From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Ed White <edmund.h.white@intel.com>, xen-devel@lists.xen.org
Cc: Ravi Sahita <ravi.sahita@intel.com>,
Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
Jan Beulich <jbeulich@suse.com>,
tlengyel@novetta.com, Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH v2 10/12] x86/altp2m: define and implement alternate p2m HVMOP types.
Date: Wed, 24 Jun 2015 14:58:31 +0100 [thread overview]
Message-ID: <558AB787.9000006@citrix.com> (raw)
In-Reply-To: <1434999372-3688-11-git-send-email-edmund.h.white@intel.com>
On 22/06/15 19:56, Ed White wrote:
> Signed-off-by: Ed White <edmund.h.white@intel.com>
> ---
> xen/arch/x86/hvm/hvm.c | 216 ++++++++++++++++++++++++++++++++++++++++
> xen/include/public/hvm/hvm_op.h | 69 +++++++++++++
> 2 files changed, 285 insertions(+)
>
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index b758ee1..b3e74ce 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -6424,6 +6424,222 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
> break;
> }
>
> + case HVMOP_altp2m_get_domain_state:
> + {
> + struct xen_hvm_altp2m_domain_state a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() )
> + goto param_fail9;
> +
> + a.state = altp2mhvm_active(d);
> + rc = copy_to_guest(arg, &a, 1) ? -EFAULT : 0;
> +
> + param_fail9:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> + case HVMOP_altp2m_set_domain_state:
> + {
> + struct xen_hvm_altp2m_domain_state a;
> + struct domain *d;
> + struct vcpu *v;
> + bool_t ostate;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + nestedhvm_enabled(d) )
> + goto param_fail10;
> +
> + ostate = d->arch.altp2m_active;
> + d->arch.altp2m_active = !!a.state;
> +
> + /* If the alternate p2m state has changed, handle appropriately */
> + if ( d->arch.altp2m_active != ostate )
> + {
> + if ( !ostate && !p2m_init_altp2m_by_id(d, 0) )
> + goto param_fail10;
Indentation.
> +
> + for_each_vcpu( d, v )
> + if (!ostate)
> + altp2mhvm_vcpu_initialise(v);
> + else
> + altp2mhvm_vcpu_destroy(v);
Although strictly speaking this is (almost) ok by the style guidelines,
it would probably be better to have braces for the for_each_vcpu()
loop. Also, spaces for the brackets for !ostate.
> +
> + if ( ostate )
> + p2m_flush_altp2m(d);
> + }
> +
> + rc = 0;
> +
> + param_fail10:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> + case HVMOP_altp2m_vcpu_enable_notify:
> + {
> + struct domain *curr_d = current->domain;
> + struct vcpu *curr = current;
> + struct xen_hvm_altp2m_vcpu_enable_notify a;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + if ( !is_hvm_domain(curr_d) || !hvm_altp2m_supported() ||
> + !curr_d->arch.altp2m_active || vcpu_altp2mhvm(curr).veinfo_gfn )
> + return -EINVAL;
> +
> + vcpu_altp2mhvm(curr).veinfo_gfn = a.pfn;
> + ahvm_vcpu_update_vmfunc_ve(curr);
You need a gfn bounds check against the host p2m here.
> + rc = 0;
> +
> + break;
> + }
> +
> + case HVMOP_altp2m_create_p2m:
> + {
> + struct xen_hvm_altp2m_view a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail11;
> +
> + if ( !p2m_init_next_altp2m(d, &a.view) )
> + goto param_fail11;
> +
> + rc = copy_to_guest(arg, &a, 1) ? -EFAULT : 0;
> +
> + param_fail11:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> + case HVMOP_altp2m_destroy_p2m:
> + {
> + struct xen_hvm_altp2m_view a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail12;
> +
> + if ( p2m_destroy_altp2m_by_id(d, a.view) )
> + rc = 0;
> +
> + param_fail12:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> + case HVMOP_altp2m_switch_p2m:
> + {
> + struct xen_hvm_altp2m_view a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail13;
> +
> + if ( p2m_switch_domain_altp2m_by_id(d, a.view) )
> + rc = 0;
> +
> + param_fail13:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> + case HVMOP_altp2m_set_mem_access:
> + {
> + struct xen_hvm_altp2m_set_mem_access a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail14;
> +
> + if ( p2m_set_altp2m_mem_access(d, a.view, a.pfn, a.hvmmem_access) )
> + rc = 0;
> +
> + param_fail14:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> + case HVMOP_altp2m_change_pfn:
> + {
> + struct xen_hvm_altp2m_change_pfn a;
> + struct domain *d;
> +
> + if ( copy_from_guest(&a, arg, 1) )
> + return -EFAULT;
> +
> + d = rcu_lock_domain_by_any_id(a.domid);
> + if ( d == NULL )
> + return -ESRCH;
> +
> + rc = -EINVAL;
> + if ( !is_hvm_domain(d) || !hvm_altp2m_supported() ||
> + !d->arch.altp2m_active )
> + goto param_fail15;
> +
> + if ( p2m_change_altp2m_pfn(d, a.view, a.old_pfn, a.new_pfn) )
> + rc = 0;
> +
> + param_fail15:
> + rcu_unlock_domain(d);
> + break;
> + }
> +
> default:
> {
> gdprintk(XENLOG_DEBUG, "Bad HVM op %ld.\n", op);
> diff --git a/xen/include/public/hvm/hvm_op.h b/xen/include/public/hvm/hvm_op.h
> index cde3571..f6abce9 100644
> --- a/xen/include/public/hvm/hvm_op.h
> +++ b/xen/include/public/hvm/hvm_op.h
> @@ -389,6 +389,75 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_evtchn_upcall_vector_t);
>
> #endif /* defined(__i386__) || defined(__x86_64__) */
>
We have an upper ABI limit of 255 HVMOPs. As such, I would recommend
having a single HVMOP_altp2m and a subop which lives as the first
parameter in any structure.
~Andrew
> +/* Set/get the altp2m state for a domain */
> +#define HVMOP_altp2m_set_domain_state 24
> +#define HVMOP_altp2m_get_domain_state 25
> +struct xen_hvm_altp2m_domain_state {
> + /* Domain to be updated or queried */
> + domid_t domid;
> + /* IN or OUT variable on/off */
> + uint8_t state;
> +};
> +typedef struct xen_hvm_altp2m_domain_state xen_hvm_altp2m_domain_state_t;
> +DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_domain_state_t);
> +
> +/* Set the current VCPU to receive altp2m event notifications */
> +#define HVMOP_altp2m_vcpu_enable_notify 26
> +struct xen_hvm_altp2m_vcpu_enable_notify {
> + /* #VE info area pfn */
> + uint64_t pfn;
> +};
> +typedef struct xen_hvm_altp2m_vcpu_enable_notify xen_hvm_altp2m_vcpu_enable_notify_t;
> +DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_vcpu_enable_notify_t);
> +
> +/* Create a new view */
> +#define HVMOP_altp2m_create_p2m 27
> +/* Destroy a view */
> +#define HVMOP_altp2m_destroy_p2m 28
> +/* Switch view for an entire domain */
> +#define HVMOP_altp2m_switch_p2m 29
> +struct xen_hvm_altp2m_view {
> + /* Domain to be updated */
> + domid_t domid;
> + /* IN/OUT variable */
> + uint16_t view;
> + /* Create view only: default access type
> + * NOTE: currently ignored */
> + uint16_t hvmmem_default_access; /* xenmem_access_t */
> +};
> +typedef struct xen_hvm_altp2m_view xen_hvm_altp2m_view_t;
> +DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_view_t);
> +
> +/* Notify that a page of memory is to have specific access types */
> +#define HVMOP_altp2m_set_mem_access 30
> +struct xen_hvm_altp2m_set_mem_access {
> + /* Domain to be updated. */
> + domid_t domid;
> + /* view */
> + uint16_t view;
> + /* Memory type */
> + uint16_t hvmmem_access; /* xenmem_access_t */
> + /* pfn */
> + uint64_t pfn;
> +};
> +typedef struct xen_hvm_altp2m_set_mem_access xen_hvm_altp2m_set_mem_access_t;
> +DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_set_mem_access_t);
> +
> +/* Change a p2m entry to map a different pfn */
> +#define HVMOP_altp2m_change_pfn 31
> +struct xen_hvm_altp2m_change_pfn {
> + /* Domain to be updated. */
> + domid_t domid;
> + /* view */
> + uint16_t view;
> + /* old pfn */
> + uint64_t old_pfn;
> + /* new pfn, -1 means revert */
> + uint64_t new_pfn;
> +};
> +typedef struct xen_hvm_altp2m_change_pfn xen_hvm_altp2m_change_pfn_t;
> +DEFINE_XEN_GUEST_HANDLE(xen_hvm_altp2m_change_pfn_t);
> +
> #endif /* __XEN_PUBLIC_HVM_HVM_OP_H__ */
>
> /*
next prev parent reply other threads:[~2015-06-24 13:58 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-22 18:56 [PATCH v2 00/12] Alternate p2m: support multiple copies of host p2m Ed White
2015-06-22 18:56 ` [PATCH v2 01/12] VMX: VMFUNC and #VE definitions and detection Ed White
2015-06-24 8:45 ` Andrew Cooper
2015-06-22 18:56 ` [PATCH v2 02/12] VMX: implement suppress #VE Ed White
2015-06-24 9:35 ` Andrew Cooper
2015-06-29 14:20 ` George Dunlap
2015-06-29 14:31 ` Andrew Cooper
2015-06-29 15:03 ` George Dunlap
2015-06-29 16:21 ` Sahita, Ravi
2015-06-29 16:21 ` Ed White
2015-06-22 18:56 ` [PATCH v2 03/12] x86/HVM: Hardware alternate p2m support detection Ed White
2015-06-24 9:44 ` Andrew Cooper
2015-06-24 10:07 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 04/12] x86/altp2m: basic data structures and support routines Ed White
2015-06-24 10:06 ` Andrew Cooper
2015-06-24 10:23 ` Jan Beulich
2015-06-24 17:20 ` Ed White
2015-06-24 10:29 ` Andrew Cooper
2015-06-24 11:14 ` Andrew Cooper
2015-06-26 21:17 ` Ed White
2015-06-27 19:25 ` Ed White
2015-06-29 13:00 ` Andrew Cooper
2015-06-29 16:23 ` Ed White
2015-06-24 14:44 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 05/12] VMX/altp2m: add code to support EPTP switching and #VE Ed White
2015-06-24 11:59 ` Andrew Cooper
2015-06-24 17:31 ` Ed White
2015-06-24 17:40 ` Andrew Cooper
2015-06-22 18:56 ` [PATCH v2 06/12] VMX: add VMFUNC leaf 0 (EPTP switching) to emulator Ed White
2015-06-24 12:47 ` Andrew Cooper
2015-06-24 20:29 ` Ed White
2015-06-25 8:26 ` Jan Beulich
2015-06-24 14:26 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 07/12] x86/altp2m: add control of suppress_ve Ed White
2015-06-24 13:05 ` Andrew Cooper
2015-06-24 14:38 ` Jan Beulich
2015-06-24 17:53 ` Ed White
2015-06-25 8:12 ` Jan Beulich
2015-06-25 16:36 ` Ed White
2015-06-26 6:04 ` Jan Beulich
2015-06-26 16:27 ` Ed White
2015-07-06 17:12 ` George Dunlap
2015-07-06 17:35 ` Ed White
2015-07-06 18:29 ` George Dunlap
2015-07-06 18:43 ` Ed White
2015-07-07 10:10 ` George Dunlap
2015-07-07 16:24 ` Ed White
2015-07-07 17:33 ` George Dunlap
2015-07-07 17:38 ` Sahita, Ravi
2015-07-08 7:24 ` Jan Beulich
2015-07-08 10:12 ` Tim Deegan
2015-07-08 12:51 ` George Dunlap
2015-07-08 7:23 ` Jan Beulich
2015-07-07 8:04 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 08/12] x86/altp2m: alternate p2m memory events Ed White
2015-06-24 13:09 ` Andrew Cooper
2015-06-24 16:01 ` Lengyel, Tamas
2015-06-24 18:02 ` Ed White
2015-06-22 18:56 ` [PATCH v2 09/12] x86/altp2m: add remaining support routines Ed White
2015-06-23 18:15 ` Lengyel, Tamas
2015-06-23 18:52 ` Ed White
2015-06-23 19:35 ` Lengyel, Tamas
2015-06-24 13:46 ` Andrew Cooper
2015-06-24 17:47 ` Ed White
2015-06-24 18:19 ` Andrew Cooper
2015-06-26 16:30 ` Ed White
2015-06-29 13:03 ` Andrew Cooper
2015-06-29 16:24 ` Ed White
2015-06-24 16:15 ` Lengyel, Tamas
2015-06-24 18:06 ` Ed White
2015-06-25 8:52 ` Ian Campbell
2015-06-25 16:27 ` Ed White
2015-06-25 12:44 ` Lengyel, Tamas
2015-06-25 13:40 ` Razvan Cojocaru
2015-06-25 16:48 ` Ed White
2015-06-25 17:39 ` Sahita, Ravi
2015-06-25 18:22 ` Razvan Cojocaru
2015-06-25 18:23 ` Lengyel, Tamas
2015-06-25 20:46 ` Ed White
2015-06-25 22:45 ` Lengyel, Tamas
2015-06-25 23:10 ` Ed White
2015-06-25 2:44 ` Lengyel, Tamas
2015-06-25 16:31 ` Ed White
2015-06-25 17:42 ` Lengyel, Tamas
2015-06-25 20:27 ` Ed White
2015-06-25 21:33 ` Lengyel, Tamas
2015-06-22 18:56 ` [PATCH v2 10/12] x86/altp2m: define and implement alternate p2m HVMOP types Ed White
2015-06-24 13:58 ` Andrew Cooper [this message]
2015-06-24 14:53 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 11/12] x86/altp2m: Add altp2mhvm HVM domain parameter Ed White
2015-06-24 14:06 ` Andrew Cooper
2015-06-24 14:59 ` Jan Beulich
2015-06-24 17:57 ` Ed White
2015-06-24 18:08 ` Andrew Cooper
2015-06-25 8:34 ` Jan Beulich
2015-06-25 8:33 ` Jan Beulich
2015-06-22 18:56 ` [PATCH v2 12/12] x86/altp2m: XSM hooks for altp2m HVM ops Ed White
2015-06-26 19:24 ` Daniel De Graaf
2015-06-26 19:35 ` Ed White
2015-06-29 17:52 ` Daniel De Graaf
2015-06-29 17:55 ` Sahita, Ravi
2015-06-23 21:27 ` [PATCH v2 00/12] Alternate p2m: support multiple copies of host p2m Lengyel, Tamas
2015-06-23 22:25 ` Ed White
2015-06-24 5:39 ` Razvan Cojocaru
2015-06-24 13:32 ` Lengyel, Tamas
2015-06-24 13:37 ` Razvan Cojocaru
2015-06-24 16:43 ` Ed White
2015-06-24 21:34 ` Lengyel, Tamas
2015-06-24 22:02 ` Ed White
2015-06-24 22:45 ` Lengyel, Tamas
2015-06-24 22:55 ` Ed White
2015-06-25 9:00 ` Andrew Cooper
2015-06-25 16:38 ` Ed White
2015-06-25 17:29 ` Lengyel, Tamas
2015-06-25 20:34 ` Ed White
2015-06-24 14:10 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=558AB787.9000006@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=edmund.h.white@intel.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=ravi.sahita@intel.com \
--cc=tim@xen.org \
--cc=tlengyel@novetta.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox