WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] xsm: Consolidate xsm processing within do

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] xsm: Consolidate xsm processing within domain control hypercall.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 05 Dec 2007 05:40:12 -0800
Delivery-date: Wed, 05 Dec 2007 05:41:16 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1196763935 0
# Node ID d2bef6551c1263e457aef75ce403ba53652a803f
# Parent  190c2592247d3258d6b2c60939d27928c70ac5ca
xsm: Consolidate xsm processing within domain control hypercall.

Consolidate all the 15 xsm calls from within do_domctl a single
routine that is only called in one place, xsm_domctl:

int xsm_domctl (struct xen_domctl *domctl);

The parameter to domctl is a pointer to the xen_domctl structure that
contains a union of all sub operational parameters.

The benefits of this patch include:

(1) Easier to maintain because there is one place in the entire
hypercall to check with the xsm, instead of 15 or more.

(2) New sub-operations don't also need to add a corresponding xsm
    function.

(3) Removes 178 lines of code.

(4) Enhanced security because of 1-4.

Signed-off-by: Mike D. Day <ncmike@xxxxxxxxxx>
---
 xen/common/domctl.c   |   95 ++--------------------------------------
 xen/include/xsm/xsm.h |  117 +++++---------------------------------------------
 2 files changed, 17 insertions(+), 195 deletions(-)

diff -r 190c2592247d -r d2bef6551c12 xen/common/domctl.c
--- a/xen/common/domctl.c       Tue Dec 04 10:17:32 2007 +0000
+++ b/xen/common/domctl.c       Tue Dec 04 10:25:35 2007 +0000
@@ -187,6 +187,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
 
     spin_lock(&domctl_lock);
 
+    if ( xsm_domctl(op) )
+        goto domctl_out;
+
     switch ( op->cmd )
     {
 
@@ -200,10 +203,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d == NULL )
             break;
-
-        ret = xsm_setvcpucontext(d);
-        if ( ret )
-            goto svc_out;
 
         ret = -EINVAL;
         if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
@@ -252,17 +251,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d != NULL )
         {
-            ret = xsm_pausedomain(d);
-            if ( ret )
-                goto pausedomain_out;
-
             ret = -EINVAL;
             if ( d != current->domain )
             {
                 domain_pause_by_systemcontroller(d);
                 ret = 0;
             }
-        pausedomain_out:
             rcu_unlock_domain(d);
         }
     }
@@ -275,14 +269,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d == NULL )
             break;
-
-        ret = xsm_unpausedomain(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
-
         domain_unpause_by_systemcontroller(d);
         rcu_unlock_domain(d);
         ret = 0;
@@ -296,13 +282,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d == NULL )
             break;
-
-        ret = xsm_resumedomain(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
 
         domain_resume(d);
         rcu_unlock_domain(d);
@@ -379,13 +358,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
-        ret = xsm_max_vcpus(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
-
         /* Needed, for example, to ensure writable p.t. state is synced. */
         domain_pause(d);
 
@@ -422,7 +394,7 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d != NULL )
         {
-            ret = xsm_destroydomain(d) ? : domain_kill(d);
+            domain_kill(d);
             rcu_unlock_domain(d);
         }
     }
@@ -440,10 +412,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
-        ret = xsm_vcpuaffinity(op->cmd, d);
-        if ( ret )
-            goto vcpuaffinity_out;
-
         ret = -EINVAL;
         if ( op->u.vcpuaffinity.vcpu >= MAX_VIRT_CPUS )
             goto vcpuaffinity_out;
@@ -478,15 +446,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
-        ret = xsm_scheduler(d);
-        if ( ret )
-            goto scheduler_op_out;
-
         ret = sched_adjust(d, &op->u.scheduler_op);
         if ( copy_to_guest(u_domctl, op, 1) )
             ret = -EFAULT;
 
-    scheduler_op_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -509,17 +472,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
             break;
         }
 
-        ret = xsm_getdomaininfo(d);
-        if ( ret )
-            goto getdomaininfo_out;
-
         getdomaininfo(d, &op->u.getdomaininfo);
 
         op->domain = op->u.getdomaininfo.domain;
         if ( copy_to_guest(u_domctl, op, 1) )
             ret = -EFAULT;
 
-    getdomaininfo_out:
         rcu_read_unlock(&domlist_read_lock);
     }
     break;
@@ -533,10 +491,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
-
-        ret = xsm_getvcpucontext(d);
-        if ( ret )
-            goto getvcpucontext_out;
 
         ret = -EINVAL;
         if ( op->u.vcpucontext.vcpu >= MAX_VIRT_CPUS )
@@ -594,10 +548,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
-        ret = xsm_getvcpuinfo(d);
-        if ( ret )
-            goto getvcpuinfo_out;
-
         ret = -EINVAL;
         if ( op->u.getvcpuinfo.vcpu >= MAX_VIRT_CPUS )
             goto getvcpuinfo_out;
@@ -633,10 +583,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
-        ret = xsm_setdomainmaxmem(d);
-        if ( ret )
-            goto max_mem_out;
-
         ret = -EINVAL;
         new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
 
@@ -651,7 +597,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         }
         spin_unlock(&d->page_alloc_lock);
 
-    max_mem_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -664,13 +609,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
-
-        ret = xsm_setdomainhandle(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
 
         memcpy(d->handle, op->u.setdomainhandle.handle,
                sizeof(xen_domain_handle_t));
@@ -687,13 +625,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
-
-        ret = xsm_setdebugging(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
 
         domain_pause(d);
         d->debugger_attached = !!op->u.setdebugging.enable;
@@ -717,16 +648,11 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
-        ret = xsm_irq_permission(d, pirq, op->u.irq_permission.allow_access);
-        if ( ret )
-            goto irq_permission_out;
-        
         if ( op->u.irq_permission.allow_access )
             ret = irq_permit_access(d, pirq);
         else
             ret = irq_deny_access(d, pirq);
 
-    irq_permission_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -745,17 +671,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
-
-        ret = xsm_iomem_permission(d, mfn, 
op->u.iomem_permission.allow_access);
-        if ( ret )
-            goto iomem_permission_out;
 
         if ( op->u.iomem_permission.allow_access )
             ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
         else
             ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
 
-    iomem_permission_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -768,13 +689,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d != NULL )
         {
-            ret = xsm_domain_settime(d);
-            if ( ret )
-            {
-                rcu_unlock_domain(d);
-                break;
-            }
-
             d->time_offset_seconds = op->u.settimeoffset.time_offset_seconds;
             rcu_unlock_domain(d);
             ret = 0;
@@ -787,6 +701,7 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         break;
     }
 
+domctl_out:
     spin_unlock(&domctl_lock);
 
     return ret;
diff -r 190c2592247d -r d2bef6551c12 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h     Tue Dec 04 10:17:32 2007 +0000
+++ b/xen/include/xsm/xsm.h     Tue Dec 04 10:25:35 2007 +0000
@@ -50,34 +50,18 @@ extern xsm_initcall_t __xsm_initcall_sta
 
 struct xsm_operations {
     void (*security_domaininfo) (struct domain *d,
-                                        struct xen_domctl_getdomaininfo *info);
-    int (*setvcpucontext) (struct domain *d);
-    int (*pausedomain) (struct domain *d);
-    int (*unpausedomain) (struct domain *d);
-    int (*resumedomain) (struct domain *d);
+                                 struct xen_domctl_getdomaininfo *info);
+    int (*domctl) (struct xen_domctl *domctl);
     int (*domain_create) (struct domain *d, u32 ssidref);
-    int (*max_vcpus) (struct domain *d);
-    int (*destroydomain) (struct domain *d);
-    int (*vcpuaffinity) (int cmd, struct domain *d);
-    int (*scheduler) (struct domain *d);
     int (*getdomaininfo) (struct domain *d);
-    int (*getvcpucontext) (struct domain *d);
-    int (*getvcpuinfo) (struct domain *d);
-    int (*domain_settime) (struct domain *d);
     int (*tbufcontrol) (void);
     int (*readconsole) (uint32_t clear);
     int (*sched_id) (void);
-    int (*setdomainmaxmem) (struct domain *d);
-    int (*setdomainhandle) (struct domain *d);
-    int (*setdebugging) (struct domain *d);
-    int (*irq_permission) (struct domain *d, uint8_t pirq, uint8_t access);
-    int (*iomem_permission) (struct domain *d, unsigned long mfn, 
-                                                                uint8_t 
access);
     int (*perfcontrol) (void);
 
     int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
     int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
-                                        struct domain *d2, struct evtchn 
*chn2);
+                               struct domain *d2, struct evtchn *chn2);
     void (*evtchn_close_post) (struct evtchn *chn);
     int (*evtchn_send) (struct domain *d, struct evtchn *chn);
     int (*evtchn_status) (struct domain *d, struct evtchn *chn);
@@ -149,69 +133,19 @@ static inline void xsm_security_domainin
     xsm_call(security_domaininfo(d, info));
 }
 
-static inline int xsm_setvcpucontext(struct domain *d)
-{
-    return xsm_call(setvcpucontext(d));
-}
-
-static inline int xsm_pausedomain (struct domain *d)
-{
-    return xsm_call(pausedomain(d));
-}
-
-static inline int xsm_unpausedomain (struct domain *d)
-{
-    return xsm_call(unpausedomain(d));
-}
-
-static inline int xsm_resumedomain (struct domain *d)
-{
-    return xsm_call(resumedomain(d));
-}
-
-static inline int xsm_domain_create (struct domain *d, u32 ssidref)
+static inline int xsm_domctl(struct xen_domctl *domctl)
+{
+    return xsm_call(domctl(domctl));
+}
+
+static inline int xsm_domain_create(struct domain *d, u32 ssidref)
 {
     return xsm_call(domain_create(d, ssidref));
 }
 
-static inline int xsm_max_vcpus(struct domain *d)
-{
-    return xsm_call(max_vcpus(d));
-}
-
-static inline int xsm_destroydomain (struct domain *d)
-{
-    return xsm_call(destroydomain(d));
-}
-
-static inline int xsm_vcpuaffinity (int cmd, struct domain *d)
-{
-    return xsm_call(vcpuaffinity(cmd, d));
-}
-
-static inline int xsm_scheduler (struct domain *d)
-{
-    return xsm_call(scheduler(d));
-}
-
-static inline int xsm_getdomaininfo (struct domain *d)
-{
-    return xsm_call(getdomaininfo(d));
-}
-
-static inline int xsm_getvcpucontext (struct domain *d)
-{
-    return xsm_call(getvcpucontext(d));
-}
-
-static inline int xsm_getvcpuinfo (struct domain *d)
-{
-    return xsm_call(getvcpuinfo(d));
-}
-
-static inline int xsm_domain_settime (struct domain *d)
-{
-    return xsm_call(domain_settime(d));
+static inline int xsm_getdomaininfo(struct domain *d)
+{
+    return xsm_call(domain_getdomaininfo(d));
 }
 
 static inline int xsm_tbufcontrol (void)
@@ -227,33 +161,6 @@ static inline int xsm_sched_id (void)
 static inline int xsm_sched_id (void)
 {
     return xsm_call(sched_id());
-}
-
-static inline int xsm_setdomainmaxmem (struct domain *d)
-{
-    return xsm_call(setdomainmaxmem(d));
-}
-
-static inline int xsm_setdomainhandle (struct domain *d)
-{
-    return xsm_call(setdomainhandle(d));
-}
-
-static inline int xsm_setdebugging (struct domain *d)
-{
-    return xsm_call(setdebugging(d));
-}
-
-static inline int xsm_irq_permission (struct domain *d, uint8_t pirq,
-                                                                uint8_t access)
-{
-    return xsm_call(irq_permission(d, pirq, access));
-} 
-
-static inline int xsm_iomem_permission (struct domain *d, unsigned long mfn,
-                                                                uint8_t access)
-{
-    return xsm_call(iomem_permission(d, mfn, access));
 }
 
 static inline int xsm_perfcontrol (void)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] xsm: Consolidate xsm processing within domain control hypercall., Xen patchbot-unstable <=