[v2,2/5] vm_event: Implement ARM SMC events

Commit Message

Tamas K Lengyel April 29, 2016, 6:07 p.m. UTC

The ARM SMC instructions are already configured to trap to Xen by default. In
this patch we allow a user-space process in a privileged domain to receive
notification of when such event happens through the vm_event subsystem by
introducing the PRIVILEGED_CALL type.

Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
---
Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Julien Grall <julien.grall@arm.com>
Cc: Keir Fraser <keir@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>

v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
    aarch64 support
---
 MAINTAINERS                         |   6 +-
 tools/libxc/include/xenctrl.h       |   2 +
 tools/libxc/xc_monitor.c            |  26 +++++++-
 tools/tests/xen-access/xen-access.c |  31 ++++++++-
 xen/arch/arm/Makefile               |   2 +
 xen/arch/arm/monitor.c              |  80 +++++++++++++++++++++++
 xen/arch/arm/traps.c                |  20 +++++-
 xen/arch/arm/vm_event.c             | 127 ++++++++++++++++++++++++++++++++++++
 xen/arch/x86/hvm/event.c            |   2 +
 xen/common/vm_event.c               |   1 -
 xen/include/asm-arm/domain.h        |   5 ++
 xen/include/asm-arm/monitor.h       |  20 ++----
 xen/include/asm-arm/vm_event.h      |  16 ++---
 xen/include/public/domctl.h         |   1 +
 xen/include/public/vm_event.h       |  27 ++++++++
 15 files changed, 333 insertions(+), 33 deletions(-)
 create mode 100644 xen/arch/arm/monitor.c
 create mode 100644 xen/arch/arm/vm_event.c

Comments

Razvan Cojocaru April 29, 2016, 8:07 p.m. UTC | #1

On 04/29/16 21:07, Tamas K Lengyel wrote:
> The ARM SMC instructions are already configured to trap to Xen by default. In
> this patch we allow a user-space process in a privileged domain to receive
> notification of when such event happens through the vm_event subsystem by
> introducing the PRIVILEGED_CALL type.
> 
> Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
> ---
> Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
> Cc: Wei Liu <wei.liu2@citrix.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Cc: Keir Fraser <keir@xen.org>
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> 
> v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
>     aarch64 support
> ---
>  MAINTAINERS                         |   6 +-
>  tools/libxc/include/xenctrl.h       |   2 +
>  tools/libxc/xc_monitor.c            |  26 +++++++-
>  tools/tests/xen-access/xen-access.c |  31 ++++++++-
>  xen/arch/arm/Makefile               |   2 +
>  xen/arch/arm/monitor.c              |  80 +++++++++++++++++++++++
>  xen/arch/arm/traps.c                |  20 +++++-
>  xen/arch/arm/vm_event.c             | 127 ++++++++++++++++++++++++++++++++++++
>  xen/arch/x86/hvm/event.c            |   2 +
>  xen/common/vm_event.c               |   1 -
>  xen/include/asm-arm/domain.h        |   5 ++
>  xen/include/asm-arm/monitor.h       |  20 ++----
>  xen/include/asm-arm/vm_event.h      |  16 ++---
>  xen/include/public/domctl.h         |   1 +
>  xen/include/public/vm_event.h       |  27 ++++++++
>  15 files changed, 333 insertions(+), 33 deletions(-)
>  create mode 100644 xen/arch/arm/monitor.c
>  create mode 100644 xen/arch/arm/vm_event.c
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 5af7a0c..36d8591 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -355,12 +355,10 @@ VM EVENT AND MEM ACCESS
>  M:	Razvan Cojocaru <rcojocaru@bitdefender.com>
>  M:	Tamas K Lengyel <tamas@tklengyel.com>
>  S:	Supported
> -F:	xen/common/vm_event.c
> +F:	xen/*/vm_event.c
> +F:	xen/*/monitor.c
>  F:	xen/common/mem_access.c
> -F:	xen/common/monitor.c
>  F:	xen/arch/x86/hvm/event.c
> -F:	xen/arch/x86/monitor.c
> -F:	xen/arch/*/vm_event.c
>  F:	tools/tests/xen-access
>  
>  VTPM

This patch touches MAINTANERS, but so does the last patch in the series
(which does nothing else but touch MAINTAINERS). I wouldn't block this
patch on this account, but would it be problematic for all changes to
MAINTAINERS to occur in that patch?

> diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
> index 42f201b..4b75ae4 100644
> --- a/tools/libxc/include/xenctrl.h
> +++ b/tools/libxc/include/xenctrl.h
> @@ -2160,6 +2160,8 @@ int xc_monitor_software_breakpoint(xc_interface *xch, domid_t domain_id,
>                                     bool enable);
>  int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id,
>                               bool enable, bool sync);
> +int xc_monitor_privileged_call(xc_interface *xch, domid_t domain_id,
> +                               bool enable);
>  
>  /**
>   * This function enables / disables emulation for each REP for a
> diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c
> index b1705dd..072df70 100644
> --- a/tools/libxc/xc_monitor.c
> +++ b/tools/libxc/xc_monitor.c
> @@ -4,7 +4,7 @@
>   *
>   * Interface to VM event monitor
>   *
> - * Copyright (c) 2015 Tamas K Lengyel (tamas@tklengyel.com)
> + * Copyright (c) 2015-2016 Tamas K Lengyel (tamas@tklengyel.com)
>   *
>   * This library is free software; you can redistribute it and/or
>   * modify it under the terms of the GNU Lesser General Public
> @@ -156,3 +156,27 @@ int xc_monitor_emulate_each_rep(xc_interface *xch, domid_t domain_id,
>  
>      return do_domctl(xch, &domctl);
>  }
> +
> +int xc_monitor_privileged_call(xc_interface *xch, domid_t domain_id,
> +                               bool enable)
> +{
> +    DECLARE_DOMCTL;
> +
> +    domctl.cmd = XEN_DOMCTL_monitor_op;
> +    domctl.domain = domain_id;
> +    domctl.u.monitor_op.op = enable ? XEN_DOMCTL_MONITOR_OP_ENABLE
> +                                    : XEN_DOMCTL_MONITOR_OP_DISABLE;
> +    domctl.u.monitor_op.event = XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL;
> +
> +    return do_domctl(xch, &domctl);
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * tab-width: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/tools/tests/xen-access/xen-access.c b/tools/tests/xen-access/xen-access.c
> index f26e723..33e8044 100644
> --- a/tools/tests/xen-access/xen-access.c
> +++ b/tools/tests/xen-access/xen-access.c
> @@ -334,6 +334,8 @@ void usage(char* progname)
>      fprintf(stderr, "Usage: %s [-m] <domain_id> write|exec", progname);
>  #if defined(__i386__) || defined(__x86_64__)
>              fprintf(stderr, "|breakpoint|altp2m_write|altp2m_exec");
> +#elif defined(__arm__) || defined(__aarch64__)
> +            fprintf(stderr, "|privcall");
>  #endif
>              fprintf(stderr,
>              "\n"
> @@ -357,6 +359,7 @@ int main(int argc, char *argv[])
>      int required = 0;
>      int breakpoint = 0;
>      int shutting_down = 0;
> +    int privcall = 0;
>      int altp2m = 0;
>      uint16_t altp2m_view_id = 0;
>  
> @@ -412,6 +415,11 @@ int main(int argc, char *argv[])
>          default_access = XENMEM_access_rw;
>          altp2m = 1;
>      }
> +#elif defined(__arm__) || defined(__aarch64__)
> +    else if ( !strcmp(argv[0], "privcall") )
> +    {
> +        privcall = 1;
> +    }
>  #endif
>      else
>      {
> @@ -524,6 +532,16 @@ int main(int argc, char *argv[])
>          }
>      }
>  
> +    if ( privcall )
> +    {
> +        rc = xc_monitor_privileged_call(xch, domain_id, 1);
> +        if ( rc < 0 )
> +        {
> +            ERROR("Error %d setting privileged call trapping with vm_event\n", rc);
> +            goto exit;
> +        }
> +    }
> +
>      /* Wait for access */
>      for (;;)
>      {
> @@ -535,6 +553,9 @@ int main(int argc, char *argv[])
>              if ( breakpoint )
>                  rc = xc_monitor_software_breakpoint(xch, domain_id, 0);
>  
> +            if ( privcall )
> +                rc = xc_monitor_privileged_call(xch, domain_id, 0);
> +
>              if ( altp2m )
>              {
>                  rc = xc_altp2m_switch_to_view( xch, domain_id, 0 );
> @@ -635,7 +656,7 @@ int main(int argc, char *argv[])
>                  rsp.u.mem_access = req.u.mem_access;
>                  break;
>              case VM_EVENT_REASON_SOFTWARE_BREAKPOINT:
> -                printf("Breakpoint: rip=%016"PRIx64", gfn=%"PRIx64" (vcpu %d)\n",
> +                printf("Breakpoint: rip=%"PRIx64" gfn=%"PRIx64" (vcpu %d)\n",
>                         req.data.regs.x86.rip,
>                         req.u.software_breakpoint.gfn,
>                         req.vcpu_id);
> @@ -650,7 +671,15 @@ int main(int argc, char *argv[])
>                      interrupted = -1;
>                      continue;
>                  }
> +                break;
> +            case VM_EVENT_REASON_PRIVILEGED_CALL:
> +                printf("Privileged call: pc=%"PRIx64" (vcpu %d)\n",
> +                       req.data.regs.arm.pc,
> +                       req.vcpu_id);
>  
> +                rsp.data.regs.arm = req.data.regs.arm;
> +                rsp.data.regs.arm.pc += 4;
> +                rsp.flags |= VM_EVENT_FLAG_SET_REGISTERS;
>                  break;
>              case VM_EVENT_REASON_SINGLESTEP:
>                  printf("Singlestep: rip=%016"PRIx64", vcpu %d, altp2m %u\n",
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 0328b50..118be99 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -40,6 +40,8 @@ obj-y += device.o
>  obj-y += decode.o
>  obj-y += processor.o
>  obj-y += smc.o
> +obj-y += monitor.o
> +obj-y += vm_event.o
>  
>  #obj-bin-y += ....o
>  
> diff --git a/xen/arch/arm/monitor.c b/xen/arch/arm/monitor.c
> new file mode 100644
> index 0000000..e845f28
> --- /dev/null
> +++ b/xen/arch/arm/monitor.c
> @@ -0,0 +1,80 @@
> +/*
> + * arch/arm/monitor.c
> + *
> + * Arch-specific monitor_op domctl handler.
> + *
> + * Copyright (c) 2015-2016 Tamas K Lengyel (tamas@tklengyel.com)
> + * Copyright (c) 2016, Bitdefender S.R.L.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public
> + * License v2 as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public
> + * License along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <asm/vm_event.h>
> +#include <public/vm_event.h>
> +
> +int arch_monitor_domctl_event(struct domain *d,
> +                              struct xen_domctl_monitor_op *mop)
> +{
> +    struct arch_domain *ad = &d->arch;
> +    bool_t requested_status = (XEN_DOMCTL_MONITOR_OP_ENABLE == mop->op);
> +
> +    switch ( mop->event )
> +    {
> +    case XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL:
> +    {
> +        bool_t old_status = ad->monitor.privileged_call_enabled;
> +
> +        if ( unlikely(old_status == requested_status) )
> +            return -EEXIST;
> +
> +        domain_pause(d);
> +        ad->monitor.privileged_call_enabled = requested_status;
> +        domain_unpause(d);
> +        break;
> +    }
> +
> +    default:
> +        /*
> +         * Should not be reached unless arch_monitor_get_capabilities() is
> +         * not properly implemented.
> +         */
> +        ASSERT_UNREACHABLE();
> +        return -EOPNOTSUPP;
> +    }
> +
> +    return 0;
> +}
> +
> +int monitor_smc(const struct cpu_user_regs *regs) {
> +    struct vcpu *curr = current;
> +    vm_event_request_t req = { 0 };
> +
> +    if ( !curr->domain->arch.monitor.privileged_call_enabled )
> +        return 0;
> +
> +    req.reason = VM_EVENT_REASON_PRIVILEGED_CALL;
> +    req.vcpu_id = curr->vcpu_id;
> +
> +    vm_event_fill_regs(&req, regs, curr->domain);
> +
> +    return vm_event_monitor_traps(curr, 1, &req);
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 9abfc3c..9c8d395 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -41,6 +41,7 @@
>  #include <asm/mmio.h>
>  #include <asm/cpufeature.h>
>  #include <asm/flushtlb.h>
> +#include <asm/monitor.h>
>  
>  #include "decode.h"
>  #include "vtimer.h"
> @@ -2491,6 +2492,21 @@ bad_data_abort:
>      inject_dabt_exception(regs, info.gva, hsr.len);
>  }
>  
> +static void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr)
> +{
> +    int rc = 0;
> +    if ( current->domain->arch.monitor.privileged_call_enabled )
> +    {
> +        rc = monitor_smc(regs);
> +    }


If you need to increment the patch version, maybe remove the curly
braces here?

