|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v8.1 22/27] XENVER_build_id/libxc: Provide ld-embedded build-id
If the hypervisor was built with build-ids we can expose the
build-id value to the toolstack (if it is not built with
it will just return -ENODATA). This is a priviligied operation
so only the controlling stack is able to request this.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
---
CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
CC: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
v1: Rebase it on Martin's initial patch
v2: Move it to XENVER hypercall
v3: Don't use the third argument for length.
- Use new structure for XENVER_build_id with variable buf.
v8: Resurrected from v3!
---
---
tools/flask/policy/policy/modules/xen/xen.te | 1 +
tools/libxc/xc_private.c | 7 ++++++
tools/libxc/xc_private.h | 11 +++++++++
xen/common/kernel.c | 36 ++++++++++++++++++++++++++++
xen/include/public/version.h | 18 +++++++++++++-
xen/xsm/flask/hooks.c | 3 +++
xen/xsm/flask/policy/access_vectors | 2 ++
7 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/tools/flask/policy/policy/modules/xen/xen.te
b/tools/flask/policy/policy/modules/xen/xen.te
index daa1315..bef33b0 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -82,6 +82,7 @@ allow dom0_t xen_t:xen2 {
allow dom0_t xen_t:version {
xen_extraversion xen_compile_info xen_capabilities
xen_changeset xen_pagesize xen_guest_handle xen_commandline
+ xen_build_id
};
allow dom0_t xen_t:mmu memorymap;
diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
index c41e433..d57c39a 100644
--- a/tools/libxc/xc_private.c
+++ b/tools/libxc/xc_private.c
@@ -495,6 +495,13 @@ int xc_version(xc_interface *xch, int cmd, void *arg)
case XENVER_commandline:
sz = sizeof(xen_commandline_t);
break;
+ case XENVER_build_id:
+ {
+ xen_build_id_t *build_id = (xen_build_id_t *)arg;
+ sz = sizeof(*build_id) + build_id->len;
+ HYPERCALL_BOUNCE_SET_DIR(arg, XC_HYPERCALL_BUFFER_BOUNCE_BOTH);
+ break;
+ }
default:
ERROR("xc_version: unknown command %d\n", cmd);
return -EINVAL;
diff --git a/tools/libxc/xc_private.h b/tools/libxc/xc_private.h
index aa8daf1..75b761c 100644
--- a/tools/libxc/xc_private.h
+++ b/tools/libxc/xc_private.h
@@ -197,6 +197,17 @@ enum {
#define HYPERCALL_BOUNCE_SET_SIZE(_buf, _sz) do { (HYPERCALL_BUFFER(_buf))->sz
= _sz; } while (0)
/*
+ * Change the direction.
+ *
+ * Can only be used if the bounce_pre/bounce_post commands have
+ * not been used.
+ */
+#define HYPERCALL_BOUNCE_SET_DIR(_buf, _dir) do { if
((HYPERCALL_BUFFER(_buf))->hbuf) \
+ assert(1);
\
+
(HYPERCALL_BUFFER(_buf))->dir = _dir; \
+ } while (0)
+
+/*
* Initialise and free hypercall safe memory. Takes care of any required
* copying.
*/
diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index a4a3c36..f912257 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -376,6 +376,42 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
return -EFAULT;
return 0;
}
+
+ case XENVER_build_id:
+ {
+ xen_build_id_t build_id;
+ unsigned int sz = 0;
+ int rc = 0;
+ const void *p = NULL;
+
+ if ( deny )
+ return -EPERM;
+
+ /* Only return size. */
+ if ( !guest_handle_is_null(arg) )
+ {
+ if ( copy_from_guest(&build_id, arg, 1) )
+ return -EFAULT;
+
+ if ( build_id.len == 0 )
+ return -EINVAL;
+ }
+
+ rc = xen_build_id(&p, &sz);
+ if ( rc )
+ return rc;
+
+ if ( guest_handle_is_null(arg) )
+ return sz;
+
+ if ( sz > build_id.len )
+ return -ENOBUFS;
+
+ if ( copy_to_guest_offset(arg, offsetof(xen_build_id_t, buf), p, sz) )
+ return -EFAULT;
+
+ return sz;
+ }
}
return -ENOSYS;
diff --git a/xen/include/public/version.h b/xen/include/public/version.h
index 24a582f..cb84565 100644
--- a/xen/include/public/version.h
+++ b/xen/include/public/version.h
@@ -30,7 +30,8 @@
#include "xen.h"
-/* NB. All ops return zero on success, except XENVER_{version,pagesize} */
+/* NB. All ops return zero on success, except XENVER_{version,pagesize}
+ * XENVER_{version,pagesize,build_id} */
/* arg == NULL; returns major:minor (16:16). */
#define XENVER_version 0
@@ -87,6 +88,21 @@ typedef struct xen_feature_info xen_feature_info_t;
#define XENVER_commandline 9
typedef char xen_commandline_t[1024];
+/*
+ * Return value is the number of bytes written, or XEN_Exx on error.
+ * Calling with empty parameter returns the size of build_id.
+ */
+#define XENVER_build_id 10
+struct xen_build_id {
+ uint32_t len; /* IN: size of buf[]. */
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
+ unsigned char buf[];
+#elif defined(__GNUC__)
+ unsigned char buf[1]; /* OUT: Variable length buffer with build_id.
*/
+#endif
+};
+typedef struct xen_build_id xen_build_id_t;
+
#endif /* __XEN_PUBLIC_VERSION_H__ */
/*
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index c2df48f..7477dbe 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1663,6 +1663,9 @@ static int flask_xen_version (uint32_t op)
case XENVER_commandline:
return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
VERSION__XEN_COMMANDLINE, NULL);
+ case XENVER_build_id:
+ return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+ VERSION__XEN_BUILD_ID, NULL);
default:
return -EPERM;
}
diff --git a/xen/xsm/flask/policy/access_vectors
b/xen/xsm/flask/policy/access_vectors
index e9ab149..4d1b548 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -525,4 +525,6 @@ class version
xen_guest_handle
# Xen command line.
xen_commandline
+# Xen build id
+ xen_build_id
}
--
2.5.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |