[PATCH 05/12] xen: add hypercall interfaces for domain and cpupool parameter setting

From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
	George Dunlap <George.Dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
	Julien Grall <julien.grall@arm.com>,
	Jan Beulich <jbeulich@suse.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH 05/12] xen: add hypercall interfaces for domain and cpupool parameter setting
Date: Tue, 18 Sep 2018 08:03:02 +0200	[thread overview]
Message-ID: <20180918060309.7186-6-jgross@suse.com> (raw)
In-Reply-To: <20180918060309.7186-1-jgross@suse.com>

Add a new domctl for setting domain specific parameters similar to
XEN_SYSCTL_set_parameter for global hypervisor parameters.

Enhance XEN_SYSCTL_set_parameter to be usable for setting cpupool
specific parameters, too. For now do only extended parameter checking.
The cpupool parameter setting will be added later.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 tools/flask/policy/modules/dom0.te  |  2 +-
 tools/libxc/xc_misc.c               |  4 +++-
 xen/common/sysctl.c                 | 14 +++++++++++---
 xen/include/public/domctl.h         | 20 +++++++++++++++++++-
 xen/include/public/sysctl.h         |  8 +++++++-
 xen/xsm/flask/hooks.c               |  3 +++
 xen/xsm/flask/policy/access_vectors |  2 ++
 7 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index dfdcdcd128..64a328570a 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -39,7 +39,7 @@ allow dom0_t dom0_t:domain {
 };
 allow dom0_t dom0_t:domain2 {
 	set_cpuid gettsc settsc setscheduler set_vnumainfo
-	get_vnumainfo psr_cmt_op psr_alloc
+	get_vnumainfo psr_cmt_op psr_alloc set_parameter
 };
 allow dom0_t dom0_t:resource { add remove };
 
diff --git a/tools/libxc/xc_misc.c b/tools/libxc/xc_misc.c
index 5e6714ae2b..655c2329b1 100644
--- a/tools/libxc/xc_misc.c
+++ b/tools/libxc/xc_misc.c
@@ -199,7 +199,9 @@ int xc_set_parameters(xc_interface *xch, char *params)
     sysctl.cmd = XEN_SYSCTL_set_parameter;
     set_xen_guest_handle(sysctl.u.set_parameter.params, params);
     sysctl.u.set_parameter.size = len;
-    memset(sysctl.u.set_parameter.pad, 0, sizeof(sysctl.u.set_parameter.pad));
+    sysctl.u.set_parameter.scope = XEN_SYSCTL_SETPAR_SCOPE_GLOBAL;
+    sysctl.u.set_parameter.pad = 0;
+    sysctl.u.set_parameter.instance = 0;
 
     ret = do_sysctl(xch, &sysctl);
 
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index c0aa6bde4e..f10cd279f7 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -471,8 +471,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
 #define XEN_SET_PARAMETER_MAX_SIZE 1023
         char *params;
 
-        if ( op->u.set_parameter.pad[0] || op->u.set_parameter.pad[1] ||
-             op->u.set_parameter.pad[2] )
+        if ( op->u.set_parameter.pad )
         {
             ret = -EINVAL;
             break;
@@ -494,7 +493,16 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
         else
         {
             params[op->u.set_parameter.size] = 0;
-            ret = runtime_parse(params);
+            switch ( op->u.set_parameter.scope )
+            {
+            case XEN_SYSCTL_SETPAR_SCOPE_GLOBAL:
+                ret = op->u.set_parameter.instance
+                      ? -EINVAL : runtime_parse(params);
+                break;
+            default:
+                ret = -EINVAL;
+                break;
+            }
         }
 
         xfree(params);
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 82b696798c..3d6f8b27ab 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -38,7 +38,7 @@
 #include "hvm/save.h"
 #include "memory.h"
 
-#define XEN_DOMCTL_INTERFACE_VERSION 0x00000010
+#define XEN_DOMCTL_INTERFACE_VERSION 0x00000011
 
 /*
  * NB. xen_domctl.domain is an IN/OUT parameter for this operation.
@@ -1098,6 +1098,22 @@ struct xen_domctl_vuart_op {
                                  */
 };
 
+/*
+ * XEN_DOMCTL_set_parameter
+ *
+ * Change domain parameters at runtime.
+ * The input string is parsed similar to the boot parameters.
+ * Parameters are a single string terminated by a NUL byte of max. size
+ * characters. Multiple settings can be specified by separating them
+ * with blanks.
+ */
+
+struct xen_domctl_set_parameter {
+    XEN_GUEST_HANDLE_64(char) params;       /* IN: pointer to parameters. */
+    uint16_t size;                          /* IN: size of parameters. */
+    uint16_t pad[3];                        /* IN: MUST be zero. */
+};
+
 struct xen_domctl {
     uint32_t cmd;
 #define XEN_DOMCTL_createdomain                   1
@@ -1177,6 +1193,7 @@ struct xen_domctl {
 #define XEN_DOMCTL_soft_reset                    79
 /* #define XEN_DOMCTL_set_gnttab_limits          80 - Moved into XEN_DOMCTL_createdomain */
 #define XEN_DOMCTL_vuart_op                      81
+#define XEN_DOMCTL_set_parameter                 82
 #define XEN_DOMCTL_gdbsx_guestmemio            1000
 #define XEN_DOMCTL_gdbsx_pausevcpu             1001
 #define XEN_DOMCTL_gdbsx_unpausevcpu           1002
@@ -1237,6 +1254,7 @@ struct xen_domctl {
         struct xen_domctl_monitor_op        monitor_op;
         struct xen_domctl_psr_alloc         psr_alloc;
         struct xen_domctl_vuart_op          vuart_op;
+        struct xen_domctl_set_parameter     set_parameter;
         uint8_t                             pad[128];
     } u;
 };
diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h
index 8cd0a9cb0d..a6246c4ca7 100644
--- a/xen/include/public/sysctl.h
+++ b/xen/include/public/sysctl.h
@@ -1055,12 +1055,18 @@ struct xen_sysctl_livepatch_op {
  * Parameters are a single string terminated by a NUL byte of max. size
  * characters. Multiple settings can be specified by separating them
  * with blanks.
+ * Scope can be either global (like boot parameters) or cpupool.
  */
 
 struct xen_sysctl_set_parameter {
     XEN_GUEST_HANDLE_64(char) params;       /* IN: pointer to parameters. */
     uint16_t size;                          /* IN: size of parameters. */
-    uint16_t pad[3];                        /* IN: MUST be zero. */
+    uint8_t  scope;                         /* IN: scope of parameters. */
+#define XEN_SYSCTL_SETPAR_SCOPE_GLOBAL   0
+#define XEN_SYSCTL_SETPAR_SCOPE_CPUPOOL  1
+    uint8_t  pad;                           /* IN: MUST be zero. */
+    uint32_t instance;                      /* IN: scope global: must be zero */
+                                            /*     scope cpupool: cpupool id */
 };
 
 struct xen_sysctl {
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 6da2773aa9..d382883394 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -742,6 +742,9 @@ static int flask_domctl(struct domain *d, int cmd)
     case XEN_DOMCTL_soft_reset:
         return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SOFT_RESET);
 
+    case XEN_DOMCTL_set_parameter:
+        return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_PARAMETER);
+
     default:
         return avc_unknown_permission("domctl", cmd);
     }
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index d01a7a0d03..36874c3452 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -248,6 +248,8 @@ class domain2
     psr_alloc
 # XENMEM_resource_map
     resource_map
+# XEN_DOMCTL_set_parameter
+    set_parameter
 }
 
 # Similar to class domain, but primarily contains domctls related to HVM domains
-- 
2.16.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
