search for: is_priv

...iwara-sxa@necst.nec.co.jp> diff -r b9721b2766c1 xen/arch/x86/irq.c --- a/xen/arch/x86/irq.c Wed Jan 07 11:25:00 2009 +0000 +++ b/xen/arch/x86/irq.c Thu Jan 08 18:58:36 2009 +0900 @@ -857,7 +857,7 @@ int map_domain_pirq( if ( type == MAP_PIRQ_TYPE_MSI ) return -EINVAL; - if ( !IS_PRIV(current->domain) ) + if ( !IS_PRIV_FOR(current->domain, d) ) return -EPERM; if ( pirq < 0 || pirq >= NR_IRQS || vector < 0 || vector >= NR_VECTORS ) @@ -931,7 +931,7 @@ int unmap_domain_pirq(struct domain *d, if ( (pirq < 0) || (pirq >= NR_IRQS) )...

These two patches were originally part of the XSM series that I have posted, and remain prerequisites for that series. However, they are independent of the XSM changes and are a useful simplification regardless of the use of XSM. The Acked-bys on these patches were provided before rebasing them over the copyback changes in 26268:1b72138bddda, which had minor conflicts that I resolved. [PATCH

These two patches provide the neccessary infrastructure changes for the processor-passthru driver [www.spinics.net/lists/linux-acpi/msg34655.html] to properly function. The first one is quite easy - we just modprobe the processor-passthru driver. The second allows it to work under AMD machines by exposing the PM RDMSR to dom0. It has been tested with 2.6.32 kernel as well to make sure it does

...interrupt (see the original c/s 22182:68cc3c514a0a description for options). Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -869,7 +869,7 @@ get_page_from_l1e( return -EINVAL; } - if ( !(l1f & _PAGE_RW) || IS_PRIV(pg_owner) || + if ( !(l1f & _PAGE_RW) || !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) return 0; dprintk(XENLOG_G_WARNING, _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xens...

...stfs.pc diff --git a/generator/c.ml b/generator/c.ml index f0df5ea..4497c48 100644 --- a/generator/c.ml +++ b/generator/c.ml @@ -39,7 +39,13 @@ let is_public { visibility = v } = match v with | VPublic | VPublicNoFish | VStateTest | VDebug -> true | VBindTest | VInternal -> false -let is_private f = not (is_public f) +let is_private { visibility = v } = match v with + | VBindTest -> true + | VPublic | VPublicNoFish | VStateTest | VDebug | VInternal -> false + +let is_internal { visibility = v } = match v with + | VInternal -> true + | VPublic | VPublicNoFish | VStateTest |...

Move the generate_all_structs and generate_all_headers functions, previously internal within the implementation of generate_guestfs_h, to be usable by other functions in the same "C" module (but not public). Only code motion. --- generator/c.ml | 163 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 82 insertions(+), 81 deletions(-) diff --git a/generator/c.ml

...anged, 18 insertions(+), 5 deletions(-) diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 41c0ea84fbf..6bffdf9a4fd 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -39,6 +39,22 @@ static bool security_list(struct dentry *dentry) return !IS_PRIVATE(d_inode(dentry)); } +static int +reiserfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, + void *fs_info) +{ + struct reiserfs_security_handle *sec = fs_info; + + sec->value = kmemdup(xattr_array->value, xattr_array->value_len, + GFP_KERNEL); + if (!sec-...

...t); drop_dom_ref = (dec_count && !d->tot_pages); spin_unlock(&d->page_alloc_lock); @@ -685,6 +685,37 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) break; } + case XENMEM_claim_pages: + if ( !(IS_PRIV(current->domain)) ) + return -EPERM; + + if ( copy_from_guest(&reservation, arg, 1) ) + return -EFAULT; + + if ( !(guest_handle_is_null(reservation.extent_start)) ) + return -EINVAL; + + if ( reservation.extent_order != 0 ) + r...

...ude <asm/mtrr.h> #include "cpu/mtrr/mtrr.h" @@ -55,6 +55,7 @@ static long cpu_frequency_change_helper( ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) u_xenpf_op) { ret_t ret = 0; + struct vcpu *v; struct xen_platform_op curop, *op = &curop; if ( !IS_PRIV(current->domain) ) @@ -312,7 +313,6 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe { uint32_t cpu; uint64_t idletime, now = NOW(); - struct vcpu *v; struct xenctl_cpumap ctlmap; cpumask_t cpumap; XEN_GUEST_HANDLE(uint8) cpumap_bitmap; @@ -482...

...his working, or on where I could get better diagnostics ? I''m guessing this is caused by this code in arch/x86/platform_hypercall.c : ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) u_xenpf_op) { ret_t ret = 0; struct xen_platform_op curop, *op = &curop; if ( !IS_PRIV(current->domain) ) return -EPERM; So how do I make the IS_PRIV macro return non-zero for my domain_0 , ie. set d->is_privileged / make my domain0 into a "privileged" domain ? What is meant by "privileged" in this context ? There seems to be no documentation on th...

...in int ret = 0; int old_vector, old_pirq; struct msi_info msi; - - if ( d == NULL ) - return -EINVAL; - - ASSERT(spin_is_locked(&d->arch.irq_lock)); + irq_desc_t *desc; + unsigned long flags; + + ASSERT(spin_is_locked(&d->evtchn_lock)); if ( !IS_PRIV(current->domain) ) return -EPERM; @@ -88,8 +81,7 @@ static int map_domain_pirq(struct domain { dprintk(XENLOG_G_ERR, "dom%d: pirq %d or vector %d already mapped\n", d->domain_id, pirq, vector); - ret = -EINVAL; - goto done; +...

...aps.c =================================================================== --- 2007-01-16.orig/xen/arch/x86/traps.c 2007-01-15 09:10:11.000000000 +0100 +++ 2007-01-16/xen/arch/x86/traps.c 2007-02-01 17:25:28.000000000 +0100 @@ -597,6 +597,11 @@ static int emulate_forced_invalid_op(str if ( !IS_PRIV(current->domain) ) clear_bit(X86_FEATURE_MTRR, &d); } + else if ( regs->eax == 0x80000001 ) + { + /* Modify Feature Information. */ + clear_bit(X86_FEATURE_RDTSCP % 32, &d); + } else { (void)cpuid_hypervisor_leaves(regs->e...

...-1661,10 +1661,7 @@ int map_domain_pirq( struct pirq *info; struct irq_desc *desc; unsigned long flags; - struct msi_desc *msi_desc; - struct pci_dev *pdev = NULL; - ASSERT(spin_is_locked(&pcidevs_lock)); ASSERT(spin_is_locked(&d->event_lock)); if ( !IS_PRIV(current->domain) && @@ -1707,6 +1704,10 @@ int map_domain_pirq( if ( type == MAP_PIRQ_TYPE_MSI ) { struct msi_info *msi = (struct msi_info *)data; + struct msi_desc *msi_desc; + struct pci_dev *pdev; + + ASSERT(spin_is_locked(&pcidevs_lock));...

...@@ -1132,17 +1132,6 @@ int security_inode_init_security_anon(struct inode *inode, context_inode); } -int security_old_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, const char **name, - void **value, size_t *len) -{ - if (unlikely(IS_PRIVATE(inode))) - return -EOPNOTSUPP; - return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, - qstr, name, value, len); -} -EXPORT_SYMBOL(security_old_inode_init_security); - #ifdef CONFIG_SECURITY_PATH int security_path_mknod(const struct path *dir, struct dentry *dentry, umode...

...@@ -1655,17 +1655,6 @@ int security_inode_init_security_anon(struct inode *inode, context_inode); } -int security_old_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, const char **name, - void **value, size_t *len) -{ - if (unlikely(IS_PRIVATE(inode))) - return -EOPNOTSUPP; - return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, - qstr, name, value, len); -} -EXPORT_SYMBOL(security_old_inode_init_security); - #ifdef CONFIG_SECURITY_PATH /** * security_path_mknod() - Check if creating a special file is allowed...

...ml) --username , -u specify username, taken from config otherwise --password , -p specify password, taken from config otherwise --cookie_jar , -C specify cookie storage file (default /home/ahoward/.rubyforge/cookie.dat) add_release : --is_private , -P if true, release is not public --release_date , -r specify time of release (default ''now'') --type_id , -t specify filetype code (default determined by ext) --processor_id , -o specify processor (default '...

...et; > > > > + struct security_hook_list *P; > > > > + struct xattr *new_xattrs; > > > > + struct xattr *xattr; > > > > + int ret = -EOPNOTSUPP, num_filled_xattrs = 0; > > > > > > > > if (unlikely(IS_PRIVATE(inode))) > > > > return 0; > > > > > > > > + if (!blob_sizes.lbs_xattr) > > > > + return 0; > > > > + > > > > if (!initxattrs) > > > > return call_int_h...

...struct security_hook_list *P; > > > > > + struct xattr *new_xattrs; > > > > > + struct xattr *xattr; > > > > > + int ret = -EOPNOTSUPP, num_filled_xattrs = 0; > > > > > > > > > > if (unlikely(IS_PRIVATE(inode))) > > > > > return 0; > > > > > > > > > > + if (!blob_sizes.lbs_xattr) > > > > > + return 0; > > > > > + > > > > > if (!initxattrs) > > > > &g...

...; > > > - int ret; > > > + struct security_hook_list *P; > > > + struct xattr *new_xattrs; > > > + struct xattr *xattr; > > > + int ret = -EOPNOTSUPP, num_filled_xattrs = 0; > > > > > > if (unlikely(IS_PRIVATE(inode))) > > > return 0; > > > > > > + if (!blob_sizes.lbs_xattr) > > > + return 0; > > > + > > > if (!initxattrs) > > > return call_int_hook(inode_init_security, -EOPNOTSUP...

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one