From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xen.org, Ian.Campbell@citrix.com,
ian.jackson@eu.citrix.com, stefano.stabellini@eu.citrix.com,
wei.liu2@citrix.com
Cc: Juergen Gross <jgross@suse.com>, Keir Fraser <keir@xen.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
David Vrabel <david.vrabel@citrix.com>,
Jan Beulich <jbeulich@suse.com>, Tim Deegan <tim@xen.orgA>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH 1/9] xen: add xenstore domain flag to hypervisor
Date: Fri, 11 Dec 2015 16:47:33 +0100 [thread overview]
Message-ID: <1449848861-7700-2-git-send-email-jgross@suse.com> (raw)
In-Reply-To: <1449848861-7700-1-git-send-email-jgross@suse.com>
In order to be able to have full support of a xenstore domain in Xen
add a "Xenstore-domain" flag to the hypervisor. This flag must be
specified at domain creation time and is returned by
XEN_DOMCTL_getdomaininfo.
It will allow the domain to retrieve domain information by issuing the
XEN_DOMCTL_getdomaininfo itself in order to be able to check for
domains having been destroyed. At the same time this flag will inhibit
the domain to be migrated, as this wouldn't be a very wise thing to do.
In case of a later support of a rebootable Dom0 this flag will allow to
recognize a xenstore domain already being present to connect to.
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>
Cc: Tim Deegan <tim@xen.org>A
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Signed-off-by: Juergen Gross <jgross@suse.com>
---
xen/common/domain.c | 6 ++++++
xen/common/domctl.c | 14 +++++++++-----
xen/include/public/domctl.h | 6 ++++++
xen/include/xen/sched.h | 5 +++++
xen/include/xsm/dummy.h | 6 ++++++
xen/include/xsm/xsm.h | 1 +
6 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index f56b7ff..ac24cfd 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -318,6 +318,12 @@ struct domain *domain_create(domid_t domid, unsigned int domcr_flags,
hardware_domain = d;
}
+ if ( domcr_flags & DOMCRF_xs_domain )
+ {
+ d->is_xenstore = 1;
+ d->disable_migrate = 1;
+ }
+
rangeset_domain_initialise(d);
init_status |= INIT_rangeset;
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 46b967e..380d326 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -183,10 +183,11 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info)
info->cpu_time = cpu_time;
info->flags = (info->nr_online_vcpus ? flags : 0) |
- ((d->is_dying == DOMDYING_dead) ? XEN_DOMINF_dying : 0) |
- (d->is_shut_down ? XEN_DOMINF_shutdown : 0) |
- (d->controller_pause_count > 0 ? XEN_DOMINF_paused : 0) |
- (d->debugger_attached ? XEN_DOMINF_debugged : 0) |
+ ((d->is_dying == DOMDYING_dead) ? XEN_DOMINF_dying : 0) |
+ (d->is_shut_down ? XEN_DOMINF_shutdown : 0) |
+ (d->controller_pause_count > 0 ? XEN_DOMINF_paused : 0) |
+ (d->debugger_attached ? XEN_DOMINF_debugged : 0) |
+ (d->is_xenstore ? XEN_DOMINF_xs_domain : 0) |
d->shutdown_code << XEN_DOMINF_shutdownshift;
switch ( d->guest_type )
@@ -551,7 +552,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
| XEN_DOMCTL_CDF_pvh_guest
| XEN_DOMCTL_CDF_hap
| XEN_DOMCTL_CDF_s3_integrity
- | XEN_DOMCTL_CDF_oos_off)) )
+ | XEN_DOMCTL_CDF_oos_off
+ | XEN_DOMCTL_CDF_xs_domain)) )
break;
dom = op->domain;
@@ -593,6 +595,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
domcr_flags |= DOMCRF_s3_integrity;
if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_oos_off )
domcr_flags |= DOMCRF_oos_off;
+ if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_xs_domain )
+ domcr_flags |= DOMCRF_xs_domain;
d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref,
&op->u.createdomain.config);
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 7a56b3f..2d8076c 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -63,6 +63,9 @@ struct xen_domctl_createdomain {
/* Is this a PVH guest (as opposed to an HVM or PV guest)? */
#define _XEN_DOMCTL_CDF_pvh_guest 4
#define XEN_DOMCTL_CDF_pvh_guest (1U<<_XEN_DOMCTL_CDF_pvh_guest)
+ /* Is this a xenstore domain? */
+#define _XEN_DOMCTL_CDF_xs_domain 5
+#define XEN_DOMCTL_CDF_xs_domain (1U<<_XEN_DOMCTL_CDF_xs_domain)
uint32_t flags;
struct xen_arch_domainconfig config;
};
@@ -97,6 +100,9 @@ struct xen_domctl_getdomaininfo {
/* domain is PVH */
#define _XEN_DOMINF_pvh_guest 7
#define XEN_DOMINF_pvh_guest (1U<<_XEN_DOMINF_pvh_guest)
+/* domain is a xenstore domain */
+#define _XEN_DOMINF_xs_domain 8
+#define XEN_DOMINF_xs_domain (1U<<_XEN_DOMINF_xs_domain)
/* XEN_DOMINF_shutdown guest-supplied code. */
#define XEN_DOMINF_shutdownmask 255
#define XEN_DOMINF_shutdownshift 16
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 3729b0f..5b18bba 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -374,6 +374,8 @@ struct domain
bool_t auto_node_affinity;
/* Is this guest fully privileged (aka dom0)? */
bool_t is_privileged;
+ /* Is this a xenstore domain (not dom0)? */
+ bool_t is_xenstore;
/* Domain's VCPUs are pinned 1:1 to physical CPUs? */
bool_t is_pinned;
/* Non-migratable and non-restoreable? */
@@ -533,6 +535,9 @@ struct domain *domain_create(domid_t domid, unsigned int domcr_flags,
/* DOMCRF_pvh: Create PV domain in HVM container. */
#define _DOMCRF_pvh 5
#define DOMCRF_pvh (1U<<_DOMCRF_pvh)
+ /* DOMCRF_xs_domain: xenstore domain */
+#define _DOMCRF_xs_domain 6
+#define DOMCRF_xs_domain (1U<<_DOMCRF_xs_domain)
/*
* rcu_lock_domain_by_id() is more efficient than get_domain_by_id().
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index e43f2a1..a07c4c6 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -71,6 +71,10 @@ static always_inline int xsm_default_action(
if ( src->is_privileged )
return 0;
return -EPERM;
+ case XSM_XS_PRIV:
+ if ( src->is_xenstore || src->is_privileged )
+ return 0;
+ return -EPERM;
default:
LINKER_BUG_ON(1);
return -EPERM;
@@ -123,6 +127,8 @@ static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd)
case XEN_DOMCTL_bind_pt_irq:
case XEN_DOMCTL_unbind_pt_irq:
return xsm_default_action(XSM_DM_PRIV, current->domain, d);
+ case XEN_DOMCTL_getdomaininfo:
+ return xsm_default_action(XSM_XS_PRIV, current->domain, d);
default:
return xsm_default_action(XSM_PRIV, current->domain, d);
}
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index f48cf60..01329b8 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -35,6 +35,7 @@ enum xsm_default {
XSM_DM_PRIV, /* Device model can perform on its target domain */
XSM_TARGET, /* Can perform on self or your target domain */
XSM_PRIV, /* Privileged - normally restricted to dom0 */
+ XSM_XS_PRIV, /* Xenstore domain can obtain domain info */
XSM_OTHER /* Something more complex */
};
typedef enum xsm_default xsm_default_t;
--
2.6.2
next prev parent reply other threads:[~2015-12-11 15:47 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-11 15:47 [PATCH 0/9] xenstore: make it easier to run xenstore in a domain Juergen Gross
2015-12-11 15:47 ` Juergen Gross [this message]
2015-12-11 15:54 ` Fwd: [PATCH 1/9] xen: add xenstore domain flag to hypervisor Juergen Gross
2015-12-15 22:18 ` Daniel De Graaf
2015-12-11 15:47 ` [PATCH 2/9] libxc: support new xenstore domain flag in libxc Juergen Gross
2015-12-11 15:47 ` [PATCH 3/9] xenstore: install init-xenstore-domain via make install Juergen Gross
2015-12-15 12:16 ` Ian Campbell
2015-12-15 12:19 ` Juergen Gross
2015-12-15 12:31 ` Ian Campbell
2015-12-15 21:41 ` Daniel De Graaf
2015-12-16 6:27 ` Juergen Gross
2015-12-16 10:01 ` Ian Campbell
2015-12-11 15:47 ` [PATCH 4/9] xenstore: add error messages to init-xenstore-domain Juergen Gross
2015-12-15 12:20 ` Ian Campbell
2015-12-15 21:54 ` Daniel De Graaf
2015-12-11 15:47 ` [PATCH 5/9] xenstore: modify init-xenstore-domain parameter syntax Juergen Gross
2015-12-15 12:22 ` Ian Campbell
2015-12-15 21:49 ` Daniel De Graaf
2015-12-11 15:47 ` [PATCH 6/9] xenstore: don't start xenstore domain if already one is active Juergen Gross
2015-12-15 12:23 ` Ian Campbell
2015-12-15 12:28 ` Juergen Gross
2015-12-15 12:32 ` Ian Campbell
2015-12-15 12:40 ` Juergen Gross
2015-12-15 12:47 ` Ian Campbell
2015-12-15 12:49 ` Juergen Gross
2015-12-11 15:47 ` [PATCH 7/9] xenstore: add init-xenstore-domain parameter to specify cmdline Juergen Gross
2015-12-15 12:24 ` Ian Campbell
2015-12-11 15:47 ` [PATCH 8/9] xenstore: write xenstore domain data to xenstore Juergen Gross
2015-12-15 12:26 ` Ian Campbell
2015-12-15 12:34 ` Juergen Gross
2015-12-15 12:49 ` Ian Campbell
2015-12-15 12:53 ` Juergen Gross
2015-12-15 13:19 ` Ian Campbell
2015-12-15 13:30 ` Juergen Gross
2015-12-17 8:26 ` Juergen Gross
2015-12-17 10:01 ` Ian Campbell
2015-12-17 10:08 ` Juergen Gross
2015-12-17 10:16 ` Ian Campbell
2015-12-11 15:47 ` [PATCH 9/9] xenstore: when running in mini-os use printk for diagnostic messages Juergen Gross
2015-12-15 12:31 ` Ian Campbell
2015-12-15 12:47 ` Juergen Gross
2015-12-15 12:52 ` Ian Campbell
2015-12-15 12:55 ` Juergen Gross
2015-12-15 14:06 ` Andrew Cooper
2015-12-15 14:57 ` Juergen Gross
2015-12-15 15:01 ` Andrew Cooper
2015-12-15 15:44 ` Juergen Gross
2015-12-17 16:38 ` Juergen Gross
2015-12-15 13:03 ` Samuel Thibault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449848861-7700-2-git-send-email-jgross@suse.com \
--to=jgross@suse.com \
--cc=Ian.Campbell@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=david.vrabel@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.orgA \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).