From patchwork Thu Jun 20 00:30:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christopher Clark X-Patchwork-Id: 11005599 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BE3F976 for ; Thu, 20 Jun 2019 00:33:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ADD53288C7 for ; Thu, 20 Jun 2019 00:33:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A19C9288ED; Thu, 20 Jun 2019 00:33:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id F31E4288C7 for ; Thu, 20 Jun 2019 00:33:06 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hdkyy-00007j-Aq; Thu, 20 Jun 2019 00:31:16 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hdkyx-00007e-F9 for xen-devel@lists.xenproject.org; Thu, 20 Jun 2019 00:31:15 +0000 X-Inumbo-ID: b5b28ac8-92f2-11e9-8980-bc764e045a96 Received: from mail-io1-xd42.google.com (unknown [2607:f8b0:4864:20::d42]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id b5b28ac8-92f2-11e9-8980-bc764e045a96; Thu, 20 Jun 2019 00:31:14 +0000 (UTC) Received: by mail-io1-xd42.google.com with SMTP id r185so199547iod.6 for ; Wed, 19 Jun 2019 17:31:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=TIJKyX+DxtNccHhfqM+S2MDrRV/TffJ5fYTYlxW5yKo=; b=gQBroOi1x5WUWaU4W9Xx3bqK0P45Id1Z+KfL1Pzp9j9Rwx0lQbILiJNqZzSnubbqW+ AJ3r5pkB4Bt8vobB4mWgARf23QdCrQjdt9Iktasi95CiBR63clozn188Iqx7WjoMPLzp 4butUwEjgS5jtEpfdl1LspxLt63g1274YJBoEhx9Rbn6HwVnaAa6QinK5dGGyUUHMurb RedN8slZR6sgBAH1HAAjyAeyGMgvi2djxOCZXVyNLWFsi8wjEs135yv1M+GfR0ewow4B UyRYOCa3WtawZ1wsND4bPdICCJo4EGWidgaaPagGEF9oNUlfIlcFkuZ3NYejJiIVz3lZ l9mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=TIJKyX+DxtNccHhfqM+S2MDrRV/TffJ5fYTYlxW5yKo=; b=foU55ExmA+Q65vEO2EPCnw4Z/RFPLRwFo31XVuOK1pO1P7E1SMBQF9CmD9bb4W5crX a5y6Ul215H6JKP4JGzJb3AcWSRzDDkva/7biJTzL7PGDbaAvQAT/ChPApUBY8jPKVNyQ PE4o8AZ0HAUZhsjnzLDtqanemfO/2Jc9V7eE+lFfMfCpFbnSju2fvvTgyZNHiHT8Kg3t 6o9PfdMe9pG8qyE0Km3pLNnCw0cXXBIxt4E7oVRw7TrpXG+nVKrvPmpYghxizFQyGnqQ OjX3lYh+HMPkP1pR7P+klJv9R4tYf1dQepRcIfK5WzPGfsBGnkTwZLIS5osf5kJS1l0G yP2w== X-Gm-Message-State: APjAAAX9MB3HfLAacV5kQTmNzKK26dEapsTCggNcrezXWUKToN+C7V+I FW1oTcKaLZwdhdA74DOXuG5axJ9qBdk= X-Google-Smtp-Source: APXvYqzuLCgFLtayC8Q25pH2xxuZjHrx6LpQ54EnB3JltSggAz8kSXYJZtEFSBh5XvpTq109jTSHAQ== X-Received: by 2002:a02:cc76:: with SMTP id j22mr75822375jaq.9.1560990673277; Wed, 19 Jun 2019 17:31:13 -0700 (PDT) Received: from desktop.ice.pyrology.org (static-50-53-74-115.bvtn.or.frontiernet.net. [50.53.74.115]) by smtp.gmail.com with ESMTPSA id e188sm22579016ioa.3.2019.06.19.17.31.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jun 2019 17:31:12 -0700 (PDT) From: Christopher Clark To: xen-devel@lists.xenproject.org Date: Wed, 19 Jun 2019 17:30:44 -0700 Message-Id: <20190620003053.21993-1-christopher.w.clark@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [Xen-devel] [RFC 0/9] The Xen Blanket: hypervisor interface for PV drivers on nested Xen X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Stefano Stabellini , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Rich Persaud , Ankur Arora , Tim Deegan , Julien Grall , Jan Beulich , Daniel De Graaf , Christopher Clark , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This RFC patch series adds a new hypervisor interface to support running a set of PV front end device drivers within dom0 of a guest Xen running on Xen. A practical deployment scenario is a system running PV guest VMs that use unmodified Xen PV device drivers, on a guest Xen hypervisor with a dom0 using PV drivers itself, all within a HVM guest of a hosting Xen hypervisor (eg. from a cloud provider). Multiple PV guest VMs can reside within a single cloud instance; guests can be live-migrated between cloud instances that run nested Xen, and virtual machine introspection of guests can be performed without requiring cloud provider support. The name "The Xen Blanket" was given by researchers from IBM and Cornell when the original work was published at the ACM Eurosys 2012 conference. http://www1.unine.ch/eurosys2012/program/conference.html https://dl.acm.org/citation.cfm?doid=2168836.2168849 This patch series is a reimplementation of this architecture on modern Xen by Star Lab. A patch to the Linux kernel to add device drivers using this blanket interface is at: https://github.com/starlab-io/xenblanket-linux (This is an example, enabling operation and testing of a Xen Blanket nested system. Further work would be necessary for Linux upstreaming.) Relevant other current Linux work is occurring here: https://lkml.org/lkml/2019/4/8/67 https://lists.xenproject.org/archives/html/xen-devel/2019-05/msg00743.html thanks, Christopher Christopher Clark (9): x86/guest: code movement to separate Xen detection from guest functions x86: Introduce Xen detection as separate logic from Xen Guest support. x86/nested: add nested_xen_version hypercall XSM: Add hook for nested xen version op; revises non-nested version op x86/nested, xsm: add nested_memory_op hypercall x86/nested, xsm: add nested_hvm_op hypercall x86/nested, xsm: add nested_grant_table_op hypercall x86/nested, xsm: add nested_event_channel_op hypercall x86/nested, xsm: add nested_schedop_shutdown hypercall tools/flask/policy/modules/dom0.te | 14 +- tools/flask/policy/modules/guest_features.te | 5 +- tools/flask/policy/modules/xen.te | 3 + tools/flask/policy/policy/initial_sids | 3 + xen/arch/x86/Kconfig | 33 +- xen/arch/x86/Makefile | 2 +- xen/arch/x86/apic.c | 4 +- xen/arch/x86/guest/Makefile | 4 + xen/arch/x86/guest/hypercall_page.S | 6 + xen/arch/x86/guest/xen-guest.c | 311 ++++++++++++++++ xen/arch/x86/guest/xen-nested.c | 350 +++++++++++++++++++ xen/arch/x86/guest/xen.c | 264 +------------- xen/arch/x86/hypercall.c | 8 + xen/arch/x86/pv/hypercall.c | 8 + xen/arch/x86/setup.c | 3 + xen/include/asm-x86/guest/hypercall.h | 7 +- xen/include/asm-x86/guest/xen.h | 36 +- xen/include/public/xen.h | 6 + xen/include/xen/hypercall.h | 33 ++ xen/include/xsm/dummy.h | 48 ++- xen/include/xsm/xsm.h | 49 +++ xen/xsm/dummy.c | 8 + xen/xsm/flask/hooks.c | 133 ++++++- xen/xsm/flask/policy/access_vectors | 26 ++ xen/xsm/flask/policy/initial_sids | 1 + xen/xsm/flask/policy/security_classes | 1 + 26 files changed, 1086 insertions(+), 280 deletions(-) create mode 100644 xen/arch/x86/guest/xen-guest.c create mode 100644 xen/arch/x86/guest/xen-nested.c