ia64/xen-unstable

changeset 17349:4e2e98c2098e

Clean up handling of IS_PRIV_FOR() and rcu_[un]lock_domain().

In particular this *removes* some IS_PRIV_FOR() checks. *Especially*
in particular, all domctls are executable only by dom0. Several of
them were really unsafe for execution by a stub domain as they can
affect global system resource usage.

This probably breaks stub domains. Where necessary, some of these
reversions can themselves be reverted where they are judged both
necessary and safe.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Fri Mar 28 17:50:10 2008 +0000 (2008-03-28)
parents b5fea3aeb04b
children 6736c28a0d35
files xen/arch/x86/hvm/hvm.c xen/arch/x86/mm.c xen/common/domain.c xen/common/domctl.c xen/common/event_channel.c xen/common/grant_table.c xen/common/memory.c
line diff
     1.1 --- a/xen/arch/x86/hvm/hvm.c	Fri Mar 28 14:12:33 2008 +0000
     1.2 +++ b/xen/arch/x86/hvm/hvm.c	Fri Mar 28 17:50:10 2008 +0000
     1.3 @@ -2160,12 +2160,15 @@ long do_hvm_op(unsigned long op, XEN_GUE
     1.4              return -EINVAL;
     1.5  
     1.6          if ( a.domid == DOMID_SELF )
     1.7 +        {
     1.8              d = rcu_lock_current_domain();
     1.9 -        else {
    1.10 -            d = rcu_lock_domain_by_id(a.domid);
    1.11 -            if ( d == NULL )
    1.12 +        }
    1.13 +        else
    1.14 +        {
    1.15 +            if ( (d = rcu_lock_domain_by_id(a.domid)) == NULL )
    1.16                  return -ESRCH;
    1.17 -            if ( !IS_PRIV_FOR(current->domain, d) ) {
    1.18 +            if ( !IS_PRIV_FOR(current->domain, d) )
    1.19 +            {
    1.20                  rc = -EPERM;
    1.21                  goto param_fail;
    1.22              }
     2.1 --- a/xen/arch/x86/mm.c	Fri Mar 28 14:12:33 2008 +0000
     2.2 +++ b/xen/arch/x86/mm.c	Fri Mar 28 17:50:10 2008 +0000
     2.3 @@ -2114,14 +2114,14 @@ static int set_foreigndom(domid_t domid)
     2.4          info->foreign = rcu_lock_domain(dom_xen);
     2.5          break;
     2.6      default:
     2.7 -        e = rcu_lock_domain_by_id(domid);
     2.8 -        if ( e == NULL )
     2.9 +        if ( (e = rcu_lock_domain_by_id(domid)) == NULL )
    2.10          {
    2.11              MEM_LOG("Unknown domain '%u'", domid);
    2.12              okay = 0;
    2.13              break;
    2.14          }
    2.15 -        if (!IS_PRIV_FOR(d, e)) {
    2.16 +        if ( !IS_PRIV_FOR(d, e) )
    2.17 +        {
    2.18              MEM_LOG("Cannot set foreign dom");
    2.19              okay = 0;
    2.20              rcu_unlock_domain(e);
    2.21 @@ -3259,12 +3259,15 @@ long arch_memory_op(int op, XEN_GUEST_HA
    2.22              return -EFAULT;
    2.23  
    2.24          if ( xatp.domid == DOMID_SELF )
    2.25 +        {
    2.26              d = rcu_lock_current_domain();
    2.27 -        else {
    2.28 -            d = rcu_lock_domain_by_id(xatp.domid);
    2.29 -            if ( d == NULL )
    2.30 +        }
    2.31 +        else
    2.32 +        {
    2.33 +            if ( (d = rcu_lock_domain_by_id(xatp.domid)) == NULL )
    2.34                  return -ESRCH;
    2.35 -            if ( !IS_PRIV_FOR(current->domain, d) ) {
    2.36 +            if ( !IS_PRIV_FOR(current->domain, d) )
    2.37 +            {
    2.38                  rcu_unlock_domain(d);
    2.39                  return -EPERM;
    2.40              }
    2.41 @@ -3355,12 +3358,15 @@ long arch_memory_op(int op, XEN_GUEST_HA
