4 files changed, 57 insertions, 4 deletions

diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
index f784254daf..989ebae133 100644
--- a/xen/common/event_channel.c
+++ b/xen/common/event_channel.c
@@ -1256,6 +1256,7 @@ void evtchn_move_pirqs(struct vcpu *v)
 static void domain_dump_evtchn_info(struct domain *d)
 {
     unsigned int port;
+    int irq;
 
     bitmap_scnlistprintf(keyhandler_scratch, sizeof(keyhandler_scratch),
                          d->poll_mask, d->max_vcpus);
@@ -1268,6 +1269,7 @@ static void domain_dump_evtchn_info(struct domain *d)
     for ( port = 1; port < MAX_EVTCHNS(d); ++port )
     {
         const struct evtchn *chn;
+        char *ssid;
 
         if ( !port_is_valid(d, port) )
             continue;
@@ -1275,11 +1277,12 @@ static void domain_dump_evtchn_info(struct domain *d)
         if ( chn->state == ECS_FREE )
             continue;
 
-        printk("    %4u [%d/%d]: s=%d n=%d",
+        printk("    %4u [%d/%d]: s=%d n=%d x=%d",
                port,
                !!test_bit(port, &shared_info(d, evtchn_pending)),
                !!test_bit(port, &shared_info(d, evtchn_mask)),
-               chn->state, chn->notify_vcpu_id);
+               chn->state, chn->notify_vcpu_id, chn->xen_consumer);
+
         switch ( chn->state )
         {
         case ECS_UNBOUND:
@@ -1291,13 +1294,21 @@ static void domain_dump_evtchn_info(struct domain *d)
                    chn->u.interdomain.remote_port);
             break;
         case ECS_PIRQ:
-            printk(" p=%d", chn->u.pirq.irq);
+            irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+            printk(" p=%d i=%d", chn->u.pirq.irq, irq);
             break;
         case ECS_VIRQ:
             printk(" v=%d", chn->u.virq);
             break;
         }
-        printk(" x=%d\n", chn->xen_consumer);
+
+        ssid = xsm_show_security_evtchn(d, chn);
+        if (ssid) {
+            printk(" Z=%s\n", ssid);
+            xfree(ssid);
+        } else {
+            printk("\n");
+        }
     }
 
     spin_unlock(&d->event_lock);
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index e3cae602c9..92204b3288 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -99,6 +99,7 @@ struct xsm_operations {
     void (*free_security_domain) (struct domain *d);
     int (*alloc_security_evtchn) (struct evtchn *chn);
     void (*free_security_evtchn) (struct evtchn *chn);
+    char *(*show_security_evtchn) (struct domain *d, const struct evtchn *chn);
 
     int (*get_pod_target) (struct domain *d);
     int (*set_pod_target) (struct domain *d);
@@ -424,6 +425,11 @@ static inline void xsm_free_security_evtchn (struct evtchn *chn)
     (void)xsm_call(free_security_evtchn(chn));
 }
 
+static inline char *xsm_show_security_evtchn (struct domain *d, const struct evtchn *chn)
+{
+    return xsm_call(show_security_evtchn(d, chn));
+}
+
 static inline int xsm_get_pod_target (struct domain *d)
 {
     return xsm_call(get_pod_target(d));
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c
index d99f8860d1..fca9d7b582 100644
--- a/xen/xsm/dummy.c
+++ b/xen/xsm/dummy.c
@@ -290,6 +290,11 @@ static void dummy_free_security_evtchn (struct evtchn *chn)
     return;
 }
 
+static char *dummy_show_security_evtchn (struct domain *d, const struct evtchn *chn)
+{
+    return NULL;
+}
+
 static int dummy_test_assign_device (uint32_t machine_bdf)
 {
     return 0;
@@ -637,6 +642,7 @@ void xsm_fixup_ops (struct xsm_operations *ops)
     set_to_dummy_if_null(ops, free_security_domain);
     set_to_dummy_if_null(ops, alloc_security_evtchn);
     set_to_dummy_if_null(ops, free_security_evtchn);
+    set_to_dummy_if_null(ops, show_security_evtchn);
 
     set_to_dummy_if_null(ops, memory_adjust_reservation);
     set_to_dummy_if_null(ops, memory_stat_reservation);
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 543dc77f1a..d207b1d1be 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -274,6 +274,35 @@ static void flask_free_security_evtchn(struct evtchn *chn)
     xfree(esec);
 }
 
+static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *chn)
+{
+    struct evtchn_security_struct *esec;
+    int irq;
+    u32 sid = 0;
+    char *ctx;
+    u32 ctx_len;
+
+    switch ( chn->state )
+    {
+    case ECS_UNBOUND:
+    case ECS_INTERDOMAIN:
+        esec = chn->ssid;
+        if ( esec )
+            sid = esec->sid;
+        break;
+    case ECS_PIRQ:
+        irq = domain_pirq_to_irq(d, chn->u.pirq.irq);
+        if (irq)
+            security_irq_sid(irq, &sid);
+        break;
+    }
+    if ( !sid )
+        return NULL;
+    if (security_sid_to_context(sid, &ctx, &ctx_len))
+        return NULL;
+    return ctx;
+}
+
 static int flask_grant_mapref(struct domain *d1, struct domain *d2, 
                               uint32_t flags)
 {
@@ -1499,6 +1528,7 @@ static struct xsm_operations flask_ops = {
     .free_security_domain = flask_domain_free_security,
     .alloc_security_evtchn = flask_alloc_security_evtchn,
     .free_security_evtchn = flask_free_security_evtchn,
+    .show_security_evtchn = flask_show_security_evtchn,
 
     .get_pod_target = flask_get_pod_target,
     .set_pod_target = flask_set_pod_target,