From patchwork Fri Jan 13 23:08:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13101721 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C38ACC6379F for ; Fri, 13 Jan 2023 23:08:59 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.477555.740302 (Exim 4.92) (envelope-from ) id 1pGTAE-0006uO-SW; Fri, 13 Jan 2023 23:08:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 477555.740302; Fri, 13 Jan 2023 23:08:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAE-0006uH-PI; Fri, 13 Jan 2023 23:08:46 +0000 Received: by outflank-mailman (input) for mailman id 477555; Fri, 13 Jan 2023 23:08:45 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAD-0006f0-2Z for xen-devel@lists.xenproject.org; Fri, 13 Jan 2023 23:08:45 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 39beebee-9397-11ed-91b6-6bf2151ebd3b; Sat, 14 Jan 2023 00:08:43 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 39beebee-9397-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673651324; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=4vPnULWearCAs5pJV9RHnY3KcBHt0ecxfzxh751czBA=; b=T47e5geixP0LDAUbJiuKUIJsmM7xR01DRcBHnc+zLwbPh+1KpP5XmWmB kNlZRpGxtXJaH0ljXaK2qS+TJT4KK7riwRuixHHS375VufyLtn2f44mDQ gq88C9qpDfe8ezmaZ8fYfkVphcyZnWu615x+gE1BfXwBLJrADYCO+5yLZ c=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92558107 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:01YKR66vw12gg3ZN85htwAxRtBvHchMFZxGqfqrLsTDasY5as4F+v mIbWWGGO/yLN2DzKN12bISypxxT65DSmIcwQAVvqHg9Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraBYnoqLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+45wehBtC5gZlPakS5weC/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m0 uEBEx8kQAG51931h6iaZ+9tvOMuBZy+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJUQVYT/7C7pn9AusrlD5fydVtxS+oq0v7nKI5AdwzKLsIJzefdniqcB9zxzF+ zKfpzuR7hcybNy/k2qDry2Vu+7ztmCgR785EaKV36s/6LGU7jNKU0BHPbehmtGikVK3Ud9bL 00S+wItoLI0+UjtScPyNzWnpFaUsxhaXMBfe8U49QWMx6z88wufQG8eQVZpSvYrqcs3TjwCz UKSkpXiAjkHmK2YTzeR+6mZqRu2ODMJNikSaCkcVwwH7tL/5oYpgXryos1LSfDvyIevQHepn m7M9XJl71kOsSIV/4Km5Gvoqhy9nMj2DUkvxyjRX1iC4yosMeZJeLeUBUjnAedoddjGFQTe4 iRfwqBy/8hVU8jTyXXlrPElWejwuq3baGC0bUtHRcFJyti7x5K0kWm8ChlaLVwhDMsLcCSBj KT76VIIv8870JdHgMZKj2ON5ycCl/KI+SzNDKy8Uza3SsEZmPW71C9vf1WM+GvmjVIhl6oyU b/CL5n3Uy1GWfU/nGPtLwv47VPM7nlurV4/uLihl0j3uVZgTCP9pUg53KumMblisfLsTPT9+ NdDLcqaoyizo8WnChQ7BbU7dAhQRVBiXMCeliCiXrLbSuaQMD17WqC5LHJIU9ANopm5Yc+Ro C/sAh4FlgKh7ZAFQC3TAk1ehHrUdc4XhRoG0eYEZD5EB1BLjV6T0Zoi IronPort-HdrOrdr: A9a23:hJsw66DyzM2ffzflHemi55DYdb4zR+YMi2TDtnocdfUxSKelfq +V88jzuSWbtN9yYhEdcKG7WZVoKEm0nfQZ3WB7B8bAYOCJghrMEKhSqafk3j38C2nf24dmpM NdmnFFeb/NMWQ= X-IronPort-AV: E=Sophos;i="5.97,215,1669093200"; d="scan'208";a="92558107" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , George Dunlap , Jan Beulich , "Stefano Stabellini" , Wei Liu , Julien Grall Subject: [PATCH v2 1/5] xen/version: Drop bogus return values for XENVER_platform_parameters Date: Fri, 13 Jan 2023 23:08:31 +0000 Message-ID: <20230113230835.29356-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230113230835.29356-1-andrew.cooper3@citrix.com> References: <20230113230835.29356-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 A split in virtual address space is only applicable for x86 PV guests. Furthermore, the information returned for x86 64bit PV guests is wrong. Explain the problem in version.h, stating the other information that PV guests need to know. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: George Dunlap CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall The only reason this does not get an XSA is because Xen does not have any form of KALSR. v2: * Retain the useless return value for 64bit PV guests in release builds only. * Rewrite comments. --- xen/common/kernel.c | 20 +++++++++++++++++--- xen/include/public/version.h | 27 +++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 4f268d83e3cb..f7b1f65f373c 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -518,11 +518,15 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) case XENVER_platform_parameters: { + const struct vcpu *curr = current; + #ifdef CONFIG_COMPAT - if ( current->hcall_compat ) + if ( curr->hcall_compat ) { compat_platform_parameters_t params = { - .virt_start = HYPERVISOR_COMPAT_VIRT_START(current->domain), + .virt_start = is_pv_vcpu(curr) + ? HYPERVISOR_COMPAT_VIRT_START(curr->domain) + : 0, }; if ( copy_to_guest(arg, ¶ms, 1) ) @@ -532,7 +536,17 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #endif { xen_platform_parameters_t params = { - .virt_start = HYPERVISOR_VIRT_START, + /* + * Out of an abundance of caution, retain the useless return + * value for 64bit PV guests, but in release builds