Re: [Xen-devel] [PATCH V4 08/13] xen: Introduce monitor_op domctl

[Daniel De Graaf]

On 02/09/2015 01:53 PM, Tamas K Lengyel wrote:

In preparation for allowing for introspecting ARM and PV domains the old
control interface via the hvm_op hypercall is retired. A new control mechanism
is introduced via the domctl hypercall: monitor_op.

This patch aims to establish a base API on which future applications can build
on.

Suggested-by: Andrew Cooper andrew.coop...@citrix.com
Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com
Acked-by: Ian Campbell ian.campb...@citrix.com
Acked-by: Kevin Tian kevin.t...@intel.com


One minor typo, then:
Acked-by: Daniel De Graaf dgde...@tycho.nsa.gov

[...]

diff --git a/xen/xsm/flask/policy/access_vectors 
b/xen/xsm/flask/policy/access_vectors
index 9da3275..35d1c7b 100644
--- a/xen/xsm/flask/policy/access_vectors
+++ b/xen/xsm/flask/policy/access_vectors
@@ -249,6 +249,8 @@ class hvm
  # HVMOP_inject_trap
  hvmctl
  # XEN_DOMCTL_set_access_required
+# XEN_DOMCLT_monitor_op
+# XEN_DOMCLT_vm_event_op
  vm_event
  # XEN_DOMCTL_mem_sharing_op and XENMEM_sharing_op_{share,add_physmap} with:
  #  source = the domain making the hypercall


DOMCLT = DOMCTL

--
Daniel De Graaf
National Security Agency

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [PATCH V4 08/13] xen: Introduce monitor_op domctl

[Tamas K Lengyel]

In preparation for allowing for introspecting ARM and PV domains the old
control interface via the hvm_op hypercall is retired. A new control mechanism
is introduced via the domctl hypercall: monitor_op.

This patch aims to establish a base API on which future applications can build
on.

Suggested-by: Andrew Cooper andrew.coop...@citrix.com
Signed-off-by: Tamas K Lengyel tamas.leng...@zentific.com
Acked-by: Ian Campbell ian.campb...@citrix.com
Acked-by: Kevin Tian kevin.t...@intel.com
---
v4: Style fixes
Only defining struct mov_to_cr and struct debug_event in asm-x86/domain.h
Add pause/unpause domain wrapper when enabled a monitor option.
---
 tools/libxc/Makefile|   1 +
 tools/libxc/include/xenctrl.h   |  19 
 tools/libxc/xc_mem_access.c |   9 +-
 tools/libxc/xc_monitor.c| 118 +
 tools/libxc/xc_private.h|   2 +-
 tools/libxc/xc_vm_event.c   |   7 +-
 tools/tests/xen-access/xen-access.c |  14 +--
 xen/arch/x86/Makefile   |   1 +
 xen/arch/x86/hvm/emulate.c  |   3 +-
 xen/arch/x86/hvm/event.c|  69 ++--
 xen/arch/x86/hvm/hvm.c  |  38 +--
 xen/arch/x86/hvm/vmx/vmcs.c |   6 +-
 xen/arch/x86/hvm/vmx/vmx.c  |   2 +-
 xen/arch/x86/mm/p2m.c   |   9 --
 xen/arch/x86/monitor.c  | 204 
 xen/common/domctl.c |   9 ++
 xen/common/vm_event.c   |  19 +---
 xen/include/asm-arm/monitor.h   |  13 +++
 xen/include/asm-x86/domain.h|  28 +
 xen/include/asm-x86/hvm/domain.h|   1 -
 xen/include/asm-x86/monitor.h   |   8 ++
 xen/include/public/domctl.h |  50 -
 xen/include/public/hvm/params.h |  15 ---
 xen/include/public/vm_event.h   |   2 +-
 xen/xsm/flask/hooks.c   |   3 +
 xen/xsm/flask/policy/access_vectors |   2 +
 26 files changed, 510 insertions(+), 142 deletions(-)
 create mode 100644 tools/libxc/xc_monitor.c
 create mode 100644 xen/arch/x86/monitor.c
 create mode 100644 xen/include/asm-arm/monitor.h
 create mode 100644 xen/include/asm-x86/monitor.h

diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
index 22ba2a1..8b609cf 100644
--- a/tools/libxc/Makefile
+++ b/tools/libxc/Makefile
@@ -32,6 +32,7 @@ CTRL_SRCS-y   += xc_cpu_hotplug.c
 CTRL_SRCS-y   += xc_resume.c
 CTRL_SRCS-y   += xc_tmem.c
 CTRL_SRCS-y   += xc_vm_event.c
+CTRL_SRCS-y   += xc_monitor.c
 CTRL_SRCS-y   += xc_mem_paging.c
 CTRL_SRCS-y   += xc_mem_access.c
 CTRL_SRCS-y   += xc_memshr.c
diff --git a/tools/libxc/include/xenctrl.h b/tools/libxc/include/xenctrl.h
index 790db53..3324132 100644
--- a/tools/libxc/include/xenctrl.h
+++ b/tools/libxc/include/xenctrl.h
@@ -2308,6 +2308,25 @@ int xc_get_mem_access(xc_interface *xch, domid_t 
domain_id,
   uint64_t pfn, xenmem_access_t *access);
 
 /***
+ * Monitor control operations.
+ */
+int xc_monitor_mov_to_cr0(xc_interface *xch, domid_t domain_id,
+  unsigned int op, unsigned int sync,
+  unsigned int onchangeonly);
+int xc_monitor_mov_to_cr3(xc_interface *xch, domid_t domain_id,
+  unsigned int op, unsigned int sync,
+  unsigned int onchangeonly);
+int xc_monitor_mov_to_cr4(xc_interface *xch, domid_t domain_id,
+  unsigned int op, unsigned int sync,
+  unsigned int onchangeonly);
+int xc_monitor_mov_to_msr(xc_interface *xch, domid_t domain_id,
+  unsigned int op, unsigned int extended_capture);
+int xc_monitor_singlestep(xc_interface *xch, domid_t domain_id,
+  unsigned int op);
+int xc_monitor_software_breakpoint(xc_interface *xch, domid_t domain_id,
+   unsigned int op);
+
+/***
  * Memory sharing operations.
  *
  * Unles otherwise noted, these calls return 0 on succes, -1 and errno on
diff --git a/tools/libxc/xc_mem_access.c b/tools/libxc/xc_mem_access.c
index 0a3f0e6..37e776c 100644
--- a/tools/libxc/xc_mem_access.c
+++ b/tools/libxc/xc_mem_access.c
@@ -27,14 +27,7 @@
 void *xc_mem_access_enable(xc_interface *xch, domid_t domain_id, uint32_t 
*port)
 {
 return xc_vm_event_enable(xch, domain_id, HVM_PARAM_MONITOR_RING_PFN,
-  port, 0);
-}
-
-void *xc_mem_access_enable_introspection(xc_interface *xch, domid_t domain_id,
- uint32_t *port)
-{
-return xc_vm_event_enable(xch, domain_id, HVM_PARAM_MONITOR_RING_PFN,
-  port, 1);
+  port);
 }
 
 int xc_mem_access_disable(xc_interface *xch, domid_t domain_id)
diff --git a/tools/libxc/xc_monitor.c b/tools/libxc/xc_monitor.c
new file mode 100644
index 000..9e807d1
--- /dev/null
+++ b/tools/libxc/xc_monitor.c
@@ -0,0 +1,118 @@