[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5] vm_event: Implement ARM SMC events



On Wed, 28 Sep 2016, Tamas K Lengyel wrote:
> The ARM SMC instructions are already configured to trap to Xen by default. In
> this patch we allow a user-space process in a privileged domain to receive
> notification of when such event happens through the vm_event subsystem by
> introducing the PRIVILEGED_CALL type.
> 
> The intended use-case for this feature is for a monitor application to be able
> insert tap-points into the domU kernel-code. For this task only unconditional
> SMC instruction should be used.
> 
> Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> Acked-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>


> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> Cc: Julien Grall <julien.grall@xxxxxxx>
> 
> v5: Only check if monitor.privileged_call_enabled is set once
> ---
>  tools/libxc/include/xenctrl.h       |  2 +
>  tools/libxc/xc_monitor.c            | 14 +++++++
>  tools/tests/xen-access/xen-access.c | 30 +++++++++++++++
>  xen/arch/arm/Makefile               |  1 +
>  xen/arch/arm/monitor.c              | 76 
> +++++++++++++++++++++++++++++++++++++
>  xen/arch/arm/traps.c                | 16 +++++++-
>  xen/include/asm-arm/domain.h        |  5 +++
>  xen/include/asm-arm/monitor.h       | 18 +++------
>  xen/include/public/domctl.h         |  1 +
>  xen/include/public/vm_event.h       |  7 ++++
>  10 files changed, 155 insertions(+), 15 deletions(-)
>  create mode 100644 xen/arch/arm/monitor.c
> 
> diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
> index 560ce7b..eb53172 100644
> --- a/tools/libxc/include/xenctrl.h
> +++ b/tools/libxc/include/xenctrl.h
> @@ -2168,6 +2168,8 @@ int xc_monitor_guest_request(xc_interface *xch, domid_t 
> domain_id,
>  int xc_monitor_debug_exceptions(xc_interface *xch, domid_t domain_id,
>                                  bool enable, bool sync);
>  int xc_monitor_cpuid(xc_interface *xch, domid_t domain_id, bool enable);
> +int xc_monitor_privileged_call(xc_interface *xch, domid_t domain_id,
> +                               bool enable);
>  /**
>   * This function enables / disables emulation for each REP for a
>   * REP-compatible instruction.
> diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c
> index 4298813..15a7c32 100644
> --- a/tools/libxc/xc_monitor.c
> +++ b/tools/libxc/xc_monitor.c
> @@ -185,6 +185,20 @@ int xc_monitor_cpuid(xc_interface *xch, domid_t 
> domain_id, bool enable)
>      return do_domctl(xch, &domctl);
>  }
>  
> +int xc_monitor_privileged_call(xc_interface *xch, domid_t domain_id,
> +                               bool enable)
> +{
> +    DECLARE_DOMCTL;
> +
> +    domctl.cmd = XEN_DOMCTL_monitor_op;
> +    domctl.domain = domain_id;
> +    domctl.u.monitor_op.op = enable ? XEN_DOMCTL_MONITOR_OP_ENABLE
> +                                    : XEN_DOMCTL_MONITOR_OP_DISABLE;
> +    domctl.u.monitor_op.event = XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL;
> +
> +    return do_domctl(xch, &domctl);
> +}
> +
>  /*
>   * Local variables:
>   * mode: C
> diff --git a/tools/tests/xen-access/xen-access.c 
> b/tools/tests/xen-access/xen-access.c
> index ed18c71..9d4f957 100644
> --- a/tools/tests/xen-access/xen-access.c
> +++ b/tools/tests/xen-access/xen-access.c
> @@ -338,6 +338,8 @@ void usage(char* progname)
>      fprintf(stderr, "Usage: %s [-m] <domain_id> write|exec", progname);
>  #if defined(__i386__) || defined(__x86_64__)
>              fprintf(stderr, 
> "|breakpoint|altp2m_write|altp2m_exec|debug|cpuid");
> +#elif defined(__arm__) || defined(__aarch64__)
> +            fprintf(stderr, "|privcall");
>  #endif
>              fprintf(stderr,
>              "\n"
> @@ -362,6 +364,7 @@ int main(int argc, char *argv[])
>      int required = 0;
>      int breakpoint = 0;
>      int shutting_down = 0;
> +    int privcall = 0;
>      int altp2m = 0;
>      int debug = 0;
>      int cpuid = 0;
> @@ -431,6 +434,11 @@ int main(int argc, char *argv[])
>      {
>          cpuid = 1;
>      }
> +#elif defined(__arm__) || defined(__aarch64__)
> +    else if ( !strcmp(argv[0], "privcall") )
> +    {
> +        privcall = 1;
> +    }
>  #endif
>      else
>      {
> @@ -563,6 +571,16 @@ int main(int argc, char *argv[])
>          }
>      }
>  
> +    if ( privcall )
> +    {
> +        rc = xc_monitor_privileged_call(xch, domain_id, 1);
> +        if ( rc < 0 )
> +        {
> +            ERROR("Error %d setting privileged call trapping with 
> vm_event\n", rc);
> +            goto exit;
> +        }
> +    }
> +
>      /* Wait for access */
>      for (;;)
>      {
> @@ -578,6 +596,9 @@ int main(int argc, char *argv[])
>              if ( cpuid )
>                  rc = xc_monitor_cpuid(xch, domain_id, 0);
>  
> +            if ( privcall )
> +                rc = xc_monitor_privileged_call(xch, domain_id, 0);
> +
>              if ( altp2m )
>              {
>                  rc = xc_altp2m_switch_to_view( xch, domain_id, 0 );
> @@ -695,6 +716,15 @@ int main(int argc, char *argv[])
>                      continue;
>                  }
>                  break;
> +            case VM_EVENT_REASON_PRIVILEGED_CALL:
> +                printf("Privileged call: pc=%"PRIx64" (vcpu %d)\n",
> +                       req.data.regs.arm.pc,
> +                       req.vcpu_id);
> +
> +                rsp.data.regs.arm = req.data.regs.arm;
> +                rsp.data.regs.arm.pc += 4;
> +                rsp.flags |= VM_EVENT_FLAG_SET_REGISTERS;
> +                break;
>              case VM_EVENT_REASON_SINGLESTEP:
>                  printf("Singlestep: rip=%016"PRIx64", vcpu %d, altp2m %u\n",
>                         req.data.regs.x86.rip,
> diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile
> index 64fdf41..b140d7e 100644
> --- a/xen/arch/arm/Makefile
> +++ b/xen/arch/arm/Makefile
> @@ -25,6 +25,7 @@ obj-y += irq.o
>  obj-y += kernel.o
>  obj-$(CONFIG_LIVEPATCH) += livepatch.o
>  obj-y += mm.o
> +obj-y += monitor.o
>  obj-y += p2m.o
>  obj-y += percpu.o
>  obj-y += platform.o
> diff --git a/xen/arch/arm/monitor.c b/xen/arch/arm/monitor.c
> new file mode 100644
> index 0000000..59ce8f6
> --- /dev/null
> +++ b/xen/arch/arm/monitor.c
> @@ -0,0 +1,76 @@
> +/*
> + * arch/arm/monitor.c
> + *
> + * Arch-specific monitor_op domctl handler.
> + *
> + * Copyright (c) 2016 Tamas K Lengyel (tamas.lengyel@xxxxxxxxxxxx)
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public
> + * License v2 as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public
> + * License along with this program; If not, see 
> <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <xen/vm_event.h>
> +#include <xen/monitor.h>
> +#include <asm/monitor.h>
> +#include <asm/vm_event.h>
> +#include <public/vm_event.h>
> +
> +int arch_monitor_domctl_event(struct domain *d,
> +                              struct xen_domctl_monitor_op *mop)
> +{
> +    struct arch_domain *ad = &d->arch;
> +    bool_t requested_status = (XEN_DOMCTL_MONITOR_OP_ENABLE == mop->op);
> +
> +    switch ( mop->event )
> +    {
> +    case XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL:
> +    {
> +        bool_t old_status = ad->monitor.privileged_call_enabled;
> +
> +        if ( unlikely(old_status == requested_status) )
> +            return -EEXIST;
> +
> +        domain_pause(d);
> +        ad->monitor.privileged_call_enabled = requested_status;
> +        domain_unpause(d);
> +        break;
> +    }
> +
> +    default:
> +        /*
> +         * Should not be reached unless arch_monitor_get_capabilities() is
> +         * not properly implemented.
> +         */
> +        ASSERT_UNREACHABLE();
> +        return -EOPNOTSUPP;
> +    }
> +
> +    return 0;
> +}
> +
> +int monitor_smc(void)
> +{
> +    vm_event_request_t req = {
> +        .reason = VM_EVENT_REASON_PRIVILEGED_CALL
> +    };
> +
> +    return monitor_traps(current, 1, &req);
> +}
> +
> +/*
> + * Local variables:
> + * mode: C
> + * c-file-style: "BSD"
> + * c-basic-offset: 4
> + * indent-tabs-mode: nil
> + * End:
> + */
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 39a05fd..3555a28 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -41,6 +41,7 @@
>  #include <asm/mmio.h>
>  #include <asm/cpufeature.h>
>  #include <asm/flushtlb.h>
> +#include <asm/monitor.h>
>  
>  #include "decode.h"
>  #include "vtimer.h"
> @@ -2527,6 +2528,17 @@ bad_data_abort:
>      inject_dabt_exception(regs, info.gva, hsr.len);
>  }
>  
> +static void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr)
> +{
> +    int rc = 0;
> +
> +    if ( current->domain->arch.monitor.privileged_call_enabled )
> +        rc = monitor_smc();
> +
> +    if ( rc != 1 )
> +        inject_undef_exception(regs, hsr);
> +}
> +
>  static void enter_hypervisor_head(struct cpu_user_regs *regs)
>  {
>      if ( guest_mode(regs) )
> @@ -2602,7 +2614,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs 
> *regs)
>           */
>          GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>          perfc_incr(trap_smc32);
> -        inject_undef32_exception(regs);
> +        do_trap_smc(regs, hsr);
>          break;
>      case HSR_EC_HVC32:
>          GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
> @@ -2635,7 +2647,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs 
> *regs)
>           */
>          GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
>          perfc_incr(trap_smc64);
> -        inject_undef64_exception(regs, hsr.len);
> +        do_trap_smc(regs, hsr);
>          break;
>      case HSR_EC_SYSREG:
>          GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
> diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
> index 9452fcd..2d6fbb1 100644
> --- a/xen/include/asm-arm/domain.h
> +++ b/xen/include/asm-arm/domain.h
> @@ -126,6 +126,11 @@ struct arch_domain
>      paddr_t efi_acpi_gpa;
>      paddr_t efi_acpi_len;
>  #endif
> +
> +    /* Monitor options */
> +    struct {
> +        uint8_t privileged_call_enabled : 1;
> +    } monitor;
>  }  __cacheline_aligned;
>  
>  struct arch_vcpu
> diff --git a/xen/include/asm-arm/monitor.h b/xen/include/asm-arm/monitor.h
> index 4af707a..1c4fea3 100644
> --- a/xen/include/asm-arm/monitor.h
> +++ b/xen/include/asm-arm/monitor.h
> @@ -32,19 +32,8 @@ int arch_monitor_domctl_op(struct domain *d, struct 
> xen_domctl_monitor_op *mop)
>      return -EOPNOTSUPP;
>  }
>  
> -static inline
>  int arch_monitor_domctl_event(struct domain *d,
> -                              struct xen_domctl_monitor_op *mop)
> -{
> -    /*
> -     * No arch-specific monitor vm-events on ARM.
> -     *
> -     * Should not be reached unless arch_monitor_get_capabilities() is not
> -     * properly implemented.
> -     */
> -    ASSERT_UNREACHABLE();
> -    return -EOPNOTSUPP;
> -}
> +                              struct xen_domctl_monitor_op *mop);
>  
>  static inline
>  int arch_monitor_init_domain(struct domain *d)
> @@ -63,9 +52,12 @@ static inline uint32_t 
> arch_monitor_get_capabilities(struct domain *d)
>  {
>      uint32_t capabilities = 0;
>  
> -    capabilities = (1U << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST);
> +    capabilities = (1U << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST |
> +                    1U << XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL);
>  
>      return capabilities;
>  }
>  
> +int monitor_smc(void);
> +
>  #endif /* __ASM_ARM_MONITOR_H__ */
> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
> index ddd3de4..177319d 100644
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -1085,6 +1085,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cmt_op_t);
>  #define XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST         4
>  #define XEN_DOMCTL_MONITOR_EVENT_DEBUG_EXCEPTION       5
>  #define XEN_DOMCTL_MONITOR_EVENT_CPUID                 6
> +#define XEN_DOMCTL_MONITOR_EVENT_PRIVILEGED_CALL       7
>  
>  struct xen_domctl_monitor_op {
>      uint32_t op; /* XEN_DOMCTL_MONITOR_OP_* */
> diff --git a/xen/include/public/vm_event.h b/xen/include/public/vm_event.h
> index f756126..b251f68 100644
> --- a/xen/include/public/vm_event.h
> +++ b/xen/include/public/vm_event.h
> @@ -124,6 +124,13 @@
>  #define VM_EVENT_REASON_DEBUG_EXCEPTION         9
>  /* CPUID executed */
>  #define VM_EVENT_REASON_CPUID                   10
> +/*
> + * Privileged call executed (e.g. SMC).
> + * Note: event may be generated even if SMC condition check fails on some 
> CPUs.
> + *       As this behavior is CPU-specific, users are advised to not rely on 
> it.
> + *       These kinds of events will be filtered out in future versions.
> + */
> +#define VM_EVENT_REASON_PRIVILEGED_CALL         11
>  
>  /* Supported values for the vm_event_write_ctrlreg index. */
>  #define VM_EVENT_X86_CR0    0
> -- 
> 2.9.3
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.