# HG changeset patch # User David Scott # Date 1263336663 0 # Node ID 7ec163e4ed6c8efd53e3996a2e58abaf0213aec5 # Parent 59cc9bf262f2d433fb86941546c138c66184b510 CA-36384: [experimental PCI passthrough]: Move the RBAC PCI passthrough permissions check to the function which reads the VM config so that it becomes common to both hotplug and coldplug. Previously the check was only in the hotplug path. Signed-off-by: David Scott diff -r 59cc9bf262f2 -r 7ec163e4ed6c ocaml/xapi/vmops.ml --- a/ocaml/xapi/vmops.ml Tue Jan 12 22:51:02 2010 +0000 +++ b/ocaml/xapi/vmops.ml Tue Jan 12 22:51:03 2010 +0000 @@ -116,10 +116,13 @@ ) vifs let attach_pcis ~__context ~xc ~xs ~hvm domid pcis = - List.iter (fun (devid, devs) -> - Device.PCI.bind devs; - Device.PCI.add ~xc ~xs ~hvm ~msitranslate:0 ~pci_power_mgmt:0 devs domid devid - ) pcis + Helpers.log_exn_continue "attach_pcis" + (fun () -> + List.iter (fun (devid, devs) -> + Device.PCI.bind devs; + Device.PCI.add ~xc ~xs ~hvm ~msitranslate:0 ~pci_power_mgmt:0 devs domid devid + ) pcis + ) () (* Called on both VM.start and VM.resume codepaths to create vcpus in xenstore *) let create_cpus ~xs snapshot domid = @@ -480,17 +483,18 @@ if not (List.mem id !ids) then ids := id :: !ids ) devs; - List.map (fun id -> - id, (List.map snd (List.filter (fun (x, _) -> x = id) devs)) - ) !ids + let pcidevs = + List.map (fun id -> + id, (List.map snd (List.filter (fun (x, _) -> x = id) devs)) + ) !ids in + if pcidevs <> [] + then Rbac.assert_permission ~__context ~permission:Rbac_static.permission_internal_vm_plug_pcidevs; + pcidevs (* Hotplug the PCI devices into the domain (as opposed to 'attach_pcis') *) -let plug_pcidevs ~__context ~vm domid = +let plug_pcidevs ~__context ~vm domid pcidevs = Helpers.log_exn_continue "plug_pcidevs" (fun () -> - Rbac.assert_permission ~__context ~permission:Rbac_static.permission_internal_vm_plug_pcidevs; - let pcidevs = pcidevs_of_vm ~__context ~vm in - if List.length pcidevs > 0 then begin (* XXX: PCI passthrough needs a lot of work *) Vmopshelpers.with_xc_and_xs @@ -1000,12 +1004,7 @@ progress_cb 0.70; (* XXX: PCI passthrough needs a lot of work *) if not hvm - then Helpers.log_exn_continue "attaching PCI devices" - (fun () -> - debug "guest is PV: attaching PCI devices to domain"; - let pcis = pcidevs_of_vm ~__context ~vm in - attach_pcis ~__context ~xc ~xs ~hvm domid pcis; - ) (); + then attach_pcis ~__context ~xc ~xs ~hvm domid (pcidevs_of_vm ~__context ~vm); if (Xapi_globs.xenclient_enabled) && (not hvm) && (has_platform_flag snapshot.API.vM_platform "pv_qemu") then @@ -1015,7 +1014,7 @@ progress_cb 0.80; debug "creating device emulator"; let vncport = create_device_emulator ~__context ~xc ~xs ~self:vm domid vifs snapshot in - if hvm then plug_pcidevs ~__context ~vm domid; + if hvm then plug_pcidevs ~__context ~vm domid (pcidevs_of_vm ~__context ~vm); create_console ~__context ~vM:vm ~vncport (); debug "writing memory policy"; write_memory_policy ~xs snapshot domid; diff -r 59cc9bf262f2 -r 7ec163e4ed6c ocaml/xapi/xapi_vm.ml --- a/ocaml/xapi/xapi_vm.ml Tue Jan 12 22:51:02 2010 +0000 +++ b/ocaml/xapi/xapi_vm.ml Tue Jan 12 22:51:03 2010 +0000 @@ -807,7 +807,7 @@ Vmops.restore ~__context ~xc ~xs ~self:vm domid; Db.VM.set_domid ~__context ~self:vm ~value:(Int64.of_int domid); - Vmops.plug_pcidevs ~__context ~vm domid; + Vmops.plug_pcidevs ~__context ~vm domid (Vmops.pcidevs_of_vm ~__context ~vm); debug "resume phase 3/3: %s unpausing domain" (if start_paused then "not" else ""); diff -r 59cc9bf262f2 -r 7ec163e4ed6c ocaml/xapi/xapi_vm_migrate.ml --- a/ocaml/xapi/xapi_vm_migrate.ml Tue Jan 12 22:51:02 2010 +0000 +++ b/ocaml/xapi/xapi_vm_migrate.ml Tue Jan 12 22:51:03 2010 +0000 @@ -499,7 +499,7 @@ debug "Receiver 7b. unpausing domain"; Domain.unpause ~xc domid; - Vmops.plug_pcidevs ~__context ~vm domid; + Vmops.plug_pcidevs ~__context ~vm domid (Vmops.pcidevs_of_vm ~__context ~vm); Db.VM.set_domid ~__context ~self:vm ~value:(Int64.of_int domid); Helpers.call_api_functions ~__context