From: Paul Durrant Date: Wed, 22 Mar 2017 11:25:25 +0000 (+0000) Subject: tools/libxenforeignmemory: add a call to restrict the handle X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=5823d6eb40af67b6775db32e9643bb0471e52e4e;p=people%2Froyger%2Fxen.git tools/libxenforeignmemory: add a call to restrict the handle Commit 8ef5f344d061 "tools/libxendevicemodel: add a call to restrict the handle" added a function to the devicemodel interface to restrict operations through the API to a specific domain, where a capable under- lying privcmd driver exists. This patch adds similar functionality to the xenforeignmemory API. This will be necessary (as much as xendevicemodel restriction) for limiting the scope of device models to specific domains. NOTE: My patch to the linux kernel [1] added the appropriate checks to the foreign memory ioctls. [1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240 Signed-off-by: Paul Durrant Acked-by: Wei Liu --- diff --git a/tools/libs/foreignmemory/core.c b/tools/libs/foreignmemory/core.c index a872b9555d..0ebd4293b1 100644 --- a/tools/libs/foreignmemory/core.c +++ b/tools/libs/foreignmemory/core.c @@ -106,6 +106,12 @@ int xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return osdep_xenforeignmemory_unmap(fmem, addr, num); } +int xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + return osdep_xenforeignmemory_restrict(fmem, domid); +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/freebsd.c b/tools/libs/foreignmemory/freebsd.c index ef08b6c4af..f6cd08c4c0 100644 --- a/tools/libs/foreignmemory/freebsd.c +++ b/tools/libs/foreignmemory/freebsd.c @@ -96,6 +96,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num << PAGE_SHIFT); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/include/xenforeignmemory.h b/tools/libs/foreignmemory/include/xenforeignmemory.h index 92b9277b75..d5be6481de 100644 --- a/tools/libs/foreignmemory/include/xenforeignmemory.h +++ b/tools/libs/foreignmemory/include/xenforeignmemory.h @@ -115,6 +115,17 @@ void *xenforeignmemory_map(xenforeignmemory_handle *fmem, uint32_t dom, int xenforeignmemory_unmap(xenforeignmemory_handle *fmem, void *addr, size_t pages); +/** + * This function restricts the use of this handle to the specified + * domain. + * + * @parm fmem handle to the open foreignmemory interface + * @parm domid the domain id + * @return 0 on success, -1 on failure. + */ +int xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid); + #endif /* diff --git a/tools/libs/foreignmemory/libxenforeignmemory.map b/tools/libs/foreignmemory/libxenforeignmemory.map index df206b3cfb..5c9806cf28 100644 --- a/tools/libs/foreignmemory/libxenforeignmemory.map +++ b/tools/libs/foreignmemory/libxenforeignmemory.map @@ -4,5 +4,6 @@ VERS_1.0 { xenforeignmemory_close; xenforeignmemory_map; xenforeignmemory_unmap; + xenforeignmemory_restrict; local: *; /* Do not expose anything by default */ }; diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c index 423c7441bc..320bb212fd 100644 --- a/tools/libs/foreignmemory/linux.c +++ b/tools/libs/foreignmemory/linux.c @@ -272,6 +272,12 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num << PAGE_SHIFT); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + return ioctl(fmem->fd, IOCTL_PRIVCMD_RESTRICT, &domid); +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/minios.c b/tools/libs/foreignmemory/minios.c index 6dc97bda68..2dd4910663 100644 --- a/tools/libs/foreignmemory/minios.c +++ b/tools/libs/foreignmemory/minios.c @@ -58,6 +58,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num << PAGE_SHIFT); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/netbsd.c b/tools/libs/foreignmemory/netbsd.c index 08f49640b8..af3a1a4a0d 100644 --- a/tools/libs/foreignmemory/netbsd.c +++ b/tools/libs/foreignmemory/netbsd.c @@ -100,6 +100,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num*XC_PAGE_SIZE); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/foreignmemory/private.h b/tools/libs/foreignmemory/private.h index 9cc7814e16..ed7ec7a43f 100644 --- a/tools/libs/foreignmemory/private.h +++ b/tools/libs/foreignmemory/private.h @@ -32,6 +32,9 @@ void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem, int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, void *addr, size_t num); +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid); + #if defined(__NetBSD__) || defined(__sun__) /* Strictly compat for those two only only */ void *compat_mapforeign_batch(xenforeignmem_handle *fmem, uint32_t dom, diff --git a/tools/libs/foreignmemory/solaris.c b/tools/libs/foreignmemory/solaris.c index e925a29122..fe7bb45e9e 100644 --- a/tools/libs/foreignmemory/solaris.c +++ b/tools/libs/foreignmemory/solaris.c @@ -98,6 +98,13 @@ int osdep_xenforeignmemory_unmap(xenforeignmemory_handle *fmem, return munmap(addr, num*XC_PAGE_SIZE); } +int osdep_xenforeignmemory_restrict(xenforeignmemory_handle *fmem, + domid_t domid) +{ + errno = -EOPNOTSUPP; + return -1; +} + /* * Local variables: * mode: C