* [PATCH for-4.12 0/4] tools: Internal fd access, etc.
@ 2018-05-14 17:08 Ian Jackson
2018-05-14 17:08 ` [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson
` (3 more replies)
0 siblings, 4 replies; 14+ messages in thread
From: Ian Jackson @ 2018-05-14 17:08 UTC (permalink / raw)
To: xen-devel; +Cc: Wei Liu, Roger Pau Monné
I am working on auditing whether deprvileging qemu has actually
worked. The approach I have chosen is to fish the descriptors out of
qemu (by using debugging facilities), and try to make hypercalls
etc. using them.
To take making a hypercall as an example: this is not easily done
without libxc. So I need to make libxc make a hypercall with a
different fd - actually, a different open-file. I do this by using
dup2 to overwrite libxc's fd with the one stolen from qemu. That
means I need to know libxc's fd number. Hence the middle two patches
in this series.
Also, I drop some obsolete declarations and improve an error message.
I doubt this is 4.11 material. qemu depriv is not covered by support
in 4.11 anyway. In 4.12 I want it to be supported, and, therefore,
tested and audited. If it becomes fully supported there, it might be
worth backporting some of these patches.
Thanks,
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 14+ messages in thread* [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close 2018-05-14 17:08 [PATCH for-4.12 0/4] tools: Internal fd access, etc Ian Jackson @ 2018-05-14 17:08 ` Ian Jackson 2018-05-15 8:37 ` Wei Liu 2018-05-15 8:49 ` Roger Pau Monné 2018-05-14 17:08 ` [PATCH 2/4] libxc: Provide access to internal handles Ian Jackson ` (2 subsequent siblings) 3 siblings, 2 replies; 14+ messages in thread From: Ian Jackson @ 2018-05-14 17:08 UTC (permalink / raw) To: xen-devel; +Cc: Ian Jackson, Wei Liu, Roger Pau Monné These functions are no longer defined or used anywhere. The declarations should have been deleted when the definitions were. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> --- tools/libxc/xc_private.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/tools/libxc/xc_private.h b/tools/libxc/xc_private.h index 03bc9a7..25bae8a 100644 --- a/tools/libxc/xc_private.h +++ b/tools/libxc/xc_private.h @@ -103,9 +103,6 @@ struct xc_interface_core { xendevicemodel_handle *dmod; }; -int osdep_privcmd_open(xc_interface *xch); -int osdep_privcmd_close(xc_interface *xch); - void *osdep_alloc_hypercall_buffer(xc_interface *xch, int npages); void osdep_free_hypercall_buffer(xc_interface *xch, void *ptr, int npages); -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close 2018-05-14 17:08 ` [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson @ 2018-05-15 8:37 ` Wei Liu 2018-05-15 8:49 ` Roger Pau Monné 1 sibling, 0 replies; 14+ messages in thread From: Wei Liu @ 2018-05-15 8:37 UTC (permalink / raw) To: Ian Jackson; +Cc: xen-devel, Wei Liu, Roger Pau Monné On Mon, May 14, 2018 at 06:08:56PM +0100, Ian Jackson wrote: > These functions are no longer defined or used anywhere. The > declarations should have been deleted when the definitions were. > > Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close 2018-05-14 17:08 ` [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson 2018-05-15 8:37 ` Wei Liu @ 2018-05-15 8:49 ` Roger Pau Monné 1 sibling, 0 replies; 14+ messages in thread From: Roger Pau Monné @ 2018-05-15 8:49 UTC (permalink / raw) To: Ian Jackson; +Cc: xen-devel, Wei Liu On Mon, May 14, 2018 at 06:08:56PM +0100, Ian Jackson wrote: > These functions are no longer defined or used anywhere. The > declarations should have been deleted when the definitions were. > > Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Thanks. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 2/4] libxc: Provide access to internal handles 2018-05-14 17:08 [PATCH for-4.12 0/4] tools: Internal fd access, etc Ian Jackson 2018-05-14 17:08 ` [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson @ 2018-05-14 17:08 ` Ian Jackson 2018-05-15 8:37 ` Wei Liu 2018-05-15 8:58 ` Roger Pau Monné 2018-05-14 17:08 ` [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds Ian Jackson 2018-05-14 17:08 ` [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found Ian Jackson 3 siblings, 2 replies; 14+ messages in thread From: Ian Jackson @ 2018-05-14 17:08 UTC (permalink / raw) To: xen-devel; +Cc: Ian Jackson, Wei Liu, Roger Pau Monné In order to support auditing of qemu depriv, my audit tool wants to know the fd of a privcmd handle on which it can easily make hypercalls. xencall provides such a handle, but has no cooked facilities for making hypercalls. So I open a libxc handle. That means I need to get the privcmd fd out of the libxc handle. ISTM that it is best to do this by providing an interface to get the underlying library handles for a libxc handle. This kind of interface is quite common elsewhere and has not caused problems. libxc is not a stable API so the downside risk of providing this access is not significant. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> --- tools/libxc/include/xenctrl.h | 10 ++++++++++ tools/libxc/xc_private.c | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 408fa1c..d7733aa 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -183,6 +183,16 @@ enum xc_open_flags { */ int xc_interface_close(xc_interface *xch); +/** + * Return the handles which xch has opened and will use for + * hypercalls, foreign memory accesses and device model operations. + * These may be used with the corresponding libraries so long as the + * xch itself remains open. + */ +struct xencall_handle *xc_interface_xcall_handle(xc_interface *xch); +struct xenforeignmemory_handle *xc_interface_fmem_handle(xc_interface *xch); +struct xendevicemodel_handle *xc_interface_dmod_handle(xc_interface *xch); + /* * HYPERCALL SAFE MEMORY BUFFER * diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c index fcda981..dbe367f 100644 --- a/tools/libxc/xc_private.c +++ b/tools/libxc/xc_private.c @@ -104,6 +104,11 @@ int xc_interface_close(xc_interface *xch) return rc; } +xencall_handle *xc_interface_xcall_handle(xc_interface *xch) +{ + return xch->xcall; +} + static pthread_key_t errbuf_pkey; static pthread_once_t errbuf_pkey_once = PTHREAD_ONCE_INIT; -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 2/4] libxc: Provide access to internal handles 2018-05-14 17:08 ` [PATCH 2/4] libxc: Provide access to internal handles Ian Jackson @ 2018-05-15 8:37 ` Wei Liu 2018-05-15 8:58 ` Roger Pau Monné 1 sibling, 0 replies; 14+ messages in thread From: Wei Liu @ 2018-05-15 8:37 UTC (permalink / raw) To: Ian Jackson; +Cc: xen-devel, Wei Liu, Roger Pau Monné On Mon, May 14, 2018 at 06:08:57PM +0100, Ian Jackson wrote: > In order to support auditing of qemu depriv, my audit tool wants to > know the fd of a privcmd handle on which it can easily make > hypercalls. xencall provides such a handle, but has no cooked > facilities for making hypercalls. So I open a libxc handle. That > means I need to get the privcmd fd out of the libxc handle. > > ISTM that it is best to do this by providing an interface to get the > underlying library handles for a libxc handle. This kind of interface > is quite common elsewhere and has not caused problems. > > libxc is not a stable API so the downside risk of providing this > access is not significant. > > Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 2/4] libxc: Provide access to internal handles 2018-05-14 17:08 ` [PATCH 2/4] libxc: Provide access to internal handles Ian Jackson 2018-05-15 8:37 ` Wei Liu @ 2018-05-15 8:58 ` Roger Pau Monné 2018-06-11 13:49 ` Ian Jackson 1 sibling, 1 reply; 14+ messages in thread From: Roger Pau Monné @ 2018-05-15 8:58 UTC (permalink / raw) To: Ian Jackson; +Cc: xen-devel, Wei Liu On Mon, May 14, 2018 at 06:08:57PM +0100, Ian Jackson wrote: > In order to support auditing of qemu depriv, my audit tool wants to > know the fd of a privcmd handle on which it can easily make > hypercalls. xencall provides such a handle, but has no cooked > facilities for making hypercalls. So I open a libxc handle. That > means I need to get the privcmd fd out of the libxc handle. > > ISTM that it is best to do this by providing an interface to get the > underlying library handles for a libxc handle. This kind of interface > is quite common elsewhere and has not caused problems. > > libxc is not a stable API so the downside risk of providing this > access is not significant. > > Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> > --- > tools/libxc/include/xenctrl.h | 10 ++++++++++ > tools/libxc/xc_private.c | 5 +++++ > 2 files changed, 15 insertions(+) > > diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h > index 408fa1c..d7733aa 100644 > --- a/tools/libxc/include/xenctrl.h > +++ b/tools/libxc/include/xenctrl.h > @@ -183,6 +183,16 @@ enum xc_open_flags { > */ > int xc_interface_close(xc_interface *xch); > > +/** > + * Return the handles which xch has opened and will use for > + * hypercalls, foreign memory accesses and device model operations. > + * These may be used with the corresponding libraries so long as the > + * xch itself remains open. > + */ > +struct xencall_handle *xc_interface_xcall_handle(xc_interface *xch); > +struct xenforeignmemory_handle *xc_interface_fmem_handle(xc_interface *xch); > +struct xendevicemodel_handle *xc_interface_dmod_handle(xc_interface *xch); You introduce 3 prototypes but there's only one function being defined below. Is this patch missing some chunks or I'm missing something myself? > +xencall_handle *xc_interface_xcall_handle(xc_interface *xch) > +{ > + return xch->xcall; > +} > + > static pthread_key_t errbuf_pkey; > static pthread_once_t errbuf_pkey_once = PTHREAD_ONCE_INIT; Thanks. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 2/4] libxc: Provide access to internal handles 2018-05-15 8:58 ` Roger Pau Monné @ 2018-06-11 13:49 ` Ian Jackson 0 siblings, 0 replies; 14+ messages in thread From: Ian Jackson @ 2018-06-11 13:49 UTC (permalink / raw) To: Roger Pau Monné; +Cc: xen-devel, Wei Liu Roger Pau Monné writes ("Re: [PATCH 2/4] libxc: Provide access to internal handles"): > On Mon, May 14, 2018 at 06:08:57PM +0100, Ian Jackson wrote: > > +struct xencall_handle *xc_interface_xcall_handle(xc_interface *xch); > > +struct xenforeignmemory_handle *xc_interface_fmem_handle(xc_interface *xch); > > +struct xendevicemodel_handle *xc_interface_dmod_handle(xc_interface *xch); > > You introduce 3 prototypes but there's only one function being defined > below. Is this patch missing some chunks or I'm missing something > myself? No. It's just that I only needed one of these functions so I didn't notice that I'd only defined that one... Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds 2018-05-14 17:08 [PATCH for-4.12 0/4] tools: Internal fd access, etc Ian Jackson 2018-05-14 17:08 ` [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson 2018-05-14 17:08 ` [PATCH 2/4] libxc: Provide access to internal handles Ian Jackson @ 2018-05-14 17:08 ` Ian Jackson 2018-05-14 17:18 ` Andrew Cooper 2018-05-14 17:08 ` [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found Ian Jackson 3 siblings, 1 reply; 14+ messages in thread From: Ian Jackson @ 2018-05-14 17:08 UTC (permalink / raw) To: xen-devel; +Cc: Ian Jackson, Wei Liu, Roger Pau Monné I want this to support my qemu depriv descriptor audit tool. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> --- tools/libs/call/core.c | 5 +++++ tools/libs/call/include/xencall.h | 8 ++++++++ tools/libs/call/libxencall.map | 1 + tools/libs/gnttab/gntshr_core.c | 6 ++++++ tools/libs/gnttab/gnttab_core.c | 5 +++++ tools/libs/gnttab/include/xengnttab.h | 17 +++++++++++++++++ tools/libs/gnttab/libxengnttab.map | 2 ++ 7 files changed, 44 insertions(+) diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c index f3a3400..c155bd4 100644 --- a/tools/libs/call/core.c +++ b/tools/libs/call/core.c @@ -81,6 +81,11 @@ int xencall_close(xencall_handle *xcall) return rc; } +int xencall_fd(xencall_handle *xcall) +{ + return xcall->fd; +} + int xencall0(xencall_handle *xcall, unsigned int op) { privcmd_hypercall_t call = { diff --git a/tools/libs/call/include/xencall.h b/tools/libs/call/include/xencall.h index bafacdd..24bcafb 100644 --- a/tools/libs/call/include/xencall.h +++ b/tools/libs/call/include/xencall.h @@ -74,6 +74,14 @@ xencall_handle *xencall_open(struct xentoollog_logger *logger, int xencall_close(xencall_handle *xcall); /* + * Return the fd used internally by xencall. selecting on it is not + * useful. But it could be useful for unusual use cases; perhaps, + * passing to other programs, calling ioctls on directly, or maybe + * calling fcntl. + */ +int xencall_fd(xencall_handle *xcall); + +/* * Call hypercalls with varying numbers of arguments. * * On success the return value of the hypercall is the return value of diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map index 2f96144..299ca38 100644 --- a/tools/libs/call/libxencall.map +++ b/tools/libs/call/libxencall.map @@ -2,6 +2,7 @@ VERS_1.0 { global: xencall_open; xencall_close; + xencall_fd; xencall0; xencall1; diff --git a/tools/libs/gnttab/gntshr_core.c b/tools/libs/gnttab/gntshr_core.c index 7f6bf9d..1117e29 100644 --- a/tools/libs/gnttab/gntshr_core.c +++ b/tools/libs/gnttab/gntshr_core.c @@ -64,6 +64,12 @@ int xengntshr_close(xengntshr_handle *xgs) free(xgs); return rc; } + +int xengntshr_fd(xengntshr_handle *xgs) +{ + return xgs->fd; +} + void *xengntshr_share_pages(xengntshr_handle *xcg, uint32_t domid, int count, uint32_t *refs, int writable) { diff --git a/tools/libs/gnttab/gnttab_core.c b/tools/libs/gnttab/gnttab_core.c index 98f1591..bd075f8 100644 --- a/tools/libs/gnttab/gnttab_core.c +++ b/tools/libs/gnttab/gnttab_core.c @@ -75,6 +75,11 @@ int xengnttab_close(xengnttab_handle *xgt) return rc; } +int xengnttab_fd(xengnttab_handle *xgt) +{ + return xgt->fd; +} + int xengnttab_set_max_grants(xengnttab_handle *xgt, uint32_t count) { return osdep_gnttab_set_max_grants(xgt, count); diff --git a/tools/libs/gnttab/include/xengnttab.h b/tools/libs/gnttab/include/xengnttab.h index 35be6c1..91d4cd5 100644 --- a/tools/libs/gnttab/include/xengnttab.h +++ b/tools/libs/gnttab/include/xengnttab.h @@ -149,6 +149,15 @@ xengnttab_handle *xengnttab_open(struct xentoollog_logger *logger, */ int xengnttab_close(xengnttab_handle *xgt); + +/* + * Return the fd used internally by xengnttab. selecting on it is not + * useful. But it could be useful for unusual use cases; perhaps, + * passing to other programs, calling ioctls on directly, or maybe + * calling fcntl. + */ +int xengnttab_fd(xengnttab_handle *xgt); + /** * Memory maps a grant reference from one domain to a local address range. * Mappings should be unmapped with xengnttab_unmap. Logs errors. @@ -334,6 +343,14 @@ xengntshr_handle *xengntshr_open(struct xentoollog_logger *logger, */ int xengntshr_close(xengntshr_handle *xgs); +/* + * Return the fd used internally by xengntshr. selecting on it is not + * useful. But it could be useful for unusual use cases; perhaps, + * passing to other programs, calling ioctls on directly, or maybe + * calling fcntl. + */ +int xengntshr_fd(xengntshr_handle *xgs); + /** * Allocates and shares pages with another domain. * diff --git a/tools/libs/gnttab/libxengnttab.map b/tools/libs/gnttab/libxengnttab.map index f78da22..ce59ec9 100644 --- a/tools/libs/gnttab/libxengnttab.map +++ b/tools/libs/gnttab/libxengnttab.map @@ -2,6 +2,7 @@ VERS_1.0 { global: xengnttab_open; xengnttab_close; + xengnttab_fd; xengnttab_set_max_grants; @@ -14,6 +15,7 @@ VERS_1.0 { xengntshr_open; xengntshr_close; + xengntshr_fd; xengntshr_share_page_notify; xengntshr_share_pages; -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds 2018-05-14 17:08 ` [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds Ian Jackson @ 2018-05-14 17:18 ` Andrew Cooper 2018-05-15 11:10 ` Ian Jackson 0 siblings, 1 reply; 14+ messages in thread From: Andrew Cooper @ 2018-05-14 17:18 UTC (permalink / raw) To: Ian Jackson, xen-devel; +Cc: Wei Liu, Roger Pau Monné On 14/05/18 18:08, Ian Jackson wrote: > diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map > index 2f96144..299ca38 100644 > --- a/tools/libs/call/libxencall.map > +++ b/tools/libs/call/libxencall.map > @@ -2,6 +2,7 @@ VERS_1.0 { > global: > xencall_open; > xencall_close; > + xencall_fd; > > xencall0; > xencall1; > diff --git a/tools/libs/gnttab/libxengnttab.map b/tools/libs/gnttab/libxengnttab.map > index f78da22..ce59ec9 100644 > --- a/tools/libs/gnttab/libxengnttab.map > +++ b/tools/libs/gnttab/libxengnttab.map > @@ -2,6 +2,7 @@ VERS_1.0 { > global: > xengnttab_open; > xengnttab_close; > + xengnttab_fd; > > xengnttab_set_max_grants; > > @@ -14,6 +15,7 @@ VERS_1.0 { > > xengntshr_open; > xengntshr_close; > + xengntshr_fd; > > xengntshr_share_page_notify; > xengntshr_share_pages; These are ABI breakages. The only modification you can make to the map files is to define a new minor SOversion and introduce the new functions there (although we can accumulate multiple additions to the not-yet-release SOversion in master). ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds 2018-05-14 17:18 ` Andrew Cooper @ 2018-05-15 11:10 ` Ian Jackson 0 siblings, 0 replies; 14+ messages in thread From: Ian Jackson @ 2018-05-15 11:10 UTC (permalink / raw) To: Andrew Cooper; +Cc: xen-devel, Wei Liu, Roger Pau Monné Andrew Cooper writes ("Re: [Xen-devel] [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds"): > These are ABI breakages. Thanks for the review and sorry to miss that. You are right. I have another question, RFC: I have a test C program which links against Xen libraries and does the actual descriptor auditing. Current WIP version attached to give you an idea. Should I submit this for inclusion in xen.git#tools/tests/ ? Or should I put it in osstest and have osstest build it ? I think the former is probably better because then it can be used more widely. This thing is surrounded by two perl scripts, which grobble around in /proc. They contain pathname regexps, some of which are osstest-specific. They also have to grobble around in xenstore to find pids and things. I'm currently unsure as to whether these scripts should be in xen.git or osstest. If they go into xen.git then they will have to take arguments for the osstest-specific supplementary regexps, or something, which seems awkward. So I'm currently thinking I will put them in osstest. Opinions welcome. Ian. /* */ #include <stdlib.h> #include <errno.h> #include <string.h> #include <stdio.h> #include <assert.h> #include <string.h> #include <unistd.h> #include <fcntl.h> #include <err.h> #include <xenctrl.h> #include <xencall.h> #include <xengnttab.h> #include <xenevtchn.h> /* * Every class needs setup. setup is called once per class at program * startup. * * Then it can have * open test getfd close * In which case the core code will for every fd * open test getfd dup2 test close * And test should call blocked or succeeded and then immediately * return, or error out * * Or it can have * check * which should call report, or error out * * Errors: use trouble for simple syscall errors. Or use err or errx * and maybe print fd_desc and test_which, according to the comments * in struct classinfo. */ static xentoollog_logger *logger; static int object_fd; static const char *classname; static const char *fd_desc; static const char *test_which; static const char *test_wh_unrest = "test (unrestricted)"; static const char *test_wh_rest = "test (restricted)"; static void trouble(const char *what) __attribute__((noreturn)); static void trouble(const char *what) { fprintf(stderr, "trouble: %s %s %d (%s) %s: %s\n", classname, test_which, object_fd, fd_desc, what, strerror(errno)); exit(-1); } static void report(const char *pass_or_fail, const char *what, const char *notes) { printf("%s %s %d %s (%s) %s\n", classname, pass_or_fail, object_fd, what, notes, fd_desc); if (ferror(stdout) || fflush(stdout)) err(16,"stdout"); } static void succeeded(const char *what) { if (test_which == test_wh_unrest) { /* ok */ test_which = 0; } else if (test_which == test_wh_rest) { report("fail",what,"unexpectedly succeeded"); test_which = 0; } else { abort(); } } static void blocked(const char *what) { if (test_which == test_wh_rest) { /* yay */ report("pass", what,"blocked"); test_which = 0; } else if (test_which == test_wh_unrest) { err(4,"test blocked on unrestricted fd: %s {%s}",what,test_which); } else { abort(); } } /* privcmd */ static xc_interface *xch; static void setup_privcmd(void) { } static void open_privcmd(void) { xch = xc_interface_open(logger,0,0); if (!xch) trouble("xc_interface_open"); } static void test_privcmd(void) { int r = xc_get_online_cpus(xch); if (r>0) succeeded("xc_get_online_cpus"); else if (r==0) errx(-1,"xc_get_online_cpus{%s, %s}=0", test_which, fd_desc); else if (errno==EPERM) blocked("xc_get_online_cpus"); else trouble("xc_get_online_cpus"); } static int getfd_privcmd(void) { return xencall_fd(xc_interface_xcall_handle(xch)); } static void close_privcmd(void) { xc_interface_close(xch); } /* gntdev */ static xengntshr_handle *xgs; static uint32_t gntshr_gref; static xengnttab_handle *xgt; static void setup_gntdev(void) { void *r; xgs = xengntshr_open(logger,0); if (!xgs) trouble("xengntshr_open"); r = xengntshr_share_pages(xgs, 0, 1, &gntshr_gref, 1); if (!r || r==(void*)-1) trouble("xengntshr_share_pages"); memset(r, 0x55, XC_PAGE_SIZE); } static void open_gntdev(void) { xgt = xengnttab_open(logger,0); if (!xgt) trouble("xengnttab_open"); } static void test_gntdev(void) { char mybuf[XC_PAGE_SIZE]; memset(mybuf, 0xaa, XC_PAGE_SIZE); xengnttab_grant_copy_segment_t seg; seg.source.foreign.ref = gntshr_gref; seg.source.foreign.offset = 0; seg.source.foreign.domid = 0; seg.dest.virt = mybuf; seg.len = 1; seg.flags = GNTCOPY_source_gref; for (;;) { seg.status = 0; int r = xengnttab_grant_copy(xgt,1,&seg); if (r<0) { if (errno==EPERM || errno==ENOTTY) blocked("xengnttab_grant_copy"); else trouble("xengnttab_grant_copy"); } else if (r==0) { if (seg.status==GNTST_okay) succeeded("xengnttab_grant_copy okay"); else if (seg.status==GNTST_eagain) continue; else errx(-1,"xengnttab_grant_copy=%d {%s, %s} but .status=%d", r, test_which, fd_desc,(int)seg.status); } else { errx(-1,"xengnttab_grant_copy=%d {%s, %s}", r, test_which, fd_desc); } break; } } static int getfd_gntdev(void) { return xengnttab_fd(xgt); } static void close_gntdev(void) { xengnttab_close(xgt); } /* evtchn */ static xenevtchn_handle *xce_recip, *xce; static xenevtchn_port_or_error_t evtchn_port; static void setup_evtchn(void) { xce_recip = xenevtchn_open(logger, 0); if (!xce_recip) err(-1,"xenevtchn_open (donor)"); evtchn_port = xenevtchn_bind_unbound_port(xce_recip, 0); if (evtchn_port < 0) trouble("xenevtchn_bind_unbound_port"); } static void open_evtchn(void) { xce = xenevtchn_open(logger, 0); if (!xce) err(-1,"xenevtchn_open"); } static void test_evtchn(void) { /* Ideally xce_recip would be allocated in setup, but the docs are * not clear as to how to free a port obtained from * xenevtchn_bind_unbound_port. Closing the fd must suffice. */ xenevtchn_port_or_error_t r = xenevtchn_notify(xce, evtchn_port); if (r>=0) succeeded("xenevtchn_notify"); else if ((errno==EPERM || errno==ENOTTY)) blocked("xenevtchn_notify"); else trouble("xenevtchn_notify"); } static int getfd_evtchn(void) { return xenevtchn_fd(xce); } static void close_evtchn(void) { xenevtchn_close(xce); } #define CHECK_FCNTL(openmode) \ int r = fcntl(object_fd, F_GETFL); \ if (r < 0) trouble("fcntl F_GETFL"); \ int m = r & (O_RDONLY | O_WRONLY | O_RDWR); \ \ char mbuf[100 + 30*3]; \ snprintf(mbuf,sizeof(mbuf), \ "F_GETFL=%#o m=%#o " #openmode "=%#o", \ r,m,(int)openmode); \ \ if (m != openmode) { \ report("fail", #openmode, mbuf); \ return; \ } static void setup_readonly(void) { } static void check_readonly(void) { CHECK_FCNTL(O_RDONLY); report("pass", "fcntl", mbuf); } static void setup_appendonly(void) { } static void check_appendonly(void) { CHECK_FCNTL(O_WRONLY); if (!(r & O_APPEND)) { report("fail", "O_APPEND", mbuf); return; } report("pass", "fcntl", mbuf); } #define DEFCLASS(cl) \ { #cl, setup_##cl, 0, open_##cl, test_##cl, getfd_##cl, close_##cl } #define DEFCHECK(meth) \ { #meth, setup_##meth, check_##meth } static const struct classinfo { const char *name; /* errors: print fd_desc test_which */ void (*setup)(void); /* best not best not */ void (*check)(void); /* must may */ void (*open)(void); /* must may */ void (*test)(void); /* must must */ int (*getfd)(void); /* must may */ void (*close)(void); /* must may */ } classinfos[] = { DEFCLASS(privcmd), DEFCLASS(gntdev), // DEFCLASS(evtchn), has side effects when it fails! DEFCHECK(readonly), DEFCHECK(appendonly), { 0 } }; int main(int argc, char **argv) { const struct classinfo *cli; int r; argv++; logger = (xentoollog_logger*)xtl_createlogger_stdiostream (stderr, XTL_NOTICE, XTL_STDIOSTREAM_HIDE_PROGRESS); fd_desc = "setup"; test_which = "setup"; for (cli = classinfos; cli->name; cli++) cli->setup(); while ((classname = *argv++)) { if (!*argv) errx(8,"need fd after class"); object_fd = atoi(*argv++); fd_desc = *argv++; if (!fd_desc) errx(8,"need info after fd"); for (cli = classinfos; cli->name; cli++) if (!strcmp(cli->name, classname)) goto found; report("fail","unknown class",""); continue; found: if (cli->check) { report("checking","check","in progress"); test_which = "check"; cli->check(); } else { test_which = "open"; report("checking","dup-hack","in progress"); cli->open(); test_which = test_wh_unrest; cli->test(); assert(!test_which); test_which = "getfd"; int intern_fd = cli->getfd(); r = dup2(object_fd, intern_fd); if (r != intern_fd) err(-1, "dup2"); test_which = test_wh_rest; cli->test(); assert(!test_which); test_which = "close"; cli->close(); } } return 0; } _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found 2018-05-14 17:08 [PATCH for-4.12 0/4] tools: Internal fd access, etc Ian Jackson ` (2 preceding siblings ...) 2018-05-14 17:08 ` [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds Ian Jackson @ 2018-05-14 17:08 ` Ian Jackson 2018-05-15 8:38 ` Wei Liu 2018-05-15 9:02 ` Roger Pau Monné 3 siblings, 2 replies; 14+ messages in thread From: Ian Jackson @ 2018-05-14 17:08 UTC (permalink / raw) To: xen-devel; +Cc: Ian Jackson, Wei Liu, Roger Pau Monné Add mention of LIBXL_QEMU_USER_RANGE_BASE, in case that is what the user was intending. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> --- tools/libxl/libxl_dm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index 18ada69..7289509 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -1699,8 +1699,9 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, } LOGD(ERROR, guest_domid, - "Could not find user %s%d or %s, cannot restrict", - LIBXL_QEMU_USER_BASE, guest_domid, LIBXL_QEMU_USER_SHARED); + "Could not find user %s%d or %s or range base pseudo-user %s, cannot restrict", + LIBXL_QEMU_USER_BASE, guest_domid, LIBXL_QEMU_USER_SHARED, + LIBXL_QEMU_USER_RANGE_BASE); return ERROR_INVAL; end_search: -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found 2018-05-14 17:08 ` [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found Ian Jackson @ 2018-05-15 8:38 ` Wei Liu 2018-05-15 9:02 ` Roger Pau Monné 1 sibling, 0 replies; 14+ messages in thread From: Wei Liu @ 2018-05-15 8:38 UTC (permalink / raw) To: Ian Jackson; +Cc: xen-devel, Wei Liu, Roger Pau Monné On Mon, May 14, 2018 at 06:08:59PM +0100, Ian Jackson wrote: > Add mention of LIBXL_QEMU_USER_RANGE_BASE, in case that is what the > user was intending. > > Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found 2018-05-14 17:08 ` [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found Ian Jackson 2018-05-15 8:38 ` Wei Liu @ 2018-05-15 9:02 ` Roger Pau Monné 1 sibling, 0 replies; 14+ messages in thread From: Roger Pau Monné @ 2018-05-15 9:02 UTC (permalink / raw) To: Ian Jackson; +Cc: xen-devel, Wei Liu On Mon, May 14, 2018 at 06:08:59PM +0100, Ian Jackson wrote: > Add mention of LIBXL_QEMU_USER_RANGE_BASE, in case that is what the > user was intending. > > Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Thanks. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2018-06-11 13:49 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-05-14 17:08 [PATCH for-4.12 0/4] tools: Internal fd access, etc Ian Jackson 2018-05-14 17:08 ` [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson 2018-05-15 8:37 ` Wei Liu 2018-05-15 8:49 ` Roger Pau Monné 2018-05-14 17:08 ` [PATCH 2/4] libxc: Provide access to internal handles Ian Jackson 2018-05-15 8:37 ` Wei Liu 2018-05-15 8:58 ` Roger Pau Monné 2018-06-11 13:49 ` Ian Jackson 2018-05-14 17:08 ` [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds Ian Jackson 2018-05-14 17:18 ` Andrew Cooper 2018-05-15 11:10 ` Ian Jackson 2018-05-14 17:08 ` [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found Ian Jackson 2018-05-15 8:38 ` Wei Liu 2018-05-15 9:02 ` Roger Pau Monné
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).