ia64/xen-unstable

changeset 16857:26fc953a89bb

New XS_SET_TARGET
Stubdomains (and probably other domain disagregation elements too)
need to be able to tinker with another domain. This adds
XS_SET_TARGET so that XenStore allows domains to have permissions on
files on which the "target" has permissions. This also adds
xs_set_target, called by the domain builder when the 'target' option
is used in the configuration.

Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Jan 23 13:22:13 2008 +0000 (2008-01-23)
parents cff4c8a1aa28
children c364f80eb4b5
files tools/python/xen/lowlevel/xs/xs.c tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xend/image.py tools/python/xen/xend/xenstore/xsutil.py tools/xenstore/xenstored_core.c tools/xenstore/xenstored_core.h tools/xenstore/xenstored_domain.c tools/xenstore/xenstored_domain.h tools/xenstore/xs.c tools/xenstore/xs.h xen/include/public/io/xs_wire.h
line diff
     1.1 --- a/tools/python/xen/lowlevel/xs/xs.c	Wed Jan 23 13:21:44 2008 +0000
     1.2 +++ b/tools/python/xen/lowlevel/xs/xs.c	Wed Jan 23 13:22:13 2008 +0000
     1.3 @@ -619,6 +619,36 @@ static PyObject *xspy_introduce_domain(X
     1.4      return none(result);
     1.5  }
     1.6  
     1.7 +#define xspy_set_target_doc "\n"					\
     1.8 +        "Tell xenstore that a domain is targetting another one so it\n" \
     1.9 +        "should let it tinker with it.\n"	                        \
    1.10 +	" dom    [int]   : domain id\n"					\
    1.11 +	" target [int]   : domain id of the target\n"			\
    1.12 +	"\n"								\
    1.13 +	"Returns None on success.\n"					\
    1.14 +	"Raises xen.lowlevel.xs.Error on error.\n"			\
    1.15 +	"\n"
    1.16 +
    1.17 +static PyObject *xspy_set_target(XsHandle *self, PyObject *args)
    1.18 +{
    1.19 +    uint32_t dom;
    1.20 +    uint32_t target;
    1.21 +
    1.22 +    struct xs_handle *xh = xshandle(self);
    1.23 +    bool result = 0;
    1.24 +
    1.25 +    if (!xh)
    1.26 +        return NULL;
    1.27 +    if (!PyArg_ParseTuple(args, "ii", &dom, &target))
    1.28 +        return NULL;
    1.29 +
    1.30 +    Py_BEGIN_ALLOW_THREADS
    1.31 +    result = xs_set_target(xh, dom, target);
    1.32 +    Py_END_ALLOW_THREADS
    1.33 +
    1.34 +    return none(result);
    1.35 +}
    1.36 +
    1.37  #define xspy_resume_domain_doc "\n"                                \
    1.38  	"Tell xenstore to clear its shutdown flag for a domain.\n" \
    1.39  	"This ensures that a subsequent shutdown will fire the\n"  \
    1.40 @@ -817,6 +847,7 @@ static PyMethodDef xshandle_methods[] = 
    1.41      XSPY_METH(transaction_start, METH_NOARGS),
    1.42      XSPY_METH(transaction_end,   METH_VARARGS | METH_KEYWORDS),
    1.43      XSPY_METH(introduce_domain,  METH_VARARGS),
    1.44 +    XSPY_METH(set_target,        METH_VARARGS),
    1.45      XSPY_METH(resume_domain,     METH_VARARGS),
    1.46      XSPY_METH(release_domain,    METH_VARARGS),
    1.47      XSPY_METH(close,             METH_NOARGS),
     2.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Wed Jan 23 13:21:44 2008 +0000
     2.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Wed Jan 23 13:22:13 2008 +0000
     2.3 @@ -47,7 +47,7 @@ from xen.xend.XendError import XendError
     2.4  from xen.xend.XendDevices import XendDevices
     2.5  from xen.xend.XendTask import XendTask
     2.6  from xen.xend.xenstore.xstransact import xstransact, complete
     2.7 -from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain, ResumeDomain
     2.8 +from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain, SetTarget, ResumeDomain
     2.9  from xen.xend.xenstore.xswatch import xswatch
    2.10  from xen.xend.XendConstants import *
    2.11  from xen.xend.XendAPIConstants import *
    2.12 @@ -883,6 +883,9 @@ class XendDomainInfo:
    2.13      def storeVm(self, *args):
    2.14          return xstransact.Store(self.vmpath, *args)
    2.15  
    2.16 +    def permissionsVm(self, *args):
    2.17 +        return xstransact.SetPermissions(self.vmpath, *args)
    2.18 +
    2.19  
    2.20      def _readVmTxn(self, transaction,  *args):
    2.21          paths = map(lambda x: self.vmpath + "/" + x, args)
    2.22 @@ -904,6 +907,10 @@ class XendDomainInfo:
    2.23          paths = map(lambda x: self.vmpath + "/" + x, args)
    2.24          return transaction.store(*paths)
    2.25  
    2.26 +    def permissionsVmTxn(self, transaction,  *args):
    2.27 +        paths = map(lambda x: self.vmpath + "/" + x, args)
    2.28 +        return transaction.set_permissions(*paths)
    2.29 +
    2.30      #
    2.31      # Function to update xenstore /dom/*
    2.32      #
    2.33 @@ -1692,6 +1699,15 @@ class XendDomainInfo:
    2.34          except RuntimeError, exn:
    2.35              raise XendError(str(exn))
    2.36  
    2.37 +    def _setTarget(self, target):
    2.38 +        assert self.domid is not None
    2.39 +
    2.40 +        try:
    2.41 +            SetTarget(self.domid, target)
    2.42 +            self.storeDom('target', target)
    2.43 +        except RuntimeError, exn:
    2.44 +            raise XendError(str(exn))
    2.45 +
    2.46  
    2.47      def _initDomain(self):
    2.48          log.debug('XendDomainInfo.initDomain: %s %s',
    2.49 @@ -1756,6 +1772,8 @@ class XendDomainInfo:
    2.50                  self.native_protocol = channel_details['native_protocol'];
    2.51  
    2.52              self._introduceDomain()
    2.53 +            if self.info.target():
    2.54 +                self._setTarget(self.info.target())
    2.55  
    2.56              self._createDevices()
    2.57  
     3.1 --- a/tools/python/xen/xend/image.py	Wed Jan 23 13:21:44 2008 +0000
     3.2 +++ b/tools/python/xen/xend/image.py	Wed Jan 23 13:22:13 2008 +0000
     3.3 @@ -222,6 +222,7 @@ class ImageHandler:
     3.4              vncopts = ""
     3.5              if passwd:
     3.6                  self.vm.storeVm("vncpasswd", passwd)
     3.7 +                self.vm.permissionsVm("vncpasswd", { 'dom': self.vm.getDomid(), 'read': True } )
     3.8                  vncopts = vncopts + ",password"
     3.9                  log.debug("Stored a VNC password for vfb access")
    3.10              else:
    3.11 @@ -280,6 +281,9 @@ class ImageHandler:
    3.12              env['XAUTHORITY'] = self.xauthority
    3.13          if self.vncconsole:
    3.14              args = args + ([ "-vncviewer" ])
    3.15 +        xstransact.Mkdir("/local/domain/0/device-model/%i" % self.vm.getDomid())
    3.16 +        xstransact.SetPermissions("/local/domain/0/device-model/%i" % self.vm.getDomid(),
    3.17 +                        { 'dom': self.vm.getDomid(), 'read': True, 'write': True })
    3.18          log.info("spawning device models: %s %s", self.device_model, args)
    3.19          # keep track of pid and spawned options to kill it later
    3.20          self.pid = os.spawnve(os.P_NOWAIT, self.device_model, args, env)
    3.21 @@ -422,7 +426,9 @@ class HVMImageHandler(ImageHandler):
    3.22          self.vm.storeVm(("image/dmargs", " ".join(self.dmargs)),
    3.23                          ("image/device-model", self.device_model),
    3.24                          ("image/display", self.display))
    3.25 +        self.vm.permissionsVm("image/dmargs", { 'dom': self.vm.getDomid(), 'read': True } )
    3.26          self.vm.storeVm(("rtc/timeoffset", rtc_timeoffset))
    3.27 +        self.vm.permissionsVm("rtc/timeoffset", { 'dom': self.vm.getDomid(), 'read': True } )
    3.28  
    3.29          self.apic = int(vmConfig['platform'].get('apic', 0))
    3.30          self.acpi = int(vmConfig['platform'].get('acpi', 0))
     4.1 --- a/tools/python/xen/xend/xenstore/xsutil.py	Wed Jan 23 13:21:44 2008 +0000
     4.2 +++ b/tools/python/xen/xend/xenstore/xsutil.py	Wed Jan 23 13:22:13 2008 +0000
     4.3 @@ -22,6 +22,9 @@ def xshandle():
     4.4  def IntroduceDomain(domid, page, port):
     4.5      return xshandle().introduce_domain(domid, page, port)
     4.6  
     4.7 +def SetTarget(domid, target):
     4.8 +    return xshandle().set_target(domid, target)
     4.9 +
    4.10  def GetDomainPath(domid):
    4.11      return xshandle().get_domain_path(domid)
    4.12  
     5.1 --- a/tools/xenstore/xenstored_core.c	Wed Jan 23 13:21:44 2008 +0000
     5.2 +++ b/tools/xenstore/xenstored_core.c	Wed Jan 23 13:22:13 2008 +0000
     5.3 @@ -119,6 +119,7 @@ static char *sockmsg_string(enum xsd_soc
     5.4  	case XS_ERROR: return "ERROR";
     5.5  	case XS_IS_DOMAIN_INTRODUCED: return "XS_IS_DOMAIN_INTRODUCED";
     5.6  	case XS_RESUME: return "RESUME";
     5.7 +	case XS_SET_TARGET: return "SET_TARGET";
     5.8  	default:
     5.9  		return "**UNKNOWN**";
    5.10  	}
    5.11 @@ -283,6 +284,8 @@ static int destroy_conn(void *_conn)
    5.12  				break;
    5.13  		close(conn->fd);
    5.14  	}
    5.15 +        if (conn->target)
    5.16 +                talloc_unlink(conn, conn->target);
    5.17  	list_del(&conn->list);
    5.18  	trace_destroy(conn, "connection");
    5.19  	return 0;
    5.20 @@ -472,11 +475,13 @@ static enum xs_perm_type perm_for_conn(s
    5.21  		mask &= ~XS_PERM_WRITE;
    5.22  
    5.23  	/* Owners and tools get it all... */
    5.24 -	if (!conn->id || perms[0].id == conn->id)
    5.25 +	if (!conn->id || perms[0].id == conn->id
    5.26 +                || (conn->target && perms[0].id == conn->target->id))
    5.27  		return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
    5.28  
    5.29  	for (i = 1; i < num; i++)
    5.30 -		if (perms[i].id == conn->id)
    5.31 +		if (perms[i].id == conn->id
    5.32 +                        || (conn->target && perms[i].id == conn->target->id))
    5.33  			return perms[i].perms & mask;
    5.34  
    5.35  	return perms[0].perms & mask;
    5.36 @@ -1245,6 +1250,10 @@ static void process_message(struct conne
    5.37  		do_resume(conn, onearg(in));
    5.38  		break;
    5.39  
    5.40 +	case XS_SET_TARGET:
    5.41 +		do_set_target(conn, in);
    5.42 +		break;
    5.43 +
    5.44  	default:
    5.45  		eprintf("Client unknown operation %i", in->hdr.msg.type);
    5.46  		send_error(conn, ENOSYS);
     6.1 --- a/tools/xenstore/xenstored_core.h	Wed Jan 23 13:21:44 2008 +0000
     6.2 +++ b/tools/xenstore/xenstored_core.h	Wed Jan 23 13:22:13 2008 +0000
     6.3 @@ -84,6 +84,9 @@ struct connection
     6.4  	/* The domain I'm associated with, if any. */
     6.5  	struct domain *domain;
     6.6  
     6.7 +        /* The target of the domain I'm associated with. */
     6.8 +        struct connection *target;
     6.9 +
    6.10  	/* My watches. */
    6.11  	struct list_head watches;
    6.12  
     7.1 --- a/tools/xenstore/xenstored_domain.c	Wed Jan 23 13:21:44 2008 +0000
     7.2 +++ b/tools/xenstore/xenstored_domain.c	Wed Jan 23 13:22:13 2008 +0000
     7.3 @@ -381,6 +381,51 @@ void do_introduce(struct connection *con
     7.4  	send_ack(conn, XS_INTRODUCE);
     7.5  }
     7.6  
     7.7 +void do_set_target(struct connection *conn, struct buffered_data *in)
     7.8 +{
     7.9 +	char *vec[2];
    7.10 +	unsigned int domid, tdomid;
    7.11 +        struct domain *domain, *tdomain;
    7.12 +	if (get_strings(in, vec, ARRAY_SIZE(vec)) < ARRAY_SIZE(vec)) {
    7.13 +		send_error(conn, EINVAL);
    7.14 +		return;
    7.15 +	}
    7.16 +
    7.17 +	if (conn->id != 0 || !conn->can_write) {
    7.18 +		send_error(conn, EACCES);
    7.19 +		return;
    7.20 +	}
    7.21 +
    7.22 +	domid = atoi(vec[0]);
