rename IS_PRIV to is_hardware_domain

Since the remaining uses of IS_PRIV are actually concerned with the
domain having control of the hardware (i.e. being the initial domain),
clarify this by renaming IS_PRIV to is_hardware_domain.  This also
removes IS_PRIV_FOR since the only remaining user was xsm/dummy.h.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
Acked-by: Keir Fraser <keir@xen.org>

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 1f16ad2568f237fd6a6cc6070f8cf246990976e2..c2a04c4421bd138f5d15758b1f23f1a782e7cfb9 100644 (file)
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -661,7 +661,7 @@ long arch_do_domctl(
                     while ( i-- )
                         clear_mmio_p2m_entry(d, gfn + i);
                     if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) &&
-                         IS_PRIV(current->domain) )
+                         is_hardware_domain(current->domain) )
                         printk(XENLOG_ERR
                                "memory_map: failed to deny dom%d access to [%lx,%lx]\n",
                                d->domain_id, mfn, mfn + nr_mfns - 1);
@@ -680,7 +680,7 @@ long arch_do_domctl(
             ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
             if ( !ret && add )
                 ret = -EIO;
-            if ( ret && IS_PRIV(current->domain) )
+            if ( ret && is_hardware_domain(current->domain) )
                 printk(XENLOG_ERR
                        "memory_map: error %ld %s dom%d access to [%lx,%lx]\n",
                        ret, add ? "removing" : "denying", d->domain_id,
@@ -767,7 +767,7 @@ long arch_do_domctl(
                     break;
                 }
             ret = ioports_deny_access(d, fmp, fmp + np - 1);
-            if ( ret && IS_PRIV(current->domain) )
+            if ( ret && is_hardware_domain(current->domain) )
                 printk(XENLOG_ERR
                        "ioport_map: error %ld denying dom%d access to [%x,%x]\n",
                        ret, d->domain_id, fmp, fmp + np - 1);

diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index 36bed2953e3d55c963b24114b6f096ea91079845..a2ceea0001d483ed2d256019f1dabbe305f79435 100644 (file)
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -812,7 +812,7 @@ static int msix_capability_init(struct pci_dev *dev,
                         break;
             if ( d )
             {
-                if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id )
+                if ( !is_hardware_domain(d) && dev->msix_warned != d->domain_id )
                 {
                     dev->msix_warned = d->domain_id;
                     printk(XENLOG_ERR

diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index eb8a40706a0fcd7f311a6f787a9a3f25296bdbdb..3733c7a129dc33a046f54e6b87494adbdeb639a2 100644 (file)
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -128,7 +128,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index, int *pirq_p,
         irq = domain_pirq_to_irq(current->domain, *index);
         if ( irq <= 0 )
         {
-            if ( IS_PRIV(current->domain) )
+            if ( is_hardware_domain(current->domain) )
                 irq = *index;
             else {
                 dprintk(XENLOG_G_ERR, "dom%d: map pirq with incorrect irq!\n",
@@ -691,7 +691,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
     case PHYSDEVOP_dbgp_op: {
         struct physdev_dbgp_op op;
 
-        if ( !IS_PRIV(v->domain) )
+        if ( !is_hardware_domain(v->domain) )
             ret = -EPERM;
         else if ( copy_from_guest(&op, arg, 1) )
             ret = -EFAULT;

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index f630f8318de0246518066390fdd719adc177fd61..48fe4682c61f336ba1feccc26ba2cdfb3aaf9919 100644 (file)
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1311,7 +1311,7 @@ static int fixup_page_fault(unsigned long addr, struct cpu_user_regs *regs)
              ptwr_do_page_fault(v, addr, regs) )
             return EXCRET_fault_fixed;
 
-        if ( IS_PRIV(d) && (regs->error_code & PFEC_page_present) &&
+        if ( is_hardware_domain(d) && (regs->error_code & PFEC_page_present) &&
              mmio_ro_do_page_fault(v, addr, regs) )
             return EXCRET_fault_fixed;
     }
@@ -1631,7 +1631,7 @@ static int pci_cfg_ok(struct domain *d, int write, int size)
 {
     uint32_t machine_bdf;
     uint16_t start, end;
-    if (!IS_PRIV(d))
+    if (!is_hardware_domain(d))
         return 0;
 
     machine_bdf = (d->arch.pci_cf8 >> 8) & 0xFFFF;
@@ -2423,7 +2423,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) ||
                  (eax != (uint32_t)val) ||
@@ -2436,7 +2436,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) )
                 goto fail;
@@ -2456,7 +2456,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
         case MSR_IA32_UCODE_REV:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( rdmsr_safe(regs->ecx, val) )
                 goto fail;
@@ -2492,7 +2492,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
         case MSR_IA32_ENERGY_PERF_BIAS:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( wrmsr_safe(regs->ecx, msr_content) != 0 )
                 goto fail;

diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index cb3baed3446283d398c40c6fc162fcb1fe94e8f4..5b55c09fb64d48ec510760e6e821090aef26f816 100644 (file)
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -716,8 +716,16 @@ uint64_t get_cpu_idle_time(unsigned int cpu);
 void watchdog_domain_init(struct domain *d);
 void watchdog_domain_destroy(struct domain *d);
 
-#define IS_PRIV(_d) ((_d)->is_privileged)
-#define IS_PRIV_FOR(_d, _t) (IS_PRIV(_d) || ((_d)->target && (_d)->target == (_t)))
+/* 
+ * Use this check when the following are both true:
+ *  - Using this feature or interface requires full access to the hardware
+ *    (that is, this is would not be suitable for a driver domain)
+ *  - There is never a reason to deny dom0 access to this
+ */
+#define is_hardware_domain(_d) ((_d)->is_privileged)
+
+/* This check is for functionality specific to a control domain */
+#define is_control_domain(_d) ((_d)->is_privileged)
 
 #define VM_ASSIST(_d,_t) (test_bit((_t), &(_d)->vm_assist))
 

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 3912bd93b95b3613b82a3afa81432098a55aa366..a87205661dbccaca9042270cbd57ae63e5781d05 100644 (file)
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -60,17 +60,23 @@ static always_inline int xsm_default_action(
     case XSM_HOOK:
         return 0;
     case XSM_DM_PRIV:
-        if ( !IS_PRIV_FOR(src, target) )
-            return -EPERM;
-        return 0;
+        if ( src->is_privileged )
+            return 0;
+        if ( target && src->target == target )
+            return 0;
+        return -EPERM;
     case XSM_TARGET:
-        if ( src != target && !IS_PRIV_FOR(src, target) )
-            return -EPERM;
-        return 0;
+        if ( src == target )
+            return 0;
+        if ( src->is_privileged )
+            return 0;
+        if ( target && src->target == target )
+            return 0;
+        return -EPERM;
     case XSM_PRIV:
-        if ( !IS_PRIV(src) )
-            return -EPERM;
-        return 0;
+        if ( src->is_privileged )
+            return 0;
+        return -EPERM;
     default:
         LINKER_BUG_ON(1);
         return -EPERM;
@@ -567,10 +573,12 @@ static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
 static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t,
                                      struct domain *f, uint32_t flags)
 {
+    int rc;
     XSM_ASSERT_ACTION(XSM_TARGET);
-    if ( t && d != t && !IS_PRIV_FOR(d, t) )
-        return -EPERM;
-    return xsm_default_action(action, d, f);
+    rc = xsm_default_action(action, d, f);
+    if ( t && !rc )
+        rc = xsm_default_action(action, d, t);
+    return rc;
 }
 
 static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f)