diff --git a/sys/arch/xen/include/xen3-public/acm.h b/sys/arch/xen/include/xen3-public/acm.h deleted file mode 100644 index 3db340a00d52..000000000000 --- a/sys/arch/xen/include/xen3-public/acm.h +++ /dev/null @@ -1,198 +0,0 @@ -/**************************************************************** - * acm.h - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer - * - * Contributors: - * Stefan Berger - * added network byte order support for binary policies - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * sHype general access control module header file. - * here are all definitions that are shared between - * xen-core, guest-kernels, and applications. - * - * todo: move from static policy choice to compile option. - */ - -#ifndef _XEN_PUBLIC_ACM_H -#define _XEN_PUBLIC_ACM_H - -#include "xen.h" -#include "sched_ctl.h" - -/* if ACM_DEBUG defined, all hooks should - * print a short trace message (comment it out - * when not in testing mode ) - */ -/* #define ACM_DEBUG */ - -#ifdef ACM_DEBUG -# define printkd(fmt, args...) printk(fmt,## args) -#else -# define printkd(fmt, args...) -#endif - -/* default ssid reference value if not supplied */ -#define ACM_DEFAULT_SSID 0x0 -#define ACM_DEFAULT_LOCAL_SSID 0x0 - -/* Internal ACM ERROR types */ -#define ACM_OK 0 -#define ACM_UNDEF -1 -#define ACM_INIT_SSID_ERROR -2 -#define ACM_INIT_SOID_ERROR -3 -#define ACM_ERROR -4 - -/* External ACCESS DECISIONS */ -#define ACM_ACCESS_PERMITTED 0 -#define ACM_ACCESS_DENIED -111 -#define ACM_NULL_POINTER_ERROR -200 - -/* primary policy in lower 4 bits */ -#define ACM_NULL_POLICY 0 -#define ACM_CHINESE_WALL_POLICY 1 -#define ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY 2 -#define ACM_POLICY_UNDEFINED 15 - -/* combinations have secondary policy component in higher 4bit */ -#define ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY \ - ((ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY << 4) | ACM_CHINESE_WALL_POLICY) - -/* policy: */ -#define ACM_POLICY_NAME(X) \ - ((X) == (ACM_NULL_POLICY)) ? "NULL policy" : \ - ((X) == (ACM_CHINESE_WALL_POLICY)) ? "CHINESE WALL policy" : \ - ((X) == (ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "SIMPLE TYPE ENFORCEMENT policy" : \ - ((X) == (ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY)) ? "CHINESE WALL AND SIMPLE TYPE ENFORCEMENT policy" : \ - "UNDEFINED policy" - -/* the following policy versions must be increased - * whenever the interpretation of the related - * policy's data structure changes - */ -#define ACM_POLICY_VERSION 1 -#define ACM_CHWALL_VERSION 1 -#define ACM_STE_VERSION 1 - -/* defines a ssid reference used by xen */ -typedef uint32_t ssidref_t; - -/* hooks that are known to domains */ -enum acm_hook_type {NONE=0, SHARING}; - -/* -------security policy relevant type definitions-------- */ - -/* type identifier; compares to "equal" or "not equal" */ -typedef uint16_t domaintype_t; - -/* CHINESE WALL POLICY DATA STRUCTURES - * - * current accumulated conflict type set: - * When a domain is started and has a type that is in - * a conflict set, the conflicting types are incremented in - * the aggregate set. When a domain is destroyed, the - * conflicting types to its type are decremented. - * If a domain has multiple types, this procedure works over - * all those types. - * - * conflict_aggregate_set[i] holds the number of - * running domains that have a conflict with type i. - * - * running_types[i] holds the number of running domains - * that include type i in their ssidref-referenced type set - * - * conflict_sets[i][j] is "0" if type j has no conflict - * with type i and is "1" otherwise. - */ -/* high-16 = version, low-16 = check magic */ -#define ACM_MAGIC 0x0001debc - -/* each offset in bytes from start of the struct they - * are part of */ - -/* each buffer consists of all policy information for - * the respective policy given in the policy code - * - * acm_policy_buffer, acm_chwall_policy_buffer, - * and acm_ste_policy_buffer need to stay 32-bit aligned - * because we create binary policies also with external - * tools that assume packed representations (e.g. the java tool) - */ -struct acm_policy_buffer { - uint32_t policy_version; /* ACM_POLICY_VERSION */ - uint32_t magic; - uint32_t len; - uint32_t primary_policy_code; - uint32_t primary_buffer_offset; - uint32_t secondary_policy_code; - uint32_t secondary_buffer_offset; -}; - -struct acm_chwall_policy_buffer { - uint32_t policy_version; /* ACM_CHWALL_VERSION */ - uint32_t policy_code; - uint32_t chwall_max_types; - uint32_t chwall_max_ssidrefs; - uint32_t chwall_max_conflictsets; - uint32_t chwall_ssid_offset; - uint32_t chwall_conflict_sets_offset; - uint32_t chwall_running_types_offset; - uint32_t chwall_conflict_aggregate_offset; -}; - -struct acm_ste_policy_buffer { - uint32_t policy_version; /* ACM_STE_VERSION */ - uint32_t policy_code; - uint32_t ste_max_types; - uint32_t ste_max_ssidrefs; - uint32_t ste_ssid_offset; -}; - -struct acm_stats_buffer { - uint32_t magic; - uint32_t len; - uint32_t primary_policy_code; - uint32_t primary_stats_offset; - uint32_t secondary_policy_code; - uint32_t secondary_stats_offset; -}; - -struct acm_ste_stats_buffer { - uint32_t ec_eval_count; - uint32_t gt_eval_count; - uint32_t ec_denied_count; - uint32_t gt_denied_count; - uint32_t ec_cachehit_count; - uint32_t gt_cachehit_count; -}; - -struct acm_ssid_buffer { - uint32_t len; - ssidref_t ssidref; - uint32_t primary_policy_code; - uint32_t primary_max_types; - uint32_t primary_types_offset; - uint32_t secondary_policy_code; - uint32_t secondary_max_types; - uint32_t secondary_types_offset; -}; - -#endif - -/* - * Local variables: - * mode: C - * c-set-style: "BSD" - * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/sys/arch/xen/include/xen3-public/acm_ops.h b/sys/arch/xen/include/xen3-public/acm_ops.h deleted file mode 100644 index d6ff4f877114..000000000000 --- a/sys/arch/xen/include/xen3-public/acm_ops.h +++ /dev/null @@ -1,107 +0,0 @@ -/****************************************************************************** - * acm_ops.h - * - * Copyright (C) 2005 IBM Corporation - * - * Author: - * Reiner Sailer - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation, version 2 of the - * License. - * - * Process acm policy command requests from guest OS. - * access checked by policy; not restricted to DOM0 - * - */ - -#ifndef __XEN_PUBLIC_ACM_OPS_H__ -#define __XEN_PUBLIC_ACM_OPS_H__ - -#include "xen.h" -#include "sched_ctl.h" - -/* - * Make sure you increment the interface version whenever you modify this file! - * This makes sure that old versions of acm tools will stop working in a - * well-defined way (rather than crashing the machine, for instance). - */ -#define ACM_INTERFACE_VERSION 0xAAAA0005 - -/************************************************************************/ - -#define ACM_SETPOLICY 4 -struct acm_setpolicy { - /* OUT variables */ - void *pushcache; - uint32_t pushcache_size; -}; - - -#define ACM_GETPOLICY 5 -struct acm_getpolicy { - /* OUT variables */ - void *pullcache; - uint32_t pullcache_size; -}; - - -#define ACM_DUMPSTATS 6 -struct acm_dumpstats { - void *pullcache; - uint32_t pullcache_size; -}; - - -#define ACM_GETSSID 7 -enum get_type {UNSET=0, SSIDREF, DOMAINID}; -struct acm_getssid { - enum get_type get_ssid_by; - union { - domaintype_t domainid; - ssidref_t ssidref; - } id; - void *ssidbuf; - uint32_t ssidbuf_size; -}; - -#define ACM_GETDECISION 8 -struct acm_getdecision { - enum get_type get_decision_by1; /* in */ - enum get_type get_decision_by2; - union { - domaintype_t domainid; - ssidref_t ssidref; - } id1; - union { - domaintype_t domainid; - ssidref_t ssidref; - } id2; - enum acm_hook_type hook; - int acm_decision; /* out */ -}; - -struct acm_op { - uint32_t cmd; - uint32_t interface_version; /* ACM_INTERFACE_VERSION */ - union { - struct acm_setpolicy setpolicy; - struct acm_getpolicy getpolicy; - struct acm_dumpstats dumpstats; - struct acm_getssid getssid; - struct acm_getdecision getdecision; - } u; -}; - -#endif /* __XEN_PUBLIC_ACM_OPS_H__ */ - -/* - * Local variables: - * mode: C - * c-set-style: "BSD" - * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/sys/arch/xen/include/xen3-public/io/ioreq.h b/sys/arch/xen/include/xen3-public/io/ioreq.h deleted file mode 100644 index 9b462f242fcf..000000000000 --- a/sys/arch/xen/include/xen3-public/io/ioreq.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * ioreq.h: I/O request definitions for device models - * Copyright (c) 2004, Intel Corporation. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms and conditions of the GNU General Public License, - * version 2, as published by the Free Software Foundation. - * - * This program is distributed in the hope it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307 USA. - * - */ - -#ifndef _IOREQ_H_ -#define _IOREQ_H_ - -#define IOREQ_READ 1 -#define IOREQ_WRITE 0 - -#define STATE_INVALID 0 -#define STATE_IOREQ_READY 1 -#define STATE_IOREQ_INPROCESS 2 -#define STATE_IORESP_READY 3 -#define STATE_IORESP_HOOK 4 - -#define IOREQ_TYPE_PIO 0 /* pio */ -#define IOREQ_TYPE_COPY 1 /* mmio ops */ -#define IOREQ_TYPE_AND 2 -#define IOREQ_TYPE_OR 3 -#define IOREQ_TYPE_XOR 4 - -/* - * VMExit dispatcher should cooperate with instruction decoder to - * prepare this structure and notify service OS and DM by sending - * virq - */ -typedef struct { - uint64_t addr; /* physical address */ - uint64_t size; /* size in bytes */ - uint64_t count; /* for rep prefixes */ - union { - uint64_t data; /* data */ - void *pdata; /* pointer to data */ - } u; - uint8_t state:4; - uint8_t pdata_valid:1; /* if 1, use pdata above */ - uint8_t dir:1; /* 1=read, 0=write */ - uint8_t df:1; - uint8_t type; /* I/O type */ -} ioreq_t; - -#define MAX_VECTOR 256 -#define BITS_PER_BYTE 8 -#define INTR_LEN (MAX_VECTOR/(BITS_PER_BYTE * sizeof(uint64_t))) -#define INTR_LEN_32 (MAX_VECTOR/(BITS_PER_BYTE * sizeof(uint32_t))) - -typedef struct { - uint16_t pic_elcr; - uint16_t pic_irr; - uint16_t pic_last_irr; - uint16_t pic_clear_irr; - int eport; /* Event channel port */ -} global_iodata_t; - -typedef struct { - ioreq_t vp_ioreq; - unsigned long vp_intr[INTR_LEN]; -} vcpu_iodata_t; - -typedef struct { - global_iodata_t sp_global; - vcpu_iodata_t vcpu_iodata[1]; -} shared_iopage_t; - -#endif /* _IOREQ_H_ */ - -/* - * Local variables: - * mode: C - * c-set-style: "BSD" - * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: nil - * End: - */ diff --git a/sys/arch/xen/include/xen3-public/vmx_assist.h b/sys/arch/xen/include/xen3-public/vmx_assist.h deleted file mode 100644 index 22664656a4fb..000000000000 --- a/sys/arch/xen/include/xen3-public/vmx_assist.h +++ /dev/null @@ -1,110 +0,0 @@ -/* - * vmx_assist.h: Context definitions for the VMXASSIST world switch. - * - * Leendert van Doorn, leendert@watson.ibm.com - * Copyright (c) 2005, International Business Machines Corporation. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms and conditions of the GNU General Public License, - * version 2, as published by the Free Software Foundation. - * - * This program is distributed in the hope it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307 USA. - * - */ -#ifndef _VMX_ASSIST_H_ -#define _VMX_ASSIST_H_ - -#define VMXASSIST_BASE 0xD0000 -#define VMXASSIST_MAGIC 0x17101966 -#define VMXASSIST_MAGIC_OFFSET (VMXASSIST_BASE+8) - -#define VMXASSIST_NEW_CONTEXT (VMXASSIST_BASE + 12) -#define VMXASSIST_OLD_CONTEXT (VMXASSIST_NEW_CONTEXT + 4) - -#ifndef __ASSEMBLY__ - -union vmcs_arbytes { - struct arbyte_fields { - unsigned int seg_type : 4, - s : 1, - dpl : 2, - p : 1, - reserved0 : 4, - avl : 1, - reserved1 : 1, - default_ops_size: 1, - g : 1, - null_bit : 1, - reserved2 : 15; - } fields; - unsigned int bytes; -}; - -/* - * World switch state - */ -typedef struct vmx_assist_context { - uint32_t eip; /* execution pointer */ - uint32_t esp; /* stack pointer */ - uint32_t eflags; /* flags register */ - uint32_t cr0; - uint32_t cr3; /* page table directory */ - uint32_t cr4; - uint32_t idtr_limit; /* idt */ - uint32_t idtr_base; - uint32_t gdtr_limit; /* gdt */ - uint32_t gdtr_base; - uint32_t cs_sel; /* cs selector */ - uint32_t cs_limit; - uint32_t cs_base; - union vmcs_arbytes cs_arbytes; - uint32_t ds_sel; /* ds selector */ - uint32_t ds_limit; - uint32_t ds_base; - union vmcs_arbytes ds_arbytes; - uint32_t es_sel; /* es selector */ - uint32_t es_limit; - uint32_t es_base; - union vmcs_arbytes es_arbytes; - uint32_t ss_sel; /* ss selector */ - uint32_t ss_limit; - uint32_t ss_base; - union vmcs_arbytes ss_arbytes; - uint32_t fs_sel; /* fs selector */ - uint32_t fs_limit; - uint32_t fs_base; - union vmcs_arbytes fs_arbytes; - uint32_t gs_sel; /* gs selector */ - uint32_t gs_limit; - uint32_t gs_base; - union vmcs_arbytes gs_arbytes; - uint32_t tr_sel; /* task selector */ - uint32_t tr_limit; - uint32_t tr_base; - union vmcs_arbytes tr_arbytes; - uint32_t ldtr_sel; /* ldtr selector */ - uint32_t ldtr_limit; - uint32_t ldtr_base; - union vmcs_arbytes ldtr_arbytes; -} vmx_assist_context_t; - -#endif /* __ASSEMBLY__ */ - -#endif /* _VMX_ASSIST_H_ */ - -/* - * Local variables: - * mode: C - * c-set-style: "BSD" - * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: nil - * End: - */