ia64/xen-unstable
changeset 16081:de68316bd2fa
xend, xsm: Lock domain access while modifying policy.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
| author | Keir Fraser <keir@xensource.com> |
|---|---|
| date | Mon Oct 08 13:43:17 2007 +0100 (2007-10-08) |
| parents | 685054d5fa48 |
| children | a18dbd4a96e6 |
| files | tools/python/xen/util/xsm/acm/acm.py tools/python/xen/xend/XendXSPolicy.py tools/python/xen/xend/XendXSPolicyAdmin.py |
line diff
1.1 --- a/tools/python/xen/util/xsm/acm/acm.py Mon Oct 08 10:57:32 2007 +0100 1.2 +++ b/tools/python/xen/util/xsm/acm/acm.py Mon Oct 08 13:43:17 2007 +0100 1.3 @@ -103,6 +103,13 @@ def mapfile_unlock(): 1.4 __mapfile_lock.release() 1.5 1.6 1.7 +def resfile_lock(): 1.8 + __resfile_lock.acquire() 1.9 + 1.10 +def resfile_unlock(): 1.11 + __resfile_lock.release() 1.12 + 1.13 + 1.14 def refresh_security_policy(): 1.15 """ 1.16 retrieves security policy 1.17 @@ -961,7 +968,7 @@ def resources_compatible_with_vmlabel(xs 1.18 return False 1.19 1.20 try: 1.21 - __resfile_lock.acquire() 1.22 + resfile_lock() 1.23 try: 1.24 access_control = dictio.dict_read("resources", 1.25 res_label_filename) 1.26 @@ -971,7 +978,7 @@ def resources_compatible_with_vmlabel(xs 1.27 return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel, 1.28 access_control) 1.29 finally: 1.30 - __resfile_lock.release() 1.31 + resfile_unlock() 1.32 return False 1.33 1.34 1.35 @@ -1053,7 +1060,7 @@ def set_resource_label(resource, policyt 1.36 return -xsconstants.XSERR_RESOURCE_IN_USE 1.37 1.38 try: 1.39 - __resfile_lock.acquire() 1.40 + resfile_lock() 1.41 access_control = {} 1.42 try: 1.43 access_control = dictio.dict_read("resources", res_label_filename) 1.44 @@ -1075,7 +1082,7 @@ def set_resource_label(resource, policyt 1.45 del access_control[resource] 1.46 dictio.dict_write(access_control, "resources", res_label_filename) 1.47 finally: 1.48 - __resfile_lock.release() 1.49 + resfile_unlock() 1.50 return xsconstants.XSERR_SUCCESS 1.51 1.52 def rm_resource_label(resource, oldlabel_xapi): 1.53 @@ -1158,13 +1165,13 @@ def get_labeled_resources(): 1.54 @return list of labeled resources 1.55 """ 1.56 try: 1.57 - __resfile_lock.acquire() 1.58 + resfile_lock() 1.59 try: 1.60 access_control = dictio.dict_read("resources", res_label_filename) 1.61 except: 1.62 return {} 1.63 finally: 1.64 - __resfile_lock.release() 1.65 + resfile_unlock() 1.66 return access_control 1.67 1.68 1.69 @@ -1213,6 +1220,9 @@ def change_acm_policy(bin_pol, del_array 1.70 - Attempt changes in the hypervisor; if this step fails, 1.71 roll back the relabeling of resources and VMs 1.72 - Make the relabeling of resources and VMs permanent 1.73 + 1.74 + This function should be called with the lock to the domains 1.75 + held (XendDomain.instance().domains_lock) 1.76 """ 1.77 rc = xsconstants.XSERR_SUCCESS 1.78 1.79 @@ -1225,7 +1235,7 @@ def change_acm_policy(bin_pol, del_array 1.80 errors="" 1.81 1.82 try: 1.83 - __resfile_lock.acquire() 1.84 + resfile_lock() 1.85 mapfile_lock() 1.86 1.87 # Get all domains' dominfo. 1.88 @@ -1240,6 +1250,7 @@ def change_acm_policy(bin_pol, del_array 1.89 access_control = dictio.dict_read("resources", res_label_filename) 1.90 except: 1.91 pass 1.92 + 1.93 for key, labeldata in access_control.items(): 1.94 if len(labeldata) == 2: 1.95 policy, label = labeldata 1.96 @@ -1328,7 +1339,7 @@ def change_acm_policy(bin_pol, del_array 1.97 finally: 1.98 log.info("----------------------------------------------") 1.99 mapfile_unlock() 1.100 - __resfile_lock.release() 1.101 + resfile_unlock() 1.102 1.103 return rc, errors 1.104
2.1 --- a/tools/python/xen/xend/XendXSPolicy.py Mon Oct 08 10:57:32 2007 +0100 2.2 +++ b/tools/python/xen/xend/XendXSPolicy.py Mon Oct 08 13:43:17 2007 +0100 2.3 @@ -130,9 +130,7 @@ class XendXSPolicy(XendBase): 2.4 if refs and len(refs) > 0: 2.5 ref = refs[0] 2.6 xspol = XSPolicyAdminInstance().policy_from_ref(ref) 2.7 - try: 2.8 - xspol.grab_lock() 2.9 - 2.10 + if xspol: 2.11 polstate = { 2.12 'xs_ref' : ref, 2.13 'repr' : xspol.toxml(), 2.14 @@ -142,9 +140,6 @@ class XendXSPolicy(XendBase): 2.15 'errors' : "", 2.16 'xserr' : 0, 2.17 } 2.18 - finally: 2.19 - if xspol: 2.20 - xspol.unlock() 2.21 return polstate 2.22 2.23 def rm_xsbootpolicy(self):
3.1 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py Mon Oct 08 10:57:32 2007 +0100 3.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py Mon Oct 08 13:43:17 2007 +0100 3.3 @@ -94,6 +94,15 @@ class XSPolicyAdmin: 3.4 If flags is True, then any existing policy will be removed from 3.5 the system and the new one will be installed 3.6 """ 3.7 + from xen.xend import XendDomain 3.8 + domains = XendDomain.instance() 3.9 + try: 3.10 + domains.domains_lock.acquire() 3.11 + return self.__add_acmpolicy_to_system(xmltext, flags, overwrite) 3.12 + finally: 3.13 + domains.domains_lock.release() 3.14 + 3.15 + def __add_acmpolicy_to_system(self, xmltext, flags, overwrite): 3.16 errors = "" 3.17 loadedpol = self.get_loaded_policy() 3.18 if loadedpol: 3.19 @@ -182,6 +191,15 @@ class XSPolicyAdmin: 3.20 return xsconstants.XSERR_SUCCESS 3.21 3.22 def activate_xspolicy(self, xspol, flags): 3.23 + from xen.xend import XendDomain 3.24 + domains = XendDomain.instance() 3.25 + try: 3.26 + domains.domains_lock.acquire() 3.27 + return self.__activate_xspolicy(xspol, flags) 3.28 + finally: 3.29 + domains.domains_lock.release() 3.30 + 3.31 + def __activate_xspolicy(self, xspol, flags): 3.32 rc = xsconstants.XSERR_SUCCESS 3.33 if flags & xsconstants.XS_INST_LOAD: 3.34 rc = xspol.loadintohv()