similar to: [PATCH] xsm deassign hook fix

Hi, When Ubuntu12.04 64bit domU boot up, Intel VGA-passthrough doesn''t work. I used the command "xm create" to boot up Dom-U. Windows7-64bit-SP1 works quite well with same configuration. Boot log is as follows. Dom-U dmesg: [ 1.421858] initcall rfcomm_init+0x0/0xf1 [rfcomm] returned 0 after 2192 usecs [ 1.423021] calling i915_init+0x0/0x8d [i915] @ 387 [ 1.423023]

These two patches were originally part of the XSM series that I have posted, and remain prerequisites for that series. However, they are independent of the XSM changes and are a useful simplification regardless of the use of XSM. The Acked-bys on these patches were provided before rebasing them over the copyback changes in 26268:1b72138bddda, which had minor conflicts that I resolved. [PATCH

For assigned devices, use common code to enable msi-x. We need a special "assigned" option as assigned devices lack a standard way to get vector usage. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- hw/device-assignment.c | 329 ++++++++++++------------------------------------ hw/device-assignment.h | 7 +- hw/msix.c | 9 ++- hw/pci.h

For assigned devices, use common code to enable msi-x. We need a special "assigned" option as assigned devices lack a standard way to get vector usage. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- hw/device-assignment.c | 329 ++++++++++++------------------------------------ hw/device-assignment.h | 7 +- hw/msix.c | 9 ++- hw/pci.h

For assigned devices, use common code to enable msi-x. Add "hack" option as assigned devices lack a standard way to get vector usage. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- hw/device-assignment.c | 336 ++++++++++++------------------------------------ hw/device-assignment.h | 8 +- hw/msix.c | 11 ++- hw/pci.h | 4 + 4 files

For assigned devices, use common code to enable msi-x. Add "hack" option as assigned devices lack a standard way to get vector usage. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- hw/device-assignment.c | 336 ++++++++++++------------------------------------ hw/device-assignment.h | 8 +- hw/msix.c | 11 ++- hw/pci.h | 4 + 4 files

- The patch does away with the autogenerated xsm.py file and introduces a config parameter in xend-config.sxp to determine the security module. The parameter is (xsm_module_name {acm, dummy, flask}). The default setting/option is dummy. .hgignore is also updated to stop ignoring xsm.py on commits. - The patch has created an xsconstant for XS_POLICY_FLASK and updated the toolchain to check the

While compiling XEN with XSM_ENABLE=y and FLASK_ENABLE=y, I received the following error. gcc -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-builtin -fno-common -Wredundant-decls -iwithprefix include -Werror -Wno-pointer-arith -pipe

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

This patch implements the Flask tools for the xen control plane (xm & xend). The patch also refactors the ACM toolchain so that a common security API (based on the existing ACM toolchain) is exported to xm and xend. To create a domain with the Flask module, add the following (for example) to a domain''s configuration file access_control =

hi all, just now i installed xenserver -6.0.2 in my machine. i have seen some Xen Security Modules (XSM) in xen hypervisor. i want to know any XSM things in Xenserver. If it is how i can test those things.? Suggest me some ideas. Regards, cooldharma06. :) _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users

Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06.

This patch adds the missing presence checks for the pm_op and get_pmstat hooks in xsm_fixup_ops. Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)

Alan Coopersmith (4): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Print which option was in error along with usage message xsm 1.0.4 Emil Velikov (1): autogen.sh: use quoted string variables Gaetan Nadon (1): Remove obsolete Imake SIGNALRETURNSINT Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1):

Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread:

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2

The FLASK security checks for resource ranges were not implemented correctly - only the permissions on the endpoints of a range were checked, instead of all items contained in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. This also corrects a bug where adding overlapping resource ranges did not trigger an error.

Hi, all, The attached patches try to improve the current FLR logic. The idea is: removing the FLR logic from hypervisor and adding the improved logic in Control Panel. The current FLR logic in hypervisor has some issues: 1) Dstate transition is not guaranteed to properly clear the device state; 2) the current code for PCIe FLR is actually buggy: PCI_EXP_DEVSTA_TRPND doesn''t mean the