[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] tools/libxenforeignmemory: add a call to restrict the handle

Commit 8ef5f344d061 "tools/libxendevicemodel: add a call to restrict the
handle" added a function to the devicemodel interface to restrict
operations through the API to a specific domain, where a capable under-
lying privcmd driver exists.

This patch adds similar functionality to the xenforeignmemory API. This
will be necessary (as much as xendevicemodel restriction) for limiting
the scope of device models to specific domains.

NOTE: My patch to the linux kernel [1] added the appropriate checks to
      the foreign memory ioctls.

[1] 
https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240

Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
---
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libs/foreignmemory/core.c                     |  6 ++++++
 tools/libs/foreignmemory/freebsd.c                  |  7 +++++++
 tools/libs/foreignmemory/include/xenforeignmemory.h | 11 +++++++++++
 tools/libs/foreignmemory/libxenforeignmemory.map    |  1 +
 tools/libs/foreignmemory/linux.c                    |  6 ++++++
 tools/libs/foreignmemory/minios.c                   |  7 +++++++
 tools/libs/foreignmemory/netbsd.c                   |  7 +++++++
 tools/libs/foreignmemory/private.h                  |  3 +++
 tools/libs/foreignmemory/solaris.c                  |  7 +++++++
 9 files changed, 55 insertions(+)

diff --git a/tools/libs/foreignmemory/core.c b/tools/libs/foreignmemory/core.c
index a872b95..0ebd429 100644
--- a/tools/libs/foreignmemory/core.c
+++ b/tools/libs/foreignmemory/core.c
@@ -106,6 +106,12 @@ int xenforeignmemory_unmap(xenforeignmemory_handle *fmem,
     return osdep_xenforeignmemory_unmap(fmem, addr, num);
 }
 
+int xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                              domid_t domid)
+{
+    return osdep_xenforeignmemory_restrict(fmem, domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/foreignmemory/freebsd.c 
b/tools/libs/foreignmemory/freebsd.c
index ef08b6c..f6cd08c 100644
--- a/tools/libs/foreignmemory/freebsd.c
+++ b/tools/libs/foreignmemory/freebsd.c
@@ -96,6 +96,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle 
*fmem,
     return munmap(addr, num << PAGE_SHIFT);
 }
 
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                                    domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/foreignmemory/include/xenforeignmemory.h 
b/tools/libs/foreignmemory/include/xenforeignmemory.h
index 92b9277..d5be648 100644
--- a/tools/libs/foreignmemory/include/xenforeignmemory.h
+++ b/tools/libs/foreignmemory/include/xenforeignmemory.h
@@ -115,6 +115,17 @@ void *xenforeignmemory_map(xenforeignmemory_handle *fmem, 
uint32_t dom,
 int xenforeignmemory_unmap(xenforeignmemory_handle *fmem,
                            void *addr, size_t pages);
 
+/**
+ * This function restricts the use of this handle to the specified
+ * domain.
+ *
+ * @parm fmem handle to the open foreignmemory interface
+ * @parm domid the domain id
+ * @return 0 on success, -1 on failure.
+ */
+int xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                              domid_t domid);
+
 #endif
 
 /*
diff --git a/tools/libs/foreignmemory/libxenforeignmemory.map 
b/tools/libs/foreignmemory/libxenforeignmemory.map
index df206b3..5c9806c 100644
--- a/tools/libs/foreignmemory/libxenforeignmemory.map
+++ b/tools/libs/foreignmemory/libxenforeignmemory.map
@@ -4,5 +4,6 @@ VERS_1.0 {
                xenforeignmemory_close;
                xenforeignmemory_map;
                xenforeignmemory_unmap;
+               xenforeignmemory_restrict;
        local: *; /* Do not expose anything by default */
 };
diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c
index 423c744..320bb21 100644
--- a/tools/libs/foreignmemory/linux.c
+++ b/tools/libs/foreignmemory/linux.c
@@ -272,6 +272,12 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle 
*fmem,
     return munmap(addr, num << PAGE_SHIFT);
 }
 
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                                    domid_t domid)
+{
+    return ioctl(fmem->fd, IOCTL_PRIVCMD_RESTRICT, &domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/foreignmemory/minios.c 
b/tools/libs/foreignmemory/minios.c
index 6dc97bd..2dd4910 100644
--- a/tools/libs/foreignmemory/minios.c
+++ b/tools/libs/foreignmemory/minios.c
@@ -58,6 +58,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle 
*fmem,
     return munmap(addr, num << PAGE_SHIFT);
 }
 
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                                    domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/foreignmemory/netbsd.c 
b/tools/libs/foreignmemory/netbsd.c
index 08f4964..af3a1a4 100644
--- a/tools/libs/foreignmemory/netbsd.c
+++ b/tools/libs/foreignmemory/netbsd.c
@@ -100,6 +100,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle 
*fmem,
     return munmap(addr, num*XC_PAGE_SIZE);
 }
 
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                                    domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/foreignmemory/private.h 
b/tools/libs/foreignmemory/private.h
index 9cc7814..ed7ec7a 100644
--- a/tools/libs/foreignmemory/private.h
+++ b/tools/libs/foreignmemory/private.h
@@ -32,6 +32,9 @@ void *osdep_xenforeignmemory_map(xenforeignmemory_handle 
*fmem,
 int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem,
                                  void *addr, size_t num);
 
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                                    domid_t domid);
+
 #if defined(__NetBSD__) || defined(__sun__)
 /* Strictly compat for those two only only */
 void *compat_mapforeign_batch(xenforeignmem_handle *fmem, uint32_t dom,
diff --git a/tools/libs/foreignmemory/solaris.c 
b/tools/libs/foreignmemory/solaris.c
index e925a29..fe7bb45 100644
--- a/tools/libs/foreignmemory/solaris.c
+++ b/tools/libs/foreignmemory/solaris.c
@@ -98,6 +98,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle 
*fmem,
     return munmap(addr, num*XC_PAGE_SIZE);
 }
 
+int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem,
+                                    domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.