> +
> +    if ( rc != 1 )
> +    {
> +        GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
> +        inject_undef_exception(regs, hsr);
> +    }
> +}
> +
>  static void enter_hypervisor_head(struct cpu_user_regs *regs)
>  {
>      if ( guest_mode(regs) )
> @@ -2566,7 +2582,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
>           */
>          GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>          perfc_incr(trap_smc32);
> -        inject_undef32_exception(regs);
> +        do_trap_smc(regs, hsr);
>          break;
>      case HSR_EC_HVC32:
>          GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
> @@ -2599,7 +2615,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
>           */
>          GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
>          perfc_incr(trap_smc64);
> -        inject_undef64_exception(regs, hsr.len);
> +        do_trap_smc(regs, hsr);
>          break;
>      case HSR_EC_SYSREG:
>          GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
> diff --git a/xen/arch/arm/vm_event.c b/xen/arch/arm/vm_event.c
> new file mode 100644
> index 0000000..3369a96
> --- /dev/null
> +++ b/xen/arch/arm/vm_event.c
> @@ -0,0 +1,127 @@
> +/*
> + * arch/arm/vm_event.c
> + *
> + * Architecture-specific vm_event handling routines
> + *
> + * Copyright (c) 2016 Tamas K Lengyel (tamas@tklengyel.com)
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public
> + * License v2 as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public
> + * License along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/sched.h>
> +#include <asm/vm_event.h>
> +
> +void vm_event_fill_regs(vm_event_request_t *req,
> +                        const struct cpu_user_regs *regs,
> +                        struct domain *d)
> +{
> +    if ( is_32bit_domain(d) )
> +    {
> +        req->data.regs.arm.x0 = regs->r0;
> +        req->data.regs.arm.x1 = regs->r1;
> +        req->data.regs.arm.x2 = regs->r2;
> +        req->data.regs.arm.x3 = regs->r3;
> +        req->data.regs.arm.x4 = regs->r4;
> +        req->data.regs.arm.x5 = regs->r5;
> +        req->data.regs.arm.x6 = regs->r6;
> +        req->data.regs.arm.x7 = regs->r7;
> +        req->data.regs.arm.x8 = regs->r8;
> +        req->data.regs.arm.x9 = regs->r9;
> +        req->data.regs.arm.x10 = regs->r10;
> +        req->data.regs.arm.pc = regs->pc32;
> +        req->data.regs.arm.sp_el0 = regs->sp_usr;
> +        req->data.regs.arm.sp_el1 = regs->sp_svc;
> +    }
> +#ifdef CONFIG_ARM_64
> +    else
> +    {
> +        req->data.regs.arm.x0 = regs->x0;
> +        req->data.regs.arm.x1 = regs->x1;
> +        req->data.regs.arm.x2 = regs->x2;
> +        req->data.regs.arm.x3 = regs->x3;
> +        req->data.regs.arm.x4 = regs->x4;
> +        req->data.regs.arm.x5 = regs->x5;
> +        req->data.regs.arm.x6 = regs->x6;
> +        req->data.regs.arm.x7 = regs->x7;
> +        req->data.regs.arm.x8 = regs->x8;
> +        req->data.regs.arm.x9 = regs->x9;
> +        req->data.regs.arm.x10 = regs->x10;
> +        req->data.regs.arm.pc = regs->pc;
> +        req->data.regs.arm.sp_el0 = regs->sp_el0;
> +        req->data.regs.arm.sp_el1 = regs->sp_el1;
> +    }
> +#endif
> +    req->data.regs.arm.fp = regs->fp;
> +    req->data.regs.arm.lr = regs->lr;
> +    req->data.regs.arm.cpsr = regs->cpsr;
> +    req->data.regs.arm.spsr_el1 = regs->spsr_svc;
> +    req->data.regs.arm.ttbr0 = READ_SYSREG64(TTBR0_EL1);
> +    req->data.regs.arm.ttbr1 = READ_SYSREG64(TTBR1_EL1);
> +}
> +
> +void vm_event_set_registers(struct vcpu *v, vm_event_response_t *rsp)
> +{
> +    struct cpu_user_regs *regs = &v->arch.cpu_info->guest_cpu_user_regs;
> +
> +    if ( is_32bit_domain(v->domain) )
> +    {
> +        regs->r0 = rsp->data.regs.arm.x0;
> +        regs->r1 = rsp->data.regs.arm.x1;
> +        regs->r2 = rsp->data.regs.arm.x2;
> +        regs->r3 = rsp->data.regs.arm.x3;
> +        regs->r4 = rsp->data.regs.arm.x4;
> +        regs->r5 = rsp->data.regs.arm.x5;
> +        regs->r6 = rsp->data.regs.arm.x6;
> +        regs->r7 = rsp->data.regs.arm.x7;
> +        regs->r8 = rsp->data.regs.arm.x8;
> +        regs->r9 = rsp->data.regs.arm.x9;
> +        regs->r10 = rsp->data.regs.arm.x10;
> +        regs->pc32 = rsp->data.regs.arm.pc;
> +        regs->sp_usr = rsp->data.regs.arm.sp_el0;
> +        regs->sp_svc = rsp->data.regs.arm.sp_el1;
> +    }
> +#ifdef CONFIG_ARM_64
> +    else
> +    {
> +        regs->x0 = rsp->data.regs.arm.x0;
> +        regs->x1 = rsp->data.regs.arm.x1;
> +        regs->x2 = rsp->data.regs.arm.x2;
> +        regs->x3 = rsp->data.regs.arm.x3;
> +        regs->x4 = rsp->data.regs.arm.x4;
> +        regs->x5 = rsp->data.regs.arm.x5;
> +        regs->x6 = rsp->data.regs.arm.x6;
> +        regs->x7 = rsp->data.regs.arm.x7;
> +        regs->x8 = rsp->data.regs.arm.x8;
> +        regs->x9 = rsp->data.regs.arm.x9;
> +        regs->x10 = rsp->data.regs.arm.x10;
> +        regs->pc = rsp->data.regs.arm.pc;
> +        regs->sp_el0 = rsp->data.regs.arm.sp_el0;
> +        regs->sp_el1 = rsp->data.regs.arm.sp_el1;
> +    }
> +#endif
> +
> +    regs->fp = rsp->data.regs.arm.fp;
> +    regs->lr = rsp->data.regs.arm.lr;
> +    regs->cpsr = rsp->data.regs.arm.cpsr;
> +    v->arch.ttbr0 = rsp->data.regs.arm.ttbr0;
> +    v->arch.ttbr1 = rsp->data.regs.arm.ttbr1;
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/x86/hvm/event.c b/xen/arch/x86/hvm/event.c
> index 56c5514..f7d1418 100644
> --- a/xen/arch/x86/hvm/event.c
> +++ b/xen/arch/x86/hvm/event.c
> @@ -47,6 +47,7 @@ bool_t hvm_event_cr(unsigned int index, unsigned long value, unsigned long old)
>              .u.write_ctrlreg.old_value = old
>          };
>  
> +        vm_event_fill_regs(&req);
>          vm_event_monitor_traps(curr, sync, &req);
>          return 1;
>      }
> @@ -115,6 +116,7 @@ int hvm_event_breakpoint(unsigned long rip,
>      }
>  
>      req.vcpu_id = curr->vcpu_id;
> +    vm_event_fill_regs(&req);
>  
>      return vm_event_monitor_traps(curr, 1, &req);
>  }
> diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
> index 2906407..a29bda8 100644
> --- a/xen/common/vm_event.c
> +++ b/xen/common/vm_event.c
> @@ -818,7 +818,6 @@ int vm_event_monitor_traps(struct vcpu *v, uint8_t sync,
>          req->altp2m_idx = altp2m_vcpu_idx(v);
>      }
>  
> -    vm_event_fill_regs(req);
>      vm_event_put_request(d, &d->vm_event->monitor, req);
>  
>      return 1;

So now for x86 we only vm_fill_regs() for CR writes and breakpoints (and
EPT faults, but that's in p2m.c which hasn't been touched by this
patch)? That's a pretty big change, and one that's not explained in the
patch description (which makes no mention of any x86 changes).

Having that call in vm_event_monitor_traps() made sure that all
vm_events get a copy of the respective registers. In the x86 case, that
includes the guest request and MSR write events, which now no longer
seem to carry that information, unless I'm missing something.

That behaviour should not change for x86 events, please.


Thanks,
Razvan

Tamas K Lengyel April 29, 2016, 8:12 p.m. UTC | #2

> @@ -2491,6 +2492,21 @@ bad_data_abort:
> >      inject_dabt_exception(regs, info.gva, hsr.len);
> >  }
> >
> > +static void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr)
> > +{
> > +    int rc = 0;
> > +    if ( current->domain->arch.monitor.privileged_call_enabled )
> > +    {
> > +        rc = monitor_smc(regs);
> > +    }
>
>
> If you need to increment the patch version, maybe remove the curly
> braces here?
>

Sure.


>
> > diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
> > index 2906407..a29bda8 100644
> > --- a/xen/common/vm_event.c
> > +++ b/xen/common/vm_event.c
> > @@ -818,7 +818,6 @@ int vm_event_monitor_traps(struct vcpu *v, uint8_t
> sync,
> >          req->altp2m_idx = altp2m_vcpu_idx(v);
> >      }
> >
> > -    vm_event_fill_regs(req);
> >      vm_event_put_request(d, &d->vm_event->monitor, req);
> >
> >      return 1;
>
> So now for x86 we only vm_fill_regs() for CR writes and breakpoints (and
> EPT faults, but that's in p2m.c which hasn't been touched by this
> patch)? That's a pretty big change, and one that's not explained in the
> patch description (which makes no mention of any x86 changes).
>
> Having that call in vm_event_monitor_traps() made sure that all
> vm_events get a copy of the respective registers. In the x86 case, that
> includes the guest request and MSR write events, which now no longer
> seem to carry that information, unless I'm missing something.
>
> That behaviour should not change for x86 events, please.
>

Yeap, good catch. It needs to be moved from the common path because the
inputs to the function will differ on ARM and x86. I'll double-check that
the x86 paths will remain functionally the same.

Tamas

Tamas K Lengyel April 29, 2016, 8:27 p.m. UTC | #3

>
>
>
>
>>
>> > diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
>> > index 2906407..a29bda8 100644
>> > --- a/xen/common/vm_event.c
>> > +++ b/xen/common/vm_event.c
>> > @@ -818,7 +818,6 @@ int vm_event_monitor_traps(struct vcpu *v, uint8_t
>> sync,
>> >          req->altp2m_idx = altp2m_vcpu_idx(v);
>> >      }
>> >
>> > -    vm_event_fill_regs(req);
>> >      vm_event_put_request(d, &d->vm_event->monitor, req);
>> >
>> >      return 1;
>>
>> So now for x86 we only vm_fill_regs() for CR writes and breakpoints (and
>> EPT faults, but that's in p2m.c which hasn't been touched by this
>> patch)? That's a pretty big change, and one that's not explained in the
>> patch description (which makes no mention of any x86 changes).
>>
>> Having that call in vm_event_monitor_traps() made sure that all
>> vm_events get a copy of the respective registers. In the x86 case, that
>> includes the guest request and MSR write events, which now no longer
>> seem to carry that information, unless I'm missing something.
>>
>> That behaviour should not change for x86 events, please.
>>
>
> Yeap, good catch. It needs to be moved from the common path because the
> inputs to the function will differ on ARM and x86. I'll double-check that
> the x86 paths will remain functionally the same.
>

So for mem_access nothing changes in this patch, fill_regs was already
called from p2m.c. For MSR's I just missed adding the extra call. As for
vm_event_monitor_guest_request, it will needs to be moved to be
arch-specific. I think I'll do it as a precursor patch where I move it to
be in the arch-specific monitor code (where it should be actually). Will do
these fixes in the next round.

Thanks,
Tamas

Razvan Cojocaru April 29, 2016, 8:32 p.m. UTC | #4

On 04/29/16 23:27, Tamas K Lengyel wrote:
> 
>      
> 
> 
>         > diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
>         > index 2906407..a29bda8 100644
>         > --- a/xen/common/vm_event.c
>         > +++ b/xen/common/vm_event.c
>         > @@ -818,7 +818,6 @@ int vm_event_monitor_traps(struct vcpu *v, uint8_t sync,
>         >          req->altp2m_idx = altp2m_vcpu_idx(v);
>         >      }
>         >
>         > -    vm_event_fill_regs(req);
>         >      vm_event_put_request(d, &d->vm_event->monitor, req);
>         >
>         >      return 1;
> 
>         So now for x86 we only vm_fill_regs() for CR writes and
>         breakpoints (and
>         EPT faults, but that's in p2m.c which hasn't been touched by this
>         patch)? That's a pretty big change, and one that's not explained
>         in the
>         patch description (which makes no mention of any x86 changes).
> 
>         Having that call in vm_event_monitor_traps() made sure that all
>         vm_events get a copy of the respective registers. In the x86
>         case, that
>         includes the guest request and MSR write events, which now no longer
>         seem to carry that information, unless I'm missing something.
> 
>         That behaviour should not change for x86 events, please.
> 
> 
>     Yeap, good catch. It needs to be moved from the common path because
>     the inputs to the function will differ on ARM and x86. I'll
>     double-check that the x86 paths will remain functionally the same.
> 
> 
> So for mem_access nothing changes in this patch, fill_regs was already
> called from p2m.c. For MSR's I just missed adding the extra call. As for
> vm_event_monitor_guest_request, it will needs to be moved to be
> arch-specific. I think I'll do it as a precursor patch where I move it
> to be in the arch-specific monitor code (where it should be actually).
> Will do these fixes in the next round.

Fair enough, thanks!

Wei Liu May 2, 2016, 10:35 a.m. UTC | #5

On Fri, Apr 29, 2016 at 12:07:30PM -0600, Tamas K Lengyel wrote:
>  tools/libxc/include/xenctrl.h       |   2 +
>  tools/libxc/xc_monitor.c            |  26 +++++++-

Acked-by: Wei Liu <wei.liu2@citrix.com>

Julien Grall May 3, 2016, 11:31 a.m. UTC | #6

Hi Tamas,

On 29/04/16 19:07, Tamas K Lengyel wrote:
> The ARM SMC instructions are already configured to trap to Xen by default. In
> this patch we allow a user-space process in a privileged domain to receive
> notification of when such event happens through the vm_event subsystem by
> introducing the PRIVILEGED_CALL type.
>
> Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
> ---
> Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
> Cc: Wei Liu <wei.liu2@citrix.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Cc: Keir Fraser <keir@xen.org>
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
>
> v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
>      aarch64 support
> ---
>   MAINTAINERS                         |   6 +-
>   tools/libxc/include/xenctrl.h       |   2 +
>   tools/libxc/xc_monitor.c            |  26 +++++++-
>   tools/tests/xen-access/xen-access.c |  31 ++++++++-
>   xen/arch/arm/Makefile               |   2 +
>   xen/arch/arm/monitor.c              |  80 +++++++++++++++++++++++
>   xen/arch/arm/traps.c                |  20 +++++-
>   xen/arch/arm/vm_event.c             | 127 ++++++++++++++++++++++++++++++++++++
>   xen/arch/x86/hvm/event.c            |   2 +
>   xen/common/vm_event.c               |   1 -
>   xen/include/asm-arm/domain.h        |   5 ++
>   xen/include/asm-arm/monitor.h       |  20 ++----
>   xen/include/asm-arm/vm_event.h      |  16 ++---
>   xen/include/public/domctl.h         |   1 +
>   xen/include/public/vm_event.h       |  27 ++++++++
>   15 files changed, 333 insertions(+), 33 deletions(-)
>   create mode 100644 xen/arch/arm/monitor.c
>   create mode 100644 xen/arch/arm/vm_event.c

This patch is doing lots of things:
	- Add support for monitoring
	- Add support for vm_event
	- Monitor SMC
	- Move common code to arch specific code

As far as I can tell, all are distinct from each other. Can you please 
split this patch in smaller ones?

[...]

> diff --git a/xen/arch/arm/monitor.c b/xen/arch/arm/monitor.c
> new file mode 100644
> index 0000000..e845f28
> --- /dev/null
> +++ b/xen/arch/arm/monitor.c

[...]

> +int monitor_smc(const struct cpu_user_regs *regs) {

The { should be on a separate line.

> +    struct vcpu *curr = current;
> +    vm_event_request_t req = { 0 };
> +
> +    if ( !curr->domain->arch.monitor.privileged_call_enabled )
> +        return 0;
> +
> +    req.reason = VM_EVENT_REASON_PRIVILEGED_CALL;
> +    req.vcpu_id = curr->vcpu_id;
> +
> +    vm_event_fill_regs(&req, regs, curr->domain);
> +
> +    return vm_event_monitor_traps(curr, 1, &req);
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 9abfc3c..9c8d395 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -41,6 +41,7 @@
>   #include <asm/mmio.h>
>   #include <asm/cpufeature.h>
>   #include <asm/flushtlb.h>
> +#include <asm/monitor.h>
>
>   #include "decode.h"
>   #include "vtimer.h"
> @@ -2491,6 +2492,21 @@ bad_data_abort:
>       inject_dabt_exception(regs, info.gva, hsr.len);
>   }
>
> +static void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr)
> +{
> +    int rc = 0;

Newline here.

> +    if ( current->domain->arch.monitor.privileged_call_enabled )
> +    {
> +        rc = monitor_smc(regs);
> +    }

The bracket are not necessary.

> +
> +    if ( rc != 1 )

I think the code would be clearer if you introduce a define for "1".

> +    {
> +        GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));

This check cannot work for AArch64 guest.

> +        inject_undef_exception(regs, hsr);
> +    }
> +}
> +
>   static void enter_hypervisor_head(struct cpu_user_regs *regs)
>   {
>       if ( guest_mode(regs) )
> @@ -2566,7 +2582,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
>            */
>           GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>           perfc_incr(trap_smc32);
> -        inject_undef32_exception(regs);
> +        do_trap_smc(regs, hsr);
>           break;
>       case HSR_EC_HVC32:
>           GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
> @@ -2599,7 +2615,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
>            */
>           GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
>           perfc_incr(trap_smc64);
> -        inject_undef64_exception(regs, hsr.len);
> +        do_trap_smc(regs, hsr);
>           break;
>       case HSR_EC_SYSREG:
>           GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
> diff --git a/xen/arch/arm/vm_event.c b/xen/arch/arm/vm_event.c
> new file mode 100644
> index 0000000..3369a96
> --- /dev/null
> +++ b/xen/arch/arm/vm_event.c
> @@ -0,0 +1,127 @@
> +/*
> + * arch/arm/vm_event.c
> + *
> + * Architecture-specific vm_event handling routines
> + *
> + * Copyright (c) 2016 Tamas K Lengyel (tamas@tklengyel.com)
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public
> + * License v2 as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public
> + * License along with this program; If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/sched.h>
> +#include <asm/vm_event.h>
> +
> +void vm_event_fill_regs(vm_event_request_t *req,
> +                        const struct cpu_user_regs *regs,
> +                        struct domain *d)
> +{
> +    if ( is_32bit_domain(d) )
> +    {
> +        req->data.regs.arm.x0 = regs->r0;
> +        req->data.regs.arm.x1 = regs->r1;
> +        req->data.regs.arm.x2 = regs->r2;
> +        req->data.regs.arm.x3 = regs->r3;
> +        req->data.regs.arm.x4 = regs->r4;
> +        req->data.regs.arm.x5 = regs->r5;
> +        req->data.regs.arm.x6 = regs->r6;
> +        req->data.regs.arm.x7 = regs->r7;
> +        req->data.regs.arm.x8 = regs->r8;
> +        req->data.regs.arm.x9 = regs->r9;
> +        req->data.regs.arm.x10 = regs->r10;
> +        req->data.regs.arm.pc = regs->pc32;
> +        req->data.regs.arm.sp_el0 = regs->sp_usr;
> +        req->data.regs.arm.sp_el1 = regs->sp_svc;
> +    }
> +#ifdef CONFIG_ARM_64
Why
> +    else
> +    {
> +        req->data.regs.arm.x0 = regs->x0;
> +        req->data.regs.arm.x1 = regs->x1;
> +        req->data.regs.arm.x2 = regs->x2;
> +        req->data.regs.arm.x3 = regs->x3;
> +        req->data.regs.arm.x4 = regs->x4;
> +        req->data.regs.arm.x5 = regs->x5;
> +        req->data.regs.arm.x6 = regs->x6;
> +        req->data.regs.arm.x7 = regs->x7;
> +        req->data.regs.arm.x8 = regs->x8;
> +        req->data.regs.arm.x9 = regs->x9;
> +        req->data.regs.arm.x10 = regs->x10;

AArch64 provides 31 generate-purpose registers. Although, x29 and x30 
are respectively used for fp and lr.

> +        req->data.regs.arm.pc = regs->pc;
> +        req->data.regs.arm.sp_el0 = regs->sp_el0;
> +        req->data.regs.arm.sp_el1 = regs->sp_el1;
> +    }
> +#endif
> +    req->data.regs.arm.fp = regs->fp;
> +    req->data.regs.arm.lr = regs->lr;
> +    req->data.regs.arm.cpsr = regs->cpsr;
> +    req->data.regs.arm.spsr_el1 = regs->spsr_svc;
> +    req->data.regs.arm.ttbr0 = READ_SYSREG64(TTBR0_EL1);
> +    req->data.regs.arm.ttbr1 = READ_SYSREG64(TTBR1_EL1);
> +}
> +
> +void vm_event_set_registers(struct vcpu *v, vm_event_response_t *rsp)
> +{
> +    struct cpu_user_regs *regs = &v->arch.cpu_info->guest_cpu_user_regs;
> +
> +    if ( is_32bit_domain(v->domain) )
> +    {
> +        regs->r0 = rsp->data.regs.arm.x0;
> +        regs->r1 = rsp->data.regs.arm.x1;
> +        regs->r2 = rsp->data.regs.arm.x2;
> +        regs->r3 = rsp->data.regs.arm.x3;
> +        regs->r4 = rsp->data.regs.arm.x4;
> +        regs->r5 = rsp->data.regs.arm.x5;
> +        regs->r6 = rsp->data.regs.arm.x6;
> +        regs->r7 = rsp->data.regs.arm.x7;
> +        regs->r8 = rsp->data.regs.arm.x8;
> +        regs->r9 = rsp->data.regs.arm.x9;
> +        regs->r10 = rsp->data.regs.arm.x10;
> +        regs->pc32 = rsp->data.regs.arm.pc;
> +        regs->sp_usr = rsp->data.regs.arm.sp_el0;
> +        regs->sp_svc = rsp->data.regs.arm.sp_el1;
> +    }
> +#ifdef CONFIG_ARM_64
> +    else
> +    {
> +        regs->x0 = rsp->data.regs.arm.x0;
> +        regs->x1 = rsp->data.regs.arm.x1;
> +        regs->x2 = rsp->data.regs.arm.x2;
> +        regs->x3 = rsp->data.regs.arm.x3;
> +        regs->x4 = rsp->data.regs.arm.x4;
> +        regs->x5 = rsp->data.regs.arm.x5;
> +        regs->x6 = rsp->data.regs.arm.x6;
> +        regs->x7 = rsp->data.regs.arm.x7;
> +        regs->x8 = rsp->data.regs.arm.x8;
> +        regs->x9 = rsp->data.regs.arm.x9;
> +        regs->x10 = rsp->data.regs.arm.x10;
> +        regs->pc = rsp->data.regs.arm.pc;
> +        regs->sp_el0 = rsp->data.regs.arm.sp_el0;
> +        regs->sp_el1 = rsp->data.regs.arm.sp_el1;
> +    }
> +#endif
> +
> +    regs->fp = rsp->data.regs.arm.fp;
> +    regs->lr = rsp->data.regs.arm.lr;
> +    regs->cpsr = rsp->data.regs.arm.cpsr;
> +    v->arch.ttbr0 = rsp->data.regs.arm.ttbr0;
> +    v->arch.ttbr1 = rsp->data.regs.arm.ttbr1;
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */

[...]

> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
> index 2457698..35adce2 100644
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -1080,6 +1080,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cmt_op_t);
>   #define XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP            2
>   #define XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT   3
>   #define XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST         4
> +#define XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL       5
>
>   struct xen_domctl_monitor_op {
>       uint32_t op; /* XEN_DOMCTL_MONITOR_OP_* */
> diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h
> index 9270d52..f039207 100644
> --- a/xen/include/public/vm_event.h
> +++ b/xen/include/public/vm_event.h
> @@ -119,6 +119,8 @@
>   #define VM_EVENT_REASON_SINGLESTEP              7
>   /* An event has been requested via HVMOP_guest_request_vm_event. */
>   #define VM_EVENT_REASON_GUEST_REQUEST           8
> +/* Privileged call executed (e.g. SMC) */
> +#define VM_EVENT_REASON_PRIVILEGED_CALL         9
>
>   /* Supported values for the vm_event_write_ctrlreg index. */
>   #define VM_EVENT_X86_CR0    0
> @@ -166,6 +168,30 @@ struct vm_event_regs_x86 {
>       uint32_t _pad;
>   };
>
> +struct vm_event_regs_arm {
> +    /*       Aarch64       Aarch32 */
> +    uint64_t x0;       /*  r0_usr  */
> +    uint64_t x1;       /*  r1_usr  */
> +    uint64_t x2;       /*  r2_usr  */
> +    uint64_t x3;       /*  r3_usr  */
> +    uint64_t x4;       /*  r4_usr  */
> +    uint64_t x5;       /*  r5_usr  */
> +    uint64_t x6;       /*  r6_usr  */
> +    uint64_t x7;       /*  r7_usr  */
> +    uint64_t x8;       /*  r8_usr  */
> +    uint64_t x9;       /*  r9_usr  */
> +    uint64_t x10;      /*  r10_usr */

I would introduce an union to let the choice to the userspace to deal 
only with AArch32 registers. See vcpu_guest_core_regs.

> +    uint64_t lr;       /*  lr_usr  */
> +    uint64_t sp_el0;   /*  sp_usr  */
> +    uint64_t sp_el1;   /*  sp_svc  */
> +    uint32_t spsr_el1; /*  spsr_svc */
> +    uint64_t fp;
> +    uint64_t pc;
> +    uint32_t cpsr;
> +    uint64_t ttbr0;
> +    uint64_t ttbr1;
> +};
> +
>   /*
>    * mem_access flag definitions
>    *
> @@ -254,6 +280,7 @@ typedef struct vm_event_st {
>       union {
>           union {
>               struct vm_event_regs_x86 x86;
> +            struct vm_event_regs_arm arm;
>           } regs;
>
>           struct vm_event_emul_read_data emul_read_data;
>

Regards,

Tamas K Lengyel May 3, 2016, 6:48 p.m. UTC | #7

On Tue, May 3, 2016 at 5:31 AM, Julien Grall <julien.grall@arm.com> wrote:

> Hi Tamas,
>
>
> On 29/04/16 19:07, Tamas K Lengyel wrote:
>
>> The ARM SMC instructions are already configured to trap to Xen by
>> default. In
>> this patch we allow a user-space process in a privileged domain to receive
>> notification of when such event happens through the vm_event subsystem by
>> introducing the PRIVILEGED_CALL type.
>>
>> Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
>> ---
>> Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
>> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
>> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
>> Cc: Wei Liu <wei.liu2@citrix.com>
>> Cc: Julien Grall <julien.grall@arm.com>
>> Cc: Keir Fraser <keir@xen.org>
>> Cc: Jan Beulich <jbeulich@suse.com>
>> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
>>
>> v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
>>      aarch64 support
>> ---
>>   MAINTAINERS                         |   6 +-
>>   tools/libxc/include/xenctrl.h       |   2 +
>>   tools/libxc/xc_monitor.c            |  26 +++++++-
>>   tools/tests/xen-access/xen-access.c |  31 ++++++++-
>>   xen/arch/arm/Makefile               |   2 +
>>   xen/arch/arm/monitor.c              |  80 +++++++++++++++++++++++
>>   xen/arch/arm/traps.c                |  20 +++++-
>>   xen/arch/arm/vm_event.c             | 127
>> ++++++++++++++++++++++++++++++++++++
>>   xen/arch/x86/hvm/event.c            |   2 +
>>   xen/common/vm_event.c               |   1 -
>>   xen/include/asm-arm/domain.h        |   5 ++
>>   xen/include/asm-arm/monitor.h       |  20 ++----
>>   xen/include/asm-arm/vm_event.h      |  16 ++---
>>   xen/include/public/domctl.h         |   1 +
>>   xen/include/public/vm_event.h       |  27 ++++++++
>>   15 files changed, 333 insertions(+), 33 deletions(-)
>>   create mode 100644 xen/arch/arm/monitor.c
>>   create mode 100644 xen/arch/arm/vm_event.c
>>
>
> This patch is doing lots of things:
>         - Add support for monitoring
>         - Add support for vm_event
>         - Monitor SMC
>         - Move common code to arch specific code
>
> As far as I can tell, all are distinct from each other. Can you please
> split this patch in smaller ones?
>

While I can split off some parts into separate patches, like
getting/setting ARM registers through VM events and the tools patches, the
other components are pretty tightly coupled and don't actually make sense
to split them. For example, enabling a monitor domctl for an event without
the VM event components doesn't make much sense. Vice verse for the
vm_event parts without being able to enable them.


>
> [...]
>
> diff --git a/xen/arch/arm/monitor.c b/xen/arch/arm/monitor.c
>> new file mode 100644
>> index 0000000..e845f28
>> --- /dev/null
>> +++ b/xen/arch/arm/monitor.c
>>
>
> [...]
>
> +int monitor_smc(const struct cpu_user_regs *regs) {
>>
>
> The { should be on a separate line.


Ack.


>
>
> +    struct vcpu *curr = current;
>> +    vm_event_request_t req = { 0 };
>> +
>> +    if ( !curr->domain->arch.monitor.privileged_call_enabled )
>> +        return 0;
>> +
>> +    req.reason = VM_EVENT_REASON_PRIVILEGED_CALL;
>> +    req.vcpu_id = curr->vcpu_id;
>> +
>> +    vm_event_fill_regs(&req, regs, curr->domain);
>> +
>> +    return vm_event_monitor_traps(curr, 1, &req);
>> +}
>> +
>> +/*
>> + * Local variables:
>> + * mode: C
>> + * c-file-style: "BSD"
>> + * c-basic-offset: 4
>> + * indent-tabs-mode: nil
>> + * End:
>> + */
>> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
>> index 9abfc3c..9c8d395 100644
>> --- a/xen/arch/arm/traps.c
>> +++ b/xen/arch/arm/traps.c
>> @@ -41,6 +41,7 @@
>>   #include <asm/mmio.h>
>>   #include <asm/cpufeature.h>
>>   #include <asm/flushtlb.h>
>> +#include <asm/monitor.h>
>>
>>   #include "decode.h"
>>   #include "vtimer.h"
>> @@ -2491,6 +2492,21 @@ bad_data_abort:
>>       inject_dabt_exception(regs, info.gva, hsr.len);
>>   }
>>
>> +static void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr)
>> +{
>> +    int rc = 0;
>>
>
> Newline here.
>

Ack.


>
> +    if ( current->domain->arch.monitor.privileged_call_enabled )
>> +    {
>> +        rc = monitor_smc(regs);
>> +    }
>>
>
> The bracket are not necessary.
>

Ack.


>
> +
>> +    if ( rc != 1 )
>>
>
> I think the code would be clearer if you introduce a define for "1".
>

Maybe not a define but calling the variable "handled" as we do on x86 would
be more descriptive.


>
> +    {
>> +        GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>>
>
> This check cannot work for AArch64 guest.


For HSR_EC_SMC32 there is already
GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr)); and for HSR_EC_SMC64 there is
GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr)); before calling do_trap_smc. So
are you saying that check is wrong for AArch64 as it is right now in
unstable? Also, is there any reason those checks are opposite of each other?


>
>
> +        inject_undef_exception(regs, hsr);
>> +    }
>> +}
>> +
>>   static void enter_hypervisor_head(struct cpu_user_regs *regs)
>>   {
>>       if ( guest_mode(regs) )
>> @@ -2566,7 +2582,7 @@ asmlinkage void do_trap_hypervisor(struct
>> cpu_user_regs *regs)
>>            */
>>           GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>>           perfc_incr(trap_smc32);
>> -        inject_undef32_exception(regs);
>> +        do_trap_smc(regs, hsr);
>>           break;
>>       case HSR_EC_HVC32:
>>           GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>> @@ -2599,7 +2615,7 @@ asmlinkage void do_trap_hypervisor(struct
>> cpu_user_regs *regs)
>>            */
>>           GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
>>           perfc_incr(trap_smc64);
>> -        inject_undef64_exception(regs, hsr.len);
>> +        do_trap_smc(regs, hsr);
>>           break;
>>       case HSR_EC_SYSREG:
>>           GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
>> diff --git a/xen/arch/arm/vm_event.c b/xen/arch/arm/vm_event.c
>> new file mode 100644
>> index 0000000..3369a96
>> --- /dev/null
>> +++ b/xen/arch/arm/vm_event.c
>> @@ -0,0 +1,127 @@
>> +/*
>> + * arch/arm/vm_event.c
>> + *
>> + * Architecture-specific vm_event handling routines
>> + *
>> + * Copyright (c) 2016 Tamas K Lengyel (tamas@tklengyel.com)
>> + *
>> + * This program is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU General Public
>> + * License v2 as published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> + * General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public
>> + * License along with this program; If not, see <
>> http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#include <xen/sched.h>
>> +#include <asm/vm_event.h>
>> +
>> +void vm_event_fill_regs(vm_event_request_t *req,
>> +                        const struct cpu_user_regs *regs,
>> +                        struct domain *d)
>> +{
>> +    if ( is_32bit_domain(d) )
>> +    {
>> +        req->data.regs.arm.x0 = regs->r0;
>> +        req->data.regs.arm.x1 = regs->r1;
>> +        req->data.regs.arm.x2 = regs->r2;
>> +        req->data.regs.arm.x3 = regs->r3;
>> +        req->data.regs.arm.x4 = regs->r4;
>> +        req->data.regs.arm.x5 = regs->r5;
>> +        req->data.regs.arm.x6 = regs->r6;
>> +        req->data.regs.arm.x7 = regs->r7;
>> +        req->data.regs.arm.x8 = regs->r8;
>> +        req->data.regs.arm.x9 = regs->r9;
>> +        req->data.regs.arm.x10 = regs->r10;
>> +        req->data.regs.arm.pc = regs->pc32;
>> +        req->data.regs.arm.sp_el0 = regs->sp_usr;
>> +        req->data.regs.arm.sp_el1 = regs->sp_svc;
>> +    }
>> +#ifdef CONFIG_ARM_64
>>
> Why
>
>> +    else
>> +    {
>> +        req->data.regs.arm.x0 = regs->x0;
>> +        req->data.regs.arm.x1 = regs->x1;
>> +        req->data.regs.arm.x2 = regs->x2;
>> +        req->data.regs.arm.x3 = regs->x3;
>> +        req->data.regs.arm.x4 = regs->x4;
>> +        req->data.regs.arm.x5 = regs->x5;
>> +        req->data.regs.arm.x6 = regs->x6;
>> +        req->data.regs.arm.x7 = regs->x7;
>> +        req->data.regs.arm.x8 = regs->x8;
>> +        req->data.regs.arm.x9 = regs->x9;
>> +        req->data.regs.arm.x10 = regs->x10;
>>
>
> AArch64 provides 31 generate-purpose registers. Although, x29 and x30 are
> respectively used for fp and lr.


For vm_event it's not necessary to get all registers, rather it's just a
handful of selection that may be especially "useful" for introspection.
It's also important not to fill up the vm_event monitor ring with huge
request/response structs so even on x86 we only have a subset of the
registers. As right now there are no applications for aarch64, it's only a
guess of what registers would be "useful" and may be adjusted in future
versions as we start to have applications using this.


>
>
> +        req->data.regs.arm.pc = regs->pc;
>> +        req->data.regs.arm.sp_el0 = regs->sp_el0;
>> +        req->data.regs.arm.sp_el1 = regs->sp_el1;
>> +    }
>> +#endif
>> +    req->data.regs.arm.fp = regs->fp;
>> +    req->data.regs.arm.lr = regs->lr;
>> +    req->data.regs.arm.cpsr = regs->cpsr;
>> +    req->data.regs.arm.spsr_el1 = regs->spsr_svc;
>> +    req->data.regs.arm.ttbr0 = READ_SYSREG64(TTBR0_EL1);
>> +    req->data.regs.arm.ttbr1 = READ_SYSREG64(TTBR1_EL1);
>> +}
>> +
>> +void vm_event_set_registers(struct vcpu *v, vm_event_response_t *rsp)
>> +{
>> +    struct cpu_user_regs *regs = &v->arch.cpu_info->guest_cpu_user_regs;
>> +
>> +    if ( is_32bit_domain(v->domain) )
>> +    {
>> +        regs->r0 = rsp->data.regs.arm.x0;
>> +        regs->r1 = rsp->data.regs.arm.x1;
>> +        regs->r2 = rsp->data.regs.arm.x2;
>> +        regs->r3 = rsp->data.regs.arm.x3;
>> +        regs->r4 = rsp->data.regs.arm.x4;
>> +        regs->r5 = rsp->data.regs.arm.x5;
>> +        regs->r6 = rsp->data.regs.arm.x6;
>> +        regs->r7 = rsp->data.regs.arm.x7;
>> +        regs->r8 = rsp->data.regs.arm.x8;
>> +        regs->r9 = rsp->data.regs.arm.x9;
>> +        regs->r10 = rsp->data.regs.arm.x10;
>> +        regs->pc32 = rsp->data.regs.arm.pc;
>> +        regs->sp_usr = rsp->data.regs.arm.sp_el0;
>> +        regs->sp_svc = rsp->data.regs.arm.sp_el1;
>> +    }
>> +#ifdef CONFIG_ARM_64
>> +    else
>> +    {
>> +        regs->x0 = rsp->data.regs.arm.x0;
>> +        regs->x1 = rsp->data.regs.arm.x1;
>> +        regs->x2 = rsp->data.regs.arm.x2;
>> +        regs->x3 = rsp->data.regs.arm.x3;
>> +        regs->x4 = rsp->data.regs.arm.x4;
>> +        regs->x5 = rsp->data.regs.arm.x5;
>> +        regs->x6 = rsp->data.regs.arm.x6;
>> +        regs->x7 = rsp->data.regs.arm.x7;
>> +        regs->x8 = rsp->data.regs.arm.x8;
>> +        regs->x9 = rsp->data.regs.arm.x9;
>> +        regs->x10 = rsp->data.regs.arm.x10;
>> +        regs->pc = rsp->data.regs.arm.pc;
>> +        regs->sp_el0 = rsp->data.regs.arm.sp_el0;
>> +        regs->sp_el1 = rsp->data.regs.arm.sp_el1;
>> +    }
>> +#endif
>> +
>> +    regs->fp = rsp->data.regs.arm.fp;
>> +    regs->lr = rsp->data.regs.arm.lr;
>> +    regs->cpsr = rsp->data.regs.arm.cpsr;
>> +    v->arch.ttbr0 = rsp->data.regs.arm.ttbr0;
>> +    v->arch.ttbr1 = rsp->data.regs.arm.ttbr1;
>> +}
>> +
>> +/*
>> + * Local variables:
>> + * mode: C
>> + * c-file-style: "BSD"
>> + * c-basic-offset: 4
>> + * indent-tabs-mode: nil
>> + * End:
>> + */
>>
>
> [...]
>
>
> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
>> index 2457698..35adce2 100644
>> --- a/xen/include/public/domctl.h
>> +++ b/xen/include/public/domctl.h
>> @@ -1080,6 +1080,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cmt_op_t);
>>   #define XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP            2
>>   #define XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT   3
>>   #define XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST         4
>> +#define XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL       5
>>
>>   struct xen_domctl_monitor_op {
>>       uint32_t op; /* XEN_DOMCTL_MONITOR_OP_* */
>> diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h
>> index 9270d52..f039207 100644
>> --- a/xen/include/public/vm_event.h
>> +++ b/xen/include/public/vm_event.h
>> @@ -119,6 +119,8 @@
>>   #define VM_EVENT_REASON_SINGLESTEP              7
>>   /* An event has been requested via HVMOP_guest_request_vm_event. */
>>   #define VM_EVENT_REASON_GUEST_REQUEST           8
>> +/* Privileged call executed (e.g. SMC) */
>> +#define VM_EVENT_REASON_PRIVILEGED_CALL         9
>>
>>   /* Supported values for the vm_event_write_ctrlreg index. */
>>   #define VM_EVENT_X86_CR0    0
>> @@ -166,6 +168,30 @@ struct vm_event_regs_x86 {
>>       uint32_t _pad;
>>   };
>>
>> +struct vm_event_regs_arm {
>> +    /*       Aarch64       Aarch32 */
>> +    uint64_t x0;       /*  r0_usr  */
>> +    uint64_t x1;       /*  r1_usr  */
>> +    uint64_t x2;       /*  r2_usr  */
>> +    uint64_t x3;       /*  r3_usr  */
>> +    uint64_t x4;       /*  r4_usr  */
>> +    uint64_t x5;       /*  r5_usr  */
>> +    uint64_t x6;       /*  r6_usr  */
>> +    uint64_t x7;       /*  r7_usr  */
>> +    uint64_t x8;       /*  r8_usr  */
>> +    uint64_t x9;       /*  r9_usr  */
>> +    uint64_t x10;      /*  r10_usr */
>>
>
> I would introduce an union to let the choice to the userspace to deal only
> with AArch32 registers. See vcpu_guest_core_regs.
>

Sure.


>
> +    uint64_t lr;       /*  lr_usr  */
>> +    uint64_t sp_el0;   /*  sp_usr  */
>> +    uint64_t sp_el1;   /*  sp_svc  */
>> +    uint32_t spsr_el1; /*  spsr_svc */
>> +    uint64_t fp;
>> +    uint64_t pc;
>> +    uint32_t cpsr;
>> +    uint64_t ttbr0;
>> +    uint64_t ttbr1;
>> +};
>> +
>>   /*
>>    * mem_access flag definitions
>>    *
>> @@ -254,6 +280,7 @@ typedef struct vm_event_st {
>>       union {
>>           union {
>>               struct vm_event_regs_x86 x86;
>> +            struct vm_event_regs_arm arm;
>>           } regs;
>>
>>           struct vm_event_emul_read_data emul_read_data;
>>
>>
> Regards,
>
> --
> Julien Grall
>

Thanks,
Tamas

Julien Grall May 4, 2016, 10:31 a.m. UTC | #8

Hi Tamas,

Can you configure your email client to quote properly? I.e using ">" 
rather than tabulation to show the quoting.

On 03/05/2016 19:48, Tamas K Lengyel wrote:
>
>
> On Tue, May 3, 2016 at 5:31 AM, Julien Grall <julien.grall@arm.com
> <mailto:julien.grall@arm.com>> wrote:
>     On 29/04/16 19:07, Tamas K Lengyel wrote:
>
>         The ARM SMC instructions are already configured to trap to Xen
>         by default. In
>         this patch we allow a user-space process in a privileged domain
>         to receive
>         notification of when such event happens through the vm_event
>         subsystem by
>         introducing the PRIVILEGED_CALL type.
>
>         Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com
>         <mailto:tamas@tklengyel.com>>
>         ---
>         Cc: Razvan Cojocaru <rcojocaru@bitdefender.com
>         <mailto:rcojocaru@bitdefender.com>>
>         Cc: Ian Jackson <ian.jackson@eu.citrix.com
>         <mailto:ian.jackson@eu.citrix.com>>
>         Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com
>         <mailto:stefano.stabellini@eu.citrix.com>>
>         Cc: Wei Liu <wei.liu2@citrix.com <mailto:wei.liu2@citrix.com>>
>         Cc: Julien Grall <julien.grall@arm.com
>         <mailto:julien.grall@arm.com>>
>         Cc: Keir Fraser <keir@xen.org <mailto:keir@xen.org>>
>         Cc: Jan Beulich <jbeulich@suse.com <mailto:jbeulich@suse.com>>
>         Cc: Andrew Cooper <andrew.cooper3@citrix.com
>         <mailto:andrew.cooper3@citrix.com>>
>
>         v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
>               aarch64 support
>         ---
>            MAINTAINERS                         |   6 +-
>            tools/libxc/include/xenctrl.h       |   2 +
>            tools/libxc/xc_monitor.c            |  26 +++++++-
>            tools/tests/xen-access/xen-access.c |  31 ++++++++-
>            xen/arch/arm/Makefile               |   2 +
>            xen/arch/arm/monitor.c              |  80 +++++++++++++++++++++++
>            xen/arch/arm/traps.c                |  20 +++++-
>            xen/arch/arm/vm_event.c             | 127
>         ++++++++++++++++++++++++++++++++++++
>            xen/arch/x86/hvm/event.c            |   2 +
>            xen/common/vm_event.c               |   1 -
>            xen/include/asm-arm/domain.h        |   5 ++
>            xen/include/asm-arm/monitor.h       |  20 ++----
>            xen/include/asm-arm/vm_event.h      |  16 ++---
>            xen/include/public/domctl.h         |   1 +
>            xen/include/public/vm_event.h       |  27 ++++++++
>            15 files changed, 333 insertions(+), 33 deletions(-)
>            create mode 100644 xen/arch/arm/monitor.c
>            create mode 100644 xen/arch/arm/vm_event.c
>
>
>     This patch is doing lots of things:
>              - Add support for monitoring
>              - Add support for vm_event
>              - Monitor SMC
>              - Move common code to arch specific code
>
>     As far as I can tell, all are distinct from each other. Can you
>     please split this patch in smaller ones?
>
>
> While I can split off some parts into separate patches, like
> getting/setting ARM registers through VM events and the tools patches,
> the other components are pretty tightly coupled and don't actually make
> sense to split them. For example, enabling a monitor domctl for an event
> without the VM event components doesn't make much sense. Vice verse for
> the vm_event parts without being able to enable them.

Well, the commit message does not mention half of the changes of this 
patch. Some changes like moving common code to arch specific code 
clearly needs explanation. It is the same for the fact that you only 
present a reduce set of registers to vm event for AArch64.

In any case, there is too many logical changes in this patch, which 
makes difficult to review it. So please split this patch in smaller chunk.

[...]

>         +    if ( current->domain->arch.monitor.privileged_call_enabled )
>         +    {
>         +        rc = monitor_smc(regs);
>         +    }
>
>
>     The bracket are not necessary.
>
>
> Ack.
>
>
>         +
>         +    if ( rc != 1 )
>
>
>     I think the code would be clearer if you introduce a define for "1".
>
>
> Maybe not a define but calling the variable "handled" as we do on x86
> would be more descriptive.

IHMO, "handled" infers that the variable is boolean. This is not the 
case here as you could have negative value.

>
>
>         +    {
>         +        GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>
>
>     This check cannot work for AArch64 guest.
>
>
> For HSR_EC_SMC32 there is already
> GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr)); and for HSR_EC_SMC64 there
> is GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr)); before calling
> do_trap_smc. So are you saying that check is wrong for AArch64 as it is
> right now in unstable? Also, is there any reason those checks are
> opposite of each other?

No, I am saying that your check is wrong here. psr_mode_is_32bit returns 
true if the guest was running in 32-bit mode, else false when running in 
64-bit mode.

The check are opposites each other because the exception SMC64 can only 
be taken from an AArch64 state, and SMC32 from an AArch32 State.

[...]

>     AArch64 provides 31 generate-purpose registers. Although, x29 and
>     x30 are respectively used for fp and lr.
>
>
> For vm_event it's not necessary to get all registers, rather it's just a
> handful of selection that may be especially "useful" for introspection.

How did you decide that only the first to xN registers are useful? It 
would be valid to have an SMC call using x20 for an arguments.

Similarly, the hypercall convention for AArch64 makes use of x16 which 
is not exposed to the vm event subsystem.

> It's also important not to fill up the vm_event monitor ring with huge
> request/response structs so even on x86 we only have a subset of the
> registers. As right now there are no applications for aarch64, it's only
> a guess of what registers would be "useful" and may be adjusted in
> future versions as we start to have applications using this.

Guessing the set of useful registers is usually not a good idea (see why 
above).

Regards,

Tamas K Lengyel May 4, 2016, 12:42 p.m. UTC | #9

> On 03/05/2016 19:48, Tamas K Lengyel wrote:
>>
>>
>>
>> On Tue, May 3, 2016 at 5:31 AM, Julien Grall <julien.grall@arm.com
>> <mailto:julien.grall@arm.com>> wrote:
>>     On 29/04/16 19:07, Tamas K Lengyel wrote:
>>
>>         The ARM SMC instructions are already configured to trap to Xen
>>         by default. In
>>         this patch we allow a user-space process in a privileged domain
>>         to receive
>>         notification of when such event happens through the vm_event
>>         subsystem by
>>         introducing the PRIVILEGED_CALL type.
>>
>>         Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com
>>         <mailto:tamas@tklengyel.com>>
>>
>>         ---
>>         Cc: Razvan Cojocaru <rcojocaru@bitdefender.com
>>         <mailto:rcojocaru@bitdefender.com>>
>>         Cc: Ian Jackson <ian.jackson@eu.citrix.com
>>         <mailto:ian.jackson@eu.citrix.com>>
>>         Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com
>>         <mailto:stefano.stabellini@eu.citrix.com>>
>>         Cc: Wei Liu <wei.liu2@citrix.com <mailto:wei.liu2@citrix.com>>
>>         Cc: Julien Grall <julien.grall@arm.com
>>         <mailto:julien.grall@arm.com>>
>>         Cc: Keir Fraser <keir@xen.org <mailto:keir@xen.org>>
>>         Cc: Jan Beulich <jbeulich@suse.com <mailto:jbeulich@suse.com>>
>>         Cc: Andrew Cooper <andrew.cooper3@citrix.com
>>         <mailto:andrew.cooper3@citrix.com>>
>>
>>
>>         v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
>>               aarch64 support
>>         ---
>>            MAINTAINERS                         |   6 +-
>>            tools/libxc/include/xenctrl.h       |   2 +
>>            tools/libxc/xc_monitor.c            |  26 +++++++-
>>            tools/tests/xen-access/xen-access.c |  31 ++++++++-
>>            xen/arch/arm/Makefile               |   2 +
>>            xen/arch/arm/monitor.c              |  80
+++++++++++++++++++++++
>>            xen/arch/arm/traps.c                |  20 +++++-
>>            xen/arch/arm/vm_event.c             | 127
>>         ++++++++++++++++++++++++++++++++++++
>>            xen/arch/x86/hvm/event.c            |   2 +
>>            xen/common/vm_event.c               |   1 -
>>            xen/include/asm-arm/domain.h        |   5 ++
>>            xen/include/asm-arm/monitor.h       |  20 ++----
>>            xen/include/asm-arm/vm_event.h      |  16 ++---
>>            xen/include/public/domctl.h         |   1 +
>>            xen/include/public/vm_event.h       |  27 ++++++++
>>            15 files changed, 333 insertions(+), 33 deletions(-)
>>            create mode 100644 xen/arch/arm/monitor.c
>>            create mode 100644 xen/arch/arm/vm_event.c
>>
>>
>>     This patch is doing lots of things:
>>              - Add support for monitoring
>>              - Add support for vm_event
>>              - Monitor SMC
>>              - Move common code to arch specific code
>>
>>     As far as I can tell, all are distinct from each other. Can you
>>     please split this patch in smaller ones?
>>
>>
>> While I can split off some parts into separate patches, like
>> getting/setting ARM registers through VM events and the tools patches,
>> the other components are pretty tightly coupled and don't actually make
>> sense to split them. For example, enabling a monitor domctl for an event
>> without the VM event components doesn't make much sense. Vice verse for
>> the vm_event parts without being able to enable them.
>
>
> Well, the commit message does not mention half of the changes of this
patch. Some changes like moving common code to arch specific code clearly
needs explanation. It is the same for the fact that you only present a
reduce set of registers to vm event for AArch64.

This IMHO is not outstanding, it's the same on x86.

>
> In any case, there is too many logical changes in this patch, which makes
difficult to review it. So please split this patch in smaller chunk.

Sure, I already split the parts I mentioned in the previous message.

>
> [...]
>
>
>>         +    if ( current->domain->arch.monitor.privileged_call_enabled )
>>         +    {
>>         +        rc = monitor_smc(regs);
>>         +    }
>>
>>
>>     The bracket are not necessary.
>>
>>
>> Ack.
>>
>>
>>         +
>>         +    if ( rc != 1 )
>>
>>
>>     I think the code would be clearer if you introduce a define for "1".
>>
>>
>> Maybe not a define but calling the variable "handled" as we do on x86
>> would be more descriptive.
>
>
> IHMO, "handled" infers that the variable is boolean. This is not the case
here as you could have negative value.

It may be but thats the convention we have for this on x86 so symmetry is
better then introducing a new define just for the ARM case.

>
>
>>
>>
>>         +    {
>>         +        GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>>
>>
>>     This check cannot work for AArch64 guest.
>>
>>
>> For HSR_EC_SMC32 there is already
>> GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr)); and for HSR_EC_SMC64 there
>> is GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr)); before calling
>> do_trap_smc. So are you saying that check is wrong for AArch64 as it is
>> right now in unstable? Also, is there any reason those checks are
>> opposite of each other?
>
>
> No, I am saying that your check is wrong here. psr_mode_is_32bit returns
true if the guest was running in 32-bit mode, else false when running in
64-bit mode.
>
> The check are opposites each other because the exception SMC64 can only
be taken from an AArch64 state, and SMC32 from an AArch32 State.

Ok, got it.

>
> [...]
>
>
>>     AArch64 provides 31 generate-purpose registers. Although, x29 and
>>     x30 are respectively used for fp and lr.
>>
>>
>> For vm_event it's not necessary to get all registers, rather it's just a
>> handful of selection that may be especially "useful" for introspection.
>
>
> How did you decide that only the first to xN registers are useful? It
would be valid to have an SMC call using x20 for an arguments.
>
> Similarly, the hypercall convention for AArch64 makes use of x16 which is
not exposed to the vm event subsystem.

Certainly, as I said, if a future application needs other registers to be
sent here and can justify it, this can be adjusted.

>
>
>> It's also important not to fill up the vm_event monitor ring with huge
>> request/response structs so even on x86 we only have a subset of the
>> registers. As right now there are no applications for aarch64, it's only
>> a guess of what registers would be "useful" and may be adjusted in
>> future versions as we start to have applications using this.
>
>
> Guessing the set of useful registers is usually not a good idea (see why
above).
>

Remember, the subscriber can always get/set the full set of registers when
it needs to, so completeness here is not critical. You are missing the
point that the space on the ring is limited and it can fill up fast when
the full vCPU context is pushed on it for all events. Right now the x86
side is still larger so we have some room for additional registers to be
sent when users of this system have a better view into what they find
important. Which is IMHO not now.

Thanks,
Tamas

Julien Grall May 4, 2016, 1:26 p.m. UTC | #10

Hi Tamas,

I have just noticed that you use an old email address for Stefano. 
Please check MAINTAINERS file for any update on email address, new 
maintainers.

On 04/05/2016 13:42, Tamas K Lengyel wrote:
>
>  > On 03/05/2016 19:48, Tamas K Lengyel wrote:
>  >>
>  >>
>  >>
>  >> On Tue, May 3, 2016 at 5:31 AM, Julien Grall <julien.grall@arm.com
> <mailto:julien.grall@arm.com>
>  >> <mailto:julien.grall@arm.com <mailto:julien.grall@arm.com>>> wrote:
>  >>     On 29/04/16 19:07, Tamas K Lengyel wrote:
>  >>
>  >>         The ARM SMC instructions are already configured to trap to Xen
>  >>         by default. In
>  >>         this patch we allow a user-space process in a privileged domain
>  >>         to receive
>  >>         notification of when such event happens through the vm_event
>  >>         subsystem by
>  >>         introducing the PRIVILEGED_CALL type.
>  >>
>  >>         Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com
> <mailto:tamas@tklengyel.com>
>  >>         <mailto:tamas@tklengyel.com <mailto:tamas@tklengyel.com>>>
>  >>
>  >>         ---
>  >>         Cc: Razvan Cojocaru <rcojocaru@bitdefender.com
> <mailto:rcojocaru@bitdefender.com>
>  >>         <mailto:rcojocaru@bitdefender.com
> <mailto:rcojocaru@bitdefender.com>>>
>  >>         Cc: Ian Jackson <ian.jackson@eu.citrix.com
> <mailto:ian.jackson@eu.citrix.com>
>  >>         <mailto:ian.jackson@eu.citrix.com
> <mailto:ian.jackson@eu.citrix.com>>>
>  >>         Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com
> <mailto:stefano.stabellini@eu.citrix.com>
>  >>         <mailto:stefano.stabellini@eu.citrix.com
> <mailto:stefano.stabellini@eu.citrix.com>>>
>  >>         Cc: Wei Liu <wei.liu2@citrix.com
> <mailto:wei.liu2@citrix.com> <mailto:wei.liu2@citrix.com
> <mailto:wei.liu2@citrix.com>>>
>  >>         Cc: Julien Grall <julien.grall@arm.com
> <mailto:julien.grall@arm.com>
>  >>         <mailto:julien.grall@arm.com <mailto:julien.grall@arm.com>>>
>  >>         Cc: Keir Fraser <keir@xen.org <mailto:keir@xen.org>
> <mailto:keir@xen.org <mailto:keir@xen.org>>>
>  >>         Cc: Jan Beulich <jbeulich@suse.com
> <mailto:jbeulich@suse.com> <mailto:jbeulich@suse.com
> <mailto:jbeulich@suse.com>>>
>  >>         Cc: Andrew Cooper <andrew.cooper3@citrix.com
> <mailto:andrew.cooper3@citrix.com>
>  >>         <mailto:andrew.cooper3@citrix.com
> <mailto:andrew.cooper3@citrix.com>>>
>  >>
>  >>
>  >>         v2: introduce VM_EVENT_REASON_PRIVELEGED_CALL
>  >>               aarch64 support
>  >>         ---
>  >>            MAINTAINERS                         |   6 +-
>  >>            tools/libxc/include/xenctrl.h       |   2 +
>  >>            tools/libxc/xc_monitor.c            |  26 +++++++-
>  >>            tools/tests/xen-access/xen-access.c |  31 ++++++++-
>  >>            xen/arch/arm/Makefile               |   2 +
>  >>            xen/arch/arm/monitor.c              |  80
> +++++++++++++++++++++++
>  >>            xen/arch/arm/traps.c                |  20 +++++-
>  >>            xen/arch/arm/vm_event.c             | 127
>  >>         ++++++++++++++++++++++++++++++++++++
>  >>            xen/arch/x86/hvm/event.c            |   2 +
>  >>            xen/common/vm_event.c               |   1 -
>  >>            xen/include/asm-arm/domain.h        |   5 ++
>  >>            xen/include/asm-arm/monitor.h       |  20 ++----
>  >>            xen/include/asm-arm/vm_event.h      |  16 ++---
>  >>            xen/include/public/domctl.h         |   1 +
>  >>            xen/include/public/vm_event.h       |  27 ++++++++
>  >>            15 files changed, 333 insertions(+), 33 deletions(-)
>  >>            create mode 100644 xen/arch/arm/monitor.c
>  >>            create mode 100644 xen/arch/arm/vm_event.c
>  >>
>  >>
>  >>     This patch is doing lots of things:
>  >>              - Add support for monitoring
>  >>              - Add support for vm_event
>  >>              - Monitor SMC
>  >>              - Move common code to arch specific code
>  >>
>  >>     As far as I can tell, all are distinct from each other. Can you
>  >>     please split this patch in smaller ones?
>  >>
>  >>
>  >> While I can split off some parts into separate patches, like
>  >> getting/setting ARM registers through VM events and the tools patches,
>  >> the other components are pretty tightly coupled and don't actually make
>  >> sense to split them. For example, enabling a monitor domctl for an event
>  >> without the VM event components doesn't make much sense. Vice verse for
>  >> the vm_event parts without being able to enable them.
>  >
>  >
>  > Well, the commit message does not mention half of the changes of this
> patch. Some changes like moving common code to arch specific code
> clearly needs explanation. It is the same for the fact that you only
> present a reduce set of registers to vm event for AArch64.
>
> This IMHO is not outstanding, it's the same on x86.

It documents the code and will help future reader to understand why we 
choose to only expose a smaller set of registers.

Note that the x86 structure is documented with: "Using a custom struct 
(no hvm_hw_cpu) so as to not fill the vm_event ring buffer too quickly". 
This is not the case for the ARM structure today.

>  >
>  > [...]
>  >
>  >
>  >>         +    if (
> current->domain->arch.monitor.privileged_call_enabled )
>  >>         +    {
>  >>         +        rc = monitor_smc(regs);
>  >>         +    }
>  >>
>  >>
>  >>     The bracket are not necessary.
>  >>
>  >>
>  >> Ack.
>  >>
>  >>
>  >>         +
>  >>         +    if ( rc != 1 )
>  >>
>  >>
>  >>     I think the code would be clearer if you introduce a define for "1".
>  >>
>  >>
>  >> Maybe not a define but calling the variable "handled" as we do on x86
>  >> would be more descriptive.
>  >
>  >
>  > IHMO, "handled" infers that the variable is boolean. This is not the
> case here as you could have negative value.
>
> It may be but thats the convention we have for this on x86 so symmetry
> is better then introducing a new define just for the ARM case.

Whilst I agree that we should use the same convention across all the 
architectures, nothing prevents you to update the x86 code and use the 
new define.

It does not make much sense to introduce code on ARM that may not be 
clearer just because x86 did it.

Anyway, Stefano may have a different view on this.

[...]

>  >
>  > [...]
>  >
>  >
>  >>     AArch64 provides 31 generate-purpose registers. Although, x29 and
>  >>     x30 are respectively used for fp and lr.
>  >>
>  >>
>  >> For vm_event it's not necessary to get all registers, rather it's just a
>  >> handful of selection that may be especially "useful" for introspection.
>  >
>  >
>  > How did you decide that only the first to xN registers are useful? It
> would be valid to have an SMC call using x20 for an arguments.
>  >
>  > Similarly, the hypercall convention for AArch64 makes use of x16
> which is not exposed to the vm event subsystem.
>
> Certainly, as I said, if a future application needs other registers to
> be sent here and can justify it, this can be adjusted.	
>
>  >
>  >
>  >> It's also important not to fill up the vm_event monitor ring with huge
>  >> request/response structs so even on x86 we only have a subset of the
>  >> registers. As right now there are no applications for aarch64, it's only
>  >> a guess of what registers would be "useful" and may be adjusted in
>  >> future versions as we start to have applications using this.
>  >
>  >
>  > Guessing the set of useful registers is usually not a good idea (see
> why above).
>  >
>
> Remember, the subscriber can always get/set the full set of registers
> when it needs to, so completeness here is not critical. You are missing
> the point that the space on the ring is limited and it can fill up fast
> when the full vCPU context is pushed on it for all events. Right now the
> x86 side is still larger so we have some room for additional registers
> to be sent when users of this system have a better view into what they
> find important. Which is IMHO not now.

I may misunderstand some parts of the vm event subsystem. To get/set the 
full set of registers, the user will have to use the 
DOMCTL_{set,get}vcpucontext, correct? So why does Xen expose a part of 
the vCPU context through the vm_event?

Regards,

Razvan Cojocaru May 4, 2016, 1:30 p.m. UTC | #11

On 05/04/2016 04:26 PM, Julien Grall wrote:
> I may misunderstand some parts of the vm event subsystem. To get/set the
> full set of registers, the user will have to use the
> DOMCTL_{set,get}vcpucontext, correct? So why does Xen expose a part of
> the vCPU context through the vm_event?

Because DOMCTL_{set,get}vcpucontext is expensive, and a serious
introspection application will receive hundreds or thousands of events
per second.

Having what's most commonly needed being sent with the vm_event
eliminates the need for extra hypercalls and can make the difference
between a responsive and an unusable userspace introspection application.


Thanks,
Razvan

Julien Grall May 4, 2016, 2:03 p.m. UTC | #12

On 04/05/2016 14:30, Razvan Cojocaru wrote:
> On 05/04/2016 04:26 PM, Julien Grall wrote:
>> I may misunderstand some parts of the vm event subsystem. To get/set the
>> full set of registers, the user will have to use the
>> DOMCTL_{set,get}vcpucontext, correct? So why does Xen expose a part of
>> the vCPU context through the vm_event?
>
> Because DOMCTL_{set,get}vcpucontext is expensive, and a serious
> introspection application will receive hundreds or thousands of events
> per second.
>
> Having what's most commonly needed being sent with the vm_event
> eliminates the need for extra hypercalls and can make the difference
> between a responsive and an unusable userspace introspection application.

Thank you for the explanation. So in this case, we should also make x16 
(AArch64) and r12 (AArch32) available as they will be used for hypercall.

Regards,

Tamas K Lengyel May 4, 2016, 2:08 p.m. UTC | #13

On Wed, May 4, 2016 at 8:03 AM, Julien Grall <julien.grall@arm.com> wrote:
>
>
> On 04/05/2016 14:30, Razvan Cojocaru wrote:
>>
>> On 05/04/2016 04:26 PM, Julien Grall wrote:
>>>
>>> I may misunderstand some parts of the vm event subsystem. To get/set the
>>> full set of registers, the user will have to use the
>>> DOMCTL_{set,get}vcpucontext, correct? So why does Xen expose a part of
>>> the vCPU context through the vm_event?
>>
>>
>> Because DOMCTL_{set,get}vcpucontext is expensive, and a serious
>> introspection application will receive hundreds or thousands of events
>> per second.
>>
>> Having what's most commonly needed being sent with the vm_event
>> eliminates the need for extra hypercalls and can make the difference
>> between a responsive and an unusable userspace introspection application.
>
>
> Thank you for the explanation. So in this case, we should also make x16
> (AArch64) and r12 (AArch32) available as they will be used for hypercall.
>

That's fine by me. At the moment the only registers I have definite
use for is pc and ttbr0/1, the others are up for grabs.

Tamas

Patch

diff --git a/MAINTAINERS b/MAINTAINERS
index 5af7a0c..36d8591 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -355,12 +355,10 @@  VM EVENT AND MEM ACCESS
 M:	Razvan Cojocaru <rcojocaru@bitdefender.com>
 M:	Tamas K Lengyel <tamas@tklengyel.com>
 S:	Supported
-F:	xen/common/vm_event.c
+F:	xen/*/vm_event.c
+F:	xen/*/monitor.c
 F:	xen/common/mem_access.c
-F:	xen/common/monitor.c
 F:	xen/arch/x86/hvm/event.c
-F:	xen/arch/x86/monitor.c
-F:	xen/arch/*/vm_event.c
 F:	tools/tests/xen-access
 
 VTPM
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index 42f201b..4b75ae4 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -2160,6 +2160,8 @@  int xc_monitor_software_breakpoint(xc_interface *xch, domid_t domain_id,
                                    bool enable);
 int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id,
                              bool enable, bool sync);
+int xc_monitor_privileged_call(xc_interface *xch, domid_t domain_id,
+                               bool enable);
 
 /**
  * This function enables / disables emulation for each REP for a
diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c
index b1705dd..072df70 100644
--- a/tools/libxc/xc_monitor.c
+++ b/tools/libxc/xc_monitor.c
@@ -4,7 +4,7 @@ 
  *
  * Interface to VM event monitor
  *
- * Copyright (c) 2015 Tamas K Lengyel (tamas@tklengyel.com)
+ * Copyright (c) 2015-2016 Tamas K Lengyel (tamas@tklengyel.com)
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -156,3 +156,27 @@  int xc_monitor_emulate_each_rep(xc_interface *xch, domid_t domain_id,
 
     return do_domctl(xch, &domctl);
 }
+
+int xc_monitor_privileged_call(xc_interface *xch, domid_t domain_id,
+                               bool enable)
+{
+    DECLARE_DOMCTL;
+
+    domctl.cmd = XEN_DOMCTL_monitor_op;
+    domctl.domain = domain_id;
+    domctl.u.monitor_op.op = enable ? XEN_DOMCTL_MONITOR_OP_ENABLE
+                                    : XEN_DOMCTL_MONITOR_OP_DISABLE;
+    domctl.u.monitor_op.event = XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL;
+
+    return do_domctl(xch, &domctl);
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/tools/tests/xen-access/xen-access.c b/tools/tests/xen-access/xen-access.c
index f26e723..33e8044 100644
--- a/tools/tests/xen-access/xen-access.c
+++ b/tools/tests/xen-access/xen-access.c
@@ -334,6 +334,8 @@  void usage(char* progname)
     fprintf(stderr, "Usage: %s [-m] <domain_id> write|exec", progname);
 #if defined(__i386__) || defined(__x86_64__)
             fprintf(stderr, "|breakpoint|altp2m_write|altp2m_exec");
+#elif defined(__arm__) || defined(__aarch64__)
+            fprintf(stderr, "|privcall");
 #endif
             fprintf(stderr,
             "\n"
@@ -357,6 +359,7 @@  int main(int argc, char *argv[])
     int required = 0;
     int breakpoint = 0;
     int shutting_down = 0;
+    int privcall = 0;
     int altp2m = 0;
     uint16_t altp2m_view_id = 0;
 
@@ -412,6 +415,11 @@  int main(int argc, char *argv[])
         default_access = XENMEM_access_rw;
         altp2m = 1;
     }
+#elif defined(__arm__) || defined(__aarch64__)
+    else if ( !strcmp(argv[0], "privcall") )
+    {
+        privcall = 1;
+    }
 #endif
     else
     {
@@ -524,6 +532,16 @@  int main(int argc, char *argv[])
         }
     }
 
+    if ( privcall )
+    {
+        rc = xc_monitor_privileged_call(xch, domain_id, 1);
+        if ( rc < 0 )
+        {
+            ERROR("Error %d setting privileged call trapping with vm_event\n", rc);
+            goto exit;
+        }
+    }
+
     /* Wait for access */
     for (;;)
     {
@@ -535,6 +553,9 @@  int main(int argc, char *argv[])
             if ( breakpoint )
                 rc = xc_monitor_software_breakpoint(xch, domain_id, 0);
 
+            if ( privcall )
+                rc = xc_monitor_privileged_call(xch, domain_id, 0);
+
             if ( altp2m )
             {
                 rc = xc_altp2m_switch_to_view( xch, domain_id, 0 );
@@ -635,7 +656,7 @@  int main(int argc, char *argv[])
                 rsp.u.mem_access = req.u.mem_access;
                 break;
             case VM_EVENT_REASON_SOFTWARE_BREAKPOINT:
-                printf("Breakpoint: rip=%016"PRIx64", gfn=%"PRIx64" (vcpu %d)\n",
+                printf("Breakpoint: rip=%"PRIx64" gfn=%"PRIx64" (vcpu %d)\n",
                        req.data.regs.x86.rip,
                        req.u.software_breakpoint.gfn,
                        req.vcpu_id);
@@ -650,7 +671,15 @@  int main(int argc, char *argv[])
                     interrupted = -1;
                     continue;
                 }
+                break;
+            case VM_EVENT_REASON_PRIVILEGED_CALL:
+                printf("Privileged call: pc=%"PRIx64" (vcpu %d)\n",
+                       req.data.regs.arm.pc,
+                       req.vcpu_id);
 
+                rsp.data.regs.arm = req.data.regs.arm;
+                rsp.data.regs.arm.pc += 4;
+                rsp.flags |= VM_EVENT_FLAG_SET_REGISTERS;
                 break;
             case VM_EVENT_REASON_SINGLESTEP:
                 printf("Singlestep: rip=%016"PRIx64", vcpu %d, altp2m %u\n",
diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
index 0328b50..118be99 100644
--- a/xen/arch/arm/Makefile
+++ b/xen/arch/arm/Makefile
@@ -40,6 +40,8 @@  obj-y += device.o
 obj-y += decode.o
 obj-y += processor.o
 obj-y += smc.o
+obj-y += monitor.o
+obj-y += vm_event.o
 
 #obj-bin-y += ....o
 
diff --git a/xen/arch/arm/monitor.c b/xen/arch/arm/monitor.c
new file mode 100644
index 0000000..e845f28
--- /dev/null
+++ b/xen/arch/arm/monitor.c
@@ -0,0 +1,80 @@ 
+/*
+ * arch/arm/monitor.c
+ *
+ * Arch-specific monitor_op domctl handler.
+ *
+ * Copyright (c) 2015-2016 Tamas K Lengyel (tamas@tklengyel.com)
+ * Copyright (c) 2016, Bitdefender S.R.L.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public
+ * License v2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <asm/vm_event.h>
+#include <public/vm_event.h>
+
+int arch_monitor_domctl_event(struct domain *d,
+                              struct xen_domctl_monitor_op *mop)
+{
+    struct arch_domain *ad = &d->arch;
+    bool_t requested_status = (XEN_DOMCTL_MONITOR_OP_ENABLE == mop->op);
+
+    switch ( mop->event )
+    {
+    case XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL:
+    {
+        bool_t old_status = ad->monitor.privileged_call_enabled;
+
+        if ( unlikely(old_status == requested_status) )
+            return -EEXIST;
+
+        domain_pause(d);
+        ad->monitor.privileged_call_enabled = requested_status;
+        domain_unpause(d);
+        break;
+    }
+
+    default:
+        /*
+         * Should not be reached unless arch_monitor_get_capabilities() is
+         * not properly implemented.
+         */
+        ASSERT_UNREACHABLE();
+        return -EOPNOTSUPP;
+    }
+
+    return 0;
+}
+
+int monitor_smc(const struct cpu_user_regs *regs) {
+    struct vcpu *curr = current;
+    vm_event_request_t req = { 0 };
+
+    if ( !curr->domain->arch.monitor.privileged_call_enabled )
+        return 0;
+
+    req.reason = VM_EVENT_REASON_PRIVILEGED_CALL;
+    req.vcpu_id = curr->vcpu_id;
+
+    vm_event_fill_regs(&req, regs, curr->domain);
+
+    return vm_event_monitor_traps(curr, 1, &req);
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 9abfc3c..9c8d395 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -41,6 +41,7 @@ 
 #include <asm/mmio.h>
 #include <asm/cpufeature.h>
 #include <asm/flushtlb.h>
+#include <asm/monitor.h>
 
 #include "decode.h"
 #include "vtimer.h"
@@ -2491,6 +2492,21 @@  bad_data_abort:
     inject_dabt_exception(regs, info.gva, hsr.len);
 }
 
+static void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr)
+{
+    int rc = 0;
+    if ( current->domain->arch.monitor.privileged_call_enabled )
+    {
+        rc = monitor_smc(regs);
+    }
+
+    if ( rc != 1 )
+    {
+        GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
+        inject_undef_exception(regs, hsr);
+    }
+}
+
 static void enter_hypervisor_head(struct cpu_user_regs *regs)
 {
     if ( guest_mode(regs) )
@@ -2566,7 +2582,7 @@  asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
          */
         GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
         perfc_incr(trap_smc32);
-        inject_undef32_exception(regs);
+        do_trap_smc(regs, hsr);
         break;
     case HSR_EC_HVC32:
         GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
@@ -2599,7 +2615,7 @@  asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
          */
         GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
         perfc_incr(trap_smc64);
-        inject_undef64_exception(regs, hsr.len);
+        do_trap_smc(regs, hsr);
         break;
     case HSR_EC_SYSREG:
         GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
diff --git a/xen/arch/arm/vm_event.c b/xen/arch/arm/vm_event.c
new file mode 100644
index 0000000..3369a96
--- /dev/null
+++ b/xen/arch/arm/vm_event.c
@@ -0,0 +1,127 @@ 
+/*
+ * arch/arm/vm_event.c
+ *
+ * Architecture-specific vm_event handling routines
+ *
+ * Copyright (c) 2016 Tamas K Lengyel (tamas@tklengyel.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public
+ * License v2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <xen/sched.h>
+#include <asm/vm_event.h>
+
+void vm_event_fill_regs(vm_event_request_t *req,
+                        const struct cpu_user_regs *regs,
+                        struct domain *d)
+{
+    if ( is_32bit_domain(d) )
+    {
+        req->data.regs.arm.x0 = regs->r0;
+        req->data.regs.arm.x1 = regs->r1;
+        req->data.regs.arm.x2 = regs->r2;
+        req->data.regs.arm.x3 = regs->r3;
+        req->data.regs.arm.x4 = regs->r4;
+        req->data.regs.arm.x5 = regs->r5;
+        req->data.regs.arm.x6 = regs->r6;
+        req->data.regs.arm.x7 = regs->r7;
+        req->data.regs.arm.x8 = regs->r8;
+        req->data.regs.arm.x9 = regs->r9;
+        req->data.regs.arm.x10 = regs->r10;
+        req->data.regs.arm.pc = regs->pc32;
+        req->data.regs.arm.sp_el0 = regs->sp_usr;
+        req->data.regs.arm.sp_el1 = regs->sp_svc;
+    }
+#ifdef CONFIG_ARM_64
+    else
+    {
+        req->data.regs.arm.x0 = regs->x0;
+        req->data.regs.arm.x1 = regs->x1;
+        req->data.regs.arm.x2 = regs->x2;
+        req->data.regs.arm.x3 = regs->x3;
+        req->data.regs.arm.x4 = regs->x4;
+        req->data.regs.arm.x5 = regs->x5;
+        req->data.regs.arm.x6 = regs->x6;
+        req->data.regs.arm.x7 = regs->x7;
+        req->data.regs.arm.x8 = regs->x8;
+        req->data.regs.arm.x9 = regs->x9;
+        req->data.regs.arm.x10 = regs->x10;
+        req->data.regs.arm.pc = regs->pc;
+        req->data.regs.arm.sp_el0 = regs->sp_el0;
+        req->data.regs.arm.sp_el1 = regs->sp_el1;
+    }
+#endif
+    req->data.regs.arm.fp = regs->fp;
+    req->data.regs.arm.lr = regs->lr;
+    req->data.regs.arm.cpsr = regs->cpsr;
+    req->data.regs.arm.spsr_el1 = regs->spsr_svc;
+    req->data.regs.arm.ttbr0 = READ_SYSREG64(TTBR0_EL1);
+    req->data.regs.arm.ttbr1 = READ_SYSREG64(TTBR1_EL1);
+}
+
+void vm_event_set_registers(struct vcpu *v, vm_event_response_t *rsp)
+{
+    struct cpu_user_regs *regs = &v->arch.cpu_info->guest_cpu_user_regs;
+
+    if ( is_32bit_domain(v->domain) )
+    {
+        regs->r0 = rsp->data.regs.arm.x0;
+        regs->r1 = rsp->data.regs.arm.x1;
+        regs->r2 = rsp->data.regs.arm.x2;
+        regs->r3 = rsp->data.regs.arm.x3;
+        regs->r4 = rsp->data.regs.arm.x4;
+        regs->r5 = rsp->data.regs.arm.x5;
+        regs->r6 = rsp->data.regs.arm.x6;
+        regs->r7 = rsp->data.regs.arm.x7;
+        regs->r8 = rsp->data.regs.arm.x8;
+        regs->r9 = rsp->data.regs.arm.x9;
+        regs->r10 = rsp->data.regs.arm.x10;
+        regs->pc32 = rsp->data.regs.arm.pc;
+        regs->sp_usr = rsp->data.regs.arm.sp_el0;
+        regs->sp_svc = rsp->data.regs.arm.sp_el1;
+    }
+#ifdef CONFIG_ARM_64
+    else
+    {
+        regs->x0 = rsp->data.regs.arm.x0;
+        regs->x1 = rsp->data.regs.arm.x1;
+        regs->x2 = rsp->data.regs.arm.x2;
+        regs->x3 = rsp->data.regs.arm.x3;
+        regs->x4 = rsp->data.regs.arm.x4;
+        regs->x5 = rsp->data.regs.arm.x5;
+        regs->x6 = rsp->data.regs.arm.x6;
+        regs->x7 = rsp->data.regs.arm.x7;
+        regs->x8 = rsp->data.regs.arm.x8;
+        regs->x9 = rsp->data.regs.arm.x9;
+        regs->x10 = rsp->data.regs.arm.x10;
+        regs->pc = rsp->data.regs.arm.pc;
+        regs->sp_el0 = rsp->data.regs.arm.sp_el0;
+        regs->sp_el1 = rsp->data.regs.arm.sp_el1;
+    }
+#endif
+
+    regs->fp = rsp->data.regs.arm.fp;
+    regs->lr = rsp->data.regs.arm.lr;
+    regs->cpsr = rsp->data.regs.arm.cpsr;
+    v->arch.ttbr0 = rsp->data.regs.arm.ttbr0;
+    v->arch.ttbr1 = rsp->data.regs.arm.ttbr1;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/x86/hvm/event.c b/xen/arch/x86/hvm/event.c
index 56c5514..f7d1418 100644
--- a/xen/arch/x86/hvm/event.c
+++ b/xen/arch/x86/hvm/event.c
@@ -47,6 +47,7 @@  bool_t hvm_event_cr(unsigned int index, unsigned long value, unsigned long old)
             .u.write_ctrlreg.old_value = old
         };
 
+        vm_event_fill_regs(&req);
         vm_event_monitor_traps(curr, sync, &req);
         return 1;
     }
@@ -115,6 +116,7 @@  int hvm_event_breakpoint(unsigned long rip,
     }
 
     req.vcpu_id = curr->vcpu_id;
+    vm_event_fill_regs(&req);
 
     return vm_event_monitor_traps(curr, 1, &req);
 }
diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
index 2906407..a29bda8 100644
--- a/xen/common/vm_event.c
+++ b/xen/common/vm_event.c
@@ -818,7 +818,6 @@  int vm_event_monitor_traps(struct vcpu *v, uint8_t sync,
         req->altp2m_idx = altp2m_vcpu_idx(v);
     }
 
-    vm_event_fill_regs(req);
     vm_event_put_request(d, &d->vm_event->monitor, req);
 
     return 1;
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index c35ed40..87c7d7d 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -129,6 +129,11 @@  struct arch_domain
     paddr_t efi_acpi_gpa;
     paddr_t efi_acpi_len;
 #endif
+
+    /* Monitor options */
+    struct {
+        uint8_t privileged_call_enabled : 1;
+    } monitor;
 }  __cacheline_aligned;
 
 struct arch_vcpu
diff --git a/xen/include/asm-arm/monitor.h b/xen/include/asm-arm/monitor.h
index 3fd3c9d..114237a 100644
--- a/xen/include/asm-arm/monitor.h
+++ b/xen/include/asm-arm/monitor.h
@@ -3,7 +3,7 @@ 
  *
  * Arch-specific monitor_op domctl handler.
  *
- * Copyright (c) 2015 Tamas K Lengyel (tamas@tklengyel.com)
+ * Copyright (c) 2015-2016 Tamas K Lengyel (tamas@tklengyel.com)
  * Copyright (c) 2016, Bitdefender S.R.L.
  *
  * This program is free software; you can redistribute it and/or
@@ -32,27 +32,19 @@  int arch_monitor_domctl_op(struct domain *d, struct xen_domctl_monitor_op *mop)
     return -EOPNOTSUPP;
 }
 
-static inline
 int arch_monitor_domctl_event(struct domain *d,
-                              struct xen_domctl_monitor_op *mop)
-{
-    /*
-     * No arch-specific monitor vm-events on ARM.
-     *
-     * Should not be reached unless arch_monitor_get_capabilities() is not
-     * properly implemented.
-     */
-    ASSERT_UNREACHABLE();
-    return -EOPNOTSUPP;
-}
+                              struct xen_domctl_monitor_op *mop);
 
 static inline uint32_t arch_monitor_get_capabilities(struct domain *d)
 {
     uint32_t capabilities = 0;
 
-    capabilities = (1U << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST);
+    capabilities = (1U << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST) |
+                   (1U << XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL);
 
     return capabilities;
 }
 
+int monitor_smc(const struct cpu_user_regs *regs);
+
 #endif /* __ASM_ARM_MONITOR_H__ */
diff --git a/xen/include/asm-arm/vm_event.h b/xen/include/asm-arm/vm_event.h
index a3fc4ce..432a790 100644
--- a/xen/include/asm-arm/vm_event.h
+++ b/xen/include/asm-arm/vm_event.h
@@ -1,7 +1,7 @@ 
 /*
  * vm_event.h: architecture specific vm_event handling routines
  *
- * Copyright (c) 2015 Tamas K Lengyel (tamas@tklengyel.com)
+ * Copyright (c) 2015-2016 Tamas K Lengyel (tamas@tklengyel.com)
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms and conditions of the GNU General Public License,
@@ -19,6 +19,7 @@ 
 #ifndef __ASM_ARM_VM_EVENT_H__
 #define __ASM_ARM_VM_EVENT_H__
 
+#include <xen/stdbool.h>
 #include <xen/sched.h>
 #include <xen/vm_event.h>
 #include <public/domctl.h>
@@ -48,15 +49,10 @@  void vm_event_register_write_resume(struct vcpu *v, vm_event_response_t *rsp)
     /* Not supported on ARM. */
 }
 
-static inline
-void vm_event_set_registers(struct vcpu *v, vm_event_response_t *rsp)
-{
-    /* Not supported on ARM. */
-}
+void vm_event_fill_regs(vm_event_request_t *req,
+                        const struct cpu_user_regs *regs,
+                        struct domain *d);
 
-static inline void vm_event_fill_regs(vm_event_request_t *req)
-{
-    /* Not supported on ARM. */
-}
+void vm_event_set_registers(struct vcpu *v, vm_event_response_t *rsp);
 
 #endif /* __ASM_ARM_VM_EVENT_H__ */
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 2457698..35adce2 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -1080,6 +1080,7 @@  DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cmt_op_t);
 #define XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP            2
 #define XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT   3
 #define XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST         4
+#define XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL       5
 
 struct xen_domctl_monitor_op {
     uint32_t op; /* XEN_DOMCTL_MONITOR_OP_* */
diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h
index 9270d52..f039207 100644
--- a/xen/include/public/vm_event.h
+++ b/xen/include/public/vm_event.h
@@ -119,6 +119,8 @@ 
 #define VM_EVENT_REASON_SINGLESTEP              7
 /* An event has been requested via HVMOP_guest_request_vm_event. */
 #define VM_EVENT_REASON_GUEST_REQUEST           8
+/* Privileged call executed (e.g. SMC) */
+#define VM_EVENT_REASON_PRIVILEGED_CALL         9
 
 /* Supported values for the vm_event_write_ctrlreg index. */
 #define VM_EVENT_X86_CR0    0
@@ -166,6 +168,30 @@  struct vm_event_regs_x86 {
     uint32_t _pad;
 };
 
+struct vm_event_regs_arm {
+    /*       Aarch64       Aarch32 */
+    uint64_t x0;       /*  r0_usr  */
+    uint64_t x1;       /*  r1_usr  */
+    uint64_t x2;       /*  r2_usr  */
+    uint64_t x3;       /*  r3_usr  */
+    uint64_t x4;       /*  r4_usr  */
+    uint64_t x5;       /*  r5_usr  */
+    uint64_t x6;       /*  r6_usr  */
+    uint64_t x7;       /*  r7_usr  */
+    uint64_t x8;       /*  r8_usr  */
+    uint64_t x9;       /*  r9_usr  */
+    uint64_t x10;      /*  r10_usr */
+    uint64_t lr;       /*  lr_usr  */
+    uint64_t sp_el0;   /*  sp_usr  */
+    uint64_t sp_el1;   /*  sp_svc  */
+    uint32_t spsr_el1; /*  spsr_svc */
+    uint64_t fp;
+    uint64_t pc;
+    uint32_t cpsr;
+    uint64_t ttbr0;
+    uint64_t ttbr1;
+};
+
 /*
  * mem_access flag definitions
  *
@@ -254,6 +280,7 @@  typedef struct vm_event_st {
     union {
         union {
             struct vm_event_regs_x86 x86;
+            struct vm_event_regs_arm arm;
         } regs;
 
         struct vm_event_emul_read_data emul_read_data;