From nobody Thu Apr 18 00:56:27 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1557416594; cv=none; d=zoho.com; s=zohoarc; b=LJHWk1QwICygclx3fhgj09DlZUznuYTAKq7PDB8x+LmdnaBVeV1pxID2+RxI0LKRChob6JYZjNQGMSZtjIGA0vSeDkUlfn+N0gxzDfq2z6uln4sH2PFh9DpAStgx/uG4GHOIQGhC5QUJW/ecCK9waOEP6tgm2/gl3u+NqaKC2Ms= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557416594; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=NGCIZrG/6EbHYemNsVoC8IDoY3ainZIZzVkVLOdTY94=; b=YPYVZe0MWV7e8sh9XqoWmfXYHQelCTJfvpZyYerMKcS17PSVFK7cw2ms69Iu4No8AAgjDCbq5zTp4YpEpGVd+VJLCIave3hlFCuPGnBvhfUtim6gE01xOklMkviwbH+4VrfQpKSPxcj9qdxzWYQgwKZA4Y0L3Zkl+ZeZ7INe5QA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1557416594669812.572084296219; Thu, 9 May 2019 08:43:14 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hOlB4-0007ej-HQ; Thu, 09 May 2019 15:41:46 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hOlB3-0007eJ-1u for xen-devel@lists.xenproject.org; Thu, 09 May 2019 15:41:45 +0000 Received: from smtp.nue.novell.com (unknown [195.135.221.5]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id f0a90d6c-7270-11e9-8f98-a30bf37ff598; Thu, 09 May 2019 15:41:41 +0000 (UTC) Received: from emea4-mta.ukb.novell.com ([10.120.13.87]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 09 May 2019 17:41:40 +0200 Received: from linux-nq5u.suse.de (nwb-a10-snat.microfocus.com [10.120.13.202]) by emea4-mta.ukb.novell.com with ESMTP (NOT encrypted); Thu, 09 May 2019 16:41:33 +0100 X-Inumbo-ID: f0a90d6c-7270-11e9-8f98-a30bf37ff598 From: Vasilis Liaskovitis To: xen-devel@lists.xenproject.org Date: Thu, 9 May 2019 17:41:25 +0200 Message-Id: <20190509154128.9196-2-vliaskovitis@suse.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190509154128.9196-1-vliaskovitis@suse.com> References: <20190509154128.9196-1-vliaskovitis@suse.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v3 1/4] xen: add hypercall for reading runtime parameters X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: jgross@suse.com, sstabellini@kernel.org, wei.liu2@citrix.com, vliaskovitis@suse.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, jbeulich@suse.com, dgdegra@tycho.nsa.gov Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Add a sysctl hypercall to support reading hypervisor runtime parameters. Limitations: - Custom runtime parameters (OPT_CUSTOM) are not supported yet. - For integer parameters (OPT_UINT), only unsigned parameters are printed correctly. - The implementation only reads runtime parameters, but it can be changed to read all hypervisor parameters if needed.=20 Signed-off-by: Vasilis Liaskovitis --- tools/flask/policy/modules/dom0.te | 2 +- xen/common/kernel.c | 118 ++++++++++++++++++++++++++++ xen/common/sysctl.c | 52 +++++++++++- xen/include/public/sysctl.h | 18 +++++ xen/include/xen/lib.h | 1 + xen/xsm/flask/hooks.c | 3 + xen/xsm/flask/policy/access_vectors | 2 + 7 files changed, 193 insertions(+), 3 deletions(-) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/module= s/dom0.te index a347d664f8..681d1a101b 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -16,7 +16,7 @@ allow dom0_t xen_t:xen { allow dom0_t xen_t:xen2 { resource_op psr_cmt_op psr_alloc pmu_ctrl get_symbol get_cpu_levelling_caps get_cpu_featureset livepatch_op - coverage_op set_parameter + coverage_op set_parameter get_parameter }; =20 # Allow dom0 to use all XENVER_ subops that have checks. diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 612575430f..6695ffc372 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,123 @@ static int assign_integer_param(const struct kernel_par= am *param, uint64_t val) return 0; } =20 +static int get_integer_param(const struct kernel_param *param, uint64_t *v= al) +{ + switch ( param->len ) + { + case sizeof(uint8_t): + *val =3D *(uint8_t *)param->par.var; + break; + + case sizeof(uint16_t): + *val =3D *(uint16_t *)param->par.var; + break; + + case sizeof(uint32_t): + *val =3D *(uint32_t *)param->par.var; + break; + + case sizeof(uint64_t): + *val =3D *(uint64_t *)param->par.var; + break; + + default: + BUG(); + break; + } + + return 0; +} + +int runtime_get_params(const char *cmdline, char *values, + size_t maxlen) +{ + char opt[128], *optkey, *q, *val =3D values; + const char *p =3D cmdline; + const struct kernel_param *param; + int rc =3D 0, len =3D 0; + size_t bufpos =3D 0; + uint64_t param_int; + + while ( !rc ) + { + /* Skip whitespace. */ + while ( isspace(*p) ) + p++; + if ( *p =3D=3D '\0' ) + break; + + /* Grab the next whitespace-delimited option. */ + q =3D optkey =3D opt; + while ( !isspace(*p) && (*p !=3D '\0') ) + { + if ( (q - opt) < (sizeof(opt) - 1) ) /* avoid overflow */ + *q++ =3D *p; + else return -ENOMEM; + p++; + } + *q =3D '\0'; + + for ( param =3D __param_start; param < __param_end; param++ ) + { + if ( strcmp(param->name, optkey) ) + continue; + + switch ( param->type ) + { + case OPT_STR: + len =3D snprintf(val + bufpos, maxlen - bufpos, "%s ", + (char*)param->par.var); + break; + + case OPT_UINT: + case OPT_SIZE: + /* Signed integer parameters are not supported yet. + * While there are no runtime signed integer parameters + * at the moment, adding one and trying to get its value + * with the current implementation will output the wrong + * value. + */ + get_integer_param(param, ¶m_int); + len =3D snprintf(val + bufpos, maxlen - bufpos, + "%"PRIu64" ", param_int); + break; + + case OPT_BOOL: + get_integer_param(param, ¶m_int); + len =3D snprintf(val + bufpos, maxlen - bufpos, "%s ", + param_int ? "true" : "false"); + break; + + case OPT_CUSTOM: + /* Custom parameters are not supported yet. */ + rc =3D -EINVAL; + break; + + default: + BUG(); + break; + } + + if ( len < 0 ) + rc =3D len; + else if ( len < maxlen - bufpos ) + /* if output was not truncated update buffer position. */ + bufpos +=3D len; + else if ( len > 0 ) + rc =3D -ENOMEM; + + break; + } + + /* no parameter was matched */ + if ( param >=3D __param_end ) + rc =3D -EINVAL; + } + + return rc; +} + static int parse_params(const char *cmdline, const struct kernel_param *st= art, const struct kernel_param *end) { diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index c0aa6bde4e..20be6a6d8d 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -466,9 +466,9 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_s= ysctl) copyback =3D 1; break; =20 +#define XEN_PARAMETER_MAX_SIZE 1023 case XEN_SYSCTL_set_parameter: { -#define XEN_SET_PARAMETER_MAX_SIZE 1023 char *params; =20 if ( op->u.set_parameter.pad[0] || op->u.set_parameter.pad[1] || @@ -477,7 +477,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_s= ysctl) ret =3D -EINVAL; break; } - if ( op->u.set_parameter.size > XEN_SET_PARAMETER_MAX_SIZE ) + if ( op->u.set_parameter.size > XEN_PARAMETER_MAX_SIZE ) { ret =3D -E2BIG; break; @@ -501,6 +501,54 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_= sysctl) =20 break; } + case XEN_SYSCTL_get_parameter: + { + char *params, *values; + + if ( op->u.get_parameter.pad[0] || op->u.get_parameter.pad[1] || + op->u.get_parameter.pad[2] ) + { + ret =3D -EINVAL; + break; + } + if ( op->u.get_parameter.size > XEN_PARAMETER_MAX_SIZE ) + { + ret =3D -E2BIG; + break; + } + params =3D xmalloc_bytes(op->u.get_parameter.size + 1); + if ( !params ) + { + ret =3D -ENOMEM; + break; + } + + values =3D xmalloc_bytes(XEN_PARAMETER_MAX_SIZE); + if ( !values ) + { + xfree(params); + ret =3D -ENOMEM; + break; + } + + if ( copy_from_guest(params, op->u.get_parameter.params, + op->u.get_parameter.size) ) + ret =3D -EFAULT; + else + { + params[op->u.set_parameter.size] =3D 0; + ret =3D runtime_get_params(params, values, XEN_PARAMETER_MAX_S= IZE); + + if ( !ret && copy_to_guest(op->u.get_parameter.values, values, + strlen(values)) ) + ret =3D -EFAULT; + } + + xfree(params); + xfree(values); + + break; + } =20 default: ret =3D arch_do_sysctl(op, u_sysctl); diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index c49b4dcc99..7d77d57115 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -1100,6 +1100,22 @@ typedef struct xen_sysctl_cpu_policy xen_sysctl_cpu_= policy_t; DEFINE_XEN_GUEST_HANDLE(xen_sysctl_cpu_policy_t); #endif =20 +/* + * XEN_SYSCTL_get_parameter + * + * Read hypervisor parameters at runtime. + * Parameters are a single string terminated by a NUL byte of max. size + * characters. Multiple settings can be specified by separating them + * with blanks. + */ + +struct xen_sysctl_get_parameter { + XEN_GUEST_HANDLE_64(char) params; /* IN: pointer to parameters. = */ + XEN_GUEST_HANDLE_64(char) values; /* OUT: pointer to output valu= es. */ + uint16_t size; /* IN: size of parameters. */ + uint16_t pad[3]; /* IN: MUST be zero. */ +}; + struct xen_sysctl { uint32_t cmd; #define XEN_SYSCTL_readconsole 1 @@ -1130,6 +1146,7 @@ struct xen_sysctl { #define XEN_SYSCTL_livepatch_op 27 #define XEN_SYSCTL_set_parameter 28 #define XEN_SYSCTL_get_cpu_policy 29 +#define XEN_SYSCTL_get_parameter 30 uint32_t interface_version; /* XEN_SYSCTL_INTERFACE_VERSION */ union { struct xen_sysctl_readconsole readconsole; @@ -1162,6 +1179,7 @@ struct xen_sysctl { #if defined(__i386__) || defined(__x86_64__) struct xen_sysctl_cpu_policy cpu_policy; #endif + struct xen_sysctl_get_parameter get_parameter; uint8_t pad[128]; } u; }; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index e0b7bcb6b7..6e6367bb7a 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -71,6 +71,7 @@ struct domain; void cmdline_parse(const char *cmdline); int runtime_parse(const char *line); int parse_bool(const char *s, const char *e); +int runtime_get_params(const char *cmdline, char *values, size_t maxlen); =20 /** * Given a specific name, parses a string of the form: diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 3d00c747f6..1b832e9a4c 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -830,6 +830,9 @@ static int flask_sysctl(int cmd) case XEN_SYSCTL_set_parameter: return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, XEN2__SET_PARAMETER, NULL); + case XEN_SYSCTL_get_parameter: + return avc_current_has_perm(SECINITSID_XEN, SECCLASS_XEN2, + XEN2__GET_PARAMETER, NULL); =20 default: return avc_unknown_permission("sysctl", cmd); diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/acc= ess_vectors index e00448b776..c5ee21d852 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -103,6 +103,8 @@ class xen2 coverage_op # XEN_SYSCTL_set_parameter set_parameter +# XEN_SYSCTL_get_parameter + get_parameter } =20 # Classes domain and domain2 consist of operations that a domain performs = on --=20 2.20.1 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel