[PATCH 39/40] Convert Xen domain stats/peek driver methods to use virDomainDefPtr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Introduce use of a virDomainDefPtr in the domain stats &
peek APIs to simplify introduction of ACL security checks.
The virDomainPtr cannot be safely used, since the app
may have supplied mis-matching name/uuid/id fields. eg
the name points to domain X, while the uuid points to
domain Y. Resolving the virDomainPtr to a virDomainDefPtr
ensures a consistent name/uuid/id set.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/xen/block_stats.c    |  6 +++---
 src/xen/block_stats.h    |  2 +-
 src/xen/xen_driver.c     | 37 +++++++++++++++++++++++++++++++++----
 src/xen/xen_hypervisor.c | 11 ++++++-----
 src/xen/xen_hypervisor.h |  9 +++++----
 src/xen/xend_internal.c  | 21 +++++++++++----------
 src/xen/xend_internal.h  |  7 ++++++-
 src/xen/xm_internal.c    |  3 ++-
 src/xen/xm_internal.h    |  7 ++++++-
 9 files changed, 73 insertions(+), 30 deletions(-)

diff --git a/src/xen/block_stats.c b/src/xen/block_stats.c
index 9f5823c..5adbf6c 100644
--- a/src/xen/block_stats.c
+++ b/src/xen/block_stats.c
@@ -359,16 +359,16 @@ xenLinuxDomainDeviceID(int domid, const char *path)
 
 int
 xenLinuxDomainBlockStats(xenUnifiedPrivatePtr priv,
-                         virDomainPtr dom,
+                         virDomainDefPtr def,
                          const char *path,
                          struct _virDomainBlockStats *stats)
 {
-    int device = xenLinuxDomainDeviceID(dom->id, path);
+    int device = xenLinuxDomainDeviceID(def->id, path);
 
     if (device < 0)
         return -1;
 
-    return read_bd_stats(priv, device, dom->id, stats);
+    return read_bd_stats(priv, device, def->id, stats);
 }
 
 #endif /* __linux__ */
diff --git a/src/xen/block_stats.h b/src/xen/block_stats.h
index 0a3c40a..6633d97 100644
--- a/src/xen/block_stats.h
+++ b/src/xen/block_stats.h
@@ -28,7 +28,7 @@
 #  include "xen_driver.h"
 
 extern int xenLinuxDomainBlockStats (xenUnifiedPrivatePtr priv,
-                                     virDomainPtr dom, const char *path,
+                                     virDomainDefPtr def, const char *path,
                                      struct _virDomainBlockStats *stats);
 
 extern int xenLinuxDomainDeviceID(int domid, const char *dev);
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index c2127d6..246076d 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1955,14 +1955,34 @@ static int
 xenUnifiedDomainBlockStats(virDomainPtr dom, const char *path,
                            struct _virDomainBlockStats *stats)
 {
-    return xenHypervisorDomainBlockStats(dom, path, stats);
+    virDomainDefPtr def = NULL;
+    int ret = -1;
+
+    if (!(def = xenGetDomainDefForDom(dom)))
+        goto cleanup;
+
+    ret = xenHypervisorDomainBlockStats(dom->conn, def, path, stats);
+
+cleanup:
+    virDomainDefFree(def);
+    return ret;
 }
 
 static int
 xenUnifiedDomainInterfaceStats(virDomainPtr dom, const char *path,
                                struct _virDomainInterfaceStats *stats)
 {
-    return xenHypervisorDomainInterfaceStats(dom, path, stats);
+    virDomainDefPtr def = NULL;
+    int ret = -1;
+
+    if (!(def = xenGetDomainDefForDom(dom)))
+        goto cleanup;
+
+    ret = xenHypervisorDomainInterfaceStats(def, path, stats);
+
+cleanup:
+    virDomainDefFree(def);
+    return ret;
 }
 
 static int
@@ -1971,13 +1991,22 @@ xenUnifiedDomainBlockPeek(virDomainPtr dom, const char *path,
                           void *buffer, unsigned int flags)
 {
     xenUnifiedPrivatePtr priv = dom->conn->privateData;
+    virDomainDefPtr def = NULL;
+    int ret = -1;
 
     virCheckFlags(0, -1);
 
+    if (!(def = xenGetDomainDefForDom(dom)))
+        goto cleanup;
+
     if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
-        return xenXMDomainBlockPeek(dom, path, offset, size, buffer);
+        ret = xenXMDomainBlockPeek(dom->conn, def, path, offset, size, buffer);
     else
-        return xenDaemonDomainBlockPeek(dom, path, offset, size, buffer);
+        ret = xenDaemonDomainBlockPeek(dom->conn, def, path, offset, size, buffer);
+
+cleanup:
+    virDomainDefFree(def);
+    return ret;
 }
 
 static int
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
index dc40a92..cefcda4 100644
--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
@@ -1368,17 +1368,18 @@ xenHypervisorSetSchedulerParameters(virConnectPtr conn,
 
 
 int
-xenHypervisorDomainBlockStats(virDomainPtr dom,
+xenHypervisorDomainBlockStats(virConnectPtr conn,
+                              virDomainDefPtr def,
                               const char *path,
                               struct _virDomainBlockStats *stats)
 {
 #ifdef __linux__
-    xenUnifiedPrivatePtr priv = dom->conn->privateData;
+    xenUnifiedPrivatePtr priv = conn->privateData;
     int ret;
 
     xenUnifiedLock(priv);
     /* Need to lock because it hits the xenstore handle :-( */
-    ret = xenLinuxDomainBlockStats(priv, dom, path, stats);
+    ret = xenLinuxDomainBlockStats(priv, def, path, stats);
     xenUnifiedUnlock(priv);
     return ret;
 #else
@@ -1396,7 +1397,7 @@ xenHypervisorDomainBlockStats(virDomainPtr dom,
  * virNetwork interface, as yet not decided.
  */
 int
-xenHypervisorDomainInterfaceStats(virDomainPtr dom,
+xenHypervisorDomainInterfaceStats(virDomainDefPtr def,
                                   const char *path,
                                   struct _virDomainInterfaceStats *stats)
 {
@@ -1411,7 +1412,7 @@ xenHypervisorDomainInterfaceStats(virDomainPtr dom,
                        _("invalid path, should be vif<domid>.<n>."));
         return -1;
     }
-    if (rqdomid != dom->id) {
+    if (rqdomid != def->id) {
         virReportError(VIR_ERR_INVALID_ARG, "%s",
                        _("invalid path, vif<domid> should match this domain ID"));
         return -1;
diff --git a/src/xen/xen_hypervisor.h b/src/xen/xen_hypervisor.h
index 1e5bb67..6aeab79 100644
--- a/src/xen/xen_hypervisor.h
+++ b/src/xen/xen_hypervisor.h
@@ -122,13 +122,14 @@ int     xenHypervisorSetSchedulerParameters(virConnectPtr conn,
                                             int nparams)
           ATTRIBUTE_NONNULL (1);
 
-int     xenHypervisorDomainBlockStats   (virDomainPtr domain,
+int     xenHypervisorDomainBlockStats   (virConnectPtr conn,
+                                         virDomainDefPtr def,
                                          const char *path,
                                          struct _virDomainBlockStats *stats)
           ATTRIBUTE_NONNULL (1);
-int     xenHypervisorDomainInterfaceStats (virDomainPtr domain,
-                                         const char *path,
-                                         struct _virDomainInterfaceStats *stats)
+int     xenHypervisorDomainInterfaceStats (virDomainDefPtr def,
+                                           const char *path,
+                                           struct _virDomainInterfaceStats *stats)
           ATTRIBUTE_NONNULL (1);
 
 int     xenHypervisorNodeGetCellsFreeMemory(virConnectPtr conn,
diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
index a78de96..244940f 100644
--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
@@ -3238,13 +3238,14 @@ error:
  * Returns 0 if successful, -1 if error, -2 if declined.
  */
 int
-xenDaemonDomainBlockPeek(virDomainPtr domain,
+xenDaemonDomainBlockPeek(virConnectPtr conn,
+                         virDomainDefPtr minidef,
                          const char *path,
                          unsigned long long offset,
                          size_t size,
                          void *buffer)
 {
-    xenUnifiedPrivatePtr priv = domain->conn->privateData;
+    xenUnifiedPrivatePtr priv = conn->privateData;
     struct sexpr *root = NULL;
     int fd = -1, ret = -1;
     virDomainDefPtr def;
@@ -3254,12 +3255,12 @@ xenDaemonDomainBlockPeek(virDomainPtr domain,
     const char *actual;
 
