From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: "Sergey Dyasli" <sergey.dyasli@citrix.com>,
"Wei Liu" <wei.liu2@citrix.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Ian Jackson" <Ian.Jackson@eu.citrix.com>,
"Jan Beulich" <JBeulich@suse.com>,
"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH 10/13] x86/domctl: Implement XEN_DOMCTL_get_cpumsr_policy
Date: Tue, 3 Jul 2018 21:55:23 +0100 [thread overview]
Message-ID: <1530651326-5320-11-git-send-email-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <1530651326-5320-1-git-send-email-andrew.cooper3@citrix.com>
From: Sergey Dyasli <sergey.dyasli@citrix.com>
This finally (after literally years of work!) marks the point where the
toolstack can ask the hypervisor for the current CPUID configuration of a
specific domain.
Also extend xen-cpuid's --policy mode to be able to take a domid and dump a
specific domains CPUID and MSR policy.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Sergey Dyasli <sergey.dyasli@citrix.com>
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
tools/libxc/include/xenctrl.h | 3 ++
tools/libxc/xc_cpuid_x86.c | 40 +++++++++++++++++++++++
tools/misc/xen-cpuid.c | 64 +++++++++++++++++++++++++++++++------
xen/arch/x86/domctl.c | 46 ++++++++++++++++++++++++++
xen/include/public/domctl.h | 18 +++++++++++
xen/xsm/flask/hooks.c | 1 +
xen/xsm/flask/policy/access_vectors | 1 +
7 files changed, 164 insertions(+), 9 deletions(-)
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index d1f0925c..15d2b92 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -2541,6 +2541,9 @@ int xc_get_cpumsr_policy_size(xc_interface *xch, uint32_t *nr_leaves,
int xc_get_system_cpumsr_policy(xc_interface *xch, uint32_t index,
uint32_t *nr_leaves, xen_cpuid_leaf_t *leaves,
uint32_t *nr_msrs, xen_msr_entry_t *msrs);
+int xc_get_domain_cpumsr_policy(xc_interface *xch, uint32_t domid,
+ uint32_t *nr_leaves, xen_cpuid_leaf_t *leaves,
+ uint32_t *nr_msrs, xen_msr_entry_t *msrs);
uint32_t xc_get_cpu_featureset_size(void);
diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
index ce2a584..efbac77 100644
--- a/tools/libxc/xc_cpuid_x86.c
+++ b/tools/libxc/xc_cpuid_x86.c
@@ -193,6 +193,46 @@ int xc_get_system_cpumsr_policy(xc_interface *xch, uint32_t index,
return ret;
}
+int xc_get_domain_cpumsr_policy(xc_interface *xch, uint32_t domid,
+ uint32_t *nr_leaves, xen_cpuid_leaf_t *leaves,
+ uint32_t *nr_msrs, xen_msr_entry_t *msrs)
+{
+ DECLARE_DOMCTL;
+ DECLARE_HYPERCALL_BOUNCE(leaves,
+ *nr_leaves * sizeof(*leaves),
+ XC_HYPERCALL_BUFFER_BOUNCE_OUT);
+ DECLARE_HYPERCALL_BOUNCE(msrs,
+ *nr_msrs * sizeof(*msrs),
+ XC_HYPERCALL_BUFFER_BOUNCE_OUT);
+ int ret;
+
+ if ( xc_hypercall_bounce_pre(xch, leaves) )
+ return -1;
+
+ if ( xc_hypercall_bounce_pre(xch, msrs) )
+ return -1;
+
+ domctl.cmd = XEN_DOMCTL_get_cpumsr_policy;
+ domctl.domain = domid;
+ domctl.u.cpumsr_policy.nr_leaves = *nr_leaves;
+ set_xen_guest_handle(domctl.u.cpumsr_policy.cpuid_policy, leaves);
+ domctl.u.cpumsr_policy.nr_msrs = *nr_msrs;
+ set_xen_guest_handle(domctl.u.cpumsr_policy.msr_policy, msrs);
+
+ ret = do_domctl(xch, &domctl);
+
+ xc_hypercall_bounce_post(xch, leaves);
+ xc_hypercall_bounce_post(xch, msrs);
+
+ if ( !ret )
+ {
+ *nr_leaves = domctl.u.cpumsr_policy.nr_leaves;
+ *nr_msrs = domctl.u.cpumsr_policy.nr_msrs;
+ }
+
+ return ret;
+}
+
struct cpuid_domain_info
{
enum
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index a5b3004..52a3694 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -3,6 +3,8 @@
#include <err.h>
#include <getopt.h>
#include <string.h>
+#include <errno.h>
+#include <limits.h>
#include <xenctrl.h>
@@ -308,11 +310,13 @@ int main(int argc, char **argv)
{
enum { MODE_UNKNOWN, MODE_INFO, MODE_DETAIL, MODE_INTERPRET, MODE_POLICY }
mode = MODE_UNKNOWN;
+ int domid = -1;
nr_features = xc_get_cpu_featureset_size();
for ( ;; )
{
+ const char *tmp_optarg;
int option_index = 0, c;
static struct option long_options[] =
{
@@ -320,11 +324,11 @@ int main(int argc, char **argv)
{ "info", no_argument, NULL, 'i' },
{ "detail", no_argument, NULL, 'd' },
{ "verbose", no_argument, NULL, 'v' },
- { "policy", no_argument, NULL, 'p' },
+ { "policy", optional_argument, NULL, 'p' },
{ NULL, 0, NULL, 0 },
};
- c = getopt_long(argc, argv, "hidvp", long_options, &option_index);
+ c = getopt_long(argc, argv, "hidvp::", long_options, &option_index);
if ( c == -1 )
break;
@@ -344,6 +348,28 @@ int main(int argc, char **argv)
case 'p':
mode = MODE_POLICY;
+
+ tmp_optarg = optarg;
+
+ /* Make "--policy $DOMID" and "-p $DOMID" work. */
+ if ( !optarg && optind < argc &&
+ argv[optind] != NULL && argv[optind][0] != '\0' &&
+ argv[optind][0] != '-' )
+ tmp_optarg = argv[optind++];
+
+ if ( tmp_optarg )
+ {
+ char *endptr;
+
+ errno = 0;
+ domid = strtol(tmp_optarg, &endptr, 0);
+
+ if ( (errno == ERANGE &&
+ (domid == LONG_MAX || domid == LONG_MIN)) ||
+ (errno != 0 && domid == 0) ||
+ endptr == tmp_optarg )
+ err(1, "strtol(%s,,)", tmp_optarg);
+ }
break;
case 'd':
@@ -397,8 +423,9 @@ int main(int argc, char **argv)
if ( xc_get_cpumsr_policy_size(xch, &max_leaves, &max_msrs) )
err(1, "xc_get_cpumsr_policy_size(...)");
- printf("Xen reports there are maximum %u leaves and %u MSRs\n",
- max_leaves, max_msrs);
+ if ( domid == -1 )
+ printf("Xen reports there are maximum %u leaves and %u MSRs\n",
+ max_leaves, max_msrs);
leaves = calloc(max_leaves, sizeof(xen_cpuid_leaf_t));
if ( !leaves )
@@ -407,17 +434,36 @@ int main(int argc, char **argv)
if ( !msrs )
err(1, "calloc(max_msrs)");
- for ( pol = 0; pol < ARRAY_SIZE(sys_policies); ++pol )
+ if ( domid != -1 )
{
+ char name[20];
uint32_t nr_leaves = max_leaves;
uint32_t nr_msrs = max_msrs;
- if ( xc_get_system_cpumsr_policy(xch, pol, &nr_leaves, leaves,
+ if ( xc_get_domain_cpumsr_policy(xch, domid, &nr_leaves, leaves,
&nr_msrs, msrs) )
- err(1, "xc_get_system_cpumsr_policy(, %s,,)",
- sys_policies[pol]);
+ err(1, "xc_get_domain_cpuid_policy(, %d, %d,, %d,)",
+ domid, nr_leaves, nr_msrs);
- print_policy(sys_policies[pol], leaves, nr_leaves, msrs, nr_msrs);
+ snprintf(name, sizeof(name), "Domain %d", domid);
+ print_policy(name, leaves, nr_leaves, msrs, nr_msrs);
+ }
+ else
+ {
+ /* Get system policies */
+ for ( pol = 0; pol < ARRAY_SIZE(sys_policies); ++pol )
+ {
+ uint32_t nr_leaves = max_leaves;
+ uint32_t nr_msrs = max_msrs;
+
+ if ( xc_get_system_cpumsr_policy(xch, pol, &nr_leaves, leaves,
+ &nr_msrs, msrs) )
+ err(1, "xc_get_system_cpumsr_policy(, %s,,)",
+ sys_policies[pol]);
+
+ print_policy(sys_policies[pol], leaves, nr_leaves,
+ msrs, nr_msrs);
+ }
}
free(leaves);
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 3e9580b..8b48349 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1524,6 +1524,52 @@ long arch_do_domctl(
recalculate_cpuid_policy(d);
break;
+ case XEN_DOMCTL_get_cpumsr_policy:
+ if ( d == currd || /* No domain_pause() */
+ d->max_vcpus == 0 ) /* No vcpus yet. */
+ {
+ ret = -EINVAL;
+ break;
+ }
+
+ domain_pause(d);
+
+ if ( !guest_handle_is_null(domctl->u.cpumsr_policy.cpuid_policy) )
+ {
+ if ( (ret = x86_cpuid_copy_to_buffer(
+ d->arch.cpuid,
+ domctl->u.cpumsr_policy.cpuid_policy,
+ &domctl->u.cpumsr_policy.nr_leaves)) )
+ goto get_cpumsr_policy_out;
+
+ if ( __copy_field_to_guest(u_domctl, domctl,
+ u.cpumsr_policy.nr_leaves) )
+ {
+ ret = -EFAULT;
+ goto get_cpumsr_policy_out;
+ }
+ }
+
+ if ( !guest_handle_is_null(domctl->u.cpumsr_policy.msr_policy) )
+ {
+ if ( (ret = x86_msr_copy_to_buffer(
+ d->arch.msr, d->vcpu[0]->arch.msr,
+ domctl->u.cpumsr_policy.msr_policy,
+ &domctl->u.cpumsr_policy.nr_msrs)) )
+ goto get_cpumsr_policy_out;
+
+ if ( __copy_field_to_guest(u_domctl, domctl,
+ u.cpumsr_policy.nr_msrs) )
+ {
+ ret = -EFAULT;
+ goto get_cpumsr_policy_out;
+ }
+ }
+
+ get_cpumsr_policy_out:
+ domain_unpause(d);
+ break;
+
default:
ret = iommu_do_domctl(domctl, d, u_domctl);
break;
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 0535da8..1ca41bd 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -635,6 +635,22 @@ struct xen_domctl_cpuid {
uint32_t ecx;
uint32_t edx;
};
+
+/*
+ * XEN_SYSCTL_{get,set}_cpumsr_policy (x86 specific)
+ *
+ * Query or set the CPUID and MSR policies for a specific domain.
+ */
+struct xen_domctl_cpumsr_policy {
+ uint32_t nr_leaves; /* IN/OUT: Number of leaves in/written to
+ * 'cpuid_policy'. */
+ uint32_t nr_msrs; /* IN/OUT: Number of MSRs in/written to
+ * 'msr_domain_policy' */
+ XEN_GUEST_HANDLE_64(xen_cpuid_leaf_t) cpuid_policy; /* IN/OUT: */
+ XEN_GUEST_HANDLE_64(xen_msr_entry_t) msr_policy; /* IN/OUT: */
+};
+typedef struct xen_domctl_cpumsr_policy xen_domctl_cpumsr_policy_t;
+DEFINE_XEN_GUEST_HANDLE(xen_domctl_cpumsr_policy_t);
#endif
/*
@@ -1172,6 +1188,7 @@ struct xen_domctl {
#define XEN_DOMCTL_soft_reset 79
#define XEN_DOMCTL_set_gnttab_limits 80
#define XEN_DOMCTL_vuart_op 81
+#define XEN_DOMCTL_get_cpumsr_policy 82
#define XEN_DOMCTL_gdbsx_guestmemio 1000
#define XEN_DOMCTL_gdbsx_pausevcpu 1001
#define XEN_DOMCTL_gdbsx_unpausevcpu 1002
@@ -1216,6 +1233,7 @@ struct xen_domctl {
struct xen_domctl_mem_sharing_op mem_sharing_op;
#if defined(__i386__) || defined(__x86_64__)
struct xen_domctl_cpuid cpuid;
+ struct xen_domctl_cpumsr_policy cpumsr_policy;
struct xen_domctl_vcpuextstate vcpuextstate;
struct xen_domctl_vcpu_msrs vcpu_msrs;
#endif
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 1d30b0e..245fcfd 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -717,6 +717,7 @@ static int flask_domctl(struct domain *d, int cmd)
return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_VIRQ_HANDLER);
case XEN_DOMCTL_set_cpuid:
+ case XEN_DOMCTL_get_cpumsr_policy:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_CPUID);
case XEN_DOMCTL_gettscinfo:
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index b5bc7a2..c92bea3 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -213,6 +213,7 @@ class domain2
# target = the new target domain
set_as_target
# XEN_DOMCTL_set_cpuid
+# XEN_DOMCTL_get_cpumsr_policy
set_cpuid
# XEN_DOMCTL_gettscinfo
gettsc
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-07-03 20:55 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-03 20:55 [PATCH 00/13] x86: CPUID and MSR policy marshalling support Andrew Cooper
2018-07-03 20:55 ` [PATCH 01/13] libx86: Introduce libx86/cpuid.h Andrew Cooper
2018-07-04 6:54 ` Wei Liu
2018-07-04 8:21 ` Jan Beulich
2018-07-04 12:03 ` Andrew Cooper
2018-07-04 13:57 ` Jan Beulich
2018-07-06 1:35 ` Doug Goldstein
2018-07-06 8:07 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 02/13] libx86: generate cpuid-autogen.h in the libx86 include dir Andrew Cooper
2018-07-04 7:03 ` Wei Liu
2018-07-04 8:33 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 03/13] libx86: Share struct cpuid_policy with userspace Andrew Cooper
2018-07-04 7:08 ` Wei Liu
2018-07-04 8:36 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 04/13] libx86: introduce a libx86 shared library Andrew Cooper
2018-07-04 7:20 ` Wei Liu
2018-07-04 8:42 ` Jan Beulich
2018-07-04 15:48 ` Andrew Cooper
2018-07-03 20:55 ` [PATCH 05/13] libx86: Introduce libx86/msr.h and share msr_{domain, vcpu}_policy with userspace Andrew Cooper
2018-07-04 7:21 ` Wei Liu
2018-07-04 8:43 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 06/13] libx86: Introduce a helper to serialise a cpuid_policy object Andrew Cooper
2018-07-04 8:42 ` Wei Liu
2018-07-04 8:51 ` Jan Beulich
2018-07-04 16:23 ` Andrew Cooper
2018-07-05 8:09 ` Wei Liu
2018-07-05 8:40 ` Jan Beulich
2018-07-05 13:39 ` Andrew Cooper
2018-07-05 14:05 ` Jan Beulich
2018-07-04 9:01 ` Jan Beulich
2018-07-04 16:46 ` Andrew Cooper
2018-07-05 8:11 ` Wei Liu
2018-07-05 10:21 ` Andrew Cooper
2018-07-05 8:46 ` Jan Beulich
2018-07-05 13:34 ` Andrew Cooper
2018-07-03 20:55 ` [PATCH 07/13] libx86: Introduce a helper to serialise msr_{domain, vcpu}_policy objects Andrew Cooper
2018-07-04 9:16 ` Jan Beulich
2018-07-04 16:56 ` Andrew Cooper
2018-07-05 8:49 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 08/13] x86: Collect policies together into groups Andrew Cooper
2018-07-04 9:22 ` Jan Beulich
2018-07-04 17:15 ` Andrew Cooper
2018-07-05 8:54 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 09/13] x86/sysctl: Implement XEN_SYSCTL_get_cpumsr_policy Andrew Cooper
2018-07-04 9:43 ` Jan Beulich
2018-07-04 17:57 ` Andrew Cooper
2018-07-05 9:08 ` Jan Beulich
2018-07-05 14:08 ` Andrew Cooper
2018-07-05 14:45 ` Jan Beulich
2018-07-03 20:55 ` Andrew Cooper [this message]
2018-07-04 9:48 ` [PATCH 10/13] x86/domctl: Implement XEN_DOMCTL_get_cpumsr_policy Jan Beulich
2018-07-05 14:23 ` Sergey Dyasli
2018-07-03 20:55 ` [PATCH 11/13] libx86: Introduce a helper to deserialise a cpuid_policy object Andrew Cooper
2018-07-04 9:49 ` Jan Beulich
2018-07-03 20:55 ` [PATCH 12/13] libx86: introduce a helper to deserialize MSR policies Andrew Cooper
2018-07-03 20:55 ` [PATCH 13/13] x86/domctl: Implement XEN_DOMCTL_set_cpumsr_policy Andrew Cooper
2018-07-04 10:16 ` Jan Beulich
2018-07-04 18:47 ` Andrew Cooper
2018-07-05 9:28 ` Jan Beulich
2018-07-05 17:55 ` Andrew Cooper
2018-07-06 7:51 ` Jan Beulich
2018-07-06 10:02 ` Andrew Cooper
2018-07-04 10:18 ` Wei Liu
2018-07-04 10:33 ` Andrew Cooper
2018-07-04 8:17 ` [PATCH 00/13] x86: CPUID and MSR policy marshalling support Jan Beulich
2018-07-04 10:40 ` Andrew Cooper
2018-07-04 10:44 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1530651326-5320-11-git-send-email-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=roger.pau@citrix.com \
--cc=sergey.dyasli@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.