WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH 23 of 25] secpol: use hypercall buffers

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH 23 of 25] secpol: use hypercall buffers
From: Ian Campbell <ian.campbell@xxxxxxxxxx>
Date: Thu, 21 Oct 2010 11:59:06 +0100
Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
Delivery-date: Thu, 21 Oct 2010 04:35:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <patchbomb.1287658723@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1287650255 -3600
# Node ID 970a248771788f44fac6e4139972deb3af40a280
# Parent  26a8a8cd558e7a9ed92de6bc3605fef97571735f
secpol: use hypercall buffers

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

diff -r 26a8a8cd558e -r 970a24877178 tools/security/secpol_tool.c
--- a/tools/security/secpol_tool.c      Thu Oct 21 09:37:35 2010 +0100
+++ b/tools/security/secpol_tool.c      Thu Oct 21 09:37:35 2010 +0100
@@ -242,11 +242,14 @@ int acm_get_ssidref(xc_interface *xc_han
                     uint16_t *ste_ref)
 {
     int ret;
+    DECLARE_HYPERCALL_BUFFER(struct acm_ssid_buffer, ssid);
+    size_t ssid_buffer_size = 4096;
     struct acm_getssid getssid;
-    char buf[4096];
-    struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *)buf;
-    set_xen_guest_handle(getssid.ssidbuf, buf);
-    getssid.ssidbuf_size = sizeof(buf);
+    ssid = xc_hypercall_buffer_alloc(xc_handle, ssid, ssid_buffer_size);
+    if ( ssid == NULL )
+        return 1;
+    xc_set_xen_guest_handle(getssid.ssidbuf, ssid);
+    getssid.ssidbuf_size = ssid_buffer_size;
     getssid.get_ssid_by = ACM_GETBY_domainid;
     getssid.id.domainid = domid;
     ret = xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid));
@@ -254,23 +257,27 @@ int acm_get_ssidref(xc_interface *xc_han
         *chwall_ref = ssid->ssidref  & 0xffff;
         *ste_ref    = ssid->ssidref >> 16;
     }
+    xc_hypercall_buffer_free(xc_handle, ssid);
     return ret;
 }
 
 /******************************* get policy ******************************/
 
-#define PULL_CACHE_SIZE                8192
-uint8_t pull_buffer[PULL_CACHE_SIZE];
-
 int acm_domain_getpolicy(xc_interface *xc_handle)
 {
+    DECLARE_HYPERCALL_BUFFER(uint8_t, pull_buffer);
+    size_t pull_cache_size = 8192;
     struct acm_getpolicy getpolicy;
     int ret;
     uint16_t chwall_ref, ste_ref;
 
-    memset(pull_buffer, 0x00, sizeof(pull_buffer));
-    set_xen_guest_handle(getpolicy.pullcache, pull_buffer);
-    getpolicy.pullcache_size = sizeof(pull_buffer);
+    pull_buffer = xc_hypercall_buffer_alloc(xc_handle, pull_buffer, 
pull_cache_size);
+    if ( pull_buffer == NULL )
+        return -1;
+
+    memset(pull_buffer, 0x00, pull_cache_size);
+    xc_set_xen_guest_handle(getpolicy.pullcache, pull_buffer);
+    getpolicy.pullcache_size = pull_cache_size;
     ret = xc_acm_op(xc_handle, ACMOP_getpolicy, &getpolicy, sizeof(getpolicy));
     if (ret >= 0) {
         ret = acm_get_ssidref(xc_handle, 0, &chwall_ref, &ste_ref);
@@ -284,8 +291,10 @@ int acm_domain_getpolicy(xc_interface *x
     }
 
     /* dump policy  */
-    acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer),
+    acm_dump_policy_buffer(pull_buffer, pull_cache_size,
                            chwall_ref, ste_ref);
+
+    xc_hypercall_buffer_free(xc_handle, pull_buffer);
 
     return ret;
 }
@@ -293,11 +302,14 @@ int acm_domain_getpolicy(xc_interface *x
 /************************ dump binary policy ******************************/
 
 static int load_file(const char *filename,
-                     uint8_t **buffer, off_t *len)
+                     uint8_t **buffer, off_t *len,
+                     xc_interface *xc_handle,
+                     xc_hypercall_buffer_t *hcall)
 {
     struct stat mystat;
     int ret = 0;
     int fd;
+    DECLARE_HYPERCALL_BUFFER_ARGUMENT(hcall);
 
     if ((ret = stat(filename, &mystat)) != 0) {
         printf("File %s not found.\n", filename);
@@ -307,9 +319,16 @@ static int load_file(const char *filenam
 
     *len = mystat.st_size;
 
-    if ((*buffer = malloc(*len)) == NULL) {
-        ret = -ENOMEM;
-        goto out;
+    if ( hcall == NULL ) {
+        if ((*buffer = malloc(*len)) == NULL) {
+            ret = -ENOMEM;
+            goto out;
+        }
+    } else {
+        if ((*buffer = xc_hypercall_buffer_alloc(xc_handle, hcall, *len)) == 
NULL) {
+            ret = -ENOMEM;
+            goto out;
+        }
     }
 
     if ((fd = open(filename, O_RDONLY)) <= 0) {
@@ -322,7 +341,10 @@ static int load_file(const char *filenam
         return 0;
 
 free_out:
-    free(*buffer);
+    if ( hcall == NULL )
+        free(*buffer);
+    else
+        xc_hypercall_buffer_free(xc_handle, hcall);
     *buffer = NULL;
     *len = 0;
 out:
@@ -339,7 +361,7 @@ static int acm_domain_dumppolicy(const c
     chwall_ssidref = (ssidref      ) & 0xffff;
     ste_ssidref    = (ssidref >> 16) & 0xffff;
 
-    if ((ret = load_file(filename, &buffer, &len)) == 0) {
+    if ((ret = load_file(filename, &buffer, &len, NULL, NULL)) == 0) {
         acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
         free(buffer);
     }
@@ -353,11 +375,11 @@ int acm_domain_loadpolicy(xc_interface *
 {
     int ret;
     off_t len;
-    uint8_t *buffer;
+    DECLARE_HYPERCALL_BUFFER(uint8_t, buffer);
     uint16_t chwall_ssidref, ste_ssidref;
     struct acm_setpolicy setpolicy;
 
-    ret = load_file(filename, &buffer, &len);
+    ret = load_file(filename, &buffer, &len, xc_handle, 
HYPERCALL_BUFFER(buffer));
     if (ret != 0)
         goto out;
 
@@ -367,7 +389,7 @@ int acm_domain_loadpolicy(xc_interface *
 
     /* dump it and then push it down into xen/acm */
     acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
-    set_xen_guest_handle(setpolicy.pushcache, buffer);
+    xc_set_xen_guest_handle(setpolicy.pushcache, buffer);
     setpolicy.pushcache_size = len;
     ret = xc_acm_op(xc_handle, ACMOP_setpolicy, &setpolicy, sizeof(setpolicy));
 
@@ -378,7 +400,7 @@ int acm_domain_loadpolicy(xc_interface *
     }
 
   free_out:
-    free(buffer);
+    xc_hypercall_buffer_free(xc_handle, buffer);
   out:
     return ret;
 }
@@ -402,22 +424,27 @@ void dump_ste_stats(struct acm_ste_stats
            ntohl(ste_stats->gt_cachehit_count));
 }
 
-#define PULL_STATS_SIZE                8192
 int acm_domain_dumpstats(xc_interface *xc_handle)
 {
-    uint8_t stats_buffer[PULL_STATS_SIZE];
+    DECLARE_HYPERCALL_BUFFER(uint8_t, stats_buffer);
+    size_t pull_stats_size = 8192;
     struct acm_dumpstats dumpstats;
     int ret;
     struct acm_stats_buffer *stats;
 
-    memset(stats_buffer, 0x00, sizeof(stats_buffer));
-    set_xen_guest_handle(dumpstats.pullcache, stats_buffer);
-    dumpstats.pullcache_size = sizeof(stats_buffer);
+    stats_buffer = xc_hypercall_buffer_alloc(xc_handle, stats_buffer, 
pull_stats_size);
+    if ( stats_buffer == NULL )
+        return -1;
+
+    memset(stats_buffer, 0x00, pull_stats_size);
+    xc_set_xen_guest_handle(dumpstats.pullcache, stats_buffer);
+    dumpstats.pullcache_size = pull_stats_size;
     ret = xc_acm_op(xc_handle, ACMOP_dumpstats, &dumpstats, sizeof(dumpstats));
 
     if (ret < 0) {
         printf
             ("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n");
+        xc_hypercall_buffer_free(xc_handle, stats_buffer);
         return ret;
     }
     stats = (struct acm_stats_buffer *) stats_buffer;
@@ -464,6 +491,7 @@ int acm_domain_dumpstats(xc_interface *x
     default:
         printf("UNKNOWN SECONDARY POLICY ERROR!\n");
     }
+    xc_hypercall_buffer_free(xc_handle, stats_buffer);
     return ret;
 }
 
@@ -472,7 +500,8 @@ int main(int argc, char **argv)
 int main(int argc, char **argv)
 {
 
-    xc_interface *xc_handle, ret = 0;
+    xc_interface *xc_handle;
+    int ret = 0;
 
     if (argc < 2)
         usage(argv[0]);

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>