[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] xl, libxl: Add per-device and global permissive config options for pci passthrough

# HG changeset patch
# User George Dunlap <george.dunlap@xxxxxxxxxxxxx>
# Date 1333552002 -3600
# Node ID 1687cd2e97e37972034f77d9952d10e9b52ac8a4
# Parent  ce20aaa97da645963458911f08e591511e15c55d
xl, libxl: Add per-device and global permissive config options for pci 
passthrough

By default pciback only allows PV guests to write "known safe" values into
PCI config space.  But many devices require writes to other areas of config
space in order to operate properly.  One way to do that is with the "quirks"
interface, which specifies areas known safe to a particular device; the
other way is to mark a device as "permissive", which tells pciback to allow
all config space writes for that domain and device.

This adds a "permissive" flag to the libxl_pci struct and teaches libxl how
to write the appropriate value into sysfs to enable the permissive feature for
devices being passed through.  It also adds the permissive config options either
on a per-device basis, or as a global option in the xl command-line.

Because of the potential stability and security implications of enabling
permissive, the flag is left off by default.

Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---


diff -r ce20aaa97da6 -r 1687cd2e97e3 docs/man/xl.cfg.pod.5
--- a/docs/man/xl.cfg.pod.5     Wed Apr 04 16:06:42 2012 +0100
+++ b/docs/man/xl.cfg.pod.5     Wed Apr 04 16:06:42 2012 +0100
@@ -301,10 +301,31 @@ XXX
 
 XXX
 
+=item B<permissive=BOOLEAN>
+
+(PV only) By default pciback only allows PV guests to write "known
+safe" values into PCI config space.  But many devices require writes
+to other areas of config space in order to operate properly.  This
+tells the pciback driver to allow all writes to PCI config space of
+this device by this domain.  This option should be enabled with
+caution: it gives the guest much more control over the device, which
+may have security or stability implications.  It is recommended to
+enable this option only for trusted VMs under administrator control.
+
 =back
 
 =back
 
+=item B<pci_permissive=BOOLEAN>
+
+(PV only) Changes the default value of 'permissive' for all PCI
+devices for this VM.  This can still be overriden on a per-device
+basis. This option should be enabled with caution: it gives the guest
+much more control over the device, which may have security or
+stability implications.  It is recommended to enable this option only
+for trusted VMs under administrator control.  See the "pci=" section
+for more information on the "permissive" flag.
+
 =back
 
 =head2 Paravirtualised (PV) Guest Specific Options
diff -r ce20aaa97da6 -r 1687cd2e97e3 tools/libxl/libxl_pci.c
--- a/tools/libxl/libxl_pci.c   Wed Apr 04 16:06:42 2012 +0100
+++ b/tools/libxl/libxl_pci.c   Wed Apr 04 16:06:42 2012 +0100
@@ -55,7 +55,10 @@ static void libxl_create_pci_backend_dev
     if (pcidev->vdevfn)
         flexarray_append_pair(back, libxl__sprintf(gc, "vdevfn-%d", num), 
libxl__sprintf(gc, "%x", pcidev->vdevfn));
     flexarray_append(back, libxl__sprintf(gc, "opts-%d", num));
-    flexarray_append(back, libxl__sprintf(gc, "msitranslate=%d,power_mgmt=%d", 
pcidev->msitranslate, pcidev->power_mgmt));
+    flexarray_append(back,
+              libxl__sprintf(gc, "msitranslate=%d,power_mgmt=%d,permissive=%d",
+                             pcidev->msitranslate, pcidev->power_mgmt,
+                             pcidev->permissive));
     flexarray_append_pair(back, libxl__sprintf(gc, "state-%d", num), 
libxl__sprintf(gc, "%d", 1));
 }
 
