1 /* 2 * QEMU Xen emulation: Shared/overlay pages support 3 * 4 * Copyright © 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. 5 * 6 * Authors: David Woodhouse <dwmw2@infradead.org> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or later. 9 * See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 14 #include "qemu/host-utils.h" 15 #include "qemu/module.h" 16 #include "qemu/main-loop.h" 17 #include "qemu/cutils.h" 18 #include "qemu/error-report.h" 19 #include "qapi/error.h" 20 #include "qom/object.h" 21 #include "migration/vmstate.h" 22 23 #include "hw/sysbus.h" 24 #include "hw/xen/xen.h" 25 #include "hw/xen/xen_backend_ops.h" 26 #include "xen_overlay.h" 27 #include "xen_evtchn.h" 28 #include "xen_xenstore.h" 29 30 #include "sysemu/kvm.h" 31 #include "sysemu/kvm_xen.h" 32 33 #include "trace.h" 34 35 #include "xenstore_impl.h" 36 37 #include "hw/xen/interface/io/xs_wire.h" 38 #include "hw/xen/interface/event_channel.h" 39 #include "hw/xen/interface/grant_table.h" 40 41 #define TYPE_XEN_XENSTORE "xen-xenstore" 42 OBJECT_DECLARE_SIMPLE_TYPE(XenXenstoreState, XEN_XENSTORE) 43 44 #define ENTRIES_PER_FRAME_V1 (XEN_PAGE_SIZE / sizeof(grant_entry_v1_t)) 45 #define ENTRIES_PER_FRAME_V2 (XEN_PAGE_SIZE / sizeof(grant_entry_v2_t)) 46 47 #define XENSTORE_HEADER_SIZE ((unsigned int)sizeof(struct xsd_sockmsg)) 48 49 struct XenXenstoreState { 50 /*< private >*/ 51 SysBusDevice busdev; 52 /*< public >*/ 53 54 XenstoreImplState *impl; 55 GList *watch_events; /* for the guest */ 56 57 MemoryRegion xenstore_page; 58 struct xenstore_domain_interface *xs; 59 uint8_t req_data[XENSTORE_HEADER_SIZE + XENSTORE_PAYLOAD_MAX]; 60 uint8_t rsp_data[XENSTORE_HEADER_SIZE + XENSTORE_PAYLOAD_MAX]; 61 uint32_t req_offset; 62 uint32_t rsp_offset; 63 bool rsp_pending; 64 bool fatal_error; 65 66 evtchn_port_t guest_port; 67 evtchn_port_t be_port; 68 struct xenevtchn_handle *eh; 69 70 uint8_t *impl_state; 71 uint32_t impl_state_size; 72 73 struct xengntdev_handle *gt; 74 void *granted_xs; 75 }; 76 77 struct XenXenstoreState *xen_xenstore_singleton; 78 79 static void xen_xenstore_event(void *opaque); 80 static void fire_watch_cb(void *opaque, const char *path, const char *token); 81 82 static struct xenstore_backend_ops emu_xenstore_backend_ops; 83 84 static void G_GNUC_PRINTF (4, 5) relpath_printf(XenXenstoreState *s, 85 GList *perms, 86 const char *relpath, 87 const char *fmt, ...) 88 { 89 gchar *abspath; 90 gchar *value; 91 va_list args; 92 GByteArray *data; 93 int err; 94 95 abspath = g_strdup_printf("/local/domain/%u/%s", xen_domid, relpath); 96 va_start(args, fmt); 97 value = g_strdup_vprintf(fmt, args); 98 va_end(args); 99 100 data = g_byte_array_new_take((void *)value, strlen(value)); 101 102 err = xs_impl_write(s->impl, DOMID_QEMU, XBT_NULL, abspath, data); 103 assert(!err); 104 105 g_byte_array_unref(data); 106 107 err = xs_impl_set_perms(s->impl, DOMID_QEMU, XBT_NULL, abspath, perms); 108 assert(!err); 109 110 g_free(abspath); 111 } 112 113 static void xen_xenstore_realize(DeviceState *dev, Error **errp) 114 { 115 XenXenstoreState *s = XEN_XENSTORE(dev); 116 GList *perms; 117 118 if (xen_mode != XEN_EMULATE) { 119 error_setg(errp, "Xen xenstore support is for Xen emulation"); 120 return; 121 } 122 memory_region_init_ram(&s->xenstore_page, OBJECT(dev), "xen:xenstore_page", 123 XEN_PAGE_SIZE, &error_abort); 124 memory_region_set_enabled(&s->xenstore_page, true); 125 s->xs = memory_region_get_ram_ptr(&s->xenstore_page); 126 memset(s->xs, 0, XEN_PAGE_SIZE); 127 128 /* We can't map it this early as KVM isn't ready */ 129 xen_xenstore_singleton = s; 130 131 s->eh = xen_be_evtchn_open(); 132 if (!s->eh) { 133 error_setg(errp, "Xenstore evtchn port init failed"); 134 return; 135 } 136 aio_set_fd_handler(qemu_get_aio_context(), xen_be_evtchn_fd(s->eh), 137 xen_xenstore_event, NULL, NULL, NULL, s); 138 139 s->impl = xs_impl_create(xen_domid); 140 141 /* Populate the default nodes */ 142 143 /* Nodes owned by 'dom0' but readable by the guest */ 144 perms = g_list_append(NULL, xs_perm_as_string(XS_PERM_NONE, DOMID_QEMU)); 145 perms = g_list_append(perms, xs_perm_as_string(XS_PERM_READ, xen_domid)); 146 147 relpath_printf(s, perms, "", "%s", ""); 148 149 relpath_printf(s, perms, "domid", "%u", xen_domid); 150 151 relpath_printf(s, perms, "control/platform-feature-xs_reset_watches", "%u", 1); 152 relpath_printf(s, perms, "control/platform-feature-multiprocessor-suspend", "%u", 1); 153 154 relpath_printf(s, perms, "platform/acpi", "%u", 1); 155 relpath_printf(s, perms, "platform/acpi_s3", "%u", 1); 156 relpath_printf(s, perms, "platform/acpi_s4", "%u", 1); 157 relpath_printf(s, perms, "platform/acpi_laptop_slate", "%u", 0); 158 159 g_list_free_full(perms, g_free); 160 161 /* Nodes owned by the guest */ 162 perms = g_list_append(NULL, xs_perm_as_string(XS_PERM_NONE, xen_domid)); 163 164 relpath_printf(s, perms, "attr", "%s", ""); 165 166 relpath_printf(s, perms, "control/shutdown", "%s", ""); 167 relpath_printf(s, perms, "control/feature-poweroff", "%u", 1); 168 relpath_printf(s, perms, "control/feature-reboot", "%u", 1); 169 relpath_printf(s, perms, "control/feature-suspend", "%u", 1); 170 relpath_printf(s, perms, "control/feature-s3", "%u", 1); 171 relpath_printf(s, perms, "control/feature-s4", "%u", 1); 172 173 relpath_printf(s, perms, "data", "%s", ""); 174 relpath_printf(s, perms, "device", "%s", ""); 175 relpath_printf(s, perms, "drivers", "%s", ""); 176 relpath_printf(s, perms, "error", "%s", ""); 177 relpath_printf(s, perms, "feature", "%s", ""); 178 179 g_list_free_full(perms, g_free); 180 181 xen_xenstore_ops = &emu_xenstore_backend_ops; 182 } 183 184 static bool xen_xenstore_is_needed(void *opaque) 185 { 186 return xen_mode == XEN_EMULATE; 187 } 188 189 static int xen_xenstore_pre_save(void *opaque) 190 { 191 XenXenstoreState *s = opaque; 192 GByteArray *save; 193 194 if (s->eh) { 195 s->guest_port = xen_be_evtchn_get_guest_port(s->eh); 196 } 197 198 g_free(s->impl_state); 199 save = xs_impl_serialize(s->impl); 200 s->impl_state = save->data; 201 s->impl_state_size = save->len; 202 g_byte_array_free(save, false); 203 204 return 0; 205 } 206 207 static int xen_xenstore_post_load(void *opaque, int ver) 208 { 209 XenXenstoreState *s = opaque; 210 GByteArray *save; 211 int ret; 212 213 /* 214 * As qemu/dom0, rebind to the guest's port. The Windows drivers may 215 * unbind the XenStore evtchn and rebind to it, having obtained the 216 * "remote" port through EVTCHNOP_status. In the case that migration 217 * occurs while it's unbound, the "remote" port needs to be the same 218 * as before so that the guest can find it, but should remain unbound. 219 */ 220 if (s->guest_port) { 221 int be_port = xen_be_evtchn_bind_interdomain(s->eh, xen_domid, 222 s->guest_port); 223 if (be_port < 0) { 224 return be_port; 225 } 226 s->be_port = be_port; 227 } 228 229 save = g_byte_array_new_take(s->impl_state, s->impl_state_size); 230 s->impl_state = NULL; 231 s->impl_state_size = 0; 232 233 ret = xs_impl_deserialize(s->impl, save, xen_domid, fire_watch_cb, s); 234 return ret; 235 } 236 237 static const VMStateDescription xen_xenstore_vmstate = { 238 .name = "xen_xenstore", 239 .unmigratable = 1, /* The PV back ends don't migrate yet */ 240 .version_id = 1, 241 .minimum_version_id = 1, 242 .needed = xen_xenstore_is_needed, 243 .pre_save = xen_xenstore_pre_save, 244 .post_load = xen_xenstore_post_load, 245 .fields = (VMStateField[]) { 246 VMSTATE_UINT8_ARRAY(req_data, XenXenstoreState, 247 sizeof_field(XenXenstoreState, req_data)), 248 VMSTATE_UINT8_ARRAY(rsp_data, XenXenstoreState, 249 sizeof_field(XenXenstoreState, rsp_data)), 250 VMSTATE_UINT32(req_offset, XenXenstoreState), 251 VMSTATE_UINT32(rsp_offset, XenXenstoreState), 252 VMSTATE_BOOL(rsp_pending, XenXenstoreState), 253 VMSTATE_UINT32(guest_port, XenXenstoreState), 254 VMSTATE_BOOL(fatal_error, XenXenstoreState), 255 VMSTATE_UINT32(impl_state_size, XenXenstoreState), 256 VMSTATE_VARRAY_UINT32_ALLOC(impl_state, XenXenstoreState, 257 impl_state_size, 0, 258 vmstate_info_uint8, uint8_t), 259 VMSTATE_END_OF_LIST() 260 } 261 }; 262 263 static void xen_xenstore_class_init(ObjectClass *klass, void *data) 264 { 265 DeviceClass *dc = DEVICE_CLASS(klass); 266 267 dc->realize = xen_xenstore_realize; 268 dc->vmsd = &xen_xenstore_vmstate; 269 } 270 271 static const TypeInfo xen_xenstore_info = { 272 .name = TYPE_XEN_XENSTORE, 273 .parent = TYPE_SYS_BUS_DEVICE, 274 .instance_size = sizeof(XenXenstoreState), 275 .class_init = xen_xenstore_class_init, 276 }; 277 278 void xen_xenstore_create(void) 279 { 280 DeviceState *dev = sysbus_create_simple(TYPE_XEN_XENSTORE, -1, NULL); 281 282 xen_xenstore_singleton = XEN_XENSTORE(dev); 283 284 /* 285 * Defer the init (xen_xenstore_reset()) until KVM is set up and the 286 * overlay page can be mapped. 287 */ 288 } 289 290 static void xen_xenstore_register_types(void) 291 { 292 type_register_static(&xen_xenstore_info); 293 } 294 295 type_init(xen_xenstore_register_types) 296 297 uint16_t xen_xenstore_get_port(void) 298 { 299 XenXenstoreState *s = xen_xenstore_singleton; 300 if (!s) { 301 return 0; 302 } 303 return s->guest_port; 304 } 305 306 static bool req_pending(XenXenstoreState *s) 307 { 308 struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data; 309 310 return s->req_offset == XENSTORE_HEADER_SIZE + req->len; 311 } 312 313 static void reset_req(XenXenstoreState *s) 314 { 315 memset(s->req_data, 0, sizeof(s->req_data)); 316 s->req_offset = 0; 317 } 318 319 static void reset_rsp(XenXenstoreState *s) 320 { 321 s->rsp_pending = false; 322 323 memset(s->rsp_data, 0, sizeof(s->rsp_data)); 324 s->rsp_offset = 0; 325 } 326 327 static void xs_error(XenXenstoreState *s, unsigned int id, 328 xs_transaction_t tx_id, int errnum) 329 { 330 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 331 const char *errstr = NULL; 332 333 for (unsigned int i = 0; i < ARRAY_SIZE(xsd_errors); i++) { 334 struct xsd_errors *xsd_error = &xsd_errors[i]; 335 336 if (xsd_error->errnum == errnum) { 337 errstr = xsd_error->errstring; 338 break; 339 } 340 } 341 assert(errstr); 342 343 trace_xenstore_error(id, tx_id, errstr); 344 345 rsp->type = XS_ERROR; 346 rsp->req_id = id; 347 rsp->tx_id = tx_id; 348 rsp->len = (uint32_t)strlen(errstr) + 1; 349 350 memcpy(&rsp[1], errstr, rsp->len); 351 } 352 353 static void xs_ok(XenXenstoreState *s, unsigned int type, unsigned int req_id, 354 xs_transaction_t tx_id) 355 { 356 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 357 const char *okstr = "OK"; 358 359 rsp->type = type; 360 rsp->req_id = req_id; 361 rsp->tx_id = tx_id; 362 rsp->len = (uint32_t)strlen(okstr) + 1; 363 364 memcpy(&rsp[1], okstr, rsp->len); 365 } 366 367 /* 368 * The correct request and response formats are documented in xen.git: 369 * docs/misc/xenstore.txt. A summary is given below for convenience. 370 * The '|' symbol represents a NUL character. 371 * 372 * ---------- Database read, write and permissions operations ---------- 373 * 374 * READ <path>| <value|> 375 * WRITE <path>|<value|> 376 * Store and read the octet string <value> at <path>. 377 * WRITE creates any missing parent paths, with empty values. 378 * 379 * MKDIR <path>| 380 * Ensures that the <path> exists, by necessary by creating 381 * it and any missing parents with empty values. If <path> 382 * or any parent already exists, its value is left unchanged. 383 * 384 * RM <path>| 385 * Ensures that the <path> does not exist, by deleting 386 * it and all of its children. It is not an error if <path> does 387 * not exist, but it _is_ an error if <path>'s immediate parent 388 * does not exist either. 389 * 390 * DIRECTORY <path>| <child-leaf-name>|* 391 * Gives a list of the immediate children of <path>, as only the 392 * leafnames. The resulting children are each named 393 * <path>/<child-leaf-name>. 394 * 395 * DIRECTORY_PART <path>|<offset> <gencnt>|<child-leaf-name>|* 396 * Same as DIRECTORY, but to be used for children lists longer than 397 * XENSTORE_PAYLOAD_MAX. Input are <path> and the byte offset into 398 * the list of children to return. Return values are the generation 399 * count <gencnt> of the node (to be used to ensure the node hasn't 400 * changed between two reads: <gencnt> being the same for multiple 401 * reads guarantees the node hasn't changed) and the list of children 402 * starting at the specified <offset> of the complete list. 403 * 404 * GET_PERMS <path>| <perm-as-string>|+ 405 * SET_PERMS <path>|<perm-as-string>|+? 406 * <perm-as-string> is one of the following 407 * w<domid> write only 408 * r<domid> read only 409 * b<domid> both read and write 410 * n<domid> no access 411 * See https://wiki.xen.org/wiki/XenBus section 412 * `Permissions' for details of the permissions system. 413 * It is possible to set permissions for the special watch paths 414 * "@introduceDomain" and "@releaseDomain" to enable receiving those 415 * watches in unprivileged domains. 416 * 417 * ---------- Watches ---------- 418 * 419 * WATCH <wpath>|<token>|? 420 * Adds a watch. 421 * 422 * When a <path> is modified (including path creation, removal, 423 * contents change or permissions change) this generates an event 424 * on the changed <path>. Changes made in transactions cause an 425 * event only if and when committed. Each occurring event is 426 * matched against all the watches currently set up, and each 427 * matching watch results in a WATCH_EVENT message (see below). 428 * 429 * The event's path matches the watch's <wpath> if it is an child 430 * of <wpath>. 431 * 432 * <wpath> can be a <path> to watch or @<wspecial>. In the 433 * latter case <wspecial> may have any syntax but it matches 434 * (according to the rules above) only the following special 435 * events which are invented by xenstored: 436 * @introduceDomain occurs on INTRODUCE 437 * @releaseDomain occurs on any domain crash or 438 * shutdown, and also on RELEASE 439 * and domain destruction 440 * <wspecial> events are sent to privileged callers or explicitly 441 * via SET_PERMS enabled domains only. 442 * 443 * When a watch is first set up it is triggered once straight 444 * away, with <path> equal to <wpath>. Watches may be triggered 445 * spuriously. The tx_id in a WATCH request is ignored. 446 * 447 * Watches are supposed to be restricted by the permissions 448 * system but in practice the implementation is imperfect. 449 * Applications should not rely on being sent a notification for 450 * paths that they cannot read; however, an application may rely 451 * on being sent a watch when a path which it _is_ able to read 452 * is deleted even if that leaves only a nonexistent unreadable 453 * parent. A notification may omitted if a node's permissions 454 * are changed so as to make it unreadable, in which case future 455 * notifications may be suppressed (and if the node is later made 456 * readable, some notifications may have been lost). 457 * 458 * WATCH_EVENT <epath>|<token>| 459 * Unsolicited `reply' generated for matching modification events 460 * as described above. req_id and tx_id are both 0. 461 * 462 * <epath> is the event's path, ie the actual path that was 463 * modified; however if the event was the recursive removal of an 464 * parent of <wpath>, <epath> is just 465 * <wpath> (rather than the actual path which was removed). So 466 * <epath> is a child of <wpath>, regardless. 467 * 468 * Iff <wpath> for the watch was specified as a relative pathname, 469 * the <epath> path will also be relative (with the same base, 470 * obviously). 471 * 472 * UNWATCH <wpath>|<token>|? 473 * 474 * RESET_WATCHES | 475 * Reset all watches and transactions of the caller. 476 * 477 * ---------- Transactions ---------- 478 * 479 * TRANSACTION_START | <transid>| 480 * <transid> is an opaque uint32_t allocated by xenstored 481 * represented as unsigned decimal. After this, transaction may 482 * be referenced by using <transid> (as 32-bit binary) in the 483 * tx_id request header field. When transaction is started whole 484 * db is copied; reads and writes happen on the copy. 485 * It is not legal to send non-0 tx_id in TRANSACTION_START. 486 * 487 * TRANSACTION_END T| 488 * TRANSACTION_END F| 489 * tx_id must refer to existing transaction. After this 490 * request the tx_id is no longer valid and may be reused by 491 * xenstore. If F, the transaction is discarded. If T, 492 * it is committed: if there were any other intervening writes 493 * then our END gets get EAGAIN. 494 * 495 * The plan is that in the future only intervening `conflicting' 496 * writes cause EAGAIN, meaning only writes or other commits 497 * which changed paths which were read or written in the 498 * transaction at hand. 499 * 500 */ 501 502 static void xs_read(XenXenstoreState *s, unsigned int req_id, 503 xs_transaction_t tx_id, uint8_t *req_data, unsigned int len) 504 { 505 const char *path = (const char *)req_data; 506 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 507 uint8_t *rsp_data = (uint8_t *)&rsp[1]; 508 g_autoptr(GByteArray) data = g_byte_array_new(); 509 int err; 510 511 if (len == 0 || req_data[len - 1] != '\0') { 512 xs_error(s, req_id, tx_id, EINVAL); 513 return; 514 } 515 516 trace_xenstore_read(tx_id, path); 517 err = xs_impl_read(s->impl, xen_domid, tx_id, path, data); 518 if (err) { 519 xs_error(s, req_id, tx_id, err); 520 return; 521 } 522 523 rsp->type = XS_READ; 524 rsp->req_id = req_id; 525 rsp->tx_id = tx_id; 526 rsp->len = 0; 527 528 len = data->len; 529 if (len > XENSTORE_PAYLOAD_MAX) { 530 xs_error(s, req_id, tx_id, E2BIG); 531 return; 532 } 533 534 memcpy(&rsp_data[rsp->len], data->data, len); 535 rsp->len += len; 536 } 537 538 static void xs_write(XenXenstoreState *s, unsigned int req_id, 539 xs_transaction_t tx_id, uint8_t *req_data, 540 unsigned int len) 541 { 542 g_autoptr(GByteArray) data = g_byte_array_new(); 543 const char *path; 544 int err; 545 546 if (len == 0) { 547 xs_error(s, req_id, tx_id, EINVAL); 548 return; 549 } 550 551 path = (const char *)req_data; 552 553 while (len--) { 554 if (*req_data++ == '\0') { 555 break; 556 } 557 if (len == 0) { 558 xs_error(s, req_id, tx_id, EINVAL); 559 return; 560 } 561 } 562 563 g_byte_array_append(data, req_data, len); 564 565 trace_xenstore_write(tx_id, path); 566 err = xs_impl_write(s->impl, xen_domid, tx_id, path, data); 567 if (err) { 568 xs_error(s, req_id, tx_id, err); 569 return; 570 } 571 572 xs_ok(s, XS_WRITE, req_id, tx_id); 573 } 574 575 static void xs_mkdir(XenXenstoreState *s, unsigned int req_id, 576 xs_transaction_t tx_id, uint8_t *req_data, 577 unsigned int len) 578 { 579 g_autoptr(GByteArray) data = g_byte_array_new(); 580 const char *path; 581 int err; 582 583 if (len == 0 || req_data[len - 1] != '\0') { 584 xs_error(s, req_id, tx_id, EINVAL); 585 return; 586 } 587 588 path = (const char *)req_data; 589 590 trace_xenstore_mkdir(tx_id, path); 591 err = xs_impl_read(s->impl, xen_domid, tx_id, path, data); 592 if (err == ENOENT) { 593 err = xs_impl_write(s->impl, xen_domid, tx_id, path, data); 594 } 595 596 if (!err) { 597 xs_error(s, req_id, tx_id, err); 598 return; 599 } 600 601 xs_ok(s, XS_MKDIR, req_id, tx_id); 602 } 603 604 static void xs_append_strings(XenXenstoreState *s, struct xsd_sockmsg *rsp, 605 GList *strings, unsigned int start, bool truncate) 606 { 607 uint8_t *rsp_data = (uint8_t *)&rsp[1]; 608 GList *l; 609 610 for (l = strings; l; l = l->next) { 611 size_t len = strlen(l->data) + 1; /* Including the NUL termination */ 612 char *str = l->data; 613 614 if (rsp->len + len > XENSTORE_PAYLOAD_MAX) { 615 if (truncate) { 616 len = XENSTORE_PAYLOAD_MAX - rsp->len; 617 if (!len) { 618 return; 619 } 620 } else { 621 xs_error(s, rsp->req_id, rsp->tx_id, E2BIG); 622 return; 623 } 624 } 625 626 if (start) { 627 if (start >= len) { 628 start -= len; 629 continue; 630 } 631 632 str += start; 633 len -= start; 634 start = 0; 635 } 636 637 memcpy(&rsp_data[rsp->len], str, len); 638 rsp->len += len; 639 } 640 /* XS_DIRECTORY_PART wants an extra NUL to indicate the end */ 641 if (truncate && rsp->len < XENSTORE_PAYLOAD_MAX) { 642 rsp_data[rsp->len++] = '\0'; 643 } 644 } 645 646 static void xs_directory(XenXenstoreState *s, unsigned int req_id, 647 xs_transaction_t tx_id, uint8_t *req_data, 648 unsigned int len) 649 { 650 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 651 GList *items = NULL; 652 const char *path; 653 int err; 654 655 if (len == 0 || req_data[len - 1] != '\0') { 656 xs_error(s, req_id, tx_id, EINVAL); 657 return; 658 } 659 660 path = (const char *)req_data; 661 662 trace_xenstore_directory(tx_id, path); 663 err = xs_impl_directory(s->impl, xen_domid, tx_id, path, NULL, &items); 664 if (err != 0) { 665 xs_error(s, req_id, tx_id, err); 666 return; 667 } 668 669 rsp->type = XS_DIRECTORY; 670 rsp->req_id = req_id; 671 rsp->tx_id = tx_id; 672 rsp->len = 0; 673 674 xs_append_strings(s, rsp, items, 0, false); 675 676 g_list_free_full(items, g_free); 677 } 678 679 static void xs_directory_part(XenXenstoreState *s, unsigned int req_id, 680 xs_transaction_t tx_id, uint8_t *req_data, 681 unsigned int len) 682 { 683 const char *offset_str, *path = (const char *)req_data; 684 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 685 char *rsp_data = (char *)&rsp[1]; 686 uint64_t gencnt = 0; 687 unsigned int offset; 688 GList *items = NULL; 689 int err; 690 691 if (len == 0) { 692 xs_error(s, req_id, tx_id, EINVAL); 693 return; 694 } 695 696 while (len--) { 697 if (*req_data++ == '\0') { 698 break; 699 } 700 if (len == 0) { 701 xs_error(s, req_id, tx_id, EINVAL); 702 return; 703 } 704 } 705 706 offset_str = (const char *)req_data; 707 while (len--) { 708 if (*req_data++ == '\0') { 709 break; 710 } 711 if (len == 0) { 712 xs_error(s, req_id, tx_id, EINVAL); 713 return; 714 } 715 } 716 717 if (len) { 718 xs_error(s, req_id, tx_id, EINVAL); 719 return; 720 } 721 722 if (qemu_strtoui(offset_str, NULL, 10, &offset) < 0) { 723 xs_error(s, req_id, tx_id, EINVAL); 724 return; 725 } 726 727 trace_xenstore_directory_part(tx_id, path, offset); 728 err = xs_impl_directory(s->impl, xen_domid, tx_id, path, &gencnt, &items); 729 if (err != 0) { 730 xs_error(s, req_id, tx_id, err); 731 return; 732 } 733 734 rsp->type = XS_DIRECTORY_PART; 735 rsp->req_id = req_id; 736 rsp->tx_id = tx_id; 737 rsp->len = snprintf(rsp_data, XENSTORE_PAYLOAD_MAX, "%" PRIu64, gencnt) + 1; 738 739 xs_append_strings(s, rsp, items, offset, true); 740 741 g_list_free_full(items, g_free); 742 } 743 744 static void xs_transaction_start(XenXenstoreState *s, unsigned int req_id, 745 xs_transaction_t tx_id, uint8_t *req_data, 746 unsigned int len) 747 { 748 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 749 char *rsp_data = (char *)&rsp[1]; 750 int err; 751 752 if (len != 1 || req_data[0] != '\0') { 753 xs_error(s, req_id, tx_id, EINVAL); 754 return; 755 } 756 757 rsp->type = XS_TRANSACTION_START; 758 rsp->req_id = req_id; 759 rsp->tx_id = tx_id; 760 rsp->len = 0; 761 762 err = xs_impl_transaction_start(s->impl, xen_domid, &tx_id); 763 if (err) { 764 xs_error(s, req_id, tx_id, err); 765 return; 766 } 767 768 trace_xenstore_transaction_start(tx_id); 769 770 rsp->len = snprintf(rsp_data, XENSTORE_PAYLOAD_MAX, "%u", tx_id); 771 assert(rsp->len < XENSTORE_PAYLOAD_MAX); 772 rsp->len++; 773 } 774 775 static void xs_transaction_end(XenXenstoreState *s, unsigned int req_id, 776 xs_transaction_t tx_id, uint8_t *req_data, 777 unsigned int len) 778 { 779 bool commit; 780 int err; 781 782 if (len != 2 || req_data[1] != '\0') { 783 xs_error(s, req_id, tx_id, EINVAL); 784 return; 785 } 786 787 switch (req_data[0]) { 788 case 'T': 789 commit = true; 790 break; 791 case 'F': 792 commit = false; 793 break; 794 default: 795 xs_error(s, req_id, tx_id, EINVAL); 796 return; 797 } 798 799 trace_xenstore_transaction_end(tx_id, commit); 800 err = xs_impl_transaction_end(s->impl, xen_domid, tx_id, commit); 801 if (err) { 802 xs_error(s, req_id, tx_id, err); 803 return; 804 } 805 806 xs_ok(s, XS_TRANSACTION_END, req_id, tx_id); 807 } 808 809 static void xs_rm(XenXenstoreState *s, unsigned int req_id, 810 xs_transaction_t tx_id, uint8_t *req_data, unsigned int len) 811 { 812 const char *path = (const char *)req_data; 813 int err; 814 815 if (len == 0 || req_data[len - 1] != '\0') { 816 xs_error(s, req_id, tx_id, EINVAL); 817 return; 818 } 819 820 trace_xenstore_rm(tx_id, path); 821 err = xs_impl_rm(s->impl, xen_domid, tx_id, path); 822 if (err) { 823 xs_error(s, req_id, tx_id, err); 824 return; 825 } 826 827 xs_ok(s, XS_RM, req_id, tx_id); 828 } 829 830 static void xs_get_perms(XenXenstoreState *s, unsigned int req_id, 831 xs_transaction_t tx_id, uint8_t *req_data, 832 unsigned int len) 833 { 834 const char *path = (const char *)req_data; 835 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 836 GList *perms = NULL; 837 int err; 838 839 if (len == 0 || req_data[len - 1] != '\0') { 840 xs_error(s, req_id, tx_id, EINVAL); 841 return; 842 } 843 844 trace_xenstore_get_perms(tx_id, path); 845 err = xs_impl_get_perms(s->impl, xen_domid, tx_id, path, &perms); 846 if (err) { 847 xs_error(s, req_id, tx_id, err); 848 return; 849 } 850 851 rsp->type = XS_GET_PERMS; 852 rsp->req_id = req_id; 853 rsp->tx_id = tx_id; 854 rsp->len = 0; 855 856 xs_append_strings(s, rsp, perms, 0, false); 857 858 g_list_free_full(perms, g_free); 859 } 860 861 static void xs_set_perms(XenXenstoreState *s, unsigned int req_id, 862 xs_transaction_t tx_id, uint8_t *req_data, 863 unsigned int len) 864 { 865 const char *path = (const char *)req_data; 866 uint8_t *perm; 867 GList *perms = NULL; 868 int err; 869 870 if (len == 0) { 871 xs_error(s, req_id, tx_id, EINVAL); 872 return; 873 } 874 875 while (len--) { 876 if (*req_data++ == '\0') { 877 break; 878 } 879 if (len == 0) { 880 xs_error(s, req_id, tx_id, EINVAL); 881 return; 882 } 883 } 884 885 perm = req_data; 886 while (len--) { 887 if (*req_data++ == '\0') { 888 perms = g_list_append(perms, perm); 889 perm = req_data; 890 } 891 } 892 893 /* 894 * Note that there may be trailing garbage at the end of the buffer. 895 * This is explicitly permitted by the '?' at the end of the definition: 896 * 897 * SET_PERMS <path>|<perm-as-string>|+? 898 */ 899 900 trace_xenstore_set_perms(tx_id, path); 901 err = xs_impl_set_perms(s->impl, xen_domid, tx_id, path, perms); 902 g_list_free(perms); 903 if (err) { 904 xs_error(s, req_id, tx_id, err); 905 return; 906 } 907 908 xs_ok(s, XS_SET_PERMS, req_id, tx_id); 909 } 910 911 static void xs_watch(XenXenstoreState *s, unsigned int req_id, 912 xs_transaction_t tx_id, uint8_t *req_data, 913 unsigned int len) 914 { 915 const char *token, *path = (const char *)req_data; 916 int err; 917 918 if (len == 0) { 919 xs_error(s, req_id, tx_id, EINVAL); 920 return; 921 } 922 923 while (len--) { 924 if (*req_data++ == '\0') { 925 break; 926 } 927 if (len == 0) { 928 xs_error(s, req_id, tx_id, EINVAL); 929 return; 930 } 931 } 932 933 token = (const char *)req_data; 934 while (len--) { 935 if (*req_data++ == '\0') { 936 break; 937 } 938 if (len == 0) { 939 xs_error(s, req_id, tx_id, EINVAL); 940 return; 941 } 942 } 943 944 /* 945 * Note that there may be trailing garbage at the end of the buffer. 946 * This is explicitly permitted by the '?' at the end of the definition: 947 * 948 * WATCH <wpath>|<token>|? 949 */ 950 951 trace_xenstore_watch(path, token); 952 err = xs_impl_watch(s->impl, xen_domid, path, token, fire_watch_cb, s); 953 if (err) { 954 xs_error(s, req_id, tx_id, err); 955 return; 956 } 957 958 xs_ok(s, XS_WATCH, req_id, tx_id); 959 } 960 961 static void xs_unwatch(XenXenstoreState *s, unsigned int req_id, 962 xs_transaction_t tx_id, uint8_t *req_data, 963 unsigned int len) 964 { 965 const char *token, *path = (const char *)req_data; 966 int err; 967 968 if (len == 0) { 969 xs_error(s, req_id, tx_id, EINVAL); 970 return; 971 } 972 973 while (len--) { 974 if (*req_data++ == '\0') { 975 break; 976 } 977 if (len == 0) { 978 xs_error(s, req_id, tx_id, EINVAL); 979 return; 980 } 981 } 982 983 token = (const char *)req_data; 984 while (len--) { 985 if (*req_data++ == '\0') { 986 break; 987 } 988 if (len == 0) { 989 xs_error(s, req_id, tx_id, EINVAL); 990 return; 991 } 992 } 993 994 trace_xenstore_unwatch(path, token); 995 err = xs_impl_unwatch(s->impl, xen_domid, path, token, fire_watch_cb, s); 996 if (err) { 997 xs_error(s, req_id, tx_id, err); 998 return; 999 } 1000 1001 xs_ok(s, XS_UNWATCH, req_id, tx_id); 1002 } 1003 1004 static void xs_reset_watches(XenXenstoreState *s, unsigned int req_id, 1005 xs_transaction_t tx_id, uint8_t *req_data, 1006 unsigned int len) 1007 { 1008 if (len == 0 || req_data[len - 1] != '\0') { 1009 xs_error(s, req_id, tx_id, EINVAL); 1010 return; 1011 } 1012 1013 trace_xenstore_reset_watches(); 1014 xs_impl_reset_watches(s->impl, xen_domid); 1015 1016 xs_ok(s, XS_RESET_WATCHES, req_id, tx_id); 1017 } 1018 1019 static void xs_priv(XenXenstoreState *s, unsigned int req_id, 1020 xs_transaction_t tx_id, uint8_t *data, 1021 unsigned int len) 1022 { 1023 xs_error(s, req_id, tx_id, EACCES); 1024 } 1025 1026 static void xs_unimpl(XenXenstoreState *s, unsigned int req_id, 1027 xs_transaction_t tx_id, uint8_t *data, 1028 unsigned int len) 1029 { 1030 xs_error(s, req_id, tx_id, ENOSYS); 1031 } 1032 1033 typedef void (*xs_impl)(XenXenstoreState *s, unsigned int req_id, 1034 xs_transaction_t tx_id, uint8_t *data, 1035 unsigned int len); 1036 1037 struct xsd_req { 1038 const char *name; 1039 xs_impl fn; 1040 }; 1041 #define XSD_REQ(_type, _fn) \ 1042 [_type] = { .name = #_type, .fn = _fn } 1043 1044 struct xsd_req xsd_reqs[] = { 1045 XSD_REQ(XS_READ, xs_read), 1046 XSD_REQ(XS_WRITE, xs_write), 1047 XSD_REQ(XS_MKDIR, xs_mkdir), 1048 XSD_REQ(XS_DIRECTORY, xs_directory), 1049 XSD_REQ(XS_DIRECTORY_PART, xs_directory_part), 1050 XSD_REQ(XS_TRANSACTION_START, xs_transaction_start), 1051 XSD_REQ(XS_TRANSACTION_END, xs_transaction_end), 1052 XSD_REQ(XS_RM, xs_rm), 1053 XSD_REQ(XS_GET_PERMS, xs_get_perms), 1054 XSD_REQ(XS_SET_PERMS, xs_set_perms), 1055 XSD_REQ(XS_WATCH, xs_watch), 1056 XSD_REQ(XS_UNWATCH, xs_unwatch), 1057 XSD_REQ(XS_CONTROL, xs_priv), 1058 XSD_REQ(XS_INTRODUCE, xs_priv), 1059 XSD_REQ(XS_RELEASE, xs_priv), 1060 XSD_REQ(XS_IS_DOMAIN_INTRODUCED, xs_priv), 1061 XSD_REQ(XS_RESUME, xs_priv), 1062 XSD_REQ(XS_SET_TARGET, xs_priv), 1063 XSD_REQ(XS_RESET_WATCHES, xs_reset_watches), 1064 }; 1065 1066 static void process_req(XenXenstoreState *s) 1067 { 1068 struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data; 1069 xs_impl handler = NULL; 1070 1071 assert(req_pending(s)); 1072 assert(!s->rsp_pending); 1073 1074 if (req->type < ARRAY_SIZE(xsd_reqs)) { 1075 handler = xsd_reqs[req->type].fn; 1076 } 1077 if (!handler) { 1078 handler = &xs_unimpl; 1079 } 1080 1081 handler(s, req->req_id, req->tx_id, (uint8_t *)&req[1], req->len); 1082 1083 s->rsp_pending = true; 1084 reset_req(s); 1085 } 1086 1087 static unsigned int copy_from_ring(XenXenstoreState *s, uint8_t *ptr, 1088 unsigned int len) 1089 { 1090 if (!len) { 1091 return 0; 1092 } 1093 1094 XENSTORE_RING_IDX prod = qatomic_read(&s->xs->req_prod); 1095 XENSTORE_RING_IDX cons = qatomic_read(&s->xs->req_cons); 1096 unsigned int copied = 0; 1097 1098 /* Ensure the ring contents don't cross the req_prod access. */ 1099 smp_rmb(); 1100 1101 while (len) { 1102 unsigned int avail = prod - cons; 1103 unsigned int offset = MASK_XENSTORE_IDX(cons); 1104 unsigned int copylen = avail; 1105 1106 if (avail > XENSTORE_RING_SIZE) { 1107 error_report("XenStore ring handling error"); 1108 s->fatal_error = true; 1109 break; 1110 } else if (avail == 0) { 1111 break; 1112 } 1113 1114 if (copylen > len) { 1115 copylen = len; 1116 } 1117 if (copylen > XENSTORE_RING_SIZE - offset) { 1118 copylen = XENSTORE_RING_SIZE - offset; 1119 } 1120 1121 memcpy(ptr, &s->xs->req[offset], copylen); 1122 copied += copylen; 1123 1124 ptr += copylen; 1125 len -= copylen; 1126 1127 cons += copylen; 1128 } 1129 1130 /* 1131 * Not sure this ever mattered except on Alpha, but this barrier 1132 * is to ensure that the update to req_cons is globally visible 1133 * only after we have consumed all the data from the ring, and we 1134 * don't end up seeing data written to the ring *after* the other 1135 * end sees the update and writes more to the ring. Xen's own 1136 * xenstored has the same barrier here (although with no comment 1137 * at all, obviously, because it's Xen code). 1138 */ 1139 smp_mb(); 1140 1141 qatomic_set(&s->xs->req_cons, cons); 1142 1143 return copied; 1144 } 1145 1146 static unsigned int copy_to_ring(XenXenstoreState *s, uint8_t *ptr, 1147 unsigned int len) 1148 { 1149 if (!len) { 1150 return 0; 1151 } 1152 1153 XENSTORE_RING_IDX cons = qatomic_read(&s->xs->rsp_cons); 1154 XENSTORE_RING_IDX prod = qatomic_read(&s->xs->rsp_prod); 1155 unsigned int copied = 0; 1156 1157 /* 1158 * This matches the barrier in copy_to_ring() (or the guest's 1159 * equivalent) betweem writing the data to the ring and updating 1160 * rsp_prod. It protects against the pathological case (which 1161 * again I think never happened except on Alpha) where our 1162 * subsequent writes to the ring could *cross* the read of 1163 * rsp_cons and the guest could see the new data when it was 1164 * intending to read the old. 1165 */ 1166 smp_mb(); 1167 1168 while (len) { 1169 unsigned int avail = cons + XENSTORE_RING_SIZE - prod; 1170 unsigned int offset = MASK_XENSTORE_IDX(prod); 1171 unsigned int copylen = len; 1172 1173 if (avail > XENSTORE_RING_SIZE) { 1174 error_report("XenStore ring handling error"); 1175 s->fatal_error = true; 1176 break; 1177 } else if (avail == 0) { 1178 break; 1179 } 1180 1181 if (copylen > avail) { 1182 copylen = avail; 1183 } 1184 if (copylen > XENSTORE_RING_SIZE - offset) { 1185 copylen = XENSTORE_RING_SIZE - offset; 1186 } 1187 1188 1189 memcpy(&s->xs->rsp[offset], ptr, copylen); 1190 copied += copylen; 1191 1192 ptr += copylen; 1193 len -= copylen; 1194 1195 prod += copylen; 1196 } 1197 1198 /* Ensure the ring contents are seen before rsp_prod update. */ 1199 smp_wmb(); 1200 1201 qatomic_set(&s->xs->rsp_prod, prod); 1202 1203 return copied; 1204 } 1205 1206 static unsigned int get_req(XenXenstoreState *s) 1207 { 1208 unsigned int copied = 0; 1209 1210 if (s->fatal_error) { 1211 return 0; 1212 } 1213 1214 assert(!req_pending(s)); 1215 1216 if (s->req_offset < XENSTORE_HEADER_SIZE) { 1217 void *ptr = s->req_data + s->req_offset; 1218 unsigned int len = XENSTORE_HEADER_SIZE; 1219 unsigned int copylen = copy_from_ring(s, ptr, len); 1220 1221 copied += copylen; 1222 s->req_offset += copylen; 1223 } 1224 1225 if (s->req_offset >= XENSTORE_HEADER_SIZE) { 1226 struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data; 1227 1228 if (req->len > (uint32_t)XENSTORE_PAYLOAD_MAX) { 1229 error_report("Illegal XenStore request"); 1230 s->fatal_error = true; 1231 return 0; 1232 } 1233 1234 void *ptr = s->req_data + s->req_offset; 1235 unsigned int len = XENSTORE_HEADER_SIZE + req->len - s->req_offset; 1236 unsigned int copylen = copy_from_ring(s, ptr, len); 1237 1238 copied += copylen; 1239 s->req_offset += copylen; 1240 } 1241 1242 return copied; 1243 } 1244 1245 static unsigned int put_rsp(XenXenstoreState *s) 1246 { 1247 if (s->fatal_error) { 1248 return 0; 1249 } 1250 1251 assert(s->rsp_pending); 1252 1253 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 1254 assert(s->rsp_offset < XENSTORE_HEADER_SIZE + rsp->len); 1255 1256 void *ptr = s->rsp_data + s->rsp_offset; 1257 unsigned int len = XENSTORE_HEADER_SIZE + rsp->len - s->rsp_offset; 1258 unsigned int copylen = copy_to_ring(s, ptr, len); 1259 1260 s->rsp_offset += copylen; 1261 1262 /* Have we produced a complete response? */ 1263 if (s->rsp_offset == XENSTORE_HEADER_SIZE + rsp->len) { 1264 reset_rsp(s); 1265 } 1266 1267 return copylen; 1268 } 1269 1270 static void deliver_watch(XenXenstoreState *s, const char *path, 1271 const char *token) 1272 { 1273 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 1274 uint8_t *rsp_data = (uint8_t *)&rsp[1]; 1275 unsigned int len; 1276 1277 assert(!s->rsp_pending); 1278 1279 trace_xenstore_watch_event(path, token); 1280 1281 rsp->type = XS_WATCH_EVENT; 1282 rsp->req_id = 0; 1283 rsp->tx_id = 0; 1284 rsp->len = 0; 1285 1286 len = strlen(path); 1287 1288 /* XENSTORE_ABS/REL_PATH_MAX should ensure there can be no overflow */ 1289 assert(rsp->len + len < XENSTORE_PAYLOAD_MAX); 1290 1291 memcpy(&rsp_data[rsp->len], path, len); 1292 rsp->len += len; 1293 rsp_data[rsp->len] = '\0'; 1294 rsp->len++; 1295 1296 len = strlen(token); 1297 /* 1298 * It is possible for the guest to have chosen a token that will 1299 * not fit (along with the patch) into a watch event. We have no 1300 * choice but to drop the event if this is the case. 1301 */ 1302 if (rsp->len + len >= XENSTORE_PAYLOAD_MAX) { 1303 return; 1304 } 1305 1306 memcpy(&rsp_data[rsp->len], token, len); 1307 rsp->len += len; 1308 rsp_data[rsp->len] = '\0'; 1309 rsp->len++; 1310 1311 s->rsp_pending = true; 1312 } 1313 1314 struct watch_event { 1315 char *path; 1316 char *token; 1317 }; 1318 1319 static void free_watch_event(struct watch_event *ev) 1320 { 1321 if (ev) { 1322 g_free(ev->path); 1323 g_free(ev->token); 1324 g_free(ev); 1325 } 1326 } 1327 1328 static void queue_watch(XenXenstoreState *s, const char *path, 1329 const char *token) 1330 { 1331 struct watch_event *ev = g_new0(struct watch_event, 1); 1332 1333 ev->path = g_strdup(path); 1334 ev->token = g_strdup(token); 1335 1336 s->watch_events = g_list_append(s->watch_events, ev); 1337 } 1338 1339 static void fire_watch_cb(void *opaque, const char *path, const char *token) 1340 { 1341 XenXenstoreState *s = opaque; 1342 1343 assert(qemu_mutex_iothread_locked()); 1344 1345 /* 1346 * If there's a response pending, we obviously can't scribble over 1347 * it. But if there's a request pending, it has dibs on the buffer 1348 * too. 1349 * 1350 * In the common case of a watch firing due to backend activity 1351 * when the ring was otherwise idle, we should be able to copy the 1352 * strings directly into the rsp_data and thence the actual ring, 1353 * without needing to perform any allocations and queue them. 1354 */ 1355 if (s->rsp_pending || req_pending(s)) { 1356 queue_watch(s, path, token); 1357 } else { 1358 deliver_watch(s, path, token); 1359 /* 1360 * If the message was queued because there was already ring activity, 1361 * no need to wake the guest. But if not, we need to send the evtchn. 1362 */ 1363 xen_be_evtchn_notify(s->eh, s->be_port); 1364 } 1365 } 1366 1367 static void process_watch_events(XenXenstoreState *s) 1368 { 1369 struct watch_event *ev = s->watch_events->data; 1370 1371 deliver_watch(s, ev->path, ev->token); 1372 1373 s->watch_events = g_list_remove(s->watch_events, ev); 1374 free_watch_event(ev); 1375 } 1376 1377 static void xen_xenstore_event(void *opaque) 1378 { 1379 XenXenstoreState *s = opaque; 1380 evtchn_port_t port = xen_be_evtchn_pending(s->eh); 1381 unsigned int copied_to, copied_from; 1382 bool processed, notify = false; 1383 1384 if (port != s->be_port) { 1385 return; 1386 } 1387 1388 /* We know this is a no-op. */ 1389 xen_be_evtchn_unmask(s->eh, port); 1390 1391 do { 1392 copied_to = copied_from = 0; 1393 processed = false; 1394 1395 if (!s->rsp_pending && s->watch_events) { 1396 process_watch_events(s); 1397 } 1398 1399 if (s->rsp_pending) { 1400 copied_to = put_rsp(s); 1401 } 1402 1403 if (!req_pending(s)) { 1404 copied_from = get_req(s); 1405 } 1406 1407 if (req_pending(s) && !s->rsp_pending && !s->watch_events) { 1408 process_req(s); 1409 processed = true; 1410 } 1411 1412 notify |= copied_to || copied_from; 1413 } while (copied_to || copied_from || processed); 1414 1415 if (notify) { 1416 xen_be_evtchn_notify(s->eh, s->be_port); 1417 } 1418 } 1419 1420 static void alloc_guest_port(XenXenstoreState *s) 1421 { 1422 struct evtchn_alloc_unbound alloc = { 1423 .dom = DOMID_SELF, 1424 .remote_dom = DOMID_QEMU, 1425 }; 1426 1427 if (!xen_evtchn_alloc_unbound_op(&alloc)) { 1428 s->guest_port = alloc.port; 1429 } 1430 } 1431 1432 int xen_xenstore_reset(void) 1433 { 1434 XenXenstoreState *s = xen_xenstore_singleton; 1435 int err; 1436 1437 if (!s) { 1438 return -ENOTSUP; 1439 } 1440 1441 s->req_offset = s->rsp_offset = 0; 1442 s->rsp_pending = false; 1443 1444 if (!memory_region_is_mapped(&s->xenstore_page)) { 1445 uint64_t gpa = XEN_SPECIAL_PFN(XENSTORE) << TARGET_PAGE_BITS; 1446 xen_overlay_do_map_page(&s->xenstore_page, gpa); 1447 } 1448 1449 alloc_guest_port(s); 1450 1451 /* 1452 * As qemu/dom0, bind to the guest's port. For incoming migration, this 1453 * will be unbound as the guest's evtchn table is overwritten. We then 1454 * rebind to the correct guest port in xen_xenstore_post_load(). 1455 */ 1456 err = xen_be_evtchn_bind_interdomain(s->eh, xen_domid, s->guest_port); 1457 if (err < 0) { 1458 return err; 1459 } 1460 s->be_port = err; 1461 1462 /* 1463 * We don't actually access the guest's page through the grant, because 1464 * this isn't real Xen, and we can just use the page we gave it in the 1465 * first place. Map the grant anyway, mostly for cosmetic purposes so 1466 * it *looks* like it's in use in the guest-visible grant table. 1467 */ 1468 s->gt = qemu_xen_gnttab_open(); 1469 uint32_t xs_gntref = GNTTAB_RESERVED_XENSTORE; 1470 s->granted_xs = qemu_xen_gnttab_map_refs(s->gt, 1, xen_domid, &xs_gntref, 1471 PROT_READ | PROT_WRITE); 1472 1473 return 0; 1474 } 1475 1476 struct qemu_xs_handle { 1477 XenstoreImplState *impl; 1478 GList *watches; 1479 QEMUBH *watch_bh; 1480 }; 1481 1482 struct qemu_xs_watch { 1483 struct qemu_xs_handle *h; 1484 char *path; 1485 xs_watch_fn fn; 1486 void *opaque; 1487 GList *events; 1488 }; 1489 1490 static char *xs_be_get_domain_path(struct qemu_xs_handle *h, unsigned int domid) 1491 { 1492 return g_strdup_printf("/local/domain/%u", domid); 1493 } 1494 1495 static char **xs_be_directory(struct qemu_xs_handle *h, xs_transaction_t t, 1496 const char *path, unsigned int *num) 1497 { 1498 GList *items = NULL, *l; 1499 unsigned int i = 0; 1500 char **items_ret; 1501 int err; 1502 1503 err = xs_impl_directory(h->impl, DOMID_QEMU, t, path, NULL, &items); 1504 if (err) { 1505 errno = err; 1506 return NULL; 1507 } 1508 1509 items_ret = g_new0(char *, g_list_length(items) + 1); 1510 *num = 0; 1511 for (l = items; l; l = l->next) { 1512 items_ret[i++] = l->data; 1513 (*num)++; 1514 } 1515 g_list_free(items); 1516 return items_ret; 1517 } 1518 1519 static void *xs_be_read(struct qemu_xs_handle *h, xs_transaction_t t, 1520 const char *path, unsigned int *len) 1521 { 1522 GByteArray *data = g_byte_array_new(); 1523 bool free_segment = false; 1524 int err; 1525 1526 err = xs_impl_read(h->impl, DOMID_QEMU, t, path, data); 1527 if (err) { 1528 free_segment = true; 1529 errno = err; 1530 } else { 1531 if (len) { 1532 *len = data->len; 1533 } 1534 /* The xen-bus-helper code expects to get NUL terminated string! */ 1535 g_byte_array_append(data, (void *)"", 1); 1536 } 1537 1538 return g_byte_array_free(data, free_segment); 1539 } 1540 1541 static bool xs_be_write(struct qemu_xs_handle *h, xs_transaction_t t, 1542 const char *path, const void *data, unsigned int len) 1543 { 1544 GByteArray *gdata = g_byte_array_new(); 1545 int err; 1546 1547 g_byte_array_append(gdata, data, len); 1548 err = xs_impl_write(h->impl, DOMID_QEMU, t, path, gdata); 1549 g_byte_array_unref(gdata); 1550 if (err) { 1551 errno = err; 1552 return false; 1553 } 1554 return true; 1555 } 1556 1557 static bool xs_be_create(struct qemu_xs_handle *h, xs_transaction_t t, 1558 unsigned int owner, unsigned int domid, 1559 unsigned int perms, const char *path) 1560 { 1561 g_autoptr(GByteArray) data = g_byte_array_new(); 1562 GList *perms_list = NULL; 1563 int err; 1564 1565 /* mkdir does this */ 1566 err = xs_impl_read(h->impl, DOMID_QEMU, t, path, data); 1567 if (err == ENOENT) { 1568 err = xs_impl_write(h->impl, DOMID_QEMU, t, path, data); 1569 } 1570 if (err) { 1571 errno = err; 1572 return false; 1573 } 1574 1575 perms_list = g_list_append(perms_list, 1576 xs_perm_as_string(XS_PERM_NONE, owner)); 1577 perms_list = g_list_append(perms_list, 1578 xs_perm_as_string(perms, domid)); 1579 1580 err = xs_impl_set_perms(h->impl, DOMID_QEMU, t, path, perms_list); 1581 g_list_free_full(perms_list, g_free); 1582 if (err) { 1583 errno = err; 1584 return false; 1585 } 1586 return true; 1587 } 1588 1589 static bool xs_be_destroy(struct qemu_xs_handle *h, xs_transaction_t t, 1590 const char *path) 1591 { 1592 int err = xs_impl_rm(h->impl, DOMID_QEMU, t, path); 1593 if (err) { 1594 errno = err; 1595 return false; 1596 } 1597 return true; 1598 } 1599 1600 static void be_watch_bh(void *_h) 1601 { 1602 struct qemu_xs_handle *h = _h; 1603 GList *l; 1604 1605 for (l = h->watches; l; l = l->next) { 1606 struct qemu_xs_watch *w = l->data; 1607 1608 while (w->events) { 1609 struct watch_event *ev = w->events->data; 1610 1611 w->fn(w->opaque, ev->path); 1612 1613 w->events = g_list_remove(w->events, ev); 1614 free_watch_event(ev); 1615 } 1616 } 1617 } 1618 1619 static void xs_be_watch_cb(void *opaque, const char *path, const char *token) 1620 { 1621 struct watch_event *ev = g_new0(struct watch_event, 1); 1622 struct qemu_xs_watch *w = opaque; 1623 1624 /* We don't care about the token */ 1625 ev->path = g_strdup(path); 1626 w->events = g_list_append(w->events, ev); 1627 1628 qemu_bh_schedule(w->h->watch_bh); 1629 } 1630 1631 static struct qemu_xs_watch *xs_be_watch(struct qemu_xs_handle *h, 1632 const char *path, xs_watch_fn fn, 1633 void *opaque) 1634 { 1635 struct qemu_xs_watch *w = g_new0(struct qemu_xs_watch, 1); 1636 int err; 1637 1638 w->h = h; 1639 w->fn = fn; 1640 w->opaque = opaque; 1641 1642 err = xs_impl_watch(h->impl, DOMID_QEMU, path, NULL, xs_be_watch_cb, w); 1643 if (err) { 1644 errno = err; 1645 g_free(w); 1646 return NULL; 1647 } 1648 1649 w->path = g_strdup(path); 1650 h->watches = g_list_append(h->watches, w); 1651 return w; 1652 } 1653 1654 static void xs_be_unwatch(struct qemu_xs_handle *h, struct qemu_xs_watch *w) 1655 { 1656 xs_impl_unwatch(h->impl, DOMID_QEMU, w->path, NULL, xs_be_watch_cb, w); 1657 1658 h->watches = g_list_remove(h->watches, w); 1659 g_list_free_full(w->events, (GDestroyNotify)free_watch_event); 1660 g_free(w->path); 1661 g_free(w); 1662 } 1663 1664 static xs_transaction_t xs_be_transaction_start(struct qemu_xs_handle *h) 1665 { 1666 unsigned int new_tx = XBT_NULL; 1667 int err = xs_impl_transaction_start(h->impl, DOMID_QEMU, &new_tx); 1668 if (err) { 1669 errno = err; 1670 return XBT_NULL; 1671 } 1672 return new_tx; 1673 } 1674 1675 static bool xs_be_transaction_end(struct qemu_xs_handle *h, xs_transaction_t t, 1676 bool abort) 1677 { 1678 int err = xs_impl_transaction_end(h->impl, DOMID_QEMU, t, !abort); 1679 if (err) { 1680 errno = err; 1681 return false; 1682 } 1683 return true; 1684 } 1685 1686 static struct qemu_xs_handle *xs_be_open(void) 1687 { 1688 XenXenstoreState *s = xen_xenstore_singleton; 1689 struct qemu_xs_handle *h; 1690 1691 if (!s && !s->impl) { 1692 errno = -ENOSYS; 1693 return NULL; 1694 } 1695 1696 h = g_new0(struct qemu_xs_handle, 1); 1697 h->impl = s->impl; 1698 1699 h->watch_bh = aio_bh_new(qemu_get_aio_context(), be_watch_bh, h); 1700 1701 return h; 1702 } 1703 1704 static void xs_be_close(struct qemu_xs_handle *h) 1705 { 1706 while (h->watches) { 1707 struct qemu_xs_watch *w = h->watches->data; 1708 xs_be_unwatch(h, w); 1709 } 1710 1711 qemu_bh_delete(h->watch_bh); 1712 g_free(h); 1713 } 1714 1715 static struct xenstore_backend_ops emu_xenstore_backend_ops = { 1716 .open = xs_be_open, 1717 .close = xs_be_close, 1718 .get_domain_path = xs_be_get_domain_path, 1719 .directory = xs_be_directory, 1720 .read = xs_be_read, 1721 .write = xs_be_write, 1722 .create = xs_be_create, 1723 .destroy = xs_be_destroy, 1724 .watch = xs_be_watch, 1725 .unwatch = xs_be_unwatch, 1726 .transaction_start = xs_be_transaction_start, 1727 .transaction_end = xs_be_transaction_end, 1728 }; 1729