[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v4 2/6] [WIP] libxl: xsrestrict QEMU
Check whether QEMU supports the xsrestrict option, by parsing its --help output. Store the result on xenstore for future reference on a per QEMU binary basis, so that device_model_override still works fine with it. Replace / with _ in the QEMU binary path before writing it to xenstore, so that it doesn't get confused with xenstore paths. If QEMU supports xsrestrict and emulator_id, pass xsrestrict=on to it. Statically reserve two emulator_ids, one for device models and another for pv qemus. Use the emulator_ids appropriately. WIP: direct use of fork is forbidden in libxl Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> --- Changes in v4: - update xenstore-paths.markdown Changes in v3: - add emulator_ids - mark as WIP --- docs/misc/xenstore-paths.markdown | 8 +++++ tools/libxl/libxl_dm.c | 72 +++++++++++++++++++++++++++++++++++++ tools/libxl/libxl_internal.h | 7 ++++ tools/libxl/libxl_utils.c | 10 ++++++ 4 files changed, 97 insertions(+) diff --git a/docs/misc/xenstore-paths.markdown b/docs/misc/xenstore-paths.markdown index d94ea9d..780f601 100644 --- a/docs/misc/xenstore-paths.markdown +++ b/docs/misc/xenstore-paths.markdown @@ -397,6 +397,14 @@ The device model version for a domain. ifb device used by Remus to buffer network output from the associated vif. +#### ~/libxl/$DEVICE_MODEL_BINARY/* [n,INTERNAL] + +Contains a list of options supported by the device model, in the form: +"$OPTION" = ("1"|"0"). +$DEVICE_MODEL_BINARY is the full path to the device model binary with +'/' replaced by '_'. So for example /usr/lib/xen/bin/qemu-system-i386 +would be /libxl/_usr_lib_xen_bin_qemu-system-i386. + [BLKIF]: http://xenbits.xen.org/docs/unstable/hypercall/include,public,io,blkif.h.html [FBIF]: http://xenbits.xen.org/docs/unstable/hypercall/include,public,io,fbif.h.html [HVMPARAMS]: http://xenbits.xen.org/docs/unstable/hypercall/include,public,hvm,params.h.html diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index 7038e5c..d5f230a 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -447,6 +447,65 @@ retry: return 0; } +int libxl__check_qemu_supported(libxl__gc *gc, const char *dm, char *opt) +{ + libxl_ctx *ctx = libxl__gc_owner(gc); + pid_t pid; + int pipefd[2], status; + FILE *fp; + char *buf; + ssize_t buf_size = 512; + int ret = 0; + char *s; + + s = libxl__strdup(gc, dm); + libxl__replace_chr(gc, s, '/', '_'); + s = libxl__sprintf(gc, "libxl/%s/%s", s, opt); + buf = libxl__xs_read(gc, XBT_NULL, s); + if (buf != NULL) + return !strcmp(buf, "1"); + + if (access(dm, X_OK) < 0) { + LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, + "device model %s is not executable", dm); + return ERROR_FAIL; + } + + if (libxl_pipe(ctx, pipefd) < 0) + return ERROR_FAIL; + + pid = fork(); + if (pid < 0) + return ERROR_FAIL; + + /* child spawn QEMU */ + if (!pid) { + char *args[] = {(char*)dm, "--help", NULL}; + close(pipefd[0]); + libxl__exec(gc, -1, pipefd[1], pipefd[1], dm, args, NULL); + exit(1); + } + + /* parent parses the output */ + close(pipefd[1]); + fp = fdopen(pipefd[0], "r"); + buf = libxl__malloc(gc, buf_size); + while (fgets(buf, buf_size, fp) != NULL) { + if (strstr(buf, opt) != NULL) { + ret = 1; + goto out; + } + } +out: + close(pipefd[0]); + waitpid(pid, &status, pid); + libxl_report_child_exitstatus(ctx, XTL_WARN, dm, pid, status); + + ret = libxl__xs_write(gc, XBT_NULL, s, "%d", ret); + + return ret; +} + static char ** libxl__build_device_model_args_new(libxl__gc *gc, const char *dm, int guest_domid, const libxl_domain_config *guest_config, @@ -934,6 +993,14 @@ end_search: if (user) { flexarray_append(dm_args, "-runas"); flexarray_append(dm_args, user); + if (libxl__check_qemu_supported(gc, dm, "xsrestrict") && + libxl__check_qemu_supported(gc, dm, "emulator_id")) { + flexarray_append(dm_args, "-xenopts"); + flexarray_append(dm_args, + GCSPRINTF("xsrestrict=on,emulator_id=%u", + (b_info->type == LIBXL_DOMAIN_TYPE_PV) ? + QEMU_XEN_PV_ID : QEMU_XEN_DEVICE_MODEL_ID)); + } } } flexarray_append(dm_args, NULL); @@ -1660,6 +1727,11 @@ void libxl__spawn_qdisk_backend(libxl__egc *egc, libxl__dm_spawn_state *dmss) flexarray_vappend(dm_args, "-monitor", "/dev/null", NULL); flexarray_vappend(dm_args, "-serial", "/dev/null", NULL); flexarray_vappend(dm_args, "-parallel", "/dev/null", NULL); + if (libxl__check_qemu_supported(gc, dm, "emulator_id")) { + flexarray_append(dm_args, "-xenopts"); + flexarray_append(dm_args, + GCSPRINTF("emulator_id=%u", QEMU_XEN_PV_ID)); + } flexarray_append(dm_args, NULL); args = (char **) flexarray_contents(dm_args); diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h index 7d0af40..b4bae2f 100644 --- a/tools/libxl/libxl_internal.h +++ b/tools/libxl/libxl_internal.h @@ -106,6 +106,10 @@ #define TAP_DEVICE_SUFFIX "-emu" #define DISABLE_UDEV_PATH "libxl/disable_udev" #define DOMID_XS_PATH "domid" +/* Reserved QEMU emulator_ids. For the moment assume max two QEMUs: one + * device model and one PV backends provider. */ +#define QEMU_XEN_DEVICE_MODEL_ID 0 +#define QEMU_XEN_PV_ID 1 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) @@ -1505,6 +1509,7 @@ _hidden int libxl__need_xenpv_qemu(libxl__gc *gc, int nr_vfbs, libxl_device_vfb *vfbs, int nr_disks, libxl_device_disk *disks, int nr_channels, libxl_device_channel *channels); +_hidden int libxl__check_qemu_supported(libxl__gc *gc, const char *dm, char *opt); /* * This function will cause the whole libxl process to hang @@ -3554,6 +3559,8 @@ int libxl__string_parse_json(libxl__gc *gc, const libxl__json_object *o, char **p); int libxl__random_bytes(libxl__gc *gc, uint8_t *buf, size_t len); +/* replace all occurrences of old with new inside s */ +void libxl__replace_chr(libxl__gc *gc, char *s, char old, char new); /* * Compile time assertion diff --git a/tools/libxl/libxl_utils.c b/tools/libxl/libxl_utils.c index 67c0b1c..ea08473 100644 --- a/tools/libxl/libxl_utils.c +++ b/tools/libxl/libxl_utils.c @@ -1158,6 +1158,16 @@ int libxl__random_bytes(libxl__gc *gc, uint8_t *buf, size_t len) return ret; } +void libxl__replace_chr(libxl__gc *gc, char *s, char old, char new) +{ + int i = 0; + + for (i = 0; s[i] != '\0'; i++) { + if (s[i] == old) + s[i] = new; + } +} + /* * Local variables: * mode: C -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |