Iterate through the unclaimed struct boot_module to see if any are an XSM FLASK
policy. If one is located, mark it as an xsm policy.
Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
xen/arch/x86/include/asm/bootinfo.h | 1 +
xen/arch/x86/setup.c | 2 +-
xen/include/xsm/xsm.h | 11 +++++++----
xen/xsm/xsm_core.c | 13 +++++++++++--
xen/xsm/xsm_policy.c | 15 ++++++++-------
5 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/xen/arch/x86/include/asm/bootinfo.h b/xen/arch/x86/include/asm/bootinfo.h
index 1cef48457c66..1a325f66b3ba 100644
--- a/xen/arch/x86/include/asm/bootinfo.h
+++ b/xen/arch/x86/include/asm/bootinfo.h
@@ -18,6 +18,7 @@ enum bootmod_type {
BOOTMOD_KERNEL,
BOOTMOD_RAMDISK,
BOOTMOD_MICROCODE,
+ BOOTMOD_XSM_POLICY,
};
struct boot_module {
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 6495ab393576..28b39d23f644 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1878,7 +1878,7 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p)
mmio_ro_ranges = rangeset_new(NULL, "r/o mmio ranges",
RANGESETF_prettyprint_hex);
- xsm_multiboot_init(module_map, mbi);
+ xsm_multiboot_init(module_map, boot_info);
/*
* IOMMU-related ACPI table parsing may require some of the system domains
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 627c0d2731af..9e511ef8878c 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -17,7 +17,10 @@
#include <xen/alternative-call.h>
#include <xen/sched.h>
-#include <xen/multiboot.h>
+
+#ifdef CONFIG_MULTIBOOT
+#include <asm/bootinfo.h>
+#endif
/* policy magic number (defined by XSM_MAGIC) */
typedef uint32_t xsm_magic_t;
@@ -779,9 +782,9 @@ static inline int xsm_argo_send(const struct domain *d, const struct domain *t)
#ifdef CONFIG_MULTIBOOT
int xsm_multiboot_init(
- unsigned long *module_map, const multiboot_info_t *mbi);
+ unsigned long *module_map, const struct boot_info *bi);
int xsm_multiboot_policy_init(
- unsigned long *module_map, const multiboot_info_t *mbi,
+ unsigned long *module_map, const struct boot_info *bi,
void **policy_buffer, size_t *policy_size);
#endif
@@ -829,7 +832,7 @@ static const inline struct xsm_ops *silo_init(void)
#ifdef CONFIG_MULTIBOOT
static inline int xsm_multiboot_init (
- unsigned long *module_map, const multiboot_info_t *mbi)
+ unsigned long *module_map, const struct boot_info *bi)
{
return 0;
}
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index eaa028109bde..9f87ec4f6754 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -21,6 +21,7 @@
#ifdef CONFIG_XSM
#ifdef CONFIG_MULTIBOOT
+#include <asm/bootinfo.h>
#include <asm/setup.h>
#endif
@@ -140,7 +141,7 @@ static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
#ifdef CONFIG_MULTIBOOT
int __init xsm_multiboot_init(
- unsigned long *module_map, const multiboot_info_t *mbi)
+ unsigned long *module_map, const struct boot_info *bi)
{
int ret = 0;
void *policy_buffer = NULL;
@@ -150,7 +151,7 @@ int __init xsm_multiboot_init(
if ( XSM_MAGIC )
{
- ret = xsm_multiboot_policy_init(module_map, mbi, &policy_buffer,
+ ret = xsm_multiboot_policy_init(module_map, bi, &policy_buffer,
&policy_size);
if ( ret )
{
@@ -161,6 +162,14 @@ int __init xsm_multiboot_init(
}
ret = xsm_core_init(policy_buffer, policy_size);
+ if ( ret == 0 )
+ {
+ int idx = first_boot_module_index(bi, BOOTMOD_XSM_POLICY);
+
+ /* If the policy was loaded from a boot module, mark it consumed */
+ if ( idx >= 0 )
+ bi->mods[idx].flags |= BOOTMOD_FLAG_X86_CONSUMED;
+ }
bootstrap_map(NULL);
return 0;
diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c
index 8dafbc93810f..e4c94afd108d 100644
--- a/xen/xsm/xsm_policy.c
+++ b/xen/xsm/xsm_policy.c
@@ -21,6 +21,7 @@
#include <xsm/xsm.h>
#ifdef CONFIG_MULTIBOOT
#include <xen/multiboot.h>
+#include <asm/bootinfo.h>
#include <asm/setup.h>
#endif
#include <xen/bitops.h>
@@ -31,11 +32,10 @@
#ifdef CONFIG_MULTIBOOT
int __init xsm_multiboot_policy_init(
- unsigned long *module_map, const multiboot_info_t *mbi,
+ unsigned long *module_map, const struct boot_info *bi,
void **policy_buffer, size_t *policy_size)
{
int i;
- module_t *mod = (module_t *)__va(mbi->mods_addr);
int rc = 0;
u32 *_policy_start;
unsigned long _policy_len;
@@ -44,13 +44,13 @@ int __init xsm_multiboot_policy_init(
* Try all modules and see whichever could be the binary policy.
* Adjust module_map for the module that is the binary policy.
*/
- for ( i = mbi->mods_count-1; i >= 1; i-- )
+ for ( i = bi->nr_mods-1; i >= 1; i-- )
{
- if ( !test_bit(i, module_map) )
+ if ( bi->mods[i].type != BOOTMOD_UNKNOWN )
continue;
- _policy_start = bootstrap_map(mod + i);
- _policy_len = mod[i].mod_end;
+ _policy_start = bootstrap_map_bm(&bi->mods[i]);
+ _policy_len = bi->mods[i].size;
if ( (xsm_magic_t)(*_policy_start) == XSM_MAGIC )
{
@@ -61,11 +61,12 @@ int __init xsm_multiboot_policy_init(
_policy_len,_policy_start);
__clear_bit(i, module_map);
+ bi->mods[i].type = BOOTMOD_XSM_POLICY;
break;
}
- bootstrap_map(NULL);
+ bootstrap_map_bm(NULL);
}
return rc;
--
2.30.2