1 /* 2 * Back-end of the driver for virtual network devices. This portion of the 3 * driver exports a 'unified' network-device interface that can be accessed 4 * by any operating system that implements a compatible front end. A 5 * reference front-end implementation can be found in: 6 * drivers/net/xen-netfront.c 7 * 8 * Copyright (c) 2002-2005, K A Fraser 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation; or, when distributed 13 * separately from the Linux kernel or incorporated into other 14 * software packages, subject to the following license: 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a copy 17 * of this source file (the "Software"), to deal in the Software without 18 * restriction, including without limitation the rights to use, copy, modify, 19 * merge, publish, distribute, sublicense, and/or sell copies of the Software, 20 * and to permit persons to whom the Software is furnished to do so, subject to 21 * the following conditions: 22 * 23 * The above copyright notice and this permission notice shall be included in 24 * all copies or substantial portions of the Software. 25 * 26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 31 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 32 * IN THE SOFTWARE. 33 */ 34 35 #include "common.h" 36 37 #include <linux/kthread.h> 38 #include <linux/if_vlan.h> 39 #include <linux/udp.h> 40 #include <linux/highmem.h> 41 42 #include <net/tcp.h> 43 44 #include <xen/xen.h> 45 #include <xen/events.h> 46 #include <xen/interface/memory.h> 47 #include <xen/page.h> 48 49 #include <asm/xen/hypercall.h> 50 51 /* Provide an option to disable split event channels at load time as 52 * event channels are limited resource. Split event channels are 53 * enabled by default. 54 */ 55 bool separate_tx_rx_irq = true; 56 module_param(separate_tx_rx_irq, bool, 0644); 57 58 /* The time that packets can stay on the guest Rx internal queue 59 * before they are dropped. 60 */ 61 unsigned int rx_drain_timeout_msecs = 10000; 62 module_param(rx_drain_timeout_msecs, uint, 0444); 63 64 /* The length of time before the frontend is considered unresponsive 65 * because it isn't providing Rx slots. 66 */ 67 unsigned int rx_stall_timeout_msecs = 60000; 68 module_param(rx_stall_timeout_msecs, uint, 0444); 69 70 unsigned int xenvif_max_queues; 71 module_param_named(max_queues, xenvif_max_queues, uint, 0644); 72 MODULE_PARM_DESC(max_queues, 73 "Maximum number of queues per virtual interface"); 74 75 /* 76 * This is the maximum slots a skb can have. If a guest sends a skb 77 * which exceeds this limit it is considered malicious. 78 */ 79 #define FATAL_SKB_SLOTS_DEFAULT 20 80 static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT; 81 module_param(fatal_skb_slots, uint, 0444); 82 83 /* The amount to copy out of the first guest Tx slot into the skb's 84 * linear area. If the first slot has more data, it will be mapped 85 * and put into the first frag. 86 * 87 * This is sized to avoid pulling headers from the frags for most 88 * TCP/IP packets. 89 */ 90 #define XEN_NETBACK_TX_COPY_LEN 128 91 92 93 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 94 u8 status); 95 96 static void make_tx_response(struct xenvif_queue *queue, 97 struct xen_netif_tx_request *txp, 98 s8 st); 99 static void push_tx_responses(struct xenvif_queue *queue); 100 101 static inline int tx_work_todo(struct xenvif_queue *queue); 102 103 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 104 u16 id, 105 s8 st, 106 u16 offset, 107 u16 size, 108 u16 flags); 109 110 static inline unsigned long idx_to_pfn(struct xenvif_queue *queue, 111 u16 idx) 112 { 113 return page_to_pfn(queue->mmap_pages[idx]); 114 } 115 116 static inline unsigned long idx_to_kaddr(struct xenvif_queue *queue, 117 u16 idx) 118 { 119 return (unsigned long)pfn_to_kaddr(idx_to_pfn(queue, idx)); 120 } 121 122 #define callback_param(vif, pending_idx) \ 123 (vif->pending_tx_info[pending_idx].callback_struct) 124 125 /* Find the containing VIF's structure from a pointer in pending_tx_info array 126 */ 127 static inline struct xenvif_queue *ubuf_to_queue(const struct ubuf_info *ubuf) 128 { 129 u16 pending_idx = ubuf->desc; 130 struct pending_tx_info *temp = 131 container_of(ubuf, struct pending_tx_info, callback_struct); 132 return container_of(temp - pending_idx, 133 struct xenvif_queue, 134 pending_tx_info[0]); 135 } 136 137 static u16 frag_get_pending_idx(skb_frag_t *frag) 138 { 139 return (u16)frag->page_offset; 140 } 141 142 static void frag_set_pending_idx(skb_frag_t *frag, u16 pending_idx) 143 { 144 frag->page_offset = pending_idx; 145 } 146 147 static inline pending_ring_idx_t pending_index(unsigned i) 148 { 149 return i & (MAX_PENDING_REQS-1); 150 } 151 152 bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue, int needed) 153 { 154 RING_IDX prod, cons; 155 156 do { 157 prod = queue->rx.sring->req_prod; 158 cons = queue->rx.req_cons; 159 160 if (prod - cons >= needed) 161 return true; 162 163 queue->rx.sring->req_event = prod + 1; 164 165 /* Make sure event is visible before we check prod 166 * again. 167 */ 168 mb(); 169 } while (queue->rx.sring->req_prod != prod); 170 171 return false; 172 } 173 174 void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) 175 { 176 unsigned long flags; 177 178 spin_lock_irqsave(&queue->rx_queue.lock, flags); 179 180 __skb_queue_tail(&queue->rx_queue, skb); 181 182 queue->rx_queue_len += skb->len; 183 if (queue->rx_queue_len > queue->rx_queue_max) 184 netif_tx_stop_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 185 186 spin_unlock_irqrestore(&queue->rx_queue.lock, flags); 187 } 188 189 static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue) 190 { 191 struct sk_buff *skb; 192 193 spin_lock_irq(&queue->rx_queue.lock); 194 195 skb = __skb_dequeue(&queue->rx_queue); 196 if (skb) 197 queue->rx_queue_len -= skb->len; 198 199 spin_unlock_irq(&queue->rx_queue.lock); 200 201 return skb; 202 } 203 204 static void xenvif_rx_queue_maybe_wake(struct xenvif_queue *queue) 205 { 206 spin_lock_irq(&queue->rx_queue.lock); 207 208 if (queue->rx_queue_len < queue->rx_queue_max) 209 netif_tx_wake_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 210 211 spin_unlock_irq(&queue->rx_queue.lock); 212 } 213 214 215 static void xenvif_rx_queue_purge(struct xenvif_queue *queue) 216 { 217 struct sk_buff *skb; 218 while ((skb = xenvif_rx_dequeue(queue)) != NULL) 219 kfree_skb(skb); 220 } 221 222 static void xenvif_rx_queue_drop_expired(struct xenvif_queue *queue) 223 { 224 struct sk_buff *skb; 225 226 for(;;) { 227 skb = skb_peek(&queue->rx_queue); 228 if (!skb) 229 break; 230 if (time_before(jiffies, XENVIF_RX_CB(skb)->expires)) 231 break; 232 xenvif_rx_dequeue(queue); 233 kfree_skb(skb); 234 } 235 } 236 237 struct netrx_pending_operations { 238 unsigned copy_prod, copy_cons; 239 unsigned meta_prod, meta_cons; 240 struct gnttab_copy *copy; 241 struct xenvif_rx_meta *meta; 242 int copy_off; 243 grant_ref_t copy_gref; 244 }; 245 246 static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue, 247 struct netrx_pending_operations *npo) 248 { 249 struct xenvif_rx_meta *meta; 250 struct xen_netif_rx_request *req; 251 252 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 253 254 meta = npo->meta + npo->meta_prod++; 255 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 256 meta->gso_size = 0; 257 meta->size = 0; 258 meta->id = req->id; 259 260 npo->copy_off = 0; 261 npo->copy_gref = req->gref; 262 263 return meta; 264 } 265 266 /* 267 * Set up the grant operations for this fragment. If it's a flipping 268 * interface, we also set up the unmap request from here. 269 */ 270 static void xenvif_gop_frag_copy(struct xenvif_queue *queue, struct sk_buff *skb, 271 struct netrx_pending_operations *npo, 272 struct page *page, unsigned long size, 273 unsigned long offset, int *head) 274 { 275 struct gnttab_copy *copy_gop; 276 struct xenvif_rx_meta *meta; 277 unsigned long bytes; 278 int gso_type = XEN_NETIF_GSO_TYPE_NONE; 279 280 /* Data must not cross a page boundary. */ 281 BUG_ON(size + offset > PAGE_SIZE<<compound_order(page)); 282 283 meta = npo->meta + npo->meta_prod - 1; 284 285 /* Skip unused frames from start of page */ 286 page += offset >> PAGE_SHIFT; 287 offset &= ~PAGE_MASK; 288 289 while (size > 0) { 290 struct xen_page_foreign *foreign; 291 292 BUG_ON(offset >= PAGE_SIZE); 293 BUG_ON(npo->copy_off > MAX_BUFFER_OFFSET); 294 295 if (npo->copy_off == MAX_BUFFER_OFFSET) 296 meta = get_next_rx_buffer(queue, npo); 297 298 bytes = PAGE_SIZE - offset; 299 if (bytes > size) 300 bytes = size; 301 302 if (npo->copy_off + bytes > MAX_BUFFER_OFFSET) 303 bytes = MAX_BUFFER_OFFSET - npo->copy_off; 304 305 copy_gop = npo->copy + npo->copy_prod++; 306 copy_gop->flags = GNTCOPY_dest_gref; 307 copy_gop->len = bytes; 308 309 foreign = xen_page_foreign(page); 310 if (foreign) { 311 copy_gop->source.domid = foreign->domid; 312 copy_gop->source.u.ref = foreign->gref; 313 copy_gop->flags |= GNTCOPY_source_gref; 314 } else { 315 copy_gop->source.domid = DOMID_SELF; 316 copy_gop->source.u.gmfn = 317 virt_to_mfn(page_address(page)); 318 } 319 copy_gop->source.offset = offset; 320 321 copy_gop->dest.domid = queue->vif->domid; 322 copy_gop->dest.offset = npo->copy_off; 323 copy_gop->dest.u.ref = npo->copy_gref; 324 325 npo->copy_off += bytes; 326 meta->size += bytes; 327 328 offset += bytes; 329 size -= bytes; 330 331 /* Next frame */ 332 if (offset == PAGE_SIZE && size) { 333 BUG_ON(!PageCompound(page)); 334 page++; 335 offset = 0; 336 } 337 338 /* Leave a gap for the GSO descriptor. */ 339 if (skb_is_gso(skb)) { 340 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 341 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 342 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 343 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 344 } 345 346 if (*head && ((1 << gso_type) & queue->vif->gso_mask)) 347 queue->rx.req_cons++; 348 349 *head = 0; /* There must be something in this buffer now. */ 350 351 } 352 } 353 354 /* 355 * Prepare an SKB to be transmitted to the frontend. 356 * 357 * This function is responsible for allocating grant operations, meta 358 * structures, etc. 359 * 360 * It returns the number of meta structures consumed. The number of 361 * ring slots used is always equal to the number of meta slots used 362 * plus the number of GSO descriptors used. Currently, we use either 363 * zero GSO descriptors (for non-GSO packets) or one descriptor (for 364 * frontend-side LRO). 365 */ 366 static int xenvif_gop_skb(struct sk_buff *skb, 367 struct netrx_pending_operations *npo, 368 struct xenvif_queue *queue) 369 { 370 struct xenvif *vif = netdev_priv(skb->dev); 371 int nr_frags = skb_shinfo(skb)->nr_frags; 372 int i; 373 struct xen_netif_rx_request *req; 374 struct xenvif_rx_meta *meta; 375 unsigned char *data; 376 int head = 1; 377 int old_meta_prod; 378 int gso_type; 379 380 old_meta_prod = npo->meta_prod; 381 382 gso_type = XEN_NETIF_GSO_TYPE_NONE; 383 if (skb_is_gso(skb)) { 384 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 385 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 386 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 387 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 388 } 389 390 /* Set up a GSO prefix descriptor, if necessary */ 391 if ((1 << gso_type) & vif->gso_prefix_mask) { 392 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 393 meta = npo->meta + npo->meta_prod++; 394 meta->gso_type = gso_type; 395 meta->gso_size = skb_shinfo(skb)->gso_size; 396 meta->size = 0; 397 meta->id = req->id; 398 } 399 400 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 401 meta = npo->meta + npo->meta_prod++; 402 403 if ((1 << gso_type) & vif->gso_mask) { 404 meta->gso_type = gso_type; 405 meta->gso_size = skb_shinfo(skb)->gso_size; 406 } else { 407 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 408 meta->gso_size = 0; 409 } 410 411 meta->size = 0; 412 meta->id = req->id; 413 npo->copy_off = 0; 414 npo->copy_gref = req->gref; 415 416 data = skb->data; 417 while (data < skb_tail_pointer(skb)) { 418 unsigned int offset = offset_in_page(data); 419 unsigned int len = PAGE_SIZE - offset; 420 421 if (data + len > skb_tail_pointer(skb)) 422 len = skb_tail_pointer(skb) - data; 423 424 xenvif_gop_frag_copy(queue, skb, npo, 425 virt_to_page(data), len, offset, &head); 426 data += len; 427 } 428 429 for (i = 0; i < nr_frags; i++) { 430 xenvif_gop_frag_copy(queue, skb, npo, 431 skb_frag_page(&skb_shinfo(skb)->frags[i]), 432 skb_frag_size(&skb_shinfo(skb)->frags[i]), 433 skb_shinfo(skb)->frags[i].page_offset, 434 &head); 435 } 436 437 return npo->meta_prod - old_meta_prod; 438 } 439 440 /* 441 * This is a twin to xenvif_gop_skb. Assume that xenvif_gop_skb was 442 * used to set up the operations on the top of 443 * netrx_pending_operations, which have since been done. Check that 444 * they didn't give any errors and advance over them. 445 */ 446 static int xenvif_check_gop(struct xenvif *vif, int nr_meta_slots, 447 struct netrx_pending_operations *npo) 448 { 449 struct gnttab_copy *copy_op; 450 int status = XEN_NETIF_RSP_OKAY; 451 int i; 452 453 for (i = 0; i < nr_meta_slots; i++) { 454 copy_op = npo->copy + npo->copy_cons++; 455 if (copy_op->status != GNTST_okay) { 456 netdev_dbg(vif->dev, 457 "Bad status %d from copy to DOM%d.\n", 458 copy_op->status, vif->domid); 459 status = XEN_NETIF_RSP_ERROR; 460 } 461 } 462 463 return status; 464 } 465 466 static void xenvif_add_frag_responses(struct xenvif_queue *queue, int status, 467 struct xenvif_rx_meta *meta, 468 int nr_meta_slots) 469 { 470 int i; 471 unsigned long offset; 472 473 /* No fragments used */ 474 if (nr_meta_slots <= 1) 475 return; 476 477 nr_meta_slots--; 478 479 for (i = 0; i < nr_meta_slots; i++) { 480 int flags; 481 if (i == nr_meta_slots - 1) 482 flags = 0; 483 else 484 flags = XEN_NETRXF_more_data; 485 486 offset = 0; 487 make_rx_response(queue, meta[i].id, status, offset, 488 meta[i].size, flags); 489 } 490 } 491 492 void xenvif_kick_thread(struct xenvif_queue *queue) 493 { 494 wake_up(&queue->wq); 495 } 496 497 static void xenvif_rx_action(struct xenvif_queue *queue) 498 { 499 s8 status; 500 u16 flags; 501 struct xen_netif_rx_response *resp; 502 struct sk_buff_head rxq; 503 struct sk_buff *skb; 504 LIST_HEAD(notify); 505 int ret; 506 unsigned long offset; 507 bool need_to_notify = false; 508 509 struct netrx_pending_operations npo = { 510 .copy = queue->grant_copy_op, 511 .meta = queue->meta, 512 }; 513 514 skb_queue_head_init(&rxq); 515 516 while (xenvif_rx_ring_slots_available(queue, XEN_NETBK_RX_SLOTS_MAX) 517 && (skb = xenvif_rx_dequeue(queue)) != NULL) { 518 queue->last_rx_time = jiffies; 519 520 XENVIF_RX_CB(skb)->meta_slots_used = xenvif_gop_skb(skb, &npo, queue); 521 522 __skb_queue_tail(&rxq, skb); 523 } 524 525 BUG_ON(npo.meta_prod > ARRAY_SIZE(queue->meta)); 526 527 if (!npo.copy_prod) 528 goto done; 529 530 BUG_ON(npo.copy_prod > MAX_GRANT_COPY_OPS); 531 gnttab_batch_copy(queue->grant_copy_op, npo.copy_prod); 532 533 while ((skb = __skb_dequeue(&rxq)) != NULL) { 534 535 if ((1 << queue->meta[npo.meta_cons].gso_type) & 536 queue->vif->gso_prefix_mask) { 537 resp = RING_GET_RESPONSE(&queue->rx, 538 queue->rx.rsp_prod_pvt++); 539 540 resp->flags = XEN_NETRXF_gso_prefix | XEN_NETRXF_more_data; 541 542 resp->offset = queue->meta[npo.meta_cons].gso_size; 543 resp->id = queue->meta[npo.meta_cons].id; 544 resp->status = XENVIF_RX_CB(skb)->meta_slots_used; 545 546 npo.meta_cons++; 547 XENVIF_RX_CB(skb)->meta_slots_used--; 548 } 549 550 551 queue->stats.tx_bytes += skb->len; 552 queue->stats.tx_packets++; 553 554 status = xenvif_check_gop(queue->vif, 555 XENVIF_RX_CB(skb)->meta_slots_used, 556 &npo); 557 558 if (XENVIF_RX_CB(skb)->meta_slots_used == 1) 559 flags = 0; 560 else 561 flags = XEN_NETRXF_more_data; 562 563 if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */ 564 flags |= XEN_NETRXF_csum_blank | XEN_NETRXF_data_validated; 565 else if (skb->ip_summed == CHECKSUM_UNNECESSARY) 566 /* remote but checksummed. */ 567 flags |= XEN_NETRXF_data_validated; 568 569 offset = 0; 570 resp = make_rx_response(queue, queue->meta[npo.meta_cons].id, 571 status, offset, 572 queue->meta[npo.meta_cons].size, 573 flags); 574 575 if ((1 << queue->meta[npo.meta_cons].gso_type) & 576 queue->vif->gso_mask) { 577 struct xen_netif_extra_info *gso = 578 (struct xen_netif_extra_info *) 579 RING_GET_RESPONSE(&queue->rx, 580 queue->rx.rsp_prod_pvt++); 581 582 resp->flags |= XEN_NETRXF_extra_info; 583 584 gso->u.gso.type = queue->meta[npo.meta_cons].gso_type; 585 gso->u.gso.size = queue->meta[npo.meta_cons].gso_size; 586 gso->u.gso.pad = 0; 587 gso->u.gso.features = 0; 588 589 gso->type = XEN_NETIF_EXTRA_TYPE_GSO; 590 gso->flags = 0; 591 } 592 593 xenvif_add_frag_responses(queue, status, 594 queue->meta + npo.meta_cons + 1, 595 XENVIF_RX_CB(skb)->meta_slots_used); 596 597 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->rx, ret); 598 599 need_to_notify |= !!ret; 600 601 npo.meta_cons += XENVIF_RX_CB(skb)->meta_slots_used; 602 dev_kfree_skb(skb); 603 } 604 605 done: 606 if (need_to_notify) 607 notify_remote_via_irq(queue->rx_irq); 608 } 609 610 void xenvif_napi_schedule_or_enable_events(struct xenvif_queue *queue) 611 { 612 int more_to_do; 613 614 RING_FINAL_CHECK_FOR_REQUESTS(&queue->tx, more_to_do); 615 616 if (more_to_do) 617 napi_schedule(&queue->napi); 618 } 619 620 static void tx_add_credit(struct xenvif_queue *queue) 621 { 622 unsigned long max_burst, max_credit; 623 624 /* 625 * Allow a burst big enough to transmit a jumbo packet of up to 128kB. 626 * Otherwise the interface can seize up due to insufficient credit. 627 */ 628 max_burst = RING_GET_REQUEST(&queue->tx, queue->tx.req_cons)->size; 629 max_burst = min(max_burst, 131072UL); 630 max_burst = max(max_burst, queue->credit_bytes); 631 632 /* Take care that adding a new chunk of credit doesn't wrap to zero. */ 633 max_credit = queue->remaining_credit + queue->credit_bytes; 634 if (max_credit < queue->remaining_credit) 635 max_credit = ULONG_MAX; /* wrapped: clamp to ULONG_MAX */ 636 637 queue->remaining_credit = min(max_credit, max_burst); 638 } 639 640 void xenvif_tx_credit_callback(unsigned long data) 641 { 642 struct xenvif_queue *queue = (struct xenvif_queue *)data; 643 tx_add_credit(queue); 644 xenvif_napi_schedule_or_enable_events(queue); 645 } 646 647 static void xenvif_tx_err(struct xenvif_queue *queue, 648 struct xen_netif_tx_request *txp, RING_IDX end) 649 { 650 RING_IDX cons = queue->tx.req_cons; 651 unsigned long flags; 652 653 do { 654 spin_lock_irqsave(&queue->response_lock, flags); 655 make_tx_response(queue, txp, XEN_NETIF_RSP_ERROR); 656 push_tx_responses(queue); 657 spin_unlock_irqrestore(&queue->response_lock, flags); 658 if (cons == end) 659 break; 660 txp = RING_GET_REQUEST(&queue->tx, cons++); 661 } while (1); 662 queue->tx.req_cons = cons; 663 } 664 665 static void xenvif_fatal_tx_err(struct xenvif *vif) 666 { 667 netdev_err(vif->dev, "fatal error; disabling device\n"); 668 vif->disabled = true; 669 /* Disable the vif from queue 0's kthread */ 670 if (vif->queues) 671 xenvif_kick_thread(&vif->queues[0]); 672 } 673 674 static int xenvif_count_requests(struct xenvif_queue *queue, 675 struct xen_netif_tx_request *first, 676 struct xen_netif_tx_request *txp, 677 int work_to_do) 678 { 679 RING_IDX cons = queue->tx.req_cons; 680 int slots = 0; 681 int drop_err = 0; 682 int more_data; 683 684 if (!(first->flags & XEN_NETTXF_more_data)) 685 return 0; 686 687 do { 688 struct xen_netif_tx_request dropped_tx = { 0 }; 689 690 if (slots >= work_to_do) { 691 netdev_err(queue->vif->dev, 692 "Asked for %d slots but exceeds this limit\n", 693 work_to_do); 694 xenvif_fatal_tx_err(queue->vif); 695 return -ENODATA; 696 } 697 698 /* This guest is really using too many slots and 699 * considered malicious. 700 */ 701 if (unlikely(slots >= fatal_skb_slots)) { 702 netdev_err(queue->vif->dev, 703 "Malicious frontend using %d slots, threshold %u\n", 704 slots, fatal_skb_slots); 705 xenvif_fatal_tx_err(queue->vif); 706 return -E2BIG; 707 } 708 709 /* Xen network protocol had implicit dependency on 710 * MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to 711 * the historical MAX_SKB_FRAGS value 18 to honor the 712 * same behavior as before. Any packet using more than 713 * 18 slots but less than fatal_skb_slots slots is 714 * dropped 715 */ 716 if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) { 717 if (net_ratelimit()) 718 netdev_dbg(queue->vif->dev, 719 "Too many slots (%d) exceeding limit (%d), dropping packet\n", 720 slots, XEN_NETBK_LEGACY_SLOTS_MAX); 721 drop_err = -E2BIG; 722 } 723 724 if (drop_err) 725 txp = &dropped_tx; 726 727 memcpy(txp, RING_GET_REQUEST(&queue->tx, cons + slots), 728 sizeof(*txp)); 729 730 /* If the guest submitted a frame >= 64 KiB then 731 * first->size overflowed and following slots will 732 * appear to be larger than the frame. 733 * 734 * This cannot be fatal error as there are buggy 735 * frontends that do this. 736 * 737 * Consume all slots and drop the packet. 738 */ 739 if (!drop_err && txp->size > first->size) { 740 if (net_ratelimit()) 741 netdev_dbg(queue->vif->dev, 742 "Invalid tx request, slot size %u > remaining size %u\n", 743 txp->size, first->size); 744 drop_err = -EIO; 745 } 746 747 first->size -= txp->size; 748 slots++; 749 750 if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { 751 netdev_err(queue->vif->dev, "Cross page boundary, txp->offset: %u, size: %u\n", 752 txp->offset, txp->size); 753 xenvif_fatal_tx_err(queue->vif); 754 return -EINVAL; 755 } 756 757 more_data = txp->flags & XEN_NETTXF_more_data; 758 759 if (!drop_err) 760 txp++; 761 762 } while (more_data); 763 764 if (drop_err) { 765 xenvif_tx_err(queue, first, cons + slots); 766 return drop_err; 767 } 768 769 return slots; 770 } 771 772 773 struct xenvif_tx_cb { 774 u16 pending_idx; 775 }; 776 777 #define XENVIF_TX_CB(skb) ((struct xenvif_tx_cb *)(skb)->cb) 778 779 static inline void xenvif_tx_create_map_op(struct xenvif_queue *queue, 780 u16 pending_idx, 781 struct xen_netif_tx_request *txp, 782 struct gnttab_map_grant_ref *mop) 783 { 784 queue->pages_to_map[mop-queue->tx_map_ops] = queue->mmap_pages[pending_idx]; 785 gnttab_set_map_op(mop, idx_to_kaddr(queue, pending_idx), 786 GNTMAP_host_map | GNTMAP_readonly, 787 txp->gref, queue->vif->domid); 788 789 memcpy(&queue->pending_tx_info[pending_idx].req, txp, 790 sizeof(*txp)); 791 } 792 793 static inline struct sk_buff *xenvif_alloc_skb(unsigned int size) 794 { 795 struct sk_buff *skb = 796 alloc_skb(size + NET_SKB_PAD + NET_IP_ALIGN, 797 GFP_ATOMIC | __GFP_NOWARN); 798 if (unlikely(skb == NULL)) 799 return NULL; 800 801 /* Packets passed to netif_rx() must have some headroom. */ 802 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); 803 804 /* Initialize it here to avoid later surprises */ 805 skb_shinfo(skb)->destructor_arg = NULL; 806 807 return skb; 808 } 809 810 static struct gnttab_map_grant_ref *xenvif_get_requests(struct xenvif_queue *queue, 811 struct sk_buff *skb, 812 struct xen_netif_tx_request *txp, 813 struct gnttab_map_grant_ref *gop, 814 unsigned int frag_overflow, 815 struct sk_buff *nskb) 816 { 817 struct skb_shared_info *shinfo = skb_shinfo(skb); 818 skb_frag_t *frags = shinfo->frags; 819 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 820 int start; 821 pending_ring_idx_t index; 822 unsigned int nr_slots; 823 824 nr_slots = shinfo->nr_frags; 825 826 /* Skip first skb fragment if it is on same page as header fragment. */ 827 start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); 828 829 for (shinfo->nr_frags = start; shinfo->nr_frags < nr_slots; 830 shinfo->nr_frags++, txp++, gop++) { 831 index = pending_index(queue->pending_cons++); 832 pending_idx = queue->pending_ring[index]; 833 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 834 frag_set_pending_idx(&frags[shinfo->nr_frags], pending_idx); 835 } 836 837 if (frag_overflow) { 838 839 shinfo = skb_shinfo(nskb); 840 frags = shinfo->frags; 841 842 for (shinfo->nr_frags = 0; shinfo->nr_frags < frag_overflow; 843 shinfo->nr_frags++, txp++, gop++) { 844 index = pending_index(queue->pending_cons++); 845 pending_idx = queue->pending_ring[index]; 846 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 847 frag_set_pending_idx(&frags[shinfo->nr_frags], 848 pending_idx); 849 } 850 851 skb_shinfo(skb)->frag_list = nskb; 852 } 853 854 return gop; 855 } 856 857 static inline void xenvif_grant_handle_set(struct xenvif_queue *queue, 858 u16 pending_idx, 859 grant_handle_t handle) 860 { 861 if (unlikely(queue->grant_tx_handle[pending_idx] != 862 NETBACK_INVALID_HANDLE)) { 863 netdev_err(queue->vif->dev, 864 "Trying to overwrite active handle! pending_idx: 0x%x\n", 865 pending_idx); 866 BUG(); 867 } 868 queue->grant_tx_handle[pending_idx] = handle; 869 } 870 871 static inline void xenvif_grant_handle_reset(struct xenvif_queue *queue, 872 u16 pending_idx) 873 { 874 if (unlikely(queue->grant_tx_handle[pending_idx] == 875 NETBACK_INVALID_HANDLE)) { 876 netdev_err(queue->vif->dev, 877 "Trying to unmap invalid handle! pending_idx: 0x%x\n", 878 pending_idx); 879 BUG(); 880 } 881 queue->grant_tx_handle[pending_idx] = NETBACK_INVALID_HANDLE; 882 } 883 884 static int xenvif_tx_check_gop(struct xenvif_queue *queue, 885 struct sk_buff *skb, 886 struct gnttab_map_grant_ref **gopp_map, 887 struct gnttab_copy **gopp_copy) 888 { 889 struct gnttab_map_grant_ref *gop_map = *gopp_map; 890 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 891 /* This always points to the shinfo of the skb being checked, which 892 * could be either the first or the one on the frag_list 893 */ 894 struct skb_shared_info *shinfo = skb_shinfo(skb); 895 /* If this is non-NULL, we are currently checking the frag_list skb, and 896 * this points to the shinfo of the first one 897 */ 898 struct skb_shared_info *first_shinfo = NULL; 899 int nr_frags = shinfo->nr_frags; 900 const bool sharedslot = nr_frags && 901 frag_get_pending_idx(&shinfo->frags[0]) == pending_idx; 902 int i, err; 903 904 /* Check status of header. */ 905 err = (*gopp_copy)->status; 906 if (unlikely(err)) { 907 if (net_ratelimit()) 908 netdev_dbg(queue->vif->dev, 909 "Grant copy of header failed! status: %d pending_idx: %u ref: %u\n", 910 (*gopp_copy)->status, 911 pending_idx, 912 (*gopp_copy)->source.u.ref); 913 /* The first frag might still have this slot mapped */ 914 if (!sharedslot) 915 xenvif_idx_release(queue, pending_idx, 916 XEN_NETIF_RSP_ERROR); 917 } 918 (*gopp_copy)++; 919 920 check_frags: 921 for (i = 0; i < nr_frags; i++, gop_map++) { 922 int j, newerr; 923 924 pending_idx = frag_get_pending_idx(&shinfo->frags[i]); 925 926 /* Check error status: if okay then remember grant handle. */ 927 newerr = gop_map->status; 928 929 if (likely(!newerr)) { 930 xenvif_grant_handle_set(queue, 931 pending_idx, 932 gop_map->handle); 933 /* Had a previous error? Invalidate this fragment. */ 934 if (unlikely(err)) { 935 xenvif_idx_unmap(queue, pending_idx); 936 /* If the mapping of the first frag was OK, but 937 * the header's copy failed, and they are 938 * sharing a slot, send an error 939 */ 940 if (i == 0 && sharedslot) 941 xenvif_idx_release(queue, pending_idx, 942 XEN_NETIF_RSP_ERROR); 943 else 944 xenvif_idx_release(queue, pending_idx, 945 XEN_NETIF_RSP_OKAY); 946 } 947 continue; 948 } 949 950 /* Error on this fragment: respond to client with an error. */ 951 if (net_ratelimit()) 952 netdev_dbg(queue->vif->dev, 953 "Grant map of %d. frag failed! status: %d pending_idx: %u ref: %u\n", 954 i, 955 gop_map->status, 956 pending_idx, 957 gop_map->ref); 958 959 xenvif_idx_release(queue, pending_idx, XEN_NETIF_RSP_ERROR); 960 961 /* Not the first error? Preceding frags already invalidated. */ 962 if (err) 963 continue; 964 965 /* First error: if the header haven't shared a slot with the 966 * first frag, release it as well. 967 */ 968 if (!sharedslot) 969 xenvif_idx_release(queue, 970 XENVIF_TX_CB(skb)->pending_idx, 971 XEN_NETIF_RSP_OKAY); 972 973 /* Invalidate preceding fragments of this skb. */ 974 for (j = 0; j < i; j++) { 975 pending_idx = frag_get_pending_idx(&shinfo->frags[j]); 976 xenvif_idx_unmap(queue, pending_idx); 977 xenvif_idx_release(queue, pending_idx, 978 XEN_NETIF_RSP_OKAY); 979 } 980 981 /* And if we found the error while checking the frag_list, unmap 982 * the first skb's frags 983 */ 984 if (first_shinfo) { 985 for (j = 0; j < first_shinfo->nr_frags; j++) { 986 pending_idx = frag_get_pending_idx(&first_shinfo->frags[j]); 987 xenvif_idx_unmap(queue, pending_idx); 988 xenvif_idx_release(queue, pending_idx, 989 XEN_NETIF_RSP_OKAY); 990 } 991 } 992 993 /* Remember the error: invalidate all subsequent fragments. */ 994 err = newerr; 995 } 996 997 if (skb_has_frag_list(skb) && !first_shinfo) { 998 first_shinfo = skb_shinfo(skb); 999 shinfo = skb_shinfo(skb_shinfo(skb)->frag_list); 1000 nr_frags = shinfo->nr_frags; 1001 1002 goto check_frags; 1003 } 1004 1005 *gopp_map = gop_map; 1006 return err; 1007 } 1008 1009 static void xenvif_fill_frags(struct xenvif_queue *queue, struct sk_buff *skb) 1010 { 1011 struct skb_shared_info *shinfo = skb_shinfo(skb); 1012 int nr_frags = shinfo->nr_frags; 1013 int i; 1014 u16 prev_pending_idx = INVALID_PENDING_IDX; 1015 1016 for (i = 0; i < nr_frags; i++) { 1017 skb_frag_t *frag = shinfo->frags + i; 1018 struct xen_netif_tx_request *txp; 1019 struct page *page; 1020 u16 pending_idx; 1021 1022 pending_idx = frag_get_pending_idx(frag); 1023 1024 /* If this is not the first frag, chain it to the previous*/ 1025 if (prev_pending_idx == INVALID_PENDING_IDX) 1026 skb_shinfo(skb)->destructor_arg = 1027 &callback_param(queue, pending_idx); 1028 else 1029 callback_param(queue, prev_pending_idx).ctx = 1030 &callback_param(queue, pending_idx); 1031 1032 callback_param(queue, pending_idx).ctx = NULL; 1033 prev_pending_idx = pending_idx; 1034 1035 txp = &queue->pending_tx_info[pending_idx].req; 1036 page = virt_to_page(idx_to_kaddr(queue, pending_idx)); 1037 __skb_fill_page_desc(skb, i, page, txp->offset, txp->size); 1038 skb->len += txp->size; 1039 skb->data_len += txp->size; 1040 skb->truesize += txp->size; 1041 1042 /* Take an extra reference to offset network stack's put_page */ 1043 get_page(queue->mmap_pages[pending_idx]); 1044 } 1045 } 1046 1047 static int xenvif_get_extras(struct xenvif_queue *queue, 1048 struct xen_netif_extra_info *extras, 1049 int work_to_do) 1050 { 1051 struct xen_netif_extra_info extra; 1052 RING_IDX cons = queue->tx.req_cons; 1053 1054 do { 1055 if (unlikely(work_to_do-- <= 0)) { 1056 netdev_err(queue->vif->dev, "Missing extra info\n"); 1057 xenvif_fatal_tx_err(queue->vif); 1058 return -EBADR; 1059 } 1060 1061 memcpy(&extra, RING_GET_REQUEST(&queue->tx, cons), 1062 sizeof(extra)); 1063 if (unlikely(!extra.type || 1064 extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { 1065 queue->tx.req_cons = ++cons; 1066 netdev_err(queue->vif->dev, 1067 "Invalid extra type: %d\n", extra.type); 1068 xenvif_fatal_tx_err(queue->vif); 1069 return -EINVAL; 1070 } 1071 1072 memcpy(&extras[extra.type - 1], &extra, sizeof(extra)); 1073 queue->tx.req_cons = ++cons; 1074 } while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE); 1075 1076 return work_to_do; 1077 } 1078 1079 static int xenvif_set_skb_gso(struct xenvif *vif, 1080 struct sk_buff *skb, 1081 struct xen_netif_extra_info *gso) 1082 { 1083 if (!gso->u.gso.size) { 1084 netdev_err(vif->dev, "GSO size must not be zero.\n"); 1085 xenvif_fatal_tx_err(vif); 1086 return -EINVAL; 1087 } 1088 1089 switch (gso->u.gso.type) { 1090 case XEN_NETIF_GSO_TYPE_TCPV4: 1091 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4; 1092 break; 1093 case XEN_NETIF_GSO_TYPE_TCPV6: 1094 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 1095 break; 1096 default: 1097 netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); 1098 xenvif_fatal_tx_err(vif); 1099 return -EINVAL; 1100 } 1101 1102 skb_shinfo(skb)->gso_size = gso->u.gso.size; 1103 /* gso_segs will be calculated later */ 1104 1105 return 0; 1106 } 1107 1108 static int checksum_setup(struct xenvif_queue *queue, struct sk_buff *skb) 1109 { 1110 bool recalculate_partial_csum = false; 1111 1112 /* A GSO SKB must be CHECKSUM_PARTIAL. However some buggy 1113 * peers can fail to set NETRXF_csum_blank when sending a GSO 1114 * frame. In this case force the SKB to CHECKSUM_PARTIAL and 1115 * recalculate the partial checksum. 1116 */ 1117 if (skb->ip_summed != CHECKSUM_PARTIAL && skb_is_gso(skb)) { 1118 queue->stats.rx_gso_checksum_fixup++; 1119 skb->ip_summed = CHECKSUM_PARTIAL; 1120 recalculate_partial_csum = true; 1121 } 1122 1123 /* A non-CHECKSUM_PARTIAL SKB does not require setup. */ 1124 if (skb->ip_summed != CHECKSUM_PARTIAL) 1125 return 0; 1126 1127 return skb_checksum_setup(skb, recalculate_partial_csum); 1128 } 1129 1130 static bool tx_credit_exceeded(struct xenvif_queue *queue, unsigned size) 1131 { 1132 u64 now = get_jiffies_64(); 1133 u64 next_credit = queue->credit_window_start + 1134 msecs_to_jiffies(queue->credit_usec / 1000); 1135 1136 /* Timer could already be pending in rare cases. */ 1137 if (timer_pending(&queue->credit_timeout)) 1138 return true; 1139 1140 /* Passed the point where we can replenish credit? */ 1141 if (time_after_eq64(now, next_credit)) { 1142 queue->credit_window_start = now; 1143 tx_add_credit(queue); 1144 } 1145 1146 /* Still too big to send right now? Set a callback. */ 1147 if (size > queue->remaining_credit) { 1148 queue->credit_timeout.data = 1149 (unsigned long)queue; 1150 mod_timer(&queue->credit_timeout, 1151 next_credit); 1152 queue->credit_window_start = next_credit; 1153 1154 return true; 1155 } 1156 1157 return false; 1158 } 1159 1160 /* No locking is required in xenvif_mcast_add/del() as they are 1161 * only ever invoked from NAPI poll. An RCU list is used because 1162 * xenvif_mcast_match() is called asynchronously, during start_xmit. 1163 */ 1164 1165 static int xenvif_mcast_add(struct xenvif *vif, const u8 *addr) 1166 { 1167 struct xenvif_mcast_addr *mcast; 1168 1169 if (vif->fe_mcast_count == XEN_NETBK_MCAST_MAX) { 1170 if (net_ratelimit()) 1171 netdev_err(vif->dev, 1172 "Too many multicast addresses\n"); 1173 return -ENOSPC; 1174 } 1175 1176 mcast = kzalloc(sizeof(*mcast), GFP_ATOMIC); 1177 if (!mcast) 1178 return -ENOMEM; 1179 1180 ether_addr_copy(mcast->addr, addr); 1181 list_add_tail_rcu(&mcast->entry, &vif->fe_mcast_addr); 1182 vif->fe_mcast_count++; 1183 1184 return 0; 1185 } 1186 1187 static void xenvif_mcast_del(struct xenvif *vif, const u8 *addr) 1188 { 1189 struct xenvif_mcast_addr *mcast; 1190 1191 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) { 1192 if (ether_addr_equal(addr, mcast->addr)) { 1193 --vif->fe_mcast_count; 1194 list_del_rcu(&mcast->entry); 1195 kfree_rcu(mcast, rcu); 1196 break; 1197 } 1198 } 1199 } 1200 1201 bool xenvif_mcast_match(struct xenvif *vif, const u8 *addr) 1202 { 1203 struct xenvif_mcast_addr *mcast; 1204 1205 rcu_read_lock(); 1206 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) { 1207 if (ether_addr_equal(addr, mcast->addr)) { 1208 rcu_read_unlock(); 1209 return true; 1210 } 1211 } 1212 rcu_read_unlock(); 1213 1214 return false; 1215 } 1216 1217 void xenvif_mcast_addr_list_free(struct xenvif *vif) 1218 { 1219 /* No need for locking or RCU here. NAPI poll and TX queue 1220 * are stopped. 1221 */ 1222 while (!list_empty(&vif->fe_mcast_addr)) { 1223 struct xenvif_mcast_addr *mcast; 1224 1225 mcast = list_first_entry(&vif->fe_mcast_addr, 1226 struct xenvif_mcast_addr, 1227 entry); 1228 --vif->fe_mcast_count; 1229 list_del(&mcast->entry); 1230 kfree(mcast); 1231 } 1232 } 1233 1234 static void xenvif_tx_build_gops(struct xenvif_queue *queue, 1235 int budget, 1236 unsigned *copy_ops, 1237 unsigned *map_ops) 1238 { 1239 struct gnttab_map_grant_ref *gop = queue->tx_map_ops; 1240 struct sk_buff *skb, *nskb; 1241 int ret; 1242 unsigned int frag_overflow; 1243 1244 while (skb_queue_len(&queue->tx_queue) < budget) { 1245 struct xen_netif_tx_request txreq; 1246 struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX]; 1247 struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1]; 1248 u16 pending_idx; 1249 RING_IDX idx; 1250 int work_to_do; 1251 unsigned int data_len; 1252 pending_ring_idx_t index; 1253 1254 if (queue->tx.sring->req_prod - queue->tx.req_cons > 1255 XEN_NETIF_TX_RING_SIZE) { 1256 netdev_err(queue->vif->dev, 1257 "Impossible number of requests. " 1258 "req_prod %d, req_cons %d, size %ld\n", 1259 queue->tx.sring->req_prod, queue->tx.req_cons, 1260 XEN_NETIF_TX_RING_SIZE); 1261 xenvif_fatal_tx_err(queue->vif); 1262 break; 1263 } 1264 1265 work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&queue->tx); 1266 if (!work_to_do) 1267 break; 1268 1269 idx = queue->tx.req_cons; 1270 rmb(); /* Ensure that we see the request before we copy it. */ 1271 memcpy(&txreq, RING_GET_REQUEST(&queue->tx, idx), sizeof(txreq)); 1272 1273 /* Credit-based scheduling. */ 1274 if (txreq.size > queue->remaining_credit && 1275 tx_credit_exceeded(queue, txreq.size)) 1276 break; 1277 1278 queue->remaining_credit -= txreq.size; 1279 1280 work_to_do--; 1281 queue->tx.req_cons = ++idx; 1282 1283 memset(extras, 0, sizeof(extras)); 1284 if (txreq.flags & XEN_NETTXF_extra_info) { 1285 work_to_do = xenvif_get_extras(queue, extras, 1286 work_to_do); 1287 idx = queue->tx.req_cons; 1288 if (unlikely(work_to_do < 0)) 1289 break; 1290 } 1291 1292 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1].type) { 1293 struct xen_netif_extra_info *extra; 1294 1295 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1]; 1296 ret = xenvif_mcast_add(queue->vif, extra->u.mcast.addr); 1297 1298 make_tx_response(queue, &txreq, 1299 (ret == 0) ? 1300 XEN_NETIF_RSP_OKAY : 1301 XEN_NETIF_RSP_ERROR); 1302 push_tx_responses(queue); 1303 continue; 1304 } 1305 1306 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1].type) { 1307 struct xen_netif_extra_info *extra; 1308 1309 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1]; 1310 xenvif_mcast_del(queue->vif, extra->u.mcast.addr); 1311 1312 make_tx_response(queue, &txreq, XEN_NETIF_RSP_OKAY); 1313 push_tx_responses(queue); 1314 continue; 1315 } 1316 1317 ret = xenvif_count_requests(queue, &txreq, txfrags, work_to_do); 1318 if (unlikely(ret < 0)) 1319 break; 1320 1321 idx += ret; 1322 1323 if (unlikely(txreq.size < ETH_HLEN)) { 1324 netdev_dbg(queue->vif->dev, 1325 "Bad packet size: %d\n", txreq.size); 1326 xenvif_tx_err(queue, &txreq, idx); 1327 break; 1328 } 1329 1330 /* No crossing a page as the payload mustn't fragment. */ 1331 if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { 1332 netdev_err(queue->vif->dev, 1333 "txreq.offset: %u, size: %u, end: %lu\n", 1334 txreq.offset, txreq.size, 1335 (unsigned long)(txreq.offset&~PAGE_MASK) + txreq.size); 1336 xenvif_fatal_tx_err(queue->vif); 1337 break; 1338 } 1339 1340 index = pending_index(queue->pending_cons); 1341 pending_idx = queue->pending_ring[index]; 1342 1343 data_len = (txreq.size > XEN_NETBACK_TX_COPY_LEN && 1344 ret < XEN_NETBK_LEGACY_SLOTS_MAX) ? 1345 XEN_NETBACK_TX_COPY_LEN : txreq.size; 1346 1347 skb = xenvif_alloc_skb(data_len); 1348 if (unlikely(skb == NULL)) { 1349 netdev_dbg(queue->vif->dev, 1350 "Can't allocate a skb in start_xmit.\n"); 1351 xenvif_tx_err(queue, &txreq, idx); 1352 break; 1353 } 1354 1355 skb_shinfo(skb)->nr_frags = ret; 1356 if (data_len < txreq.size) 1357 skb_shinfo(skb)->nr_frags++; 1358 /* At this point shinfo->nr_frags is in fact the number of 1359 * slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX. 1360 */ 1361 frag_overflow = 0; 1362 nskb = NULL; 1363 if (skb_shinfo(skb)->nr_frags > MAX_SKB_FRAGS) { 1364 frag_overflow = skb_shinfo(skb)->nr_frags - MAX_SKB_FRAGS; 1365 BUG_ON(frag_overflow > MAX_SKB_FRAGS); 1366 skb_shinfo(skb)->nr_frags = MAX_SKB_FRAGS; 1367 nskb = xenvif_alloc_skb(0); 1368 if (unlikely(nskb == NULL)) { 1369 kfree_skb(skb); 1370 xenvif_tx_err(queue, &txreq, idx); 1371 if (net_ratelimit()) 1372 netdev_err(queue->vif->dev, 1373 "Can't allocate the frag_list skb.\n"); 1374 break; 1375 } 1376 } 1377 1378 if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) { 1379 struct xen_netif_extra_info *gso; 1380 gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; 1381 1382 if (xenvif_set_skb_gso(queue->vif, skb, gso)) { 1383 /* Failure in xenvif_set_skb_gso is fatal. */ 1384 kfree_skb(skb); 1385 kfree_skb(nskb); 1386 break; 1387 } 1388 } 1389 1390 XENVIF_TX_CB(skb)->pending_idx = pending_idx; 1391 1392 __skb_put(skb, data_len); 1393 queue->tx_copy_ops[*copy_ops].source.u.ref = txreq.gref; 1394 queue->tx_copy_ops[*copy_ops].source.domid = queue->vif->domid; 1395 queue->tx_copy_ops[*copy_ops].source.offset = txreq.offset; 1396 1397 queue->tx_copy_ops[*copy_ops].dest.u.gmfn = 1398 virt_to_mfn(skb->data); 1399 queue->tx_copy_ops[*copy_ops].dest.domid = DOMID_SELF; 1400 queue->tx_copy_ops[*copy_ops].dest.offset = 1401 offset_in_page(skb->data); 1402 1403 queue->tx_copy_ops[*copy_ops].len = data_len; 1404 queue->tx_copy_ops[*copy_ops].flags = GNTCOPY_source_gref; 1405 1406 (*copy_ops)++; 1407 1408 if (data_len < txreq.size) { 1409 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1410 pending_idx); 1411 xenvif_tx_create_map_op(queue, pending_idx, &txreq, gop); 1412 gop++; 1413 } else { 1414 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1415 INVALID_PENDING_IDX); 1416 memcpy(&queue->pending_tx_info[pending_idx].req, &txreq, 1417 sizeof(txreq)); 1418 } 1419 1420 queue->pending_cons++; 1421 1422 gop = xenvif_get_requests(queue, skb, txfrags, gop, 1423 frag_overflow, nskb); 1424 1425 __skb_queue_tail(&queue->tx_queue, skb); 1426 1427 queue->tx.req_cons = idx; 1428 1429 if (((gop-queue->tx_map_ops) >= ARRAY_SIZE(queue->tx_map_ops)) || 1430 (*copy_ops >= ARRAY_SIZE(queue->tx_copy_ops))) 1431 break; 1432 } 1433 1434 (*map_ops) = gop - queue->tx_map_ops; 1435 return; 1436 } 1437 1438 /* Consolidate skb with a frag_list into a brand new one with local pages on 1439 * frags. Returns 0 or -ENOMEM if can't allocate new pages. 1440 */ 1441 static int xenvif_handle_frag_list(struct xenvif_queue *queue, struct sk_buff *skb) 1442 { 1443 unsigned int offset = skb_headlen(skb); 1444 skb_frag_t frags[MAX_SKB_FRAGS]; 1445 int i, f; 1446 struct ubuf_info *uarg; 1447 struct sk_buff *nskb = skb_shinfo(skb)->frag_list; 1448 1449 queue->stats.tx_zerocopy_sent += 2; 1450 queue->stats.tx_frag_overflow++; 1451 1452 xenvif_fill_frags(queue, nskb); 1453 /* Subtract frags size, we will correct it later */ 1454 skb->truesize -= skb->data_len; 1455 skb->len += nskb->len; 1456 skb->data_len += nskb->len; 1457 1458 /* create a brand new frags array and coalesce there */ 1459 for (i = 0; offset < skb->len; i++) { 1460 struct page *page; 1461 unsigned int len; 1462 1463 BUG_ON(i >= MAX_SKB_FRAGS); 1464 page = alloc_page(GFP_ATOMIC); 1465 if (!page) { 1466 int j; 1467 skb->truesize += skb->data_len; 1468 for (j = 0; j < i; j++) 1469 put_page(frags[j].page.p); 1470 return -ENOMEM; 1471 } 1472 1473 if (offset + PAGE_SIZE < skb->len) 1474 len = PAGE_SIZE; 1475 else 1476 len = skb->len - offset; 1477 if (skb_copy_bits(skb, offset, page_address(page), len)) 1478 BUG(); 1479 1480 offset += len; 1481 frags[i].page.p = page; 1482 frags[i].page_offset = 0; 1483 skb_frag_size_set(&frags[i], len); 1484 } 1485 1486 /* Copied all the bits from the frag list -- free it. */ 1487 skb_frag_list_init(skb); 1488 xenvif_skb_zerocopy_prepare(queue, nskb); 1489 kfree_skb(nskb); 1490 1491 /* Release all the original (foreign) frags. */ 1492 for (f = 0; f < skb_shinfo(skb)->nr_frags; f++) 1493 skb_frag_unref(skb, f); 1494 uarg = skb_shinfo(skb)->destructor_arg; 1495 /* increase inflight counter to offset decrement in callback */ 1496 atomic_inc(&queue->inflight_packets); 1497 uarg->callback(uarg, true); 1498 skb_shinfo(skb)->destructor_arg = NULL; 1499 1500 /* Fill the skb with the new (local) frags. */ 1501 memcpy(skb_shinfo(skb)->frags, frags, i * sizeof(skb_frag_t)); 1502 skb_shinfo(skb)->nr_frags = i; 1503 skb->truesize += i * PAGE_SIZE; 1504 1505 return 0; 1506 } 1507 1508 static int xenvif_tx_submit(struct xenvif_queue *queue) 1509 { 1510 struct gnttab_map_grant_ref *gop_map = queue->tx_map_ops; 1511 struct gnttab_copy *gop_copy = queue->tx_copy_ops; 1512 struct sk_buff *skb; 1513 int work_done = 0; 1514 1515 while ((skb = __skb_dequeue(&queue->tx_queue)) != NULL) { 1516 struct xen_netif_tx_request *txp; 1517 u16 pending_idx; 1518 unsigned data_len; 1519 1520 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 1521 txp = &queue->pending_tx_info[pending_idx].req; 1522 1523 /* Check the remap error code. */ 1524 if (unlikely(xenvif_tx_check_gop(queue, skb, &gop_map, &gop_copy))) { 1525 /* If there was an error, xenvif_tx_check_gop is 1526 * expected to release all the frags which were mapped, 1527 * so kfree_skb shouldn't do it again 1528 */ 1529 skb_shinfo(skb)->nr_frags = 0; 1530 if (skb_has_frag_list(skb)) { 1531 struct sk_buff *nskb = 1532 skb_shinfo(skb)->frag_list; 1533 skb_shinfo(nskb)->nr_frags = 0; 1534 } 1535 kfree_skb(skb); 1536 continue; 1537 } 1538 1539 data_len = skb->len; 1540 callback_param(queue, pending_idx).ctx = NULL; 1541 if (data_len < txp->size) { 1542 /* Append the packet payload as a fragment. */ 1543 txp->offset += data_len; 1544 txp->size -= data_len; 1545 } else { 1546 /* Schedule a response immediately. */ 1547 xenvif_idx_release(queue, pending_idx, 1548 XEN_NETIF_RSP_OKAY); 1549 } 1550 1551 if (txp->flags & XEN_NETTXF_csum_blank) 1552 skb->ip_summed = CHECKSUM_PARTIAL; 1553 else if (txp->flags & XEN_NETTXF_data_validated) 1554 skb->ip_summed = CHECKSUM_UNNECESSARY; 1555 1556 xenvif_fill_frags(queue, skb); 1557 1558 if (unlikely(skb_has_frag_list(skb))) { 1559 if (xenvif_handle_frag_list(queue, skb)) { 1560 if (net_ratelimit()) 1561 netdev_err(queue->vif->dev, 1562 "Not enough memory to consolidate frag_list!\n"); 1563 xenvif_skb_zerocopy_prepare(queue, skb); 1564 kfree_skb(skb); 1565 continue; 1566 } 1567 } 1568 1569 skb->dev = queue->vif->dev; 1570 skb->protocol = eth_type_trans(skb, skb->dev); 1571 skb_reset_network_header(skb); 1572 1573 if (checksum_setup(queue, skb)) { 1574 netdev_dbg(queue->vif->dev, 1575 "Can't setup checksum in net_tx_action\n"); 1576 /* We have to set this flag to trigger the callback */ 1577 if (skb_shinfo(skb)->destructor_arg) 1578 xenvif_skb_zerocopy_prepare(queue, skb); 1579 kfree_skb(skb); 1580 continue; 1581 } 1582 1583 skb_probe_transport_header(skb, 0); 1584 1585 /* If the packet is GSO then we will have just set up the 1586 * transport header offset in checksum_setup so it's now 1587 * straightforward to calculate gso_segs. 1588 */ 1589 if (skb_is_gso(skb)) { 1590 int mss = skb_shinfo(skb)->gso_size; 1591 int hdrlen = skb_transport_header(skb) - 1592 skb_mac_header(skb) + 1593 tcp_hdrlen(skb); 1594 1595 skb_shinfo(skb)->gso_segs = 1596 DIV_ROUND_UP(skb->len - hdrlen, mss); 1597 } 1598 1599 queue->stats.rx_bytes += skb->len; 1600 queue->stats.rx_packets++; 1601 1602 work_done++; 1603 1604 /* Set this flag right before netif_receive_skb, otherwise 1605 * someone might think this packet already left netback, and 1606 * do a skb_copy_ubufs while we are still in control of the 1607 * skb. E.g. the __pskb_pull_tail earlier can do such thing. 1608 */ 1609 if (skb_shinfo(skb)->destructor_arg) { 1610 xenvif_skb_zerocopy_prepare(queue, skb); 1611 queue->stats.tx_zerocopy_sent++; 1612 } 1613 1614 netif_receive_skb(skb); 1615 } 1616 1617 return work_done; 1618 } 1619 1620 void xenvif_zerocopy_callback(struct ubuf_info *ubuf, bool zerocopy_success) 1621 { 1622 unsigned long flags; 1623 pending_ring_idx_t index; 1624 struct xenvif_queue *queue = ubuf_to_queue(ubuf); 1625 1626 /* This is the only place where we grab this lock, to protect callbacks 1627 * from each other. 1628 */ 1629 spin_lock_irqsave(&queue->callback_lock, flags); 1630 do { 1631 u16 pending_idx = ubuf->desc; 1632 ubuf = (struct ubuf_info *) ubuf->ctx; 1633 BUG_ON(queue->dealloc_prod - queue->dealloc_cons >= 1634 MAX_PENDING_REQS); 1635 index = pending_index(queue->dealloc_prod); 1636 queue->dealloc_ring[index] = pending_idx; 1637 /* Sync with xenvif_tx_dealloc_action: 1638 * insert idx then incr producer. 1639 */ 1640 smp_wmb(); 1641 queue->dealloc_prod++; 1642 } while (ubuf); 1643 spin_unlock_irqrestore(&queue->callback_lock, flags); 1644 1645 if (likely(zerocopy_success)) 1646 queue->stats.tx_zerocopy_success++; 1647 else 1648 queue->stats.tx_zerocopy_fail++; 1649 xenvif_skb_zerocopy_complete(queue); 1650 } 1651 1652 static inline void xenvif_tx_dealloc_action(struct xenvif_queue *queue) 1653 { 1654 struct gnttab_unmap_grant_ref *gop; 1655 pending_ring_idx_t dc, dp; 1656 u16 pending_idx, pending_idx_release[MAX_PENDING_REQS]; 1657 unsigned int i = 0; 1658 1659 dc = queue->dealloc_cons; 1660 gop = queue->tx_unmap_ops; 1661 1662 /* Free up any grants we have finished using */ 1663 do { 1664 dp = queue->dealloc_prod; 1665 1666 /* Ensure we see all indices enqueued by all 1667 * xenvif_zerocopy_callback(). 1668 */ 1669 smp_rmb(); 1670 1671 while (dc != dp) { 1672 BUG_ON(gop - queue->tx_unmap_ops >= MAX_PENDING_REQS); 1673 pending_idx = 1674 queue->dealloc_ring[pending_index(dc++)]; 1675 1676 pending_idx_release[gop - queue->tx_unmap_ops] = 1677 pending_idx; 1678 queue->pages_to_unmap[gop - queue->tx_unmap_ops] = 1679 queue->mmap_pages[pending_idx]; 1680 gnttab_set_unmap_op(gop, 1681 idx_to_kaddr(queue, pending_idx), 1682 GNTMAP_host_map, 1683 queue->grant_tx_handle[pending_idx]); 1684 xenvif_grant_handle_reset(queue, pending_idx); 1685 ++gop; 1686 } 1687 1688 } while (dp != queue->dealloc_prod); 1689 1690 queue->dealloc_cons = dc; 1691 1692 if (gop - queue->tx_unmap_ops > 0) { 1693 int ret; 1694 ret = gnttab_unmap_refs(queue->tx_unmap_ops, 1695 NULL, 1696 queue->pages_to_unmap, 1697 gop - queue->tx_unmap_ops); 1698 if (ret) { 1699 netdev_err(queue->vif->dev, "Unmap fail: nr_ops %tu ret %d\n", 1700 gop - queue->tx_unmap_ops, ret); 1701 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) { 1702 if (gop[i].status != GNTST_okay) 1703 netdev_err(queue->vif->dev, 1704 " host_addr: 0x%llx handle: 0x%x status: %d\n", 1705 gop[i].host_addr, 1706 gop[i].handle, 1707 gop[i].status); 1708 } 1709 BUG(); 1710 } 1711 } 1712 1713 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) 1714 xenvif_idx_release(queue, pending_idx_release[i], 1715 XEN_NETIF_RSP_OKAY); 1716 } 1717 1718 1719 /* Called after netfront has transmitted */ 1720 int xenvif_tx_action(struct xenvif_queue *queue, int budget) 1721 { 1722 unsigned nr_mops, nr_cops = 0; 1723 int work_done, ret; 1724 1725 if (unlikely(!tx_work_todo(queue))) 1726 return 0; 1727 1728 xenvif_tx_build_gops(queue, budget, &nr_cops, &nr_mops); 1729 1730 if (nr_cops == 0) 1731 return 0; 1732 1733 gnttab_batch_copy(queue->tx_copy_ops, nr_cops); 1734 if (nr_mops != 0) { 1735 ret = gnttab_map_refs(queue->tx_map_ops, 1736 NULL, 1737 queue->pages_to_map, 1738 nr_mops); 1739 BUG_ON(ret); 1740 } 1741 1742 work_done = xenvif_tx_submit(queue); 1743 1744 return work_done; 1745 } 1746 1747 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 1748 u8 status) 1749 { 1750 struct pending_tx_info *pending_tx_info; 1751 pending_ring_idx_t index; 1752 unsigned long flags; 1753 1754 pending_tx_info = &queue->pending_tx_info[pending_idx]; 1755 1756 spin_lock_irqsave(&queue->response_lock, flags); 1757 1758 make_tx_response(queue, &pending_tx_info->req, status); 1759 1760 /* Release the pending index before pusing the Tx response so 1761 * its available before a new Tx request is pushed by the 1762 * frontend. 1763 */ 1764 index = pending_index(queue->pending_prod++); 1765 queue->pending_ring[index] = pending_idx; 1766 1767 push_tx_responses(queue); 1768 1769 spin_unlock_irqrestore(&queue->response_lock, flags); 1770 } 1771 1772 1773 static void make_tx_response(struct xenvif_queue *queue, 1774 struct xen_netif_tx_request *txp, 1775 s8 st) 1776 { 1777 RING_IDX i = queue->tx.rsp_prod_pvt; 1778 struct xen_netif_tx_response *resp; 1779 1780 resp = RING_GET_RESPONSE(&queue->tx, i); 1781 resp->id = txp->id; 1782 resp->status = st; 1783 1784 if (txp->flags & XEN_NETTXF_extra_info) 1785 RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL; 1786 1787 queue->tx.rsp_prod_pvt = ++i; 1788 } 1789 1790 static void push_tx_responses(struct xenvif_queue *queue) 1791 { 1792 int notify; 1793 1794 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify); 1795 if (notify) 1796 notify_remote_via_irq(queue->tx_irq); 1797 } 1798 1799 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 1800 u16 id, 1801 s8 st, 1802 u16 offset, 1803 u16 size, 1804 u16 flags) 1805 { 1806 RING_IDX i = queue->rx.rsp_prod_pvt; 1807 struct xen_netif_rx_response *resp; 1808 1809 resp = RING_GET_RESPONSE(&queue->rx, i); 1810 resp->offset = offset; 1811 resp->flags = flags; 1812 resp->id = id; 1813 resp->status = (s16)size; 1814 if (st < 0) 1815 resp->status = (s16)st; 1816 1817 queue->rx.rsp_prod_pvt = ++i; 1818 1819 return resp; 1820 } 1821 1822 void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx) 1823 { 1824 int ret; 1825 struct gnttab_unmap_grant_ref tx_unmap_op; 1826 1827 gnttab_set_unmap_op(&tx_unmap_op, 1828 idx_to_kaddr(queue, pending_idx), 1829 GNTMAP_host_map, 1830 queue->grant_tx_handle[pending_idx]); 1831 xenvif_grant_handle_reset(queue, pending_idx); 1832 1833 ret = gnttab_unmap_refs(&tx_unmap_op, NULL, 1834 &queue->mmap_pages[pending_idx], 1); 1835 if (ret) { 1836 netdev_err(queue->vif->dev, 1837 "Unmap fail: ret: %d pending_idx: %d host_addr: %llx handle: 0x%x status: %d\n", 1838 ret, 1839 pending_idx, 1840 tx_unmap_op.host_addr, 1841 tx_unmap_op.handle, 1842 tx_unmap_op.status); 1843 BUG(); 1844 } 1845 } 1846 1847 static inline int tx_work_todo(struct xenvif_queue *queue) 1848 { 1849 if (likely(RING_HAS_UNCONSUMED_REQUESTS(&queue->tx))) 1850 return 1; 1851 1852 return 0; 1853 } 1854 1855 static inline bool tx_dealloc_work_todo(struct xenvif_queue *queue) 1856 { 1857 return queue->dealloc_cons != queue->dealloc_prod; 1858 } 1859 1860 void xenvif_unmap_frontend_rings(struct xenvif_queue *queue) 1861 { 1862 if (queue->tx.sring) 1863 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1864 queue->tx.sring); 1865 if (queue->rx.sring) 1866 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1867 queue->rx.sring); 1868 } 1869 1870 int xenvif_map_frontend_rings(struct xenvif_queue *queue, 1871 grant_ref_t tx_ring_ref, 1872 grant_ref_t rx_ring_ref) 1873 { 1874 void *addr; 1875 struct xen_netif_tx_sring *txs; 1876 struct xen_netif_rx_sring *rxs; 1877 1878 int err = -ENOMEM; 1879 1880 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1881 &tx_ring_ref, 1, &addr); 1882 if (err) 1883 goto err; 1884 1885 txs = (struct xen_netif_tx_sring *)addr; 1886 BACK_RING_INIT(&queue->tx, txs, PAGE_SIZE); 1887 1888 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1889 &rx_ring_ref, 1, &addr); 1890 if (err) 1891 goto err; 1892 1893 rxs = (struct xen_netif_rx_sring *)addr; 1894 BACK_RING_INIT(&queue->rx, rxs, PAGE_SIZE); 1895 1896 return 0; 1897 1898 err: 1899 xenvif_unmap_frontend_rings(queue); 1900 return err; 1901 } 1902 1903 static void xenvif_queue_carrier_off(struct xenvif_queue *queue) 1904 { 1905 struct xenvif *vif = queue->vif; 1906 1907 queue->stalled = true; 1908 1909 /* At least one queue has stalled? Disable the carrier. */ 1910 spin_lock(&vif->lock); 1911 if (vif->stalled_queues++ == 0) { 1912 netdev_info(vif->dev, "Guest Rx stalled"); 1913 netif_carrier_off(vif->dev); 1914 } 1915 spin_unlock(&vif->lock); 1916 } 1917 1918 static void xenvif_queue_carrier_on(struct xenvif_queue *queue) 1919 { 1920 struct xenvif *vif = queue->vif; 1921 1922 queue->last_rx_time = jiffies; /* Reset Rx stall detection. */ 1923 queue->stalled = false; 1924 1925 /* All queues are ready? Enable the carrier. */ 1926 spin_lock(&vif->lock); 1927 if (--vif->stalled_queues == 0) { 1928 netdev_info(vif->dev, "Guest Rx ready"); 1929 netif_carrier_on(vif->dev); 1930 } 1931 spin_unlock(&vif->lock); 1932 } 1933 1934 static bool xenvif_rx_queue_stalled(struct xenvif_queue *queue) 1935 { 1936 RING_IDX prod, cons; 1937 1938 prod = queue->rx.sring->req_prod; 1939 cons = queue->rx.req_cons; 1940 1941 return !queue->stalled 1942 && prod - cons < XEN_NETBK_RX_SLOTS_MAX 1943 && time_after(jiffies, 1944 queue->last_rx_time + queue->vif->stall_timeout); 1945 } 1946 1947 static bool xenvif_rx_queue_ready(struct xenvif_queue *queue) 1948 { 1949 RING_IDX prod, cons; 1950 1951 prod = queue->rx.sring->req_prod; 1952 cons = queue->rx.req_cons; 1953 1954 return queue->stalled 1955 && prod - cons >= XEN_NETBK_RX_SLOTS_MAX; 1956 } 1957 1958 static bool xenvif_have_rx_work(struct xenvif_queue *queue) 1959 { 1960 return (!skb_queue_empty(&queue->rx_queue) 1961 && xenvif_rx_ring_slots_available(queue, XEN_NETBK_RX_SLOTS_MAX)) 1962 || (queue->vif->stall_timeout && 1963 (xenvif_rx_queue_stalled(queue) 1964 || xenvif_rx_queue_ready(queue))) 1965 || kthread_should_stop() 1966 || queue->vif->disabled; 1967 } 1968 1969 static long xenvif_rx_queue_timeout(struct xenvif_queue *queue) 1970 { 1971 struct sk_buff *skb; 1972 long timeout; 1973 1974 skb = skb_peek(&queue->rx_queue); 1975 if (!skb) 1976 return MAX_SCHEDULE_TIMEOUT; 1977 1978 timeout = XENVIF_RX_CB(skb)->expires - jiffies; 1979 return timeout < 0 ? 0 : timeout; 1980 } 1981 1982 /* Wait until the guest Rx thread has work. 1983 * 1984 * The timeout needs to be adjusted based on the current head of the 1985 * queue (and not just the head at the beginning). In particular, if 1986 * the queue is initially empty an infinite timeout is used and this 1987 * needs to be reduced when a skb is queued. 1988 * 1989 * This cannot be done with wait_event_timeout() because it only 1990 * calculates the timeout once. 1991 */ 1992 static void xenvif_wait_for_rx_work(struct xenvif_queue *queue) 1993 { 1994 DEFINE_WAIT(wait); 1995 1996 if (xenvif_have_rx_work(queue)) 1997 return; 1998 1999 for (;;) { 2000 long ret; 2001 2002 prepare_to_wait(&queue->wq, &wait, TASK_INTERRUPTIBLE); 2003 if (xenvif_have_rx_work(queue)) 2004 break; 2005 ret = schedule_timeout(xenvif_rx_queue_timeout(queue)); 2006 if (!ret) 2007 break; 2008 } 2009 finish_wait(&queue->wq, &wait); 2010 } 2011 2012 int xenvif_kthread_guest_rx(void *data) 2013 { 2014 struct xenvif_queue *queue = data; 2015 struct xenvif *vif = queue->vif; 2016 2017 if (!vif->stall_timeout) 2018 xenvif_queue_carrier_on(queue); 2019 2020 for (;;) { 2021 xenvif_wait_for_rx_work(queue); 2022 2023 if (kthread_should_stop()) 2024 break; 2025 2026 /* This frontend is found to be rogue, disable it in 2027 * kthread context. Currently this is only set when 2028 * netback finds out frontend sends malformed packet, 2029 * but we cannot disable the interface in softirq 2030 * context so we defer it here, if this thread is 2031 * associated with queue 0. 2032 */ 2033 if (unlikely(vif->disabled && queue->id == 0)) { 2034 xenvif_carrier_off(vif); 2035 break; 2036 } 2037 2038 if (!skb_queue_empty(&queue->rx_queue)) 2039 xenvif_rx_action(queue); 2040 2041 /* If the guest hasn't provided any Rx slots for a 2042 * while it's probably not responsive, drop the 2043 * carrier so packets are dropped earlier. 2044 */ 2045 if (vif->stall_timeout) { 2046 if (xenvif_rx_queue_stalled(queue)) 2047 xenvif_queue_carrier_off(queue); 2048 else if (xenvif_rx_queue_ready(queue)) 2049 xenvif_queue_carrier_on(queue); 2050 } 2051 2052 /* Queued packets may have foreign pages from other 2053 * domains. These cannot be queued indefinitely as 2054 * this would starve guests of grant refs and transmit 2055 * slots. 2056 */ 2057 xenvif_rx_queue_drop_expired(queue); 2058 2059 xenvif_rx_queue_maybe_wake(queue); 2060 2061 cond_resched(); 2062 } 2063 2064 /* Bin any remaining skbs */ 2065 xenvif_rx_queue_purge(queue); 2066 2067 return 0; 2068 } 2069 2070 static bool xenvif_dealloc_kthread_should_stop(struct xenvif_queue *queue) 2071 { 2072 /* Dealloc thread must remain running until all inflight 2073 * packets complete. 2074 */ 2075 return kthread_should_stop() && 2076 !atomic_read(&queue->inflight_packets); 2077 } 2078 2079 int xenvif_dealloc_kthread(void *data) 2080 { 2081 struct xenvif_queue *queue = data; 2082 2083 for (;;) { 2084 wait_event_interruptible(queue->dealloc_wq, 2085 tx_dealloc_work_todo(queue) || 2086 xenvif_dealloc_kthread_should_stop(queue)); 2087 if (xenvif_dealloc_kthread_should_stop(queue)) 2088 break; 2089 2090 xenvif_tx_dealloc_action(queue); 2091 cond_resched(); 2092 } 2093 2094 /* Unmap anything remaining*/ 2095 if (tx_dealloc_work_todo(queue)) 2096 xenvif_tx_dealloc_action(queue); 2097 2098 return 0; 2099 } 2100 2101 static int __init netback_init(void) 2102 { 2103 int rc = 0; 2104 2105 if (!xen_domain()) 2106 return -ENODEV; 2107 2108 /* Allow as many queues as there are CPUs, by default */ 2109 xenvif_max_queues = num_online_cpus(); 2110 2111 if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { 2112 pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", 2113 fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX); 2114 fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX; 2115 } 2116 2117 rc = xenvif_xenbus_init(); 2118 if (rc) 2119 goto failed_init; 2120 2121 #ifdef CONFIG_DEBUG_FS 2122 xen_netback_dbg_root = debugfs_create_dir("xen-netback", NULL); 2123 if (IS_ERR_OR_NULL(xen_netback_dbg_root)) 2124 pr_warn("Init of debugfs returned %ld!\n", 2125 PTR_ERR(xen_netback_dbg_root)); 2126 #endif /* CONFIG_DEBUG_FS */ 2127 2128 return 0; 2129 2130 failed_init: 2131 return rc; 2132 } 2133 2134 module_init(netback_init); 2135 2136 static void __exit netback_fini(void) 2137 { 2138 #ifdef CONFIG_DEBUG_FS 2139 if (!IS_ERR_OR_NULL(xen_netback_dbg_root)) 2140 debugfs_remove_recursive(xen_netback_dbg_root); 2141 #endif /* CONFIG_DEBUG_FS */ 2142 xenvif_xenbus_fini(); 2143 } 2144 module_exit(netback_fini); 2145 2146 MODULE_LICENSE("Dual BSD/GPL"); 2147 MODULE_ALIAS("xen-backend:vif"); 2148