[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 10/13] x86/domctl: Implement XEN_DOMCTL_get_cpumsr_policy



From: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>

This finally (after literally years of work!) marks the point where the
toolstack can ask the hypervisor for the current CPUID configuration of a
specific domain.

Also extend xen-cpuid's --policy mode to be able to take a domid and dump a
specific domains CPUID and MSR policy.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/libxc/include/xenctrl.h       |  3 ++
 tools/libxc/xc_cpuid_x86.c          | 40 +++++++++++++++++++++++
 tools/misc/xen-cpuid.c              | 64 +++++++++++++++++++++++++++++++------
 xen/arch/x86/domctl.c               | 46 ++++++++++++++++++++++++++
 xen/include/public/domctl.h         | 18 +++++++++++
 xen/xsm/flask/hooks.c               |  1 +
 xen/xsm/flask/policy/access_vectors |  1 +
 7 files changed, 164 insertions(+), 9 deletions(-)

diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index d1f0925c..15d2b92 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -2541,6 +2541,9 @@ int xc_get_cpumsr_policy_size(xc_interface *xch, uint32_t 
*nr_leaves,
 int xc_get_system_cpumsr_policy(xc_interface *xch, uint32_t index,
                                 uint32_t *nr_leaves, xen_cpuid_leaf_t *leaves,
                                 uint32_t *nr_msrs, xen_msr_entry_t *msrs);
+int xc_get_domain_cpumsr_policy(xc_interface *xch, uint32_t domid,
+                                uint32_t *nr_leaves, xen_cpuid_leaf_t *leaves,
+                                uint32_t *nr_msrs, xen_msr_entry_t *msrs);
 
 uint32_t xc_get_cpu_featureset_size(void);
 
diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
index ce2a584..efbac77 100644
--- a/tools/libxc/xc_cpuid_x86.c
+++ b/tools/libxc/xc_cpuid_x86.c
@@ -193,6 +193,46 @@ int xc_get_system_cpumsr_policy(xc_interface *xch, 
uint32_t index,
     return ret;
 }
 
+int xc_get_domain_cpumsr_policy(xc_interface *xch, uint32_t domid,
+                                uint32_t *nr_leaves, xen_cpuid_leaf_t *leaves,
+                                uint32_t *nr_msrs, xen_msr_entry_t *msrs)
+{
+    DECLARE_DOMCTL;
+    DECLARE_HYPERCALL_BOUNCE(leaves,
+                             *nr_leaves * sizeof(*leaves),
+                             XC_HYPERCALL_BUFFER_BOUNCE_OUT);
+    DECLARE_HYPERCALL_BOUNCE(msrs,
+                             *nr_msrs * sizeof(*msrs),
+                             XC_HYPERCALL_BUFFER_BOUNCE_OUT);
+    int ret;
+
+    if ( xc_hypercall_bounce_pre(xch, leaves) )
+        return -1;
+
+    if ( xc_hypercall_bounce_pre(xch, msrs) )
+        return -1;
+
+    domctl.cmd = XEN_DOMCTL_get_cpumsr_policy;
+    domctl.domain = domid;
+    domctl.u.cpumsr_policy.nr_leaves = *nr_leaves;
+    set_xen_guest_handle(domctl.u.cpumsr_policy.cpuid_policy, leaves);
+    domctl.u.cpumsr_policy.nr_msrs = *nr_msrs;
+    set_xen_guest_handle(domctl.u.cpumsr_policy.msr_policy, msrs);
+
+    ret = do_domctl(xch, &domctl);
+
+    xc_hypercall_bounce_post(xch, leaves);
+    xc_hypercall_bounce_post(xch, msrs);
+
+    if ( !ret )
+    {
+        *nr_leaves = domctl.u.cpumsr_policy.nr_leaves;
+        *nr_msrs = domctl.u.cpumsr_policy.nr_msrs;
+    }
+
+    return ret;
+}
+
 struct cpuid_domain_info
 {
     enum
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index a5b3004..52a3694 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -3,6 +3,8 @@
 #include <err.h>
 #include <getopt.h>
 #include <string.h>
+#include <errno.h>
+#include <limits.h>
 
 #include <xenctrl.h>
 
@@ -308,11 +310,13 @@ int main(int argc, char **argv)
 {
     enum { MODE_UNKNOWN, MODE_INFO, MODE_DETAIL, MODE_INTERPRET, MODE_POLICY }
     mode = MODE_UNKNOWN;
+    int domid = -1;
 
     nr_features = xc_get_cpu_featureset_size();
 
     for ( ;; )
     {
+        const char *tmp_optarg;
         int option_index = 0, c;
         static struct option long_options[] =
         {
@@ -320,11 +324,11 @@ int main(int argc, char **argv)
             { "info", no_argument, NULL, 'i' },
             { "detail", no_argument, NULL, 'd' },
             { "verbose", no_argument, NULL, 'v' },
-            { "policy", no_argument, NULL, 'p' },
+            { "policy", optional_argument, NULL, 'p' },
             { NULL, 0, NULL, 0 },
         };
 
-        c = getopt_long(argc, argv, "hidvp", long_options, &option_index);
+        c = getopt_long(argc, argv, "hidvp::", long_options, &option_index);
 
         if ( c == -1 )
             break;
@@ -344,6 +348,28 @@ int main(int argc, char **argv)
 
         case 'p':
             mode = MODE_POLICY;
+
+            tmp_optarg = optarg;
+
+            /* Make "--policy $DOMID" and "-p $DOMID" work. */
+            if ( !optarg && optind < argc &&
+                 argv[optind] != NULL && argv[optind][0] != '\0' &&
+                 argv[optind][0] != '-' )
+                tmp_optarg = argv[optind++];
+
+            if ( tmp_optarg )
+            {
+                char *endptr;
+
+                errno = 0;
+                domid = strtol(tmp_optarg, &endptr, 0);
+
+                if ( (errno == ERANGE &&
+                      (domid == LONG_MAX || domid == LONG_MIN)) ||
+                     (errno != 0 && domid == 0) ||
+                     endptr == tmp_optarg )
+                    err(1, "strtol(%s,,)", tmp_optarg);
+            }
             break;
 
         case 'd':
@@ -397,8 +423,9 @@ int main(int argc, char **argv)
 
         if ( xc_get_cpumsr_policy_size(xch, &max_leaves, &max_msrs) )
             err(1, "xc_get_cpumsr_policy_size(...)");
-        printf("Xen reports there are maximum %u leaves and %u MSRs\n",
-                max_leaves, max_msrs);
+        if ( domid == -1 )
+            printf("Xen reports there are maximum %u leaves and %u MSRs\n",
+                   max_leaves, max_msrs);
 
         leaves = calloc(max_leaves, sizeof(xen_cpuid_leaf_t));
         if ( !leaves )
@@ -407,17 +434,36 @@ int main(int argc, char **argv)
         if ( !msrs )
             err(1, "calloc(max_msrs)");
 
-        for ( pol = 0; pol < ARRAY_SIZE(sys_policies); ++pol )
+        if ( domid != -1 )
         {
+            char name[20];
             uint32_t nr_leaves = max_leaves;
             uint32_t nr_msrs = max_msrs;
 
-            if ( xc_get_system_cpumsr_policy(xch, pol, &nr_leaves, leaves,
+            if ( xc_get_domain_cpumsr_policy(xch, domid, &nr_leaves, leaves,
                                              &nr_msrs, msrs) )
-                err(1, "xc_get_system_cpumsr_policy(, %s,,)",
-                    sys_policies[pol]);
+                err(1, "xc_get_domain_cpuid_policy(, %d, %d,, %d,)",
+                    domid, nr_leaves, nr_msrs);
 
-            print_policy(sys_policies[pol], leaves, nr_leaves, msrs, nr_msrs);
+            snprintf(name, sizeof(name), "Domain %d", domid);
+            print_policy(name, leaves, nr_leaves, msrs, nr_msrs);
+        }
+        else
+        {
+            /* Get system policies */
+            for ( pol = 0; pol < ARRAY_SIZE(sys_policies); ++pol )
+            {
+                uint32_t nr_leaves = max_leaves;
+                uint32_t nr_msrs = max_msrs;
+
+                if ( xc_get_system_cpumsr_policy(xch, pol, &nr_leaves, leaves,
+                                                 &nr_msrs, msrs) )
+                    err(1, "xc_get_system_cpumsr_policy(, %s,,)",
+                        sys_policies[pol]);
+
+                print_policy(sys_policies[pol], leaves, nr_leaves,
+                             msrs, nr_msrs);
+            }
         }
 
         free(leaves);
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 3e9580b..8b48349 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1524,6 +1524,52 @@ long arch_do_domctl(
         recalculate_cpuid_policy(d);
         break;
 
+    case XEN_DOMCTL_get_cpumsr_policy:
+        if ( d == currd ||       /* No domain_pause() */
+             d->max_vcpus == 0 ) /* No vcpus yet. */
+        {
+            ret = -EINVAL;
+            break;
+        }
+
+        domain_pause(d);
+
+        if ( !guest_handle_is_null(domctl->u.cpumsr_policy.cpuid_policy) )
+        {
+            if ( (ret = x86_cpuid_copy_to_buffer(
+                      d->arch.cpuid,
+                      domctl->u.cpumsr_policy.cpuid_policy,
+                      &domctl->u.cpumsr_policy.nr_leaves)) )
+                goto get_cpumsr_policy_out;
+
+            if ( __copy_field_to_guest(u_domctl, domctl,
+                                       u.cpumsr_policy.nr_leaves) )
+            {
+                ret = -EFAULT;
+                goto get_cpumsr_policy_out;
+            }
+        }
+
+        if ( !guest_handle_is_null(domctl->u.cpumsr_policy.msr_policy) )
+        {
+            if ( (ret = x86_msr_copy_to_buffer(
+                      d->arch.msr, d->vcpu[0]->arch.msr,
+                      domctl->u.cpumsr_policy.msr_policy,
+                      &domctl->u.cpumsr_policy.nr_msrs)) )
+                goto get_cpumsr_policy_out;
+
+            if ( __copy_field_to_guest(u_domctl, domctl,
+                                       u.cpumsr_policy.nr_msrs) )
+            {
+                ret = -EFAULT;
+                goto get_cpumsr_policy_out;
+            }
+        }
+
+    get_cpumsr_policy_out:
+        domain_unpause(d);
+        break;
+
     default:
         ret = iommu_do_domctl(domctl, d, u_domctl);
         break;
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 0535da8..1ca41bd 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -635,6 +635,22 @@ struct xen_domctl_cpuid {
   uint32_t ecx;
   uint32_t edx;
 };
+
+/*
+ * XEN_SYSCTL_{get,set}_cpumsr_policy (x86 specific)
+ *
+ * Query or set the CPUID and MSR policies for a specific domain.
+ */
+struct xen_domctl_cpumsr_policy {
+    uint32_t nr_leaves; /* IN/OUT: Number of leaves in/written to
+                         * 'cpuid_policy'. */
+    uint32_t nr_msrs;   /* IN/OUT: Number of MSRs in/written to
+                         * 'msr_domain_policy' */
+    XEN_GUEST_HANDLE_64(xen_cpuid_leaf_t) cpuid_policy; /* IN/OUT: */
+    XEN_GUEST_HANDLE_64(xen_msr_entry_t) msr_policy;    /* IN/OUT: */
+};
+typedef struct xen_domctl_cpumsr_policy xen_domctl_cpumsr_policy_t;
+DEFINE_XEN_GUEST_HANDLE(xen_domctl_cpumsr_policy_t);
 #endif
 
 /*
@@ -1172,6 +1188,7 @@ struct xen_domctl {
 #define XEN_DOMCTL_soft_reset                    79
 #define XEN_DOMCTL_set_gnttab_limits             80
 #define XEN_DOMCTL_vuart_op                      81
+#define XEN_DOMCTL_get_cpumsr_policy             82
 #define XEN_DOMCTL_gdbsx_guestmemio            1000
 #define XEN_DOMCTL_gdbsx_pausevcpu             1001
 #define XEN_DOMCTL_gdbsx_unpausevcpu           1002
@@ -1216,6 +1233,7 @@ struct xen_domctl {
         struct xen_domctl_mem_sharing_op    mem_sharing_op;
 #if defined(__i386__) || defined(__x86_64__)
         struct xen_domctl_cpuid             cpuid;
+        struct xen_domctl_cpumsr_policy     cpumsr_policy;
         struct xen_domctl_vcpuextstate      vcpuextstate;
         struct xen_domctl_vcpu_msrs         vcpu_msrs;
 #endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 1d30b0e..245fcfd 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -717,6 +717,7 @@ static int flask_domctl(struct domain *d, int cmd)
         return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
 
     case XEN_DOMCTL_set_cpuid:
+    case XEN_DOMCTL_get_cpumsr_policy:
         return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID);
 
     case XEN_DOMCTL_gettscinfo:
diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
index b5bc7a2..c92bea3 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -213,6 +213,7 @@ class domain2
 #  target = the new target domain
     set_as_target
 # XEN_DOMCTL_set_cpuid
+# XEN_DOMCTL_get_cpumsr_policy
     set_cpuid
 # XEN_DOMCTL_gettscinfo
     gettsc
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.