10767e98aSRoger Pau Monné /******************************************************************************
20767e98aSRoger Pau Monné * gnttab.c
30767e98aSRoger Pau Monné *
40767e98aSRoger Pau Monné * Two sets of functionality:
50767e98aSRoger Pau Monné * 1. Granting foreign access to our memory reservation.
60767e98aSRoger Pau Monné * 2. Accessing others' memory reservations via grant references.
70767e98aSRoger Pau Monné * (i.e., mechanisms for both sender and recipient of grant references)
80767e98aSRoger Pau Monné *
90767e98aSRoger Pau Monné * Copyright (c) 2005, Christopher Clark
100767e98aSRoger Pau Monné * Copyright (c) 2004, K A Fraser
110767e98aSRoger Pau Monné */
120767e98aSRoger Pau Monné
130767e98aSRoger Pau Monné #include <sys/param.h>
140767e98aSRoger Pau Monné #include <sys/systm.h>
150767e98aSRoger Pau Monné #include <sys/bus.h>
160767e98aSRoger Pau Monné #include <sys/conf.h>
170767e98aSRoger Pau Monné #include <sys/module.h>
180767e98aSRoger Pau Monné #include <sys/kernel.h>
190767e98aSRoger Pau Monné #include <sys/lock.h>
200767e98aSRoger Pau Monné #include <sys/malloc.h>
210767e98aSRoger Pau Monné #include <sys/mman.h>
220767e98aSRoger Pau Monné #include <sys/limits.h>
230767e98aSRoger Pau Monné #include <sys/rman.h>
240767e98aSRoger Pau Monné #include <machine/resource.h>
252f9ec994SRoger Pau Monné #include <machine/cpu.h>
260767e98aSRoger Pau Monné
270767e98aSRoger Pau Monné #include <xen/xen-os.h>
280767e98aSRoger Pau Monné #include <xen/hypervisor.h>
290767e98aSRoger Pau Monné #include <xen/gnttab.h>
300767e98aSRoger Pau Monné
310767e98aSRoger Pau Monné #include <vm/vm.h>
320767e98aSRoger Pau Monné #include <vm/vm_kern.h>
330767e98aSRoger Pau Monné #include <vm/vm_extern.h>
340767e98aSRoger Pau Monné #include <vm/pmap.h>
350767e98aSRoger Pau Monné
360767e98aSRoger Pau Monné /* External tools reserve first few grant table entries. */
370767e98aSRoger Pau Monné #define NR_RESERVED_ENTRIES 8
385489d7e9SRoger Pau Monné #define GREFS_PER_GRANT_FRAME (PAGE_SIZE / sizeof(grant_entry_v1_t))
390767e98aSRoger Pau Monné
400767e98aSRoger Pau Monné static grant_ref_t **gnttab_list;
410767e98aSRoger Pau Monné static unsigned int nr_grant_frames;
420767e98aSRoger Pau Monné static unsigned int boot_max_nr_grant_frames;
430767e98aSRoger Pau Monné static int gnttab_free_count;
440767e98aSRoger Pau Monné static grant_ref_t gnttab_free_head;
450767e98aSRoger Pau Monné static struct mtx gnttab_list_lock;
460767e98aSRoger Pau Monné
470767e98aSRoger Pau Monné /*
480767e98aSRoger Pau Monné * Resource representing allocated physical address space
490767e98aSRoger Pau Monné * for the grant table metainfo
500767e98aSRoger Pau Monné */
510767e98aSRoger Pau Monné static struct resource *gnttab_pseudo_phys_res;
520767e98aSRoger Pau Monné
530767e98aSRoger Pau Monné /* Resource id for allocated physical address space. */
540767e98aSRoger Pau Monné static int gnttab_pseudo_phys_res_id;
550767e98aSRoger Pau Monné
565489d7e9SRoger Pau Monné static grant_entry_v1_t *shared;
570767e98aSRoger Pau Monné
580767e98aSRoger Pau Monné static struct gnttab_free_callback *gnttab_free_callback_list = NULL;
590767e98aSRoger Pau Monné
600767e98aSRoger Pau Monné static int gnttab_expand(unsigned int req_entries);
610767e98aSRoger Pau Monné
620767e98aSRoger Pau Monné #define RPP (PAGE_SIZE / sizeof(grant_ref_t))
630767e98aSRoger Pau Monné #define gnttab_entry(entry) (gnttab_list[(entry) / RPP][(entry) % RPP])
640767e98aSRoger Pau Monné
650767e98aSRoger Pau Monné static int
get_free_entries(int count,int * entries)660767e98aSRoger Pau Monné get_free_entries(int count, int *entries)
670767e98aSRoger Pau Monné {
680767e98aSRoger Pau Monné int ref, error;
690767e98aSRoger Pau Monné grant_ref_t head;
700767e98aSRoger Pau Monné
710767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock);
720767e98aSRoger Pau Monné if ((gnttab_free_count < count) &&
730767e98aSRoger Pau Monné ((error = gnttab_expand(count - gnttab_free_count)) != 0)) {
740767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
750767e98aSRoger Pau Monné return (error);
760767e98aSRoger Pau Monné }
770767e98aSRoger Pau Monné ref = head = gnttab_free_head;
780767e98aSRoger Pau Monné gnttab_free_count -= count;
790767e98aSRoger Pau Monné while (count-- > 1)
800767e98aSRoger Pau Monné head = gnttab_entry(head);
810767e98aSRoger Pau Monné gnttab_free_head = gnttab_entry(head);
820767e98aSRoger Pau Monné gnttab_entry(head) = GNTTAB_LIST_END;
830767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
840767e98aSRoger Pau Monné
850767e98aSRoger Pau Monné *entries = ref;
860767e98aSRoger Pau Monné return (0);
870767e98aSRoger Pau Monné }
880767e98aSRoger Pau Monné
890767e98aSRoger Pau Monné static void
