1 /******************************************************************************
4 * Two sets of functionality:
5 * 1. Granting foreign access to our memory reservation.
6 * 2. Accessing others' memory reservations via grant references.
7 * (i.e., mechanisms for both sender and recipient of grant references)
9 * Copyright (c) 2005, Christopher Clark
10 * Copyright (c) 2004, K A Fraser
13 #include <sys/cdefs.h>
14 __FBSDID("$FreeBSD$");
18 #include <sys/param.h>
19 #include <sys/systm.h>
22 #include <sys/module.h>
23 #include <sys/kernel.h>
25 #include <sys/malloc.h>
27 #include <sys/limits.h>
29 #include <machine/resource.h>
31 #include <xen/xen-os.h>
32 #include <xen/hypervisor.h>
33 #include <machine/xen/synch_bitops.h>
35 #include <xen/hypervisor.h>
36 #include <xen/gnttab.h>
39 #include <vm/vm_kern.h>
40 #include <vm/vm_extern.h>
43 #define cmpxchg(a, b, c) atomic_cmpset_int((volatile u_int *)(a),(b),(c))
45 /* External tools reserve first few grant table entries. */
46 #define NR_RESERVED_ENTRIES 8
47 #define GREFS_PER_GRANT_FRAME (PAGE_SIZE / sizeof(grant_entry_t))
49 static grant_ref_t **gnttab_list;
50 static unsigned int nr_grant_frames;
51 static unsigned int boot_max_nr_grant_frames;
52 static int gnttab_free_count;
53 static grant_ref_t gnttab_free_head;
54 static struct mtx gnttab_list_lock;
57 * Resource representing allocated physical address space
58 * for the grant table metainfo
60 static struct resource *gnttab_pseudo_phys_res;
62 /* Resource id for allocated physical address space. */
63 static int gnttab_pseudo_phys_res_id;
65 static grant_entry_t *shared;
67 static struct gnttab_free_callback *gnttab_free_callback_list = NULL;
69 static int gnttab_expand(unsigned int req_entries);
71 #define RPP (PAGE_SIZE / sizeof(grant_ref_t))
72 #define gnttab_entry(entry) (gnttab_list[(entry) / RPP][(entry) % RPP])
75 get_free_entries(int count, int *entries)
80 mtx_lock(&gnttab_list_lock);
81 if ((gnttab_free_count < count) &&
82 ((error = gnttab_expand(count - gnttab_free_count)) != 0)) {
83 mtx_unlock(&gnttab_list_lock);
86 ref = head = gnttab_free_head;
87 gnttab_free_count -= count;
89 head = gnttab_entry(head);
90 gnttab_free_head = gnttab_entry(head);
91 gnttab_entry(head) = GNTTAB_LIST_END;
92 mtx_unlock(&gnttab_list_lock);
99 do_free_callbacks(void)
101 struct gnttab_free_callback *callback, *next;
103 callback = gnttab_free_callback_list;
104 gnttab_free_callback_list = NULL;
106 while (callback != NULL) {
107 next = callback->next;
108 if (gnttab_free_count >= callback->count) {
109 callback->next = NULL;
110 callback->fn(callback->arg);
112 callback->next = gnttab_free_callback_list;
113 gnttab_free_callback_list = callback;
120 check_free_callbacks(void)
122 if (__predict_false(gnttab_free_callback_list != NULL))
127 put_free_entry(grant_ref_t ref)
130 mtx_lock(&gnttab_list_lock);
131 gnttab_entry(ref) = gnttab_free_head;
132 gnttab_free_head = ref;
134 check_free_callbacks();
135 mtx_unlock(&gnttab_list_lock);
139 * Public grant-issuing interface functions
143 gnttab_grant_foreign_access(domid_t domid, unsigned long frame, int readonly,
148 error = get_free_entries(1, &ref);
150 if (__predict_false(error))
153 shared[ref].frame = frame;
154 shared[ref].domid = domid;
156 shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0);
165 gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid,
166 unsigned long frame, int readonly)
169 shared[ref].frame = frame;
170 shared[ref].domid = domid;
172 shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0);
176 gnttab_query_foreign_access(grant_ref_t ref)
180 nflags = shared[ref].flags;
182 return (nflags & (GTF_reading|GTF_writing));
186 gnttab_end_foreign_access_ref(grant_ref_t ref)
188 uint16_t flags, nflags;
190 nflags = shared[ref].flags;
192 if ( (flags = nflags) & (GTF_reading|GTF_writing) ) {
193 printf("%s: WARNING: g.e. still in use!\n", __func__);
196 } while ((nflags = synch_cmpxchg(&shared[ref].flags, flags, 0)) !=
203 gnttab_end_foreign_access(grant_ref_t ref, void *page)
205 if (gnttab_end_foreign_access_ref(ref)) {
208 free(page, M_DEVBUF);
212 /* XXX This needs to be fixed so that the ref and page are
213 placed on a list to be freed up later. */
214 printf("%s: WARNING: leaking g.e. and page still in use!\n",
220 gnttab_end_foreign_access_references(u_int count, grant_ref_t *refs)
222 grant_ref_t *last_ref;
226 head = GNTTAB_LIST_END;
228 last_ref = refs + count;
229 while (refs != last_ref) {
231 if (gnttab_end_foreign_access_ref(*refs)) {
232 gnttab_entry(*refs) = head;
236 * XXX This needs to be fixed so that the ref
237 * is placed on a list to be freed up later.
239 printf("%s: WARNING: leaking g.e. still in use!\n",
247 mtx_lock(&gnttab_list_lock);
248 gnttab_free_count += count;
249 gnttab_entry(tail) = gnttab_free_head;
250 gnttab_free_head = head;
251 mtx_unlock(&gnttab_list_lock);
256 gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn,
261 error = get_free_entries(1, &ref);
262 if (__predict_false(error))
265 gnttab_grant_foreign_transfer_ref(ref, domid, pfn);
272 gnttab_grant_foreign_transfer_ref(grant_ref_t ref, domid_t domid,
275 shared[ref].frame = pfn;
276 shared[ref].domid = domid;
278 shared[ref].flags = GTF_accept_transfer;
282 gnttab_end_foreign_transfer_ref(grant_ref_t ref)
288 * If a transfer is not even yet started, try to reclaim the grant
289 * reference and return failure (== 0).
291 while (!((flags = shared[ref].flags) & GTF_transfer_committed)) {
292 if ( synch_cmpxchg(&shared[ref].flags, flags, 0) == flags )
297 /* If a transfer is in progress then wait until it is completed. */
298 while (!(flags & GTF_transfer_completed)) {
299 flags = shared[ref].flags;
303 /* Read the frame number /after/ reading completion status. */
305 frame = shared[ref].frame;
306 KASSERT(frame != 0, ("grant table inconsistent"));
312 gnttab_end_foreign_transfer(grant_ref_t ref)
314 unsigned long frame = gnttab_end_foreign_transfer_ref(ref);
321 gnttab_free_grant_reference(grant_ref_t ref)
328 gnttab_free_grant_references(grant_ref_t head)
333 if (head == GNTTAB_LIST_END)
337 while (gnttab_entry(ref) != GNTTAB_LIST_END) {
338 ref = gnttab_entry(ref);
341 mtx_lock(&gnttab_list_lock);
342 gnttab_entry(ref) = gnttab_free_head;
343 gnttab_free_head = head;
344 gnttab_free_count += count;
345 check_free_callbacks();
346 mtx_unlock(&gnttab_list_lock);
350 gnttab_alloc_grant_references(uint16_t count, grant_ref_t *head)
354 error = get_free_entries(count, &ref);
355 if (__predict_false(error))
363 gnttab_empty_grant_references(const grant_ref_t *private_head)
366 return (*private_head == GNTTAB_LIST_END);
370 gnttab_claim_grant_reference(grant_ref_t *private_head)
372 grant_ref_t g = *private_head;
374 if (__predict_false(g == GNTTAB_LIST_END))
376 *private_head = gnttab_entry(g);
381 gnttab_release_grant_reference(grant_ref_t *private_head, grant_ref_t release)
384 gnttab_entry(release) = *private_head;
385 *private_head = release;
389 gnttab_request_free_callback(struct gnttab_free_callback *callback,
390 void (*fn)(void *), void *arg, uint16_t count)
393 mtx_lock(&gnttab_list_lock);
398 callback->count = count;
399 callback->next = gnttab_free_callback_list;
400 gnttab_free_callback_list = callback;
401 check_free_callbacks();
403 mtx_unlock(&gnttab_list_lock);
408 gnttab_cancel_free_callback(struct gnttab_free_callback *callback)
410 struct gnttab_free_callback **pcb;
412 mtx_lock(&gnttab_list_lock);
413 for (pcb = &gnttab_free_callback_list; *pcb; pcb = &(*pcb)->next) {
414 if (*pcb == callback) {
415 *pcb = callback->next;
419 mtx_unlock(&gnttab_list_lock);
424 grow_gnttab_list(unsigned int more_frames)
426 unsigned int new_nr_grant_frames, extra_entries, i;
428 new_nr_grant_frames = nr_grant_frames + more_frames;
429 extra_entries = more_frames * GREFS_PER_GRANT_FRAME;
431 for (i = nr_grant_frames; i < new_nr_grant_frames; i++)
433 gnttab_list[i] = (grant_ref_t *)
434 malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT);
440 for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames;
441 i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++)
442 gnttab_entry(i) = i + 1;
444 gnttab_entry(i) = gnttab_free_head;
445 gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames;
446 gnttab_free_count += extra_entries;
448 nr_grant_frames = new_nr_grant_frames;
450 check_free_callbacks();
455 for ( ; i >= nr_grant_frames; i--)
456 free(gnttab_list[i], M_DEVBUF);
461 __max_nr_grant_frames(void)
463 struct gnttab_query_size query;
466 query.dom = DOMID_SELF;
468 rc = HYPERVISOR_grant_table_op(GNTTABOP_query_size, &query, 1);
469 if ((rc < 0) || (query.status != GNTST_okay))
470 return (4); /* Legacy max supported number of frames */
472 return (query.max_nr_frames);
476 unsigned int max_nr_grant_frames(void)
478 unsigned int xen_max = __max_nr_grant_frames();
480 if (xen_max > boot_max_nr_grant_frames)
481 return (boot_max_nr_grant_frames);
487 * XXX needed for backend support
491 map_pte_fn(pte_t *pte, struct page *pmd_page,
492 unsigned long addr, void *data)
494 unsigned long **frames = (unsigned long **)data;
496 set_pte_at(&init_mm, addr, pte, pfn_pte_ma((*frames)[0], PAGE_KERNEL));
502 unmap_pte_fn(pte_t *pte, struct page *pmd_page,
503 unsigned long addr, void *data)
506 set_pte_at(&init_mm, addr, pte, __pte(0));
511 static vm_paddr_t resume_frames;
514 gnttab_map(unsigned int start_idx, unsigned int end_idx)
516 struct xen_add_to_physmap xatp;
517 unsigned int i = end_idx;
520 * Loop backwards, so that the first hypercall has the largest index,
521 * ensuring that the table will grow only once.
524 xatp.domid = DOMID_SELF;
526 xatp.space = XENMAPSPACE_grant_table;
527 xatp.gpfn = (resume_frames >> PAGE_SHIFT) + i;
528 if (HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp))
529 panic("HYPERVISOR_memory_op failed to map gnttab");
530 } while (i-- > start_idx);
532 if (shared == NULL) {
535 area = kva_alloc(PAGE_SIZE * max_nr_grant_frames());
536 KASSERT(area, ("can't allocate VM space for grant table"));
537 shared = (grant_entry_t *)area;
540 for (i = start_idx; i <= end_idx; i++) {
541 pmap_kenter((vm_offset_t) shared + i * PAGE_SIZE,
542 resume_frames + i * PAGE_SIZE);
549 gnttab_resume(device_t dev)
551 unsigned int max_nr_gframes, nr_gframes;
553 nr_gframes = nr_grant_frames;
554 max_nr_gframes = max_nr_grant_frames();
555 if (max_nr_gframes < nr_gframes)
558 if (!resume_frames) {
560 ("No resume frames and no device provided"));
562 gnttab_pseudo_phys_res = bus_alloc_resource(dev,
563 SYS_RES_MEMORY, &gnttab_pseudo_phys_res_id, 0, ~0,
564 PAGE_SIZE * max_nr_gframes, RF_ACTIVE);
565 if (gnttab_pseudo_phys_res == NULL)
566 panic("Unable to reserve physical memory for gnttab");
567 resume_frames = rman_get_start(gnttab_pseudo_phys_res);
570 return (gnttab_map(0, nr_gframes - 1));
574 gnttab_expand(unsigned int req_entries)
577 unsigned int cur, extra;
579 cur = nr_grant_frames;
580 extra = ((req_entries + (GREFS_PER_GRANT_FRAME-1)) /
581 GREFS_PER_GRANT_FRAME);
582 if (cur + extra > max_nr_grant_frames())
585 error = gnttab_map(cur, cur + extra - 1);
587 error = grow_gnttab_list(extra);
592 MTX_SYSINIT(gnttab, &gnttab_list_lock, "GNTTAB LOCK", MTX_DEF);
594 /*------------------ Private Device Attachment Functions --------------------*/
596 * \brief Identify instances of this device type in the system.
598 * \param driver The driver performing this identify action.
599 * \param parent The NewBus parent device for any devices this method adds.
602 granttable_identify(driver_t *driver __unused, device_t parent)
605 KASSERT(xen_domain(),
606 ("Trying to attach grant-table device on non Xen domain"));
608 * A single device instance for our driver is always present
609 * in a system operating under Xen.
611 if (BUS_ADD_CHILD(parent, 0, driver->name, 0) == NULL)
612 panic("unable to attach Xen Grant-table device");
616 * \brief Probe for the existence of the Xen Grant-table device
618 * \param dev NewBus device_t for this instance.
620 * \return Always returns 0 indicating success.
623 granttable_probe(device_t dev)
626 device_set_desc(dev, "Xen Grant-table Device");
627 return (BUS_PROBE_NOWILDCARD);
631 * \brief Attach the Xen Grant-table device.
633 * \param dev NewBus device_t for this instance.
635 * \return On success, 0. Otherwise an errno value indicating the
639 granttable_attach(device_t dev)
642 unsigned int max_nr_glist_frames;
643 unsigned int nr_init_grefs;
646 boot_max_nr_grant_frames = __max_nr_grant_frames();
648 /* Determine the maximum number of frames required for the
649 * grant reference free list on the current hypervisor.
651 max_nr_glist_frames = (boot_max_nr_grant_frames *
652 GREFS_PER_GRANT_FRAME /
653 (PAGE_SIZE / sizeof(grant_ref_t)));
655 gnttab_list = malloc(max_nr_glist_frames * sizeof(grant_ref_t *),
658 if (gnttab_list == NULL)
661 for (i = 0; i < nr_grant_frames; i++) {
662 gnttab_list[i] = (grant_ref_t *)
663 malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT);
664 if (gnttab_list[i] == NULL)
668 if (gnttab_resume(dev))
671 nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME;
673 for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++)
674 gnttab_entry(i) = i + 1;
676 gnttab_entry(nr_init_grefs - 1) = GNTTAB_LIST_END;
677 gnttab_free_count = nr_init_grefs - NR_RESERVED_ENTRIES;
678 gnttab_free_head = NR_RESERVED_ENTRIES;
681 printf("Grant table initialized\n");
686 for (i--; i >= 0; i--)
687 free(gnttab_list[i], M_DEVBUF);
688 free(gnttab_list, M_DEVBUF);
692 /*-------------------- Private Device Attachment Data -----------------------*/
693 static device_method_t granttable_methods[] = {
694 /* Device interface */
695 DEVMETHOD(device_identify, granttable_identify),
696 DEVMETHOD(device_probe, granttable_probe),
697 DEVMETHOD(device_attach, granttable_attach),
702 DEFINE_CLASS_0(granttable, granttable_driver, granttable_methods, 0);
703 devclass_t granttable_devclass;
705 DRIVER_MODULE_ORDERED(granttable, xenpv, granttable_driver, granttable_devclass,
706 NULL, NULL, SI_ORDER_FIRST);