xref: /freebsd/sys/dev/hyperv/vmbus/vmbus_chan.c (revision 2276e53940c2a2bf7c7e9cb705e51de4202258c2)
1 /*-
2  * Copyright (c) 2009-2012,2016 Microsoft Corp.
3  * Copyright (c) 2012 NetApp Inc.
4  * Copyright (c) 2012 Citrix Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice unmodified, this list of conditions, and the following
12  *    disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include <sys/param.h>
30 #include <sys/bus.h>
31 #include <sys/callout.h>
32 #include <sys/kernel.h>
33 #include <sys/lock.h>
34 #include <sys/malloc.h>
35 #include <sys/mutex.h>
36 #include <sys/smp.h>
37 #include <sys/sysctl.h>
38 #include <sys/systm.h>
39 
40 #include <machine/atomic.h>
41 #include <machine/stdarg.h>
42 
43 #include <vm/vm.h>
44 #include <vm/pmap.h>
45 #include <vm/vm_extern.h>
46 
47 #include <dev/hyperv/include/vmbus_xact.h>
48 #include <dev/hyperv/vmbus/hyperv_var.h>
49 #include <dev/hyperv/vmbus/vmbus_reg.h>
50 #include <dev/hyperv/vmbus/vmbus_var.h>
51 #include <dev/hyperv/vmbus/vmbus_brvar.h>
52 #include <dev/hyperv/vmbus/vmbus_chanvar.h>
53 
54 struct vmbus_chan_pollarg {
55 	struct vmbus_channel	*poll_chan;
56 	u_int			poll_hz;
57 };
58 
59 static void			vmbus_chan_update_evtflagcnt(
60 				    struct vmbus_softc *,
61 				    const struct vmbus_channel *);
62 static int			vmbus_chan_close_internal(
63 				    struct vmbus_channel *);
64 static int			vmbus_chan_sysctl_mnf(SYSCTL_HANDLER_ARGS);
65 static void			vmbus_chan_sysctl_create(
66 				    struct vmbus_channel *);
67 static struct vmbus_channel	*vmbus_chan_alloc(struct vmbus_softc *);
68 static void			vmbus_chan_free(struct vmbus_channel *);
69 static int			vmbus_chan_add(struct vmbus_channel *);
70 static void			vmbus_chan_cpu_default(struct vmbus_channel *);
71 static int			vmbus_chan_release(struct vmbus_channel *);
72 static void			vmbus_chan_set_chmap(struct vmbus_channel *);
73 static void			vmbus_chan_clear_chmap(struct vmbus_channel *);
74 static void			vmbus_chan_detach(struct vmbus_channel *);
75 static bool			vmbus_chan_wait_revoke(
76 				    const struct vmbus_channel *, bool);
77 static void			vmbus_chan_poll_timeout(void *);
78 static bool			vmbus_chan_poll_cancel_intq(
79 				    struct vmbus_channel *);
80 static void			vmbus_chan_poll_cancel(struct vmbus_channel *);
81 
82 static void			vmbus_chan_ins_prilist(struct vmbus_softc *,
83 				    struct vmbus_channel *);
84 static void			vmbus_chan_rem_prilist(struct vmbus_softc *,
85 				    struct vmbus_channel *);
86 static void			vmbus_chan_ins_list(struct vmbus_softc *,
87 				    struct vmbus_channel *);
88 static void			vmbus_chan_rem_list(struct vmbus_softc *,
89 				    struct vmbus_channel *);
90 static void			vmbus_chan_ins_sublist(struct vmbus_channel *,
91 				    struct vmbus_channel *);
92 static void			vmbus_chan_rem_sublist(struct vmbus_channel *,
93 				    struct vmbus_channel *);
94 
95 static void			vmbus_chan_task(void *, int);
96 static void			vmbus_chan_task_nobatch(void *, int);
97 static void			vmbus_chan_poll_task(void *, int);
98 static void			vmbus_chan_clrchmap_task(void *, int);
99 static void			vmbus_chan_pollcfg_task(void *, int);
100 static void			vmbus_chan_polldis_task(void *, int);
101 static void			vmbus_chan_poll_cancel_task(void *, int);
102 static void			vmbus_prichan_attach_task(void *, int);
103 static void			vmbus_subchan_attach_task(void *, int);
104 static void			vmbus_prichan_detach_task(void *, int);
105 static void			vmbus_subchan_detach_task(void *, int);
106 
107 static void			vmbus_chan_msgproc_choffer(struct vmbus_softc *,
108 				    const struct vmbus_message *);
109 static void			vmbus_chan_msgproc_chrescind(
110 				    struct vmbus_softc *,
111 				    const struct vmbus_message *);
112 
113 static int			vmbus_chan_printf(const struct vmbus_channel *,
114 				    const char *, ...) __printflike(2, 3);
115 
116 /*
117  * Vmbus channel message processing.
118  */
119 static const vmbus_chanmsg_proc_t
120 vmbus_chan_msgprocs[VMBUS_CHANMSG_TYPE_MAX] = {
121 	VMBUS_CHANMSG_PROC(CHOFFER,	vmbus_chan_msgproc_choffer),
122 	VMBUS_CHANMSG_PROC(CHRESCIND,	vmbus_chan_msgproc_chrescind),
123 
124 	VMBUS_CHANMSG_PROC_WAKEUP(CHOPEN_RESP),
125 	VMBUS_CHANMSG_PROC_WAKEUP(GPADL_CONNRESP),
126 	VMBUS_CHANMSG_PROC_WAKEUP(GPADL_DISCONNRESP)
127 };
128 
129 /*
130  * Notify host that there are data pending on our TX bufring or
131  * we have put some data on the TX bufring.
132  */
133 static __inline void
134 vmbus_chan_signal(const struct vmbus_channel *chan)
135 {
136 	atomic_set_long(chan->ch_evtflag, chan->ch_evtflag_mask);
137 	if (chan->ch_txflags & VMBUS_CHAN_TXF_HASMNF)
138 		atomic_set_int(chan->ch_montrig, chan->ch_montrig_mask);
139 	else
140 		hypercall_signal_event(pmap_kextract(
141 		    (vm_offset_t)chan->ch_monprm));
142 }
143 
144 static __inline void
145 vmbus_chan_signal_tx(struct vmbus_channel *chan)
146 {
147 	chan->ch_txbr.txbr_intrcnt ++;
148 
149 	vmbus_chan_signal(chan);
150 }
151 
152 static __inline void
153 vmbus_chan_signal_rx(struct vmbus_channel *chan)
154 {
155 	chan->ch_rxbr.rxbr_intrcnt ++;
156 
157 	vmbus_chan_signal(chan);
158 }
159 
160 static void
161 vmbus_chan_ins_prilist(struct vmbus_softc *sc, struct vmbus_channel *chan)
162 {
163 
164 	mtx_assert(&sc->vmbus_prichan_lock, MA_OWNED);
165 	if (atomic_testandset_int(&chan->ch_stflags,
166 	    VMBUS_CHAN_ST_ONPRIL_SHIFT))
167 		panic("channel is already on the prilist");
168 	TAILQ_INSERT_TAIL(&sc->vmbus_prichans, chan, ch_prilink);
169 }
170 
171 static void
172 vmbus_chan_rem_prilist(struct vmbus_softc *sc, struct vmbus_channel *chan)
173 {
174 
175 	mtx_assert(&sc->vmbus_prichan_lock, MA_OWNED);
176 	if (atomic_testandclear_int(&chan->ch_stflags,
177 	    VMBUS_CHAN_ST_ONPRIL_SHIFT) == 0)
178 		panic("channel is not on the prilist");
179 	TAILQ_REMOVE(&sc->vmbus_prichans, chan, ch_prilink);
180 }
181 
182 static void
183 vmbus_chan_ins_sublist(struct vmbus_channel *prichan,
184     struct vmbus_channel *chan)
185 {
186 
187 	mtx_assert(&prichan->ch_subchan_lock, MA_OWNED);
188 
189 	if (atomic_testandset_int(&chan->ch_stflags,
190 	    VMBUS_CHAN_ST_ONSUBL_SHIFT))
191 		panic("channel is already on the sublist");
192 	TAILQ_INSERT_TAIL(&prichan->ch_subchans, chan, ch_sublink);
193 
194 	/* Bump sub-channel count. */
195 	prichan->ch_subchan_cnt++;
196 }
197 
198 static void
199 vmbus_chan_rem_sublist(struct vmbus_channel *prichan,
200     struct vmbus_channel *chan)
201 {
202 
203 	mtx_assert(&prichan->ch_subchan_lock, MA_OWNED);
204 
205 	KASSERT(prichan->ch_subchan_cnt > 0,
206 	    ("invalid subchan_cnt %d", prichan->ch_subchan_cnt));
207 	prichan->ch_subchan_cnt--;
208 
209 	if (atomic_testandclear_int(&chan->ch_stflags,
210 	    VMBUS_CHAN_ST_ONSUBL_SHIFT) == 0)
211 		panic("channel is not on the sublist");
212 	TAILQ_REMOVE(&prichan->ch_subchans, chan, ch_sublink);
213 }
214 
215 static void
216 vmbus_chan_ins_list(struct vmbus_softc *sc, struct vmbus_channel *chan)
217 {
218 
219 	mtx_assert(&sc->vmbus_chan_lock, MA_OWNED);
220 	if (atomic_testandset_int(&chan->ch_stflags,
221 	    VMBUS_CHAN_ST_ONLIST_SHIFT))
222 		panic("channel is already on the list");
223 	TAILQ_INSERT_TAIL(&sc->vmbus_chans, chan, ch_link);
224 }
225 
226 static void
227 vmbus_chan_rem_list(struct vmbus_softc *sc, struct vmbus_channel *chan)
228 {
229 
230 	mtx_assert(&sc->vmbus_chan_lock, MA_OWNED);
231 	if (atomic_testandclear_int(&chan->ch_stflags,
232 	    VMBUS_CHAN_ST_ONLIST_SHIFT) == 0)
233 		panic("channel is not on the list");
234 	TAILQ_REMOVE(&sc->vmbus_chans, chan, ch_link);
235 }
236 
237 static int
238 vmbus_chan_sysctl_mnf(SYSCTL_HANDLER_ARGS)
239 {
240 	struct vmbus_channel *chan = arg1;
241 	int mnf = 0;
242 
243 	if (chan->ch_txflags & VMBUS_CHAN_TXF_HASMNF)
244 		mnf = 1;
245 	return sysctl_handle_int(oidp, &mnf, 0, req);
246 }
247 
248 static void
249 vmbus_chan_sysctl_create(struct vmbus_channel *chan)
250 {
251 	struct sysctl_oid *ch_tree, *chid_tree, *br_tree;
252 	struct sysctl_ctx_list *ctx;
253 	uint32_t ch_id;
254 	char name[16];
255 
256 	/*
257 	 * Add sysctl nodes related to this channel to this
258 	 * channel's sysctl ctx, so that they can be destroyed
259 	 * independently upon close of this channel, which can
260 	 * happen even if the device is not detached.
261 	 */
262 	ctx = &chan->ch_sysctl_ctx;
263 	sysctl_ctx_init(ctx);
264 
265 	/*
266 	 * Create dev.NAME.UNIT.channel tree.
267 	 */
268 	ch_tree = SYSCTL_ADD_NODE(ctx,
269 	    SYSCTL_CHILDREN(device_get_sysctl_tree(chan->ch_dev)),
270 	    OID_AUTO, "channel", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
271 	if (ch_tree == NULL)
272 		return;
273 
274 	/*
275 	 * Create dev.NAME.UNIT.channel.CHANID tree.
276 	 */
277 	if (VMBUS_CHAN_ISPRIMARY(chan))
278 		ch_id = chan->ch_id;
279 	else
280 		ch_id = chan->ch_prichan->ch_id;
281 	snprintf(name, sizeof(name), "%d", ch_id);
282 	chid_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(ch_tree),
283 	    OID_AUTO, name, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
284 	if (chid_tree == NULL)
285 		return;
286 
287 	if (!VMBUS_CHAN_ISPRIMARY(chan)) {
288 		/*
289 		 * Create dev.NAME.UNIT.channel.CHANID.sub tree.
290 		 */
291 		ch_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(chid_tree),
292 		    OID_AUTO, "sub", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
293 		if (ch_tree == NULL)
294 			return;
295 
296 		/*
297 		 * Create dev.NAME.UNIT.channel.CHANID.sub.SUBIDX tree.
298 		 *
299 		 * NOTE:
300 		 * chid_tree is changed to this new sysctl tree.
301 		 */
302 		snprintf(name, sizeof(name), "%d", chan->ch_subidx);
303 		chid_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(ch_tree),
304 		    OID_AUTO, name, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
305 		if (chid_tree == NULL)
306 			return;
307 
308 		SYSCTL_ADD_UINT(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
309 		    "chanid", CTLFLAG_RD, &chan->ch_id, 0, "channel id");
310 	}
311 
312 	SYSCTL_ADD_UINT(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
313 	    "cpu", CTLFLAG_RD, &chan->ch_cpuid, 0, "owner CPU id");
314 	SYSCTL_ADD_PROC(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
315 	    "mnf", CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
316 	    chan, 0, vmbus_chan_sysctl_mnf, "I",
317 	    "has monitor notification facilities");
318 
319 	br_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
320 	    "br", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
321 	if (br_tree != NULL) {
322 		/*
323 		 * Create sysctl tree for RX bufring.
324 		 */
325 		vmbus_br_sysctl_create(ctx, br_tree, &chan->ch_rxbr.rxbr, "rx");
326 		/*
327 		 * Create sysctl tree for TX bufring.
328 		 */
329 		vmbus_br_sysctl_create(ctx, br_tree, &chan->ch_txbr.txbr, "tx");
330 	}
331 }
332 
333 int
334 vmbus_chan_open(struct vmbus_channel *chan, int txbr_size, int rxbr_size,
335     const void *udata, int udlen, vmbus_chan_callback_t cb, void *cbarg)
336 {
337 	struct vmbus_chan_br cbr;
338 	int error;
339 
340 	/*
341 	 * Allocate the TX+RX bufrings.
342 	 */
343 	KASSERT(chan->ch_bufring == NULL, ("bufrings are allocated"));
344 	chan->ch_bufring_size = txbr_size + rxbr_size;
345 	chan->ch_bufring = contigmalloc(chan->ch_bufring_size, M_DEVBUF,
346 	    M_WAITOK | M_ZERO, 0ul, ~0ul, PAGE_SIZE, 0);
347 	if (chan->ch_bufring == NULL) {
348 		vmbus_chan_printf(chan, "bufring allocation failed\n");
349 		return (ENOMEM);
350 	}
351 
352 	cbr.cbr = chan->ch_bufring;
353 	cbr.cbr_paddr = pmap_kextract((vm_offset_t)chan->ch_bufring);
354 	cbr.cbr_txsz = txbr_size;
355 	cbr.cbr_rxsz = rxbr_size;
356 
357 	error = vmbus_chan_open_br(chan, &cbr, udata, udlen, cb, cbarg);
358 	if (error) {
359 		if (error == EISCONN) {
360 			/*
361 			 * XXX
362 			 * The bufring GPADL is still connected; abandon
363 			 * this bufring, instead of having mysterious
364 			 * crash or trashed data later on.
365 			 */
366 			vmbus_chan_printf(chan, "chan%u bufring GPADL "
367 			    "is still connected upon channel open error; "
368 			    "leak %d bytes memory\n", chan->ch_id,
369 			    txbr_size + rxbr_size);
370 		} else {
371 			contigfree(chan->ch_bufring, chan->ch_bufring_size,
372 			    M_DEVBUF);
373 		}
374 		chan->ch_bufring = NULL;
375 	}
376 	return (error);
377 }
378 
379 int
380 vmbus_chan_open_br(struct vmbus_channel *chan, const struct vmbus_chan_br *cbr,
381     const void *udata, int udlen, vmbus_chan_callback_t cb, void *cbarg)
382 {
383 	struct vmbus_softc *sc = chan->ch_vmbus;
384 	const struct vmbus_message *msg;
385 	struct vmbus_chanmsg_chopen *req;
386 	struct vmbus_msghc *mh;
387 	uint32_t status;
388 	int error, txbr_size, rxbr_size;
389 	task_fn_t *task_fn;
390 	uint8_t *br;
391 
392 	if (udlen > VMBUS_CHANMSG_CHOPEN_UDATA_SIZE) {
393 		vmbus_chan_printf(chan,
394 		    "invalid udata len %d for chan%u\n", udlen, chan->ch_id);
395 		return (EINVAL);
396 	}
397 
398 	br = cbr->cbr;
399 	txbr_size = cbr->cbr_txsz;
400 	rxbr_size = cbr->cbr_rxsz;
401 	KASSERT((txbr_size & PAGE_MASK) == 0,
402 	    ("send bufring size is not multiple page"));
403 	KASSERT((rxbr_size & PAGE_MASK) == 0,
404 	    ("recv bufring size is not multiple page"));
405 	KASSERT((cbr->cbr_paddr & PAGE_MASK) == 0,
406 	    ("bufring is not page aligned"));
407 
408 	/*
409 	 * Zero out the TX/RX bufrings, in case that they were used before.
410 	 */
411 	memset(br, 0, txbr_size + rxbr_size);
412 
413 	if (atomic_testandset_int(&chan->ch_stflags,
414 	    VMBUS_CHAN_ST_OPENED_SHIFT))
415 		panic("double-open chan%u", chan->ch_id);
416 
417 	chan->ch_cb = cb;
418 	chan->ch_cbarg = cbarg;
419 
420 	vmbus_chan_update_evtflagcnt(sc, chan);
421 
422 	chan->ch_tq = VMBUS_PCPU_GET(chan->ch_vmbus, event_tq, chan->ch_cpuid);
423 	if (chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD)
424 		task_fn = vmbus_chan_task;
425 	else
426 		task_fn = vmbus_chan_task_nobatch;
427 	TASK_INIT(&chan->ch_task, 0, task_fn, chan);
428 
429 	/* TX bufring comes first */
430 	vmbus_txbr_setup(&chan->ch_txbr, br, txbr_size);
431 	/* RX bufring immediately follows TX bufring */
432 	vmbus_rxbr_setup(&chan->ch_rxbr, br + txbr_size, rxbr_size);
433 
434 	/* Create sysctl tree for this channel */
435 	vmbus_chan_sysctl_create(chan);
436 
437 	/*
438 	 * Connect the bufrings, both RX and TX, to this channel.
439 	 */
440 	error = vmbus_chan_gpadl_connect(chan, cbr->cbr_paddr,
441 	    txbr_size + rxbr_size, &chan->ch_bufring_gpadl);
442 	if (error) {
443 		vmbus_chan_printf(chan,
444 		    "failed to connect bufring GPADL to chan%u\n", chan->ch_id);
445 		goto failed;
446 	}
447 
448 	/*
449 	 * Install this channel, before it is opened, but after everything
450 	 * else has been setup.
451 	 */
452 	vmbus_chan_set_chmap(chan);
453 
454 	/*
455 	 * Open channel w/ the bufring GPADL on the target CPU.
456 	 */
457 	mh = vmbus_msghc_get(sc, sizeof(*req));
458 	if (mh == NULL) {
459 		vmbus_chan_printf(chan,
460 		    "can not get msg hypercall for chopen(chan%u)\n",
461 		    chan->ch_id);
462 		error = ENXIO;
463 		goto failed;
464 	}
465 
466 	req = vmbus_msghc_dataptr(mh);
467 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_CHOPEN;
468 	req->chm_chanid = chan->ch_id;
469 	req->chm_openid = chan->ch_id;
470 	req->chm_gpadl = chan->ch_bufring_gpadl;
471 	req->chm_vcpuid = chan->ch_vcpuid;
472 	req->chm_txbr_pgcnt = txbr_size >> PAGE_SHIFT;
473 	if (udlen > 0)
474 		memcpy(req->chm_udata, udata, udlen);
475 
476 	error = vmbus_msghc_exec(sc, mh);
477 	if (error) {
478 		vmbus_chan_printf(chan,
479 		    "chopen(chan%u) msg hypercall exec failed: %d\n",
480 		    chan->ch_id, error);
481 		vmbus_msghc_put(sc, mh);
482 		goto failed;
483 	}
484 
485 	for (;;) {
486 		msg = vmbus_msghc_poll_result(sc, mh);
487 		if (msg != NULL)
488 			break;
489 		if (vmbus_chan_is_revoked(chan)) {
490 			int i;
491 
492 			/*
493 			 * NOTE:
494 			 * Hypervisor does _not_ send response CHOPEN to
495 			 * a revoked channel.
496 			 */
497 			vmbus_chan_printf(chan,
498 			    "chan%u is revoked, when it is being opened\n",
499 			    chan->ch_id);
500 
501 			/*
502 			 * XXX
503 			 * Add extra delay before cancel the hypercall
504 			 * execution; mainly to close any possible
505 			 * CHRESCIND and CHOPEN_RESP races on the
506 			 * hypervisor side.
507 			 */
508 #define REVOKE_LINGER	100
509 			for (i = 0; i < REVOKE_LINGER; ++i) {
510 				msg = vmbus_msghc_poll_result(sc, mh);
511 				if (msg != NULL)
512 					break;
513 				pause("rchopen", 1);
514 			}
515 #undef REVOKE_LINGER
516 			if (msg == NULL)
517 				vmbus_msghc_exec_cancel(sc, mh);
518 			break;
519 		}
520 		pause("chopen", 1);
521 	}
522 	if (msg != NULL) {
523 		status = ((const struct vmbus_chanmsg_chopen_resp *)
524 		    msg->msg_data)->chm_status;
525 	} else {
526 		/* XXX any non-0 value is ok here. */
527 		status = 0xff;
528 	}
529 
530 	vmbus_msghc_put(sc, mh);
531 
532 	if (status == 0) {
533 		if (bootverbose)
534 			vmbus_chan_printf(chan, "chan%u opened\n", chan->ch_id);
535 		return (0);
536 	}
537 
538 	vmbus_chan_printf(chan, "failed to open chan%u\n", chan->ch_id);
539 	error = ENXIO;
540 
541 failed:
542 	sysctl_ctx_free(&chan->ch_sysctl_ctx);
543 	vmbus_chan_clear_chmap(chan);
544 	if (chan->ch_bufring_gpadl != 0) {
545 		int error1;
546 
547 		error1 = vmbus_chan_gpadl_disconnect(chan,
548 		    chan->ch_bufring_gpadl);
549 		if (error1) {
550 			/*
551 			 * Give caller a hint that the bufring GPADL is still
552 			 * connected.
553 			 */
554 			error = EISCONN;
555 		}
556 		chan->ch_bufring_gpadl = 0;
557 	}
558 	atomic_clear_int(&chan->ch_stflags, VMBUS_CHAN_ST_OPENED);
559 	return (error);
560 }
561 
562 int
563 vmbus_chan_gpadl_connect(struct vmbus_channel *chan, bus_addr_t paddr,
564     int size, uint32_t *gpadl0)
565 {
566 	struct vmbus_softc *sc = chan->ch_vmbus;
567 	struct vmbus_msghc *mh;
568 	struct vmbus_chanmsg_gpadl_conn *req;
569 	const struct vmbus_message *msg;
570 	size_t reqsz;
571 	uint32_t gpadl, status;
572 	int page_count, range_len, i, cnt, error;
573 	uint64_t page_id;
574 
575 	KASSERT(*gpadl0 == 0, ("GPADL is not zero"));
576 
577 	/*
578 	 * Preliminary checks.
579 	 */
580 
581 	KASSERT((size & PAGE_MASK) == 0,
582 	    ("invalid GPA size %d, not multiple page size", size));
583 	page_count = size >> PAGE_SHIFT;
584 
585 	KASSERT((paddr & PAGE_MASK) == 0,
586 	    ("GPA is not page aligned %jx", (uintmax_t)paddr));
587 	page_id = paddr >> PAGE_SHIFT;
588 
589 	range_len = __offsetof(struct vmbus_gpa_range, gpa_page[page_count]);
590 	/*
591 	 * We don't support multiple GPA ranges.
592 	 */
593 	if (range_len > UINT16_MAX) {
594 		vmbus_chan_printf(chan, "GPA too large, %d pages\n",
595 		    page_count);
596 		return EOPNOTSUPP;
597 	}
598 
599 	/*
600 	 * Allocate GPADL id.
601 	 */
602 	gpadl = vmbus_gpadl_alloc(sc);
603 
604 	/*
605 	 * Connect this GPADL to the target channel.
606 	 *
607 	 * NOTE:
608 	 * Since each message can only hold small set of page
609 	 * addresses, several messages may be required to
610 	 * complete the connection.
611 	 */
612 	if (page_count > VMBUS_CHANMSG_GPADL_CONN_PGMAX)
613 		cnt = VMBUS_CHANMSG_GPADL_CONN_PGMAX;
614 	else
615 		cnt = page_count;
616 	page_count -= cnt;
617 
618 	reqsz = __offsetof(struct vmbus_chanmsg_gpadl_conn,
619 	    chm_range.gpa_page[cnt]);
620 	mh = vmbus_msghc_get(sc, reqsz);
621 	if (mh == NULL) {
622 		vmbus_chan_printf(chan,
623 		    "can not get msg hypercall for gpadl_conn(chan%u)\n",
624 		    chan->ch_id);
625 		return EIO;
626 	}
627 
628 	req = vmbus_msghc_dataptr(mh);
629 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_GPADL_CONN;
630 	req->chm_chanid = chan->ch_id;
631 	req->chm_gpadl = gpadl;
632 	req->chm_range_len = range_len;
633 	req->chm_range_cnt = 1;
634 	req->chm_range.gpa_len = size;
635 	req->chm_range.gpa_ofs = 0;
636 	for (i = 0; i < cnt; ++i)
637 		req->chm_range.gpa_page[i] = page_id++;
638 
639 	error = vmbus_msghc_exec(sc, mh);
640 	if (error) {
641 		vmbus_chan_printf(chan,
642 		    "gpadl_conn(chan%u) msg hypercall exec failed: %d\n",
643 		    chan->ch_id, error);
644 		vmbus_msghc_put(sc, mh);
645 		return error;
646 	}
647 
648 	while (page_count > 0) {
649 		struct vmbus_chanmsg_gpadl_subconn *subreq;
650 
651 		if (page_count > VMBUS_CHANMSG_GPADL_SUBCONN_PGMAX)
652 			cnt = VMBUS_CHANMSG_GPADL_SUBCONN_PGMAX;
653 		else
654 			cnt = page_count;
655 		page_count -= cnt;
656 
657 		reqsz = __offsetof(struct vmbus_chanmsg_gpadl_subconn,
658 		    chm_gpa_page[cnt]);
659 		vmbus_msghc_reset(mh, reqsz);
660 
661 		subreq = vmbus_msghc_dataptr(mh);
662 		subreq->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_GPADL_SUBCONN;
663 		subreq->chm_gpadl = gpadl;
664 		for (i = 0; i < cnt; ++i)
665 			subreq->chm_gpa_page[i] = page_id++;
666 
667 		vmbus_msghc_exec_noresult(mh);
668 	}
669 	KASSERT(page_count == 0, ("invalid page count %d", page_count));
670 
671 	msg = vmbus_msghc_wait_result(sc, mh);
672 	status = ((const struct vmbus_chanmsg_gpadl_connresp *)
673 	    msg->msg_data)->chm_status;
674 
675 	vmbus_msghc_put(sc, mh);
676 
677 	if (status != 0) {
678 		vmbus_chan_printf(chan, "gpadl_conn(chan%u) failed: %u\n",
679 		    chan->ch_id, status);
680 		return EIO;
681 	}
682 
683 	/* Done; commit the GPADL id. */
684 	*gpadl0 = gpadl;
685 	if (bootverbose) {
686 		vmbus_chan_printf(chan, "gpadl_conn(chan%u) succeeded\n",
687 		    chan->ch_id);
688 	}
689 	return 0;
690 }
691 
692 static bool
693 vmbus_chan_wait_revoke(const struct vmbus_channel *chan, bool can_sleep)
694 {
695 #define WAIT_COUNT	200	/* 200ms */
696 
697 	int i;
698 
699 	for (i = 0; i < WAIT_COUNT; ++i) {
700 		if (vmbus_chan_is_revoked(chan))
701 			return (true);
702 		if (can_sleep)
703 			pause("wchrev", 1);
704 		else
705 			DELAY(1000);
706 	}
707 	return (false);
708 
709 #undef WAIT_COUNT
710 }
711 
712 /*
713  * Disconnect the GPA from the target channel
714  */
715 int
716 vmbus_chan_gpadl_disconnect(struct vmbus_channel *chan, uint32_t gpadl)
717 {
718 	struct vmbus_softc *sc = chan->ch_vmbus;
719 	struct vmbus_msghc *mh;
720 	struct vmbus_chanmsg_gpadl_disconn *req;
721 	int error;
722 
723 	KASSERT(gpadl != 0, ("GPADL is zero"));
724 
725 	mh = vmbus_msghc_get(sc, sizeof(*req));
726 	if (mh == NULL) {
727 		vmbus_chan_printf(chan,
728 		    "can not get msg hypercall for gpadl_disconn(chan%u)\n",
729 		    chan->ch_id);
730 		return (EBUSY);
731 	}
732 
733 	req = vmbus_msghc_dataptr(mh);
734 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_GPADL_DISCONN;
735 	req->chm_chanid = chan->ch_id;
736 	req->chm_gpadl = gpadl;
737 
738 	error = vmbus_msghc_exec(sc, mh);
739 	if (error) {
740 		vmbus_msghc_put(sc, mh);
741 
742 		if (vmbus_chan_wait_revoke(chan, true)) {
743 			/*
744 			 * Error is benign; this channel is revoked,
745 			 * so this GPADL will not be touched anymore.
746 			 */
747 			vmbus_chan_printf(chan,
748 			    "gpadl_disconn(revoked chan%u) msg hypercall "
749 			    "exec failed: %d\n", chan->ch_id, error);
750 			return (0);
751 		}
752 		vmbus_chan_printf(chan,
753 		    "gpadl_disconn(chan%u) msg hypercall exec failed: %d\n",
754 		    chan->ch_id, error);
755 		return (error);
756 	}
757 
758 	vmbus_msghc_wait_result(sc, mh);
759 	/* Discard result; no useful information */
760 	vmbus_msghc_put(sc, mh);
761 
762 	return (0);
763 }
764 
765 static void
766 vmbus_chan_detach(struct vmbus_channel *chan)
767 {
768 	int refs;
769 
770 	KASSERT(chan->ch_refs > 0, ("chan%u: invalid refcnt %d",
771 	    chan->ch_id, chan->ch_refs));
772 	refs = atomic_fetchadd_int(&chan->ch_refs, -1);
773 #ifdef INVARIANTS
774 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
775 		KASSERT(refs == 1, ("chan%u: invalid refcnt %d for prichan",
776 		    chan->ch_id, refs + 1));
777 	}
778 #endif
779 	if (refs == 1) {
780 		/*
781 		 * Detach the target channel.
782 		 */
783 		if (bootverbose) {
784 			vmbus_chan_printf(chan, "chan%u detached\n",
785 			    chan->ch_id);
786 		}
787 		taskqueue_enqueue(chan->ch_mgmt_tq, &chan->ch_detach_task);
788 	}
789 }
790 
791 static void
792 vmbus_chan_clrchmap_task(void *xchan, int pending __unused)
793 {
794 	struct vmbus_channel *chan = xchan;
795 
796 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = NULL;
797 }
798 
799 static void
800 vmbus_chan_clear_chmap(struct vmbus_channel *chan)
801 {
802 	struct task chmap_task;
803 
804 	TASK_INIT(&chmap_task, 0, vmbus_chan_clrchmap_task, chan);
805 	vmbus_chan_run_task(chan, &chmap_task);
806 }
807 
808 static void
809 vmbus_chan_set_chmap(struct vmbus_channel *chan)
810 {
811 	__compiler_membar();
812 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = chan;
813 }
814 
815 static void
816 vmbus_chan_poll_cancel_task(void *xchan, int pending __unused)
817 {
818 
819 	vmbus_chan_poll_cancel_intq(xchan);
820 }
821 
822 static void
823 vmbus_chan_poll_cancel(struct vmbus_channel *chan)
824 {
825 	struct task poll_cancel;
826 
827 	TASK_INIT(&poll_cancel, 0, vmbus_chan_poll_cancel_task, chan);
828 	vmbus_chan_run_task(chan, &poll_cancel);
829 }
830 
831 static int
832 vmbus_chan_close_internal(struct vmbus_channel *chan)
833 {
834 	struct vmbus_softc *sc = chan->ch_vmbus;
835 	struct vmbus_msghc *mh;
836 	struct vmbus_chanmsg_chclose *req;
837 	uint32_t old_stflags;
838 	int error;
839 
840 	/*
841 	 * NOTE:
842 	 * Sub-channels are closed upon their primary channel closing,
843 	 * so they can be closed even before they are opened.
844 	 */
845 	for (;;) {
846 		old_stflags = chan->ch_stflags;
847 		if (atomic_cmpset_int(&chan->ch_stflags, old_stflags,
848 		    old_stflags & ~VMBUS_CHAN_ST_OPENED))
849 			break;
850 	}
851 	if ((old_stflags & VMBUS_CHAN_ST_OPENED) == 0) {
852 		/* Not opened yet; done */
853 		if (bootverbose) {
854 			vmbus_chan_printf(chan, "chan%u not opened\n",
855 			    chan->ch_id);
856 		}
857 		return (0);
858 	}
859 
860 	/*
861 	 * Free this channel's sysctl tree attached to its device's
862 	 * sysctl tree.
863 	 */
864 	sysctl_ctx_free(&chan->ch_sysctl_ctx);
865 
866 	/*
867 	 * Cancel polling, if it is enabled.
868 	 */
869 	vmbus_chan_poll_cancel(chan);
870 
871 	/*
872 	 * NOTE:
873 	 * Order is critical.  This channel _must_ be uninstalled first,
874 	 * else the channel task may be enqueued by the IDT after it has
875 	 * been drained.
876 	 */
877 	vmbus_chan_clear_chmap(chan);
878 	taskqueue_drain(chan->ch_tq, &chan->ch_task);
879 	chan->ch_tq = NULL;
880 
881 	/*
882 	 * Close this channel.
883 	 */
884 	mh = vmbus_msghc_get(sc, sizeof(*req));
885 	if (mh == NULL) {
886 		vmbus_chan_printf(chan,
887 		    "can not get msg hypercall for chclose(chan%u)\n",
888 		    chan->ch_id);
889 		error = ENXIO;
890 		goto disconnect;
891 	}
892 
893 	req = vmbus_msghc_dataptr(mh);
894 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_CHCLOSE;
895 	req->chm_chanid = chan->ch_id;
896 
897 	error = vmbus_msghc_exec_noresult(mh);
898 	vmbus_msghc_put(sc, mh);
899 
900 	if (error) {
901 		vmbus_chan_printf(chan,
902 		    "chclose(chan%u) msg hypercall exec failed: %d\n",
903 		    chan->ch_id, error);
904 		goto disconnect;
905 	}
906 
907 	if (bootverbose)
908 		vmbus_chan_printf(chan, "chan%u closed\n", chan->ch_id);
909 
910 disconnect:
911 	/*
912 	 * Disconnect the TX+RX bufrings from this channel.
913 	 */
914 	if (chan->ch_bufring_gpadl != 0) {
915 		int error1;
916 
917 		error1 = vmbus_chan_gpadl_disconnect(chan,
918 		    chan->ch_bufring_gpadl);
919 		if (error1) {
920 			/*
921 			 * XXX
922 			 * The bufring GPADL is still connected; abandon
923 			 * this bufring, instead of having mysterious
924 			 * crash or trashed data later on.
925 			 */
926 			vmbus_chan_printf(chan, "chan%u bufring GPADL "
927 			    "is still connected after close\n", chan->ch_id);
928 			chan->ch_bufring = NULL;
929 			/*
930 			 * Give caller a hint that the bufring GPADL is
931 			 * still connected.
932 			 */
933 			error = EISCONN;
934 		}
935 		chan->ch_bufring_gpadl = 0;
936 	}
937 
938 	/*
939 	 * Destroy the TX+RX bufrings.
940 	 */
941 	if (chan->ch_bufring != NULL) {
942 		contigfree(chan->ch_bufring, chan->ch_bufring_size, M_DEVBUF);
943 		chan->ch_bufring = NULL;
944 	}
945 	return (error);
946 }
947 
948 int
949 vmbus_chan_close_direct(struct vmbus_channel *chan)
950 {
951 	int error;
952 
953 #ifdef INVARIANTS
954 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
955 		struct vmbus_channel *subchan;
956 
957 		/*
958 		 * All sub-channels _must_ have been closed, or are _not_
959 		 * opened at all.
960 		 */
961 		mtx_lock(&chan->ch_subchan_lock);
962 		TAILQ_FOREACH(subchan, &chan->ch_subchans, ch_sublink) {
963 			KASSERT(
964 			   (subchan->ch_stflags & VMBUS_CHAN_ST_OPENED) == 0,
965 			   ("chan%u: subchan%u is still opened",
966 			    chan->ch_id, subchan->ch_subidx));
967 		}
968 		mtx_unlock(&chan->ch_subchan_lock);
969 	}
970 #endif
971 
972 	error = vmbus_chan_close_internal(chan);
973 	if (!VMBUS_CHAN_ISPRIMARY(chan)) {
974 		/*
975 		 * This sub-channel is referenced, when it is linked to
976 		 * the primary channel; drop that reference now.
977 		 */
978 		vmbus_chan_detach(chan);
979 	}
980 	return (error);
981 }
982 
983 /*
984  * Caller should make sure that all sub-channels have
985  * been added to 'chan' and all to-be-closed channels
986  * are not being opened.
987  */
988 void
989 vmbus_chan_close(struct vmbus_channel *chan)
990 {
991 	int subchan_cnt;
992 
993 	if (!VMBUS_CHAN_ISPRIMARY(chan)) {
994 		/*
995 		 * Sub-channel is closed when its primary channel
996 		 * is closed; done.
997 		 */
998 		return;
999 	}
1000 
1001 	/*
1002 	 * Close all sub-channels, if any.
1003 	 */
1004 	subchan_cnt = chan->ch_subchan_cnt;
1005 	if (subchan_cnt > 0) {
1006 		struct vmbus_channel **subchan;
1007 		int i;
1008 
1009 		subchan = vmbus_subchan_get(chan, subchan_cnt);
1010 		for (i = 0; i < subchan_cnt; ++i) {
1011 			vmbus_chan_close_internal(subchan[i]);
1012 			/*
1013 			 * This sub-channel is referenced, when it is
1014 			 * linked to the primary channel; drop that
1015 			 * reference now.
1016 			 */
1017 			vmbus_chan_detach(subchan[i]);
1018 		}
1019 		vmbus_subchan_rel(subchan, subchan_cnt);
1020 	}
1021 
1022 	/* Then close the primary channel. */
1023 	vmbus_chan_close_internal(chan);
1024 }
1025 
1026 void
1027 vmbus_chan_intr_drain(struct vmbus_channel *chan)
1028 {
1029 
1030 	taskqueue_drain(chan->ch_tq, &chan->ch_task);
1031 }
1032 
1033 uint32_t
1034 vmbus_chan_write_available(struct vmbus_channel *chan)
1035 {
1036 	return (vmbus_txbr_available(&chan->ch_txbr));
1037 }
1038 
1039 bool
1040 vmbus_chan_write_signal(struct vmbus_channel *chan,
1041     int32_t min_signal_size)
1042 {
1043 	if (min_signal_size >= 0 &&
1044 	    vmbus_chan_write_available(chan) > min_signal_size) {
1045 		return false;
1046 	}
1047 
1048 	if (!vmbus_txbr_get_imask(&chan->ch_txbr)) {
1049 		/* txbr imask is not set, signal the reader */
1050 		vmbus_chan_signal_tx(chan);
1051 		return true;
1052 	}
1053 
1054 	return false;
1055 }
1056 
1057 void
1058 vmbus_chan_set_pending_send_size(struct vmbus_channel *chan,
1059     uint32_t size)
1060 {
1061 	if (chan)
1062 		vmbus_txbr_set_pending_snd_sz(&chan->ch_txbr, size);
1063 }
1064 
1065 int
1066 vmbus_chan_iov_send(struct vmbus_channel *chan,
1067     const struct iovec iov[], int iovlen,
1068     vmbus_br_copy_callback_t cb, void *cbarg)
1069 {
1070 	int error;
1071 	boolean_t send_evt;
1072 
1073 	if (iovlen == 0)
1074 		return (0);
1075 
1076 	error = vmbus_txbr_write_call(&chan->ch_txbr, iov, iovlen,
1077 	    cb, cbarg, &send_evt);
1078 
1079 	if (!error && send_evt) {
1080 		vmbus_chan_signal_tx(chan);
1081 	}
1082 
1083 	return error;
1084 }
1085 
1086 int
1087 vmbus_chan_send(struct vmbus_channel *chan, uint16_t type, uint16_t flags,
1088     void *data, int dlen, uint64_t xactid)
1089 {
1090 	struct vmbus_chanpkt pkt;
1091 	int pktlen, pad_pktlen, hlen, error;
1092 	uint64_t pad = 0;
1093 	struct iovec iov[3];
1094 	boolean_t send_evt;
1095 
1096 	hlen = sizeof(pkt);
1097 	pktlen = hlen + dlen;
1098 	pad_pktlen = VMBUS_CHANPKT_TOTLEN(pktlen);
1099 	KASSERT(pad_pktlen <= vmbus_txbr_maxpktsz(&chan->ch_txbr),
1100 	    ("invalid packet size %d", pad_pktlen));
1101 
1102 	pkt.cp_hdr.cph_type = type;
1103 	pkt.cp_hdr.cph_flags = flags;
1104 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_hlen, hlen);
1105 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_tlen, pad_pktlen);
1106 	pkt.cp_hdr.cph_xactid = xactid;
1107 
1108 	iov[0].iov_base = &pkt;
1109 	iov[0].iov_len = hlen;
1110 	iov[1].iov_base = data;
1111 	iov[1].iov_len = dlen;
1112 	iov[2].iov_base = &pad;
1113 	iov[2].iov_len = pad_pktlen - pktlen;
1114 
1115 	error = vmbus_txbr_write(&chan->ch_txbr, iov, 3, &send_evt);
1116 	if (!error && send_evt)
1117 		vmbus_chan_signal_tx(chan);
1118 	return error;
1119 }
1120 
1121 int
1122 vmbus_chan_send_sglist(struct vmbus_channel *chan,
1123     struct vmbus_gpa sg[], int sglen, void *data, int dlen, uint64_t xactid)
1124 {
1125 	struct vmbus_chanpkt_sglist pkt;
1126 	int pktlen, pad_pktlen, hlen, error;
1127 	struct iovec iov[4];
1128 	boolean_t send_evt;
1129 	uint64_t pad = 0;
1130 
1131 	hlen = __offsetof(struct vmbus_chanpkt_sglist, cp_gpa[sglen]);
1132 	pktlen = hlen + dlen;
1133 	pad_pktlen = VMBUS_CHANPKT_TOTLEN(pktlen);
1134 	KASSERT(pad_pktlen <= vmbus_txbr_maxpktsz(&chan->ch_txbr),
1135 	    ("invalid packet size %d", pad_pktlen));
1136 
1137 	pkt.cp_hdr.cph_type = VMBUS_CHANPKT_TYPE_GPA;
1138 	pkt.cp_hdr.cph_flags = VMBUS_CHANPKT_FLAG_RC;
1139 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_hlen, hlen);
1140 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_tlen, pad_pktlen);
1141 	pkt.cp_hdr.cph_xactid = xactid;
1142 	pkt.cp_rsvd = 0;
1143 	pkt.cp_gpa_cnt = sglen;
1144 
1145 	iov[0].iov_base = &pkt;
1146 	iov[0].iov_len = sizeof(pkt);
1147 	iov[1].iov_base = sg;
1148 	iov[1].iov_len = sizeof(struct vmbus_gpa) * sglen;
1149 	iov[2].iov_base = data;
1150 	iov[2].iov_len = dlen;
1151 	iov[3].iov_base = &pad;
1152 	iov[3].iov_len = pad_pktlen - pktlen;
1153 
1154 	error = vmbus_txbr_write(&chan->ch_txbr, iov, 4, &send_evt);
1155 	if (!error && send_evt)
1156 		vmbus_chan_signal_tx(chan);
1157 	return error;
1158 }
1159 
1160 int
1161 vmbus_chan_send_prplist(struct vmbus_channel *chan,
1162     struct vmbus_gpa_range *prp, int prp_cnt, void *data, int dlen,
1163     uint64_t xactid)
1164 {
1165 	struct vmbus_chanpkt_prplist pkt;
1166 	int pktlen, pad_pktlen, hlen, error;
1167 	struct iovec iov[4];
1168 	boolean_t send_evt;
1169 	uint64_t pad = 0;
1170 
1171 	hlen = __offsetof(struct vmbus_chanpkt_prplist,
1172 	    cp_range[0].gpa_page[prp_cnt]);
1173 	pktlen = hlen + dlen;
1174 	pad_pktlen = VMBUS_CHANPKT_TOTLEN(pktlen);
1175 	KASSERT(pad_pktlen <= vmbus_txbr_maxpktsz(&chan->ch_txbr),
1176 	    ("invalid packet size %d", pad_pktlen));
1177 
1178 	pkt.cp_hdr.cph_type = VMBUS_CHANPKT_TYPE_GPA;
1179 	pkt.cp_hdr.cph_flags = VMBUS_CHANPKT_FLAG_RC;
1180 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_hlen, hlen);
1181 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_tlen, pad_pktlen);
1182 	pkt.cp_hdr.cph_xactid = xactid;
1183 	pkt.cp_rsvd = 0;
1184 	pkt.cp_range_cnt = 1;
1185 
1186 	iov[0].iov_base = &pkt;
1187 	iov[0].iov_len = sizeof(pkt);
1188 	iov[1].iov_base = prp;
1189 	iov[1].iov_len = __offsetof(struct vmbus_gpa_range, gpa_page[prp_cnt]);
1190 	iov[2].iov_base = data;
1191 	iov[2].iov_len = dlen;
1192 	iov[3].iov_base = &pad;
1193 	iov[3].iov_len = pad_pktlen - pktlen;
1194 
1195 	error = vmbus_txbr_write(&chan->ch_txbr, iov, 4, &send_evt);
1196 	if (!error && send_evt)
1197 		vmbus_chan_signal_tx(chan);
1198 	return error;
1199 }
1200 
1201 int
1202 vmbus_chan_recv(struct vmbus_channel *chan, void *data, int *dlen0,
1203     uint64_t *xactid)
1204 {
1205 	struct vmbus_chanpkt_hdr pkt;
1206 	int error, dlen, hlen;
1207 	boolean_t sig_event;
1208 
1209 	error = vmbus_rxbr_peek(&chan->ch_rxbr, &pkt, sizeof(pkt));
1210 	if (error)
1211 		return (error);
1212 
1213 	if (__predict_false(pkt.cph_hlen < VMBUS_CHANPKT_HLEN_MIN)) {
1214 		vmbus_chan_printf(chan, "invalid hlen %u\n", pkt.cph_hlen);
1215 		/* XXX this channel is dead actually. */
1216 		return (EIO);
1217 	}
1218 	if (__predict_false(pkt.cph_hlen > pkt.cph_tlen)) {
1219 		vmbus_chan_printf(chan, "invalid hlen %u and tlen %u\n",
1220 		    pkt.cph_hlen, pkt.cph_tlen);
1221 		/* XXX this channel is dead actually. */
1222 		return (EIO);
1223 	}
1224 
1225 	hlen = VMBUS_CHANPKT_GETLEN(pkt.cph_hlen);
1226 	dlen = VMBUS_CHANPKT_GETLEN(pkt.cph_tlen) - hlen;
1227 
1228 	if (*dlen0 < dlen) {
1229 		/* Return the size of this packet's data. */
1230 		*dlen0 = dlen;
1231 		return (ENOBUFS);
1232 	}
1233 
1234 	*xactid = pkt.cph_xactid;
1235 	*dlen0 = dlen;
1236 
1237 	/* Skip packet header */
1238 	error = vmbus_rxbr_read(&chan->ch_rxbr, data, dlen, hlen, &sig_event);
1239 	KASSERT(!error, ("vmbus_rxbr_read failed"));
1240 
1241 	if (!error && sig_event)
1242 		vmbus_chan_signal_rx(chan);
1243 
1244 	return (0);
1245 }
1246 
1247 int
1248 vmbus_chan_recv_pkt(struct vmbus_channel *chan,
1249     struct vmbus_chanpkt_hdr *pkt, int *pktlen0)
1250 {
1251 	int error, pktlen, pkt_hlen;
1252 	boolean_t sig_event;
1253 
1254 	pkt_hlen = sizeof(*pkt);
1255 	error = vmbus_rxbr_peek(&chan->ch_rxbr, pkt, pkt_hlen);
1256 	if (error)
1257 		return (error);
1258 
1259 	if (__predict_false(pkt->cph_hlen < VMBUS_CHANPKT_HLEN_MIN)) {
1260 		vmbus_chan_printf(chan, "invalid hlen %u\n", pkt->cph_hlen);
1261 		/* XXX this channel is dead actually. */
1262 		return (EIO);
1263 	}
1264 	if (__predict_false(pkt->cph_hlen > pkt->cph_tlen)) {
1265 		vmbus_chan_printf(chan, "invalid hlen %u and tlen %u\n",
1266 		    pkt->cph_hlen, pkt->cph_tlen);
1267 		/* XXX this channel is dead actually. */
1268 		return (EIO);
1269 	}
1270 
1271 	pktlen = VMBUS_CHANPKT_GETLEN(pkt->cph_tlen);
1272 	if (*pktlen0 < pktlen) {
1273 		/* Return the size of this packet. */
1274 		*pktlen0 = pktlen;
1275 		return (ENOBUFS);
1276 	}
1277 	*pktlen0 = pktlen;
1278 
1279 	/*
1280 	 * Skip the fixed-size packet header, which has been filled
1281 	 * by the above vmbus_rxbr_peek().
1282 	 */
1283 	error = vmbus_rxbr_read(&chan->ch_rxbr, pkt + 1,
1284 	    pktlen - pkt_hlen, pkt_hlen, &sig_event);
1285 	KASSERT(!error, ("vmbus_rxbr_read failed"));
1286 
1287 	if (!error && sig_event)
1288 		vmbus_chan_signal_rx(chan);
1289 
1290 	return (0);
1291 }
1292 
1293 uint32_t
1294 vmbus_chan_read_available(struct vmbus_channel *chan)
1295 {
1296 	return (vmbus_rxbr_available(&chan->ch_rxbr));
1297 }
1298 
1299 /*
1300  * This routine does:
1301  *     - Advance the channel read index for 'advance' bytes
1302  *     - Copy data_len bytes in to the buffer pointed by 'data'
1303  * Return 0 if operation succeed. EAGAIN if operations if failed.
1304  * If failed, the buffer pointed by 'data' is intact, and the
1305  * channel read index is not advanced at all.
1306  */
1307 int
1308 vmbus_chan_recv_peek(struct vmbus_channel *chan,
1309     void *data, int data_len, uint32_t advance)
1310 {
1311 	int error;
1312 	boolean_t sig_event;
1313 
1314 	if (data == NULL || data_len <= 0)
1315 		return (EINVAL);
1316 
1317 	error = vmbus_rxbr_idxadv_peek(&chan->ch_rxbr,
1318 	    data, data_len, advance, &sig_event);
1319 
1320 	if (!error && sig_event) {
1321 		vmbus_chan_signal_rx(chan);
1322 	}
1323 
1324 	return (error);
1325 }
1326 
1327 /*
1328  * This routine does:
1329  *     - Advance the channel read index for 'advance' bytes
1330  */
1331 int
1332 vmbus_chan_recv_idxadv(struct vmbus_channel *chan, uint32_t advance)
1333 {
1334 	int error;
1335 	boolean_t sig_event;
1336 
1337 	if (advance == 0)
1338 		return (EINVAL);
1339 
1340 	error = vmbus_rxbr_idxadv(&chan->ch_rxbr, advance, &sig_event);
1341 
1342 	if (!error && sig_event) {
1343 		vmbus_chan_signal_rx(chan);
1344 	}
1345 
1346 	return (error);
1347 }
1348 
1349 
1350 /*
1351  * Caller should hold its own lock to serialize the ring buffer
1352  * copy.
1353  */
1354 int
1355 vmbus_chan_recv_peek_call(struct vmbus_channel *chan, int data_len,
1356     uint32_t skip, vmbus_br_copy_callback_t cb, void *cbarg)
1357 {
1358 	if (!chan || data_len <= 0 || cb == NULL)
1359 		return (EINVAL);
1360 
1361 	return (vmbus_rxbr_peek_call(&chan->ch_rxbr, data_len, skip,
1362 	    cb, cbarg));
1363 }
1364 
1365 static void
1366 vmbus_chan_task(void *xchan, int pending __unused)
1367 {
1368 	struct vmbus_channel *chan = xchan;
1369 	vmbus_chan_callback_t cb = chan->ch_cb;
1370 	void *cbarg = chan->ch_cbarg;
1371 
1372 	KASSERT(chan->ch_poll_intvl == 0,
1373 	    ("chan%u: interrupted in polling mode", chan->ch_id));
1374 
1375 	/*
1376 	 * Optimize host to guest signaling by ensuring:
1377 	 * 1. While reading the channel, we disable interrupts from
1378 	 *    host.
1379 	 * 2. Ensure that we process all posted messages from the host
1380 	 *    before returning from this callback.
1381 	 * 3. Once we return, enable signaling from the host. Once this
1382 	 *    state is set we check to see if additional packets are
1383 	 *    available to read. In this case we repeat the process.
1384 	 *
1385 	 * NOTE: Interrupt has been disabled in the ISR.
1386 	 */
1387 	for (;;) {
1388 		uint32_t left;
1389 
1390 		cb(chan, cbarg);
1391 
1392 		left = vmbus_rxbr_intr_unmask(&chan->ch_rxbr);
1393 		if (left == 0) {
1394 			/* No more data in RX bufring; done */
1395 			break;
1396 		}
1397 		vmbus_rxbr_intr_mask(&chan->ch_rxbr);
1398 	}
1399 }
1400 
1401 static void
1402 vmbus_chan_task_nobatch(void *xchan, int pending __unused)
1403 {
1404 	struct vmbus_channel *chan = xchan;
1405 
1406 	KASSERT(chan->ch_poll_intvl == 0,
1407 	    ("chan%u: interrupted in polling mode", chan->ch_id));
1408 	chan->ch_cb(chan, chan->ch_cbarg);
1409 }
1410 
1411 static void
1412 vmbus_chan_poll_timeout(void *xchan)
1413 {
1414 	struct vmbus_channel *chan = xchan;
1415 
1416 	KASSERT(chan->ch_poll_intvl != 0,
1417 	    ("chan%u: polling timeout in interrupt mode", chan->ch_id));
1418 	taskqueue_enqueue(chan->ch_tq, &chan->ch_poll_task);
1419 }
1420 
1421 static void
1422 vmbus_chan_poll_task(void *xchan, int pending __unused)
1423 {
1424 	struct vmbus_channel *chan = xchan;
1425 
1426 	KASSERT(chan->ch_poll_intvl != 0,
1427 	    ("chan%u: polling in interrupt mode", chan->ch_id));
1428 	callout_reset_sbt_curcpu(&chan->ch_poll_timeo, chan->ch_poll_intvl, 0,
1429 	    vmbus_chan_poll_timeout, chan, chan->ch_poll_flags);
1430 	chan->ch_cb(chan, chan->ch_cbarg);
1431 }
1432 
1433 static void
1434 vmbus_chan_pollcfg_task(void *xarg, int pending __unused)
1435 {
1436 	const struct vmbus_chan_pollarg *arg = xarg;
1437 	struct vmbus_channel *chan = arg->poll_chan;
1438 	sbintime_t intvl;
1439 	int poll_flags;
1440 
1441 	/*
1442 	 * Save polling interval.
1443 	 */
1444 	intvl = SBT_1S / arg->poll_hz;
1445 	if (intvl == 0)
1446 		intvl = 1;
1447 	if (intvl == chan->ch_poll_intvl) {
1448 		/* Nothing changes; done */
1449 		return;
1450 	}
1451 	chan->ch_poll_intvl = intvl;
1452 
1453 	/* Adjust callout flags. */
1454 	poll_flags = C_DIRECT_EXEC;
1455 	if (arg->poll_hz <= hz)
1456 		poll_flags |= C_HARDCLOCK;
1457 	chan->ch_poll_flags = poll_flags;
1458 
1459 	/*
1460 	 * Disconnect this channel from the channel map to make sure that
1461 	 * the RX bufring interrupt enabling bit can not be touched, and
1462 	 * ISR can not enqueue this channel task anymore.  THEN, disable
1463 	 * interrupt from the RX bufring (TX bufring does not generate
1464 	 * interrupt to VM).
1465 	 *
1466 	 * NOTE: order is critical.
1467 	 */
1468 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = NULL;
1469 	__compiler_membar();
1470 	vmbus_rxbr_intr_mask(&chan->ch_rxbr);
1471 
1472 	/*
1473 	 * NOTE:
1474 	 * At this point, this channel task will not be enqueued by
1475 	 * the ISR anymore, time to cancel the pending one.
1476 	 */
1477 	taskqueue_cancel(chan->ch_tq, &chan->ch_task, NULL);
1478 
1479 	/* Kick start! */
1480 	taskqueue_enqueue(chan->ch_tq, &chan->ch_poll_task);
1481 }
1482 
1483 static bool
1484 vmbus_chan_poll_cancel_intq(struct vmbus_channel *chan)
1485 {
1486 
1487 	if (chan->ch_poll_intvl == 0) {
1488 		/* Not enabled. */
1489 		return (false);
1490 	}
1491 
1492 	/*
1493 	 * Stop polling callout, so that channel polling task
1494 	 * will not be enqueued anymore.
1495 	 */
1496 	callout_drain(&chan->ch_poll_timeo);
1497 
1498 	/*
1499 	 * Disable polling by resetting polling interval.
1500 	 *
1501 	 * NOTE:
1502 	 * The polling interval resetting MUST be conducted
1503 	 * after the callout is drained; mainly to keep the
1504 	 * proper assertion in place.
1505 	 */
1506 	chan->ch_poll_intvl = 0;
1507 
1508 	/*
1509 	 * NOTE:
1510 	 * At this point, this channel polling task will not be
1511 	 * enqueued by the callout anymore, time to cancel the
1512 	 * pending one.
1513 	 */
1514 	taskqueue_cancel(chan->ch_tq, &chan->ch_poll_task, NULL);
1515 
1516 	/* Polling was enabled. */
1517 	return (true);
1518 }
1519 
1520 static void
1521 vmbus_chan_polldis_task(void *xchan, int pending __unused)
1522 {
1523 	struct vmbus_channel *chan = xchan;
1524 
1525 	if (!vmbus_chan_poll_cancel_intq(chan)) {
1526 		/* Already disabled; done. */
1527 		return;
1528 	}
1529 
1530 	/*
1531 	 * Plug this channel back to the channel map and unmask
1532 	 * the RX bufring interrupt.
1533 	 */
1534 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = chan;
1535 	__compiler_membar();
1536 	vmbus_rxbr_intr_unmask(&chan->ch_rxbr);
1537 
1538 	/*
1539 	 * Kick start the interrupt task, just in case unmasking
1540 	 * interrupt races ISR.
1541 	 */
1542 	taskqueue_enqueue(chan->ch_tq, &chan->ch_task);
1543 }
1544 
1545 static __inline void
1546 vmbus_event_flags_proc(struct vmbus_softc *sc, volatile u_long *event_flags,
1547     int flag_cnt)
1548 {
1549 	int f;
1550 
1551 	for (f = 0; f < flag_cnt; ++f) {
1552 		uint32_t chid_base;
1553 		u_long flags;
1554 		int chid_ofs;
1555 
1556 		if (event_flags[f] == 0)
1557 			continue;
1558 
1559 		flags = atomic_swap_long(&event_flags[f], 0);
1560 		chid_base = f << VMBUS_EVTFLAG_SHIFT;
1561 
1562 		while ((chid_ofs = ffsl(flags)) != 0) {
1563 			struct vmbus_channel *chan;
1564 
1565 			--chid_ofs; /* NOTE: ffsl is 1-based */
1566 			flags &= ~(1UL << chid_ofs);
1567 
1568 			chan = sc->vmbus_chmap[chid_base + chid_ofs];
1569 			if (__predict_false(chan == NULL)) {
1570 				/* Channel is closed. */
1571 				continue;
1572 			}
1573 			__compiler_membar();
1574 
1575 			if (chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD)
1576 				vmbus_rxbr_intr_mask(&chan->ch_rxbr);
1577 			taskqueue_enqueue(chan->ch_tq, &chan->ch_task);
1578 		}
1579 	}
1580 }
1581 
1582 void
1583 vmbus_event_proc(struct vmbus_softc *sc, int cpu)
1584 {
1585 	struct vmbus_evtflags *eventf;
1586 
1587 	/*
1588 	 * On Host with Win8 or above, the event page can be checked directly
1589 	 * to get the id of the channel that has the pending interrupt.
1590 	 */
1591 	eventf = VMBUS_PCPU_GET(sc, event_flags, cpu) + VMBUS_SINT_MESSAGE;
1592 	vmbus_event_flags_proc(sc, eventf->evt_flags,
1593 	    VMBUS_PCPU_GET(sc, event_flags_cnt, cpu));
1594 }
1595 
1596 void
1597 vmbus_event_proc_compat(struct vmbus_softc *sc, int cpu)
1598 {
1599 	struct vmbus_evtflags *eventf;
1600 
1601 	eventf = VMBUS_PCPU_GET(sc, event_flags, cpu) + VMBUS_SINT_MESSAGE;
1602 	if (atomic_testandclear_long(&eventf->evt_flags[0], 0)) {
1603 		vmbus_event_flags_proc(sc, sc->vmbus_rx_evtflags,
1604 		    VMBUS_CHAN_MAX_COMPAT >> VMBUS_EVTFLAG_SHIFT);
1605 	}
1606 }
1607 
1608 static void
1609 vmbus_chan_update_evtflagcnt(struct vmbus_softc *sc,
1610     const struct vmbus_channel *chan)
1611 {
1612 	volatile int *flag_cnt_ptr;
1613 	int flag_cnt;
1614 
1615 	flag_cnt = (chan->ch_id / VMBUS_EVTFLAG_LEN) + 1;
1616 	flag_cnt_ptr = VMBUS_PCPU_PTR(sc, event_flags_cnt, chan->ch_cpuid);
1617 
1618 	for (;;) {
1619 		int old_flag_cnt;
1620 
1621 		old_flag_cnt = *flag_cnt_ptr;
1622 		if (old_flag_cnt >= flag_cnt)
1623 			break;
1624 		if (atomic_cmpset_int(flag_cnt_ptr, old_flag_cnt, flag_cnt)) {
1625 			if (bootverbose) {
1626 				vmbus_chan_printf(chan,
1627 				    "chan%u update cpu%d flag_cnt to %d\n",
1628 				    chan->ch_id, chan->ch_cpuid, flag_cnt);
1629 			}
1630 			break;
1631 		}
1632 	}
1633 }
1634 
1635 static struct vmbus_channel *
1636 vmbus_chan_alloc(struct vmbus_softc *sc)
1637 {
1638 	struct vmbus_channel *chan;
1639 
1640 	chan = malloc(sizeof(*chan), M_DEVBUF, M_WAITOK | M_ZERO);
1641 
1642 	chan->ch_monprm = contigmalloc(sizeof(struct hyperv_mon_param),
1643 	    M_DEVBUF, M_WAITOK | M_ZERO, 0ul, ~0ul, HYPERCALL_PARAM_ALIGN, 0);
1644 	if (chan->ch_monprm == NULL) {
1645 		device_printf(sc->vmbus_dev, "monprm alloc failed\n");
1646 		free(chan, M_DEVBUF);
1647 		return NULL;
1648 	}
1649 
1650 	chan->ch_refs = 1;
1651 	chan->ch_vmbus = sc;
1652 	mtx_init(&chan->ch_subchan_lock, "vmbus subchan", NULL, MTX_DEF);
1653 	sx_init(&chan->ch_orphan_lock, "vmbus chorphan");
1654 	TAILQ_INIT(&chan->ch_subchans);
1655 	vmbus_rxbr_init(&chan->ch_rxbr);
1656 	vmbus_txbr_init(&chan->ch_txbr);
1657 
1658 	TASK_INIT(&chan->ch_poll_task, 0, vmbus_chan_poll_task, chan);
1659 	callout_init(&chan->ch_poll_timeo, 1);
1660 
1661 	return chan;
1662 }
1663 
1664 static void
1665 vmbus_chan_free(struct vmbus_channel *chan)
1666 {
1667 
1668 	KASSERT(TAILQ_EMPTY(&chan->ch_subchans) && chan->ch_subchan_cnt == 0,
1669 	    ("still owns sub-channels"));
1670 	KASSERT((chan->ch_stflags &
1671 	    (VMBUS_CHAN_ST_OPENED |
1672 	     VMBUS_CHAN_ST_ONPRIL |
1673 	     VMBUS_CHAN_ST_ONSUBL |
1674 	     VMBUS_CHAN_ST_ONLIST)) == 0, ("free busy channel"));
1675 	KASSERT(chan->ch_orphan_xact == NULL,
1676 	    ("still has orphan xact installed"));
1677 	KASSERT(chan->ch_refs == 0, ("chan%u: invalid refcnt %d",
1678 	    chan->ch_id, chan->ch_refs));
1679 	KASSERT(chan->ch_poll_intvl == 0, ("chan%u: polling is activated",
1680 	    chan->ch_id));
1681 
1682 	contigfree(chan->ch_monprm, sizeof(struct hyperv_mon_param), M_DEVBUF);
1683 	mtx_destroy(&chan->ch_subchan_lock);
1684 	sx_destroy(&chan->ch_orphan_lock);
1685 	vmbus_rxbr_deinit(&chan->ch_rxbr);
1686 	vmbus_txbr_deinit(&chan->ch_txbr);
1687 	free(chan, M_DEVBUF);
1688 }
1689 
1690 static int
1691 vmbus_chan_add(struct vmbus_channel *newchan)
1692 {
1693 	struct vmbus_softc *sc = newchan->ch_vmbus;
1694 	struct vmbus_channel *prichan;
1695 
1696 	if (newchan->ch_id == 0) {
1697 		/*
1698 		 * XXX
1699 		 * Chan0 will neither be processed nor should be offered;
1700 		 * skip it.
1701 		 */
1702 		device_printf(sc->vmbus_dev, "got chan0 offer, discard\n");
1703 		return EINVAL;
1704 	} else if (newchan->ch_id >= VMBUS_CHAN_MAX) {
1705 		device_printf(sc->vmbus_dev, "invalid chan%u offer\n",
1706 		    newchan->ch_id);
1707 		return EINVAL;
1708 	}
1709 
1710 	mtx_lock(&sc->vmbus_prichan_lock);
1711 	TAILQ_FOREACH(prichan, &sc->vmbus_prichans, ch_prilink) {
1712 		/*
1713 		 * Sub-channel will have the same type GUID and instance
1714 		 * GUID as its primary channel.
1715 		 */
1716 		if (memcmp(&prichan->ch_guid_type, &newchan->ch_guid_type,
1717 		    sizeof(struct hyperv_guid)) == 0 &&
1718 		    memcmp(&prichan->ch_guid_inst, &newchan->ch_guid_inst,
1719 		    sizeof(struct hyperv_guid)) == 0)
1720 			break;
1721 	}
1722 	if (VMBUS_CHAN_ISPRIMARY(newchan)) {
1723 		if (prichan == NULL) {
1724 			/* Install the new primary channel */
1725 			vmbus_chan_ins_prilist(sc, newchan);
1726 			mtx_unlock(&sc->vmbus_prichan_lock);
1727 			goto done;
1728 		} else {
1729 			mtx_unlock(&sc->vmbus_prichan_lock);
1730 			device_printf(sc->vmbus_dev,
1731 			    "duplicated primary chan%u\n", newchan->ch_id);
1732 			return EINVAL;
1733 		}
1734 	} else { /* Sub-channel */
1735 		if (prichan == NULL) {
1736 			mtx_unlock(&sc->vmbus_prichan_lock);
1737 			device_printf(sc->vmbus_dev,
1738 			    "no primary chan for chan%u\n", newchan->ch_id);
1739 			return EINVAL;
1740 		}
1741 		/*
1742 		 * Found the primary channel for this sub-channel and
1743 		 * move on.
1744 		 *
1745 		 * XXX refcnt prichan
1746 		 */
1747 	}
1748 	mtx_unlock(&sc->vmbus_prichan_lock);
1749 
1750 	/*
1751 	 * This is a sub-channel; link it with the primary channel.
1752 	 */
1753 	KASSERT(!VMBUS_CHAN_ISPRIMARY(newchan),
1754 	    ("new channel is not sub-channel"));
1755 	KASSERT(prichan != NULL, ("no primary channel"));
1756 
1757 	/*
1758 	 * Reference count this sub-channel; it will be dereferenced
1759 	 * when this sub-channel is closed.
1760 	 */
1761 	KASSERT(newchan->ch_refs == 1, ("chan%u: invalid refcnt %d",
1762 	    newchan->ch_id, newchan->ch_refs));
1763 	atomic_add_int(&newchan->ch_refs, 1);
1764 
1765 	newchan->ch_prichan = prichan;
1766 	newchan->ch_dev = prichan->ch_dev;
1767 
1768 	mtx_lock(&prichan->ch_subchan_lock);
1769 	vmbus_chan_ins_sublist(prichan, newchan);
1770 	mtx_unlock(&prichan->ch_subchan_lock);
1771 	/*
1772 	 * Notify anyone that is interested in this sub-channel,
1773 	 * after this sub-channel is setup.
1774 	 */
1775 	wakeup(prichan);
1776 done:
1777 	/*
1778 	 * Hook this channel up for later revocation.
1779 	 */
1780 	mtx_lock(&sc->vmbus_chan_lock);
1781 	vmbus_chan_ins_list(sc, newchan);
1782 	mtx_unlock(&sc->vmbus_chan_lock);
1783 
1784 	if (bootverbose) {
1785 		vmbus_chan_printf(newchan, "chan%u subidx%u offer\n",
1786 		    newchan->ch_id, newchan->ch_subidx);
1787 	}
1788 
1789 	/* Select default cpu for this channel. */
1790 	vmbus_chan_cpu_default(newchan);
1791 
1792 	return 0;
1793 }
1794 
1795 void
1796 vmbus_chan_cpu_set(struct vmbus_channel *chan, int cpu)
1797 {
1798 	KASSERT(cpu >= 0 && cpu < mp_ncpus, ("invalid cpu %d", cpu));
1799 
1800 	if (chan->ch_vmbus->vmbus_version == VMBUS_VERSION_WS2008 ||
1801 	    chan->ch_vmbus->vmbus_version == VMBUS_VERSION_WIN7) {
1802 		/* Only cpu0 is supported */
1803 		cpu = 0;
1804 	}
1805 
1806 	chan->ch_cpuid = cpu;
1807 	chan->ch_vcpuid = VMBUS_PCPU_GET(chan->ch_vmbus, vcpuid, cpu);
1808 
1809 	if (bootverbose) {
1810 		vmbus_chan_printf(chan,
1811 		    "chan%u assigned to cpu%u [vcpu%u]\n",
1812 		    chan->ch_id, chan->ch_cpuid, chan->ch_vcpuid);
1813 	}
1814 }
1815 
1816 void
1817 vmbus_chan_cpu_rr(struct vmbus_channel *chan)
1818 {
1819 	static uint32_t vmbus_chan_nextcpu;
1820 	int cpu;
1821 
1822 	cpu = atomic_fetchadd_int(&vmbus_chan_nextcpu, 1) % mp_ncpus;
1823 	vmbus_chan_cpu_set(chan, cpu);
1824 }
1825 
1826 static void
1827 vmbus_chan_cpu_default(struct vmbus_channel *chan)
1828 {
1829 	/*
1830 	 * By default, pin the channel to cpu0.  Devices having
1831 	 * special channel-cpu mapping requirement should call
1832 	 * vmbus_chan_cpu_{set,rr}().
1833 	 */
1834 	vmbus_chan_cpu_set(chan, 0);
1835 }
1836 
1837 static void
1838 vmbus_chan_msgproc_choffer(struct vmbus_softc *sc,
1839     const struct vmbus_message *msg)
1840 {
1841 	const struct vmbus_chanmsg_choffer *offer;
1842 	struct vmbus_channel *chan;
1843 	task_fn_t *detach_fn, *attach_fn;
1844 	int error;
1845 
1846 	offer = (const struct vmbus_chanmsg_choffer *)msg->msg_data;
1847 
1848 	chan = vmbus_chan_alloc(sc);
1849 	if (chan == NULL) {
1850 		device_printf(sc->vmbus_dev, "allocate chan%u failed\n",
1851 		    offer->chm_chanid);
1852 		return;
1853 	}
1854 
1855 	chan->ch_id = offer->chm_chanid;
1856 	chan->ch_subidx = offer->chm_subidx;
1857 	chan->ch_guid_type = offer->chm_chtype;
1858 	chan->ch_guid_inst = offer->chm_chinst;
1859 
1860 	/* Batch reading is on by default */
1861 	chan->ch_flags |= VMBUS_CHAN_FLAG_BATCHREAD;
1862 
1863 	chan->ch_monprm->mp_connid = VMBUS_CONNID_EVENT;
1864 	if (sc->vmbus_version != VMBUS_VERSION_WS2008)
1865 		chan->ch_monprm->mp_connid = offer->chm_connid;
1866 
1867 	if (offer->chm_flags1 & VMBUS_CHOFFER_FLAG1_HASMNF) {
1868 		int trig_idx;
1869 
1870 		/*
1871 		 * Setup MNF stuffs.
1872 		 */
1873 		chan->ch_txflags |= VMBUS_CHAN_TXF_HASMNF;
1874 
1875 		trig_idx = offer->chm_montrig / VMBUS_MONTRIG_LEN;
1876 		if (trig_idx >= VMBUS_MONTRIGS_MAX)
1877 			panic("invalid monitor trigger %u", offer->chm_montrig);
1878 		chan->ch_montrig =
1879 		    &sc->vmbus_mnf2->mnf_trigs[trig_idx].mt_pending;
1880 
1881 		chan->ch_montrig_mask =
1882 		    1 << (offer->chm_montrig % VMBUS_MONTRIG_LEN);
1883 	}
1884 
1885 	if (offer->chm_chflags & VMBUS_CHAN_TLNPI_PROVIDER_OFFER) {
1886 		/* This is HyperV socket channel */
1887 		chan->ch_is_hvs = true;
1888 		/* The first byte != 0 means the host initiated connection. */
1889 		chan->ch_hvs_conn_from_host =
1890 		    offer->chm_udata.pipe.user_def[0];
1891 
1892 		if (bootverbose) {
1893 			device_printf(sc->vmbus_dev,
1894 			    "chan%u is hyperv socket channel "
1895 			    "connected %s host\n",
1896 			    chan->ch_id,
1897 			    (chan->ch_hvs_conn_from_host != 0) ?
1898 			    "from" : "to");
1899 		}
1900 	} else {
1901 		chan->ch_is_hvs = false;
1902 	}
1903 
1904 	/*
1905 	 * Setup event flag.
1906 	 */
1907 	chan->ch_evtflag =
1908 	    &sc->vmbus_tx_evtflags[chan->ch_id >> VMBUS_EVTFLAG_SHIFT];
1909 	chan->ch_evtflag_mask = 1UL << (chan->ch_id & VMBUS_EVTFLAG_MASK);
1910 
1911 	/*
1912 	 * Setup attach and detach tasks.
1913 	 */
1914 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
1915 		chan->ch_mgmt_tq = sc->vmbus_devtq;
1916 		attach_fn = vmbus_prichan_attach_task;
1917 		detach_fn = vmbus_prichan_detach_task;
1918 	} else {
1919 		chan->ch_mgmt_tq = sc->vmbus_subchtq;
1920 		attach_fn = vmbus_subchan_attach_task;
1921 		detach_fn = vmbus_subchan_detach_task;
1922 	}
1923 	TASK_INIT(&chan->ch_attach_task, 0, attach_fn, chan);
1924 	TASK_INIT(&chan->ch_detach_task, 0, detach_fn, chan);
1925 
1926 	error = vmbus_chan_add(chan);
1927 	if (error) {
1928 		device_printf(sc->vmbus_dev, "add chan%u failed: %d\n",
1929 		    chan->ch_id, error);
1930 		atomic_subtract_int(&chan->ch_refs, 1);
1931 		vmbus_chan_free(chan);
1932 		return;
1933 	}
1934 	taskqueue_enqueue(chan->ch_mgmt_tq, &chan->ch_attach_task);
1935 }
1936 
1937 static void
1938 vmbus_chan_msgproc_chrescind(struct vmbus_softc *sc,
1939     const struct vmbus_message *msg)
1940 {
1941 	const struct vmbus_chanmsg_chrescind *note;
1942 	struct vmbus_channel *chan;
1943 
1944 	note = (const struct vmbus_chanmsg_chrescind *)msg->msg_data;
1945 	if (note->chm_chanid > VMBUS_CHAN_MAX) {
1946 		device_printf(sc->vmbus_dev, "invalid revoked chan%u\n",
1947 		    note->chm_chanid);
1948 		return;
1949 	}
1950 
1951 	/*
1952 	 * Find and remove the target channel from the channel list.
1953 	 */
1954 	mtx_lock(&sc->vmbus_chan_lock);
1955 	TAILQ_FOREACH(chan, &sc->vmbus_chans, ch_link) {
1956 		if (chan->ch_id == note->chm_chanid)
1957 			break;
1958 	}
1959 	if (chan == NULL) {
1960 		mtx_unlock(&sc->vmbus_chan_lock);
1961 		device_printf(sc->vmbus_dev, "chan%u is not offered\n",
1962 		    note->chm_chanid);
1963 		return;
1964 	}
1965 	vmbus_chan_rem_list(sc, chan);
1966 	mtx_unlock(&sc->vmbus_chan_lock);
1967 
1968 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
1969 		/*
1970 		 * The target channel is a primary channel; remove the
1971 		 * target channel from the primary channel list now,
1972 		 * instead of later, so that it will not be found by
1973 		 * other sub-channel offers, which are processed in
1974 		 * this thread.
1975 		 */
1976 		mtx_lock(&sc->vmbus_prichan_lock);
1977 		vmbus_chan_rem_prilist(sc, chan);
1978 		mtx_unlock(&sc->vmbus_prichan_lock);
1979 	}
1980 
1981 	/*
1982 	 * NOTE:
1983 	 * The following processing order is critical:
1984 	 * Set the REVOKED state flag before orphaning the installed xact.
1985 	 */
1986 
1987 	if (atomic_testandset_int(&chan->ch_stflags,
1988 	    VMBUS_CHAN_ST_REVOKED_SHIFT))
1989 		panic("channel has already been revoked");
1990 
1991 	sx_xlock(&chan->ch_orphan_lock);
1992 	if (chan->ch_orphan_xact != NULL)
1993 		vmbus_xact_ctx_orphan(chan->ch_orphan_xact);
1994 	sx_xunlock(&chan->ch_orphan_lock);
1995 
1996 	if (bootverbose)
1997 		vmbus_chan_printf(chan, "chan%u revoked\n", note->chm_chanid);
1998 	vmbus_chan_detach(chan);
1999 }
2000 
2001 static int
2002 vmbus_chan_release(struct vmbus_channel *chan)
2003 {
2004 	struct vmbus_softc *sc = chan->ch_vmbus;
2005 	struct vmbus_chanmsg_chfree *req;
2006 	struct vmbus_msghc *mh;
2007 	int error;
2008 
2009 	mh = vmbus_msghc_get(sc, sizeof(*req));
2010 	if (mh == NULL) {
2011 		vmbus_chan_printf(chan,
2012 		    "can not get msg hypercall for chfree(chan%u)\n",
2013 		    chan->ch_id);
2014 		return (ENXIO);
2015 	}
2016 
2017 	req = vmbus_msghc_dataptr(mh);
2018 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_CHFREE;
2019 	req->chm_chanid = chan->ch_id;
2020 
2021 	error = vmbus_msghc_exec_noresult(mh);
2022 	vmbus_msghc_put(sc, mh);
2023 
2024 	if (error) {
2025 		vmbus_chan_printf(chan,
2026 		    "chfree(chan%u) msg hypercall exec failed: %d\n",
2027 		    chan->ch_id, error);
2028 	} else {
2029 		if (bootverbose)
2030 			vmbus_chan_printf(chan, "chan%u freed\n", chan->ch_id);
2031 	}
2032 	return (error);
2033 }
2034 
2035 static void
2036 vmbus_prichan_detach_task(void *xchan, int pending __unused)
2037 {
2038 	struct vmbus_channel *chan = xchan;
2039 
2040 	KASSERT(VMBUS_CHAN_ISPRIMARY(chan),
2041 	    ("chan%u is not primary channel", chan->ch_id));
2042 
2043 	/* Delete and detach the device associated with this channel. */
2044 	vmbus_delete_child(chan);
2045 
2046 	/* Release this channel (back to vmbus). */
2047 	vmbus_chan_release(chan);
2048 
2049 	/* Free this channel's resource. */
2050 	vmbus_chan_free(chan);
2051 }
2052 
2053 static void
2054 vmbus_subchan_detach_task(void *xchan, int pending __unused)
2055 {
2056 	struct vmbus_channel *chan = xchan;
2057 	struct vmbus_channel *pri_chan = chan->ch_prichan;
2058 
2059 	KASSERT(!VMBUS_CHAN_ISPRIMARY(chan),
2060 	    ("chan%u is primary channel", chan->ch_id));
2061 
2062 	/* Release this channel (back to vmbus). */
2063 	vmbus_chan_release(chan);
2064 
2065 	/* Unlink from its primary channel's sub-channel list. */
2066 	mtx_lock(&pri_chan->ch_subchan_lock);
2067 	vmbus_chan_rem_sublist(pri_chan, chan);
2068 	mtx_unlock(&pri_chan->ch_subchan_lock);
2069 	/* Notify anyone that is waiting for this sub-channel to vanish. */
2070 	wakeup(pri_chan);
2071 
2072 	/* Free this channel's resource. */
2073 	vmbus_chan_free(chan);
2074 }
2075 
2076 static void
2077 vmbus_prichan_attach_task(void *xchan, int pending __unused)
2078 {
2079 
2080 	/*
2081 	 * Add device for this primary channel.
2082 	 */
2083 	vmbus_add_child(xchan);
2084 }
2085 
2086 static void
2087 vmbus_subchan_attach_task(void *xchan __unused, int pending __unused)
2088 {
2089 
2090 	/* Nothing */
2091 }
2092 
2093 void
2094 vmbus_chan_destroy_all(struct vmbus_softc *sc)
2095 {
2096 
2097 	/*
2098 	 * Detach all devices and destroy the corresponding primary
2099 	 * channels.
2100 	 */
2101 	for (;;) {
2102 		struct vmbus_channel *chan;
2103 
2104 		mtx_lock(&sc->vmbus_chan_lock);
2105 		TAILQ_FOREACH(chan, &sc->vmbus_chans, ch_link) {
2106 			if (VMBUS_CHAN_ISPRIMARY(chan))
2107 				break;
2108 		}
2109 		if (chan == NULL) {
2110 			/* No more primary channels; done. */
2111 			mtx_unlock(&sc->vmbus_chan_lock);
2112 			break;
2113 		}
2114 		vmbus_chan_rem_list(sc, chan);
2115 		mtx_unlock(&sc->vmbus_chan_lock);
2116 
2117 		mtx_lock(&sc->vmbus_prichan_lock);
2118 		vmbus_chan_rem_prilist(sc, chan);
2119 		mtx_unlock(&sc->vmbus_prichan_lock);
2120 
2121 		taskqueue_enqueue(chan->ch_mgmt_tq, &chan->ch_detach_task);
2122 	}
2123 }
2124 
2125 struct vmbus_channel **
2126 vmbus_subchan_get(struct vmbus_channel *pri_chan, int subchan_cnt)
2127 {
2128 	struct vmbus_channel **ret, *chan;
2129 	int i;
2130 
2131 	KASSERT(subchan_cnt > 0, ("invalid sub-channel count %d", subchan_cnt));
2132 
2133 	ret = malloc(subchan_cnt * sizeof(struct vmbus_channel *), M_TEMP,
2134 	    M_WAITOK);
2135 
2136 	mtx_lock(&pri_chan->ch_subchan_lock);
2137 
2138 	while (pri_chan->ch_subchan_cnt < subchan_cnt)
2139 		mtx_sleep(pri_chan, &pri_chan->ch_subchan_lock, 0, "subch", 0);
2140 
2141 	i = 0;
2142 	TAILQ_FOREACH(chan, &pri_chan->ch_subchans, ch_sublink) {
2143 		/* TODO: refcnt chan */
2144 		ret[i] = chan;
2145 
2146 		++i;
2147 		if (i == subchan_cnt)
2148 			break;
2149 	}
2150 	KASSERT(i == subchan_cnt, ("invalid subchan count %d, should be %d",
2151 	    pri_chan->ch_subchan_cnt, subchan_cnt));
2152 
2153 	mtx_unlock(&pri_chan->ch_subchan_lock);
2154 
2155 	return ret;
2156 }
2157 
2158 void
2159 vmbus_subchan_rel(struct vmbus_channel **subchan, int subchan_cnt __unused)
2160 {
2161 
2162 	free(subchan, M_TEMP);
2163 }
2164 
2165 void
2166 vmbus_subchan_drain(struct vmbus_channel *pri_chan)
2167 {
2168 	mtx_lock(&pri_chan->ch_subchan_lock);
2169 	while (pri_chan->ch_subchan_cnt > 0)
2170 		mtx_sleep(pri_chan, &pri_chan->ch_subchan_lock, 0, "dsubch", 0);
2171 	mtx_unlock(&pri_chan->ch_subchan_lock);
2172 }
2173 
2174 void
2175 vmbus_chan_msgproc(struct vmbus_softc *sc, const struct vmbus_message *msg)
2176 {
2177 	vmbus_chanmsg_proc_t msg_proc;
2178 	uint32_t msg_type;
2179 
2180 	msg_type = ((const struct vmbus_chanmsg_hdr *)msg->msg_data)->chm_type;
2181 	KASSERT(msg_type < VMBUS_CHANMSG_TYPE_MAX,
2182 	    ("invalid message type %u", msg_type));
2183 
2184 	msg_proc = vmbus_chan_msgprocs[msg_type];
2185 	if (msg_proc != NULL)
2186 		msg_proc(sc, msg);
2187 }
2188 
2189 void
2190 vmbus_chan_set_readbatch(struct vmbus_channel *chan, bool on)
2191 {
2192 	if (!on)
2193 		chan->ch_flags &= ~VMBUS_CHAN_FLAG_BATCHREAD;
2194 	else
2195 		chan->ch_flags |= VMBUS_CHAN_FLAG_BATCHREAD;
2196 }
2197 
2198 uint32_t
2199 vmbus_chan_id(const struct vmbus_channel *chan)
2200 {
2201 	return chan->ch_id;
2202 }
2203 
2204 uint32_t
2205 vmbus_chan_subidx(const struct vmbus_channel *chan)
2206 {
2207 	return chan->ch_subidx;
2208 }
2209 
2210 bool
2211 vmbus_chan_is_primary(const struct vmbus_channel *chan)
2212 {
2213 	if (VMBUS_CHAN_ISPRIMARY(chan))
2214 		return true;
2215 	else
2216 		return false;
2217 }
2218 
2219 bool
2220 vmbus_chan_is_hvs(const struct vmbus_channel *chan)
2221 {
2222 	return chan->ch_is_hvs;
2223 }
2224 
2225 bool
2226 vmbus_chan_is_hvs_conn_from_host(const struct vmbus_channel *chan)
2227 {
2228 	KASSERT(vmbus_chan_is_hvs(chan) == true,
2229 	    ("Not a HyperV Socket channel %u", chan->ch_id));
2230 	if (chan->ch_hvs_conn_from_host != 0)
2231 		return true;
2232 	else
2233 		return false;
2234 }
2235 
2236 struct hyperv_guid *
2237 vmbus_chan_guid_type(struct vmbus_channel *chan)
2238 {
2239 	return &chan->ch_guid_type;
2240 }
2241 
2242 struct hyperv_guid *
2243 vmbus_chan_guid_inst(struct vmbus_channel *chan)
2244 {
2245 	return &chan->ch_guid_inst;
2246 }
2247 
2248 int
2249 vmbus_chan_prplist_nelem(int br_size, int prpcnt_max, int dlen_max)
2250 {
2251 	int elem_size;
2252 
2253 	elem_size = __offsetof(struct vmbus_chanpkt_prplist,
2254 	    cp_range[0].gpa_page[prpcnt_max]);
2255 	elem_size += dlen_max;
2256 	elem_size = VMBUS_CHANPKT_TOTLEN(elem_size);
2257 
2258 	return (vmbus_br_nelem(br_size, elem_size));
2259 }
2260 
2261 bool
2262 vmbus_chan_tx_empty(const struct vmbus_channel *chan)
2263 {
2264 
2265 	return (vmbus_txbr_empty(&chan->ch_txbr));
2266 }
2267 
2268 bool
2269 vmbus_chan_rx_empty(const struct vmbus_channel *chan)
2270 {
2271 
2272 	return (vmbus_rxbr_empty(&chan->ch_rxbr));
2273 }
2274 
2275 static int
2276 vmbus_chan_printf(const struct vmbus_channel *chan, const char *fmt, ...)
2277 {
2278 	va_list ap;
2279 	device_t dev;
2280 	int retval;
2281 
2282 	if (chan->ch_dev == NULL || !device_is_alive(chan->ch_dev))
2283 		dev = chan->ch_vmbus->vmbus_dev;
2284 	else
2285 		dev = chan->ch_dev;
2286 
2287 	retval = device_print_prettyname(dev);
2288 	va_start(ap, fmt);
2289 	retval += vprintf(fmt, ap);
2290 	va_end(ap);
2291 
2292 	return (retval);
2293 }
2294 
2295 void
2296 vmbus_chan_run_task(struct vmbus_channel *chan, struct task *task)
2297 {
2298 
2299 	taskqueue_enqueue(chan->ch_tq, task);
2300 	taskqueue_drain(chan->ch_tq, task);
2301 }
2302 
2303 struct taskqueue *
2304 vmbus_chan_mgmt_tq(const struct vmbus_channel *chan)
2305 {
2306 
2307 	return (chan->ch_mgmt_tq);
2308 }
2309 
2310 bool
2311 vmbus_chan_is_revoked(const struct vmbus_channel *chan)
2312 {
2313 
2314 	if (chan->ch_stflags & VMBUS_CHAN_ST_REVOKED)
2315 		return (true);
2316 	return (false);
2317 }
2318 
2319 void
2320 vmbus_chan_set_orphan(struct vmbus_channel *chan, struct vmbus_xact_ctx *xact)
2321 {
2322 
2323 	sx_xlock(&chan->ch_orphan_lock);
2324 	chan->ch_orphan_xact = xact;
2325 	sx_xunlock(&chan->ch_orphan_lock);
2326 }
2327 
2328 void
2329 vmbus_chan_unset_orphan(struct vmbus_channel *chan)
2330 {
2331 
2332 	sx_xlock(&chan->ch_orphan_lock);
2333 	chan->ch_orphan_xact = NULL;
2334 	sx_xunlock(&chan->ch_orphan_lock);
2335 }
2336 
2337 const void *
2338 vmbus_chan_xact_wait(const struct vmbus_channel *chan,
2339     struct vmbus_xact *xact, size_t *resp_len, bool can_sleep)
2340 {
2341 	const void *ret;
2342 
2343 	if (can_sleep)
2344 		ret = vmbus_xact_wait(xact, resp_len);
2345 	else
2346 		ret = vmbus_xact_busywait(xact, resp_len);
2347 	if (vmbus_chan_is_revoked(chan)) {
2348 		/*
2349 		 * This xact probably is interrupted, and the
2350 		 * interruption can race the reply reception,
2351 		 * so we have to make sure that there are nothing
2352 		 * left on the RX bufring, i.e. this xact will
2353 		 * not be touched, once this function returns.
2354 		 *
2355 		 * Since the hypervisor will not put more data
2356 		 * onto the RX bufring once the channel is revoked,
2357 		 * the following loop will be terminated, once all
2358 		 * data are drained by the driver's channel
2359 		 * callback.
2360 		 */
2361 		while (!vmbus_chan_rx_empty(chan)) {
2362 			if (can_sleep)
2363 				pause("chxact", 1);
2364 			else
2365 				DELAY(1000);
2366 		}
2367 	}
2368 	return (ret);
2369 }
2370 
2371 void
2372 vmbus_chan_poll_enable(struct vmbus_channel *chan, u_int pollhz)
2373 {
2374 	struct vmbus_chan_pollarg arg;
2375 	struct task poll_cfg;
2376 
2377 	KASSERT(chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD,
2378 	    ("enable polling on non-batch chan%u", chan->ch_id));
2379 	KASSERT(pollhz >= VMBUS_CHAN_POLLHZ_MIN &&
2380 	    pollhz <= VMBUS_CHAN_POLLHZ_MAX, ("invalid pollhz %u", pollhz));
2381 
2382 	arg.poll_chan = chan;
2383 	arg.poll_hz = pollhz;
2384 	TASK_INIT(&poll_cfg, 0, vmbus_chan_pollcfg_task, &arg);
2385 	vmbus_chan_run_task(chan, &poll_cfg);
2386 }
2387 
2388 void
2389 vmbus_chan_poll_disable(struct vmbus_channel *chan)
2390 {
2391 	struct task poll_dis;
2392 
2393 	KASSERT(chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD,
2394 	    ("disable polling on non-batch chan%u", chan->ch_id));
2395 
2396 	TASK_INIT(&poll_dis, 0, vmbus_chan_polldis_task, chan);
2397 	vmbus_chan_run_task(chan, &poll_dis);
2398 }
2399