ia64/xen-unstable

changeset 508:43352a61d870

bitkeeper revision 1.259.2.1 (3f06d721WrVqlnf2Z2shaoLBGWSRng)

Many files:
Removed 'hypercall-privilege-changing' functionality -- rings 2 & 3 will just have to bounce via ring 1. IOPL functionality has become a dom0_op, as it seems cleanest to have all privileged operations under one top-level syscall.
author kaf24@scramble.cl.cam.ac.uk
date Sat Jul 05 13:48:17 2003 +0000 (2003-07-05)
parents c6258eb58cde
children 970fdf86f98e
files xen/arch/i386/entry.S xen/arch/i386/process.c xen/arch/i386/traps.c xen/common/dom0_ops.c xen/include/asm-i386/processor.h xen/include/hypervisor-ifs/dom0_ops.h xen/include/hypervisor-ifs/hypervisor-if.h xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_core.c xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_ops.h xenolinux-2.4.21-sparse/arch/xeno/kernel/ioport.c xenolinux-2.4.21-sparse/arch/xeno/kernel/process.c xenolinux-2.4.21-sparse/arch/xeno/kernel/setup.c xenolinux-2.4.21-sparse/include/asm-xeno/hypervisor.h xenolinux-2.4.21-sparse/include/asm-xeno/processor.h
line diff
     1.1 --- a/xen/arch/i386/entry.S	Tue Jul 01 14:17:01 2003 +0000
     1.2 +++ b/xen/arch/i386/entry.S	Sat Jul 05 13:48:17 2003 +0000
     1.3 @@ -647,7 +647,6 @@ ENTRY(hypervisor_call_table)
     1.4          .long SYMBOL_NAME(do_dom_mem_op)
     1.5          .long SYMBOL_NAME(do_multicall)
     1.6          .long SYMBOL_NAME(do_kbd_op)
     1.7 -        .long SYMBOL_NAME(do_set_priv_levels)
     1.8          .rept NR_syscalls-((.-hypervisor_call_table)/4)
     1.9          .long SYMBOL_NAME(sys_ni_syscall)
    1.10  	.endr
     2.1 --- a/xen/arch/i386/process.c	Tue Jul 01 14:17:01 2003 +0000
     2.2 +++ b/xen/arch/i386/process.c	Sat Jul 05 13:48:17 2003 +0000
     2.3 @@ -348,19 +348,10 @@ void __switch_to(struct task_struct *pre
     2.4  }
     2.5  
     2.6  
     2.7 -long do_set_priv_levels(unsigned int new_io_pl, unsigned int new_hypercall_pl)
     2.8 +/* XXX Currently the 'domain' field is ignored! XXX */
     2.9 +long do_iopl(unsigned int domain, unsigned int new_io_pl)
    2.10  {
    2.11      struct pt_regs *regs = GET_SYSCALL_REGS(current);
    2.12 -
    2.13 -    /*
    2.14 -     * Any domain can reduce privilege required for hypercall access.
    2.15 -     * Note that access from ring 1 cannot be relinquished.
    2.16 -     */
    2.17 -    current->thread.hypercall_pl = new_hypercall_pl & 3;
    2.18 -
    2.19 -    /* Only privileged domains can acquire access to I/O ports. */
    2.20 -    if ( IS_PRIV(current) )
    2.21 -        regs->eflags = (regs->eflags & 0xffffcfff) | ((new_io_pl&3) << 12);
    2.22 -
    2.23 +    regs->eflags = (regs->eflags & 0xffffcfff) | ((new_io_pl&3) << 12);
    2.24      return 0;
    2.25  }
     3.1 --- a/xen/arch/i386/traps.c	Tue Jul 01 14:17:01 2003 +0000
     3.2 +++ b/xen/arch/i386/traps.c	Sat Jul 05 13:48:17 2003 +0000
     3.3 @@ -401,23 +401,6 @@ asmlinkage void do_general_protection(st
     3.4       */
     3.5      if ( (error_code & 3) == 2 )
     3.6      {
     3.7 -        /*
     3.8 -         * Hypercalls from rings 2 or 3 fall through to here. If permitted, we 
     3.9 -         * will transfer control to the requested hypercall.
    3.10 -         */
    3.11 -        if ( ((error_code>>3) == HYPERVISOR_CALL_VECTOR) &&
    3.12 -             (current->thread.hypercall_pl >= (regs->xcs & 3)) )
    3.13 -        {
    3.14 -            __asm__ __volatile__ (
    3.15 -                "movl %0,%%esp                                         \n"
    3.16 -                "sti                                                   \n"
    3.17 -                "andl $255,%%eax                                       \n"
    3.18 -                "call *hypervisor_call_table(,%%eax,4)                 \n"
    3.19 -                "movl %%eax,0x18(%%esp)                                \n"
    3.20 -                "jmp  ret_from_intr                                    \n"
    3.21 -                : : "r" (regs) );
    3.22 -        }
    3.23 -
    3.24          /* This fault must be due to <INT n> instruction. */
    3.25          ti = current->thread.traps + (error_code>>3);
    3.26          if ( ti->dpl >= (regs->xcs & 3) )
     4.1 --- a/xen/common/dom0_ops.c	Tue Jul 01 14:17:01 2003 +0000
     4.2 +++ b/xen/common/dom0_ops.c	Sat Jul 05 13:48:17 2003 +0000
     4.3 @@ -67,7 +67,7 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
     4.4      long ret = 0;
     4.5      dom0_op_t op;
     4.6  
     4.7 -    if ( current->domain != 0 )
     4.8 +    if ( !IS_PRIV(current) )
     4.9          return -EPERM;
    4.10  
    4.11      if ( copy_from_user(&op, u_dom0_op, sizeof(op)) )
    4.12 @@ -239,6 +239,13 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
    4.13          break;
    4.14      }
    4.15  
    4.16 +    case DOM0_IOPL:
    4.17 +    {
    4.18 +        extern long do_iopl(unsigned int, unsigned int);
    4.19 +        ret = do_iopl(op.u.iopl.domain, op.u.iopl.iopl);
    4.20 +    }
    4.21 +    break;
    4.22 +
    4.23      default:
    4.24          ret = -ENOSYS;
    4.25  
     5.1 --- a/xen/include/asm-i386/processor.h	Tue Jul 01 14:17:01 2003 +0000
     5.2 +++ b/xen/include/asm-i386/processor.h	Sat Jul 05 13:48:17 2003 +0000
     5.3 @@ -356,7 +356,6 @@ struct thread_struct {
     5.4      int                 fast_trap_idx;
     5.5      struct desc_struct  fast_trap_desc;
     5.6      trap_info_t         traps[256];
     5.7 -    int                 hypercall_pl;
     5.8  };
     5.9  
    5.10  #define IDT_ENTRIES 256
     6.1 --- a/xen/include/hypervisor-ifs/dom0_ops.h	Tue Jul 01 14:17:01 2003 +0000
     6.2 +++ b/xen/include/hypervisor-ifs/dom0_ops.h	Sat Jul 05 13:48:17 2003 +0000
     6.3 @@ -19,9 +19,10 @@
     6.4  #define DOM0_STOPDOMAIN    11
     6.5  #define DOM0_GETDOMAININFO 12
     6.6  #define DOM0_BUILDDOMAIN   13
     6.7 +#define DOM0_IOPL          14
     6.8  
     6.9 -#define MAX_CMD_LEN    256
    6.10 -#define MAX_DOMAIN_NAME 16
    6.11 +#define MAX_CMD_LEN       256
    6.12 +#define MAX_DOMAIN_NAME    16
    6.13  
    6.14  typedef struct dom0_newdomain_st 
    6.15  {
    6.16 @@ -60,32 +61,38 @@ typedef struct domain_launch
    6.17  
    6.18  typedef struct dom0_bvtctl_st
    6.19  {
    6.20 -	unsigned long ctx_allow;	/* context switch allowance */
    6.21 +    unsigned long ctx_allow;	/* context switch allowance */
    6.22  } dom0_bvtctl_t;
    6.23  
    6.24  typedef struct dom0_adjustdom_st
    6.25  {
    6.26      unsigned int  domain;	/* domain id */
    6.27 -	unsigned long mcu_adv;	/* mcu advance: inverse of weight */
    6.28 -	unsigned long warp;     /* time warp */
    6.29 -	unsigned long warpl;    /* warp limit */
    6.30 -	unsigned long warpu;    /* unwarp time requirement */
    6.31 +    unsigned long mcu_adv;	/* mcu advance: inverse of weight */
    6.32 +    unsigned long warp;     /* time warp */
    6.33 +    unsigned long warpl;    /* warp limit */
    6.34 +    unsigned long warpu;    /* unwarp time requirement */
    6.35  } dom0_adjustdom_t;
    6.36  
    6.37  typedef struct dom0_getdominfo_st
    6.38  {
    6.39 -  unsigned int domain;          /* All returns except domain */
    6.40 -  char name[MAX_DOMAIN_NAME];
    6.41 -  int processor;
    6.42 -  int has_cpu;
    6.43 -  int state;
    6.44 -  int hyp_events;
    6.45 -  unsigned long mcu_advance;
    6.46 -  unsigned long pg_head;
    6.47 -  unsigned int tot_pages;
    6.48 -  long long cpu_time;
    6.49 +    unsigned int domain;          /* All returns except domain */
    6.50 +    char name[MAX_DOMAIN_NAME];
    6.51 +    int processor;
    6.52 +    int has_cpu;
    6.53 +    int state;
    6.54 +    int hyp_events;
    6.55 +    unsigned long mcu_advance;
    6.56 +    unsigned long pg_head;
    6.57 +    unsigned int tot_pages;
    6.58 +    long long cpu_time;
    6.59  } dom0_getdominfo_t;
    6.60  
    6.61 +typedef struct dom0_iopl_st
    6.62 +{
    6.63 +    unsigned int domain;
    6.64 +    unsigned int iopl;
    6.65 +} dom0_iopl_t;
    6.66 +
    6.67  #ifndef NO_DOM0_OP_T
    6.68  typedef struct dom0_op_st
    6.69  {
    6.70 @@ -95,11 +102,12 @@ typedef struct dom0_op_st
    6.71          dom0_newdomain_t newdomain;
    6.72          dom0_killdomain_t killdomain;
    6.73          dom0_getmemlist_t getmemlist;
    6.74 -		dom0_bvtctl_t bvtctl;
    6.75 -		dom0_adjustdom_t adjustdom;
    6.76 +        dom0_bvtctl_t bvtctl;
    6.77 +        dom0_adjustdom_t adjustdom;
    6.78          dom_meminfo_t meminfo;
    6.79          dom0_getdominfo_t getdominfo;
    6.80 -   }
    6.81 +        dom0_iopl_t iopl;
    6.82 +    }
    6.83      u;
    6.84  } dom0_op_t;
    6.85  #endif
     7.1 --- a/xen/include/hypervisor-ifs/hypervisor-if.h	Tue Jul 01 14:17:01 2003 +0000
     7.2 +++ b/xen/include/hypervisor-ifs/hypervisor-if.h	Sat Jul 05 13:48:17 2003 +0000
     7.3 @@ -48,7 +48,6 @@
     7.4  #define __HYPERVISOR_dom_mem_op		  17
     7.5  #define __HYPERVISOR_multicall		  18
     7.6  #define __HYPERVISOR_kbd_op               19
     7.7 -#define __HYPERVISOR_set_priv_levels      20
     7.8  
     7.9  /* And the trap vector is... */
    7.10  #define TRAP_INSTR "int $0x82"
     8.1 --- a/xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_core.c	Tue Jul 01 14:17:01 2003 +0000
     8.2 +++ b/xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_core.c	Sat Jul 05 13:48:17 2003 +0000
     8.3 @@ -334,12 +334,6 @@ static int cmd_write_proc(struct file *f
     8.4      
     8.5      copy_from_user(&op, buffer, sizeof(dom0_op_t));
     8.6  
     8.7 -    /* do some sanity checks */
     8.8 -    if(op.cmd > MAX_CMD){
     8.9 -        ret = -ENOSYS;
    8.10 -        goto out;
    8.11 -    }
    8.12 -
    8.13      if ( op.cmd == MAP_DOM_MEM )
    8.14      {
    8.15          ret = dom_map_mem(op.u.dommem.domain, op.u.dommem.start_pfn, 
     9.1 --- a/xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_ops.h	Tue Jul 01 14:17:01 2003 +0000
     9.2 +++ b/xenolinux-2.4.21-sparse/arch/xeno/drivers/dom0/dom0_ops.h	Sat Jul 05 13:48:17 2003 +0000
     9.3 @@ -18,9 +18,8 @@
     9.4  #endif
     9.5  
     9.6  /* Extra commands dealt with by Xenolinux. */
     9.7 -#define MAP_DOM_MEM        14
     9.8 -#define DO_PGUPDATES       15
     9.9 -#define MAX_CMD            16
    9.10 +#define MAP_DOM_MEM        1014
    9.11 +#define DO_PGUPDATES       1015
    9.12  
    9.13  typedef struct dom_mem 
    9.14  {
    9.15 @@ -50,8 +49,8 @@ typedef struct dom0_op_st
    9.16          dom_pgupdate_t pgupdate;
    9.17          dom_meminfo_t meminfo;
    9.18          dom0_getdominfo_t getdominfo;
    9.19 -   }
    9.20 -    u;
    9.21 +        dom0_iopl_t iopl;
    9.22 +   } u;
    9.23  } dom0_op_t;
    9.24  
    9.25  #endif /* __DOM0_DOM0_OPS_H__ */
    10.1 --- a/xenolinux-2.4.21-sparse/arch/xeno/kernel/ioport.c	Tue Jul 01 14:17:01 2003 +0000
    10.2 +++ b/xenolinux-2.4.21-sparse/arch/xeno/kernel/ioport.c	Sat Jul 05 13:48:17 2003 +0000
    10.3 @@ -3,6 +3,7 @@
    10.4  #include <linux/errno.h>
    10.5  #include <linux/types.h>
    10.6  #include <linux/stddef.h>
    10.7 +#include <asm/hypervisor-ifs/dom0_ops.h>
    10.8  
    10.9  
   10.10  asmlinkage int sys_ioperm(unsigned long from, unsigned long num, int turn_on)
   10.11 @@ -15,32 +16,32 @@ asmlinkage int sys_ioperm(unsigned long 
   10.12  asmlinkage int sys_iopl(unsigned long unused)
   10.13  {
   10.14      struct pt_regs *regs = (struct pt_regs *)&unused;
   10.15 -    unsigned int new_io_pl = regs->ebx & 3;
   10.16 +    unsigned int new_io_pl = regs->ebx;
   10.17      unsigned int old_io_pl = current->thread.io_pl;
   10.18 -    unsigned int new_hypercall_pl = (regs->ebx >> 2) & 3;
   10.19 -    unsigned int old_hypercall_pl = current->thread.hypercall_pl;
   10.20 +    dom0_op_t op;
   10.21 +
   10.22 +    if ( !(start_info.flags & SIF_PRIVILEGED) )
   10.23 +        return -EPERM;
   10.24 +
   10.25 +    if ( new_io_pl > 3 )
   10.26 +        return -EINVAL;
   10.27  
   10.28      /* Need "raw I/O" privileges for direct port access. */
   10.29 -    if ( (new_io_pl > old_io_pl) && 
   10.30 -         (!capable(CAP_SYS_RAWIO) || !(start_info.flags & SIF_PRIVILEGED)) )
   10.31 -        return -EPERM;
   10.32 -
   10.33 -    /* Just need generic root/admin privileges for direct hypercall access. */
   10.34 -    if ( (new_hypercall_pl > old_hypercall_pl) && !capable(CAP_SYS_ADMIN) )
   10.35 +    if ( (new_io_pl > old_io_pl) && !capable(CAP_SYS_RAWIO) )
   10.36          return -EPERM;
   10.37  
   10.38      /* Maintain OS privileges even if user attempts to relinquish them. */
   10.39 -    if ( new_hypercall_pl == 0 )
   10.40 -        new_hypercall_pl = 1;
   10.41      if ( (new_io_pl == 0) && (start_info.flags & SIF_PRIVILEGED) )
   10.42          new_io_pl = 1;
   10.43  
   10.44      /* Change our version of the privilege levels. */
   10.45 -    current->thread.io_pl        = new_io_pl;
   10.46 -    current->thread.hypercall_pl = new_hypercall_pl;
   10.47 +    current->thread.io_pl = new_io_pl;
   10.48  
   10.49      /* Force the change at ring 0. */
   10.50 -    HYPERVISOR_set_priv_levels(new_io_pl, new_hypercall_pl);
   10.51 +    op.cmd           = DOM0_IOPL;
   10.52 +    op.u.iopl.domain = start_info.dom_id;
   10.53 +    op.u.iopl.iopl   = new_io_pl;
   10.54 +    HYPERVISOR_dom0_op(&op);
   10.55  
   10.56      return 0;
   10.57  }
    11.1 --- a/xenolinux-2.4.21-sparse/arch/xeno/kernel/process.c	Tue Jul 01 14:17:01 2003 +0000
    11.2 +++ b/xenolinux-2.4.21-sparse/arch/xeno/kernel/process.c	Sat Jul 05 13:48:17 2003 +0000
    11.3 @@ -44,6 +44,7 @@
    11.4  #include <asm/desc.h>
    11.5  #include <asm/mmu_context.h>
    11.6  #include <asm/multicall.h>
    11.7 +#include <asm/hypervisor-ifs/dom0_ops.h>
    11.8  
    11.9  #include <linux/irq.h>
   11.10  
   11.11 @@ -274,9 +275,6 @@ int copy_thread(int nr, unsigned long cl
   11.12      __asm__ __volatile__ ( "pushfl; popl %0" : "=r" (eflags) : );
   11.13      p->thread.io_pl = (eflags >> 12) & 3;
   11.14  
   11.15 -    /* We're careful with hypercall privileges. Don't allow inheritance. */
   11.16 -    p->thread.hypercall_pl = 1;
   11.17 -
   11.18      return 0;
   11.19  }
   11.20  
   11.21 @@ -371,9 +369,14 @@ void __switch_to(struct task_struct *pre
   11.22      }
   11.23  
   11.24      queue_multicall2(__HYPERVISOR_stack_switch, __KERNEL_DS, next->esp0);
   11.25 -    /* Next call will silently fail if we are a non-privileged guest OS. */
   11.26 -    queue_multicall2(__HYPERVISOR_set_priv_levels,
   11.27 -                     next->io_pl, next->hypercall_pl);
   11.28 +    if ( start_info.flags & SIF_PRIVILEGED ) 
   11.29 +    {
   11.30 +        dom0_op_t op;
   11.31 +        op.cmd           = DOM0_IOPL;
   11.32 +        op.u.iopl.domain = start_info.dom_id;
   11.33 +        op.u.iopl.iopl   = next->io_pl;
   11.34 +        queue_multicall1(__HYPERVISOR_dom0_op, (unsigned long)&op);
   11.35 +    }
   11.36  
   11.37      /* EXECUTE ALL TASK SWITCH XEN SYSCALLS AT THIS POINT. */
   11.38      execute_multicall_list();
    12.1 --- a/xenolinux-2.4.21-sparse/arch/xeno/kernel/setup.c	Tue Jul 01 14:17:01 2003 +0000
    12.2 +++ b/xenolinux-2.4.21-sparse/arch/xeno/kernel/setup.c	Sat Jul 05 13:48:17 2003 +0000
    12.3 @@ -43,6 +43,7 @@
    12.4  #include <asm/mpspec.h>
    12.5  #include <asm/mmu_context.h>
    12.6  #include <asm/hypervisor.h>
    12.7 +#include <asm/hypervisor-ifs/dom0_ops.h>
    12.8  
    12.9  shared_info_t *HYPERVISOR_shared_info;
   12.10  
   12.11 @@ -301,12 +302,16 @@ void __init setup_arch(char **cmdline_p)
   12.12  
   12.13      paging_init();
   12.14  
   12.15 -    current->thread.hypercall_pl = 1;
   12.16 -    if ( start_info.flags & SIF_PRIVILEGED ) {
   12.17 +    /* We are privileged guest os - should have IO privileges. */
   12.18 +    if ( start_info.flags & SIF_PRIVILEGED ) 
   12.19 +    {
   12.20 +        dom0_op_t op;
   12.21 +        op.cmd           = DOM0_IOPL;
   12.22 +        op.u.iopl.domain = start_info.dom_id;
   12.23 +        op.u.iopl.iopl   = 1;
   12.24 +        if( HYPERVISOR_dom0_op(&op) != 0 )
   12.25 +            panic("Unable to obtain IOPL, despite being SIF_PRIVILEGED");
   12.26          current->thread.io_pl = 1;
   12.27 -        /* We are privileged guest os - should have IO privileges. */
   12.28 -        if( HYPERVISOR_set_priv_levels(1, 1) )
   12.29 -            panic("Unable to obtain IOPL, despite being SIF_PRIVILEGED");
   12.30      }
   12.31  
   12.32      if(start_info.flags & SIF_CONSOLE)
    13.1 --- a/xenolinux-2.4.21-sparse/include/asm-xeno/hypervisor.h	Tue Jul 01 14:17:01 2003 +0000
    13.2 +++ b/xenolinux-2.4.21-sparse/include/asm-xeno/hypervisor.h	Sat Jul 05 13:48:17 2003 +0000
    13.3 @@ -364,16 +364,4 @@ static inline long HYPERVISOR_kbd_op(uns
    13.4      return ret;
    13.5  }
    13.6  
    13.7 -static inline long HYPERVISOR_set_priv_levels(unsigned int new_io_pl,
    13.8 -                                              unsigned int new_hypercall_pl)
    13.9 -{
   13.10 -    int ret;
   13.11 -    __asm__ __volatile__ (
   13.12 -        TRAP_INSTR
   13.13 -        : "=a" (ret) : "0" (__HYPERVISOR_set_priv_levels),
   13.14 -        "b" (new_io_pl), "c" (new_hypercall_pl) );
   13.15 -
   13.16 -    return ret;
   13.17 -}
   13.18 -
   13.19  #endif /* __HYPERVISOR_H__ */
    14.1 --- a/xenolinux-2.4.21-sparse/include/asm-xeno/processor.h	Tue Jul 01 14:17:01 2003 +0000
    14.2 +++ b/xenolinux-2.4.21-sparse/include/asm-xeno/processor.h	Sat Jul 05 13:48:17 2003 +0000
    14.3 @@ -358,7 +358,7 @@ struct thread_struct {
    14.4  	unsigned long	esp;
    14.5  	unsigned long	fs;
    14.6  	unsigned long	gs;
    14.7 -	unsigned int	io_pl, hypercall_pl;
    14.8 +	unsigned int	io_pl;
    14.9  /* Hardware debugging registers */
   14.10  	unsigned long	debugreg[8];  /* %%db0-7 debug registers */
   14.11  /* fault info */