From owner-svn-src-stable@freebsd.org Thu Oct 13 04:32:57 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 526ADC0F907; Thu, 13 Oct 2016 04:32:57 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1008C126; Thu, 13 Oct 2016 04:32:56 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u9D4WuRJ050592; Thu, 13 Oct 2016 04:32:56 GMT (envelope-from sephe@FreeBSD.org) Received: (from sephe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u9D4WtqT050586; Thu, 13 Oct 2016 04:32:55 GMT (envelope-from sephe@FreeBSD.org) Message-Id: <201610130432.u9D4WtqT050586@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sephe set sender to sephe@FreeBSD.org using -f From: Sepherosa Ziehau Date: Thu, 13 Oct 2016 04:32:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r307177 - stable/10/sys/dev/hyperv/utilities X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2016 04:32:57 -0000 Author: sephe Date: Thu Oct 13 04:32:55 2016 New Revision: 307177 URL: https://svnweb.freebsd.org/changeset/base/307177 Log: MFC 304730 hyperv/ic: Redefine IC version negotiate message. And stringent input IC version negotiate message checks. Sponsored by: Microsoft Differential Revision: https://reviews.freebsd.org/D7614 Added: stable/10/sys/dev/hyperv/utilities/vmbus_icreg.h - copied unchanged from r304730, head/sys/dev/hyperv/utilities/vmbus_icreg.h Modified: stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c stable/10/sys/dev/hyperv/utilities/hv_shutdown.c stable/10/sys/dev/hyperv/utilities/hv_timesync.c stable/10/sys/dev/hyperv/utilities/hv_util.c stable/10/sys/dev/hyperv/utilities/hv_util.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c ============================================================================== --- stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c Thu Oct 13 04:24:34 2016 (r307176) +++ stable/10/sys/dev/hyperv/utilities/hv_heartbeat.c Thu Oct 13 04:32:55 2016 (r307177) @@ -80,7 +80,11 @@ hv_heartbeat_cb(struct vmbus_channel *ch &buf[sizeof(struct hv_vmbus_pipe_hdr)]; if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) { - hv_negotiate_version(icmsghdrp, buf); + int error; + + error = vmbus_ic_negomsg(softc, buf, recvlen); + if (error) + return; } else { heartbeat_msg = (struct hv_vmbus_heartbeat_msg_data *) Modified: stable/10/sys/dev/hyperv/utilities/hv_shutdown.c ============================================================================== --- stable/10/sys/dev/hyperv/utilities/hv_shutdown.c Thu Oct 13 04:24:34 2016 (r307176) +++ stable/10/sys/dev/hyperv/utilities/hv_shutdown.c Thu Oct 13 04:32:55 2016 (r307177) @@ -85,7 +85,11 @@ hv_shutdown_cb(struct vmbus_channel *cha &buf[sizeof(struct hv_vmbus_pipe_hdr)]; if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) { - hv_negotiate_version(icmsghdrp, buf); + int error; + + error = vmbus_ic_negomsg(softc, buf, recv_len); + if (error) + return; } else { shutdown_msg = (struct hv_vmbus_shutdown_msg_data *) Modified: stable/10/sys/dev/hyperv/utilities/hv_timesync.c ============================================================================== --- stable/10/sys/dev/hyperv/utilities/hv_timesync.c Thu Oct 13 04:24:34 2016 (r307176) +++ stable/10/sys/dev/hyperv/utilities/hv_timesync.c Thu Oct 13 04:32:55 2016 (r307177) @@ -160,7 +160,11 @@ hv_timesync_cb(struct vmbus_channel *cha sizeof(struct hv_vmbus_pipe_hdr)]; if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) { - hv_negotiate_version(icmsghdrp, time_buf); + int error; + + error = vmbus_ic_negomsg(&softc->util_sc, time_buf, recvlen); + if (error) + return; } else { timedatap = (struct hv_ictimesync_data *) &time_buf[ sizeof(struct hv_vmbus_pipe_hdr) + Modified: stable/10/sys/dev/hyperv/utilities/hv_util.c ============================================================================== --- stable/10/sys/dev/hyperv/utilities/hv_util.c Thu Oct 13 04:24:34 2016 (r307176) +++ stable/10/sys/dev/hyperv/utilities/hv_util.c Thu Oct 13 04:32:55 2016 (r307177) @@ -36,44 +36,62 @@ #include #include #include +#include #include -#include #include #include -#include #include +#include #include "vmbus_if.h" #define VMBUS_IC_BRSIZE (4 * PAGE_SIZE) -void -hv_negotiate_version(struct hv_vmbus_icmsg_hdr *icmsghdrp, uint8_t *buf) +CTASSERT(sizeof(struct vmbus_icmsg_negotiate) < VMBUS_IC_BRSIZE); + +int +vmbus_ic_negomsg(struct hv_util_sc *sc, void *data, int dlen) { - struct hv_vmbus_icmsg_negotiate *negop; + struct vmbus_icmsg_negotiate *nego; + int cnt, major; - icmsghdrp->icmsgsize = 0x10; + /* + * Preliminary message size verification + */ + if (dlen < sizeof(*nego)) { + device_printf(sc->ic_dev, "truncated ic negotiate, len %d\n", + dlen); + return EINVAL; + } + nego = data; - negop = (struct hv_vmbus_icmsg_negotiate *)&buf[ - sizeof(struct hv_vmbus_pipe_hdr) + - sizeof(struct hv_vmbus_icmsg_hdr)]; - - if (negop->icframe_vercnt >= 2 && - negop->icversion_data[1].major == 3) { - negop->icversion_data[0].major = 3; - negop->icversion_data[0].minor = 0; - negop->icversion_data[1].major = 3; - negop->icversion_data[1].minor = 0; - } else { - negop->icversion_data[0].major = 1; - negop->icversion_data[0].minor = 0; - negop->icversion_data[1].major = 1; - negop->icversion_data[1].minor = 0; + cnt = nego->ic_fwver_cnt + nego->ic_msgver_cnt; + if (dlen < __offsetof(struct vmbus_icmsg_negotiate, ic_ver[cnt])) { + device_printf(sc->ic_dev, "ic negotiate does not contain " + "versions %d\n", dlen); + return EINVAL; } - negop->icframe_vercnt = 1; - negop->icmsg_vercnt = 1; + /* Select major version; XXX looks wrong. */ + if (nego->ic_fwver_cnt >= 2 && VMBUS_ICVER_MAJOR(nego->ic_ver[1]) == 3) + major = 3; + else + major = 1; + + /* One framework version */ + nego->ic_fwver_cnt = 1; + nego->ic_ver[0] = VMBUS_IC_VERSION(major, 0); + + /* One message version */ + nego->ic_msgver_cnt = 1; + nego->ic_ver[1] = VMBUS_IC_VERSION(major, 0); + + /* Data contains two versions */ + nego->ic_hdr.ic_dsize = __offsetof(struct vmbus_icmsg_negotiate, + ic_ver[2]) - sizeof(struct vmbus_icmsg_hdr); + + return 0; } int @@ -101,6 +119,7 @@ hv_util_attach(device_t dev, vmbus_chan_ struct vmbus_channel *chan = vmbus_get_channel(dev); int error; + sc->ic_dev = dev; sc->ic_buflen = VMBUS_IC_BRSIZE; sc->receive_buffer = malloc(VMBUS_IC_BRSIZE, M_DEVBUF, M_WAITOK | M_ZERO); Modified: stable/10/sys/dev/hyperv/utilities/hv_util.h ============================================================================== --- stable/10/sys/dev/hyperv/utilities/hv_util.h Thu Oct 13 04:24:34 2016 (r307176) +++ stable/10/sys/dev/hyperv/utilities/hv_util.h Thu Oct 13 04:32:55 2016 (r307177) @@ -39,6 +39,7 @@ * */ typedef struct hv_util_sc { + device_t ic_dev; uint8_t *receive_buffer; int ic_buflen; } hv_util_sc; @@ -50,10 +51,9 @@ struct vmbus_ic_desc { #define VMBUS_IC_DESC_END { .ic_desc = NULL } -void hv_negotiate_version(struct hv_vmbus_icmsg_hdr *icmsghdrp, uint8_t *buf); - int hv_util_attach(device_t dev, vmbus_chan_callback_t cb); int hv_util_detach(device_t dev); int vmbus_ic_probe(device_t dev, const struct vmbus_ic_desc descs[]); +int vmbus_ic_negomsg(struct hv_util_sc *, void *data, int dlen); #endif Copied: stable/10/sys/dev/hyperv/utilities/vmbus_icreg.h (from r304730, head/sys/dev/hyperv/utilities/vmbus_icreg.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/sys/dev/hyperv/utilities/vmbus_icreg.h Thu Oct 13 04:32:55 2016 (r307177, copy of r304730, head/sys/dev/hyperv/utilities/vmbus_icreg.h) @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2016 Microsoft Corp. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice unmodified, this list of conditions, and the following + * disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _VMBUS_ICREG_H_ +#define _VMBUS_ICREG_H_ + +#define VMBUS_ICMSG_TYPE_NEGOTIATE 0 +#define VMBUS_ICMSG_TYPE_HEARTBEAT 1 +#define VMBUS_ICMSG_TYPE_KVP 2 +#define VMBUS_ICMSG_TYPE_SHUTDOWN 3 +#define VMBUS_ICMSG_TYPE_TIMESYNC 4 +#define VMBUS_ICMSG_TYPE_VSS 5 + +#define VMBUS_ICMSG_STATUS_OK 0x00000000 +#define VMBUS_ICMSG_STATUS_FAIL 0x80004005 + +#define VMBUS_IC_VERSION(major, minor) ((major) | (((uint32_t)(minor)) << 16)) +#define VMBUS_ICVER_MAJOR(ver) ((ver) & 0xffff) +#define VMBUS_ICVER_MINOR(ver) (((ver) & 0xffff0000) >> 16) + +struct vmbus_pipe_hdr { + uint32_t ph_flags; + uint32_t ph_msgsz; +} __packed; + +struct vmbus_icmsg_hdr { + struct vmbus_pipe_hdr ic_pipe; + uint32_t ic_fwver; /* framework version */ + uint16_t ic_type; + uint32_t ic_msgver; /* message version */ + uint16_t ic_dsize; /* data size */ + uint32_t ic_status; /* VMBUS_ICMSG_STATUS_ */ + uint8_t ic_xactid; + uint8_t ic_flags; /* VMBUS_ICMSG_FLAG_ */ + uint8_t ic_rsvd[2]; +} __packed; + +#define VMBUS_ICMSG_FLAG_XACT 0x0001 +#define VMBUS_ICMSG_FLAG_REQ 0x0002 +#define VMBUS_ICMSG_FLAG_RESP 0x0004 + +/* VMBUS_ICMSG_TYPE_NEGOTIATE */ +struct vmbus_icmsg_negotiate { + struct vmbus_icmsg_hdr ic_hdr; + uint16_t ic_fwver_cnt; + uint16_t ic_msgver_cnt; + uint32_t ic_rsvd; + /* + * This version array contains two set of supported + * versions: + * - The first set consists of #ic_fwver_cnt supported framework + * versions. + * - The second set consists of #ic_msgver_cnt supported message + * versions. + */ + uint32_t ic_ver[]; +} __packed; + +#endif /* !_VMBUS_ICREG_H_ */