[PATCH] hypervisor, driver: Added signature for .cell files
16 views
Skip to first unread message
Ralf Ramsauer
Aug 13, 2015, 1:35:16 PM8/13/15
to jailho...@googlegroups.com, Ralf Ramsauer
Inserted signature field in struct jailhouse_cell_desc and
jailhouse_system. Jailhouse kernel driver will refuse loading
a system config as a cell descriptor et vice versa.
Signed-off-by: Ralf Ramsauer <ra...@ramses-pyramidenbau.de>
---
configs/apic-demo.c | 1 +
configs/bananapi-gic-demo.c | 1 +
configs/bananapi-uart-demo.c | 1 +
configs/bananapi.c | 1 +
configs/e1000-demo.c | 1 +
configs/f2a88xm-hd3.c | 1 +
configs/h87i.c | 1 +
configs/imb-a180.c | 1 +
configs/ioapic-demo.c | 1 +
configs/ivshmem-demo.c | 1 +
configs/jetson-tk1-demo.c | 1 +
configs/jetson-tk1.c | 1 +
configs/linux-x86-demo.c | 1 +
configs/pci-demo.c | 1 +
configs/qemu-vm.c | 1 +
configs/smp-demo.c | 1 +
configs/tiny-demo.c | 1 +
configs/vexpress-gic-demo.c | 1 +
configs/vexpress-linux-demo.c | 1 +
configs/vexpress-uart-demo.c | 1 +
configs/vexpress.c | 1 +
driver/cell.c | 7 +++++++
driver/main.c | 7 +++++++
hypervisor/include/jailhouse/cell-config.h | 6 ++++++
tools/root-cell-config.c.tmpl | 1 +
25 files changed, 42 insertions(+)
diff --git a/configs/apic-demo.c b/configs/apic-demo.c
index 046a782..1351496 100644
--- a/configs/apic-demo.c
+++ b/configs/apic-demo.c
@@ -24,6 +24,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "apic-demo",
.cpu_set_size = sizeof(config.cpus),
diff --git a/configs/bananapi-gic-demo.c b/configs/bananapi-gic-demo.c
index f34a2a4..2d633fa 100644
--- a/configs/bananapi-gic-demo.c
+++ b/configs/bananapi-gic-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_memory mem_regions[3];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "bananapi-gic-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/bananapi-uart-demo.c b/configs/bananapi-uart-demo.c
index 3934d67..87ed8d2 100644
--- a/configs/bananapi-uart-demo.c
+++ b/configs/bananapi-uart-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_memory mem_regions[3];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "bananapi-uart-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/bananapi.c b/configs/bananapi.c
index edc6477..03cb5f7 100644
--- a/configs/bananapi.c
+++ b/configs/bananapi.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x7c000000,
.size = 0x4000000,
diff --git a/configs/e1000-demo.c b/configs/e1000-demo.c
index 11b87cf..088d92a 100644
--- a/configs/e1000-demo.c
+++ b/configs/e1000-demo.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_pci_capability pci_caps[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "e1000-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/f2a88xm-hd3.c b/configs/f2a88xm-hd3.c
index 2736496..16f0aa0 100644
--- a/configs/f2a88xm-hd3.c
+++ b/configs/f2a88xm-hd3.c
@@ -32,6 +32,7 @@ struct {
struct jailhouse_pci_capability pci_caps[27];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x4000000,
diff --git a/configs/h87i.c b/configs/h87i.c
index c5473ac..9b36702 100644
--- a/configs/h87i.c
+++ b/configs/h87i.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_pci_capability pci_caps[28];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x4000000,
diff --git a/configs/imb-a180.c b/configs/imb-a180.c
index e74cbe8..ffcd5c7 100644
--- a/configs/imb-a180.c
+++ b/configs/imb-a180.c
@@ -31,6 +31,7 @@ struct {
struct jailhouse_pci_capability pci_caps[26];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x4000000,
diff --git a/configs/ioapic-demo.c b/configs/ioapic-demo.c
index aec1a21..fa450d2 100644
--- a/configs/ioapic-demo.c
+++ b/configs/ioapic-demo.c
@@ -26,6 +26,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "ioapic-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/ivshmem-demo.c b/configs/ivshmem-demo.c
index 591d9ea..ac426d4 100644
