1 /****************************************************************************** 2 * grant_table.c 3 * 4 * Granting foreign access to our memory reservation. 5 * 6 * Copyright (c) 2005-2006, Christopher Clark 7 * Copyright (c) 2004-2005, K A Fraser 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License version 2 11 * as published by the Free Software Foundation; or, when distributed 12 * separately from the Linux kernel or incorporated into other 13 * software packages, subject to the following license: 14 * 15 * Permission is hereby granted, free of charge, to any person obtaining a copy 16 * of this source file (the "Software"), to deal in the Software without 17 * restriction, including without limitation the rights to use, copy, modify, 18 * merge, publish, distribute, sublicense, and/or sell copies of the Software, 19 * and to permit persons to whom the Software is furnished to do so, subject to 20 * the following conditions: 21 * 22 * The above copyright notice and this permission notice shall be included in 23 * all copies or substantial portions of the Software. 24 * 25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 26 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 27 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 28 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 29 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 30 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 31 * IN THE SOFTWARE. 32 */ 33 34 #include <linux/module.h> 35 #include <linux/sched.h> 36 #include <linux/mm.h> 37 #include <linux/slab.h> 38 #include <linux/vmalloc.h> 39 #include <linux/uaccess.h> 40 #include <linux/io.h> 41 #include <linux/delay.h> 42 #include <linux/hardirq.h> 43 44 #include <xen/xen.h> 45 #include <xen/interface/xen.h> 46 #include <xen/page.h> 47 #include <xen/grant_table.h> 48 #include <xen/interface/memory.h> 49 #include <xen/hvc-console.h> 50 #include <asm/xen/hypercall.h> 51 #include <asm/xen/interface.h> 52 53 #include <asm/pgtable.h> 54 #include <asm/sync_bitops.h> 55 56 /* External tools reserve first few grant table entries. */ 57 #define NR_RESERVED_ENTRIES 8 58 #define GNTTAB_LIST_END 0xffffffff 59 #define GREFS_PER_GRANT_FRAME \ 60 (grant_table_version == 1 ? \ 61 (PAGE_SIZE / sizeof(struct grant_entry_v1)) : \ 62 (PAGE_SIZE / sizeof(union grant_entry_v2))) 63 64 static grant_ref_t **gnttab_list; 65 static unsigned int nr_grant_frames; 66 static unsigned int boot_max_nr_grant_frames; 67 static int gnttab_free_count; 68 static grant_ref_t gnttab_free_head; 69 static DEFINE_SPINLOCK(gnttab_list_lock); 70 unsigned long xen_hvm_resume_frames; 71 EXPORT_SYMBOL_GPL(xen_hvm_resume_frames); 72 73 static union { 74 struct grant_entry_v1 *v1; 75 union grant_entry_v2 *v2; 76 void *addr; 77 } gnttab_shared; 78 79 /*This is a structure of function pointers for grant table*/ 80 struct gnttab_ops { 81 /* 82 * Mapping a list of frames for storing grant entries. Frames parameter 83 * is used to store grant table address when grant table being setup, 84 * nr_gframes is the number of frames to map grant table. Returning 85 * GNTST_okay means success and negative value means failure. 86 */ 87 int (*map_frames)(xen_pfn_t *frames, unsigned int nr_gframes); 88 /* 89 * Release a list of frames which are mapped in map_frames for grant 90 * entry status. 91 */ 92 void (*unmap_frames)(void); 93 /* 94 * Introducing a valid entry into the grant table, granting the frame of 95 * this grant entry to domain for accessing or transfering. Ref 96 * parameter is reference of this introduced grant entry, domid is id of 97 * granted domain, frame is the page frame to be granted, and flags is 98 * status of the grant entry to be updated. 99 */ 100 void (*update_entry)(grant_ref_t ref, domid_t domid, 101 unsigned long frame, unsigned flags); 102 /* 103 * Stop granting a grant entry to domain for accessing. Ref parameter is 104 * reference of a grant entry whose grant access will be stopped, 105 * readonly is not in use in this function. If the grant entry is 106 * currently mapped for reading or writing, just return failure(==0) 107 * directly and don't tear down the grant access. Otherwise, stop grant 108 * access for this entry and return success(==1). 109 */ 110 int (*end_foreign_access_ref)(grant_ref_t ref, int readonly); 111 /* 112 * Stop granting a grant entry to domain for transfer. Ref parameter is 113 * reference of a grant entry whose grant transfer will be stopped. If 114 * tranfer has not started, just reclaim the grant entry and return 115 * failure(==0). Otherwise, wait for the transfer to complete and then 116 * return the frame. 