Enable to (un)hide a PCI device through the API

New API: - `PCI.hide`: hide a PCI device from the dom0 kernel - `PCI.unhide`: unhide a PCI device from the dom0 kernel - `PCI.is_hidden`: return whether a PCI device is hidden This is already possible for PGPUs with the `{enable/disable}_dom0_access` calls this extends it to all PCI devices. Signed-off-by: Benjamin Reis <[email protected]>
xcp-ng · Mar 12, 2024 · 462fc78 · 462fc78
1 parent 34dabdf
commit 462fc78
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 3 deletions.
diff --git a/ocaml/idl/datamodel.ml b/ocaml/idl/datamodel.ml
@@ -6519,12 +6519,41 @@ end
 (** PCI devices *)
 
 module PCI = struct
+  let disable_dom0_access =
+    call ~name:"disable_dom0_access"
+      ~lifecycle:[(Published, rel_vgpu_tech_preview, "")]
+      ~doc:
+        "Hide a PCI device from the dom0 kernel. (Takes affect after next \
+         boot.)"
+      ~params:[(Ref _pci, "self", "The PCI to hide")]
+      ~allowed_roles:_R_POOL_OP ()
+
+  let enable_dom0_access =
+    call ~name:"enable_dom0_access"
+      ~lifecycle:[(Published, rel_vgpu_tech_preview, "")]
+      ~doc:
+        "Unhide a PCI device from the dom0 kernel. (Takes affect after next \
+         boot.)"
+      ~params:[(Ref _pci, "self", "The PCI to unhide")]
+      ~allowed_roles:_R_POOL_OP ()
+
+  let is_dom0_access_enabled =
+    call ~name:"is_dom0_access_enabled"
+      ~lifecycle:[(Published, rel_vgpu_tech_preview, "")]
+      ~doc:
+        "Check whether a PCI device is reachable from the dom0 kernel on boot."
+      ~params:[(Ref _pci, "self", "The PCI")]
+      ~result:(Bool, "Wether the PCI is reachable from the dom0 kernel")
+      ~allowed_roles:_R_POOL_OP ()
+
   let t =
     create_obj ~name:_pci ~descr:"A PCI device" ~doccomments:[]
       ~gen_constructor_destructor:false ~gen_events:true ~in_db:true
       ~lifecycle:[(Published, rel_boston, "")]
-      ~messages:[] ~messages_default_allowed_roles:_R_POOL_OP
-      ~persist:PersistEverything ~in_oss_since:None ~db_logging:Log_destroy
+      ~messages:
+        [disable_dom0_access; enable_dom0_access; is_dom0_access_enabled]
+      ~messages_default_allowed_roles:_R_POOL_OP ~persist:PersistEverything
+      ~in_oss_since:None ~db_logging:Log_destroy
       ~contents:
         [
           uid _pci ~lifecycle:[(Published, rel_boston, "")]

diff --git a/ocaml/xapi/message_forwarding.ml b/ocaml/xapi/message_forwarding.ml
@@ -5867,7 +5867,31 @@ functor
 
     module Secret = Local.Secret
 
-    module PCI = struct end
+    module PCI = struct
+      let disable_dom0_access ~__context ~self =
+        info "PCI.disable_dom0_access: pci = '%s'" (pci_uuid ~__context self) ;
+        let host = Db.PCI.get_host ~__context ~self in
+        let local_fn = Local.PCI.disable_dom0_access ~self in
+        do_op_on ~__context ~local_fn ~host (fun session_id rpc ->
+            Client.PCI.disable_dom0_access ~rpc ~session_id ~self
+        )
+
+      let enable_dom0_access ~__context ~self =
+        info "PCI.enable_dom0_access: pci = '%s'" (pci_uuid ~__context self) ;
+        let host = Db.PCI.get_host ~__context ~self in
+        let local_fn = Local.PCI.enable_dom0_access ~self in
+        do_op_on ~__context ~local_fn ~host (fun session_id rpc ->
+            Client.PCI.enable_dom0_access ~rpc ~session_id ~self
+        )
+
+      let is_dom0_access_enabled ~__context ~self =
+        info "PCI.is_dom0_access_enabled: pci = '%s'" (pci_uuid ~__context self) ;
+        let host = Db.PCI.get_host ~__context ~self in
+        let local_fn = Local.PCI.is_dom0_access_enabled ~self in
+        do_op_on ~__context ~local_fn ~host (fun session_id rpc ->
+            Client.PCI.is_dom0_access_enabled ~rpc ~session_id ~self
+        )
+    end
 
     module VTPM = struct
       let create ~__context ~vM ~is_unique =

diff --git a/ocaml/xapi/xapi_pci.ml b/ocaml/xapi/xapi_pci.ml
@@ -319,3 +319,10 @@ let get_system_display_device () =
       )
       None items
   with _ -> None
+
+let disable_dom0_access ~__context ~self = Pciops.hide_pci ~__context self
+
+let enable_dom0_access ~__context ~self = Pciops.unhide_pci ~__context self
+
+let is_dom0_access_enabled ~__context ~self =
+  not (Pciops.is_pci_hidden ~__context self)
diff --git a/ocaml/xapi/xapi_pci.mli b/ocaml/xapi/xapi_pci.mli
@@ -51,3 +51,12 @@ val disable_system_display_device : unit -> unit
 
 val dequarantine : __context:Context.t -> Xenops_interface.Pci.address -> unit
 (** dequarantine a PCI device. This is idempotent. *)
+
+val disable_dom0_access : __context:Context.t -> self:API.ref_PCI -> unit
+(** Hide a PCI device from the dom0 kernel. (Takes affect after next boot.) *)
+
+val enable_dom0_access : __context:Context.t -> self:API.ref_PCI -> unit
+(** Unhide a PCI device from the dom0 kernel. (Takes affect after next boot.) *)
+
+val is_dom0_access_enabled : __context:Context.t -> self:API.ref_PCI -> bool
+(** Check whether a PCI device will be hidden from the dom0 kernel on boot. *)