From patchwork Wed Oct  4 15:57:23 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Jackson <Ian.Jackson@eu.citrix.com>
X-Patchwork-Id: 9985117
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8119B6028E for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed,  4 Oct 2017 16:09:37 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6D04E2876F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed,  4 Oct 2017 16:09:37 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 61EEA28B4A; Wed,  4 Oct 2017 16:09:37 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E769C2876F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Wed,  4 Oct 2017 16:09:36 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dzmD5-0003rZ-SC; Wed, 04 Oct 2017 16:07:47 +0000
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=4438c69fc=Ian.Jackson@citrix.com>)
	id 1dzmD4-0003k3-60
	for xen-devel@lists.xensource.com; Wed, 04 Oct 2017 16:07:46 +0000
Received: from [85.158.137.68] by server-16.bemta-3.messagelabs.com id
	EA/F9-01778-15705D95; Wed, 04 Oct 2017 16:07:45 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRWlGSWpSXmKPExsXitHSDvW4A+9V
	IgxnTdC3uTXnP7sDosb1vF3sAYxRrZl5SfkUCa8bzr2EFjWoV7Yd6mBoYnyl0MXJySAj4S0z9
	s4YNwvaQuH72BBOIzSagK9G05S9YXERAWeJ40xfWLkYuDmaBc4wSrVM2MIMkhAU8Jd6+eccKY
	rMIqEj82XAJzOYV8JK4NPkUM8RQOYnzx3+C2ZxA8ac7O4BsDg4hoN5ja00hTDWJuevjIToFJU
	7OfMICYjMLSEgcfPECaoqlxLf1T5knMPLPQlI2C0nZAkamVYwaxalFZalFukZGeklFmekZJbm
	JmTm6hgbGermpxcWJ6ak5iUnFesn5uZsYgYFWz8DAuINx6gm/Q4ySHExKory/fl6JFOJLyk+p
	zEgszogvKs1JLT7EKMPBoSTBW852NVJIsCg1PbUiLTMHGPIwaQkOHiUR3naQNG9xQWJucWY6R
	OoUozHHsU2X/zBxdNy8+4dJiCUvPy9VSpyXBaRUAKQ0ozQPbhAsFi8xykoJ8zIyMDAI8RSkFu
	VmlqDKv2IU52BUEuaVAZnCk5lXArfvFdApTECnzGm6AnJKSSJCSqqB0UR2c/eaV9FLhRZVPSx
	z+69W6RD9euf+/40aFo1VMzZckIqarXmtpWoOj/bul8JLJsaZv+HK0VFR+n/NsW61DFeJt1Gc
	5qclWaqzzmUunRv5mMM+J0XOYPOhtWn+NkLHWRfbOrVHt8fIvV8h8smj6fk5xTMHl664Xvv3o
	fK8A9VuVhkzPLaZKrEUZyQaajEXFScCAPndV73AAgAA
X-Env-Sender: prvs=4438c69fc=Ian.Jackson@citrix.com
X-Msg-Ref: server-3.tower-31.messagelabs.com!1507133259!117907002!4
X-Originating-IP: [66.165.176.63]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 34417 invoked from network); 4 Oct 2017 16:07:44 -0000
Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63)
	by server-3.tower-31.messagelabs.com with RC4-SHA encrypted SMTP;
	4 Oct 2017 16:07:44 -0000
X-IronPort-AV: E=Sophos;i="5.42,477,1500940800"; d="scan'208";a="450475338"
X-CrossPremisesHeadersFilteredBySendConnector: FTLPEX02AMS01.citrite.net
From: Ian Jackson <ian.jackson@eu.citrix.com>
To: <xen-devel@lists.xensource.com>
Date: Wed, 4 Oct 2017 16:57:23 +0100
Message-ID: <1507132650-25376-18-git-send-email-ian.jackson@eu.citrix.com>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1507132650-25376-1-git-send-email-ian.jackson@eu.citrix.com>
References: <1507132650-25376-1-git-send-email-ian.jackson@eu.citrix.com>
MIME-Version: 1.0
X-OrganizationHeadersPreserved: FTLPEX02AMS01.citrite.net
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>
Subject: [Xen-devel] [PATCH 17/24] xentoolcore_restrict_all: "Implement" for
	xenstore
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/Rules.mk                |  2 +-
 tools/xenstore/Makefile       |  7 ++++---
 tools/xenstore/xenstore.pc.in |  2 +-
 tools/xenstore/xs.c           | 14 ++++++++++++++
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/tools/Rules.mk b/tools/Rules.mk
index 3239e76..be92f0a 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -146,7 +146,7 @@ LDLIBS_libxenguest = $(SHDEPS_libxenguest) $(XEN_LIBXC)/libxenguest$(libextensio
 SHLIB_libxenguest  = $(SHDEPS_libxenguest) -Wl,-rpath-link=$(XEN_LIBXC)
 
 CFLAGS_libxenstore = -I$(XEN_XENSTORE)/include $(CFLAGS_xeninclude)
-SHDEPS_libxenstore =
+SHDEPS_libxenstore = $(SHLIB_libxentoolcore)
 LDLIBS_libxenstore = $(SHDEPS_libxenstore) $(XEN_XENSTORE)/libxenstore$(libextension)
 SHLIB_libxenstore  = $(SHDEPS_libxenstore) -Wl,-rpath-link=$(XEN_XENSTORE)
 
diff --git a/tools/xenstore/Makefile b/tools/xenstore/Makefile
index ff428e2..2b99d2b 100644
--- a/tools/xenstore/Makefile
+++ b/tools/xenstore/Makefile
@@ -11,6 +11,7 @@ CFLAGS += -include $(XEN_ROOT)/tools/config.h
 CFLAGS += -I./include
 CFLAGS += $(CFLAGS_libxenevtchn)
 CFLAGS += $(CFLAGS_libxenctrl)
+CFLAGS += $(CFLAGS_libxentoolcore)
 CFLAGS += -DXEN_LIB_STORED="\"$(XEN_LIB_STORED)\""
 CFLAGS += -DXEN_RUN_STORED="\"$(XEN_RUN_STORED)\""
 
@@ -85,10 +86,10 @@ $(CLIENTS): xenstore
 	ln -f xenstore $@
 
 xenstore: xenstore_client.o $(LIBXENSTORE)
-	$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
+	$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
 
 xenstore-control: xenstore_control.o $(LIBXENSTORE)
-	$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
+	$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
 
 xs_tdb_dump: xs_tdb_dump.o utils.o tdb.o talloc.o
 	$(CC) $^ $(LDFLAGS) -o $@ $(APPEND_LDFLAGS)
@@ -101,7 +102,7 @@ libxenstore.so.$(MAJOR): libxenstore.so.$(MAJOR).$(MINOR)
 xs.opic: CFLAGS += -DUSE_PTHREAD
 
 libxenstore.so.$(MAJOR).$(MINOR): xs.opic xs_lib.opic
-	$(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenstore.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(SOCKET_LIBS) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+	$(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenstore.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
 
 libxenstore.a: xs.o xs_lib.o
 	$(AR) rcs $@ $^
diff --git a/tools/xenstore/xenstore.pc.in b/tools/xenstore/xenstore.pc.in
index 45dc6b0..6fd72a1 100644
--- a/tools/xenstore/xenstore.pc.in
+++ b/tools/xenstore/xenstore.pc.in
@@ -7,4 +7,4 @@ Description: The Xenstore library for Xen hypervisor
 Version: @@version@@
 Cflags: -I${includedir} @@cflagslocal@@
 Libs: @@libsflag@@${libdir} -lxenstore
-Requires.private: xenevtchn,xencontrol,xengnttab
+Requires.private: xenevtchn,xencontrol,xengnttab,xentoolcore
diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
index 7f85bb2..ae4b878 100644
--- a/tools/xenstore/xs.c
+++ b/tools/xenstore/xs.c
@@ -35,6 +35,8 @@
 #include "list.h"
 #include "utils.h"
 
+#include <xentoolcore_internal.h>
+
 struct xs_stored_msg {
 	struct list_head list;
 	struct xsd_sockmsg hdr;
@@ -48,6 +50,7 @@ struct xs_stored_msg {
 struct xs_handle {
 	/* Communications channel to xenstore daemon. */
 	int fd;
+	Xentoolcore__Active_Handle tc_ah; /* for restrict */
 
 	/*
          * A read thread which pulls messages off the comms channel and
@@ -122,6 +125,7 @@ static void *read_thread(void *arg);
 
 struct xs_handle {
 	int fd;
+	Xentoolcore__Active_Handle tc_ah; /* for restrict */
 	struct list_head reply_list;
 	struct list_head watch_list;
 	/* Clients can select() on this pipe to wait for a watch to fire. */
@@ -219,6 +223,11 @@ static int get_dev(const char *connect_to)
 	return open(connect_to, O_RDWR);
 }
 
+static int all_restrict_cb(Xentoolcore__Active_Handle *ah, uint32_t domid) {
+    struct xs_handle *h = CONTAINER_OF(ah, *h, tc_ah);
+    return xentoolcore__restrict_by_dup2_null(h->fd);
+}
+
 static struct xs_handle *get_handle(const char *connect_to)
 {
 	struct stat buf;
@@ -232,6 +241,9 @@ static struct xs_handle *get_handle(const char *connect_to)
 	memset(h, 0, sizeof(*h));
 	h->fd = -1;
 
+	h->tc_ah.restrict_callback = all_restrict_cb;
+	xentoolcore__register_active_handle(&h->tc_ah);
+
 	if (stat(connect_to, &buf) != 0)
 		goto err;
 
@@ -269,6 +281,7 @@ err:
 	if (h) {
 		if (h->fd >= 0)
 			close(h->fd);
+		xentoolcore__deregister_active_handle(&h->tc_ah);
 	}
 	free(h);
 
@@ -330,6 +343,7 @@ static void close_fds_free(struct xs_handle *h) {
 	}
 
         close(h->fd);
+	xentoolcore__deregister_active_handle(&h->tc_ah);
         
 	free(h);
 }