Cui, Dexuan
2009-Oct-15 15:39 UTC
[Xen-devel] RE: [Xen-changelog] [xen-unstable] Add build option to allow more hypercalls from stubdoms
Hi, the changeset prevents the domain destroy actually.
e.g., in the non-stubdomain case, the following code would get many references
to the op->domain, so the domain can''t be destroyed throughly.
+ switch ( op->cmd )
+ {
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq:
+ case XEN_DOMCTL_assign_device:
+ case XEN_DOMCTL_deassign_device: {
+ struct domain *d = get_domain_by_id(op->domain);
Thanks,
-- Dexuan
-----Original Message-----
From: xen-changelog-bounces@lists.xensource.com
[mailto:xen-changelog-bounces@lists.xensource.com] On Behalf Of Xen
patchbot-unstable
Sent: 2009?10?14? 16:15
To: xen-changelog@lists.xensource.com
Subject: [Xen-changelog] [xen-unstable] Add build option to allow more
hypercalls from stubdoms
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1255506898 -3600
# Node ID 6100b7a34705e40ae23a0e081f2bce1b6ed342f5
# Parent b3c9f5f9532a0dba89204c37d7fb85144e2ad973
Add build option to allow more hypercalls from stubdoms
Stubdoms need to be able to make all the passthrough related
hypercalls on behalf of the guest (for now).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
---
xen/Rules.mk | 7 +++++++
xen/arch/x86/irq.c | 2 +-
xen/arch/x86/physdev.c | 19 ++++++++++---------
xen/common/domctl.c | 28 +++++++++++++++++++++++++---
xen/include/xen/config.h | 6 ++++++
5 files changed, 49 insertions(+), 13 deletions(-)
diff -r b3c9f5f9532a -r 6100b7a34705 xen/Rules.mk
--- a/xen/Rules.mk Wed Oct 14 08:33:11 2009 +0100
+++ b/xen/Rules.mk Wed Oct 14 08:54:58 2009 +0100
@@ -8,6 +8,9 @@ perfc_arrays ?= n
perfc_arrays ?= n
crash_debug ?= n
frame_pointer ?= n
+
+# Allow some delicate passthrough related hypercalls to be made from a stubdom
+privileged_stubdoms ?= y
XEN_ROOT=$(BASEDIR)/..
include $(XEN_ROOT)/Config.mk
@@ -56,6 +59,10 @@ endif
endif
ifneq ($(max_phys_irqs),)
CFLAGS-y += -DMAX_PHYS_IRQS=$(max_phys_irqs)
+endif
+
+ifeq ($(privileged_stubdoms),y)
+CFLAGS += -DPRIVILEGED_STUBDOMS
endif
AFLAGS-y += -D__ASSEMBLY__
diff -r b3c9f5f9532a -r 6100b7a34705 xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c Wed Oct 14 08:33:11 2009 +0100
+++ b/xen/arch/x86/irq.c Wed Oct 14 08:54:58 2009 +0100
@@ -1340,7 +1340,7 @@ int map_domain_pirq(
ASSERT(spin_is_locked(&pcidevs_lock));
ASSERT(spin_is_locked(&d->event_lock));
- if ( !IS_PRIV(current->domain) )
+ if ( !STUBDOM_IS_PRIV_FOR(current->domain, d) )
return -EPERM;
if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >=
nr_irqs )
diff -r b3c9f5f9532a -r 6100b7a34705 xen/arch/x86/physdev.c
--- a/xen/arch/x86/physdev.c Wed Oct 14 08:33:11 2009 +0100
+++ b/xen/arch/x86/physdev.c Wed Oct 14 08:54:58 2009 +0100
@@ -34,9 +34,6 @@ static int physdev_map_pirq(struct physd
struct msi_info _msi;
void *map_data = NULL;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( !map )
return -EINVAL;
@@ -46,8 +43,11 @@ static int physdev_map_pirq(struct physd
d = rcu_lock_domain_by_id(map->domid);
if ( d == NULL )
- {
- ret = -ESRCH;
+ return -ESRCH;
+
+ if ( !STUBDOM_IS_PRIV_FOR(current->domain, d) )
+ {
+ ret = -EPERM;
goto free_domain;
}
@@ -160,9 +160,6 @@ static int physdev_unmap_pirq(struct phy
struct domain *d;
int ret;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( unmap->domid == DOMID_SELF )
d = rcu_lock_domain(current->domain);
else
@@ -170,6 +167,10 @@ static int physdev_unmap_pirq(struct phy
if ( d == NULL )
return -ESRCH;
+
+ ret = -EPERM;
+ if ( !STUBDOM_IS_PRIV_FOR(current->domain, d) )
+ goto free_domain;
spin_lock(&pcidevs_lock);
spin_lock(&d->event_lock);
@@ -177,8 +178,8 @@ static int physdev_unmap_pirq(struct phy
spin_unlock(&d->event_lock);
spin_unlock(&pcidevs_lock);
+free_domain:
rcu_unlock_domain(d);
-
return ret;
}
diff -r b3c9f5f9532a -r 6100b7a34705 xen/common/domctl.c
--- a/xen/common/domctl.c Wed Oct 14 08:33:11 2009 +0100
+++ b/xen/common/domctl.c Wed Oct 14 08:54:58 2009 +0100
@@ -220,14 +220,36 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
long ret = 0;
struct xen_domctl curop, *op = &curop;
- if ( !IS_PRIV(current->domain) )
- return -EPERM;
-
if ( copy_from_guest(op, u_domctl, 1) )
return -EFAULT;
if ( op->interface_version != XEN_DOMCTL_INTERFACE_VERSION )
return -EACCES;
+
+ switch ( op->cmd )
+ {
+ case XEN_DOMCTL_ioport_mapping:
+ case XEN_DOMCTL_memory_mapping:
+ case XEN_DOMCTL_bind_pt_irq:
+ case XEN_DOMCTL_unbind_pt_irq:
+ case XEN_DOMCTL_assign_device:
+ case XEN_DOMCTL_deassign_device: {
+ struct domain *d = get_domain_by_id(op->domain);
+ bool_t is_priv = IS_PRIV(current->domain);
+ if ( !is_priv && ((d = rcu_lock_domain_by_id(op->domain)) !=
NULL) )
+ {
+ is_priv = STUBDOM_IS_PRIV_FOR(current->domain, d);
+ rcu_unlock_domain(d);
+ }
+ if ( !is_priv )
+ return -EPERM;
+ break;
+ }
+ default:
+ if ( !IS_PRIV(current->domain) )
+ return -EPERM;
+ break;
+ }
if ( !domctl_lock_acquire() )
return hypercall_create_continuation(
diff -r b3c9f5f9532a -r 6100b7a34705 xen/include/xen/config.h
--- a/xen/include/xen/config.h Wed Oct 14 08:33:11 2009 +0100
+++ b/xen/include/xen/config.h Wed Oct 14 08:54:58 2009 +0100
@@ -95,4 +95,10 @@ int current_domain_id(void);
#define __cpuinitdata
#define __cpuinit
+#ifdef PRIVILEGED_STUBDOMS
+#define STUBDOM_IS_PRIV_FOR(x,y) IS_PRIV_FOR(x,y)
+#else
+#define STUBDOM_IS_PRIV_FOR(x,y) IS_PRIV(x)
+#endif
+
#endif /* __XEN_CONFIG_H__ */
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Keir Fraser
2009-Oct-15 15:47 UTC
[Xen-devel] Re: [Xen-changelog] [xen-unstable] Add build option to allow more hypercalls from stubdoms
Rearrangement typo on my part! -- Keir On 15/10/2009 16:39, "Cui, Dexuan" <dexuan.cui@intel.com> wrote:> Hi, the changeset prevents the domain destroy actually. > e.g., in the non-stubdomain case, the following code would get many references > to the op->domain, so the domain can''t be destroyed throughly. > > + switch ( op->cmd ) > + { > + case XEN_DOMCTL_ioport_mapping: > + case XEN_DOMCTL_memory_mapping: > + case XEN_DOMCTL_bind_pt_irq: > + case XEN_DOMCTL_unbind_pt_irq: > + case XEN_DOMCTL_assign_device: > + case XEN_DOMCTL_deassign_device: { > + struct domain *d = get_domain_by_id(op->domain); > > Thanks, > -- Dexuan > > -----Original Message----- > From: xen-changelog-bounces@lists.xensource.com > [mailto:xen-changelog-bounces@lists.xensource.com] On Behalf Of Xen > patchbot-unstable > Sent: 2009?10?14? 16:15 > To: xen-changelog@lists.xensource.com > Subject: [Xen-changelog] [xen-unstable] Add build option to allow more > hypercalls from stubdoms > > # HG changeset patch > # User Keir Fraser <keir.fraser@citrix.com> > # Date 1255506898 -3600 > # Node ID 6100b7a34705e40ae23a0e081f2bce1b6ed342f5 > # Parent b3c9f5f9532a0dba89204c37d7fb85144e2ad973 > Add build option to allow more hypercalls from stubdoms > > Stubdoms need to be able to make all the passthrough related > hypercalls on behalf of the guest (for now). > > Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > Signed-off-by: Keir Fraser <keir.fraser@citrix.com> > --- > xen/Rules.mk | 7 +++++++ > xen/arch/x86/irq.c | 2 +- > xen/arch/x86/physdev.c | 19 ++++++++++--------- > xen/common/domctl.c | 28 +++++++++++++++++++++++++--- > xen/include/xen/config.h | 6 ++++++ > 5 files changed, 49 insertions(+), 13 deletions(-) > > diff -r b3c9f5f9532a -r 6100b7a34705 xen/Rules.mk > --- a/xen/Rules.mk Wed Oct 14 08:33:11 2009 +0100 > +++ b/xen/Rules.mk Wed Oct 14 08:54:58 2009 +0100 > @@ -8,6 +8,9 @@ perfc_arrays ?= n > perfc_arrays ?= n > crash_debug ?= n > frame_pointer ?= n > + > +# Allow some delicate passthrough related hypercalls to be made from a > stubdom > +privileged_stubdoms ?= y > > XEN_ROOT=$(BASEDIR)/.. > include $(XEN_ROOT)/Config.mk > @@ -56,6 +59,10 @@ endif > endif > ifneq ($(max_phys_irqs),) > CFLAGS-y += -DMAX_PHYS_IRQS=$(max_phys_irqs) > +endif > + > +ifeq ($(privileged_stubdoms),y) > +CFLAGS += -DPRIVILEGED_STUBDOMS > endif > > AFLAGS-y += -D__ASSEMBLY__ > diff -r b3c9f5f9532a -r 6100b7a34705 xen/arch/x86/irq.c > --- a/xen/arch/x86/irq.c Wed Oct 14 08:33:11 2009 +0100 > +++ b/xen/arch/x86/irq.c Wed Oct 14 08:54:58 2009 +0100 > @@ -1340,7 +1340,7 @@ int map_domain_pirq( > ASSERT(spin_is_locked(&pcidevs_lock)); > ASSERT(spin_is_locked(&d->event_lock)); > > - if ( !IS_PRIV(current->domain) ) > + if ( !STUBDOM_IS_PRIV_FOR(current->domain, d) ) > return -EPERM; > > if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs ) > diff -r b3c9f5f9532a -r 6100b7a34705 xen/arch/x86/physdev.c > --- a/xen/arch/x86/physdev.c Wed Oct 14 08:33:11 2009 +0100 > +++ b/xen/arch/x86/physdev.c Wed Oct 14 08:54:58 2009 +0100 > @@ -34,9 +34,6 @@ static int physdev_map_pirq(struct physd > struct msi_info _msi; > void *map_data = NULL; > > - if ( !IS_PRIV(current->domain) ) > - return -EPERM; > - > if ( !map ) > return -EINVAL; > > @@ -46,8 +43,11 @@ static int physdev_map_pirq(struct physd > d = rcu_lock_domain_by_id(map->domid); > > if ( d == NULL ) > - { > - ret = -ESRCH; > + return -ESRCH; > + > + if ( !STUBDOM_IS_PRIV_FOR(current->domain, d) ) > + { > + ret = -EPERM; > goto free_domain; > } > > @@ -160,9 +160,6 @@ static int physdev_unmap_pirq(struct phy > struct domain *d; > int ret; > > - if ( !IS_PRIV(current->domain) ) > - return -EPERM; > - > if ( unmap->domid == DOMID_SELF ) > d = rcu_lock_domain(current->domain); > else > @@ -170,6 +167,10 @@ static int physdev_unmap_pirq(struct phy > > if ( d == NULL ) > return -ESRCH; > + > + ret = -EPERM; > + if ( !STUBDOM_IS_PRIV_FOR(current->domain, d) ) > + goto free_domain; > > spin_lock(&pcidevs_lock); > spin_lock(&d->event_lock); > @@ -177,8 +178,8 @@ static int physdev_unmap_pirq(struct phy > spin_unlock(&d->event_lock); > spin_unlock(&pcidevs_lock); > > +free_domain: > rcu_unlock_domain(d); > - > return ret; > } > > diff -r b3c9f5f9532a -r 6100b7a34705 xen/common/domctl.c > --- a/xen/common/domctl.c Wed Oct 14 08:33:11 2009 +0100 > +++ b/xen/common/domctl.c Wed Oct 14 08:54:58 2009 +0100 > @@ -220,14 +220,36 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc > long ret = 0; > struct xen_domctl curop, *op = &curop; > > - if ( !IS_PRIV(current->domain) ) > - return -EPERM; > - > if ( copy_from_guest(op, u_domctl, 1) ) > return -EFAULT; > > if ( op->interface_version != XEN_DOMCTL_INTERFACE_VERSION ) > return -EACCES; > + > + switch ( op->cmd ) > + { > + case XEN_DOMCTL_ioport_mapping: > + case XEN_DOMCTL_memory_mapping: > + case XEN_DOMCTL_bind_pt_irq: > + case XEN_DOMCTL_unbind_pt_irq: > + case XEN_DOMCTL_assign_device: > + case XEN_DOMCTL_deassign_device: { > + struct domain *d = get_domain_by_id(op->domain); > + bool_t is_priv = IS_PRIV(current->domain); > + if ( !is_priv && ((d = rcu_lock_domain_by_id(op->domain)) != NULL) ) > + { > + is_priv = STUBDOM_IS_PRIV_FOR(current->domain, d); > + rcu_unlock_domain(d); > + } > + if ( !is_priv ) > + return -EPERM; > + break; > + } > + default: > + if ( !IS_PRIV(current->domain) ) > + return -EPERM; > + break; > + } > > if ( !domctl_lock_acquire() ) > return hypercall_create_continuation( > diff -r b3c9f5f9532a -r 6100b7a34705 xen/include/xen/config.h > --- a/xen/include/xen/config.h Wed Oct 14 08:33:11 2009 +0100 > +++ b/xen/include/xen/config.h Wed Oct 14 08:54:58 2009 +0100 > @@ -95,4 +95,10 @@ int current_domain_id(void); > #define __cpuinitdata > #define __cpuinit > > +#ifdef PRIVILEGED_STUBDOMS > +#define STUBDOM_IS_PRIV_FOR(x,y) IS_PRIV_FOR(x,y) > +#else > +#define STUBDOM_IS_PRIV_FOR(x,y) IS_PRIV(x) > +#endif > + > #endif /* __XEN_CONFIG_H__ */ > > _______________________________________________ > Xen-changelog mailing list > Xen-changelog@lists.xensource.com > http://lists.xensource.com/xen-changelog_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel