[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 6/9] xen: rename IS_PRIV to is_hardware_domain



Since the remaining uses of IS_PRIV are actually concerned with the
domain having control of the hardware (i.e. being the initial domain),
clarify this by renaming IS_PRIV to is_hardware_domain.  This also
removes IS_PRIV_FOR since the only remaining user was xsm/dummy.h.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Keir Fraser <keir@xxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/domctl.c   |  6 +++---
 xen/arch/x86/msi.c      |  2 +-
 xen/arch/x86/physdev.c  |  4 ++--
 xen/arch/x86/traps.c    | 12 ++++++------
 xen/include/xen/sched.h |  9 +++++++--
 xen/include/xsm/dummy.h | 32 ++++++++++++++++++++------------
 6 files changed, 39 insertions(+), 26 deletions(-)

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 327a792..ed51106 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -662,7 +662,7 @@ long arch_do_domctl(
                     while ( i-- )
                         clear_mmio_p2m_entry(d, gfn + i);
                     if ( iomem_deny_access(d, mfn, mfn + nr_mfns - 1) &&
-                         IS_PRIV(current->domain) )
+                         is_hardware_domain(current->domain) )
                         printk(XENLOG_ERR
                                "memory_map: failed to deny dom%d access to 
[%lx,%lx]\n",
                                d->domain_id, mfn, mfn + nr_mfns - 1);
@@ -681,7 +681,7 @@ long arch_do_domctl(
             ret = iomem_deny_access(d, mfn, mfn + nr_mfns - 1);
             if ( !ret && add )
                 ret = -EIO;
-            if ( ret && IS_PRIV(current->domain) )
+            if ( ret && is_hardware_domain(current->domain) )
                 printk(XENLOG_ERR
                        "memory_map: error %ld %s dom%d access to [%lx,%lx]\n",
                        ret, add ? "removing" : "denying", d->domain_id,
@@ -768,7 +768,7 @@ long arch_do_domctl(
                     break;
                 }
             ret = ioports_deny_access(d, fmp, fmp + np - 1);
-            if ( ret && IS_PRIV(current->domain) )
+            if ( ret && is_hardware_domain(current->domain) )
                 printk(XENLOG_ERR
                        "ioport_map: error %ld denying dom%d access to 
[%x,%x]\n",
                        ret, d->domain_id, fmp, fmp + np - 1);
diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c
index 6cc8f7a..4059b32 100644
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
@@ -810,7 +810,7 @@ static int msix_capability_init(struct pci_dev *dev,
                         break;
             if ( d )
             {
-                if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id )
+                if ( !is_hardware_domain(d) && dev->msix_warned != 
d->domain_id )
                 {
                     dev->msix_warned = d->domain_id;
                     printk(XENLOG_ERR
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index 876ac9d..226905d 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -128,7 +128,7 @@ int physdev_map_pirq(domid_t domid, int type, int *index, 
int *pirq_p,
         irq = domain_pirq_to_irq(current->domain, *index);
         if ( irq <= 0 )
         {
-            if ( IS_PRIV(current->domain) )
+            if ( is_hardware_domain(current->domain) )
                 irq = *index;
             else {
                 dprintk(XENLOG_G_ERR, "dom%d: map pirq with incorrect irq!\n",
@@ -691,7 +691,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) 
arg)
     case PHYSDEVOP_dbgp_op: {
         struct physdev_dbgp_op op;
 
-        if ( !IS_PRIV(v->domain) )
+        if ( !is_hardware_domain(v->domain) )
             ret = -EPERM;
         else if ( copy_from_guest(&op, arg, 1) )
             ret = -EFAULT;
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index d36eddd..80d7892 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1303,7 +1303,7 @@ static int fixup_page_fault(unsigned long addr, struct 
cpu_user_regs *regs)
              ptwr_do_page_fault(v, addr, regs) )
             return EXCRET_fault_fixed;
 
-        if ( IS_PRIV(d) && (regs->error_code & PFEC_page_present) &&
+        if ( is_hardware_domain(d) && (regs->error_code & PFEC_page_present) &&
              mmio_ro_do_page_fault(v, addr, regs) )
             return EXCRET_fault_fixed;
     }
@@ -1623,7 +1623,7 @@ static int pci_cfg_ok(struct domain *d, int write, int 
size)
 {
     uint32_t machine_bdf;
     uint16_t start, end;
-    if (!IS_PRIV(d))
+    if (!is_hardware_domain(d))
         return 0;
 
     machine_bdf = (d->arch.pci_cf8 >> 8) & 0xFFFF;
@@ -2404,7 +2404,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) ||
                  (eax != (uint32_t)val) ||
@@ -2417,7 +2417,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) )
                 goto fail;
@@ -2437,7 +2437,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
         case MSR_IA32_UCODE_REV:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( rdmsr_safe(regs->ecx, val) )
                 goto fail;
@@ -2473,7 +2473,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
         case MSR_IA32_ENERGY_PERF_BIAS:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
-            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+            if ( !is_hardware_domain(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( wrmsr_safe(regs->ecx, msr_content) != 0 )
                 goto fail;
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 723885c..bd1c7dc 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -705,8 +705,13 @@ uint64_t get_cpu_idle_time(unsigned int cpu);
 void watchdog_domain_init(struct domain *d);
 void watchdog_domain_destroy(struct domain *d);
 
-#define IS_PRIV(_d) ((_d)->is_privileged)
-#define IS_PRIV_FOR(_d, _t) (IS_PRIV(_d) || ((_d)->target && (_d)->target == 
(_t)))
+/* 
+ * Use this check when the following are both true:
+ *  - Using this feature or interface requires full access to the hardware
+ *    (that is, this is would not be suitable for a driver domain)
+ *  - There is never a reason to deny dom0 access to this
+ */
+#define is_hardware_domain(_d) ((_d)->is_privileged)
 
 #define VM_ASSIST(_d,_t) (test_bit((_t), &(_d)->vm_assist))
 
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 3912bd9..a872056 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -60,17 +60,23 @@ static always_inline int xsm_default_action(
     case XSM_HOOK:
         return 0;
     case XSM_DM_PRIV:
-        if ( !IS_PRIV_FOR(src, target) )
-            return -EPERM;
-        return 0;
+        if ( src->is_privileged )
+            return 0;
+        if ( target && src->target == target )
+            return 0;
+        return -EPERM;
     case XSM_TARGET:
-        if ( src != target && !IS_PRIV_FOR(src, target) )
-            return -EPERM;
-        return 0;
+        if ( src == target )
+            return 0;
+        if ( src->is_privileged )
+            return 0;
+        if ( target && src->target == target )
+            return 0;
+        return -EPERM;
     case XSM_PRIV:
-        if ( !IS_PRIV(src) )
-            return -EPERM;
-        return 0;
+        if ( src->is_privileged )
+            return 0;
+        return -EPERM;
     default:
         LINKER_BUG_ON(1);
         return -EPERM;
@@ -567,10 +573,12 @@ static XSM_INLINE int 
xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d)
 static XSM_INLINE int xsm_mmu_update(XSM_DEFAULT_ARG struct domain *d, struct 
domain *t,
                                      struct domain *f, uint32_t flags)
 {
+    int rc;
     XSM_ASSERT_ACTION(XSM_TARGET);
-    if ( t && d != t && !IS_PRIV_FOR(d, t) )
-        return -EPERM;
-    return xsm_default_action(action, d, f);
+    rc = xsm_default_action(action, d, f);
+    if ( t && !rc )
+        rc = xsm_default_action(action, d, t);
+    return rc;
 }
 
 static XSM_INLINE int xsm_mmuext_op(XSM_DEFAULT_ARG struct domain *d, struct 
domain *f)
-- 
1.8.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.