From ab4440112bec31d066df97eab5a0625076e8790a Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Tue, 17 Jun 2014 10:32:21 +0100 Subject: [PATCH] xl / libxl: push parsing of SSID and CPU pool ID down to libxl This patch pushes parsing of "init_seclabel", "seclabel", "device_model_stubdomain_seclabel" and "pool" down to libxl level. Originally the parsing is done in xl level, which is not ideal because libxl won't have the truely relevant information. With this patch libxl holds important information by itself. The libxl IDL is extended to hold the string of labels and pool name. And if there those strings are present they take precedence over the numeric representations. As all relevant structures (libxl_dominfo etc) have a field called X_name / X_label now, a string is also copied there so that callers won't have to do ID to name / label translation. In order to be compatible with users of older versions of libxl, this patch also defines LIBXL_HAVE_SSID_LABEL and LIBXL_HAVE_CPUPOOL_NAME. If they are defined, the respective strings are available. And if those strings are not NULL, libxl will do the parsing and ignore the numeric values. Signed-off-by: Wei Liu Cc: Dario Faggioli Cc: Juergen Gross Cc: Daniel De Graaf Acked-by: Ian Campbell --- tools/libxl/libxl.c | 22 ++++++-- tools/libxl/libxl.h | 20 +++++++ tools/libxl/libxl_create.c | 57 +++++++++++++++++++ tools/libxl/libxl_dm.c | 4 ++ tools/libxl/libxl_types.idl | 6 ++ tools/libxl/xl_cmdimpl.c | 107 ++++++++++-------------------------- tools/libxl/xl_sxp.c | 7 +-- 7 files changed, 137 insertions(+), 86 deletions(-) diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index 9054c3b353..b3dca0c3ca 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -529,12 +529,18 @@ int libxl_domain_preserve(libxl_ctx *ctx, uint32_t domid, return 0; } -static void xcinfo2xlinfo(const xc_domaininfo_t *xcinfo, +static void xcinfo2xlinfo(libxl_ctx *ctx, + const xc_domaininfo_t *xcinfo, libxl_dominfo *xlinfo) { + size_t size; + memcpy(&(xlinfo->uuid), xcinfo->handle, sizeof(xen_domain_handle_t)); xlinfo->domid = xcinfo->domain; xlinfo->ssidref = xcinfo->ssidref; + if (libxl_flask_sid_to_context(ctx, xlinfo->ssidref, + &xlinfo->ssid_label, &size) < 0) + xlinfo->ssid_label = NULL; xlinfo->dying = !!(xcinfo->flags&XEN_DOMINF_dying); xlinfo->shutdown = !!(xcinfo->flags&XEN_DOMINF_shutdown); @@ -581,7 +587,7 @@ libxl_dominfo * libxl_list_domain(libxl_ctx *ctx, int *nb_domain_out) } for (i = 0; i < ret; i++) { - xcinfo2xlinfo(&info[i], &ptr[i]); + xcinfo2xlinfo(ctx, &info[i], &ptr[i]); } *nb_domain_out = ret; return ptr; @@ -600,7 +606,7 @@ int libxl_domain_info(libxl_ctx *ctx, libxl_dominfo *info_r, if (ret==0 || xcinfo.domain != domid) return ERROR_INVAL; if (info_r) - xcinfo2xlinfo(&xcinfo, info_r); + xcinfo2xlinfo(ctx, &xcinfo, info_r); return 0; } @@ -628,6 +634,11 @@ static int cpupool_info(libxl__gc *gc, } info->poolid = xcinfo->cpupool_id; + info->pool_name = libxl_cpupoolid_to_name(CTX, info->poolid); + if (!info->pool_name) { + rc = ERROR_FAIL; + goto out; + } info->sched = xcinfo->sched_id; info->n_dom = xcinfo->n_dom; rc = libxl_cpu_bitmap_alloc(CTX, &info->cpumap, 0); @@ -4174,10 +4185,13 @@ retry_transaction: abort_transaction = 1; goto out; } - xcinfo2xlinfo(&info, &ptr); + + libxl_dominfo_init(&ptr); + xcinfo2xlinfo(ctx, &info, &ptr); uuid = libxl__uuid2string(gc, ptr.uuid); libxl__xs_write(gc, t, libxl__sprintf(gc, "/vm/%s/memory", uuid), "%"PRIu32, new_target_memkb / 1024); + libxl_dominfo_dispose(&ptr); out: if (!xs_transaction_end(ctx->xsh, t, abort_transaction) diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h index 17b8a7b000..8fbfa2d9e4 100644 --- a/tools/libxl/libxl.h +++ b/tools/libxl/libxl.h @@ -498,6 +498,26 @@ #define LIBXL_EXTERNAL_CALLERS_ONLY /* disappears for callers outside libxl */ #endif +/* + * LIBXL_HAVE_SSID_LABEL + * + * If this is defined, then libxl IDL contains string of XSM security + * label in all XSM related structures. + * + * If set this string takes precedence over the numeric field. + */ +#define LIBXL_HAVE_SSID_LABEL 1 + +/* + * LIBXL_HAVE_CPUPOOL_NAME + * + * If this is defined, then libxl IDL contains string of CPU pool + * name in all CPU pool related structures. + * + * If set this string takes precedence over the numeric field. + */ +#define LIBXL_HAVE_CPUPOOL_NAME 1 + typedef uint8_t libxl_mac[6]; #define LIBXL_MAC_FMT "%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx" #define LIBXL_MAC_FMTLEN ((2*6)+5) /* 6 hex bytes plus 5 colons */ diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index d015cf41b4..fe3bdd2013 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -724,6 +724,63 @@ static void initiate_domain_create(libxl__egc *egc, domid = 0; + if (d_config->c_info.ssid_label) { + char *s = d_config->c_info.ssid_label; + ret = libxl_flask_context_to_sid(ctx, s, strlen(s), + &d_config->c_info.ssidref); + if (ret) { + if (errno == ENOSYS) { + LOG(WARN, "XSM Disabled: init_seclabel not supported"); + ret = 0; + } else { + LOG(ERROR, "Invalid init_seclabel: %s", s); + goto error_out; + } + } + } + + if (d_config->b_info.exec_ssid_label) { + char *s = d_config->b_info.exec_ssid_label; + ret = libxl_flask_context_to_sid(ctx, s, strlen(s), + &d_config->b_info.exec_ssidref); + if (ret) { + if (errno == ENOSYS) { + LOG(WARN, "XSM Disabled: seclabel not supported"); + ret = 0; + } else { + LOG(ERROR, "Invalid seclabel: %s", s); + goto error_out; + } + } + } + + if (d_config->b_info.device_model_ssid_label) { + char *s = d_config->b_info.device_model_ssid_label; + ret = libxl_flask_context_to_sid(ctx, s, strlen(s), + &d_config->b_info.device_model_ssidref); + if (ret) { + if (errno == ENOSYS) { + LOG(WARN,"XSM Disabled: device_model_stubdomain_seclabel not supported"); + ret = 0; + } else { + LOG(ERROR, "Invalid device_model_stubdomain_seclabel: %s", s); + goto error_out; + } + } + } + + if (d_config->c_info.pool_name) { + d_config->c_info.poolid = -1; + libxl_cpupool_qualifier_to_cpupoolid(ctx, d_config->c_info.pool_name, + &d_config->c_info.poolid, + NULL); + } + if (!libxl_cpupoolid_is_valid(ctx, d_config->c_info.poolid)) { + LOG(ERROR, "Illegal pool specified: %s", d_config->c_info.pool_name); + ret = ERROR_INVAL; + goto error_out; + } + /* If target_memkb is smaller than max_memkb, the subsequent call * to libxc when building HVM domain will enable PoD mode. */ diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index 51ab2bf5a0..addacdb2cc 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -910,7 +910,11 @@ void libxl__spawn_stub_dm(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss) dm_config->c_info.type = LIBXL_DOMAIN_TYPE_PV; dm_config->c_info.name = libxl__stub_dm_name(gc, libxl__domid_to_name(gc, guest_domid)); + /* When we are here to launch stubdom, ssidref is a valid value + * already, no need to parse it again. + */ dm_config->c_info.ssidref = guest_config->b_info.device_model_ssidref; + dm_config->c_info.ssid_label = NULL; libxl_uuid_generate(&dm_config->c_info.uuid); diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl index f0f6e34b09..101814241b 100644 --- a/tools/libxl/libxl_types.idl +++ b/tools/libxl/libxl_types.idl @@ -215,6 +215,7 @@ libxl_dominfo = Struct("dominfo",[ ("uuid", libxl_uuid), ("domid", libxl_domid), ("ssidref", uint32), + ("ssid_label", string), ("running", bool), ("blocked", bool), ("paused", bool), @@ -240,6 +241,7 @@ libxl_dominfo = Struct("dominfo",[ libxl_cpupoolinfo = Struct("cpupoolinfo", [ ("poolid", uint32), + ("pool_name", string), ("sched", libxl_scheduler), ("n_dom", uint32), ("cpumap", libxl_bitmap) @@ -270,11 +272,13 @@ libxl_domain_create_info = Struct("domain_create_info",[ ("hap", libxl_defbool), ("oos", libxl_defbool), ("ssidref", uint32), + ("ssid_label", string), ("name", string), ("uuid", libxl_uuid), ("xsdata", libxl_key_value_list), ("platformdata", libxl_key_value_list), ("poolid", uint32), + ("pool_name", string), ("run_hotplug_scripts",libxl_defbool), ("pvh", libxl_defbool), ("driver_domain",libxl_defbool), @@ -307,6 +311,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ ("shadow_memkb", MemKB), ("rtc_timeoffset", uint32), ("exec_ssidref", uint32), + ("exec_ssid_label", string), ("localtime", libxl_defbool), ("disable_migrate", libxl_defbool), ("cpuid", libxl_cpuid_policy_list), @@ -317,6 +322,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ # if you set device_model you must set device_model_version too ("device_model", string), ("device_model_ssidref", uint32), + ("device_model_ssid_label", string), # extra parameters pass directly to qemu, NULL terminated ("extra", libxl_string_list), diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c index 64a1c777c7..be041f2ac6 100644 --- a/tools/libxl/xl_cmdimpl.c +++ b/tools/libxl/xl_cmdimpl.c @@ -725,35 +725,17 @@ static void parse_config_data(const char *config_source, exit(1); } - if (!xlu_cfg_get_string (config, "init_seclabel", &buf, 0)) { - e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf), - &c_info->ssidref); - if (e) { - if (errno == ENOSYS) { - fprintf(stderr, "XSM Disabled: init_seclabel not supported\n"); - } else { - fprintf(stderr, "Invalid init_seclabel: %s\n", buf); - exit(1); - } - } - } + if (!xlu_cfg_get_string (config, "init_seclabel", &buf, 0)) + xlu_cfg_replace_string(config, "init_seclabel", + &c_info->ssid_label, 0); if (!xlu_cfg_get_string (config, "seclabel", &buf, 0)) { - uint32_t ssidref; - e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf), - &ssidref); - if (e) { - if (errno == ENOSYS) { - fprintf(stderr, "XSM Disabled: seclabel not supported\n"); - } else { - fprintf(stderr, "Invalid seclabel: %s\n", buf); - exit(1); - } - } else if (c_info->ssidref) { - b_info->exec_ssidref = ssidref; - } else { - c_info->ssidref = ssidref; - } + if (c_info->ssid_label) + xlu_cfg_replace_string(config, "seclabel", + &b_info->exec_ssid_label, 0); + else + xlu_cfg_replace_string(config, "seclabel", + &c_info->ssid_label, 0); } libxl_defbool_set(&c_info->run_hotplug_scripts, run_hotplug_scripts); @@ -781,14 +763,8 @@ static void parse_config_data(const char *config_source, xlu_cfg_get_defbool(config, "oos", &c_info->oos, 0); - if (!xlu_cfg_get_string (config, "pool", &buf, 0)) { - c_info->poolid = -1; - libxl_cpupool_qualifier_to_cpupoolid(ctx, buf, &c_info->poolid, NULL); - } - if (!libxl_cpupoolid_is_valid(ctx, c_info->poolid)) { - fprintf(stderr, "Illegal pool specified\n"); - exit(1); - } + if (!xlu_cfg_get_string (config, "pool", &buf, 0)) + xlu_cfg_replace_string(config, "pool", &c_info->pool_name, 0); libxl_domain_build_info_init_type(b_info, c_info->type); if (blkdev_start) @@ -1577,20 +1553,10 @@ skip_vfb: &b_info->device_model_stubdomain, 0); if (!xlu_cfg_get_string (config, "device_model_stubdomain_seclabel", - &buf, 0)) { - e = libxl_flask_context_to_sid(ctx, (char *)buf, strlen(buf), - &b_info->device_model_ssidref); - if (e) { - if (errno == ENOSYS) { - fprintf(stderr, "XSM Disabled:" - " device_model_stubdomain_seclabel not supported\n"); - } else { - fprintf(stderr, "Invalid device_model_stubdomain_seclabel:" - " %s\n", buf); - exit(1); - } - } - } + &buf, 0)) + xlu_cfg_replace_string(config, "device_model_stubdomain_seclabel", + &b_info->device_model_ssid_label, 0); + #define parse_extra_args(type) \ e = xlu_cfg_get_list_as_string_list(config, "device_model_args"#type, \ &b_info->extra##type, 0); \ @@ -3302,15 +3268,8 @@ static void list_domains(int verbose, int context, int claim, int numa, } if (claim) printf(" %5lu", (unsigned long)info[i].outstanding_memkb / 1024); - if (verbose || context) { - int rc; - size_t size; - char *buf = NULL; - rc = libxl_flask_sid_to_context(ctx, info[i].ssidref, &buf, - &size); - printf(" %16s", rc < 0 ? "-" : buf); - free(buf); - } + if (verbose || context) + printf(" %16s", info[i].ssid_label ? : "-"); if (numa) { libxl_domain_get_nodeaffinity(ctx, info[i].domid, &nodemap); @@ -6775,27 +6734,21 @@ int main_cpupoollist(int argc, char **argv) for (p = 0; p < n_pools; p++) { if (!ret && (!pool || (poolinfo[p].poolid == poolid))) { - name = libxl_cpupoolid_to_name(ctx, poolinfo[p].poolid); - if (!name) { - fprintf(stderr, "error getting cpupool info\n"); - ret = -ERROR_NOMEM; - } else { - printf("%-19s", name); - free(name); - n = 0; - libxl_for_each_bit(c, poolinfo[p].cpumap) - if (libxl_bitmap_test(&poolinfo[p].cpumap, c)) { - if (n && opt_cpus) printf(","); - if (opt_cpus) printf("%d", c); - n++; - } - if (!opt_cpus) { - printf("%3d %9s y %4d", n, - libxl_scheduler_to_string(poolinfo[p].sched), - poolinfo[p].n_dom); + name = poolinfo[p].pool_name; + printf("%-19s", name); + n = 0; + libxl_for_each_bit(c, poolinfo[p].cpumap) + if (libxl_bitmap_test(&poolinfo[p].cpumap, c)) { + if (n && opt_cpus) printf(","); + if (opt_cpus) printf("%d", c); + n++; } - printf("\n"); + if (!opt_cpus) { + printf("%3d %9s y %4d", n, + libxl_scheduler_to_string(poolinfo[p].sched), + poolinfo[p].n_dom); } + printf("\n"); } } diff --git a/tools/libxl/xl_sxp.c b/tools/libxl/xl_sxp.c index a16a025c10..48eb608386 100644 --- a/tools/libxl/xl_sxp.c +++ b/tools/libxl/xl_sxp.c @@ -37,7 +37,6 @@ void printf_info_sexp(int domid, libxl_domain_config *d_config) libxl_domain_create_info *c_info = &d_config->c_info; libxl_domain_build_info *b_info = &d_config->b_info; - char *pool; printf("(domain\n\t(domid %d)\n", domid); printf("\t(create_info)\n"); @@ -55,10 +54,8 @@ void printf_info_sexp(int domid, libxl_domain_config *d_config) } else { printf("\t(uuid )\n"); } - pool = libxl_cpupoolid_to_name(ctx, c_info->poolid); - if (pool) - printf("\t(cpupool %s)\n", pool); - free(pool); + if (c_info->pool_name) + printf("\t(cpupool %s)\n", c_info->pool_name); if (c_info->xsdata) printf("\t(xsdata contains data)\n"); else -- 2.39.5