[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 6/9] xen: rename IS_PRIV to is_hardware_domain
Since the remaining uses of IS_PRIV are actually concerned with the domain having control of the hardware (i.e. being the initial domain), clarify this by renaming IS_PRIV to is_hardware_domain. This also removes IS_PRIV_FOR since the only remaining user was xsm/dummy.h. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Cc: Keir Fraser <keir@xxxxxxx> Cc: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/x86/domctl.c | 6 +++--- xen/arch/x86/msi.c | 2 +- xen/arch/x86/physdev.c | 4 ++-- xen/arch/x86/traps.c | 12 ++++++------ xen/include/xen/sched.h | 9 +++++++-- xen/include/xsm/dummy.h | 32 ++++++++++++++++++++------------ 6 files changed, 39 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 327a792..ed51106 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -662,7 +662,7 @@ long arch_do_domctl( while ( i-- ) clear_mmio_p2m_entry(d, gfn + i); if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) && - IS_PRIV(current->domain) ) + is_hardware_domain(current->domain) ) printk(XENLOG_ERR "memory_map: failed to deny dom%d access to [%lx,%lx]\n", d->domain_id, mfn, mfn + nr_mfns - 1); @@ -681,7 +681,7 @@ long arch_do_domctl( ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1); if ( !ret && add ) ret = -EIO; - if ( ret && IS_PRIV(current->domain) ) + if ( ret && is_hardware_domain(current->domain) ) printk(XENLOG_ERR "memory_map: error %ld %s dom%d access to [%lx,%lx]\n", ret, add ? "removing" : "denying", d->domain_id, @@ -768,7 +768,7 @@ long arch_do_domctl( break; } ret = ioports_deny_access(d, fmp, fmp + np - 1); - if ( ret && IS_PRIV(current->domain) ) + if ( ret && is_hardware_domain(current->domain) ) printk(XENLOG_ERR "ioport_map: error %ld denying dom%d access to [%x,%x]\n", ret, d->domain_id, fmp, fmp + np - 1); diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 6cc8f7a..4059b32 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -810,7 +810,7 @@ static int msix_capability_init(struct pci_dev *dev, break; if ( d ) { - if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id ) + if ( !is_hardware_domain(d) && dev->msix_warned != d->domain_id ) { dev->msix_warned = d->domain_id; printk(XENLOG_ERR diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index 876ac9d..226905d 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -128,7 +128,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index, int *pirq_p, irq = domain_pirq_to_irq(current->domain, *index); if ( irq <= 0 ) { - if ( IS_PRIV(current->domain) ) + if ( is_hardware_domain(current->domain) ) irq = *index; else { dprintk(XENLOG_G_ERR, "dom%d: map pirq with incorrect irq!\n", @@ -691,7 +691,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) case PHYSDEVOP_dbgp_op: { struct physdev_dbgp_op op; - if ( !IS_PRIV(v->domain) ) + if ( !is_hardware_domain(v->domain) ) ret = -EPERM; else if ( copy_from_guest(&op, arg, 1) ) ret = -EFAULT; diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d36eddd..80d7892 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1303,7 +1303,7 @@ static int fixup_page_fault(unsigned long addr, struct cpu_user_regs *regs) ptwr_do_page_fault(v, addr, regs) ) return EXCRET_fault_fixed; - if ( IS_PRIV(d) && (regs->error_code & PFEC_page_present) && + if ( is_hardware_domain(d) && (regs->error_code & PFEC_page_present) && mmio_ro_do_page_fault(v, addr, regs) ) return EXCRET_fault_fixed; } @@ -1623,7 +1623,7 @@ static int pci_cfg_ok(struct domain *d, int write, int size) { uint32_t machine_bdf; uint16_t start, end; - if (!IS_PRIV(d)) + if (!is_hardware_domain(d)) return 0; machine_bdf = (d->arch.pci_cf8 >> 8) & 0xFFFF; @@ -2404,7 +2404,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs) if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD || boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 ) goto fail; - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) ) break; if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) || (eax != (uint32_t)val) || @@ -2417,7 +2417,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs) if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD || boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 ) goto fail; - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) ) break; if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) ) goto fail; @@ -2437,7 +2437,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs) case MSR_IA32_UCODE_REV: if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ) goto fail; - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) ) break; if ( rdmsr_safe(regs->ecx, val) ) goto fail; @@ -2473,7 +2473,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs) case MSR_IA32_ENERGY_PERF_BIAS: if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ) goto fail; - if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) + if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) ) break; if ( wrmsr_safe(regs->ecx, msr_content) != 0 ) goto fail; diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 723885c..bd1c7dc 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -705,8 +705,13 @@ uint64_t get_cpu_idle_time(unsigned int cpu); void watchdog_domain_init(struct domain *d); void watchdog_domain_destroy(struct domain *d); -#define IS_PRIV(_d) ((_d)->is_privileged) -#define IS_PRIV_FOR(_d, _t) (IS_PRIV(_d) || ((_d)->target && (_d)->target == (_t))) +/* + * Use this check when the following are both true: + * - Using this feature or interface requires full access to the hardware + * (that is, this is would not be suitable for a driver domain) + * - There is never a reason to deny dom0 access to this + */ +#define is_hardware_domain(_d) ((_d)->is_privileged) #define VM_ASSIST(_d,_t) (test_bit((_t), &(_d)->vm_assist)) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 3912bd9..a872056 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -60,17 +60,23 @@ static always_inline int xsm_default_action( case XSM_HOOK: return 0; case XSM_DM_PRIV: - if ( !IS_PRIV_FOR(src, target) ) - return -EPERM; - return 0; + if ( src->is_privileged ) + return 0; + if ( target && src->target == target ) + return 0; + return -EPERM; case XSM_TARGET: - if ( src != target && !IS_PRIV_FOR(src, target) ) - return -EPERM; - return 0; + if ( src == target ) + return 0; + if ( src->is_privileged ) + return 0; + if ( target && src->target == target ) + return 0; + return -EPERM; case XSM_PRIV: - if ( !IS_PRIV(src) ) - return -EPERM; - return 0; + if ( src->is_privileged ) + return 0; + return -EPERM; default: LINKER_BUG_ON(1); return -EPERM; @@ -567,10 +573,12 @@ static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { + int rc; XSM_ASSERT_ACTION(XSM_TARGET); - if ( t && d != t && !IS_PRIV_FOR(d, t) ) - return -EPERM; - return xsm_default_action(action, d, f); + rc = xsm_default_action(action, d, f); + if ( t && !rc ) + rc = xsm_default_action(action, d, t); + return rc; } static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct domain *f) -- 1.8.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |