# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1184664021 -3600
# Node ID 9559ba7c80f9b4a262e54f780d8fed71e8d23b88
# Parent c9720159b98323a45e1a91c00fee01c680f5d754
# Parent 23dab4b0545531e0ea0476b486c89a42455bcbe1
Merge with PPC Xen tree.
---
xen/arch/ia64/vmx/vmx_process.c | 503 ------
.hgignore | 8
Config.mk | 8
docs/xen-api/xenapi-datamodel-graph.dot | 4
docs/xen-api/xenapi-datamodel.tex | 824
++++++++++
extras/mini-os/arch/ia64/ia64.S | 7
extras/mini-os/arch/ia64/ivt.S | 49
extras/mini-os/include/ia64/ia64_cpu.h | 4
tools/firmware/hvmloader/acpi/dsdt.asl | 21
tools/firmware/hvmloader/acpi/dsdt.c | 25
tools/firmware/hvmloader/config.h | 2
tools/firmware/hvmloader/hvmloader.c | 12
tools/firmware/rombios/rombios.c | 48
tools/ioemu/hw/ide.c | 3
tools/ioemu/hw/rtl8139.c | 11
tools/ioemu/target-i386-dm/exec-dm.c | 6
tools/ioemu/target-i386-dm/helper2.c | 1
tools/ioemu/vl.c | 5
tools/ioemu/vl.h | 9
tools/libxc/ia64/xc_dom_ia64_util.c | 2
tools/libxc/ia64/xc_ia64_hvm_build.c | 21
tools/libxc/xc_domain.c | 33
tools/libxc/xc_linux.c | 2
tools/libxc/xc_ptrace.c | 10
tools/libxc/xenctrl.h | 26
tools/libxen/include/xen/api/xen_acmpolicy.h | 117 +
tools/libxen/include/xen/api/xen_vdi.h | 13
tools/libxen/include/xen/api/xen_vm.h | 14
tools/libxen/include/xen/api/xen_xspolicy.h | 271 +++
tools/libxen/include/xen/api/xen_xspolicy_decl.h | 31
tools/libxen/src/xen_acmpolicy.c | 234 ++
tools/libxen/src/xen_vdi.c | 39
tools/libxen/src/xen_vm.c | 45
tools/libxen/src/xen_xspolicy.c | 327 +++
tools/python/xen/util/acmpolicy.py | 81
tools/python/xen/util/security.py | 69
tools/python/xen/xend/XendConfig.py | 2
tools/python/xen/xend/XendDomain.py | 8
tools/python/xen/xend/XendDomainInfo.py | 2
tools/python/xen/xm/activatepolicy.py | 86 +
tools/python/xen/xm/addlabel.py | 135 +
tools/python/xen/xm/cfgbootpolicy.py | 76
tools/python/xen/xm/create.dtd | 7
tools/python/xen/xm/create.py | 22
tools/python/xen/xm/getlabel.py | 45
tools/python/xen/xm/getpolicy.py | 94 +
tools/python/xen/xm/labels.py | 37
tools/python/xen/xm/loadpolicy.py | 32
tools/python/xen/xm/main.py | 88 -
tools/python/xen/xm/makepolicy.py | 14
tools/python/xen/xm/resources.py | 33
tools/python/xen/xm/rmlabel.py | 65
tools/python/xen/xm/setpolicy.py | 117 +
tools/python/xen/xm/xenapi_create.py | 55
tools/security/policies/security_policy.xsd | 7
tools/vtpm_manager/util/hashtable_itr.c | 8
tools/xenstore/xsls.c | 37
tools/xentrace/xenctx.c | 364 +++-
unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h | 9
unmodified_drivers/linux-2.6/netfront/Kbuild | 1
xen/Makefile | 16
xen/arch/ia64/Makefile | 2
xen/arch/ia64/Rules.mk | 2
xen/arch/ia64/linux-xen/efi.c | 5
xen/arch/ia64/linux-xen/perfmon.c | 2
xen/arch/ia64/linux-xen/sn/kernel/irq.c | 15
xen/arch/ia64/linux-xen/sn/kernel/sn2_smp.c | 101 +
xen/arch/ia64/vmx/Makefile | 2
xen/arch/ia64/vmx/mmio.c | 15
xen/arch/ia64/vmx/vmmu.c | 3
xen/arch/ia64/vmx/vmx_fault.c | 524 ++++++
xen/arch/ia64/vmx/vmx_init.c | 6
xen/arch/ia64/vmx/vmx_ivt.S | 2
xen/arch/ia64/vmx/vmx_minstate.h | 4
xen/arch/ia64/vmx/vmx_utility.c | 13
xen/arch/ia64/vmx/vmx_vcpu.c | 3
xen/arch/ia64/vmx/vmx_virt.c | 45
xen/arch/ia64/xen/Makefile | 1
xen/arch/ia64/xen/dom0_ops.c | 51
xen/arch/ia64/xen/dom_fw_sn2.c | 92 +
xen/arch/ia64/xen/dom_fw_utils.c | 35
xen/arch/ia64/xen/domain.c | 111 +
xen/arch/ia64/xen/faults.c | 41
xen/arch/ia64/xen/fw_emul.c | 150 +
xen/arch/ia64/xen/hypercall.c | 10
xen/arch/ia64/xen/hyperprivop.S | 48
xen/arch/ia64/xen/ivt.S | 66
xen/arch/ia64/xen/mm.c | 23
xen/arch/ia64/xen/oprofile/perfmon.c | 11
xen/arch/ia64/xen/oprofile/xenoprof.c | 26
xen/arch/ia64/xen/privop.c | 2
xen/arch/ia64/xen/vcpu.c | 86 -
xen/arch/ia64/xen/vhpt.c | 2
xen/arch/ia64/xen/xenasm.S | 3
xen/arch/ia64/xen/xenmisc.c | 19
xen/arch/ia64/xen/xenpatch.c | 7
xen/arch/ia64/xen/xensetup.c | 31
xen/arch/ia64/xen/xentime.c | 8
xen/arch/x86/acpi/Makefile | 1
xen/arch/x86/acpi/power.c | 274 +++
xen/arch/x86/acpi/suspend.c | 85 +
xen/arch/x86/acpi/wakeup_prot.S | 267 +++
xen/arch/x86/apic.c | 2
xen/arch/x86/boot/Makefile | 3
xen/arch/x86/boot/head.S | 2
xen/arch/x86/boot/wakeup.S | 212 ++
xen/arch/x86/cpu/common.c | 11
xen/arch/x86/crash.c | 4
xen/arch/x86/dmi_scan.c | 1
xen/arch/x86/domain.c | 19
xen/arch/x86/domain_build.c | 3
xen/arch/x86/domctl.c | 40
xen/arch/x86/hvm/hvm.c | 6
xen/arch/x86/hvm/svm/svm.c | 10
xen/arch/x86/hvm/svm/vmcb.c | 10
xen/arch/x86/hvm/vlapic.c | 9
xen/arch/x86/hvm/vmx/vmcs.c | 219 +-
xen/arch/x86/hvm/vmx/vmx.c | 96 -
xen/arch/x86/i8259.c | 6
xen/arch/x86/io_apic.c | 3
xen/arch/x86/irq.c | 33
xen/arch/x86/machine_kexec.c | 4
xen/arch/x86/mm.c | 23
xen/arch/x86/mm/hap/hap.c | 122 -
xen/arch/x86/mm/hap/support.c | 164 +
xen/arch/x86/nmi.c | 2
xen/arch/x86/oprofile/nmi_int.c | 83 -
xen/arch/x86/platform_hypercall.c | 17
xen/arch/x86/setup.c | 4
xen/arch/x86/shutdown.c | 2
xen/arch/x86/smp.c | 2
xen/arch/x86/smpboot.c | 340 +++-
xen/arch/x86/x86_32/traps.c | 2
xen/arch/x86/x86_64/mm.c | 3
xen/arch/x86/x86_64/traps.c | 2
xen/common/grant_table.c | 12
xen/common/page_alloc.c | 58
xen/common/sysctl.c | 14
xen/common/xenoprof.c | 52
xen/drivers/char/ns16550.c | 4
xen/drivers/char/serial.c | 4
xen/include/acm/acm_core.h | 4
xen/include/asm-ia64/config.h | 6
xen/include/asm-ia64/debugger.h | 45
xen/include/asm-ia64/dom_fw_common.h | 1
xen/include/asm-ia64/domain.h | 45
xen/include/asm-ia64/linux-xen/asm/machvec.h | 69
xen/include/asm-ia64/linux-xen/asm/machvec_sn2.h | 7
xen/include/asm-ia64/linux-xen/asm/processor.h | 4
xen/include/asm-ia64/linux-xen/asm/ptrace.h | 42
xen/include/asm-ia64/vcpu.h | 13
xen/include/asm-ia64/vmmu.h | 1
xen/include/asm-ia64/vmx.h | 2
xen/include/asm-ia64/vmx_vcpu.h | 32
xen/include/asm-ia64/xenkregs.h | 15
xen/include/asm-ia64/xenoprof.h | 2
xen/include/asm-x86/acpi.h | 8
xen/include/asm-x86/config.h | 10
xen/include/asm-x86/desc.h | 5
xen/include/asm-x86/hap.h | 3
xen/include/asm-x86/hvm/hvm.h | 21
xen/include/asm-x86/hvm/support.h | 1
xen/include/asm-x86/hvm/vmx/vmcs.h | 9
xen/include/asm-x86/page.h | 15
xen/include/asm-x86/processor.h | 18
xen/include/asm-x86/smp.h | 13
xen/include/asm-x86/system.h | 2
xen/include/asm-x86/xenoprof.h | 4
xen/include/public/arch-ia64.h | 135 -
xen/include/public/foreign/reference.size | 6
xen/include/public/platform.h | 27
xen/include/public/sysctl.h | 13
xen/include/xen/cpumask.h | 2
xen/include/xen/irq.h | 10
xen/include/xen/mm.h | 5
xen/include/xen/xenoprof.h | 2
176 files changed, 6619 insertions(+), 2020 deletions(-)
diff -r c9720159b983 -r 9559ba7c80f9 .hgignore
--- a/.hgignore Mon Jul 16 14:20:16 2007 -0500
+++ b/.hgignore Tue Jul 17 10:20:21 2007 +0100
@@ -130,6 +130,8 @@
^tools/ioemu/qemu\.1$
^tools/ioemu/qemu\.pod$
^tools/libxc/xen/.*$
+^tools/libxc/ia64/asm/acpi\.h$
+^tools/libxc/ia64/xen/list\.h$
^tools/libxen/libxenapi-
^tools/libxen/test/test_bindings$
^tools/libxen/test/test_event_handling$
@@ -211,6 +213,7 @@
^tools/xm-test/lib/XmTestReport/xmtest.py$
^tools/xm-test/tests/.*\.test$
^xen/BLOG$
+^xen/System.map$
^xen/TAGS$
^xen/arch/x86/asm-offsets\.s$
^xen/arch/x86/boot/mkelf32$
@@ -218,6 +221,7 @@
^xen/ddb/.*$
^xen/include/asm$
^xen/include/asm-.*/asm-offsets\.h$
+^xen/include/asm-ia64/asm-xsi-offsets\.h$
^xen/include/compat/.*$
^xen/include/hypervisor-ifs/arch$
^xen/include/public/foreign/.*\.(c|h|size)$
@@ -233,6 +237,10 @@
^xen/xen$
^xen/xen-syms$
^xen/xen\..*$
+^xen/arch/ia64/asm-offsets\.s$
+^xen/arch/ia64/asm-xsi-offsets\.s$
+^xen/arch/ia64/map\.out$
+^xen/arch/ia64/xen\.lds\.s$
^xen/arch/powerpc/dom0\.bin$
^xen/arch/powerpc/asm-offsets\.s$
^xen/arch/powerpc/firmware$
diff -r c9720159b983 -r 9559ba7c80f9 Config.mk
--- a/Config.mk Mon Jul 16 14:20:16 2007 -0500
+++ b/Config.mk Tue Jul 17 10:20:21 2007 +0100
@@ -81,14 +81,6 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES)
# n - Do not build the Xen ACM framework
ACM_SECURITY ?= n
-# If ACM_SECURITY = y and no boot policy file is installed,
-# then the ACM defaults to the security policy set by
-# ACM_DEFAULT_SECURITY_POLICY
-# Supported models are:
-# ACM_NULL_POLICY
-# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
-ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY
-
# Optional components
XENSTAT_XENTOP ?= y
VTPM_TOOLS ?= n
diff -r c9720159b983 -r 9559ba7c80f9 docs/xen-api/xenapi-datamodel-graph.dot
--- a/docs/xen-api/xenapi-datamodel-graph.dot Mon Jul 16 14:20:16 2007 -0500
+++ b/docs/xen-api/xenapi-datamodel-graph.dot Tue Jul 17 10:20:21 2007 +0100
@@ -12,7 +12,7 @@ digraph "Xen-API Class Diagram" {
digraph "Xen-API Class Diagram" {
fontname="Verdana";
-node [ shape=box ]; session VM host network VIF PIF SR VDI VBD PBD user;
+node [ shape=box ]; session VM host network VIF PIF SR VDI VBD PBD user
XSPolicy ACMPolicy;
node [shape=ellipse]; PIF_metrics VIF_metrics VM_metrics VBD_metrics
PBD_metrics VM_guest_metrics host_metrics;
node [shape=box]; host_cpu console
session -> host [ arrowhead="none" ]
@@ -36,4 +36,6 @@ VBD -> VM [ arrowhead="none", arrowtail=
VBD -> VM [ arrowhead="none", arrowtail="crow" ]
VTPM -> VM [ arrowhead="none", arrowtail="crow" ]
VBD -> VBD_metrics [ arrowhead="none" ]
+XSPolicy -> host [ arrowhead="none" ]
+XSPolicy -> ACMPolicy [ arrowhead="none" ]
}
diff -r c9720159b983 -r 9559ba7c80f9 docs/xen-api/xenapi-datamodel.tex
--- a/docs/xen-api/xenapi-datamodel.tex Mon Jul 16 14:20:16 2007 -0500
+++ b/docs/xen-api/xenapi-datamodel.tex Tue Jul 17 10:20:21 2007 +0100
@@ -46,6 +46,8 @@ Name & Description \\
{\tt console} & A console \\
{\tt user} & A user of the system \\
{\tt debug} & A basic class for testing \\
+{\tt XSPolicy} & A class for handling Xen Security Policies \\
+{\tt ACMPolicy} & A class for handling ACM-type policies \\
\hline
\end{tabular}\end{center}
\section{Relationships Between Classes}
@@ -226,6 +228,7 @@ The following enumeration types are used
\vspace{1cm}
\newpage
+
\section{Error Handling}
When a low-level transport error occurs, or a request is malformed at the HTTP
or XML-RPC level, the server may send an XML-RPC Fault response, or the client
@@ -468,6 +471,17 @@ HVM is required for this operation
{\bf Signature:}
\begin{verbatim}VM_HVM_REQUIRED(vm)\end{verbatim}
\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{SECURITY\_ERROR}
+
+A security error occurred. The parameter provides the xen security
+error code and a message describing the error.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}SECURITY_ERROR(xserr, message)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
\newpage
\section{Class: session}
@@ -1401,6 +1415,7 @@ Quals & Field & Type & Description \\
$\mathit{RO}_\mathit{run}$ & {\tt is\_control\_domain} & bool & true if this
is a control domain (domain 0 or a driver domain) \\
$\mathit{RO}_\mathit{run}$ & {\tt metrics} & VM\_metrics ref & metrics
associated with this VM \\
$\mathit{RO}_\mathit{run}$ & {\tt guest\_metrics} & VM\_guest\_metrics ref &
metrics associated with the running guest \\
+$\mathit{RO}_\mathit{run}$ & {\tt security/label} & string & the VM's
security label \\
\hline
\end{longtable}
\subsection{RPCs associated with class: VM}
@@ -4395,6 +4410,82 @@ VM\_guest\_metrics ref
value of the field
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_security\_label}
+
+{\bf Overview:}
+Get the security label field of the given VM. Refer to the XSPolicy class
+for the format of the security label.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_security_label (session_id s, VM ref
self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt VM ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+value of the field
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~set\_security\_label}
+
+{\bf Overview:}
+Set the security label field of the given VM. Refer to the XSPolicy class
+for the format of the security label.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} int set_security_label (session_id s, VM ref self, string
+security_label, string old_label)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt VM ref } & self & reference to the object \\ \hline
+{\tt string } & security\_label & security label for the VM \\ \hline
+{\tt string } & old\_label & Optional label value that the security label \\
+& & must currently have for the change to succeed.\\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+int
+}
+
+
+Returns the ssidref in case of an VM that is currently running or
+paused, zero in case of a dormant VM (halted, suspended).
+
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
+
\vspace{0.3cm}
\vspace{0.3cm}
\vspace{0.3cm}
@@ -11317,6 +11408,79 @@ void
\vspace{0.3cm}
\vspace{0.3cm}
\vspace{0.3cm}
+\subsubsection{RPC name:~set\_security\_label}
+
+{\bf Overview:}
+Set the security label of the given VDI. Refer to the XSPolicy class
+for the format of the security label.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} void set_security_label (session_id s, VDI ref self, string
+security_label, string old_label)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt VDI ref } & self & reference to the object \\ \hline
+
+{\tt string } & security\_label & New value of the security label \\ \hline
+{\tt string } & old\_label & Optional label value that the security label \\
+& & must currently have for the change to succeed.\\ \hline
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+void
+}
+
+
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
+
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_security\_label}
+
+{\bf Overview:}
+Get the security label of the given VDI.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_security_label (session_id s, VDI ref
self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt VDI ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+value of the given field
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
\subsubsection{RPC name:~create}
{\bf Overview:}
@@ -13424,6 +13588,38 @@ value of the field
\vspace{0.3cm}
\vspace{0.3cm}
\vspace{0.3cm}
+\subsubsection{RPC name:~get\_runtime\_properties}
+
+{\bf Overview:}
+Get the runtime\_properties field of the given VTPM.
+
+\noindent {\bf Signature:}
+\begin{verbatim} ((string -> string) Map) get_runtime_properties (session_id
s, VTPM ref self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt VTPM ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+(string $\rightarrow$ string) Map
+}
+
+
+value of the field
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
\subsubsection{RPC name:~create}
{\bf Overview:}
@@ -14268,6 +14464,634 @@ all fields from the object
\vspace{0.3cm}
\vspace{1cm}
+\newpage
+\section{Class: XSPolicy}
+\subsection{Fields for class: XSPolicy}
+\begin{longtable}{|lllp{0.38\textwidth}|}
+\hline
+\multicolumn{1}{|l}{Name} & \multicolumn{3}{l|}{\bf XSPolicy} \\
+\multicolumn{1}{|l}{Description} & \multicolumn{3}{l|}{\parbox{11cm}{\em A Xen
Security Policy}} \\
+\hline
+Quals & Field & Type & Description \\
+\hline
+$\mathit{RO}_\mathit{run}$ & {\tt uuid} & string & unique identifier /
object reference \\
+$\mathit{RW}$ & {\tt repr} & string & representation of policy,
i.e., XML \\
+$\mathit{RO}_\mathit{run}$ & {\tt type} & xs\_type & type of the policy \\
+$\mathit{RO}_\mathit{run}$ & {\tt flags} & xs\_instantiationflags & policy
+status flags \\
+\hline
+\end{longtable}
+\subsection{Semantics of the class: XSPolicy}
+
+The XSPolicy class is used for administering Xen Security policies. Through
+this class a new policy can be uploaded to the system, loaded into the
+Xen hypervisor for enforcement and be set as the policy that the
+system is automatically loading when the machine is started.
+
+This class returns information about the currently administered policy,
+including a reference to the policy. This reference can then be used with
+policy-specific classes, i.e., the ACMPolicy class, to allow retrieval of
+information or changes to be made to a particular policy.
+
+\subsection{Structure and datatypes of class: XSPolicy}
+
+Format of the security label:
+
+A security label consist of the three different parts {\it policy type},
+{\it policy name} and {\it label} separated with colons. To specify
+the virtual machine label for an ACM-type policy {\it xm-test}, the
+security label string would be {\it ACM:xm-test:blue}, where blue
+denotes the virtual machine's label. The format of resource labels is
+the same.\\[0.5cm]
+The following flags are used by this class:
+
+\begin{longtable}{|l|l|l|}
+\hline
+{\tt xs\_type} & value & meaning \\
+\hline
+\hspace{0.5cm}{\tt XS\_POLICY\_ACM} & (1 $<<$ 0) & ACM-type policy \\
+\hline
+\end{longtable}
+
+\begin{longtable}{|l|l|l|}
+\hline
+{\tt xs\_instantiationflags} & value & meaning \\
+\hline
+\hspace{0.5cm}{\tt XS\_INST\_NONE} & 0 & do nothing \\
+\hspace{0.5cm}{\tt XS\_INST\_BOOT} & (1 $<<$ 0) & make system boot with this
policy \\
+\hspace{0.5cm}{\tt XS\_INST\_LOAD} & (1 $<<$ 1) & load policy immediately \\
+\hline
+\end{longtable}
+
+\begin{longtable}{|l|l|l|}
+\hline
+{\tt xs\_policystate} & type & meaning \\
+\hline
+\hspace{0.5cm}{\tt xserr} & int & Error code from operation (if applicable) \\
+\hspace{0.5cm}{\tt xs\_ref} & XSPolicy ref & reference to the XS policy as
returned by the API \\
+\hspace{0.5cm}{\tt repr} & string & representation of the policy, i.e., XML \\
+\hspace{0.5cm}{\tt type} & xs\_type & the type of the policy \\
+\hspace{0.5cm}{\tt flags } & xs\_instantiationflags & instantiation flags of
the policy \\
+\hspace{0.5cm}{\tt version} & string & version of the policy \\
+\hspace{0.5cm}{\tt errors} & string & Base64-encoded sequence of integer
tuples consisting \\
+& & of (error code, detail); will be returned as part \\
+& & of the xs\_setpolicy function. \\
+\hline
+\end{longtable}
+
+\subsection{Additional RPCs associated with class: XSPolicy}
+\subsubsection{RPC name:~get\_xstype}
+
+{\bf Overview:}
+Return the Xen Security Policy types supported by this system
+
+ \noindent {\bf Signature:}
+\begin{verbatim} xs_type get_xstype (session_id s)\end{verbatim}
+
+ \noindent {\bf Return Type:}
+{\tt
+xs\_type
+}
+
+flags representing the supported Xen security policy types
+ \vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~set\_xspolicy}
+
+{\bf Overview:}
+Set the current XSPolicy. This function can also be be used for updating of
+an existing policy whose name must be equivalent to the one of the
+currently running policy.
+
+\noindent {\bf Signature:}
+\begin{verbatim} xs_policystate set_xspolicy (session_id s, xs_type type,
string repr,
+xs_instantiationflags flags, bool overwrite)\end{verbatim}
+
+\noindent{\bf Arguments:}
+
+\vspace{0.3cm}
+
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs\_type } & type & the type of policy \\ \hline
+{\tt string} & repr & representation of the policy, i.e., XML \\ \hline
+{\tt xs\_instantiationflags} & flags & flags for the setting of the policy
\\ \hline
+{\tt bool} & overwrite & whether to overwrite an existing policy \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+
+ \noindent {\bf Return Type:}
+{\tt
+xs\_policystate
+}
+
+
+State information about the policy. In case an error occurred, the 'xs\_err'
+field contains the error code. The 'errors' may contain further information
+about the error.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_xspolicy}
+
+{\bf Overview:}
+Get information regarding the currently set Xen Security Policy
+
+ \noindent {\bf Signature:}
+\begin{verbatim} xs_policystate get_xspolicy (session_id s)\end{verbatim}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+xs\_policystate
+}
+
+
+Policy state information.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~rm\_xsbootpolicy}
+
+{\bf Overview:}
+Remove any policy from the default boot configuration.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} void rm_xsbootpolicy (session_id s)\end{verbatim}
+
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
+
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_labeled\_resources}
+
+{\bf Overview:}
+Get a list of resources that have been labeled.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} ((string -> string) Map) get_labeled_resources (session_id
s)\end{verbatim}
+
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+(string $\rightarrow$ string) Map
+}
+
+
+A map of resources with their labels.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~set\_resource\_label}
+
+{\bf Overview:}
+Label the given resource with the given label. An empty label removes any label
+from the resource.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} void set_resource_label (session_id s, string resource, string
+label, string old_label)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt string } & resource & resource to label \\ \hline
+{\tt string } & label & label for the resource \\ \hline
+{\tt string } & old\_label & Optional label value that the security label \\
+& & must currently have for the change to succeed. \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
+
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_resource\_label}
+
+{\bf Overview:}
+Get the label of the given resource.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_resource_label (session_id s, string
resource)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt string } & resource & resource to label \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+The label of the given resource.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~activate\_xspolicy}
+
+{\bf Overview:}
+Load the referenced policy into the hypervisor.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} xs_instantiationflags activate_xspolicy (session_id s, xs_ref
xspolicy,
+xs_instantiationflags flags)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+{\tt xs\_instantiationflags } & flags & flags to activate on a policy; flags
+ can only be set \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+
+ \noindent {\bf Return Type:}
+{\tt
+xs\_instantiationflags
+}
+
+
+Currently active instantiation flags.
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR}
+
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_all}
+
+{\bf Overview:}
+Return a list of all the XSPolicies known to the system.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} ((XSPolicy ref) Set) get_all (session_id s)\end{verbatim}
+
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+(XSPolicy ref) Set
+}
+
+
+A list of all the IDs of all the XSPolicies
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_uuid}
+
+{\bf Overview:}
+Get the uuid field of the given XSPolicy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_uuid (session_id s, XSPolicy ref
self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt XSPolicy ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+value of the field
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_record}
+
+{\bf Overview:}
+Get a record of the referenced XSPolicy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} (XSPolicy record) get_record (session_id s, xs_ref
xspolicy)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+XSPolicy record
+}
+
+
+all fields from the object
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\newpage
+\section{Class: ACMPolicy}
+\subsection{Fields for class: ACMPolicy}
+\begin{longtable}{|lllp{0.38\textwidth}|}
+\hline
+\multicolumn{1}{|l}{Name} & \multicolumn{3}{l|}{\bf ACMPolicy} \\
+\multicolumn{1}{|l}{Description} & \multicolumn{3}{l|}{\parbox{11cm}{\em An
ACM Security Policy}} \\
+\hline
+Quals & Field & Type & Description \\
+\hline
+$\mathit{RO}_\mathit{run}$ & {\tt uuid} & string & unique identifier / object
reference \\
+$\mathit{RW}$ & {\tt repr} & string & representation of policy,
in XML \\
+$\mathit{RO}_\mathit{run}$ & {\tt type} & xs\_type & type of the policy \\
+$\mathit{RO}_\mathit{run}$ & {\tt flags} & xs\_instantiationflags & policy
+status flags \\
+\hline
+\end{longtable}
+
+\subsection{Structure and datatypes of class: ACMPolicy}
+
+\vspace{0.5cm}
+The following data structures are used:
+
+\begin{longtable}{|l|l|l|}
+\hline
+{\tt RIP acm\_policyheader} & type & meaning \\
+\hline
+\hspace{0.5cm}{\tt policyname} & string & name of the policy \\
+\hspace{0.5cm}{\tt policyurl } & string & URL of the policy \\
+\hspace{0.5cm}{\tt date} & string & data of the policy \\
+\hspace{0.5cm}{\tt reference} & string & reference of the policy \\
+\hspace{0.5cm}{\tt namespaceurl} & string & namespaceurl of the policy \\
+\hspace{0.5cm}{\tt version} & string & version of the policy \\
+\hline
+\end{longtable}
+
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_header}
+
+{\bf Overview:}
+Get the referenced policy's header information.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} acm_policyheader get_header (session_id s, xs ref
self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+acm\_policyheader
+}
+
+
+The policy's header information.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_xml}
+
+{\bf Overview:}
+Get the XML representation of the given policy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_XML (session_id s, xs ref self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+XML representation of the referenced policy
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_map}
+
+{\bf Overview:}
+Get the mapping information of the given policy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+Mapping information of the referenced policy.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_binary}
+
+{\bf Overview:}
+Get the binary policy representation of the referenced policy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+Base64-encoded representation of the binary policy.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_all}
+
+{\bf Overview:}
+Return a list of all the ACMPolicies known to the system.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} ((ACMPolicy ref) Set) get_all (session_id s)\end{verbatim}
+
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+(ACMPolicy ref) Set
+}
+
+
+A list of all the IDs of all the ACMPolicies
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_uuid}
+
+{\bf Overview:}
+Get the uuid field of the given ACMPolicy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_uuid (session_id s, ACMPolicy ref
self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt ACMPolicy ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+value of the field
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_record}
+
+{\bf Overview:}
+Get a record of the referenced ACMPolicy.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} (XSPolicy record) get_record (session_id s, xs_ref
xspolicy)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+XSPolicy record
+}
+
+
+all fields from the object
+
\newpage
\section{Class: debug}
\subsection{Fields for class: debug}
diff -r c9720159b983 -r 9559ba7c80f9 extras/mini-os/arch/ia64/ia64.S
--- a/extras/mini-os/arch/ia64/ia64.S Mon Jul 16 14:20:16 2007 -0500
+++ b/extras/mini-os/arch/ia64/ia64.S Tue Jul 17 10:20:21 2007 +0100
@@ -105,7 +105,7 @@ ENTRY(_start)
/*
* Now pin mappings into the TLB for kernel text and data
*/
- mov r18=KERNEL_TR_PAGE_SIZE<<2
+ mov r18=KERNEL_TR_PAGE_SIZE<<IA64_ITIR_PS
movl r17=KERNEL_START
;;
mov cr.itir=r18
@@ -204,7 +204,10 @@ 1: /* now we are in virtual mode */
;;
or out0=r16, r15 // make a region 7 address
;;
-
+ ssm psr.i | psr.ic
+ ;;
+ srlz.i
+ ;;
br.call.sptk.many rp=start_kernel
;;
add r2=3,r0
diff -r c9720159b983 -r 9559ba7c80f9 extras/mini-os/arch/ia64/ivt.S
--- a/extras/mini-os/arch/ia64/ivt.S Mon Jul 16 14:20:16 2007 -0500
+++ b/extras/mini-os/arch/ia64/ivt.S Tue Jul 17 10:20:21 2007 +0100
@@ -587,13 +587,11 @@ END(save_special_regs)
ENTRY(hypervisor_callback)
- // Calculate the stack address for storing.
- // Use the kernel stack here because it's mapped wired!
- // -> no nested tlb faults!
- movl r18=kstack+KSTACK_PAGES * PAGE_SIZE - 16 - TF_SIZE
-
- //add r18=-TF_SIZE,sp
- add r30=0xabab,r0
+ /*
+ * Use the thread stack here for storing the trap frame.
+ * It's not wired mapped, so nested data tlb faults may occur!
+ */
+ add r18=-TF_SIZE,sp
;;
{ .mib
nop 0x02
@@ -602,7 +600,7 @@ ENTRY(hypervisor_callback)
;;
}
add sp=-16,r18 // the new stack
- alloc r15=ar.pfs,0,0,1,0 // 1 out for do_trap_error
+ alloc r15=ar.pfs,0,0,1,0 // 1 out for do_hypervisor_callback
;;
mov out0=r18 // the trap frame
movl r22=XSI_PSR_IC
@@ -617,13 +615,8 @@ ENTRY(hypervisor_callback)
movl r22=XSI_PSR_IC
;;
st4 [r22]=r0 // rsm psr.ic
-
- add r16=16,sp // load EF-pointer again
- ;;
- //mov r18=sp
- movl r18=kstack+KSTACK_PAGES * PAGE_SIZE - 16 - TF_SIZE
- ;;
-
+ add r18=16,sp // load EF-pointer again
+ ;;
// must have r18-efp, calls rfi at the end.
br.sptk restore_tf_rse_switch
;;
@@ -654,9 +647,7 @@ ENTRY(trap_error)
mov out0=r18 // the trap frame
add sp=-16,r18 // C-call abi
;;
-
- //bsw.1
- movl r30=XSI_BANKNUM
+ movl r30=XSI_BANKNUM // bsw.1
mov r31=1;;
#if defined(BIG_ENDIAN) // swap because mini-os is in BE
mux1 r31=r31,@rev;;
@@ -752,6 +743,7 @@ IVT_ERR(Alternate_Instruction_TLB, 3, 0x
IVT_ENTRY(Alternate_Data_TLB, 0x1000)
mov r30=4 // trap number
+adt_common:
mov r16=cr.ifa // where did it happen
mov r31=pr // save predicates
;;
@@ -765,7 +757,7 @@ IVT_ENTRY(Alternate_Data_TLB, 0x1000)
// // No return
//
//adt_regf_addr:
-// extr.u r17=r16,60,4 // get region number
+// extr.u r17=r16,60,4 // get region number
// ;;
// cmp.eq p14,p15=0xf,r17
// ;;
@@ -799,8 +791,23 @@ adt_reg7_addr:
IVT_END(Alternate_Data_TLB)
-
-IVT_ERR(Data_Nested_TLB, 5, 0x1400)
+/*
+ * Handling of nested data tlb is needed, because in hypervisor_callback()
+ * the stack is used to store the register trap frame. This stack is allocated
+ * dynamically (as identity mapped address) and therewidth no tr mapped page!
+ */
+IVT_ENTRY(Data_Nested_TLB, 0x1400)
+
+ mov r30=5 // trap number
+ add r28=-TF_SIZE,sp // r28 is never used in trap handling
+ ;;
+ mov cr.ifa=r28
+ ;;
+ br.sptk adt_common
+IVT_END(Data_Nested_TLB)
+
+
+
IVT_ERR(Instruction_Key_Miss, 6, 0x1800)
IVT_ERR(Data_Key_Miss, 7, 0x1c00)
IVT_ERR(Dirty_Bit, 8, 0x2000)
diff -r c9720159b983 -r 9559ba7c80f9 extras/mini-os/include/ia64/ia64_cpu.h
--- a/extras/mini-os/include/ia64/ia64_cpu.h Mon Jul 16 14:20:16 2007 -0500
+++ b/extras/mini-os/include/ia64/ia64_cpu.h Tue Jul 17 10:20:21 2007 +0100
@@ -143,11 +143,11 @@
#define STARTUP_PSR (IA64_PSR_IT | \
IA64_PSR_DT | IA64_PSR_RT | MOS_IA64_PSR_BE | \
- IA64_PSR_BN | IA64_PSR_CPL_2 | IA64_PSR_AC)
+ IA64_PSR_BN | IA64_PSR_CPL_KERN | IA64_PSR_AC)
#define MOS_SYS_PSR (IA64_PSR_IC | IA64_PSR_I | IA64_PSR_IT | \
IA64_PSR_DT | IA64_PSR_RT | MOS_IA64_PSR_BE | \
- IA64_PSR_BN | IA64_PSR_CPL_2 | IA64_PSR_AC)
+ IA64_PSR_BN | IA64_PSR_CPL_KERN | IA64_PSR_AC)
#define MOS_USR_PSR (IA64_PSR_IC | IA64_PSR_I | IA64_PSR_IT | \
IA64_PSR_DT | IA64_PSR_RT | MOS_IA64_PSR_BE | \
diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/acpi/dsdt.asl
--- a/tools/firmware/hvmloader/acpi/dsdt.asl Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/firmware/hvmloader/acpi/dsdt.asl Tue Jul 17 10:20:21 2007 +0100
@@ -123,11 +123,12 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2,
}
Name(BUFA, ResourceTemplate() {
- IRQ(Level, ActiveLow, Shared) { 5, 7, 10, 11 }
+ IRQ(Level, ActiveLow, Shared) { 5, 10, 11 }
})
Name(BUFB, Buffer() {
- 0x23, 0x00, 0x00, 0x18, 0x79, 0
+ 0x23, 0x00, 0x00, 0x18, /* IRQ descriptor */
+ 0x79, 0 /* End tag, null checksum */
})
CreateWordField(BUFB, 0x01, IRQV)
@@ -643,6 +644,22 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2,
IRQNoFlags () {4}
})
}
+
+ Device (LTP1)
+ {
+ Name (_HID, EisaId ("PNP0400"))
+ Name (_UID, 0x02)
+ Method (_STA, 0, NotSerialized)
+ {
+ Return (0x0F)
+ }
+
+ Name (_CRS, ResourceTemplate()
+ {
+ IO (Decode16, 0x0378, 0x0378, 0x08, 0x08)
+ IRQNoFlags () {7}
+ })
+ }
}
}
}
diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/acpi/dsdt.c
--- a/tools/firmware/hvmloader/acpi/dsdt.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/firmware/hvmloader/acpi/dsdt.c Tue Jul 17 10:20:21 2007 +0100
@@ -1,19 +1,19 @@
/*
*
* Intel ACPI Component Architecture
- * ASL Optimizing Compiler version 20060707 [Dec 30 2006]
+ * ASL Optimizing Compiler version 20060707 [Feb 16 2007]
* Copyright (C) 2000 - 2006 Intel Corporation
* Supports ACPI Specification Revision 3.0a
*
- * Compilation of "dsdt.asl" - Sat May 12 16:13:55 2007
+ * Compilation of "dsdt.asl" - Wed Jul 11 13:34:30 2007
*
* C source code output
*
*/
unsigned char AmlCode[] =
{
- 0x44,0x53,0x44,0x54,0x67,0x0D,0x00,0x00, /* 00000000 "DSDTg..." */
- 0x02,0xE0,0x58,0x65,0x6E,0x00,0x00,0x00, /* 00000008 "..Xen..." */
+ 0x44,0x53,0x44,0x54,0x9F,0x0D,0x00,0x00, /* 00000000 "DSDT...." */
+ 0x02,0x2E,0x58,0x65,0x6E,0x00,0x00,0x00, /* 00000008 "..Xen..." */
0x48,0x56,0x4D,0x00,0x00,0x00,0x00,0x00, /* 00000010 "HVM....." */
0x00,0x00,0x00,0x00,0x49,0x4E,0x54,0x4C, /* 00000018 "....INTL" */
0x07,0x07,0x06,0x20,0x08,0x50,0x4D,0x42, /* 00000020 "... .PMB" */
@@ -27,7 +27,7 @@ unsigned char AmlCode[] =
0x04,0x0A,0x07,0x0A,0x07,0x00,0x00,0x08, /* 00000060 "........" */
0x50,0x49,0x43,0x44,0x00,0x14,0x0C,0x5F, /* 00000068 "PICD..._" */
0x50,0x49,0x43,0x01,0x70,0x68,0x50,0x49, /* 00000070 "PIC.phPI" */
- 0x43,0x44,0x10,0x4C,0xCE,0x5F,0x53,0x42, /* 00000078 "CD.L._SB" */
+ 0x43,0x44,0x10,0x44,0xD2,0x5F,0x53,0x42, /* 00000078 "CD.D._SB" */
0x5F,0x5B,0x82,0x49,0x04,0x4D,0x45,0x4D, /* 00000080 "_[.I.MEM" */
0x30,0x08,0x5F,0x48,0x49,0x44,0x0C,0x41, /* 00000088 "0._HID.A" */
0xD0,0x0C,0x02,0x08,0x5F,0x43,0x52,0x53, /* 00000090 "...._CRS" */
@@ -37,7 +37,7 @@ unsigned char AmlCode[] =
0x00,0x00,0xFF,0xFF,0x09,0x00,0x00,0x00, /* 000000B0 "........" */
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 000000B8 "........" */
0x00,0x00,0x00,0x00,0x0A,0x00,0x00,0x00, /* 000000C0 "........" */
- 0x00,0x00,0x79,0x00,0x5B,0x82,0x49,0xC9, /* 000000C8 "..y.[.I." */
+ 0x00,0x00,0x79,0x00,0x5B,0x82,0x41,0xCD, /* 000000C8 "..y.[.A." */
0x50,0x43,0x49,0x30,0x08,0x5F,0x48,0x49, /* 000000D0 "PCI0._HI" */
0x44,0x0C,0x41,0xD0,0x0A,0x03,0x08,0x5F, /* 000000D8 "D.A...._" */
0x55,0x49,0x44,0x00,0x08,0x5F,0x41,0x44, /* 000000E0 "UID.._AD" */
@@ -59,7 +59,7 @@ unsigned char AmlCode[] =
0x00,0xF0,0xFF,0xFF,0xFF,0xF4,0x00,0x00, /* 00000160 "........" */
0x00,0x00,0x00,0x00,0x00,0x05,0x79,0x00, /* 00000168 "......y." */
0xA4,0x50,0x52,0x54,0x30,0x08,0x42,0x55, /* 00000170 ".PRT0.BU" */
- 0x46,0x41,0x11,0x09,0x0A,0x06,0x23,0xA0, /* 00000178 "FA....#." */
+ 0x46,0x41,0x11,0x09,0x0A,0x06,0x23,0x20, /* 00000178 "FA....# " */
0x0C,0x18,0x79,0x00,0x08,0x42,0x55,0x46, /* 00000180 "..y..BUF" */
0x42,0x11,0x09,0x0A,0x06,0x23,0x00,0x00, /* 00000188 "B....#.." */
0x18,0x79,0x00,0x8B,0x42,0x55,0x46,0x42, /* 00000190 ".y..BUFB" */
@@ -348,7 +348,7 @@ unsigned char AmlCode[] =
0x0C,0x04,0x0C,0xFF,0xFF,0x0F,0x00,0x0A, /* 00000A68 "........" */
0x02,0x00,0x0A,0x2F,0x12,0x0C,0x04,0x0C, /* 00000A70 ".../...." */
0xFF,0xFF,0x0F,0x00,0x0A,0x03,0x00,0x0A, /* 00000A78 "........" */
- 0x10,0x5B,0x82,0x44,0x2E,0x49,0x53,0x41, /* 00000A80 ".[.D.ISA" */
+ 0x10,0x5B,0x82,0x4C,0x31,0x49,0x53,0x41, /* 00000A80 ".[.L1ISA" */
0x5F,0x08,0x5F,0x41,0x44,0x52,0x0C,0x00, /* 00000A88 "_._ADR.." */
0x00,0x01,0x00,0x5B,0x80,0x50,0x49,0x52, /* 00000A90 "...[.PIR" */
0x51,0x02,0x0A,0x60,0x0A,0x04,0x10,0x2E, /* 00000A98 "Q..`...." */
@@ -440,6 +440,13 @@ unsigned char AmlCode[] =
0x09,0x5F,0x53,0x54,0x41,0x00,0xA4,0x0A, /* 00000D48 "._STA..." */
0x0F,0x08,0x5F,0x43,0x52,0x53,0x11,0x10, /* 00000D50 ".._CRS.." */
0x0A,0x0D,0x47,0x01,0xF8,0x03,0xF8,0x03, /* 00000D58 "..G....." */
- 0x01,0x08,0x22,0x10,0x00,0x79,0x00,
+ 0x01,0x08,0x22,0x10,0x00,0x79,0x00,0x5B, /* 00000D60 ".."..y.[" */
+ 0x82,0x36,0x4C,0x54,0x50,0x31,0x08,0x5F, /* 00000D68 ".6LTP1._" */
+ 0x48,0x49,0x44,0x0C,0x41,0xD0,0x04,0x00, /* 00000D70 "HID.A..." */
+ 0x08,0x5F,0x55,0x49,0x44,0x0A,0x02,0x14, /* 00000D78 "._UID..." */
+ 0x09,0x5F,0x53,0x54,0x41,0x00,0xA4,0x0A, /* 00000D80 "._STA..." */
+ 0x0F,0x08,0x5F,0x43,0x52,0x53,0x11,0x10, /* 00000D88 ".._CRS.." */
+ 0x0A,0x0D,0x47,0x01,0x78,0x03,0x78,0x03, /* 00000D90 "..G.x.x." */
+ 0x08,0x08,0x22,0x80,0x00,0x79,0x00,
};
int DsdtLen=sizeof(AmlCode);
diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/config.h
--- a/tools/firmware/hvmloader/config.h Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/firmware/hvmloader/config.h Tue Jul 17 10:20:21 2007 +0100
@@ -9,7 +9,7 @@
#define LAPIC_ID(vcpu_id) ((vcpu_id) * 2)
#define PCI_ISA_DEVFN 0x08 /* dev 1, fn 0 */
-#define PCI_ISA_IRQ_MASK 0x0ca0U /* ISA IRQs 5,7,10,11 are PCI connected */
+#define PCI_ISA_IRQ_MASK 0x0c20U /* ISA IRQs 5,10,11 are PCI connected */
#define ROMBIOS_SEG 0xF000
#define ROMBIOS_BEGIN 0x000F0000
diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/hvmloader.c
--- a/tools/firmware/hvmloader/hvmloader.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/firmware/hvmloader/hvmloader.c Tue Jul 17 10:20:21 2007 +0100
@@ -180,15 +180,13 @@ static void pci_setup(void)
unsigned int bar, pin, link, isa_irq;
/* Program PCI-ISA bridge with appropriate link routes. */
- link = 0;
- for ( isa_irq = 0; isa_irq < 15; isa_irq++ )
- {
- if ( !(PCI_ISA_IRQ_MASK & (1U << isa_irq)) )
- continue;
+ isa_irq = 0;
+ for ( link = 0; link < 4; link++ )
+ {
+ do { isa_irq = (isa_irq + 1) & 15;
+ } while ( !(PCI_ISA_IRQ_MASK & (1U << isa_irq)) );
pci_writeb(PCI_ISA_DEVFN, 0x60 + link, isa_irq);
printf("PCI-ISA link %u routed to IRQ%u\n", link, isa_irq);
- if ( link++ == 4 )
- break;
}
/* Program ELCR to match PCI-wired IRQs. */
diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/rombios/rombios.c
--- a/tools/firmware/rombios/rombios.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/firmware/rombios/rombios.c Tue Jul 17 10:20:21 2007 +0100
@@ -9146,78 +9146,78 @@ pci_routing_table_structure:
db 0 ;; pci bus number
db 0x08 ;; pci device number (bit 7-3)
db 0x61 ;; link value INTA#: pointer into PCI2ISA config space
- dw 0x0ca0 ;; IRQ bitmap INTA#
+ dw 0x0c20 ;; IRQ bitmap INTA#
db 0x62 ;; link value INTB#
- dw 0x0ca0 ;; IRQ bitmap INTB#
+ dw 0x0c20 ;; IRQ bitmap INTB#
db 0x63 ;; link value INTC#
- dw 0x0ca0 ;; IRQ bitmap INTC#
+ dw 0x0c20 ;; IRQ bitmap INTC#
db 0x60 ;; link value INTD#
- dw 0x0ca0 ;; IRQ bitmap INTD#
+ dw 0x0c20 ;; IRQ bitmap INTD#
db 0 ;; physical slot (0 = embedded)
db 0 ;; reserved
;; second slot entry: 1st PCI slot
db 0 ;; pci bus number
db 0x10 ;; pci device number (bit 7-3)
db 0x62 ;; link value INTA#
- dw 0x0ca0 ;; IRQ bitmap INTA#
+ dw 0x0c20 ;; IRQ bitmap INTA#
db 0x63 ;; link value INTB#
- dw 0x0ca0 ;; IRQ bitmap INTB#
+ dw 0x0c20 ;; IRQ bitmap INTB#
db 0x60 ;; link value INTC#
- dw 0x0ca0 ;; IRQ bitmap INTC#
+ dw 0x0c20 ;; IRQ bitmap INTC#
db 0x61 ;; link value INTD#
- dw 0x0ca0 ;; IRQ bitmap INTD#
+ dw 0x0c20 ;; IRQ bitmap INTD#
db 1 ;; physical slot (0 = embedded)
db 0 ;; reserved
;; third slot entry: 2nd PCI slot
db 0 ;; pci bus number
db 0x18 ;; pci device number (bit 7-3)
db 0x63 ;; link value INTA#
- dw 0x0ca0 ;; IRQ bitmap INTA#
+ dw 0x0c20 ;; IRQ bitmap INTA#
db 0x60 ;; link value INTB#
- dw 0x0ca0 ;; IRQ bitmap INTB#
+ dw 0x0c20 ;; IRQ bitmap INTB#
db 0x61 ;; link value INTC#
- dw 0x0ca0 ;; IRQ bitmap INTC#
+ dw 0x0c20 ;; IRQ bitmap INTC#
db 0x62 ;; link value INTD#
- dw 0x0ca0 ;; IRQ bitmap INTD#
+ dw 0x0c20 ;; IRQ bitmap INTD#
db 2 ;; physical slot (0 = embedded)
db 0 ;; reserved
;; 4th slot entry: 3rd PCI slot
db 0 ;; pci bus number
db 0x20 ;; pci device number (bit 7-3)
db 0x60 ;; link value INTA#
- dw 0x0ca0 ;; IRQ bitmap INTA#
+ dw 0x0c20 ;; IRQ bitmap INTA#
db 0x61 ;; link value INTB#
- dw 0x0ca0 ;; IRQ bitmap INTB#
+ dw 0x0c20 ;; IRQ bitmap INTB#
db 0x62 ;; link value INTC#
- dw 0x0ca0 ;; IRQ bitmap INTC#
+ dw 0x0c20 ;; IRQ bitmap INTC#
db 0x63 ;; link value INTD#
- dw 0x0ca0 ;; IRQ bitmap INTD#
+ dw 0x0c20 ;; IRQ bitmap INTD#
db 3 ;; physical slot (0 = embedded)
db 0 ;; reserved
;; 5th slot entry: 4rd PCI slot
db 0 ;; pci bus number
db 0x28 ;; pci device number (bit 7-3)
db 0x61 ;; link value INTA#
- dw 0x0ca0 ;; IRQ bitmap INTA#
+ dw 0x0c20 ;; IRQ bitmap INTA#
db 0x62 ;; link value INTB#
- dw 0x0ca0 ;; IRQ bitmap INTB#
+ dw 0x0c20 ;; IRQ bitmap INTB#
db 0x63 ;; link value INTC#
- dw 0x0ca0 ;; IRQ bitmap INTC#
+ dw 0x0c20 ;; IRQ bitmap INTC#
db 0x60 ;; link value INTD#
- dw 0x0ca0 ;; IRQ bitmap INTD#
+ dw 0x0c20 ;; IRQ bitmap INTD#
db 4 ;; physical slot (0 = embedded)
db 0 ;; reserved
;; 6th slot entry: 5rd PCI slot
db 0 ;; pci bus number
db 0x30 ;; pci device number (bit 7-3)
db 0x62 ;; link value INTA#
- dw 0x0ca0 ;; IRQ bitmap INTA#
+ dw 0x0c20 ;; IRQ bitmap INTA#
db 0x63 ;; link value INTB#
- dw 0x0ca0 ;; IRQ bitmap INTB#
+ dw 0x0c20 ;; IRQ bitmap INTB#
db 0x60 ;; link value INTC#
- dw 0x0ca0 ;; IRQ bitmap INTC#
+ dw 0x0c20 ;; IRQ bitmap INTC#
db 0x61 ;; link value INTD#
- dw 0x0ca0 ;; IRQ bitmap INTD#
+ dw 0x0c20 ;; IRQ bitmap INTD#
db 5 ;; physical slot (0 = embedded)
db 0 ;; reserved
#endif // BX_PCIBIOS
diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/hw/ide.c
--- a/tools/ioemu/hw/ide.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/ioemu/hw/ide.c Tue Jul 17 10:20:21 2007 +0100
@@ -596,7 +596,8 @@ static void ide_identify(IDEState *s)
/* 13=flush_cache_ext,12=flush_cache,10=lba48 */
put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
put_le16(p + 84, (1 << 14));
- put_le16(p + 85, (1 << 14));
+ /* 14=nop 5=write_cache */
+ put_le16(p + 85, (1 << 14) | (1 << 5));
/* 13=flush_cache_ext,12=flush_cache,10=lba48 */
put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
put_le16(p + 87, (1 << 14));
diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/hw/rtl8139.c
--- a/tools/ioemu/hw/rtl8139.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/ioemu/hw/rtl8139.c Tue Jul 17 10:20:21 2007 +0100
@@ -53,9 +53,8 @@
/* debug RTL8139 card C+ mode only */
//#define DEBUG_RTL8139CP 1
-/* RTL8139 provides frame CRC with received packet, this feature seems to be
- ignored by most drivers, disabled by default */
-//#define RTL8139_CALCULATE_RXCRC 1
+/* Calculate CRCs propoerly on Rx packets */
+#define RTL8139_CALCULATE_RXCRC 1
/* Uncomment to enable on-board timer interrupts */
//#define RTL8139_ONBOARD_TIMER 1
@@ -754,7 +753,7 @@ static void rtl8139_write_buffer(RTL8139
int wrapped = MOD2(s->RxBufAddr + size, s->RxBufferSize);
/* write packet data */
- if (wrapped && s->RxBufferSize < 65536 && !rtl8139_RxWrap(s))
+ if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s)))
{
DEBUG_PRINT((">>> RTL8139: rx packet wrapped in buffer at %d\n",
size-wrapped));
@@ -1030,7 +1029,7 @@ static void rtl8139_do_receive(void *opa
/* write checksum */
#if defined (RTL8139_CALCULATE_RXCRC)
- val = cpu_to_le32(crc32(~0, buf, size));
+ val = cpu_to_le32(crc32(0, buf, size));
#else
val = 0;
#endif
@@ -1136,7 +1135,7 @@ static void rtl8139_do_receive(void *opa
/* write checksum */
#if defined (RTL8139_CALCULATE_RXCRC)
- val = cpu_to_le32(crc32(~0, buf, size));
+ val = cpu_to_le32(crc32(0, buf, size));
#else
val = 0;
#endif
diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/target-i386-dm/exec-dm.c
--- a/tools/ioemu/target-i386-dm/exec-dm.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/ioemu/target-i386-dm/exec-dm.c Tue Jul 17 10:20:21 2007 +0100
@@ -446,18 +446,16 @@ extern unsigned long logdirty_bitmap_siz
#if defined(__x86_64__) || defined(__i386__)
static void memcpy_words(void *dst, void *src, size_t n)
{
- asm (
+ asm volatile (
" movl %%edx,%%ecx \n"
#ifdef __x86_64__
" shrl $3,%%ecx \n"
- " andl $7,%%edx \n"
" rep movsq \n"
" test $4,%%edx \n"
" jz 1f \n"
" movsl \n"
#else /* __i386__ */
" shrl $2,%%ecx \n"
- " andl $3,%%edx \n"
" rep movsl \n"
#endif
"1: test $2,%%edx \n"
@@ -467,7 +465,7 @@ static void memcpy_words(void *dst, void
" jz 1f \n"
" movsb \n"
"1: \n"
- : : "S" (src), "D" (dst), "d" (n) : "ecx" );
+ : "+S" (src), "+D" (dst) : "d" (n) : "ecx", "memory" );
}
#else
static void memcpy_words(void *dst, void *src, size_t n)
diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/target-i386-dm/helper2.c
--- a/tools/ioemu/target-i386-dm/helper2.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/ioemu/target-i386-dm/helper2.c Tue Jul 17 10:20:21 2007 +0100
@@ -140,6 +140,7 @@ void cpu_reset(CPUX86State *env)
if (xcHandle < 0)
fprintf(logfile, "Cannot acquire xenctrl handle\n");
else {
+ xc_domain_shutdown_hook(xcHandle, domid);
sts = xc_domain_shutdown(xcHandle, domid, SHUTDOWN_reboot);
if (sts != 0)
fprintf(logfile,
diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/vl.c
--- a/tools/ioemu/vl.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/ioemu/vl.c Tue Jul 17 10:20:21 2007 +0100
@@ -7141,13 +7141,8 @@ int main(int argc, char **argv)
serial_devices[i][0] = '\0';
serial_device_index = 0;
-#ifndef CONFIG_DM
pstrcpy(parallel_devices[0], sizeof(parallel_devices[0]), "vc");
for(i = 1; i < MAX_PARALLEL_PORTS; i++)
-#else
- /* Xen steals IRQ7 for PCI. Disable LPT1 by default. */
- for(i = 0; i < MAX_PARALLEL_PORTS; i++)
-#endif
parallel_devices[i][0] = '\0';
parallel_device_index = 0;
diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/vl.h
--- a/tools/ioemu/vl.h Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/ioemu/vl.h Tue Jul 17 10:20:21 2007 +0100
@@ -1498,4 +1498,13 @@ void destroy_hvm_domain(void);
/* VNC Authentication */
#define AUTHCHALLENGESIZE 16
+#ifdef __ia64__
+static inline void xc_domain_shutdown_hook(int xc_handle, uint32_t domid)
+{
+ xc_ia64_save_to_nvram(xc_handle, domid);
+}
+#else
+#define xc_domain_shutdown_hook(xc_handle, domid) do {} while (0)
+#endif
+
#endif /* VL_H */
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/ia64/xc_dom_ia64_util.c
--- a/tools/libxc/ia64/xc_dom_ia64_util.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxc/ia64/xc_dom_ia64_util.c Tue Jul 17 10:20:21 2007 +0100
@@ -104,7 +104,7 @@ xen_ia64_is_vcpu_allocated(struct xc_dom
if (rc == 0)
return 1;
- if (rc != -ESRCH)
+ if (errno != ESRCH)
PERROR("Could not get vcpu info");
return 0;
}
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/ia64/xc_ia64_hvm_build.c
--- a/tools/libxc/ia64/xc_ia64_hvm_build.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxc/ia64/xc_ia64_hvm_build.c Tue Jul 17 10:20:21 2007 +0100
@@ -623,6 +623,21 @@ copy_from_nvram_to_GFW(int xc_handle, ui
/*
+ *Check is the address where NVRAM data located valid
+ */
+static int is_valid_address(void *addr)
+{
+ struct nvram_save_addr *p = (struct nvram_save_addr *)addr;
+
+ if ( p->signature == NVRAM_VALID_SIG )
+ return 1;
+ else {
+ PERROR("Invalid nvram signature. Nvram save failed!\n");
+ return 0;
+ }
+}
+
+/*
* GFW use 4k page. when doing foreign map, we should 16k align
* the address and map one more page to guarantee all 64k nvram data
* can be got.
@@ -667,7 +682,11 @@ copy_from_GFW_to_nvram(int xc_handle, ui
return -1;
}
- addr_from_GFW_4k_align = *((uint64_t *)tmp_ptr);
+ /* Check is NVRAM data vaild */
+ if ( !is_valid_address(tmp_ptr) )
+ return -1;
+
+ addr_from_GFW_4k_align = ((struct nvram_save_addr *)tmp_ptr)->addr;
munmap(tmp_ptr, PAGE_SIZE);
// align address to 16k
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xc_domain.c
--- a/tools/libxc/xc_domain.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxc/xc_domain.c Tue Jul 17 10:20:21 2007 +0100
@@ -586,6 +586,27 @@ int xc_domain_ioport_permission(int xc_h
domctl.u.ioport_permission.allow_access = allow_access;
return do_domctl(xc_handle, &domctl);
+}
+
+int xc_availheap(int xc_handle,
+ int min_width,
+ int max_width,
+ int node,
+ uint64_t *bytes)
+{
+ DECLARE_SYSCTL;
+ int rc;
+
+ sysctl.cmd = XEN_SYSCTL_availheap;
+ sysctl.u.availheap.min_bitwidth = min_width;
+ sysctl.u.availheap.max_bitwidth = max_width;
+ sysctl.u.availheap.node = node;
+
+ rc = xc_sysctl(xc_handle, &sysctl);
+
+ *bytes = sysctl.u.availheap.avail_bytes;
+
+ return rc;
}
int xc_vcpu_setcontext(int xc_handle,
@@ -697,6 +718,18 @@ int xc_get_hvm_param(int handle, domid_t
return rc;
}
+int xc_domain_setdebugging(int xc_handle,
+ uint32_t domid,
+ unsigned int enable)
+{
+ DECLARE_DOMCTL;
+
+ domctl.cmd = XEN_DOMCTL_setdebugging;
+ domctl.domain = domid;
+ domctl.u.setdebugging.enable = enable;
+ return do_domctl(xc_handle, &domctl);
+}
+
/*
* Local variables:
* mode: C
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xc_linux.c
--- a/tools/libxc/xc_linux.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxc/xc_linux.c Tue Jul 17 10:20:21 2007 +0100
@@ -456,7 +456,7 @@ void *xc_gnttab_map_grant_refs(int xcg_h
map->count = count;
- if ( ioctl(xcg_handle, IOCTL_GNTDEV_MAP_GRANT_REF, &map) )
+ if ( ioctl(xcg_handle, IOCTL_GNTDEV_MAP_GRANT_REF, map) )
goto out;
addr = mmap(NULL, PAGE_SIZE * count, prot, MAP_SHARED, xcg_handle,
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xc_ptrace.c
--- a/tools/libxc/xc_ptrace.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxc/xc_ptrace.c Tue Jul 17 10:20:21 2007 +0100
@@ -566,10 +566,7 @@ xc_ptrace(
}
if ( request == PTRACE_DETACH )
{
- domctl.cmd = XEN_DOMCTL_setdebugging;
- domctl.domain = current_domid;
- domctl.u.setdebugging.enable = 0;
- if ((retval = do_domctl(xc_handle, &domctl)))
+ if ((retval = xc_domain_setdebugging(xc_handle, current_domid, 0)))
goto out_error_domctl;
}
regs_valid = 0;
@@ -593,10 +590,7 @@ xc_ptrace(
else if ((retval = xc_domain_pause(xc_handle, current_domid)))
goto out_error_domctl;
current_is_hvm = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_hvm_guest);
- domctl.cmd = XEN_DOMCTL_setdebugging;
- domctl.domain = current_domid;
- domctl.u.setdebugging.enable = 1;
- if ((retval = do_domctl(xc_handle, &domctl)))
+ if ((retval = xc_domain_setdebugging(xc_handle, current_domid, 1)))
goto out_error_domctl;
if (get_online_cpumap(xc_handle, &domctl.u.getdomaininfo, &cpumap))
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xenctrl.h
--- a/tools/libxc/xenctrl.h Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxc/xenctrl.h Tue Jul 17 10:20:21 2007 +0100
@@ -433,6 +433,18 @@ int xc_domain_send_trigger(int xc_handle
uint32_t trigger,
uint32_t vcpu);
+/**
+ * This function enables or disable debugging of a domain.
+ *
+ * @parm xc_handle a handle to an open hypervisor interface
+ * @parm domid the domain id to send trigger
+ * @parm enable true to enable debugging
+ * return 0 on success, -1 on failure
+ */
+int xc_domain_setdebugging(int xc_handle,
+ uint32_t domid,
+ unsigned int enable);
+
/*
* EVENT CHANNEL FUNCTIONS
*/
@@ -616,6 +628,20 @@ int xc_get_pfn_type_batch(int xc_handle,
/* Get current total pages allocated to a domain. */
long xc_get_tot_pages(int xc_handle, uint32_t domid);
+/**
+ * This function retrieves the the number of bytes available
+ * in the heap in a specific range of address-widths and nodes.
+ *
+ * @parm xc_handle a handle to an open hypervisor interface
+ * @parm domid the domain to query
+ * @parm min_width the smallest address width to query (0 if don't care)
+ * @parm max_width the largest address width to query (0 if don't care)
+ * @parm node the node to query (-1 for all)
+ * @parm *bytes caller variable to put total bytes counted
+ * @return 0 on success, <0 on failure.
+ */
+int xc_availheap(int xc_handle, int min_width, int max_width, int node,
+ uint64_t *bytes);
/*
* Trace Buffer Operations
diff -r c9720159b983 -r 9559ba7c80f9
tools/libxen/include/xen/api/xen_acmpolicy.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/include/xen/api/xen_acmpolicy.h Tue Jul 17 10:20:21
2007 +0100
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef XEN_ACMPOLICY_H
+#define XEN_ACMPOLICY_H
+
+#include "xen_common.h"
+#include "xen_string_string_map.h"
+#include "xen_xspolicy_decl.h"
+#include "xen_vm_decl.h"
+
+/*
+ * Data structures.
+ */
+
+typedef struct xen_acmpolicy_record
+{
+ xen_xspolicy handle;
+ char *uuid;
+ char *repr;
+ xs_instantiationflags flags;
+ xs_type type;
+} xen_acmpolicy_record;
+
+/**
+ * Allocate a xen_acmpolicy_record.
+ */
+extern xen_acmpolicy_record *
+xen_acmpolicy_record_alloc(void);
+
+/**
+ * Free the given xen_xspolicy_record, and all referenced values. The
+ * given record must have been allocated by this library.
+ */
+extern void
+xen_acmpolicy_record_free(xen_acmpolicy_record *record);
+
+
+/**
+ * Data structures for the policy's header
+ */
+typedef struct xen_acm_header
+{
+ char *policyname;
+ char *policyurl;
+ char *date;
+ char *reference;
+ char *namespaceurl;
+ char *version;
+} xen_acm_header;
+
+extern xen_acm_header *
+xen_acm_header_alloc(void);
+
+extern void
+xen_acm_header_free(xen_acm_header *hdr);
+
+/**
+ * Get the referenced policy's record.
+ */
+bool
+xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
+ xen_xspolicy xspolicy);
+
+/**
+ * Get the header of a policy.
+ */
+extern bool
+xen_acmpolicy_get_header(xen_session *session, xen_acm_header **hdr,
+ xen_xspolicy xspolicy);
+
+
+/**
+ * Get the XML representation of the policy.
+ */
+extern bool
+xen_acmpolicy_get_xml(xen_session *session, char **xml,
+ xen_xspolicy xspolicy);
+
+/**
+ * Get the mapping file of the policy.
+ */
+extern bool
+xen_acmpolicy_get_map(xen_session *session, char **map,
+ xen_xspolicy xspolicy);
+
+/**
+ * Get the binary representation (base64-encoded) of the policy.
+ */
+extern bool
+xen_acmpolicy_get_binary(xen_session *session, char **binary,
+ xen_xspolicy xspolicy);
+
+/**
+ * Get the UUID filed of the given policy.
+ */
+bool
+xen_acmpolicy_get_uuid(xen_session *session, char **result,
+ xen_xspolicy xspolicy);
+
+#endif
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_vdi.h
--- a/tools/libxen/include/xen/api/xen_vdi.h Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxen/include/xen/api/xen_vdi.h Tue Jul 17 10:20:21 2007 +0100
@@ -344,4 +344,17 @@ xen_vdi_get_all(xen_session *session, st
xen_vdi_get_all(xen_session *session, struct xen_vdi_set **result);
+/**
+ * Set the security label of a VDI.
+ */
+extern bool
+xen_vdi_set_security_label(xen_session *session, int64_t *result, xen_vdi vdi,
+ char *label, char *oldlabel);
+
+/**
+ * Get the security label of a VDI.
+ */
+extern bool
+xen_vdi_get_security_label(xen_session *session, char **result, xen_vdi vdi);
+
#endif
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_vm.h
--- a/tools/libxen/include/xen/api/xen_vm.h Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxen/include/xen/api/xen_vm.h Tue Jul 17 10:20:21 2007 +0100
@@ -112,6 +112,7 @@ typedef struct xen_vm_record
bool is_control_domain;
struct xen_vm_metrics_record_opt *metrics;
struct xen_vm_guest_metrics_record_opt *guest_metrics;
+ char *security_label;
} xen_vm_record;
/**
@@ -891,4 +892,17 @@ xen_vm_get_all(xen_session *session, str
xen_vm_get_all(xen_session *session, struct xen_vm_set **result);
+/**
+ * Set the security label of a domain.
+ */
+extern bool
+xen_vm_set_security_label(xen_session *session, int64_t *result, xen_vm vm,
+ char *label, char *oldlabel);
+
+/**
+ * Get the security label of a domain.
+ */
+extern bool
+xen_vm_get_security_label(xen_session *session, char **result, xen_vm vm);
+
#endif
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_xspolicy.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/include/xen/api/xen_xspolicy.h Tue Jul 17 10:20:21
2007 +0100
@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef XEN_XSPOLICY_H
+#define XEN_XSPOLICY_H
+
+#include "xen_common.h"
+#include "xen_xspolicy_decl.h"
+#include "xen_string_string_map.h"
+
+
+/*
+ * The XSPolicy and associated data structures.
+ *
+ */
+typedef int64_t xs_type;
+typedef int64_t xs_instantiationflags;
+
+enum xs_type {
+ XS_POLICY_ACM = (1 << 0),
+};
+
+enum xs_instantiationflags {
+ XS_INST_NONE = 0,
+ XS_INST_BOOT = (1 << 0),
+ XS_INST_LOAD = (1 << 1),
+};
+
+
+/* Error codes returned by xend following XSPolicy operations */
+#define XSERR_BASE 0x1000
+
+#define XSERR_SUCCESS 0
+#define XSERR_GENERAL_FAILURE 1 + XSERR_BASE
+#define XSERR_BAD_XML 2 + XSERR_BASE
+#define XSERR_XML_PROCESSING 3 + XSERR_BASE
+#define XSERR_POLICY_INCONSISTENT 4 + XSERR_BASE
+#define XSERR_FILE_ERROR 5 + XSERR_BASE
+#define XSERR_BAD_RESOURCE_FORMAT 6 + XSERR_BASE
+#define XSERR_BAD_LABEL_FORMAT 7 + XSERR_BASE
+#define XSERR_RESOURCE_NOT_LABELED 8 + XSERR_BASE
+#define XSERR_RESOURCE_ALREADY_LABELED 9 + XSERR_BASE
+#define XSERR_WRONG_POLICY_TYPE 10 + XSERR_BASE
+#define XSERR_BOOTPOLICY_INSTALLED 11 + XSERR_BASE
+#define XSERR_NO_DEFAULT_BOOT_TITLE 12 + XSERR_BASE
+#define XSERR_POLICY_LOAD_FAILED 13 + XSERR_BASE
+#define XSERR_POLICY_LOADED 14 + XSERR_BASE
+#define XSERR_POLICY_TYPE_UNSUPPORTED 15 + XSERR_BASE
+#define XSERR_BAD_CONFLICTSET 20 + XSERR_BASE
+#define XSERR_RESOURCE_IN_USE 21 + XSERR_BASE
+#define XSERR_BAD_POLICY_NAME 22 + XSERR_BASE
+#define XSERR_RESOURCE_ACCESS 23 + XSERR_BASE
+#define XSERR_HV_OP_FAILED 24 + XSERR_BASE
+#define XSERR_BOOTPOLICY_INSTALL_ERROR 25 + XSERR_BASE
+
+
+/**
+ * Free the given xen_xspolicy. The given handle must have been allocated
+ * by this library.
+ */
+extern void
+xen_xspolicy_free(xen_xspolicy xspolicy);
+
+
+typedef struct xen_xspolicy_set
+{
+ size_t size;
+ xen_xspolicy *contents[];
+} xen_xspolicy_set;
+
+/**
+ * Allocate a xen_xspolicy_set of the given size.
+ */
+extern xen_xspolicy_set *
+xen_xspolicy_set_alloc(size_t size);
+
+/**
+ * Free the given xen_xspolicy_set. The given set must have been allocated
+ * by this library.
+ */
+extern void
+xen_xspolicy_set_free(xen_xspolicy_set *set);
+
+
+typedef struct xen_xspolicy_record
+{
+ xen_xspolicy handle;
+ char *uuid;
+ char *repr;
+ xs_instantiationflags flags;
+ xs_type type;
+} xen_xspolicy_record;
+
+/**
+ * Allocate a xen_xspolicy_record.
+ */
+extern xen_xspolicy_record *
+xen_xspolicy_record_alloc(void);
+
+/**
+ * Free the given xen_xspolicy_record, and all referenced values. The
+ * given record must have been allocated by this library.
+ */
+extern void
+xen_xspolicy_record_free(xen_xspolicy_record *record);
+
+
+typedef struct xen_xspolicy_record_opt
+{
+ bool is_record;
+ union
+ {
+ xen_xspolicy handle;
+ xen_xspolicy_record *record;
+ } u;
+} xen_xspolicy_record_opt;
+
+/**
+ * Allocate a xen_xspolicy_record_opt.
+ */
+extern xen_xspolicy_record_opt *
+xen_xspolicy_record_opt_alloc(void);
+
+/**
+ * Free the given xen_xspolicy_record_opt, and all referenced values. The
+ * given record_opt must have been allocated by this library.
+ */
+extern void
+xen_xspolicy_record_opt_free(xen_xspolicy_record_opt *record_opt);
+
+
+typedef struct xen_xspolicy_record_set
+{
+ size_t size;
+ xen_xspolicy_record *contents[];
+} xen_xspolicy_record_set;
+
+/**
+ * Allocate a xen_xspolicy_record_set of the given size.
+ */
+extern xen_xspolicy_record_set *
+xen_xspolicy_record_set_alloc(size_t size);
+
+/**
+ * Free the given xen_xspolicy_record_set, and all referenced values. The
+ * given set must have been allocated by this library.
+ */
+extern void
+xen_xspolicy_record_set_free(xen_xspolicy_record_set *set);
+
+/**
+ * Data structures and function declarations for an XS Policy's state
+ * information.
+ */
+typedef struct xen_xs_policystate
+{
+ xen_xspolicy_record_opt *xs_ref;
+ int64_t xserr;
+ char *repr;
+ xs_type type;
+ xs_instantiationflags flags;
+ char *version;
+ char *errors;
+} xen_xs_policystate;
+
+void
+xen_xs_policystate_free(xen_xs_policystate *state);
+
+
+/**
+ * Get the referenced policy's record.
+ */
+bool
+xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result,
+ xen_xspolicy xspolicy);
+
+/**
+ * Get the UUID field of the given policy.
+ */
+bool
+xen_xspolicy_get_uuid(xen_session *session, char **result,
+ xen_xspolicy xspolicy);
+
+/**
+ * Get a policy given it's UUID
+ */
+bool
+xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result,
+ char *uuid);
+
+
+/**
+ * Get the types of policies supported by the system.
+ */
+bool
+xen_xspolicy_get_xstype(xen_session *session, xs_type *result);
+
+
+/**
+ * Get information about the currently managed policy.
+ * (The API allows only one policy to be on the system.)
+ */
+bool
+xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result);
+
+/**
+ * Activate the referenced policy by loading it into the hypervisor.
+ */
+bool
+xen_xspolicy_activate_xspolicy(xen_session *session, int64_t *result,
+ xen_xspolicy xspolicy,
+ xs_instantiationflags flags);
+
+
+/**
+ * Set the system's policy to the given information comprising
+ * type of policy, the xml representation of the policy, some flags
+ * on whether to load the policy immediately and whether to overwrite
+ * an existing policy on the system.
+ */
+bool
+xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result,
+ xs_type type, char *repr, int64_t flags,
+ bool overwrite);
+
+
+/**
+ * Remove any policy from having the system booted with.
+ */
+extern bool
+xen_xspolicy_rm_xsbootpolicy(xen_session *session);
+
+/**
+ * Retrieve all labeled resources.
+ */
+extern bool
+xen_xspolicy_get_labeled_resources(xen_session *session,
+ xen_string_string_map **resources);
+
+/**
+ * Label a resource such as for example a hard drive partition or file
+ */
+extern bool
+xen_xspolicy_set_resource_label(xen_session *session,
+ char *resource, char *label,
+ char *oldlabel);
+
+/**
+ * Get the label of a resource.
+ */
+extern bool
+xen_xspolicy_get_resource_label(xen_session *session, char **label,
+ char *resource);
+
+#endif
diff -r c9720159b983 -r 9559ba7c80f9
tools/libxen/include/xen/api/xen_xspolicy_decl.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/include/xen/api/xen_xspolicy_decl.h Tue Jul 17 10:20:21
2007 +0100
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef XEN_XSPOLICY_DECL_H
+#define XEN_XSPOLICY_DECL_H
+
+typedef void *xen_xspolicy;
+
+struct xen_xspolicy_set;
+struct xen_xspolicy_record;
+struct xen_xspolicy_record_set;
+struct xen_xspolicy_record_opt;
+struct xen_xspolicy_record_opt_set;
+
+#endif
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_acmpolicy.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/src/xen_acmpolicy.c Tue Jul 17 10:20:21 2007 +0100
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "xen_internal.h"
+#include "xen/api/xen_common.h"
+#include "xen/api/xen_xspolicy.h"
+#include "xen/api/xen_acmpolicy.h"
+
+
+static const struct_member xen_acmpolicy_record_struct_members[] =
+ {
+ { .key = "uuid",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acmpolicy_record, uuid) },
+ { .key = "flags",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_acmpolicy_record, flags) },
+ { .key = "repr",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acmpolicy_record, repr) },
+ { .key = "type",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_acmpolicy_record, type) },
+ };
+
+const abstract_type xen_acmpolicy_record_abstract_type_ =
+ {
+ .typename = STRUCT,
+ .struct_size = sizeof(xen_acmpolicy_record),
+ .member_count =
+ sizeof(xen_acmpolicy_record_struct_members) / sizeof(struct_member),
+ .members = xen_acmpolicy_record_struct_members
+ };
+
+
+static const struct_member xen_acm_header_struct_members[] =
+ {
+ { .key = "policyname",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acm_header, policyname) },
+ { .key = "policyurl",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acm_header, policyurl) },
+ { .key = "date",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acm_header, date) },
+ { .key = "reference",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acm_header, reference) },
+ { .key = "namespaceurl",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acm_header, namespaceurl) },
+ { .key = "version",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_acm_header, version) },
+ };
+
+const abstract_type xen_acm_header_abstract_type_ =
+ {
+ .typename = STRUCT,
+ .struct_size = sizeof(xen_acm_header),
+ .member_count =
+ sizeof(xen_acm_header_struct_members) /
+ sizeof(struct_member),
+ .members = xen_acm_header_struct_members,
+ };
+
+void
+xen_acm_header_free(xen_acm_header *shdr)
+{
+ if (shdr == NULL)
+ {
+ return;
+ }
+ free(shdr->policyname);
+ free(shdr->policyurl);
+ free(shdr->date);
+ free(shdr->reference);
+ free(shdr->namespaceurl);
+ free(shdr->version);
+ free(shdr);
+}
+
+
+void
+xen_acmpolicy_record_free(xen_acmpolicy_record *record)
+{
+ if (record == NULL)
+ {
+ return;
+ }
+ free(record->handle);
+ free(record->uuid);
+ free(record->repr);
+ free(record);
+}
+
+
+
+bool
+xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy }
+ };
+
+ abstract_type result_type = xen_acmpolicy_record_abstract_type_;
+
+ *result = NULL;
+ XEN_CALL_("ACMPolicy.get_record");
+
+ if (session->ok)
+ {
+ (*result)->handle = xen_strdup_((*result)->uuid);
+ }
+
+ return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_header(xen_session *session,
+ xen_acm_header **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy },
+ };
+
+ abstract_type result_type = xen_acm_header_abstract_type_;
+
+ *result = NULL;
+ XEN_CALL_("ACMPolicy.get_header");
+ return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_xml(xen_session *session,
+ char **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy },
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("ACMPolicy.get_xml");
+ return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_map(xen_session *session,
+ char **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy },
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("ACMPolicy.get_map");
+ return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_binary(xen_session *session, char **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy },
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("ACMPolicy.get_binary");
+ return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_uuid(xen_session *session, char **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy }
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("ACMPolicy.get_uuid");
+ return session->ok;
+}
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_vdi.c
--- a/tools/libxen/src/xen_vdi.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxen/src/xen_vdi.c Tue Jul 17 10:20:21 2007 +0100
@@ -534,3 +534,42 @@ xen_vdi_get_uuid(xen_session *session, c
XEN_CALL_("VDI.get_uuid");
return session->ok;
}
+
+
+bool
+xen_vdi_set_security_label(xen_session *session, int64_t *result, xen_vdi vdi,
+ char *label, char *oldlabel)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = vdi },
+ { .type = &abstract_type_string,
+ .u.string_val = label },
+ { .type = &abstract_type_string,
+ .u.string_val = oldlabel },
+ };
+
+ abstract_type result_type = abstract_type_int;
+
+ *result = 0;
+ XEN_CALL_("VDI.set_security_label");
+ return session->ok;
+}
+
+
+bool
+xen_vdi_get_security_label(xen_session *session, char **result, xen_vdi vdi)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = vdi },
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("VDI.get_security_label");
+ return session->ok;
+}
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_vm.c
--- a/tools/libxen/src/xen_vm.c Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/libxen/src/xen_vm.c Tue Jul 17 10:20:21 2007 +0100
@@ -162,7 +162,10 @@ static const struct_member xen_vm_record
.offset = offsetof(xen_vm_record, metrics) },
{ .key = "guest_metrics",
.type = &abstract_type_ref,
- .offset = offsetof(xen_vm_record, guest_metrics) }
+ .offset = offsetof(xen_vm_record, guest_metrics) },
+ { .key = "security_label",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_vm_record, security_label) }
};
const abstract_type xen_vm_record_abstract_type_ =
@@ -206,6 +209,7 @@ xen_vm_record_free(xen_vm_record *record
xen_string_string_map_free(record->other_config);
xen_vm_metrics_record_opt_free(record->metrics);
xen_vm_guest_metrics_record_opt_free(record->guest_metrics);
+ free(record->security_label);
free(record);
}
@@ -1738,3 +1742,42 @@ xen_vm_get_uuid(xen_session *session, ch
XEN_CALL_("VM.get_uuid");
return session->ok;
}
+
+
+bool
+xen_vm_set_security_label(xen_session *session, int64_t *result, xen_vm vm,
+ char *label, char *oldlabel)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = vm },
+ { .type = &abstract_type_string,
+ .u.string_val = label },
+ { .type = &abstract_type_string,
+ .u.string_val = oldlabel },
+ };
+
+ abstract_type result_type = abstract_type_int;
+
+ *result = 0;
+ XEN_CALL_("VM.set_security_label");
+ return session->ok;
+}
+
+
+bool
+xen_vm_get_security_label(xen_session *session, char **result, xen_vm vm)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = vm },
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("VM.get_security_label");
+ return session->ok;
+}
diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_xspolicy.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/src/xen_xspolicy.c Tue Jul 17 10:20:21 2007 +0100
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "xen/api/xen_common.h"
+#include "xen/api/xen_internal.h"
+#include "xen/api/xen_xspolicy.h"
+
+
+XEN_FREE(xen_xspolicy)
+XEN_SET_ALLOC_FREE(xen_xspolicy)
+XEN_RECORD_OPT_FREE(xen_xspolicy)
+
+static const struct_member xen_xspolicy_record_struct_members[] =
+ {
+ { .key = "uuid",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_xspolicy_record, uuid) },
+ { .key = "flags",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_xspolicy_record, flags) },
+ { .key = "repr",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_xspolicy_record, repr) },
+ { .key = "type",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_xspolicy_record, type) },
+ };
+
+const abstract_type xen_xspolicy_record_abstract_type_ =
+ {
+ .typename = STRUCT,
+ .struct_size = sizeof(xen_xspolicy_record),
+ .member_count =
+ sizeof(xen_xspolicy_record_struct_members) / sizeof(struct_member),
+ .members = xen_xspolicy_record_struct_members
+ };
+
+
+static const struct_member xen_xs_policystate_struct_members[] =
+ {
+ { .key = "xs_ref",
+ .type = &abstract_type_ref,
+ .offset = offsetof(xen_xs_policystate, xs_ref) },
+ { .key = "xserr",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_xs_policystate, xserr) },
+ { .key = "repr",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_xs_policystate, repr) },
+ { .key = "type",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_xs_policystate, type) },
+ { .key = "flags",
+ .type = &abstract_type_int,
+ .offset = offsetof(xen_xs_policystate, flags) },
+ { .key = "version",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_xs_policystate, version) },
+ { .key = "errors",
+ .type = &abstract_type_string,
+ .offset = offsetof(xen_xs_policystate, errors) },
+ };
+
+const abstract_type xen_xs_policystate_abstract_type_ =
+ {
+ .typename = STRUCT,
+ .struct_size = sizeof(xen_xs_policystate),
+ .member_count =
+ sizeof(xen_xs_policystate_struct_members) /
+ sizeof(struct_member),
+ .members = xen_xs_policystate_struct_members,
+ };
+
+
+
+
+void
+xen_xs_policystate_free(xen_xs_policystate *state)
+{
+ if (state == NULL)
+ {
+ return;
+ }
+ xen_xspolicy_record_opt_free(state->xs_ref);
+ free(state->repr);
+ free(state->errors);
+ free(state->version);
+ free(state);
+}
+
+
+void
+xen_xspolicy_record_free(xen_xspolicy_record *record)
+{
+ if (record == NULL)
+ {
+ return;
+ }
+ free(record->handle);
+ free(record->uuid);
+ free(record->repr);
+ free(record);
+}
+
+
+bool
+xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy }
+ };
+
+ abstract_type result_type = xen_xspolicy_record_abstract_type_;
+
+ *result = NULL;
+ XEN_CALL_("XSPolicy.get_record");
+
+ if (session->ok)
+ {
+ (*result)->handle = xen_strdup_((*result)->uuid);
+ }
+
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_uuid(xen_session *session, char **result,
+ xen_xspolicy xspolicy)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy }
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("XSPolicy.get_uuid");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result,
+ char *uuid)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = uuid }
+ };
+
+ abstract_type result_type = abstract_type_string;
+
+ *result = NULL;
+ XEN_CALL_("XSPolicy.get_by_uuid");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_xstype(xen_session *session, xs_type *result)
+{
+ abstract_value param_values[] =
+ {
+ };
+
+ abstract_type result_type = abstract_type_int;
+
+ *result = 0;
+ XEN_CALL_("XSPolicy.get_xstype");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result,
+ xs_type type, char *repr,
+ xs_instantiationflags flags,
+ bool overwrite)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_int,
+ .u.int_val = type },
+ { .type = &abstract_type_string,
+ .u.string_val = repr },
+ { .type = &abstract_type_int,
+ .u.int_val = flags },
+ { .type = &abstract_type_bool,
+ .u.bool_val = overwrite }
+ };
+
+ abstract_type result_type = xen_xs_policystate_abstract_type_;
+
+ *result = NULL;
+ XEN_CALL_("XSPolicy.set_xspolicy");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result)
+{
+ abstract_value param_values[] =
+ {
+ };
+
+ abstract_type result_type = xen_xs_policystate_abstract_type_;
+
+ *result = NULL;
+ XEN_CALL_("XSPolicy.get_xspolicy");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_labeled_resources(xen_session *session,
+ xen_string_string_map **result)
+{
+ abstract_value param_values[] =
+ {
+ };
+
+ abstract_type result_type = abstract_type_string_string_map;
+
+ *result = NULL;
+ XEN_CALL_("XSPolicy.get_labeled_resources");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_set_resource_label(xen_session *session,
+ char *resource, char *label,
+ char *oldlabel)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = resource },
+ { .type = &abstract_type_string,
+ .u.string_val = label },
+ { .type = &abstract_type_string,
+ .u.string_val = oldlabel },
+ };
+
+ xen_call_(session, "XSPolicy.set_resource_label", param_values, 3,
+ NULL, NULL);
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_resource_label(xen_session *session, char **result,
+ char *resource)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = resource },
+ };
+
+ abstract_type result_type = abstract_type_string;
+ XEN_CALL_("XSPolicy.get_resource_label");
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_rm_xsbootpolicy(xen_session *session)
+{
+ abstract_value param_values[] =
+ {
+ };
+
+ xen_call_(session, "XSPolicy.rm_xsbootpolicy", param_values, 0,
+ NULL, NULL);
+ return session->ok;
+}
+
+
+bool
+xen_xspolicy_activate_xspolicy(xen_session *session,
+ xs_instantiationflags *result,
+ xen_xspolicy xspolicy,
+ xs_instantiationflags flags)
+{
+ abstract_value param_values[] =
+ {
+ { .type = &abstract_type_string,
+ .u.string_val = xspolicy },
+ { .type = &abstract_type_int,
+ .u.int_val = flags },
+ };
+
+ abstract_type result_type = abstract_type_int;
+
+ *result = 0;
+ XEN_CALL_("XSPolicy.activate_xspolicy");
+ return session->ok;
+}
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/util/acmpolicy.py
--- a/tools/python/xen/util/acmpolicy.py Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/python/xen/util/acmpolicy.py Tue Jul 17 10:20:21 2007 +0100
@@ -57,12 +57,20 @@ class ACMPolicy(XSPolicy):
def __init__(self, name=None, dom=None, ref=None, xml=None):
if name:
self.name = name
- self.dom = minidom.parse(self.path_from_policy_name(name))
+ try:
+ self.dom = minidom.parse(self.path_from_policy_name(name))
+ except Exception, e:
+ raise SecurityError(-xsconstants.XSERR_XML_PROCESSING,
+ str(e))
elif dom:
self.dom = dom
self.name = self.get_name()
elif xml:
- self.dom = minidom.parseString(xml)
+ try:
+ self.dom = minidom.parseString(xml)
+ except Exception, e:
+ raise SecurityError(-xsconstants.XSERR_XML_PROCESSING,
+ str(e))
self.name = self.get_name()
rc = self.validate()
if rc != xsconstants.XSERR_SUCCESS:
@@ -481,7 +489,8 @@ class ACMPolicy(XSPolicy):
strings = []
i = 0
while i < len(node.childNodes):
- if node.childNodes[i].nodeName == "Type":
+ if node.childNodes[i].nodeName == "Type" and \
+ len(node.childNodes[i].childNodes) > 0:
strings.append(node.childNodes[i].childNodes[0].nodeValue)
i += 1
return strings
@@ -564,7 +573,8 @@ class ACMPolicy(XSPolicy):
while i < len(node.childNodes):
if node.childNodes[i].nodeName == "VirtualMachineLabel":
name = self.policy_dom_get(node.childNodes[i], "Name")
- strings.append(name.childNodes[0].nodeValue)
+ if len(name.childNodes) > 0:
+ strings.append(name.childNodes[0].nodeValue)
i += 1
return strings
@@ -592,23 +602,24 @@ class ACMPolicy(XSPolicy):
i = 0
while i < len(node.childNodes):
if node.childNodes[i].nodeName == "VirtualMachineLabel":
- _res = {}
- _res['type'] = xsconstants.ACM_LABEL_VM
name = self.policy_dom_get(node.childNodes[i], "Name")
- _res['name'] = name.childNodes[0].nodeValue
- stes = self.policy_dom_get(node.childNodes[i],
- "SimpleTypeEnforcementTypes")
- if stes:
- _res['stes'] = self.policy_get_types(stes)
- else:
- _res['stes'] = []
- chws = self.policy_dom_get(node.childNodes[i],
- "ChineseWallTypes")
- if chws:
- _res['chws'] = self.policy_get_types(chws)
- else:
- _res['chws'] = []
- res.append(_res)
+ if len(name.childNodes) > 0:
+ _res = {}
+ _res['type'] = xsconstants.ACM_LABEL_VM
+ _res['name'] = name.childNodes[0].nodeValue
+ stes = self.policy_dom_get(node.childNodes[i],
+ "SimpleTypeEnforcementTypes")
+ if stes:
+ _res['stes'] = self.policy_get_types(stes)
+ else:
+ _res['stes'] = []
+ chws = self.policy_dom_get(node.childNodes[i],
+ "ChineseWallTypes")
+ if chws:
+ _res['chws'] = self.policy_get_types(chws)
+ else:
+ _res['chws'] = []
+ res.append(_res)
i += 1
return res
@@ -628,7 +639,8 @@ class ACMPolicy(XSPolicy):
while i < len(node.childNodes):
if node.childNodes[i].nodeName == labeltype:
name = self.policy_dom_get(node.childNodes[i], "Name")
- if name.childNodes[0].nodeValue == label:
+ if len(name.childNodes) > 0 and \
+ name.childNodes[0].nodeValue == label:
stes = self.policy_dom_get(node.childNodes[i],
"SimpleTypeEnforcementTypes")
if not stes:
@@ -662,7 +674,7 @@ class ACMPolicy(XSPolicy):
if node.childNodes[i].nodeName == labeltype:
name = self.policy_dom_get(node.childNodes[i], "Name")
from_name = name.getAttribute("from")
- if from_name:
+ if from_name and len(name.childNodes) > 0:
res.update({from_name : name.childNodes[0].nodeValue})
i += 1
return res
@@ -700,7 +712,7 @@ class ACMPolicy(XSPolicy):
name = self.policy_dom_get(node.childNodes[i], "Name")
stes = self.policy_dom_get(node.childNodes[i],
"SimpleTypeEnforcementTypes")
- if stes:
+ if stes and len(name.childNodes) > 0:
strings.append(name.childNodes[0].nodeValue)
i += 1
return strings
@@ -715,18 +727,19 @@ class ACMPolicy(XSPolicy):
i = 0
while i < len(node.childNodes):
if node.childNodes[i].nodeName == "ResourceLabel":
- _res = {}
- _res['type'] = xsconstants.ACM_LABEL_RES
name = self.policy_dom_get(node.childNodes[i], "Name")
- _res['name'] = name.childNodes[0].nodeValue
- stes = self.policy_dom_get(node.childNodes[i],
- "SimpleTypeEnforcementTypes")
- if stes:
- _res['stes'] = self.policy_get_types(stes)
- else:
- _res['stes'] = []
- _res['chws'] = []
- res.append(_res)
+ if len(name.childNodes) > 0:
+ _res = {}
+ _res['type'] = xsconstants.ACM_LABEL_RES
+ _res['name'] = name.childNodes[0].nodeValue
+ stes = self.policy_dom_get(node.childNodes[i],
+
"SimpleTypeEnforcementTypes")
+ if stes:
+ _res['stes'] = self.policy_get_types(stes)
+ else:
+ _res['stes'] = []
+ _res['chws'] = []
+ res.append(_res)
i += 1
return res
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/python/xen/util/security.py Tue Jul 17 10:20:21 2007 +0100
@@ -154,75 +154,6 @@ def calc_dom_ssidref_from_info(info):
return 0
raise VmError("security.calc_dom_ssidref_from_info: info of type '%s'"
"not supported." % type(info))
-
-# Assumes a 'security' info [security access_control ...] [ssidref ...]
-def get_security_info(info, field):
- """retrieves security field from self.info['security'])
- allowed search fields: ssidref, label, policy
- """
- if isinstance(info, dict):
- security = info['security']
- elif isinstance(info, list):
- security = sxp.child_value(info, 'security')
- if not security:
- if field == 'ssidref':
- #return default ssid
- return 0
- else:
- err("Security information not found in info struct.")
-
- if field == 'ssidref':
- search = 'ssidref'
- elif field in ['policy', 'label']:
- search = 'access_control'
- else:
- err("Illegal field in get_security_info.")
-
- for idx in range(0, len(security)):
- if search != security[idx][0]:
- continue
- if search == 'ssidref':
- return int(security[idx][1])
- else:
- for aidx in range(0, len(security[idx])):
- if security[idx][aidx][0] == field:
- return str(security[idx][aidx][1])
-
- if search == 'ssidref':
- return 0
- else:
- return None
-
-
-def get_security_printlabel(info):
- """retrieves printable security label from self.info['security']),
- preferably the label name and otherwise (if label is not specified
- in config and cannot be found in mapping file) a hex string of the
- ssidref or none if both not available
- """
- try:
- if not on():
- return "INACTIVE"
- if active_policy in ["DEFAULT"]:
- return "DEFAULT"
-
- printlabel = get_security_info(info, 'label')
- if printlabel:
- return printlabel
- ssidref = get_security_info(info, 'ssidref')
- if not ssidref:
- return None
- #try to translate ssidref to a label
- result = ssidref2label(ssidref)
- if not result:
- printlabel = "0x%08x" % ssidref
- else:
- printlabel = result
- return printlabel
- except ACMError:
- #don't throw an exception in xm list
- return "ERROR"
-
def getmapfile(policyname):
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/python/xen/xend/XendConfig.py Tue Jul 17 10:20:21 2007 +0100
@@ -636,6 +636,8 @@ class XendConfig(dict):
except ValueError, e:
raise XendConfigError('cpus = %s: %s' % (cfg['cpus'], e))
+ if not 'security' in cfg and sxp.child_value(sxp_cfg, 'security'):
+ cfg['security'] = sxp.child_value(sxp_cfg, 'security')
if 'security' in cfg and not cfg.get('security_label'):
secinfo = cfg['security']
if isinstance(secinfo, list):
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xend/XendDomain.py
--- a/tools/python/xen/xend/XendDomain.py Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/python/xen/xend/XendDomain.py Tue Jul 17 10:20:21 2007 +0100
@@ -1164,6 +1164,10 @@ class XendDomain:
if dominfo.getDomid() == DOM0_ID:
raise XendError("Cannot dump core for privileged domain %s" %
domid)
+ if dominfo._stateGet() not in (DOM_STATE_PAUSED, DOM_STATE_RUNNING):
+ raise VMBadState("Domain '%s' is not started" % domid,
+ POWER_STATE_NAMES[DOM_STATE_PAUSED],
+ POWER_STATE_NAMES[dominfo._stateGet()])
try:
log.info("Domain core dump requested for domain %s (%d) "
@@ -1537,6 +1541,10 @@ class XendDomain:
dominfo = self.domain_lookup_nr(domid)
if not dominfo:
raise XendInvalidDomain(str(domid))
+ if dominfo._stateGet() not in (DOM_STATE_RUNNING, DOM_STATE_PAUSED):
+ raise VMBadState("Domain '%s' is not started" % domid,
+ POWER_STATE_NAMES[DOM_STATE_RUNNING],
+ POWER_STATE_NAMES[dominfo._stateGet()])
if trigger_name.lower() in TRIGGER_TYPE:
trigger = TRIGGER_TYPE[trigger_name.lower()]
else:
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/python/xen/xend/XendDomainInfo.py Tue Jul 17 10:20:21 2007 +0100
@@ -459,6 +459,7 @@ class XendDomainInfo:
hvm_pvdrv = xc.hvm_get_param(self.domid, HVM_PARAM_CALLBACK_IRQ)
if not hvm_pvdrv:
code = REVERSE_DOMAIN_SHUTDOWN_REASONS[reason]
+ xc.domain_destroy_hook(self.domid)
log.info("HVM save:remote shutdown dom %d!", self.domid)
xc.domain_shutdown(self.domid, code)
@@ -1593,6 +1594,7 @@ class XendDomainInfo:
log.exception("Removing domain path failed.")
self._stateSet(DOM_STATE_HALTED)
+ self.domid = None # Do not push into _stateSet()!
finally:
self.refresh_shutdown_lock.release()
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/activatepolicy.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/python/xen/xm/activatepolicy.py Tue Jul 17 10:20:21 2007 +0100
@@ -0,0 +1,86 @@
+#============================================================================
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of version 2.1 of the GNU Lesser General Public
+# License as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#============================================================================
+# Copyright (C) 2007 International Business Machines Corp.
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#============================================================================
+
+"""Activate the managed policy of the system.
+"""
+
+import sys
+from xen.util import xsconstants
+from xml.dom import minidom
+from xen.xm.opts import OptionError
+from xen.xm import getpolicy
+from xen.xm import main as xm_main
+from xen.xm.main import server
+
+def help():
+ return """
+ Usage: xm activatepolicy [options]
+
+ Activate the xend-managed policy.
+
+ The following options are defined:
+ --load Load the policy into the hypervisor.
+ --boot Have the system boot with the policy. Changes the default
+ title in grub.conf.
+ --noboot Remove the policy from the default entry in grub.conf.
+ """
+
+def activate_policy(flags):
+ policystate = server.xenapi.XSPolicy.get_xspolicy()
+ xs_ref = policystate['xs_ref']
+ if int(policystate['type']) == 0 or xs_ref == "":
+ print "No policy is installed."
+ return
+ rc = int(server.xenapi.XSPolicy.activate_xspolicy(xs_ref, flags))
+ if rc == flags:
+ print "Successfully activated the policy."
+ else:
+ print "An error occurred trying to activate the policy: %s" % \
+ xsconstants.xserr2string(rc)
+
+def remove_bootpolicy():
+ server.xenapi.XSPolicy.rm_xsbootpolicy()
+
+def main(argv):
+ if xm_main.serverType != xm_main.SERVER_XEN_API:
+ raise OptionError('xm needs to be configured to use the xen-api.')
+ flags = 0
+ c = 1
+
+ while c < len(argv):
+ if '--boot' == argv[c]:
+ flags |= xsconstants.XS_INST_BOOT
+ elif '--load' == argv[c]:
+ flags |= xsconstants.XS_INST_LOAD
+ elif '--noboot' == argv[c]:
+ remove_bootpolicy()
+ else:
+ raise OptionError("Unknown command line option '%s'" % argv[c])
+ c += 1
+
+ if flags != 0:
+ activate_policy(flags)
+
+ getpolicy.getpolicy(False)
+
+if __name__ == '__main__':
+ try:
+ main(sys.argv)
+ except Exception, e:
+ sys.stderr.write('Error: %s\n' % str(e))
+ sys.exit(-1)
diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/addlabel.py
--- a/tools/python/xen/xm/addlabel.py Mon Jul 16 14:20:16 2007 -0500
+++ b/tools/python/xen/xm/addlabel.py Tue Jul 17 10:20:21 2007 +0100
@@ -25,17 +25,29 @@ from xen.util import dictio
from xen.util import dictio
from xen.util import security
from xen.xm.opts import OptionError
+from xen.util import xsconstants
+from xen.xm import main as xm_main
+from xen.xm.main import server
def help():
return """
Format: xm addlabel <label> dom <configfile> [<policy>]
- xm addlabel <label> res <resource> [<policy>]
+ xm addlabel <label> mgt <domain name> [<policy type>:<policy>]
+ xm addlabel <label> res <resource> [[<policy type>:]<policy>]
This program adds an acm_label entry into the 'configfile'
- for a domain or to the global resource label file for a
- resource. It derives the policy from the running hypervisor
+ for a domain or allows to label a xend-managed domain.
+ The global resource label file for is extended with labels for
+ resources. It derives the policy from the running hypervisor
if it is not given (optional parameter). If a label already
- exists for the given domain or resource, then addlabel fails."""
+ exists for the given domain or resource, then addlabel fails.
+
+ For xend-managed domains, the 'mgt' parameter should be used and
+ the 'xm' tool must have been configured to use the xen-api for
+ communication with xen. If a policy is provided as last parameter,
+ its type must also be given. Currently only one type of policy is
+ supported and identified as 'ACM'. An example for a valid string
+ is 'ACM:xm-test'. """
def validate_config_file(configfile):
@@ -66,32 +78,47 @@ def validate_config_file(configfile):
return 1
-def add_resource_label(label, resource, policyref):
+def add_resource_label(label, resource, policyref, policy_type):
"""Adds a resource label to the global resource label file.
"""
- # sanity check: make sure this label can be instantiated later on
- ssidref = security.label2ssidref(label, policyref, 'res')
-
- #build canonical resource name
- resource = security.unify_resname(resource)
-
- # see if this resource is already in the file
- access_control = { |
Home