diff mbox

[v2,for-4.10,1/2] tools/libs/evtchn: Add support for restricting a handle

Message ID 20171018134233.11973-1-ross.lagerwall@citrix.com (mailing list archive)
State New, archived
Headers show

Commit Message

Ross Lagerwall Oct. 18, 2017, 1:42 p.m. UTC 
Implement support for restricting evtchn handles to a particular domain
on Linux by calling the IOCTL_EVTCHN_RESTRICT_DOMID ioctl (support added
in Linux v4.8).

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Release-acked-by: Julien Grall <julien.grall@linaro.org>
---
No change since v1.

 tools/include/xen-sys/Linux/evtchn.h  | 15 +++++++++++++++
 tools/libs/evtchn/Makefile            |  2 +-
 tools/libs/evtchn/core.c              |  5 +++++
 tools/libs/evtchn/freebsd.c           |  6 ++++++
 tools/libs/evtchn/include/xenevtchn.h | 10 ++++++++++
 tools/libs/evtchn/libxenevtchn.map    |  4 ++++
 tools/libs/evtchn/linux.c             |  9 +++++++++
 tools/libs/evtchn/minios.c            |  6 ++++++
 tools/libs/evtchn/netbsd.c            |  6 ++++++
 tools/libs/evtchn/private.h           |  3 +++
 tools/libs/evtchn/solaris.c           |  6 ++++++
 tools/libvchan/init.c                 |  1 +
 tools/libvchan/libxenvchan.h          |  1 +
 13 files changed, 73 insertions(+), 1 deletion(-)
diff mbox

Patch

diff --git a/tools/include/xen-sys/Linux/evtchn.h b/tools/include/xen-sys/Linux/evtchn.h
index 938d4da..08ee0b7 100644
--- a/tools/include/xen-sys/Linux/evtchn.h
+++ b/tools/include/xen-sys/Linux/evtchn.h
@@ -85,4 +85,19 @@  struct ioctl_evtchn_notify {
 #define IOCTL_EVTCHN_RESET				\
 	_IOC(_IOC_NONE, 'E', 5, 0)
 
+/*
+ * Restrict this file descriptor so that it can only be used to bind
+ * new interdomain events from one domain.
+ *
+ * Once a file descriptor has been restricted it cannot be
+ * de-restricted, and must be closed and re-opened.  Event channels
+ * which were bound before restricting remain bound afterwards, and
+ * can be notified as usual.
+ */
+#define IOCTL_EVTCHN_RESTRICT_DOMID			\
+	_IOC(_IOC_NONE, 'E', 6, sizeof(struct ioctl_evtchn_restrict_domid))
+struct ioctl_evtchn_restrict_domid {
+	domid_t domid;
+};
+
 #endif /* __LINUX_PUBLIC_EVTCHN_H__ */
diff --git a/tools/libs/evtchn/Makefile b/tools/libs/evtchn/Makefile
index 5444ec7..bc98aed 100644
--- a/tools/libs/evtchn/Makefile
+++ b/tools/libs/evtchn/Makefile
@@ -2,7 +2,7 @@  XEN_ROOT = $(CURDIR)/../../..
 include $(XEN_ROOT)/tools/Rules.mk
 
 MAJOR    = 1
-MINOR    = 0
+MINOR    = 1
 SHLIB_LDFLAGS += -Wl,--version-script=libxenevtchn.map
 
 CFLAGS   += -Werror -Wmissing-prototypes
diff --git a/tools/libs/evtchn/core.c b/tools/libs/evtchn/core.c
index c31e08c..41621ff 100644
--- a/tools/libs/evtchn/core.c
+++ b/tools/libs/evtchn/core.c
@@ -61,6 +61,11 @@  int xenevtchn_close(xenevtchn_handle *xce)
     return rc;
 }
 
+int xenevtchn_restrict(xenevtchn_handle *xce, domid_t domid)
+{
+    return osdep_evtchn_restrict(xce, domid);
+}
+
 /*
  * Local variables:
  * mode: C
diff --git a/tools/libs/evtchn/freebsd.c b/tools/libs/evtchn/freebsd.c
index 30eaa70..ba82f06 100644
--- a/tools/libs/evtchn/freebsd.c
+++ b/tools/libs/evtchn/freebsd.c
@@ -47,6 +47,12 @@  int osdep_evtchn_close(xenevtchn_handle *xce)
     return close(xce->fd);
 }
 
+int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 int xenevtchn_fd(xenevtchn_handle *xce)
 {
     return xce->fd;
diff --git a/tools/libs/evtchn/include/xenevtchn.h b/tools/libs/evtchn/include/xenevtchn.h
index 93b80cb..91821ee 100644
--- a/tools/libs/evtchn/include/xenevtchn.h
+++ b/tools/libs/evtchn/include/xenevtchn.h
@@ -151,6 +151,16 @@  xenevtchn_pending(xenevtchn_handle *xce);
  */
 int xenevtchn_unmask(xenevtchn_handle *xce, evtchn_port_t port);
 
+/**
+ * This function restricts the use of this handle to the specified
+ * domain.
+ *
+ * @parm xce handle to the open evtchn interface
+ * @parm domid the domain id
+ * @return 0 on success, -1 on failure with errno set appropriately.
+ */
+int xenevtchn_restrict(xenevtchn_handle *xce, domid_t domid);
+
 #endif
 
 /*
diff --git a/tools/libs/evtchn/libxenevtchn.map b/tools/libs/evtchn/libxenevtchn.map
index 625a1e2..33a38f9 100644
--- a/tools/libs/evtchn/libxenevtchn.map
+++ b/tools/libs/evtchn/libxenevtchn.map
@@ -17,3 +17,7 @@  VERS_1.0 {
 		xenevtchn_pending;
 	local: *; /* Do not expose anything by default */
 };
+VERS_1.1 {
+	global:
+		xenevtchn_restrict;
+} VERS_1.0;
diff --git a/tools/libs/evtchn/linux.c b/tools/libs/evtchn/linux.c
index a581c5d..17e64ae 100644
--- a/tools/libs/evtchn/linux.c
+++ b/tools/libs/evtchn/linux.c
@@ -21,9 +21,11 @@ 
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <stdint.h>
 
 #include <sys/ioctl.h>
 
+#include <xen/xen.h>
 #include <xen/sys/evtchn.h>
 
 #include "private.h"
@@ -49,6 +51,13 @@  int osdep_evtchn_close(xenevtchn_handle *xce)
     return close(xce->fd);
 }
 
+int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid)
+{
+    struct ioctl_evtchn_restrict_domid restrict_domid = { domid };
+
+    return ioctl(xce->fd, IOCTL_EVTCHN_RESTRICT_DOMID, &restrict_domid);
+}
+
 int xenevtchn_fd(xenevtchn_handle *xce)
 {
     return xce->fd;
diff --git a/tools/libs/evtchn/minios.c b/tools/libs/evtchn/minios.c
index ccf37f0..414c21b 100644
--- a/tools/libs/evtchn/minios.c
+++ b/tools/libs/evtchn/minios.c
@@ -82,6 +82,12 @@  int osdep_evtchn_close(xenevtchn_handle *xce)
     return close(xce->fd);
 }
 
+int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 void minios_evtchn_close_fd(int fd)
 {
     struct evtchn_port_info *port_info, *tmp;
diff --git a/tools/libs/evtchn/netbsd.c b/tools/libs/evtchn/netbsd.c
index 114c6e6..5ce3a35 100644
--- a/tools/libs/evtchn/netbsd.c
+++ b/tools/libs/evtchn/netbsd.c
@@ -47,6 +47,12 @@  int osdep_evtchn_close(xenevtchn_handle *xce)
     return close(xce->fd);
 }
 
+int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 int xenevtchn_fd(xenevtchn_handle *xce)
 {
     return xce->fd;
diff --git a/tools/libs/evtchn/private.h b/tools/libs/evtchn/private.h
index fcd0e96..3d34862 100644
--- a/tools/libs/evtchn/private.h
+++ b/tools/libs/evtchn/private.h
@@ -4,6 +4,8 @@ 
 #include <xentoollog.h>
 #include <xenevtchn.h>
 
+#include <xen/xen.h>
+
 struct xenevtchn_handle {
     xentoollog_logger *logger, *logger_tofree;
     int fd;
@@ -11,6 +13,7 @@  struct xenevtchn_handle {
 
 int osdep_evtchn_open(xenevtchn_handle *xce);
 int osdep_evtchn_close(xenevtchn_handle *xce);
+int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid);
 
 #endif
 
diff --git a/tools/libs/evtchn/solaris.c b/tools/libs/evtchn/solaris.c
index dc249aa..f718989 100644
--- a/tools/libs/evtchn/solaris.c
+++ b/tools/libs/evtchn/solaris.c
@@ -50,6 +50,12 @@  int osdep_evtchn_close(xenevtchn_handle *xce)
     return close(xce->fd);
 }
 
+int osdep_evtchn_restrict(xenevtchn_handle *xce, domid_t domid)
+{
+    errno = -EOPNOTSUPP;
+    return -1;
+}
+
 int xenevtchn_fd(xenevtchn_handle *xce)
 {
     return xce->fd;
diff --git a/tools/libvchan/init.c b/tools/libvchan/init.c
index e53f3a7..0b3759a 100644
--- a/tools/libvchan/init.c
+++ b/tools/libvchan/init.c
@@ -40,6 +40,7 @@ 
 #include <fcntl.h>
 
 #include <xenstore.h>
+#include <xen/xen.h>
 #include <xen/sys/evtchn.h>
 #include <xen/sys/gntalloc.h>
 #include <xen/sys/gntdev.h>
diff --git a/tools/libvchan/libxenvchan.h b/tools/libvchan/libxenvchan.h
index 2adbdfe..d6010b1 100644
--- a/tools/libvchan/libxenvchan.h
+++ b/tools/libvchan/libxenvchan.h
@@ -43,6 +43,7 @@ 
  */
 
 #include <xen/io/libxenvchan.h>
+#include <xen/xen.h>
 #include <xen/sys/evtchn.h>
 #include <xenevtchn.h>
 #include <xengnttab.h>