[PATCH v2 2/2] xentoolcore_restrict_all: Implement for libxenevtchn

From: Ross Lagerwall <ross.lagerwall@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Wei Liu <wei.liu2@citrix.com>
Subject: [PATCH v2 2/2] xentoolcore_restrict_all: Implement for libxenevtchn
Date: Fri, 13 Oct 2017 12:04:50 +0100	[thread overview]
Message-ID: <20171013110450.19176-2-ross.lagerwall@citrix.com> (raw)
In-Reply-To: <20171013110450.19176-1-ross.lagerwall@citrix.com>

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 tools/Rules.mk                            |  2 +-
 tools/libs/evtchn/Makefile                |  4 ++--
 tools/libs/evtchn/core.c                  | 13 +++++++++++++
 tools/libs/evtchn/private.h               |  3 +++
 tools/libs/toolcore/include/xentoolcore.h |  5 -----
 5 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/tools/Rules.mk b/tools/Rules.mk
index be92f0a..61515d3 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -109,7 +109,7 @@ LDLIBS_libxentoolcore = $(SHDEPS_libxentoolcore) $(XEN_LIBXENTOOLCORE)/libxentoo
 SHLIB_libxentoolcore  = $(SHDEPS_libxentoolcore) -Wl,-rpath-link=$(XEN_LIBXENTOOLCORE)
 
 CFLAGS_libxenevtchn = -I$(XEN_LIBXENEVTCHN)/include $(CFLAGS_xeninclude)
-SHDEPS_libxenevtchn =
+SHDEPS_libxenevtchn = $(SHLIB_libxentoolcore)
 LDLIBS_libxenevtchn = $(SHDEPS_libxenevtchn) $(XEN_LIBXENEVTCHN)/libxenevtchn$(libextension)
 SHLIB_libxenevtchn  = $(SHDEPS_libxenevtchn) -Wl,-rpath-link=$(XEN_LIBXENEVTCHN)
 
diff --git a/tools/libs/evtchn/Makefile b/tools/libs/evtchn/Makefile
index bc98aed..9952b30 100644
--- a/tools/libs/evtchn/Makefile
+++ b/tools/libs/evtchn/Makefile
@@ -7,7 +7,7 @@ SHLIB_LDFLAGS += -Wl,--version-script=libxenevtchn.map
 
 CFLAGS   += -Werror -Wmissing-prototypes
 CFLAGS   += -I./include $(CFLAGS_xeninclude)
-CFLAGS   += $(CFLAGS_libxentoollog)
+CFLAGS   += $(CFLAGS_libxentoollog) $(CFLAGS_libxentoolcore)
 
 SRCS-y                 += core.c
 SRCS-$(CONFIG_Linux)   += linux.c
@@ -61,7 +61,7 @@ libxenevtchn.so.$(MAJOR): libxenevtchn.so.$(MAJOR).$(MINOR)
 	$(SYMLINK_SHLIB) $< $@
 
 libxenevtchn.so.$(MAJOR).$(MINOR): $(PIC_OBJS) libxenevtchn.map
-	$(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenevtchn.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(APPEND_LDFLAGS)
+	$(CC) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenevtchn.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $(PIC_OBJS) $(LDLIBS_libxentoollog) $(LDLIBS_libxentoolcore) $(APPEND_LDFLAGS)
 
 .PHONY: install
 install: build
diff --git a/tools/libs/evtchn/core.c b/tools/libs/evtchn/core.c
index 41621ff..14b7549 100644
--- a/tools/libs/evtchn/core.c
+++ b/tools/libs/evtchn/core.c
@@ -18,6 +18,16 @@
 
 #include "private.h"
 
+static int all_restrict_cb(Xentoolcore__Active_Handle *ah, domid_t domid) {
+    xenevtchn_handle *xce = CONTAINER_OF(ah, *xce, tc_ah);
+
+    if (xce->fd < 0)
+        /* just in case */
+        return 0;
+
+    return xenevtchn_restrict(xce, domid);
+}
+
 xenevtchn_handle *xenevtchn_open(xentoollog_logger *logger, unsigned open_flags)
 {
     xenevtchn_handle *xce = malloc(sizeof(*xce));
@@ -29,6 +39,9 @@ xenevtchn_handle *xenevtchn_open(xentoollog_logger *logger, unsigned open_flags)
     xce->logger = logger;
     xce->logger_tofree  = NULL;
 
+    xce->tc_ah.restrict_callback = all_restrict_cb;
+    xentoolcore__register_active_handle(&xce->tc_ah);
+
     if (!xce->logger) {
         xce->logger = xce->logger_tofree =
             (xentoollog_logger*)
diff --git a/tools/libs/evtchn/private.h b/tools/libs/evtchn/private.h
index 3d34862..31e595b 100644
--- a/tools/libs/evtchn/private.h
+++ b/tools/libs/evtchn/private.h
@@ -4,11 +4,14 @@
 #include <xentoollog.h>
 #include <xenevtchn.h>
 
+#include <xentoolcore_internal.h>
+
 #include <xen/xen.h>
 
 struct xenevtchn_handle {
     xentoollog_logger *logger, *logger_tofree;
     int fd;
+    Xentoolcore__Active_Handle tc_ah;
 };
 
 int osdep_evtchn_open(xenevtchn_handle *xce);
diff --git a/tools/libs/toolcore/include/xentoolcore.h b/tools/libs/toolcore/include/xentoolcore.h
index be6c570..ef9c670 100644
--- a/tools/libs/toolcore/include/xentoolcore.h
+++ b/tools/libs/toolcore/include/xentoolcore.h
@@ -31,11 +31,6 @@
  * Arranges that Xen library handles (fds etc.) which are currently held
  * by Xen libraries, can no longer be used other than to affect domid.
  *
- * Does not prevent effects that amount only to
- *   - denial of service, possibly host-wide, by resource exhaustion etc.
- *   - leak of not-very-interesting metainformation about other domains
- *     eg, specifically, event channel signals relating to other domains
- *
  * If this cannot be achieved, returns -1 and sets errno.
  * If called again with the same domid, it may succeed, or it may
  * fail (even though such a call is potentially meaningful).
-- 
2.9.5


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
