From: Paul Durrant <paul.durrant@citrix.com>
Date: Fri, 10 Feb 2017 14:34:15 +0000 (+0000)
Subject: tools/libxendevicemodel: add a call to restrict the handle
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2710
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8ef5f344d061d408f10211c08f09e7d39293fe7d;p=xen.git

tools/libxendevicemodel: add a call to restrict the handle

My recent patch [1] to the Linux privcmd module introduced a mechanism
to restrict an open file handle to subsequently only accept operations for
a specified domain.

This patch extends the libxendevicemodel API and make use of the
mechanism in the Linux-specific code to restrict operations on the
interface handle.

[1] https://git.kernel.org/cgit/linux/kernel/git/ostr/linux.git/commit/?id=4610d240

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---

diff --git a/tools/include/xen-sys/Linux/privcmd.h b/tools/include/xen-sys/Linux/privcmd.h
index c80eb5e2ad..732ff7c15a 100644
--- a/tools/include/xen-sys/Linux/privcmd.h
+++ b/tools/include/xen-sys/Linux/privcmd.h
@@ -101,5 +101,7 @@ typedef struct privcmd_dm_op {
 	_IOC(_IOC_NONE, 'P', 4, sizeof(privcmd_mmapbatch_v2_t))
 #define IOCTL_PRIVCMD_DM_OP					\
 	_IOC(_IOC_NONE, 'P', 5, sizeof(privcmd_dm_op_t))
+#define IOCTL_PRIVCMD_RESTRICT					\
+	_IOC(_IOC_NONE, 'P', 6, sizeof(domid_t))
 
 #endif /* __LINUX_PUBLIC_PRIVCMD_H__ */
diff --git a/tools/libs/devicemodel/compat.c b/tools/libs/devicemodel/compat.c
index 245e907f13..5b4fdae298 100644
--- a/tools/libs/devicemodel/compat.c
+++ b/tools/libs/devicemodel/compat.c
@@ -15,6 +15,8 @@
  * License along with this library; If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <errno.h>
+
 #include "private.h"
 
 int osdep_xendevicemodel_open(xendevicemodel_handle *dmod)
@@ -34,6 +36,13 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
     return xendevicemodel_xcall(dmod, domid, nr_bufs, bufs);
 }
 
+int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod,
+                                  domid_t domid)
+{
+    errno = EOPNOTSUPP;
+    return -1;
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/devicemodel/core.c b/tools/libs/devicemodel/core.c
index 33ee157eb7..504543c1c5 100644
--- a/tools/libs/devicemodel/core.c
+++ b/tools/libs/devicemodel/core.c
@@ -492,6 +492,11 @@ int xendevicemodel_inject_event(
     return xendevicemodel_op(dmod, domid, 1, &op, sizeof(op));
 }
 
+int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid)
+{
+    return osdep_xendevicemodel_restrict(dmod, domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/devicemodel/include/xendevicemodel.h b/tools/libs/devicemodel/include/xendevicemodel.h
index e00f8da162..b3f600ef8c 100644
--- a/tools/libs/devicemodel/include/xendevicemodel.h
+++ b/tools/libs/devicemodel/include/xendevicemodel.h
@@ -283,6 +283,16 @@ int xendevicemodel_inject_event(
     xendevicemodel_handle *dmod, domid_t domid, int vcpu, uint8_t vector,
     uint8_t type, uint32_t error_code, uint8_t insn_len, uint64_t cr2);
 
+/**
+ * This function restricts the use of this handle to the specified
+ * domain.
+ *
+ * @parm dmod handle to the open devicemodel interface
+ * @parm domid the domain id
+ * @return 0 on success, -1 on failure.
+ */
+int xendevicemodel_restrict(xendevicemodel_handle *dmod, domid_t domid);
+
 #endif /* __XEN_TOOLS__ */
 
 #endif /* XENDEVICEMODEL_H */
diff --git a/tools/libs/devicemodel/libxendevicemodel.map b/tools/libs/devicemodel/libxendevicemodel.map
index abc6d0640a..45c773e30a 100644
--- a/tools/libs/devicemodel/libxendevicemodel.map
+++ b/tools/libs/devicemodel/libxendevicemodel.map
@@ -17,6 +17,7 @@ VERS_1.0 {
 		xendevicemodel_modified_memory;
 		xendevicemodel_set_mem_type;
 		xendevicemodel_inject_event;
+		xendevicemodel_restrict;
 		xendevicemodel_close;
 	local: *; /* Do not expose anything by default */
 };
diff --git a/tools/libs/devicemodel/linux.c b/tools/libs/devicemodel/linux.c
index 7511ee7f27..438c55bf2c 100644
--- a/tools/libs/devicemodel/linux.c
+++ b/tools/libs/devicemodel/linux.c
@@ -112,6 +112,17 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
     return 0;
 }
 
+int osdep_xendevicemodel_restrict(xendevicemodel_handle *dmod,
+                                  domid_t domid)
+{
+    if (dmod->fd < 0) {
+        errno = EOPNOTSUPP;
+        return -1;
+    }
+
+    return ioctl(dmod->fd, IOCTL_PRIVCMD_RESTRICT, &domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/devicemodel/private.h b/tools/libs/devicemodel/private.h
index 5ce3b45569..4ce5aac20e 100644
--- a/tools/libs/devicemodel/private.h
+++ b/tools/libs/devicemodel/private.h
@@ -29,6 +29,9 @@ int osdep_xendevicemodel_op(xendevicemodel_handle *dmod,
                             domid_t domid, unsigned int nr_bufs,
                             struct xendevicemodel_buf bufs[]);
 
+int osdep_xendevicemodel_restrict(
+    xendevicemodel_handle *dmod, domid_t domid);
+
 #define PERROR(_f...) \
     xtl_log(dmod->logger, XTL_ERROR, errno, "xendevicemodel", _f)