| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The XSM hooks inside rangeset are not useful in capturing the PIRQ
mappings in HVM domains. They can also be called from softirq context
where current->domain is invalid, causing spurious AVC denials from
unrelated domains on such calls.
Within FLASK code, the rangeset hooks were already divided between
IRQs, I/O memory, and x86 IO ports; propagate this division back
through the XSM hooks and call the XSM functions directly when needed.
This removes XSM checks for the initial rangeset population for dom0
and the removal checks on domain destruction; denying either of these
actions does not make sense.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Dom0 derives machine address ranges usable for assigning PCI
device resources from the output of this sub-hypercall, Xen should
make
sure it properly reports all ranges not suitable for this (as either
reserved or unusable):
- RAM regions excluded via command line option
- memory regions used by Xen itself (LAPIC, IOAPICs)
While the latter should generally already be excluded by the BIOS
provided E820 table, this apparently isn't always the case at least
for IOAPICs, and with Linux having got changed to account for this it
seems to make sense to also do so in Xen.
Generally the HPET range should also be excluded here, but since it
isn't being reflected in Dom0's iomem_caps (and can't be, as it's a
sub-page range) I wasn't sure whether adding explicit code for doing
so would be reasonable.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The patch refactors the IO resource checks into the rangeset add/del
code. This produces a much more architecture friendly implementation and
ensures that HVM and paravirtualized guests are checked consistently.
- The patch removes the following hooks in support of the refactoring
of the IO resource checks:
- xsm_irq_permission
- xsm_iomem_permission
- xsm_ioport_permission
- The patch adds the following hooks in support of the refactoring of
the IO resource checks:
- xsm_add_range
- xsm_remove_range
- These IO refactoring changes are transparent to any pre-existing
Flask policies.
- The patch adds also adds hooks for sysctl functionality that was
added since the last major XSM patch. The following hooks were added:
- xsm_set_target
- xsm_debug_keys
- xsm_getcpuinfo
- xsm_availheap
- xsm_firmware_info
- xsm_acpi_sleep
- xsm_change_freq
- xsm_getidletime
- xsm_sendtrigger
- xsm_test_assign_device
- xsm_assign_device
- xsm_deassign_device
- xsm_bind_pt_irq
- xsm_pin_mem_cacheattr
- xsm_ext_vcpucontext
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
Retain safe_strcpy(). It can hide the third argument to strlcpy() in
most cases.
Based on patches from Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
There are various cases where no NULL-terminated strings are
guaranteed and eventual possible overflows. This patch fixes them.
From: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Tristan Gingold <tristan.gingold@bull.net>
|
|
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
| |
I/O memory and physical interrupts, under control
of domain0. Capabilities are maintained as rangesets
in Xen.
Signed-off-by: Ryan Wilson <hap9@epoch.ncsc.mil>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
| |
rather than a bitmap. arch_do_createdomain() can now
fail and the caller will clean up.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
| |
insert_range() helper function. Pretty printer uses
the internal abstractions rather than accessing the
linked list directly.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
| |
library, avoiding direct interaction with the linked-list
structure.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
for representing sets of contiguous numeric ranges. This
will be used for representing permissions lists (e.g.,
io memory, io ports, irqs).
Signed-off-by: Keir Fraser <keir@xensource.com>
|