ia64/xen-unstable

changeset 16081:de68316bd2fa

xend, xsm: Lock domain access while modifying policy.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir@xensource.com>
date Mon Oct 08 13:43:17 2007 +0100 (2007-10-08)
parents 685054d5fa48
children a18dbd4a96e6
files tools/python/xen/util/xsm/acm/acm.py tools/python/xen/xend/XendXSPolicy.py tools/python/xen/xend/XendXSPolicyAdmin.py
line diff
     1.1 --- a/tools/python/xen/util/xsm/acm/acm.py	Mon Oct 08 10:57:32 2007 +0100
     1.2 +++ b/tools/python/xen/util/xsm/acm/acm.py	Mon Oct 08 13:43:17 2007 +0100
     1.3 @@ -103,6 +103,13 @@ def mapfile_unlock():
     1.4      __mapfile_lock.release()
     1.5  
     1.6  
     1.7 +def resfile_lock():
     1.8 +    __resfile_lock.acquire()
     1.9 +
    1.10 +def resfile_unlock():
    1.11 +    __resfile_lock.release()
    1.12 +
    1.13 +
    1.14  def refresh_security_policy():
    1.15      """
    1.16      retrieves security policy
    1.17 @@ -961,7 +968,7 @@ def resources_compatible_with_vmlabel(xs
    1.18          return False
    1.19  
    1.20      try:
    1.21 -        __resfile_lock.acquire()
    1.22 +        resfile_lock()
    1.23          try:
    1.24              access_control = dictio.dict_read("resources",
    1.25                                                res_label_filename)
    1.26 @@ -971,7 +978,7 @@ def resources_compatible_with_vmlabel(xs
    1.27          return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel,
    1.28                                                     access_control)
    1.29      finally:
    1.30 -        __resfile_lock.release()
    1.31 +        resfile_unlock()
    1.32      return False
    1.33  
    1.34  
    1.35 @@ -1053,7 +1060,7 @@ def set_resource_label(resource, policyt
    1.36          return -xsconstants.XSERR_RESOURCE_IN_USE
    1.37  
    1.38      try:
    1.39 -        __resfile_lock.acquire()
    1.40 +        resfile_lock()
    1.41          access_control = {}
    1.42          try:
    1.43               access_control = dictio.dict_read("resources", res_label_filename)
    1.44 @@ -1075,7 +1082,7 @@ def set_resource_label(resource, policyt
    1.45                  del access_control[resource]
    1.46          dictio.dict_write(access_control, "resources", res_label_filename)
    1.47      finally:
    1.48 -        __resfile_lock.release()
    1.49 +        resfile_unlock()
    1.50      return xsconstants.XSERR_SUCCESS
    1.51  
    1.52  def rm_resource_label(resource, oldlabel_xapi):
    1.53 @@ -1158,13 +1165,13 @@ def get_labeled_resources():
    1.54      @return list of labeled resources
    1.55      """
    1.56      try:
    1.57 -        __resfile_lock.acquire()
    1.58 +        resfile_lock()
    1.59          try:
    1.60              access_control = dictio.dict_read("resources", res_label_filename)
    1.61          except:
    1.62              return {}
    1.63      finally:
    1.64 -        __resfile_lock.release()
    1.65 +        resfile_unlock()
    1.66      return access_control
    1.67  
    1.68  
    1.69 @@ -1213,6 +1220,9 @@ def change_acm_policy(bin_pol, del_array
    1.70          - Attempt changes in the hypervisor; if this step fails,
    1.71            roll back the relabeling of resources and VMs
    1.72          - Make the relabeling of resources and VMs permanent
    1.73 +
    1.74 +       This function should be called with the lock to the domains
    1.75 +       held (XendDomain.instance().domains_lock)
    1.76      """
    1.77      rc = xsconstants.XSERR_SUCCESS
    1.78  
    1.79 @@ -1225,7 +1235,7 @@ def change_acm_policy(bin_pol, del_array
    1.80      errors=""
    1.81  
    1.82      try:
    1.83 -        __resfile_lock.acquire()
    1.84 +        resfile_lock()
    1.85          mapfile_lock()
    1.86  
    1.87          # Get all domains' dominfo.
    1.88 @@ -1240,6 +1250,7 @@ def change_acm_policy(bin_pol, del_array
    1.89              access_control = dictio.dict_read("resources", res_label_filename)
    1.90          except:
    1.91              pass
    1.92 +
    1.93          for key, labeldata in access_control.items():
    1.94              if len(labeldata) == 2:
    1.95                  policy, label = labeldata
    1.96 @@ -1328,7 +1339,7 @@ def change_acm_policy(bin_pol, del_array
    1.97      finally:
    1.98          log.info("----------------------------------------------")
    1.99          mapfile_unlock()
   1.100 -        __resfile_lock.release()
   1.101 +        resfile_unlock()
   1.102  
   1.103      return rc, errors
   1.104  
     2.1 --- a/tools/python/xen/xend/XendXSPolicy.py	Mon Oct 08 10:57:32 2007 +0100
     2.2 +++ b/tools/python/xen/xend/XendXSPolicy.py	Mon Oct 08 13:43:17 2007 +0100
     2.3 @@ -130,9 +130,7 @@ class XendXSPolicy(XendBase):
     2.4          if refs and len(refs) > 0:
     2.5              ref = refs[0]
     2.6              xspol = XSPolicyAdminInstance().policy_from_ref(ref)
     2.7 -            try:
     2.8 -                xspol.grab_lock()
     2.9 -
    2.10 +            if xspol:
    2.11                  polstate = {
    2.12                    'xs_ref' : ref,
    2.13                    'repr'   : xspol.toxml(),
    2.14 @@ -142,9 +140,6 @@ class XendXSPolicy(XendBase):
    2.15                    'errors' : "",
    2.16                    'xserr'  : 0,
    2.17                  }
    2.18 -            finally:
    2.19 -                if xspol:
    2.20 -                    xspol.unlock()
    2.21          return polstate
    2.22  
    2.23      def rm_xsbootpolicy(self):
     3.1 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py	Mon Oct 08 10:57:32 2007 +0100
     3.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py	Mon Oct 08 13:43:17 2007 +0100
     3.3 @@ -94,6 +94,15 @@ class XSPolicyAdmin:
     3.4            If flags is True, then any existing policy will be removed from
     3.5            the system and the new one will be installed
     3.6          """
     3.7 +        from xen.xend import XendDomain
     3.8 +        domains = XendDomain.instance()
     3.9 +        try:
    3.10 +            domains.domains_lock.acquire()
    3.11 +            return self.__add_acmpolicy_to_system(xmltext, flags, overwrite)
    3.12 +        finally:
    3.13 +            domains.domains_lock.release()
    3.14 +
    3.15 +    def __add_acmpolicy_to_system(self, xmltext, flags, overwrite):
    3.16          errors = ""
    3.17          loadedpol = self.get_loaded_policy()
    3.18          if loadedpol:
    3.19 @@ -182,6 +191,15 @@ class XSPolicyAdmin:
    3.20          return xsconstants.XSERR_SUCCESS
    3.21  
    3.22      def activate_xspolicy(self, xspol, flags):
    3.23 +        from xen.xend import XendDomain
    3.24 +        domains = XendDomain.instance()
    3.25 +        try:
    3.26 +            domains.domains_lock.acquire()
    3.27 +            return self.__activate_xspolicy(xspol, flags)
    3.28 +        finally:
    3.29 +            domains.domains_lock.release()
    3.30 +
    3.31 +    def __activate_xspolicy(self, xspol, flags):
    3.32          rc = xsconstants.XSERR_SUCCESS
    3.33          if flags & xsconstants.XS_INST_LOAD:
    3.34              rc = xspol.loadintohv()