From patchwork Mon Mar 17 14:06:04 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 26372
Return-Path: <patchwork-forward+bncBCI3N6FH3YJRBMUDTSMQKGQEP5CILTI@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-qc0-f198.google.com (mail-qc0-f198.google.com
 [209.85.216.198])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 8E8CB202FA
 for <linaro@patches.linaro.org>; Mon, 17 Mar 2014 14:07:46 +0000 (UTC)
Received: by mail-qc0-f198.google.com with SMTP id r5sf13346685qcx.9
 for <linaro@patches.linaro.org>; Mon, 17 Mar 2014 07:07:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to
 :references:cc:subject:precedence:list-id:list-unsubscribe:list-post
 :list-help:list-subscribe:mime-version:sender:errors-to
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-archive:content-type:content-transfer-encoding;
 bh=dXnG4uLPOjs+/c+loqZL41srJ3wW8Y+BWu0bl+WsTDo=;
 b=fIFIwMnS/w5j+AR3yGic6t+pQ+RjfUUkQaxbJ6nNb/X+XRmt5XnRROKXC1xqZO7UDq
 ggaI3gFCaH0+8lLH98NcuBDDXsrNg/gX9aasAAws0stLcAXhpvqKAnVpVTM/H9UCRc1b
 0S66VigBFZjliN2xd73pofFkKPVBUpuEG9hbkYIUL9irNT0oYDfOXFau2n6jxK9Cofj5
 LUc4VL9SDZe67VutbkD5Ard5It4jzrbBPDWYuaN3JH3JvMPOvPa0UeXkuo1iRil8JWw3
 Cbp67IH4z8JW0uXgT3YnaAXzeAZwQ4ECRHPnzhc1GI0rqo73rsB+tpO834Sqh0YiknZH
 R0Lg==
X-Gm-Message-State: ALoCoQlq5vyNTkILST058pCRx2T3gLPHeRVpDQ5A/pul3YrkU7Ne5lnpRKJ+yiTqpv5LDN+jCGRe
X-Received: by 10.58.253.72 with SMTP id zy8mr6133582vec.10.1395065266385;
 Mon, 17 Mar 2014 07:07:46 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.46.37 with SMTP id j34ls1437088qga.73.gmail; Mon, 17 Mar
 2014 07:07:46 -0700 (PDT)
X-Received: by 10.220.131.210 with SMTP id y18mr20332616vcs.12.1395065266223; 
 Mon, 17 Mar 2014 07:07:46 -0700 (PDT)
Received: from mail-ve0-f182.google.com (mail-ve0-f182.google.com
 [209.85.128.182])
 by mx.google.com with ESMTPS id b7si2839829vev.40.2014.03.17.07.07.46
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 17 Mar 2014 07:07:46 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.128.182 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.128.182; 
Received: by mail-ve0-f182.google.com with SMTP id jw12so5657722veb.41
 for <patchwork-forward@linaro.org>;
 Mon, 17 Mar 2014 07:07:46 -0700 (PDT)
X-Received: by 10.58.90.99 with SMTP id bv3mr280241veb.34.1395065266130;
 Mon, 17 Mar 2014 07:07:46 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.78.9 with SMTP id i9csp130058vck;
 Mon, 17 Mar 2014 07:07:45 -0700 (PDT)
X-Received: by 10.229.134.198 with SMTP id k6mr27928213qct.13.1395065265561; 
 Mon, 17 Mar 2014 07:07:45 -0700 (PDT)
Received: from lists.xen.org (lists.xen.org. [50.57.142.19])
 by mx.google.com with ESMTPS id 4si8601991qat.178.2014.03.17.07.07.45
 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 17 Mar 2014 07:07:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xen.org designates 50.57.142.19 as
 permitted sender) client-ip=50.57.142.19; 
Received: from localhost ([127.0.0.1] helo=lists.xen.org)
 by lists.xen.org with esmtp (Exim 4.72)
 (envelope-from <xen-devel-bounces@lists.xen.org>)
 id 1WPYBe-0002Yi-Sl; Mon, 17 Mar 2014 14:06:42 +0000
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
 by lists.xen.org with esmtp (Exim 4.72)
 (envelope-from <julien.grall@linaro.org>) id 1WPYBc-0002UK-0D
 for xen-devel@lists.xenproject.org; Mon, 17 Mar 2014 14:06:40 +0000
Received: from [85.158.137.68:57027] by server-3.bemta-3.messagelabs.com id
 39/63-05289-F6107235; Mon, 17 Mar 2014 14:06:39 +0000
X-Env-Sender: julien.grall@linaro.org
X-Msg-Ref: server-14.tower-31.messagelabs.com!1395065197!1111652!1
X-Originating-IP: [74.125.83.41]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 6.11.1; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 25142 invoked from network); 17 Mar 2014 14:06:38 -0000
Received: from mail-ee0-f41.google.com (HELO mail-ee0-f41.google.com)
 (74.125.83.41)
 by server-14.tower-31.messagelabs.com with RC4-SHA encrypted SMTP;
 17 Mar 2014 14:06:38 -0000
Received: by mail-ee0-f41.google.com with SMTP id t10so4209639eei.0
 for <xen-devel@lists.xenproject.org>;
 Mon, 17 Mar 2014 07:06:37 -0700 (PDT)
X-Received: by 10.14.39.3 with SMTP id c3mr24028906eeb.42.1395065197826;
 Mon, 17 Mar 2014 07:06:37 -0700 (PDT)
Received: from belegaer.uk.xensource.com. ([185.25.64.249])
 by mx.google.com with ESMTPSA id
 x3sm39716538eep.17.2014.03.17.07.06.36 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 17 Mar 2014 07:06:37 -0700 (PDT)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xenproject.org
Date: Mon, 17 Mar 2014 14:06:04 +0000
Message-Id: <1395065165-15915-15-git-send-email-julien.grall@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1395065165-15915-1-git-send-email-julien.grall@linaro.org>
References: <1395065165-15915-1-git-send-email-julien.grall@linaro.org>
Cc: stefano.stabellini@citrix.com, Julien Grall <julien.grall@linaro.org>,
 tim@xen.org, ian.campbell@citrix.com
Subject: [Xen-devel] [PATCH v2 14/15] xen/xsm: Add support for device tree
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: julien.grall@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.128.182 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>

This patch adds a new module "xen,xsm-blob" to allow the user to load the XSM
policy when Xen is booting.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
    Changes in v2:
        - Use xsm_core_init function
---
 docs/misc/arm/device-tree/booting.txt |    1 +
 xen/common/device_tree.c              |    2 ++
 xen/include/xen/device_tree.h         |    3 ++-
 xen/include/xsm/xsm.h                 |   12 +++++++++++
 xen/xsm/xsm_core.c                    |   27 ++++++++++++++++++++++++
 xen/xsm/xsm_policy.c                  |   37 +++++++++++++++++++++++++++++++++
 6 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/docs/misc/arm/device-tree/booting.txt b/docs/misc/arm/device-tree/booting.txt
index 07fde27..85988fb 100644
--- a/docs/misc/arm/device-tree/booting.txt
+++ b/docs/misc/arm/device-tree/booting.txt
@@ -16,6 +16,7 @@ Each node contains the following properties:
 
 	- "linux-zimage" -- the dom0 kernel
 	- "linux-initrd" -- the dom0 ramdisk
+	- "xsm-blob"	 -- XSM policy blob
 
 - reg
 
diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
index 55716a8..91146fb 100644
--- a/xen/common/device_tree.c
+++ b/xen/common/device_tree.c
@@ -354,6 +354,8 @@ static void __init process_multiboot_node(const void *fdt, int node,
         nr = MOD_KERNEL;
     else if ( fdt_node_check_compatible(fdt, node, "xen,linux-initrd") == 0)
         nr = MOD_INITRD;
+    else if ( fdt_node_check_compatible(fdt, node, "xen,xsm-blob") == 0 )
+        nr = MOD_XSM;
     else
         early_panic("%s not a known xen multiboot type\n", name);
 
diff --git a/xen/include/xen/device_tree.h b/xen/include/xen/device_tree.h
index 9a8c3de..76faf11 100644
--- a/xen/include/xen/device_tree.h
+++ b/xen/include/xen/device_tree.h
@@ -24,7 +24,8 @@
 #define MOD_FDT    1
 #define MOD_KERNEL 2
 #define MOD_INITRD 3
-#define NR_MODULES 4
+#define MOD_XSM    4
+#define NR_MODULES 5
 
 #define MOD_DISCARD_FIRST MOD_FDT
 
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 4863e41..2cd3a3b 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -652,6 +652,11 @@ extern int xsm_multiboot_policy_init(unsigned long *module_map,
                                      void *(*bootstrap_map)(const module_t *));
 #endif
 
+#ifdef HAS_DEVICE_TREE
+extern int xsm_dt_init(void);
+extern int xsm_dt_policy_init(void);
+#endif
+
 extern int register_xsm(struct xsm_operations *ops);
 extern int unregister_xsm(struct xsm_operations *ops);
 
@@ -671,6 +676,13 @@ static inline int xsm_multiboot_init (unsigned long *module_map,
 }
 #endif
 
+#ifdef HAS_DEVICE_TREE
+static inline int xsm_dt_init(void)
+{
+    return 0;
+}
+#endif
+
 #endif /* XSM_ENABLE */
 
 #endif /* __XSM_H */
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 24b0ff4..ecf9096 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -85,6 +85,33 @@ int __init xsm_multiboot_init(unsigned long *module_map,
 }
 #endif
 
+#ifdef HAS_DEVICE_TREE
+int __init xsm_dt_init(void)
+{
+    int ret = 0;
+
+    printk("XSM Framework v" XSM_FRAMEWORK_VERSION " initialized\n");
+
+    if ( XSM_MAGIC )
+    {
+        ret = xsm_dt_policy_init();
+        if ( ret )
+        {
+            printk("%s: Error initializing policy (rc = %d).\n",
+                   __FUNCTION__, ret);
+            return -EINVAL;
+        }
+    }
+
+    ret = xsm_core_init();
+
+    if ( policy_buffer )
+        xfree(policy_buffer);
+
+    return ret;
+}
+#endif
+
 int register_xsm(struct xsm_operations *ops)
 {
     if ( verify(ops) )
diff --git a/xen/xsm/xsm_policy.c b/xen/xsm/xsm_policy.c
index 3d5f66a..a0dee09 100644
--- a/xen/xsm/xsm_policy.c
+++ b/xen/xsm/xsm_policy.c
@@ -23,6 +23,10 @@
 #include <xen/multiboot.h>
 #endif
 #include <xen/bitops.h>
+#ifdef HAS_DEVICE_TREE
+# include <asm/setup.h>
+# include <xen/device_tree.h>
+#endif
 
 char *__initdata policy_buffer = NULL;
 u32 __initdata policy_size = 0;
@@ -69,3 +73,36 @@ int __init xsm_multiboot_policy_init(unsigned long *module_map,
     return rc;
 }
 #endif
+
+#ifdef HAS_DEVICE_TREE
+int __init xsm_dt_policy_init(void)
+{
+    paddr_t paddr = early_info.modules.module[MOD_XSM].start;
+    paddr_t len = early_info.modules.module[MOD_XSM].size;
+    xsm_magic_t magic;
+
+    if ( !len )
+        return 0;
+
+    copy_from_paddr(&magic, paddr, sizeof(magic));
+
+    if ( magic != XSM_MAGIC )
+    {
+        printk(XENLOG_ERR "xsm: Invalid magic for XSM blob got 0x%x "
+               "expected 0x%x\n", magic, XSM_MAGIC);
+        return -EINVAL;
+    }
+
+    printk("xsm: Policy len = 0x%"PRIpaddr" start at 0x%"PRIpaddr"\n",
+           len, paddr);
+
+    policy_buffer = xmalloc_bytes(len);
+    if ( !policy_buffer )
+        return -ENOMEM;
+
+    copy_from_paddr(policy_buffer, paddr, len);
+    policy_size = len;
+
+    return 0;
+}
+#endif