     /* Security check: The path must correspond to a block device. */
-    if (domain->id > 0)
-        root = sexpr_get(domain->conn, "/xend/domain/%d?detail=1",
-                         domain->id);
-    else if (domain->id < 0)
-        root = sexpr_get(domain->conn, "/xend/domain/%s?detail=1",
-                         domain->name);
+    if (minidef->id > 0)
+        root = sexpr_get(conn, "/xend/domain/%d?detail=1",
+                         minidef->id);
+    else if (minidef->id < 0)
+        root = sexpr_get(conn, "/xend/domain/%s?detail=1",
+                         minidef->name);
     else {
         /* This call always fails for dom0. */
         virReportError(VIR_ERR_OPERATION_INVALID,
@@ -3274,8 +3275,8 @@ xenDaemonDomainBlockPeek(virDomainPtr domain,
 
     id = xenGetDomIdFromSxpr(root, priv->xendConfigVersion);
     xenUnifiedLock(priv);
-    tty = xenStoreDomainGetConsolePath(domain->conn, id);
-    vncport = xenStoreDomainGetVNCPort(domain->conn, id);
+    tty = xenStoreDomainGetConsolePath(conn, id);
+    vncport = xenStoreDomainGetVNCPort(conn, id);
     xenUnifiedUnlock(priv);
 
     if (!(def = xenParseSxpr(root, priv->xendConfigVersion, NULL, tty,
diff --git a/src/xen/xend_internal.h b/src/xen/xend_internal.h
index cef7da4..aa05130 100644
--- a/src/xen/xend_internal.h
+++ b/src/xen/xend_internal.h
@@ -187,7 +187,12 @@ int xenDaemonDomainMigratePerform (virConnectPtr conn,
                                    const char *uri, unsigned long flags,
                                    const char *dname, unsigned long resource);
 
-int xenDaemonDomainBlockPeek (virDomainPtr domain, const char *path, unsigned long long offset, size_t size, void *buffer);
+int xenDaemonDomainBlockPeek(virConnectPtr conn,
+                             virDomainDefPtr def,
+                             const char *path,
+                             unsigned long long offset,
+                             size_t size,
+                             void *buffer);
 
 char * xenDaemonGetSchedulerType(virConnectPtr conn,
                                  int *nparams);
diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
index 09e0794..28afa0b 100644
--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
@@ -1405,7 +1405,8 @@ xenXMDomainDetachDeviceFlags(virConnectPtr conn,
 }
 
 int
-xenXMDomainBlockPeek(virDomainPtr dom ATTRIBUTE_UNUSED,
+xenXMDomainBlockPeek(virConnectPtr conn ATTRIBUTE_UNUSED,
+                     virDomainDefPtr def ATTRIBUTE_UNUSED,
                      const char *path ATTRIBUTE_UNUSED,
                      unsigned long long offset ATTRIBUTE_UNUSED,
                      size_t size ATTRIBUTE_UNUSED,
diff --git a/src/xen/xm_internal.h b/src/xen/xm_internal.h
index 5be59b1..5dbc0bf 100644
--- a/src/xen/xm_internal.h
+++ b/src/xen/xm_internal.h
@@ -81,7 +81,12 @@ int xenXMDomainCreate(virConnectPtr conn,
 int xenXMDomainDefineXML(virConnectPtr con, virDomainDefPtr def);
 int xenXMDomainUndefine(virConnectPtr conn, virDomainDefPtr def);
 
-int xenXMDomainBlockPeek (virDomainPtr dom, const char *path, unsigned long long offset, size_t size, void *buffer);
+int xenXMDomainBlockPeek(virConnectPtr conn,
+                         virDomainDefPtr def,
+                         const char *path,
+                         unsigned long long offset,
+                         size_t size,
+                         void *buffer);
 
 int xenXMDomainGetAutostart(virDomainDefPtr def,
                             int *autostart);
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]