From nobody Sun Feb 8 12:58:22 2026 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1560990767; cv=none; d=zoho.com; s=zohoarc; b=e8FWt7xPnTjnJz1KiIOPuu5ZakgkzfFH4oAwyecGwimJJj2ozo9occdQzNlvhyrPjSg+T3NlJXzC57FaqNNn+mo6JPjaa9yc7uJekXyVAK1U/21vVBEL7UV/YZghTWxYaTVBs5BSCr0xvIpMSmAJyKyI+zkCZTlETJh8envF65w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1560990767; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=o5uOVXr5aYfOZODTVL+i2rbs2WZo+V8dpgfhGRpLVfg=; b=NcrjKPQHUEMBDa7vJRpLl3bJummCZIW3oXeB4W58DC6kq6zlHhIZqEZHetKlGP16U478v1B4SoEkf4xnfPLXxLnuu0N5wWFT65fl21a/aBgh+o6FwGNvo+oGRCd10oKnmgTt/kiENW5TprN+lZDYtc6uPSOdOHb/7isF6LYUcvc= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1560990767461333.2150213688403; Wed, 19 Jun 2019 17:32:47 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hdkzJ-0000Lm-7e; Thu, 20 Jun 2019 00:31:37 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hdkzH-0000JE-Fe for xen-devel@lists.xenproject.org; Thu, 20 Jun 2019 00:31:35 +0000 Received: from mail-io1-xd2b.google.com (unknown [2607:f8b0:4864:20::d2b]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id c1d899cf-92f2-11e9-8980-bc764e045a96; Thu, 20 Jun 2019 00:31:34 +0000 (UTC) Received: by mail-io1-xd2b.google.com with SMTP id s7so766406iob.11 for ; Wed, 19 Jun 2019 17:31:34 -0700 (PDT) Received: from desktop.ice.pyrology.org (static-50-53-74-115.bvtn.or.frontiernet.net. [50.53.74.115]) by smtp.gmail.com with ESMTPSA id e188sm22579016ioa.3.2019.06.19.17.31.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jun 2019 17:31:32 -0700 (PDT) X-Inumbo-ID: c1d899cf-92f2-11e9-8980-bc764e045a96 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=csP8Dwc66MZXJ6lVE4hSijuaWaSG0fWL9FpKEhkXBek=; b=t5RbJ2h6sqgS9ChxZ+rWrDic7cmqmvwrF3STtYBSTZxoegDoqR146sD7FUw71N6oDM FAKyLLubMznlckfKY2oFfeFck61YwljZy0WPTm3ttB9QGxT3EMzLfH9WEWEpYzzVuhv1 IMnOJsrkw7jOx+8M6yHLTwDwm48TGA/fznWCXHbXvBpP6g1aJ1sThHwFZ4oTVHi/GtW6 BfwilI5qo1/nkSaS2BRDJPQz5kr6s0p8NC/EU34l2fLt5wtnDaOLYVTXKAjsk1PZIGPQ u5Rtsi+sRAHEfSrtsecVUTY22W64J8Z3hDr/iQWjrwQnBCwMbMfsCwlvhjcVs7iFfEK8 YKtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=csP8Dwc66MZXJ6lVE4hSijuaWaSG0fWL9FpKEhkXBek=; b=mk3yX+uE1EQ+A9KN0LaEePkiDCf87E95H3kfj61xh+CGdRtlMMC+vMrHzX8WH44Jcm +fHtOfum7L3Y0qZpqGTLCwKJDMROm4+FBeHEPS6j3Z/ZqiEC0C5SqTDIy2MIw22d7/lP EwISTHrKeLIVtgkBng1jHoTb2X8tat18CguWNy7KMxNUryGm+//f5Gk85/fjN8rFBf1K g3vi86KI6iRBJ7ASTiUgEaU6fyswfrZzb+M3hVQYYlPMOB44psP6IVRfS7jvEkc2u0YP mmrtQQK5OgVnCQ/B6lsDiXZFFv/ifkx4dn7rvpLQ/tv83xDmFJR2pOAiTfajzade3hzv 1hOA== X-Gm-Message-State: APjAAAWK6KZkX112We+dv+qcaxwDqNwldMh8GWbBUXh9jxpR05Axn/ih V7UNr4IzwAFzz6cyLeVR5Y7B09/G4Dw= X-Google-Smtp-Source: APXvYqwpsi9w1qS4SR6LhejB14Bnby7DRqW+OggJn6cNJZDUE2e+BepafrRK72HDo5kBGbSSNjfBbg== X-Received: by 2002:a5d:9643:: with SMTP id d3mr33288373ios.227.1560990693700; Wed, 19 Jun 2019 17:31:33 -0700 (PDT) From: Christopher Clark To: xen-devel@lists.xenproject.org Date: Wed, 19 Jun 2019 17:30:53 -0700 Message-Id: <20190620003053.21993-10-christopher.w.clark@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190620003053.21993-1-christopher.w.clark@gmail.com> References: <20190620003053.21993-1-christopher.w.clark@gmail.com> Subject: [Xen-devel] [RFC 9/9] x86/nested, xsm: add nested_schedop_shutdown hypercall X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Stefano Stabellini , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Rich Persaud , Tim Deegan , Julien Grall , Jan Beulich , Daniel De Graaf , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Provides proxying to the host hypervisor for SCHEDOP_shutdown op. Signed-off-by: Christopher Clark --- tools/flask/policy/modules/dom0.te | 1 + xen/arch/x86/guest/hypercall_page.S | 1 + xen/arch/x86/guest/xen-nested.c | 25 +++++++++++++++++++++++++ xen/arch/x86/hypercall.c | 1 + xen/arch/x86/pv/hypercall.c | 1 + xen/include/public/xen.h | 1 + xen/include/xen/hypercall.h | 4 ++++ xen/include/xsm/dummy.h | 7 +++++++ xen/include/xsm/xsm.h | 7 +++++++ xen/xsm/dummy.c | 1 + xen/xsm/flask/hooks.c | 6 ++++++ 11 files changed, 55 insertions(+) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/module= s/dom0.te index ba3c5ad63d..23911aef4d 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -51,6 +51,7 @@ allow dom0_t nestedxen_t:grant query; allow dom0_t nestedxen_t:nested_event { alloc_unbound bind_vcpu close send unmask }; +allow dom0_t nestedxen_t:domain { shutdown }; =20 # These permissions allow using the FLASK security server to compute access # checks locally, which could be used by a domain or service (such as xens= tore) diff --git a/xen/arch/x86/guest/hypercall_page.S b/xen/arch/x86/guest/hyper= call_page.S index 64f1885629..28a631e850 100644 --- a/xen/arch/x86/guest/hypercall_page.S +++ b/xen/arch/x86/guest/hypercall_page.S @@ -65,6 +65,7 @@ DECLARE_HYPERCALL(nested_memory_op) DECLARE_HYPERCALL(nested_hvm_op) DECLARE_HYPERCALL(nested_grant_table_op) DECLARE_HYPERCALL(nested_event_channel_op) +DECLARE_HYPERCALL(nested_sched_op) =20 DECLARE_HYPERCALL(arch_0) DECLARE_HYPERCALL(arch_1) diff --git a/xen/arch/x86/guest/xen-nested.c b/xen/arch/x86/guest/xen-neste= d.c index babf4bf783..4f33d5d9be 100644 --- a/xen/arch/x86/guest/xen-nested.c +++ b/xen/arch/x86/guest/xen-nested.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include =20 @@ -323,3 +324,27 @@ long do_nested_event_channel_op(int cmd, XEN_GUEST_HAN= DLE_PARAM(void) arg) =20 return ret; } + +long do_nested_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +{ + struct sched_shutdown sched_shutdown; + long ret; + + if ( !xen_nested ) + return -ENOSYS; + + if ( cmd !=3D SCHEDOP_shutdown ) + { + gprintk(XENLOG_ERR, "Nested: sched op %d not supported.\n", cmd); + return -EOPNOTSUPP; + } + + ret =3D xsm_nested_schedop_shutdown(XSM_PRIV, current->domain); + if ( ret ) + return ret; + + if ( copy_from_guest(&sched_shutdown, arg, 1) ) + return -EFAULT; + + return xen_hypercall_sched_op(cmd, &sched_shutdown); +} diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 752955ac81..8bf1d74f14 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -79,6 +79,7 @@ const hypercall_args_t hypercall_args_table[NR_hypercalls= ] =3D ARGS(nested_hvm_op, 2), ARGS(nested_grant_table_op, 3), ARGS(nested_event_channel_op, 2), + ARGS(nested_sched_op, 2), #endif ARGS(mca, 1), ARGS(arch_1, 1), diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 6b1ae74d64..4874e701e0 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -90,6 +90,7 @@ const hypercall_table_t pv_hypercall_table[] =3D { HYPERCALL(nested_hvm_op), HYPERCALL(nested_grant_table_op), HYPERCALL(nested_event_channel_op), + HYPERCALL(nested_sched_op), #endif HYPERCALL(mca), HYPERCALL(arch_1), diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 5fb322e882..62a23310e7 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -126,6 +126,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); #define __HYPERVISOR_nested_hvm_op 44 #define __HYPERVISOR_nested_grant_table_op 45 #define __HYPERVISOR_nested_event_channel_op 46 +#define __HYPERVISOR_nested_sched_op 47 =20 /* Architecture-specific hypercall definitions. */ #define __HYPERVISOR_arch_0 48 diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index bd739c2dc7..96d6ba2cd2 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -171,6 +171,10 @@ extern long do_nested_grant_table_op( extern long do_nested_event_channel_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); + +extern long do_nested_sched_op( + int cmd, + XEN_GUEST_HANDLE_PARAM(void) arg); #endif =20 #ifdef CONFIG_COMPAT diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index f8162f3308..200f097d50 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -776,6 +776,13 @@ static XSM_INLINE int xsm_nested_event_channel_op(XSM_= DEFAULT_ARG XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, d, NULL); } + +static XSM_INLINE int xsm_nested_schedop_shutdown(XSM_DEFAULT_ARG + const struct domain *d) +{ + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, d, NULL); +} #endif =20 #include diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 81cb67b89b..1cb70d427b 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -193,6 +193,7 @@ struct xsm_operations { int (*nested_hvm_op) (const struct domain *d, unsigned int cmd); int (*nested_grant_query_size) (const struct domain *d); int (*nested_event_channel_op) (const struct domain *d, unsigned int c= md); + int (*nested_schedop_shutdown) (const struct domain *d); #endif }; =20 @@ -763,6 +764,12 @@ static inline int xsm_nested_event_channel_op(xsm_defa= ult_t def, return xsm_ops->nested_event_channel_op(d, cmd); } =20 +static inline int xsm_nested_schedop_shutdown(xsm_default_t def, + const struct domain *d) +{ + return xsm_ops->nested_schedop_shutdown(d); +} + #endif /* CONFIG_XEN_NESTED */ =20 #endif /* XSM_NO_WRAPPERS */ diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 91db264ddc..ac6e5fdd49 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -163,5 +163,6 @@ void __init xsm_fixup_ops (struct xsm_operations *ops) set_to_dummy_if_null(ops, nested_hvm_op); set_to_dummy_if_null(ops, nested_grant_query_size); set_to_dummy_if_null(ops, nested_event_channel_op); + set_to_dummy_if_null(ops, nested_schedop_shutdown); #endif } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 27bfa01559..385ae1458c 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1828,6 +1828,11 @@ static int flask_nested_event_channel_op(const struc= t domain *d, return domain_has_nested_perm(d, SECCLASS_NESTED_EVENT, perm); } =20 +static int flask_nested_schedop_shutdown(const struct domain *d) +{ + return domain_has_nested_perm(d, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN); +} + #endif =20 long do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op); @@ -1975,6 +1980,7 @@ static struct xsm_operations flask_ops =3D { .nested_hvm_op =3D flask_nested_hvm_op, .nested_grant_query_size =3D flask_nested_grant_query_size, .nested_event_channel_op =3D flask_nested_event_channel_op, + .nested_schedop_shutdown =3D flask_nested_schedop_shutdown, #endif }; =20 --=20 2.17.1 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel