debuggers.hg

view xen/common/multicall.c @ 22855:1d1eec7e1fb4

xl: Perform minimal validation of virtual disk file while parsing config file

This patch performs some very basic validation on the virtual disk
file passed through the config file. This validation ensures that we
don't go too far with the initialization like spawn qemu and more
while there could be some potentially fundamental issues.

[ Patch fixed up to work with PHYSTYPE_EMPTY 22808:6ec61438713a -iwj ]

Signed-off-by: Kamala Narasimhan <kamala.narasimhan@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
author Kamala Narasimhan <kamala.narasimhan@gmail.com>
date Tue Jan 25 18:09:49 2011 +0000 (2011-01-25)
parents 894d10d315c2
children
line source
1 /******************************************************************************
2 * multicall.c
3 */
5 #include <xen/config.h>
6 #include <xen/types.h>
7 #include <xen/lib.h>
8 #include <xen/mm.h>
9 #include <xen/sched.h>
10 #include <xen/event.h>
11 #include <xen/multicall.h>
12 #include <xen/guest_access.h>
13 #include <xen/perfc.h>
14 #include <asm/current.h>
15 #include <asm/hardirq.h>
17 #ifndef COMPAT
18 typedef long ret_t;
19 #define xlat_multicall_entry(mcs)
20 #endif
22 ret_t
23 do_multicall(
24 XEN_GUEST_HANDLE(multicall_entry_t) call_list, unsigned int nr_calls)
25 {
26 struct mc_state *mcs = &current->mc_state;
27 unsigned int i;
29 if ( unlikely(__test_and_set_bit(_MCSF_in_multicall, &mcs->flags)) )
30 {
31 gdprintk(XENLOG_INFO, "Multicall reentry is disallowed.\n");
32 return -EINVAL;
33 }
35 if ( unlikely(!guest_handle_okay(call_list, nr_calls)) )
36 goto fault;
38 for ( i = 0; i < nr_calls; i++ )
39 {
40 if ( hypercall_preempt_check() )
41 goto preempted;
43 if ( unlikely(__copy_from_guest(&mcs->call, call_list, 1)) )
44 goto fault;
46 do_multicall_call(&mcs->call);
48 #ifndef NDEBUG
49 {
50 /*
51 * Deliberately corrupt the contents of the multicall structure.
52 * The caller must depend only on the 'result' field on return.
53 */
54 struct multicall_entry corrupt;
55 memset(&corrupt, 0xAA, sizeof(corrupt));
56 (void)__copy_to_guest(call_list, &corrupt, 1);
57 }
58 #endif
60 if ( unlikely(__copy_field_to_guest(call_list, &mcs->call, result)) )
61 goto fault;
63 if ( test_bit(_MCSF_call_preempted, &mcs->flags) )
64 {
65 /* Translate sub-call continuation to guest layout */
66 xlat_multicall_entry(mcs);
68 /* Copy the sub-call continuation. */
69 (void)__copy_to_guest(call_list, &mcs->call, 1);
70 goto preempted;
71 }
73 guest_handle_add_offset(call_list, 1);
74 }
76 perfc_incr(calls_to_multicall);
77 perfc_add(calls_from_multicall, nr_calls);
78 mcs->flags = 0;
79 return 0;
81 fault:
82 perfc_incr(calls_to_multicall);
83 mcs->flags = 0;
84 return -EFAULT;
86 preempted:
87 perfc_add(calls_from_multicall, i);
88 mcs->flags = 0;
89 return hypercall_create_continuation(
90 __HYPERVISOR_multicall, "hi", call_list, nr_calls-i);
91 }
93 /*
94 * Local variables:
95 * mode: C
96 * c-set-style: "BSD"
97 * c-basic-offset: 4
98 * tab-width: 4
99 * indent-tabs-mode: nil
100 * End:
101 */