pci: apply ACLs to device reservations
This commit is contained in:
David van Moolenbroek
parent
e21c21a31a
commit
457d3884a2
|
|
@ -380,11 +380,14 @@ PRIVATE void do_del_acl(message *mp)
|
||||||
|
|
||||||
PRIVATE void do_reserve(message *mp)
|
PRIVATE void do_reserve(message *mp)
|
||||||
{
|
{
|
||||||
|
struct rs_pci *aclp;
|
||||||
int r, devind;
|
int r, devind;
|
||||||
|
|
||||||
devind= mp->m1_i1;
|
devind= mp->m1_i1;
|
||||||
|
|
||||||
mp->m_type= pci_reserve2(devind, mp->m_source);
|
aclp= find_acl(mp->m_source);
|
||||||
|
|
||||||
|
mp->m_type= pci_reserve_a(devind, mp->m_source, aclp);
|
||||||
r= send(mp->m_source, mp);
|
r= send(mp->m_source, mp);
|
||||||
if (r != 0)
|
if (r != 0)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -358,11 +358,12 @@ PUBLIC int pci_next_dev_a(
|
||||||
}
|
}
|
||||||
|
|
||||||
/*===========================================================================*
|
/*===========================================================================*
|
||||||
* pci_reserve2 *
|
* pci_reserve_a *
|
||||||
*===========================================================================*/
|
*===========================================================================*/
|
||||||
PUBLIC int pci_reserve2(devind, proc)
|
PUBLIC int pci_reserve_a(devind, proc, aclp)
|
||||||
int devind;
|
int devind;
|
||||||
endpoint_t proc;
|
endpoint_t proc;
|
||||||
|
struct rs_pci *aclp;
|
||||||
{
|
{
|
||||||
int i, r;
|
int i, r;
|
||||||
int ilr;
|
int ilr;
|
||||||
|
|
@ -371,9 +372,16 @@ endpoint_t proc;
|
||||||
|
|
||||||
if (devind < 0 || devind >= nr_pcidev)
|
if (devind < 0 || devind >= nr_pcidev)
|
||||||
{
|
{
|
||||||
printf("pci:pci_reserve2: bad devind: %d\n", devind);
|
printf("pci_reserve_a: bad devind: %d\n", devind);
|
||||||
return EINVAL;
|
return EINVAL;
|
||||||
}
|
}
|
||||||
|
if (!visible(aclp, devind))
|
||||||
|
{
|
||||||
|
printf("pci_reserve_a: %u is not allowed to reserve %d\n",
|
||||||
|
proc, devind);
|
||||||
|
return EPERM;
|
||||||
|
}
|
||||||
|
|
||||||
if(pcidev[devind].pd_inuse && pcidev[devind].pd_proc != proc)
|
if(pcidev[devind].pd_inuse && pcidev[devind].pd_proc != proc)
|
||||||
return EBUSY;
|
return EBUSY;
|
||||||
pcidev[devind].pd_inuse= 1;
|
pcidev[devind].pd_inuse= 1;
|
||||||
|
|
@ -383,7 +391,7 @@ endpoint_t proc;
|
||||||
{
|
{
|
||||||
if (pcidev[devind].pd_bar[i].pb_flags & PBF_INCOMPLETE)
|
if (pcidev[devind].pd_bar[i].pb_flags & PBF_INCOMPLETE)
|
||||||
{
|
{
|
||||||
printf("pci_reserve3: BAR %d is incomplete\n", i);
|
printf("pci_reserve_a: BAR %d is incomplete\n", i);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (pcidev[devind].pd_bar[i].pb_flags & PBF_IO)
|
if (pcidev[devind].pd_bar[i].pb_flags & PBF_IO)
|
||||||
|
|
@ -394,7 +402,7 @@ endpoint_t proc;
|
||||||
|
|
||||||
if(debug) {
|
if(debug) {
|
||||||
printf(
|
printf(
|
||||||
"pci_reserve3: for proc %d, adding I/O range [0x%x..0x%x]\n",
|
"pci_reserve_a: for proc %d, adding I/O range [0x%x..0x%x]\n",
|
||||||
proc, ior.ior_base, ior.ior_limit);
|
proc, ior.ior_base, ior.ior_limit);
|
||||||
}
|
}
|
||||||
r= sys_privctl(proc, SYS_PRIV_ADD_IO, &ior);
|
r= sys_privctl(proc, SYS_PRIV_ADD_IO, &ior);
|
||||||
|
|
@ -421,7 +429,7 @@ endpoint_t proc;
|
||||||
ilr= pcidev[devind].pd_ilr;
|
ilr= pcidev[devind].pd_ilr;
|
||||||
if (ilr != PCI_ILR_UNKNOWN)
|
if (ilr != PCI_ILR_UNKNOWN)
|
||||||
{
|
{
|
||||||
if(debug) printf("pci_reserve3: adding IRQ %d\n", ilr);
|
if(debug) printf("pci_reserve_a: adding IRQ %d\n", ilr);
|
||||||
r= sys_privctl(proc, SYS_PRIV_ADD_IRQ, &ilr);
|
r= sys_privctl(proc, SYS_PRIV_ADD_IRQ, &ilr);
|
||||||
if (r != OK)
|
if (r != OK)
|
||||||
{
|
{
|
||||||
|
|
@ -2667,7 +2675,8 @@ int devind;
|
||||||
|
|
||||||
if (!aclp)
|
if (!aclp)
|
||||||
return TRUE; /* Should be changed when ACLs become
|
return TRUE; /* Should be changed when ACLs become
|
||||||
* mandatory.
|
* mandatory. Do note that procfs relies
|
||||||
|
* on being able to see all devices.
|
||||||
*/
|
*/
|
||||||
/* Check whether the caller is allowed to get this device. */
|
/* Check whether the caller is allowed to get this device. */
|
||||||
for (i= 0; i<aclp->rsp_nr_device; i++)
|
for (i= 0; i<aclp->rsp_nr_device; i++)
|
||||||
|
|
|
||||||
|
|
@ -96,7 +96,8 @@ extern struct pci_pcibridge pci_pcibridge[];
|
||||||
/* Function prototypes. */
|
/* Function prototypes. */
|
||||||
_PROTOTYPE( int sef_cb_init_fresh, (int type, sef_init_info_t *info) );
|
_PROTOTYPE( int sef_cb_init_fresh, (int type, sef_init_info_t *info) );
|
||||||
_PROTOTYPE( int map_service, (struct rprocpub *rpub) );
|
_PROTOTYPE( int map_service, (struct rprocpub *rpub) );
|
||||||
_PROTOTYPE( int pci_reserve2, (int devind, endpoint_t proc) );
|
_PROTOTYPE( int pci_reserve_a, (int devind, endpoint_t proc,
|
||||||
|
struct rs_pci *aclp) );
|
||||||
_PROTOTYPE( void pci_release, (endpoint_t proc) );
|
_PROTOTYPE( void pci_release, (endpoint_t proc) );
|
||||||
_PROTOTYPE( int pci_first_dev_a, (struct rs_pci *aclp, int *devindp,
|
_PROTOTYPE( int pci_first_dev_a, (struct rs_pci *aclp, int *devindp,
|
||||||
u16_t *vidp, u16_t *didp) );
|
u16_t *vidp, u16_t *didp) );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue