[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] [PATCH 4 of 5] CA-36384: [experimental PCI passthrough]: Move the RBAC PCI passthrough permissions check to the function which reads the VM config so that it becomes common to both hotplug and coldplug. Previously the check was only in the hotplug path



# HG changeset patch
# User David Scott <dave.scott@xxxxxxxxxxxxx>
# Date 1263336663 0
# Node ID 7ec163e4ed6c8efd53e3996a2e58abaf0213aec5
# Parent  59cc9bf262f2d433fb86941546c138c66184b510
CA-36384: [experimental PCI passthrough]: Move the RBAC PCI passthrough 
permissions check to the function which reads the VM config so that it becomes 
common to both hotplug and coldplug. Previously the check was only in the 
hotplug path.

Signed-off-by: David Scott <dave.scott@xxxxxxxxxxxxx>

diff -r 59cc9bf262f2 -r 7ec163e4ed6c ocaml/xapi/vmops.ml
--- a/ocaml/xapi/vmops.ml       Tue Jan 12 22:51:02 2010 +0000
+++ b/ocaml/xapi/vmops.ml       Tue Jan 12 22:51:03 2010 +0000
@@ -116,10 +116,13 @@
     ) vifs
 
 let attach_pcis ~__context ~xc ~xs ~hvm domid pcis =
-       List.iter (fun (devid, devs) ->
-               Device.PCI.bind devs;
-               Device.PCI.add ~xc ~xs ~hvm ~msitranslate:0 ~pci_power_mgmt:0 
devs domid devid
-       ) pcis
+  Helpers.log_exn_continue "attach_pcis"
+         (fun () ->
+                  List.iter (fun (devid, devs) ->
+                                                 Device.PCI.bind devs;
+                                                 Device.PCI.add ~xc ~xs ~hvm 
~msitranslate:0 ~pci_power_mgmt:0 devs domid devid
+                                        ) pcis
+         ) ()
 
 (* Called on both VM.start and VM.resume codepaths to create vcpus in xenstore 
*)
 let create_cpus ~xs snapshot domid =
@@ -480,17 +483,18 @@
                if not (List.mem id !ids) then
                        ids := id :: !ids
        ) devs;
-       List.map (fun id ->
-               id, (List.map snd (List.filter (fun (x, _) -> x = id) devs))
-       ) !ids
+       let pcidevs = 
+         List.map (fun id ->
+                                       id, (List.map snd (List.filter (fun (x, 
_) -> x = id) devs))
+                          ) !ids in
+       if pcidevs <> [] 
+       then Rbac.assert_permission ~__context 
~permission:Rbac_static.permission_internal_vm_plug_pcidevs;
+       pcidevs
 
 (* Hotplug the PCI devices into the domain (as opposed to 'attach_pcis') *)
-let plug_pcidevs ~__context ~vm domid =
+let plug_pcidevs ~__context ~vm domid pcidevs =
   Helpers.log_exn_continue "plug_pcidevs"
     (fun () ->
-       Rbac.assert_permission ~__context 
~permission:Rbac_static.permission_internal_vm_plug_pcidevs;
-       let pcidevs = pcidevs_of_vm ~__context ~vm in
-
        if List.length pcidevs > 0 then begin
         (* XXX: PCI passthrough needs a lot of work *)
         Vmopshelpers.with_xc_and_xs
@@ -1000,12 +1004,7 @@
                             progress_cb 0.70;
                             (* XXX: PCI passthrough needs a lot of work *)
                             if not hvm 
-                            then Helpers.log_exn_continue "attaching PCI 
devices"
-                              (fun () ->
-                                 debug "guest is PV: attaching PCI devices to 
domain";
-                                 let pcis = pcidevs_of_vm ~__context ~vm in
-                                 attach_pcis ~__context ~xc ~xs ~hvm domid 
pcis;
-                              ) ();
+                            then attach_pcis ~__context ~xc ~xs ~hvm domid 
(pcidevs_of_vm ~__context ~vm);
 
                             if (Xapi_globs.xenclient_enabled) && (not hvm) && 
(has_platform_flag snapshot.API.vM_platform "pv_qemu") then
 
@@ -1015,7 +1014,7 @@
                             progress_cb 0.80;
                             debug "creating device emulator";
                             let vncport = create_device_emulator ~__context 
~xc ~xs ~self:vm domid vifs snapshot in
-                                if hvm then plug_pcidevs ~__context ~vm domid;
+                                if hvm then plug_pcidevs ~__context ~vm domid 
(pcidevs_of_vm ~__context ~vm);
                             create_console ~__context ~vM:vm ~vncport ();
                             debug "writing memory policy";
                             write_memory_policy ~xs snapshot domid;
diff -r 59cc9bf262f2 -r 7ec163e4ed6c ocaml/xapi/xapi_vm.ml
--- a/ocaml/xapi/xapi_vm.ml     Tue Jan 12 22:51:02 2010 +0000
+++ b/ocaml/xapi/xapi_vm.ml     Tue Jan 12 22:51:03 2010 +0000
@@ -807,7 +807,7 @@
                                                        Vmops.restore 
~__context ~xc ~xs ~self:vm domid;
                                                        Db.VM.set_domid 
~__context ~self:vm
                                                                
~value:(Int64.of_int domid);
-                                                       Vmops.plug_pcidevs 
~__context ~vm domid;
+                                                       Vmops.plug_pcidevs 
~__context ~vm domid (Vmops.pcidevs_of_vm ~__context ~vm);
 
                                                        debug "resume phase 
3/3: %s unpausing domain"
                                                                (if 
start_paused then "not" else "");
diff -r 59cc9bf262f2 -r 7ec163e4ed6c ocaml/xapi/xapi_vm_migrate.ml
--- a/ocaml/xapi/xapi_vm_migrate.ml     Tue Jan 12 22:51:02 2010 +0000
+++ b/ocaml/xapi/xapi_vm_migrate.ml     Tue Jan 12 22:51:03 2010 +0000
@@ -499,7 +499,7 @@
   debug "Receiver 7b. unpausing domain";
   Domain.unpause ~xc domid;
 
-  Vmops.plug_pcidevs ~__context ~vm domid;
+  Vmops.plug_pcidevs ~__context ~vm domid (Vmops.pcidevs_of_vm ~__context ~vm);
 
   Db.VM.set_domid ~__context ~self:vm ~value:(Int64.of_int domid);
   Helpers.call_api_functions ~__context
3 files changed, 19 insertions(+), 20 deletions(-)
ocaml/xapi/vmops.ml           |   35 +++++++++++++++++------------------
ocaml/xapi/xapi_vm.ml         |    2 +-
ocaml/xapi/xapi_vm_migrate.ml |    2 +-


Attachment: xen-api.hg-5.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.