# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1191847397 -3600
# Node ID de68316bd2faf801447674387bd23f28b12090cc
# Parent 685054d5fa48bd6432d9cf14be7ece1329135994
xend, xsm: Lock domain access while modifying policy.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
tools/python/xen/util/xsm/acm/acm.py | 27 +++++++++++++++++++--------
tools/python/xen/xend/XendXSPolicy.py | 7 +------
tools/python/xen/xend/XendXSPolicyAdmin.py | 18 ++++++++++++++++++
3 files changed, 38 insertions(+), 14 deletions(-)
diff -r 685054d5fa48 -r de68316bd2fa tools/python/xen/util/xsm/acm/acm.py
--- a/tools/python/xen/util/xsm/acm/acm.py Mon Oct 08 10:57:32 2007 +0100
+++ b/tools/python/xen/util/xsm/acm/acm.py Mon Oct 08 13:43:17 2007 +0100
@@ -101,6 +101,13 @@ def mapfile_lock():
def mapfile_unlock():
__mapfile_lock.release()
+
+
+def resfile_lock():
+ __resfile_lock.acquire()
+
+def resfile_unlock():
+ __resfile_lock.release()
def refresh_security_policy():
@@ -961,7 +968,7 @@ def resources_compatible_with_vmlabel(xs
return False
try:
- __resfile_lock.acquire()
+ resfile_lock()
try:
access_control = dictio.dict_read("resources",
res_label_filename)
@@ -971,7 +978,7 @@ def resources_compatible_with_vmlabel(xs
return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel,
access_control)
finally:
- __resfile_lock.release()
+ resfile_unlock()
return False
@@ -1053,7 +1060,7 @@ def set_resource_label(resource, policyt
return -xsconstants.XSERR_RESOURCE_IN_USE
try:
- __resfile_lock.acquire()
+ resfile_lock()
access_control = {}
try:
access_control = dictio.dict_read("resources", res_label_filename)
@@ -1075,7 +1082,7 @@ def set_resource_label(resource, policyt
del access_control[resource]
dictio.dict_write(access_control, "resources", res_label_filename)
finally:
- __resfile_lock.release()
+ resfile_unlock()
return xsconstants.XSERR_SUCCESS
def rm_resource_label(resource, oldlabel_xapi):
@@ -1158,13 +1165,13 @@ def get_labeled_resources():
@return list of labeled resources
"""
try:
- __resfile_lock.acquire()
+ resfile_lock()
try:
access_control = dictio.dict_read("resources", res_label_filename)
except:
return {}
finally:
- __resfile_lock.release()
+ resfile_unlock()
return access_control
@@ -1213,6 +1220,9 @@ def change_acm_policy(bin_pol, del_array
- Attempt changes in the hypervisor; if this step fails,
roll back the relabeling of resources and VMs
- Make the relabeling of resources and VMs permanent
+
+ This function should be called with the lock to the domains
+ held (XendDomain.instance().domains_lock)
"""
rc = xsconstants.XSERR_SUCCESS
@@ -1225,7 +1235,7 @@ def change_acm_policy(bin_pol, del_array
errors=""
try:
- __resfile_lock.acquire()
+ resfile_lock()
mapfile_lock()
# Get all domains' dominfo.
@@ -1240,6 +1250,7 @@ def change_acm_policy(bin_pol, del_array
access_control = dictio.dict_read("resources", res_label_filename)
except:
pass
+
for key, labeldata in access_control.items():
if len(labeldata) == 2:
policy, label = labeldata
@@ -1328,7 +1339,7 @@ def change_acm_policy(bin_pol, del_array
finally:
log.info("----------------------------------------------")
mapfile_unlock()
- __resfile_lock.release()
+ resfile_unlock()
return rc, errors
diff -r 685054d5fa48 -r de68316bd2fa tools/python/xen/xend/XendXSPolicy.py
--- a/tools/python/xen/xend/XendXSPolicy.py Mon Oct 08 10:57:32 2007 +0100
+++ b/tools/python/xen/xend/XendXSPolicy.py Mon Oct 08 13:43:17 2007 +0100
@@ -130,9 +130,7 @@ class XendXSPolicy(XendBase):
if refs and len(refs) > 0:
ref = refs[0]
xspol = XSPolicyAdminInstance().policy_from_ref(ref)
- try:
- xspol.grab_lock()
-
+ if xspol:
polstate = {
'xs_ref' : ref,
'repr' : xspol.toxml(),
@@ -142,9 +140,6 @@ class XendXSPolicy(XendBase):
'errors' : "",
'xserr' : 0,
}
- finally:
- if xspol:
- xspol.unlock()
return polstate
def rm_xsbootpolicy(self):
diff -r 685054d5fa48 -r de68316bd2fa tools/python/xen/xend/XendXSPolicyAdmin.py
--- a/tools/python/xen/xend/XendXSPolicyAdmin.py Mon Oct 08 10:57:32
2007 +0100
+++ b/tools/python/xen/xend/XendXSPolicyAdmin.py Mon Oct 08 13:43:17
2007 +0100
@@ -94,6 +94,15 @@ class XSPolicyAdmin:
If flags is True, then any existing policy will be removed from
the system and the new one will be installed
"""
+ from xen.xend import XendDomain
+ domains = XendDomain.instance()
+ try:
+ domains.domains_lock.acquire()
+ return self.__add_acmpolicy_to_system(xmltext, flags, overwrite)
+ finally:
+ domains.domains_lock.release()
+
+ def __add_acmpolicy_to_system(self, xmltext, flags, overwrite):
errors = ""
loadedpol = self.get_loaded_policy()
if loadedpol:
@@ -182,6 +191,15 @@ class XSPolicyAdmin:
return xsconstants.XSERR_SUCCESS
def activate_xspolicy(self, xspol, flags):
+ from xen.xend import XendDomain
+ domains = XendDomain.instance()
+ try:
+ domains.domains_lock.acquire()
+ return self.__activate_xspolicy(xspol, flags)
+ finally:
+ domains.domains_lock.release()
+
+ def __activate_xspolicy(self, xspol, flags):
rc = xsconstants.XSERR_SUCCESS
if flags & xsconstants.XS_INST_LOAD:
rc = xspol.loadintohv()
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home