Commit 280f6bc1 authored by Yathindra Naik's avatar Yathindra Naik

- xl can now parse capabilities from config file.

- Guest Domains now need capabilities to boot.
- cap_check is enforced.
- checkpoint for Demo.
parent 206dece6
......@@ -871,7 +871,7 @@ int libxl_domain_unpause(libxl_ctx *ctx, uint32_t domid)
#ifdef CONFIG_XENCAP
int libxl_domain_setcap(libxl_ctx *ctx, libxl_domain_cap_info *info, uint32_t domid)
int libxl_domain_setcap(libxl_ctx *ctx, libxl_capabilities *info, uint32_t domid)
{
int ret = 0;
/* TO-DO
......@@ -884,25 +884,23 @@ int libxl_domain_setcap(libxl_ctx *ctx, libxl_domain_cap_info *info, uint32_t do
int size = 0;
int list[64];
printf ("Splitting string \"%s\" into tokens:\n",info->hypercalls);
tok = strtok (info->hypercalls," ,.-");
printf ("Splitting string \"%s\" into tokens:\n",info->cap_values);
tok = strtok (info->cap_values," ,.-");
while (tok != NULL)
{
printf ("%s\n",tok);
switch(tok[0])
{
case 'f':
list[0] = 1;
break;
case 'b':
list[1] = 2;
break;
}
if ( strncmp(tok, "memory_map", 10) == 0 )
list[0] = 0;
else if ( strncmp(tok, "memory_pin_page", 15) == 0 )
list[1] = 1;
else if ( strncmp(tok, "boo", 3) == 0 )
list[2] = 2;
++size;
tok = strtok (NULL, " ,.-");
}
printf("Calling xc_cap_grant().\n");
ret = xc_cap_grant(ctx->xch,0,domid,1,list,size);
......
......@@ -477,13 +477,20 @@ typedef struct {
libxl_domain_create_info c_info;
libxl_domain_build_info b_info;
int num_disks, num_nics, num_pcidevs, num_vfbs, num_vkbs;
#ifdef CONFIG_XENCAP
int num_disks, num_nics, num_pcidevs, num_vfbs, num_vkbs, num_cap;
#else
int num_disks, num_nics, num_pcidevs, num_vfbs, num_vkbs;
#endif
libxl_device_disk *disks;
libxl_device_nic *nics;
libxl_device_pci *pcidevs;
libxl_device_vfb *vfbs;
libxl_device_vkb *vkbs;
#ifdef CONFIG_XENCAP
libxl_capabilities *cap;
#endif
libxl_action_on_shutdown on_poweroff;
libxl_action_on_shutdown on_reboot;
......@@ -539,7 +546,7 @@ int libxl_domain_remus_start(libxl_ctx *ctx, libxl_domain_remus_info *info,
LIBXL_EXTERNAL_CALLERS_ONLY;
#ifdef CONFIG_XENCAP
int libxl_domain_setcap(libxl_ctx *ctx, libxl_domain_cap_info *info,
int libxl_domain_setcap(libxl_ctx *ctx, libxl_capabilities *info,
uint32_t domid);
#endif
......
......@@ -59,6 +59,15 @@ libxl_disk_backend = Enumeration("disk_backend", [
(3, "QDISK"),
])
#ifdef CONFIG_XENCAP
libxl_cap_type = Enumeration("cap_type", [
(0, "UNKNOWN"),
(1, "HYPERCALLS"),
(2, "MEMORY"),
(3, "PCI_DEVICES"),
])
#endif
libxl_nic_type = Enumeration("nic_type", [
(1, "VIF_IOEMU"),
(2, "VIF"),
......@@ -469,6 +478,11 @@ libxl_domain_remus_info = Struct("domain_remus_info",[
])
#ifdef CONFIG_XENCAP
libxl_capabilities = Struct("capabilities", [
("cap_type",libxl_cap_type),
("cap_values", string),
])
libxl_domain_cap_info = Struct("domain_cap_info",[
("hypercalls", string),
("pci_devices", string),
......
