From c4db5246aa43757c0bdfd7d7e46f5e11e176dab6 Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Wed, 15 Nov 2006 16:44:35 +0000
Subject: [PATCH] [XEN] Define remaining x86 public pointer fields as guest
 handles. Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Keir
 Fraser <keir@xensource.com>

---
 xen/arch/x86/domain.c           | 14 ++++++--------
 xen/arch/x86/mm.c               |  2 +-
 xen/arch/x86/physdev.c          |  2 +-
 xen/arch/x86/traps.c            | 18 +++++++++++++++---
 xen/include/asm-x86/domain.h    |  2 +-
 xen/include/public/physdev.h    |  3 +--
 xen/include/public/vcpu.h       |  7 +++++--
 xen/include/public/xen-compat.h |  9 ++++++++-
 xen/include/public/xen.h        |  2 +-
 xen/include/xen/sched.h         |  2 +-
 10 files changed, 40 insertions(+), 21 deletions(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index ce522cdcf5..80af1222fa 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -396,21 +396,20 @@ arch_do_vcpu_op(
         if ( copy_from_guest(&area, arg, 1) )
             break;
 
-        if ( !access_ok(area.addr.v, sizeof(*area.addr.v)) )
+        if ( !guest_handle_okay(area.addr.h, 1) )
             break;
 
         rc = 0;
-        v->runstate_guest = area.addr.v;
+        v->runstate_guest = area.addr.h;
 
         if ( v == current )
         {
-            __copy_to_user(v->runstate_guest, &v->runstate,
-                           sizeof(v->runstate));
+            __copy_to_guest(v->runstate_guest, &v->runstate, 1);
         }
         else
         {
             vcpu_runstate_get(v, &runstate);
-            __copy_to_user(v->runstate_guest, &runstate, sizeof(runstate));
+            __copy_to_guest(v->runstate_guest, &runstate, 1);
         }
 
         break;
@@ -767,9 +766,8 @@ void context_switch(struct vcpu *prev, struct vcpu *next)
     context_saved(prev);
 
     /* Update per-VCPU guest runstate shared memory area (if registered). */
-    if ( next->runstate_guest != NULL )
-        __copy_to_user(next->runstate_guest, &next->runstate,
-                       sizeof(next->runstate));
+    if ( !guest_handle_is_null(next->runstate_guest) )
+        __copy_to_guest(next->runstate_guest, &next->runstate, 1);
 
     schedule_tail(next);
     BUG();
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 2ca0826d14..c7dc88d503 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2067,7 +2067,7 @@ int do_mmuext_op(
         {
             unsigned long vmask;
             cpumask_t     pmask;
-            if ( unlikely(get_user(vmask, (unsigned long *)op.arg2.vcpumask)) )
+            if ( unlikely(copy_from_guest(&vmask, op.arg2.vcpumask, 1)) )
             {
                 okay = 0;
                 break;
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index cde604bffc..d24aad62aa 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -125,7 +125,7 @@ long do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
         if ( copy_from_guest(&set_iobitmap, arg, 1) != 0 )
             break;
         ret = -EINVAL;
-        if ( !access_ok(set_iobitmap.bitmap, IOBMP_BYTES) ||
+        if ( !guest_handle_okay(set_iobitmap.bitmap, IOBMP_BYTES) ||
              (set_iobitmap.nr_ports > 65536) )
             break;
         ret = 0;
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 2b5a97cce2..33194a22a5 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -952,7 +952,6 @@ static inline int guest_io_okay(
     unsigned int port, unsigned int bytes,
     struct vcpu *v, struct cpu_user_regs *regs)
 {
-    u16 x;
 #if defined(__x86_64__)
     /* If in user mode, switch to kernel mode just to read I/O bitmap. */
     int user_mode = !(v->arch.flags & TF_kernel_mode);
@@ -967,10 +966,23 @@ static inline int guest_io_okay(
 
     if ( v->arch.iobmp_limit > (port + bytes) )
     {
+        union { uint8_t bytes[2]; uint16_t mask; } x;
+
+        /*
+         * Grab permission bytes from guest space. Inaccessible bytes are
+         * read as 0xff (no access allowed).
+         */
         TOGGLE_MODE();
-        __get_user(x, (u16 *)(v->arch.iobmp+(port>>3)));
+        switch ( __copy_from_guest_offset(&x.bytes[0], v->arch.iobmp,
+                                          port>>3, 2) )
+        {
+        default: x.bytes[0] = ~0;
+        case 1:  x.bytes[1] = ~0;
+        case 0:  break;
+        }
         TOGGLE_MODE();
-        if ( (x & (((1<<bytes)-1) << (port&7))) == 0 )
+
+        if ( (x.mask & (((1<<bytes)-1) << (port&7))) == 0 )
             return 1;
     }
 
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 89535b5810..e2f7d2f09c 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -171,7 +171,7 @@ struct arch_vcpu
     struct trap_bounce trap_bounce;
 
     /* I/O-port access bitmap. */
-    u8 *iobmp;        /* Guest kernel virtual address of the bitmap. */
+    XEN_GUEST_HANDLE(uint8_t) iobmp; /* Guest kernel virtual address of the bitmap. */
     int iobmp_limit;  /* Number of ports represented in the bitmap.  */
     int iopl;         /* Current IOPL for this VCPU. */
 
diff --git a/xen/include/public/physdev.h b/xen/include/public/physdev.h
index 890f1e3dcd..5692cee897 100644
--- a/xen/include/public/physdev.h
+++ b/xen/include/public/physdev.h
@@ -1,4 +1,3 @@
-
 /*
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to
@@ -82,7 +81,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_set_iopl_t);
 #define PHYSDEVOP_set_iobitmap           7
 struct physdev_set_iobitmap {
     /* IN */
-    uint8_t *bitmap;
+    XEN_GUEST_HANDLE_00030205(uint8_t) bitmap;
     uint32_t nr_ports;
 };
 typedef struct physdev_set_iobitmap physdev_set_iobitmap_t;
diff --git a/xen/include/public/vcpu.h b/xen/include/public/vcpu.h
index 825e849e70..12df6dbe15 100644
--- a/xen/include/public/vcpu.h
+++ b/xen/include/public/vcpu.h
@@ -86,6 +86,7 @@ struct vcpu_runstate_info {
     uint64_t time[4];
 };
 typedef struct vcpu_runstate_info vcpu_runstate_info_t;
+DEFINE_XEN_GUEST_HANDLE(vcpu_runstate_info_t);
 
 /* VCPU is currently running on a physical CPU. */
 #define RUNSTATE_running  0
@@ -108,8 +109,9 @@ typedef struct vcpu_runstate_info vcpu_runstate_info_t;
  * Register a shared memory area from which the guest may obtain its own
  * runstate information without needing to execute a hypercall.
  * Notes:
- *  1. The registered address may be virtual or physical, depending on the
- *     platform. The virtual address should be registered on x86 systems.
+ *  1. The registered address may be virtual or physical or guest handle,
+ *     depending on the platform. Virtual address or guest handle should be
+ *     registered on x86 systems.
  *  2. Only one shared area may be registered per VCPU. The shared area is
  *     updated by the hypervisor each time the VCPU is scheduled. Thus
  *     runstate.state will always be RUNSTATE_running and
@@ -120,6 +122,7 @@ typedef struct vcpu_runstate_info vcpu_runstate_info_t;
 #define VCPUOP_register_runstate_memory_area 5
 struct vcpu_register_runstate_memory_area {
     union {
+        XEN_GUEST_HANDLE(vcpu_runstate_info_t) h;
         struct vcpu_runstate_info *v;
         uint64_t p;
     } addr;
diff --git a/xen/include/public/xen-compat.h b/xen/include/public/xen-compat.h
index f23abf95d4..19b0a2c733 100644
--- a/xen/include/public/xen-compat.h
+++ b/xen/include/public/xen-compat.h
@@ -27,7 +27,7 @@
 #ifndef __XEN_PUBLIC_XEN_COMPAT_H__
 #define __XEN_PUBLIC_XEN_COMPAT_H__
 
-#define __XEN_LATEST_INTERFACE_VERSION__ 0x00030204
+#define __XEN_LATEST_INTERFACE_VERSION__ 0x00030205
 
 #if defined(__XEN__) || defined(__XEN_TOOLS__)
 /* Xen is built with matching headers and implements the latest interface. */
@@ -41,4 +41,11 @@
 #error "These header files do not support the requested interface version."
 #endif
 
+/* Fields defined as a Xen guest handle since 0x00030205. */
+#if __XEN_INTERFACE_VERSION__ >= 0x00030205
+#define XEN_GUEST_HANDLE_00030205(type) XEN_GUEST_HANDLE(type)
+#else
+#define XEN_GUEST_HANDLE_00030205(type) type *
+#endif
+
 #endif /* __XEN_PUBLIC_XEN_COMPAT_H__ */
diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h
index f44d61fd10..1b810df364 100644
--- a/xen/include/public/xen.h
+++ b/xen/include/public/xen.h
@@ -246,7 +246,7 @@ struct mmuext_op {
         /* SET_LDT */
         unsigned int nr_ents;
         /* TLB_FLUSH_MULTI, INVLPG_MULTI */
-        void *vcpumask;
+        XEN_GUEST_HANDLE_00030205(void) vcpumask;
     } arg2;
 };
 typedef struct mmuext_op mmuext_op_t;
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index d08959cab1..bb9dcd741f 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -75,7 +75,7 @@ struct vcpu
     void            *sched_priv;    /* scheduler-specific data */
 
     struct vcpu_runstate_info runstate;
-    struct vcpu_runstate_info *runstate_guest; /* guest address */
+    XEN_GUEST_HANDLE(vcpu_runstate_info_t) runstate_guest; /* guest address */
 
     unsigned long    vcpu_flags;
 
-- 
2.30.2