117 */ 118 unsigned long (*end_foreign_transfer_ref)(grant_ref_t ref); 119 /* 120 * Query the status of a grant entry. Ref parameter is reference of 121 * queried grant entry, return value is the status of queried entry. 122 * Detailed status(writing/reading) can be gotten from the return value 123 * by bit operations. 124 */ 125 int (*query_foreign_access)(grant_ref_t ref); 126 /* 127 * Grant a domain to access a range of bytes within the page referred by 128 * an available grant entry. Ref parameter is reference of a grant entry 129 * which will be sub-page accessed, domid is id of grantee domain, frame 130 * is frame address of subpage grant, flags is grant type and flag 131 * information, page_off is offset of the range of bytes, and length is 132 * length of bytes to be accessed. 133 */ 134 void (*update_subpage_entry)(grant_ref_t ref, domid_t domid, 135 unsigned long frame, int flags, 136 unsigned page_off, unsigned length); 137 /* 138 * Redirect an available grant entry on domain A to another grant 139 * reference of domain B, then allow domain C to use grant reference 140 * of domain B transitively. Ref parameter is an available grant entry 141 * reference on domain A, domid is id of domain C which accesses grant 142 * entry transitively, flags is grant type and flag information, 143 * trans_domid is id of domain B whose grant entry is finally accessed 144 * transitively, trans_gref is grant entry transitive reference of 145 * domain B. 146 */ 147 void (*update_trans_entry)(grant_ref_t ref, domid_t domid, int flags, 148 domid_t trans_domid, grant_ref_t trans_gref); 149 }; 150 151 static struct gnttab_ops *gnttab_interface; 152 153 /*This reflects status of grant entries, so act as a global value*/ 154 static grant_status_t *grstatus; 155 156 static int grant_table_version; 157 158 static struct gnttab_free_callback *gnttab_free_callback_list; 159 160 static int gnttab_expand(unsigned int req_entries); 161 162 #define RPP (PAGE_SIZE / sizeof(grant_ref_t)) 163 #define SPP (PAGE_SIZE / sizeof(grant_status_t)) 164 165 static inline grant_ref_t *__gnttab_entry(grant_ref_t entry) 166 { 167 return &gnttab_list[(entry) / RPP][(entry) % RPP]; 168 } 169 /* This can be used as an l-value */ 170 #define gnttab_entry(entry) (*__gnttab_entry(entry)) 171 172 static int get_free_entries(unsigned count) 173 { 174 unsigned long flags; 175 int ref, rc = 0; 176 grant_ref_t head; 177 178 spin_lock_irqsave(&gnttab_list_lock, flags); 179 180 if ((gnttab_free_count < count) && 181 ((rc = gnttab_expand(count - gnttab_free_count)) < 0)) { 182 spin_unlock_irqrestore(&gnttab_list_lock, flags); 183 return rc; 184 } 185 186 ref = head = gnttab_free_head; 187 gnttab_free_count -= count; 188 while (count-- > 1) 189 head = gnttab_entry(head); 190 gnttab_free_head = gnttab_entry(head); 191 gnttab_entry(head) = GNTTAB_LIST_END; 192 193 spin_unlock_irqrestore(&gnttab_list_lock, flags); 194 195 return ref; 196 } 197 198 static void do_free_callbacks(void) 199 { 200 struct gnttab_free_callback *callback, *next; 201 202 callback = gnttab_free_callback_list; 203 gnttab_free_callback_list = NULL; 204 205 while (callback != NULL) { 206 next = callback->next; 207 if (gnttab_free_count >= callback->count) { 208 callback->next = NULL; 209 callback->fn(callback->arg); 210 } else { 211 callback->next = gnttab_free_callback_list; 212 gnttab_free_callback_list = callback; 213 } 214 callback = next; 215 } 216 } 217 218 static inline void check_free_callbacks(void) 219 { 220 if (unlikely(gnttab_free_callback_list)) 221 do_free_callbacks(); 222 } 223 224 static void put_free_entry(grant_ref_t ref) 225 { 226 unsigned long flags; 227 spin_lock_irqsave(&gnttab_list_lock, flags); 228 gnttab_entry(ref) = gnttab_free_head; 229 gnttab_free_head = ref; 230 gnttab_free_count++; 231 check_free_callbacks(); 232 spin_unlock_irqrestore(&gnttab_list_lock, flags); 233 } 234 235 /* 236 * Following applies to gnttab_update_entry_v1 and gnttab_update_entry_v2. 237 * Introducing a valid entry into the grant table: 238 * 1. Write ent->domid. 239 * 2. Write ent->frame: 240 * GTF_permit_access: Frame to which access is permitted. 241 * GTF_accept_transfer: Pseudo-phys frame slot being filled by new 242 * frame, or zero if none. 243 * 3. Write memory barrier (WMB). 244 * 4. Write ent->flags, inc. valid type. 245 */ 246 static void gnttab_update_entry_v1(grant_ref_t ref, domid_t domid, 247 unsigned long frame, unsigned flags) 248 { 249 gnttab_shared.v1[ref].domid = domid; 250 gnttab_shared.v1[ref].frame = frame; 251 wmb(); 252 gnttab_shared.v1[ref].flags = flags; 253 } 254 255 static void gnttab_update_entry_v2(grant_ref_t ref, domid_t domid, 256 unsigned long frame, unsigned flags) 257 { 258 gnttab_shared.v2[ref].hdr.domid = domid; 259 gnttab_shared.v2[ref].full_page.frame = frame; 260 wmb(); 261 gnttab_shared.v2[ref].hdr.flags = GTF_permit_access | flags; 262 } 263 264 /* 265 * Public grant-issuing interface functions 266 */ 267 void gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid, 268 unsigned long frame, int readonly) 269 { 270 gnttab_interface->update_entry(ref, domid, frame, 271 GTF_permit_access | (readonly ? GTF_readonly : 0)); 272 } 273 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_ref); 274 275 int gnttab_grant_foreign_access(domid_t domid, unsigned long frame, 276 int readonly) 277 { 278 int ref; 279 280 ref = get_free_entries(1); 281 if (unlikely(ref < 0)) 282 return -ENOSPC; 283 284 gnttab_grant_foreign_access_ref(ref, domid, frame, readonly); 285 286 return ref; 287 } 288 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access); 289 290 static void gnttab_update_subpage_entry_v2(grant_ref_t ref, domid_t domid, 291 unsigned long frame, int flags, 292 unsigned page_off, unsigned length) 293 { 294 gnttab_shared.v2[ref].sub_page.frame = frame; 295 gnttab_shared.v2[ref].sub_page.page_off = page_off; 296 gnttab_shared.v2[ref].sub_page.length = length; 297 gnttab_shared.v2[ref].hdr.domid = domid; 298 wmb(); 299 gnttab_shared.v2[ref].hdr.flags = 300 GTF_permit_access | GTF_sub_page | flags; 301 } 302 303 int gnttab_grant_foreign_access_subpage_ref(grant_ref_t ref, domid_t domid, 304 unsigned long frame, int flags, 305 unsigned page_off, 306 unsigned length) 307 { 308 if (flags & (GTF_accept_transfer | GTF_reading | 309 GTF_writing | GTF_transitive)) 310 return -EPERM; 311 312 if (gnttab_interface->update_subpage_entry == NULL) 313 return -ENOSYS; 314 315 gnttab_interface->update_subpage_entry(ref, domid, frame, flags, 316 page_off, length); 317 318 return 0; 319 } 320 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_subpage_ref); 321 322 int gnttab_grant_foreign_access_subpage(domid_t domid, unsigned long frame, 323 int flags, unsigned page_off, 324 unsigned length) 325 { 326 int ref, rc; 327 328 ref = get_free_entries(1); 329 if (unlikely(ref < 0)) 330 return -ENOSPC; 331 332 rc = gnttab_grant_foreign_access_subpage_ref(ref, domid, frame, flags, 333 page_off, length); 334 if (rc < 0) { 335 put_free_entry(ref); 336 return rc; 337 } 338 339 return ref; 340 } 341 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_subpage); 342 343 bool gnttab_subpage_grants_available(void) 344 { 345 return gnttab_interface->update_subpage_entry != NULL; 346 } 347 EXPORT_SYMBOL_GPL(gnttab_subpage_grants_available); 348 349 static void gnttab_update_trans_entry_v2(grant_ref_t ref, domid_t domid, 350 int flags, domid_t trans_domid, 351 grant_ref_t trans_gref) 352 { 353 gnttab_shared.v2[ref].transitive.trans_domid = trans_domid; 354 gnttab_shared.v2[ref].transitive.gref = trans_gref; 355 gnttab_shared.v2[ref].hdr.domid = domid; 356 wmb(); 357 gnttab_shared.v2[ref].hdr.flags = 358 GTF_permit_access | GTF_transitive | flags; 359 } 360 361 int gnttab_grant_foreign_access_trans_ref(grant_ref_t ref, domid_t domid, 362 int flags, domid_t trans_domid, 363 grant_ref_t trans_gref) 364 { 365 if (flags & (GTF_accept_transfer | GTF_reading | 366 GTF_writing | GTF_sub_page)) 367 return -EPERM; 368 369 if (gnttab_interface->update_trans_entry == NULL) 370 return -ENOSYS; 371 372 gnttab_interface->update_trans_entry(ref, domid, flags, trans_domid, 373 trans_gref); 374 375 return 0; 376 } 377 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_trans_ref); 378 379 int gnttab_grant_foreign_access_trans(domid_t domid, int flags, 380 domid_t trans_domid, 381 grant_ref_t trans_gref) 382 { 383 int ref, rc; 384 385 ref = get_free_entries(1); 386 if (unlikely(ref < 0)) 387 return -ENOSPC; 388 389 rc = gnttab_grant_foreign_access_trans_ref(ref, domid, flags, 390 trans_domid, trans_gref); 391 if (rc < 0) { 392 put_free_entry(ref); 393 return rc; 394 } 395 396 return ref; 397 } 398 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_trans); 399 400 bool gnttab_trans_grants_available(void) 401 { 402 return gnttab_interface->update_trans_entry != NULL; 403 } 404 EXPORT_SYMBOL_GPL(gnttab_trans_grants_available); 405 406 static int gnttab_query_foreign_access_v1(grant_ref_t ref) 407 { 408 return gnttab_shared.v1[ref].flags & (GTF_reading|GTF_writing); 409 } 410 411 static int gnttab_query_foreign_access_v2(grant_ref_t ref) 412 { 413 return grstatus[ref] & (GTF_reading|GTF_writing); 414 } 415 416 int gnttab_query_foreign_access(grant_ref_t ref) 417 { 418 return gnttab_interface->query_foreign_access(ref); 419 } 420 EXPORT_SYMBOL_GPL(gnttab_query_foreign_access); 421 422 static int gnttab_end_foreign_access_ref_v1(grant_ref_t ref, int readonly) 423 { 424 u16 flags, nflags; 425 u16 *pflags; 426 427 pflags = &gnttab_shared.v1[ref].flags; 428 nflags = *pflags; 429 do { 430 flags = nflags; 431 if (flags & (GTF_reading|GTF_writing)) 432 return 0; 433 } while ((nflags = sync_cmpxchg(pflags, flags, 0)) != flags); 434 435 return 1; 436 } 437 438 static int gnttab_end_foreign_access_ref_v2(grant_ref_t ref, int readonly) 439 { 440 gnttab_shared.v2[ref].hdr.flags = 0; 441 mb(); 442 if (grstatus[ref] & (GTF_reading|GTF_writing)) { 443 return 0; 444 } else { 445 /* The read of grstatus needs to have acquire 446 semantics. On x86, reads already have 447 that, and we just need to protect against 448 compiler reorderings. On other 449 architectures we may need a full 450 barrier. */ 451 #ifdef CONFIG_X86 452 barrier(); 453 #else 454 mb(); 455 #endif 456 } 457 458 return 1; 459 } 460 461 static inline int _gnttab_end_foreign_access_ref(grant_ref_t ref, int readonly) 462 { 463 return gnttab_interface->end_foreign_access_ref(ref, readonly); 464 } 465 466 int gnttab_end_foreign_access_ref(grant_ref_t ref, int readonly) 467 { 468 if (_gnttab_end_foreign_access_ref(ref, readonly)) 469 return 1; 470 pr_warn("WARNING: g.e. %#x still in use!\n", ref); 471 return 0; 472 } 473 EXPORT_SYMBOL_GPL(gnttab_end_foreign_access_ref); 474 475 struct deferred_entry { 476 struct list_head list; 477 grant_ref_t ref; 478 bool ro; 479 uint16_t warn_delay; 480 struct page *page; 481 }; 482 static LIST_HEAD(deferred_list); 483 static void gnttab_handle_deferred(unsigned long); 484 static DEFINE_TIMER(deferred_timer, gnttab_handle_deferred, 0, 0); 485 486 static void gnttab_handle_deferred(unsigned long unused) 487 { 488 unsigned int nr = 10; 489 struct deferred_entry *first = NULL; 490 unsigned long flags; 491 492 spin_lock_irqsave(&gnttab_list_lock, flags); 493 while (nr--) { 494 struct deferred_entry *entry 495 = list_first_entry(&deferred_list, 496 struct deferred_entry, list); 497 498 if (entry == first) 499 break; 500 list_del(&entry->list); 501 spin_unlock_irqrestore(&gnttab_list_lock, flags); 502 if (_gnttab_end_foreign_access_ref(entry->ref, entry->ro)) { 503 put_free_entry(entry->ref); 504 if (entry->page) { 505 pr_debug("freeing g.e. %#x (pfn %#lx)\n", 506 entry->ref, page_to_pfn(entry->page)); 507 __free_page(entry->page); 508 } else 509 pr_info("freeing g.e. %#x\n", entry->ref); 510 kfree(entry); 511 entry = NULL; 512 } else { 513 if (!--entry->warn_delay) 514 pr_info("g.e. %#x still pending\n", 515 entry->ref); 516 if (!first) 517 first = entry; 518 } 519 spin_lock_irqsave(&gnttab_list_lock, flags); 520 if (entry) 521 list_add_tail(&entry->list, &deferred_list); 522 else if (list_empty(&deferred_list)) 523 break; 524 } 525 if (!list_empty(&deferred_list) && !timer_pending(&deferred_timer)) { 526 deferred_timer.expires = jiffies + HZ; 527 add_timer(&deferred_timer); 528 } 529 spin_unlock_irqrestore(&gnttab_list_lock, flags); 530 } 531 532 static void gnttab_add_deferred(grant_ref_t ref, bool readonly, 533 struct page *page) 534 { 535 struct deferred_entry *entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 536 const char *what = KERN_WARNING "leaking"; 537 538 if (entry) { 539 unsigned long flags; 540 541 entry->ref = ref; 542 entry->ro = readonly; 543 entry->page = page; 544 entry->warn_delay = 60; 545 spin_lock_irqsave(&gnttab_list_lock, flags); 546 list_add_tail(&entry->list, &deferred_list); 547 if (!timer_pending(&deferred_timer)) { 548 deferred_timer.expires = jiffies + HZ; 549 add_timer(&deferred_timer); 550 } 551 spin_unlock_irqrestore(&gnttab_list_lock, flags); 552 what = KERN_DEBUG "deferring"; 553 } 554 printk("%s g.e. %#x (pfn %#lx)\n", 555 what, ref, page ? page_to_pfn(page) : -1); 556 } 557 558 void gnttab_end_foreign_access(grant_ref_t ref, int readonly, 559 unsigned long page) 560 { 561 if (gnttab_end_foreign_access_ref(ref, readonly)) { 562 put_free_entry(ref); 563 if (page != 0) 564 free_page(page); 565 } else 566 gnttab_add_deferred(ref, readonly, 567 page ? virt_to_page(page) : NULL); 568 } 569 EXPORT_SYMBOL_GPL(gnttab_end_foreign_access); 570 571 int gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn) 572 { 573 int ref; 574 575 ref = get_free_entries(1); 576 if (unlikely(ref < 0)) 577 return -ENOSPC; 578 gnttab_grant_foreign_transfer_ref(ref, domid, pfn); 579 580 return ref; 581 } 582 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_transfer); 583 584 void gnttab_grant_foreign_transfer_ref(grant_ref_t ref, domid_t domid, 585 unsigned long pfn) 586 { 587 gnttab_interface->update_entry(ref, domid, pfn, GTF_accept_transfer); 588 } 589 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_transfer_ref); 590 591 static unsigned long gnttab_end_foreign_transfer_ref_v1(grant_ref_t ref) 592 { 593 unsigned long frame; 594 u16 flags; 595 u16 *pflags; 596 597 pflags = &gnttab_shared.v1[ref].flags; 598 599 /* 600 * If a transfer is not even yet started, try to reclaim the grant 601 * reference and return failure (== 0). 