From: Ian Jackson <ian.jackson@eu.citrix.com>
To: xen-devel@lists.xensource.com
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>
Subject: [PATCH 11/26] xentoolcore_restrict_all: "Implement" for libxencall
Date: Mon, 9 Oct 2017 16:57:13 +0100 [thread overview]
Message-ID: <1507564648-7580-12-git-send-email-ian.jackson@eu.citrix.com> (raw)
In-Reply-To: <1507564648-7580-1-git-send-email-ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---
v2: Add a space (coding style)
---
tools/Rules.mk | 2 +-
tools/libs/call/Makefile | 4 ++--
tools/libs/call/core.c | 37 +++++++++++++++++++++++++++++++++++++
tools/libs/call/linux.c | 4 ++++
tools/libs/call/private.h | 2 ++
tools/libs/call/xencall.pc.in | 2 +-
6 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/tools/Rules.mk b/tools/Rules.mk
index 9b2fe36..71037a1 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -119,7 +119,7 @@ LDLIBS_libxengnttab = $(SHDEPS_libxengnttab) $(XEN_LIBXENGNTTAB)/libxengnttab$(l
SHLIB_libxengnttab = $(SHDEPS_libxengnttab) -Wl,-rpath-link=$(XEN_LIBXENGNTTAB)
CFLAGS_libxencall = -I$(XEN_LIBXENCALL)/include $(CFLAGS_xeninclude)
-SHDEPS_libxencall =
+SHDEPS_libxencall = $(SHLIB_libxentoolcore)
LDLIBS_libxencall = $(SHDEPS_libxencall) $(XEN_LIBXENCALL)/libxencall$(libextension)
SHLIB_libxencall = $(SHDEPS_libxencall) -Wl,-rpath-link=$(XEN_LIBXENCALL)
diff --git a/tools/libs/call/Makefile b/tools/libs/call/Makefile
index 1ccd5fd..39dd207 100644
--- a/tools/libs/call/Makefile
+++ b/tools/libs/call/Makefile
@@ -7,7 +7,7 @@ SHLIB_LDFLAGS += -Wl,--version-script=libxencall.map
CFLAGS += -Werror -Wmissing-prototypes
CFLAGS += -I./include $(CFLAGS_xeninclude)
-CFLAGS += $(CFLAGS_libxentoollog)
+CFLAGS += $(CFLAGS_libxentoollog) $(CFLAGS_libxentoolcore)
SRCS-y += core.c buffer.c
SRCS-$(CONFIG_Linux) += linux.c
@@ -62,7 +62,7 @@ libxencall.so.$(MAJOR): libxencall.so.$(MAJOR).$(MINOR)
$(SYMLINK_SHLIB) $< $@
libxencall.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxencall.map
- $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxencall.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
+ $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxencall.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(LDLIBS_libxentoolcore) $(APPEND_LDFLAGS)
.PHONY: install
install: build
diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c
index 5ca0372..8d1b11b 100644
--- a/tools/libs/call/core.c
+++ b/tools/libs/call/core.c
@@ -15,8 +15,41 @@
#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
#include "private.h"
+static int all_restrict_cb(Xentoolcore__Active_Handle *ah, uint32_t domid) {
+ xencall_handle *xcall = CONTAINER_OF(ah, *xcall, tc_ah);
+ int nullfd = -1, r;
+
+ if (xcall->fd < 0)
+ /* just in case */
+ return 0;
+
+ /*
+ * We don't implement a restrict function. We neuter the fd by
+ * dup'ing /dev/null onto it. This is better than closing it,
+ * because it does not involve locking against concurrent uses
+ * of xencall in other threads.
+ */
+ nullfd = open("/dev/null", O_RDONLY);
+ if (nullfd < 0) goto err;
+
+ r = dup2(nullfd, xcall->fd);
+ if (r < 0) goto err;
+
+ close(nullfd);
+ return 0;
+
+err:
+ if (nullfd >= 0) close(nullfd);
+ return -1;
+}
+
xencall_handle *xencall_open(xentoollog_logger *logger, unsigned open_flags)
{
xencall_handle *xcall = malloc(sizeof(*xcall));
@@ -25,6 +58,8 @@ xencall_handle *xencall_open(xentoollog_logger *logger, unsigned open_flags)
if (!xcall) return NULL;
xcall->fd = -1;
+ xcall->tc_ah.restrict_callback = all_restrict_cb;
+ xentoolcore__register_active_handle(&xcall->tc_ah);
xcall->flags = open_flags;
xcall->buffer_cache_nr = 0;
@@ -53,6 +88,7 @@ xencall_handle *xencall_open(xentoollog_logger *logger, unsigned open_flags)
err:
osdep_xencall_close(xcall);
+ xentoolcore__deregister_active_handle(&xcall->tc_ah);
xtl_logger_destroy(xcall->logger_tofree);
free(xcall);
return NULL;
@@ -66,6 +102,7 @@ int xencall_close(xencall_handle *xcall)
return 0;
rc = osdep_xencall_close(xcall);
+ xentoolcore__deregister_active_handle(&xcall->tc_ah);
buffer_release_cache(xcall);
xtl_logger_destroy(xcall->logger_tofree);
free(xcall);
diff --git a/tools/libs/call/linux.c b/tools/libs/call/linux.c
index e8e0311..3f1b691 100644
--- a/tools/libs/call/linux.c
+++ b/tools/libs/call/linux.c
@@ -21,6 +21,10 @@
#include <fcntl.h>
#include <unistd.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <stdio.h>
+
#include <sys/mman.h>
#include <sys/ioctl.h>
diff --git a/tools/libs/call/private.h b/tools/libs/call/private.h
index 37dd15f..533f0c4 100644
--- a/tools/libs/call/private.h
+++ b/tools/libs/call/private.h
@@ -2,6 +2,7 @@
#define XENCALL_PRIVATE_H
#include <xentoollog.h>
+#include <xentoolcore_internal.h>
#include <xencall.h>
@@ -20,6 +21,7 @@ struct xencall_handle {
xentoollog_logger *logger, *logger_tofree;
unsigned flags;
int fd;
+ Xentoolcore__Active_Handle tc_ah;
/*
* A simple cache of unused, single page, hypercall buffers
diff --git a/tools/libs/call/xencall.pc.in b/tools/libs/call/xencall.pc.in
index 475c133..409773e 100644
--- a/tools/libs/call/xencall.pc.in
+++ b/tools/libs/call/xencall.pc.in
@@ -7,4 +7,4 @@ Description: The Xencall library for Xen hypervisor
Version: @@version@@
Cflags: -I${includedir} @@cflagslocal@@
Libs: @@libsflag@@${libdir} -lxencall
-Requires.private: xentoollog
+Requires.private: xentoollog,xentoolcore
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-10-09 15:57 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-09 15:57 [PATCH v2 00/24] Provide some actual restriction of qemu Ian Jackson
2017-10-09 15:57 ` [PATCH 01/26] xen: Provide XEN_DMOP_remote_shutdown Ian Jackson
2017-10-09 15:57 ` [PATCH 02/26] xen: x86 dm_op: add missing newline before XEN_DMOP_inject_msi Ian Jackson
2017-10-09 15:57 ` [PATCH 03/26] tools: libxendevicemodel: Provide xendevicemodel_shutdown Ian Jackson
2017-10-17 15:24 ` Ross Lagerwall
2017-10-17 15:29 ` Ian Jackson
2017-10-17 17:05 ` [PATCH] tools: libxendevicemodel: Restore symbol versions for 1.0 Ian Jackson
2017-10-17 17:06 ` Wei Liu
2017-10-17 17:19 ` Andrew Cooper
2017-10-18 9:54 ` Ian Jackson
2017-10-18 8:59 ` Ross Lagerwall
2017-10-09 15:57 ` [PATCH 04/26] xentoolcore, _restrict_all: Introduce new library and implementation Ian Jackson
2017-10-10 11:45 ` Anthony PERARD
2017-10-10 17:18 ` Ian Jackson
2017-10-09 15:57 ` [PATCH 05/26] xentoolcore: Link into stubdoms Ian Jackson
2017-10-09 15:57 ` [PATCH 06/26] xentoolcore: Link into minios (update MINIOS_UPSTREAM_REVISION) Ian Jackson
2017-10-09 15:57 ` [PATCH 07/26] tools: qemu-xen build: prepare to link against xentoolcore Ian Jackson
2017-10-09 15:57 ` [PATCH 08/26] libxl: #include "xentoolcore_internal.h" Ian Jackson
2017-10-09 15:57 ` [PATCH 09/26] tools: move CONTAINER_OF to xentoolcore_internal.h Ian Jackson
2017-10-09 15:57 ` [PATCH 10/26] xentoolcore_restrict_all: Implement for libxendevicemodel Ian Jackson
2017-10-09 15:57 ` Ian Jackson [this message]
2017-10-09 15:57 ` [PATCH 12/26] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null Ian Jackson
2017-10-09 15:57 ` [PATCH 13/26] xentoolcore_restrict_all: Implement for libxenforeignmemory Ian Jackson
2017-10-09 15:57 ` [PATCH 14/26] xentoolcore_restrict_all: Declare problems due to no evtchn support Ian Jackson
2017-10-09 15:57 ` [PATCH 15/26] xentoolcore_restrict_all: "Implement" for xengnttab Ian Jackson
2017-10-09 15:57 ` [PATCH 16/26] tools/xenstore: get_handle: use "goto err" error handling style Ian Jackson
2017-10-09 15:57 ` [PATCH 17/26] tools/xenstore: get_handle: Allocate struct before opening fd Ian Jackson
2017-10-09 15:57 ` [PATCH 18/26] xentoolcore_restrict_all: "Implement" for xenstore Ian Jackson
2017-10-09 15:57 ` [PATCH 19/26] xentoolcore, _restrict_all: Document implementation "complete" Ian Jackson
2017-10-09 15:57 ` [PATCH 20/26] xl, libxl: Provide dm_restrict Ian Jackson
2017-10-09 15:57 ` [PATCH 21/26] libxl: Rationalise calculation of user to run qemu as Ian Jackson
2017-10-09 15:57 ` [PATCH 22/26] libxl: libxl__dm_runas_helper: return pwd Ian Jackson
2017-10-09 15:57 ` [PATCH 23/26] libxl: userlookup_helper_getpwnam rename and turn into a macro Ian Jackson
2017-10-09 15:57 ` [PATCH 24/26] libxl: dm_restrict: Support uid range user Ian Jackson
2017-10-09 15:57 ` [PATCH 25/26] tools: xentoolcore_restrict_all: use domid_t Ian Jackson
2017-10-09 15:57 ` [PATCH 26/26] xl: Document VGA problems arising from lack of physmap dmop Ian Jackson
2017-10-09 16:11 ` Wei Liu
2017-10-09 16:10 ` [PATCH v2 00/24] Provide some actual restriction of qemu Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1507564648-7580-12-git-send-email-ian.jackson@eu.citrix.com \
--to=ian.jackson@eu.citrix.com \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).