domctl: fix IRQ permission granting/revocation

author Jan Beulich <JBeulich@suse.com>

Fri, 12 Dec 2014 10:24:13 +0000 (10:24 +0000)

committer Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Mon, 5 Jan 2015 15:20:24 +0000 (10:20 -0500)
author Jan Beulich <JBeulich@suse.com>
Fri, 12 Dec 2014 10:24:13 +0000 (10:24 +0000)
committer Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Mon, 5 Jan 2015 15:20:24 +0000 (10:20 -0500)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c

index f15dcfea6c1da3318d525f4ea995cc1059694516..8bca6da738b8ec17495c963d4026df3273c80ffa 100644 (file)
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -981,18 +981,21 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
  
      case XEN_DOMCTL_irq_permission:
      {
-        unsigned int pirq = op->u.irq_permission.pirq;
+        unsigned int pirq = op->u.irq_permission.pirq, irq;
          int allow = op->u.irq_permission.allow_access;
  
-        if ( pirq >= d->nr_pirqs )
+        if ( pirq >= current->domain->nr_pirqs )
+        {
              ret = -EINVAL;
-        else if ( !pirq_access_permitted(current->domain, pirq) ||
-                  xsm_irq_permission(XSM_HOOK, d, pirq, allow) )
+            break;
+        }
+        irq = pirq_access_permitted(current->domain, pirq);
+        if ( !irq || xsm_irq_permission(XSM_HOOK, d, irq, allow) )
              ret = -EPERM;
          else if ( allow )
-            ret = pirq_permit_access(d, pirq);
+            ret = irq_permit_access(d, irq);
          else
-            ret = pirq_deny_access(d, pirq);
+            ret = irq_deny_access(d, irq);
      }
      break;
  
diff --git a/xen/include/xen/iocap.h b/xen/include/xen/iocap.h

index b755ecbdb374ffcd22d859fd4ca08d8e21353145..1ca3858fc0bb7c959a18ed7642dead95b4978532 100644 (file)
--- a/xen/include/xen/iocap.h
+++ b/xen/include/xen/iocap.h
@@ -28,22 +28,11 @@
  #define irq_access_permitted(d, i)                      \
      rangeset_contains_singleton((d)->irq_caps, i)
  
-#define pirq_permit_access(d, i) ({                     \
-    struct domain *d__ = (d);                           \
-    int i__ = domain_pirq_to_irq(d__, i);               \
-    i__ > 0 ? rangeset_add_singleton(d__->irq_caps, i__)\
-            : -EINVAL;                                  \
-})
-#define pirq_deny_access(d, i) ({                       \
-    struct domain *d__ = (d);                           \
-    int i__ = domain_pirq_to_irq(d__, i);               \
-    i__ > 0 ? rangeset_remove_singleton(d__->irq_caps, i__)\
-            : -EINVAL;                                  \
-})
  #define pirq_access_permitted(d, i) ({                  \
      struct domain *d__ = (d);                           \
-    rangeset_contains_singleton(d__->irq_caps,          \
-                                domain_pirq_to_irq(d__, i));\
+    int irq__ = domain_pirq_to_irq(d__, i);             \
+    irq__ > 0 && irq_access_permitted(d__, irq__)       \
+    ? irq__ : 0;                                        \
  })
  
  #endif /* __XEN_IOCAP_H__ */
author	Jan Beulich <JBeulich@suse.com>
	Fri, 12 Dec 2014 10:24:13 +0000 (10:24 +0000)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Mon, 5 Jan 2015 15:20:24 +0000 (10:20 -0500)
xen/common/domctl.c		patch \| blob \| history
xen/include/xen/iocap.h		patch \| blob \| history