1 /* 2 * Back-end of the driver for virtual network devices. This portion of the 3 * driver exports a 'unified' network-device interface that can be accessed 4 * by any operating system that implements a compatible front end. A 5 * reference front-end implementation can be found in: 6 * drivers/net/xen-netfront.c 7 * 8 * Copyright (c) 2002-2005, K A Fraser 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation; or, when distributed 13 * separately from the Linux kernel or incorporated into other 14 * software packages, subject to the following license: 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a copy 17 * of this source file (the "Software"), to deal in the Software without 18 * restriction, including without limitation the rights to use, copy, modify, 19 * merge, publish, distribute, sublicense, and/or sell copies of the Software, 20 * and to permit persons to whom the Software is furnished to do so, subject to 21 * the following conditions: 22 * 23 * The above copyright notice and this permission notice shall be included in 24 * all copies or substantial portions of the Software. 25 * 26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 31 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 32 * IN THE SOFTWARE. 33 */ 34 35 #include "common.h" 36 37 #include <linux/kthread.h> 38 #include <linux/if_vlan.h> 39 #include <linux/udp.h> 40 #include <linux/highmem.h> 41 42 #include <net/tcp.h> 43 44 #include <xen/xen.h> 45 #include <xen/events.h> 46 #include <xen/interface/memory.h> 47 #include <xen/page.h> 48 49 #include <asm/xen/hypercall.h> 50 51 /* Provide an option to disable split event channels at load time as 52 * event channels are limited resource. Split event channels are 53 * enabled by default. 54 */ 55 bool separate_tx_rx_irq = true; 56 module_param(separate_tx_rx_irq, bool, 0644); 57 58 /* The time that packets can stay on the guest Rx internal queue 59 * before they are dropped. 60 */ 61 unsigned int rx_drain_timeout_msecs = 10000; 62 module_param(rx_drain_timeout_msecs, uint, 0444); 63 64 /* The length of time before the frontend is considered unresponsive 65 * because it isn't providing Rx slots. 66 */ 67 unsigned int rx_stall_timeout_msecs = 60000; 68 module_param(rx_stall_timeout_msecs, uint, 0444); 69 70 unsigned int xenvif_max_queues; 71 module_param_named(max_queues, xenvif_max_queues, uint, 0644); 72 MODULE_PARM_DESC(max_queues, 73 "Maximum number of queues per virtual interface"); 74 75 /* 76 * This is the maximum slots a skb can have. If a guest sends a skb 77 * which exceeds this limit it is considered malicious. 78 */ 79 #define FATAL_SKB_SLOTS_DEFAULT 20 80 static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT; 81 module_param(fatal_skb_slots, uint, 0444); 82 83 /* The amount to copy out of the first guest Tx slot into the skb's 84 * linear area. If the first slot has more data, it will be mapped 85 * and put into the first frag. 86 * 87 * This is sized to avoid pulling headers from the frags for most 88 * TCP/IP packets. 89 */ 90 #define XEN_NETBACK_TX_COPY_LEN 128 91 92 93 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 94 u8 status); 95 96 static void make_tx_response(struct xenvif_queue *queue, 97 struct xen_netif_tx_request *txp, 98 s8 st); 99 static void push_tx_responses(struct xenvif_queue *queue); 100 101 static inline int tx_work_todo(struct xenvif_queue *queue); 102 103 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 104 u16 id, 105 s8 st, 106 u16 offset, 107 u16 size, 108 u16 flags); 109 110 static inline unsigned long idx_to_pfn(struct xenvif_queue *queue, 111 u16 idx) 112 { 113 return page_to_pfn(queue->mmap_pages[idx]); 114 } 115 116 static inline unsigned long idx_to_kaddr(struct xenvif_queue *queue, 117 u16 idx) 118 { 119 return (unsigned long)pfn_to_kaddr(idx_to_pfn(queue, idx)); 120 } 121 122 #define callback_param(vif, pending_idx) \ 123 (vif->pending_tx_info[pending_idx].callback_struct) 124 125 /* Find the containing VIF's structure from a pointer in pending_tx_info array 126 */ 127 static inline struct xenvif_queue *ubuf_to_queue(const struct ubuf_info *ubuf) 128 { 129 u16 pending_idx = ubuf->desc; 130 struct pending_tx_info *temp = 131 container_of(ubuf, struct pending_tx_info, callback_struct); 132 return container_of(temp - pending_idx, 133 struct xenvif_queue, 134 pending_tx_info[0]); 135 } 136 137 static u16 frag_get_pending_idx(skb_frag_t *frag) 138 { 139 return (u16)frag->page_offset; 140 } 141 142 static void frag_set_pending_idx(skb_frag_t *frag, u16 pending_idx) 143 { 144 frag->page_offset = pending_idx; 145 } 146 147 static inline pending_ring_idx_t pending_index(unsigned i) 148 { 149 return i & (MAX_PENDING_REQS-1); 150 } 151 152 static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue) 153 { 154 RING_IDX prod, cons; 155 struct sk_buff *skb; 156 int needed; 157 158 skb = skb_peek(&queue->rx_queue); 159 if (!skb) 160 return false; 161 162 needed = DIV_ROUND_UP(skb->len, XEN_PAGE_SIZE); 163 if (skb_is_gso(skb)) 164 needed++; 165 166 do { 167 prod = queue->rx.sring->req_prod; 168 cons = queue->rx.req_cons; 169 170 if (prod - cons >= needed) 171 return true; 172 173 queue->rx.sring->req_event = prod + 1; 174 175 /* Make sure event is visible before we check prod 176 * again. 177 */ 178 mb(); 179 } while (queue->rx.sring->req_prod != prod); 180 181 return false; 182 } 183 184 void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) 185 { 186 unsigned long flags; 187 188 spin_lock_irqsave(&queue->rx_queue.lock, flags); 189 190 __skb_queue_tail(&queue->rx_queue, skb); 191 192 queue->rx_queue_len += skb->len; 193 if (queue->rx_queue_len > queue->rx_queue_max) 194 netif_tx_stop_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 195 196 spin_unlock_irqrestore(&queue->rx_queue.lock, flags); 197 } 198 199 static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue) 200 { 201 struct sk_buff *skb; 202 203 spin_lock_irq(&queue->rx_queue.lock); 204 205 skb = __skb_dequeue(&queue->rx_queue); 206 if (skb) 207 queue->rx_queue_len -= skb->len; 208 209 spin_unlock_irq(&queue->rx_queue.lock); 210 211 return skb; 212 } 213 214 static void xenvif_rx_queue_maybe_wake(struct xenvif_queue *queue) 215 { 216 spin_lock_irq(&queue->rx_queue.lock); 217 218 if (queue->rx_queue_len < queue->rx_queue_max) 219 netif_tx_wake_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 220 221 spin_unlock_irq(&queue->rx_queue.lock); 222 } 223 224 225 static void xenvif_rx_queue_purge(struct xenvif_queue *queue) 226 { 227 struct sk_buff *skb; 228 while ((skb = xenvif_rx_dequeue(queue)) != NULL) 229 kfree_skb(skb); 230 } 231 232 static void xenvif_rx_queue_drop_expired(struct xenvif_queue *queue) 233 { 234 struct sk_buff *skb; 235 236 for(;;) { 237 skb = skb_peek(&queue->rx_queue); 238 if (!skb) 239 break; 240 if (time_before(jiffies, XENVIF_RX_CB(skb)->expires)) 241 break; 242 xenvif_rx_dequeue(queue); 243 kfree_skb(skb); 244 } 245 } 246 247 struct netrx_pending_operations { 248 unsigned copy_prod, copy_cons; 249 unsigned meta_prod, meta_cons; 250 struct gnttab_copy *copy; 251 struct xenvif_rx_meta *meta; 252 int copy_off; 253 grant_ref_t copy_gref; 254 }; 255 256 static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue, 257 struct netrx_pending_operations *npo) 258 { 259 struct xenvif_rx_meta *meta; 260 struct xen_netif_rx_request req; 261 262 RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req); 263 264 meta = npo->meta + npo->meta_prod++; 265 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 266 meta->gso_size = 0; 267 meta->size = 0; 268 meta->id = req.id; 269 270 npo->copy_off = 0; 271 npo->copy_gref = req.gref; 272 273 return meta; 274 } 275 276 struct gop_frag_copy { 277 struct xenvif_queue *queue; 278 struct netrx_pending_operations *npo; 279 struct xenvif_rx_meta *meta; 280 int head; 281 int gso_type; 282 283 struct page *page; 284 }; 285 286 static void xenvif_setup_copy_gop(unsigned long gfn, 287 unsigned int offset, 288 unsigned int *len, 289 struct gop_frag_copy *info) 290 { 291 struct gnttab_copy *copy_gop; 292 struct xen_page_foreign *foreign; 293 /* Convenient aliases */ 294 struct xenvif_queue *queue = info->queue; 295 struct netrx_pending_operations *npo = info->npo; 296 struct page *page = info->page; 297 298 BUG_ON(npo->copy_off > MAX_BUFFER_OFFSET); 299 300 if (npo->copy_off == MAX_BUFFER_OFFSET) 301 info->meta = get_next_rx_buffer(queue, npo); 302 303 if (npo->copy_off + *len > MAX_BUFFER_OFFSET) 304 *len = MAX_BUFFER_OFFSET - npo->copy_off; 305 306 copy_gop = npo->copy + npo->copy_prod++; 307 copy_gop->flags = GNTCOPY_dest_gref; 308 copy_gop->len = *len; 309 310 foreign = xen_page_foreign(page); 311 if (foreign) { 312 copy_gop->source.domid = foreign->domid; 313 copy_gop->source.u.ref = foreign->gref; 314 copy_gop->flags |= GNTCOPY_source_gref; 315 } else { 316 copy_gop->source.domid = DOMID_SELF; 317 copy_gop->source.u.gmfn = gfn; 318 } 319 copy_gop->source.offset = offset; 320 321 copy_gop->dest.domid = queue->vif->domid; 322 copy_gop->dest.offset = npo->copy_off; 323 copy_gop->dest.u.ref = npo->copy_gref; 324 325 npo->copy_off += *len; 326 info->meta->size += *len; 327 328 /* Leave a gap for the GSO descriptor. */ 329 if (info->head && ((1 << info->gso_type) & queue->vif->gso_mask)) 330 queue->rx.req_cons++; 331 332 info->head = 0; /* There must be something in this buffer now */ 333 } 334 335 static void xenvif_gop_frag_copy_grant(unsigned long gfn, 336 unsigned offset, 337 unsigned int len, 338 void *data) 339 { 340 unsigned int bytes; 341 342 while (len) { 343 bytes = len; 344 xenvif_setup_copy_gop(gfn, offset, &bytes, data); 345 offset += bytes; 346 len -= bytes; 347 } 348 } 349 350 /* 351 * Set up the grant operations for this fragment. If it's a flipping 352 * interface, we also set up the unmap request from here. 353 */ 354 static void xenvif_gop_frag_copy(struct xenvif_queue *queue, struct sk_buff *skb, 355 struct netrx_pending_operations *npo, 356 struct page *page, unsigned long size, 357 unsigned long offset, int *head) 358 { 359 struct gop_frag_copy info = { 360 .queue = queue, 361 .npo = npo, 362 .head = *head, 363 .gso_type = XEN_NETIF_GSO_TYPE_NONE, 364 }; 365 unsigned long bytes; 366 367 if (skb_is_gso(skb)) { 368 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 369 info.gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 370 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 371 info.gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 372 } 373 374 /* Data must not cross a page boundary. */ 375 BUG_ON(size + offset > PAGE_SIZE<<compound_order(page)); 376 377 info.meta = npo->meta + npo->meta_prod - 1; 378 379 /* Skip unused frames from start of page */ 380 page += offset >> PAGE_SHIFT; 381 offset &= ~PAGE_MASK; 382 383 while (size > 0) { 384 BUG_ON(offset >= PAGE_SIZE); 385 386 bytes = PAGE_SIZE - offset; 387 if (bytes > size) 388 bytes = size; 389 390 info.page = page; 391 gnttab_foreach_grant_in_range(page, offset, bytes, 392 xenvif_gop_frag_copy_grant, 393 &info); 394 size -= bytes; 395 offset = 0; 396 397 /* Next page */ 398 if (size) { 399 BUG_ON(!PageCompound(page)); 400 page++; 401 } 402 } 403 404 *head = info.head; 405 } 406 407 /* 408 * Prepare an SKB to be transmitted to the frontend. 409 * 410 * This function is responsible for allocating grant operations, meta 411 * structures, etc. 412 * 413 * It returns the number of meta structures consumed. The number of 414 * ring slots used is always equal to the number of meta slots used 415 * plus the number of GSO descriptors used. Currently, we use either 416 * zero GSO descriptors (for non-GSO packets) or one descriptor (for 417 * frontend-side LRO). 418 */ 419 static int xenvif_gop_skb(struct sk_buff *skb, 420 struct netrx_pending_operations *npo, 421 struct xenvif_queue *queue) 422 { 423 struct xenvif *vif = netdev_priv(skb->dev); 424 int nr_frags = skb_shinfo(skb)->nr_frags; 425 int i; 426 struct xen_netif_rx_request req; 427 struct xenvif_rx_meta *meta; 428 unsigned char *data; 429 int head = 1; 430 int old_meta_prod; 431 int gso_type; 432 433 old_meta_prod = npo->meta_prod; 434 435 gso_type = XEN_NETIF_GSO_TYPE_NONE; 436 if (skb_is_gso(skb)) { 437 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 438 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 439 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 440 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 441 } 442 443 /* Set up a GSO prefix descriptor, if necessary */ 444 if ((1 << gso_type) & vif->gso_prefix_mask) { 445 RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req); 446 meta = npo->meta + npo->meta_prod++; 447 meta->gso_type = gso_type; 448 meta->gso_size = skb_shinfo(skb)->gso_size; 449 meta->size = 0; 450 meta->id = req.id; 451 } 452 453 RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req); 454 meta = npo->meta + npo->meta_prod++; 455 456 if ((1 << gso_type) & vif->gso_mask) { 457 meta->gso_type = gso_type; 458 meta->gso_size = skb_shinfo(skb)->gso_size; 459 } else { 460 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 461 meta->gso_size = 0; 462 } 463 464 meta->size = 0; 465 meta->id = req.id; 466 npo->copy_off = 0; 467 npo->copy_gref = req.gref; 468 469 data = skb->data; 470 while (data < skb_tail_pointer(skb)) { 471 unsigned int offset = offset_in_page(data); 472 unsigned int len = PAGE_SIZE - offset; 473 474 if (data + len > skb_tail_pointer(skb)) 475 len = skb_tail_pointer(skb) - data; 476 477 xenvif_gop_frag_copy(queue, skb, npo, 478 virt_to_page(data), len, offset, &head); 479 data += len; 480 } 481 482 for (i = 0; i < nr_frags; i++) { 483 xenvif_gop_frag_copy(queue, skb, npo, 484 skb_frag_page(&skb_shinfo(skb)->frags[i]), 485 skb_frag_size(&skb_shinfo(skb)->frags[i]), 486 skb_shinfo(skb)->frags[i].page_offset, 487 &head); 488 } 489 490 return npo->meta_prod - old_meta_prod; 491 } 492 493 /* 494 * This is a twin to xenvif_gop_skb. Assume that xenvif_gop_skb was 495 * used to set up the operations on the top of 496 * netrx_pending_operations, which have since been done. Check that 497 * they didn't give any errors and advance over them. 498 */ 499 static int xenvif_check_gop(struct xenvif *vif, int nr_meta_slots, 500 struct netrx_pending_operations *npo) 501 { 502 struct gnttab_copy *copy_op; 503 int status = XEN_NETIF_RSP_OKAY; 504 int i; 505 506 for (i = 0; i < nr_meta_slots; i++) { 507 copy_op = npo->copy + npo->copy_cons++; 508 if (copy_op->status != GNTST_okay) { 509 netdev_dbg(vif->dev, 510 "Bad status %d from copy to DOM%d.\n", 511 copy_op->status, vif->domid); 512 status = XEN_NETIF_RSP_ERROR; 513 } 514 } 515 516 return status; 517 } 518 519 static void xenvif_add_frag_responses(struct xenvif_queue *queue, int status, 520 struct xenvif_rx_meta *meta, 521 int nr_meta_slots) 522 { 523 int i; 524 unsigned long offset; 525 526 /* No fragments used */ 527 if (nr_meta_slots <= 1) 528 return; 529 530 nr_meta_slots--; 531 532 for (i = 0; i < nr_meta_slots; i++) { 533 int flags; 534 if (i == nr_meta_slots - 1) 535 flags = 0; 536 else 537 flags = XEN_NETRXF_more_data; 538 539 offset = 0; 540 make_rx_response(queue, meta[i].id, status, offset, 541 meta[i].size, flags); 542 } 543 } 544 545 void xenvif_kick_thread(struct xenvif_queue *queue) 546 { 547 wake_up(&queue->wq); 548 } 549 550 static void xenvif_rx_action(struct xenvif_queue *queue) 551 { 552 s8 status; 553 u16 flags; 554 struct xen_netif_rx_response *resp; 555 struct sk_buff_head rxq; 556 struct sk_buff *skb; 557 LIST_HEAD(notify); 558 int ret; 559 unsigned long offset; 560 bool need_to_notify = false; 561 562 struct netrx_pending_operations npo = { 563 .copy = queue->grant_copy_op, 564 .meta = queue->meta, 565 }; 566 567 skb_queue_head_init(&rxq); 568 569 while (xenvif_rx_ring_slots_available(queue) 570 && (skb = xenvif_rx_dequeue(queue)) != NULL) { 571 queue->last_rx_time = jiffies; 572 573 XENVIF_RX_CB(skb)->meta_slots_used = xenvif_gop_skb(skb, &npo, queue); 574 575 __skb_queue_tail(&rxq, skb); 576 } 577 578 BUG_ON(npo.meta_prod > ARRAY_SIZE(queue->meta)); 579 580 if (!npo.copy_prod) 581 goto done; 582 583 BUG_ON(npo.copy_prod > MAX_GRANT_COPY_OPS); 584 gnttab_batch_copy(queue->grant_copy_op, npo.copy_prod); 585 586 while ((skb = __skb_dequeue(&rxq)) != NULL) { 587 588 if ((1 << queue->meta[npo.meta_cons].gso_type) & 589 queue->vif->gso_prefix_mask) { 590 resp = RING_GET_RESPONSE(&queue->rx, 591 queue->rx.rsp_prod_pvt++); 592 593 resp->flags = XEN_NETRXF_gso_prefix | XEN_NETRXF_more_data; 594 595 resp->offset = queue->meta[npo.meta_cons].gso_size; 596 resp->id = queue->meta[npo.meta_cons].id; 597 resp->status = XENVIF_RX_CB(skb)->meta_slots_used; 598 599 npo.meta_cons++; 600 XENVIF_RX_CB(skb)->meta_slots_used--; 601 } 602 603 604 queue->stats.tx_bytes += skb->len; 605 queue->stats.tx_packets++; 606 607 status = xenvif_check_gop(queue->vif, 608 XENVIF_RX_CB(skb)->meta_slots_used, 609 &npo); 610 611 if (XENVIF_RX_CB(skb)->meta_slots_used == 1) 612 flags = 0; 613 else 614 flags = XEN_NETRXF_more_data; 615 616 if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */ 617 flags |= XEN_NETRXF_csum_blank | XEN_NETRXF_data_validated; 618 else if (skb->ip_summed == CHECKSUM_UNNECESSARY) 619 /* remote but checksummed. */ 620 flags |= XEN_NETRXF_data_validated; 621 622 offset = 0; 623 resp = make_rx_response(queue, queue->meta[npo.meta_cons].id, 624 status, offset, 625 queue->meta[npo.meta_cons].size, 626 flags); 627 628 if ((1 << queue->meta[npo.meta_cons].gso_type) & 629 queue->vif->gso_mask) { 630 struct xen_netif_extra_info *gso = 631 (struct xen_netif_extra_info *) 632 RING_GET_RESPONSE(&queue->rx, 633 queue->rx.rsp_prod_pvt++); 634 635 resp->flags |= XEN_NETRXF_extra_info; 636 637 gso->u.gso.type = queue->meta[npo.meta_cons].gso_type; 638 gso->u.gso.size = queue->meta[npo.meta_cons].gso_size; 639 gso->u.gso.pad = 0; 640 gso->u.gso.features = 0; 641 642 gso->type = XEN_NETIF_EXTRA_TYPE_GSO; 643 gso->flags = 0; 644 } 645 646 xenvif_add_frag_responses(queue, status, 647 queue->meta + npo.meta_cons + 1, 648 XENVIF_RX_CB(skb)->meta_slots_used); 649 650 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->rx, ret); 651 652 need_to_notify |= !!ret; 653 654 npo.meta_cons += XENVIF_RX_CB(skb)->meta_slots_used; 655 dev_kfree_skb(skb); 656 } 657 658 done: 659 if (need_to_notify) 660 notify_remote_via_irq(queue->rx_irq); 661 } 662 663 void xenvif_napi_schedule_or_enable_events(struct xenvif_queue *queue) 664 { 665 int more_to_do; 666 667 RING_FINAL_CHECK_FOR_REQUESTS(&queue->tx, more_to_do); 668 669 if (more_to_do) 670 napi_schedule(&queue->napi); 671 } 672 673 static void tx_add_credit(struct xenvif_queue *queue) 674 { 675 unsigned long max_burst, max_credit; 676 677 /* 678 * Allow a burst big enough to transmit a jumbo packet of up to 128kB. 679 * Otherwise the interface can seize up due to insufficient credit. 680 */ 681 max_burst = max(131072UL, queue->credit_bytes); 682 683 /* Take care that adding a new chunk of credit doesn't wrap to zero. */ 684 max_credit = queue->remaining_credit + queue->credit_bytes; 685 if (max_credit < queue->remaining_credit) 686 max_credit = ULONG_MAX; /* wrapped: clamp to ULONG_MAX */ 687 688 queue->remaining_credit = min(max_credit, max_burst); 689 } 690 691 void xenvif_tx_credit_callback(unsigned long data) 692 { 693 struct xenvif_queue *queue = (struct xenvif_queue *)data; 694 tx_add_credit(queue); 695 xenvif_napi_schedule_or_enable_events(queue); 696 } 697 698 static void xenvif_tx_err(struct xenvif_queue *queue, 699 struct xen_netif_tx_request *txp, RING_IDX end) 700 { 701 RING_IDX cons = queue->tx.req_cons; 702 unsigned long flags; 703 704 do { 705 spin_lock_irqsave(&queue->response_lock, flags); 706 make_tx_response(queue, txp, XEN_NETIF_RSP_ERROR); 707 push_tx_responses(queue); 708 spin_unlock_irqrestore(&queue->response_lock, flags); 709 if (cons == end) 710 break; 711 RING_COPY_REQUEST(&queue->tx, cons++, txp); 712 } while (1); 713 queue->tx.req_cons = cons; 714 } 715 716 static void xenvif_fatal_tx_err(struct xenvif *vif) 717 { 718 netdev_err(vif->dev, "fatal error; disabling device\n"); 719 vif->disabled = true; 720 /* Disable the vif from queue 0's kthread */ 721 if (vif->queues) 722 xenvif_kick_thread(&vif->queues[0]); 723 } 724 725 static int xenvif_count_requests(struct xenvif_queue *queue, 726 struct xen_netif_tx_request *first, 727 struct xen_netif_tx_request *txp, 728 int work_to_do) 729 { 730 RING_IDX cons = queue->tx.req_cons; 731 int slots = 0; 732 int drop_err = 0; 733 int more_data; 734 735 if (!(first->flags & XEN_NETTXF_more_data)) 736 return 0; 737 738 do { 739 struct xen_netif_tx_request dropped_tx = { 0 }; 740 741 if (slots >= work_to_do) { 742 netdev_err(queue->vif->dev, 743 "Asked for %d slots but exceeds this limit\n", 744 work_to_do); 745 xenvif_fatal_tx_err(queue->vif); 746 return -ENODATA; 747 } 748 749 /* This guest is really using too many slots and 750 * considered malicious. 751 */ 752 if (unlikely(slots >= fatal_skb_slots)) { 753 netdev_err(queue->vif->dev, 754 "Malicious frontend using %d slots, threshold %u\n", 755 slots, fatal_skb_slots); 756 xenvif_fatal_tx_err(queue->vif); 757 return -E2BIG; 758 } 759 760 /* Xen network protocol had implicit dependency on 761 * MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to 762 * the historical MAX_SKB_FRAGS value 18 to honor the 763 * same behavior as before. Any packet using more than 764 * 18 slots but less than fatal_skb_slots slots is 765 * dropped 766 */ 767 if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) { 768 if (net_ratelimit()) 769 netdev_dbg(queue->vif->dev, 770 "Too many slots (%d) exceeding limit (%d), dropping packet\n", 771 slots, XEN_NETBK_LEGACY_SLOTS_MAX); 772 drop_err = -E2BIG; 773 } 774 775 if (drop_err) 776 txp = &dropped_tx; 777 778 RING_COPY_REQUEST(&queue->tx, cons + slots, txp); 779 780 /* If the guest submitted a frame >= 64 KiB then 781 * first->size overflowed and following slots will 782 * appear to be larger than the frame. 783 * 784 * This cannot be fatal error as there are buggy 785 * frontends that do this. 786 * 787 * Consume all slots and drop the packet. 788 */ 789 if (!drop_err && txp->size > first->size) { 790 if (net_ratelimit()) 791 netdev_dbg(queue->vif->dev, 792 "Invalid tx request, slot size %u > remaining size %u\n", 793 txp->size, first->size); 794 drop_err = -EIO; 795 } 796 797 first->size -= txp->size; 798 slots++; 799 800 if (unlikely((txp->offset + txp->size) > XEN_PAGE_SIZE)) { 801 netdev_err(queue->vif->dev, "Cross page boundary, txp->offset: %u, size: %u\n", 802 txp->offset, txp->size); 803 xenvif_fatal_tx_err(queue->vif); 804 return -EINVAL; 805 } 806 807 more_data = txp->flags & XEN_NETTXF_more_data; 808 809 if (!drop_err) 810 txp++; 811 812 } while (more_data); 813 814 if (drop_err) { 815 xenvif_tx_err(queue, first, cons + slots); 816 return drop_err; 817 } 818 819 return slots; 820 } 821 822 823 struct xenvif_tx_cb { 824 u16 pending_idx; 825 }; 826 827 #define XENVIF_TX_CB(skb) ((struct xenvif_tx_cb *)(skb)->cb) 828 829 static inline void xenvif_tx_create_map_op(struct xenvif_queue *queue, 830 u16 pending_idx, 831 struct xen_netif_tx_request *txp, 832 struct gnttab_map_grant_ref *mop) 833 { 834 queue->pages_to_map[mop-queue->tx_map_ops] = queue->mmap_pages[pending_idx]; 835 gnttab_set_map_op(mop, idx_to_kaddr(queue, pending_idx), 836 GNTMAP_host_map | GNTMAP_readonly, 837 txp->gref, queue->vif->domid); 838 839 memcpy(&queue->pending_tx_info[pending_idx].req, txp, 840 sizeof(*txp)); 841 } 842 843 static inline struct sk_buff *xenvif_alloc_skb(unsigned int size) 844 { 845 struct sk_buff *skb = 846 alloc_skb(size + NET_SKB_PAD + NET_IP_ALIGN, 847 GFP_ATOMIC | __GFP_NOWARN); 848 if (unlikely(skb == NULL)) 849 return NULL; 850 851 /* Packets passed to netif_rx() must have some headroom. */ 852 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); 853 854 /* Initialize it here to avoid later surprises */ 855 skb_shinfo(skb)->destructor_arg = NULL; 856 857 return skb; 858 } 859 860 static struct gnttab_map_grant_ref *xenvif_get_requests(struct xenvif_queue *queue, 861 struct sk_buff *skb, 862 struct xen_netif_tx_request *txp, 863 struct gnttab_map_grant_ref *gop, 864 unsigned int frag_overflow, 865 struct sk_buff *nskb) 866 { 867 struct skb_shared_info *shinfo = skb_shinfo(skb); 868 skb_frag_t *frags = shinfo->frags; 869 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 870 int start; 871 pending_ring_idx_t index; 872 unsigned int nr_slots; 873 874 nr_slots = shinfo->nr_frags; 875 876 /* Skip first skb fragment if it is on same page as header fragment. */ 877 start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); 878 879 for (shinfo->nr_frags = start; shinfo->nr_frags < nr_slots; 880 shinfo->nr_frags++, txp++, gop++) { 881 index = pending_index(queue->pending_cons++); 882 pending_idx = queue->pending_ring[index]; 883 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 884 frag_set_pending_idx(&frags[shinfo->nr_frags], pending_idx); 885 } 886 887 if (frag_overflow) { 888 889 shinfo = skb_shinfo(nskb); 890 frags = shinfo->frags; 891 892 for (shinfo->nr_frags = 0; shinfo->nr_frags < frag_overflow; 893 shinfo->nr_frags++, txp++, gop++) { 894 index = pending_index(queue->pending_cons++); 895 pending_idx = queue->pending_ring[index]; 896 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 897 frag_set_pending_idx(&frags[shinfo->nr_frags], 898 pending_idx); 899 } 900 901 skb_shinfo(skb)->frag_list = nskb; 902 } 903 904 return gop; 905 } 906 907 static inline void xenvif_grant_handle_set(struct xenvif_queue *queue, 908 u16 pending_idx, 909 grant_handle_t handle) 910 { 911 if (unlikely(queue->grant_tx_handle[pending_idx] != 912 NETBACK_INVALID_HANDLE)) { 913 netdev_err(queue->vif->dev, 914 "Trying to overwrite active handle! pending_idx: 0x%x\n", 915 pending_idx); 916 BUG(); 917 } 918 queue->grant_tx_handle[pending_idx] = handle; 919 } 920 921 static inline void xenvif_grant_handle_reset(struct xenvif_queue *queue, 922 u16 pending_idx) 923 { 924 if (unlikely(queue->grant_tx_handle[pending_idx] == 925 NETBACK_INVALID_HANDLE)) { 926 netdev_err(queue->vif->dev, 927 "Trying to unmap invalid handle! pending_idx: 0x%x\n", 928 pending_idx); 929 BUG(); 930 } 931 queue->grant_tx_handle[pending_idx] = NETBACK_INVALID_HANDLE; 932 } 933 934 static int xenvif_tx_check_gop(struct xenvif_queue *queue, 935 struct sk_buff *skb, 936 struct gnttab_map_grant_ref **gopp_map, 937 struct gnttab_copy **gopp_copy) 938 { 939 struct gnttab_map_grant_ref *gop_map = *gopp_map; 940 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 941 /* This always points to the shinfo of the skb being checked, which 942 * could be either the first or the one on the frag_list 943 */ 944 struct skb_shared_info *shinfo = skb_shinfo(skb); 945 /* If this is non-NULL, we are currently checking the frag_list skb, and 946 * this points to the shinfo of the first one 947 */ 948 struct skb_shared_info *first_shinfo = NULL; 949 int nr_frags = shinfo->nr_frags; 950 const bool sharedslot = nr_frags && 951 frag_get_pending_idx(&shinfo->frags[0]) == pending_idx; 952 int i, err; 953 954 /* Check status of header. */ 955 err = (*gopp_copy)->status; 956 if (unlikely(err)) { 957 if (net_ratelimit()) 958 netdev_dbg(queue->vif->dev, 959 "Grant copy of header failed! status: %d pending_idx: %u ref: %u\n", 960 (*gopp_copy)->status, 961 pending_idx, 962 (*gopp_copy)->source.u.ref); 963 /* The first frag might still have this slot mapped */ 964 if (!sharedslot) 965 xenvif_idx_release(queue, pending_idx, 966 XEN_NETIF_RSP_ERROR); 967 } 968 (*gopp_copy)++; 969 970 check_frags: 971 for (i = 0; i < nr_frags; i++, gop_map++) { 972 int j, newerr; 973 974 pending_idx = frag_get_pending_idx(&shinfo->frags[i]); 975 976 /* Check error status: if okay then remember grant handle. */ 977 newerr = gop_map->status; 978 979 if (likely(!newerr)) { 980 xenvif_grant_handle_set(queue, 981 pending_idx, 982 gop_map->handle); 983 /* Had a previous error? Invalidate this fragment. */ 984 if (unlikely(err)) { 985 xenvif_idx_unmap(queue, pending_idx); 986 /* If the mapping of the first frag was OK, but 987 * the header's copy failed, and they are 988 * sharing a slot, send an error 989 */ 990 if (i == 0 && sharedslot) 991 xenvif_idx_release(queue, pending_idx, 992 XEN_NETIF_RSP_ERROR); 993 else 994 xenvif_idx_release(queue, pending_idx, 995 XEN_NETIF_RSP_OKAY); 996 } 997 continue; 998 } 999 1000 /* Error on this fragment: respond to client with an error. */ 1001 if (net_ratelimit()) 1002 netdev_dbg(queue->vif->dev, 1003 "Grant map of %d. frag failed! status: %d pending_idx: %u ref: %u\n", 1004 i, 1005 gop_map->status, 1006 pending_idx, 1007 gop_map->ref); 1008 1009 xenvif_idx_release(queue, pending_idx, XEN_NETIF_RSP_ERROR); 1010 1011 /* Not the first error? Preceding frags already invalidated. */ 1012 if (err) 1013 continue; 1014 1015 /* First error: if the header haven't shared a slot with the 1016 * first frag, release it as well. 1017 */ 1018 if (!sharedslot) 1019 xenvif_idx_release(queue, 1020 XENVIF_TX_CB(skb)->pending_idx, 1021 XEN_NETIF_RSP_OKAY); 1022 1023 /* Invalidate preceding fragments of this skb. */ 1024 for (j = 0; j < i; j++) { 1025 pending_idx = frag_get_pending_idx(&shinfo->frags[j]); 1026 xenvif_idx_unmap(queue, pending_idx); 1027 xenvif_idx_release(queue, pending_idx, 1028 XEN_NETIF_RSP_OKAY); 1029 } 1030 1031 /* And if we found the error while checking the frag_list, unmap 1032 * the first skb's frags 1033 */ 1034 if (first_shinfo) { 1035 for (j = 0; j < first_shinfo->nr_frags; j++) { 1036 pending_idx = frag_get_pending_idx(&first_shinfo->frags[j]); 1037 xenvif_idx_unmap(queue, pending_idx); 1038 xenvif_idx_release(queue, pending_idx, 1039 XEN_NETIF_RSP_OKAY); 1040 } 1041 } 1042 1043 /* Remember the error: invalidate all subsequent fragments. */ 1044 err = newerr; 1045 } 1046 1047 if (skb_has_frag_list(skb) && !first_shinfo) { 1048 first_shinfo = skb_shinfo(skb); 1049 shinfo = skb_shinfo(skb_shinfo(skb)->frag_list); 1050 nr_frags = shinfo->nr_frags; 1051 1052 goto check_frags; 1053 } 1054 1055 *gopp_map = gop_map; 1056 return err; 1057 } 1058 1059 static void xenvif_fill_frags(struct xenvif_queue *queue, struct sk_buff *skb) 1060 { 1061 struct skb_shared_info *shinfo = skb_shinfo(skb); 1062 int nr_frags = shinfo->nr_frags; 1063 int i; 1064 u16 prev_pending_idx = INVALID_PENDING_IDX; 1065 1066 for (i = 0; i < nr_frags; i++) { 1067 skb_frag_t *frag = shinfo->frags + i; 1068 struct xen_netif_tx_request *txp; 1069 struct page *page; 1070 u16 pending_idx; 1071 1072 pending_idx = frag_get_pending_idx(frag); 1073 1074 /* If this is not the first frag, chain it to the previous*/ 1075 if (prev_pending_idx == INVALID_PENDING_IDX) 1076 skb_shinfo(skb)->destructor_arg = 1077 &callback_param(queue, pending_idx); 1078 else 1079 callback_param(queue, prev_pending_idx).ctx = 1080 &callback_param(queue, pending_idx); 1081 1082 callback_param(queue, pending_idx).ctx = NULL; 1083 prev_pending_idx = pending_idx; 1084 1085 txp = &queue->pending_tx_info[pending_idx].req; 1086 page = virt_to_page(idx_to_kaddr(queue, pending_idx)); 1087 __skb_fill_page_desc(skb, i, page, txp->offset, txp->size); 1088 skb->len += txp->size; 1089 skb->data_len += txp->size; 1090 skb->truesize += txp->size; 1091 1092 /* Take an extra reference to offset network stack's put_page */ 1093 get_page(queue->mmap_pages[pending_idx]); 1094 } 1095 } 1096 1097 static int xenvif_get_extras(struct xenvif_queue *queue, 1098 struct xen_netif_extra_info *extras, 1099 int work_to_do) 1100 { 1101 struct xen_netif_extra_info extra; 1102 RING_IDX cons = queue->tx.req_cons; 1103 1104 do { 1105 if (unlikely(work_to_do-- <= 0)) { 1106 netdev_err(queue->vif->dev, "Missing extra info\n"); 1107 xenvif_fatal_tx_err(queue->vif); 1108 return -EBADR; 1109 } 1110 1111 RING_COPY_REQUEST(&queue->tx, cons, &extra); 1112 if (unlikely(!extra.type || 1113 extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { 1114 queue->tx.req_cons = ++cons; 1115 netdev_err(queue->vif->dev, 1116 "Invalid extra type: %d\n", extra.type); 1117 xenvif_fatal_tx_err(queue->vif); 1118 return -EINVAL; 1119 } 1120 1121 memcpy(&extras[extra.type - 1], &extra, sizeof(extra)); 1122 queue->tx.req_cons = ++cons; 1123 } while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE); 1124 1125 return work_to_do; 1126 } 1127 1128 static int xenvif_set_skb_gso(struct xenvif *vif, 1129 struct sk_buff *skb, 1130 struct xen_netif_extra_info *gso) 1131 { 1132 if (!gso->u.gso.size) { 1133 netdev_err(vif->dev, "GSO size must not be zero.