Martin Harvey [Mon, 5 Dec 2022 09:01:59 +0000 (09:01 +0000)]
Correct return codes during racy destruction.
Errors in PnP retun codes found when testing under driver
verifier with mixed VM lifecycle operations. Under some
rare cases, it is possible to get more than one PnP
"remove-like" operation. This results in a PnP remove
operation being processed whilst the device is already
in the deleted state.
This patch fixes the immediate cause of the bugfixes,
by fixing the return code. Device destruction is
unchanged. Investigation into the root cause is still
ongoing.
Signed-off-by: Martin Harvey <martin.harvey@citrix.com>
Cosmetic fixes.
Owen Smith [Fri, 18 Nov 2022 10:06:10 +0000 (10:06 +0000)]
Pass SignMode to MSBuild
Allows overriding of SignMode to "Off" to prevent signing binaries with the PFX
file. This is useful if wrapper builds sign binaries with alternative signatures
or when signing is not required.
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Small whitespace fix.
Paul Durrant [Mon, 31 Oct 2022 14:01:18 +0000 (14:01 +0000)]
Add build options for EWDK 22621
VisualStudioVersion = 17.0 maps to Visual Studio 2022
* Adds project files for vs2022
* Adds mapping from VisualStudioVersion 17.0 to "vs2022" project folder
* Adds mapping from VisualStudioVersion 17.0 to "Windows 10" build target
* Adds guard to build.ps1 - EWDK 22621 does not build x86 binaries
* Adds include directive where compiler intrinsics are used
Suggested-by: Owen Smith <owen.smith@citrix.com> Signed-off-by: Paul Durrant <pdurrant@amazon.com> Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Owen Smith [Thu, 5 May 2022 07:03:27 +0000 (08:03 +0100)]
Fix compiler options
Adds '/ZH:SHA_256' '/CETCOMPAT' '/sdl' to compiler and '/SafeSEH' to x86 linker
command lines
These changes were prompted by binskim https://github.com/microsoft/binskim
Note: Rule BA2004 (Warning_NativeWithInsecureStaticLibraryCompilands) is still
reported for xeniface_coinst.dll, xencontrol.dll and xenagent.exe
Owen Smith [Wed, 30 Mar 2022 09:32:23 +0000 (10:32 +0100)]
Refactor Wmi.c
* Moves functions to be in related locations in file
* Formats code to appropriate code style
* Inlines some functions that are only called from 1 location
* Uses LIST_ENTRY macros to access linked lists
But UTF8_STRING is defined by later WDKs as:
struct {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} UTF8_STRING;
This difference leads to an 0x3B BSOD when anything attempts to use any WMI
method that deals with strings.
Replace UTF8_STRING with OEM_STRING which is available in all WDKs, and has
the same definition as UTF8_STRING from later WDKs, simplifying the usage
of retrieving strings from, or putting strings into, WMI buffers.
Owen Smith [Tue, 21 Sep 2021 10:45:51 +0000 (11:45 +0100)]
Refactor string conversion in wmi.c
Colocates related string functions, removes unused functions, adjusts
whitespace and reformats functions into a consistant code style.
There are no functional changes
Owen Smith [Thu, 12 Aug 2021 12:36:12 +0000 (13:36 +0100)]
Fix CodeQL warnings
- ExAllocatePoolWithTag is deprecated for Win10 2004, use
ExAllocatePoolUninitialized instead
- Add "(VOID)" before AccessWmiBuffer, where the return value is not needed
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Extend patch to cover ioctl_gnttab.c, ioctl_store.c and ioctl_suspend.c
Owen Smith [Thu, 12 Aug 2021 12:36:11 +0000 (13:36 +0100)]
Fix SDV/CodeQL log generation
- sarif files need to be stored with SDV logs when generating the DVL file
- Disable PREFast and CodeAnalysis by default
- Run a seperate CodeAnalysis build after SDV, but before generating DVL file
DVL file should contain multiple summary lines for SDV, at least 1 line
for CodeAnalysis and at least 1 line for Semmle (CodeQL)
Owen Smith [Thu, 12 Aug 2021 12:36:10 +0000 (13:36 +0100)]
Fix build with later WDKs
- Adds alias for GetProjectInfoForReference target to version.vcxproj
Later kits seemed to have renamed the build target, and will fail without
this alias target.
- Adds "/fd sha256" to signtool command line
WDK 20344 and later require binaries signed with a SHA256 file digest, or
the build outputs are deleted
Signed-off-by: Owen Smith <owen.smith@citrix.com>
- Squash warning 4061.
Owen Smith [Mon, 5 Jul 2021 12:59:51 +0000 (13:59 +0100)]
Log if Windows Update requires a reboot
Output log line if Windows Update requires a reboot, as soon as a shutdown or
reboot has been requested, in addition to when the service shuts down. The
service shutdown will output its log line *after* the "Installing Windows
Updates" screen has completed during shutdown.
Owen Smith [Mon, 5 Jul 2021 12:59:50 +0000 (13:59 +0100)]
Refactor XenAgent
- Merge IDeviceCreator interface into CDeviceList base class
- Add CXenIfaceDeviceList and CConvDeviceList, derived from CDeviceList
- Moves IFace functionality to CXenIfaceDeviceList
- Moves Conv device functionality to CConvDeviceList
- Seperate RegisterDeviceNotification from SetupApi enumeration, so that static
devices do not need to hold the handle open (i.e. Conv device)
- CConvDeviceList only opens the handle when neccessary, as the MS driver for
the ACPI device only allows 1 open handle at a time.
Owen Smith [Fri, 5 Mar 2021 10:15:25 +0000 (10:15 +0000)]
Add CodeQL build stage
CodeQL logs will be required for future WHQL submissions. Add a stage
that generates the required SARIF files. CodeQL is a semantic code
analysis engine, which will highlight vunerabilities that will need
fixing.
In order to use CodeQL, the CodeQL binaries must be on the path and the
Windows-Driver-Developer-Supplemental-Tools must be on the path defined
by the CODEQL_QUERY_SUITE environment variable (if defined), or under
the parent folder (if CODEQL_QUERY_SUITE variable is not defined)
Note: Due to the way the codeql command line is built, using quotes in a
MSBuild command line is not possible, so generate a batch file to wrap
the command line.
Inherit versioning info from environment if present
As the drivers stabilize and mature, there is an ever-growing
chance that other opensource virtualization projects will adopt
them. Allow external projects to inject their own versioning
into the drivers instead of hardcoding the latest winpv version.
Signed-off-by: Nicholas Tsirakis <tsirakisn@ainfosec.com> Acked-by: Owen Smith <owen.smith@citrix.com>
Often times we only need to build a driver for a single
targeted architecture. Continue to build both by default,
but allow the user to specify one if desired.
Signed-off-by: Nicholas Tsirakis <tsirakisn@ainfosec.com>
Use [string]::IsNullOrEmpty($Arch)
Prevent a xenagent timeout (and live kernel dump) on S3/S4 transition by
changing CXenIfaceCreator::Log to use TryEnterCriticalSection.
Otherwise, a timeout occurs when the service control handler fails to
return due to attempting to enter a critical section object that the
main service thread already owns while responding to the
control/shutdown xenstore watch.
Signed-off-by: Troy Crosley <troycrosley@gmail.com>
[Re-ordered if statement] Signed-off-by: Paul Durrant <paul@xen.org>
Clear rather than remove control/feature-XXX keys.
These keys should stick around when disabled since they're present at
boot. This also fixes an issue where the keys are unable to be written
on wake from S3 or S4.
Signed-off-by: Troy Crosley <troycrosley@gmail.com> Reviewed-by: Paul Durrant <paul@xen.org>
Owen Smith [Tue, 30 Jun 2020 10:44:44 +0000 (11:44 +0100)]
Avoid redefinition of UTF8_STRING
UTF8_STRING is defined by MSVC 14.23 (_MSC_VER 1923, VisualStudio 16.3)
Use preprocessor to only define UTF8_STRING on earlier compiler
versions. This allows XenIface to build with both EWDK 19h1 18362.84 and
EWDK vb_release 19041.1
These bugchecks have been observed in recent updates of Server 2019.
