tools/libxendevicemodel: add a call to restrict the handle

My recent patch [1] to the Linux privcmd module introduced a mechanism
to restrict an open file handle to subsequently only accept operations for
a specified domain.

This patch extends the libxendevicemodel API and make use of the
mechanism in the Linux-specific code to restrict operations on the
interface handle.

[1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

diff --git a/tools/include/xen-sys/Linux/privcmd.h b/tools/include/xen-sys/Linux/privcmd.h
index c80eb5e2ade6652819728c4eb5ff83f5326abf27..732ff7c15a6b16e59579a037fecc9ad8175dc299 100644 (file)
--- a/tools/include/xen-sys/Linux/privcmd.h
+++ b/tools/include/xen-sys/Linux/privcmd.h
@@ -101,5 +101,7 @@ typedef struct privcmd_dm_op {
        _IOC(_IOC_NONE, 'P', 4, sizeof(privcmd_mmapbatch_v2_t))
 #define IOCTL_PRIVCMD_DM_OP                                    \
        _IOC(_IOC_NONE, 'P', 5, sizeof(privcmd_dm_op_t))
+#define IOCTL_PRIVCMD_RESTRICT                                 \
+       _IOC(_IOC_NONE, 'P', 6, sizeof(domid_t))
 
 #endif /* __LINUX_PUBLIC_PRIVCMD_H__ */

diff --git a/tools/libs/devicemodel/compat.c b/tools/libs/devicemodel/compat.c
index 245e907f1330bb7726c62c994fceb36aed2f57fa..5b4fdae2980450518919d60d50bf4acbeb6b100b 100644 (file)
--- a/tools/libs/devicemodel/compat.c
+++ b/tools/libs/devicemodel/compat.c
@@ -15,6 +15,8 @@
  * License along with this library; If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <errno.h>
+
 #include "private.h"
 
 int osdep_xendevicemodel_open(xendevicemodel_handle *dmod)
@@ -34,6 +36,13 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
     return xendevicemodel_xcall(dmod, domid, nr_bufs, bufs);
 }
 
+int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod,
+                                  domid_t domid)
+{
+    errno = EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C

diff --git a/tools/libs/devicemodel/core.c b/tools/libs/devicemodel/core.c
index 33ee157eb70007af6d4025549f88dd52f5ee48e8..504543c1c58b5daf241855f401b1a1b122042a56 100644 (file)
--- a/tools/libs/devicemodel/core.c
+++ b/tools/libs/devicemodel/core.c
@@ -492,6 +492,11 @@ int xendevicemodel_inject_event(
     return xendevicemodel_op(dmod, domid, 1, &op, sizeof(op));
 }
 
+int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid)
+{
+    return osdep_xendevicemodel_restrict(dmod, domid);
+}
+
 /*
  * Local variables:
  * mode: C

diff --git a/tools/libs/devicemodel/include/xendevicemodel.h b/tools/libs/devicemodel/include/xendevicemodel.h
index e00f8da1622f6350d71437cce90482de11ac75e6..b3f600ef8c795994711bc5931800e7dd8daa7ea0 100644 (file)
--- a/tools/libs/devicemodel/include/xendevicemodel.h
+++ b/tools/libs/devicemodel/include/xendevicemodel.h
@@ -283,6 +283,16 @@ int xendevicemodel_inject_event(
     xendevicemodel_handle *dmod, domid_t domid, int vcpu, uint8_t vector,
     uint8_t type, uint32_t error_code, uint8_t insn_len, uint64_t cr2);
 
+/**
+ * This function restricts the use of this handle to the specified
+ * domain.
+ *
+ * @parm dmod handle to the open devicemodel interface
+ * @parm domid the domain id
+ * @return 0 on success, -1 on failure.
+ */
+int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid);
+
 #endif /* __XEN_TOOLS__ */
 
 #endif /* XENDEVICEMODEL_H */

diff --git a/tools/libs/devicemodel/libxendevicemodel.map b/tools/libs/devicemodel/libxendevicemodel.map
index abc6d0640a1dec835e6d7ff47e8dc3b3437059a2..45c773e30a56179477cb223c9062f6d73ca7d302 100644 (file)
--- a/tools/libs/devicemodel/libxendevicemodel.map
+++ b/tools/libs/devicemodel/libxendevicemodel.map
@@ -17,6 +17,7 @@ VERS_1.0 {
                xendevicemodel_modified_memory;
                xendevicemodel_set_mem_type;
                xendevicemodel_inject_event;
+               xendevicemodel_restrict;
                xendevicemodel_close;
        local: *; /* Do not expose anything by default */
 };

diff --git a/tools/libs/devicemodel/linux.c b/tools/libs/devicemodel/linux.c
index 7511ee7f27db265a573064ae73381075ecc6e365..438c55bf2c3a81349db0459f416155b44e4659f4 100644 (file)
--- a/tools/libs/devicemodel/linux.c
+++ b/tools/libs/devicemodel/linux.c
@@ -112,6 +112,17 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
     return 0;
 }
 
+int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod,
+                                  domid_t domid)
+{
+    if (dmod->fd < 0) {
+        errno = EOPNOTSUPP;
+        return -1;
+    }
+
+    return ioctl(dmod->fd, IOCTL_PRIVCMD_RESTRICT, &domid);
+}
+
 /*
  * Local variables:
  * mode: C

diff --git a/tools/libs/devicemodel/private.h b/tools/libs/devicemodel/private.h
index 5ce3b45569d5967717a83b146d0eb459ef353681..4ce5aac20ed2115e126ee03d155e16c9435036fc 100644 (file)
--- a/tools/libs/devicemodel/private.h
+++ b/tools/libs/devicemodel/private.h
@@ -29,6 +29,9 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
                             domid_t domid, unsigned int nr_bufs,
                             struct xendevicemodel_buf bufs[]);
 
+int osdep_xendevicemodel_restrict(
+    xendevicemodel_handle *dmod, domid_t domid);
+
 #define PERROR(_f...) \
     xtl_log(dmod->logger, XTL_ERROR, errno, "xendevicemodel", _f)