From patchwork Wed Oct 11 16:26:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petre Ovidiu PIRCALABU X-Patchwork-Id: 10000029 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4066560216 for ; Wed, 11 Oct 2017 16:29:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 241D328A62 for ; Wed, 11 Oct 2017 16:29:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 178B928A72; Wed, 11 Oct 2017 16:29:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3424028A62 for ; Wed, 11 Oct 2017 16:29:15 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2Jpq-0001SV-4V; Wed, 11 Oct 2017 16:26:18 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2Jpo-0001SP-OL for xen-devel@lists.xen.org; Wed, 11 Oct 2017 16:26:16 +0000 Received: from [85.158.139.211] by server-5.bemta-5.messagelabs.com id DC/3D-01544-7264ED95; Wed, 11 Oct 2017 16:26:15 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuplkeJIrShJLcpLzFFi42KJPp7Rqqvudi/ S4MdCPoslHxezODB6HN39mymAMYo1My8pvyKBNePE5PqCYzkVB6ZvYmtg7AnqYuTkYBawluj9 18zYxcjFwSLQzCJx4stLFpAEi8BPZom5b5VBbCEBD4mW2zuZQIqEBBYwSuyftIkVIuEucbf9O QuEvZhR4toSNxCbTcBIYsmyt+wgtoiAtMS1z5fBNjALzGOSeN7zGSwhLOAmceffSlaIbaoSJ/ ZPZQKxeQU8JeY2NrOB2BICchI3z3UyT2DkW8DIsIpRozi1qCy1SNfIQi+pKDM9oyQ3MTNH19D AVC83tbg4MT01JzGpWC85P3cTIzBQ6hkYGHcw9q3yO8QoycGkJMobrHcvUogvKT+lMiOxOCO+ qDQntfgQowwHh5IEr4krUE6wKDU9tSItMwcYsjBpCQ4eJRHe5S5Aad7igsTc4sx0iNQpRmOOY 5su/2Hi6Lh59w+TEEtefl6qlDivHcgkAZDSjNI8uEGwWLrEKCslzMvIwMAgxFOQWpSbWYIq/4 pRnINRSZiXFWQKT2ZeCdy+V0CnMAGdIpp2B+SUkkSElFQDo/znS683u3A8fW80687r7ytkZCa tFZuz8eQNm7hlSX8Lvc+nBVx68ac8oNzqmozJj+rIb3O2eXnUzn66tO2ly/EKliWR8grPU9IZ VBx/T7whkOd0TfpdT4T8yU//Hq1X+H0xWKGlYcZN7sM7e2JzO5K9/MrmCJV8O3q770db0Y2Ca YWPtFgb9yuxFGckGmoxFxUnAgAOm2FSoAIAAA== X-Env-Sender: ppircalabu@bitdefender.com X-Msg-Ref: server-5.tower-206.messagelabs.com!1507739174!104909284!1 X-Originating-IP: [91.199.104.133] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18866 invoked from network); 11 Oct 2017 16:26:15 -0000 Received: from mx02.bbu.dsd.mx.bitdefender.com (HELO mx02.buh.bitdefender.com) (91.199.104.133) by server-5.tower-206.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 11 Oct 2017 16:26:15 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=fDedjCuZBBm2IAa2f/uoqkgBjPBzrNuiKgF3XljPvjmWv4kQpcqJoWgFSgO90f8iddVGQqP8xyCYZEymaX0+peSbF98451YYZACEdRMnIoqMoZcAb2+IhcSoLDqUvMKrSZY52sJrtej4w1UORIy46JOfsf3Bo2FovWWeqzQj60E8Fot+m3EyFl5lY/Xas7Mfv2AAxT2rSXgdk3wzifoXixE2jlx/Zr1DorKAMvlSXzxLtK2YcvuhAs0fhm2zC4i1lSUl7bzcYTTVdbh9irzl79fikOcJDEE08Wc7JSM+Uh89RgE/JiG4OwqDdtNE8EMTe3CD2EVo1VIX6dL70ysBDw==; h=Received:Received:Received:Received:From:To:Cc:Subject:Date:Message-Id:X-Mailer; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=from:to :cc:subject:date:message-id; s=default; bh=bszTYa0hUa/rtjwnMxw7J fzphfU=; b=WlGKN4oBqCkpAxg/nVQKgStq5wtS4OVBbQb4WKsbW5I19pAxZjMCL 7YpiyncrFedVIq9uwk6C4YH5ZGPCJi+aQqvpmoG8R0hLj7oHWBR6eDOZVRW21lit RSbJevK/NyQ3e7wtoO4anfmVVqOUpJv3emMdaGG7Tz9wNVwbLX8K5tKAudWUU1Tx 5r6dA1dHO6pRSvgMG9I4+qvAuYbWhPpolJWHhghGJdCwKAaiuKDZ+YSr+ezrvy/t YgolxFpM9luS+bDxz+SKiSc4f5Eg/lptVK/79QZUX7bOoNzaO2iQ7+bmQdrK1aF9 9HxmFMuEK7u09rHKYmgiPlyV6HjuQ6p1g== Received: (qmail 12287 invoked from network); 11 Oct 2017 19:26:12 +0300 Received: from mx01robo.bbu.dsd.mx.bitdefender.com (10.17.80.60) by mx02.buh.bitdefender.com with AES128-GCM-SHA256 encrypted SMTP; 11 Oct 2017 19:26:12 +0300 Received: (qmail 8214 invoked from network); 11 Oct 2017 19:26:12 +0300 Received: from unknown (HELO pepi-OptiPlex-9020.bbu.bitdefender.biz) (10.10.194.146) by mx01robo.bbu.dsd.mx.bitdefender.com with SMTP; 11 Oct 2017 19:26:12 +0300 From: Petre Pircalabu To: xen-devel@lists.xen.org Date: Wed, 11 Oct 2017 19:26:11 +0300 Message-Id: <1507739171-5388-1-git-send-email-ppircalabu@bitdefender.com> X-Mailer: git-send-email 2.7.4 Cc: Petre Pircalabu , sstabellini@kernel.org, wei.liu2@citrix.com, Razvan Cojocaru , konrad.wilk@oracle.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, jbeulich@suse.com Subject: [Xen-devel] [PATCH v5] x86/altp2m: Added xc_altp2m_set_mem_access_multi() X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Razvan Cojocaru For the default EPT view we have xc_set_mem_access_multi(), which is able to set an array of pages to an array of access rights with a single hypercall. However, this functionality was lacking for the altp2m subsystem, which could only set page restrictions for one page at a time. This patch addresses the gap. HVMOP_altp2m_set_mem_access_multi has been added as a HVMOP (as opposed to a DOMCTL) for consistency with its HVMOP_altp2m_set_mem_access counterpart (and hence with the original altp2m design, where domains are allowed - with the proper altp2m access rights - to alter these settings), in the absence of an official position on the issue from the original altp2m designers. Signed-off-by: Razvan Cojocaru Signed-off-by: Petre Pircalabu --- Changed since v2: * Added support for compat arguments translation Changed since v3: * Replaced __copy_to_guest with __copy_field_to_guest * Removed the un-needed parentheses. * Fixed xlat.lst ordering * Added comment to patch description explaining why the functionality was added as an HVMOP. * Guard using XEN_GENERATING_COMPAT_HEADERS the hvmmem_type_t definition. This will prevent suplicate definitions to be generated for the compat equivalent. * Added comment describing the manual translation of xen_hvm_altp2m_op_t generic fields from compat_hvm_altp2m_op_t. Changed since v4: * Changed the mask parameter to 0x3Fa. * Split long lines. * Added "improperly named HVMMEM_(*)" to the comment explaining the XEN_GENERATING_COMPAT_HEADERS guard. * Removed typedef and XEN_GUEST_HANDLE for xen_hvm_altp2m_set_mem_access_multi. * Copied the "opaque" field to guest in compat_altp2m_op. * Added build time test to check if the size of xen_hvm_altp2m_set_mem_access_multi at least equal to the size of compat_hvm_altp2m_set_mem_access_multi. --- tools/libxc/include/xenctrl.h | 3 ++ tools/libxc/xc_altp2m.c | 41 ++++++++++++++++ xen/arch/x86/hvm/hvm.c | 105 +++++++++++++++++++++++++++++++++++++++- xen/include/Makefile | 1 + xen/include/public/hvm/hvm_op.h | 36 ++++++++++++-- xen/include/xlat.lst | 1 + 6 files changed, 181 insertions(+), 6 deletions(-) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 3bcab3c..4e2ce64 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -1971,6 +1971,9 @@ int xc_altp2m_switch_to_view(xc_interface *handle, domid_t domid, int xc_altp2m_set_mem_access(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access); +int xc_altp2m_set_mem_access_multi(xc_interface *handle, domid_t domid, + uint16_t view_id, uint8_t *access, + uint64_t *pages, uint32_t nr); int xc_altp2m_change_gfn(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t old_gfn, xen_pfn_t new_gfn); diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c index 0639632..f202ca1 100644 --- a/tools/libxc/xc_altp2m.c +++ b/tools/libxc/xc_altp2m.c @@ -188,6 +188,47 @@ int xc_altp2m_set_mem_access(xc_interface *handle, domid_t domid, return rc; } +int xc_altp2m_set_mem_access_multi(xc_interface *xch, domid_t domid, + uint16_t view_id, uint8_t *access, + uint64_t *pages, uint32_t nr) +{ + int rc; + + DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg); + DECLARE_HYPERCALL_BOUNCE(access, nr, XC_HYPERCALL_BUFFER_BOUNCE_IN); + DECLARE_HYPERCALL_BOUNCE(pages, nr * sizeof(uint64_t), + XC_HYPERCALL_BUFFER_BOUNCE_IN); + + arg = xc_hypercall_buffer_alloc(xch, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_ALTP2M_INTERFACE_VERSION; + arg->cmd = HVMOP_altp2m_set_mem_access_multi; + arg->domain = domid; + arg->u.set_mem_access_multi.view = view_id; + arg->u.set_mem_access_multi.nr = nr; + + if ( xc_hypercall_bounce_pre(xch, pages) || + xc_hypercall_bounce_pre(xch, access) ) + { + PERROR("Could not bounce memory for HVMOP_altp2m_set_mem_access_multi"); + return -1; + } + + set_xen_guest_handle(arg->u.set_mem_access_multi.pfn_list, pages); + set_xen_guest_handle(arg->u.set_mem_access_multi.access_list, access); + + rc = xencall2(xch->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(xch, arg); + xc_hypercall_bounce_post(xch, access); + xc_hypercall_bounce_post(xch, pages); + + return rc; +} + int xc_altp2m_change_gfn(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t old_gfn, xen_pfn_t new_gfn) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 205b4cb..4bf8b32 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -73,6 +73,8 @@ #include #include +#include + bool_t __read_mostly hvm_enabled; #ifdef DBG_LEVEL_0 @@ -4451,6 +4453,7 @@ static int do_altp2m_op( case HVMOP_altp2m_destroy_p2m: case HVMOP_altp2m_switch_p2m: case HVMOP_altp2m_set_mem_access: + case HVMOP_altp2m_set_mem_access_multi: case HVMOP_altp2m_change_gfn: break; default: @@ -4568,6 +4571,32 @@ static int do_altp2m_op( a.u.set_mem_access.view); break; + case HVMOP_altp2m_set_mem_access_multi: + if ( a.u.set_mem_access_multi.pad || + a.u.set_mem_access_multi.opaque >= a.u.set_mem_access_multi.nr ) + { + rc = -EINVAL; + break; + } + + rc = p2m_set_mem_access_multi(d, a.u.set_mem_access_multi.pfn_list, + a.u.set_mem_access_multi.access_list, + a.u.set_mem_access_multi.nr, + a.u.set_mem_access_multi.opaque, + 0x3F, + a.u.set_mem_access_multi.view); + if ( rc > 0 ) + { + a.u.set_mem_access_multi.opaque = rc; + if ( __copy_field_to_guest(guest_handle_cast(arg, xen_hvm_altp2m_op_t), + &a, u.set_mem_access_multi.opaque) ) + rc = -EFAULT; + else + rc = hypercall_create_continuation(__HYPERVISOR_hvm_op, "lh", + HVMOP_altp2m, arg); + } + break; + case HVMOP_altp2m_change_gfn: if ( a.u.change_gfn.pad1 || a.u.change_gfn.pad2 ) rc = -EINVAL; @@ -4586,6 +4615,80 @@ static int do_altp2m_op( return rc; } +DEFINE_XEN_GUEST_HANDLE(compat_hvm_altp2m_op_t); + +static int compat_altp2m_op( + XEN_GUEST_HANDLE_PARAM(void) arg) +{ + int rc = 0; + struct compat_hvm_altp2m_op a; + union + { + XEN_GUEST_HANDLE_PARAM(void) hnd; + struct xen_hvm_altp2m_op *altp2m_op; + } nat; + + if ( !hvm_altp2m_supported() ) + return -EOPNOTSUPP; + + if ( copy_from_guest(&a, arg, 1) ) + return -EFAULT; + + if ( a.pad1 || a.pad2 || + (a.version != HVMOP_ALTP2M_INTERFACE_VERSION) ) + return -EINVAL; + + set_xen_guest_handle(nat.hnd, COMPAT_ARG_XLAT_VIRT_BASE); + + switch ( a.cmd ) + { + case HVMOP_altp2m_set_mem_access_multi: + BUILD_BUG_ON(sizeof(struct xen_hvm_altp2m_set_mem_access_multi) < + sizeof(struct compat_hvm_altp2m_set_mem_access_multi)); +#define XLAT_hvm_altp2m_set_mem_access_multi_HNDL_pfn_list(_d_, _s_); \ + guest_from_compat_handle((_d_)->pfn_list, (_s_)->pfn_list) +#define XLAT_hvm_altp2m_set_mem_access_multi_HNDL_access_list(_d_, _s_); \ + guest_from_compat_handle((_d_)->access_list, (_s_)->access_list) + XLAT_hvm_altp2m_set_mem_access_multi(&nat.altp2m_op->u.set_mem_access_multi, + &a.u.set_mem_access_multi); +#undef XLAT_hvm_altp2m_set_mem_access_multi_HNDL_pfn_list +#undef XLAT_hvm_altp2m_set_mem_access_multi_HNDL_access_list + break; + default: + return do_altp2m_op(arg); + } + + /* + * Manually fill the common part of the xen_hvm_altp2m_op structure because + * the generated XLAT_hvm_altp2m_op macro doesn't correctly handle the + * translation of all fields from compat_hvm_altp2m_op to xen_hvm_altp2m_op. + */ + nat.altp2m_op->version = a.version; + nat.altp2m_op->cmd = a.cmd; + nat.altp2m_op->domain = a.domain; + nat.altp2m_op->pad1 = a.pad1; + nat.altp2m_op->pad2 = a.pad2; + + rc = do_altp2m_op(nat.hnd); + + switch ( a.cmd ) + { + case HVMOP_altp2m_set_mem_access_multi: + if ( nat.altp2m_op->u.set_mem_access_multi.opaque > 0 ) + { + a.u.set_mem_access_multi.opaque = + nat.altp2m_op->u.set_mem_access_multi.opaque; + if ( __copy_field_to_guest(guest_handle_cast(arg, + compat_hvm_altp2m_op_t), + &a, u.set_mem_access_multi.opaque) ) + rc = -EFAULT; + } + break; + } + + return rc; +} + static int hvmop_get_mem_type( XEN_GUEST_HANDLE_PARAM(xen_hvm_get_mem_type_t) arg) { @@ -4733,7 +4836,7 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) break; case HVMOP_altp2m: - rc = do_altp2m_op(arg); + rc = current->hcall_compat ? compat_altp2m_op(arg) : do_altp2m_op(arg); break; default: diff --git a/xen/include/Makefile b/xen/include/Makefile index 1299b19..8fc6e2b 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -28,6 +28,7 @@ headers-$(CONFIG_X86) += compat/arch-x86/xen.h headers-$(CONFIG_X86) += compat/arch-x86/xen-$(compat-arch-y).h headers-$(CONFIG_X86) += compat/hvm/hvm_vcpu.h headers-$(CONFIG_X86) += compat/hvm/dm_op.h +headers-$(CONFIG_X86) += compat/hvm/hvm_op.h headers-y += compat/arch-$(compat-arch-y).h compat/pmu.h compat/xlat.h headers-$(CONFIG_FLASK) += compat/xsm/flask_op.h diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index 0bdafdf..12de88ac 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -83,6 +83,13 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_pci_link_route_t); /* Flushes all VCPU TLBs: @arg must be NULL. */ #define HVMOP_flush_tlbs 5 +/* + * hvmmem_type_t should not be defined when generating the corresponding + * compat header. This will ensure that the improperly named HVMMEM_(*) + * values are defined only once. + */ +#ifndef XEN_GENERATING_COMPAT_HEADERS + typedef enum { HVMMEM_ram_rw, /* Normal read/write guest RAM */ HVMMEM_ram_ro, /* Read-only; writes are discarded */ @@ -102,6 +109,8 @@ typedef enum { to HVMMEM_ram_rw. */ } hvmmem_type_t; +#endif /* XEN_GENERATING_COMPAT_HEADERS */ + /* Hint from PV drivers for pagetable destruction. */ #define HVMOP_pagetable_dying 9 struct xen_hvm_pagetable_dying { @@ -237,6 +246,20 @@ struct xen_hvm_altp2m_set_mem_access { typedef struct xen_hvm_altp2m_set_mem_access xen_hvm_altp2m_set_mem_access_t; DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_mem_access_t); +struct xen_hvm_altp2m_set_mem_access_multi { + /* view */ + uint16_t view; + uint16_t pad; + /* Number of pages */ + uint32_t nr; + /* Used for continuation purposes */ + uint64_t opaque; + /* List of pfns to set access for */ + XEN_GUEST_HANDLE(const_uint64) pfn_list; + /* Corresponding list of access settings for pfn_list */ + XEN_GUEST_HANDLE(const_uint8) access_list; +}; + struct xen_hvm_altp2m_change_gfn { /* view */ uint16_t view; @@ -268,15 +291,18 @@ struct xen_hvm_altp2m_op { #define HVMOP_altp2m_set_mem_access 7 /* Change a p2m entry to have a different gfn->mfn mapping */ #define HVMOP_altp2m_change_gfn 8 +/* Set access for an array of pages */ +#define HVMOP_altp2m_set_mem_access_multi 9 domid_t domain; uint16_t pad1; uint32_t pad2; union { - struct xen_hvm_altp2m_domain_state domain_state; - struct xen_hvm_altp2m_vcpu_enable_notify enable_notify; - struct xen_hvm_altp2m_view view; - struct xen_hvm_altp2m_set_mem_access set_mem_access; - struct xen_hvm_altp2m_change_gfn change_gfn; + struct xen_hvm_altp2m_domain_state domain_state; + struct xen_hvm_altp2m_vcpu_enable_notify enable_notify; + struct xen_hvm_altp2m_view view; + struct xen_hvm_altp2m_set_mem_access set_mem_access; + struct xen_hvm_altp2m_change_gfn change_gfn; + struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi; uint8_t pad[64]; } u; }; diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst index 0f17000..5010fcc 100644 --- a/xen/include/xlat.lst +++ b/xen/include/xlat.lst @@ -70,6 +70,7 @@ ? dm_op_set_pci_intx_level hvm/dm_op.h ? dm_op_set_pci_link_route hvm/dm_op.h ? dm_op_track_dirty_vram hvm/dm_op.h +! hvm_altp2m_set_mem_access_multi hvm/hvm_op.h ? vcpu_hvm_context hvm/hvm_vcpu.h ? vcpu_hvm_x86_32 hvm/hvm_vcpu.h ? vcpu_hvm_x86_64 hvm/hvm_vcpu.h