[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] domctl: fix IRQ permission granting/revocation



On Fri, 2014-12-12 at 10:24 +0000, Jan Beulich wrote:
> Commit 545607eb3c ("x86: fix various issues with handling guest IRQs")
> wasn't really consistent in one respect: The granting of access to an
> IRQ shouldn't assume the pIRQ->IRQ translation to be the same in both
> domains. In fact it is wrong to assume that a translation is already/
> still in place at the time access is being granted/revoked.
> 
> What is wanted is to translate the incoming pIRQ to an IRQ for
> the invoking domain (as the pIRQ is the only notion the invoking
> domain has of the IRQ), and grant the subject domain access to
> the resulting IRQ.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

> ---
> v2: Also fix initial range check to use current->domain, adjust code
>     structure, and extend description (all requested by Ian). Along
>     the lines of the first mentioned change, also pass the Xen IRQ
>     number to the XSM hook (confirmed okay by Daniel).
> Note that I would hope for this to make unnecessary Stefano's proposed
> tools side change
> http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00160.html.
> 
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -982,18 +982,21 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
>  
>      case XEN_DOMCTL_irq_permission:
>      {
> -        unsigned int pirq = op->u.irq_permission.pirq;
> +        unsigned int pirq = op->u.irq_permission.pirq, irq;
>          int allow = op->u.irq_permission.allow_access;
>  
> -        if ( pirq >= d->nr_pirqs )
> +        if ( pirq >= current->domain->nr_pirqs )
> +        {
>              ret = -EINVAL;
> -        else if ( !pirq_access_permitted(current->domain, pirq) ||
> -                  xsm_irq_permission(XSM_HOOK, d, pirq, allow) )
> +            break;
> +        }
> +        irq = pirq_access_permitted(current->domain, pirq);
> +        if ( !irq || xsm_irq_permission(XSM_HOOK, d, irq, allow) )
>              ret = -EPERM;
>          else if ( allow )
> -            ret = pirq_permit_access(d, pirq);
> +            ret = irq_permit_access(d, irq);
>          else
> -            ret = pirq_deny_access(d, pirq);
> +            ret = irq_deny_access(d, irq);
>      }
>      break;
>  
> --- a/xen/include/xen/iocap.h
> +++ b/xen/include/xen/iocap.h
> @@ -28,22 +28,11 @@
>  #define irq_access_permitted(d, i)                      \
>      rangeset_contains_singleton((d)->irq_caps, i)
>  
> -#define pirq_permit_access(d, i) ({                     \
> -    struct domain *d__ = (d);                           \
> -    int i__ = domain_pirq_to_irq(d__, i);               \
> -    i__ > 0 ? rangeset_add_singleton(d__->irq_caps, i__)\
> -            : -EINVAL;                                  \
> -})
> -#define pirq_deny_access(d, i) ({                       \
> -    struct domain *d__ = (d);                           \
> -    int i__ = domain_pirq_to_irq(d__, i);               \
> -    i__ > 0 ? rangeset_remove_singleton(d__->irq_caps, i__)\
> -            : -EINVAL;                                  \
> -})
>  #define pirq_access_permitted(d, i) ({                  \
>      struct domain *d__ = (d);                           \
> -    rangeset_contains_singleton(d__->irq_caps,          \
> -                                domain_pirq_to_irq(d__, i));\
> +    int irq__ = domain_pirq_to_irq(d__, i);             \
> +    irq__ > 0 && irq_access_permitted(d__, irq__)       \
> +    ? irq__ : 0;                                        \
>  })
>  
>  #endif /* __XEN_IOCAP_H__ */
> 
> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.