ia64/xen-unstable

changeset 9183:4293d6760cef

Upgrade all hypercalls to use the new guest_handle interface (on the Xen side).

Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Tue Mar 07 18:40:42 2006 +0100 (2006-03-07)
parents b41ad96f1242
children 503c4d8454e5
files linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/hypercall.h linux-2.6-xen-sparse/include/asm-i386/mach-xen/setup_arch_post.h linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/hypercall.h linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/setup_arch_post.h xen/arch/ia64/vmx/vmx_hypercall.c xen/arch/ia64/xen/hypercall.c xen/arch/ia64/xen/process.c xen/arch/x86/domain.c xen/arch/x86/mm.c xen/arch/x86/physdev.c xen/arch/x86/traps.c xen/common/acm_ops.c xen/common/bitmap.c xen/common/domain.c xen/common/event_channel.c xen/common/gdbstub.c xen/common/grant_table.c xen/common/kernel.c xen/common/multicall.c xen/common/perfc.c xen/drivers/char/console.c xen/include/asm-ia64/guest_access.h xen/include/asm-ia64/hypercall.h xen/include/asm-ia64/xensystem.h xen/include/asm-x86/hypercall.h xen/include/public/acm_ops.h xen/include/public/arch-x86_32.h xen/include/public/arch-x86_64.h xen/include/public/event_channel.h xen/include/public/grant_table.h xen/include/public/nmi.h xen/include/public/physdev.h xen/include/public/xen.h xen/include/xen/hypercall.h xen/include/xen/sched.h
line diff
     1.1 --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/hypercall.h	Tue Mar 07 15:48:36 2006 +0000
     1.2 +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/hypercall.h	Tue Mar 07 18:40:42 2006 +0100
     1.3 @@ -304,8 +304,7 @@ HYPERVISOR_suspend(
     1.4  
     1.5  static inline int
     1.6  HYPERVISOR_nmi_op(
     1.7 -	unsigned long op,
     1.8 -	unsigned long arg)
     1.9 +	unsigned long op, void *arg)
    1.10  {
    1.11  	return _hypercall2(int, nmi_op, op, arg);
    1.12  }
     2.1 --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/setup_arch_post.h	Tue Mar 07 15:48:36 2006 +0000
     2.2 +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/setup_arch_post.h	Tue Mar 07 18:40:42 2006 +0100
     2.3 @@ -35,12 +35,14 @@ extern void nmi(void);
     2.4  static void __init machine_specific_arch_setup(void)
     2.5  {
     2.6  	struct xen_platform_parameters pp;
     2.7 +	struct xennmi_callback cb;
     2.8  
     2.9  	HYPERVISOR_set_callbacks(
    2.10  	    __KERNEL_CS, (unsigned long)hypervisor_callback,
    2.11  	    __KERNEL_CS, (unsigned long)failsafe_callback);
    2.12  
    2.13 -	HYPERVISOR_nmi_op(XENNMI_register_callback, (unsigned long)&nmi);
    2.14 +	cb.handler_address = (unsigned long)&nmi;
    2.15 +	HYPERVISOR_nmi_op(XENNMI_register_callback, &cb);
    2.16  
    2.17  	machine_specific_modify_cpu_capabilities(&boot_cpu_data);
    2.18  
     3.1 --- a/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/hypercall.h	Tue Mar 07 15:48:36 2006 +0000
     3.2 +++ b/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/hypercall.h	Tue Mar 07 18:40:42 2006 +0100
     3.3 @@ -36,6 +36,7 @@
     3.4  
     3.5  #include <xen/interface/xen.h>
     3.6  #include <xen/interface/sched.h>
     3.7 +#include <xen/interface/nmi.h>
     3.8  
     3.9  #define __STR(x) #x
    3.10  #define STR(x) __STR(x)
    3.11 @@ -304,8 +305,7 @@ HYPERVISOR_suspend(
    3.12  
    3.13  static inline int
    3.14  HYPERVISOR_nmi_op(
    3.15 -	unsigned long op,
    3.16 -	unsigned long arg)
    3.17 +	unsigned long op, void *arg)
    3.18  {
    3.19  	return _hypercall2(int, nmi_op, op, arg);
    3.20  }
     4.1 --- a/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/setup_arch_post.h	Tue Mar 07 15:48:36 2006 +0000
     4.2 +++ b/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/setup_arch_post.h	Tue Mar 07 18:40:42 2006 +0100
     4.3 @@ -23,13 +23,18 @@ extern void nmi(void);
     4.4  
     4.5  static void __init machine_specific_arch_setup(void)
     4.6  {
     4.7 +#ifdef CONFIG_X86_LOCAL_APIC
     4.8 +	struct xennmi_callback cb;
     4.9 +#endif
    4.10 +
    4.11  	HYPERVISOR_set_callbacks(
    4.12                  (unsigned long) hypervisor_callback,
    4.13                  (unsigned long) failsafe_callback,
    4.14                  (unsigned long) system_call);
    4.15  
    4.16  #ifdef CONFIG_X86_LOCAL_APIC
    4.17 -	HYPERVISOR_nmi_op(XENNMI_register_callback, (unsigned long)&nmi);
    4.18 +	cb.handler_address = (unsigned long)&nmi;
    4.19 +	HYPERVISOR_nmi_op(XENNMI_register_callback, cb);
    4.20  #endif
    4.21  
    4.22  	machine_specific_modify_cpu_capabilities(&boot_cpu_data);
     5.1 --- a/xen/arch/ia64/vmx/vmx_hypercall.c	Tue Mar 07 15:48:36 2006 +0000
     5.2 +++ b/xen/arch/ia64/vmx/vmx_hypercall.c	Tue Mar 07 18:40:42 2006 +0100
     5.3 @@ -22,7 +22,7 @@
     5.4  #include <xen/config.h>
     5.5  #include <xen/errno.h>
     5.6  #include <asm/vmx_vcpu.h>
     5.7 -//#include <public/xen.h>
     5.8 +#include <xen/guest_access.h>
     5.9  #include <public/event_channel.h>
    5.10  #include <asm/vmmu.h>
    5.11  #include <asm/tlb.h>
    5.12 @@ -35,9 +35,6 @@
    5.13  #include <asm/dom_fw.h>
    5.14  #include <xen/domain.h>
    5.15  
    5.16 -extern long do_sched_op(int cmd, unsigned long arg);
    5.17 -
    5.18 -
    5.19  void hyper_not_support(void)
    5.20  {
    5.21      VCPU *vcpu=current;
    5.22 @@ -100,7 +97,7 @@ void hyper_dom0_op(void)
    5.23      VCPU *vcpu=current;
    5.24      u64 r32,ret;
    5.25      vcpu_get_gr_nat(vcpu,16,&r32);
    5.26 -    ret=do_dom0_op((dom0_op_t *)r32);
    5.27 +    ret=do_dom0_op(guest_handle_from_ptr(r32, dom0_op_t));
    5.28      vcpu_set_gr(vcpu, 8, ret, 0);
    5.29  
    5.30      vmx_vcpu_increment_iip(vcpu);
    5.31 @@ -111,7 +108,7 @@ void hyper_event_channel_op(void)
    5.32      VCPU *vcpu=current;
    5.33      u64 r32,ret;
    5.34      vcpu_get_gr_nat(vcpu,16,&r32);
    5.35 -    ret=do_event_channel_op((evtchn_op_t *)r32);
    5.36 +    ret=do_event_channel_op(guest_handle_from_ptr(r32, evtchn_op_t));
    5.37      vcpu_set_gr(vcpu, 8, ret, 0);
    5.38      vmx_vcpu_increment_iip(vcpu);
    5.39  }
    5.40 @@ -122,7 +119,7 @@ void hyper_xen_version(void)
    5.41      u64 r32,r33,ret;
    5.42      vcpu_get_gr_nat(vcpu,16,&r32);
    5.43      vcpu_get_gr_nat(vcpu,17,&r33);
    5.44 -    ret=do_xen_version((int )r32,r33);
    5.45 +    ret=do_xen_version((int )r32,guest_handle_from_ptr(r33, void));
    5.46      vcpu_set_gr(vcpu, 8, ret, 0);
    5.47      vmx_vcpu_increment_iip(vcpu);
    5.48  }
     6.1 --- a/xen/arch/ia64/xen/hypercall.c	Tue Mar 07 15:48:36 2006 +0000
     6.2 +++ b/xen/arch/ia64/xen/hypercall.c	Tue Mar 07 18:40:42 2006 +0100
     6.3 @@ -10,6 +10,7 @@
     6.4  #include <xen/sched.h>
     6.5  #include <xen/hypercall.h>
     6.6  #include <xen/multicall.h>
     6.7 +#include <xen/guest_access.h>
     6.8  
     6.9  #include <linux/efi.h>	/* FOR EFI_UNIMPLEMENTED */
    6.10  #include <asm/sal.h>	/* FOR struct ia64_sal_retval */
    6.11 @@ -175,7 +176,8 @@ ia64_hypercall (struct pt_regs *regs)
    6.12  			(int) vcpu_get_gr(v,33));
    6.13  		break;
    6.14  	    case __HYPERVISOR_dom0_op:
    6.15 -		regs->r8 = do_dom0_op((struct dom0_op *) regs->r14);
    6.16 +		regs->r8 = do_dom0_op(guest_handle_from_ptr(regs->r14,
    6.17 +							    dom0_op_t));
    6.18  		break;
    6.19  
    6.20  	    case __HYPERVISOR_memory_op:
    6.21 @@ -194,30 +196,30 @@ ia64_hypercall (struct pt_regs *regs)
    6.22  			    regs->r8 = reservation.nr_extents;
    6.23  			break;
    6.24  		    default:
    6.25 -			regs->r8 = do_memory_op((int) regs->r14, (void *)regs->r15);
    6.26 +			regs->r8 = do_memory_op((int) regs->r14, guest_handle_from_ptr(regs->r15, void));
    6.27  			break;
    6.28  		    }
    6.29  		}
    6.30  		break;
    6.31  
    6.32  	    case __HYPERVISOR_event_channel_op:
    6.33 -		regs->r8 = do_event_channel_op((struct evtchn_op *) regs->r14);
    6.34 +		regs->r8 = do_event_channel_op(guest_handle_from_ptr(regs->r14, evtchn_op_t));
    6.35  		break;
    6.36  
    6.37  	    case __HYPERVISOR_grant_table_op:
    6.38 -		regs->r8 = do_grant_table_op((unsigned int) regs->r14, (void *) regs->r15, (unsigned int) regs->r16);
    6.39 +		regs->r8 = do_grant_table_op((unsigned int) regs->r14, guest_handle_from_ptr(regs->r15, void), (unsigned int) regs->r16);
    6.40  		break;
    6.41  
    6.42  	    case __HYPERVISOR_console_io:
    6.43 -		regs->r8 = do_console_io((int) regs->r14, (int) regs->r15, (char *) regs->r16);
    6.44 +		regs->r8 = do_console_io((int) regs->r14, (int) regs->r15, guest_handle_from_ptr(regs->r16, char));
    6.45  		break;
    6.46  
    6.47  	    case __HYPERVISOR_xen_version:
    6.48 -		regs->r8 = do_xen_version((int) regs->r14, (void *) regs->r15);
    6.49 +		regs->r8 = do_xen_version((int) regs->r14, guest_handle_from_ptr(regs->r15, void));
    6.50  		break;
    6.51  
    6.52  	    case __HYPERVISOR_multicall:
    6.53 -		regs->r8 = do_multicall((struct multicall_entry *) regs->r14, (unsigned int) regs->r15);
    6.54 +		regs->r8 = do_multicall(guest_handle_from_ptr(regs->r14, multicall_entry_t), (unsigned int) regs->r15);
    6.55  		break;
    6.56  
    6.57  	    default:
     7.1 --- a/xen/arch/ia64/xen/process.c	Tue Mar 07 15:48:36 2006 +0000
     7.2 +++ b/xen/arch/ia64/xen/process.c	Tue Mar 07 18:40:42 2006 +0100
     7.3 @@ -825,7 +825,6 @@ unsigned long hypercall_create_continuat
     7.4              case 'l':
     7.5                  arg = (unsigned long)va_arg(args, unsigned long);
     7.6                  break;
     7.7 -            case 'p':
     7.8              case 'h':
     7.9                  arg = (unsigned long)va_arg(args, void *);
    7.10                  break;
     8.1 --- a/xen/arch/x86/domain.c	Tue Mar 07 15:48:36 2006 +0000
     8.2 +++ b/xen/arch/x86/domain.c	Tue Mar 07 18:40:42 2006 +0100
     8.3 @@ -451,6 +451,43 @@ int arch_set_info_guest(
     8.4      return 0;
     8.5  }
     8.6  
     8.7 +long
     8.8 +arch_do_vcpu_op(
     8.9 +    int cmd, struct vcpu *v, GUEST_HANDLE(void) arg)
    8.10 +{
    8.11 +    long rc = 0;
    8.12 +
    8.13 +    switch ( cmd )
    8.14 +    {
    8.15 +    case VCPUOP_register_runstate_memory_area:
    8.16 +    {
    8.17 +        struct vcpu_register_runstate_memory_area area;
    8.18 +
    8.19 +        rc = -EINVAL;
    8.20 +        if ( v != current )
    8.21 +            break;
    8.22 +
    8.23 +        rc = -EFAULT;
    8.24 +        if ( copy_from_guest(&area, arg, 1) )
    8.25 +            break;
    8.26 +
    8.27 +        if ( !access_ok(area.addr.v, sizeof(*area.addr.v)) )
    8.28 +            break;
    8.29 +
    8.30 +        rc = 0;
    8.31 +        v->runstate_guest = area.addr.v;
    8.32 +        __copy_to_user(v->runstate_guest, &v->runstate, sizeof(v->runstate));
    8.33 +
    8.34 +        break;
    8.35 +    }
    8.36 +
    8.37 +    default:
    8.38 +        rc = -ENOSYS;
    8.39 +        break;
    8.40 +    }
    8.41 +
    8.42 +    return rc;
    8.43 +}
    8.44  
    8.45  void new_thread(struct vcpu *d,
    8.46                  unsigned long start_pc,
    8.47 @@ -831,7 +868,6 @@ void sync_vcpu_execstate(struct vcpu *v)
    8.48      {                                                                       \
    8.49      case 'i': __arg = (unsigned long)va_arg(args, unsigned int);  break;    \
    8.50      case 'l': __arg = (unsigned long)va_arg(args, unsigned long); break;    \
    8.51 -    case 'p': __arg = (unsigned long)va_arg(args, void *);        break;    \
    8.52      case 'h': __arg = (unsigned long)va_arg(args, void *);        break;    \
    8.53      default:  __arg = 0; BUG();                                             \
    8.54      }                                                                       \
     9.1 --- a/xen/arch/x86/mm.c	Tue Mar 07 15:48:36 2006 +0000
     9.2 +++ b/xen/arch/x86/mm.c	Tue Mar 07 18:40:42 2006 +0100
     9.3 @@ -1732,14 +1732,15 @@ static inline cpumask_t vcpumask_to_pcpu
     9.4  }
     9.5  
     9.6  int do_mmuext_op(
     9.7 -    struct mmuext_op *uops,
     9.8 +    GUEST_HANDLE(mmuext_op_t) uops,
     9.9      unsigned int count,
    9.10 -    unsigned int *pdone,
    9.11 +    GUEST_HANDLE(uint) pdone,
    9.12      unsigned int foreigndom)
    9.13  {
    9.14      struct mmuext_op op;
    9.15      int rc = 0, i = 0, okay, cpu = smp_processor_id();
    9.16 -    unsigned long mfn, type, done = 0;
    9.17 +    unsigned long mfn, type;
    9.18 +    unsigned int done = 0;
    9.19      struct page_info *page;
    9.20      struct vcpu *v = current;
    9.21      struct domain *d = v->domain;
    9.22 @@ -1751,8 +1752,8 @@ int do_mmuext_op(
    9.23      if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
    9.24      {
    9.25          count &= ~MMU_UPDATE_PREEMPTED;
    9.26 -        if ( unlikely(pdone != NULL) )
    9.27 -            (void)get_user(done, pdone);
    9.28 +        if ( unlikely(!guest_handle_is_null(pdone)) )
    9.29 +            (void)copy_from_guest(&done, pdone, 1);
    9.30      }
    9.31  
    9.32      if ( !set_foreigndom(cpu, foreigndom) )
    9.33 @@ -1761,7 +1762,7 @@ int do_mmuext_op(
    9.34          goto out;
    9.35      }
    9.36  
    9.37 -    if ( unlikely(!array_access_ok(uops, count, sizeof(op))) )
    9.38 +    if ( unlikely(!guest_handle_okay(uops, count)) )
    9.39      {
    9.40          rc = -EFAULT;
    9.41          goto out;
    9.42 @@ -1772,14 +1773,14 @@ int do_mmuext_op(
    9.43          if ( hypercall_preempt_check() )
    9.44          {
    9.45              rc = hypercall_create_continuation(
    9.46 -                __HYPERVISOR_mmuext_op, "pipi",
    9.47 +                __HYPERVISOR_mmuext_op, "hihi",
    9.48                  uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
    9.49              break;
    9.50          }
    9.51  
    9.52 -        if ( unlikely(__copy_from_user(&op, uops, sizeof(op)) != 0) )
    9.53 +        if ( unlikely(__copy_from_guest(&op, uops, 1) != 0) )
    9.54          {
    9.55 -            MEM_LOG("Bad __copy_from_user");
    9.56 +            MEM_LOG("Bad __copy_from_guest");
    9.57              rc = -EFAULT;
    9.58              break;
    9.59          }
    9.60 @@ -1969,24 +1970,25 @@ int do_mmuext_op(
    9.61              break;
    9.62          }
    9.63  
    9.64 -        uops++;
    9.65 +        guest_handle_add_offset(uops, 1);
    9.66      }
    9.67  
    9.68   out:
    9.69      process_deferred_ops(cpu);
    9.70  
    9.71      /* Add incremental work we have done to the @done output parameter. */
    9.72 -    if ( unlikely(pdone != NULL) )
    9.73 -        __put_user(done + i, pdone);
    9.74 +    done += i;
    9.75 +    if ( unlikely(!guest_handle_is_null(pdone)) )
    9.76 +        copy_to_guest(pdone, &done, 1);
    9.77  
    9.78      UNLOCK_BIGLOCK(d);
    9.79      return rc;
    9.80  }
    9.81  
    9.82  int do_mmu_update(
    9.83 -    struct mmu_update *ureqs,
    9.84 +    GUEST_HANDLE(mmu_update_t) ureqs,
    9.85      unsigned int count,
    9.86 -    unsigned int *pdone,
    9.87 +    GUEST_HANDLE(uint) pdone,
    9.88      unsigned int foreigndom)
    9.89  {
    9.90      struct mmu_update req;
    9.91 @@ -2010,8 +2012,8 @@ int do_mmu_update(
    9.92      if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
    9.93      {
    9.94          count &= ~MMU_UPDATE_PREEMPTED;
    9.95 -        if ( unlikely(pdone != NULL) )
    9.96 -            (void)get_user(done, pdone);
    9.97 +        if ( unlikely(!guest_handle_is_null(pdone)) )
    9.98 +            (void)copy_from_guest(&done, pdone, 1);
    9.99      }
   9.100  
   9.101      domain_mmap_cache_init(&mapcache);
   9.102 @@ -2027,7 +2029,7 @@ int do_mmu_update(
   9.103      perfc_addc(num_page_updates, count);
   9.104      perfc_incr_histo(bpt_updates, count, PT_UPDATES);
   9.105  
   9.106 -    if ( unlikely(!array_access_ok(ureqs, count, sizeof(req))) )
   9.107 +    if ( unlikely(!guest_handle_okay(ureqs, count)) )
   9.108      {
   9.109          rc = -EFAULT;
   9.110          goto out;
   9.111 @@ -2038,14 +2040,14 @@ int do_mmu_update(
   9.112          if ( hypercall_preempt_check() )
   9.113          {
   9.114              rc = hypercall_create_continuation(
   9.115 -                __HYPERVISOR_mmu_update, "pipi",
   9.116 +                __HYPERVISOR_mmu_update, "hihi",
   9.117                  ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
   9.118              break;
   9.119          }
   9.120  
   9.121 -        if ( unlikely(__copy_from_user(&req, ureqs, sizeof(req)) != 0) )
   9.122 +        if ( unlikely(__copy_from_guest(&req, ureqs, 1) != 0) )
   9.123          {
   9.124 -            MEM_LOG("Bad __copy_from_user");
   9.125 +            MEM_LOG("Bad __copy_from_guest");
   9.126              rc = -EFAULT;
   9.127              break;
   9.128          }
   9.129 @@ -2212,7 +2214,7 @@ int do_mmu_update(
   9.130              break;
   9.131          }
   9.132  
   9.133 -        ureqs++;
   9.134 +        guest_handle_add_offset(ureqs, 1);
   9.135      }
   9.136  
   9.137   out:
   9.138 @@ -2222,8 +2224,9 @@ int do_mmu_update(
   9.139      process_deferred_ops(cpu);
   9.140  
   9.141      /* Add incremental work we have done to the @done output parameter. */
   9.142 -    if ( unlikely(pdone != NULL) )
   9.143 -        __put_user(done + i, pdone);
   9.144 +    done += i;
   9.145 +    if ( unlikely(!guest_handle_is_null(pdone)) )
   9.146 +        copy_to_guest(pdone, &done, 1);
   9.147  
   9.148      if ( unlikely(shadow_mode_enabled(d)) )
   9.149          check_pagetable(v, "post-mmu"); /* debug */
   9.150 @@ -2684,7 +2687,7 @@ long set_gdt(struct vcpu *v,
   9.151  }
   9.152  
   9.153  
   9.154 -long do_set_gdt(unsigned long *frame_list, unsigned int entries)
   9.155 +long do_set_gdt(GUEST_HANDLE(ulong) frame_list, unsigned int entries)
   9.156  {
   9.157      int nr_pages = (entries + 511) / 512;
   9.158      unsigned long frames[16];
   9.159 @@ -2694,7 +2697,7 @@ long do_set_gdt(unsigned long *frame_lis
   9.160      if ( entries > FIRST_RESERVED_GDT_ENTRY )
   9.161          return -EINVAL;
   9.162      
   9.163 -    if ( copy_from_user(frames, frame_list, nr_pages * sizeof(unsigned long)) )
   9.164 +    if ( copy_from_guest((unsigned long *)frames, frame_list, nr_pages) )
   9.165          return -EFAULT;
   9.166  
   9.167      LOCK_BIGLOCK(current->domain);
    10.1 --- a/xen/arch/x86/physdev.c	Tue Mar 07 15:48:36 2006 +0000
    10.2 +++ b/xen/arch/x86/physdev.c	Tue Mar 07 18:40:42 2006 +0100
    10.3 @@ -6,6 +6,7 @@
    10.4  #include <xen/sched.h>
    10.5  #include <xen/irq.h>
    10.6  #include <xen/event.h>
    10.7 +#include <xen/guest_access.h>
    10.8  #include <asm/current.h>
    10.9  #include <asm/smpboot.h>
   10.10  #include <public/xen.h>
   10.11 @@ -21,13 +22,13 @@ ioapic_guest_write(
   10.12  /*
   10.13   * Demuxing hypercall.
   10.14   */
   10.15 -long do_physdev_op(struct physdev_op *uop)
   10.16 +long do_physdev_op(GUEST_HANDLE(physdev_op_t) uop)
   10.17  {
   10.18      struct physdev_op op;
   10.19      long ret;
   10.20      int  irq;
   10.21  
   10.22 -    if ( unlikely(copy_from_user(&op, uop, sizeof(op)) != 0) )
   10.23 +    if ( unlikely(copy_from_guest(&op, uop, 1) != 0) )
   10.24          return -EFAULT;
   10.25  
   10.26      switch ( op.cmd )
   10.27 @@ -101,7 +102,7 @@ long do_physdev_op(struct physdev_op *uo
   10.28          break;
   10.29      }
   10.30  
   10.31 -    if ( copy_to_user(uop, &op, sizeof(op)) )
   10.32 +    if ( copy_to_guest(uop, &op, 1) )
   10.33          ret = -EFAULT;
   10.34  
   10.35      return ret;
    11.1 --- a/xen/arch/x86/traps.c	Tue Mar 07 15:48:36 2006 +0000
    11.2 +++ b/xen/arch/x86/traps.c	Tue Mar 07 18:40:42 2006 +0100
    11.3 @@ -1404,14 +1404,14 @@ void __init trap_init(void)
    11.4  }
    11.5  
    11.6  
    11.7 -long do_set_trap_table(struct trap_info *traps)
    11.8 +long do_set_trap_table(GUEST_HANDLE(trap_info_t) traps)
    11.9  {
   11.10      struct trap_info cur;
   11.11      struct trap_info *dst = current->arch.guest_context.trap_ctxt;
   11.12      long rc = 0;
   11.13  
   11.14      /* If no table is presented then clear the entire virtual IDT. */
   11.15 -    if ( traps == NULL )
   11.16 +    if ( guest_handle_is_null(traps) )
   11.17      {
   11.18          memset(dst, 0, 256 * sizeof(*dst));
   11.19          init_int80_direct_trap(current);
   11.20 @@ -1423,11 +1423,11 @@ long do_set_trap_table(struct trap_info 
   11.21          if ( hypercall_preempt_check() )
   11.22          {
   11.23              rc = hypercall_create_continuation(
   11.24 -                __HYPERVISOR_set_trap_table, "p", traps);
   11.25 +                __HYPERVISOR_set_trap_table, "h", traps);
   11.26              break;
   11.27          }
   11.28  
   11.29 -        if ( copy_from_user(&cur, traps, sizeof(cur)) ) 
   11.30 +        if ( copy_from_guest(&cur, traps, 1) )
   11.31          {
   11.32              rc = -EFAULT;
   11.33              break;
   11.34 @@ -1443,7 +1443,7 @@ long do_set_trap_table(struct trap_info 
   11.35          if ( cur.vector == 0x80 )
   11.36              init_int80_direct_trap(current);
   11.37  
   11.38 -        traps++;
   11.39 +        guest_handle_add_offset(traps, 1);
   11.40      }
   11.41  
   11.42      return rc;
    12.1 --- a/xen/common/acm_ops.c	Tue Mar 07 15:48:36 2006 +0000
    12.2 +++ b/xen/common/acm_ops.c	Tue Mar 07 18:40:42 2006 +0100
    12.3 @@ -25,13 +25,14 @@
    12.4  #include <xen/event.h>
    12.5  #include <xen/trace.h>
    12.6  #include <xen/console.h>
    12.7 +#include <xen/guest_access.h>
    12.8  #include <asm/shadow.h>
    12.9  #include <public/sched_ctl.h>
   12.10  #include <acm/acm_hooks.h>
   12.11  
   12.12  #ifndef ACM_SECURITY
   12.13  
   12.14 -long do_acm_op(struct acm_op * u_acm_op)
   12.15 +long do_acm_op(GUEST_HANDLE(acm_op_t) u_acm_op)
   12.16  {
   12.17      return -ENOSYS;
   12.18  }
   12.19 @@ -56,7 +57,7 @@ int acm_authorize_acm_ops(struct domain 
   12.20      return 0;
   12.21  }
   12.22  
   12.23 -long do_acm_op(struct acm_op * u_acm_op)
   12.24 +long do_acm_op(GUEST_HANDLE(acm_op_t) u_acm_op)
   12.25  {
   12.26      long ret = 0;
   12.27      struct acm_op curop, *op = &curop;
   12.28 @@ -64,7 +65,7 @@ long do_acm_op(struct acm_op * u_acm_op)
   12.29      if (acm_authorize_acm_ops(current->domain, POLICY))
   12.30          return -EPERM;
   12.31  
   12.32 -    if (copy_from_user(op, u_acm_op, sizeof(*op)))
   12.33 +    if (copy_from_guest(op, u_acm_op, 1))
   12.34          return -EFAULT;
   12.35  
   12.36      if (op->interface_version != ACM_INTERFACE_VERSION)
   12.37 @@ -88,7 +89,7 @@ long do_acm_op(struct acm_op * u_acm_op)
   12.38              ret = acm_get_policy(op->u.getpolicy.pullcache,
   12.39                                   op->u.getpolicy.pullcache_size);
   12.40          if (!ret)
   12.41 -            copy_to_user(u_acm_op, op, sizeof(*op));
   12.42 +            copy_to_guest(u_acm_op, op, 1);
   12.43      }
   12.44      break;
   12.45  
   12.46 @@ -99,7 +100,7 @@ long do_acm_op(struct acm_op * u_acm_op)
   12.47              ret = acm_dump_statistics(op->u.dumpstats.pullcache,
   12.48                                        op->u.dumpstats.pullcache_size);
   12.49          if (!ret)
   12.50 -            copy_to_user(u_acm_op, op, sizeof(*op));
   12.51 +            copy_to_guest(u_acm_op, op, 1);
   12.52      }
   12.53      break;
   12.54  
   12.55 @@ -139,7 +140,7 @@ long do_acm_op(struct acm_op * u_acm_op)
   12.56                             op->u.getssid.ssidbuf,
   12.57                             op->u.getssid.ssidbuf_size);
   12.58          if (!ret)
   12.59 -            copy_to_user(u_acm_op, op, sizeof(*op));
   12.60 +            copy_to_guest(u_acm_op, op, 1);
   12.61      }
   12.62      break;
   12.63  
   12.64 @@ -215,7 +216,7 @@ long do_acm_op(struct acm_op * u_acm_op)
   12.65              ret = -ESRCH;
   12.66  
   12.67          if (!ret)
   12.68 -            copy_to_user(u_acm_op, op, sizeof(*op));
   12.69 +            copy_to_guest(u_acm_op, op, 1);
   12.70      }
   12.71      break;
   12.72  
    13.1 --- a/xen/common/bitmap.c	Tue Mar 07 15:48:36 2006 +0000
    13.2 +++ b/xen/common/bitmap.c	Tue Mar 07 18:40:42 2006 +0100
    13.3 @@ -10,7 +10,6 @@
    13.4  #include <xen/errno.h>
    13.5  #include <xen/bitmap.h>
    13.6  #include <xen/bitops.h>
    13.7 -#include <asm/uaccess.h>
    13.8  
    13.9  /*
   13.10   * bitmaps provide an array of bits, implemented using an an
    14.1 --- a/xen/common/domain.c	Tue Mar 07 15:48:36 2006 +0000
    14.2 +++ b/xen/common/domain.c	Tue Mar 07 18:40:42 2006 +0100
    14.3 @@ -18,6 +18,7 @@
    14.4  #include <xen/domain_page.h>
    14.5  #include <xen/rangeset.h>
    14.6  #include <xen/guest_access.h>
    14.7 +#include <xen/hypercall.h>
    14.8  #include <asm/debugger.h>
    14.9  #include <public/dom0_ops.h>
   14.10  #include <public/sched.h>
   14.11 @@ -399,7 +400,7 @@ int boot_vcpu(struct domain *d, int vcpu
   14.12      return arch_set_info_guest(v, ctxt);
   14.13  }
   14.14  
   14.15 -long do_vcpu_op(int cmd, int vcpuid, void *arg)
   14.16 +long do_vcpu_op(int cmd, int vcpuid, GUEST_HANDLE(void) arg)
   14.17  {
   14.18      struct domain *d = current->domain;
   14.19      struct vcpu *v;
   14.20 @@ -421,7 +422,7 @@ long do_vcpu_op(int cmd, int vcpuid, voi
   14.21              break;
   14.22          }
   14.23  
   14.24 -        if ( copy_from_user(ctxt, arg, sizeof(*ctxt)) )
   14.25 +        if ( copy_from_guest(ctxt, arg, 1) )
   14.26          {
   14.27              xfree(ctxt);
   14.28              rc = -EFAULT;
   14.29 @@ -457,35 +458,13 @@ long do_vcpu_op(int cmd, int vcpuid, voi
   14.30      {
   14.31          struct vcpu_runstate_info runstate;
   14.32          vcpu_runstate_get(v, &runstate);
   14.33 -        if ( copy_to_user(arg, &runstate, sizeof(runstate)) )
   14.34 +        if ( copy_to_guest(arg, &runstate, 1) )
   14.35              rc = -EFAULT;
   14.36          break;
   14.37      }
   14.38  
   14.39 -    case VCPUOP_register_runstate_memory_area:
   14.40 -    {
   14.41 -        struct vcpu_register_runstate_memory_area area;
   14.42 -
   14.43 -        rc = -EINVAL;
   14.44 -        if ( v != current )
   14.45 -            break;
   14.46 -
   14.47 -        rc = -EFAULT;
   14.48 -        if ( copy_from_user(&area, arg, sizeof(area)) )
   14.49 -            break;
   14.50 -
   14.51 -        if ( !access_ok(area.addr.v, sizeof(*area.addr.v)) )
   14.52 -            break;
   14.53 -
   14.54 -        rc = 0;
   14.55 -        v->runstate_guest = area.addr.v;
   14.56 -        __copy_to_user(v->runstate_guest, &v->runstate, sizeof(v->runstate));
   14.57 -
   14.58 -        break;
   14.59 -    }
   14.60 -
   14.61      default:
   14.62 -        rc = -ENOSYS;
   14.63 +        rc = arch_do_vcpu_op(cmd, v, arg);
   14.64          break;
   14.65      }
   14.66  
    15.1 --- a/xen/common/event_channel.c	Tue Mar 07 15:48:36 2006 +0000
    15.2 +++ b/xen/common/event_channel.c	Tue Mar 07 18:40:42 2006 +0100
    15.3 @@ -23,6 +23,7 @@
    15.4  #include <xen/event.h>
    15.5  #include <xen/irq.h>
    15.6  #include <xen/iocap.h>
    15.7 +#include <xen/guest_access.h>
    15.8  #include <asm/current.h>
    15.9  
   15.10  #include <public/xen.h>
   15.11 @@ -578,12 +579,12 @@ static long evtchn_unmask(evtchn_unmask_
   15.12      return 0;
   15.13  }
   15.14  
   15.15 -long do_event_channel_op(struct evtchn_op *uop)
   15.16 +long do_event_channel_op(GUEST_HANDLE(evtchn_op_t) uop)
   15.17  {
   15.18      long rc;
   15.19      struct evtchn_op op;
   15.20  
   15.21 -    if ( copy_from_user(&op, uop, sizeof(op)) != 0 )
   15.22 +    if ( copy_from_guest(&op, uop, 1) != 0 )
   15.23          return -EFAULT;
   15.24  
   15.25      if (acm_pre_event_channel(&op))
   15.26 @@ -593,31 +594,31 @@ long do_event_channel_op(struct evtchn_o
   15.27      {
   15.28      case EVTCHNOP_alloc_unbound:
   15.29          rc = evtchn_alloc_unbound(&op.u.alloc_unbound);
   15.30 -        if ( (rc == 0) && (copy_to_user(uop, &op, sizeof(op)) != 0) )
   15.31 +        if ( (rc == 0) && (copy_to_guest(uop, &op, 1) != 0) )
   15.32              rc = -EFAULT; /* Cleaning up here would be a mess! */
   15.33          break;
   15.34  
   15.35      case EVTCHNOP_bind_interdomain:
   15.36          rc = evtchn_bind_interdomain(&op.u.bind_interdomain);
   15.37 -        if ( (rc == 0) && (copy_to_user(uop, &op, sizeof(op)) != 0) )
   15.38 +        if ( (rc == 0) && (copy_to_guest(uop, &op, 1) != 0) )
   15.39              rc = -EFAULT; /* Cleaning up here would be a mess! */
   15.40          break;
   15.41  
   15.42      case EVTCHNOP_bind_virq:
   15.43          rc = evtchn_bind_virq(&op.u.bind_virq);
   15.44 -        if ( (rc == 0) && (copy_to_user(uop, &op, sizeof(op)) != 0) )
   15.45 +        if ( (rc == 0) && (copy_to_guest(uop, &op, 1) != 0) )
   15.46              rc = -EFAULT; /* Cleaning up here would be a mess! */
   15.47          break;
   15.48  
   15.49      case EVTCHNOP_bind_ipi:
   15.50          rc = evtchn_bind_ipi(&op.u.bind_ipi);
   15.51 -        if ( (rc == 0) && (copy_to_user(uop, &op, sizeof(op)) != 0) )
   15.52 +        if ( (rc == 0) && (copy_to_guest(uop, &op, 1) != 0) )
   15.53              rc = -EFAULT; /* Cleaning up here would be a mess! */
   15.54          break;
   15.55  
   15.56      case EVTCHNOP_bind_pirq:
   15.57          rc = evtchn_bind_pirq(&op.u.bind_pirq);
   15.58 -        if ( (rc == 0) && (copy_to_user(uop, &op, sizeof(op)) != 0) )
   15.59 +        if ( (rc == 0) && (copy_to_guest(uop, &op, 1) != 0) )
   15.60              rc = -EFAULT; /* Cleaning up here would be a mess! */
   15.61          break;
   15.62  
   15.63 @@ -631,7 +632,7 @@ long do_event_channel_op(struct evtchn_o
   15.64  
   15.65      case EVTCHNOP_status:
   15.66          rc = evtchn_status(&op.u.status);
   15.67 -        if ( (rc == 0) && (copy_to_user(uop, &op, sizeof(op)) != 0) )
   15.68 +        if ( (rc == 0) && (copy_to_guest(uop, &op, 1) != 0) )
   15.69              rc = -EFAULT;
   15.70          break;
   15.71  
    16.1 --- a/xen/common/gdbstub.c	Tue Mar 07 15:48:36 2006 +0000
    16.2 +++ b/xen/common/gdbstub.c	Tue Mar 07 18:40:42 2006 +0100
    16.3 @@ -35,7 +35,6 @@
    16.4     than any actual intention.  It doesn't at the moment. */
    16.5  
    16.6  #include <xen/lib.h>
    16.7 -#include <asm/uaccess.h>
    16.8  #include <xen/spinlock.h>
    16.9  #include <xen/serial.h>
   16.10  #include <xen/irq.h>
    17.1 --- a/xen/common/grant_table.c	Tue Mar 07 15:48:36 2006 +0000
    17.2 +++ b/xen/common/grant_table.c	Tue Mar 07 18:40:42 2006 +0100
    17.3 @@ -28,8 +28,9 @@
    17.4  #include <xen/sched.h>
    17.5  #include <xen/shadow.h>
    17.6  #include <xen/mm.h>
    17.7 +#include <xen/trace.h>
    17.8 +#include <xen/guest_access.h>
    17.9  #include <acm/acm_hooks.h>
   17.10 -#include <xen/trace.h>
   17.11  
   17.12  #define PIN_FAIL(_lbl, _rc, _f, _a...)          \
   17.13      do {                                        \
   17.14 @@ -187,7 +188,7 @@ static void
   17.15  
   17.16              /* Merge two 16-bit values into a 32-bit combined update. */
   17.17              /* NB. Endianness! */
   17.18 -            prev_scombo = scombo = ((u32)sdom << 16) | (u32)sflags;
   17.19 +            scombo = ((u32)sdom << 16) | (u32)sflags;
   17.20  
   17.21              new_scombo = scombo | GTF_reading;
   17.22              if ( !(op->flags & GNTMAP_readonly) )
   17.23 @@ -198,12 +199,7 @@ static void
   17.24                               "Attempt to write-pin a r/o grant entry.\n");
   17.25              }
   17.26  
   17.27 -            /* NB. prev_scombo is updated in place to seen value. */
   17.28 -            if ( unlikely(cmpxchg_user((u32 *)&sha->flags,
   17.29 -                                       prev_scombo,
   17.30 -                                       new_scombo)) )
   17.31 -                PIN_FAIL(unlock_out, GNTST_general_error,
   17.32 -                         "Fault while modifying shared flags and domid.\n");
   17.33 +            prev_scombo = cmpxchg((u32 *)&sha->flags, scombo, new_scombo);
   17.34  
   17.35              /* Did the combined update work (did we see what we expected?). */
   17.36              if ( likely(prev_scombo == scombo) )
   17.37 @@ -306,17 +302,17 @@ static void
   17.38  
   17.39  static long
   17.40  gnttab_map_grant_ref(
   17.41 -    struct gnttab_map_grant_ref *uop, unsigned int count)
   17.42 +    GUEST_HANDLE(gnttab_map_grant_ref_t) uop, unsigned int count)
   17.43  {
   17.44      int i;
   17.45      struct gnttab_map_grant_ref op;
   17.46  
   17.47      for ( i = 0; i < count; i++ )
   17.48      {
   17.49 -        if ( unlikely(__copy_from_user(&op, &uop[i], sizeof(op))) )
   17.50 +        if ( unlikely(__copy_from_guest_offset(&op, uop, i, 1)) )
   17.51              return -EFAULT;
   17.52          __gnttab_map_grant_ref(&op);
   17.53 -        if ( unlikely(__copy_to_user(&uop[i], &op, sizeof(op))) )
   17.54 +        if ( unlikely(__copy_to_guest_offset(uop, i, &op, 1)) )
   17.55              return -EFAULT;
   17.56      }
   17.57  
   17.58 @@ -443,17 +439,17 @@ static void
   17.59  
   17.60  static long
   17.61  gnttab_unmap_grant_ref(
   17.62 -    struct gnttab_unmap_grant_ref *uop, unsigned int count)
   17.63 +    GUEST_HANDLE(gnttab_unmap_grant_ref_t) uop, unsigned int count)
   17.64  {
   17.65      int i;
   17.66      struct gnttab_unmap_grant_ref op;
   17.67  
   17.68      for ( i = 0; i < count; i++ )
   17.69      {
   17.70 -        if ( unlikely(__copy_from_user(&op, &uop[i], sizeof(op))) )
   17.71 +        if ( unlikely(__copy_from_guest_offset(&op, uop, i, 1)) )
   17.72              goto fault;
   17.73          __gnttab_unmap_grant_ref(&op);
   17.74 -        if ( unlikely(__copy_to_user(&uop[i], &op, sizeof(op))) )
   17.75 +        if ( unlikely(__copy_to_guest_offset(uop, i, &op, 1)) )
   17.76              goto fault;
   17.77      }
   17.78  
   17.79 @@ -467,7 +463,7 @@ fault:
   17.80  
   17.81  static long 
   17.82  gnttab_setup_table(
   17.83 -    struct gnttab_setup_table *uop, unsigned int count)
   17.84 +    GUEST_HANDLE(gnttab_setup_table_t) uop, unsigned int count)
   17.85  {
   17.86      struct gnttab_setup_table op;
   17.87      struct domain *d;
   17.88 @@ -478,7 +474,7 @@ gnttab_setup_table(
   17.89      if ( count != 1 )
   17.90          return -EINVAL;
   17.91  
   17.92 -    if ( unlikely(copy_from_user(&op, uop, sizeof(op)) != 0) )
   17.93 +    if ( unlikely(copy_from_guest(&op, uop, 1) != 0) )
   17.94      {
   17.95          DPRINTK("Fault while reading gnttab_setup_table_t.\n");
   17.96          return -EFAULT;
   17.97 @@ -517,14 +513,14 @@ gnttab_setup_table(
   17.98          for ( i = 0; i < op.nr_frames; i++ )
   17.99          {
  17.100              gmfn = gnttab_shared_gmfn(d, d->grant_table, i);
  17.101 -            (void)copy_to_user(&op.frame_list[i], &gmfn, sizeof(gmfn));
  17.102 +            (void)copy_to_guest_offset(op.frame_list, i, &gmfn, 1);
  17.103          }
  17.104      }
  17.105  
  17.106      put_domain(d);
  17.107  
  17.108   out:
  17.109 -    if ( unlikely(copy_to_user(uop, &op, sizeof(op))) )
  17.110 +    if ( unlikely(copy_to_guest(uop, &op, 1)) )
  17.111          return -EFAULT;
  17.112  
  17.113      return 0;
  17.114 @@ -572,15 +568,10 @@ gnttab_prepare_for_transfer(
  17.115  
  17.116          /* Merge two 16-bit values into a 32-bit combined update. */
  17.117          /* NB. Endianness! */
  17.118 -        prev_scombo = scombo = ((u32)sdom << 16) | (u32)sflags;
  17.119 +        scombo = ((u32)sdom << 16) | (u32)sflags;
  17.120  
  17.121 -        /* NB. prev_scombo is updated in place to seen value. */
  17.122 -        if ( unlikely(cmpxchg_user((u32 *)&sha->flags, prev_scombo, 
  17.123 -                                   prev_scombo | GTF_transfer_committed)) )
  17.124 -        {
  17.125 -            DPRINTK("Fault while modifying shared flags and domid.\n");
  17.126 -            goto fail;
  17.127 -        }
  17.128 +        prev_scombo = cmpxchg((u32 *)&sha->flags, scombo,
  17.129 +                              scombo | GTF_transfer_committed);
  17.130  
  17.131          /* Did the combined update work (did we see what we expected?). */
  17.132          if ( likely(prev_scombo == scombo) )
  17.133 @@ -608,7 +599,7 @@ gnttab_prepare_for_transfer(
  17.134  
  17.135  static long
  17.136  gnttab_transfer(
  17.137 -    struct gnttab_transfer *uop, unsigned int count)
  17.138 +    GUEST_HANDLE(gnttab_transfer_t) uop, unsigned int count)
  17.139  {
  17.140      struct domain *d = current->domain;
  17.141      struct domain *e;
  17.142 @@ -621,7 +612,7 @@ gnttab_transfer(
  17.143      for ( i = 0; i < count; i++ )
  17.144      {
  17.145          /* Read from caller address space. */
  17.146 -        if ( unlikely(__copy_from_user(&gop, &uop[i], sizeof(gop))) )
  17.147 +        if ( unlikely(__copy_from_guest_offset(&gop, uop, i, 1)) )
  17.148          {
  17.149              DPRINTK("gnttab_transfer: error reading req %d/%d\n", i, count);
  17.150              return -EFAULT;
  17.151 @@ -708,7 +699,7 @@ gnttab_transfer(
  17.152          gop.status = GNTST_okay;
  17.153  
  17.154      copyback:
  17.155 -        if ( unlikely(__copy_from_user(&uop[i], &gop, sizeof(gop))) )
  17.156 +        if ( unlikely(__copy_to_guest_offset(uop, i, &gop, 1)) )
  17.157          {
  17.158              DPRINTK("gnttab_transfer: error writing resp %d/%d\n", i, count);
  17.159              return -EFAULT;
  17.160 @@ -718,9 +709,9 @@ gnttab_transfer(
  17.161      return 0;
  17.162  }
  17.163  
  17.164 -long 
  17.165 +long
  17.166  do_grant_table_op(
  17.167 -    unsigned int cmd, void *uop, unsigned int count)
  17.168 +    unsigned int cmd, GUEST_HANDLE(void) uop, unsigned int count)
  17.169  {
  17.170      long rc;
  17.171      struct domain *d = current->domain;
  17.172 @@ -736,27 +727,38 @@ do_grant_table_op(
  17.173      switch ( cmd )
  17.174      {
  17.175      case GNTTABOP_map_grant_ref:
  17.176 -        if ( unlikely(!array_access_ok(
  17.177 -            uop, count, sizeof(gnttab_map_grant_ref_t))) )
  17.178 +    {
  17.179 +        GUEST_HANDLE(gnttab_map_grant_ref_t) map =
  17.180 +            guest_handle_cast(uop, gnttab_map_grant_ref_t);
  17.181 +        if ( unlikely(!guest_handle_okay(map, count)) )
  17.182              goto out;
  17.183 -        rc = gnttab_map_grant_ref((gnttab_map_grant_ref_t *)uop, count);
  17.184 +        rc = gnttab_map_grant_ref(map, count);
  17.185          break;
  17.186 +    }
  17.187      case GNTTABOP_unmap_grant_ref:
  17.188 -        if ( unlikely(!array_access_ok(
  17.189 -            uop, count, sizeof(gnttab_unmap_grant_ref_t))) )
  17.190 +    {
  17.191 +        GUEST_HANDLE(gnttab_unmap_grant_ref_t) unmap =
  17.192 +            guest_handle_cast(uop, gnttab_unmap_grant_ref_t);
  17.193 +        if ( unlikely(!guest_handle_okay(unmap, count)) )
  17.194              goto out;
  17.195 -        rc = gnttab_unmap_grant_ref(
  17.196 -            (gnttab_unmap_grant_ref_t *)uop, count);
  17.197 +        rc = gnttab_unmap_grant_ref(unmap, count);
  17.198          break;
  17.199 +    }
  17.200      case GNTTABOP_setup_table:
  17.201 -        rc = gnttab_setup_table((gnttab_setup_table_t *)uop, count);
  17.202 +    {
  17.203 +        rc = gnttab_setup_table(
  17.204 +            guest_handle_cast(uop, gnttab_setup_table_t), count);
  17.205          break;
  17.206 +    }
  17.207      case GNTTABOP_transfer:
  17.208 -        if (unlikely(!array_access_ok(
  17.209 -            uop, count, sizeof(gnttab_transfer_t))))
  17.210 +    {
  17.211 +        GUEST_HANDLE(gnttab_transfer_t) transfer =
  17.212 +            guest_handle_cast(uop, gnttab_transfer_t);
  17.213 +        if ( unlikely(!guest_handle_okay(transfer, count)) )
  17.214              goto out;
  17.215 -        rc = gnttab_transfer(uop, count);
  17.216 +        rc = gnttab_transfer(transfer, count);
  17.217          break;
  17.218 +    }
  17.219      default:
  17.220          rc = -ENOSYS;
  17.221          break;
    18.1 --- a/xen/common/kernel.c	Tue Mar 07 15:48:36 2006 +0000
    18.2 +++ b/xen/common/kernel.c	Tue Mar 07 18:40:42 2006 +0100
    18.3 @@ -11,6 +11,7 @@
    18.4  #include <xen/compile.h>
    18.5  #include <xen/sched.h>
    18.6  #include <xen/shadow.h>
    18.7 +#include <xen/guest_access.h>
    18.8  #include <asm/current.h>
    18.9  #include <public/nmi.h>
   18.10  #include <public/version.h>
   18.11 @@ -116,7 +117,7 @@ void add_taint(unsigned flag)
   18.12   * Simple hypercalls.
   18.13   */
   18.14  
   18.15 -long do_xen_version(int cmd, void *arg)
   18.16 +long do_xen_version(int cmd, GUEST_HANDLE(void) arg)
   18.17  {
   18.18      switch ( cmd )
   18.19      {
   18.20 @@ -129,7 +130,7 @@ long do_xen_version(int cmd, void *arg)
   18.21      {
   18.22          xen_extraversion_t extraversion;
   18.23          safe_strcpy(extraversion, XEN_EXTRAVERSION);
   18.24 -        if ( copy_to_user(arg, extraversion, sizeof(extraversion)) )
   18.25 +        if ( copy_to_guest(arg, (char *)extraversion, sizeof(extraversion)) )
   18.26              return -EFAULT;
   18.27          return 0;
   18.28      }
   18.29 @@ -141,7 +142,7 @@ long do_xen_version(int cmd, void *arg)
   18.30          safe_strcpy(info.compile_by,     XEN_COMPILE_BY);
   18.31          safe_strcpy(info.compile_domain, XEN_COMPILE_DOMAIN);
   18.32          safe_strcpy(info.compile_date,   XEN_COMPILE_DATE);
   18.33 -        if ( copy_to_user(arg, &info, sizeof(info)) )
   18.34 +        if ( copy_to_guest(arg, &info, 1) )
   18.35              return -EFAULT;
   18.36          return 0;
   18.37      }
   18.38 @@ -154,7 +155,7 @@ long do_xen_version(int cmd, void *arg)
   18.39          memset(info, 0, sizeof(info));
   18.40          arch_get_xen_caps(info);
   18.41  
   18.42 -        if ( copy_to_user(arg, info, sizeof(info)) )
   18.43 +        if ( copy_to_guest(arg, (char *)info, sizeof(info)) )
   18.44              return -EFAULT;
   18.45          return 0;
   18.46      }
   18.47 @@ -164,7 +165,7 @@ long do_xen_version(int cmd, void *arg)
   18.48          xen_platform_parameters_t params = {
   18.49              .virt_start = HYPERVISOR_VIRT_START
   18.50          };
   18.51 -        if ( copy_to_user(arg, &params, sizeof(params)) )
   18.52 +        if ( copy_to_guest(arg, &params, 1) )
   18.53              return -EFAULT;
   18.54          return 0;
   18.55          
   18.56 @@ -174,7 +175,7 @@ long do_xen_version(int cmd, void *arg)
   18.57      {
   18.58          xen_changeset_info_t chgset;
   18.59          safe_strcpy(chgset, XEN_CHANGESET);
   18.60 -        if ( copy_to_user(arg, chgset, sizeof(chgset)) )
   18.61 +        if ( copy_to_guest(arg, (char *)chgset, sizeof(chgset)) )
   18.62              return -EFAULT;
   18.63          return 0;
   18.64      }
   18.65 @@ -183,7 +184,7 @@ long do_xen_version(int cmd, void *arg)
   18.66      {
   18.67          xen_feature_info_t fi;
   18.68  
   18.69 -        if ( copy_from_user(&fi, arg, sizeof(fi)) )
   18.70 +        if ( copy_from_guest(&fi, arg, 1) )
   18.71              return -EFAULT;
   18.72  
   18.73          switch ( fi.submap_idx )
   18.74 @@ -202,7 +203,7 @@ long do_xen_version(int cmd, void *arg)
   18.75              return -EINVAL;
   18.76          }
   18.77  
   18.78 -        if ( copy_to_user(arg, &fi, sizeof(fi)) )
   18.79 +        if ( copy_to_guest(arg, &fi, 1) )
   18.80              return -EFAULT;
   18.81          return 0;
   18.82      }
   18.83 @@ -212,31 +213,34 @@ long do_xen_version(int cmd, void *arg)
   18.84      return -ENOSYS;
   18.85  }
   18.86  
   18.87 -long do_nmi_op(unsigned int cmd, void *arg)
   18.88 +long do_nmi_op(unsigned int cmd, GUEST_HANDLE(void) arg)
   18.89  {
   18.90      struct vcpu *v = current;
   18.91      struct domain *d = current->domain;
   18.92 +    struct xennmi_callback cb;
   18.93      long rc = 0;
   18.94  
   18.95      switch ( cmd )
   18.96      {
   18.97      case XENNMI_register_callback:
   18.98 +        rc = -EINVAL;
   18.99          if ( (d->domain_id != 0) || (v->vcpu_id != 0) )
  18.100 -        { 
  18.101 -           rc = -EINVAL;
  18.102 -        }
  18.103 -        else
  18.104 -        {
  18.105 -            v->nmi_addr = (unsigned long)arg;
  18.106 +            break;
  18.107 +
  18.108 +        rc = -EFAULT;
  18.109 +        if ( copy_from_guest(&cb, arg, 1) )
  18.110 +            break;
  18.111 +
  18.112 +        v->nmi_addr = cb.handler_address;
  18.113  #ifdef CONFIG_X86
  18.114 -            /*
  18.115 -             * If no handler was registered we can 'lose the NMI edge'.
  18.116 -             * Re-assert it now.
  18.117 -             */
  18.118 -            if ( d->shared_info->arch.nmi_reason != 0 )
  18.119 -                set_bit(_VCPUF_nmi_pending, &v->vcpu_flags);
  18.120 +        /*
  18.121 +         * If no handler was registered we can 'lose the NMI edge'. Re-assert 
  18.122 +         * it now.
  18.123 +         */
  18.124 +        if ( d->shared_info->arch.nmi_reason != 0 )
  18.125 +            set_bit(_VCPUF_nmi_pending, &v->vcpu_flags);
  18.126  #endif
  18.127 -        }
  18.128 +        rc = 0;
  18.129          break;
  18.130      case XENNMI_unregister_callback:
  18.131          v->nmi_addr = 0;
    19.1 --- a/xen/common/multicall.c	Tue Mar 07 15:48:36 2006 +0000
    19.2 +++ b/xen/common/multicall.c	Tue Mar 07 18:40:42 2006 +0100
    19.3 @@ -10,12 +10,15 @@
    19.4  #include <xen/sched.h>
    19.5  #include <xen/event.h>
    19.6  #include <xen/multicall.h>
    19.7 +#include <xen/guest_access.h>
    19.8  #include <asm/current.h>
    19.9  #include <asm/hardirq.h>
   19.10  
   19.11  struct mc_state mc_state[NR_CPUS];
   19.12  
   19.13 -long do_multicall(struct multicall_entry *call_list, unsigned int nr_calls)
   19.14 +long
   19.15 +do_multicall(
   19.16 +    GUEST_HANDLE(multicall_entry_t) call_list, unsigned int nr_calls)
   19.17  {
   19.18      struct mc_state *mcs = &mc_state[smp_processor_id()];
   19.19      unsigned int     i;
   19.20 @@ -26,22 +29,13 @@ long do_multicall(struct multicall_entry
   19.21          return -EINVAL;
   19.22      }
   19.23  
   19.24 -    if ( unlikely(!array_access_ok(call_list, nr_calls, sizeof(*call_list))) )
   19.25 -    {
   19.26 -        DPRINTK("Bad memory range %p for %u*%u bytes.\n",
   19.27 -                call_list, nr_calls, (unsigned int)sizeof(*call_list));
   19.28 +    if ( unlikely(!guest_handle_okay(call_list, nr_calls)) )
   19.29          goto fault;
   19.30 -    }
   19.31  
   19.32      for ( i = 0; i < nr_calls; i++ )
   19.33      {
   19.34 -        if ( unlikely(__copy_from_user(&mcs->call, &call_list[i], 
   19.35 -                                       sizeof(*call_list))) )
   19.36 -        {
   19.37 -            DPRINTK("Error copying from user range %p for %u bytes.\n",
   19.38 -                    &call_list[i], (unsigned int)sizeof(*call_list));
   19.39 +        if ( unlikely(__copy_from_guest_offset(&mcs->call, call_list, i, 1)) )
   19.40              goto fault;
   19.41 -        }
   19.42  
   19.43          do_multicall_call(&mcs->call);
   19.44  
   19.45 @@ -53,17 +47,12 @@ long do_multicall(struct multicall_entry
   19.46               */
   19.47              struct multicall_entry corrupt;
   19.48              memset(&corrupt, 0xAA, sizeof(corrupt));
   19.49 -            (void)__copy_to_user(&call_list[i], &corrupt, sizeof(corrupt));
   19.50 +            (void)__copy_to_guest_offset(call_list, i, &corrupt, 1);
   19.51          }
   19.52  #endif
   19.53  
   19.54 -        if ( unlikely(__copy_to_user(&call_list[i].result,
   19.55 -                                     &mcs->call.result,
   19.56 -                                     sizeof(mcs->call.result))) )
   19.57 -        {
   19.58 -            DPRINTK("Error writing result back to multicall block.\n");
   19.59 +        if ( unlikely(__copy_to_guest_offset(call_list, i, &mcs->call, 1)) )
   19.60              goto fault;
   19.61 -        }
   19.62  
   19.63          if ( hypercall_preempt_check() )
   19.64          {
   19.65 @@ -74,15 +63,15 @@ long do_multicall(struct multicall_entry
   19.66              if ( !test_bit(_MCSF_call_preempted, &mcs->flags) )
   19.67                  i++;
   19.68              else
   19.69 -                (void)__copy_to_user(&call_list[i], &mcs->call,
   19.70 -                                     sizeof(*call_list));
   19.71 +                (void)__copy_to_guest_offset(call_list, i, &mcs->call, 1);
   19.72  
   19.73              /* Only create a continuation if there is work left to be done. */
   19.74              if ( i < nr_calls )
   19.75              {
   19.76                  mcs->flags = 0;
   19.77 +                guest_handle_add_offset(call_list, i);
   19.78                  return hypercall_create_continuation(
   19.79 -                    __HYPERVISOR_multicall, "pi", &call_list[i], nr_calls-i);
   19.80 +                    __HYPERVISOR_multicall, "hi", call_list, nr_calls-i);
   19.81              }
   19.82          }
   19.83      }
    20.1 --- a/xen/common/perfc.c	Tue Mar 07 15:48:36 2006 +0000
    20.2 +++ b/xen/common/perfc.c	Tue Mar 07 18:40:42 2006 +0100
    20.3 @@ -8,7 +8,6 @@
    20.4  #include <xen/mm.h>
    20.5  #include <xen/guest_access.h>
    20.6  #include <public/dom0_ops.h>
    20.7 -#include <asm/uaccess.h>
    20.8  
    20.9  #undef  PERFCOUNTER
   20.10  #undef  PERFCOUNTER_CPU
    21.1 --- a/xen/drivers/char/console.c	Tue Mar 07 15:48:36 2006 +0000
    21.2 +++ b/xen/drivers/char/console.c	Tue Mar 07 18:40:42 2006 +0100
    21.3 @@ -22,7 +22,6 @@
    21.4  #include <xen/delay.h>
    21.5  #include <xen/guest_access.h>
    21.6  #include <asm/current.h>
    21.7 -#include <asm/uaccess.h>
    21.8  #include <asm/debugger.h>
    21.9  #include <asm/io.h>
   21.10  
   21.11 @@ -320,7 +319,7 @@ static void serial_rx(char c, struct cpu
   21.12      __serial_rx(c, regs);
   21.13  }
   21.14  
   21.15 -long guest_console_write(char *buffer, int count)
   21.16 +static long guest_console_write(GUEST_HANDLE(char) buffer, int count)
   21.17  {
   21.18      char kbuf[128], *kptr;
   21.19      int kcount;
   21.20 @@ -336,11 +335,11 @@ long guest_console_write(char *buffer, i
   21.21  
   21.22          if ( hypercall_preempt_check() )
   21.23              return hypercall_create_continuation(
   21.24 -                __HYPERVISOR_console_io, "iip",
   21.25 +                __HYPERVISOR_console_io, "iih",
   21.26                  CONSOLEIO_write, count, buffer);
   21.27  
   21.28          kcount = min_t(int, count, sizeof(kbuf)-1);
   21.29 -        if ( copy_from_user(kbuf, buffer, kcount) )
   21.30 +        if ( copy_from_guest((char *)kbuf, buffer, kcount) )
   21.31              return -EFAULT;
   21.32          kbuf[kcount] = '\0';
   21.33  
   21.34 @@ -349,14 +348,14 @@ long guest_console_write(char *buffer, i
   21.35          for ( kptr = kbuf; *kptr != '\0'; kptr++ )
   21.36              putchar_console(*kptr);
   21.37  
   21.38 -        buffer += kcount;
   21.39 -        count  -= kcount;
   21.40 +        guest_handle_add_offset(buffer, kcount);
   21.41 +        count -= kcount;
   21.42      }
   21.43  
   21.44      return 0;
   21.45  }
   21.46  
   21.47 -long do_console_io(int cmd, int count, char *buffer)
   21.48 +long do_console_io(int cmd, int count, GUEST_HANDLE(char) buffer)
   21.49  {
   21.50      long rc;
   21.51      unsigned int idx, len;
   21.52 @@ -382,7 +381,7 @@ long do_console_io(int cmd, int count, c
   21.53                  len = SERIAL_RX_SIZE - idx;
   21.54              if ( (rc + len) > count )
   21.55                  len = count - rc;
   21.56 -            if ( copy_to_user(&buffer[rc], &serial_rx_ring[idx], len) )
   21.57 +            if ( copy_to_guest_offset(buffer, rc, &serial_rx_ring[idx], len) )
   21.58              {
   21.59                  rc = -EFAULT;
   21.60                  break;
    22.1 --- a/xen/include/asm-ia64/guest_access.h	Tue Mar 07 15:48:36 2006 +0000
    22.2 +++ b/xen/include/asm-ia64/guest_access.h	Tue Mar 07 18:40:42 2006 +0100
    22.3 @@ -21,6 +21,8 @@
    22.4      (GUEST_HANDLE(type)) { _x };                \
    22.5  })
    22.6  
    22.7 +#define guest_handle_from_ptr(ptr, type) ((GUEST_HANDLE(type)) { (type *)ptr })
    22.8 +
    22.9  /*
   22.10   * Copy an array of objects to guest context via a guest handle,
   22.11   * specifying an offset into the guest array.
    23.1 --- a/xen/include/asm-ia64/hypercall.h	Tue Mar 07 15:48:36 2006 +0000
    23.2 +++ b/xen/include/asm-ia64/hypercall.h	Tue Mar 07 18:40:42 2006 +0100
    23.3 @@ -16,4 +16,6 @@ vmx_do_mmu_update(
    23.4      u64 *pdone,
    23.5      u64 foreigndom);
    23.6  
    23.7 +#define arch_do_vcpu_op(cmd, vcpu, arg) (-ENOSYS)
    23.8 +
    23.9  #endif /* __ASM_IA64_HYPERCALL_H__ */
    24.1 --- a/xen/include/asm-ia64/xensystem.h	Tue Mar 07 15:48:36 2006 +0000
    24.2 +++ b/xen/include/asm-ia64/xensystem.h	Tue Mar 07 18:40:42 2006 +0100
    24.3 @@ -75,35 +75,5 @@ extern struct task_struct *vmx_ia64_swit
    24.4  // FIXME SMP... see system.h, does this need to be different?
    24.5  #define switch_to(prev,next,last)	__switch_to(prev, next, last)
    24.6  
    24.7 -#define __cmpxchg_user(ptr, new, old, _size)				\
    24.8 -({									\
    24.9 -	register long __gu_r8 asm ("r8");				\
   24.10 -	asm volatile ("mov ar.ccv=%0;;" :: "rO"(old));			\
   24.11 -	asm volatile ("mov %1=r0;;\n"					\
   24.12 -		"[1:]\tcmpxchg"_size".acq %0=[%2],%3,ar.ccv\n"		\
   24.13 -		"\t.xdata4 \"__ex_table\", 1b-., 1f-.\n"		\
   24.14 -		"[1:]"							\
   24.15 -		: "=r"(old), "=r"(__gu_r8) :				\
   24.16 -		"r"(ptr), "r"(new) : "memory");				\
   24.17 -	__gu_r8;							\
   24.18 -})
   24.19 -
   24.20 -
   24.21 -// NOTE: Xen defines args as pointer,old,new whereas ia64 uses pointer,new,old
   24.22 -//  so reverse them here
   24.23 -#define cmpxchg_user(_p,_o,_n)					\
   24.24 -({								\
   24.25 -	register long _rc;					\
   24.26 -	ia64_mf();						\
   24.27 -	switch ( sizeof(*(_p)) ) {				\
   24.28 -	    case 1: _rc = __cmpxchg_user(_p,_n,_o,"1"); break;	\
   24.29 -	    case 2: _rc = __cmpxchg_user(_p,_n,_o,"2"); break;	\
   24.30 -	    case 4: _rc = __cmpxchg_user(_p,_n,_o,"4"); break;	\
   24.31 -	    case 8: _rc = __cmpxchg_user(_p,_n,_o,"8"); break;	\
   24.32 -	}							\
   24.33 -	ia64_mf();						\
   24.34 -	_rc;							\
   24.35 -})
   24.36 -
   24.37  #endif // __ASSEMBLY__
   24.38  #endif // _ASM_IA64_XENSYSTEM_H
    25.1 --- a/xen/include/asm-x86/hypercall.h	Tue Mar 07 15:48:36 2006 +0000
    25.2 +++ b/xen/include/asm-x86/hypercall.h	Tue Mar 07 18:40:42 2006 +0100
    25.3 @@ -5,22 +5,22 @@
    25.4  #ifndef __ASM_X86_HYPERCALL_H__
    25.5  #define __ASM_X86_HYPERCALL_H__
    25.6  
    25.7 -struct trap_info;
    25.8 +#include <public/physdev.h>
    25.9 +
   25.10  extern long
   25.11  do_set_trap_table(
   25.12 -    struct trap_info *traps);
   25.13 +    GUEST_HANDLE(trap_info_t) traps);
   25.14  
   25.15 -struct mmu_update;
   25.16  extern int
   25.17  do_mmu_update(
   25.18 -    struct mmu_update *ureqs,
   25.19 +    GUEST_HANDLE(mmu_update_t) ureqs,
   25.20      unsigned int count,
   25.21 -    unsigned int *pdone,
   25.22 +    GUEST_HANDLE(uint) pdone,
   25.23      unsigned int foreigndom);
   25.24  
   25.25  extern long
   25.26  do_set_gdt(
   25.27 -    unsigned long *frame_list,
   25.28 +    GUEST_HANDLE(ulong) frame_list,
   25.29      unsigned int entries);
   25.30  
   25.31  extern long
   25.32 @@ -52,10 +52,9 @@ do_update_va_mapping(
   25.33      u64 val64,
   25.34      unsigned long flags);
   25.35  
   25.36 -struct physdev_op;
   25.37  extern long
   25.38  do_physdev_op(
   25.39 -    struct physdev_op *uop);
   25.40 +    GUEST_HANDLE(physdev_op_t) uop);
   25.41  
   25.42  extern int
   25.43  do_update_va_mapping_otherdomain(
   25.44 @@ -66,15 +65,20 @@ do_update_va_mapping_otherdomain(
   25.45  
   25.46  extern int
   25.47  do_mmuext_op(
   25.48 -    struct mmuext_op *uops,
   25.49 +    GUEST_HANDLE(mmuext_op_t) uops,
   25.50      unsigned int count,
   25.51 -    unsigned int *pdone,
   25.52 +    GUEST_HANDLE(uint) pdone,
   25.53      unsigned int foreigndom);
   25.54  
   25.55  extern unsigned long
   25.56  do_iret(
   25.57      void);
   25.58  
   25.59 +struct vcpu;
   25.60 +extern long
   25.61 +arch_do_vcpu_op(
   25.62 +    int cmd, struct vcpu *v, GUEST_HANDLE(void) arg);
   25.63 +
   25.64  #ifdef __x86_64__
   25.65  
   25.66  extern long
    26.1 --- a/xen/include/public/acm_ops.h	Tue Mar 07 15:48:36 2006 +0000
    26.2 +++ b/xen/include/public/acm_ops.h	Tue Mar 07 18:40:42 2006 +0100
    26.3 @@ -10,6 +10,7 @@
    26.4  
    26.5  #include "xen.h"
    26.6  #include "sched_ctl.h"
    26.7 +#include "acm.h"
    26.8  
    26.9  /*
   26.10   * Make sure you increment the interface version whenever you modify this file!
   26.11 @@ -71,7 +72,7 @@ struct acm_getdecision {
   26.12      int acm_decision;           /* out */
   26.13  };
   26.14  
   26.15 -struct acm_op {
   26.16 +typedef struct acm_op {
   26.17      uint32_t cmd;
   26.18      uint32_t interface_version;      /* ACM_INTERFACE_VERSION */
   26.19      union {
   26.20 @@ -81,7 +82,8 @@ struct acm_op {
   26.21          struct acm_getssid getssid;
   26.22          struct acm_getdecision getdecision;
   26.23      } u;
   26.24 -};
   26.25 +} acm_op_t;
   26.26 +DEFINE_GUEST_HANDLE(acm_op_t);
   26.27  
   26.28  #endif                          /* __XEN_PUBLIC_ACM_OPS_H__ */
   26.29  
    27.1 --- a/xen/include/public/arch-x86_32.h	Tue Mar 07 15:48:36 2006 +0000
    27.2 +++ b/xen/include/public/arch-x86_32.h	Tue Mar 07 18:40:42 2006 +0100
    27.3 @@ -102,6 +102,7 @@ typedef struct trap_info {
    27.4      uint16_t      cs;      /* code selector                                 */
    27.5      unsigned long address; /* code offset                                   */
    27.6  } trap_info_t;
    27.7 +DEFINE_GUEST_HANDLE(trap_info_t);
    27.8  
    27.9  typedef struct cpu_user_regs {
   27.10      uint32_t ebx;
   27.11 @@ -125,6 +126,7 @@ typedef struct cpu_user_regs {
   27.12      uint16_t fs, _pad4;
   27.13      uint16_t gs, _pad5;
   27.14  } cpu_user_regs_t;
   27.15 +DEFINE_GUEST_HANDLE(cpu_user_regs_t);
   27.16  
   27.17  typedef uint64_t tsc_timestamp_t; /* RDTSC timestamp */
   27.18  
    28.1 --- a/xen/include/public/arch-x86_64.h	Tue Mar 07 15:48:36 2006 +0000
    28.2 +++ b/xen/include/public/arch-x86_64.h	Tue Mar 07 18:40:42 2006 +0100
    28.3 @@ -136,15 +136,6 @@ struct iret_context {
    28.4      uint64_t rax, r11, rcx, flags, rip, cs, rflags, rsp, ss;
    28.5      /* Bottom of iret stack frame. */
    28.6  };
    28.7 -/*
    28.8 - * For compatibility with HYPERVISOR_switch_to_user which is the old
    28.9 - * name for HYPERVISOR_iret.
   28.10 - */
   28.11 -struct switch_to_user {
   28.12 -    /* Top of stack (%rsp at point of hypercall). */
   28.13 -    uint64_t rax, r11, rcx, flags, rip, cs, rflags, rsp, ss;
   28.14 -    /* Bottom of iret stack frame. */
   28.15 -};
   28.16  
   28.17  /*
   28.18   * Send an array of these to HYPERVISOR_set_trap_table().
   28.19 @@ -166,6 +157,7 @@ typedef struct trap_info {
   28.20      uint16_t      cs;      /* code selector                                 */
   28.21      unsigned long address; /* code offset                                   */
   28.22  } trap_info_t;
   28.23 +DEFINE_GUEST_HANDLE(trap_info_t);
   28.24  
   28.25  #ifdef __GNUC__
   28.26  /* Anonymous union includes both 32- and 64-bit names (e.g., eax/rax). */
   28.27 @@ -205,6 +197,7 @@ typedef struct cpu_user_regs {
   28.28      uint16_t fs, _pad5[3]; /* Non-zero => takes precedence over fs_base.     */
   28.29      uint16_t gs, _pad6[3]; /* Non-zero => takes precedence over gs_base_usr. */
   28.30  } cpu_user_regs_t;
   28.31 +DEFINE_GUEST_HANDLE(cpu_user_regs_t);
   28.32  
   28.33  #undef __DECL_REG
   28.34  
    29.1 --- a/xen/include/public/event_channel.h	Tue Mar 07 15:48:36 2006 +0000
    29.2 +++ b/xen/include/public/event_channel.h	Tue Mar 07 18:40:42 2006 +0100
    29.3 @@ -189,6 +189,7 @@ typedef struct evtchn_op {
    29.4          evtchn_unmask_t           unmask;
    29.5      } u;
    29.6  } evtchn_op_t;
    29.7 +DEFINE_GUEST_HANDLE(evtchn_op_t);
    29.8  
    29.9  #endif /* __XEN_PUBLIC_EVENT_CHANNEL_H__ */
   29.10  
    30.1 --- a/xen/include/public/grant_table.h	Tue Mar 07 15:48:36 2006 +0000
    30.2 +++ b/xen/include/public/grant_table.h	Tue Mar 07 18:40:42 2006 +0100
    30.3 @@ -167,6 +167,7 @@ typedef struct gnttab_map_grant_ref {
    30.4      grant_handle_t handle;
    30.5      uint64_t dev_bus_addr;
    30.6  } gnttab_map_grant_ref_t;
    30.7 +DEFINE_GUEST_HANDLE(gnttab_map_grant_ref_t);
    30.8  
    30.9  /*
   30.10   * GNTTABOP_unmap_grant_ref: Destroy one or more grant-reference mappings
   30.11 @@ -188,6 +189,7 @@ typedef struct gnttab_unmap_grant_ref {
   30.12      /* OUT parameters. */
   30.13      int16_t  status;              /* GNTST_* */
   30.14  } gnttab_unmap_grant_ref_t;
   30.15 +DEFINE_GUEST_HANDLE(gnttab_unmap_grant_ref_t);
   30.16  
   30.17  /*
   30.18   * GNTTABOP_setup_table: Set up a grant table for <dom> comprising at least
   30.19 @@ -205,8 +207,9 @@ typedef struct gnttab_setup_table {
   30.20      uint32_t nr_frames;
   30.21      /* OUT parameters. */
   30.22      int16_t  status;              /* GNTST_* */
   30.23 -    unsigned long *frame_list;
   30.24 +    GUEST_HANDLE(ulong) frame_list;
   30.25  } gnttab_setup_table_t;
   30.26 +DEFINE_GUEST_HANDLE(gnttab_setup_table_t);
   30.27  
   30.28  /*
   30.29   * GNTTABOP_dump_table: Dump the contents of the grant table to the
   30.30 @@ -219,6 +222,7 @@ typedef struct gnttab_dump_table {
   30.31      /* OUT parameters. */
   30.32      int16_t status;               /* GNTST_* */
   30.33  } gnttab_dump_table_t;
   30.34 +DEFINE_GUEST_HANDLE(gnttab_dump_table_t);
   30.35  
   30.36  /*
   30.37   * GNTTABOP_transfer_grant_ref: Transfer <frame> to a foreign domain. The
   30.38 @@ -237,6 +241,7 @@ typedef struct gnttab_transfer {
   30.39      /* OUT parameters. */
   30.40      int16_t       status;
   30.41  } gnttab_transfer_t;
   30.42 +DEFINE_GUEST_HANDLE(gnttab_transfer_t);
   30.43  
   30.44  /*
   30.45   * Bitfield values for update_pin_status.flags.
    31.1 --- a/xen/include/public/nmi.h	Tue Mar 07 15:48:36 2006 +0000
    31.2 +++ b/xen/include/public/nmi.h	Tue Mar 07 18:40:42 2006 +0100
    31.3 @@ -31,9 +31,14 @@
    31.4  /*
    31.5   * Register NMI callback for this (calling) VCPU. Currently this only makes
    31.6   * sense for domain 0, vcpu 0. All other callers will be returned EINVAL.
    31.7 - * arg == address of callback function.
    31.8 + * arg == pointer to xennmi_callback structure.
    31.9   */
   31.10  #define XENNMI_register_callback   0
   31.11 +typedef struct xennmi_callback {
   31.12 +    unsigned long handler_address;
   31.13 +    unsigned long pad;
   31.14 +} xennmi_callback_t;
   31.15 +DEFINE_GUEST_HANDLE(xennmi_callback_t);
   31.16  
   31.17  /*
   31.18   * Deregister NMI callback for this (calling) VCPU.
    32.1 --- a/xen/include/public/physdev.h	Tue Mar 07 15:48:36 2006 +0000
    32.2 +++ b/xen/include/public/physdev.h	Tue Mar 07 18:40:42 2006 +0100
    32.3 @@ -56,6 +56,7 @@ typedef struct physdev_op {
    32.4          physdevop_irq_t                   irq_op;
    32.5      } u;
    32.6  } physdev_op_t;
    32.7 +DEFINE_GUEST_HANDLE(physdev_op_t);
    32.8  
    32.9  #endif /* __XEN_PUBLIC_PHYSDEV_H__ */
   32.10  
    33.1 --- a/xen/include/public/xen.h	Tue Mar 07 15:48:36 2006 +0000
    33.2 +++ b/xen/include/public/xen.h	Tue Mar 07 18:40:42 2006 +0100
    33.3 @@ -54,8 +54,6 @@
    33.4  #define __HYPERVISOR_vm_assist            21
    33.5  #define __HYPERVISOR_update_va_mapping_otherdomain 22
    33.6  #define __HYPERVISOR_iret                 23 /* x86 only */
    33.7 -#define __HYPERVISOR_switch_vm86          23 /* x86/32 only (obsolete name) */
    33.8 -#define __HYPERVISOR_switch_to_user       23 /* x86/64 only (obsolete name) */
    33.9  #define __HYPERVISOR_vcpu_op              24
   33.10  #define __HYPERVISOR_set_segment_base     25 /* x86/64 only */
   33.11  #define __HYPERVISOR_mmuext_op            26
   33.12 @@ -162,7 +160,7 @@
   33.13  #define MMUEXT_NEW_USER_BASEPTR 15
   33.14  
   33.15  #ifndef __ASSEMBLY__
   33.16 -struct mmuext_op {
   33.17 +typedef struct mmuext_op {
   33.18      unsigned int cmd;
   33.19      union {
   33.20          /* [UN]PIN_TABLE, NEW_BASEPTR, NEW_USER_BASEPTR */
   33.21 @@ -176,7 +174,8 @@ struct mmuext_op {
   33.22          /* TLB_FLUSH_MULTI, INVLPG_MULTI */
   33.23          void *vcpumask;
   33.24      } arg2;
   33.25 -};
   33.26 +} mmuext_op_t;
   33.27 +DEFINE_GUEST_HANDLE(mmuext_op_t);
   33.28  #endif
   33.29  
   33.30  /* These are passed as 'flags' to update_va_mapping. They can be ORed. */
   33.31 @@ -243,6 +242,7 @@ typedef struct mmu_update {
   33.32      uint64_t ptr;       /* Machine address of PTE. */
   33.33      uint64_t val;       /* New contents of PTE.    */
   33.34  } mmu_update_t;
   33.35 +DEFINE_GUEST_HANDLE(mmu_update_t);
   33.36  
   33.37  /*
   33.38   * Send an array of these to HYPERVISOR_multicall().
   33.39 @@ -252,6 +252,7 @@ typedef struct multicall_entry {
   33.40      unsigned long op, result;
   33.41      unsigned long args[6];
   33.42  } multicall_entry_t;
   33.43 +DEFINE_GUEST_HANDLE(multicall_entry_t);
   33.44  
   33.45  /*
   33.46   * Event channel endpoints per domain:
    34.1 --- a/xen/include/xen/hypercall.h	Tue Mar 07 15:48:36 2006 +0000
    34.2 +++ b/xen/include/xen/hypercall.h	Tue Mar 07 18:40:42 2006 +0100
    34.3 @@ -9,6 +9,7 @@
    34.4  #include <xen/types.h>
    34.5  #include <xen/time.h>
    34.6  #include <public/xen.h>
    34.7 +#include <public/acm_ops.h>
    34.8  #include <asm/hypercall.h>
    34.9  
   34.10  extern long
   34.11 @@ -20,46 +21,43 @@ do_sched_op(
   34.12      int cmd,
   34.13      unsigned long arg);
   34.14  
   34.15 -struct dom0_op;
   34.16  extern long
   34.17  do_dom0_op(
   34.18 -    struct dom0_op *u_dom0_op);
   34.19 +    GUEST_HANDLE(dom0_op_t) u_dom0_op);
   34.20  
   34.21  extern long
   34.22  do_memory_op(
   34.23      int cmd,
   34.24 -    void *arg);
   34.25 +    GUEST_HANDLE(void) arg);
   34.26  
   34.27 -struct multicall_entry;
   34.28  extern long
   34.29  do_multicall(
   34.30 -    struct multicall_entry *call_list,
   34.31 +    GUEST_HANDLE(multicall_entry_t) call_list,
   34.32      unsigned int nr_calls);
   34.33  
   34.34  extern long
   34.35  do_set_timer_op(
   34.36      s_time_t timeout);
   34.37  
   34.38 -struct evtchn_op;
   34.39  extern long
   34.40  do_event_channel_op(
   34.41 -    struct evtchn_op *uop);
   34.42 +    GUEST_HANDLE(evtchn_op_t) uop);
   34.43  
   34.44  extern long
   34.45  do_xen_version(
   34.46      int cmd,
   34.47 -    void *arg);
   34.48 +    GUEST_HANDLE(void) arg);
   34.49  
   34.50  extern long
   34.51  do_console_io(
   34.52      int cmd,
   34.53      int count,
   34.54 -    char *buffer);
   34.55 +    GUEST_HANDLE(char) buffer);
   34.56  
   34.57  extern long
   34.58  do_grant_table_op(
   34.59      unsigned int cmd,
   34.60 -    void *uop,
   34.61 +    GUEST_HANDLE(void) uop,
   34.62      unsigned int count);
   34.63  
   34.64  extern long
   34.65 @@ -71,16 +69,15 @@ extern long
   34.66  do_vcpu_op(
   34.67      int cmd,
   34.68      int vcpuid,
   34.69 -    void *arg);
   34.70 +    GUEST_HANDLE(void) arg);
   34.71  
   34.72 -struct acm_op;
   34.73  extern long
   34.74  do_acm_op(
   34.75 -    struct acm_op *u_acm_op);
   34.76 +    GUEST_HANDLE(acm_op_t) u_acm_op);
   34.77  
   34.78  extern long
   34.79  do_nmi_op(
   34.80      unsigned int cmd,
   34.81 -    void *arg);
   34.82 +    GUEST_HANDLE(void) arg);
   34.83  
   34.84  #endif /* __XEN_HYPERCALL_H__ */
    35.1 --- a/xen/include/xen/sched.h	Tue Mar 07 15:48:36 2006 +0000
    35.2 +++ b/xen/include/xen/sched.h	Tue Mar 07 18:40:42 2006 +0100
    35.3 @@ -310,7 +310,6 @@ void startup_cpu_idle_loop(void);
    35.4   * It contains one character per argument as follows:
    35.5   *  'i' [unsigned] {char, int}
    35.6   *  'l' [unsigned] long
    35.7 - *  'p' pointer (foo *)
    35.8   *  'h' guest handle (GUEST_HANDLE(foo))
    35.9   */
   35.10  unsigned long hypercall_create_continuation(