do_free_callbacks(void)900767e98aSRoger Pau Monné do_free_callbacks(void)
910767e98aSRoger Pau Monné {
920767e98aSRoger Pau Monné struct gnttab_free_callback *callback, *next;
930767e98aSRoger Pau Monné
940767e98aSRoger Pau Monné callback = gnttab_free_callback_list;
950767e98aSRoger Pau Monné gnttab_free_callback_list = NULL;
960767e98aSRoger Pau Monné
970767e98aSRoger Pau Monné while (callback != NULL) {
980767e98aSRoger Pau Monné next = callback->next;
990767e98aSRoger Pau Monné if (gnttab_free_count >= callback->count) {
1000767e98aSRoger Pau Monné callback->next = NULL;
1010767e98aSRoger Pau Monné callback->fn(callback->arg);
1020767e98aSRoger Pau Monné } else {
1030767e98aSRoger Pau Monné callback->next = gnttab_free_callback_list;
1040767e98aSRoger Pau Monné gnttab_free_callback_list = callback;
1050767e98aSRoger Pau Monné }
1060767e98aSRoger Pau Monné callback = next;
1070767e98aSRoger Pau Monné }
1080767e98aSRoger Pau Monné }
1090767e98aSRoger Pau Monné
1100767e98aSRoger Pau Monné static inline void
check_free_callbacks(void)1110767e98aSRoger Pau Monné check_free_callbacks(void)
1120767e98aSRoger Pau Monné {
1130767e98aSRoger Pau Monné if (__predict_false(gnttab_free_callback_list != NULL))
1140767e98aSRoger Pau Monné do_free_callbacks();
1150767e98aSRoger Pau Monné }
1160767e98aSRoger Pau Monné
1170767e98aSRoger Pau Monné static void
put_free_entry(grant_ref_t ref)1180767e98aSRoger Pau Monné put_free_entry(grant_ref_t ref)
1190767e98aSRoger Pau Monné {
1200767e98aSRoger Pau Monné
1210767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock);
1220767e98aSRoger Pau Monné gnttab_entry(ref) = gnttab_free_head;
1230767e98aSRoger Pau Monné gnttab_free_head = ref;
1240767e98aSRoger Pau Monné gnttab_free_count++;
1250767e98aSRoger Pau Monné check_free_callbacks();
1260767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
1270767e98aSRoger Pau Monné }
1280767e98aSRoger Pau Monné
1290767e98aSRoger Pau Monné /*
1300767e98aSRoger Pau Monné * Public grant-issuing interface functions
1310767e98aSRoger Pau Monné */
1320767e98aSRoger Pau Monné
1330767e98aSRoger Pau Monné int
gnttab_grant_foreign_access(domid_t domid,unsigned long frame,int readonly,grant_ref_t * result)1340767e98aSRoger Pau Monné gnttab_grant_foreign_access(domid_t domid, unsigned long frame, int readonly,
1350767e98aSRoger Pau Monné grant_ref_t *result)
1360767e98aSRoger Pau Monné {
1370767e98aSRoger Pau Monné int error, ref;
1380767e98aSRoger Pau Monné
1390767e98aSRoger Pau Monné error = get_free_entries(1, &ref);
1400767e98aSRoger Pau Monné
1410767e98aSRoger Pau Monné if (__predict_false(error))
1420767e98aSRoger Pau Monné return (error);
1430767e98aSRoger Pau Monné
1440767e98aSRoger Pau Monné shared[ref].frame = frame;
1450767e98aSRoger Pau Monné shared[ref].domid = domid;
1460767e98aSRoger Pau Monné wmb();
1470767e98aSRoger Pau Monné shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0);
1480767e98aSRoger Pau Monné
1490767e98aSRoger Pau Monné if (result)
1500767e98aSRoger Pau Monné *result = ref;
1510767e98aSRoger Pau Monné
1520767e98aSRoger Pau Monné return (0);
1530767e98aSRoger Pau Monné }
1540767e98aSRoger Pau Monné
1550767e98aSRoger Pau Monné void
gnttab_grant_foreign_access_ref(grant_ref_t ref,domid_t domid,unsigned long frame,int readonly)1560767e98aSRoger Pau Monné gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid,
1570767e98aSRoger Pau Monné unsigned long frame, int readonly)
1580767e98aSRoger Pau Monné {
1590767e98aSRoger Pau Monné
1600767e98aSRoger Pau Monné shared[ref].frame = frame;
1610767e98aSRoger Pau Monné shared[ref].domid = domid;
1620767e98aSRoger Pau Monné wmb();
1630767e98aSRoger Pau Monné shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0);
1640767e98aSRoger Pau Monné }
1650767e98aSRoger Pau Monné
1660767e98aSRoger Pau Monné int
gnttab_query_foreign_access(grant_ref_t ref)1670767e98aSRoger Pau Monné gnttab_query_foreign_access(grant_ref_t ref)
1680767e98aSRoger Pau Monné {
1690767e98aSRoger Pau Monné uint16_t nflags;
1700767e98aSRoger Pau Monné
1710767e98aSRoger Pau Monné nflags = shared[ref].flags;
1720767e98aSRoger Pau Monné
1730767e98aSRoger Pau Monné return (nflags & (GTF_reading|GTF_writing));
1740767e98aSRoger Pau Monné }
1750767e98aSRoger Pau Monné
1760767e98aSRoger Pau Monné int
gnttab_end_foreign_access_ref(grant_ref_t ref)1770767e98aSRoger Pau Monné gnttab_end_foreign_access_ref(grant_ref_t ref)
1780767e98aSRoger Pau Monné {
1799f3be3a6SElliott Mitchell uint16_t flags;
1800767e98aSRoger Pau Monné
1819f3be3a6SElliott Mitchell while (!((flags = atomic_load_16(&shared[ref].flags)) &
1829f3be3a6SElliott Mitchell (GTF_reading|GTF_writing)))
1839f3be3a6SElliott Mitchell if (atomic_cmpset_16(&shared[ref].flags, flags, 0))
1849f3be3a6SElliott Mitchell return (1);
1859f3be3a6SElliott Mitchell
1860767e98aSRoger Pau Monné printf("%s: WARNING: g.e. still in use!\n", __func__);
1870767e98aSRoger Pau Monné return (0);
1880767e98aSRoger Pau Monné }
1890767e98aSRoger Pau Monné
1900767e98aSRoger Pau Monné void
gnttab_end_foreign_access(grant_ref_t ref,void * page)1910767e98aSRoger Pau Monné gnttab_end_foreign_access(grant_ref_t ref, void *page)
1920767e98aSRoger Pau Monné {
1930767e98aSRoger Pau Monné if (gnttab_end_foreign_access_ref(ref)) {
1940767e98aSRoger Pau Monné put_free_entry(ref);
1950767e98aSRoger Pau Monné if (page != NULL) {
1960767e98aSRoger Pau Monné free(page, M_DEVBUF);
1970767e98aSRoger Pau Monné }
1980767e98aSRoger Pau Monné }
1990767e98aSRoger Pau Monné else {
2000767e98aSRoger Pau Monné /* XXX This needs to be fixed so that the ref and page are
2010767e98aSRoger Pau Monné placed on a list to be freed up later. */
2020767e98aSRoger Pau Monné printf("%s: WARNING: leaking g.e. and page still in use!\n",
2030767e98aSRoger Pau Monné __func__);
2040767e98aSRoger Pau Monné }
2050767e98aSRoger Pau Monné }
2060767e98aSRoger Pau Monné
2070767e98aSRoger Pau Monné void
gnttab_end_foreign_access_references(u_int count,grant_ref_t * refs)2080767e98aSRoger Pau Monné gnttab_end_foreign_access_references(u_int count, grant_ref_t *refs)
2090767e98aSRoger Pau Monné {
2100767e98aSRoger Pau Monné grant_ref_t *last_ref;
2110767e98aSRoger Pau Monné grant_ref_t head;
2120767e98aSRoger Pau Monné grant_ref_t tail;
2130767e98aSRoger Pau Monné
2140767e98aSRoger Pau Monné head = GNTTAB_LIST_END;
2150767e98aSRoger Pau Monné tail = *refs;
2160767e98aSRoger Pau Monné last_ref = refs + count;
2170767e98aSRoger Pau Monné while (refs != last_ref) {
2180767e98aSRoger Pau Monné if (gnttab_end_foreign_access_ref(*refs)) {
2190767e98aSRoger Pau Monné gnttab_entry(*refs) = head;
2200767e98aSRoger Pau Monné head = *refs;
2210767e98aSRoger Pau Monné } else {
2220767e98aSRoger Pau Monné /*
2230767e98aSRoger Pau Monné * XXX This needs to be fixed so that the ref
2240767e98aSRoger Pau Monné * is placed on a list to be freed up later.
2250767e98aSRoger Pau Monné */
2260767e98aSRoger Pau Monné printf("%s: WARNING: leaking g.e. still in use!\n",
2270767e98aSRoger Pau Monné __func__);
2280767e98aSRoger Pau Monné count--;
2290767e98aSRoger Pau Monné }
2300767e98aSRoger Pau Monné refs++;
2310767e98aSRoger Pau Monné }
2320767e98aSRoger Pau Monné
2330767e98aSRoger Pau Monné if (count != 0) {
2340767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock);
2350767e98aSRoger Pau Monné gnttab_free_count += count;
2360767e98aSRoger Pau Monné gnttab_entry(tail) = gnttab_free_head;
2370767e98aSRoger Pau Monné gnttab_free_head = head;
238de06f02eSRoger Pau Monné check_free_callbacks();
2390767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
2400767e98aSRoger Pau Monné }
2410767e98aSRoger Pau Monné }
2420767e98aSRoger Pau Monné
2430767e98aSRoger Pau Monné int
gnttab_grant_foreign_transfer(domid_t domid,unsigned long pfn,grant_ref_t * result)2440767e98aSRoger Pau Monné gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn,
2450767e98aSRoger Pau Monné grant_ref_t *result)
2460767e98aSRoger Pau Monné {
2470767e98aSRoger Pau Monné int error, ref;
2480767e98aSRoger Pau Monné
2490767e98aSRoger Pau Monné error = get_free_entries(1, &ref);
2500767e98aSRoger Pau Monné if (__predict_false(error))
2510767e98aSRoger Pau Monné return (error);
2520767e98aSRoger Pau Monné
2530767e98aSRoger Pau Monné gnttab_grant_foreign_transfer_ref(ref, domid, pfn);
2540767e98aSRoger Pau Monné
2550767e98aSRoger Pau Monné *result = ref;
2560767e98aSRoger Pau Monné return (0);
2570767e98aSRoger Pau Monné }
2580767e98aSRoger Pau Monné
2590767e98aSRoger Pau Monné void
gnttab_grant_foreign_transfer_ref(grant_ref_t ref,domid_t domid,unsigned long pfn)2600767e98aSRoger Pau Monné gnttab_grant_foreign_transfer_ref(grant_ref_t ref, domid_t domid,
2610767e98aSRoger Pau Monné unsigned long pfn)
2620767e98aSRoger Pau Monné {
2630767e98aSRoger Pau Monné shared[ref].frame = pfn;
2640767e98aSRoger Pau Monné shared[ref].domid = domid;
2650767e98aSRoger Pau Monné wmb();
2660767e98aSRoger Pau Monné shared[ref].flags = GTF_accept_transfer;
2670767e98aSRoger Pau Monné }
2680767e98aSRoger Pau Monné
2690767e98aSRoger Pau Monné unsigned long
gnttab_end_foreign_transfer_ref(grant_ref_t ref)2700767e98aSRoger Pau Monné gnttab_end_foreign_transfer_ref(grant_ref_t ref)
2710767e98aSRoger Pau Monné {
2720767e98aSRoger Pau Monné unsigned long frame;
2730767e98aSRoger Pau Monné uint16_t flags;
2740767e98aSRoger Pau Monné
2750767e98aSRoger Pau Monné /*
2760767e98aSRoger Pau Monné * If a transfer is not even yet started, try to reclaim the grant
2770767e98aSRoger Pau Monné * reference and return failure (== 0).
2789f3be3a6SElliott Mitchell *
2799f3be3a6SElliott Mitchell * NOTE: This is a loop since the atomic cmpset can fail multiple
2809f3be3a6SElliott Mitchell * times. In normal operation it will be rare to execute more than
2819f3be3a6SElliott Mitchell * twice. Attempting an attack would consume a great deal of
2829f3be3a6SElliott Mitchell * attacker resources and be unlikely to prolong the loop very much.
2830767e98aSRoger Pau Monné */
2849f3be3a6SElliott Mitchell while (!((flags = atomic_load_16(&shared[ref].flags)) &
2859f3be3a6SElliott Mitchell GTF_transfer_committed))
2869f3be3a6SElliott Mitchell if (atomic_cmpset_16(&shared[ref].flags, flags, 0))
2870767e98aSRoger Pau Monné return (0);
2880767e98aSRoger Pau Monné
2890767e98aSRoger Pau Monné /* If a transfer is in progress then wait until it is completed. */
2900767e98aSRoger Pau Monné while (!(flags & GTF_transfer_completed)) {
2912f9ec994SRoger Pau Monné cpu_spinwait();
2929f3be3a6SElliott Mitchell flags = atomic_load_16(&shared[ref].flags);
2930767e98aSRoger Pau Monné }
2940767e98aSRoger Pau Monné
2950767e98aSRoger Pau Monné /* Read the frame number /after/ reading completion status. */
2960767e98aSRoger Pau Monné rmb();
2970767e98aSRoger Pau Monné frame = shared[ref].frame;
2980767e98aSRoger Pau Monné KASSERT(frame != 0, ("grant table inconsistent"));
2990767e98aSRoger Pau Monné
3000767e98aSRoger Pau Monné return (frame);
3010767e98aSRoger Pau Monné }
3020767e98aSRoger Pau Monné
3030767e98aSRoger Pau Monné unsigned long
gnttab_end_foreign_transfer(grant_ref_t ref)3040767e98aSRoger Pau Monné gnttab_end_foreign_transfer(grant_ref_t ref)
3050767e98aSRoger Pau Monné {
3060767e98aSRoger Pau Monné unsigned long frame = gnttab_end_foreign_transfer_ref(ref);
3070767e98aSRoger Pau Monné
3080767e98aSRoger Pau Monné put_free_entry(ref);
3090767e98aSRoger Pau Monné return (frame);
3100767e98aSRoger Pau Monné }
3110767e98aSRoger Pau Monné
3120767e98aSRoger Pau Monné void
gnttab_free_grant_reference(grant_ref_t ref)3130767e98aSRoger Pau Monné gnttab_free_grant_reference(grant_ref_t ref)
3140767e98aSRoger Pau Monné {
3150767e98aSRoger Pau Monné
3160767e98aSRoger Pau Monné put_free_entry(ref);
3170767e98aSRoger Pau Monné }
3180767e98aSRoger Pau Monné
3190767e98aSRoger Pau Monné void
gnttab_free_grant_references(grant_ref_t head)3200767e98aSRoger Pau Monné gnttab_free_grant_references(grant_ref_t head)
3210767e98aSRoger Pau Monné {
3220767e98aSRoger Pau Monné grant_ref_t ref;
3230767e98aSRoger Pau Monné int count = 1;
3240767e98aSRoger Pau Monné
3250767e98aSRoger Pau Monné if (head == GNTTAB_LIST_END)
3260767e98aSRoger Pau Monné return;
3270767e98aSRoger Pau Monné
3280767e98aSRoger Pau Monné ref = head;
3290767e98aSRoger Pau Monné while (gnttab_entry(ref) != GNTTAB_LIST_END) {
3300767e98aSRoger Pau Monné ref = gnttab_entry(ref);
3310767e98aSRoger Pau Monné count++;
3320767e98aSRoger Pau Monné }
3330767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock);
3340767e98aSRoger Pau Monné gnttab_entry(ref) = gnttab_free_head;
3350767e98aSRoger Pau Monné gnttab_free_head = head;
3360767e98aSRoger Pau Monné gnttab_free_count += count;
3370767e98aSRoger Pau Monné check_free_callbacks();
3380767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
3390767e98aSRoger Pau Monné }
3400767e98aSRoger Pau Monné
3410767e98aSRoger Pau Monné int
gnttab_alloc_grant_references(uint16_t count,grant_ref_t * head)3420767e98aSRoger Pau Monné gnttab_alloc_grant_references(uint16_t count, grant_ref_t *head)
3430767e98aSRoger Pau Monné {
3440767e98aSRoger Pau Monné int ref, error;
3450767e98aSRoger Pau Monné
3460767e98aSRoger Pau Monné error = get_free_entries(count, &ref);
3470767e98aSRoger Pau Monné if (__predict_false(error))
3480767e98aSRoger Pau Monné return (error);
3490767e98aSRoger Pau Monné
3500767e98aSRoger Pau Monné *head = ref;
3510767e98aSRoger Pau Monné return (0);
3520767e98aSRoger Pau Monné }
3530767e98aSRoger Pau Monné
3540767e98aSRoger Pau Monné int
gnttab_empty_grant_references(const grant_ref_t * private_head)3550767e98aSRoger Pau Monné gnttab_empty_grant_references(const grant_ref_t *private_head)
3560767e98aSRoger Pau Monné {
3570767e98aSRoger Pau Monné
3580767e98aSRoger Pau Monné return (*private_head == GNTTAB_LIST_END);
3590767e98aSRoger Pau Monné }
3600767e98aSRoger Pau Monné
3610767e98aSRoger Pau Monné int
gnttab_claim_grant_reference(grant_ref_t * private_head)3620767e98aSRoger Pau Monné gnttab_claim_grant_reference(grant_ref_t *private_head)
3630767e98aSRoger Pau Monné {
3640767e98aSRoger Pau Monné grant_ref_t g = *private_head;
3650767e98aSRoger Pau Monné
3660767e98aSRoger Pau Monné if (__predict_false(g == GNTTAB_LIST_END))
3670767e98aSRoger Pau Monné return (g);
3680767e98aSRoger Pau Monné *private_head = gnttab_entry(g);
3690767e98aSRoger Pau Monné return (g);
3700767e98aSRoger Pau Monné }
3710767e98aSRoger Pau Monné
3720767e98aSRoger Pau Monné void
gnttab_release_grant_reference(grant_ref_t * private_head,grant_ref_t release)3730767e98aSRoger Pau Monné gnttab_release_grant_reference(grant_ref_t *private_head, grant_ref_t release)
3740767e98aSRoger Pau Monné {
3750767e98aSRoger Pau Monné
3760767e98aSRoger Pau Monné gnttab_entry(release) = *private_head;
3770767e98aSRoger Pau Monné *private_head = release;
3780767e98aSRoger Pau Monné }
3790767e98aSRoger Pau Monné
3800767e98aSRoger Pau Monné void
gnttab_request_free_callback(struct gnttab_free_callback * callback,void (* fn)(void *),void * arg,uint16_t count)3810767e98aSRoger Pau Monné gnttab_request_free_callback(struct gnttab_free_callback *callback,
3820767e98aSRoger Pau Monné void (*fn)(void *), void *arg, uint16_t count)
3830767e98aSRoger Pau Monné {
3840767e98aSRoger Pau Monné
3850767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock);
3860767e98aSRoger Pau Monné if (callback->next)
3870767e98aSRoger Pau Monné goto out;
3880767e98aSRoger Pau Monné callback->fn = fn;
3890767e98aSRoger Pau Monné callback->arg = arg;
3900767e98aSRoger Pau Monné callback->count = count;
3910767e98aSRoger Pau Monné callback->next = gnttab_free_callback_list;
3920767e98aSRoger Pau Monné gnttab_free_callback_list = callback;
3930767e98aSRoger Pau Monné check_free_callbacks();
3940767e98aSRoger Pau Monné out:
3950767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
3960767e98aSRoger Pau Monné
3970767e98aSRoger Pau Monné }
3980767e98aSRoger Pau Monné
3990767e98aSRoger Pau Monné void
gnttab_cancel_free_callback(struct gnttab_free_callback * callback)4000767e98aSRoger Pau Monné gnttab_cancel_free_callback(struct gnttab_free_callback *callback)
4010767e98aSRoger Pau Monné {
4020767e98aSRoger Pau Monné struct gnttab_free_callback **pcb;
4030767e98aSRoger Pau Monné
4040767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock);
4050767e98aSRoger Pau Monné for (pcb = &gnttab_free_callback_list; *pcb; pcb = &(*pcb)->next) {
4060767e98aSRoger Pau Monné if (*pcb == callback) {
4070767e98aSRoger Pau Monné *pcb = callback->next;
4080767e98aSRoger Pau Monné break;
4090767e98aSRoger Pau Monné }
4100767e98aSRoger Pau Monné }
4110767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock);
4120767e98aSRoger Pau Monné }
4130767e98aSRoger Pau Monné
4140767e98aSRoger Pau Monné static int
grow_gnttab_list(unsigned int more_frames)4150767e98aSRoger Pau Monné grow_gnttab_list(unsigned int more_frames)
4160767e98aSRoger Pau Monné {
4170767e98aSRoger Pau Monné unsigned int new_nr_grant_frames, extra_entries, i;
4180767e98aSRoger Pau Monné
4190767e98aSRoger Pau Monné new_nr_grant_frames = nr_grant_frames + more_frames;
4200767e98aSRoger Pau Monné extra_entries = more_frames * GREFS_PER_GRANT_FRAME;
4210767e98aSRoger Pau Monné
4220767e98aSRoger Pau Monné for (i = nr_grant_frames; i < new_nr_grant_frames; i++)
4230767e98aSRoger Pau Monné {
4240767e98aSRoger Pau Monné gnttab_list[i] = (grant_ref_t *)
4250767e98aSRoger Pau Monné malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT);
4260767e98aSRoger Pau Monné
4270767e98aSRoger Pau Monné if (!gnttab_list[i])
4280767e98aSRoger Pau Monné goto grow_nomem;
4290767e98aSRoger Pau Monné }
4300767e98aSRoger Pau Monné
4310767e98aSRoger Pau Monné for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames;
4320767e98aSRoger Pau Monné i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++)
4330767e98aSRoger Pau Monné gnttab_entry(i) = i + 1;
4340767e98aSRoger Pau Monné
4350767e98aSRoger Pau Monné gnttab_entry(i) = gnttab_free_head;
4360767e98aSRoger Pau Monné gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames;
4370767e98aSRoger Pau Monné gnttab_free_count += extra_entries;
4380767e98aSRoger Pau Monné
4390767e98aSRoger Pau Monné nr_grant_frames = new_nr_grant_frames;
4400767e98aSRoger Pau Monné
4410767e98aSRoger Pau Monné check_free_callbacks();
4420767e98aSRoger Pau Monné
4430767e98aSRoger Pau Monné return (0);
4440767e98aSRoger Pau Monné
4450767e98aSRoger Pau Monné grow_nomem:
4460767e98aSRoger Pau Monné for ( ; i >= nr_grant_frames; i--)
4470767e98aSRoger Pau Monné free(gnttab_list[i], M_DEVBUF);
4480767e98aSRoger Pau Monné return (ENOMEM);
4490767e98aSRoger Pau Monné }
4500767e98aSRoger Pau Monné
4510767e98aSRoger Pau Monné static unsigned int
__max_nr_grant_frames(void)4520767e98aSRoger Pau Monné __max_nr_grant_frames(void)
4530767e98aSRoger Pau Monné {
4540767e98aSRoger Pau Monné struct gnttab_query_size query;
4550767e98aSRoger Pau Monné int rc;
4560767e98aSRoger Pau Monné
4570767e98aSRoger Pau Monné query.dom = DOMID_SELF;
4580767e98aSRoger Pau Monné
4590767e98aSRoger Pau Monné rc = HYPERVISOR_grant_table_op(GNTTABOP_query_size, &query, 1);
4600767e98aSRoger Pau Monné if ((rc < 0) || (query.status != GNTST_okay))
4610767e98aSRoger Pau Monné return (4); /* Legacy max supported number of frames */
4620767e98aSRoger Pau Monné
4630767e98aSRoger Pau Monné return (query.max_nr_frames);
4640767e98aSRoger Pau Monné }
4650767e98aSRoger Pau Monné
4660767e98aSRoger Pau Monné static inline
max_nr_grant_frames(void)4670767e98aSRoger Pau Monné unsigned int max_nr_grant_frames(void)
4680767e98aSRoger Pau Monné {
4690767e98aSRoger Pau Monné
4707de88bb4SElliott Mitchell return (min(__max_nr_grant_frames(), boot_max_nr_grant_frames));
4710767e98aSRoger Pau Monné }
4720767e98aSRoger Pau Monné
4730767e98aSRoger Pau Monné #ifdef notyet
4740767e98aSRoger Pau Monné /*
4750767e98aSRoger Pau Monné * XXX needed for backend support
4760767e98aSRoger Pau Monné *
4770767e98aSRoger Pau Monné */
4780767e98aSRoger Pau Monné static int
map_pte_fn(pte_t * pte,struct page * pmd_page,unsigned long addr,void * data)4790767e98aSRoger Pau Monné map_pte_fn(pte_t *pte, struct page *pmd_page,
4800767e98aSRoger Pau Monné unsigned long addr, void *data)
4810767e98aSRoger Pau Monné {
4820767e98aSRoger Pau Monné unsigned long **frames = (unsigned long **)data;
4830767e98aSRoger Pau Monné
4840767e98aSRoger Pau Monné set_pte_at(&init_mm, addr, pte, pfn_pte_ma((*frames)[0], PAGE_KERNEL));
4850767e98aSRoger Pau Monné (*frames)++;
4860767e98aSRoger Pau Monné return 0;
4870767e98aSRoger Pau Monné }
4880767e98aSRoger Pau Monné
4890767e98aSRoger Pau Monné static int
unmap_pte_fn(pte_t * pte,struct page * pmd_page,unsigned long addr,void * data)4900767e98aSRoger Pau Monné unmap_pte_fn(pte_t *pte, struct page *pmd_page,
4910767e98aSRoger Pau Monné unsigned long addr, void *data)
4920767e98aSRoger Pau Monné {
4930767e98aSRoger Pau Monné
4940767e98aSRoger Pau Monné set_pte_at(&init_mm, addr, pte, __pte(0));
4950767e98aSRoger Pau Monné return 0;
4960767e98aSRoger Pau Monné }
4970767e98aSRoger Pau Monné #endif
4980767e98aSRoger Pau Monné
4990767e98aSRoger Pau Monné static vm_paddr_t resume_frames;
5000767e98aSRoger Pau Monné
501759ae58cSRoger Pau Monné static void
gnttab_map(unsigned int start_idx,unsigned int end_idx)5020767e98aSRoger Pau Monné gnttab_map(unsigned int start_idx, unsigned int end_idx)
5030767e98aSRoger Pau Monné {
5040767e98aSRoger Pau Monné struct xen_add_to_physmap xatp;
5050767e98aSRoger Pau Monné unsigned int i = end_idx;
5060767e98aSRoger Pau Monné
5070767e98aSRoger Pau Monné /*
5080767e98aSRoger Pau Monné * Loop backwards, so that the first hypercall has the largest index,
5090767e98aSRoger Pau Monné * ensuring that the table will grow only once.
5100767e98aSRoger Pau Monné */
5110767e98aSRoger Pau Monné do {
5120767e98aSRoger Pau Monné xatp.domid = DOMID_SELF;
5130767e98aSRoger Pau Monné xatp.idx = i;
5140767e98aSRoger Pau Monné xatp.space = XENMAPSPACE_grant_table;
5150767e98aSRoger Pau Monné xatp.gpfn = (resume_frames >> PAGE_SHIFT) + i;
5160767e98aSRoger Pau Monné if (HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp))
5170767e98aSRoger Pau Monné panic("HYPERVISOR_memory_op failed to map gnttab");
5180767e98aSRoger Pau Monné } while (i-- > start_idx);
5190767e98aSRoger Pau Monné }
5200767e98aSRoger Pau Monné
5210767e98aSRoger Pau Monné int
gnttab_resume(device_t dev)5220767e98aSRoger Pau Monné gnttab_resume(device_t dev)
5230767e98aSRoger Pau Monné {
5240767e98aSRoger Pau Monné unsigned int max_nr_gframes, nr_gframes;
5250767e98aSRoger Pau Monné
5260767e98aSRoger Pau Monné nr_gframes = nr_grant_frames;
5270767e98aSRoger Pau Monné max_nr_gframes = max_nr_grant_frames();
5280767e98aSRoger Pau Monné if (max_nr_gframes < nr_gframes)
5290767e98aSRoger Pau Monné return (ENOSYS);
5300767e98aSRoger Pau Monné
5310767e98aSRoger Pau Monné if (!resume_frames) {
5320767e98aSRoger Pau Monné KASSERT(dev != NULL,
5330767e98aSRoger Pau Monné ("No resume frames and no device provided"));
5340767e98aSRoger Pau Monné
5350df8b29dSRoger Pau Monné gnttab_pseudo_phys_res = xenmem_alloc(dev,
5360df8b29dSRoger Pau Monné &gnttab_pseudo_phys_res_id, PAGE_SIZE * max_nr_gframes);
5370767e98aSRoger Pau Monné if (gnttab_pseudo_phys_res == NULL)
5380767e98aSRoger Pau Monné panic("Unable to reserve physical memory for gnttab");
5390767e98aSRoger Pau Monné resume_frames = rman_get_start(gnttab_pseudo_phys_res);
540759ae58cSRoger Pau Monné shared = rman_get_virtual(gnttab_pseudo_phys_res);
5410767e98aSRoger Pau Monné }
542759ae58cSRoger Pau Monné gnttab_map(0, nr_gframes - 1);
5430767e98aSRoger Pau Monné
544759ae58cSRoger Pau Monné return (0);
5450767e98aSRoger Pau Monné }
5460767e98aSRoger Pau Monné
5470767e98aSRoger Pau Monné static int
gnttab_expand(unsigned int req_entries)5480767e98aSRoger Pau Monné gnttab_expand(unsigned int req_entries)
5490767e98aSRoger Pau Monné {
5500767e98aSRoger Pau Monné unsigned int cur, extra;
5510767e98aSRoger Pau Monné
5520767e98aSRoger Pau Monné cur = nr_grant_frames;
553057b4402SPedro F. Giffuni extra = howmany(req_entries, GREFS_PER_GRANT_FRAME);
5540767e98aSRoger Pau Monné if (cur + extra > max_nr_grant_frames())
5550767e98aSRoger Pau Monné return (ENOSPC);
5560767e98aSRoger Pau Monné
557759ae58cSRoger Pau Monné gnttab_map(cur, cur + extra - 1);
5580767e98aSRoger Pau Monné
559759ae58cSRoger Pau Monné return (grow_gnttab_list(extra));
5600767e98aSRoger Pau Monné }
5610767e98aSRoger Pau Monné
5625477025aSRoger Pau Monné MTX_SYSINIT(gnttab, &gnttab_list_lock, "GNTTAB LOCK", MTX_DEF | MTX_RECURSE);
5631093cd82SRoger Pau Monné
5641093cd82SRoger Pau Monné /*------------------ Private Device Attachment Functions --------------------*/
5651093cd82SRoger Pau Monné /**
5661093cd82SRoger Pau Monné * \brief Identify instances of this device type in the system.
5671093cd82SRoger Pau Monné *
5681093cd82SRoger Pau Monné * \param driver The driver performing this identify action.
5691093cd82SRoger Pau Monné * \param parent The NewBus parent device for any devices this method adds.
5701093cd82SRoger Pau Monné */
5711093cd82SRoger Pau Monné static void
granttable_identify(driver_t * driver,device_t parent)572*d48760ffSElliott Mitchell granttable_identify(driver_t *driver, device_t parent)
5731093cd82SRoger Pau Monné {
5741093cd82SRoger Pau Monné
5751093cd82SRoger Pau Monné KASSERT(xen_domain(),
5761093cd82SRoger Pau Monné ("Trying to attach grant-table device on non Xen domain"));
5771093cd82SRoger Pau Monné /*
5781093cd82SRoger Pau Monné * A single device instance for our driver is always present
5791093cd82SRoger Pau Monné * in a system operating under Xen.
5801093cd82SRoger Pau Monné */
5811093cd82SRoger Pau Monné if (BUS_ADD_CHILD(parent, 0, driver->name, 0) == NULL)
5821093cd82SRoger Pau Monné panic("unable to attach Xen Grant-table device");
5831093cd82SRoger Pau Monné }
5841093cd82SRoger Pau Monné
5851093cd82SRoger Pau Monné /**
5861093cd82SRoger Pau Monné * \brief Probe for the existence of the Xen Grant-table device
5871093cd82SRoger Pau Monné *
5881093cd82SRoger Pau Monné * \param dev NewBus device_t for this instance.
5891093cd82SRoger Pau Monné *
5901093cd82SRoger Pau Monné * \return Always returns 0 indicating success.
5911093cd82SRoger Pau Monné */
5921093cd82SRoger Pau Monné static int
granttable_probe(device_t dev)5931093cd82SRoger Pau Monné granttable_probe(device_t dev)
5941093cd82SRoger Pau Monné {
5951093cd82SRoger Pau Monné
5961093cd82SRoger Pau Monné device_set_desc(dev, "Xen Grant-table Device");
5971093cd82SRoger Pau Monné return (BUS_PROBE_NOWILDCARD);
5981093cd82SRoger Pau Monné }
5991093cd82SRoger Pau Monné
6001093cd82SRoger Pau Monné /**
6011093cd82SRoger Pau Monné * \brief Attach the Xen Grant-table device.
6021093cd82SRoger Pau Monné *
6031093cd82SRoger Pau Monné * \param dev NewBus device_t for this instance.
6041093cd82SRoger Pau Monné *
6051093cd82SRoger Pau Monné * \return On success, 0. Otherwise an errno value indicating the
6061093cd82SRoger Pau Monné * type of failure.
6071093cd82SRoger Pau Monné */
6081093cd82SRoger Pau Monné static int
granttable_attach(device_t dev)6091093cd82SRoger Pau Monné granttable_attach(device_t dev)
6100767e98aSRoger Pau Monné {
6110767e98aSRoger Pau Monné int i;
6120767e98aSRoger Pau Monné unsigned int nr_init_grefs;
6130767e98aSRoger Pau Monné
6140767e98aSRoger Pau Monné nr_grant_frames = 1;
6150767e98aSRoger Pau Monné boot_max_nr_grant_frames = __max_nr_grant_frames();
6160767e98aSRoger Pau Monné
6171a12f0aeSRoger Pau Monné gnttab_list = malloc(boot_max_nr_grant_frames * sizeof(grant_ref_t *),
6180767e98aSRoger Pau Monné M_DEVBUF, M_NOWAIT);
6190767e98aSRoger Pau Monné
6200767e98aSRoger Pau Monné if (gnttab_list == NULL)
6210767e98aSRoger Pau Monné return (ENOMEM);
6220767e98aSRoger Pau Monné
6230767e98aSRoger Pau Monné for (i = 0; i < nr_grant_frames; i++) {
6240767e98aSRoger Pau Monné gnttab_list[i] = (grant_ref_t *)
6250767e98aSRoger Pau Monné malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT);
6260767e98aSRoger Pau Monné if (gnttab_list[i] == NULL)
6270767e98aSRoger Pau Monné goto ini_nomem;
6280767e98aSRoger Pau Monné }
6290767e98aSRoger Pau Monné
6300767e98aSRoger Pau Monné if (gnttab_resume(dev))
6310767e98aSRoger Pau Monné return (ENODEV);
6320767e98aSRoger Pau Monné
6330767e98aSRoger Pau Monné nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME;
6340767e98aSRoger Pau Monné
6350767e98aSRoger Pau Monné for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++)
6360767e98aSRoger Pau Monné gnttab_entry(i) = i + 1;
6370767e98aSRoger Pau Monné
6380767e98aSRoger Pau Monné gnttab_entry(nr_init_grefs - 1) = GNTTAB_LIST_END;
6390767e98aSRoger Pau Monné gnttab_free_count = nr_init_grefs - NR_RESERVED_ENTRIES;
6400767e98aSRoger Pau Monné gnttab_free_head = NR_RESERVED_ENTRIES;
6410767e98aSRoger Pau Monné
6420767e98aSRoger Pau Monné if (bootverbose)
6430767e98aSRoger Pau Monné printf("Grant table initialized\n");
6440767e98aSRoger Pau Monné
6450767e98aSRoger Pau Monné return (0);
6460767e98aSRoger Pau Monné
6470767e98aSRoger Pau Monné ini_nomem:
6480767e98aSRoger Pau Monné for (i--; i >= 0; i--)
6490767e98aSRoger Pau Monné free(gnttab_list[i], M_DEVBUF);
6500767e98aSRoger Pau Monné free(gnttab_list, M_DEVBUF);
6510767e98aSRoger Pau Monné return (ENOMEM);
6520767e98aSRoger Pau Monné }
6530767e98aSRoger Pau Monné
6541093cd82SRoger Pau Monné /*-------------------- Private Device Attachment Data -----------------------*/
6551093cd82SRoger Pau Monné static device_method_t granttable_methods[] = {
6561093cd82SRoger Pau Monné /* Device interface */
6571093cd82SRoger Pau Monné DEVMETHOD(device_identify, granttable_identify),
6581093cd82SRoger Pau Monné DEVMETHOD(device_probe, granttable_probe),
6591093cd82SRoger Pau Monné DEVMETHOD(device_attach, granttable_attach),
6601093cd82SRoger Pau Monné
6611093cd82SRoger Pau Monné DEVMETHOD_END
6621093cd82SRoger Pau Monné };
6631093cd82SRoger Pau Monné
6641093cd82SRoger Pau Monné DEFINE_CLASS_0(granttable, granttable_driver, granttable_methods, 0);
6651093cd82SRoger Pau Monné
666f929eb1eSJohn Baldwin DRIVER_MODULE_ORDERED(granttable, xenpv, granttable_driver, NULL, NULL,
667f929eb1eSJohn Baldwin SI_ORDER_FIRST);
668