From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Sergey Dyasli" <sergey.dyasli@citrix.com>,
"Wei Liu" <wl@xen.org>, "Ian Jackson" <Ian.Jackson@eu.citrix.com>,
Xen-devel <xen-devel@lists.xenproject.org>,
"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH 3/8] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy
Date: Thu, 12 Sep 2019 10:06:30 +0200 [thread overview]
Message-ID: <8c6a368c-4409-dc6b-9b73-6e93b8fbd6e7@suse.com> (raw)
In-Reply-To: <20190911200504.5693-4-andrew.cooper3@citrix.com>
On 11.09.2019 22:04, Andrew Cooper wrote:
> --- a/tools/libxc/xc_cpuid_x86.c
> +++ b/tools/libxc/xc_cpuid_x86.c
> @@ -229,6 +229,55 @@ int xc_get_domain_cpu_policy(xc_interface *xch, uint32_t domid,
> return ret;
> }
>
> +int xc_set_domain_cpu_policy(xc_interface *xch, uint32_t domid,
> + uint32_t nr_leaves, xen_cpuid_leaf_t *leaves,
> + uint32_t nr_msrs, xen_msr_entry_t *msrs,
> + uint32_t *err_leaf_p, uint32_t *err_subleaf_p,
> + uint32_t *err_msr_idx_p)
> +{
> + DECLARE_DOMCTL;
> + DECLARE_HYPERCALL_BOUNCE(leaves,
> + nr_leaves * sizeof(*leaves),
> + XC_HYPERCALL_BUFFER_BOUNCE_IN);
> + DECLARE_HYPERCALL_BOUNCE(msrs,
> + nr_msrs * sizeof(*msrs),
> + XC_HYPERCALL_BUFFER_BOUNCE_IN);
With both being IN, the respective function parameters should imo
be pointers to const.
> + int ret;
> +
> + if ( xc_hypercall_bounce_pre(xch, leaves) )
> + return -1;
> +
> + if ( xc_hypercall_bounce_pre(xch, msrs) )
> + return -1;
> +
> + domctl.cmd = XEN_DOMCTL_set_cpu_policy;
> + domctl.domain = domid;
> + domctl.u.cpu_policy.nr_leaves = nr_leaves;
> + set_xen_guest_handle(domctl.u.cpu_policy.cpuid_policy, leaves);
> + domctl.u.cpu_policy.nr_msrs = nr_msrs;
> + set_xen_guest_handle(domctl.u.cpu_policy.msr_policy, msrs);
> + domctl.u.cpu_policy.err_leaf = ~0;
> + domctl.u.cpu_policy.err_subleaf = ~0;
> + domctl.u.cpu_policy.err_msr_idx = ~0;
The fields are marked OUT only in the public header, which implies
no initialization should be needed here, as the hypercall would
overwrite the fields in any event.
> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -294,6 +294,65 @@ static int update_domain_cpuid_info(struct domain *d,
> return 0;
> }
>
> +static int update_domain_cpu_policy(struct domain *d,
> + xen_domctl_cpu_policy_t *xdpc)
> +{
> + struct cpu_policy new = {};
> + const struct cpu_policy *sys = is_pv_domain(d)
> + ? &system_policies[XEN_SYSCTL_cpu_policy_pv_max]
> + : &system_policies[XEN_SYSCTL_cpu_policy_hvm_max];
> + struct cpu_policy_errors err = INIT_CPU_POLICY_ERRORS;
> + int ret = -ENOMEM;
> +
> + /* Start by copying the domain's existing policies. */
> + if ( !(new.cpuid = xmemdup(d->arch.cpuid)) ||
> + !(new.msr = xmemdup(d->arch.msr)) )
To avoid the redundant initialization, this could as well be the
initializer of the variable.
> @@ -1476,6 +1535,27 @@ long arch_do_domctl(
> copyback = true;
> break;
>
> + case XEN_DOMCTL_set_cpu_policy:
> + if ( d == currd ) /* No domain_pause() */
> + {
> + ret = -EINVAL;
> + break;
> + }
> +
> + domain_pause(d);
> +
> + if ( d->creation_finished )
> + ret = -EEXIST; /* No changing once the domain is running. */
> + else
> + {
> + ret = update_domain_cpu_policy(d, &domctl->u.cpu_policy);
> + if ( ret ) /* Copy domctl->u.cpu_policy.err_* to guest. */
> + copyback = true;
Due to the OUT in the public header I think it would be better to
always copy this back (making sure the invalid markers are in place
in case of success). But I guess we're not very consistent with
honoring OUT like this.
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -658,17 +658,23 @@ struct xen_domctl_cpuid {
> };
>
> /*
> - * XEN_DOMCTL_get_cpu_policy (x86 specific)
> + * XEN_DOMCTL_{get,set}_cpu_policy (x86 specific)
> *
> - * Query the CPUID and MSR policies for a specific domain.
> + * Query or set the CPUID and MSR policies for a specific domain.
> */
> struct xen_domctl_cpu_policy {
> uint32_t nr_leaves; /* IN/OUT: Number of leaves in/written to
> * 'cpuid_policy'. */
> uint32_t nr_msrs; /* IN/OUT: Number of MSRs in/written to
> * 'msr_domain_policy' */
> - XEN_GUEST_HANDLE_64(xen_cpuid_leaf_t) cpuid_policy; /* OUT */
> - XEN_GUEST_HANDLE_64(xen_msr_entry_t) msr_policy; /* OUT */
> + XEN_GUEST_HANDLE_64(xen_cpuid_leaf_t) cpuid_policy; /* IN/OUT */
> + XEN_GUEST_HANDLE_64(xen_msr_entry_t) msr_policy; /* IN/OUT */
> + uint32_t err_leaf, err_subleaf; /* OUT, set_policy only. If not ~0,
> + * indicates the leaf/subleaf which
> + * auditing objected to. */
> + uint32_t err_msr_idx; /* OUT, set_policy only. If not ~0,
> + * indicates the MSR idx which
> + * auditing objected to. */
> };
> typedef struct xen_domctl_cpu_policy xen_domctl_cpu_policy_t;
> DEFINE_XEN_GUEST_HANDLE(xen_domctl_cpu_policy_t);
I know you're not liking the concept, but XEN_DOMCTL_INTERFACE_VERSION
hasn't been bumped in this release cycle yet, and hence a binary
incompatible change like this one needs to. With at least this last
aspect taken care of, hypervisor parts
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-09-12 8:06 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-11 20:04 [Xen-devel] [PATCH 0/8] x86/cpuid: Switch to using XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2019-09-11 20:04 ` [Xen-devel] [PATCH 1/8] libx86: Introduce x86_cpu_policies_are_compatible() Andrew Cooper
2019-09-12 7:43 ` Jan Beulich
2019-09-12 7:59 ` Andrew Cooper
2019-09-12 8:22 ` Jan Beulich
2019-09-12 11:41 ` Andrew Cooper
2019-09-11 20:04 ` [Xen-devel] [PATCH 2/8] x86/cpuid: Split update_domain_cpuid_info() in half Andrew Cooper
2019-09-12 7:52 ` Jan Beulich
2019-09-12 8:07 ` Andrew Cooper
2019-09-11 20:04 ` [Xen-devel] [PATCH 3/8] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2019-09-12 8:06 ` Jan Beulich [this message]
2019-09-12 13:15 ` Andrew Cooper
2019-09-12 13:20 ` Jan Beulich
2019-09-12 16:34 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 4/8] tools/libxc: Pre-cleanup for xc_cpuid_{set, apply_policy}() Andrew Cooper
2019-09-12 8:09 ` Jan Beulich
2019-09-12 8:17 ` Jan Beulich
2019-09-12 8:38 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 5/8] tools/libxc: Rework xc_cpuid_set() to use {get, set}_cpu_policy() Andrew Cooper
2019-09-12 8:19 ` Jan Beulich
2019-09-12 8:36 ` Andrew Cooper
2019-09-12 9:11 ` Jan Beulich
2019-09-12 13:21 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 6/8] tools/libxc: Rework xc_cpuid_apply_policy() " Andrew Cooper
2019-09-12 9:02 ` Jan Beulich
2019-09-12 13:47 ` Andrew Cooper
2019-09-11 20:05 ` [Xen-devel] [PATCH 7/8] x86/domctl: Drop XEN_DOMCTL_set_cpuid Andrew Cooper
2019-09-12 9:04 ` Jan Beulich
2019-09-11 20:05 ` [Xen-devel] [PATCH 8/8] x86/cpuid: Enable CPUID Faulting for the control domain Andrew Cooper
2019-09-12 9:07 ` Jan Beulich
2019-09-12 9:28 ` Andrew Cooper
2019-09-12 18:55 ` [Xen-devel] [PATCH v2 8/8] x86/cpuid: Enable CPUID Faulting for the control domain by default Andrew Cooper
2019-09-13 6:38 ` Jan Beulich
2019-09-13 14:56 ` Andrew Cooper
2019-09-12 18:55 ` [Xen-devel] [PATCH v2 0.5/8] libx86: Proactively initialise error pointers Andrew Cooper
2019-09-13 6:20 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8c6a368c-4409-dc6b-9b73-6e93b8fbd6e7@suse.com \
--to=jbeulich@suse.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=roger.pau@citrix.com \
--cc=sergey.dyasli@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).