[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v6 2/3] x86/altp2m: Add a hvmop for setting the suppress #VE bit
Introduce a new hvmop, HVMOP_altp2m_set_suppress_ve, which allows a domain to change the value of the #VE suppress bit for a page. Add a libxc wrapper for invoking this hvmop. Signed-off-by: Adrian Pop <apop@xxxxxxxxxxxxxxx> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> Acked-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> --- Changes in v5: - remove the "set_" from struct xen_hvm_altp2m_set_suppress_ve Changes in v4: - fix a deadlock: If p2m_set_suppress_ve() is called on invalid pages the code path wrongly returns without releasing the lock, resulting in a deadlock. - remove the privileged domain check Changes in v3: - fix indentation (Wei Liu) - use return values other than EINVAL where appropriate (Ian Beulich) - remove the irrelevant comments from the xen_hvm_altp2m_set_suppress_ve struct (Ian Beulich) - add comment for the suppress_ve field in the struct above (Ian Beulich) - remove the typedef and DEFINE_XEN_GUEST_HANDLE for xen_hvm_altp2m_set_suppress_ve (Ian Beulich) - use XSM_DM_PRIV check instead of domain->is_privileged (Ian Beulich) Changes in v2: - check if #VE has been enabled on the target domain (Tamas K Lengyel) - check if the cpu has the #VE feature - make the suppress_ve argument boolean (Jan Beulich) - initialize only local variables that need initializing (Jan Beulich) - use fewer local variables (Jan Beulich) - fix indentation (Jan Beulich) - remove unnecessary braces (Jan Beulich) - use gfn_lock() instead of p2m_lock() in the non-altp2m case (Jan Beulich) - merge patch #2 and patch #3 (Jan Beulich) --- tools/libxc/include/xenctrl.h | 2 ++ tools/libxc/xc_altp2m.c | 24 ++++++++++++++ xen/arch/x86/hvm/hvm.c | 14 +++++++++ xen/arch/x86/mm/mem_access.c | 55 +++++++++++++++++++++++++++++++++ xen/include/public/hvm/hvm_op.h | 11 +++++++ xen/include/xen/mem_access.h | 3 ++ 6 files changed, 109 insertions(+) diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h index bb75bcc84d..9b0f55c649 100644 --- a/tools/libxc/include/xenctrl.h +++ b/tools/libxc/include/xenctrl.h @@ -1939,6 +1939,8 @@ int xc_altp2m_destroy_view(xc_interface *handle, uint32_t domid, /* Switch all vCPUs of the domain to the specified altp2m view */ int xc_altp2m_switch_to_view(xc_interface *handle, uint32_t domid, uint16_t view_id); +int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid, + uint16_t view_id, xen_pfn_t gfn, bool sve); int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access); diff --git a/tools/libxc/xc_altp2m.c b/tools/libxc/xc_altp2m.c index ce4a1e4d60..f883d0b392 100644 --- a/tools/libxc/xc_altp2m.c +++ b/tools/libxc/xc_altp2m.c @@ -163,6 +163,30 @@ int xc_altp2m_switch_to_view(xc_interface *handle, uint32_t domid, return rc; } +int xc_altp2m_set_suppress_ve(xc_interface *handle, uint32_t domid, + uint16_t view_id, xen_pfn_t gfn, bool sve) +{ + int rc; + DECLARE_HYPERCALL_BUFFER(xen_hvm_altp2m_op_t, arg); + + arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg)); + if ( arg == NULL ) + return -1; + + arg->version = HVMOP_ALTP2M_INTERFACE_VERSION; + arg->cmd = HVMOP_altp2m_set_suppress_ve; + arg->domain = domid; + arg->u.suppress_ve.view = view_id; + arg->u.suppress_ve.gfn = gfn; + arg->u.suppress_ve.suppress_ve = sve; + + rc = xencall2(handle->xcall, __HYPERVISOR_hvm_op, HVMOP_altp2m, + HYPERCALL_BUFFER_AS_ARG(arg)); + + xc_hypercall_buffer_free(handle, arg); + return rc; +} + int xc_altp2m_set_mem_access(xc_interface *handle, uint32_t domid, uint16_t view_id, xen_pfn_t gfn, xenmem_access_t access) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 062872cb71..e2073b6b03 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4492,6 +4492,7 @@ static int do_altp2m_op( case HVMOP_altp2m_create_p2m: case HVMOP_altp2m_destroy_p2m: case HVMOP_altp2m_switch_p2m: + case HVMOP_altp2m_set_suppress_ve: case HVMOP_altp2m_set_mem_access: case HVMOP_altp2m_set_mem_access_multi: case HVMOP_altp2m_change_gfn: @@ -4609,6 +4610,19 @@ static int do_altp2m_op( rc = p2m_switch_domain_altp2m_by_id(d, a.u.view.view); break; + case HVMOP_altp2m_set_suppress_ve: + if ( a.u.suppress_ve.pad1 || a.u.suppress_ve.pad2 ) + rc = -EINVAL; + else + { + gfn_t gfn = _gfn(a.u.set_mem_access.gfn); + unsigned int altp2m_idx = a.u.set_mem_access.view; + bool suppress_ve = a.u.suppress_ve.suppress_ve; + + rc = p2m_set_suppress_ve(d, gfn, suppress_ve, altp2m_idx); + } + break; + case HVMOP_altp2m_set_mem_access: if ( a.u.set_mem_access.pad ) rc = -EINVAL; diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c index c980f1744d..6ac9ef3575 100644 --- a/xen/arch/x86/mm/mem_access.c +++ b/xen/arch/x86/mm/mem_access.c @@ -501,6 +501,61 @@ void arch_p2m_set_access_required(struct domain *d, bool access_required) } } +/* + * Set/clear the #VE suppress bit for a page. Only available on VMX. + */ +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve, + unsigned int altp2m_idx) +{ + struct p2m_domain *host_p2m = p2m_get_hostp2m(d); + struct p2m_domain *ap2m = NULL; + struct p2m_domain *p2m; + mfn_t mfn; + p2m_access_t a; + p2m_type_t t; + int rc; + + if ( !cpu_has_vmx_virt_exceptions ) + return -EOPNOTSUPP; + + /* #VE should be enabled for this vcpu. */ + if ( gfn_eq(vcpu_altp2m(current).veinfo_gfn, INVALID_GFN) ) + return -ENXIO; + + if ( altp2m_idx > 0 ) + { + if ( altp2m_idx >= MAX_ALTP2M || + d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) ) + return -EINVAL; + + p2m = ap2m = d->arch.altp2m_p2m[altp2m_idx]; + } + else + p2m = host_p2m; + + gfn_lock(host_p2m, gfn, 0); + + if ( ap2m ) + p2m_lock(ap2m); + + mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, NULL, NULL); + if ( !mfn_valid(mfn) ) + { + rc = -ESRCH; + goto out; + } + + rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, suppress_ve); + +out: + if ( ap2m ) + p2m_unlock(ap2m); + + gfn_unlock(host_p2m, gfn, 0); + + return rc; +} + /* * Local variables: * mode: C diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h index bbba99e5f5..14d29d1700 100644 --- a/xen/include/public/hvm/hvm_op.h +++ b/xen/include/public/hvm/hvm_op.h @@ -38,6 +38,14 @@ struct xen_hvm_param { typedef struct xen_hvm_param xen_hvm_param_t; DEFINE_XEN_GUEST_HANDLE(xen_hvm_param_t); +struct xen_hvm_altp2m_suppress_ve { + uint16_t view; + uint8_t suppress_ve; /* Boolean type. */ + uint8_t pad1; + uint32_t pad2; + uint64_t gfn; +}; + #if __XEN_INTERFACE_VERSION__ < 0x00040900 /* Set the logical level of one of a domain's PCI INTx wires. */ @@ -296,6 +304,8 @@ struct xen_hvm_altp2m_op { #define HVMOP_altp2m_change_gfn 8 /* Set access for an array of pages */ #define HVMOP_altp2m_set_mem_access_multi 9 +/* Set the "Suppress #VE" bit on a page */ +#define HVMOP_altp2m_set_suppress_ve 10 domid_t domain; uint16_t pad1; uint32_t pad2; @@ -306,6 +316,7 @@ struct xen_hvm_altp2m_op { struct xen_hvm_altp2m_set_mem_access set_mem_access; struct xen_hvm_altp2m_change_gfn change_gfn; struct xen_hvm_altp2m_set_mem_access_multi set_mem_access_multi; + struct xen_hvm_altp2m_suppress_ve suppress_ve; uint8_t pad[64]; } u; }; diff --git a/xen/include/xen/mem_access.h b/xen/include/xen/mem_access.h index 7e95eab81c..a8d38b90e6 100644 --- a/xen/include/xen/mem_access.h +++ b/xen/include/xen/mem_access.h @@ -72,6 +72,9 @@ long p2m_set_mem_access_multi(struct domain *d, uint32_t nr, uint32_t start, uint32_t mask, unsigned int altp2m_idx); +int p2m_set_suppress_ve(struct domain *d, gfn_t gfn, bool suppress_ve, + unsigned int altp2m_idx); + /* * Get access type for a gfn. * If gfn == INVALID_GFN, gets the default access type. -- 2.18.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |