@@ -5181,6 +5181,9 @@ static hvm_hypercall_t *const hvm_hypercall64_table[NR_hypercalls] = {
HYPERCALL(sysctl),
HYPERCALL(domctl),
HYPERCALL(tmem_op),
+ HYPERCALL(platform_op),
+ HYPERCALL(mmuext_op),
+ HYPERCALL(xenpmu_op),
[ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
};
@@ -5202,48 +5205,8 @@ static hvm_hypercall_t *const hvm_hypercall32_table[NR_hypercalls] = {
HYPERCALL(sysctl),
HYPERCALL(domctl),
HYPERCALL(tmem_op),
- [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
-};
-
-static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = {
- HYPERCALL(platform_op),
- HYPERCALL(memory_op),
- HYPERCALL(xen_version),
- HYPERCALL(console_io),
- [ __HYPERVISOR_grant_table_op ] = (hvm_hypercall_t *)hvm_grant_table_op,
- HYPERCALL(vcpu_op),
- HYPERCALL(mmuext_op),
- HYPERCALL(xsm_op),
- HYPERCALL(sched_op),
- HYPERCALL(event_channel_op),
- [ __HYPERVISOR_physdev_op ] = (hvm_hypercall_t *)hvm_physdev_op,
- HYPERCALL(hvm_op),
- HYPERCALL(sysctl),
- HYPERCALL(domctl),
- HYPERCALL(xenpmu_op),
- [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
-};
-
-extern int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(void) cmp_uops,
- unsigned int count,
- XEN_GUEST_HANDLE_PARAM(uint) pdone,
- unsigned int foreigndom);
-static hvm_hypercall_t *const pvh_hypercall32_table[NR_hypercalls] = {
- HYPERCALL(platform_op),
- COMPAT_CALL(memory_op),
- HYPERCALL(xen_version),
- HYPERCALL(console_io),
- [ __HYPERVISOR_grant_table_op ] =
- (hvm_hypercall_t *)hvm_grant_table_op_compat32,
- COMPAT_CALL(vcpu_op),
+ COMPAT_CALL(platform_op),
COMPAT_CALL(mmuext_op),
- HYPERCALL(xsm_op),
- COMPAT_CALL(sched_op),
- HYPERCALL(event_channel_op),
- [ __HYPERVISOR_physdev_op ] = (hvm_hypercall_t *)hvm_physdev_op_compat32,
- HYPERCALL(hvm_op),
- HYPERCALL(sysctl),
- HYPERCALL(domctl),
HYPERCALL(xenpmu_op),
[ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
};
@@ -5277,9 +5240,7 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
if ( (eax & 0x80000000) && is_viridian_domain(currd) )
return viridian_hypercall(regs);
- if ( (eax >= NR_hypercalls) ||
- !(is_pvh_domain(currd) ? pvh_hypercall32_table[eax]
- : hvm_hypercall32_table[eax]) )
+ if ( (eax >= NR_hypercalls) || !hvm_hypercall32_table[eax] )
{
regs->eax = -ENOSYS;
return HVM_HCALL_completed;
@@ -5313,9 +5274,8 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
#endif
curr->arch.hvm_vcpu.hcall_64bit = 1;
- regs->rax = (is_pvh_domain(currd)
- ? pvh_hypercall64_table
- : hvm_hypercall64_table)[eax](rdi, rsi, rdx, r10, r8, r9);
+ regs->rax = hvm_hypercall64_table[eax](rdi, rsi, rdx, r10, r8, r9);
+
curr->arch.hvm_vcpu.hcall_64bit = 0;
#ifndef NDEBUG
@@ -5359,10 +5319,7 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
}
#endif
- regs->_eax = (is_pvh_vcpu(curr)
- ? pvh_hypercall32_table
- : hvm_hypercall32_table)[eax](ebx, ecx, edx,
- esi, edi, ebp);
+ regs->_eax = hvm_hypercall32_table[eax](ebx, ecx, edx, esi, edi, ebp);
#ifndef NDEBUG
if ( !curr->arch.hvm_vcpu.hcall_preempted )
@@ -2997,6 +2997,12 @@ long do_mmuext_op(
if ( (pg_owner = get_pg_owner(foreigndom)) == NULL )
return -ESRCH;
+ if ( !is_pv_domain(pg_owner) )
+ {
+ put_pg_owner(pg_owner);
+ return -EINVAL;
+ }
+
rc = xsm_mmuext_op(XSM_TARGET, d, pg_owner);
if ( rc )
{
@@ -3019,6 +3025,23 @@ long do_mmuext_op(
break;
}
+ if ( has_hvm_container_domain(d) )
+ {
+ switch ( op.cmd )
+ {
+ case MMUEXT_PIN_L1_TABLE:
+ case MMUEXT_PIN_L2_TABLE:
+ case MMUEXT_PIN_L3_TABLE:
+ case MMUEXT_PIN_L4_TABLE:
+ case MMUEXT_UNPIN_TABLE:
+ break;
+ default:
+ MEM_LOG("Invalid extended pt command %#x", op.cmd);
+ rc = -EOPNOTSUPP;
+ goto done;
+ }
+ }
+
okay = 1;
switch ( op.cmd )
@@ -3448,6 +3471,7 @@ long do_mmuext_op(
break;
}
+ done:
if ( unlikely(!okay) && !rc )
rc = -EINVAL;
if ( unlikely(rc) )
@@ -215,13 +215,15 @@ int compat_update_va_mapping_otherdomain(unsigned long va, u32 lo, u32 hi,
DEFINE_XEN_GUEST_HANDLE(mmuext_op_compat_t);
-int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(mmuext_op_compat_t) cmp_uops,
+int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(void) arg,
unsigned int count,
XEN_GUEST_HANDLE_PARAM(uint) pdone,
unsigned int foreigndom)
{
unsigned int i, preempt_mask;
int rc = 0;
+ XEN_GUEST_HANDLE_PARAM(mmuext_op_compat_t) cmp_uops =
+ guest_handle_cast(arg, mmuext_op_compat_t);
XEN_GUEST_HANDLE_PARAM(mmuext_op_t) nat_ops;
if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
@@ -110,4 +110,13 @@ extern int
arch_compat_vcpu_op(
int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg);
+extern int compat_mmuext_op(
+ XEN_GUEST_HANDLE_PARAM(void) arg,
+ unsigned int count,
+ XEN_GUEST_HANDLE_PARAM(uint) pdone,
+ unsigned int foreigndom);
+
+extern int compat_platform_op(
+ XEN_GUEST_HANDLE_PARAM(void) u_xenpf_op);
+
#endif /* __ASM_X86_HYPERCALL_H__ */
The tables are almost identical and therefore there is little reason to keep both sets. PVH needs 3 extra hypercalls: * mmuext_op. MMUEXT_PIN_L<x>_TABLE are required by control domain (dom0) when building guests. We add MMUEXT_UNPIN_TABLE for completeness. * platform_op. These are only available to privileged domains. We will (eventually) have privileged HVMlite guests and therefore shouldn't limit this to PVH only. * xenpmu_op. any guest with !has_vlapic() (i.e. PV, PVH and HVMlite) should be able to use it. Note that until recently PVH guests used mmuext_op's MMUEXT_INVLPG_MULTI and MMUEXT_TLB_FLUSH_MULTI commands but it has been determined that using the former was incorrect and using the latter is correct for now but is not guaranteed to work in the future. Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> --- v4: * Bail out of do_mmuext_op() if we are trying to operate on a non-PV domain * Drop if_control_domain() test xen/arch/x86/hvm/hvm.c | 59 +++++--------------------------------- xen/arch/x86/mm.c | 24 ++++++++++++++++ xen/arch/x86/x86_64/compat/mm.c | 4 ++- xen/include/asm-x86/hypercall.h | 9 ++++++ 4 files changed, 44 insertions(+), 52 deletions(-)