From: Stefano Stabellini <sstabellini@kernel.org>
To: peter.maydell@linaro.org
Cc: stefanha@gmail.com, sstabellini@kernel.org, stefanha@redhat.com,
anthony.perard@citrix.com, xen-devel@lists.xenproject.org,
qemu-devel@nongnu.org, Paul Durrant <paul.durrant@citrix.com>
Subject: [Qemu-devel] [PATCH 07/21] xen: use libxendevice model to restrict operations
Date: Tue, 25 Apr 2017 11:34:59 -0700 [thread overview]
Message-ID: <1493145313-31311-7-git-send-email-sstabellini@kernel.org> (raw)
In-Reply-To: <1493145313-31311-1-git-send-email-sstabellini@kernel.org>
From: Paul Durrant <paul.durrant@citrix.com>
This patch adds a command-line option (-xen-domid-restrict) which will
use the new libxendevicemodel API to restrict devicemodel [1] operations
to the specified domid. (Such operations are not applicable to the xenpv
machine type).
This patch also adds a tracepoint to allow successful enabling of the
restriction to be monitored.
[1] I.e. operations issued by libxendevicemodel. Operation issued by other
xen libraries (e.g. libxenforeignmemory) are currently still unrestricted
but this will be rectified by subsequent patches.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
hw/xen/trace-events | 1 +
include/hw/xen/xen.h | 1 +
include/hw/xen/xen_common.h | 20 ++++++++++++++++++++
qemu-options.hx | 7 +++++++
vl.c | 8 ++++++++
xen-hvm.c | 8 ++++++++
6 files changed, 45 insertions(+)
diff --git a/hw/xen/trace-events b/hw/xen/trace-events
index c4fb6f1..5615dce 100644
--- a/hw/xen/trace-events
+++ b/hw/xen/trace-events
@@ -11,3 +11,4 @@ xen_map_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %
xen_unmap_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %u start: %#"PRIx64" end: %#"PRIx64
xen_map_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x"
xen_unmap_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x"
+xen_domid_restrict(int err) "err: %u"
diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h
index 2b1733b..7efcdaa 100644
--- a/include/hw/xen/xen.h
+++ b/include/hw/xen/xen.h
@@ -21,6 +21,7 @@ enum xen_mode {
extern uint32_t xen_domid;
extern enum xen_mode xen_mode;
+extern bool xen_domid_restrict;
extern bool xen_allowed;
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
index fa990a0..0fcbba8 100644
--- a/include/hw/xen/xen_common.h
+++ b/include/hw/xen/xen_common.h
@@ -151,6 +151,13 @@ static inline int xendevicemodel_set_mem_type(
return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr);
}
+static inline int xendevicemodel_restrict(
+ xendevicemodel_handle *dmod, domid_t domid)
+{
+ errno = ENOTTY;
+ return -1;
+}
+
#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */
#undef XC_WANT_COMPAT_DEVICEMODEL_API
@@ -206,6 +213,19 @@ static inline int xen_modified_memory(domid_t domid, uint64_t first_pfn,
return xendevicemodel_modified_memory(xen_dmod, domid, first_pfn, nr);
}
+static inline int xen_restrict(domid_t domid)
+{
+ int rc = xendevicemodel_restrict(xen_dmod, domid);
+
+ trace_xen_domid_restrict(errno);
+
+ if (errno == ENOTTY) {
+ return 0;
+ }
+
+ return rc;
+}
+
/* Xen 4.2 through 4.6 */
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40701
diff --git a/qemu-options.hx b/qemu-options.hx
index 99af8ed..2043371 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3354,6 +3354,11 @@ DEF("xen-attach", 0, QEMU_OPTION_xen_attach,
"-xen-attach attach to existing xen domain\n"
" xend will use this when starting QEMU\n",
QEMU_ARCH_ALL)
+DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict,
+ "-xen-domid-restrict restrict set of available xen operations\n"
+ " to specified domain id. (Does not affect\n"
+ " xenpv machine type).\n",
+ QEMU_ARCH_ALL)
STEXI
@item -xen-domid @var{id}
@findex -xen-domid
@@ -3366,6 +3371,8 @@ Warning: should not be used when xend is in use (XEN only).
@findex -xen-attach
Attach to existing xen domain.
xend will use this when starting QEMU (XEN only).
+@findex -xen-domid-restrict
+Restrict set of available xen operations to specified domain id (XEN only).
