[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 1/2] xen: add interface for obtaining .config from hypervisor

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Juergen Gross <jgross@xxxxxxxx>
Date: Thu, 17 Jan 2019 15:57:21 +0100
Cc: Juergen Gross <jgross@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Thu, 17 Jan 2019 14:57:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Add a sysctl interface for obtaining the .config file used to build
the hypervisor. The mechanism is inspired by the Linux kernel's one.

Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
 .gitignore                          |  2 ++
 tools/flask/policy/modules/dom0.te  |  2 +-
 xen/common/Makefile                 |  7 +++++++
 xen/common/sysctl.c                 | 13 +++++++++++++
 xen/include/public/sysctl.h         | 16 ++++++++++++++++
 xen/include/xen/kernel.h            |  3 +++
 xen/tools/Makefile                  |  9 +++++++--
 xen/tools/bin2c.c                   | 28 ++++++++++++++++++++++++++++
 xen/xsm/flask/hooks.c               |  3 +++
 xen/xsm/flask/policy/access_vectors |  2 ++
 10 files changed, 82 insertions(+), 3 deletions(-)
 create mode 100644 xen/tools/bin2c.c

diff --git a/.gitignore b/.gitignore
index 26bc583f74..549b57020f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -309,6 +309,7 @@ xen/arch/*/efi/boot.c
 xen/arch/*/efi/compat.c
 xen/arch/*/efi/efi.h
 xen/arch/*/efi/runtime.c
+xen/common/config_data.c
 xen/include/headers*.chk
 xen/include/asm
 xen/include/asm-*/asm-offsets.h
@@ -328,6 +329,7 @@ xen/test/livepatch/xen_nop.livepatch
 xen/test/livepatch/xen_replace_world.livepatch
 xen/tools/kconfig/.tmp_gtkcheck
 xen/tools/kconfig/.tmp_qtcheck
+xen/tools/bin2c
 xen/tools/symbols
 xen/xsm/flask/include/av_perm_to_string.h
 xen/xsm/flask/include/av_permissions.h
diff --git a/tools/flask/policy/modules/dom0.te 
b/tools/flask/policy/modules/dom0.te
index a347d664f8..b776e9f307 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -16,7 +16,7 @@ allow dom0_t xen_t:xen {
 allow dom0_t xen_t:xen2 {
        resource_op psr_cmt_op psr_alloc pmu_ctrl get_symbol
        get_cpu_levelling_caps get_cpu_featureset livepatch_op
-       coverage_op set_parameter
+       coverage_op set_parameter get_config
 };
 
 # Allow dom0 to use all XENVER_ subops that have checks.
diff --git a/xen/common/Makefile b/xen/common/Makefile
index 56fc201b6b..b375a49ed7 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -1,5 +1,6 @@
 obj-y += bitmap.o
 obj-y += bsearch.o
+obj-y += config_data.o
 obj-$(CONFIG_CORE_PARKING) += core_parking.o
 obj-y += cpu.o
 obj-y += cpupool.o
@@ -83,3 +84,9 @@ subdir-$(CONFIG_UBSAN) += ubsan
 
 subdir-$(CONFIG_NEEDS_LIBELF) += libelf
 subdir-$(CONFIG_HAS_DEVICE_TREE) += libfdt
+
+config_data.c: ../.config
+       ( echo "const char xen_config_data[] ="; \
+         cat $< | gzip | ../tools/bin2c; \
+         echo ";"; \
+         echo "unsigned int xen_config_data_sz = sizeof(xen_config_data) - 1;" 
) > $@
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index c0aa6bde4e..6b6608f67b 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -13,6 +13,7 @@
 #include <xen/domain.h>
 #include <xen/event.h>
 #include <xen/domain_page.h>
+#include <xen/kernel.h>
 #include <xen/tmem.h>
 #include <xen/trace.h>
 #include <xen/console.h>
@@ -502,6 +503,18 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) 
u_sysctl)
         break;
     }
 
+    case XEN_SYSCTL_get_config:
+    {
+        unsigned int size = min(op->u.get_config.size, xen_config_data_sz);
+
+        if ( size &&
+             copy_to_guest(op->u.get_config.buffer, xen_config_data, size) )
+            ret = -EFAULT;
+        op->u.get_config.size = xen_config_data_sz;
+
+        break;
+    }
+
     default:
         ret = arch_do_sysctl(op, u_sysctl);
         copyback = 0;
diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h
index c49b4dcc99..fb5d93a242 100644
--- a/xen/include/public/sysctl.h
+++ b/xen/include/public/sysctl.h
@@ -1100,6 +1100,20 @@ typedef struct xen_sysctl_cpu_policy 
xen_sysctl_cpu_policy_t;
 DEFINE_XEN_GUEST_HANDLE(xen_sysctl_cpu_policy_t);
 #endif
 
+/*
+ * XEN_SYSCTL_get_config
+ *
+ * Return gzip-ed .config file
+ */
+struct xen_sysctl_get_config {
+    XEN_GUEST_HANDLE_64(char) buffer;   /* IN: pointer to buffer. */
+    uint32_t size;                      /* IN: size of buffer. */
+                                        /* OUT: size of config data. */
+    uint32_t pad;                       /* IN: MUST be zero. */
+};
+typedef struct xen_sysctl_get_config xen_sysctl_get_config_t;
+DEFINE_XEN_GUEST_HANDLE(xen_sysctl_get_config_t);
+
 struct xen_sysctl {
     uint32_t cmd;
 #define XEN_SYSCTL_readconsole                    1
@@ -1130,6 +1144,7 @@ struct xen_sysctl {
 #define XEN_SYSCTL_livepatch_op                  27
 #define XEN_SYSCTL_set_parameter                 28
 #define XEN_SYSCTL_get_cpu_policy                29
+#define XEN_SYSCTL_get_config                    30
     uint32_t interface_version; /* XEN_SYSCTL_INTERFACE_VERSION */
     union {
         struct xen_sysctl_readconsole       readconsole;
@@ -1162,6 +1177,7 @@ struct xen_sysctl {
 #if defined(__i386__) || defined(__x86_64__)
         struct xen_sysctl_cpu_policy        cpu_policy;
 #endif
+        struct xen_sysctl_get_config        get_config;
         uint8_t                             pad[128];
     } u;
 };
diff --git a/xen/include/xen/kernel.h b/xen/include/xen/kernel.h
index 548b64da9f..043a401659 100644
--- a/xen/include/xen/kernel.h
+++ b/xen/include/xen/kernel.h
@@ -100,5 +100,8 @@ extern enum system_state {
 
 bool_t is_active_kernel_text(unsigned long addr);
 
+extern const char xen_config_data[];
+extern unsigned int xen_config_data_sz;
+
 #endif /* _LINUX_KERNEL_H */
 
diff --git a/xen/tools/Makefile b/xen/tools/Makefile
index e940939d61..cd2bbbf647 100644
--- a/xen/tools/Makefile
+++ b/xen/tools/Makefile
@@ -1,13 +1,18 @@
 
 include $(XEN_ROOT)/Config.mk
 
+PROGS = symbols bin2c
+
 .PHONY: default
 default:
-       $(MAKE) symbols
+       $(MAKE) $(PROGS)
 
 .PHONY: clean
 clean:
-       rm -f *.o symbols
+       rm -f *.o $(PROGS)
 
 symbols: symbols.c
        $(HOSTCC) $(HOSTCFLAGS) -o $@ $<
+
+bin2c: bin2c.c
+       $(HOSTCC) $(HOSTCFLAGS) -o $@ $<
diff --git a/xen/tools/bin2c.c b/xen/tools/bin2c.c
new file mode 100644
index 0000000000..c332399b70
--- /dev/null
+++ b/xen/tools/bin2c.c
@@ -0,0 +1,28 @@
+/*
+ * Unloved program to convert a binary on stdin to a C include on stdout
+ *
+ * Jan 1999 Matt Mackall <mpm@xxxxxxxxxxx>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+       int ch, total = 0;
+
+       do {
+               printf("\t\"");
+               while ((ch = getchar()) != EOF) {
+                       total++;
+                       printf("\\x%02x", ch);
+                       if (total % 16 == 0)
+                               break;
+               }
+               printf("\"\n");
+       } while (ch != EOF);
+
+       return 0;
+}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 96d31aaf08..f3a1d5e62c 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -828,6 +828,9 @@ static int flask_sysctl(int cmd)
     case XEN_SYSCTL_set_parameter:
         return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
                                     XEN2__SET_PARAMETER, NULL);
+    case XEN_SYSCTL_get_config:
+        return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
+                                    XEN2__GET_CONFIG, NULL);
 
     default:
         return avc_unknown_permission("sysctl", cmd);
diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
index 6fecfdaa83..82112694b9 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -103,6 +103,8 @@ class xen2
     coverage_op
 # XEN_SYSCTL_set_parameter
     set_parameter
+# XEN_SYSCTL_get_config
+    get_config
 }
 
 # Classes domain and domain2 consist of operations that a domain performs on
-- 
2.16.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/2] xen: add interface for obtaining .config from hypervisor
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/2] xen: add interface for obtaining .config from hypervisor
  - From: Wei Liu

References:
- [Xen-devel] [PATCH 0/2] add xl command to get hypervisor .config
  - From: Juergen Gross

Prev by Date: [Xen-devel] [PATCH 0/2] add xl command to get hypervisor .config
Next by Date: [Xen-devel] [PATCH 2/2] tools: add new xl command get-config for getting hypervisor config
Previous by thread: [Xen-devel] [PATCH 0/2] add xl command to get hypervisor .config
Next by thread: Re: [Xen-devel] [PATCH 1/2] xen: add interface for obtaining .config from hypervisor
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.