xref: /freebsd/sys/dev/hyperv/vmbus/vmbus_chan.c (revision 3a56015a2f5d630910177fa79a522bb95511ccf7)
1 /*-
2  * Copyright (c) 2009-2012,2016 Microsoft Corp.
3  * Copyright (c) 2012 NetApp Inc.
4  * Copyright (c) 2012 Citrix Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice unmodified, this list of conditions, and the following
12  *    disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include <sys/param.h>
30 #include <sys/bus.h>
31 #include <sys/callout.h>
32 #include <sys/kernel.h>
33 #include <sys/lock.h>
34 #include <sys/malloc.h>
35 #include <sys/mutex.h>
36 #include <sys/smp.h>
37 #include <sys/sysctl.h>
38 #include <sys/systm.h>
39 
40 #include <machine/atomic.h>
41 #include <machine/stdarg.h>
42 
43 #include <vm/vm.h>
44 #include <vm/pmap.h>
45 #include <vm/vm_extern.h>
46 
47 #include <dev/hyperv/include/vmbus_xact.h>
48 #include <dev/hyperv/vmbus/hyperv_var.h>
49 #include <dev/hyperv/vmbus/vmbus_reg.h>
50 #include <dev/hyperv/vmbus/vmbus_var.h>
51 #include <dev/hyperv/vmbus/vmbus_brvar.h>
52 #include <dev/hyperv/vmbus/vmbus_chanvar.h>
53 
54 struct vmbus_chan_pollarg {
55 	struct vmbus_channel	*poll_chan;
56 	u_int			poll_hz;
57 };
58 
59 static void			vmbus_chan_update_evtflagcnt(
60 				    struct vmbus_softc *,
61 				    const struct vmbus_channel *);
62 static int			vmbus_chan_close_internal(
63 				    struct vmbus_channel *);
64 static int			vmbus_chan_sysctl_mnf(SYSCTL_HANDLER_ARGS);
65 static void			vmbus_chan_sysctl_create(
66 				    struct vmbus_channel *);
67 static struct vmbus_channel	*vmbus_chan_alloc(struct vmbus_softc *);
68 static void			vmbus_chan_free(struct vmbus_channel *);
69 static int			vmbus_chan_add(struct vmbus_channel *);
70 static void			vmbus_chan_cpu_default(struct vmbus_channel *);
71 static int			vmbus_chan_release(struct vmbus_channel *);
72 static void			vmbus_chan_set_chmap(struct vmbus_channel *);
73 static void			vmbus_chan_clear_chmap(struct vmbus_channel *);
74 static void			vmbus_chan_detach(struct vmbus_channel *);
75 static bool			vmbus_chan_wait_revoke(
76 				    const struct vmbus_channel *, bool);
77 static void			vmbus_chan_poll_timeout(void *);
78 static bool			vmbus_chan_poll_cancel_intq(
79 				    struct vmbus_channel *);
80 static void			vmbus_chan_poll_cancel(struct vmbus_channel *);
81 
82 static void			vmbus_chan_ins_prilist(struct vmbus_softc *,
83 				    struct vmbus_channel *);
84 static void			vmbus_chan_rem_prilist(struct vmbus_softc *,
85 				    struct vmbus_channel *);
86 static void			vmbus_chan_ins_list(struct vmbus_softc *,
87 				    struct vmbus_channel *);
88 static void			vmbus_chan_rem_list(struct vmbus_softc *,
89 				    struct vmbus_channel *);
90 static void			vmbus_chan_ins_sublist(struct vmbus_channel *,
91 				    struct vmbus_channel *);
92 static void			vmbus_chan_rem_sublist(struct vmbus_channel *,
93 				    struct vmbus_channel *);
94 
95 static void			vmbus_chan_task(void *, int);
96 static void			vmbus_chan_task_nobatch(void *, int);
97 static void			vmbus_chan_poll_task(void *, int);
98 static void			vmbus_chan_clrchmap_task(void *, int);
99 static void			vmbus_chan_pollcfg_task(void *, int);
100 static void			vmbus_chan_polldis_task(void *, int);
101 static void			vmbus_chan_poll_cancel_task(void *, int);
102 static void			vmbus_prichan_attach_task(void *, int);
103 static void			vmbus_subchan_attach_task(void *, int);
104 static void			vmbus_prichan_detach_task(void *, int);
105 static void			vmbus_subchan_detach_task(void *, int);
106 
107 static void			vmbus_chan_msgproc_choffer(struct vmbus_softc *,
108 				    const struct vmbus_message *);
109 static void			vmbus_chan_msgproc_chrescind(
110 				    struct vmbus_softc *,
111 				    const struct vmbus_message *);
112 
113 static int			vmbus_chan_printf(const struct vmbus_channel *,
114 				    const char *, ...) __printflike(2, 3);
115 
116 /*
117  * Vmbus channel message processing.
118  */
119 static const vmbus_chanmsg_proc_t
120 vmbus_chan_msgprocs[VMBUS_CHANMSG_TYPE_MAX] = {
121 	VMBUS_CHANMSG_PROC(CHOFFER,	vmbus_chan_msgproc_choffer),
122 	VMBUS_CHANMSG_PROC(CHRESCIND,	vmbus_chan_msgproc_chrescind),
123 
124 	VMBUS_CHANMSG_PROC_WAKEUP(CHOPEN_RESP),
125 	VMBUS_CHANMSG_PROC_WAKEUP(GPADL_CONNRESP),
126 	VMBUS_CHANMSG_PROC_WAKEUP(GPADL_DISCONNRESP)
127 };
128 
129 /*
130  * Notify host that there are data pending on our TX bufring or
131  * we have put some data on the TX bufring.
132  */
133 static __inline void
134 vmbus_chan_signal(const struct vmbus_channel *chan)
135 {
136 	atomic_set_long(chan->ch_evtflag, chan->ch_evtflag_mask);
137 	if (chan->ch_txflags & VMBUS_CHAN_TXF_HASMNF)
138 		atomic_set_int(chan->ch_montrig, chan->ch_montrig_mask);
139 	else
140 		hypercall_signal_event(pmap_kextract(
141 		    (vm_offset_t)chan->ch_monprm));
142 }
143 
144 static __inline void
145 vmbus_chan_signal_tx(struct vmbus_channel *chan)
146 {
147 	chan->ch_txbr.txbr_intrcnt ++;
148 
149 	vmbus_chan_signal(chan);
150 }
151 
152 static __inline void
153 vmbus_chan_signal_rx(struct vmbus_channel *chan)
154 {
155 	chan->ch_rxbr.rxbr_intrcnt ++;
156 
157 	vmbus_chan_signal(chan);
158 }
159 
160 static void
161 vmbus_chan_ins_prilist(struct vmbus_softc *sc, struct vmbus_channel *chan)
162 {
163 
164 	mtx_assert(&sc->vmbus_prichan_lock, MA_OWNED);
165 	if (atomic_testandset_int(&chan->ch_stflags,
166 	    VMBUS_CHAN_ST_ONPRIL_SHIFT))
167 		panic("channel is already on the prilist");
168 	TAILQ_INSERT_TAIL(&sc->vmbus_prichans, chan, ch_prilink);
169 }
170 
171 static void
172 vmbus_chan_rem_prilist(struct vmbus_softc *sc, struct vmbus_channel *chan)
173 {
174 
175 	mtx_assert(&sc->vmbus_prichan_lock, MA_OWNED);
176 	if (atomic_testandclear_int(&chan->ch_stflags,
177 	    VMBUS_CHAN_ST_ONPRIL_SHIFT) == 0)
178 		panic("channel is not on the prilist");
179 	TAILQ_REMOVE(&sc->vmbus_prichans, chan, ch_prilink);
180 }
181 
182 static void
183 vmbus_chan_ins_sublist(struct vmbus_channel *prichan,
184     struct vmbus_channel *chan)
185 {
186 
187 	mtx_assert(&prichan->ch_subchan_lock, MA_OWNED);
188 
189 	if (atomic_testandset_int(&chan->ch_stflags,
190 	    VMBUS_CHAN_ST_ONSUBL_SHIFT))
191 		panic("channel is already on the sublist");
192 	TAILQ_INSERT_TAIL(&prichan->ch_subchans, chan, ch_sublink);
193 
194 	/* Bump sub-channel count. */
195 	prichan->ch_subchan_cnt++;
196 }
197 
198 static void
199 vmbus_chan_rem_sublist(struct vmbus_channel *prichan,
200     struct vmbus_channel *chan)
201 {
202 
203 	mtx_assert(&prichan->ch_subchan_lock, MA_OWNED);
204 
205 	KASSERT(prichan->ch_subchan_cnt > 0,
206 	    ("invalid subchan_cnt %d", prichan->ch_subchan_cnt));
207 	prichan->ch_subchan_cnt--;
208 
209 	if (atomic_testandclear_int(&chan->ch_stflags,
210 	    VMBUS_CHAN_ST_ONSUBL_SHIFT) == 0)
211 		panic("channel is not on the sublist");
212 	TAILQ_REMOVE(&prichan->ch_subchans, chan, ch_sublink);
213 }
214 
215 static void
216 vmbus_chan_ins_list(struct vmbus_softc *sc, struct vmbus_channel *chan)
217 {
218 
219 	mtx_assert(&sc->vmbus_chan_lock, MA_OWNED);
220 	if (atomic_testandset_int(&chan->ch_stflags,
221 	    VMBUS_CHAN_ST_ONLIST_SHIFT))
222 		panic("channel is already on the list");
223 	TAILQ_INSERT_TAIL(&sc->vmbus_chans, chan, ch_link);
224 }
225 
226 static void
227 vmbus_chan_rem_list(struct vmbus_softc *sc, struct vmbus_channel *chan)
228 {
229 
230 	mtx_assert(&sc->vmbus_chan_lock, MA_OWNED);
231 	if (atomic_testandclear_int(&chan->ch_stflags,
232 	    VMBUS_CHAN_ST_ONLIST_SHIFT) == 0)
233 		panic("channel is not on the list");
234 	TAILQ_REMOVE(&sc->vmbus_chans, chan, ch_link);
235 }
236 
237 static int
238 vmbus_chan_sysctl_mnf(SYSCTL_HANDLER_ARGS)
239 {
240 	struct vmbus_channel *chan = arg1;
241 	int mnf = 0;
242 
243 	if (chan->ch_txflags & VMBUS_CHAN_TXF_HASMNF)
244 		mnf = 1;
245 	return sysctl_handle_int(oidp, &mnf, 0, req);
246 }
247 
248 static void
249 vmbus_chan_sysctl_create(struct vmbus_channel *chan)
250 {
251 	struct sysctl_oid *ch_tree, *chid_tree, *br_tree;
252 	struct sysctl_ctx_list *ctx;
253 	uint32_t ch_id;
254 	char name[16];
255 
256 	/*
257 	 * Add sysctl nodes related to this channel to this
258 	 * channel's sysctl ctx, so that they can be destroyed
259 	 * independently upon close of this channel, which can
260 	 * happen even if the device is not detached.
261 	 */
262 	ctx = &chan->ch_sysctl_ctx;
263 	sysctl_ctx_init(ctx);
264 
265 	/*
266 	 * Create dev.NAME.UNIT.channel tree.
267 	 */
268 	ch_tree = SYSCTL_ADD_NODE(ctx,
269 	    SYSCTL_CHILDREN(device_get_sysctl_tree(chan->ch_dev)),
270 	    OID_AUTO, "channel", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
271 	if (ch_tree == NULL)
272 		return;
273 
274 	/*
275 	 * Create dev.NAME.UNIT.channel.CHANID tree.
276 	 */
277 	if (VMBUS_CHAN_ISPRIMARY(chan))
278 		ch_id = chan->ch_id;
279 	else
280 		ch_id = chan->ch_prichan->ch_id;
281 	snprintf(name, sizeof(name), "%d", ch_id);
282 	chid_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(ch_tree),
283 	    OID_AUTO, name, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
284 	if (chid_tree == NULL)
285 		return;
286 
287 	if (!VMBUS_CHAN_ISPRIMARY(chan)) {
288 		/*
289 		 * Create dev.NAME.UNIT.channel.CHANID.sub tree.
290 		 */
291 		ch_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(chid_tree),
292 		    OID_AUTO, "sub", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
293 		if (ch_tree == NULL)
294 			return;
295 
296 		/*
297 		 * Create dev.NAME.UNIT.channel.CHANID.sub.SUBIDX tree.
298 		 *
299 		 * NOTE:
300 		 * chid_tree is changed to this new sysctl tree.
301 		 */
302 		snprintf(name, sizeof(name), "%d", chan->ch_subidx);
303 		chid_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(ch_tree),
304 		    OID_AUTO, name, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
305 		if (chid_tree == NULL)
306 			return;
307 
308 		SYSCTL_ADD_UINT(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
309 		    "chanid", CTLFLAG_RD, &chan->ch_id, 0, "channel id");
310 	}
311 
312 	SYSCTL_ADD_UINT(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
313 	    "cpu", CTLFLAG_RD, &chan->ch_cpuid, 0, "owner CPU id");
314 	SYSCTL_ADD_PROC(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
315 	    "mnf", CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
316 	    chan, 0, vmbus_chan_sysctl_mnf, "I",
317 	    "has monitor notification facilities");
318 
319 	br_tree = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(chid_tree), OID_AUTO,
320 	    "br", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "");
321 	if (br_tree != NULL) {
322 		/*
323 		 * Create sysctl tree for RX bufring.
324 		 */
325 		vmbus_br_sysctl_create(ctx, br_tree, &chan->ch_rxbr.rxbr, "rx");
326 		/*
327 		 * Create sysctl tree for TX bufring.
328 		 */
329 		vmbus_br_sysctl_create(ctx, br_tree, &chan->ch_txbr.txbr, "tx");
330 	}
331 }
332 
333 int
334 vmbus_chan_open(struct vmbus_channel *chan, int txbr_size, int rxbr_size,
335     const void *udata, int udlen, vmbus_chan_callback_t cb, void *cbarg)
336 {
337 	struct vmbus_chan_br cbr;
338 	int error;
339 
340 	/*
341 	 * Allocate the TX+RX bufrings.
342 	 */
343 	KASSERT(chan->ch_bufring == NULL, ("bufrings are allocated"));
344 	chan->ch_bufring = contigmalloc(txbr_size + rxbr_size, M_DEVBUF,
345 	    M_WAITOK | M_ZERO, 0ul, ~0ul, PAGE_SIZE, 0);
346 	if (chan->ch_bufring == NULL) {
347 		vmbus_chan_printf(chan, "bufring allocation failed\n");
348 		return (ENOMEM);
349 	}
350 
351 	cbr.cbr = chan->ch_bufring;
352 	cbr.cbr_paddr = pmap_kextract((vm_offset_t)chan->ch_bufring);
353 	cbr.cbr_txsz = txbr_size;
354 	cbr.cbr_rxsz = rxbr_size;
355 
356 	error = vmbus_chan_open_br(chan, &cbr, udata, udlen, cb, cbarg);
357 	if (error) {
358 		if (error == EISCONN) {
359 			/*
360 			 * XXX
361 			 * The bufring GPADL is still connected; abandon
362 			 * this bufring, instead of having mysterious
363 			 * crash or trashed data later on.
364 			 */
365 			vmbus_chan_printf(chan, "chan%u bufring GPADL "
366 			    "is still connected upon channel open error; "
367 			    "leak %d bytes memory\n", chan->ch_id,
368 			    txbr_size + rxbr_size);
369 		} else {
370 			free(chan->ch_bufring, M_DEVBUF);
371 		}
372 		chan->ch_bufring = NULL;
373 	}
374 	return (error);
375 }
376 
377 int
378 vmbus_chan_open_br(struct vmbus_channel *chan, const struct vmbus_chan_br *cbr,
379     const void *udata, int udlen, vmbus_chan_callback_t cb, void *cbarg)
380 {
381 	struct vmbus_softc *sc = chan->ch_vmbus;
382 	const struct vmbus_message *msg;
383 	struct vmbus_chanmsg_chopen *req;
384 	struct vmbus_msghc *mh;
385 	uint32_t status;
386 	int error, txbr_size, rxbr_size;
387 	task_fn_t *task_fn;
388 	uint8_t *br;
389 
390 	if (udlen > VMBUS_CHANMSG_CHOPEN_UDATA_SIZE) {
391 		vmbus_chan_printf(chan,
392 		    "invalid udata len %d for chan%u\n", udlen, chan->ch_id);
393 		return (EINVAL);
394 	}
395 
396 	br = cbr->cbr;
397 	txbr_size = cbr->cbr_txsz;
398 	rxbr_size = cbr->cbr_rxsz;
399 	KASSERT((txbr_size & PAGE_MASK) == 0,
400 	    ("send bufring size is not multiple page"));
401 	KASSERT((rxbr_size & PAGE_MASK) == 0,
402 	    ("recv bufring size is not multiple page"));
403 	KASSERT((cbr->cbr_paddr & PAGE_MASK) == 0,
404 	    ("bufring is not page aligned"));
405 
406 	/*
407 	 * Zero out the TX/RX bufrings, in case that they were used before.
408 	 */
409 	memset(br, 0, txbr_size + rxbr_size);
410 
411 	if (atomic_testandset_int(&chan->ch_stflags,
412 	    VMBUS_CHAN_ST_OPENED_SHIFT))
413 		panic("double-open chan%u", chan->ch_id);
414 
415 	chan->ch_cb = cb;
416 	chan->ch_cbarg = cbarg;
417 
418 	vmbus_chan_update_evtflagcnt(sc, chan);
419 
420 	chan->ch_tq = VMBUS_PCPU_GET(chan->ch_vmbus, event_tq, chan->ch_cpuid);
421 	if (chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD)
422 		task_fn = vmbus_chan_task;
423 	else
424 		task_fn = vmbus_chan_task_nobatch;
425 	TASK_INIT(&chan->ch_task, 0, task_fn, chan);
426 
427 	/* TX bufring comes first */
428 	vmbus_txbr_setup(&chan->ch_txbr, br, txbr_size);
429 	/* RX bufring immediately follows TX bufring */
430 	vmbus_rxbr_setup(&chan->ch_rxbr, br + txbr_size, rxbr_size);
431 
432 	/* Create sysctl tree for this channel */
433 	vmbus_chan_sysctl_create(chan);
434 
435 	/*
436 	 * Connect the bufrings, both RX and TX, to this channel.
437 	 */
438 	error = vmbus_chan_gpadl_connect(chan, cbr->cbr_paddr,
439 	    txbr_size + rxbr_size, &chan->ch_bufring_gpadl);
440 	if (error) {
441 		vmbus_chan_printf(chan,
442 		    "failed to connect bufring GPADL to chan%u\n", chan->ch_id);
443 		goto failed;
444 	}
445 
446 	/*
447 	 * Install this channel, before it is opened, but after everything
448 	 * else has been setup.
449 	 */
450 	vmbus_chan_set_chmap(chan);
451 
452 	/*
453 	 * Open channel w/ the bufring GPADL on the target CPU.
454 	 */
455 	mh = vmbus_msghc_get(sc, sizeof(*req));
456 	if (mh == NULL) {
457 		vmbus_chan_printf(chan,
458 		    "can not get msg hypercall for chopen(chan%u)\n",
459 		    chan->ch_id);
460 		error = ENXIO;
461 		goto failed;
462 	}
463 
464 	req = vmbus_msghc_dataptr(mh);
465 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_CHOPEN;
466 	req->chm_chanid = chan->ch_id;
467 	req->chm_openid = chan->ch_id;
468 	req->chm_gpadl = chan->ch_bufring_gpadl;
469 	req->chm_vcpuid = chan->ch_vcpuid;
470 	req->chm_txbr_pgcnt = txbr_size >> PAGE_SHIFT;
471 	if (udlen > 0)
472 		memcpy(req->chm_udata, udata, udlen);
473 
474 	error = vmbus_msghc_exec(sc, mh);
475 	if (error) {
476 		vmbus_chan_printf(chan,
477 		    "chopen(chan%u) msg hypercall exec failed: %d\n",
478 		    chan->ch_id, error);
479 		vmbus_msghc_put(sc, mh);
480 		goto failed;
481 	}
482 
483 	for (;;) {
484 		msg = vmbus_msghc_poll_result(sc, mh);
485 		if (msg != NULL)
486 			break;
487 		if (vmbus_chan_is_revoked(chan)) {
488 			int i;
489 
490 			/*
491 			 * NOTE:
492 			 * Hypervisor does _not_ send response CHOPEN to
493 			 * a revoked channel.
494 			 */
495 			vmbus_chan_printf(chan,
496 			    "chan%u is revoked, when it is being opened\n",
497 			    chan->ch_id);
498 
499 			/*
500 			 * XXX
501 			 * Add extra delay before cancel the hypercall
502 			 * execution; mainly to close any possible
503 			 * CHRESCIND and CHOPEN_RESP races on the
504 			 * hypervisor side.
505 			 */
506 #define REVOKE_LINGER	100
507 			for (i = 0; i < REVOKE_LINGER; ++i) {
508 				msg = vmbus_msghc_poll_result(sc, mh);
509 				if (msg != NULL)
510 					break;
511 				pause("rchopen", 1);
512 			}
513 #undef REVOKE_LINGER
514 			if (msg == NULL)
515 				vmbus_msghc_exec_cancel(sc, mh);
516 			break;
517 		}
518 		pause("chopen", 1);
519 	}
520 	if (msg != NULL) {
521 		status = ((const struct vmbus_chanmsg_chopen_resp *)
522 		    msg->msg_data)->chm_status;
523 	} else {
524 		/* XXX any non-0 value is ok here. */
525 		status = 0xff;
526 	}
527 
528 	vmbus_msghc_put(sc, mh);
529 
530 	if (status == 0) {
531 		if (bootverbose)
532 			vmbus_chan_printf(chan, "chan%u opened\n", chan->ch_id);
533 		return (0);
534 	}
535 
536 	vmbus_chan_printf(chan, "failed to open chan%u\n", chan->ch_id);
537 	error = ENXIO;
538 
539 failed:
540 	sysctl_ctx_free(&chan->ch_sysctl_ctx);
541 	vmbus_chan_clear_chmap(chan);
542 	if (chan->ch_bufring_gpadl != 0) {
543 		int error1;
544 
545 		error1 = vmbus_chan_gpadl_disconnect(chan,
546 		    chan->ch_bufring_gpadl);
547 		if (error1) {
548 			/*
549 			 * Give caller a hint that the bufring GPADL is still
550 			 * connected.
551 			 */
552 			error = EISCONN;
553 		}
554 		chan->ch_bufring_gpadl = 0;
555 	}
556 	atomic_clear_int(&chan->ch_stflags, VMBUS_CHAN_ST_OPENED);
557 	return (error);
558 }
559 
560 int
561 vmbus_chan_gpadl_connect(struct vmbus_channel *chan, bus_addr_t paddr,
562     int size, uint32_t *gpadl0)
563 {
564 	struct vmbus_softc *sc = chan->ch_vmbus;
565 	struct vmbus_msghc *mh;
566 	struct vmbus_chanmsg_gpadl_conn *req;
567 	const struct vmbus_message *msg;
568 	size_t reqsz;
569 	uint32_t gpadl, status;
570 	int page_count, range_len, i, cnt, error;
571 	uint64_t page_id;
572 
573 	KASSERT(*gpadl0 == 0, ("GPADL is not zero"));
574 
575 	/*
576 	 * Preliminary checks.
577 	 */
578 
579 	KASSERT((size & PAGE_MASK) == 0,
580 	    ("invalid GPA size %d, not multiple page size", size));
581 	page_count = size >> PAGE_SHIFT;
582 
583 	KASSERT((paddr & PAGE_MASK) == 0,
584 	    ("GPA is not page aligned %jx", (uintmax_t)paddr));
585 	page_id = paddr >> PAGE_SHIFT;
586 
587 	range_len = __offsetof(struct vmbus_gpa_range, gpa_page[page_count]);
588 	/*
589 	 * We don't support multiple GPA ranges.
590 	 */
591 	if (range_len > UINT16_MAX) {
592 		vmbus_chan_printf(chan, "GPA too large, %d pages\n",
593 		    page_count);
594 		return EOPNOTSUPP;
595 	}
596 
597 	/*
598 	 * Allocate GPADL id.
599 	 */
600 	gpadl = vmbus_gpadl_alloc(sc);
601 
602 	/*
603 	 * Connect this GPADL to the target channel.
604 	 *
605 	 * NOTE:
606 	 * Since each message can only hold small set of page
607 	 * addresses, several messages may be required to
608 	 * complete the connection.
609 	 */
610 	if (page_count > VMBUS_CHANMSG_GPADL_CONN_PGMAX)
611 		cnt = VMBUS_CHANMSG_GPADL_CONN_PGMAX;
612 	else
613 		cnt = page_count;
614 	page_count -= cnt;
615 
616 	reqsz = __offsetof(struct vmbus_chanmsg_gpadl_conn,
617 	    chm_range.gpa_page[cnt]);
618 	mh = vmbus_msghc_get(sc, reqsz);
619 	if (mh == NULL) {
620 		vmbus_chan_printf(chan,
621 		    "can not get msg hypercall for gpadl_conn(chan%u)\n",
622 		    chan->ch_id);
623 		return EIO;
624 	}
625 
626 	req = vmbus_msghc_dataptr(mh);
627 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_GPADL_CONN;
628 	req->chm_chanid = chan->ch_id;
629 	req->chm_gpadl = gpadl;
630 	req->chm_range_len = range_len;
631 	req->chm_range_cnt = 1;
632 	req->chm_range.gpa_len = size;
633 	req->chm_range.gpa_ofs = 0;
634 	for (i = 0; i < cnt; ++i)
635 		req->chm_range.gpa_page[i] = page_id++;
636 
637 	error = vmbus_msghc_exec(sc, mh);
638 	if (error) {
639 		vmbus_chan_printf(chan,
640 		    "gpadl_conn(chan%u) msg hypercall exec failed: %d\n",
641 		    chan->ch_id, error);
642 		vmbus_msghc_put(sc, mh);
643 		return error;
644 	}
645 
646 	while (page_count > 0) {
647 		struct vmbus_chanmsg_gpadl_subconn *subreq;
648 
649 		if (page_count > VMBUS_CHANMSG_GPADL_SUBCONN_PGMAX)
650 			cnt = VMBUS_CHANMSG_GPADL_SUBCONN_PGMAX;
651 		else
652 			cnt = page_count;
653 		page_count -= cnt;
654 
655 		reqsz = __offsetof(struct vmbus_chanmsg_gpadl_subconn,
656 		    chm_gpa_page[cnt]);
657 		vmbus_msghc_reset(mh, reqsz);
658 
659 		subreq = vmbus_msghc_dataptr(mh);
660 		subreq->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_GPADL_SUBCONN;
661 		subreq->chm_gpadl = gpadl;
662 		for (i = 0; i < cnt; ++i)
663 			subreq->chm_gpa_page[i] = page_id++;
664 
665 		vmbus_msghc_exec_noresult(mh);
666 	}
667 	KASSERT(page_count == 0, ("invalid page count %d", page_count));
668 
669 	msg = vmbus_msghc_wait_result(sc, mh);
670 	status = ((const struct vmbus_chanmsg_gpadl_connresp *)
671 	    msg->msg_data)->chm_status;
672 
673 	vmbus_msghc_put(sc, mh);
674 
675 	if (status != 0) {
676 		vmbus_chan_printf(chan, "gpadl_conn(chan%u) failed: %u\n",
677 		    chan->ch_id, status);
678 		return EIO;
679 	}
680 
681 	/* Done; commit the GPADL id. */
682 	*gpadl0 = gpadl;
683 	if (bootverbose) {
684 		vmbus_chan_printf(chan, "gpadl_conn(chan%u) succeeded\n",
685 		    chan->ch_id);
686 	}
687 	return 0;
688 }
689 
690 static bool
691 vmbus_chan_wait_revoke(const struct vmbus_channel *chan, bool can_sleep)
692 {
693 #define WAIT_COUNT	200	/* 200ms */
694 
695 	int i;
696 
697 	for (i = 0; i < WAIT_COUNT; ++i) {
698 		if (vmbus_chan_is_revoked(chan))
699 			return (true);
700 		if (can_sleep)
701 			pause("wchrev", 1);
702 		else
703 			DELAY(1000);
704 	}
705 	return (false);
706 
707 #undef WAIT_COUNT
708 }
709 
710 /*
711  * Disconnect the GPA from the target channel
712  */
713 int
714 vmbus_chan_gpadl_disconnect(struct vmbus_channel *chan, uint32_t gpadl)
715 {
716 	struct vmbus_softc *sc = chan->ch_vmbus;
717 	struct vmbus_msghc *mh;
718 	struct vmbus_chanmsg_gpadl_disconn *req;
719 	int error;
720 
721 	KASSERT(gpadl != 0, ("GPADL is zero"));
722 
723 	mh = vmbus_msghc_get(sc, sizeof(*req));
724 	if (mh == NULL) {
725 		vmbus_chan_printf(chan,
726 		    "can not get msg hypercall for gpadl_disconn(chan%u)\n",
727 		    chan->ch_id);
728 		return (EBUSY);
729 	}
730 
731 	req = vmbus_msghc_dataptr(mh);
732 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_GPADL_DISCONN;
733 	req->chm_chanid = chan->ch_id;
734 	req->chm_gpadl = gpadl;
735 
736 	error = vmbus_msghc_exec(sc, mh);
737 	if (error) {
738 		vmbus_msghc_put(sc, mh);
739 
740 		if (vmbus_chan_wait_revoke(chan, true)) {
741 			/*
742 			 * Error is benign; this channel is revoked,
743 			 * so this GPADL will not be touched anymore.
744 			 */
745 			vmbus_chan_printf(chan,
746 			    "gpadl_disconn(revoked chan%u) msg hypercall "
747 			    "exec failed: %d\n", chan->ch_id, error);
748 			return (0);
749 		}
750 		vmbus_chan_printf(chan,
751 		    "gpadl_disconn(chan%u) msg hypercall exec failed: %d\n",
752 		    chan->ch_id, error);
753 		return (error);
754 	}
755 
756 	vmbus_msghc_wait_result(sc, mh);
757 	/* Discard result; no useful information */
758 	vmbus_msghc_put(sc, mh);
759 
760 	return (0);
761 }
762 
763 static void
764 vmbus_chan_detach(struct vmbus_channel *chan)
765 {
766 	int refs;
767 
768 	KASSERT(chan->ch_refs > 0, ("chan%u: invalid refcnt %d",
769 	    chan->ch_id, chan->ch_refs));
770 	refs = atomic_fetchadd_int(&chan->ch_refs, -1);
771 #ifdef INVARIANTS
772 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
773 		KASSERT(refs == 1, ("chan%u: invalid refcnt %d for prichan",
774 		    chan->ch_id, refs + 1));
775 	}
776 #endif
777 	if (refs == 1) {
778 		/*
779 		 * Detach the target channel.
780 		 */
781 		if (bootverbose) {
782 			vmbus_chan_printf(chan, "chan%u detached\n",
783 			    chan->ch_id);
784 		}
785 		taskqueue_enqueue(chan->ch_mgmt_tq, &chan->ch_detach_task);
786 	}
787 }
788 
789 static void
790 vmbus_chan_clrchmap_task(void *xchan, int pending __unused)
791 {
792 	struct vmbus_channel *chan = xchan;
793 
794 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = NULL;
795 }
796 
797 static void
798 vmbus_chan_clear_chmap(struct vmbus_channel *chan)
799 {
800 	struct task chmap_task;
801 
802 	TASK_INIT(&chmap_task, 0, vmbus_chan_clrchmap_task, chan);
803 	vmbus_chan_run_task(chan, &chmap_task);
804 }
805 
806 static void
807 vmbus_chan_set_chmap(struct vmbus_channel *chan)
808 {
809 	__compiler_membar();
810 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = chan;
811 }
812 
813 static void
814 vmbus_chan_poll_cancel_task(void *xchan, int pending __unused)
815 {
816 
817 	vmbus_chan_poll_cancel_intq(xchan);
818 }
819 
820 static void
821 vmbus_chan_poll_cancel(struct vmbus_channel *chan)
822 {
823 	struct task poll_cancel;
824 
825 	TASK_INIT(&poll_cancel, 0, vmbus_chan_poll_cancel_task, chan);
826 	vmbus_chan_run_task(chan, &poll_cancel);
827 }
828 
829 static int
830 vmbus_chan_close_internal(struct vmbus_channel *chan)
831 {
832 	struct vmbus_softc *sc = chan->ch_vmbus;
833 	struct vmbus_msghc *mh;
834 	struct vmbus_chanmsg_chclose *req;
835 	uint32_t old_stflags;
836 	int error;
837 
838 	/*
839 	 * NOTE:
840 	 * Sub-channels are closed upon their primary channel closing,
841 	 * so they can be closed even before they are opened.
842 	 */
843 	for (;;) {
844 		old_stflags = chan->ch_stflags;
845 		if (atomic_cmpset_int(&chan->ch_stflags, old_stflags,
846 		    old_stflags & ~VMBUS_CHAN_ST_OPENED))
847 			break;
848 	}
849 	if ((old_stflags & VMBUS_CHAN_ST_OPENED) == 0) {
850 		/* Not opened yet; done */
851 		if (bootverbose) {
852 			vmbus_chan_printf(chan, "chan%u not opened\n",
853 			    chan->ch_id);
854 		}
855 		return (0);
856 	}
857 
858 	/*
859 	 * Free this channel's sysctl tree attached to its device's
860 	 * sysctl tree.
861 	 */
862 	sysctl_ctx_free(&chan->ch_sysctl_ctx);
863 
864 	/*
865 	 * Cancel polling, if it is enabled.
866 	 */
867 	vmbus_chan_poll_cancel(chan);
868 
869 	/*
870 	 * NOTE:
871 	 * Order is critical.  This channel _must_ be uninstalled first,
872 	 * else the channel task may be enqueued by the IDT after it has
873 	 * been drained.
874 	 */
875 	vmbus_chan_clear_chmap(chan);
876 	taskqueue_drain(chan->ch_tq, &chan->ch_task);
877 	chan->ch_tq = NULL;
878 
879 	/*
880 	 * Close this channel.
881 	 */
882 	mh = vmbus_msghc_get(sc, sizeof(*req));
883 	if (mh == NULL) {
884 		vmbus_chan_printf(chan,
885 		    "can not get msg hypercall for chclose(chan%u)\n",
886 		    chan->ch_id);
887 		error = ENXIO;
888 		goto disconnect;
889 	}
890 
891 	req = vmbus_msghc_dataptr(mh);
892 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_CHCLOSE;
893 	req->chm_chanid = chan->ch_id;
894 
895 	error = vmbus_msghc_exec_noresult(mh);
896 	vmbus_msghc_put(sc, mh);
897 
898 	if (error) {
899 		vmbus_chan_printf(chan,
900 		    "chclose(chan%u) msg hypercall exec failed: %d\n",
901 		    chan->ch_id, error);
902 		goto disconnect;
903 	}
904 
905 	if (bootverbose)
906 		vmbus_chan_printf(chan, "chan%u closed\n", chan->ch_id);
907 
908 disconnect:
909 	/*
910 	 * Disconnect the TX+RX bufrings from this channel.
911 	 */
912 	if (chan->ch_bufring_gpadl != 0) {
913 		int error1;
914 
915 		error1 = vmbus_chan_gpadl_disconnect(chan,
916 		    chan->ch_bufring_gpadl);
917 		if (error1) {
918 			/*
919 			 * XXX
920 			 * The bufring GPADL is still connected; abandon
921 			 * this bufring, instead of having mysterious
922 			 * crash or trashed data later on.
923 			 */
924 			vmbus_chan_printf(chan, "chan%u bufring GPADL "
925 			    "is still connected after close\n", chan->ch_id);
926 			chan->ch_bufring = NULL;
927 			/*
928 			 * Give caller a hint that the bufring GPADL is
929 			 * still connected.
930 			 */
931 			error = EISCONN;
932 		}
933 		chan->ch_bufring_gpadl = 0;
934 	}
935 
936 	/*
937 	 * Destroy the TX+RX bufrings.
938 	 */
939 	if (chan->ch_bufring != NULL) {
940 		free(chan->ch_bufring, M_DEVBUF);
941 		chan->ch_bufring = NULL;
942 	}
943 	return (error);
944 }
945 
946 int
947 vmbus_chan_close_direct(struct vmbus_channel *chan)
948 {
949 	int error;
950 
951 #ifdef INVARIANTS
952 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
953 		struct vmbus_channel *subchan;
954 
955 		/*
956 		 * All sub-channels _must_ have been closed, or are _not_
957 		 * opened at all.
958 		 */
959 		mtx_lock(&chan->ch_subchan_lock);
960 		TAILQ_FOREACH(subchan, &chan->ch_subchans, ch_sublink) {
961 			KASSERT(
962 			   (subchan->ch_stflags & VMBUS_CHAN_ST_OPENED) == 0,
963 			   ("chan%u: subchan%u is still opened",
964 			    chan->ch_id, subchan->ch_subidx));
965 		}
966 		mtx_unlock(&chan->ch_subchan_lock);
967 	}
968 #endif
969 
970 	error = vmbus_chan_close_internal(chan);
971 	if (!VMBUS_CHAN_ISPRIMARY(chan)) {
972 		/*
973 		 * This sub-channel is referenced, when it is linked to
974 		 * the primary channel; drop that reference now.
975 		 */
976 		vmbus_chan_detach(chan);
977 	}
978 	return (error);
979 }
980 
981 /*
982  * Caller should make sure that all sub-channels have
983  * been added to 'chan' and all to-be-closed channels
984  * are not being opened.
985  */
986 void
987 vmbus_chan_close(struct vmbus_channel *chan)
988 {
989 	int subchan_cnt;
990 
991 	if (!VMBUS_CHAN_ISPRIMARY(chan)) {
992 		/*
993 		 * Sub-channel is closed when its primary channel
994 		 * is closed; done.
995 		 */
996 		return;
997 	}
998 
999 	/*
1000 	 * Close all sub-channels, if any.
1001 	 */
1002 	subchan_cnt = chan->ch_subchan_cnt;
1003 	if (subchan_cnt > 0) {
1004 		struct vmbus_channel **subchan;
1005 		int i;
1006 
1007 		subchan = vmbus_subchan_get(chan, subchan_cnt);
1008 		for (i = 0; i < subchan_cnt; ++i) {
1009 			vmbus_chan_close_internal(subchan[i]);
1010 			/*
1011 			 * This sub-channel is referenced, when it is
1012 			 * linked to the primary channel; drop that
1013 			 * reference now.
1014 			 */
1015 			vmbus_chan_detach(subchan[i]);
1016 		}
1017 		vmbus_subchan_rel(subchan, subchan_cnt);
1018 	}
1019 
1020 	/* Then close the primary channel. */
1021 	vmbus_chan_close_internal(chan);
1022 }
1023 
1024 void
1025 vmbus_chan_intr_drain(struct vmbus_channel *chan)
1026 {
1027 
1028 	taskqueue_drain(chan->ch_tq, &chan->ch_task);
1029 }
1030 
1031 uint32_t
1032 vmbus_chan_write_available(struct vmbus_channel *chan)
1033 {
1034 	return (vmbus_txbr_available(&chan->ch_txbr));
1035 }
1036 
1037 bool
1038 vmbus_chan_write_signal(struct vmbus_channel *chan,
1039     int32_t min_signal_size)
1040 {
1041 	if (min_signal_size >= 0 &&
1042 	    vmbus_chan_write_available(chan) > min_signal_size) {
1043 		return false;
1044 	}
1045 
1046 	if (!vmbus_txbr_get_imask(&chan->ch_txbr)) {
1047 		/* txbr imask is not set, signal the reader */
1048 		vmbus_chan_signal_tx(chan);
1049 		return true;
1050 	}
1051 
1052 	return false;
1053 }
1054 
1055 void
1056 vmbus_chan_set_pending_send_size(struct vmbus_channel *chan,
1057     uint32_t size)
1058 {
1059 	if (chan)
1060 		vmbus_txbr_set_pending_snd_sz(&chan->ch_txbr, size);
1061 }
1062 
1063 int
1064 vmbus_chan_iov_send(struct vmbus_channel *chan,
1065     const struct iovec iov[], int iovlen,
1066     vmbus_br_copy_callback_t cb, void *cbarg)
1067 {
1068 	int error;
1069 	boolean_t send_evt;
1070 
1071 	if (iovlen == 0)
1072 		return (0);
1073 
1074 	error = vmbus_txbr_write_call(&chan->ch_txbr, iov, iovlen,
1075 	    cb, cbarg, &send_evt);
1076 
1077 	if (!error && send_evt) {
1078 		vmbus_chan_signal_tx(chan);
1079 	}
1080 
1081 	return error;
1082 }
1083 
1084 int
1085 vmbus_chan_send(struct vmbus_channel *chan, uint16_t type, uint16_t flags,
1086     void *data, int dlen, uint64_t xactid)
1087 {
1088 	struct vmbus_chanpkt pkt;
1089 	int pktlen, pad_pktlen, hlen, error;
1090 	uint64_t pad = 0;
1091 	struct iovec iov[3];
1092 	boolean_t send_evt;
1093 
1094 	hlen = sizeof(pkt);
1095 	pktlen = hlen + dlen;
1096 	pad_pktlen = VMBUS_CHANPKT_TOTLEN(pktlen);
1097 	KASSERT(pad_pktlen <= vmbus_txbr_maxpktsz(&chan->ch_txbr),
1098 	    ("invalid packet size %d", pad_pktlen));
1099 
1100 	pkt.cp_hdr.cph_type = type;
1101 	pkt.cp_hdr.cph_flags = flags;
1102 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_hlen, hlen);
1103 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_tlen, pad_pktlen);
1104 	pkt.cp_hdr.cph_xactid = xactid;
1105 
1106 	iov[0].iov_base = &pkt;
1107 	iov[0].iov_len = hlen;
1108 	iov[1].iov_base = data;
1109 	iov[1].iov_len = dlen;
1110 	iov[2].iov_base = &pad;
1111 	iov[2].iov_len = pad_pktlen - pktlen;
1112 
1113 	error = vmbus_txbr_write(&chan->ch_txbr, iov, 3, &send_evt);
1114 	if (!error && send_evt)
1115 		vmbus_chan_signal_tx(chan);
1116 	return error;
1117 }
1118 
1119 int
1120 vmbus_chan_send_sglist(struct vmbus_channel *chan,
1121     struct vmbus_gpa sg[], int sglen, void *data, int dlen, uint64_t xactid)
1122 {
1123 	struct vmbus_chanpkt_sglist pkt;
1124 	int pktlen, pad_pktlen, hlen, error;
1125 	struct iovec iov[4];
1126 	boolean_t send_evt;
1127 	uint64_t pad = 0;
1128 
1129 	hlen = __offsetof(struct vmbus_chanpkt_sglist, cp_gpa[sglen]);
1130 	pktlen = hlen + dlen;
1131 	pad_pktlen = VMBUS_CHANPKT_TOTLEN(pktlen);
1132 	KASSERT(pad_pktlen <= vmbus_txbr_maxpktsz(&chan->ch_txbr),
1133 	    ("invalid packet size %d", pad_pktlen));
1134 
1135 	pkt.cp_hdr.cph_type = VMBUS_CHANPKT_TYPE_GPA;
1136 	pkt.cp_hdr.cph_flags = VMBUS_CHANPKT_FLAG_RC;
1137 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_hlen, hlen);
1138 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_tlen, pad_pktlen);
1139 	pkt.cp_hdr.cph_xactid = xactid;
1140 	pkt.cp_rsvd = 0;
1141 	pkt.cp_gpa_cnt = sglen;
1142 
1143 	iov[0].iov_base = &pkt;
1144 	iov[0].iov_len = sizeof(pkt);
1145 	iov[1].iov_base = sg;
1146 	iov[1].iov_len = sizeof(struct vmbus_gpa) * sglen;
1147 	iov[2].iov_base = data;
1148 	iov[2].iov_len = dlen;
1149 	iov[3].iov_base = &pad;
1150 	iov[3].iov_len = pad_pktlen - pktlen;
1151 
1152 	error = vmbus_txbr_write(&chan->ch_txbr, iov, 4, &send_evt);
1153 	if (!error && send_evt)
1154 		vmbus_chan_signal_tx(chan);
1155 	return error;
1156 }
1157 
1158 int
1159 vmbus_chan_send_prplist(struct vmbus_channel *chan,
1160     struct vmbus_gpa_range *prp, int prp_cnt, void *data, int dlen,
1161     uint64_t xactid)
1162 {
1163 	struct vmbus_chanpkt_prplist pkt;
1164 	int pktlen, pad_pktlen, hlen, error;
1165 	struct iovec iov[4];
1166 	boolean_t send_evt;
1167 	uint64_t pad = 0;
1168 
1169 	hlen = __offsetof(struct vmbus_chanpkt_prplist,
1170 	    cp_range[0].gpa_page[prp_cnt]);
1171 	pktlen = hlen + dlen;
1172 	pad_pktlen = VMBUS_CHANPKT_TOTLEN(pktlen);
1173 	KASSERT(pad_pktlen <= vmbus_txbr_maxpktsz(&chan->ch_txbr),
1174 	    ("invalid packet size %d", pad_pktlen));
1175 
1176 	pkt.cp_hdr.cph_type = VMBUS_CHANPKT_TYPE_GPA;
1177 	pkt.cp_hdr.cph_flags = VMBUS_CHANPKT_FLAG_RC;
1178 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_hlen, hlen);
1179 	VMBUS_CHANPKT_SETLEN(pkt.cp_hdr.cph_tlen, pad_pktlen);
1180 	pkt.cp_hdr.cph_xactid = xactid;
1181 	pkt.cp_rsvd = 0;
1182 	pkt.cp_range_cnt = 1;
1183 
1184 	iov[0].iov_base = &pkt;
1185 	iov[0].iov_len = sizeof(pkt);
1186 	iov[1].iov_base = prp;
1187 	iov[1].iov_len = __offsetof(struct vmbus_gpa_range, gpa_page[prp_cnt]);
1188 	iov[2].iov_base = data;
1189 	iov[2].iov_len = dlen;
1190 	iov[3].iov_base = &pad;
1191 	iov[3].iov_len = pad_pktlen - pktlen;
1192 
1193 	error = vmbus_txbr_write(&chan->ch_txbr, iov, 4, &send_evt);
1194 	if (!error && send_evt)
1195 		vmbus_chan_signal_tx(chan);
1196 	return error;
1197 }
1198 
1199 int
1200 vmbus_chan_recv(struct vmbus_channel *chan, void *data, int *dlen0,
1201     uint64_t *xactid)
1202 {
1203 	struct vmbus_chanpkt_hdr pkt;
1204 	int error, dlen, hlen;
1205 	boolean_t sig_event;
1206 
1207 	error = vmbus_rxbr_peek(&chan->ch_rxbr, &pkt, sizeof(pkt));
1208 	if (error)
1209 		return (error);
1210 
1211 	if (__predict_false(pkt.cph_hlen < VMBUS_CHANPKT_HLEN_MIN)) {
1212 		vmbus_chan_printf(chan, "invalid hlen %u\n", pkt.cph_hlen);
1213 		/* XXX this channel is dead actually. */
1214 		return (EIO);
1215 	}
1216 	if (__predict_false(pkt.cph_hlen > pkt.cph_tlen)) {
1217 		vmbus_chan_printf(chan, "invalid hlen %u and tlen %u\n",
1218 		    pkt.cph_hlen, pkt.cph_tlen);
1219 		/* XXX this channel is dead actually. */
1220 		return (EIO);
1221 	}
1222 
1223 	hlen = VMBUS_CHANPKT_GETLEN(pkt.cph_hlen);
1224 	dlen = VMBUS_CHANPKT_GETLEN(pkt.cph_tlen) - hlen;
1225 
1226 	if (*dlen0 < dlen) {
1227 		/* Return the size of this packet's data. */
1228 		*dlen0 = dlen;
1229 		return (ENOBUFS);
1230 	}
1231 
1232 	*xactid = pkt.cph_xactid;
1233 	*dlen0 = dlen;
1234 
1235 	/* Skip packet header */
1236 	error = vmbus_rxbr_read(&chan->ch_rxbr, data, dlen, hlen, &sig_event);
1237 	KASSERT(!error, ("vmbus_rxbr_read failed"));
1238 
1239 	if (!error && sig_event)
1240 		vmbus_chan_signal_rx(chan);
1241 
1242 	return (0);
1243 }
1244 
1245 int
1246 vmbus_chan_recv_pkt(struct vmbus_channel *chan,
1247     struct vmbus_chanpkt_hdr *pkt, int *pktlen0)
1248 {
1249 	int error, pktlen, pkt_hlen;
1250 	boolean_t sig_event;
1251 
1252 	pkt_hlen = sizeof(*pkt);
1253 	error = vmbus_rxbr_peek(&chan->ch_rxbr, pkt, pkt_hlen);
1254 	if (error)
1255 		return (error);
1256 
1257 	if (__predict_false(pkt->cph_hlen < VMBUS_CHANPKT_HLEN_MIN)) {
1258 		vmbus_chan_printf(chan, "invalid hlen %u\n", pkt->cph_hlen);
1259 		/* XXX this channel is dead actually. */
1260 		return (EIO);
1261 	}
1262 	if (__predict_false(pkt->cph_hlen > pkt->cph_tlen)) {
1263 		vmbus_chan_printf(chan, "invalid hlen %u and tlen %u\n",
1264 		    pkt->cph_hlen, pkt->cph_tlen);
1265 		/* XXX this channel is dead actually. */
1266 		return (EIO);
1267 	}
1268 
1269 	pktlen = VMBUS_CHANPKT_GETLEN(pkt->cph_tlen);
1270 	if (*pktlen0 < pktlen) {
1271 		/* Return the size of this packet. */
1272 		*pktlen0 = pktlen;
1273 		return (ENOBUFS);
1274 	}
1275 	*pktlen0 = pktlen;
1276 
1277 	/*
1278 	 * Skip the fixed-size packet header, which has been filled
1279 	 * by the above vmbus_rxbr_peek().
1280 	 */
1281 	error = vmbus_rxbr_read(&chan->ch_rxbr, pkt + 1,
1282 	    pktlen - pkt_hlen, pkt_hlen, &sig_event);
1283 	KASSERT(!error, ("vmbus_rxbr_read failed"));
1284 
1285 	if (!error && sig_event)
1286 		vmbus_chan_signal_rx(chan);
1287 
1288 	return (0);
1289 }
1290 
1291 uint32_t
1292 vmbus_chan_read_available(struct vmbus_channel *chan)
1293 {
1294 	return (vmbus_rxbr_available(&chan->ch_rxbr));
1295 }
1296 
1297 /*
1298  * This routine does:
1299  *     - Advance the channel read index for 'advance' bytes
1300  *     - Copy data_len bytes in to the buffer pointed by 'data'
1301  * Return 0 if operation succeed. EAGAIN if operations if failed.
1302  * If failed, the buffer pointed by 'data' is intact, and the
1303  * channel read index is not advanced at all.
1304  */
1305 int
1306 vmbus_chan_recv_peek(struct vmbus_channel *chan,
1307     void *data, int data_len, uint32_t advance)
1308 {
1309 	int error;
1310 	boolean_t sig_event;
1311 
1312 	if (data == NULL || data_len <= 0)
1313 		return (EINVAL);
1314 
1315 	error = vmbus_rxbr_idxadv_peek(&chan->ch_rxbr,
1316 	    data, data_len, advance, &sig_event);
1317 
1318 	if (!error && sig_event) {
1319 		vmbus_chan_signal_rx(chan);
1320 	}
1321 
1322 	return (error);
1323 }
1324 
1325 /*
1326  * This routine does:
1327  *     - Advance the channel read index for 'advance' bytes
1328  */
1329 int
1330 vmbus_chan_recv_idxadv(struct vmbus_channel *chan, uint32_t advance)
1331 {
1332 	int error;
1333 	boolean_t sig_event;
1334 
1335 	if (advance == 0)
1336 		return (EINVAL);
1337 
1338 	error = vmbus_rxbr_idxadv(&chan->ch_rxbr, advance, &sig_event);
1339 
1340 	if (!error && sig_event) {
1341 		vmbus_chan_signal_rx(chan);
1342 	}
1343 
1344 	return (error);
1345 }
1346 
1347 
1348 /*
1349  * Caller should hold its own lock to serialize the ring buffer
1350  * copy.
1351  */
1352 int
1353 vmbus_chan_recv_peek_call(struct vmbus_channel *chan, int data_len,
1354     uint32_t skip, vmbus_br_copy_callback_t cb, void *cbarg)
1355 {
1356 	if (!chan || data_len <= 0 || cb == NULL)
1357 		return (EINVAL);
1358 
1359 	return (vmbus_rxbr_peek_call(&chan->ch_rxbr, data_len, skip,
1360 	    cb, cbarg));
1361 }
1362 
1363 static void
1364 vmbus_chan_task(void *xchan, int pending __unused)
1365 {
1366 	struct vmbus_channel *chan = xchan;
1367 	vmbus_chan_callback_t cb = chan->ch_cb;
1368 	void *cbarg = chan->ch_cbarg;
1369 
1370 	KASSERT(chan->ch_poll_intvl == 0,
1371 	    ("chan%u: interrupted in polling mode", chan->ch_id));
1372 
1373 	/*
1374 	 * Optimize host to guest signaling by ensuring:
1375 	 * 1. While reading the channel, we disable interrupts from
1376 	 *    host.
1377 	 * 2. Ensure that we process all posted messages from the host
1378 	 *    before returning from this callback.
1379 	 * 3. Once we return, enable signaling from the host. Once this
1380 	 *    state is set we check to see if additional packets are
1381 	 *    available to read. In this case we repeat the process.
1382 	 *
1383 	 * NOTE: Interrupt has been disabled in the ISR.
1384 	 */
1385 	for (;;) {
1386 		uint32_t left;
1387 
1388 		cb(chan, cbarg);
1389 
1390 		left = vmbus_rxbr_intr_unmask(&chan->ch_rxbr);
1391 		if (left == 0) {
1392 			/* No more data in RX bufring; done */
1393 			break;
1394 		}
1395 		vmbus_rxbr_intr_mask(&chan->ch_rxbr);
1396 	}
1397 }
1398 
1399 static void
1400 vmbus_chan_task_nobatch(void *xchan, int pending __unused)
1401 {
1402 	struct vmbus_channel *chan = xchan;
1403 
1404 	KASSERT(chan->ch_poll_intvl == 0,
1405 	    ("chan%u: interrupted in polling mode", chan->ch_id));
1406 	chan->ch_cb(chan, chan->ch_cbarg);
1407 }
1408 
1409 static void
1410 vmbus_chan_poll_timeout(void *xchan)
1411 {
1412 	struct vmbus_channel *chan = xchan;
1413 
1414 	KASSERT(chan->ch_poll_intvl != 0,
1415 	    ("chan%u: polling timeout in interrupt mode", chan->ch_id));
1416 	taskqueue_enqueue(chan->ch_tq, &chan->ch_poll_task);
1417 }
1418 
1419 static void
1420 vmbus_chan_poll_task(void *xchan, int pending __unused)
1421 {
1422 	struct vmbus_channel *chan = xchan;
1423 
1424 	KASSERT(chan->ch_poll_intvl != 0,
1425 	    ("chan%u: polling in interrupt mode", chan->ch_id));
1426 	callout_reset_sbt_curcpu(&chan->ch_poll_timeo, chan->ch_poll_intvl, 0,
1427 	    vmbus_chan_poll_timeout, chan, chan->ch_poll_flags);
1428 	chan->ch_cb(chan, chan->ch_cbarg);
1429 }
1430 
1431 static void
1432 vmbus_chan_pollcfg_task(void *xarg, int pending __unused)
1433 {
1434 	const struct vmbus_chan_pollarg *arg = xarg;
1435 	struct vmbus_channel *chan = arg->poll_chan;
1436 	sbintime_t intvl;
1437 	int poll_flags;
1438 
1439 	/*
1440 	 * Save polling interval.
1441 	 */
1442 	intvl = SBT_1S / arg->poll_hz;
1443 	if (intvl == 0)
1444 		intvl = 1;
1445 	if (intvl == chan->ch_poll_intvl) {
1446 		/* Nothing changes; done */
1447 		return;
1448 	}
1449 	chan->ch_poll_intvl = intvl;
1450 
1451 	/* Adjust callout flags. */
1452 	poll_flags = C_DIRECT_EXEC;
1453 	if (arg->poll_hz <= hz)
1454 		poll_flags |= C_HARDCLOCK;
1455 	chan->ch_poll_flags = poll_flags;
1456 
1457 	/*
1458 	 * Disconnect this channel from the channel map to make sure that
1459 	 * the RX bufring interrupt enabling bit can not be touched, and
1460 	 * ISR can not enqueue this channel task anymore.  THEN, disable
1461 	 * interrupt from the RX bufring (TX bufring does not generate
1462 	 * interrupt to VM).
1463 	 *
1464 	 * NOTE: order is critical.
1465 	 */
1466 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = NULL;
1467 	__compiler_membar();
1468 	vmbus_rxbr_intr_mask(&chan->ch_rxbr);
1469 
1470 	/*
1471 	 * NOTE:
1472 	 * At this point, this channel task will not be enqueued by
1473 	 * the ISR anymore, time to cancel the pending one.
1474 	 */
1475 	taskqueue_cancel(chan->ch_tq, &chan->ch_task, NULL);
1476 
1477 	/* Kick start! */
1478 	taskqueue_enqueue(chan->ch_tq, &chan->ch_poll_task);
1479 }
1480 
1481 static bool
1482 vmbus_chan_poll_cancel_intq(struct vmbus_channel *chan)
1483 {
1484 
1485 	if (chan->ch_poll_intvl == 0) {
1486 		/* Not enabled. */
1487 		return (false);
1488 	}
1489 
1490 	/*
1491 	 * Stop polling callout, so that channel polling task
1492 	 * will not be enqueued anymore.
1493 	 */
1494 	callout_drain(&chan->ch_poll_timeo);
1495 
1496 	/*
1497 	 * Disable polling by resetting polling interval.
1498 	 *
1499 	 * NOTE:
1500 	 * The polling interval resetting MUST be conducted
1501 	 * after the callout is drained; mainly to keep the
1502 	 * proper assertion in place.
1503 	 */
1504 	chan->ch_poll_intvl = 0;
1505 
1506 	/*
1507 	 * NOTE:
1508 	 * At this point, this channel polling task will not be
1509 	 * enqueued by the callout anymore, time to cancel the
1510 	 * pending one.
1511 	 */
1512 	taskqueue_cancel(chan->ch_tq, &chan->ch_poll_task, NULL);
1513 
1514 	/* Polling was enabled. */
1515 	return (true);
1516 }
1517 
1518 static void
1519 vmbus_chan_polldis_task(void *xchan, int pending __unused)
1520 {
1521 	struct vmbus_channel *chan = xchan;
1522 
1523 	if (!vmbus_chan_poll_cancel_intq(chan)) {
1524 		/* Already disabled; done. */
1525 		return;
1526 	}
1527 
1528 	/*
1529 	 * Plug this channel back to the channel map and unmask
1530 	 * the RX bufring interrupt.
1531 	 */
1532 	chan->ch_vmbus->vmbus_chmap[chan->ch_id] = chan;
1533 	__compiler_membar();
1534 	vmbus_rxbr_intr_unmask(&chan->ch_rxbr);
1535 
1536 	/*
1537 	 * Kick start the interrupt task, just in case unmasking
1538 	 * interrupt races ISR.
1539 	 */
1540 	taskqueue_enqueue(chan->ch_tq, &chan->ch_task);
1541 }
1542 
1543 static __inline void
1544 vmbus_event_flags_proc(struct vmbus_softc *sc, volatile u_long *event_flags,
1545     int flag_cnt)
1546 {
1547 	int f;
1548 
1549 	for (f = 0; f < flag_cnt; ++f) {
1550 		uint32_t chid_base;
1551 		u_long flags;
1552 		int chid_ofs;
1553 
1554 		if (event_flags[f] == 0)
1555 			continue;
1556 
1557 		flags = atomic_swap_long(&event_flags[f], 0);
1558 		chid_base = f << VMBUS_EVTFLAG_SHIFT;
1559 
1560 		while ((chid_ofs = ffsl(flags)) != 0) {
1561 			struct vmbus_channel *chan;
1562 
1563 			--chid_ofs; /* NOTE: ffsl is 1-based */
1564 			flags &= ~(1UL << chid_ofs);
1565 
1566 			chan = sc->vmbus_chmap[chid_base + chid_ofs];
1567 			if (__predict_false(chan == NULL)) {
1568 				/* Channel is closed. */
1569 				continue;
1570 			}
1571 			__compiler_membar();
1572 
1573 			if (chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD)
1574 				vmbus_rxbr_intr_mask(&chan->ch_rxbr);
1575 			taskqueue_enqueue(chan->ch_tq, &chan->ch_task);
1576 		}
1577 	}
1578 }
1579 
1580 void
1581 vmbus_event_proc(struct vmbus_softc *sc, int cpu)
1582 {
1583 	struct vmbus_evtflags *eventf;
1584 
1585 	/*
1586 	 * On Host with Win8 or above, the event page can be checked directly
1587 	 * to get the id of the channel that has the pending interrupt.
1588 	 */
1589 	eventf = VMBUS_PCPU_GET(sc, event_flags, cpu) + VMBUS_SINT_MESSAGE;
1590 	vmbus_event_flags_proc(sc, eventf->evt_flags,
1591 	    VMBUS_PCPU_GET(sc, event_flags_cnt, cpu));
1592 }
1593 
1594 void
1595 vmbus_event_proc_compat(struct vmbus_softc *sc, int cpu)
1596 {
1597 	struct vmbus_evtflags *eventf;
1598 
1599 	eventf = VMBUS_PCPU_GET(sc, event_flags, cpu) + VMBUS_SINT_MESSAGE;
1600 	if (atomic_testandclear_long(&eventf->evt_flags[0], 0)) {
1601 		vmbus_event_flags_proc(sc, sc->vmbus_rx_evtflags,
1602 		    VMBUS_CHAN_MAX_COMPAT >> VMBUS_EVTFLAG_SHIFT);
1603 	}
1604 }
1605 
1606 static void
1607 vmbus_chan_update_evtflagcnt(struct vmbus_softc *sc,
1608     const struct vmbus_channel *chan)
1609 {
1610 	volatile int *flag_cnt_ptr;
1611 	int flag_cnt;
1612 
1613 	flag_cnt = (chan->ch_id / VMBUS_EVTFLAG_LEN) + 1;
1614 	flag_cnt_ptr = VMBUS_PCPU_PTR(sc, event_flags_cnt, chan->ch_cpuid);
1615 
1616 	for (;;) {
1617 		int old_flag_cnt;
1618 
1619 		old_flag_cnt = *flag_cnt_ptr;
1620 		if (old_flag_cnt >= flag_cnt)
1621 			break;
1622 		if (atomic_cmpset_int(flag_cnt_ptr, old_flag_cnt, flag_cnt)) {
1623 			if (bootverbose) {
1624 				vmbus_chan_printf(chan,
1625 				    "chan%u update cpu%d flag_cnt to %d\n",
1626 				    chan->ch_id, chan->ch_cpuid, flag_cnt);
1627 			}
1628 			break;
1629 		}
1630 	}
1631 }
1632 
1633 static struct vmbus_channel *
1634 vmbus_chan_alloc(struct vmbus_softc *sc)
1635 {
1636 	struct vmbus_channel *chan;
1637 
1638 	chan = malloc(sizeof(*chan), M_DEVBUF, M_WAITOK | M_ZERO);
1639 
1640 	chan->ch_monprm = contigmalloc(sizeof(struct hyperv_mon_param),
1641 	    M_DEVBUF, M_WAITOK | M_ZERO, 0ul, ~0ul, HYPERCALL_PARAM_ALIGN, 0);
1642 	if (chan->ch_monprm == NULL) {
1643 		device_printf(sc->vmbus_dev, "monprm alloc failed\n");
1644 		free(chan, M_DEVBUF);
1645 		return NULL;
1646 	}
1647 
1648 	chan->ch_refs = 1;
1649 	chan->ch_vmbus = sc;
1650 	mtx_init(&chan->ch_subchan_lock, "vmbus subchan", NULL, MTX_DEF);
1651 	sx_init(&chan->ch_orphan_lock, "vmbus chorphan");
1652 	TAILQ_INIT(&chan->ch_subchans);
1653 	vmbus_rxbr_init(&chan->ch_rxbr);
1654 	vmbus_txbr_init(&chan->ch_txbr);
1655 
1656 	TASK_INIT(&chan->ch_poll_task, 0, vmbus_chan_poll_task, chan);
1657 	callout_init(&chan->ch_poll_timeo, 1);
1658 
1659 	return chan;
1660 }
1661 
1662 static void
1663 vmbus_chan_free(struct vmbus_channel *chan)
1664 {
1665 
1666 	KASSERT(TAILQ_EMPTY(&chan->ch_subchans) && chan->ch_subchan_cnt == 0,
1667 	    ("still owns sub-channels"));
1668 	KASSERT((chan->ch_stflags &
1669 	    (VMBUS_CHAN_ST_OPENED |
1670 	     VMBUS_CHAN_ST_ONPRIL |
1671 	     VMBUS_CHAN_ST_ONSUBL |
1672 	     VMBUS_CHAN_ST_ONLIST)) == 0, ("free busy channel"));
1673 	KASSERT(chan->ch_orphan_xact == NULL,
1674 	    ("still has orphan xact installed"));
1675 	KASSERT(chan->ch_refs == 0, ("chan%u: invalid refcnt %d",
1676 	    chan->ch_id, chan->ch_refs));
1677 	KASSERT(chan->ch_poll_intvl == 0, ("chan%u: polling is activated",
1678 	    chan->ch_id));
1679 
1680 	free(chan->ch_monprm, M_DEVBUF);
1681 	mtx_destroy(&chan->ch_subchan_lock);
1682 	sx_destroy(&chan->ch_orphan_lock);
1683 	vmbus_rxbr_deinit(&chan->ch_rxbr);
1684 	vmbus_txbr_deinit(&chan->ch_txbr);
1685 	free(chan, M_DEVBUF);
1686 }
1687 
1688 static int
1689 vmbus_chan_add(struct vmbus_channel *newchan)
1690 {
1691 	struct vmbus_softc *sc = newchan->ch_vmbus;
1692 	struct vmbus_channel *prichan;
1693 
1694 	if (newchan->ch_id == 0) {
1695 		/*
1696 		 * XXX
1697 		 * Chan0 will neither be processed nor should be offered;
1698 		 * skip it.
1699 		 */
1700 		device_printf(sc->vmbus_dev, "got chan0 offer, discard\n");
1701 		return EINVAL;
1702 	} else if (newchan->ch_id >= VMBUS_CHAN_MAX) {
1703 		device_printf(sc->vmbus_dev, "invalid chan%u offer\n",
1704 		    newchan->ch_id);
1705 		return EINVAL;
1706 	}
1707 
1708 	mtx_lock(&sc->vmbus_prichan_lock);
1709 	TAILQ_FOREACH(prichan, &sc->vmbus_prichans, ch_prilink) {
1710 		/*
1711 		 * Sub-channel will have the same type GUID and instance
1712 		 * GUID as its primary channel.
1713 		 */
1714 		if (memcmp(&prichan->ch_guid_type, &newchan->ch_guid_type,
1715 		    sizeof(struct hyperv_guid)) == 0 &&
1716 		    memcmp(&prichan->ch_guid_inst, &newchan->ch_guid_inst,
1717 		    sizeof(struct hyperv_guid)) == 0)
1718 			break;
1719 	}
1720 	if (VMBUS_CHAN_ISPRIMARY(newchan)) {
1721 		if (prichan == NULL) {
1722 			/* Install the new primary channel */
1723 			vmbus_chan_ins_prilist(sc, newchan);
1724 			mtx_unlock(&sc->vmbus_prichan_lock);
1725 			goto done;
1726 		} else {
1727 			mtx_unlock(&sc->vmbus_prichan_lock);
1728 			device_printf(sc->vmbus_dev,
1729 			    "duplicated primary chan%u\n", newchan->ch_id);
1730 			return EINVAL;
1731 		}
1732 	} else { /* Sub-channel */
1733 		if (prichan == NULL) {
1734 			mtx_unlock(&sc->vmbus_prichan_lock);
1735 			device_printf(sc->vmbus_dev,
1736 			    "no primary chan for chan%u\n", newchan->ch_id);
1737 			return EINVAL;
1738 		}
1739 		/*
1740 		 * Found the primary channel for this sub-channel and
1741 		 * move on.
1742 		 *
1743 		 * XXX refcnt prichan
1744 		 */
1745 	}
1746 	mtx_unlock(&sc->vmbus_prichan_lock);
1747 
1748 	/*
1749 	 * This is a sub-channel; link it with the primary channel.
1750 	 */
1751 	KASSERT(!VMBUS_CHAN_ISPRIMARY(newchan),
1752 	    ("new channel is not sub-channel"));
1753 	KASSERT(prichan != NULL, ("no primary channel"));
1754 
1755 	/*
1756 	 * Reference count this sub-channel; it will be dereferenced
1757 	 * when this sub-channel is closed.
1758 	 */
1759 	KASSERT(newchan->ch_refs == 1, ("chan%u: invalid refcnt %d",
1760 	    newchan->ch_id, newchan->ch_refs));
1761 	atomic_add_int(&newchan->ch_refs, 1);
1762 
1763 	newchan->ch_prichan = prichan;
1764 	newchan->ch_dev = prichan->ch_dev;
1765 
1766 	mtx_lock(&prichan->ch_subchan_lock);
1767 	vmbus_chan_ins_sublist(prichan, newchan);
1768 	mtx_unlock(&prichan->ch_subchan_lock);
1769 	/*
1770 	 * Notify anyone that is interested in this sub-channel,
1771 	 * after this sub-channel is setup.
1772 	 */
1773 	wakeup(prichan);
1774 done:
1775 	/*
1776 	 * Hook this channel up for later revocation.
1777 	 */
1778 	mtx_lock(&sc->vmbus_chan_lock);
1779 	vmbus_chan_ins_list(sc, newchan);
1780 	mtx_unlock(&sc->vmbus_chan_lock);
1781 
1782 	if (bootverbose) {
1783 		vmbus_chan_printf(newchan, "chan%u subidx%u offer\n",
1784 		    newchan->ch_id, newchan->ch_subidx);
1785 	}
1786 
1787 	/* Select default cpu for this channel. */
1788 	vmbus_chan_cpu_default(newchan);
1789 
1790 	return 0;
1791 }
1792 
1793 void
1794 vmbus_chan_cpu_set(struct vmbus_channel *chan, int cpu)
1795 {
1796 	KASSERT(cpu >= 0 && cpu < mp_ncpus, ("invalid cpu %d", cpu));
1797 
1798 	if (chan->ch_vmbus->vmbus_version == VMBUS_VERSION_WS2008 ||
1799 	    chan->ch_vmbus->vmbus_version == VMBUS_VERSION_WIN7) {
1800 		/* Only cpu0 is supported */
1801 		cpu = 0;
1802 	}
1803 
1804 	chan->ch_cpuid = cpu;
1805 	chan->ch_vcpuid = VMBUS_PCPU_GET(chan->ch_vmbus, vcpuid, cpu);
1806 
1807 	if (bootverbose) {
1808 		vmbus_chan_printf(chan,
1809 		    "chan%u assigned to cpu%u [vcpu%u]\n",
1810 		    chan->ch_id, chan->ch_cpuid, chan->ch_vcpuid);
1811 	}
1812 }
1813 
1814 void
1815 vmbus_chan_cpu_rr(struct vmbus_channel *chan)
1816 {
1817 	static uint32_t vmbus_chan_nextcpu;
1818 	int cpu;
1819 
1820 	cpu = atomic_fetchadd_int(&vmbus_chan_nextcpu, 1) % mp_ncpus;
1821 	vmbus_chan_cpu_set(chan, cpu);
1822 }
1823 
1824 static void
1825 vmbus_chan_cpu_default(struct vmbus_channel *chan)
1826 {
1827 	/*
1828 	 * By default, pin the channel to cpu0.  Devices having
1829 	 * special channel-cpu mapping requirement should call
1830 	 * vmbus_chan_cpu_{set,rr}().
1831 	 */
1832 	vmbus_chan_cpu_set(chan, 0);
1833 }
1834 
1835 static void
1836 vmbus_chan_msgproc_choffer(struct vmbus_softc *sc,
1837     const struct vmbus_message *msg)
1838 {
1839 	const struct vmbus_chanmsg_choffer *offer;
1840 	struct vmbus_channel *chan;
1841 	task_fn_t *detach_fn, *attach_fn;
1842 	int error;
1843 
1844 	offer = (const struct vmbus_chanmsg_choffer *)msg->msg_data;
1845 
1846 	chan = vmbus_chan_alloc(sc);
1847 	if (chan == NULL) {
1848 		device_printf(sc->vmbus_dev, "allocate chan%u failed\n",
1849 		    offer->chm_chanid);
1850 		return;
1851 	}
1852 
1853 	chan->ch_id = offer->chm_chanid;
1854 	chan->ch_subidx = offer->chm_subidx;
1855 	chan->ch_guid_type = offer->chm_chtype;
1856 	chan->ch_guid_inst = offer->chm_chinst;
1857 
1858 	/* Batch reading is on by default */
1859 	chan->ch_flags |= VMBUS_CHAN_FLAG_BATCHREAD;
1860 
1861 	chan->ch_monprm->mp_connid = VMBUS_CONNID_EVENT;
1862 	if (sc->vmbus_version != VMBUS_VERSION_WS2008)
1863 		chan->ch_monprm->mp_connid = offer->chm_connid;
1864 
1865 	if (offer->chm_flags1 & VMBUS_CHOFFER_FLAG1_HASMNF) {
1866 		int trig_idx;
1867 
1868 		/*
1869 		 * Setup MNF stuffs.
1870 		 */
1871 		chan->ch_txflags |= VMBUS_CHAN_TXF_HASMNF;
1872 
1873 		trig_idx = offer->chm_montrig / VMBUS_MONTRIG_LEN;
1874 		if (trig_idx >= VMBUS_MONTRIGS_MAX)
1875 			panic("invalid monitor trigger %u", offer->chm_montrig);
1876 		chan->ch_montrig =
1877 		    &sc->vmbus_mnf2->mnf_trigs[trig_idx].mt_pending;
1878 
1879 		chan->ch_montrig_mask =
1880 		    1 << (offer->chm_montrig % VMBUS_MONTRIG_LEN);
1881 	}
1882 
1883 	if (offer->chm_chflags & VMBUS_CHAN_TLNPI_PROVIDER_OFFER) {
1884 		/* This is HyperV socket channel */
1885 		chan->ch_is_hvs = true;
1886 		/* The first byte != 0 means the host initiated connection. */
1887 		chan->ch_hvs_conn_from_host =
1888 		    offer->chm_udata.pipe.user_def[0];
1889 
1890 		if (bootverbose) {
1891 			device_printf(sc->vmbus_dev,
1892 			    "chan%u is hyperv socket channel "
1893 			    "connected %s host\n",
1894 			    chan->ch_id,
1895 			    (chan->ch_hvs_conn_from_host != 0) ?
1896 			    "from" : "to");
1897 		}
1898 	} else {
1899 		chan->ch_is_hvs = false;
1900 	}
1901 
1902 	/*
1903 	 * Setup event flag.
1904 	 */
1905 	chan->ch_evtflag =
1906 	    &sc->vmbus_tx_evtflags[chan->ch_id >> VMBUS_EVTFLAG_SHIFT];
1907 	chan->ch_evtflag_mask = 1UL << (chan->ch_id & VMBUS_EVTFLAG_MASK);
1908 
1909 	/*
1910 	 * Setup attach and detach tasks.
1911 	 */
1912 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
1913 		chan->ch_mgmt_tq = sc->vmbus_devtq;
1914 		attach_fn = vmbus_prichan_attach_task;
1915 		detach_fn = vmbus_prichan_detach_task;
1916 	} else {
1917 		chan->ch_mgmt_tq = sc->vmbus_subchtq;
1918 		attach_fn = vmbus_subchan_attach_task;
1919 		detach_fn = vmbus_subchan_detach_task;
1920 	}
1921 	TASK_INIT(&chan->ch_attach_task, 0, attach_fn, chan);
1922 	TASK_INIT(&chan->ch_detach_task, 0, detach_fn, chan);
1923 
1924 	error = vmbus_chan_add(chan);
1925 	if (error) {
1926 		device_printf(sc->vmbus_dev, "add chan%u failed: %d\n",
1927 		    chan->ch_id, error);
1928 		atomic_subtract_int(&chan->ch_refs, 1);
1929 		vmbus_chan_free(chan);
1930 		return;
1931 	}
1932 	taskqueue_enqueue(chan->ch_mgmt_tq, &chan->ch_attach_task);
1933 }
1934 
1935 static void
1936 vmbus_chan_msgproc_chrescind(struct vmbus_softc *sc,
1937     const struct vmbus_message *msg)
1938 {
1939 	const struct vmbus_chanmsg_chrescind *note;
1940 	struct vmbus_channel *chan;
1941 
1942 	note = (const struct vmbus_chanmsg_chrescind *)msg->msg_data;
1943 	if (note->chm_chanid > VMBUS_CHAN_MAX) {
1944 		device_printf(sc->vmbus_dev, "invalid revoked chan%u\n",
1945 		    note->chm_chanid);
1946 		return;
1947 	}
1948 
1949 	/*
1950 	 * Find and remove the target channel from the channel list.
1951 	 */
1952 	mtx_lock(&sc->vmbus_chan_lock);
1953 	TAILQ_FOREACH(chan, &sc->vmbus_chans, ch_link) {
1954 		if (chan->ch_id == note->chm_chanid)
1955 			break;
1956 	}
1957 	if (chan == NULL) {
1958 		mtx_unlock(&sc->vmbus_chan_lock);
1959 		device_printf(sc->vmbus_dev, "chan%u is not offered\n",
1960 		    note->chm_chanid);
1961 		return;
1962 	}
1963 	vmbus_chan_rem_list(sc, chan);
1964 	mtx_unlock(&sc->vmbus_chan_lock);
1965 
1966 	if (VMBUS_CHAN_ISPRIMARY(chan)) {
1967 		/*
1968 		 * The target channel is a primary channel; remove the
1969 		 * target channel from the primary channel list now,
1970 		 * instead of later, so that it will not be found by
1971 		 * other sub-channel offers, which are processed in
1972 		 * this thread.
1973 		 */
1974 		mtx_lock(&sc->vmbus_prichan_lock);
1975 		vmbus_chan_rem_prilist(sc, chan);
1976 		mtx_unlock(&sc->vmbus_prichan_lock);
1977 	}
1978 
1979 	/*
1980 	 * NOTE:
1981 	 * The following processing order is critical:
1982 	 * Set the REVOKED state flag before orphaning the installed xact.
1983 	 */
1984 
1985 	if (atomic_testandset_int(&chan->ch_stflags,
1986 	    VMBUS_CHAN_ST_REVOKED_SHIFT))
1987 		panic("channel has already been revoked");
1988 
1989 	sx_xlock(&chan->ch_orphan_lock);
1990 	if (chan->ch_orphan_xact != NULL)
1991 		vmbus_xact_ctx_orphan(chan->ch_orphan_xact);
1992 	sx_xunlock(&chan->ch_orphan_lock);
1993 
1994 	if (bootverbose)
1995 		vmbus_chan_printf(chan, "chan%u revoked\n", note->chm_chanid);
1996 	vmbus_chan_detach(chan);
1997 }
1998 
1999 static int
2000 vmbus_chan_release(struct vmbus_channel *chan)
2001 {
2002 	struct vmbus_softc *sc = chan->ch_vmbus;
2003 	struct vmbus_chanmsg_chfree *req;
2004 	struct vmbus_msghc *mh;
2005 	int error;
2006 
2007 	mh = vmbus_msghc_get(sc, sizeof(*req));
2008 	if (mh == NULL) {
2009 		vmbus_chan_printf(chan,
2010 		    "can not get msg hypercall for chfree(chan%u)\n",
2011 		    chan->ch_id);
2012 		return (ENXIO);
2013 	}
2014 
2015 	req = vmbus_msghc_dataptr(mh);
2016 	req->chm_hdr.chm_type = VMBUS_CHANMSG_TYPE_CHFREE;
2017 	req->chm_chanid = chan->ch_id;
2018 
2019 	error = vmbus_msghc_exec_noresult(mh);
2020 	vmbus_msghc_put(sc, mh);
2021 
2022 	if (error) {
2023 		vmbus_chan_printf(chan,
2024 		    "chfree(chan%u) msg hypercall exec failed: %d\n",
2025 		    chan->ch_id, error);
2026 	} else {
2027 		if (bootverbose)
2028 			vmbus_chan_printf(chan, "chan%u freed\n", chan->ch_id);
2029 	}
2030 	return (error);
2031 }
2032 
2033 static void
2034 vmbus_prichan_detach_task(void *xchan, int pending __unused)
2035 {
2036 	struct vmbus_channel *chan = xchan;
2037 
2038 	KASSERT(VMBUS_CHAN_ISPRIMARY(chan),
2039 	    ("chan%u is not primary channel", chan->ch_id));
2040 
2041 	/* Delete and detach the device associated with this channel. */
2042 	vmbus_delete_child(chan);
2043 
2044 	/* Release this channel (back to vmbus). */
2045 	vmbus_chan_release(chan);
2046 
2047 	/* Free this channel's resource. */
2048 	vmbus_chan_free(chan);
2049 }
2050 
2051 static void
2052 vmbus_subchan_detach_task(void *xchan, int pending __unused)
2053 {
2054 	struct vmbus_channel *chan = xchan;
2055 	struct vmbus_channel *pri_chan = chan->ch_prichan;
2056 
2057 	KASSERT(!VMBUS_CHAN_ISPRIMARY(chan),
2058 	    ("chan%u is primary channel", chan->ch_id));
2059 
2060 	/* Release this channel (back to vmbus). */
2061 	vmbus_chan_release(chan);
2062 
2063 	/* Unlink from its primary channel's sub-channel list. */
2064 	mtx_lock(&pri_chan->ch_subchan_lock);
2065 	vmbus_chan_rem_sublist(pri_chan, chan);
2066 	mtx_unlock(&pri_chan->ch_subchan_lock);
2067 	/* Notify anyone that is waiting for this sub-channel to vanish. */
2068 	wakeup(pri_chan);
2069 
2070 	/* Free this channel's resource. */
2071 	vmbus_chan_free(chan);
2072 }
2073 
2074 static void
2075 vmbus_prichan_attach_task(void *xchan, int pending __unused)
2076 {
2077 
2078 	/*
2079 	 * Add device for this primary channel.
2080 	 */
2081 	vmbus_add_child(xchan);
2082 }
2083 
2084 static void
2085 vmbus_subchan_attach_task(void *xchan __unused, int pending __unused)
2086 {
2087 
2088 	/* Nothing */
2089 }
2090 
2091 void
2092 vmbus_chan_destroy_all(struct vmbus_softc *sc)
2093 {
2094 
2095 	/*
2096 	 * Detach all devices and destroy the corresponding primary
2097 	 * channels.
2098 	 */
2099 	for (;;) {
2100 		struct vmbus_channel *chan;
2101 
2102 		mtx_lock(&sc->vmbus_chan_lock);
2103 		TAILQ_FOREACH(chan, &sc->vmbus_chans, ch_link) {
2104 			if (VMBUS_CHAN_ISPRIMARY(chan))
2105 				break;
2106 		}
2107 		if (chan == NULL) {
2108 			/* No more primary channels; done. */
2109 			mtx_unlock(&sc->vmbus_chan_lock);
2110 			break;
2111 		}
2112 		vmbus_chan_rem_list(sc, chan);
2113 		mtx_unlock(&sc->vmbus_chan_lock);
2114 
2115 		mtx_lock(&sc->vmbus_prichan_lock);
2116 		vmbus_chan_rem_prilist(sc, chan);
2117 		mtx_unlock(&sc->vmbus_prichan_lock);
2118 
2119 		taskqueue_enqueue(chan->ch_mgmt_tq, &chan->ch_detach_task);
2120 	}
2121 }
2122 
2123 struct vmbus_channel **
2124 vmbus_subchan_get(struct vmbus_channel *pri_chan, int subchan_cnt)
2125 {
2126 	struct vmbus_channel **ret, *chan;
2127 	int i;
2128 
2129 	KASSERT(subchan_cnt > 0, ("invalid sub-channel count %d", subchan_cnt));
2130 
2131 	ret = malloc(subchan_cnt * sizeof(struct vmbus_channel *), M_TEMP,
2132 	    M_WAITOK);
2133 
2134 	mtx_lock(&pri_chan->ch_subchan_lock);
2135 
2136 	while (pri_chan->ch_subchan_cnt < subchan_cnt)
2137 		mtx_sleep(pri_chan, &pri_chan->ch_subchan_lock, 0, "subch", 0);
2138 
2139 	i = 0;
2140 	TAILQ_FOREACH(chan, &pri_chan->ch_subchans, ch_sublink) {
2141 		/* TODO: refcnt chan */
2142 		ret[i] = chan;
2143 
2144 		++i;
2145 		if (i == subchan_cnt)
2146 			break;
2147 	}
2148 	KASSERT(i == subchan_cnt, ("invalid subchan count %d, should be %d",
2149 	    pri_chan->ch_subchan_cnt, subchan_cnt));
2150 
2151 	mtx_unlock(&pri_chan->ch_subchan_lock);
2152 
2153 	return ret;
2154 }
2155 
2156 void
2157 vmbus_subchan_rel(struct vmbus_channel **subchan, int subchan_cnt __unused)
2158 {
2159 
2160 	free(subchan, M_TEMP);
2161 }
2162 
2163 void
2164 vmbus_subchan_drain(struct vmbus_channel *pri_chan)
2165 {
2166 	mtx_lock(&pri_chan->ch_subchan_lock);
2167 	while (pri_chan->ch_subchan_cnt > 0)
2168 		mtx_sleep(pri_chan, &pri_chan->ch_subchan_lock, 0, "dsubch", 0);
2169 	mtx_unlock(&pri_chan->ch_subchan_lock);
2170 }
2171 
2172 void
2173 vmbus_chan_msgproc(struct vmbus_softc *sc, const struct vmbus_message *msg)
2174 {
2175 	vmbus_chanmsg_proc_t msg_proc;
2176 	uint32_t msg_type;
2177 
2178 	msg_type = ((const struct vmbus_chanmsg_hdr *)msg->msg_data)->chm_type;
2179 	KASSERT(msg_type < VMBUS_CHANMSG_TYPE_MAX,
2180 	    ("invalid message type %u", msg_type));
2181 
2182 	msg_proc = vmbus_chan_msgprocs[msg_type];
2183 	if (msg_proc != NULL)
2184 		msg_proc(sc, msg);
2185 }
2186 
2187 void
2188 vmbus_chan_set_readbatch(struct vmbus_channel *chan, bool on)
2189 {
2190 	if (!on)
2191 		chan->ch_flags &= ~VMBUS_CHAN_FLAG_BATCHREAD;
2192 	else
2193 		chan->ch_flags |= VMBUS_CHAN_FLAG_BATCHREAD;
2194 }
2195 
2196 uint32_t
2197 vmbus_chan_id(const struct vmbus_channel *chan)
2198 {
2199 	return chan->ch_id;
2200 }
2201 
2202 uint32_t
2203 vmbus_chan_subidx(const struct vmbus_channel *chan)
2204 {
2205 	return chan->ch_subidx;
2206 }
2207 
2208 bool
2209 vmbus_chan_is_primary(const struct vmbus_channel *chan)
2210 {
2211 	if (VMBUS_CHAN_ISPRIMARY(chan))
2212 		return true;
2213 	else
2214 		return false;
2215 }
2216 
2217 bool
2218 vmbus_chan_is_hvs(const struct vmbus_channel *chan)
2219 {
2220 	return chan->ch_is_hvs;
2221 }
2222 
2223 bool
2224 vmbus_chan_is_hvs_conn_from_host(const struct vmbus_channel *chan)
2225 {
2226 	KASSERT(vmbus_chan_is_hvs(chan) == true,
2227 	    ("Not a HyperV Socket channel %u", chan->ch_id));
2228 	if (chan->ch_hvs_conn_from_host != 0)
2229 		return true;
2230 	else
2231 		return false;
2232 }
2233 
2234 struct hyperv_guid *
2235 vmbus_chan_guid_type(struct vmbus_channel *chan)
2236 {
2237 	return &chan->ch_guid_type;
2238 }
2239 
2240 struct hyperv_guid *
2241 vmbus_chan_guid_inst(struct vmbus_channel *chan)
2242 {
2243 	return &chan->ch_guid_inst;
2244 }
2245 
2246 int
2247 vmbus_chan_prplist_nelem(int br_size, int prpcnt_max, int dlen_max)
2248 {
2249 	int elem_size;
2250 
2251 	elem_size = __offsetof(struct vmbus_chanpkt_prplist,
2252 	    cp_range[0].gpa_page[prpcnt_max]);
2253 	elem_size += dlen_max;
2254 	elem_size = VMBUS_CHANPKT_TOTLEN(elem_size);
2255 
2256 	return (vmbus_br_nelem(br_size, elem_size));
2257 }
2258 
2259 bool
2260 vmbus_chan_tx_empty(const struct vmbus_channel *chan)
2261 {
2262 
2263 	return (vmbus_txbr_empty(&chan->ch_txbr));
2264 }
2265 
2266 bool
2267 vmbus_chan_rx_empty(const struct vmbus_channel *chan)
2268 {
2269 
2270 	return (vmbus_rxbr_empty(&chan->ch_rxbr));
2271 }
2272 
2273 static int
2274 vmbus_chan_printf(const struct vmbus_channel *chan, const char *fmt, ...)
2275 {
2276 	va_list ap;
2277 	device_t dev;
2278 	int retval;
2279 
2280 	if (chan->ch_dev == NULL || !device_is_alive(chan->ch_dev))
2281 		dev = chan->ch_vmbus->vmbus_dev;
2282 	else
2283 		dev = chan->ch_dev;
2284 
2285 	retval = device_print_prettyname(dev);
2286 	va_start(ap, fmt);
2287 	retval += vprintf(fmt, ap);
2288 	va_end(ap);
2289 
2290 	return (retval);
2291 }
2292 
2293 void
2294 vmbus_chan_run_task(struct vmbus_channel *chan, struct task *task)
2295 {
2296 
2297 	taskqueue_enqueue(chan->ch_tq, task);
2298 	taskqueue_drain(chan->ch_tq, task);
2299 }
2300 
2301 struct taskqueue *
2302 vmbus_chan_mgmt_tq(const struct vmbus_channel *chan)
2303 {
2304 
2305 	return (chan->ch_mgmt_tq);
2306 }
2307 
2308 bool
2309 vmbus_chan_is_revoked(const struct vmbus_channel *chan)
2310 {
2311 
2312 	if (chan->ch_stflags & VMBUS_CHAN_ST_REVOKED)
2313 		return (true);
2314 	return (false);
2315 }
2316 
2317 void
2318 vmbus_chan_set_orphan(struct vmbus_channel *chan, struct vmbus_xact_ctx *xact)
2319 {
2320 
2321 	sx_xlock(&chan->ch_orphan_lock);
2322 	chan->ch_orphan_xact = xact;
2323 	sx_xunlock(&chan->ch_orphan_lock);
2324 }
2325 
2326 void
2327 vmbus_chan_unset_orphan(struct vmbus_channel *chan)
2328 {
2329 
2330 	sx_xlock(&chan->ch_orphan_lock);
2331 	chan->ch_orphan_xact = NULL;
2332 	sx_xunlock(&chan->ch_orphan_lock);
2333 }
2334 
2335 const void *
2336 vmbus_chan_xact_wait(const struct vmbus_channel *chan,
2337     struct vmbus_xact *xact, size_t *resp_len, bool can_sleep)
2338 {
2339 	const void *ret;
2340 
2341 	if (can_sleep)
2342 		ret = vmbus_xact_wait(xact, resp_len);
2343 	else
2344 		ret = vmbus_xact_busywait(xact, resp_len);
2345 	if (vmbus_chan_is_revoked(chan)) {
2346 		/*
2347 		 * This xact probably is interrupted, and the
2348 		 * interruption can race the reply reception,
2349 		 * so we have to make sure that there are nothing
2350 		 * left on the RX bufring, i.e. this xact will
2351 		 * not be touched, once this function returns.
2352 		 *
2353 		 * Since the hypervisor will not put more data
2354 		 * onto the RX bufring once the channel is revoked,
2355 		 * the following loop will be terminated, once all
2356 		 * data are drained by the driver's channel
2357 		 * callback.
2358 		 */
2359 		while (!vmbus_chan_rx_empty(chan)) {
2360 			if (can_sleep)
2361 				pause("chxact", 1);
2362 			else
2363 				DELAY(1000);
2364 		}
2365 	}
2366 	return (ret);
2367 }
2368 
2369 void
2370 vmbus_chan_poll_enable(struct vmbus_channel *chan, u_int pollhz)
2371 {
2372 	struct vmbus_chan_pollarg arg;
2373 	struct task poll_cfg;
2374 
2375 	KASSERT(chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD,
2376 	    ("enable polling on non-batch chan%u", chan->ch_id));
2377 	KASSERT(pollhz >= VMBUS_CHAN_POLLHZ_MIN &&
2378 	    pollhz <= VMBUS_CHAN_POLLHZ_MAX, ("invalid pollhz %u", pollhz));
2379 
2380 	arg.poll_chan = chan;
2381 	arg.poll_hz = pollhz;
2382 	TASK_INIT(&poll_cfg, 0, vmbus_chan_pollcfg_task, &arg);
2383 	vmbus_chan_run_task(chan, &poll_cfg);
2384 }
2385 
2386 void
2387 vmbus_chan_poll_disable(struct vmbus_channel *chan)
2388 {
2389 	struct task poll_dis;
2390 
2391 	KASSERT(chan->ch_flags & VMBUS_CHAN_FLAG_BATCHREAD,
2392 	    ("disable polling on non-batch chan%u", chan->ch_id));
2393 
2394 	TASK_INIT(&poll_dis, 0, vmbus_chan_polldis_task, chan);
2395 	vmbus_chan_run_task(chan, &poll_dis);
2396 }
2397