\n"); 1134 xenvif_fatal_tx_err(vif); 1135 return -EINVAL; 1136 } 1137 1138 switch (gso->u.gso.type) { 1139 case XEN_NETIF_GSO_TYPE_TCPV4: 1140 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4; 1141 break; 1142 case XEN_NETIF_GSO_TYPE_TCPV6: 1143 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 1144 break; 1145 default: 1146 netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); 1147 xenvif_fatal_tx_err(vif); 1148 return -EINVAL; 1149 } 1150 1151 skb_shinfo(skb)->gso_size = gso->u.gso.size; 1152 /* gso_segs will be calculated later */ 1153 1154 return 0; 1155 } 1156 1157 static int checksum_setup(struct xenvif_queue *queue, struct sk_buff *skb) 1158 { 1159 bool recalculate_partial_csum = false; 1160 1161 /* A GSO SKB must be CHECKSUM_PARTIAL. However some buggy 1162 * peers can fail to set NETRXF_csum_blank when sending a GSO 1163 * frame. In this case force the SKB to CHECKSUM_PARTIAL and 1164 * recalculate the partial checksum. 1165 */ 1166 if (skb->ip_summed != CHECKSUM_PARTIAL && skb_is_gso(skb)) { 1167 queue->stats.rx_gso_checksum_fixup++; 1168 skb->ip_summed = CHECKSUM_PARTIAL; 1169 recalculate_partial_csum = true; 1170 } 1171 1172 /* A non-CHECKSUM_PARTIAL SKB does not require setup. */ 1173 if (skb->ip_summed != CHECKSUM_PARTIAL) 1174 return 0; 1175 1176 return skb_checksum_setup(skb, recalculate_partial_csum); 1177 } 1178 1179 static bool tx_credit_exceeded(struct xenvif_queue *queue, unsigned size) 1180 { 1181 u64 now = get_jiffies_64(); 1182 u64 next_credit = queue->credit_window_start + 1183 msecs_to_jiffies(queue->credit_usec / 1000); 1184 1185 /* Timer could already be pending in rare cases. */ 1186 if (timer_pending(&queue->credit_timeout)) 1187 return true; 1188 1189 /* Passed the point where we can replenish credit? */ 1190 if (time_after_eq64(now, next_credit)) { 1191 queue->credit_window_start = now; 1192 tx_add_credit(queue); 1193 } 1194 1195 /* Still too big to send right now? Set a callback. */ 1196 if (size > queue->remaining_credit) { 1197 queue->credit_timeout.data = 1198 (unsigned long)queue; 1199 mod_timer(&queue->credit_timeout, 1200 next_credit); 1201 queue->credit_window_start = next_credit; 1202 1203 return true; 1204 } 1205 1206 return false; 1207 } 1208 1209 /* No locking is required in xenvif_mcast_add/del() as they are 1210 * only ever invoked from NAPI poll. An RCU list is used because 1211 * xenvif_mcast_match() is called asynchronously, during start_xmit. 1212 */ 1213 1214 static int xenvif_mcast_add(struct xenvif *vif, const u8 *addr) 1215 { 1216 struct xenvif_mcast_addr *mcast; 1217 1218 if (vif->fe_mcast_count == XEN_NETBK_MCAST_MAX) { 1219 if (net_ratelimit()) 1220 netdev_err(vif->dev, 1221 "Too many multicast addresses\n"); 1222 return -ENOSPC; 1223 } 1224 1225 mcast = kzalloc(sizeof(*mcast), GFP_ATOMIC); 1226 if (!mcast) 1227 return -ENOMEM; 1228 1229 ether_addr_copy(mcast->addr, addr); 1230 list_add_tail_rcu(&mcast->entry, &vif->fe_mcast_addr); 1231 vif->fe_mcast_count++; 1232 1233 return 0; 1234 } 1235 1236 static void xenvif_mcast_del(struct xenvif *vif, const u8 *addr) 1237 { 1238 struct xenvif_mcast_addr *mcast; 1239 1240 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) { 1241 if (ether_addr_equal(addr, mcast->addr)) { 1242 --vif->fe_mcast_count; 1243 list_del_rcu(&mcast->entry); 1244 kfree_rcu(mcast, rcu); 1245 break; 1246 } 1247 } 1248 } 1249 1250 bool xenvif_mcast_match(struct xenvif *vif, const u8 *addr) 1251 { 1252 struct xenvif_mcast_addr *mcast; 1253 1254 rcu_read_lock(); 1255 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) { 1256 if (ether_addr_equal(addr, mcast->addr)) { 1257 rcu_read_unlock(); 1258 return true; 1259 } 1260 } 1261 rcu_read_unlock(); 1262 1263 return false; 1264 } 1265 1266 void xenvif_mcast_addr_list_free(struct xenvif *vif) 1267 { 1268 /* No need for locking or RCU here. NAPI poll and TX queue 1269 * are stopped. 1270 */ 1271 while (!list_empty(&vif->fe_mcast_addr)) { 1272 struct xenvif_mcast_addr *mcast; 1273 1274 mcast = list_first_entry(&vif->fe_mcast_addr, 1275 struct xenvif_mcast_addr, 1276 entry); 1277 --vif->fe_mcast_count; 1278 list_del(&mcast->entry); 1279 kfree(mcast); 1280 } 1281 } 1282 1283 static void xenvif_tx_build_gops(struct xenvif_queue *queue, 1284 int budget, 1285 unsigned *copy_ops, 1286 unsigned *map_ops) 1287 { 1288 struct gnttab_map_grant_ref *gop = queue->tx_map_ops; 1289 struct sk_buff *skb, *nskb; 1290 int ret; 1291 unsigned int frag_overflow; 1292 1293 while (skb_queue_len(&queue->tx_queue) < budget) { 1294 struct xen_netif_tx_request txreq; 1295 struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX]; 1296 struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1]; 1297 u16 pending_idx; 1298 RING_IDX idx; 1299 int work_to_do; 1300 unsigned int data_len; 1301 pending_ring_idx_t index; 1302 1303 if (queue->tx.sring->req_prod - queue->tx.req_cons > 1304 XEN_NETIF_TX_RING_SIZE) { 1305 netdev_err(queue->vif->dev, 1306 "Impossible number of requests. " 1307 "req_prod %d, req_cons %d, size %ld\n", 1308 queue->tx.sring->req_prod, queue->tx.req_cons, 1309 XEN_NETIF_TX_RING_SIZE); 1310 xenvif_fatal_tx_err(queue->vif); 1311 break; 1312 } 1313 1314 work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&queue->tx); 1315 if (!work_to_do) 1316 break; 1317 1318 idx = queue->tx.req_cons; 1319 rmb(); /* Ensure that we see the request before we copy it. */ 1320 RING_COPY_REQUEST(&queue->tx, idx, &txreq); 1321 1322 /* Credit-based scheduling. */ 1323 if (txreq.size > queue->remaining_credit && 1324 tx_credit_exceeded(queue, txreq.size)) 1325 break; 1326 1327 queue->remaining_credit -= txreq.size; 1328 1329 work_to_do--; 1330 queue->tx.req_cons = ++idx; 1331 1332 memset(extras, 0, sizeof(extras)); 1333 if (txreq.flags & XEN_NETTXF_extra_info) { 1334 work_to_do = xenvif_get_extras(queue, extras, 1335 work_to_do); 1336 idx = queue->tx.req_cons; 1337 if (unlikely(work_to_do < 0)) 1338 break; 1339 } 1340 1341 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1].type) { 1342 struct xen_netif_extra_info *extra; 1343 1344 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1]; 1345 ret = xenvif_mcast_add(queue->vif, extra->u.mcast.addr); 1346 1347 make_tx_response(queue, &txreq, 1348 (ret == 0) ? 1349 XEN_NETIF_RSP_OKAY : 1350 XEN_NETIF_RSP_ERROR); 1351 push_tx_responses(queue); 1352 continue; 1353 } 1354 1355 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1].type) { 1356 struct xen_netif_extra_info *extra; 1357 1358 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1]; 1359 xenvif_mcast_del(queue->vif, extra->u.mcast.addr); 1360 1361 make_tx_response(queue, &txreq, XEN_NETIF_RSP_OKAY); 1362 push_tx_responses(queue); 1363 continue; 1364 } 1365 1366 ret = xenvif_count_requests(queue, &txreq, txfrags, work_to_do); 1367 if (unlikely(ret < 0)) 1368 break; 1369 1370 idx += ret; 1371 1372 if (unlikely(txreq.size < ETH_HLEN)) { 1373 netdev_dbg(queue->vif->dev, 1374 "Bad packet size: %d\n", txreq.size); 1375 xenvif_tx_err(queue, &txreq, idx); 1376 break; 1377 } 1378 1379 /* No crossing a page as the payload mustn't fragment. */ 1380 if (unlikely((txreq.offset + txreq.size) > XEN_PAGE_SIZE)) { 1381 netdev_err(queue->vif->dev, 1382 "txreq.offset: %u, size: %u, end: %lu\n", 1383 txreq.offset, txreq.size, 1384 (unsigned long)(txreq.offset&~XEN_PAGE_MASK) + txreq.size); 1385 xenvif_fatal_tx_err(queue->vif); 1386 break; 1387 } 1388 1389 index = pending_index(queue->pending_cons); 1390 pending_idx = queue->pending_ring[index]; 1391 1392 data_len = (txreq.size > XEN_NETBACK_TX_COPY_LEN && 1393 ret < XEN_NETBK_LEGACY_SLOTS_MAX) ? 1394 XEN_NETBACK_TX_COPY_LEN : txreq.size; 1395 1396 skb = xenvif_alloc_skb(data_len); 1397 if (unlikely(skb == NULL)) { 1398 netdev_dbg(queue->vif->dev, 1399 "Can't allocate a skb in start_xmit.\n"); 1400 xenvif_tx_err(queue, &txreq, idx); 1401 break; 1402 } 1403 1404 skb_shinfo(skb)->nr_frags = ret; 1405 if (data_len < txreq.size) 1406 skb_shinfo(skb)->nr_frags++; 1407 /* At this point shinfo->nr_frags is in fact the number of 1408 * slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX. 1409 */ 1410 frag_overflow = 0; 1411 nskb = NULL; 1412 if (skb_shinfo(skb)->nr_frags > MAX_SKB_FRAGS) { 1413 frag_overflow = skb_shinfo(skb)->nr_frags - MAX_SKB_FRAGS; 1414 BUG_ON(frag_overflow > MAX_SKB_FRAGS); 1415 skb_shinfo(skb)->nr_frags = MAX_SKB_FRAGS; 1416 nskb = xenvif_alloc_skb(0); 1417 if (unlikely(nskb == NULL)) { 1418 kfree_skb(skb); 1419 xenvif_tx_err(queue, &txreq, idx); 1420 if (net_ratelimit()) 1421 netdev_err(queue->vif->dev, 1422 "Can't allocate the frag_list skb.\n"); 1423 break; 1424 } 1425 } 1426 1427 if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) { 1428 struct xen_netif_extra_info *gso; 1429 gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; 1430 1431 if (xenvif_set_skb_gso(queue->vif, skb, gso)) { 1432 /* Failure in xenvif_set_skb_gso is fatal. */ 1433 kfree_skb(skb); 1434 kfree_skb(nskb); 1435 break; 1436 } 1437 } 1438 1439 XENVIF_TX_CB(skb)->pending_idx = pending_idx; 1440 1441 __skb_put(skb, data_len); 1442 queue->tx_copy_ops[*copy_ops].source.u.ref = txreq.gref; 1443 queue->tx_copy_ops[*copy_ops].source.domid = queue->vif->domid; 1444 queue->tx_copy_ops[*copy_ops].source.offset = txreq.offset; 1445 1446 queue->tx_copy_ops[*copy_ops].dest.u.gmfn = 1447 virt_to_gfn(skb->data); 1448 queue->tx_copy_ops[*copy_ops].dest.domid = DOMID_SELF; 1449 queue->tx_copy_ops[*copy_ops].dest.offset = 1450 offset_in_page(skb->data) & ~XEN_PAGE_MASK; 1451 1452 queue->tx_copy_ops[*copy_ops].len = data_len; 1453 queue->tx_copy_ops[*copy_ops].flags = GNTCOPY_source_gref; 1454 1455 (*copy_ops)++; 1456 1457 if (data_len < txreq.size) { 1458 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1459 pending_idx); 1460 xenvif_tx_create_map_op(queue, pending_idx, &txreq, gop); 1461 gop++; 1462 } else { 1463 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1464 INVALID_PENDING_IDX); 1465 memcpy(&queue->pending_tx_info[pending_idx].req, &txreq, 1466 sizeof(txreq)); 1467 } 1468 1469 queue->pending_cons++; 1470 1471 gop = xenvif_get_requests(queue, skb, txfrags, gop, 1472 frag_overflow, nskb); 1473 1474 __skb_queue_tail(&queue->tx_queue, skb); 1475 1476 queue->tx.req_cons = idx; 1477 1478 if (((gop-queue->tx_map_ops) >= ARRAY_SIZE(queue->tx_map_ops)) || 1479 (*copy_ops >= ARRAY_SIZE(queue->tx_copy_ops))) 1480 break; 1481 } 1482 1483 (*map_ops) = gop - queue->tx_map_ops; 1484 return; 1485 } 1486 1487 /* Consolidate skb with a frag_list into a brand new one with local pages on 1488 * frags. Returns 0 or -ENOMEM if can't allocate new pages. 1489 */ 1490 static int xenvif_handle_frag_list(struct xenvif_queue *queue, struct sk_buff *skb) 1491 { 1492 unsigned int offset = skb_headlen(skb); 1493 skb_frag_t frags[MAX_SKB_FRAGS]; 1494 int i, f; 1495 struct ubuf_info *uarg; 1496 struct sk_buff *nskb = skb_shinfo(skb)->frag_list; 1497 1498 queue->stats.tx_zerocopy_sent += 2; 1499 queue->stats.tx_frag_overflow++; 1500 1501 xenvif_fill_frags(queue, nskb); 1502 /* Subtract frags size, we will correct it later */ 1503 skb->truesize -= skb->data_len; 1504 skb->len += nskb->len; 1505 skb->data_len += nskb->len; 1506 1507 /* create a brand new frags array and coalesce there */ 1508 for (i = 0; offset < skb->len; i++) { 1509 struct page *page; 1510 unsigned int len; 1511 1512 BUG_ON(i >= MAX_SKB_FRAGS); 1513 page = alloc_page(GFP_ATOMIC); 1514 if (!page) { 1515 int j; 1516 skb->truesize += skb->data_len; 1517 for (j = 0; j < i; j++) 1518 put_page(frags[j].page.p); 1519 return -ENOMEM; 1520 } 1521 1522 if (offset + PAGE_SIZE < skb->len) 1523 len = PAGE_SIZE; 1524 else 1525 len = skb->len - offset; 1526 if (skb_copy_bits(skb, offset, page_address(page), len)) 1527 BUG(); 1528 1529 offset += len; 1530 frags[i].page.p = page; 1531 frags[i].page_offset = 0; 1532 skb_frag_size_set(&frags[i], len); 1533 } 1534 1535 /* Copied all the bits from the frag list -- free it. */ 1536 skb_frag_list_init(skb); 1537 xenvif_skb_zerocopy_prepare(queue, nskb); 1538 kfree_skb(nskb); 1539 1540 /* Release all the original (foreign) frags. */ 1541 for (f = 0; f < skb_shinfo(skb)->nr_frags; f++) 1542 skb_frag_unref(skb, f); 1543 uarg = skb_shinfo(skb)->destructor_arg; 1544 /* increase inflight counter to offset decrement in callback */ 1545 atomic_inc(&queue->inflight_packets); 1546 uarg->callback(uarg, true); 1547 skb_shinfo(skb)->destructor_arg = NULL; 1548 1549 /* Fill the skb with the new (local) frags. */ 1550 memcpy(skb_shinfo(skb)->frags, frags, i * sizeof(skb_frag_t)); 1551 skb_shinfo(skb)->nr_frags = i; 1552 skb->truesize += i * PAGE_SIZE; 1553 1554 return 0; 1555 } 1556 1557 static int xenvif_tx_submit(struct xenvif_queue *queue) 1558 { 1559 struct gnttab_map_grant_ref *gop_map = queue->tx_map_ops; 1560 struct gnttab_copy *gop_copy = queue->tx_copy_ops; 1561 struct sk_buff *skb; 1562 int work_done = 0; 1563 1564 while ((skb = __skb_dequeue(&queue->tx_queue)) != NULL) { 1565 struct xen_netif_tx_request *txp; 1566 u16 pending_idx; 1567 unsigned data_len; 1568 1569 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 1570 txp = &queue->pending_tx_info[pending_idx].req; 1571 1572 /* Check the remap error code. */ 1573 if (unlikely(xenvif_tx_check_gop(queue, skb, &gop_map, &gop_copy))) { 1574 /* If there was an error, xenvif_tx_check_gop is 1575 * expected to release all the frags which were mapped, 1576 * so kfree_skb shouldn't do it again 1577 */ 1578 skb_shinfo(skb)->nr_frags = 0; 1579 if (skb_has_frag_list(skb)) { 1580 struct sk_buff *nskb = 1581 skb_shinfo(skb)->frag_list; 1582 skb_shinfo(nskb)->nr_frags = 0; 1583 } 1584 kfree_skb(skb); 1585 continue; 1586 } 1587 1588 data_len = skb->len; 1589 callback_param(queue, pending_idx).ctx = NULL; 1590 if (data_len < txp->size) { 1591 /* Append the packet payload as a fragment. */ 1592 txp->offset += data_len; 1593 txp->size -= data_len; 1594 } else { 1595 /* Schedule a response immediately. */ 1596 xenvif_idx_release(queue, pending_idx, 1597 XEN_NETIF_RSP_OKAY); 1598 } 1599 1600 if (txp->flags & XEN_NETTXF_csum_blank) 1601 skb->ip_summed = CHECKSUM_PARTIAL; 1602 else if (txp->flags & XEN_NETTXF_data_validated) 1603 skb->ip_summed = CHECKSUM_UNNECESSARY; 1604 1605 xenvif_fill_frags(queue, skb); 1606 1607 if (unlikely(skb_has_frag_list(skb))) { 1608 if (xenvif_handle_frag_list(queue, skb)) { 1609 if (net_ratelimit()) 1610 netdev_err(queue->vif->dev, 1611 "Not enough memory to consolidate frag_list!\n"); 1612 xenvif_skb_zerocopy_prepare(queue, skb); 1613 kfree_skb(skb); 1614 continue; 1615 } 1616 } 1617 1618 skb->dev = queue->vif->dev; 1619 skb->protocol = eth_type_trans(skb, skb->dev); 1620 skb_reset_network_header(skb); 1621 1622 if (checksum_setup(queue, skb)) { 1623 netdev_dbg(queue->vif->dev, 1624 "Can't setup checksum in net_tx_action\n"); 1625 /* We have to set this flag to trigger the callback */ 1626 if (skb_shinfo(skb)->destructor_arg) 1627 xenvif_skb_zerocopy_prepare(queue, skb); 1628 kfree_skb(skb); 1629 continue; 1630 } 1631 1632 skb_probe_transport_header(skb, 0); 1633 1634 /* If the packet is GSO then we will have just set up the 1635 * transport header offset in checksum_setup so it's now 1636 * straightforward to calculate gso_segs. 1637 */ 1638 if (skb_is_gso(skb)) { 1639 int mss = skb_shinfo(skb)->gso_size; 1640 int hdrlen = skb_transport_header(skb) - 1641 skb_mac_header(skb) + 1642 tcp_hdrlen(skb); 1643 1644 skb_shinfo(skb)->gso_segs = 1645 DIV_ROUND_UP(skb->len - hdrlen, mss); 1646 } 1647 1648 queue->stats.rx_bytes += skb->len; 1649 queue->stats.rx_packets++; 1650 1651 work_done++; 1652 1653 /* Set this flag right before netif_receive_skb, otherwise 1654 * someone might think this packet already left netback, and 1655 * do a skb_copy_ubufs while we are still in control of the 1656 * skb. E.g. the __pskb_pull_tail earlier can do such thing. 1657 */ 1658 if (skb_shinfo(skb)->destructor_arg) { 1659 xenvif_skb_zerocopy_prepare(queue, skb); 1660 queue->stats.tx_zerocopy_sent++; 1661 } 1662 1663 netif_receive_skb(skb); 1664 } 1665 1666 return work_done; 1667 } 1668 1669 void xenvif_zerocopy_callback(struct ubuf_info *ubuf, bool zerocopy_success) 1670 { 1671 unsigned long flags; 1672 pending_ring_idx_t index; 1673 struct xenvif_queue *queue = ubuf_to_queue(ubuf); 1674 1675 /* This is the only place where we grab this lock, to protect callbacks 1676 * from each other. 1677 */ 1678 spin_lock_irqsave(&queue->callback_lock, flags); 1679 do { 1680 u16 pending_idx = ubuf->desc; 1681 ubuf = (struct ubuf_info *) ubuf->ctx; 1682 BUG_ON(queue->dealloc_prod - queue->dealloc_cons >= 1683 MAX_PENDING_REQS); 1684 index = pending_index(queue->dealloc_prod); 1685 queue->dealloc_ring[index] = pending_idx; 1686 /* Sync with xenvif_tx_dealloc_action: 1687 * insert idx then incr producer. 1688 */ 1689 smp_wmb(); 1690 queue->dealloc_prod++; 1691 } while (ubuf); 1692 spin_unlock_irqrestore(&queue->callback_lock, flags); 1693 1694 if (likely(zerocopy_success)) 1695 queue->stats.tx_zerocopy_success++; 1696 else 1697 queue->stats.tx_zerocopy_fail++; 1698 xenvif_skb_zerocopy_complete(queue); 1699 } 1700 1701 static inline void xenvif_tx_dealloc_action(struct xenvif_queue *queue) 1702 { 1703 struct gnttab_unmap_grant_ref *gop; 1704 pending_ring_idx_t dc, dp; 1705 u16 pending_idx, pending_idx_release[MAX_PENDING_REQS]; 1706 unsigned int i = 0; 1707 1708 dc = queue->dealloc_cons; 1709 gop = queue->tx_unmap_ops; 1710 1711 /* Free up any grants we have finished using */ 1712 do { 1713 dp = queue->dealloc_prod; 1714 1715 /* Ensure we see all indices enqueued by all 1716 * xenvif_zerocopy_callback(). 1717 */ 1718 smp_rmb(); 1719 1720 while (dc != dp) { 1721 BUG_ON(gop - queue->tx_unmap_ops >= MAX_PENDING_REQS); 1722 pending_idx = 1723 queue->dealloc_ring[pending_index(dc++)]; 1724 1725 pending_idx_release[gop - queue->tx_unmap_ops] = 1726 pending_idx; 1727 queue->pages_to_unmap[gop - queue->tx_unmap_ops] = 1728 queue->mmap_pages[pending_idx]; 1729 gnttab_set_unmap_op(gop, 1730 idx_to_kaddr(queue, pending_idx), 1731 GNTMAP_host_map, 1732 queue->grant_tx_handle[pending_idx]); 1733 xenvif_grant_handle_reset(queue, pending_idx); 1734 ++gop; 1735 } 1736 1737 } while (dp != queue->dealloc_prod); 1738 1739 queue->dealloc_cons = dc; 1740 1741 if (gop - queue->tx_unmap_ops > 0) { 1742 int ret; 1743 ret = gnttab_unmap_refs(queue->tx_unmap_ops, 1744 NULL, 1745 queue->pages_to_unmap, 1746 gop - queue->tx_unmap_ops); 1747 if (ret) { 1748 netdev_err(queue->vif->dev, "Unmap fail: nr_ops %tu ret %d\n", 1749 gop - queue->tx_unmap_ops, ret); 1750 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) { 1751 if (gop[i].status != GNTST_okay) 1752 netdev_err(queue->vif->dev, 1753 " host_addr: 0x%llx handle: 0x%x status: %d\n", 1754 gop[i].host_addr, 1755 gop[i].handle, 1756 gop[i].status); 1757 } 1758 BUG(); 1759 } 1760 } 1761 1762 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) 1763 xenvif_idx_release(queue, pending_idx_release[i], 1764 XEN_NETIF_RSP_OKAY); 1765 } 1766 1767 1768 /* Called after netfront has transmitted */ 1769 int xenvif_tx_action(struct xenvif_queue *queue, int budget) 1770 { 1771 unsigned nr_mops, nr_cops = 0; 1772 int work_done, ret; 1773 1774 if (unlikely(!tx_work_todo(queue))) 1775 return 0; 1776 1777 xenvif_tx_build_gops(queue, budget, &nr_cops, &nr_mops); 1778 1779 if (nr_cops == 0) 1780 return 0; 1781 1782 gnttab_batch_copy(queue->tx_copy_ops, nr_cops); 1783 if (nr_mops != 0) { 1784 ret = gnttab_map_refs(queue->tx_map_ops, 1785 NULL, 1786 queue->pages_to_map, 1787 nr_mops); 1788 BUG_ON(ret); 1789 } 1790 1791 work_done = xenvif_tx_submit(queue); 1792 1793 return work_done; 1794 } 1795 1796 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 1797 u8 status) 1798 { 1799 struct pending_tx_info *pending_tx_info; 1800 pending_ring_idx_t index; 1801 unsigned long flags; 1802 1803 pending_tx_info = &queue->pending_tx_info[pending_idx]; 1804 1805 spin_lock_irqsave(&queue->response_lock, flags); 1806 1807 make_tx_response(queue, &pending_tx_info->req, status); 1808 1809 /* Release the pending index before pusing the Tx response so 1810 * its available before a new Tx request is pushed by the 1811 * frontend. 1812 */ 1813 index = pending_index(queue->pending_prod++); 1814 queue->pending_ring[index] = pending_idx; 1815 1816 push_tx_responses(queue); 1817 1818 spin_unlock_irqrestore(&queue->response_lock, flags); 1819 } 1820 1821 1822 static void make_tx_response(struct xenvif_queue *queue, 1823 struct xen_netif_tx_request *txp, 1824 s8 st) 1825 { 1826 RING_IDX i = queue->tx.rsp_prod_pvt; 1827 struct xen_netif_tx_response *resp; 1828 1829 resp = RING_GET_RESPONSE(&queue->tx, i); 1830 resp->id = txp->id; 1831 resp->status = st; 1832 1833 if (txp->flags & XEN_NETTXF_extra_info) 1834 RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL; 1835 1836 queue->tx.rsp_prod_pvt = ++i; 1837 } 1838 1839 static void push_tx_responses(struct xenvif_queue *queue) 1840 { 1841 int notify; 1842 1843 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify); 1844 if (notify) 1845 notify_remote_via_irq(queue->tx_irq); 1846 } 1847 1848 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 1849 u16 id, 1850 s8 st, 1851 u16 offset, 1852 u16 size, 1853 u16 flags) 1854 { 1855 RING_IDX i = queue->rx.rsp_prod_pvt; 1856 struct xen_netif_rx_response *resp; 1857 1858 resp = RING_GET_RESPONSE(&queue->rx, i); 1859 resp->offset = offset; 1860 resp->flags = flags; 1861 resp->id = id; 1862 resp->status = (s16)size; 1863 if (st < 0) 1864 resp->status = (s16)st; 1865 1866 queue->rx.rsp_prod_pvt = ++i; 1867 1868 return resp; 1869 } 1870 1871 void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx) 1872 { 1873 int ret; 1874 struct gnttab_unmap_grant_ref tx_unmap_op; 1875 1876 gnttab_set_unmap_op(&tx_unmap_op, 1877 idx_to_kaddr(queue, pending_idx), 1878 GNTMAP_host_map, 1879 queue->grant_tx_handle[pending_idx]); 1880 xenvif_grant_handle_reset(queue, pending_idx); 1881 1882 ret = gnttab_unmap_refs(&tx_unmap_op, NULL, 1883 &queue->mmap_pages[pending_idx], 1); 1884 if (ret) { 1885 netdev_err(queue->vif->dev, 1886 "Unmap fail: ret: %d pending_idx: %d host_addr: %llx handle: 0x%x status: %d\n", 1887 ret, 1888 pending_idx, 1889 tx_unmap_op.host_addr, 1890 tx_unmap_op.handle, 1891 tx_unmap_op.status); 1892 BUG(); 1893 } 1894 } 1895 1896 static inline int tx_work_todo(struct xenvif_queue *queue) 1897 { 1898 if (likely(RING_HAS_UNCONSUMED_REQUESTS(&queue->tx))) 1899 return 1; 1900 1901 return 0; 1902 } 1903 1904 static inline bool tx_dealloc_work_todo(struct xenvif_queue *queue) 1905 { 1906 return queue->dealloc_cons != queue->dealloc_prod; 1907 } 1908 1909 void xenvif_unmap_frontend_rings(struct xenvif_queue *queue) 1910 { 1911 if (queue->tx.sring) 1912 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1913 queue->tx.sring); 1914 if (queue->rx.sring) 1915 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1916 queue->rx.sring); 1917 } 1918 1919 int xenvif_map_frontend_rings(struct xenvif_queue *queue, 1920 grant_ref_t tx_ring_ref, 1921 grant_ref_t rx_ring_ref) 1922 { 1923 void *addr; 1924 struct xen_netif_tx_sring *txs; 1925 struct xen_netif_rx_sring *rxs; 1926 1927 int err = -ENOMEM; 1928 1929 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1930 &tx_ring_ref, 1, &addr); 1931 if (err) 1932 goto err; 1933 1934 txs = (struct xen_netif_tx_sring *)addr; 1935 BACK_RING_INIT(&queue->tx, txs, XEN_PAGE_SIZE); 1936 1937 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1938 &rx_ring_ref, 1, &addr); 1939 if (err) 1940 goto err; 1941 1942 rxs = (struct xen_netif_rx_sring *)addr; 1943 BACK_RING_INIT(&queue->rx, rxs, XEN_PAGE_SIZE); 1944 1945 return 0; 1946 1947 err: 1948 xenvif_unmap_frontend_rings(queue); 1949 return err; 1950 } 1951 1952 static void xenvif_queue_carrier_off(struct xenvif_queue *queue) 1953 { 1954 struct xenvif *vif = queue->vif; 1955 1956 queue->stalled = true; 1957 1958 /* At least one queue has stalled? Disable the carrier. */ 1959 spin_lock(&vif->lock); 1960 if (vif->stalled_queues++ == 0) { 1961 netdev_info(vif->dev, "Guest Rx stalled"); 1962 netif_carrier_off(vif->dev); 1963 } 1964 spin_unlock(&vif->lock); 1965 } 1966 1967 static void xenvif_queue_carrier_on(struct xenvif_queue *queue) 1968 { 1969 struct xenvif *vif = queue->vif; 1970 1971 queue->last_rx_time = jiffies; /* Reset Rx stall detection. */ 1972 queue->stalled = false; 1973 1974 /* All queues are ready? Enable the carrier. */ 1975 spin_lock(&vif->lock); 1976 if (--vif->stalled_queues == 0) { 1977 netdev_info(vif->dev, "Guest Rx ready"); 1978 netif_carrier_on(vif->dev); 1979 } 1980 spin_unlock(&vif->lock); 1981 } 1982 1983 static bool xenvif_rx_queue_stalled(struct xenvif_queue *queue) 1984 { 1985 RING_IDX prod, cons; 1986 1987 prod = queue->rx.sring->req_prod; 1988 cons = queue->rx.req_cons; 1989 1990 return !queue->stalled && prod - cons < 1 1991 && time_after(jiffies, 1992 queue->last_rx_time + queue->vif->stall_timeout); 1993 } 1994 1995 static bool xenvif_rx_queue_ready(struct xenvif_queue *queue) 1996 { 1997 RING_IDX prod, cons; 1998 1999 prod = queue->rx.sring->req_prod; 2000 cons = queue->rx.req_cons; 2001 2002 return queue->stalled && prod - cons >= 1; 2003 } 2004 2005 static bool xenvif_have_rx_work(struct xenvif_queue *queue) 2006 { 2007 return xenvif_rx_ring_slots_available(queue) 2008 || (queue->vif->stall_timeout && 2009 (xenvif_rx_queue_stalled(queue) 2010 || xenvif_rx_queue_ready(queue))) 2011 || kthread_should_stop() 2012 || queue->vif->disabled; 2013 } 2014 2015 static long xenvif_rx_queue_timeout(struct xenvif_queue *queue) 2016 { 2017 struct sk_buff *skb; 2018 long timeout; 2019 2020 skb = skb_peek(&queue->rx_queue); 2021 if (!skb) 2022 return MAX_SCHEDULE_TIMEOUT; 2023 2024 timeout = XENVIF_RX_CB(skb)->expires - jiffies; 2025 return timeout < 0 ? 0 : timeout; 2026 } 2027 2028 /* Wait until the guest Rx thread has work. 2029 * 2030 * The timeout needs to be adjusted based on the current head of the 2031 * queue (and not just the head at the beginning). In particular, if 2032 * the queue is initially empty an infinite timeout is used and this 2033 * needs to be reduced when a skb is queued. 2034 * 2035 * This cannot be done with wait_event_timeout() because it only 2036 * calculates the timeout once. 2037 */ 2038 static void xenvif_wait_for_rx_work(struct xenvif_queue *queue) 2039 { 2040 DEFINE_WAIT(wait); 2041 2042 if (xenvif_have_rx_work(queue)) 2043 return; 2044 2045 for (;;) { 2046 long ret; 2047 2048 prepare_to_wait(&queue->wq, &wait, TASK_INTERRUPTIBLE); 2049 if (xenvif_have_rx_work(queue)) 2050 break; 2051 ret = schedule_timeout(xenvif_rx_queue_timeout(queue)); 2052 if (!ret) 2053 break; 2054 } 2055 finish_wait(&queue->wq, &wait); 2056 } 2057 2058 int xenvif_kthread_guest_rx(void *data) 2059 { 2060 struct xenvif_queue *queue = data; 2061 struct xenvif *vif = queue->vif; 2062 2063 if (!vif->stall_timeout) 2064 xenvif_queue_carrier_on(queue); 2065 2066 for (;;) { 2067 xenvif_wait_for_rx_work(queue); 2068 2069 if (kthread_should_stop()) 2070 break; 2071 2072 /* This frontend is found to be rogue, disable it in 2073 * kthread context. Currently this is only set when 2074 * netback finds out frontend sends malformed packet, 2075 * but we cannot disable the interface in softirq 2076 * context so we defer it here, if this thread is 2077 * associated with queue 0. 2078 */ 2079 if (unlikely(vif->disabled && queue->id == 0)) { 2080 xenvif_carrier_off(vif); 2081 break; 2082 } 2083 2084 if (!skb_queue_empty(&queue->rx_queue)) 2085 xenvif_rx_action(queue); 2086 2087 /* If the guest hasn't provided any Rx slots for a 2088 * while it's probably not responsive, drop the 2089 * carrier so packets are dropped earlier. 2090 */ 2091 if (vif->stall_timeout) { 2092 if (xenvif_rx_queue_stalled(queue)) 2093 xenvif_queue_carrier_off(queue); 2094 else if (xenvif_rx_queue_ready(queue)) 2095 xenvif_queue_carrier_on(queue); 2096 } 2097 2098 /* Queued packets may have foreign pages from other 2099 * domains. These cannot be queued indefinitely as 2100 * this would starve guests of grant refs and transmit 2101 * slots. 2102 */ 2103 xenvif_rx_queue_drop_expired(queue); 2104 2105 xenvif_rx_queue_maybe_wake(queue); 2106 2107 cond_resched(); 2108 } 2109 2110 /* Bin any remaining skbs */ 2111 xenvif_rx_queue_purge(queue); 2112 2113 return 0; 2114 } 2115 2116 static bool xenvif_dealloc_kthread_should_stop(struct xenvif_queue *queue) 2117 { 2118 /* Dealloc thread must remain running until all inflight 2119 * packets complete. 2120 */ 2121 return kthread_should_stop() && 2122 !atomic_read(&queue->inflight_packets); 2123 } 2124 2125 int xenvif_dealloc_kthread(void *data) 2126 { 2127 struct xenvif_queue *queue = data; 2128 2129 for (;;) { 2130 wait_event_interruptible(queue->dealloc_wq, 2131 tx_dealloc_work_todo(queue) || 2132 xenvif_dealloc_kthread_should_stop(queue)); 2133 if (xenvif_dealloc_kthread_should_stop(queue)) 2134 break; 2135 2136 xenvif_tx_dealloc_action(queue); 2137 cond_resched(); 2138 } 2139 2140 /* Unmap anything remaining*/ 2141 if (tx_dealloc_work_todo(queue)) 2142 xenvif_tx_dealloc_action(queue); 2143 2144 return 0; 2145 } 2146 2147 static int __init netback_init(void) 2148 { 2149 int rc = 0; 2150 2151 if (!xen_domain()) 2152 return -ENODEV; 2153 2154 /* Allow as many queues as there are CPUs if user has not 2155 * specified a value. 2156 */ 2157 if (xenvif_max_queues == 0) 2158 xenvif_max_queues = num_online_cpus(); 2159 2160 if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { 2161 pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", 2162 fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX); 2163 fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX; 2164 } 2165 2166 rc = xenvif_xenbus_init(); 2167 if (rc) 2168 goto failed_init; 2169 2170 #ifdef CONFIG_DEBUG_FS 2171 xen_netback_dbg_root = debugfs_create_dir("xen-netback", NULL); 2172 if (IS_ERR_OR_NULL(xen_netback_dbg_root)) 2173 pr_warn("Init of debugfs returned %ld!\n", 2174 PTR_ERR(xen_netback_dbg_root)); 2175 #endif /* CONFIG_DEBUG_FS */ 2176 2177 return 0; 2178 2179 failed_init: 2180 return rc; 2181 } 2182 2183 module_init(netback_init); 2184 2185 static void __exit netback_fini(void) 2186 { 2187 #ifdef CONFIG_DEBUG_FS 2188 if (!IS_ERR_OR_NULL(xen_netback_dbg_root)) 2189 debugfs_remove_recursive(xen_netback_dbg_root); 2190 #endif /* CONFIG_DEBUG_FS */ 2191 xenvif_xenbus_fini(); 2192 } 2193 module_exit(netback_fini); 2194 2195 MODULE_LICENSE("Dual BSD/GPL"); 2196 MODULE_ALIAS("xen-backend:vif"); 2197