debuggers.hg

view tools/libxc/xc_hvm_build.c @ 21995:1d67dd785ef4

xc: fix segfault in pv domain create if kernel is an invalid image

If libelf calls elf_err() or elf_msg() before elf_set_log() has been
called then it could potentially read an uninitialised log handling
callback function pointer from struct elf_binary. Fix this in libxc by
zeroing the structure before calling elf_init().

Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
author Gianni Tedesco <gianni.tedesco@citrix.com>
date Mon Aug 09 17:43:18 2010 +0100 (2010-08-09)
parents 6b28b2dac7dd
children 6f059a340cdf
line source
1 /******************************************************************************
2 * xc_hvm_build.c
3 */
5 #include <stddef.h>
6 #include <inttypes.h>
7 #include <stdlib.h>
8 #include <unistd.h>
9 #include <zlib.h>
11 #include "xg_private.h"
12 #include "xc_private.h"
14 #include <xen/foreign/x86_32.h>
15 #include <xen/foreign/x86_64.h>
16 #include <xen/hvm/hvm_info_table.h>
17 #include <xen/hvm/params.h>
18 #include <xen/hvm/e820.h>
20 #include <xen/libelf/libelf.h>
22 #define SUPERPAGE_2MB_SHIFT 9
23 #define SUPERPAGE_2MB_NR_PFNS (1UL << SUPERPAGE_2MB_SHIFT)
24 #define SUPERPAGE_1GB_SHIFT 18
25 #define SUPERPAGE_1GB_NR_PFNS (1UL << SUPERPAGE_1GB_SHIFT)
27 #define SPECIALPAGE_BUFIOREQ 0
28 #define SPECIALPAGE_XENSTORE 1
29 #define SPECIALPAGE_IOREQ 2
30 #define SPECIALPAGE_IDENT_PT 3
31 #define SPECIALPAGE_CONSOLE 4
32 #define NR_SPECIAL_PAGES 5
33 #define special_pfn(x) (0xff000u - NR_SPECIAL_PAGES + (x))
35 static void build_hvm_info(void *hvm_info_page, uint64_t mem_size)
36 {
37 struct hvm_info_table *hvm_info = (struct hvm_info_table *)
38 (((unsigned char *)hvm_info_page) + HVM_INFO_OFFSET);
39 uint64_t lowmem_end = mem_size, highmem_end = 0;
40 uint8_t sum;
41 int i;
43 if ( lowmem_end > HVM_BELOW_4G_RAM_END )
44 {
45 highmem_end = lowmem_end + (1ull<<32) - HVM_BELOW_4G_RAM_END;
46 lowmem_end = HVM_BELOW_4G_RAM_END;
47 }
49 memset(hvm_info_page, 0, PAGE_SIZE);
51 /* Fill in the header. */
52 strncpy(hvm_info->signature, "HVM INFO", 8);
53 hvm_info->length = sizeof(struct hvm_info_table);
55 /* Sensible defaults: these can be overridden by the caller. */
56 hvm_info->acpi_enabled = 1;
57 hvm_info->apic_mode = 1;
58 hvm_info->nr_vcpus = 1;
60 /* Memory parameters. */
61 hvm_info->low_mem_pgend = lowmem_end >> PAGE_SHIFT;
62 hvm_info->high_mem_pgend = highmem_end >> PAGE_SHIFT;
63 hvm_info->reserved_mem_pgstart = special_pfn(0);
65 /* Finish with the checksum. */
66 for ( i = 0, sum = 0; i < hvm_info->length; i++ )
67 sum += ((uint8_t *)hvm_info)[i];
68 hvm_info->checksum = -sum;
69 }
71 static int loadelfimage(
72 xc_interface *xch,
73 struct elf_binary *elf, uint32_t dom, unsigned long *parray)
74 {
75 privcmd_mmap_entry_t *entries = NULL;
76 size_t pages = (elf->pend - elf->pstart + PAGE_SIZE - 1) >> PAGE_SHIFT;
77 int i, rc = -1;
79 /* Map address space for initial elf image. */
80 entries = calloc(pages, sizeof(privcmd_mmap_entry_t));
81 if ( entries == NULL )
82 goto err;
84 for ( i = 0; i < pages; i++ )
85 entries[i].mfn = parray[(elf->pstart >> PAGE_SHIFT) + i];
87 elf->dest = xc_map_foreign_ranges(
88 xch, dom, pages << PAGE_SHIFT, PROT_READ | PROT_WRITE, 1 << PAGE_SHIFT,
89 entries, pages);
90 if ( elf->dest == NULL )
91 goto err;
93 /* Load the initial elf image. */
94 elf_load_binary(elf);
95 rc = 0;
97 munmap(elf->dest, pages << PAGE_SHIFT);
98 elf->dest = NULL;
100 err:
101 free(entries);
103 return rc;
104 }
106 /*
107 * Check whether there exists mmio hole in the specified memory range.
108 * Returns 1 if exists, else returns 0.
109 */
110 static int check_mmio_hole(uint64_t start, uint64_t memsize)
111 {
112 if ( start + memsize <= HVM_BELOW_4G_MMIO_START ||
113 start >= HVM_BELOW_4G_MMIO_START + HVM_BELOW_4G_MMIO_LENGTH )
114 return 0;
115 else
116 return 1;
117 }
119 static int setup_guest(xc_interface *xch,
120 uint32_t dom, int memsize, int target,
121 char *image, unsigned long image_size)
122 {
123 xen_pfn_t *page_array = NULL;
124 unsigned long i, nr_pages = (unsigned long)memsize << (20 - PAGE_SHIFT);
125 unsigned long target_pages = (unsigned long)target << (20 - PAGE_SHIFT);
126 unsigned long pod_pages = 0;
127 unsigned long entry_eip, cur_pages;
128 void *hvm_info_page;
129 uint32_t *ident_pt;
130 struct elf_binary elf;
131 uint64_t v_start, v_end;
132 int rc;
133 xen_capabilities_info_t caps;
134 unsigned long stat_normal_pages = 0, stat_2mb_pages = 0,
135 stat_1gb_pages = 0;
136 int pod_mode = 0;
138 /* An HVM guest must be initialised with at least 2MB memory. */
139 if ( memsize < 2 || target < 2 )
140 goto error_out;
142 if ( memsize > target )
143 pod_mode = 1;
145 memset(&elf, 0, sizeof(elf));
146 if ( elf_init(&elf, image, image_size) != 0 )
147 goto error_out;
148 elf_parse_binary(&elf);
149 v_start = 0;
150 v_end = (unsigned long long)memsize << 20;
152 if ( xc_version(xch, XENVER_capabilities, &caps) != 0 )
153 {
154 PERROR("Could not get Xen capabilities");
155 goto error_out;
156 }
158 if ( (elf.pstart & (PAGE_SIZE - 1)) != 0 )
159 {
160 PERROR("Guest OS must load to a page boundary.");
161 goto error_out;
162 }
164 IPRINTF("VIRTUAL MEMORY ARRANGEMENT:\n"
165 " Loader: %016"PRIx64"->%016"PRIx64"\n"
166 " TOTAL: %016"PRIx64"->%016"PRIx64"\n"
167 " ENTRY ADDRESS: %016"PRIx64"\n",
168 elf.pstart, elf.pend,
169 v_start, v_end,
170 elf_uval(&elf, elf.ehdr, e_entry));
172 if ( (page_array = malloc(nr_pages * sizeof(xen_pfn_t))) == NULL )
173 {
174 PERROR("Could not allocate memory.");
175 goto error_out;
176 }
178 for ( i = 0; i < nr_pages; i++ )
179 page_array[i] = i;
180 for ( i = HVM_BELOW_4G_RAM_END >> PAGE_SHIFT; i < nr_pages; i++ )
181 page_array[i] += HVM_BELOW_4G_MMIO_LENGTH >> PAGE_SHIFT;
183 /*
184 * Allocate memory for HVM guest, skipping VGA hole 0xA0000-0xC0000.
185 *
186 * We attempt to allocate 1GB pages if possible. It falls back on 2MB
187 * pages if 1GB allocation fails. 4KB pages will be used eventually if
188 * both fail.
189 *
190 * Under 2MB mode, we allocate pages in batches of no more than 8MB to
191 * ensure that we can be preempted and hence dom0 remains responsive.
192 */
193 rc = xc_domain_memory_populate_physmap(
194 xch, dom, 0xa0, 0, 0, &page_array[0x00]);
195 cur_pages = 0xc0;
196 stat_normal_pages = 0xc0;
197 while ( (rc == 0) && (nr_pages > cur_pages) )
198 {
199 /* Clip count to maximum 1GB extent. */
200 unsigned long count = nr_pages - cur_pages;
201 unsigned long max_pages = SUPERPAGE_1GB_NR_PFNS;
203 if ( count > max_pages )
204 count = max_pages;
206 /* Take care the corner cases of super page tails */
207 if ( ((cur_pages & (SUPERPAGE_1GB_NR_PFNS-1)) != 0) &&
208 (count > (-cur_pages & (SUPERPAGE_1GB_NR_PFNS-1))) )
209 count = -cur_pages & (SUPERPAGE_1GB_NR_PFNS-1);
210 else if ( ((count & (SUPERPAGE_1GB_NR_PFNS-1)) != 0) &&
211 (count > SUPERPAGE_1GB_NR_PFNS) )
212 count &= ~(SUPERPAGE_1GB_NR_PFNS - 1);
214 /* Attemp to allocate 1GB super page. Because in each pass we only
215 * allocate at most 1GB, we don't have to clip super page boundaries.
216 */
217 if ( ((count | cur_pages) & (SUPERPAGE_1GB_NR_PFNS - 1)) == 0 &&
218 /* Check if there exists MMIO hole in the 1GB memory range */
219 !check_mmio_hole(cur_pages << PAGE_SHIFT,
220 SUPERPAGE_1GB_NR_PFNS << PAGE_SHIFT) )
221 {
222 long done;
223 xen_pfn_t sp_extents[count >> SUPERPAGE_1GB_SHIFT];
224 struct xen_memory_reservation sp_req = {
225 .nr_extents = count >> SUPERPAGE_1GB_SHIFT,
226 .extent_order = SUPERPAGE_1GB_SHIFT,
227 .domid = dom
228 };
230 if ( pod_mode )
231 sp_req.mem_flags = XENMEMF_populate_on_demand;
233 set_xen_guest_handle(sp_req.extent_start, sp_extents);
234 for ( i = 0; i < sp_req.nr_extents; i++ )
235 sp_extents[i] = page_array[cur_pages+(i<<SUPERPAGE_1GB_SHIFT)];
236 done = xc_memory_op(xch, XENMEM_populate_physmap, &sp_req);
237 if ( done > 0 )
238 {
239 stat_1gb_pages += done;
240 done <<= SUPERPAGE_1GB_SHIFT;
241 if ( pod_mode && target_pages > cur_pages )
242 {
243 int d = target_pages - cur_pages;
244 pod_pages += ( done < d ) ? done : d;
245 }
246 cur_pages += done;
247 count -= done;
248 }
249 }
251 if ( count != 0 )
252 {
253 /* Clip count to maximum 8MB extent. */
254 max_pages = SUPERPAGE_2MB_NR_PFNS * 4;
255 if ( count > max_pages )
256 count = max_pages;
258 /* Clip partial superpage extents to superpage boundaries. */
259 if ( ((cur_pages & (SUPERPAGE_2MB_NR_PFNS-1)) != 0) &&
260 (count > (-cur_pages & (SUPERPAGE_2MB_NR_PFNS-1))) )
261 count = -cur_pages & (SUPERPAGE_2MB_NR_PFNS-1);
262 else if ( ((count & (SUPERPAGE_2MB_NR_PFNS-1)) != 0) &&
263 (count > SUPERPAGE_2MB_NR_PFNS) )
264 count &= ~(SUPERPAGE_2MB_NR_PFNS - 1); /* clip non-s.p. tail */
266 /* Attempt to allocate superpage extents. */
267 if ( ((count | cur_pages) & (SUPERPAGE_2MB_NR_PFNS - 1)) == 0 )