--- a/configs/ivshmem-demo.c
+++ b/configs/ivshmem-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_pci_capability pci_caps[0];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "ivshmem-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/jetson-tk1-demo.c b/configs/jetson-tk1-demo.c
index 02c924d..5bf465a 100644
--- a/configs/jetson-tk1-demo.c
+++ b/configs/jetson-tk1-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_memory mem_regions[2];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "jetson-tk1-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/jetson-tk1.c b/configs/jetson-tk1.c
index b3c69ef..746c956 100644
--- a/configs/jetson-tk1.c
+++ b/configs/jetson-tk1.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0xfc000000,
.size = 0x4000000 - 0x100000, /* -1MB (PSCI) */
diff --git a/configs/linux-x86-demo.c b/configs/linux-x86-demo.c
index ffb7765..539104f 100644
--- a/configs/linux-x86-demo.c
+++ b/configs/linux-x86-demo.c
@@ -25,6 +25,7 @@ struct {
struct jailhouse_pci_device pci_devices[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "linux-x86-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/pci-demo.c b/configs/pci-demo.c
index 9449aac..85fd5b2 100644
--- a/configs/pci-demo.c
+++ b/configs/pci-demo.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_pci_capability pci_caps[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "pci-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/qemu-vm.c b/configs/qemu-vm.c
index 637b9c6..f95b1f6 100644
--- a/configs/qemu-vm.c
+++ b/configs/qemu-vm.c
@@ -41,6 +41,7 @@ struct {
struct jailhouse_pci_capability pci_caps[5];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x600000,
diff --git a/configs/smp-demo.c b/configs/smp-demo.c
index 8649466..1bbf659 100644
--- a/configs/smp-demo.c
+++ b/configs/smp-demo.c
@@ -24,6 +24,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "smp-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/tiny-demo.c b/configs/tiny-demo.c
index 355a330..b3f612b 100644
--- a/configs/tiny-demo.c
+++ b/configs/tiny-demo.c
@@ -24,6 +24,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "tiny-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress-gic-demo.c b/configs/vexpress-gic-demo.c
index 44512d4..cac296a 100644
--- a/configs/vexpress-gic-demo.c
+++ b/configs/vexpress-gic-demo.c
@@ -21,6 +21,7 @@ struct {
struct jailhouse_memory mem_regions[2];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "gic-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress-linux-demo.c b/configs/vexpress-linux-demo.c
index 5a3d7b5..85a9fcb 100644
--- a/configs/vexpress-linux-demo.c
+++ b/configs/vexpress-linux-demo.c
@@ -22,6 +22,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "linux-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress-uart-demo.c b/configs/vexpress-uart-demo.c
index 524a08e..0054c62 100644
--- a/configs/vexpress-uart-demo.c
+++ b/configs/vexpress-uart-demo.c
@@ -21,6 +21,7 @@ struct {
struct jailhouse_memory mem_regions[2];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "pl011-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress.c b/configs/vexpress.c
index eb27345..0f736ad 100644
--- a/configs/vexpress.c
+++ b/configs/vexpress.c
@@ -22,6 +22,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0xfc000000,
.size = 0x4000000,
diff --git a/driver/cell.c b/driver/cell.c
index e28a96c..e53b399 100644
--- a/driver/cell.c
+++ b/driver/cell.c
@@ -175,6 +175,13 @@ int jailhouse_cmd_cell_create(struct jailhouse_cell_create __user *arg)
err = -EFAULT;
goto kfree_config_out;
}
+
+ if (memcmp(config->signature, JAILHOUSE_CELL_DESC_SIGNATURE,
+ sizeof(config->signature)) != 0) {
+ pr_err("jailhouse: Not a cell descriptor\n");
+ return -EINVAL;
+ }
+
config->name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
if (mutex_lock_interruptible(&jailhouse_lock) != 0) {
diff --git a/driver/main.c b/driver/main.c
index a76deb9..1c9e166 100644
--- a/driver/main.c
+++ b/driver/main.c
@@ -192,6 +192,13 @@ static int jailhouse_cmd_enable(struct jailhouse_system __user *arg)
if (copy_from_user(&config_header, arg, sizeof(config_header)))
return -EFAULT;
+
+ if (memcmp(config_header.signature, JAILHOUSE_SYSTEM_SIGNATURE,
+ sizeof(config_header.signature)) != 0) {
+ pr_err("jailhouse: Not a system descriptor\n");
+ return -EINVAL;
+ }
+
config_header.root_cell.name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
max_cpus = get_max_cpus(config_header.root_cell.cpu_set_size, arg);
diff --git a/hypervisor/include/jailhouse/cell-config.h b/hypervisor/include/jailhouse/cell-config.h
index 261d9c7..ef9de70 100644
--- a/hypervisor/include/jailhouse/cell-config.h
+++ b/hypervisor/include/jailhouse/cell-config.h
@@ -43,7 +43,10 @@
#define JAILHOUSE_CELL_PASSIVE_COMMREG 0x00000001
+#define JAILHOUSE_CELL_DESC_SIGNATURE "JAILCELL"
+
struct jailhouse_cell_desc {
+ char signature[8];
char name[JAILHOUSE_CELL_NAME_MAXLEN+1];
__u32 flags;
@@ -118,7 +121,10 @@ struct jailhouse_pci_capability {
#define JAILHOUSE_MAX_IOMMU_UNITS 8
+#define JAILHOUSE_SYSTEM_SIGNATURE "JAILSYST"
+
struct jailhouse_system {
+ char signature[8];
struct jailhouse_memory hypervisor_memory;
struct jailhouse_memory debug_uart;
union {
diff --git a/tools/root-cell-config.c.tmpl b/tools/root-cell-config.c.tmpl
index fdf8f8b..04b4ecb 100644
--- a/tools/root-cell-config.c.tmpl
+++ b/tools/root-cell-config.c.tmpl
@@ -54,6 +54,7 @@ struct {
struct jailhouse_pci_capability pci_caps[${len(pcicaps)}];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = ${hex(hvmem[0])},
.size = ${hex(hvmem[1])},
--
2.5.0
jailhouse_system. Jailhouse kernel driver will refuse loading
a system config as a cell descriptor et vice versa.
Signed-off-by: Ralf Ramsauer <ra...@ramses-pyramidenbau.de>
---
configs/apic-demo.c | 1 +
configs/bananapi-gic-demo.c | 1 +
configs/bananapi-uart-demo.c | 1 +
configs/bananapi.c | 1 +
configs/e1000-demo.c | 1 +
configs/f2a88xm-hd3.c | 1 +
configs/h87i.c | 1 +
configs/imb-a180.c | 1 +
configs/ioapic-demo.c | 1 +
configs/ivshmem-demo.c | 1 +
configs/jetson-tk1-demo.c | 1 +
configs/jetson-tk1.c | 1 +
configs/linux-x86-demo.c | 1 +
configs/pci-demo.c | 1 +
configs/qemu-vm.c | 1 +
configs/smp-demo.c | 1 +
configs/tiny-demo.c | 1 +
configs/vexpress-gic-demo.c | 1 +
configs/vexpress-linux-demo.c | 1 +
configs/vexpress-uart-demo.c | 1 +
configs/vexpress.c | 1 +
driver/cell.c | 7 +++++++
driver/main.c | 7 +++++++
hypervisor/include/jailhouse/cell-config.h | 6 ++++++
tools/root-cell-config.c.tmpl | 1 +
25 files changed, 42 insertions(+)
diff --git a/configs/apic-demo.c b/configs/apic-demo.c
index 046a782..1351496 100644
--- a/configs/apic-demo.c
+++ b/configs/apic-demo.c
@@ -24,6 +24,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "apic-demo",
.cpu_set_size = sizeof(config.cpus),
diff --git a/configs/bananapi-gic-demo.c b/configs/bananapi-gic-demo.c
index f34a2a4..2d633fa 100644
--- a/configs/bananapi-gic-demo.c
+++ b/configs/bananapi-gic-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_memory mem_regions[3];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "bananapi-gic-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/bananapi-uart-demo.c b/configs/bananapi-uart-demo.c
index 3934d67..87ed8d2 100644
--- a/configs/bananapi-uart-demo.c
+++ b/configs/bananapi-uart-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_memory mem_regions[3];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "bananapi-uart-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/bananapi.c b/configs/bananapi.c
index edc6477..03cb5f7 100644
--- a/configs/bananapi.c
+++ b/configs/bananapi.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x7c000000,
.size = 0x4000000,
diff --git a/configs/e1000-demo.c b/configs/e1000-demo.c
index 11b87cf..088d92a 100644
--- a/configs/e1000-demo.c
+++ b/configs/e1000-demo.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_pci_capability pci_caps[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "e1000-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/f2a88xm-hd3.c b/configs/f2a88xm-hd3.c
index 2736496..16f0aa0 100644
--- a/configs/f2a88xm-hd3.c
+++ b/configs/f2a88xm-hd3.c
@@ -32,6 +32,7 @@ struct {
struct jailhouse_pci_capability pci_caps[27];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x4000000,
diff --git a/configs/h87i.c b/configs/h87i.c
index c5473ac..9b36702 100644
--- a/configs/h87i.c
+++ b/configs/h87i.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_pci_capability pci_caps[28];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x4000000,
diff --git a/configs/imb-a180.c b/configs/imb-a180.c
index e74cbe8..ffcd5c7 100644
--- a/configs/imb-a180.c
+++ b/configs/imb-a180.c
@@ -31,6 +31,7 @@ struct {
struct jailhouse_pci_capability pci_caps[26];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x4000000,
diff --git a/configs/ioapic-demo.c b/configs/ioapic-demo.c
index aec1a21..fa450d2 100644
--- a/configs/ioapic-demo.c
+++ b/configs/ioapic-demo.c
@@ -26,6 +26,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "ioapic-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/ivshmem-demo.c b/configs/ivshmem-demo.c
index 591d9ea..ac426d4 100644
--- a/configs/ivshmem-demo.c
+++ b/configs/ivshmem-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_pci_capability pci_caps[0];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "ivshmem-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/jetson-tk1-demo.c b/configs/jetson-tk1-demo.c
index 02c924d..5bf465a 100644
--- a/configs/jetson-tk1-demo.c
+++ b/configs/jetson-tk1-demo.c
@@ -24,6 +24,7 @@ struct {
struct jailhouse_memory mem_regions[2];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "jetson-tk1-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/jetson-tk1.c b/configs/jetson-tk1.c
index b3c69ef..746c956 100644
--- a/configs/jetson-tk1.c
+++ b/configs/jetson-tk1.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0xfc000000,
.size = 0x4000000 - 0x100000, /* -1MB (PSCI) */
diff --git a/configs/linux-x86-demo.c b/configs/linux-x86-demo.c
index ffb7765..539104f 100644
--- a/configs/linux-x86-demo.c
+++ b/configs/linux-x86-demo.c
@@ -25,6 +25,7 @@ struct {
struct jailhouse_pci_device pci_devices[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "linux-x86-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/pci-demo.c b/configs/pci-demo.c
index 9449aac..85fd5b2 100644
--- a/configs/pci-demo.c
+++ b/configs/pci-demo.c
@@ -27,6 +27,7 @@ struct {
struct jailhouse_pci_capability pci_caps[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "pci-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/qemu-vm.c b/configs/qemu-vm.c
index 637b9c6..f95b1f6 100644
--- a/configs/qemu-vm.c
+++ b/configs/qemu-vm.c
@@ -41,6 +41,7 @@ struct {
struct jailhouse_pci_capability pci_caps[5];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0x3b000000,
.size = 0x600000,
diff --git a/configs/smp-demo.c b/configs/smp-demo.c
index 8649466..1bbf659 100644
--- a/configs/smp-demo.c
+++ b/configs/smp-demo.c
@@ -24,6 +24,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "smp-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/tiny-demo.c b/configs/tiny-demo.c
index 355a330..b3f612b 100644
--- a/configs/tiny-demo.c
+++ b/configs/tiny-demo.c
@@ -24,6 +24,7 @@ struct {
__u8 pio_bitmap[0x2000];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "tiny-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress-gic-demo.c b/configs/vexpress-gic-demo.c
index 44512d4..cac296a 100644
--- a/configs/vexpress-gic-demo.c
+++ b/configs/vexpress-gic-demo.c
@@ -21,6 +21,7 @@ struct {
struct jailhouse_memory mem_regions[2];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "gic-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress-linux-demo.c b/configs/vexpress-linux-demo.c
index 5a3d7b5..85a9fcb 100644
--- a/configs/vexpress-linux-demo.c
+++ b/configs/vexpress-linux-demo.c
@@ -22,6 +22,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "linux-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress-uart-demo.c b/configs/vexpress-uart-demo.c
index 524a08e..0054c62 100644
--- a/configs/vexpress-uart-demo.c
+++ b/configs/vexpress-uart-demo.c
@@ -21,6 +21,7 @@ struct {
struct jailhouse_memory mem_regions[2];
} __attribute__((packed)) config = {
.cell = {
+ .signature = JAILHOUSE_CELL_DESC_SIGNATURE,
.name = "pl011-demo",
.flags = JAILHOUSE_CELL_PASSIVE_COMMREG,
diff --git a/configs/vexpress.c b/configs/vexpress.c
index eb27345..0f736ad 100644
--- a/configs/vexpress.c
+++ b/configs/vexpress.c
@@ -22,6 +22,7 @@ struct {
struct jailhouse_irqchip irqchips[1];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = 0xfc000000,
.size = 0x4000000,
diff --git a/driver/cell.c b/driver/cell.c
index e28a96c..e53b399 100644
--- a/driver/cell.c
+++ b/driver/cell.c
@@ -175,6 +175,13 @@ int jailhouse_cmd_cell_create(struct jailhouse_cell_create __user *arg)
err = -EFAULT;
goto kfree_config_out;
}
+
+ if (memcmp(config->signature, JAILHOUSE_CELL_DESC_SIGNATURE,
+ sizeof(config->signature)) != 0) {
+ pr_err("jailhouse: Not a cell descriptor\n");
+ return -EINVAL;
+ }
+
config->name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
if (mutex_lock_interruptible(&jailhouse_lock) != 0) {
diff --git a/driver/main.c b/driver/main.c
index a76deb9..1c9e166 100644
--- a/driver/main.c
+++ b/driver/main.c
@@ -192,6 +192,13 @@ static int jailhouse_cmd_enable(struct jailhouse_system __user *arg)
if (copy_from_user(&config_header, arg, sizeof(config_header)))
return -EFAULT;
+
+ if (memcmp(config_header.signature, JAILHOUSE_SYSTEM_SIGNATURE,
+ sizeof(config_header.signature)) != 0) {
+ pr_err("jailhouse: Not a system descriptor\n");
+ return -EINVAL;
+ }
+
config_header.root_cell.name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
max_cpus = get_max_cpus(config_header.root_cell.cpu_set_size, arg);
diff --git a/hypervisor/include/jailhouse/cell-config.h b/hypervisor/include/jailhouse/cell-config.h
index 261d9c7..ef9de70 100644
--- a/hypervisor/include/jailhouse/cell-config.h
+++ b/hypervisor/include/jailhouse/cell-config.h
@@ -43,7 +43,10 @@
#define JAILHOUSE_CELL_PASSIVE_COMMREG 0x00000001
+#define JAILHOUSE_CELL_DESC_SIGNATURE "JAILCELL"
+
struct jailhouse_cell_desc {
+ char signature[8];
char name[JAILHOUSE_CELL_NAME_MAXLEN+1];
__u32 flags;
@@ -118,7 +121,10 @@ struct jailhouse_pci_capability {
#define JAILHOUSE_MAX_IOMMU_UNITS 8
+#define JAILHOUSE_SYSTEM_SIGNATURE "JAILSYST"
+
struct jailhouse_system {
+ char signature[8];
struct jailhouse_memory hypervisor_memory;
struct jailhouse_memory debug_uart;
union {
diff --git a/tools/root-cell-config.c.tmpl b/tools/root-cell-config.c.tmpl
index fdf8f8b..04b4ecb 100644
--- a/tools/root-cell-config.c.tmpl
+++ b/tools/root-cell-config.c.tmpl
@@ -54,6 +54,7 @@ struct {
struct jailhouse_pci_capability pci_caps[${len(pcicaps)}];
} __attribute__((packed)) config = {
.header = {
+ .signature = JAILHOUSE_SYSTEM_SIGNATURE,
.hypervisor_memory = {
.phys_start = ${hex(hvmem[0])},
.size = ${hex(hvmem[1])},
--
2.5.0
Jan Kiszka
Aug 13, 2015, 4:16:38 PM8/13/15
to Ralf Ramsauer, jailho...@googlegroups.com
> + pr_err("jailhouse: Not a cell descriptor\n");
> + return -EINVAL;
Look into the context above: this would leak memory.
> + }
> +
> config->name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
>
> if (mutex_lock_interruptible(&jailhouse_lock) != 0) {
> diff --git a/driver/main.c b/driver/main.c
> index a76deb9..1c9e166 100644
> --- a/driver/main.c
> +++ b/driver/main.c
> @@ -192,6 +192,13 @@ static int jailhouse_cmd_enable(struct jailhouse_system __user *arg)
>
> if (copy_from_user(&config_header, arg, sizeof(config_header)))
> return -EFAULT;
> +
> + if (memcmp(config_header.signature, JAILHOUSE_SYSTEM_SIGNATURE,
> + sizeof(config_header.signature)) != 0) {
> + pr_err("jailhouse: Not a system descriptor\n");
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
Ralf Ramsauer
Aug 13, 2015, 7:26:47 PM8/13/15
to jailho...@googlegroups.com, Ralf Ramsauer
Inserted signature field in struct jailhouse_cell_desc and
jailhouse_system. Jailhouse kernel driver will refuse loading
a system configuration as a cell configuration et vice versa.
jailhouse_system. Jailhouse kernel driver will refuse loading
Signed-off-by: Ralf Ramsauer <ra...@ramses-pyramidenbau.de>
---
configs/apic-demo.c | 1 +
configs/bananapi-gic-demo.c | 1 +
configs/bananapi-uart-demo.c | 1 +
configs/bananapi.c | 1 +
configs/e1000-demo.c | 1 +
configs/f2a88xm-hd3.c | 1 +
configs/h87i.c | 1 +
configs/imb-a180.c | 1 +
configs/ioapic-demo.c | 1 +
configs/ivshmem-demo.c | 1 +
configs/jetson-tk1-demo.c | 1 +
configs/jetson-tk1.c | 1 +
configs/linux-x86-demo.c | 1 +
configs/pci-demo.c | 1 +
configs/qemu-vm.c | 1 +
configs/smp-demo.c | 1 +
configs/tiny-demo.c | 1 +
configs/vexpress-gic-demo.c | 1 +
configs/vexpress-linux-demo.c | 1 +
configs/vexpress-uart-demo.c | 1 +
configs/vexpress.c | 1 +
driver/main.c | 7 +++++++
hypervisor/include/jailhouse/cell-config.h | 6 ++++++
tools/root-cell-config.c.tmpl | 1 +
25 files changed, 43 insertions(+)
hypervisor/include/jailhouse/cell-config.h | 6 ++++++
tools/root-cell-config.c.tmpl | 1 +
--- a/driver/cell.c
+++ b/driver/cell.c
@@ -175,6 +175,14 @@ int jailhouse_cmd_cell_create(struct jailhouse_cell_create __user *arg)
err = -EFAULT;
goto kfree_config_out;
}
+
+ if (memcmp(config->signature, JAILHOUSE_CELL_DESC_SIGNATURE,
+ sizeof(config->signature)) != 0) {
+ pr_err("jailhouse: Not a cell configuration\n");
goto kfree_config_out;
}
+
+ if (memcmp(config->signature, JAILHOUSE_CELL_DESC_SIGNATURE,
+ sizeof(config->signature)) != 0) {
+ err = -EINVAL;
+ goto kfree_config_out;
+ }
+
config->name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
if (mutex_lock_interruptible(&jailhouse_lock) != 0) {
diff --git a/driver/main.c b/driver/main.c
index a76deb9..92b985a 100644
+
config->name[JAILHOUSE_CELL_NAME_MAXLEN] = 0;
if (mutex_lock_interruptible(&jailhouse_lock) != 0) {
diff --git a/driver/main.c b/driver/main.c
--- a/driver/main.c
+++ b/driver/main.c
@@ -192,6 +192,13 @@ static int jailhouse_cmd_enable(struct jailhouse_system __user *arg)
if (copy_from_user(&config_header, arg, sizeof(config_header)))
return -EFAULT;
+
+ if (memcmp(config_header.signature, JAILHOUSE_SYSTEM_SIGNATURE,
+ sizeof(config_header.signature)) != 0) {
+ pr_err("jailhouse: Not a system configuration\n");
+++ b/driver/main.c
@@ -192,6 +192,13 @@ static int jailhouse_cmd_enable(struct jailhouse_system __user *arg)
if (copy_from_user(&config_header, arg, sizeof(config_header)))
return -EFAULT;
+
+ if (memcmp(config_header.signature, JAILHOUSE_SYSTEM_SIGNATURE,
+ sizeof(config_header.signature)) != 0) {
2.5.0
Jan Kiszka
Aug 14, 2015, 2:28:31 AM8/14/15
to Ralf Ramsauer, jailho...@googlegroups.com
format (although I ran into this recently myself). I've fixed that up
(trivial) and queued the patch, see next.
Thanks,
Reply all
Reply to author
Forward
0 new messages