10767e98aSRoger Pau Monné /****************************************************************************** 20767e98aSRoger Pau Monné * gnttab.c 30767e98aSRoger Pau Monné * 40767e98aSRoger Pau Monné * Two sets of functionality: 50767e98aSRoger Pau Monné * 1. Granting foreign access to our memory reservation. 60767e98aSRoger Pau Monné * 2. Accessing others' memory reservations via grant references. 70767e98aSRoger Pau Monné * (i.e., mechanisms for both sender and recipient of grant references) 80767e98aSRoger Pau Monné * 90767e98aSRoger Pau Monné * Copyright (c) 2005, Christopher Clark 100767e98aSRoger Pau Monné * Copyright (c) 2004, K A Fraser 110767e98aSRoger Pau Monné */ 120767e98aSRoger Pau Monné 130767e98aSRoger Pau Monné #include <sys/cdefs.h> 140767e98aSRoger Pau Monné __FBSDID("$FreeBSD$"); 150767e98aSRoger Pau Monné 160767e98aSRoger Pau Monné #include <sys/param.h> 170767e98aSRoger Pau Monné #include <sys/systm.h> 180767e98aSRoger Pau Monné #include <sys/bus.h> 190767e98aSRoger Pau Monné #include <sys/conf.h> 200767e98aSRoger Pau Monné #include <sys/module.h> 210767e98aSRoger Pau Monné #include <sys/kernel.h> 220767e98aSRoger Pau Monné #include <sys/lock.h> 230767e98aSRoger Pau Monné #include <sys/malloc.h> 240767e98aSRoger Pau Monné #include <sys/mman.h> 250767e98aSRoger Pau Monné #include <sys/limits.h> 260767e98aSRoger Pau Monné #include <sys/rman.h> 270767e98aSRoger Pau Monné #include <machine/resource.h> 282f9ec994SRoger Pau Monné #include <machine/cpu.h> 290767e98aSRoger Pau Monné 300767e98aSRoger Pau Monné #include <xen/xen-os.h> 310767e98aSRoger Pau Monné #include <xen/hypervisor.h> 320767e98aSRoger Pau Monné #include <xen/gnttab.h> 330767e98aSRoger Pau Monné 340767e98aSRoger Pau Monné #include <vm/vm.h> 350767e98aSRoger Pau Monné #include <vm/vm_kern.h> 360767e98aSRoger Pau Monné #include <vm/vm_extern.h> 370767e98aSRoger Pau Monné #include <vm/pmap.h> 380767e98aSRoger Pau Monné 390767e98aSRoger Pau Monné /* External tools reserve first few grant table entries. */ 400767e98aSRoger Pau Monné #define NR_RESERVED_ENTRIES 8 415489d7e9SRoger Pau Monné #define GREFS_PER_GRANT_FRAME (PAGE_SIZE / sizeof(grant_entry_v1_t)) 420767e98aSRoger Pau Monné 430767e98aSRoger Pau Monné static grant_ref_t **gnttab_list; 440767e98aSRoger Pau Monné static unsigned int nr_grant_frames; 450767e98aSRoger Pau Monné static unsigned int boot_max_nr_grant_frames; 460767e98aSRoger Pau Monné static int gnttab_free_count; 470767e98aSRoger Pau Monné static grant_ref_t gnttab_free_head; 480767e98aSRoger Pau Monné static struct mtx gnttab_list_lock; 490767e98aSRoger Pau Monné 500767e98aSRoger Pau Monné /* 510767e98aSRoger Pau Monné * Resource representing allocated physical address space 520767e98aSRoger Pau Monné * for the grant table metainfo 530767e98aSRoger Pau Monné */ 540767e98aSRoger Pau Monné static struct resource *gnttab_pseudo_phys_res; 550767e98aSRoger Pau Monné 560767e98aSRoger Pau Monné /* Resource id for allocated physical address space. */ 570767e98aSRoger Pau Monné static int gnttab_pseudo_phys_res_id; 580767e98aSRoger Pau Monné 595489d7e9SRoger Pau Monné static grant_entry_v1_t *shared; 600767e98aSRoger Pau Monné 610767e98aSRoger Pau Monné static struct gnttab_free_callback *gnttab_free_callback_list = NULL; 620767e98aSRoger Pau Monné 630767e98aSRoger Pau Monné static int gnttab_expand(unsigned int req_entries); 640767e98aSRoger Pau Monné 650767e98aSRoger Pau Monné #define RPP (PAGE_SIZE / sizeof(grant_ref_t)) 660767e98aSRoger Pau Monné #define gnttab_entry(entry) (gnttab_list[(entry) / RPP][(entry) % RPP]) 670767e98aSRoger Pau Monné 680767e98aSRoger Pau Monné static int 690767e98aSRoger Pau Monné get_free_entries(int count, int *entries) 700767e98aSRoger Pau Monné { 710767e98aSRoger Pau Monné int ref, error; 720767e98aSRoger Pau Monné grant_ref_t head; 730767e98aSRoger Pau Monné 740767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock); 750767e98aSRoger Pau Monné if ((gnttab_free_count < count) && 760767e98aSRoger Pau Monné ((error = gnttab_expand(count - gnttab_free_count)) != 0)) { 770767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 780767e98aSRoger Pau Monné return (error); 790767e98aSRoger Pau Monné } 800767e98aSRoger Pau Monné ref = head = gnttab_free_head; 810767e98aSRoger Pau Monné gnttab_free_count -= count; 820767e98aSRoger Pau Monné while (count-- > 1) 830767e98aSRoger Pau Monné head = gnttab_entry(head); 840767e98aSRoger Pau Monné gnttab_free_head = gnttab_entry(head); 850767e98aSRoger Pau Monné gnttab_entry(head) = GNTTAB_LIST_END; 860767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 870767e98aSRoger Pau Monné 880767e98aSRoger Pau Monné *entries = ref; 890767e98aSRoger Pau Monné return (0); 900767e98aSRoger Pau Monné } 910767e98aSRoger Pau Monné 920767e98aSRoger Pau Monné static void 930767e98aSRoger Pau Monné do_free_callbacks(void) 940767e98aSRoger Pau Monné { 950767e98aSRoger Pau Monné struct gnttab_free_callback *callback, *next; 960767e98aSRoger Pau Monné 970767e98aSRoger Pau Monné callback = gnttab_free_callback_list; 980767e98aSRoger Pau Monné gnttab_free_callback_list = NULL; 990767e98aSRoger Pau Monné 1000767e98aSRoger Pau Monné while (callback != NULL) { 1010767e98aSRoger Pau Monné next = callback->next; 1020767e98aSRoger Pau Monné if (gnttab_free_count >= callback->count) { 1030767e98aSRoger Pau Monné callback->next = NULL; 1040767e98aSRoger Pau Monné callback->fn(callback->arg); 1050767e98aSRoger Pau Monné } else { 1060767e98aSRoger Pau Monné callback->next = gnttab_free_callback_list; 1070767e98aSRoger Pau Monné gnttab_free_callback_list = callback; 1080767e98aSRoger Pau Monné } 1090767e98aSRoger Pau Monné callback = next; 1100767e98aSRoger Pau Monné } 1110767e98aSRoger Pau Monné } 1120767e98aSRoger Pau Monné 1130767e98aSRoger Pau Monné static inline void 1140767e98aSRoger Pau Monné check_free_callbacks(void) 1150767e98aSRoger Pau Monné { 1160767e98aSRoger Pau Monné if (__predict_false(gnttab_free_callback_list != NULL)) 1170767e98aSRoger Pau Monné do_free_callbacks(); 1180767e98aSRoger Pau Monné } 1190767e98aSRoger Pau Monné 1200767e98aSRoger Pau Monné static void 1210767e98aSRoger Pau Monné put_free_entry(grant_ref_t ref) 1220767e98aSRoger Pau Monné { 1230767e98aSRoger Pau Monné 1240767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock); 1250767e98aSRoger Pau Monné gnttab_entry(ref) = gnttab_free_head; 1260767e98aSRoger Pau Monné gnttab_free_head = ref; 1270767e98aSRoger Pau Monné gnttab_free_count++; 1280767e98aSRoger Pau Monné check_free_callbacks(); 1290767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 1300767e98aSRoger Pau Monné } 1310767e98aSRoger Pau Monné 1320767e98aSRoger Pau Monné /* 1330767e98aSRoger Pau Monné * Public grant-issuing interface functions 1340767e98aSRoger Pau Monné */ 1350767e98aSRoger Pau Monné 1360767e98aSRoger Pau Monné int 1370767e98aSRoger Pau Monné gnttab_grant_foreign_access(domid_t domid, unsigned long frame, int readonly, 1380767e98aSRoger Pau Monné grant_ref_t *result) 1390767e98aSRoger Pau Monné { 1400767e98aSRoger Pau Monné int error, ref; 1410767e98aSRoger Pau Monné 1420767e98aSRoger Pau Monné error = get_free_entries(1, &ref); 1430767e98aSRoger Pau Monné 1440767e98aSRoger Pau Monné if (__predict_false(error)) 1450767e98aSRoger Pau Monné return (error); 1460767e98aSRoger Pau Monné 1470767e98aSRoger Pau Monné shared[ref].frame = frame; 1480767e98aSRoger Pau Monné shared[ref].domid = domid; 1490767e98aSRoger Pau Monné wmb(); 1500767e98aSRoger Pau Monné shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0); 1510767e98aSRoger Pau Monné 1520767e98aSRoger Pau Monné if (result) 1530767e98aSRoger Pau Monné *result = ref; 1540767e98aSRoger Pau Monné 1550767e98aSRoger Pau Monné return (0); 1560767e98aSRoger Pau Monné } 1570767e98aSRoger Pau Monné 1580767e98aSRoger Pau Monné void 1590767e98aSRoger Pau Monné gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid, 1600767e98aSRoger Pau Monné unsigned long frame, int readonly) 1610767e98aSRoger Pau Monné { 1620767e98aSRoger Pau Monné 1630767e98aSRoger Pau Monné shared[ref].frame = frame; 1640767e98aSRoger Pau Monné shared[ref].domid = domid; 1650767e98aSRoger Pau Monné wmb(); 1660767e98aSRoger Pau Monné shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0); 1670767e98aSRoger Pau Monné } 1680767e98aSRoger Pau Monné 1690767e98aSRoger Pau Monné int 1700767e98aSRoger Pau Monné gnttab_query_foreign_access(grant_ref_t ref) 1710767e98aSRoger Pau Monné { 1720767e98aSRoger Pau Monné uint16_t nflags; 1730767e98aSRoger Pau Monné 1740767e98aSRoger Pau Monné nflags = shared[ref].flags; 1750767e98aSRoger Pau Monné 1760767e98aSRoger Pau Monné return (nflags & (GTF_reading|GTF_writing)); 1770767e98aSRoger Pau Monné } 1780767e98aSRoger Pau Monné 1790767e98aSRoger Pau Monné int 1800767e98aSRoger Pau Monné gnttab_end_foreign_access_ref(grant_ref_t ref) 1810767e98aSRoger Pau Monné { 182*9f3be3a6SElliott Mitchell uint16_t flags; 1830767e98aSRoger Pau Monné 184*9f3be3a6SElliott Mitchell while (!((flags = atomic_load_16(&shared[ref].flags)) & 185*9f3be3a6SElliott Mitchell (GTF_reading|GTF_writing))) 186*9f3be3a6SElliott Mitchell if (atomic_cmpset_16(&shared[ref].flags, flags, 0)) 187*9f3be3a6SElliott Mitchell return (1); 188*9f3be3a6SElliott Mitchell 1890767e98aSRoger Pau Monné printf("%s: WARNING: g.e. still in use!\n", __func__); 1900767e98aSRoger Pau Monné return (0); 1910767e98aSRoger Pau Monné } 1920767e98aSRoger Pau Monné 1930767e98aSRoger Pau Monné void 1940767e98aSRoger Pau Monné gnttab_end_foreign_access(grant_ref_t ref, void *page) 1950767e98aSRoger Pau Monné { 1960767e98aSRoger Pau Monné if (gnttab_end_foreign_access_ref(ref)) { 1970767e98aSRoger Pau Monné put_free_entry(ref); 1980767e98aSRoger Pau Monné if (page != NULL) { 1990767e98aSRoger Pau Monné free(page, M_DEVBUF); 2000767e98aSRoger Pau Monné } 2010767e98aSRoger Pau Monné } 2020767e98aSRoger Pau Monné else { 2030767e98aSRoger Pau Monné /* XXX This needs to be fixed so that the ref and page are 2040767e98aSRoger Pau Monné placed on a list to be freed up later. */ 2050767e98aSRoger Pau Monné printf("%s: WARNING: leaking g.e. and page still in use!\n", 2060767e98aSRoger Pau Monné __func__); 2070767e98aSRoger Pau Monné } 2080767e98aSRoger Pau Monné } 2090767e98aSRoger Pau Monné 2100767e98aSRoger Pau Monné void 2110767e98aSRoger Pau Monné gnttab_end_foreign_access_references(u_int count, grant_ref_t *refs) 2120767e98aSRoger Pau Monné { 2130767e98aSRoger Pau Monné grant_ref_t *last_ref; 2140767e98aSRoger Pau Monné grant_ref_t head; 2150767e98aSRoger Pau Monné grant_ref_t tail; 2160767e98aSRoger Pau Monné 2170767e98aSRoger Pau Monné head = GNTTAB_LIST_END; 2180767e98aSRoger Pau Monné tail = *refs; 2190767e98aSRoger Pau Monné last_ref = refs + count; 2200767e98aSRoger Pau Monné while (refs != last_ref) { 2210767e98aSRoger Pau Monné if (gnttab_end_foreign_access_ref(*refs)) { 2220767e98aSRoger Pau Monné gnttab_entry(*refs) = head; 2230767e98aSRoger Pau Monné head = *refs; 2240767e98aSRoger Pau Monné } else { 2250767e98aSRoger Pau Monné /* 2260767e98aSRoger Pau Monné * XXX This needs to be fixed so that the ref 2270767e98aSRoger Pau Monné * is placed on a list to be freed up later. 2280767e98aSRoger Pau Monné */ 2290767e98aSRoger Pau Monné printf("%s: WARNING: leaking g.e. still in use!\n", 2300767e98aSRoger Pau Monné __func__); 2310767e98aSRoger Pau Monné count--; 2320767e98aSRoger Pau Monné } 2330767e98aSRoger Pau Monné refs++; 2340767e98aSRoger Pau Monné } 2350767e98aSRoger Pau Monné 2360767e98aSRoger Pau Monné if (count != 0) { 2370767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock); 2380767e98aSRoger Pau Monné gnttab_free_count += count; 2390767e98aSRoger Pau Monné gnttab_entry(tail) = gnttab_free_head; 2400767e98aSRoger Pau Monné gnttab_free_head = head; 241de06f02eSRoger Pau Monné check_free_callbacks(); 2420767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 2430767e98aSRoger Pau Monné } 2440767e98aSRoger Pau Monné } 2450767e98aSRoger Pau Monné 2460767e98aSRoger Pau Monné int 2470767e98aSRoger Pau Monné gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn, 2480767e98aSRoger Pau Monné grant_ref_t *result) 2490767e98aSRoger Pau Monné { 2500767e98aSRoger Pau Monné int error, ref; 2510767e98aSRoger Pau Monné 2520767e98aSRoger Pau Monné error = get_free_entries(1, &ref); 2530767e98aSRoger Pau Monné if (__predict_false(error)) 2540767e98aSRoger Pau Monné return (error); 2550767e98aSRoger Pau Monné 2560767e98aSRoger Pau Monné gnttab_grant_foreign_transfer_ref(ref, domid, pfn); 2570767e98aSRoger Pau Monné 2580767e98aSRoger Pau Monné *result = ref; 2590767e98aSRoger Pau Monné return (0); 2600767e98aSRoger Pau Monné } 2610767e98aSRoger Pau Monné 2620767e98aSRoger Pau Monné void 2630767e98aSRoger Pau Monné gnttab_grant_foreign_transfer_ref(grant_ref_t ref, domid_t domid, 2640767e98aSRoger Pau Monné unsigned long pfn) 2650767e98aSRoger Pau Monné { 2660767e98aSRoger Pau Monné shared[ref].frame = pfn; 2670767e98aSRoger Pau Monné shared[ref].domid = domid; 2680767e98aSRoger Pau Monné wmb(); 2690767e98aSRoger Pau Monné shared[ref].flags = GTF_accept_transfer; 2700767e98aSRoger Pau Monné } 2710767e98aSRoger Pau Monné 2720767e98aSRoger Pau Monné unsigned long 2730767e98aSRoger Pau Monné gnttab_end_foreign_transfer_ref(grant_ref_t ref) 2740767e98aSRoger Pau Monné { 2750767e98aSRoger Pau Monné unsigned long frame; 2760767e98aSRoger Pau Monné uint16_t flags; 2770767e98aSRoger Pau Monné 2780767e98aSRoger Pau Monné /* 2790767e98aSRoger Pau Monné * If a transfer is not even yet started, try to reclaim the grant 2800767e98aSRoger Pau Monné * reference and return failure (== 0). 281*9f3be3a6SElliott Mitchell * 282*9f3be3a6SElliott Mitchell * NOTE: This is a loop since the atomic cmpset can fail multiple 283*9f3be3a6SElliott Mitchell * times. In normal operation it will be rare to execute more than 284*9f3be3a6SElliott Mitchell * twice. Attempting an attack would consume a great deal of 285*9f3be3a6SElliott Mitchell * attacker resources and be unlikely to prolong the loop very much. 2860767e98aSRoger Pau Monné */ 287*9f3be3a6SElliott Mitchell while (!((flags = atomic_load_16(&shared[ref].flags)) & 288*9f3be3a6SElliott Mitchell GTF_transfer_committed)) 289*9f3be3a6SElliott Mitchell if (atomic_cmpset_16(&shared[ref].flags, flags, 0)) 2900767e98aSRoger Pau Monné return (0); 2910767e98aSRoger Pau Monné 2920767e98aSRoger Pau Monné /* If a transfer is in progress then wait until it is completed. */ 2930767e98aSRoger Pau Monné while (!(flags & GTF_transfer_completed)) { 2942f9ec994SRoger Pau Monné cpu_spinwait(); 295*9f3be3a6SElliott Mitchell flags = atomic_load_16(&shared[ref].flags); 2960767e98aSRoger Pau Monné } 2970767e98aSRoger Pau Monné 2980767e98aSRoger Pau Monné /* Read the frame number /after/ reading completion status. */ 2990767e98aSRoger Pau Monné rmb(); 3000767e98aSRoger Pau Monné frame = shared[ref].frame; 3010767e98aSRoger Pau Monné KASSERT(frame != 0, ("grant table inconsistent")); 3020767e98aSRoger Pau Monné 3030767e98aSRoger Pau Monné return (frame); 3040767e98aSRoger Pau Monné } 3050767e98aSRoger Pau Monné 3060767e98aSRoger Pau Monné unsigned long 3070767e98aSRoger Pau Monné gnttab_end_foreign_transfer(grant_ref_t ref) 3080767e98aSRoger Pau Monné { 3090767e98aSRoger Pau Monné unsigned long frame = gnttab_end_foreign_transfer_ref(ref); 3100767e98aSRoger Pau Monné 3110767e98aSRoger Pau Monné put_free_entry(ref); 3120767e98aSRoger Pau Monné return (frame); 3130767e98aSRoger Pau Monné } 3140767e98aSRoger Pau Monné 3150767e98aSRoger Pau Monné void 3160767e98aSRoger Pau Monné gnttab_free_grant_reference(grant_ref_t ref) 3170767e98aSRoger Pau Monné { 3180767e98aSRoger Pau Monné 3190767e98aSRoger Pau Monné put_free_entry(ref); 3200767e98aSRoger Pau Monné } 3210767e98aSRoger Pau Monné 3220767e98aSRoger Pau Monné void 3230767e98aSRoger Pau Monné gnttab_free_grant_references(grant_ref_t head) 3240767e98aSRoger Pau Monné { 3250767e98aSRoger Pau Monné grant_ref_t ref; 3260767e98aSRoger Pau Monné int count = 1; 3270767e98aSRoger Pau Monné 3280767e98aSRoger Pau Monné if (head == GNTTAB_LIST_END) 3290767e98aSRoger Pau Monné return; 3300767e98aSRoger Pau Monné 3310767e98aSRoger Pau Monné ref = head; 3320767e98aSRoger Pau Monné while (gnttab_entry(ref) != GNTTAB_LIST_END) { 3330767e98aSRoger Pau Monné ref = gnttab_entry(ref); 3340767e98aSRoger Pau Monné count++; 3350767e98aSRoger Pau Monné } 3360767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock); 3370767e98aSRoger Pau Monné gnttab_entry(ref) = gnttab_free_head; 3380767e98aSRoger Pau Monné gnttab_free_head = head; 3390767e98aSRoger Pau Monné gnttab_free_count += count; 3400767e98aSRoger Pau Monné check_free_callbacks(); 3410767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 3420767e98aSRoger Pau Monné } 3430767e98aSRoger Pau Monné 3440767e98aSRoger Pau Monné int 3450767e98aSRoger Pau Monné gnttab_alloc_grant_references(uint16_t count, grant_ref_t *head) 3460767e98aSRoger Pau Monné { 3470767e98aSRoger Pau Monné int ref, error; 3480767e98aSRoger Pau Monné 3490767e98aSRoger Pau Monné error = get_free_entries(count, &ref); 3500767e98aSRoger Pau Monné if (__predict_false(error)) 3510767e98aSRoger Pau Monné return (error); 3520767e98aSRoger Pau Monné 3530767e98aSRoger Pau Monné *head = ref; 3540767e98aSRoger Pau Monné return (0); 3550767e98aSRoger Pau Monné } 3560767e98aSRoger Pau Monné 3570767e98aSRoger Pau Monné int 3580767e98aSRoger Pau Monné gnttab_empty_grant_references(const grant_ref_t *private_head) 3590767e98aSRoger Pau Monné { 3600767e98aSRoger Pau Monné 3610767e98aSRoger Pau Monné return (*private_head == GNTTAB_LIST_END); 3620767e98aSRoger Pau Monné } 3630767e98aSRoger Pau Monné 3640767e98aSRoger Pau Monné int 3650767e98aSRoger Pau Monné gnttab_claim_grant_reference(grant_ref_t *private_head) 3660767e98aSRoger Pau Monné { 3670767e98aSRoger Pau Monné grant_ref_t g = *private_head; 3680767e98aSRoger Pau Monné 3690767e98aSRoger Pau Monné if (__predict_false(g == GNTTAB_LIST_END)) 3700767e98aSRoger Pau Monné return (g); 3710767e98aSRoger Pau Monné *private_head = gnttab_entry(g); 3720767e98aSRoger Pau Monné return (g); 3730767e98aSRoger Pau Monné } 3740767e98aSRoger Pau Monné 3750767e98aSRoger Pau Monné void 3760767e98aSRoger Pau Monné gnttab_release_grant_reference(grant_ref_t *private_head, grant_ref_t release) 3770767e98aSRoger Pau Monné { 3780767e98aSRoger Pau Monné 3790767e98aSRoger Pau Monné gnttab_entry(release) = *private_head; 3800767e98aSRoger Pau Monné *private_head = release; 3810767e98aSRoger Pau Monné } 3820767e98aSRoger Pau Monné 3830767e98aSRoger Pau Monné void 3840767e98aSRoger Pau Monné gnttab_request_free_callback(struct gnttab_free_callback *callback, 3850767e98aSRoger Pau Monné void (*fn)(void *), void *arg, uint16_t count) 3860767e98aSRoger Pau Monné { 3870767e98aSRoger Pau Monné 3880767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock); 3890767e98aSRoger Pau Monné if (callback->next) 3900767e98aSRoger Pau Monné goto out; 3910767e98aSRoger Pau Monné callback->fn = fn; 3920767e98aSRoger Pau Monné callback->arg = arg; 3930767e98aSRoger Pau Monné callback->count = count; 3940767e98aSRoger Pau Monné callback->next = gnttab_free_callback_list; 3950767e98aSRoger Pau Monné gnttab_free_callback_list = callback; 3960767e98aSRoger Pau Monné check_free_callbacks(); 3970767e98aSRoger Pau Monné out: 3980767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 3990767e98aSRoger Pau Monné 4000767e98aSRoger Pau Monné } 4010767e98aSRoger Pau Monné 4020767e98aSRoger Pau Monné void 4030767e98aSRoger Pau Monné gnttab_cancel_free_callback(struct gnttab_free_callback *callback) 4040767e98aSRoger Pau Monné { 4050767e98aSRoger Pau Monné struct gnttab_free_callback **pcb; 4060767e98aSRoger Pau Monné 4070767e98aSRoger Pau Monné mtx_lock(&gnttab_list_lock); 4080767e98aSRoger Pau Monné for (pcb = &gnttab_free_callback_list; *pcb; pcb = &(*pcb)->next) { 4090767e98aSRoger Pau Monné if (*pcb == callback) { 4100767e98aSRoger Pau Monné *pcb = callback->next; 4110767e98aSRoger Pau Monné break; 4120767e98aSRoger Pau Monné } 4130767e98aSRoger Pau Monné } 4140767e98aSRoger Pau Monné mtx_unlock(&gnttab_list_lock); 4150767e98aSRoger Pau Monné } 4160767e98aSRoger Pau Monné 4170767e98aSRoger Pau Monné static int 4180767e98aSRoger Pau Monné grow_gnttab_list(unsigned int more_frames) 4190767e98aSRoger Pau Monné { 4200767e98aSRoger Pau Monné unsigned int new_nr_grant_frames, extra_entries, i; 4210767e98aSRoger Pau Monné 4220767e98aSRoger Pau Monné new_nr_grant_frames = nr_grant_frames + more_frames; 4230767e98aSRoger Pau Monné extra_entries = more_frames * GREFS_PER_GRANT_FRAME; 4240767e98aSRoger Pau Monné 4250767e98aSRoger Pau Monné for (i = nr_grant_frames; i < new_nr_grant_frames; i++) 4260767e98aSRoger Pau Monné { 4270767e98aSRoger Pau Monné gnttab_list[i] = (grant_ref_t *) 4280767e98aSRoger Pau Monné malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT); 4290767e98aSRoger Pau Monné 4300767e98aSRoger Pau Monné if (!gnttab_list[i]) 4310767e98aSRoger Pau Monné goto grow_nomem; 4320767e98aSRoger Pau Monné } 4330767e98aSRoger Pau Monné 4340767e98aSRoger Pau Monné for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames; 4350767e98aSRoger Pau Monné i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++) 4360767e98aSRoger Pau Monné gnttab_entry(i) = i + 1; 4370767e98aSRoger Pau Monné 4380767e98aSRoger Pau Monné gnttab_entry(i) = gnttab_free_head; 4390767e98aSRoger Pau Monné gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames; 4400767e98aSRoger Pau Monné gnttab_free_count += extra_entries; 4410767e98aSRoger Pau Monné 4420767e98aSRoger Pau Monné nr_grant_frames = new_nr_grant_frames; 4430767e98aSRoger Pau Monné 4440767e98aSRoger Pau Monné check_free_callbacks(); 4450767e98aSRoger Pau Monné 4460767e98aSRoger Pau Monné return (0); 4470767e98aSRoger Pau Monné 4480767e98aSRoger Pau Monné grow_nomem: 4490767e98aSRoger Pau Monné for ( ; i >= nr_grant_frames; i--) 4500767e98aSRoger Pau Monné free(gnttab_list[i], M_DEVBUF); 4510767e98aSRoger Pau Monné return (ENOMEM); 4520767e98aSRoger Pau Monné } 4530767e98aSRoger Pau Monné 4540767e98aSRoger Pau Monné static unsigned int 4550767e98aSRoger Pau Monné __max_nr_grant_frames(void) 4560767e98aSRoger Pau Monné { 4570767e98aSRoger Pau Monné struct gnttab_query_size query; 4580767e98aSRoger Pau Monné int rc; 4590767e98aSRoger Pau Monné 4600767e98aSRoger Pau Monné query.dom = DOMID_SELF; 4610767e98aSRoger Pau Monné 4620767e98aSRoger Pau Monné rc = HYPERVISOR_grant_table_op(GNTTABOP_query_size, &query, 1); 4630767e98aSRoger Pau Monné if ((rc < 0) || (query.status != GNTST_okay)) 4640767e98aSRoger Pau Monné return (4); /* Legacy max supported number of frames */ 4650767e98aSRoger Pau Monné 4660767e98aSRoger Pau Monné return (query.max_nr_frames); 4670767e98aSRoger Pau Monné } 4680767e98aSRoger Pau Monné 4690767e98aSRoger Pau Monné static inline 4700767e98aSRoger Pau Monné unsigned int max_nr_grant_frames(void) 4710767e98aSRoger Pau Monné { 4720767e98aSRoger Pau Monné 4737de88bb4SElliott Mitchell return (min(__max_nr_grant_frames(), boot_max_nr_grant_frames)); 4740767e98aSRoger Pau Monné } 4750767e98aSRoger Pau Monné 4760767e98aSRoger Pau Monné #ifdef notyet 4770767e98aSRoger Pau Monné /* 4780767e98aSRoger Pau Monné * XXX needed for backend support 4790767e98aSRoger Pau Monné * 4800767e98aSRoger Pau Monné */ 4810767e98aSRoger Pau Monné static int 4820767e98aSRoger Pau Monné map_pte_fn(pte_t *pte, struct page *pmd_page, 4830767e98aSRoger Pau Monné unsigned long addr, void *data) 4840767e98aSRoger Pau Monné { 4850767e98aSRoger Pau Monné unsigned long **frames = (unsigned long **)data; 4860767e98aSRoger Pau Monné 4870767e98aSRoger Pau Monné set_pte_at(&init_mm, addr, pte, pfn_pte_ma((*frames)[0], PAGE_KERNEL)); 4880767e98aSRoger Pau Monné (*frames)++; 4890767e98aSRoger Pau Monné return 0; 4900767e98aSRoger Pau Monné } 4910767e98aSRoger Pau Monné 4920767e98aSRoger Pau Monné static int 4930767e98aSRoger Pau Monné unmap_pte_fn(pte_t *pte, struct page *pmd_page, 4940767e98aSRoger Pau Monné unsigned long addr, void *data) 4950767e98aSRoger Pau Monné { 4960767e98aSRoger Pau Monné 4970767e98aSRoger Pau Monné set_pte_at(&init_mm, addr, pte, __pte(0)); 4980767e98aSRoger Pau Monné return 0; 4990767e98aSRoger Pau Monné } 5000767e98aSRoger Pau Monné #endif 5010767e98aSRoger Pau Monné 5020767e98aSRoger Pau Monné static vm_paddr_t resume_frames; 5030767e98aSRoger Pau Monné 504759ae58cSRoger Pau Monné static void 5050767e98aSRoger Pau Monné gnttab_map(unsigned int start_idx, unsigned int end_idx) 5060767e98aSRoger Pau Monné { 5070767e98aSRoger Pau Monné struct xen_add_to_physmap xatp; 5080767e98aSRoger Pau Monné unsigned int i = end_idx; 5090767e98aSRoger Pau Monné 5100767e98aSRoger Pau Monné /* 5110767e98aSRoger Pau Monné * Loop backwards, so that the first hypercall has the largest index, 5120767e98aSRoger Pau Monné * ensuring that the table will grow only once. 5130767e98aSRoger Pau Monné */ 5140767e98aSRoger Pau Monné do { 5150767e98aSRoger Pau Monné xatp.domid = DOMID_SELF; 5160767e98aSRoger Pau Monné xatp.idx = i; 5170767e98aSRoger Pau Monné xatp.space = XENMAPSPACE_grant_table; 5180767e98aSRoger Pau Monné xatp.gpfn = (resume_frames >> PAGE_SHIFT) + i; 5190767e98aSRoger Pau Monné if (HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp)) 5200767e98aSRoger Pau Monné panic("HYPERVISOR_memory_op failed to map gnttab"); 5210767e98aSRoger Pau Monné } while (i-- > start_idx); 5220767e98aSRoger Pau Monné } 5230767e98aSRoger Pau Monné 5240767e98aSRoger Pau Monné int 5250767e98aSRoger Pau Monné gnttab_resume(device_t dev) 5260767e98aSRoger Pau Monné { 5270767e98aSRoger Pau Monné unsigned int max_nr_gframes, nr_gframes; 5280767e98aSRoger Pau Monné 5290767e98aSRoger Pau Monné nr_gframes = nr_grant_frames; 5300767e98aSRoger Pau Monné max_nr_gframes = max_nr_grant_frames(); 5310767e98aSRoger Pau Monné if (max_nr_gframes < nr_gframes) 5320767e98aSRoger Pau Monné return (ENOSYS); 5330767e98aSRoger Pau Monné 5340767e98aSRoger Pau Monné if (!resume_frames) { 5350767e98aSRoger Pau Monné KASSERT(dev != NULL, 5360767e98aSRoger Pau Monné ("No resume frames and no device provided")); 5370767e98aSRoger Pau Monné 5380df8b29dSRoger Pau Monné gnttab_pseudo_phys_res = xenmem_alloc(dev, 5390df8b29dSRoger Pau Monné &gnttab_pseudo_phys_res_id, PAGE_SIZE * max_nr_gframes); 5400767e98aSRoger Pau Monné if (gnttab_pseudo_phys_res == NULL) 5410767e98aSRoger Pau Monné panic("Unable to reserve physical memory for gnttab"); 5420767e98aSRoger Pau Monné resume_frames = rman_get_start(gnttab_pseudo_phys_res); 543759ae58cSRoger Pau Monné shared = rman_get_virtual(gnttab_pseudo_phys_res); 5440767e98aSRoger Pau Monné } 545759ae58cSRoger Pau Monné gnttab_map(0, nr_gframes - 1); 5460767e98aSRoger Pau Monné 547759ae58cSRoger Pau Monné return (0); 5480767e98aSRoger Pau Monné } 5490767e98aSRoger Pau Monné 5500767e98aSRoger Pau Monné static int 5510767e98aSRoger Pau Monné gnttab_expand(unsigned int req_entries) 5520767e98aSRoger Pau Monné { 5530767e98aSRoger Pau Monné unsigned int cur, extra; 5540767e98aSRoger Pau Monné 5550767e98aSRoger Pau Monné cur = nr_grant_frames; 556057b4402SPedro F. Giffuni extra = howmany(req_entries, GREFS_PER_GRANT_FRAME); 5570767e98aSRoger Pau Monné if (cur + extra > max_nr_grant_frames()) 5580767e98aSRoger Pau Monné return (ENOSPC); 5590767e98aSRoger Pau Monné 560759ae58cSRoger Pau Monné gnttab_map(cur, cur + extra - 1); 5610767e98aSRoger Pau Monné 562759ae58cSRoger Pau Monné return (grow_gnttab_list(extra)); 5630767e98aSRoger Pau Monné } 5640767e98aSRoger Pau Monné 5655477025aSRoger Pau Monné MTX_SYSINIT(gnttab, &gnttab_list_lock, "GNTTAB LOCK", MTX_DEF | MTX_RECURSE); 5661093cd82SRoger Pau Monné 5671093cd82SRoger Pau Monné /*------------------ Private Device Attachment Functions --------------------*/ 5681093cd82SRoger Pau Monné /** 5691093cd82SRoger Pau Monné * \brief Identify instances of this device type in the system. 5701093cd82SRoger Pau Monné * 5711093cd82SRoger Pau Monné * \param driver The driver performing this identify action. 5721093cd82SRoger Pau Monné * \param parent The NewBus parent device for any devices this method adds. 5731093cd82SRoger Pau Monné */ 5741093cd82SRoger Pau Monné static void 5751093cd82SRoger Pau Monné granttable_identify(driver_t *driver __unused, device_t parent) 5761093cd82SRoger Pau Monné { 5771093cd82SRoger Pau Monné 5781093cd82SRoger Pau Monné KASSERT(xen_domain(), 5791093cd82SRoger Pau Monné ("Trying to attach grant-table device on non Xen domain")); 5801093cd82SRoger Pau Monné /* 5811093cd82SRoger Pau Monné * A single device instance for our driver is always present 5821093cd82SRoger Pau Monné * in a system operating under Xen. 5831093cd82SRoger Pau Monné */ 5841093cd82SRoger Pau Monné if (BUS_ADD_CHILD(parent, 0, driver->name, 0) == NULL) 5851093cd82SRoger Pau Monné panic("unable to attach Xen Grant-table device"); 5861093cd82SRoger Pau Monné } 5871093cd82SRoger Pau Monné 5881093cd82SRoger Pau Monné /** 5891093cd82SRoger Pau Monné * \brief Probe for the existence of the Xen Grant-table device 5901093cd82SRoger Pau Monné * 5911093cd82SRoger Pau Monné * \param dev NewBus device_t for this instance. 5921093cd82SRoger Pau Monné * 5931093cd82SRoger Pau Monné * \return Always returns 0 indicating success. 5941093cd82SRoger Pau Monné */ 5951093cd82SRoger Pau Monné static int 5961093cd82SRoger Pau Monné granttable_probe(device_t dev) 5971093cd82SRoger Pau Monné { 5981093cd82SRoger Pau Monné 5991093cd82SRoger Pau Monné device_set_desc(dev, "Xen Grant-table Device"); 6001093cd82SRoger Pau Monné return (BUS_PROBE_NOWILDCARD); 6011093cd82SRoger Pau Monné } 6021093cd82SRoger Pau Monné 6031093cd82SRoger Pau Monné /** 6041093cd82SRoger Pau Monné * \brief Attach the Xen Grant-table device. 6051093cd82SRoger Pau Monné * 6061093cd82SRoger Pau Monné * \param dev NewBus device_t for this instance. 6071093cd82SRoger Pau Monné * 6081093cd82SRoger Pau Monné * \return On success, 0. Otherwise an errno value indicating the 6091093cd82SRoger Pau Monné * type of failure. 6101093cd82SRoger Pau Monné */ 6111093cd82SRoger Pau Monné static int 6121093cd82SRoger Pau Monné granttable_attach(device_t dev) 6130767e98aSRoger Pau Monné { 6140767e98aSRoger Pau Monné int i; 6150767e98aSRoger Pau Monné unsigned int max_nr_glist_frames; 6160767e98aSRoger Pau Monné unsigned int nr_init_grefs; 6170767e98aSRoger Pau Monné 6180767e98aSRoger Pau Monné nr_grant_frames = 1; 6190767e98aSRoger Pau Monné boot_max_nr_grant_frames = __max_nr_grant_frames(); 6200767e98aSRoger Pau Monné 6210767e98aSRoger Pau Monné /* Determine the maximum number of frames required for the 6220767e98aSRoger Pau Monné * grant reference free list on the current hypervisor. 6230767e98aSRoger Pau Monné */ 6240767e98aSRoger Pau Monné max_nr_glist_frames = (boot_max_nr_grant_frames * 6250767e98aSRoger Pau Monné GREFS_PER_GRANT_FRAME / 6260767e98aSRoger Pau Monné (PAGE_SIZE / sizeof(grant_ref_t))); 6270767e98aSRoger Pau Monné 6280767e98aSRoger Pau Monné gnttab_list = malloc(max_nr_glist_frames * sizeof(grant_ref_t *), 6290767e98aSRoger Pau Monné M_DEVBUF, M_NOWAIT); 6300767e98aSRoger Pau Monné 6310767e98aSRoger Pau Monné if (gnttab_list == NULL) 6320767e98aSRoger Pau Monné return (ENOMEM); 6330767e98aSRoger Pau Monné 6340767e98aSRoger Pau Monné for (i = 0; i < nr_grant_frames; i++) { 6350767e98aSRoger Pau Monné gnttab_list[i] = (grant_ref_t *) 6360767e98aSRoger Pau Monné malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT); 6370767e98aSRoger Pau Monné if (gnttab_list[i] == NULL) 6380767e98aSRoger Pau Monné goto ini_nomem; 6390767e98aSRoger Pau Monné } 6400767e98aSRoger Pau Monné 6410767e98aSRoger Pau Monné if (gnttab_resume(dev)) 6420767e98aSRoger Pau Monné return (ENODEV); 6430767e98aSRoger Pau Monné 6440767e98aSRoger Pau Monné nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME; 6450767e98aSRoger Pau Monné 6460767e98aSRoger Pau Monné for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++) 6470767e98aSRoger Pau Monné gnttab_entry(i) = i + 1; 6480767e98aSRoger Pau Monné 6490767e98aSRoger Pau Monné gnttab_entry(nr_init_grefs - 1) = GNTTAB_LIST_END; 6500767e98aSRoger Pau Monné gnttab_free_count = nr_init_grefs - NR_RESERVED_ENTRIES; 6510767e98aSRoger Pau Monné gnttab_free_head = NR_RESERVED_ENTRIES; 6520767e98aSRoger Pau Monné 6530767e98aSRoger Pau Monné if (bootverbose) 6540767e98aSRoger Pau Monné printf("Grant table initialized\n"); 6550767e98aSRoger Pau Monné 6560767e98aSRoger Pau Monné return (0); 6570767e98aSRoger Pau Monné 6580767e98aSRoger Pau Monné ini_nomem: 6590767e98aSRoger Pau Monné for (i--; i >= 0; i--) 6600767e98aSRoger Pau Monné free(gnttab_list[i], M_DEVBUF); 6610767e98aSRoger Pau Monné free(gnttab_list, M_DEVBUF); 6620767e98aSRoger Pau Monné return (ENOMEM); 6630767e98aSRoger Pau Monné } 6640767e98aSRoger Pau Monné 6651093cd82SRoger Pau Monné /*-------------------- Private Device Attachment Data -----------------------*/ 6661093cd82SRoger Pau Monné static device_method_t granttable_methods[] = { 6671093cd82SRoger Pau Monné /* Device interface */ 6681093cd82SRoger Pau Monné DEVMETHOD(device_identify, granttable_identify), 6691093cd82SRoger Pau Monné DEVMETHOD(device_probe, granttable_probe), 6701093cd82SRoger Pau Monné DEVMETHOD(device_attach, granttable_attach), 6711093cd82SRoger Pau Monné 6721093cd82SRoger Pau Monné DEVMETHOD_END 6731093cd82SRoger Pau Monné }; 6741093cd82SRoger Pau Monné 6751093cd82SRoger Pau Monné DEFINE_CLASS_0(granttable, granttable_driver, granttable_methods, 0); 6761093cd82SRoger Pau Monné 677f929eb1eSJohn Baldwin DRIVER_MODULE_ORDERED(granttable, xenpv, granttable_driver, NULL, NULL, 678f929eb1eSJohn Baldwin SI_ORDER_FIRST); 679