Add support for building domains with IO privileges.
With a non-empty pci_device_list, xc_dom_create.py will automatically
cause the SIF_PRIVILEGED flag to be set in the domain's start info
structure. This notifies it to do an IOPL, in turn allowing it to use
its PCI devices.
xc.domain_destroy ( dom=id )
sys.exit()
+ # will the domain have IO privileges?
+ if pci_device_list != []: io_priv = True
+ else: io_priv = False
+
if restore:
- ret = eval('xc.%s_restore ( dom=id, state_file=state_file, progress=1 )' % builder_fn)
+ ret = eval('xc.%s_restore ( dom=id, state_file=state_file, progress=1, io_priv=%d )' % (builder_fn, io_priv))
if ret < 0:
print "Error restoring domain"
print "Return code = " + str(ret)
sys.exit()
else:
- ret = eval('xc.%s_build ( dom=id, image=image, ramdisk=ramdisk, cmdline=cmdline, control_evtchn=xend_response["remote_port"] )' % builder_fn)
+ ret = eval('xc.%s_build ( dom=id, image=image, ramdisk=ramdisk, cmdline=cmdline, control_evtchn=xend_response["remote_port"], io_priv=%d )' % (builder_fn, io_priv) )
if ret < 0:
print "Error building Linux guest OS: "
print "Return code = " + str(ret)
int verbose);
int xc_linux_restore(int xc_handle,
- u64 domid,
+ u64 domid,
const char *state_file,
int verbose,
u64 *pdomid);
const char *image_name,
const char *ramdisk_name,
const char *cmdline,
- unsigned int control_evtchn);
+ unsigned int control_evtchn,
+ int io_priv);
int xc_netbsd_build(int xc_handle,
u64 domid,
const char *image_name,
const char *cmdline,
- unsigned int control_evtchn);
+ unsigned int control_evtchn,
+ int io_priv);
int xc_bvtsched_global_set(int xc_handle,
unsigned long ctx_allow);
int xc_domain_setname(int xc_handle,
u64 domid,
- char *name);
+ char *name);
int xc_domain_setinitialmem(int xc_handle,
- u64 domid,
- unsigned int initial_memkb);
+ u64 domid,
+ unsigned int initial_memkb);
int xc_domain_setmaxmem(int xc_handle,
- u64 domid,
- unsigned int max_memkb);
+ u64 domid,
+ unsigned int max_memkb);
#endif /* __XC_H__ */
dom0_builddomain_t *builddomain,
const char *cmdline,
unsigned long shared_info_frame,
- unsigned int control_evtchn)
+ unsigned int control_evtchn,
+ int io_priv)
{
l1_pgentry_t *vl1tab=NULL, *vl1e=NULL;
l2_pgentry_t *vl2tab=NULL, *vl2e=NULL;
memset(start_info, 0, sizeof(*start_info));
start_info->nr_pages = nr_pages;
start_info->shared_info = shared_info_frame << PAGE_SHIFT;
- start_info->flags = 0;
+ start_info->flags = io_priv ? SIF_PRIVILEGED : 0;
start_info->pt_base = vpt_start;
start_info->nr_pt_frames = nr_pt_pages;
start_info->mfn_list = vphysmap_start;
const char *image_name,
const char *ramdisk_name,
const char *cmdline,
- unsigned int control_evtchn)
+ unsigned int control_evtchn,
+ int io_priv)
{
dom0_op_t launch_op, op;
int initrd_fd = -1;
&vstartinfo_start, &vkern_entry,
&launch_op.u.builddomain, cmdline,
op.u.getdomaininfo.shared_info_frame,
- control_evtchn) < 0 )
+ control_evtchn, io_priv) < 0 )
{
ERROR("Error constructing guest OS");
goto error_out;
if ( (ehdr->e_phoff + (ehdr->e_phnum * ehdr->e_phentsize)) > elfsize )
{
- ERROR("ELF program headers extend beyond end of image.");
+ ERROR("ELF program headers extend beyond end of image.");
return -EINVAL;
}
if ( (ehdr->e_shoff + (ehdr->e_shnum * ehdr->e_shentsize)) > elfsize )
{
- ERROR("ELF section headers extend beyond end of image.");
+ ERROR("ELF section headers extend beyond end of image.");
return -EINVAL;
}
{
phdr = (Elf_Phdr *)(elfbase + ehdr->e_phoff + (h*ehdr->e_phentsize));
if ( !is_loadable_phdr(phdr) )
- continue;
+ continue;
for ( done = 0; done < phdr->p_filesz; done += chunksz )
{
dom0_builddomain_t *builddomain,
const char *cmdline,
unsigned long shared_info_frame,
- unsigned int control_evtchn)
+ unsigned int control_evtchn,
+ int io_priv)
{
l1_pgentry_t *vl1tab=NULL, *vl1e=NULL;
l2_pgentry_t *vl2tab=NULL, *vl2e=NULL;
start_info->mod_len = symtab_len;
start_info->nr_pages = tot_pages;
start_info->shared_info = shared_info_frame << PAGE_SHIFT;
- start_info->flags = 0;
+ start_info->flags = io_priv ? SIF_PRIVILEGED : 0;
start_info->domain_controller_evtchn = control_evtchn;
strncpy(start_info->cmd_line, cmdline, MAX_CMDLINE);
start_info->cmd_line[MAX_CMDLINE-1] = '\0';
u64 domid,
const char *image_name,
const char *cmdline,
- unsigned int control_evtchn)
+ unsigned int control_evtchn,
+ int io_priv)
{
dom0_op_t launch_op, op;
unsigned long load_addr;
&virt_startinfo_addr,
&load_addr, &launch_op.u.builddomain, cmdline,
op.u.getdomaininfo.shared_info_frame,
- control_evtchn) < 0 )
+ control_evtchn, io_priv) < 0 )
{
ERROR("Error constructing guest OS");
goto error_out;
u64 dom;
char *image, *ramdisk = NULL, *cmdline = "";
- int control_evtchn;
+ int control_evtchn, io_priv = 0;
static char *kwd_list[] = { "dom", "control_evtchn",
- "image", "ramdisk", "cmdline", NULL };
+ "image", "ramdisk", "cmdline", "io_priv",
+ NULL };
- if ( !PyArg_ParseTupleAndKeywords(args, kwds, "Lis|ss", kwd_list,
+ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "Lis|ssi", kwd_list,
&dom, &control_evtchn,
- &image, &ramdisk, &cmdline) )
+ &image, &ramdisk, &cmdline, &io_priv) )
return NULL;
if ( xc_linux_build(xc->xc_handle, dom, image,
- ramdisk, cmdline, control_evtchn) != 0 )
+ ramdisk, cmdline, control_evtchn, io_priv) != 0 )
return PyErr_SetFromErrno(xc_error);
Py_INCREF(zero);
u64 dom;
char *image, *ramdisk = NULL, *cmdline = "";
- int control_evtchn;
+ int control_evtchn, io_priv = 0;
static char *kwd_list[] = { "dom", "control_evtchn",
- "image", "ramdisk", "cmdline", NULL };
+ "image", "ramdisk", "cmdline", "io_priv",
+ NULL };
- if ( !PyArg_ParseTupleAndKeywords(args, kwds, "Lis|ss", kwd_list,
+ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "Lis|ssi", kwd_list,
&dom, &control_evtchn,
- &image, &ramdisk, &cmdline) )
+ &image, &ramdisk, &cmdline, &io_priv) )
return NULL;
if ( xc_netbsd_build(xc->xc_handle, dom, image,
- cmdline, control_evtchn) != 0 )
+ cmdline, control_evtchn, io_priv) != 0 )
return PyErr_SetFromErrno(xc_error);
Py_INCREF(zero);
" dom [long]: Identifier of domain to build into.\n"
" image [str]: Name of kernel image file. May be gzipped.\n"
" ramdisk [str, n/a]: Name of ramdisk file, if any.\n"
- " cmdline [str, n/a]: Kernel parameters, if any.\n\n"
+ " cmdline [str, n/a]: Kernel parameters, if any.\n"
+ " io_priv [boolean]: Does the domain have IO privileges?\n\n"
"Returns: [int] 0 on success; -1 on error.\n" },
{ "netbsd_build",
"Build a new NetBSD guest OS.\n"
" dom [long]: Identifier of domain to build into.\n"
" image [str]: Name of kernel image file. May be gzipped.\n"
- " cmdline [str, n/a]: Kernel parameters, if any.\n\n"
+ " cmdline [str, n/a]: Kernel parameters, if any.\n"
+ " io_priv [boolean]: Does the domain have IO privileges?\n\n"
"Returns: [int] 0 on success; -1 on error.\n" },
{ "bvtsched_global_set",
projects / xen.git / commitdiff