From: David van Moolenbroek Date: Wed, 7 Mar 2012 22:45:55 +0000 (+0100) Subject: pci: apply ACLs to device reservations X-Git-Tag: v3.2.1~669 X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/zpipe.c?a=commitdiff_plain;h=457d3884a28fac890cebc62b15fcfbda82337057;p=minix.git pci: apply ACLs to device reservations --- diff --git a/drivers/pci/main.c b/drivers/pci/main.c index 65891eaf4..7731d0c9d 100644 --- a/drivers/pci/main.c +++ b/drivers/pci/main.c @@ -380,11 +380,14 @@ PRIVATE void do_del_acl(message *mp) PRIVATE void do_reserve(message *mp) { + struct rs_pci *aclp; int r, devind; devind= mp->m1_i1; - - mp->m_type= pci_reserve2(devind, mp->m_source); + + aclp= find_acl(mp->m_source); + + mp->m_type= pci_reserve_a(devind, mp->m_source, aclp); r= send(mp->m_source, mp); if (r != 0) { diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index bfad9b48a..0f9e727a8 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -358,11 +358,12 @@ PUBLIC int pci_next_dev_a( } /*===========================================================================* - * pci_reserve2 * + * pci_reserve_a * *===========================================================================*/ -PUBLIC int pci_reserve2(devind, proc) +PUBLIC int pci_reserve_a(devind, proc, aclp) int devind; endpoint_t proc; +struct rs_pci *aclp; { int i, r; int ilr; @@ -371,9 +372,16 @@ endpoint_t proc; if (devind < 0 || devind >= nr_pcidev) { - printf("pci:pci_reserve2: bad devind: %d\n", devind); + printf("pci_reserve_a: bad devind: %d\n", devind); return EINVAL; } + if (!visible(aclp, devind)) + { + printf("pci_reserve_a: %u is not allowed to reserve %d\n", + proc, devind); + return EPERM; + } + if(pcidev[devind].pd_inuse && pcidev[devind].pd_proc != proc) return EBUSY; pcidev[devind].pd_inuse= 1; @@ -383,7 +391,7 @@ endpoint_t proc; { if (pcidev[devind].pd_bar[i].pb_flags & PBF_INCOMPLETE) { - printf("pci_reserve3: BAR %d is incomplete\n", i); + printf("pci_reserve_a: BAR %d is incomplete\n", i); continue; } if (pcidev[devind].pd_bar[i].pb_flags & PBF_IO) @@ -394,7 +402,7 @@ endpoint_t proc; if(debug) { printf( - "pci_reserve3: for proc %d, adding I/O range [0x%x..0x%x]\n", + "pci_reserve_a: for proc %d, adding I/O range [0x%x..0x%x]\n", proc, ior.ior_base, ior.ior_limit); } r= sys_privctl(proc, SYS_PRIV_ADD_IO, &ior); @@ -421,7 +429,7 @@ endpoint_t proc; ilr= pcidev[devind].pd_ilr; if (ilr != PCI_ILR_UNKNOWN) { - if(debug) printf("pci_reserve3: adding IRQ %d\n", ilr); + if(debug) printf("pci_reserve_a: adding IRQ %d\n", ilr); r= sys_privctl(proc, SYS_PRIV_ADD_IRQ, &ilr); if (r != OK) { @@ -2667,7 +2675,8 @@ int devind; if (!aclp) return TRUE; /* Should be changed when ACLs become - * mandatory. + * mandatory. Do note that procfs relies + * on being able to see all devices. */ /* Check whether the caller is allowed to get this device. */ for (i= 0; irsp_nr_device; i++) diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index af0a06653..7f9ed4f9e 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -96,7 +96,8 @@ extern struct pci_pcibridge pci_pcibridge[]; /* Function prototypes. */ _PROTOTYPE( int sef_cb_init_fresh, (int type, sef_init_info_t *info) ); _PROTOTYPE( int map_service, (struct rprocpub *rpub) ); -_PROTOTYPE( int pci_reserve2, (int devind, endpoint_t proc) ); +_PROTOTYPE( int pci_reserve_a, (int devind, endpoint_t proc, + struct rs_pci *aclp) ); _PROTOTYPE( void pci_release, (endpoint_t proc) ); _PROTOTYPE( int pci_first_dev_a, (struct rs_pci *aclp, int *devindp, u16_t *vidp, u16_t *didp) );