WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] secpol: use hypercall buffers

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] secpol: use hypercall buffers
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Oct 2010 19:16:04 -0700
Delivery-date: Wed, 27 Oct 2010 19:20:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1287756891 -3600
# Node ID 3992000ad095becdad0d53258bb116cbcc155645
# Parent  c3dce5f3f02659156efa1265032b7e9dce75dff9
secpol: use hypercall buffers

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Signed-off-by: Ian Jackson <ian.jackson.citrix.com>
---
 tools/security/secpol_tool.c |   83 +++++++++++++++++++++++++++++--------------
 1 files changed, 56 insertions(+), 27 deletions(-)

diff -r c3dce5f3f026 -r 3992000ad095 tools/security/secpol_tool.c
--- a/tools/security/secpol_tool.c      Fri Oct 22 15:14:51 2010 +0100
+++ b/tools/security/secpol_tool.c      Fri Oct 22 15:14:51 2010 +0100
@@ -242,11 +242,14 @@ int acm_get_ssidref(xc_interface *xc_han
                     uint16_t *ste_ref)
 {
     int ret;
+    DECLARE_HYPERCALL_BUFFER(struct acm_ssid_buffer, ssid);
+    size_t ssid_buffer_size = 4096;
     struct acm_getssid getssid;
-    char buf[4096];
-    struct acm_ssid_buffer *ssid = (struct acm_ssid_buffer *)buf;
-    set_xen_guest_handle(getssid.ssidbuf, buf);
-    getssid.ssidbuf_size = sizeof(buf);
+    ssid = xc_hypercall_buffer_alloc(xc_handle, ssid, ssid_buffer_size);
+    if ( ssid == NULL )
+        return 1;
+    xc_set_xen_guest_handle(getssid.ssidbuf, ssid);
+    getssid.ssidbuf_size = ssid_buffer_size;
     getssid.get_ssid_by = ACM_GETBY_domainid;
     getssid.id.domainid = domid;
     ret = xc_acm_op(xc_handle, ACMOP_getssid, &getssid, sizeof(getssid));
@@ -254,23 +257,27 @@ int acm_get_ssidref(xc_interface *xc_han
         *chwall_ref = ssid->ssidref  & 0xffff;
         *ste_ref    = ssid->ssidref >> 16;
     }
+    xc_hypercall_buffer_free(xc_handle, ssid);
     return ret;
 }
 
 /******************************* get policy ******************************/
 
-#define PULL_CACHE_SIZE                8192
-uint8_t pull_buffer[PULL_CACHE_SIZE];
-
 int acm_domain_getpolicy(xc_interface *xc_handle)
 {
+    DECLARE_HYPERCALL_BUFFER(uint8_t, pull_buffer);
+    size_t pull_cache_size = 8192;
     struct acm_getpolicy getpolicy;
     int ret;
     uint16_t chwall_ref, ste_ref;
 
-    memset(pull_buffer, 0x00, sizeof(pull_buffer));
-    set_xen_guest_handle(getpolicy.pullcache, pull_buffer);
-    getpolicy.pullcache_size = sizeof(pull_buffer);
+    pull_buffer = xc_hypercall_buffer_alloc(xc_handle, pull_buffer, 
pull_cache_size);
+    if ( pull_buffer == NULL )
+        return -1;
+
+    memset(pull_buffer, 0x00, pull_cache_size);
+    xc_set_xen_guest_handle(getpolicy.pullcache, pull_buffer);
+    getpolicy.pullcache_size = pull_cache_size;
     ret = xc_acm_op(xc_handle, ACMOP_getpolicy, &getpolicy, sizeof(getpolicy));
     if (ret >= 0) {
         ret = acm_get_ssidref(xc_handle, 0, &chwall_ref, &ste_ref);
@@ -284,20 +291,25 @@ int acm_domain_getpolicy(xc_interface *x
     }
 
     /* dump policy  */
-    acm_dump_policy_buffer(pull_buffer, sizeof(pull_buffer),
+    acm_dump_policy_buffer(pull_buffer, pull_cache_size,
                            chwall_ref, ste_ref);
 
+    xc_hypercall_buffer_free(xc_handle, pull_buffer);
+
     return ret;
 }
 
 /************************ dump binary policy ******************************/
 
 static int load_file(const char *filename,
-                     uint8_t **buffer, off_t *len)
+                     uint8_t **buffer, off_t *len,
+                     xc_interface *xc_handle,
+                     xc_hypercall_buffer_t *hcall)
 {
     struct stat mystat;
     int ret = 0;
     int fd;
+    DECLARE_HYPERCALL_BUFFER_ARGUMENT(hcall);
 
     if ((ret = stat(filename, &mystat)) != 0) {
         printf("File %s not found.\n", filename);
@@ -307,9 +319,16 @@ static int load_file(const char *filenam
 
     *len = mystat.st_size;
 
