From patchwork Wed Mar 22 11:25:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 9638551 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D5B46602CB for ; Wed, 22 Mar 2017 11:28:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC91327B13 for ; Wed, 22 Mar 2017 11:28:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C17352842C; Wed, 22 Mar 2017 11:28:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B3C322841F for ; Wed, 22 Mar 2017 11:28:15 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cqeP0-0007nO-LF; Wed, 22 Mar 2017 11:26:06 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cqeOz-0007nI-00 for xen-devel@lists.xenproject.org; Wed, 22 Mar 2017 11:26:05 +0000 Received: from [85.158.137.68] by server-12.bemta-3.messagelabs.com id F1/73-12861-C4F52D85; Wed, 22 Mar 2017 11:26:04 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBLMWRWlGSWpSXmKPExsXitHSDva53/KU Ig4NtGhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8aao81MBTuNK7Zt62FqYOzQ6mLk5JAQ8Jf4 +OEFC4jNJqAjMfXpJdYuRg4OEQEVidt7DUDCzALFEn//dzOD2MICvhLd316B2SwCqhKHl/Wxg di8Am4Ss5+uZ4cYKSdx/vhPsBohoDHrp86CqhGUODnzCQvETAmJgy9eME9g5J6FJDULSWoBI9 MqRo3i1KKy1CJdQwO9pKLM9IyS3MTMHCDPWC83tbg4MT01JzGpWC85P3cTIzAU6hkYGHcwbut yPsQoycGkJMrrrnwpQogvKT+lMiOxOCO+qDQntfgQowwHh5IEb3csUE6wKDU9tSItMwcYlDBp CQ4eJRHe7jigNG9xQWJucWY6ROoUoy7HnNm73zAJseTl56VKifOagRQJgBRllObBjYBFyCVGW SlhXkYGBgYhnoLUotzMElT5V4ziHIxKwrwZIFN4MvNK4Da9AjqCCeiIsj0XQI4oSURISTUwTj Tlb/VQn7T8gKXahdoKz4/zv3JnznqdvOC/gcK0LcyBM25zLDmi/T7h8ireY0+fLPY9cPBp3xy zItXcCwtuHWY9seHlsvMVgb+9ftfv7bvwNyl14dyrq+9UTJ4wp2qL5rPYkn17n9/a+XLWPsmM 7rfzFrlOWcrsq/SP98jZvwF5vL4qU3jOFbAosRRnJBpqMRcVJwIA3BQ5JosCAAA= X-Env-Sender: prvs=2479a8bc7=Paul.Durrant@citrix.com X-Msg-Ref: server-12.tower-31.messagelabs.com!1490181961!74697531!1 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.2.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30114 invoked from network); 22 Mar 2017 11:26:03 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-12.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 22 Mar 2017 11:26:03 -0000 X-IronPort-AV: E=Sophos;i="5.36,204,1486425600"; d="scan'208";a="424173862" From: Paul Durrant To: Date: Wed, 22 Mar 2017 11:25:25 +0000 Message-ID: <1490181925-8026-1-git-send-email-paul.durrant@citrix.com> X-Mailer: git-send-email 2.1.4 MIME-Version: 1.0 Cc: Wei Liu , Paul Durrant , Ian Jackson Subject: [Xen-devel] [PATCH] tools/libxenforeignmemory: add a call to restrict the handle X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Commit 8ef5f344d061 "tools/libxendevicemodel: add a call to restrict the handle" added a function to the devicemodel interface to restrict operations through the API to a specific domain, where a capable under- lying privcmd driver exists. This patch adds similar functionality to the xenforeignmemory API. This will be necessary (as much as xendevicemodel restriction) for limiting the scope of device models to specific domains. NOTE: My patch to the linux kernel [1] added the appropriate checks to the foreign memory ioctls. [1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240 Signed-off-by: Paul Durrant Acked-by: Wei Liu --- Cc: Ian Jackson Cc: Wei Liu --- tools/libs/foreignmemory/core.c | 6 ++++++ tools/libs/foreignmemory/freebsd.c | 7 +++++++ tools/libs/foreignmemory/include/xenforeignmemory.h | 11 +++++++++++ tools/libs/foreignmemory/libxenforeignmemory.map | 1 + tools/libs/foreignmemory/linux.c | 6 ++++++ tools/libs/foreignmemory/minios.c | 7 +++++++ tools/libs/foreignmemory/netbsd.c | 7 +++++++ tools/libs/foreignmemory/private.h | 3 +++ tools/libs/foreignmemory/solaris.c | 7 +++++++ 9 files changed, 55 insertions(+) diff --git a/tools/libs/foreignmemory/core.c b/tools/libs/foreignmemory/core.c index a872b95..0ebd429 100644 --- a/tools/libs/foreignmemory/core.c +++ b/tools/libs/foreignmemory/core.c @@ -106,6 +106,12 @@ int xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return osdep_xenforeignmemory_unmap(fmem, addr, num); } +int xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + return osdep_xenforeignmemory_restrict(fmem, domid); +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/freebsd.c b/tools/libs/foreignmemory/freebsd.c index ef08b6c..f6cd08c 100644 --- a/tools/libs/foreignmemory/freebsd.c +++ b/tools/libs/foreignmemory/freebsd.c @@ -96,6 +96,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num << PAGE_SHIFT); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/include/xenforeignmemory.h b/tools/libs/foreignmemory/include/xenforeignmemory.h index 92b9277..d5be648 100644 --- a/tools/libs/foreignmemory/include/xenforeignmemory.h +++ b/tools/libs/foreignmemory/include/xenforeignmemory.h @@ -115,6 +115,17 @@ void *xenforeignmemory_map(xenforeignmemory_handle *fmem, uint32_t dom, int xenforeignmemory_unmap(xenforeignmemory_handle *fmem, void *addr, size_t pages); +/** + * This function restricts the use of this handle to the specified + * domain. + * + * @parm fmem handle to the open foreignmemory interface + * @parm domid the domain id + * @return 0 on success, -1 on failure. + */ +int xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid); + #endif /* diff --git a/tools/libs/foreignmemory/libxenforeignmemory.map b/tools/libs/foreignmemory/libxenforeignmemory.map index df206b3..5c9806c 100644 --- a/tools/libs/foreignmemory/libxenforeignmemory.map +++ b/tools/libs/foreignmemory/libxenforeignmemory.map @@ -4,5 +4,6 @@ VERS_1.0 { xenforeignmemory_close; xenforeignmemory_map; xenforeignmemory_unmap; + xenforeignmemory_restrict; local: *; /* Do not expose anything by default */ }; diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c index 423c744..320bb21 100644 --- a/tools/libs/foreignmemory/linux.c +++ b/tools/libs/foreignmemory/linux.c @@ -272,6 +272,12 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num << PAGE_SHIFT); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + return ioctl(fmem->fd, IOCTL_PRIVCMD_RESTRICT, &domid); +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/minios.c b/tools/libs/foreignmemory/minios.c index 6dc97bd..2dd4910 100644 --- a/tools/libs/foreignmemory/minios.c +++ b/tools/libs/foreignmemory/minios.c @@ -58,6 +58,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num << PAGE_SHIFT); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/netbsd.c b/tools/libs/foreignmemory/netbsd.c index 08f4964..af3a1a4 100644 --- a/tools/libs/foreignmemory/netbsd.c +++ b/tools/libs/foreignmemory/netbsd.c @@ -100,6 +100,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num*XC_PAGE_SIZE); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/private.h b/tools/libs/foreignmemory/private.h index 9cc7814..ed7ec7a 100644 --- a/tools/libs/foreignmemory/private.h +++ b/tools/libs/foreignmemory/private.h @@ -32,6 +32,9 @@ void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem, int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, void *addr, size_t num); +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid); + #if defined(__NetBSD__) || defined(__sun__) /* Strictly compat for those two only only */ void *compat_mapforeign_batch(xenforeignmem_handle *fmem, uint32_t dom, diff --git a/tools/libs/foreignmemory/solaris.c b/tools/libs/foreignmemory/solaris.c index e925a29..fe7bb45 100644 --- a/tools/libs/foreignmemory/solaris.c +++ b/tools/libs/foreignmemory/solaris.c @@ -98,6 +98,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num*XC_PAGE_SIZE); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C