[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 38/62] x86/shim: Kconfig and command line options



From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 docs/misc/xen-command-line.markdown | 11 ++++++++++
 xen/arch/x86/Kconfig                | 22 +++++++++++++++++++
 xen/arch/x86/pv/Makefile            |  1 +
 xen/arch/x86/pv/shim.c              | 39 ++++++++++++++++++++++++++++++++++
 xen/include/asm-x86/guest.h         |  1 +
 xen/include/asm-x86/pv/shim.h       | 42 +++++++++++++++++++++++++++++++++++++
 6 files changed, 116 insertions(+)
 create mode 100644 xen/arch/x86/pv/shim.c
 create mode 100644 xen/include/asm-x86/pv/shim.h

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index da006dd4f7..3a1a9c1fba 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1445,6 +1445,17 @@ do; there may be other custom operating systems which 
do.  If you're
 certain you don't plan on having PV guests which use this feature,
 turning it off can reduce the attack surface.
 
+### pv-shim (x86)
+> `= <boolean>`
+
+> Default: `false`
+
+This option is intended for use by a toolstack, when choosing to run a PV
+guest compatibly inside an HVM container.
+
+In this mode, the kernel and initrd passed as modules to the hypervisor are
+constructed into a plain unprivileged PV domain.
+
 ### rcu-idle-timer-period-ms
 > `= <integer>`
 
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index c0b0bcdcb3..4953533f16 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -133,6 +133,28 @@ config PVH_GUEST
        ---help---
          Support booting using the PVH ABI.
 
+         If unsure, say N.
+
+config PV_SHIM
+       def_bool n
+       prompt "PV Shim"
+       depends on PV && XEN_GUEST
+       ---help---
+         Build Xen with a mode which acts as a shim to allow PV guest to run
+         in an HVM/PVH container. This mode can only be enabled with command
+         line option.
+
+         If unsure, say N.
+
+config PV_SHIM_EXCLUSIVE
+       def_bool n
+       prompt "PV Shim Exclusive"
+       depends on PV_SHIM
+       ---help---
+         Build Xen in a way which unconditionally assumes PV_SHIM mode.  This
+         option is only intended for use when building a dedicated PV Shim
+         firmware, and will not function correctly in other scenarios.
+
          If unsure, say N.
 endmenu
 
diff --git a/xen/arch/x86/pv/Makefile b/xen/arch/x86/pv/Makefile
index bac2792aa2..65bca04175 100644
--- a/xen/arch/x86/pv/Makefile
+++ b/xen/arch/x86/pv/Makefile
@@ -11,6 +11,7 @@ obj-y += iret.o
 obj-y += misc-hypercalls.o
 obj-y += mm.o
 obj-y += ro-page-fault.o
+obj-$(CONFIG_PV_SHIM) += shim.o
 obj-y += traps.o
 
 obj-bin-y += dom0_build.init.o
diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c
new file mode 100644
index 0000000000..4d037355db
--- /dev/null
+++ b/xen/arch/x86/pv/shim.c
@@ -0,0 +1,39 @@
+/******************************************************************************
+ * arch/x86/pv/shim.c
+ *
+ * Functionaltiy for PV Shim mode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright (c) 2017 Citrix Systems Ltd.
+ */
+#include <xen/init.h>
+#include <xen/types.h>
+
+#include <asm/apic.h>
+
+#ifndef CONFIG_PV_SHIM_EXCLUSIVE
+bool pv_shim;
+boolean_param("pv-shim", pv_shim);
+#endif
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/include/asm-x86/guest.h b/xen/include/asm-x86/guest.h
index 5abdb8c433..a38c6b5b3f 100644
--- a/xen/include/asm-x86/guest.h
+++ b/xen/include/asm-x86/guest.h
@@ -22,6 +22,7 @@
 #include <asm/guest/hypercall.h>
 #include <asm/guest/pvh-boot.h>
 #include <asm/guest/xen.h>
+#include <asm/pv/shim.h>
 
 #endif /* __X86_GUEST_H__ */
 
diff --git a/xen/include/asm-x86/pv/shim.h b/xen/include/asm-x86/pv/shim.h
new file mode 100644
index 0000000000..1468cfd498
--- /dev/null
+++ b/xen/include/asm-x86/pv/shim.h
@@ -0,0 +1,42 @@
+/******************************************************************************
+ * asm-x86/guest/shim.h
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms and conditions of the GNU General Public
+ * License, version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright (c) 2017 Citrix Systems Ltd.
+ */
+
+#ifndef __X86_PV_SHIM_H__
+#define __X86_PV_SHIM_H__
+
+#include <xen/types.h>
+
+#if defined(CONFIG_PV_SHIM_EXCLUSIVE)
+# define pv_shim 1
+#elif defined(CONFIG_PV_SHIM)
+extern bool pv_shim;
+#else
+# define pv_shim 0
+#endif /* CONFIG_PV_SHIM{,_EXCLUSIVE} */
+
+#endif /* __X86_PV_SHIM_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.