From: Samuel Thibault <samuel.thibault@eu.citrix.com>
To: xen-devel@lists.xensource.com
Subject: [PATCH] New XS_SET_TARGET
Date: Wed, 23 Jan 2008 12:06:12 +0000 [thread overview]
Message-ID: <20080123120612.GB5188@implementation.uk.xensource.com> (raw)
New XS_SET_TARGET
Stubdomains (and probably other domain disagregation elements too) need
to be able to tinker with another domain. This adds XS_SET_TARGET so
that XenStore allows domains to have permissions on files on which the
"target" has permissions. This also adds xs_set_target, called by the
domain builder when the 'target' option is used in the configuration.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
---
This patch depends on the previous "New XEN_DOMCTL_set_target and
IS_PRIV_FOR" patch.
diff -u b/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py
--- b/tools/python/xen/xend/XendDomainInfo.py Wed Jan 23 11:36:15 2008 +0000
+++ b/tools/python/xen/xend/XendDomainInfo.py Wed Jan 23 11:36:15 2008 +0000
@@ -47,7 +47,7 @@
from xen.xend.XendDevices import XendDevices
from xen.xend.XendTask import XendTask
from xen.xend.xenstore.xstransact import xstransact, complete
-from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain, ResumeDomain
+from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain, SetTarget, ResumeDomain
from xen.xend.xenstore.xswatch import xswatch
from xen.xend.XendConstants import *
from xen.xend.XendAPIConstants import *
@@ -883,6 +883,9 @@
def storeVm(self, *args):
return xstransact.Store(self.vmpath, *args)
+ def permissionsVm(self, *args):
+ return xstransact.SetPermissions(self.vmpath, *args)
+
def _readVmTxn(self, transaction, *args):
paths = map(lambda x: self.vmpath + "/" + x, args)
@@ -905,4 +908,8 @@
return transaction.store(*paths)
+ def permissionsVmTxn(self, transaction, *args):
+ paths = map(lambda x: self.vmpath + "/" + x, args)
+ return transaction.set_permissions(*paths)
+
#
# Function to update xenstore /dom/*
@@ -1694,0 +1702,9 @@
+ def _setTarget(self, target):
+ assert self.domid is not None
+
+ try:
+ SetTarget(self.domid, target)
+ self.storeDom('target', target)
+ except RuntimeError, exn:
+ raise XendError(str(exn))
+
@@ -1756,6 +1772,8 @@
self.native_protocol = channel_details['native_protocol'];
self._introduceDomain()
+ if self.info.target():
+ self._setTarget(self.info.target())
self._createDevices()
--- a/tools/python/xen/lowlevel/xs/xs.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/python/xen/lowlevel/xs/xs.c Wed Jan 23 11:36:15 2008 +0000
@@ -619,6 +619,36 @@
return none(result);
}
+#define xspy_set_target_doc "\n" \
+ "Tell xenstore that a domain is targetting another one so it\n" \
+ "should let it tinker with it.\n" \
+ " dom [int] : domain id\n" \
+ " target [int] : domain id of the target\n" \
+ "\n" \
+ "Returns None on success.\n" \
+ "Raises xen.lowlevel.xs.Error on error.\n" \
+ "\n"
+
+static PyObject *xspy_set_target(XsHandle *self, PyObject *args)
+{
+ uint32_t dom;
+ uint32_t target;
+
+ struct xs_handle *xh = xshandle(self);
+ bool result = 0;
+
+ if (!xh)
+ return NULL;
+ if (!PyArg_ParseTuple(args, "ii", &dom, &target))
+ return NULL;
+
+ Py_BEGIN_ALLOW_THREADS
+ result = xs_set_target(xh, dom, target);
+ Py_END_ALLOW_THREADS
+
+ return none(result);
+}
+
#define xspy_resume_domain_doc "\n" \
"Tell xenstore to clear its shutdown flag for a domain.\n" \
"This ensures that a subsequent shutdown will fire the\n" \
@@ -817,6 +847,7 @@
XSPY_METH(transaction_start, METH_NOARGS),
XSPY_METH(transaction_end, METH_VARARGS | METH_KEYWORDS),
XSPY_METH(introduce_domain, METH_VARARGS),
+ XSPY_METH(set_target, METH_VARARGS),
XSPY_METH(resume_domain, METH_VARARGS),
XSPY_METH(release_domain, METH_VARARGS),
XSPY_METH(close, METH_NOARGS),
--- a/tools/python/xen/xend/image.py Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/python/xen/xend/image.py Wed Jan 23 11:36:15 2008 +0000
@@ -222,6 +222,7 @@
vncopts = ""
if passwd:
self.vm.storeVm("vncpasswd", passwd)
+ self.vm.permissionsVm("vncpasswd", { 'dom': self.vm.getDomid(), 'read': True } )
vncopts = vncopts + ",password"
log.debug("Stored a VNC password for vfb access")
else:
@@ -280,6 +281,9 @@
env['XAUTHORITY'] = self.xauthority
if self.vncconsole:
args = args + ([ "-vncviewer" ])
+ xstransact.Mkdir("/local/domain/0/device-model/%i" % self.vm.getDomid())
+ xstransact.SetPermissions("/local/domain/0/device-model/%i" % self.vm.getDomid(),
+ { 'dom': self.vm.getDomid(), 'read': True, 'write': True })
log.info("spawning device models: %s %s", self.device_model, args)
# keep track of pid and spawned options to kill it later
self.pid = os.spawnve(os.P_NOWAIT, self.device_model, args, env)
@@ -422,7 +426,9 @@
self.vm.storeVm(("image/dmargs", " ".join(self.dmargs)),
("image/device-model", self.device_model),
("image/display", self.display))
+ self.vm.permissionsVm("image/dmargs", { 'dom': self.vm.getDomid(), 'read': True } )
self.vm.storeVm(("rtc/timeoffset", rtc_timeoffset))
+ self.vm.permissionsVm("rtc/timeoffset", { 'dom': self.vm.getDomid(), 'read': True } )
self.apic = int(vmConfig['platform'].get('apic', 0))
self.acpi = int(vmConfig['platform'].get('acpi', 0))
only in patch2:
--- a/tools/python/xen/xend/xenstore/xsutil.py Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/python/xen/xend/xenstore/xsutil.py Wed Jan 23 11:36:15 2008 +0000
@@ -22,6 +22,9 @@
def IntroduceDomain(domid, page, port):
return xshandle().introduce_domain(domid, page, port)
+def SetTarget(domid, target):
+ return xshandle().set_target(domid, target)
+
def GetDomainPath(domid):
return xshandle().get_domain_path(domid)
--- a/tools/xenstore/xenstored_core.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_core.c Wed Jan 23 11:36:15 2008 +0000
@@ -119,6 +119,7 @@
case XS_ERROR: return "ERROR";
case XS_IS_DOMAIN_INTRODUCED: return "XS_IS_DOMAIN_INTRODUCED";
case XS_RESUME: return "RESUME";
+ case XS_SET_TARGET: return "SET_TARGET";
default:
return "**UNKNOWN**";
}
@@ -283,6 +284,8 @@
break;
close(conn->fd);
}
+ if (conn->target)
+ talloc_unlink(conn, conn->target);
list_del(&conn->list);
trace_destroy(conn, "connection");
return 0;
@@ -472,11 +475,13 @@
mask &= ~XS_PERM_WRITE;
/* Owners and tools get it all... */
- if (!conn->id || perms[0].id == conn->id)
+ if (!conn->id || perms[0].id == conn->id
+ || (conn->target && perms[0].id == conn->target->id))
return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
for (i = 1; i < num; i++)
- if (perms[i].id == conn->id)
+ if (perms[i].id == conn->id
+ || (conn->target && perms[i].id == conn->target->id))
return perms[i].perms & mask;
return perms[0].perms & mask;
@@ -1245,6 +1250,10 @@
do_resume(conn, onearg(in));
break;
+ case XS_SET_TARGET:
+ do_set_target(conn, in);
+ break;
+
default:
eprintf("Client unknown operation %i", in->hdr.msg.type);
send_error(conn, ENOSYS);
--- a/tools/xenstore/xenstored_core.h Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_core.h Wed Jan 23 11:36:15 2008 +0000
@@ -84,6 +84,9 @@
/* The domain I'm associated with, if any. */
struct domain *domain;
+ /* The target of the domain I'm associated with. */
+ struct connection *target;
+
/* My watches. */
struct list_head watches;
--- a/tools/xenstore/xenstored_domain.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_domain.c Wed Jan 23 11:36:15 2008 +0000
@@ -379,6 +379,51 @@
domain_conn_reset(domain);
send_ack(conn, XS_INTRODUCE);
+}
+
+void do_set_target(struct connection *conn, struct buffered_data *in)
+{
+ char *vec[2];
+ unsigned int domid, tdomid;
+ struct domain *domain, *tdomain;
+ if (get_strings(in, vec, ARRAY_SIZE(vec)) < ARRAY_SIZE(vec)) {
+ send_error(conn, EINVAL);
+ return;
+ }
+
+ if (conn->id != 0 || !conn->can_write) {
+ send_error(conn, EACCES);
+ return;
+ }
+
+ domid = atoi(vec[0]);
+ tdomid = atoi(vec[1]);
+
+ domain = find_domain_by_domid(domid);
+ if (!domain) {
+ send_error(conn, ENOENT);
+ return;
+ }
+ if (!domain->conn) {
+ send_error(conn, EINVAL);
+ return;
+ }
+
+ tdomain = find_domain_by_domid(tdomid);
+ if (!tdomain) {
+ send_error(conn, ENOENT);
+ return;
+ }
+
+ if (!tdomain->conn) {
+ send_error(conn, EINVAL);
+ return;
+ }
+
+ talloc_reference(domain->conn, tdomain->conn);
+ domain->conn->target = tdomain->conn;
+
+ send_ack(conn, XS_SET_TARGET);
}
/* domid */
--- a/tools/xenstore/xenstored_domain.h Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_domain.h Wed Jan 23 11:36:15 2008 +0000
@@ -34,6 +34,9 @@
/* domid */
void do_resume(struct connection *conn, const char *domid_str);
+/* domid, target */
+void do_set_target(struct connection *conn, struct buffered_data *in);
+
/* domid */
void do_get_domain_path(struct connection *conn, const char *domid_str);
--- a/tools/xenstore/xs.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xs.c Wed Jan 23 11:36:15 2008 +0000
@@ -708,6 +708,25 @@
ARRAY_SIZE(iov), NULL));
}
+bool xs_set_target(struct xs_handle *h,
+ unsigned int domid, unsigned int target)
+{
+ char domid_str[MAX_STRLEN(domid)];
+ char target_str[MAX_STRLEN(target)];
+ struct iovec iov[2];
+
+ snprintf(domid_str, sizeof(domid_str), "%u", domid);
+ snprintf(target_str, sizeof(target_str), "%u", target);
+
+ iov[0].iov_base = domid_str;
+ iov[0].iov_len = strlen(domid_str) + 1;
+ iov[1].iov_base = target_str;
+ iov[1].iov_len = strlen(target_str) + 1;
+
+ return xs_bool(xs_talkv(h, XBT_NULL, XS_SET_TARGET, iov,
+ ARRAY_SIZE(iov), NULL));
+}
+
static void * single_with_domid(struct xs_handle *h,
enum xsd_sockmsg_type type,
unsigned int domid)
--- a/tools/xenstore/xs.h Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xs.h Wed Jan 23 11:36:15 2008 +0000
@@ -132,6 +132,15 @@
unsigned int domid,
unsigned long mfn,
unsigned int eventchn);
+
+/* Set the target of a domain
+ * This tells the store daemon that a domain is targetting another one, so
+ * it should let it tinker with it.
+ */
+bool xs_set_target(struct xs_handle *h,
+ unsigned int domid,
+ unsigned int target);
+
/* Resume a domain.
* Clear the shutdown flag for this domain in the store.
*/
--- a/xen/include/public/io/xs_wire.h Wed Jan 23 11:21:35 2008 +0000
+++ b/xen/include/public/io/xs_wire.h Wed Jan 23 11:36:15 2008 +0000
@@ -46,7 +46,8 @@
XS_WATCH_EVENT,
XS_ERROR,
XS_IS_DOMAIN_INTRODUCED,
- XS_RESUME
+ XS_RESUME,
+ XS_SET_TARGET
};
#define XS_WRITE_NONE "NONE"
next reply other threads:[~2008-01-23 12:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-23 12:06 Samuel Thibault [this message]
2008-01-23 11:55 ` [PATCH] New XEN_DOMCTL_set_target and IS_PRIV_FOR Samuel Thibault
2008-01-23 14:28 ` John Levon
2008-01-23 14:36 ` Samuel Thibault
2008-01-23 14:29 ` [PATCH] New XS_SET_TARGET John Levon
2008-01-23 14:36 ` Keir Fraser
2008-01-23 14:42 ` John Levon
2008-01-23 14:46 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080123120612.GB5188@implementation.uk.xensource.com \
--to=samuel.thibault@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.