diff mbox

[v6,18/24] HYPERCALL_version_op: Add VERSION_build_id to retrieve build-id.

Message ID 1460000983-28170-19-git-send-email-konrad.wilk@oracle.com (mailing list archive)
State New, archived
Headers show

Commit Message

Konrad Rzeszutek Wilk April 7, 2016, 3:49 a.m. UTC 
The VERSION hypercall provides the flexibility to expose
the size of the build-id (so the callers can allocate the
proper size before trying to retrieve it). It also allows
in one nice swoop to retrieve the hypervisor build-id in the
provided buffer.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>

---
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>

v4: New patch.
v5: Rebase - s/VERSION_OP/VERSION/
v6: Add Jan's Ack [provided the version_ops replacement does not need to
    be reverted].
---
---
 tools/flask/policy/policy/modules/xen/xen.te | 1 +
 xen/common/kernel.c                          | 4 ++++
 xen/include/public/version.h                 | 3 +++
 xen/xsm/flask/hooks.c                        | 3 +++
 xen/xsm/flask/policy/access_vectors          | 2 ++
 5 files changed, 13 insertions(+)

Comments

Andrew Cooper April 8, 2016, 6:07 p.m. UTC | #1 
On 07/04/16 04:49, Konrad Rzeszutek Wilk wrote:
> The VERSION hypercall provides the flexibility to expose
> the size of the build-id (so the callers can allocate the
> proper size before trying to retrieve it). It also allows
> in one nice swoop to retrieve the hypervisor build-id in the
> provided buffer.
>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> Acked-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
diff mbox

Patch

diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index 68ef6de..9ad5953 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -81,6 +81,7 @@  allow dom0_t xen_t:version {
     xen_extraversion xen_compile_info xen_capabilities
     xen_changeset xen_pagesize xen_guest_handle xen_commandline
     extraversion capabilities changeset pagesize guest_handle commandline
+    build_id
 };
 
 allow dom0_t xen_t:mmu memorymap;
diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index af2674d..14e14ad 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -474,6 +474,10 @@  DO(version_op)(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg,
         ptr = saved_cmdline;
         break;
 
+    case XEN_VERSION_build_id:
+        rc = xen_build_id(&ptr, &sz);
+        break;
+
     default:
         rc = -ENOSYS;
     }
diff --git a/xen/include/public/version.h b/xen/include/public/version.h
index 78961c9..3f3238f 100644
--- a/xen/include/public/version.h
+++ b/xen/include/public/version.h
@@ -157,6 +157,9 @@  DEFINE_XEN_GUEST_HANDLE(xen_version_op_val_t);
 /* arg = char[]. Contains NUL terminated utf-8 string. */
 #define XEN_VERSION_commandline         9
 
+/* arg = void. Contains binary value of hypervisor build-id. */
+#define XEN_VERSION_build_id            10
+
 #endif /* __XEN_PUBLIC_VERSION_H__ */
 
 /*
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3ef0441..f3a2160 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1693,6 +1693,9 @@  static int flask_version_op (uint32_t op)
     case XEN_VERSION_commandline:
         return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
                             VERSION__COMMANDLINE, NULL);
+    case XEN_VERSION_build_id:
+        return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION,
+                            VERSION__BUILD_ID, NULL);
     default:
         return -EPERM;
     }
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 1c59b58..6e7888c 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -536,4 +536,6 @@  class version
     guest_handle
 # Xen command line.
     commandline
+# Build id of the hypervisor
+    build_id
 }