This patch, rather than replacing calls to MmAllocatePagesForMdlEx() with
calls to MmMapLockedPagesSpecifyCache(), just avoids passing
MM_DONT_ZERO_ALLOCATION to work round the bug.
The patch instead passes MM_ALLOCATE_FULLY_REQUIRED, which arguably should
have always been passed for allocations larger than a single page. It also
fixes a formatting issue.
NOTE: Nothing in XENIFACE currently calls __AllocatePages() so this patch is
not strictly necessary. However, in case a caller is added in future,
it is best to keep util.h in sync with the other drivers.
Reported-by: Jan Bakuwel <jan.bakuwel@gmail.com> Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Paul Durrant [Tue, 17 Sep 2019 14:10:36 +0000 (15:10 +0100)]
Update XENBUS interfaces and use new XENBUS_SHARED_INFO GetTime...
...to determine how to interpret Xen wall-clock.
The Xen wall-clock value may be interpreted as local time or UTC, depending
on how Windows programs the emulated RTC. The updated method provides this
extra information, so used this rather than reading the registry directly.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 16 Sep 2019 13:23:08 +0000 (14:23 +0100)]
Get rid of bogus time adjustment
Xen maintains synchronization between the wallclock (as reported in the
shared info) and the emulated RTC. Thus all the guest agent needs to know,
to correctly interpret the wallclock, is whether Windows is setting the
RTC in local time or UTC. No adjustment of the wallclock is required.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Fri, 14 Jun 2019 14:32:57 +0000 (15:32 +0100)]
Add PowerShell build scripts, version.vcxproj
Based on the sequence of commits to xenbus, add powershell scripts to
build the solution using the EWDK
version.vcxproj generates versioned files (version.h, xeniface.inf and
wmi.mof) using scripts/genfiles.ps1
Strips duplicated functionality from build.py toproduce consistant
builds between python and powershell.
Owen Smith [Tue, 16 Apr 2019 16:43:39 +0000 (17:43 +0100)]
Check WinTime and XenTime for drift
Windows 10/Server 2016 changed how Windows maintains the accuracy of its
clock
This can allow reported time to drift away from host time, and Windows time
will need to be updated regularly in order to minimise the drift.
* Add a wrapper for SetXenTime to manage the critical section
* Remove SetXenTime from CheckSuspend and call it from the calling function
* Add a timeout to the WaitForMultipleObjectsEx, which calls SetXenTime
* Prevent SetXenTime from updating the time if its not changed (and avoid
outputting the log lines)
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Moved the call to get current time earlier in SetXenTime() and also made
it call GetSystemTime() if the RTC is in UTC. Also added missing
__fallthrough annotation for case WAIT_TIMEOUT in ServiceMainLoop().
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 1 Apr 2019 10:25:09 +0000 (11:25 +0100)]
Set local time to UTC if Windows has "RealTimeIsUniversal"
Commit 3b8723b1 "Set VM's time based on host's time exposed by Xen"
modified the guest agent to adjust Xen time to UTC before setting the
system time (i.e. the emulated RTC) if a vendor specific registry value
was set.
Windows' idea of whether the RTC is programmed in UTC is actually
controlled by:
Owen Smith [Tue, 23 Oct 2018 13:19:20 +0000 (14:19 +0100)]
Handle QueryRemoveFailed
Its possible for the QueryRemove to fail, in which case, the xenagent
should re-open the device and inform the client code.
This allows a the XenIface device to re-write the control/feature-*
flags if XenIface failed the QueryRemove
Owen Smith [Mon, 15 Oct 2018 09:20:29 +0000 (10:20 +0100)]
Disable warning 5032
WDK 17763 throws a warning 5032 (mismatched #pragma warning(push)) in
include/um/winioctl.h.
Disable this warning until the WDK header has resolved this issue.
Owen Smith [Fri, 24 Aug 2018 16:46:43 +0000 (17:46 +0100)]
Conditionally package DPInst
Since DPInst.exe is not shipped with the Windows Driver Kit 10, an
environment variable must point to local copies. Make the inclusion of
DPInst conditional on DPINST_REDIST being defined and that path
existing. This simplifies building packages which do not require DPInst
for installation, and removes a required step to create a working build.
Owen Smith [Thu, 19 Jul 2018 11:55:31 +0000 (12:55 +0100)]
Call OnDeviceRemoved callback(s) during DeviceList.Stop()
OnDeviceAdded is called for every pre-attached device during
DeviceList.Start(), the corresponding call to OnDeviceRemoved should be
called for each attached device during the DeviceList.Stop() call.
By calling the OnDeviceRemoved callback during the service stop, the
xenagent service can remove the "feature-[poweroff|reboot|s3|s4]" flags.
e:\xeniface\src\xenagent\service.cpp(684): warning C26439: This kind offunction may not throw.
Declare it 'noexcept' (f.6). [E:\xeniface\vs2017\xenagent\xenagent.vcxproj]
e:\xeniface\src\xenagent\xenifacedevice.cpp(57): warning C26451: Arithmetic overflow: Using operator
'+' on a 4 byte value and then casting the result to a 8 byte value. Cast the value to the wider type before
calling operator '+' to avoid overflow (io.2). [E:\xeniface\vs2017\xenagent\xenagent.vcxproj]
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
CL emits a warning about every place that will get spectre mitigation
when compiled with /Qspectre. Even if this option is already used. This
breaks the build, as warnings are treated as errors in xeniface.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Also disable warning for co-installer build.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 10 Apr 2018 15:10:02 +0000 (16:10 +0100)]
Revert "Ack "control/shutdown" as soon as possible."
This reverts commit c370c7d2. This patch has the effect of 'acking' any
write to control/shutdown rather than just the ones that the agent acts
upon. Consequentially it therefore 'acks' its own writes and ends up in
an infinite loop.
Paul Durrant [Thu, 25 Jan 2018 13:54:10 +0000 (13:54 +0000)]
Update util.h
XENIFACE does not use much of the functionality in util.h, including the
__AllocatePages() function modified by this change, however
it is good to keep the header in-sync with the other drivers.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Fri, 3 Nov 2017 17:39:21 +0000 (17:39 +0000)]
Add log message if Windows Update requires a reboot
When Windows requires a reboot to install updates, the reboot and shutdown
operations can take a long time. The agent will have acknowledged the
request, but the operation may not complete in a suitable timeout period.
Add a log entry to help indicate an additional unknown amount of time
will be required for shutdown/reboot.
Paul Durrant [Wed, 29 Mar 2017 12:47:49 +0000 (13:47 +0100)]
Add a new CConvCreator object to handle laptop/slate mode switch
This patch adds a new object derived from IDeviceCreator to interact
with the laptop/slate mode switch interface provided by a Windows
driver that binds to the ACPI CONV device.
It also adds code to support the documented PV interface for triggering
laptop/slate mode switch [1].
Paul Durrant [Wed, 29 Mar 2017 12:48:31 +0000 (13:48 +0100)]
Split xeniface specific parts out of CXenAgent into CXenIfaceCreator
In preparation for supporting more than one device interface, the
one-to-one correspondence between the IDeviceCreator interface and the
CXenAgent object needs to be broken.
This patch separates all code that interacts with the CXenIfaceDevice
object (as well as the CDevice and CDeviceList instances for the xeniface
interface) into a new CXenIfaceCreator object.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 14 Dec 2016 16:19:07 +0000 (16:19 +0000)]
Fixes for VS2015/WDK10 build
The package build was not working correctly and caused the overall build
to fail.
At least part of the reason for this is that Microsoft, in their infinite
wisdom, have removed the DIFx redist from WDK10. This patch makes use of
a new environment variable 'DPINST_REDIST' to find the copy of dpinst.exe
to package such that this can be pointed at an older WDK or alternative
location where dpinst.exe can be found.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 13 Dec 2016 16:39:10 +0000 (16:39 +0000)]
Add support for building under VS2015/WDK10
Moving to the new toolchain also threw up a few new warnings, which this
patch either fixes or squashes. Also, SDV appears to be fragile in new
ways (and whinge about some new things) so there are fixes for that too.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Tue, 22 Nov 2016 14:52:03 +0000 (14:52 +0000)]
Remove XenIfaceDebugPrint
Replace "XenIfaceDebugPrint(TRACE," with "Trace("
Replace "XenIfaceDebugPrint(INFO," with "Info("
Replace "XenIfaceDebugPrint(WARNING," with "Warning("
Replace "XenIfaceDebugPrint(ERROR," with "Error("
Paul Durrant [Wed, 9 Nov 2016 12:29:56 +0000 (12:29 +0000)]
Stop using FAST_MUTEX
There are several build warnings because of functions that must be called
at PASSIVE_LEVEL being called at APC_LEVEL. This is because acquiring a
FAST_MUTEX raises IRQL to APC_LEVEL which is an annoying semantic that
basically renders them useless.
This patch replaces occurences of FAST_MUTEX with XENIFACE_MUTEX acquisition
of which does not modify IRQL.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Ben Chalmers [Wed, 9 Nov 2016 11:58:18 +0000 (11:58 +0000)]
Ensure session stays locked...
...until the reference to WatchThread is stored in it.
This prevents us trying to dispose of an uniintialised WatchThread
if a session is removed (by the driver being removed) while the
session is still being created
Signed-off-by: Ben Chalmers <ben.chalmers@citrix.com>
Paul Durrant [Wed, 9 Nov 2016 11:37:13 +0000 (11:37 +0000)]
Try to make sure the agent always always handles shutdown events
It seems that on Server 2008 the agent does not reliably wake up on
shutdown watch events. This does not seem to occur on any other OS so
it is likely that this is a bug in Server 2008.
To work around the problem this patch nodifies the agent wake up once a
minute and check for a shutdown event (or a suspend event, for
completeness) and act accordingly.
Also this patch squashes the uninteresting error messages that occur
when an attempt is made to read a non-existent xenstore key.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 8 Nov 2016 18:08:11 +0000 (18:08 +0000)]
Indirect user space watch events through a thread
It is useful, for diagnostic purposes, to log the path of a user-space
registered watch when we are about to signal it. To do this create a
thread to handle each user-space watch.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 1 Aug 2016 15:23:11 +0000 (16:23 +0100)]
xenagent: use new Start/StopShutdownWatch() functions in resume from suspend
The patch removes some code duplication by using the StopShutdownwatch()
and StartShutdownWatch() functions on resume from suspend rather than
duplicating their content.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 1 Aug 2016 14:24:53 +0000 (15:24 +0100)]
xenagent: re-register shutdown watch after resume from S4
When xenagent resumes in a VM that was put into S4 it needs to re-
register the watch on control/shutdown and re-advertise all
control/feature-XXX flags.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 1 Aug 2016 08:29:59 +0000 (09:29 +0100)]
xenagent: get event logging working properly
The xenagent build does not create the necessary DLL for event logging. This
patch re-works the build vcxproj files to create the DLL and adds the
necessary code in package INF file to install it and configure it.
As part of the work the service display name has been changed to match the
module name.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Cc: Owen Smith <owen.smith@citrix.com>
Paul Durrant [Fri, 29 Jul 2016 14:22:37 +0000 (15:22 +0100)]
xenagent: use spec. compliant control/feature-XXX keys
control/feature-shutdown is not documented in Xen's xenstore-paths
documentation. The correct keys are feature-poweroff, feature-reboot,
feature-s3 and feature-s4. Also the values that the toolstack should
write control/shutdown are poweroff, reboot, s3 and s4 so the xenagent
should only respond to these values.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Cc: Owen Smith <owen.smith@citrix.com>
Owen Smith [Wed, 20 Jul 2016 10:56:25 +0000 (11:56 +0100)]
Clean up watches, suspend handlers and events on D0->D3
* Call XenIfaceCleanup on D0->D3 transition
* Change XenIfaceCleanup to accept a NULL file object, which will
clean up everything, regardless of file object
projects / pvdrivers / win / xeniface.git / log