[PATCH for-4.12 0/4] tools: Internal fd access, etc.

[PATCH for-4.12 0/4] tools: Internal fd access, etc.

[Ian Jackson]

I am working on auditing whether deprvileging qemu has actually
worked.  The approach I have chosen is to fish the descriptors out of
qemu (by using debugging facilities), and try to make hypercalls
etc. using them.

To take making a hypercall as an example: this is not easily done
without libxc.  So I need to make libxc make a hypercall with a
different fd - actually, a different open-file.  I do this by using
dup2 to overwrite libxc's fd with the one stolen from qemu.  That
means I need to know libxc's fd number.  Hence the middle two patches
in this series.

Also, I drop some obsolete declarations and improve an error message.

I doubt this is 4.11 material.  qemu depriv is not covered by support
in 4.11 anyway.  In 4.12 I want it to be supported, and, therefore,
tested and audited.  If it becomes fully supported there, it might be
worth backporting some of these patches.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close

[Ian Jackson]

These functions are no longer defined or used anywhere.  The
declarations should have been deleted when the definitions were.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
 tools/libxc/xc_private.h | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tools/libxc/xc_private.h b/tools/libxc/xc_private.h
index 03bc9a7..25bae8a 100644
--- a/tools/libxc/xc_private.h
+++ b/tools/libxc/xc_private.h
@@ -103,9 +103,6 @@ struct xc_interface_core {
     xendevicemodel_handle *dmod;
 };
 
-int osdep_privcmd_open(xc_interface *xch);
-int osdep_privcmd_close(xc_interface *xch);
-
 void *osdep_alloc_hypercall_buffer(xc_interface *xch, int npages);
 void osdep_free_hypercall_buffer(xc_interface *xch, void *ptr, int npages);
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[PATCH 2/4] libxc: Provide access to internal handles

[Ian Jackson]

In order to support auditing of qemu depriv, my audit tool wants to
know the fd of a privcmd handle on which it can easily make
hypercalls.  xencall provides such a handle, but has no cooked
facilities for making hypercalls.  So I open a libxc handle.  That
means I need to get the privcmd fd out of the libxc handle.

ISTM that it is best to do this by providing an interface to get the
underlying library handles for a libxc handle.  This kind of interface
is quite common elsewhere and has not caused problems.

libxc is not a stable API so the downside risk of providing this
access is not significant.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
 tools/libxc/include/xenctrl.h | 10 ++++++++++
 tools/libxc/xc_private.c      |  5 +++++
 2 files changed, 15 insertions(+)

diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index 408fa1c..d7733aa 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -183,6 +183,16 @@ enum xc_open_flags {
  */
 int xc_interface_close(xc_interface *xch);
 
+/**
+ * Return the handles which xch has opened and will use for
+ * hypercalls, foreign memory accesses and device model operations.
+ * These may be used with the corresponding libraries so long as the
+ * xch itself remains open.
+ */
+struct xencall_handle *xc_interface_xcall_handle(xc_interface *xch);
+struct xenforeignmemory_handle *xc_interface_fmem_handle(xc_interface *xch);
+struct xendevicemodel_handle *xc_interface_dmod_handle(xc_interface *xch);
+
 /*
  * HYPERCALL SAFE MEMORY BUFFER
  *
diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
index fcda981..dbe367f 100644
--- a/tools/libxc/xc_private.c
+++ b/tools/libxc/xc_private.c
@@ -104,6 +104,11 @@ int xc_interface_close(xc_interface *xch)
     return rc;
 }
 
+xencall_handle *xc_interface_xcall_handle(xc_interface *xch)
+{
+    return xch->xcall;
+}
+
 static pthread_key_t errbuf_pkey;
 static pthread_once_t errbuf_pkey_once = PTHREAD_ONCE_INIT;
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds

[Ian Jackson]

I want this to support my qemu depriv descriptor audit tool.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
 tools/libs/call/core.c                |  5 +++++
 tools/libs/call/include/xencall.h     |  8 ++++++++
 tools/libs/call/libxencall.map        |  1 +
 tools/libs/gnttab/gntshr_core.c       |  6 ++++++
 tools/libs/gnttab/gnttab_core.c       |  5 +++++
 tools/libs/gnttab/include/xengnttab.h | 17 +++++++++++++++++
 tools/libs/gnttab/libxengnttab.map    |  2 ++
 7 files changed, 44 insertions(+)

diff --git a/tools/libs/call/core.c b/tools/libs/call/core.c
index f3a3400..c155bd4 100644
--- a/tools/libs/call/core.c
+++ b/tools/libs/call/core.c
@@ -81,6 +81,11 @@ int xencall_close(xencall_handle *xcall)
     return rc;
 }
 
+int xencall_fd(xencall_handle *xcall)
+{
+    return xcall->fd;
+}
+
 int xencall0(xencall_handle *xcall, unsigned int op)
 {
     privcmd_hypercall_t call = {
diff --git a/tools/libs/call/include/xencall.h b/tools/libs/call/include/xencall.h
index bafacdd..24bcafb 100644
--- a/tools/libs/call/include/xencall.h
+++ b/tools/libs/call/include/xencall.h
@@ -74,6 +74,14 @@ xencall_handle *xencall_open(struct xentoollog_logger *logger,
 int xencall_close(xencall_handle *xcall);
 
 /*
+ * Return the fd used internally by xencall.  selecting on it is not
+ * useful.  But it could be useful for unusual use cases; perhaps,
+ * passing to other programs, calling ioctls on directly, or maybe
+ * calling fcntl.
+ */
+int xencall_fd(xencall_handle *xcall);
+
+/*
  * Call hypercalls with varying numbers of arguments.
  *
  * On success the return value of the hypercall is the return value of
diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map
index 2f96144..299ca38 100644
--- a/tools/libs/call/libxencall.map
+++ b/tools/libs/call/libxencall.map
@@ -2,6 +2,7 @@ VERS_1.0 {
 	global:
 		xencall_open;
 		xencall_close;
+		xencall_fd;
 
 		xencall0;
 		xencall1;
diff --git a/tools/libs/gnttab/gntshr_core.c b/tools/libs/gnttab/gntshr_core.c
index 7f6bf9d..1117e29 100644
--- a/tools/libs/gnttab/gntshr_core.c
+++ b/tools/libs/gnttab/gntshr_core.c
@@ -64,6 +64,12 @@ int xengntshr_close(xengntshr_handle *xgs)
     free(xgs);
     return rc;
 }
+
+int xengntshr_fd(xengntshr_handle *xgs)
+{
+    return xgs->fd;
+}
+
 void *xengntshr_share_pages(xengntshr_handle *xcg, uint32_t domid,
                             int count, uint32_t *refs, int writable)
 {
diff --git a/tools/libs/gnttab/gnttab_core.c b/tools/libs/gnttab/gnttab_core.c
index 98f1591..bd075f8 100644
--- a/tools/libs/gnttab/gnttab_core.c
+++ b/tools/libs/gnttab/gnttab_core.c
@@ -75,6 +75,11 @@ int xengnttab_close(xengnttab_handle *xgt)
     return rc;
 }
 
+int xengnttab_fd(xengnttab_handle *xgt)
+{
+    return xgt->fd;
+}
+
 int xengnttab_set_max_grants(xengnttab_handle *xgt, uint32_t count)
 {
     return osdep_gnttab_set_max_grants(xgt, count);
diff --git a/tools/libs/gnttab/include/xengnttab.h b/tools/libs/gnttab/include/xengnttab.h
index 35be6c1..91d4cd5 100644
--- a/tools/libs/gnttab/include/xengnttab.h
+++ b/tools/libs/gnttab/include/xengnttab.h
@@ -149,6 +149,15 @@ xengnttab_handle *xengnttab_open(struct xentoollog_logger *logger,
  */
 int xengnttab_close(xengnttab_handle *xgt);
 
+
+/*
+ * Return the fd used internally by xengnttab.  selecting on it is not
+ * useful.  But it could be useful for unusual use cases; perhaps,
+ * passing to other programs, calling ioctls on directly, or maybe
+ * calling fcntl.
+ */
+int xengnttab_fd(xengnttab_handle *xgt);
+
 /**
  * Memory maps a grant reference from one domain to a local address range.
  * Mappings should be unmapped with xengnttab_unmap.  Logs errors.
@@ -334,6 +343,14 @@ xengntshr_handle *xengntshr_open(struct xentoollog_logger *logger,
  */
 int xengntshr_close(xengntshr_handle *xgs);
 
+/*
+ * Return the fd used internally by xengntshr.  selecting on it is not
+ * useful.  But it could be useful for unusual use cases; perhaps,
+ * passing to other programs, calling ioctls on directly, or maybe
+ * calling fcntl.
+ */
+int xengntshr_fd(xengntshr_handle *xgs);
+
 /**
  * Allocates and shares pages with another domain.
  *
diff --git a/tools/libs/gnttab/libxengnttab.map b/tools/libs/gnttab/libxengnttab.map
index f78da22..ce59ec9 100644
--- a/tools/libs/gnttab/libxengnttab.map
+++ b/tools/libs/gnttab/libxengnttab.map
@@ -2,6 +2,7 @@ VERS_1.0 {
 	global:
 		xengnttab_open;
 		xengnttab_close;
+		xengnttab_fd;
 
 		xengnttab_set_max_grants;
 
@@ -14,6 +15,7 @@ VERS_1.0 {
 
 		xengntshr_open;
 		xengntshr_close;
+		xengntshr_fd;
 
 		xengntshr_share_page_notify;
 		xengntshr_share_pages;
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[PATCH 4/4] libxl: Provide better error message when qemu restrict user not found

[Ian Jackson]

Add mention of LIBXL_QEMU_USER_RANGE_BASE, in case that is what the
user was intending.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
 tools/libxl/libxl_dm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 18ada69..7289509 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -1699,8 +1699,9 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
         }
 
         LOGD(ERROR, guest_domid,
-             "Could not find user %s%d or %s, cannot restrict",
-             LIBXL_QEMU_USER_BASE, guest_domid, LIBXL_QEMU_USER_SHARED);
+ "Could not find user %s%d or %s or range base pseudo-user %s, cannot restrict",
+             LIBXL_QEMU_USER_BASE, guest_domid, LIBXL_QEMU_USER_SHARED,
+             LIBXL_QEMU_USER_RANGE_BASE);
         return ERROR_INVAL;
 
 end_search:
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds

[Andrew Cooper]

On 14/05/18 18:08, Ian Jackson wrote:
> diff --git a/tools/libs/call/libxencall.map b/tools/libs/call/libxencall.map
> index 2f96144..299ca38 100644
> --- a/tools/libs/call/libxencall.map
> +++ b/tools/libs/call/libxencall.map
> @@ -2,6 +2,7 @@ VERS_1.0 {
>  	global:
>  		xencall_open;
>  		xencall_close;
> +		xencall_fd;
>  
>  		xencall0;
>  		xencall1;
> diff --git a/tools/libs/gnttab/libxengnttab.map b/tools/libs/gnttab/libxengnttab.map
> index f78da22..ce59ec9 100644
> --- a/tools/libs/gnttab/libxengnttab.map
> +++ b/tools/libs/gnttab/libxengnttab.map
> @@ -2,6 +2,7 @@ VERS_1.0 {
>  	global:
>  		xengnttab_open;
>  		xengnttab_close;
> +		xengnttab_fd;
>  
>  		xengnttab_set_max_grants;
>  
> @@ -14,6 +15,7 @@ VERS_1.0 {
>  
>  		xengntshr_open;
>  		xengntshr_close;
> +		xengntshr_fd;
>  
>  		xengntshr_share_page_notify;
>  		xengntshr_share_pages;

These are ABI breakages.

The only modification you can make to the map files is to define a new
minor SOversion and introduce the new functions there (although we can
accumulate multiple additions to the not-yet-release SOversion in master).

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close

[Wei Liu]

On Mon, May 14, 2018 at 06:08:56PM +0100, Ian Jackson wrote:
> These functions are no longer defined or used anywhere.  The
> declarations should have been deleted when the definitions were.
> 
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 2/4] libxc: Provide access to internal handles

[Wei Liu]

On Mon, May 14, 2018 at 06:08:57PM +0100, Ian Jackson wrote:
> In order to support auditing of qemu depriv, my audit tool wants to
> know the fd of a privcmd handle on which it can easily make
> hypercalls.  xencall provides such a handle, but has no cooked
> facilities for making hypercalls.  So I open a libxc handle.  That
> means I need to get the privcmd fd out of the libxc handle.
> 
> ISTM that it is best to do this by providing an interface to get the
> underlying library handles for a libxc handle.  This kind of interface
> is quite common elsewhere and has not caused problems.
> 
> libxc is not a stable API so the downside risk of providing this
> access is not significant.
> 
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found

[Wei Liu]

On Mon, May 14, 2018 at 06:08:59PM +0100, Ian Jackson wrote:
> Add mention of LIBXL_QEMU_USER_RANGE_BASE, in case that is what the
> user was intending.
> 
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 1/4] libxc: Drop declarations of osdep_privcmd_open and _close

[Roger Pau Monné]

On Mon, May 14, 2018 at 06:08:56PM +0100, Ian Jackson wrote:
> These functions are no longer defined or used anywhere.  The
> declarations should have been deleted when the definitions were.
> 
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 2/4] libxc: Provide access to internal handles

[Roger Pau Monné]

On Mon, May 14, 2018 at 06:08:57PM +0100, Ian Jackson wrote:
> In order to support auditing of qemu depriv, my audit tool wants to
> know the fd of a privcmd handle on which it can easily make
> hypercalls.  xencall provides such a handle, but has no cooked
> facilities for making hypercalls.  So I open a libxc handle.  That
> means I need to get the privcmd fd out of the libxc handle.
> 
> ISTM that it is best to do this by providing an interface to get the
> underlying library handles for a libxc handle.  This kind of interface
> is quite common elsewhere and has not caused problems.
> 
> libxc is not a stable API so the downside risk of providing this
> access is not significant.
> 
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
> ---
>  tools/libxc/include/xenctrl.h | 10 ++++++++++
>  tools/libxc/xc_private.c      |  5 +++++
>  2 files changed, 15 insertions(+)
> 
> diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
> index 408fa1c..d7733aa 100644
> --- a/tools/libxc/include/xenctrl.h
> +++ b/tools/libxc/include/xenctrl.h
> @@ -183,6 +183,16 @@ enum xc_open_flags {
>   */
>  int xc_interface_close(xc_interface *xch);
>  
> +/**
> + * Return the handles which xch has opened and will use for
> + * hypercalls, foreign memory accesses and device model operations.
> + * These may be used with the corresponding libraries so long as the
> + * xch itself remains open.
> + */
> +struct xencall_handle *xc_interface_xcall_handle(xc_interface *xch);
> +struct xenforeignmemory_handle *xc_interface_fmem_handle(xc_interface *xch);
> +struct xendevicemodel_handle *xc_interface_dmod_handle(xc_interface *xch);

You introduce 3 prototypes but there's only one function being defined
below. Is this patch missing some chunks or I'm missing something
myself?

> +xencall_handle *xc_interface_xcall_handle(xc_interface *xch)
> +{
> +    return xch->xcall;
> +}
> +
>  static pthread_key_t errbuf_pkey;
>  static pthread_once_t errbuf_pkey_once = PTHREAD_ONCE_INIT;

Thanks.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 4/4] libxl: Provide better error message when qemu restrict user not found

[Roger Pau Monné]

On Mon, May 14, 2018 at 06:08:59PM +0100, Ian Jackson wrote:
> Add mention of LIBXL_QEMU_USER_RANGE_BASE, in case that is what the
> user was intending.
> 
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds

[Ian Jackson]

Andrew Cooper writes ("Re: [Xen-devel] [PATCH 3/4] tools: xencall, xengnttab, xengntshr: Provide access to internal fds"):
> These are ABI breakages.

Thanks for the review and sorry to miss that.  You are right.

I have another question, RFC: I have a test C program which links
against Xen libraries and does the actual descriptor auditing.
Current WIP version attached to give you an idea.

Should I submit this for inclusion in xen.git#tools/tests/ ?
Or should I put it in osstest and have osstest build it ?

I think the former is probably better because then it can be used more
widely.

This thing is surrounded by two perl scripts, which grobble around in
/proc.  They contain pathname regexps, some of which are
osstest-specific.  They also have to grobble around in xenstore to
find pids and things.  I'm currently unsure as to whether these
scripts should be in xen.git or osstest.  If they go into xen.git then
they will have to take arguments for the osstest-specific
supplementary regexps, or something, which seems awkward.  So I'm
currently thinking I will put them in osstest.

Opinions welcome.

Ian.

/*
  */

#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>

#include <err.h>

#include <xenctrl.h>
#include <xencall.h>
#include <xengnttab.h>
#include <xenevtchn.h>

/*
 * Every class needs setup.  setup is called once per class at program
 * startup.
 *
 * Then it can have
 *     open test getfd close
 * In which case the core code will for every fd
 *     open test getfd dup2 test close
 * And test should call blocked or succeeded and then immediately
 * return, or error out
 *
 * Or it can have
 *     check
 * which should call report, or error out
 *
 * Errors: use trouble for simple syscall errors.  Or use err or errx
 * and maybe print fd_desc and test_which, according to the comments
 * in struct classinfo.
 */

static xentoollog_logger *logger;

static int object_fd;
static const char *classname;
static const char *fd_desc;
static const char *test_which;

static const char *test_wh_unrest = "test (unrestricted)";
static const char *test_wh_rest   = "test (restricted)";


static void trouble(const char *what) __attribute__((noreturn));
static void trouble(const char *what) {
    fprintf(stderr,
	    "trouble: %s %s %d (%s) %s: %s\n",
	    classname, test_which, object_fd, fd_desc, what, strerror(errno));
    exit(-1);
}

static void report(const char *pass_or_fail, const char *what,
		   const char *notes) {
    printf("%s %s %d %s (%s) %s\n",
	   classname, pass_or_fail,
	   object_fd, what, notes, fd_desc);
    if (ferror(stdout) || fflush(stdout)) err(16,"stdout");
}

static void succeeded(const char *what) {
    if (test_which == test_wh_unrest) {
	/* ok */
	test_which = 0;
    } else if (test_which == test_wh_rest) {
	report("fail",what,"unexpectedly succeeded");
	test_which = 0;
    } else {
	abort();
    }
}

static void blocked(const char *what) {
    if (test_which == test_wh_rest) {
	/* yay */
	report("pass", what,"blocked");
	test_which = 0;
    } else if (test_which == test_wh_unrest) {
	err(4,"test blocked on unrestricted fd: %s {%s}",what,test_which);
    } else {
	abort();
    }
}

/* privcmd */

static xc_interface *xch;
static void setup_privcmd(void) { }
static void open_privcmd(void) {
    xch = xc_interface_open(logger,0,0);
    if (!xch) trouble("xc_interface_open");
}
static void test_privcmd(void) {
    int r = xc_get_online_cpus(xch);
    if (r>0)
	succeeded("xc_get_online_cpus");
    else if (r==0)
	errx(-1,"xc_get_online_cpus{%s, %s}=0", test_which, fd_desc);
    else if (errno==EPERM)
	blocked("xc_get_online_cpus");
    else
	trouble("xc_get_online_cpus");
}
static int getfd_privcmd(void) {
    return xencall_fd(xc_interface_xcall_handle(xch));
}
static void close_privcmd(void) {
    xc_interface_close(xch);
}

/* gntdev */

static xengntshr_handle *xgs;
static uint32_t gntshr_gref;
static xengnttab_handle *xgt;
static void setup_gntdev(void) {
    void *r;
    xgs = xengntshr_open(logger,0);
    if (!xgs) trouble("xengntshr_open");
    r = xengntshr_share_pages(xgs, 0, 1, &gntshr_gref, 1);
    if (!r || r==(void*)-1) trouble("xengntshr_share_pages");
    memset(r, 0x55, XC_PAGE_SIZE);
}
static void open_gntdev(void) {
    xgt = xengnttab_open(logger,0);
    if (!xgt) trouble("xengnttab_open");
}
static void test_gntdev(void) {
    char mybuf[XC_PAGE_SIZE];
    memset(mybuf, 0xaa, XC_PAGE_SIZE);
    xengnttab_grant_copy_segment_t seg;
    seg.source.foreign.ref = gntshr_gref;
    seg.source.foreign.offset = 0;
    seg.source.foreign.domid = 0;
    seg.dest.virt = mybuf;
    seg.len = 1;
    seg.flags = GNTCOPY_source_gref;
    for (;;) {
	seg.status = 0;
	int r = xengnttab_grant_copy(xgt,1,&seg);
	if (r<0) {
	    if (errno==EPERM || errno==ENOTTY)
		blocked("xengnttab_grant_copy");
	    else
		trouble("xengnttab_grant_copy");
	} else if (r==0) {
	    if (seg.status==GNTST_okay)
		succeeded("xengnttab_grant_copy okay");
	    else if (seg.status==GNTST_eagain)
		continue;
	    else errx(-1,"xengnttab_grant_copy=%d {%s, %s} but .status=%d",
		      r, test_which, fd_desc,(int)seg.status);
	} else {
	    errx(-1,"xengnttab_grant_copy=%d {%s, %s}",
		 r, test_which, fd_desc);
	}
	break;
    }
}
static int getfd_gntdev(void) {
    return xengnttab_fd(xgt);
}
static void close_gntdev(void) {
    xengnttab_close(xgt);
}

/* evtchn */

static xenevtchn_handle *xce_recip, *xce;
static xenevtchn_port_or_error_t evtchn_port;
static void setup_evtchn(void) {
    xce_recip = xenevtchn_open(logger, 0);
    if (!xce_recip) err(-1,"xenevtchn_open (donor)");

    evtchn_port = xenevtchn_bind_unbound_port(xce_recip, 0);
    if (evtchn_port < 0) trouble("xenevtchn_bind_unbound_port");
}
static void open_evtchn(void) {
    xce = xenevtchn_open(logger, 0);
    if (!xce) err(-1,"xenevtchn_open");
}
static void test_evtchn(void) {
    /* Ideally xce_recip would be allocated in setup, but the docs are
     * not clear as to how to free a port obtained from
     * xenevtchn_bind_unbound_port.  Closing the fd must suffice. */
    xenevtchn_port_or_error_t r = xenevtchn_notify(xce, evtchn_port);
    if (r>=0)
	succeeded("xenevtchn_notify");
    else if ((errno==EPERM || errno==ENOTTY))
	blocked("xenevtchn_notify");
    else
	trouble("xenevtchn_notify");
}
static int getfd_evtchn(void) {
    return xenevtchn_fd(xce);
}
static void close_evtchn(void) {
    xenevtchn_close(xce);
}

