1 /******************************************************************************
4 * Two sets of functionality:
5 * 1. Granting foreign access to our memory reservation.
6 * 2. Accessing others' memory reservations via grant references.
7 * (i.e., mechanisms for both sender and recipient of grant references)
9 * Copyright (c) 2005, Christopher Clark
10 * Copyright (c) 2004, K A Fraser
13 #include <sys/cdefs.h>
14 __FBSDID("$FreeBSD$");
16 #include "opt_global.h"
19 #include <sys/param.h>
20 #include <sys/systm.h>
23 #include <sys/module.h>
24 #include <sys/kernel.h>
26 #include <sys/malloc.h>
29 #include <xen/xen-os.h>
30 #include <xen/hypervisor.h>
31 #include <machine/xen/synch_bitops.h>
33 #include <xen/hypervisor.h>
34 #include <xen/gnttab.h>
37 #include <vm/vm_kern.h>
38 #include <vm/vm_extern.h>
41 #define cmpxchg(a, b, c) atomic_cmpset_int((volatile u_int *)(a),(b),(c))
43 /* External tools reserve first few grant table entries. */
44 #define NR_RESERVED_ENTRIES 8
45 #define GREFS_PER_GRANT_FRAME (PAGE_SIZE / sizeof(grant_entry_t))
47 static grant_ref_t **gnttab_list;
48 static unsigned int nr_grant_frames;
49 static unsigned int boot_max_nr_grant_frames;
50 static int gnttab_free_count;
51 static grant_ref_t gnttab_free_head;
52 static struct mtx gnttab_list_lock;
54 static grant_entry_t *shared;
56 static struct gnttab_free_callback *gnttab_free_callback_list = NULL;
58 static int gnttab_expand(unsigned int req_entries);
60 #define RPP (PAGE_SIZE / sizeof(grant_ref_t))
61 #define gnttab_entry(entry) (gnttab_list[(entry) / RPP][(entry) % RPP])
64 get_free_entries(int count, int *entries)
69 mtx_lock(&gnttab_list_lock);
70 if ((gnttab_free_count < count) &&
71 ((error = gnttab_expand(count - gnttab_free_count)) != 0)) {
72 mtx_unlock(&gnttab_list_lock);
75 ref = head = gnttab_free_head;
76 gnttab_free_count -= count;
78 head = gnttab_entry(head);
79 gnttab_free_head = gnttab_entry(head);
80 gnttab_entry(head) = GNTTAB_LIST_END;
81 mtx_unlock(&gnttab_list_lock);
88 do_free_callbacks(void)
90 struct gnttab_free_callback *callback, *next;
92 callback = gnttab_free_callback_list;
93 gnttab_free_callback_list = NULL;
95 while (callback != NULL) {
96 next = callback->next;
97 if (gnttab_free_count >= callback->count) {
98 callback->next = NULL;
99 callback->fn(callback->arg);
101 callback->next = gnttab_free_callback_list;
102 gnttab_free_callback_list = callback;
109 check_free_callbacks(void)
111 if (__predict_false(gnttab_free_callback_list != NULL))
116 put_free_entry(grant_ref_t ref)
119 mtx_lock(&gnttab_list_lock);
120 gnttab_entry(ref) = gnttab_free_head;
121 gnttab_free_head = ref;
123 check_free_callbacks();
124 mtx_unlock(&gnttab_list_lock);
128 * Public grant-issuing interface functions
132 gnttab_grant_foreign_access(domid_t domid, unsigned long frame, int readonly,
137 error = get_free_entries(1, &ref);
139 if (__predict_false(error))
142 shared[ref].frame = frame;
143 shared[ref].domid = domid;
145 shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0);
154 gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid,
155 unsigned long frame, int readonly)
158 shared[ref].frame = frame;
159 shared[ref].domid = domid;
161 shared[ref].flags = GTF_permit_access | (readonly ? GTF_readonly : 0);
165 gnttab_query_foreign_access(grant_ref_t ref)
169 nflags = shared[ref].flags;
171 return (nflags & (GTF_reading|GTF_writing));
175 gnttab_end_foreign_access_ref(grant_ref_t ref)
177 uint16_t flags, nflags;
179 nflags = shared[ref].flags;
181 if ( (flags = nflags) & (GTF_reading|GTF_writing) ) {
182 printf("%s: WARNING: g.e. still in use!\n", __func__);
185 } while ((nflags = synch_cmpxchg(&shared[ref].flags, flags, 0)) !=
192 gnttab_end_foreign_access(grant_ref_t ref, void *page)
194 if (gnttab_end_foreign_access_ref(ref)) {
197 free(page, M_DEVBUF);
201 /* XXX This needs to be fixed so that the ref and page are
202 placed on a list to be freed up later. */
203 printf("%s: WARNING: leaking g.e. and page still in use!\n",
209 gnttab_end_foreign_access_references(u_int count, grant_ref_t *refs)
211 grant_ref_t *last_ref;
215 head = GNTTAB_LIST_END;
217 last_ref = refs + count;
218 while (refs != last_ref) {
220 if (gnttab_end_foreign_access_ref(*refs)) {
221 gnttab_entry(*refs) = head;
225 * XXX This needs to be fixed so that the ref
226 * is placed on a list to be freed up later.
228 printf("%s: WARNING: leaking g.e. still in use!\n",
236 mtx_lock(&gnttab_list_lock);
237 gnttab_free_count += count;
238 gnttab_entry(tail) = gnttab_free_head;
239 gnttab_free_head = head;
240 mtx_unlock(&gnttab_list_lock);
245 gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn,
250 error = get_free_entries(1, &ref);
251 if (__predict_false(error))
254 gnttab_grant_foreign_transfer_ref(ref, domid, pfn);
261 gnttab_grant_foreign_transfer_ref(grant_ref_t ref, domid_t domid,
264 shared[ref].frame = pfn;
265 shared[ref].domid = domid;
267 shared[ref].flags = GTF_accept_transfer;
271 gnttab_end_foreign_transfer_ref(grant_ref_t ref)
277 * If a transfer is not even yet started, try to reclaim the grant
278 * reference and return failure (== 0).
280 while (!((flags = shared[ref].flags) & GTF_transfer_committed)) {
281 if ( synch_cmpxchg(&shared[ref].flags, flags, 0) == flags )
286 /* If a transfer is in progress then wait until it is completed. */
287 while (!(flags & GTF_transfer_completed)) {
288 flags = shared[ref].flags;
292 /* Read the frame number /after/ reading completion status. */
294 frame = shared[ref].frame;
295 KASSERT(frame != 0, ("grant table inconsistent"));
301 gnttab_end_foreign_transfer(grant_ref_t ref)
303 unsigned long frame = gnttab_end_foreign_transfer_ref(ref);
310 gnttab_free_grant_reference(grant_ref_t ref)
317 gnttab_free_grant_references(grant_ref_t head)
322 if (head == GNTTAB_LIST_END)
326 while (gnttab_entry(ref) != GNTTAB_LIST_END) {
327 ref = gnttab_entry(ref);
330 mtx_lock(&gnttab_list_lock);
331 gnttab_entry(ref) = gnttab_free_head;
332 gnttab_free_head = head;
333 gnttab_free_count += count;
334 check_free_callbacks();
335 mtx_unlock(&gnttab_list_lock);
339 gnttab_alloc_grant_references(uint16_t count, grant_ref_t *head)
343 error = get_free_entries(count, &ref);
344 if (__predict_false(error))
352 gnttab_empty_grant_references(const grant_ref_t *private_head)
355 return (*private_head == GNTTAB_LIST_END);
359 gnttab_claim_grant_reference(grant_ref_t *private_head)
361 grant_ref_t g = *private_head;
363 if (__predict_false(g == GNTTAB_LIST_END))
365 *private_head = gnttab_entry(g);
370 gnttab_release_grant_reference(grant_ref_t *private_head, grant_ref_t release)
373 gnttab_entry(release) = *private_head;
374 *private_head = release;
378 gnttab_request_free_callback(struct gnttab_free_callback *callback,
379 void (*fn)(void *), void *arg, uint16_t count)
382 mtx_lock(&gnttab_list_lock);
387 callback->count = count;
388 callback->next = gnttab_free_callback_list;
389 gnttab_free_callback_list = callback;
390 check_free_callbacks();
392 mtx_unlock(&gnttab_list_lock);
397 gnttab_cancel_free_callback(struct gnttab_free_callback *callback)
399 struct gnttab_free_callback **pcb;
401 mtx_lock(&gnttab_list_lock);
402 for (pcb = &gnttab_free_callback_list; *pcb; pcb = &(*pcb)->next) {
403 if (*pcb == callback) {
404 *pcb = callback->next;
408 mtx_unlock(&gnttab_list_lock);
413 grow_gnttab_list(unsigned int more_frames)
415 unsigned int new_nr_grant_frames, extra_entries, i;
417 new_nr_grant_frames = nr_grant_frames + more_frames;
418 extra_entries = more_frames * GREFS_PER_GRANT_FRAME;
420 for (i = nr_grant_frames; i < new_nr_grant_frames; i++)
422 gnttab_list[i] = (grant_ref_t *)
423 malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT);
429 for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames;
430 i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++)
431 gnttab_entry(i) = i + 1;
433 gnttab_entry(i) = gnttab_free_head;
434 gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames;
435 gnttab_free_count += extra_entries;
437 nr_grant_frames = new_nr_grant_frames;
439 check_free_callbacks();
444 for ( ; i >= nr_grant_frames; i--)
445 free(gnttab_list[i], M_DEVBUF);
450 __max_nr_grant_frames(void)
452 struct gnttab_query_size query;
455 query.dom = DOMID_SELF;
457 rc = HYPERVISOR_grant_table_op(GNTTABOP_query_size, &query, 1);
458 if ((rc < 0) || (query.status != GNTST_okay))
459 return (4); /* Legacy max supported number of frames */
461 return (query.max_nr_frames);
465 unsigned int max_nr_grant_frames(void)
467 unsigned int xen_max = __max_nr_grant_frames();
469 if (xen_max > boot_max_nr_grant_frames)
470 return (boot_max_nr_grant_frames);
476 * XXX needed for backend support
480 map_pte_fn(pte_t *pte, struct page *pmd_page,
481 unsigned long addr, void *data)
483 unsigned long **frames = (unsigned long **)data;
485 set_pte_at(&init_mm, addr, pte, pfn_pte_ma((*frames)[0], PAGE_KERNEL));
491 unmap_pte_fn(pte_t *pte, struct page *pmd_page,
492 unsigned long addr, void *data)
495 set_pte_at(&init_mm, addr, pte, __pte(0));
503 gnttab_map(unsigned int start_idx, unsigned int end_idx)
505 struct gnttab_setup_table setup;
508 unsigned int nr_gframes = end_idx + 1;
511 frames = malloc(nr_gframes * sizeof(unsigned long), M_DEVBUF, M_NOWAIT);
515 setup.dom = DOMID_SELF;
516 setup.nr_frames = nr_gframes;
517 set_xen_guest_handle(setup.frame_list, frames);
519 rc = HYPERVISOR_grant_table_op(GNTTABOP_setup_table, &setup, 1);
521 free(frames, M_DEVBUF);
524 KASSERT(!(rc || setup.status),
525 ("unexpected result from grant_table_op"));
527 if (shared == NULL) {
530 area = kva_alloc(PAGE_SIZE * max_nr_grant_frames());
531 KASSERT(area, ("can't allocate VM space for grant table"));
532 shared = (grant_entry_t *)area;
535 for (i = 0; i < nr_gframes; i++)
536 PT_SET_MA(((caddr_t)shared) + i*PAGE_SIZE,
537 ((vm_paddr_t)frames[i]) << PAGE_SHIFT | PG_RW | PG_V);
539 free(frames, M_DEVBUF);
548 if (max_nr_grant_frames() < nr_grant_frames)
550 return (gnttab_map(0, nr_grant_frames - 1));
558 for (i = 0; i < nr_grant_frames; i++)
559 pmap_kremove((vm_offset_t) shared + i * PAGE_SIZE);
566 #include <dev/xen/xenpci/xenpcivar.h>
568 static vm_paddr_t resume_frames;
571 gnttab_map(unsigned int start_idx, unsigned int end_idx)
573 struct xen_add_to_physmap xatp;
574 unsigned int i = end_idx;
577 * Loop backwards, so that the first hypercall has the largest index,
578 * ensuring that the table will grow only once.
581 xatp.domid = DOMID_SELF;
583 xatp.space = XENMAPSPACE_grant_table;
584 xatp.gpfn = (resume_frames >> PAGE_SHIFT) + i;
585 if (HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp))
586 panic("HYPERVISOR_memory_op failed to map gnttab");
587 } while (i-- > start_idx);
589 if (shared == NULL) {
592 area = kva_alloc(PAGE_SIZE * max_nr_grant_frames());
593 KASSERT(area, ("can't allocate VM space for grant table"));
594 shared = (grant_entry_t *)area;
597 for (i = start_idx; i <= end_idx; i++) {
598 pmap_kenter((vm_offset_t) shared + i * PAGE_SIZE,
599 resume_frames + i * PAGE_SIZE);
609 unsigned int max_nr_gframes, nr_gframes;
611 nr_gframes = nr_grant_frames;
612 max_nr_gframes = max_nr_grant_frames();
613 if (max_nr_gframes < nr_gframes)
616 if (!resume_frames) {
617 error = xenpci_alloc_space(PAGE_SIZE * max_nr_gframes,
620 printf("error mapping gnttab share frames\n");
625 return (gnttab_map(0, nr_gframes - 1));
631 gnttab_expand(unsigned int req_entries)
634 unsigned int cur, extra;
636 cur = nr_grant_frames;
637 extra = ((req_entries + (GREFS_PER_GRANT_FRAME-1)) /
638 GREFS_PER_GRANT_FRAME);
639 if (cur + extra > max_nr_grant_frames())
642 error = gnttab_map(cur, cur + extra - 1);
644 error = grow_gnttab_list(extra);
653 unsigned int max_nr_glist_frames;
654 unsigned int nr_init_grefs;
656 if (!is_running_on_xen())
660 boot_max_nr_grant_frames = __max_nr_grant_frames();
662 /* Determine the maximum number of frames required for the
663 * grant reference free list on the current hypervisor.
665 max_nr_glist_frames = (boot_max_nr_grant_frames *
666 GREFS_PER_GRANT_FRAME /
667 (PAGE_SIZE / sizeof(grant_ref_t)));
669 gnttab_list = malloc(max_nr_glist_frames * sizeof(grant_ref_t *),
672 if (gnttab_list == NULL)
675 for (i = 0; i < nr_grant_frames; i++) {
676 gnttab_list[i] = (grant_ref_t *)
677 malloc(PAGE_SIZE, M_DEVBUF, M_NOWAIT);
678 if (gnttab_list[i] == NULL)
685 nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME;
687 for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++)
688 gnttab_entry(i) = i + 1;
690 gnttab_entry(nr_init_grefs - 1) = GNTTAB_LIST_END;
691 gnttab_free_count = nr_init_grefs - NR_RESERVED_ENTRIES;
692 gnttab_free_head = NR_RESERVED_ENTRIES;
695 printf("Grant table initialized\n");
700 for (i--; i >= 0; i--)
701 free(gnttab_list[i], M_DEVBUF);
702 free(gnttab_list, M_DEVBUF);
707 MTX_SYSINIT(gnttab, &gnttab_list_lock, "GNTTAB LOCK", MTX_DEF);