[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6] x86/hvm: Allow guest_request vm_events coming from userspace

To: Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>
From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
Date: Fri, 18 Aug 2017 12:12:39 -0600
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, "wei.liu2@xxxxxxxxxx" <wei.liu2@xxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Fri, 18 Aug 2017 18:13:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, Aug 17, 2017 at 5:50 AM, Alexandru Isaila
<aisaila@xxxxxxxxxxxxxxx> wrote:
> In some introspection usecases, an in-guest agent needs to communicate
> with the external introspection agent.  An existing mechanism is
> HVMOP_guest_request_vm_event, but this is restricted to kernel usecases
> like all other hypercalls.
>
> Introduce a mechanism whereby the introspection agent can whitelist the
> use of HVMOP_guest_request_vm_event directly from userspace.
>
> Signed-off-by: Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>

Acked-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

>
> ---
> Changes since V5:
>         - Added the bool allow_userspace to the xc_monitor_guest_request
>          function
> ---
>  tools/libxc/include/xenctrl.h |  2 +-
>  tools/libxc/xc_monitor.c      |  3 ++-
>  xen/arch/x86/hvm/hypercall.c  |  5 +++++
>  xen/common/monitor.c          |  1 +
>  xen/include/asm-x86/domain.h  | 19 ++++++++++---------
>  xen/include/public/domctl.h   |  1 +
>  6 files changed, 20 insertions(+), 11 deletions(-)
>
> diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
> index bde8313..a3d0929 100644
> --- a/tools/libxc/include/xenctrl.h
> +++ b/tools/libxc/include/xenctrl.h
> @@ -2021,7 +2021,7 @@ int xc_monitor_software_breakpoint(xc_interface *xch, 
> domid_t domain_id,
>  int xc_monitor_descriptor_access(xc_interface *xch, domid_t domain_id,
>                                   bool enable);
>  int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id,
> -                             bool enable, bool sync);
> +                             bool enable, bool sync, bool allow_userspace);
>  int xc_monitor_debug_exceptions(xc_interface *xch, domid_t domain_id,
>                                  bool enable, bool sync);
>  int xc_monitor_cpuid(xc_interface *xch, domid_t domain_id, bool enable);
> diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c
> index b44ce93..a677820 100644
> --- a/tools/libxc/xc_monitor.c
> +++ b/tools/libxc/xc_monitor.c
> @@ -147,7 +147,7 @@ int xc_monitor_descriptor_access(xc_interface *xch, 
> domid_t domain_id,
>  }
>
>  int xc_monitor_guest_request(xc_interface *xch, domid_t domain_id, bool 
> enable,
> -                             bool sync)
> +                             bool sync, bool allow_userspace)
>  {
>      DECLARE_DOMCTL;
>
> @@ -157,6 +157,7 @@ int xc_monitor_guest_request(xc_interface *xch, domid_t 
> domain_id, bool enable,
>                                      : XEN_DOMCTL_MONITOR_OP_DISABLE;
>      domctl.u.monitor_op.event = XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST;
>      domctl.u.monitor_op.u.guest_request.sync = sync;
> +    domctl.u.monitor_op.u.guest_request.allow_userspace = enable ? 
> allow_userspace : false;
>
>      return do_domctl(xch, &domctl);
>  }
> diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c
> index e7238ce..5742dd1 100644
> --- a/xen/arch/x86/hvm/hypercall.c
> +++ b/xen/arch/x86/hvm/hypercall.c
> @@ -155,6 +155,11 @@ int hvm_hypercall(struct cpu_user_regs *regs)
>          /* Fallthrough to permission check. */
>      case 4:
>      case 2:
> +        if ( currd->arch.monitor.guest_request_userspace_enabled &&
> +            eax == __HYPERVISOR_hvm_op &&
> +            (mode == 8 ? regs->rdi : regs->ebx) == 
> HVMOP_guest_request_vm_event )
> +            break;
> +
>          if ( unlikely(hvm_get_cpl(curr)) )
>          {
>      default:
> diff --git a/xen/common/monitor.c b/xen/common/monitor.c
> index 451f42f..20463e0 100644
> --- a/xen/common/monitor.c
> +++ b/xen/common/monitor.c
> @@ -75,6 +75,7 @@ int monitor_domctl(struct domain *d, struct 
> xen_domctl_monitor_op *mop)
>          domain_pause(d);
>          d->monitor.guest_request_sync = mop->u.guest_request.sync;
>          d->monitor.guest_request_enabled = requested_status;
> +        d->arch.monitor.guest_request_userspace_enabled = 
> mop->u.guest_request.allow_userspace;
>          domain_unpause(d);
>          break;
>      }
> diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
> index c10522b..de02507 100644
> --- a/xen/include/asm-x86/domain.h
> +++ b/xen/include/asm-x86/domain.h
> @@ -396,15 +396,16 @@ struct arch_domain
>
>      /* Arch-specific monitor options */
>      struct {
> -        unsigned int write_ctrlreg_enabled       : 4;
> -        unsigned int write_ctrlreg_sync          : 4;
> -        unsigned int write_ctrlreg_onchangeonly  : 4;
> -        unsigned int singlestep_enabled          : 1;
> -        unsigned int software_breakpoint_enabled : 1;
> -        unsigned int debug_exception_enabled     : 1;
> -        unsigned int debug_exception_sync        : 1;
> -        unsigned int cpuid_enabled               : 1;
> -        unsigned int descriptor_access_enabled   : 1;
> +        unsigned int write_ctrlreg_enabled                                 : 
> 4;
> +        unsigned int write_ctrlreg_sync                                    : 
> 4;
> +        unsigned int write_ctrlreg_onchangeonly                            : 
> 4;
> +        unsigned int singlestep_enabled                                    : 
> 1;
> +        unsigned int software_breakpoint_enabled                           : 
> 1;
> +        unsigned int debug_exception_enabled                               : 
> 1;
> +        unsigned int debug_exception_sync                                  : 
> 1;
> +        unsigned int cpuid_enabled                                         : 
> 1;
> +        unsigned int descriptor_access_enabled                             : 
> 1;
> +        unsigned int guest_request_userspace_enabled                       : 
> 1;
>          struct monitor_msr_bitmap *msr_bitmap;
>          uint64_t write_ctrlreg_mask[4];
>      } monitor;
> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
> index ff39762..5997c52 100644
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -1124,6 +1124,7 @@ struct xen_domctl_monitor_op {
>          struct {
>              /* Pause vCPU until response */
>              uint8_t sync;
> +            uint8_t allow_userspace;
>          } guest_request;
>
>          struct {
> --
> 2.7.4

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v6] x86/hvm: Allow guest_request vm_events coming from userspace
  - From: Alexandru Isaila

Prev by Date: [Xen-devel] [xen-4.7-testing test] 112685: regressions - trouble: blocked/broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH for-2.10 v3 2/3] hw/acpi: Move acpi_set_pci_info to pcihp
Previous by thread: [Xen-devel] [PATCH v6] x86/hvm: Allow guest_request vm_events coming from userspace
Next by thread: Re: [Xen-devel] [PATCH v6] x86/hvm: Allow guest_request vm_events coming from userspace
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.