|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v2 1/2] xen: add interface for obtaining .config from hypervisor
Add a sysctl interface for obtaining the .config file used to build
the hypervisor. The mechanism is inspired by the Linux kernel's one.
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> (apart from XSM changes)
---
V2:
- bump sysctl interface version
- check pad to be zero (Wei Liu)
- only copy data if buffer is large enough (Wei Liu)
- add .gitignore entry at correct position (Wei Liu)
- make xen_config_data_sz const (Jan Beulich)
---
.gitignore | 2 ++
tools/flask/policy/modules/dom0.te | 2 +-
xen/common/Makefile | 7 +++++++
xen/common/sysctl.c | 17 +++++++++++++++++
xen/include/public/sysctl.h | 18 +++++++++++++++++-
xen/include/xen/kernel.h | 3 +++
xen/tools/Makefile | 9 +++++++--
xen/tools/bin2c.c | 28 ++++++++++++++++++++++++++++
xen/xsm/flask/hooks.c | 3 +++
xen/xsm/flask/policy/access_vectors | 2 ++
10 files changed, 87 insertions(+), 4 deletions(-)
create mode 100644 xen/tools/bin2c.c
diff --git a/.gitignore b/.gitignore
index 26bc583f74..b433bce092 100644
--- a/.gitignore
+++ b/.gitignore
@@ -309,6 +309,7 @@ xen/arch/*/efi/boot.c
xen/arch/*/efi/compat.c
xen/arch/*/efi/efi.h
xen/arch/*/efi/runtime.c
+xen/common/config_data.c
xen/include/headers*.chk
xen/include/asm
xen/include/asm-*/asm-offsets.h
@@ -326,6 +327,7 @@ xen/test/livepatch/xen_bye_world.livepatch
xen/test/livepatch/xen_hello_world.livepatch
xen/test/livepatch/xen_nop.livepatch
xen/test/livepatch/xen_replace_world.livepatch
+xen/tools/bin2c
xen/tools/kconfig/.tmp_gtkcheck
xen/tools/kconfig/.tmp_qtcheck
xen/tools/symbols
diff --git a/tools/flask/policy/modules/dom0.te
b/tools/flask/policy/modules/dom0.te
index a347d664f8..b776e9f307 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -16,7 +16,7 @@ allow dom0_t xen_t:xen {
allow dom0_t xen_t:xen2 {
resource_op psr_cmt_op psr_alloc pmu_ctrl get_symbol
get_cpu_levelling_caps get_cpu_featureset livepatch_op
- coverage_op set_parameter
+ coverage_op set_parameter get_config
};
# Allow dom0 to use all XENVER_ subops that have checks.
diff --git a/xen/common/Makefile b/xen/common/Makefile
index bca48e6e22..7d98dad478 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -1,6 +1,7 @@
obj-$(CONFIG_ARGO) += argo.o
obj-y += bitmap.o
obj-y += bsearch.o
+obj-y += config_data.o
obj-$(CONFIG_CORE_PARKING) += core_parking.o
obj-y += cpu.o
obj-y += cpupool.o
@@ -84,3 +85,9 @@ subdir-$(CONFIG_UBSAN) += ubsan
subdir-$(CONFIG_NEEDS_LIBELF) += libelf
subdir-$(CONFIG_HAS_DEVICE_TREE) += libfdt
+
+config_data.c: ../.config
+ ( echo "const char xen_config_data[] ="; \
+ cat $< | gzip | ../tools/bin2c; \
+ echo ";"; \
+ echo "const unsigned int xen_config_data_sz = sizeof(xen_config_data)
- 1;" ) > $@
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index c0aa6bde4e..7d4329882d 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -13,6 +13,7 @@
#include <xen/domain.h>
#include <xen/event.h>
#include <xen/domain_page.h>
+#include <xen/kernel.h>
#include <xen/tmem.h>
#include <xen/trace.h>
#include <xen/console.h>
@@ -502,6 +503,22 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
break;
}
+ case XEN_SYSCTL_get_config:
+ {
+ if ( op->u.get_config.pad )
+ {
+ ret = -EINVAL;
+ break;
+ }
+ if ( xen_config_data_sz <= op->u.get_config.size &&
+ copy_to_guest(op->u.get_config.buffer, xen_config_data,
+ xen_config_data_sz) )
+ ret = -EFAULT;
+ op->u.get_config.size = xen_config_data_sz;
+
+ break;
+ }
+
default:
ret = arch_do_sysctl(op, u_sysctl);
copyback = 0;
diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h
index c49b4dcc99..6139321971 100644
--- a/xen/include/public/sysctl.h
+++ b/xen/include/public/sysctl.h
@@ -36,7 +36,7 @@
#include "physdev.h"
#include "tmem.h"
-#define XEN_SYSCTL_INTERFACE_VERSION 0x00000012
+#define XEN_SYSCTL_INTERFACE_VERSION 0x00000013
/*
* Read console content from Xen buffer ring.
