[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 09/22] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null



Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
 tools/libs/call/core.c                             | 30 +---------------------
 tools/libs/toolcore/handlereg.c                    | 26 +++++++++++++++++++
 tools/libs/toolcore/include/xentoolcore_internal.h | 12 +++++++++
 tools/libs/toolcore/libxentoolcore.map             |  1 +
 4 files changed, 40 insertions(+), 29 deletions(-)

diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c
index 11ecc87..d6ce73d 100644
--- a/tools/libs/call/core.c
+++ b/tools/libs/call/core.c
@@ -15,39 +15,11 @@
 
 #include <stdlib.h>
 
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-
 #include "private.h"
 
 static int all_restrict_cb(Xentoolcore__Active_Handle *ah, uint32_t domid) {
     xencall_handle *xcall = CONTAINER_OF(ah, *xcall, tc_ah);
-    int nullfd = -1, r;
-
-    if (xcall->fd < 0)
-        /* just in case */
-        return 0;
-
-    /*
-     * We don't implement a restrict function.  We neuter the fd by
-     * dup'ing /dev/null onto it.  This is better than closing it,
-     * because it does not involve locking against concurrent uses
-     * of xencall in other threads.
-     */
-    nullfd = open("/dev/null",O_RDONLY);
-    if (nullfd < 0) goto err;
-
-    r = dup2(nullfd, xcall->fd);
-    if (r < 0) goto err;
-
-    close(nullfd);
-    return 0;
-
-err:
-    if (nullfd >= 0) close(nullfd);
-    return -1;
+    return xentoolcore__restrict_by_dup2_null(xcall->fd);
 }
 
 xencall_handle *xencall_open(xentoollog_logger *logger, unsigned open_flags)
diff --git a/tools/libs/toolcore/handlereg.c b/tools/libs/toolcore/handlereg.c
index cfd01a2..56d8b2d 100644
--- a/tools/libs/toolcore/handlereg.c
+++ b/tools/libs/toolcore/handlereg.c
@@ -22,6 +22,11 @@
 
 #include "xentoolcore_internal.h"
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
 #include <pthread.h>
 #include <assert.h>
 
@@ -67,6 +72,27 @@ int xentoolcore_restrict_all(uint32_t domid) {
     return r;
 }
 
+int xentoolcore__restrict_by_dup2_null(int fd) {
+    int nullfd = -1, r;
+
+    if (fd < 0)
+        /* just in case */
+        return 0;
+
+    nullfd = open("/dev/null",O_RDONLY);
+    if (nullfd < 0) goto err;
+
+    r = dup2(nullfd, fd);
+    if (r < 0) goto err;
+
+    close(nullfd);
+    return 0;
+
+err:
+    if (nullfd >= 0) close(nullfd);
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/toolcore/include/xentoolcore_internal.h 
b/tools/libs/toolcore/include/xentoolcore_internal.h
index 27497d6..7e96a48 100644
--- a/tools/libs/toolcore/include/xentoolcore_internal.h
+++ b/tools/libs/toolcore/include/xentoolcore_internal.h
@@ -91,6 +91,18 @@ struct Xentoolcore__Active_Handle {
 void xentoolcore__register_active_handle(Xentoolcore__Active_Handle*);
 void xentoolcore__deregister_active_handle(Xentoolcore__Active_Handle*);
 
+/*
+ * Utility function for use in restrict_callback in libraries whose
+ * handles don't have a useful restrict function.  We neuter the fd by
+ * dup'ing /dev/null onto it.  This is better than closing it, because
+ * it does not involve locking against concurrent uses of in other
+ * threads.
+ *
+ * Returns the value that restrict_callback should return.
+ * fd may be < 0.
+ */
+int xentoolcore__restrict_by_dup2_null(int fd);
+
 /* ---------- convenient stuff ---------- */
 
 /*
diff --git a/tools/libs/toolcore/libxentoolcore.map 
b/tools/libs/toolcore/libxentoolcore.map
index eb5d251..0b7d925 100644
--- a/tools/libs/toolcore/libxentoolcore.map
+++ b/tools/libs/toolcore/libxentoolcore.map
@@ -3,5 +3,6 @@ VERS_1.0 {
                xentoolcore_restrict_all;
                xentoolcore__register_active_handle;
                xentoolcore__deregister_active_handle;
+               xentoolcore__restrict_by_dup2_null;
        local: *; /* Do not expose anything by default */
 };
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.