Owen Smith [Wed, 4 Mar 2020 13:27:23 +0000 (13:27 +0000)]
Reorder StorePollLocked and StoreDisable
StoreDisable will close and NULL the event channel, then StorePollLocked
will attempt to call EVTCHN(GetCount...) with the NULLed pointer. This
will lead to a D1 BSOD.
Paul Durrant [Fri, 15 Nov 2019 14:02:28 +0000 (14:02 +0000)]
Avoid a small race window that can lead to stuck EvtchnWait() calls
Make sure an event is ack-ed before Channel->Count is incremented
otherwise EvtchnGetCount() could sample the incremented value whilst new
events would be missed. Thus EvtchnWait() could end up waiting for a
Count value that my never be reached.
Paul Durrant [Wed, 2 Oct 2019 11:14:45 +0000 (12:14 +0100)]
Update XENFILT_EMULATED IsDiskPresent() method...
...to match how XENVBD actually uses it.
XENVBD erroneously passes the disk number of the PV disk as the target
number, which is incorrect for disk numbers more than 1. E.g. disk 3 should
equate to controller 1, target 1.
This patch adapts the method to that use by dropping the extraneous
Controller and Lun parameters and properly interpreting the Target
parameter.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 2 Oct 2019 07:59:17 +0000 (08:59 +0100)]
Determine emulated device type from HardwareIDs or CompatibleIDs
These names are a little less arbitrary than the DeviceID and this change
also allows matching on class code for PCI devices, rather than a specific
vendor/device combo.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 27 Sep 2019 09:19:00 +0000 (10:19 +0100)]
Ackowledge that tracked emulated objects are strictly...
...PCI devices or IDE disks.
Do this by renaming the type values both internally and in the registry.
The parsing code in emulated.c doesn't need to change but the type is now
passed into EmulatedSetObjectDeviceData() and EmulatedSetObjectDiskData()
so that they may cope with non-PCI devices or non-IDE disks in future.
Also, re-name XENFILT_EMULATED_OBJECT_TYPE_INVALID to
XENFILT_EMULATED_OBJECT_TYPE_UNKNOWN to more accurately reflect its
meaning.
NOTE: This patch also re-works DriverGetEmulatedType() slightly to do
the registry look-up of the DeviceID itself. This allows the fail
labels to be removed from DriverAddDevice().
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 24 Sep 2019 12:40:58 +0000 (13:40 +0100)]
Don't BUG() just because we can't get a super-page
When XENBUS is unloaded, it is necessary to re-populate the memory hole
that was created to host the shared info page, grant table shared frames,
etc. The hole is created by doing an order 9 XENMEM_decrease_reservation,
but this does not necessarily mean that Xen can re-populate it with an
order 9 allocation (i.e. a 2M super-page). Currently, such a failure will
cause an immediate BUG(), whereas what the code should do is to re-try
using order 0 (i.e. normal 4k page) allocations, and only BUG() if that
doesn't work.
This patch fixes the issue.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
determines whether Windows programs the RTC in local time or UTC. If the
value is zero or missing (which is the default) then the RTC will be
programmed in local time, otherwise it will be programmed in UTC.
Since the emulated RTC and the Xen wall-clock are kept in sync, it is
necessary to know which mode Windows is operating in to correctly interpret
the wall-clock value. This patch checks the registry value on boot (it is
necessary to reboot after modifying it for it to take effect) and reports
the RTC operating mode along-side the Xen wall-clock in a updated
GetTime method in version 3 of the XENBUS_SHARED_INFO interface.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 16 Sep 2019 12:27:53 +0000 (13:27 +0100)]
Tolerate running in a non-Xen VM
If a disk image with XENBUS installed is booted in a non-Xen environment
then this will currently lead to a BSOD. This patch makes things fail
more gracefully by:
a) Making sure an attempt at a hypercall doesn't indirect into an
uninitialized hypercall page.
b) Making XenTouch() in XEN handle a STATUS_NOT_IMPLEMENTED failure from
XenVersion(), and have XENBUS and XENFILT use this failure mode to
quiesce themselved.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 5 Sep 2019 15:21:55 +0000 (16:21 +0100)]
Stop using contiguous memory for slabs
Slab memory does not need to be (physically) contiguous and it is much
faster to use non-paged pool memory, so just used __CacheAllocate/Free()
for slab memory as well as internal house-keeping structures.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 4 Sep 2019 16:36:25 +0000 (17:36 +0100)]
Improve the performance of the slab allocator
This patch makes a couple of changes which testing shows to improve
performance.
