[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 09/22] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> --- tools/libs/call/core.c | 30 +--------------------- tools/libs/toolcore/handlereg.c | 26 +++++++++++++++++++ tools/libs/toolcore/include/xentoolcore_internal.h | 12 +++++++++ tools/libs/toolcore/libxentoolcore.map | 1 + 4 files changed, 40 insertions(+), 29 deletions(-) diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c index 11ecc87..d6ce73d 100644 --- a/tools/libs/call/core.c +++ b/tools/libs/call/core.c @@ -15,39 +15,11 @@ #include <stdlib.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> - #include "private.h" static int all_restrict_cb(Xentoolcore__Active_Handle *ah, uint32_t domid) { xencall_handle *xcall = CONTAINER_OF(ah, *xcall, tc_ah); - int nullfd = -1, r; - - if (xcall->fd < 0) - /* just in case */ - return 0; - - /* - * We don't implement a restrict function. We neuter the fd by - * dup'ing /dev/null onto it. This is better than closing it, - * because it does not involve locking against concurrent uses - * of xencall in other threads. - */ - nullfd = open("/dev/null",O_RDONLY); - if (nullfd < 0) goto err; - - r = dup2(nullfd, xcall->fd); - if (r < 0) goto err; - - close(nullfd); - return 0; - -err: - if (nullfd >= 0) close(nullfd); - return -1; + return xentoolcore__restrict_by_dup2_null(xcall->fd); } xencall_handle *xencall_open(xentoollog_logger *logger, unsigned open_flags) diff --git a/tools/libs/toolcore/handlereg.c b/tools/libs/toolcore/handlereg.c index cfd01a2..56d8b2d 100644 --- a/tools/libs/toolcore/handlereg.c +++ b/tools/libs/toolcore/handlereg.c @@ -22,6 +22,11 @@ #include "xentoolcore_internal.h" +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + #include <pthread.h> #include <assert.h> @@ -67,6 +72,27 @@ int xentoolcore_restrict_all(uint32_t domid) { return r; } +int xentoolcore__restrict_by_dup2_null(int fd) { + int nullfd = -1, r; + + if (fd < 0) + /* just in case */ + return 0; + + nullfd = open("/dev/null",O_RDONLY); + if (nullfd < 0) goto err; + + r = dup2(nullfd, fd); + if (r < 0) goto err; + + close(nullfd); + return 0; + +err: + if (nullfd >= 0) close(nullfd); + return -1; +} + /* * Local variables: * mode: C diff --git a/tools/libs/toolcore/include/xentoolcore_internal.h b/tools/libs/toolcore/include/xentoolcore_internal.h index 27497d6..7e96a48 100644 --- a/tools/libs/toolcore/include/xentoolcore_internal.h +++ b/tools/libs/toolcore/include/xentoolcore_internal.h @@ -91,6 +91,18 @@ struct Xentoolcore__Active_Handle { void xentoolcore__register_active_handle(Xentoolcore__Active_Handle*); void xentoolcore__deregister_active_handle(Xentoolcore__Active_Handle*); +/* + * Utility function for use in restrict_callback in libraries whose + * handles don't have a useful restrict function. We neuter the fd by + * dup'ing /dev/null onto it. This is better than closing it, because + * it does not involve locking against concurrent uses of in other + * threads. + * + * Returns the value that restrict_callback should return. + * fd may be < 0. + */ +int xentoolcore__restrict_by_dup2_null(int fd); + /* ---------- convenient stuff ---------- */ /* diff --git a/tools/libs/toolcore/libxentoolcore.map b/tools/libs/toolcore/libxentoolcore.map index eb5d251..0b7d925 100644 --- a/tools/libs/toolcore/libxentoolcore.map +++ b/tools/libs/toolcore/libxentoolcore.map @@ -3,5 +3,6 @@ VERS_1.0 { xentoolcore_restrict_all; xentoolcore__register_active_handle; xentoolcore__deregister_active_handle; + xentoolcore__restrict_by_dup2_null; local: *; /* Do not expose anything by default */ }; -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |