1 /* 2 * Back-end of the driver for virtual network devices. This portion of the 3 * driver exports a 'unified' network-device interface that can be accessed 4 * by any operating system that implements a compatible front end. A 5 * reference front-end implementation can be found in: 6 * drivers/net/xen-netfront.c 7 * 8 * Copyright (c) 2002-2005, K A Fraser 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation; or, when distributed 13 * separately from the Linux kernel or incorporated into other 14 * software packages, subject to the following license: 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a copy 17 * of this source file (the "Software"), to deal in the Software without 18 * restriction, including without limitation the rights to use, copy, modify, 19 * merge, publish, distribute, sublicense, and/or sell copies of the Software, 20 * and to permit persons to whom the Software is furnished to do so, subject to 21 * the following conditions: 22 * 23 * The above copyright notice and this permission notice shall be included in 24 * all copies or substantial portions of the Software. 25 * 26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 31 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 32 * IN THE SOFTWARE. 33 */ 34 35 #include "common.h" 36 37 #include <linux/kthread.h> 38 #include <linux/if_vlan.h> 39 #include <linux/udp.h> 40 #include <linux/highmem.h> 41 42 #include <net/tcp.h> 43 44 #include <xen/xen.h> 45 #include <xen/events.h> 46 #include <xen/interface/memory.h> 47 48 #include <asm/xen/hypercall.h> 49 #include <asm/xen/page.h> 50 51 /* Provide an option to disable split event channels at load time as 52 * event channels are limited resource. Split event channels are 53 * enabled by default. 54 */ 55 bool separate_tx_rx_irq = 1; 56 module_param(separate_tx_rx_irq, bool, 0644); 57 58 /* The time that packets can stay on the guest Rx internal queue 59 * before they are dropped. 60 */ 61 unsigned int rx_drain_timeout_msecs = 10000; 62 module_param(rx_drain_timeout_msecs, uint, 0444); 63 64 /* The length of time before the frontend is considered unresponsive 65 * because it isn't providing Rx slots. 66 */ 67 unsigned int rx_stall_timeout_msecs = 60000; 68 module_param(rx_stall_timeout_msecs, uint, 0444); 69 70 unsigned int xenvif_max_queues; 71 module_param_named(max_queues, xenvif_max_queues, uint, 0644); 72 MODULE_PARM_DESC(max_queues, 73 "Maximum number of queues per virtual interface"); 74 75 /* 76 * This is the maximum slots a skb can have. If a guest sends a skb 77 * which exceeds this limit it is considered malicious. 78 */ 79 #define FATAL_SKB_SLOTS_DEFAULT 20 80 static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT; 81 module_param(fatal_skb_slots, uint, 0444); 82 83 /* The amount to copy out of the first guest Tx slot into the skb's 84 * linear area. If the first slot has more data, it will be mapped 85 * and put into the first frag. 86 * 87 * This is sized to avoid pulling headers from the frags for most 88 * TCP/IP packets. 89 */ 90 #define XEN_NETBACK_TX_COPY_LEN 128 91 92 93 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 94 u8 status); 95 96 static void make_tx_response(struct xenvif_queue *queue, 97 struct xen_netif_tx_request *txp, 98 s8 st); 99 100 static inline int tx_work_todo(struct xenvif_queue *queue); 101 102 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 103 u16 id, 104 s8 st, 105 u16 offset, 106 u16 size, 107 u16 flags); 108 109 static inline unsigned long idx_to_pfn(struct xenvif_queue *queue, 110 u16 idx) 111 { 112 return page_to_pfn(queue->mmap_pages[idx]); 113 } 114 115 static inline unsigned long idx_to_kaddr(struct xenvif_queue *queue, 116 u16 idx) 117 { 118 return (unsigned long)pfn_to_kaddr(idx_to_pfn(queue, idx)); 119 } 120 121 #define callback_param(vif, pending_idx) \ 122 (vif->pending_tx_info[pending_idx].callback_struct) 123 124 /* Find the containing VIF's structure from a pointer in pending_tx_info array 125 */ 126 static inline struct xenvif_queue *ubuf_to_queue(const struct ubuf_info *ubuf) 127 { 128 u16 pending_idx = ubuf->desc; 129 struct pending_tx_info *temp = 130 container_of(ubuf, struct pending_tx_info, callback_struct); 131 return container_of(temp - pending_idx, 132 struct xenvif_queue, 133 pending_tx_info[0]); 134 } 135 136 static u16 frag_get_pending_idx(skb_frag_t *frag) 137 { 138 return (u16)frag->page_offset; 139 } 140 141 static void frag_set_pending_idx(skb_frag_t *frag, u16 pending_idx) 142 { 143 frag->page_offset = pending_idx; 144 } 145 146 static inline pending_ring_idx_t pending_index(unsigned i) 147 { 148 return i & (MAX_PENDING_REQS-1); 149 } 150 151 bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue, int needed) 152 { 153 RING_IDX prod, cons; 154 155 do { 156 prod = queue->rx.sring->req_prod; 157 cons = queue->rx.req_cons; 158 159 if (prod - cons >= needed) 160 return true; 161 162 queue->rx.sring->req_event = prod + 1; 163 164 /* Make sure event is visible before we check prod 165 * again. 166 */ 167 mb(); 168 } while (queue->rx.sring->req_prod != prod); 169 170 return false; 171 } 172 173 void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) 174 { 175 unsigned long flags; 176 177 spin_lock_irqsave(&queue->rx_queue.lock, flags); 178 179 __skb_queue_tail(&queue->rx_queue, skb); 180 181 queue->rx_queue_len += skb->len; 182 if (queue->rx_queue_len > queue->rx_queue_max) 183 netif_tx_stop_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 184 185 spin_unlock_irqrestore(&queue->rx_queue.lock, flags); 186 } 187 188 static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue) 189 { 190 struct sk_buff *skb; 191 192 spin_lock_irq(&queue->rx_queue.lock); 193 194 skb = __skb_dequeue(&queue->rx_queue); 195 if (skb) 196 queue->rx_queue_len -= skb->len; 197 198 spin_unlock_irq(&queue->rx_queue.lock); 199 200 return skb; 201 } 202 203 static void xenvif_rx_queue_maybe_wake(struct xenvif_queue *queue) 204 { 205 spin_lock_irq(&queue->rx_queue.lock); 206 207 if (queue->rx_queue_len < queue->rx_queue_max) 208 netif_tx_wake_queue(netdev_get_tx_queue(queue->vif->dev, queue->id)); 209 210 spin_unlock_irq(&queue->rx_queue.lock); 211 } 212 213 214 static void xenvif_rx_queue_purge(struct xenvif_queue *queue) 215 { 216 struct sk_buff *skb; 217 while ((skb = xenvif_rx_dequeue(queue)) != NULL) 218 kfree_skb(skb); 219 } 220 221 static void xenvif_rx_queue_drop_expired(struct xenvif_queue *queue) 222 { 223 struct sk_buff *skb; 224 225 for(;;) { 226 skb = skb_peek(&queue->rx_queue); 227 if (!skb) 228 break; 229 if (time_before(jiffies, XENVIF_RX_CB(skb)->expires)) 230 break; 231 xenvif_rx_dequeue(queue); 232 kfree_skb(skb); 233 } 234 } 235 236 /* 237 * Returns true if we should start a new receive buffer instead of 238 * adding 'size' bytes to a buffer which currently contains 'offset' 239 * bytes. 240 */ 241 static bool start_new_rx_buffer(int offset, unsigned long size, int head, 242 bool full_coalesce) 243 { 244 /* simple case: we have completely filled the current buffer. */ 245 if (offset == MAX_BUFFER_OFFSET) 246 return true; 247 248 /* 249 * complex case: start a fresh buffer if the current frag 250 * would overflow the current buffer but only if: 251 * (i) this frag would fit completely in the next buffer 252 * and (ii) there is already some data in the current buffer 253 * and (iii) this is not the head buffer. 254 * and (iv) there is no need to fully utilize the buffers 255 * 256 * Where: 257 * - (i) stops us splitting a frag into two copies 258 * unless the frag is too large for a single buffer. 259 * - (ii) stops us from leaving a buffer pointlessly empty. 260 * - (iii) stops us leaving the first buffer 261 * empty. Strictly speaking this is already covered 262 * by (ii) but is explicitly checked because 263 * netfront relies on the first buffer being 264 * non-empty and can crash otherwise. 265 * - (iv) is needed for skbs which can use up more than MAX_SKB_FRAGS 266 * slot 267 * 268 * This means we will effectively linearise small 269 * frags but do not needlessly split large buffers 270 * into multiple copies tend to give large frags their 271 * own buffers as before. 272 */ 273 BUG_ON(size > MAX_BUFFER_OFFSET); 274 if ((offset + size > MAX_BUFFER_OFFSET) && offset && !head && 275 !full_coalesce) 276 return true; 277 278 return false; 279 } 280 281 struct netrx_pending_operations { 282 unsigned copy_prod, copy_cons; 283 unsigned meta_prod, meta_cons; 284 struct gnttab_copy *copy; 285 struct xenvif_rx_meta *meta; 286 int copy_off; 287 grant_ref_t copy_gref; 288 }; 289 290 static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue, 291 struct netrx_pending_operations *npo) 292 { 293 struct xenvif_rx_meta *meta; 294 struct xen_netif_rx_request *req; 295 296 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 297 298 meta = npo->meta + npo->meta_prod++; 299 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 300 meta->gso_size = 0; 301 meta->size = 0; 302 meta->id = req->id; 303 304 npo->copy_off = 0; 305 npo->copy_gref = req->gref; 306 307 return meta; 308 } 309 310 /* 311 * Set up the grant operations for this fragment. If it's a flipping 312 * interface, we also set up the unmap request from here. 313 */ 314 static void xenvif_gop_frag_copy(struct xenvif_queue *queue, struct sk_buff *skb, 315 struct netrx_pending_operations *npo, 316 struct page *page, unsigned long size, 317 unsigned long offset, int *head, 318 struct xenvif_queue *foreign_queue, 319 grant_ref_t foreign_gref) 320 { 321 struct gnttab_copy *copy_gop; 322 struct xenvif_rx_meta *meta; 323 unsigned long bytes; 324 int gso_type = XEN_NETIF_GSO_TYPE_NONE; 325 326 /* Data must not cross a page boundary. */ 327 BUG_ON(size + offset > PAGE_SIZE<<compound_order(page)); 328 329 meta = npo->meta + npo->meta_prod - 1; 330 331 /* Skip unused frames from start of page */ 332 page += offset >> PAGE_SHIFT; 333 offset &= ~PAGE_MASK; 334 335 while (size > 0) { 336 BUG_ON(offset >= PAGE_SIZE); 337 BUG_ON(npo->copy_off > MAX_BUFFER_OFFSET); 338 339 bytes = PAGE_SIZE - offset; 340 341 if (bytes > size) 342 bytes = size; 343 344 if (start_new_rx_buffer(npo->copy_off, 345 bytes, 346 *head, 347 XENVIF_RX_CB(skb)->full_coalesce)) { 348 /* 349 * Netfront requires there to be some data in the head 350 * buffer. 351 */ 352 BUG_ON(*head); 353 354 meta = get_next_rx_buffer(queue, npo); 355 } 356 357 if (npo->copy_off + bytes > MAX_BUFFER_OFFSET) 358 bytes = MAX_BUFFER_OFFSET - npo->copy_off; 359 360 copy_gop = npo->copy + npo->copy_prod++; 361 copy_gop->flags = GNTCOPY_dest_gref; 362 copy_gop->len = bytes; 363 364 if (foreign_queue) { 365 copy_gop->source.domid = foreign_queue->vif->domid; 366 copy_gop->source.u.ref = foreign_gref; 367 copy_gop->flags |= GNTCOPY_source_gref; 368 } else { 369 copy_gop->source.domid = DOMID_SELF; 370 copy_gop->source.u.gmfn = 371 virt_to_mfn(page_address(page)); 372 } 373 copy_gop->source.offset = offset; 374 375 copy_gop->dest.domid = queue->vif->domid; 376 copy_gop->dest.offset = npo->copy_off; 377 copy_gop->dest.u.ref = npo->copy_gref; 378 379 npo->copy_off += bytes; 380 meta->size += bytes; 381 382 offset += bytes; 383 size -= bytes; 384 385 /* Next frame */ 386 if (offset == PAGE_SIZE && size) { 387 BUG_ON(!PageCompound(page)); 388 page++; 389 offset = 0; 390 } 391 392 /* Leave a gap for the GSO descriptor. */ 393 if (skb_is_gso(skb)) { 394 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 395 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 396 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 397 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 398 } 399 400 if (*head && ((1 << gso_type) & queue->vif->gso_mask)) 401 queue->rx.req_cons++; 402 403 *head = 0; /* There must be something in this buffer now. */ 404 405 } 406 } 407 408 /* 409 * Find the grant ref for a given frag in a chain of struct ubuf_info's 410 * skb: the skb itself 411 * i: the frag's number 412 * ubuf: a pointer to an element in the chain. It should not be NULL 413 * 414 * Returns a pointer to the element in the chain where the page were found. If 415 * not found, returns NULL. 416 * See the definition of callback_struct in common.h for more details about 417 * the chain. 418 */ 419 static const struct ubuf_info *xenvif_find_gref(const struct sk_buff *const skb, 420 const int i, 421 const struct ubuf_info *ubuf) 422 { 423 struct xenvif_queue *foreign_queue = ubuf_to_queue(ubuf); 424 425 do { 426 u16 pending_idx = ubuf->desc; 427 428 if (skb_shinfo(skb)->frags[i].page.p == 429 foreign_queue->mmap_pages[pending_idx]) 430 break; 431 ubuf = (struct ubuf_info *) ubuf->ctx; 432 } while (ubuf); 433 434 return ubuf; 435 } 436 437 /* 438 * Prepare an SKB to be transmitted to the frontend. 439 * 440 * This function is responsible for allocating grant operations, meta 441 * structures, etc. 442 * 443 * It returns the number of meta structures consumed. The number of 444 * ring slots used is always equal to the number of meta slots used 445 * plus the number of GSO descriptors used. Currently, we use either 446 * zero GSO descriptors (for non-GSO packets) or one descriptor (for 447 * frontend-side LRO). 448 */ 449 static int xenvif_gop_skb(struct sk_buff *skb, 450 struct netrx_pending_operations *npo, 451 struct xenvif_queue *queue) 452 { 453 struct xenvif *vif = netdev_priv(skb->dev); 454 int nr_frags = skb_shinfo(skb)->nr_frags; 455 int i; 456 struct xen_netif_rx_request *req; 457 struct xenvif_rx_meta *meta; 458 unsigned char *data; 459 int head = 1; 460 int old_meta_prod; 461 int gso_type; 462 const struct ubuf_info *ubuf = skb_shinfo(skb)->destructor_arg; 463 const struct ubuf_info *const head_ubuf = ubuf; 464 465 old_meta_prod = npo->meta_prod; 466 467 gso_type = XEN_NETIF_GSO_TYPE_NONE; 468 if (skb_is_gso(skb)) { 469 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) 470 gso_type = XEN_NETIF_GSO_TYPE_TCPV4; 471 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 472 gso_type = XEN_NETIF_GSO_TYPE_TCPV6; 473 } 474 475 /* Set up a GSO prefix descriptor, if necessary */ 476 if ((1 << gso_type) & vif->gso_prefix_mask) { 477 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 478 meta = npo->meta + npo->meta_prod++; 479 meta->gso_type = gso_type; 480 meta->gso_size = skb_shinfo(skb)->gso_size; 481 meta->size = 0; 482 meta->id = req->id; 483 } 484 485 req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); 486 meta = npo->meta + npo->meta_prod++; 487 488 if ((1 << gso_type) & vif->gso_mask) { 489 meta->gso_type = gso_type; 490 meta->gso_size = skb_shinfo(skb)->gso_size; 491 } else { 492 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; 493 meta->gso_size = 0; 494 } 495 496 meta->size = 0; 497 meta->id = req->id; 498 npo->copy_off = 0; 499 npo->copy_gref = req->gref; 500 501 data = skb->data; 502 while (data < skb_tail_pointer(skb)) { 503 unsigned int offset = offset_in_page(data); 504 unsigned int len = PAGE_SIZE - offset; 505 506 if (data + len > skb_tail_pointer(skb)) 507 len = skb_tail_pointer(skb) - data; 508 509 xenvif_gop_frag_copy(queue, skb, npo, 510 virt_to_page(data), len, offset, &head, 511 NULL, 512 0); 513 data += len; 514 } 515 516 for (i = 0; i < nr_frags; i++) { 517 /* This variable also signals whether foreign_gref has a real 518 * value or not. 519 */ 520 struct xenvif_queue *foreign_queue = NULL; 521 grant_ref_t foreign_gref; 522 523 if ((skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) && 524 (ubuf->callback == &xenvif_zerocopy_callback)) { 525 const struct ubuf_info *const startpoint = ubuf; 526 527 /* Ideally ubuf points to the chain element which 528 * belongs to this frag. Or if frags were removed from 529 * the beginning, then shortly before it. 530 */ 531 ubuf = xenvif_find_gref(skb, i, ubuf); 532 533 /* Try again from the beginning of the list, if we 534 * haven't tried from there. This only makes sense in 535 * the unlikely event of reordering the original frags. 536 * For injected local pages it's an unnecessary second 537 * run. 538 */ 539 if (unlikely(!ubuf) && startpoint != head_ubuf) 540 ubuf = xenvif_find_gref(skb, i, head_ubuf); 541 542 if (likely(ubuf)) { 543 u16 pending_idx = ubuf->desc; 544 545 foreign_queue = ubuf_to_queue(ubuf); 546 foreign_gref = 547 foreign_queue->pending_tx_info[pending_idx].req.gref; 548 /* Just a safety measure. If this was the last 549 * element on the list, the for loop will 550 * iterate again if a local page were added to 551 * the end. Using head_ubuf here prevents the 552 * second search on the chain. Or the original 553 * frags changed order, but that's less likely. 554 * In any way, ubuf shouldn't be NULL. 555 */ 556 ubuf = ubuf->ctx ? 557 (struct ubuf_info *) ubuf->ctx : 558 head_ubuf; 559 } else 560 /* This frag was a local page, added to the 561 * array after the skb left netback. 562 */ 563 ubuf = head_ubuf; 564 } 565 xenvif_gop_frag_copy(queue, skb, npo, 566 skb_frag_page(&skb_shinfo(skb)->frags[i]), 567 skb_frag_size(&skb_shinfo(skb)->frags[i]), 568 skb_shinfo(skb)->frags[i].page_offset, 569 &head, 570 foreign_queue, 571 foreign_queue ? foreign_gref : UINT_MAX); 572 } 573 574 return npo->meta_prod - old_meta_prod; 575 } 576 577 /* 578 * This is a twin to xenvif_gop_skb. Assume that xenvif_gop_skb was 579 * used to set up the operations on the top of 580 * netrx_pending_operations, which have since been done. Check that 581 * they didn't give any errors and advance over them. 582 */ 583 static int xenvif_check_gop(struct xenvif *vif, int nr_meta_slots, 584 struct netrx_pending_operations *npo) 585 { 586 struct gnttab_copy *copy_op; 587 int status = XEN_NETIF_RSP_OKAY; 588 int i; 589 590 for (i = 0; i < nr_meta_slots; i++) { 591 copy_op = npo->copy + npo->copy_cons++; 592 if (copy_op->status != GNTST_okay) { 593 netdev_dbg(vif->dev, 594 "Bad status %d from copy to DOM%d.\n", 595 copy_op->status, vif->domid); 596 status = XEN_NETIF_RSP_ERROR; 597 } 598 } 599 600 return status; 601 } 602 603 static void xenvif_add_frag_responses(struct xenvif_queue *queue, int status, 604 struct xenvif_rx_meta *meta, 605 int nr_meta_slots) 606 { 607 int i; 608 unsigned long offset; 609 610 /* No fragments used */ 611 if (nr_meta_slots <= 1) 612 return; 613 614 nr_meta_slots--; 615 616 for (i = 0; i < nr_meta_slots; i++) { 617 int flags; 618 if (i == nr_meta_slots - 1) 619 flags = 0; 620 else 621 flags = XEN_NETRXF_more_data; 622 623 offset = 0; 624 make_rx_response(queue, meta[i].id, status, offset, 625 meta[i].size, flags); 626 } 627 } 628 629 void xenvif_kick_thread(struct xenvif_queue *queue) 630 { 631 wake_up(&queue->wq); 632 } 633 634 static void xenvif_rx_action(struct xenvif_queue *queue) 635 { 636 s8 status; 637 u16 flags; 638 struct xen_netif_rx_response *resp; 639 struct sk_buff_head rxq; 640 struct sk_buff *skb; 641 LIST_HEAD(notify); 642 int ret; 643 unsigned long offset; 644 bool need_to_notify = false; 645 646 struct netrx_pending_operations npo = { 647 .copy = queue->grant_copy_op, 648 .meta = queue->meta, 649 }; 650 651 skb_queue_head_init(&rxq); 652 653 while (xenvif_rx_ring_slots_available(queue, XEN_NETBK_RX_SLOTS_MAX) 654 && (skb = xenvif_rx_dequeue(queue)) != NULL) { 655 RING_IDX max_slots_needed; 656 RING_IDX old_req_cons; 657 RING_IDX ring_slots_used; 658 int i; 659 660 queue->last_rx_time = jiffies; 661 662 /* We need a cheap worse case estimate for the number of 663 * slots we'll use. 664 */ 665 666 max_slots_needed = DIV_ROUND_UP(offset_in_page(skb->data) + 667 skb_headlen(skb), 668 PAGE_SIZE); 669 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 670 unsigned int size; 671 unsigned int offset; 672 673 size = skb_frag_size(&skb_shinfo(skb)->frags[i]); 674 offset = skb_shinfo(skb)->frags[i].page_offset; 675 676 /* For a worse-case estimate we need to factor in 677 * the fragment page offset as this will affect the 678 * number of times xenvif_gop_frag_copy() will 679 * call start_new_rx_buffer(). 680 */ 681 max_slots_needed += DIV_ROUND_UP(offset + size, 682 PAGE_SIZE); 683 } 684 685 /* To avoid the estimate becoming too pessimal for some 686 * frontends that limit posted rx requests, cap the estimate 687 * at MAX_SKB_FRAGS. In this case netback will fully coalesce 688 * the skb into the provided slots. 689 */ 690 if (max_slots_needed > MAX_SKB_FRAGS) { 691 max_slots_needed = MAX_SKB_FRAGS; 692 XENVIF_RX_CB(skb)->full_coalesce = true; 693 } else { 694 XENVIF_RX_CB(skb)->full_coalesce = false; 695 } 696 697 /* We may need one more slot for GSO metadata */ 698 if (skb_is_gso(skb) && 699 (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4 || 700 skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)) 701 max_slots_needed++; 702 703 old_req_cons = queue->rx.req_cons; 704 XENVIF_RX_CB(skb)->meta_slots_used = xenvif_gop_skb(skb, &npo, queue); 705 ring_slots_used = queue->rx.req_cons - old_req_cons; 706 707 BUG_ON(ring_slots_used > max_slots_needed); 708 709 __skb_queue_tail(&rxq, skb); 710 } 711 712 BUG_ON(npo.meta_prod > ARRAY_SIZE(queue->meta)); 713 714 if (!npo.copy_prod) 715 goto done; 716 717 BUG_ON(npo.copy_prod > MAX_GRANT_COPY_OPS); 718 gnttab_batch_copy(queue->grant_copy_op, npo.copy_prod); 719 720 while ((skb = __skb_dequeue(&rxq)) != NULL) { 721 722 if ((1 << queue->meta[npo.meta_cons].gso_type) & 723 queue->vif->gso_prefix_mask) { 724 resp = RING_GET_RESPONSE(&queue->rx, 725 queue->rx.rsp_prod_pvt++); 726 727 resp->flags = XEN_NETRXF_gso_prefix | XEN_NETRXF_more_data; 728 729 resp->offset = queue->meta[npo.meta_cons].gso_size; 730 resp->id = queue->meta[npo.meta_cons].id; 731 resp->status = XENVIF_RX_CB(skb)->meta_slots_used; 732 733 npo.meta_cons++; 734 XENVIF_RX_CB(skb)->meta_slots_used--; 735 } 736 737 738 queue->stats.tx_bytes += skb->len; 739 queue->stats.tx_packets++; 740 741 status = xenvif_check_gop(queue->vif, 742 XENVIF_RX_CB(skb)->meta_slots_used, 743 &npo); 744 745 if (XENVIF_RX_CB(skb)->meta_slots_used == 1) 746 flags = 0; 747 else 748 flags = XEN_NETRXF_more_data; 749 750 if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */ 751 flags |= XEN_NETRXF_csum_blank | XEN_NETRXF_data_validated; 752 else if (skb->ip_summed == CHECKSUM_UNNECESSARY) 753 /* remote but checksummed. */ 754 flags |= XEN_NETRXF_data_validated; 755 756 offset = 0; 757 resp = make_rx_response(queue, queue->meta[npo.meta_cons].id, 758 status, offset, 759 queue->meta[npo.meta_cons].size, 760 flags); 761 762 if ((1 << queue->meta[npo.meta_cons].gso_type) & 763 queue->vif->gso_mask) { 764 struct xen_netif_extra_info *gso = 765 (struct xen_netif_extra_info *) 766 RING_GET_RESPONSE(&queue->rx, 767 queue->rx.rsp_prod_pvt++); 768 769 resp->flags |= XEN_NETRXF_extra_info; 770 771 gso->u.gso.type = queue->meta[npo.meta_cons].gso_type; 772 gso->u.gso.size = queue->meta[npo.meta_cons].gso_size; 773 gso->u.gso.pad = 0; 774 gso->u.gso.features = 0; 775 776 gso->type = XEN_NETIF_EXTRA_TYPE_GSO; 777 gso->flags = 0; 778 } 779 780 xenvif_add_frag_responses(queue, status, 781 queue->meta + npo.meta_cons + 1, 782 XENVIF_RX_CB(skb)->meta_slots_used); 783 784 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->rx, ret); 785 786 need_to_notify |= !!ret; 787 788 npo.meta_cons += XENVIF_RX_CB(skb)->meta_slots_used; 789 dev_kfree_skb(skb); 790 } 791 792 done: 793 if (need_to_notify) 794 notify_remote_via_irq(queue->rx_irq); 795 } 796 797 void xenvif_napi_schedule_or_enable_events(struct xenvif_queue *queue) 798 { 799 int more_to_do; 800 801 RING_FINAL_CHECK_FOR_REQUESTS(&queue->tx, more_to_do); 802 803 if (more_to_do) 804 napi_schedule(&queue->napi); 805 } 806 807 static void tx_add_credit(struct xenvif_queue *queue) 808 { 809 unsigned long max_burst, max_credit; 810 811 /* 812 * Allow a burst big enough to transmit a jumbo packet of up to 128kB. 813 * Otherwise the interface can seize up due to insufficient credit. 814 */ 815 max_burst = RING_GET_REQUEST(&queue->tx, queue->tx.req_cons)->size; 816 max_burst = min(max_burst, 131072UL); 817 max_burst = max(max_burst, queue->credit_bytes); 818 819 /* Take care that adding a new chunk of credit doesn't wrap to zero. */ 820 max_credit = queue->remaining_credit + queue->credit_bytes; 821 if (max_credit < queue->remaining_credit) 822 max_credit = ULONG_MAX; /* wrapped: clamp to ULONG_MAX */ 823 824 queue->remaining_credit = min(max_credit, max_burst); 825 } 826 827 static void tx_credit_callback(unsigned long data) 828 { 829 struct xenvif_queue *queue = (struct xenvif_queue *)data; 830 tx_add_credit(queue); 831 xenvif_napi_schedule_or_enable_events(queue); 832 } 833 834 static void xenvif_tx_err(struct xenvif_queue *queue, 835 struct xen_netif_tx_request *txp, RING_IDX end) 836 { 837 RING_IDX cons = queue->tx.req_cons; 838 unsigned long flags; 839 840 do { 841 spin_lock_irqsave(&queue->response_lock, flags); 842 make_tx_response(queue, txp, XEN_NETIF_RSP_ERROR); 843 spin_unlock_irqrestore(&queue->response_lock, flags); 844 if (cons == end) 845 break; 846 txp = RING_GET_REQUEST(&queue->tx, cons++); 847 } while (1); 848 queue->tx.req_cons = cons; 849 } 850 851 static void xenvif_fatal_tx_err(struct xenvif *vif) 852 { 853 netdev_err(vif->dev, "fatal error; disabling device\n"); 854 vif->disabled = true; 855 /* Disable the vif from queue 0's kthread */ 856 if (vif->queues) 857 xenvif_kick_thread(&vif->queues[0]); 858 } 859 860 static int xenvif_count_requests(struct xenvif_queue *queue, 861 struct xen_netif_tx_request *first, 862 struct xen_netif_tx_request *txp, 863 int work_to_do) 864 { 865 RING_IDX cons = queue->tx.req_cons; 866 int slots = 0; 867 int drop_err = 0; 868 int more_data; 869 870 if (!(first->flags & XEN_NETTXF_more_data)) 871 return 0; 872 873 do { 874 struct xen_netif_tx_request dropped_tx = { 0 }; 875 876 if (slots >= work_to_do) { 877 netdev_err(queue->vif->dev, 878 "Asked for %d slots but exceeds this limit\n", 879 work_to_do); 880 xenvif_fatal_tx_err(queue->vif); 881 return -ENODATA; 882 } 883 884 /* This guest is really using too many slots and 885 * considered malicious. 886 */ 887 if (unlikely(slots >= fatal_skb_slots)) { 888 netdev_err(queue->vif->dev, 889 "Malicious frontend using %d slots, threshold %u\n", 890 slots, fatal_skb_slots); 891 xenvif_fatal_tx_err(queue->vif); 892 return -E2BIG; 893 } 894 895 /* Xen network protocol had implicit dependency on 896 * MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to 897 * the historical MAX_SKB_FRAGS value 18 to honor the 898 * same behavior as before. Any packet using more than 899 * 18 slots but less than fatal_skb_slots slots is 900 * dropped 901 */ 902 if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) { 903 if (net_ratelimit()) 904 netdev_dbg(queue->vif->dev, 905 "Too many slots (%d) exceeding limit (%d), dropping packet\n", 906 slots, XEN_NETBK_LEGACY_SLOTS_MAX); 907 drop_err = -E2BIG; 908 } 909 910 if (drop_err) 911 txp = &dropped_tx; 912 913 memcpy(txp, RING_GET_REQUEST(&queue->tx, cons + slots), 914 sizeof(*txp)); 915 916 /* If the guest submitted a frame >= 64 KiB then 917 * first->size overflowed and following slots will 918 * appear to be larger than the frame. 919 * 920 * This cannot be fatal error as there are buggy 921 * frontends that do this. 922 * 923 * Consume all slots and drop the packet. 924 */ 925 if (!drop_err && txp->size > first->size) { 926 if (net_ratelimit()) 927 netdev_dbg(queue->vif->dev, 928 "Invalid tx request, slot size %u > remaining size %u\n", 929 txp->size, first->size); 930 drop_err = -EIO; 931 } 932 933 first->size -= txp->size; 934 slots++; 935 936 if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { 937 netdev_err(queue->vif->dev, "Cross page boundary, txp->offset: %x, size: %u\n", 938 txp->offset, txp->size); 939 xenvif_fatal_tx_err(queue->vif); 940 return -EINVAL; 941 } 942 943 more_data = txp->flags & XEN_NETTXF_more_data; 944 945 if (!drop_err) 946 txp++; 947 948 } while (more_data); 949 950 if (drop_err) { 951 xenvif_tx_err(queue, first, cons + slots); 952 return drop_err; 953 } 954 955 return slots; 956 } 957 958 959 struct xenvif_tx_cb { 960 u16 pending_idx; 961 }; 962 963 #define XENVIF_TX_CB(skb) ((struct xenvif_tx_cb *)(skb)->cb) 964 965 static inline void xenvif_tx_create_map_op(struct xenvif_queue *queue, 966 u16 pending_idx, 967 struct xen_netif_tx_request *txp, 968 struct gnttab_map_grant_ref *mop) 969 { 970 queue->pages_to_map[mop-queue->tx_map_ops] = queue->mmap_pages[pending_idx]; 971 gnttab_set_map_op(mop, idx_to_kaddr(queue, pending_idx), 972 GNTMAP_host_map | GNTMAP_readonly, 973 txp->gref, queue->vif->domid); 974 975 memcpy(&queue->pending_tx_info[pending_idx].req, txp, 976 sizeof(*txp)); 977 } 978 979 static inline struct sk_buff *xenvif_alloc_skb(unsigned int size) 980 { 981 struct sk_buff *skb = 982 alloc_skb(size + NET_SKB_PAD + NET_IP_ALIGN, 983 GFP_ATOMIC | __GFP_NOWARN); 984 if (unlikely(skb == NULL)) 985 return NULL; 986 987 /* Packets passed to netif_rx() must have some headroom. */ 988 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); 989 990 /* Initialize it here to avoid later surprises */ 991 skb_shinfo(skb)->destructor_arg = NULL; 992 993 return skb; 994 } 995 996 static struct gnttab_map_grant_ref *xenvif_get_requests(struct xenvif_queue *queue, 997 struct sk_buff *skb, 998 struct xen_netif_tx_request *txp, 999 struct gnttab_map_grant_ref *gop) 1000 { 1001 struct skb_shared_info *shinfo = skb_shinfo(skb); 1002 skb_frag_t *frags = shinfo->frags; 1003 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 1004 int start; 1005 pending_ring_idx_t index; 1006 unsigned int nr_slots, frag_overflow = 0; 1007 1008 /* At this point shinfo->nr_frags is in fact the number of 1009 * slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX. 1010 */ 1011 if (shinfo->nr_frags > MAX_SKB_FRAGS) { 1012 frag_overflow = shinfo->nr_frags - MAX_SKB_FRAGS; 1013 BUG_ON(frag_overflow > MAX_SKB_FRAGS); 1014 shinfo->nr_frags = MAX_SKB_FRAGS; 1015 } 1016 nr_slots = shinfo->nr_frags; 1017 1018 /* Skip first skb fragment if it is on same page as header fragment. */ 1019 start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); 1020 1021 for (shinfo->nr_frags = start; shinfo->nr_frags < nr_slots; 1022 shinfo->nr_frags++, txp++, gop++) { 1023 index = pending_index(queue->pending_cons++); 1024 pending_idx = queue->pending_ring[index]; 1025 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 1026 frag_set_pending_idx(&frags[shinfo->nr_frags], pending_idx); 1027 } 1028 1029 if (frag_overflow) { 1030 struct sk_buff *nskb = xenvif_alloc_skb(0); 1031 if (unlikely(nskb == NULL)) { 1032 if (net_ratelimit()) 1033 netdev_err(queue->vif->dev, 1034 "Can't allocate the frag_list skb.\n"); 1035 return NULL; 1036 } 1037 1038 shinfo = skb_shinfo(nskb); 1039 frags = shinfo->frags; 1040 1041 for (shinfo->nr_frags = 0; shinfo->nr_frags < frag_overflow; 1042 shinfo->nr_frags++, txp++, gop++) { 1043 index = pending_index(queue->pending_cons++); 1044 pending_idx = queue->pending_ring[index]; 1045 xenvif_tx_create_map_op(queue, pending_idx, txp, gop); 1046 frag_set_pending_idx(&frags[shinfo->nr_frags], 1047 pending_idx); 1048 } 1049 1050 skb_shinfo(skb)->frag_list = nskb; 1051 } 1052 1053 return gop; 1054 } 1055 1056 static inline void xenvif_grant_handle_set(struct xenvif_queue *queue, 1057 u16 pending_idx, 1058 grant_handle_t handle) 1059 { 1060 if (unlikely(queue->grant_tx_handle[pending_idx] != 1061 NETBACK_INVALID_HANDLE)) { 1062 netdev_err(queue->vif->dev, 1063 "Trying to overwrite active handle! pending_idx: %x\n", 1064 pending_idx); 1065 BUG(); 1066 } 1067 queue->grant_tx_handle[pending_idx] = handle; 1068 } 1069 1070 static inline void xenvif_grant_handle_reset(struct xenvif_queue *queue, 1071 u16 pending_idx) 1072 { 1073 if (unlikely(queue->grant_tx_handle[pending_idx] == 1074 NETBACK_INVALID_HANDLE)) { 1075 netdev_err(queue->vif->dev, 1076 "Trying to unmap invalid handle! pending_idx: %x\n", 1077 pending_idx); 1078 BUG(); 1079 } 1080 queue->grant_tx_handle[pending_idx] = NETBACK_INVALID_HANDLE; 1081 } 1082 1083 static int xenvif_tx_check_gop(struct xenvif_queue *queue, 1084 struct sk_buff *skb, 1085 struct gnttab_map_grant_ref **gopp_map, 1086 struct gnttab_copy **gopp_copy) 1087 { 1088 struct gnttab_map_grant_ref *gop_map = *gopp_map; 1089 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 1090 /* This always points to the shinfo of the skb being checked, which 1091 * could be either the first or the one on the frag_list 1092 */ 1093 struct skb_shared_info *shinfo = skb_shinfo(skb); 1094 /* If this is non-NULL, we are currently checking the frag_list skb, and 1095 * this points to the shinfo of the first one 1096 */ 1097 struct skb_shared_info *first_shinfo = NULL; 1098 int nr_frags = shinfo->nr_frags; 1099 const bool sharedslot = nr_frags && 1100 frag_get_pending_idx(&shinfo->frags[0]) == pending_idx; 1101 int i, err; 1102 1103 /* Check status of header. */ 1104 err = (*gopp_copy)->status; 1105 if (unlikely(err)) { 1106 if (net_ratelimit()) 1107 netdev_dbg(queue->vif->dev, 1108 "Grant copy of header failed! status: %d pending_idx: %u ref: %u\n", 1109 (*gopp_copy)->status, 1110 pending_idx, 1111 (*gopp_copy)->source.u.ref); 1112 /* The first frag might still have this slot mapped */ 1113 if (!sharedslot) 1114 xenvif_idx_release(queue, pending_idx, 1115 XEN_NETIF_RSP_ERROR); 1116 } 1117 (*gopp_copy)++; 1118 1119 check_frags: 1120 for (i = 0; i < nr_frags; i++, gop_map++) { 1121 int j, newerr; 1122 1123 pending_idx = frag_get_pending_idx(&shinfo->frags[i]); 1124 1125 /* Check error status: if okay then remember grant handle. */ 1126 newerr = gop_map->status; 1127 1128 if (likely(!newerr)) { 1129 xenvif_grant_handle_set(queue, 1130 pending_idx, 1131 gop_map->handle); 1132 /* Had a previous error? Invalidate this fragment. */ 1133 if (unlikely(err)) { 1134 xenvif_idx_unmap(queue, pending_idx); 1135 /* If the mapping of the first frag was OK, but 1136 * the header's copy failed, and they are 1137 * sharing a slot, send an error 1138 */ 1139 if (i == 0 && sharedslot) 1140 xenvif_idx_release(queue, pending_idx, 1141 XEN_NETIF_RSP_ERROR); 1142 else 1143 xenvif_idx_release(queue, pending_idx, 1144 XEN_NETIF_RSP_OKAY); 1145 } 1146 continue; 1147 } 1148 1149 /* Error on this fragment: respond to client with an error. */ 1150 if (net_ratelimit()) 1151 netdev_dbg(queue->vif->dev, 1152 "Grant map of %d. frag failed! status: %d pending_idx: %u ref: %u\n", 1153 i, 1154 gop_map->status, 1155 pending_idx, 1156 gop_map->ref); 1157 1158 xenvif_idx_release(queue, pending_idx, XEN_NETIF_RSP_ERROR); 1159 1160 /* Not the first error? Preceding frags already invalidated. */ 1161 if (err) 1162 continue; 1163 1164 /* First error: if the header haven't shared a slot with the 1165 * first frag, release it as well. 1166 */ 1167 if (!sharedslot) 1168 xenvif_idx_release(queue, 1169 XENVIF_TX_CB(skb)->pending_idx, 1170 XEN_NETIF_RSP_OKAY); 1171 1172 /* Invalidate preceding fragments of this skb. */ 1173 for (j = 0; j < i; j++) { 1174 pending_idx = frag_get_pending_idx(&shinfo->frags[j]); 1175 xenvif_idx_unmap(queue, pending_idx); 1176 xenvif_idx_release(queue, pending_idx, 1177 XEN_NETIF_RSP_OKAY); 1178 } 1179 1180 /* And if we found the error while checking the frag_list, unmap 1181 * the first skb's frags 1182 */ 1183 if (first_shinfo) { 1184 for (j = 0; j < first_shinfo->nr_frags; j++) { 1185 pending_idx = frag_get_pending_idx(&first_shinfo->frags[j]); 1186 xenvif_idx_unmap(queue, pending_idx); 1187 xenvif_idx_release(queue, pending_idx, 1188 XEN_NETIF_RSP_OKAY); 1189 } 1190 } 1191 1192 /* Remember the error: invalidate all subsequent fragments. */ 1193 err = newerr; 1194 } 1195 1196 if (skb_has_frag_list(skb) && !first_shinfo) { 1197 first_shinfo = skb_shinfo(skb); 1198 shinfo = skb_shinfo(skb_shinfo(skb)->frag_list); 1199 nr_frags = shinfo->nr_frags; 1200 1201 goto check_frags; 1202 } 1203 1204 *gopp_map = gop_map; 1205 return err; 1206 } 1207 1208 static void xenvif_fill_frags(struct xenvif_queue *queue, struct sk_buff *skb) 1209 { 1210 struct skb_shared_info *shinfo = skb_shinfo(skb); 1211 int nr_frags = shinfo->nr_frags; 1212 int i; 1213 u16 prev_pending_idx = INVALID_PENDING_IDX; 1214 1215 for (i = 0; i < nr_frags; i++) { 1216 skb_frag_t *frag = shinfo->frags + i; 1217 struct xen_netif_tx_request *txp; 1218 struct page *page; 1219 u16 pending_idx; 1220 1221 pending_idx = frag_get_pending_idx(frag); 1222 1223 /* If this is not the first frag, chain it to the previous*/ 1224 if (prev_pending_idx == INVALID_PENDING_IDX) 1225 skb_shinfo(skb)->destructor_arg = 1226 &callback_param(queue, pending_idx); 1227 else 1228 callback_param(queue, prev_pending_idx).ctx = 1229 &callback_param(queue, pending_idx); 1230 1231 callback_param(queue, pending_idx).ctx = NULL; 1232 prev_pending_idx = pending_idx; 1233 1234 txp = &queue->pending_tx_info[pending_idx].req; 1235 page = virt_to_page(idx_to_kaddr(queue, pending_idx)); 1236 __skb_fill_page_desc(skb, i, page, txp->offset, txp->size); 1237 skb->len += txp->size; 1238 skb->data_len += txp->size; 1239 skb->truesize += txp->size; 1240 1241 /* Take an extra reference to offset network stack's put_page */ 1242 get_page(queue->mmap_pages[pending_idx]); 1243 } 1244 /* FIXME: __skb_fill_page_desc set this to true because page->pfmemalloc 1245 * overlaps with "index", and "mapping" is not set. I think mapping 1246 * should be set. If delivered to local stack, it would drop this 1247 * skb in sk_filter unless the socket has the right to use it. 1248 */ 1249 skb->pfmemalloc = false; 1250 } 1251 1252 static int xenvif_get_extras(struct xenvif_queue *queue, 1253 struct xen_netif_extra_info *extras, 1254 int work_to_do) 1255 { 1256 struct xen_netif_extra_info extra; 1257 RING_IDX cons = queue->tx.req_cons; 1258 1259 do { 1260 if (unlikely(work_to_do-- <= 0)) { 1261 netdev_err(queue->vif->dev, "Missing extra info\n"); 1262 xenvif_fatal_tx_err(queue->vif); 1263 return -EBADR; 1264 } 1265 1266 memcpy(&extra, RING_GET_REQUEST(&queue->tx, cons), 1267 sizeof(extra)); 1268 if (unlikely(!extra.type || 1269 extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { 1270 queue->tx.req_cons = ++cons; 1271 netdev_err(queue->vif->dev, 1272 "Invalid extra type: %d\n", extra.type); 1273 xenvif_fatal_tx_err(queue->vif); 1274 return -EINVAL; 1275 } 1276 1277 memcpy(&extras[extra.type - 1], &extra, sizeof(extra)); 1278 queue->tx.req_cons = ++cons; 1279 } while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE); 1280 1281 return work_to_do; 1282 } 1283 1284 static int xenvif_set_skb_gso(struct xenvif *vif, 1285 struct sk_buff *skb, 1286 struct xen_netif_extra_info *gso) 1287 { 1288 if (!gso->u.gso.size) { 1289 netdev_err(vif->dev, "GSO size must not be zero.\n"); 1290 xenvif_fatal_tx_err(vif); 1291 return -EINVAL; 1292 } 1293 1294 switch (gso->u.gso.type) { 1295 case XEN_NETIF_GSO_TYPE_TCPV4: 1296 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4; 1297 break; 1298 case XEN_NETIF_GSO_TYPE_TCPV6: 1299 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 1300 break; 1301 default: 1302 netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); 1303 xenvif_fatal_tx_err(vif); 1304 return -EINVAL; 1305 } 1306 1307 skb_shinfo(skb)->gso_size = gso->u.gso.size; 1308 /* gso_segs will be calculated later */ 1309 1310 return 0; 1311 } 1312 1313 static int checksum_setup(struct xenvif_queue *queue, struct sk_buff *skb) 1314 { 1315 bool recalculate_partial_csum = false; 1316 1317 /* A GSO SKB must be CHECKSUM_PARTIAL. However some buggy 1318 * peers can fail to set NETRXF_csum_blank when sending a GSO 1319 * frame. In this case force the SKB to CHECKSUM_PARTIAL and 1320 * recalculate the partial checksum. 1321 */ 1322 if (skb->ip_summed != CHECKSUM_PARTIAL && skb_is_gso(skb)) { 1323 queue->stats.rx_gso_checksum_fixup++; 1324 skb->ip_summed = CHECKSUM_PARTIAL; 1325 recalculate_partial_csum = true; 1326 } 1327 1328 /* A non-CHECKSUM_PARTIAL SKB does not require setup. */ 1329 if (skb->ip_summed != CHECKSUM_PARTIAL) 1330 return 0; 1331 1332 return skb_checksum_setup(skb, recalculate_partial_csum); 1333 } 1334 1335 static bool tx_credit_exceeded(struct xenvif_queue *queue, unsigned size) 1336 { 1337 u64 now = get_jiffies_64(); 1338 u64 next_credit = queue->credit_window_start + 1339 msecs_to_jiffies(queue->credit_usec / 1000); 1340 1341 /* Timer could already be pending in rare cases. */ 1342 if (timer_pending(&queue->credit_timeout)) 1343 return true; 1344 1345 /* Passed the point where we can replenish credit? */ 1346 if (time_after_eq64(now, next_credit)) { 1347 queue->credit_window_start = now; 1348 tx_add_credit(queue); 1349 } 1350 1351 /* Still too big to send right now? Set a callback. */ 1352 if (size > queue->remaining_credit) { 1353 queue->credit_timeout.data = 1354 (unsigned long)queue; 1355 queue->credit_timeout.function = 1356 tx_credit_callback; 1357 mod_timer(&queue->credit_timeout, 1358 next_credit); 1359 queue->credit_window_start = next_credit; 1360 1361 return true; 1362 } 1363 1364 return false; 1365 } 1366 1367 static void xenvif_tx_build_gops(struct xenvif_queue *queue, 1368 int budget, 1369 unsigned *copy_ops, 1370 unsigned *map_ops) 1371 { 1372 struct gnttab_map_grant_ref *gop = queue->tx_map_ops, *request_gop; 1373 struct sk_buff *skb; 1374 int ret; 1375 1376 while (skb_queue_len(&queue->tx_queue) < budget) { 1377 struct xen_netif_tx_request txreq; 1378 struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX]; 1379 struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1]; 1380 u16 pending_idx; 1381 RING_IDX idx; 1382 int work_to_do; 1383 unsigned int data_len; 1384 pending_ring_idx_t index; 1385 1386 if (queue->tx.sring->req_prod - queue->tx.req_cons > 1387 XEN_NETIF_TX_RING_SIZE) { 1388 netdev_err(queue->vif->dev, 1389 "Impossible number of requests. " 1390 "req_prod %d, req_cons %d, size %ld\n", 1391 queue->tx.sring->req_prod, queue->tx.req_cons, 1392 XEN_NETIF_TX_RING_SIZE); 1393 xenvif_fatal_tx_err(queue->vif); 1394 break; 1395 } 1396 1397 work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&queue->tx); 1398 if (!work_to_do) 1399 break; 1400 1401 idx = queue->tx.req_cons; 1402 rmb(); /* Ensure that we see the request before we copy it. */ 1403 memcpy(&txreq, RING_GET_REQUEST(&queue->tx, idx), sizeof(txreq)); 1404 1405 /* Credit-based scheduling. */ 1406 if (txreq.size > queue->remaining_credit && 1407 tx_credit_exceeded(queue, txreq.size)) 1408 break; 1409 1410 queue->remaining_credit -= txreq.size; 1411 1412 work_to_do--; 1413 queue->tx.req_cons = ++idx; 1414 1415 memset(extras, 0, sizeof(extras)); 1416 if (txreq.flags & XEN_NETTXF_extra_info) { 1417 work_to_do = xenvif_get_extras(queue, extras, 1418 work_to_do); 1419 idx = queue->tx.req_cons; 1420 if (unlikely(work_to_do < 0)) 1421 break; 1422 } 1423 1424 ret = xenvif_count_requests(queue, &txreq, txfrags, work_to_do); 1425 if (unlikely(ret < 0)) 1426 break; 1427 1428 idx += ret; 1429 1430 if (unlikely(txreq.size < ETH_HLEN)) { 1431 netdev_dbg(queue->vif->dev, 1432 "Bad packet size: %d\n", txreq.size); 1433 xenvif_tx_err(queue, &txreq, idx); 1434 break; 1435 } 1436 1437 /* No crossing a page as the payload mustn't fragment. */ 1438 if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { 1439 netdev_err(queue->vif->dev, 1440 "txreq.offset: %x, size: %u, end: %lu\n", 1441 txreq.offset, txreq.size, 1442 (txreq.offset&~PAGE_MASK) + txreq.size); 1443 xenvif_fatal_tx_err(queue->vif); 1444 break; 1445 } 1446 1447 index = pending_index(queue->pending_cons); 1448 pending_idx = queue->pending_ring[index]; 1449 1450 data_len = (txreq.size > XEN_NETBACK_TX_COPY_LEN && 1451 ret < XEN_NETBK_LEGACY_SLOTS_MAX) ? 1452 XEN_NETBACK_TX_COPY_LEN : txreq.size; 1453 1454 skb = xenvif_alloc_skb(data_len); 1455 if (unlikely(skb == NULL)) { 1456 netdev_dbg(queue->vif->dev, 1457 "Can't allocate a skb in start_xmit.\n"); 1458 xenvif_tx_err(queue, &txreq, idx); 1459 break; 1460 } 1461 1462 if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) { 1463 struct xen_netif_extra_info *gso; 1464 gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; 1465 1466 if (xenvif_set_skb_gso(queue->vif, skb, gso)) { 1467 /* Failure in xenvif_set_skb_gso is fatal. */ 1468 kfree_skb(skb); 1469 break; 1470 } 1471 } 1472 1473 XENVIF_TX_CB(skb)->pending_idx = pending_idx; 1474 1475 __skb_put(skb, data_len); 1476 queue->tx_copy_ops[*copy_ops].source.u.ref = txreq.gref; 1477 queue->tx_copy_ops[*copy_ops].source.domid = queue->vif->domid; 1478 queue->tx_copy_ops[*copy_ops].source.offset = txreq.offset; 1479 1480 queue->tx_copy_ops[*copy_ops].dest.u.gmfn = 1481 virt_to_mfn(skb->data); 1482 queue->tx_copy_ops[*copy_ops].dest.domid = DOMID_SELF; 1483 queue->tx_copy_ops[*copy_ops].dest.offset = 1484 offset_in_page(skb->data); 1485 1486 queue->tx_copy_ops[*copy_ops].len = data_len; 1487 queue->tx_copy_ops[*copy_ops].flags = GNTCOPY_source_gref; 1488 1489 (*copy_ops)++; 1490 1491 skb_shinfo(skb)->nr_frags = ret; 1492 if (data_len < txreq.size) { 1493 skb_shinfo(skb)->nr_frags++; 1494 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1495 pending_idx); 1496 xenvif_tx_create_map_op(queue, pending_idx, &txreq, gop); 1497 gop++; 1498 } else { 1499 frag_set_pending_idx(&skb_shinfo(skb)->frags[0], 1500 INVALID_PENDING_IDX); 1501 memcpy(&queue->pending_tx_info[pending_idx].req, &txreq, 1502 sizeof(txreq)); 1503 } 1504 1505 queue->pending_cons++; 1506 1507 request_gop = xenvif_get_requests(queue, skb, txfrags, gop); 1508 if (request_gop == NULL) { 1509 kfree_skb(skb); 1510 xenvif_tx_err(queue, &txreq, idx); 1511 break; 1512 } 1513 gop = request_gop; 1514 1515 __skb_queue_tail(&queue->tx_queue, skb); 1516 1517 queue->tx.req_cons = idx; 1518 1519 if (((gop-queue->tx_map_ops) >= ARRAY_SIZE(queue->tx_map_ops)) || 1520 (*copy_ops >= ARRAY_SIZE(queue->tx_copy_ops))) 1521 break; 1522 } 1523 1524 (*map_ops) = gop - queue->tx_map_ops; 1525 return; 1526 } 1527 1528 /* Consolidate skb with a frag_list into a brand new one with local pages on 1529 * frags. Returns 0 or -ENOMEM if can't allocate new pages. 1530 */ 1531 static int xenvif_handle_frag_list(struct xenvif_queue *queue, struct sk_buff *skb) 1532 { 1533 unsigned int offset = skb_headlen(skb); 1534 skb_frag_t frags[MAX_SKB_FRAGS]; 1535 int i; 1536 struct ubuf_info *uarg; 1537 struct sk_buff *nskb = skb_shinfo(skb)->frag_list; 1538 1539 queue->stats.tx_zerocopy_sent += 2; 1540 queue->stats.tx_frag_overflow++; 1541 1542 xenvif_fill_frags(queue, nskb); 1543 /* Subtract frags size, we will correct it later */ 1544 skb->truesize -= skb->data_len; 1545 skb->len += nskb->len; 1546 skb->data_len += nskb->len; 1547 1548 /* create a brand new frags array and coalesce there */ 1549 for (i = 0; offset < skb->len; i++) { 1550 struct page *page; 1551 unsigned int len; 1552 1553 BUG_ON(i >= MAX_SKB_FRAGS); 1554 page = alloc_page(GFP_ATOMIC); 1555 if (!page) { 1556 int j; 1557 skb->truesize += skb->data_len; 1558 for (j = 0; j < i; j++) 1559 put_page(frags[j].page.p); 1560 return -ENOMEM; 1561 } 1562 1563 if (offset + PAGE_SIZE < skb->len) 1564 len = PAGE_SIZE; 1565 else 1566 len = skb->len - offset; 1567 if (skb_copy_bits(skb, offset, page_address(page), len)) 1568 BUG(); 1569 1570 offset += len; 1571 frags[i].page.p = page; 1572 frags[i].page_offset = 0; 1573 skb_frag_size_set(&frags[i], len); 1574 } 1575 /* swap out with old one */ 1576 memcpy(skb_shinfo(skb)->frags, 1577 frags, 1578 i * sizeof(skb_frag_t)); 1579 skb_shinfo(skb)->nr_frags = i; 1580 skb->truesize += i * PAGE_SIZE; 1581 1582 /* remove traces of mapped pages and frag_list */ 1583 skb_frag_list_init(skb); 1584 uarg = skb_shinfo(skb)->destructor_arg; 1585 /* increase inflight counter to offset decrement in callback */ 1586 atomic_inc(&queue->inflight_packets); 1587 uarg->callback(uarg, true); 1588 skb_shinfo(skb)->destructor_arg = NULL; 1589 1590 xenvif_skb_zerocopy_prepare(queue, nskb); 1591 kfree_skb(nskb); 1592 1593 return 0; 1594 } 1595 1596 static int xenvif_tx_submit(struct xenvif_queue *queue) 1597 { 1598 struct gnttab_map_grant_ref *gop_map = queue->tx_map_ops; 1599 struct gnttab_copy *gop_copy = queue->tx_copy_ops; 1600 struct sk_buff *skb; 1601 int work_done = 0; 1602 1603 while ((skb = __skb_dequeue(&queue->tx_queue)) != NULL) { 1604 struct xen_netif_tx_request *txp; 1605 u16 pending_idx; 1606 unsigned data_len; 1607 1608 pending_idx = XENVIF_TX_CB(skb)->pending_idx; 1609 txp = &queue->pending_tx_info[pending_idx].req; 1610 1611 /* Check the remap error code. */ 1612 if (unlikely(xenvif_tx_check_gop(queue, skb, &gop_map, &gop_copy))) { 1613 /* If there was an error, xenvif_tx_check_gop is 1614 * expected to release all the frags which were mapped, 1615 * so kfree_skb shouldn't do it again 1616 */ 1617 skb_shinfo(skb)->nr_frags = 0; 1618 if (skb_has_frag_list(skb)) { 1619 struct sk_buff *nskb = 1620 skb_shinfo(skb)->frag_list; 1621 skb_shinfo(nskb)->nr_frags = 0; 1622 } 1623 kfree_skb(skb); 1624 continue; 1625 } 1626 1627 data_len = skb->len; 1628 callback_param(queue, pending_idx).ctx = NULL; 1629 if (data_len < txp->size) { 1630 /* Append the packet payload as a fragment. */ 1631 txp->offset += data_len; 1632 txp->size -= data_len; 1633 } else { 1634 /* Schedule a response immediately. */ 1635 xenvif_idx_release(queue, pending_idx, 1636 XEN_NETIF_RSP_OKAY); 1637 } 1638 1639 if (txp->flags & XEN_NETTXF_csum_blank) 1640 skb->ip_summed = CHECKSUM_PARTIAL; 1641 else if (txp->flags & XEN_NETTXF_data_validated) 1642 skb->ip_summed = CHECKSUM_UNNECESSARY; 1643 1644 xenvif_fill_frags(queue, skb); 1645 1646 if (unlikely(skb_has_frag_list(skb))) { 1647 if (xenvif_handle_frag_list(queue, skb)) { 1648 if (net_ratelimit()) 1649 netdev_err(queue->vif->dev, 1650 "Not enough memory to consolidate frag_list!\n"); 1651 xenvif_skb_zerocopy_prepare(queue, skb); 1652 kfree_skb(skb); 1653 continue; 1654 } 1655 } 1656 1657 skb->dev = queue->vif->dev; 1658 skb->protocol = eth_type_trans(skb, skb->dev); 1659 skb_reset_network_header(skb); 1660 1661 if (checksum_setup(queue, skb)) { 1662 netdev_dbg(queue->vif->dev, 1663 "Can't setup checksum in net_tx_action\n"); 1664 /* We have to set this flag to trigger the callback */ 1665 if (skb_shinfo(skb)->destructor_arg) 1666 xenvif_skb_zerocopy_prepare(queue, skb); 1667 kfree_skb(skb); 1668 continue; 1669 } 1670 1671 skb_probe_transport_header(skb, 0); 1672 1673 /* If the packet is GSO then we will have just set up the 1674 * transport header offset in checksum_setup so it's now 1675 * straightforward to calculate gso_segs. 1676 */ 1677 if (skb_is_gso(skb)) { 1678 int mss = skb_shinfo(skb)->gso_size; 1679 int hdrlen = skb_transport_header(skb) - 1680 skb_mac_header(skb) + 1681 tcp_hdrlen(skb); 1682 1683 skb_shinfo(skb)->gso_segs = 1684 DIV_ROUND_UP(skb->len - hdrlen, mss); 1685 } 1686 1687 queue->stats.rx_bytes += skb->len; 1688 queue->stats.rx_packets++; 1689 1690 work_done++; 1691 1692 /* Set this flag right before netif_receive_skb, otherwise 1693 * someone might think this packet already left netback, and 1694 * do a skb_copy_ubufs while we are still in control of the 1695 * skb. E.g. the __pskb_pull_tail earlier can do such thing. 1696 */ 1697 if (skb_shinfo(skb)->destructor_arg) { 1698 xenvif_skb_zerocopy_prepare(queue, skb); 1699 queue->stats.tx_zerocopy_sent++; 1700 } 1701 1702 netif_receive_skb(skb); 1703 } 1704 1705 return work_done; 1706 } 1707 1708 void xenvif_zerocopy_callback(struct ubuf_info *ubuf, bool zerocopy_success) 1709 { 1710 unsigned long flags; 1711 pending_ring_idx_t index; 1712 struct xenvif_queue *queue = ubuf_to_queue(ubuf); 1713 1714 /* This is the only place where we grab this lock, to protect callbacks 1715 * from each other. 1716 */ 1717 spin_lock_irqsave(&queue->callback_lock, flags); 1718 do { 1719 u16 pending_idx = ubuf->desc; 1720 ubuf = (struct ubuf_info *) ubuf->ctx; 1721 BUG_ON(queue->dealloc_prod - queue->dealloc_cons >= 1722 MAX_PENDING_REQS); 1723 index = pending_index(queue->dealloc_prod); 1724 queue->dealloc_ring[index] = pending_idx; 1725 /* Sync with xenvif_tx_dealloc_action: 1726 * insert idx then incr producer. 1727 */ 1728 smp_wmb(); 1729 queue->dealloc_prod++; 1730 } while (ubuf); 1731 wake_up(&queue->dealloc_wq); 1732 spin_unlock_irqrestore(&queue->callback_lock, flags); 1733 1734 if (likely(zerocopy_success)) 1735 queue->stats.tx_zerocopy_success++; 1736 else 1737 queue->stats.tx_zerocopy_fail++; 1738 xenvif_skb_zerocopy_complete(queue); 1739 } 1740 1741 static inline void xenvif_tx_dealloc_action(struct xenvif_queue *queue) 1742 { 1743 struct gnttab_unmap_grant_ref *gop; 1744 pending_ring_idx_t dc, dp; 1745 u16 pending_idx, pending_idx_release[MAX_PENDING_REQS]; 1746 unsigned int i = 0; 1747 1748 dc = queue->dealloc_cons; 1749 gop = queue->tx_unmap_ops; 1750 1751 /* Free up any grants we have finished using */ 1752 do { 1753 dp = queue->dealloc_prod; 1754 1755 /* Ensure we see all indices enqueued by all 1756 * xenvif_zerocopy_callback(). 1757 */ 1758 smp_rmb(); 1759 1760 while (dc != dp) { 1761 BUG_ON(gop - queue->tx_unmap_ops > MAX_PENDING_REQS); 1762 pending_idx = 1763 queue->dealloc_ring[pending_index(dc++)]; 1764 1765 pending_idx_release[gop-queue->tx_unmap_ops] = 1766 pending_idx; 1767 queue->pages_to_unmap[gop-queue->tx_unmap_ops] = 1768 queue->mmap_pages[pending_idx]; 1769 gnttab_set_unmap_op(gop, 1770 idx_to_kaddr(queue, pending_idx), 1771 GNTMAP_host_map, 1772 queue->grant_tx_handle[pending_idx]); 1773 xenvif_grant_handle_reset(queue, pending_idx); 1774 ++gop; 1775 } 1776 1777 } while (dp != queue->dealloc_prod); 1778 1779 queue->dealloc_cons = dc; 1780 1781 if (gop - queue->tx_unmap_ops > 0) { 1782 int ret; 1783 ret = gnttab_unmap_refs(queue->tx_unmap_ops, 1784 NULL, 1785 queue->pages_to_unmap, 1786 gop - queue->tx_unmap_ops); 1787 if (ret) { 1788 netdev_err(queue->vif->dev, "Unmap fail: nr_ops %tx ret %d\n", 1789 gop - queue->tx_unmap_ops, ret); 1790 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) { 1791 if (gop[i].status != GNTST_okay) 1792 netdev_err(queue->vif->dev, 1793 " host_addr: %llx handle: %x status: %d\n", 1794 gop[i].host_addr, 1795 gop[i].handle, 1796 gop[i].status); 1797 } 1798 BUG(); 1799 } 1800 } 1801 1802 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) 1803 xenvif_idx_release(queue, pending_idx_release[i], 1804 XEN_NETIF_RSP_OKAY); 1805 } 1806 1807 1808 /* Called after netfront has transmitted */ 1809 int xenvif_tx_action(struct xenvif_queue *queue, int budget) 1810 { 1811 unsigned nr_mops, nr_cops = 0; 1812 int work_done, ret; 1813 1814 if (unlikely(!tx_work_todo(queue))) 1815 return 0; 1816 1817 xenvif_tx_build_gops(queue, budget, &nr_cops, &nr_mops); 1818 1819 if (nr_cops == 0) 1820 return 0; 1821 1822 gnttab_batch_copy(queue->tx_copy_ops, nr_cops); 1823 if (nr_mops != 0) { 1824 ret = gnttab_map_refs(queue->tx_map_ops, 1825 NULL, 1826 queue->pages_to_map, 1827 nr_mops); 1828 BUG_ON(ret); 1829 } 1830 1831 work_done = xenvif_tx_submit(queue); 1832 1833 return work_done; 1834 } 1835 1836 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, 1837 u8 status) 1838 { 1839 struct pending_tx_info *pending_tx_info; 1840 pending_ring_idx_t index; 1841 unsigned long flags; 1842 1843 pending_tx_info = &queue->pending_tx_info[pending_idx]; 1844 spin_lock_irqsave(&queue->response_lock, flags); 1845 make_tx_response(queue, &pending_tx_info->req, status); 1846 index = pending_index(queue->pending_prod); 1847 queue->pending_ring[index] = pending_idx; 1848 /* TX shouldn't use the index before we give it back here */ 1849 mb(); 1850 queue->pending_prod++; 1851 spin_unlock_irqrestore(&queue->response_lock, flags); 1852 } 1853 1854 1855 static void make_tx_response(struct xenvif_queue *queue, 1856 struct xen_netif_tx_request *txp, 1857 s8 st) 1858 { 1859 RING_IDX i = queue->tx.rsp_prod_pvt; 1860 struct xen_netif_tx_response *resp; 1861 int notify; 1862 1863 resp = RING_GET_RESPONSE(&queue->tx, i); 1864 resp->id = txp->id; 1865 resp->status = st; 1866 1867 if (txp->flags & XEN_NETTXF_extra_info) 1868 RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL; 1869 1870 queue->tx.rsp_prod_pvt = ++i; 1871 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify); 1872 if (notify) 1873 notify_remote_via_irq(queue->tx_irq); 1874 } 1875 1876 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue, 1877 u16 id, 1878 s8 st, 1879 u16 offset, 1880 u16 size, 1881 u16 flags) 1882 { 1883 RING_IDX i = queue->rx.rsp_prod_pvt; 1884 struct xen_netif_rx_response *resp; 1885 1886 resp = RING_GET_RESPONSE(&queue->rx, i); 1887 resp->offset = offset; 1888 resp->flags = flags; 1889 resp->id = id; 1890 resp->status = (s16)size; 1891 if (st < 0) 1892 resp->status = (s16)st; 1893 1894 queue->rx.rsp_prod_pvt = ++i; 1895 1896 return resp; 1897 } 1898 1899 void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx) 1900 { 1901 int ret; 1902 struct gnttab_unmap_grant_ref tx_unmap_op; 1903 1904 gnttab_set_unmap_op(&tx_unmap_op, 1905 idx_to_kaddr(queue, pending_idx), 1906 GNTMAP_host_map, 1907 queue->grant_tx_handle[pending_idx]); 1908 xenvif_grant_handle_reset(queue, pending_idx); 1909 1910 ret = gnttab_unmap_refs(&tx_unmap_op, NULL, 1911 &queue->mmap_pages[pending_idx], 1); 1912 if (ret) { 1913 netdev_err(queue->vif->dev, 1914 "Unmap fail: ret: %d pending_idx: %d host_addr: %llx handle: %x status: %d\n", 1915 ret, 1916 pending_idx, 1917 tx_unmap_op.host_addr, 1918 tx_unmap_op.handle, 1919 tx_unmap_op.status); 1920 BUG(); 1921 } 1922 } 1923 1924 static inline int tx_work_todo(struct xenvif_queue *queue) 1925 { 1926 if (likely(RING_HAS_UNCONSUMED_REQUESTS(&queue->tx))) 1927 return 1; 1928 1929 return 0; 1930 } 1931 1932 static inline bool tx_dealloc_work_todo(struct xenvif_queue *queue) 1933 { 1934 return queue->dealloc_cons != queue->dealloc_prod; 1935 } 1936 1937 void xenvif_unmap_frontend_rings(struct xenvif_queue *queue) 1938 { 1939 if (queue->tx.sring) 1940 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1941 queue->tx.sring); 1942 if (queue->rx.sring) 1943 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif), 1944 queue->rx.sring); 1945 } 1946 1947 int xenvif_map_frontend_rings(struct xenvif_queue *queue, 1948 grant_ref_t tx_ring_ref, 1949 grant_ref_t rx_ring_ref) 1950 { 1951 void *addr; 1952 struct xen_netif_tx_sring *txs; 1953 struct xen_netif_rx_sring *rxs; 1954 1955 int err = -ENOMEM; 1956 1957 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1958 tx_ring_ref, &addr); 1959 if (err) 1960 goto err; 1961 1962 txs = (struct xen_netif_tx_sring *)addr; 1963 BACK_RING_INIT(&queue->tx, txs, PAGE_SIZE); 1964 1965 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif), 1966 rx_ring_ref, &addr); 1967 if (err) 1968 goto err; 1969 1970 rxs = (struct xen_netif_rx_sring *)addr; 1971 BACK_RING_INIT(&queue->rx, rxs, PAGE_SIZE); 1972 1973 return 0; 1974 1975 err: 1976 xenvif_unmap_frontend_rings(queue); 1977 return err; 1978 } 1979 1980 static void xenvif_queue_carrier_off(struct xenvif_queue *queue) 1981 { 1982 struct xenvif *vif = queue->vif; 1983 1984 queue->stalled = true; 1985 1986 /* At least one queue has stalled? Disable the carrier. */ 1987 spin_lock(&vif->lock); 1988 if (vif->stalled_queues++ == 0) { 1989 netdev_info(vif->dev, "Guest Rx stalled"); 1990 netif_carrier_off(vif->dev); 1991 } 1992 spin_unlock(&vif->lock); 1993 } 1994 1995 static void xenvif_queue_carrier_on(struct xenvif_queue *queue) 1996 { 1997 struct xenvif *vif = queue->vif; 1998 1999 queue->last_rx_time = jiffies; /* Reset Rx stall detection. */ 2000 queue->stalled = false; 2001 2002 /* All queues are ready? Enable the carrier. */ 2003 spin_lock(&vif->lock); 2004 if (--vif->stalled_queues == 0) { 2005 netdev_info(vif->dev, "Guest Rx ready"); 2006 netif_carrier_on(vif->dev); 2007 } 2008 spin_unlock(&vif->lock); 2009 } 2010 2011 static bool xenvif_rx_queue_stalled(struct xenvif_queue *queue) 2012 { 2013 RING_IDX prod, cons; 2014 2015 prod = queue->rx.sring->req_prod; 2016 cons = queue->rx.req_cons; 2017 2018 return !queue->stalled 2019 && prod - cons < XEN_NETBK_RX_SLOTS_MAX 2020 && time_after(jiffies, 2021 queue->last_rx_time + queue->vif->stall_timeout); 2022 } 2023 2024 static bool xenvif_rx_queue_ready(struct xenvif_queue *queue) 2025 { 2026 RING_IDX prod, cons; 2027 2028 prod = queue->rx.sring->req_prod; 2029 cons = queue->rx.req_cons; 2030 2031 return queue->stalled 2032 && prod - cons >= XEN_NETBK_RX_SLOTS_MAX; 2033 } 2034 2035 static bool xenvif_have_rx_work(struct xenvif_queue *queue) 2036 { 2037 return (!skb_queue_empty(&queue->rx_queue) 2038 && xenvif_rx_ring_slots_available(queue, XEN_NETBK_RX_SLOTS_MAX)) 2039 || (queue->vif->stall_timeout && 2040 (xenvif_rx_queue_stalled(queue) 2041 || xenvif_rx_queue_ready(queue))) 2042 || kthread_should_stop() 2043 || queue->vif->disabled; 2044 } 2045 2046 static long xenvif_rx_queue_timeout(struct xenvif_queue *queue) 2047 { 2048 struct sk_buff *skb; 2049 long timeout; 2050 2051 skb = skb_peek(&queue->rx_queue); 2052 if (!skb) 2053 return MAX_SCHEDULE_TIMEOUT; 2054 2055 timeout = XENVIF_RX_CB(skb)->expires - jiffies; 2056 return timeout < 0 ? 0 : timeout; 2057 } 2058 2059 /* Wait until the guest Rx thread has work. 2060 * 2061 * The timeout needs to be adjusted based on the current head of the 2062 * queue (and not just the head at the beginning). In particular, if 2063 * the queue is initially empty an infinite timeout is used and this 2064 * needs to be reduced when a skb is queued. 2065 * 2066 * This cannot be done with wait_event_timeout() because it only 2067 * calculates the timeout once. 2068 */ 2069 static void xenvif_wait_for_rx_work(struct xenvif_queue *queue) 2070 { 2071 DEFINE_WAIT(wait); 2072 2073 if (xenvif_have_rx_work(queue)) 2074 return; 2075 2076 for (;;) { 2077 long ret; 2078 2079 prepare_to_wait(&queue->wq, &wait, TASK_INTERRUPTIBLE); 2080 if (xenvif_have_rx_work(queue)) 2081 break; 2082 ret = schedule_timeout(xenvif_rx_queue_timeout(queue)); 2083 if (!ret) 2084 break; 2085 } 2086 finish_wait(&queue->wq, &wait); 2087 } 2088 2089 int xenvif_kthread_guest_rx(void *data) 2090 { 2091 struct xenvif_queue *queue = data; 2092 struct xenvif *vif = queue->vif; 2093 2094 if (!vif->stall_timeout) 2095 xenvif_queue_carrier_on(queue); 2096 2097 for (;;) { 2098 xenvif_wait_for_rx_work(queue); 2099 2100 if (kthread_should_stop()) 2101 break; 2102 2103 /* This frontend is found to be rogue, disable it in 2104 * kthread context. Currently this is only set when 2105 * netback finds out frontend sends malformed packet, 2106 * but we cannot disable the interface in softirq 2107 * context so we defer it here, if this thread is 2108 * associated with queue 0. 2109 */ 2110 if (unlikely(vif->disabled && queue->id == 0)) { 2111 xenvif_carrier_off(vif); 2112 xenvif_rx_queue_purge(queue); 2113 continue; 2114 } 2115 2116 if (!skb_queue_empty(&queue->rx_queue)) 2117 xenvif_rx_action(queue); 2118 2119 /* If the guest hasn't provided any Rx slots for a 2120 * while it's probably not responsive, drop the 2121 * carrier so packets are dropped earlier. 2122 */ 2123 if (vif->stall_timeout) { 2124 if (xenvif_rx_queue_stalled(queue)) 2125 xenvif_queue_carrier_off(queue); 2126 else if (xenvif_rx_queue_ready(queue)) 2127 xenvif_queue_carrier_on(queue); 2128 } 2129 2130 /* Queued packets may have foreign pages from other 2131 * domains. These cannot be queued indefinitely as 2132 * this would starve guests of grant refs and transmit 2133 * slots. 2134 */ 2135 xenvif_rx_queue_drop_expired(queue); 2136 2137 xenvif_rx_queue_maybe_wake(queue); 2138 2139 cond_resched(); 2140 } 2141 2142 /* Bin any remaining skbs */ 2143 xenvif_rx_queue_purge(queue); 2144 2145 return 0; 2146 } 2147 2148 static bool xenvif_dealloc_kthread_should_stop(struct xenvif_queue *queue) 2149 { 2150 /* Dealloc thread must remain running until all inflight 2151 * packets complete. 2152 */ 2153 return kthread_should_stop() && 2154 !atomic_read(&queue->inflight_packets); 2155 } 2156 2157 int xenvif_dealloc_kthread(void *data) 2158 { 2159 struct xenvif_queue *queue = data; 2160 2161 for (;;) { 2162 wait_event_interruptible(queue->dealloc_wq, 2163 tx_dealloc_work_todo(queue) || 2164 xenvif_dealloc_kthread_should_stop(queue)); 2165 if (xenvif_dealloc_kthread_should_stop(queue)) 2166 break; 2167 2168 xenvif_tx_dealloc_action(queue); 2169 cond_resched(); 2170 } 2171 2172 /* Unmap anything remaining*/ 2173 if (tx_dealloc_work_todo(queue)) 2174 xenvif_tx_dealloc_action(queue); 2175 2176 return 0; 2177 } 2178 2179 static int __init netback_init(void) 2180 { 2181 int rc = 0; 2182 2183 if (!xen_domain()) 2184 return -ENODEV; 2185 2186 /* Allow as many queues as there are CPUs, by default */ 2187 xenvif_max_queues = num_online_cpus(); 2188 2189 if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { 2190 pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", 2191 fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX); 2192 fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX; 2193 } 2194 2195 rc = xenvif_xenbus_init(); 2196 if (rc) 2197 goto failed_init; 2198 2199 #ifdef CONFIG_DEBUG_FS 2200 xen_netback_dbg_root = debugfs_create_dir("xen-netback", NULL); 2201 if (IS_ERR_OR_NULL(xen_netback_dbg_root)) 2202 pr_warn("Init of debugfs returned %ld!\n", 2203 PTR_ERR(xen_netback_dbg_root)); 2204 #endif /* CONFIG_DEBUG_FS */ 2205 2206 return 0; 2207 2208 failed_init: 2209 return rc; 2210 } 2211 2212 module_init(netback_init); 2213 2214 static void __exit netback_fini(void) 2215 { 2216 #ifdef CONFIG_DEBUG_FS 2217 if (!IS_ERR_OR_NULL(xen_netback_dbg_root)) 2218 debugfs_remove_recursive(xen_netback_dbg_root); 2219 #endif /* CONFIG_DEBUG_FS */ 2220 xenvif_xenbus_fini(); 2221 } 2222 module_exit(netback_fini); 2223 2224 MODULE_LICENSE("Dual BSD/GPL"); 2225 MODULE_ALIAS("xen-backend:vif"); 2226