[RFC,XEN,v3,09/39] xen/pmem: add framework for hypercall XEN_SYSCTL_nvdimm_op

Commit Message

Haozhong Zhang Sept. 11, 2017, 4:37 a.m. UTC

XEN_SYSCTL_nvdimm_op will support a set of sub-commands to manage the
physical NVDIMM devices. This commit just adds the framework for this
hypercall, and does not implement any sub-commands.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
---
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
---
 tools/flask/policy/modules/dom0.te  |  2 +-
 xen/common/pmem.c                   | 18 ++++++++++++++++++
 xen/common/sysctl.c                 |  9 +++++++++
 xen/include/public/sysctl.h         | 19 ++++++++++++++++++-
 xen/include/xen/pmem.h              |  2 ++
 xen/xsm/flask/hooks.c               |  4 ++++
 xen/xsm/flask/policy/access_vectors |  2 ++
 7 files changed, 54 insertions(+), 2 deletions(-)

Comments

Chao Peng Nov. 3, 2017, 7:40 a.m. UTC | #1

> +/*
> + * Interface for NVDIMM management.
> + */
> +
> +struct xen_sysctl_nvdimm_op {
> +    uint32_t cmd; /* IN: XEN_SYSCTL_nvdimm_*; none is implemented
> yet. */
> +    uint32_t pad; /* IN: Always zero. */

If alignment is the only concern, then err can be moved to here.

If it's designed for future and does not get used now, then it's better
to check its value explicitly.

Chao

Haozhong Zhang Nov. 3, 2017, 8:54 a.m. UTC | #2

On 11/03/17 15:40 +0800, Chao Peng wrote:
> 
> > +/*
> > + * Interface for NVDIMM management.
> > + */
> > +
> > +struct xen_sysctl_nvdimm_op {
> > +    uint32_t cmd; /* IN: XEN_SYSCTL_nvdimm_*; none is implemented
> > yet. */
> > +    uint32_t pad; /* IN: Always zero. */
> 
> If alignment is the only concern, then err can be moved to here.
> 
> If it's designed for future and does not get used now, then it's better
> to check its value explicitly.
> 

I'll move 'err' to the position of 'pad'.

Patch

diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index 338caaf41e..8a817b0b55 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -16,7 +16,7 @@  allow dom0_t xen_t:xen {
 allow dom0_t xen_t:xen2 {
 	resource_op psr_cmt_op psr_cat_op pmu_ctrl get_symbol
 	get_cpu_levelling_caps get_cpu_featureset livepatch_op
-	gcov_op set_parameter
+	gcov_op set_parameter nvdimm_op
 };
 
 # Allow dom0 to use all XENVER_ subops that have checks.
diff --git a/xen/common/pmem.c b/xen/common/pmem.c
index c9f5f6e904..d67f237cd5 100644
--- a/xen/common/pmem.c
+++ b/xen/common/pmem.c
@@ -131,6 +131,24 @@  int pmem_register(unsigned long smfn, unsigned long emfn, unsigned int pxm)
     return rc;
 }
 
+/**
+ * Top-level hypercall handler of XEN_SYSCTL_nvdimm_pmem_*.
+ *
+ * Parameters:
+ *  nvdimm: the hypercall parameters
+ *
+ * Return:
+ *  On success, return 0. Otherwise, return a non-zero error code.
+ */
+int pmem_do_sysctl(struct xen_sysctl_nvdimm_op *nvdimm)
+{
+    int rc = -ENOSYS;
+
+    nvdimm->err = -rc;
+
+    return rc;
+}
+
 #ifdef CONFIG_X86
 
 int __init pmem_dom0_setup_permission(struct domain *d)
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index a6882d1c9d..33c8fca081 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -28,6 +28,7 @@ 
 #include <xen/pmstat.h>
 #include <xen/livepatch.h>
 #include <xen/gcov.h>
+#include <xen/pmem.h>
 
 long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
 {
@@ -503,6 +504,14 @@  long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
         break;
     }
 
+#ifdef CONFIG_NVDIMM_PMEM
+    case XEN_SYSCTL_nvdimm_op:
+        ret = pmem_do_sysctl(&op->u.nvdimm);
+        if ( ret != -ENOSYS )
+            copyback = 1;
+        break;
+#endif
+
     default:
         ret = arch_do_sysctl(op, u_sysctl);
         copyback = 0;
diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h
index 7830b987da..e8272ae968 100644
--- a/xen/include/public/sysctl.h
+++ b/xen/include/public/sysctl.h
@@ -36,7 +36,7 @@ 
 #include "physdev.h"
 #include "tmem.h"
 
-#define XEN_SYSCTL_INTERFACE_VERSION 0x0000000F
+#define XEN_SYSCTL_INTERFACE_VERSION 0x00000010
 
 /*
  * Read console content from Xen buffer ring.
@@ -1114,6 +1114,21 @@  struct xen_sysctl_set_parameter {
 typedef struct xen_sysctl_set_parameter xen_sysctl_set_parameter_t;
 DEFINE_XEN_GUEST_HANDLE(xen_sysctl_set_parameter_t);
 
+/*
+ * Interface for NVDIMM management.
+ */
+
+struct xen_sysctl_nvdimm_op {
+    uint32_t cmd; /* IN: XEN_SYSCTL_nvdimm_*; none is implemented yet. */
+    uint32_t pad; /* IN: Always zero. */
+    union {
+        /* Parameters of XEN_SYSCTL_nvdimm_* will be added here. */
+    } u;
+    uint32_t err; /* OUT: error code */
+};
+typedef struct xen_sysctl_nvdimm_op xen_sysctl_nvdimm_op_t;
+DEFINE_XEN_GUEST_HANDLE(xen_sysctl_nvdimm_op_t);
+
 struct xen_sysctl {
     uint32_t cmd;
 #define XEN_SYSCTL_readconsole                    1
@@ -1143,6 +1158,7 @@  struct xen_sysctl {
 #define XEN_SYSCTL_get_cpu_featureset            26
 #define XEN_SYSCTL_livepatch_op                  27
 #define XEN_SYSCTL_set_parameter                 28
+#define XEN_SYSCTL_nvdimm_op                     29
     uint32_t interface_version; /* XEN_SYSCTL_INTERFACE_VERSION */
     union {
         struct xen_sysctl_readconsole       readconsole;
@@ -1172,6 +1188,7 @@  struct xen_sysctl {
         struct xen_sysctl_cpu_featureset    cpu_featureset;
         struct xen_sysctl_livepatch_op      livepatch;
         struct xen_sysctl_set_parameter     set_parameter;
+        struct xen_sysctl_nvdimm_op         nvdimm;
         uint8_t                             pad[128];
     } u;
 };
diff --git a/xen/include/xen/pmem.h b/xen/include/xen/pmem.h
index d5bd54ff19..922b12f570 100644
--- a/xen/include/xen/pmem.h
+++ b/xen/include/xen/pmem.h
@@ -20,9 +20,11 @@ 
 #define __XEN_PMEM_H__
 #ifdef CONFIG_NVDIMM_PMEM
 
+#include <public/sysctl.h>
 #include <xen/types.h>
 
 int pmem_register(unsigned long smfn, unsigned long emfn, unsigned int pxm);
+int pmem_do_sysctl(struct xen_sysctl_nvdimm_op *nvdimm);
 
 #ifdef CONFIG_X86
 
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 56dc5b0ab9..edfe529495 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -832,6 +832,10 @@  static int flask_sysctl(int cmd)
         return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
                                     XEN2__SET_PARAMETER, NULL);
 
+    case XEN_SYSCTL_nvdimm_op:
+        return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
+                                    XEN2__NVDIMM_OP, NULL);
+
     default:
         return avc_unknown_permission("sysctl", cmd);
     }
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index da9f3dfb2e..af05826064 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -103,6 +103,8 @@  class xen2
     gcov_op
 # XEN_SYSCTL_set_parameter
     set_parameter
+# XEN_SYSCTL_nvdimm_op
+    nvdimm_op
 }
 
 # Classes domain and domain2 consist of operations that a domain performs on