Add a new ioctl to /proc/xen/privcmd which allows domctls to be performed

without using the generic hypercall interface, so that they are available
on restricted fds.

This requires an unfortunate amount of fiddling with headers so that
XEN_GUEST_HANDLE_64 and uint64_aligned_t are available in kernel
space.

diff --git a/drivers/xen/privcmd/privcmd.c b/drivers/xen/privcmd/privcmd.c
index 0ddb8d9f678cfe54db46d07a8b396093f5f3c997..dc32ae8bf056d49b6f323d692b3386121d049b6d 100644 (file)
--- a/drivers/xen/privcmd/privcmd.c
+++ b/drivers/xen/privcmd/privcmd.c
@@ -25,8 +25,8 @@
 #include <asm/uaccess.h>
 #include <asm/tlb.h>
 #include <asm/hypervisor.h>
-#include <xen/public/privcmd.h>
 #include <xen/interface/xen.h>
+#include <xen/public/privcmd.h>
 #include <xen/xen_proc.h>
 #include <xen/features.h>
 
@@ -311,6 +311,22 @@ static long privcmd_ioctl(struct file *file,
         }
         break;
 
+        case IOCTL_PRIVCMD_DOMCTL: {
+                xen_domctl_t xd;
+
+                if (copy_from_user(&xd, udata, sizeof(xd)))
+                        return -EFAULT;
+                if (fdata->restrict_domid != UNRESTRICTED_DOMID &&
+                    xd.domain != fdata->restrict_domid)
+                        return -EACCES;
+                ret = HYPERVISOR_domctl(&xd);
+                if (ret >= 0) {
+                        if (copy_to_user(udata, &xd, sizeof(xd)))
+                                ret = -EFAULT;
+                }
+        }
+        break;
+
        default:
                ret = -EINVAL;
                break;

diff --git a/include/asm-x86/mach-xen/asm/hypercall_32.h b/include/asm-x86/mach-xen/asm/hypercall_32.h
index 3987b2eddf0eff3e3db37da545d6c1030b48592e..cff47009481f33e2cd2fb182e31714048fca1642 100644 (file)
--- a/include/asm-x86/mach-xen/asm/hypercall_32.h
+++ b/include/asm-x86/mach-xen/asm/hypercall_32.h
@@ -60,3 +60,11 @@ HYPERVISOR_update_va_mapping_otherdomain(
        return _hypercall5(int, update_va_mapping_otherdomain, va,
                           new_val.pte_low, pte_hi, flags, domid);
 }
+
+static inline int __must_check
+HYPERVISOR_domctl(
+        xen_domctl_t *xd)
+{
+        return _hypercall1(int, domctl, xd);
+}
+

diff --git a/include/asm-x86/mach-xen/asm/hypercall_64.h b/include/asm-x86/mach-xen/asm/hypercall_64.h
index 97d944572b8ba1a39b841b1d68b9394d82e36c6c..221a0318aaaffd340ed262cca40f9d024719d615 100644 (file)
--- a/include/asm-x86/mach-xen/asm/hypercall_64.h
+++ b/include/asm-x86/mach-xen/asm/hypercall_64.h
@@ -52,3 +52,11 @@ HYPERVISOR_set_segment_base(
 {
        return _hypercall2(int, set_segment_base, reg, value);
 }
+
+static inline int __must_check
+HYPERVISOR_domctl(
+        xen_domctl_t *xd)
+{
+       return _hypercall1(int, domctl, xd);
+}
+

diff --git a/include/asm-x86/mach-xen/asm/hypervisor.h b/include/asm-x86/mach-xen/asm/hypervisor.h
index aa0ea4dbad42d39ee4c371c38dc22d2a7132d944..9241bddb41c90cbb84a779137047366d6529e772 100644 (file)
--- a/include/asm-x86/mach-xen/asm/hypervisor.h
+++ b/include/asm-x86/mach-xen/asm/hypervisor.h
@@ -42,6 +42,7 @@
 #include <xen/interface/physdev.h>
 #include <xen/interface/sched.h>
 #include <xen/interface/nmi.h>
+#include <xen/interface/domctl.h>
 #include <asm/percpu.h>
 #include <asm/ptrace.h>
 #include <asm/page.h>

diff --git a/include/xen/interface/arch-x86/xen-x86_32.h b/include/xen/interface/arch-x86/xen-x86_32.h
index 7cb6a0179f4dd3889c9b5aa2d80b35c84bfe7b75..64627ec53c58a8f69892b2aa22ac5d812f4397e9 100644 (file)
--- a/include/xen/interface/arch-x86/xen-x86_32.h
+++ b/include/xen/interface/arch-x86/xen-x86_32.h
@@ -100,10 +100,8 @@
 #define machine_to_phys_mapping ((unsigned long *)MACH2PHYS_VIRT_START)
 #endif
 
-/* 32-/64-bit invariability for control interfaces (domctl/sysctl). */
-#if defined(__XEN__) || defined(__XEN_TOOLS__)
 #undef ___DEFINE_XEN_GUEST_HANDLE
-#define ___DEFINE_XEN_GUEST_HANDLE(name, type)                  \
+#define ___DEFINE_XEN_GUEST_HANDLE(name, type)                   \
     typedef struct { type *p; }                                 \
         __guest_handle_ ## name;                                \
     typedef struct { union { type *p; uint64_aligned_t q; }; }  \
@@ -116,7 +114,6 @@
 #define uint64_aligned_t uint64_t __attribute__((aligned(8)))
 #define __XEN_GUEST_HANDLE_64(name) __guest_handle_64_ ## name
 #define XEN_GUEST_HANDLE_64(name) __XEN_GUEST_HANDLE_64(name)
-#endif
 
 #ifndef __ASSEMBLY__
 

diff --git a/include/xen/interface/arch-x86/xen-x86_64.h b/include/xen/interface/arch-x86/xen-x86_64.h
index 1e54cf92a746118ea207fa03c60a692579b301af..12e09935c7a4f98f0f087652255b95ef333e85af 100644 (file)
--- a/include/xen/interface/arch-x86/xen-x86_64.h
+++ b/include/xen/interface/arch-x86/xen-x86_64.h
@@ -97,6 +97,10 @@
 #define machine_to_phys_mapping ((unsigned long *)HYPERVISOR_VIRT_START)
 #endif
 
+#define uint64_aligned_t uint64_t
+#define XEN_GUEST_HANDLE_64(name) XEN_GUEST_HANDLE(name)
+
+
 /*
  * int HYPERVISOR_set_segment_base(unsigned int which, unsigned long base)
  *  @which == SEGBASE_*  ;  @base == 64-bit base address

diff --git a/include/xen/interface/domctl.h b/include/xen/interface/domctl.h
index b7075ac447e54372b745729aaf344b7a388b4048..67195c44454a99f8bf1739a17cc886a7a4cc3f18 100644 (file)
--- a/include/xen/interface/domctl.h
+++ b/include/xen/interface/domctl.h
@@ -28,10 +28,6 @@
 #ifndef __XEN_PUBLIC_DOMCTL_H__
 #define __XEN_PUBLIC_DOMCTL_H__
 
-#if !defined(__XEN__) && !defined(__XEN_TOOLS__)
-#error "domctl operations are intended for use by node control tools only"
-#endif
-
 #include "xen.h"
 
 #define XEN_DOMCTL_INTERFACE_VERSION 0x00000005

diff --git a/include/xen/interface/xen.h b/include/xen/interface/xen.h
index 6d232708b2c5f4134ef59a4a90139b7f704f890b..2d0498afe837c22dba6d290cb6de6af44670f8b0 100644 (file)
--- a/include/xen/interface/xen.h
+++ b/include/xen/interface/xen.h
@@ -649,16 +649,6 @@ __DEFINE_XEN_GUEST_HANDLE(uint64, uint64_t);
 
 #endif /* !__ASSEMBLY__ */
 
-/* Default definitions for macros used by domctl/sysctl. */
-#if defined(__XEN__) || defined(__XEN_TOOLS__)
-#ifndef uint64_aligned_t
-#define uint64_aligned_t uint64_t
-#endif
-#ifndef XEN_GUEST_HANDLE_64
-#define XEN_GUEST_HANDLE_64(name) XEN_GUEST_HANDLE(name)
-#endif
-#endif
-
 #endif /* __XEN_PUBLIC_XEN_H__ */
 
 /*

diff --git a/include/xen/public/privcmd.h b/include/xen/public/privcmd.h
index 1d1965690eaa58f3a39eee78392624037a465620..30773e196fd95394f67ab2620b3eda1ab25fcf09 100644 (file)
--- a/include/xen/public/privcmd.h
+++ b/include/xen/public/privcmd.h
@@ -81,5 +81,7 @@ typedef struct privcmd_restrict_domid {
        _IOC(_IOC_NONE, 'P', 3, sizeof(privcmd_mmapbatch_t))
 #define IOCTL_PRIVCMD_RESTRICT_DOMID                           \
        _IOC(_IOC_NONE, 'P', 4, sizeof(privcmd_restrict_domid_t))
+#define IOCTL_PRIVCMD_DOMCTL                           \
+       _IOC(_IOC_NONE, 'P', 5, sizeof(xen_domctl_t))
 
 #endif /* __LINUX_PUBLIC_PRIVCMD_H__ */