From patchwork Mon Aug 7 09:03:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandru Stefan ISAILA X-Patchwork-Id: 9884807 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AD4F460364 for ; Mon, 7 Aug 2017 09:05:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A06B228484 for ; Mon, 7 Aug 2017 09:05:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 94AD3285D1; Mon, 7 Aug 2017 09:05:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.5 required=2.0 tests=BAYES_00,HTML_MESSAGE, HTML_OBFUSCATE_05_10, MIME_HTML_MOSTLY, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8DCDF28484 for ; Mon, 7 Aug 2017 09:05:13 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dedwd-0008JS-I4; Mon, 07 Aug 2017 09:03:27 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dedwc-0008JM-3U for xen-devel@lists.xen.org; Mon, 07 Aug 2017 09:03:26 +0000 Received: from [193.109.254.147] by server-11.bemta-6.messagelabs.com id E8/5C-03612-DDC28895; Mon, 07 Aug 2017 09:03:25 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA1WSe0hTYRjG/bazs2NtddxM34ZFjSjTvESUkZU lkf0VZWktAz2r0zbappwzQ4PAKNcy7UZkWaGVlZlpioHMC6ItdZXRhcq8lGVSIl3Ushi6dvZZ 2fnj4/d+z/s978PhpcSKWlJFsRkWljMzRjU5hUhq0V8O61xk00R+OB29vPjbVWIN2uCodYk2o R0Sg1mbmpEi0Q8NV0rSnvSjjGa3HWWhpvcoB/lSCjoOWnrGiBw0xcNlCPL7yqW4eIHgV/MYmY Mob9fZm2vxfTGCG9a3YlxUIOiq7iVxUYigrvyLVPAl6SioyysRC+xPR8C99jGJ0CSmswiob3U RgqCkE+Cso1CKmxLhQb17gleAs/EQKTBBz4PWhqPeezm9FN7mjk6MzkPQ3dbmNfKlN8Pn/gEv IzoARp1lIoHFdCC87iv0MtB+cOVCnRhzAIzbe0nMkXD3WgOBeQ7kdRyXYE4B6+M3BPbRQE2jn cQh/KDtfB8h/BegjeAepDGqwJ2tFqIBfYKA0os9E2OD4N2pDvIkml0wKVHBJNeCSa4FHisxvR Aq7BG4ZS6cOdYrxRwM2RcvSXHLasgvip7cUoSoUrSAZ7l9LBe2JFzLGXR6i4kxGMMWRy4LN7E 8z+hYI6Plw3elmqqQZ218PF8Nso3HNqGZlEg9Q55cYtUopmlTd2fqGV6fzKUbWb4JBVGUGuT7 Q20ahR/H6tiMPQajZ/f+yEDJ1P7yakGW82mMiTfosOREMdSdWxUjIqra1Toqopq8533hVBDmV DOrCsTPaOGZPt381/TPTj9Fs1RKOfLEVMjSWM5ksPyvD6BACqmVOJvMYLb8nT3giSXyxBpkso VYFuafpMpCxd9/bvvY1qfaOt9qc7jXJaV3pjl+bOyPXJmTm9Ct35fp8PlxeNXUZ8NVWv+jNuV 2g0vTWhU69LLi4IqB648GH9b5xIRPr3GoZc/sUdzspT3mA7Ijr/q/rlfGBrjyGpxdOx1fpyfG mQ9+tzpH2uW6zOfnQpoTuC3xyqLg+E+3K/c+URO8nlkcIuZ45jcPb05xzgMAAA== X-Env-Sender: aisaila@bitdefender.com X-Msg-Ref: server-4.tower-27.messagelabs.com!1502096602!109843206!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=1.6 required=7.0 tests=HTML_50_60,HTML_MESSAGE, HTML_OBFUSCATE_05_10 X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 15690 invoked from network); 7 Aug 2017 09:03:23 -0000 Received: from mx01.bbu.dsd.mx.bitdefender.com (HELO mx01.bbu.dsd.mx.bitdefender.com) (91.199.104.161) by server-4.tower-27.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 7 Aug 2017 09:03:23 -0000 Received: (qmail 20706 invoked from network); 7 Aug 2017 12:03:21 +0300 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.bbu.dsd.mx.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 7 Aug 2017 12:03:21 +0300 Received: from smtp01.buh.bitdefender.com (smtp.bitdefender.biz [10.17.80.75]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 9B1447FC42 for ; Mon, 7 Aug 2017 12:03:21 +0300 (EEST) Received: (qmail 31066 invoked from network); 7 Aug 2017 12:03:21 +0300 Received: from unknown (HELO mb1xmail.bitdefender.biz) (10.20.0.28) by smtp01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 7 Aug 2017 12:03:21 +0300 Received: from mb2xmail.bitdefender.biz (10.20.0.30) by mb1xmail.bitdefender.biz (10.20.0.28) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Mon, 7 Aug 2017 12:03:20 +0300 Received: from mb2xmail.bitdefender.biz ([10.20.0.30]) by mb2xmail.bitdefender.biz ([10.20.0.30]) with mapi id 15.00.1293.002; Mon, 7 Aug 2017 12:03:20 +0300 From: Alexandru Stefan ISAILA To: "tamas@tklengyel.com" Thread-Topic: [PATCH v4] x86/hvm: Allow guest_request vm_events coming from userspace Thread-Index: AQHTDRV/hqtNw1q0ak2V0cNRY95GmqJ0yPIAgAOil4A= Date: Mon, 7 Aug 2017 09:03:20 +0000 Message-ID: <1502096593.4329.3.camel@bitdefender.com> References: <1501846324-4683-1-git-send-email-aisaila@bitdefender.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.17.80.118] x-endpointsecurity-0xde81-ev: v:6.2.18.884, d:out, a:y, w:t, t:16, sv:1502085715, ts:1502096600 MIME-Version: 1.0 X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on smtp01.buh.bitdefender.com, sigver: 7.72680 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.8.1074, Dats: 457220, Stamp: 3], Multi: [Enabled, t: (0.000022, 0.082278)], BW: [Enabled, t: (0.000012)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.024450), Flags: 85D2ED72; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.024080,0.000744)], URL: [Enabled, t: (0.000008)], RTDA: [Enabled, t: (0.189206), Hit: No, Details: v2.6.3; Id: 15.5f4787.1bmjiji5m.2jreu], total: 0(775) X-BitDefender-CF-Stamp: none Cc: "tim@xen.org" , "sstabellini@kernel.org" , "wei.liu2@citrix.com" , "rcojocaru@bitdefender.com" , "George.Dunlap@eu.citrix.com" , "andrew.cooper3@citrix.com" , "ian.jackson@eu.citrix.com" , "xen-devel@lists.xen.org" , "jbeulich@suse.com" Subject: Re: [Xen-devel] [PATCH v4] x86/hvm: Allow guest_request vm_events coming from userspace X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP On Vi, 2017-08-04 at 19:32 -0600, Tamas K Lengyel wrote: On Fri, Aug 4, 2017 at 5:32 AM, Alexandru Isaila > wrote: In some introspection usecases, an in-guest agent needs to communicate with the external introspection agent. An existing mechanism is HVMOP_guest_request_vm_event, but this is restricted to kernel usecases like all other hypercalls. Introduce a mechanism whereby the introspection agent can whitelist the use of HVMOP_guest_request_vm_event directly from userspace. Signed-off-by: Alexandru Isaila > --- Changes since V3: - Changed commit message - Added new lines - Indent the maximum space on the defines - Chaned the name of the define/function name/struct member from vmcall to event --- tools/libxc/include/xenctrl.h | 1 + tools/libxc/xc_monitor.c | 14 ++++++++++++++ xen/arch/x86/hvm/hypercall.c | 5 +++++ xen/common/monitor.c | 14 ++++++++++++++ xen/include/public/domctl.h | 21 +++++++++++---------- xen/include/xen/sched.h | 5 +++-- 6 files changed, 48 insertions(+), 12 deletions(-) } monitor; }; -- 2.7.4 Tamas ________________________________ This email was scanned by Bitdefender Regards, Alex ________________________________ This email was scanned by Bitdefender diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index bde8313..90a056f 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -2022,6 +2022,7 @@ int xc_monitor_descriptor_access(xc_interface *xch, domid_t domain_id, bool enable); int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id, bool enable, bool sync); +int xc_allow_guest_userspace_event(xc_interface *xch, domid_t domain_id, bool enable); int xc_monitor_debug_exceptions(xc_interface *xch, domid_t domain_id, bool enable, bool sync); int xc_monitor_cpuid(xc_interface *xch, domid_t domain_id, bool enable); diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c index b44ce93..6064c39 100644 --- a/tools/libxc/xc_monitor.c +++ b/tools/libxc/xc_monitor.c @@ -161,6 +161,20 @@ int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id, bool enable, return do_domctl(xch, &domctl); } +int xc_allow_guest_userspace_event(xc_interface *xch, domid_t domain_id, bool enable) This function should be prefixed with "xc_monitor_" like all the rest of the functions here. +{ + DECLARE_DOMCTL; + + domctl.cmd = XEN_DOMCTL_monitor_op; + domctl.domain = domain_id; + domctl.u.monitor_op.op = enable ? XEN_DOMCTL_MONITOR_OP_ENABLE + : XEN_DOMCTL_MONITOR_OP_DISABLE; + domctl.u.monitor_op.event = XEN_DOMCTL_MONITOR_EVENT_GUEST_USERSPACE_EVENT; + + return do_domctl(xch, &domctl); +} + + int xc_monitor_emulate_each_rep(xc_interface *xch, domid_t domain_id, bool enable) { diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index e7238ce..8eb5f49 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -155,6 +155,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) /* Fallthrough to permission check. */ case 4: case 2: + if ( currd->monitor.guest_request_userspace_event && + eax == __HYPERVISOR_hvm_op && + (mode == 8 ? regs->rdi : regs->ebx) == HVMOP_guest_request_vm_event ) + break; + if ( unlikely(hvm_get_cpl(curr)) ) { default: diff --git a/xen/common/monitor.c b/xen/common/monitor.c index 451f42f..21a1457 100644 --- a/xen/common/monitor.c +++ b/xen/common/monitor.c @@ -79,6 +79,20 @@ int monitor_domctl(struct domain *d, struct xen_domctl_monitor_op *mop) break; } + case XEN_DOMCTL_MONITOR_EVENT_GUEST_USERSPACE_EVENT: + { + bool_t old_status = d->monitor.guest_request_enabled; You are checking guest_request enabled here while later setting guest_request_userspace_event. These are two separate monitor options, adjust accordingly. + + if ( unlikely(old_status == requested_status) ) + return -EEXIST; + + domain_pause(d); + d->monitor.guest_request_sync = mop->u.guest_request.sync; You are setting guest_request_sync here which is a setting belonging to guest_request_enabled. If you need sync/async option for the userspace guest request it should be a separate bit. Since the toolstack side you add in this patch never sets the sync option I assume that is not the case, so remove this. + d->monitor.guest_request_userspace_event = requested_status; + domain_unpause(d); + break; + } + default: /* Give arch-side the chance to handle this event */ return arch_monitor_domctl_event(d, mop); diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index ff39762..870495c 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -1073,16 +1073,17 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cmt_op_t); #define XEN_DOMCTL_MONITOR_OP_GET_CAPABILITIES 2 #define XEN_DOMCTL_MONITOR_OP_EMULATE_EACH_REP 3 -#define XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG 0 -#define XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR 1 -#define XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP 2 -#define XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT 3 -#define XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST 4 -#define XEN_DOMCTL_MONITOR_EVENT_DEBUG_EXCEPTION 5 -#define XEN_DOMCTL_MONITOR_EVENT_CPUID 6 -#define XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL 7 -#define XEN_DOMCTL_MONITOR_EVENT_INTERRUPT 8 -#define XEN_DOMCTL_MONITOR_EVENT_DESC_ACCESS 9 +#define XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG 0 +#define XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR 1 +#define XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP 2 +#define XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT 3 +#define XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST 4 +#define XEN_DOMCTL_MONITOR_EVENT_DEBUG_EXCEPTION 5 +#define XEN_DOMCTL_MONITOR_EVENT_CPUID 6 +#define XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL 7 +#define XEN_DOMCTL_MONITOR_EVENT_INTERRUPT 8 +#define XEN_DOMCTL_MONITOR_EVENT_DESC_ACCESS 9 +#define XEN_DOMCTL_MONITOR_EVENT_GUEST_USERSPACE_EVENT 10 struct xen_domctl_monitor_op { uint32_t op; /* XEN_DOMCTL_MONITOR_OP_* */ diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 6673b27..898a132 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -480,8 +480,9 @@ struct domain /* Common monitor options */ struct { - unsigned int guest_request_enabled : 1; - unsigned int guest_request_sync : 1; + unsigned int guest_request_enabled : 1; + unsigned int guest_request_sync : 1; + unsigned int guest_request_userspace_event : 1; This should be "guest_request_userspace_enabled". It also should not be in xen/sched.h as on ARM there is no instruction trapping from userspace directly to the hypervisor (AFAIK). Is everyone ok with moving the bit in a x86 specific region?