From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: xen-devel@lists.xen.org
Cc: wei.liu2@citrix.com, andrew.cooper3@citrix.com,
ian.jackson@eu.citrix.com, jbeulich@suse.com,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
roger.pau@citrix.com
Subject: [PATCH v6 01/12] domctl: Add XEN_DOMCTL_acpi_access
Date: Tue, 3 Jan 2017 09:04:05 -0500 [thread overview]
Message-ID: <1483452256-2879-2-git-send-email-boris.ostrovsky@oracle.com> (raw)
In-Reply-To: <1483452256-2879-1-git-send-email-boris.ostrovsky@oracle.com>
This domctl will allow toolstack to read and write some
ACPI registers. It will be available to both x86 and ARM
but will be implemented first only for x86
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
---
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
Changes in v6:
* Fold xen_acpi_access into xen_domctl_acpi_access
* Some new error return values
tools/flask/policy/modules/dom0.te | 2 +-
tools/flask/policy/modules/xen.if | 4 ++--
xen/arch/x86/domctl.c | 7 +++++++
xen/arch/x86/hvm/Makefile | 1 +
xen/arch/x86/hvm/acpi.c | 24 ++++++++++++++++++++++++
xen/include/asm-x86/hvm/domain.h | 3 +++
xen/include/public/domctl.h | 17 +++++++++++++++++
xen/xsm/flask/hooks.c | 3 +++
xen/xsm/flask/policy/access_vectors | 2 ++
9 files changed, 60 insertions(+), 3 deletions(-)
create mode 100644 xen/arch/x86/hvm/acpi.c
diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index d0a4d91..475d446 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -39,7 +39,7 @@ allow dom0_t dom0_t:domain {
};
allow dom0_t dom0_t:domain2 {
set_cpuid gettsc settsc setscheduler set_max_evtchn set_vnumainfo
- get_vnumainfo psr_cmt_op psr_cat_op
+ get_vnumainfo psr_cmt_op psr_cat_op acpi_access
};
allow dom0_t dom0_t:resource { add remove };
diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if
index 1aca75d..42a8cc2 100644
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -52,7 +52,7 @@ define(`create_domain_common', `
settime setdomainhandle getvcpucontext set_misc_info };
allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim
set_max_evtchn set_vnumainfo get_vnumainfo cacheflush
- psr_cmt_op psr_cat_op soft_reset };
+ psr_cmt_op psr_cat_op soft_reset acpi_access };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp };
@@ -85,7 +85,7 @@ define(`manage_domain', `
getaddrsize pause unpause trigger shutdown destroy
setaffinity setdomainmaxmem getscheduler resume
setpodtarget getpodtarget };
- allow $1 $2:domain2 set_vnumainfo;
+ allow $1 $2:domain2 { set_vnumainfo acpi_access };
')
# migrate_domain_out(priv, target)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index ab9ad39..2904e49 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1425,6 +1425,13 @@ long arch_do_domctl(
}
break;
+ case XEN_DOMCTL_acpi_access:
+ if ( !is_hvm_domain(d) )
+ ret = -ENODEV;
+ else
+ ret = hvm_acpi_domctl_access(d, &domctl->u.acpi_access);
+ break;
+
default:
ret = iommu_do_domctl(domctl, d, u_domctl);
break;
diff --git a/xen/arch/x86/hvm/Makefile b/xen/arch/x86/hvm/Makefile
index f750d13..bae3244 100644
--- a/xen/arch/x86/hvm/Makefile
+++ b/xen/arch/x86/hvm/Makefile
@@ -1,6 +1,7 @@
subdir-y += svm
subdir-y += vmx
+obj-y += acpi.o
obj-y += asid.o
obj-y += emulate.o
obj-y += hpet.o
diff --git a/xen/arch/x86/hvm/acpi.c b/xen/arch/x86/hvm/acpi.c
new file mode 100644
index 0000000..04901c1
--- /dev/null
+++ b/xen/arch/x86/hvm/acpi.c
@@ -0,0 +1,24 @@
+/* acpi.c: ACPI access handling
+ *
+ * Copyright (c) 2016 Oracle and/or its affiliates. All rights reserved.
+ */
+#include <xen/errno.h>
+#include <xen/lib.h>
+#include <xen/sched.h>
+
+
+int hvm_acpi_domctl_access(struct domain *d,
+ const struct xen_domctl_acpi_access *access)
+{
+ return -ENOSYS;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h
index d55d180..52f934a 100644
--- a/xen/include/asm-x86/hvm/domain.h
+++ b/xen/include/asm-x86/hvm/domain.h
@@ -166,6 +166,9 @@ struct hvm_domain {
#define hap_enabled(d) ((d)->arch.hvm_domain.hap_enabled)
+int hvm_acpi_domctl_access(struct domain *d,
+ const struct xen_domctl_acpi_access *access);
+
#endif /* __ASM_X86_HVM_DOMAIN_H__ */
/*
diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
index 85cbb7c..5978664 100644
--- a/xen/include/public/domctl.h
+++ b/xen/include/public/domctl.h
@@ -1145,6 +1145,21 @@ struct xen_domctl_psr_cat_op {
typedef struct xen_domctl_psr_cat_op xen_domctl_psr_cat_op_t;
DEFINE_XEN_GUEST_HANDLE(xen_domctl_psr_cat_op_t);
+struct xen_domctl_acpi_access {
+#define XEN_DOMCTL_ACPI_READ 0
+#define XEN_DOMCTL_ACPI_WRITE 1
+ uint8_t rw; /* IN: Read or write */
+#define XEN_ACPI_SYSTEM_MEMORY 0
+#define XEN_ACPI_SYSTEM_IO 1
+ uint8_t space_id; /* IN: Address space */
+ uint8_t width; /* IN: Access size (bytes) */
+ uint8_t pad[5];
+ uint64_aligned_t address; /* IN: 64-bit address of register */
+ XEN_GUEST_HANDLE_64(void) val; /* IN/OUT: data */
+};
+typedef struct xen_domctl_acpi_access xen_domctl_acpi_access_t;
+DEFINE_XEN_GUEST_HANDLE(xen_domctl_acpi_access_t);
+
struct xen_domctl {
uint32_t cmd;
#define XEN_DOMCTL_createdomain 1
@@ -1222,6 +1237,7 @@ struct xen_domctl {
#define XEN_DOMCTL_monitor_op 77
#define XEN_DOMCTL_psr_cat_op 78
#define XEN_DOMCTL_soft_reset 79
+#define XEN_DOMCTL_acpi_access 80
#define XEN_DOMCTL_gdbsx_guestmemio 1000
#define XEN_DOMCTL_gdbsx_pausevcpu 1001
#define XEN_DOMCTL_gdbsx_unpausevcpu 1002
@@ -1284,6 +1300,7 @@ struct xen_domctl {
struct xen_domctl_psr_cmt_op psr_cmt_op;
struct xen_domctl_monitor_op monitor_op;
struct xen_domctl_psr_cat_op psr_cat_op;
+ struct xen_domctl_acpi_access acpi_access;
uint8_t pad[128];
} u;
};
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 040a251..c1ba42e 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -748,6 +748,9 @@ static int flask_domctl(struct domain *d, int cmd)
case XEN_DOMCTL_soft_reset:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SOFT_RESET);
+ case XEN_DOMCTL_acpi_access:
+ return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__ACPI_ACCESS);
+
default:
return avc_unknown_permission("domctl", cmd);
}
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors
index 92e6da9..e40258e 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -246,6 +246,8 @@ class domain2
mem_sharing
# XEN_DOMCTL_psr_cat_op
psr_cat_op
+# XEN_DOMCTL_acpi_access
+ acpi_access
}
# Similar to class domain, but primarily contains domctls related to HVM domains
--
2.7.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-01-03 14:04 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-03 14:04 [PATCH v6 00/12] PVH VCPU hotplug support Boris Ostrovsky
2017-01-03 14:04 ` Boris Ostrovsky [this message]
2017-01-03 18:21 ` [PATCH v6 01/12] domctl: Add XEN_DOMCTL_acpi_access Daniel De Graaf
2017-01-03 20:51 ` Konrad Rzeszutek Wilk
2017-01-03 14:04 ` [PATCH v6 02/12] x86/save: public/arch-x86/hvm/save.h is available to hypervisor and tools only Boris Ostrovsky
2017-01-03 16:55 ` Jan Beulich
2017-01-03 14:04 ` [PATCH v6 03/12] pvh/acpi: Install handlers for ACPI-related PVH IO accesses Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 04/12] pvh/acpi: Handle ACPI accesses for PVH guests Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 05/12] x86/domctl: Handle ACPI access from domctl Boris Ostrovsky
2017-07-31 14:14 ` Ross Lagerwall
2017-07-31 14:59 ` Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 06/12] events/x86: Define SCI virtual interrupt Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 07/12] pvh: Send an SCI on VCPU hotplug event Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 08/12] libxl: Update xenstore on VCPU hotplug for all guest types Boris Ostrovsky
2017-01-04 10:36 ` Wei Liu
2017-01-03 14:04 ` [PATCH v6 09/12] tools: Call XEN_DOMCTL_acpi_access on PVH VCPU hotplug Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 10/12] pvh: Set online VCPU map to avail_vcpus Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 11/12] pvh/acpi: Save ACPI registers for PVH guests Boris Ostrovsky
2017-01-03 14:04 ` [PATCH v6 12/12] docs: Describe PVHv2's VCPU hotplug procedure Boris Ostrovsky
2017-01-03 16:58 ` Jan Beulich
2017-01-03 19:33 ` Boris Ostrovsky
2017-01-04 9:26 ` Jan Beulich
2017-01-03 18:19 ` Stefano Stabellini
2017-01-03 20:31 ` Boris Ostrovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483452256-2879-2-git-send-email-boris.ostrovsky@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).