@@ -14,7 +14,7 @@ allow dom0_t xen_t:xen {
tmem_control getscheduler setscheduler
};
allow dom0_t xen_t:xen2 {
- resource_op psr_cmt_op psr_cat_op pmu_ctrl get_symbol
+ resource_op psr_cmt_op psr_alloc_op pmu_ctrl get_symbol
get_cpu_levelling_caps get_cpu_featureset livepatch_op
gcov_op
};
@@ -39,7 +39,7 @@ allow dom0_t dom0_t:domain {
};
allow dom0_t dom0_t:domain2 {
set_cpuid gettsc settsc setscheduler set_max_evtchn set_vnumainfo
- get_vnumainfo psr_cmt_op psr_cat_op
+ get_vnumainfo psr_cmt_op psr_alloc_op
};
allow dom0_t dom0_t:resource { add remove };
@@ -52,7 +52,7 @@ define(`create_domain_common', `
settime setdomainhandle getvcpucontext set_misc_info };
allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim
set_max_evtchn set_vnumainfo get_vnumainfo cacheflush
- psr_cmt_op psr_cat_op soft_reset };
+ psr_cmt_op psr_alloc_op soft_reset };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp };
@@ -274,11 +274,11 @@ int xc_psr_cat_set_domain_data(xc_interface *xch, uint32_t domid,
return -1;
}
- domctl.cmd = XEN_DOMCTL_psr_cat_op;
+ domctl.cmd = XEN_DOMCTL_psr_alloc_op;
domctl.domain = (domid_t)domid;
- domctl.u.psr_cat_op.cmd = cmd;
- domctl.u.psr_cat_op.target = target;
- domctl.u.psr_cat_op.data = data;
+ domctl.u.psr_alloc_op.cmd = cmd;
+ domctl.u.psr_alloc_op.target = target;
+ domctl.u.psr_alloc_op.data = data;
return do_domctl(xch, &domctl);
}
@@ -310,15 +310,15 @@ int xc_psr_cat_get_domain_data(xc_interface *xch, uint32_t domid,
return -1;
}
- domctl.cmd = XEN_DOMCTL_psr_cat_op;
+ domctl.cmd = XEN_DOMCTL_psr_alloc_op;
domctl.domain = (domid_t)domid;
- domctl.u.psr_cat_op.cmd = cmd;
- domctl.u.psr_cat_op.target = target;
+ domctl.u.psr_alloc_op.cmd = cmd;
+ domctl.u.psr_alloc_op.target = target;
rc = do_domctl(xch, &domctl);
if ( !rc )
- *data = domctl.u.psr_cat_op.data;
+ *data = domctl.u.psr_alloc_op.data;
return rc;
}
@@ -329,28 +329,28 @@ int xc_psr_cat_get_info(xc_interface *xch, uint32_t socket, unsigned int lvl,
int rc = -1;
DECLARE_SYSCTL;
- sysctl.cmd = XEN_SYSCTL_psr_cat_op;
- sysctl.u.psr_cat_op.target = socket;
+ sysctl.cmd = XEN_SYSCTL_psr_alloc_op;
+ sysctl.u.psr_alloc_op.target = socket;
switch ( lvl ) {
case 2:
- sysctl.u.psr_cat_op.cmd = XEN_SYSCTL_PSR_CAT_get_l2_info;
+ sysctl.u.psr_alloc_op.cmd = XEN_SYSCTL_PSR_CAT_get_l2_info;
rc = xc_sysctl(xch, &sysctl);
if ( !rc )
{
- *cos_max = sysctl.u.psr_cat_op.u.l2_info.cos_max;
- *cbm_len = sysctl.u.psr_cat_op.u.l2_info.cbm_len;
+ *cos_max = sysctl.u.psr_alloc_op.u.l2_info.cos_max;
+ *cbm_len = sysctl.u.psr_alloc_op.u.l2_info.cbm_len;
*cdp_enabled = false;
}
break;
case 3:
- sysctl.u.psr_cat_op.cmd = XEN_SYSCTL_PSR_CAT_get_l3_info;
+ sysctl.u.psr_alloc_op.cmd = XEN_SYSCTL_PSR_CAT_get_l3_info;
rc = xc_sysctl(xch, &sysctl);
if ( !rc )
{
- *cos_max = sysctl.u.psr_cat_op.u.l3_info.cos_max;
- *cbm_len = sysctl.u.psr_cat_op.u.l3_info.cbm_len;
- *cdp_enabled = sysctl.u.psr_cat_op.u.l3_info.flags &
+ *cos_max = sysctl.u.psr_alloc_op.u.l3_info.cos_max;
+ *cbm_len = sysctl.u.psr_alloc_op.u.l3_info.cbm_len;
+ *cdp_enabled = sysctl.u.psr_alloc_op.u.l3_info.flags &
XEN_SYSCTL_PSR_CAT_L3_CDP;
}
break;
@@ -1366,57 +1366,57 @@ long arch_do_domctl(
}
break;
- case XEN_DOMCTL_psr_cat_op:
- switch ( domctl->u.psr_cat_op.cmd )
+ case XEN_DOMCTL_psr_alloc_op:
+ switch ( domctl->u.psr_alloc_op.cmd )
{
case XEN_DOMCTL_PSR_CAT_OP_SET_L3_CBM:
- ret = psr_set_val(d, domctl->u.psr_cat_op.target,
- domctl->u.psr_cat_op.data,
+ ret = psr_set_val(d, domctl->u.psr_alloc_op.target,
+ domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L3);
break;
case XEN_DOMCTL_PSR_CAT_OP_SET_L3_CODE:
- ret = psr_set_val(d, domctl->u.psr_cat_op.target,
- domctl->u.psr_cat_op.data,
+ ret = psr_set_val(d, domctl->u.psr_alloc_op.target,
+ domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L3_CODE);
break;
case XEN_DOMCTL_PSR_CAT_OP_SET_L3_DATA:
- ret = psr_set_val(d, domctl->u.psr_cat_op.target,
- domctl->u.psr_cat_op.data,
+ ret = psr_set_val(d, domctl->u.psr_alloc_op.target,
+ domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L3_DATA);
break;
case XEN_DOMCTL_PSR_CAT_OP_SET_L2_CBM:
- ret = psr_set_val(d, domctl->u.psr_cat_op.target,
- domctl->u.psr_cat_op.data,
+ ret = psr_set_val(d, domctl->u.psr_alloc_op.target,
+ domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L2);
break;
case XEN_DOMCTL_PSR_CAT_OP_GET_L3_CBM:
- ret = psr_get_val(d, domctl->u.psr_cat_op.target,
- &domctl->u.psr_cat_op.data,
+ ret = psr_get_val(d, domctl->u.psr_alloc_op.target,
+ &domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L3);
copyback = 1;
break;
case XEN_DOMCTL_PSR_CAT_OP_GET_L3_CODE:
- ret = psr_get_val(d, domctl->u.psr_cat_op.target,
- &domctl->u.psr_cat_op.data,
+ ret = psr_get_val(d, domctl->u.psr_alloc_op.target,
+ &domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L3_CODE);
copyback = 1;
break;
case XEN_DOMCTL_PSR_CAT_OP_GET_L3_DATA:
- ret = psr_get_val(d, domctl->u.psr_cat_op.target,
- &domctl->u.psr_cat_op.data,
+ ret = psr_get_val(d, domctl->u.psr_alloc_op.target,
+ &domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L3_DATA);
copyback = 1;
break;
case XEN_DOMCTL_PSR_CAT_OP_GET_L2_CBM:
- ret = psr_get_val(d, domctl->u.psr_cat_op.target,
- &domctl->u.psr_cat_op.data,
+ ret = psr_get_val(d, domctl->u.psr_alloc_op.target,
+ &domctl->u.psr_alloc_op.data,
PSR_CBM_TYPE_L2);
copyback = 1;
break;
@@ -172,20 +172,20 @@ long arch_do_sysctl(
break;
- case XEN_SYSCTL_psr_cat_op:
- switch ( sysctl->u.psr_cat_op.cmd )
+ case XEN_SYSCTL_psr_alloc_op:
+ switch ( sysctl->u.psr_alloc_op.cmd )
{
case XEN_SYSCTL_PSR_CAT_get_l3_info:
{
uint32_t dat[3];
- ret = psr_get_info(sysctl->u.psr_cat_op.target,
+ ret = psr_get_info(sysctl->u.psr_alloc_op.target,
PSR_CBM_TYPE_L3, dat, 3);
if ( !ret )
{
- sysctl->u.psr_cat_op.u.l3_info.cbm_len = dat[CBM_LEN];
- sysctl->u.psr_cat_op.u.l3_info.cos_max = dat[COS_MAX];
- sysctl->u.psr_cat_op.u.l3_info.flags = dat[CDP_FLAG];
+ sysctl->u.psr_alloc_op.u.l3_info.cbm_len = dat[CBM_LEN];
+ sysctl->u.psr_alloc_op.u.l3_info.cos_max = dat[COS_MAX];
+ sysctl->u.psr_alloc_op.u.l3_info.flags = dat[CDP_FLAG];
} else {
/*
* Check if CDP is enabled.
@@ -193,32 +193,32 @@ long arch_do_sysctl(
* Per spec, L3 CAT and CDP cannot co-exist. So, we need replace
* output values to CDP's if it is enabled.