......@@ -446,6 +446,37 @@ static void parse_disk_config(XLU_Config **config, const char *spec,
parse_disk_config_multistring(config, 1, &spec, disk);
}
#if 0
static void parse_cap_config_multistring(XLU_Config **config,
int nspecs, const char *const *specs,
libxl_capabilities *cap)
{
int e;
libxl_capabilities_init(cap);
if (!*config) {
*config = xlu_cfg_init(stderr, "command line");
if (!*config) { perror("xlu_cfg_init"); exit(-1); }
}
e = xlu_disk_parse(*config, nspecs, specs, disk);
if (e == EINVAL) exit(-1);
if (e) {
fprintf(stderr,"xlu_disk_parse failed: %s\n",strerror(errno));
exit(-1);
}
}
static void parse_cap_config(XLU_Config **config, const char *spec, libxl_capabilities *cap)
{
printf("In parse_cap_config\n");
printf("%s\n",spec);
//parse_cap_config_multistring(config, 1, &spec, cap);
}
#endif
static void parse_vif_rate(XLU_Config **config, const char *rate,
libxl_device_nic *nic)
{
......@@ -573,7 +604,7 @@ static void parse_config_data(const char *config_source,
const char *buf;
long l;
XLU_Config *config;
XLU_ConfigList *cpus, *vbds, *nics, *pcis, *cvfbs, *cpuids;
XLU_ConfigList *cpus, *vbds, *nics, *pcis, *cvfbs, *cpuids;
XLU_ConfigList *ioports, *irqs;
int num_ioports, num_irqs;
int pci_power_mgmt = 0;
......@@ -1021,6 +1052,24 @@ static void parse_config_data(const char *config_source,
}
}
#ifdef CONFIG_XENCAP
if (!xlu_cfg_get_string (config, "cap_hypercalls", &buf, 0)) {
printf("In parse_config_data: read cap_hypercalls\n");
d_config->num_cap = 0;
d_config->cap = (libxl_capabilities *) realloc(d_config->cap, sizeof (libxl_capabilities));
d_config->cap->cap_type = LIBXL_CAP_TYPE_HYPERCALLS;
d_config->cap->cap_values = strdup(buf);
}
#if 0
while ((buf = xlu_cfg_get_listitem (cap, d_config->num_cap)) != NULL) {
d_config->num_cap++;
}
}
#endif
#endif
if (!xlu_cfg_get_list (config, "vif", &nics, 0, 0)) {
d_config->num_nics = 0;
d_config->nics = NULL;
......@@ -1948,6 +1997,13 @@ start:
if (!paused)
libxl_domain_unpause(ctx, domid);
#ifdef CONFIG_XENCAP
libxl_capabilities *cap = d_config.cap;
ret = libxl_domain_setcap(ctx, cap, domid);
if ( ret != 0 )
printf("libxl_domain_setcap failed!\n");
#endif
ret = domid; /* caller gets success in parent */
if (!daemonize && !monitor)
goto out;
......@@ -6818,7 +6874,7 @@ int main_setcap(int argc, char **argv)
domid = find_domain(argv[optind]);
printf("Domid : %d\n",domid);
printf("Calling libxl_domain_setcap()\n");
ret = libxl_domain_setcap(ctx, &c_info, domid);
//ret = libxl_domain_setcap(ctx, &c_info, domid);
return ret;
}
......
......@@ -631,7 +631,7 @@ void arch_domain_destroy(struct domain *d)
iommu_domain_destroy(d);
printk("After iommu_domain_destroy()\n");
paging_final_teardown(d);
printk("After paging_final_teardown()\n");
printk("After ()\n");
for ( i = 0; i < PDPT_L2_ENTRIES; ++i )
{
if ( perdomain_pt_page(d, i) )
......
......@@ -114,6 +114,7 @@ long arch_do_domctl(
page = mfn_to_page(mfn);
printk("Invoking xsm_getpageframeinfo()\n");
ret = xsm_getpageframeinfo(d);
if ( ret )
{
......@@ -376,6 +377,7 @@ long arch_do_domctl(
ret = -EINVAL;
if ( d != NULL )
{
printk("Invoking xsm_getmemlist()\n");
ret = xsm_getmemlist(d);
if ( ret )
{
......@@ -426,6 +428,7 @@ long arch_do_domctl(
if ( unlikely(d == NULL) )
break;
printk("Invoking xsm_hypercall_init()\n");
ret = xsm_hypercall_init(d);
if ( ret )
{
......@@ -465,6 +468,7 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
printk("Invoking xsm_hvmcontext()\n");
ret = xsm_hvmcontext(d, domctl->cmd);
if ( ret )
goto sethvmcontext_out;
......@@ -585,6 +589,7 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
printk("Invoking xsm_address_size()\n");
ret = xsm_address_size(d, domctl->cmd);
if ( ret )
{
......@@ -643,6 +648,7 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
printk("Invoking xsm_machine_address_size()\n");
ret = xsm_machine_address_size(d, domctl->cmd);
if ( ret )
goto set_machine_address_size_out;
......@@ -695,6 +701,7 @@ long arch_do_domctl(
if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
break;
printk("Invoking xsm_sendtrigger()\n");
ret = xsm_sendtrigger(d);
if ( ret )
goto sendtrigger_out;
......
