WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] xend, security: Prevent changing of the p

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] xend, security: Prevent changing of the policy while VMs are migrating
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 05 Nov 2008 07:01:01 -0800
Delivery-date: Wed, 05 Nov 2008 07:04:06 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1225880606 0
# Node ID ef202be3cf54e27cef7427739c5458435ec085f8
# Parent  484cf12ba667a3d2077bda3df24177ace78ff3fe
xend, security: Prevent changing of the policy while VMs are migrating

The net changes of this patch are that the reader-side lock is put
into the path of the migration code and the writer lock into the path
of the code that handles the changing of the policy. Simultaneous
migrations of multiple hosts still work after this lock has been added.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/python/xen/xend/XendDomain.py     |   29 +++++---
 tools/python/xen/xend/XendDomainInfo.py |  111 ++++++++++++++++----------------
 2 files changed, 76 insertions(+), 64 deletions(-)

diff -r 484cf12ba667 -r ef202be3cf54 tools/python/xen/xend/XendDomain.py
--- a/tools/python/xen/xend/XendDomain.py       Wed Nov 05 10:22:19 2008 +0000
+++ b/tools/python/xen/xend/XendDomain.py       Wed Nov 05 10:23:26 2008 +0000
@@ -50,7 +50,7 @@ from xen.xend.XendAPIConstants import *
 
 from xen.xend.xenstore.xstransact import xstransact
 from xen.xend.xenstore.xswatch import xswatch
-from xen.util import mkdir
+from xen.util import mkdir, rwlock
 from xen.xend import uuid
 
 xc = xen.lowlevel.xc.xc()
@@ -92,6 +92,8 @@ class XendDomain:
         self.domains = {}
         self.managed_domains = {}
         self.domains_lock = threading.RLock()
+
+        self.policy_lock = rwlock.RWLock()
 
         # xen api instance vars
         # TODO: nothing uses this at the moment
@@ -1139,16 +1141,21 @@ class XendDomain:
         """
 
         try:
-            return XendCheckpoint.restore(self, fd, paused=paused, 
relocating=relocating)
-        except XendError, e:
-            log.exception("Restore failed")
-            raise
-        except:
-            # I don't really want to log this exception here, but the error
-            # handling in the relocation-socket handling code (relocate.py) is
-            # poor, so we need to log this for debugging.
-            log.exception("Restore failed")
-            raise XendError("Restore failed")
+            self.policy_lock.acquire_reader()
+
+            try:
+                return XendCheckpoint.restore(self, fd, paused=paused, 
relocating=relocating)
+            except XendError, e:
+                log.exception("Restore failed")
+                raise
+            except:
+                # I don't really want to log this exception here, but the error
+                # handling in the relocation-socket handling code 
(relocate.py) is
+                # poor, so we need to log this for debugging.
+                log.exception("Restore failed")
+                raise XendError("Restore failed")
+        finally:
+            self.policy_lock.release()
  
     def domain_unpause(self, domid):
         """Unpause domain execution.
diff -r 484cf12ba667 -r ef202be3cf54 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py   Wed Nov 05 10:22:19 2008 +0000
+++ b/tools/python/xen/xend/XendDomainInfo.py   Wed Nov 05 10:23:26 2008 +0000
@@ -3011,64 +3011,69 @@ class XendDomainInfo:
         if not xspol:
             xspol = poladmin.get_policy_by_name(policy)
 
-        if state in [ DOM_STATE_RUNNING, DOM_STATE_PAUSED ]:
-            #if domain is running or paused try to relabel in hypervisor
-            if not xspol:
-                return (-xsconstants.XSERR_POLICY_NOT_LOADED, "", "", 0)
-
-            if typ != xspol.get_type_name() or \
-               policy != xspol.get_name():
-                return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
-
-            if typ == xsconstants.ACM_POLICY_ID:
-                new_ssidref = xspol.vmlabel_to_ssidref(label)
-                if new_ssidref == xsconstants.INVALID_SSIDREF:
+        try:
+            xen.xend.XendDomain.instance().policy_lock.acquire_writer()
+
+            if state in [ DOM_STATE_RUNNING, DOM_STATE_PAUSED ]:
+                #if domain is running or paused try to relabel in hypervisor
+                if not xspol:
+                    return (-xsconstants.XSERR_POLICY_NOT_LOADED, "", "", 0)
+
+                if typ != xspol.get_type_name() or \
+                   policy != xspol.get_name():
                     return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
 
-                # Check that all used resources are accessible under the
-                # new label
-                if not is_policy_update and \
-                   not security.resources_compatible_with_vmlabel(xspol,
-                          self, label):
-                    return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
-
-                #Check label against expected one. Can only do this
-                # if the policy hasn't changed underneath in the meantime
-                if xspol_old == None:
-                    old_label = self.get_security_label()
-                    if old_label != old_seclab:
-                        log.info("old_label != old_seclab: %s != %s" %
-                                 (old_label, old_seclab))
+                if typ == xsconstants.ACM_POLICY_ID:
+                    new_ssidref = xspol.vmlabel_to_ssidref(label)
+                    if new_ssidref == xsconstants.INVALID_SSIDREF:
                         return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
 
-                # relabel domain in the hypervisor
-                rc, errors = security.relabel_domains([[domid, new_ssidref]])
-                log.info("rc from relabeling in HV: %d" % rc)
-            else:
-                return (-xsconstants.XSERR_POLICY_TYPE_UNSUPPORTED, "", "", 0)
-
-        if rc == 0:
-            # HALTED, RUNNING or PAUSED
-            if domid == 0:
-                if xspol:
+                    # Check that all used resources are accessible under the
+                    # new label
+                    if not is_policy_update and \
+                       not security.resources_compatible_with_vmlabel(xspol,
+                              self, label):
+                        return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
+
+                    #Check label against expected one. Can only do this
+                    # if the policy hasn't changed underneath in the meantime
+                    if xspol_old == None:
+                        old_label = self.get_security_label()
+                        if old_label != old_seclab:
+                            log.info("old_label != old_seclab: %s != %s" %
+                                     (old_label, old_seclab))
+                            return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
+
+                    # relabel domain in the hypervisor
+                    rc, errors = security.relabel_domains([[domid, 
new_ssidref]])
+                    log.info("rc from relabeling in HV: %d" % rc)
+                else:
+                    return (-xsconstants.XSERR_POLICY_TYPE_UNSUPPORTED, "", 
"", 0)
+
+            if rc == 0:
+                # HALTED, RUNNING or PAUSED
+                if domid == 0:
+                    if xspol:
+                        self.info['security_label'] = seclab
+                        ssidref = poladmin.set_domain0_bootlabel(xspol, label)
+                    else:
+                        return (-xsconstants.XSERR_POLICY_NOT_LOADED, "", "", 
0)
+                else:
+                    if self.info.has_key('security_label'):
+                        old_label = self.info['security_label']
+                        # Check label against expected one, unless wildcard
+                        if old_label != old_seclab:
+                            return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
+
                     self.info['security_label'] = seclab
-                    ssidref = poladmin.set_domain0_bootlabel(xspol, label)
-                else:
-                    return (-xsconstants.XSERR_POLICY_NOT_LOADED, "", "", 0)
-            else:
-                if self.info.has_key('security_label'):
-                    old_label = self.info['security_label']
-                    # Check label against expected one, unless wildcard
-                    if old_label != old_seclab:
-                        return (-xsconstants.XSERR_BAD_LABEL, "", "", 0)
-
-                self.info['security_label'] = seclab
-
-                try:
-                    xen.xend.XendDomain.instance().managed_config_save(self)
-                except:
-                    pass
-        return (rc, errors, old_label, new_ssidref)
+
+                    try:
+                        
xen.xend.XendDomain.instance().managed_config_save(self)
+                    except:
+                        pass
+            return (rc, errors, old_label, new_ssidref)
+        finally:
+            xen.xend.XendDomain.instance().policy_lock.release()
 
     def get_on_shutdown(self):
         after_shutdown = self.info.get('actions_after_shutdown')

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] xend, security: Prevent changing of the policy while VMs are migrating, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] xend: Add a multi-reader-single-writer lock implementation, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] x86, hvm: Only warn on memory attribute conflicts for real RAM., Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] xend: Add a multi-reader-single-writer lock implementation, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] x86, hvm: Only warn on memory attribute conflicts for real RAM., Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy