1 /* 2 * Back-end of the driver for virtual network devices. This portion of the 3 * driver exports a 'unified' network-device interface that can be accessed 4 * by any operating system that implements a compatible front end. A 5 * reference front-end implementation can be found in: 6 * drivers/net/xen-netfront.c 7 * 8 * Copyright (c) 2002-2005, K A Fraser 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation; or, when distributed 13 * separately from the Linux kernel or incorporated into other 14 * software packages, subject to the following license: 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a copy 17 * of this source file (the "Software"), to deal in the Software without 18 * restriction, including without limitation the rights to use, copy, modify, 19 * merge, publish, distribute, sublicense, and/or sell copies of the Software, 20 * and to permit persons to whom the Software is furnished to do so, subject to 21 * the following conditions: 22 * 23 * The above copyright notice and this permission notice shall be included in 24 * all copies or substantial portions of the Software. 25 * 26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 31 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 32 * IN THE SOFTWARE. 33 */ 34 35 #include "common.h" 36 37 #include <linux/kthread.h> 38 #include <linux/if_vlan.h> 39 #include <linux/udp.h> 40 #include <linux/highmem.h> 41 42 #include <net/tcp.h> 43 44 #include <xen/xen.h> 45 #include <xen/events.h> 46 #include <xen/interface/memory.h> 47 #include <xen/page.h> 48 49 #include <asm/xen/hypercall.h> 50 51 /* Provide an option to disable split event channels at load time as 52 * event channels are limited resource. Split event channels are 53 * enabled by default. 54 */ 55 bool separate_tx_rx_irq = true; 56 module_param(separate_tx_rx_irq, bool, 0644); 57 58 /* The time that packets can stay on the guest Rx internal queue 59 * before they are dropped. 60 */ 61 unsigned int rx_drain_timeout_msecs = 10000; 62 module_param(rx_drain_timeout_msecs, uint, 0444); 63 64 /* The length of time before the frontend is considered unresponsive 65 * because it isn't providing Rx slots. 66 */ 67 unsigned int rx_stall_timeout_msecs = 60000; 68 module_param(rx_stall_timeout_msecs, uint, 0444); 69 70 unsigned int xenvif_max_queues; 71 module_param_named(max_queues, xenvif_max_queues, uint, 0644); 72 MODULE_PARM_DESC(max_queues, 73 "Maximum number of queues per virtual interface"); 74 75 /* 76 * This is the maximum slots a skb can have. If a guest sends a skb 77 * which exceeds this limit it is considered malicious. 78 */ 79 #define FATAL_SKB_SLOTS_DEFAULT 20 80 static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT; 81 module_param(fatal_skb_slots, uint, 0444); 82 83 /* The amount to copy out of the first guest Tx slot into the skb's 84 * linear area. If the first slot has more data, it will be mapped 85 * and put into the first frag. 86 * 87 * This is sized to avoid pulling headers from the frags for most 88 * TCP/IP packets. 89 */ 90 #define XEN_NETBACK_TX_COPY_LEN 128 91 92 93 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 94 u8 status); 95 96 static void make_tx_response(struct xenvif_queue *queue, 97 struct xen_netif_tx_request *txp, 98 s8 st); 99 static void push_tx_responses(struct xenvif_queue *queue); 100 101 static inline int tx_work_todo(struct xenvif_queue *queue); 102 103 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 104 u16 id, 105 s8 st, 106 u16 offset, 107 u16 size, 108 u16 flags); 109 110 static inline unsigned long idx_to_pfn(struct xenvif_queue *queue, 111 u16 idx) 112 { 113 return page_to_pfn(queue->mmap_pages[idx]); 114 } 115 116 static inline unsigned long idx_to_kaddr(struct xenvif_queue *queue, 117 u16 idx) 118 { 119 return (unsigned long)pfn_to_kaddr(idx_to_pfn(queue, idx)); 120 } 121 122 #define callback_param(vif, pending_idx) \ 123 (vif->pending_tx_info[pending_idx].callback_struct) 124 125 /* Find the containing VIF's structure from a pointer in pending_tx_info array 126 */ 127 static inline struct xenvif_queue *ubuf_to_queue(const struct ubuf_info *ubuf) 128 { 129 u16 pending_idx = ubuf->desc; 130 struct pending_tx_info *temp = 131 container_of(ubuf, struct pending_tx_info, callback_struct); 132 return container_of(temp - pending_idx, 133 struct xenvif_queue, 134 pending_tx_info[0]); 135 } 136 137 static u16 frag_get_pending_idx(skb_frag_t *frag) 138 { 139 return (u16)frag->page_offset; 140 } 141 142 static void frag_set_pending_idx(skb_frag_t *frag, u16 pending_idx) 143 { 144 frag->page_offset = pending_idx; 145 } 146 147 static inline pending_ring_idx_t pending_index(unsigned i) 148 { 149 return i & (MAX_PENDING_REQS-1); 150 } 151 152 static int xenvif_rx_ring_slots_needed(struct xenvif *vif) 153 { 154 if (vif->gso_mask) 155 return DIV_ROUND_UP(vif->dev->gso_max_size, PAGE_SIZE) + 1; 156 else 157 return DIV_ROUND_UP(vif->dev->mtu, PAGE_SIZE); 158 } 159 160 static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue) 161 { 162 RING_IDX prod, cons; 163 int needed; 164 165 needed = xenvif_rx_ring_slots_needed(queue->vif); 166 167 do { 168 prod = queue->rx.sring->req_prod; 169 cons = queue->rx.req_cons; 170 171 if (prod - cons >= needed) 172 return true; 173 174 queue->rx.sring->req_event = prod + 1; 175 176 /* Make sure event is visible before we check prod 177 * again. 178 */ 179 mb(); 180 } while (queue->rx.sring->req_prod != prod); 181 182 return false; 183 } 184 185 void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) 186 { 187 unsigned long flags; 188 189 spin_lock_irqsave(&queue->rx_queue.lock, flags); 190 191 __skb_queue_tail(&queue->rx_queue, skb); 192 193 queue->rx_queue_len += skb->len; 194 if (queue->rx_queue_len > queue->rx_queue_max) 195 netif_tx_stop_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 196 197 spin_unlock_irqrestore(&queue->rx_queue.lock, flags); 198 } 199 200 static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue) 201 { 202 struct sk_buff *skb; 203 204 spin_lock_irq(&queue->rx_queue.lock); 205 206 skb = __skb_dequeue(&queue->rx_queue); 207 if (skb) 208 queue->rx_queue_len -= skb->len; 209 210 spin_unlock_irq(&queue->rx_queue.lock); 211 212 return skb; 213 } 214 215 static void xenvif_rx_queue_maybe_wake(struct xenvif_queue *queue) 216 { 217 spin_lock_irq(&queue->rx_queue.lock); 218 219 if (queue->rx_queue_len < queue->rx_queue_max) 220 netif_tx_wake_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 221 222 spin_unlock_irq(&queue->rx_queue.lock); 223 } 224 225 226 static void xenvif_rx_queue_purge(struct xenvif_queue *queue) 227 { 228 struct sk_buff *skb; 229 while ((skb = xenvif_rx_dequeue(queue)) != NULL) 230 kfree_skb(skb); 231 } 232 233 static void xenvif_rx_queue_drop_expired(struct xenvif_queue *queue) 234 { 235 struct sk_buff *skb; 236 237 for(;;) { 238 skb = skb_peek(&queue->rx_queue); 239 if (!skb) 240 break; 241 if (time_before(jiffies, XENVIF_RX_CB(skb)->expires)) 242 break; 243 xenvif_rx_dequeue(queue); 244 kfree_skb(skb); 245 } 246 } 247 248 struct netrx_pending_operations { 249 unsigned copy_prod, copy_cons; 250 unsigned meta_prod, meta_cons; 251 struct gnttab_copy *copy; 252 struct xenvif_rx_meta *meta; 253 int copy_off; 254 grant_ref_t copy_gref; 255 }; 256 257 static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue, 258 struct netrx_pending_operations *npo) 259 { 260 struct xenvif_rx_meta *meta; 261 struct xen_netif_rx_request *req; 262 263 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 264 265 meta = npo->meta + npo->meta_prod++; 266 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 267 meta->gso_size = 0; 268 meta->size = 0; 269 meta->id = req->id; 270 271 npo->copy_off = 0; 272 npo->copy_gref = req->gref; 273 274 return meta; 275 } 276 277 /* 278 * Set up the grant operations for this fragment. If it's a flipping 279 * interface, we also set up the unmap request from here. 280 */ 281 static void xenvif_gop_frag_copy(struct xenvif_queue *queue, struct sk_buff *skb, 282 struct netrx_pending_operations *npo, 283 struct page *page, unsigned long size, 284 unsigned long offset, int *head) 285 { 286 struct gnttab_copy *copy_gop; 287 struct xenvif_rx_meta *meta; 288 unsigned long bytes; 289 int gso_type = XEN_NETIF_GSO_TYPE_NONE; 290 291 /* Data must not cross a page boundary. */ 292 BUG_ON(size + offset > PAGE_SIZE<<compound_order(page)); 293 294 meta = npo->meta + npo->meta_prod - 1; 295 296 /* Skip unused frames from start of page */ 297 page += offset >> PAGE_SHIFT; 298 offset &= ~PAGE_MASK; 299 300 while (size > 0) { 301 struct xen_page_foreign *foreign; 302 303 BUG_ON(offset >= PAGE_SIZE); 304 BUG_ON(npo->copy_off > MAX_BUFFER_OFFSET); 305 306 if (npo->copy_off == MAX_BUFFER_OFFSET) 307 meta = get_next_rx_buffer(queue, npo); 308 309 bytes = PAGE_SIZE - offset; 310 if (bytes > size) 311 bytes = size; 312 313 if (npo->copy_off + bytes > MAX_BUFFER_OFFSET) 314 bytes = MAX_BUFFER_OFFSET - npo->copy_off; 315 316 copy_gop = npo->copy + npo->copy_prod++; 317 copy_gop->flags = GNTCOPY_dest_gref; 318 copy_gop->len = bytes; 319 320 foreign = xen_page_foreign(page); 321 if (foreign) { 322 copy_gop->source.domid = foreign->domid; 323 copy_gop->source.u.ref = foreign->gref; 324 copy_gop->flags |= GNTCOPY_source_gref; 325 } else { 326 copy_gop->source.domid = DOMID_SELF; 327 copy_gop->source.u.gmfn = 328 virt_to_gfn(page_address(page)); 329 } 330 copy_gop->source.offset = offset; 331 332 copy_gop->dest.domid = queue->vif->domid; 333 copy_gop->dest.offset = npo->copy_off; 334 copy_gop->dest.u.ref = npo->copy_gref; 335 336 npo->copy_off += bytes; 337 meta->size += bytes; 338 339 offset += bytes; 340 size -= bytes; 341 342 /* Next frame */ 343 if (offset == PAGE_SIZE && size) { 344 BUG_ON(!PageCompound(page)); 345 page++; 346 offset = 0; 347 } 348 349 /* Leave a gap for the GSO descriptor. */ 350 if (skb_is_gso(skb)) { 351 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 352 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 353 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 354 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 355 } 356 357 if (*head && ((1 << gso_type) & queue->vif->gso_mask)) 358 queue->rx.req_cons++; 359 360 *head = 0; /* There must be something in this buffer now. */ 361 362 } 363 } 364 365 /* 366 * Prepare an SKB to be transmitted to the frontend. 367 * 368 * This function is responsible for allocating grant operations, meta 369 * structures, etc. 370 * 371 * It returns the number of meta structures consumed. The number of 372 * ring slots used is always equal to the number of meta slots used 373 * plus the number of GSO descriptors used. Currently, we use either 374 * zero GSO descriptors (for non-GSO packets) or one descriptor (for 375 * frontend-side LRO). 376 */ 377 static int xenvif_gop_skb(struct sk_buff *skb, 378 struct netrx_pending_operations *npo, 379 struct xenvif_queue *queue) 380 { 381 struct xenvif *vif = netdev_priv(skb->dev); 382 int nr_frags = skb_shinfo(skb)->nr_frags; 383 int i; 384 struct xen_netif_rx_request *req; 385 struct xenvif_rx_meta *meta; 386 unsigned char *data; 387 int head = 1; 388 int old_meta_prod; 389 int gso_type; 390 391 old_meta_prod = npo->meta_prod; 392 393 gso_type = XEN_NETIF_GSO_TYPE_NONE; 394 if (skb_is_gso(skb)) { 395 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 396 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 397 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 398 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 399 } 400 401 /* Set up a GSO prefix descriptor, if necessary */ 402 if ((1 << gso_type) & vif->gso_prefix_mask) { 403 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 404 meta = npo->meta + npo->meta_prod++; 405 meta->gso_type = gso_type; 406 meta->gso_size = skb_shinfo(skb)->gso_size; 407 meta->size = 0; 408 meta->id = req->id; 409 } 410 411 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 412 meta = npo->meta + npo->meta_prod++; 413 414 if ((1 << gso_type) & vif->gso_mask) { 415 meta->gso_type = gso_type; 416 meta->gso_size = skb_shinfo(skb)->gso_size; 417 } else { 418 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 419 meta->gso_size = 0; 420 } 421 422 meta->size = 0; 423 meta->id = req->id; 424 npo->copy_off = 0; 425 npo->copy_gref = req->gref; 426 427 data = skb->data; 428 while (data < skb_tail_pointer(skb)) { 429 unsigned int offset = offset_in_page(data); 430 unsigned int len = PAGE_SIZE - offset; 431 432 if (data + len > skb_tail_pointer(skb)) 433 len = skb_tail_pointer(skb) - data; 434 435 xenvif_gop_frag_copy(queue, skb, npo, 436 virt_to_page(data), len, offset, &head); 437 data += len; 438 } 439 440 for (i = 0; i < nr_frags; i++) { 441 xenvif_gop_frag_copy(queue, skb, npo, 442 skb_frag_page(&skb_shinfo(skb)->frags[i]), 443 skb_frag_size(&skb_shinfo(skb)->frags[i]), 444 skb_shinfo(skb)->frags[i].page_offset, 445 &head); 446 } 447 448 return npo->meta_prod - old_meta_prod; 449 } 450 451 /* 452 * This is a twin to xenvif_gop_skb. Assume that xenvif_gop_skb was 453 * used to set up the operations on the top of 454 * netrx_pending_operations, which have since been done. Check that 455 * they didn't give any errors and advance over them. 456 */ 457 static int xenvif_check_gop(struct xenvif *vif, int nr_meta_slots, 458 struct netrx_pending_operations *npo) 459 { 460 struct gnttab_copy *copy_op; 461 int status = XEN_NETIF_RSP_OKAY; 462 int i; 463 464 for (i = 0; i < nr_meta_slots; i++) { 465 copy_op = npo->copy + npo->copy_cons++; 466 if (copy_op->status != GNTST_okay) { 467 netdev_dbg(vif->dev, 468 "Bad status %d from copy to DOM%d.\n", 469 copy_op->status, vif->domid); 470 status = XEN_NETIF_RSP_ERROR; 471 } 472 } 473 474 return status; 475 } 476 477 static void xenvif_add_frag_responses(struct xenvif_queue *queue, int status, 478 struct xenvif_rx_meta *meta, 479 int nr_meta_slots) 480 { 481 int i; 482 unsigned long offset; 483 484 /* No fragments used */ 485 if (nr_meta_slots <= 1) 486 return; 487 488 nr_meta_slots--; 489 490 for (i = 0; i < nr_meta_slots; i++) { 491 int flags; 492 if (i == nr_meta_slots - 1) 493 flags = 0; 494 else 495 flags = XEN_NETRXF_more_data; 496 497 offset = 0; 498 make_rx_response(queue, meta[i].id, status, offset, 499 meta[i].size, flags); 500 } 501 } 502 503 void xenvif_kick_thread(struct xenvif_queue *queue) 504 { 505 wake_up(&queue->wq); 506 } 507 508 static void xenvif_rx_action(struct xenvif_queue *queue) 509 { 510 s8 status; 511 u16 flags; 512 struct xen_netif_rx_response *resp; 513 struct sk_buff_head rxq; 514 struct sk_buff *skb; 515 LIST_HEAD(notify); 516 int ret; 517 unsigned long offset; 518 bool need_to_notify = false; 519 520 struct netrx_pending_operations npo = { 521 .copy = queue->grant_copy_op, 522 .meta = queue->meta, 523 }; 524 525 skb_queue_head_init(&rxq); 526 527 while (xenvif_rx_ring_slots_available(queue) 528 && (skb = xenvif_rx_dequeue(queue)) != NULL) { 529 queue->last_rx_time = jiffies; 530 531 XENVIF_RX_CB(skb)->meta_slots_used = xenvif_gop_skb(skb, &npo, queue); 532 533 __skb_queue_tail(&rxq, skb); 534 } 535 536 BUG_ON(npo.meta_prod > ARRAY_SIZE(queue->meta)); 537 538 if (!npo.copy_prod) 539 goto done; 540 541 BUG_ON(npo.copy_prod > MAX_GRANT_COPY_OPS); 542 gnttab_batch_copy(queue->grant_copy_op, npo.copy_prod); 543 544 while ((skb = __skb_dequeue(&rxq)) != NULL) { 545 546 if ((1 << queue->meta[npo.meta_cons].gso_type) & 547 queue->vif->gso_prefix_mask) { 548 resp = RING_GET_RESPONSE(&queue->rx, 549 queue->rx.rsp_prod_pvt++); 550 551 resp->flags = XEN_NETRXF_gso_prefix | XEN_NETRXF_more_data; 552 553 resp->offset = queue->meta[npo.meta_cons].gso_size; 554 resp->id = queue->meta[npo.meta_cons].id; 555 resp->status = XENVIF_RX_CB(skb)->meta_slots_used; 556 557 npo.meta_cons++; 558 XENVIF_RX_CB(skb)->meta_slots_used--; 559 } 560 561 562 queue->stats.tx_bytes += skb->len; 563 queue->stats.tx_packets++; 564 565 status = xenvif_check_gop(queue->vif, 566 XENVIF_RX_CB(skb)->meta_slots_used, 567 &npo); 568 569 if (XENVIF_RX_CB(skb)->meta_slots_used == 1) 570 flags = 0; 571 else 572 flags = XEN_NETRXF_more_data; 573 574 if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */ 575 flags |= XEN_NETRXF_csum_blank | XEN_NETRXF_data_validated; 576 else if (skb->ip_summed == CHECKSUM_UNNECESSARY) 577 /* remote but checksummed. */ 578 flags |= XEN_NETRXF_data_validated; 579 580 offset = 0; 581 resp = make_rx_response(queue, queue->meta[npo.meta_cons].id, 582 status, offset, 583 queue->meta[npo.meta_cons].size, 584 flags); 585 586 if ((1 << queue->meta[npo.meta_cons].gso_type) & 587 queue->vif->gso_mask) { 588 struct xen_netif_extra_info *gso = 589 (struct xen_netif_extra_info *) 590 RING_GET_RESPONSE(&queue->rx, 591 queue->rx.rsp_prod_pvt++); 592 593 resp->flags |= XEN_NETRXF_extra_info; 594 595 gso->u.gso.type = queue->meta[npo.meta_cons].gso_type; 596 gso->u.gso.size = queue->meta[npo.meta_cons].gso_size; 597 gso->u.gso.pad = 0; 598 gso->u.gso.features = 0; 599 600 gso->type = XEN_NETIF_EXTRA_TYPE_GSO; 601 gso->flags = 0; 602 } 603 604 xenvif_add_frag_responses(queue, status, 605 queue->meta + npo.meta_cons + 1, 606 XENVIF_RX_CB(skb)->meta_slots_used); 607 608 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->rx, ret); 609 610 need_to_notify |= !!ret; 611 612 npo.meta_cons += XENVIF_RX_CB(skb)->meta_slots_used; 613 dev_kfree_skb(skb); 614 } 615 616 done: 617 if (need_to_notify) 618 notify_remote_via_irq(queue->rx_irq); 619 } 620 621 void xenvif_napi_schedule_or_enable_events(struct xenvif_queue *queue) 622 { 623 int more_to_do; 624 625 RING_FINAL_CHECK_FOR_REQUESTS(&queue->tx, more_to_do); 626 627 if (more_to_do) 628 napi_schedule(&queue->napi); 629 } 630 631 static void tx_add_credit(struct xenvif_queue *queue) 632 { 633 unsigned long max_burst, max_credit; 634 635 /* 636 * Allow a burst big enough to transmit a jumbo packet of up to 128kB. 637 * Otherwise the interface can seize up due to insufficient credit. 638 */ 639 max_burst = RING_GET_REQUEST(&queue->tx, queue->tx.req_cons)->size; 640 max_burst = min(max_burst, 131072UL); 641 max_burst = max(max_burst, queue->credit_bytes); 642 643 /* Take care that adding a new chunk of credit doesn't wrap to zero. */ 644 max_credit = queue->remaining_credit + queue->credit_bytes; 645 if (max_credit < queue->remaining_credit) 646 max_credit = ULONG_MAX; /* wrapped: clamp to ULONG_MAX */ 647 648 queue->remaining_credit = min(max_credit, max_burst); 649 } 650 651 void xenvif_tx_credit_callback(unsigned long data) 652 { 653 struct xenvif_queue *queue = (struct xenvif_queue *)data; 654 tx_add_credit(queue); 655 xenvif_napi_schedule_or_enable_events(queue); 656 } 657 658 static void xenvif_tx_err(struct xenvif_queue *queue, 659 struct xen_netif_tx_request *txp, RING_IDX end) 660 { 661 RING_IDX cons = queue->tx.req_cons; 662 unsigned long flags; 663 664 do { 665 spin_lock_irqsave(&queue->response_lock, flags); 666 make_tx_response(queue, txp, XEN_NETIF_RSP_ERROR); 667 push_tx_responses(queue); 668 spin_unlock_irqrestore(&queue->response_lock, flags); 669 if (cons == end) 670 break; 671 txp = RING_GET_REQUEST(&queue->tx, cons++); 672 } while (1); 673 queue->tx.req_cons = cons; 674 } 675 676 static void xenvif_fatal_tx_err(struct xenvif *vif) 677 { 678 netdev_err(vif->dev, "fatal error; disabling device\n"); 679 vif->disabled = true; 680 /* Disable the vif from queue 0's kthread */ 681 if (vif->queues) 682 xenvif_kick_thread(&vif->queues[0]); 683 } 684 685 static int xenvif_count_requests(struct xenvif_queue *queue, 686 struct xen_netif_tx_request *first, 687 struct xen_netif_tx_request *txp, 688 int work_to_do) 689 { 690 RING_IDX cons = queue->tx.req_cons; 691 int slots = 0; 692 int drop_err = 0; 693 int more_data; 694 695 if (!(first->flags & XEN_NETTXF_more_data)) 696 return 0; 697 698 do { 699 struct xen_netif_tx_request dropped_tx = { 0 }; 700 701 if (slots >= work_to_do) { 702 netdev_err(queue->vif->dev, 703 "Asked for %d slots but exceeds this limit\n", 704 work_to_do); 705 xenvif_fatal_tx_err(queue->vif); 706 return -ENODATA; 707 } 708 709 /* This guest is really using too many slots and 710 * considered malicious. 711 */ 712 if (unlikely(slots >= fatal_skb_slots)) { 713 netdev_err(queue->vif->dev, 714 "Malicious frontend using %d slots, threshold %u\n", 715 slots, fatal_skb_slots); 716 xenvif_fatal_tx_err(queue->vif); 717 return -E2BIG; 718 } 719 720 /* Xen network protocol had implicit dependency on 721 * MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to 722 * the historical MAX_SKB_FRAGS value 18 to honor the 723 * same behavior as before. Any packet using more than 724 * 18 slots but less than fatal_skb_slots slots is 725 * dropped 726 */ 727 if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) { 728 if (net_ratelimit()) 729 netdev_dbg(queue->vif->dev, 730 "Too many slots (%d) exceeding limit (%d), dropping packet\n", 731 slots, XEN_NETBK_LEGACY_SLOTS_MAX); 732 drop_err = -E2BIG; 733 } 734 735 if (drop_err) 736 txp = &dropped_tx; 737 738 memcpy(txp, RING_GET_REQUEST(&queue->tx, cons + slots), 739 sizeof(*txp)); 740 741 /* If the guest submitted a frame >= 64 KiB then 742 * first->size overflowed and following slots will 743 * appear to be larger than the frame. 744 * 745 * This cannot be fatal error as there are buggy 746 * frontends that do this. 747 * 748 * Consume all slots and drop the packet. 749 */ 750 if (!drop_err && txp->size > first->size) { 751 if (net_ratelimit()) 752 netdev_dbg(queue->vif->dev, 753 "Invalid tx request, slot size %u > remaining size %u\n", 754 txp->size, first->size); 755 drop_err = -EIO; 756 } 757 758 first->size -= txp->size; 759 slots++; 760 761 if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { 762 netdev_err(queue->vif->dev, "Cross page boundary, txp->offset: %u, size: %u\n", 763 txp->offset, txp->size); 764 xenvif_fatal_tx_err(queue->vif); 765 return -EINVAL; 766 } 767 768 more_data = txp->flags & XEN_NETTXF_more_data; 769 770 if (!drop_err) 771 txp++; 772 773 } while (more_data); 774 775 if (drop_err) { 776 xenvif_tx_err(queue, first, cons + slots); 777 return drop_err; 778 } 779 780 return slots; 781 } 782 783 784 struct xenvif_tx_cb { 785 u16 pending_idx; 786 }; 787 788 #define XENVIF_TX_CB(skb) ((struct xenvif_tx_cb *)(skb)->cb) 789 790 static inline void xenvif_tx_create_map_op(struct xenvif_queue *queue, 791 u16 pending_idx, 792 struct xen_netif_tx_request *txp, 793 struct gnttab_map_grant_ref *mop) 794 { 795 queue->pages_to_map[mop-queue->tx_map_ops] = queue->mmap_pages[pending_idx]; 796 gnttab_set_map_op(mop, idx_to_kaddr(queue, pending_idx), 797 GNTMAP_host_map | GNTMAP_readonly, 798 txp->gref, queue->vif->domid); 799 800 memcpy(&queue->pending_tx_info[pending_idx].req, txp, 801 sizeof(*txp)); 802 } 803 804 static inline struct sk_buff *xenvif_alloc_skb(unsigned int size) 805 { 806 struct sk_buff *skb = 807 alloc_skb(size + NET_SKB_PAD + NET_IP_ALIGN, 808 GFP_ATOMIC | __GFP_NOWARN); 809 if (unlikely(skb == NULL)) 810 return NULL; 811 812 /* Packets passed to netif_rx() must have some headroom. */ 813 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); 814 815 /* Initialize it here to avoid later surprises */ 816 skb_shinfo(skb)->destructor_arg = NULL; 817 818 return skb; 819 } 820 821 static struct gnttab_map_grant_ref *xenvif_get_requests(struct xenvif_queue *queue, 822 struct sk_buff *skb, 823 struct xen_netif_tx_request *txp, 824 struct gnttab_map_grant_ref *gop, 825 unsigned int frag_overflow, 826 struct sk_buff *nskb) 827 { 828 struct skb_shared_info *shinfo = skb_shinfo(skb); 829 skb_frag_t *frags = shinfo->frags; 830 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 831 int start; 832 pending_ring_idx_t index; 833 unsigned int nr_slots; 834 835 nr_slots = shinfo->nr_frags; 836 837 /* Skip first skb fragment if it is on same page as header fragment. */ 838 start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); 839 840 for (shinfo->nr_frags = start; shinfo->nr_frags < nr_slots; 841 shinfo->nr_frags++, txp++, gop++) { 842 index = pending_index(queue->pending_cons++); 843 pending_idx = queue->pending_ring[index]; 844 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 845 frag_set_pending_idx(&frags[shinfo->nr_frags], pending_idx); 846 } 847 848 if (frag_overflow) { 849 850 shinfo = skb_shinfo(nskb); 851 frags = shinfo->frags; 852 853 for (shinfo->nr_frags = 0; shinfo->nr_frags < frag_overflow; 854 shinfo->nr_frags++, txp++, gop++) { 855 index = pending_index(queue->pending_cons++); 856 pending_idx = queue->pending_ring[index]; 857 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 858 frag_set_pending_idx(&frags[shinfo->nr_frags], 859 pending_idx); 860 } 861 862 skb_shinfo(skb)->frag_list = nskb; 863 } 864 865 return gop; 866 } 867 868 static inline void xenvif_grant_handle_set(struct xenvif_queue *queue, 869 u16 pending_idx, 870 grant_handle_t handle) 871 { 872 if (unlikely(queue->grant_tx_handle[pending_idx] != 873 NETBACK_INVALID_HANDLE)) { 874 netdev_err(queue->vif->dev, 875 "Trying to overwrite active handle! pending_idx: 0x%x\n", 876 pending_idx); 877 BUG(); 878 } 879 queue->grant_tx_handle[pending_idx] = handle; 880 } 881 882 static inline void xenvif_grant_handle_reset(struct xenvif_queue *queue, 883 u16 pending_idx) 884 { 885 if (unlikely(queue->grant_tx_handle[pending_idx] == 886 NETBACK_INVALID_HANDLE)) { 887 netdev_err(queue->vif->dev, 888 "Trying to unmap invalid handle! pending_idx: 0x%x\n", 889 pending_idx); 890 BUG(); 891 } 892 queue->grant_tx_handle[pending_idx] = NETBACK_INVALID_HANDLE; 893 } 894 895 static int xenvif_tx_check_gop(struct xenvif_queue *queue, 896 struct sk_buff *skb, 897 struct gnttab_map_grant_ref **gopp_map, 898 struct gnttab_copy **gopp_copy) 899 { 900 struct gnttab_map_grant_ref *gop_map = *gopp_map; 901 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 902 /* This always points to the shinfo of the skb being checked, which 903 * could be either the first or the one on the frag_list 904 */ 905 struct skb_shared_info *shinfo = skb_shinfo(skb); 906 /* If this is non-NULL, we are currently checking the frag_list skb, and 907 * this points to the shinfo of the first one 908 */ 909 struct skb_shared_info *first_shinfo = NULL; 910 int nr_frags = shinfo->nr_frags; 911 const bool sharedslot = nr_frags && 912 frag_get_pending_idx(&shinfo->frags[0]) == pending_idx; 913 int i, err; 914 915 /* Check status of header. */ 916 err = (*gopp_copy)->status; 917 if (unlikely(err)) { 918 if (net_ratelimit()) 919 netdev_dbg(queue->vif->dev, 920 "Grant copy of header failed! status: %d pending_idx: %u ref: %u\n", 921 (*gopp_copy)->status, 922 pending_idx, 923 (*gopp_copy)->source.u.ref); 924 /* The first frag might still have this slot mapped */ 925 if (!sharedslot) 926 xenvif_idx_release(queue, pending_idx, 927 XEN_NETIF_RSP_ERROR); 928 } 929 (*gopp_copy)++; 930 931 check_frags: 932 for (i = 0; i < nr_frags; i++, gop_map++) { 933 int j, newerr; 934 935 pending_idx = frag_get_pending_idx(&shinfo->frags[i]); 936 937 /* Check error status: if okay then remember grant handle. */ 938 newerr = gop_map->status; 939 940 if (likely(!newerr)) { 941 xenvif_grant_handle_set(queue, 942 pending_idx, 943 gop_map->handle); 944 /* Had a previous error? Invalidate this fragment. */ 945 if (unlikely(err)) { 946 xenvif_idx_unmap(queue, pending_idx); 947 /* If the mapping of the first frag was OK, but 948 * the header's copy failed, and they are 949 * sharing a slot, send an error 950 */ 951 if (i == 0 && sharedslot) 952 xenvif_idx_release(queue, pending_idx, 953 XEN_NETIF_RSP_ERROR); 954 else 955 xenvif_idx_release(queue, pending_idx, 956 XEN_NETIF_RSP_OKAY); 957 } 958 continue; 959 } 960 961 /* Error on this fragment: respond to client with an error. */ 962 if (net_ratelimit()) 963 netdev_dbg(queue->vif->dev, 964 "Grant map of %d. frag failed! status: %d pending_idx: %u ref: %u\n", 965 i, 966 gop_map->status, 967 pending_idx, 968 gop_map->ref); 969 970 xenvif_idx_release(queue, pending_idx, XEN_NETIF_RSP_ERROR); 971 972 /* Not the first error? Preceding frags already invalidated. */ 973 if (err) 974 continue; 975 976 /* First error: if the header haven't shared a slot with the 977 * first frag, release it as well. 978 */ 979 if (!sharedslot) 980 xenvif_idx_release(queue, 981 XENVIF_TX_CB(skb)->pending_idx, 982 XEN_NETIF_RSP_OKAY); 983 984 /* Invalidate preceding fragments of this skb. */ 985 for (j = 0; j < i; j++) { 986 pending_idx = frag_get_pending_idx(&shinfo->frags[j]); 987 xenvif_idx_unmap(queue, pending_idx); 988 xenvif_idx_release(queue, pending_idx, 989 XEN_NETIF_RSP_OKAY); 990 } 991 992 /* And if we found the error while checking the frag_list, unmap 993 * the first skb's frags 994 */ 995 if (first_shinfo) { 996 for (j = 0; j < first_shinfo->nr_frags; j++) { 997 pending_idx = frag_get_pending_idx(&first_shinfo->frags[j]); 998 xenvif_idx_unmap(queue, pending_idx); 999 xenvif_idx_release(queue, pending_idx, 1000 XEN_NETIF_RSP_OKAY); 1001 } 1002 } 1003 1004 /* Remember the error: invalidate all subsequent fragments. */ 1005 err = newerr; 1006 } 1007 1008 if (skb_has_frag_list(skb) && !first_shinfo) { 1009 first_shinfo = skb_shinfo(skb); 1010 shinfo = skb_shinfo(skb_shinfo(skb)->frag_list); 1011 nr_frags = shinfo->nr_frags; 1012 1013 goto check_frags; 1014 } 1015 1016 *gopp_map = gop_map; 1017 return err; 1018 } 1019 1020 static void xenvif_fill_frags(struct xenvif_queue *queue, struct sk_buff *skb) 1021 { 1022 struct skb_shared_info *shinfo = skb_shinfo(skb); 1023 int nr_frags = shinfo->nr_frags; 1024 int i; 1025 u16 prev_pending_idx = INVALID_PENDING_IDX; 1026 1027 for (i = 0; i < nr_frags; i++) { 1028 skb_frag_t *frag = shinfo->frags + i; 1029 struct xen_netif_tx_request *txp; 1030 struct page *page; 1031 u16 pending_idx; 1032 1033 pending_idx = frag_get_pending_idx(frag); 1034 1035 /* If this is not the first frag, chain it to the previous*/ 1036 if (prev_pending_idx == INVALID_PENDING_IDX) 1037 skb_shinfo(skb)->destructor_arg = 1038 &callback_param(queue, pending_idx); 1039 else 1040 callback_param(queue, prev_pending_idx).ctx = 1041 &callback_param(queue, pending_idx); 1042 1043 callback_param(queue, pending_idx).ctx = NULL; 1044 prev_pending_idx = pending_idx; 1045 1046 txp = &queue->pending_tx_info[pending_idx].req; 1047 page = virt_to_page(idx_to_kaddr(queue, pending_idx)); 1048 __skb_fill_page_desc(skb, i, page, txp->offset, txp->size); 1049 skb->len += txp->size; 1050 skb->data_len += txp->size; 1051 skb->truesize += txp->size; 1052 1053 /* Take an extra reference to offset network stack's put_page */ 1054 get_page(queue->mmap_pages[pending_idx]); 1055 } 1056 } 1057 1058 static int xenvif_get_extras(struct xenvif_queue *queue, 1059 struct xen_netif_extra_info *extras, 1060 int work_to_do) 1061 { 1062 struct xen_netif_extra_info extra; 1063 RING_IDX cons = queue->tx.req_cons; 1064 1065 do { 1066 if (unlikely(work_to_do-- <= 0)) { 1067 netdev_err(queue->vif->dev, "Missing extra info\n"); 1068 xenvif_fatal_tx_err(queue->vif); 1069 return -EBADR; 1070 } 1071 1072 memcpy(&extra, RING_GET_REQUEST(&queue->tx, cons), 1073 sizeof(extra)); 1074 if (unlikely(!extra.type || 1075 extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { 1076 queue->tx.req_cons = ++cons; 1077 netdev_err(queue->vif->dev, 1078 "Invalid extra type: %d\n", extra.type); 1079 xenvif_fatal_tx_err(queue->vif); 1080 return -EINVAL; 1081 } 1082 1083 memcpy(&extras[extra.type - 1], &extra, sizeof(extra)); 1084 queue->tx.req_cons = ++cons; 1085 } while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE); 1086 1087 return work_to_do; 1088 } 1089 1090 static int xenvif_set_skb_gso(struct xenvif *vif, 1091 struct sk_buff *skb, 1092 struct xen_netif_extra_info *gso) 1093 { 1094 if (!gso->u.gso.size) { 1095 netdev_err(vif->dev, "GSO size must not be zero.\n"); 1096 xenvif_fatal_tx_err(vif); 1097 return -EINVAL; 1098 } 1099 1100 switch (gso->u.gso.type) { 1101 case XEN_NETIF_GSO_TYPE_TCPV4: 1102 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4; 1103 break; 1104 case XEN_NETIF_GSO_TYPE_TCPV6: 1105 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 1106 break; 1107 default: 1108 netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); 1109 xenvif_fatal_tx_err(vif); 1110 return -EINVAL; 1111 } 1112 1113 skb_shinfo(skb)->gso_size = gso->u.gso.size; 1114 /* gso_segs will be calculated later */ 1115 1116 return 0; 1117 } 1118 1119 static int checksum_setup(struct xenvif_queue *queue, struct sk_buff *skb) 1120 { 1121 bool recalculate_partial_csum = false; 1122 1123 /* A GSO SKB must be CHECKSUM_PARTIAL. However some buggy 1124 * peers can fail to set NETRXF_csum_blank when sending a GSO 1125 * frame. In this case force the SKB to CHECKSUM_PARTIAL and 1126 * recalculate the partial checksum. 1127 */ 1128 if (skb->ip_summed != CHECKSUM_PARTIAL && skb_is_gso(skb)) { 1129 queue->stats.rx_gso_checksum_fixup++; 1130 skb->ip_summed = CHECKSUM_PARTIAL; 1131 recalculate_partial_csum = true; 1132 } 1133 1134 /* A non-CHECKSUM_PARTIAL SKB does not require setup. */ 1135 if (skb->ip_summed != CHECKSUM_PARTIAL) 1136 return 0; 1137 1138 return skb_checksum_setup(skb, recalculate_partial_csum); 1139 } 1140 1141 static bool tx_credit_exceeded(struct xenvif_queue *queue, unsigned size) 1142 { 1143 u64 now = get_jiffies_64(); 1144 u64 next_credit = queue->credit_window_start + 1145 msecs_to_jiffies(queue->credit_usec / 1000); 1146 1147 /* Timer could already be pending in rare cases. */ 1148 if (timer_pending(&queue->credit_timeout)) 1149 return true; 1150 1151 /* Passed the point where we can replenish credit? */ 1152 if (time_after_eq64(now, next_credit)) { 1153 queue->credit_window_start = now; 1154 tx_add_credit(queue); 1155 } 1156 1157 /* Still too big to send right now? Set a callback. */ 1158 if (size > queue->remaining_credit) { 1159 queue->credit_timeout.data = 1160 (unsigned long)queue; 1161 mod_timer(&queue->credit_timeout, 1162 next_credit); 1163 queue->credit_window_start = next_credit; 1164 1165 return true; 1166 } 1167 1168 return false; 1169 } 1170 1171 /* No locking is required in xenvif_mcast_add/del() as they are 1172 * only ever invoked from NAPI poll. An RCU list is used because 1173 * xenvif_mcast_match() is called asynchronously, during start_xmit. 1174 */ 1175 1176 static int xenvif_mcast_add(struct xenvif *vif, const u8 *addr) 1177 { 1178 struct xenvif_mcast_addr *mcast; 1179 1180 if (vif->fe_mcast_count == XEN_NETBK_MCAST_MAX) { 1181 if (net_ratelimit()) 1182 netdev_err(vif->dev, 1183 "Too many multicast addresses\n"); 1184 return -ENOSPC; 1185 } 1186 1187 mcast = kzalloc(sizeof(*mcast), GFP_ATOMIC); 1188 if (!mcast) 1189 return -ENOMEM; 1190 1191 ether_addr_copy(mcast->addr, addr); 1192 list_add_tail_rcu(&mcast->entry, &vif->fe_mcast_addr); 1193 vif->fe_mcast_count++; 1194 1195 return 0; 1196 } 1197 1198 static void xenvif_mcast_del(struct xenvif *vif, const u8 *addr) 1199 { 1200 struct xenvif_mcast_addr *mcast; 1201 1202 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) { 1203 if (ether_addr_equal(addr, mcast->addr)) { 1204 --vif->fe_mcast_count; 1205 list_del_rcu(&mcast->entry); 1206 kfree_rcu(mcast, rcu); 1207 break; 1208 } 1209 } 1210 } 1211 1212 bool xenvif_mcast_match(struct xenvif *vif, const u8 *addr) 1213 { 1214 struct xenvif_mcast_addr *mcast; 1215 1216 rcu_read_lock(); 1217 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) { 1218 if (ether_addr_equal(addr, mcast->addr)) { 1219 rcu_read_unlock(); 1220 return true; 1221 } 1222 } 1223 rcu_read_unlock(); 1224 1225 return false; 1226 } 1227 1228 void xenvif_mcast_addr_list_free(struct xenvif *vif) 1229 { 1230 /* No need for locking or RCU here. NAPI poll and TX queue 1231 * are stopped. 1232 */ 1233 while (!list_empty(&vif->fe_mcast_addr)) { 1234 struct xenvif_mcast_addr *mcast; 1235 1236 mcast = list_first_entry(&vif->fe_mcast_addr, 1237 struct xenvif_mcast_addr, 1238 entry); 1239 --vif->fe_mcast_count; 1240 list_del(&mcast->entry); 1241 kfree(mcast); 1242 } 1243 } 1244 1245 static void xenvif_tx_build_gops(struct xenvif_queue *queue, 1246 int budget, 1247 unsigned *copy_ops, 1248 unsigned *map_ops) 1249 { 1250 struct gnttab_map_grant_ref *gop = queue->tx_map_ops; 1251 struct sk_buff *skb, *nskb; 1252 int ret; 1253 unsigned int frag_overflow; 1254 1255 while (skb_queue_len(&queue->tx_queue) < budget) { 1256 struct xen_netif_tx_request txreq; 1257 struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX]; 1258 struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1]; 1259 u16 pending_idx; 1260 RING_IDX idx; 1261 int work_to_do; 1262 unsigned int data_len; 1263 pending_ring_idx_t index; 1264 1265 if (queue->tx.sring->req_prod - queue->tx.req_cons > 1266 XEN_NETIF_TX_RING_SIZE) { 1267 netdev_err(queue->vif->dev, 1268 "Impossible number of requests. " 1269 "req_prod %d, req_cons %d, size %ld\n", 1270 queue->tx.sring->req_prod, queue->tx.req_cons, 1271 XEN_NETIF_TX_RING_SIZE); 1272 xenvif_fatal_tx_err(queue->vif); 1273 break; 1274 } 1275 1276 work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&queue->tx); 1277 if (!work_to_do) 1278 break; 1279 1280 idx = queue->tx.req_cons; 1281 rmb(); /* Ensure that we see the request before we copy it. */ 1282 memcpy(&txreq, RING_GET_REQUEST(&queue->tx, idx), sizeof(txreq)); 1283 1284 /* Credit-based scheduling. */ 1285 if (txreq.size > queue->remaining_credit && 1286 tx_credit_exceeded(queue, txreq.size)) 1287 break; 1288 1289 queue->remaining_credit -= txreq.size; 1290 1291 work_to_do--; 1292 queue->tx.req_cons = ++idx; 1293 1294 memset(extras, 0, sizeof(extras)); 1295 if (txreq.flags & XEN_NETTXF_extra_info) { 1296 work_to_do = xenvif_get_extras(queue, extras, 1297 work_to_do); 1298 idx = queue->tx.req_cons; 1299 if (unlikely(work_to_do < 0)) 1300 break; 1301 } 1302 1303 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1].type) { 1304 struct xen_netif_extra_info *extra; 1305 1306 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1]; 1307 ret = xenvif_mcast_add(queue->vif, extra->u.mcast.addr); 1308 1309 make_tx_response(queue, &txreq, 1310 (ret == 0) ? 1311 XEN_NETIF_RSP_OKAY : 1312 XEN_NETIF_RSP_ERROR); 1313 push_tx_responses(queue); 1314 continue; 1315 } 1316 1317 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1].type) { 1318 struct xen_netif_extra_info *extra; 1319 1320 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1]; 1321 xenvif_mcast_del(queue->vif, extra->u.mcast.addr); 1322 1323 make_tx_response(queue, &txreq, XEN_NETIF_RSP_OKAY); 1324 push_tx_responses(queue); 1325 continue; 1326 } 1327 1328 ret = xenvif_count_requests(queue, &txreq, txfrags, work_to_do); 1329 if (unlikely(ret < 0)) 1330 break; 1331 1332 idx += ret; 1333 1334 if (unlikely(txreq.size < ETH_HLEN)) { 1335 netdev_dbg(queue->vif->dev, 1336 "Bad packet size: %d\n", txreq.size); 1337 xenvif_tx_err(queue, &txreq, idx); 1338 break; 1339 } 1340 1341 /* No crossing a page as the payload mustn't fragment. */ 1342 if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { 1343 netdev_err(queue->vif->dev, 1344 "txreq.offset: %u, size: %u, end: %lu\n", 1345 txreq.offset, txreq.size, 1346 (unsigned long)(txreq.offset&~PAGE_MASK) + txreq.size); 1347 xenvif_fatal_tx_err(queue->vif); 1348 break; 1349 } 1350 1351 index = pending_index(queue->pending_cons); 1352 pending_idx = queue->pending_ring[index]; 1353 1354 data_len = (txreq.size > XEN_NETBACK_TX_COPY_LEN && 1355 ret < XEN_NETBK_LEGACY_SLOTS_MAX) ? 1356 XEN_NETBACK_TX_COPY_LEN : txreq.size; 1357 1358 skb = xenvif_alloc_skb(data_len); 1359 if (unlikely(skb == NULL)) { 1360 netdev_dbg(queue->vif->dev, 1361 "Can't allocate a skb in start_xmit.\n"); 1362 xenvif_tx_err(queue, &txreq, idx); 1363 break; 1364 } 1365 1366 skb_shinfo(skb)->nr_frags = ret; 1367 if (data_len < txreq.size) 1368 skb_shinfo(skb)->nr_frags++; 1369 /* At this point shinfo->nr_frags is in fact the number of 1370 * slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX. 1371 */ 1372 frag_overflow = 0; 1373 nskb = NULL; 1374 if (skb_shinfo(skb)->nr_frags > MAX_SKB_FRAGS) { 1375 frag_overflow = skb_shinfo(skb)->nr_frags - MAX_SKB_FRAGS; 1376 BUG_ON(frag_overflow > MAX_SKB_FRAGS); 1377 skb_shinfo(skb)->nr_frags = MAX_SKB_FRAGS; 1378 nskb = xenvif_alloc_skb(0); 1379 if (unlikely(nskb == NULL)) { 1380 kfree_skb(skb); 1381 xenvif_tx_err(queue, &txreq, idx); 1382 if (net_ratelimit()) 1383 netdev_err(queue->vif->dev, 1384 "Can't allocate the frag_list skb.\n"); 1385 break; 1386 } 1387 } 1388 1389 if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) { 1390 struct xen_netif_extra_info *gso; 1391 gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; 1392 1393 if (xenvif_set_skb_gso(queue->vif, skb, gso)) { 1394 /* Failure in xenvif_set_skb_gso is fatal. */ 1395 kfree_skb(skb); 1396 kfree_skb(nskb); 1397 break; 1398 } 1399 } 1400 1401 XENVIF_TX_CB(skb)->pending_idx = pending_idx; 1402 1403 __skb_put(skb, data_len); 1404 queue->tx_copy_ops[*copy_ops].source.u.ref = txreq.gref; 1405 queue->tx_copy_ops[*copy_ops].source.domid = queue->vif->domid; 1406 queue->tx_copy_ops[*copy_ops].source.offset = txreq.offset; 1407 1408 queue->tx_copy_ops[*copy_ops].dest.u.gmfn = 1409 virt_to_gfn(skb->data); 1410 queue->tx_copy_ops[*copy_ops].dest.domid = DOMID_SELF; 1411 queue->tx_copy_ops[*copy_ops].dest.offset = 1412 offset_in_page(skb->data); 1413 1414 queue->tx_copy_ops[*copy_ops].len = data_len; 1415 queue->tx_copy_ops[*copy_ops].flags = GNTCOPY_source_gref; 1416 1417 (*copy_ops)++; 1418 1419 if (data_len < txreq.size) { 1420 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1421 pending_idx); 1422 xenvif_tx_create_map_op(queue, pending_idx, &txreq, gop); 1423 gop++; 1424 } else { 1425 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1426 INVALID_PENDING_IDX); 1427 memcpy(&queue->pending_tx_info[pending_idx].req, &txreq, 1428 sizeof(txreq)); 1429 } 1430 1431 queue->pending_cons++; 1432 1433 gop = xenvif_get_requests(queue, skb, txfrags, gop, 1434 frag_overflow, nskb); 1435 1436 __skb_queue_tail(&queue->tx_queue, skb); 1437 1438 queue->tx.req_cons = idx; 1439 1440 if (((gop-queue->tx_map_ops) >= ARRAY_SIZE(queue->tx_map_ops)) || 1441 (*copy_ops >= ARRAY_SIZE(queue->tx_copy_ops))) 1442 break; 1443 } 1444 1445 (*map_ops) = gop - queue->tx_map_ops; 1446 return; 1447 } 1448 1449 /* Consolidate skb with a frag_list into a brand new one with local pages on 1450 * frags. Returns 0 or -ENOMEM if can't allocate new pages. 1451 */ 1452 static int xenvif_handle_frag_list(struct xenvif_queue *queue, struct sk_buff *skb) 1453 { 1454 unsigned int offset = skb_headlen(skb); 1455 skb_frag_t frags[MAX_SKB_FRAGS]; 1456 int i, f; 1457 struct ubuf_info *uarg; 1458 struct sk_buff *nskb = skb_shinfo(skb)->frag_list; 1459 1460 queue->stats.tx_zerocopy_sent += 2; 1461 queue->stats.tx_frag_overflow++; 1462 1463 xenvif_fill_frags(queue, nskb); 1464 /* Subtract frags size, we will correct it later */ 1465 skb->truesize -= skb->data_len; 1466 skb->len += nskb->len; 1467 skb->data_len += nskb->len; 1468 1469 /* create a brand new frags array and coalesce there */ 1470 for (i = 0; offset < skb->len; i++) { 1471 struct page *page; 1472 unsigned int len; 1473 1474 BUG_ON(i >= MAX_SKB_FRAGS); 1475 page = alloc_page(GFP_ATOMIC); 1476 if (!page) { 1477 int j; 1478 skb->truesize += skb->data_len; 1479 for (j = 0; j < i; j++) 1480 put_page(frags[j].page.p); 1481 return -ENOMEM; 1482 } 1483 1484 if (offset + PAGE_SIZE < skb->len) 1485 len = PAGE_SIZE; 1486 else 1487 len = skb->len - offset; 1488 if (skb_copy_bits(skb, offset, page_address(page), len)) 1489 BUG(); 1490 1491 offset += len; 1492 frags[i].page.p = page; 1493 frags[i].page_offset = 0; 1494 skb_frag_size_set(&frags[i], len); 1495 } 1496 1497 /* Copied all the bits from the frag list -- free it. */ 1498 skb_frag_list_init(skb); 1499 xenvif_skb_zerocopy_prepare(queue, nskb); 1500 kfree_skb(nskb); 1501 1502 /* Release all the original (foreign) frags. */ 1503 for (f = 0; f < skb_shinfo(skb)->nr_frags; f++) 1504 skb_frag_unref(skb, f); 1505 uarg = skb_shinfo(skb)->destructor_arg; 1506 /* increase inflight counter to offset decrement in callback */ 1507 atomic_inc(&queue->inflight_packets); 1508 uarg->callback(uarg, true); 1509 skb_shinfo(skb)->destructor_arg = NULL; 1510 1511 /* Fill the skb with the new (local) frags. */ 1512 memcpy(skb_shinfo(skb)->frags, frags, i * sizeof(skb_frag_t)); 1513 skb_shinfo(skb)->nr_frags = i; 1514 skb->truesize += i * PAGE_SIZE; 1515 1516 return 0; 1517 } 1518 1519 static int xenvif_tx_submit(struct xenvif_queue *queue) 1520 { 1521 struct gnttab_map_grant_ref *gop_map = queue->tx_map_ops; 1522 struct gnttab_copy *gop_copy = queue->tx_copy_ops; 1523 struct sk_buff *skb; 1524 int work_done = 0; 1525 1526 while ((skb = __skb_dequeue(&queue->tx_queue)) != NULL) { 1527 struct xen_netif_tx_request *txp; 1528 u16 pending_idx; 1529 unsigned data_len; 1530 1531 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 1532 txp = &queue->pending_tx_info[pending_idx].req; 1533 1534 /* Check the remap error code. */ 1535 if (unlikely(xenvif_tx_check_gop(queue, skb, &gop_map, &gop_copy))) { 1536 /* If there was an error, xenvif_tx_check_gop is 1537 * expected to release all the frags which were mapped, 1538 * so kfree_skb shouldn't do it again 1539 */ 1540 skb_shinfo(skb)->nr_frags = 0; 1541 if (skb_has_frag_list(skb)) { 1542 struct sk_buff *nskb = 1543 skb_shinfo(skb)->frag_list; 1544 skb_shinfo(nskb)->nr_frags = 0; 1545 } 1546 kfree_skb(skb); 1547 continue; 1548 } 1549 1550 data_len = skb->len; 1551 callback_param(queue, pending_idx).ctx = NULL; 1552 if (data_len < txp->size) { 1553 /* Append the packet payload as a fragment. */ 1554 txp->offset += data_len; 1555 txp->size -= data_len; 1556 } else { 1557 /* Schedule a response immediately. */ 1558 xenvif_idx_release(queue, pending_idx, 1559 XEN_NETIF_RSP_OKAY); 1560 } 1561 1562 if (txp->flags & XEN_NETTXF_csum_blank) 1563 skb->ip_summed = CHECKSUM_PARTIAL; 1564 else if (txp->flags & XEN_NETTXF_data_validated) 1565 skb->ip_summed = CHECKSUM_UNNECESSARY; 1566 1567 xenvif_fill_frags(queue, skb); 1568 1569 if (unlikely(skb_has_frag_list(skb))) { 1570 if (xenvif_handle_frag_list(queue, skb)) { 1571 if (net_ratelimit()) 1572 netdev_err(queue->vif->dev, 1573 "Not enough memory to consolidate frag_list!\n"); 1574 xenvif_skb_zerocopy_prepare(queue, skb); 1575 kfree_skb(skb); 1576 continue; 1577 } 1578 } 1579 1580 skb->dev = queue->vif->dev; 1581 skb->protocol = eth_type_trans(skb, skb->dev); 1582 skb_reset_network_header(skb); 1583 1584 if (checksum_setup(queue, skb)) { 1585 netdev_dbg(queue->vif->dev, 1586 "Can't setup checksum in net_tx_action\n"); 1587 /* We have to set this flag to trigger the callback */ 1588 if (skb_shinfo(skb)->destructor_arg) 1589 xenvif_skb_zerocopy_prepare(queue, skb); 1590 kfree_skb(skb); 1591 continue; 1592 } 1593 1594 skb_probe_transport_header(skb, 0); 1595 1596 /* If the packet is GSO then we will have just set up the 1597 * transport header offset in checksum_setup so it's now 1598 * straightforward to calculate gso_segs. 1599 */ 1600 if (skb_is_gso(skb)) { 1601 int mss = skb_shinfo(skb)->gso_size; 1602 int hdrlen = skb_transport_header(skb) - 1603 skb_mac_header(skb) + 1604 tcp_hdrlen(skb); 1605 1606 skb_shinfo(skb)->gso_segs = 1607 DIV_ROUND_UP(skb->len - hdrlen, mss); 1608 } 1609 1610 queue->stats.rx_bytes += skb->len; 1611 queue->stats.rx_packets++; 1612 1613 work_done++; 1614 1615 /* Set this flag right before netif_receive_skb, otherwise 1616 * someone might think this packet already left netback, and 1617 * do a skb_copy_ubufs while we are still in control of the 1618 * skb. E.g. the __pskb_pull_tail earlier can do such thing. 1619 */ 1620 if (skb_shinfo(skb)->destructor_arg) { 1621 xenvif_skb_zerocopy_prepare(queue, skb); 1622 queue->stats.tx_zerocopy_sent++; 1623 } 1624 1625 netif_receive_skb(skb); 1626 } 1627 1628 return work_done; 1629 } 1630 1631 void xenvif_zerocopy_callback(struct ubuf_info *ubuf, bool zerocopy_success) 1632 { 1633 unsigned long flags; 1634 pending_ring_idx_t index; 1635 struct xenvif_queue *queue = ubuf_to_queue(ubuf); 1636 1637 /* This is the only place where we grab this lock, to protect callbacks 1638 * from each other. 1639 */ 1640 spin_lock_irqsave(&queue->callback_lock, flags); 1641 do { 1642 u16 pending_idx = ubuf->desc; 1643 ubuf = (struct ubuf_info *) ubuf->ctx; 1644 BUG_ON(queue->dealloc_prod - queue->dealloc_cons >= 1645 MAX_PENDING_REQS); 1646 index = pending_index(queue->dealloc_prod); 1647 queue->dealloc_ring[index] = pending_idx; 1648 /* Sync with xenvif_tx_dealloc_action: 1649 * insert idx then incr producer. 1650 */ 1651 smp_wmb(); 1652 queue->dealloc_prod++; 1653 } while (ubuf); 1654 spin_unlock_irqrestore(&queue->callback_lock, flags); 1655 1656 if (likely(zerocopy_success)) 1657 queue->stats.tx_zerocopy_success++; 1658 else 1659 queue->stats.tx_zerocopy_fail++; 1660 xenvif_skb_zerocopy_complete(queue); 1661 } 1662 1663 static inline void xenvif_tx_dealloc_action(struct xenvif_queue *queue) 1664 { 1665 struct gnttab_unmap_grant_ref *gop; 1666 pending_ring_idx_t dc, dp; 1667 u16 pending_idx, pending_idx_release[MAX_PENDING_REQS]; 1668 unsigned int i = 0; 1669 1670 dc = queue->dealloc_cons; 1671 gop = queue->tx_unmap_ops; 1672 1673 /* Free up any grants we have finished using */ 1674 do { 1675 dp = queue->dealloc_prod; 1676 1677 /* Ensure we see all indices enqueued by all 1678 * xenvif_zerocopy_callback(). 1679 */ 1680 smp_rmb(); 1681 1682 while (dc != dp) { 1683 BUG_ON(gop - queue->tx_unmap_ops >= MAX_PENDING_REQS); 1684 pending_idx = 1685 queue->dealloc_ring[pending_index(dc++)]; 1686 1687 pending_idx_release[gop - queue->tx_unmap_ops] = 1688 pending_idx; 1689 queue->pages_to_unmap[gop - queue->tx_unmap_ops] = 1690 queue->mmap_pages[pending_idx]; 1691 gnttab_set_unmap_op(gop, 1692 idx_to_kaddr(queue, pending_idx), 1693 GNTMAP_host_map, 1694 queue->grant_tx_handle[pending_idx]); 1695 xenvif_grant_handle_reset(queue, pending_idx); 1696 ++gop; 1697 } 1698 1699 } while (dp != queue->dealloc_prod); 1700 1701 queue->dealloc_cons = dc; 1702 1703 if (gop - queue->tx_unmap_ops > 0) { 1704 int ret; 1705 ret = gnttab_unmap_refs(queue->tx_unmap_ops, 1706 NULL, 1707 queue->pages_to_unmap, 1708 gop - queue->tx_unmap_ops); 1709 if (ret) { 1710 netdev_err(queue->vif->dev, "Unmap fail: nr_ops %tu ret %d\n", 1711 gop - queue->tx_unmap_ops, ret); 1712 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) { 1713 if (gop[i].status != GNTST_okay) 1714 netdev_err(queue->vif->dev, 1715 " host_addr: 0x%llx handle: 0x%x status: %d\n", 1716 gop[i].host_addr, 1717 gop[i].handle, 1718 gop[i].status); 1719 } 1720 BUG(); 1721 } 1722 } 1723 1724 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) 1725 xenvif_idx_release(queue, pending_idx_release[i], 1726 XEN_NETIF_RSP_OKAY); 1727 } 1728 1729 1730 /* Called after netfront has transmitted */ 1731 int xenvif_tx_action(struct xenvif_queue *queue, int budget) 1732 { 1733 unsigned nr_mops, nr_cops = 0; 1734 int work_done, ret; 1735 1736 if (unlikely(!tx_work_todo(queue))) 1737 return 0; 1738 1739 xenvif_tx_build_gops(queue, budget, &nr_cops, &nr_mops); 1740 1741 if (nr_cops == 0) 1742 return 0; 1743 1744 gnttab_batch_copy(queue->tx_copy_ops, nr_cops); 1745 if (nr_mops != 0) { 1746 ret = gnttab_map_refs(queue->tx_map_ops, 1747 NULL, 1748 queue->pages_to_map, 1749 nr_mops); 1750 BUG_ON(ret); 1751 } 1752 1753 work_done = xenvif_tx_submit(queue); 1754 1755 return work_done; 1756 } 1757 1758 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 1759 u8 status) 1760 { 1761 struct pending_tx_info *pending_tx_info; 1762 pending_ring_idx_t index; 1763 unsigned long flags; 1764 1765 pending_tx_info = &queue->pending_tx_info[pending_idx]; 1766 1767 spin_lock_irqsave(&queue->response_lock, flags); 1768 1769 make_tx_response(queue, &pending_tx_info->req, status); 1770 1771 /* Release the pending index before pusing the Tx response so 1772 * its available before a new Tx request is pushed by the 1773 * frontend. 1774 */ 1775 index = pending_index(queue->pending_prod++); 1776 queue->pending_ring[index] = pending_idx; 1777 1778 push_tx_responses(queue); 1779 1780 spin_unlock_irqrestore(&queue->response_lock, flags); 1781 } 1782 1783 1784 static void make_tx_response(struct xenvif_queue *queue, 1785 struct xen_netif_tx_request *txp, 1786 s8 st) 1787 { 1788 RING_IDX i = queue->tx.rsp_prod_pvt; 1789 struct xen_netif_tx_response *resp; 1790 1791 resp = RING_GET_RESPONSE(&queue->tx, i); 1792 resp->id = txp->id; 1793 resp->status = st; 1794 1795 if (txp->flags & XEN_NETTXF_extra_info) 1796 RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL; 1797 1798 queue->tx.rsp_prod_pvt = ++i; 1799 } 1800 1801 static void push_tx_responses(struct xenvif_queue *queue) 1802 { 1803 int notify; 1804 1805 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify); 1806 if (notify) 1807 notify_remote_via_irq(queue->tx_irq); 1808 } 1809 1810 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 1811 u16 id, 1812 s8 st, 1813 u16 offset, 1814 u16 size, 1815 u16 flags) 1816 { 1817 RING_IDX i = queue->rx.rsp_prod_pvt; 1818 struct xen_netif_rx_response *resp; 1819 1820 resp = RING_GET_RESPONSE(&queue->rx, i); 1821 resp->offset = offset; 1822 resp->flags = flags; 1823 resp->id = id; 1824 resp->status = (s16)size; 1825 if (st < 0) 1826 resp->status = (s16)st; 1827 1828 queue->rx.rsp_prod_pvt = ++i; 1829 1830 return resp; 1831 } 1832 1833 void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx) 1834 { 1835 int ret; 1836 struct gnttab_unmap_grant_ref tx_unmap_op; 1837 1838 gnttab_set_unmap_op(&tx_unmap_op, 1839 idx_to_kaddr(queue, pending_idx), 1840 GNTMAP_host_map, 1841 queue->grant_tx_handle[pending_idx]); 1842 xenvif_grant_handle_reset(queue, pending_idx); 1843 1844 ret = gnttab_unmap_refs(&tx_unmap_op, NULL, 1845 &queue->mmap_pages[pending_idx], 1); 1846 if (ret) { 1847 netdev_err(queue->vif->dev, 1848 "Unmap fail: ret: %d pending_idx: %d host_addr: %llx handle: 0x%x status: %d\n", 1849 ret, 1850 pending_idx, 1851 tx_unmap_op.host_addr, 1852 tx_unmap_op.handle, 1853 tx_unmap_op.status); 1854 BUG(); 1855 } 1856 } 1857 1858 static inline int tx_work_todo(struct xenvif_queue *queue) 1859 { 1860 if (likely(RING_HAS_UNCONSUMED_REQUESTS(&queue->tx))) 1861 return 1; 1862 1863 return 0; 1864 } 1865 1866 static inline bool tx_dealloc_work_todo(struct xenvif_queue *queue) 1867 { 1868 return queue->dealloc_cons != queue->dealloc_prod; 1869 } 1870 1871 void xenvif_unmap_frontend_rings(struct xenvif_queue *queue) 1872 { 1873 if (queue->tx.sring) 1874 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1875 queue->tx.sring); 1876 if (queue->rx.sring) 1877 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1878 queue->rx.sring); 1879 } 1880 1881 int xenvif_map_frontend_rings(struct xenvif_queue *queue, 1882 grant_ref_t tx_ring_ref, 1883 grant_ref_t rx_ring_ref) 1884 { 1885 void *addr; 1886 struct xen_netif_tx_sring *txs; 1887 struct xen_netif_rx_sring *rxs; 1888 1889 int err = -ENOMEM; 1890 1891 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1892 &tx_ring_ref, 1, &addr); 1893 if (err) 1894 goto err; 1895 1896 txs = (struct xen_netif_tx_sring *)addr; 1897 BACK_RING_INIT(&queue->tx, txs, PAGE_SIZE); 1898 1899 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1900 &rx_ring_ref, 1, &addr); 1901 if (err) 1902 goto err; 1903 1904 rxs = (struct xen_netif_rx_sring *)addr; 1905 BACK_RING_INIT(&queue->rx, rxs, PAGE_SIZE); 1906 1907 return 0; 1908 1909 err: 1910 xenvif_unmap_frontend_rings(queue); 1911 return err; 1912 } 1913 1914 static void xenvif_queue_carrier_off(struct xenvif_queue *queue) 1915 { 1916 struct xenvif *vif = queue->vif; 1917 1918 queue->stalled = true; 1919 1920 /* At least one queue has stalled? Disable the carrier. */ 1921 spin_lock(&vif->lock); 1922 if (vif->stalled_queues++ == 0) { 1923 netdev_info(vif->dev, "Guest Rx stalled"); 1924 netif_carrier_off(vif->dev); 1925 } 1926 spin_unlock(&vif->lock); 1927 } 1928 1929 static void xenvif_queue_carrier_on(struct xenvif_queue *queue) 1930 { 1931 struct xenvif *vif = queue->vif; 1932 1933 queue->last_rx_time = jiffies; /* Reset Rx stall detection. */ 1934 queue->stalled = false; 1935 1936 /* All queues are ready? Enable the carrier. */ 1937 spin_lock(&vif->lock); 1938 if (--vif->stalled_queues == 0) { 1939 netdev_info(vif->dev, "Guest Rx ready"); 1940 netif_carrier_on(vif->dev); 1941 } 1942 spin_unlock(&vif->lock); 1943 } 1944 1945 static bool xenvif_rx_queue_stalled(struct xenvif_queue *queue) 1946 { 1947 RING_IDX prod, cons; 1948 1949 prod = queue->rx.sring->req_prod; 1950 cons = queue->rx.req_cons; 1951 1952 return !queue->stalled && prod - cons < 1 1953 && time_after(jiffies, 1954 queue->last_rx_time + queue->vif->stall_timeout); 1955 } 1956 1957 static bool xenvif_rx_queue_ready(struct xenvif_queue *queue) 1958 { 1959 RING_IDX prod, cons; 1960 1961 prod = queue->rx.sring->req_prod; 1962 cons = queue->rx.req_cons; 1963 1964 return queue->stalled && prod - cons >= 1; 1965 } 1966 1967 static bool xenvif_have_rx_work(struct xenvif_queue *queue) 1968 { 1969 return (!skb_queue_empty(&queue->rx_queue) 1970 && xenvif_rx_ring_slots_available(queue)) 1971 || (queue->vif->stall_timeout && 1972 (xenvif_rx_queue_stalled(queue) 1973 || xenvif_rx_queue_ready(queue))) 1974 || kthread_should_stop() 1975 || queue->vif->disabled; 1976 } 1977 1978 static long xenvif_rx_queue_timeout(struct xenvif_queue *queue) 1979 { 1980 struct sk_buff *skb; 1981 long timeout; 1982 1983 skb = skb_peek(&queue->rx_queue); 1984 if (!skb) 1985 return MAX_SCHEDULE_TIMEOUT; 1986 1987 timeout = XENVIF_RX_CB(skb)->expires - jiffies; 1988 return timeout < 0 ? 0 : timeout; 1989 } 1990 1991 /* Wait until the guest Rx thread has work. 1992 * 1993 * The timeout needs to be adjusted based on the current head of the 1994 * queue (and not just the head at the beginning). In particular, if 1995 * the queue is initially empty an infinite timeout is used and this 1996 * needs to be reduced when a skb is queued. 1997 * 1998 * This cannot be done with wait_event_timeout() because it only 1999 * calculates the timeout once. 2000 */ 2001 static void xenvif_wait_for_rx_work(struct xenvif_queue *queue) 2002 { 2003 DEFINE_WAIT(wait); 2004 2005 if (xenvif_have_rx_work(queue)) 2006 return; 2007 2008 for (;;) { 2009 long ret; 2010 2011 prepare_to_wait(&queue->wq, &wait, TASK_INTERRUPTIBLE); 2012 if (xenvif_have_rx_work(queue)) 2013 break; 2014 ret = schedule_timeout(xenvif_rx_queue_timeout(queue)); 2015 if (!ret) 2016 break; 2017 } 2018 finish_wait(&queue->wq, &wait); 2019 } 2020 2021 int xenvif_kthread_guest_rx(void *data) 2022 { 2023 struct xenvif_queue *queue = data; 2024 struct xenvif *vif = queue->vif; 2025 2026 if (!vif->stall_timeout) 2027 xenvif_queue_carrier_on(queue); 2028 2029 for (;;) { 2030 xenvif_wait_for_rx_work(queue); 2031 2032 if (kthread_should_stop()) 2033 break; 2034 2035 /* This frontend is found to be rogue, disable it in 2036 * kthread context. Currently this is only set when 2037 * netback finds out frontend sends malformed packet, 2038 * but we cannot disable the interface in softirq 2039 * context so we defer it here, if this thread is 2040 * associated with queue 0. 2041 */ 2042 if (unlikely(vif->disabled && queue->id == 0)) { 2043 xenvif_carrier_off(vif); 2044 break; 2045 } 2046 2047 if (!skb_queue_empty(&queue->rx_queue)) 2048 xenvif_rx_action(queue); 2049 2050 /* If the guest hasn't provided any Rx slots for a 2051 * while it's probably not responsive, drop the 2052 * carrier so packets are dropped earlier. 2053 */ 2054 if (vif->stall_timeout) { 2055 if (xenvif_rx_queue_stalled(queue)) 2056 xenvif_queue_carrier_off(queue); 2057 else if (xenvif_rx_queue_ready(queue)) 2058 xenvif_queue_carrier_on(queue); 2059 } 2060 2061 /* Queued packets may have foreign pages from other 2062 * domains. These cannot be queued indefinitely as 2063 * this would starve guests of grant refs and transmit 2064 * slots. 2065 */ 2066 xenvif_rx_queue_drop_expired(queue); 2067 2068 xenvif_rx_queue_maybe_wake(queue); 2069 2070 cond_resched(); 2071 } 2072 2073 /* Bin any remaining skbs */ 2074 xenvif_rx_queue_purge(queue); 2075 2076 return 0; 2077 } 2078 2079 static bool xenvif_dealloc_kthread_should_stop(struct xenvif_queue *queue) 2080 { 2081 /* Dealloc thread must remain running until all inflight 2082 * packets complete. 2083 */ 2084 return kthread_should_stop() && 2085 !atomic_read(&queue->inflight_packets); 2086 } 2087 2088 int xenvif_dealloc_kthread(void *data) 2089 { 2090 struct xenvif_queue *queue = data; 2091 2092 for (;;) { 2093 wait_event_interruptible(queue->dealloc_wq, 2094 tx_dealloc_work_todo(queue) || 2095 xenvif_dealloc_kthread_should_stop(queue)); 2096 if (xenvif_dealloc_kthread_should_stop(queue)) 2097 break; 2098 2099 xenvif_tx_dealloc_action(queue); 2100 cond_resched(); 2101 } 2102 2103 /* Unmap anything remaining*/ 2104 if (tx_dealloc_work_todo(queue)) 2105 xenvif_tx_dealloc_action(queue); 2106 2107 return 0; 2108 } 2109 2110 static int __init netback_init(void) 2111 { 2112 int rc = 0; 2113 2114 if (!xen_domain()) 2115 return -ENODEV; 2116 2117 /* Allow as many queues as there are CPUs if user has not 2118 * specified a value. 2119 */ 2120 if (xenvif_max_queues == 0) 2121 xenvif_max_queues = num_online_cpus(); 2122 2123 if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { 2124 pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", 2125 fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX); 2126 fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX; 2127 } 2128 2129 rc = xenvif_xenbus_init(); 2130 if (rc) 2131 goto failed_init; 2132 2133 #ifdef CONFIG_DEBUG_FS 2134 xen_netback_dbg_root = debugfs_create_dir("xen-netback", NULL); 2135 if (IS_ERR_OR_NULL(xen_netback_dbg_root)) 2136 pr_warn("Init of debugfs returned %ld!\n", 2137 PTR_ERR(xen_netback_dbg_root)); 2138 #endif /* CONFIG_DEBUG_FS */ 2139 2140 return 0; 2141 2142 failed_init: 2143 return rc; 2144 } 2145 2146 module_init(netback_init); 2147 2148 static void __exit netback_fini(void) 2149 { 2150 #ifdef CONFIG_DEBUG_FS 2151 if (!IS_ERR_OR_NULL(xen_netback_dbg_root)) 2152 debugfs_remove_recursive(xen_netback_dbg_root); 2153 #endif /* CONFIG_DEBUG_FS */ 2154 xenvif_xenbus_fini(); 2155 } 2156 module_exit(netback_fini); 2157 2158 MODULE_LICENSE("Dual BSD/GPL"); 2159 MODULE_ALIAS("xen-backend:vif"); 2160