@@ -2,6 +2,7 @@ subdir-y += svm
subdir-y += vmx
obj-y += asid.o
+obj-y += control.o
obj-y += emulate.o
obj-y += event.o
obj-y += hpet.o
@@ -0,0 +1,96 @@
+/*
+ * control.c: Hardware virtual machine control operations.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <xen/hypercall.h>
+#include <xen/guest_access.h>
+#include <xen/sched.h>
+#include <xsm/xsm.h>
+
+/*
+ * Note that this value is effectively part of the ABI, even if we don't need
+ * to make it a formal part of it. Hence this value may only be changed if
+ * accompanied by a suitable interface version increase.
+ */
+#define HVMCTL_iter_shift 8
+#define HVMCTL_iter_mask ((1U << HVMCTL_iter_shift) - 1)
+#define HVMCTL_iter_max (1U << (16 + HVMCTL_iter_shift))
+
+long do_hvmctl(XEN_GUEST_HANDLE_PARAM(xen_hvmctl_t) u_hvmctl)
+{
+ xen_hvmctl_t op;
+ struct domain *d;
+ unsigned int iter;
+ int rc;
+
+ BUILD_BUG_ON(sizeof(op.u) > sizeof(op.u.pad));
+
+ if ( copy_from_guest(&op, u_hvmctl, 1) )
+ return -EFAULT;
+
+ if ( op.interface_version != XEN_HVMCTL_INTERFACE_VERSION )
+ return -EACCES;
+
+ rc = rcu_lock_remote_domain_by_id(op.domain, &d);
+ if ( rc )
+ return rc;
+
+ if ( !has_hvm_container_domain(d) )
+ {
+ rcu_unlock_domain(d);
+ return -EINVAL;
+ }
+
+ rc = xsm_hvm_control(XSM_DM_PRIV, d, op.cmd);
+ if ( rc )
+ {
+ rcu_unlock_domain(d);
+ return rc;
+ }
+
+ iter = op.opaque << HVMCTL_iter_shift;
+
+ switch ( op.cmd )
+ {
+ default:
+ rc = -EOPNOTSUPP;
+ break;
+ }
+
+ rcu_unlock_domain(d);
+
+ if ( rc == -ERESTART )
+ {
+ ASSERT(!(iter & HVMCTL_iter_mask));
+ op.opaque = iter >> HVMCTL_iter_shift;
+ if ( unlikely(copy_field_to_guest(u_hvmctl, &op, opaque)) )
+ rc = -EFAULT;
+ else
+ rc = hypercall_create_continuation(__HYPERVISOR_hvmctl, "h",
+ u_hvmctl);
+ }
+
+ return rc;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
@@ -4113,6 +4113,7 @@ static const struct {
COMPAT_CALL(platform_op),
COMPAT_CALL(mmuext_op),
HYPERCALL(xenpmu_op),
+ HYPERCALL(hvmctl),
HYPERCALL(arch_1)
};
@@ -469,6 +469,7 @@ ENTRY(compat_hypercall_table)
.quad do_tmem_op
.quad do_ni_hypercall /* reserved for XenClient */
.quad do_xenpmu_op /* 40 */
+ .quad do_hvmctl
.rept __HYPERVISOR_arch_0-((.-compat_hypercall_table)/8)
.quad compat_ni_hypercall
.endr
@@ -520,6 +521,7 @@ ENTRY(compat_hypercall_args_table)
.byte 1 /* do_tmem_op */
.byte 0 /* reserved for XenClient */
.byte 2 /* do_xenpmu_op */ /* 40 */
+ .byte 1 /* do_hvmctl */
.rept __HYPERVISOR_arch_0-(.-compat_hypercall_args_table)
.byte 0 /* compat_ni_hypercall */
.endr
@@ -791,6 +791,7 @@ ENTRY(hypercall_table)
.quad do_tmem_op
.quad do_ni_hypercall /* reserved for XenClient */
.quad do_xenpmu_op /* 40 */
+ .quad do_hvmctl
.rept __HYPERVISOR_arch_0-((.-hypercall_table)/8)
.quad do_ni_hypercall
.endr
@@ -842,6 +843,7 @@ ENTRY(hypercall_args_table)
.byte 1 /* do_tmem_op */
.byte 0 /* reserved for XenClient */
.byte 2 /* do_xenpmu_op */ /* 40 */
+ .byte 1 /* do_hvmctl */
.rept __HYPERVISOR_arch_0-(.-hypercall_args_table)
.byte 0 /* do_ni_hypercall */
.endr
@@ -93,7 +93,7 @@ all: headers.chk headers++.chk
PUBLIC_HEADERS := $(filter-out public/arch-% public/dom0_ops.h, $(wildcard public/*.h public/*/*.h) $(public-y))
-PUBLIC_ANSI_HEADERS := $(filter-out public/%ctl.h public/xsm/% public/%hvm/save.h, $(PUBLIC_HEADERS))
+PUBLIC_ANSI_HEADERS := $(filter-out public/%ctl.h public/hvm/control.h public/xsm/% public/%hvm/save.h,$(PUBLIC_HEADERS))
headers.chk: $(PUBLIC_ANSI_HEADERS) Makefile
for i in $(filter %.h,$^); do \
@@ -0,0 +1,54 @@
+/*
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef __XEN_PUBLIC_HVM_CONTROL_H__
+#define __XEN_PUBLIC_HVM_CONTROL_H__
+
+#if !defined(__XEN__) && !defined(__XEN_TOOLS__)
+#error "HVM control operations are intended for use by control tools only"
+#endif
+
+#include "../xen.h"
+
+#define XEN_HVMCTL_INTERFACE_VERSION 0x00000001
+
+struct xen_hvmctl {
+ uint16_t interface_version; /* XEN_HVMCTL_INTERFACE_VERSION */
+ domid_t domain;
+ uint16_t cmd;
+ uint16_t opaque; /* Must be zero on initial invocation. */
+ union {
+ uint8_t pad[120];
+ } u;
+};
+typedef struct xen_hvmctl xen_hvmctl_t;
+DEFINE_XEN_GUEST_HANDLE(xen_hvmctl_t);
+
+#endif /* __XEN_PUBLIC_HVM_CONTROL_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
@@ -115,6 +115,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t);
#define __HYPERVISOR_tmem_op 38
#define __HYPERVISOR_xc_reserved_op 39 /* reserved for XenClient */
#define __HYPERVISOR_xenpmu_op 40
+#define __HYPERVISOR_hvmctl 41
/* Architecture-specific hypercall definitions. */
#define __HYPERVISOR_arch_0 48
@@ -15,6 +15,7 @@
#include <public/tmem.h>
#include <public/version.h>
#include <public/pmu.h>
+#include <public/hvm/control.h>
#include <asm/hypercall.h>
#include <xsm/xsm.h>
@@ -46,6 +47,10 @@ arch_do_sysctl(
XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl);
extern long
+do_hvmctl(
+ XEN_GUEST_HANDLE_PARAM(xen_hvmctl_t) u_hvmctl);
+
+extern long
do_platform_op(
XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op);
@@ -1183,6 +1183,20 @@ static int flask_hvm_param(struct domain
return current_has_perm(d, SECCLASS_HVM, perm);
}
+static int flask_hvm_control(struct domain *d, unsigned long op)
+{
+ u32 perm;
+
+ switch ( op )
+ {
+ default:
+ perm = HVM__HVMCTL;
+ break;
+ }
+
+ return current_has_perm(d, SECCLASS_HVM, perm);
+}
+
static int flask_hvm_param_nested(struct domain *d)
{
return current_has_perm(d, SECCLASS_HVM, HVM__NESTED);
@@ -1745,7 +1759,7 @@ static struct xsm_operations flask_ops =
.page_offline = flask_page_offline,
.tmem_op = flask_tmem_op,
.hvm_param = flask_hvm_param,
- .hvm_control = flask_hvm_param,
+ .hvm_control = flask_hvm_control,
.hvm_param_nested = flask_hvm_param_nested,
.hvm_param_altp2mhvm = flask_hvm_param_altp2mhvm,
.hvm_altp2mhvm_op = flask_hvm_altp2mhvm_op,