From patchwork Tue Jul 18 15:25:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Pop X-Patchwork-Id: 9848729 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6AA7B602A7 for ; Tue, 18 Jul 2017 15:28:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6713E24B48 for ; Tue, 18 Jul 2017 15:28:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5B9A827E5A; Tue, 18 Jul 2017 15:28:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D3B7E24B48 for ; Tue, 18 Jul 2017 15:28:21 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dXUNx-000137-5Y; Tue, 18 Jul 2017 15:26:05 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dXUNv-00012B-VY for xen-devel@lists.xenproject.org; Tue, 18 Jul 2017 15:26:04 +0000 Received: from [85.158.139.211] by server-2.bemta-5.messagelabs.com id 35/BB-01996-B882E695; Tue, 18 Jul 2017 15:26:03 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMIsWRWlGSWpSXmKPExsUSfTxjoW6XRl6 kwcNl0hbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8aSrzeZCk47V6x9uYa1gfGRSRcjJ4eQgLtE z+QVbF2MXED2WkaJuRdXskA4dxklWnZuY4Ko8pDYeGctM0RiN6PEtdZ2RpAEm4C6xOa9W1hBb BEBJYl7qyYzgRQxCxxkkmh78B6sW1ggQOLfpVVgNouAqsSN1/PYQWxeAUuJ6x8XsYHYEgLyEl d+9bOA2JwCVhJLGxqAhnIAbbOUmD5HFcSUEMiReDM9E8KUkvjfqgSySUJgOYtE8/4eqCkyEo8 m3mSbwCi0gJFhFaNGcWpRWWqRrpGRXlJRZnpGSW5iZo6uoYGpXm5qcXFiempOYlKxXnJ+7iZG YCDWMzAw7mDc0+53iFGSg0lJlHercl6kEF9SfkplRmJxRnxRaU5q8SFGGQ4OJQleK3WgnGBRa npqRVpmDjAmYNISHDxKIrxsIGne4oLE3OLMdIjUKUZLjg2r139h4ujo2QAkX034/41JiCUvPy 9VSpzXFqRBAKQhozQPbhwsbi8xykoJ8zIyMDAI8RSkFuVmlqDKv2IU52BUEuYVBJnCk5lXArf 1FdBBTEAHCfvmgBxUkoiQkmpgdPk+dc7Cs3P3N3wzzYh8cuOfm+/q80ssr7mI/HgWrZqiYx9Z fHFPXvbER1Gr9rUI/Wn+emmptXrDUiXXfxv+xiRUerf6b+WZF8S+yXtr5qIoe98aliPHrrxPb rWbeW56zeXWH/f92swCAx4XfT+0VP3fjYw7pnwhxjNOzvGSy0rKSfLkS3V8ocRSnJFoqMVcVJ wIALjeoBjWAgAA X-Env-Sender: apop@bitdefender.com X-Msg-Ref: server-2.tower-206.messagelabs.com!1500391561!82829106!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.25; banners=-,-,- X-VirusChecked: Checked Received: (qmail 55440 invoked from network); 18 Jul 2017 15:26:02 -0000 Received: from mx01.bbu.dsd.mx.bitdefender.com (HELO mx01.bbu.dsd.mx.bitdefender.com) (91.199.104.161) by server-2.tower-206.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 18 Jul 2017 15:26:02 -0000 Received: (qmail 3234 invoked from network); 18 Jul 2017 18:26:01 +0300 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.bbu.dsd.mx.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 18 Jul 2017 18:26:01 +0300 Received: from smtp02.buh.bitdefender.net (smtp.bitdefender.biz [10.17.80.76]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 896F17FBF6 for ; Tue, 18 Jul 2017 18:26:01 +0300 (EEST) Received: (qmail 11728 invoked from network); 18 Jul 2017 18:26:01 +0300 Received: from unknown (HELO hel.clj.bitdefender.biz) (apop@bitdefender.com@10.220.12.75) by smtp02.buh.bitdefender.net with AES128-GCM-SHA256 encrypted SMTP; 18 Jul 2017 18:26:01 +0300 From: Adrian Pop To: xen-devel@lists.xenproject.org Date: Tue, 18 Jul 2017 18:25:47 +0300 Message-Id: <20170718152547.14006-3-apop@bitdefender.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20170718152547.14006-1-apop@bitdefender.com> References: <20170718152547.14006-1-apop@bitdefender.com> X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on smtp02.buh.bitdefender.net, sigver: 7.72384 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.8.1074, Dats: 455325, Stamp: 3], Multi: [Enabled, t: (0.000018, 0.033187)], BW: [Enabled, t: (0.000013)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.007659), Flags: 85D2ED72; NN_NO_CONTENT_TYPE; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS; NN_LEGIT_MAILING_LIST_TO], SGN: [Enabled, t: (0.022920,0.000507)], URL: [Enabled, t: (0.000006)], RTDA: [Enabled, t: (0.117164), Hit: No, Details: v2.6.3; Id: 15.5f4gof.1blaa64h1.h7ku], total: 0(775) X-BitDefender-CF-Stamp: none Cc: Tamas K Lengyel , Wei Liu , Razvan Cojocaru , Adrian Pop , George Dunlap , Andrew Cooper , Ian Jackson , Jan Beulich Subject: [Xen-devel] [PATCH v3 2/2] x86/altp2m: Add a hvmop for setting the suppress #VE bit X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Introduce a new hvmop, HVMOP_altp2m_set_suppress_ve, which allows a privileged domain to change the value of the #VE suppress bit for a page. Add a libxc wrapper for invoking this hvmop. Signed-off-by: Adrian Pop Acked-by: Wei Liu Acked-by: Tamas K Lengyel --- changes in v3: - fix indentation (Wei Liu) - use return values other than EINVAL where appropriate (Ian Beulich) - remove the irrelevant comments from the xen_hvm_altp2m_set_suppress_ve struct (Ian Beulich) - add comment for the suppress_ve field in the struct above (Ian Beulich) - remove the typedef and DEFINE_XEN_GUEST_HANDLE for xen_hvm_altp2m_set_suppress_ve (Ian Beulich) - use XSM_DM_PRIV check instead of domain->is_privileged (Ian Beulich) changes in v2: - check if #VE has been enabled on the target domain (Tamas K Lengyel) - check if the cpu has the #VE feature - make the suppress_ve argument boolean (Jan Beulich) - initialize only local variables that need initializing (Jan Beulich) - use fewer local variables (Jan Beulich) - fix indentation (Jan Beulich) - remove unnecessary braces (Jan Beulich) - use gfn_lock() instead of p2m_lock() in the non-altp2m case (Jan Beulich) - allow only privileged domains to use this hvmop - merge patch #2 and patch #3 (Jan Beulich) --- tools/libxc/include/xenctrl.h | 2 ++ tools/libxc/xc_altp2m.c | 24 +++++++++++++++++++ xen/arch/x86/hvm/hvm.c | 14 +++++++++++ xen/arch/x86/mm/mem_access.c | 53 +++++++++++++++++++++++++++++++++++++++++ xen/include/public/hvm/hvm_op.h | 11 +++++++++ xen/include/xen/mem_access.h | 3 +++ 6 files changed, 107 insertions(+) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index 552a4fd47d..ea985696e4 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -1938,6 +1938,8 @@ int xc_altp2m_destroy_view(xc_interface *handle, domid_t domid, /* Switch all vCPUs of the domain to the specified altp2m view */ int xc_altp2m_switch_to_view(xc_interface *handle, domid_t domid, uint16_t view_id); +int xc_altp2m_set_suppress_ve(xc_interface *handle, domid_t domid, + uint16_t view_id, xen_pfn_t gfn, bool sve); int xc_altp2m_set_mem_access(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access); diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c index 0639632477..26e3a56fb1 100644 --- a/tools/libxc/xc_altp2m.c +++ b/tools/libxc/xc_altp2m.c @@ -163,6 +163,30 @@ int xc_altp2m_switch_to_view(xc_interface *handle, domid_t domid, return rc; } +int xc_altp2m_set_suppress_ve(xc_interface *handle, domid_t domid, + uint16_t view_id, xen_pfn_t gfn, bool sve) +{ + int rc; + DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg); + + arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_ALTP2M_INTERFACE_VERSION; + arg->cmd = HVMOP_altp2m_set_suppress_ve; + arg->domain = domid; + arg->u.set_suppress_ve.view = view_id; + arg->u.set_suppress_ve.gfn = gfn; + arg->u.set_suppress_ve.suppress_ve = sve; + + rc = xencall2(handle->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(handle, arg); + return rc; +} + int xc_altp2m_set_mem_access(xc_interface *handle, domid_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 8145385747..b7ea945f78 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4413,6 +4413,7 @@ static int do_altp2m_op( case HVMOP_altp2m_destroy_p2m: case HVMOP_altp2m_switch_p2m: case HVMOP_altp2m_set_mem_access: + case HVMOP_altp2m_set_suppress_ve: case HVMOP_altp2m_change_gfn: break; default: @@ -4530,6 +4531,19 @@ static int do_altp2m_op( a.u.set_mem_access.view); break; + case HVMOP_altp2m_set_suppress_ve: + if ( a.u.set_suppress_ve.pad1 || a.u.set_suppress_ve.pad2 ) + rc = -EINVAL; + else + { + gfn_t gfn = _gfn(a.u.set_mem_access.gfn); + unsigned int altp2m_idx = a.u.set_mem_access.view; + bool suppress_ve = a.u.set_suppress_ve.suppress_ve; + + rc = p2m_set_suppress_ve(d, gfn, suppress_ve, altp2m_idx); + } + break; + case HVMOP_altp2m_change_gfn: if ( a.u.change_gfn.pad1 || a.u.change_gfn.pad2 ) rc = -EINVAL; diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c index d0b0767855..87a92a632b 100644 --- a/xen/arch/x86/mm/mem_access.c +++ b/xen/arch/x86/mm/mem_access.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "mm-locks.h" @@ -466,6 +467,58 @@ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access) } /* + * Set/clear the #VE suppress bit for a page. Only available on VMX. + */ +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve, + unsigned int altp2m_idx) +{ + struct p2m_domain *host_p2m = p2m_get_hostp2m(d); + struct p2m_domain *ap2m = NULL; + struct p2m_domain *p2m; + mfn_t mfn; + p2m_access_t a; + p2m_type_t t; + int rc; + + if ( !cpu_has_vmx_virt_exceptions ) + return -EOPNOTSUPP; + + /* This subop should only be used from a privileged domain. */ + if ( xsm_dm_op(XSM_DM_PRIV, d) ) + return -EPERM; + + /* #VE should be enabled for this vcpu. */ + if ( gfn_eq(vcpu_altp2m(current).veinfo_gfn, INVALID_GFN) ) + return -ENXIO; + + if ( altp2m_idx > 0 ) + { + if ( altp2m_idx >= MAX_ALTP2M || + d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + return -EINVAL; + + p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx]; + } + else + p2m = host_p2m; + + gfn_lock(host_p2m, gfn, 0); + if ( ap2m ) + p2m_lock(ap2m); + + mfn = p2m->get_entry(p2m, gfn_x(gfn), &t, &a, 0, NULL, NULL); + if ( !mfn_valid(mfn) ) + return -ESRCH; + rc = p2m->set_entry(p2m, gfn_x(gfn), mfn, PAGE_ORDER_4K, t, a, + suppress_ve); + if ( ap2m ) + p2m_unlock(ap2m); + gfn_unlock(host_p2m, gfn, 0); + + return rc; +} + +/* * Local variables: * mode: C * c-file-style: "BSD" diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index 0bdafdf59a..16983a8f4e 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -237,6 +237,14 @@ struct xen_hvm_altp2m_set_mem_access { typedef struct xen_hvm_altp2m_set_mem_access xen_hvm_altp2m_set_mem_access_t; DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_mem_access_t); +struct xen_hvm_altp2m_set_suppress_ve { + uint16_t view; + uint8_t suppress_ve; /* Boolean type. */ + uint8_t pad1; + uint32_t pad2; + uint64_t gfn; +}; + struct xen_hvm_altp2m_change_gfn { /* view */ uint16_t view; @@ -268,6 +276,8 @@ struct xen_hvm_altp2m_op { #define HVMOP_altp2m_set_mem_access 7 /* Change a p2m entry to have a different gfn->mfn mapping */ #define HVMOP_altp2m_change_gfn 8 +/* Set the "Suppress #VE" bit on a page */ +#define HVMOP_altp2m_set_suppress_ve 9 domid_t domain; uint16_t pad1; uint32_t pad2; @@ -276,6 +286,7 @@ struct xen_hvm_altp2m_op { struct xen_hvm_altp2m_vcpu_enable_notify enable_notify; struct xen_hvm_altp2m_view view; struct xen_hvm_altp2m_set_mem_access set_mem_access; + struct xen_hvm_altp2m_set_suppress_ve set_suppress_ve; struct xen_hvm_altp2m_change_gfn change_gfn; uint8_t pad[64]; } u; diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h index 5ab34c1553..0c6717d80f 100644 --- a/xen/include/xen/mem_access.h +++ b/xen/include/xen/mem_access.h @@ -78,6 +78,9 @@ long p2m_set_mem_access_multi(struct domain *d, */ int p2m_get_mem_access(struct domain *d, gfn_t gfn, xenmem_access_t *access); +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve, + unsigned int altp2m_idx); + #ifdef CONFIG_HAS_MEM_ACCESS int mem_access_memop(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(xen_mem_access_op_t) arg);