From 506db9078c8c9a1c814fc9f542b198385448218e Mon Sep 17 00:00:00 2001
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date: Mon, 21 Dec 2015 13:40:13 +0100
Subject: [PATCH] x86/HVM: merge HVM and PVH hypercall tables

The tables are almost identical and therefore there is little reason to
keep both sets.

PVH needs 3 extra hypercalls:
* mmuext_op. MMUEXT_PIN_L<x>_TABLE are required by control domain (dom0)
  when building guests. We add MMUEXT_UNPIN_TABLE for completeness.
* platform_op. These are only available to privileged domains. We will
  (eventually) have privileged HVMlite guests and therefore shouldn't
  limit this to PVH only.
* xenpmu_op. any guest with !has_vlapic() (i.e. PV, PVH and HVMlite)
  should be able to use it.

Note that until recently PVH guests used mmuext_op's MMUEXT_INVLPG_MULTI and
MMUEXT_TLB_FLUSH_MULTI commands but it has been determined that using the
former was incorrect and using the latter is correct for now but is not
guaranteed to work in the future.

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/arch/x86/hvm/hvm.c          | 59 +++++----------------------------
 xen/arch/x86/mm.c               | 24 ++++++++++++++
 xen/arch/x86/x86_64/compat/mm.c |  4 ++-
 xen/include/asm-x86/hypercall.h |  9 +++++
 4 files changed, 44 insertions(+), 52 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 3bb31daa0f..dcda70afe0 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -5173,6 +5173,9 @@ static hvm_hypercall_t *const hvm_hypercall64_table[NR_hypercalls] = {
     HYPERCALL(sysctl),
     HYPERCALL(domctl),
     HYPERCALL(tmem_op),
+    HYPERCALL(platform_op),
+    HYPERCALL(mmuext_op),
+    HYPERCALL(xenpmu_op),
     [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
 };
 
@@ -5194,48 +5197,8 @@ static hvm_hypercall_t *const hvm_hypercall32_table[NR_hypercalls] = {
     HYPERCALL(sysctl),
     HYPERCALL(domctl),
     HYPERCALL(tmem_op),
-    [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
-};
-
-static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = {
-    HYPERCALL(platform_op),
-    HYPERCALL(memory_op),
-    HYPERCALL(xen_version),
-    HYPERCALL(console_io),
-    [ __HYPERVISOR_grant_table_op ]  = (hvm_hypercall_t *)hvm_grant_table_op,
-    HYPERCALL(vcpu_op),
-    HYPERCALL(mmuext_op),
-    HYPERCALL(xsm_op),
-    HYPERCALL(sched_op),
-    HYPERCALL(event_channel_op),
-    [ __HYPERVISOR_physdev_op ]      = (hvm_hypercall_t *)hvm_physdev_op,
-    HYPERCALL(hvm_op),
-    HYPERCALL(sysctl),
-    HYPERCALL(domctl),
-    HYPERCALL(xenpmu_op),
-    [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
-};
-
-extern int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(void) cmp_uops,
-                            unsigned int count,
-                            XEN_GUEST_HANDLE_PARAM(uint) pdone,
-                            unsigned int foreigndom);
-static hvm_hypercall_t *const pvh_hypercall32_table[NR_hypercalls] = {
-    HYPERCALL(platform_op),
-    COMPAT_CALL(memory_op),
-    HYPERCALL(xen_version),
-    HYPERCALL(console_io),
-    [ __HYPERVISOR_grant_table_op ]  =
-        (hvm_hypercall_t *)hvm_grant_table_op_compat32,
-    COMPAT_CALL(vcpu_op),
+    COMPAT_CALL(platform_op),
     COMPAT_CALL(mmuext_op),
-    HYPERCALL(xsm_op),
-    COMPAT_CALL(sched_op),
-    HYPERCALL(event_channel_op),
-    [ __HYPERVISOR_physdev_op ] = (hvm_hypercall_t *)hvm_physdev_op_compat32,
-    HYPERCALL(hvm_op),
-    HYPERCALL(sysctl),
-    HYPERCALL(domctl),
     HYPERCALL(xenpmu_op),
     [ __HYPERVISOR_arch_1 ] = (hvm_hypercall_t *)paging_domctl_continuation
 };
@@ -5269,9 +5232,7 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
     if ( (eax & 0x80000000) && is_viridian_domain(currd) )
         return viridian_hypercall(regs);
 
