ia64/xen-unstable
changeset 17349:4e2e98c2098e
Clean up handling of IS_PRIV_FOR() and rcu_[un]lock_domain().
In particular this *removes* some IS_PRIV_FOR() checks. *Especially*
in particular, all domctls are executable only by dom0. Several of
them were really unsafe for execution by a stub domain as they can
affect global system resource usage.
This probably breaks stub domains. Where necessary, some of these
reversions can themselves be reverted where they are judged both
necessary and safe.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
In particular this *removes* some IS_PRIV_FOR() checks. *Especially*
in particular, all domctls are executable only by dom0. Several of
them were really unsafe for execution by a stub domain as they can
affect global system resource usage.
This probably breaks stub domains. Where necessary, some of these
reversions can themselves be reverted where they are judged both
necessary and safe.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Fri Mar 28 17:50:10 2008 +0000 (2008-03-28) |
| parents | b5fea3aeb04b |
| children | 6736c28a0d35 |
| files | xen/arch/x86/hvm/hvm.c xen/arch/x86/mm.c xen/common/domain.c xen/common/domctl.c xen/common/event_channel.c xen/common/grant_table.c xen/common/memory.c |
line diff
1.1 --- a/xen/arch/x86/hvm/hvm.c Fri Mar 28 14:12:33 2008 +0000 1.2 +++ b/xen/arch/x86/hvm/hvm.c Fri Mar 28 17:50:10 2008 +0000 1.3 @@ -2160,12 +2160,15 @@ long do_hvm_op(unsigned long op, XEN_GUE 1.4 return -EINVAL; 1.5 1.6 if ( a.domid == DOMID_SELF ) 1.7 + { 1.8 d = rcu_lock_current_domain(); 1.9 - else { 1.10 - d = rcu_lock_domain_by_id(a.domid); 1.11 - if ( d == NULL ) 1.12 + } 1.13 + else 1.14 + { 1.15 + if ( (d = rcu_lock_domain_by_id(a.domid)) == NULL ) 1.16 return -ESRCH; 1.17 - if ( !IS_PRIV_FOR(current->domain, d) ) { 1.18 + if ( !IS_PRIV_FOR(current->domain, d) ) 1.19 + { 1.20 rc = -EPERM; 1.21 goto param_fail; 1.22 }
2.1 --- a/xen/arch/x86/mm.c Fri Mar 28 14:12:33 2008 +0000 2.2 +++ b/xen/arch/x86/mm.c Fri Mar 28 17:50:10 2008 +0000 2.3 @@ -2114,14 +2114,14 @@ static int set_foreigndom(domid_t domid) 2.4 info->foreign = rcu_lock_domain(dom_xen); 2.5 break; 2.6 default: 2.7 - e = rcu_lock_domain_by_id(domid); 2.8 - if ( e == NULL ) 2.9 + if ( (e = rcu_lock_domain_by_id(domid)) == NULL ) 2.10 { 2.11 MEM_LOG("Unknown domain '%u'", domid); 2.12 okay = 0; 2.13 break; 2.14 } 2.15 - if (!IS_PRIV_FOR(d, e)) { 2.16 + if ( !IS_PRIV_FOR(d, e) ) 2.17 + { 2.18 MEM_LOG("Cannot set foreign dom"); 2.19 okay = 0; 2.20 rcu_unlock_domain(e); 2.21 @@ -3259,12 +3259,15 @@ long arch_memory_op(int op, XEN_GUEST_HA 2.22 return -EFAULT; 2.23 2.24 if ( xatp.domid == DOMID_SELF ) 2.25 + { 2.26 d = rcu_lock_current_domain(); 2.27 - else { 2.28 - d = rcu_lock_domain_by_id(xatp.domid); 2.29 - if ( d == NULL ) 2.30 + } 2.31 + else 2.32 + { 2.33 + if ( (d = rcu_lock_domain_by_id(xatp.domid)) == NULL ) 2.34 return -ESRCH; 2.35 - if ( !IS_PRIV_FOR(current->domain, d) ) { 2.36 + if ( !IS_PRIV_FOR(current->domain, d) ) 2.37 + { 2.38 rcu_unlock_domain(d); 2.39 return -EPERM; 2.40 } 2.41 @@ -3355,12 +3358,15 @@ long arch_memory_op(int op, XEN_GUEST_HA 2.42 return -EINVAL; 2.43 2.44 if ( fmap.domid == DOMID_SELF ) 2.45 + { 2.46 d = rcu_lock_current_domain(); 2.47 - else { 2.48 - d = rcu_lock_domain_by_id(fmap.domid); 2.49 - if ( d == NULL ) 2.50 + } 2.51 + else 2.52 + { 2.53 + if ( (d = rcu_lock_domain_by_id(fmap.domid)) == NULL ) 2.54 return -ESRCH; 2.55 - if ( !IS_PRIV_FOR(current->domain, d) ) { 2.56 + if ( !IS_PRIV_FOR(current->domain, d) ) 2.57 + { 2.58 rcu_unlock_domain(d); 2.59 return -EPERM; 2.60 }
3.1 --- a/xen/common/domain.c Fri Mar 28 14:12:33 2008 +0000 3.2 +++ b/xen/common/domain.c Fri Mar 28 17:50:10 2008 +0000 3.3 @@ -522,7 +522,7 @@ static void complete_domain_destroy(stru 3.4 if ( (v = d->vcpu[i]) != NULL ) 3.5 free_vcpu_struct(v); 3.6 3.7 - if (d->target) 3.8 + if ( d->target != NULL ) 3.9 put_domain(d->target); 3.10 3.11 free_domain(d);
4.1 --- a/xen/common/domctl.c Fri Mar 28 14:12:33 2008 +0000 4.2 +++ b/xen/common/domctl.c Fri Mar 28 17:50:10 2008 +0000 4.3 @@ -182,6 +182,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc 4.4 struct xen_domctl curop, *op = &curop; 4.5 static DEFINE_SPINLOCK(domctl_lock); 4.6 4.7 + if ( !IS_PRIV(current->domain) ) 4.8 + return -EPERM; 4.9 + 4.10 if ( copy_from_guest(op, u_domctl, 1) ) 4.11 return -EFAULT; 4.12 4.13 @@ -204,10 +207,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc 4.14 if ( d == NULL ) 4.15 break; 4.16 4.17 - ret = -EPERM; 4.18 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.19 - goto svc_out; 4.20 - 4.21 ret = xsm_setvcpucontext(d); 4.22 if ( ret ) 4.23 goto svc_out; 4.24 @@ -259,10 +258,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc 4.25 ret = -ESRCH; 4.26 if ( d != NULL ) 4.27 { 4.28 - ret = -EPERM; 4.29 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.30 - goto pausedomain_out; 4.31 - 4.32 ret = xsm_pausedomain(d); 4.33 if ( ret ) 4.34 goto pausedomain_out; 4.35 @@ -287,18 +282,16 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc 4.36 if ( d == NULL ) 4.37 break; 4.38 4.39 - ret = -EPERM; 4.40 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.41 - goto unpausedomain_out; 4.42 - 4.43 ret = xsm_unpausedomain(d); 4.44 if ( ret ) 4.45 - goto unpausedomain_out; 4.46 + { 4.47 + rcu_unlock_domain(d); 4.48 + break; 4.49 + } 4.50 4.51 domain_unpause_by_systemcontroller(d); 4.52 + rcu_unlock_domain(d); 4.53 ret = 0; 4.54 -unpausedomain_out: 4.55 - rcu_unlock_domain(d); 4.56 } 4.57 break; 4.58 4.59 @@ -310,18 +303,16 @@ unpausedomain_out: 4.60 if ( d == NULL ) 4.61 break; 4.62 4.63 - ret = -EPERM; 4.64 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.65 - goto resumedomain_out; 4.66 - 4.67 ret = xsm_resumedomain(d); 4.68 if ( ret ) 4.69 - goto resumedomain_out; 4.70 + { 4.71 + rcu_unlock_domain(d); 4.72 + break; 4.73 + } 4.74 4.75 domain_resume(d); 4.76 + rcu_unlock_domain(d); 4.77 ret = 0; 4.78 -resumedomain_out: 4.79 - rcu_unlock_domain(d); 4.80 } 4.81 break; 4.82 4.83 @@ -332,10 +323,6 @@ resumedomain_out: 4.84 static domid_t rover = 0; 4.85 unsigned int domcr_flags; 4.86 4.87 - ret = -EPERM; 4.88 - if ( !IS_PRIV(current->domain) ) 4.89 - break; 4.90 - 4.91 ret = -EINVAL; 4.92 if ( supervisor_mode_kernel || 4.93 (op->u.createdomain.flags & 4.94 @@ -401,13 +388,12 @@ resumedomain_out: 4.95 if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL ) 4.96 break; 4.97 4.98 - ret = -EPERM; 4.99 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.100 - goto maxvcpu_out2; 4.101 - 4.102 ret = xsm_max_vcpus(d); 4.103 if ( ret ) 4.104 - goto maxvcpu_out2; 4.105 + { 4.106 + rcu_unlock_domain(d); 4.107 + break; 4.108 + } 4.109 4.110 /* Needed, for example, to ensure writable p.t. state is synced. */ 4.111 domain_pause(d); 4.112 @@ -435,7 +421,6 @@ resumedomain_out: 4.113 4.114 maxvcpu_out: 4.115 domain_unpause(d); 4.116 - maxvcpu_out2: 4.117 rcu_unlock_domain(d); 4.118 } 4.119 break; 4.120 @@ -446,9 +431,7 @@ resumedomain_out: 4.121 ret = -ESRCH; 4.122 if ( d != NULL ) 4.123 { 4.124 - ret = -EPERM; 4.125 - if ( IS_PRIV_FOR(current->domain, d) ) 4.126 - ret = xsm_destroydomain(d) ? : domain_kill(d); 4.127 + ret = xsm_destroydomain(d) ? : domain_kill(d); 4.128 rcu_unlock_domain(d); 4.129 } 4.130 } 4.131 @@ -466,10 +449,6 @@ resumedomain_out: 4.132 if ( d == NULL ) 4.133 break; 4.134 4.135 - ret = -EPERM; 4.136 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.137 - goto vcpuaffinity_out; 4.138 - 4.139 ret = xsm_vcpuaffinity(op->cmd, d); 4.140 if ( ret ) 4.141 goto vcpuaffinity_out; 4.142 @@ -508,10 +487,6 @@ resumedomain_out: 4.143 if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL ) 4.144 break; 4.145 4.146 - ret = -EPERM; 4.147 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.148 - goto scheduler_op_out; 4.149 - 4.150 ret = xsm_scheduler(d); 4.151 if ( ret ) 4.152 goto scheduler_op_out; 4.153 @@ -533,7 +508,7 @@ resumedomain_out: 4.154 rcu_read_lock(&domlist_read_lock); 4.155 4.156 for_each_domain ( d ) 4.157 - if ( d->domain_id >= dom && IS_PRIV_FOR(current->domain, d)) 4.158 + if ( d->domain_id >= dom ) 4.159 break; 4.160 4.161 if ( d == NULL ) 4.162 @@ -568,10 +543,6 @@ resumedomain_out: 4.163 if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL ) 4.164 break; 4.165 4.166 - ret = -EPERM; 4.167 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.168 - goto getvcpucontext_out; 4.169 - 4.170 ret = xsm_getvcpucontext(d); 4.171 if ( ret ) 4.172 goto getvcpucontext_out; 4.173 @@ -632,10 +603,6 @@ resumedomain_out: 4.174 if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL ) 4.175 break; 4.176 4.177 - ret = -EPERM; 4.178 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.179 - goto getvcpuinfo_out; 4.180 - 4.181 ret = xsm_getvcpuinfo(d); 4.182 if ( ret ) 4.183 goto getvcpuinfo_out; 4.184 @@ -675,10 +642,6 @@ resumedomain_out: 4.185 if ( d == NULL ) 4.186 break; 4.187 4.188 - ret = -EPERM; 4.189 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.190 - goto max_mem_out; 4.191 - 4.192 ret = xsm_setdomainmaxmem(d); 4.193 if ( ret ) 4.194 goto max_mem_out; 4.195 @@ -695,8 +658,6 @@ resumedomain_out: 4.196 d->max_pages = new_max; 4.197 ret = 0; 4.198 } 4.199 - else 4.200 - printk("new max %ld, tot pages %d\n", new_max, d->tot_pages); 4.201 spin_unlock(&d->page_alloc_lock); 4.202 4.203 max_mem_out: 4.204 @@ -713,19 +674,17 @@ resumedomain_out: 4.205 if ( d == NULL ) 4.206 break; 4.207 4.208 - ret = -EPERM; 4.209 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.210 - goto setdomainhandle_out; 4.211 - 4.212 ret = xsm_setdomainhandle(d); 4.213 if ( ret ) 4.214 - goto setdomainhandle_out; 4.215 + { 4.216 + rcu_unlock_domain(d); 4.217 + break; 4.218 + } 4.219 4.220 memcpy(d->handle, op->u.setdomainhandle.handle, 4.221 sizeof(xen_domain_handle_t)); 4.222 + rcu_unlock_domain(d); 4.223 ret = 0; 4.224 -setdomainhandle_out: 4.225 - rcu_unlock_domain(d); 4.226 } 4.227 break; 4.228 4.229 @@ -738,20 +697,18 @@ setdomainhandle_out: 4.230 if ( d == NULL ) 4.231 break; 4.232 4.233 - ret = -EPERM; 4.234 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.235 - goto setdebugging_out; 4.236 - 4.237 ret = xsm_setdebugging(d); 4.238 if ( ret ) 4.239 - goto setdebugging_out; 4.240 + { 4.241 + rcu_unlock_domain(d); 4.242 + break; 4.243 + } 4.244 4.245 domain_pause(d); 4.246 d->debugger_attached = !!op->u.setdebugging.enable; 4.247 domain_unpause(d); /* causes guest to latch new status */ 4.248 + rcu_unlock_domain(d); 4.249 ret = 0; 4.250 -setdebugging_out: 4.251 - rcu_unlock_domain(d); 4.252 } 4.253 break; 4.254 4.255 @@ -769,10 +726,6 @@ setdebugging_out: 4.256 if ( d == NULL ) 4.257 break; 4.258 4.259 - ret = -EPERM; 4.260 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.261 - goto irq_permission_out; 4.262 - 4.263 ret = xsm_irq_permission(d, pirq, op->u.irq_permission.allow_access); 4.264 if ( ret ) 4.265 goto irq_permission_out; 4.266 @@ -802,10 +755,6 @@ setdebugging_out: 4.267 if ( d == NULL ) 4.268 break; 4.269 4.270 - ret = -EPERM; 4.271 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.272 - goto iomem_permission_out; 4.273 - 4.274 ret = xsm_iomem_permission(d, mfn, op->u.iomem_permission.allow_access); 4.275 if ( ret ) 4.276 goto iomem_permission_out; 4.277 @@ -829,19 +778,16 @@ setdebugging_out: 4.278 if ( d == NULL ) 4.279 break; 4.280 4.281 - ret = -EPERM; 4.282 - if ( !IS_PRIV_FOR(current->domain, d) ) 4.283 - goto settimeoffset_out; 4.284 - 4.285 ret = xsm_domain_settime(d); 4.286 if ( ret ) 4.287 - goto settimeoffset_out; 4.288 + { 4.289 + rcu_unlock_domain(d); 4.290 + break; 4.291 + } 4.292 4.293 d->time_offset_seconds = op->u.settimeoffset.time_offset_seconds; 4.294 - 4.295 + rcu_unlock_domain(d); 4.296 ret = 0; 4.297 -settimeoffset_out: 4.298 - rcu_unlock_domain(d); 4.299 } 4.300 break; 4.301 4.302 @@ -854,32 +800,24 @@ settimeoffset_out: 4.303 if ( d == NULL ) 4.304 break; 4.305 4.306 - ret = -EPERM; 4.307 - if (!IS_PRIV_FOR(current->domain, d)) 4.308 - goto set_target_out; 4.309 - 4.310 ret = -ESRCH; 4.311 e = get_domain_by_id(op->u.set_target.target); 4.312 if ( e == NULL ) 4.313 goto set_target_out; 4.314 4.315 - if ( d == e ) { 4.316 - ret = -EINVAL; 4.317 + ret = -EINVAL; 4.318 + if ( (d == e) || (d->target != NULL) ) 4.319 + { 4.320 put_domain(e); 4.321 goto set_target_out; 4.322 } 4.323 4.324 - if (!IS_PRIV_FOR(current->domain, e)) { 4.325 - ret = -EPERM; 4.326 - put_domain(e); 4.327 - goto set_target_out; 4.328 - } 4.329 + /* Hold reference on @e until we destroy @d. */ 4.330 + d->target = e; 4.331 4.332 - d->target = e; 4.333 - /* and we keep the reference on e, released when destroying d */ 4.334 ret = 0; 4.335 4.336 -set_target_out: 4.337 + set_target_out: 4.338 rcu_unlock_domain(d); 4.339 } 4.340 break;
5.1 --- a/xen/common/event_channel.c Fri Mar 28 14:12:33 2008 +0000 5.2 +++ b/xen/common/event_channel.c Fri Mar 28 17:50:10 2008 +0000 5.3 @@ -130,13 +130,17 @@ static long evtchn_alloc_unbound(evtchn_ 5.4 long rc; 5.5 5.6 if ( dom == DOMID_SELF ) 5.7 - d = current->domain; 5.8 - else { 5.9 + { 5.10 + d = rcu_lock_current_domain(); 5.11 + } 5.12 + else 5.13 + { 5.14 if ( (d = rcu_lock_domain_by_id(dom)) == NULL ) 5.15 return -ESRCH; 5.16 - if ( !IS_PRIV_FOR(current->domain, d) ) { 5.17 - rc = -EPERM; 5.18 - goto out2; 5.19 + if ( !IS_PRIV_FOR(current->domain, d) ) 5.20 + { 5.21 + rcu_unlock_domain(d); 5.22 + return -EPERM; 5.23 } 5.24 } 5.25 5.26 @@ -158,8 +162,6 @@ static long evtchn_alloc_unbound(evtchn_ 5.27 5.28 out: 5.29 spin_unlock(&d->evtchn_lock); 5.30 - 5.31 - out2: 5.32 rcu_unlock_domain(d); 5.33 5.34 return rc; 5.35 @@ -201,7 +203,7 @@ static long evtchn_bind_interdomain(evtc 5.36 ERROR_EXIT_DOM(-EINVAL, rd); 5.37 rchn = evtchn_from_port(rd, rport); 5.38 if ( (rchn->state != ECS_UNBOUND) || 5.39 - (rchn->u.unbound.remote_domid != ld->domain_id && !IS_PRIV_FOR(ld, rd))) 5.40 + (rchn->u.unbound.remote_domid != ld->domain_id) ) 5.41 ERROR_EXIT_DOM(-EINVAL, rd); 5.42 5.43 rc = xsm_evtchn_interdomain(ld, lchn, rd, rchn); 5.44 @@ -631,13 +633,17 @@ static long evtchn_status(evtchn_status_ 5.45 long rc = 0; 5.46 5.47 if ( dom == DOMID_SELF ) 5.48 - d = current->domain; 5.49 - else { 5.50 + { 5.51 + d = rcu_lock_current_domain(); 5.52 + } 5.53 + else 5.54 + { 5.55 if ( (d = rcu_lock_domain_by_id(dom)) == NULL ) 5.56 return -ESRCH; 5.57 - if ( !IS_PRIV_FOR(current->domain, d) ) { 5.58 - rc = -EPERM; 5.59 - goto out2; 5.60 + if ( !IS_PRIV_FOR(current->domain, d) ) 5.61 + { 5.62 + rcu_unlock_domain(d); 5.63 + return -EPERM; 5.64 } 5.65 } 5.66 5.67 @@ -690,8 +696,8 @@ static long evtchn_status(evtchn_status_ 5.68 5.69 out: 5.70 spin_unlock(&d->evtchn_lock); 5.71 - out2: 5.72 rcu_unlock_domain(d); 5.73 + 5.74 return rc; 5.75 } 5.76 5.77 @@ -742,6 +748,7 @@ long evtchn_bind_vcpu(unsigned int port, 5.78 5.79 out: 5.80 spin_unlock(&d->evtchn_lock); 5.81 + 5.82 return rc; 5.83 } 5.84 5.85 @@ -784,15 +791,18 @@ static long evtchn_reset(evtchn_reset_t 5.86 { 5.87 domid_t dom = r->dom; 5.88 struct domain *d; 5.89 - int i; 5.90 - int rc; 5.91 + int i, rc; 5.92 5.93 if ( dom == DOMID_SELF ) 5.94 - d = current->domain; 5.95 - else { 5.96 + { 5.97 + d = rcu_lock_current_domain(); 5.98 + } 5.99 + else 5.100 + { 5.101 if ( (d = rcu_lock_domain_by_id(dom)) == NULL ) 5.102 return -ESRCH; 5.103 - if ( !IS_PRIV_FOR(current->domain, d) ) { 5.104 + if ( !IS_PRIV_FOR(current->domain, d) ) 5.105 + { 5.106 rc = -EPERM; 5.107 goto out; 5.108 } 5.109 @@ -806,6 +816,7 @@ static long evtchn_reset(evtchn_reset_t 5.110 (void)__evtchn_close(d, i); 5.111 5.112 rc = 0; 5.113 + 5.114 out: 5.115 rcu_unlock_domain(d); 5.116
6.1 --- a/xen/common/grant_table.c Fri Mar 28 14:12:33 2008 +0000 6.2 +++ b/xen/common/grant_table.c Fri Mar 28 17:50:10 2008 +0000 6.3 @@ -828,32 +828,34 @@ gnttab_setup_table( 6.4 " per domain.\n", 6.5 max_nr_grant_frames); 6.6 op.status = GNTST_general_error; 6.7 - goto out; 6.8 + goto out1; 6.9 } 6.10 6.11 dom = op.dom; 6.12 if ( dom == DOMID_SELF ) 6.13 { 6.14 - d = current->domain; 6.15 + d = rcu_lock_current_domain(); 6.16 } 6.17 - else { 6.18 + else 6.19 + { 6.20 if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) ) 6.21 { 6.22 gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom); 6.23 op.status = GNTST_bad_domain; 6.24 - goto out; 6.25 + goto out1; 6.26 } 6.27 - if ( unlikely(!IS_PRIV_FOR(current->domain, d)) ) { 6.28 + 6.29 + if ( unlikely(!IS_PRIV_FOR(current->domain, d)) ) 6.30 + { 6.31 op.status = GNTST_permission_denied; 6.32 - goto setup_unlock_out2; 6.33 + goto out2; 6.34 } 6.35 } 6.36 6.37 if ( xsm_grant_setup(current->domain, d) ) 6.38 { 6.39 - rcu_unlock_domain(d); 6.40 op.status = GNTST_permission_denied; 6.41 - goto out; 6.42 + goto out2; 6.43 } 6.44 6.45 spin_lock(&d->grant_table->lock); 6.46 @@ -867,7 +869,7 @@ gnttab_setup_table( 6.47 nr_grant_frames(d->grant_table), 6.48 max_nr_grant_frames); 6.49 op.status = GNTST_general_error; 6.50 - goto setup_unlock_out; 6.51 + goto out3; 6.52 } 6.53 6.54 op.status = GNTST_okay; 6.55 @@ -877,13 +879,11 @@ gnttab_setup_table( 6.56 (void)copy_to_guest_offset(op.frame_list, i, &gmfn, 1); 6.57 } 6.58 6.59 - setup_unlock_out: 6.60 + out3: 6.61 spin_unlock(&d->grant_table->lock); 6.62 - 6.63 - setup_unlock_out2: 6.64 + out2: 6.65 rcu_unlock_domain(d); 6.66 - 6.67 - out: 6.68 + out1: 6.69 if ( unlikely(copy_to_guest(uop, &op, 1)) ) 6.70 return -EFAULT; 6.71 6.72 @@ -911,16 +911,19 @@ gnttab_query_size( 6.73 dom = op.dom; 6.74 if ( dom == DOMID_SELF ) 6.75 { 6.76 - d = current->domain; 6.77 + d = rcu_lock_current_domain(); 6.78 } 6.79 - else { 6.80 + else 6.81 + { 6.82 if ( unlikely((d = rcu_lock_domain_by_id(dom)) == NULL) ) 6.83 { 6.84 gdprintk(XENLOG_INFO, "Bad domid %d.\n", dom); 6.85 op.status = GNTST_bad_domain; 6.86 goto query_out; 6.87 } 6.88 - if ( unlikely(!IS_PRIV_FOR(current->domain, d)) ) { 6.89 + 6.90 + if ( unlikely(!IS_PRIV_FOR(current->domain, d)) ) 6.91 + { 6.92 op.status = GNTST_permission_denied; 6.93 goto query_out_unlock; 6.94 }
7.1 --- a/xen/common/memory.c Fri Mar 28 14:12:33 2008 +0000 7.2 +++ b/xen/common/memory.c Fri Mar 28 17:50:10 2008 +0000 7.3 @@ -232,12 +232,15 @@ static long translate_gpfn_list( 7.4 return -EFAULT; 7.5 7.6 if ( op.domid == DOMID_SELF ) 7.7 - d = current->domain; 7.8 - else { 7.9 - d = rcu_lock_domain_by_id(op.domid); 7.10 - if ( d == NULL ) 7.11 + { 7.12 + d = rcu_lock_current_domain(); 7.13 + } 7.14 + else 7.15 + { 7.16 + if ( (d = rcu_lock_domain_by_id(op.domid)) == NULL ) 7.17 return -ESRCH; 7.18 - if ( !IS_PRIV_FOR(current->domain, d) ) { 7.19 + if ( !IS_PRIV_FOR(current->domain, d) ) 7.20 + { 7.21 rcu_unlock_domain(d); 7.22 return -EPERM; 7.23 } 7.24 @@ -539,12 +542,15 @@ long do_memory_op(unsigned long cmd, XEN 7.25 } 7.26 7.27 if ( likely(reservation.domid == DOMID_SELF) ) 7.28 - d = current->domain; 7.29 - else { 7.30 - d = rcu_lock_domain_by_id(reservation.domid); 7.31 - if ( d == NULL) 7.32 + { 7.33 + d = rcu_lock_current_domain(); 7.34 + } 7.35 + else 7.36 + { 7.37 + if ( (d = rcu_lock_domain_by_id(reservation.domid)) == NULL ) 7.38 return start_extent; 7.39 - if ( !IS_PRIV_FOR(current->domain, d) ) { 7.40 + if ( !IS_PRIV_FOR(current->domain, d) ) 7.41 + { 7.42 rcu_unlock_domain(d); 7.43 return start_extent; 7.44 } 7.45 @@ -554,8 +560,7 @@ long do_memory_op(unsigned long cmd, XEN 7.46 rc = xsm_memory_adjust_reservation(current->domain, d); 7.47 if ( rc ) 7.48 { 7.49 - if ( reservation.domid != DOMID_SELF ) 7.50 - rcu_unlock_domain(d); 7.51 + rcu_unlock_domain(d); 7.52 return rc; 7.53 } 7.54 7.55 @@ -572,8 +577,7 @@ long do_memory_op(unsigned long cmd, XEN 7.56 break; 7.57 } 7.58 7.59 - if ( unlikely(reservation.domid != DOMID_SELF) ) 7.60 - rcu_unlock_domain(d); 7.61 + rcu_unlock_domain(d); 7.62 7.63 rc = args.nr_done; 7.64 7.65 @@ -599,12 +603,15 @@ long do_memory_op(unsigned long cmd, XEN 7.66 return -EFAULT; 7.67 7.68 if ( likely(domid == DOMID_SELF) ) 7.69 - d = current->domain; 7.70 - else { 7.71 - d = rcu_lock_domain_by_id(domid); 7.72 - if ( d == NULL ) 7.73 + { 7.74 + d = rcu_lock_current_domain(); 7.75 + } 7.76 + else 7.77 + { 7.78 + if ( (d = rcu_lock_domain_by_id(domid)) == NULL ) 7.79 return -ESRCH; 7.80 - if ( !IS_PRIV_FOR(current->domain, d) ) { 7.81 + if ( !IS_PRIV_FOR(current->domain, d) ) 7.82 + { 7.83 rcu_unlock_domain(d); 7.84 return -EPERM; 7.85 } 7.86 @@ -613,8 +620,7 @@ long do_memory_op(unsigned long cmd, XEN 7.87 rc = xsm_memory_stat_reservation(current->domain, d); 7.88 if ( rc ) 7.89 { 7.90 - if ( domid != DOMID_SELF ) 7.91 - rcu_unlock_domain(d); 7.92 + rcu_unlock_domain(d); 7.93 return rc; 7.94 } 7.95 7.96 @@ -632,8 +638,7 @@ long do_memory_op(unsigned long cmd, XEN 7.97 break; 7.98 } 7.99 7.100 - if ( unlikely(domid != DOMID_SELF) ) 7.101 - rcu_unlock_domain(d); 7.102 + rcu_unlock_domain(d); 7.103 7.104 break; 7.105