#define CHECK_FCNTL(openmode)				\
    int r = fcntl(object_fd, F_GETFL);			\
    if (r < 0) trouble("fcntl F_GETFL");		\
    int m = r & (O_RDONLY | O_WRONLY | O_RDWR);		\
							\
    char mbuf[100 + 30*3];				\
    snprintf(mbuf,sizeof(mbuf),				\
	     "F_GETFL=%#o m=%#o " #openmode "=%#o",	\
	     r,m,(int)openmode);			\
							\
    if (m != openmode) {				\
	report("fail", #openmode, mbuf);		\
	return;						\
    }

static void setup_readonly(void) { }
static void check_readonly(void) {
    CHECK_FCNTL(O_RDONLY);
    report("pass", "fcntl", mbuf);
}

static void setup_appendonly(void) { }
static void check_appendonly(void) {
    CHECK_FCNTL(O_WRONLY);
    if (!(r & O_APPEND)) {
	report("fail", "O_APPEND", mbuf);
	return;
    }
    report("pass", "fcntl", mbuf);
}

#define DEFCLASS(cl) \
    { #cl, setup_##cl, 0, open_##cl, test_##cl, getfd_##cl, close_##cl }
#define DEFCHECK(meth) \
    { #meth, setup_##meth, check_##meth }

static const struct classinfo {
    const char *name;     /* errors: print fd_desc   test_which */
    void (*setup)(void);  /*               best not   best not  */
    void (*check)(void);  /*               must       may       */
    void (*open)(void);   /*               must       may       */
    void (*test)(void);   /*               must       must      */
    int (*getfd)(void);   /*               must       may       */
    void (*close)(void);  /*               must       may       */
} classinfos[] = {
    DEFCLASS(privcmd),
    DEFCLASS(gntdev),
//  DEFCLASS(evtchn),   has side effects when it fails!
    DEFCHECK(readonly),
    DEFCHECK(appendonly),
    { 0 }
};

int main(int argc, char **argv) {
    const struct classinfo *cli;
    int r;

    argv++;

    logger = (xentoollog_logger*)xtl_createlogger_stdiostream
	(stderr, XTL_NOTICE, XTL_STDIOSTREAM_HIDE_PROGRESS);

    fd_desc = "setup";
    test_which = "setup";
    for (cli = classinfos; cli->name; cli++)
	cli->setup();

    while ((classname = *argv++)) {
	if (!*argv) errx(8,"need fd after class");
	object_fd = atoi(*argv++);

	fd_desc = *argv++;
	if (!fd_desc) errx(8,"need info after fd");

	for (cli = classinfos; cli->name; cli++)
	    if (!strcmp(cli->name, classname))
		goto found;
	report("fail","unknown class","");
	continue;

    found:
	if (cli->check) {
	    report("checking","check","in progress");
	    test_which = "check";
	    cli->check();
	} else {
	    test_which = "open";
	    report("checking","dup-hack","in progress");
                                                  cli->open();

	    test_which = test_wh_unrest;          cli->test();
	    assert(!test_which);

	    test_which = "getfd"; int intern_fd = cli->getfd();
	    r = dup2(object_fd, intern_fd);
	    if (r != intern_fd) err(-1, "dup2");

	    test_which = test_wh_rest;             cli->test();
	    assert(!test_which);

	    test_which = "close";                  cli->close();
	}
    }

    return 0;
}

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 2/4] libxc: Provide access to internal handles

[Ian Jackson]

Roger Pau Monné writes ("Re: [PATCH 2/4] libxc: Provide access to internal handles"):
> On Mon, May 14, 2018 at 06:08:57PM +0100, Ian Jackson wrote:
> > +struct xencall_handle *xc_interface_xcall_handle(xc_interface *xch);
> > +struct xenforeignmemory_handle *xc_interface_fmem_handle(xc_interface *xch);
> > +struct xendevicemodel_handle *xc_interface_dmod_handle(xc_interface *xch);
> 
> You introduce 3 prototypes but there's only one function being defined
> below. Is this patch missing some chunks or I'm missing something
> myself?

No.  It's just that I only needed one of these functions so I didn't
notice that I'd only defined that one...

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel