[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v22 01/14] common/symbols: Export hypervisor symbols to privileged guest
Export Xen's symbols as {<address><type><name>} triplet via new XENPF_get_symbol hypercall Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Reviewed-by: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxxxxx> Tested-by: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxxxxx> --- xen/arch/x86/platform_hypercall.c | 28 +++++++++++++++++++ xen/common/symbols.c | 54 +++++++++++++++++++++++++++++++++++++ xen/include/public/platform.h | 19 +++++++++++++ xen/include/xen/symbols.h | 3 +++ xen/include/xlat.lst | 1 + xen/xsm/flask/hooks.c | 4 +++ xen/xsm/flask/policy/access_vectors | 2 ++ 7 files changed, 111 insertions(+) diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 334d474..7626261 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -23,6 +23,7 @@ #include <xen/cpu.h> #include <xen/pmstat.h> #include <xen/irq.h> +#include <xen/symbols.h> #include <asm/current.h> #include <public/platform.h> #include <acpi/cpufreq/processor_perf.h> @@ -798,6 +799,33 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) } break; + case XENPF_get_symbol: + { + static char name[KSYM_NAME_LEN + 1]; /* protected by xenpf_lock */ + XEN_GUEST_HANDLE(char) nameh; + uint32_t namelen, copylen; + + guest_from_compat_handle(nameh, op->u.symdata.name); + + ret = xensyms_read(&op->u.symdata.symnum, &op->u.symdata.type, + &op->u.symdata.address, name); + + namelen = strlen(name) + 1; + + if ( namelen > op->u.symdata.namelen ) + copylen = op->u.symdata.namelen; + else + copylen = namelen; + + op->u.symdata.namelen = namelen; + + if ( !ret && copy_to_guest(nameh, name, copylen) ) + ret = -EFAULT; + if ( !ret && __copy_field_to_guest(u_xenpf_op, op, u.symdata) ) + ret = -EFAULT; + } + break; + default: ret = -ENOSYS; break; diff --git a/xen/common/symbols.c b/xen/common/symbols.c index fc7c9e7..a59c59d 100644 --- a/xen/common/symbols.c +++ b/xen/common/symbols.c @@ -17,6 +17,8 @@ #include <xen/lib.h> #include <xen/string.h> #include <xen/spinlock.h> +#include <public/platform.h> +#include <xen/guest_access.h> #ifdef SYMBOLS_ORIGIN extern const unsigned int symbols_offsets[]; @@ -148,3 +150,55 @@ const char *symbols_lookup(unsigned long addr, *offset = addr - symbols_address(low); return namebuf; } + +/* + * Get symbol type information. This is encoded as a single char at the + * beginning of the symbol name. + */ +static char symbols_get_symbol_type(unsigned int off) +{ + /* + * Get just the first code, look it up in the token table, + * and return the first char from this token. + */ + return symbols_token_table[symbols_token_index[symbols_names[off + 1]]]; +} + +int xensyms_read(uint32_t *symnum, char *type, + uint64_t *address, char *name) +{ + /* + * Symbols are most likely accessed sequentially so we remember position + * from previous read. This can help us avoid the extra call to + * get_symbol_offset(). + */ + static uint64_t next_symbol, next_offset; + static DEFINE_SPINLOCK(symbols_mutex); + + if ( *symnum > symbols_num_syms ) + return -ERANGE; + if ( *symnum == symbols_num_syms ) + { + /* No more symbols */ + name[0] = '\0'; + return 0; + } + + spin_lock(&symbols_mutex); + + if ( *symnum == 0 ) + next_offset = next_symbol = 0; + if ( next_symbol != *symnum ) + /* Non-sequential access */ + next_offset = get_symbol_offset(*symnum); + + *type = symbols_get_symbol_type(next_offset); + next_offset = symbols_expand_symbol(next_offset, name); + *address = symbols_address(*symnum); + + next_symbol = ++*symnum; + + spin_unlock(&symbols_mutex); + + return 0; +} diff --git a/xen/include/public/platform.h b/xen/include/public/platform.h index 82ec84e..1e6a6ce 100644 --- a/xen/include/public/platform.h +++ b/xen/include/public/platform.h @@ -590,6 +590,24 @@ struct xenpf_resource_op { typedef struct xenpf_resource_op xenpf_resource_op_t; DEFINE_XEN_GUEST_HANDLE(xenpf_resource_op_t); +#define XENPF_get_symbol 63 +struct xenpf_symdata { + /* IN/OUT variables */ + uint32_t namelen; /* IN: size of name buffer */ + /* OUT: strlen(name) of hypervisor symbol (may be */ + /* larger than what's been copied to guest) */ + uint32_t symnum; /* IN: Symbol to read */ + /* OUT: Next available symbol. If same as IN then */ + /* we reached the end */ + + /* OUT variables */ + XEN_GUEST_HANDLE(char) name; + uint64_t address; + char type; +}; +typedef struct xenpf_symdata xenpf_symdata_t; +DEFINE_XEN_GUEST_HANDLE(xenpf_symdata_t); + /* * ` enum neg_errnoval * ` HYPERVISOR_platform_op(const struct xen_platform_op*); @@ -619,6 +637,7 @@ struct xen_platform_op { struct xenpf_mem_hotadd mem_add; struct xenpf_core_parking core_parking; struct xenpf_resource_op resource_op; + struct xenpf_symdata symdata; uint8_t pad[128]; } u; }; diff --git a/xen/include/xen/symbols.h b/xen/include/xen/symbols.h index 87cd77d..1fa0537 100644 --- a/xen/include/xen/symbols.h +++ b/xen/include/xen/symbols.h @@ -11,4 +11,7 @@ const char *symbols_lookup(unsigned long addr, unsigned long *offset, char *namebuf); +int xensyms_read(uint32_t *symnum, char *type, + uint64_t *address, char *name); + #endif /*_XEN_SYMBOLS_H*/ diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst index 9c9fd9a..906e6fc 100644 --- a/xen/include/xlat.lst +++ b/xen/include/xlat.lst @@ -89,6 +89,7 @@ ? processor_px platform.h ! psd_package platform.h ? xenpf_enter_acpi_sleep platform.h +! xenpf_symdata platform.h ? xenpf_pcpuinfo platform.h ? xenpf_pcpu_version platform.h ? xenpf_resource_entry platform.h diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 6e37d29..b4aae27 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1515,6 +1515,10 @@ static int flask_platform_op(uint32_t op) return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, XEN2__RESOURCE_OP, NULL); + case XENPF_get_symbol: + return avc_has_perm(domain_sid(current->domain), SECINITSID_XEN, + SECCLASS_XEN2, XEN2__GET_SYMBOL, NULL); + default: printk("flask_platform_op: Unknown op %d\n", op); return -EPERM; diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 68284d5..b35a150 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -85,6 +85,8 @@ class xen2 resource_op # XEN_SYSCTL_psr_cmt_op psr_cmt_op +# XENPF_get_symbol + get_symbol } # Classes domain and domain2 consist of operations that a domain performs on -- 1.8.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |