[Qemu-devel] [PATCH v4 0/8] xen: xen-domid-restrict improvements

Ian Jackson posted 8 patches 6 years, 5 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1507564902-9000-1-git-send-email-ian.jackson@eu.citrix.com
Test checkpatch failed
Test docker passed
Test s390x passed
There is a newer version of this series
[Qemu-devel] [PATCH v4 0/8] xen: xen-domid-restrict improvements
Posted by Ian Jackson 6 years, 5 months ago
I have been working on trying to get qemu, when running as a Xen
device model, to _actually_ not have power equivalent to root.

I think I have achieved this, with some limitations (which are
discussed in my series against xen.git.

However, there are changes to qemu needed.  In particular

 * The -xen-domid-restrict option does not work properly right now.
   It only restricts a small subset of the descriptors qemu has open.
   I am introducing a new library call in the Xen libraries for this,
   xentoolcore_restrict_all.

 * We need to call a different function on domain shutdown.

 * The restriction operation needs to be done at a slightly different
   time, necessitating a new hook.

 * Additionally, in the future, we intend to be able to set aside
   a uid range for these qemus to run in, and that involves being
   able to tell qemu to drop privilege by numeric uid and gid.

Thanks to Anthony Perard, Peter Maydell and Ross Lagerwall for
assistance, review and testing.

At least the first patch of this, "xen: link against xentoolcore",
will very likely be necessary, since the corresponding xen.git series
is likely to make Xen 4.10.

   1/8  xen: link against xentoolcore
   2/8  xen: restrict: use xentoolcore_restrict_all
   3/8  xen: defer call to xen_restrict until just before
   4/8  xen: destroy_hvm_domain: Move reason into a variable
   5/8  xen: move xc_interface compatibility fallback further up
   6/8  xen: destroy_hvm_domain: Try xendevicemodel_shutdown
 * 7/8  os-posix: Provide new -runas <uid>.<gid> facility
 @ 8/8  configure: do_compiler: Dump some extra info under bash

 * = patch changed in v4 of the series
 @ = "RFC" tag removed

Thanks,
Ian.

Re: [Qemu-devel] [PATCH v4 0/8] xen: xen-domid-restrict improvements
Posted by no-reply@patchew.org 6 years, 5 months ago
Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1507564902-9000-1-git-send-email-ian.jackson@eu.citrix.com
Subject: [Qemu-devel] [PATCH v4 0/8] xen: xen-domid-restrict improvements

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
2fefd4e512 configure: do_compiler: Dump some extra info under bash
b0ee2db430 os-posix: Provide new -runas <uid>.<gid> facility
bbe6e622ba xen: destroy_hvm_domain: Try xendevicemodel_shutdown
443cfed9da xen: move xc_interface compatibility fallback further up the file
7e9d286c99 xen: destroy_hvm_domain: Move reason into a variable
597a0de500 xen: defer call to xen_restrict until just before os_setup_post
9b5e7d8ef8 xen: restrict: use xentoolcore_restrict_all
54f9b2484b xen: link against xentoolcore

=== OUTPUT BEGIN ===
Checking PATCH 1/8: xen: link against xentoolcore...
Checking PATCH 2/8: xen: restrict: use xentoolcore_restrict_all...
Checking PATCH 3/8: xen: defer call to xen_restrict until just before os_setup_post...
Checking PATCH 4/8: xen: destroy_hvm_domain: Move reason into a variable...
Checking PATCH 5/8: xen: move xc_interface compatibility fallback further up the file...
Checking PATCH 6/8: xen: destroy_hvm_domain: Try xendevicemodel_shutdown...
Checking PATCH 7/8: os-posix: Provide new -runas <uid>.<gid> facility...
ERROR: consider using qemu_strtoul in preference to strtoul
#45: FILE: os-posix.c:143:
+    lv = strtoul(optarg, &ep, 0); /* can't qemu_strtoul, want *ep=='.' */

total: 1 errors, 0 warnings, 100 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 8/8: configure: do_compiler: Dump some extra info under bash...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org