From patchwork Mon Oct 9 17:30:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petre Ovidiu PIRCALABU X-Patchwork-Id: 9993993 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id DFDB760230 for ; Mon, 9 Oct 2017 17:33:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5DE428409 for ; Mon, 9 Oct 2017 17:33:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B8EB8283C3; Mon, 9 Oct 2017 17:33:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B3715283C3 for ; Mon, 9 Oct 2017 17:33:26 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1bt6-0002qA-Rr; Mon, 09 Oct 2017 17:30:44 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1bt4-0002q0-Qa for xen-devel@lists.xen.org; Mon, 09 Oct 2017 17:30:43 +0000 Received: from [85.158.137.68] by server-17.bemta-3.messagelabs.com id 12/FD-03207-142BBD95; Mon, 09 Oct 2017 17:30:41 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnkeJIrShJLcpLzFFi42KJPp7Rquu46Xa kwfn5XBZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8b2W01sBa+TKr7OWM/ewNjv08XIycEsYC3R +6+ZEcRmEWhmkehv5+pi5AKyfzJLfGhfCpYQEnCXODJpCjNIQkhgPqPEjV3rWGASSw7fYIFIL GKU6HnbwQySYBMwkliy7C07iC0iIC1x7fNlRpAiZoF5TBLPez6DJYQF3CS2vWlgg9itKjFp5n OwOK+Ap8SPySvAbAkBOYmb5zqZJzDyLWBkWMWoUZxaVJZapGtkpJdUlJmeUZKbmJmja2hgrJe bWlycmJ6ak5hUrJecn7uJERgs9QwMjDsYp57wO8QoycGkJMqrteF2pBBfUn5KZUZicUZ8UWlO avEhRhkODiUJ3tCNQDnBotT01Iq0zBxg2MKkJTh4lER4bUHSvMUFibnFmekQqVOMxhzHNl3+w 8TRcfPuHyYhlrz8vFQpcd5UkFIBkNKM0jy4QbB4usQoKyXMy8jAwCDEU5BalJtZgir/ilGcg1 FJmJcTZApPZl4J3L5XQKcwAZ3CWHwD5JSSRISUVANj0lR/Y35Dxst/e2eIHPnccvVwe4O22kr R+r3M/r8C4q7wTF3YFuhfuGLiXIeSA3l6AjPXTCjeYFtw+ej39+tfGfla+/zunXd4m5Cu4xw5 /0NmC14bnUuZ5fFhc6OD82LHi/8XVxTZr2ZkKSzK/d1f9eLoPqcFcQIK1QnZM3N3Bs0vVXp56 rW7EktxRqKhFnNRcSIA4QBfQqICAAA= X-Env-Sender: ppircalabu@bitdefender.com X-Msg-Ref: server-5.tower-31.messagelabs.com!1507570240!106225712!1 X-Originating-IP: [91.199.104.133] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 26227 invoked from network); 9 Oct 2017 17:30:41 -0000 Received: from mx02.bbu.dsd.mx.bitdefender.com (HELO mx02.buh.bitdefender.com) (91.199.104.133) by server-5.tower-31.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 9 Oct 2017 17:30:41 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=Qc0Zxn7+sCiJQpMAA6q3AyzCfowrBsiF3d/KhUGdnwxEjayUhN5bWkTHdK2lJKd21y0f82oDSgG2Belg1/nDzVJHWHKnwq8WcnKuJVzmdOhkRgk+OAzFNooQbX/wzKSiZPVlQgkyv9PWfHoFj5RnQxcXzKYZsQ4ycpP2Aqmp0C1ileCTI7noBVxi4KLFX9I8uolJGxH0Cs8qzAs/njnAq3ZkXu29rC9KQeqaQ2cMY9cF4TiTuQyoJfQ+Z98ryqG1zj37CxK6s9WrEqGL2hOYhDDztx6YoVkUaNQLOmEfZD7qULX+qEvwgUr37vyZU95qlE+gbvsHfhnxIjeer4cZAQ==; h=Received:Received:Received:Received:From:To:Cc:Subject:Date:Message-Id:X-Mailer; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=from:to :cc:subject:date:message-id; s=default; bh=cuwnPkjAkLnLQ1OgpvQut i5bnJs=; b=cQfh36CTAVihfQ/9qmutmxCUojgHfdoVFVhUG5CZE4BVwtE4YV46c K7LXUW4fkD9JtTlFUKn23v92qTwCu16112olnGhZR/zYi6T1bisDGepINEGzT1Nc OdilKbUgVrofpIaHZrEAeCXs0YWt2m/neErELP85b1CsjiTYGK5JYxgJW4OmHhFZ +fHZDpR3rYo8J5qNT6dEaA3qu9DvAO72yHZx/sw6XseGql7uqClMFfJLFJK5zBgn s6FesE1iXeYc/STPS+i0zujv6U6tr4qlgb83Pzhe3TxTZ2ZaSC+N++ZjRr/CPYg9 piTrdp/tJ5Qfwv7lo1b9FRV6J+YEhHz7w== Received: (qmail 11505 invoked from network); 9 Oct 2017 20:30:38 +0300 Received: from mx01robo.bbu.dsd.mx.bitdefender.com (10.17.80.60) by mx02.buh.bitdefender.com with AES128-GCM-SHA256 encrypted SMTP; 9 Oct 2017 20:30:38 +0300 Received: (qmail 10263 invoked from network); 9 Oct 2017 20:30:38 +0300 Received: from unknown (HELO pepi-OptiPlex-9020.bbu.bitdefender.biz) (10.10.194.146) by mx01robo.bbu.dsd.mx.bitdefender.com with SMTP; 9 Oct 2017 20:30:38 +0300 From: Petre Pircalabu To: xen-devel@lists.xen.org Date: Mon, 9 Oct 2017 20:30:37 +0300 Message-Id: <1507570237-5420-1-git-send-email-ppircalabu@bitdefender.com> X-Mailer: git-send-email 2.7.4 Cc: Petre Pircalabu , sstabellini@kernel.org, wei.liu2@citrix.com, Razvan Cojocaru , konrad.wilk@oracle.