.long SYMBOL_NAME(do_dom_mem_op)
.long SYMBOL_NAME(do_multicall)
.long SYMBOL_NAME(do_kbd_op)
+ .long SYMBOL_NAME(do_iopl)
.rept NR_syscalls-((.-hypervisor_call_table)/4)
.long SYMBOL_NAME(sys_ni_syscall)
.endr
#include <xeno/irq.h>
#include <xeno/event.h>
+#define GET_SYSCALL_REGS(_p) \
+ (((struct pt_regs *)(THREAD_SIZE + (unsigned long)(_p))) - 1)
+
asmlinkage void ret_from_newdomain(void) __asm__("ret_from_newdomain");
int hlt_counter;
unsigned long start_stack,
unsigned long start_info)
{
- struct pt_regs * regs;
-
- regs = ((struct pt_regs *) (THREAD_SIZE + (unsigned long) p)) - 1;
+ struct pt_regs *regs = GET_SYSCALL_REGS(p);
memset(regs, 0, sizeof(*regs));
/*
}
}
+
+
+long do_iopl(unsigned int new_iopl)
+{
+ struct pt_regs *regs = GET_SYSCALL_REGS(current);
+ if ( !IS_PRIV(current) ) return -EPERM;
+ regs->eflags = (regs->eflags & 0xffffcfff) | ((new_iopl&3) << 12);
+ return 0;
+}
virt_startinfo_addr->mod_start = meminfo->virt_mod_addr;
virt_startinfo_addr->mod_len = meminfo->virt_mod_len;
+ virt_startinfo_addr->dom_id = p->domain;
+ virt_startinfo_addr->flags = IS_PRIV(p) ? SIF_PRIVILEGED : 0;
+
if( virt_startinfo_addr->mod_len )
printk("Initrd module present %08lx (%08lx)\n",
virt_startinfo_addr->mod_start,
virt_startinfo_address->pt_base = virt_load_address +
((p->tot_pages - 1) << PAGE_SHIFT);
+ virt_startinfo_address->dom_id = p->domain;
+ virt_startinfo_address->flags = IS_PRIV(p) ? SIF_PRIVILEGED : 0;
+
if ( initrd_len )
{
virt_startinfo_address->mod_start = (unsigned long)dst-initrd_len;
#define __HYPERVISOR_dom_mem_op 17
#define __HYPERVISOR_multicall 18
#define __HYPERVISOR_kbd_op 19
+#define __HYPERVISOR_iopl 20
/* And the trap vector is... */
#define TRAP_INSTR "int $0x82"
unsigned long net_rings[MAX_DOMAIN_VIFS];
/* Machine address of block-device ring. Will be page aligned. */
unsigned long blk_ring;
+ unsigned int dom_id;
+ unsigned long flags;
unsigned char cmd_line[1]; /* variable-length */
} start_info_t;
+/* These flags are passed in the 'flags' field of start_info_t. */
+#define SIF_PRIVILEGED 1 /* Is thie domain privileged? */
+
/* For use in guest OSes. */
extern shared_info_t *HYPERVISOR_shared_info;
#include <xeno/block.h>
#include <xeno/segment.h>
-struct task_struct {
+/* SMH: replace below when have explicit 'priv' flag or bitmask */
+#define IS_PRIV(_p) ((_p)->domain == 0)
+struct task_struct
+{
/*
* DO NOT CHANGE THE ORDER OF THE FOLLOWING.
* Their offsets are hardcoded in entry.S
int hyp_events; /* 08: pending intra-Xen events */
unsigned int domain; /* 12: domain id */
- // SMH: replace below when have explicit 'priv' flag or bitmask
-#define IS_PRIV(_p) ((_p)->domain == 0)
-
-
/* An unsafe pointer into a shared data area. */
shared_info_t *shared_info; /* 16: shared data area */
asmlinkage int sys_ioperm(unsigned long from, unsigned long num, int turn_on)
{
- /* No IO permission! */
- return -EPERM;
+ /* No IO permission! Selective IO perms aren't virtualised yet. */
+ return -EPERM;
}
asmlinkage int sys_iopl(unsigned long unused)
{
- /* The hypervisor won't allow it! */
- return -EPERM;
+ struct pt_regs *regs = (struct pt_regs *)&unused;
+ unsigned int level = regs->ebx;
+ unsigned int old = (regs->eflags >> 12) & 3;
+
+ if ( !(start_info.flags & SIF_PRIVILEGED) )
+ return -EPERM;
+
+ if ( level > 3 )
+ return -EINVAL;
+ if ( (level > old) && !capable(CAP_SYS_RAWIO) )
+ return -EPERM;
+
+ /* Change the one on our stack for sanity's sake. */
+ regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
+
+ /* Force the change at ring 0. */
+ HYPERVISOR_iopl(level);
+
+ return 0;
}
}
if ( next->esp0 != 0 )
+ {
queue_multicall2(__HYPERVISOR_stack_switch, __KERNEL_DS, next->esp0);
+ /* Next call will silently fail if we are a non-privileged guest OS. */
+ queue_multicall1(__HYPERVISOR_iopl,
+ ((((struct pt_regs *)next->esp0)-1)->eflags>>12)&3);
+ }
/* EXECUTE ALL TASK SWITCH XEN SYSCALLS AT THIS POINT. */
execute_multicall_list();
return ret;
}
-
static inline long HYPERVISOR_kbd_op(unsigned char op, unsigned char val)
{
int ret;
return ret;
}
+static inline long HYPERVISOR_iopl(unsigned int new_iopl)
+{
+ int ret;
+ __asm__ __volatile__ (
+ TRAP_INSTR
+ : "=a" (ret) : "0" (__HYPERVISOR_iopl),
+ "b" (new_iopl) );
+
+ return ret;
+}
+
#endif /* __HYPERVISOR_H__ */
projects / xen.git / commitdiff