    7.23 +	tdomid = atoi(vec[1]);
    7.24 +
    7.25 +        domain = find_domain_by_domid(domid);
    7.26 +	if (!domain) {
    7.27 +		send_error(conn, ENOENT);
    7.28 +		return;
    7.29 +	}
    7.30 +        if (!domain->conn) {
    7.31 +		send_error(conn, EINVAL);
    7.32 +		return;
    7.33 +	}
    7.34 +
    7.35 +        tdomain = find_domain_by_domid(tdomid);
    7.36 +	if (!tdomain) {
    7.37 +		send_error(conn, ENOENT);
    7.38 +		return;
    7.39 +	}
    7.40 +
    7.41 +        if (!tdomain->conn) {
    7.42 +		send_error(conn, EINVAL);
    7.43 +		return;
    7.44 +	}
    7.45 +
    7.46 +        talloc_reference(domain->conn, tdomain->conn);
    7.47 +        domain->conn->target = tdomain->conn;
    7.48 +
    7.49 +	send_ack(conn, XS_SET_TARGET);
    7.50 +}
    7.51 +
    7.52  /* domid */
    7.53  void do_release(struct connection *conn, const char *domid_str)
    7.54  {
     8.1 --- a/tools/xenstore/xenstored_domain.h	Wed Jan 23 13:21:44 2008 +0000
     8.2 +++ b/tools/xenstore/xenstored_domain.h	Wed Jan 23 13:22:13 2008 +0000
     8.3 @@ -34,6 +34,9 @@ void do_release(struct connection *conn,
     8.4  /* domid */
     8.5  void do_resume(struct connection *conn, const char *domid_str);
     8.6  
     8.7 +/* domid, target */
     8.8 +void do_set_target(struct connection *conn, struct buffered_data *in);
     8.9 +
    8.10  /* domid */
    8.11  void do_get_domain_path(struct connection *conn, const char *domid_str);
    8.12  
     9.1 --- a/tools/xenstore/xs.c	Wed Jan 23 13:21:44 2008 +0000
     9.2 +++ b/tools/xenstore/xs.c	Wed Jan 23 13:22:13 2008 +0000
     9.3 @@ -708,6 +708,25 @@ bool xs_introduce_domain(struct xs_handl
     9.4  				ARRAY_SIZE(iov), NULL));
     9.5  }
     9.6  
     9.7 +bool xs_set_target(struct xs_handle *h,
     9.8 +			 unsigned int domid, unsigned int target)
     9.9 +{
    9.10 +	char domid_str[MAX_STRLEN(domid)];
    9.11 +	char target_str[MAX_STRLEN(target)];
    9.12 +	struct iovec iov[2];
    9.13 +
    9.14 +	snprintf(domid_str, sizeof(domid_str), "%u", domid);
    9.15 +	snprintf(target_str, sizeof(target_str), "%u", target);
    9.16 +
    9.17 +	iov[0].iov_base = domid_str;
    9.18 +	iov[0].iov_len = strlen(domid_str) + 1;
    9.19 +	iov[1].iov_base = target_str;
    9.20 +	iov[1].iov_len = strlen(target_str) + 1;
    9.21 +
    9.22 +	return xs_bool(xs_talkv(h, XBT_NULL, XS_SET_TARGET, iov,
    9.23 +				ARRAY_SIZE(iov), NULL));
    9.24 +}
    9.25 +
    9.26  static void * single_with_domid(struct xs_handle *h,
    9.27  				enum xsd_sockmsg_type type,
    9.28  				unsigned int domid)
    10.1 --- a/tools/xenstore/xs.h	Wed Jan 23 13:21:44 2008 +0000
    10.2 +++ b/tools/xenstore/xs.h	Wed Jan 23 13:22:13 2008 +0000
    10.3 @@ -132,6 +132,15 @@ bool xs_introduce_domain(struct xs_handl
    10.4  			 unsigned int domid,
    10.5  			 unsigned long mfn,
    10.6                           unsigned int eventchn); 
    10.7 +
    10.8 +/* Set the target of a domain
    10.9 + * This tells the store daemon that a domain is targetting another one, so
   10.10 + * it should let it tinker with it.
   10.11 + */
   10.12 +bool xs_set_target(struct xs_handle *h,
   10.13 +		   unsigned int domid,
   10.14 +		   unsigned int target);
   10.15 +
   10.16  /* Resume a domain.
   10.17   * Clear the shutdown flag for this domain in the store.
   10.18   */
    11.1 --- a/xen/include/public/io/xs_wire.h	Wed Jan 23 13:21:44 2008 +0000
    11.2 +++ b/xen/include/public/io/xs_wire.h	Wed Jan 23 13:22:13 2008 +0000
    11.3 @@ -46,7 +46,8 @@ enum xsd_sockmsg_type
    11.4      XS_WATCH_EVENT,
    11.5      XS_ERROR,
    11.6      XS_IS_DOMAIN_INTRODUCED,
    11.7 -    XS_RESUME
    11.8 +    XS_RESUME,
    11.9 +    XS_SET_TARGET
   11.10  };
   11.11  
   11.12  #define XS_WRITE_NONE "NONE"