|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v18 01/10] x86: add generic resource (e.g. MSR) access hypercall
On 30/09/14 11:49, Chao Peng wrote:
> Add a generic resource access hypercall for tool stack or other
> components, e.g., accessing MSR, port I/O, etc.
>
> The resource is abstracted as a resource address/value pair.
> The resource access can be any type of XEN_RESOURCE_OP_*(current
> only support MSR and it's white-listed). The resource operations
> are always runs on cpu that caller specified. If caller does not
> care this, it should use current cpu to eliminate the IPI overhead.
>
> Batch resource operations in one call are also supported but the
> max number currently is limited to 2. The operations in a batch are
> non-preemptible and execute in their original order. If preemptible
> batch is desirable, then multicall mechanism can be used.
>
> Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
> Signed-off-by: Chao Peng <chao.p.peng@xxxxxxxxxxxxxxx>
> ---
> xen/arch/x86/platform_hypercall.c | 157
> ++++++++++++++++++++++++++++++
> xen/arch/x86/x86_64/platform_hypercall.c | 4 +
> xen/include/public/platform.h | 35 +++++++
> xen/include/xlat.lst | 1 +
> 4 files changed, 197 insertions(+)
>
> diff --git a/xen/arch/x86/platform_hypercall.c
> b/xen/arch/x86/platform_hypercall.c
> index 2162811..3d873b5 100644
> --- a/xen/arch/x86/platform_hypercall.c
> +++ b/xen/arch/x86/platform_hypercall.c
> @@ -61,6 +61,94 @@ long cpu_down_helper(void *data);
> long core_parking_helper(void *data);
> uint32_t get_cur_idle_nums(void);
>
> +#define RESOURCE_ACCESS_MAX_ENTRIES 2
> +struct xen_resource_access {
> + unsigned int ret;
> + unsigned int nr_entries;
> + xenpf_resource_entry_t *entries;
> +};
> +
> +static bool_t allow_access_msr(unsigned int msr)
> +{
> + return 0;
> +}
> +
> +static unsigned int check_resource_access(struct xen_resource_access *ra)
> +{
> + xenpf_resource_entry_t *entry;
> + int ret = 0;
> + unsigned int i;
> +
> + for ( i = 0; i < ra->nr_entries; i++ )
> + {
> + entry = ra->entries + i;
> +
> + if ( entry->rsvd )
> + {
> + entry->u.ret = -EINVAL;
> + break;
> + }
> +
> + switch ( entry->u.cmd )
> + {
> + case XEN_RESOURCE_OP_MSR_READ:
> + case XEN_RESOURCE_OP_MSR_WRITE:
> + if ( entry->idx >> 32 )
> + ret = -EINVAL;
> + else if ( !allow_access_msr(entry->idx) )
> + ret = -EACCES;
> + break;
> + default:
> + ret = -EINVAL;
> + break;
> + }
> +
> + if ( ret )
> + {
> + entry->u.ret = ret;
You must always set entry->u.ret even on success.
Breaking on error is still fine though.
> + break;
> + }
> + }
> +
> + /* Return the number of successes. */
> + return i;
> +}
> +
> +static void resource_access(void *info)
> +{
> + struct xen_resource_access *ra = info;
> + xenpf_resource_entry_t *entry;
> + int ret;
> + unsigned int i;
> +
> + for ( i = 0; i < ra->nr_entries; i++ )
> + {
> + entry = ra->entries + i;
> +
> + switch ( entry->u.cmd )
> + {
> + case XEN_RESOURCE_OP_MSR_READ:
> + ret = rdmsr_safe(entry->idx, entry->val);
> + break;
> + case XEN_RESOURCE_OP_MSR_WRITE:
> + ret = wrmsr_safe(entry->idx, entry->val);
> + break;
> + default:
> + ret = -EINVAL;
> + break;
> + }
> +
> + if ( ret )
> + {
> + entry->u.ret = ret;
> + break;
> + }
Same here
> + }
> +
> + /* Return the number of successes. */
> + ra->ret = i;
> +}
> +
> ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
> {
> ret_t ret = 0;
> @@ -601,6 +689,75 @@ ret_t
> do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op)
> }
> break;
>
> + case XENPF_resource_op:
> + {
> + struct xen_resource_access ra;
> + uint32_t cpu;
> + XEN_GUEST_HANDLE(xenpf_resource_entry_t) guest_entries;
> +
> + ra.nr_entries = op->u.resource_op.nr_entries;
> + if ( ra.nr_entries == 0 || ra.nr_entries >
> RESOURCE_ACCESS_MAX_ENTRIES )
> + {
> + ret = -EINVAL;
> + break;
> + }
> +
> + ra.entries = xmalloc_array(xenpf_resource_entry_t, ra.nr_entries);
> + if ( !ra.entries )
> + {
> + ret = -ENOMEM;
> + break;
> + }
> +
> + guest_from_compat_handle(guest_entries, op->u.resource_op.entries);
> +
> + if ( copy_from_guest(ra.entries, guest_entries, ra.nr_entries) )
> + {
> + xfree(ra.entries);
> + ret = -EFAULT;
> + break;
> + }
> +
> + /* Do sanity check earlier to omit the potential IPI overhead. */
> + if ( check_resource_access(&ra) < ra.nr_entries )
> + {
> + /* Copy the return value for failed entry. */
> + if ( __copy_to_guest_offset(guest_entries, ret,
> + ra.entries + ret, 1) )
> + ret = -EFAULT;
> + else
> + ret = 0;
> +
> + xfree(ra.entries);
> + break;
> + }
This however is not ok. You have possibly signalled that entry 0 has
passed the permission check and entry 1 has failed the check, at which
point you leave entry 0 uninitialised in userspace and signal failure
for entry 1.
If some MSRs pass the permission check, you should go ahead and fill
them in to provide the partial good data to userspace.
> +
> + cpu = op->u.resource_op.cpu;
> + if ( cpu == smp_processor_id() )
> + resource_access(&ra);
> + else if ( cpu_online(cpu) )
You must check cpu < nr_cpu_ids, or cpu_online() could wander off the
end of the bitmap.
The correct check is something more like:
if ( (cpu >= nr_cpu_ids) || !cpu_online(cpu) )
ret = -ENODEV;
else if ( cpu == smp_processor_id() )
local()
else
on_selectected_cpus()
~Andrew
> + on_selected_cpus(cpumask_of(cpu), resource_access, &ra, 1);
> + else
> + {
> + xfree(ra.entries);
> + ret = -ENODEV;
> + break;
> + }
> +
> + /* Copy all if succeeded or up to the failed entry. */
> + if ( __copy_to_guest_offset(guest_entries, 0, ra.entries,
> + min(ra.nr_entries, ra.ret + 1)) )
> + {
> + xfree(ra.entries);
> + ret = -EFAULT;
> + break;
> + }
> +
> + ret = ra.ret;
> + xfree(ra.entries);
> + }
> + break;
> +
> default:
> ret = -ENOSYS;
> break;
> diff --git a/xen/arch/x86/x86_64/platform_hypercall.c
> b/xen/arch/x86/x86_64/platform_hypercall.c
> index b6f380e..ccfd30d 100644
> --- a/xen/arch/x86/x86_64/platform_hypercall.c
> +++ b/xen/arch/x86/x86_64/platform_hypercall.c
> @@ -32,6 +32,10 @@ CHECK_pf_pcpu_version;
> CHECK_pf_enter_acpi_sleep;
> #undef xen_pf_enter_acpi_sleep
>
> +#define xen_pf_resource_entry xenpf_resource_entry
> +CHECK_pf_resource_entry;
> +#undef xen_pf_resource_entry
> +
> #define COMPAT
> #define _XEN_GUEST_HANDLE(t) XEN_GUEST_HANDLE(t)
> #define _XEN_GUEST_HANDLE_PARAM(t) XEN_GUEST_HANDLE_PARAM(t)
> diff --git a/xen/include/public/platform.h b/xen/include/public/platform.h
> index 053b9fa..abf916c 100644
> --- a/xen/include/public/platform.h
> +++ b/xen/include/public/platform.h
> @@ -528,6 +528,40 @@ typedef struct xenpf_core_parking xenpf_core_parking_t;
> DEFINE_XEN_GUEST_HANDLE(xenpf_core_parking_t);
>
> /*
> + * Access generic platform resources(e.g., accessing MSR, port I/O, etc)
> + * in unified way. Batch resource operations in one call are supported and
> + * thay are always non-preemptible and executed in their original order.
> + * The batch itself returns a negative integer for general errors, or a
> + * non-negative integer for the number of successful operations. For latter
> + * case, the @ret in the failed entry(if have) indicates the exact error and
> + * it's meaningful only when it has a negative value.
> + */
> +#define XENPF_resource_op 61
> +
> +#define XEN_RESOURCE_OP_MSR_READ 0
> +#define XEN_RESOURCE_OP_MSR_WRITE 1
> +
> +struct xenpf_resource_entry {
> + union {
> + uint32_t cmd; /* IN: XEN_RESOURCE_OP_* */
> + int32_t ret; /* OUT: return value for this entry */
> + } u;
> + uint32_t rsvd; /* IN: padding and must be zero */
> + uint64_t idx; /* IN: resource address to access */
> + uint64_t val; /* IN/OUT: resource value to set/get */
> +};
> +typedef struct xenpf_resource_entry xenpf_resource_entry_t;
> +DEFINE_XEN_GUEST_HANDLE(xenpf_resource_entry_t);
> +
> +struct xenpf_resource_op {
> + uint32_t nr_entries; /* number of resource entry */
> + uint32_t cpu; /* which cpu to run */
> + XEN_GUEST_HANDLE(xenpf_resource_entry_t) entries;
> +};
> +typedef struct xenpf_resource_op xenpf_resource_op_t;
> +DEFINE_XEN_GUEST_HANDLE(xenpf_resource_op_t);
> +
> +/*
> * ` enum neg_errnoval
> * ` HYPERVISOR_platform_op(const struct xen_platform_op*);
> */
> @@ -553,6 +587,7 @@ struct xen_platform_op {
> struct xenpf_cpu_hotadd cpu_add;
> struct xenpf_mem_hotadd mem_add;
> struct xenpf_core_parking core_parking;
> + struct xenpf_resource_op resource_op;
> uint8_t pad[128];
> } u;
> };
> diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst
> index 9a35dd7..234b668 100644
> --- a/xen/include/xlat.lst
> +++ b/xen/include/xlat.lst
> @@ -88,6 +88,7 @@
> ? xenpf_enter_acpi_sleep platform.h
> ? xenpf_pcpuinfo platform.h
> ? xenpf_pcpu_version platform.h
> +? xenpf_resource_entry platform.h
> ! sched_poll sched.h
> ? sched_remote_shutdown sched.h
> ? sched_shutdown sched.h
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |