From nobody Tue May 14 02:41:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1690921261; cv=pass; d=zohomail.com; s=zohoarc; b=RenHJ5fxnRSnSA0JhfZak29/6DLkroDG/eKKTQ53Ig4snWChvYsk3uI27vlzYHSptKNypiSMx5t+8Pg0q9gcSdqu/HiQRsR3DLOMkVmlkYJwGuOqmzfsubDbiEsCOjneWmvapnjFhpTkZjwi5gsObl5uV8atyz5ngGeC/NQooio= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921261; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QxHgg6odiTfgWhhWOuj3R7wSlDiixIdY8mSDQ2Z3eHA=; b=h2DLuA5jG22nWuaqYcNa3CSIJrIlFzSbedwQbJsi0nlH9ftw+zpQnGJmAjZMYOvbAG1PiefMD+HC+Nh2mKzDFPSEvfwSwhlW1DJXM6PqS7TfT//qy7iiPeEfZL6pSPlrtUXVcLcKNfnwDskSJuusabmS/0ZwmpCKSjj7SlhMUtQ= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1690921260776385.59330703641297; Tue, 1 Aug 2023 13:21:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.574496.899816 (Exim 4.92) (envelope-from ) id 1qQvr6-00088b-My; Tue, 01 Aug 2023 20:20:32 +0000 Received: by outflank-mailman (output) from mailman id 574496.899816; Tue, 01 Aug 2023 20:20:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvr6-00088U-K0; Tue, 01 Aug 2023 20:20:32 +0000 Received: by outflank-mailman (input) for mailman id 574496; Tue, 01 Aug 2023 20:20:31 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvr5-0007tB-6f for xen-devel@lists.xenproject.org; Tue, 01 Aug 2023 20:20:31 +0000 Received: from sender4-of-o50.zoho.com (sender4-of-o50.zoho.com [136.143.188.50]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id db082af5-30a8-11ee-8613-37d641c3527e; Tue, 01 Aug 2023 22:20:29 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1690921219023154.7244666059837; Tue, 1 Aug 2023 13:20:19 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: db082af5-30a8-11ee-8613-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; t=1690921221; cv=none; d=zohomail.com; s=zohoarc; b=lNiYjknsKhksJuvxpu+1YL5h1k8mUf7MfDMTehx9xU9qY5ePFGqwxPnrerUsLBUENjnbLVykTx6E+3375JIzcLHVjrH1owt/cSAJx4+MsyWXAOYsyQ8QyOhYARJSdBcWS7hfpcs2IHDbWgZ0pPzTKoy12sj88af3NZYp1j/eQc8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921221; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=QxHgg6odiTfgWhhWOuj3R7wSlDiixIdY8mSDQ2Z3eHA=; b=QxaM6Mozt3aw6tfNbgM0mdmi6SZMN2qq8JWlFgWqRoVslhpfCKnpUG/ju1IJ8IHddkjWz3pKHO9jlZ6yqU6s/BvvLgeOITobNtuGmvPmm+JYx7JaL4W1axtMW4kQXTeMnhZ6yUSd74Cmq86A25KWy88w6SpnkfXs7KLG9/tpICQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690921221; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=QxHgg6odiTfgWhhWOuj3R7wSlDiixIdY8mSDQ2Z3eHA=; b=JENP3hnykOC520uj6z57yLCmOzl6QU/5aI46l4vND4WKa2l/AGeUazOqIK8Vtu6y MapOgQvnxH7eaGAvDTmUhJDP+KGAsizdabjmyucONUw15X0hwzYwxdOfkJHLBZsU9aj hpPLkJScrv/frwb24yryVd6pgxcf0S297t3YL7CE= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org, xen-devel@dornerworks.com Cc: "Daniel P. Smith" , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Nathan Studer , Stewart Hildebrand , Dario Faggioli Subject: [RFC 1/6] dom0: replace explict zero checks Date: Tue, 1 Aug 2023 16:20:01 -0400 Message-Id: <20230801202006.20322-2-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230801202006.20322-1-dpsmith@apertussolutions.com> References: <20230801202006.20322-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1690921263493100003 Content-Type: text/plain; charset="utf-8" A legacy concept is that the initial domain will have a domain id of zero. = As a result there are places where a check that a domain is the inital domain is determined by an explicit check that the domid is zero. This commit seeks to abstract this check into a function call and replace a= ll check locations with the function call. Signed-off-by: Daniel P. Smith --- xen/common/domain.c | 4 ++-- xen/common/sched/arinc653.c | 2 +- xen/common/sched/core.c | 4 ++-- xen/include/xen/sched.h | 7 +++++++ 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 304aa04fa6..8fb3c052f5 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -309,7 +309,7 @@ static int late_hwdom_init(struct domain *d) struct domain *dom0; int rv; =20 - if ( d !=3D hardware_domain || d->domain_id =3D=3D 0 ) + if ( d !=3D hardware_domain || is_initial_domain(d) ) return 0; =20 rv =3D xsm_init_hardware_domain(XSM_HOOK, d); @@ -612,7 +612,7 @@ struct domain *domain_create(domid_t domid, d->is_privileged =3D flags & CDF_privileged; =20 /* Sort out our idea of is_hardware_domain(). */ - if ( domid =3D=3D 0 || domid =3D=3D hardware_domid ) + if ( is_initial_domain(d) || domid =3D=3D hardware_domid ) { if ( hardware_domid < 0 || hardware_domid >=3D DOMID_FIRST_RESERVE= D ) panic("The value of hardware_dom must be a valid domain ID\n"); diff --git a/xen/common/sched/arinc653.c b/xen/common/sched/arinc653.c index a82c0d7314..31e8270af3 100644 --- a/xen/common/sched/arinc653.c +++ b/xen/common/sched/arinc653.c @@ -404,7 +404,7 @@ a653sched_alloc_udata(const struct scheduler *ops, stru= ct sched_unit *unit, * Add every one of dom0's units to the schedule, as long as there are * slots available. */ - if ( unit->domain->domain_id =3D=3D 0 ) + if ( is_initial_domain(unit->domain) ) { entry =3D sched_priv->num_schedule_entries; =20 diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 022f548652..210ad30f94 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -585,7 +585,7 @@ int sched_init_vcpu(struct vcpu *v) */ sched_set_affinity(unit, cpumask_of(0), cpumask_of(0)); } - else if ( d->domain_id =3D=3D 0 && opt_dom0_vcpus_pin ) + else if ( is_initial_domain(d) && opt_dom0_vcpus_pin ) { /* * If dom0_vcpus_pin is specified, dom0 vCPUs are pinned 1:1 to @@ -594,7 +594,7 @@ int sched_init_vcpu(struct vcpu *v) sched_set_affinity(unit, cpumask_of(processor), &cpumask_all); } #ifdef CONFIG_X86 - else if ( d->domain_id =3D=3D 0 ) + else if ( is_initial_domain(d) ) { /* * In absence of dom0_vcpus_pin instead, the hard and soft affinit= y of diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 854f3e32c0..a9276a7bed 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -1058,6 +1058,13 @@ void scheduler_disable(void); void watchdog_domain_init(struct domain *d); void watchdog_domain_destroy(struct domain *d); =20 +static always_inline bool is_initial_domain(const struct domain *d) +{ + static int init_domain_id =3D 0; + + return d->domain_id =3D=3D init_domain_id; +} + /* * Use this check when the following are both true: * - Using this feature or interface requires full access to the hardware --=20 2.20.1 From nobody Tue May 14 02:41:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1690921266; cv=pass; d=zohomail.com; s=zohoarc; b=NzhssGnkquU0W6uDSXrYgOML8KVeWBaR/Uk0O9RwW/nQqO0qQ6JVfO7vStbGatwqcHQr3FlZmxx1ti4J7P/I5X+lBsw3NsT94ikrlJoC76zXnufrCraJMny75gjMOu0DtobwPGUNdbLh1ksP8KZ3zDR0ZYkyNfjdtbpdjG1UEcQ= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921266; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=deDaH1mtD3wmtBLBicRQEslJzzR5NTIhnW//O7OUueo=; b=VpUafa0TNKeylFLp0cACoK6gMndqU9bScF06LHmCmOEwAnPYkcweQDDMO5Y0GEVhFwnZCcSpU3OI3+hOeKOowijZolyY8XbfdYyz17t/OWFc9ndI9qRhM4UMGR7xpzCCVjGiUK8Ke6+LtatncjQ36Jd6TpQVE2PIbSf6b4BzpjM= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1690921266025656.2357167343336; Tue, 1 Aug 2023 13:21:06 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.574497.899826 (Exim 4.92) (envelope-from ) id 1qQvrL-00007Z-W0; Tue, 01 Aug 2023 20:20:47 +0000 Received: by outflank-mailman (output) from mailman id 574497.899826; Tue, 01 Aug 2023 20:20:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvrL-00007P-St; Tue, 01 Aug 2023 20:20:47 +0000 Received: by outflank-mailman (input) for mailman id 574497; Tue, 01 Aug 2023 20:20:46 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvrK-0007tB-NS for xen-devel@lists.xenproject.org; Tue, 01 Aug 2023 20:20:46 +0000 Received: from sender4-of-o50.zoho.com (sender4-of-o50.zoho.com [136.143.188.50]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id e42cb24b-30a8-11ee-8613-37d641c3527e; Tue, 01 Aug 2023 22:20:44 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1690921220423235.25435125968477; Tue, 1 Aug 2023 13:20:20 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e42cb24b-30a8-11ee-8613-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; t=1690921222; cv=none; d=zohomail.com; s=zohoarc; b=DCsyMRf8xAaiW6V1MikN6A+7KB+qawGSQaoE+fU00o0RtbQCtfU4We3Qv4qG5GmZF57GQJbbB7Bl8ecL62/ZddTQxc0eLGPJfii7l+TG+WwQ76H9Qfxn1qZ2GNbZKXCURhg40/bf6gUloroHct+k1G9hIF1dsHzfW2OD5pb9pqM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921222; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=deDaH1mtD3wmtBLBicRQEslJzzR5NTIhnW//O7OUueo=; b=adqNUS2vwkEOP74LrJxnjLB3DpNLDejgALxzqz1qHmAPf/TPzdSdRnOT9UtoXLhhOwJc/xbXtDj7hClTyKSS8GYl0hZ+eUShT5EbYzV0GSKQT6XVNI0dSiuX0R5cNOh4C1CqCEtcNKyaIqYcKmTtJzku2ibzwsuB5MaHxRdIQjE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690921222; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=deDaH1mtD3wmtBLBicRQEslJzzR5NTIhnW//O7OUueo=; b=Nq/4qPInj010nlvQY8Aj5jx/3/svbtKYrChM01e+EM79DiY7ZY4YWw7EznUDp+Da G5DETugcWT93dlg6z9pbgUdppwpBS0v/sRj9eMBw1oS321J39Bb9zFnuHU4AUlMQVOe SIEZN4U1zv5X5EKi85IC9W7t3DLeguLr5isP2feg= From: "Daniel P. Smith" To: Volodymyr Babchuk , Wei Liu , xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Stefano Stabellini , Julien Grall , Bertrand Marquis , Andrew Cooper , George Dunlap , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [RFC 2/6] roles: provide abstraction for the possible domain roles Date: Tue, 1 Aug 2023 16:20:02 -0400 Message-Id: <20230801202006.20322-3-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230801202006.20322-1-dpsmith@apertussolutions.com> References: <20230801202006.20322-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1690921266738100001 Content-Type: text/plain; charset="utf-8" The existing concepts such as unbounded domain, ie. all powerful, control domain and hardware domain are, effectively, roles the domains provide for = the system. Currently, these are represented with booleans within `struct domai= n` or global domid variables that are compared against. This patch begins to formalize these roles by replacing the `is_control` and `is_console`, along with expanding the check against the global `hardware_domain` with a single encapsulating role attribute in `struct domain`. Signed-off-by: Daniel P. Smith --- xen/arch/arm/domain_build.c | 2 ++ xen/arch/x86/setup.c | 2 ++ xen/common/domain.c | 14 +++++++++++++- xen/include/xen/sched.h | 16 +++++++++------- xen/include/xsm/dummy.h | 4 ++-- xen/xsm/flask/hooks.c | 12 ++++++------ 6 files changed, 34 insertions(+), 16 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 39b4ee03a5..51b4daefe1 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -4201,6 +4201,8 @@ void __init create_dom0(void) if ( IS_ERR(dom0) ) panic("Error creating domain 0 (rc =3D %ld)\n", PTR_ERR(dom0)); =20 + dom0->role |=3D ROLE_UNBOUNDED_DOMAIN; + if ( alloc_dom0_vcpu0(dom0) =3D=3D NULL ) panic("Error creating domain 0 vcpu0\n"); =20 diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 2dbe9857aa..4e20edc3bf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -905,6 +905,8 @@ static struct domain *__init create_dom0(const module_t= *image, if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", domid, PTR_ERR(d)); =20 + d->role |=3D ROLE_UNBOUNDED_DOMAIN; + init_dom0_cpuid_policy(d); =20 if ( alloc_dom0_vcpu0(d) =3D=3D NULL ) diff --git a/xen/common/domain.c b/xen/common/domain.c index 8fb3c052f5..0ff1d52e3d 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -340,6 +340,14 @@ static int late_hwdom_init(struct domain *d) setup_io_bitmap(dom0); #endif =20 + /* + * "dom0" may have been created under the unbounded role, demote it fr= om + * that role, reducing it to the control domain role and any other rol= es it + * may have been given. + */ + dom0->role &=3D ~(ROLE_UNBOUNDED_DOMAIN & ROLE_HARDWARE_DOMAIN); + dom0->role |=3D ROLE_CONTROL_DOMAIN; + rcu_unlock_domain(dom0); =20 iommu_hwdom_init(d); @@ -609,7 +617,10 @@ struct domain *domain_create(domid_t domid, } =20 /* Sort out our idea of is_control_domain(). */ - d->is_privileged =3D flags & CDF_privileged; + if ( flags & CDF_privileged ) + d->role |=3D ROLE_CONTROL_DOMAIN; + else + d->role &=3D ~ROLE_CONTROL_DOMAIN; /*ensure not set */ =20 /* Sort out our idea of is_hardware_domain(). */ if ( is_initial_domain(d) || domid =3D=3D hardware_domid ) @@ -619,6 +630,7 @@ struct domain *domain_create(domid_t domid, =20 old_hwdom =3D hardware_domain; hardware_domain =3D d; + d->role |=3D ROLE_HARDWARE_DOMAIN; } =20 TRACE_1D(TRC_DOM0_DOM_ADD, d->domain_id); diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index a9276a7bed..695f240326 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -467,8 +467,10 @@ struct domain #endif /* is node-affinity automatically computed? */ bool auto_node_affinity; - /* Is this guest fully privileged (aka dom0)? */ - bool is_privileged; +#define ROLE_UNBOUNDED_DOMAIN (1U<<0) +#define ROLE_CONTROL_DOMAIN (1U<<1) +#define ROLE_HARDWARE_DOMAIN (1U<<2) + uint8_t role; /* Can this guest access the Xen console? */ bool is_console; /* Is this guest being debugged by dom0? */ @@ -1060,9 +1062,7 @@ void watchdog_domain_destroy(struct domain *d); =20 static always_inline bool is_initial_domain(const struct domain *d) { - static int init_domain_id =3D 0; - - return d->domain_id =3D=3D init_domain_id; + return d->role & ROLE_UNBOUNDED_DOMAIN; } =20 /* @@ -1076,7 +1076,8 @@ static always_inline bool is_hardware_domain(const st= ruct domain *d) if ( IS_ENABLED(CONFIG_PV_SHIM_EXCLUSIVE) ) return false; =20 - return evaluate_nospec(d =3D=3D hardware_domain); + return evaluate_nospec(((d->role & ROLE_HARDWARE_DOMAIN) || + is_initial_domain(d)) && (d =3D=3D hardware_domain)); } =20 /* This check is for functionality specific to a control domain */ @@ -1085,7 +1086,8 @@ static always_inline bool is_control_domain(const str= uct domain *d) if ( IS_ENABLED(CONFIG_PV_SHIM_EXCLUSIVE) ) return false; =20 - return evaluate_nospec(d->is_privileged); + return evaluate_nospec((d->role & ROLE_CONTROL_DOMAIN) || + is_initial_domain(d)); } =20 #define VM_ASSIST(d, t) (test_bit(VMASST_TYPE_ ## t, &(d)->vm_assist)) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 8671af1ba4..18f1ddd127 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -108,7 +108,7 @@ static XSM_INLINE int cf_check xsm_set_system_active(vo= id) { struct domain *d =3D current->domain; =20 - ASSERT(d->is_privileged); + ASSERT(d->role & ROLE_CONTROL_DOMAIN); =20 if ( d->domain_id !=3D DOMID_IDLE ) { @@ -116,7 +116,7 @@ static XSM_INLINE int cf_check xsm_set_system_active(vo= id) return -EPERM; } =20 - d->is_privileged =3D false; + d->role &=3D ~ROLE_CONTROL_DOMAIN; =20 return 0; } diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 78225f68c1..0a31719f43 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -193,7 +193,7 @@ static int cf_check flask_domain_alloc_security(struct = domain *d) default: if ( domain_sid(current->domain) =3D=3D SECINITSID_XENBOOT ) { - if ( d->is_privileged ) + if ( d->role & ROLE_CONTROL_DOMAIN ) dsec->sid =3D SECINITSID_DOM0; else if ( pv_shim ) dsec->sid =3D SECINITSID_DOMU; @@ -213,7 +213,7 @@ static int cf_check flask_set_system_active(void) =20 dsec =3D d->ssid; =20 - ASSERT(d->is_privileged); + ASSERT(d->role & ROLE_CONTROL_DOMAIN); ASSERT(dsec->sid =3D=3D SECINITSID_XENBOOT); ASSERT(dsec->self_sid =3D=3D SECINITSID_XENBOOT); =20 @@ -224,11 +224,11 @@ static int cf_check flask_set_system_active(void) } =20 /* - * While is_privileged has no significant meaning under flask, set to = false - * as is_privileged is not only used for a privilege check but also as= a - * type of domain check, specifically if the domain is the control dom= ain. + * While domain roles have no significant meaning under flask, mask out + * control domain role as it is not only used for a privilege check but + * also as a type of domain check. */ - d->is_privileged =3D false; + d->role &=3D ~ROLE_CONTROL_DOMAIN; =20 dsec->self_sid =3D dsec->sid =3D SECINITSID_XEN; =20 --=20 2.20.1 From nobody Tue May 14 02:41:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1690921277; cv=pass; d=zohomail.com; s=zohoarc; b=X9EdnWRfphjslzcLwLAbfPISfFMeOdVdDzIhdEtCZfpN64EcFiMSOSNtmH9Co+t1prvC+euPnUb96eVyPOvPV3DatANLg9F8YkfzbJIR7x90bhGycWijgRIWQr1Tj9zNLJ7MIy/2BtEJKHvP4eds8iZXBFn3GQwGBDa2CIP8gDo= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921277; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=c36aqSstXSR6pA2kH24inhu4JODBmXhwXRJ9bra9rs8=; b=TagnLkM8Qw9mEPVeDyfsvkOzRuI/GSKCugO2sb6y+1SHFugfp3vZ8jfIrsOGot1H+t6bfVgVWDLq7o7vB6VEKPR8aHUE03e3Vv1ZtszhuDOjtxE85cu+tvHHInOh8eC7fBxpOj6Q+eTsCyHkw6JxJmBDOLlxjqctpH03jikZ3hI= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1690921277546323.1970792596535; Tue, 1 Aug 2023 13:21:17 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.574500.899836 (Exim 4.92) (envelope-from ) id 1qQvra-0000el-AG; Tue, 01 Aug 2023 20:21:02 +0000 Received: by outflank-mailman (output) from mailman id 574500.899836; Tue, 01 Aug 2023 20:21:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvra-0000ee-7l; Tue, 01 Aug 2023 20:21:02 +0000 Received: by outflank-mailman (input) for mailman id 574500; Tue, 01 Aug 2023 20:21:00 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvrY-0000Vh-UH for xen-devel@lists.xenproject.org; Tue, 01 Aug 2023 20:21:00 +0000 Received: from sender3-of-o59.zoho.com (sender3-of-o59.zoho.com [136.143.184.59]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id ed01d9c5-30a8-11ee-b25c-6b7b168915f2; Tue, 01 Aug 2023 22:21:00 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1690921221539148.37958387649314; Tue, 1 Aug 2023 13:20:21 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ed01d9c5-30a8-11ee-b25c-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; t=1690921223; cv=none; d=zohomail.com; s=zohoarc; b=kjFnFBapoQ7lQPlaLmhBGvI7h1nmY845AgXgJ0HUtbJqdU5LFjp4IS1FXBnKy7xkeKljZeRqAjxiXA5syLROHfw3HyA9jjsdv70zwIGlSF7oFV9Mk1wloUHUzpiMgQG+rLdNp7iyaNegw5MhvpDZ6Qb8B5GylqTCGPxWwhU7P04= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921223; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=c36aqSstXSR6pA2kH24inhu4JODBmXhwXRJ9bra9rs8=; b=c9QZqfFpDJ1w86/B7pmdMPyXkRhywCD71Kv1KwC6Kp6mex/HXD7uxLoxYbUpq50xNhj6ARDZHQbuj3ueb/Ls9UdZd7q2Vg6NmYlh6daU2wgug+3ULYvb3ZCZWllp8vdoE3umD0M6unNdqko8YH3y+gonbTmOOKVwTMPqMbVzyM4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690921223; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=c36aqSstXSR6pA2kH24inhu4JODBmXhwXRJ9bra9rs8=; b=btgPcKIbUkSCLwMaCRscbjh82/cPU6TGLwPP0U3S/ywG+tUxcBk5jNvSLzy4/hZc xDBuVQuZrMeyJSFNsNe7P0xIGLMxLW1bax6KROOPs58YV0AADiOcQNToX+WyuqtVaQF Qms39sOusy73/lmd4LFVl0dafI4DtzhOXSaca6JQ= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [RFC 3/6] roles: add a role for xenstore domain Date: Tue, 1 Aug 2023 16:20:03 -0400 Message-Id: <20230801202006.20322-4-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230801202006.20322-1-dpsmith@apertussolutions.com> References: <20230801202006.20322-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1690921279250100001 Content-Type: text/plain; charset="utf-8" Expand the possible roles for a domain to include a role for the Xenstore domain. Signed-off-by: Daniel P. Smith Reviewed-by: Stefano Stabellini --- xen/common/domain.c | 3 +++ xen/include/xen/sched.h | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index 0ff1d52e3d..dbf055c559 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -633,6 +633,9 @@ struct domain *domain_create(domid_t domid, d->role |=3D ROLE_HARDWARE_DOMAIN; } =20 + if ( d->options & XEN_DOMCTL_CDF_xs_domain ) + d->role |=3D ROLE_XENSTORE_DOMAIN; + TRACE_1D(TRC_DOM0_DOM_ADD, d->domain_id); =20 lock_profile_register_struct(LOCKPROF_TYPE_PERDOM, d, domid); diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 695f240326..ec0f9baff6 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -470,6 +470,7 @@ struct domain #define ROLE_UNBOUNDED_DOMAIN (1U<<0) #define ROLE_CONTROL_DOMAIN (1U<<1) #define ROLE_HARDWARE_DOMAIN (1U<<2) +#define ROLE_XENSTORE_DOMAIN (1U<<3) uint8_t role; /* Can this guest access the Xen console? */ bool is_console; @@ -1165,7 +1166,7 @@ static inline bool is_vcpu_online(const struct vcpu *= v) =20 static inline bool is_xenstore_domain(const struct domain *d) { - return d->options & XEN_DOMCTL_CDF_xs_domain; + return d->role & ROLE_XENSTORE_DOMAIN; } =20 static always_inline bool is_iommu_enabled(const struct domain *d) --=20 2.20.1 From nobody Tue May 14 02:41:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1690921288; cv=pass; d=zohomail.com; s=zohoarc; b=GyF3kBLaDLJCZ1T+7/IZSa6GIZ6XcjXJEc2lw9c/CksO5zPYRb+rvOmjzLC770Y6Hd98V38VfnXWAyGKyoLpYOfHQjdldprDkP2qkYGZwfS7Mvrysn0IX8mK5rj9TgvGKTondGKRefc7Ob6sCgqpQOW2imbcLalLT4i8S+Z0tvg= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921288; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=kf2Rd6TYnxR8dfigS+pnLDBD8C8lGV2r426kdzFRdWo=; b=NgM99C4gUKfVsrSJFkcui/3ZD8ZcnOF2QTtpWKPbewEhD+aKQwtDzf/btp2cH1KbsOOn5voyIwpOhSI9g8Q7uluirP6KqbFlkOCcZVhSlW/8uQnmUq4LUtZ3aXMP/lSLQJSsLWTHim2Vnn+BAXbNmr1oLMKFfyb7GDXlpXT9SUw= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1690921288802298.8996975629167; Tue, 1 Aug 2023 13:21:28 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.574503.899845 (Exim 4.92) (envelope-from ) id 1qQvrl-0001Eg-IA; Tue, 01 Aug 2023 20:21:13 +0000 Received: by outflank-mailman (output) from mailman id 574503.899845; Tue, 01 Aug 2023 20:21:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvrl-0001EZ-F4; Tue, 01 Aug 2023 20:21:13 +0000 Received: by outflank-mailman (input) for mailman id 574503; Tue, 01 Aug 2023 20:21:12 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvrk-0000Vh-73 for xen-devel@lists.xenproject.org; Tue, 01 Aug 2023 20:21:12 +0000 Received: from sender3-of-o57.zoho.com (sender3-of-o57.zoho.com [136.143.184.57]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id f3c81379-30a8-11ee-b25c-6b7b168915f2; Tue, 01 Aug 2023 22:21:11 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1690921222919263.86301750890664; Tue, 1 Aug 2023 13:20:22 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f3c81379-30a8-11ee-b25c-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; t=1690921225; cv=none; d=zohomail.com; s=zohoarc; b=LJWZTW9Bg+L3Q9L21qmOk/5B1b4zY0rfPZxLFiwzTbtB2gaThkYoDLs1Gw8mYQy6W2grTkYZvfTx8zecJeh0hlctmBdjVEmJ0XWJyXQ3Ew4it1mVuTqus6oF9tujOpH0JPW4j5UYXW6VFQhMYOcUPAxSz1jsUEG4dYo5V5PccC4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921225; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=kf2Rd6TYnxR8dfigS+pnLDBD8C8lGV2r426kdzFRdWo=; b=SHxaszVus3sPdBwiai8onFiR+mMahjhb+zsdUVdbFpevDmDlXQuShYnIDemHUX6lkVu0C+wYcHebM2YbDDoi2hjisRn2eB/s2lHKcaE82rcWwU/fVtLynCYk4uKnRPEWAr1Xj5U5mh4kake3JFFm8NGoScphuAQ2rlyXUDrWoIk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690921225; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=kf2Rd6TYnxR8dfigS+pnLDBD8C8lGV2r426kdzFRdWo=; b=a8Qo8Oav2zQrW8HSf67m7NJOl5msUgbNz0s6kOusuLrAyDHJkLZB2NVXh5pr6cXf nCAA2mi2ldd85jpcM8Rxt9y0vtKP1g0PLhHP5QhORLyT/xq6KJxJPfeyWhAKrfo7cfi 4TOdW0fi7xdhVJKZx4NUs1n6DkdN0+upfuvu7GkU= From: "Daniel P. Smith" To: Volodymyr Babchuk , xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Stefano Stabellini , Julien Grall , Bertrand Marquis , Andrew Cooper , George Dunlap , Jan Beulich , Wei Liu Subject: [RFC 4/6] capabilities: introduce console io as a domain capability Date: Tue, 1 Aug 2023 16:20:04 -0400 Message-Id: <20230801202006.20322-5-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230801202006.20322-1-dpsmith@apertussolutions.com> References: <20230801202006.20322-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1690921289275100001 Content-Type: text/plain; charset="utf-8" The field `is_console` suggests that the field represents a state of being = or posession, not that it reflects the privilege to access the console. In this patch the field is renamed to capabilities to encapsulate the capabilities a domain has been granted. The first capability being the ability to read/wri= te the Xen console. Signed-off-by: Daniel P. Smith --- xen/arch/arm/domain_build.c | 4 +++- xen/include/xen/sched.h | 25 +++++++++++++++++++++++-- xen/include/xsm/dummy.h | 2 +- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 51b4daefe1..ad7432b029 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -4076,7 +4076,9 @@ void __init create_domUs(void) panic("Error creating domain %s (rc =3D %ld)\n", dt_node_name(node), PTR_ERR(d)); =20 - d->is_console =3D true; + if ( ! domain_set_cap(d, CAP_CONSOLE_IO) ) + printk("failed setting console_io on %pd\n", d); + dt_device_set_used_by(node, d->domain_id); =20 rc =3D construct_domU(d, node); diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index ec0f9baff6..b04fbe0565 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -472,8 +472,8 @@ struct domain #define ROLE_HARDWARE_DOMAIN (1U<<2) #define ROLE_XENSTORE_DOMAIN (1U<<3) uint8_t role; - /* Can this guest access the Xen console? */ - bool is_console; +#define CAP_CONSOLE_IO (1U<<0) + uint8_t capabilities; /* Is this guest being debugged by dom0? */ bool debugger_attached; /* @@ -1146,6 +1146,27 @@ static always_inline bool is_hvm_vcpu(const struct v= cpu *v) return is_hvm_domain(v->domain); } =20 +static always_inline bool domain_has_cap( + const struct domain *d, uint8_t cap) +{ + return d->capabilities & cap; +} + +static always_inline bool domain_set_cap( + struct domain *d, uint8_t cap) +{ + switch ( cap ) + { + case CAP_CONSOLE_IO: + d->capabilities |=3D cap; + break; + default: + return false; + } + + return domain_has_cap(d, cap); +} + static always_inline bool hap_enabled(const struct domain *d) { /* sanitise_domain_config() rejects HAP && !HVM */ diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 18f1ddd127..067ff1d111 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -268,7 +268,7 @@ static XSM_INLINE int cf_check xsm_console_io( XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); - if ( d->is_console ) + if ( domain_has_cap(d, CAP_CONSOLE_IO) ) return xsm_default_action(XSM_HOOK, d, NULL); #ifdef CONFIG_VERBOSE_DEBUG if ( cmd =3D=3D CONSOLEIO_write ) --=20 2.20.1 From nobody Tue May 14 02:41:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1690921301; cv=pass; d=zohomail.com; s=zohoarc; b=DK1szhPR7tZlM6AK04FGb//xdAkjiKlIp0zlpEuGGD66B/+Ig7X4SJ+i8PkBaC5hJsvhr33eb1MtrbWUyq57GerMspsizUH0jR3AIpyHbytTg6zdhtYpyDmE/+2MbTSRrItpmLpmVf8IXCXOtsb7v1sG6LncKoEpfMI0mmv0lUg= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921301; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=7ND+sooMpw5YPJbP1s16uk5VZG1QVw0bGyicpPO6T2Q=; b=GiGyWlXLVzpKuVsHdYCLXB186QNzNjkZPg0lVuT0wI9DocPI3kcvEgqjxogJAv/6q66VybxIw4CiSOArNcYmx9QzBl2hcbMSabXEnGpS7d4/Tg/5OfOC2cVUNjMQh4YKCTy0ekhss14yAGdd+pD31VmgRhMvoqZ1M/UF6Vgp9jw= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1690921301287130.2729244076903; Tue, 1 Aug 2023 13:21:41 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.574505.899855 (Exim 4.92) (envelope-from ) id 1qQvry-0001rM-Oz; Tue, 01 Aug 2023 20:21:26 +0000 Received: by outflank-mailman (output) from mailman id 574505.899855; Tue, 01 Aug 2023 20:21:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvry-0001rF-MO; Tue, 01 Aug 2023 20:21:26 +0000 Received: by outflank-mailman (input) for mailman id 574505; Tue, 01 Aug 2023 20:21:25 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvrx-0000Vh-8u for xen-devel@lists.xenproject.org; Tue, 01 Aug 2023 20:21:25 +0000 Received: from sender4-of-o50.zoho.com (sender4-of-o50.zoho.com [136.143.188.50]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id fbb9076f-30a8-11ee-b25c-6b7b168915f2; Tue, 01 Aug 2023 22:21:24 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 1690921224303856.0970233237165; Tue, 1 Aug 2023 13:20:24 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: fbb9076f-30a8-11ee-b25c-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; t=1690921226; cv=none; d=zohomail.com; s=zohoarc; b=g2IEczmY3ijXZ1YHho3IZfu6YTmF4eaEB/eX7H499qCJcVzbN3siHaE30Z50NywMmdX/UUQyM1pQ5ROIMmims1eH4GYG8VXFEO9w7f8zeCKV0lco35/iZ/zJVOi5VlhNlVOhrh1rib2T/ymt43cWzxAKPJ90RIO2/H3BilYHwN4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921226; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=7ND+sooMpw5YPJbP1s16uk5VZG1QVw0bGyicpPO6T2Q=; b=iDypGFFju+iorCRbCu1v6Vydraf2VoFooKlXDnMMoCxatBohmqq7MLXRYZ6EvtmVhIRCYTY0IcJB5IJDGRDlxn7kLmSvzMRBSzc+ny80UReQAQhMEadFq6EkpXbM3vmFzBt76dVh+RKHgwoft2HdbzBhIW79uR/xA9iFW29V51E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690921226; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=7ND+sooMpw5YPJbP1s16uk5VZG1QVw0bGyicpPO6T2Q=; b=oCTDWLjidEWDIMQf7q7AdaFYNGMNs8thaCk/9VpBUqfOOxXI0I0yoAZywHIrnxPJ /NSZn9/wo5V2ec8POU4XZMIsUtO7/uVT7+PXa+8UhtGVTcJzYgtjmXssgOfK9VEc+Hx Q/5HXKNq+cQNyRErpZBxGle0x/6EUtFtv67tOfdc= From: "Daniel P. Smith" To: Wei Liu , xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , George Dunlap , Julien Grall , Stefano Stabellini Subject: [RFC 5/6] capabilities: add dom0 cpu faulting disable Date: Tue, 1 Aug 2023 16:20:05 -0400 Message-Id: <20230801202006.20322-6-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230801202006.20322-1-dpsmith@apertussolutions.com> References: <20230801202006.20322-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1690921303321100001 Content-Type: text/plain; charset="utf-8" This encapsulates disableing cpu faulting for PV dom0 as a capability. Signed-off-by: Daniel P. Smith --- xen/arch/x86/cpu-policy.c | 2 +- xen/arch/x86/cpu/common.c | 82 +++++++++++++++++++-------------------- xen/arch/x86/setup.c | 4 ++ xen/include/xen/sched.h | 8 +++- 4 files changed, 52 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 1f954d4e59..42c3193938 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -912,7 +912,7 @@ void __init init_dom0_cpuid_policy(struct domain *d) * If the domain is getting unfiltered CPUID, don't let the guest kern= el * play with CPUID faulting either, as Xen's CPUID path won't cope. */ - if ( !opt_dom0_cpuid_faulting && is_control_domain(d) && is_pv_domain(= d) ) + if ( domain_has_cap(d, CAP_DISABLE_CPU_FAULT) ) p->platform_info.cpuid_faulting =3D false; =20 recalculate_cpuid_policy(d); diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index cfcdaace12..937581e353 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -164,48 +164,46 @@ static void set_cpuid_faulting(bool enable) =20 void ctxt_switch_levelling(const struct vcpu *next) { - const struct domain *nextd =3D next ? next->domain : NULL; - bool enable_cpuid_faulting; - - if (cpu_has_cpuid_faulting || - boot_cpu_has(X86_FEATURE_CPUID_USER_DIS)) { - /* - * No need to alter the faulting setting if we are switching - * to idle; it won't affect any code running in idle context. - */ - if (nextd && is_idle_domain(nextd)) - return; - /* - * We *should* be enabling faulting for PV control domains. - * - * The domain builder has now been updated to not depend on - * seeing host CPUID values. This makes it compatible with - * PVH toolstack domains, and lets us enable faulting by - * default for all PV domains. - * - * However, as PV control domains have never had faulting - * enforced on them before, there might plausibly be other - * dependenices on host CPUID data. Therefore, we have left - * an interim escape hatch in the form of - * `dom0=3Dno-cpuid-faulting` to restore the older behaviour. - */ - enable_cpuid_faulting =3D nextd && (opt_dom0_cpuid_faulting || - !is_control_domain(nextd) || - !is_pv_domain(nextd)) && - (is_pv_domain(nextd) || - next->arch.msrs-> - misc_features_enables.cpuid_faulting); - - if (cpu_has_cpuid_faulting) - set_cpuid_faulting(enable_cpuid_faulting); - else - amd_set_cpuid_user_dis(enable_cpuid_faulting); - - return; - } - - if (ctxt_switch_masking) - alternative_vcall(ctxt_switch_masking, next); + const struct domain *nextd =3D next ? next->domain : NULL; + bool enable_cpuid_faulting; + + if ( cpu_has_cpuid_faulting || + boot_cpu_has(X86_FEATURE_CPUID_USER_DIS) ) { + /* + * No need to alter the faulting setting if we are switching + * to idle; it won't affect any code running in idle context. + */ + if (nextd && is_idle_domain(nextd)) + return; + /* + * We *should* be enabling faulting for PV control domains. + * + * The domain builder has now been updated to not depend on + * seeing host CPUID values. This makes it compatible with + * PVH toolstack domains, and lets us enable faulting by + * default for all PV domains. + * + * However, as PV control domains have never had faulting + * enforced on them before, there might plausibly be other + * dependenices on host CPUID data. Therefore, we have left + * an interim escape hatch in the form of + * `dom0=3Dno-cpuid-faulting` to restore the older behaviour. + */ + enable_cpuid_faulting =3D nextd && + domain_has_cap(nextd, CAP_DISABLE_CPU_FAULT) && + (is_pv_domain(nextd) || + next->arch.msrs->misc_features_enables.cpuid_faulting); + + if (cpu_has_cpuid_faulting) + set_cpuid_faulting(enable_cpuid_faulting); + else + amd_set_cpuid_user_dis(enable_cpuid_faulting); + + return; + } + + if (ctxt_switch_masking) + alternative_vcall(ctxt_switch_masking, next); } =20 bool_t opt_cpu_info; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 4e20edc3bf..d65144da01 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -907,6 +907,10 @@ static struct domain *__init create_dom0(const module_= t *image, =20 d->role |=3D ROLE_UNBOUNDED_DOMAIN; =20 + if ( !opt_dom0_cpuid_faulting && + !domain_set_cap(d, CAP_DISABLE_CPU_FAULT) ) + printk(XENLOG_WARNING "failed to set CPU faulting on Dom %pd\n", d= ); + init_dom0_cpuid_policy(d); =20 if ( alloc_dom0_vcpu0(d) =3D=3D NULL ) diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index b04fbe0565..ebfe65cd73 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -472,7 +472,8 @@ struct domain #define ROLE_HARDWARE_DOMAIN (1U<<2) #define ROLE_XENSTORE_DOMAIN (1U<<3) uint8_t role; -#define CAP_CONSOLE_IO (1U<<0) +#define CAP_CONSOLE_IO (1U<<0) +#define CAP_DISABLE_CPU_FAULT (1U<<1) uint8_t capabilities; /* Is this guest being debugged by dom0? */ bool debugger_attached; @@ -1160,6 +1161,11 @@ static always_inline bool domain_set_cap( case CAP_CONSOLE_IO: d->capabilities |=3D cap; break; + case CAP_DISABLE_CPU_FAULT: + /* Disabling cpu faulting is only allowed for a PV control domain.= */ + if ( is_pv_domain(d) && is_control_domain(d) ) + d->capabilities |=3D cap; + break; default: return false; } --=20 2.20.1 From nobody Tue May 14 02:41:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1690921310; cv=pass; d=zohomail.com; s=zohoarc; b=cbE2pQA1sa/XAhPsD2DXcqgWsssmS7QZQOQflgnRrBMX62EoOgBMmbiBZ5Hyz/WgmldEWTxpbGMhFfQo99pswXSJJzdrVrT9sR1XImHcP1NyP+L96P8/tQH6HOzS7RdFN/XZVlew3TY6t9vxFPq1LCBdM3N6kI+dZ67K7T4+Q8U= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921310; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=svZfhnzIdfl7IZVzuYzxJG9861EfU+6CgnykhTEOAGo=; b=aY6b+xmVbtz6KI4COMBDxcPHCI7HbGi7E0l0ro9Cx8ctvKLAt2VERJiIa6daEivuGpuhgljLhGGzYRlv/iIW+P6pADwgRMGHNtrtH8EWLnkQfnNXgyrYSx6Hp48EV6AMh3yb2yUB33KdmZffCqYmB/r5J+jFcwPnlNpn+8oSRv4= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1690921310811996.5324139960712; Tue, 1 Aug 2023 13:21:50 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.574506.899866 (Exim 4.92) (envelope-from ) id 1qQvs8-0002HV-1j; Tue, 01 Aug 2023 20:21:36 +0000 Received: by outflank-mailman (output) from mailman id 574506.899866; Tue, 01 Aug 2023 20:21:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvs7-0002HO-Ub; Tue, 01 Aug 2023 20:21:35 +0000 Received: by outflank-mailman (input) for mailman id 574506; Tue, 01 Aug 2023 20:21:34 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qQvs6-0000Vh-NB for xen-devel@lists.xenproject.org; Tue, 01 Aug 2023 20:21:34 +0000 Received: from sender4-of-o50.zoho.com (sender4-of-o50.zoho.com [136.143.188.50]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 015545d7-30a9-11ee-b25c-6b7b168915f2; Tue, 01 Aug 2023 22:21:33 +0200 (CEST) Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net [72.81.132.2]) by mx.zohomail.com with SMTPS id 169092122567987.94507889080217; Tue, 1 Aug 2023 13:20:25 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 015545d7-30a9-11ee-b25c-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; t=1690921227; cv=none; d=zohomail.com; s=zohoarc; b=eG/Jtj2jjhormLMJ8XaVecZkgDIqh8gVxgA4QY1AJ284PvyjA8JAMQ69PlgD5dj/o9HsZPzDydB1/djt8Thmj1SFXlXELhLph/E0r+BOpyOpze+/57pFXGJiTTCuJiSMro+AHiwzn8HiqoGm0mej89q49uEMansFfQ9fQbqinp8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1690921227; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=svZfhnzIdfl7IZVzuYzxJG9861EfU+6CgnykhTEOAGo=; b=gcq3ynDrvoMA+5ma7mE1tahSxRik03zdp5XIFeYhwZzhONbzcKcZrrHpTDpDTLdQUTLhEWHWSQNSyuIT6hBV8NSIr6hjnnfKnc1VLTpsYm9n7dop2JP9rxGvnT0MkXYHP+pFQrciwPLrXKsc2tsEM1ozQnTMqZvklB+yGqUtZxg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1690921227; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=svZfhnzIdfl7IZVzuYzxJG9861EfU+6CgnykhTEOAGo=; b=mSptNUuNqsChDAreussuY050V7fWTUHVOlYiNTMjMZt9oOuskamL7WrMR6aEMIG+ PLxoMKPl1sBCkvGqp4KDDSrCfqo39vlF7GSYF8CO+SuFfjIe+yVW3iTXp4vRApmrDve ZVg5vjrZFJ6bog455l770X5d1NuIuTfiohv1dQBg= From: "Daniel P. Smith" To: Wei Liu , xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , George Dunlap , Julien Grall , Stefano Stabellini , Jun Nakajima , Kevin Tian Subject: [RFC 6/6] capabilities: convert attach debugger into a capability Date: Tue, 1 Aug 2023 16:20:06 -0400 Message-Id: <20230801202006.20322-7-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230801202006.20322-1-dpsmith@apertussolutions.com> References: <20230801202006.20322-1-dpsmith@apertussolutions.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1690921311381100001 Content-Type: text/plain; charset="utf-8" Expresses the ability to attach a debugger as a capability that a domain ca= n be provisioned. Signed-off-by: Daniel P. Smith --- xen/arch/x86/hvm/svm/svm.c | 8 ++++---- xen/arch/x86/hvm/vmx/realmode.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 10 +++++----- xen/arch/x86/traps.c | 6 ++++-- xen/common/domctl.c | 6 ++++-- xen/include/xen/sched.h | 9 ++++++--- 7 files changed, 25 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 27170213ae..9872804d39 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -999,7 +999,7 @@ static void noreturn cf_check svm_do_resume(void) { struct vcpu *v =3D current; struct vmcb_struct *vmcb =3D v->arch.hvm.svm.vmcb; - bool debug_state =3D (v->domain->debugger_attached || + bool debug_state =3D (domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) || v->domain->arch.monitor.software_breakpoint_enable= d || v->domain->arch.monitor.debug_exception_enabled); bool_t vcpu_guestmode =3D 0; @@ -1335,7 +1335,7 @@ static void cf_check svm_inject_event(const struct x8= 6_event *event) } /* fall through */ case X86_EXC_BP: - if ( curr->domain->debugger_attached ) + if ( domain_has_cap(curr->domain, CAP_DEBUGGER_ATTACH) ) { /* Debug/Int3: Trap to debugger. */ domain_pause_for_debugger(); @@ -2732,7 +2732,7 @@ void svm_vmexit_handler(void) =20 case VMEXIT_ICEBP: case VMEXIT_EXCEPTION_DB: - if ( !v->domain->debugger_attached ) + if ( !domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) ) { unsigned int trap_type; =20 @@ -2769,7 +2769,7 @@ void svm_vmexit_handler(void) if ( insn_len =3D=3D 0 ) break; =20 - if ( v->domain->debugger_attached ) + if ( domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) ) { /* AMD Vol2, 15.11: INT3, INTO, BOUND intercepts do not update= RIP. */ __update_guest_eip(regs, insn_len); diff --git a/xen/arch/x86/hvm/vmx/realmode.c b/xen/arch/x86/hvm/vmx/realmod= e.c index ff44ddcfa6..f761026a9d 100644 --- a/xen/arch/x86/hvm/vmx/realmode.c +++ b/xen/arch/x86/hvm/vmx/realmode.c @@ -121,7 +121,7 @@ void vmx_realmode_emulate_one(struct hvm_emulate_ctxt *= hvmemul_ctxt) =20 if ( rc =3D=3D X86EMUL_EXCEPTION ) { - if ( unlikely(curr->domain->debugger_attached) && + if ( unlikely(domain_has_cap(curr->domain, CAP_DEBUGGER_ATTACH)) && ((hvmemul_ctxt->ctxt.event.vector =3D=3D X86_EXC_DB) || (hvmemul_ctxt->ctxt.event.vector =3D=3D X86_EXC_BP)) ) { diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 13719cc923..9474869018 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1912,7 +1912,7 @@ void cf_check vmx_do_resume(void) hvm_asid_flush_vcpu(v); } =20 - debug_state =3D v->domain->debugger_attached + debug_state =3D domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) || v->domain->arch.monitor.software_breakpoint_enabled || v->domain->arch.monitor.singlestep_enabled; =20 diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7ec44018d4..5069e3cbf3 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2041,7 +2041,7 @@ static void cf_check vmx_inject_event(const struct x8= 6_event *event) break; /* fall through */ case X86_EXC_BP: - if ( curr->domain->debugger_attached ) + if ( domain_has_cap(curr->domain, CAP_DEBUGGER_ATTACH) ) { /* Debug/Int3: Trap to debugger. */ domain_pause_for_debugger(); @@ -2121,7 +2121,7 @@ static void cf_check vmx_set_info_guest(struct vcpu *= v) * immediately vmexit and hence make no progress. */ __vmread(GUEST_INTERRUPTIBILITY_INFO, &intr_shadow); - if ( v->domain->debugger_attached && + if ( domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) && (v->arch.user_regs.eflags & X86_EFLAGS_TF) && (intr_shadow & VMX_INTR_SHADOW_STI) ) { @@ -4283,7 +4283,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) } } =20 - if ( !v->domain->debugger_attached ) + if ( !domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) ) { unsigned long insn_len =3D 0; int rc; @@ -4307,7 +4307,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) break; case X86_EXC_BP: HVMTRACE_1D(TRAP, vector); - if ( !v->domain->debugger_attached ) + if ( !domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) ) { unsigned long insn_len; int rc; @@ -4647,7 +4647,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) HVM_MONITOR_SINGLESTEP_BREAKPOINT, 0, 0, 0); =20 - if ( v->domain->debugger_attached ) + if ( domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) ) domain_pause_for_debugger(); } =20 diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 4229bda159..041ced35ea 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1214,7 +1214,8 @@ void do_int3(struct cpu_user_regs *regs) return; } =20 - if ( guest_kernel_mode(curr, regs) && curr->domain->debugger_attached ) + if ( guest_kernel_mode(curr, regs) && + domain_has_cap(curr->domain, CAP_DEBUGGER_ATTACH) ) { curr->arch.gdbsx_vcpu_event =3D X86_EXC_BP; domain_pause_for_debugger(); @@ -1995,7 +1996,8 @@ void do_debug(struct cpu_user_regs *regs) v->arch.dr6 |=3D (dr6 & ~X86_DR6_DEFAULT); v->arch.dr6 &=3D (dr6 | ~X86_DR6_DEFAULT); =20 - if ( guest_kernel_mode(v, regs) && v->domain->debugger_attached ) + if ( guest_kernel_mode(v, regs) && + domain_has_cap(v->domain, CAP_DEBUGGER_ATTACH) ) { domain_pause_for_debugger(); return; diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 505e29c0dc..895ddf0600 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -99,7 +99,8 @@ void getdomaininfo(struct domain *d, struct xen_domctl_ge= tdomaininfo *info) ((d->is_dying =3D=3D DOMDYING_dead) ? XEN_DOMINF_dying : 0) | (d->is_shut_down ? XEN_DOMINF_shutdown : 0) | (d->controller_pause_count > 0 ? XEN_DOMINF_paused : 0) | - (d->debugger_attached ? XEN_DOMINF_debugged : 0) | + (domain_has_cap(d, CAP_DEBUGGER_ATTACH) ? + XEN_DOMINF_debugged : 0) | (is_xenstore_domain(d) ? XEN_DOMINF_xs_domain : 0) | (is_hvm_domain(d) ? XEN_DOMINF_hvm_guest : 0) | d->shutdown_code << XEN_DOMINF_shutdownshift; @@ -643,7 +644,8 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_d= omctl) else { domain_pause(d); - d->debugger_attached =3D !!op->u.setdebugging.enable; + if ( !!op->u.setdebugging.enable ) + domain_set_cap(d, CAP_DEBUGGER_ATTACH); domain_unpause(d); /* causes guest to latch new status */ } break; diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index ebfe65cd73..47eadb5008 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -474,9 +474,8 @@ struct domain uint8_t role; #define CAP_CONSOLE_IO (1U<<0) #define CAP_DISABLE_CPU_FAULT (1U<<1) - uint8_t capabilities; - /* Is this guest being debugged by dom0? */ - bool debugger_attached; +#define CAP_DEBUGGER_ATTACH (1U<<2) + uint16_t capabilities; /* * Set to true at the very end of domain creation, when the domain is * unpaused for the first time by the systemcontroller. @@ -1166,6 +1165,10 @@ static always_inline bool domain_set_cap( if ( is_pv_domain(d) && is_control_domain(d) ) d->capabilities |=3D cap; break; + case CAP_DEBUGGER_ATTACH: + if ( !is_control_domain(d) ) + d->capabilities |=3D cap; + break; default: return false; } --=20 2.20.1