268 {
269 long done;
270 xen_pfn_t sp_extents[count >> SUPERPAGE_2MB_SHIFT];
271 struct xen_memory_reservation sp_req = {
272 .nr_extents = count >> SUPERPAGE_2MB_SHIFT,
273 .extent_order = SUPERPAGE_2MB_SHIFT,
274 .domid = dom
275 };
277 if ( pod_mode )
278 sp_req.mem_flags = XENMEMF_populate_on_demand;
280 set_xen_guest_handle(sp_req.extent_start, sp_extents);
281 for ( i = 0; i < sp_req.nr_extents; i++ )
282 sp_extents[i] = page_array[cur_pages+(i<<SUPERPAGE_2MB_SHIFT)];
283 done = xc_memory_op(xch, XENMEM_populate_physmap, &sp_req);
284 if ( done > 0 )
285 {
286 stat_2mb_pages += done;
287 done <<= SUPERPAGE_2MB_SHIFT;
288 if ( pod_mode && target_pages > cur_pages )
289 {
290 int d = target_pages - cur_pages;
291 pod_pages += ( done < d ) ? done : d;
292 }
293 cur_pages += done;
294 count -= done;
295 }
296 }
297 }
299 /* Fall back to 4kB extents. */
300 if ( count != 0 )
301 {
302 rc = xc_domain_memory_populate_physmap(
303 xch, dom, count, 0, 0, &page_array[cur_pages]);
304 cur_pages += count;
305 stat_normal_pages += count;
306 if ( pod_mode )
307 pod_pages -= count;
308 }
309 }
311 if ( pod_mode )
312 rc = xc_domain_memory_set_pod_target(xch,
313 dom,
314 pod_pages,
315 NULL, NULL, NULL);
317 if ( rc != 0 )
318 {
319 PERROR("Could not allocate memory for HVM guest.");
320 goto error_out;
321 }
323 IPRINTF("PHYSICAL MEMORY ALLOCATION:\n"
324 " 4KB PAGES: 0x%016lx\n"
325 " 2MB PAGES: 0x%016lx\n"
326 " 1GB PAGES: 0x%016lx\n",
327 stat_normal_pages, stat_2mb_pages, stat_1gb_pages);
329 if ( loadelfimage(xch, &elf, dom, page_array) != 0 )
330 goto error_out;
332 if ( (hvm_info_page = xc_map_foreign_range(
333 xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE,
334 HVM_INFO_PFN)) == NULL )
335 goto error_out;
336 build_hvm_info(hvm_info_page, v_end);
337 munmap(hvm_info_page, PAGE_SIZE);
339 /* Allocate and clear special pages. */
340 for ( i = 0; i < NR_SPECIAL_PAGES; i++ )
341 {
342 xen_pfn_t pfn = special_pfn(i);
343 rc = xc_domain_memory_populate_physmap(xch, dom, 1, 0, 0, &pfn);
344 if ( rc != 0 )
345 {
346 PERROR("Could not allocate %d'th special page.", i);
347 goto error_out;
348 }
349 if ( xc_clear_domain_page(xch, dom, special_pfn(i)) )
350 goto error_out;
351 }
353 xc_set_hvm_param(xch, dom, HVM_PARAM_STORE_PFN,
354 special_pfn(SPECIALPAGE_XENSTORE));
355 xc_set_hvm_param(xch, dom, HVM_PARAM_BUFIOREQ_PFN,
356 special_pfn(SPECIALPAGE_BUFIOREQ));
357 xc_set_hvm_param(xch, dom, HVM_PARAM_IOREQ_PFN,
358 special_pfn(SPECIALPAGE_IOREQ));
359 xc_set_hvm_param(xch, dom, HVM_PARAM_CONSOLE_PFN,
360 special_pfn(SPECIALPAGE_CONSOLE));
362 /*
363 * Identity-map page table is required for running with CR0.PG=0 when
364 * using Intel EPT. Create a 32-bit non-PAE page directory of superpages.
365 */
366 if ( (ident_pt = xc_map_foreign_range(
367 xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE,
368 special_pfn(SPECIALPAGE_IDENT_PT))) == NULL )
369 goto error_out;
370 for ( i = 0; i < PAGE_SIZE / sizeof(*ident_pt); i++ )
371 ident_pt[i] = ((i << 22) | _PAGE_PRESENT | _PAGE_RW | _PAGE_USER |
372 _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE);
373 munmap(ident_pt, PAGE_SIZE);
374 xc_set_hvm_param(xch, dom, HVM_PARAM_IDENT_PT,
375 special_pfn(SPECIALPAGE_IDENT_PT) << PAGE_SHIFT);
377 /* Insert JMP <rel32> instruction at address 0x0 to reach entry point. */
378 entry_eip = elf_uval(&elf, elf.ehdr, e_entry);
379 if ( entry_eip != 0 )
380 {
381 char *page0 = xc_map_foreign_range(
382 xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE, 0);
383 if ( page0 == NULL )
384 goto error_out;
385 page0[0] = 0xe9;
386 *(uint32_t *)&page0[1] = entry_eip - 5;
387 munmap(page0, PAGE_SIZE);
388 }
390 free(page_array);
391 return 0;
393 error_out:
394 free(page_array);
395 return -1;
396 }
398 static int xc_hvm_build_internal(xc_interface *xch,
399 uint32_t domid,
400 int memsize,
401 int target,
402 char *image,
403 unsigned long image_size)
404 {
405 if ( (image == NULL) || (image_size == 0) )
406 {
407 ERROR("Image required");
408 return -1;
409 }
411 return setup_guest(xch, domid, memsize, target, image, image_size);
412 }
414 /* xc_hvm_build:
415 * Create a domain for a virtualized Linux, using files/filenames.
416 */
417 int xc_hvm_build(xc_interface *xch,
418 uint32_t domid,
419 int memsize,
420 const char *image_name)
421 {
422 char *image;
423 int sts;
424 unsigned long image_size;
426 if ( (image_name == NULL) ||
427 ((image = xc_read_image(xch, image_name, &image_size)) == NULL) )
428 return -1;
430 sts = xc_hvm_build_internal(xch, domid, memsize, memsize, image, image_size);
432 free(image);
434 return sts;
435 }
437 /* xc_hvm_build_target_mem:
438 * Create a domain for a pre-ballooned virtualized Linux, using
439 * files/filenames. If target < memsize, domain is created with
440 * memsize pages marked populate-on-demand, and with a PoD cache size
441 * of target. If target == memsize, pages are populated normally.
442 */
443 int xc_hvm_build_target_mem(xc_interface *xch,
444 uint32_t domid,
445 int memsize,
446 int target,
447 const char *image_name)
448 {
449 char *image;
450 int sts;
451 unsigned long image_size;
453 if ( (image_name == NULL) ||
454 ((image = xc_read_image(xch, image_name, &image_size)) == NULL) )
455 return -1;
457 sts = xc_hvm_build_internal(xch, domid, memsize, target, image, image_size);
459 free(image);
461 return sts;
462 }
464 /* xc_hvm_build_mem:
465 * Create a domain for a virtualized Linux, using memory buffers.
466 */
467 int xc_hvm_build_mem(xc_interface *xch,
468 uint32_t domid,
469 int memsize,
470 const char *image_buffer,
471 unsigned long image_size)
472 {
473 int sts;
474 unsigned long img_len;
475 char *img;
477 /* Validate that there is a kernel buffer */
479 if ( (image_buffer == NULL) || (image_size == 0) )
480 {
481 ERROR("kernel image buffer not present");
482 return -1;
483 }
485 img = xc_inflate_buffer(xch, image_buffer, image_size, &img_len);
486 if ( img == NULL )
487 {
488 ERROR("unable to inflate ram disk buffer");
489 return -1;
490 }
492 sts = xc_hvm_build_internal(xch, domid, memsize, memsize,
493 img, img_len);
495 /* xc_inflate_buffer may return the original buffer pointer (for
496 for already inflated buffers), so exercise some care in freeing */
498 if ( (img != NULL) && (img != image_buffer) )
499 free(img);
501 return sts;
502 }
504 /*
505 * Local variables:
506 * mode: C
507 * c-set-style: "BSD"
508 * c-basic-offset: 4
509 * tab-width: 4
510 * indent-tabs-mode: nil
511 * End:
512 */