1 /****************************************************************************** 2 * grant_table.c 3 * 4 * Granting foreign access to our memory reservation. 5 * 6 * Copyright (c) 2005-2006, Christopher Clark 7 * Copyright (c) 2004-2005, K A Fraser 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License version 2 11 * as published by the Free Software Foundation; or, when distributed 12 * separately from the Linux kernel or incorporated into other 13 * software packages, subject to the following license: 14 * 15 * Permission is hereby granted, free of charge, to any person obtaining a copy 16 * of this source file (the "Software"), to deal in the Software without 17 * restriction, including without limitation the rights to use, copy, modify, 18 * merge, publish, distribute, sublicense, and/or sell copies of the Software, 19 * and to permit persons to whom the Software is furnished to do so, subject to 20 * the following conditions: 21 * 22 * The above copyright notice and this permission notice shall be included in 23 * all copies or substantial portions of the Software. 24 * 25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 26 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 27 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 28 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 29 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 30 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 31 * IN THE SOFTWARE. 32 */ 33 34 #define pr_fmt(fmt) "xen:" KBUILD_MODNAME ": " fmt 35 36 #include <linux/module.h> 37 #include <linux/sched.h> 38 #include <linux/mm.h> 39 #include <linux/slab.h> 40 #include <linux/vmalloc.h> 41 #include <linux/uaccess.h> 42 #include <linux/io.h> 43 #include <linux/delay.h> 44 #include <linux/hardirq.h> 45 #include <linux/workqueue.h> 46 47 #include <xen/xen.h> 48 #include <xen/interface/xen.h> 49 #include <xen/page.h> 50 #include <xen/grant_table.h> 51 #include <xen/interface/memory.h> 52 #include <xen/hvc-console.h> 53 #include <xen/swiotlb-xen.h> 54 #include <xen/balloon.h> 55 #include <asm/xen/hypercall.h> 56 #include <asm/xen/interface.h> 57 58 #include <asm/pgtable.h> 59 #include <asm/sync_bitops.h> 60 61 /* External tools reserve first few grant table entries. */ 62 #define NR_RESERVED_ENTRIES 8 63 #define GNTTAB_LIST_END 0xffffffff 64 65 static grant_ref_t **gnttab_list; 66 static unsigned int nr_grant_frames; 67 static int gnttab_free_count; 68 static grant_ref_t gnttab_free_head; 69 static DEFINE_SPINLOCK(gnttab_list_lock); 70 struct grant_frames xen_auto_xlat_grant_frames; 71 72 static union { 73 struct grant_entry_v1 *v1; 74 void *addr; 75 } gnttab_shared; 76 77 /*This is a structure of function pointers for grant table*/ 78 struct gnttab_ops { 79 /* 80 * Mapping a list of frames for storing grant entries. Frames parameter 81 * is used to store grant table address when grant table being setup, 82 * nr_gframes is the number of frames to map grant table. Returning 83 * GNTST_okay means success and negative value means failure. 84 */ 85 int (*map_frames)(xen_pfn_t *frames, unsigned int nr_gframes); 86 /* 87 * Release a list of frames which are mapped in map_frames for grant 88 * entry status. 89 */ 90 void (*unmap_frames)(void); 91 /* 92 * Introducing a valid entry into the grant table, granting the frame of 93 * this grant entry to domain for accessing or transfering. Ref 94 * parameter is reference of this introduced grant entry, domid is id of 95 * granted domain, frame is the page frame to be granted, and flags is 96 * status of the grant entry to be updated. 97 */ 98 void (*update_entry)(grant_ref_t ref, domid_t domid, 99 unsigned long frame, unsigned flags); 100 /* 101 * Stop granting a grant entry to domain for accessing. Ref parameter is 102 * reference of a grant entry whose grant access will be stopped, 103 * readonly is not in use in this function. If the grant entry is 104 * currently mapped for reading or writing, just return failure(==0) 105 * directly and don't tear down the grant access. Otherwise, stop grant 106 * access for this entry and return success(==1). 107 */ 108 int (*end_foreign_access_ref)(grant_ref_t ref, int readonly); 109 /* 110 * Stop granting a grant entry to domain for transfer. Ref parameter is 111 * reference of a grant entry whose grant transfer will be stopped. If 112 * tranfer has not started, just reclaim the grant entry and return 113 * failure(==0). Otherwise, wait for the transfer to complete and then 114 * return the frame. 115 */ 116 unsigned long (*end_foreign_transfer_ref)(grant_ref_t ref); 117 /* 118 * Query the status of a grant entry. Ref parameter is reference of 119 * queried grant entry, return value is the status of queried entry. 120 * Detailed status(writing/reading) can be gotten from the return value 121 * by bit operations. 122 */ 123 int (*query_foreign_access)(grant_ref_t ref); 124 }; 125 126 static struct gnttab_ops *gnttab_interface; 127 128 static int grant_table_version; 129 static int grefs_per_grant_frame; 130 131 static struct gnttab_free_callback *gnttab_free_callback_list; 132 133 static int gnttab_expand(unsigned int req_entries); 134 135 #define RPP (PAGE_SIZE / sizeof(grant_ref_t)) 136 #define SPP (PAGE_SIZE / sizeof(grant_status_t)) 137 138 static inline grant_ref_t *__gnttab_entry(grant_ref_t entry) 139 { 140 return &gnttab_list[(entry) / RPP][(entry) % RPP]; 141 } 142 /* This can be used as an l-value */ 143 #define gnttab_entry(entry) (*__gnttab_entry(entry)) 144 145 static int get_free_entries(unsigned count) 146 { 147 unsigned long flags; 148 int ref, rc = 0; 149 grant_ref_t head; 150 151 spin_lock_irqsave(&gnttab_list_lock, flags); 152 153 if ((gnttab_free_count < count) && 154 ((rc = gnttab_expand(count - gnttab_free_count)) < 0)) { 155 spin_unlock_irqrestore(&gnttab_list_lock, flags); 156 return rc; 157 } 158 159 ref = head = gnttab_free_head; 160 gnttab_free_count -= count; 161 while (count-- > 1) 162 head = gnttab_entry(head); 163 gnttab_free_head = gnttab_entry(head); 164 gnttab_entry(head) = GNTTAB_LIST_END; 165 166 spin_unlock_irqrestore(&gnttab_list_lock, flags); 167 168 return ref; 169 } 170 171 static void do_free_callbacks(void) 172 { 173 struct gnttab_free_callback *callback, *next; 174 175 callback = gnttab_free_callback_list; 176 gnttab_free_callback_list = NULL; 177 178 while (callback != NULL) { 179 next = callback->next; 180 if (gnttab_free_count >= callback->count) { 181 callback->next = NULL; 182 callback->fn(callback->arg); 183 } else { 184 callback->next = gnttab_free_callback_list; 185 gnttab_free_callback_list = callback; 186 } 187 callback = next; 188 } 189 } 190 191 static inline void check_free_callbacks(void) 192 { 193 if (unlikely(gnttab_free_callback_list)) 194 do_free_callbacks(); 195 } 196 197 static void put_free_entry(grant_ref_t ref) 198 { 199 unsigned long flags; 200 spin_lock_irqsave(&gnttab_list_lock, flags); 201 gnttab_entry(ref) = gnttab_free_head; 202 gnttab_free_head = ref; 203 gnttab_free_count++; 204 check_free_callbacks(); 205 spin_unlock_irqrestore(&gnttab_list_lock, flags); 206 } 207 208 /* 209 * Following applies to gnttab_update_entry_v1. 210 * Introducing a valid entry into the grant table: 211 * 1. Write ent->domid. 212 * 2. Write ent->frame: 213 * GTF_permit_access: Frame to which access is permitted. 214 * GTF_accept_transfer: Pseudo-phys frame slot being filled by new 215 * frame, or zero if none. 216 * 3. Write memory barrier (WMB). 217 * 4. Write ent->flags, inc. valid type. 218 */ 219 static void gnttab_update_entry_v1(grant_ref_t ref, domid_t domid, 220 unsigned long frame, unsigned flags) 221 { 222 gnttab_shared.v1[ref].domid = domid; 223 gnttab_shared.v1[ref].frame = frame; 224 wmb(); 225 gnttab_shared.v1[ref].flags = flags; 226 } 227 228 /* 229 * Public grant-issuing interface functions 230 */ 231 void gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid, 232 unsigned long frame, int readonly) 233 { 234 gnttab_interface->update_entry(ref, domid, frame, 235 GTF_permit_access | (readonly ? GTF_readonly : 0)); 236 } 237 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access_ref); 238 239 int gnttab_grant_foreign_access(domid_t domid, unsigned long frame, 240 int readonly) 241 { 242 int ref; 243 244 ref = get_free_entries(1); 245 if (unlikely(ref < 0)) 246 return -ENOSPC; 247 248 gnttab_grant_foreign_access_ref(ref, domid, frame, readonly); 249 250 return ref; 251 } 252 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_access); 253 254 static int gnttab_query_foreign_access_v1(grant_ref_t ref) 255 { 256 return gnttab_shared.v1[ref].flags & (GTF_reading|GTF_writing); 257 } 258 259 int gnttab_query_foreign_access(grant_ref_t ref) 260 { 261 return gnttab_interface->query_foreign_access(ref); 262 } 263 EXPORT_SYMBOL_GPL(gnttab_query_foreign_access); 264 265 static int gnttab_end_foreign_access_ref_v1(grant_ref_t ref, int readonly) 266 { 267 u16 flags, nflags; 268 u16 *pflags; 269 270 pflags = &gnttab_shared.v1[ref].flags; 271 nflags = *pflags; 272 do { 273 flags = nflags; 274 if (flags & (GTF_reading|GTF_writing)) 275 return 0; 276 } while ((nflags = sync_cmpxchg(pflags, flags, 0)) != flags); 277 278 return 1; 279 } 280 281 static inline int _gnttab_end_foreign_access_ref(grant_ref_t ref, int readonly) 282 { 283 return gnttab_interface->end_foreign_access_ref(ref, readonly); 284 } 285 286 int gnttab_end_foreign_access_ref(grant_ref_t ref, int readonly) 287 { 288 if (_gnttab_end_foreign_access_ref(ref, readonly)) 289 return 1; 290 pr_warn("WARNING: g.e. %#x still in use!\n", ref); 291 return 0; 292 } 293 EXPORT_SYMBOL_GPL(gnttab_end_foreign_access_ref); 294 295 struct deferred_entry { 296 struct list_head list; 297 grant_ref_t ref; 298 bool ro; 299 uint16_t warn_delay; 300 struct page *page; 301 }; 302 static LIST_HEAD(deferred_list); 303 static void gnttab_handle_deferred(unsigned long); 304 static DEFINE_TIMER(deferred_timer, gnttab_handle_deferred, 0, 0); 305 306 static void gnttab_handle_deferred(unsigned long unused) 307 { 308 unsigned int nr = 10; 309 struct deferred_entry *first = NULL; 310 unsigned long flags; 311 312 spin_lock_irqsave(&gnttab_list_lock, flags); 313 while (nr--) { 314 struct deferred_entry *entry 315 = list_first_entry(&deferred_list, 316 struct deferred_entry, list); 317 318 if (entry == first) 319 break; 320 list_del(&entry->list); 321 spin_unlock_irqrestore(&gnttab_list_lock, flags); 322 if (_gnttab_end_foreign_access_ref(entry->ref, entry->ro)) { 323 put_free_entry(entry->ref); 324 if (entry->page) { 325 pr_debug("freeing g.e. %#x (pfn %#lx)\n", 326 entry->ref, page_to_pfn(entry->page)); 327 __free_page(entry->page); 328 } else 329 pr_info("freeing g.e. %#x\n", entry->ref); 330 kfree(entry); 331 entry = NULL; 332 } else { 333 if (!--entry->warn_delay) 334 pr_info("g.e. %#x still pending\n", entry->ref); 335 if (!first) 336 first = entry; 337 } 338 spin_lock_irqsave(&gnttab_list_lock, flags); 339 if (entry) 340 list_add_tail(&entry->list, &deferred_list); 341 else if (list_empty(&deferred_list)) 342 break; 343 } 344 if (!list_empty(&deferred_list) && !timer_pending(&deferred_timer)) { 345 deferred_timer.expires = jiffies + HZ; 346 add_timer(&deferred_timer); 347 } 348 spin_unlock_irqrestore(&gnttab_list_lock, flags); 349 } 350 351 static void gnttab_add_deferred(grant_ref_t ref, bool readonly, 352 struct page *page) 353 { 354 struct deferred_entry *entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 355 const char *what = KERN_WARNING "leaking"; 356 357 if (entry) { 358 unsigned long flags; 359 360 entry->ref = ref; 361 entry->ro = readonly; 362 entry->page = page; 363 entry->warn_delay = 60; 364 spin_lock_irqsave(&gnttab_list_lock, flags); 365 list_add_tail(&entry->list, &deferred_list); 366 if (!timer_pending(&deferred_timer)) { 367 deferred_timer.expires = jiffies + HZ; 368 add_timer(&deferred_timer); 369 } 370 spin_unlock_irqrestore(&gnttab_list_lock, flags); 371 what = KERN_DEBUG "deferring"; 372 } 373 printk("%s g.e. %#x (pfn %#lx)\n", 374 what, ref, page ? page_to_pfn(page) : -1); 375 } 376 377 void gnttab_end_foreign_access(grant_ref_t ref, int readonly, 378 unsigned long page) 379 { 380 if (gnttab_end_foreign_access_ref(ref, readonly)) { 381 put_free_entry(ref); 382 if (page != 0) 383 free_page(page); 384 } else 385 gnttab_add_deferred(ref, readonly, 386 page ? virt_to_page(page) : NULL); 387 } 388 EXPORT_SYMBOL_GPL(gnttab_end_foreign_access); 389 390 int gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn) 391 { 392 int ref; 393 394 ref = get_free_entries(1); 395 if (unlikely(ref < 0)) 396 return -ENOSPC; 397 gnttab_grant_foreign_transfer_ref(ref, domid, pfn); 398 399 return ref; 400 } 401 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_transfer); 402 403 void gnttab_grant_foreign_transfer_ref(grant_ref_t ref, domid_t domid, 404 unsigned long pfn) 405 { 406 gnttab_interface->update_entry(ref, domid, pfn, GTF_accept_transfer); 407 } 408 EXPORT_SYMBOL_GPL(gnttab_grant_foreign_transfer_ref); 409 410 static unsigned long gnttab_end_foreign_transfer_ref_v1(grant_ref_t ref) 411 { 412 unsigned long frame; 413 u16 flags; 414 u16 *pflags; 415 416 pflags = &gnttab_shared.v1[ref].flags; 417 418 /* 419 * If a transfer is not even yet started, try to reclaim the grant 420 * reference and return failure (== 0). 421 */ 422 while (!((flags = *pflags) & GTF_transfer_committed)) { 423 if (sync_cmpxchg(pflags, flags, 0) == flags) 424 return 0; 425 cpu_relax(); 426 } 427 428 /* If a transfer is in progress then wait until it is completed. */ 429 while (!(flags & GTF_transfer_completed)) { 430 flags = *pflags; 431 cpu_relax(); 432 } 433 434 rmb(); /* Read the frame number /after/ reading completion status. */ 435 frame = gnttab_shared.v1[ref].frame; 436 BUG_ON(frame == 0); 437 438 return frame; 439 } 440 441 unsigned long gnttab_end_foreign_transfer_ref(grant_ref_t ref) 442 { 443 return gnttab_interface->end_foreign_transfer_ref(ref); 444 } 445 EXPORT_SYMBOL_GPL(gnttab_end_foreign_transfer_ref); 446 447 unsigned long gnttab_end_foreign_transfer(grant_ref_t ref) 448 { 449 unsigned long frame = gnttab_end_foreign_transfer_ref(ref); 450 put_free_entry(ref); 451 return frame; 452 } 453 EXPORT_SYMBOL_GPL(gnttab_end_foreign_transfer); 454 455 void gnttab_free_grant_reference(grant_ref_t ref) 456 { 457 put_free_entry(ref); 458 } 459 EXPORT_SYMBOL_GPL(gnttab_free_grant_reference); 460 461 void gnttab_free_grant_references(grant_ref_t head) 462 { 463 grant_ref_t ref; 464 unsigned long flags; 465 int count = 1; 466 if (head == GNTTAB_LIST_END) 467 return; 468 spin_lock_irqsave(&gnttab_list_lock, flags); 469 ref = head; 470 while (gnttab_entry(ref) != GNTTAB_LIST_END) { 471 ref = gnttab_entry(ref); 472 count++; 473 } 474 gnttab_entry(ref) = gnttab_free_head; 475 gnttab_free_head = head; 476 gnttab_free_count += count; 477 check_free_callbacks(); 478 spin_unlock_irqrestore(&gnttab_list_lock, flags); 479 } 480 EXPORT_SYMBOL_GPL(gnttab_free_grant_references); 481 482 int gnttab_alloc_grant_references(u16 count, grant_ref_t *head) 483 { 484 int h = get_free_entries(count); 485 486 if (h < 0) 487 return -ENOSPC; 488 489 *head = h; 490 491 return 0; 492 } 493 EXPORT_SYMBOL_GPL(gnttab_alloc_grant_references); 494 495 int gnttab_empty_grant_references(const grant_ref_t *private_head) 496 { 497 return (*private_head == GNTTAB_LIST_END); 498 } 499 EXPORT_SYMBOL_GPL(gnttab_empty_grant_references); 500 501 int gnttab_claim_grant_reference(grant_ref_t *private_head) 502 { 503 grant_ref_t g = *private_head; 504 if (unlikely(g == GNTTAB_LIST_END)) 505 return -ENOSPC; 506 *private_head = gnttab_entry(g); 507 return g; 508 } 509 EXPORT_SYMBOL_GPL(gnttab_claim_grant_reference); 510 511 void gnttab_release_grant_reference(grant_ref_t *private_head, 512 grant_ref_t release) 513 { 514 gnttab_entry(release) = *private_head; 515 *private_head = release; 516 } 517 EXPORT_SYMBOL_GPL(gnttab_release_grant_reference); 518 519 void gnttab_request_free_callback(struct gnttab_free_callback *callback, 520 void (*fn)(void *), void *arg, u16 count) 521 { 522 unsigned long flags; 523 struct gnttab_free_callback *cb; 524 525 spin_lock_irqsave(&gnttab_list_lock, flags); 526 527 /* Check if the callback is already on the list */ 528 cb = gnttab_free_callback_list; 529 while (cb) { 530 if (cb == callback) 531 goto out; 532 cb = cb->next; 533 } 534 535 callback->fn = fn; 536 callback->arg = arg; 537 callback->count = count; 538 callback->next = gnttab_free_callback_list; 539 gnttab_free_callback_list = callback; 540 check_free_callbacks(); 541 out: 542 spin_unlock_irqrestore(&gnttab_list_lock, flags); 543 } 544 EXPORT_SYMBOL_GPL(gnttab_request_free_callback); 545 546 void gnttab_cancel_free_callback(struct gnttab_free_callback *callback) 547 { 548 struct gnttab_free_callback **pcb; 549 unsigned long flags; 550 551 spin_lock_irqsave(&gnttab_list_lock, flags); 552 for (pcb = &gnttab_free_callback_list; *pcb; pcb = &(*pcb)->next) { 553 if (*pcb == callback) { 554 *pcb = callback->next; 555 break; 556 } 557 } 558 spin_unlock_irqrestore(&gnttab_list_lock, flags); 559 } 560 EXPORT_SYMBOL_GPL(gnttab_cancel_free_callback); 561 562 static int grow_gnttab_list(unsigned int more_frames) 563 { 564 unsigned int new_nr_grant_frames, extra_entries, i; 565 unsigned int nr_glist_frames, new_nr_glist_frames; 566 567 BUG_ON(grefs_per_grant_frame == 0); 568 569 new_nr_grant_frames = nr_grant_frames + more_frames; 570 extra_entries = more_frames * grefs_per_grant_frame; 571 572 nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; 573 new_nr_glist_frames = 574 (new_nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; 575 for (i = nr_glist_frames; i < new_nr_glist_frames; i++) { 576 gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_ATOMIC); 577 if (!gnttab_list[i]) 578 goto grow_nomem; 579 } 580 581 582 for (i = grefs_per_grant_frame * nr_grant_frames; 583 i < grefs_per_grant_frame * new_nr_grant_frames - 1; i++) 584 gnttab_entry(i) = i + 1; 585 586 gnttab_entry(i) = gnttab_free_head; 587 gnttab_free_head = grefs_per_grant_frame * nr_grant_frames; 588 gnttab_free_count += extra_entries; 589 590 nr_grant_frames = new_nr_grant_frames; 591 592 check_free_callbacks(); 593 594 return 0; 595 596 grow_nomem: 597 while (i-- > nr_glist_frames) 598 free_page((unsigned long) gnttab_list[i]); 599 return -ENOMEM; 600 } 601 602 static unsigned int __max_nr_grant_frames(void) 603 { 604 struct gnttab_query_size query; 605 int rc; 606 607 query.dom = DOMID_SELF; 608 609 rc = HYPERVISOR_grant_table_op(GNTTABOP_query_size, &query, 1); 610 if ((rc < 0) || (query.status != GNTST_okay)) 611 return 4; /* Legacy max supported number of frames */ 612 613 return query.max_nr_frames; 614 } 615 616 unsigned int gnttab_max_grant_frames(void) 617 { 618 unsigned int xen_max = __max_nr_grant_frames(); 619 static unsigned int boot_max_nr_grant_frames; 620 621 /* First time, initialize it properly. */ 622 if (!boot_max_nr_grant_frames) 623 boot_max_nr_grant_frames = __max_nr_grant_frames(); 624 625 if (xen_max > boot_max_nr_grant_frames) 626 return boot_max_nr_grant_frames; 627 return xen_max; 628 } 629 EXPORT_SYMBOL_GPL(gnttab_max_grant_frames); 630 631 int gnttab_setup_auto_xlat_frames(phys_addr_t addr) 632 { 633 xen_pfn_t *pfn; 634 unsigned int max_nr_gframes = __max_nr_grant_frames(); 635 unsigned int i; 636 void *vaddr; 637 638 if (xen_auto_xlat_grant_frames.count) 639 return -EINVAL; 640 641 vaddr = xen_remap(addr, PAGE_SIZE * max_nr_gframes); 642 if (vaddr == NULL) { 643 pr_warn("Failed to ioremap gnttab share frames (addr=%pa)!\n", 644 &addr); 645 return -ENOMEM; 646 } 647 pfn = kcalloc(max_nr_gframes, sizeof(pfn[0]), GFP_KERNEL); 648 if (!pfn) { 649 xen_unmap(vaddr); 650 return -ENOMEM; 651 } 652 for (i = 0; i < max_nr_gframes; i++) 653 pfn[i] = PFN_DOWN(addr) + i; 654 655 xen_auto_xlat_grant_frames.vaddr = vaddr; 656 xen_auto_xlat_grant_frames.pfn = pfn; 657 xen_auto_xlat_grant_frames.count = max_nr_gframes; 658 659 return 0; 660 } 661 EXPORT_SYMBOL_GPL(gnttab_setup_auto_xlat_frames); 662 663 void gnttab_free_auto_xlat_frames(void) 664 { 665 if (!xen_auto_xlat_grant_frames.count) 666 return; 667 kfree(xen_auto_xlat_grant_frames.pfn); 668 xen_unmap(xen_auto_xlat_grant_frames.vaddr); 669 670 xen_auto_xlat_grant_frames.pfn = NULL; 671 xen_auto_xlat_grant_frames.count = 0; 672 xen_auto_xlat_grant_frames.vaddr = NULL; 673 } 674 EXPORT_SYMBOL_GPL(gnttab_free_auto_xlat_frames); 675 676 /** 677 * gnttab_alloc_pages - alloc pages suitable for grant mapping into 678 * @nr_pages: number of pages to alloc 679 * @pages: returns the pages 680 */ 681 int gnttab_alloc_pages(int nr_pages, struct page **pages) 682 { 683 int i; 684 int ret; 685 686 ret = alloc_xenballooned_pages(nr_pages, pages, false); 687 if (ret < 0) 688 return ret; 689 690 for (i = 0; i < nr_pages; i++) { 691 #if BITS_PER_LONG < 64 692 struct xen_page_foreign *foreign; 693 694 foreign = kzalloc(sizeof(*foreign), GFP_KERNEL); 695 if (!foreign) { 696 gnttab_free_pages(nr_pages, pages); 697 return -ENOMEM; 698 } 699 set_page_private(pages[i], (unsigned long)foreign); 700 #endif 701 SetPagePrivate(pages[i]); 702 } 703 704 return 0; 705 } 706 EXPORT_SYMBOL(gnttab_alloc_pages); 707 708 /** 709 * gnttab_free_pages - free pages allocated by gnttab_alloc_pages() 710 * @nr_pages; number of pages to free 711 * @pages: the pages 712 */ 713 void gnttab_free_pages(int nr_pages, struct page **pages) 714 { 715 int i; 716 717 for (i = 0; i < nr_pages; i++) { 718 if (PagePrivate(pages[i])) { 719 #if BITS_PER_LONG < 64 720 kfree((void *)page_private(pages[i])); 721 #endif 722 ClearPagePrivate(pages[i]); 723 } 724 } 725 free_xenballooned_pages(nr_pages, pages); 726 } 727 EXPORT_SYMBOL(gnttab_free_pages); 728 729 /* Handling of paged out grant targets (GNTST_eagain) */ 730 #define MAX_DELAY 256 731 static inline void 732 gnttab_retry_eagain_gop(unsigned int cmd, void *gop, int16_t *status, 733 const char *func) 734 { 735 unsigned delay = 1; 736 737 do { 738 BUG_ON(HYPERVISOR_grant_table_op(cmd, gop, 1)); 739 if (*status == GNTST_eagain) 740 msleep(delay++); 741 } while ((*status == GNTST_eagain) && (delay < MAX_DELAY)); 742 743 if (delay >= MAX_DELAY) { 744 pr_err("%s: %s eagain grant\n", func, current->comm); 745 *status = GNTST_bad_page; 746 } 747 } 748 749 void gnttab_batch_map(struct gnttab_map_grant_ref *batch, unsigned count) 750 { 751 struct gnttab_map_grant_ref *op; 752 753 if (HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, batch, count)) 754 BUG(); 755 for (op = batch; op < batch + count; op++) 756 if (op->status == GNTST_eagain) 757 gnttab_retry_eagain_gop(GNTTABOP_map_grant_ref, op, 758 &op->status, __func__); 759 } 760 EXPORT_SYMBOL_GPL(gnttab_batch_map); 761 762 void gnttab_batch_copy(struct gnttab_copy *batch, unsigned count) 763 { 764 struct gnttab_copy *op; 765 766 if (HYPERVISOR_grant_table_op(GNTTABOP_copy, batch, count)) 767 BUG(); 768 for (op = batch; op < batch + count; op++) 769 if (op->status == GNTST_eagain) 770 gnttab_retry_eagain_gop(GNTTABOP_copy, op, 771 &op->status, __func__); 772 } 773 EXPORT_SYMBOL_GPL(gnttab_batch_copy); 774 775 int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops, 776 struct gnttab_map_grant_ref *kmap_ops, 777 struct page **pages, unsigned int count) 778 { 779 int i, ret; 780 781 ret = HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, map_ops, count); 782 if (ret) 783 return ret; 784 785 for (i = 0; i < count; i++) { 786 /* Retry eagain maps */ 787 if (map_ops[i].status == GNTST_eagain) 788 gnttab_retry_eagain_gop(GNTTABOP_map_grant_ref, map_ops + i, 789 &map_ops[i].status, __func__); 790 791 if (map_ops[i].status == GNTST_okay) { 792 struct xen_page_foreign *foreign; 793 794 SetPageForeign(pages[i]); 795 foreign = xen_page_foreign(pages[i]); 796 foreign->domid = map_ops[i].dom; 797 foreign->gref = map_ops[i].ref; 798 } 799 } 800 801 return set_foreign_p2m_mapping(map_ops, kmap_ops, pages, count); 802 } 803 EXPORT_SYMBOL_GPL(gnttab_map_refs); 804 805 int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, 806 struct gnttab_unmap_grant_ref *kunmap_ops, 807 struct page **pages, unsigned int count) 808 { 809 unsigned int i; 810 int ret; 811 812 ret = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, unmap_ops, count); 813 if (ret) 814 return ret; 815 816 for (i = 0; i < count; i++) 817 ClearPageForeign(pages[i]); 818 819 return clear_foreign_p2m_mapping(unmap_ops, kunmap_ops, pages, count); 820 } 821 EXPORT_SYMBOL_GPL(gnttab_unmap_refs); 822 823 #define GNTTAB_UNMAP_REFS_DELAY 5 824 825 static void __gnttab_unmap_refs_async(struct gntab_unmap_queue_data* item); 826 827 static void gnttab_unmap_work(struct work_struct *work) 828 { 829 struct gntab_unmap_queue_data 830 *unmap_data = container_of(work, 831 struct gntab_unmap_queue_data, 832 gnttab_work.work); 833 if (unmap_data->age != UINT_MAX) 834 unmap_data->age++; 835 __gnttab_unmap_refs_async(unmap_data); 836 } 837 838 static void __gnttab_unmap_refs_async(struct gntab_unmap_queue_data* item) 839 { 840 int ret; 841 int pc; 842 843 for (pc = 0; pc < item->count; pc++) { 844 if (page_count(item->pages[pc]) > 1) { 845 unsigned long delay = GNTTAB_UNMAP_REFS_DELAY * (item->age + 1); 846 schedule_delayed_work(&item->gnttab_work, 847 msecs_to_jiffies(delay)); 848 return; 849 } 850 } 851 852 ret = gnttab_unmap_refs(item->unmap_ops, item->kunmap_ops, 853 item->pages, item->count); 854 item->done(ret, item); 855 } 856 857 void gnttab_unmap_refs_async(struct gntab_unmap_queue_data* item) 858 { 859 INIT_DELAYED_WORK(&item->gnttab_work, gnttab_unmap_work); 860 item->age = 0; 861 862 __gnttab_unmap_refs_async(item); 863 } 864 EXPORT_SYMBOL_GPL(gnttab_unmap_refs_async); 865 866 static int gnttab_map_frames_v1(xen_pfn_t *frames, unsigned int nr_gframes) 867 { 868 int rc; 869 870 rc = arch_gnttab_map_shared(frames, nr_gframes, 871 gnttab_max_grant_frames(), 872 &gnttab_shared.addr); 873 BUG_ON(rc); 874 875 return 0; 876 } 877 878 static void gnttab_unmap_frames_v1(void) 879 { 880 arch_gnttab_unmap(gnttab_shared.addr, nr_grant_frames); 881 } 882 883 static int gnttab_map(unsigned int start_idx, unsigned int end_idx) 884 { 885 struct gnttab_setup_table setup; 886 xen_pfn_t *frames; 887 unsigned int nr_gframes = end_idx + 1; 888 int rc; 889 890 if (xen_feature(XENFEAT_auto_translated_physmap)) { 891 struct xen_add_to_physmap xatp; 892 unsigned int i = end_idx; 893 rc = 0; 894 BUG_ON(xen_auto_xlat_grant_frames.count < nr_gframes); 895 /* 896 * Loop backwards, so that the first hypercall has the largest 897 * index, ensuring that the table will grow only once. 898 */ 899 do { 900 xatp.domid = DOMID_SELF; 901 xatp.idx = i; 902 xatp.space = XENMAPSPACE_grant_table; 903 xatp.gpfn = xen_auto_xlat_grant_frames.pfn[i]; 904 rc = HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp); 905 if (rc != 0) { 906 pr_warn("grant table add_to_physmap failed, err=%d\n", 907 rc); 908 break; 909 } 910 } while (i-- > start_idx); 911 912 return rc; 913 } 914 915 /* No need for kzalloc as it is initialized in following hypercall 916 * GNTTABOP_setup_table. 917 */ 918 frames = kmalloc(nr_gframes * sizeof(unsigned long), GFP_ATOMIC); 919 if (!frames) 920 return -ENOMEM; 921 922 setup.dom = DOMID_SELF; 923 setup.nr_frames = nr_gframes; 924 set_xen_guest_handle(setup.frame_list, frames); 925 926 rc = HYPERVISOR_grant_table_op(GNTTABOP_setup_table, &setup, 1); 927 if (rc == -ENOSYS) { 928 kfree(frames); 929 return -ENOSYS; 930 } 931 932 BUG_ON(rc || setup.status); 933 934 rc = gnttab_interface->map_frames(frames, nr_gframes); 935 936 kfree(frames); 937 938 return rc; 939 } 940 941 static struct gnttab_ops gnttab_v1_ops = { 942 .map_frames = gnttab_map_frames_v1, 943 .unmap_frames = gnttab_unmap_frames_v1, 944 .update_entry = gnttab_update_entry_v1, 945 .end_foreign_access_ref = gnttab_end_foreign_access_ref_v1, 946 .end_foreign_transfer_ref = gnttab_end_foreign_transfer_ref_v1, 947 .query_foreign_access = gnttab_query_foreign_access_v1, 948 }; 949 950 static void gnttab_request_version(void) 951 { 952 /* Only version 1 is used, which will always be available. */ 953 grant_table_version = 1; 954 grefs_per_grant_frame = PAGE_SIZE / sizeof(struct grant_entry_v1); 955 gnttab_interface = &gnttab_v1_ops; 956 957 pr_info("Grant tables using version %d layout\n", grant_table_version); 958 } 959 960 static int gnttab_setup(void) 961 { 962 unsigned int max_nr_gframes; 963 964 max_nr_gframes = gnttab_max_grant_frames(); 965 if (max_nr_gframes < nr_grant_frames) 966 return -ENOSYS; 967 968 if (xen_feature(XENFEAT_auto_translated_physmap) && gnttab_shared.addr == NULL) { 969 gnttab_shared.addr = xen_auto_xlat_grant_frames.vaddr; 970 if (gnttab_shared.addr == NULL) { 971 pr_warn("gnttab share frames (addr=0x%08lx) is not mapped!\n", 972 (unsigned long)xen_auto_xlat_grant_frames.vaddr); 973 return -ENOMEM; 974 } 975 } 976 return gnttab_map(0, nr_grant_frames - 1); 977 } 978 979 int gnttab_resume(void) 980 { 981 gnttab_request_version(); 982 return gnttab_setup(); 983 } 984 985 int gnttab_suspend(void) 986 { 987 if (!xen_feature(XENFEAT_auto_translated_physmap)) 988 gnttab_interface->unmap_frames(); 989 return 0; 990 } 991 992 static int gnttab_expand(unsigned int req_entries) 993 { 994 int rc; 995 unsigned int cur, extra; 996 997 BUG_ON(grefs_per_grant_frame == 0); 998 cur = nr_grant_frames; 999 extra = ((req_entries + (grefs_per_grant_frame-1)) / 1000 grefs_per_grant_frame); 1001 if (cur + extra > gnttab_max_grant_frames()) 1002 return -ENOSPC; 1003 1004 rc = gnttab_map(cur, cur + extra - 1); 1005 if (rc == 0) 1006 rc = grow_gnttab_list(extra); 1007 1008 return rc; 1009 } 1010 1011 int gnttab_init(void) 1012 { 1013 int i; 1014 unsigned long max_nr_grant_frames; 1015 unsigned int max_nr_glist_frames, nr_glist_frames; 1016 unsigned int nr_init_grefs; 1017 int ret; 1018 1019 gnttab_request_version(); 1020 max_nr_grant_frames = gnttab_max_grant_frames(); 1021 nr_grant_frames = 1; 1022 1023 /* Determine the maximum number of frames required for the 1024 * grant reference free list on the current hypervisor. 1025 */ 1026 BUG_ON(grefs_per_grant_frame == 0); 1027 max_nr_glist_frames = (max_nr_grant_frames * 1028 grefs_per_grant_frame / RPP); 1029 1030 gnttab_list = kmalloc(max_nr_glist_frames * sizeof(grant_ref_t *), 1031 GFP_KERNEL); 1032 if (gnttab_list == NULL) 1033 return -ENOMEM; 1034 1035 nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; 1036 for (i = 0; i < nr_glist_frames; i++) { 1037 gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_KERNEL); 1038 if (gnttab_list[i] == NULL) { 1039 ret = -ENOMEM; 1040 goto ini_nomem; 1041 } 1042 } 1043 1044 ret = arch_gnttab_init(max_nr_grant_frames); 1045 if (ret < 0) 1046 goto ini_nomem; 1047 1048 if (gnttab_setup() < 0) { 1049 ret = -ENODEV; 1050 goto ini_nomem; 1051 } 1052 1053 nr_init_grefs = nr_grant_frames * grefs_per_grant_frame; 1054 1055 for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++) 1056 gnttab_entry(i) = i + 1; 1057 1058 gnttab_entry(nr_init_grefs - 1) = GNTTAB_LIST_END; 1059 gnttab_free_count = nr_init_grefs - NR_RESERVED_ENTRIES; 1060 gnttab_free_head = NR_RESERVED_ENTRIES; 1061 1062 printk("Grant table initialized\n"); 1063 return 0; 1064 1065 ini_nomem: 1066 for (i--; i >= 0; i--) 1067 free_page((unsigned long)gnttab_list[i]); 1068 kfree(gnttab_list); 1069 return ret; 1070 } 1071 EXPORT_SYMBOL_GPL(gnttab_init); 1072 1073 static int __gnttab_init(void) 1074 { 1075 /* Delay grant-table initialization in the PV on HVM case */ 1076 if (xen_hvm_domain()) 1077 return 0; 1078 1079 if (!xen_pv_domain()) 1080 return -ENODEV; 1081 1082 return gnttab_init(); 1083 } 1084 /* Starts after core_initcall so that xen_pvh_gnttab_setup can be called 1085 * beforehand to initialize xen_auto_xlat_grant_frames. */ 1086 core_initcall_sync(__gnttab_init); 1087