    2.42              return -EINVAL;
    2.43  
    2.44          if ( fmap.domid == DOMID_SELF )
    2.45 +        {
    2.46              d = rcu_lock_current_domain();
    2.47 -        else {
    2.48 -            d = rcu_lock_domain_by_id(fmap.domid);
    2.49 -            if ( d == NULL )
    2.50 +        }
    2.51 +        else
    2.52 +        {
    2.53 +            if ( (d = rcu_lock_domain_by_id(fmap.domid)) == NULL )
    2.54                  return -ESRCH;
    2.55 -            if ( !IS_PRIV_FOR(current->domain, d) ) {
    2.56 +            if ( !IS_PRIV_FOR(current->domain, d) )
    2.57 +            {
    2.58                  rcu_unlock_domain(d);
    2.59                  return -EPERM;
    2.60              }
     3.1 --- a/xen/common/domain.c	Fri Mar 28 14:12:33 2008 +0000
     3.2 +++ b/xen/common/domain.c	Fri Mar 28 17:50:10 2008 +0000
     3.3 @@ -522,7 +522,7 @@ static void complete_domain_destroy(stru
     3.4          if ( (v = d->vcpu[i]) != NULL )
     3.5              free_vcpu_struct(v);
     3.6  
     3.7 -    if (d->target)
     3.8 +    if ( d->target != NULL )
     3.9          put_domain(d->target);
    3.10  
    3.11      free_domain(d);
     4.1 --- a/xen/common/domctl.c	Fri Mar 28 14:12:33 2008 +0000
     4.2 +++ b/xen/common/domctl.c	Fri Mar 28 17:50:10 2008 +0000
     4.3 @@ -182,6 +182,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
     4.4      struct xen_domctl curop, *op = &curop;
     4.5      static DEFINE_SPINLOCK(domctl_lock);
     4.6  
     4.7 +    if ( !IS_PRIV(current->domain) )
     4.8 +        return -EPERM;
     4.9 +
    4.10      if ( copy_from_guest(op, u_domctl, 1) )
    4.11          return -EFAULT;
    4.12  
    4.13 @@ -204,10 +207,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    4.14          if ( d == NULL )
    4.15              break;
    4.16  
    4.17 -        ret = -EPERM;
    4.18 -        if ( !IS_PRIV_FOR(current->domain, d) )
    4.19 -            goto svc_out;
    4.20 -
    4.21          ret = xsm_setvcpucontext(d);
    4.22          if ( ret )
    4.23              goto svc_out;
    4.24 @@ -259,10 +258,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    4.25          ret = -ESRCH;
    4.26          if ( d != NULL )
    4.27          {
    4.28 -            ret = -EPERM;
    4.29 -            if ( !IS_PRIV_FOR(current->domain, d) )
    4.30 -                goto pausedomain_out;
    4.31 -
    4.32              ret = xsm_pausedomain(d);
    4.33              if ( ret )
    4.34                  goto pausedomain_out;
    4.35 @@ -287,18 +282,16 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    4.36          if ( d == NULL )
    4.37              break;
    4.38  
    4.39 -        ret = -EPERM;
    4.40 -        if ( !IS_PRIV_FOR(current->domain, d) )
    4.41 -            goto unpausedomain_out;
    4.42 -
    4.43          ret = xsm_unpausedomain(d);
    4.44          if ( ret )
    4.45 -            goto unpausedomain_out;
    4.46 +        {
    4.47 +            rcu_unlock_domain(d);
    4.48 +            break;
    4.49 +        }
    4.50  
    4.51          domain_unpause_by_systemcontroller(d);
    4.52 +        rcu_unlock_domain(d);
    4.53          ret = 0;
    4.54 -unpausedomain_out:
    4.55 -        rcu_unlock_domain(d);
    4.56      }
    4.57      break;
    4.58  
    4.59 @@ -310,18 +303,16 @@ unpausedomain_out:
    4.60          if ( d == NULL )
    4.61              break;
    4.62  
    4.63 -        ret = -EPERM;
    4.64 -        if ( !IS_PRIV_FOR(current->domain, d) )
    4.65 -            goto resumedomain_out;
    4.66 -
    4.67          ret = xsm_resumedomain(d);
    4.68          if ( ret )
    4.69 -            goto resumedomain_out;
    4.70 +        {
    4.71 +            rcu_unlock_domain(d);
    4.72 +            break;
    4.73 +        }
    4.74  
    4.75          domain_resume(d);
    4.76 +        rcu_unlock_domain(d);
    4.77          ret = 0;
    4.78 -resumedomain_out:
    4.79 -        rcu_unlock_domain(d);
    4.80      }
    4.81      break;
    4.82  
    4.83 @@ -332,10 +323,6 @@ resumedomain_out:
    4.84          static domid_t rover = 0;
    4.85          unsigned int domcr_flags;
    4.86  
    4.87 -        ret = -EPERM;
    4.88 -        if ( !IS_PRIV(current->domain) )
    4.89 -            break;
    4.90 -
    4.91          ret = -EINVAL;
    4.92          if ( supervisor_mode_kernel ||
    4.93               (op->u.createdomain.flags &
    4.94 @@ -401,13 +388,12 @@ resumedomain_out:
    4.95          if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
    4.96              break;
    4.97  
    4.98 -        ret = -EPERM;
    4.99 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.100 -            goto maxvcpu_out2;
   4.101 -
   4.102          ret = xsm_max_vcpus(d);
   4.103          if ( ret )
   4.104 -            goto maxvcpu_out2;
   4.105 +        {
   4.106 +            rcu_unlock_domain(d);
   4.107 +            break;
   4.108 +        }
   4.109  
   4.110          /* Needed, for example, to ensure writable p.t. state is synced. */
   4.111          domain_pause(d);
   4.112 @@ -435,7 +421,6 @@ resumedomain_out:
   4.113  
   4.114      maxvcpu_out:
   4.115          domain_unpause(d);
   4.116 -    maxvcpu_out2:
   4.117          rcu_unlock_domain(d);
   4.118      }
   4.119      break;
   4.120 @@ -446,9 +431,7 @@ resumedomain_out:
   4.121          ret = -ESRCH;
   4.122          if ( d != NULL )
   4.123          {
   4.124 -            ret = -EPERM;
   4.125 -            if ( IS_PRIV_FOR(current->domain, d) )
   4.126 -                ret = xsm_destroydomain(d) ? : domain_kill(d);
   4.127 +            ret = xsm_destroydomain(d) ? : domain_kill(d);
   4.128              rcu_unlock_domain(d);
   4.129          }
   4.130      }
   4.131 @@ -466,10 +449,6 @@ resumedomain_out:
   4.132          if ( d == NULL )
   4.133              break;
   4.134  
   4.135 -        ret = -EPERM;
   4.136 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.137 -            goto vcpuaffinity_out;
   4.138 -
   4.139          ret = xsm_vcpuaffinity(op->cmd, d);
   4.140          if ( ret )
   4.141              goto vcpuaffinity_out;
   4.142 @@ -508,10 +487,6 @@ resumedomain_out:
   4.143          if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
   4.144              break;
   4.145  
   4.146 -        ret = -EPERM;
   4.147 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.148 -            goto scheduler_op_out;
   4.149 -
   4.150          ret = xsm_scheduler(d);
   4.151          if ( ret )
   4.152              goto scheduler_op_out;
   4.153 @@ -533,7 +508,7 @@ resumedomain_out:
   4.154          rcu_read_lock(&domlist_read_lock);
   4.155  
   4.156          for_each_domain ( d )
   4.157 -            if ( d->domain_id >= dom && IS_PRIV_FOR(current->domain, d))
   4.158 +            if ( d->domain_id >= dom )
   4.159                  break;
   4.160  
   4.161          if ( d == NULL )
   4.162 @@ -568,10 +543,6 @@ resumedomain_out:
   4.163          if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
   4.164              break;
   4.165  
   4.166 -        ret = -EPERM;
   4.167 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.168 -            goto getvcpucontext_out;
   4.169 -
   4.170          ret = xsm_getvcpucontext(d);
   4.171          if ( ret )
   4.172              goto getvcpucontext_out;
   4.173 @@ -632,10 +603,6 @@ resumedomain_out:
   4.174          if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
   4.175              break;
   4.176  
   4.177 -        ret = -EPERM;
   4.178 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.179 -            goto getvcpuinfo_out;
   4.180 -
   4.181          ret = xsm_getvcpuinfo(d);
   4.182          if ( ret )
   4.183              goto getvcpuinfo_out;
   4.184 @@ -675,10 +642,6 @@ resumedomain_out:
   4.185          if ( d == NULL )
   4.186              break;
   4.187  
   4.188 -        ret = -EPERM;
   4.189 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.190 -            goto max_mem_out;
   4.191 -
   4.192          ret = xsm_setdomainmaxmem(d);
   4.193          if ( ret )
   4.194              goto max_mem_out;
   4.195 @@ -695,8 +658,6 @@ resumedomain_out:
   4.196              d->max_pages = new_max;
   4.197              ret = 0;
   4.198          }
   4.199 -        else
   4.200 -            printk("new max %ld, tot pages %d\n", new_max, d->tot_pages);
   4.201          spin_unlock(&d->page_alloc_lock);
   4.202  
   4.203      max_mem_out:
   4.204 @@ -713,19 +674,17 @@ resumedomain_out:
   4.205          if ( d == NULL )
   4.206              break;
   4.207  
   4.208 -        ret = -EPERM;
   4.209 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.210 -            goto setdomainhandle_out;
   4.211 -
   4.212          ret = xsm_setdomainhandle(d);
   4.213          if ( ret )
   4.214 -            goto setdomainhandle_out;
   4.215 +        {
   4.216 +            rcu_unlock_domain(d);
   4.217 +            break;
   4.218 +        }
   4.219  
   4.220          memcpy(d->handle, op->u.setdomainhandle.handle,
   4.221                 sizeof(xen_domain_handle_t));
   4.222 +        rcu_unlock_domain(d);
   4.223          ret = 0;
   4.224 -setdomainhandle_out:
   4.225 -        rcu_unlock_domain(d);
   4.226      }
   4.227      break;
   4.228  
   4.229 @@ -738,20 +697,18 @@ setdomainhandle_out:
   4.230          if ( d == NULL )
   4.231              break;
   4.232  
   4.233 -        ret = -EPERM;
   4.234 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.235 -            goto setdebugging_out;
   4.236 -
   4.237          ret = xsm_setdebugging(d);
   4.238          if ( ret )
   4.239 -            goto setdebugging_out;
   4.240 +        {
   4.241 +            rcu_unlock_domain(d);
   4.242 +            break;
   4.243 +        }
   4.244  
   4.245          domain_pause(d);
   4.246          d->debugger_attached = !!op->u.setdebugging.enable;
   4.247          domain_unpause(d); /* causes guest to latch new status */
   4.248 +        rcu_unlock_domain(d);
   4.249          ret = 0;
   4.250 -setdebugging_out:
   4.251 -        rcu_unlock_domain(d);
   4.252      }
   4.253      break;
   4.254  
   4.255 @@ -769,10 +726,6 @@ setdebugging_out:
   4.256          if ( d == NULL )
   4.257              break;
   4.258  
   4.259 -        ret = -EPERM;
   4.260 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.261 -            goto irq_permission_out;
   4.262 -
   4.263          ret = xsm_irq_permission(d, pirq, op->u.irq_permission.allow_access);
   4.264          if ( ret )
   4.265              goto irq_permission_out;
   4.266 @@ -802,10 +755,6 @@ setdebugging_out:
   4.267          if ( d == NULL )
   4.268              break;
   4.269  
   4.270 -        ret = -EPERM;
   4.271 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.272 -            goto iomem_permission_out;
   4.273 -
   4.274          ret = xsm_iomem_permission(d, mfn, op->u.iomem_permission.allow_access);
   4.275          if ( ret )
   4.276              goto iomem_permission_out;
   4.277 @@ -829,19 +778,16 @@ setdebugging_out:
   4.278          if ( d == NULL )
   4.279              break;
   4.280  
   4.281 -        ret = -EPERM;
   4.282 -        if ( !IS_PRIV_FOR(current->domain, d) )
   4.283 -            goto settimeoffset_out;
   4.284 -
   4.285          ret = xsm_domain_settime(d);
   4.286          if ( ret )
   4.287 -            goto settimeoffset_out;
   4.288 +        {
   4.289 +            rcu_unlock_domain(d);
   4.290 +            break;
   4.291 +        }
   4.292  
   4.293          d->time_offset_seconds = op->u.settimeoffset.time_offset_seconds;
   4.294 -
   4.295 +        rcu_unlock_domain(d);
   4.296          ret = 0;
   4.297 -settimeoffset_out:
   4.298 -        rcu_unlock_domain(d);
   4.299      }
   4.300      break;
   4.301  
   4.302 @@ -854,32 +800,24 @@ settimeoffset_out:
   4.303          if ( d == NULL )
   4.304              break;
   4.305  
   4.306 -        ret = -EPERM;
   4.307 -        if (!IS_PRIV_FOR(current->domain, d))
   4.308 -            goto set_target_out;
   4.309 -
   4.310          ret = -ESRCH;
   4.311          e = get_domain_by_id(op->u.set_target.target);
   4.312          if ( e == NULL )
   4.313              goto set_target_out;
   4.314  
   4.315 -        if ( d == e ) {
   4.316 -            ret = -EINVAL;
   4.317 +        ret = -EINVAL;
   4.318 +        if ( (d == e) || (d->target != NULL) )
   4.319 +        {
   4.320              put_domain(e);
   4.321              goto set_target_out;
   4.322          }
   4.323  
   4.324 -        if (!IS_PRIV_FOR(current->domain, e)) {
   4.325 -            ret = -EPERM;
   4.326 -            put_domain(e);
   4.327 -            goto set_target_out;
   4.328 -        }
   4.329 +        /* Hold reference on @e until we destroy @d. */
   4.330 +        d->target = e;
   4.331  
   4.332 -        d->target = e;
   4.333 -        /* and we keep the reference on e, released when destroying d */
   4.334          ret = 0;
   4.335  
   4.336 -set_target_out:
   4.337 +    set_target_out:
   4.338          rcu_unlock_domain(d);
   4.339      }
   4.340      break;
     5.1 --- a/xen/common/event_channel.c	Fri Mar 28 14:12:33 2008 +0000
     5.2 +++ b/xen/common/event_channel.c	Fri Mar 28 17:50:10 2008 +0000
     5.3 @@ -130,13 +130,17 @@ static long evtchn_alloc_unbound(evtchn_
     5.4      long           rc;
     5.5  
     5.6      if ( dom == DOMID_SELF )
     5.7 -        d = current->domain;
     5.8 -    else {
     5.9 +    {
    5.10 +        d = rcu_lock_current_domain();
    5.11 +    }
    5.12 +    else
    5.13 +    {
    5.14          if ( (d = rcu_lock_domain_by_id(dom)) == NULL )
    5.15              return -ESRCH;
    5.16 -        if ( !IS_PRIV_FOR(current->domain, d) ) {
    5.17 -            rc = -EPERM;
    5.18 -            goto out2;
    5.19 +        if ( !IS_PRIV_FOR(current->domain, d) )
