:p
atchew
Login
Add a new symbol DOMID_ANY to improve the readability of the code. Update all relevant domid_alloc() call sites and harden the domid_alloc() input value check. Also, fix problem with passing invalid domain IDs in XEN_DOMCTL_createdomain: turns out libxl__domain_make() (toolstack) uses 0xffff as domain ID. Amends: 2d5065060710 ("xen/domain: unify domain ID allocation") Signed-off-by: Denis Mukhin <dmukhin@ford.com> --- Changes since v5: - fixed domain ID validity check in libxl__domain_make() - CI run: https://gitlab.com/xen-project/people/dmukhin/xen/-/pipelines/2368290952 --- tools/libs/light/libxl_create.c | 6 ++++-- tools/tests/domid/harness.h | 1 + tools/tests/domid/test-domid.c | 12 ++++++------ xen/common/device-tree/dom0less-build.c | 2 +- xen/common/domctl.c | 3 +-- xen/common/domid.c | 5 ++++- xen/include/public/xen.h | 7 +++++++ 7 files changed, 24 insertions(+), 12 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index XXXXXXX..XXXXXXX 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -XXX,XX +XXX,XX @@ int libxl__domain_make(libxl__gc *gc, libxl_domain_config *d_config, } for (;;) { - uint32_t local_domid; + uint32_t local_domid = DOMID_INVALID; bool recent; if (info->domid == RANDOM_DOMID) { @@ -XXX,XX +XXX,XX @@ int libxl__domain_make(libxl__gc *gc, libxl_domain_config *d_config, continue; local_domid = v; + } else if (libxl_domid_valid_guest(local_domid)) { + local_domid = info->domid; } else { - local_domid = info->domid; /* May not be valid */ + local_domid = DOMID_ANY; } ret = xc_domain_create(ctx->xch, &local_domid, &create); diff --git a/tools/tests/domid/harness.h b/tools/tests/domid/harness.h index XXXXXXX..XXXXXXX 100644 --- a/tools/tests/domid/harness.h +++ b/tools/tests/domid/harness.h @@ -XXX,XX +XXX,XX @@ extern unsigned long find_next_zero_bit(const unsigned long *addr, #define DOMID_FIRST_RESERVED (100) #define DOMID_INVALID (101) +#define DOMID_ANY (102) #endif /* _TEST_HARNESS_ */ diff --git a/tools/tests/domid/test-domid.c b/tools/tests/domid/test-domid.c index XXXXXXX..XXXXXXX 100644 --- a/tools/tests/domid/test-domid.c +++ b/tools/tests/domid/test-domid.c @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) domid_free(expected); /* - * Test that that two consecutive calls of domid_alloc(DOMID_INVALID) + * Test that that two consecutive calls of domid_alloc(DOMID_ANY) * will never return the same ID. * NB: ID#0 is reserved and shall not be allocated by - * domid_alloc(DOMID_INVALID). + * domid_alloc(DOMID_ANY). */ for ( expected = 1; expected < DOMID_FIRST_RESERVED; expected++ ) { - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == expected, "TEST 3: expected %u allocated %u\n", expected, allocated); } for ( expected = 1; expected < DOMID_FIRST_RESERVED; expected++ ) { - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == DOMID_INVALID, "TEST 4: expected %u allocated %u\n", DOMID_INVALID, allocated); } @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) domid_free(expected); for ( expected = 1; expected < DOMID_FIRST_RESERVED / 2; expected++ ) { - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == expected, "TEST 5: expected %u allocated %u\n", expected, allocated); } @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) /* Re-allocate last ID from [1..DOMID_FIRST_RESERVED - 1]. */ expected = DOMID_FIRST_RESERVED - 1; domid_free(DOMID_FIRST_RESERVED - 1); - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == expected, "TEST 6: expected %u allocated %u\n", expected, allocated); diff --git a/xen/common/device-tree/dom0less-build.c b/xen/common/device-tree/dom0less-build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/common/device-tree/dom0less-build.c +++ b/xen/common/device-tree/dom0less-build.c @@ -XXX,XX +XXX,XX @@ void __init create_domUs(void) if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED ) panic("No more domain IDs available\n"); - domid = domid_alloc(DOMID_INVALID); + domid = domid_alloc(DOMID_ANY); if ( domid == DOMID_INVALID ) panic("Error allocating ID for domain %s\n", dt_node_name(node)); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index XXXXXXX..XXXXXXX 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -XXX,XX +XXX,XX @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) case XEN_DOMCTL_createdomain: { - /* NB: ID#0 is reserved, find the first suitable ID instead. */ - domid_t domid = domid_alloc(op->domain ?: DOMID_INVALID); + domid_t domid = domid_alloc(op->domain); if ( domid == DOMID_INVALID ) { diff --git a/xen/common/domid.c b/xen/common/domid.c index XXXXXXX..XXXXXXX 100644 --- a/xen/common/domid.c +++ b/xen/common/domid.c @@ -XXX,XX +XXX,XX @@ static DECLARE_BITMAP(domid_bitmap, DOMID_FIRST_RESERVED); * @param domid Domain ID hint: * - If an explicit domain ID is provided, verify its availability and use it * if ID is not used; - * - If DOMID_INVALID is provided, search [1..DOMID_FIRST_RESERVED-1] range, + * - If DOMID_ANY is provided, search [1..DOMID_FIRST_RESERVED-1] range, * starting from the last used ID. Implementation guarantees that two * consecutive calls will never return the same ID. ID#0 is reserved for * the first boot domain (currently, dom0) and excluded from the allocation @@ -XXX,XX +XXX,XX @@ domid_t domid_alloc(domid_t domid) { static domid_t domid_last; + if ( domid >= DOMID_FIRST_RESERVED && domid != DOMID_ANY ) + return DOMID_INVALID; + spin_lock(&domid_lock); /* Exact match. */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index XXXXXXX..XXXXXXX 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -XXX,XX +XXX,XX @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); /* DOMID_INVALID is used to identify pages with unknown owner. */ #define DOMID_INVALID xen_mk_uint(0x7FF4) +/* + * DOMID_ANY is used to signal no specific domain ID requested. + * Handler should pick a valid ID, or handle it as a broadcast value + * depending on the context. + */ +#define DOMID_ANY xen_mk_uint(0x7FF5) + /* Idle domain. */ #define DOMID_IDLE xen_mk_uint(0x7FFF) -- 2.53.0
From: Denis Mukhin <dmukhin@ford.com> Add a new symbol DOMID_ANY to improve the readability of the code. Update all relevant domid_alloc() call sites and harden the domid_alloc() input value check. Also, fix problem with passing invalid domain IDs in XEN_DOMCTL_createdomain: turns out libxl__domain_make() (toolstack) uses 0xffff as domain ID. Amends: 2d5065060710 ("xen/domain: unify domain ID allocation") Signed-off-by: Denis Mukhin <dmukhin@ford.com> --- Changes since v6: - fixed libxl_domid_valid_guest() check in libxl_create.c - Link to v6: https://lore.kernel.org/xen-devel/20260307025451.3148078-2-dmukhin@ford.com/ - CI: https://gitlab.com/xen-project/people/dmukhin/xen/-/pipelines/2438790748 --- tools/libs/light/libxl_create.c | 4 +++- tools/tests/domid/harness.h | 1 + tools/tests/domid/test-domid.c | 12 ++++++------ xen/common/device-tree/dom0less-build.c | 2 +- xen/common/domctl.c | 3 +-- xen/common/domid.c | 5 ++++- xen/include/public/xen.h | 7 +++++++ 7 files changed, 23 insertions(+), 11 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index XXXXXXX..XXXXXXX 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -XXX,XX +XXX,XX @@ int libxl__domain_make(libxl__gc *gc, libxl_domain_config *d_config, continue; local_domid = v; + } else if (libxl_domid_valid_guest(info->domid)) { + local_domid = info->domid; } else { - local_domid = info->domid; /* May not be valid */ + local_domid = DOMID_ANY; } ret = xc_domain_create(ctx->xch, &local_domid, &create); diff --git a/tools/tests/domid/harness.h b/tools/tests/domid/harness.h index XXXXXXX..XXXXXXX 100644 --- a/tools/tests/domid/harness.h +++ b/tools/tests/domid/harness.h @@ -XXX,XX +XXX,XX @@ extern unsigned long find_next_zero_bit(const unsigned long *addr, #define DOMID_FIRST_RESERVED (100) #define DOMID_INVALID (101) +#define DOMID_ANY (102) #endif /* _TEST_HARNESS_ */ diff --git a/tools/tests/domid/test-domid.c b/tools/tests/domid/test-domid.c index XXXXXXX..XXXXXXX 100644 --- a/tools/tests/domid/test-domid.c +++ b/tools/tests/domid/test-domid.c @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) domid_free(expected); /* - * Test that that two consecutive calls of domid_alloc(DOMID_INVALID) + * Test that that two consecutive calls of domid_alloc(DOMID_ANY) * will never return the same ID. * NB: ID#0 is reserved and shall not be allocated by - * domid_alloc(DOMID_INVALID). + * domid_alloc(DOMID_ANY). */ for ( expected = 1; expected < DOMID_FIRST_RESERVED; expected++ ) { - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == expected, "TEST 3: expected %u allocated %u\n", expected, allocated); } for ( expected = 1; expected < DOMID_FIRST_RESERVED; expected++ ) { - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == DOMID_INVALID, "TEST 4: expected %u allocated %u\n", DOMID_INVALID, allocated); } @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) domid_free(expected); for ( expected = 1; expected < DOMID_FIRST_RESERVED / 2; expected++ ) { - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == expected, "TEST 5: expected %u allocated %u\n", expected, allocated); } @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) /* Re-allocate last ID from [1..DOMID_FIRST_RESERVED - 1]. */ expected = DOMID_FIRST_RESERVED - 1; domid_free(DOMID_FIRST_RESERVED - 1); - allocated = domid_alloc(DOMID_INVALID); + allocated = domid_alloc(DOMID_ANY); verify(allocated == expected, "TEST 6: expected %u allocated %u\n", expected, allocated); diff --git a/xen/common/device-tree/dom0less-build.c b/xen/common/device-tree/dom0less-build.c index XXXXXXX..XXXXXXX 100644 --- a/xen/common/device-tree/dom0less-build.c +++ b/xen/common/device-tree/dom0less-build.c @@ -XXX,XX +XXX,XX @@ void __init create_domUs(void) if ( (max_init_domid + 1) >= DOMID_FIRST_RESERVED ) panic("No more domain IDs available\n"); - domid = domid_alloc(DOMID_INVALID); + domid = domid_alloc(DOMID_ANY); if ( domid == DOMID_INVALID ) panic("Error allocating ID for domain %s\n", dt_node_name(node)); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index XXXXXXX..XXXXXXX 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -XXX,XX +XXX,XX @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) case XEN_DOMCTL_createdomain: { - /* NB: ID#0 is reserved, find the first suitable ID instead. */ - domid_t domid = domid_alloc(op->domain ?: DOMID_INVALID); + domid_t domid = domid_alloc(op->domain); if ( domid == DOMID_INVALID ) { diff --git a/xen/common/domid.c b/xen/common/domid.c index XXXXXXX..XXXXXXX 100644 --- a/xen/common/domid.c +++ b/xen/common/domid.c @@ -XXX,XX +XXX,XX @@ static DECLARE_BITMAP(domid_bitmap, DOMID_FIRST_RESERVED); * @param domid Domain ID hint: * - If an explicit domain ID is provided, verify its availability and use it * if ID is not used; - * - If DOMID_INVALID is provided, search [1..DOMID_FIRST_RESERVED-1] range, + * - If DOMID_ANY is provided, search [1..DOMID_FIRST_RESERVED-1] range, * starting from the last used ID. Implementation guarantees that two * consecutive calls will never return the same ID. ID#0 is reserved for * the first boot domain (currently, dom0) and excluded from the allocation @@ -XXX,XX +XXX,XX @@ domid_t domid_alloc(domid_t domid) { static domid_t domid_last; + if ( domid >= DOMID_FIRST_RESERVED && domid != DOMID_ANY ) + return DOMID_INVALID; + spin_lock(&domid_lock); /* Exact match. */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index XXXXXXX..XXXXXXX 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -XXX,XX +XXX,XX @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); /* DOMID_INVALID is used to identify pages with unknown owner. */ #define DOMID_INVALID xen_mk_uint(0x7FF4) +/* + * DOMID_ANY is used to signal no specific domain ID requested. + * Handler should pick a valid ID, or handle it as a broadcast value + * depending on the context. + */ +#define DOMID_ANY xen_mk_uint(0x7FF5) + /* Idle domain. */ #define DOMID_IDLE xen_mk_uint(0x7FFF) -- 2.53.0