602 */ 603 while (!((flags = *pflags) & GTF_transfer_committed)) { 604 if (sync_cmpxchg(pflags, flags, 0) == flags) 605 return 0; 606 cpu_relax(); 607 } 608 609 /* If a transfer is in progress then wait until it is completed. */ 610 while (!(flags & GTF_transfer_completed)) { 611 flags = *pflags; 612 cpu_relax(); 613 } 614 615 rmb(); /* Read the frame number /after/ reading completion status. */ 616 frame = gnttab_shared.v1[ref].frame; 617 BUG_ON(frame == 0); 618 619 return frame; 620 } 621 622 static unsigned long gnttab_end_foreign_transfer_ref_v2(grant_ref_t ref) 623 { 624 unsigned long frame; 625 u16 flags; 626 u16 *pflags; 627 628 pflags = &gnttab_shared.v2[ref].hdr.flags; 629 630 /* 631 * If a transfer is not even yet started, try to reclaim the grant 632 * reference and return failure (== 0). 633 */ 634 while (!((flags = *pflags) & GTF_transfer_committed)) { 635 if (sync_cmpxchg(pflags, flags, 0) == flags) 636 return 0; 637 cpu_relax(); 638 } 639 640 /* If a transfer is in progress then wait until it is completed. */ 641 while (!(flags & GTF_transfer_completed)) { 642 flags = *pflags; 643 cpu_relax(); 644 } 645 646 rmb(); /* Read the frame number /after/ reading completion status. */ 647 frame = gnttab_shared.v2[ref].full_page.frame; 648 BUG_ON(frame == 0); 649 650 return frame; 651 } 652 653 unsigned long gnttab_end_foreign_transfer_ref(grant_ref_t ref) 654 { 655 return gnttab_interface->end_foreign_transfer_ref(ref); 656 } 657 EXPORT_SYMBOL_GPL(gnttab_end_foreign_transfer_ref); 658 659 unsigned long gnttab_end_foreign_transfer(grant_ref_t ref) 660 { 661 unsigned long frame = gnttab_end_foreign_transfer_ref(ref); 662 put_free_entry(ref); 663 return frame; 664 } 665 EXPORT_SYMBOL_GPL(gnttab_end_foreign_transfer); 666 667 void gnttab_free_grant_reference(grant_ref_t ref) 668 { 669 put_free_entry(ref); 670 } 671 EXPORT_SYMBOL_GPL(gnttab_free_grant_reference); 672 673 void gnttab_free_grant_references(grant_ref_t head) 674 { 675 grant_ref_t ref; 676 unsigned long flags; 677 int count = 1; 678 if (head == GNTTAB_LIST_END) 679 return; 680 spin_lock_irqsave(&gnttab_list_lock, flags); 681 ref = head; 682 while (gnttab_entry(ref) != GNTTAB_LIST_END) { 683 ref = gnttab_entry(ref); 684 count++; 685 } 686 gnttab_entry(ref) = gnttab_free_head; 687 gnttab_free_head = head; 688 gnttab_free_count += count; 689 check_free_callbacks(); 690 spin_unlock_irqrestore(&gnttab_list_lock, flags); 691 } 692 EXPORT_SYMBOL_GPL(gnttab_free_grant_references); 693 694 int gnttab_alloc_grant_references(u16 count, grant_ref_t *head) 695 { 696 int h = get_free_entries(count); 697 698 if (h < 0) 699 return -ENOSPC; 700 701 *head = h; 702 703 return 0; 704 } 705 EXPORT_SYMBOL_GPL(gnttab_alloc_grant_references); 706 707 int gnttab_empty_grant_references(const grant_ref_t *private_head) 708 { 709 return (*private_head == GNTTAB_LIST_END); 710 } 711 EXPORT_SYMBOL_GPL(gnttab_empty_grant_references); 712 713 int gnttab_claim_grant_reference(grant_ref_t *private_head) 714 { 715 grant_ref_t g = *private_head; 716 if (unlikely(g == GNTTAB_LIST_END)) 717 return -ENOSPC; 718 *private_head = gnttab_entry(g); 719 return g; 720 } 721 EXPORT_SYMBOL_GPL(gnttab_claim_grant_reference); 722 723 void gnttab_release_grant_reference(grant_ref_t *private_head, 724 grant_ref_t release) 725 { 726 gnttab_entry(release) = *private_head; 727 *private_head = release; 728 } 729 EXPORT_SYMBOL_GPL(gnttab_release_grant_reference); 730 731 void gnttab_request_free_callback(struct gnttab_free_callback *callback, 732 void (*fn)(void *), void *arg, u16 count) 733 { 734 unsigned long flags; 735 spin_lock_irqsave(&gnttab_list_lock, flags); 736 if (callback->next) 737 goto out; 738 callback->fn = fn; 739 callback->arg = arg; 740 callback->count = count; 741 callback->next = gnttab_free_callback_list; 742 gnttab_free_callback_list = callback; 743 check_free_callbacks(); 744 out: 745 spin_unlock_irqrestore(&gnttab_list_lock, flags); 746 } 747 EXPORT_SYMBOL_GPL(gnttab_request_free_callback); 748 749 void gnttab_cancel_free_callback(struct gnttab_free_callback *callback) 750 { 751 struct gnttab_free_callback **pcb; 752 unsigned long flags; 753 754 spin_lock_irqsave(&gnttab_list_lock, flags); 755 for (pcb = &gnttab_free_callback_list; *pcb; pcb = &(*pcb)->next) { 756 if (*pcb == callback) { 757 *pcb = callback->next; 758 break; 759 } 760 } 761 spin_unlock_irqrestore(&gnttab_list_lock, flags); 762 } 763 EXPORT_SYMBOL_GPL(gnttab_cancel_free_callback); 764 765 static int grow_gnttab_list(unsigned int more_frames) 766 { 767 unsigned int new_nr_grant_frames, extra_entries, i; 768 unsigned int nr_glist_frames, new_nr_glist_frames; 769 770 new_nr_grant_frames = nr_grant_frames + more_frames; 771 extra_entries = more_frames * GREFS_PER_GRANT_FRAME; 772 773 nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; 774 new_nr_glist_frames = 775 (new_nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; 776 for (i = nr_glist_frames; i < new_nr_glist_frames; i++) { 777 gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_ATOMIC); 778 if (!gnttab_list[i]) 779 goto grow_nomem; 780 } 781 782 783 for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames; 784 i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++) 785 gnttab_entry(i) = i + 1; 786 787 gnttab_entry(i) = gnttab_free_head; 788 gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames; 789 gnttab_free_count += extra_entries; 790 791 nr_grant_frames = new_nr_grant_frames; 792 793 check_free_callbacks(); 794 795 return 0; 796 797 grow_nomem: 798 for ( ; i >= nr_glist_frames; i--) 799 free_page((unsigned long) gnttab_list[i]); 800 return -ENOMEM; 801 } 802 803 static unsigned int __max_nr_grant_frames(void) 804 { 805 struct gnttab_query_size query; 806 int rc; 807 808 query.dom = DOMID_SELF; 809 810 rc = HYPERVISOR_grant_table_op(GNTTABOP_query_size, &query, 1); 811 if ((rc < 0) || (query.status != GNTST_okay)) 812 return 4; /* Legacy max supported number of frames */ 813 814 return query.max_nr_frames; 815 } 816 817 unsigned int gnttab_max_grant_frames(void) 818 { 819 unsigned int xen_max = __max_nr_grant_frames(); 820 821 if (xen_max > boot_max_nr_grant_frames) 822 return boot_max_nr_grant_frames; 823 return xen_max; 824 } 825 EXPORT_SYMBOL_GPL(gnttab_max_grant_frames); 826 827 /* Handling of paged out grant targets (GNTST_eagain) */ 828 #define MAX_DELAY 256 829 static inline void 830 gnttab_retry_eagain_gop(unsigned int cmd, void *gop, int16_t *status, 831 const char *func) 832 { 833 unsigned delay = 1; 834 835 do { 836 BUG_ON(HYPERVISOR_grant_table_op(cmd, gop, 1)); 837 if (*status == GNTST_eagain) 838 msleep(delay++); 839 } while ((*status == GNTST_eagain) && (delay < MAX_DELAY)); 840 841 if (delay >= MAX_DELAY) { 842 printk(KERN_ERR "%s: %s eagain grant\n", func, current->comm); 843 *status = GNTST_bad_page; 844 } 845 } 846 847 void gnttab_batch_map(struct gnttab_map_grant_ref *batch, unsigned count) 848 { 849 struct gnttab_map_grant_ref *op; 850 851 if (HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, batch, count)) 852 BUG(); 853 for (op = batch; op < batch + count; op++) 854 if (op->status == GNTST_eagain) 855 gnttab_retry_eagain_gop(GNTTABOP_map_grant_ref, op, 856 &op->status, __func__); 857 } 858 EXPORT_SYMBOL_GPL(gnttab_batch_map); 859 860 void gnttab_batch_copy(struct gnttab_copy *batch, unsigned count) 861 { 862 struct gnttab_copy *op; 863 864 if (HYPERVISOR_grant_table_op(GNTTABOP_copy, batch, count)) 865 BUG(); 866 for (op = batch; op < batch + count; op++) 867 if (op->status == GNTST_eagain) 868 gnttab_retry_eagain_gop(GNTTABOP_copy, op, 869 &op->status, __func__); 870 } 871 EXPORT_SYMBOL_GPL(gnttab_batch_copy); 872 873 int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops, 874 struct gnttab_map_grant_ref *kmap_ops, 875 struct page **pages, unsigned int count) 876 { 877 int i, ret; 878 bool lazy = false; 879 pte_t *pte; 880 unsigned long mfn; 881 882 ret = HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, map_ops, count); 883 if (ret) 884 return ret; 885 886 /* Retry eagain maps */ 887 for (i = 0; i < count; i++) 888 if (map_ops[i].status == GNTST_eagain) 889 gnttab_retry_eagain_gop(GNTTABOP_map_grant_ref, map_ops + i, 890 &map_ops[i].status, __func__); 891 892 if (xen_feature(XENFEAT_auto_translated_physmap)) 893 return ret; 894 895 if (!in_interrupt() && paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE) { 896 arch_enter_lazy_mmu_mode(); 897 lazy = true; 898 } 899 900 for (i = 0; i < count; i++) { 901 /* Do not add to override if the map failed. */ 902 if (map_ops[i].status) 903 continue; 904 905 if (map_ops[i].flags & GNTMAP_contains_pte) { 906 pte = (pte_t *) (mfn_to_virt(PFN_DOWN(map_ops[i].host_addr)) + 907 (map_ops[i].host_addr & ~PAGE_MASK)); 908 mfn = pte_mfn(*pte); 909 } else { 910 mfn = PFN_DOWN(map_ops[i].dev_bus_addr); 911 } 912 ret = m2p_add_override(mfn, pages[i], kmap_ops ? 913 &kmap_ops[i] : NULL); 914 if (ret) 915 return ret; 916 } 917 918 if (lazy) 919 arch_leave_lazy_mmu_mode(); 920 921 return ret; 922 } 923 EXPORT_SYMBOL_GPL(gnttab_map_refs); 924 925 int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, 926 struct gnttab_map_grant_ref *kmap_ops, 927 struct page **pages, unsigned int count) 928 { 929 int i, ret; 930 bool lazy = false; 931 932 ret = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, unmap_ops, count); 933 if (ret) 934 return ret; 935 936 if (xen_feature(XENFEAT_auto_translated_physmap)) 937 return ret; 938 939 if (!in_interrupt() && paravirt_get_lazy_mode() == PARAVIRT_LAZY_NONE) { 940 arch_enter_lazy_mmu_mode(); 941 lazy = true; 942 } 943 944 for (i = 0; i < count; i++) { 945 ret = m2p_remove_override(pages[i], kmap_ops ? 946 &kmap_ops[i] : NULL); 947 if (ret) 948 return ret; 949 } 950 951 if (lazy) 952 arch_leave_lazy_mmu_mode(); 953 954 return ret; 955 } 956 EXPORT_SYMBOL_GPL(gnttab_unmap_refs); 957 958 static unsigned nr_status_frames(unsigned nr_grant_frames) 959 { 960 return (nr_grant_frames * GREFS_PER_GRANT_FRAME + SPP - 1) / SPP; 961 } 962 963 static int gnttab_map_frames_v1(xen_pfn_t *frames, unsigned int nr_gframes) 964 { 965 int rc; 966 967 rc = arch_gnttab_map_shared(frames, nr_gframes, 968 gnttab_max_grant_frames(), 969 &gnttab_shared.addr); 970 BUG_ON(rc); 971 972 return 0; 973 } 974 975 static void gnttab_unmap_frames_v1(void) 976 { 977 arch_gnttab_unmap(gnttab_shared.addr, nr_grant_frames); 978 } 979 980 static int gnttab_map_frames_v2(xen_pfn_t *frames, unsigned int nr_gframes) 981 { 982 uint64_t *sframes; 983 unsigned int nr_sframes; 984 struct gnttab_get_status_frames getframes; 985 int rc; 986 987 nr_sframes = nr_status_frames(nr_gframes); 988 989 /* No need for kzalloc as it is initialized in following hypercall 990 * GNTTABOP_get_status_frames. 991 */ 992 sframes = kmalloc(nr_sframes * sizeof(uint64_t), GFP_ATOMIC); 993 if (!sframes) 994 return -ENOMEM; 995 996 getframes.dom = DOMID_SELF; 997 getframes.nr_frames = nr_sframes; 998 set_xen_guest_handle(getframes.frame_list, sframes); 999 1000 rc = HYPERVISOR_grant_table_op(GNTTABOP_get_status_frames, 1001 &getframes, 1); 1002 if (rc == -ENOSYS) { 1003 kfree(sframes); 1004 return -ENOSYS; 1005 } 1006 1007 BUG_ON(rc || getframes.status); 1008 1009 rc = arch_gnttab_map_status(sframes, nr_sframes, 1010 nr_status_frames(gnttab_max_grant_frames()), 1011 &grstatus); 1012 BUG_ON(rc); 1013 kfree(sframes); 1014 1015 rc = arch_gnttab_map_shared(frames, nr_gframes, 1016 gnttab_max_grant_frames(), 1017 &gnttab_shared.addr); 1018 BUG_ON(rc); 1019 1020 return 0; 1021 } 1022 1023 static void gnttab_unmap_frames_v2(void) 1024 { 1025 arch_gnttab_unmap(gnttab_shared.addr, nr_grant_frames); 1026 arch_gnttab_unmap(grstatus, nr_status_frames(nr_grant_frames)); 1027 } 1028 1029 static int gnttab_map(unsigned int start_idx, unsigned int end_idx) 1030 { 1031 struct gnttab_setup_table setup; 1032 xen_pfn_t *frames; 1033 unsigned int nr_gframes = end_idx + 1; 1034 int rc; 1035 1036 if (xen_hvm_domain()) { 1037 struct xen_add_to_physmap xatp; 1038 unsigned int i = end_idx; 1039 rc = 0; 1040 /* 1041 * Loop backwards, so that the first hypercall has the largest 1042 * index, ensuring that the table will grow only once. 1043 */ 1044 do { 1045 xatp.domid = DOMID_SELF; 1046 xatp.idx = i; 1047 xatp.space = XENMAPSPACE_grant_table; 1048 xatp.gpfn = (xen_hvm_resume_frames >> PAGE_SHIFT) + i; 1049 rc = HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp); 1050 if (rc != 0) { 1051 printk(KERN_WARNING 1052 "grant table add_to_physmap failed, err=%d\n", rc); 1053 break; 1054 } 1055 } while (i-- > start_idx); 1056 1057 return rc; 1058 } 1059 1060 /* No need for kzalloc as it is initialized in following hypercall 1061 * GNTTABOP_setup_table. 1062 */ 1063 frames = kmalloc(nr_gframes * sizeof(unsigned long), GFP_ATOMIC); 1064 if (!frames) 1065 return -ENOMEM; 1066 1067 setup.dom = DOMID_SELF; 1068 setup.nr_frames = nr_gframes; 1069 set_xen_guest_handle(setup.frame_list, frames); 1070 1071 rc = HYPERVISOR_grant_table_op(GNTTABOP_setup_table, &setup, 1); 1072 if (rc == -ENOSYS) { 1073 kfree(frames); 1074 return -ENOSYS; 1075 } 1076 1077 BUG_ON(rc || setup.status); 1078 1079 rc = gnttab_interface->map_frames(frames, nr_gframes); 1080 1081 kfree(frames); 1082 1083 return rc; 1084 } 1085 1086 static struct gnttab_ops gnttab_v1_ops = { 1087 .map_frames = gnttab_map_frames_v1, 1088 .unmap_frames = gnttab_unmap_frames_v1, 1089 .update_entry = gnttab_update_entry_v1, 1090 .end_foreign_access_ref = gnttab_end_foreign_access_ref_v1, 1091 .end_foreign_transfer_ref = gnttab_end_foreign_transfer_ref_v1, 1092 .query_foreign_access = gnttab_query_foreign_access_v1, 1093 }; 1094 1095 static struct gnttab_ops gnttab_v2_ops = { 1096 .map_frames = gnttab_map_frames_v2, 1097 .unmap_frames = gnttab_unmap_frames_v2, 1098 .update_entry = gnttab_update_entry_v2, 1099 .end_foreign_access_ref = gnttab_end_foreign_access_ref_v2, 1100 .end_foreign_transfer_ref = gnttab_end_foreign_transfer_ref_v2, 1101 .query_foreign_access = gnttab_query_foreign_access_v2, 1102 .update_subpage_entry = gnttab_update_subpage_entry_v2, 1103 .update_trans_entry = gnttab_update_trans_entry_v2, 1104 }; 1105 1106 static void gnttab_request_version(void) 1107 { 1108 int rc; 1109 struct gnttab_set_version gsv; 1110 1111 if (xen_hvm_domain()) 1112 gsv.version = 1; 1113 else 1114 gsv.version = 2; 1115 rc = HYPERVISOR_grant_table_op(GNTTABOP_set_version, &gsv, 1); 1116 if (rc == 0 && gsv.version == 2) { 1117 grant_table_version = 2; 1118 gnttab_interface = &gnttab_v2_ops; 1119 } else if (grant_table_version == 2) { 1120 /* 1121 * If we've already used version 2 features, 1122 * but then suddenly discover that they're not 1123 * available (e.g. migrating to an older 1124 * version of Xen), almost unbounded badness 1125 * can happen. 1126 */ 1127 panic("we need grant tables version 2, but only version 1 is available"); 1128 } else { 1129 grant_table_version = 1; 1130 gnttab_interface = &gnttab_v1_ops; 1131 } 1132 printk(KERN_INFO "Grant tables using version %d layout.\n", 1133 grant_table_version); 1134 } 1135 1136 int gnttab_resume(void) 1137 { 1138 unsigned int max_nr_gframes; 1139 1140 gnttab_request_version(); 1141 max_nr_gframes = gnttab_max_grant_frames(); 1142 if (max_nr_gframes < nr_grant_frames) 1143 return -ENOSYS; 1144 1145 if (xen_pv_domain()) 1146 return gnttab_map(0, nr_grant_frames - 1); 1147 1148 if (gnttab_shared.addr == NULL) { 1149 gnttab_shared.addr = ioremap(xen_hvm_resume_frames, 1150 PAGE_SIZE * max_nr_gframes); 1151 if (gnttab_shared.addr == NULL) { 1152 printk(KERN_WARNING 1153 "Failed to ioremap gnttab share frames!"); 1154 return -ENOMEM; 1155 } 1156 } 1157 1158 gnttab_map(0, nr_grant_frames - 1); 1159 1160 return 0; 1161 } 1162 1163 int gnttab_suspend(void) 1164 { 1165 gnttab_interface->unmap_frames(); 1166 return 0; 1167 } 1168 1169 static int gnttab_expand(unsigned int req_entries) 1170 { 1171 int rc; 1172 unsigned int cur, extra; 1173 1174 cur = nr_grant_frames; 1175 extra = ((req_entries + (GREFS_PER_GRANT_FRAME-1)) / 1176 GREFS_PER_GRANT_FRAME); 1177 if (cur + extra > gnttab_max_grant_frames()) 1178 return -ENOSPC; 1179 1180 rc = gnttab_map(cur, cur + extra - 1); 1181 if (rc == 0) 1182 rc = grow_gnttab_list(extra); 1183 1184 return rc; 1185 } 1186 1187 int gnttab_init(void) 1188 { 1189 int i; 1190 unsigned int max_nr_glist_frames, nr_glist_frames; 1191 unsigned int nr_init_grefs; 1192 int ret; 1193 1194 nr_grant_frames = 1; 1195 boot_max_nr_grant_frames = __max_nr_grant_frames(); 1196 1197 /* Determine the maximum number of frames required for the 1198 * grant reference free list on the current hypervisor. 1199 */ 1200 max_nr_glist_frames = (boot_max_nr_grant_frames * 1201 GREFS_PER_GRANT_FRAME / RPP); 1202 1203 gnttab_list = kmalloc(max_nr_glist_frames * sizeof(grant_ref_t *), 1204 GFP_KERNEL); 1205 if (gnttab_list == NULL) 1206 return -ENOMEM; 1207 1208 nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; 1209 for (i = 0; i < nr_glist_frames; i++) { 1210 gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_KERNEL); 1211 if (gnttab_list[i] == NULL) { 1212 ret = -ENOMEM; 1213 goto ini_nomem; 1214 } 1215 } 1216 1217 if (gnttab_resume() < 0) { 1218 ret = -ENODEV; 1219 goto ini_nomem; 1220 } 1221 1222 nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME; 1223 1224 for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++) 1225 gnttab_entry(i) = i + 1; 1226 1227 gnttab_entry(nr_init_grefs - 1) = GNTTAB_LIST_END; 1228 gnttab_free_count = nr_init_grefs - NR_RESERVED_ENTRIES; 1229 gnttab_free_head = NR_RESERVED_ENTRIES; 1230 1231 printk("Grant table initialized\n"); 1232 return 0; 1233 1234 ini_nomem: 1235 for (i--; i >= 0; i--) 1236 free_page((unsigned long)gnttab_list[i]); 1237 kfree(gnttab_list); 1238 return ret; 1239 } 1240 EXPORT_SYMBOL_GPL(gnttab_init); 1241 1242 static int __devinit __gnttab_init(void) 1243 { 1244 /* Delay grant-table initialization in the PV on HVM case */ 1245 if (xen_hvm_domain()) 1246 return 0; 1247 1248 if (!xen_pv_domain()) 1249 return -ENODEV; 1250 1251 return gnttab_init(); 1252 } 1253 1254 core_initcall(__gnttab_init); 1255