only. + * + * This is not expected to cause any problems, but if it does, + * the developer impacted will be the one best suited to fix + * the caller not to issue this hypercall. + */ + .virt_start = !IS_ENABLED(CONFIG_DEBUG) && is_pv_vcpu(curr) + ? HYPERVISOR_VIRT_START + : 0, }; if ( copy_to_guest(arg, ¶ms, 1) ) diff --git a/xen/include/public/version.h b/xen/include/public/version.h index 0ff8bd9077c6..cbc4ef7a46e6 100644 --- a/xen/include/public/version.h +++ b/xen/include/public/version.h @@ -42,6 +42,33 @@ typedef char xen_capabilities_info_t[1024]; typedef char xen_changeset_info_t[64]; #define XEN_CHANGESET_INFO_LEN (sizeof(xen_changeset_info_t)) +/* + * This API is problematic. + * + * It is only applicable to guests which share pagetables with Xen (x86 PV + * guests), but unfortunately has leaked into other guest types and + * architectures with an expectation of never failing. + * + * It is intended to identify the virtual address split between guest kernel + * and Xen. + * + * For 32bit PV guests, there is a split, and it is variable (between two + * fixed bounds), and this boundary is reported to guests. The detail missing + * from the hypercall is that the second boundary is the 32bit architectural + * boundary at 4G. + * + * For 64bit PV guests, Xen lives at the bottom of the upper canonical range. + * This hypercall happens to report the architectural boundary, not the one + * which would be necessary to make a variable split work. As such, this + * hypercall entirely useless for 64bit PV guests, and all inspected + * implementations at the time of writing were found to have compile time + * expectations about the split. + * + * For architectures where this hypercall is implemented, for backwards + * compatibility with the expectation of the hypercall never failing Xen will + * return 0 instead of failing with -ENOSYS in cases where the guest should + * not be making the hypercall. + */ #define XENVER_platform_parameters 5 struct xen_platform_parameters { xen_ulong_t virt_start; From patchwork Fri Jan 13 23:08:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13101722 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 48001C678D6 for ; Fri, 13 Jan 2023 23:09:00 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.477556.740313 (Exim 4.92) (envelope-from ) id 1pGTAG-00079o-4f; Fri, 13 Jan 2023 23:08:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 477556.740313; Fri, 13 Jan 2023 23:08:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAG-00079g-1B; Fri, 13 Jan 2023 23:08:48 +0000 Received: by outflank-mailman (input) for mailman id 477556; Fri, 13 Jan 2023 23:08:46 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAE-0006f0-Aj for xen-devel@lists.xenproject.org; Fri, 13 Jan 2023 23:08:46 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 3a792e11-9397-11ed-91b6-6bf2151ebd3b; Sat, 14 Jan 2023 00:08:45 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 3a792e11-9397-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673651326; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RRasjkNoe7Enmu6lqfWgkYl+d2SZ3qpC6O2iTzVGXP8=; b=MdsQVZDSP/WK9hJEdeK4w8UpXEB4V8TvFo2ZhEWiO5PE3rTtpqjzlZQk 9k/blNT+K+qe4e5Zel/A4z7eUF3YEkr8XJ+pPgTOH+r3Ic9TtXQUi/5yt fcWaEahhLl2QAs8UY2Ab94+hZsiM/Bad37Rb0oVhzMNW8b3l0TBE8ys2O g=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92558108 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:adSghqlVPqX1OGO2gMPF/C/o5gxYJkRdPkR7XQ2eYbSJt1+Wr1Gzt xJMWmiDbvrfZzbwfNsibduwo0pXvJaGyt5iS1E/qS0yEiMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+a6U6icf3grHmeIcQ954Tp7gek1n4V0ttawBgKJq LvartbWfVSowFaYCEpNg064gE4p7auaVA8w5ARkPqgS5QSGyxH5MbpETU2PByqgKmVrNrbSq 9brlNmR4m7f9hExPdKp+p6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTbZLwXXx/mTSR9+2d/ f0W3XCGpaXFCYWX8AgVe0Ew/yiTpsSq8pefSZS0mZT7I0Er7xIAahihZa07FdRwxwp5PY1B3 dsFMQsiRz6SvbKJg/Wha8Rqh/4EIeC+aevzulk4pd3YJfMvQJSFSKTW/95Imjw3g6iiH96HO ZBfM2A2Kk2dPVsWYAx/5JEWxY9EglHWdTFCpU3Tjq0w+2XJlyR60aT3McqTcduPLSlQthfC+ z+Wpjypav0cHIDEyzGqoi/yurHelBnkR4YYEaz7/fE/1TV/wURMUUZLBDNXu8KRiFO6Wt9ZA 1wZ/Gwpt6da3FOvZsnwWVu/unHslhQRQcZKGus2rgSE0LPJ4h2xD3IBCDVGbbQOisgyQjA70 06TqPngDzdvrb69RGqU8/GfqjbaETMOMWYIaCsATA0Ey9ruuoc+ilTIVNkLOIyfg8DxGDrw6 yuXtyV4jLIW5eYb2qP+8V3ZjjaEopnSUhVz9gjRRnii7A5yeMiifYPA1LTAxa8edsDDFADH5 SVa3ZHEt4jiEK1higSqXfw2M5iH9szVD36bm39CGZgb0DmErivLkZ9r3N1uGKt4Gp9aJmS0P xGP4lo5CIx7ZyXzM/IuC26lI4FzlPW7S4y4PhzBRoAWCqWdYjNr682HiaS4+2n22HYhnqgkU XtwWZb9VC1KYUiLIdffegv87VPI7npkrY8rbcqnpylLKJLHDJJvdZ8LMUGVcscy576erQPe/ r53bpXVkEsEDL2vOnmOqub/yGzmylBiVfjLRzF/LLbfcmKK5kl8YxMu/V/RU9M8xPkE/gs51 nq8RlVZ2DLCaY7vcG23hoRYQOq3B/5X9CtrVRHAyH70gxDPl67ztvZAH3b2FJF7nNFeIQlcF qdbKp3RX6oXFFwqOV01NPHAkWCrTzzz7SrmAsZvSGFXk0JIL+ARxuLZQw== IronPort-HdrOrdr: A9a23:YUNK7qGnqKuFCqYgpLqE5seALOsnbusQ8zAXPiFKJSC9F/byqy nAppsmPHPP5gr5OktBpTnwAsi9qBrnnPYejLX5Vo3SPzUO1lHYSb1K3M/PxCDhBj271sM179 YFT0GmMqyTMWRH X-IronPort-AV: E=Sophos;i="5.97,215,1669093200"; d="scan'208";a="92558108" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Stefano Stabellini , Julien Grall , Volodymyr Babchuk , Bertrand Marquis Subject: [PATCH v2 2/5] xen/version: Calculate xen_capabilities_info once at boot Date: Fri, 13 Jan 2023 23:08:32 +0000 Message-ID: <20230113230835.29356-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230113230835.29356-1-andrew.cooper3@citrix.com> References: <20230113230835.29356-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 The arch_get_xen_caps() infrastructure is horribly inefficient, for something that is constant after features have been resolved on boot. Every instance used snprintf() to format constants into a string (which gets shorter when %d gets resolved!), which gets double buffered on the stack. Switch to using string literals with the "3.0" inserted - these numbers haven't changed in 18 years (The Xen 3.0 release was Dec 5th 2005). Use initcalls to format the data into xen_cap_info, which is deliberately not of type xen_capabilities_info_t because a 1k array is a silly overhead for storing a maximum of 77 chars (the x86 version) and isn't liable to need any more space in the forseeable future. This speeds up the the XENVER_capabilities hypercall, but the purpose of the change is to allow us to introduce a better XENVER_* API that doesn't force us to put a 1k buffer on the stack. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau MonnĂ© CC: Wei Liu CC: Stefano Stabellini CC: Julien Grall CC: Volodymyr Babchuk CC: Bertrand Marquis v2: * New If Xen had strncpy(), then the hunk in do_xen_version() could read: if ( deny ) memset(info, 0, sizeof(info)); else strncpy(info, xen_cap_info, sizeof(info)); to avoid double processing the start of the buffer, but given the ABI (must write 1k chars into the guest), I cannot see any way of taking info off the stack without some kind of strncpy_to_guest() API. Moving to __initcall() also allows new architectures to not implement this API, and I'm going to recommend strongly that they dont. Its a very dubious way of signalling about 3 bits of info to the toolstack, and inefficient to use (the toolstack has to do string parsing on the result figure out if PV64/PV32/HVM is available). --- xen/arch/arm/setup.c | 19 ++++++------------- xen/arch/x86/setup.c | 31 ++++++++++--------------------- xen/common/kernel.c | 3 ++- xen/include/xen/hypercall.h | 2 -- xen/include/xen/version.h | 2 ++ 5 files changed, 20 insertions(+), 37 deletions(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 1f26f67b90e3..b71b4bc506e0 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -1194,24 +1194,17 @@ void __init start_xen(unsigned long boot_phys_offset, switch_stack_and_jump(idle_vcpu[0]->arch.cpu_info, init_done); } -void arch_get_xen_caps(xen_capabilities_info_t *info) +static int __init init_xen_cap_info(void) { - /* Interface name is always xen-3.0-* for Xen-3.x. */ - int major = 3, minor = 0; - char s[32]; - - (*info)[0] = '\0'; - #ifdef CONFIG_ARM_64 - snprintf(s, sizeof(s), "xen-%d.%d-aarch64 ", major, minor); - safe_strcat(*info, s); + safe_strcat(xen_cap_info, "xen-3.0-aarch64 "); #endif if ( cpu_has_aarch32 ) - { - snprintf(s, sizeof(s), "xen-%d.%d-armv7l ", major, minor); - safe_strcat(*info, s); - } + safe_strcat(xen_cap_info, "xen-3.0-armv7l "); + + return 0; } +__initcall(init_xen_cap_info); /* * Local variables: diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 566422600d94..f80821469ece 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1956,35 +1956,24 @@ void __init noreturn __start_xen(unsigned long mbi_p) unreachable(); } -void arch_get_xen_caps(xen_capabilities_info_t *info) +static int __init cf_check init_xen_cap_info(void) { - /* Interface name is always xen-3.0-* for Xen-3.x. */ - int major = 3, minor = 0; - char s[32]; - - (*info)[0] = '\0'; - if ( IS_ENABLED(CONFIG_PV) ) { - snprintf(s, sizeof(s), "xen-%d.%d-x86_64 ", major, minor); - safe_strcat(*info, s); + safe_strcat(xen_cap_info, "xen-3.0-x86_64 "); if ( opt_pv32 ) - { - snprintf(s, sizeof(s), "xen-%d.%d-x86_32p ", major, minor); - safe_strcat(*info, s); - } + safe_strcat(xen_cap_info, "xen-3.0-x86_32p "); } if ( hvm_enabled ) - { - snprintf(s, sizeof(s), "hvm-%d.%d-x86_32 ", major, minor); - safe_strcat(*info, s); - snprintf(s, sizeof(s), "hvm-%d.%d-x86_32p ", major, minor); - safe_strcat(*info, s); - snprintf(s, sizeof(s), "hvm-%d.%d-x86_64 ", major, minor); - safe_strcat(*info, s); - } + safe_strcat(xen_cap_info, + "hvm-3.0-x86_32 " + "hvm-3.0-x86_32p " + "hvm-3.0-x86_64 "); + + return 0; } +__initcall(init_xen_cap_info); int __hwdom_init xen_in_range(unsigned long mfn) { diff --git a/xen/common/kernel.c b/xen/common/kernel.c index f7b1f65f373c..4fa1d6710115 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -30,6 +30,7 @@ enum system_state system_state = SYS_STATE_early_boot; xen_commandline_t saved_cmdline; static const char __initconst opt_builtin_cmdline[] = CONFIG_CMDLINE; +char __ro_after_init xen_cap_info[128]; static int assign_integer_param(const struct kernel_param *param, uint64_t val) { @@ -509,7 +510,7 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) memset(info, 0, sizeof(info)); if ( !deny ) - arch_get_xen_caps(&info); + safe_strcpy(info, xen_cap_info); if ( copy_to_guest(arg, info, ARRAY_SIZE(info)) ) return -EFAULT; diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index f307dfb59760..15b6be6ec818 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -56,6 +56,4 @@ common_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -void arch_get_xen_caps(xen_capabilities_info_t *info); - #endif /* __XEN_HYPERCALL_H__ */ diff --git a/xen/include/xen/version.h b/xen/include/xen/version.h index 93c58773630c..4856ad1b446d 100644 --- a/xen/include/xen/version.h +++ b/xen/include/xen/version.h @@ -19,6 +19,8 @@ const char *xen_deny(void); const char *xen_build_info(void); int xen_build_id(const void **p, unsigned int *len); +extern char xen_cap_info[128]; + #ifdef BUILD_ID void xen_build_init(void); int xen_build_id_check(const Elf_Note *n, unsigned int n_sz, From patchwork Fri Jan 13 23:08:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13101724 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 443D4C678D7 for ; Fri, 13 Jan 2023 23:09:00 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.477557.740317 (Exim 4.92) (envelope-from ) id 1pGTAG-0007Cq-GK; Fri, 13 Jan 2023 23:08:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 477557.740317; Fri, 13 Jan 2023 23:08:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAG-0007CU-A0; Fri, 13 Jan 2023 23:08:48 +0000 Received: by outflank-mailman (input) for mailman id 477557; Fri, 13 Jan 2023 23:08:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAF-0006f0-Nb for xen-devel@lists.xenproject.org; Fri, 13 Jan 2023 23:08:47 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 3b387538-9397-11ed-91b6-6bf2151ebd3b; Sat, 14 Jan 2023 00:08:46 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 3b387538-9397-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673651327; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=RhJxNddOZnuA9cAZ20nrQNAY+XT5cis1ShPg10NhTgQ=; b=ar9kl0ICAkpxo5bHeQ8Whdm+c0Ow8TAH91Mxi/7Sd8q0ABpwWZ6polsz BROa5BPFXCzGJMaZx/LAU0jRaL6RX9KtHQbg/PQSxgDg68fl0B3ZQ5YmJ vX0TNisyji8oWdgUN72yugyouEUXJLmRbbk9nfbyxplbzndwfWWKyaqUl I=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92558110 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:R7iNCKLMS5z0TbkDFE+RO5UlxSXFcZb7ZxGr2PjKsXjdYENS12NRz WFJD2+Ca/+DYGrwet9zboS29ksDv5fUxtdmSQdlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHv+kUrWs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPcwP9TlK6q4mhA5wVlPawjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5QHHh12 tU2OQpdUVPEncObxrOBbeRF05FLwMnDZOvzu1llxDDdS/0nXYrCU+PB4towMDUY354UW6yEP oxANGQpNU6bC/FMEg5/5JYWteGknHTgNRZfr0qYv/Ef6GnP1g1hlrPqNbI5f/TbH5gIzh/B/ goq+UzrPzU8O/unkQGUqF2vhPbhgyDkV4cdQejQGvlC3wTImz175ActfVmmpfi0jGauVtQZL FYbkgIxqYAi+UrtScPyNzW0r3KJsQQVc8ZBGO09rgeWw+zb5BjxLmoNSDJbecElnMAzTD0uk FSOmrvBCSR0tbyJSVqU7rqOsS6pIi8RMHMDYikfCwAC5rHLsIw1yx7CUNtnOKq0lcHuXyH9x SiQqyozjKlVitQEv42g5kzOiT+oopnPTyY26x/RU2bj6Rl2DKaHTYG17VnQ7d5bMZ2UCFKGu RA5d9O2tb5US8vXzWrUHbtLRevyjxqYDNHCqXlyBqIO3hq8wS6cPsdKwRx4JX1OP+9RLFcFf 3TvVRNtCI57ZSX1NvIoPd7qUqzG3oC7S427C6m8gs5mJ8EoKVTZpHwGiVu4hTiFraQ6rU0o1 X53m+6IBG1SN6loxSHeqww1ge5ynXBWKY8+qPnGI/WbPVm2PiT9pU8tagfmUwzAxPrsTP/p2 9heLdCW7B5UTffzZCLamaZKcw9RcyNnVcGu+5UMHgJmHuaBMDhxY8I9PJt7I9A190irvrqgE o6Btr9wlwOk2CyvxfSiYXF/crL/NauTXlpiVRHAyW2AgiB5Ca72tfd3SnfCVeV/nACV5aIuH qZtlgTpKqgndwkrDBxEM8es9N0/Kkz17e9MVgL8CAUCk1dbb1Sh0rfZksHHrUHi0gLfWRMCn oCd IronPort-HdrOrdr: A9a23:0elSxart9ZL3gN78Y++HzcsaV5oleYIsimQD101hICG9E/b1qy nKpp8mPHDP5wr5NEtPpTnjAsm9qALnlKKdiLN5Vd3OYOCMghrKEGgN1/qG/xTQXwH46+5Bxe NBXsFFebnN5IFB/KTH3DU= X-IronPort-AV: E=Sophos;i="5.97,215,1669093200"; d="scan'208";a="92558110" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , George Dunlap , Jan Beulich , "Stefano Stabellini" , Wei Liu , Julien Grall , Daniel De Graaf , Daniel Smith , Jason Andryuk Subject: [PATCH v2 3/5] xen/version: Introduce non-truncating XENVER_* subops Date: Fri, 13 Jan 2023 23:08:33 +0000 Message-ID: <20230113230835.29356-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230113230835.29356-1-andrew.cooper3@citrix.com> References: <20230113230835.29356-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Recently in XenServer, we have encountered problems caused by both XENVER_extraversion and XENVER_commandline having fixed bounds. More than just the invariant size, the APIs/ABIs also broken by typedef-ing an array, and using an unqualified 'char' which has implementation-specific signed-ness Provide brand new ops, which are capable of expressing variable length strings, and mark the older ops as broken. This fixes all issues around XENVER_extraversion being longer than 15 chars. More work is required to remove other assumptions about XENVER_commandline being 1023 chars long. Signed-off-by: Andrew Cooper Reviewed-by: Jason Andryuk # Flask --- CC: George Dunlap CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Daniel De Graaf CC: Daniel Smith CC: Jason Andryuk v2: * Remove xen_capabilities_info_t from the stack now that arch_get_xen_caps() has gone. * Use an arbitrary limit check much lower than INT_MAX. * Use "buf" rather than "string" terminology. * Expand the API comment. Tested by forcing XENVER_extraversion to be 20 chars long, and confirming that an untruncated version can be obtained. --- xen/common/kernel.c | 62 +++++++++++++++++++++++++++++++++++++++++++ xen/include/public/version.h | 63 ++++++++++++++++++++++++++++++++++++++++++-- xen/include/xlat.lst | 1 + xen/xsm/flask/hooks.c | 4 +++ 4 files changed, 128 insertions(+), 2 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 4fa1d6710115..cc5d8247b04d 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -24,6 +24,7 @@ CHECK_build_id; CHECK_compile_info; CHECK_feature_info; +CHECK_varbuf; #endif enum system_state system_state = SYS_STATE_early_boot; @@ -470,6 +471,59 @@ static int __init cf_check param_init(void) __initcall(param_init); #endif +static long xenver_varbuf_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +{ + struct xen_varbuf user_str; + const char *str = NULL; + size_t sz; + + switch ( cmd ) + { + case XENVER_extraversion2: + str = xen_extra_version(); + break; + + case XENVER_changeset2: + str = xen_changeset(); + break; + + case XENVER_commandline2: + str = saved_cmdline; + break; + + case XENVER_capabilities2: + str = xen_cap_info; + break; + + default: + ASSERT_UNREACHABLE(); + return -ENODATA; + } + + sz = strlen(str); + + if ( sz > KB(64) ) /* Arbitrary limit. Avoid long-running operations. */ + return -E2BIG; + + if ( guest_handle_is_null(arg) ) /* Length request */ + return sz; + + if ( copy_from_guest(&user_str, arg, 1) ) + return -EFAULT; + + if ( user_str.len == 0 ) + return -EINVAL; + + if ( sz > user_str.len ) + return -ENOBUFS; + + if ( copy_to_guest_offset(arg, offsetof(struct xen_varbuf, buf), + str, sz) ) + return -EFAULT; + + return sz; +} + long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { bool_t deny = !!xsm_xen_version(XSM_OTHER, cmd); @@ -683,6 +737,14 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return sz; } + + case XENVER_extraversion2: + case XENVER_capabilities2: + case XENVER_changeset2: + case XENVER_commandline2: + if ( deny ) + return -EPERM; + return xenver_varbuf_op(cmd, arg); } return -ENOSYS; diff --git a/xen/include/public/version.h b/xen/include/public/version.h index cbc4ef7a46e6..9287b5d3ff50 100644 --- a/xen/include/public/version.h +++ b/xen/include/public/version.h @@ -19,12 +19,20 @@ /* arg == NULL; returns major:minor (16:16). */ #define XENVER_version 0 -/* arg == xen_extraversion_t. */ +/* + * arg == xen_extraversion_t. + * + * This API/ABI is broken. Use XENVER_extraversion2 instead. + */ #define XENVER_extraversion 1 typedef char xen_extraversion_t[16]; #define XEN_EXTRAVERSION_LEN (sizeof(xen_extraversion_t)) -/* arg == xen_compile_info_t. */ +/* + * arg == xen_compile_info_t. + * + * This API/ABI is broken and truncates data. + */ #define XENVER_compile_info 2 struct xen_compile_info { char compiler[64]; @@ -34,10 +42,20 @@ struct xen_compile_info { }; typedef struct xen_compile_info xen_compile_info_t; +/* + * arg == xen_capabilities_info_t. + * + * This API/ABI is broken. Use XENVER_capabilities2 instead. + */ #define XENVER_capabilities 3 typedef char xen_capabilities_info_t[1024]; #define XEN_CAPABILITIES_INFO_LEN (sizeof(xen_capabilities_info_t)) +/* + * arg == xen_changeset_info_t. + * + * This API/ABI is broken. Use XENVER_changeset2 instead. + */ #define XENVER_changeset 4 typedef char xen_changeset_info_t[64]; #define XEN_CHANGESET_INFO_LEN (sizeof(xen_changeset_info_t)) @@ -95,6 +113,11 @@ typedef struct xen_feature_info xen_feature_info_t; */ #define XENVER_guest_handle 8 +/* + * arg == xen_commandline_t. + * + * This API/ABI is broken. Use XENVER_commandline2 instead. + */ #define XENVER_commandline 9 typedef char xen_commandline_t[1024]; @@ -110,6 +133,42 @@ struct xen_build_id { }; typedef struct xen_build_id xen_build_id_t; +/* + * Container for an arbitrary variable length buffer. + */ +struct xen_varbuf { + uint32_t len; /* IN: size of buf[] in bytes. */ + unsigned char buf[XEN_FLEX_ARRAY_DIM]; /* OUT: requested data. */ +}; +typedef struct xen_varbuf xen_varbuf_t; + +/* + * arg == xen_varbuf_t + * + * Equivalent to the original ops, but with a non-truncating API/ABI. + * + * These hypercalls can fail for a number of reasons. All callers must handle + * -XEN_xxx return values appropriately. + * + * Passing arg == NULL is a request for size, which will be signalled with a + * non-negative return value. Note: a return size of 0 may be legitimate for + * the requested subop. + * + * Otherwise, the input xen_varbuf_t provides the size of the following + * buffer. Xen will fill the buffer, and return the number of bytes written + * (e.g. if the input buffer was longer than necessary). + * + * Some subops may return binary data. Some subops may be expected to return + * textural data. These are returned without a NUL terminator, and while the + * contents is expected to be ASCII/UTF-8, Xen makes no guarentees to this + * effect. e.g. Xen has no control over the formatting used for the command + * line. + */ +#define XENVER_extraversion2 11 +#define XENVER_capabilities2 12 +#define XENVER_changeset2 13 +#define XENVER_commandline2 14 + #endif /* __XEN_PUBLIC_VERSION_H__ */ /* diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst index d601a8a98421..762c8a77fb27 100644 --- a/xen/include/xlat.lst +++ b/xen/include/xlat.lst @@ -172,6 +172,7 @@ ? build_id version.h ? compile_info version.h ? feature_info version.h +? varbuf version.h ? xenoprof_init xenoprof.h ? xenoprof_passive xenoprof.h ? flask_access xsm/flask_op.h diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 78225f68c15c..a671dcd0322e 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1777,15 +1777,18 @@ static int cf_check flask_xen_version(uint32_t op) /* These sub-ops ignore the permission checks and return data. */ return 0; case XENVER_extraversion: + case XENVER_extraversion2: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION, VERSION__XEN_EXTRAVERSION, NULL); case XENVER_compile_info: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION, VERSION__XEN_COMPILE_INFO, NULL); case XENVER_capabilities: + case XENVER_capabilities2: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION, VERSION__XEN_CAPABILITIES, NULL); case XENVER_changeset: + case XENVER_changeset2: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION, VERSION__XEN_CHANGESET, NULL); case XENVER_pagesize: @@ -1795,6 +1798,7 @@ static int cf_check flask_xen_version(uint32_t op) return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION, VERSION__XEN_GUEST_HANDLE, NULL); case XENVER_commandline: + case XENVER_commandline2: return avc_has_perm(dsid, SECINITSID_XEN, SECCLASS_VERSION, VERSION__XEN_COMMANDLINE, NULL); case XENVER_build_id: From patchwork Fri Jan 13 23:08:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13101725 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 76BEDC3DA78 for ; Fri, 13 Jan 2023 23:09:01 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.477558.740335 (Exim 4.92) (envelope-from ) id 1pGTAH-0007gm-Vb; Fri, 13 Jan 2023 23:08:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 477558.740335; Fri, 13 Jan 2023 23:08:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAH-0007gZ-Rh; Fri, 13 Jan 2023 23:08:49 +0000 Received: by outflank-mailman (input) for mailman id 477558; Fri, 13 Jan 2023 23:08:48 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAG-00076h-3b for xen-devel@lists.xenproject.org; Fri, 13 Jan 2023 23:08:48 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 39d65cdf-9397-11ed-b8d0-410ff93cb8f0; Sat, 14 Jan 2023 00:08:45 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 39d65cdf-9397-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673651326; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=ymMfRlm9ht6BlDD3wEaaTOA+gMUaexzdxRl9xxZ1XxA=; b=Mkwb1Z8APJ6Lw68XKw6Jh1Ii48sWj77hXDJoAwTjVYKbjucnfHuajbZ9 UvPirSrHejODlzEU079k6n3LiykS2yG+WVVFZI27CwvQChwF0q1HM1Dd7 jn+d76eNoHIAs8y2hAYjjKK4nvWCs3nxUBuy/eFCEsqrCibGIZfzECV7u 0=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92558109 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:hkB5ea85lXWNwxu0xsPUDrUDo36TJUtcMsCJ2f8bNWPcYEJGY0x3m DBOCj+FOK2LYzb3fdsibN7l9EgGu8eEy4IxTFNqpHo8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIw1BjOkGlA5AdmPKkQ5AO2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklp6 OUjBxkjfyrTuKHx2pOWTOhWockKeZyD0IM34hmMzBncBPciB5vCX7/L9ZlT2zJYasJmRKiEI ZBDMHw2MUqGOkcUUrsUIMtWcOOAr3/zaTBH7nmSorI6+TP7xw1tyrn9dtHSf7RmQO0ExBvF9 juergwVBDkkOvG45B7V1UmPi+7PzHLlfIUPGbe3o6sCbFq7mTVIVUx+uUGAieKilke0VtZbK koV0ikjt64/8AqsVNaVdwK8iG6JuFgbQdU4O+8n7ACAzILE7gDfAXILJhZjQtE7sM49RRQxy 0SE2djuAFRHoLCTDH6Q6LqQhTezIjQOa38PYzceSgkI6MWlp5s85i8jVf46TvTz1IesX2itn XbT9nNWa6gvYdAj8Liixn/urSOW9qeKCRQUywPWZEWox1YsDGK6XLBE+WQ3/N4ZctnCEwbf4 CNd8ySNxLtQVM/QzURhVM1IRej0vKjdbVUwlHY1R/EcGyKRF2lPlGy6yBV3Pw9XP8kNYlcFi 2eD6FoKtPe/0JZHBJKbgr5d6Oxwl8AM7fy/CpjpgiNmO/CdjjOv8iB0flK31GvwikUqmqxXE c7FLp3yVipKWPw3lWHeqwIhPVgDn3BW+I8ubcqjk0TPPUS2ORZ5tovpwHPRN7tkvctoUS3e8 spFNtvi9vmseLSWX8UjyqZKdQpiBSFiVfjLRzl/KrbrzvxORDtwVJc8ANoJJ+RYokiivr6Wo CDlCxIGkASXaL+uAVziV02PoYjHBf5XxU/X9wR1Vbp08xDPubqS0Zo= IronPort-HdrOrdr: A9a23:2pe1SKht1mQuaZv+2QSfBpMnDXBQXtQji2hC6mlwRA09TyX4ra yTdZEgviMc5wx/ZJhNo7690cu7IU80hKQV3WB5B97LNmTbUQCTXeJfBOXZsljdMhy72ulB1b pxN4hSYeeAaWSSVPyKgjWFLw== X-IronPort-AV: E=Sophos;i="5.97,215,1669093200"; d="scan'208";a="92558109" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , George Dunlap , Jan Beulich , "Stefano Stabellini" , Wei Liu , Julien Grall Subject: [PATCH v2 4/5] xen/version: Fold build_id handling into xenver_varbuf_op() Date: Fri, 13 Jan 2023 23:08:34 +0000 Message-ID: <20230113230835.29356-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230113230835.29356-1-andrew.cooper3@citrix.com> References: <20230113230835.29356-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 struct xen_build_id and struct xen_varbuf are identical from an ABI point of view, so XENVER_build_id can reuse xenver_varbuf_op() rather than having it's own almost identical copy of the logic. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: George Dunlap CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall v2: * New --- xen/common/kernel.c | 49 +++++++++++++------------------------------- xen/include/public/version.h | 5 ++++- 2 files changed, 18 insertions(+), 36 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index cc5d8247b04d..7ab410ac7c28 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -476,9 +476,22 @@ static long xenver_varbuf_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) struct xen_varbuf user_str; const char *str = NULL; size_t sz; + int rc; switch ( cmd ) { + case XENVER_build_id: + { + unsigned int local_sz; + + rc = xen_build_id((const void **)&str, &local_sz); + if ( rc ) + return rc; + + sz = local_sz; + goto have_len; + } + case XENVER_extraversion2: str = xen_extra_version(); break; @@ -502,6 +515,7 @@ static long xenver_varbuf_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) sz = strlen(str); + have_len: if ( sz > KB(64) ) /* Arbitrary limit. Avoid long-running operations. */ return -E2BIG; @@ -703,41 +717,6 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } case XENVER_build_id: - { - xen_build_id_t build_id; - unsigned int sz; - int rc; - const void *p; - - if ( deny ) - return -EPERM; - - /* Only return size. */ - if ( !guest_handle_is_null(arg) ) - { - if ( copy_from_guest(&build_id, arg, 1) ) - return -EFAULT; - - if ( build_id.len == 0 ) - return -EINVAL; - } - - rc = xen_build_id(&p, &sz); - if ( rc ) - return rc; - - if ( guest_handle_is_null(arg) ) - return sz; - - if ( sz > build_id.len ) - return -ENOBUFS; - - if ( copy_to_guest_offset(arg, offsetof(xen_build_id_t, buf), p, sz) ) - return -EFAULT; - - return sz; - } - case XENVER_extraversion2: case XENVER_capabilities2: case XENVER_changeset2: diff --git a/xen/include/public/version.h b/xen/include/public/version.h index 9287b5d3ff50..ee32d4c6b30b 100644 --- a/xen/include/public/version.h +++ b/xen/include/public/version.h @@ -124,8 +124,10 @@ typedef char xen_commandline_t[1024]; /* * Return value is the number of bytes written, or XEN_Exx on error. * Calling with empty parameter returns the size of build_id. + * + * Note: structure only kept for backwards compatibility. Xen operates in + * terms of xen_varbuf_t. */ -#define XENVER_build_id 10 struct xen_build_id { uint32_t len; /* IN: size of buf[]. */ unsigned char buf[XEN_FLEX_ARRAY_DIM]; @@ -164,6 +166,7 @@ typedef struct xen_varbuf xen_varbuf_t; * effect. e.g. Xen has no control over the formatting used for the command * line. */ +#define XENVER_build_id 10 #define XENVER_extraversion2 11 #define XENVER_capabilities2 12 #define XENVER_changeset2 13 From patchwork Fri Jan 13 23:08:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 13101723 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3427BC677F1 for ; Fri, 13 Jan 2023 23:09:00 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.477559.740346 (Exim 4.92) (envelope-from ) id 1pGTAJ-0007xs-AC; Fri, 13 Jan 2023 23:08:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 477559.740346; Fri, 13 Jan 2023 23:08:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAJ-0007wo-5R; Fri, 13 Jan 2023 23:08:51 +0000 Received: by outflank-mailman (input) for mailman id 477559; Fri, 13 Jan 2023 23:08:49 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pGTAH-00076h-6T for xen-devel@lists.xenproject.org; Fri, 13 Jan 2023 23:08:49 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 3a90c6ee-9397-11ed-b8d0-410ff93cb8f0; Sat, 14 Jan 2023 00:08:47 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 3a90c6ee-9397-11ed-b8d0-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1673651328; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=+mZ+HqjQOoRFKxUB1RXhTht2/NOUz4Dnfis5QIqIl1c=; b=F2BfhEMMJjLiLCGUpO80x3909EiczBsfFutDj35rwomIihvDa+7N6nGa 9873YTsJvMqMjVeBNgl8NF7AKGuBgI0n/hpi6sy34HpUptFidal8Yoofj tCAYBPHlZicxC7irlFQBPrZ0wzCyS6ANF+gdnY+DuXwAIqY+62I9nAKVu c=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 92558111 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:Um1A0a/vE11O5zuEa7xwDrUDo36TJUtcMsCJ2f8bNWPcYEJGY0x3y WoeUGrTPveNMDP2fY11bYzj/R4HucDVx4BnTgM4qi88E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIw1BjOkGlA5AdmPKkQ5AO2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklp6 OUjBxkjfyrTuKHx2pOWTOhWockKeZyD0IM34hmMzBncBPciB5vCX7/L9ZlT2zJYasJmRKiEI ZBDMHw2MUqGOkcUUrsUIMtWcOOAr3/zaTBH7nmSorI6+TP7xw1tyrn9dtHSf7RmQO0ExBvF9 jufpgwVBDlLGMWWkiim40m1g/LmkQzFCaIQObeRo6sCbFq7mTVIVUx+uUGAieKilke0VtZbK koV0ikjt64/8AqsVNaVdwK8iG6JuFgbQdU4O+8n7ACAzILE7gDfAXILJhZjQtE7sM49RRQxy 0SE2djuAFRHoLCTDH6Q6LqQhTezIjQOa38PYzceSgkI6MWlp5s85i8jVf46TvTz1IesX2itn XbT9nNWa6gvYdAj8Liixn/urSOW9qeKCRQUywPWZEWox1YsDGK6XLBE+WQ3/N4ZctnCEwbf4 CNd8ySNxLtQVM/QzURhVM1IRej0vKjdbVUwlHY1R/EcGyKRF2lPlGy6yBV3Pw9XP8kNYlcFi 2eD6FoKtPe/0JZHBJKbgr5d6Oxwl8AM7fy/CpjpgiNmO/CdjjOv8iB0flK31GvwikUqmqxXE c7FLp3yVipKWPw3lWHeqwIhPVgDn3BW+I8ubcqjk0TPPUS2ORZ5tovpwHPRN7tkvctoUS3e8 spFNtvi9vmseLSWX8UjyqZKdQpiBSFiVfjLRzl/KrbrzvxORDtwVJc8ANoJJ+RYokiivr6Wo CDlCxIGkASXaL+uAVziV02PoYjHBf5XxU/X9wR1Vbp08xDPubqS0Zo= IronPort-HdrOrdr: A9a23:xVet46uF6x1ysNnF9Yw0eF6I7skDeNV00zEX/kB9WHVpm62j+/ xG+c5x6faaslkssR0b9+xoWpPhfZqsz/9ICOAqVN/JMTUO01HYT72Kg7GSpgHIKmnT8fNcyL clU4UWMqyVMbGit7eZ3DWF X-IronPort-AV: E=Sophos;i="5.97,215,1669093200"; d="scan'208";a="92558111" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , George Dunlap , Jan Beulich , "Stefano Stabellini" , Wei Liu , Julien Grall Subject: [PATCH v2 5/5] xen/version: Misc style fixes Date: Fri, 13 Jan 2023 23:08:35 +0000 Message-ID: <20230113230835.29356-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230113230835.29356-1-andrew.cooper3@citrix.com> References: <20230113230835.29356-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: George Dunlap CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall --- xen/common/kernel.c | 11 +++++------ xen/common/version.c | 4 ++-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 7ab410ac7c28..f1d4a66d8885 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -1,6 +1,6 @@ /****************************************************************************** * kernel.c - * + * * Copyright (c) 2002-2005 K A Fraser */ @@ -540,7 +540,7 @@ static long xenver_varbuf_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { - bool_t deny = !!xsm_xen_version(XSM_OTHER, cmd); + bool deny = xsm_xen_version(XSM_OTHER, cmd); switch ( cmd ) { @@ -584,7 +584,7 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return -EFAULT; return 0; } - + case XENVER_platform_parameters: { const struct vcpu *curr = current; @@ -623,9 +623,8 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } return 0; - } - + case XENVER_changeset: { xen_changeset_info_t chgset; @@ -652,7 +651,7 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( VM_ASSIST(d, pae_extended_cr3) ) fi.submap |= (1U << XENFEAT_pae_pgdir_above_4gb); if ( paging_mode_translate(d) ) - fi.submap |= + fi.submap |= (1U << XENFEAT_writable_page_tables) | (1U << XENFEAT_auto_translated_physmap); if ( is_hardware_domain(d) ) diff --git a/xen/common/version.c b/xen/common/version.c index d32013520863..8e738672debe 100644 --- a/xen/common/version.c +++ b/xen/common/version.c @@ -209,11 +209,11 @@ void __init xen_build_init(void) } } } -#endif +#endif /* CONFIG_X86 */ if ( !rc ) printk(XENLOG_INFO "build-id: %*phN\n", build_id_len, build_id_p); } -#endif +#endif /* BUILD_ID */ /* * Local variables: * mode: C