c9bdfe8d58
Coverity points out that if (!s && !s->impl) isn't really what we intended
to do here. CID 1508131.
Fixes: 0324751272
("hw/xen: Add emulated implementation of XenStore operations")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230412185102.441523-6-dwmw2@infradead.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
1729 lines
48 KiB
C
1729 lines
48 KiB
C
/*
|
|
* QEMU Xen emulation: Shared/overlay pages support
|
|
*
|
|
* Copyright © 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
*
|
|
* Authors: David Woodhouse <dwmw2@infradead.org>
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
* See the COPYING file in the top-level directory.
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
|
|
#include "qemu/host-utils.h"
|
|
#include "qemu/module.h"
|
|
#include "qemu/main-loop.h"
|
|
#include "qemu/cutils.h"
|
|
#include "qemu/error-report.h"
|
|
#include "qapi/error.h"
|
|
#include "qom/object.h"
|
|
#include "migration/vmstate.h"
|
|
|
|
#include "hw/sysbus.h"
|
|
#include "hw/xen/xen.h"
|
|
#include "hw/xen/xen_backend_ops.h"
|
|
#include "xen_overlay.h"
|
|
#include "xen_evtchn.h"
|
|
#include "xen_xenstore.h"
|
|
|
|
#include "sysemu/kvm.h"
|
|
#include "sysemu/kvm_xen.h"
|
|
|
|
#include "trace.h"
|
|
|
|
#include "xenstore_impl.h"
|
|
|
|
#include "hw/xen/interface/io/xs_wire.h"
|
|
#include "hw/xen/interface/event_channel.h"
|
|
#include "hw/xen/interface/grant_table.h"
|
|
|
|
#define TYPE_XEN_XENSTORE "xen-xenstore"
|
|
OBJECT_DECLARE_SIMPLE_TYPE(XenXenstoreState, XEN_XENSTORE)
|
|
|
|
#define ENTRIES_PER_FRAME_V1 (XEN_PAGE_SIZE / sizeof(grant_entry_v1_t))
|
|
#define ENTRIES_PER_FRAME_V2 (XEN_PAGE_SIZE / sizeof(grant_entry_v2_t))
|
|
|
|
#define XENSTORE_HEADER_SIZE ((unsigned int)sizeof(struct xsd_sockmsg))
|
|
|
|
struct XenXenstoreState {
|
|
/*< private >*/
|
|
SysBusDevice busdev;
|
|
/*< public >*/
|
|
|
|
XenstoreImplState *impl;
|
|
GList *watch_events; /* for the guest */
|
|
|
|
MemoryRegion xenstore_page;
|
|
struct xenstore_domain_interface *xs;
|
|
uint8_t req_data[XENSTORE_HEADER_SIZE + XENSTORE_PAYLOAD_MAX];
|
|
uint8_t rsp_data[XENSTORE_HEADER_SIZE + XENSTORE_PAYLOAD_MAX];
|
|
uint32_t req_offset;
|
|
uint32_t rsp_offset;
|
|
bool rsp_pending;
|
|
bool fatal_error;
|
|
|
|
evtchn_port_t guest_port;
|
|
evtchn_port_t be_port;
|
|
struct xenevtchn_handle *eh;
|
|
|
|
uint8_t *impl_state;
|
|
uint32_t impl_state_size;
|
|
|
|
struct xengntdev_handle *gt;
|
|
void *granted_xs;
|
|
};
|
|
|
|
struct XenXenstoreState *xen_xenstore_singleton;
|
|
|
|
static void xen_xenstore_event(void *opaque);
|
|
static void fire_watch_cb(void *opaque, const char *path, const char *token);
|
|
|
|
static struct xenstore_backend_ops emu_xenstore_backend_ops;
|
|
|
|
static void G_GNUC_PRINTF (4, 5) relpath_printf(XenXenstoreState *s,
|
|
GList *perms,
|
|
const char *relpath,
|
|
const char *fmt, ...)
|
|
{
|
|
gchar *abspath;
|
|
gchar *value;
|
|
va_list args;
|
|
GByteArray *data;
|
|
int err;
|
|
|
|
abspath = g_strdup_printf("/local/domain/%u/%s", xen_domid, relpath);
|
|
va_start(args, fmt);
|
|
value = g_strdup_vprintf(fmt, args);
|
|
va_end(args);
|
|
|
|
data = g_byte_array_new_take((void *)value, strlen(value));
|
|
|
|
err = xs_impl_write(s->impl, DOMID_QEMU, XBT_NULL, abspath, data);
|
|
assert(!err);
|
|
|
|
g_byte_array_unref(data);
|
|
|
|
err = xs_impl_set_perms(s->impl, DOMID_QEMU, XBT_NULL, abspath, perms);
|
|
assert(!err);
|
|
|
|
g_free(abspath);
|
|
}
|
|
|
|
static void xen_xenstore_realize(DeviceState *dev, Error **errp)
|
|
{
|
|
XenXenstoreState *s = XEN_XENSTORE(dev);
|
|
GList *perms;
|
|
|
|
if (xen_mode != XEN_EMULATE) {
|
|
error_setg(errp, "Xen xenstore support is for Xen emulation");
|
|
return;
|
|
}
|
|
memory_region_init_ram(&s->xenstore_page, OBJECT(dev), "xen:xenstore_page",
|
|
XEN_PAGE_SIZE, &error_abort);
|
|
memory_region_set_enabled(&s->xenstore_page, true);
|
|
s->xs = memory_region_get_ram_ptr(&s->xenstore_page);
|
|
memset(s->xs, 0, XEN_PAGE_SIZE);
|
|
|
|
/* We can't map it this early as KVM isn't ready */
|
|
xen_xenstore_singleton = s;
|
|
|
|
s->eh = xen_be_evtchn_open();
|
|
if (!s->eh) {
|
|
error_setg(errp, "Xenstore evtchn port init failed");
|
|
return;
|
|
}
|
|
aio_set_fd_handler(qemu_get_aio_context(), xen_be_evtchn_fd(s->eh),
|
|
xen_xenstore_event, NULL, NULL, NULL, s);
|
|
|
|
s->impl = xs_impl_create(xen_domid);
|
|
|
|
/* Populate the default nodes */
|
|
|
|
/* Nodes owned by 'dom0' but readable by the guest */
|
|
perms = g_list_append(NULL, xs_perm_as_string(XS_PERM_NONE, DOMID_QEMU));
|
|
perms = g_list_append(perms, xs_perm_as_string(XS_PERM_READ, xen_domid));
|
|
|
|
relpath_printf(s, perms, "", "%s", "");
|
|
|
|
relpath_printf(s, perms, "domid", "%u", xen_domid);
|
|
|
|
relpath_printf(s, perms, "control/platform-feature-xs_reset_watches", "%u", 1);
|
|
relpath_printf(s, perms, "control/platform-feature-multiprocessor-suspend", "%u", 1);
|
|
|
|
relpath_printf(s, perms, "platform/acpi", "%u", 1);
|
|
relpath_printf(s, perms, "platform/acpi_s3", "%u", 1);
|
|
relpath_printf(s, perms, "platform/acpi_s4", "%u", 1);
|
|
relpath_printf(s, perms, "platform/acpi_laptop_slate", "%u", 0);
|
|
|
|
g_list_free_full(perms, g_free);
|
|
|
|
/* Nodes owned by the guest */
|
|
perms = g_list_append(NULL, xs_perm_as_string(XS_PERM_NONE, xen_domid));
|
|
|
|
relpath_printf(s, perms, "attr", "%s", "");
|
|
|
|
relpath_printf(s, perms, "control/shutdown", "%s", "");
|
|
relpath_printf(s, perms, "control/feature-poweroff", "%u", 1);
|
|
relpath_printf(s, perms, "control/feature-reboot", "%u", 1);
|
|
relpath_printf(s, perms, "control/feature-suspend", "%u", 1);
|
|
relpath_printf(s, perms, "control/feature-s3", "%u", 1);
|
|
relpath_printf(s, perms, "control/feature-s4", "%u", 1);
|
|
|
|
relpath_printf(s, perms, "data", "%s", "");
|
|
relpath_printf(s, perms, "device", "%s", "");
|
|
relpath_printf(s, perms, "drivers", "%s", "");
|
|
relpath_printf(s, perms, "error", "%s", "");
|
|
relpath_printf(s, perms, "feature", "%s", "");
|
|
|
|
g_list_free_full(perms, g_free);
|
|
|
|
xen_xenstore_ops = &emu_xenstore_backend_ops;
|
|
}
|
|
|
|
static bool xen_xenstore_is_needed(void *opaque)
|
|
{
|
|
return xen_mode == XEN_EMULATE;
|
|
}
|
|
|
|
static int xen_xenstore_pre_save(void *opaque)
|
|
{
|
|
XenXenstoreState *s = opaque;
|
|
GByteArray *save;
|
|
|
|
if (s->eh) {
|
|
s->guest_port = xen_be_evtchn_get_guest_port(s->eh);
|
|
}
|
|
|
|
g_free(s->impl_state);
|
|
save = xs_impl_serialize(s->impl);
|
|
s->impl_state = save->data;
|
|
s->impl_state_size = save->len;
|
|
g_byte_array_free(save, false);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int xen_xenstore_post_load(void *opaque, int ver)
|
|
{
|
|
XenXenstoreState *s = opaque;
|
|
GByteArray *save;
|
|
int ret;
|
|
|
|
/*
|
|
* As qemu/dom0, rebind to the guest's port. The Windows drivers may
|
|
* unbind the XenStore evtchn and rebind to it, having obtained the
|
|
* "remote" port through EVTCHNOP_status. In the case that migration
|
|
* occurs while it's unbound, the "remote" port needs to be the same
|
|
* as before so that the guest can find it, but should remain unbound.
|
|
*/
|
|
if (s->guest_port) {
|
|
int be_port = xen_be_evtchn_bind_interdomain(s->eh, xen_domid,
|
|
s->guest_port);
|
|
if (be_port < 0) {
|
|
return be_port;
|
|
}
|
|
s->be_port = be_port;
|
|
}
|
|
|
|
save = g_byte_array_new_take(s->impl_state, s->impl_state_size);
|
|
s->impl_state = NULL;
|
|
s->impl_state_size = 0;
|
|
|
|
ret = xs_impl_deserialize(s->impl, save, xen_domid, fire_watch_cb, s);
|
|
return ret;
|
|
}
|
|
|
|
static const VMStateDescription xen_xenstore_vmstate = {
|
|
.name = "xen_xenstore",
|
|
.unmigratable = 1, /* The PV back ends don't migrate yet */
|
|
.version_id = 1,
|
|
.minimum_version_id = 1,
|
|
.needed = xen_xenstore_is_needed,
|
|
.pre_save = xen_xenstore_pre_save,
|
|
.post_load = xen_xenstore_post_load,
|
|
.fields = (VMStateField[]) {
|
|
VMSTATE_UINT8_ARRAY(req_data, XenXenstoreState,
|
|
sizeof_field(XenXenstoreState, req_data)),
|
|
VMSTATE_UINT8_ARRAY(rsp_data, XenXenstoreState,
|
|
sizeof_field(XenXenstoreState, rsp_data)),
|
|
VMSTATE_UINT32(req_offset, XenXenstoreState),
|
|
VMSTATE_UINT32(rsp_offset, XenXenstoreState),
|
|
VMSTATE_BOOL(rsp_pending, XenXenstoreState),
|
|
VMSTATE_UINT32(guest_port, XenXenstoreState),
|
|
VMSTATE_BOOL(fatal_error, XenXenstoreState),
|
|
VMSTATE_UINT32(impl_state_size, XenXenstoreState),
|
|
VMSTATE_VARRAY_UINT32_ALLOC(impl_state, XenXenstoreState,
|
|
impl_state_size, 0,
|
|
vmstate_info_uint8, uint8_t),
|
|
VMSTATE_END_OF_LIST()
|
|
}
|
|
};
|
|
|
|
static void xen_xenstore_class_init(ObjectClass *klass, void *data)
|
|
{
|
|
DeviceClass *dc = DEVICE_CLASS(klass);
|
|
|
|
dc->realize = xen_xenstore_realize;
|
|
dc->vmsd = &xen_xenstore_vmstate;
|
|
}
|
|
|
|
static const TypeInfo xen_xenstore_info = {
|
|
.name = TYPE_XEN_XENSTORE,
|
|
.parent = TYPE_SYS_BUS_DEVICE,
|
|
.instance_size = sizeof(XenXenstoreState),
|
|
.class_init = xen_xenstore_class_init,
|
|
};
|
|
|
|
void xen_xenstore_create(void)
|
|
{
|
|
DeviceState *dev = sysbus_create_simple(TYPE_XEN_XENSTORE, -1, NULL);
|
|
|
|
xen_xenstore_singleton = XEN_XENSTORE(dev);
|
|
|
|
/*
|
|
* Defer the init (xen_xenstore_reset()) until KVM is set up and the
|
|
* overlay page can be mapped.
|
|
*/
|
|
}
|
|
|
|
static void xen_xenstore_register_types(void)
|
|
{
|
|
type_register_static(&xen_xenstore_info);
|
|
}
|
|
|
|
type_init(xen_xenstore_register_types)
|
|
|
|
uint16_t xen_xenstore_get_port(void)
|
|
{
|
|
XenXenstoreState *s = xen_xenstore_singleton;
|
|
if (!s) {
|
|
return 0;
|
|
}
|
|
return s->guest_port;
|
|
}
|
|
|
|
static bool req_pending(XenXenstoreState *s)
|
|
{
|
|
struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data;
|
|
|
|
return s->req_offset == XENSTORE_HEADER_SIZE + req->len;
|
|
}
|
|
|
|
static void reset_req(XenXenstoreState *s)
|
|
{
|
|
memset(s->req_data, 0, sizeof(s->req_data));
|
|
s->req_offset = 0;
|
|
}
|
|
|
|
static void reset_rsp(XenXenstoreState *s)
|
|
{
|
|
s->rsp_pending = false;
|
|
|
|
memset(s->rsp_data, 0, sizeof(s->rsp_data));
|
|
s->rsp_offset = 0;
|
|
}
|
|
|
|
static void xs_error(XenXenstoreState *s, unsigned int id,
|
|
xs_transaction_t tx_id, int errnum)
|
|
{
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
const char *errstr = NULL;
|
|
|
|
for (unsigned int i = 0; i < ARRAY_SIZE(xsd_errors); i++) {
|
|
struct xsd_errors *xsd_error = &xsd_errors[i];
|
|
|
|
if (xsd_error->errnum == errnum) {
|
|
errstr = xsd_error->errstring;
|
|
break;
|
|
}
|
|
}
|
|
assert(errstr);
|
|
|
|
trace_xenstore_error(id, tx_id, errstr);
|
|
|
|
rsp->type = XS_ERROR;
|
|
rsp->req_id = id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = (uint32_t)strlen(errstr) + 1;
|
|
|
|
memcpy(&rsp[1], errstr, rsp->len);
|
|
}
|
|
|
|
static void xs_ok(XenXenstoreState *s, unsigned int type, unsigned int req_id,
|
|
xs_transaction_t tx_id)
|
|
{
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
const char *okstr = "OK";
|
|
|
|
rsp->type = type;
|
|
rsp->req_id = req_id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = (uint32_t)strlen(okstr) + 1;
|
|
|
|
memcpy(&rsp[1], okstr, rsp->len);
|
|
}
|
|
|
|
/*
|
|
* The correct request and response formats are documented in xen.git:
|
|
* docs/misc/xenstore.txt. A summary is given below for convenience.
|
|
* The '|' symbol represents a NUL character.
|
|
*
|
|
* ---------- Database read, write and permissions operations ----------
|
|
*
|
|
* READ <path>| <value|>
|
|
* WRITE <path>|<value|>
|
|
* Store and read the octet string <value> at <path>.
|
|
* WRITE creates any missing parent paths, with empty values.
|
|
*
|
|
* MKDIR <path>|
|
|
* Ensures that the <path> exists, by necessary by creating
|
|
* it and any missing parents with empty values. If <path>
|
|
* or any parent already exists, its value is left unchanged.
|
|
*
|
|
* RM <path>|
|
|
* Ensures that the <path> does not exist, by deleting
|
|
* it and all of its children. It is not an error if <path> does
|
|
* not exist, but it _is_ an error if <path>'s immediate parent
|
|
* does not exist either.
|
|
*
|
|
* DIRECTORY <path>| <child-leaf-name>|*
|
|
* Gives a list of the immediate children of <path>, as only the
|
|
* leafnames. The resulting children are each named
|
|
* <path>/<child-leaf-name>.
|
|
*
|
|
* DIRECTORY_PART <path>|<offset> <gencnt>|<child-leaf-name>|*
|
|
* Same as DIRECTORY, but to be used for children lists longer than
|
|
* XENSTORE_PAYLOAD_MAX. Input are <path> and the byte offset into
|
|
* the list of children to return. Return values are the generation
|
|
* count <gencnt> of the node (to be used to ensure the node hasn't
|
|
* changed between two reads: <gencnt> being the same for multiple
|
|
* reads guarantees the node hasn't changed) and the list of children
|
|
* starting at the specified <offset> of the complete list.
|
|
*
|
|
* GET_PERMS <path>| <perm-as-string>|+
|
|
* SET_PERMS <path>|<perm-as-string>|+?
|
|
* <perm-as-string> is one of the following
|
|
* w<domid> write only
|
|
* r<domid> read only
|
|
* b<domid> both read and write
|
|
* n<domid> no access
|
|
* See https://wiki.xen.org/wiki/XenBus section
|
|
* `Permissions' for details of the permissions system.
|
|
* It is possible to set permissions for the special watch paths
|
|
* "@introduceDomain" and "@releaseDomain" to enable receiving those
|
|
* watches in unprivileged domains.
|
|
*
|
|
* ---------- Watches ----------
|
|
*
|
|
* WATCH <wpath>|<token>|?
|
|
* Adds a watch.
|
|
*
|
|
* When a <path> is modified (including path creation, removal,
|
|
* contents change or permissions change) this generates an event
|
|
* on the changed <path>. Changes made in transactions cause an
|
|
* event only if and when committed. Each occurring event is
|
|
* matched against all the watches currently set up, and each
|
|
* matching watch results in a WATCH_EVENT message (see below).
|
|
*
|
|
* The event's path matches the watch's <wpath> if it is an child
|
|
* of <wpath>.
|
|
*
|
|
* <wpath> can be a <path> to watch or @<wspecial>. In the
|
|
* latter case <wspecial> may have any syntax but it matches
|
|
* (according to the rules above) only the following special
|
|
* events which are invented by xenstored:
|
|
* @introduceDomain occurs on INTRODUCE
|
|
* @releaseDomain occurs on any domain crash or
|
|
* shutdown, and also on RELEASE
|
|
* and domain destruction
|
|
* <wspecial> events are sent to privileged callers or explicitly
|
|
* via SET_PERMS enabled domains only.
|
|
*
|
|
* When a watch is first set up it is triggered once straight
|
|
* away, with <path> equal to <wpath>. Watches may be triggered
|
|
* spuriously. The tx_id in a WATCH request is ignored.
|
|
*
|
|
* Watches are supposed to be restricted by the permissions
|
|
* system but in practice the implementation is imperfect.
|
|
* Applications should not rely on being sent a notification for
|
|
* paths that they cannot read; however, an application may rely
|
|
* on being sent a watch when a path which it _is_ able to read
|
|
* is deleted even if that leaves only a nonexistent unreadable
|
|
* parent. A notification may omitted if a node's permissions
|
|
* are changed so as to make it unreadable, in which case future
|
|
* notifications may be suppressed (and if the node is later made
|
|
* readable, some notifications may have been lost).
|
|
*
|
|
* WATCH_EVENT <epath>|<token>|
|
|
* Unsolicited `reply' generated for matching modification events
|
|
* as described above. req_id and tx_id are both 0.
|
|
*
|
|
* <epath> is the event's path, ie the actual path that was
|
|
* modified; however if the event was the recursive removal of an
|
|
* parent of <wpath>, <epath> is just
|
|
* <wpath> (rather than the actual path which was removed). So
|
|
* <epath> is a child of <wpath>, regardless.
|
|
*
|
|
* Iff <wpath> for the watch was specified as a relative pathname,
|
|
* the <epath> path will also be relative (with the same base,
|
|
* obviously).
|
|
*
|
|
* UNWATCH <wpath>|<token>|?
|
|
*
|
|
* RESET_WATCHES |
|
|
* Reset all watches and transactions of the caller.
|
|
*
|
|
* ---------- Transactions ----------
|
|
*
|
|
* TRANSACTION_START | <transid>|
|
|
* <transid> is an opaque uint32_t allocated by xenstored
|
|
* represented as unsigned decimal. After this, transaction may
|
|
* be referenced by using <transid> (as 32-bit binary) in the
|
|
* tx_id request header field. When transaction is started whole
|
|
* db is copied; reads and writes happen on the copy.
|
|
* It is not legal to send non-0 tx_id in TRANSACTION_START.
|
|
*
|
|
* TRANSACTION_END T|
|
|
* TRANSACTION_END F|
|
|
* tx_id must refer to existing transaction. After this
|
|
* request the tx_id is no longer valid and may be reused by
|
|
* xenstore. If F, the transaction is discarded. If T,
|
|
* it is committed: if there were any other intervening writes
|
|
* then our END gets get EAGAIN.
|
|
*
|
|
* The plan is that in the future only intervening `conflicting'
|
|
* writes cause EAGAIN, meaning only writes or other commits
|
|
* which changed paths which were read or written in the
|
|
* transaction at hand.
|
|
*
|
|
*/
|
|
|
|
static void xs_read(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data, unsigned int len)
|
|
{
|
|
const char *path = (const char *)req_data;
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
uint8_t *rsp_data = (uint8_t *)&rsp[1];
|
|
g_autoptr(GByteArray) data = g_byte_array_new();
|
|
int err;
|
|
|
|
if (len == 0 || req_data[len - 1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_read(tx_id, path);
|
|
err = xs_impl_read(s->impl, xen_domid, tx_id, path, data);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
rsp->type = XS_READ;
|
|
rsp->req_id = req_id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = 0;
|
|
|
|
len = data->len;
|
|
if (len > XENSTORE_PAYLOAD_MAX) {
|
|
xs_error(s, req_id, tx_id, E2BIG);
|
|
return;
|
|
}
|
|
|
|
memcpy(&rsp_data[rsp->len], data->data, len);
|
|
rsp->len += len;
|
|
}
|
|
|
|
static void xs_write(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
g_autoptr(GByteArray) data = g_byte_array_new();
|
|
const char *path;
|
|
int err;
|
|
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
path = (const char *)req_data;
|
|
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
g_byte_array_append(data, req_data, len);
|
|
|
|
trace_xenstore_write(tx_id, path);
|
|
err = xs_impl_write(s->impl, xen_domid, tx_id, path, data);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_WRITE, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_mkdir(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
g_autoptr(GByteArray) data = g_byte_array_new();
|
|
const char *path;
|
|
int err;
|
|
|
|
if (len == 0 || req_data[len - 1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
path = (const char *)req_data;
|
|
|
|
trace_xenstore_mkdir(tx_id, path);
|
|
err = xs_impl_read(s->impl, xen_domid, tx_id, path, data);
|
|
if (err == ENOENT) {
|
|
err = xs_impl_write(s->impl, xen_domid, tx_id, path, data);
|
|
}
|
|
|
|
if (!err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_MKDIR, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_append_strings(XenXenstoreState *s, struct xsd_sockmsg *rsp,
|
|
GList *strings, unsigned int start, bool truncate)
|
|
{
|
|
uint8_t *rsp_data = (uint8_t *)&rsp[1];
|
|
GList *l;
|
|
|
|
for (l = strings; l; l = l->next) {
|
|
size_t len = strlen(l->data) + 1; /* Including the NUL termination */
|
|
char *str = l->data;
|
|
|
|
if (rsp->len + len > XENSTORE_PAYLOAD_MAX) {
|
|
if (truncate) {
|
|
len = XENSTORE_PAYLOAD_MAX - rsp->len;
|
|
if (!len) {
|
|
return;
|
|
}
|
|
} else {
|
|
xs_error(s, rsp->req_id, rsp->tx_id, E2BIG);
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (start) {
|
|
if (start >= len) {
|
|
start -= len;
|
|
continue;
|
|
}
|
|
|
|
str += start;
|
|
len -= start;
|
|
start = 0;
|
|
}
|
|
|
|
memcpy(&rsp_data[rsp->len], str, len);
|
|
rsp->len += len;
|
|
}
|
|
/* XS_DIRECTORY_PART wants an extra NUL to indicate the end */
|
|
if (truncate && rsp->len < XENSTORE_PAYLOAD_MAX) {
|
|
rsp_data[rsp->len++] = '\0';
|
|
}
|
|
}
|
|
|
|
static void xs_directory(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
GList *items = NULL;
|
|
const char *path;
|
|
int err;
|
|
|
|
if (len == 0 || req_data[len - 1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
path = (const char *)req_data;
|
|
|
|
trace_xenstore_directory(tx_id, path);
|
|
err = xs_impl_directory(s->impl, xen_domid, tx_id, path, NULL, &items);
|
|
if (err != 0) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
rsp->type = XS_DIRECTORY;
|
|
rsp->req_id = req_id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = 0;
|
|
|
|
xs_append_strings(s, rsp, items, 0, false);
|
|
|
|
g_list_free_full(items, g_free);
|
|
}
|
|
|
|
static void xs_directory_part(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
const char *offset_str, *path = (const char *)req_data;
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
char *rsp_data = (char *)&rsp[1];
|
|
uint64_t gencnt = 0;
|
|
unsigned int offset;
|
|
GList *items = NULL;
|
|
int err;
|
|
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
offset_str = (const char *)req_data;
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (len) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
if (qemu_strtoui(offset_str, NULL, 10, &offset) < 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_directory_part(tx_id, path, offset);
|
|
err = xs_impl_directory(s->impl, xen_domid, tx_id, path, &gencnt, &items);
|
|
if (err != 0) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
rsp->type = XS_DIRECTORY_PART;
|
|
rsp->req_id = req_id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = snprintf(rsp_data, XENSTORE_PAYLOAD_MAX, "%" PRIu64, gencnt) + 1;
|
|
|
|
xs_append_strings(s, rsp, items, offset, true);
|
|
|
|
g_list_free_full(items, g_free);
|
|
}
|
|
|
|
static void xs_transaction_start(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
char *rsp_data = (char *)&rsp[1];
|
|
int err;
|
|
|
|
if (len != 1 || req_data[0] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
rsp->type = XS_TRANSACTION_START;
|
|
rsp->req_id = req_id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = 0;
|
|
|
|
err = xs_impl_transaction_start(s->impl, xen_domid, &tx_id);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_transaction_start(tx_id);
|
|
|
|
rsp->len = snprintf(rsp_data, XENSTORE_PAYLOAD_MAX, "%u", tx_id);
|
|
assert(rsp->len < XENSTORE_PAYLOAD_MAX);
|
|
rsp->len++;
|
|
}
|
|
|
|
static void xs_transaction_end(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
bool commit;
|
|
int err;
|
|
|
|
if (len != 2 || req_data[1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
switch (req_data[0]) {
|
|
case 'T':
|
|
commit = true;
|
|
break;
|
|
case 'F':
|
|
commit = false;
|
|
break;
|
|
default:
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_transaction_end(tx_id, commit);
|
|
err = xs_impl_transaction_end(s->impl, xen_domid, tx_id, commit);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_TRANSACTION_END, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_rm(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data, unsigned int len)
|
|
{
|
|
const char *path = (const char *)req_data;
|
|
int err;
|
|
|
|
if (len == 0 || req_data[len - 1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_rm(tx_id, path);
|
|
err = xs_impl_rm(s->impl, xen_domid, tx_id, path);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_RM, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_get_perms(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
const char *path = (const char *)req_data;
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
GList *perms = NULL;
|
|
int err;
|
|
|
|
if (len == 0 || req_data[len - 1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_get_perms(tx_id, path);
|
|
err = xs_impl_get_perms(s->impl, xen_domid, tx_id, path, &perms);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
rsp->type = XS_GET_PERMS;
|
|
rsp->req_id = req_id;
|
|
rsp->tx_id = tx_id;
|
|
rsp->len = 0;
|
|
|
|
xs_append_strings(s, rsp, perms, 0, false);
|
|
|
|
g_list_free_full(perms, g_free);
|
|
}
|
|
|
|
static void xs_set_perms(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
const char *path = (const char *)req_data;
|
|
uint8_t *perm;
|
|
GList *perms = NULL;
|
|
int err;
|
|
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
perm = req_data;
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
perms = g_list_append(perms, perm);
|
|
perm = req_data;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Note that there may be trailing garbage at the end of the buffer.
|
|
* This is explicitly permitted by the '?' at the end of the definition:
|
|
*
|
|
* SET_PERMS <path>|<perm-as-string>|+?
|
|
*/
|
|
|
|
trace_xenstore_set_perms(tx_id, path);
|
|
err = xs_impl_set_perms(s->impl, xen_domid, tx_id, path, perms);
|
|
g_list_free(perms);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_SET_PERMS, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_watch(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
const char *token, *path = (const char *)req_data;
|
|
int err;
|
|
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
token = (const char *)req_data;
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Note that there may be trailing garbage at the end of the buffer.
|
|
* This is explicitly permitted by the '?' at the end of the definition:
|
|
*
|
|
* WATCH <wpath>|<token>|?
|
|
*/
|
|
|
|
trace_xenstore_watch(path, token);
|
|
err = xs_impl_watch(s->impl, xen_domid, path, token, fire_watch_cb, s);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_WATCH, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_unwatch(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
const char *token, *path = (const char *)req_data;
|
|
int err;
|
|
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
token = (const char *)req_data;
|
|
while (len--) {
|
|
if (*req_data++ == '\0') {
|
|
break;
|
|
}
|
|
if (len == 0) {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
trace_xenstore_unwatch(path, token);
|
|
err = xs_impl_unwatch(s->impl, xen_domid, path, token, fire_watch_cb, s);
|
|
if (err) {
|
|
xs_error(s, req_id, tx_id, err);
|
|
return;
|
|
}
|
|
|
|
xs_ok(s, XS_UNWATCH, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_reset_watches(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *req_data,
|
|
unsigned int len)
|
|
{
|
|
if (len == 0 || req_data[len - 1] != '\0') {
|
|
xs_error(s, req_id, tx_id, EINVAL);
|
|
return;
|
|
}
|
|
|
|
trace_xenstore_reset_watches();
|
|
xs_impl_reset_watches(s->impl, xen_domid);
|
|
|
|
xs_ok(s, XS_RESET_WATCHES, req_id, tx_id);
|
|
}
|
|
|
|
static void xs_priv(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *data,
|
|
unsigned int len)
|
|
{
|
|
xs_error(s, req_id, tx_id, EACCES);
|
|
}
|
|
|
|
static void xs_unimpl(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *data,
|
|
unsigned int len)
|
|
{
|
|
xs_error(s, req_id, tx_id, ENOSYS);
|
|
}
|
|
|
|
typedef void (*xs_impl)(XenXenstoreState *s, unsigned int req_id,
|
|
xs_transaction_t tx_id, uint8_t *data,
|
|
unsigned int len);
|
|
|
|
struct xsd_req {
|
|
const char *name;
|
|
xs_impl fn;
|
|
};
|
|
#define XSD_REQ(_type, _fn) \
|
|
[_type] = { .name = #_type, .fn = _fn }
|
|
|
|
struct xsd_req xsd_reqs[] = {
|
|
XSD_REQ(XS_READ, xs_read),
|
|
XSD_REQ(XS_WRITE, xs_write),
|
|
XSD_REQ(XS_MKDIR, xs_mkdir),
|
|
XSD_REQ(XS_DIRECTORY, xs_directory),
|
|
XSD_REQ(XS_DIRECTORY_PART, xs_directory_part),
|
|
XSD_REQ(XS_TRANSACTION_START, xs_transaction_start),
|
|
XSD_REQ(XS_TRANSACTION_END, xs_transaction_end),
|
|
XSD_REQ(XS_RM, xs_rm),
|
|
XSD_REQ(XS_GET_PERMS, xs_get_perms),
|
|
XSD_REQ(XS_SET_PERMS, xs_set_perms),
|
|
XSD_REQ(XS_WATCH, xs_watch),
|
|
XSD_REQ(XS_UNWATCH, xs_unwatch),
|
|
XSD_REQ(XS_CONTROL, xs_priv),
|
|
XSD_REQ(XS_INTRODUCE, xs_priv),
|
|
XSD_REQ(XS_RELEASE, xs_priv),
|
|
XSD_REQ(XS_IS_DOMAIN_INTRODUCED, xs_priv),
|
|
XSD_REQ(XS_RESUME, xs_priv),
|
|
XSD_REQ(XS_SET_TARGET, xs_priv),
|
|
XSD_REQ(XS_RESET_WATCHES, xs_reset_watches),
|
|
};
|
|
|
|
static void process_req(XenXenstoreState *s)
|
|
{
|
|
struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data;
|
|
xs_impl handler = NULL;
|
|
|
|
assert(req_pending(s));
|
|
assert(!s->rsp_pending);
|
|
|
|
if (req->type < ARRAY_SIZE(xsd_reqs)) {
|
|
handler = xsd_reqs[req->type].fn;
|
|
}
|
|
if (!handler) {
|
|
handler = &xs_unimpl;
|
|
}
|
|
|
|
handler(s, req->req_id, req->tx_id, (uint8_t *)&req[1], req->len);
|
|
|
|
s->rsp_pending = true;
|
|
reset_req(s);
|
|
}
|
|
|
|
static unsigned int copy_from_ring(XenXenstoreState *s, uint8_t *ptr,
|
|
unsigned int len)
|
|
{
|
|
if (!len) {
|
|
return 0;
|
|
}
|
|
|
|
XENSTORE_RING_IDX prod = qatomic_read(&s->xs->req_prod);
|
|
XENSTORE_RING_IDX cons = qatomic_read(&s->xs->req_cons);
|
|
unsigned int copied = 0;
|
|
|
|
/* Ensure the ring contents don't cross the req_prod access. */
|
|
smp_rmb();
|
|
|
|
while (len) {
|
|
unsigned int avail = prod - cons;
|
|
unsigned int offset = MASK_XENSTORE_IDX(cons);
|
|
unsigned int copylen = avail;
|
|
|
|
if (avail > XENSTORE_RING_SIZE) {
|
|
error_report("XenStore ring handling error");
|
|
s->fatal_error = true;
|
|
break;
|
|
} else if (avail == 0) {
|
|
break;
|
|
}
|
|
|
|
if (copylen > len) {
|
|
copylen = len;
|
|
}
|
|
if (copylen > XENSTORE_RING_SIZE - offset) {
|
|
copylen = XENSTORE_RING_SIZE - offset;
|
|
}
|
|
|
|
memcpy(ptr, &s->xs->req[offset], copylen);
|
|
copied += copylen;
|
|
|
|
ptr += copylen;
|
|
len -= copylen;
|
|
|
|
cons += copylen;
|
|
}
|
|
|
|
/*
|
|
* Not sure this ever mattered except on Alpha, but this barrier
|
|
* is to ensure that the update to req_cons is globally visible
|
|
* only after we have consumed all the data from the ring, and we
|
|
* don't end up seeing data written to the ring *after* the other
|
|
* end sees the update and writes more to the ring. Xen's own
|
|
* xenstored has the same barrier here (although with no comment
|
|
* at all, obviously, because it's Xen code).
|
|
*/
|
|
smp_mb();
|
|
|
|
qatomic_set(&s->xs->req_cons, cons);
|
|
|
|
return copied;
|
|
}
|
|
|
|
static unsigned int copy_to_ring(XenXenstoreState *s, uint8_t *ptr,
|
|
unsigned int len)
|
|
{
|
|
if (!len) {
|
|
return 0;
|
|
}
|
|
|
|
XENSTORE_RING_IDX cons = qatomic_read(&s->xs->rsp_cons);
|
|
XENSTORE_RING_IDX prod = qatomic_read(&s->xs->rsp_prod);
|
|
unsigned int copied = 0;
|
|
|
|
/*
|
|
* This matches the barrier in copy_to_ring() (or the guest's
|
|
* equivalent) betweem writing the data to the ring and updating
|
|
* rsp_prod. It protects against the pathological case (which
|
|
* again I think never happened except on Alpha) where our
|
|
* subsequent writes to the ring could *cross* the read of
|
|
* rsp_cons and the guest could see the new data when it was
|
|
* intending to read the old.
|
|
*/
|
|
smp_mb();
|
|
|
|
while (len) {
|
|
unsigned int avail = cons + XENSTORE_RING_SIZE - prod;
|
|
unsigned int offset = MASK_XENSTORE_IDX(prod);
|
|
unsigned int copylen = len;
|
|
|
|
if (avail > XENSTORE_RING_SIZE) {
|
|
error_report("XenStore ring handling error");
|
|
s->fatal_error = true;
|
|
break;
|
|
} else if (avail == 0) {
|
|
break;
|
|
}
|
|
|
|
if (copylen > avail) {
|
|
copylen = avail;
|
|
}
|
|
if (copylen > XENSTORE_RING_SIZE - offset) {
|
|
copylen = XENSTORE_RING_SIZE - offset;
|
|
}
|
|
|
|
|
|
memcpy(&s->xs->rsp[offset], ptr, copylen);
|
|
copied += copylen;
|
|
|
|
ptr += copylen;
|
|
len -= copylen;
|
|
|
|
prod += copylen;
|
|
}
|
|
|
|
/* Ensure the ring contents are seen before rsp_prod update. */
|
|
smp_wmb();
|
|
|
|
qatomic_set(&s->xs->rsp_prod, prod);
|
|
|
|
return copied;
|
|
}
|
|
|
|
static unsigned int get_req(XenXenstoreState *s)
|
|
{
|
|
unsigned int copied = 0;
|
|
|
|
if (s->fatal_error) {
|
|
return 0;
|
|
}
|
|
|
|
assert(!req_pending(s));
|
|
|
|
if (s->req_offset < XENSTORE_HEADER_SIZE) {
|
|
void *ptr = s->req_data + s->req_offset;
|
|
unsigned int len = XENSTORE_HEADER_SIZE;
|
|
unsigned int copylen = copy_from_ring(s, ptr, len);
|
|
|
|
copied += copylen;
|
|
s->req_offset += copylen;
|
|
}
|
|
|
|
if (s->req_offset >= XENSTORE_HEADER_SIZE) {
|
|
struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data;
|
|
|
|
if (req->len > (uint32_t)XENSTORE_PAYLOAD_MAX) {
|
|
error_report("Illegal XenStore request");
|
|
s->fatal_error = true;
|
|
return 0;
|
|
}
|
|
|
|
void *ptr = s->req_data + s->req_offset;
|
|
unsigned int len = XENSTORE_HEADER_SIZE + req->len - s->req_offset;
|
|
unsigned int copylen = copy_from_ring(s, ptr, len);
|
|
|
|
copied += copylen;
|
|
s->req_offset += copylen;
|
|
}
|
|
|
|
return copied;
|
|
}
|
|
|
|
static unsigned int put_rsp(XenXenstoreState *s)
|
|
{
|
|
if (s->fatal_error) {
|
|
return 0;
|
|
}
|
|
|
|
assert(s->rsp_pending);
|
|
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
assert(s->rsp_offset < XENSTORE_HEADER_SIZE + rsp->len);
|
|
|
|
void *ptr = s->rsp_data + s->rsp_offset;
|
|
unsigned int len = XENSTORE_HEADER_SIZE + rsp->len - s->rsp_offset;
|
|
unsigned int copylen = copy_to_ring(s, ptr, len);
|
|
|
|
s->rsp_offset += copylen;
|
|
|
|
/* Have we produced a complete response? */
|
|
if (s->rsp_offset == XENSTORE_HEADER_SIZE + rsp->len) {
|
|
reset_rsp(s);
|
|
}
|
|
|
|
return copylen;
|
|
}
|
|
|
|
static void deliver_watch(XenXenstoreState *s, const char *path,
|
|
const char *token)
|
|
{
|
|
struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data;
|
|
uint8_t *rsp_data = (uint8_t *)&rsp[1];
|
|
unsigned int len;
|
|
|
|
assert(!s->rsp_pending);
|
|
|
|
trace_xenstore_watch_event(path, token);
|
|
|
|
rsp->type = XS_WATCH_EVENT;
|
|
rsp->req_id = 0;
|
|
rsp->tx_id = 0;
|
|
rsp->len = 0;
|
|
|
|
len = strlen(path);
|
|
|
|
/* XENSTORE_ABS/REL_PATH_MAX should ensure there can be no overflow */
|
|
assert(rsp->len + len < XENSTORE_PAYLOAD_MAX);
|
|
|
|
memcpy(&rsp_data[rsp->len], path, len);
|
|
rsp->len += len;
|
|
rsp_data[rsp->len] = '\0';
|
|
rsp->len++;
|
|
|
|
len = strlen(token);
|
|
/*
|
|
* It is possible for the guest to have chosen a token that will
|
|
* not fit (along with the patch) into a watch event. We have no
|
|
* choice but to drop the event if this is the case.
|
|
*/
|
|
if (rsp->len + len >= XENSTORE_PAYLOAD_MAX) {
|
|
return;
|
|
}
|
|
|
|
memcpy(&rsp_data[rsp->len], token, len);
|
|
rsp->len += len;
|
|
rsp_data[rsp->len] = '\0';
|
|
rsp->len++;
|
|
|
|
s->rsp_pending = true;
|
|
}
|
|
|
|
struct watch_event {
|
|
char *path;
|
|
char *token;
|
|
};
|
|
|
|
static void free_watch_event(struct watch_event *ev)
|
|
{
|
|
if (ev) {
|
|
g_free(ev->path);
|
|
g_free(ev->token);
|
|
g_free(ev);
|
|
}
|
|
}
|
|
|
|
static void queue_watch(XenXenstoreState *s, const char *path,
|
|
const char *token)
|
|
{
|
|
struct watch_event *ev = g_new0(struct watch_event, 1);
|
|
|
|
ev->path = g_strdup(path);
|
|
ev->token = g_strdup(token);
|
|
|
|
s->watch_events = g_list_append(s->watch_events, ev);
|
|
}
|
|
|
|
static void fire_watch_cb(void *opaque, const char *path, const char *token)
|
|
{
|
|
XenXenstoreState *s = opaque;
|
|
|
|
assert(qemu_mutex_iothread_locked());
|
|
|
|
/*
|
|
* If there's a response pending, we obviously can't scribble over
|
|
* it. But if there's a request pending, it has dibs on the buffer
|
|
* too.
|
|
*
|
|
* In the common case of a watch firing due to backend activity
|
|
* when the ring was otherwise idle, we should be able to copy the
|
|
* strings directly into the rsp_data and thence the actual ring,
|
|
* without needing to perform any allocations and queue them.
|
|
*/
|
|
if (s->rsp_pending || req_pending(s)) {
|
|
queue_watch(s, path, token);
|
|
} else {
|
|
deliver_watch(s, path, token);
|
|
/*
|
|
* If the message was queued because there was already ring activity,
|
|
* no need to wake the guest. But if not, we need to send the evtchn.
|
|
*/
|
|
xen_be_evtchn_notify(s->eh, s->be_port);
|
|
}
|
|
}
|
|
|
|
static void process_watch_events(XenXenstoreState *s)
|
|
{
|
|
struct watch_event *ev = s->watch_events->data;
|
|
|
|
deliver_watch(s, ev->path, ev->token);
|
|
|
|
s->watch_events = g_list_remove(s->watch_events, ev);
|
|
free_watch_event(ev);
|
|
}
|
|
|
|
static void xen_xenstore_event(void *opaque)
|
|
{
|
|
XenXenstoreState *s = opaque;
|
|
evtchn_port_t port = xen_be_evtchn_pending(s->eh);
|
|
unsigned int copied_to, copied_from;
|
|
bool processed, notify = false;
|
|
|
|
if (port != s->be_port) {
|
|
return;
|
|
}
|
|
|
|
/* We know this is a no-op. */
|
|
xen_be_evtchn_unmask(s->eh, port);
|
|
|
|
do {
|
|
copied_to = copied_from = 0;
|
|
processed = false;
|
|
|
|
if (!s->rsp_pending && s->watch_events) {
|
|
process_watch_events(s);
|
|
}
|
|
|
|
if (s->rsp_pending) {
|
|
copied_to = put_rsp(s);
|
|
}
|
|
|
|
if (!req_pending(s)) {
|
|
copied_from = get_req(s);
|
|
}
|
|
|
|
if (req_pending(s) && !s->rsp_pending && !s->watch_events) {
|
|
process_req(s);
|
|
processed = true;
|
|
}
|
|
|
|
notify |= copied_to || copied_from;
|
|
} while (copied_to || copied_from || processed);
|
|
|
|
if (notify) {
|
|
xen_be_evtchn_notify(s->eh, s->be_port);
|
|
}
|
|
}
|
|
|
|
static void alloc_guest_port(XenXenstoreState *s)
|
|
{
|
|
struct evtchn_alloc_unbound alloc = {
|
|
.dom = DOMID_SELF,
|
|
.remote_dom = DOMID_QEMU,
|
|
};
|
|
|
|
if (!xen_evtchn_alloc_unbound_op(&alloc)) {
|
|
s->guest_port = alloc.port;
|
|
}
|
|
}
|
|
|
|
int xen_xenstore_reset(void)
|
|
{
|
|
XenXenstoreState *s = xen_xenstore_singleton;
|
|
int err;
|
|
|
|
if (!s) {
|
|
return -ENOTSUP;
|
|
}
|
|
|
|
s->req_offset = s->rsp_offset = 0;
|
|
s->rsp_pending = false;
|
|
|
|
if (!memory_region_is_mapped(&s->xenstore_page)) {
|
|
uint64_t gpa = XEN_SPECIAL_PFN(XENSTORE) << TARGET_PAGE_BITS;
|
|
xen_overlay_do_map_page(&s->xenstore_page, gpa);
|
|
}
|
|
|
|
alloc_guest_port(s);
|
|
|
|
/*
|
|
* As qemu/dom0, bind to the guest's port. For incoming migration, this
|
|
* will be unbound as the guest's evtchn table is overwritten. We then
|
|
* rebind to the correct guest port in xen_xenstore_post_load().
|
|
*/
|
|
err = xen_be_evtchn_bind_interdomain(s->eh, xen_domid, s->guest_port);
|
|
if (err < 0) {
|
|
return err;
|
|
}
|
|
s->be_port = err;
|
|
|
|
/*
|
|
* We don't actually access the guest's page through the grant, because
|
|
* this isn't real Xen, and we can just use the page we gave it in the
|
|
* first place. Map the grant anyway, mostly for cosmetic purposes so
|
|
* it *looks* like it's in use in the guest-visible grant table.
|
|
*/
|
|
s->gt = qemu_xen_gnttab_open();
|
|
uint32_t xs_gntref = GNTTAB_RESERVED_XENSTORE;
|
|
s->granted_xs = qemu_xen_gnttab_map_refs(s->gt, 1, xen_domid, &xs_gntref,
|
|
PROT_READ | PROT_WRITE);
|
|
|
|
return 0;
|
|
}
|
|
|
|
struct qemu_xs_handle {
|
|
XenstoreImplState *impl;
|
|
GList *watches;
|
|
QEMUBH *watch_bh;
|
|
};
|
|
|
|
struct qemu_xs_watch {
|
|
struct qemu_xs_handle *h;
|
|
char *path;
|
|
xs_watch_fn fn;
|
|
void *opaque;
|
|
GList *events;
|
|
};
|
|
|
|
static char *xs_be_get_domain_path(struct qemu_xs_handle *h, unsigned int domid)
|
|
{
|
|
return g_strdup_printf("/local/domain/%u", domid);
|
|
}
|
|
|
|
static char **xs_be_directory(struct qemu_xs_handle *h, xs_transaction_t t,
|
|
const char *path, unsigned int *num)
|
|
{
|
|
GList *items = NULL, *l;
|
|
unsigned int i = 0;
|
|
char **items_ret;
|
|
int err;
|
|
|
|
err = xs_impl_directory(h->impl, DOMID_QEMU, t, path, NULL, &items);
|
|
if (err) {
|
|
errno = err;
|
|
return NULL;
|
|
}
|
|
|
|
items_ret = g_new0(char *, g_list_length(items) + 1);
|
|
*num = 0;
|
|
for (l = items; l; l = l->next) {
|
|
items_ret[i++] = l->data;
|
|
(*num)++;
|
|
}
|
|
g_list_free(items);
|
|
return items_ret;
|
|
}
|
|
|
|
static void *xs_be_read(struct qemu_xs_handle *h, xs_transaction_t t,
|
|
const char *path, unsigned int *len)
|
|
{
|
|
GByteArray *data = g_byte_array_new();
|
|
bool free_segment = false;
|
|
int err;
|
|
|
|
err = xs_impl_read(h->impl, DOMID_QEMU, t, path, data);
|
|
if (err) {
|
|
free_segment = true;
|
|
errno = err;
|
|
} else {
|
|
if (len) {
|
|
*len = data->len;
|
|
}
|
|
/* The xen-bus-helper code expects to get NUL terminated string! */
|
|
g_byte_array_append(data, (void *)"", 1);
|
|
}
|
|
|
|
return g_byte_array_free(data, free_segment);
|
|
}
|
|
|
|
static bool xs_be_write(struct qemu_xs_handle *h, xs_transaction_t t,
|
|
const char *path, const void *data, unsigned int len)
|
|
{
|
|
GByteArray *gdata = g_byte_array_new();
|
|
int err;
|
|
|
|
g_byte_array_append(gdata, data, len);
|
|
err = xs_impl_write(h->impl, DOMID_QEMU, t, path, gdata);
|
|
g_byte_array_unref(gdata);
|
|
if (err) {
|
|
errno = err;
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static bool xs_be_create(struct qemu_xs_handle *h, xs_transaction_t t,
|
|
unsigned int owner, unsigned int domid,
|
|
unsigned int perms, const char *path)
|
|
{
|
|
g_autoptr(GByteArray) data = g_byte_array_new();
|
|
GList *perms_list = NULL;
|
|
int err;
|
|
|
|
/* mkdir does this */
|
|
err = xs_impl_read(h->impl, DOMID_QEMU, t, path, data);
|
|
if (err == ENOENT) {
|
|
err = xs_impl_write(h->impl, DOMID_QEMU, t, path, data);
|
|
}
|
|
if (err) {
|
|
errno = err;
|
|
return false;
|
|
}
|
|
|
|
perms_list = g_list_append(perms_list,
|
|
xs_perm_as_string(XS_PERM_NONE, owner));
|
|
perms_list = g_list_append(perms_list,
|
|
xs_perm_as_string(perms, domid));
|
|
|
|
err = xs_impl_set_perms(h->impl, DOMID_QEMU, t, path, perms_list);
|
|
g_list_free_full(perms_list, g_free);
|
|
if (err) {
|
|
errno = err;
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static bool xs_be_destroy(struct qemu_xs_handle *h, xs_transaction_t t,
|
|
const char *path)
|
|
{
|
|
int err = xs_impl_rm(h->impl, DOMID_QEMU, t, path);
|
|
if (err) {
|
|
errno = err;
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static void be_watch_bh(void *_h)
|
|
{
|
|
struct qemu_xs_handle *h = _h;
|
|
GList *l;
|
|
|
|
for (l = h->watches; l; l = l->next) {
|
|
struct qemu_xs_watch *w = l->data;
|
|
|
|
while (w->events) {
|
|
struct watch_event *ev = w->events->data;
|
|
|
|
w->fn(w->opaque, ev->path);
|
|
|
|
w->events = g_list_remove(w->events, ev);
|
|
free_watch_event(ev);
|
|
}
|
|
}
|
|
}
|
|
|
|
static void xs_be_watch_cb(void *opaque, const char *path, const char *token)
|
|
{
|
|
struct watch_event *ev = g_new0(struct watch_event, 1);
|
|
struct qemu_xs_watch *w = opaque;
|
|
|
|
/* We don't care about the token */
|
|
ev->path = g_strdup(path);
|
|
w->events = g_list_append(w->events, ev);
|
|
|
|
qemu_bh_schedule(w->h->watch_bh);
|
|
}
|
|
|
|
static struct qemu_xs_watch *xs_be_watch(struct qemu_xs_handle *h,
|
|
const char *path, xs_watch_fn fn,
|
|
void *opaque)
|
|
{
|
|
struct qemu_xs_watch *w = g_new0(struct qemu_xs_watch, 1);
|
|
int err;
|
|
|
|
w->h = h;
|
|
w->fn = fn;
|
|
w->opaque = opaque;
|
|
|
|
err = xs_impl_watch(h->impl, DOMID_QEMU, path, NULL, xs_be_watch_cb, w);
|
|
if (err) {
|
|
errno = err;
|
|
g_free(w);
|
|
return NULL;
|
|
}
|
|
|
|
w->path = g_strdup(path);
|
|
h->watches = g_list_append(h->watches, w);
|
|
return w;
|
|
}
|
|
|
|
static void xs_be_unwatch(struct qemu_xs_handle *h, struct qemu_xs_watch *w)
|
|
{
|
|
xs_impl_unwatch(h->impl, DOMID_QEMU, w->path, NULL, xs_be_watch_cb, w);
|
|
|
|
h->watches = g_list_remove(h->watches, w);
|
|
g_list_free_full(w->events, (GDestroyNotify)free_watch_event);
|
|
g_free(w->path);
|
|
g_free(w);
|
|
}
|
|
|
|
static xs_transaction_t xs_be_transaction_start(struct qemu_xs_handle *h)
|
|
{
|
|
unsigned int new_tx = XBT_NULL;
|
|
int err = xs_impl_transaction_start(h->impl, DOMID_QEMU, &new_tx);
|
|
if (err) {
|
|
errno = err;
|
|
return XBT_NULL;
|
|
}
|
|
return new_tx;
|
|
}
|
|
|
|
static bool xs_be_transaction_end(struct qemu_xs_handle *h, xs_transaction_t t,
|
|
bool abort)
|
|
{
|
|
int err = xs_impl_transaction_end(h->impl, DOMID_QEMU, t, !abort);
|
|
if (err) {
|
|
errno = err;
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static struct qemu_xs_handle *xs_be_open(void)
|
|
{
|
|
XenXenstoreState *s = xen_xenstore_singleton;
|
|
struct qemu_xs_handle *h;
|
|
|
|
if (!s || !s->impl) {
|
|
errno = -ENOSYS;
|
|
return NULL;
|
|
}
|
|
|
|
h = g_new0(struct qemu_xs_handle, 1);
|
|
h->impl = s->impl;
|
|
|
|
h->watch_bh = aio_bh_new(qemu_get_aio_context(), be_watch_bh, h);
|
|
|
|
return h;
|
|
}
|
|
|
|
static void xs_be_close(struct qemu_xs_handle *h)
|
|
{
|
|
while (h->watches) {
|
|
struct qemu_xs_watch *w = h->watches->data;
|
|
xs_be_unwatch(h, w);
|
|
}
|
|
|
|
qemu_bh_delete(h->watch_bh);
|
|
g_free(h);
|
|
}
|
|
|
|
static struct xenstore_backend_ops emu_xenstore_backend_ops = {
|
|
.open = xs_be_open,
|
|
.close = xs_be_close,
|
|
.get_domain_path = xs_be_get_domain_path,
|
|
.directory = xs_be_directory,
|
|
.read = xs_be_read,
|
|
.write = xs_be_write,
|
|
.create = xs_be_create,
|
|
.destroy = xs_be_destroy,
|
|
.watch = xs_be_watch,
|
|
.unwatch = xs_be_unwatch,
|
|
.transaction_start = xs_be_transaction_start,
|
|
.transaction_end = xs_be_transaction_end,
|
|
};
|