|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 6/9] xen: rename IS_PRIV to is_hardware_domain
Since the remaining uses of IS_PRIV are actually concerned with the
domain having control of the hardware (i.e. being the initial domain),
clarify this by renaming IS_PRIV to is_hardware_domain. This also
removes IS_PRIV_FOR since the only remaining user was xsm/dummy.h.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/domctl.c | 6 +++---
xen/arch/x86/msi.c | 2 +-
xen/arch/x86/physdev.c | 4 ++--
xen/arch/x86/traps.c | 12 ++++++------
xen/include/xen/sched.h | 9 +++++++--
xen/include/xsm/dummy.h | 32 ++++++++++++++++++++------------
6 files changed, 39 insertions(+), 26 deletions(-)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 327a792..ed51106 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -662,7 +662,7 @@ long arch_do_domctl(
while ( i-- )
clear_mmio_p2m_entry(d, gfn + i);
if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) &&
- IS_PRIV(current->domain) )
+ is_hardware_domain(current->domain) )
printk(XENLOG_ERR
"memory_map: failed to deny dom%d access to
[%lx,%lx]\n",
d->domain_id, mfn, mfn + nr_mfns - 1);
@@ -681,7 +681,7 @@ long arch_do_domctl(
ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
if ( !ret && add )
ret = -EIO;
- if ( ret && IS_PRIV(current->domain) )
+ if ( ret && is_hardware_domain(current->domain) )
printk(XENLOG_ERR
"memory_map: error %ld %s dom%d access to [%lx,%lx]\n",
ret, add ? "removing" : "denying", d->domain_id,
@@ -768,7 +768,7 @@ long arch_do_domctl(
break;
}
ret = ioports_deny_access(d, fmp, fmp + np - 1);
- if ( ret && IS_PRIV(current->domain) )
+ if ( ret && is_hardware_domain(current->domain) )
printk(XENLOG_ERR
"ioport_map: error %ld denying dom%d access to
[%x,%x]\n",
ret, d->domain_id, fmp, fmp + np - 1);
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index 6cc8f7a..4059b32 100644
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -810,7 +810,7 @@ static int msix_capability_init(struct pci_dev *dev,
break;
if ( d )
{
- if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id )
+ if ( !is_hardware_domain(d) && dev->msix_warned !=
d->domain_id )
{
dev->msix_warned = d->domain_id;
printk(XENLOG_ERR
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 876ac9d..226905d 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -128,7 +128,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index,
int *pirq_p,
irq = domain_pirq_to_irq(current->domain, *index);
if ( irq <= 0 )
{
- if ( IS_PRIV(current->domain) )
+ if ( is_hardware_domain(current->domain) )
irq = *index;
else {
dprintk(XENLOG_G_ERR, "dom%d: map pirq with incorrect irq!\n",
@@ -691,7 +691,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void)
arg)
case PHYSDEVOP_dbgp_op: {
struct physdev_dbgp_op op;
- if ( !IS_PRIV(v->domain) )
+ if ( !is_hardware_domain(v->domain) )
ret = -EPERM;
else if ( copy_from_guest(&op, arg, 1) )
ret = -EFAULT;
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index d36eddd..80d7892 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1303,7 +1303,7 @@ static int fixup_page_fault(unsigned long addr, struct
cpu_user_regs *regs)
ptwr_do_page_fault(v, addr, regs) )
return EXCRET_fault_fixed;
- if ( IS_PRIV(d) && (regs->error_code & PFEC_page_present) &&
+ if ( is_hardware_domain(d) && (regs->error_code & PFEC_page_present) &&
mmio_ro_do_page_fault(v, addr, regs) )
return EXCRET_fault_fixed;
}
@@ -1623,7 +1623,7 @@ static int pci_cfg_ok(struct domain *d, int write, int
size)
{
uint32_t machine_bdf;
uint16_t start, end;
- if (!IS_PRIV(d))
+ if (!is_hardware_domain(d))
return 0;
machine_bdf = (d->arch.pci_cf8 >> 8) & 0xFFFF;
@@ -2404,7 +2404,7 @@ static int emulate_privileged_op(struct cpu_user_regs
*regs)
if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
goto fail;
- if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+ if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
break;
if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) ||
(eax != (uint32_t)val) ||
@@ -2417,7 +2417,7 @@ static int emulate_privileged_op(struct cpu_user_regs
*regs)
if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
goto fail;
- if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+ if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
break;
if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) )
goto fail;
@@ -2437,7 +2437,7 @@ static int emulate_privileged_op(struct cpu_user_regs
*regs)
case MSR_IA32_UCODE_REV:
if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
goto fail;
- if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+ if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
break;
if ( rdmsr_safe(regs->ecx, val) )
goto fail;
@@ -2473,7 +2473,7 @@ static int emulate_privileged_op(struct cpu_user_regs
*regs)
case MSR_IA32_ENERGY_PERF_BIAS:
if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
goto fail;
- if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+ if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
break;
if ( wrmsr_safe(regs->ecx, msr_content) != 0 )
goto fail;
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 723885c..bd1c7dc 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -705,8 +705,13 @@ uint64_t get_cpu_idle_time(unsigned int cpu);
void watchdog_domain_init(struct domain *d);
void watchdog_domain_destroy(struct domain *d);
-#define IS_PRIV(_d) ((_d)->is_privileged)
-#define IS_PRIV_FOR(_d, _t) (IS_PRIV(_d) || ((_d)->target && (_d)->target ==
(_t)))
+/*
+ * Use this check when the following are both true:
+ * - Using this feature or interface requires full access to the hardware
+ * (that is, this is would not be suitable for a driver domain)
+ * - There is never a reason to deny dom0 access to this
+ */
+#define is_hardware_domain(_d) ((_d)->is_privileged)
#define VM_ASSIST(_d,_t) (test_bit((_t), &(_d)->vm_assist))
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 3912bd9..a872056 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -60,17 +60,23 @@ static always_inline int xsm_default_action(
case XSM_HOOK:
return 0;
case XSM_DM_PRIV:
- if ( !IS_PRIV_FOR(src, target) )
- return -EPERM;
- return 0;
+ if ( src->is_privileged )
+ return 0;
+ if ( target && src->target == target )
+ return 0;
+ return -EPERM;
case XSM_TARGET:
- if ( src != target && !IS_PRIV_FOR(src, target) )
- return -EPERM;
- return 0;
+ if ( src == target )
+ return 0;
+ if ( src->is_privileged )
+ return 0;
+ if ( target && src->target == target )
+ return 0;
+ return -EPERM;
case XSM_PRIV:
- if ( !IS_PRIV(src) )
- return -EPERM;
- return 0;
+ if ( src->is_privileged )
+ return 0;
+ return -EPERM;
default:
LINKER_BUG_ON(1);
return -EPERM;
@@ -567,10 +573,12 @@ static XSM_INLINE int
xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct
domain *t,
struct domain *f, uint32_t flags)
{
+ int rc;
XSM_ASSERT_ACTION(XSM_TARGET);
- if ( t && d != t && !IS_PRIV_FOR(d, t) )
- return -EPERM;
- return xsm_default_action(action, d, f);
+ rc = xsm_default_action(action, d, f);
+ if ( t && !rc )
+ rc = xsm_default_action(action, d, t);
+ return rc;
}
static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct
domain *f)
--
1.8.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |