WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH, v2] add privileged/unprivileged kernel feature i

To: Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH, v2] add privileged/unprivileged kernel feature indication
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Wed, 20 Jul 2011 11:39:44 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 20 Jul 2011 03:41:25 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4E25A00E020000780004E4CA@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <4E259FB0020000780004E4BE@xxxxxxxxxxxxxxxxxxxx> <4E25A00E020000780004E4CA@xxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Tue, 2011-07-19 at 14:17 +0100, Jan Beulich wrote:
> Oops, $subject should have said [PATCH, v3] ...
> 
> >>> On 19.07.11 at 15:16, "Jan Beulich" <JBeulich@xxxxxxxxxx> wrote:
> > With our switching away from supporting 32-bit Dom0 operation, users
> > complained that attempts (perhaps due to lack of knowledge of that
> > change) to boot the no longer privileged kernel in Dom0 resulted in
> > apparently silent failure. To make the mismatch explicit and visible,
> > add feature flags that the kernel can set to indicate operation in
> > what modes it supports. For backward compatibility, absence of both
> > feature flags is taken to indicate a kernel that may be capable of
> > operating in both modes.

Actually, since you are introducing a new interface to the feature bits
_and_ it is not possible to add these new bits to the old interface
anyway can't we just have XENFEAT_privileged and require that guest
kernels using the new interface ensure that bit correctly represents the
configuration? IOW backwards compatilibilty is ensure through the
presence/absence of XEN_ELFNOTE_SUPPORTED_FEATURES.

Ian.

> > 
> > v2: Due to the way elf_xen_parse_features() worked up to now (getting
> > fixed here), adding features indications to the old, string based ELF
> > note would make the respective kernel unusable on older hypervisors.
> > For that reason, a new ELF Note is being introduced that allows
> > specifying supported features as a bit array instead (with features
> > unknown to the hypervisor simply ignored, as now also done by
> > elf_xen_parse_features(), whereas here unknown kernel-required
> > features still keep the kernel [and hence VM] from booting).
> > 
> > v3: Introduce and use elf_note_numeric_array() to be forward
> > compatible (or else an old hypervisor wouldn't be able to parse kernel
> > specified features occupying more than 64 bits - thanks, Ian!).
> > 
> > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
> > 
> > --- a/tools/libxc/xc_dom_elfloader.c
> > +++ b/tools/libxc/xc_dom_elfloader.c
> > @@ -286,6 +286,15 @@ static int xc_dom_parse_elf_kernel(struc
> >      if ( (rc = elf_xen_parse(elf, &dom->parms)) != 0 )
> >          return rc;
> >  
> > +    if ( elf_xen_feature_get(XENFEAT_privileged, dom->parms.f_required) ||
> > +         (elf_xen_feature_get(XENFEAT_privileged, dom->parms.f_supported) 
> > &&
> > +          !elf_xen_feature_get(XENFEAT_unprivileged, 
> > dom->parms.f_supported)) 
> > )
> > +    {
> > +        xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: Kernel does not"
> > +                     " support unprivileged (DomU) operation", 
> > __FUNCTION__);
> > +        return -EINVAL;
> > +    }
> > +
> >      /* find kernel segment */
> >      dom->kernel_seg.vstart = dom->parms.virt_kstart;
> >      dom->kernel_seg.vend   = dom->parms.virt_kend;
> > --- a/xen/arch/ia64/xen/domain.c
> > +++ b/xen/arch/ia64/xen/domain.c
> > @@ -2164,6 +2164,14 @@ int __init construct_dom0(struct domain 
> >             return -1;
> >     }
> >  
> > +   if (test_bit(XENFEAT_unprivileged, parms.f_required) ||
> > +       (test_bit(XENFEAT_unprivileged, parms.f_supported) &&
> > +        !test_bit(XENFEAT_privileged, parms.f_supported)))
> > +   {
> > +           printk("Kernel does not support Dom0 operation\n");
> > +           return -1;
> > +   }
> > +
> >     p_start = parms.virt_base;
> >     pkern_start = parms.virt_kstart;
> >     pkern_end = parms.virt_kend;
> > --- a/xen/arch/x86/domain_build.c
> > +++ b/xen/arch/x86/domain_build.c
> > @@ -415,6 +415,14 @@ int __init construct_dom0(
> >          return -EINVAL;
> >      }
> >  
> > +    if ( test_bit(XENFEAT_unprivileged, parms.f_required) ||
> > +         (test_bit(XENFEAT_unprivileged, parms.f_supported) &&
> > +          !test_bit(XENFEAT_privileged, parms.f_supported)) )
> > +    {
> > +        printk("Kernel does not support Dom0 operation\n");
> > +        return -EINVAL;
> > +    }
> > +
> >  #if defined(__x86_64__)
> >      if ( compat32 )
> >      {
> > --- a/xen/common/kernel.c
> > +++ b/xen/common/kernel.c
> > @@ -278,7 +278,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL
> >          switch ( fi.submap_idx )
> >          {
> >          case 0:
> > -            fi.submap = 0;
> > +            fi.submap = 1U << (IS_PRIV(current->domain) ?
> > +                               XENFEAT_privileged : XENFEAT_unprivileged);
> >              if ( VM_ASSIST(d, VMASST_TYPE_pae_extended_cr3) )
> >                  fi.submap |= (1U << XENFEAT_pae_pgdir_above_4gb);
> >              if ( paging_mode_translate(current->domain) )
> > --- a/xen/common/libelf/libelf-dominfo.c
> > +++ b/xen/common/libelf/libelf-dominfo.c
> > @@ -26,7 +26,9 @@ static const char *const elf_xen_feature
> >      [XENFEAT_writable_descriptor_tables] = "writable_descriptor_tables",
> >      [XENFEAT_auto_translated_physmap] = "auto_translated_physmap",
> >      [XENFEAT_supervisor_mode_kernel] = "supervisor_mode_kernel",
> > -    [XENFEAT_pae_pgdir_above_4gb] = "pae_pgdir_above_4gb"
> > +    [XENFEAT_pae_pgdir_above_4gb] = "pae_pgdir_above_4gb",
> > +    [XENFEAT_privileged] = "privileged",
> > +    [XENFEAT_unprivileged] = "unprivileged"
> >  };
> >  static const int elf_xen_features =
> >  sizeof(elf_xen_feature_names) / sizeof(elf_xen_feature_names[0]);
> > @@ -83,7 +85,7 @@ int elf_xen_parse_features(const char *f
> >                  }
> >              }
> >          }
> > -        if ( i == elf_xen_features )
> > +        if ( i == elf_xen_features && required && feature[0] == '!' )
> >              return -1;
> >      }
> >  
> > @@ -114,6 +116,7 @@ int elf_xen_parse_note(struct elf_binary
> >          [XEN_ELFNOTE_LOADER] = { "LOADER", 1},
> >          [XEN_ELFNOTE_PAE_MODE] = { "PAE_MODE", 1},
> >          [XEN_ELFNOTE_FEATURES] = { "FEATURES", 1},
> > +        [XEN_ELFNOTE_SUPPORTED_FEATURES] = { "SUPPORTED_FEATURES", 0},
> >          [XEN_ELFNOTE_BSD_SYMTAB] = { "BSD_SYMTAB", 1},
> >          [XEN_ELFNOTE_SUSPEND_CANCEL] = { "SUSPEND_CANCEL", 0 },
> >          [XEN_ELFNOTE_MOD_START_PFN] = { "MOD_START_PFN", 0 },
> > @@ -122,6 +125,7 @@ int elf_xen_parse_note(struct elf_binary
> >  
> >      const char *str = NULL;
> >      uint64_t val = 0;
> > +    unsigned int i;
> >      int type = elf_uval(elf, note, type);
> >  
> >      if ( (type >= sizeof(note_desc) / sizeof(note_desc[0])) ||
> > @@ -200,6 +204,12 @@ int elf_xen_parse_note(struct elf_binary
> >              return -1;
> >          break;
> >  
> > +    case XEN_ELFNOTE_SUPPORTED_FEATURES:
> > +        for ( i = 0; i < XENFEAT_NR_SUBMAPS; ++i )
> > +            parms->f_supported[i] |= elf_note_numeric_array(
> > +                elf, note, sizeof(*parms->f_supported), i);
> > +        break;
> > +
> >      }
> >      return 0;
> >  }
> > --- a/xen/common/libelf/libelf-tools.c
> > +++ b/xen/common/libelf/libelf-tools.c
> > @@ -227,6 +227,27 @@ uint64_t elf_note_numeric(struct elf_bin
> >          return 0;
> >      }
> >  }
> > +
> > +uint64_t elf_note_numeric_array(struct elf_binary *elf, const elf_note 
> > *note,
> > +                                unsigned int unitsz, unsigned int idx)
> > +{
> > +    const void *desc = elf_note_desc(elf, note);
> > +    int descsz = elf_uval(elf, note, descsz);
> > +
> > +    if ( descsz % unitsz || idx >= descsz / unitsz )
> > +        return 0;
> > +    switch (unitsz)
> > +    {
> > +    case 1:
> > +    case 2:
> > +    case 4:
> > +    case 8:
> > +        return elf_access_unsigned(elf, desc, idx * unitsz, unitsz);
> > +    default:
> > +        return 0;
> > +    }
> > +}
> > +
> >  const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * 
> > note)
> >  {
> >      int namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
> > --- a/xen/include/public/elfnote.h
> > +++ b/xen/include/public/elfnote.h
> > @@ -179,9 +179,22 @@
> >  #define XEN_ELFNOTE_MOD_START_PFN 16
> >  
> >  /*
> > + * The features supported by this kernel (numeric).
> > + *
> > + * Other than XEN_ELFNOTE_FEATURES on pre-4.2 Xen, this note allows a
> > + * kernel to specify support for features that older hypervisors don't
> > + * know about. The set of features 4.2 and newer hypervisors will
> > + * consider supported by the kernel is the combination of the sets
> > + * specified through this and the string note.
> > + *
> > + * LEGACY: FEATURES
> > + */
> > +#define XEN_ELFNOTE_SUPPORTED_FEATURES 17
> > +
> > +/*
> >   * The number of the highest elfnote defined.
> >   */
> > -#define XEN_ELFNOTE_MAX XEN_ELFNOTE_MOD_START_PFN
> > +#define XEN_ELFNOTE_MAX XEN_ELFNOTE_SUPPORTED_FEATURES
> >  
> >  /*
> >   * System information exported through crash notes.
> > --- a/xen/include/public/features.h
> > +++ b/xen/include/public/features.h
> > @@ -75,7 +75,13 @@
> >  #define XENFEAT_hvm_safe_pvclock           9
> >  
> >  /* x86: pirq can be used by HVM guests */
> > -#define XENFEAT_hvm_pirqs           10
> > +#define XENFEAT_hvm_pirqs                 10
> > +
> > +/* privileged operation is supported */
> > +#define XENFEAT_privileged                11
> > +
> > +/* un-privileged operation is supported */
> > +#define XENFEAT_unprivileged              12
> >  
> >  #define XENFEAT_NR_SUBMAPS 1
> >  
> > --- a/xen/include/xen/libelf.h
> > +++ b/xen/include/xen/libelf.h
> > @@ -179,6 +179,8 @@ const elf_sym *elf_sym_by_index(struct e
> >  const char *elf_note_name(struct elf_binary *elf, const elf_note * note);
> >  const void *elf_note_desc(struct elf_binary *elf, const elf_note * note);
> >  uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note);
> > +uint64_t elf_note_numeric_array(struct elf_binary *, const elf_note *,
> > +                                unsigned int unitsz, unsigned int idx);
> >  const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * 
> > note);
> >  
> >  int elf_is_elfbinary(const void *image);
> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>