Xen project Mailing List

[Xen-changelog] [xen-unstable] xend, xsm: Lock domain access while modifying policy.

From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Tue, 09 Oct 2007 14:10:11 -0700

Delivery-date: Tue, 09 Oct 2007 14:11:13 -0700

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Keir Fraser <keir@xxxxxxxxxxxxx> # Date 1191847397 -3600 # Node ID de68316bd2faf801447674387bd23f28b12090cc # Parent 685054d5fa48bd6432d9cf14be7ece1329135994 xend, xsm: Lock domain access while modifying policy. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> --- tools/python/xen/util/xsm/acm/acm.py | 27 +++++++++++++++++++-------- tools/python/xen/xend/XendXSPolicy.py | 7 +------ tools/python/xen/xend/XendXSPolicyAdmin.py | 18 ++++++++++++++++++ 3 files changed, 38 insertions(+), 14 deletions(-) diff -r 685054d5fa48 -r de68316bd2fa tools/python/xen/util/xsm/acm/acm.py --- a/tools/python/xen/util/xsm/acm/acm.py Mon Oct 08 10:57:32 2007 +0100 +++ b/tools/python/xen/util/xsm/acm/acm.py Mon Oct 08 13:43:17 2007 +0100 @@ -101,6 +101,13 @@ def mapfile_lock(): def mapfile_unlock(): __mapfile_lock.release() + + +def resfile_lock(): + __resfile_lock.acquire() + +def resfile_unlock(): + __resfile_lock.release() def refresh_security_policy(): @@ -961,7 +968,7 @@ def resources_compatible_with_vmlabel(xs return False try: - __resfile_lock.acquire() + resfile_lock() try: access_control = dictio.dict_read("resources", res_label_filename) @@ -971,7 +978,7 @@ def resources_compatible_with_vmlabel(xs return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel, access_control) finally: - __resfile_lock.release() + resfile_unlock() return False @@ -1053,7 +1060,7 @@ def set_resource_label(resource, policyt return -xsconstants.XSERR_RESOURCE_IN_USE try: - __resfile_lock.acquire() + resfile_lock() access_control = {} try: access_control = dictio.dict_read("resources", res_label_filename) @@ -1075,7 +1082,7 @@ def set_resource_label(resource, policyt del access_control[resource] dictio.dict_write(access_control, "resources", res_label_filename) finally: - __resfile_lock.release() + resfile_unlock() return xsconstants.XSERR_SUCCESS def rm_resource_label(resource, oldlabel_xapi): @@ -1158,13 +1165,13 @@ def get_labeled_resources(): @return list of labeled resources """ try: - __resfile_lock.acquire() + resfile_lock() try: access_control = dictio.dict_read("resources", res_label_filename) except: return {} finally: - __resfile_lock.release() + resfile_unlock() return access_control @@ -1213,6 +1220,9 @@ def change_acm_policy(bin_pol, del_array - Attempt changes in the hypervisor; if this step fails, roll back the relabeling of resources and VMs - Make the relabeling of resources and VMs permanent + + This function should be called with the lock to the domains + held (XendDomain.instance().domains_lock) """ rc = xsconstants.XSERR_SUCCESS @@ -1225,7 +1235,7 @@ def change_acm_policy(bin_pol, del_array errors="" try: - __resfile_lock.acquire() + resfile_lock() mapfile_lock() # Get all domains' dominfo. @@ -1240,6 +1250,7 @@ def change_acm_policy(bin_pol, del_array access_control = dictio.dict_read("resources", res_label_filename) except: pass + for key, labeldata in access_control.items(): if len(labeldata) == 2: policy, label = labeldata @@ -1328,7 +1339,7 @@ def change_acm_policy(bin_pol, del_array finally: log.info("----------------------------------------------") mapfile_unlock() - __resfile_lock.release() + resfile_unlock() return rc, errors diff -r 685054d5fa48 -r de68316bd2fa tools/python/xen/xend/XendXSPolicy.py --- a/tools/python/xen/xend/XendXSPolicy.py Mon Oct 08 10:57:32 2007 +0100 +++ b/tools/python/xen/xend/XendXSPolicy.py Mon Oct 08 13:43:17 2007 +0100 @@ -130,9 +130,7 @@ class XendXSPolicy(XendBase): if refs and len(refs) > 0: ref = refs[0] xspol = XSPolicyAdminInstance().policy_from_ref(ref) - try: - xspol.grab_lock() - + if xspol: polstate = { 'xs_ref' : ref, 'repr' : xspol.toxml(), @@ -142,9 +140,6 @@ class XendXSPolicy(XendBase): 'errors' : "", 'xserr' : 0, } - finally: - if xspol: - xspol.unlock() return polstate def rm_xsbootpolicy(self): diff -r 685054d5fa48 -r de68316bd2fa tools/python/xen/xend/XendXSPolicyAdmin.py --- a/tools/python/xen/xend/XendXSPolicyAdmin.py Mon Oct 08 10:57:32 2007 +0100 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py Mon Oct 08 13:43:17 2007 +0100 @@ -94,6 +94,15 @@ class XSPolicyAdmin: If flags is True, then any existing policy will be removed from the system and the new one will be installed """ + from xen.xend import XendDomain + domains = XendDomain.instance() + try: + domains.domains_lock.acquire() + return self.__add_acmpolicy_to_system(xmltext, flags, overwrite) + finally: + domains.domains_lock.release() + + def __add_acmpolicy_to_system(self, xmltext, flags, overwrite): errors = "" loadedpol = self.get_loaded_policy() if loadedpol: @@ -182,6 +191,15 @@ class XSPolicyAdmin: return xsconstants.XSERR_SUCCESS def activate_xspolicy(self, xspol, flags): + from xen.xend import XendDomain + domains = XendDomain.instance() + try: + domains.domains_lock.acquire() + return self.__activate_xspolicy(xspol, flags) + finally: + domains.domains_lock.release() + + def __activate_xspolicy(self, xspol, flags): rc = xsconstants.XSERR_SUCCESS if flags & xsconstants.XS_INST_LOAD: rc = xspol.loadintohv() _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.