From patchwork Tue Aug 29 08:09:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandru Stefan ISAILA X-Patchwork-Id: 9926841 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 23B356022E for ; Tue, 29 Aug 2017 08:12:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09E3E287AB for ; Tue, 29 Aug 2017 08:12:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F273228893; Tue, 29 Aug 2017 08:12:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 42102287AB for ; Tue, 29 Aug 2017 08:12:14 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmbac-0002Ls-2Y; Tue, 29 Aug 2017 08:09:38 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmbaa-0002Li-4T for xen-devel@lists.xen.org; Tue, 29 Aug 2017 08:09:36 +0000 Received: from [85.158.139.211] by server-2.bemta-5.messagelabs.com id CE/05-02040-F3125A95; Tue, 29 Aug 2017 08:09:35 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupkkeJIrShJLcpLzFFi42KJPp7RqmuluDT S4PxlZYslHxezODB6HN39mymAMYo1My8pvyKBNePEm+WMBZvNKt5uzmhgnKvZxcjJwSxgLdH7 r5mxi5GLg0WgmUWirXUqK4Tzk1niVvMWdpAqIQF3iZb3n8ESQgILGCWOLn/HCJHwkJhx4DEbR GIZo8TkTa+ZQBJsAgYSr75+AysSEZCWuPb5MtgOZoHtTBJ9bZeZQRLCAgESj9pus4LYLAKqEr svbQazeQXcJC79aGcBsSUE5CRunutknsDIt4CRYRWjRnFqUVlqka6RpV5SUWZ6RkluYmaOrqG BqV5uanFxYnpqTmJSsV5yfu4mRmCw1DMwMO5gvLzF7xCjJAeTkijvW/mlkUJ8SfkplRmJxRnx RaU5qcWHGGU4OJQkeMUUgHKCRanpqRVpmTnAsIVJS3DwKInwfgVp5S0uSMwtzkyHSJ1i1OXYs Hr9FyYhlrz8vFQpcd5IkBkCIEUZpXlwI2AxdIlRVkqYl5GBgUGIpyC1KDezBFX+FaM4B6OSMO 8jkFU8mXklcJteAR3BBHSEouBCkCNKEhFSUg2Mak9OFT9tKv64rHyO5Ydl7/fEv2uK09pccnq SRfN7xl7zmhdnNp5ndD7U9bq8Rzu9tGZP+UuORx/+M2wV4rS9LiBjfWnWF9F3vPlF659ejU6X /eH3QcecdU1FYt2kun5pj8/2+47t5xDJVz+XFv1W61G4YF2qH68im99appWBd2/qTu4Q7P+vx FKckWioxVxUnAgARSVPaZwCAAA= X-Env-Sender: aisaila@bitdefender.com X-Msg-Ref: server-7.tower-206.messagelabs.com!1503994169!106411573!1 X-Originating-IP: [91.199.104.133] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 705 invoked from network); 29 Aug 2017 08:09:30 -0000 Received: from mx02.bbu.dsd.mx.bitdefender.com (HELO mx02.buh.bitdefender.com) (91.199.104.133) by server-7.tower-206.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 29 Aug 2017 08:09:30 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=LNIv9HKAELdZhpIz1ILAq/bS4JwL5AFISvQ+IoxODECpT9Tnqku5B7z82T9LrqoWHfdVZS5ZXFocuqMKkzCo/76uCimmdvdIivvMuOGC2Y2DMCh+QQR6+r031+J+vVjPRNpgXwt5+V7K2E0JaUaVFgHTSQmBfZxT8PhecaK11nrrLJarkBfhtQtRLqPItwjRkx25aZMAgMjqgfMZMP1JvGjbM0RBJ+rHV2e03lK0G7n5Be6aBXErLJJeZyzK3olLgMuR5e9NJDAt5Jxz30AEJYAC7Zx2NiopKQvpKg38waIUo683JXkuz4sWSCbFX3KD9YoG1hnjXY6OXPQyJPTyVg==; h=Received:Received:Received:Received:From:To:Cc:Subject:Date:Message-Id:X-Mailer; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=from:to :cc:subject:date:message-id; s=default; bh=93ZDVtGy3yzDEDhbn22y4 t0riLE=; b=JGHe6mYcDK5DVVXLljz88AiAq4cK6X61s/BOWG3gLuEW26RfiRIyy bp54B4uS3MMdtOkdXt4Zc80sBytQOuJFULkbMjOnZkhCu3NLYq9UnkAZNFXwGl01 BNNI/GsfSPzEvtQBF12TdtPv0WOIyr/RQzWb/b46cmjQ9k2i49bYZh7r+IQ2oHiR yJYwAqxQuRgHeLrtaVHDST7LhMlt79p7pNWrcjZIKnrlpTiAHMi2I+k4ITNwBOvm VKjYUuP/po6uyNLj6NUigTlrh6JLEd+z3terr6ocZnoLsKYPhxpD5ty4bwJc0lrT lxciNqL7oixBSFTJBiATSg4dT7/Q1xCRQ== Received: (qmail 7791 invoked from network); 29 Aug 2017 11:09:28 +0300 Received: from mx01robo.bbu.dsd.mx.bitdefender.com (10.17.80.60) by mx02.buh.bitdefender.com with AES128-GCM-SHA256 encrypted SMTP; 29 Aug 2017 11:09:28 +0300 Received: (qmail 12875 invoked from network); 29 Aug 2017 11:09:28 +0300 Received: from unknown (HELO aisaila-Latitude-E5570.dsd.bitdefender.biz) (10.10.195.54) by mx01robo.bbu.dsd.mx.bitdefender.com with SMTP; 29 Aug 2017 11:09:28 +0300 From: Alexandru Isaila To: xen-devel@lists.xen.org Date: Tue, 29 Aug 2017 11:09:26 +0300 Message-Id: <1503994166-4552-1-git-send-email-aisaila@bitdefender.com> X-Mailer: git-send-email 2.7.4 Cc: sstabellini@kernel.org, wei.liu2@citrix.com, rcojocaru@bitdefender.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, julien.grall@arm.com, tamas@tklengyel.com, jbeulich@suse.com, Alexandru Isaila Subject: [Xen-devel] [PATCH v9] x86/hvm: Allow guest_request vm_events coming from userspace X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP In some introspection usecases, an in-guest agent needs to communicate with the external introspection agent. An existing mechanism is HVMOP_guest_request_vm_event, but this is restricted to kernel usecases like all other hypercalls. Introduce a mechanism whereby the introspection agent can whitelist the use of HVMOP_guest_request_vm_event directly from userspace. Signed-off-by: Alexandru Isaila Acked-by: Wei Liu --- Changes since V8: - Changed funtion name from arch_allow_userspace to arch_monitor_allow_userspace - Added Wei Liu's ack from v7 Note: Could not test on ARM, compiled both on arm and x86 --- tools/libxc/include/xenctrl.h | 2 +- tools/libxc/xc_monitor.c | 3 ++- xen/arch/x86/hvm/hypercall.c | 5 +++++ xen/common/monitor.c | 1 + xen/include/asm-arm/monitor.h | 6 ++++++ xen/include/asm-x86/domain.h | 19 ++++++++++--------- xen/include/asm-x86/monitor.h | 6 ++++++ xen/include/public/domctl.h | 1 + 8 files changed, 32 insertions(+), 11 deletions(-) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index bde8313..a3d0929 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -2021,7 +2021,7 @@ int xc_monitor_software_breakpoint(xc_interface *xch, domid_t domain_id, int xc_monitor_descriptor_access(xc_interface *xch, domid_t domain_id, bool enable); int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id, - bool enable, bool sync); + bool enable, bool sync, bool allow_userspace); int xc_monitor_debug_exceptions(xc_interface *xch, domid_t domain_id, bool enable, bool sync); int xc_monitor_cpuid(xc_interface *xch, domid_t domain_id, bool enable); diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c index b44ce93..a677820 100644 --- a/tools/libxc/xc_monitor.c +++ b/tools/libxc/xc_monitor.c @@ -147,7 +147,7 @@ int xc_monitor_descriptor_access(xc_interface *xch, domid_t domain_id, } int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id, bool enable, - bool sync) + bool sync, bool allow_userspace) { DECLARE_DOMCTL; @@ -157,6 +157,7 @@ int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id, bool enable, : XEN_DOMCTL_MONITOR_OP_DISABLE; domctl.u.monitor_op.event = XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST; domctl.u.monitor_op.u.guest_request.sync = sync; + domctl.u.monitor_op.u.guest_request.allow_userspace = enable ? allow_userspace : false; return do_domctl(xch, &domctl); } diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index e7238ce..5742dd1 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -155,6 +155,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) /* Fallthrough to permission check. */ case 4: case 2: + if ( currd->arch.monitor.guest_request_userspace_enabled && + eax == __HYPERVISOR_hvm_op && + (mode == 8 ? regs->rdi : regs->ebx) == HVMOP_guest_request_vm_event ) + break; + if ( unlikely(hvm_get_cpl(curr)) ) { default: diff --git a/xen/common/monitor.c b/xen/common/monitor.c index 451f42f..4c540e5 100644 --- a/xen/common/monitor.c +++ b/xen/common/monitor.c @@ -75,6 +75,7 @@ int monitor_domctl(struct domain *d, struct xen_domctl_monitor_op *mop) domain_pause(d); d->monitor.guest_request_sync = mop->u.guest_request.sync; d->monitor.guest_request_enabled = requested_status; + arch_monitor_allow_userspace(d, mop->u.guest_request.allow_userspace); domain_unpause(d); break; } diff --git a/xen/include/asm-arm/monitor.h b/xen/include/asm-arm/monitor.h index 1c4fea3..e9dbcdb 100644 --- a/xen/include/asm-arm/monitor.h +++ b/xen/include/asm-arm/monitor.h @@ -26,6 +26,12 @@ #include static inline +void arch_monitor_allow_userspace(struct domain *d, uint8_t allow_userspace) +{ + return; +} + +static inline int arch_monitor_domctl_op(struct domain *d, struct xen_domctl_monitor_op *mop) { /* No arch-specific monitor ops on ARM. */ diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index c10522b..de02507 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -396,15 +396,16 @@ struct arch_domain /* Arch-specific monitor options */ struct { - unsigned int write_ctrlreg_enabled : 4; - unsigned int write_ctrlreg_sync : 4; - unsigned int write_ctrlreg_onchangeonly : 4; - unsigned int singlestep_enabled : 1; - unsigned int software_breakpoint_enabled : 1; - unsigned int debug_exception_enabled : 1; - unsigned int debug_exception_sync : 1; - unsigned int cpuid_enabled : 1; - unsigned int descriptor_access_enabled : 1; + unsigned int write_ctrlreg_enabled : 4; + unsigned int write_ctrlreg_sync : 4; + unsigned int write_ctrlreg_onchangeonly : 4; + unsigned int singlestep_enabled : 1; + unsigned int software_breakpoint_enabled : 1; + unsigned int debug_exception_enabled : 1; + unsigned int debug_exception_sync : 1; + unsigned int cpuid_enabled : 1; + unsigned int descriptor_access_enabled : 1; + unsigned int guest_request_userspace_enabled : 1; struct monitor_msr_bitmap *msr_bitmap; uint64_t write_ctrlreg_mask[4]; } monitor; diff --git a/xen/include/asm-x86/monitor.h b/xen/include/asm-x86/monitor.h index c5c323b..54ec6d6 100644 --- a/xen/include/asm-x86/monitor.h +++ b/xen/include/asm-x86/monitor.h @@ -33,6 +33,12 @@ struct monitor_msr_bitmap { }; static inline +void arch_monitor_allow_userspace(struct domain *d, uint8_t allow_userspace) +{ + d->arch.monitor.guest_request_userspace_enabled = allow_userspace; +} + +static inline int arch_monitor_domctl_op(struct domain *d, struct xen_domctl_monitor_op *mop) { int rc = 0; diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index ff39762..5997c52 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -1124,6 +1124,7 @@ struct xen_domctl_monitor_op { struct { /* Pause vCPU until response */ uint8_t sync; + uint8_t allow_userspace; } guest_request; struct {