ np = NULL;
+ for (np = chwall_ssid_head.tqh_first; np != NULL;
+ np = np->entries.tqe_next)
+ {
+ printf("SSID #%02u (Label=%s)\n", np->num, np->name);
+ if (np->is_ref)
+ printf("REFERENCE");
+ else
+ for (i = 0; i < max_chwall_types; i++)
+ if (np->row[i])
+ printf("#%02d ", i);
+ printf("\n\n");
+ }
+ }
+ if (have_ste)
+ {
+ printf("STE SSID queue (max ssidrefs=%d):\n", max_ste_ssids);
+ np = NULL;
+ for (np = ste_ssid_head.tqh_first; np != NULL;
+ np = np->entries.tqe_next)
+ {
+ printf("SSID #%02u (Label=%s)\n", np->num, np->name);
+ if (np->is_ref)
+ printf("REFERENCE");
+ else
+ for (i = 0; i < max_ste_types; i++)
+ if (np->row[i])
+ printf("#%02d ", i);
+ printf("\n\n");
+ }
+ }
+ return 0;
+}
+
+/***************** writing the binary policy *********************/
+
+/*
+ * the mapping file is ascii-based since it will likely be used from
+ * within scripts (using awk, grep, etc.);
+ *
+ * We print from high-level to low-level information so that with one
+ * pass, any symbol can be resolved (e.g. Label -> types)
+ */
+int write_mapping(char *filename)
+{
+
+ struct ssid_entry *e;
+ struct type_entry *t;
+ int i;
+ FILE *file;
+
+ if ((file = fopen(filename, "w")) == NULL)
+ return -EIO;
+
+ fprintf(file, "MAGIC %08x\n", ACM_MAGIC);
+ fprintf(file, "POLICY %s\n",
+ basename(policy_filename));
+ fprintf(file, "BINARY %s\n",
+ basename(binary_filename));
+ if (have_chwall)
+ {
+ fprintf(file, "MAX-CHWALL-TYPES %08x\n", max_chwall_types);
+ fprintf(file, "MAX-CHWALL-SSIDS %08x\n", max_chwall_ssids);
+ fprintf(file, "MAX-CHWALL-LABELS %08x\n", max_chwall_labels);
+ }
+ if (have_ste)
+ {
+ fprintf(file, "MAX-STE-TYPES %08x\n", max_ste_types);
+ fprintf(file, "MAX-STE-SSIDS %08x\n", max_ste_ssids);
+ fprintf(file, "MAX-STE-LABELS %08x\n", max_ste_labels);
+ }
+ fprintf(file, "\n");
+
+ /* primary / secondary order for combined ssid synthesis/analysis
+ * if no primary is named, then chwall is primary */
+ switch (primary) {
+ case CHWALL:
+ fprintf(file, "PRIMARY CHWALL\n");
+ break;
+
+ case STE:
+ fprintf(file, "PRIMARY STE\n");
+ break;
+
+ default:
+ fprintf(file, "PRIMARY NULL\n");
+ break;
+ }
+
+ switch (secondary) {
+ case CHWALL:
+ fprintf(file, "SECONDARY CHWALL\n");
+ break;
+
+ case STE:
+ fprintf(file, "SECONDARY STE\n");
+ break;
+
+ default:
+ fprintf(file, "SECONDARY NULL\n");
+ break;
+ }
+ fprintf(file, "\n");
+
+ /* first labels to ssid mappings */
+ if (have_chwall)
+ {
+ for (e = chwall_ssid_head.tqh_first; e != NULL;
+ e = e->entries.tqe_next)
+ {
+ fprintf(file, "LABEL->SSID %s CHWALL %-25s %8x\n",
+ (e->type ==
+ VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
+ e->name, e->num);
+ }
+ fprintf(file, "\n");
+ }
+ if (have_ste)
+ {
+ for (e = ste_ssid_head.tqh_first; e != NULL;
+ e = e->entries.tqe_next)
+ {
+ fprintf(file, "LABEL->SSID %s STE %-25s %8x\n",
+ (e->type ==
+ VM) ? "VM " : ((e->type == RES) ? "RES" : "ANY"),
+ e->name, e->num);
+ }
+ fprintf(file, "\n");
+ }
+
+ /* second ssid to type mappings */
+ if (have_chwall)
+ {
+ for (e = chwall_ssid_head.tqh_first; e != NULL;
+ e = e->entries.tqe_next)
+ {
+ if (e->is_ref)
+ continue;
+
+ fprintf(file, "SSID->TYPE CHWALL %08x", e->num);
+
+ for (i = 0; i < max_chwall_types; i++)
+ if (e->row[i])
+ fprintf(file, " %s", type_by_mapping(&chwall_head, i));
+
+ fprintf(file, "\n");
+ }
+ fprintf(file, "\n");
+ }
+ if (have_ste) {
+ for (e = ste_ssid_head.tqh_first; e != NULL;
+ e = e->entries.tqe_next)
+ {
+ if (e->is_ref)
+ continue;
+
+ fprintf(file, "SSID->TYPE STE %08x", e->num);
+
+ for (i = 0; i < max_ste_types; i++)
+ if (e->row[i])
+ fprintf(file, " %s", type_by_mapping(&ste_head, i));
+
+ fprintf(file, "\n");
+ }
+ fprintf(file, "\n");
+ }
+ /* third type mappings */
+ if (have_chwall)
+ {
+ for (t = chwall_head.tqh_first; t != NULL; t = t->entries.tqe_next)
+ {
+ fprintf(file, "TYPE CHWALL %-25s %8x\n",
+ t->name, t->mapping);
+ }
+ fprintf(file, "\n");
+ }
+ if (have_ste) {
+ for (t = ste_head.tqh_first; t != NULL; t = t->entries.tqe_next)
+ {
+ fprintf(file, "TYPE STE %-25s %8x\n",
+ t->name, t->mapping);
+ }
+ fprintf(file, "\n");
+ }
+ fclose(file);
+ return 0;
+}
+
+unsigned char *write_chwall_binary(u_int32_t * len_chwall)
+{
+ unsigned char *buf, *ptr;
+ struct acm_chwall_policy_buffer *chwall_header;
+ u_int32_t len;
+ struct ssid_entry *e;
+ int i;
+
+ if (!have_chwall)
+ return NULL;
+
+ len = sizeof(struct acm_chwall_policy_buffer) +
+ sizeof(type_t) * max_chwall_types * max_chwall_ssids +
+ sizeof(type_t) * max_chwall_types * max_conflictsets;
+
+ buf = malloc(len);
+ ptr = buf;
+
+ if (!buf)
+ {
+ printf("ERROR: out of memory allocating chwall buffer.\n");
+ exit(EXIT_FAILURE);
+ }
+ /* chwall has 3 parts : header, types, conflictsets */
+
+ chwall_header = (struct acm_chwall_policy_buffer *) buf;
+ chwall_header->chwall_max_types = htonl(max_chwall_types);
+ chwall_header->chwall_max_ssidrefs = htonl(max_chwall_ssids);
+ chwall_header->policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+ chwall_header->policy_version = htonl(ACM_CHWALL_VERSION);
+ chwall_header->chwall_ssid_offset =
+ htonl(sizeof(struct acm_chwall_policy_buffer));
+ chwall_header->chwall_max_conflictsets = htonl(max_conflictsets);
+ chwall_header->chwall_conflict_sets_offset =
+ htonl(ntohl(chwall_header->chwall_ssid_offset) +
+ sizeof(domaintype_t) * max_chwall_ssids * max_chwall_types);
+ chwall_header->chwall_running_types_offset = 0; /* not set, only
retrieved */
+ chwall_header->chwall_conflict_aggregate_offset = 0; /* not set,
only retrieved */
+ ptr += sizeof(struct acm_chwall_policy_buffer);
+
+ /* types */
+ for (e = chwall_ssid_head.tqh_first; e != NULL;
+ e = e->entries.tqe_next)
+ {
+ if (e->is_ref)
+ continue;
+
+ for (i = 0; i < max_chwall_types; i++)
+ ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
+
+ ptr += sizeof(type_t) * max_chwall_types;
+ }
+
+ /* conflictsets */
+ for (e = conflictsets_head.tqh_first; e != NULL;
+ e = e->entries.tqe_next)
+ {
+ for (i = 0; i < max_chwall_types; i++)
+ ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
+
+ ptr += sizeof(type_t) * max_chwall_types;
+ }
+
+ if ((ptr - buf) != len)
+ {
+ printf("ERROR: wrong lengths in %s.\n", __func__);
+ exit(EXIT_FAILURE);
+ }
+
+ (*len_chwall) = len;
+ return buf;
+}
+
+unsigned char *write_ste_binary(u_int32_t * len_ste)
+{
+ unsigned char *buf, *ptr;
+ struct acm_ste_policy_buffer *ste_header;
+ struct ssid_entry *e;
+ u_int32_t len;
+ int i;
+
+ if (!have_ste)
+ return NULL;
+
+ len = sizeof(struct acm_ste_policy_buffer) +
+ sizeof(type_t) * max_ste_types * max_ste_ssids;
+
+ buf = malloc(len);
+ ptr = buf;
+
+ if (!buf)
+ {
+ printf("ERROR: out of memory allocating chwall buffer.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* fill buffer */
+ ste_header = (struct acm_ste_policy_buffer *) buf;
+ ste_header->policy_version = htonl(ACM_STE_VERSION);
+ ste_header->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+ ste_header->ste_max_types = htonl(max_ste_types);
+ ste_header->ste_max_ssidrefs = htonl(max_ste_ssids);
+ ste_header->ste_ssid_offset =
+ htonl(sizeof(struct acm_ste_policy_buffer));
+
+ ptr += sizeof(struct acm_ste_policy_buffer);
+
+ /* types */
+ for (e = ste_ssid_head.tqh_first; e != NULL; e = e->entries.tqe_next)
+ {
+ if (e->is_ref)
+ continue;
+
+ for (i = 0; i < max_ste_types; i++)
+ ((type_t *) ptr)[i] = htons((type_t) e->row[i]);
+
+ ptr += sizeof(type_t) * max_ste_types;
+ }
+
+ if ((ptr - buf) != len)
+ {
+ printf("ERROR: wrong lengths in %s.\n", __func__);
+ exit(EXIT_FAILURE);
+ }
+ (*len_ste) = len;
+ return buf; /* for now */
+}
+
+int write_binary(char *filename)
+{
+ struct acm_policy_buffer header;
+ unsigned char *ste_buffer = NULL, *chwall_buffer = NULL;
+ u_int32_t len;
+ int fd;
+
+ u_int32_t len_ste = 0, len_chwall = 0; /* length of policy components
*/
+
+ /* open binary file */
+ if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR))
<= 0)
+ return -EIO;
+
+ ste_buffer = write_ste_binary(&len_ste);
+ chwall_buffer = write_chwall_binary(&len_chwall);
+
+ /* determine primary component (default chwall) */
+ header.policy_version = htonl(ACM_POLICY_VERSION);
+ header.magic = htonl(ACM_MAGIC);
+
+ len = sizeof(struct acm_policy_buffer);
+ if (have_chwall)
+ len += len_chwall;
+ if (have_ste)
+ len += len_ste;
+ header.len = htonl(len);
+
+ header.primary_buffer_offset = htonl(sizeof(struct acm_policy_buffer));
+ if (primary == CHWALL)
+ {
+ header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+ header.secondary_buffer_offset =
+ htonl((sizeof(struct acm_policy_buffer)) + len_chwall);
+ }
+ else if (primary == STE)
+ {
+ header.primary_policy_code =
+ htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+ header.secondary_buffer_offset =
+ htonl((sizeof(struct acm_policy_buffer)) + len_ste);
+ }
+ else
+ {
+ /* null policy */
+ header.primary_policy_code = htonl(ACM_NULL_POLICY);
+ header.secondary_buffer_offset =
+ htonl(header.primary_buffer_offset);
+ }
+
+ if (secondary == CHWALL)
+ header.secondary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
+ else if (secondary == STE)
+ header.secondary_policy_code =
+ htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
+ else
+ header.secondary_policy_code = htonl(ACM_NULL_POLICY);
+
+ if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer))
+ != sizeof(struct acm_policy_buffer))
+ return -EIO;
+
+ /* write primary policy component */
+ if (primary == CHWALL)
+ {
+ if (write(fd, chwall_buffer, len_chwall) != len_chwall)
+ return -EIO;
+ }
+ else if (primary == STE)
+ {
+ if (write(fd, ste_buffer, len_ste) != len_ste)
+ return -EIO;
+ } else
+ ; /* NULL POLICY has no policy data */
+
+ /* write secondary policy component */
+ if (secondary == CHWALL)
+ {
+ if (write(fd, chwall_buffer, len_chwall) != len_chwall)
+ return -EIO;
+ }
+ else if (secondary == STE)
+ {
+ if (write(fd, ste_buffer, len_ste) != len_ste)
+ return -EIO;
+ } else; /* NULL POLICY has no policy data */
+
+ close(fd);
+ return 0;
+}
+
+int is_valid(xmlDocPtr doc)
+{
+ int err = 0;
+ xmlSchemaPtr schema_ctxt = NULL;
+ xmlSchemaParserCtxtPtr schemaparser_ctxt = NULL;
+ xmlSchemaValidCtxtPtr schemavalid_ctxt = NULL;
+
+ schemaparser_ctxt = xmlSchemaNewParserCtxt(SCHEMA_FILENAME);
+ schema_ctxt = xmlSchemaParse(schemaparser_ctxt);
+ schemavalid_ctxt = xmlSchemaNewValidCtxt(schema_ctxt);
+
+#ifdef VALIDATE_SCHEMA
+ /* only tested to be available from libxml2-2.6.20 upwards */
+ if ((err = xmlSchemaIsValid(schemavalid_ctxt)) != 1)
+ {
+ printf("ERROR: Invalid schema file %s (err=%d)\n",
+ SCHEMA_FILENAME, err);
+ err = -EIO;
+ goto out;
+ }
+ else
+ printf("XML Schema %s valid.\n", SCHEMA_FILENAME);
+#endif
+ if ((err = xmlSchemaValidateDoc(schemavalid_ctxt, doc)))
+ {
+ err = -EIO;
+ goto out;
+ }
+ out:
+ xmlSchemaFreeValidCtxt(schemavalid_ctxt);
+ xmlSchemaFreeParserCtxt(schemaparser_ctxt);
+ xmlSchemaFree(schema_ctxt);
+ return (err != 0) ? 0 : 1;
+}
+
+int main(int argc, char **argv)
+{
+ xmlDocPtr labeldoc = NULL;
+ xmlDocPtr policydoc = NULL;
+
+ int err = EXIT_SUCCESS;
+
+ char *file_prefix;
+ int prefix_len;
+
+ if (ACM_POLICY_VERSION != WRITTEN_AGAINST_ACM_POLICY_VERSION)
+ {
+ printf("ERROR: This program was written against an older ACM
version.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (argc != 2)
+ usage(basename(argv[0]));
+
+ prefix_len = strlen(POLICY_SUBDIR) +
+ strlen(argv[1]) + 1 /* "/" */ +
+ strlen(argv[1]) + 1 /* "/" */ ;
+
+ file_prefix = malloc(prefix_len);
+ policy_filename = malloc(prefix_len + strlen(POLICY_EXTENSION));
+ label_filename = malloc(prefix_len + strlen(LABEL_EXTENSION));
+ binary_filename = malloc(prefix_len + strlen(BINARY_EXTENSION));
+ mapping_filename = malloc(prefix_len + strlen(MAPPING_EXTENSION));
+
+ if (!file_prefix || !policy_filename || !label_filename ||
+ !binary_filename || !mapping_filename)
+ {
+ printf("ERROR allocating file name memory.\n");
+ goto out2;
+ }
+
+ /* create input/output filenames out of prefix */
+ strcat(file_prefix, POLICY_SUBDIR);
+ strcat(file_prefix, argv[1]);
+ strcat(file_prefix, "/");
+ strcat(file_prefix, argv[1]);
+
+ strcpy(policy_filename, file_prefix);
+ strcpy(label_filename, file_prefix);
+ strcpy(binary_filename, file_prefix);
+ strcpy(mapping_filename, file_prefix);
+
+ strcat(policy_filename, POLICY_EXTENSION);
+ strcat(label_filename, LABEL_EXTENSION);
+ strcat(binary_filename, BINARY_EXTENSION);
+ strcat(mapping_filename, MAPPING_EXTENSION);
+
+ labeldoc = xmlParseFile(label_filename);
+
+ if (labeldoc == NULL)
+ {
+ printf("Error: could not parse file %s.\n", argv[1]);
+ goto out2;
+ }
+
+ printf("Validating label file %s...\n", label_filename);
+ if (!is_valid(labeldoc))
+ {
+ printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
+ label_filename, err);
+ goto out1;
+ }
+
+ policydoc = xmlParseFile(policy_filename);
+
+ if (policydoc == NULL)
+ {
+ printf("Error: could not parse file %s.\n", argv[1]);
+ goto out1;
+ }
+
+ printf("Validating policy file %s...\n", policy_filename);
+
+ if (!is_valid(policydoc))
+ {
+ printf("ERROR: Failed schema-validation for file %s (err=%d)\n",
+ policy_filename, err);
+ goto out;
+ }
+
+ /* Init queues and parse policy */
+ create_type_mapping(policydoc);
+
+ /* create ssids */
+ create_ssid_mapping(labeldoc);
+
+ /* write label mapping file */
+ if (write_mapping(mapping_filename))
+ {
+ printf("ERROR: writing mapping file %s.\n", mapping_filename);
+ goto out;
+ }
+
+ /* write binary file */
+ if (write_binary(binary_filename))
+ {
+ printf("ERROR: writing binary file %s.\n", binary_filename);
+ goto out;
+ }
+
+ /* write stats */
+ if (have_chwall)
+ {
+ printf("Max chwall labels: %u\n", max_chwall_labels);
+ printf("Max chwall-types: %u\n", max_chwall_types);
+ printf("Max chwall-ssids: %u\n", max_chwall_ssids);
+ }
+
+ if (have_ste)
+ {
+ printf("Max ste labels: %u\n", max_ste_labels);
+ printf("Max ste-types: %u\n", max_ste_types);
+ printf("Max ste-ssids: %u\n", max_ste_ssids);
+ }
+ /* cleanup */
+ out:
+ xmlFreeDoc(policydoc);
+ out1:
+ xmlFreeDoc(labeldoc);
+ out2:
+ xmlCleanupParser();
+ return err;
+}
+
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/secpol_xml2bin.h
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/secpol_xml2bin.h Fri Aug 19 18:19:28 2005
@@ -0,0 +1,139 @@
+/****************************************************************
+ * secpol_xml2bin.h
+ *
+ * Copyright (C) 2005 IBM Corporation
+ *
+ * Authors:
+ * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ */
+#define POLICY_SUBDIR "policies/"
+#define POLICY_EXTENSION "-security_policy.xml"
+#define LABEL_EXTENSION "-security_label_template.xml"
+#define BINARY_EXTENSION ".bin"
+#define MAPPING_EXTENSION ".map"
+#define PRIMARY_COMPONENT_ATTR_NAME "order"
+#define BOOTSTRAP_LABEL_ATTR_NAME "bootstrap"
+#define PRIMARY_COMPONENT "PrimaryPolicyComponent"
+#define SCHEMA_FILENAME "policies/security_policy.xsd"
+
+/* basic states (used as 1 << X) */
+#define XML2BIN_SECPOL 0 /* policy tokens */
+#define XML2BIN_STE 1
+#define XML2BIN_CHWALL 2
+#define XML2BIN_CONFLICTSETS 3
+#define XML2BIN_CSTYPE 4
+
+#define XML2BIN_SECTEMPLATE 5 /* label tokens */
+#define XML2BIN_POLICYHEADER 6
+#define XML2BIN_LABELHEADER 7
+#define XML2BIN_SUBJECTS 8
+#define XML2BIN_OBJECTS 9
+#define XML2BIN_VM 10
+#define XML2BIN_RES 11
+
+#define XML2BIN_STETYPES 12 /* shared tokens */
+#define XML2BIN_CHWALLTYPES 13
+#define XML2BIN_TYPE 14
+#define XML2BIN_NAME 15
+#define XML2BIN_TEXT 16
+#define XML2BIN_COMMENT 17
+
+/* type "data type" (currently 16bit) */
+typedef u_int16_t type_t;
+
+/* list of known elements and token equivalent *
+ * state constants and token positions must be *
+ * in sync for correct state recognition */
+
+char *token[20] = /* parser triggers */
+{
+ [0] = "SecurityPolicyDefinition", /* policy xml */
+ [1] = "SimpleTypeEnforcement",
+ [2] = "ChineseWall",
+ [3] = "ConflictSets",
+ [4] = "Conflict", /* label-template xml */
+ [5] = "SecurityLabelTemplate",
+ [6] = "PolicyHeader",
+ [7] = "LabelHeader",
+ [8] = "SubjectLabels",
+ [9] = "ObjectLabels",
+ [10] = "VirtualMachineLabel",
+ [11] = "ResourceLabel",
+ [12] = "SimpleTypeEnforcementTypes", /* common tags */
+ [13] = "ChineseWallTypes",
+ [14] = "Type",
+ [15] = "Name",
+ [16] = "text",
+ [17] = "comment",
+ [18] = NULL,
+};
+
+/* important combined states */
+#define XML2BIN_NULL 0
+
+/* policy xml parsing states _S */
+
+/* e.g., here we are in a <secpol,ste,stetypes> environment, *
+ * so when finding a type element, we know where to put it */
+#define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
+ (1 << XML2BIN_STE) | \
+ (1 << XML2BIN_STETYPES))
+
+#define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
+ (1 << XML2BIN_CHWALL) | \
+ (1 << XML2BIN_CHWALLTYPES))
+
+#define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
+ (1 << XML2BIN_CHWALL) | \
+ (1 << XML2BIN_CONFLICTSETS))
+
+#define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
+ (1 << XML2BIN_CHWALL) | \
+ (1 << XML2BIN_CONFLICTSETS) | \
+ (1 << XML2BIN_CSTYPE))
+
+
+/* label xml states */
+#define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
+ (1 << XML2BIN_SUBJECTS) | \
+ (1 << XML2BIN_VM))
+
+#define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
+ (1 << XML2BIN_OBJECTS) | \
+ (1 << XML2BIN_RES))
+
+#define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
+ (1 << XML2BIN_SUBJECTS) | \
+ (1 << XML2BIN_VM) | \
+ (1 << XML2BIN_STETYPES))
+
+#define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
+ (1 << XML2BIN_SUBJECTS) | \
+ (1 << XML2BIN_VM) | \
+ (1 << XML2BIN_CHWALLTYPES))
+
+#define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
+ (1 << XML2BIN_OBJECTS) | \
+ (1 << XML2BIN_RES) | \
+ (1 << XML2BIN_STETYPES))
+
+
+
+/* check versions of headers against which the
+ * xml2bin translation tool was written
+ */
+
+/* protects from unnoticed changes in struct acm_policy_buffer */
+#define WRITTEN_AGAINST_ACM_POLICY_VERSION 1
+
+/* protects from unnoticed changes in struct acm_chwall_policy_buffer */
+#define WRITTEN_AGAINST_ACM_CHWALL_VERSION 1
+
+/* protects from unnoticed changes in struct acm_ste_policy_buffer */
+#define WRITTEN_AGAINST_ACM_STE_VERSION 1
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/setlabel.sh
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/setlabel.sh Fri Aug 19 18:19:28 2005
@@ -0,0 +1,345 @@
+#!/bin/sh
+# *
+# * setlabel
+# *
+# * Copyright (C) 2005 IBM Corporation
+# *
+# * Authors:
+# * Stefan Berger <stefanb@xxxxxxxxxx>
+# *
+# * This program is free software; you can redistribute it and/or
+# * modify it under the terms of the GNU General Public License as
+# * published by the Free Software Foundation, version 2 of the
+# * License.
+# *
+# * 'setlabel' labels virtual machine (domain) configuration files with
+# * security identifiers that can be enforced in Xen.
+# *
+# * 'setlabel -?' shows the usage of the program
+# *
+# * 'setlabel -l vmconfig-file' lists all available labels (only VM
+# * labels are used right now)
+# *
+# * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
+# * that corresponds to the security-label under the
+# * current policy (if policy changes, 'label'
+# * must be re-run over the configuration files;
+# * map-file is created during policy translation and
+# * is found in the policy's directory
+#
+
+if [ -z "$runbash" ]; then
+ runbash="1"
+ export runbash
+ exec sh -c "bash $0 $*"
+fi
+
+
+usage ()
+{
+ echo "Usage: $0 [Option] <vmfile> <label> <policy name> "
+ echo " or $0 -l <policy name>"
+ echo ""
+ echo "Valid Options are:"
+ echo "-r : to relabel a file without being prompted"
+ echo ""
+ echo "vmfile : XEN vm configuration file"
+ echo "label : the label to map"
+ echo "policy name : the name of the policy, i.e. 'chwall'"
+ echo ""
+ echo "-l <policy name> is used to show valid labels in the map file"
+ echo ""
+}
+
+
+findMapFile ()
+{
+ mapfile="./$1.map"
+ if [ -r "$mapfile" ]; then
+ return 1
+ fi
+
+ mapfile="./policies/$1/$1.map"
+ if [ -r "$mapfile" ]; then
+ return 1
+ fi
+
+ return 0
+}
+
+showLabels ()
+{
+ mapfile=$1
+ if [ ! -r "$mapfile" -o "$mapfile" == "" ]; then
+ echo "Cannot read from vm configuration file $vmfile."
+ return -1
+ fi
+
+ getPrimaryPolicy $mapfile
+ getSecondaryPolicy $mapfile
+
+ echo "The following labels are available:"
+ let line=1
+ while [ 1 ]; do
+ ITEM=`cat $mapfile | \
+ awk -vline=$line \
+ -vprimary=$primary \
+ '{ \
+ if ($1 == "LABEL->SSID" && \
+ $2 == "VM" && \
+ $3 == primary ) { \
+ ctr++; \
+ if (ctr == line) { \
+ print $4; \
+ } \
+ } \
+ } END { \
+ }'`
+
+ if [ "$ITEM" == "" ]; then
+ break
+ fi
+ if [ "$secondary" != "NULL" ]; then
+ LABEL=`cat $mapfile | \
+ awk -vitem=$ITEM \
+ '{
+ if ($1 == "LABEL->SSID" && \
+ $2 == "VM" && \
+ $3 == "CHWALL" && \
+ $4 == item ) { \
+ result = item; \
+ } \
+ } END { \
+ print result \
+ }'`
+ else
+ LABEL=$ITEM
+ fi
+
+ if [ "$LABEL" != "" ]; then
+ echo "$LABEL"
+ found=1
+ fi
+ let line=line+1
+ done
+ if [ "$found" != "1" ]; then
+ echo "No labels found."
+ fi
+}
+
+getPrimaryPolicy ()
+{
+ mapfile=$1
+ primary=`cat $mapfile | \
+ awk ' \
+ { \
+ if ( $1 == "PRIMARY" ) { \
+ res=$2; \
+ } \
+ } END { \
+ print res; \
+ } '`
+}
+
+getSecondaryPolicy ()
+{
+ mapfile=$1
+ secondary=`cat $mapfile | \
+ awk ' \
+ { \
+ if ( $1 == "SECONDARY" ) { \
+ res=$2; \
+ } \
+ } END { \
+ print res; \
+ } '`
+}
+
+
+getDefaultSsid ()
+{
+ mapfile=$1
+ pol=$2
+ RES=`cat $mapfile \
+ awk -vpol=$pol \
+ { \
+ if ($1 == "LABEL->SSID" && \
+ $2 == "ANY" && \
+ $3 == pol && \
+ $4 == "DEFAULT" ) {\
+ res=$5; \
+ } \
+ } END { \
+ printf "%04x", strtonum(res) \
+ }'`
+ echo "default NULL mapping is $RES"
+ defaultssid=$RES
+}
+
+relabel ()
+{
+ vmfile=$1
+ label=$2
+ mapfile=$3
+ mode=$4
+
+ if [ ! -r "$vmfile" ]; then
+ echo "Cannot read from vm configuration file $vmfile."
+ return -1
+ fi
+
+ if [ ! -w "$vmfile" ]; then
+ echo "Cannot write to vm configuration file $vmfile."
+ return -1
+ fi
+
+ if [ ! -r "$mapfile" ] ; then
+ echo "Cannot read mapping file $mapfile."
+ return -1
+ fi
+
+ # Determine which policy is primary, which sec.
+ getPrimaryPolicy $mapfile
+ getSecondaryPolicy $mapfile
+
+ # Calculate the primary policy's SSIDREF
+ if [ "$primary" == "NULL" ]; then
+ SSIDLO="0000"
+ else
+ SSIDLO=`cat $mapfile | \
+ awk -vlabel=$label \
+ -vprimary=$primary \
+ '{ \
+ if ( $1 == "LABEL->SSID" && \
+ $2 == "VM" && \
+ $3 == primary && \
+ $4 == label ) { \
+ result=$5 \
+ } \
+ } END { \
+ if (result != "" ) \
+ {printf "%04x", strtonum(result)}\
+ }'`
+ fi
+
+ # Calculate the secondary policy's SSIDREF
+ if [ "$secondary" == "NULL" ]; then
+ SSIDHI="0000"
+ else
+ SSIDHI=`cat $mapfile | \
+ awk -vlabel=$label \
+ -vsecondary=$secondary \
+ '{ \
+ if ( $1 == "LABEL->SSID" && \
+ $2 == "VM" && \
+ $3 == secondary && \
+ $4 == label ) { \
+ result=$5 \
+ } \
+ } END { \
+ if (result != "" ) \
+ {printf "%04x", strtonum(result)}\
+ }'`
+ fi
+
+ if [ "$SSIDLO" == "" -o \
+ "$SSIDHI" == "" ]; then
+ echo "Could not map the given label '$label'."
+ return -1
+ fi
+
+ ACM_POLICY=`cat $mapfile | \
+ awk ' { if ( $1 == "POLICY" ) { \
+ result=$2 \
+ } \
+ } \
+ END { \
+ if (result != "") { \
+ printf result \
+ } \
+ }'`
+
+ if [ "$ACM_POLICY" == "" ]; then
+ echo "Could not find 'POLICY' entry in map file."
+ return -1
+ fi
+
+ SSIDREF="0x$SSIDHI$SSIDLO"
+
+ if [ "$mode" != "relabel" ]; then
+ RES=`cat $vmfile | \
+ awk '{ \
+ if ( substr($1,0,7) == "ssidref" ) {\
+ print $0; \
+ } \
+ }'`
+ if [ "$RES" != "" ]; then
+ echo "Do you want to overwrite the existing mapping
($RES)? (y/N)"
+ read user
+ if [ "$user" != "y" -a "$user" != "Y" ]; then
+ echo "Aborted."
+ return 0
+ fi
+ fi
+ fi
+
+ #Write the output
+ vmtmp1="/tmp/__setlabel.tmp1"
+ vmtmp2="/tmp/__setlabel.tmp2"
+ touch $vmtmp1
+ touch $vmtmp2
+ if [ ! -w "$vmtmp1" -o ! -w "$vmtmp2" ]; then
+ echo "Cannot create temporary files. Aborting."
+ return -1
+ fi
+ RES=`sed -e '/^#ACM_POLICY/d' $vmfile > $vmtmp1`
+ RES=`sed -e '/^#ACM_LABEL/d' $vmtmp1 > $vmtmp2`
+ RES=`sed -e '/^ssidref/d' $vmtmp2 > $vmtmp1`
+ echo "#ACM_POLICY=$ACM_POLICY" >> $vmtmp1
+ echo "#ACM_LABEL=$label" >> $vmtmp1
+ echo "ssidref = $SSIDREF" >> $vmtmp1
+ mv -f $vmtmp1 $vmfile
+ rm -rf $vmtmp1 $vmtmp2
+ echo "Mapped label '$label' to ssidref '$SSIDREF'."
+}
+
+
+
+if [ "$1" == "-r" ]; then
+ mode="relabel"
+ shift
+elif [ "$1" == "-l" ]; then
+ mode="show"
+ shift
+elif [ "$1" == "-?" ]; then
+ mode="usage"
+fi
+
+if [ "$mode" == "show" ]; then
+ if [ "$1" == "" ]; then
+ usage
+ exit -1;
+ fi
+ findMapFile $1
+ res=$?
+ if [ "$res" != "0" ]; then
+ showLabels $mapfile
+ else
+ echo "Could not find map file for policy '$1'."
+ fi
+elif [ "$mode" == "usage" ]; then
+ usage
+else
+ if [ "$3" == "" ]; then
+ usage
+ exit -1;
+ fi
+ findMapFile $3
+ res=$?
+ if [ "$res" != "0" ]; then
+ relabel $1 $2 $mapfile $mode
+ else
+ echo "Could not find map file for policy '$3'."
+ fi
+
+fi
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/security/updategrub.sh
--- /dev/null Thu Aug 18 18:40:02 2005
+++ b/tools/security/updategrub.sh Fri Aug 19 18:19:28 2005
@@ -0,0 +1,171 @@
+#!/bin/sh
+# *
+# * updategrub
+# *
+# * Copyright (C) 2005 IBM Corporation
+# *
+# * Authors:
+# * Stefan Berger <stefanb@xxxxxxxxxx>
+# *
+# * This program is free software; you can redistribute it and/or
+# * modify it under the terms of the GNU General Public License as
+# * published by the Free Software Foundation, version 2 of the
+# * License.
+# *
+# *
+#
+
+if [ -z "$runbash" ]; then
+ runbash="1"
+ export runbash
+ exec sh -c "bash $0 $*"
+ exit
+fi
+
+
+# Show usage of this program
+usage ()
+{
+ echo "Usage: $0 <policy name> <root of xen repository>"
+ echo ""
+ echo "<policy name> : The name of the policy, i.e. xen_null"
+ echo "<root of xen repository> : The root of the XEN repositrory."
+ echo ""
+}
+
+# This function sets the global variable 'linux'
+# to the name of the linux kernel that was compiled
+# For now a pattern should do the trick
+getLinuxVersion ()
+{
+ path=$1
+ linux=""
+ for f in $path/linux-*-xen0 ; do
+ versionfile=$f/include/linux/version.h
+ if [ -r $versionfile ]; then
+ lnx=`cat $versionfile | \
+ grep UTS_RELEASE | \
+ awk '{ \
+ len=length($3); \
+ print substr($3,2,len-2) }'`
+ fi
+ if [ "$lnx" != "" ]; then
+ linux="[./0-9a-zA-z]*$lnx"
+ return;
+ fi
+ done
+
+ #Last resort.
+ linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
+}
+
+#Return where the grub.conf file is.
+#I only know of one place it can be.
+findGrubConf()
+{
+ grubconf="/boot/grub/grub.conf"
+ if [ -w $grubconf ]; then
+ return 1
+ fi
+ return 0
+}
+
+
+#Update the grub configuration file.
+#Search for existing entries and replace the current
+#policy entry with the policy passed to this script
+#
+#Arguments passed to this function
+# 1st : the grub configuration file
+# 2nd : the binary policy file name
+# 3rd : the name or pattern of the linux kernel name to match
+#
+# The algorithm here is based on pattern matching
+# and is working correctly if
+# - under a title a line beginning with 'kernel' is found
+# whose following item ends with "xen.gz"
+# Example: kernel /xen.gz dom0_mem=....
+# - a module line matching the 3rd parameter is found
+#
+updateGrub ()
+{
+ grubconf=$1
+ policyfile=$2
+ linux=$3
+
+ tmpfile="/tmp/new_grub.conf"
+
+ cat $grubconf | \
+ awk -vpolicy=$policyfile \
+ -vlinux=$linux '{ \
+ if ( $1 == "title" ) { \
+ kernelfound = 0; \
+ if ( policymaycome == 1 ){ \
+ printf ("\tmodule %s%s\n", path, policy); \
+ } \
+ policymaycome = 0; \
+ } \
+ else if ( $1 == "kernel" ) { \
+ if ( match($2,"xen.gz$") ) { \
+ path=substr($2,1,RSTART-1); \
+ kernelfound = 1; \
+ } \
+ } \
+ else if ( $1 == "module" && \
+ kernelfound == 1 && \
+ match($2,linux) ) { \
+ policymaycome = 1; \
+ } \
+ else if ( $1 == "module" && \
+ kernelfound == 1 && \
+ policymaycome == 1 && \
+ match($2,"[0-9a-zA-Z]*.bin$") ) { \
+ printf ("\tmodule %s%s\n", path, policy); \
+ policymaycome = 0; \
+ kernelfound = 0; \
+ dontprint = 1; \
+ } \
+ else if ( $1 == "" && \
+ kernelfound == 1 && \
+ policymaycome == 1) { \
+ dontprint = 1; \
+ } \
+ if (dontprint == 0) { \
+ printf ("%s\n", $0); \
+ } \
+ dontprint = 0; \
+ } END { \
+ if ( policymaycome == 1 ) { \
+ printf ("\tmodule %s%s\n", path, policy); \
+ } \
+ }' > $tmpfile
+ if [ ! -r $tmpfile ]; then
+ echo "Could not create temporary file! Aborting."
+ exit -1
+ fi
+ mv -f $tmpfile $grubconf
+}
+
+if [ "$1" == "" -o "$2" == "" ]; then
+ usage
+ exit -1
+fi
+
+if [ "$1" == "-?" ]; then
+ usage
+ exit 0
+fi
+
+policy=$1
+policyfile=$policy.bin
+
+getLinuxVersion $2
+
+findGrubConf
+ERR=$?
+if [ $ERR -eq 0 ]; then
+ echo "Could not find grub.conf. Aborting."
+ exit -1
+fi
+
+updateGrub $grubconf $policyfile $linux
diff -r 99914b54f7bf -r 81576d3d1ca8 docs/misc/shype4xen_readme.txt
--- a/docs/misc/shype4xen_readme.txt Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,588 +0,0 @@
-Copyright: IBM Corporation (C)
-20 June 2005
-Author: Reiner Sailer
-
-This document is a very short introduction into the sHype access control
-security architecture implementation and how it is perceived by users. It
-is a very preliminary draft for the courageous ones to get "their feet wet"
-and to be able to give feedback (via the xen-devel/xense-devel mailing lists).
-
-Install:
-
-cd into xeno-unstable.bk
-(use --dry-run option if you want to test the patch only)
-patch -p1 -g0 < *tools.diff
-patch -p1 -g0 < *xen.diff
-
-(no rejects, probably some line offsets)
-
-make uninstall; make mrproper; make; ./install.sh should install the default
-sHype into Xen (rebuild your initrd images if necessary). Reboot.
-
-Debug output: there are two triggers for debug output:
-a) General sHype debug:
- xeno-unstable.bk/xen/include/public/acm.h
- undefine ACM_DEBUG to switch this debug off
-
-b) sHype enforcement hook trace: This prints a small trace for each
enforcement
-hook that is executed. The trigger is in
- xeno-unstable.bk/xen/include/acm/acm_hooks.h
- undefine ACM_TRACE_MODE to switch this debug off
-
-1. The default NULL policy
-***************************
-When you apply the patches and startup xen, you should at first not notice any
-difference because the default policy is the "NULL" policy, which as the name
-implies does not enforce anything.
-
-To display the currently enforced policy, use the policy tool under xeno-
-unstable.bk/tools/policy: policy_tool getpolicy. You should see output like
the
-one below.
-
-[root@laptop policy]#./policy_tool getpolicy
-
-Policy dump:
-============
-Magic = 1debc.
-PolVer = aaaa0000.
-Len = 14.
-Primary = NULL policy (c=0, off=14).
-Secondary = NULL policy (c=0, off=14).
-No primary policy (NULL).
-No secondary policy (NULL).
-
-Policy dump End.
-
-Since this is a dump of a binary policy, it's not pretty. The important parts
-are the "Primary" and "Secondary" policy fields set to "NULL policy". sHype
-currently allows to set two independent policies; thus the two SSID-REF parts
-shown in 'xm list'. Right here: primary policy only means this policy is
-checked first, the secondary policy is checked if the primary results in
-"permitted access". The result of the combined policy is "permitted" if both
-policies return permitted (NULL policy always returns permitted). The result
is
-"denied" if at least one of the policies returns "denied". Look into xeno-
-unstable.bk/xen/include/acm/acm_hooks.h for the general hook structure
-integrating the policy decisions (if you like, you won't need it for the rest
-of the Readme file).
-
-2. Setting Chinese Wall and Simple Type Enforcement policies:
-*************************************************************
-
-We'll get fast to the point. However, in order to understand what we are
doing,
-we must at least understand the purpose of the policies that we are going to
-enforce. The two policies presented here are just examples and the
-implementation encourages adding new policies easily.
-
-2.1. Chinese Wall policy: "decides whether a domain can be started based on
-this domain's ssidref and the ssidrefs of the currently running domains".
-Generally, the Chinese wall policy allows specifying certain types (or classes
-or categories, whatever the preferred word) that conflict; we usually assign a
-type to a workload and the set of types of those workloads running in a domain
-make up the type set for this domain. Each domain is assigned a set of types
-through its SSID-REF (we register Chinese Wall as primary policy, so the
-ssidref used for determining the Chinese Wall types is the one annotated with
-"p:" in xm list) since each SSID-REF points at a set of types. We'll see how
-SSIDREFs are represented in Xen later when we will look at the policy. (A good
-read for Chinese Wall is: Brewer/Nash The Chinese Wall Security Policy 1989.)
-
-So let's assume the Chinese Wall policy we are running distinguishes 10 types:
-t0 ... t9. Let us assume further that each SSID-REF points to a set that
-includes exactly one type (attached to domains that run workloads of a single
-type). SSID-REF 0 points to {t0}, ssidref 1 points to {t1} ... 9 points to
-{t9}. [This is actually the example policy we are going to push into xen later]
-
-Now the Chinese Wall policy allows you to define "Conflict type sets" and it
-guarantees that of any conflict set at most one type is "running" at any time.
-As an example, we have defined 2 conflict set: {t2, t3} and {t0, t5, t6}.
-Specifying these conflict sets, sHype ensures that at most one type of each
set
-is running (either t2 or t3 but not both; either t0 or t5 or t6 but not
-multiple of them).
-
-The effect is that administrators can define which workload types cannot run
-simultaneously on a single Xen system. This is useful to limit the covert
-timing channels between such payloads or to ensure that payloads don't
-interfere with each other through existing resource dependencies.
-
-2.2. Simple Type Enforcement (ste) policy: "decides whether two domains can
-share data, e.g., setup event channels or grant tables to each other, based on
-the two domains' ssidref. This, as the name says, is a simple policy. Think of
-each type as of a single color. Each domain has one or more colors, i.e., the
-domains ssid for the ste policy points to a set that has set one or multiple
-types. Let us assume in our example policy we differentiate 5 colors (types)
-and define 5 different ssids referenced by ssidref=0..4. Each ssid shall have
-exactly one type set, i.e., describes a uni-color. Only ssid(0) has all types
-set, i.e., has all defined colors.
-
-Sharing is enforced by the ste policy by requiring that two domains that want
-to establish an event channel or grant pages to each other must have a common
-color. Currently all domains communicate through DOM0 by default; i.e.,
Domain0
-will necessarily have all colors to be able to create domains (thus, we will
-assign ssidref(0) to Domain0 in our example below.
-
-More complex mandatory access control policies governing sharing will follow;
-such policies are more sophisticated than the "color" scheme above by allowing
-more flexible (and complex :_) access control decisions than "share a color"
or
-"don't share a color" and will be able to express finer-grained policies.
-
-
-2.3 Binary Policy:
-In the future, we will have a policy tool that takes as input a more humane
-policy description, using types such as development, home-banking, donated-
-Grid, CorpA-Payload ... and translates the respective policy into what we see
-today as the binary policy using 1s and 0s and sets of them. For now, we must
-live with the binary policy when working with sHype.
-
-
-2.4 Exemplary use of a real sHype policy on Xen. To activate a real policy,
-edit the file (yes, this will soon be a compile option):
- xeno-unstable.bk/xen/include/public/acm.h
- Change: #define ACM_USE_SECURITY_POLICY ACM_NULL_POLICY
- To : #define ACM_USE_SECURITY_POLICY
ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
- cd xeno-unstable.bk
- make mrproper
- make uninstall (manually remove /etc/xen.old if necessary)
- make
- ./install.sh (recreate your kernel initrd's if necessary)
- Reboot into new xen.gz
-
-After booting, check out 'xm dmesg'; should show somewhere in the middle:
-
-(XEN) acm_init: Enforcing Primary CHINESE WALL policy, Secondary SIMPLE TYPE
-ENFORCEMENT policy.
-
-Even though you can activate those policies in any combination and also
-independently, the policy tool currently only supports setting the policy for
-the above combination.
-
-Now look at the minimal startup policy with:
- xeno-unstable.bk/tools/policytool getpolicy
-
-You should see something like:
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic = 1debc.
-PolVer = aaaa0000.
-Len = 36.
-Primary = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=2c).
-
-
-Chinese Wall policy:
-====================
-Max Types = 1.
-Max Ssidrefs = 1.
-Max ConfSets = 1.
-Ssidrefs Off = 10.
-Conflicts Off = 12.
-Runing T. Off = 14.
-C. Agg. Off = 16.
-
-SSID To CHWALL-Type matrix:
-
- ssidref 0: 00
-
-Confict Sets:
-
- c-set 0: 00
-
-Running
-Types: 00
-
-Conflict
-Aggregate Set: 00
-
-
-Simple Type Enforcement policy:
-===============================
-Max Types = 1.
-Max Ssidrefs = 1.
-Ssidrefs Off = 8.
-
-SSID To STE-Type matrix:
-
- ssidref 0: 01
-
-
-Policy dump End.
-
-This is a minimal policy (of little use), except it will disable starting any
-domain that does not have ssidref set to 0x0. The Chinese Wall policy has
-nothing to enforce and the ste policy only knows one type, which is set for
the
-only defined ssidref.
-
-The item that defines the ssidref in a domain configuration is:
-
-ssidref = 0x12345678
-
-Where ssidref is interpreted as a 32bit number, where the lower 16bits become
-the ssidref for the primary policy and the higher 16bits become the ssidref
for
-the secondary policy. sHype currently supports two policies but this is an
-implementation decision and can be extended if necessary.
-
-This reference defines the security information of a domain. The meaning of
the
-SSID-REF depends on the policy, so we explain it when we explain the real
-policies.
-
-
-Setting a new Security Policy:
-******************************
-The policy tool with all its current limitations has one usable example policy
-compiled-in. Please try at this time to use the setpolicy command:
- xeno-unstable.bk/tools/policy/policy_tool setpolicy
-
-You should see a dump of the policy you are setting. It should say at the very
-end:
-
-Policy successfully set.
-
-Now try to dump the currently enforced policy, which is the policy we have
just
-set and the dynamic security state information of this policy
-(<<< ... some additional explanations)
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic = 1debc.
-PolVer = aaaa0000.
-Len = 112.
-Primary = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
-
-
-Chinese Wall policy:
-====================
-Max Types = a.
-Max Ssidrefs = 5.
-Max ConfSets = 2.
-Ssidrefs Off = 10.
-Conflicts Off = 74.
-Runing T. Off = 9c.
-C. Agg. Off = b0.
-
-SSID To CHWALL-Type matrix:
-
- ssidref 0: 01 00 00 00 00 00 00 00 00 00 <<< type0 is set for ssidref0
- ssidref 1: 00 01 00 00 00 00 00 00 00 00
- ssidref 2: 00 00 01 00 00 00 00 00 00 00
- ssidref 3: 00 00 00 01 00 00 00 00 00 00
- ssidref 4: 00 00 00 00 01 00 00 00 00 00 <<< type4 is set for ssidref4
- <<< types 5-9 are unused
-Confict Sets:
-
- c-set 0: 00 00 01 01 00 00 00 00 00 00 <<< type2 and type3 never run
together
- c-set 1: 01 00 00 00 00 01 01 00 00 00 <<< only one of types 0, 5 or 6
- <<< can run simultaneously
-Running
-Types: 01 00 00 00 00 00 00 00 00 00 <<< ref-count for types of
running domains
-
-Conflict
-Aggregate Set: 00 00 00 00 00 01 01 00 00 00 <<< aggregated set of types that
- <<< cannot run because they
- <<< are in conflict set 1 and
- <<< (domain 0 is running w t0)
-
-
-Simple Type Enforcement policy:
-===============================
-Max Types = 5.
-Max Ssidrefs = 5.
-Ssidrefs Off = 8.
-
-SSID To STE-Type matrix:
-
- ssidref 0: 01 01 01 01 01 <<< ssidref0 points to a set
that
- <<< has all types set (colors)
- ssidref 1: 00 01 00 00 00 <<< ssidref1 has color1 set
- ssidref 2: 00 00 01 00 00 <<< ...
- ssidref 3: 00 00 00 01 00
- ssidref 4: 00 00 00 00 01
-
-
-Policy dump End.
-
-
-This is a small example policy with which we will demonstrate the enforcement.
-
-Starting Domains with policy enforcement
-========================================
-Now let us play with this policy.
-
-Define 3 or 4 domain configurations. I use the following config using a
ramdisk
-only and about 8MBytes of memory for each DomU (test purposes):
-
-#-------configuration xmsec1-------------------------
-kernel = "/boot/vmlinuz-2.6.11-xenU"
-ramdisk="/boot/U1_ramdisk.img"
-#security reference identifier
-ssidref= 0x00010001
-memory = 10
-name = "xmsec1"
-cpu = -1 # leave to Xen to pick
-# Number of network interfaces. Default is 1.
-nics=1
-dhcp="dhcp"
-#-----------------------------------------------------
-
-xmsec2 and xmsec3 look the same except for the name and the ssidref line. Use
-your domain config file and add "ssidref = 0x00010001" to the first (xmsec1),
-"ssidref= 0x00020002" to the second (call it xmsec2), and "ssidref=0x00030003"
-to the third (we will call this one xmsec3).
-
-First start xmsec1: xm create -c xmsec1 (succeeds)
-
-Then
-[root@laptop policy]# xm list
-Name Id Mem(MB) CPU State Time(s) Console
-Domain-0 0 620 0 r---- 42.3 s:00/p:00
-xmnosec 1 9 0 -b--- 0.3 9601 s:00/p:05
-xmsec1 2 9 0 -b--- 0.2 9602 s:01/p:01
-
-Shows a new domain xmsec1 running with primary (here: chinese wall) ssidref 1
-and secondary (here: simple type enforcement) ssidref 1. The ssidrefs are
-independent and can differ for a domain.
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic = 1debc.
-PolVer = aaaa0000.
-Len = 112.
-Primary = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
-
-
-Chinese Wall policy:
-====================
-Max Types = a.
-Max Ssidrefs = 5.
-Max ConfSets = 2.
-Ssidrefs Off = 10.
-Conflicts Off = 74.
-Runing T. Off = 9c.
-C. Agg. Off = b0.
-
-SSID To CHWALL-Type matrix:
-
- ssidref 0: 01 00 00 00 00 00 00 00 00 00
- ssidref 1: 00 01 00 00 00 00 00 00 00 00
- ssidref 2: 00 00 01 00 00 00 00 00 00 00
- ssidref 3: 00 00 00 01 00 00 00 00 00 00
- ssidref 4: 00 00 00 00 01 00 00 00 00 00
-
-Confict Sets:
-
- c-set 0: 00 00 01 01 00 00 00 00 00 00
- c-set 1: 01 00 00 00 00 01 01 00 00 00 <<< t1 is not part of any c-set
-
-Running
-Types: 01 01 00 00 00 00 00 00 00 00 <<< xmsec1 has ssidref 1->type1
- ^^ <<< ref-count at position 1 incr
-Conflict
-Aggregate Set: 00 00 00 00 00 01 01 00 00 00 <<< domain 1 was allowed to
- <<< start since type 1 was not
- <<< in conflict with running
- <<< types
-
-Simple Type Enforcement policy:
-===============================
-Max Types = 5.
-Max Ssidrefs = 5.
-Ssidrefs Off = 8.
-
-SSID To STE-Type matrix:
-
- ssidref 0: 01 01 01 01 01 <<< the ste policy does not maintain; we
- ssidref 1: 00 01 00 00 00 <-- <<< see that domain xmsec1 has ste
- ssidref 2: 00 00 01 00 00 <<< ssidref1->type1 and has this type in
- ssidref 3: 00 00 00 01 00 <<< common with dom0
- ssidref 4: 00 00 00 00 01
-
-
-Policy dump End.
-
-Look at sHype output in xen dmesg:
-
-[root@laptop xen]# xm dmesg
-.
-.
-[somewhere near the very end]
-(XEN) chwall_init_domain_ssid: determined chwall_ssidref to 1.
-(XEN) ste_init_domain_ssid.
-(XEN) ste_init_domain_ssid: determined ste_ssidref to 1.
-(XEN) acm_init_domain_ssid: Instantiated individual ssid for domain 0x01.
-(XEN) chwall_post_domain_create.
-(XEN) ste_pre_eventchannel_interdomain.
-(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
-(XEN) shype_authorize_domops.
-(XEN) ste_pre_eventchannel_interdomain.
-(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
-(XEN) ste_pre_eventchannel_interdomain.
-(XEN) ste_pre_eventchannel_interdomain: (evtchn 0 --> 1) common type #01.
-
-
-You can see that the chinese wall policy does not complain and that the ste
-policy makes three access control decisions for three event-channels setup
-between domain 0 and the new domain 1. Each time, the two domains share the
-type1 and setting up the eventchannel is permitted.
-
-
-Starting up a second domain xmsec2:
-
-[root@laptop xen]# xm create -c xmsec2
-Using config file "xmsec2".
-Started domain xmsec2, console on port 9602
-************ REMOTE CONSOLE: CTRL-] TO QUIT ********
-Linux version 2.6.11-xenU (root@xxxxxxxxxxxxxxx) (gcc version 3.4.2 20041017
-(Red Hat 3.4.2-6.fc3)) #1 Wed Mar 30 13:14:31 EST 2005
-.
-.
-.
-[root@laptop policy]# xm list
-Name Id Mem(MB) CPU State Time(s) Console
-Domain-0 0 620 0 r---- 71.7 s:00/p:00
-xmsec1 1 9 0 -b--- 0.3 9601 s:01/p:01
-xmsec2 2 7 0 -b--- 0.3 9602 s:02/p:02 <<
our domain runs both policies with ssidref 2
-
-
-[root@laptop policy]# ./policy_tool getpolicy
-
-Policy dump:
-============
-Magic = 1debc.
-PolVer = aaaa0000.
-Len = 112.
-Primary = CHINESE WALL policy (c=1, off=14).
-Secondary = SIMPLE TYPE ENFORCEMENT policy (c=2, off=d8).
-
-
-Chinese Wall policy:
-====================
-Max Types = a.
-Max Ssidrefs = 5.
-Max ConfSets = 2.
-Ssidrefs Off = 10.
-Conflicts Off = 74.
-Runing T. Off = 9c.
-C. Agg. Off = b0.
-
-SSID To CHWALL-Type matrix:
-
- ssidref 0: 01 00 00 00 00 00 00 00 00 00
- ssidref 1: 00 01 00 00 00 00 00 00 00 00
- ssidref 2: 00 00 01 00 00 00 00 00 00 00 <<< our domain has type 2 set
- ssidref 3: 00 00 00 01 00 00 00 00 00 00
- ssidref 4: 00 00 00 00 01 00 00 00 00 00
-
-Confict Sets:
-
- c-set 0: 00 00 01 01 00 00 00 00 00 00 <<< t2 is in c-set0 with type 3
- c-set 1: 01 00 00 00 00 01 01 00 00 00
-
-Running
-Types: 01 01 01 00 00 00 00 00 00 00 <<< t2 is running since the
- ^^ <<< current aggregate conflict
- <<< set (see above) does not
- <<< include type 2
-Conflict
-Aggregate Set: 00 00 00 01 00 01 01 00 00 00 <<< type 3 is added to the
- <<< conflict aggregate
-
-
-Simple Type Enforcement policy:
-===============================
-Max Types = 5.
-Max Ssidrefs = 5.
-Ssidrefs Off = 8.
-
-SSID To STE-Type matrix:
-
- ssidref 0: 01 01 01 01 01
- ssidref 1: 00 01 00 00 00
- ssidref 2: 00 00 01 00 00
- ssidref 3: 00 00 00 01 00
- ssidref 4: 00 00 00 00 01
-
-
-Policy dump End.
-
-
-The sHype xen dmesg output looks similar to the one above when starting the
-first domain.
-
-Now we start xmsec3 and it has ssidref3. Thus, it tries to run as type3 which
-conflicts with running type2 (from xmsec2). As expected, creating this domain
-fails for security policy enforcement reasons.
-
-[root@laptop xen]# xm create -c xmsec3
-Using config file "xmsec3".
-Error: Error creating domain: (22, 'Invalid argument')
-[root@laptop xen]#
-
-[root@laptop xen]# xm dmesg
-.
-.
-[somewhere near the very end]
-(XEN) chwall_pre_domain_create.
-(XEN) chwall_pre_domain_create: CHINESE WALL CONFLICT in type 03.
-
-xmsec3 ssidref3 points to type3, which is in the current conflict aggregate
-set. This domain cannot start until domain xmsec2 is destroyed, at which time
-the aggregate conflict set is reduced and type3 is excluded from it. Then,
-xmsec3 can start. Of course, afterwards, xmsec2 cannot be restarted. Try it.
-
-3. Policy tool
-**************
-toos/policy/policy_tool.c
-
-a) ./policy_tool getpolicy
- prints the currently enforced policy
- (see for example section 1.)
-
-b) ./policy_tool setpolicy
- sets a predefined and hardcoded security
- policy (the one described in section 2.)
-
-c) ./policy_tool dumpstats
- prints some status information about the caching
- of access control decisions (number of cache hits
- and number of policy evaluations for grant_table
- and event channels).
-
-d) ./policy_tool loadpolicy <binary_policy_file>
- sets the policy defined in the <binary_policy_file>
- please use the policy_processor that is posted to this
- mailing list to create such a binary policy from an XML
- policy description
-
-4. Policy interface:
-********************
-The Policy interface is working in "network-byte-order" (big endian). The
reason for this
-is that policy files/management should be portable and independent of the
platforms.
-
-Our policy interface enables managers to create a single binary policy file in
a trusted
-environment and distributed it to multiple systems for enforcement.
-
-5. Booting with a binary policy:
-********************************
-The grub configuration file can be adapted to boot the hypervisor with an
-already active policy. To do this, a binary policy file - this can be
-the same file as used by the policy_tool - should be placed into the boot
-partition. The following entry from the grub configuration file shows how
-a binary policy can be added to the system during boot time. Note that the
-binary policy must be of the same type that the hypervisor was compiled
-for. The policy module line should also only be added as the last module
-line if XEN was compiled with the access control module (ACM).
-
-title XEN0 3.0 Devel
- kernel /xen.gz dom0_mem=400000
- module /vmlinuz-2.6.12-xen0 root=/dev/hda2 ro console=tty0
- module /initrd-2.6.12-xen0.img
- module /xen_sample_policy.bin
-
-
-====================end-of file=======================================
diff -r 99914b54f7bf -r 81576d3d1ca8
linux-2.6-xen-sparse/drivers/xen/blkback/control.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/control.c Thu Aug 18
18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,61 +0,0 @@
-/******************************************************************************
- * arch/xen/drivers/blkif/backend/control.c
- *
- * Routines for interfacing with the control plane.
- *
- * Copyright (c) 2004, Keir Fraser
- */
-
-#include "common.h"
-
-static void blkif_ctrlif_rx(ctrl_msg_t *msg, unsigned long id)
-{
- DPRINTK("Received blkif backend message, subtype=%d\n", msg->subtype);
-
- switch ( msg->subtype )
- {
- case CMSG_BLKIF_BE_CREATE:
- blkif_create((blkif_be_create_t *)&msg->msg[0]);
- break;
- case CMSG_BLKIF_BE_DESTROY:
- blkif_destroy((blkif_be_destroy_t *)&msg->msg[0]);
- break;
- case CMSG_BLKIF_BE_CONNECT:
- blkif_connect((blkif_be_connect_t *)&msg->msg[0]);
- break;
- case CMSG_BLKIF_BE_DISCONNECT:
- if ( !blkif_disconnect((blkif_be_disconnect_t *)&msg->msg[0],msg->id) )
- return; /* Sending the response is deferred until later. */
- break;
- case CMSG_BLKIF_BE_VBD_CREATE:
- vbd_create((blkif_be_vbd_create_t *)&msg->msg[0]);
- break;
- case CMSG_BLKIF_BE_VBD_DESTROY:
- vbd_destroy((blkif_be_vbd_destroy_t *)&msg->msg[0]);
- break;
- default:
- DPRINTK("Parse error while reading message subtype %d, len %d\n",
- msg->subtype, msg->length);
- msg->length = 0;
- break;
- }
-
- ctrl_if_send_response(msg);
-}
-
-void blkif_ctrlif_init(void)
-{
- ctrl_msg_t cmsg;
- blkif_be_driver_status_t st;
-
- (void)ctrl_if_register_receiver(CMSG_BLKIF_BE, blkif_ctrlif_rx,
- CALLBACK_IN_BLOCKING_CONTEXT);
-
- /* Send a driver-UP notification to the domain controller. */
- cmsg.type = CMSG_BLKIF_BE;
- cmsg.subtype = CMSG_BLKIF_BE_DRIVER_STATUS;
- cmsg.length = sizeof(blkif_be_driver_status_t);
- st.status = BLKIF_DRIVER_STATUS_UP;
- memcpy(cmsg.msg, &st, sizeof(st));
- ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/Makefile
--- a/tools/misc/policyprocessor/Makefile Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,42 +0,0 @@
-XEN_ROOT = ../../..
-include $(XEN_ROOT)/tools/Rules.mk
-
-CFLAGS += -static
-CFLAGS += -Wall
-CFLAGS += -Werror
-CFLAGS += -O3
-CFLAGS += -fno-strict-aliasing
-CFLAGS += -I.
-
-all: build
-
-build: mk-symlinks
- $(MAKE) xml_to_bin
-
-default: all
-
-install: all
-
-xml_to_bin : make_include XmlToBin.java XmlToBinInterface.java SsidsEntry.java
SecurityLabel.java myHandler.java
- javac XmlToBin.java
-
-make_include : c2j_include
- ./c2j_include
-
-c2j_include: c2j_include.c
- $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $<
-
-clean:
- rm -rf *.class xen c2j_include policy_version.java *.bin
-
-
-LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse
-mk-symlinks:
- [ -e xen/linux ] || mkdir -p xen/linux
- [ -e xen/io ] || mkdir -p xen/io
- ( cd xen >/dev/null ; \
- ln -sf ../$(XEN_ROOT)/xen/include/public/*.h . )
- ( cd xen/io >/dev/null ; \
- ln -sf ../../$(XEN_ROOT)/xen/include/public/io/*.h . )
- ( cd xen/linux >/dev/null ; \
- ln -sf ../../$(LINUX_ROOT)/include/asm-xen/linux-public/*.h . )
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/misc/policyprocessor/SecurityLabel.java
--- a/tools/misc/policyprocessor/SecurityLabel.java Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,34 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: SecurityLabel.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * SecurityLabel Class.
- *
- * <p>
- *
- * Keeps track of types.
- *
- * <p>
- *
- *
- */
-import java.util.*;
-public class SecurityLabel
-{
- Vector ids;
- Vector vlans;
- Vector slots;
- Vector steTypes;
- int steSsidPosition;
- Vector chwIDs;
- Vector chwTypes;
- int chwSsidPosition;
-}
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/misc/policyprocessor/SecurityPolicySpec.xsd
--- a/tools/misc/policyprocessor/SecurityPolicySpec.xsd Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Ray Valdez, rvaldez@xxxxxxxxxx -->
-<!-- xml schema definition for xen xml policies -->
-<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema";
-targetNamespace="http://www.ibm.com";
-xmlns="http://www.ibm.com";
-elementFormDefault="qualified">
-
-<xsd:element name="TE" type="xsd:string" />
-<xsd:element name="ChWall" type="xsd:string" />
-
-<xsd:element name="Definition">
- <xsd:complexType>
- <xsd:sequence>
-
- <!-- simple type enforcement -->
- <xsd:element name="Types" minOccurs ="0" maxOccurs="1">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="TE" minOccurs ="1" maxOccurs
="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- chinese wall -->
- <!-- type definition -->
- <xsd:element name="ChWallTypes" minOccurs ="0" maxOccurs="1">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="ChWall" minOccurs ="1" maxOccurs
="unbounded"/>
-
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- conflict set -->
- <xsd:element name="ConflictSet" minOccurs ="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="ChWall" minOccurs ="2" maxOccurs
="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- </xsd:sequence>
- </xsd:complexType>
-</xsd:element>
-
-<xsd:element name="Policy">
- <xsd:complexType>
- <xsd:sequence>
-
- <xsd:element name="PolicyHeader">
- <xsd:complexType>
- <xsd:all>
- <xsd:element name = "Name" type="xsd:string"/>
- <xsd:element name = "DateTime" type="xsd:dateTime"/>
- <xsd:element name = "Tag" minOccurs ="1" maxOccurs ="1"
type="xsd:string"/>
- <xsd:element name = "TypeDefinition">
- <xsd:complexType>
- <xsd:all>
- <xsd:element name = "url" type="xsd:string"/>
- <xsd:element name = "hash" minOccurs ="0" maxOccurs
="1" type="xsd:string"/>
- </xsd:all>
- </xsd:complexType>
- </xsd:element>
-
- </xsd:all>
- </xsd:complexType>
- </xsd:element>
-
- <xsd:element name="VM" minOccurs ="1" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="id" type="xsd:integer"/>
- <xsd:element ref="TE" minOccurs="0" maxOccurs="unbounded" />
- <xsd:element ref="ChWall" minOccurs ="0" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <xsd:element name="Vlan" minOccurs ="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="vid" type="xsd:integer"/>
- <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <xsd:element name="Slot" minOccurs ="0" maxOccurs="unbounded">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="bus" type="xsd:integer"/>
- <xsd:element name="slot" type="xsd:integer"/>
- <xsd:element ref="TE" minOccurs="1" maxOccurs="unbounded" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
-
- </xsd:sequence>
- </xsd:complexType>
-</xsd:element>
-
-<!-- root element -->
-<xsd:element name="SecurityPolicySpec">
- <xsd:complexType>
- <xsd:choice>
- <xsd:element ref="Definition" minOccurs ="1"
maxOccurs="unbounded"/>
- <xsd:element ref="Policy" minOccurs ="1" maxOccurs="unbounded"/>
- </xsd:choice>
- </xsd:complexType>
-</xsd:element>
-</xsd:schema>
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/SsidsEntry.java
--- a/tools/misc/policyprocessor/SsidsEntry.java Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,29 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: SsidsEntry.java,v 1.2 2005/06/17 20:02:40 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * SsidsEntry Class.
- * <p>
- *
- * Holds ssid information.
- *
- * <p>
- *
- *
- */
-public class SsidsEntry
- {
- int id; /* used for partition and vlan */
- int bus; /* used for slots */
- int slot;
- int ste = 0xffffffff;
- int chw = 0xffffffff;
- }
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/XmlToBin.java
--- a/tools/misc/policyprocessor/XmlToBin.java Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,1570 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: XmlToBin.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * Contributors:
- * Reiner Sailer - adjust type-lengths
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * XmlToBin Class.
- * <p>
- *
- * Translates a xml representation of a SHYPE policy into a binary
- * format. The class processes an xml policy file based on elment tags
- * defined in a schema definition files: SecurityPolicySpec.xsd.
- *
- * XmlToBin Command line Options:
- *
- * -i inputFile: name of policyfile (.xml)
- * -o outputFile: name of binary policy file (Big Endian)
- * -xssid SsidFile: xen ssids to types text file
- * -xssidconf SsidConf: xen conflict ssids to types text file
- * -debug turn on debug messages
- * -help help. This printout
- *
- * <p>
- *
- *
- */
-import java.util.*;
-import java.io.*;
-import java.io.IOException;
-import java.io.FileNotFoundException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.Attr;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.NamedNodeMap;
-import org.xml.sax.*;
-import javax.xml.parsers.*;
-import org.xml.sax.helpers.*;
-
-public class XmlToBin
- implements XmlToBinInterface
-{
- class SlotInfo {
- String bus;
- String slot;
- }
-
- boolean LittleEndian = false;
- boolean debug = false;
-
- static final String JAXP_SCHEMA_LANGUAGE =
"http://java.sun.com/xml/jaxp/properties/schemaLanguage";;
-
- static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";;
-
- public static void printUsage()
- {
- System.out.println("XmlToBin Command line Options: ");
- System.out.println("\t-i\t\tinputFile:\tname of policyfile (.xml)");
- System.out.println("\t-o\t\toutputFile:\tname of binary policy file (Big
Endian)");
- System.out.println("\t-xssid\t\tSsidFile:\tXen ssids to named types text
file");
- System.out.println("\t-xssidconf\tSsidConfFile:\tXen conflict ssids to named
types text file");
- System.out.println("\t-debug\t\t\t\tturn on debug messages");
- System.out.println("\t-help\t\t\t\thelp. This printout");
- return;
- }
-
- public void printDebug(String message)
- {
- if (debug)
- System.out.println(message);
- }
-
- public void writeBinPolicy(byte[] binPolicy, String outputFileName)
- throws Exception
- {
- if (debug)
- printHex(binPolicy,binPolicy.length);
-
- DataOutputStream writeObj = new DataOutputStream(
- new FileOutputStream(outputFileName));
-
- writeObj.write(binPolicy);
- writeObj.flush();
- writeObj.close();
- System.out.println(" wBP:: wrote outputfile: " + outputFileName);
-
- return;
- }
-
- public void writeXenTypeVectorFile(Vector list, String outputFileName)
- throws Exception
- {
- PrintWriter out;
-
- if (0 == list.size())
- {
- printDebug(" wSTF : size of input is zero when writing :" +
outputFileName);
- return;
- }
- out = new PrintWriter(
- new BufferedWriter(
- new FileWriter(outputFileName)));
-
-
- for (int i = 0; i < list.size(); i++)
- {
- Vector ee = (Vector) list.elementAt(i);
- out.println(i + " " +ee.toString());
- }
- out.close();
-
- return;
- }
-
- public void writeXenTypeFile(Vector list, String outputFileName, boolean
slabel)
- throws Exception
- {
- Vector entry;
- String strTypes = "";
- SecurityLabel ee;
- PrintWriter out;
-
- if (0 == list.size())
- {
- printDebug(" wSTF : size of input is zero when writing :" +
outputFileName);
- return;
- }
- out = new PrintWriter(
- new BufferedWriter(
- new FileWriter(outputFileName)));
-
- for (int i = 0; i < list.size(); i++)
- {
- ee = (SecurityLabel) list.elementAt(i);
-
- if (slabel)
- {
- entry = ee.steTypes;
- } else {
-
- entry = ee.chwTypes;
- }
- if (null == entry) continue;
-
- Enumeration e = entry.elements();
- while (e.hasMoreElements())
- {
- String typeName = (String) e.nextElement();
- strTypes = strTypes + " " + typeName;
- }
- printDebug(" WXTF:: ssid : "+i +" :"+strTypes);
- out.println(i +" "+strTypes);
- strTypes = "";
- }
- out.close();
-
- return;
- }
-
- public void setDebug(boolean value)
- {
- debug=value;
- }
-
- public void setEndian(boolean value)
- {
- LittleEndian = value;
- }
-
- public byte[] generateVlanSsids(Vector bagOfSsids)
- throws Exception
- {
- /**
- typedef struct {
- u16 vlan;
- u16 ssid_ste;
- } acm_vlan_entry_t;
- **/
-
- Hashtable vlanSsid = new Hashtable();
- printDebug(" gVS::Size of bagOfSsids: "+ bagOfSsids.size());
-
- /* Get the number of partitions */
- for (int i = 0; i < bagOfSsids.size(); i++)
- {
- SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
-
- if (null == entry.vlans)
- continue;
-
- Enumeration e = entry.vlans.elements();
- while (e.hasMoreElements())
- {
- String id = (String) e.nextElement();
- printDebug(" gVS:: vlan: " + id + "has ste ssid: " +
entry.steSsidPosition);
- if (-1 == entry.steSsidPosition)
- continue;
-
- /* Only use ste for vlan */
- SsidsEntry ssidsObj = new SsidsEntry();
-
- ssidsObj.id = Integer.parseInt(id);
- ssidsObj.ste = entry.steSsidPosition;
-
- if (vlanSsid.contains(id))
- printDebug(" gVS:: Error already in the Hash part:" +
ssidsObj.id);
- else
- vlanSsid.put(id, ssidsObj);
- printDebug(" gVS:: added part: " + id + "has ste ssid: " +
entry.steSsidPosition);
- }
- }
-
- /* allocate array */
- int numOfVlan = vlanSsid.size();
- int totalSize = (numOfVlan * vlanEntrySz);
-
- if (0 == numOfVlan)
- {
- printDebug(" gVS:: vlan: binary ==> zero");
- return new byte[0];
- }
-
- byte[] vlanArray = new byte[totalSize];
-
- int index = 0;
-
- Enumeration e = vlanSsid.elements();
- while (e.hasMoreElements())
- {
- SsidsEntry entry = (SsidsEntry) e.nextElement();
- printDebug(" gVS:: part: " + entry.id + " ste ssid: " + entry.ste);
-
- /* Write id */
- writeShortToStream(vlanArray,(short)entry.id,index);
- index = index + u16Size;
-
- /* write ste ssid */
- writeShortToStream(vlanArray,(short) entry.ste,index);
- index = index + u16Size;
- }
-
- printDebug(" gVS:: vlan: num of vlans " + numOfVlan);
- printDebug(" gVS:: vlan: binary ==> Length "+ vlanArray.length);
-
- if (debug)
- printHex(vlanArray,vlanArray.length);
- printDebug("\n");
-
- return vlanArray;
- }
-
- public byte[] generateSlotSsids(Vector bagOfSsids)
- throws Exception
- {
- /**
- typedef struct {
- u16 slot_max;
- u16 slot_offset;
- } acm_slot_buffer_t;
-
- typedef struct {
- u16 bus;
- u16 slot;
- u16 ssid_ste;
- } acm_slot_entry_t;
- **/
- Hashtable slotSsid = new Hashtable();
- printDebug(" gSS::Size of bagOfSsids: "+ bagOfSsids.size());
-
- /* Find the number of VMs */
- for (int i = 0; i < bagOfSsids.size(); i++)
- {
- SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
-
- if (null == entry.slots)
- continue;
-
- Enumeration e = entry.slots.elements();
- while (e.hasMoreElements())
- {
- SlotInfo item = (SlotInfo) e.nextElement();
- printDebug(" gSS:: bus slot: " + item.bus + " "+ item.slot + " " +
entry.steSsidPosition);
- if (-1 == entry.steSsidPosition)
- continue;
-
- SsidsEntry ssidsObj = new SsidsEntry();
-
- String id = item.bus +" "+item.slot;
- ssidsObj.bus = Integer.parseInt(item.bus);
- ssidsObj.slot = Integer.parseInt(item.slot);
- /* set ste ssid */
- ssidsObj.ste = entry.steSsidPosition;
-
- if (slotSsid.contains(id))
- printDebug(" gSS:: Error already in the Hash part:" + id);
- else
- slotSsid.put(id, ssidsObj);
-
- printDebug(" gSS:: added slot: " + id + "has ste ssid: " +
entry.steSsidPosition);
- }
- }
-
- /* allocate array */
- int numOfSlot = slotSsid.size();
-
- if (0 == numOfSlot)
- {
- printDebug(" gVS:: slot: binary ==> zero");
- return new byte[0];
- }
-
- int totalSize = (numOfSlot * slotEntrySz);
-
- byte[] slotArray = new byte[totalSize];
-
- int index = 0;
-
- Enumeration e = slotSsid.elements();
- while (e.hasMoreElements())
- {
- SsidsEntry entry = (SsidsEntry) e.nextElement();
- System.out.println(" gSS:: bus slot: " + entry.bus + " " + entry.slot +
" ste ssid: " + entry.ste);
-
- /* Write bus */
- writeShortToStream(slotArray,(short)entry.bus,index);
- index = index + u16Size;
-
- /* Write slot */
- writeShortToStream(slotArray,(short)entry.slot,index);
- index = index + u16Size;
-
- /* Write ste ssid */
- writeShortToStream(slotArray,(short) entry.ste,index);
- index = index + u16Size;
-
- }
-
- printDebug(" gSS:: slot: num of vlans " + numOfSlot);
- printDebug(" gSS:: slot: binary ==> Length "+ slotArray.length);
-
- if (debug)
- printHex(slotArray,slotArray.length);
- printDebug("\n");
-
- return slotArray;
-
- }
-
- public byte[] generatePartSsids(Vector bagOfSsids, Vector bagOfChwSsids)
- throws Exception
- {
- /**
- typedef struct {
- u16 id;
- u16 ssid_ste;
- u16 ssid_chwall;
- } acm_partition_entry_t;
-
- **/
- Hashtable partSsid = new Hashtable();
- printDebug(" gPS::Size of bagOfSsids: "+ bagOfSsids.size());
-
- /* Find the number of VMs */
- for (int i = 0; i < bagOfSsids.size(); i++)
- {
- SecurityLabel entry = (SecurityLabel) bagOfSsids.elementAt(i);
-
- if (null == entry.ids)
- continue;
-
- Enumeration e = entry.ids.elements();
- while (e.hasMoreElements())
- {
- String id = (String) e.nextElement();
- printDebug(" gPS:: part: " + id + "has ste ssid: " +
entry.steSsidPosition);
- if (-1 == entry.steSsidPosition)
- continue;
-
- SsidsEntry ssidsObj = new SsidsEntry();
-
- ssidsObj.id = Integer.parseInt(id);
- ssidsObj.ste = entry.steSsidPosition;
-
- if (partSsid.contains(id))
- printDebug(" gPS:: Error already in the Hash part:" +
ssidsObj.id);
- else
- partSsid.put(id, ssidsObj);
- printDebug(" gPS:: added part: " + id + "has ste ssid: " +
entry.steSsidPosition);
- }
-
- }
-
- for (int i = 0; i < bagOfChwSsids.size(); i++)
- {
- SecurityLabel entry = (SecurityLabel) bagOfChwSsids.elementAt(i);
-
- Enumeration e = entry.chwIDs.elements();
- while (e.hasMoreElements())
- {
- String id = (String) e.nextElement();
- printDebug(" gPS:: part: " + id + "has chw ssid: " +
entry.chwSsidPosition);
- if (partSsid.containsKey(id))
- {
- SsidsEntry item = (SsidsEntry) partSsid.get(id);
- item.chw = entry.chwSsidPosition;
- printDebug(" gPS:: added :" + item.id +" chw: " + item.chw);
- }
- else
- {
- printDebug(" gPS:: creating :" + id +" chw: " +
entry.chwSsidPosition);
- SsidsEntry ssidsObj = new SsidsEntry();
- ssidsObj.id = Integer.parseInt(id);
- ssidsObj.chw = entry.chwSsidPosition;
- partSsid.put(id, ssidsObj);
-
- }
- }
- }
-
- /* Allocate array */
- int numOfPar = partSsid.size();
- int totalSize = (numOfPar * partitionEntrySz);
-
- if (0 == numOfPar)
- {
- printDebug(" gPS:: part: binary ==> zero");
- return new byte[0];
- }
-
- byte[] partArray = new byte[totalSize];
-
- int index = 0;
-
- Enumeration e = partSsid.elements();
- while (e.hasMoreElements())
- {
- SsidsEntry entry = (SsidsEntry) e.nextElement();
- printDebug(" gPS:: part: " + entry.id + " ste ssid: " + entry.ste + "
chw ssid: "+ entry.chw);
-
- /* Write id */
- writeShortToStream(partArray,(short)entry.id,index);
- index = index + u16Size;
-
- /* Write ste ssid */
- writeShortToStream(partArray,(short) entry.ste,index);
- index = index + u16Size;
-
- /* Write chw ssid */
- writeShortToStream(partArray,(short) entry.chw,index);
- index = index + u16Size;
- }
-
- printDebug(" gPS:: part: num of partitions " + numOfPar);
- printDebug(" gPS:: part: binary ==> Length " + partArray.length);
-
- if (debug)
- printHex(partArray,partArray.length);
- printDebug("\n");
-
- return partArray;
- }
-
- public byte[] GenBinaryPolicyBuffer(byte[] chwPolicy, byte[] stePolicy, byte
[] partMap, byte[] vlanMap, byte[] slotMap)
- {
- byte[] binBuffer;
- short chwSize =0;
- short steSize =0;
- int index = 0;
-
- /* Builds data structure acm_policy_buffer_t */
- /* Get number of colorTypes */
- if (null != chwPolicy)
- chwSize = (short) chwPolicy.length;
-
- if (null != stePolicy)
- steSize = (short) stePolicy.length;
-
- int totalDataSize = chwSize + steSize + resourceOffsetSz + 3 *(2 * u16Size);
-
- /* Add vlan and slot */
- totalDataSize = totalDataSize +partMap.length + vlanMap.length +
slotMap.length;
- binBuffer = new byte[binaryBufferHeaderSz +totalDataSize];
-
-
- try {
- index = 0;
- /* fill in General Policy Version */
- writeIntToStream(binBuffer, ACM_POLICY_VERSION, index);
- index += u32Size;
-
- /* Write magic */
- writeIntToStream(binBuffer, ACM_MAGIC, index);
- index += u32Size;
-
- /* write len */
- writeIntToStream(binBuffer, binBuffer.length, index);
- index += u32Size;
-
- } catch (IOException ee) {
- System.out.println(" GBPB:: got exception : " + ee);
- return null;
- }
-
- int offset, address;
- address = index;
-
- if (null != partMap)
- offset = binaryBufferHeaderSz + resourceOffsetSz;
- else
- offset = binaryBufferHeaderSz;
-
- try {
- int skip = 0;
-
- /* init with NULL policy setting */
- writeIntToStream(binBuffer, ACM_NULL_POLICY, index);
- writeIntToStream(binBuffer, 0, index + u32Size);
- writeIntToStream(binBuffer, ACM_NULL_POLICY, index + 2*u32Size);
- writeIntToStream(binBuffer, 0, index + 3*u32Size);
-
- index = address;
- if (null != chwPolicy) {
-
- /* Write policy name */
- writeIntToStream(binBuffer, ACM_CHINESE_WALL_POLICY, index);
- index += u32Size;
-
- /* Write offset */
- writeIntToStream(binBuffer, offset, index);
- index += u32Size;
-
- /* Write payload. No need increment index */
- address = offset;
- System.arraycopy(chwPolicy, 0, binBuffer,address,
chwPolicy.length);
- address = address + chwPolicy.length;
- } else
- skip += 2*u32Size;
-
- if (null != stePolicy)
- {
- /* Write policy name */
- writeIntToStream(binBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
index);
- index += u32Size;
-
- /* Write offset */
- writeIntToStream(binBuffer, address, index);
- index += u32Size;
-
- /* Copy array */
- System.arraycopy(stePolicy, 0, binBuffer,address,
stePolicy.length);
- /* Update address */
- address = address + stePolicy.length;
- } else
- skip += 2*u32Size;
-
- /* Skip writing policy name and offset for each null policy*/
- index += skip;
-
- int size;
- /* Assumes that you will always have a partition defined in policy */
- if ( 0 < partMap.length) {
- writeIntToStream(binBuffer, address, index);
- index = address;
-
- /* Compute num of VMs */
- size = partMap.length / (3 * u16Size);
-
- writeShortToStream(binBuffer, (short)size,index);
- index = index + u16Size;
-
- /* part, vlan and slot: each one consists of two entries */
- offset = 3 * (2 * u16Size);
- writeShortToStream(binBuffer, (short) offset,index);
-
- /* Write partition array at offset */
- System.arraycopy(partMap, 0, binBuffer,(offset + address),
partMap.length);
- index = index + u16Size;
- offset = offset + partMap.length;
- }
-
- if ( 0 < vlanMap.length) {
- size = vlanMap.length / (2 * u16Size);
- writeShortToStream(binBuffer, (short) size,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer, (short) offset,index);
- index = index + u16Size;
- System.arraycopy(vlanMap, 0, binBuffer,(offset + address),
vlanMap.length);
- } else {
- /* Write vlan max */
- writeShortToStream(binBuffer, (short) 0,index);
- index = index + u16Size;
-
- /* Write vlan offset */
- writeShortToStream(binBuffer, (short) 0,index);
- index = index + u16Size;
- }
-
- offset = offset + vlanMap.length;
- if ( 0 < slotMap.length) {
- size = slotMap.length / (3 * u16Size);
- writeShortToStream(binBuffer, (short) size,index);
- index = index + u16Size;
-
- writeShortToStream(binBuffer, (short) offset,index);
- index = index + u16Size;
- System.arraycopy(slotMap, 0, binBuffer,(offset + address),
slotMap.length);
- }
- } catch (IOException ee) {
- System.out.println(" GBPB:: got exception : " + ee);
- return null;
- }
-
- printDebug(" GBP:: Binary Policy ==> length " + binBuffer.length);
- if (debug)
- printHex(binBuffer,binBuffer.length);
-
- return binBuffer;
- }
-
- public byte[] generateChwBuffer(Vector Ssids, Vector ConflictSsids, Vector
ColorTypes)
- {
- byte[] chwBuffer;
- int index = 0;
- int position = 0;
-
- /* Get number of rTypes */
- int maxTypes = ColorTypes.size();
-
- /* Get number of SSids entry */
- int maxSsids = Ssids.size();
-
- /* Get number of conflict sets */
- int maxConflict = ConflictSsids.size();
-
-
- if (maxTypes * maxSsids == 0)
- return null;
- /*
- data structure acm_chwall_policy_buffer
- se XmlToBinInterface.java
- */
- int totalBytes = chwHeaderSize + u16Size *(maxTypes * (maxSsids +
maxConflict));
-
- chwBuffer = new byte[ totalBytes ];
- int address = chwHeaderSize + (u16Size * maxTypes * maxSsids );
-
- printDebug(" gCB:: chwall totalbytes : "+totalBytes);
-
- try {
- index = 0;
- /* fill in General Policy Version */
- writeIntToStream(chwBuffer, ACM_CHWALL_VERSION, index);
- index += u32Size;
-
- writeIntToStream(chwBuffer, ACM_CHINESE_WALL_POLICY, index);
- index += u32Size;
-
- writeIntToStream(chwBuffer, maxTypes, index);
- index += u32Size;
-
- writeIntToStream(chwBuffer, maxSsids, index);
- index += u32Size;
-
- writeIntToStream(chwBuffer, maxConflict, index);
- index += u32Size;
-
- /* Write chwall_ssid_offset */
- writeIntToStream(chwBuffer, chwHeaderSize, index);
- index += u32Size;
-
- /* Write chwall_conflict_sets_offset */
- writeIntToStream(chwBuffer, address, index);
- index += u32Size;
-
- /* Write chwall_running_types_offset */
- writeIntToStream(chwBuffer, 0, index);
- index += u32Size;
-
- /* Write chwall_conflict_aggregate_offset */
- writeIntToStream(chwBuffer, 0, index);
- index += u32Size;
-
- } catch (IOException ee) {
- System.out.println(" gCB:: got exception : " + ee);
- return null;
- }
- int markPos = 0;
-
- /* Create the SSids entry */
- for (int i = 0; i < maxSsids; i++)
- {
- SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
- /* Get chwall types */
- ssidEntry.chwSsidPosition = i;
- Enumeration e = ssidEntry.chwTypes.elements();
- while (e.hasMoreElements())
- {
- String typeName = (String) e.nextElement();
- printDebug(" gCB:: Ssid "+ i+ ": has type : " + typeName);
- position = ColorTypes.indexOf(typeName);
-
- if (position < 0)
- {
- System.out.println (" gCB:: Error type : " + typeName + " not
found in ColorTypes");
- return null;
- }
- printDebug(" GCB:: type : " + typeName + " found in ColorTypes at
position: " + position);
- markPos = ((i * maxTypes + position) * u16Size) + index;
-
- try {
- writeShortToStream(chwBuffer,markSymbol,markPos);
- } catch (IOException ee) {
- System.out.println(" gCB:: got exception : ");
- return null;
- }
- }
- }
-
- if (debug)
- printHex(chwBuffer,chwBuffer.length);
-
- /* Add conflict set */
- index = address;
- for (int i = 0; i < maxConflict; i++)
- {
- /* Get ste types */
- Vector entry = (Vector) ConflictSsids.elementAt(i);
- Enumeration e = entry.elements();
- while (e.hasMoreElements())
- {
- String typeName = (String) e.nextElement();
- printDebug (" GCB:: conflict Ssid "+ i+ ": has type : " + typeName);
- position = ColorTypes.indexOf(typeName);
-
- if (position < 0)
- {
- System.out.println (" GCB:: Error type : " + typeName + " not
found in ColorTypes");
- return null;
- }
- printDebug(" GCB:: type : " + typeName + " found in ColorTypes at
position: " + position);
- markPos = ((i * maxTypes + position) * u16Size) + index;
-
- try {
- writeShortToStream(chwBuffer,markSymbol,markPos);
- } catch (IOException ee) {
- System.out.println(" GCB:: got exception : ");
- return null;
- }
- }
-
- }
- printDebug(" gSB:: chw binary ==> Length " + chwBuffer.length);
- if (debug)
- printHex(chwBuffer,chwBuffer.length);
- printDebug("\n");
-
- return chwBuffer;
- }
-
-/**********************************************************************
- Generate byte representation of policy using type information
- <p>
- @param Ssids Vector
- @param ColorTypes Vector
- <p>
- @return bytes represenation of simple type enforcement policy
-**********************************************************************/
- public byte[] generateSteBuffer(Vector Ssids, Vector ColorTypes)
- {
- byte[] steBuffer;
- int index = 0;
- int position = 0;
-
- /* Get number of colorTypes */
- int numColorTypes = ColorTypes.size();
-
- /* Get number of SSids entry */
- int numSsids = Ssids.size();
-
- if (numColorTypes * numSsids == 0)
- return null;
-
- /* data structure: acm_ste_policy_buffer
- * see XmlToBinInterface.java
- * total bytes: steHeaderSize * 2B + colorTypes(size) * Ssids(size)
- *
- */
- steBuffer = new byte[ steHeaderSize + (numColorTypes * numSsids) * 2];
-
- try {
-
- index = 0;
- writeIntToStream(steBuffer, ACM_STE_VERSION, index);
- index += u32Size;
-
- writeIntToStream(steBuffer, ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
index);
- index += u32Size;
-
- writeIntToStream(steBuffer, numColorTypes, index);
- index += u32Size;
-
- writeIntToStream(steBuffer, numSsids, index);
- index += u32Size;
-
- writeIntToStream(steBuffer, steHeaderSize, index);
- index += u32Size;
-
-
- } catch (IOException ee) {
- System.out.println(" gSB:: got exception : " + ee);
- return null;
- }
- int markPos = 0;
- for (int i = 0; i < numSsids; i++)
- {
-
- SecurityLabel ssidEntry = (SecurityLabel) Ssids.elementAt(i);
- ssidEntry.steSsidPosition = i;
- /* Get ste types */
- Enumeration e = ssidEntry.steTypes.elements();
- while (e.hasMoreElements())
- {
- String typeName = (String) e.nextElement();
- printDebug (" gSB:: Ssid "+ i+ ": has type : " + typeName);
- position = ColorTypes.indexOf(typeName);
-
- if (position < 0)
- {
- printDebug(" gSB:: Error type : " + typeName + " not found in
ColorTypes");
- return null;
- }
- printDebug(" gSB:: type : " + typeName + " found in ColorTypes at
position: " + position);
- markPos = ((i * numColorTypes + position) * u16Size) + index;
-
- try {
- writeShortToStream(steBuffer,markSymbol,markPos);
- } catch (IOException ee)
- {
- System.out.println(" gSB:: got exception : ");
- return null;
- }
- }
-
- }
-
- printDebug(" gSB:: ste binary ==> Length " + steBuffer.length);
- if (debug)
- printHex(steBuffer,steBuffer.length);
- printDebug("\n");
-
- return steBuffer;
- }
-
- public static void printHex(byte [] dataArray, int length)
- {
- char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
- int hexIndex;
- int value;
- int arraylength;
-
- arraylength = length;
-
- if (dataArray == null)
- {
- System.err.print("printHex: input byte array is null");
- }
-
- if (length > dataArray.length || length < 0)
- arraylength = dataArray.length;
-
- System.out.print("\n\t");
-
- int i;
- for(i = 0; i < arraylength; )
- {
- value = dataArray[i] & 0xFF;
- hexIndex = (value >>> 4);
- System.out.print(hexChars[hexIndex]);
- hexIndex = (value & 0x0F);
- System.out.print(hexChars[hexIndex]);
-
- i++;
- /* if done, print a final newline */
- if (i == arraylength) {
- if (arraylength < dataArray.length) {
- System.out.print("...");
- }
- System.out.println();
- }
- else if ((i % 24) == 0) {
- System.out.print("\n\t");
- }
- else if ((i % 4) == 0) {
- System.out.print(" ");
- }
- }
-
- return;
- }
-
-
- private void writeShortToStream(byte[] stream, short value, int index)
- throws IOException
- {
- int littleEndian = 0;
- int byteVal;
-
- if (index + 2 > stream.length)
- {
- throw new IOException("Writing beyond stream length: " +
- stream.length + " writing at locations from: " +
index + " to " + (index + 4));
- }
-
- if (!LittleEndian)
- {
-
- byteVal = value >> 8;
- stream[index ] = (byte) byteVal;
-
- byteVal = value;
- stream[index + 1] = (byte) byteVal;
- } else {
- stream[index] = (byte) ((value & 0x00ff) );
- stream[index + 1] = (byte) ((value & 0xff00) >> 8);
- }
- return;
- }
-
- private void writeIntToStream(byte[] stream, int value, int index)
- throws IOException
- {
- int littleEndian = 0;
- int byteVal;
-
- if (4 > stream.length)
- {
- throw new IOException("writeIntToStream: stream length less than 4 bytes
" +
- stream.length);
- }
-
- /* Do not Write beyond range */
- if (index + 4 > stream.length)
- {
- throw new IOException("writeIntToStream: writing beyond stream length: "
+
- stream.length + " writing at locations from: " +
index + " to " + (index + 4));
- }
- if (!LittleEndian)
- {
- byteVal = value >>> 24;
- stream[index] = (byte) byteVal;
-
- byteVal = value >> 16;
- stream[index + 1] = (byte) byteVal;
-
- byteVal = value >> 8;
- stream[index + 2] = (byte) byteVal;
-
- byteVal = value;
- stream[index + 3] = (byte) byteVal;
- } else {
- stream[index] = (byte) value;
- stream[index + 1] = (byte) ((value & 0x0000ff00) >> 8);
- stream[index + 2] = (byte) ((value & 0x00ff0000) >> 16);
- stream[index + 3] = (byte) ( value >>> 24);
- }
- return;
- }
-
- public Document getDomTree(String xmlFileName)
- throws Exception, SAXException, ParserConfigurationException
- {
- javax.xml.parsers.DocumentBuilderFactory dbf =
- javax.xml.parsers.DocumentBuilderFactory.newInstance();
-
- /* Turn on namespace aware and validation */
- dbf.setNamespaceAware(true);
- dbf.setValidating(true);
- dbf.setAttribute(JAXP_SCHEMA_LANGUAGE,W3C_XML_SCHEMA);
-
- /* Checks that the document is well-formed */
- javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
-
- myHandler errHandler= new myHandler();
- db.setErrorHandler(errHandler);
- Document doc = db.parse(xmlFileName);
-
- /* Checks for validation errors */
- if (errHandler.isValid)
- printDebug(" gDT:: Xml file: " + xmlFileName + " is valid");
- else
- throw new Exception("Xml file: " + xmlFileName + " is NOT valid");
-
- return doc;
- }
-
- public void processDomTree(
- Document doc,
- Vector bagOfSsids,
- Vector bagOfTypes,
- Vector bagOfChwSsids,
- Vector bagOfChwTypes,
- Vector bagOfConflictSsids)
- throws Exception, SAXException, ParserConfigurationException
- {
- boolean found;
-
- /* print the root Element */
- Element root = doc.getDocumentElement();
- printDebug ("\n pDT:: Document Element: Name = " + root.getNodeName() +
",Value = " + root.getNodeValue());
-
- /* Go through the list of the root Element's Attributes */
- NamedNodeMap nnm = root.getAttributes();
- printDebug (" pDT:: # of Attributes: " + nnm.getLength());
- for (int i = 0; i < nnm.getLength(); i++)
- {
- Node n = nnm.item (i);
- printDebug (" pDT:: Attribute: Name = " + n.getNodeName() + ", Value =
"
- + n.getNodeValue());
- }
-
- /* Retrieve the policy definition */
- NodeList elementList = root.getElementsByTagName ("url");
- String definitionFileName =
elementList.item(0).getFirstChild().getNodeValue();
-
- String definitionHash = null;
-
- /* Note that SecurityPolicySpec.xsd allows for 0 hash value! */
- elementList = root.getElementsByTagName ("hash");
- if (0 != elementList.getLength())
- definitionHash = elementList.item(0).getFirstChild().getNodeValue();
-
- Document definitionDoc =
pGetDomDefinition(definitionFileName,definitionHash);
- pGetTypes(definitionDoc,bagOfTypes, bagOfChwTypes, bagOfConflictSsids);
-
-
- /* Get VM security information */
- elementList = root.getElementsByTagName ("VM");
- printDebug ("\n pDT:: partition length of NodeList:" +
elementList.getLength());
- /* Add default Ssid to Ste and Chw bags */
- SecurityLabel defEntry = new SecurityLabel();
-
- defEntry.chwTypes = new Vector();
- defEntry.steTypes = new Vector();
- defEntry.chwIDs = new Vector();
- defEntry.ids = new Vector();
-
- defEntry.steSsidPosition =0;
- defEntry.chwSsidPosition =0;
- bagOfChwSsids.add(defEntry);
- bagOfSsids.add(defEntry);
-
- for (int x = 0; x < elementList.getLength(); x++)
- {
- found = false;
-
- Node node = elementList.item (x);
-
- if (node.getNodeType() == Node.ELEMENT_NODE)
- {
- printDebug (" pDT:: child: " + x + " is an element node" );
- Element e1 = (Element) node;
-
- /* Get id */
- NodeList elist = e1.getElementsByTagName ("id");
- String idStr = elist.item(0).getFirstChild().getNodeValue();
- printDebug (" pDT:: id:" + idStr);
-
- /* Get TE */
- Vector colorTypes = new Vector();
- pConflictEntries(e1, "TE", bagOfTypes, colorTypes);
-
- Enumeration e = bagOfSsids.elements();
- while (e.hasMoreElements())
- {
- SecurityLabel elem = (SecurityLabel) e.nextElement();
- if ( elem.steTypes.size() == colorTypes.size() &&
elem.steTypes.containsAll(colorTypes))
- {
- found = true;
- elem.ids.add(idStr);
- }
-
- }
- if (!found && (0 < colorTypes.size()))
- {
- SecurityLabel entry = new SecurityLabel();
- entry.steTypes = colorTypes;
- entry.ids = new Vector();
- entry.ids.add(idStr);
- bagOfSsids.add(entry);
- }
-
- /* Get Chinese wall type */
- Vector chwTypes = new Vector();
- pConflictEntries(e1, "ChWall", bagOfChwTypes, chwTypes);
-
- found = false;
- e = bagOfChwSsids.elements();
-
- while (e.hasMoreElements())
- {
- SecurityLabel elem = (SecurityLabel) e.nextElement();
- if ( elem.chwTypes.size() == chwTypes.size() &&
elem.chwTypes.containsAll(chwTypes))
- {
- found = true;
- elem.chwIDs.add(idStr);
- }
-
- }
-
- if (!found && (0 < chwTypes.size()))
- {
- SecurityLabel entry = new SecurityLabel();
- entry.chwTypes = chwTypes;
- entry.chwIDs = new Vector();
- entry.chwIDs.add(idStr);
- bagOfChwSsids.add(entry);
- }
- }
- }
- return;
- }
-
- public Document pGetDomDefinition(
- String definitionFileName,
- String definitionHash)
- throws Exception, SAXException, ParserConfigurationException
- {
- printDebug("\n pGDD:: definition file name: " + definitionFileName);
- printDebug("\n pGDD:: definition file hash: " + definitionHash);
-
- Document doc = getDomTree(definitionFileName);
- return doc;
- }
-
- public void pGetTypes(
- Document defDoc,
- Vector bagOfTypes,
- Vector bagOfChwTypes,
- Vector bagOfConflictSsids)
- throws Exception
- {
-
-
- if (null == defDoc)
- throw new Exception(" pGT:: definition file DOM is null ");
-
- Element root = defDoc.getDocumentElement();
-
- /* Get list of TE types */
- NodeList elementList = root.getElementsByTagName ("Types");
- printDebug ("\n pGT:: Types length of NodeList:" + elementList.getLength());
- Element e1 = (Element) elementList.item (0);
- pGetEntries(e1,"TE",bagOfTypes);
-
- /* Get list of Chinese types */
- elementList = root.getElementsByTagName ("ChWallTypes");
- printDebug ("\n pGT:: ChwTypes length of NodeList:" +
elementList.getLength());
- if (0 == elementList.getLength())
- {
- printDebug ("\n pGT:: ChWallTypes has zero length: :" +
elementList.getLength());
- } else {
- e1 = (Element) elementList.item (0);
- pGetEntries(e1,"ChWall",bagOfChwTypes);
- }
- printDebug (" pGT:: Total number of unique chw types: " +
bagOfChwTypes.size());
-
- /* Get Chinese type conflict sets */
- elementList = root.getElementsByTagName ("ConflictSet");
- printDebug ("\n pGT:: Conflict sets length of NodeList:" +
elementList.getLength());
- for (int x = 0; x < elementList.getLength(); x++)
- {
- Vector conflictEntry = new Vector();
- e1 = (Element) elementList.item (x);
- printDebug ("\n pGT:: Conflict sets : " + x);
-
- pConflictEntries(e1, "ChWall", bagOfChwTypes, conflictEntry);
-
- if (conflictEntry.size() > 0)
- {
- boolean found = false;
- Enumeration e = bagOfConflictSsids.elements();
-
- while (e.hasMoreElements())
- {
- Vector elem = (Vector) e.nextElement();
- if (elem.size() == conflictEntry.size() &&
elem.containsAll(conflictEntry))
- {
- found = true;
- }
-
- }
- if (!found)
- {
- bagOfConflictSsids.add(conflictEntry);
- }
- }
- }
-
- }
-
- public void pGetEntries(Element doc, String tag, Vector typeBag)
- throws Exception
- {
-
- if (null == doc)
- throw new Exception(" pGE:: Element doc is null");
-
- if (null == typeBag)
- throw new Exception(" pGE:: typeBag is null");
-
- NodeList elist = doc.getElementsByTagName (tag);
- for (int j = 0; j < elist.getLength(); j++)
- {
- Node knode = elist.item (j);
- Node childNode = knode.getFirstChild();
- String value = childNode.getNodeValue();
-
- printDebug (" pGT:: "+ tag +" type: " + value);
-
- /* Check if value is known */
- if (!typeBag.contains(value))
- typeBag.addElement(value);
- }
- }
-
- public void pConflictEntries(Element doc, String tag, Vector typeBag, Vector
conflictEntry)
- throws Exception
- {
-
- if (null == doc)
- throw new Exception(" pGE:: Element doc is null");
-
- if (null == typeBag)
- throw new Exception(" pGE:: typeBag is null");
-
- if (null == conflictEntry)
- throw new Exception(" pGE:: typeBag is null");
-
-
- NodeList elist = doc.getElementsByTagName (tag);
-
- for (int j = 0; j < elist.getLength(); j++)
- {
- Node knode = elist.item (j);
- Node childNode = knode.getFirstChild();
- String value = childNode.getNodeValue();
-
- printDebug (" pGE:: "+ tag +" type: " + value);
-
- /* Check if value is known */
- if (!typeBag.contains(value))
- throw new Exception(" pCE:: found undefined type set " + value);
-
- if (!conflictEntry.contains(value))
- conflictEntry.addElement(value);
-
- }
- }
-
- public void processDomTreeVlanSlot(
- Document doc,
- Vector bagOfSsids,
- Vector bagOfTypes)
- throws Exception
- {
- boolean found;
-
- printDebug(" pDTVS::Size of bagOfSsids: "+ bagOfSsids.size());
- Element root = doc.getDocumentElement();
-
- NodeList elementList = root.getElementsByTagName ("Vlan");
- printDebug("\n pDTVS:: Vlan length of NodeList:" + elementList.getLength());
-
- for (int x = 0; x < elementList.getLength(); x++)
- {
- found = false;
-
- Node node = elementList.item (x);
-
- if (node.getNodeType() == Node.ELEMENT_NODE)
- {
- printDebug(" pDTVS:: child: " + x + " is an element node" );
- Element e1 = (Element) node;
-
- /* Get vid */
- NodeList elist = e1.getElementsByTagName ("vid");
- String idStr = elist.item(0).getFirstChild().getNodeValue();
- printDebug (" pDTVS:: vid:" + idStr);
-
- /* Get TE */
- elist = e1.getElementsByTagName ("TE");
- printDebug (" pDTVS:: Total ste types: " + elist.getLength());
-
- Vector colorTypes = new Vector();
- for (int j = 0; j < elist.getLength(); j++)
- {
- Node knode = elist.item (j);
- Node childNode = knode.getFirstChild();
- String value = childNode.getNodeValue();
-
- printDebug (" pDT:: My color is: " + value);
- if (!bagOfTypes.contains(value))
- {
- throw new IOException("pDT:: Vlan: " + idStr+ " has unknown
type : "+ value);
- }
-
- if (!colorTypes.contains(value))
- colorTypes.addElement(value);
- }
- Enumeration e = bagOfSsids.elements();
- while (e.hasMoreElements())
- {
- SecurityLabel elem = (SecurityLabel) e.nextElement();
- if ( elem.steTypes.size() == colorTypes.size() &&
elem.steTypes.containsAll(colorTypes))
- {
- found = true;
- if (null == elem.vlans)
- elem.vlans = new Vector();
- elem.vlans.add(idStr);
- }
-
- }
- if (!found && (0 < colorTypes.size()))
- {
- SecurityLabel entry = new SecurityLabel();
- entry.steTypes = colorTypes;
- entry.vlans = new Vector();
- entry.vlans.add(idStr);
- bagOfSsids.add(entry);
- }
-
- }
- }
- printDebug(" pDTVS::After slot Size of bagOfSsids: "+ bagOfSsids.size());
-
- elementList = root.getElementsByTagName ("Slot");
- printDebug ("\n pDTVS:: Slot length of NodeList:" + elementList.getLength());
-
- for (int x = 0; x < elementList.getLength(); x++)
- {
- found = false;
-
- Node node = elementList.item (x);
-
- if (node.getNodeType() == Node.ELEMENT_NODE)
- {
- printDebug(" pDT:: child: " + x + " is an element node" );
- Element e1 = (Element) node;
-
-
- /* Get slot and bus */
- SlotInfo item = new SlotInfo();
-
- NodeList elist = e1.getElementsByTagName ("bus");
- item.bus = elist.item(0).getFirstChild().getNodeValue();
- elist = e1.getElementsByTagName ("slot");
- item.slot = elist.item(0).getFirstChild().getNodeValue();
- printDebug (" pDT:: bus and slot:" + item.bus + " "+ item.slot);
-
- /* Get TE */
- elist = e1.getElementsByTagName ("TE");
- printDebug (" pDT:: Total ste types: " + elist.getLength());
-
- Vector colorTypes = new Vector();
- for (int j = 0; j < elist.getLength(); j++)
- {
- Node knode = elist.item (j);
- Node childNode = knode.getFirstChild();
- String value = childNode.getNodeValue();
-
- printDebug (" pDT:: My color is: " + value);
- if (!bagOfTypes.contains(value))
- {
- throw new IOException("pDT:: bus: " + item.bus + " slot: "+
item.slot + " has unknown type : "+ value);
- }
-
- if (!colorTypes.contains(value))
- colorTypes.addElement(value);
- }
-
- Enumeration e = bagOfSsids.elements();
- while (e.hasMoreElements())
- {
- SecurityLabel elem = (SecurityLabel) e.nextElement();
- if ( elem.steTypes.size() == colorTypes.size() &&
elem.steTypes.containsAll(colorTypes))
- {
- found = true;
- if (null == elem.slots)
- elem.slots = new Vector();
- elem.slots.add(item);
-
- }
-
- }
-
- if (!found && (0 < colorTypes.size()))
- {
- SecurityLabel entry = new SecurityLabel();
- entry.steTypes = colorTypes;
- entry.slots = new Vector();
- entry.slots.add(item);
- bagOfSsids.add(entry);
- }
-
- }
- }
- return;
- }
-
- public static void main (String[] args)
- {
- String xmlFileName = null; /* policy file */
- String outputFileName = null; /* binary policy file */
- String xenSsidOutputFileName = null; /* outputfile ssid to named
types */
- /* outputfile conflicts ssid to named
types */
- String xenSsidConfOutputFileName = null;
-
- XmlToBin genObj = new XmlToBin();
-
- policy_version active_policy = new policy_version();
-
- if ((active_policy.ACM_POLICY_VERSION != ACM_POLICY_VERSION) ||
- (active_policy.ACM_CHWALL_VERSION != ACM_CHWALL_VERSION) ||
- (active_policy.ACM_STE_VERSION != ACM_STE_VERSION)) {
- System.out.println("ACM policy versions differ.");
- System.out.println("Please verify that data structures are correct");
- System.out.println("and then adjust the version numbers in
XmlToBinInterface.java.");
- return;
- }
-
-
- for (int i = 0 ; i < args.length ; i++) {
-
- if ( args[i].equals("-help")) {
- printUsage();
- System.exit(1);
-
- } else if ( args[i].equals("-i")) {
- i++;
- if (i < args.length) {
- xmlFileName = args[i];
- } else {
- System.out.println("-i argument needs parameter");
- System.exit(1);
- }
-
- } else if ( args[i].equals("-o")) {
- i++;
- if (i < args.length) {
- outputFileName = args[i];
- } else {
- System.out.println("-o argument needs parameter");
- System.exit(1);
- }
-
- } else if ( args[i].equals("-xssid")) {
- i++;
- if (i < args.length) {
- xenSsidOutputFileName = args[i];
- } else {
- System.out.println("-xssid argument needs parameter");
- System.exit(1);
- }
-
- } else if ( args[i].equals("-xssidconf")) {
- i++;
- if (i < args.length) {
- xenSsidConfOutputFileName = args[i];
- } else {
- System.out.println("-xssidconf argument needs parameter");
- System.exit(1);
- }
- } else if ( args[i].equals("-debug")) { /* turn on debug msg */
- genObj.setDebug(true);
- } else {
- System.out.println("bad command line argument: " + args[i]);
- printUsage();
- System.exit(1);
- }
-
- }
-
- if (xmlFileName == null)
- {
- System.out.println("Need to specify input file -i option");
- printUsage();
- System.exit(1);
- }
-
-
- try
- {
- /* Parse and validate */
- Document doc = genObj.getDomTree(xmlFileName);
-
- /* Vectors to hold sets of types */
- Vector bagOfSsids = new Vector();
- Vector bagOfTypes = new Vector();
- Vector bagOfChwSsids = new Vector();
- Vector bagOfChwTypes = new Vector();
- Vector bagOfConflictSsids = new Vector();
-
- Vector vlanMapSsids = new Vector();
- Vector slotMapSsids = new Vector();
-
- genObj.processDomTree(doc, bagOfSsids, bagOfTypes, bagOfChwSsids,
bagOfChwTypes, bagOfConflictSsids);
-
- genObj.processDomTreeVlanSlot(doc, bagOfSsids, bagOfTypes);
-
- /* Get binary representation of policies */
- byte[] stePolicy = genObj.generateSteBuffer(bagOfSsids, bagOfTypes);
- byte[] chwPolicy = genObj.generateChwBuffer(bagOfChwSsids,
bagOfConflictSsids,bagOfChwTypes);
-
- byte[] binPolicy = null;
- byte[] binaryPartionSsid = null;
- byte[] binaryVlanSsid = null;
- byte[] binarySlotSsid = null;
-
- /* Get binary representation of partition to ssid mapping */
- binaryPartionSsid = genObj.generatePartSsids(bagOfSsids,bagOfChwSsids);
-
- /* Get binary representation of vlan to ssid mapping */
- binaryVlanSsid = genObj.generateVlanSsids(bagOfSsids);
-
- /* Get binary representation of slot to ssid mapping */
- binarySlotSsid = genObj.generateSlotSsids(bagOfSsids);
-
- /* Generate binary representation: policy, partition, slot and vlan */
- binPolicy = genObj.GenBinaryPolicyBuffer(chwPolicy,stePolicy,
binaryPartionSsid, binaryVlanSsid, binarySlotSsid);
-
-
- /* Write binary policy into file */
- if (null != outputFileName)
- {
- genObj.writeBinPolicy(binPolicy, outputFileName);
- } else {
- System.out.println (" No binary policy generated,
outputFileName: " + outputFileName);
- }
-
- /* Print total number of types */
- System.out.println (" Total number of unique ste types: " +
bagOfTypes.size());
- System.out.println (" Total number of Ssids : " + bagOfSsids.size());
- System.out.println (" Total number of unique chw types: " +
bagOfChwTypes.size());
- System.out.println (" Total number of conflict ssids : " +
bagOfConflictSsids.size());
- System.out.println (" Total number of chw Ssids : " +
bagOfChwSsids.size());
-
- if (null != xenSsidOutputFileName)
- genObj.writeXenTypeFile(bagOfSsids, xenSsidOutputFileName,
true);
-
- if (null != xenSsidConfOutputFileName)
- genObj.writeXenTypeFile(bagOfChwSsids,
xenSsidConfOutputFileName, false);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- }
- }
-}
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/misc/policyprocessor/XmlToBinInterface.java
--- a/tools/misc/policyprocessor/XmlToBinInterface.java Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,138 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: XmlToBinInterface.java,v 1.3 2005/06/20 21:07:37 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * XmlToBinInterface Class.
- * <p>
- *
- * Defines constants used by XmToBin.
- *
- * <p>
- *
- * policy binary structures
- *
- * struct acm_policy_buffer {
- * u32 policy_version; * ACM_POLICY_VERSION *
- * u32 magic;
- * u32 len;
- * u32 primary_policy_code;
- * u32 primary_buffer_offset;
- * u32 secondary_policy_code;
- * u32 secondary_buffer_offset;
- * +u32 resource offset (not used yet in Xen)
- * };
- *
- *
- * struct acm_ste_policy_buffer {
- * u32 policy_version; * ACM_STE_VERSION *
- * u32 policy_code;
- * u32 ste_max_types;
- * u32 ste_max_ssidrefs;
- * u32 ste_ssid_offset;
- * };
- *
- * struct acm_chwall_policy_buffer {
- * u32 policy_version; * ACM_CHWALL_VERSION *
- * u32 policy_code;
- * u32 chwall_max_types;
- * u32 chwall_max_ssidrefs;
- * u32 chwall_max_conflictsets;
- * u32 chwall_ssid_offset;
- * u32 chwall_conflict_sets_offset;
- * u32 chwall_running_types_offset;
- * u32 chwall_conflict_aggregate_offset;
- * };
- *
- * typedef struct {
- * u16 partition_max;
- * u16 partition_offset;
- * u16 vlan_max;
- * u16 vlan_offset;
- * u16 slot_max;
- * u16 slot_offset;
- * } acm_resource_buffer_t;
- *
- * typedef struct {
- * u16 id;
- * u16 ssid_ste;
- * u16 ssid_chwall;
- * } acm_partition_entry_t;
- *
- * typedef struct {
- * u16 vlan;
- * u16 ssid_ste;
- * } acm_vlan_entry_t;
- *
- * typedef struct {
- * u16 bus;
- * u16 slot;
- * u16 ssid_ste;
- * } acm_slot_entry_t;
- *
- *
- *
- */
-public interface XmlToBinInterface
-{
- /* policy code (uint16) */
- final int policyCodeSize = 2;
-
- /* max_types (uint16) */
- final int maxTypesSize = 2;
-
- /* max_ssidrefs (uint16) */
- final int maxSsidrefSize = 2;
-
- /* ssid_offset (uint32) */
- final int ssidOffsetSize = 2;
-
- final short markSymbol = 0x0001;
-
- final int u32Size = 4;
- final int u16Size = 2;
-
- /* num of bytes for acm_ste_policy_buffer_t */
- final int steHeaderSize = (5 * u32Size);
-
- /* byte for acm_chinese_wall_policy_buffer_t */
- final int chwHeaderSize = (9 * u32Size);
-
- final int primaryPolicyCodeSize = u32Size;
- final int primaryBufferOffsetSize = u32Size ;
-
- final int secondaryPolicyCodeSz = u32Size;
- final int secondaryBufferOffsetSz = u32Size;
- final int resourceOffsetSz = u32Size;
-
- final short partitionBufferSz = (2 * u16Size);
- final short partitionEntrySz = (3 * u16Size);
-
- final short slotBufferSz = (2 * u16Size);
- final short slotEntrySz = (3 * u16Size);
-
- final short vlanBufferSz = (2 * u16Size);
- final short vlanEntrySz = (2 * u16Size);
-
- final int binaryBufferHeaderSz = (8 * u32Size); /* 8th not used in Xen */
-
- /* copied directly from acm.h */
- final int ACM_MAGIC = 0x0001debc;
- final int ACM_NULL_POLICY = 0;
- final int ACM_CHINESE_WALL_POLICY = 1;
- final int ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2;
- final int ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY = 3;
- final int ACM_EMPTY_POLICY = 4;
-
- /* version for compatibility check */
- final int ACM_POLICY_VERSION = 1;
- final int ACM_STE_VERSION = 1;
- final int ACM_CHWALL_VERSION = 1;
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/c2j_include.c
--- a/tools/misc/policyprocessor/c2j_include.c Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,57 +0,0 @@
-/****************************************************************
- * c2j_include.c
- *
- * Copyright (C) 2005 IBM Corporation
- *
- * Authors:
- * Reiner Sailer <sailer@xxxxxxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * This tool makes some constants from acm.h available to the
- * java policyprocessor for version checking.
- */
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-typedef uint8_t u8;
-typedef uint16_t u16;
-typedef uint32_t u32;
-typedef uint64_t u64;
-typedef int8_t s8;
-typedef int16_t s16;
-typedef int32_t s32;
-typedef int64_t s64;
-
-#include <xen/acm.h>
-
-char *filename = "policy_version.java";
-
-int main(int argc, char **argv)
-{
-
- FILE *fd;
- if ((fd = fopen(filename, "w")) <= 0)
- {
- printf("File %s not found.\n", filename);
- exit(-ENOENT);
- }
-
- fprintf(fd, "/*\n * This file was automatically generated\n");
- fprintf(fd, " * Do not change it manually!\n */\n");
- fprintf(fd, "public class policy_version {\n");
- fprintf(fd, " final int ACM_POLICY_VERSION = %x;\n",
- ACM_POLICY_VERSION);
- fprintf(fd, " final int ACM_CHWALL_VERSION = %x;\n",
- ACM_CHWALL_VERSION);
- fprintf(fd, " final int ACM_STE_VERSION = %x;\n",
- ACM_STE_VERSION);
- fprintf(fd, "}\n");
- fclose(fd);
- return 0;
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/myHandler.java
--- a/tools/misc/policyprocessor/myHandler.java Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,47 +0,0 @@
-/**
- * (C) Copyright IBM Corp. 2005
- *
- * $Id: myHandler.java,v 1.2 2005/06/17 20:00:04 rvaldez Exp $
- *
- * Author: Ray Valdez
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * myHandler Class.
- *
- * <p>
- *
- * A dummy class used for detecting XML validating/parsing errors.
- *
- * <p>
- *
- *
- */
-import org.xml.sax.helpers.*;
-import org.xml.sax.SAXParseException;
-
-class myHandler extends DefaultHandler
-{
- public boolean isValid = true;
-
- /* Notification of a recoverable error. */
- public void error(SAXParseException se)
- {
- isValid = false;
- }
-
- /* Notification of a non-recoverable error. */
- public void fatalError(SAXParseException se)
- {
- isValid = false;
- }
-
- /* Notification of a warning. */
- public void warning(SAXParseException se)
- {
- isValid = false;
- }
-}
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/readme.install
--- a/tools/misc/policyprocessor/readme.install Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,33 +0,0 @@
-# Author: Ray Valdez, rvaldez@xxxxxxxxxx
-# Version: 1.0
-#
-# install readme
-#
-PREREQUISITES:
-
-Prior to installation of the policy processor tool (XmlToBin) you must have...
-
- 1. Java version 1.4.2
- 2. xmlParserAPIs.jar and xercesImpl.jar
-
-The above can be obtained from the Sun Developer Network web site at
-http://java.sun.com/j2se/1.4.2/download.html.
-
-XmlParserAPIs and xercesImpl jars can be obtained from
-http://www.apache.org/dist/xml/xerces-j (Xerces-J-bin.2.6.2.tar.gz,
-for example).
-
-The tool has been tested with J2SE v1.4.2_08 JRE on Linux (32-bit
-INTEL).
-
-INSTALLATION
-
-1. Set PATH to include $HOME_JAVA/bin and $HOME_JAVA/jre/bin
- where $HOME_JAVA is your java installation directory
-
-2. Compile XmlToBin:
- javac XmlToBin.java
-
-USAGE
-
- See readme.xen
diff -r 99914b54f7bf -r 81576d3d1ca8 tools/misc/policyprocessor/readme.xen
--- a/tools/misc/policyprocessor/readme.xen Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,65 +0,0 @@
-# Author: Ray Valdez, rvaldez@xxxxxxxxxx
-# Version: 1.0
-#
-# This readme describes the policy processor tool for sHype.
-#
-
-Java program:
-
- java XmlToBin -i [file.xml] -o <file.bin> -xssid <SsidFile> -xssidconf
<SsidConf>
-
- Command line options:
-
- -i inputFile: name of policyfile (.xml)
- -o outputFile: name of binary policy file (Big Endian)
- -xssid SsidFile: xen ssids to named types text file
- -xssidconf SsidConf: xen conflict ssids to types text file
- -debug turn on debug messages
- -help help. This printout
-
-Where:
-
-file.xml is the (input) xml policy file to be parsed and validated.
-The syntax for file.xml is defined in the SecurityPolicySpec.xsd file.
-file.bin is the (output) binary policy file generated by XmlToBin.
-This binary policy can be activated in sHype. The binary policy file
-is laid out in network byte order (i.e., big endian). The SsidFile
-file contains the mapping of type enforcement (TE) ssids to the "named
-types". Similarly, the SsidConf file contains the mapping of Chinese
-Wall (ChWall) ssids to conflict named types. The ssidFile and SsidConf
-files are used by Xen.
-
-Xml Schema and policy:
-
-The SecurityPolicySpec.xsd defines the syntax of a policy file. It
-declares the tags that are used by XmlToBin to generate the binary
-policy file. The tags that XmlToBin keys on are TE, ChWall, id, vid,
-etc. The xml files that describe a policy are simple. Semantic
-checking of a policy is performed mostly by XmlToBin. A type, for
-example, is a string. No fixed values are defined for types in Xml.
-
-A policy consists of two Xml files: definition and policy. The
-definition Xml declares the types that are permitted in the policy
-Xml. The policy Xml contains the assignment of labels to
-subject/object (e.g., vm). This Xml file contains an explicit
-reference to the definition Xml (e.g., <url>xen_sample_def.xml</url>).
-The policy Xml is the one provided as a command line argument.
-
-
-Files:
-
-*.java - policy processor source
-xen_sample_policy.xml - sample xml policy file
-xen_sample_def.xml - sample user defined types
-SecurityPolicySpec.xsd - schema definition file
-
-
-To generate the sample binary policy:
-
-export CLASSPATH=$XERCES_HOME/xercesImpl.jar:$XERCES_HOME/xmlParserAPIs.jar:.
-
-java XmlToBin -i xen_sample_policy.xml -o xen_sample_policy.bin
-
-where $XERCES_HOME is the installation directory of the Apache Xerces-J
-
-
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/misc/policyprocessor/xen_sample_def.xml
--- a/tools/misc/policyprocessor/xen_sample_def.xml Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,46 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Ray Valdez, rvaldez@xxxxxxxxxx -->
-<!-- example policy type definition -->
-<SecurityPolicySpec
-xmlns="http://www.ibm.com";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
-
-<Definition>
-<!-- an example of a simple type enforcement type definition -->
- <Types>
- <TE>LOCAL-management</TE>
- <TE>R-Company-development</TE>
- <TE>S-Company-order</TE>
- <TE>T-Company-advertising</TE>
- <TE>U-Company-computing</TE>
- <!-- TE nondevelopment -->
- </Types>
-
-<!-- an example of a chinese wall type definition along with conflict sets-->
- <ChWallTypes>
- <ChWall>Q-Company</ChWall>
- <ChWall>R-Company</ChWall>
- <ChWall>S-Company</ChWall>
- <ChWall>T-Company</ChWall>
- <ChWall>U-Company</ChWall>
- <ChWall>V-Company</ChWall>
- <ChWall>W-Company</ChWall>
- <ChWall>X-Company</ChWall>
- <ChWall>Y-Company</ChWall>
- <ChWall>Z-Company</ChWall>
- </ChWallTypes>
-
- <ConflictSet>
- <ChWall>T-Company</ChWall>
- <ChWall>S-Company</ChWall>
- </ConflictSet>
-
- <ConflictSet>
- <ChWall>R-Company</ChWall>
- <ChWall>V-Company</ChWall>
- <ChWall>W-Company</ChWall>
- </ConflictSet>
-
-</Definition>
-</SecurityPolicySpec>
diff -r 99914b54f7bf -r 81576d3d1ca8
tools/misc/policyprocessor/xen_sample_policy.xml
--- a/tools/misc/policyprocessor/xen_sample_policy.xml Thu Aug 18 18:40:02 2005
+++ /dev/null Fri Aug 19 18:19:28 2005
@@ -1,58 +0,0 @@
-<?xml version="1.0"?>
-<!-- Author: Ray Valdez, rvaldez@xxxxxxxxxx -->
-<!-- example xen policy file -->
-
-<SecurityPolicySpec
-xmlns="http://www.ibm.com";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://www.ibm.com SecurityPolicySpec.xsd">
-<Policy>
- <PolicyHeader>
- <Name>xen sample policy</Name>
- <DateTime>2005-05-20T16:56:00</DateTime>
- <Tag>foobar</Tag>
- <TypeDefinition>
- <url>xen_sample_def.xml</url>
- <hash>abcdef123456abcdef</hash>
- </TypeDefinition>
- </PolicyHeader>
-
- <VM>
- <id> 0 </id>
- <TE>LOCAL-management</TE>
- <TE>R-Company-development</TE>
- <TE>S-Company-order</TE>
- <TE>T-Company-advertising</TE>
- <TE>U-Company-computing</TE>
- <ChWall>Q-Company</ChWall>
- </VM>
-
- <VM>
- <id> 1 </id>
- <TE>R-Company-development</TE>
- <ChWall>R-Company</ChWall>
- </VM>
-
- <VM>
- <id> 2 </id>
- <TE>S-Company-order</TE>
- <ChWall>S-Company</ChWall>
-
- </VM>
-
- <VM>
- <id> 3 </id>
- <TE>T-Company-advertising</TE>
- <ChWall>T-Company</ChWall>
- </VM>
-
-
- <VM>
- <id> 4 </id>
- <TE>U-Company-computing</TE>
- <ChWall>U-Company</ChWall>
- </VM>
-
-
-</Policy>
-</SecurityPolicySpec>
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home