-    if ((*buffer = malloc(*len)) == NULL) {
-        ret = -ENOMEM;
-        goto out;
+    if ( hcall == NULL ) {
+        if ((*buffer = malloc(*len)) == NULL) {
+            ret = -ENOMEM;
+            goto out;
+        }
+    } else {
+        if ((*buffer = xc_hypercall_buffer_alloc(xc_handle, hcall, *len)) == 
NULL) {
+            ret = -ENOMEM;
+            goto out;
+        }
     }
 
     if ((fd = open(filename, O_RDONLY)) <= 0) {
@@ -322,7 +341,10 @@ static int load_file(const char *filenam
         return 0;
 
 free_out:
-    free(*buffer);
+    if ( hcall == NULL )
+        free(*buffer);
+    else
+        xc_hypercall_buffer_free(xc_handle, hcall);
     *buffer = NULL;
     *len = 0;
 out:
@@ -339,7 +361,7 @@ static int acm_domain_dumppolicy(const c
     chwall_ssidref = (ssidref      ) & 0xffff;
     ste_ssidref    = (ssidref >> 16) & 0xffff;
 
-    if ((ret = load_file(filename, &buffer, &len)) == 0) {
+    if ((ret = load_file(filename, &buffer, &len, NULL, NULL)) == 0) {
         acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
         free(buffer);
     }
@@ -353,11 +375,11 @@ int acm_domain_loadpolicy(xc_interface *
 {
     int ret;
     off_t len;
-    uint8_t *buffer;
+    DECLARE_HYPERCALL_BUFFER(uint8_t, buffer);
     uint16_t chwall_ssidref, ste_ssidref;
     struct acm_setpolicy setpolicy;
 
-    ret = load_file(filename, &buffer, &len);
+    ret = load_file(filename, &buffer, &len, xc_handle, 
HYPERCALL_BUFFER(buffer));
     if (ret != 0)
         goto out;
 
@@ -367,7 +389,7 @@ int acm_domain_loadpolicy(xc_interface *
 
     /* dump it and then push it down into xen/acm */
     acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
-    set_xen_guest_handle(setpolicy.pushcache, buffer);
+    xc_set_xen_guest_handle(setpolicy.pushcache, buffer);
     setpolicy.pushcache_size = len;
     ret = xc_acm_op(xc_handle, ACMOP_setpolicy, &setpolicy, sizeof(setpolicy));
 
@@ -378,7 +400,7 @@ int acm_domain_loadpolicy(xc_interface *
     }
 
   free_out:
-    free(buffer);
+    xc_hypercall_buffer_free(xc_handle, buffer);
   out:
     return ret;
 }
@@ -402,22 +424,27 @@ void dump_ste_stats(struct acm_ste_stats
            ntohl(ste_stats->gt_cachehit_count));
 }
 
-#define PULL_STATS_SIZE                8192
 int acm_domain_dumpstats(xc_interface *xc_handle)
 {
-    uint8_t stats_buffer[PULL_STATS_SIZE];
+    DECLARE_HYPERCALL_BUFFER(uint8_t, stats_buffer);
+    size_t pull_stats_size = 8192;
     struct acm_dumpstats dumpstats;
     int ret;
     struct acm_stats_buffer *stats;
 
-    memset(stats_buffer, 0x00, sizeof(stats_buffer));
-    set_xen_guest_handle(dumpstats.pullcache, stats_buffer);
-    dumpstats.pullcache_size = sizeof(stats_buffer);
+    stats_buffer = xc_hypercall_buffer_alloc(xc_handle, stats_buffer, 
pull_stats_size);
+    if ( stats_buffer == NULL )
+        return -1;
+
+    memset(stats_buffer, 0x00, pull_stats_size);
+    xc_set_xen_guest_handle(dumpstats.pullcache, stats_buffer);
+    dumpstats.pullcache_size = pull_stats_size;
     ret = xc_acm_op(xc_handle, ACMOP_dumpstats, &dumpstats, sizeof(dumpstats));
 
     if (ret < 0) {
         printf
             ("ERROR dumping policy stats. Try 'xm dmesg' to see details.\n");
+        xc_hypercall_buffer_free(xc_handle, stats_buffer);
         return ret;
     }
     stats = (struct acm_stats_buffer *) stats_buffer;
@@ -464,6 +491,7 @@ int acm_domain_dumpstats(xc_interface *x
     default:
         printf("UNKNOWN SECONDARY POLICY ERROR!\n");
     }
+    xc_hypercall_buffer_free(xc_handle, stats_buffer);
     return ret;
 }
 
@@ -472,7 +500,8 @@ int main(int argc, char **argv)
 int main(int argc, char **argv)
 {
 
-    xc_interface *xc_handle, ret = 0;
+    xc_interface *xc_handle;
+    int ret = 0;
 
     if (argc < 2)
         usage(argv[0]);

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] secpol: use hypercall buffers, Xen patchbot-unstable <=