1a28b0fc0SDavid Woodhouse /*
2a28b0fc0SDavid Woodhouse * QEMU Xen emulation: Grant table support
3a28b0fc0SDavid Woodhouse *
4a28b0fc0SDavid Woodhouse * Copyright © 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
5a28b0fc0SDavid Woodhouse *
6a28b0fc0SDavid Woodhouse * Authors: David Woodhouse <dwmw2@infradead.org>
7a28b0fc0SDavid Woodhouse *
8a28b0fc0SDavid Woodhouse * This work is licensed under the terms of the GNU GPL, version 2 or later.
9a28b0fc0SDavid Woodhouse * See the COPYING file in the top-level directory.
10a28b0fc0SDavid Woodhouse */
11a28b0fc0SDavid Woodhouse
12a28b0fc0SDavid Woodhouse #include "qemu/osdep.h"
13a28b0fc0SDavid Woodhouse #include "qemu/host-utils.h"
14a28b0fc0SDavid Woodhouse #include "qemu/module.h"
15a28b0fc0SDavid Woodhouse #include "qemu/lockable.h"
16a28b0fc0SDavid Woodhouse #include "qemu/main-loop.h"
17a28b0fc0SDavid Woodhouse #include "qapi/error.h"
18a28b0fc0SDavid Woodhouse #include "qom/object.h"
19a28b0fc0SDavid Woodhouse #include "exec/target_page.h"
20a28b0fc0SDavid Woodhouse #include "exec/address-spaces.h"
21a28b0fc0SDavid Woodhouse #include "migration/vmstate.h"
22a28b0fc0SDavid Woodhouse
23a28b0fc0SDavid Woodhouse #include "hw/sysbus.h"
24a28b0fc0SDavid Woodhouse #include "hw/xen/xen.h"
25b08d88e3SDavid Woodhouse #include "hw/xen/xen_backend_ops.h"
26a28b0fc0SDavid Woodhouse #include "xen_overlay.h"
27a28b0fc0SDavid Woodhouse #include "xen_gnttab.h"
28a72ccc7fSDavid Woodhouse #include "xen_primary_console.h"
29a28b0fc0SDavid Woodhouse
30a28b0fc0SDavid Woodhouse #include "sysemu/kvm.h"
31a28b0fc0SDavid Woodhouse #include "sysemu/kvm_xen.h"
32a28b0fc0SDavid Woodhouse
33a28b0fc0SDavid Woodhouse #include "hw/xen/interface/memory.h"
34a28b0fc0SDavid Woodhouse #include "hw/xen/interface/grant_table.h"
35a28b0fc0SDavid Woodhouse
36a28b0fc0SDavid Woodhouse #define TYPE_XEN_GNTTAB "xen-gnttab"
37a28b0fc0SDavid Woodhouse OBJECT_DECLARE_SIMPLE_TYPE(XenGnttabState, XEN_GNTTAB)
38a28b0fc0SDavid Woodhouse
39e33cb789SDavid Woodhouse #define ENTRIES_PER_FRAME_V1 (XEN_PAGE_SIZE / sizeof(grant_entry_v1_t))
40e33cb789SDavid Woodhouse
41b08d88e3SDavid Woodhouse static struct gnttab_backend_ops emu_gnttab_backend_ops;
42b08d88e3SDavid Woodhouse
43a28b0fc0SDavid Woodhouse struct XenGnttabState {
44a28b0fc0SDavid Woodhouse /*< private >*/
45a28b0fc0SDavid Woodhouse SysBusDevice busdev;
46a28b0fc0SDavid Woodhouse /*< public >*/
47a28b0fc0SDavid Woodhouse
48e33cb789SDavid Woodhouse QemuMutex gnt_lock;
49e33cb789SDavid Woodhouse
50a28b0fc0SDavid Woodhouse uint32_t nr_frames;
51a28b0fc0SDavid Woodhouse uint32_t max_frames;
52e33cb789SDavid Woodhouse
53e33cb789SDavid Woodhouse union {
54e33cb789SDavid Woodhouse grant_entry_v1_t *v1;
55e33cb789SDavid Woodhouse /* Theoretically, v2 support could be added here. */
56e33cb789SDavid Woodhouse } entries;
57e33cb789SDavid Woodhouse
58e33cb789SDavid Woodhouse MemoryRegion gnt_frames;
59e33cb789SDavid Woodhouse MemoryRegion *gnt_aliases;
60e33cb789SDavid Woodhouse uint64_t *gnt_frame_gpas;
61b08d88e3SDavid Woodhouse
62b08d88e3SDavid Woodhouse uint8_t *map_track;
63a28b0fc0SDavid Woodhouse };
64a28b0fc0SDavid Woodhouse
65a28b0fc0SDavid Woodhouse struct XenGnttabState *xen_gnttab_singleton;
66a28b0fc0SDavid Woodhouse
xen_gnttab_realize(DeviceState * dev,Error ** errp)67a28b0fc0SDavid Woodhouse static void xen_gnttab_realize(DeviceState *dev, Error **errp)
68a28b0fc0SDavid Woodhouse {
69a28b0fc0SDavid Woodhouse XenGnttabState *s = XEN_GNTTAB(dev);
70e33cb789SDavid Woodhouse int i;
71a28b0fc0SDavid Woodhouse
72a28b0fc0SDavid Woodhouse if (xen_mode != XEN_EMULATE) {
73a28b0fc0SDavid Woodhouse error_setg(errp, "Xen grant table support is for Xen emulation");
74a28b0fc0SDavid Woodhouse return;
75a28b0fc0SDavid Woodhouse }
76a28b0fc0SDavid Woodhouse s->max_frames = kvm_xen_get_gnttab_max_frames();
77e33cb789SDavid Woodhouse memory_region_init_ram(&s->gnt_frames, OBJECT(dev), "xen:grant_table",
78e33cb789SDavid Woodhouse XEN_PAGE_SIZE * s->max_frames, &error_abort);
79e33cb789SDavid Woodhouse memory_region_set_enabled(&s->gnt_frames, true);
80e33cb789SDavid Woodhouse s->entries.v1 = memory_region_get_ram_ptr(&s->gnt_frames);
81e33cb789SDavid Woodhouse
82e33cb789SDavid Woodhouse /* Create individual page-sizes aliases for overlays */
83e33cb789SDavid Woodhouse s->gnt_aliases = (void *)g_new0(MemoryRegion, s->max_frames);
84e33cb789SDavid Woodhouse s->gnt_frame_gpas = (void *)g_new(uint64_t, s->max_frames);
85e33cb789SDavid Woodhouse for (i = 0; i < s->max_frames; i++) {
86e33cb789SDavid Woodhouse memory_region_init_alias(&s->gnt_aliases[i], OBJECT(dev),
87e33cb789SDavid Woodhouse NULL, &s->gnt_frames,
88e33cb789SDavid Woodhouse i * XEN_PAGE_SIZE, XEN_PAGE_SIZE);
89e33cb789SDavid Woodhouse s->gnt_frame_gpas[i] = INVALID_GPA;
90e33cb789SDavid Woodhouse }
91e33cb789SDavid Woodhouse
92de26b261SDavid Woodhouse s->nr_frames = 0;
93de26b261SDavid Woodhouse memset(s->entries.v1, 0, XEN_PAGE_SIZE * s->max_frames);
94b08d88e3SDavid Woodhouse s->entries.v1[GNTTAB_RESERVED_XENSTORE].flags = GTF_permit_access;
95b08d88e3SDavid Woodhouse s->entries.v1[GNTTAB_RESERVED_XENSTORE].frame = XEN_SPECIAL_PFN(XENSTORE);
96de26b261SDavid Woodhouse
97e33cb789SDavid Woodhouse qemu_mutex_init(&s->gnt_lock);
98e33cb789SDavid Woodhouse
99e33cb789SDavid Woodhouse xen_gnttab_singleton = s;
100b08d88e3SDavid Woodhouse
101b08d88e3SDavid Woodhouse s->map_track = g_new0(uint8_t, s->max_frames * ENTRIES_PER_FRAME_V1);
102b08d88e3SDavid Woodhouse
103b08d88e3SDavid Woodhouse xen_gnttab_ops = &emu_gnttab_backend_ops;
104e33cb789SDavid Woodhouse }
105e33cb789SDavid Woodhouse
xen_gnttab_post_load(void * opaque,int version_id)106e33cb789SDavid Woodhouse static int xen_gnttab_post_load(void *opaque, int version_id)
107e33cb789SDavid Woodhouse {
108e33cb789SDavid Woodhouse XenGnttabState *s = XEN_GNTTAB(opaque);
109e33cb789SDavid Woodhouse uint32_t i;
110e33cb789SDavid Woodhouse
111e33cb789SDavid Woodhouse for (i = 0; i < s->nr_frames; i++) {
112e33cb789SDavid Woodhouse if (s->gnt_frame_gpas[i] != INVALID_GPA) {
113e33cb789SDavid Woodhouse xen_overlay_do_map_page(&s->gnt_aliases[i], s->gnt_frame_gpas[i]);
114e33cb789SDavid Woodhouse }
115e33cb789SDavid Woodhouse }
116e33cb789SDavid Woodhouse return 0;
117a28b0fc0SDavid Woodhouse }
118a28b0fc0SDavid Woodhouse
xen_gnttab_is_needed(void * opaque)119a28b0fc0SDavid Woodhouse static bool xen_gnttab_is_needed(void *opaque)
120a28b0fc0SDavid Woodhouse {
121a28b0fc0SDavid Woodhouse return xen_mode == XEN_EMULATE;
122a28b0fc0SDavid Woodhouse }
123a28b0fc0SDavid Woodhouse
124a28b0fc0SDavid Woodhouse static const VMStateDescription xen_gnttab_vmstate = {
125a28b0fc0SDavid Woodhouse .name = "xen_gnttab",
126a28b0fc0SDavid Woodhouse .version_id = 1,
127a28b0fc0SDavid Woodhouse .minimum_version_id = 1,
128a28b0fc0SDavid Woodhouse .needed = xen_gnttab_is_needed,
129e33cb789SDavid Woodhouse .post_load = xen_gnttab_post_load,
1309231a017SRichard Henderson .fields = (const VMStateField[]) {
131a28b0fc0SDavid Woodhouse VMSTATE_UINT32(nr_frames, XenGnttabState),
132e33cb789SDavid Woodhouse VMSTATE_VARRAY_UINT32(gnt_frame_gpas, XenGnttabState, nr_frames, 0,
133e33cb789SDavid Woodhouse vmstate_info_uint64, uint64_t),
134a28b0fc0SDavid Woodhouse VMSTATE_END_OF_LIST()
135a28b0fc0SDavid Woodhouse }
136a28b0fc0SDavid Woodhouse };
137a28b0fc0SDavid Woodhouse
xen_gnttab_class_init(ObjectClass * klass,void * data)138a28b0fc0SDavid Woodhouse static void xen_gnttab_class_init(ObjectClass *klass, void *data)
139a28b0fc0SDavid Woodhouse {
140a28b0fc0SDavid Woodhouse DeviceClass *dc = DEVICE_CLASS(klass);
141a28b0fc0SDavid Woodhouse
142a28b0fc0SDavid Woodhouse dc->realize = xen_gnttab_realize;
143a28b0fc0SDavid Woodhouse dc->vmsd = &xen_gnttab_vmstate;
144a28b0fc0SDavid Woodhouse }
145a28b0fc0SDavid Woodhouse
146a28b0fc0SDavid Woodhouse static const TypeInfo xen_gnttab_info = {
147a28b0fc0SDavid Woodhouse .name = TYPE_XEN_GNTTAB,
148a28b0fc0SDavid Woodhouse .parent = TYPE_SYS_BUS_DEVICE,
149a28b0fc0SDavid Woodhouse .instance_size = sizeof(XenGnttabState),
150a28b0fc0SDavid Woodhouse .class_init = xen_gnttab_class_init,
151a28b0fc0SDavid Woodhouse };
152a28b0fc0SDavid Woodhouse
xen_gnttab_create(void)153a28b0fc0SDavid Woodhouse void xen_gnttab_create(void)
154a28b0fc0SDavid Woodhouse {
155a28b0fc0SDavid Woodhouse xen_gnttab_singleton = XEN_GNTTAB(sysbus_create_simple(TYPE_XEN_GNTTAB,
156a28b0fc0SDavid Woodhouse -1, NULL));
157a28b0fc0SDavid Woodhouse }
158a28b0fc0SDavid Woodhouse
xen_gnttab_register_types(void)159a28b0fc0SDavid Woodhouse static void xen_gnttab_register_types(void)
160a28b0fc0SDavid Woodhouse {
161a28b0fc0SDavid Woodhouse type_register_static(&xen_gnttab_info);
162a28b0fc0SDavid Woodhouse }
163a28b0fc0SDavid Woodhouse
type_init(xen_gnttab_register_types)164a28b0fc0SDavid Woodhouse type_init(xen_gnttab_register_types)
165a28b0fc0SDavid Woodhouse
166a28b0fc0SDavid Woodhouse int xen_gnttab_map_page(uint64_t idx, uint64_t gfn)
167a28b0fc0SDavid Woodhouse {
168e33cb789SDavid Woodhouse XenGnttabState *s = xen_gnttab_singleton;
169e33cb789SDavid Woodhouse uint64_t gpa = gfn << XEN_PAGE_SHIFT;
170e33cb789SDavid Woodhouse
171e33cb789SDavid Woodhouse if (!s) {
172e33cb789SDavid Woodhouse return -ENOTSUP;
173e33cb789SDavid Woodhouse }
174e33cb789SDavid Woodhouse
175e33cb789SDavid Woodhouse if (idx >= s->max_frames) {
176e33cb789SDavid Woodhouse return -EINVAL;
177e33cb789SDavid Woodhouse }
178e33cb789SDavid Woodhouse
179*32ead8e6SStefan Hajnoczi BQL_LOCK_GUARD();
180e33cb789SDavid Woodhouse QEMU_LOCK_GUARD(&s->gnt_lock);
181e33cb789SDavid Woodhouse
182e33cb789SDavid Woodhouse xen_overlay_do_map_page(&s->gnt_aliases[idx], gpa);
183e33cb789SDavid Woodhouse
184e33cb789SDavid Woodhouse s->gnt_frame_gpas[idx] = gpa;
185e33cb789SDavid Woodhouse
186e33cb789SDavid Woodhouse if (s->nr_frames <= idx) {
187e33cb789SDavid Woodhouse s->nr_frames = idx + 1;
188e33cb789SDavid Woodhouse }
189e33cb789SDavid Woodhouse
190e33cb789SDavid Woodhouse return 0;
191a28b0fc0SDavid Woodhouse }
192a28b0fc0SDavid Woodhouse
xen_gnttab_set_version_op(struct gnttab_set_version * set)19328b7ae94SDavid Woodhouse int xen_gnttab_set_version_op(struct gnttab_set_version *set)
19428b7ae94SDavid Woodhouse {
19528b7ae94SDavid Woodhouse int ret;
19628b7ae94SDavid Woodhouse
19728b7ae94SDavid Woodhouse switch (set->version) {
19828b7ae94SDavid Woodhouse case 1:
19928b7ae94SDavid Woodhouse ret = 0;
20028b7ae94SDavid Woodhouse break;
20128b7ae94SDavid Woodhouse
20228b7ae94SDavid Woodhouse case 2:
20328b7ae94SDavid Woodhouse /* Behave as before set_version was introduced. */
20428b7ae94SDavid Woodhouse ret = -ENOSYS;
20528b7ae94SDavid Woodhouse break;
20628b7ae94SDavid Woodhouse
20728b7ae94SDavid Woodhouse default:
20828b7ae94SDavid Woodhouse ret = -EINVAL;
20928b7ae94SDavid Woodhouse }
21028b7ae94SDavid Woodhouse
21128b7ae94SDavid Woodhouse set->version = 1;
21228b7ae94SDavid Woodhouse return ret;
21328b7ae94SDavid Woodhouse }
21428b7ae94SDavid Woodhouse
xen_gnttab_get_version_op(struct gnttab_get_version * get)21528b7ae94SDavid Woodhouse int xen_gnttab_get_version_op(struct gnttab_get_version *get)
21628b7ae94SDavid Woodhouse {
21728b7ae94SDavid Woodhouse if (get->dom != DOMID_SELF && get->dom != xen_domid) {
21828b7ae94SDavid Woodhouse return -ESRCH;
21928b7ae94SDavid Woodhouse }
22028b7ae94SDavid Woodhouse
22128b7ae94SDavid Woodhouse get->version = 1;
22228b7ae94SDavid Woodhouse return 0;
22328b7ae94SDavid Woodhouse }
224b46f9745SDavid Woodhouse
xen_gnttab_query_size_op(struct gnttab_query_size * size)225b46f9745SDavid Woodhouse int xen_gnttab_query_size_op(struct gnttab_query_size *size)
226b46f9745SDavid Woodhouse {
227b46f9745SDavid Woodhouse XenGnttabState *s = xen_gnttab_singleton;
228b46f9745SDavid Woodhouse
229b46f9745SDavid Woodhouse if (!s) {
230b46f9745SDavid Woodhouse return -ENOTSUP;
231b46f9745SDavid Woodhouse }
232b46f9745SDavid Woodhouse
233b46f9745SDavid Woodhouse if (size->dom != DOMID_SELF && size->dom != xen_domid) {
234b46f9745SDavid Woodhouse size->status = GNTST_bad_domain;
235b46f9745SDavid Woodhouse return 0;
236b46f9745SDavid Woodhouse }
237b46f9745SDavid Woodhouse
238b46f9745SDavid Woodhouse size->status = GNTST_okay;
239b46f9745SDavid Woodhouse size->nr_frames = s->nr_frames;
240b46f9745SDavid Woodhouse size->max_nr_frames = s->max_frames;
241b46f9745SDavid Woodhouse return 0;
242b46f9745SDavid Woodhouse }
243b08d88e3SDavid Woodhouse
244b08d88e3SDavid Woodhouse /* Track per-open refs, to allow close() to clean up. */
245b08d88e3SDavid Woodhouse struct active_ref {
246b08d88e3SDavid Woodhouse MemoryRegionSection mrs;
247b08d88e3SDavid Woodhouse void *virtaddr;
248b08d88e3SDavid Woodhouse uint32_t refcnt;
249b08d88e3SDavid Woodhouse int prot;
250b08d88e3SDavid Woodhouse };
251b08d88e3SDavid Woodhouse
gnt_unref(XenGnttabState * s,grant_ref_t ref,MemoryRegionSection * mrs,int prot)252b08d88e3SDavid Woodhouse static void gnt_unref(XenGnttabState *s, grant_ref_t ref,
253b08d88e3SDavid Woodhouse MemoryRegionSection *mrs, int prot)
254b08d88e3SDavid Woodhouse {
255b08d88e3SDavid Woodhouse if (mrs && mrs->mr) {
256b08d88e3SDavid Woodhouse if (prot & PROT_WRITE) {
257b08d88e3SDavid Woodhouse memory_region_set_dirty(mrs->mr, mrs->offset_within_region,
258b08d88e3SDavid Woodhouse XEN_PAGE_SIZE);
259b08d88e3SDavid Woodhouse }
260b08d88e3SDavid Woodhouse memory_region_unref(mrs->mr);
261b08d88e3SDavid Woodhouse mrs->mr = NULL;
262b08d88e3SDavid Woodhouse }
263b08d88e3SDavid Woodhouse assert(s->map_track[ref] != 0);
264b08d88e3SDavid Woodhouse
265b08d88e3SDavid Woodhouse if (--s->map_track[ref] == 0) {
266b08d88e3SDavid Woodhouse grant_entry_v1_t *gnt_p = &s->entries.v1[ref];
267b08d88e3SDavid Woodhouse qatomic_and(&gnt_p->flags, (uint16_t)~(GTF_reading | GTF_writing));
268b08d88e3SDavid Woodhouse }
269b08d88e3SDavid Woodhouse }
270b08d88e3SDavid Woodhouse
gnt_ref(XenGnttabState * s,grant_ref_t ref,int prot)271b08d88e3SDavid Woodhouse static uint64_t gnt_ref(XenGnttabState *s, grant_ref_t ref, int prot)
272b08d88e3SDavid Woodhouse {
273b08d88e3SDavid Woodhouse uint16_t mask = GTF_type_mask | GTF_sub_page;
274b08d88e3SDavid Woodhouse grant_entry_v1_t gnt, *gnt_p;
275b08d88e3SDavid Woodhouse int retries = 0;
276b08d88e3SDavid Woodhouse
277b08d88e3SDavid Woodhouse if (ref >= s->max_frames * ENTRIES_PER_FRAME_V1 ||
278b08d88e3SDavid Woodhouse s->map_track[ref] == UINT8_MAX) {
279b08d88e3SDavid Woodhouse return INVALID_GPA;
280b08d88e3SDavid Woodhouse }
281b08d88e3SDavid Woodhouse
282b08d88e3SDavid Woodhouse if (prot & PROT_WRITE) {
283b08d88e3SDavid Woodhouse mask |= GTF_readonly;
284b08d88e3SDavid Woodhouse }
285b08d88e3SDavid Woodhouse
286b08d88e3SDavid Woodhouse gnt_p = &s->entries.v1[ref];
287b08d88e3SDavid Woodhouse
288b08d88e3SDavid Woodhouse /*
289b08d88e3SDavid Woodhouse * The guest can legitimately be changing the GTF_readonly flag. Allow
290b08d88e3SDavid Woodhouse * that, but don't let a malicious guest cause a livelock.
291b08d88e3SDavid Woodhouse */
292b08d88e3SDavid Woodhouse for (retries = 0; retries < 5; retries++) {
293b08d88e3SDavid Woodhouse uint16_t new_flags;
294b08d88e3SDavid Woodhouse
295b08d88e3SDavid Woodhouse /* Read the entry before an atomic operation on its flags */
296b08d88e3SDavid Woodhouse gnt = *(volatile grant_entry_v1_t *)gnt_p;
297b08d88e3SDavid Woodhouse
298b08d88e3SDavid Woodhouse if ((gnt.flags & mask) != GTF_permit_access ||
299b08d88e3SDavid Woodhouse gnt.domid != DOMID_QEMU) {
300b08d88e3SDavid Woodhouse return INVALID_GPA;
301b08d88e3SDavid Woodhouse }
302b08d88e3SDavid Woodhouse
303b08d88e3SDavid Woodhouse new_flags = gnt.flags | GTF_reading;
304b08d88e3SDavid Woodhouse if (prot & PROT_WRITE) {
305b08d88e3SDavid Woodhouse new_flags |= GTF_writing;
306b08d88e3SDavid Woodhouse }
307b08d88e3SDavid Woodhouse
308b08d88e3SDavid Woodhouse if (qatomic_cmpxchg(&gnt_p->flags, gnt.flags, new_flags) == gnt.flags) {
309b08d88e3SDavid Woodhouse return (uint64_t)gnt.frame << XEN_PAGE_SHIFT;
310b08d88e3SDavid Woodhouse }
311b08d88e3SDavid Woodhouse }
312b08d88e3SDavid Woodhouse
313b08d88e3SDavid Woodhouse return INVALID_GPA;
314b08d88e3SDavid Woodhouse }
315b08d88e3SDavid Woodhouse
316b08d88e3SDavid Woodhouse struct xengntdev_handle {
317b08d88e3SDavid Woodhouse GHashTable *active_maps;
318b08d88e3SDavid Woodhouse };
319b08d88e3SDavid Woodhouse
xen_be_gnttab_set_max_grants(struct xengntdev_handle * xgt,uint32_t nr_grants)320b08d88e3SDavid Woodhouse static int xen_be_gnttab_set_max_grants(struct xengntdev_handle *xgt,
321b08d88e3SDavid Woodhouse uint32_t nr_grants)
322b08d88e3SDavid Woodhouse {
323b08d88e3SDavid Woodhouse return 0;
324b08d88e3SDavid Woodhouse }
325b08d88e3SDavid Woodhouse
xen_be_gnttab_map_refs(struct xengntdev_handle * xgt,uint32_t count,uint32_t domid,uint32_t * refs,int prot)326b08d88e3SDavid Woodhouse static void *xen_be_gnttab_map_refs(struct xengntdev_handle *xgt,
327b08d88e3SDavid Woodhouse uint32_t count, uint32_t domid,
328b08d88e3SDavid Woodhouse uint32_t *refs, int prot)
329b08d88e3SDavid Woodhouse {
330b08d88e3SDavid Woodhouse XenGnttabState *s = xen_gnttab_singleton;
331b08d88e3SDavid Woodhouse struct active_ref *act;
332b08d88e3SDavid Woodhouse
333b08d88e3SDavid Woodhouse if (!s) {
334b08d88e3SDavid Woodhouse errno = ENOTSUP;
335b08d88e3SDavid Woodhouse return NULL;
336b08d88e3SDavid Woodhouse }
337b08d88e3SDavid Woodhouse
338b08d88e3SDavid Woodhouse if (domid != xen_domid) {
339b08d88e3SDavid Woodhouse errno = EINVAL;
340b08d88e3SDavid Woodhouse return NULL;
341b08d88e3SDavid Woodhouse }
342b08d88e3SDavid Woodhouse
343b08d88e3SDavid Woodhouse if (!count || count > 4096) {
344b08d88e3SDavid Woodhouse errno = EINVAL;
345b08d88e3SDavid Woodhouse return NULL;
346b08d88e3SDavid Woodhouse }
347b08d88e3SDavid Woodhouse
348b08d88e3SDavid Woodhouse /*
349b08d88e3SDavid Woodhouse * Making a contiguous mapping from potentially discontiguous grant
350b08d88e3SDavid Woodhouse * references would be... distinctly non-trivial. We don't support it.
351b08d88e3SDavid Woodhouse * Even changing the API to return an array of pointers, one per page,
352b08d88e3SDavid Woodhouse * wouldn't be simple to use in PV backends because some structures
353b08d88e3SDavid Woodhouse * actually cross page boundaries (e.g. 32-bit blkif_response ring
354b08d88e3SDavid Woodhouse * entries are 12 bytes).
355b08d88e3SDavid Woodhouse */
356b08d88e3SDavid Woodhouse if (count != 1) {
357b08d88e3SDavid Woodhouse errno = EINVAL;
358b08d88e3SDavid Woodhouse return NULL;
359b08d88e3SDavid Woodhouse }
360b08d88e3SDavid Woodhouse
361b08d88e3SDavid Woodhouse QEMU_LOCK_GUARD(&s->gnt_lock);
362b08d88e3SDavid Woodhouse
363b08d88e3SDavid Woodhouse act = g_hash_table_lookup(xgt->active_maps, GINT_TO_POINTER(refs[0]));
364b08d88e3SDavid Woodhouse if (act) {
365b08d88e3SDavid Woodhouse if ((prot & PROT_WRITE) && !(act->prot & PROT_WRITE)) {
366b08d88e3SDavid Woodhouse if (gnt_ref(s, refs[0], prot) == INVALID_GPA) {
367b08d88e3SDavid Woodhouse return NULL;
368b08d88e3SDavid Woodhouse }
369b08d88e3SDavid Woodhouse act->prot |= PROT_WRITE;
370b08d88e3SDavid Woodhouse }
371b08d88e3SDavid Woodhouse act->refcnt++;
372b08d88e3SDavid Woodhouse } else {
373b08d88e3SDavid Woodhouse uint64_t gpa = gnt_ref(s, refs[0], prot);
374b08d88e3SDavid Woodhouse if (gpa == INVALID_GPA) {
375b08d88e3SDavid Woodhouse errno = EINVAL;
376b08d88e3SDavid Woodhouse return NULL;
377b08d88e3SDavid Woodhouse }
378b08d88e3SDavid Woodhouse
379b08d88e3SDavid Woodhouse act = g_new0(struct active_ref, 1);
380b08d88e3SDavid Woodhouse act->prot = prot;
381b08d88e3SDavid Woodhouse act->refcnt = 1;
382b08d88e3SDavid Woodhouse act->mrs = memory_region_find(get_system_memory(), gpa, XEN_PAGE_SIZE);
383b08d88e3SDavid Woodhouse
384b08d88e3SDavid Woodhouse if (act->mrs.mr &&
385b08d88e3SDavid Woodhouse !int128_lt(act->mrs.size, int128_make64(XEN_PAGE_SIZE)) &&
386b08d88e3SDavid Woodhouse memory_region_get_ram_addr(act->mrs.mr) != RAM_ADDR_INVALID) {
387b08d88e3SDavid Woodhouse act->virtaddr = qemu_map_ram_ptr(act->mrs.mr->ram_block,
388b08d88e3SDavid Woodhouse act->mrs.offset_within_region);
389b08d88e3SDavid Woodhouse }
390b08d88e3SDavid Woodhouse if (!act->virtaddr) {
391b08d88e3SDavid Woodhouse gnt_unref(s, refs[0], &act->mrs, 0);
392b08d88e3SDavid Woodhouse g_free(act);
393b08d88e3SDavid Woodhouse errno = EINVAL;
394b08d88e3SDavid Woodhouse return NULL;
395b08d88e3SDavid Woodhouse }
396b08d88e3SDavid Woodhouse
397b08d88e3SDavid Woodhouse s->map_track[refs[0]]++;
398b08d88e3SDavid Woodhouse g_hash_table_insert(xgt->active_maps, GINT_TO_POINTER(refs[0]), act);
399b08d88e3SDavid Woodhouse }
400b08d88e3SDavid Woodhouse
401b08d88e3SDavid Woodhouse return act->virtaddr;
402b08d88e3SDavid Woodhouse }
403b08d88e3SDavid Woodhouse
do_unmap(gpointer key,gpointer value,gpointer user_data)404b08d88e3SDavid Woodhouse static gboolean do_unmap(gpointer key, gpointer value, gpointer user_data)
405b08d88e3SDavid Woodhouse {
406b08d88e3SDavid Woodhouse XenGnttabState *s = user_data;
407b08d88e3SDavid Woodhouse grant_ref_t gref = GPOINTER_TO_INT(key);
408b08d88e3SDavid Woodhouse struct active_ref *act = value;
409b08d88e3SDavid Woodhouse
410b08d88e3SDavid Woodhouse gnt_unref(s, gref, &act->mrs, act->prot);
411b08d88e3SDavid Woodhouse g_free(act);
412b08d88e3SDavid Woodhouse return true;
413b08d88e3SDavid Woodhouse }
414b08d88e3SDavid Woodhouse
xen_be_gnttab_unmap(struct xengntdev_handle * xgt,void * start_address,uint32_t * refs,uint32_t count)415b08d88e3SDavid Woodhouse static int xen_be_gnttab_unmap(struct xengntdev_handle *xgt,
416b08d88e3SDavid Woodhouse void *start_address, uint32_t *refs,
417b08d88e3SDavid Woodhouse uint32_t count)
418b08d88e3SDavid Woodhouse {
419b08d88e3SDavid Woodhouse XenGnttabState *s = xen_gnttab_singleton;
420b08d88e3SDavid Woodhouse struct active_ref *act;
421b08d88e3SDavid Woodhouse
422b08d88e3SDavid Woodhouse if (!s) {
423b08d88e3SDavid Woodhouse return -ENOTSUP;
424b08d88e3SDavid Woodhouse }
425b08d88e3SDavid Woodhouse
426b08d88e3SDavid Woodhouse if (count != 1) {
427b08d88e3SDavid Woodhouse return -EINVAL;
428b08d88e3SDavid Woodhouse }
429b08d88e3SDavid Woodhouse
430b08d88e3SDavid Woodhouse QEMU_LOCK_GUARD(&s->gnt_lock);
431b08d88e3SDavid Woodhouse
432b08d88e3SDavid Woodhouse act = g_hash_table_lookup(xgt->active_maps, GINT_TO_POINTER(refs[0]));
433b08d88e3SDavid Woodhouse if (!act) {
434b08d88e3SDavid Woodhouse return -ENOENT;
435b08d88e3SDavid Woodhouse }
436b08d88e3SDavid Woodhouse
437b08d88e3SDavid Woodhouse if (act->virtaddr != start_address) {
438b08d88e3SDavid Woodhouse return -EINVAL;
439b08d88e3SDavid Woodhouse }
440b08d88e3SDavid Woodhouse
441b08d88e3SDavid Woodhouse if (!--act->refcnt) {
442b08d88e3SDavid Woodhouse do_unmap(GINT_TO_POINTER(refs[0]), act, s);
443b08d88e3SDavid Woodhouse g_hash_table_remove(xgt->active_maps, GINT_TO_POINTER(refs[0]));
444b08d88e3SDavid Woodhouse }
445b08d88e3SDavid Woodhouse
446b08d88e3SDavid Woodhouse return 0;
447b08d88e3SDavid Woodhouse }
448b08d88e3SDavid Woodhouse
449b08d88e3SDavid Woodhouse /*
450b08d88e3SDavid Woodhouse * This looks a bit like the one for true Xen in xen-operations.c but
451b08d88e3SDavid Woodhouse * in emulation we don't support multi-page mappings. And under Xen we
452b08d88e3SDavid Woodhouse * *want* the multi-page mappings so we have fewer bounces through the
453b08d88e3SDavid Woodhouse * kernel and the hypervisor. So the code paths end up being similar,
454b08d88e3SDavid Woodhouse * but different.
455b08d88e3SDavid Woodhouse */
xen_be_gnttab_copy(struct xengntdev_handle * xgt,bool to_domain,uint32_t domid,XenGrantCopySegment * segs,uint32_t nr_segs,Error ** errp)456b08d88e3SDavid Woodhouse static int xen_be_gnttab_copy(struct xengntdev_handle *xgt, bool to_domain,
457b08d88e3SDavid Woodhouse uint32_t domid, XenGrantCopySegment *segs,
458b08d88e3SDavid Woodhouse uint32_t nr_segs, Error **errp)
459b08d88e3SDavid Woodhouse {
460b08d88e3SDavid Woodhouse int prot = to_domain ? PROT_WRITE : PROT_READ;
461b08d88e3SDavid Woodhouse unsigned int i;
462b08d88e3SDavid Woodhouse
463b08d88e3SDavid Woodhouse for (i = 0; i < nr_segs; i++) {
464b08d88e3SDavid Woodhouse XenGrantCopySegment *seg = &segs[i];
465b08d88e3SDavid Woodhouse void *page;
466b08d88e3SDavid Woodhouse uint32_t ref = to_domain ? seg->dest.foreign.ref :
467b08d88e3SDavid Woodhouse seg->source.foreign.ref;
468b08d88e3SDavid Woodhouse
469b08d88e3SDavid Woodhouse page = xen_be_gnttab_map_refs(xgt, 1, domid, &ref, prot);
470b08d88e3SDavid Woodhouse if (!page) {
471b08d88e3SDavid Woodhouse if (errp) {
472b08d88e3SDavid Woodhouse error_setg_errno(errp, errno,
473b08d88e3SDavid Woodhouse "xen_be_gnttab_map_refs failed");
474b08d88e3SDavid Woodhouse }
475b08d88e3SDavid Woodhouse return -errno;
476b08d88e3SDavid Woodhouse }
477b08d88e3SDavid Woodhouse
478b08d88e3SDavid Woodhouse if (to_domain) {
479b08d88e3SDavid Woodhouse memcpy(page + seg->dest.foreign.offset, seg->source.virt,
480b08d88e3SDavid Woodhouse seg->len);
481b08d88e3SDavid Woodhouse } else {
482b08d88e3SDavid Woodhouse memcpy(seg->dest.virt, page + seg->source.foreign.offset,
483b08d88e3SDavid Woodhouse seg->len);
484b08d88e3SDavid Woodhouse }
485b08d88e3SDavid Woodhouse
486b08d88e3SDavid Woodhouse if (xen_be_gnttab_unmap(xgt, page, &ref, 1)) {
487b08d88e3SDavid Woodhouse if (errp) {
488b08d88e3SDavid Woodhouse error_setg_errno(errp, errno, "xen_be_gnttab_unmap failed");
489b08d88e3SDavid Woodhouse }
490b08d88e3SDavid Woodhouse return -errno;
491b08d88e3SDavid Woodhouse }
492b08d88e3SDavid Woodhouse }
493b08d88e3SDavid Woodhouse
494b08d88e3SDavid Woodhouse return 0;
495b08d88e3SDavid Woodhouse }
496b08d88e3SDavid Woodhouse
xen_be_gnttab_open(void)497b08d88e3SDavid Woodhouse static struct xengntdev_handle *xen_be_gnttab_open(void)
498b08d88e3SDavid Woodhouse {
499b08d88e3SDavid Woodhouse struct xengntdev_handle *xgt = g_new0(struct xengntdev_handle, 1);
500b08d88e3SDavid Woodhouse
501b08d88e3SDavid Woodhouse xgt->active_maps = g_hash_table_new(g_direct_hash, g_direct_equal);
502b08d88e3SDavid Woodhouse return xgt;
503b08d88e3SDavid Woodhouse }
504b08d88e3SDavid Woodhouse
xen_be_gnttab_close(struct xengntdev_handle * xgt)505b08d88e3SDavid Woodhouse static int xen_be_gnttab_close(struct xengntdev_handle *xgt)
506b08d88e3SDavid Woodhouse {
507b08d88e3SDavid Woodhouse XenGnttabState *s = xen_gnttab_singleton;
508b08d88e3SDavid Woodhouse
509b08d88e3SDavid Woodhouse if (!s) {
510b08d88e3SDavid Woodhouse return -ENOTSUP;
511b08d88e3SDavid Woodhouse }
512b08d88e3SDavid Woodhouse
513b08d88e3SDavid Woodhouse g_hash_table_foreach_remove(xgt->active_maps, do_unmap, s);
514b08d88e3SDavid Woodhouse g_hash_table_destroy(xgt->active_maps);
515b08d88e3SDavid Woodhouse g_free(xgt);
516b08d88e3SDavid Woodhouse return 0;
517b08d88e3SDavid Woodhouse }
518b08d88e3SDavid Woodhouse
519b08d88e3SDavid Woodhouse static struct gnttab_backend_ops emu_gnttab_backend_ops = {
520b08d88e3SDavid Woodhouse .open = xen_be_gnttab_open,
521b08d88e3SDavid Woodhouse .close = xen_be_gnttab_close,
522b08d88e3SDavid Woodhouse .grant_copy = xen_be_gnttab_copy,
523b08d88e3SDavid Woodhouse .set_max_grants = xen_be_gnttab_set_max_grants,
524b08d88e3SDavid Woodhouse .map_refs = xen_be_gnttab_map_refs,
525b08d88e3SDavid Woodhouse .unmap = xen_be_gnttab_unmap,
526b08d88e3SDavid Woodhouse };
527b08d88e3SDavid Woodhouse
xen_gnttab_reset(void)528de26b261SDavid Woodhouse int xen_gnttab_reset(void)
529de26b261SDavid Woodhouse {
530de26b261SDavid Woodhouse XenGnttabState *s = xen_gnttab_singleton;
531de26b261SDavid Woodhouse
532de26b261SDavid Woodhouse if (!s) {
533de26b261SDavid Woodhouse return -ENOTSUP;
534de26b261SDavid Woodhouse }
535de26b261SDavid Woodhouse
536de26b261SDavid Woodhouse QEMU_LOCK_GUARD(&s->gnt_lock);
537de26b261SDavid Woodhouse
538de26b261SDavid Woodhouse s->nr_frames = 0;
539de26b261SDavid Woodhouse
540de26b261SDavid Woodhouse memset(s->entries.v1, 0, XEN_PAGE_SIZE * s->max_frames);
541de26b261SDavid Woodhouse s->entries.v1[GNTTAB_RESERVED_XENSTORE].flags = GTF_permit_access;
542de26b261SDavid Woodhouse s->entries.v1[GNTTAB_RESERVED_XENSTORE].frame = XEN_SPECIAL_PFN(XENSTORE);
543de26b261SDavid Woodhouse
544a72ccc7fSDavid Woodhouse if (xen_primary_console_get_pfn()) {
545a72ccc7fSDavid Woodhouse s->entries.v1[GNTTAB_RESERVED_CONSOLE].flags = GTF_permit_access;
546a72ccc7fSDavid Woodhouse s->entries.v1[GNTTAB_RESERVED_CONSOLE].frame = XEN_SPECIAL_PFN(CONSOLE);
547a72ccc7fSDavid Woodhouse }
548a72ccc7fSDavid Woodhouse
549de26b261SDavid Woodhouse return 0;
550de26b261SDavid Woodhouse }
551