Firstly the slabs are now sorted such that the most occupied slab is on
the head of the list. This should lead to a smaller number of slabs, each
with a higher occupancy, which reduces the overall amount of memory
consumed and the number of 'Ctor' invocations (NB: a Ctor may also
allocate other memory).
Secondly, rather than destroying a slab as soon as its occupancy falls to
zero, defer freeing to the re-introduced monitor thread. This takes freeing
(and associated invocations of Dtor) off the performance critical paths
and also allows an empty slab to be re-used, avoiding calls to
CacheCreateSlab() (and hence more Ctor invocations).
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Wed, 21 Aug 2019 09:55:22 +0000 (10:55 +0100)]
Handle ActiveLocationInformation value not found
v8.2 drivers do not set ActiveLocationInformation, so when upgrading
xenbus to v9.0, xenfilt fails during PdoSetDeviceInformation.
Allow xenfilt to handle missing ActiveLocationInformation, and make
xenbus add ActiveLocationInformation and ActiveInstanceID, if missing,
for the active device.
Paul Durrant [Tue, 20 Aug 2019 13:13:41 +0000 (14:13 +0100)]
Have another go at __CacheMaskScan()
Trying to BUG() at the end of the function if an available index is not
found is proving to be too challenging for the compilier. It seems that,
in general, a free build may object if there's (an effectively dead) return
statement after the BUG() and a checked build will fail if the return
statement is *not* there. Rock. Hard place.
This patch instead gets rid of the BUG(), makes __CacheMaskScan() return
and out-of-range index if there is no available index and then adds a
suitable BUG_ON() into CacheGetObjectFromSlab(), the only caller.
The patch also fixes a hole in the logic where an out-of-range index
could have been returned if it was less than the maximum occupancy
rounded up to the next 32-bit boundary.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Fri, 14 Jun 2019 16:36:01 +0000 (17:36 +0100)]
Use NonPagedPool for Active device properties
ActiveDeviceId and ActiveInstanceId can be used at DISPATCH_LEVEL, and
therefore cannot use PagedPool. When these values are returned via IRPs,
the value is copied into a PagedPool buffer for the IRP to use.
Paul Durrant [Fri, 31 May 2019 11:46:57 +0000 (12:46 +0100)]
Remove unreachable return statement
It appears than the newer compilers are happy that a return statement after
a BUG() is actually unreachable, and some compilers will actually warn to
that effect, so just blow it away.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 30 May 2019 10:41:10 +0000 (11:41 +0100)]
Unconfuse XENBUS_CACHE_SLAB Allocated field
The purpose of the the field has become confused. It is actually an
allocation mask, but CacheInsertSlab() treats it as if it is an allocation
count.
This patch renames the allocation mask to 'Mask', the 'Count' field to
'MaximumOccupancy' (to better describe its purpose) and introduces a new
'CurrentOccupancy' counter.
This patch also makes sure the allocation mask can cover 'MaximumOccupancy'
and, since both CacheGetObjectFromSlab() and CachePutObjectToSlab() must
now be called under lock, it swaps the atomic bit-mask operations for
non-atomic mask manipulation.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 30 May 2019 10:19:24 +0000 (11:19 +0100)]
Avoid double-free hazard in XENBUS_CACHE
Currently CachePut() calls CachePutObjectToSlab() without holding the cache
lock. This allows two concurrent calls to subsequently serialize on the lock
and both find Slab->Allocated == 0 (the second one actually testing freed
memory), leading to a double-free.
Moving the lock acquisition to before the call to CachePutObjectToSlab()
fixes this problem.
For consistency, this patch also makes it a requirement that
CachePutObjectToSlab() is called with the lock held, and adjusts
__CacheFlushMagazines() accordingly.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Wed, 29 May 2019 15:20:24 +0000 (16:20 +0100)]
Add BUILD_NUMBER to version string in XenStore
Append BUILD_NUMBER to the version stored in ~/drivers/<index>
This will help determine the exact version of drivers when
troubleshooting issues with limited access to the VMs
Paul Durrant [Mon, 20 May 2019 15:31:54 +0000 (16:31 +0100)]
Store (IRP_MN_QUERY_DEVICE_TEXT) DeviceTextLocationInformation...
...for active XENBUS instance.
When we 'trick' Windows into thinking that the active XENBUS device hasn't
moved (should it actually move in the PCI bus topology) we ought to make
sure that the location information remains constant as well is the
InstanceID. Thus it needs to be sampled and stored in the registry at
installation time. Subsequent patches will add the necessary code into
XENFILT to pull off the trick.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 20 May 2019 14:43:34 +0000 (15:43 +0100)]
Avoid removing filters on upgrade installations
When upgrading XENBUS in a situation where XENVBD has made it uninstallable
(without reboot), DriverRemoveFunctionDeviceObject() in the old instance of
XENBUS will cause XENFILT to be removed as PCI and IDE upper filter. Then,
when the new instance of XENBUS starts, it will find an incompatible
version of XEN prior to adding the registery filter entries back in. Thus,
after the requested reboot XENFILT will non-functional and another reboot
will be required to re-instate it.
This patch removes the call to FiltersUninstall() from
DriverRemoveFunctionDeviceObject() and, instead, calls it from
DriverEntry() AFTER the compatibility check. This means that XENFILT will
remain installed across an upgrade and will only be removed if XENBUS
started but has no bound devices (i.e. it has actually been un-installed).
NOTE: This also fixes an unitialized pointer in FiltersUninstallClass().
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 29 Apr 2019 12:05:06 +0000 (13:05 +0100)]
Call Set-ExecutionPolicy in msbuild.exe
It appears that the default powershell execution policy prevents the sdv
target from running staticdv so we need to set the policy to 'Bypass'
before running msbuild.exe.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 29 Apr 2019 08:40:09 +0000 (09:40 +0100)]
Use Invoke-Expression rather than & to run msbuild.exe
Older versions of powershell seem to have extreme difficulty with quoting
within strings passed to the & operator. Thankfully it seems the issues
can be avoided by building up a single command string then then passing
it to Invoke-Expression instead.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 24 Apr 2019 13:18:28 +0000 (14:18 +0100)]
Handle archiving directly in package.vcxproj
The patch creates a custom 'Archive' target in package.vcxproj that runs
after 'TestSign'. This target handles archiving of the package so there
is no longer any need for the equivalent functionality in build.py and
build.ps1.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 24 Apr 2019 09:04:31 +0000 (10:04 +0100)]
Invoke genfiles.ps1 from msbuild
The patch adds a new 'version.vcxproj' which other projects depend on.
This project's sole job is to invoke genfiles.ps1 to set up version.h and
xenbus.inf. Correspondingly the direct invocation of genfiles.ps1 is
removed from build.ps1 and equivalent functionality is removed from
build.py.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 17 Apr 2019 16:51:15 +0000 (17:51 +0100)]
Re-work PowerShell build scripts
* build.ps1 has been renamed to msbuild.ps1 and made into a more basic
wrapper for invoking msbuild
* A new build.ps1 has been created to mirror the functionality of build.py
* package.ps1 has been folded into msbuild.ps1
All scripts have also had some level of cosmetic tidying and have been tested
in both the rs2 and rs5 EWDKs (with VS2015 and VS2017 respectively).
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 17 Apr 2019 15:06:49 +0000 (16:06 +0100)]
Stop using stampinf
There seems to be no way to prevent stampinf from using the current date,
which is going to make reproducible builds impossible. This patch moves
the date and version stamping into the build script (albeit using the
current date for the moment).
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Thu, 11 Apr 2019 13:57:22 +0000 (14:57 +0100)]
Add PowerShell build scripts
* genfiles.ps1
Generate include/version.h and vs2017/xenbus.inf
This is intended to become a PreBuild step in the vcxproj
* build.ps1
Wraps running MSBuild for x86/x64
This is intended to become the entry point to build
* package.ps1
Coalesce the output from x86 and x64 package.vcxproj and generate the
resultant output zip file
This can be run directly from the build.ps1 script if required
* symstore.ps1
Store symbols from build output on symbol server
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Fixed date formatting problems in genfiles.ps1 and renamed version._h_ to
version.tmpl.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Wed, 27 Mar 2019 16:35:34 +0000 (16:35 +0000)]
Fix parameter ordering
When the Order parameter was added to the MemoryPopulatePhysmap and
MemoryDecreaseReservation calls, the callers were transposing the Order
and Requested parameters.
Paul Durrant [Mon, 25 Mar 2019 16:36:22 +0000 (16:36 +0000)]
Avoid clearing unplug keys when binding to the non-active instance
If there is a secondary Xen PV PCI Device present in the VM then XENBUS
will bind to it as well as to the Xen Platform PCI Device, and the PV
device will be declare the 'active' instance.
During a driver upgrade, if it is found that the new version of the
XENBUS driver is not compatible with any child driver, the co-installer
will clear the registry keys controlling emulated device unplug to make
sure that storage and network connectivity are maintained after reboot
(until the child drivers are updated). This clearing of keys can, however,
occur multiple times if XENBUS is multiply bound whereas it only really
need occur when the instance bound to the active device is upgraded.
This patch adds a check into the co-installer to avoid clearing the
unplug keys when upgrading any non-active instance.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 25 Mar 2019 11:45:16 +0000 (11:45 +0000)]
BalloonReleasePfnArray() is broken in several ways
When BalloonReleasePfnArray() attempts a decrease_reservation operation
then it is possible that not all the requested pages will be released.
In this eventuality, the function is supposed to pull the excess PFNs
that were added to the rangeset back out again and then allow the caller,
BalloonInflate(), to free the PFNs back to Windows.
The first bit of brokenness is that the arguments to RangeSetGet() are
permuted, such that it tries to get a range starting at PFN 1 rather than
a single PFN.
The next bit of brokenness is that the loop zeroes out the PFN value from
the array (presumably to satisfy the subsequent bogus ASSERTion) thus
causing the call to BalloonFreePfnArray() made by BalloonInflate() to
attempt to free PFN 0 potentially multiple times.
This patch fixes the code to do what it was intended to do.
Reported-by: Owen Smith <owen.smith@citrix.com> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 18 Jan 2019 09:53:18 +0000 (09:53 +0000)]
Reduce time spent in the DbgPrint callback
Currently the log dispositions are serviced directly, meaning that all the
trapping for emulation is done synchronously, which is costly for
performance. This patch introduces a DPC to service the dispostions,
limiting the work done in the call back to simply copying the message
buffer and queuing the DPC.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Thu, 20 Dec 2018 17:23:14 +0000 (17:23 +0000)]
Ignore unused devices when checking for compatability
When upgrading, the coinstaller checks specific ENUM keys for devices.
If there are dangling references to software keys, the coinstaller will
fail. Dangling references are often caused by registry cleaners or user
attempts to ensure old drivers are purged, but cannot be completely
successful, as the ENUM keys are protected.
Change this behaviour to ignore dangling references in the registry.
Paul Durrant [Tue, 9 Oct 2018 12:37:44 +0000 (13:37 +0100)]
Add a Cap parameter to the XENBUS_CACHE Create method
There is currently no parameter to prevent a single cache from growing to
consume all available kernel memory. This patch adds such a parameter and
also adjusts the XENBUS_GNTTAB CreateCache method to take a similar
parameter.
These will allow client drivers to place limits on their caches to avoid,
for example, XENVBD starving XENVIF of grant table space.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 14 Sep 2018 13:49:51 +0000 (14:49 +0100)]
Fix logging in free builds
Since commit 868cd40f "Work around bug in VS2017 SDV" logging in free builds
has been broken. This is because, unlike for checked builds, the logging
code only emitted messages beginning with 'XEN' (upper case). The effect
of commit 868cd40f was to change the log message prefix to 'xen' (lower
case) and so they were no longer emitted.
This patch simply changes the logging code to check for the new lower case
prefix.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Fri, 24 Aug 2018 16:46:43 +0000 (17:46 +0100)]
Conditionally package DPInst
Since DPInst.exe is not shipped with the Windows Driver Kit 10, an
environment variable must point to local copies. Make the inclusion of
DPInst conditional on DPINST_REDIST being defined and that path
existing. This simplifies building packages which do not require DPInst
for installation, and removes a required step to create a working build.
Windows 10 will cleanup the Enum keys and attempt to reinstall child devices
when the parent device's Hardware Id is changed and/or the DeviceId list or
Compatible Id list is changed.
Revert to the previous behaviour that can trigger multiple reboots, if the
unplug keys are removed after the child device has rebound to the parent's
PDO.
Paul Durrant [Thu, 19 Jul 2018 08:18:43 +0000 (09:18 +0100)]
Work around bug in VS2017 SDV
It appears that the new SDV cannot handle the quoted __MODULE__ definitions
on compailer command lines and will thus crash out with some obscure error.
Increasing the logging level shows output of the form:
PROJECT is then defined on the compiler command line as the simple,
unquoted, value of $(ProjectName) which is a Visual Studio intrinsic.
This seems to keep SDV happy while still providing a reasonable definition
of __MODULE__ for use in debug output.
NOTE: This patch also turns on SDV debugging by default to aid future
diagnosis of issues.
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Tue, 26 Jun 2018 11:17:32 +0000 (12:17 +0100)]
Relax check for new bindings
Only if the major version part of the revision changes is it unsafe to
update the drivers without removing the unplug keys (thereby forcing a
fallback to emulated devices on the next reboot). Minor version changes
should be backwards compatible (within a reasonable time-frame).
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Edited commit comment.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 10 Apr 2018 16:24:58 +0000 (17:24 +0100)]
Fix event channel ABI fall-back
If the version of Xen that the guest is running on does not support the
FIFO event channel ABI then the code is supposed to fall back to using the
old '2-level' ABI through the shared info page. However, this fall-back
does not work correctly because the error path in EvtchnFifoAcquire()
causes the error status to be overwritten with STATUS_SUCCESS.
This patch makes sure the error status is preserved.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 31 Jan 2018 13:37:10 +0000 (13:37 +0000)]
Stop using BAR space to host Xen data structures
Currently XENBUS makes use of the memory BAR of the PCI device to which it
binds as a source of unpopulated GFNs to host Xen data structures, such as
the shared info and grant table.
There is a problem with doing this, which is that Windows (unsurprisingly)
sets up a non-cached MTRR for the page range covering PCI BARs so accesses
to BAR space (and hence the Xen data structures) should be non-cached.
However, Xen itself contains a work-around to avoid the slow access times
that would ordinarily result from the this; it ignores the MTRRs if no
real devices are passed through to the guest so accesses are actually
cached. Thus, in the normal case, there is no penalty to pay... but as soon
as hardware is passed through to a guest, the work-around no longer applies
and there is a noticeable drop in PV driver performance. (E.g. network
throughput can drop by ~30-40%).
This patch modifies XENBUS to allocate a 2MB area of RAM (which will always
fall into a cached MTRR), use a decrease_reservation hypercall to
de-populate the area, and then use that as a source of GFNs instead of the
BAR. Hence, the work-around in Xen no longer has any baring on accessing of
Xen data structures and thus there is no longer any performance penalty
when hardware is passed through to a guest.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 31 Jan 2018 11:52:37 +0000 (11:52 +0000)]
Add a XEN_API to get the maximum physical RAM address
The initialization code in XEN.DLL already scans the physical memory
ranges so it's trivial to store the maximum physical address seen and then
provide a function to return that value.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 25 Jan 2018 12:40:34 +0000 (12:40 +0000)]
Make sure Mdl->StartVa is set by __AllocatePages()
wdm.h carries this comment:
// Notice that while in the context of the subject thread, the base virtual
// address of a buffer mapped by an MDL may be referenced using the
// following:
//
// Mdl->StartVa | Mdl->ByteOffset
//
Hence it is important that a mapped MDL has a valid StartVa field as well
as a valid MappedSystemVa field. Unfortunately, for reasons best known to
Microsoft, MmMapLockedPagesSpecifyCache() does not ensure this is the
case, so it needs to be fixed up by __AllocatePages() itself.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 20 Dec 2017 11:57:38 +0000 (11:57 +0000)]
Add support for vkbd PV backends
Recent patches to QEMU allow the XENVKBD and XENHID drivers to function
correctly. This patch therefore enables enumeration of the VKBD PDOs that
allow those drivers to bind.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 30 Nov 2017 10:25:01 +0000 (10:25 +0000)]
Use new query method in XENBUS_GNTTAB method to get STORE and CONSOLE PFNs
Since XENBUS_GNTTAB now has a query method, the PFNs of the STORE and
CONSOLE shared pages can be found without the need to make hypercalls (to
get them via HVMOP_get_param).
This patch makes use of the new mechanism but this also requires a
re-ordering of some of the interface initialization code in FdoCreate().
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 30 Nov 2017 10:11:42 +0000 (10:11 +0000)]
Don't assume EventPageMdl has been allocated...
...when calling EvtchnFifoContract()
The allocation is deferred until at least one event channel is allocated,
but EvtchnFifoContract() is called from EvtchnFifoRelease()n which can be
called before that happens.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 30 Nov 2017 10:10:13 +0000 (10:10 +0000)]
Remove FIST code from XENBUS_CACHE implementation
They are not used by anything and having XENBUS_CACHE depend on
XENBUS_STORE makes things awkward if we ever want to make use of caches
in XENBUS_STORE itself or any other the other interfaces it depends upon.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 20 Oct 2017 15:00:11 +0000 (16:00 +0100)]
Partially revert "Simplify EVTCHN Unmask"
This partially reverts commit 3ad02ccc6c68, which removed the possibility
that unmasking an event channel could fail. This semantic was actually
useful in some cases though, specifically to avoid dropping out of a DPC
only to have it immediately re-queued.
This patch, therefore, re-instates the older semantic but makes it optional
so that callers that cannot easily tolerate such a failure can force the
unmask to succeed.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 13 Oct 2017 15:17:32 +0000 (16:17 +0100)]
Veto zero length range pop, get and put
It clearly makes no sense to allocate a zero length range, but
both RangeSetPop() and RangeSetGet() currently allow it. RangeSetPut()
also allows such a range to be freed but trips over an assertion in
a checked build and will hopelessly confuse the code in a free build
probably leading to a subsequent crash.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 22 Aug 2017 11:04:36 +0000 (12:04 +0100)]
Get rid of old XenServer-ism
Old versions of XenServer used to require that Windows tell the hypervisor
whether it was 64-bit or 32-bit so that the shared info page could be layed
out correctly.
This requirement was dropped in later versions of XenServer but some
versions had a bug where the domain wallclock time was not updated
correctly unless the old mechanism was used.
All such versions of XenServer have long been out of support and such hacks
really have no place in the Xen Project code-base anyway.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Eric Mackay [Mon, 21 Aug 2017 14:58:15 +0000 (15:58 +0100)]
Wallclock Time Calculation Checks Update Versions For Consistency
Checking the shared_info update versions is necessary to get a
consistent set of values. The version is incremented once when the
update starts, and then incremented again after the update has
completed. To verify that a set of values obtained from shared_info
is consistent, the version must not only look at equality of
versions, but the version must also be even. Data can only be safely
be captured within the version check loop.
There is no need to use a hypercall to get the system time, since
this is alredy captured in the shared_info struct. A cached version
of the time since boot is stored in structures for each vcpu, but
this has to be combined with the timestamp counter and some scaling
factors to get the actual current time since boot.
Clock synchronization can also occur, and the dom0 will ensure that
the values in the shared_info and vcpu_time_info structs are kept
current to reflect this.
Signed-off-by: Eric Mackay <mackayem@amazon.com>
Don't introduce new macro for the sake of testing LSB.
Use compiler intrinsic for reading TSC.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 3 Aug 2017 09:43:50 +0000 (10:43 +0100)]
Revert "Make sure registry updates and deletes are flushed"
It transpires that, on certain versions of Windows, calling ZwFlushKey()
early in boot not only fails (which is not surprising) but also logs
an error event.
This patch reverts commit 690f5474a9c6257fb15bc07b96c56cb64f193f65 to
avoid such noise in the event logs. There is clearly no option but
to trust Windows lazy flush to DTRT.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 2 Aug 2017 14:06:42 +0000 (15:06 +0100)]
Fix ASSERTion failure
Commit 6aef63e0 "Add optional log level settings" introduced an ASSERTion
failure during unload of XENBUS, because the ConsoleLogLevel field of the
driver structure was not being zeroed.
This patch fixes the problem.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Tue, 25 Jul 2017 09:50:36 +0000 (10:50 +0100)]
Add optional log level settings
Adds XenLogLevel and QemuLogLevel to xen.sys and ConsoleLogLevel
to xenbus.sys, which can be used to override the default log levels.
Each value is a REG_MULTI_SZ that contains an enumerated list of
log levels; TRACE, INFO, WARNING, ERROR, CRITICAL are defined.
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Minor style tweaks.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 26 May 2017 19:57:51 +0000 (15:57 -0400)]
Update XENBUS_EVTCHN Wait method to avoid races
Use of the XENBUS_EVTCHN method is prone to races in that a client
usually wants to check that something that should be triggered by an
event and, if it has not occurred, wait for the next event.
The problem is that the client may makes its check, the event then occurs,
and then the client waits. Thus the event is missed and the client only
wakes up when the timeout expires.
This patch changes the Wait method to take an explicit event count to wait
for, and adds a method to sample the current event count. A client can
then avoid a race as described above by sampling the event count first,
making its check and then waiting for the event count to increment by one.
If the event occurred between the check and the wait, the wait will now
return immediately.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 26 May 2017 19:04:10 +0000 (15:04 -0400)]
Remove interface versions no longer exposed through PDO revisions
XENBUS_EVTCHN_INTERFACE versions prior to 4 and
XENBUS_SHARED_INFO_INTERFACE version 1 are no longer available for
external query and nothing internal to the XENBUS package uses them, so
the code can be removed.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 8 May 2017 15:58:43 +0000 (16:58 +0100)]
Reboot request keys should be volatile
When a driver makes a reboot request it should use a volatile registry key.
The monitor service will explicitly remove the key prior to reboot but,
if the reboot is initiated in some other way and the key is non-volatile,
the monitor service will then needlessly prompt for a second reboot.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 26 Apr 2017 10:49:41 +0000 (11:49 +0100)]
Add a synthetic PDO for a new XENCONS driver
I am working on a new XENCONS driver which will surface the PV console to
user-space as a character device. It needs a node to bind to and this
patch provides one.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 8 Mar 2017 13:13:18 +0000 (13:13 +0000)]
Make the XENBUS_CONSOLE Write method properly synchronous
Have the method directly write into the console ring (and potentially
block). This removes a lot of complexity from the code and makes the
method safe to be called at IRQL > DISPATCH_LEVEL.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 8 Mar 2017 13:10:10 +0000 (13:10 +0000)]
Update XENBUS_EVTCHN interface with new Send method
The new version of the method has the same arguments and return of the
previous version but does not modify IRQL. It must therefore be called
with IRQL >= DISPATCH_LEVEL. Most callers already do this (usually
because they have a spin lock held) so the overhead of calling
KeRaiseIrql() and KeLowerIrql() can be saved. Also, it makes the method
safe to be called at > DISPATCH_LEVEL.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 1 Mar 2017 14:00:37 +0000 (14:00 +0000)]
Sanity check number of parameters in an exception record
When the BugCheck intercept dumps an exception record, make sure that
the number of parameters dumped is no more than the maximum possible
in the record.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com>
--- Cc: Igor Druzhinin <igor.druzhinin@citrix.com>
Paul Durrant [Thu, 2 Feb 2017 16:04:02 +0000 (16:04 +0000)]
Add basic support for PV console
Xen toolstacks have, for some time, created a PV console even for HVM
guests but, so far, Windows has had no frontend for this.
This patch adds the basic plumbing for the PV console, under a new
interface called XENBUS_CONSOLE. This interface is currently private to
XENBUS (so not accessible by child drivers) and will initially only support
writing.
The patch adds a new log disposition that will write INFO, WARNING and
ERROR level messages, so these can now be seen by attaching to the console
backend in the toolstack domain.
Future patches will add read support and a new character device to make
the console available to user-space.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
projects / pvdrivers / win / xenbus.git / log