mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

xen: use libxendevice model to restrict operations

Browse Source 
This patch adds a command-line option (-xen-domid-restrict) which will
use the new libxendevicemodel API to restrict devicemodel [1] operations
to the specified domid. (Such operations are not applicable to the xenpv
machine type).

This patch also adds a tracepoint to allow successful enabling of the
restriction to be monitored.

[1] I.e. operations issued by libxendevicemodel. Operation issued by other
    xen libraries (e.g. libxenforeignmemory) are currently still unrestricted
    but this will be rectified by subsequent patches.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
This commit is contained in:
Paul Durrant 2017-03-22 09:39:15 +00:00 committed by Stefano Stabellini
parent f1167ee684
commit 1c599472b0
6 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hw/xen/trace-events
View File

@ -11,3 +11,4 @@ xen_map_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %
xen_unmap_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %u start: %#"PRIx64" end: %#"PRIx64 xen_unmap_portio_range(uint32_t id, uint64_t start_addr, uint64_t end_addr) "id: %u start: %#"PRIx64" end: %#"PRIx64
xen_map_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x" xen_map_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x"
xen_unmap_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x" xen_unmap_pcidev(uint32_t id, uint8_t bus, uint8_t dev, uint8_t func) "id: %u bdf: %02x.%02x.%02x"
xen_domid_restrict(int err) "err: %u"

1
include/hw/xen/xen.h
View File

@ -21,6 +21,7 @@ enum xen_mode {
extern uint32_t xen_domid; extern uint32_t xen_domid;
extern enum xen_mode xen_mode; extern enum xen_mode xen_mode;
extern bool xen_domid_restrict;
extern bool xen_allowed; extern bool xen_allowed;

20
include/hw/xen/xen_common.h
View File

@ -151,6 +151,13 @@ static inline int xendevicemodel_set_mem_type(
return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr); return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr);
} }
static inline int xendevicemodel_restrict(
xendevicemodel_handle *dmod, domid_t domid)
{
errno = ENOTTY;
return -1;
}
#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */ #else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */
#undef XC_WANT_COMPAT_DEVICEMODEL_API #undef XC_WANT_COMPAT_DEVICEMODEL_API
@ -206,6 +213,19 @@ static inline int xen_modified_memory(domid_t domid, uint64_t first_pfn,
return xendevicemodel_modified_memory(xen_dmod, domid, first_pfn, nr); return xendevicemodel_modified_memory(xen_dmod, domid, first_pfn, nr);
} }
static inline int xen_restrict(domid_t domid)
{
int rc = xendevicemodel_restrict(xen_dmod, domid);
trace_xen_domid_restrict(errno);
if (errno == ENOTTY) {
return 0;
}
return rc;
}
/* Xen 4.2 through 4.6 */ /* Xen 4.2 through 4.6 */
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40701 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40701

7
qemu-options.hx
View File

@ -3354,6 +3354,11 @@ DEF("xen-attach", 0, QEMU_OPTION_xen_attach,
"-xen-attach attach to existing xen domain\n" "-xen-attach attach to existing xen domain\n"
" xend will use this when starting QEMU\n", " xend will use this when starting QEMU\n",
QEMU_ARCH_ALL) QEMU_ARCH_ALL)
DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict,
"-xen-domid-restrict restrict set of available xen operations\n"
" to specified domain id. (Does not affect\n"
" xenpv machine type).\n",
QEMU_ARCH_ALL)
STEXI STEXI
@item -xen-domid @var{id} @item -xen-domid @var{id}
@findex -xen-domid @findex -xen-domid
@ -3366,6 +3371,8 @@ Warning: should not be used when xend is in use (XEN only).
@findex -xen-attach @findex -xen-attach
Attach to existing xen domain. Attach to existing xen domain.
xend will use this when starting QEMU (XEN only). xend will use this when starting QEMU (XEN only).
@findex -xen-domid-restrict
Restrict set of available xen operations to specified domain id (XEN only).
ETEXI ETEXI
DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \ DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \

8
vl.c
View File

@ -205,6 +205,7 @@ static NotifierList machine_init_done_notifiers =
bool xen_allowed; bool xen_allowed;
uint32_t xen_domid; uint32_t xen_domid;
enum xen_mode xen_mode = XEN_EMULATE; enum xen_mode xen_mode = XEN_EMULATE;
bool xen_domid_restrict;
static int has_defaults = 1; static int has_defaults = 1;
static int default_serial = 1; static int default_serial = 1;
@ -3933,6 +3934,13 @@ int main(int argc, char **argv, char **envp)
} }
xen_mode = XEN_ATTACH; xen_mode = XEN_ATTACH;
break; break;
case QEMU_OPTION_xen_domid_restrict:
if (!(xen_available())) {
error_report("Option not supported for this target");
exit(1);
}
xen_domid_restrict = true;
break;
case QEMU_OPTION_trace: case QEMU_OPTION_trace:
g_free(trace_file); g_free(trace_file);
trace_file = trace_opt_parse(optarg); trace_file = trace_opt_parse(optarg);

8
xen-hvm.c
View File

@ -1226,6 +1226,14 @@ void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
goto err; goto err;
} }
if (xen_domid_restrict) {
rc = xen_restrict(xen_domid);
if (rc < 0) {
error_report("failed to restrict: error %d", errno);
goto err;
}
}
xen_create_ioreq_server(xen_domid, &state->ioservid); xen_create_ioreq_server(xen_domid, &state->ioservid);
state->exit.notify = xen_exit_notifier; state->exit.notify = xen_exit_notifier;