Joe Epstein
2011-Jan-04 22:07 UTC
[Xen-devel] [PATCH 3 of 6] REDO: mem_access & mem_access 2: access listener can be required
* Adds the ability to create a domain that requires an access listener;
that is, it pauses the VCPU if there is no memory event listener.
Signed-off-by: Joe Epstein <jepstein98@gmail.com>
diff -r 06b0916eb91d -r 85a7611248b8 xen/include/public/domctl.h
--- a/xen/include/public/domctl.h Tue Jan 04 11:59:48 2011 -0800
+++ b/xen/include/public/domctl.h Tue Jan 04 12:16:42 2011 -0800
@@ -47,17 +47,20 @@
uint32_t ssidref;
xen_domain_handle_t handle;
/* Is this an HVM guest (as opposed to a PV guest)? */
-#define _XEN_DOMCTL_CDF_hvm_guest 0
-#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest)
+#define _XEN_DOMCTL_CDF_hvm_guest 0
+#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest)
/* Use hardware-assisted paging if available? */
-#define _XEN_DOMCTL_CDF_hap 1
-#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap)
+#define _XEN_DOMCTL_CDF_hap 1
+#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap)
/* Should domain memory integrity be verifed by tboot during Sx? */
-#define _XEN_DOMCTL_CDF_s3_integrity 2
-#define XEN_DOMCTL_CDF_s3_integrity (1U<<_XEN_DOMCTL_CDF_s3_integrity)
+#define _XEN_DOMCTL_CDF_s3_integrity 2
+#define XEN_DOMCTL_CDF_s3_integrity
(1U<<_XEN_DOMCTL_CDF_s3_integrity)
/* Disable out-of-sync shadow page tables? */
-#define _XEN_DOMCTL_CDF_oos_off 3
-#define XEN_DOMCTL_CDF_oos_off (1U<<_XEN_DOMCTL_CDF_oos_off)
+#define _XEN_DOMCTL_CDF_oos_off 3
+#define XEN_DOMCTL_CDF_oos_off (1U<<_XEN_DOMCTL_CDF_oos_off)
+ /* Require mem_event listener for access; else pause */
+#define _XEN_DOMCTL_CDF_access_required 4
+#define XEN_DOMCTL_CDF_access_required
(1U<<_XEN_DOMCTL_CDF_access_required)
uint32_t flags;
};
typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
diff -r 06b0916eb91d -r 85a7611248b8 xen/include/xen/sched.h
--- a/xen/include/xen/sched.h Tue Jan 04 11:59:48 2011 -0800
+++ b/xen/include/xen/sched.h Tue Jan 04 12:16:42 2011 -0800
@@ -403,22 +403,24 @@
struct domain *domain_create(
domid_t domid, unsigned int domcr_flags, ssidref_t ssidref);
/* DOMCRF_hvm: Create an HVM domain, as opposed to a PV domain. */
-#define _DOMCRF_hvm 0
-#define DOMCRF_hvm (1U<<_DOMCRF_hvm)
+#define _DOMCRF_hvm 0
+#define DOMCRF_hvm (1U<<_DOMCRF_hvm)
/* DOMCRF_hap: Create a domain with hardware-assisted paging. */
-#define _DOMCRF_hap 1
-#define DOMCRF_hap (1U<<_DOMCRF_hap)
+#define _DOMCRF_hap 1
+#define DOMCRF_hap (1U<<_DOMCRF_hap)
/* DOMCRF_s3_integrity: Create a domain with tboot memory integrity protection
by tboot */
-#define _DOMCRF_s3_integrity 2
-#define DOMCRF_s3_integrity (1U<<_DOMCRF_s3_integrity)
+#define _DOMCRF_s3_integrity 2
+#define DOMCRF_s3_integrity (1U<<_DOMCRF_s3_integrity)
/* DOMCRF_dummy: Create a dummy domain (not scheduled; not on domain list) */
-#define _DOMCRF_dummy 3
-#define DOMCRF_dummy (1U<<_DOMCRF_dummy)
+#define _DOMCRF_dummy 3
+#define DOMCRF_dummy (1U<<_DOMCRF_dummy)
/* DOMCRF_oos_off: dont use out-of-sync optimization for shadow page tables */
-#define _DOMCRF_oos_off 4
-#define DOMCRF_oos_off (1U<<_DOMCRF_oos_off)
-
+#define _DOMCRF_oos_off 4
+#define DOMCRF_oos_off (1U<<_DOMCRF_oos_off)
+/* DOMCRF_access_required: mem_event listener required for access;
else pause */
+#define _DOMCRF_access_required 5
+#define DOMCRF_access_required (1U<<_DOMCRF_access_required)
/*
* rcu_lock_domain_by_id() is more efficient than get_domain_by_id().
* This is the preferred function if the returned domain reference
diff -r 06b0916eb91d -r 85a7611248b8 xen/include/asm-x86/p2m.h
--- a/xen/include/asm-x86/p2m.h Tue Jan 04 11:59:48 2011 -0800
+++ b/xen/include/asm-x86/p2m.h Tue Jan 04 12:16:42 2011 -0800
@@ -422,7 +422,7 @@
}
/* Init the datastructures for later use by the p2m code */
-int p2m_init(struct domain *d);
+int p2m_init(struct domain *d, unsigned int domcr_flags);
/* Allocate a new p2m table for a domain.
*
diff -r 06b0916eb91d -r 85a7611248b8 xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c Tue Jan 04 11:59:48 2011 -0800
+++ b/xen/arch/x86/mm/p2m.c Tue Jan 04 12:16:42 2011 -0800
@@ -1744,7 +1744,7 @@
return;
}
-int p2m_init(struct domain *d)
+int p2m_init(struct domain *d, unsigned int domcr_flags)
{
struct p2m_domain *p2m;
@@ -1752,7 +1752,10 @@
if ( p2m == NULL )
return -ENOMEM;
p2m_initialise(d, p2m);
-
+
+ if ( domcr_flags & DOMCRF_access_required )
+ p2m->access_required = 1;
+
return 0;
}
diff -r 06b0916eb91d -r 85a7611248b8 xen/arch/x86/mm/paging.c
--- a/xen/arch/x86/mm/paging.c Tue Jan 04 11:59:48 2011 -0800
+++ b/xen/arch/x86/mm/paging.c Tue Jan 04 12:16:42 2011 -0800
@@ -647,7 +647,7 @@
{
int rc;
- if ( (rc = p2m_init(d)) != 0 )
+ if ( (rc = p2m_init(d, domcr_flags)) != 0 )
return rc;
/* The order of the *_init calls below is important, as the later
diff -r 06b0916eb91d -r 85a7611248b8 xen/common/domctl.c
--- a/xen/common/domctl.c Tue Jan 04 11:59:48 2011 -0800
+++ b/xen/common/domctl.c Tue Jan 04 12:16:42 2011 -0800
@@ -398,7 +398,7 @@
if ( supervisor_mode_kernel ||
(op->u.createdomain.flags &
~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap |
- XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off)) )
+ XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off |
XEN_DOMCTL_CDF_access_required)) )
break;
dom = op->domain;
@@ -434,6 +434,8 @@
domcr_flags |= DOMCRF_s3_integrity;
if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_oos_off )
domcr_flags |= DOMCRF_oos_off;
+ if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_access_required )
+ domcr_flags |= DOMCRF_access_required;
ret = -ENOMEM;
d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref);
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Keir Fraser
2011-Jan-05 12:16 UTC
Re: [Xen-devel] [PATCH 3 of 6] REDO: mem_access & mem_access 2: access listener can be required
I don''t like to add extra creation flags unless it''s really hard to avoid. Could you have a domctl to specify this flag after the domain is created? -- Keir On 04/01/2011 22:07, "Joe Epstein" <jepstein98@gmail.com> wrote:> * Adds the ability to create a domain that requires an access listener; > that is, it pauses the VCPU if there is no memory event listener. > > Signed-off-by: Joe Epstein <jepstein98@gmail.com> > > diff -r 06b0916eb91d -r 85a7611248b8 xen/include/public/domctl.h > --- a/xen/include/public/domctl.h Tue Jan 04 11:59:48 2011 -0800 > +++ b/xen/include/public/domctl.h Tue Jan 04 12:16:42 2011 -0800 > @@ -47,17 +47,20 @@ > uint32_t ssidref; > xen_domain_handle_t handle; > /* Is this an HVM guest (as opposed to a PV guest)? */ > -#define _XEN_DOMCTL_CDF_hvm_guest 0 > -#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest) > +#define _XEN_DOMCTL_CDF_hvm_guest 0 > +#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest) > /* Use hardware-assisted paging if available? */ > -#define _XEN_DOMCTL_CDF_hap 1 > -#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap) > +#define _XEN_DOMCTL_CDF_hap 1 > +#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap) > /* Should domain memory integrity be verifed by tboot during Sx? */ > -#define _XEN_DOMCTL_CDF_s3_integrity 2 > -#define XEN_DOMCTL_CDF_s3_integrity (1U<<_XEN_DOMCTL_CDF_s3_integrity) > +#define _XEN_DOMCTL_CDF_s3_integrity 2 > +#define XEN_DOMCTL_CDF_s3_integrity (1U<<_XEN_DOMCTL_CDF_s3_integrity) > /* Disable out-of-sync shadow page tables? */ > -#define _XEN_DOMCTL_CDF_oos_off 3 > -#define XEN_DOMCTL_CDF_oos_off (1U<<_XEN_DOMCTL_CDF_oos_off) > +#define _XEN_DOMCTL_CDF_oos_off 3 > +#define XEN_DOMCTL_CDF_oos_off (1U<<_XEN_DOMCTL_CDF_oos_off) > + /* Require mem_event listener for access; else pause */ > +#define _XEN_DOMCTL_CDF_access_required 4 > +#define XEN_DOMCTL_CDF_access_required > (1U<<_XEN_DOMCTL_CDF_access_required) > uint32_t flags; > }; > typedef struct xen_domctl_createdomain xen_domctl_createdomain_t; > diff -r 06b0916eb91d -r 85a7611248b8 xen/include/xen/sched.h > --- a/xen/include/xen/sched.h Tue Jan 04 11:59:48 2011 -0800 > +++ b/xen/include/xen/sched.h Tue Jan 04 12:16:42 2011 -0800 > @@ -403,22 +403,24 @@ > struct domain *domain_create( > domid_t domid, unsigned int domcr_flags, ssidref_t ssidref); > /* DOMCRF_hvm: Create an HVM domain, as opposed to a PV domain. */ > -#define _DOMCRF_hvm 0 > -#define DOMCRF_hvm (1U<<_DOMCRF_hvm) > +#define _DOMCRF_hvm 0 > +#define DOMCRF_hvm (1U<<_DOMCRF_hvm) > /* DOMCRF_hap: Create a domain with hardware-assisted paging. */ > -#define _DOMCRF_hap 1 > -#define DOMCRF_hap (1U<<_DOMCRF_hap) > +#define _DOMCRF_hap 1 > +#define DOMCRF_hap (1U<<_DOMCRF_hap) > /* DOMCRF_s3_integrity: Create a domain with tboot memory integrity > protection > by tboot */ > -#define _DOMCRF_s3_integrity 2 > -#define DOMCRF_s3_integrity (1U<<_DOMCRF_s3_integrity) > +#define _DOMCRF_s3_integrity 2 > +#define DOMCRF_s3_integrity (1U<<_DOMCRF_s3_integrity) > /* DOMCRF_dummy: Create a dummy domain (not scheduled; not on domain list) > */ > -#define _DOMCRF_dummy 3 > -#define DOMCRF_dummy (1U<<_DOMCRF_dummy) > +#define _DOMCRF_dummy 3 > +#define DOMCRF_dummy (1U<<_DOMCRF_dummy) > /* DOMCRF_oos_off: dont use out-of-sync optimization for shadow page tables > */ > -#define _DOMCRF_oos_off 4 > -#define DOMCRF_oos_off (1U<<_DOMCRF_oos_off) > - > +#define _DOMCRF_oos_off 4 > +#define DOMCRF_oos_off (1U<<_DOMCRF_oos_off) > +/* DOMCRF_access_required: mem_event listener required for access; > else pause */ > +#define _DOMCRF_access_required 5 > +#define DOMCRF_access_required (1U<<_DOMCRF_access_required) > /* > * rcu_lock_domain_by_id() is more efficient than get_domain_by_id(). > * This is the preferred function if the returned domain reference > diff -r 06b0916eb91d -r 85a7611248b8 xen/include/asm-x86/p2m.h > --- a/xen/include/asm-x86/p2m.h Tue Jan 04 11:59:48 2011 -0800 > +++ b/xen/include/asm-x86/p2m.h Tue Jan 04 12:16:42 2011 -0800 > @@ -422,7 +422,7 @@ > } > > /* Init the datastructures for later use by the p2m code */ > -int p2m_init(struct domain *d); > +int p2m_init(struct domain *d, unsigned int domcr_flags); > > /* Allocate a new p2m table for a domain. > * > diff -r 06b0916eb91d -r 85a7611248b8 xen/arch/x86/mm/p2m.c > --- a/xen/arch/x86/mm/p2m.c Tue Jan 04 11:59:48 2011 -0800 > +++ b/xen/arch/x86/mm/p2m.c Tue Jan 04 12:16:42 2011 -0800 > @@ -1744,7 +1744,7 @@ > return; > } > > -int p2m_init(struct domain *d) > +int p2m_init(struct domain *d, unsigned int domcr_flags) > { > struct p2m_domain *p2m; > > @@ -1752,7 +1752,10 @@ > if ( p2m == NULL ) > return -ENOMEM; > p2m_initialise(d, p2m); > - > + > + if ( domcr_flags & DOMCRF_access_required ) > + p2m->access_required = 1; > + > return 0; > } > > diff -r 06b0916eb91d -r 85a7611248b8 xen/arch/x86/mm/paging.c > --- a/xen/arch/x86/mm/paging.c Tue Jan 04 11:59:48 2011 -0800 > +++ b/xen/arch/x86/mm/paging.c Tue Jan 04 12:16:42 2011 -0800 > @@ -647,7 +647,7 @@ > { > int rc; > > - if ( (rc = p2m_init(d)) != 0 ) > + if ( (rc = p2m_init(d, domcr_flags)) != 0 ) > return rc; > > /* The order of the *_init calls below is important, as the later > diff -r 06b0916eb91d -r 85a7611248b8 xen/common/domctl.c > --- a/xen/common/domctl.c Tue Jan 04 11:59:48 2011 -0800 > +++ b/xen/common/domctl.c Tue Jan 04 12:16:42 2011 -0800 > @@ -398,7 +398,7 @@ > if ( supervisor_mode_kernel || > (op->u.createdomain.flags & > ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap | > - XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off)) ) > + XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off | > XEN_DOMCTL_CDF_access_required)) ) > break; > > dom = op->domain; > @@ -434,6 +434,8 @@ > domcr_flags |= DOMCRF_s3_integrity; > if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_oos_off ) > domcr_flags |= DOMCRF_oos_off; > + if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_access_required ) > + domcr_flags |= DOMCRF_access_required; > > ret = -ENOMEM; > d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref); > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Tim Deegan
2011-Jan-05 14:16 UTC
Re: [Xen-devel] [PATCH 3 of 6] REDO: mem_access & mem_access 2: access listener can be required
At 12:16 +0000 on 05 Jan (1294229809), Keir Fraser wrote:> I don''t like to add extra creation flags unless it''s really hard to avoid. > Could you have a domctl to specify this flag after the domain is created?Or, as I said in my response to patch 2, you could probably drop this patch altogether and have "requires an access listener" be implied by having any access restrictions set. Cheers, Tim. -- Tim Deegan <Tim.Deegan@citrix.com> Principal Software Engineer, Xen Platform Team Citrix Systems UK Ltd. (Company #02937203, SL9 0BG) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel