diff --git a/ocaml/idl/datamodel.ml b/ocaml/idl/datamodel.ml index 15f1c4c66c6..ed2d4939333 100644 --- a/ocaml/idl/datamodel.ml +++ b/ocaml/idl/datamodel.ml @@ -6519,12 +6519,41 @@ end (** PCI devices *) module PCI = struct + let disable_dom0_access = + call ~name:"disable_dom0_access" + ~lifecycle:[(Published, rel_vgpu_tech_preview, "")] + ~doc: + "Hide a PCI device from the dom0 kernel. (Takes affect after next \ + boot.)" + ~params:[(Ref _pci, "self", "The PCI to hide")] + ~allowed_roles:_R_POOL_OP () + + let enable_dom0_access = + call ~name:"enable_dom0_access" + ~lifecycle:[(Published, rel_vgpu_tech_preview, "")] + ~doc: + "Unhide a PCI device from the dom0 kernel. (Takes affect after next \ + boot.)" + ~params:[(Ref _pci, "self", "The PCI to unhide")] + ~allowed_roles:_R_POOL_OP () + + let is_dom0_access_enabled = + call ~name:"is_dom0_access_enabled" + ~lifecycle:[(Published, rel_vgpu_tech_preview, "")] + ~doc: + "Check whether a PCI device is reachable from the dom0 kernel on boot." + ~params:[(Ref _pci, "self", "The PCI")] + ~result:(Bool, "Wether the PCI is reachable from the dom0 kernel") + ~allowed_roles:_R_POOL_OP () + let t = create_obj ~name:_pci ~descr:"A PCI device" ~doccomments:[] ~gen_constructor_destructor:false ~gen_events:true ~in_db:true ~lifecycle:[(Published, rel_boston, "")] - ~messages:[] ~messages_default_allowed_roles:_R_POOL_OP - ~persist:PersistEverything ~in_oss_since:None ~db_logging:Log_destroy + ~messages: + [disable_dom0_access; enable_dom0_access; is_dom0_access_enabled] + ~messages_default_allowed_roles:_R_POOL_OP ~persist:PersistEverything + ~in_oss_since:None ~db_logging:Log_destroy ~contents: [ uid _pci ~lifecycle:[(Published, rel_boston, "")] diff --git a/ocaml/xapi/message_forwarding.ml b/ocaml/xapi/message_forwarding.ml index b2eb86c805d..4efc51e6b6e 100644 --- a/ocaml/xapi/message_forwarding.ml +++ b/ocaml/xapi/message_forwarding.ml @@ -5867,7 +5867,31 @@ functor module Secret = Local.Secret - module PCI = struct end + module PCI = struct + let disable_dom0_access ~__context ~self = + info "PCI.disable_dom0_access: pci = '%s'" (pci_uuid ~__context self) ; + let host = Db.PCI.get_host ~__context ~self in + let local_fn = Local.PCI.disable_dom0_access ~self in + do_op_on ~__context ~local_fn ~host (fun session_id rpc -> + Client.PCI.disable_dom0_access ~rpc ~session_id ~self + ) + + let enable_dom0_access ~__context ~self = + info "PCI.enable_dom0_access: pci = '%s'" (pci_uuid ~__context self) ; + let host = Db.PCI.get_host ~__context ~self in + let local_fn = Local.PCI.enable_dom0_access ~self in + do_op_on ~__context ~local_fn ~host (fun session_id rpc -> + Client.PCI.enable_dom0_access ~rpc ~session_id ~self + ) + + let is_dom0_access_enabled ~__context ~self = + info "PCI.is_dom0_access_enabled: pci = '%s'" (pci_uuid ~__context self) ; + let host = Db.PCI.get_host ~__context ~self in + let local_fn = Local.PCI.is_dom0_access_enabled ~self in + do_op_on ~__context ~local_fn ~host (fun session_id rpc -> + Client.PCI.is_dom0_access_enabled ~rpc ~session_id ~self + ) + end module VTPM = struct let create ~__context ~vM ~is_unique = diff --git a/ocaml/xapi/xapi_pci.ml b/ocaml/xapi/xapi_pci.ml index 6e72c366ec7..a988e42b059 100644 --- a/ocaml/xapi/xapi_pci.ml +++ b/ocaml/xapi/xapi_pci.ml @@ -319,3 +319,10 @@ let get_system_display_device () = ) None items with _ -> None + +let disable_dom0_access ~__context ~self = Pciops.hide_pci ~__context self + +let enable_dom0_access ~__context ~self = Pciops.unhide_pci ~__context self + +let is_dom0_access_enabled ~__context ~self = + not (Pciops.is_pci_hidden ~__context self) diff --git a/ocaml/xapi/xapi_pci.mli b/ocaml/xapi/xapi_pci.mli index dd71dfffcc2..af96037ba78 100644 --- a/ocaml/xapi/xapi_pci.mli +++ b/ocaml/xapi/xapi_pci.mli @@ -51,3 +51,12 @@ val disable_system_display_device : unit -> unit val dequarantine : __context:Context.t -> Xenops_interface.Pci.address -> unit (** dequarantine a PCI device. This is idempotent. *) + +val disable_dom0_access : __context:Context.t -> self:API.ref_PCI -> unit +(** Hide a PCI device from the dom0 kernel. (Takes affect after next boot.) *) + +val enable_dom0_access : __context:Context.t -> self:API.ref_PCI -> unit +(** Unhide a PCI device from the dom0 kernel. (Takes affect after next boot.) *) + +val is_dom0_access_enabled : __context:Context.t -> self:API.ref_PCI -> bool +(** Check whether a PCI device will be hidden from the dom0 kernel on boot. *)