diff options
author | Jan Beulich <jbeulich@suse.com> | 2012-10-19 15:25:37 -0400 |
---|---|---|
committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2012-11-04 10:40:42 -0500 |
commit | cf47a83fb06e42ae1b572ed68326068c7feaceae (patch) | |
tree | 52e694ac8adfc67d8dc82e35e046c14f0ceb10c2 /drivers/xen | |
parent | 95a7d76897c1e7243d4137037c66d15cbf2cce76 (diff) |
xen/hypercall: fix hypercall fallback code for very old hypervisors
While copying the argument structures in HYPERVISOR_event_channel_op()
and HYPERVISOR_physdev_op() into the local variable is sufficiently
safe even if the actual structure is smaller than the container one,
copying back eventual output values the same way isn't: This may
collide with on-stack variables (particularly "rc") which may change
between the first and second memcpy() (i.e. the second memcpy() could
discard that change).
Move the fallback code into out-of-line functions, and handle all of
the operations known by this old a hypervisor individually: Some don't
require copying back anything at all, and for the rest use the
individual argument structures' sizes rather than the container's.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
[v2: Reduce #define/#undef usage in HYPERVISOR_physdev_op_compat().]
[v3: Fix compile errors when modules use said hypercalls]
[v4: Add xen_ prefix to the HYPERCALL_..]
[v5: Alter the name and only EXPORT_SYMBOL_GPL one of them]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen')
-rw-r--r-- | drivers/xen/Makefile | 2 | ||||
-rw-r--r-- | drivers/xen/fallback.c | 80 |
2 files changed, 81 insertions, 1 deletions
diff --git a/drivers/xen/Makefile b/drivers/xen/Makefile index 0e863703545..46de6cdfccb 100644 --- a/drivers/xen/Makefile +++ b/drivers/xen/Makefile | |||
@@ -2,7 +2,7 @@ ifneq ($(CONFIG_ARM),y) | |||
2 | obj-y += manage.o balloon.o | 2 | obj-y += manage.o balloon.o |
3 | obj-$(CONFIG_HOTPLUG_CPU) += cpu_hotplug.o | 3 | obj-$(CONFIG_HOTPLUG_CPU) += cpu_hotplug.o |
4 | endif | 4 | endif |
5 | obj-y += grant-table.o features.o events.o | 5 | obj-y += grant-table.o features.o events.o fallback.o |
6 | obj-y += xenbus/ | 6 | obj-y += xenbus/ |
7 | 7 | ||
8 | nostackp := $(call cc-option, -fno-stack-protector) | 8 | nostackp := $(call cc-option, -fno-stack-protector) |
diff --git a/drivers/xen/fallback.c b/drivers/xen/fallback.c new file mode 100644 index 00000000000..0ef7c4d40f8 --- /dev/null +++ b/drivers/xen/fallback.c | |||
@@ -0,0 +1,80 @@ | |||
1 | #include <linux/kernel.h> | ||
2 | #include <linux/string.h> | ||
3 | #include <linux/bug.h> | ||
4 | #include <linux/export.h> | ||
5 | #include <asm/hypervisor.h> | ||
6 | #include <asm/xen/hypercall.h> | ||
7 | |||
8 | int xen_event_channel_op_compat(int cmd, void *arg) | ||
9 | { | ||
10 | struct evtchn_op op; | ||
11 | int rc; | ||
12 | |||
13 | op.cmd = cmd; | ||
14 | memcpy(&op.u, arg, sizeof(op.u)); | ||
15 | rc = _hypercall1(int, event_channel_op_compat, &op); | ||
16 | |||
17 | switch (cmd) { | ||
18 | case EVTCHNOP_close: | ||
19 | case EVTCHNOP_send: | ||
20 | case EVTCHNOP_bind_vcpu: | ||
21 | case EVTCHNOP_unmask: | ||
22 | /* no output */ | ||
23 | break; | ||
24 | |||
25 | #define COPY_BACK(eop) \ | ||
26 | case EVTCHNOP_##eop: \ | ||
27 | memcpy(arg, &op.u.eop, sizeof(op.u.eop)); \ | ||
28 | break | ||
29 | |||
30 | COPY_BACK(bind_interdomain); | ||
31 | COPY_BACK(bind_virq); | ||
32 | COPY_BACK(bind_pirq); | ||
33 | COPY_BACK(status); | ||
34 | COPY_BACK(alloc_unbound); | ||
35 | COPY_BACK(bind_ipi); | ||
36 | #undef COPY_BACK | ||
37 | |||
38 | default: | ||
39 | WARN_ON(rc != -ENOSYS); | ||
40 | break; | ||
41 | } | ||
42 | |||
43 | return rc; | ||
44 | } | ||
45 | EXPORT_SYMBOL_GPL(xen_event_channel_op_compat); | ||
46 | |||
47 | int HYPERVISOR_physdev_op_compat(int cmd, void *arg) | ||
48 | { | ||
49 | struct physdev_op op; | ||
50 | int rc; | ||
51 | |||
52 | op.cmd = cmd; | ||
53 | memcpy(&op.u, arg, sizeof(op.u)); | ||
54 | rc = _hypercall1(int, physdev_op_compat, &op); | ||
55 | |||
56 | switch (cmd) { | ||
57 | case PHYSDEVOP_IRQ_UNMASK_NOTIFY: | ||
58 | case PHYSDEVOP_set_iopl: | ||
59 | case PHYSDEVOP_set_iobitmap: | ||
60 | case PHYSDEVOP_apic_write: | ||
61 | /* no output */ | ||
62 | break; | ||
63 | |||
64 | #define COPY_BACK(pop, fld) \ | ||
65 | case PHYSDEVOP_##pop: \ | ||
66 | memcpy(arg, &op.u.fld, sizeof(op.u.fld)); \ | ||
67 | break | ||
68 | |||
69 | COPY_BACK(irq_status_query, irq_status_query); | ||
70 | COPY_BACK(apic_read, apic_op); | ||
71 | COPY_BACK(ASSIGN_VECTOR, irq_op); | ||
72 | #undef COPY_BACK | ||
73 | |||
74 | default: | ||
75 | WARN_ON(rc != -ENOSYS); | ||
76 | break; | ||
77 | } | ||
78 | |||
79 | return rc; | ||
80 | } | ||