WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] consolidate xsm processing within domain control hyp

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] consolidate xsm processing within domain control hypercall
From: "Mike D. Day" <ncmike@xxxxxxxxxx>
Date: Thu, 29 Nov 2007 09:57:34 -0500
Delivery-date: Thu, 29 Nov 2007 06:58:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: IBM Linux Technology Center
Reply-to: ncmike@xxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.15+20070412 (2007-04-11)
Consolidate all the 15 xsm calls from within do_domctl a single
routine that is only called in one place, xsm_domctl:

int xsm_domctl (struct xen_domctl *domctl);

The parameter to domctl is a pointer to the xen_domctl structure that
contains a union of all sub operational parameters.

The benefits of this patch include:

(1) Easier to maintain because there is one place in the entire
hypercall to check with the xsm, instead of 15 or more.

(2) New sub-operations don't also need to add a corresponding xsm function.

(3) Removes 178 lines of code.

(4) Enhanced security because of 1-4.

Signed-off-by: Mike D. Day <ncmike@xxxxxxxxxx>
---

When updating my scheduling group patches I started looking at the xsm
code in domctl.c. This patch makes it easier for me to update my
scheduling group patches, but it should be considered on its own.

 common/domctl.c   |   95 ++------------------------------------------
 include/xsm/xsm.h |  115 +++++-------------------------------------------------
 2 files changed, 16 insertions(+), 194 deletions(-)

diff -r 26e766e0c628 xen/common/domctl.c
--- a/xen/common/domctl.c       Mon Nov 26 22:28:48 2007 +0000
+++ b/xen/common/domctl.c       Thu Nov 29 07:54:42 2007 -0500
@@ -187,6 +187,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
 
     spin_lock(&domctl_lock);
 
+    if ( xsm_domctl(op) )
+        goto domctl_out;
+
     switch ( op->cmd )
     {
 
@@ -200,10 +203,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d == NULL )
             break;
-
-        ret = xsm_setvcpucontext(d);
-        if ( ret )
-            goto svc_out;
 
         ret = -EINVAL;
         if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
@@ -252,17 +251,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d != NULL )
         {
-            ret = xsm_pausedomain(d);
-            if ( ret )
-                goto pausedomain_out;
-
             ret = -EINVAL;
             if ( d != current->domain )
             {
                 domain_pause_by_systemcontroller(d);
                 ret = 0;
             }
-        pausedomain_out:
             rcu_unlock_domain(d);
         }
     }
@@ -275,14 +269,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d == NULL )
             break;
-
-        ret = xsm_unpausedomain(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
-
         domain_unpause_by_systemcontroller(d);
         rcu_unlock_domain(d);
         ret = 0;
@@ -296,13 +282,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d == NULL )
             break;
-
-        ret = xsm_resumedomain(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
 
         domain_resume(d);
         rcu_unlock_domain(d);
@@ -379,13 +358,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
-        ret = xsm_max_vcpus(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
-
         /* Needed, for example, to ensure writable p.t. state is synced. */
         domain_pause(d);
 
@@ -422,7 +394,7 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( d != NULL )
         {
-            ret = xsm_destroydomain(d) ? : domain_kill(d);
+            domain_kill(d);
             rcu_unlock_domain(d);
         }
     }
@@ -440,10 +412,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
-        ret = xsm_vcpuaffinity(op->cmd, d);
-        if ( ret )
-            goto vcpuaffinity_out;
-
         ret = -EINVAL;
         if ( op->u.vcpuaffinity.vcpu >= MAX_VIRT_CPUS )
             goto vcpuaffinity_out;
@@ -478,15 +446,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
-        ret = xsm_scheduler(d);
-        if ( ret )
-            goto scheduler_op_out;
-
         ret = sched_adjust(d, &op->u.scheduler_op);
         if ( copy_to_guest(u_domctl, op, 1) )
             ret = -EFAULT;
 
-    scheduler_op_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -509,17 +472,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
             break;
         }
 
-        ret = xsm_getdomaininfo(d);
-        if ( ret )
-            goto getdomaininfo_out;
-
         getdomaininfo(d, &op->u.getdomaininfo);
 
         op->domain = op->u.getdomaininfo.domain;
         if ( copy_to_guest(u_domctl, op, 1) )
             ret = -EFAULT;
 
-    getdomaininfo_out:
         rcu_read_unlock(&domlist_read_lock);
     }
     break;
@@ -533,10 +491,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
-
-        ret = xsm_getvcpucontext(d);
-        if ( ret )
-            goto getvcpucontext_out;
 
         ret = -EINVAL;
         if ( op->u.vcpucontext.vcpu >= MAX_VIRT_CPUS )
@@ -594,10 +548,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
-        ret = xsm_getvcpuinfo(d);
-        if ( ret )
-            goto getvcpuinfo_out;
-
         ret = -EINVAL;
         if ( op->u.getvcpuinfo.vcpu >= MAX_VIRT_CPUS )
             goto getvcpuinfo_out;
@@ -633,10 +583,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
-        ret = xsm_setdomainmaxmem(d);
-        if ( ret )
-            goto max_mem_out;
-
         ret = -EINVAL;
         new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
 
@@ -651,7 +597,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         }
         spin_unlock(&d->page_alloc_lock);
 
-    max_mem_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -664,13 +609,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
-
-        ret = xsm_setdomainhandle(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
 
         memcpy(d->handle, op->u.setdomainhandle.handle,
                sizeof(xen_domain_handle_t));
@@ -687,13 +625,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
-
-        ret = xsm_setdebugging(d);
-        if ( ret )
-        {
-            rcu_unlock_domain(d);
-            break;
-        }
 
         domain_pause(d);
         d->debugger_attached = !!op->u.setdebugging.enable;
@@ -717,16 +648,11 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         if ( d == NULL )
             break;
 
-        ret = xsm_irq_permission(d, pirq, op->u.irq_permission.allow_access);
-        if ( ret )
-            goto irq_permission_out;
-        
         if ( op->u.irq_permission.allow_access )
             ret = irq_permit_access(d, pirq);
         else
             ret = irq_deny_access(d, pirq);
 
-    irq_permission_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -745,17 +671,12 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d == NULL )
             break;
-
-        ret = xsm_iomem_permission(d, mfn, 
op->u.iomem_permission.allow_access);
-        if ( ret )
-            goto iomem_permission_out;
 
         if ( op->u.iomem_permission.allow_access )
             ret = iomem_permit_access(d, mfn, mfn + nr_mfns - 1);
         else
             ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
 
-    iomem_permission_out:
         rcu_unlock_domain(d);
     }
     break;
@@ -768,13 +689,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         d = rcu_lock_domain_by_id(op->domain);
         if ( d != NULL )
         {
-            ret = xsm_domain_settime(d);
-            if ( ret )
-            {
-                rcu_unlock_domain(d);
-                break;
-            }
-
             d->time_offset_seconds = op->u.settimeoffset.time_offset_seconds;
             rcu_unlock_domain(d);
             ret = 0;
@@ -787,6 +701,7 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
         break;
     }
 
+domctl_out:
     spin_unlock(&domctl_lock);
 
     return ret;
diff -r 26e766e0c628 xen/include/xsm/xsm.h
--- a/xen/include/xsm/xsm.h     Mon Nov 26 22:28:48 2007 +0000
+++ b/xen/include/xsm/xsm.h     Thu Nov 29 07:54:42 2007 -0500
@@ -50,34 +50,18 @@ extern xsm_initcall_t __xsm_initcall_sta
 
 struct xsm_operations {
     void (*security_domaininfo) (struct domain *d,
-                                        struct xen_domctl_getdomaininfo *info);
-    int (*setvcpucontext) (struct domain *d);
-    int (*pausedomain) (struct domain *d);
-    int (*unpausedomain) (struct domain *d);
-    int (*resumedomain) (struct domain *d);
+                                 struct xen_domctl_getdomaininfo *info);
+    int (*domctl) (struct xen_domctl *domctl);
     int (*domain_create) (struct domain *d, u32 ssidref);
-    int (*max_vcpus) (struct domain *d);
-    int (*destroydomain) (struct domain *d);
-    int (*vcpuaffinity) (int cmd, struct domain *d);
-    int (*scheduler) (struct domain *d);
     int (*getdomaininfo) (struct domain *d);
-    int (*getvcpucontext) (struct domain *d);
-    int (*getvcpuinfo) (struct domain *d);
-    int (*domain_settime) (struct domain *d);
     int (*tbufcontrol) (void);
     int (*readconsole) (uint32_t clear);
     int (*sched_id) (void);
-    int (*setdomainmaxmem) (struct domain *d);
-    int (*setdomainhandle) (struct domain *d);
-    int (*setdebugging) (struct domain *d);
-    int (*irq_permission) (struct domain *d, uint8_t pirq, uint8_t access);
-    int (*iomem_permission) (struct domain *d, unsigned long mfn, 
-                                                                uint8_t 
access);
     int (*perfcontrol) (void);
 
     int (*evtchn_unbound) (struct domain *d, struct evtchn *chn, domid_t id2);
     int (*evtchn_interdomain) (struct domain *d1, struct evtchn *chn1,
-                                        struct domain *d2, struct evtchn 
*chn2);
+                               struct domain *d2, struct evtchn *chn2);
     void (*evtchn_close_post) (struct evtchn *chn);
     int (*evtchn_send) (struct domain *d, struct evtchn *chn);
     int (*evtchn_status) (struct domain *d, struct evtchn *chn);
@@ -149,69 +133,19 @@ static inline void xsm_security_domainin
     xsm_call(security_domaininfo(d, info));
 }
 
-static inline int xsm_setvcpucontext(struct domain *d)
-{
-    return xsm_call(setvcpucontext(d));
-}
-
-static inline int xsm_pausedomain (struct domain *d)
-{
-    return xsm_call(pausedomain(d));
-}
-
-static inline int xsm_unpausedomain (struct domain *d)
-{
-    return xsm_call(unpausedomain(d));
-}
-
-static inline int xsm_resumedomain (struct domain *d)
-{
-    return xsm_call(resumedomain(d));
-}
-
-static inline int xsm_domain_create (struct domain *d, u32 ssidref)
+static inline int xsm_domctl(struct xen_domctl *domctl)
+{
+    return xsm_call(domctl(domctl));
+}
+
+static inline int xsm_domain_create(struct domain *d, u32 ssidref)
 {
     return xsm_call(domain_create(d, ssidref));
 }
 
-static inline int xsm_max_vcpus(struct domain *d)
-{
-    return xsm_call(max_vcpus(d));
-}
-
-static inline int xsm_destroydomain (struct domain *d)
-{
-    return xsm_call(destroydomain(d));
-}
-
-static inline int xsm_vcpuaffinity (int cmd, struct domain *d)
-{
-    return xsm_call(vcpuaffinity(cmd, d));
-}
-
-static inline int xsm_scheduler (struct domain *d)
-{
-    return xsm_call(scheduler(d));
-}
-
-static inline int xsm_getdomaininfo (struct domain *d)
-{
-    return xsm_call(getdomaininfo(d));
-}
-
-static inline int xsm_getvcpucontext (struct domain *d)
-{
-    return xsm_call(getvcpucontext(d));
-}
-
-static inline int xsm_getvcpuinfo (struct domain *d)
-{
-    return xsm_call(getvcpuinfo(d));
-}
-
-static inline int xsm_domain_settime (struct domain *d)
-{
-    return xsm_call(domain_settime(d));
+static inline int xsm_getdomaininfo(struct domain *d)
+{
+    return xsm_call(domain_getdomaininfo(d));
 }
 
 static inline int xsm_tbufcontrol (void)
@@ -227,33 +161,6 @@ static inline int xsm_sched_id (void)
 static inline int xsm_sched_id (void)
 {
     return xsm_call(sched_id());
-}
-
-static inline int xsm_setdomainmaxmem (struct domain *d)
-{
-    return xsm_call(setdomainmaxmem(d));
-}
-
-static inline int xsm_setdomainhandle (struct domain *d)
-{
-    return xsm_call(setdomainhandle(d));
-}
-
-static inline int xsm_setdebugging (struct domain *d)
-{
-    return xsm_call(setdebugging(d));
-}
-
-static inline int xsm_irq_permission (struct domain *d, uint8_t pirq,
-                                                                uint8_t access)
-{
-    return xsm_call(irq_permission(d, pirq, access));
-} 
-
-static inline int xsm_iomem_permission (struct domain *d, unsigned long mfn,
-                                                                uint8_t access)
-{
-    return xsm_call(iomem_permission(d, mfn, access));
 }
 
 static inline int xsm_perfcontrol (void)

-- 
Mike D. Day
Virtualization Architect and Sr. Technical Staff Member, IBM LTC
Cell: 919 412-3900
ST: mdday@xxxxxxxxxx | AIM: ncmikeday | Yahoo IM: ultra.runner
PGP key: http://www.ncultra.org/ncmike/pubkey.asc

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] consolidate xsm processing within domain control hypercall, Mike D. Day <=