@@ -565,6 +568,31 @@ static int do_pci_add(libxl__gc *gc, uin
             }
         }
         fclose(f);
+
+        /* Don't restrict writes to the PCI config space from this VM */
+        if (pcidev->permissive) {
+            int fd;
+            char *buf;
+            
+            sysfs_path = libxl__sprintf(gc, SYSFS_PCIBACK_DRIVER"/permissive");
+            fd = open(sysfs_path, O_WRONLY);
+            if (fd < 0) {
+                LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "Couldn't open %s",
+                                 sysfs_path);
+                return ERROR_FAIL;
+            }
+ 
+            buf = libxl__sprintf(gc, PCI_BDF, pcidev->domain, pcidev->bus,
+                                 pcidev->dev, pcidev->func);
+            rc = write(fd, buf, strlen(buf));
+            /* Annoying to have two if's, but we need the errno */
+            if (rc < 0)
+                LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR,
+                                 "write to %s returned %d", sysfs_path, rc);
+            close(fd);
+            if (rc < 0)
+                return ERROR_FAIL;
+        }
         break;
     }
     default:
@@ -958,6 +986,9 @@ static void libxl__device_pci_from_xs_be
             } else if (!strcmp(p, "power_mgmt")) {
                 p = strtok_r(NULL, ",=", &saveptr);
                 pci->power_mgmt = atoi(p);
+            } else if (!strcmp(p, "permissive")) {
+                p = strtok_r(NULL, ",=", &saveptr);
+                pci->permissive = atoi(p);
             }
         } while ((p = strtok_r(NULL, ",=", &saveptr)) != NULL);
     }
diff -r ce20aaa97da6 -r 1687cd2e97e3 tools/libxl/libxl_types.idl
--- a/tools/libxl/libxl_types.idl       Wed Apr 04 16:06:42 2012 +0100
+++ b/tools/libxl/libxl_types.idl       Wed Apr 04 16:06:42 2012 +0100
@@ -354,6 +354,7 @@ libxl_device_pci = Struct("device_pci", 
     ("vfunc_mask", uint32),
     ("msitranslate", bool),
     ("power_mgmt", bool),
+    ("permissive", bool),
     ])
 
 libxl_diskinfo = Struct("diskinfo", [
diff -r ce20aaa97da6 -r 1687cd2e97e3 tools/libxl/libxlu_pci.c
--- a/tools/libxl/libxlu_pci.c  Wed Apr 04 16:06:42 2012 +0100
+++ b/tools/libxl/libxlu_pci.c  Wed Apr 04 16:06:42 2012 +0100
@@ -139,6 +139,8 @@ int xlu_pci_parse_bdf(XLU_Config *cfg, l
                     pcidev->msitranslate = atoi(tok);
                 }else if ( !strcmp(optkey, "power_mgmt") ) {
                     pcidev->power_mgmt = atoi(tok);
+                }else if ( !strcmp(optkey, "permissive") ) {
+                    pcidev->permissive = atoi(tok);
                 }else{
                     XLU__PCI_ERR(cfg, "Unknown PCI BDF option: %s", optkey);
                 }
diff -r ce20aaa97da6 -r 1687cd2e97e3 tools/libxl/xl_cmdimpl.c
--- a/tools/libxl/xl_cmdimpl.c  Wed Apr 04 16:06:42 2012 +0100
+++ b/tools/libxl/xl_cmdimpl.c  Wed Apr 04 16:06:42 2012 +0100
@@ -518,6 +518,7 @@ static void parse_config_data(const char
     XLU_ConfigList *cpus, *vbds, *nics, *pcis, *cvfbs, *cpuids;
     int pci_power_mgmt = 0;
     int pci_msitranslate = 1;
+    int pci_permissive = 0;
     int e;
 
     libxl_domain_create_info *c_info = &d_config->c_info;
@@ -991,6 +992,9 @@ skip_vfb:
     if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0))
         pci_power_mgmt = l;
 
+    if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0))
+        pci_permissive = l;
+
     /* To be reworked (automatically enabled) once the auto ballooning
      * after guest starts is done (with PCI devices passed in). */
     if (c_info->type == LIBXL_DOMAIN_TYPE_PV) {
@@ -1010,6 +1014,7 @@ skip_vfb:
 
             pcidev->msitranslate = pci_msitranslate;
             pcidev->power_mgmt = pci_power_mgmt;
+            pcidev->permissive = pci_permissive;
             if (!xlu_pci_parse_bdf(config, pcidev, buf))
                 d_config->num_pcidevs++;
         }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.