From patchwork Mon Aug 14 07:08:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?SsO8cmdlbiBHcm/Dnw==?= X-Patchwork-Id: 9898257 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 85A2860230 for ; Mon, 14 Aug 2017 07:12:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77FFE27D16 for ; Mon, 14 Aug 2017 07:12:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6CC6127F85; Mon, 14 Aug 2017 07:12:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C4C20285E6 for ; Mon, 14 Aug 2017 07:12:15 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dh9Vu-0006bI-Eq; Mon, 14 Aug 2017 07:10:14 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dh9Vt-0006XU-9Y for xen-devel@lists.xenproject.org; Mon, 14 Aug 2017 07:10:13 +0000 Received: from [193.109.254.147] by server-8.bemta-6.messagelabs.com id 1B/32-09901-4DC41995; Mon, 14 Aug 2017 07:10:12 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRWlGSWpSXmKPExsVyuP0Ov+4Vn4m RBjfmsVt83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBlH7p5jL1iiVfH4AVcD42aFLkZODgkBI4m3 E/8xdTFycQgJLGSU+HRpPSNIgk1AVWLD9VOsILaIgJLEvVWTwYqYBXqZJT49WMQMkhAW8JPYs /YTO4jNAtRw/GwHG4jNK2Aq8eZTBzPEBnmJjgOTWUBsTqD4pX1LwWwhAROJvq1dLBMYuRcwMq xi1ChOLSpLLdI1MtRLKspMzyjJTczM0TU0MNPLTS0uTkxPzUlMKtZLzs/dxAj0LwMQ7GD8syz gEKMkB5OSKG+CT2+kEF9SfkplRmJxRnxRaU5q8SFGGQ4OJQleA2C4CAkWpaanVqRl5gADDSYt wcGjJMK7whsozVtckJhbnJkOkTrFaMmxYfX6L0wcd/o2AMlXE/5/YxJiycvPS5US540BaRAAa cgozYMbB4uGS4yyUsK8jEAHCvEUpBblZpagyr9iFOdgVBLm3QYyhSczrwRu6yugg5iADuoD+Y W3uCQRISXVwOgho+STYfxNZEt2bu7u1GsluT2uU/94VF6P6/Dv/6y0XnurifgltzWRM3taIwu u8Yh/TJ0sxtNxof/oLiNlfaEZxaZ6Nb8PhD8/NOlAZ9v+LVfcZpismrj29DMBV7/f2s+u7WFp srV7baSsoMGRG3lMxP7fOv/TO82UJM9aXXBertJi2y7kpsRSnJFoqMVcVJwIABEJr+WBAgAA X-Env-Sender: jgross@suse.com X-Msg-Ref: server-7.tower-27.messagelabs.com!1502694611!107059469!1 X-Originating-IP: [195.135.220.15] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 62847 invoked from network); 14 Aug 2017 07:10:12 -0000 Received: from mx2.suse.de (HELO mx1.suse.de) (195.135.220.15) by server-7.tower-27.messagelabs.com with DHE-RSA-CAMELLIA256-SHA encrypted SMTP; 14 Aug 2017 07:10:12 -0000 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id A714EAD6F; Mon, 14 Aug 2017 07:09:11 +0000 (UTC) From: Juergen Gross To: xen-devel@lists.xenproject.org Date: Mon, 14 Aug 2017 09:08:45 +0200 Message-Id: <20170814070849.20986-49-jgross@suse.com> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20170814070849.20986-1-jgross@suse.com> References: <20170814070849.20986-1-jgross@suse.com> Cc: Juergen Gross , Stefano Stabellini , Wei Liu , George Dunlap , Andrew Cooper , Ian Jackson , Tim Deegan , Jan Beulich , Daniel De Graaf Subject: [Xen-devel] [PATCH v2 48/52] xen: add hypercall for setting parameters at runtime X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add a sysctl hypercall to support setting parameters similar to command line parameters, but at runtime. The parameters to set are specified as a string, just like the boot parameters. Cc: Daniel De Graaf Cc: Ian Jackson Cc: Wei Liu Cc: Andrew Cooper Cc: George Dunlap Cc: Jan Beulich Cc: Konrad Rzeszutek Wilk Cc: Stefano Stabellini Cc: Tim Deegan Signed-off-by: Juergen Gross Acked-by: Daniel De Graaf --- V2: - corrected XSM test (Daniel De Graaf) --- tools/flask/policy/modules/dom0.te | 2 +- xen/common/sysctl.c | 29 +++++++++++++++++++++++++++++ xen/include/public/sysctl.h | 19 +++++++++++++++++++ xen/xsm/flask/hooks.c | 3 +++ xen/xsm/flask/policy/access_vectors | 2 ++ 5 files changed, 54 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te index d0a4d91ac0..338caaf41e 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -16,7 +16,7 @@ allow dom0_t xen_t:xen { allow dom0_t xen_t:xen2 { resource_op psr_cmt_op psr_cat_op pmu_ctrl get_symbol get_cpu_levelling_caps get_cpu_featureset livepatch_op - gcov_op + gcov_op set_parameter }; # Allow dom0 to use all XENVER_ subops that have checks. diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index ae58a0f650..a3237fe9be 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -467,6 +467,35 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) copyback = 1; break; + case XEN_SYSCTL_set_parameter: + { + char *params; + + if ( op->u.set_parameter.size > XEN_SET_PARAMETER_MAX_SIZE ) + { + ret = -EINVAL; + break; + } + params = xmalloc_bytes(op->u.set_parameter.size + 1); + if ( !params ) + { + ret = -ENOMEM; + break; + } + if ( __copy_from_guest(params, op->u.set_parameter.params, + op->u.set_parameter.size) ) + ret = -EFAULT; + else + { + params[op->u.set_parameter.size] = 0; + ret = runtime_parse(params); + } + + xfree(params); + + break; + } + default: ret = arch_do_sysctl(op, u_sysctl); copyback = 0; diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 9e51af61e1..43b18bdb9b 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -1096,6 +1096,23 @@ struct xen_sysctl_livepatch_op { typedef struct xen_sysctl_livepatch_op xen_sysctl_livepatch_op_t; DEFINE_XEN_GUEST_HANDLE(xen_sysctl_livepatch_op_t); +/* + * XEN_SYSCTL_set_parameter + * + * Change hypervisor parameters at runtime. + * The input string is parsed similar to the boot parameters. + */ + +#define XEN_SET_PARAMETER_MAX_SIZE 1023 +struct xen_sysctl_set_parameter { + XEN_GUEST_HANDLE_64(char) params; /* IN: pointer to parameters. */ + uint16_t size; /* IN: size of parameters. Max. + XEN_SET_PARAMETER_MAX_SIZE. */ + uint16_t pad[3]; /* IN: MUST be zero. */ +}; +typedef struct xen_sysctl_set_parameter xen_sysctl_set_parameter_t; +DEFINE_XEN_GUEST_HANDLE(xen_sysctl_set_parameter_t); + struct xen_sysctl { uint32_t cmd; #define XEN_SYSCTL_readconsole 1 @@ -1124,6 +1141,7 @@ struct xen_sysctl { #define XEN_SYSCTL_get_cpu_levelling_caps 25 #define XEN_SYSCTL_get_cpu_featureset 26 #define XEN_SYSCTL_livepatch_op 27 +#define XEN_SYSCTL_set_parameter 28 uint32_t interface_version; /* XEN_SYSCTL_INTERFACE_VERSION */ union { struct xen_sysctl_readconsole readconsole; @@ -1152,6 +1170,7 @@ struct xen_sysctl { struct xen_sysctl_cpu_levelling_caps cpu_levelling_caps; struct xen_sysctl_cpu_featureset cpu_featureset; struct xen_sysctl_livepatch_op livepatch; + struct xen_sysctl_set_parameter set_parameter; uint8_t pad[128]; } u; }; diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index fd84ac0f09..c9c275bf3b 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -825,6 +825,9 @@ static int flask_sysctl(int cmd) case XEN_SYSCTL_gcov_op: return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, XEN2__GCOV_OP, NULL); + case XEN_SYSCTL_set_parameter: + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, + XEN2__SET_PARAMETER, NULL); default: return avc_unknown_permission("sysctl", cmd); diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 1f7eb35fc8..b80fca1ec0 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -101,6 +101,8 @@ class xen2 livepatch_op # XEN_SYSCTL_gcov_op gcov_op +# XEN_SYSCTL_set_parameter + set_parameter } # Classes domain and domain2 consist of operations that a domain performs on