ia64/xen-unstable

changeset 9133:621d32a54e2d

Move dom0_op hypercall to the guest_handle interface (inside Xen).

Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Fri Mar 03 18:26:41 2006 +0100 (2006-03-03)
parents d088ce2d3528
children 1c46091df7ce
files xen/arch/ia64/xen/dom0_ops.c xen/arch/x86/dom0_ops.c xen/arch/x86/shadow32.c xen/arch/x86/shadow_public.c xen/common/dom0_ops.c xen/common/domain.c xen/common/perfc.c xen/drivers/char/console.c xen/include/public/arch-ia64.h xen/include/public/arch-x86_32.h xen/include/public/arch-x86_64.h xen/include/public/dom0_ops.h xen/include/xen/console.h
line diff
     1.1 --- a/xen/arch/ia64/xen/dom0_ops.c	Fri Mar 03 15:56:34 2006 +0100
     1.2 +++ b/xen/arch/ia64/xen/dom0_ops.c	Fri Mar 03 18:26:41 2006 +0100
     1.3 @@ -16,10 +16,11 @@
     1.4  #include <asm/pdb.h>
     1.5  #include <xen/trace.h>
     1.6  #include <xen/console.h>
     1.7 +#include <xen/guest_access.h>
     1.8  #include <public/sched_ctl.h>
     1.9  #include <asm/vmx.h>
    1.10  
    1.11 -long arch_do_dom0_op(dom0_op_t *op, dom0_op_t *u_dom0_op)
    1.12 +long arch_do_dom0_op(dom0_op_t *op, guest_handle(dom0_op_t) u_dom0_op)
    1.13  {
    1.14      long ret = 0;
    1.15  
    1.16 @@ -64,7 +65,7 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.17  
    1.18          put_domain(d);
    1.19  
    1.20 -        copy_to_user(u_dom0_op, op, sizeof(*op));
    1.21 +        copy_to_guest(u_dom0_op, op, 1);
    1.22      }
    1.23      break;
    1.24  
    1.25 @@ -74,7 +75,6 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.26          int n,j;
    1.27          int num = op->u.getpageframeinfo2.num;
    1.28          domid_t dom = op->u.getpageframeinfo2.domain;
    1.29 -        unsigned long *s_ptr = (unsigned long*) op->u.getpageframeinfo2.array;
    1.30          struct domain *d;
    1.31          unsigned long *l_arr;
    1.32          ret = -ESRCH;
    1.33 @@ -95,7 +95,8 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.34          {
    1.35              int k = ((num-n)>GPF2_BATCH)?GPF2_BATCH:(num-n);
    1.36  
    1.37 -            if ( copy_from_user(l_arr, &s_ptr[n], k*sizeof(unsigned long)) )
    1.38 +            if ( copy_from_guest_offset(l_arr, op->u.getpageframeinfo2.array,
    1.39 +                                        n, k) )
    1.40              {
    1.41                  ret = -EINVAL;
    1.42                  break;
    1.43 @@ -135,7 +136,8 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.44  
    1.45              }
    1.46  
    1.47 -            if ( copy_to_user(&s_ptr[n], l_arr, k*sizeof(unsigned long)) )
    1.48 +            if ( copy_to_guest_offset(op->u.getpageframeinfo2.array,
    1.49 +                                      n, l_arr, k) )
    1.50              {
    1.51                  ret = -EINVAL;
    1.52                  break;
    1.53 @@ -160,7 +162,6 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.54          unsigned long start_page = op->u.getmemlist.max_pfns >> 32;
    1.55          unsigned long nr_pages = op->u.getmemlist.max_pfns & 0xffffffff;
    1.56          unsigned long mfn;
    1.57 -        unsigned long *buffer = op->u.getmemlist.buffer;
    1.58  
    1.59          ret = -EINVAL;
    1.60          if ( d != NULL )
    1.61 @@ -180,16 +181,16 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.62              {
    1.63                  mfn = gmfn_to_mfn_foreign(d, i);
    1.64  
    1.65 -                if ( put_user(mfn, buffer) )
    1.66 +                if ( copy_to_guest_offset(op->u.getmemlist.buffer,
    1.67 +                                          i - start_page, &mfn, 1) )
    1.68                  {
    1.69                      ret = -EFAULT;
    1.70                      break;
    1.71                  }
    1.72 -                buffer++;
    1.73              }
    1.74  
    1.75              op->u.getmemlist.num_pfns = i - start_page;
    1.76 -            copy_to_user(u_dom0_op, op, sizeof(*op));
    1.77 +            copy_to_guest(u_dom0_op, op, 1);
    1.78              
    1.79              put_domain(d);
    1.80          }
    1.81 @@ -211,7 +212,7 @@ long arch_do_dom0_op(dom0_op_t *op, dom0
    1.82          memset(pi->hw_cap, 0, sizeof(pi->hw_cap));
    1.83          //memcpy(pi->hw_cap, boot_cpu_data.x86_capability, NCAPINTS*4);
    1.84          ret = 0;
    1.85 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
    1.86 +        if ( copy_to_guest(u_dom0_op, op, 1) )
    1.87              ret = -EFAULT;
    1.88      }
    1.89      break;
     2.1 --- a/xen/arch/x86/dom0_ops.c	Fri Mar 03 15:56:34 2006 +0100
     2.2 +++ b/xen/arch/x86/dom0_ops.c	Fri Mar 03 18:26:41 2006 +0100
     2.3 @@ -10,6 +10,7 @@
     2.4  #include <xen/types.h>
     2.5  #include <xen/lib.h>
     2.6  #include <xen/mm.h>
     2.7 +#include <xen/guest_access.h>
     2.8  #include <public/dom0_ops.h>
     2.9  #include <xen/sched.h>
    2.10  #include <xen/event.h>
    2.11 @@ -48,7 +49,7 @@ static void read_msr_for(void *unused)
    2.12          (void)rdmsr_safe(msr_addr, msr_lo, msr_hi);
    2.13  }
    2.14  
    2.15 -long arch_do_dom0_op(struct dom0_op *op, struct dom0_op *u_dom0_op)
    2.16 +long arch_do_dom0_op(struct dom0_op *op, guest_handle(dom0_op_t) u_dom0_op)
    2.17  {
    2.18      long ret = 0;
    2.19  
    2.20 @@ -75,7 +76,7 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.21  
    2.22              op->u.msr.out1 = msr_lo;
    2.23              op->u.msr.out2 = msr_hi;
    2.24 -            copy_to_user(u_dom0_op, op, sizeof(*op));
    2.25 +            copy_to_guest(u_dom0_op, op, 1);
    2.26          }
    2.27          ret = 0;
    2.28      }
    2.29 @@ -90,7 +91,7 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.30          {
    2.31              ret = shadow_mode_control(d, &op->u.shadow_control);
    2.32              put_domain(d);
    2.33 -            copy_to_user(u_dom0_op, op, sizeof(*op));
    2.34 +            copy_to_guest(u_dom0_op, op, 1);
    2.35          } 
    2.36      }
    2.37      break;
    2.38 @@ -102,10 +103,11 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.39              op->u.add_memtype.nr_mfns,
    2.40              op->u.add_memtype.type,
    2.41              1);
    2.42 -        if (ret > 0)
    2.43 +        if ( ret > 0 )
    2.44          {
    2.45 -            (void)__put_user(0, &u_dom0_op->u.add_memtype.handle);
    2.46 -            (void)__put_user(ret, &u_dom0_op->u.add_memtype.reg);
    2.47 +            op->u.add_memtype.handle = 0;
    2.48 +            op->u.add_memtype.reg    = ret;
    2.49 +            (void)copy_to_guest(u_dom0_op, op, 1);
    2.50              ret = 0;
    2.51          }
    2.52      }
    2.53 @@ -136,9 +138,10 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.54          if ( op->u.read_memtype.reg < num_var_ranges )
    2.55          {
    2.56              mtrr_if->get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type);
    2.57 -            (void)__put_user(mfn, &u_dom0_op->u.read_memtype.mfn);
    2.58 -            (void)__put_user(nr_mfns, &u_dom0_op->u.read_memtype.nr_mfns);
    2.59 -            (void)__put_user(type, &u_dom0_op->u.read_memtype.type);
    2.60 +            op->u.read_memtype.mfn     = mfn;
    2.61 +            op->u.read_memtype.nr_mfns = nr_mfns;
    2.62 +            op->u.read_memtype.type    = type;
    2.63 +            (void)copy_to_guest(u_dom0_op, op, 1);
    2.64              ret = 0;
    2.65          }
    2.66      }
    2.67 @@ -147,7 +150,7 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.68      case DOM0_MICROCODE:
    2.69      {
    2.70          extern int microcode_update(void *buf, unsigned long len);
    2.71 -        ret = microcode_update(op->u.microcode.data, op->u.microcode.length);
    2.72 +        ret = microcode_update(op->u.microcode.data.p, op->u.microcode.length);
    2.73      }
    2.74      break;
    2.75  
    2.76 @@ -195,7 +198,7 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.77          memset(pi->hw_cap, 0, sizeof(pi->hw_cap));
    2.78          memcpy(pi->hw_cap, boot_cpu_data.x86_capability, NCAPINTS*4);
    2.79          ret = 0;
    2.80 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
    2.81 +        if ( copy_to_guest(u_dom0_op, op, 1) )
    2.82              ret = -EFAULT;
    2.83      }
    2.84      break;
    2.85 @@ -245,7 +248,7 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.86  
    2.87          put_domain(d);
    2.88  
    2.89 -        copy_to_user(u_dom0_op, op, sizeof(*op));
    2.90 +        copy_to_guest(u_dom0_op, op, 1);
    2.91      }
    2.92      break;
    2.93  
    2.94 @@ -255,7 +258,6 @@ long arch_do_dom0_op(struct dom0_op *op,
    2.95          int n,j;
    2.96          int num = op->u.getpageframeinfo2.num;
    2.97          domid_t dom = op->u.getpageframeinfo2.domain;
    2.98 -        unsigned long *s_ptr = (unsigned long*) op->u.getpageframeinfo2.array;
    2.99          struct domain *d;
   2.100          unsigned long *l_arr;
   2.101          ret = -ESRCH;
   2.102 @@ -277,7 +279,8 @@ long arch_do_dom0_op(struct dom0_op *op,
   2.103          {
   2.104              int k = ((num-n)>GPF2_BATCH)?GPF2_BATCH:(num-n);
   2.105  
   2.106 -            if ( copy_from_user(l_arr, &s_ptr[n], k*sizeof(unsigned long)) )
   2.107 +            if ( copy_from_guest_offset(l_arr, op->u.getpageframeinfo2.array,
   2.108 +                                        n, k) )
   2.109              {
   2.110                  ret = -EINVAL;
   2.111                  break;
   2.112 @@ -320,7 +323,8 @@ long arch_do_dom0_op(struct dom0_op *op,
   2.113  
   2.114              }
   2.115  
   2.116 -            if ( copy_to_user(&s_ptr[n], l_arr, k*sizeof(unsigned long)) )
   2.117 +            if ( copy_to_guest_offset(op->u.getpageframeinfo2.array,
   2.118 +                                      n, l_arr, k) )
   2.119              {
   2.120                  ret = -EINVAL;
   2.121                  break;
   2.122 @@ -341,7 +345,6 @@ long arch_do_dom0_op(struct dom0_op *op,
   2.123          struct domain *d = find_domain_by_id(op->u.getmemlist.domain);
   2.124          unsigned long max_pfns = op->u.getmemlist.max_pfns;
   2.125          unsigned long mfn;
   2.126 -        unsigned long *buffer = op->u.getmemlist.buffer;
   2.127          struct list_head *list_ent;
   2.128  
   2.129          ret = -EINVAL;
   2.130 @@ -353,19 +356,20 @@ long arch_do_dom0_op(struct dom0_op *op,
   2.131              list_ent = d->page_list.next;
   2.132              for ( i = 0; (i < max_pfns) && (list_ent != &d->page_list); i++ )
   2.133              {
   2.134 -                mfn = page_to_mfn(list_entry(list_ent, struct page_info, list));
   2.135 -                if ( put_user(mfn, buffer) )
   2.136 +                mfn = page_to_mfn(list_entry(
   2.137 +                    list_ent, struct page_info, list));
   2.138 +                if ( copy_to_guest_offset(op->u.getmemlist.buffer,
   2.139 +                                          i, &mfn, 1) )
   2.140                  {
   2.141                      ret = -EFAULT;
   2.142                      break;
   2.143                  }
   2.144 -                buffer++;
   2.145                  list_ent = mfn_to_page(mfn)->list.next;
   2.146              }
   2.147              spin_unlock(&d->page_alloc_lock);
   2.148  
   2.149              op->u.getmemlist.num_pfns = i;
   2.150 -            copy_to_user(u_dom0_op, op, sizeof(*op));
   2.151 +            copy_to_guest(u_dom0_op, op, 1);
   2.152              
   2.153              put_domain(d);
   2.154          }
   2.155 @@ -401,13 +405,12 @@ long arch_do_dom0_op(struct dom0_op *op,
   2.156              entry.start  = e820.map[i].addr;
   2.157              entry.end    = e820.map[i].addr + e820.map[i].size;
   2.158              entry.is_ram = (e820.map[i].type == E820_RAM);
   2.159 -            (void)copy_to_user(
   2.160 -                &op->u.physical_memory_map.memory_map[i],
   2.161 -                &entry, sizeof(entry));
   2.162 +            (void)copy_to_guest_offset(
   2.163 +                op->u.physical_memory_map.memory_map, i, &entry, 1);
   2.164          }
   2.165  
   2.166          op->u.physical_memory_map.nr_map_entries = i;
   2.167 -        (void)copy_to_user(u_dom0_op, op, sizeof(*op));
   2.168 +        (void)copy_to_guest(u_dom0_op, op, 1);
   2.169      }
   2.170      break;
   2.171  
     3.1 --- a/xen/arch/x86/shadow32.c	Fri Mar 03 15:56:34 2006 +0100
     3.2 +++ b/xen/arch/x86/shadow32.c	Fri Mar 03 18:26:41 2006 +0100
     3.3 @@ -29,6 +29,7 @@
     3.4  #include <xen/event.h>
     3.5  #include <xen/sched.h>
     3.6  #include <xen/trace.h>
     3.7 +#include <xen/guest_access.h>
     3.8  
     3.9  #define MFN_PINNED(_x) (mfn_to_page(_x)->u.inuse.type_info & PGT_pinned)
    3.10  #define va_to_l1mfn(_ed, _va) \
    3.11 @@ -1508,14 +1509,14 @@ static int shadow_mode_table_op(
    3.12          d->arch.shadow_fault_count       = 0;
    3.13          d->arch.shadow_dirty_count       = 0;
    3.14   
    3.15 -        if ( (sc->dirty_bitmap == NULL) || 
    3.16 +        if ( guest_handle_is_null(sc->dirty_bitmap) ||
    3.17               (d->arch.shadow_dirty_bitmap == NULL) )
    3.18          {
    3.19              rc = -EINVAL;
    3.20              break;
    3.21          }
    3.22  
    3.23 -        if(sc->pages > d->arch.shadow_dirty_bitmap_size)
    3.24 +        if ( sc->pages > d->arch.shadow_dirty_bitmap_size )
    3.25              sc->pages = d->arch.shadow_dirty_bitmap_size; 
    3.26  
    3.27  #define chunk (8*1024) /* Transfer and clear in 1kB chunks for L1 cache. */
    3.28 @@ -1524,10 +1525,10 @@ static int shadow_mode_table_op(
    3.29              int bytes = ((((sc->pages - i) > chunk) ?
    3.30                            chunk : (sc->pages - i)) + 7) / 8;
    3.31       
    3.32 -            if (copy_to_user(
    3.33 -                    sc->dirty_bitmap + (i/(8*sizeof(unsigned long))),
    3.34 -                    d->arch.shadow_dirty_bitmap +(i/(8*sizeof(unsigned long))),
    3.35 -                    bytes))
    3.36 +            if ( copy_to_guest_offset(
    3.37 +                sc->dirty_bitmap, i/(8*sizeof(unsigned long)),
    3.38 +                d->arch.shadow_dirty_bitmap +(i/(8*sizeof(unsigned long))),
    3.39 +                (bytes+sizeof(unsigned long)-1) / sizeof(unsigned long)) )
    3.40              {
    3.41                  rc = -EINVAL;
    3.42                  break;
    3.43 @@ -1544,18 +1545,20 @@ static int shadow_mode_table_op(
    3.44          sc->stats.fault_count       = d->arch.shadow_fault_count;
    3.45          sc->stats.dirty_count       = d->arch.shadow_dirty_count;
    3.46  
    3.47 -        if ( (sc->dirty_bitmap == NULL) || 
    3.48 +        if ( guest_handle_is_null(sc->dirty_bitmap) ||
    3.49               (d->arch.shadow_dirty_bitmap == NULL) )
    3.50          {
    3.51              rc = -EINVAL;
    3.52              break;
    3.53          }
    3.54   
    3.55 -        if(sc->pages > d->arch.shadow_dirty_bitmap_size)
    3.56 +        if ( sc->pages > d->arch.shadow_dirty_bitmap_size )
    3.57              sc->pages = d->arch.shadow_dirty_bitmap_size; 
    3.58  
    3.59 -        if (copy_to_user(sc->dirty_bitmap, 
    3.60 -                         d->arch.shadow_dirty_bitmap, (sc->pages+7)/8))
    3.61 +        if ( copy_to_guest(sc->dirty_bitmap, 
    3.62 +                           d->arch.shadow_dirty_bitmap,
    3.63 +                           (((sc->pages+7)/8)+sizeof(unsigned long)-1) /
    3.64 +                           sizeof(unsigned long)) )
    3.65          {
    3.66              rc = -EINVAL;
    3.67              break;
     4.1 --- a/xen/arch/x86/shadow_public.c	Fri Mar 03 15:56:34 2006 +0100
     4.2 +++ b/xen/arch/x86/shadow_public.c	Fri Mar 03 18:26:41 2006 +0100
     4.3 @@ -29,6 +29,7 @@
     4.4  #include <xen/event.h>
     4.5  #include <xen/sched.h>
     4.6  #include <xen/trace.h>
     4.7 +#include <xen/guest_access.h>
     4.8  #include <asm/shadow_64.h>
     4.9  
    4.10  static int alloc_p2m_table(struct domain *d);
    4.11 @@ -1267,14 +1268,14 @@ static int shadow_mode_table_op(
    4.12          d->arch.shadow_fault_count       = 0;
    4.13          d->arch.shadow_dirty_count       = 0;
    4.14   
    4.15 -        if ( (sc->dirty_bitmap == NULL) || 
    4.16 +        if ( guest_handle_is_null(sc->dirty_bitmap) ||
    4.17               (d->arch.shadow_dirty_bitmap == NULL) )
    4.18          {
    4.19              rc = -EINVAL;
    4.20              break;
    4.21          }
    4.22  
    4.23 -        if(sc->pages > d->arch.shadow_dirty_bitmap_size)
    4.24 +        if ( sc->pages > d->arch.shadow_dirty_bitmap_size )
    4.25              sc->pages = d->arch.shadow_dirty_bitmap_size; 
    4.26  
    4.27  #define chunk (8*1024) /* Transfer and clear in 1kB chunks for L1 cache. */
    4.28 @@ -1283,10 +1284,10 @@ static int shadow_mode_table_op(
    4.29              int bytes = ((((sc->pages - i) > chunk) ?
    4.30                            chunk : (sc->pages - i)) + 7) / 8;
    4.31  
    4.32 -            if (copy_to_user(
    4.33 -                sc->dirty_bitmap + (i/(8*sizeof(unsigned long))),
    4.34 +            if ( copy_to_guest_offset(
    4.35 +                sc->dirty_bitmap, i/(8*sizeof(unsigned long)),
    4.36                  d->arch.shadow_dirty_bitmap +(i/(8*sizeof(unsigned long))),
    4.37 -                bytes))
    4.38 +                (bytes+sizeof(unsigned long)-1) / sizeof(unsigned long)) )
    4.39              {
    4.40                  rc = -EINVAL;
    4.41                  break;
    4.42 @@ -1302,18 +1303,20 @@ static int shadow_mode_table_op(
    4.43          sc->stats.fault_count       = d->arch.shadow_fault_count;
    4.44          sc->stats.dirty_count       = d->arch.shadow_dirty_count;
    4.45   
    4.46 -        if ( (sc->dirty_bitmap == NULL) || 
    4.47 +        if ( guest_handle_is_null(sc->dirty_bitmap) ||
    4.48               (d->arch.shadow_dirty_bitmap == NULL) )
    4.49          {
    4.50              rc = -EINVAL;
    4.51              break;
    4.52          }
    4.53   
    4.54 -        if(sc->pages > d->arch.shadow_dirty_bitmap_size)
    4.55 +        if ( sc->pages > d->arch.shadow_dirty_bitmap_size )
    4.56              sc->pages = d->arch.shadow_dirty_bitmap_size; 
    4.57  
    4.58 -        if (copy_to_user(sc->dirty_bitmap, 
    4.59 -                         d->arch.shadow_dirty_bitmap, (sc->pages+7)/8))
    4.60 +        if ( copy_to_guest(sc->dirty_bitmap, 
    4.61 +                           d->arch.shadow_dirty_bitmap,
    4.62 +                           (((sc->pages+7)/8)+sizeof(unsigned long)-1) /
    4.63 +                           sizeof(unsigned long)) )
    4.64          {
    4.65              rc = -EINVAL;
    4.66              break;
     5.1 --- a/xen/common/dom0_ops.c	Fri Mar 03 15:56:34 2006 +0100
     5.2 +++ b/xen/common/dom0_ops.c	Fri Mar 03 18:26:41 2006 +0100
     5.3 @@ -17,13 +17,14 @@
     5.4  #include <xen/trace.h>
     5.5  #include <xen/console.h>
     5.6  #include <xen/iocap.h>
     5.7 +#include <xen/guest_access.h>
     5.8  #include <asm/current.h>
     5.9  #include <public/dom0_ops.h>
    5.10  #include <public/sched_ctl.h>
    5.11  #include <acm/acm_hooks.h>
    5.12  
    5.13  extern long arch_do_dom0_op(
    5.14 -    struct dom0_op *op, struct dom0_op *u_dom0_op);
    5.15 +    struct dom0_op *op, guest_handle(dom0_op_t) u_dom0_op);
    5.16  extern void arch_getdomaininfo_ctxt(
    5.17      struct vcpu *, struct vcpu_guest_context *);
    5.18  
    5.19 @@ -89,7 +90,7 @@ static void getdomaininfo(struct domain 
    5.20      memcpy(info->handle, d->handle, sizeof(xen_domain_handle_t));
    5.21  }
    5.22  
    5.23 -long do_dom0_op(struct dom0_op *u_dom0_op)
    5.24 +long do_dom0_op(guest_handle(dom0_op_t) u_dom0_op)
    5.25  {
    5.26      long ret = 0;
    5.27      struct dom0_op curop, *op = &curop;
    5.28 @@ -99,7 +100,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
    5.29      if ( !IS_PRIV(current->domain) )
    5.30          return -EPERM;
    5.31  
    5.32 -    if ( copy_from_user(op, u_dom0_op, sizeof(*op)) )
    5.33 +    if ( copy_from_guest(op, u_dom0_op, 1) )
    5.34          return -EFAULT;
    5.35  
    5.36      if ( op->interface_version != DOM0_INTERFACE_VERSION )
    5.37 @@ -239,7 +240,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
    5.38          ret = 0;
    5.39  
    5.40          op->u.createdomain.domain = d->domain_id;
    5.41 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
    5.42 +        if ( copy_to_guest(u_dom0_op, op, 1) )
    5.43              ret = -EFAULT;
    5.44      }
    5.45      break;
    5.46 @@ -357,7 +358,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
    5.47      case DOM0_SCHEDCTL:
    5.48      {
    5.49          ret = sched_ctl(&op->u.schedctl);
    5.50 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
    5.51 +        if ( copy_to_guest(u_dom0_op, op, 1) )
    5.52              ret = -EFAULT;
    5.53      }
    5.54      break;
    5.55 @@ -365,7 +366,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
    5.56      case DOM0_ADJUSTDOM:
    5.57      {
    5.58          ret = sched_adjdom(&op->u.adjustdom);
    5.59 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
    5.60 +        if ( copy_to_guest(u_dom0_op, op, 1) )
    5.61              ret = -EFAULT;
    5.62      }
    5.63      break;
    5.64 @@ -398,20 +399,17 @@ long do_dom0_op(struct dom0_op *u_dom0_o
    5.65  
    5.66          getdomaininfo(d, &op->u.getdomaininfo);
    5.67  
    5.68 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )     
    5.69 +        if ( copy_to_guest(u_dom0_op, op, 1) )
    5.70              ret = -EFAULT;
    5.71  
    5.72          put_domain(d);
    5.73      }
    5.74      break;
    5.75  
    5.76 -
    5.77 -
    5.78      case DOM0_GETDOMAININFOLIST:
    5.79      { 
    5.80          struct domain *d;
    5.81          dom0_getdomaininfo_t info;
    5.82 -        dom0_getdomaininfo_t *buffer = op->u.getdomaininfolist.buffer;
    5.83          u32 num_domains = 0;
    5.84  
    5.85          read_lock(&domlist_lock);
    5.86 @@ -432,13 +430,13 @@ long do_dom0_op(struct dom0_op *u_dom0_o
    5.87  
    5.88              put_domain(d);
    5.89  
    5.90 -            if ( copy_to_user(buffer, &info, sizeof(dom0_getdomaininfo_t)) )
    5.91 +            if ( copy_to_guest_offset(op->u.getdomaininfolist.buffer,
    5.92 +                                      num_domains, &info, 1) )
    5.93              {
    5.94                  ret = -EFAULT;
    5.95                  break;
    5.96              }
    5.97              
    5.98 -            buffer++;
    5.99              num_domains++;
   5.100          }
   5.101          
   5.102 @@ -449,7 +447,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.103          
   5.104          op->u.getdomaininfolist.num_domains = num_domains;
   5.105  
   5.106 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
   5.107 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.108              ret = -EFAULT;
   5.109      }
   5.110      break;
   5.111 @@ -489,12 +487,12 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.112          if ( v != current )
   5.113              vcpu_unpause(v);
   5.114  
   5.115 -        if ( copy_to_user(op->u.getvcpucontext.ctxt, c, sizeof(*c)) )
   5.116 +        if ( copy_to_guest(op->u.getvcpucontext.ctxt, c, 1) )
   5.117              ret = -EFAULT;
   5.118  
   5.119          xfree(c);
   5.120  
   5.121 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )     
   5.122 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.123              ret = -EFAULT;
   5.124  
   5.125      getvcpucontext_out:
   5.126 @@ -534,7 +532,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.127                     (int)sizeof(op->u.getvcpuinfo.cpumap)));
   5.128          ret = 0;
   5.129  
   5.130 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )     
   5.131 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.132              ret = -EFAULT;
   5.133  
   5.134      getvcpuinfo_out:
   5.135 @@ -554,7 +552,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.136      case DOM0_TBUFCONTROL:
   5.137      {
   5.138          ret = tb_control(&op->u.tbufcontrol);
   5.139 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
   5.140 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.141              ret = -EFAULT;
   5.142      }
   5.143      break;
   5.144 @@ -562,10 +560,10 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.145      case DOM0_READCONSOLE:
   5.146      {
   5.147          ret = read_console_ring(
   5.148 -            &op->u.readconsole.buffer, 
   5.149 +            op->u.readconsole.buffer, 
   5.150              &op->u.readconsole.count,
   5.151              op->u.readconsole.clear); 
   5.152 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
   5.153 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.154              ret = -EFAULT;
   5.155      }
   5.156      break;
   5.157 @@ -573,7 +571,7 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.158      case DOM0_SCHED_ID:
   5.159      {
   5.160          op->u.sched_id.sched_id = sched_id();
   5.161 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
   5.162 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.163              ret = -EFAULT;
   5.164          else
   5.165              ret = 0;
   5.166 @@ -678,15 +676,15 @@ long do_dom0_op(struct dom0_op *u_dom0_o
   5.167      {
   5.168          extern int perfc_control(dom0_perfccontrol_t *);
   5.169          ret = perfc_control(&op->u.perfccontrol);
   5.170 -        if ( copy_to_user(u_dom0_op, op, sizeof(*op)) )
   5.171 +        if ( copy_to_guest(u_dom0_op, op, 1) )
   5.172              ret = -EFAULT;
   5.173      }
   5.174      break;
   5.175  #endif
   5.176  
   5.177      default:
   5.178 -        ret = arch_do_dom0_op(op,u_dom0_op);
   5.179 -
   5.180 +        ret = arch_do_dom0_op(op, u_dom0_op);
   5.181 +        break;
   5.182      }
   5.183  
   5.184      spin_unlock(&dom0_lock);
     6.1 --- a/xen/common/domain.c	Fri Mar 03 15:56:34 2006 +0100
     6.2 +++ b/xen/common/domain.c	Fri Mar 03 18:26:41 2006 +0100
     6.3 @@ -17,6 +17,7 @@
     6.4  #include <xen/softirq.h>
     6.5  #include <xen/domain_page.h>
     6.6  #include <xen/rangeset.h>
     6.7 +#include <xen/guest_access.h>
     6.8  #include <asm/debugger.h>
     6.9  #include <public/dom0_ops.h>
    6.10  #include <public/sched.h>
    6.11 @@ -380,7 +381,7 @@ int set_info_guest(struct domain *d, dom
    6.12      domain_pause(d);
    6.13  
    6.14      rc = -EFAULT;
    6.15 -    if ( copy_from_user(c, setvcpucontext->ctxt, sizeof(*c)) == 0 )
    6.16 +    if ( copy_from_guest(c, setvcpucontext->ctxt, 1) == 0 )
    6.17          rc = arch_set_info_guest(v, c);
    6.18  
    6.19      domain_unpause(d);
     7.1 --- a/xen/common/perfc.c	Fri Mar 03 15:56:34 2006 +0100
     7.2 +++ b/xen/common/perfc.c	Fri Mar 03 18:26:41 2006 +0100
     7.3 @@ -5,9 +5,10 @@
     7.4  #include <xen/perfc.h>
     7.5  #include <xen/keyhandler.h> 
     7.6  #include <xen/spinlock.h>
     7.7 +#include <xen/mm.h>
     7.8 +#include <xen/guest_access.h>
     7.9  #include <public/dom0_ops.h>
    7.10  #include <asm/uaccess.h>
    7.11 -#include <xen/mm.h>
    7.12  
    7.13  #undef  PERFCOUNTER
    7.14  #undef  PERFCOUNTER_CPU
    7.15 @@ -131,12 +132,12 @@ void perfc_reset(unsigned char key)
    7.16  
    7.17  static dom0_perfc_desc_t perfc_d[NR_PERFCTRS];
    7.18  static int               perfc_init = 0;
    7.19 -static int perfc_copy_info(dom0_perfc_desc_t *desc)
    7.20 +static int perfc_copy_info(guest_handle(dom0_perfc_desc_t) desc)
    7.21  {
    7.22      unsigned int i, j;
    7.23      atomic_t *counters = (atomic_t *)&perfcounters;
    7.24  
    7.25 -    if ( desc == NULL )
    7.26 +    if ( guest_handle_is_null(desc) )
    7.27          return 0;
    7.28  
    7.29      /* We only copy the name and array-size information once. */
    7.30 @@ -196,7 +197,7 @@ static int perfc_copy_info(dom0_perfc_de
    7.31          }
    7.32      }
    7.33  
    7.34 -    return (copy_to_user(desc, perfc_d, NR_PERFCTRS * sizeof(*desc)) ?
    7.35 +    return (copy_to_guest(desc, (dom0_perfc_desc_t *)perfc_d, NR_PERFCTRS) ?
    7.36              -EFAULT : 0);
    7.37  }
    7.38  
     8.1 --- a/xen/drivers/char/console.c	Fri Mar 03 15:56:34 2006 +0100
     8.2 +++ b/xen/drivers/char/console.c	Fri Mar 03 18:26:41 2006 +0100
     8.3 @@ -20,6 +20,7 @@
     8.4  #include <xen/keyhandler.h>
     8.5  #include <xen/mm.h>
     8.6  #include <xen/delay.h>
     8.7 +#include <xen/guest_access.h>
     8.8  #include <asm/current.h>
     8.9  #include <asm/uaccess.h>
    8.10  #include <asm/debugger.h>
    8.11 @@ -221,9 +222,8 @@ static void putchar_console_ring(int c)
    8.12          conringc = conringp - CONRING_SIZE;
    8.13  }
    8.14  
    8.15 -long read_console_ring(char **pstr, u32 *pcount, int clear)
    8.16 +long read_console_ring(guest_handle(char) str, u32 *pcount, int clear)
    8.17  {
    8.18 -    char *str = *pstr;
    8.19      unsigned int idx, len, max, sofar, c;
    8.20      unsigned long flags;
    8.21  
    8.22 @@ -239,7 +239,7 @@ long read_console_ring(char **pstr, u32 
    8.23              len = CONRING_SIZE - idx;
    8.24          if ( (sofar + len) > max )
    8.25              len = max - sofar;
    8.26 -        if ( copy_to_user(str + sofar, &conring[idx], len) )
    8.27 +        if ( copy_to_guest_offset(str, sofar, &conring[idx], len) )
    8.28              return -EFAULT;
    8.29          sofar += len;
    8.30          c += len;
     9.1 --- a/xen/include/public/arch-ia64.h	Fri Mar 03 15:56:34 2006 +0100
     9.2 +++ b/xen/include/public/arch-ia64.h	Fri Mar 03 18:26:41 2006 +0100
     9.3 @@ -298,6 +298,7 @@ typedef struct vcpu_guest_context {
     9.4      arch_initrd_info_t initrd;
     9.5      char cmdline[IA64_COMMAND_LINE_SIZE];
     9.6  } vcpu_guest_context_t;
     9.7 +define_guest_handle(vcpu_guest_context_t);
     9.8  
     9.9  #endif /* !__ASSEMBLY__ */
    9.10  
    10.1 --- a/xen/include/public/arch-x86_32.h	Fri Mar 03 15:56:34 2006 +0100
    10.2 +++ b/xen/include/public/arch-x86_32.h	Fri Mar 03 18:26:41 2006 +0100
    10.3 @@ -130,6 +130,7 @@ typedef struct vcpu_guest_context {
    10.4      unsigned long failsafe_callback_eip;
    10.5      unsigned long vm_assist;                /* VMASST_TYPE_* bitmap */
    10.6  } vcpu_guest_context_t;
    10.7 +define_guest_handle(vcpu_guest_context_t);
    10.8  
    10.9  typedef struct arch_shared_info {
   10.10      unsigned long max_pfn;                  /* max pfn that appears in table */
    11.1 --- a/xen/include/public/arch-x86_64.h	Fri Mar 03 15:56:34 2006 +0100
    11.2 +++ b/xen/include/public/arch-x86_64.h	Fri Mar 03 18:26:41 2006 +0100
    11.3 @@ -215,6 +215,7 @@ typedef struct vcpu_guest_context {
    11.4      uint64_t      gs_base_kernel;
    11.5      uint64_t      gs_base_user;
    11.6  } vcpu_guest_context_t;
    11.7 +define_guest_handle(vcpu_guest_context_t);
    11.8  
    11.9  typedef struct arch_shared_info {
   11.10      unsigned long max_pfn;                  /* max pfn that appears in table */
    12.1 --- a/xen/include/public/dom0_ops.h	Fri Mar 03 15:56:34 2006 +0100
    12.2 +++ b/xen/include/public/dom0_ops.h	Fri Mar 03 18:26:41 2006 +0100
    12.3 @@ -28,18 +28,21 @@ typedef struct dom0_getmemlist {
    12.4      /* IN variables. */
    12.5      domid_t       domain;
    12.6      unsigned long max_pfns;
    12.7 -    void         *buffer;
    12.8 +    guest_handle(ulong) buffer;
    12.9      /* OUT variables. */
   12.10      unsigned long num_pfns;
   12.11  } dom0_getmemlist_t;
   12.12 +define_guest_handle(dom0_getmemlist_t);
   12.13  
   12.14  #define DOM0_SCHEDCTL          6
   12.15   /* struct sched_ctl_cmd is from sched-ctl.h   */
   12.16  typedef struct sched_ctl_cmd dom0_schedctl_t;
   12.17 +define_guest_handle(dom0_schedctl_t);
   12.18  
   12.19  #define DOM0_ADJUSTDOM         7
   12.20  /* struct sched_adjdom_cmd is from sched-ctl.h */
   12.21  typedef struct sched_adjdom_cmd dom0_adjustdom_t;
   12.22 +define_guest_handle(dom0_adjustdom_t);
   12.23  
   12.24  #define DOM0_CREATEDOMAIN      8
   12.25  typedef struct dom0_createdomain {
   12.26 @@ -50,24 +53,28 @@ typedef struct dom0_createdomain {
   12.27      /* Identifier for new domain (auto-allocate if zero is specified). */
   12.28      domid_t domain;
   12.29  } dom0_createdomain_t;
   12.30 +define_guest_handle(dom0_createdomain_t);
   12.31  
   12.32  #define DOM0_DESTROYDOMAIN     9
   12.33  typedef struct dom0_destroydomain {
   12.34      /* IN variables. */
   12.35      domid_t domain;
   12.36  } dom0_destroydomain_t;
   12.37 +define_guest_handle(dom0_destroydomain_t);
   12.38  
   12.39  #define DOM0_PAUSEDOMAIN      10
   12.40  typedef struct dom0_pausedomain {
   12.41      /* IN parameters. */
   12.42      domid_t domain;
   12.43  } dom0_pausedomain_t;
   12.44 +define_guest_handle(dom0_pausedomain_t);
   12.45  
   12.46  #define DOM0_UNPAUSEDOMAIN    11
   12.47  typedef struct dom0_unpausedomain {
   12.48      /* IN parameters. */
   12.49      domid_t domain;
   12.50  } dom0_unpausedomain_t;
   12.51 +define_guest_handle(dom0_unpausedomain_t);
   12.52  
   12.53  #define DOM0_GETDOMAININFO    12
   12.54  typedef struct dom0_getdomaininfo {
   12.55 @@ -93,6 +100,7 @@ typedef struct dom0_getdomaininfo {
   12.56      uint32_t ssidref;
   12.57      xen_domain_handle_t handle;
   12.58  } dom0_getdomaininfo_t;
   12.59 +define_guest_handle(dom0_getdomaininfo_t);
   12.60  
   12.61  #define DOM0_SETVCPUCONTEXT   13
   12.62  typedef struct dom0_setvcpucontext {
   12.63 @@ -100,8 +108,9 @@ typedef struct dom0_setvcpucontext {
   12.64      domid_t               domain;
   12.65      uint32_t              vcpu;
   12.66      /* IN/OUT parameters */
   12.67 -    vcpu_guest_context_t *ctxt;
   12.68 +    guest_handle(vcpu_guest_context_t) ctxt;
   12.69  } dom0_setvcpucontext_t;
   12.70 +define_guest_handle(dom0_setvcpucontext_t);
   12.71  
   12.72  #define DOM0_MSR              15
   12.73  typedef struct dom0_msr {
   12.74 @@ -115,6 +124,7 @@ typedef struct dom0_msr {
   12.75      uint32_t out1;
   12.76      uint32_t out2;
   12.77  } dom0_msr_t;
   12.78 +define_guest_handle(dom0_msr_t);
   12.79  
   12.80  /*
   12.81   * Set clock such that it would read <secs,nsecs> after 00:00:00 UTC,
   12.82 @@ -127,6 +137,7 @@ typedef struct dom0_settime {
   12.83      uint32_t nsecs;
   12.84      uint64_t system_time;
   12.85  } dom0_settime_t;
   12.86 +define_guest_handle(dom0_settime_t);
   12.87  
   12.88  #define DOM0_GETPAGEFRAMEINFO 18
   12.89  #define NOTAB 0         /* normal page */
   12.90 @@ -147,6 +158,7 @@ typedef struct dom0_getpageframeinfo {
   12.91      /* Is the page PINNED to a type? */
   12.92      uint32_t type;         /* see above type defs */
   12.93  } dom0_getpageframeinfo_t;
   12.94 +define_guest_handle(dom0_getpageframeinfo_t);
   12.95  
   12.96  /*
   12.97   * Read console content from Xen buffer ring.
   12.98 @@ -154,11 +166,12 @@ typedef struct dom0_getpageframeinfo {
   12.99  #define DOM0_READCONSOLE      19
  12.100  typedef struct dom0_readconsole {
  12.101      /* IN variables. */
  12.102 -    uint32_t clear;        /* Non-zero -> clear after reading. */
  12.103 +    uint32_t clear;            /* Non-zero -> clear after reading. */
  12.104      /* IN/OUT variables. */
  12.105 -    char    *buffer;       /* In: Buffer start; Out: Used buffer start */
  12.106 -    uint32_t count;        /* In: Buffer size;  Out: Used buffer size  */
  12.107 +    guest_handle(char) buffer; /* In: Buffer start; Out: Used buffer start */
  12.108 +    uint32_t count;            /* In: Buffer size;  Out: Used buffer size  */
  12.109  } dom0_readconsole_t;
  12.110 +define_guest_handle(dom0_readconsole_t);
  12.111  
  12.112  /* 
  12.113   * Set which physical cpus a vcpu can execute on.
  12.114 @@ -170,6 +183,7 @@ typedef struct dom0_setvcpuaffinity {
  12.115      uint32_t  vcpu;
  12.116      cpumap_t  cpumap;
  12.117  } dom0_setvcpuaffinity_t;
  12.118 +define_guest_handle(dom0_setvcpuaffinity_t);
  12.119  
  12.120  /* Get trace buffers machine base address */
  12.121  #define DOM0_TBUFCONTROL       21
  12.122 @@ -189,6 +203,7 @@ typedef struct dom0_tbufcontrol {
  12.123      unsigned long buffer_mfn;
  12.124      uint32_t size;
  12.125  } dom0_tbufcontrol_t;
  12.126 +define_guest_handle(dom0_tbufcontrol_t);
  12.127  
  12.128  /*
  12.129   * Get physical information about the host machine
  12.130 @@ -204,6 +219,7 @@ typedef struct dom0_physinfo {
  12.131      unsigned long free_pages;
  12.132      uint32_t hw_cap[8];
  12.133  } dom0_physinfo_t;
  12.134 +define_guest_handle(dom0_physinfo_t);
  12.135  
  12.136  /*
  12.137   * Get the ID of the current scheduler.
  12.138 @@ -213,6 +229,7 @@ typedef struct dom0_sched_id {
  12.139      /* OUT variable */
  12.140      uint32_t sched_id;
  12.141  } dom0_sched_id_t;
  12.142 +define_guest_handle(dom0_sched_id_t);
  12.143  
  12.144  /* 
  12.145   * Control shadow pagetables operation
  12.146 @@ -234,17 +251,19 @@ typedef struct dom0_shadow_control_stats
  12.147      uint32_t dirty_net_count;     
  12.148      uint32_t dirty_block_count;     
  12.149  } dom0_shadow_control_stats_t;
  12.150 +define_guest_handle(dom0_shadow_control_stats_t);
  12.151  
  12.152  typedef struct dom0_shadow_control {
  12.153      /* IN variables. */
  12.154      domid_t        domain;
  12.155      uint32_t       op;
  12.156 -    unsigned long *dirty_bitmap; /* pointer to locked buffer */
  12.157 +    guest_handle(ulong) dirty_bitmap;
  12.158      /* IN/OUT variables. */
  12.159      unsigned long  pages;        /* size of buffer, updated with actual size */
  12.160      /* OUT variables. */
  12.161      dom0_shadow_control_stats_t stats;
  12.162  } dom0_shadow_control_t;
  12.163 +define_guest_handle(dom0_shadow_control_t);
  12.164  
  12.165  #define DOM0_SETDOMAINMAXMEM   28
  12.166  typedef struct dom0_setdomainmaxmem {
  12.167 @@ -252,6 +271,7 @@ typedef struct dom0_setdomainmaxmem {
  12.168      domid_t       domain;
  12.169      unsigned long max_memkb;
  12.170  } dom0_setdomainmaxmem_t;
  12.171 +define_guest_handle(dom0_setdomainmaxmem_t);
  12.172  
  12.173  #define DOM0_GETPAGEFRAMEINFO2 29   /* batched interface */
  12.174  typedef struct dom0_getpageframeinfo2 {
  12.175 @@ -259,8 +279,9 @@ typedef struct dom0_getpageframeinfo2 {
  12.176      domid_t        domain;
  12.177      unsigned long  num;
  12.178      /* IN/OUT variables. */
  12.179 -    unsigned long *array;
  12.180 +    guest_handle(ulong) array;
  12.181  } dom0_getpageframeinfo2_t;
  12.182 +define_guest_handle(dom0_getpageframeinfo2_t);
  12.183  
  12.184  /*
  12.185   * Request memory range (@mfn, @mfn+@nr_mfns-1) to have type @type.
  12.186 @@ -279,6 +300,7 @@ typedef struct dom0_add_memtype {
  12.187      uint32_t      handle;
  12.188      uint32_t      reg;
  12.189  } dom0_add_memtype_t;
  12.190 +define_guest_handle(dom0_add_memtype_t);
  12.191  
  12.192  /*
  12.193   * Tear down an existing memory-range type. If @handle is remembered then it
  12.194 @@ -293,6 +315,7 @@ typedef struct dom0_del_memtype {
  12.195      uint32_t handle;
  12.196      uint32_t reg;
  12.197  } dom0_del_memtype_t;
  12.198 +define_guest_handle(dom0_del_memtype_t);
  12.199  
  12.200  /* Read current type of an MTRR (x86-specific). */
  12.201  #define DOM0_READ_MEMTYPE        33
  12.202 @@ -304,6 +327,7 @@ typedef struct dom0_read_memtype {
  12.203      unsigned long nr_mfns;
  12.204      uint32_t type;
  12.205  } dom0_read_memtype_t;
  12.206 +define_guest_handle(dom0_read_memtype_t);
  12.207  
  12.208  /* Interface for controlling Xen software performance counters. */
  12.209  #define DOM0_PERFCCONTROL        34
  12.210 @@ -315,20 +339,23 @@ typedef struct dom0_perfc_desc {
  12.211      uint32_t     nr_vals;              /* number of values for this counter */
  12.212      uint32_t     vals[64];             /* array of values */
  12.213  } dom0_perfc_desc_t;
  12.214 +define_guest_handle(dom0_perfc_desc_t);
  12.215  typedef struct dom0_perfccontrol {
  12.216      /* IN variables. */
  12.217      uint32_t       op;                /*  DOM0_PERFCCONTROL_OP_??? */
  12.218      /* OUT variables. */
  12.219      uint32_t       nr_counters;       /*  number of counters */
  12.220 -    dom0_perfc_desc_t *desc;          /*  counter information (or NULL) */
  12.221 +    guest_handle(dom0_perfc_desc_t) desc; /*  counter information (or NULL) */
  12.222  } dom0_perfccontrol_t;
  12.223 +define_guest_handle(dom0_perfccontrol_t);
  12.224  
  12.225  #define DOM0_MICROCODE           35
  12.226  typedef struct dom0_microcode {
  12.227      /* IN variables. */
  12.228 -    void    *data;                    /* Pointer to microcode data */
  12.229 +    guest_handle(void) data;          /* Pointer to microcode data */
  12.230      uint32_t length;                  /* Length of microcode data. */
  12.231  } dom0_microcode_t;
  12.232 +define_guest_handle(dom0_microcode_t);
  12.233  
  12.234  #define DOM0_IOPORT_PERMISSION   36
  12.235  typedef struct dom0_ioport_permission {
  12.236 @@ -337,6 +364,7 @@ typedef struct dom0_ioport_permission {
  12.237      uint32_t nr_ports;                /* size of port range */
  12.238      uint8_t  allow_access;            /* allow or deny access to range? */
  12.239  } dom0_ioport_permission_t;
  12.240 +define_guest_handle(dom0_ioport_permission_t);
  12.241  
  12.242  #define DOM0_GETVCPUCONTEXT      37
  12.243  typedef struct dom0_getvcpucontext {
  12.244 @@ -344,8 +372,9 @@ typedef struct dom0_getvcpucontext {
  12.245      domid_t  domain;                  /* domain to be affected */
  12.246      uint32_t vcpu;                    /* vcpu # */
  12.247      /* OUT variables. */
  12.248 -    vcpu_guest_context_t *ctxt;
  12.249 +    guest_handle(vcpu_guest_context_t) ctxt;
  12.250  } dom0_getvcpucontext_t;
  12.251 +define_guest_handle(dom0_getvcpucontext_t);
  12.252  
  12.253  #define DOM0_GETVCPUINFO         43
  12.254  typedef struct dom0_getvcpuinfo {
  12.255 @@ -360,16 +389,18 @@ typedef struct dom0_getvcpuinfo {
  12.256      uint32_t cpu;                     /* current mapping   */
  12.257      cpumap_t cpumap;                  /* allowable mapping */
  12.258  } dom0_getvcpuinfo_t;
  12.259 +define_guest_handle(dom0_getvcpuinfo_t);
  12.260  
  12.261  #define DOM0_GETDOMAININFOLIST   38
  12.262  typedef struct dom0_getdomaininfolist {
  12.263      /* IN variables. */
  12.264      domid_t               first_domain;
  12.265      uint32_t              max_domains;
  12.266 -    dom0_getdomaininfo_t *buffer;
  12.267 +    guest_handle(dom0_getdomaininfo_t) buffer;
  12.268      /* OUT variables. */
  12.269      uint32_t              num_domains;
  12.270  } dom0_getdomaininfolist_t;
  12.271 +define_guest_handle(dom0_getdomaininfolist_t);
  12.272  
  12.273  #define DOM0_PLATFORM_QUIRK      39  
  12.274  #define QUIRK_NOIRQBALANCING  1
  12.275 @@ -377,37 +408,44 @@ typedef struct dom0_platform_quirk {
  12.276      /* IN variables. */
  12.277      uint32_t quirk_id;
  12.278  } dom0_platform_quirk_t;
  12.279 +define_guest_handle(dom0_platform_quirk_t);
  12.280  
  12.281  #define DOM0_PHYSICAL_MEMORY_MAP 40
  12.282 +typedef struct dom0_memory_map_entry {
  12.283 +    uint64_t start, end;
  12.284 +    uint32_t flags; /* reserved */
  12.285 +    uint8_t  is_ram;
  12.286 +} dom0_memory_map_entry_t;
  12.287 +define_guest_handle(dom0_memory_map_entry_t);
  12.288  typedef struct dom0_physical_memory_map {
  12.289      /* IN variables. */
  12.290      uint32_t max_map_entries;
  12.291      /* OUT variables. */
  12.292      uint32_t nr_map_entries;
  12.293 -    struct dom0_memory_map_entry {
  12.294 -        uint64_t start, end;
  12.295 -        uint32_t flags; /* reserved */
  12.296 -        uint8_t  is_ram;
  12.297 -    } *memory_map;
  12.298 +    guest_handle(dom0_memory_map_entry_t) memory_map;
  12.299  } dom0_physical_memory_map_t;
  12.300 +define_guest_handle(dom0_physical_memory_map_t);
  12.301  
  12.302  #define DOM0_MAX_VCPUS 41
  12.303  typedef struct dom0_max_vcpus {
  12.304      domid_t  domain;        /* domain to be affected */
  12.305      uint32_t max;           /* maximum number of vcpus */
  12.306  } dom0_max_vcpus_t;
  12.307 +define_guest_handle(dom0_max_vcpus_t);
  12.308  
  12.309  #define DOM0_SETDOMAINHANDLE 44
  12.310  typedef struct dom0_setdomainhandle {
  12.311      domid_t domain;
  12.312      xen_domain_handle_t handle;
  12.313  } dom0_setdomainhandle_t;
  12.314 +define_guest_handle(dom0_setdomainhandle_t);
  12.315  
  12.316  #define DOM0_SETDEBUGGING 45
  12.317  typedef struct dom0_setdebugging {
  12.318      domid_t domain;
  12.319      uint8_t enable;
  12.320  } dom0_setdebugging_t;
  12.321 +define_guest_handle(dom0_setdebugging_t);
  12.322  
  12.323  #define DOM0_IRQ_PERMISSION 46
  12.324  typedef struct dom0_irq_permission {
  12.325 @@ -415,6 +453,7 @@ typedef struct dom0_irq_permission {
  12.326      uint8_t pirq;
  12.327      uint8_t allow_access;    /* flag to specify enable/disable of IRQ access */
  12.328  } dom0_irq_permission_t;
  12.329 +define_guest_handle(dom0_irq_permission_t);
  12.330  
  12.331  #define DOM0_IOMEM_PERMISSION 47
  12.332  typedef struct dom0_iomem_permission {
  12.333 @@ -423,12 +462,14 @@ typedef struct dom0_iomem_permission {
  12.334      unsigned long nr_mfns;    /* number of pages in range (>0) */
  12.335      uint8_t allow_access;     /* allow (!0) or deny (0) access to range? */
  12.336  } dom0_iomem_permission_t;
  12.337 +define_guest_handle(dom0_iomem_permission_t);
  12.338   
  12.339  #define DOM0_HYPERCALL_INIT   48
  12.340  typedef struct dom0_hypercall_init {
  12.341      domid_t  domain;          /* domain to be affected */
  12.342      unsigned long mfn;        /* machine frame to be initialised */
  12.343  } dom0_hypercall_init_t;
  12.344 +define_guest_handle(dom0_hypercall_init_t);
  12.345   
  12.346  typedef struct dom0_op {
  12.347      uint32_t cmd;
  12.348 @@ -471,9 +512,10 @@ typedef struct dom0_op {
  12.349          struct dom0_irq_permission    irq_permission;
  12.350          struct dom0_iomem_permission  iomem_permission;
  12.351          struct dom0_hypercall_init    hypercall_init;
  12.352 -        uint8_t                  pad[128];
  12.353 +        uint8_t                       pad[128];
  12.354      } u;
  12.355  } dom0_op_t;
  12.356 +define_guest_handle(dom0_op_t);
  12.357  
  12.358  #endif /* __XEN_PUBLIC_DOM0_OPS_H__ */
  12.359  
    13.1 --- a/xen/include/xen/console.h	Fri Mar 03 15:56:34 2006 +0100
    13.2 +++ b/xen/include/xen/console.h	Fri Mar 03 18:26:41 2006 +0100
    13.3 @@ -13,7 +13,7 @@ extern spinlock_t console_lock;
    13.4  
    13.5  void set_printk_prefix(const char *prefix);
    13.6  
    13.7 -long read_console_ring(char **, u32 *, int);
    13.8 +long read_console_ring(guest_handle(char), u32 *, int);
    13.9  
   13.10  void init_console(void);
   13.11  void console_endboot(int disable_vga);