- Added xmlopt to the Jailhouse driver - Added ACL check in ConnectOpen --- src/jailhouse/jailhouse_api.c | 48 +++++++++++++------------- src/jailhouse/jailhouse_driver.c | 58 ++++++++++++++++++++------------ 2 files changed, 61 insertions(+), 45 deletions(-) diff --git a/src/jailhouse/jailhouse_api.c b/src/jailhouse/jailhouse_api.c index 510e2f5f66..bb82b5a31e 100644 --- a/src/jailhouse/jailhouse_api.c +++ b/src/jailhouse/jailhouse_api.c @@ -69,15 +69,9 @@ char *readSysfsCellString(const unsigned int id, const char *entry); int cell_match(const struct dirent *dirent); -int createCell(const char *conf_file); - -int loadImagesInCell(virJailhouseCellId cell_id, char *images, int num_images); - -int shutdownCell(virJailhouseCellId cell_id); +int cell_match_info(const struct dirent *dirent); -int startCell(virJailhouseCellId cell_id); - -int destroyCell(virJailhouseCellId cell_id); +int createCell(const char *conf_file); int getCellInfo(const unsigned int id, virJailhouseCellInfoPtr * cell_info); @@ -121,25 +115,31 @@ jailhouseDisable(void) fd = openDev(); err = ioctl(fd, JAILHOUSE_DISABLE); - if (err) + if (err) { virReportSystemError(errno, "%s", _("Failed to disable jailhouse: %s")); + return -1; + } VIR_DEBUG("Jailhouse hypervisor is disabled"); - return err; + return 0; } int cell_match(const struct dirent *dirent) { char *ext = strrchr(dirent->d_name, '.'); - return dirent->d_name[0] != '.' - && (STREQ(ext, JAILHOUSE_CELL_FILE_EXTENSION) == 0); + && STREQ(ext, JAILHOUSE_CELL_FILE_EXTENSION); } +int +cell_match_info(const struct dirent *dirent) +{ + return dirent->d_name[0] != '.'; +} int createJailhouseCells(const char *dir_path) { @@ -150,7 +150,6 @@ createJailhouseCells(const char *dir_path) if (strlen(dir_path) == 0) return ret; - num_entries = scandir(dir_path, &namelist, cell_match, alphasort); if (num_entries == -1) { if (errno == ENOENT) { @@ -170,7 +169,8 @@ createJailhouseCells(const char *dir_path) for (i = 0; i < num_entries; i++) { g_autofree char *file_path = g_strdup_printf("%s/%s", dir_path, namelist[i]->d_name); - if (createCell(file_path) != 0) { + + if (createCell(file_path) < 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Cell creation failed with conf found in %s."), namelist[i]->d_name); @@ -208,13 +208,13 @@ createCell(const char *conf_file) VIR_AUTOCLOSE fd = -1; if (strlen(conf_file) == 0) - return err; + return -1; len = virFileReadAll(conf_file, MAX_JAILHOUSE_CELL_CONFIG_FILE_SIZE, &buffer); if (len < 0 || !buffer) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Failed to read the system configuration file")); - return err; + return -1; } cell_create.config_address = (unsigned long) buffer; @@ -223,12 +223,14 @@ createCell(const char *conf_file) fd = openDev(); err = ioctl(fd, JAILHOUSE_CELL_CREATE, &cell_create); - if (err) + if (err) { virReportSystemError(errno, "%s", _("Cell creation failed: %s")); + return -1; + } - return err; + return 0; } void @@ -243,11 +245,11 @@ cellInfoFree(virJailhouseCellInfoPtr cell_info) char * readSysfsCellString(const unsigned int id, const char *entry) { - g_autofree char *buffer = NULL; + char *buffer = NULL; g_autofree char *file_path = NULL; int len = -1; - file_path = g_strdup_printf(JAILHOUSE_CELLS "%u/%s", id, entry); + file_path = g_strdup_printf(JAILHOUSE_CELLS "/%u/%s", id, entry); len = virFileReadAll(file_path, 1024, &buffer); if (len < 0 || !buffer) { @@ -277,13 +279,12 @@ getCellInfo(const unsigned int id, virJailhouseCellInfoPtr *cell_info_ptr) /* get cell name */ tmp = readSysfsCellString(id, "name"); - if (virStrncpy(cell_info->id.name, tmp, JAILHOUSE_CELL_ID_NAMELEN, JAILHOUSE_CELL_ID_NAMELEN) < 0) { + if (virStrcpy(cell_info->id.name, tmp, JAILHOUSE_CELL_ID_NAMELEN) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Cell ID %s too long to be copied to the cell info"), tmp); return -1; } - cell_info->id.name[JAILHOUSE_CELL_ID_NAMELEN] = 0; VIR_FREE(tmp); @@ -310,8 +311,7 @@ getJailhouseCellsInfo(void) int num_entries; size_t i; - num_entries = - scandir(JAILHOUSE_CELLS, &namelist, cell_match, alphasort); + num_entries = scandir(JAILHOUSE_CELLS, &namelist, cell_match_info, alphasort); if (num_entries == -1) { if (errno == ENOENT) { virReportError(VIR_ERR_INTERNAL_ERROR, diff --git a/src/jailhouse/jailhouse_driver.c b/src/jailhouse/jailhouse_driver.c index 46c7759cb8..45b1f35896 100644 --- a/src/jailhouse/jailhouse_driver.c +++ b/src/jailhouse/jailhouse_driver.c @@ -122,7 +122,6 @@ jailhouseCreateAndLoadCells(virJailhouseDriverPtr driver) // Create all cells in the hypervisor. if (createJailhouseCells(driver->config->cell_config_dir) < 0) return -1; - // Get all cells created above. driver->cell_info_list = getJailhouseCellsInfo(); @@ -136,6 +135,7 @@ jailhouseFreeDriver(virJailhouseDriverPtr driver) return; virMutexDestroy(&driver->lock); + virObjectUnref(driver->xmlopt); virObjectUnref(driver->domains); virObjectUnref(driver->config); VIR_FREE(driver); @@ -147,7 +147,6 @@ jailhouseConnectOpen(virConnectPtr conn, virConfPtr conf G_GNUC_UNUSED, unsigned int flags) { uid_t uid = geteuid(); - virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR); if (!virConnectValidateURIPath(conn->uri->path, "jailhouse", uid == 0)) @@ -159,8 +158,10 @@ jailhouseConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - conn->privateData = jailhouse_driver; + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + conn->privateData = jailhouse_driver; return VIR_DRV_OPEN_SUCCESS; } @@ -169,16 +170,19 @@ jailhouseConnectOpen(virConnectPtr conn, static int jailhouseConnectClose(virConnectPtr conn) { - conn->privateData = NULL; + conn->privateData = NULL; - return 0; + return 0; } static int jailhouseStateCleanup(void) { if (!jailhouse_driver) - return -1; + return -1; + + if (jailhouseDisable() < 0) + return -1; if (jailhouse_driver->lockFD != -1) virPidFileRelease(jailhouse_driver->config->stateDir, @@ -187,6 +191,9 @@ jailhouseStateCleanup(void) virMutexDestroy(&jailhouse_driver->lock); jailhouseFreeDriver(jailhouse_driver); + + jailhouse_driver = NULL; + return 0; } @@ -199,6 +206,9 @@ jailhouseStateInitialize(bool privileged G_GNUC_UNUSED, virJailhouseDriverConfigPtr cfg = NULL; int rc; + if (jailhouse_driver) + return VIR_DRV_STATE_INIT_COMPLETE; + jailhouse_driver = g_new0(virJailhouseDriver, 1); jailhouse_driver->lockFD = -1; @@ -220,6 +230,10 @@ jailhouseStateInitialize(bool privileged G_GNUC_UNUSED, if (jailhouseLoadConf(cfg) < 0) goto error; + if (!(jailhouse_driver->xmlopt = virDomainXMLOptionNew(NULL, NULL, + NULL, NULL, NULL))) + goto error; + if (virFileMakePath(cfg->stateDir) < 0) { virReportSystemError(errno, _("Failed to create state dir %s"), cfg->stateDir); @@ -292,7 +306,7 @@ jailhouseConnectListAllDomains(virConnectPtr conn, static virDomainPtr jailhouseDomainLookupByID(virConnectPtr conn, int id) { -virJailhouseDriverPtr driver = conn->privateData; + virJailhouseDriverPtr driver = conn->privateData; virDomainObjPtr cell; virDomainPtr dom = NULL; @@ -409,7 +423,6 @@ jailhouseDomainCreateWithFlags(virDomainPtr domain, virJailhouseCellInfoPtr cell_info; virDomainObjPtr cell; int ret = -1; - virCheckFlags(VIR_DOMAIN_NONE, -1); if (!domain->name) { @@ -462,23 +475,23 @@ jailhouseDomainCreateXML(virConnectPtr conn, virDomainPtr dom = NULL; virDomainDefPtr def = NULL; virDomainObjPtr cell = NULL; - virDomainDiskDefPtr disk = NULL; virJailhouseCellId cell_id; char **images = NULL; int num_images = 0, i = 0; unsigned int parse_flags = VIR_DOMAIN_DEF_PARSE_INACTIVE; + bool removeInactive = false; if (flags & VIR_DOMAIN_START_VALIDATE) parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; - if ((def = virDomainDefParseString(xml, NULL, - NULL, parse_flags)) == NULL) + if (!(def = virDomainDefParseString(xml, driver->xmlopt, + NULL, parse_flags))) goto cleanup; - if ((cell = virDomainObjListFindByUUID(driver->domains, def->uuid))) + if (virDomainCreateXMLEnsureACL(conn, def) < 0) goto cleanup; - if (virDomainCreateXMLEnsureACL(conn, def) < 0) + if ((cell = virDomainObjListFindByUUID(driver->domains, def->uuid))) goto cleanup; if (!(cell_info = virJailhouseFindCellByName(driver, def->name))) { @@ -492,13 +505,13 @@ jailhouseDomainCreateXML(virConnectPtr conn, def->id = cell_info->id.id; if (!(cell = virDomainObjListAdd(driver->domains, def, - NULL, - VIR_DOMAIN_OBJ_LIST_ADD_LIVE | - VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE, NULL))) + driver->xmlopt, 0, NULL))) goto cleanup; def = NULL; + removeInactive = true; + if (cell->def->ndisks < 1) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Domain XML doesn't contain any disk images")); @@ -513,7 +526,7 @@ jailhouseDomainCreateXML(virConnectPtr conn, if (cell->def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_DISK && virDomainDiskGetType(cell->def->disks[i]) == VIR_STORAGE_TYPE_FILE) { - disk = cell->def->disks[i]; + virDomainDiskDefPtr disk = cell->def->disks[i]; const char *src = virDomainDiskGetSource(disk); if (!src) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -525,7 +538,7 @@ jailhouseDomainCreateXML(virConnectPtr conn, num_images++; } else { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("A Jailhouse doamin(cell) can ONLY have FILE type disks")); + _("A Jailhouse domain(cell) can ONLY have FILE type disks")); goto cleanup; } } @@ -533,7 +546,7 @@ jailhouseDomainCreateXML(virConnectPtr conn, // Initialize the cell_id. cell_id.id = cell->def->id; cell_id.padding = 0; - if (virStrncpy(cell_id.name, cell->def->name, JAILHOUSE_CELL_ID_NAMELEN, JAILHOUSE_CELL_ID_NAMELEN) < 0) { + if (virStrcpy(cell_id.name, cell->def->name, JAILHOUSE_CELL_ID_NAMELEN) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Cell name %s length exceeded the limit"), cell->def->name); @@ -561,6 +574,9 @@ jailhouseDomainCreateXML(virConnectPtr conn, dom = virGetDomain(conn, cell->def->name, cell->def->uuid, cell->def->id); cleanup: + if (!dom && removeInactive && !cell->persistent) + virDomainObjListRemove(driver->domains, cell); + virDomainDefFree(def); virDomainObjEndAPI(&cell); return dom; @@ -671,7 +687,7 @@ jailhouseDomainDestroy(virDomainPtr domain) static int virjailhouseGetDomainTotalCpuStats(virDomainObjPtr cell, - unsigned long long *cpustats) + unsigned long long *cpustats) { // TODO(Prakhar): Not implemented yet. UNUSED(cell); @@ -721,7 +737,7 @@ jailhouseDomainGetState(virDomainPtr domain, goto cleanup; if (virDomainGetStateEnsureACL(domain->conn, cell->def) < 0) - goto cleanup; + goto cleanup; *state = virDomainObjGetState(cell, reason); ret = 0; -- 2.17.1