ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-04-26 22:09:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
genode/repos/os/src/server/vmm/virtio_net.h
Martin Stein 1336b0a751 mmio: upper-bounds checks 
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).

That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.

Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.

The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.

The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.

Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.

Fix #4081
2024-02-26 08:59:07 +01:00

168 lines
4.0 KiB
C++
Raw Blame History

/*
* \brief Virtio networking implementation
* \author Sebastian Sumpf
* \date 2019-10-10
*/
/*
* Copyright (C) 2019 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _VIRTIO_NET_H_
#define _VIRTIO_NET_H_
#include <nic/packet_allocator.h>
#include <nic_session/connection.h>
#include <virtio_device.h>
namespace Vmm { class Virtio_net; }
class Vmm::Virtio_net : public Virtio_device<Virtio_split_queue, 2>
{
private:
enum Queue_id { RX, TX };
Genode::Env &_env;
Genode::Heap _heap { _env.ram(), _env.rm() };
Genode::Allocator_avl _tx_alloc { &_heap };
enum { BUF_SIZE = Nic::Packet_allocator::DEFAULT_PACKET_SIZE * 128,
NIC_HEADER_SIZE = 12 };
Nic::Connection _nic { _env, &_tx_alloc, BUF_SIZE, BUF_SIZE };
Nic::Mac_address _mac { _nic.mac_address() };
Cpu::Signal_handler<Virtio_net> _handler;
void _free_packets()
{
while (_nic.tx()->ack_avail()) {
Nic::Packet_descriptor packet = _nic.tx()->get_acked_packet();
_nic.tx()->release_packet(packet);
}
}
void _rx()
{
/* RX */
auto recv = [&] (Byte_range_ptr const &data)
{
if (!_nic.rx()->packet_avail() || !_nic.rx()->ready_to_ack())
return 0ul;
Nic::Packet_descriptor const rx_packet = _nic.rx()->get_packet();
size_t sz = Genode::min(data.num_bytes, rx_packet.size() + NIC_HEADER_SIZE);
Genode::memcpy((void *)(data.start + NIC_HEADER_SIZE),
_nic.rx()->packet_content(rx_packet),
sz - NIC_HEADER_SIZE);
_nic.rx()->acknowledge_packet(rx_packet);
Genode::memset((void*)data.start, 0, NIC_HEADER_SIZE);
return sz;
};
if (!_queue[RX].constructed()) return;
bool irq = _queue[RX]->notify(recv);
if (irq) _buffer_notification();
}
void _tx()
{
auto send = [&] (Byte_range_ptr const &data)
{
if (!_nic.tx()->ready_to_submit()) return 0lu;
Byte_range_ptr body {data.start + NIC_HEADER_SIZE, data.num_bytes - NIC_HEADER_SIZE};
Nic::Packet_descriptor tx_packet;
try {
tx_packet = _nic.tx()->alloc_packet(body.num_bytes); }
catch (Nic::Session::Tx::Source::Packet_alloc_failed) {
return 0ul; }
Genode::memcpy(_nic.tx()->packet_content(tx_packet),
(void *)body.start, body.num_bytes);
_nic.tx()->submit_packet(tx_packet);
return body.num_bytes;
};
if (!_queue[TX].constructed()) return;
if (_queue[TX]->notify(send)) _buffer_notification();
_free_packets();
}
void _handle()
{
Genode::Mutex::Guard guard(_mutex);
_rx();
_tx();
}
void _notify(unsigned /* idx */) override
{
_tx();
_rx();
}
enum Device_id { NIC = 0x1 };
struct Config_area : Reg
{
Nic::Mac_address & mac;
Register read(Address_range & range, Cpu&) override
{
if (range.start() > 5) return 0;
return mac.addr[range.start()];
}
void write(Address_range &, Cpu &, Register) override {}
Config_area(Virtio_net & device, Nic::Mac_address & mac)
: Reg(device, "ConfigArea", Mmio_register::RW, 0x100, 24),
mac(mac)
{ }
} _config_area { *this, _mac };
public:
Virtio_net(const char * const name,
const uint64_t addr,
const uint64_t size,
unsigned irq,
Cpu & cpu,
Mmio_bus & bus,
Ram & ram,
Virtio_device_list & list,
Genode::Env & env)
:
Virtio_device<Virtio_split_queue, 2>(name, addr, size, irq,
cpu, bus, ram, list, NIC),
_env(env),
_handler(cpu, _env.ep(), *this, &Virtio_net::_handle)
{
enum { VIRTIO_NET_F_MAC = 1u << 5 };
_dev_feature.set(VIRTIO_NET_F_MAC);
_nic.tx_channel()->sigh_ready_to_submit(_handler);
_nic.tx_channel()->sigh_ack_avail (_handler);
_nic.rx_channel()->sigh_ready_to_ack (_handler);
_nic.rx_channel()->sigh_packet_avail (_handler);
}
};
#endif /* _VIRTIO_NET_H_ */
Reference in New Issue View Git Blame Copy Permalink