......@@ -576,6 +576,7 @@ __gnttab_map_grant_ref(
return;
}
printk("Invoking xsm_grant_mapref()\n");
rc = xsm_grant_mapref(ld, rd, op->flags);
if ( rc )
{
......@@ -896,6 +897,7 @@ __gnttab_unmap_common(
return;
}
printk("Invoking xsm_grant_unmapref()\n");
rc = xsm_grant_unmapref(ld, rd);
if ( rc )
{
......@@ -2289,6 +2291,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDLE(gnttab_get_status_frames_t) uop,
op.status = PTR_ERR(d);
goto out1;
}
printk("Invoking xsm_grant_setup()\n");
rc = xsm_grant_setup(current->domain, d);
if ( rc ) {
op.status = GNTST_permission_denied;
......
......@@ -209,6 +209,7 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl)
case XEN_SYSCTL_availheap:
{
printk("Invoking xsm_availheap()\n");
ret = xsm_availheap();
if ( ret )
break;
......@@ -334,6 +335,7 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl)
case XEN_SYSCTL_scheduler_op:
{
printk("Invoking xsm_sched_op()\n");
ret = xsm_sched_op();
if ( ret )
break;
......
......@@ -182,8 +182,11 @@ int cap_check(struct domain *d, int type, struct capability *cap)
int i;
int ret = 0;
printk("In cap_check()\n");
if ( d->domain_id != 0 )
{
printk("In cap_check()\n");
printk("Checking Capability: Domain %d, Cap_id: 0x%x\n",d->domain_id, cap->magic);
}
switch(type)
{
case 1:
......@@ -196,7 +199,6 @@ int cap_check(struct domain *d, int type, struct capability *cap)
break;
}
TT_DBG("Checking Capability: Domain %d, Cap_id: 0x%x",d->domain_id, cap->magic);
return ret; /* Not found */
}
......
......@@ -579,6 +579,7 @@ int iommu_do_domctl(
break;
case XEN_DOMCTL_test_assign_device:
printk("Invoking xsm_assign_device()\n");
ret = xsm_test_assign_device(domctl->u.assign_device.machine_sbdf);
if ( ret )
break;
......
......@@ -78,6 +78,87 @@ static int cap_domain_create(struct domain *d, u32 ssidref)
}
#if 0
/* Note: In do_console_io (xen/drivers/char/console.c)
* return val of 1 from here indicates failure.
*/
static int cap_console_io (struct domain *d, int cmd)
{
int ret = 0;
struct capability *cap;
/* domain d is asking for console IO.
* Check if d has capabilities for
* console access
*/
printk("In cap_console_io()\n");
cap = &(CAP_BOOT_INFO->cap_hypercalls[1]);
if ( (ret = cap_check(d, 1, cap)) == 1 )
{
printk("cap_check success\nLeaving cap_console_io()\n");
return 0;
}
else
{
printk("cap_check failed!\nLeaving cap_console_io()\n");
return 1;
}
return ret;
}
#endif
static int cap_domain_memory_map(struct domain *d)
{
int ret = 0;
struct capability *cap;
printk("In cap_domain_memory_map()\n");
cap = &(CAP_BOOT_INFO->cap_hypercalls[0]);
if ( (ret = cap_check(d, 1, cap)) == 1 )
{
printk("cap_check success\nLeaving cap_domain_memory_map()\n");
return 0;
}
else
{
printk("cap_check failed!\ncap_domain_memory_map()\n");
return 1;
}
return ret;
}
static int cap_memory_pin_page(struct domain *d1, struct domain *d2, struct page_info *page)
{
int ret = 0;
struct capability *cap;
if ( d1->domain_id != 0 )
printk("In cap_memory_pin_page()\n");
cap = &(CAP_BOOT_INFO->cap_hypercalls[1]);
if ( (ret = cap_check(d1, 1, cap)) == 1 )
{
if ( d1->domain_id != 0 )
printk("cap_check success\nLeaving cap_memory_pin_page()\n");
return 0;
}
else
{
if ( d1->domain_id != 0 )
printk("cap_check failed!\ncap_memory_pin_page()\n");
return 1;
}
return ret;
}
#if 0
static void cap_security_domaininfo(struct domain *d,
......@@ -683,6 +764,8 @@ static int cap_ioport_permission (struct domain *d, uint32_t s, uint32_t e, uint
static struct xsm_operations cap_ops = {
.domain_create = cap_domain_create,
.domain_memory_map = cap_domain_memory_map,
.memory_pin_page = cap_memory_pin_page,
#if 0
.security_domaininfo = cap_security_domaininfo,
.setvcpucontext = cap_setvcpucontext,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment