|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v4 3/8] tools: xencall, xengnttab, xengntshr: Provide access to internal fds
Ian Jackson writes ("[PATCH for-4.12 v2 0/8] tools: Depriv fd checking,
internal fd access"):
> This series provides the support in xen.git for auditing whether qemu
> file descriptors are deprivileged, as expected with libxl
> dm_restrict=1.
These were all acked.
However, on rebasing to current staging I had a merge conflict in
libxengnttab.map. Here is the new version, therefore, with Roger's
R-B and Wei's A-B dropped for that reason.
Thanks,
Ian.
From f61e6ee1a2a6530dabc15eef86845210d14aa53c Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Fri, 4 May 2018 16:29:17 +0100
Subject: [PATCH v4 3/8] tools: xencall, xengnttab, xengntshr: Provide access
to internal fds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
I want this to support my qemu depriv descriptor audit tool.
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
v4: Rebase onto current staging.
v3: Remove an erroneously-introduced blank line.
v2: Fix ABI breakage.
---
tools/libs/call/core.c | 5 +++++
tools/libs/call/include/xencall.h | 8 ++++++++
tools/libs/call/libxencall.map | 1 +
tools/libs/gnttab/gntshr_core.c | 6 ++++++
tools/libs/gnttab/gnttab_core.c | 5 +++++
tools/libs/gnttab/include/xengnttab.h | 17 +++++++++++++++++
tools/libs/gnttab/libxengnttab.map | 6 ++++++
7 files changed, 48 insertions(+)
diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c
index 46ca615..57d3a33 100644
--- a/tools/libs/call/core.c
+++ b/tools/libs/call/core.c
@@ -91,6 +91,11 @@ int xencall_close(xencall_handle *xcall)
return rc;
}
+int xencall_fd(xencall_handle *xcall)
+{
+ return xcall->fd;
+}
+
int xencall0(xencall_handle *xcall, unsigned int op)
{
privcmd_hypercall_t call = {
diff --git a/tools/libs/call/include/xencall.h
b/tools/libs/call/include/xencall.h
index 0d09bc8..2d0c42a 100644
--- a/tools/libs/call/include/xencall.h
+++ b/tools/libs/call/include/xencall.h
@@ -74,6 +74,14 @@ xencall_handle *xencall_open(struct xentoollog_logger
*logger,
int xencall_close(xencall_handle *xcall);
/*
+ * Return the fd used internally by xencall. selecting on it is not
+ * useful. But it could be useful for unusual use cases; perhaps,
+ * passing to other programs, calling ioctls on directly, or maybe
+ * calling fcntl.
+ */
+int xencall_fd(xencall_handle *xcall);
+
+/*
* Call hypercalls with varying numbers of arguments.
*
* On success the return value of the hypercall is the return value of
diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map
index c482195..feacee3 100644
--- a/tools/libs/call/libxencall.map
+++ b/tools/libs/call/libxencall.map
@@ -21,4 +21,5 @@ VERS_1.0 {
VERS_1.1 {
global:
xencall_buffers_never_fault;
+ xencall_fd;
} VERS_1.0;
diff --git a/tools/libs/gnttab/gntshr_core.c b/tools/libs/gnttab/gntshr_core.c
index 7f6bf9d..1117e29 100644
--- a/tools/libs/gnttab/gntshr_core.c
+++ b/tools/libs/gnttab/gntshr_core.c
@@ -64,6 +64,12 @@ int xengntshr_close(xengntshr_handle *xgs)
free(xgs);
return rc;
}
+
+int xengntshr_fd(xengntshr_handle *xgs)
+{
+ return xgs->fd;
+}
+
void *xengntshr_share_pages(xengntshr_handle *xcg, uint32_t domid,
int count, uint32_t *refs, int writable)
{
diff --git a/tools/libs/gnttab/gnttab_core.c b/tools/libs/gnttab/gnttab_core.c
index 98f1591..bd075f8 100644
--- a/tools/libs/gnttab/gnttab_core.c
+++ b/tools/libs/gnttab/gnttab_core.c
@@ -75,6 +75,11 @@ int xengnttab_close(xengnttab_handle *xgt)
return rc;
}
+int xengnttab_fd(xengnttab_handle *xgt)
+{
+ return xgt->fd;
+}
+
int xengnttab_set_max_grants(xengnttab_handle *xgt, uint32_t count)
{
return osdep_gnttab_set_max_grants(xgt, count);
diff --git a/tools/libs/gnttab/include/xengnttab.h
b/tools/libs/gnttab/include/xengnttab.h
index 35be6c1..91d4cd5 100644
--- a/tools/libs/gnttab/include/xengnttab.h
+++ b/tools/libs/gnttab/include/xengnttab.h
@@ -149,6 +149,15 @@ xengnttab_handle *xengnttab_open(struct xentoollog_logger
*logger,
*/
int xengnttab_close(xengnttab_handle *xgt);
+
+/*
+ * Return the fd used internally by xengnttab. selecting on it is not
+ * useful. But it could be useful for unusual use cases; perhaps,
+ * passing to other programs, calling ioctls on directly, or maybe
+ * calling fcntl.
+ */
+int xengnttab_fd(xengnttab_handle *xgt);
+
/**
* Memory maps a grant reference from one domain to a local address range.
* Mappings should be unmapped with xengnttab_unmap. Logs errors.
@@ -334,6 +343,14 @@ xengntshr_handle *xengntshr_open(struct xentoollog_logger
*logger,
*/
int xengntshr_close(xengntshr_handle *xgs);
+/*
+ * Return the fd used internally by xengntshr. selecting on it is not
+ * useful. But it could be useful for unusual use cases; perhaps,
+ * passing to other programs, calling ioctls on directly, or maybe
+ * calling fcntl.
+ */
+int xengntshr_fd(xengntshr_handle *xgs);
+
/**
* Allocates and shares pages with another domain.
*
diff --git a/tools/libs/gnttab/libxengnttab.map
b/tools/libs/gnttab/libxengnttab.map
index f78da22..d5da388 100644
--- a/tools/libs/gnttab/libxengnttab.map
+++ b/tools/libs/gnttab/libxengnttab.map
@@ -26,3 +26,9 @@ VERS_1.1 {
global:
xengnttab_grant_copy;
} VERS_1.0;
+
+VERS_1.2 {
+ global:
+ xengnttab_fd;
+ xengntshr_fd;
+} VERS_1.1;
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |