@@ -4356,6 +4356,7 @@ static int do_altp2m_op(
case HVMOP_altp2m_destroy_p2m:
case HVMOP_altp2m_switch_p2m:
case HVMOP_altp2m_set_mem_access:
+ case HVMOP_altp2m_set_suppress_ve:
case HVMOP_altp2m_change_gfn:
break;
default:
@@ -4472,6 +4473,19 @@ static int do_altp2m_op(
a.u.set_mem_access.view);
break;
+ case HVMOP_altp2m_set_suppress_ve:
+ if ( a.u.set_suppress_ve.pad1 || a.u.set_suppress_ve.pad2 )
+ rc = -EINVAL;
+ else
+ {
+ gfn_t gfn = _gfn(a.u.set_mem_access.gfn);
+ unsigned int altp2m_idx = a.u.set_mem_access.view;
+ uint8_t suppress_ve = a.u.set_suppress_ve.suppress_ve;
+
+ rc = p2m_set_suppress_ve(d, gfn, suppress_ve, altp2m_idx);
+ }
+ break;
+
case HVMOP_altp2m_change_gfn:
if ( a.u.change_gfn.pad1 || a.u.change_gfn.pad2 )
rc = -EINVAL;
@@ -466,6 +466,54 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access)
}
/*
+ * Set/clear the #VE suppress bit for a page. Only available on VMX.
+ */
+int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, uint8_t suppress_ve,
+ unsigned int altp2m_idx)
+{
+ struct p2m_domain *host_p2m = p2m_get_hostp2m(d);
+ struct p2m_domain *ap2m = NULL;
+ struct p2m_domain *p2m = NULL;
+ mfn_t mfn;
+ p2m_access_t a;
+ p2m_type_t t;
+ unsigned long gfn_l;
+ int rc = 0;
+
+ if ( !cpu_has_vmx )
+ return -EOPNOTSUPP;
+
+ if ( altp2m_idx > 0 )
+ {
+ if ( altp2m_idx >= MAX_ALTP2M ||
+ d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
+ return -EINVAL;
+
+ p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx];
+ }
+ else
+ {
+ p2m = host_p2m;
+ }
+
+ p2m_lock(host_p2m);
+ if ( ap2m )
+ p2m_lock(ap2m);
+
+ gfn_l = gfn_x(gfn);
+ mfn = p2m->get_entry(p2m, gfn_l, &t, &a, 0, NULL, NULL);
+ if ( !mfn_valid(mfn) )
+ return -ESRCH;
+ rc = p2m->set_entry(p2m, gfn_l, mfn, PAGE_ORDER_4K, t, a,
+ suppress_ve);
+ if ( ap2m )
+ p2m_unlock(ap2m);
+ p2m_unlock(host_p2m);
+
+ return rc;
+}
+
+/*
* Local variables:
* mode: C
* c-file-style: "BSD"
@@ -231,6 +231,18 @@ struct xen_hvm_altp2m_set_mem_access {
typedef struct xen_hvm_altp2m_set_mem_access xen_hvm_altp2m_set_mem_access_t;
DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_mem_access_t);
+struct xen_hvm_altp2m_set_suppress_ve {
+ /* view */
+ uint16_t view;
+ uint8_t suppress_ve;
+ uint8_t pad1;
+ uint32_t pad2;
+ /* gfn */
+ uint64_t gfn;
+};
+typedef struct xen_hvm_altp2m_set_suppress_ve xen_hvm_altp2m_set_suppress_ve_t;
+DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_suppress_ve_t);
+
struct xen_hvm_altp2m_change_gfn {
/* view */
uint16_t view;
@@ -262,6 +274,8 @@ struct xen_hvm_altp2m_op {
#define HVMOP_altp2m_set_mem_access 7
/* Change a p2m entry to have a different gfn->mfn mapping */
#define HVMOP_altp2m_change_gfn 8
+/* Set the "Suppress #VE" bit on a page */
+#define HVMOP_altp2m_set_suppress_ve 9
domid_t domain;
uint16_t pad1;
uint32_t pad2;
@@ -270,6 +284,7 @@ struct xen_hvm_altp2m_op {
struct xen_hvm_altp2m_vcpu_enable_notify enable_notify;
struct xen_hvm_altp2m_view view;
struct xen_hvm_altp2m_set_mem_access set_mem_access;
+ struct xen_hvm_altp2m_set_suppress_ve set_suppress_ve;
struct xen_hvm_altp2m_change_gfn change_gfn;
uint8_t pad[64];
} u;
@@ -78,6 +78,9 @@ long p2m_set_mem_access_multi(struct domain *d,
*/
int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access);
+int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, uint8_t suppress_ve,
+ unsigned int altp2m_idx);
+
#ifdef CONFIG_HAS_MEM_ACCESS
int mem_access_memop(unsigned long cmd,
XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg);
Introduce a new hvmop, HVMOP_altp2m_set_suppress_ve, which allows a domain to change the value of the #VE suppress bit for a page. Signed-off-by: Adrian Pop <apop@bitdefender.com> --- xen/arch/x86/hvm/hvm.c | 14 ++++++++++++ xen/arch/x86/mm/mem_access.c | 48 +++++++++++++++++++++++++++++++++++++++++ xen/include/public/hvm/hvm_op.h | 15 +++++++++++++ xen/include/xen/mem_access.h | 3 +++ 4 files changed, 80 insertions(+)