    5.20 +        {
    5.21 +            rcu_unlock_domain(d);
    5.22 +            return -EPERM;
    5.23          }
    5.24      }
    5.25  
    5.26 @@ -158,8 +162,6 @@ static long evtchn_alloc_unbound(evtchn_
    5.27  
    5.28   out:
    5.29      spin_unlock(&d->evtchn_lock);
    5.30 -
    5.31 - out2:
    5.32      rcu_unlock_domain(d);
    5.33  
    5.34      return rc;
    5.35 @@ -201,7 +203,7 @@ static long evtchn_bind_interdomain(evtc
    5.36          ERROR_EXIT_DOM(-EINVAL, rd);
    5.37      rchn = evtchn_from_port(rd, rport);
    5.38      if ( (rchn->state != ECS_UNBOUND) ||
    5.39 -            (rchn->u.unbound.remote_domid != ld->domain_id && !IS_PRIV_FOR(ld, rd)))
    5.40 +         (rchn->u.unbound.remote_domid != ld->domain_id) )
    5.41          ERROR_EXIT_DOM(-EINVAL, rd);
    5.42  
    5.43      rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn);
    5.44 @@ -631,13 +633,17 @@ static long evtchn_status(evtchn_status_
    5.45      long             rc = 0;
    5.46  
    5.47      if ( dom == DOMID_SELF )
    5.48 -        d = current->domain;
    5.49 -    else {
    5.50 +    {
    5.51 +        d = rcu_lock_current_domain();
    5.52 +    }
    5.53 +    else
    5.54 +    {
    5.55          if ( (d = rcu_lock_domain_by_id(dom)) == NULL )
    5.56              return -ESRCH;
    5.57 -        if ( !IS_PRIV_FOR(current->domain, d) ) {
    5.58 -            rc = -EPERM;
    5.59 -            goto out2;
    5.60 +        if ( !IS_PRIV_FOR(current->domain, d) )
    5.61 +        {
    5.62 +            rcu_unlock_domain(d);
    5.63 +            return -EPERM;
    5.64          }
    5.65      }
    5.66  
    5.67 @@ -690,8 +696,8 @@ static long evtchn_status(evtchn_status_
    5.68  
    5.69   out:
    5.70      spin_unlock(&d->evtchn_lock);
    5.71 - out2:
    5.72      rcu_unlock_domain(d);
    5.73 +
    5.74      return rc;
    5.75  }
    5.76  
    5.77 @@ -742,6 +748,7 @@ long evtchn_bind_vcpu(unsigned int port,
    5.78  
    5.79   out:
    5.80      spin_unlock(&d->evtchn_lock);
    5.81 +
    5.82      return rc;
    5.83  }
    5.84  
    5.85 @@ -784,15 +791,18 @@ static long evtchn_reset(evtchn_reset_t 
    5.86  {
    5.87      domid_t dom = r->dom;
    5.88      struct domain *d;
    5.89 -    int i;
    5.90 -    int rc;
    5.91 +    int i, rc;
    5.92  
    5.93      if ( dom == DOMID_SELF )
    5.94 -        d = current->domain;
    5.95 -    else {
    5.96 +    {
    5.97 +        d = rcu_lock_current_domain();
    5.98 +    }
    5.99 +    else
   5.100 +    {
   5.101          if ( (d = rcu_lock_domain_by_id(dom)) == NULL )
   5.102              return -ESRCH;
   5.103 -        if ( !IS_PRIV_FOR(current->domain, d) ) {
   5.104 +        if ( !IS_PRIV_FOR(current->domain, d) )
   5.105 +        {
   5.106              rc = -EPERM;
   5.107              goto out;
   5.108          }
   5.109 @@ -806,6 +816,7 @@ static long evtchn_reset(evtchn_reset_t 
   5.110          (void)__evtchn_close(d, i);
   5.111  
   5.112      rc = 0;
   5.113 +
   5.114  out:
   5.115      rcu_unlock_domain(d);
   5.116  
     6.1 --- a/xen/common/grant_table.c	Fri Mar 28 14:12:33 2008 +0000
     6.2 +++ b/xen/common/grant_table.c	Fri Mar 28 17:50:10 2008 +0000
     6.3 @@ -828,32 +828,34 @@ gnttab_setup_table(
     6.4                  " per domain.\n",
     6.5                  max_nr_grant_frames);
     6.6          op.status = GNTST_general_error;
     6.7 -        goto out;
     6.8 +        goto out1;
     6.9      }
    6.10  
    6.11      dom = op.dom;
    6.12      if ( dom == DOMID_SELF )
    6.13      {
    6.14 -        d = current->domain;
    6.15 +        d = rcu_lock_current_domain();
    6.16      }
    6.17 -    else {
    6.18 +    else
    6.19 +    {
    6.20          if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
    6.21          {
    6.22              gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom);
    6.23              op.status = GNTST_bad_domain;
    6.24 -            goto out;
    6.25 +            goto out1;
    6.26          }
    6.27 -        if ( unlikely(!IS_PRIV_FOR(current->domain, d)) ) {
    6.28 +
    6.29 +        if ( unlikely(!IS_PRIV_FOR(current->domain, d)) )
    6.30 +        {
    6.31              op.status = GNTST_permission_denied;
    6.32 -            goto setup_unlock_out2;
    6.33 +            goto out2;
    6.34          }
    6.35      }
    6.36  
    6.37      if ( xsm_grant_setup(current->domain, d) )
    6.38      {
    6.39 -        rcu_unlock_domain(d);
    6.40          op.status = GNTST_permission_denied;
    6.41 -        goto out;
    6.42 +        goto out2;
    6.43      }
    6.44  
    6.45      spin_lock(&d->grant_table->lock);
    6.46 @@ -867,7 +869,7 @@ gnttab_setup_table(
    6.47                  nr_grant_frames(d->grant_table),
    6.48                  max_nr_grant_frames);
    6.49          op.status = GNTST_general_error;
    6.50 -        goto setup_unlock_out;
    6.51 +        goto out3;
    6.52      }
    6.53   
    6.54      op.status = GNTST_okay;
    6.55 @@ -877,13 +879,11 @@ gnttab_setup_table(
    6.56          (void)copy_to_guest_offset(op.frame_list, i, &gmfn, 1);
    6.57      }
    6.58  
    6.59 - setup_unlock_out:
    6.60 + out3:
    6.61      spin_unlock(&d->grant_table->lock);
    6.62 -
    6.63 - setup_unlock_out2:
    6.64 + out2:
    6.65      rcu_unlock_domain(d);
    6.66 -
    6.67 - out:
    6.68 + out1:
    6.69      if ( unlikely(copy_to_guest(uop, &op, 1)) )
    6.70          return -EFAULT;
    6.71  
    6.72 @@ -911,16 +911,19 @@ gnttab_query_size(
    6.73      dom = op.dom;
    6.74      if ( dom == DOMID_SELF )
    6.75      {
    6.76 -        d = current->domain;
    6.77 +        d = rcu_lock_current_domain();
    6.78      }
    6.79 -    else {
    6.80 +    else
    6.81 +    {
    6.82          if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) )
    6.83          {
    6.84              gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom);
    6.85              op.status = GNTST_bad_domain;
    6.86              goto query_out;
    6.87          }
    6.88 -        if ( unlikely(!IS_PRIV_FOR(current->domain, d)) ) {
    6.89 +
    6.90 +        if ( unlikely(!IS_PRIV_FOR(current->domain, d)) )
    6.91 +        {
    6.92              op.status = GNTST_permission_denied;
    6.93              goto query_out_unlock;
    6.94          }
     7.1 --- a/xen/common/memory.c	Fri Mar 28 14:12:33 2008 +0000
     7.2 +++ b/xen/common/memory.c	Fri Mar 28 17:50:10 2008 +0000
     7.3 @@ -232,12 +232,15 @@ static long translate_gpfn_list(
     7.4          return -EFAULT;
     7.5  
     7.6      if ( op.domid == DOMID_SELF )
     7.7 -        d = current->domain;
     7.8 -    else {
     7.9 -        d = rcu_lock_domain_by_id(op.domid);
    7.10 -        if ( d == NULL )
    7.11 +    {
    7.12 +        d = rcu_lock_current_domain();
    7.13 +    }
    7.14 +    else
    7.15 +    {
