@@ -580,6 +580,12 @@ to have. This value controls how many pages of foreign domains can be accessed
via the grant mechanism by this domain. The default value is settable via
L<xl.conf(5)>.
+=item B<max_grant_version=NUMBER>
+
+Specify the maximum grant table version the domain is allowed to use. Current
+supported versions are 1 and 2. The default value is settable via
+L<xl.conf(5)>.
+
=item B<nomigrate=BOOLEAN>
Disable migration of this domain. This enables certain other features
@@ -101,6 +101,13 @@ Sets the default value for the C<max_maptrack_frames> domain config value.
Default: value of Xen command line B<gnttab_max_maptrack_frames>
parameter (or its default value if unspecified).
+=item B<max_grant_version=NUMBER>
+
+Sets the default value for the C<max_grant_version> domain config value.
+
+Default: value of Xen command line B<gnttab> parameter (or its default value if
+unspecified).
+
=item B<vif.default.script="PATH">
Configures the default hotplug script used by virtual network devices.
@@ -88,6 +88,7 @@ static int build(xc_interface *xch)
*/
.max_grant_frames = 4,
.max_maptrack_frames = 128,
+ .max_grant_version = 1,
};
xs_fd = open("/dev/xen/xenbus_backend", O_RDWR);
@@ -502,6 +502,13 @@
*/
#define LIBXL_HAVE_X86_MSR_RELAXED 1
+/*
+ * LIBXL_HAVE_MAX_GRANT_VERSION indicates libxl_domain_build_info has a
+ * max_grant_version field for setting the max grant table version per
+ * domain.
+ */
+#define LIBXL_HAVE_MAX_GRANT_VERSION 1
+
/*
* libxl ABI compatibility
*
@@ -606,6 +606,7 @@ int libxl__domain_make(libxl__gc *gc, libxl_domain_config *d_config,
.max_evtchn_port = b_info->event_channels,
.max_grant_frames = b_info->max_grant_frames,
.max_maptrack_frames = b_info->max_maptrack_frames,
+ .max_grant_version = b_info->max_grant_version,
.vmtrace_size = ROUNDUP(b_info->vmtrace_buf_kb << 10, XC_PAGE_SHIFT),
};
@@ -2320,6 +2320,7 @@ void libxl__spawn_stub_dm(libxl__egc *egc, libxl__stub_dm_spawn_state *sdss)
dm_config->b_info.max_grant_frames = guest_config->b_info.max_grant_frames;
dm_config->b_info.max_maptrack_frames = guest_config->b_info.max_maptrack_frames;
+ dm_config->b_info.max_grant_version = guest_config->b_info.max_grant_version;
dm_config->b_info.u.pv.features = "";
@@ -518,6 +518,7 @@ libxl_domain_build_info = Struct("domain_build_info",[
("max_grant_frames", uint32, {'init_val': 'LIBXL_MAX_GRANT_DEFAULT'}),
("max_maptrack_frames", uint32, {'init_val': 'LIBXL_MAX_GRANT_DEFAULT'}),
+ ("max_grant_version", integer, {'init_val': '-1'}),
("device_model_version", libxl_device_model_version),
("device_model_stubdomain", libxl_defbool),
@@ -83,6 +83,7 @@ type domctl_create_config =
max_evtchn_port: int;
max_grant_frames: int;
max_maptrack_frames: int;
+ max_grant_version: int;
arch: arch_domainconfig;
}
@@ -75,6 +75,7 @@ type domctl_create_config = {
max_evtchn_port: int;
max_grant_frames: int;
max_maptrack_frames: int;
+ max_grant_version: int;
arch: arch_domainconfig;
}
@@ -188,7 +188,8 @@ CAMLprim value stub_xc_domain_create(value xch, value wanted_domid, value config
#define VAL_MAX_EVTCHN_PORT Field(config, 5)
#define VAL_MAX_GRANT_FRAMES Field(config, 6)
#define VAL_MAX_MAPTRACK_FRAMES Field(config, 7)
-#define VAL_ARCH Field(config, 8)
+#define VAL_MAX_GRANT_VERSION Field(config, 8)
+#define VAL_ARCH Field(config, 9)
uint32_t domid = Int_val(wanted_domid);
int result;
@@ -198,6 +199,7 @@ CAMLprim value stub_xc_domain_create(value xch, value wanted_domid, value config
.max_evtchn_port = Int_val(VAL_MAX_EVTCHN_PORT),
.max_grant_frames = Int_val(VAL_MAX_GRANT_FRAMES),
.max_maptrack_frames = Int_val(VAL_MAX_MAPTRACK_FRAMES),
+ .max_grant_version = Int_val(VAL_MAX_GRANT_VERSION),
};
domain_handle_of_uuid_string(cfg.handle, String_val(VAL_HANDLE));
@@ -251,6 +253,7 @@ CAMLprim value stub_xc_domain_create(value xch, value wanted_domid, value config
}
#undef VAL_ARCH
+#undef VAL_MAX_GRANT_VERSION
#undef VAL_MAX_MAPTRACK_FRAMES
#undef VAL_MAX_GRANT_FRAMES
#undef VAL_MAX_EVTCHN_PORT
@@ -55,6 +55,7 @@ bool progress_use_cr = 0;
bool timestamps = 0;
int max_grant_frames = -1;
int max_maptrack_frames = -1;
+int max_grant_version = -1;
libxl_domid domid_policy = INVALID_DOMID;
xentoollog_level minmsglevel = minmsglevel_default;
@@ -213,6 +214,13 @@ static void parse_global_config(const char *configfile,
else if (e != ESRCH)
exit(1);
+ e = xlu_cfg_get_bounded_long (config, "max_grant_version", 0,
+ INT_MAX, &l, 1);
+ if (!e)
+ max_grant_version = l;
+ else if (e != ESRCH)
+ exit(1);
+
libxl_cpu_bitmap_alloc(ctx, &global_vm_affinity_mask, 0);
libxl_cpu_bitmap_alloc(ctx, &global_hvm_affinity_mask, 0);
libxl_cpu_bitmap_alloc(ctx, &global_pv_affinity_mask, 0);
@@ -282,6 +282,7 @@ extern char *default_colo_proxy_script;
extern char *blkdev_start;
extern int max_grant_frames;
extern int max_maptrack_frames;
+extern int max_grant_version;
extern libxl_bitmap global_vm_affinity_mask;
extern libxl_bitmap global_hvm_affinity_mask;
extern libxl_bitmap global_pv_affinity_mask;
@@ -1431,6 +1431,15 @@ void parse_config_data(const char *config_source,
else
exit(1);
+ e = xlu_cfg_get_bounded_long (config, "max_grant_version", 0,
+ INT_MAX, &l, 1);
+ if (e == ESRCH) /* not specified */
+ b_info->max_grant_version = max_grant_version;
+ else if (!e)
+ b_info->max_grant_version = l;
+ else
+ exit(1);
+
libxl_defbool_set(&b_info->claim_mode, claim_mode);
if (xlu_cfg_get_string (config, "on_poweroff", &buf, 0))
@@ -2484,6 +2484,7 @@ void __init create_domUs(void)
.max_evtchn_port = -1,
.max_grant_frames = -1,
.max_maptrack_frames = -1,
+ .max_grant_version = -1,
};
if ( !dt_device_is_compatible(node, "xen,domain") )
@@ -2591,6 +2592,7 @@ void __init create_dom0(void)
.max_evtchn_port = -1,
.max_grant_frames = gnttab_dom0_frames(),
.max_maptrack_frames = -1,
+ .max_grant_version = -1,
};
/* The vGIC for DOM0 is exactly emulating the hardware GIC */
@@ -750,6 +750,7 @@ static struct domain *__init create_dom0(const module_t *image,
.max_evtchn_port = -1,
.max_grant_frames = -1,
.max_maptrack_frames = -1,
+ .max_grant_version = -1,
.max_vcpus = dom0_max_vcpus(),
.arch = {
.misc_flags = opt_dom0_msr_relaxed ? XEN_X86_MSR_RELAXED : 0,
@@ -669,7 +669,8 @@ struct domain *domain_create(domid_t domid,
init_status |= INIT_evtchn;
if ( (err = grant_table_init(d, config->max_grant_frames,
- config->max_maptrack_frames)) != 0 )
+ config->max_maptrack_frames,
+ config->max_grant_version)) != 0 )
goto fail;
init_status |= INIT_gnttab;
@@ -53,6 +53,7 @@ struct grant_table {
percpu_rwlock_t lock;
/* Lock protecting the maptrack limit */
spinlock_t maptrack_lock;
+ unsigned int max_grant_version;
/*
* Defaults to v1. May be changed with GNTTABOP_set_version. All other
* values are invalid.
@@ -1917,11 +1918,26 @@ active_alloc_failed:
}
int grant_table_init(struct domain *d, int max_grant_frames,
- int max_maptrack_frames)
+ int max_maptrack_frames, int max_grant_version)
{
struct grant_table *gt;
int ret = -ENOMEM;
+ if ( max_grant_version < 0 )
+ max_grant_version = opt_gnttab_max_version;
+ if ( !max_grant_version )
+ {
+ dprintk(XENLOG_INFO, "Invalid grant table version 0 requested\n");
+ return -EINVAL;
+ }
+ if ( max_grant_version > opt_gnttab_max_version )
+ {
+ dprintk(XENLOG_INFO,
+ "Requested grant version (%u) greater than supported (%u)\n",
+ max_grant_version, opt_gnttab_max_version);
+ return -EINVAL;
+ }
+
/* Default to maximum value if no value was specified */
if ( max_grant_frames < 0 )
max_grant_frames = opt_max_grant_frames;
@@ -1947,6 +1963,7 @@ int grant_table_init(struct domain *d, int max_grant_frames,
gt->gt_version = 1;
gt->max_grant_frames = max_grant_frames;
gt->max_maptrack_frames = max_maptrack_frames;
+ gt->max_grant_version = max_grant_version;
/* Install the structure early to simplify the error path. */
gt->domain = d;
@@ -3076,7 +3093,7 @@ gnttab_set_version(XEN_GUEST_HANDLE_PARAM(gnttab_set_version_t) uop)
goto out;
res = -ENOSYS;
- if ( op.version == 2 && opt_gnttab_max_version == 1 )
+ if ( op.version == 2 && gt->max_grant_version == 1 )
goto out; /* Behave as before set_version was introduced. */
res = 0;
@@ -87,13 +87,14 @@ struct xen_domctl_createdomain {
/*
* Various domain limits, which impact the quantity of resources
* (global mapping space, xenheap, etc) a guest may consume. For
- * max_grant_frames and max_maptrack_frames, < 0 means "use the
- * default maximum value in the hypervisor".
+ * max_grant_frames, max_maptrack_frames and max_gnttab_version < 0
+ * means "use the default maximum value in the hypervisor".
*/
uint32_t max_vcpus;
uint32_t max_evtchn_port;
int32_t max_grant_frames;
int32_t max_maptrack_frames;
+ int32_t max_grant_version;
/* Per-vCPU buffer size in bytes. 0 to disable. */
uint32_t vmtrace_size;
@@ -36,7 +36,7 @@ extern unsigned int opt_max_grant_frames;
/* Create/destroy per-domain grant table context. */
int grant_table_init(struct domain *d, int max_grant_frames,
- int max_maptrack_frames);
+ int max_maptrack_frames, int max_grant_version);
void grant_table_destroy(
struct domain *d);
void grant_table_init_vcpu(struct vcpu *v);
@@ -67,7 +67,8 @@ int gnttab_acquire_resource(
static inline int grant_table_init(struct domain *d,
int max_grant_frames,
- int max_maptrack_frames)
+ int max_maptrack_frames,
+ int max_grant_version)
{
return 0;
}
Introduce a new domain create field so that toolstack can specify the maximum grant table version usable by the domain. This is plumbed into xl and settable by the user as max_grant_version. Previously this was only settable on a per host basis using the gnttab command line option. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- NB: the stubdom max grant version is cloned from the domain one. Not sure whether long term we might want to use different options for the stubdom and the domain. In any case the attack surface will always be max(stubdom, domain), so maybe it's just pointless to allow more fine setting. --- docs/man/xl.cfg.5.pod.in | 6 ++++++ docs/man/xl.conf.5.pod.in | 7 +++++++ tools/helpers/init-xenstore-domain.c | 1 + tools/include/libxl.h | 7 +++++++ tools/libs/light/libxl_create.c | 1 + tools/libs/light/libxl_dm.c | 1 + tools/libs/light/libxl_types.idl | 1 + tools/ocaml/libs/xc/xenctrl.ml | 1 + tools/ocaml/libs/xc/xenctrl.mli | 1 + tools/ocaml/libs/xc/xenctrl_stubs.c | 5 ++++- tools/xl/xl.c | 8 ++++++++ tools/xl/xl.h | 1 + tools/xl/xl_parse.c | 9 +++++++++ xen/arch/arm/domain_build.c | 2 ++ xen/arch/x86/setup.c | 1 + xen/common/domain.c | 3 ++- xen/common/grant_table.c | 21 +++++++++++++++++++-- xen/include/public/domctl.h | 5 +++-- xen/include/xen/grant_table.h | 5 +++-- 19 files changed, 78 insertions(+), 8 deletions(-)