Author: sephe
Date: Thu Oct 13 04:32:55 2016
New Revision: 307177
URL: https://svnweb.freebsd.org/changeset/base/307177
Log:
MFC 304730
hyperv/ic: Redefine IC version negotiate message.
And stringent input IC version negotiate message checks.
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D7614
Added:
stable/10/sys/dev/hyperv/utilities/vmbus_icreg.h
- copied unchanged from r304730,
head/sys/dev/hyperv/utilities/vmbus_icreg.h
Modified:
stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c
stable/10/sys/dev/hyperv/utilities/hv_shutdown.c
stable/10/sys/dev/hyperv/utilities/hv_timesync.c
stable/10/sys/dev/hyperv/utilities/hv_util.c
stable/10/sys/dev/hyperv/utilities/hv_util.h
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c
==============================================================================
--- stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c Thu Oct 13 04:24:34
2016 (r307176)
+++ stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c Thu Oct 13 04:32:55
2016 (r307177)
@@ -80,7 +80,11 @@ hv_heartbeat_cb(struct vmbus_channel *ch
&buf[sizeof(struct hv_vmbus_pipe_hdr)];
if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) {
- hv_negotiate_version(icmsghdrp, buf);
+ int error;
+
+ error = vmbus_ic_negomsg(softc, buf, recvlen);
+ if (error)
+ return;
} else {
heartbeat_msg =
(struct hv_vmbus_heartbeat_msg_data *)
Modified: stable/10/sys/dev/hyperv/utilities/hv_shutdown.c
==============================================================================
--- stable/10/sys/dev/hyperv/utilities/hv_shutdown.c Thu Oct 13 04:24:34
2016 (r307176)
+++ stable/10/sys/dev/hyperv/utilities/hv_shutdown.c Thu Oct 13 04:32:55
2016 (r307177)
@@ -85,7 +85,11 @@ hv_shutdown_cb(struct vmbus_channel *cha
&buf[sizeof(struct hv_vmbus_pipe_hdr)];
if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) {
- hv_negotiate_version(icmsghdrp, buf);
+ int error;
+
+ error = vmbus_ic_negomsg(softc, buf, recv_len);
+ if (error)
+ return;
} else {
shutdown_msg =
(struct hv_vmbus_shutdown_msg_data *)
Modified: stable/10/sys/dev/hyperv/utilities/hv_timesync.c
==============================================================================
--- stable/10/sys/dev/hyperv/utilities/hv_timesync.c Thu Oct 13 04:24:34
2016 (r307176)
+++ stable/10/sys/dev/hyperv/utilities/hv_timesync.c Thu Oct 13 04:32:55
2016 (r307177)
@@ -160,7 +160,11 @@ hv_timesync_cb(struct vmbus_channel *cha
sizeof(struct hv_vmbus_pipe_hdr)];
if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) {
- hv_negotiate_version(icmsghdrp, time_buf);
+ int error;
+
+ error = vmbus_ic_negomsg(&softc->util_sc, time_buf, recvlen);
+ if (error)
+ return;
} else {
timedatap = (struct hv_ictimesync_data *) &time_buf[
sizeof(struct hv_vmbus_pipe_hdr) +
Modified: stable/10/sys/dev/hyperv/utilities/hv_util.c
==============================================================================
--- stable/10/sys/dev/hyperv/utilities/hv_util.c Thu Oct 13 04:24:34
2016 (r307176)
+++ stable/10/sys/dev/hyperv/utilities/hv_util.c Thu Oct 13 04:32:55
2016 (r307177)
@@ -36,44 +36,62 @@
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/reboot.h>
+#include <sys/systm.h>
#include <sys/timetc.h>
-#include <sys/syscallsubr.h>
#include <dev/hyperv/include/hyperv.h>
#include <dev/hyperv/include/vmbus.h>
-#include <dev/hyperv/utilities/hv_utilreg.h>
#include <dev/hyperv/utilities/hv_util.h>
+#include <dev/hyperv/utilities/vmbus_icreg.h>
#include "vmbus_if.h"
#define VMBUS_IC_BRSIZE (4 * PAGE_SIZE)
-void
-hv_negotiate_version(struct hv_vmbus_icmsg_hdr *icmsghdrp, uint8_t *buf)
+CTASSERT(sizeof(struct vmbus_icmsg_negotiate) < VMBUS_IC_BRSIZE);
+
+int
+vmbus_ic_negomsg(struct hv_util_sc *sc, void *data, int dlen)
{
- struct hv_vmbus_icmsg_negotiate *negop;
+ struct vmbus_icmsg_negotiate *nego;
+ int cnt, major;
- icmsghdrp->icmsgsize = 0x10;
+ /*
+ * Preliminary message size verification
+ */
+ if (dlen < sizeof(*nego)) {
+ device_printf(sc->ic_dev, "truncated ic negotiate, len %d\n",
+ dlen);
+ return EINVAL;
+ }
+ nego = data;
- negop = (struct hv_vmbus_icmsg_negotiate *)&buf[
- sizeof(struct hv_vmbus_pipe_hdr) +
- sizeof(struct hv_vmbus_icmsg_hdr)];
-
- if (negop->icframe_vercnt >= 2 &&
- negop->icversion_data[1].major == 3) {
- negop->icversion_data[0].major = 3;
- negop->icversion_data[0].minor = 0;
- negop->icversion_data[1].major = 3;
- negop->icversion_data[1].minor = 0;
- } else {
- negop->icversion_data[0].major = 1;
- negop->icversion_data[0].minor = 0;
- negop->icversion_data[1].major = 1;
- negop->icversion_data[1].minor = 0;
+ cnt = nego->ic_fwver_cnt + nego->ic_msgver_cnt;
+ if (dlen < __offsetof(struct vmbus_icmsg_negotiate, ic_ver[cnt])) {
+ device_printf(sc->ic_dev, "ic negotiate does not contain "
+ "versions %d\n", dlen);
+ return EINVAL;
}
- negop->icframe_vercnt = 1;
- negop->icmsg_vercnt = 1;
+ /* Select major version; XXX looks wrong. */
+ if (nego->ic_fwver_cnt >= 2 && VMBUS_ICVER_MAJOR(nego->ic_ver[1]) == 3)
+ major = 3;
+ else
+ major = 1;
+
+ /* One framework version */
+ nego->ic_fwver_cnt = 1;
+ nego->ic_ver[0] = VMBUS_IC_VERSION(major, 0);
+
+ /* One message version */
+ nego->ic_msgver_cnt = 1;
+ nego->ic_ver[1] = VMBUS_IC_VERSION(major, 0);
+
+ /* Data contains two versions */
+ nego->ic_hdr.ic_dsize = __offsetof(struct vmbus_icmsg_negotiate,
+ ic_ver[2]) - sizeof(struct vmbus_icmsg_hdr);
+
+ return 0;
}
int
@@ -101,6 +119,7 @@ hv_util_attach(device_t dev, vmbus_chan_
struct vmbus_channel *chan = vmbus_get_channel(dev);
int error;
+ sc->ic_dev = dev;
sc->ic_buflen = VMBUS_IC_BRSIZE;
sc->receive_buffer = malloc(VMBUS_IC_BRSIZE, M_DEVBUF,
M_WAITOK | M_ZERO);
Modified: stable/10/sys/dev/hyperv/utilities/hv_util.h
==============================================================================
--- stable/10/sys/dev/hyperv/utilities/hv_util.h Thu Oct 13 04:24:34
2016 (r307176)
+++ stable/10/sys/dev/hyperv/utilities/hv_util.h Thu Oct 13 04:32:55
2016 (r307177)
@@ -39,6 +39,7 @@
*
*/
typedef struct hv_util_sc {
+ device_t ic_dev;
uint8_t *receive_buffer;
int ic_buflen;
} hv_util_sc;
@@ -50,10 +51,9 @@ struct vmbus_ic_desc {
#define VMBUS_IC_DESC_END { .ic_desc = NULL }
-void hv_negotiate_version(struct hv_vmbus_icmsg_hdr *icmsghdrp, uint8_t *buf);
-
int hv_util_attach(device_t dev, vmbus_chan_callback_t cb);
int hv_util_detach(device_t dev);
int vmbus_ic_probe(device_t dev, const struct vmbus_ic_desc
descs[]);
+int vmbus_ic_negomsg(struct hv_util_sc *, void *data, int dlen);
#endif
Copied: stable/10/sys/dev/hyperv/utilities/vmbus_icreg.h (from r304730,
head/sys/dev/hyperv/utilities/vmbus_icreg.h)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/10/sys/dev/hyperv/utilities/vmbus_icreg.h Thu Oct 13 04:32:55
2016 (r307177, copy of r304730,
head/sys/dev/hyperv/utilities/vmbus_icreg.h)
@@ -0,0 +1,84 @@
+/*-
+ * Copyright (c) 2016 Microsoft Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice unmodified, this list of conditions, and the following
+ * disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _VMBUS_ICREG_H_
+#define _VMBUS_ICREG_H_
+
+#define VMBUS_ICMSG_TYPE_NEGOTIATE 0
+#define VMBUS_ICMSG_TYPE_HEARTBEAT 1
+#define VMBUS_ICMSG_TYPE_KVP 2
+#define VMBUS_ICMSG_TYPE_SHUTDOWN 3
+#define VMBUS_ICMSG_TYPE_TIMESYNC 4
+#define VMBUS_ICMSG_TYPE_VSS 5
+
+#define VMBUS_ICMSG_STATUS_OK 0x00000000
+#define VMBUS_ICMSG_STATUS_FAIL 0x80004005
+
+#define VMBUS_IC_VERSION(major, minor) ((major) | (((uint32_t)(minor)) << 16))
+#define VMBUS_ICVER_MAJOR(ver) ((ver) & 0xffff)
+#define VMBUS_ICVER_MINOR(ver) (((ver) & 0xffff0000) >> 16)
+
+struct vmbus_pipe_hdr {
+ uint32_t ph_flags;
+ uint32_t ph_msgsz;
+} __packed;
+
+struct vmbus_icmsg_hdr {
+ struct vmbus_pipe_hdr ic_pipe;
+ uint32_t ic_fwver; /* framework version */
+ uint16_t ic_type;
+ uint32_t ic_msgver; /* message version */
+ uint16_t ic_dsize; /* data size */
+ uint32_t ic_status; /* VMBUS_ICMSG_STATUS_ */
+ uint8_t ic_xactid;
+ uint8_t ic_flags; /* VMBUS_ICMSG_FLAG_ */
+ uint8_t ic_rsvd[2];
+} __packed;
+
+#define VMBUS_ICMSG_FLAG_XACT 0x0001
+#define VMBUS_ICMSG_FLAG_REQ 0x0002
+#define VMBUS_ICMSG_FLAG_RESP 0x0004
+
+/* VMBUS_ICMSG_TYPE_NEGOTIATE */
+struct vmbus_icmsg_negotiate {
+ struct vmbus_icmsg_hdr ic_hdr;
+ uint16_t ic_fwver_cnt;
+ uint16_t ic_msgver_cnt;
+ uint32_t ic_rsvd;
+ /*
+ * This version array contains two set of supported
+ * versions:
+ * - The first set consists of #ic_fwver_cnt supported framework
+ * versions.
+ * - The second set consists of #ic_msgver_cnt supported message
+ * versions.
+ */
+ uint32_t ic_ver[];
+} __packed;
+
+#endif /* !_VMBUS_ICREG_H_ */
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