ETEXI
DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \
diff --git a/vl.c b/vl.c
index 0b4ed52..f46e070 100644
--- a/vl.c
+++ b/vl.c
@@ -205,6 +205,7 @@ static NotifierList machine_init_done_notifiers =
bool xen_allowed;
uint32_t xen_domid;
enum xen_mode xen_mode = XEN_EMULATE;
+bool xen_domid_restrict;
static int has_defaults = 1;
static int default_serial = 1;
@@ -3933,6 +3934,13 @@ int main(int argc, char **argv, char **envp)
}
xen_mode = XEN_ATTACH;
break;
+ case QEMU_OPTION_xen_domid_restrict:
+ if (!(xen_available())) {
+ error_report("Option not supported for this target");
+ exit(1);
+ }
+ xen_domid_restrict = true;
+ break;
case QEMU_OPTION_trace:
g_free(trace_file);
trace_file = trace_opt_parse(optarg);
diff --git a/xen-hvm.c b/xen-hvm.c
index 4b928cf..335e263 100644
--- a/xen-hvm.c
+++ b/xen-hvm.c
@@ -1226,6 +1226,14 @@ void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
goto err;
}
+ if (xen_domid_restrict) {
+ rc = xen_restrict(xen_domid);
+ if (rc < 0) {
+ error_report("failed to restrict: error %d", errno);
+ goto err;
+ }
+ }
+
xen_create_ioreq_server(xen_domid, &state->ioservid);
state->exit.notify = xen_exit_notifier;
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: Stefano Stabellini <sstabellini@kernel.org>
To: peter.maydell@linaro.org
Cc: sstabellini@kernel.org, stefanha@gmail.com,
qemu-devel@nongnu.org, Paul Durrant <paul.durrant@citrix.com>,
stefanha@redhat.com, anthony.perard@citrix.com,
xen-devel@lists.xenproject.org
Subject: [PATCH 07/21] xen: use libxendevice model to restrict operations
Date: Tue, 25 Apr 2017 11:34:59 -0700 [thread overview]
Message-ID: <1493145313-31311-7-git-send-email-sstabellini@kernel.org> (raw)
In-Reply-To: <1493145313-31311-1-git-send-email-sstabellini@kernel.org>
From: Paul Durrant <paul.durrant@citrix.com>
This patch adds a command-line option (-xen-domid-restrict) which will
use the new libxendevicemodel API to restrict devicemodel [1] operations
to the specified domid. (Such operations are not applicable to the xenpv
machine type).
This patch also adds a tracepoint to allow successful enabling of the
restriction to be monitored.
[1] I.e. operations issued by libxendevicemodel. Operation issued by other
xen libraries (e.g. libxenforeignmemory) are currently still unrestricted
but this will be rectified by subsequent patches.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
hw/xen/trace-events | 1 +
include/hw/xen/xen.h | 1 +
include/hw/xen/xen_common.h | 20 ++++++++++++++++++++
qemu-options.hx | 7 +++++++
vl.c | 8 ++++++++
xen-hvm.c | 8 ++++++++
6 files changed, 45 insertions(+)
diff --git a/hw/xen/trace-events b/hw/xen/trace-events
index c4fb6f1..5615dce 100644
--- a/hw/xen/trace-events
+++ b/hw/xen/trace-events
@@ -11,3 +11,4 @@ xen_map_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %
xen_unmap_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %u start: %#"PRIx64" end: %#"PRIx64
xen_map_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x"
xen_unmap_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x"
+xen_domid_restrict(int err) "err: %u"
diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h
index 2b1733b..7efcdaa 100644
--- a/include/hw/xen/xen.h
+++ b/include/hw/xen/xen.h
@@ -21,6 +21,7 @@ enum xen_mode {
extern uint32_t xen_domid;
extern enum xen_mode xen_mode;
+extern bool xen_domid_restrict;
extern bool xen_allowed;
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
index fa990a0..0fcbba8 100644
--- a/include/hw/xen/xen_common.h
+++ b/include/hw/xen/xen_common.h
@@ -151,6 +151,13 @@ static inline int xendevicemodel_set_mem_type(
return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr);
}
+static inline int xendevicemodel_restrict(
+ xendevicemodel_handle *dmod, domid_t domid)
+{
+ errno = ENOTTY;
+ return -1;
+}
+
#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */
#undef XC_WANT_COMPAT_DEVICEMODEL_API
@@ -206,6 +213,19 @@ static inline int xen_modified_memory(domid_t domid, uint64_t first_pfn,
return xendevicemodel_modified_memory(xen_dmod, domid, first_pfn, nr);
}
+static inline int xen_restrict(domid_t domid)
+{
+ int rc = xendevicemodel_restrict(xen_dmod, domid);
+
+ trace_xen_domid_restrict(errno);
+
+ if (errno == ENOTTY) {
+ return 0;
+ }
+
+ return rc;
+}
+
/* Xen 4.2 through 4.6 */
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40701
diff --git a/qemu-options.hx b/qemu-options.hx
index 99af8ed..2043371 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3354,6 +3354,11 @@ DEF("xen-attach", 0, QEMU_OPTION_xen_attach,
"-xen-attach attach to existing xen domain\n"
" xend will use this when starting QEMU\n",
QEMU_ARCH_ALL)
+DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict,
+ "-xen-domid-restrict restrict set of available xen operations\n"
+ " to specified domain id. (Does not affect\n"
+ " xenpv machine type).\n",
+ QEMU_ARCH_ALL)
STEXI
@item -xen-domid @var{id}
@findex -xen-domid
@@ -3366,6 +3371,8 @@ Warning: should not be used when xend is in use (XEN only).
@findex -xen-attach
Attach to existing xen domain.
xend will use this when starting QEMU (XEN only).
+@findex -xen-domid-restrict
+Restrict set of available xen operations to specified domain id (XEN only).
ETEXI
DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \
diff --git a/vl.c b/vl.c
index 0b4ed52..f46e070 100644
--- a/vl.c
+++ b/vl.c
@@ -205,6 +205,7 @@ static NotifierList machine_init_done_notifiers =
bool xen_allowed;
uint32_t xen_domid;
enum xen_mode xen_mode = XEN_EMULATE;
+bool xen_domid_restrict;
static int has_defaults = 1;
static int default_serial = 1;
@@ -3933,6 +3934,13 @@ int main(int argc, char **argv, char **envp)
}
xen_mode = XEN_ATTACH;
break;
+ case QEMU_OPTION_xen_domid_restrict:
+ if (!(xen_available())) {
+ error_report("Option not supported for this target");
+ exit(1);
+ }
+ xen_domid_restrict = true;
+ break;
case QEMU_OPTION_trace:
g_free(trace_file);
trace_file = trace_opt_parse(optarg);
diff --git a/xen-hvm.c b/xen-hvm.c
index 4b928cf..335e263 100644
--- a/xen-hvm.c
+++ b/xen-hvm.c
@@ -1226,6 +1226,14 @@ void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
goto err;
}
+ if (xen_domid_restrict) {
+ rc = xen_restrict(xen_domid);
+ if (rc < 0) {
+ error_report("failed to restrict: error %d", errno);
+ goto err;
+ }
+ }
+
xen_create_ioreq_server(xen_domid, &state->ioservid);
state->exit.notify = xen_exit_notifier;
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-04-25 18:35 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-25 18:34 [Qemu-devel] [PULL 0/21] Please pull xen-20170421-v2-tag for 2.10 Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` [Qemu-devel] [PATCH 01/21] xen: make use of xen_xc implicit in xen_common.h inlines Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` [Qemu-devel] [PATCH 02/21] xen: rename xen_modified_memory() to xen_hvm_modified_memory() Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` [Qemu-devel] [PATCH 03/21] xen: create wrappers for all other uses of xc_hvm_XXX() functions Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` [Qemu-devel] [PATCH 04/21] configure: detect presence of libxendevicemodel Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` [Qemu-devel] [PATCH 05/21] xen: use libxendevicemodel when available Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` [Qemu-devel] [PATCH 06/21] xen: use 5 digit xen versions Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini
2017-04-25 18:34 ` Stefano Stabellini [this message]
2017-04-25 18:34 ` [PATCH 07/21] xen: use libxendevice model to restrict operations Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 08/21] xen: additionally restrict xenforeignmemory operations Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 09/21] configure: use pkg-config for obtaining xen version Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2018-12-11 10:34 ` Peter Maydell
2018-12-11 10:34 ` [Qemu-devel] " Peter Maydell
2018-12-11 10:43 ` Daniel P. Berrangé
2018-12-11 10:43 ` Daniel P. Berrangé
2019-01-02 21:21 ` Stefano Stabellini
2019-01-02 21:21 ` [Qemu-devel] " Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 10/21] xen: import ring.h from xen Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-26 1:52 ` [Qemu-devel] " Philippe Mathieu-Daudé
2017-04-26 1:52 ` Philippe Mathieu-Daudé
2017-04-25 18:35 ` [Qemu-devel] [PATCH 11/21] 9p: introduce a type for the 9p header Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 12/21] xen/9pfs: introduce Xen 9pfs backend Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 13/21] xen/9pfs: connect to the frontend Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 14/21] xen/9pfs: receive requests from " Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 15/21] xen/9pfs: implement in/out_iov_from_pdu and vmarshal/vunmarshal Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 16/21] xen/9pfs: send responses back to the frontend Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 17/21] xen/9pfs: build and register Xen 9pfs backend Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 18/21] add xen-9p-backend to MAINTAINERS under Xen Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 19/21] move xen-common.c to hw/xen/ Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 20/21] move xen-hvm.c to hw/i386/xen/ Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-25 18:35 ` [Qemu-devel] [PATCH 21/21] move xen-mapcache.c " Stefano Stabellini
2017-04-25 18:35 ` Stefano Stabellini
2017-04-26 10:39 ` [Qemu-devel] [PULL 0/21] Please pull xen-20170421-v2-tag for 2.10 Peter Maydell
2017-04-26 10:39 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1493145313-31311-7-git-send-email-sstabellini@kernel.org \
--to=sstabellini@kernel.org \
--cc=anthony.perard@citrix.com \
--cc=paul.durrant@citrix.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.