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, jbeulich@suse.com Subject: [Xen-devel] [PATCH v4] x86/altp2m: Added xc_altp2m_set_mem_access_multi() X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Razvan Cojocaru For the default EPT view we have xc_set_mem_access_multi(), which is able to set an array of pages to an array of access rights with a single hypercall. However, this functionality was lacking for the altp2m subsystem, which could only set page restrictions for one page at a time. This patch addresses the gap. HVMOP_altp2m_set_mem_access_multi has been added as a HVMOP (as opposed to a DOMCTL) for consistency with its HVMOP_altp2m_set_mem_access counterpart (and hence with the original altp2m design, where domains are allowed - with the proper altp2m access rights - to alter these settings), in the absence of an official position on the issue from the original altp2m designers. Signed-off-by: Razvan Cojocaru Signed-off-by: Petre Pircalabu --- Changed since v2: * Added support for compat arguments translation Changed since v3: * Replaced __copy_to_guest with __copy_field_to_guest * Removed the un-needed parentheses. * Fixed xlat.lst ordering * Added comment to patch description explaining why the functionality was added as an HVMOP. * Guard using XEN_GENERATING_COMPAT_HEADERS the hvmmem_type_t definition. This will prevent suplicate definitions to be generated for the compat equivalent. * Added comment describing the manual translation of xen_hvm_altp2m_op_t generic fields from compat_hvm_altp2m_opt. --- tools/libxc/include/xenctrl.h | 3 ++ tools/libxc/xc_altp2m.c | 41 +++++++++++++++++++++ xen/arch/x86/hvm/hvm.c | 80 ++++++++++++++++++++++++++++++++++++++++- xen/include/Makefile | 1 + xen/include/public/hvm/hvm_op.h | 39 +++++++++++++++++--- xen/include/xlat.lst | 1 + 6 files changed, 159 insertions(+), 6 deletions(-) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 3bcab3c..4e2ce64 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -1971,6 +1971,9 @@ int xc_altp2m_switch_to_view(xc_interface *handle, domid_t domid, int xc_altp2m_set_mem_access(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access); +int xc_altp2m_set_mem_access_multi(xc_interface *handle, domid_t domid, + uint16_t view_id, uint8_t *access, + uint64_t *pages, uint32_t nr); int xc_altp2m_change_gfn(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t old_gfn, xen_pfn_t new_gfn); diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c index 0639632..f202ca1 100644 --- a/tools/libxc/xc_altp2m.c +++ b/tools/libxc/xc_altp2m.c @@ -188,6 +188,47 @@ int xc_altp2m_set_mem_access(xc_interface *handle, domid_t domid, return rc; } +int xc_altp2m_set_mem_access_multi(xc_interface *xch, domid_t domid, + uint16_t view_id, uint8_t *access, + uint64_t *pages, uint32_t nr) +{ + int rc; + + DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg); + DECLARE_HYPERCALL_BOUNCE(access, nr, XC_HYPERCALL_BUFFER_BOUNCE_IN); + DECLARE_HYPERCALL_BOUNCE(pages, nr * sizeof(uint64_t), + XC_HYPERCALL_BUFFER_BOUNCE_IN); + + arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_ALTP2M_INTERFACE_VERSION; + arg->cmd = HVMOP_altp2m_set_mem_access_multi; + arg->domain = domid; + arg->u.set_mem_access_multi.view = view_id; + arg->u.set_mem_access_multi.nr = nr; + + if ( xc_hypercall_bounce_pre(xch, pages) || + xc_hypercall_bounce_pre(xch, access) ) + { + PERROR("Could not bounce memory for HVMOP_altp2m_set_mem_access_multi"); + return -1; + } + + set_xen_guest_handle(arg->u.set_mem_access_multi.pfn_list, pages); + set_xen_guest_handle(arg->u.set_mem_access_multi.access_list, access); + + rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(xch, arg); + xc_hypercall_bounce_post(xch, access); + xc_hypercall_bounce_post(xch, pages); + + return rc; +} + int xc_altp2m_change_gfn(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t old_gfn, xen_pfn_t new_gfn) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 205b4cb..9b5302a 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -73,6 +73,8 @@ #include #include +#include + bool_t __read_mostly hvm_enabled; #ifdef DBG_LEVEL_0 @@ -4451,6 +4453,7 @@ static int do_altp2m_op( case HVMOP_altp2m_destroy_p2m: case HVMOP_altp2m_switch_p2m: case HVMOP_altp2m_set_mem_access: + case HVMOP_altp2m_set_mem_access_multi: case HVMOP_altp2m_change_gfn: break; default: @@ -4568,6 +4571,30 @@ static int do_altp2m_op( a.u.set_mem_access.view); break; + case HVMOP_altp2m_set_mem_access_multi: + if ( a.u.set_mem_access_multi.pad || + a.u.set_mem_access_multi.opaque >= a.u.set_mem_access_multi.nr ) + { + rc = -EINVAL; + break; + } + rc = p2m_set_mem_access_multi(d, a.u.set_mem_access_multi.pfn_list, + a.u.set_mem_access_multi.access_list, + a.u.set_mem_access_multi.nr, + a.u.set_mem_access_multi.opaque, + MEMOP_CMD_MASK, + a.u.set_mem_access_multi.view); + if ( rc > 0 ) + { + a.u.set_mem_access_multi.opaque = rc; + if ( __copy_field_to_guest(guest_handle_cast(arg, xen_hvm_altp2m_op_t), &a, u.set_mem_access_multi.opaque) ) + rc = -EFAULT; + else + rc = hypercall_create_continuation(__HYPERVISOR_hvm_op, "lh", + HVMOP_altp2m, arg); + } + break; + case HVMOP_altp2m_change_gfn: if ( a.u.change_gfn.pad1 || a.u.change_gfn.pad2 ) rc = -EINVAL; @@ -4586,6 +4613,57 @@ static int do_altp2m_op( return rc; } +static int compat_altp2m_op( + XEN_GUEST_HANDLE_PARAM(void) arg) +{ + struct compat_hvm_altp2m_op a; + union + { + XEN_GUEST_HANDLE_PARAM(void) hnd; + struct xen_hvm_altp2m_op *altp2m_op; + } nat; + + if ( !hvm_altp2m_supported() ) + return -EOPNOTSUPP; + + if ( copy_from_guest(&a, arg, 1) ) + return -EFAULT; + + if ( a.pad1 || a.pad2 || + (a.version != HVMOP_ALTP2M_INTERFACE_VERSION) ) + return -EINVAL; + + set_xen_guest_handle(nat.hnd, COMPAT_ARG_XLAT_VIRT_BASE); + + switch ( a.cmd ) + { + case HVMOP_altp2m_set_mem_access_multi: +#define XLAT_hvm_altp2m_set_mem_access_multi_HNDL_pfn_list(_d_, _s_); \ + guest_from_compat_handle((_d_)->pfn_list, (_s_)->pfn_list) +#define XLAT_hvm_altp2m_set_mem_access_multi_HNDL_access_list(_d_, _s_); \ + guest_from_compat_handle((_d_)->access_list, (_s_)->access_list) + XLAT_hvm_altp2m_set_mem_access_multi(&nat.altp2m_op->u.set_mem_access_multi, + &a.u.set_mem_access_multi); +#undef XLAT_hvm_altp2m_set_mem_access_multi_HNDL_pfn_list +#undef XLAT_hvm_altp2m_set_mem_access_multi_HNDL_access_list + break; + default: + return do_altp2m_op(arg); + } + + /* Manually fill the common part of the xen_hvm_altp2m_op structure because + * the generated XLAT_hvm_altp2m_op macro doesn't correctly handle the + * translation of all fields from compat_hvm_altp2m_op to xen_hvm_altp2m_op. + */ + nat.altp2m_op->version = a.version; + nat.altp2m_op->cmd = a.cmd; + nat.altp2m_op->domain = a.domain; + nat.altp2m_op->pad1 = a.pad1; + nat.altp2m_op->pad2 = a.pad2; + + return do_altp2m_op(nat.hnd); +} + static int hvmop_get_mem_type( XEN_GUEST_HANDLE_PARAM(xen_hvm_get_mem_type_t) arg) { @@ -4733,7 +4811,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) break; case HVMOP_altp2m: - rc = do_altp2m_op(arg); + rc = current->hcall_compat ? compat_altp2m_op(arg) : do_altp2m_op(arg); break; default: diff --git a/xen/include/Makefile b/xen/include/Makefile index c90fdee..814b0a8 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -28,6 +28,7 @@ headers-$(CONFIG_X86) += compat/arch-x86/xen.h headers-$(CONFIG_X86) += compat/arch-x86/xen-$(compat-arch-y).h headers-$(CONFIG_X86) += compat/hvm/hvm_vcpu.h headers-$(CONFIG_X86) += compat/hvm/dm_op.h +headers-$(CONFIG_X86) += compat/hvm/hvm_op.h headers-y += compat/arch-$(compat-arch-y).h compat/pmu.h compat/xlat.h headers-$(CONFIG_FLASK) += compat/xsm/flask_op.h diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index 0bdafdf..c12c1af 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -83,6 +83,13 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_pci_link_route_t); /* Flushes all VCPU TLBs: @arg must be NULL. */ #define HVMOP_flush_tlbs 5 +/* + * hvmmem_type_t should not be defined when generating the corresponding + * compat header. This will ensure that the HVMMEM_(*) values are defined + * only once. + */ +#ifndef XEN_GENERATING_COMPAT_HEADERS + typedef enum { HVMMEM_ram_rw, /* Normal read/write guest RAM */ HVMMEM_ram_ro, /* Read-only; writes are discarded */ @@ -102,6 +109,8 @@ typedef enum { to HVMMEM_ram_rw. */ } hvmmem_type_t; +#endif /* XEN_GENERATING_COMPAT_HEADERS */ + /* Hint from PV drivers for pagetable destruction. */ #define HVMOP_pagetable_dying 9 struct xen_hvm_pagetable_dying { @@ -237,6 +246,23 @@ struct xen_hvm_altp2m_set_mem_access { typedef struct xen_hvm_altp2m_set_mem_access xen_hvm_altp2m_set_mem_access_t; DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_mem_access_t); +struct xen_hvm_altp2m_set_mem_access_multi { + /* view */ + uint16_t view; + uint16_t pad; + /* Number of pages */ + uint32_t nr; + /* Used for continuation purposes */ + uint64_t opaque; + /* List of pfns to set access for */ + XEN_GUEST_HANDLE(const_uint64) pfn_list; + /* Corresponding list of access settings for pfn_list */ + XEN_GUEST_HANDLE(const_uint8) access_list; +}; +typedef struct xen_hvm_altp2m_set_mem_access_multi + xen_hvm_altp2m_set_mem_access_multi_t; +DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_mem_access_multi_t); + struct xen_hvm_altp2m_change_gfn { /* view */ uint16_t view; @@ -268,15 +294,18 @@ struct xen_hvm_altp2m_op { #define HVMOP_altp2m_set_mem_access 7 /* Change a p2m entry to have a different gfn->mfn mapping */ #define HVMOP_altp2m_change_gfn 8 +/* Set access for an array of pages */ +#define HVMOP_altp2m_set_mem_access_multi 9 domid_t domain; uint16_t pad1; uint32_t pad2; union { - struct xen_hvm_altp2m_domain_state domain_state; - struct xen_hvm_altp2m_vcpu_enable_notify enable_notify; - struct xen_hvm_altp2m_view view; - struct xen_hvm_altp2m_set_mem_access set_mem_access; - struct xen_hvm_altp2m_change_gfn change_gfn; + struct xen_hvm_altp2m_domain_state domain_state; + struct xen_hvm_altp2m_vcpu_enable_notify enable_notify; + struct xen_hvm_altp2m_view view; + struct xen_hvm_altp2m_set_mem_access set_mem_access; + struct xen_hvm_altp2m_change_gfn change_gfn; + struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi; uint8_t pad[64]; } u; }; diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst index 0f17000..5010fcc 100644 --- a/xen/include/xlat.lst +++ b/xen/include/xlat.lst @@ -70,6 +70,7 @@ ? dm_op_set_pci_intx_level hvm/dm_op.h ? dm_op_set_pci_link_route hvm/dm_op.h ? dm_op_track_dirty_vram hvm/dm_op.h +! hvm_altp2m_set_mem_access_multi hvm/hvm_op.h ? vcpu_hvm_context hvm/hvm_vcpu.h ? vcpu_hvm_x86_32 hvm/hvm_vcpu.h ? vcpu_hvm_x86_64 hvm/hvm_vcpu.h