Introduce rcu_lock_remote_target_domain_by_id().

Signed-off-by: Keir Fraser <keir@xen.org>

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 02327d1e9f5f25e5b2983f8ad59a171cb5632c71..b8c48a7ab03e22b249914fd48e5921e87212dd2b 100644 (file)
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -438,6 +438,20 @@ int rcu_lock_target_domain_by_id(domid_t dom, struct domain **d)
     return 0;
 }
 
+int rcu_lock_remote_target_domain_by_id(domid_t dom, struct domain **d)
+{
+    if ( (*d = rcu_lock_domain_by_id(dom)) == NULL )
+        return -ESRCH;
+
+    if ( (*d == current->domain) || !IS_PRIV_FOR(current->domain, *d) )
+    {
+        rcu_unlock_domain(*d);
+        return -EPERM;
+    }
+
+    return 0;
+}
+
 int domain_kill(struct domain *d)
 {
     int rc = 0;

diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index ce45800dbe185f85eecbe255752b8a75863d93b6..652a39c5b07d3d30c29d4ca52dfa91ae7fc1601d 100644 (file)
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -435,6 +435,13 @@ struct domain *rcu_lock_domain_by_id(domid_t dom);
  */
 int rcu_lock_target_domain_by_id(domid_t dom, struct domain **d);
 
+/*
+ * As rcu_lock_target_domain_by_id(), but will fail EPERM rather than resolve
+ * to local domain. Successful return always resolves to a remote domain that
+ * the local domain is privileged to control.
+ */
+int rcu_lock_remote_target_domain_by_id(domid_t dom, struct domain **d);
+
 /* Finish a RCU critical region started by rcu_lock_domain_by_id(). */
 static inline void rcu_unlock_domain(struct domain *d)
 {