At 10:41 +0100 on 22 Apr (1271932876), Qing He wrote:
> Introduce a domain create flag to allow user to set availability
> of nested virtualization.
> The flag will be used to disable all reporting and function
> facilities, improving guest security.
I have the same reservation about this as Christoph's patch: I don't
think this needs to be a create-time flag - there's no reason it can't
be enabled or disabled with a domctl after domain creation. (And of
course we'll want it to bve the same interface on both SVM and VMX.)
Tim.
> Another per vcpu flag is used to indicate whether the vcpu
> is in L1 or L2 context.
>
> Signed-off-by: Qing He <qing.he@xxxxxxxxx>
>
> ---
> arch/x86/domain.c | 4 ++++
> common/domctl.c | 5 ++++-
> include/asm-x86/hvm/domain.h | 1 +
> include/asm-x86/hvm/vcpu.h | 2 ++
> include/public/domctl.h | 3 +++
> include/xen/sched.h | 3 +++
> 6 files changed, 17 insertions(+), 1 deletion(-)
>
> diff -r a0bbec37b529 -r 6f0f41f80285 xen/arch/x86/domain.c
> --- a/xen/arch/x86/domain.c Thu Apr 22 21:49:38 2010 +0800
> +++ b/xen/arch/x86/domain.c Thu Apr 22 22:30:00 2010 +0800
> @@ -413,6 +413,10 @@
>
> d->arch.s3_integrity = !!(domcr_flags & DOMCRF_s3_integrity);
>
> + d->arch.hvm_domain.nesting_avail =
> + is_hvm_domain(d) &&
> + (domcr_flags & DOMCRF_nesting);
> +
> INIT_LIST_HEAD(&d->arch.pdev_list);
>
> d->arch.relmem = RELMEM_not_started;
> diff -r a0bbec37b529 -r 6f0f41f80285 xen/common/domctl.c
> --- a/xen/common/domctl.c Thu Apr 22 21:49:38 2010 +0800
> +++ b/xen/common/domctl.c Thu Apr 22 22:30:00 2010 +0800
> @@ -393,7 +393,8 @@
> if ( supervisor_mode_kernel ||
> (op->u.createdomain.flags &
> ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap |
> - XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off)) )
> + XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off |
> + XEN_DOMCTL_CDF_nesting)) )
> break;
>
> dom = op->domain;
> @@ -429,6 +430,8 @@
> domcr_flags |= DOMCRF_s3_integrity;
> if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_oos_off )
> domcr_flags |= DOMCRF_oos_off;
> + if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_nesting )
> + domcr_flags |= DOMCRF_nesting;
>
> ret = -ENOMEM;
> d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref);
> diff -r a0bbec37b529 -r 6f0f41f80285 xen/include/asm-x86/hvm/domain.h
> --- a/xen/include/asm-x86/hvm/domain.h Thu Apr 22 21:49:38 2010 +0800
> +++ b/xen/include/asm-x86/hvm/domain.h Thu Apr 22 22:30:00 2010 +0800
> @@ -93,6 +93,7 @@
> bool_t mem_sharing_enabled;
> bool_t qemu_mapcache_invalidate;
> bool_t is_s3_suspended;
> + bool_t nesting_avail;
>
> union {
> struct vmx_domain vmx;
> diff -r a0bbec37b529 -r 6f0f41f80285 xen/include/asm-x86/hvm/vcpu.h
> --- a/xen/include/asm-x86/hvm/vcpu.h Thu Apr 22 21:49:38 2010 +0800
> +++ b/xen/include/asm-x86/hvm/vcpu.h Thu Apr 22 22:30:00 2010 +0800
> @@ -70,6 +70,8 @@
> bool_t debug_state_latch;
> bool_t single_step;
>
> + bool_t in_nesting;
> +
> u64 asid_generation;
> u32 asid;
>
> diff -r a0bbec37b529 -r 6f0f41f80285 xen/include/public/domctl.h
> --- a/xen/include/public/domctl.h Thu Apr 22 21:49:38 2010 +0800
> +++ b/xen/include/public/domctl.h Thu Apr 22 22:30:00 2010 +0800
> @@ -64,6 +64,9 @@
> /* Disable out-of-sync shadow page tables? */
> #define _XEN_DOMCTL_CDF_oos_off 3
> #define XEN_DOMCTL_CDF_oos_off (1U<<_XEN_DOMCTL_CDF_oos_off)
> + /* Is nested virtualization allowed */
> +#define _XEN_DOMCTL_CDF_nesting 4
> +#define XEN_DOMCTL_CDF_nesting (1U<<_XEN_DOMCTL_CDF_nesting)
> };
> typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
> DEFINE_XEN_GUEST_HANDLE(xen_domctl_createdomain_t);
> diff -r a0bbec37b529 -r 6f0f41f80285 xen/include/xen/sched.h
> --- a/xen/include/xen/sched.h Thu Apr 22 21:49:38 2010 +0800
> +++ b/xen/include/xen/sched.h Thu Apr 22 22:30:00 2010 +0800
> @@ -393,6 +393,9 @@
> /* DOMCRF_oos_off: dont use out-of-sync optimization for shadow page tables
> */
> #define _DOMCRF_oos_off 4
> #define DOMCRF_oos_off (1U<<_DOMCRF_oos_off)
> + /* DOMCRF_nesting: Create a domain that allows nested virtualization . */
> +#define _DOMCRF_nesting 5
> +#define DOMCRF_nesting (1U<<_DOMCRF_nesting)
>
> /*
> * rcu_lock_domain_by_id() is more efficient than get_domain_by_id().
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, XenServer Engineering
Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home