this patch validates input of virtio_console_control_tx()
function to avoid potential progream crash with malicious
input from guest.
Tracked-On: #6851
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Rename uos_rpmb_size to user_vm_rpmb_size.
rename get_uos_count to get_user_vm_count.
rename get_uos_id to get_user_vmid.
rename uos_id to user_vmid.
Tracked-On: #6744
Signed-off-by: Liu Long <long.liu@linux.intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Rename SOS_VM_NUM to SERVICE_VM_NUM.
rename SOS_SOCKET_PORT to SERVICE_VM_SOCKET_PORT.
rename PROCESS_RUN_IN_SOS to PROCESS_RUN_IN_SERVICE_VM.
rename PCI_DEV_TYPE_SOSEMUL to PCI_DEV_TYPE_SERVICE_VM_EMUL.
rename SHUTDOWN_REQ_FROM_SOS to SHUTDOWN_REQ_FROM_SERVICE_VM.
rename PROCESS_RUN_IN_SOS to PROCESS_RUN_IN_SERVICE_VM.
rename SHUTDOWN_REQ_FROM_UOS to SHUTDOWN_REQ_FROM_USER_VM.
rename UOS_SOCKET_PORT to USER_VM_SOCKET_PORT.
rename SOS_CONSOLE to SERVICE_VM_OS_CONSOLE.
rename SOS_LCS_SOCK to SERVICE_VM_LCS_SOCK.
rename SOS_VM_BOOTARGS to SERVICE_VM_OS_BOOTARGS.
rename SOS_ROOTFS to SERVICE_VM_ROOTFS.
rename SOS_IDLE to SERVICE_VM_IDLE.
rename SEVERITY_SOS to SEVERITY_SERVICE_VM.
rename SOS_VM_UUID to SERVICE_VM_UUID.
rename SOS_REQ to SERVICE_VM_REQ.
rename RTCT_NATIVE_FILE_PATH_IN_SOS to RTCT_NATIVE_FILE_PATH_IN_SERVICE_VM.
rename CBC_REQ_T_UOS_ACTIVE to CBC_REQ_T_USER_VM_ACTIVE.
rename CBC_REQ_T_UOS_INACTIVE to CBC_REQ_T_USER_VM_INACTIV.
rename uos_active to user_vm_active.
Tracked-On: #6744
Signed-off-by: Liu Long <long.liu@linux.intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Function virtio_console_close_all will close all consoles, if the console->nports
value is 1, after the console be destroyed by the mevent teardown function, when
get the nports from the console, there will cause the NULL pointer. Fix the issue.
Tracked-On: #6431
Signed-off-by: Liu Long long.liu@intel.com
Reviewed-by: Jian Jun Chen jian.jun.chen@intel.com
Acked-by: Wang, Yu1 yu1.wang@intel.com
"port->cb" in 'virtio_console_notify_tx()'
function maybe NULL when malicious inputs
are injected from virtio frondend in guest.
Tracked-On: #6388
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
With virtio polling mode enabled, a timer is running in the virtio
backend service. And the timer will also be triggered if its frondend
driver didn't do the device reset in shutdown. A freed virtio device
will be accessed in the polling timer handler.
Do the virtio reset() callback specifically to clear the polling timer
before the free.
Tracked-On: #6147
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Prevent memory and information leaks by checking boundaries of
the incoming buffers from the hypervisor.
1. We check that the buffer is sufficent to hold a valid header.
2. We that each hbm message has valid size
vmei_hbm_handler() now returns -EINVAL if the size too small.
3. hdr->length < data_length.
Tracked-On: #5451
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
paddr_guest2host can return NULL, but code paths in virtio
are not checking the return value.
_vq_record() initializes iov_base pointer using paddr_guest2host()
but there is nothing in the flow that checks for NULL.
Chane _vq_record to return -1 in case the address translation
has failed.
Tracked-On: #5452
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Add Null pointer check in init vq ring and add vq ring descriptor
check in case cause Nullpointer exception.
Tracked-On: #5355
Signed-off-by: Liu Long <long.liu@intel.com>
Add Null pointer check in init vq ring and add vq ring descriptor
check in case cause Nullpointer exception.
Tracked-On: #5355
Signed-off-by: Liu Long <long.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
This patch does the following,
1. Fix an explicit interface name check for tapX preventing
any other interface name like kata_tap to be setup.
2. Add support for macvtap interface.
3. Identify macvtap vs tap interface and
if it is macvtap, identify character device (/dev/tapXX)
to be used.
Tracked-On: #4945
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
use acrn-dm logger function instread of perror,
this helps the stability testing log capture.
Tracked-On: #4098
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
int snprintf(char *str, size_t size, const char *format, ...)
The functions snprintf() write at most size bytes (including the
terminating null byte('\0')) to str.
only when returned value of snprintf is non-negative and less than size,
the string has been completely written.
Tracked-On: #3789
Signed-off-by: Junhao Gao <junhao.gao@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
After Windows 10, version 1607, the cross-signed drivers are forbiden
to load when secure boot is enabled.
Details please refer to
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later-
That means the kvm-guest-drivers-windows can't work when secure boot enabled.
So we found another windows virtio FE drivers from Oracle to resolve this issue
but have to change another subsystem vendor ID for the virtio BE services.
This patch introduces a new DM CMD line "--windows" to launch WaaG with Oracle virtio devices including
virtio-blk, virtio-net, virtio-input instead Redhat. It can make virtio-blk, virtio-net and virtio-input
devices work when WaaG enabling secure boot.
Tracked-On: #3583
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Add subclass for virtio-console pci device. Without the subclass, the
device may be probed by 8250_pci serial driver, and lead to segment
fault in acrn-dm. This issue appears when running debian as Guest OS.
But there is a potential issue, if a new serial driver, which use class
and subclass same as virtio-console, the problem may still trigger. Need
to fix it case by case.
Tracked-On: #3615
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
If failed to create native_adapter, free allocated native_adapter memory before return.
Tracked-On: #3543
Signed-off-by: Yifan Luo <luoyifan@cmss.chinamobile.com>
when stdio is set as a virtio-console, guest run in backend, the open
file descriptor is not referring to a terminal.
Tracked-On: #3473
Signed-off-by: Gao Junhao <junhao.gao@intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
Remove the possible NULL pointer access code for virtio-console.c
Add '\0' to end of native_patch[], to avoid the potential issue when
using %s to print the array for virtio-i2c.c
Tracked-On: #3467
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Reviewed-by: Yonghua Huang <Yonghua.huang@intel.com>
Add dsdt information for i2c adapter and i2c slave devices. Currently,
only support 'cam1', 'cam2' and 'hdac' for MRB board. To add other
specific i2c device, please extend acpi_node_table[].
Usage:
virtio-i2c,<bus>[:<slave_addr>[@<node>]][:<slave_addr>[@<node>]]
[,<bus>[:<slave_addr>[@<node>]][:<slave_addr>][@<node>]]
e.g.
virtio-i2c,0:70@cam1:2F
This will add slave devices 0x70, 0x74 to virtio i2c adapter.
And for 0x70, it has '@cam1', so, will also add acpi info for
it. For 0x74, it has no '@<node>', will not add any acpi info
for it.
Note, there is slave address in acpi node info, please use '@<node>'
according to real hardware.
Tracked-On: #3357
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Reviewed-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang Yu <yu1.wang@intel.com>
Create a new thread for virtio-i2c to process i2c msg from FE. After
receive the msg, BE will dispatch it to corresponding native adapter,
after the process done, it will kick the FE.
Tracked-On: #3357
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Reviewed-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang Yu <yu1.wang@intel.com>
Add backend interface for virtio-i2c, it will parse the parameters,
maintain the info for native i2c device, remap the slave address and
dispatch the requirement from FE. When there is only one native adapter,
will not remap the slave address.
Usage for virtio-i2c:
virtio-i2c,<bus>[:<slave_addr>][:<slave_addr>]
[,<bus>[:<slave_addr>][:<slave_addr>]]
e.g.
1. virtio-i2c,4:1C
SOS:
mount /dev/i2c-4, slave addr is 0x1C.
Guest OS:
/dev/i2c-x
|- 0x1C
2. virtio-i2c,4:1C:2F,6:70
SOS:
/dev/i2c-4, slave addr 0x1C and 0x2F
/dev/i2c-6, slave addr 0x70
Guest OS:
/dev/i2c-x
|- 0x1C
|- 0x2F
|- 0x70
Tracked-On: #3357
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Reviewed-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang Yu <yu1.wang@intel.com>
Bug fix for parsing options, as the vritio-console support multiple
virtio serial ports, and the parameters is split by ',':
virtio-console,[@]stdio|tty|pty|file:portname[=portpath]\
[,[@]stdio|tty|pty|file:portname[=portpath]]
But the previous patch "refine console options parse code" not
cover this case, can only parse one port config. Fix it in this patch.
Tracked-On: #3337
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Wang Yu <yu1.wang@intel.com>
Use strncpy instead of strcpy to avoid buf overflow.
Fix strncpy null-terminated issues.
Tracked-On: #3245
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Adding the feature of communication between VMs using virtio-console
based on appointed socket file. Not appointing the socket type will set
the socket type to be server in default.
Example:
Server: adding "-s 5,virtio-console,socket:console=/path/console.sock:server"
Client: adding "-s 6,virtio-console,socket:console=/path/console.sock:client"
Tracked-On: #3232
Signed-off-by: Gao Junhao <junhao.gao@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Refine the virtio-console options parse code, so that no need to pass
all the variables as parameters to the backend adding function.
Tracked-On: #3232
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
