From patchwork Wed Feb 22 13:27:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Durrant <Paul.Durrant@citrix.com>
X-Patchwork-Id: 9586839
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	E92D2602A7 for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed, 22 Feb 2017 13:30:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B9B122864F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed, 22 Feb 2017 13:30:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AE634286C1; Wed, 22 Feb 2017 13:30:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3A0902864F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed, 22 Feb 2017 13:30:40 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1cgWxx-0001xt-TM; Wed, 22 Feb 2017 13:28:21 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=21931860e=Paul.Durrant@citrix.com>)
	id 1cgWxw-0001xB-Ni
	for xen-devel@lists.xenproject.org; Wed, 22 Feb 2017 13:28:20 +0000
Received: from [85.158.143.35] by server-2.bemta-6.messagelabs.com id
	66/EA-01733-4F19DA85; Wed, 22 Feb 2017 13:28:20 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAIsWRWlGSWpSXmKPExsXitHRDpO7niWs
	jDFb2mVt83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBlrWlpZCm5qVBxu/cTUwNip1MXIySEh4C/x
	/NpLJhCbTUBHYurTS6xdjBwcIgIqErf3GoCEmQVCJCaenMAKYgsLBElsXv+CGcRmEVCVmDhpI
	licV8BdYvKWpSwQI+Ukzh//CVbDKeAh8bLzNlhcCKjmWOdnNghbRWL91FlsEL2CEidnPmGB2C
	UhcfDFC+YJjLyzkKRmIUktYGRaxahRnFpUllqka2igl1SUmZ5RkpuYmQPkmenlphYXJ6an5iQ
	mFesl5+duYgSGDgMQ7GC8tyzgEKMkB5OSKO/D7LURQnxJ+SmVGYnFGfFFpTmpxYcYZTg4lCR4
	ayYA5QSLUtNTK9Iyc4BBDJOW4OBREuE93QeU5i0uSMwtzkyHSJ1i1OXYt/3MSyYhlrz8vFQpc
	d6NIDMEQIoySvPgRsAi6hKjrJQwLyPQUUI8BalFuZklqPKvGMU5GJWEeXtBpvBk5pXAbXoFdA
	QT0BGWzmBHlCQipKQaGFkPrnzV57HwZF7vn7t6076XstpuLBUT3eeWbz2vpj87wejuWrW49dW
	2p3PLOI23tPilvHe6yqF/SlaxUp37J58ia5vKVZde1SuX2LQc+p+E+3NkcSk2VEZqdxjccuep
	zdwU8DtAMmbezq0zdJVO24XOdvv58558mL7DOU71fZ9X7lwjOSdEiaU4I9FQi7moOBEAneFY3
	qMCAAA=
X-Env-Sender: prvs=21931860e=Paul.Durrant@citrix.com
X-Msg-Ref: server-13.tower-21.messagelabs.com!1487770097!53103230!2
X-Originating-IP: [66.165.176.89]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 9.2.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 7172 invoked from network); 22 Feb 2017 13:28:19 -0000
Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89)
	by server-13.tower-21.messagelabs.com with RC4-SHA encrypted SMTP;
	22 Feb 2017 13:28:19 -0000
X-IronPort-AV: E=Sophos;i="5.35,194,1484006400"; d="scan'208";a="408855638"
From: Paul Durrant <paul.durrant@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Wed, 22 Feb 2017 13:27:38 +0000
Message-ID: <1487770058-21040-6-git-send-email-paul.durrant@citrix.com>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1487770058-21040-1-git-send-email-paul.durrant@citrix.com>
References: <1487770058-21040-1-git-send-email-paul.durrant@citrix.com>
MIME-Version: 1.0
Cc: Paul Durrant <paul.durrant@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>
Subject: [Xen-devel] [PATCH v2 5/5] tools/libxendevicemodel: add a call to
	restrict the handle
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

My recent patch [1] to the Linux privcmd module introduced a mechanism
to restrict an open file handle to subsequently only accept operations for
a specified domain.

This patch extends the libxendevicemodel API and make use of the
mechanism in the Linux-specific code to restrict operations on the
interface handle.

[1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
---
 tools/include/xen-sys/Linux/privcmd.h           |  2 ++
 tools/libs/devicemodel/compat.c                 |  9 +++++++++
 tools/libs/devicemodel/core.c                   |  5 +++++
 tools/libs/devicemodel/include/xendevicemodel.h | 10 ++++++++++
 tools/libs/devicemodel/libxendevicemodel.map    |  1 +
 tools/libs/devicemodel/linux.c                  | 11 +++++++++++
 tools/libs/devicemodel/private.h                |  3 +++
 7 files changed, 41 insertions(+)

diff --git a/tools/include/xen-sys/Linux/privcmd.h b/tools/include/xen-sys/Linux/privcmd.h
index c80eb5e..732ff7c 100644
--- a/tools/include/xen-sys/Linux/privcmd.h
+++ b/tools/include/xen-sys/Linux/privcmd.h
@@ -101,5 +101,7 @@ typedef struct privcmd_dm_op {
 	_IOC(_IOC_NONE, 'P', 4, sizeof(privcmd_mmapbatch_v2_t))
 #define IOCTL_PRIVCMD_DM_OP					\
 	_IOC(_IOC_NONE, 'P', 5, sizeof(privcmd_dm_op_t))
+#define IOCTL_PRIVCMD_RESTRICT					\
+	_IOC(_IOC_NONE, 'P', 6, sizeof(domid_t))
 
 #endif /* __LINUX_PUBLIC_PRIVCMD_H__ */
diff --git a/tools/libs/devicemodel/compat.c b/tools/libs/devicemodel/compat.c
index 245e907..5b4fdae 100644
--- a/tools/libs/devicemodel/compat.c
+++ b/tools/libs/devicemodel/compat.c
@@ -15,6 +15,8 @@
  * License along with this library; If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <errno.h>
+
 #include "private.h"
 
 int osdep_xendevicemodel_open(xendevicemodel_handle *dmod)
@@ -34,6 +36,13 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
     return xendevicemodel_xcall(dmod, domid, nr_bufs, bufs);
 }
 
+int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod,
+                                  domid_t domid)
+{
+    errno = EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/devicemodel/core.c b/tools/libs/devicemodel/core.c
index 33ee157..504543c 100644
--- a/tools/libs/devicemodel/core.c
+++ b/tools/libs/devicemodel/core.c
@@ -492,6 +492,11 @@ int xendevicemodel_inject_event(
     return xendevicemodel_op(dmod, domid, 1, &op, sizeof(op));
 }
 
+int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid)
+{
+    return osdep_xendevicemodel_restrict(dmod, domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/devicemodel/include/xendevicemodel.h b/tools/libs/devicemodel/include/xendevicemodel.h
index e00f8da..b3f600e 100644
--- a/tools/libs/devicemodel/include/xendevicemodel.h
+++ b/tools/libs/devicemodel/include/xendevicemodel.h
@@ -283,6 +283,16 @@ int xendevicemodel_inject_event(
     xendevicemodel_handle *dmod, domid_t domid, int vcpu, uint8_t vector,
     uint8_t type, uint32_t error_code, uint8_t insn_len, uint64_t cr2);
 
+/**
+ * This function restricts the use of this handle to the specified
+ * domain.
+ *
+ * @parm dmod handle to the open devicemodel interface
+ * @parm domid the domain id
+ * @return 0 on success, -1 on failure.
+ */
+int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid);
+
 #endif /* __XEN_TOOLS__ */
 
 #endif /* XENDEVICEMODEL_H */
diff --git a/tools/libs/devicemodel/libxendevicemodel.map b/tools/libs/devicemodel/libxendevicemodel.map
index abc6d06..45c773e 100644
--- a/tools/libs/devicemodel/libxendevicemodel.map
+++ b/tools/libs/devicemodel/libxendevicemodel.map
@@ -17,6 +17,7 @@ VERS_1.0 {
 		xendevicemodel_modified_memory;
 		xendevicemodel_set_mem_type;
 		xendevicemodel_inject_event;
+		xendevicemodel_restrict;
 		xendevicemodel_close;
 	local: *; /* Do not expose anything by default */
 };
diff --git a/tools/libs/devicemodel/linux.c b/tools/libs/devicemodel/linux.c
index 7511ee7..438c55b 100644
--- a/tools/libs/devicemodel/linux.c
+++ b/tools/libs/devicemodel/linux.c
@@ -112,6 +112,17 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
     return 0;
 }
 
+int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod,
+                                  domid_t domid)
+{
+    if (dmod->fd < 0) {
+        errno = EOPNOTSUPP;
+        return -1;
+    }
+
+    return ioctl(dmod->fd, IOCTL_PRIVCMD_RESTRICT, &domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/devicemodel/private.h b/tools/libs/devicemodel/private.h
index 5ce3b45..4ce5aac 100644
--- a/tools/libs/devicemodel/private.h
+++ b/tools/libs/devicemodel/private.h
@@ -29,6 +29,9 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
                             domid_t domid, unsigned int nr_bufs,
                             struct xendevicemodel_buf bufs[]);
 
+int osdep_xendevicemodel_restrict(
+    xendevicemodel_handle *dmod, domid_t domid);
+
 #define PERROR(_f...) \
     xtl_log(dmod->logger, XTL_ERROR, errno, "xendevicemodel", _f)