From patchwork Tue Dec 13 19:50:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Smith, Jackson" X-Patchwork-Id: 13072394 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5A2EBC4332F for ; Tue, 13 Dec 2022 19:50:27 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.461118.719154 (Exim 4.92) (envelope-from ) id 1p5BI8-0002MD-S2; Tue, 13 Dec 2022 19:50:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 461118.719154; Tue, 13 Dec 2022 19:50:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1p5BI8-0002M6-Oe; Tue, 13 Dec 2022 19:50:16 +0000 Received: by outflank-mailman (input) for mailman id 461118; Tue, 13 Dec 2022 19:50:15 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1p5BI7-0002M0-55 for xen-devel@lists.xenproject.org; Tue, 13 Dec 2022 19:50:15 +0000 Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0095.outbound.protection.office365.us [23.103.208.95]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5b8422b5-7b1f-11ed-8fd2-01056ac49cbb; Tue, 13 Dec 2022 20:50:13 +0100 (CET) Received: from BN0P110MB1642.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:185::22) by BN0P110MB1548.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:186::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.19; Tue, 13 Dec 2022 19:50:11 +0000 Received: from BN0P110MB1642.NAMP110.PROD.OUTLOOK.COM ([fe80::81df:6431:7a2d:4610]) by BN0P110MB1642.NAMP110.PROD.OUTLOOK.COM ([fe80::81df:6431:7a2d:4610%5]) with mapi id 15.20.5880.019; Tue, 13 Dec 2022 19:50:11 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5b8422b5-7b1f-11ed-8fd2-01056ac49cbb ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=sEwwqX+hQl3R+O9CVk4C7NL5UrlDq8/TOqaN1DCpWwtJfs47mA8gEgGJVRtrRA1Z2ARSCpIf+OFVwAIGokrNFrjw0sVQ84lU2W3ora0hc1+J4YfUdQ2HjIrdzXE3Izuku2VbtLeITic+hsG0Ngprr9eRc0QvwxyhbGj+SPSyBzAN6sGR+riEksPhUTcltG6egt8dBrXtnMpoSugsGs+qGYjwlXvrUEBaZQBZ/jrU2/RZ2hcUdofNzProAaYzAC9JtJvvSY5+QaJ7PHgem1qrf6fMixPN0xc7C89Am0EevHLLAj39iwqg+MpR9s2k9Dw9dGDdZ4JlZErvjDNY3s+zfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I0PsUDkmjU8ZqrhC77SP7qB92xlR9kM72Qt2ugNECpA=; b=dpX60XY5mfugGZGnAFw7EdWakLrRNnLT+uS/E3fhfKzBC5iux2OoGsjP5y4FKHCHsKirDtOG7FgYSVwFMyB/YaIxvNufnQcSLqJfV9FdxHRTfMFQSQKCJ3rzDm0dU+pcWSXZ9Q7TskrscW4FZFbTHlHth0T9YMY019JFI8veHqSxXJsHHvX9XP2CUyZlI/ft2yUUehFTDVFm750f048aFvxA66NSEJg+YWjMG2f5QwEgEBiavUWjfqOoH5neC0biCGxlYVCa4Fd+oyRvWVg21LjU7kGqS6zKqtBexOZYD5BNHmYCFYDvjxSO+wSTE54XY3tsL50qEwIGNW8CNIWwZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=riversideresearch.org; dmarc=pass action=none header.from=riversideresearch.org; dkim=pass header.d=riversideresearch.org; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=riversideresearch.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I0PsUDkmjU8ZqrhC77SP7qB92xlR9kM72Qt2ugNECpA=; b=qE8asZl9Igx8921sStM9BDszW1nVghv9Oog12oBcuYk9xbu7QgPAJXHXsz/HGqRDkE8iRt1Lp54Y5THp0OsvtSfaC+BzEROXev5Yp+A25Y2qgWseRwvvDHGn7Kw3tJvErSNQq3/qW4RTAbBrTR+fMQUhpRfrx8V0fpdeep8XBlzIlkx2EH4N3w28yCgnS9lJE73ZxL4bhtCVBoQ6cvrbRy5JAXie3506a2d0ww6EyzG1ADsZm9XIwcw12hK6meg+LTNZvPNKKPycWu7QVU+AjTZDuvqSRuRKJejx+LyaMXf2ujYJsitHNsdrHqGxWBWUaTbvK0vT5Cw6pNv3SBJGzQ== From: "Smith, Jackson" To: "Smith, Jackson" CC: "Brookes, Scott" , Xen-devel , Stefano Stabellini , Julien Grall , "bertrand.marquis@arm.com" , "jbeulich@suse.com" , Andrew Cooper , =?iso-8859-1?q?Roger_Pau_Monn=E9?= , George Dunlap , "demi@invisiblethingslab.com" , "Daniel P. Smith" , "christopher.w.clark@gmail.com" Subject: [RFC 1/4] Add VMF Hypercall Thread-Topic: [RFC 1/4] Add VMF Hypercall Thread-Index: AQHZDywch81VanlmwUKrsDP9tDkwnQ== Date: Tue, 13 Dec 2022 19:50:11 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: 0f26b3df-fdae-edcd-dd64-bdcb516094da authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=RiversideResearch.org; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BN0P110MB1642:EE_|BN0P110MB1548:EE_ x-ms-office365-filtering-correlation-id: 23a5c9e5-4aae-4066-b453-08dadd433ef9 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0xT7MpEoVqmChA2wI5osg3VqrI8nKc7Wkw5gP2mrbLrtaEDEdAYfmrterikgwteL5JAMyfvJkZUjMSPTBRmGY1ymGZkx4ICDfPl9bDwPhqELfb05Z1kKcBlpx10yZVHs0UTxnXwL9xY4VUjJhp1AWlrQBi6cr3JpTiq/+pnXZ36F/d42u0F8Z0lXtOV3Wb4Ap6yPLpCn85mhHNJhVMaYeebvLbpMVDW9L3nawwT4hUbhR3d+34NbAda1N7tdsPpPYOzrgRj3Sug8j8bshRCQYabMr1TyRKIF+gVqhMZ8JN8uBghETaLsfMYNVjoTrZK1MR/GhoDIuctqeRiypHuU9Y7W0cgvs56jiiweoD4aWhUw3u8FYjHzyYKdbvVWiuRzfxwCZJ2Yu7F/qxyZf/jc+oUWceyddq1u+FFc73IPwYjJKeR6v1C3hyg9Y5+qDudMEL0pjqcz5B29bou5LSAssgYWFGl1PzEcjN3gqxUp6v6GoROZoQvnwnt9cCkMYylzIJfYZvUwYGegTbPWqLZnSaIwfgYvlY3xfq+2T/q7+7UmwSt54nWys4nZZTkDaK1vWA1v+MsiNyi7wShJoD+LVMYEj9PYbhKCfd4mwzoBz/nWHgXjClMGVyMK9FgjJWkd3oQ3Ag3bg+Vz2flZa0Hpgg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1642.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(366004)(451199015)(64756008)(6200100001)(38070700005)(2906002)(38100700002)(5660300002)(7416002)(8936002)(33656002)(83380400001)(52536014)(6862004)(76116006)(66556008)(71200400001)(86362001)(8676002)(54906003)(4326008)(6506007)(55016003)(7696005)(122000001)(82960400001)(66946007)(508600001)(66446008)(9686003)(66476007)(26005)(186003)(2940100002)(85282002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: Q4JICLo5CJNYi0RHdrzPVdK62sw73Ux7/KlpJWGMn2o4rlqJ1i1qOXVwoT6g+nBvIvAlTgz207/Qwd+9Jopz5NMFnSyuD4CVH/XmaTs66/31OHbhg9NZlk3EuvkthpFp61KUuphFALZdIOK/LsP3x6iuKY3J7Mk5yMdf04YBgj7q3mRfwkiz6OtM+PC1mpcQQjPZ0HNXO+OVvusIemoDILXicWwYio08PLdncNx0k4p5pNPDeeweTwNP4hWWQs1mFppX+edkxWS5R5LBy7zExYeGD+iP8HgqPqqbvfxH+V1Ey7HqpvvB1OCZryakDYGAuKb8OUGY0fkMKobUyafEK0Q+4YiTL4DVQTPVtn9dOsHPE38UDxQam/syXwZ0oPWgAoixljoZUI6EmMGSsdDYGGfbs0JGGfOvL3nE4UnOJ9c= MIME-Version: 1.0 X-OriginatorOrg: riversideresearch.org X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1642.NAMP110.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 23a5c9e5-4aae-4066-b453-08dadd433ef9 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2022 19:50:11.5289 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bfc64a8d-9064-4c64-91c3-9d10b44c1cb6 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1548 This commit introduces a new vmf_op hypercall. If desired, could be merged into an exisiting hypercall. Also, introduce a VMF Kconfig option and xen/vmf.h, defining the arch specific functions that must be implmented to support vmf. --- tools/include/xenctrl.h | 2 + tools/libs/ctrl/xc_private.c | 5 ++ tools/libs/ctrl/xc_private.h | 5 ++ xen/arch/x86/guest/xen/hypercall_page.S | 2 + xen/common/Kconfig | 3 + xen/common/Makefile | 1 + xen/common/vmf.c | 111 ++++++++++++++++++++++++++++++++ xen/include/hypercall-defs.c | 6 ++ xen/include/public/vmf.h | 24 +++++++ xen/include/public/xen.h | 3 + xen/include/xen/vmf.h | 20 ++++++ 11 files changed, 182 insertions(+) create mode 100644 xen/common/vmf.c create mode 100644 xen/include/public/vmf.h create mode 100644 xen/include/xen/vmf.h diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 2303787..804ddba 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -1604,6 +1604,8 @@ long xc_memory_op(xc_interface *xch, unsigned int cmd, void *arg, size_t len); int xc_version(xc_interface *xch, int cmd, void *arg); +int xc_vmf_op(xc_interface *xch, unsigned int cmd, uint32_t domid); + int xc_flask_op(xc_interface *xch, xen_flask_op_t *op); /* diff --git a/tools/libs/ctrl/xc_private.c b/tools/libs/ctrl/xc_private.c index 2f99a7d..44fe9ba 100644 --- a/tools/libs/ctrl/xc_private.c +++ b/tools/libs/ctrl/xc_private.c @@ -555,6 +555,11 @@ int xc_version(xc_interface *xch, int cmd, void *arg) return rc; } +int xc_vmf_op(xc_interface *xch, unsigned int cmd, uint32_t domid) +{ + return do_vmf_op(xch, cmd, domid); +} + unsigned long xc_make_page_below_4G( xc_interface *xch, uint32_t domid, unsigned long mfn) { diff --git a/tools/libs/ctrl/xc_private.h b/tools/libs/ctrl/xc_private.h index ed960c6..fb72cb4 100644 --- a/tools/libs/ctrl/xc_private.h +++ b/tools/libs/ctrl/xc_private.h @@ -222,6 +222,11 @@ static inline int do_xen_version(xc_interface *xch, int cmd, xc_hypercall_buffer cmd, HYPERCALL_BUFFER_AS_ARG(dest)); } +static inline int do_vmf_op(xc_interface *xch, unsigned int cmd, uint32_t domid) +{ + return xencall2(xch->xcall, __HYPERVISOR_vmf_op, cmd, domid); +} + static inline int do_physdev_op(xc_interface *xch, int cmd, void *op, size_t len) { int ret = -1; diff --git a/xen/arch/x86/guest/xen/hypercall_page.S b/xen/arch/x86/guest/xen/hypercall_page.S index 9958d02..2efdd58 100644 --- a/xen/arch/x86/guest/xen/hypercall_page.S +++ b/xen/arch/x86/guest/xen/hypercall_page.S @@ -70,6 +70,8 @@ DECLARE_HYPERCALL(arch_5) DECLARE_HYPERCALL(arch_6) DECLARE_HYPERCALL(arch_7) +DECLARE_HYPERCALL(vmf_op) + /* * Local variables: * tab-width: 8 diff --git a/xen/common/Kconfig b/xen/common/Kconfig index f1ea319..3bf92b8 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -92,6 +92,9 @@ config STATIC_MEMORY If unsure, say N. +config VMF + bool "Virtual Memory Fuse Support" + menu "Speculative hardening" config INDIRECT_THUNK diff --git a/xen/common/Makefile b/xen/common/Makefile index 3baf83d..fb9118d 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -48,6 +48,7 @@ obj-y += timer.o obj-$(CONFIG_TRACEBUFFER) += trace.o obj-y += version.o obj-y += virtual_region.o +obj-$(CONFIG_VMF) += vmf.o obj-y += vm_event.o obj-y += vmap.o obj-y += vsprintf.o diff --git a/xen/common/vmf.c b/xen/common/vmf.c new file mode 100644 index 0000000..20c61d1 --- /dev/null +++ b/xen/common/vmf.c @@ -0,0 +1,111 @@ +/****************************************************************************** + * vmf.c + * + * Common implementation of the VMF hypercall + */ + +#include +#include + +#include +#include + +static void dump_domain_vcpus(struct domain *d) +{ + struct vcpu *v; + int i; + + if (d == NULL) { + printk("NULL\n"); + return; + } + + printk("Domain: %d (%d vcpus)\n", d->domain_id, d->max_vcpus); +#if defined(CONFIG_ARM_64) + printk(" vttbr: 0x%lx\n", d->arch.p2m.vttbr); +#endif + + i = 0; + for_each_vcpu(d, v) + { + printk(" vcpu [%d: id=%d, proc=%d]: \n", i++, v->vcpu_id, v->processor); + /* archvcpu for arm has: */ +#if defined(CONFIG_ARM_64) + printk(" .ttbr0 is 0x%lx\n", v->arch.ttbr0); + printk(" .ttbr1 is 0x%lx\n", v->arch.ttbr1); +#endif + } +} + +static void dump_domains(void) +{ + struct domain *d; + + for_each_domain(d) + dump_domain_vcpus(d); + + /* Dump system domains */ + printk("IDLE DOMAIN:\n"); + dump_domain_vcpus(idle_vcpu[0]->domain); + printk("HARDWARE DOMAIN:\n"); + dump_domain_vcpus(hardware_domain); + printk("XEN DOMAIN:\n"); + dump_domain_vcpus(dom_xen); + printk("IO DOMAIN:\n"); + dump_domain_vcpus(dom_io); +} + +long do_vmf_op(unsigned int cmd, domid_t domid) +{ + int ret = 0; + struct domain *d = NULL; + + printk("VMF hypercall: "); + + if (domid == DOMID_IDLE) { + printk("Xen\n"); + } else if ((domid < DOMID_FIRST_RESERVED) && (d = get_domain_by_id(domid))) { + printk("Domain(%d)\n", domid); + } else { + printk("Invalid domain id (%d)\n", domid); + ret = -1; + goto out; + } + + switch (cmd) { + case XENVMF_dump_info: + if (d) { + vmf_dump_domain_info(d); + } else { + dump_domains(); + vmf_dump_xen_info(); + } + break; + + case XENVMF_dump_tables: + if (d) + vmf_dump_domain_tables(d); + else + vmf_dump_xen_tables(); + break; + + case XENVMF_unmap: + printk("BLOW VIRTUAL MEMORY FUSE:\n"); + if (d) { + printk("Unmapping Domain(%d)\n", d->domain_id); + vmf_unmap_guest(d); + } else { + printk("Locking Virtual Memory Configuration\n"); + vmf_lock_xen_pgtables(); + } + break; + + default: + printk("Not Implemented\n"); + break; + } + +out: + printk("Done!\n"); + return ret; +} diff --git a/xen/include/hypercall-defs.c b/xen/include/hypercall-defs.c index 1896121..fb61bc6 100644 --- a/xen/include/hypercall-defs.c +++ b/xen/include/hypercall-defs.c @@ -166,6 +166,9 @@ vm_assist(unsigned int cmd, unsigned int type) event_channel_op(int cmd, void *arg) mmuext_op(mmuext_op_t *uops, unsigned int count, unsigned int *pdone, unsigned int foreigndom) multicall(multicall_entry_t *call_list, unsigned int nr_calls) +#if defined(CONFIG_VMF) +vmf_op(unsigned int cmd, domid_t domid) +#endif #ifdef CONFIG_PV mmu_update(mmu_update_t *ureqs, unsigned int count, unsigned int *pdone, unsigned int foreigndom) stack_switch(unsigned long ss, unsigned long esp) @@ -239,6 +242,9 @@ update_va_mapping compat do - - - set_timer_op compat do compat do - event_channel_op_compat do do - - dep xen_version compat do compat do do +#if defined(CONFIG_VMF) +vmf_op do do do do do +#endif console_io do do do do do physdev_op_compat compat do - - dep #if defined(CONFIG_GRANT_TABLE) diff --git a/xen/include/public/vmf.h b/xen/include/public/vmf.h new file mode 100644 index 0000000..a5ec004 --- /dev/null +++ b/xen/include/public/vmf.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: MIT */ +/****************************************************************************** + * vmf.h + * + */ + +#ifndef __XEN_PUBLIC_VMF_H__ +#define __XEN_PUBLIC_VMF_H__ + +#define XENVMF_dump_info 1 +#define XENVMF_dump_tables 2 +#define XENVMF_unmap 11 + +#endif /* __XEN_PUBLIC_VMF_H__ */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 920567e..077000c 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -125,6 +125,9 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define __HYPERVISOR_arch_6 54 #define __HYPERVISOR_arch_7 55 +/* custom vmf hypercall */ +#define __HYPERVISOR_vmf_op 56 + /* ` } */ /* diff --git a/xen/include/xen/vmf.h b/xen/include/xen/vmf.h new file mode 100644 index 0000000..f4b350c --- /dev/null +++ b/xen/include/xen/vmf.h @@ -0,0 +1,20 @@ +/****************************************************************************** + * vmf.h + * + * Public VMF interface to be implemented in arch specific code + */ + +#ifndef __XEN_VMF_H__ +#define __XEN_VMF_H__ + +struct domain; + +void vmf_dump_xen_info(void); +void vmf_dump_domain_info(struct domain *d); +void vmf_dump_xen_tables(void); +void vmf_dump_domain_tables(struct domain *d); + +void vmf_unmap_guest(struct domain *d); +void vmf_lock_xen_pgtables(void); + +#endif /* __XEN_VMF_H__ */