1 /* 2 * QEMU Xen emulation: Shared/overlay pages support 3 * 4 * Copyright © 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. 5 * 6 * Authors: David Woodhouse <dwmw2@infradead.org> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or later. 9 * See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 14 #include "qemu/host-utils.h" 15 #include "qemu/module.h" 16 #include "qemu/main-loop.h" 17 #include "qemu/cutils.h" 18 #include "qapi/error.h" 19 #include "qom/object.h" 20 #include "migration/vmstate.h" 21 22 #include "hw/sysbus.h" 23 #include "hw/xen/xen.h" 24 #include "xen_overlay.h" 25 #include "xen_evtchn.h" 26 #include "xen_xenstore.h" 27 28 #include "sysemu/kvm.h" 29 #include "sysemu/kvm_xen.h" 30 31 #include "trace.h" 32 33 #include "xenstore_impl.h" 34 35 #include "hw/xen/interface/io/xs_wire.h" 36 #include "hw/xen/interface/event_channel.h" 37 38 #define TYPE_XEN_XENSTORE "xen-xenstore" 39 OBJECT_DECLARE_SIMPLE_TYPE(XenXenstoreState, XEN_XENSTORE) 40 41 #define XEN_PAGE_SHIFT 12 42 #define XEN_PAGE_SIZE (1ULL << XEN_PAGE_SHIFT) 43 44 #define ENTRIES_PER_FRAME_V1 (XEN_PAGE_SIZE / sizeof(grant_entry_v1_t)) 45 #define ENTRIES_PER_FRAME_V2 (XEN_PAGE_SIZE / sizeof(grant_entry_v2_t)) 46 47 #define XENSTORE_HEADER_SIZE ((unsigned int)sizeof(struct xsd_sockmsg)) 48 49 struct XenXenstoreState { 50 /*< private >*/ 51 SysBusDevice busdev; 52 /*< public >*/ 53 54 XenstoreImplState *impl; 55 GList *watch_events; 56 57 MemoryRegion xenstore_page; 58 struct xenstore_domain_interface *xs; 59 uint8_t req_data[XENSTORE_HEADER_SIZE + XENSTORE_PAYLOAD_MAX]; 60 uint8_t rsp_data[XENSTORE_HEADER_SIZE + XENSTORE_PAYLOAD_MAX]; 61 uint32_t req_offset; 62 uint32_t rsp_offset; 63 bool rsp_pending; 64 bool fatal_error; 65 66 evtchn_port_t guest_port; 67 evtchn_port_t be_port; 68 struct xenevtchn_handle *eh; 69 70 uint8_t *impl_state; 71 uint32_t impl_state_size; 72 }; 73 74 struct XenXenstoreState *xen_xenstore_singleton; 75 76 static void xen_xenstore_event(void *opaque); 77 static void fire_watch_cb(void *opaque, const char *path, const char *token); 78 79 static void G_GNUC_PRINTF (4, 5) relpath_printf(XenXenstoreState *s, 80 GList *perms, 81 const char *relpath, 82 const char *fmt, ...) 83 { 84 gchar *abspath; 85 gchar *value; 86 va_list args; 87 GByteArray *data; 88 int err; 89 90 abspath = g_strdup_printf("/local/domain/%u/%s", xen_domid, relpath); 91 va_start(args, fmt); 92 value = g_strdup_vprintf(fmt, args); 93 va_end(args); 94 95 data = g_byte_array_new_take((void *)value, strlen(value)); 96 97 err = xs_impl_write(s->impl, DOMID_QEMU, XBT_NULL, abspath, data); 98 assert(!err); 99 100 g_byte_array_unref(data); 101 102 err = xs_impl_set_perms(s->impl, DOMID_QEMU, XBT_NULL, abspath, perms); 103 assert(!err); 104 105 g_free(abspath); 106 } 107 108 static void xen_xenstore_realize(DeviceState *dev, Error **errp) 109 { 110 XenXenstoreState *s = XEN_XENSTORE(dev); 111 GList *perms; 112 113 if (xen_mode != XEN_EMULATE) { 114 error_setg(errp, "Xen xenstore support is for Xen emulation"); 115 return; 116 } 117 memory_region_init_ram(&s->xenstore_page, OBJECT(dev), "xen:xenstore_page", 118 XEN_PAGE_SIZE, &error_abort); 119 memory_region_set_enabled(&s->xenstore_page, true); 120 s->xs = memory_region_get_ram_ptr(&s->xenstore_page); 121 memset(s->xs, 0, XEN_PAGE_SIZE); 122 123 /* We can't map it this early as KVM isn't ready */ 124 xen_xenstore_singleton = s; 125 126 s->eh = xen_be_evtchn_open(); 127 if (!s->eh) { 128 error_setg(errp, "Xenstore evtchn port init failed"); 129 return; 130 } 131 aio_set_fd_handler(qemu_get_aio_context(), xen_be_evtchn_fd(s->eh), true, 132 xen_xenstore_event, NULL, NULL, NULL, s); 133 134 s->impl = xs_impl_create(xen_domid); 135 136 /* Populate the default nodes */ 137 138 /* Nodes owned by 'dom0' but readable by the guest */ 139 perms = g_list_append(NULL, xs_perm_as_string(XS_PERM_NONE, DOMID_QEMU)); 140 perms = g_list_append(perms, xs_perm_as_string(XS_PERM_READ, xen_domid)); 141 142 relpath_printf(s, perms, "", "%s", ""); 143 144 relpath_printf(s, perms, "domid", "%u", xen_domid); 145 146 relpath_printf(s, perms, "control/platform-feature-xs_reset_watches", "%u", 1); 147 relpath_printf(s, perms, "control/platform-feature-multiprocessor-suspend", "%u", 1); 148 149 relpath_printf(s, perms, "platform/acpi", "%u", 1); 150 relpath_printf(s, perms, "platform/acpi_s3", "%u", 1); 151 relpath_printf(s, perms, "platform/acpi_s4", "%u", 1); 152 relpath_printf(s, perms, "platform/acpi_laptop_slate", "%u", 0); 153 154 g_list_free_full(perms, g_free); 155 156 /* Nodes owned by the guest */ 157 perms = g_list_append(NULL, xs_perm_as_string(XS_PERM_NONE, xen_domid)); 158 159 relpath_printf(s, perms, "attr", "%s", ""); 160 161 relpath_printf(s, perms, "control/shutdown", "%s", ""); 162 relpath_printf(s, perms, "control/feature-poweroff", "%u", 1); 163 relpath_printf(s, perms, "control/feature-reboot", "%u", 1); 164 relpath_printf(s, perms, "control/feature-suspend", "%u", 1); 165 relpath_printf(s, perms, "control/feature-s3", "%u", 1); 166 relpath_printf(s, perms, "control/feature-s4", "%u", 1); 167 168 relpath_printf(s, perms, "data", "%s", ""); 169 relpath_printf(s, perms, "device", "%s", ""); 170 relpath_printf(s, perms, "drivers", "%s", ""); 171 relpath_printf(s, perms, "error", "%s", ""); 172 relpath_printf(s, perms, "feature", "%s", ""); 173 174 g_list_free_full(perms, g_free); 175 } 176 177 static bool xen_xenstore_is_needed(void *opaque) 178 { 179 return xen_mode == XEN_EMULATE; 180 } 181 182 static int xen_xenstore_pre_save(void *opaque) 183 { 184 XenXenstoreState *s = opaque; 185 GByteArray *save; 186 187 if (s->eh) { 188 s->guest_port = xen_be_evtchn_get_guest_port(s->eh); 189 } 190 191 g_free(s->impl_state); 192 save = xs_impl_serialize(s->impl); 193 s->impl_state = save->data; 194 s->impl_state_size = save->len; 195 g_byte_array_free(save, false); 196 197 return 0; 198 } 199 200 static int xen_xenstore_post_load(void *opaque, int ver) 201 { 202 XenXenstoreState *s = opaque; 203 GByteArray *save; 204 int ret; 205 206 /* 207 * As qemu/dom0, rebind to the guest's port. The Windows drivers may 208 * unbind the XenStore evtchn and rebind to it, having obtained the 209 * "remote" port through EVTCHNOP_status. In the case that migration 210 * occurs while it's unbound, the "remote" port needs to be the same 211 * as before so that the guest can find it, but should remain unbound. 212 */ 213 if (s->guest_port) { 214 int be_port = xen_be_evtchn_bind_interdomain(s->eh, xen_domid, 215 s->guest_port); 216 if (be_port < 0) { 217 return be_port; 218 } 219 s->be_port = be_port; 220 } 221 222 save = g_byte_array_new_take(s->impl_state, s->impl_state_size); 223 s->impl_state = NULL; 224 s->impl_state_size = 0; 225 226 ret = xs_impl_deserialize(s->impl, save, xen_domid, fire_watch_cb, s); 227 return ret; 228 } 229 230 static const VMStateDescription xen_xenstore_vmstate = { 231 .name = "xen_xenstore", 232 .unmigratable = 1, /* The PV back ends don't migrate yet */ 233 .version_id = 1, 234 .minimum_version_id = 1, 235 .needed = xen_xenstore_is_needed, 236 .pre_save = xen_xenstore_pre_save, 237 .post_load = xen_xenstore_post_load, 238 .fields = (VMStateField[]) { 239 VMSTATE_UINT8_ARRAY(req_data, XenXenstoreState, 240 sizeof_field(XenXenstoreState, req_data)), 241 VMSTATE_UINT8_ARRAY(rsp_data, XenXenstoreState, 242 sizeof_field(XenXenstoreState, rsp_data)), 243 VMSTATE_UINT32(req_offset, XenXenstoreState), 244 VMSTATE_UINT32(rsp_offset, XenXenstoreState), 245 VMSTATE_BOOL(rsp_pending, XenXenstoreState), 246 VMSTATE_UINT32(guest_port, XenXenstoreState), 247 VMSTATE_BOOL(fatal_error, XenXenstoreState), 248 VMSTATE_UINT32(impl_state_size, XenXenstoreState), 249 VMSTATE_VARRAY_UINT32_ALLOC(impl_state, XenXenstoreState, 250 impl_state_size, 0, 251 vmstate_info_uint8, uint8_t), 252 VMSTATE_END_OF_LIST() 253 } 254 }; 255 256 static void xen_xenstore_class_init(ObjectClass *klass, void *data) 257 { 258 DeviceClass *dc = DEVICE_CLASS(klass); 259 260 dc->realize = xen_xenstore_realize; 261 dc->vmsd = &xen_xenstore_vmstate; 262 } 263 264 static const TypeInfo xen_xenstore_info = { 265 .name = TYPE_XEN_XENSTORE, 266 .parent = TYPE_SYS_BUS_DEVICE, 267 .instance_size = sizeof(XenXenstoreState), 268 .class_init = xen_xenstore_class_init, 269 }; 270 271 void xen_xenstore_create(void) 272 { 273 DeviceState *dev = sysbus_create_simple(TYPE_XEN_XENSTORE, -1, NULL); 274 275 xen_xenstore_singleton = XEN_XENSTORE(dev); 276 277 /* 278 * Defer the init (xen_xenstore_reset()) until KVM is set up and the 279 * overlay page can be mapped. 280 */ 281 } 282 283 static void xen_xenstore_register_types(void) 284 { 285 type_register_static(&xen_xenstore_info); 286 } 287 288 type_init(xen_xenstore_register_types) 289 290 uint16_t xen_xenstore_get_port(void) 291 { 292 XenXenstoreState *s = xen_xenstore_singleton; 293 if (!s) { 294 return 0; 295 } 296 return s->guest_port; 297 } 298 299 static bool req_pending(XenXenstoreState *s) 300 { 301 struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data; 302 303 return s->req_offset == XENSTORE_HEADER_SIZE + req->len; 304 } 305 306 static void reset_req(XenXenstoreState *s) 307 { 308 memset(s->req_data, 0, sizeof(s->req_data)); 309 s->req_offset = 0; 310 } 311 312 static void reset_rsp(XenXenstoreState *s) 313 { 314 s->rsp_pending = false; 315 316 memset(s->rsp_data, 0, sizeof(s->rsp_data)); 317 s->rsp_offset = 0; 318 } 319 320 static void xs_error(XenXenstoreState *s, unsigned int id, 321 xs_transaction_t tx_id, int errnum) 322 { 323 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 324 const char *errstr = NULL; 325 326 for (unsigned int i = 0; i < ARRAY_SIZE(xsd_errors); i++) { 327 struct xsd_errors *xsd_error = &xsd_errors[i]; 328 329 if (xsd_error->errnum == errnum) { 330 errstr = xsd_error->errstring; 331 break; 332 } 333 } 334 assert(errstr); 335 336 trace_xenstore_error(id, tx_id, errstr); 337 338 rsp->type = XS_ERROR; 339 rsp->req_id = id; 340 rsp->tx_id = tx_id; 341 rsp->len = (uint32_t)strlen(errstr) + 1; 342 343 memcpy(&rsp[1], errstr, rsp->len); 344 } 345 346 static void xs_ok(XenXenstoreState *s, unsigned int type, unsigned int req_id, 347 xs_transaction_t tx_id) 348 { 349 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 350 const char *okstr = "OK"; 351 352 rsp->type = type; 353 rsp->req_id = req_id; 354 rsp->tx_id = tx_id; 355 rsp->len = (uint32_t)strlen(okstr) + 1; 356 357 memcpy(&rsp[1], okstr, rsp->len); 358 } 359 360 /* 361 * The correct request and response formats are documented in xen.git: 362 * docs/misc/xenstore.txt. A summary is given below for convenience. 363 * The '|' symbol represents a NUL character. 364 * 365 * ---------- Database read, write and permissions operations ---------- 366 * 367 * READ <path>| <value|> 368 * WRITE <path>|<value|> 369 * Store and read the octet string <value> at <path>. 370 * WRITE creates any missing parent paths, with empty values. 371 * 372 * MKDIR <path>| 373 * Ensures that the <path> exists, by necessary by creating 374 * it and any missing parents with empty values. If <path> 375 * or any parent already exists, its value is left unchanged. 376 * 377 * RM <path>| 378 * Ensures that the <path> does not exist, by deleting 379 * it and all of its children. It is not an error if <path> does 380 * not exist, but it _is_ an error if <path>'s immediate parent 381 * does not exist either. 382 * 383 * DIRECTORY <path>| <child-leaf-name>|* 384 * Gives a list of the immediate children of <path>, as only the 385 * leafnames. The resulting children are each named 386 * <path>/<child-leaf-name>. 387 * 388 * DIRECTORY_PART <path>|<offset> <gencnt>|<child-leaf-name>|* 389 * Same as DIRECTORY, but to be used for children lists longer than 390 * XENSTORE_PAYLOAD_MAX. Input are <path> and the byte offset into 391 * the list of children to return. Return values are the generation 392 * count <gencnt> of the node (to be used to ensure the node hasn't 393 * changed between two reads: <gencnt> being the same for multiple 394 * reads guarantees the node hasn't changed) and the list of children 395 * starting at the specified <offset> of the complete list. 396 * 397 * GET_PERMS <path>| <perm-as-string>|+ 398 * SET_PERMS <path>|<perm-as-string>|+? 399 * <perm-as-string> is one of the following 400 * w<domid> write only 401 * r<domid> read only 402 * b<domid> both read and write 403 * n<domid> no access 404 * See https://wiki.xen.org/wiki/XenBus section 405 * `Permissions' for details of the permissions system. 406 * It is possible to set permissions for the special watch paths 407 * "@introduceDomain" and "@releaseDomain" to enable receiving those 408 * watches in unprivileged domains. 409 * 410 * ---------- Watches ---------- 411 * 412 * WATCH <wpath>|<token>|? 413 * Adds a watch. 414 * 415 * When a <path> is modified (including path creation, removal, 416 * contents change or permissions change) this generates an event 417 * on the changed <path>. Changes made in transactions cause an 418 * event only if and when committed. Each occurring event is 419 * matched against all the watches currently set up, and each 420 * matching watch results in a WATCH_EVENT message (see below). 421 * 422 * The event's path matches the watch's <wpath> if it is an child 423 * of <wpath>. 424 * 425 * <wpath> can be a <path> to watch or @<wspecial>. In the 426 * latter case <wspecial> may have any syntax but it matches 427 * (according to the rules above) only the following special 428 * events which are invented by xenstored: 429 * @introduceDomain occurs on INTRODUCE 430 * @releaseDomain occurs on any domain crash or 431 * shutdown, and also on RELEASE 432 * and domain destruction 433 * <wspecial> events are sent to privileged callers or explicitly 434 * via SET_PERMS enabled domains only. 435 * 436 * When a watch is first set up it is triggered once straight 437 * away, with <path> equal to <wpath>. Watches may be triggered 438 * spuriously. The tx_id in a WATCH request is ignored. 439 * 440 * Watches are supposed to be restricted by the permissions 441 * system but in practice the implementation is imperfect. 442 * Applications should not rely on being sent a notification for 443 * paths that they cannot read; however, an application may rely 444 * on being sent a watch when a path which it _is_ able to read 445 * is deleted even if that leaves only a nonexistent unreadable 446 * parent. A notification may omitted if a node's permissions 447 * are changed so as to make it unreadable, in which case future 448 * notifications may be suppressed (and if the node is later made 449 * readable, some notifications may have been lost). 450 * 451 * WATCH_EVENT <epath>|<token>| 452 * Unsolicited `reply' generated for matching modification events 453 * as described above. req_id and tx_id are both 0. 454 * 455 * <epath> is the event's path, ie the actual path that was 456 * modified; however if the event was the recursive removal of an 457 * parent of <wpath>, <epath> is just 458 * <wpath> (rather than the actual path which was removed). So 459 * <epath> is a child of <wpath>, regardless. 460 * 461 * Iff <wpath> for the watch was specified as a relative pathname, 462 * the <epath> path will also be relative (with the same base, 463 * obviously). 464 * 465 * UNWATCH <wpath>|<token>|? 466 * 467 * RESET_WATCHES | 468 * Reset all watches and transactions of the caller. 469 * 470 * ---------- Transactions ---------- 471 * 472 * TRANSACTION_START | <transid>| 473 * <transid> is an opaque uint32_t allocated by xenstored 474 * represented as unsigned decimal. After this, transaction may 475 * be referenced by using <transid> (as 32-bit binary) in the 476 * tx_id request header field. When transaction is started whole 477 * db is copied; reads and writes happen on the copy. 478 * It is not legal to send non-0 tx_id in TRANSACTION_START. 479 * 480 * TRANSACTION_END T| 481 * TRANSACTION_END F| 482 * tx_id must refer to existing transaction. After this 483 * request the tx_id is no longer valid and may be reused by 484 * xenstore. If F, the transaction is discarded. If T, 485 * it is committed: if there were any other intervening writes 486 * then our END gets get EAGAIN. 487 * 488 * The plan is that in the future only intervening `conflicting' 489 * writes cause EAGAIN, meaning only writes or other commits 490 * which changed paths which were read or written in the 491 * transaction at hand. 492 * 493 */ 494 495 static void xs_read(XenXenstoreState *s, unsigned int req_id, 496 xs_transaction_t tx_id, uint8_t *req_data, unsigned int len) 497 { 498 const char *path = (const char *)req_data; 499 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 500 uint8_t *rsp_data = (uint8_t *)&rsp[1]; 501 g_autoptr(GByteArray) data = g_byte_array_new(); 502 int err; 503 504 if (len == 0 || req_data[len - 1] != '\0') { 505 xs_error(s, req_id, tx_id, EINVAL); 506 return; 507 } 508 509 trace_xenstore_read(tx_id, path); 510 err = xs_impl_read(s->impl, xen_domid, tx_id, path, data); 511 if (err) { 512 xs_error(s, req_id, tx_id, err); 513 return; 514 } 515 516 rsp->type = XS_READ; 517 rsp->req_id = req_id; 518 rsp->tx_id = tx_id; 519 rsp->len = 0; 520 521 len = data->len; 522 if (len > XENSTORE_PAYLOAD_MAX) { 523 xs_error(s, req_id, tx_id, E2BIG); 524 return; 525 } 526 527 memcpy(&rsp_data[rsp->len], data->data, len); 528 rsp->len += len; 529 } 530 531 static void xs_write(XenXenstoreState *s, unsigned int req_id, 532 xs_transaction_t tx_id, uint8_t *req_data, 533 unsigned int len) 534 { 535 g_autoptr(GByteArray) data = g_byte_array_new(); 536 const char *path; 537 int err; 538 539 if (len == 0) { 540 xs_error(s, req_id, tx_id, EINVAL); 541 return; 542 } 543 544 path = (const char *)req_data; 545 546 while (len--) { 547 if (*req_data++ == '\0') { 548 break; 549 } 550 if (len == 0) { 551 xs_error(s, req_id, tx_id, EINVAL); 552 return; 553 } 554 } 555 556 g_byte_array_append(data, req_data, len); 557 558 trace_xenstore_write(tx_id, path); 559 err = xs_impl_write(s->impl, xen_domid, tx_id, path, data); 560 if (err) { 561 xs_error(s, req_id, tx_id, err); 562 return; 563 } 564 565 xs_ok(s, XS_WRITE, req_id, tx_id); 566 } 567 568 static void xs_mkdir(XenXenstoreState *s, unsigned int req_id, 569 xs_transaction_t tx_id, uint8_t *req_data, 570 unsigned int len) 571 { 572 g_autoptr(GByteArray) data = g_byte_array_new(); 573 const char *path; 574 int err; 575 576 if (len == 0 || req_data[len - 1] != '\0') { 577 xs_error(s, req_id, tx_id, EINVAL); 578 return; 579 } 580 581 path = (const char *)req_data; 582 583 trace_xenstore_mkdir(tx_id, path); 584 err = xs_impl_read(s->impl, xen_domid, tx_id, path, data); 585 if (err == ENOENT) { 586 err = xs_impl_write(s->impl, xen_domid, tx_id, path, data); 587 } 588 589 if (!err) { 590 xs_error(s, req_id, tx_id, err); 591 return; 592 } 593 594 xs_ok(s, XS_MKDIR, req_id, tx_id); 595 } 596 597 static void xs_append_strings(XenXenstoreState *s, struct xsd_sockmsg *rsp, 598 GList *strings, unsigned int start, bool truncate) 599 { 600 uint8_t *rsp_data = (uint8_t *)&rsp[1]; 601 GList *l; 602 603 for (l = strings; l; l = l->next) { 604 size_t len = strlen(l->data) + 1; /* Including the NUL termination */ 605 char *str = l->data; 606 607 if (rsp->len + len > XENSTORE_PAYLOAD_MAX) { 608 if (truncate) { 609 len = XENSTORE_PAYLOAD_MAX - rsp->len; 610 if (!len) { 611 return; 612 } 613 } else { 614 xs_error(s, rsp->req_id, rsp->tx_id, E2BIG); 615 return; 616 } 617 } 618 619 if (start) { 620 if (start >= len) { 621 start -= len; 622 continue; 623 } 624 625 str += start; 626 len -= start; 627 start = 0; 628 } 629 630 memcpy(&rsp_data[rsp->len], str, len); 631 rsp->len += len; 632 } 633 /* XS_DIRECTORY_PART wants an extra NUL to indicate the end */ 634 if (truncate && rsp->len < XENSTORE_PAYLOAD_MAX) { 635 rsp_data[rsp->len++] = '\0'; 636 } 637 } 638 639 static void xs_directory(XenXenstoreState *s, unsigned int req_id, 640 xs_transaction_t tx_id, uint8_t *req_data, 641 unsigned int len) 642 { 643 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 644 GList *items = NULL; 645 const char *path; 646 int err; 647 648 if (len == 0 || req_data[len - 1] != '\0') { 649 xs_error(s, req_id, tx_id, EINVAL); 650 return; 651 } 652 653 path = (const char *)req_data; 654 655 trace_xenstore_directory(tx_id, path); 656 err = xs_impl_directory(s->impl, xen_domid, tx_id, path, NULL, &items); 657 if (err != 0) { 658 xs_error(s, req_id, tx_id, err); 659 return; 660 } 661 662 rsp->type = XS_DIRECTORY; 663 rsp->req_id = req_id; 664 rsp->tx_id = tx_id; 665 rsp->len = 0; 666 667 xs_append_strings(s, rsp, items, 0, false); 668 669 g_list_free_full(items, g_free); 670 } 671 672 static void xs_directory_part(XenXenstoreState *s, unsigned int req_id, 673 xs_transaction_t tx_id, uint8_t *req_data, 674 unsigned int len) 675 { 676 const char *offset_str, *path = (const char *)req_data; 677 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 678 char *rsp_data = (char *)&rsp[1]; 679 uint64_t gencnt = 0; 680 unsigned int offset; 681 GList *items = NULL; 682 int err; 683 684 if (len == 0) { 685 xs_error(s, req_id, tx_id, EINVAL); 686 return; 687 } 688 689 while (len--) { 690 if (*req_data++ == '\0') { 691 break; 692 } 693 if (len == 0) { 694 xs_error(s, req_id, tx_id, EINVAL); 695 return; 696 } 697 } 698 699 offset_str = (const char *)req_data; 700 while (len--) { 701 if (*req_data++ == '\0') { 702 break; 703 } 704 if (len == 0) { 705 xs_error(s, req_id, tx_id, EINVAL); 706 return; 707 } 708 } 709 710 if (len) { 711 xs_error(s, req_id, tx_id, EINVAL); 712 return; 713 } 714 715 if (qemu_strtoui(offset_str, NULL, 10, &offset) < 0) { 716 xs_error(s, req_id, tx_id, EINVAL); 717 return; 718 } 719 720 trace_xenstore_directory_part(tx_id, path, offset); 721 err = xs_impl_directory(s->impl, xen_domid, tx_id, path, &gencnt, &items); 722 if (err != 0) { 723 xs_error(s, req_id, tx_id, err); 724 return; 725 } 726 727 rsp->type = XS_DIRECTORY_PART; 728 rsp->req_id = req_id; 729 rsp->tx_id = tx_id; 730 rsp->len = snprintf(rsp_data, XENSTORE_PAYLOAD_MAX, "%" PRIu64, gencnt) + 1; 731 732 xs_append_strings(s, rsp, items, offset, true); 733 734 g_list_free_full(items, g_free); 735 } 736 737 static void xs_transaction_start(XenXenstoreState *s, unsigned int req_id, 738 xs_transaction_t tx_id, uint8_t *req_data, 739 unsigned int len) 740 { 741 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 742 char *rsp_data = (char *)&rsp[1]; 743 int err; 744 745 if (len != 1 || req_data[0] != '\0') { 746 xs_error(s, req_id, tx_id, EINVAL); 747 return; 748 } 749 750 rsp->type = XS_TRANSACTION_START; 751 rsp->req_id = req_id; 752 rsp->tx_id = tx_id; 753 rsp->len = 0; 754 755 err = xs_impl_transaction_start(s->impl, xen_domid, &tx_id); 756 if (err) { 757 xs_error(s, req_id, tx_id, err); 758 return; 759 } 760 761 trace_xenstore_transaction_start(tx_id); 762 763 rsp->len = snprintf(rsp_data, XENSTORE_PAYLOAD_MAX, "%u", tx_id); 764 assert(rsp->len < XENSTORE_PAYLOAD_MAX); 765 rsp->len++; 766 } 767 768 static void xs_transaction_end(XenXenstoreState *s, unsigned int req_id, 769 xs_transaction_t tx_id, uint8_t *req_data, 770 unsigned int len) 771 { 772 bool commit; 773 int err; 774 775 if (len != 2 || req_data[1] != '\0') { 776 xs_error(s, req_id, tx_id, EINVAL); 777 return; 778 } 779 780 switch (req_data[0]) { 781 case 'T': 782 commit = true; 783 break; 784 case 'F': 785 commit = false; 786 break; 787 default: 788 xs_error(s, req_id, tx_id, EINVAL); 789 return; 790 } 791 792 trace_xenstore_transaction_end(tx_id, commit); 793 err = xs_impl_transaction_end(s->impl, xen_domid, tx_id, commit); 794 if (err) { 795 xs_error(s, req_id, tx_id, err); 796 return; 797 } 798 799 xs_ok(s, XS_TRANSACTION_END, req_id, tx_id); 800 } 801 802 static void xs_rm(XenXenstoreState *s, unsigned int req_id, 803 xs_transaction_t tx_id, uint8_t *req_data, unsigned int len) 804 { 805 const char *path = (const char *)req_data; 806 int err; 807 808 if (len == 0 || req_data[len - 1] != '\0') { 809 xs_error(s, req_id, tx_id, EINVAL); 810 return; 811 } 812 813 trace_xenstore_rm(tx_id, path); 814 err = xs_impl_rm(s->impl, xen_domid, tx_id, path); 815 if (err) { 816 xs_error(s, req_id, tx_id, err); 817 return; 818 } 819 820 xs_ok(s, XS_RM, req_id, tx_id); 821 } 822 823 static void xs_get_perms(XenXenstoreState *s, unsigned int req_id, 824 xs_transaction_t tx_id, uint8_t *req_data, 825 unsigned int len) 826 { 827 const char *path = (const char *)req_data; 828 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 829 GList *perms = NULL; 830 int err; 831 832 if (len == 0 || req_data[len - 1] != '\0') { 833 xs_error(s, req_id, tx_id, EINVAL); 834 return; 835 } 836 837 trace_xenstore_get_perms(tx_id, path); 838 err = xs_impl_get_perms(s->impl, xen_domid, tx_id, path, &perms); 839 if (err) { 840 xs_error(s, req_id, tx_id, err); 841 return; 842 } 843 844 rsp->type = XS_GET_PERMS; 845 rsp->req_id = req_id; 846 rsp->tx_id = tx_id; 847 rsp->len = 0; 848 849 xs_append_strings(s, rsp, perms, 0, false); 850 851 g_list_free_full(perms, g_free); 852 } 853 854 static void xs_set_perms(XenXenstoreState *s, unsigned int req_id, 855 xs_transaction_t tx_id, uint8_t *req_data, 856 unsigned int len) 857 { 858 const char *path = (const char *)req_data; 859 uint8_t *perm; 860 GList *perms = NULL; 861 int err; 862 863 if (len == 0) { 864 xs_error(s, req_id, tx_id, EINVAL); 865 return; 866 } 867 868 while (len--) { 869 if (*req_data++ == '\0') { 870 break; 871 } 872 if (len == 0) { 873 xs_error(s, req_id, tx_id, EINVAL); 874 return; 875 } 876 } 877 878 perm = req_data; 879 while (len--) { 880 if (*req_data++ == '\0') { 881 perms = g_list_append(perms, perm); 882 perm = req_data; 883 } 884 } 885 886 /* 887 * Note that there may be trailing garbage at the end of the buffer. 888 * This is explicitly permitted by the '?' at the end of the definition: 889 * 890 * SET_PERMS <path>|<perm-as-string>|+? 891 */ 892 893 trace_xenstore_set_perms(tx_id, path); 894 err = xs_impl_set_perms(s->impl, xen_domid, tx_id, path, perms); 895 g_list_free(perms); 896 if (err) { 897 xs_error(s, req_id, tx_id, err); 898 return; 899 } 900 901 xs_ok(s, XS_SET_PERMS, req_id, tx_id); 902 } 903 904 static void xs_watch(XenXenstoreState *s, unsigned int req_id, 905 xs_transaction_t tx_id, uint8_t *req_data, 906 unsigned int len) 907 { 908 const char *token, *path = (const char *)req_data; 909 int err; 910 911 if (len == 0) { 912 xs_error(s, req_id, tx_id, EINVAL); 913 return; 914 } 915 916 while (len--) { 917 if (*req_data++ == '\0') { 918 break; 919 } 920 if (len == 0) { 921 xs_error(s, req_id, tx_id, EINVAL); 922 return; 923 } 924 } 925 926 token = (const char *)req_data; 927 while (len--) { 928 if (*req_data++ == '\0') { 929 break; 930 } 931 if (len == 0) { 932 xs_error(s, req_id, tx_id, EINVAL); 933 return; 934 } 935 } 936 937 /* 938 * Note that there may be trailing garbage at the end of the buffer. 939 * This is explicitly permitted by the '?' at the end of the definition: 940 * 941 * WATCH <wpath>|<token>|? 942 */ 943 944 trace_xenstore_watch(path, token); 945 err = xs_impl_watch(s->impl, xen_domid, path, token, fire_watch_cb, s); 946 if (err) { 947 xs_error(s, req_id, tx_id, err); 948 return; 949 } 950 951 xs_ok(s, XS_WATCH, req_id, tx_id); 952 } 953 954 static void xs_unwatch(XenXenstoreState *s, unsigned int req_id, 955 xs_transaction_t tx_id, uint8_t *req_data, 956 unsigned int len) 957 { 958 const char *token, *path = (const char *)req_data; 959 int err; 960 961 if (len == 0) { 962 xs_error(s, req_id, tx_id, EINVAL); 963 return; 964 } 965 966 while (len--) { 967 if (*req_data++ == '\0') { 968 break; 969 } 970 if (len == 0) { 971 xs_error(s, req_id, tx_id, EINVAL); 972 return; 973 } 974 } 975 976 token = (const char *)req_data; 977 while (len--) { 978 if (*req_data++ == '\0') { 979 break; 980 } 981 if (len == 0) { 982 xs_error(s, req_id, tx_id, EINVAL); 983 return; 984 } 985 } 986 987 trace_xenstore_unwatch(path, token); 988 err = xs_impl_unwatch(s->impl, xen_domid, path, token, fire_watch_cb, s); 989 if (err) { 990 xs_error(s, req_id, tx_id, err); 991 return; 992 } 993 994 xs_ok(s, XS_UNWATCH, req_id, tx_id); 995 } 996 997 static void xs_reset_watches(XenXenstoreState *s, unsigned int req_id, 998 xs_transaction_t tx_id, uint8_t *req_data, 999 unsigned int len) 1000 { 1001 if (len == 0 || req_data[len - 1] != '\0') { 1002 xs_error(s, req_id, tx_id, EINVAL); 1003 return; 1004 } 1005 1006 trace_xenstore_reset_watches(); 1007 xs_impl_reset_watches(s->impl, xen_domid); 1008 1009 xs_ok(s, XS_RESET_WATCHES, req_id, tx_id); 1010 } 1011 1012 static void xs_priv(XenXenstoreState *s, unsigned int req_id, 1013 xs_transaction_t tx_id, uint8_t *data, 1014 unsigned int len) 1015 { 1016 xs_error(s, req_id, tx_id, EACCES); 1017 } 1018 1019 static void xs_unimpl(XenXenstoreState *s, unsigned int req_id, 1020 xs_transaction_t tx_id, uint8_t *data, 1021 unsigned int len) 1022 { 1023 xs_error(s, req_id, tx_id, ENOSYS); 1024 } 1025 1026 typedef void (*xs_impl)(XenXenstoreState *s, unsigned int req_id, 1027 xs_transaction_t tx_id, uint8_t *data, 1028 unsigned int len); 1029 1030 struct xsd_req { 1031 const char *name; 1032 xs_impl fn; 1033 }; 1034 #define XSD_REQ(_type, _fn) \ 1035 [_type] = { .name = #_type, .fn = _fn } 1036 1037 struct xsd_req xsd_reqs[] = { 1038 XSD_REQ(XS_READ, xs_read), 1039 XSD_REQ(XS_WRITE, xs_write), 1040 XSD_REQ(XS_MKDIR, xs_mkdir), 1041 XSD_REQ(XS_DIRECTORY, xs_directory), 1042 XSD_REQ(XS_DIRECTORY_PART, xs_directory_part), 1043 XSD_REQ(XS_TRANSACTION_START, xs_transaction_start), 1044 XSD_REQ(XS_TRANSACTION_END, xs_transaction_end), 1045 XSD_REQ(XS_RM, xs_rm), 1046 XSD_REQ(XS_GET_PERMS, xs_get_perms), 1047 XSD_REQ(XS_SET_PERMS, xs_set_perms), 1048 XSD_REQ(XS_WATCH, xs_watch), 1049 XSD_REQ(XS_UNWATCH, xs_unwatch), 1050 XSD_REQ(XS_CONTROL, xs_priv), 1051 XSD_REQ(XS_INTRODUCE, xs_priv), 1052 XSD_REQ(XS_RELEASE, xs_priv), 1053 XSD_REQ(XS_IS_DOMAIN_INTRODUCED, xs_priv), 1054 XSD_REQ(XS_RESUME, xs_priv), 1055 XSD_REQ(XS_SET_TARGET, xs_priv), 1056 XSD_REQ(XS_RESET_WATCHES, xs_reset_watches), 1057 }; 1058 1059 static void process_req(XenXenstoreState *s) 1060 { 1061 struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data; 1062 xs_impl handler = NULL; 1063 1064 assert(req_pending(s)); 1065 assert(!s->rsp_pending); 1066 1067 if (req->type < ARRAY_SIZE(xsd_reqs)) { 1068 handler = xsd_reqs[req->type].fn; 1069 } 1070 if (!handler) { 1071 handler = &xs_unimpl; 1072 } 1073 1074 handler(s, req->req_id, req->tx_id, (uint8_t *)&req[1], req->len); 1075 1076 s->rsp_pending = true; 1077 reset_req(s); 1078 } 1079 1080 static unsigned int copy_from_ring(XenXenstoreState *s, uint8_t *ptr, 1081 unsigned int len) 1082 { 1083 if (!len) { 1084 return 0; 1085 } 1086 1087 XENSTORE_RING_IDX prod = qatomic_read(&s->xs->req_prod); 1088 XENSTORE_RING_IDX cons = qatomic_read(&s->xs->req_cons); 1089 unsigned int copied = 0; 1090 1091 /* Ensure the ring contents don't cross the req_prod access. */ 1092 smp_rmb(); 1093 1094 while (len) { 1095 unsigned int avail = prod - cons; 1096 unsigned int offset = MASK_XENSTORE_IDX(cons); 1097 unsigned int copylen = avail; 1098 1099 if (avail > XENSTORE_RING_SIZE) { 1100 error_report("XenStore ring handling error"); 1101 s->fatal_error = true; 1102 break; 1103 } else if (avail == 0) { 1104 break; 1105 } 1106 1107 if (copylen > len) { 1108 copylen = len; 1109 } 1110 if (copylen > XENSTORE_RING_SIZE - offset) { 1111 copylen = XENSTORE_RING_SIZE - offset; 1112 } 1113 1114 memcpy(ptr, &s->xs->req[offset], copylen); 1115 copied += copylen; 1116 1117 ptr += copylen; 1118 len -= copylen; 1119 1120 cons += copylen; 1121 } 1122 1123 /* 1124 * Not sure this ever mattered except on Alpha, but this barrier 1125 * is to ensure that the update to req_cons is globally visible 1126 * only after we have consumed all the data from the ring, and we 1127 * don't end up seeing data written to the ring *after* the other 1128 * end sees the update and writes more to the ring. Xen's own 1129 * xenstored has the same barrier here (although with no comment 1130 * at all, obviously, because it's Xen code). 1131 */ 1132 smp_mb(); 1133 1134 qatomic_set(&s->xs->req_cons, cons); 1135 1136 return copied; 1137 } 1138 1139 static unsigned int copy_to_ring(XenXenstoreState *s, uint8_t *ptr, 1140 unsigned int len) 1141 { 1142 if (!len) { 1143 return 0; 1144 } 1145 1146 XENSTORE_RING_IDX cons = qatomic_read(&s->xs->rsp_cons); 1147 XENSTORE_RING_IDX prod = qatomic_read(&s->xs->rsp_prod); 1148 unsigned int copied = 0; 1149 1150 /* 1151 * This matches the barrier in copy_to_ring() (or the guest's 1152 * equivalent) betweem writing the data to the ring and updating 1153 * rsp_prod. It protects against the pathological case (which 1154 * again I think never happened except on Alpha) where our 1155 * subsequent writes to the ring could *cross* the read of 1156 * rsp_cons and the guest could see the new data when it was 1157 * intending to read the old. 1158 */ 1159 smp_mb(); 1160 1161 while (len) { 1162 unsigned int avail = cons + XENSTORE_RING_SIZE - prod; 1163 unsigned int offset = MASK_XENSTORE_IDX(prod); 1164 unsigned int copylen = len; 1165 1166 if (avail > XENSTORE_RING_SIZE) { 1167 error_report("XenStore ring handling error"); 1168 s->fatal_error = true; 1169 break; 1170 } else if (avail == 0) { 1171 break; 1172 } 1173 1174 if (copylen > avail) { 1175 copylen = avail; 1176 } 1177 if (copylen > XENSTORE_RING_SIZE - offset) { 1178 copylen = XENSTORE_RING_SIZE - offset; 1179 } 1180 1181 1182 memcpy(&s->xs->rsp[offset], ptr, copylen); 1183 copied += copylen; 1184 1185 ptr += copylen; 1186 len -= copylen; 1187 1188 prod += copylen; 1189 } 1190 1191 /* Ensure the ring contents are seen before rsp_prod update. */ 1192 smp_wmb(); 1193 1194 qatomic_set(&s->xs->rsp_prod, prod); 1195 1196 return copied; 1197 } 1198 1199 static unsigned int get_req(XenXenstoreState *s) 1200 { 1201 unsigned int copied = 0; 1202 1203 if (s->fatal_error) { 1204 return 0; 1205 } 1206 1207 assert(!req_pending(s)); 1208 1209 if (s->req_offset < XENSTORE_HEADER_SIZE) { 1210 void *ptr = s->req_data + s->req_offset; 1211 unsigned int len = XENSTORE_HEADER_SIZE; 1212 unsigned int copylen = copy_from_ring(s, ptr, len); 1213 1214 copied += copylen; 1215 s->req_offset += copylen; 1216 } 1217 1218 if (s->req_offset >= XENSTORE_HEADER_SIZE) { 1219 struct xsd_sockmsg *req = (struct xsd_sockmsg *)s->req_data; 1220 1221 if (req->len > (uint32_t)XENSTORE_PAYLOAD_MAX) { 1222 error_report("Illegal XenStore request"); 1223 s->fatal_error = true; 1224 return 0; 1225 } 1226 1227 void *ptr = s->req_data + s->req_offset; 1228 unsigned int len = XENSTORE_HEADER_SIZE + req->len - s->req_offset; 1229 unsigned int copylen = copy_from_ring(s, ptr, len); 1230 1231 copied += copylen; 1232 s->req_offset += copylen; 1233 } 1234 1235 return copied; 1236 } 1237 1238 static unsigned int put_rsp(XenXenstoreState *s) 1239 { 1240 if (s->fatal_error) { 1241 return 0; 1242 } 1243 1244 assert(s->rsp_pending); 1245 1246 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 1247 assert(s->rsp_offset < XENSTORE_HEADER_SIZE + rsp->len); 1248 1249 void *ptr = s->rsp_data + s->rsp_offset; 1250 unsigned int len = XENSTORE_HEADER_SIZE + rsp->len - s->rsp_offset; 1251 unsigned int copylen = copy_to_ring(s, ptr, len); 1252 1253 s->rsp_offset += copylen; 1254 1255 /* Have we produced a complete response? */ 1256 if (s->rsp_offset == XENSTORE_HEADER_SIZE + rsp->len) { 1257 reset_rsp(s); 1258 } 1259 1260 return copylen; 1261 } 1262 1263 static void deliver_watch(XenXenstoreState *s, const char *path, 1264 const char *token) 1265 { 1266 struct xsd_sockmsg *rsp = (struct xsd_sockmsg *)s->rsp_data; 1267 uint8_t *rsp_data = (uint8_t *)&rsp[1]; 1268 unsigned int len; 1269 1270 assert(!s->rsp_pending); 1271 1272 trace_xenstore_watch_event(path, token); 1273 1274 rsp->type = XS_WATCH_EVENT; 1275 rsp->req_id = 0; 1276 rsp->tx_id = 0; 1277 rsp->len = 0; 1278 1279 len = strlen(path); 1280 1281 /* XENSTORE_ABS/REL_PATH_MAX should ensure there can be no overflow */ 1282 assert(rsp->len + len < XENSTORE_PAYLOAD_MAX); 1283 1284 memcpy(&rsp_data[rsp->len], path, len); 1285 rsp->len += len; 1286 rsp_data[rsp->len] = '\0'; 1287 rsp->len++; 1288 1289 len = strlen(token); 1290 /* 1291 * It is possible for the guest to have chosen a token that will 1292 * not fit (along with the patch) into a watch event. We have no 1293 * choice but to drop the event if this is the case. 1294 */ 1295 if (rsp->len + len >= XENSTORE_PAYLOAD_MAX) { 1296 return; 1297 } 1298 1299 memcpy(&rsp_data[rsp->len], token, len); 1300 rsp->len += len; 1301 rsp_data[rsp->len] = '\0'; 1302 rsp->len++; 1303 1304 s->rsp_pending = true; 1305 } 1306 1307 struct watch_event { 1308 char *path; 1309 char *token; 1310 }; 1311 1312 static void queue_watch(XenXenstoreState *s, const char *path, 1313 const char *token) 1314 { 1315 struct watch_event *ev = g_new0(struct watch_event, 1); 1316 1317 ev->path = g_strdup(path); 1318 ev->token = g_strdup(token); 1319 1320 s->watch_events = g_list_append(s->watch_events, ev); 1321 } 1322 1323 static void fire_watch_cb(void *opaque, const char *path, const char *token) 1324 { 1325 XenXenstoreState *s = opaque; 1326 1327 assert(qemu_mutex_iothread_locked()); 1328 1329 /* 1330 * If there's a response pending, we obviously can't scribble over 1331 * it. But if there's a request pending, it has dibs on the buffer 1332 * too. 1333 * 1334 * In the common case of a watch firing due to backend activity 1335 * when the ring was otherwise idle, we should be able to copy the 1336 * strings directly into the rsp_data and thence the actual ring, 1337 * without needing to perform any allocations and queue them. 1338 */ 1339 if (s->rsp_pending || req_pending(s)) { 1340 queue_watch(s, path, token); 1341 } else { 1342 deliver_watch(s, path, token); 1343 /* 1344 * If the message was queued because there was already ring activity, 1345 * no need to wake the guest. But if not, we need to send the evtchn. 1346 */ 1347 xen_be_evtchn_notify(s->eh, s->be_port); 1348 } 1349 } 1350 1351 static void process_watch_events(XenXenstoreState *s) 1352 { 1353 struct watch_event *ev = s->watch_events->data; 1354 1355 deliver_watch(s, ev->path, ev->token); 1356 1357 s->watch_events = g_list_remove(s->watch_events, ev); 1358 g_free(ev->path); 1359 g_free(ev->token); 1360 g_free(ev); 1361 } 1362 1363 static void xen_xenstore_event(void *opaque) 1364 { 1365 XenXenstoreState *s = opaque; 1366 evtchn_port_t port = xen_be_evtchn_pending(s->eh); 1367 unsigned int copied_to, copied_from; 1368 bool processed, notify = false; 1369 1370 if (port != s->be_port) { 1371 return; 1372 } 1373 1374 /* We know this is a no-op. */ 1375 xen_be_evtchn_unmask(s->eh, port); 1376 1377 do { 1378 copied_to = copied_from = 0; 1379 processed = false; 1380 1381 if (!s->rsp_pending && s->watch_events) { 1382 process_watch_events(s); 1383 } 1384 1385 if (s->rsp_pending) { 1386 copied_to = put_rsp(s); 1387 } 1388 1389 if (!req_pending(s)) { 1390 copied_from = get_req(s); 1391 } 1392 1393 if (req_pending(s) && !s->rsp_pending && !s->watch_events) { 1394 process_req(s); 1395 processed = true; 1396 } 1397 1398 notify |= copied_to || copied_from; 1399 } while (copied_to || copied_from || processed); 1400 1401 if (notify) { 1402 xen_be_evtchn_notify(s->eh, s->be_port); 1403 } 1404 } 1405 1406 static void alloc_guest_port(XenXenstoreState *s) 1407 { 1408 struct evtchn_alloc_unbound alloc = { 1409 .dom = DOMID_SELF, 1410 .remote_dom = DOMID_QEMU, 1411 }; 1412 1413 if (!xen_evtchn_alloc_unbound_op(&alloc)) { 1414 s->guest_port = alloc.port; 1415 } 1416 } 1417 1418 int xen_xenstore_reset(void) 1419 { 1420 XenXenstoreState *s = xen_xenstore_singleton; 1421 int err; 1422 1423 if (!s) { 1424 return -ENOTSUP; 1425 } 1426 1427 s->req_offset = s->rsp_offset = 0; 1428 s->rsp_pending = false; 1429 1430 if (!memory_region_is_mapped(&s->xenstore_page)) { 1431 uint64_t gpa = XEN_SPECIAL_PFN(XENSTORE) << TARGET_PAGE_BITS; 1432 xen_overlay_do_map_page(&s->xenstore_page, gpa); 1433 } 1434 1435 alloc_guest_port(s); 1436 1437 /* 1438 * As qemu/dom0, bind to the guest's port. For incoming migration, this 1439 * will be unbound as the guest's evtchn table is overwritten. We then 1440 * rebind to the correct guest port in xen_xenstore_post_load(). 1441 */ 1442 err = xen_be_evtchn_bind_interdomain(s->eh, xen_domid, s->guest_port); 1443 if (err < 0) { 1444 return err; 1445 } 1446 s->be_port = err; 1447 1448 return 0; 1449 } 1450