    7.16 +        if ( (d = rcu_lock_domain_by_id(op.domid)) == NULL )
    7.17              return -ESRCH;
    7.18 -        if ( !IS_PRIV_FOR(current->domain, d) ) {
    7.19 +        if ( !IS_PRIV_FOR(current->domain, d) )
    7.20 +        {
    7.21              rcu_unlock_domain(d);
    7.22              return -EPERM;
    7.23          }
    7.24 @@ -539,12 +542,15 @@ long do_memory_op(unsigned long cmd, XEN
    7.25          }
    7.26  
    7.27          if ( likely(reservation.domid == DOMID_SELF) )
    7.28 -            d = current->domain;
    7.29 -        else {
    7.30 -            d = rcu_lock_domain_by_id(reservation.domid);
    7.31 -            if ( d == NULL)
    7.32 +        {
    7.33 +            d = rcu_lock_current_domain();
    7.34 +        }
    7.35 +        else
    7.36 +        {
    7.37 +            if ( (d = rcu_lock_domain_by_id(reservation.domid)) == NULL )
    7.38                  return start_extent;
    7.39 -            if ( !IS_PRIV_FOR(current->domain, d) ) {
    7.40 +            if ( !IS_PRIV_FOR(current->domain, d) )
    7.41 +            {
    7.42                  rcu_unlock_domain(d);
    7.43                  return start_extent;
    7.44              }
    7.45 @@ -554,8 +560,7 @@ long do_memory_op(unsigned long cmd, XEN
    7.46          rc = xsm_memory_adjust_reservation(current->domain, d);
    7.47          if ( rc )
    7.48          {
    7.49 -            if ( reservation.domid != DOMID_SELF )
    7.50 -                rcu_unlock_domain(d);
    7.51 +            rcu_unlock_domain(d);
    7.52              return rc;
    7.53          }
    7.54  
    7.55 @@ -572,8 +577,7 @@ long do_memory_op(unsigned long cmd, XEN
    7.56              break;
    7.57          }
    7.58  
    7.59 -        if ( unlikely(reservation.domid != DOMID_SELF) )
    7.60 -            rcu_unlock_domain(d);
    7.61 +        rcu_unlock_domain(d);
    7.62  
    7.63          rc = args.nr_done;
    7.64  
    7.65 @@ -599,12 +603,15 @@ long do_memory_op(unsigned long cmd, XEN
    7.66              return -EFAULT;
    7.67  
    7.68          if ( likely(domid == DOMID_SELF) )
    7.69 -            d = current->domain;
    7.70 -        else {
    7.71 -            d = rcu_lock_domain_by_id(domid);
    7.72 -            if ( d == NULL )
    7.73 +        {
    7.74 +            d = rcu_lock_current_domain();
    7.75 +        }
    7.76 +        else
    7.77 +        {
    7.78 +            if ( (d = rcu_lock_domain_by_id(domid)) == NULL )
    7.79                  return -ESRCH;
    7.80 -            if ( !IS_PRIV_FOR(current->domain, d) ) {
    7.81 +            if ( !IS_PRIV_FOR(current->domain, d) )
    7.82 +            {
    7.83                  rcu_unlock_domain(d);
    7.84                  return -EPERM;
    7.85              }
    7.86 @@ -613,8 +620,7 @@ long do_memory_op(unsigned long cmd, XEN
    7.87          rc = xsm_memory_stat_reservation(current->domain, d);
    7.88          if ( rc )
    7.89          {
    7.90 -            if ( domid != DOMID_SELF )
    7.91 -                rcu_unlock_domain(d);
    7.92 +            rcu_unlock_domain(d);
    7.93              return rc;
    7.94          }
    7.95  
    7.96 @@ -632,8 +638,7 @@ long do_memory_op(unsigned long cmd, XEN
    7.97              break;
    7.98          }
    7.99  
   7.100 -        if ( unlikely(domid != DOMID_SELF) )
   7.101 -            rcu_unlock_domain(d);
   7.102 +        rcu_unlock_domain(d);
   7.103  
   7.104          break;
   7.105