Xen devel - Sep 2006 - PATCH: makes acm_setup arch independant

Hi,

the acm_setup code use a multiboot descriptor to extract the policy module.
Because multiboot is not used on every platform, I slightly changed the 
interface: acm_setup now use buffer/len arguments.
The module extraction code is moved to arch/x86/setup.c

I have just tested this code on ia64.
The code compiles on x86 but I am unable to test it.

I have also fixed the alignment issue in acm_dump_policy_reference (ia64 
doesn''t like unaligned accesses).  And yes there is a memset to avoid 
garbage.


Tristan.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Tue, 2006-09-05 at 10:10 +0200, Tristan Gingold
wrote:
> Hi,
> 
> the acm_setup code use a multiboot descriptor to extract the policy module.
> Because multiboot is not used on every platform, I slightly changed the 
> interface: acm_setup now use buffer/len arguments.
> The module extraction code is moved to arch/x86/setup.c
> 
> I have just tested this code on ia64.
> The code compiles on x86 but I am unable to test it.
Hi Tristan, when you send patches like this that impact all the
architectures, could you please:
1. Include all architectures in the same patch. Do not just change x86
and omit IA64 and PowerPC. That way you won''t break the build, and all
the code can be evaluated in the same email.
2. CC xen-ppc-devel as a heads-up.

Thanks!

-- 
Hollis Blanchard
IBM Linux Technology Center


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

xen-devel-bounces@lists.xensource.com wrote on 09/05/2006 04:10:51 AM:
> Hi,
> 
> the acm_setup code use a multiboot descriptor to extract the policy 
module.
> Because multiboot is not used on every platform, I slightly changed the 
> interface: acm_setup now use buffer/len arguments.
> The module extraction code is moved to arch/x86/setup.c
> 
> I have just tested this code on ia64.
Does ''tested'' mean that it compiles on ia64 or does it
''work'' and you can
boot with an ACM policy on ia64? In the latter case I would say that 
there''s some ia64-specific code missing in the patch.

A minor issue is whether as much as possible of the ACM-specific code 
should be kept inside the acm directory and we use #ifdefs like

#if defined(__i386__)

#if defined(__x86_64__)

to compile architecture-specific functions there, or whether functions 
like the extract_acm_policy below should be surrounded by #ifdef 
ACM_SECURITY and they can stay inside the architecture-specific code. The 
assumption would be that no one boots with an ACM policy if the compile 
time option ACM_SECURITY was not set. Thoughts?

   Stefan
> The code compiles on x86 but I am unable to test it.
> 
> I have also fixed the alignment issue in acm_dump_policy_reference (ia64 
> doesn''t like unaligned accesses).  And yes there is a memset to
avoid
> garbage.
> 
> 
> Tristan.
diff -r 31e9909a7221 -r 37c90a210d71 xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c      Tue Sep 05 07:38:00 2006 +0200
+++ b/xen/arch/x86/setup.c      Tue Sep 05 07:48:49 2006 +0200
@@ -203,6 +203,55 @@ static void __init percpu_free_unused_ar
 #endif
 }
 
+/* Fecth acm policy module from multiboot modules.  */
+static void
+extract_acm_policy(multiboot_info_t *mbi,
+                   unsigned int *initrdidx,
+                   char **_policy_start, unsigned long *_policy_len)
+{
+    int i;
+    module_t *mod = (module_t *)__va(mbi->mods_addr);
+
+    if ( mbi->mods_count > 1 )
+        *initrdidx = 1;
+
+    /*
+     * Try all modules and see whichever could be the binary policy.
+     * Adjust the initrdidx if module[1] is the binary policy.
+     */
+    for ( i = mbi->mods_count-1; i >= 1; i-- )
+    {
+        unsigned long start;
+        char *policy_start;
+        unsigned long policy_len;
+
+        start = initial_images_start + 
(mod[i].mod_start-mod[0].mod_start);
+#if defined(__i386__)
+        policy_start = (char *)start;
+#elif defined(__x86_64__)
+        policy_start = __va(start);
+#endif
+        policy_len   = mod[i].mod_end - mod[i].mod_start;
+        if ( acm_is_policy(policy_start, policy_len) )
+        {
+            printf("Policy len  0x%lx, start at %p - module %d.\n",
+                   policy_len, policy_start, i);
+            *_policy_start = policy_start;
+            *_policy_len = policy_len;
+            if ( i == 1 )
+            {
+                if (mbi->mods_count > 2)
+                    *initrdidx = 2;
+                else
+                    *initrdidx = 0;
+            }
+            else
+                *initrdidx = 1;
+            break;
+        }
+    }
+}
+
 static void __init init_idle_domain(void)
 {
     struct domain *idle_domain;
@@ -225,6 +274,8 @@ void __init __start_xen(multiboot_info_t
     char __cmdline[] = "", *cmdline = __cmdline;
     unsigned long _initrd_start = 0, _initrd_len = 0;
     unsigned int initrdidx = 1;
+    char *_policy_start = NULL;
+    unsigned long _policy_len = 0;
     module_t *mod = (module_t *)__va(mbi->mods_addr);
     unsigned long nr_pages, modules_length;
     paddr_t s, e;
@@ -559,8 +610,11 @@ void __init __start_xen(multiboot_info_t
     if ( opt_watchdog ) 
         watchdog_enable();
 
+    /* Extract policy from multiboot.  */
+    extract_acm_policy(mbi, &initrdidx, &_policy_start,
&_policy_len);
+
     /* initialize access control security module */
-    acm_init(&initrdidx, mbi, initial_images_start);
+    acm_init(_policy_start, _policy_len);
 
     /* Create initial domain 0. */
     dom0 = domain_create(0);
diff -r 31e9909a7221 -r 37c90a210d71 xen/include/acm/acm_hooks.h
--- a/xen/include/acm/acm_hooks.h       Tue Sep 05 07:38:00 2006 +0200
+++ b/xen/include/acm/acm_hooks.h       Tue Sep 05 07:48:49 2006 +0200
@@ -369,9 +369,11 @@ static inline int acm_sharing(ssidref_t 
         return ACM_ACCESS_PERMITTED;
 }
 
-extern int acm_init(unsigned int *initrdidx,
-                    const multiboot_info_t *mbi,
-                    unsigned long start);
+
+extern int acm_init(char *policy_start, unsigned long policy_len);
+
+/* Return true iff buffer has an acm policy magic number.  */
+extern int acm_is_policy(char *buf, unsigned long len);
 
 #endif
 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Wed, 2006-09-06 at 15:49 -0400, Stefan Berger wrote:
> 
> A minor issue is whether as much as possible of the ACM-specific code
> should be kept inside the acm directory and we use #ifdefs like
> 
> #if defined(__i386__)
> 
> #if defined(__x86_64__)
> 
> to compile architecture-specific functions there, or whether functions like
> the extract_acm_policy below should be surrounded by #ifdef ACM_SECURITY
> and they can stay inside the architecture-specific code. The assumption
> would be that no one boots with an ACM policy if the compile time option
> ACM_SECURITY was not set. Thoughts?
I think I''d prefer adding this to xen/acm/Makefile:
	obj-$(CONFIG_POWERPC) += acm_powerpc.o
	obj-$(CONFIG_IA64) += acm_ia64.o

-- 
Hollis Blanchard
IBM Linux Technology Center


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel