Add a new ioctl to /proc/xen/privcmd which allows HVM operations to be

performed on restricted domains.

diff --git a/drivers/xen/privcmd/privcmd.c b/drivers/xen/privcmd/privcmd.c
index c190f1da6b12fc1ed9a37c91856e98404f7a258b..637571eddf800c9fbca1643a15deeeac182072a1 100644 (file)
--- a/drivers/xen/privcmd/privcmd.c
+++ b/drivers/xen/privcmd/privcmd.c
@@ -26,6 +26,7 @@
 #include <asm/tlb.h>
 #include <asm/hypervisor.h>
 #include <xen/interface/xen.h>
+#include <xen/interface/hvm/hvm_op.h>
 #include <xen/public/privcmd.h>
 #include <xen/xen_proc.h>
 #include <xen/features.h>
@@ -327,6 +328,64 @@ static long privcmd_ioctl(struct file *file,
         }
         break;
 
+        case IOCTL_PRIVCMD_HVMOP: {
+                privcmd_hvmop_t pht;
+
+                if (copy_from_user(&pht, udata, sizeof(pht)))
+                        return -EFAULT;
+
+                if (fdata->restrict_domid != UNRESTRICTED_DOMID) {
+                        switch (pht.cmd) {
+                        case HVMOP_set_param:
+                        case HVMOP_get_param:
+                                if (pht.u.param.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                        case HVMOP_set_pci_intx_level:
+                                if (pht.u.set_pci_intx_level.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                        case HVMOP_set_isa_irq_level:
+                                if (pht.u.set_isa_irq_level.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                        case HVMOP_set_pci_link_route:
+                                if (pht.u.set_isa_irq_level.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                       case HVMOP_modified_memory:
+                                if (pht.u.modified_memory.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                       case HVMOP_set_mem_type:
+                                if (pht.u.set_mem_type.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                       case HVMOP_track_dirty_vram:
+                                if (pht.u.track_dirty_vram.domid !=
+                                    fdata->restrict_domid)
+                                        return -EACCES;
+                                break;
+                        default:
+                                return -EACCES;
+                        }
+                }
+
+                ret = HYPERVISOR_hvm_op(pht.cmd, &pht.u);
+                if (ret >= 0) {
+                        if (copy_to_user(udata, &pht, sizeof(pht)))
+                                ret = -EFAULT;
+                }
+                break;
+        }
+        break;
+
        default:
                ret = -EINVAL;
                break;

diff --git a/include/asm-i386/mach-xen/asm/hypercall.h b/include/asm-i386/mach-xen/asm/hypercall.h
index 800fa7c1d5ab118b3c62e928b9758b589721137b..fd6dd08f294b0a35a65322b47eadbb2f1ddd1e0d 100644 (file)
--- a/include/asm-i386/mach-xen/asm/hypercall.h
+++ b/include/asm-i386/mach-xen/asm/hypercall.h
@@ -381,14 +381,12 @@ HYPERVISOR_nmi_op(
 }
 #endif
 
-#ifndef CONFIG_XEN
 static inline unsigned long __must_check
 HYPERVISOR_hvm_op(
     int op, void *arg)
 {
     return _hypercall2(unsigned long, hvm_op, op, arg);
 }
-#endif
 
 static inline int __must_check
 HYPERVISOR_callback_op(

diff --git a/include/asm-x86_64/mach-xen/asm/hypercall.h b/include/asm-x86_64/mach-xen/asm/hypercall.h
index 26ffab35bdcef3acfb382e13f891b8aa4db67ed6..f671406e46d376681152fc328f6e22a225d3c0a1 100644 (file)
--- a/include/asm-x86_64/mach-xen/asm/hypercall.h
+++ b/include/asm-x86_64/mach-xen/asm/hypercall.h
@@ -382,14 +382,12 @@ HYPERVISOR_nmi_op(
 }
 #endif
 
-#ifndef CONFIG_XEN
 static inline unsigned long __must_check
 HYPERVISOR_hvm_op(
     int op, void *arg)
 {
     return _hypercall2(unsigned long, hvm_op, op, arg);
 }
-#endif
 
 static inline int __must_check
 HYPERVISOR_callback_op(

diff --git a/include/xen/interface/hvm/hvm_op.h b/include/xen/interface/hvm/hvm_op.h
index abed8219a6dcb0f6cd360d81cc7feafd34a67fcf..687d87a59d9429fbf3c4e3922ba6380806742fd5 100644 (file)
--- a/include/xen/interface/hvm/hvm_op.h
+++ b/include/xen/interface/hvm/hvm_op.h
@@ -84,9 +84,6 @@ DEFINE_XEN_GUEST_HANDLE(xen_hvm_get_time_t);
 /* Hint from PV drivers for process destruction. */
 #define HVMOP_process_dying       7
 
-/* Following tools-only interfaces may change in future. */
-#if defined(__XEN__) || defined(__XEN_TOOLS__)
-
 /* Track dirty VRAM. */
 #define HVMOP_track_dirty_vram    128
 struct xen_hvm_track_dirty_vram {
@@ -136,7 +133,4 @@ struct xen_hvm_set_mem_type {
 typedef struct xen_hvm_set_mem_type xen_hvm_set_mem_type_t;
 DEFINE_XEN_GUEST_HANDLE(xen_hvm_set_mem_type_t);
 
-
-#endif /* defined(__XEN__) || defined(__XEN_TOOLS__) */
-
 #endif /* __XEN_PUBLIC_HVM_HVM_OP_H__ */

diff --git a/include/xen/public/privcmd.h b/include/xen/public/privcmd.h
index 30773e196fd95394f67ab2620b3eda1ab25fcf09..20d2e27afb3ced6f75e5d1340195977a41d6e229 100644 (file)
--- a/include/xen/public/privcmd.h
+++ b/include/xen/public/privcmd.h
@@ -34,6 +34,11 @@
 #define __LINUX_PUBLIC_PRIVCMD_H__
 
 #include <linux/types.h>
+#ifdef __KERNEL__
+#include <xen/hvm.h>
+#else
+#include <xen/hvm/hvm_op.h>
+#endif
 
 #ifndef __user
 #define __user
@@ -68,6 +73,19 @@ typedef struct privcmd_restrict_domid {
        domid_t domid;
 } privcmd_restrict_domid_t;
 
+typedef struct privcmd_hvmop {
+        unsigned cmd;
+        union {
+                xen_hvm_param_t param;
+                xen_hvm_set_pci_intx_level_t set_pci_intx_level;
+                xen_hvm_set_isa_irq_level_t set_isa_irq_level;
+                xen_hvm_set_pci_link_route_t set_pci_link_route;
+                xen_hvm_modified_memory_t modified_memory;
+                xen_hvm_set_mem_type_t set_mem_type;
+                xen_hvm_track_dirty_vram_t track_dirty_vram;
+        } u;
+} privcmd_hvmop_t;
+
 /*
  * @cmd: IOCTL_PRIVCMD_HYPERCALL
  * @arg: &privcmd_hypercall_t
@@ -83,5 +101,7 @@ typedef struct privcmd_restrict_domid {
        _IOC(_IOC_NONE, 'P', 4, sizeof(privcmd_restrict_domid_t))
 #define IOCTL_PRIVCMD_DOMCTL                           \
        _IOC(_IOC_NONE, 'P', 5, sizeof(xen_domctl_t))
+#define IOCTL_PRIVCMD_HVMOP                                    \
+       _IOC(_IOC_NONE, 'P', 6, sizeof(privcmd_hvmop_t))
 
 #endif /* __LINUX_PUBLIC_PRIVCMD_H__ */