@@ -1100,6 +1100,20 @@ typedef struct xen_sysctl_cpu_policy
xen_sysctl_cpu_policy_t;
DEFINE_XEN_GUEST_HANDLE(xen_sysctl_cpu_policy_t);
#endif
+/*
+ * XEN_SYSCTL_get_config
+ *
+ * Return gzip-ed .config file
+ */
+struct xen_sysctl_get_config {
+ XEN_GUEST_HANDLE_64(char) buffer; /* IN: pointer to buffer. */
+ uint32_t size; /* IN: size of buffer. */
+ /* OUT: size of config data. */
+ uint32_t pad; /* IN: MUST be zero. */
+};
+typedef struct xen_sysctl_get_config xen_sysctl_get_config_t;
+DEFINE_XEN_GUEST_HANDLE(xen_sysctl_get_config_t);
+
struct xen_sysctl {
uint32_t cmd;
#define XEN_SYSCTL_readconsole 1
@@ -1130,6 +1144,7 @@ struct xen_sysctl {
#define XEN_SYSCTL_livepatch_op 27
#define XEN_SYSCTL_set_parameter 28
#define XEN_SYSCTL_get_cpu_policy 29
+#define XEN_SYSCTL_get_config 30
uint32_t interface_version; /* XEN_SYSCTL_INTERFACE_VERSION */
union {
struct xen_sysctl_readconsole readconsole;
@@ -1162,6 +1177,7 @@ struct xen_sysctl {
#if defined(__i386__) || defined(__x86_64__)
struct xen_sysctl_cpu_policy cpu_policy;
#endif
+ struct xen_sysctl_get_config get_config;
uint8_t pad[128];
} u;
};
diff --git a/xen/include/xen/kernel.h b/xen/include/xen/kernel.h
index 548b64da9f..043a401659 100644
--- a/xen/include/xen/kernel.h
+++ b/xen/include/xen/kernel.h
@@ -100,5 +100,8 @@ extern enum system_state {
bool_t is_active_kernel_text(unsigned long addr);
+extern const char xen_config_data[];
+extern unsigned int xen_config_data_sz;
+
#endif /* _LINUX_KERNEL_H */
diff --git a/xen/tools/Makefile b/xen/tools/Makefile
index e940939d61..cd2bbbf647 100644
--- a/xen/tools/Makefile
+++ b/xen/tools/Makefile
@@ -1,13 +1,18 @@
include $(XEN_ROOT)/Config.mk
+PROGS = symbols bin2c
+
.PHONY: default
default:
- $(MAKE) symbols
+ $(MAKE) $(PROGS)
.PHONY: clean
clean:
- rm -f *.o symbols
+ rm -f *.o $(PROGS)
symbols: symbols.c
$(HOSTCC) $(HOSTCFLAGS) -o $@ $<
+
+bin2c: bin2c.c
+ $(HOSTCC) $(HOSTCFLAGS) -o $@ $<
diff --git a/xen/tools/bin2c.c b/xen/tools/bin2c.c
new file mode 100644
index 0000000000..c332399b70
--- /dev/null
+++ b/xen/tools/bin2c.c
@@ -0,0 +1,28 @@
+/*
+ * Unloved program to convert a binary on stdin to a C include on stdout
+ *
+ * Jan 1999 Matt Mackall <mpm@xxxxxxxxxxx>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+ int ch, total = 0;
+
+ do {
+ printf("\t\"");
+ while ((ch = getchar()) != EOF) {
+ total++;
+ printf("\\x%02x", ch);
+ if (total % 16 == 0)
+ break;
+ }
+ printf("\"\n");
+ } while (ch != EOF);
+
+ return 0;
+}
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 3d00c747f6..1f3fa6ea56 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -830,6 +830,9 @@ static int flask_sysctl(int cmd)
case XEN_SYSCTL_set_parameter:
return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
XEN2__SET_PARAMETER, NULL);
+ case XEN_SYSCTL_get_config:
+ return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2,
+ XEN2__GET_CONFIG, NULL);
default:
return avc_unknown_permission("sysctl", cmd);
diff --git a/xen/xsm/flask/policy/access_vectors
b/xen/xsm/flask/policy/access_vectors
index e00448b776..d560fdc463 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -103,6 +103,8 @@ class xen2
coverage_op
# XEN_SYSCTL_set_parameter
set_parameter
+# XEN_SYSCTL_get_config
+ get_config
}
# Classes domain and domain2 consist of operations that a domain performs on
--
2.16.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |