hyperv/ic: Redefine IC version negotiate message.

And stringent input IC version negotiate message checks.

MFC after:	1 week
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D7614

sys/dev/hyperv/utilities/hv_heartbeat.c

@@ -80,7 +80,11 @@ hv_heartbeat_cb(struct vmbus_channel *channel, void *context)
 		&buf[sizeof(struct hv_vmbus_pipe_hdr)];
 
 	    if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) {
-		hv_negotiate_version(icmsghdrp, buf);
+	    	int error;
+
+		error = vmbus_ic_negomsg(softc, buf, recvlen);
+		if (error)
+			return;
 	    } else {
 		heartbeat_msg =
 		    (struct hv_vmbus_heartbeat_msg_data *)

sys/dev/hyperv/utilities/hv_shutdown.c

@@ -85,7 +85,11 @@ hv_shutdown_cb(struct vmbus_channel *channel, void *context)
 		&buf[sizeof(struct hv_vmbus_pipe_hdr)];
 
 	    if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) {
-		hv_negotiate_version(icmsghdrp, buf);
+		int error;
+
+		error = vmbus_ic_negomsg(softc, buf, recv_len);
+		if (error)
+			return;
 	    } else {
 		shutdown_msg =
 		    (struct hv_vmbus_shutdown_msg_data *)

sys/dev/hyperv/utilities/hv_timesync.c

@@ -160,7 +160,11 @@ hv_timesync_cb(struct vmbus_channel *channel, void *context)
 		sizeof(struct hv_vmbus_pipe_hdr)];
 
 	    if (icmsghdrp->icmsgtype == HV_ICMSGTYPE_NEGOTIATE) {
-		hv_negotiate_version(icmsghdrp, time_buf);
+	    	int error;
+
+		error = vmbus_ic_negomsg(&softc->util_sc, time_buf, recvlen);
+		if (error)
+			return;
 	    } else {
 		timedatap = (struct hv_ictimesync_data *) &time_buf[
 		    sizeof(struct hv_vmbus_pipe_hdr) +

sys/dev/hyperv/utilities/hv_util.c

@@ -36,44 +36,62 @@
 #include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/reboot.h>
+#include <sys/systm.h>
 #include <sys/timetc.h>
-#include <sys/syscallsubr.h>
 
 #include <dev/hyperv/include/hyperv.h>
 #include <dev/hyperv/include/vmbus.h>
-#include <dev/hyperv/utilities/hv_utilreg.h>
 #include <dev/hyperv/utilities/hv_util.h>
+#include <dev/hyperv/utilities/vmbus_icreg.h>
 
 #include "vmbus_if.h"
 
 #define VMBUS_IC_BRSIZE		(4 * PAGE_SIZE)
 
-void
-hv_negotiate_version(struct hv_vmbus_icmsg_hdr *icmsghdrp, uint8_t *buf)
+CTASSERT(sizeof(struct vmbus_icmsg_negotiate) < VMBUS_IC_BRSIZE);
+
+int
+vmbus_ic_negomsg(struct hv_util_sc *sc, void *data, int dlen)
 {
-	struct hv_vmbus_icmsg_negotiate *negop;
+	struct vmbus_icmsg_negotiate *nego;
+	int cnt, major;
 
-	icmsghdrp->icmsgsize = 0x10;
+	/*
+	 * Preliminary message size verification
+	 */
+	if (dlen < sizeof(*nego)) {
+		device_printf(sc->ic_dev, "truncated ic negotiate, len %d\n",
+		    dlen);
+		return EINVAL;
+	}
+	nego = data;
 
-	negop = (struct hv_vmbus_icmsg_negotiate *)&buf[
-		sizeof(struct hv_vmbus_pipe_hdr) +
-		sizeof(struct hv_vmbus_icmsg_hdr)];
-
-	if (negop->icframe_vercnt >= 2 &&
-	    negop->icversion_data[1].major == 3) {
-		negop->icversion_data[0].major = 3;
-		negop->icversion_data[0].minor = 0;
-		negop->icversion_data[1].major = 3;
-		negop->icversion_data[1].minor = 0;
-	} else {
-		negop->icversion_data[0].major = 1;
-		negop->icversion_data[0].minor = 0;
-		negop->icversion_data[1].major = 1;
-		negop->icversion_data[1].minor = 0;
+	cnt = nego->ic_fwver_cnt + nego->ic_msgver_cnt;
+	if (dlen < __offsetof(struct vmbus_icmsg_negotiate, ic_ver[cnt])) {
+		device_printf(sc->ic_dev, "ic negotiate does not contain "
+		    "versions %d\n", dlen);
+		return EINVAL;
 	}
 
-	negop->icframe_vercnt = 1;
-	negop->icmsg_vercnt = 1;
+	/* Select major version; XXX looks wrong. */
+	if (nego->ic_fwver_cnt >= 2 && VMBUS_ICVER_MAJOR(nego->ic_ver[1]) == 3)
+		major = 3;
+	else
+		major = 1;
+
+	/* One framework version */
+	nego->ic_fwver_cnt = 1;
+	nego->ic_ver[0] = VMBUS_IC_VERSION(major, 0);
+
+	/* One message version */
+	nego->ic_msgver_cnt = 1;
+	nego->ic_ver[1] = VMBUS_IC_VERSION(major, 0);
+
+	/* Data contains two versions */
+	nego->ic_hdr.ic_dsize = __offsetof(struct vmbus_icmsg_negotiate,
+	    ic_ver[2]) - sizeof(struct vmbus_icmsg_hdr);
+
+	return 0;
 }
 
 int
@@ -101,6 +119,7 @@ hv_util_attach(device_t dev, vmbus_chan_callback_t cb)
 	struct vmbus_channel *chan = vmbus_get_channel(dev);
 	int error;
 
+	sc->ic_dev = dev;
 	sc->ic_buflen = VMBUS_IC_BRSIZE;
 	sc->receive_buffer = malloc(VMBUS_IC_BRSIZE, M_DEVBUF,
 	    M_WAITOK | M_ZERO);

sys/dev/hyperv/utilities/hv_util.h

@@ -39,6 +39,7 @@
  *
  */
 typedef struct hv_util_sc {
+	device_t		ic_dev;
 	uint8_t			*receive_buffer;
 	int			ic_buflen;
 } hv_util_sc;
@@ -50,10 +51,9 @@ struct vmbus_ic_desc {
 
 #define VMBUS_IC_DESC_END	{ .ic_desc = NULL }
 
-void hv_negotiate_version(struct hv_vmbus_icmsg_hdr *icmsghdrp, uint8_t *buf);
-
 int		hv_util_attach(device_t dev, vmbus_chan_callback_t cb);
 int		hv_util_detach(device_t dev);
 int		vmbus_ic_probe(device_t dev, const struct vmbus_ic_desc descs[]);
+int		vmbus_ic_negomsg(struct hv_util_sc *, void *data, int dlen);
 
 #endif

sys/dev/hyperv/utilities/vmbus_icreg.h

@@ -0,0 +1,84 @@
+/*-
+ * Copyright (c) 2016 Microsoft Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice unmodified, this list of conditions, and the following
+ *    disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _VMBUS_ICREG_H_
+#define _VMBUS_ICREG_H_
+
+#define VMBUS_ICMSG_TYPE_NEGOTIATE	0
+#define VMBUS_ICMSG_TYPE_HEARTBEAT	1
+#define VMBUS_ICMSG_TYPE_KVP		2
+#define VMBUS_ICMSG_TYPE_SHUTDOWN	3
+#define VMBUS_ICMSG_TYPE_TIMESYNC	4
+#define VMBUS_ICMSG_TYPE_VSS		5
+
+#define VMBUS_ICMSG_STATUS_OK		0x00000000
+#define VMBUS_ICMSG_STATUS_FAIL		0x80004005
+
+#define VMBUS_IC_VERSION(major, minor)	((major) | (((uint32_t)(minor)) << 16))
+#define VMBUS_ICVER_MAJOR(ver)		((ver) & 0xffff)
+#define VMBUS_ICVER_MINOR(ver)		(((ver) & 0xffff0000) >> 16)
+
+struct vmbus_pipe_hdr {
+	uint32_t		ph_flags;
+	uint32_t		ph_msgsz;
+} __packed;
+
+struct vmbus_icmsg_hdr {
+	struct vmbus_pipe_hdr	ic_pipe;
+	uint32_t		ic_fwver;	/* framework version */
+	uint16_t		ic_type;
+	uint32_t		ic_msgver;	/* message version */
+	uint16_t		ic_dsize;	/* data size */
+	uint32_t		ic_status;	/* VMBUS_ICMSG_STATUS_ */
+	uint8_t			ic_xactid;
+	uint8_t			ic_flags;	/* VMBUS_ICMSG_FLAG_ */
+	uint8_t			ic_rsvd[2];
+} __packed;
+
+#define VMBUS_ICMSG_FLAG_XACT		0x0001
+#define VMBUS_ICMSG_FLAG_REQ		0x0002
+#define VMBUS_ICMSG_FLAG_RESP		0x0004
+
+/* VMBUS_ICMSG_TYPE_NEGOTIATE */
+struct vmbus_icmsg_negotiate {
+	struct vmbus_icmsg_hdr	ic_hdr;
+	uint16_t		ic_fwver_cnt;
+	uint16_t		ic_msgver_cnt;
+	uint32_t		ic_rsvd;
+	/*
+	 * This version array contains two set of supported
+	 * versions:
+	 * - The first set consists of #ic_fwver_cnt supported framework
+	 *   versions.
+	 * - The second set consists of #ic_msgver_cnt supported message
+	 *   versions.
+	 */
+	uint32_t		ic_ver[];
+} __packed;
+
+#endif	/* !_VMBUS_ICREG_H_ */