This is the ABI for the two halves of a para-virtualized #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sound driver to communicate with each to other. Signed-off-by: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@epam.com> Signed-off-by: Oleksandr Grytsov <Oleksandr_Grytsov@epam.com> Signed-off-by: Oleksandr Dmytryshyn <oleksandr.dmytryshyn@globallogic.com> Signed-off-by: Iurii Konovalenko <iurii.konovalenko@globallogic.com> --- Changes since v1: * removed __attribute__((__packed__)) from all structures definitions Changes since v2: * removed all C structures * added protocol description between frontend and backend drivers Changes since v3: * fixed some typos * renamed XENSND_PCM_FORMAT_FLOAT_** to XENSND_PCM_FORMAT_F32_** * renamed XENSND_PCM_FORMAT_FLOAT64_** to XENSND_PCM_FORMAT_F64_** * added 'id' field to the request and response packets * renamed 'stream_id' to 'stream' in the packets description * renamed 'pcm_data_rate' to 'pcm_rate' in the packets description * renamed 'pcm_stream_type' to 'pcm_type' in the packets description * removed 'stream_id' field from the response packets Changes since v4: * renamed 'stream_id' back to the to 'stream' in the packets description * moved 'id' field to the upper position in the response packets Changes since v5: * Slightly reworked request/response packets * Size of the request/response packet is changed to the 64 bytes * Now parameters for the XENSND_OP_SET_VOLUME/XENSND_OP_GET_VOLUME are passed via shared page * Added parameters for the XenBus nodes (now each stream can be mapped to the defined sound device in the backend using those parameters) * Added XenBus state diagrams description Changes since v6: * Reworked streams description in the Backend XenBus Nodes Changes since v7: * re-worked backend device parameters to be more generic and flexible * extended frontend device parameters * slightly updated state machine description added mute/unmute commands * added constants for XenStore configuration strings (fields, PCM formats etc.) * changed request/response structure size from 64 octets to 16 * introduced dynamic buffer allocation instead of static XENSND_MAX_PAGES_PER_REQUEST * re-worked open request to allow dynamic buffer allocation * re-worked read/write/volume requests, so they don't pass grefs: buffer from the open request is used for these operations to pass data * specified type of the volume value to be a signed value in steps of 0.001 dBm, while 0 being 0dBm. * added Linux include file with structure definitions Changes since v8: * changed frontend-id to frontend_id * single sound card support, configured with bunch of devices/streams * clarifucation made on sample rates and formats expressed as decimals w/o any particular ordering * put description of migration/disconnection state * replaced __attribute__((packed)) to __packed * changed padding of ring structures to 64 to fit cache line * removeed #ifdef __KERNEL * explicitly stated which indices in XenStore configuration are contiguous * added description to what frontend's defaults are * made names of virtual card/devices optional * removed PCM_FORMAT_SPECIAL * changed volume units from dBm to dB Changes since v9: * removed sndif_linux.h * moved all structures from sndif_linux.h to sndif.h * structures padded where needed * fixed Hz comment Changes since v10: * fixed tabs to 4 spaces to comply with Xen coding style * added placeholders to empty structures (C89 concern) * added missing header includes Changes since v11: * added XENSND_RSP_NOTSUPP error code * changed gref[0] to gref[1] with comment * modified comments on empty structures * removed "__" from member names * fixed indentation * added padding in union xensnd_resp * changed __XEN_PUBLIC_IO_XENSND_H__ to __XEN_PUBLIC_IO_SNDIF_H__ Changes since v12: * changed indentation for defines * missed ";" after gref[1] * documentation changes * changed req/resp structures * changed xensnd_page_directory structure * pass buffer size in open request ---
royger
added a commit
to royger/xen
that referenced
this pull request
Mar 29, 2017
Introduce a macro to get a pointer to the hvm_irq for a HVM domain. No functional change. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- Cc: Jan Beulich <jbeulich@suse.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Kevin Tian <kevin.tian@intel.com> --- Changes since v2: - Switch d->arch.hvm_domain.irq.dpci accesses to use the macro also. --- NB: this is a pre-patch in order to make patch xen-project#3 smaller.
royger
added a commit
to royger/xen
that referenced
this pull request
Aug 11, 2017
Make sure the reserved regions are setup before enabling the DMA remapping in the IOMMU, by calling dom0_setup_permissions before iommu_hwdom_init. Also, in order to workaround IOMMU issues seen on pre-Haswell Intel hardware, as described in patch "introduce a PVH implementation of iommu_inclusive_mapping" make sure the DMA remapping is enabled after populating Dom0 p2m. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- Cc: Jan Beulich <jbeulich@suse.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com> --- Changes since RFC: - Expand commit message to reference patch xen-project#3.
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
Presence is gated upon CONFIG_ARGO. Registers the hypercall previously reserved for this. Takes 5 arguments, does nothing and returns -ENOSYS. Will be avoiding a compat ABI by using fixed-size types in hypercall ops so HYPERCALL, rather than COMPAT_CALL, is the correct macro for the hypercall tables. Even though handles will be used for (up to) two of the arguments to the hypercall, there will be no need for any XLAT_* translation functions because the referenced data structures have been constructed to be exactly the same size and bit pattern on both 32-bit and 64-bit guests, and padded to be integer multiples of 32 bits in size. This means that the same copy_to_guest and copy_from_guest logic can be relied upon to perform as required without any further intervention. Testing communication with 32 and 64 bit guests has confirmed this works as intended. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Acked-by: Jan Beulich <jbeulich@suse.com> v2 Copyright line: add 2019 v2 feedback xen-project#3 Jan: drop "message" from argo_message_op v2 feedback xen-project#3 Jan: add Acked-by v1 feedback #15 Jan: handle upper-halves of hypercall args v1 feedback #15 Jan: use unsigned where negative values impossible
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
A convenience for working on development of the argo subsystem: setting a #define variable enables additional debug messages. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> === Jan's further remark given with the Ack: "This would better be an inline function, such that arguments passed in actually get evaluated. Otherwise you risk overlooking variables used for such logging only, and in particular the compiler then issuing warnings (breaking the build due to -Werror)." v3 added Roger's Reviewed-by v3 added Jan's Ack v2 xen-project#3 feedback, Jan: fix ifdef/define confusion error v1 xen-project#4 feedback, Jan: fix dprintk implementation
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
The register op is used by a domain to register a region of memory for receiving messages from either a specified other domain, or, if specifying a wildcard, any domain. This operation creates a mapping within Xen's private address space that will remain resident for the lifetime of the ring. In subsequent commits, the hypervisor will use this mapping to copy data from a sending domain into this registered ring, making it accessible to the domain that registered the ring to receive data. Wildcard any-sender rings are default disabled and registration will be refused with EPERM unless they have been specifically enabled with the argo-mac boot option introduced here. The reason why the default for wildcard rings is 'deny' is that there is currently no means to protect the ring from DoS by a noisy domain spamming the ring, affecting other domains ability to send to it. This will be addressed with XSM policy controls in subsequent work. Since denying access to any-sender rings is a significant functional constraint, a new bootparam is provided to enable overriding this: "argo-mac" variable has allowed values: 'permissive' and 'enforcing'. Even though this is a boolean variable, use these descriptive strings in order to make it obvious to an administrator that this has potential security impact. The p2m type of the memory supplied by the guest for the ring must be p2m_ram_rw and the memory will be pinned as PGT_writable_page while the ring is registered. xen_argo_gfn_t type is defined and is 64-bit on all architectures which assists with avoiding the need for compat code to translate hypercall args. This hypercall op and its interface currently only supports 4K-sized pages. array_index_nospec is used to guard the result of the ring id hash function. This is out of an abundance of caution, since this is a very basic hash function and it operates upon values supplied by the guest just before being used as an array index. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> -This version contains FIXMEs for 4.12: * find_ring_mfn: investigate using check_get_page_from_gfn() and rewrite this function using it or with adopted logic * shrink critical sections: move acquire/release of the global lock. * simplify the out label path when lock release has been moved. * - drop use of unsigned long type as hypercall args: not compat-friendly * - drop UL suffix on XEN_ARGO_REGISTER_FLAG_MASK * - guard XEN_ARGO_REGISTER_FLAG_MASK (perhaps framed by "#ifdef __XEN__") * - define XEN_ARGO_REGISTER_FLAG_MASK in terms of other flags defined * register_ring: pull write_unlock up above the cleanup actions above and add another label to aborb the two separate put_domain() calls on the error paths. -end FIXME v3 xen-project#7 Jan: comment: minimum ring size is based on minimum-sized message v3 xen-project#4 Andrew: reference CONFIG_ARGO in the command line documentation v3 xen-project#7 Jan: register_ring: fold else, if into else-if to drop indent v3 xen-project#7 Jan: remove no longer used guest_handle_is_aligned macros v3 xen-project#7 Jan: remove dead code from find_ring_mfns v3 xen-project#7 Jan: fix format string indention in printks v3 xen-project#7 Jan: remove redundant bounds check on npage in find_ring_mfns v3 xen-project#8 self/Roger: improve dprintk output in find_ring_info like find_send_info v3 xen-project#7 Jan: rename ring_find_info to find_ring_info v3 xen-project#7 Jan: use array_index_nospec in ring_map_page v3 xen-project#7 Jan: fix numeric entries in printk format strings v3 xen-project#7 Jan: drop unneeded parentheses from ROUNDUP_MESSAGE defn v3 #10 Roger: move find functions to top of file and drop prototypes v3 xen-project#3 meld compat check for hypercall arg register struct v3 xen-project#4 Roger/Jan: make lock names clearer and assert their state v3 xen-project#4 Jan: port -> aport with type; distinguish argo port from evtchn v3 feedback xen-project#7 Eric: fix header max ring size comment units v3 feedback xen-project#4 Roger: mfn_mapping: void* instead of uint8_t* v3 use %u for printing unsigned ints in find_ring_mfns v3 feedback xen-project#4 Jan: uint32_t -> unsigned int for npage in register_ring v3 feedback xen-project#4 Roger: drop npages struct member, calculate from len v3 : register_ring: uint32_t -> unsigned int for private_tx_ptr v3 feedback Roger/Jan: ASSERT currd is current->domain or use 'd' variable name v3 feedback xen-project#7 Roger: use opt_argo_mac_permissive : a boolean opt v3 feedback xen-project#4 Roger: reorder #includes to alphabetical order v3 feedback xen-project#7 Roger: drop comment re: Intel EPT/AMD NPT for write-only mapping v3 feedback xen-project#7 Roger: drop ptr arithmetic in update_tx_ptr, use ring struct cast v3 feedback xen-project#7 Roger: drop newline in ring_map_page v3 feedback xen-project#7 Roger: drop unneeded null check before xfree v3 feedback xen-project#7 Roger: use return and drop out label in register_ring v3 Stefano: add 4K page constraint to header file comment & commit msg v3 Julien/Stefano: 4K granularity ok: use 64-bit gfns in register interface v2 self: disallow ring resize via reregister v2 feedback Jan: drop cookie, implement teardown v2 feedback Jan: drop message from argo_message_op v2 self: move hash_index function below locking comment v2 self: OVERHAUL v2 self/Jan: remove use of magic verification field and tidy up v2 self: merge max and min ring size check clauses v2 feedback v1#13 Roger: use OS-supplied roundup; drop from public header v2 feedback #9, Jan: use the argo-mac bootparam at point of introduction v2 feedback #9, Jan: rename boot opt variable to comply with convention v2 feedback #9, Jan: rename the argo_mac bootparam to argo-mac v2 feedback #9 Jan: document argo boot opt in xen-command-line.markdown v1,2 feedback Jan/Roger/Paul: drop errno returning guest access functions v1 feedback Roger, Jan: drop argo prefix on static functions v1 feedback Roger: s/pfn/gfn/ and retire always-64-bit type v2. feedback Jan: document the argo-mac boot opt v2. feedback Jan: simplify re-register, drop mappings v1 #13 feedback Jan: revise use of guest_handle_okay vs __copy ops v1 #13 feedback, Jan: register op : s/ECONNREFUSED/ESRCH/ v1 xen-project#5 (#13) feedback Paul: register op: use currd in do_message_op v1 #13 feedback, Paul: register op: use mfn_eq comparator v1 xen-project#5 (#13) feedback Paul: register op: use currd in argo_register_ring v1 #13 feedback Paul: register op: whitespace, unsigned, bounds check v1 #13 feedback Paul: use of hex in limit constant definition v1 #13 feedback Paul, register op: set nmfns on loop termination v1 #13 feedback Paul: register op: do/while -> gotos, reindent v1 argo_ring_map_page: drop uint32_t for unsigned int v1. #13 feedback Julien: use page descriptors instead of gpfns. - adds ABI support for pages with different granularity. v1 feedback #13, Paul: adjust log level of message v1 feedback #13, Paul: use gprintk for guest-triggered warning v1 feedback #13, Paul: gprintk and XENLOG_DEBUG for ring registration v1 feedback #13, Paul: use gprintk for errs in argo_ring_map_page v1 feedback #13, Paul: use ENOMEM if global mapping fails v1 feedback Paul: overflow check before shift v1: add define for copy_field_to_guest_errno v1: fix gprintk use for ARM as its defn dislikes split format strings v1: use copy_field_to_guest_errno v1 feedback #13, Jan: argo_hash_fn: no inline, rename, change type v1 feedback #13, Paul, Jan: EFAULT -> ENOMEM in argo_ring_map_page v1 feedback #13, Jan: rename page var in argo_ring_map_page v1 feedback #13, Jan: switch uint8_t* to void* and drop cast v1 feedback #13, Jan: switch memory barrier to smp_wmb v1 feedback #13, Jan: make 'ring' comment comply with single-line style v1 feedback #13, Jan: use xzalloc_array, drop loop NULL init v1 feedback #13, Jan: init bool with false rather than 0 v1 feedback #13 Jan: use __copy; define and use __copy_field_to_guest_errno v1 feedback #13, Jan: use xzalloc, drop individual init zeroes v1 feedback #13, Jan: prefix public namespace with xen v1 feedback #13, Jan: blank line after op case in do_argo_message_op v1 self: reflow comment in argo_ring_map_page to within 80 char len v1 feedback #13, Roger: use true not 1 in assign to update_tx_ptr bool v1 feedback #21, Jan: fold in the array_index_nospec hash function guards v1 feedback #18, Jan: fold the max ring count limit into the series v1 self: use unsigned long type for XEN_ARGO_REGISTER_FLAG_MASK v1: feedback #15 Jan: handle upper-halves of hypercall args v1. feedback #13 Jan: add comment re: page alignment v1. self: confirm ring magic presence in supplied page array v1. feedback #13 Jan: add comment re: minimum ring size v1. feedback #13 Roger: use ASSERT_UNREACHABLE v1. feedback Roger: add comment to hash function
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
The register op is used by a domain to register a region of memory for receiving messages from either a specified other domain, or, if specifying a wildcard, any domain. This operation creates a mapping within Xen's private address space that will remain resident for the lifetime of the ring. In subsequent commits, the hypervisor will use this mapping to copy data from a sending domain into this registered ring, making it accessible to the domain that registered the ring to receive data. Wildcard any-sender rings are default disabled and registration will be refused with EPERM unless they have been specifically enabled with the argo-mac boot option introduced here. The reason why the default for wildcard rings is 'deny' is that there is currently no means to protect the ring from DoS by a noisy domain spamming the ring, affecting other domains ability to send to it. This will be addressed with XSM policy controls in subsequent work. Since denying access to any-sender rings is a significant functional constraint, a new bootparam is provided to enable overriding this: "argo-mac" variable has allowed values: 'permissive' and 'enforcing'. Even though this is a boolean variable, use these descriptive strings in order to make it obvious to an administrator that this has potential security impact. The p2m type of the memory supplied by the guest for the ring must be p2m_ram_rw and the memory will be pinned as PGT_writable_page while the ring is registered. xen_argo_gfn_t type is defined and is 64-bit on all architectures which assists with avoiding the need for compat code to translate hypercall args. This hypercall op and its interface currently only supports 4K-sized pages. array_index_nospec is used to guard the result of the ring id hash function. This is out of an abundance of caution, since this is a very basic hash function and it operates upon values supplied by the guest just before being used as an array index. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> -This version contains FIXMEs for 4.12: * find_ring_mfn: investigate using check_get_page_from_gfn() and rewrite this function using it or with adopted logic * shrink critical sections: move acquire/release of the global lock. * simplify the out label path when lock release has been moved. * - drop use of unsigned long type as hypercall args: not compat-friendly * - drop UL suffix on XEN_ARGO_REGISTER_FLAG_MASK * - guard XEN_ARGO_REGISTER_FLAG_MASK (perhaps framed by "#ifdef __XEN__") * - define XEN_ARGO_REGISTER_FLAG_MASK in terms of other flags defined * register_ring: pull write_unlock up above the cleanup actions above and add another label to aborb the two separate put_domain() calls on the error paths. -end FIXME v3 xen-project#7 Jan: comment: minimum ring size is based on minimum-sized message v3 xen-project#4 Andrew: reference CONFIG_ARGO in the command line documentation v3 xen-project#7 Jan: register_ring: fold else, if into else-if to drop indent v3 xen-project#7 Jan: remove no longer used guest_handle_is_aligned macros v3 xen-project#7 Jan: remove dead code from find_ring_mfns v3 xen-project#7 Jan: fix format string indention in printks v3 xen-project#7 Jan: remove redundant bounds check on npage in find_ring_mfns v3 xen-project#8 self/Roger: improve dprintk output in find_ring_info like find_send_info v3 xen-project#7 Jan: rename ring_find_info to find_ring_info v3 xen-project#7 Jan: use array_index_nospec in ring_map_page v3 xen-project#7 Jan: fix numeric entries in printk format strings v3 xen-project#7 Jan: drop unneeded parentheses from ROUNDUP_MESSAGE defn v3 #10 Roger: move find functions to top of file and drop prototypes v3 xen-project#3 meld compat check for hypercall arg register struct v3 xen-project#4 Roger/Jan: make lock names clearer and assert their state v3 xen-project#4 Jan: port -> aport with type; distinguish argo port from evtchn v3 feedback xen-project#7 Eric: fix header max ring size comment units v3 feedback xen-project#4 Roger: mfn_mapping: void* instead of uint8_t* v3 use %u for printing unsigned ints in find_ring_mfns v3 feedback xen-project#4 Jan: uint32_t -> unsigned int for npage in register_ring v3 feedback xen-project#4 Roger: drop npages struct member, calculate from len v3 : register_ring: uint32_t -> unsigned int for private_tx_ptr v3 feedback Roger/Jan: ASSERT currd is current->domain or use 'd' variable name v3 feedback xen-project#7 Roger: use opt_argo_mac_permissive : a boolean opt v3 feedback xen-project#4 Roger: reorder #includes to alphabetical order v3 feedback xen-project#7 Roger: drop comment re: Intel EPT/AMD NPT for write-only mapping v3 feedback xen-project#7 Roger: drop ptr arithmetic in update_tx_ptr, use ring struct cast v3 feedback xen-project#7 Roger: drop newline in ring_map_page v3 feedback xen-project#7 Roger: drop unneeded null check before xfree v3 feedback xen-project#7 Roger: use return and drop out label in register_ring v3 Stefano: add 4K page constraint to header file comment & commit msg v3 Julien/Stefano: 4K granularity ok: use 64-bit gfns in register interface v2 self: disallow ring resize via reregister v2 feedback Jan: drop cookie, implement teardown v2 feedback Jan: drop message from argo_message_op v2 self: move hash_index function below locking comment v2 self: OVERHAUL v2 self/Jan: remove use of magic verification field and tidy up v2 self: merge max and min ring size check clauses v2 feedback v1#13 Roger: use OS-supplied roundup; drop from public header v2 feedback #9, Jan: use the argo-mac bootparam at point of introduction v2 feedback #9, Jan: rename boot opt variable to comply with convention v2 feedback #9, Jan: rename the argo_mac bootparam to argo-mac v2 feedback #9 Jan: document argo boot opt in xen-command-line.markdown v1,2 feedback Jan/Roger/Paul: drop errno returning guest access functions v1 feedback Roger, Jan: drop argo prefix on static functions v1 feedback Roger: s/pfn/gfn/ and retire always-64-bit type v2. feedback Jan: document the argo-mac boot opt v2. feedback Jan: simplify re-register, drop mappings v1 #13 feedback Jan: revise use of guest_handle_okay vs __copy ops v1 #13 feedback, Jan: register op : s/ECONNREFUSED/ESRCH/ v1 xen-project#5 (#13) feedback Paul: register op: use currd in do_message_op v1 #13 feedback, Paul: register op: use mfn_eq comparator v1 xen-project#5 (#13) feedback Paul: register op: use currd in argo_register_ring v1 #13 feedback Paul: register op: whitespace, unsigned, bounds check v1 #13 feedback Paul: use of hex in limit constant definition v1 #13 feedback Paul, register op: set nmfns on loop termination v1 #13 feedback Paul: register op: do/while -> gotos, reindent v1 argo_ring_map_page: drop uint32_t for unsigned int v1. #13 feedback Julien: use page descriptors instead of gpfns. - adds ABI support for pages with different granularity. v1 feedback #13, Paul: adjust log level of message v1 feedback #13, Paul: use gprintk for guest-triggered warning v1 feedback #13, Paul: gprintk and XENLOG_DEBUG for ring registration v1 feedback #13, Paul: use gprintk for errs in argo_ring_map_page v1 feedback #13, Paul: use ENOMEM if global mapping fails v1 feedback Paul: overflow check before shift v1: add define for copy_field_to_guest_errno v1: fix gprintk use for ARM as its defn dislikes split format strings v1: use copy_field_to_guest_errno v1 feedback #13, Jan: argo_hash_fn: no inline, rename, change type v1 feedback #13, Paul, Jan: EFAULT -> ENOMEM in argo_ring_map_page v1 feedback #13, Jan: rename page var in argo_ring_map_page v1 feedback #13, Jan: switch uint8_t* to void* and drop cast v1 feedback #13, Jan: switch memory barrier to smp_wmb v1 feedback #13, Jan: make 'ring' comment comply with single-line style v1 feedback #13, Jan: use xzalloc_array, drop loop NULL init v1 feedback #13, Jan: init bool with false rather than 0 v1 feedback #13 Jan: use __copy; define and use __copy_field_to_guest_errno v1 feedback #13, Jan: use xzalloc, drop individual init zeroes v1 feedback #13, Jan: prefix public namespace with xen v1 feedback #13, Jan: blank line after op case in do_argo_message_op v1 self: reflow comment in argo_ring_map_page to within 80 char len v1 feedback #13, Roger: use true not 1 in assign to update_tx_ptr bool v1 feedback #21, Jan: fold in the array_index_nospec hash function guards v1 feedback #18, Jan: fold the max ring count limit into the series v1 self: use unsigned long type for XEN_ARGO_REGISTER_FLAG_MASK v1: feedback #15 Jan: handle upper-halves of hypercall args v1. feedback #13 Jan: add comment re: page alignment v1. self: confirm ring magic presence in supplied page array v1. feedback #13 Jan: add comment re: minimum ring size v1. feedback #13 Roger: use ASSERT_UNREACHABLE v1. feedback Roger: add comment to hash function
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
Presence is gated upon CONFIG_ARGO. Registers the hypercall previously reserved for this. Takes 5 arguments, does nothing and returns -ENOSYS. Will be avoiding a compat ABI by using fixed-size types in hypercall ops so HYPERCALL, rather than COMPAT_CALL, is the correct macro for the hypercall tables. Even though handles will be used for (up to) two of the arguments to the hypercall, there will be no need for any XLAT_* translation functions because the referenced data structures have been constructed to be exactly the same size and bit pattern on both 32-bit and 64-bit guests, and padded to be integer multiples of 32 bits in size. This means that the same copy_to_guest and copy_from_guest logic can be relied upon to perform as required without any further intervention. Testing communication with 32 and 64 bit guests has confirmed this works as intended. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Acked-by: Jan Beulich <jbeulich@suse.com> v2 Copyright line: add 2019 v2 feedback xen-project#3 Jan: drop "message" from argo_message_op v2 feedback xen-project#3 Jan: add Acked-by v1 feedback #15 Jan: handle upper-halves of hypercall args v1 feedback #15 Jan: use unsigned where negative values impossible
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
A convenience for working on development of the argo subsystem: setting a #define variable enables additional debug messages. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> === Jan's further remark given with the Ack: "This would better be an inline function, such that arguments passed in actually get evaluated. Otherwise you risk overlooking variables used for such logging only, and in particular the compiler then issuing warnings (breaking the build due to -Werror)." v3 added Roger's Reviewed-by v3 added Jan's Ack v2 xen-project#3 feedback, Jan: fix ifdef/define confusion error v1 xen-project#4 feedback, Jan: fix dprintk implementation
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Jan 15, 2019
The register op is used by a domain to register a region of memory for receiving messages from either a specified other domain, or, if specifying a wildcard, any domain. This operation creates a mapping within Xen's private address space that will remain resident for the lifetime of the ring. In subsequent commits, the hypervisor will use this mapping to copy data from a sending domain into this registered ring, making it accessible to the domain that registered the ring to receive data. Wildcard any-sender rings are default disabled and registration will be refused with EPERM unless they have been specifically enabled with the argo-mac boot option introduced here. The reason why the default for wildcard rings is 'deny' is that there is currently no means to protect the ring from DoS by a noisy domain spamming the ring, affecting other domains ability to send to it. This will be addressed with XSM policy controls in subsequent work. Since denying access to any-sender rings is a significant functional constraint, a new bootparam is provided to enable overriding this: "argo-mac" variable has allowed values: 'permissive' and 'enforcing'. Even though this is a boolean variable, use these descriptive strings in order to make it obvious to an administrator that this has potential security impact. The p2m type of the memory supplied by the guest for the ring must be p2m_ram_rw and the memory will be pinned as PGT_writable_page while the ring is registered. xen_argo_gfn_t type is defined and is 64-bit on all architectures which assists with avoiding the need for compat code to translate hypercall args. This hypercall op and its interface currently only supports 4K-sized pages. array_index_nospec is used to guard the result of the ring id hash function. This is out of an abundance of caution, since this is a very basic hash function and it operates upon values supplied by the guest just before being used as an array index. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> -This version contains FIXMEs for 4.12: * find_ring_mfn: investigate using check_get_page_from_gfn() and rewrite this function using it or with adopted logic * shrink critical sections: move acquire/release of the global lock. * simplify the out label path when lock release has been moved. * - drop use of unsigned long type as hypercall args: not compat-friendly * - drop UL suffix on XEN_ARGO_REGISTER_FLAG_MASK * - guard XEN_ARGO_REGISTER_FLAG_MASK (perhaps framed by "#ifdef __XEN__") * - define XEN_ARGO_REGISTER_FLAG_MASK in terms of other flags defined * register_ring: pull write_unlock up above the cleanup actions above and add another label to aborb the two separate put_domain() calls on the error paths. -end FIXME v3 xen-project#7 Jan: comment: minimum ring size is based on minimum-sized message v3 xen-project#4 Andrew: reference CONFIG_ARGO in the command line documentation v3 xen-project#7 Jan: register_ring: fold else, if into else-if to drop indent v3 xen-project#7 Jan: remove no longer used guest_handle_is_aligned macros v3 xen-project#7 Jan: remove dead code from find_ring_mfns v3 xen-project#7 Jan: fix format string indention in printks v3 xen-project#7 Jan: remove redundant bounds check on npage in find_ring_mfns v3 xen-project#8 self/Roger: improve dprintk output in find_ring_info like find_send_info v3 xen-project#7 Jan: rename ring_find_info to find_ring_info v3 xen-project#7 Jan: use array_index_nospec in ring_map_page v3 xen-project#7 Jan: fix numeric entries in printk format strings v3 xen-project#7 Jan: drop unneeded parentheses from ROUNDUP_MESSAGE defn v3 #10 Roger: move find functions to top of file and drop prototypes v3 xen-project#3 meld compat check for hypercall arg register struct v3 xen-project#4 Roger/Jan: make lock names clearer and assert their state v3 xen-project#4 Jan: port -> aport with type; distinguish argo port from evtchn v3 feedback xen-project#7 Eric: fix header max ring size comment units v3 feedback xen-project#4 Roger: mfn_mapping: void* instead of uint8_t* v3 use %u for printing unsigned ints in find_ring_mfns v3 feedback xen-project#4 Jan: uint32_t -> unsigned int for npage in register_ring v3 feedback xen-project#4 Roger: drop npages struct member, calculate from len v3 : register_ring: uint32_t -> unsigned int for private_tx_ptr v3 feedback Roger/Jan: ASSERT currd is current->domain or use 'd' variable name v3 feedback xen-project#7 Roger: use opt_argo_mac_permissive : a boolean opt v3 feedback xen-project#4 Roger: reorder #includes to alphabetical order v3 feedback xen-project#7 Roger: drop comment re: Intel EPT/AMD NPT for write-only mapping v3 feedback xen-project#7 Roger: drop ptr arithmetic in update_tx_ptr, use ring struct cast v3 feedback xen-project#7 Roger: drop newline in ring_map_page v3 feedback xen-project#7 Roger: drop unneeded null check before xfree v3 feedback xen-project#7 Roger: use return and drop out label in register_ring v3 Stefano: add 4K page constraint to header file comment & commit msg v3 Julien/Stefano: 4K granularity ok: use 64-bit gfns in register interface v2 self: disallow ring resize via reregister v2 feedback Jan: drop cookie, implement teardown v2 feedback Jan: drop message from argo_message_op v2 self: move hash_index function below locking comment v2 self: OVERHAUL v2 self/Jan: remove use of magic verification field and tidy up v2 self: merge max and min ring size check clauses v2 feedback v1#13 Roger: use OS-supplied roundup; drop from public header v2 feedback #9, Jan: use the argo-mac bootparam at point of introduction v2 feedback #9, Jan: rename boot opt variable to comply with convention v2 feedback #9, Jan: rename the argo_mac bootparam to argo-mac v2 feedback #9 Jan: document argo boot opt in xen-command-line.markdown v1,2 feedback Jan/Roger/Paul: drop errno returning guest access functions v1 feedback Roger, Jan: drop argo prefix on static functions v1 feedback Roger: s/pfn/gfn/ and retire always-64-bit type v2. feedback Jan: document the argo-mac boot opt v2. feedback Jan: simplify re-register, drop mappings v1 #13 feedback Jan: revise use of guest_handle_okay vs __copy ops v1 #13 feedback, Jan: register op : s/ECONNREFUSED/ESRCH/ v1 xen-project#5 (#13) feedback Paul: register op: use currd in do_message_op v1 #13 feedback, Paul: register op: use mfn_eq comparator v1 xen-project#5 (#13) feedback Paul: register op: use currd in argo_register_ring v1 #13 feedback Paul: register op: whitespace, unsigned, bounds check v1 #13 feedback Paul: use of hex in limit constant definition v1 #13 feedback Paul, register op: set nmfns on loop termination v1 #13 feedback Paul: register op: do/while -> gotos, reindent v1 argo_ring_map_page: drop uint32_t for unsigned int v1. #13 feedback Julien: use page descriptors instead of gpfns. - adds ABI support for pages with different granularity. v1 feedback #13, Paul: adjust log level of message v1 feedback #13, Paul: use gprintk for guest-triggered warning v1 feedback #13, Paul: gprintk and XENLOG_DEBUG for ring registration v1 feedback #13, Paul: use gprintk for errs in argo_ring_map_page v1 feedback #13, Paul: use ENOMEM if global mapping fails v1 feedback Paul: overflow check before shift v1: add define for copy_field_to_guest_errno v1: fix gprintk use for ARM as its defn dislikes split format strings v1: use copy_field_to_guest_errno v1 feedback #13, Jan: argo_hash_fn: no inline, rename, change type v1 feedback #13, Paul, Jan: EFAULT -> ENOMEM in argo_ring_map_page v1 feedback #13, Jan: rename page var in argo_ring_map_page v1 feedback #13, Jan: switch uint8_t* to void* and drop cast v1 feedback #13, Jan: switch memory barrier to smp_wmb v1 feedback #13, Jan: make 'ring' comment comply with single-line style v1 feedback #13, Jan: use xzalloc_array, drop loop NULL init v1 feedback #13, Jan: init bool with false rather than 0 v1 feedback #13 Jan: use __copy; define and use __copy_field_to_guest_errno v1 feedback #13, Jan: use xzalloc, drop individual init zeroes v1 feedback #13, Jan: prefix public namespace with xen v1 feedback #13, Jan: blank line after op case in do_argo_message_op v1 self: reflow comment in argo_ring_map_page to within 80 char len v1 feedback #13, Roger: use true not 1 in assign to update_tx_ptr bool v1 feedback #21, Jan: fold in the array_index_nospec hash function guards v1 feedback #18, Jan: fold the max ring count limit into the series v1 self: use unsigned long type for XEN_ARGO_REGISTER_FLAG_MASK v1: feedback #15 Jan: handle upper-halves of hypercall args v1. feedback #13 Jan: add comment re: page alignment v1. self: confirm ring magic presence in supplied page array v1. feedback #13 Jan: add comment re: minimum ring size v1. feedback #13 Roger: use ASSERT_UNREACHABLE v1. feedback Roger: add comment to hash function
eric-ch
pushed a commit
to eric-ch/xen
that referenced
this pull request
Jan 25, 2019
Presence is gated upon CONFIG_ARGO. Registers the hypercall previously reserved for this. Takes 5 arguments, does nothing and returns -ENOSYS. Will be avoiding a compat ABI by using fixed-size types in hypercall ops so HYPERCALL, rather than COMPAT_CALL, is the correct macro for the hypercall tables. Even though handles will be used for (up to) two of the arguments to the hypercall, there will be no need for any XLAT_* translation functions because the referenced data structures have been constructed to be exactly the same size and bit pattern on both 32-bit and 64-bit guests, and padded to be integer multiples of 32 bits in size. This means that the same copy_to_guest and copy_from_guest logic can be relied upon to perform as required without any further intervention. Testing communication with 32 and 64 bit guests has confirmed this works as intended. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Acked-by: Jan Beulich <jbeulich@suse.com> v2 Copyright line: add 2019 v2 feedback xen-project#3 Jan: drop "message" from argo_message_op v2 feedback xen-project#3 Jan: add Acked-by v1 feedback #15 Jan: handle upper-halves of hypercall args v1 feedback #15 Jan: use unsigned where negative values impossible
eric-ch
pushed a commit
to eric-ch/xen
that referenced
this pull request
Jan 25, 2019
A convenience for working on development of the argo subsystem: setting a #define variable enables additional debug messages. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> === Jan's further remark given with the Ack: "This would better be an inline function, such that arguments passed in actually get evaluated. Otherwise you risk overlooking variables used for such logging only, and in particular the compiler then issuing warnings (breaking the build due to -Werror)." v3 added Roger's Reviewed-by v3 added Jan's Ack v2 xen-project#3 feedback, Jan: fix ifdef/define confusion error v1 xen-project#4 feedback, Jan: fix dprintk implementation
eric-ch
pushed a commit
to eric-ch/xen
that referenced
this pull request
Jan 25, 2019
The register op is used by a domain to register a region of memory for receiving messages from either a specified other domain, or, if specifying a wildcard, any domain. This operation creates a mapping within Xen's private address space that will remain resident for the lifetime of the ring. In subsequent commits, the hypervisor will use this mapping to copy data from a sending domain into this registered ring, making it accessible to the domain that registered the ring to receive data. Wildcard any-sender rings are default disabled and registration will be refused with EPERM unless they have been specifically enabled with the new mac-permissive flag that is added to the argo boot option here. The reason why the default for wildcard rings is 'deny' is that there is currently no means to protect the ring from DoS by a noisy domain spamming the ring, affecting other domains ability to send to it. This will be addressed with XSM policy controls in subsequent work. Since denying access to any-sender rings is a significant functional constraint, the new option "mac-permissive" for the argo bootparam enables overriding this. eg: "argo=1,mac-permissive=1" The p2m type of the memory supplied by the guest for the ring must be p2m_ram_rw and the memory will be pinned as PGT_writable_page while the ring is registered. xen_argo_gfn_t type is defined and is 64-bit on all architectures which assists with avoiding the need for compat code to translate hypercall args. This hypercall op and its interface currently only supports 4K-sized pages. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> v5 xen-project#7 Roger: add BUILD_BUG_ON for MAX_RING_SIZE, PAGE_SIZE v5 xen-project#7 Roger: gprintk(XENLOG_ERR,.. for denied existing ring v5: add compat validation macros to primary source file: common/argo.c v5 : convert hypercall arg structs to struct form for compat checking v5: dropped external file for compat macros: common/compat/argo.c v4 v3#07 Jan: shrink critical sections in register_ring v4 v3#07 Jan: revise register flag MASK in header, note 32-bitness of args v4 feedback: use standard data structures per common code, not loop macros v4 Andrew: use the single argo command line option list v4 xen-project#7 Jan: rewrite find_ring_mfn to use check_get_page_from_gfn v4 xen-project#7 Roger: add FIXME to ring_map_page for vmap contiguous ring mapping v3 xen-project#7 Jan: comment: minimum ring size is based on minimum-sized message v3 xen-project#4 Andrew: reference CONFIG_ARGO in the command line documentation v3 xen-project#7 Jan: register_ring: fold else, if into else-if to drop indent v3 xen-project#7 Jan: remove no longer used guest_handle_is_aligned macros v3 xen-project#7 Jan: remove dead code from find_ring_mfns v3 xen-project#7 Jan: fix format string indention in printks v3 xen-project#7 Jan: remove redundant bounds check on npage in find_ring_mfns v3 xen-project#8 self/Roger: improve dprintk output in find_ring_info like find_send_info v3 xen-project#7 Jan: rename ring_find_info to find_ring_info v3 xen-project#7 Jan: use array_index_nospec in ring_map_page v3 xen-project#7 Jan: fix numeric entries in printk format strings v3 xen-project#7 Jan: drop unneeded parentheses from ROUNDUP_MESSAGE defn v3 #10 Roger: move find functions to top of file and drop prototypes v3 xen-project#3 meld compat check for hypercall arg register struct v3 xen-project#4 Roger/Jan: make lock names clearer and assert their state v3 xen-project#4 Jan: port -> aport with type; distinguish argo port from evtchn v3 feedback xen-project#7 Eric: fix header max ring size comment units v3 feedback xen-project#4 Roger: mfn_mapping: void* instead of uint8_t* v3 use %u for printing unsigned ints in find_ring_mfns v3 feedback xen-project#4 Jan: uint32_t -> unsigned int for npage in register_ring v3 feedback xen-project#4 Roger: drop npages struct member, calculate from len v3 : register_ring: uint32_t -> unsigned int for private_tx_ptr v3 feedback Roger/Jan: ASSERT currd is current->domain or use 'd' variable name v3 feedback xen-project#7 Roger: use opt_argo_mac_permissive : a boolean opt v3 feedback xen-project#4 Roger: reorder #includes to alphabetical order v3 feedback xen-project#7 Roger: drop comment re: Intel EPT/AMD NPT for write-only mapping v3 feedback xen-project#7 Roger: drop ptr arithmetic in update_tx_ptr, use ring struct cast v3 feedback xen-project#7 Roger: drop newline in ring_map_page v3 feedback xen-project#7 Roger: drop unneeded null check before xfree v3 feedback xen-project#7 Roger: use return and drop out label in register_ring v3 Stefano: add 4K page constraint to header file comment & commit msg v3 Julien/Stefano: 4K granularity ok: use 64-bit gfns in register interface v2 self: disallow ring resize via reregister v2 feedback Jan: drop cookie, implement teardown v2 feedback Jan: drop message from argo_message_op v2 self: move hash_index function below locking comment v2 self: OVERHAUL v2 self/Jan: remove use of magic verification field and tidy up v2 self: merge max and min ring size check clauses v2 feedback v1#13 Roger: use OS-supplied roundup; drop from public header v2 feedback #9, Jan: use the argo-mac bootparam at point of introduction v2 feedback #9, Jan: rename boot opt variable to comply with convention v2 feedback #9, Jan: rename the argo_mac bootparam to argo-mac v2 feedback #9 Jan: document argo boot opt in xen-command-line.markdown v1,2 feedback Jan/Roger/Paul: drop errno returning guest access functions v1 feedback Roger, Jan: drop argo prefix on static functions v1 feedback Roger: s/pfn/gfn/ and retire always-64-bit type v2. feedback Jan: document the argo-mac boot opt v2. feedback Jan: simplify re-register, drop mappings v1 #13 feedback Jan: revise use of guest_handle_okay vs __copy ops v1 #13 feedback, Jan: register op : s/ECONNREFUSED/ESRCH/ v1 xen-project#5 (#13) feedback Paul: register op: use currd in do_message_op v1 #13 feedback, Paul: register op: use mfn_eq comparator v1 xen-project#5 (#13) feedback Paul: register op: use currd in argo_register_ring v1 #13 feedback Paul: register op: whitespace, unsigned, bounds check v1 #13 feedback Paul: use of hex in limit constant definition v1 #13 feedback Paul, register op: set nmfns on loop termination v1 #13 feedback Paul: register op: do/while -> gotos, reindent v1 argo_ring_map_page: drop uint32_t for unsigned int v1. #13 feedback Julien: use page descriptors instead of gpfns. - adds ABI support for pages with different granularity. v1 feedback #13, Paul: adjust log level of message v1 feedback #13, Paul: use gprintk for guest-triggered warning v1 feedback #13, Paul: gprintk and XENLOG_DEBUG for ring registration v1 feedback #13, Paul: use gprintk for errs in argo_ring_map_page v1 feedback #13, Paul: use ENOMEM if global mapping fails v1 feedback Paul: overflow check before shift v1: add define for copy_field_to_guest_errno v1: fix gprintk use for ARM as its defn dislikes split format strings v1: use copy_field_to_guest_errno v1 feedback #13, Jan: argo_hash_fn: no inline, rename, change type v1 feedback #13, Paul, Jan: EFAULT -> ENOMEM in argo_ring_map_page v1 feedback #13, Jan: rename page var in argo_ring_map_page v1 feedback #13, Jan: switch uint8_t* to void* and drop cast v1 feedback #13, Jan: switch memory barrier to smp_wmb v1 feedback #13, Jan: make 'ring' comment comply with single-line style v1 feedback #13, Jan: use xzalloc_array, drop loop NULL init v1 feedback #13, Jan: init bool with false rather than 0 v1 feedback #13 Jan: use __copy; define and use __copy_field_to_guest_errno v1 feedback #13, Jan: use xzalloc, drop individual init zeroes v1 feedback #13, Jan: prefix public namespace with xen v1 feedback #13, Jan: blank line after op case in do_argo_message_op v1 self: reflow comment in argo_ring_map_page to within 80 char len v1 feedback #13, Roger: use true not 1 in assign to update_tx_ptr bool v1 feedback #21, Jan: fold in the array_index_nospec hash function guards v1 feedback #18, Jan: fold the max ring count limit into the series v1 self: use unsigned long type for XEN_ARGO_REGISTER_FLAG_MASK v1: feedback #15 Jan: handle upper-halves of hypercall args v1. feedback #13 Jan: add comment re: page alignment v1. self: confirm ring magic presence in supplied page array v1. feedback #13 Jan: add comment re: minimum ring size v1. feedback #13 Roger: use ASSERT_UNREACHABLE v1. feedback Roger: add comment to hash function
andyhhp
pushed a commit
to andyhhp/xen
that referenced
this pull request
Mar 12, 2019
With the help of two porting guides and cpython source code: 1. Use PyBytes to replace PyString counterparts. 2. Use PyVarObject_HEAD_INIT. 3. Remove usage of Py_FindMethod. 4. Use new module initialisation routine. For xen-project#3, Py_FindMethod was removed, yet an alternative wasn't documented. The code is the result of reverse-engineering cpython commit 6116d4a1d1 https://docs.python.org/3/howto/cporting.html http://python3porting.com/cextensions.html Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
olafhering
pushed a commit
to olafhering/xen
that referenced
this pull request
Dec 15, 2020
... to hold a pointer to the device. There is already a 'pci' field in 'pci_add_state' so simply use that from the start. This also allows the 'pci' (xen-project#3) argument to be dropped from do_pci_add(). NOTE: This patch also changes the type of the 'pci_domid' field in 'pci_add_state' from 'int' to 'libxl_domid' which is more appropriate given what the field is used for. Signed-off-by: Paul Durrant <pdurrant@amazon.com> Reviewed-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> Acked-by: Wei Liu <wl@xen.org>
eric-ch
pushed a commit
to eric-ch/xen
that referenced
this pull request
May 4, 2021
With the help of two porting guides and cpython source code: 1. Use PyBytes to replace PyString counterparts. 2. Use PyVarObject_HEAD_INIT. 3. Remove usage of Py_FindMethod. 4. Use new module initialisation routine. For xen-project#3, Py_FindMethod was removed, yet an alternative wasn't documented. The code is the result of reverse-engineering cpython commit 6116d4a1d1 https://docs.python.org/3/howto/cporting.html http://python3porting.com/cextensions.html Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
olafhering
pushed a commit
to olafhering/xen
that referenced
this pull request
May 10, 2021
ASAN reported one issue when Live Updating Xenstored:
=================================================================
==873==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc194f53e0 at pc 0x555c6b323292 bp 0x7ffc194f5340 sp 0x7ffc194f5338
WRITE of size 1 at 0x7ffc194f53e0 thread T0
#0 0x555c6b323291 in dump_state_node_perms xen/tools/xenstore/xenstored_core.c:2468
#1 0x555c6b32746e in dump_state_special_node xen/tools/xenstore/xenstored_domain.c:1257
#2 0x555c6b32a702 in dump_state_special_nodes xen/tools/xenstore/xenstored_domain.c:1273
xen-project#3 0x555c6b32ddb3 in lu_dump_state xen/tools/xenstore/xenstored_control.c:521
xen-project#4 0x555c6b32e380 in do_lu_start xen/tools/xenstore/xenstored_control.c:660
xen-project#5 0x555c6b31b461 in call_delayed xen/tools/xenstore/xenstored_core.c:278
xen-project#6 0x555c6b32275e in main xen/tools/xenstore/xenstored_core.c:2357
xen-project#7 0x7f95eecf3d09 in __libc_start_main ../csu/libc-start.c:308
xen-project#8 0x555c6b3197e9 in _start (/usr/local/sbin/xenstored+0xc7e9)
Address 0x7ffc194f53e0 is located in stack of thread T0 at offset 80 in frame
#0 0x555c6b32713e in dump_state_special_node xen/tools/xenstore/xenstored_domain.c:1232
This frame has 2 object(s):
[32, 40) 'head' (line 1233)
[64, 80) 'sn' (line 1234) <== Memory access at offset 80 overflows this variable
This is happening because the callers are passing a pointer to a variable
allocated on the stack. However, the field perms is a dynamic array, so
Xenstored will end up to read outside of the variable.
Rework the code so the permissions are written one by one in the fd.
Fixes: ed6eebf ("tools/xenstore: dump the xenstore state for live update")
Signed-off-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Luca Fancellu <luca.fancellu@arm.com>
olafhering
pushed a commit
to olafhering/xen
that referenced
this pull request
Jan 31, 2022
…ning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=<optimized out>) at libxl_utils.c:1059 xen-project#3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 xen-project#4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 <numa_cmpf>, cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 xen-project#5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 xen-project#6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 xen-project#7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 xen-project#8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=<optimized out>) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli <dfaggioli@suse.com> Tested-by: James Fehlig <jfehlig@suse.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
olafhering
pushed a commit
to olafhering/xen
that referenced
this pull request
Feb 16, 2022
…ning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=<optimized out>) at libxl_utils.c:1059 xen-project#3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 xen-project#4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 <numa_cmpf>, cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 xen-project#5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 xen-project#6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 xen-project#7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 xen-project#8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=<optimized out>) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli <dfaggioli@suse.com> Tested-by: James Fehlig <jfehlig@suse.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> master commit: d9d3496 master date: 2022-01-31 10:58:07 +0100
olafhering
pushed a commit
to olafhering/xen
that referenced
this pull request
Feb 16, 2022
…ning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=<optimized out>) at libxl_utils.c:1059 xen-project#3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 xen-project#4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 <numa_cmpf>, cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 xen-project#5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 xen-project#6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 xen-project#7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 xen-project#8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=<optimized out>) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli <dfaggioli@suse.com> Tested-by: James Fehlig <jfehlig@suse.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> master commit: d9d3496 master date: 2022-01-31 10:58:07 +0100
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the ABI for the two halves of a para-virtualized
sound driver to communicate with each to other.
Signed-off-by: Oleksandr Andrushchenko Oleksandr_Andrushchenko@epam.com
Signed-off-by: Oleksandr Grytsov Oleksandr_Grytsov@epam.com
Signed-off-by: Oleksandr Dmytryshyn oleksandr.dmytryshyn@globallogic.com
Signed-off-by: Iurii Konovalenko iurii.konovalenko@globallogic.com
Changes since v1:
Changes since v2:
Changes since v3:
Changes since v4:
Changes since v5:
passed via shared page
to the defined sound device in the backend using those parameters)
Changes since v6:
Changes since v7:
(fields, PCM formats etc.)
static XENSND_MAX_PAGES_PER_REQUEST
buffer from the open request is used for these operations to pass data
of 0.001 dBm, while 0 being 0dBm.
Changes since v8:
devices/streams
decimals w/o any particular ordering
are contiguous
Changes since v9:
Changes since v10:
Changes since v11:
Changes since v12: