| Message ID | 599454910200007800170490@prv-mh.provo.novell.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/16/2017 08:20 AM, Jan Beulich wrote: > So far callers of the libxc interface passed in a domain ID which was > then ignored in the hypervisor. Instead, make the hypervisor honor it > (accepting DOMID_INVALID to obtain original behavior), allowing to > query whether a device can be assigned to a particular domain. > > Drop XSM's test_assign_{,dt}device hooks as no longer being > individually useful. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>>> On 16.08.17 at 14:20, <JBeulich@suse.com> wrote: > So far callers of the libxc interface passed in a domain ID which was > then ignored in the hypervisor. Instead, make the hypervisor honor it > (accepting DOMID_INVALID to obtain original behavior), allowing to > query whether a device can be assigned to a particular domain. > > Drop XSM's test_assign_{,dt}device hooks as no longer being > individually useful. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > --- > v3: Drop test-assign XSM hooks. > v2: Alter the semantics to check whether the device can be assigned to > the passed in domain. > > --- a/xen/common/domctl.c > +++ b/xen/common/domctl.c > @@ -391,11 +391,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe > > switch ( op->cmd ) > { > - case XEN_DOMCTL_createdomain: > case XEN_DOMCTL_test_assign_device: > + if ( op->domain == DOMID_INVALID ) > + { > + case XEN_DOMCTL_createdomain: > case XEN_DOMCTL_gdbsx_guestmemio: > - d = NULL; > - break; > + d = NULL; > + break; > + } > + /* fall through */ > default: > d = rcu_lock_domain_by_id(op->domain); > if ( !d && op->cmd != XEN_DOMCTL_getdomaininfo ) > --- a/xen/drivers/passthrough/device_tree.c > +++ b/xen/drivers/passthrough/device_tree.c > @@ -143,12 +143,15 @@ int iommu_do_dt_domctl(struct xen_domctl > switch ( domctl->cmd ) > { > case XEN_DOMCTL_assign_device: > + ASSERT(d); > + /* fall through */ > + case XEN_DOMCTL_test_assign_device: > ret = -ENODEV; > if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_DT ) > break; > > ret = -EINVAL; > - if ( d->is_dying || domctl->u.assign_device.flags ) > + if ( (d && d->is_dying) || domctl->u.assign_device.flags ) > break; > > ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path, > @@ -161,6 +164,17 @@ int iommu_do_dt_domctl(struct xen_domctl > if ( ret ) > break; > > + if ( domctl->cmd == XEN_DOMCTL_test_assign_device ) > + { > + if ( iommu_dt_device_is_assigned(dev) ) > + { > + printk(XENLOG_G_ERR "%s already assigned.\n", > + dt_node_full_name(dev)); > + ret = -EINVAL; > + } > + break; > + } > + > ret = iommu_assign_dt_device(d, dev); > > if ( ret ) > @@ -194,33 +208,6 @@ int iommu_do_dt_domctl(struct xen_domctl > dt_node_full_name(dev), d->domain_id, ret); > break; > > - case XEN_DOMCTL_test_assign_device: > - ret = -ENODEV; > - if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_DT ) > - break; > - > - ret = -EINVAL; > - if ( domctl->u.assign_device.flags ) > - break; > - > - ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path, > - domctl->u.assign_device.u.dt.size, > - &dev); > - if ( ret ) > - break; > - > - ret = xsm_test_assign_dtdevice(XSM_HOOK, dt_node_full_name(dev)); > - if ( ret ) > - break; > - > - if ( iommu_dt_device_is_assigned(dev) ) > - { > - printk(XENLOG_G_ERR "%s already assigned.\n", > - dt_node_full_name(dev)); > - ret = -EINVAL; > - } > - break; > - > default: > ret = -ENOSYS; > break; > --- a/xen/drivers/passthrough/pci.c > +++ b/xen/drivers/passthrough/pci.c > @@ -1583,35 +1583,10 @@ int iommu_do_pci_domctl( > } > break; > > - case XEN_DOMCTL_test_assign_device: > - ret = -ENODEV; > - if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_PCI ) > - break; > - > - ret = -EINVAL; > - if ( domctl->u.assign_device.flags ) > - break; > - > - machine_sbdf = domctl->u.assign_device.u.pci.machine_sbdf; > - > - ret = xsm_test_assign_device(XSM_HOOK, machine_sbdf); > - if ( ret ) > - break; > - > - seg = machine_sbdf >> 16; > - bus = PCI_BUS(machine_sbdf); > - devfn = PCI_DEVFN2(machine_sbdf); > - > - if ( device_assigned(seg, bus, devfn) ) > - { > - printk(XENLOG_G_INFO > - "%04x:%02x:%02x.%u already assigned, or non-existent\n", > - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); > - ret = -EINVAL; > - } > - break; > - > case XEN_DOMCTL_assign_device: > + ASSERT(d); > + /* fall through */ > + case XEN_DOMCTL_test_assign_device: > /* Don't support self-assignment of devices. */ > if ( d == current->domain ) > { > @@ -1625,7 +1600,9 @@ int iommu_do_pci_domctl( > > ret = -EINVAL; > flags = domctl->u.assign_device.flags; > - if ( d->is_dying || (flags & ~XEN_DOMCTL_DEV_RDM_RELAXED) ) > + if ( domctl->cmd == XEN_DOMCTL_assign_device > + ? d->is_dying || (flags & ~XEN_DOMCTL_DEV_RDM_RELAXED) > + : flags ) > break; > > machine_sbdf = domctl->u.assign_device.u.pci.machine_sbdf; > @@ -1638,8 +1615,20 @@ int iommu_do_pci_domctl( > bus = PCI_BUS(machine_sbdf); > devfn = PCI_DEVFN2(machine_sbdf); > > - ret = device_assigned(seg, bus, devfn) ?: > - assign_device(d, seg, bus, devfn, flags); > + ret = device_assigned(seg, bus, devfn); > + if ( domctl->cmd == XEN_DOMCTL_test_assign_device ) > + { > + if ( ret ) > + { > + printk(XENLOG_G_INFO > + "%04x:%02x:%02x.%u already assigned, or > non-existent\n", > + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); > + ret = -EINVAL; > + } > + break; > + } > + if ( !ret ) > + ret = assign_device(d, seg, bus, devfn, flags); > if ( ret == -ERESTART ) > ret = hypercall_create_continuation(__HYPERVISOR_domctl, > "h", u_domctl); > --- a/xen/include/public/domctl.h > +++ b/xen/include/public/domctl.h > @@ -506,7 +506,11 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_sendt > > /* Assign a device to a guest. Sets up IOMMU structures. */ > /* XEN_DOMCTL_assign_device */ > -/* XEN_DOMCTL_test_assign_device */ > +/* > + * XEN_DOMCTL_test_assign_device: Pass DOMID_INVALID to find out whether > the > + * given device is assigned to any DomU at all. Pass a specific domain ID > to > + * find out whether the given device can be assigned to that domain. > + */ > /* > * XEN_DOMCTL_deassign_device: The behavior of this DOMCTL differs > * between the different type of device: > --- a/xen/include/xsm/dummy.h > +++ b/xen/include/xsm/dummy.h > @@ -337,12 +337,6 @@ static XSM_INLINE int xsm_get_device_gro > return xsm_default_action(action, current->domain, NULL); > } > > -static XSM_INLINE int xsm_test_assign_device(XSM_DEFAULT_ARG uint32_t > machine_bdf) > -{ > - XSM_ASSERT_ACTION(XSM_HOOK); > - return xsm_default_action(action, current->domain, NULL); > -} > - > static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, > uint32_t machine_bdf) > { > XSM_ASSERT_ACTION(XSM_HOOK); > @@ -358,12 +352,6 @@ static XSM_INLINE int xsm_deassign_devic > #endif /* HAS_PASSTHROUGH && HAS_PCI */ > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) > -static XSM_INLINE int xsm_test_assign_dtdevice(XSM_DEFAULT_ARG const char > *dtpath) > -{ > - XSM_ASSERT_ACTION(XSM_HOOK); > - return xsm_default_action(action, current->domain, NULL); > -} > - > static XSM_INLINE int xsm_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d, > const char *dtpath) > { > --- a/xen/include/xsm/xsm.h > +++ b/xen/include/xsm/xsm.h > @@ -109,13 +109,11 @@ struct xsm_operations { > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) > int (*get_device_group) (uint32_t machine_bdf); > - int (*test_assign_device) (uint32_t machine_bdf); > int (*assign_device) (struct domain *d, uint32_t machine_bdf); > int (*deassign_device) (struct domain *d, uint32_t machine_bdf); > #endif > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) > - int (*test_assign_dtdevice) (const char *dtpath); > int (*assign_dtdevice) (struct domain *d, const char *dtpath); > int (*deassign_dtdevice) (struct domain *d, const char *dtpath); > #endif > @@ -465,11 +463,6 @@ static inline int xsm_get_device_group(x > return xsm_ops->get_device_group(machine_bdf); > } > > -static inline int xsm_test_assign_device(xsm_default_t def, uint32_t > machine_bdf) > -{ > - return xsm_ops->test_assign_device(machine_bdf); > -} > - > static inline int xsm_assign_device(xsm_default_t def, struct domain *d, > uint32_t machine_bdf) > { > return xsm_ops->assign_device(d, machine_bdf); > @@ -488,12 +481,6 @@ static inline int xsm_assign_dtdevice(xs > return xsm_ops->assign_dtdevice(d, dtpath); > } > > -static inline int xsm_test_assign_dtdevice(xsm_default_t def, > - const char *dtpath) > -{ > - return xsm_ops->test_assign_dtdevice(dtpath); > -} > - > static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain > *d, > const char *dtpath) > { > --- a/xen/xsm/dummy.c > +++ b/xen/xsm/dummy.c > @@ -91,13 +91,11 @@ void __init xsm_fixup_ops (struct xsm_op > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) > set_to_dummy_if_null(ops, get_device_group); > - set_to_dummy_if_null(ops, test_assign_device); > set_to_dummy_if_null(ops, assign_device); > set_to_dummy_if_null(ops, deassign_device); > #endif > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) > - set_to_dummy_if_null(ops, test_assign_dtdevice); > set_to_dummy_if_null(ops, assign_dtdevice); > set_to_dummy_if_null(ops, deassign_dtdevice); > #endif > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -1278,6 +1281,9 @@ static int flask_assign_device(struct do > int rc = -EPERM; > struct avc_audit_data ad; > > + if ( !d ) > + return flask_test_assign_device(machine_bdf); > + > rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); > if ( rc ) > return rc; > @@ -1333,6 +1339,9 @@ static int flask_assign_dtdevice(struct > int rc = -EPERM; > struct avc_audit_data ad; > > + if ( !d ) > + return flask_test_assign_dtdevice(dtpath); > + > rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); > if ( rc ) > return rc; > @@ -1780,13 +1789,11 @@ static struct xsm_operations flask_ops = > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) > .get_device_group = flask_get_device_group, > - .test_assign_device = flask_test_assign_device, > .assign_device = flask_assign_device, > .deassign_device = flask_deassign_device, > #endif > > #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) > - .test_assign_dtdevice = flask_test_assign_dtdevice, > .assign_dtdevice = flask_assign_dtdevice, > .deassign_dtdevice = flask_deassign_dtdevice, > #endif
On Wed, Aug 16, 2017 at 06:20:01AM -0600, Jan Beulich wrote: > So far callers of the libxc interface passed in a domain ID which was > then ignored in the hypervisor. Instead, make the hypervisor honor it > (accepting DOMID_INVALID to obtain original behavior), allowing to > query whether a device can be assigned to a particular domain. > > Drop XSM's test_assign_{,dt}device hooks as no longer being > individually useful. Can you also say in the commit message that you consolidate some code as well? Assuming the disagreement on the semantics of the call is settled: Reviewed-by: Wei Liu <wei.liu2@citrix.com> > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > --- > v3: Drop test-assign XSM hooks. > v2: Alter the semantics to check whether the device can be assigned to > the passed in domain. > > --- a/xen/common/domctl.c > +++ b/xen/common/domctl.c > @@ -391,11 +391,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe > > switch ( op->cmd ) > { > - case XEN_DOMCTL_createdomain: > case XEN_DOMCTL_test_assign_device: > + if ( op->domain == DOMID_INVALID ) > + { > + case XEN_DOMCTL_createdomain: > case XEN_DOMCTL_gdbsx_guestmemio: > - d = NULL; > - break; > + d = NULL; > + break; > + } > + /* fall through */ I know there is already code like this but I would rather not mix if and case labels. Anyway, that's just my personal taste and I won't block this patch because of that. > default: > d = rcu_lock_domain_by_id(op->domain); > if ( !d && op->cmd != XEN_DOMCTL_getdomaininfo ) > --- a/xen/drivers/passthrough/device_tree.c > +++ b/xen/drivers/passthrough/device_tree.c > @@ -143,12 +143,15 @@ int iommu_do_dt_domctl(struct xen_domctl > switch ( domctl->cmd ) > { > case XEN_DOMCTL_assign_device: > + ASSERT(d); > + /* fall through */ > + case XEN_DOMCTL_test_assign_device: > ret = -ENODEV; > if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_DT ) > break; > > ret = -EINVAL; > - if ( d->is_dying || domctl->u.assign_device.flags ) > + if ( (d && d->is_dying) || domctl->u.assign_device.flags ) > break; > > ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path, > @@ -161,6 +164,17 @@ int iommu_do_dt_domctl(struct xen_domctl > if ( ret ) > break; > > + if ( domctl->cmd == XEN_DOMCTL_test_assign_device ) > + { > + if ( iommu_dt_device_is_assigned(dev) ) > + { > + printk(XENLOG_G_ERR "%s already assigned.\n", > + dt_node_full_name(dev)); > + ret = -EINVAL; > + } > + break; > + } > + Move the ASSERT(d) here? > ret = iommu_assign_dt_device(d, dev); >
>>> On 25.08.17 at 17:25, <wei.liu2@citrix.com> wrote: > On Wed, Aug 16, 2017 at 06:20:01AM -0600, Jan Beulich wrote: >> So far callers of the libxc interface passed in a domain ID which was >> then ignored in the hypervisor. Instead, make the hypervisor honor it >> (accepting DOMID_INVALID to obtain original behavior), allowing to >> query whether a device can be assigned to a particular domain. >> >> Drop XSM's test_assign_{,dt}device hooks as no longer being >> individually useful. > > Can you also say in the commit message that you consolidate some code as > well? Am I consolidating code beyond what is reasonable to achieve the intended effect? I don't view the merging of the two case blocks > Assuming the disagreement on the semantics of the call is settled: > > Reviewed-by: Wei Liu <wei.liu2@citrix.com> > >> >> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> --- >> v3: Drop test-assign XSM hooks. >> v2: Alter the semantics to check whether the device can be assigned to >> the passed in domain. >> >> --- a/xen/common/domctl.c >> +++ b/xen/common/domctl.c >> @@ -391,11 +391,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe >> >> switch ( op->cmd ) >> { >> - case XEN_DOMCTL_createdomain: >> case XEN_DOMCTL_test_assign_device: >> + if ( op->domain == DOMID_INVALID ) >> + { >> + case XEN_DOMCTL_createdomain: >> case XEN_DOMCTL_gdbsx_guestmemio: >> - d = NULL; >> - break; >> + d = NULL; >> + break; >> + } >> + /* fall through */ > > I know there is already code like this but I would rather not mix if and > case labels. Anyway, that's just my personal taste and I won't block > this patch because of that. Understood. I, otoh, prefer this style to limit code duplication. >> --- a/xen/drivers/passthrough/device_tree.c >> +++ b/xen/drivers/passthrough/device_tree.c >> @@ -143,12 +143,15 @@ int iommu_do_dt_domctl(struct xen_domctl >> switch ( domctl->cmd ) >> { >> case XEN_DOMCTL_assign_device: >> + ASSERT(d); >> + /* fall through */ >> + case XEN_DOMCTL_test_assign_device: >> ret = -ENODEV; >> if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_DT ) >> break; >> >> ret = -EINVAL; >> - if ( d->is_dying || domctl->u.assign_device.flags ) >> + if ( (d && d->is_dying) || domctl->u.assign_device.flags ) >> break; >> >> ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path, >> @@ -161,6 +164,17 @@ int iommu_do_dt_domctl(struct xen_domctl >> if ( ret ) >> break; >> >> + if ( domctl->cmd == XEN_DOMCTL_test_assign_device ) >> + { >> + if ( iommu_dt_device_is_assigned(dev) ) >> + { >> + printk(XENLOG_G_ERR "%s already assigned.\n", >> + dt_node_full_name(dev)); >> + ret = -EINVAL; >> + } >> + break; >> + } >> + > > Move the ASSERT(d) here? That would be a possibility, but personally I think it's better placed where it is now. It helps, for example, understanding why there is a NULL check of d somewhere in the middle. In a domctl handler d being NULL isn't a usual thing. Jan
>>> On 25.08.17 at 17:54, <JBeulich@suse.com> wrote: >>>> On 25.08.17 at 17:25, <wei.liu2@citrix.com> wrote: >> On Wed, Aug 16, 2017 at 06:20:01AM -0600, Jan Beulich wrote: >>> So far callers of the libxc interface passed in a domain ID which was >>> then ignored in the hypervisor. Instead, make the hypervisor honor it >>> (accepting DOMID_INVALID to obtain original behavior), allowing to >>> query whether a device can be assigned to a particular domain. >>> >>> Drop XSM's test_assign_{,dt}device hooks as no longer being >>> individually useful. >> >> Can you also say in the commit message that you consolidate some code as >> well? > > Am I consolidating code beyond what is reasonable to achieve > the intended effect? I don't view the merging of the two case > blocks Oops, didn't finish here: "... as anything going beyond the main purpose of the patch. In fact if someone submitted a patch without doing that folding, I'd ask for it to be done." >> Assuming the disagreement on the semantics of the call is settled: >> >> Reviewed-by: Wei Liu <wei.liu2@citrix.com> And didn't say "thanks" here. Jan
On Fri, Aug 25, 2017 at 09:54:18AM -0600, Jan Beulich wrote: > >>> On 25.08.17 at 17:25, <wei.liu2@citrix.com> wrote: > > On Wed, Aug 16, 2017 at 06:20:01AM -0600, Jan Beulich wrote: > >> So far callers of the libxc interface passed in a domain ID which was > >> then ignored in the hypervisor. Instead, make the hypervisor honor it > >> (accepting DOMID_INVALID to obtain original behavior), allowing to > >> query whether a device can be assigned to a particular domain. > >> > >> Drop XSM's test_assign_{,dt}device hooks as no longer being > >> individually useful. > > > > Can you also say in the commit message that you consolidate some code as > > well? > > Am I consolidating code beyond what is reasonable to achieve > the intended effect? I don't view the merging of the two case > blocks > Oops, didn't finish here: "... as anything going beyond the main > purpose of the patch. In fact if someone submitted a patch > without doing that folding, I'd ask for it to be done." It took more effort for reviewers to figure out the reason to delete those two blocks just from looking at the diff, which distracted me a bit. Of course I eventually figured out why they were deleted by looking at the actual files, but had that been stated in commit message I could have finished the review sooner because I would have a list of things to look for in my mind and go through them faster. Suppose you asked me to consolidate the blocks, I would happily do so but also try to note that in the commit message, to help reviewer and my future self to grasp what the patch does faster. [...] > >> + } > >> + > > > > Move the ASSERT(d) here? > > That would be a possibility, but personally I think it's better placed > where it is now. It helps, for example, understanding why there is > a NULL check of d somewhere in the middle. In a domctl handler d > being NULL isn't a usual thing. > Fair enough. I won't insist on moving it.
>>> On 25.08.17 at 18:05, <wei.liu2@citrix.com> wrote: > On Fri, Aug 25, 2017 at 09:54:18AM -0600, Jan Beulich wrote: >> >>> On 25.08.17 at 17:25, <wei.liu2@citrix.com> wrote: >> > On Wed, Aug 16, 2017 at 06:20:01AM -0600, Jan Beulich wrote: >> >> So far callers of the libxc interface passed in a domain ID which was >> >> then ignored in the hypervisor. Instead, make the hypervisor honor it >> >> (accepting DOMID_INVALID to obtain original behavior), allowing to >> >> query whether a device can be assigned to a particular domain. >> >> >> >> Drop XSM's test_assign_{,dt}device hooks as no longer being >> >> individually useful. >> > >> > Can you also say in the commit message that you consolidate some code as >> > well? >> >> Am I consolidating code beyond what is reasonable to achieve >> the intended effect? I don't view the merging of the two case >> blocks >> Oops, didn't finish here: "... as anything going beyond the main > > >> purpose of the patch. In fact if someone submitted a patch > > >> without doing that folding, I'd ask for it to be done." > > It took more effort for reviewers to figure out the reason to delete > those two blocks just from looking at the diff, which distracted me a > bit. Of course I eventually figured out why they were deleted by looking > at the actual files, but had that been stated in commit message I could > have finished the review sooner because I would have a list of things to > look for in my mind and go through them faster. Okay, I've added "Do this by folding the assign and test-assign paths" to the first paragraph. I hope that's enough to address your concern. Jan
On Mon, Aug 28, 2017 at 01:27:46AM -0600, Jan Beulich wrote: > >>> On 25.08.17 at 18:05, <wei.liu2@citrix.com> wrote: > > On Fri, Aug 25, 2017 at 09:54:18AM -0600, Jan Beulich wrote: > >> >>> On 25.08.17 at 17:25, <wei.liu2@citrix.com> wrote: > >> > On Wed, Aug 16, 2017 at 06:20:01AM -0600, Jan Beulich wrote: > >> >> So far callers of the libxc interface passed in a domain ID which was > >> >> then ignored in the hypervisor. Instead, make the hypervisor honor it > >> >> (accepting DOMID_INVALID to obtain original behavior), allowing to > >> >> query whether a device can be assigned to a particular domain. > >> >> > >> >> Drop XSM's test_assign_{,dt}device hooks as no longer being > >> >> individually useful. > >> > > >> > Can you also say in the commit message that you consolidate some code as > >> > well? > >> > >> Am I consolidating code beyond what is reasonable to achieve > >> the intended effect? I don't view the merging of the two case > >> blocks > >> Oops, didn't finish here: "... as anything going beyond the main > > > > > >> purpose of the patch. In fact if someone submitted a patch > > > > > >> without doing that folding, I'd ask for it to be done." > > > > It took more effort for reviewers to figure out the reason to delete > > those two blocks just from looking at the diff, which distracted me a > > bit. Of course I eventually figured out why they were deleted by looking > > at the actual files, but had that been stated in commit message I could > > have finished the review sooner because I would have a list of things to > > look for in my mind and go through them faster. > > Okay, I've added "Do this by folding the assign and test-assign paths" > to the first paragraph. I hope that's enough to address your concern. > Thanks, that sounds good.
--- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -391,11 +391,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe switch ( op->cmd ) { - case XEN_DOMCTL_createdomain: case XEN_DOMCTL_test_assign_device: + if ( op->domain == DOMID_INVALID ) + { + case XEN_DOMCTL_createdomain: case XEN_DOMCTL_gdbsx_guestmemio: - d = NULL; - break; + d = NULL; + break; + } + /* fall through */ default: d = rcu_lock_domain_by_id(op->domain); if ( !d && op->cmd != XEN_DOMCTL_getdomaininfo ) --- a/xen/drivers/passthrough/device_tree.c +++ b/xen/drivers/passthrough/device_tree.c @@ -143,12 +143,15 @@ int iommu_do_dt_domctl(struct xen_domctl switch ( domctl->cmd ) { case XEN_DOMCTL_assign_device: + ASSERT(d); + /* fall through */ + case XEN_DOMCTL_test_assign_device: ret = -ENODEV; if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_DT ) break; ret = -EINVAL; - if ( d->is_dying || domctl->u.assign_device.flags ) + if ( (d && d->is_dying) || domctl->u.assign_device.flags ) break; ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path, @@ -161,6 +164,17 @@ int iommu_do_dt_domctl(struct xen_domctl if ( ret ) break; + if ( domctl->cmd == XEN_DOMCTL_test_assign_device ) + { + if ( iommu_dt_device_is_assigned(dev) ) + { + printk(XENLOG_G_ERR "%s already assigned.\n", + dt_node_full_name(dev)); + ret = -EINVAL; + } + break; + } + ret = iommu_assign_dt_device(d, dev); if ( ret ) @@ -194,33 +208,6 @@ int iommu_do_dt_domctl(struct xen_domctl dt_node_full_name(dev), d->domain_id, ret); break; - case XEN_DOMCTL_test_assign_device: - ret = -ENODEV; - if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_DT ) - break; - - ret = -EINVAL; - if ( domctl->u.assign_device.flags ) - break; - - ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path, - domctl->u.assign_device.u.dt.size, - &dev); - if ( ret ) - break; - - ret = xsm_test_assign_dtdevice(XSM_HOOK, dt_node_full_name(dev)); - if ( ret ) - break; - - if ( iommu_dt_device_is_assigned(dev) ) - { - printk(XENLOG_G_ERR "%s already assigned.\n", - dt_node_full_name(dev)); - ret = -EINVAL; - } - break; - default: ret = -ENOSYS; break; --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1583,35 +1583,10 @@ int iommu_do_pci_domctl( } break; - case XEN_DOMCTL_test_assign_device: - ret = -ENODEV; - if ( domctl->u.assign_device.dev != XEN_DOMCTL_DEV_PCI ) - break; - - ret = -EINVAL; - if ( domctl->u.assign_device.flags ) - break; - - machine_sbdf = domctl->u.assign_device.u.pci.machine_sbdf; - - ret = xsm_test_assign_device(XSM_HOOK, machine_sbdf); - if ( ret ) - break; - - seg = machine_sbdf >> 16; - bus = PCI_BUS(machine_sbdf); - devfn = PCI_DEVFN2(machine_sbdf); - - if ( device_assigned(seg, bus, devfn) ) - { - printk(XENLOG_G_INFO - "%04x:%02x:%02x.%u already assigned, or non-existent\n", - seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - ret = -EINVAL; - } - break; - case XEN_DOMCTL_assign_device: + ASSERT(d); + /* fall through */ + case XEN_DOMCTL_test_assign_device: /* Don't support self-assignment of devices. */ if ( d == current->domain ) { @@ -1625,7 +1600,9 @@ int iommu_do_pci_domctl( ret = -EINVAL; flags = domctl->u.assign_device.flags; - if ( d->is_dying || (flags & ~XEN_DOMCTL_DEV_RDM_RELAXED) ) + if ( domctl->cmd == XEN_DOMCTL_assign_device + ? d->is_dying || (flags & ~XEN_DOMCTL_DEV_RDM_RELAXED) + : flags ) break; machine_sbdf = domctl->u.assign_device.u.pci.machine_sbdf; @@ -1638,8 +1615,20 @@ int iommu_do_pci_domctl( bus = PCI_BUS(machine_sbdf); devfn = PCI_DEVFN2(machine_sbdf); - ret = device_assigned(seg, bus, devfn) ?: - assign_device(d, seg, bus, devfn, flags); + ret = device_assigned(seg, bus, devfn); + if ( domctl->cmd == XEN_DOMCTL_test_assign_device ) + { + if ( ret ) + { + printk(XENLOG_G_INFO + "%04x:%02x:%02x.%u already assigned, or non-existent\n", + seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); + ret = -EINVAL; + } + break; + } + if ( !ret ) + ret = assign_device(d, seg, bus, devfn, flags); if ( ret == -ERESTART ) ret = hypercall_create_continuation(__HYPERVISOR_domctl, "h", u_domctl); --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -506,7 +506,11 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_sendt /* Assign a device to a guest. Sets up IOMMU structures. */ /* XEN_DOMCTL_assign_device */ -/* XEN_DOMCTL_test_assign_device */ +/* + * XEN_DOMCTL_test_assign_device: Pass DOMID_INVALID to find out whether the + * given device is assigned to any DomU at all. Pass a specific domain ID to + * find out whether the given device can be assigned to that domain. + */ /* * XEN_DOMCTL_deassign_device: The behavior of this DOMCTL differs * between the different type of device: --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -337,12 +337,6 @@ static XSM_INLINE int xsm_get_device_gro return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_test_assign_device(XSM_DEFAULT_ARG uint32_t machine_bdf) -{ - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); -} - static XSM_INLINE int xsm_assign_device(XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -358,12 +352,6 @@ static XSM_INLINE int xsm_deassign_devic #endif /* HAS_PASSTHROUGH && HAS_PCI */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static XSM_INLINE int xsm_test_assign_dtdevice(XSM_DEFAULT_ARG const char *dtpath) -{ - XSM_ASSERT_ACTION(XSM_HOOK); - return xsm_default_action(action, current->domain, NULL); -} - static XSM_INLINE int xsm_assign_dtdevice(XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -109,13 +109,11 @@ struct xsm_operations { #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) int (*get_device_group) (uint32_t machine_bdf); - int (*test_assign_device) (uint32_t machine_bdf); int (*assign_device) (struct domain *d, uint32_t machine_bdf); int (*deassign_device) (struct domain *d, uint32_t machine_bdf); #endif #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) - int (*test_assign_dtdevice) (const char *dtpath); int (*assign_dtdevice) (struct domain *d, const char *dtpath); int (*deassign_dtdevice) (struct domain *d, const char *dtpath); #endif @@ -465,11 +463,6 @@ static inline int xsm_get_device_group(x return xsm_ops->get_device_group(machine_bdf); } -static inline int xsm_test_assign_device(xsm_default_t def, uint32_t machine_bdf) -{ - return xsm_ops->test_assign_device(machine_bdf); -} - static inline int xsm_assign_device(xsm_default_t def, struct domain *d, uint32_t machine_bdf) { return xsm_ops->assign_device(d, machine_bdf); @@ -488,12 +481,6 @@ static inline int xsm_assign_dtdevice(xs return xsm_ops->assign_dtdevice(d, dtpath); } -static inline int xsm_test_assign_dtdevice(xsm_default_t def, - const char *dtpath) -{ - return xsm_ops->test_assign_dtdevice(dtpath); -} - static inline int xsm_deassign_dtdevice(xsm_default_t def, struct domain *d, const char *dtpath) { --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -91,13 +91,11 @@ void __init xsm_fixup_ops (struct xsm_op #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) set_to_dummy_if_null(ops, get_device_group); - set_to_dummy_if_null(ops, test_assign_device); set_to_dummy_if_null(ops, assign_device); set_to_dummy_if_null(ops, deassign_device); #endif #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) - set_to_dummy_if_null(ops, test_assign_dtdevice); set_to_dummy_if_null(ops, assign_dtdevice); set_to_dummy_if_null(ops, deassign_dtdevice); #endif --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1278,6 +1281,9 @@ static int flask_assign_device(struct do int rc = -EPERM; struct avc_audit_data ad; + if ( !d ) + return flask_test_assign_device(machine_bdf); + rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); if ( rc ) return rc; @@ -1333,6 +1339,9 @@ static int flask_assign_dtdevice(struct int rc = -EPERM; struct avc_audit_data ad; + if ( !d ) + return flask_test_assign_dtdevice(dtpath); + rc = current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); if ( rc ) return rc; @@ -1780,13 +1789,11 @@ static struct xsm_operations flask_ops = #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) .get_device_group = flask_get_device_group, - .test_assign_device = flask_test_assign_device, .assign_device = flask_assign_device, .deassign_device = flask_deassign_device, #endif #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) - .test_assign_dtdevice = flask_test_assign_dtdevice, .assign_dtdevice = flask_assign_dtdevice, .deassign_dtdevice = flask_deassign_dtdevice, #endif
So far callers of the libxc interface passed in a domain ID which was then ignored in the hypervisor. Instead, make the hypervisor honor it (accepting DOMID_INVALID to obtain original behavior), allowing to query whether a device can be assigned to a particular domain. Drop XSM's test_assign_{,dt}device hooks as no longer being individually useful. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- v3: Drop test-assign XSM hooks. v2: Alter the semantics to check whether the device can be assigned to the passed in domain.