subject:"CVS commit\: \[netbsd\-6\-1\] src\/sys\/arch\/xen"

CVS commit: [netbsd-6-1] src/sys/arch/xen

2016-01-08 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Fri Jan  8 21:25:28 UTC 2016

Modified Files:
src/sys/arch/xen/include/xen-public/io [netbsd-6-1]: ring.h
src/sys/arch/xen/xen [netbsd-6-1]: pciback.c xbdback_xenbus.c
xennetback_xenbus.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1358):
sys/arch/xen/include/xen-public/io/ring.h: revision 1.3 via patch
sys/arch/xen/xen/pciback.c: revision 1.10 via patch
sys/arch/xen/xen/xbdback_xenbus.c: revision 1.62 via patch
sys/arch/xen/xen/xennetback_xenbus.c: revision 1.54 via patch
Apply patch from xsa155: make sure that the backend won't read parts of the
request again (possibly because of compiler optimisations), by using
copies and barrier.
>From XSA155:
The compiler can emit optimizations in the PV backend drivers which
can lead to double fetch vulnerabilities. Specifically the shared
memory between the frontend and backend can be fetched twice (during
which time the frontend can alter the contents) possibly leading to
arbitrary code execution in backend.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.18.1 src/sys/arch/xen/include/xen-public/io/ring.h
cvs rdiff -u -r1.7 -r1.7.16.1 src/sys/arch/xen/xen/pciback.c
cvs rdiff -u -r1.55.2.1.6.2 -r1.55.2.1.6.3 \
src/sys/arch/xen/xen/xbdback_xenbus.c
cvs rdiff -u -r1.47 -r1.47.14.1 src/sys/arch/xen/xen/xennetback_xenbus.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/xen/include/xen-public/io/ring.h
diff -u src/sys/arch/xen/include/xen-public/io/ring.h:1.2 src/sys/arch/xen/include/xen-public/io/ring.h:1.2.18.1
--- src/sys/arch/xen/include/xen-public/io/ring.h:1.2	Wed Dec  7 15:40:15 2011
+++ src/sys/arch/xen/include/xen-public/io/ring.h	Fri Jan  8 21:25:28 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: ring.h,v 1.2 2011/12/07 15:40:15 cegger Exp $ */
+/* $NetBSD: ring.h,v 1.2.18.1 2016/01/08 21:25:28 snj Exp $ */
 /**
  * ring.h
  * 
@@ -236,6 +236,20 @@ typedef struct __name##_back_ring __name
 #define RING_GET_REQUEST(_r, _idx)  \
 (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].req))
 
+/*
+ * Get a local copy of a request.
+ *
+ * Use this in preference to RING_GET_REQUEST() so all processing is
+ * done on a local copy that cannot be modified by the other end.
+ *
+ * Note that https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 may cause this
+ * to be ineffective where _req is a struct which consists of only bitfields.
+ */
+#define RING_COPY_REQUEST(_r, _idx, _req) do {\
+	/* Use volatile to force the copy into _req. */			\
+	*(_req) = *(volatile typeof(_req))RING_GET_REQUEST(_r, _idx);	\
+} while (0)
+
 #define RING_GET_RESPONSE(_r, _idx) \
 (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].rsp))
 

Index: src/sys/arch/xen/xen/pciback.c
diff -u src/sys/arch/xen/xen/pciback.c:1.7 src/sys/arch/xen/xen/pciback.c:1.7.16.1
--- src/sys/arch/xen/xen/pciback.c:1.7	Thu Feb  2 19:43:01 2012
+++ src/sys/arch/xen/xen/pciback.c	Fri Jan  8 21:25:28 2016
@@ -1,4 +1,4 @@
-/*  $NetBSD: pciback.c,v 1.7 2012/02/02 19:43:01 tls Exp $  */
+/*  $NetBSD: pciback.c,v 1.7.16.1 2016/01/08 21:25:28 snj Exp $  */
 
 /*
  * Copyright (c) 2009 Manuel Bouyer.
@@ -26,7 +26,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: pciback.c,v 1.7 2012/02/02 19:43:01 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pciback.c,v 1.7.16.1 2016/01/08 21:25:28 snj Exp $");
 
 #include "opt_xen.h"
 
@@ -188,6 +188,7 @@ struct pb_xenbus_instance {
 	/* communication with the domU */
 unsigned int pbx_evtchn; /* our even channel */
 struct xen_pci_sharedinfo *pbx_sh_info;
+struct xen_pci_op op;
 grant_handle_t pbx_shinfo_handle; /* to unmap shared page */
 };
 
@@ -712,13 +713,16 @@ pciback_xenbus_evthandler(void * arg)
 {
 	struct pb_xenbus_instance *pbxi = arg;
 	struct pciback_pci_dev *pbd;
-	struct xen_pci_op *op = >pbx_sh_info->op;
+	struct xen_pci_op *op = >op;
 	u_int bus, dev, func;
 
 	hypervisor_clear_event(pbxi->pbx_evtchn);
 	if (xen_atomic_test_bit(>pbx_sh_info->flags,
 	_XEN_PCIF_active) == 0)
 		return 0;
+
+	memcpy(op, >pbx_sh_info->op, sizeof (struct xen_pci_op));
+	__insn_barrier();
 	if (op->domain != 0) {
 		aprint_error("pciback: domain %d != 0", op->domain);
 		op->err = XEN_PCI_ERR_dev_not_found;
@@ -785,6 +789,8 @@ pciback_xenbus_evthandler(void * arg)
 		aprint_error("pciback: unknown cmd %d\n", op->cmd);
 		op->err = XEN_PCI_ERR_not_implemented;
 	}
+	pbxi->pbx_sh_info->op.value = op->value;
+	pbxi->pbx_sh_info->op.err = op->err;
 end:
 	xen_atomic_clear_bit(>pbx_sh_info->flags, _XEN_PCIF_active);
 	hypervisor_notify_via_evtchn(pbxi->pbx_evtchn);

Index: src/sys/arch/xen/xen/xbdback_xenbus.c
diff -u

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

2015-11-15 Thread SAITOH Masanobu

Module Name:src
Committed By:   msaitoh
Date:   Mon Nov 16 07:52:12 UTC 2015

Modified Files:
src/sys/arch/xen/xen [netbsd-6-1]: xbdback_xenbus.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1347):
sys/arch/xen/xen/xbdback_xenbus.c: revision 1.61
Fix typo which caused the kenrel thread to be created with a 0 priority.
This would cause the thread to be almost never scheduled when a userland
process could use all CPU.
Should fix the problem reported by Torbj?rn Granlund on port-xen@


To generate a diff of this commit:
cvs rdiff -u -r1.55.2.1.6.1 -r1.55.2.1.6.2 \
src/sys/arch/xen/xen/xbdback_xenbus.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/xen/xen/xbdback_xenbus.c
diff -u src/sys/arch/xen/xen/xbdback_xenbus.c:1.55.2.1.6.1 src/sys/arch/xen/xen/xbdback_xenbus.c:1.55.2.1.6.2
--- src/sys/arch/xen/xen/xbdback_xenbus.c:1.55.2.1.6.1	Thu Nov  7 20:19:40 2013
+++ src/sys/arch/xen/xen/xbdback_xenbus.c	Mon Nov 16 07:52:12 2015
@@ -1,4 +1,4 @@
-/*  $NetBSD: xbdback_xenbus.c,v 1.55.2.1.6.1 2013/11/07 20:19:40 snj Exp $  */
+/*  $NetBSD: xbdback_xenbus.c,v 1.55.2.1.6.2 2015/11/16 07:52:12 msaitoh Exp $  */
 
 /*
  * Copyright (c) 2006 Manuel Bouyer.
@@ -26,7 +26,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: xbdback_xenbus.c,v 1.55.2.1.6.1 2013/11/07 20:19:40 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xbdback_xenbus.c,v 1.55.2.1.6.2 2015/11/16 07:52:12 msaitoh Exp $");
 
 #include 
 #include 
@@ -648,7 +648,7 @@ xbdback_connect(struct xbdback_instance 
 	hypervisor_enable_event(xbdi->xbdi_evtchn);
 	hypervisor_notify_via_evtchn(xbdi->xbdi_evtchn);
 
-	if (kthread_create(IPL_NONE, KTHREAD_MPSAFE, NULL,
+	if (kthread_create(PRI_NONE, KTHREAD_MPSAFE, NULL,
 	xbdback_thread, xbdi, NULL, "%s", xbdi->xbdi_name) == 0)
 		return 0;

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

2015-05-26 Thread SAITOH Masanobu

Module Name:src
Committed By:   msaitoh
Date:   Wed May 27 05:56:42 UTC 2015

Modified Files:
src/sys/arch/xen/xen [netbsd-6-1]: xenevt.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1299):
sys/arch/xen/xen/xenevt.c: revision 1.42
Fix off by one error, pointed out by Wei Liu in port-xen/49919


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.18.1 src/sys/arch/xen/xen/xenevt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/xen/xen/xenevt.c
diff -u src/sys/arch/xen/xen/xenevt.c:1.39 src/sys/arch/xen/xen/xenevt.c:1.39.18.1
--- src/sys/arch/xen/xen/xenevt.c:1.39	Sat Dec  3 22:41:40 2011
+++ src/sys/arch/xen/xen/xenevt.c	Wed May 27 05:56:42 2015
@@ -1,4 +1,4 @@
-/*  $NetBSD: xenevt.c,v 1.39 2011/12/03 22:41:40 bouyer Exp $  */
+/*  $NetBSD: xenevt.c,v 1.39.18.1 2015/05/27 05:56:42 msaitoh Exp $  */
 
 /*
  * Copyright (c) 2005 Manuel Bouyer.
@@ -26,7 +26,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: xenevt.c,v 1.39 2011/12/03 22:41:40 bouyer Exp $);
+__KERNEL_RCSID(0, $NetBSD: xenevt.c,v 1.39.18.1 2015/05/27 05:56:42 msaitoh Exp $);
 
 #include opt_xen.h
 #include sys/param.h
@@ -479,7 +479,7 @@ xenevt_fwrite(struct file *fp, off_t *of
 	if (uio-uio_resid == 0)
 		return (0);
 	nentries = uio-uio_resid / sizeof(uint16_t);
-	if (nentries  NR_EVENT_CHANNELS)
+	if (nentries = NR_EVENT_CHANNELS)
 		return EMSGSIZE;
 	chans = kmem_alloc(nentries * sizeof(uint16_t), KM_SLEEP);
 	if (chans == NULL)
@@ -572,7 +572,7 @@ xenevt_fioctl(struct file *fp, u_long cm
 	{
 		struct ioctl_evtchn_unbind *unbind = addr;
 		
-		if (unbind-port  NR_EVENT_CHANNELS)
+		if (unbind-port = NR_EVENT_CHANNELS)
 			return EINVAL;
 		mutex_enter(devevent_lock);
 		if (devevent[unbind-port] != d) {
@@ -593,7 +593,7 @@ xenevt_fioctl(struct file *fp, u_long cm
 	{
 		struct ioctl_evtchn_notify *notify = addr;
 		
-		if (notify-port  NR_EVENT_CHANNELS)
+		if (notify-port = NR_EVENT_CHANNELS)
 			return EINVAL;
 		mutex_enter(devevent_lock);
 		if (devevent[notify-port] != d) {

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

2013-12-17 Thread Jeff Rizzo

Module Name:src
Committed By:   riz
Date:   Tue Dec 17 22:40:15 UTC 2013

Modified Files:
src/sys/arch/xen/xen [netbsd-6-1]: evtchn.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #995):
sys/arch/xen/xen/evtchn.c: revision 1.70
Remove the evtchn_do_event: handler %p didn't lower ipl %d %d\n printf.
With help from Robert Elz we've finally figured out what's going on, and
it actually isn't a bug in the handler, but related to spin mutexes.
When a spin mutex is released, the IPL isn't lowered back if the
curcpu is holding other spin mutexes. This is because mutexes may not
be released in order (and, in this case, the CPU in interrupted while
it holds a spin mutex at IPL  IPL_SCHED).
Also remove the test and resetting the IPL, it will be reset anyway
inside the loop, or at the end of the loop.


To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.62.10.1 src/sys/arch/xen/xen/evtchn.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/xen/xen/evtchn.c
diff -u src/sys/arch/xen/xen/evtchn.c:1.62 src/sys/arch/xen/xen/evtchn.c:1.62.10.1
--- src/sys/arch/xen/xen/evtchn.c:1.62	Sun Feb 12 14:24:08 2012
+++ src/sys/arch/xen/xen/evtchn.c	Tue Dec 17 22:40:15 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: evtchn.c,v 1.62 2012/02/12 14:24:08 jym Exp $	*/
+/*	$NetBSD: evtchn.c,v 1.62.10.1 2013/12/17 22:40:15 riz Exp $	*/
 
 /*
  * Copyright (c) 2006 Manuel Bouyer.
@@ -54,7 +54,7 @@
 
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: evtchn.c,v 1.62 2012/02/12 14:24:08 jym Exp $);
+__KERNEL_RCSID(0, $NetBSD: evtchn.c,v 1.62.10.1 2013/12/17 22:40:15 riz Exp $);
 
 #include opt_xen.h
 #include isa.h
@@ -347,13 +347,6 @@ splx:
 	ih_fun = (void *)ih-ih_fun;
 	ih_fun(ih-ih_arg, regs);
 	cli();
-	if (ci-ci_ilevel != i) {
-		printf(evtchn_do_event: 
-		handler %p didn't lower 
-		ipl %d %d\n,
-		ih_fun, ci-ci_ilevel, i);
-		ci-ci_ilevel = i;
-	}
 }
 hypervisor_enable_ipl(i);
 /* more pending IPLs may have been registered */

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

2013-11-07 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Thu Nov  7 20:19:40 UTC 2013

Modified Files:
src/sys/arch/xen/xen [netbsd-6-1]: xbdback_xenbus.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #974):
sys/arch/xen/xen/xbdback_xenbus.c: revision 1.58
Add more XENPRINTF() to xbdback_connect()
in xbdback_backend_changed(), fix memory leak.
Do not free an uninitialized pointer in xbdback_connect(). Should fix
 hypervisor or dom0 reboot when using windows PV drivers, as reported
 by several users on port-xen.


To generate a diff of this commit:
cvs rdiff -u -r1.55.2.1 -r1.55.2.1.6.1 src/sys/arch/xen/xen/xbdback_xenbus.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/xen/xen/xbdback_xenbus.c
diff -u src/sys/arch/xen/xen/xbdback_xenbus.c:1.55.2.1 src/sys/arch/xen/xen/xbdback_xenbus.c:1.55.2.1.6.1
--- src/sys/arch/xen/xen/xbdback_xenbus.c:1.55.2.1	Tue Jun  5 15:36:00 2012
+++ src/sys/arch/xen/xen/xbdback_xenbus.c	Thu Nov  7 20:19:40 2013
@@ -1,4 +1,4 @@
-/*  $NetBSD: xbdback_xenbus.c,v 1.55.2.1 2012/06/05 15:36:00 jdc Exp $  */
+/*  $NetBSD: xbdback_xenbus.c,v 1.55.2.1.6.1 2013/11/07 20:19:40 snj Exp $  */
 
 /*
  * Copyright (c) 2006 Manuel Bouyer.
@@ -26,7 +26,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: xbdback_xenbus.c,v 1.55.2.1 2012/06/05 15:36:00 jdc Exp $);
+__KERNEL_RCSID(0, $NetBSD: xbdback_xenbus.c,v 1.55.2.1.6.1 2013/11/07 20:19:40 snj Exp $);
 
 #include sys/atomic.h
 #include sys/buf.h
@@ -531,6 +531,7 @@ xbdback_connect(struct xbdback_instance 
 	const char *proto;
 	struct xenbus_device *xbusd = xbdi-xbdi_xbusd;
 
+	XENPRINTF((xbdback %s: connect\n, xbusd-xbusd_path));
 	/* read comunication informations */
 	err = xenbus_read_ul(NULL, xbusd-xbusd_otherend,
 	ring-ref, ring_ref, 10);
@@ -539,6 +540,7 @@ xbdback_connect(struct xbdback_instance 
 		xbusd-xbusd_otherend);
 		return -1;
 	}
+	XENPRINTF((xbdback %s: connect ring-ref %lu\n, xbusd-xbusd_path, ring_ref));
 	err = xenbus_read_ul(NULL, xbusd-xbusd_otherend,
 	event-channel, revtchn, 10);
 	if (err) {
@@ -546,12 +548,15 @@ xbdback_connect(struct xbdback_instance 
 		xbusd-xbusd_otherend);
 		return -1;
 	}
+	XENPRINTF((xbdback %s: connect revtchn %lu\n, xbusd-xbusd_path, revtchn));
 	err = xenbus_read(NULL, xbusd-xbusd_otherend, protocol,
 	len, xsproto);
 	if (err) {
 		xbdi-xbdi_proto = XBDIP_NATIVE;
 		proto = unspecified;
+		XENPRINTF((xbdback %s: connect no xsproto\n, xbusd-xbusd_path));
 	} else {
+		XENPRINTF((xbdback %s: connect xsproto %s\n, xbusd-xbusd_path, xsproto));
 		if (strcmp(xsproto, XEN_IO_PROTO_ABI_NATIVE) == 0) {
 			xbdi-xbdi_proto = XBDIP_NATIVE;
 			proto = XEN_IO_PROTO_ABI_NATIVE;
@@ -567,8 +572,8 @@ xbdback_connect(struct xbdback_instance 
 			free(xsproto, M_DEVBUF);
 			return -1;
 		}
+		free(xsproto, M_DEVBUF);
 	}
-	free(xsproto, M_DEVBUF);
 
 	/* allocate VA space and map rings */
 	xbdi-xbdi_ring_va = uvm_km_alloc(kernel_map, PAGE_SIZE, 0,
@@ -578,6 +583,7 @@ xbdback_connect(struct xbdback_instance 
 		can't get VA for ring, xbusd-xbusd_otherend);
 		return -1;
 	}
+	XENPRINTF((xbdback %s: connect va 0x% PRIxVADDR \n, xbusd-xbusd_path, xbdi-xbdi_ring_va));
 
 	grop.host_addr = xbdi-xbdi_ring_va;
 	grop.flags = GNTMAP_host_map;
@@ -593,6 +599,7 @@ xbdback_connect(struct xbdback_instance 
 		goto err;
 	}
 	xbdi-xbdi_ring_handle = grop.handle;
+	XENPRINTF((xbdback %s: connect grhandle %d\n, xbusd-xbusd_path, grop.handle));
 
 	switch(xbdi-xbdi_proto) {
 	case XBDIP_NATIVE:
@@ -627,6 +634,7 @@ xbdback_connect(struct xbdback_instance 
 		can't bind event channel, xbusd-xbusd_otherend);
 		goto err2;
 	}
+	XENPRINTF((xbdback %s: connect evchannel %d\n, xbusd-xbusd_path, xbdi-xbdi_evtchn));
 	xbdi-xbdi_evtchn = evop.u.bind_interdomain.local_port;
 
 	event_set_handler(xbdi-xbdi_evtchn, xbdback_evthandler,
@@ -766,6 +774,7 @@ xbdback_backend_changed(struct xenbus_wa
 		xbdi-xbdi_ro = false;
 	else
 		xbdi-xbdi_ro = true;
+	free(mode, M_DEVBUF);
 	major = major(xbdi-xbdi_dev);
 	devname = devsw_blk2name(major);
 	if (devname == NULL) {

CVS commit: [netbsd-6-1] src/sys/arch/xen

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

CVS commit: [netbsd-6-1] src/sys/arch/xen/xen

5 matches

Site Navigation

Mail list logo

Footer information