From: Keir Fraser <keir.xen@gmail.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>, xen-devel@lists.xen.org
Cc: Keir Fraser <keir@xen.org>, Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH RESEND 4/4] xen: rename IS_PRIV to is_hardware_domain
Date: Fri, 03 May 2013 17:00:30 +0100 [thread overview]
Message-ID: <CDA99DAE.24000%keir.xen@gmail.com> (raw)
In-Reply-To: <1367590156-19177-5-git-send-email-dgdegra@tycho.nsa.gov>
On 03/05/2013 15:09, "Daniel De Graaf" <dgdegra@tycho.nsa.gov> wrote:
> Since the remaining uses of IS_PRIV are actually concerned with the
> domain having control of the hardware (i.e. being the initial domain),
> clarify this by renaming IS_PRIV to is_hardware_domain. This also
> removes IS_PRIV_FOR since the only remaining user was xsm/dummy.h.
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release)
> Cc: Keir Fraser <keir@xen.org>
Acked-by: Keir Fraser <keir@xen.org>
> Cc: Jan Beulich <jbeulich@suse.com>
> ---
> xen/arch/x86/domctl.c | 6 +++---
> xen/arch/x86/msi.c | 2 +-
> xen/arch/x86/physdev.c | 4 ++--
> xen/arch/x86/traps.c | 12 ++++++------
> xen/include/xen/sched.h | 12 ++++++++++--
> xen/include/xsm/dummy.h | 32 ++++++++++++++++++++------------
> 6 files changed, 42 insertions(+), 26 deletions(-)
>
> diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
> index 1f16ad2..c2a04c4 100644
> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -661,7 +661,7 @@ long arch_do_domctl(
> while ( i-- )
> clear_mmio_p2m_entry(d, gfn + i);
> if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) &&
> - IS_PRIV(current->domain) )
> + is_hardware_domain(current->domain) )
> printk(XENLOG_ERR
> "memory_map: failed to deny dom%d access to
> [%lx,%lx]\n",
> d->domain_id, mfn, mfn + nr_mfns - 1);
> @@ -680,7 +680,7 @@ long arch_do_domctl(
> ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
> if ( !ret && add )
> ret = -EIO;
> - if ( ret && IS_PRIV(current->domain) )
> + if ( ret && is_hardware_domain(current->domain) )
> printk(XENLOG_ERR
> "memory_map: error %ld %s dom%d access to
> [%lx,%lx]\n",
> ret, add ? "removing" : "denying", d->domain_id,
> @@ -767,7 +767,7 @@ long arch_do_domctl(
> break;
> }
> ret = ioports_deny_access(d, fmp, fmp + np - 1);
> - if ( ret && IS_PRIV(current->domain) )
> + if ( ret && is_hardware_domain(current->domain) )
> printk(XENLOG_ERR
> "ioport_map: error %ld denying dom%d access to
> [%x,%x]\n",
> ret, d->domain_id, fmp, fmp + np - 1);
> diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
> index 36bed29..a2ceea0 100644
> --- a/xen/arch/x86/msi.c
> +++ b/xen/arch/x86/msi.c
> @@ -812,7 +812,7 @@ static int msix_capability_init(struct pci_dev *dev,
> break;
> if ( d )
> {
> - if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id )
> + if ( !is_hardware_domain(d) && dev->msix_warned !=
> d->domain_id )
> {
> dev->msix_warned = d->domain_id;
> printk(XENLOG_ERR
> diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
> index eb8a407..3733c7a 100644
> --- a/xen/arch/x86/physdev.c
> +++ b/xen/arch/x86/physdev.c
> @@ -128,7 +128,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index,
> int *pirq_p,
> irq = domain_pirq_to_irq(current->domain, *index);
> if ( irq <= 0 )
> {
> - if ( IS_PRIV(current->domain) )
> + if ( is_hardware_domain(current->domain) )
> irq = *index;
> else {
> dprintk(XENLOG_G_ERR, "dom%d: map pirq with incorrect
> irq!\n",
> @@ -691,7 +691,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
> arg)
> case PHYSDEVOP_dbgp_op: {
> struct physdev_dbgp_op op;
>
> - if ( !IS_PRIV(v->domain) )
> + if ( !is_hardware_domain(v->domain) )
> ret = -EPERM;
> else if ( copy_from_guest(&op, arg, 1) )
> ret = -EFAULT;
> diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
> index fbbe31d..e0bc60d 100644
> --- a/xen/arch/x86/traps.c
> +++ b/xen/arch/x86/traps.c
> @@ -1303,7 +1303,7 @@ static int fixup_page_fault(unsigned long addr, struct
> cpu_user_regs *regs)
> ptwr_do_page_fault(v, addr, regs) )
> return EXCRET_fault_fixed;
>
> - if ( IS_PRIV(d) && (regs->error_code & PFEC_page_present) &&
> + if ( is_hardware_domain(d) && (regs->error_code & PFEC_page_present)
> &&
> mmio_ro_do_page_fault(v, addr, regs) )
> return EXCRET_fault_fixed;
> }
> @@ -1623,7 +1623,7 @@ static int pci_cfg_ok(struct domain *d, int write, int
> size)
> {
> uint32_t machine_bdf;
> uint16_t start, end;
> - if (!IS_PRIV(d))
> + if (!is_hardware_domain(d))
> return 0;
>
> machine_bdf = (d->arch.pci_cf8 >> 8) & 0xFFFF;
> @@ -2415,7 +2415,7 @@ static int emulate_privileged_op(struct cpu_user_regs
> *regs)
> if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
> boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
> goto fail;
> - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
> + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
> break;
> if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) ||
> (eax != (uint32_t)val) ||
> @@ -2428,7 +2428,7 @@ static int emulate_privileged_op(struct cpu_user_regs
> *regs)
> if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
> boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
> goto fail;
> - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
> + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
> break;
> if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) )
> goto fail;
> @@ -2448,7 +2448,7 @@ static int emulate_privileged_op(struct cpu_user_regs
> *regs)
> case MSR_IA32_UCODE_REV:
> if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
> goto fail;
> - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
> + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
> break;
> if ( rdmsr_safe(regs->ecx, val) )
> goto fail;
> @@ -2484,7 +2484,7 @@ static int emulate_privileged_op(struct cpu_user_regs
> *regs)
> case MSR_IA32_ENERGY_PERF_BIAS:
> if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
> goto fail;
> - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
> + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
> break;
> if ( wrmsr_safe(regs->ecx, msr_content) != 0 )
> goto fail;
> diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
> index cb3baed..5b55c09 100644
> --- a/xen/include/xen/sched.h
> +++ b/xen/include/xen/sched.h
> @@ -716,8 +716,16 @@ uint64_t get_cpu_idle_time(unsigned int cpu);
> void watchdog_domain_init(struct domain *d);
> void watchdog_domain_destroy(struct domain *d);
>
> -#define IS_PRIV(_d) ((_d)->is_privileged)
> -#define IS_PRIV_FOR(_d, _t) (IS_PRIV(_d) || ((_d)->target && (_d)->target ==
> (_t)))
> +/*
> + * Use this check when the following are both true:
> + * - Using this feature or interface requires full access to the hardware
> + * (that is, this is would not be suitable for a driver domain)
> + * - There is never a reason to deny dom0 access to this
> + */
> +#define is_hardware_domain(_d) ((_d)->is_privileged)
> +
> +/* This check is for functionality specific to a control domain */
> +#define is_control_domain(_d) ((_d)->is_privileged)
>
> #define VM_ASSIST(_d,_t) (test_bit((_t), &(_d)->vm_assist))
>
> diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
> index 3912bd9..a872056 100644
> --- a/xen/include/xsm/dummy.h
> +++ b/xen/include/xsm/dummy.h
> @@ -60,17 +60,23 @@ static always_inline int xsm_default_action(
> case XSM_HOOK:
> return 0;
> case XSM_DM_PRIV:
> - if ( !IS_PRIV_FOR(src, target) )
> - return -EPERM;
> - return 0;
> + if ( src->is_privileged )
> + return 0;
> + if ( target && src->target == target )
> + return 0;
> + return -EPERM;
> case XSM_TARGET:
> - if ( src != target && !IS_PRIV_FOR(src, target) )
> - return -EPERM;
> - return 0;
> + if ( src == target )
> + return 0;
> + if ( src->is_privileged )
> + return 0;
> + if ( target && src->target == target )
> + return 0;
> + return -EPERM;
> case XSM_PRIV:
> - if ( !IS_PRIV(src) )
> - return -EPERM;
> - return 0;
> + if ( src->is_privileged )
> + return 0;
> + return -EPERM;
> default:
> LINKER_BUG_ON(1);
> return -EPERM;
> @@ -567,10 +573,12 @@ static XSM_INLINE int
> xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
> static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct
> domain *t,
> struct domain *f, uint32_t flags)
> {
> + int rc;
> XSM_ASSERT_ACTION(XSM_TARGET);
> - if ( t && d != t && !IS_PRIV_FOR(d, t) )
> - return -EPERM;
> - return xsm_default_action(action, d, f);
> + rc = xsm_default_action(action, d, f);
> + if ( t && !rc )
> + rc = xsm_default_action(action, d, t);
> + return rc;
> }
>
> static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct
> domain *f)
prev parent reply other threads:[~2013-05-03 16:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-03 14:09 [PATCH v4 0/4] Rename/remove IS_PRIV Daniel De Graaf
2013-05-03 14:09 ` [PATCH RESEND 1/4] xen/xsm: add hooks for claim Daniel De Graaf
2013-05-03 15:46 ` Konrad Rzeszutek Wilk
2013-05-03 16:29 ` Daniel De Graaf
2013-05-03 16:00 ` Keir Fraser
2013-05-03 14:09 ` [PATCH RESEND 2/4] xen/arm: remove rcu_lock_target_domain_by_id users Daniel De Graaf
2013-05-03 14:26 ` Ian Campbell
2013-05-03 14:09 ` [PATCH RESEND 3/4] xen/common: remove rcu_lock_target_domain_by_id Daniel De Graaf
2013-05-03 16:00 ` Keir Fraser
2013-05-03 14:09 ` [PATCH RESEND 4/4] xen: rename IS_PRIV to is_hardware_domain Daniel De Graaf
2013-05-03 16:00 ` Keir Fraser [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CDA99DAE.24000%keir.xen@gmail.com \
--to=keir.xen@gmail.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.