*/
- ret = psr_get_info(sysctl->u.psr_cat_op.target,
+ ret = psr_get_info(sysctl->u.psr_alloc_op.target,
PSR_CBM_TYPE_L3_CODE, dat, 3);
if ( !ret )
{
- sysctl->u.psr_cat_op.u.l3_info.cbm_len = dat[CBM_LEN];
- sysctl->u.psr_cat_op.u.l3_info.cos_max = dat[COS_MAX];
- sysctl->u.psr_cat_op.u.l3_info.flags = dat[CDP_FLAG];
+ sysctl->u.psr_alloc_op.u.l3_info.cbm_len = dat[CBM_LEN];
+ sysctl->u.psr_alloc_op.u.l3_info.cos_max = dat[COS_MAX];
+ sysctl->u.psr_alloc_op.u.l3_info.flags = dat[CDP_FLAG];
}
}
- if ( !ret && __copy_field_to_guest(u_sysctl, sysctl, u.psr_cat_op) )
+ if ( !ret && __copy_field_to_guest(u_sysctl, sysctl, u.psr_alloc_op) )
ret = -EFAULT;
break;
}
case XEN_SYSCTL_PSR_CAT_get_l2_info:
{
uint32_t dat[2];
- ret = psr_get_info(sysctl->u.psr_cat_op.target,
+ ret = psr_get_info(sysctl->u.psr_alloc_op.target,
PSR_CBM_TYPE_L2, dat, 2);
if ( ret )
break;
- sysctl->u.psr_cat_op.u.l2_info.cbm_len = dat[CBM_LEN];
- sysctl->u.psr_cat_op.u.l2_info.cos_max = dat[COS_MAX];
+ sysctl->u.psr_alloc_op.u.l2_info.cbm_len = dat[CBM_LEN];
+ sysctl->u.psr_alloc_op.u.l2_info.cos_max = dat[COS_MAX];
- if ( !ret && __copy_field_to_guest(u_sysctl, sysctl, u.psr_cat_op) )
+ if ( !ret && __copy_field_to_guest(u_sysctl, sysctl, u.psr_alloc_op) )
ret = -EFAULT;
break;
}
@@ -1131,7 +1131,7 @@ struct xen_domctl_monitor_op {
typedef struct xen_domctl_monitor_op xen_domctl_monitor_op_t;
DEFINE_XEN_GUEST_HANDLE(xen_domctl_monitor_op_t);
-struct xen_domctl_psr_cat_op {
+struct xen_domctl_psr_alloc_op {
#define XEN_DOMCTL_PSR_CAT_OP_SET_L3_CBM 0
#define XEN_DOMCTL_PSR_CAT_OP_GET_L3_CBM 1
#define XEN_DOMCTL_PSR_CAT_OP_SET_L3_CODE 2
@@ -1140,12 +1140,12 @@ struct xen_domctl_psr_cat_op {
#define XEN_DOMCTL_PSR_CAT_OP_GET_L3_DATA 5
#define XEN_DOMCTL_PSR_CAT_OP_SET_L2_CBM 6
#define XEN_DOMCTL_PSR_CAT_OP_GET_L2_CBM 7
- uint32_t cmd; /* IN: XEN_DOMCTL_PSR_CAT_OP_* */
+ uint32_t cmd; /* IN: XEN_DOMCTL_PSR_*_OP_* */
uint32_t target; /* IN */
uint64_t data; /* IN/OUT */
};
-typedef struct xen_domctl_psr_cat_op xen_domctl_psr_cat_op_t;
-DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cat_op_t);
+typedef struct xen_domctl_psr_alloc_op xen_domctl_psr_alloc_op_t;
+DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_alloc_op_t);
struct xen_domctl {
uint32_t cmd;
@@ -1222,7 +1222,7 @@ struct xen_domctl {
#define XEN_DOMCTL_setvnumainfo 74
#define XEN_DOMCTL_psr_cmt_op 75
#define XEN_DOMCTL_monitor_op 77
-#define XEN_DOMCTL_psr_cat_op 78
+#define XEN_DOMCTL_psr_alloc_op 78
#define XEN_DOMCTL_soft_reset 79
#define XEN_DOMCTL_gdbsx_guestmemio 1000
#define XEN_DOMCTL_gdbsx_pausevcpu 1001
@@ -1285,7 +1285,7 @@ struct xen_domctl {
struct xen_domctl_vnuma vnuma;
struct xen_domctl_psr_cmt_op psr_cmt_op;
struct xen_domctl_monitor_op monitor_op;
- struct xen_domctl_psr_cat_op psr_cat_op;
+ struct xen_domctl_psr_alloc_op psr_alloc_op;
uint8_t pad[128];
} u;
};
@@ -745,8 +745,8 @@ DEFINE_XEN_GUEST_HANDLE(xen_sysctl_pcitopoinfo_t);
#define XEN_SYSCTL_PSR_CAT_get_l3_info 0
#define XEN_SYSCTL_PSR_CAT_get_l2_info 1
-struct xen_sysctl_psr_cat_op {
- uint32_t cmd; /* IN: XEN_SYSCTL_PSR_CAT_* */
+struct xen_sysctl_psr_alloc_op {
+ uint32_t cmd; /* IN: XEN_SYSCTL_PSR_* */
uint32_t target; /* IN */
union {
struct {
@@ -762,8 +762,8 @@ struct xen_sysctl_psr_cat_op {
} l2_info;
} u;
};
-typedef struct xen_sysctl_psr_cat_op xen_sysctl_psr_cat_op_t;
-DEFINE_XEN_GUEST_HANDLE(xen_sysctl_psr_cat_op_t);
+typedef struct xen_sysctl_psr_alloc_op xen_sysctl_psr_alloc_op_t;
+DEFINE_XEN_GUEST_HANDLE(xen_sysctl_psr_alloc_op_t);
#define XEN_SYSCTL_TMEM_OP_ALL_CLIENTS 0xFFFFU
@@ -1117,7 +1117,7 @@ struct xen_sysctl {
#define XEN_SYSCTL_gcov_op 20
#define XEN_SYSCTL_psr_cmt_op 21
#define XEN_SYSCTL_pcitopoinfo 22
-#define XEN_SYSCTL_psr_cat_op 23
+#define XEN_SYSCTL_psr_alloc_op 23
#define XEN_SYSCTL_tmem_op 24
#define XEN_SYSCTL_get_cpu_levelling_caps 25
#define XEN_SYSCTL_get_cpu_featureset 26
@@ -1145,7 +1145,7 @@ struct xen_sysctl {
struct xen_sysctl_scheduler_op scheduler_op;
struct xen_sysctl_gcov_op gcov_op;
struct xen_sysctl_psr_cmt_op psr_cmt_op;
- struct xen_sysctl_psr_cat_op psr_cat_op;
+ struct xen_sysctl_psr_alloc_op psr_alloc_op;
struct xen_sysctl_tmem_op tmem_op;
struct xen_sysctl_cpu_levelling_caps cpu_levelling_caps;
struct xen_sysctl_cpu_featureset cpu_featureset;
@@ -742,8 +742,8 @@ static int flask_domctl(struct domain *d, int cmd)
case XEN_DOMCTL_psr_cmt_op:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__PSR_CMT_OP);
- case XEN_DOMCTL_psr_cat_op:
- return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__PSR_CAT_OP);
+ case XEN_DOMCTL_psr_alloc_op:
+ return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__PSR_ALLOC_OP);
case XEN_DOMCTL_soft_reset:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SOFT_RESET);
@@ -806,9 +806,9 @@ static int flask_sysctl(int cmd)
case XEN_SYSCTL_psr_cmt_op:
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
XEN2__PSR_CMT_OP, NULL);
- case XEN_SYSCTL_psr_cat_op:
+ case XEN_SYSCTL_psr_alloc_op:
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
- XEN2__PSR_CAT_OP, NULL);
+ XEN2__PSR_ALLOC_OP, NULL);
case XEN_SYSCTL_tmem_op:
return domain_has_xen(current->domain, XEN__TMEM_CONTROL);
@@ -85,8 +85,8 @@ class xen2
resource_op
# XEN_SYSCTL_psr_cmt_op
psr_cmt_op
-# XEN_SYSCTL_psr_cat_op
- psr_cat_op
+# XEN_SYSCTL_psr_alloc_op
+ psr_alloc_op
# XENPF_get_symbol
get_symbol
# PMU control
@@ -244,8 +244,8 @@ class domain2
mem_paging
# XENMEM_sharing_op
mem_sharing
-# XEN_DOMCTL_psr_cat_op
- psr_cat_op
+# XEN_DOMCTL_psr_alloc_op
+ psr_alloc_op
}
# Similar to class domain, but primarily contains domctls related to HVM domains
This patch renames sysctl/domctl interfaces and related xsm policy to make them general but not only for CAT. Then, we can resuse the interfaces for all allocation features. Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com> --- tools/flask/policy/modules/dom0.te | 4 ++-- tools/flask/policy/modules/xen.if | 2 +- tools/libxc/xc_psr.c | 34 +++++++++++++++++----------------- xen/arch/x86/domctl.c | 36 ++++++++++++++++++------------------ xen/arch/x86/sysctl.c | 30 +++++++++++++++--------------- xen/include/public/domctl.h | 12 ++++++------ xen/include/public/sysctl.h | 12 ++++++------ xen/xsm/flask/hooks.c | 8 ++++---- xen/xsm/flask/policy/access_vectors | 8 ++++---- 9 files changed, 73 insertions(+), 73 deletions(-)