Xen project Mailing List

[Xen-devel] [PATCH v2 5/5] tools/libxendevicemodel: add a call to restrict the handle

From: Paul Durrant <paul.durrant@xxxxxxxxxx>

Date: Wed, 22 Feb 2017 13:27:38 +0000

Cc: Paul Durrant <paul.durrant@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

Delivery-date: Wed, 22 Feb 2017 13:28:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

My recent patch [1] to the Linux privcmd module introduced a mechanism to restrict an open file handle to subsequently only accept operations for a specified domain. This patch extends the libxendevicemodel API and make use of the mechanism in the Linux-specific code to restrict operations on the interface handle. [1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240 Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> --- Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> --- tools/include/xen-sys/Linux/privcmd.h | 2 ++ tools/libs/devicemodel/compat.c | 9 +++++++++ tools/libs/devicemodel/core.c | 5 +++++ tools/libs/devicemodel/include/xendevicemodel.h | 10 ++++++++++ tools/libs/devicemodel/libxendevicemodel.map | 1 + tools/libs/devicemodel/linux.c | 11 +++++++++++ tools/libs/devicemodel/private.h | 3 +++ 7 files changed, 41 insertions(+) diff --git a/tools/include/xen-sys/Linux/privcmd.h b/tools/include/xen-sys/Linux/privcmd.h index c80eb5e..732ff7c 100644 --- a/tools/include/xen-sys/Linux/privcmd.h +++ b/tools/include/xen-sys/Linux/privcmd.h @@ -101,5 +101,7 @@ typedef struct privcmd_dm_op { _IOC(_IOC_NONE, 'P', 4, sizeof(privcmd_mmapbatch_v2_t)) #define IOCTL_PRIVCMD_DM_OP \ _IOC(_IOC_NONE, 'P', 5, sizeof(privcmd_dm_op_t)) +#define IOCTL_PRIVCMD_RESTRICT \ + _IOC(_IOC_NONE, 'P', 6, sizeof(domid_t)) #endif /* __LINUX_PUBLIC_PRIVCMD_H__ */ diff --git a/tools/libs/devicemodel/compat.c b/tools/libs/devicemodel/compat.c index 245e907..5b4fdae 100644 --- a/tools/libs/devicemodel/compat.c +++ b/tools/libs/devicemodel/compat.c @@ -15,6 +15,8 @@ * License along with this library; If not, see <http://www.gnu.org/licenses/>. */ +#include <errno.h> + #include "private.h" int osdep_xendevicemodel_open(xendevicemodel_handle *dmod) @@ -34,6 +36,13 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod, return xendevicemodel_xcall(dmod, domid, nr_bufs, bufs); } +int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod, + domid_t domid) +{ + errno = EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/devicemodel/core.c b/tools/libs/devicemodel/core.c index 33ee157..504543c 100644 --- a/tools/libs/devicemodel/core.c +++ b/tools/libs/devicemodel/core.c @@ -492,6 +492,11 @@ int xendevicemodel_inject_event( return xendevicemodel_op(dmod, domid, 1, &op, sizeof(op)); } +int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid) +{ + return osdep_xendevicemodel_restrict(dmod, domid); +} + /* * Local variables: * mode: C diff --git a/tools/libs/devicemodel/include/xendevicemodel.h b/tools/libs/devicemodel/include/xendevicemodel.h index e00f8da..b3f600e 100644 --- a/tools/libs/devicemodel/include/xendevicemodel.h +++ b/tools/libs/devicemodel/include/xendevicemodel.h @@ -283,6 +283,16 @@ int xendevicemodel_inject_event( xendevicemodel_handle *dmod, domid_t domid, int vcpu, uint8_t vector, uint8_t type, uint32_t error_code, uint8_t insn_len, uint64_t cr2); +/** + * This function restricts the use of this handle to the specified + * domain. + * + * @parm dmod handle to the open devicemodel interface + * @parm domid the domain id + * @return 0 on success, -1 on failure. + */ +int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid); + #endif /* __XEN_TOOLS__ */ #endif /* XENDEVICEMODEL_H */ diff --git a/tools/libs/devicemodel/libxendevicemodel.map b/tools/libs/devicemodel/libxendevicemodel.map index abc6d06..45c773e 100644 --- a/tools/libs/devicemodel/libxendevicemodel.map +++ b/tools/libs/devicemodel/libxendevicemodel.map @@ -17,6 +17,7 @@ VERS_1.0 { xendevicemodel_modified_memory; xendevicemodel_set_mem_type; xendevicemodel_inject_event; + xendevicemodel_restrict; xendevicemodel_close; local: *; /* Do not expose anything by default */ }; diff --git a/tools/libs/devicemodel/linux.c b/tools/libs/devicemodel/linux.c index 7511ee7..438c55b 100644 --- a/tools/libs/devicemodel/linux.c +++ b/tools/libs/devicemodel/linux.c @@ -112,6 +112,17 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod, return 0; } +int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod, + domid_t domid) +{ + if (dmod->fd < 0) { + errno = EOPNOTSUPP; + return -1; + } + + return ioctl(dmod->fd, IOCTL_PRIVCMD_RESTRICT, &domid); +} + /* * Local variables: * mode: C diff --git a/tools/libs/devicemodel/private.h b/tools/libs/devicemodel/private.h index 5ce3b45..4ce5aac 100644 --- a/tools/libs/devicemodel/private.h +++ b/tools/libs/devicemodel/private.h @@ -29,6 +29,9 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod, domid_t domid, unsigned int nr_bufs, struct xendevicemodel_buf bufs[]); +int osdep_xendevicemodel_restrict( + xendevicemodel_handle *dmod, domid_t domid); + #define PERROR(_f...) \ xtl_log(dmod->logger, XTL_ERROR, errno, "xendevicemodel", _f) -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.