-    if ( (eax >= NR_hypercalls) ||
-         !(is_pvh_domain(currd) ? pvh_hypercall32_table[eax]
-                                : hvm_hypercall32_table[eax]) )
+    if ( (eax >= NR_hypercalls) || !hvm_hypercall32_table[eax] )
     {
         regs->eax = -ENOSYS;
         return HVM_HCALL_completed;
@@ -5305,9 +5266,8 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
 #endif
 
         curr->arch.hvm_vcpu.hcall_64bit = 1;
-        regs->rax = (is_pvh_domain(currd)
-                     ? pvh_hypercall64_table
-                     : hvm_hypercall64_table)[eax](rdi, rsi, rdx, r10, r8, r9);
+        regs->rax = hvm_hypercall64_table[eax](rdi, rsi, rdx, r10, r8, r9);
+
         curr->arch.hvm_vcpu.hcall_64bit = 0;
 
 #ifndef NDEBUG
@@ -5351,10 +5311,7 @@ int hvm_do_hypercall(struct cpu_user_regs *regs)
         }
 #endif
 
-        regs->_eax = (is_pvh_vcpu(curr)
-                      ? pvh_hypercall32_table
-                      : hvm_hypercall32_table)[eax](ebx, ecx, edx,
-                                                    esi, edi, ebp);
+        regs->_eax = hvm_hypercall32_table[eax](ebx, ecx, edx, esi, edi, ebp);
 
 #ifndef NDEBUG
         if ( !curr->arch.hvm_vcpu.hcall_preempted )
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index d33eb10e9d..e6b2cafcd1 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3008,6 +3008,12 @@ long do_mmuext_op(
     if ( (pg_owner = get_pg_owner(foreigndom)) == NULL )
         return -ESRCH;
 
+    if ( !is_pv_domain(pg_owner) )
+    {
+        put_pg_owner(pg_owner);
+        return -EINVAL;
+    }
+
     rc = xsm_mmuext_op(XSM_TARGET, d, pg_owner);
     if ( rc )
     {
@@ -3030,6 +3036,23 @@ long do_mmuext_op(
             break;
         }
 
+        if ( has_hvm_container_domain(d) )
+        {
+            switch ( op.cmd )
+            {
+            case MMUEXT_PIN_L1_TABLE:
+            case MMUEXT_PIN_L2_TABLE:
+            case MMUEXT_PIN_L3_TABLE:
+            case MMUEXT_PIN_L4_TABLE:
+            case MMUEXT_UNPIN_TABLE:
+                break;
+            default:
+                MEM_LOG("Invalid extended pt command %#x", op.cmd);
+                rc = -EOPNOTSUPP;
+                goto done;
+            }
+        }
+
         okay = 1;
 
         switch ( op.cmd )
@@ -3459,6 +3482,7 @@ long do_mmuext_op(
             break;
         }
 
+ done:
         if ( unlikely(!okay) && !rc )
             rc = -EINVAL;
         if ( unlikely(rc) )
diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c
index 178e42d976..58be8ad7f1 100644
--- a/xen/arch/x86/x86_64/compat/mm.c
+++ b/xen/arch/x86/x86_64/compat/mm.c
@@ -215,13 +215,15 @@ int compat_update_va_mapping_otherdomain(unsigned long va, u32 lo, u32 hi,
 
 DEFINE_XEN_GUEST_HANDLE(mmuext_op_compat_t);
 
-int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(mmuext_op_compat_t) cmp_uops,
+int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(void) arg,
                      unsigned int count,
                      XEN_GUEST_HANDLE_PARAM(uint) pdone,
                      unsigned int foreigndom)
 {
     unsigned int i, preempt_mask;
     int rc = 0;
+    XEN_GUEST_HANDLE_PARAM(mmuext_op_compat_t) cmp_uops =
+        guest_handle_cast(arg, mmuext_op_compat_t);
     XEN_GUEST_HANDLE_PARAM(mmuext_op_t) nat_ops;
 
     if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
diff --git a/xen/include/asm-x86/hypercall.h b/xen/include/asm-x86/hypercall.h
index afa8ba9880..945d58ad47 100644
--- a/xen/include/asm-x86/hypercall.h
+++ b/xen/include/asm-x86/hypercall.h
@@ -110,4 +110,13 @@ extern int
 arch_compat_vcpu_op(
     int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg);
 
+extern int compat_mmuext_op(
+    XEN_GUEST_HANDLE_PARAM(void) arg,
+    unsigned int count,
+    XEN_GUEST_HANDLE_PARAM(uint) pdone,
+    unsigned int foreigndom);
+
+extern int compat_platform_op(
+    XEN_GUEST_HANDLE_PARAM(void) u_xenpf_op);
+
 #endif /* __ASM_X86_HYPERCALL_H__ */
-- 
2.30.2