[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v13 for-xen-4.5 11/21] x86/VPMU: Interface for setting PMU mode and flags
Add runtime interface for setting PMU mode and flags. Three main modes are provided: * XENPMU_MODE_OFF: PMU is not virtualized * XENPMU_MODE_SELF: Guests can access PMU MSRs and receive PMU interrupts. * XENPMU_MODE_HV: Same as XENPMU_MODE_SELF for non-proviledged guests, dom0 can profile itself and the hypervisor. Note that PMU modes are different from what can be provided at Xen's boot line with 'vpmu' argument. An 'off' (or '0') value is equivalent to XENPMU_MODE_OFF. Any other value, on the other hand, will cause VPMU mode to be set to XENPMU_MODE_SELF during boot. For feature flags only Intel's BTS is currently supported. Mode and flags are set via HYPERVISOR_xenpmu_op hypercall. Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Reviewed-by: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxxxxx> Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx> --- tools/flask/policy/policy/modules/xen/xen.te | 3 + xen/arch/x86/domain.c | 6 +- xen/arch/x86/hvm/svm/vpmu.c | 4 +- xen/arch/x86/hvm/vmx/vpmu_core2.c | 10 +- xen/arch/x86/hvm/vpmu.c | 207 +++++++++++++++++++++++++-- xen/arch/x86/x86_64/compat/entry.S | 4 + xen/arch/x86/x86_64/entry.S | 4 + xen/include/Makefile | 2 + xen/include/asm-x86/hvm/vpmu.h | 27 ++-- xen/include/public/pmu.h | 44 ++++++ xen/include/public/xen.h | 1 + xen/include/xen/hypercall.h | 4 + xen/include/xlat.lst | 4 + xen/include/xsm/dummy.h | 15 ++ xen/include/xsm/xsm.h | 6 + xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 18 +++ xen/xsm/flask/policy/access_vectors | 2 + 18 files changed, 335 insertions(+), 27 deletions(-) diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index 1937883..fb761cd 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -64,6 +64,9 @@ allow dom0_t xen_t:xen { getidle debug getcpuinfo heap pm_op mca_op lockprof cpupool_op tmem_op tmem_control getscheduler setscheduler }; +allow dom0_t xen_t:xen2 { + pmu_ctrl +}; allow dom0_t xen_t:mmu memorymap; # Allow dom0 to use these domctls on itself. For domctls acting on other diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 7b1dfe6..6a07737 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1503,7 +1503,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) if ( is_hvm_vcpu(prev) ) { if (prev != next) - vpmu_save(prev); + vpmu_switch_from(prev, next); if ( !list_empty(&prev->arch.hvm_vcpu.tm_list) ) pt_save_timer(prev); @@ -1546,9 +1546,9 @@ void context_switch(struct vcpu *prev, struct vcpu *next) !is_hardware_domain(next->domain)); } - if (is_hvm_vcpu(next) && (prev != next) ) + if ( is_hvm_vcpu(prev) && (prev != next) ) /* Must be done with interrupts enabled */ - vpmu_load(next); + vpmu_switch_to(prev, next); context_saved(prev); diff --git a/xen/arch/x86/hvm/svm/vpmu.c b/xen/arch/x86/hvm/svm/vpmu.c index f68c020..1ae4c1e 100644 --- a/xen/arch/x86/hvm/svm/vpmu.c +++ b/xen/arch/x86/hvm/svm/vpmu.c @@ -478,14 +478,14 @@ struct arch_vpmu_ops amd_vpmu_ops = { .arch_vpmu_dump = amd_vpmu_dump }; -int svm_vpmu_initialise(struct vcpu *v, unsigned int vpmu_flags) +int svm_vpmu_initialise(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); uint8_t family = current_cpu_data.x86; int ret = 0; /* vpmu enabled? */ - if ( !vpmu_flags ) + if ( vpmu_mode == XENPMU_MODE_OFF ) return 0; switch ( family ) diff --git a/xen/arch/x86/hvm/vmx/vpmu_core2.c b/xen/arch/x86/hvm/vmx/vpmu_core2.c index b25fe90..c068f43 100644 --- a/xen/arch/x86/hvm/vmx/vpmu_core2.c +++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c @@ -703,13 +703,13 @@ static int core2_vpmu_do_interrupt(struct cpu_user_regs *regs) return 1; } -static int core2_vpmu_initialise(struct vcpu *v, unsigned int vpmu_flags) +static int core2_vpmu_initialise(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); u64 msr_content; static bool_t ds_warned; - if ( !(vpmu_flags & VPMU_BOOT_BTS) ) + if ( !(vpmu_features & XENPMU_FEATURE_INTEL_BTS) ) goto func_out; /* Check the 'Debug Store' feature in the CPUID.EAX[1]:EDX[21] */ while ( boot_cpu_has(X86_FEATURE_DS) ) @@ -824,7 +824,7 @@ struct arch_vpmu_ops core2_no_vpmu_ops = { .do_cpuid = core2_no_vpmu_do_cpuid, }; -int vmx_vpmu_initialise(struct vcpu *v, unsigned int vpmu_flags) +int vmx_vpmu_initialise(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); uint8_t family = current_cpu_data.x86; @@ -832,7 +832,7 @@ int vmx_vpmu_initialise(struct vcpu *v, unsigned int vpmu_flags) int ret = 0; vpmu->arch_vpmu_ops = &core2_no_vpmu_ops; - if ( !vpmu_flags ) + if ( vpmu_mode == XENPMU_MODE_OFF ) return 0; if ( family == 6 ) @@ -875,7 +875,7 @@ int vmx_vpmu_initialise(struct vcpu *v, unsigned int vpmu_flags) /* future: */ case 0x3d: case 0x4e: - ret = core2_vpmu_initialise(v, vpmu_flags); + ret = core2_vpmu_initialise(v); if ( !ret ) vpmu->arch_vpmu_ops = &core2_vpmu_ops; return ret; diff --git a/xen/arch/x86/hvm/vpmu.c b/xen/arch/x86/hvm/vpmu.c index 89bead4..8833b7f 100644 --- a/xen/arch/x86/hvm/vpmu.c +++ b/xen/arch/x86/hvm/vpmu.c @@ -21,6 +21,8 @@ #include <xen/config.h> #include <xen/sched.h> #include <xen/xenoprof.h> +#include <xen/event.h> +#include <xen/guest_access.h> #include <asm/regs.h> #include <asm/types.h> #include <asm/msr.h> @@ -32,13 +34,22 @@ #include <asm/hvm/svm/vmcb.h> #include <asm/apic.h> #include <public/pmu.h> +#include <xen/tasklet.h> +#include <xsm/xsm.h> + +#include <compat/pmu.h> +CHECK_pmu_params; +CHECK_pmu_intel_ctxt; +CHECK_pmu_amd_ctxt; +CHECK_pmu_cntr_pair; /* * "vpmu" : vpmu generally enabled * "vpmu=off" : vpmu generally disabled * "vpmu=bts" : vpmu enabled and Intel BTS feature switched on. */ -static unsigned int __read_mostly opt_vpmu_enabled; +uint64_t __read_mostly vpmu_mode = XENPMU_MODE_OFF; +uint64_t __read_mostly vpmu_features = 0; static void parse_vpmu_param(char *s); custom_param("vpmu", parse_vpmu_param); @@ -52,7 +63,7 @@ static void __init parse_vpmu_param(char *s) break; default: if ( !strcmp(s, "bts") ) - opt_vpmu_enabled |= VPMU_BOOT_BTS; + vpmu_features |= XENPMU_FEATURE_INTEL_BTS; else if ( *s ) { printk("VPMU: unknown flag: %s - vpmu disabled!\n", s); @@ -60,7 +71,8 @@ static void __init parse_vpmu_param(char *s) } /* fall through */ case 1: - opt_vpmu_enabled |= VPMU_BOOT_ENABLED; + /* Default VPMU mode */ + vpmu_mode = XENPMU_MODE_SELF; break; } } @@ -77,6 +89,9 @@ int vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content, uint64_t supported) { struct vpmu_struct *vpmu = vcpu_vpmu(current); + if ( !(vpmu_mode & (XENPMU_MODE_SELF | XENPMU_MODE_HV)) ) + return 0; + if ( vpmu->arch_vpmu_ops && vpmu->arch_vpmu_ops->do_wrmsr ) return vpmu->arch_vpmu_ops->do_wrmsr(msr, msr_content, supported); return 0; @@ -86,6 +101,9 @@ int vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) { struct vpmu_struct *vpmu = vcpu_vpmu(current); + if ( !(vpmu_mode & (XENPMU_MODE_SELF | XENPMU_MODE_HV)) ) + return 0; + if ( vpmu->arch_vpmu_ops && vpmu->arch_vpmu_ops->do_rdmsr ) return vpmu->arch_vpmu_ops->do_rdmsr(msr, msr_content); return 0; @@ -240,19 +258,19 @@ void vpmu_initialise(struct vcpu *v) switch ( vendor ) { case X86_VENDOR_AMD: - if ( svm_vpmu_initialise(v, opt_vpmu_enabled) != 0 ) - opt_vpmu_enabled = 0; + if ( svm_vpmu_initialise(v) != 0 ) + vpmu_mode = XENPMU_MODE_OFF; break; case X86_VENDOR_INTEL: - if ( vmx_vpmu_initialise(v, opt_vpmu_enabled) != 0 ) - opt_vpmu_enabled = 0; + if ( vmx_vpmu_initialise(v) != 0 ) + vpmu_mode = XENPMU_MODE_OFF; break; default: printk("VPMU: Initialization failed. " "Unknown CPU vendor %d\n", vendor); - opt_vpmu_enabled = 0; + vpmu_mode = XENPMU_MODE_OFF; break; } } @@ -274,3 +292,176 @@ void vpmu_dump(struct vcpu *v) vpmu->arch_vpmu_ops->arch_vpmu_dump(v); } +static atomic_t vpmu_sched_counter; + +static void vpmu_sched_checkin(unsigned long unused) +{ + atomic_inc(&vpmu_sched_counter); +} + +static int vpmu_force_context_switch(void) +{ + unsigned i, numcpus, mycpu; + s_time_t start; + static DEFINE_PER_CPU(struct tasklet *, sync_task); + int ret = 0; + + numcpus = num_online_cpus(); + mycpu = smp_processor_id(); + + for ( i = 0; i < numcpus; i++ ) + { + if ( i == mycpu ) + continue; + + per_cpu(sync_task, i) = xmalloc(struct tasklet); + if ( per_cpu(sync_task, i) == NULL ) + { + printk(XENLOG_WARNING "vpmu_force_context_switch: out of memory\n"); + ret = -ENOMEM; + goto out; + } + tasklet_init(per_cpu(sync_task, i), vpmu_sched_checkin, 0); + } + + /* First count is for self */ + atomic_set(&vpmu_sched_counter, 1); + + for_each_online_cpu( i ) + { + if ( i != mycpu ) + tasklet_schedule_on_cpu(per_cpu(sync_task, i), i); + } + + vpmu_save(current); + + start = NOW(); + + /* + * Note that we may fail here if a CPU is hot-plugged while we are + * waiting. We will then time out. + */ + while ( atomic_read(&vpmu_sched_counter) != numcpus ) + { + s_time_t now; + + cpu_relax(); + + now = NOW(); + + /* Give up after 5 seconds */ + if ( now > start + SECONDS(5) ) + { + printk(XENLOG_WARNING + "vpmu_force_context_switch: failed to sync\n"); + ret = -EBUSY; + break; + } + + /* Or after (arbitrarily chosen) 2ms if need to be preempted */ + if ( (now > start + MILLISECS(2)) && hypercall_preempt_check() ) + { + ret = -EAGAIN; + break; + } + } + + out: + for ( i = 0; i < numcpus; i++ ) + { + if ( per_cpu(sync_task, i) ) + { + tasklet_kill(per_cpu(sync_task, i)); + xfree(per_cpu(sync_task, i)); + per_cpu(sync_task, i) = NULL; + } + } + + return ret; +} + +long do_xenpmu_op(int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) +{ + int ret; + xen_pmu_params_t pmu_params; + + ret = xsm_pmu_op(XSM_OTHER, current->domain, op); + if ( ret ) + return ret; + + switch ( op ) + { + case XENPMU_mode_set: + { + static DEFINE_SPINLOCK(xenpmu_mode_lock); + uint32_t current_mode; + + if ( copy_from_guest(&pmu_params, arg, 1) ) + return -EFAULT; + + if ( pmu_params.val & ~(XENPMU_MODE_SELF | XENPMU_MODE_HV) ) + return -EINVAL; + + /* 32-bit dom0 can only sample itself */ + if ( is_pv_32bit_vcpu(current) && (pmu_params.val & XENPMU_MODE_HV) ) + return -EINVAL; + + /* + * Return error is someone else is in the middle of changing mode --- + * this is most likely indication of two system administrators + * working against each other + */ + if ( !spin_trylock(&xenpmu_mode_lock) ) + return -EAGAIN; + + current_mode = vpmu_mode; + vpmu_mode = pmu_params.val; + + if ( vpmu_mode == XENPMU_MODE_OFF ) + { + /* + * Make sure all (non-dom0) VCPUs have unloaded their VPMUs. This + * can be achieved by having all physical processors go through + * context_switch(). + */ + ret = vpmu_force_context_switch(); + if ( ret ) + vpmu_mode = current_mode; + } + + spin_unlock(&xenpmu_mode_lock); + break; + } + + case XENPMU_mode_get: + memset(&pmu_params, 0, sizeof(pmu_params)); + pmu_params.val = vpmu_mode; + pmu_params.version.maj = XENPMU_VER_MAJ; + pmu_params.version.min = XENPMU_VER_MIN; + if ( copy_to_guest(arg, &pmu_params, 1) ) + return -EFAULT; + break; + + case XENPMU_feature_set: + if ( copy_from_guest(&pmu_params, arg, 1) ) + return -EFAULT; + + if ( pmu_params.val & ~XENPMU_FEATURE_INTEL_BTS ) + return -EINVAL; + + vpmu_features = pmu_params.val; + break; + + case XENPMU_feature_get: + memset(&pmu_params, 0, sizeof(pmu_params)); + pmu_params.val = vpmu_features; + if ( copy_to_guest(arg, &pmu_params, 1) ) + return -EFAULT; + break; + + default: + ret = -EINVAL; + } + + return ret; +} diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index ac594c9..8587c46 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -417,6 +417,8 @@ ENTRY(compat_hypercall_table) .quad do_domctl .quad compat_kexec_op .quad do_tmem_op + .quad do_ni_hypercall /* reserved for XenClient */ + .quad do_xenpmu_op /* 40 */ .rept __HYPERVISOR_arch_0-((.-compat_hypercall_table)/8) .quad compat_ni_hypercall .endr @@ -465,6 +467,8 @@ ENTRY(compat_hypercall_args_table) .byte 1 /* do_domctl */ .byte 2 /* compat_kexec_op */ .byte 1 /* do_tmem_op */ + .byte 0 /* reserved for XenClient */ + .byte 2 /* do_xenpmu_op */ /* 40 */ .rept __HYPERVISOR_arch_0-(.-compat_hypercall_args_table) .byte 0 /* compat_ni_hypercall */ .endr diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ade555b..7f5dedf 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -772,6 +772,8 @@ ENTRY(hypercall_table) .quad do_domctl .quad do_kexec_op .quad do_tmem_op + .quad do_ni_hypercall /* reserved for XenClient */ + .quad do_xenpmu_op /* 40 */ .rept __HYPERVISOR_arch_0-((.-hypercall_table)/8) .quad do_ni_hypercall .endr @@ -820,6 +822,8 @@ ENTRY(hypercall_args_table) .byte 1 /* do_domctl */ .byte 2 /* do_kexec */ .byte 1 /* do_tmem_op */ + .byte 0 /* reserved for XenClient */ + .byte 2 /* do_xenpmu_op */ /* 40 */ .rept __HYPERVISOR_arch_0-(.-hypercall_args_table) .byte 0 /* do_ni_hypercall */ .endr diff --git a/xen/include/Makefile b/xen/include/Makefile index f7ccbc9..f97733a 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -26,7 +26,9 @@ headers-y := \ headers-$(CONFIG_X86) += compat/arch-x86/xen-mca.h headers-$(CONFIG_X86) += compat/arch-x86/xen.h headers-$(CONFIG_X86) += compat/arch-x86/xen-$(compat-arch-y).h +headers-$(CONFIG_X86) += compat/arch-x86/pmu.h headers-y += compat/arch-$(compat-arch-y).h compat/xlat.h +headers-y += compat/pmu.h headers-$(FLASK_ENABLE) += compat/xsm/flask_op.h cppflags-y := -include public/xen-compat.h diff --git a/xen/include/asm-x86/hvm/vpmu.h b/xen/include/asm-x86/hvm/vpmu.h index 6fa0def..c612e1a 100644 --- a/xen/include/asm-x86/hvm/vpmu.h +++ b/xen/include/asm-x86/hvm/vpmu.h @@ -24,13 +24,6 @@ #include <public/pmu.h> -/* - * Flag bits given as a string on the hypervisor boot parameter 'vpmu'. - * See arch/x86/hvm/vpmu.c. - */ -#define VPMU_BOOT_ENABLED 0x1 /* vpmu generally enabled. */ -#define VPMU_BOOT_BTS 0x2 /* Intel BTS feature wanted. */ - #define vcpu_vpmu(vcpu) (&(vcpu)->arch.vpmu) #define vpmu_vcpu(vpmu) container_of((vpmu), struct vcpu, arch.vpmu) @@ -59,8 +52,8 @@ struct arch_vpmu_ops { void (*arch_vpmu_dump)(const struct vcpu *); }; -int vmx_vpmu_initialise(struct vcpu *, unsigned int flags); -int svm_vpmu_initialise(struct vcpu *, unsigned int flags); +int vmx_vpmu_initialise(struct vcpu *); +int svm_vpmu_initialise(struct vcpu *); struct vpmu_struct { u32 flags; @@ -116,5 +109,21 @@ void vpmu_dump(struct vcpu *v); extern int acquire_pmu_ownership(int pmu_ownership); extern void release_pmu_ownership(int pmu_ownership); +extern uint64_t vpmu_mode; +extern uint64_t vpmu_features; + +/* Context switch */ +inline void vpmu_switch_from(struct vcpu *prev, struct vcpu *next) +{ + if ( vpmu_mode & (XENPMU_MODE_SELF | XENPMU_MODE_HV) ) + vpmu_save(prev); +} + +inline void vpmu_switch_to(struct vcpu *prev, struct vcpu *next) +{ + if ( vpmu_mode & (XENPMU_MODE_SELF | XENPMU_MODE_HV) ) + vpmu_load(next); +} + #endif /* __ASM_X86_HVM_VPMU_H_*/ diff --git a/xen/include/public/pmu.h b/xen/include/public/pmu.h index ee33668..9296ae3 100644 --- a/xen/include/public/pmu.h +++ b/xen/include/public/pmu.h @@ -13,6 +13,50 @@ #define XENPMU_VER_MAJ 0 #define XENPMU_VER_MIN 1 +/* + * ` enum neg_errnoval + * ` HYPERVISOR_xenpmu_op(enum xenpmu_op cmd, struct xenpmu_params *args); + * + * @cmd == XENPMU_* (PMU operation) + * @args == struct xenpmu_params + */ +/* ` enum xenpmu_op { */ +#define XENPMU_mode_get 0 /* Also used for getting PMU version */ +#define XENPMU_mode_set 1 +#define XENPMU_feature_get 2 +#define XENPMU_feature_set 3 +/* ` } */ + +/* Parameters structure for HYPERVISOR_xenpmu_op call */ +struct xen_pmu_params { + /* IN/OUT parameters */ + struct { + uint32_t maj; + uint32_t min; + } version; + uint64_t val; + + /* IN parameters */ + uint64_t vcpu; +}; +typedef struct xen_pmu_params xen_pmu_params_t; +DEFINE_XEN_GUEST_HANDLE(xen_pmu_params_t); + +/* PMU modes: + * - XENPMU_MODE_OFF: No PMU virtualization + * - XENPMU_MODE_SELF: Guests can profile themselves + * - XENPMU_MODE_HV: Guests can profile themselves, dom0 profiles + * itself and Xen + */ +#define XENPMU_MODE_OFF 0 +#define XENPMU_MODE_SELF (1<<0) +#define XENPMU_MODE_HV (1<<1) + +/* + * PMU features: + * - XENPMU_FEATURE_INTEL_BTS: Intel BTS support (ignored on AMD) + */ +#define XENPMU_FEATURE_INTEL_BTS 1 /* Shared between hypervisor and PV domain */ struct xen_pmu_data { diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index a6a2092..0766790 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -101,6 +101,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define __HYPERVISOR_kexec_op 37 #define __HYPERVISOR_tmem_op 38 #define __HYPERVISOR_xc_reserved_op 39 /* reserved for XenClient */ +#define __HYPERVISOR_xenpmu_op 40 /* Architecture-specific hypercall definitions. */ #define __HYPERVISOR_arch_0 48 diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index a9e5229..cf34547 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -14,6 +14,7 @@ #include <public/event_channel.h> #include <public/tmem.h> #include <public/version.h> +#include <public/pmu.h> #include <asm/hypercall.h> #include <xsm/xsm.h> @@ -139,6 +140,9 @@ do_tmem_op( extern long do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); +extern long +do_xenpmu_op(int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); + #ifdef CONFIG_COMPAT extern int diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst index c8fafef..5809c60 100644 --- a/xen/include/xlat.lst +++ b/xen/include/xlat.lst @@ -101,6 +101,10 @@ ! vcpu_set_singleshot_timer vcpu.h ? xenoprof_init xenoprof.h ? xenoprof_passive xenoprof.h +? pmu_params pmu.h +? pmu_intel_ctxt arch-x86/pmu.h +? pmu_amd_ctxt arch-x86/pmu.h +? pmu_cntr_pair arch-x86/pmu.h ? flask_access xsm/flask_op.h ! flask_boolean xsm/flask_op.h ? flask_cache_stats xsm/flask_op.h diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index df55e70..d423c1c 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -653,4 +653,19 @@ static XSM_INLINE int xsm_ioport_mapping(XSM_DEFAULT_ARG struct domain *d, uint3 return xsm_default_action(action, current->domain, d); } +static XSM_INLINE int xsm_pmu_op (XSM_DEFAULT_ARG struct domain *d, int op) +{ + XSM_ASSERT_ACTION(XSM_OTHER); + switch ( op ) + { + case XENPMU_mode_set: + case XENPMU_mode_get: + case XENPMU_feature_set: + case XENPMU_feature_get: + return xsm_default_action(XSM_PRIV, d, current->domain); + default: + return -EPERM; + } +} + #endif /* CONFIG_X86 */ diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 6c1c079..635f7df 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -170,6 +170,7 @@ struct xsm_operations { int (*unbind_pt_irq) (struct domain *d, struct xen_domctl_bind_pt_irq *bind); int (*ioport_permission) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); int (*ioport_mapping) (struct domain *d, uint32_t s, uint32_t e, uint8_t allow); + int (*pmu_op) (struct domain *d, int op); #endif }; @@ -660,6 +661,11 @@ static inline int xsm_ioport_mapping (xsm_default_t def, struct domain *d, uint3 return xsm_ops->ioport_mapping(d, s, e, allow); } +static inline int xsm_pmu_op (xsm_default_t def, struct domain *d, int op) +{ + return xsm_ops->pmu_op(d, op); +} + #endif /* CONFIG_X86 */ #endif /* XSM_NO_WRAPPERS */ diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 0826a8b..3638bd9 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -141,5 +141,6 @@ void xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, unbind_pt_irq); set_to_dummy_if_null(ops, ioport_permission); set_to_dummy_if_null(ops, ioport_mapping); + set_to_dummy_if_null(ops, pmu_op); #endif } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 5afc1d7..b437a24 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1485,6 +1485,23 @@ static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } + +static int flask_pmu_op (struct domain *d, int op) +{ + u32 dsid = domain_sid(d); + + switch ( op ) + { + case XENPMU_mode_set: + case XENPMU_mode_get: + case XENPMU_feature_set: + case XENPMU_feature_get: + return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_XEN2, + XEN2__PMU_CTRL, NULL); + default: + return -EPERM; + } +} #endif /* CONFIG_X86 */ long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); @@ -1604,6 +1621,7 @@ static struct xsm_operations flask_ops = { .unbind_pt_irq = flask_unbind_pt_irq, .ioport_permission = flask_ioport_permission, .ioport_mapping = flask_ioport_mapping, + .pmu_op = flask_pmu_op, #endif }; diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 2ddbeba..64c7378 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -81,6 +81,8 @@ class xen2 { # XENPF_get_symbol get_symbol +# PMU control + pmu_ctrl } # Classes domain and domain2 consist of operations that a domain performs on -- 1.8.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |