From patchwork Tue Jun 16 15:19:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608033 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D8CD8913 for ; Tue, 16 Jun 2020 15:21:28 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BB2E220679 for ; Tue, 16 Jun 2020 15:21:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BB2E220679 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDO2-0000ld-5t; Tue, 16 Jun 2020 15:20:30 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDO0-0000lW-Lq for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:20:28 +0000 X-Inumbo-ID: e7e79543-afe4-11ea-b8fa-12813bfff9fa Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id e7e79543-afe4-11ea-b8fa-12813bfff9fa; Tue, 16 Jun 2020 15:20:27 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id 61494A2F7F; Tue, 16 Jun 2020 17:20:26 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 5932FA2F1B; Tue, 16 Jun 2020 17:20:25 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ygcaQrcrZZFG; Tue, 16 Jun 2020 17:20:24 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id DF56DA2F83; Tue, 16 Jun 2020 17:20:24 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id YzAseoL7iKyk; Tue, 16 Jun 2020 17:20:24 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id B8BA2A2F7F; Tue, 16 Jun 2020 17:20:24 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id A898C214C8; Tue, 16 Jun 2020 17:19:54 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 0s9kBhbUbJkK; Tue, 16 Jun 2020 17:19:49 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 4831B219C6; Tue, 16 Jun 2020 17:19:49 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id LDyti-DuYn1R; Tue, 16 Jun 2020 17:19:49 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id 2BCD721979; Tue, 16 Jun 2020 17:19:49 +0200 (CEST) Date: Tue, 16 Jun 2020 17:19:49 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <2141998496.8765382.1592320789155.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 1/7] x86/vmx: add Intel PT MSR definitions MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: x86/vmx: add Intel PT MSR definitions Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9hpInjbCi X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , Jan Beulich , Roger Pau =?utf-8?b?TW9ubsOp?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Define constants related to Intel Processor Trace features. Signed-off-by: Michal Leszczynski --- xen/include/asm-x86/msr-index.h | 37 +++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index b328a47ed8..ecf0dd8bab 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -621,4 +621,41 @@ #define MSR_PKGC9_IRTL 0x00000634 #define MSR_PKGC10_IRTL 0x00000635 +/* Intel PT MSRs */ +#define MSR_IA32_RTIT_CTL 0x00000570 +#define RTIT_CTL_TRACEEN (1ULL << 0) +#define RTIT_CTL_CYCEN (1ULL << 1) +#define RTIT_CTL_OS (1ULL << 2) +#define RTIT_CTL_USR (1ULL << 3) +#define RTIT_CTL_PWR_EVT_EN (1ULL << 4) +#define RTIT_CTL_FUP_ON_PTW (1ULL << 5) +#define RTIT_CTL_FABRIC_EN (1ULL << 6) +#define RTIT_CTL_CR3_FILTER (1ULL << 7) +#define RTIT_CTL_TOPA (1ULL << 8) +#define RTIT_CTL_MTC_EN (1ULL << 9) +#define RTIT_CTL_TSC_EN (1ULL << 10) +#define RTIT_CTL_DIS_RETC (1ULL << 11) +#define RTIT_CTL_PTW_EN (1ULL << 12) +#define RTIT_CTL_BRANCH_EN (1ULL << 13) +#define RTIT_CTL_MTC_FREQ_OFFSET 14 +#define RTIT_CTL_MTC_FREQ (0x0fULL << RTIT_CTL_MTC_FREQ_OFFSET) +#define RTIT_CTL_CYC_THRESH_OFFSET 19 +#define RTIT_CTL_CYC_THRESH (0x0fULL << RTIT_CTL_CYC_THRESH_OFFSET) +#define RTIT_CTL_PSB_FREQ_OFFSET 24 +#define RTIT_CTL_PSB_FREQ (0x0fULL << RTIT_CTL_PSB_FREQ_OFFSET) +#define RTIT_CTL_ADDR_OFFSET(n) (32 + 4 * (n)) +#define RTIT_CTL_ADDR(n) (0x0fULL << RTIT_CTL_ADDR_OFFSET(n)) +#define MSR_IA32_RTIT_STATUS 0x00000571 +#define RTIT_STATUS_FILTER_EN (1ULL << 0) +#define RTIT_STATUS_CONTEXT_EN (1ULL << 1) +#define RTIT_STATUS_TRIGGER_EN (1ULL << 2) +#define RTIT_STATUS_ERROR (1ULL << 4) +#define RTIT_STATUS_STOPPED (1ULL << 5) +#define RTIT_STATUS_BYTECNT (0x1ffffULL << 32) +#define MSR_IA32_RTIT_CR3_MATCH 0x00000572 +#define MSR_IA32_RTIT_OUTPUT_BASE 0x00000560 +#define MSR_IA32_RTIT_OUTPUT_MASK 0x00000561 +#define MSR_IA32_RTIT_ADDR_A(n) (0x00000580 + (n) * 2) +#define MSR_IA32_RTIT_ADDR_B(n) (0x00000581 + (n) * 2) + #endif /* __ASM_MSR_INDEX_H */ From patchwork Tue Jun 16 15:20:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608035 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 92E8760D for ; Tue, 16 Jun 2020 15:21:38 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 78CBD20679 for ; Tue, 16 Jun 2020 15:21:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 78CBD20679 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDOq-0000p0-Fk; Tue, 16 Jun 2020 15:21:20 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDOp-0000od-IM for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:21:19 +0000 X-Inumbo-ID: 0607135e-afe5-11ea-b8fa-12813bfff9fa Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 0607135e-afe5-11ea-b8fa-12813bfff9fa; Tue, 16 Jun 2020 15:21:17 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id DCE1AA2F7F; Tue, 16 Jun 2020 17:21:16 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id D1CF0A2F1B; Tue, 16 Jun 2020 17:21:15 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 1IX_Wv1W9EV2; Tue, 16 Jun 2020 17:21:15 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 3F5A9A2F7F; Tue, 16 Jun 2020 17:21:15 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CYIsx1oo8cqH; Tue, 16 Jun 2020 17:21:15 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id D8E49A2F1B; Tue, 16 Jun 2020 17:21:14 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id C7E88214C8; Tue, 16 Jun 2020 17:20:44 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UCz46vSR1JE1; Tue, 16 Jun 2020 17:20:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 3C30A215F4; Tue, 16 Jun 2020 17:20:39 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id QRbMjIWtaEP1; Tue, 16 Jun 2020 17:20:39 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id 1E18C214C8; Tue, 16 Jun 2020 17:20:39 +0200 (CEST) Date: Tue, 16 Jun 2020 17:20:39 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <1672321493.8765712.1592320839082.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 2/7] x86/vmx: add IPT cpu feature MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: x86/vmx: add IPT cpu feature Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9hgbflCcQ X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Kevin Tian , Jun Nakajima , Wei Liu , Andrew Cooper , Jan Beulich , Roger Pau =?utf-8?b?TW9ubsOp?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Check if Intel Processor Trace feature is supported by current processor. Define hvm_ipt_supported function. Signed-off-by: Michal Leszczynski --- xen/arch/x86/hvm/vmx/vmx.c | 24 +++++++++++++++++++++ xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/hvm/hvm.h | 9 ++++++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 36 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index ab19d9424e..a91bbdb798 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2484,6 +2484,7 @@ static bool __init has_if_pschange_mc(void) const struct hvm_function_table * __init start_vmx(void) { + u64 _vmx_misc_cap; set_in_cr4(X86_CR4_VMXE); if ( vmx_vmcs_init() ) @@ -2557,6 +2558,29 @@ const struct hvm_function_table * __init start_vmx(void) vmx_function_table.get_guest_bndcfgs = vmx_get_guest_bndcfgs; } + /* Check whether IPT is supported in VMX operation */ + vmx_function_table.ipt_supported = 1; + + if ( !cpu_has_ipt ) + { + vmx_function_table.ipt_supported = 0; + printk("VMX: Missing support for Intel Processor Trace x86 feature.\n"); + } + + rdmsrl(MSR_IA32_VMX_MISC, _vmx_misc_cap); + + if ( !( _vmx_misc_cap & VMX_MISC_PT_SUPPORTED ) ) + { + vmx_function_table.ipt_supported = 0; + printk("VMX: Missing support for Intel Processor Trace in VMX operation, VMX_MISC caps: %llx\n", + (unsigned long long)_vmx_misc_cap); + } + + if (vmx_function_table.ipt_supported) + { + printk("VMX: Intel Processor Trace is SUPPORTED"); + } + lbr_tsx_fixup_check(); ler_to_fixup_check(); diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index f790d5c1f8..8d7955dd87 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -104,6 +104,7 @@ #define cpu_has_clwb boot_cpu_has(X86_FEATURE_CLWB) #define cpu_has_avx512er boot_cpu_has(X86_FEATURE_AVX512ER) #define cpu_has_avx512cd boot_cpu_has(X86_FEATURE_AVX512CD) +#define cpu_has_ipt boot_cpu_has(X86_FEATURE_IPT) #define cpu_has_sha boot_cpu_has(X86_FEATURE_SHA) #define cpu_has_avx512bw boot_cpu_has(X86_FEATURE_AVX512BW) #define cpu_has_avx512vl boot_cpu_has(X86_FEATURE_AVX512VL) diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 1eb377dd82..48465b6067 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -96,6 +96,9 @@ struct hvm_function_table { /* Necessary hardware support for alternate p2m's? */ bool altp2m_supported; + /* Hardware support for IPT? */ + bool ipt_supported; + /* Hardware virtual interrupt delivery enable? */ bool virtual_intr_delivery_enabled; @@ -630,6 +633,12 @@ static inline bool hvm_altp2m_supported(void) return hvm_funcs.altp2m_supported; } +/* returns true if hardware supports Intel Processor Trace */ +static inline bool hvm_ipt_supported(void) +{ + return hvm_funcs.ipt_supported; +} + /* updates the current hardware p2m */ static inline void altp2m_vcpu_update_p2m(struct vcpu *v) { diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 906810592f..4c81093aba 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -285,6 +285,7 @@ extern u64 vmx_ept_vpid_cap; #define VMX_MISC_CR3_TARGET 0x01ff0000 #define VMX_MISC_VMWRITE_ALL 0x20000000 +#define VMX_MISC_PT_SUPPORTED 0x00004000 #define VMX_TSC_MULTIPLIER_MAX 0xffffffffffffffffULL diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 5ca35d9d97..7cfcac451d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -217,6 +217,7 @@ XEN_CPUFEATURE(SMAP, 5*32+20) /*S Supervisor Mode Access Prevention */ XEN_CPUFEATURE(AVX512_IFMA, 5*32+21) /*A AVX-512 Integer Fused Multiply Add */ XEN_CPUFEATURE(CLFLUSHOPT, 5*32+23) /*A CLFLUSHOPT instruction */ XEN_CPUFEATURE(CLWB, 5*32+24) /*A CLWB instruction */ +XEN_CPUFEATURE(IPT, 5*32+25) /*H Intel Processor Trace */ XEN_CPUFEATURE(AVX512PF, 5*32+26) /*A AVX-512 Prefetch Instructions */ XEN_CPUFEATURE(AVX512ER, 5*32+27) /*A AVX-512 Exponent & Reciprocal Instrs */ XEN_CPUFEATURE(AVX512CD, 5*32+28) /*A AVX-512 Conflict Detection Instrs */ From patchwork Tue Jun 16 15:21:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608037 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 65C90913 for ; Tue, 16 Jun 2020 15:22:54 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4C5352082F for ; Tue, 16 Jun 2020 15:22:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4C5352082F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDPV-0000vc-Tl; Tue, 16 Jun 2020 15:22:01 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDPU-0000vQ-9X for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:22:00 +0000 X-Inumbo-ID: 1e18a612-afe5-11ea-b8fa-12813bfff9fa Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 1e18a612-afe5-11ea-b8fa-12813bfff9fa; Tue, 16 Jun 2020 15:21:59 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id 18686A2F7F; Tue, 16 Jun 2020 17:21:58 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 0C8D0A2F1B; Tue, 16 Jun 2020 17:21:57 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UBh7yD0Q_2US; Tue, 16 Jun 2020 17:21:56 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id A2C70A2F7F; Tue, 16 Jun 2020 17:21:56 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id y0ro_Gds4p5k; Tue, 16 Jun 2020 17:21:56 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id 844D7A2F1B; Tue, 16 Jun 2020 17:21:56 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 756FD21CD9; Tue, 16 Jun 2020 17:21:26 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 1eyUKdjSSdwE; Tue, 16 Jun 2020 17:21:21 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 1F635215F4; Tue, 16 Jun 2020 17:21:21 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id eWkXsYekw6L8; Tue, 16 Jun 2020 17:21:21 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id 0277F214C8; Tue, 16 Jun 2020 17:21:21 +0200 (CEST) Date: Tue, 16 Jun 2020 17:21:20 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <350253733.8765869.1592320880975.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 3/7] x86/vmx: add ipt_state as part of vCPU state MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: x86/vmx: add ipt_state as part of vCPU state Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9htw5L6rA X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Kevin Tian , Jun Nakajima , Wei Liu , Andrew Cooper , Jan Beulich , Roger Pau =?utf-8?b?TW9ubsOp?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Guest IPT state will be preserved across vmentry/vmexit using this structure. Signed-off-by: Michal Leszczynski --- xen/arch/x86/hvm/vmx/vmx.c | 2 ++ xen/include/asm-x86/hvm/vmx/vmcs.h | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a91bbdb798..97104c319e 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -471,6 +471,8 @@ static int vmx_vcpu_initialise(struct vcpu *v) vmx_install_vlapic_mapping(v); + v->arch.hvm.vmx.ipt_state = NULL; + return 0; } diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 4c81093aba..273ade975e 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -104,6 +104,13 @@ struct pi_blocking_vcpu { spinlock_t *lock; }; +struct ipt_state { + uint64_t ctl; + uint64_t status; + uint64_t output_base; + uint64_t output_mask; +}; + struct vmx_vcpu { /* Physical address of VMCS. */ paddr_t vmcs_pa; @@ -186,6 +193,9 @@ struct vmx_vcpu { * pCPU and wakeup the related vCPU. */ struct pi_blocking_vcpu pi_blocking; + + /* State of Intel Processor Trace feature */ + struct ipt_state *ipt_state; }; int vmx_create_vmcs(struct vcpu *v); From patchwork Tue Jun 16 15:22:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608039 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C265913 for ; Tue, 16 Jun 2020 15:23:19 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 109442082F for ; Tue, 16 Jun 2020 15:23:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 109442082F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDQG-00011J-82; Tue, 16 Jun 2020 15:22:48 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDQE-000115-EV for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:22:46 +0000 X-Inumbo-ID: 39ed800f-afe5-11ea-b8fb-12813bfff9fa Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 39ed800f-afe5-11ea-b8fb-12813bfff9fa; Tue, 16 Jun 2020 15:22:45 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id 87EA5A2F1B; Tue, 16 Jun 2020 17:22:44 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 7EFD5A2F86; Tue, 16 Jun 2020 17:22:43 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id k520iwlHXV1R; Tue, 16 Jun 2020 17:22:42 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id A3E14A2F1B; Tue, 16 Jun 2020 17:22:42 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id S-E8qDuhu-li; Tue, 16 Jun 2020 17:22:42 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id 7883CA2EB4; Tue, 16 Jun 2020 17:22:42 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 6459D214C8; Tue, 16 Jun 2020 17:22:12 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ZJhkWkqAVr-5; Tue, 16 Jun 2020 17:22:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id C3771215F4; Tue, 16 Jun 2020 17:22:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id U8Kp1bAsH24b; Tue, 16 Jun 2020 17:22:06 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id A637C214C8; Tue, 16 Jun 2020 17:22:06 +0200 (CEST) Date: Tue, 16 Jun 2020 17:22:06 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <34833328.8766172.1592320926648.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 4/7] x86/vmx: add do_vmtrace_op MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: x86/vmx: add do_vmtrace_op Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9hhQhQ0/T X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Andrew Cooper , Ian Jackson , George Dunlap , Jan Beulich , Roger Pau =?utf-8?b?TW9ubsOp?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Provide an interface for privileged domains to manage external IPT monitoring. Signed-off-by: Michal Leszczynski --- xen/arch/x86/hvm/hvm.c | 170 ++++++++++++++++++++++++++++++++ xen/include/public/hvm/hvm_op.h | 27 +++++ 2 files changed, 197 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5bb47583b3..9292caebe0 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4949,6 +4949,172 @@ static int compat_altp2m_op( return rc; } +static int do_vmtrace_op( + XEN_GUEST_HANDLE_PARAM(void) arg) +{ + struct xen_hvm_vmtrace_op a; + struct domain *d = NULL; + int rc = -EFAULT; + int i; + struct vcpu *v; + void* buf; + uint32_t buf_size; + uint32_t buf_order; + uint64_t buf_mfn; + struct page_info *pg; + + if ( !hvm_ipt_supported() ) + return -EOPNOTSUPP; + + if ( copy_from_guest(&a, arg, 1) ) + return -EFAULT; + + if ( a.version != HVMOP_VMTRACE_INTERFACE_VERSION ) + return -EINVAL; + + switch ( a.cmd ) + { + case HVMOP_vmtrace_ipt_enable: + case HVMOP_vmtrace_ipt_disable: + case HVMOP_vmtrace_ipt_get_buf: + case HVMOP_vmtrace_ipt_get_offset: + break; + + default: + return -EOPNOTSUPP; + } + + d = rcu_lock_domain_by_any_id(a.domain); + + if ( d == NULL ) + return -ESRCH; + + if ( !is_hvm_domain(d) ) + { + rc = -EOPNOTSUPP; + goto out; + } + + domain_pause(d); + + if ( a.vcpu >= d->max_vcpus ) + { + rc = -EINVAL; + goto out; + } + + v = d->vcpu[a.vcpu]; + + if ( a.cmd == HVMOP_vmtrace_ipt_enable ) + { + if ( v->arch.hvm.vmx.ipt_state ) { + // already enabled + rc = -EINVAL; + goto out; + } + + if ( a.size < PAGE_SIZE || a.size > 1000000 * PAGE_SIZE ) { + // we don't accept trace buffer size smaller than single page + // and the upper bound is defined as 4GB in the specification + rc = -EINVAL; + goto out; + } + + buf_order = get_order_from_bytes(a.size); + + if ( (a.size >> PAGE_SHIFT) != (1 << buf_order) ) { + rc = -EINVAL; + goto out; + } + + buf = page_to_virt(alloc_domheap_pages(d, buf_order, MEMF_no_refcount)); + buf_size = a.size; + + if ( !buf ) { + rc = -EFAULT; + goto out; + } + + memset(buf, 0, buf_size); + + for ( i = 0; i < (buf_size >> PAGE_SHIFT); i++ ) { + share_xen_page_with_privileged_guests(virt_to_page(buf) + i, SHARE_ro); + } + + v->arch.hvm.vmx.ipt_state = xmalloc(struct ipt_state); + v->arch.hvm.vmx.ipt_state->output_base = virt_to_mfn(buf) << PAGE_SHIFT; + v->arch.hvm.vmx.ipt_state->output_mask = buf_size - 1; + v->arch.hvm.vmx.ipt_state->status = 0; + v->arch.hvm.vmx.ipt_state->ctl = RTIT_CTL_TRACEEN | RTIT_CTL_OS | RTIT_CTL_USR | RTIT_CTL_BRANCH_EN; + } + else if ( a.cmd == HVMOP_vmtrace_ipt_disable ) + { + if ( !v->arch.hvm.vmx.ipt_state ) { + rc = -EINVAL; + goto out; + } + + buf_mfn = v->arch.hvm.vmx.ipt_state->output_base >> PAGE_SHIFT; + buf_size = ( v->arch.hvm.vmx.ipt_state->output_mask + 1 ) & 0xFFFFFFFFUL; + + for ( i = 0; i < (buf_size >> PAGE_SHIFT); i++ ) + { + if ( (mfn_to_page(_mfn(buf_mfn + i))->count_info & PGC_count_mask) != 1 ) + { + rc = -EBUSY; + goto out; + } + } + + xfree(v->arch.hvm.vmx.ipt_state); + v->arch.hvm.vmx.ipt_state = NULL; + + for ( i = 0; i < (buf_size >> PAGE_SHIFT); i++ ) + { + pg = mfn_to_page(_mfn(buf_mfn + i)); + put_page_alloc_ref(pg); + if ( !test_and_clear_bit(_PGC_xen_heap, &pg->count_info) ) + ASSERT_UNREACHABLE(); + pg->u.inuse.type_info = 0; + page_set_owner(pg, NULL); + free_domheap_page(pg); + } + } + else if ( a.cmd == HVMOP_vmtrace_ipt_get_buf ) + { + if ( !v->arch.hvm.vmx.ipt_state ) { + rc = -EINVAL; + goto out; + } + + a.mfn = v->arch.hvm.vmx.ipt_state->output_base >> PAGE_SHIFT; + a.size = (v->arch.hvm.vmx.ipt_state->output_mask + 1) & 0xFFFFFFFFUL; + } + else if ( a.cmd == HVMOP_vmtrace_ipt_get_offset ) + { + if ( !v->arch.hvm.vmx.ipt_state ) { + rc = -EINVAL; + goto out; + } + + a.offset = v->arch.hvm.vmx.ipt_state->output_mask >> 32; + } + + rc = -EFAULT; + if ( __copy_to_guest(arg, &a, 1) ) + goto out; + rc = 0; + + out: + smp_wmb(); + domain_unpause(d); + rcu_unlock_domain(d); + + return rc; +} + +DEFINE_XEN_GUEST_HANDLE(compat_hvm_vmtrace_op_t); + static int hvmop_get_mem_type( XEN_GUEST_HANDLE_PARAM(xen_hvm_get_mem_type_t) arg) { @@ -5101,6 +5267,10 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) rc = current->hcall_compat ? compat_altp2m_op(arg) : do_altp2m_op(arg); break; + case HVMOP_vmtrace: + rc = do_vmtrace_op(arg); + break; + default: { gdprintk(XENLOG_DEBUG, "Bad HVM op %ld.\n", op); diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index 870ec52060..3bbcd54c96 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -382,6 +382,33 @@ struct xen_hvm_altp2m_op { typedef struct xen_hvm_altp2m_op xen_hvm_altp2m_op_t; DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_op_t); +/* HVMOP_vmtrace: Perform VM tracing related operation */ +#define HVMOP_vmtrace 26 + +#define HVMOP_VMTRACE_INTERFACE_VERSION 0x00000001 + +struct xen_hvm_vmtrace_op { + /* IN variable */ + uint32_t version; /* HVMOP_VMTRACE_INTERFACE_VERSION */ + uint32_t cmd; +/* Enable/disable external vmtrace for given domain */ +#define HVMOP_vmtrace_ipt_enable 1 +#define HVMOP_vmtrace_ipt_disable 2 +#define HVMOP_vmtrace_ipt_get_buf 3 +#define HVMOP_vmtrace_ipt_get_offset 4 + domid_t domain; + uint32_t vcpu; + + /* IN/OUT variable */ + uint64_t size; + + /* OUT variable */ + uint64_t mfn; + uint64_t offset; +}; +typedef struct xen_hvm_vmtrace_op xen_hvm_vmtrace_op_t; +DEFINE_XEN_GUEST_HANDLE(xen_hvm_vmtrace_op_t); + #endif /* __XEN_PUBLIC_HVM_HVM_OP_H__ */ /* From patchwork Tue Jun 16 15:22:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608041 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C1DE3913 for ; Tue, 16 Jun 2020 15:24:11 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A7C8B208B3 for ; Tue, 16 Jun 2020 15:24:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A7C8B208B3 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDQu-00017r-HJ; Tue, 16 Jun 2020 15:23:28 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDQt-00017i-8H for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:23:27 +0000 X-Inumbo-ID: 5287aa40-afe5-11ea-b8fc-12813bfff9fa Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 5287aa40-afe5-11ea-b8fc-12813bfff9fa; Tue, 16 Jun 2020 15:23:26 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id 482C2A2F1B; Tue, 16 Jun 2020 17:23:25 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 43D40A2EB4; Tue, 16 Jun 2020 17:23:24 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id QhxJwfgYP_-e; Tue, 16 Jun 2020 17:23:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id A4B42A2F1B; Tue, 16 Jun 2020 17:23:23 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0bmM42s5bl3B; Tue, 16 Jun 2020 17:23:23 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id 843CDA2EB4; Tue, 16 Jun 2020 17:23:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 77283214C8; Tue, 16 Jun 2020 17:22:53 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id PSsucB3G25kB; Tue, 16 Jun 2020 17:22:47 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id E204B215F4; Tue, 16 Jun 2020 17:22:47 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id FEy7X_fQbIBF; Tue, 16 Jun 2020 17:22:47 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id C7EA5214C8; Tue, 16 Jun 2020 17:22:47 +0200 (CEST) Date: Tue, 16 Jun 2020 17:22:47 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <1945850288.8766285.1592320967782.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 5/7] tools/libxc: add xc_ptbuf_* functions MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: tools/libxc: add xc_ptbuf_* functions Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9hpY5dAoC X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Ian Jackson , Wei Liu Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Add functions in libxc that use the new HVMOP_vmtrace interface. Signed-off-by: Michal Leszczynski --- tools/libxc/include/xenctrl.h | 59 +++++++++++++++++++ tools/libxc/xc_tbuf.c | 108 ++++++++++++++++++++++++++++++++++ 2 files changed, 167 insertions(+) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 113ddd935d..0a972deb7d 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -1585,6 +1585,65 @@ int xc_tbuf_set_cpu_mask(xc_interface *xch, xc_cpumap_t mask); int xc_tbuf_set_evt_mask(xc_interface *xch, uint32_t mask); +/** + * Enable Intel Processor Trace for given vCPU in given DomU. + * Allocate the trace ringbuffer with given size. + * + * @parm xch a handle to an open hypervisor interface + * @parm domid domain identifier + * @parm vcpu vcpu identifier + * @parm size trace buffer size in bytes, must be power of 2, between 4 kB and 4 GB + * @return 0 on success, -1 on failure + */ +int xc_ptbuf_enable(xc_interface *xch, uint32_t domid, uint32_t vcpu, uint64_t size); + +/** + * Disable Intel Processor Trace for given vCPU in given DomU. + * Deallocate the trace ringbuffer. + * + * @parm xch a handle to an open hypervisor interface + * @parm domid domain identifier + * @parm vcpu vcpu identifier + * @return 0 on success, -1 on failure + */ +int xc_ptbuf_disable(xc_interface *xch, uint32_t domid, uint32_t vcpu); + +/** + * Map the trace buffer into Dom0. + * + * @parm xch a handle to an open hypervisor interface + * @parm domid domain identifier + * @parm vcpu vcpu identifier + * @parm buf pointer to the mapped buffer will be written there + * @parm trace buffer size (in bytes) will be written there + * @return 0 on success, -1 on failure + */ +int xc_ptbuf_map(xc_interface *xch, uint32_t domid, uint32_t vcpu, uint8_t **buf, uint64_t *size); + +/** + * Unmap the trace buffer from Dom0. + * + * @parm xch a handle to an open hypervisor interface + * @parm buf pointer to the mapped buffer + * @parm size of the trace buffer (in bytes) + * @return 0 on success, -1 on failure + */ +int xc_ptbuf_unmap(xc_interface *xch, uint8_t *buf, uint64_t size); + +/** + * Get current offset inside the trace ringbuffer. + * This allows to determine how much data was written into the buffer. + * Once buffer overflows, the offset will reset to 0 and the previous + * data will be overriden. + * + * @parm xch a handle to an open hypervisor interface + * @parm domid domain identifier + * @parm vcpu vcpu identifier + * @parm offset current offset inside trace buffer will be written there + * @return 0 on success, -1 on failure + */ +int xc_ptbuf_get_offset(xc_interface *xch, uint32_t domid, uint32_t vcpu, uint64_t *offset); + int xc_domctl(xc_interface *xch, struct xen_domctl *domctl); int xc_sysctl(xc_interface *xch, struct xen_sysctl *sysctl); diff --git a/tools/libxc/xc_tbuf.c b/tools/libxc/xc_tbuf.c index 283fbd1c8f..8fab7f7d79 100644 --- a/tools/libxc/xc_tbuf.c +++ b/tools/libxc/xc_tbuf.c @@ -79,6 +79,114 @@ int xc_tbuf_get_size(xc_interface *xch, unsigned long *size) return rc; } +int xc_ptbuf_enable(xc_interface *xch, uint32_t domid, uint32_t vcpu, uint64_t size) +{ + DECLARE_HYPERCALL_BUFFER(xen_hvm_vmtrace_op_t, arg); + int rc = -1; + + arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_VMTRACE_INTERFACE_VERSION; + arg->cmd = HVMOP_vmtrace_ipt_enable; + arg->domain = domid; + arg->vcpu = vcpu; + arg->size = size; + + rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op, HVMOP_vmtrace, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(xch, arg); + return rc; +} + +int xc_ptbuf_get_offset(xc_interface *xch, uint32_t domid, uint32_t vcpu, uint64_t *offset) +{ + DECLARE_HYPERCALL_BUFFER(xen_hvm_vmtrace_op_t, arg); + int rc = -1; + + arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_VMTRACE_INTERFACE_VERSION; + arg->cmd = HVMOP_vmtrace_ipt_get_offset; + arg->domain = domid; + arg->vcpu = vcpu; + + rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op, HVMOP_vmtrace, + HYPERCALL_BUFFER_AS_ARG(arg)); + + if ( rc == 0 ) + { + *offset = arg->offset; + } + + xc_hypercall_buffer_free(xch, arg); + return rc; +} + +int xc_ptbuf_map(xc_interface *xch, uint32_t domid, uint32_t vcpu, uint8_t **buf, uint64_t *size) +{ + DECLARE_HYPERCALL_BUFFER(xen_hvm_vmtrace_op_t, arg); + int rc = -1; + uint8_t *mapped_buf; + + arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_VMTRACE_INTERFACE_VERSION; + arg->cmd = HVMOP_vmtrace_ipt_get_buf; + arg->domain = domid; + arg->vcpu = vcpu; + + rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op, HVMOP_vmtrace, + HYPERCALL_BUFFER_AS_ARG(arg)); + + if ( rc == 0 ) + { + mapped_buf = (uint8_t *)xc_map_foreign_range(xch, DOMID_XEN, arg->size, PROT_READ, arg->mfn); + + if ( mapped_buf == NULL ) + return -1; + + *buf = mapped_buf; + *size = arg->size; + } + + xc_hypercall_buffer_free(xch, arg); + return rc; +} + +int xc_ptbuf_unmap(xc_interface *xch, uint8_t *buf, uint64_t size) +{ + xenforeignmemory_unmap(xch->fmem, buf, size >> PAGE_SHIFT); + return 0; +} + +int xc_ptbuf_disable(xc_interface *xch, uint32_t domid, uint32_t vcpu) +{ + DECLARE_HYPERCALL_BUFFER(xen_hvm_vmtrace_op_t, arg); + int rc = -1; + + arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_VMTRACE_INTERFACE_VERSION; + arg->cmd = HVMOP_vmtrace_ipt_disable; + arg->domain = domid; + arg->vcpu = vcpu; + + rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op, HVMOP_vmtrace, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(xch, arg); + return rc; +} + int xc_tbuf_enable(xc_interface *xch, unsigned long pages, unsigned long *mfn, unsigned long *size) { From patchwork Tue Jun 16 15:23:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608045 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3AF7260D for ; Tue, 16 Jun 2020 15:25:36 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 112F8208B3 for ; Tue, 16 Jun 2020 15:25:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 112F8208B3 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDRa-0001Dd-R5; Tue, 16 Jun 2020 15:24:10 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDRZ-0001DP-FJ for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:24:09 +0000 X-Inumbo-ID: 6afacb5c-afe5-11ea-b7bb-bc764e2007e4 Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 6afacb5c-afe5-11ea-b7bb-bc764e2007e4; Tue, 16 Jun 2020 15:24:07 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id 53641A1C0D; Tue, 16 Jun 2020 17:24:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 4F018A1D6C; Tue, 16 Jun 2020 17:24:05 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ZEWxmQDo3L5P; Tue, 16 Jun 2020 17:24:03 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 7117CA1EBE; Tue, 16 Jun 2020 17:24:03 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1Hw-ld9mw2Ky; Tue, 16 Jun 2020 17:24:03 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id 464ACA1D6C; Tue, 16 Jun 2020 17:24:03 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 38EF122508; Tue, 16 Jun 2020 17:23:33 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id waTJYGZyvxbO; Tue, 16 Jun 2020 17:23:26 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 87E7B21867; Tue, 16 Jun 2020 17:23:26 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WqgOkT8yPmFG; Tue, 16 Jun 2020 17:23:26 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id 61CB4214C8; Tue, 16 Jun 2020 17:23:26 +0200 (CEST) Date: Tue, 16 Jun 2020 17:23:26 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <1776308629.8766364.1592321006363.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 6/7] tools/proctrace: add proctrace tool MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: tools/proctrace: add proctrace tool Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9htw1Ldxj X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Ian Jackson , Wei Liu Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Add an demonstration tool that uses xc_ptbuf_* calls in order to manage external IPT monitoring for DomU. Signed-off-by: Michal Leszczynski --- tools/proctrace/COPYING | 339 ++++++++++++++++++++++++++++++++++++ tools/proctrace/Makefile | 49 ++++++ tools/proctrace/proctrace.c | 139 +++++++++++++++ 3 files changed, 527 insertions(+) create mode 100644 tools/proctrace/COPYING create mode 100644 tools/proctrace/Makefile create mode 100644 tools/proctrace/proctrace.c diff --git a/tools/proctrace/COPYING b/tools/proctrace/COPYING new file mode 100644 index 0000000000..c0a841112c --- /dev/null +++ b/tools/proctrace/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; If not, see . + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/tools/proctrace/Makefile b/tools/proctrace/Makefile new file mode 100644 index 0000000000..d9231dfa24 --- /dev/null +++ b/tools/proctrace/Makefile @@ -0,0 +1,49 @@ +# Copyright (C) CERT Polska - NASK PIB +# Author: Michał Leszczyński +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; under version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +XEN_ROOT=$(CURDIR)/../.. +include $(XEN_ROOT)/tools/Rules.mk + +CFLAGS += -Werror +CFLAGS += $(CFLAGS_libxenevtchn) +CFLAGS += $(CFLAGS_libxenctrl) +LDLIBS += $(LDLIBS_libxenctrl) +LDLIBS += $(LDLIBS_libxenevtchn) + +# SCRIPTS = xenmon.py + +.PHONY: all +all: build + +.PHONY: build +build: proctrace + +.PHONY: install +install: build + $(INSTALL_DIR) $(DESTDIR)$(sbindir) + $(INSTALL_PROG) proctrace $(DESTDIR)$(sbindir)/proctrace + +.PHONY: uninstall +uninstall: + rm -f $(DESTDIR)$(sbindir)/proctrace + +.PHONY: clean +clean: + $(RM) -f $(DEPS_RM) + +.PHONY: distclean +distclean: clean + +iptlive: iptlive.o Makefile + $(CC) $(LDFLAGS) $< -o $@ $(LDLIBS) $(APPEND_LDFLAGS) + +-include $(DEPS_INCLUDE) diff --git a/tools/proctrace/proctrace.c b/tools/proctrace/proctrace.c new file mode 100644 index 0000000000..74409428b4 --- /dev/null +++ b/tools/proctrace/proctrace.c @@ -0,0 +1,139 @@ +/****************************************************************************** + * tools/proctrace.c + * + * Demonstrative tool for collecting Intel Processor Trace data from Xen. + * Could be used to externally monitor a given vCPU in given DomU. + * + * Copyright (C) 2020 by CERT Polska - NASK PIB + * + * Authors: Michał Leszczyński, michal.leszczynski@cert.pl + * Date: June, 2020 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; under version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +volatile int interrupted = 0; + +void term_handler(int signum) { + interrupted = 1; +} + +int main(int argc, char* argv[]) { + xc_interface *xc; + uint32_t domid; + uint32_t vcpu_id; + + int rc = -1; + uint8_t *buf; + uint64_t size; + uint64_t last_offset = 0; + + signal(SIGINT, term_handler); + + if (argc != 3) { + fprintf(stderr, "Usage: %s \n", argv[0]); + fprintf(stderr, "It's recommended to redirect this program's output to file\n"); + fprintf(stderr, "or to pipe it's output to xxd or other program.\n"); + return 1; + } + + domid = atoi(argv[1]); + vcpu_id = atoi(argv[2]); + + xc = xc_interface_open(0, 0, 0); + + if (!xc) { + fprintf(stderr, "Failed to open xc interface\n"); + return 1; + } + + rc = xc_ptbuf_enable(xc, domid, vcpu_id, 64 * 1024 * 1024); + + if (rc) { + fprintf(stderr, "Failed to call xc_ptbuf_enable\n"); + return 1; + } + + rc = xc_ptbuf_map(xc, domid, vcpu_id, &buf, &size); + + if (rc) { + fprintf(stderr, "Failed to call xc_ptbuf_map\n"); + return 1; + } + + while (!interrupted) { + uint64_t offset; + rc = xc_ptbuf_get_offset(xc, domid, vcpu_id, &offset); + + if (rc) { + fprintf(stderr, "Failed to call xc_ptbuf_get_offset\n"); + return 1; + } + + if (offset > last_offset) + { + fwrite(buf + last_offset, offset - last_offset, 1, stdout); + } + else + { + // buffer wrapped + fwrite(buf + last_offset, size - last_offset, 1, stdout); + fwrite(buf, offset, 1, stdout); + } + + last_offset = offset; + usleep(1000 * 100); + } + + rc = xc_ptbuf_unmap(xc, buf, size); + + if (rc) { + fprintf(stderr, "Failed to call xc_ptbuf_unmap\n"); + return 1; + } + + rc = xc_ptbuf_disable(xc, domid, vcpu_id); + + if (rc) { + fprintf(stderr, "Failed to call xc_ptbuf_disable\n"); + return 1; + } + + return 0; +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ From patchwork Tue Jun 16 15:24:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= X-Patchwork-Id: 11608043 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8760460D for ; Tue, 16 Jun 2020 15:25:29 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6DB19208B3 for ; Tue, 16 Jun 2020 15:25:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6DB19208B3 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=cert.pl Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDSF-0001K8-8X; Tue, 16 Jun 2020 15:24:51 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlDSE-0001K0-1N for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 15:24:50 +0000 X-Inumbo-ID: 842c0636-afe5-11ea-b7bb-bc764e2007e4 Received: from bagnar.nask.net.pl (unknown [195.187.242.196]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 842c0636-afe5-11ea-b7bb-bc764e2007e4; Tue, 16 Jun 2020 15:24:49 +0000 (UTC) Received: from bagnar.nask.net.pl (unknown [172.16.9.10]) by bagnar.nask.net.pl (Postfix) with ESMTP id 8CF4AA2DE1; Tue, 16 Jun 2020 17:24:48 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 831C7A26F4; Tue, 16 Jun 2020 17:24:47 +0200 (CEST) Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id NOX4nYjrIjRB; Tue, 16 Jun 2020 17:24:47 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bagnar.nask.net.pl (Postfix) with ESMTP id 19F97A2DE1; Tue, 16 Jun 2020 17:24:47 +0200 (CEST) X-Virus-Scanned: amavisd-new at bagnar.nask.net.pl Received: from bagnar.nask.net.pl ([127.0.0.1]) by localhost (bagnar.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id VBXLA65P1sUY; Tue, 16 Jun 2020 17:24:46 +0200 (CEST) Received: from belindir.nask.net.pl (belindir-ext.nask.net.pl [195.187.242.210]) by bagnar.nask.net.pl (Postfix) with ESMTP id E4797A26F4; Tue, 16 Jun 2020 17:24:46 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id D4F2C214C8; Tue, 16 Jun 2020 17:24:16 +0200 (CEST) Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id BU1h424fcYsI; Tue, 16 Jun 2020 17:24:11 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by belindir.nask.net.pl (Postfix) with ESMTP id 75AC0215F4; Tue, 16 Jun 2020 17:24:11 +0200 (CEST) X-Virus-Scanned: amavisd-new at belindir.nask.net.pl Received: from belindir.nask.net.pl ([127.0.0.1]) by localhost (belindir.nask.net.pl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id HFXNXOMpVXKA; Tue, 16 Jun 2020 17:24:11 +0200 (CEST) Received: from belindir.nask.net.pl (belindir.nask.net.pl [172.16.10.10]) by belindir.nask.net.pl (Postfix) with ESMTP id 594CB214C8; Tue, 16 Jun 2020 17:24:11 +0200 (CEST) Date: Tue, 16 Jun 2020 17:24:11 +0200 (CEST) From: =?utf-8?q?Micha=C5=82_Leszczy=C5=84ski?= To: Xen-devel Message-ID: <317430261.8766476.1592321051337.JavaMail.zimbra@cert.pl> In-Reply-To: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> References: <1548605014.8764792.1592320576239.JavaMail.zimbra@cert.pl> Subject: [PATCH v1 7/7] x86/vmx: switch IPT MSRs on vmentry/vmexit MIME-Version: 1.0 X-Originating-IP: [172.16.10.10] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC83 (Win)/8.6.0_GA_1194) Thread-Topic: x86/vmx: switch IPT MSRs on vmentry/vmexit Thread-Index: KAn5ItxMsuAqHW3ZzkheyNf1oni9hiacNb1l X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Kevin Tian , Jun Nakajima , Wei Liu , Andrew Cooper , Jan Beulich , Roger Pau =?utf-8?b?TW9ubsOp?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Enable IPT when entering the VM and disable it on vmexit. Register state is persisted using vCPU ipt_state structure. Signed-off-by: Michal Leszczynski --- xen/arch/x86/hvm/vmx/vmx.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 97104c319e..01d9a7b584 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3698,6 +3698,15 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); + if ( unlikely(v->arch.hvm.vmx.ipt_state) ) + { + wrmsrl(MSR_IA32_RTIT_CTL, 0); + smp_rmb(); + + rdmsrl(MSR_IA32_RTIT_STATUS, v->arch.hvm.vmx.ipt_state->status); + rdmsrl(MSR_IA32_RTIT_OUTPUT_MASK, v->arch.hvm.vmx.ipt_state->output_mask); + } + hvm_invalidate_regs_fields(regs); if ( paging_mode_hap(v->domain) ) @@ -4497,6 +4506,23 @@ bool vmx_vmenter_helper(const struct cpu_user_regs *regs) } out: + if ( unlikely(curr->arch.hvm.vmx.ipt_state) ) + { + wrmsrl(MSR_IA32_RTIT_CTL, 0); + + if (curr->arch.hvm.vmx.ipt_state->ctl) + { + wrmsrl(MSR_IA32_RTIT_OUTPUT_BASE, curr->arch.hvm.vmx.ipt_state->output_base); + wrmsrl(MSR_IA32_RTIT_OUTPUT_MASK, curr->arch.hvm.vmx.ipt_state->output_mask); + wrmsrl(MSR_IA32_RTIT_STATUS, curr->arch.hvm.vmx.ipt_state->status); + + // MSR_IA32_RTIT_CTL is context-switched manually instead of being + // stored inside VMCS, as of Q2'20 only the most recent processors + // support such field in VMCS + wrmsrl(MSR_IA32_RTIT_CTL, curr->arch.hvm.vmx.ipt_state->ctl); + } + } + if ( unlikely(curr->arch.hvm.vmx.lbr_flags & LBR_FIXUP_MASK) ) lbr_fixup();