From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: Re: [RFC 13/14] xen/xsm: Add support for device tree Date: Thu, 13 Mar 2014 10:47:07 -0400 Message-ID: <5321C4EB.1070309@tycho.nsa.gov> References: <1394640969-25583-1-git-send-email-julien.grall@linaro.org> <1394640969-25583-14-git-send-email-julien.grall@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WO6vG-0007WA-Ga for xen-devel@lists.xenproject.org; Thu, 13 Mar 2014 14:47:50 +0000 In-Reply-To: <1394640969-25583-14-git-send-email-julien.grall@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Julien Grall , xen-devel@lists.xenproject.org Cc: stefano.stabellini@citrix.com, tim@xen.org, ian.campbell@citrix.com List-Id: xen-devel@lists.xenproject.org On 03/12/2014 12:16 PM, Julien Grall wrote: > This patch adds a new module "xen,xsm-blob" to allow the user to load the XSM > policy when Xen is booting. > > Signed-off-by: Julien Grall > Cc: Daniel De Graaf Acked-by: Daniel De Graaf > --- > docs/misc/arm/device-tree/booting.txt | 1 + > xen/common/device_tree.c | 2 ++ > xen/include/xen/device_tree.h | 3 ++- > xen/include/xsm/xsm.h | 12 +++++++++++ > xen/xsm/xsm_core.c | 37 +++++++++++++++++++++++++++++++++ > xen/xsm/xsm_policy.c | 37 +++++++++++++++++++++++++++++++++ > 6 files changed, 91 insertions(+), 1 deletion(-) > > diff --git a/docs/misc/arm/device-tree/booting.txt b/docs/misc/arm/device-tree/booting.txt > index 07fde27..85988fb 100644 > --- a/docs/misc/arm/device-tree/booting.txt > +++ b/docs/misc/arm/device-tree/booting.txt > @@ -16,6 +16,7 @@ Each node contains the following properties: > > - "linux-zimage" -- the dom0 kernel > - "linux-initrd" -- the dom0 ramdisk > + - "xsm-blob" -- XSM policy blob > > - reg > > diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c > index 55716a8..91146fb 100644 > --- a/xen/common/device_tree.c > +++ b/xen/common/device_tree.c > @@ -354,6 +354,8 @@ static void __init process_multiboot_node(const void *fdt, int node, > nr = MOD_KERNEL; > else if ( fdt_node_check_compatible(fdt, node, "xen,linux-initrd") == 0) > nr = MOD_INITRD; > + else if ( fdt_node_check_compatible(fdt, node, "xen,xsm-blob") == 0 ) > + nr = MOD_XSM; > else > early_panic("%s not a known xen multiboot type\n", name); > > diff --git a/xen/include/xen/device_tree.h b/xen/include/xen/device_tree.h > index 9a8c3de..76faf11 100644 > --- a/xen/include/xen/device_tree.h > +++ b/xen/include/xen/device_tree.h > @@ -24,7 +24,8 @@ > #define MOD_FDT 1 > #define MOD_KERNEL 2 > #define MOD_INITRD 3 > -#define NR_MODULES 4 > +#define MOD_XSM 4 > +#define NR_MODULES 5 > > #define MOD_DISCARD_FIRST MOD_FDT > > diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h > index 4863e41..2cd3a3b 100644 > --- a/xen/include/xsm/xsm.h > +++ b/xen/include/xsm/xsm.h > @@ -652,6 +652,11 @@ extern int xsm_multiboot_policy_init(unsigned long *module_map, > void *(*bootstrap_map)(const module_t *)); > #endif > > +#ifdef HAS_DEVICE_TREE > +extern int xsm_dt_init(void); > +extern int xsm_dt_policy_init(void); > +#endif > + > extern int register_xsm(struct xsm_operations *ops); > extern int unregister_xsm(struct xsm_operations *ops); > > @@ -671,6 +676,13 @@ static inline int xsm_multiboot_init (unsigned long *module_map, > } > #endif > > +#ifdef HAS_DEVICE_TREE > +static inline int xsm_dt_init(void) > +{ > + return 0; > +} > +#endif > + > #endif /* XSM_ENABLE */ > > #endif /* __XSM_H */ > diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c > index 11a9ca7..755a5dd 100644 > --- a/xen/xsm/xsm_core.c > +++ b/xen/xsm/xsm_core.c > @@ -79,6 +79,43 @@ int __init xsm_multiboot_init(unsigned long *module_map, > } > #endif > > +#ifdef HAS_DEVICE_TREE > +int __init xsm_dt_init(void) > +{ > + int ret = 0; > + > + printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n"); > + > + if ( XSM_MAGIC ) > + { > + ret = xsm_dt_policy_init(); > + if ( ret ) > + { > + printk("%s: Error initializing policy (rc = %d).\n", > + __FUNCTION__, ret); > + return -EINVAL; > + } > + } > + > + if ( verify(&dummy_xsm_ops) ) > + { > + printk("%s could not verify dummy_xsm_ops structure.\n", > + __FUNCTION__); > + ret = -EIO; > + goto err; > + } > + > + xsm_ops = &dummy_xsm_ops; > + do_xsm_initcalls(); > + > +err: > + if ( policy_buffer ) > + xfree(policy_buffer); > + > + return ret; > +} > +#endif > + > int register_xsm(struct xsm_operations *ops) > { > if ( verify(ops) ) > diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c > index 3d5f66a..a0dee09 100644 > --- a/xen/xsm/xsm_policy.c > +++ b/xen/xsm/xsm_policy.c > @@ -23,6 +23,10 @@ > #include > #endif > #include > +#ifdef HAS_DEVICE_TREE > +# include > +# include > +#endif > > char *__initdata policy_buffer = NULL; > u32 __initdata policy_size = 0; > @@ -69,3 +73,36 @@ int __init xsm_multiboot_policy_init(unsigned long *module_map, > return rc; > } > #endif > + > +#ifdef HAS_DEVICE_TREE > +int __init xsm_dt_policy_init(void) > +{ > + paddr_t paddr = early_info.modules.module[MOD_XSM].start; > + paddr_t len = early_info.modules.module[MOD_XSM].size; > + xsm_magic_t magic; > + > + if ( !len ) > + return 0; > + > + copy_from_paddr(&magic, paddr, sizeof(magic)); > + > + if ( magic != XSM_MAGIC ) > + { > + printk(XENLOG_ERR "xsm: Invalid magic for XSM blob got 0x%x " > + "expected 0x%x\n", magic, XSM_MAGIC); > + return -EINVAL; > + } > + > + printk("xsm: Policy len = 0x%"PRIpaddr" start at 0x%"PRIpaddr"\n", > + len, paddr); > + > + policy_buffer = xmalloc_bytes(len); > + if ( !policy_buffer ) > + return -ENOMEM; > + > + copy_from_paddr(policy_buffer, paddr, len); > + policy_size = len; > + > + return 0; > +} > +#endif > -- Daniel De Graaf National Security Agency