xen_console.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
xen_console.c (8794B)
      1/*
      2 *  Copyright (C) International Business Machines  Corp., 2005
      3 *  Author(s): Anthony Liguori <aliguori@us.ibm.com>
      4 *
      5 *  Copyright (C) Red Hat 2007
      6 *
      7 *  Xen Console
      8 *
      9 *  This program is free software; you can redistribute it and/or modify
     10 *  it under the terms of the GNU General Public License as published by
     11 *  the Free Software Foundation; under version 2 of the License.
     12 *
     13 *  This program is distributed in the hope that it will be useful,
     14 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     15 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     16 *  GNU General Public License for more details.
     17 *
     18 *  You should have received a copy of the GNU General Public License along
     19 *  with this program; if not, see <http://www.gnu.org/licenses/>.
     20 */
     21
     22#include "qemu/osdep.h"
     23#include <sys/select.h>
     24#include <termios.h>
     25
     26#include "qapi/error.h"
     27#include "sysemu/sysemu.h"
     28#include "chardev/char-fe.h"
     29#include "hw/xen/xen-legacy-backend.h"
     30
     31#include "hw/xen/interface/io/console.h"
     32
     33struct buffer {
     34    uint8_t *data;
     35    size_t consumed;
     36    size_t size;
     37    size_t capacity;
     38    size_t max_capacity;
     39};
     40
     41struct XenConsole {
     42    struct XenLegacyDevice  xendev;  /* must be first */
     43    struct buffer     buffer;
     44    char              console[XEN_BUFSIZE];
     45    int               ring_ref;
     46    void              *sring;
     47    CharBackend       chr;
     48    int               backlog;
     49};
     50
     51static void buffer_append(struct XenConsole *con)
     52{
     53    struct buffer *buffer = &con->buffer;
     54    XENCONS_RING_IDX cons, prod, size;
     55    struct xencons_interface *intf = con->sring;
     56
     57    cons = intf->out_cons;
     58    prod = intf->out_prod;
     59    xen_mb();
     60
     61    size = prod - cons;
     62    if ((size == 0) || (size > sizeof(intf->out)))
     63        return;
     64
     65    if ((buffer->capacity - buffer->size) < size) {
     66        buffer->capacity += (size + 1024);
     67        buffer->data = g_realloc(buffer->data, buffer->capacity);
     68    }
     69
     70    while (cons != prod)
     71        buffer->data[buffer->size++] = intf->out[
     72            MASK_XENCONS_IDX(cons++, intf->out)];
     73
     74    xen_mb();
     75    intf->out_cons = cons;
     76    xen_pv_send_notify(&con->xendev);
     77
     78    if (buffer->max_capacity &&
     79        buffer->size > buffer->max_capacity) {
     80        /* Discard the middle of the data. */
     81
     82        size_t over = buffer->size - buffer->max_capacity;
     83        uint8_t *maxpos = buffer->data + buffer->max_capacity;
     84
     85        memmove(maxpos - over, maxpos, over);
     86        buffer->data = g_realloc(buffer->data, buffer->max_capacity);
     87        buffer->size = buffer->capacity = buffer->max_capacity;
     88
     89        if (buffer->consumed > buffer->max_capacity - over)
     90            buffer->consumed = buffer->max_capacity - over;
     91    }
     92}
     93
     94static void buffer_advance(struct buffer *buffer, size_t len)
     95{
     96    buffer->consumed += len;
     97    if (buffer->consumed == buffer->size) {
     98        buffer->consumed = 0;
     99        buffer->size = 0;
    100    }
    101}
    102
    103static int ring_free_bytes(struct XenConsole *con)
    104{
    105    struct xencons_interface *intf = con->sring;
    106    XENCONS_RING_IDX cons, prod, space;
    107
    108    cons = intf->in_cons;
    109    prod = intf->in_prod;
    110    xen_mb();
    111
    112    space = prod - cons;
    113    if (space > sizeof(intf->in))
    114        return 0; /* ring is screwed: ignore it */
    115
    116    return (sizeof(intf->in) - space);
    117}
    118
    119static int xencons_can_receive(void *opaque)
    120{
    121    struct XenConsole *con = opaque;
    122    return ring_free_bytes(con);
    123}
    124
    125static void xencons_receive(void *opaque, const uint8_t *buf, int len)
    126{
    127    struct XenConsole *con = opaque;
    128    struct xencons_interface *intf = con->sring;
    129    XENCONS_RING_IDX prod;
    130    int i, max;
    131
    132    max = ring_free_bytes(con);
    133    /* The can_receive() func limits this, but check again anyway */
    134    if (max < len)
    135        len = max;
    136
    137    prod = intf->in_prod;
    138    for (i = 0; i < len; i++) {
    139        intf->in[MASK_XENCONS_IDX(prod++, intf->in)] =
    140            buf[i];
    141    }
    142    xen_wmb();
    143    intf->in_prod = prod;
    144    xen_pv_send_notify(&con->xendev);
    145}
    146
    147static void xencons_send(struct XenConsole *con)
    148{
    149    ssize_t len, size;
    150
    151    size = con->buffer.size - con->buffer.consumed;
    152    if (qemu_chr_fe_backend_connected(&con->chr)) {
    153        len = qemu_chr_fe_write(&con->chr,
    154                                con->buffer.data + con->buffer.consumed,
    155                                size);
    156    } else {
    157        len = size;
    158    }
    159    if (len < 1) {
    160        if (!con->backlog) {
    161            con->backlog = 1;
    162            xen_pv_printf(&con->xendev, 1,
    163                          "backlog piling up, nobody listening?\n");
    164        }
    165    } else {
    166        buffer_advance(&con->buffer, len);
    167        if (con->backlog && len == size) {
    168            con->backlog = 0;
    169            xen_pv_printf(&con->xendev, 1, "backlog is gone\n");
    170        }
    171    }
    172}
    173
    174/* -------------------------------------------------------------------- */
    175
    176static int con_init(struct XenLegacyDevice *xendev)
    177{
    178    struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
    179    char *type, *dom, label[32];
    180    int ret = 0;
    181    const char *output;
    182
    183    /* setup */
    184    dom = xs_get_domain_path(xenstore, con->xendev.dom);
    185    if (!xendev->dev) {
    186        snprintf(con->console, sizeof(con->console), "%s/console", dom);
    187    } else {
    188        snprintf(con->console, sizeof(con->console), "%s/device/console/%d", dom, xendev->dev);
    189    }
    190    free(dom);
    191
    192    type = xenstore_read_str(con->console, "type");
    193    if (!type || strcmp(type, "ioemu") != 0) {
    194        xen_pv_printf(xendev, 1, "not for me (type=%s)\n", type);
    195        ret = -1;
    196        goto out;
    197    }
    198
    199    output = xenstore_read_str(con->console, "output");
    200
    201    /* no Xen override, use qemu output device */
    202    if (output == NULL) {
    203        if (con->xendev.dev) {
    204            qemu_chr_fe_init(&con->chr, serial_hd(con->xendev.dev),
    205                             &error_abort);
    206        }
    207    } else {
    208        snprintf(label, sizeof(label), "xencons%d", con->xendev.dev);
    209        qemu_chr_fe_init(&con->chr,
    210                         /*
    211                          * FIXME: sure we want to support implicit
    212                          * muxed monitors here?
    213                          */
    214                         qemu_chr_new_mux_mon(label, output, NULL),
    215                         &error_abort);
    216    }
    217
    218    xenstore_store_pv_console_info(con->xendev.dev,
    219                                   qemu_chr_fe_get_driver(&con->chr));
    220
    221out:
    222    g_free(type);
    223    return ret;
    224}
    225
    226static int con_initialise(struct XenLegacyDevice *xendev)
    227{
    228    struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
    229    int limit;
    230
    231    if (xenstore_read_int(con->console, "ring-ref", &con->ring_ref) == -1)
    232        return -1;
    233    if (xenstore_read_int(con->console, "port", &con->xendev.remote_port) == -1)
    234        return -1;
    235    if (xenstore_read_int(con->console, "limit", &limit) == 0)
    236        con->buffer.max_capacity = limit;
    237
    238    if (!xendev->dev) {
    239        xen_pfn_t mfn = con->ring_ref;
    240        con->sring = xenforeignmemory_map(xen_fmem, con->xendev.dom,
    241                                          PROT_READ | PROT_WRITE,
    242                                          1, &mfn, NULL);
    243    } else {
    244        con->sring = xen_be_map_grant_ref(xendev, con->ring_ref,
    245                                          PROT_READ | PROT_WRITE);
    246    }
    247    if (!con->sring)
    248        return -1;
    249
    250    xen_be_bind_evtchn(&con->xendev);
    251    qemu_chr_fe_set_handlers(&con->chr, xencons_can_receive,
    252                             xencons_receive, NULL, NULL, con, NULL, true);
    253
    254    xen_pv_printf(xendev, 1,
    255                  "ring mfn %d, remote port %d, local port %d, limit %zd\n",
    256                  con->ring_ref,
    257                  con->xendev.remote_port,
    258                  con->xendev.local_port,
    259                  con->buffer.max_capacity);
    260    return 0;
    261}
    262
    263static void con_disconnect(struct XenLegacyDevice *xendev)
    264{
    265    struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
    266
    267    qemu_chr_fe_deinit(&con->chr, false);
    268    xen_pv_unbind_evtchn(&con->xendev);
    269
    270    if (con->sring) {
    271        if (!xendev->dev) {
    272            xenforeignmemory_unmap(xen_fmem, con->sring, 1);
    273        } else {
    274            xen_be_unmap_grant_ref(xendev, con->sring);
    275        }
    276        con->sring = NULL;
    277    }
    278}
    279
    280static void con_event(struct XenLegacyDevice *xendev)
    281{
    282    struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
    283
    284    buffer_append(con);
    285    if (con->buffer.size - con->buffer.consumed)
    286        xencons_send(con);
    287}
    288
    289/* -------------------------------------------------------------------- */
    290
    291struct XenDevOps xen_console_ops = {
    292    .size       = sizeof(struct XenConsole),
    293    .flags      = DEVOPS_FLAG_IGNORE_STATE|DEVOPS_FLAG_NEED_GNTDEV,
    294    .init       = con_init,
    295    .initialise = con_initialise,
    296    .event      = con_event,
    297    .disconnect = con_disconnect,
    298};