Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / hv / channel_mgmt.c
blob36484db36baf01709846cd4224589a8863e9ab72
1 /*
2 * Copyright (c) 2009, Microsoft Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11 * more details.
13 * You should have received a copy of the GNU General Public License along with
14 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
15 * Place - Suite 330, Boston, MA 02111-1307 USA.
17 * Authors:
18 * Haiyang Zhang <haiyangz@microsoft.com>
19 * Hank Janssen <hjanssen@microsoft.com>
21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23 #include <linux/kernel.h>
24 #include <linux/sched.h>
25 #include <linux/wait.h>
26 #include <linux/mm.h>
27 #include <linux/slab.h>
28 #include <linux/list.h>
29 #include <linux/module.h>
30 #include <linux/completion.h>
31 #include <linux/hyperv.h>
33 #include "hyperv_vmbus.h"
35 struct vmbus_channel_message_table_entry {
36 enum vmbus_channel_message_type message_type;
37 void (*message_handler)(struct vmbus_channel_message_header *msg);
40 #define MAX_MSG_TYPES 4
41 #define MAX_NUM_DEVICE_CLASSES_SUPPORTED 8
43 static const uuid_le
44 supported_device_classes[MAX_NUM_DEVICE_CLASSES_SUPPORTED] = {
45 /* {ba6163d9-04a1-4d29-b605-72e2ffb1dc7f} */
46 /* Storage - SCSI */
48 .b = {
49 0xd9, 0x63, 0x61, 0xba, 0xa1, 0x04, 0x29, 0x4d,
50 0xb6, 0x05, 0x72, 0xe2, 0xff, 0xb1, 0xdc, 0x7f
54 /* {F8615163-DF3E-46c5-913F-F2D2F965ED0E} */
55 /* Network */
57 .b = {
58 0x63, 0x51, 0x61, 0xF8, 0x3E, 0xDF, 0xc5, 0x46,
59 0x91, 0x3F, 0xF2, 0xD2, 0xF9, 0x65, 0xED, 0x0E
63 /* {CFA8B69E-5B4A-4cc0-B98B-8BA1A1F3F95A} */
64 /* Input */
66 .b = {
67 0x9E, 0xB6, 0xA8, 0xCF, 0x4A, 0x5B, 0xc0, 0x4c,
68 0xB9, 0x8B, 0x8B, 0xA1, 0xA1, 0xF3, 0xF9, 0x5A
72 /* {32412632-86cb-44a2-9b5c-50d1417354f5} */
73 /* IDE */
75 .b = {
76 0x32, 0x26, 0x41, 0x32, 0xcb, 0x86, 0xa2, 0x44,
77 0x9b, 0x5c, 0x50, 0xd1, 0x41, 0x73, 0x54, 0xf5
80 /* 0E0B6031-5213-4934-818B-38D90CED39DB */
81 /* Shutdown */
83 .b = {
84 0x31, 0x60, 0x0B, 0X0E, 0x13, 0x52, 0x34, 0x49,
85 0x81, 0x8B, 0x38, 0XD9, 0x0C, 0xED, 0x39, 0xDB
88 /* {9527E630-D0AE-497b-ADCE-E80AB0175CAF} */
89 /* TimeSync */
91 .b = {
92 0x30, 0xe6, 0x27, 0x95, 0xae, 0xd0, 0x7b, 0x49,
93 0xad, 0xce, 0xe8, 0x0a, 0xb0, 0x17, 0x5c, 0xaf
96 /* {57164f39-9115-4e78-ab55-382f3bd5422d} */
97 /* Heartbeat */
99 .b = {
100 0x39, 0x4f, 0x16, 0x57, 0x15, 0x91, 0x78, 0x4e,
101 0xab, 0x55, 0x38, 0x2f, 0x3b, 0xd5, 0x42, 0x2d
104 /* {A9A0F4E7-5A45-4d96-B827-8A841E8C03E6} */
105 /* KVP */
107 .b = {
108 0xe7, 0xf4, 0xa0, 0xa9, 0x45, 0x5a, 0x96, 0x4d,
109 0xb8, 0x27, 0x8a, 0x84, 0x1e, 0x8c, 0x3, 0xe6
117 * vmbus_prep_negotiate_resp() - Create default response for Hyper-V Negotiate message
118 * @icmsghdrp: Pointer to msg header structure
119 * @icmsg_negotiate: Pointer to negotiate message structure
120 * @buf: Raw buffer channel data
122 * @icmsghdrp is of type &struct icmsg_hdr.
123 * @negop is of type &struct icmsg_negotiate.
124 * Set up and fill in default negotiate response message. This response can
125 * come from both the vmbus driver and the hv_utils driver. The current api
126 * will respond properly to both Windows 2008 and Windows 2008-R2 operating
127 * systems.
129 * Mainly used by Hyper-V drivers.
131 void vmbus_prep_negotiate_resp(struct icmsg_hdr *icmsghdrp,
132 struct icmsg_negotiate *negop, u8 *buf)
134 if (icmsghdrp->icmsgtype == ICMSGTYPE_NEGOTIATE) {
135 icmsghdrp->icmsgsize = 0x10;
137 negop = (struct icmsg_negotiate *)&buf[
138 sizeof(struct vmbuspipe_hdr) +
139 sizeof(struct icmsg_hdr)];
141 if (negop->icframe_vercnt == 2 &&
142 negop->icversion_data[1].major == 3) {
143 negop->icversion_data[0].major = 3;
144 negop->icversion_data[0].minor = 0;
145 negop->icversion_data[1].major = 3;
146 negop->icversion_data[1].minor = 0;
147 } else {
148 negop->icversion_data[0].major = 1;
149 negop->icversion_data[0].minor = 0;
150 negop->icversion_data[1].major = 1;
151 negop->icversion_data[1].minor = 0;
154 negop->icframe_vercnt = 1;
155 negop->icmsg_vercnt = 1;
158 EXPORT_SYMBOL_GPL(vmbus_prep_negotiate_resp);
161 * alloc_channel - Allocate and initialize a vmbus channel object
163 static struct vmbus_channel *alloc_channel(void)
165 struct vmbus_channel *channel;
167 channel = kzalloc(sizeof(*channel), GFP_ATOMIC);
168 if (!channel)
169 return NULL;
171 spin_lock_init(&channel->inbound_lock);
173 channel->controlwq = create_workqueue("hv_vmbus_ctl");
174 if (!channel->controlwq) {
175 kfree(channel);
176 return NULL;
179 return channel;
183 * release_hannel - Release the vmbus channel object itself
185 static void release_channel(struct work_struct *work)
187 struct vmbus_channel *channel = container_of(work,
188 struct vmbus_channel,
189 work);
191 destroy_workqueue(channel->controlwq);
193 kfree(channel);
197 * free_channel - Release the resources used by the vmbus channel object
199 static void free_channel(struct vmbus_channel *channel)
203 * We have to release the channel's workqueue/thread in the vmbus's
204 * workqueue/thread context
205 * ie we can't destroy ourselves.
207 INIT_WORK(&channel->work, release_channel);
208 queue_work(vmbus_connection.work_queue, &channel->work);
214 * vmbus_process_rescind_offer -
215 * Rescind the offer by initiating a device removal
217 static void vmbus_process_rescind_offer(struct work_struct *work)
219 struct vmbus_channel *channel = container_of(work,
220 struct vmbus_channel,
221 work);
223 vmbus_device_unregister(channel->device_obj);
226 void vmbus_free_channels(void)
228 struct vmbus_channel *channel;
230 list_for_each_entry(channel, &vmbus_connection.chn_list, listentry) {
231 vmbus_device_unregister(channel->device_obj);
232 kfree(channel->device_obj);
233 free_channel(channel);
238 * vmbus_process_offer - Process the offer by creating a channel/device
239 * associated with this offer
241 static void vmbus_process_offer(struct work_struct *work)
243 struct vmbus_channel *newchannel = container_of(work,
244 struct vmbus_channel,
245 work);
246 struct vmbus_channel *channel;
247 bool fnew = true;
248 int ret;
249 unsigned long flags;
251 /* The next possible work is rescind handling */
252 INIT_WORK(&newchannel->work, vmbus_process_rescind_offer);
254 /* Make sure this is a new offer */
255 spin_lock_irqsave(&vmbus_connection.channel_lock, flags);
257 list_for_each_entry(channel, &vmbus_connection.chn_list, listentry) {
258 if (!uuid_le_cmp(channel->offermsg.offer.if_type,
259 newchannel->offermsg.offer.if_type) &&
260 !uuid_le_cmp(channel->offermsg.offer.if_instance,
261 newchannel->offermsg.offer.if_instance)) {
262 fnew = false;
263 break;
267 if (fnew)
268 list_add_tail(&newchannel->listentry,
269 &vmbus_connection.chn_list);
271 spin_unlock_irqrestore(&vmbus_connection.channel_lock, flags);
273 if (!fnew) {
274 free_channel(newchannel);
275 return;
279 * Start the process of binding this offer to the driver
280 * We need to set the DeviceObject field before calling
281 * vmbus_child_dev_add()
283 newchannel->device_obj = vmbus_device_create(
284 &newchannel->offermsg.offer.if_type,
285 &newchannel->offermsg.offer.if_instance,
286 newchannel);
289 * Add the new device to the bus. This will kick off device-driver
290 * binding which eventually invokes the device driver's AddDevice()
291 * method.
293 ret = vmbus_device_register(newchannel->device_obj);
294 if (ret != 0) {
295 pr_err("unable to add child device object (relid %d)\n",
296 newchannel->offermsg.child_relid);
298 spin_lock_irqsave(&vmbus_connection.channel_lock, flags);
299 list_del(&newchannel->listentry);
300 spin_unlock_irqrestore(&vmbus_connection.channel_lock, flags);
301 kfree(newchannel->device_obj);
303 free_channel(newchannel);
304 } else {
306 * This state is used to indicate a successful open
307 * so that when we do close the channel normally, we
308 * can cleanup properly
310 newchannel->state = CHANNEL_OPEN_STATE;
315 * vmbus_onoffer - Handler for channel offers from vmbus in parent partition.
318 static void vmbus_onoffer(struct vmbus_channel_message_header *hdr)
320 struct vmbus_channel_offer_channel *offer;
321 struct vmbus_channel *newchannel;
322 uuid_le *guidtype;
323 uuid_le *guidinstance;
324 int i;
325 int fsupported = 0;
327 offer = (struct vmbus_channel_offer_channel *)hdr;
328 for (i = 0; i < MAX_NUM_DEVICE_CLASSES_SUPPORTED; i++) {
329 if (!uuid_le_cmp(offer->offer.if_type,
330 supported_device_classes[i])) {
331 fsupported = 1;
332 break;
336 if (!fsupported)
337 return;
339 guidtype = &offer->offer.if_type;
340 guidinstance = &offer->offer.if_instance;
342 /* Allocate the channel object and save this offer. */
343 newchannel = alloc_channel();
344 if (!newchannel) {
345 pr_err("Unable to allocate channel object\n");
346 return;
349 memcpy(&newchannel->offermsg, offer,
350 sizeof(struct vmbus_channel_offer_channel));
351 newchannel->monitor_grp = (u8)offer->monitorid / 32;
352 newchannel->monitor_bit = (u8)offer->monitorid % 32;
354 INIT_WORK(&newchannel->work, vmbus_process_offer);
355 queue_work(newchannel->controlwq, &newchannel->work);
359 * vmbus_onoffer_rescind - Rescind offer handler.
361 * We queue a work item to process this offer synchronously
363 static void vmbus_onoffer_rescind(struct vmbus_channel_message_header *hdr)
365 struct vmbus_channel_rescind_offer *rescind;
366 struct vmbus_channel *channel;
368 rescind = (struct vmbus_channel_rescind_offer *)hdr;
369 channel = relid2channel(rescind->child_relid);
371 if (channel == NULL)
372 /* Just return here, no channel found */
373 return;
375 /* work is initialized for vmbus_process_rescind_offer() from
376 * vmbus_process_offer() where the channel got created */
377 queue_work(channel->controlwq, &channel->work);
381 * vmbus_onoffers_delivered -
382 * This is invoked when all offers have been delivered.
384 * Nothing to do here.
386 static void vmbus_onoffers_delivered(
387 struct vmbus_channel_message_header *hdr)
392 * vmbus_onopen_result - Open result handler.
394 * This is invoked when we received a response to our channel open request.
395 * Find the matching request, copy the response and signal the requesting
396 * thread.
398 static void vmbus_onopen_result(struct vmbus_channel_message_header *hdr)
400 struct vmbus_channel_open_result *result;
401 struct vmbus_channel_msginfo *msginfo;
402 struct vmbus_channel_message_header *requestheader;
403 struct vmbus_channel_open_channel *openmsg;
404 unsigned long flags;
406 result = (struct vmbus_channel_open_result *)hdr;
409 * Find the open msg, copy the result and signal/unblock the wait event
411 spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
413 list_for_each_entry(msginfo, &vmbus_connection.chn_msg_list,
414 msglistentry) {
415 requestheader =
416 (struct vmbus_channel_message_header *)msginfo->msg;
418 if (requestheader->msgtype == CHANNELMSG_OPENCHANNEL) {
419 openmsg =
420 (struct vmbus_channel_open_channel *)msginfo->msg;
421 if (openmsg->child_relid == result->child_relid &&
422 openmsg->openid == result->openid) {
423 memcpy(&msginfo->response.open_result,
424 result,
425 sizeof(
426 struct vmbus_channel_open_result));
427 complete(&msginfo->waitevent);
428 break;
432 spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
436 * vmbus_ongpadl_created - GPADL created handler.
438 * This is invoked when we received a response to our gpadl create request.
439 * Find the matching request, copy the response and signal the requesting
440 * thread.
442 static void vmbus_ongpadl_created(struct vmbus_channel_message_header *hdr)
444 struct vmbus_channel_gpadl_created *gpadlcreated;
445 struct vmbus_channel_msginfo *msginfo;
446 struct vmbus_channel_message_header *requestheader;
447 struct vmbus_channel_gpadl_header *gpadlheader;
448 unsigned long flags;
450 gpadlcreated = (struct vmbus_channel_gpadl_created *)hdr;
453 * Find the establish msg, copy the result and signal/unblock the wait
454 * event
456 spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
458 list_for_each_entry(msginfo, &vmbus_connection.chn_msg_list,
459 msglistentry) {
460 requestheader =
461 (struct vmbus_channel_message_header *)msginfo->msg;
463 if (requestheader->msgtype == CHANNELMSG_GPADL_HEADER) {
464 gpadlheader =
465 (struct vmbus_channel_gpadl_header *)requestheader;
467 if ((gpadlcreated->child_relid ==
468 gpadlheader->child_relid) &&
469 (gpadlcreated->gpadl == gpadlheader->gpadl)) {
470 memcpy(&msginfo->response.gpadl_created,
471 gpadlcreated,
472 sizeof(
473 struct vmbus_channel_gpadl_created));
474 complete(&msginfo->waitevent);
475 break;
479 spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
483 * vmbus_ongpadl_torndown - GPADL torndown handler.
485 * This is invoked when we received a response to our gpadl teardown request.
486 * Find the matching request, copy the response and signal the requesting
487 * thread.
489 static void vmbus_ongpadl_torndown(
490 struct vmbus_channel_message_header *hdr)
492 struct vmbus_channel_gpadl_torndown *gpadl_torndown;
493 struct vmbus_channel_msginfo *msginfo;
494 struct vmbus_channel_message_header *requestheader;
495 struct vmbus_channel_gpadl_teardown *gpadl_teardown;
496 unsigned long flags;
498 gpadl_torndown = (struct vmbus_channel_gpadl_torndown *)hdr;
501 * Find the open msg, copy the result and signal/unblock the wait event
503 spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
505 list_for_each_entry(msginfo, &vmbus_connection.chn_msg_list,
506 msglistentry) {
507 requestheader =
508 (struct vmbus_channel_message_header *)msginfo->msg;
510 if (requestheader->msgtype == CHANNELMSG_GPADL_TEARDOWN) {
511 gpadl_teardown =
512 (struct vmbus_channel_gpadl_teardown *)requestheader;
514 if (gpadl_torndown->gpadl == gpadl_teardown->gpadl) {
515 memcpy(&msginfo->response.gpadl_torndown,
516 gpadl_torndown,
517 sizeof(
518 struct vmbus_channel_gpadl_torndown));
519 complete(&msginfo->waitevent);
520 break;
524 spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
528 * vmbus_onversion_response - Version response handler
530 * This is invoked when we received a response to our initiate contact request.
531 * Find the matching request, copy the response and signal the requesting
532 * thread.
534 static void vmbus_onversion_response(
535 struct vmbus_channel_message_header *hdr)
537 struct vmbus_channel_msginfo *msginfo;
538 struct vmbus_channel_message_header *requestheader;
539 struct vmbus_channel_initiate_contact *initiate;
540 struct vmbus_channel_version_response *version_response;
541 unsigned long flags;
543 version_response = (struct vmbus_channel_version_response *)hdr;
544 spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
546 list_for_each_entry(msginfo, &vmbus_connection.chn_msg_list,
547 msglistentry) {
548 requestheader =
549 (struct vmbus_channel_message_header *)msginfo->msg;
551 if (requestheader->msgtype ==
552 CHANNELMSG_INITIATE_CONTACT) {
553 initiate =
554 (struct vmbus_channel_initiate_contact *)requestheader;
555 memcpy(&msginfo->response.version_response,
556 version_response,
557 sizeof(struct vmbus_channel_version_response));
558 complete(&msginfo->waitevent);
561 spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
564 /* Channel message dispatch table */
565 static struct vmbus_channel_message_table_entry
566 channel_message_table[CHANNELMSG_COUNT] = {
567 {CHANNELMSG_INVALID, NULL},
568 {CHANNELMSG_OFFERCHANNEL, vmbus_onoffer},
569 {CHANNELMSG_RESCIND_CHANNELOFFER, vmbus_onoffer_rescind},
570 {CHANNELMSG_REQUESTOFFERS, NULL},
571 {CHANNELMSG_ALLOFFERS_DELIVERED, vmbus_onoffers_delivered},
572 {CHANNELMSG_OPENCHANNEL, NULL},
573 {CHANNELMSG_OPENCHANNEL_RESULT, vmbus_onopen_result},
574 {CHANNELMSG_CLOSECHANNEL, NULL},
575 {CHANNELMSG_GPADL_HEADER, NULL},
576 {CHANNELMSG_GPADL_BODY, NULL},
577 {CHANNELMSG_GPADL_CREATED, vmbus_ongpadl_created},
578 {CHANNELMSG_GPADL_TEARDOWN, NULL},
579 {CHANNELMSG_GPADL_TORNDOWN, vmbus_ongpadl_torndown},
580 {CHANNELMSG_RELID_RELEASED, NULL},
581 {CHANNELMSG_INITIATE_CONTACT, NULL},
582 {CHANNELMSG_VERSION_RESPONSE, vmbus_onversion_response},
583 {CHANNELMSG_UNLOAD, NULL},
587 * vmbus_onmessage - Handler for channel protocol messages.
589 * This is invoked in the vmbus worker thread context.
591 void vmbus_onmessage(void *context)
593 struct hv_message *msg = context;
594 struct vmbus_channel_message_header *hdr;
595 int size;
597 hdr = (struct vmbus_channel_message_header *)msg->u.payload;
598 size = msg->header.payload_size;
600 if (hdr->msgtype >= CHANNELMSG_COUNT) {
601 pr_err("Received invalid channel message type %d size %d\n",
602 hdr->msgtype, size);
603 print_hex_dump_bytes("", DUMP_PREFIX_NONE,
604 (unsigned char *)msg->u.payload, size);
605 return;
608 if (channel_message_table[hdr->msgtype].message_handler)
609 channel_message_table[hdr->msgtype].message_handler(hdr);
610 else
611 pr_err("Unhandled channel message type %d\n", hdr->msgtype);
615 * vmbus_request_offers - Send a request to get all our pending offers.
617 int vmbus_request_offers(void)
619 struct vmbus_channel_message_header *msg;
620 struct vmbus_channel_msginfo *msginfo;
621 int ret, t;
623 msginfo = kmalloc(sizeof(*msginfo) +
624 sizeof(struct vmbus_channel_message_header),
625 GFP_KERNEL);
626 if (!msginfo)
627 return -ENOMEM;
629 init_completion(&msginfo->waitevent);
631 msg = (struct vmbus_channel_message_header *)msginfo->msg;
633 msg->msgtype = CHANNELMSG_REQUESTOFFERS;
636 ret = vmbus_post_msg(msg,
637 sizeof(struct vmbus_channel_message_header));
638 if (ret != 0) {
639 pr_err("Unable to request offers - %d\n", ret);
641 goto cleanup;
644 t = wait_for_completion_timeout(&msginfo->waitevent, 5*HZ);
645 if (t == 0) {
646 ret = -ETIMEDOUT;
647 goto cleanup;
652 cleanup:
653 kfree(msginfo);
655 return ret;
658 /* eof */