1 /*
2 * QEMU Hyper-V VMBus
3 *
4 * Copyright (c) 2017-2018 Virtuozzo International GmbH.
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 */
9
10 #include "qemu/osdep.h"
11 #include "qemu/error-report.h"
12 #include "qemu/main-loop.h"
13 #include "qapi/error.h"
14 #include "migration/vmstate.h"
15 #include "hw/qdev-properties.h"
16 #include "hw/qdev-properties-system.h"
17 #include "hw/hyperv/hyperv.h"
18 #include "hw/hyperv/vmbus.h"
19 #include "hw/hyperv/vmbus-bridge.h"
20 #include "hw/sysbus.h"
21 #include "cpu.h"
22 #include "trace.h"
23
24 enum {
25 VMGPADL_INIT,
26 VMGPADL_ALIVE,
27 VMGPADL_TEARINGDOWN,
28 VMGPADL_TORNDOWN,
29 };
30
31 struct VMBusGpadl {
32 /* GPADL id */
33 uint32_t id;
34 /* associated channel id (rudimentary?) */
35 uint32_t child_relid;
36
37 /* number of pages in the GPADL as declared in GPADL_HEADER message */
38 uint32_t num_gfns;
39 /*
40 * Due to limited message size, GPADL may not fit fully in a single
41 * GPADL_HEADER message, and is further popluated using GPADL_BODY
42 * messages. @seen_gfns is the number of pages seen so far; once it
43 * reaches @num_gfns, the GPADL is ready to use.
44 */
45 uint32_t seen_gfns;
46 /* array of GFNs (of size @num_gfns once allocated) */
47 uint64_t *gfns;
48
49 uint8_t state;
50
51 QTAILQ_ENTRY(VMBusGpadl) link;
52 VMBus *vmbus;
53 unsigned refcount;
54 };
55
56 /*
57 * Wrap sequential read from / write to GPADL.
58 */
59 typedef struct GpadlIter {
60 VMBusGpadl *gpadl;
61 AddressSpace *as;
62 DMADirection dir;
63 /* offset into GPADL where the next i/o will be performed */
64 uint32_t off;
65 /*
66 * Cached mapping of the currently accessed page, up to page boundary.
67 * Updated lazily on i/o.
68 * Note: MemoryRegionCache can not be used here because pages in the GPADL
69 * are non-contiguous and may belong to different memory regions.
70 */
71 void *map;
72 /* offset after last i/o (i.e. not affected by seek) */
73 uint32_t last_off;
74 /*
75 * Indicator that the iterator is active and may have a cached mapping.
76 * Allows to enforce bracketing of all i/o (which may create cached
77 * mappings) and thus exclude mapping leaks.
78 */
79 bool active;
80 } GpadlIter;
81
82 /*
83 * Ring buffer. There are two of them, sitting in the same GPADL, for each
84 * channel.
85 * Each ring buffer consists of a set of pages, with the first page containing
86 * the ring buffer header, and the remaining pages being for data packets.
87 */
88 typedef struct VMBusRingBufCommon {
89 AddressSpace *as;
90 /* GPA of the ring buffer header */
91 dma_addr_t rb_addr;
92 /* start and length of the ring buffer data area within GPADL */
93 uint32_t base;
94 uint32_t len;
95
96 GpadlIter iter;
97 } VMBusRingBufCommon;
98
99 typedef struct VMBusSendRingBuf {
100 VMBusRingBufCommon common;
101 /* current write index, to be committed at the end of send */
102 uint32_t wr_idx;
103 /* write index at the start of send */
104 uint32_t last_wr_idx;
105 /* space to be requested from the guest */
106 uint32_t wanted;
107 /* space reserved for planned sends */
108 uint32_t reserved;
109 /* last seen read index */
110 uint32_t last_seen_rd_idx;
111 } VMBusSendRingBuf;
112
113 typedef struct VMBusRecvRingBuf {
114 VMBusRingBufCommon common;
115 /* current read index, to be committed at the end of receive */
116 uint32_t rd_idx;
117 /* read index at the start of receive */
118 uint32_t last_rd_idx;
119 /* last seen write index */
120 uint32_t last_seen_wr_idx;
121 } VMBusRecvRingBuf;
122
123
124 enum {
125 VMOFFER_INIT,
126 VMOFFER_SENDING,
127 VMOFFER_SENT,
128 };
129
130 enum {
131 VMCHAN_INIT,
132 VMCHAN_OPENING,
133 VMCHAN_OPEN,
134 };
135
136 struct VMBusChannel {
137 VMBusDevice *dev;
138
139 /* channel id */
140 uint32_t id;
141 /*
142 * subchannel index within the device; subchannel #0 is "primary" and
143 * always exists
144 */
145 uint16_t subchan_idx;
146 uint32_t open_id;
147 /* VP_INDEX of the vCPU to notify with (synthetic) interrupts */
148 uint32_t target_vp;
149 /* GPADL id to use for the ring buffers */
150 uint32_t ringbuf_gpadl;
151 /* start (in pages) of the send ring buffer within @ringbuf_gpadl */
152 uint32_t ringbuf_send_offset;
153
154 uint8_t offer_state;
155 uint8_t state;
156 bool is_open;
157
158 /* main device worker; copied from the device class */
159 VMBusChannelNotifyCb notify_cb;
160 /*
161 * guest->host notifications, either sent directly or dispatched via
162 * interrupt page (older VMBus)
163 */
164 EventNotifier notifier;
165
166 VMBus *vmbus;
167 /*
168 * SINT route to signal with host->guest notifications; may be shared with
169 * the main VMBus SINT route
170 */
171 HvSintRoute *notify_route;
172 VMBusGpadl *gpadl;
173
174 VMBusSendRingBuf send_ringbuf;
175 VMBusRecvRingBuf recv_ringbuf;
176
177 QTAILQ_ENTRY(VMBusChannel) link;
178 };
179
180 /*
181 * Hyper-V spec mandates that every message port has 16 buffers, which means
182 * that the guest can post up to this many messages without blocking.
183 * Therefore a queue for incoming messages has to be provided.
184 * For outgoing (i.e. host->guest) messages there's no queue; the VMBus just
185 * doesn't transition to a new state until the message is known to have been
186 * successfully delivered to the respective SynIC message slot.
187 */
188 #define HV_MSG_QUEUE_LEN 16
189
190 /* Hyper-V devices never use channel #0. Must be something special. */
191 #define VMBUS_FIRST_CHANID 1
192 /* Each channel occupies one bit within a single event page sint slot. */
193 #define VMBUS_CHANID_COUNT (HV_EVENT_FLAGS_COUNT - VMBUS_FIRST_CHANID)
194 /* Leave a few connection numbers for other purposes. */
195 #define VMBUS_CHAN_CONNECTION_OFFSET 16
196
197 /*
198 * Since the success or failure of sending a message is reported
199 * asynchronously, the VMBus state machine has effectively two entry points:
200 * vmbus_run and vmbus_msg_cb (the latter is called when the host->guest
201 * message delivery status becomes known). Both are run as oneshot BHs on the
202 * main aio context, ensuring serialization.
203 */
204 enum {
205 VMBUS_LISTEN,
206 VMBUS_HANDSHAKE,
207 VMBUS_OFFER,
208 VMBUS_CREATE_GPADL,
209 VMBUS_TEARDOWN_GPADL,
210 VMBUS_OPEN_CHANNEL,
211 VMBUS_UNLOAD,
212 VMBUS_STATE_MAX
213 };
214
215 struct VMBus {
216 BusState parent;
217
218 uint8_t state;
219 /* protection against recursive aio_poll (see vmbus_run) */
220 bool in_progress;
221 /* whether there's a message being delivered to the guest */
222 bool msg_in_progress;
223 uint32_t version;
224 /* VP_INDEX of the vCPU to send messages and interrupts to */
225 uint32_t target_vp;
226 HvSintRoute *sint_route;
227 /*
228 * interrupt page for older protocol versions; newer ones use SynIC event
229 * flags directly
230 */
231 hwaddr int_page_gpa;
232
233 DECLARE_BITMAP(chanid_bitmap, VMBUS_CHANID_COUNT);
234
235 /* incoming message queue */
236 struct hyperv_post_message_input rx_queue[HV_MSG_QUEUE_LEN];
237 uint8_t rx_queue_head;
238 uint8_t rx_queue_size;
239 QemuMutex rx_queue_lock;
240
241 QTAILQ_HEAD(, VMBusGpadl) gpadl_list;
242 QTAILQ_HEAD(, VMBusChannel) channel_list;
243
244 /*
245 * guest->host notifications for older VMBus, to be dispatched via
246 * interrupt page
247 */
248 EventNotifier notifier;
249 };
250
gpadl_full(VMBusGpadl * gpadl)251 static bool gpadl_full(VMBusGpadl *gpadl)
252 {
253 return gpadl->seen_gfns == gpadl->num_gfns;
254 }
255
create_gpadl(VMBus * vmbus,uint32_t id,uint32_t child_relid,uint32_t num_gfns)256 static VMBusGpadl *create_gpadl(VMBus *vmbus, uint32_t id,
257 uint32_t child_relid, uint32_t num_gfns)
258 {
259 VMBusGpadl *gpadl = g_new0(VMBusGpadl, 1);
260
261 gpadl->id = id;
262 gpadl->child_relid = child_relid;
263 gpadl->num_gfns = num_gfns;
264 gpadl->gfns = g_new(uint64_t, num_gfns);
265 QTAILQ_INSERT_HEAD(&vmbus->gpadl_list, gpadl, link);
266 gpadl->vmbus = vmbus;
267 gpadl->refcount = 1;
268 return gpadl;
269 }
270
free_gpadl(VMBusGpadl * gpadl)271 static void free_gpadl(VMBusGpadl *gpadl)
272 {
273 QTAILQ_REMOVE(&gpadl->vmbus->gpadl_list, gpadl, link);
274 g_free(gpadl->gfns);
275 g_free(gpadl);
276 }
277
find_gpadl(VMBus * vmbus,uint32_t gpadl_id)278 static VMBusGpadl *find_gpadl(VMBus *vmbus, uint32_t gpadl_id)
279 {
280 VMBusGpadl *gpadl;
281 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
282 if (gpadl->id == gpadl_id) {
283 return gpadl;
284 }
285 }
286 return NULL;
287 }
288
vmbus_get_gpadl(VMBusChannel * chan,uint32_t gpadl_id)289 VMBusGpadl *vmbus_get_gpadl(VMBusChannel *chan, uint32_t gpadl_id)
290 {
291 VMBusGpadl *gpadl = find_gpadl(chan->vmbus, gpadl_id);
292 if (!gpadl || !gpadl_full(gpadl)) {
293 return NULL;
294 }
295 gpadl->refcount++;
296 return gpadl;
297 }
298
vmbus_put_gpadl(VMBusGpadl * gpadl)299 void vmbus_put_gpadl(VMBusGpadl *gpadl)
300 {
301 if (!gpadl) {
302 return;
303 }
304 if (--gpadl->refcount) {
305 return;
306 }
307 free_gpadl(gpadl);
308 }
309
vmbus_gpadl_len(VMBusGpadl * gpadl)310 uint32_t vmbus_gpadl_len(VMBusGpadl *gpadl)
311 {
312 return gpadl->num_gfns * TARGET_PAGE_SIZE;
313 }
314
gpadl_iter_init(GpadlIter * iter,VMBusGpadl * gpadl,AddressSpace * as,DMADirection dir)315 static void gpadl_iter_init(GpadlIter *iter, VMBusGpadl *gpadl,
316 AddressSpace *as, DMADirection dir)
317 {
318 iter->gpadl = gpadl;
319 iter->as = as;
320 iter->dir = dir;
321 iter->active = false;
322 }
323
gpadl_iter_cache_unmap(GpadlIter * iter)324 static inline void gpadl_iter_cache_unmap(GpadlIter *iter)
325 {
326 uint32_t map_start_in_page = (uintptr_t)iter->map & ~TARGET_PAGE_MASK;
327 uint32_t io_end_in_page = ((iter->last_off - 1) & ~TARGET_PAGE_MASK) + 1;
328
329 /* mapping is only done to do non-zero amount of i/o */
330 assert(iter->last_off > 0);
331 assert(map_start_in_page < io_end_in_page);
332
333 dma_memory_unmap(iter->as, iter->map, TARGET_PAGE_SIZE - map_start_in_page,
334 iter->dir, io_end_in_page - map_start_in_page);
335 }
336
337 /*
338 * Copy exactly @len bytes between the GPADL pointed to by @iter and @buf.
339 * The direction of the copy is determined by @iter->dir.
340 * The caller must ensure the operation overflows neither @buf nor the GPADL
341 * (there's an assert for the latter).
342 * Reuse the currently mapped page in the GPADL if possible.
343 */
gpadl_iter_io(GpadlIter * iter,void * buf,uint32_t len)344 static ssize_t gpadl_iter_io(GpadlIter *iter, void *buf, uint32_t len)
345 {
346 ssize_t ret = len;
347
348 assert(iter->active);
349
350 while (len) {
351 uint32_t off_in_page = iter->off & ~TARGET_PAGE_MASK;
352 uint32_t pgleft = TARGET_PAGE_SIZE - off_in_page;
353 uint32_t cplen = MIN(pgleft, len);
354 void *p;
355
356 /* try to reuse the cached mapping */
357 if (iter->map) {
358 uint32_t map_start_in_page =
359 (uintptr_t)iter->map & ~TARGET_PAGE_MASK;
360 uint32_t off_base = iter->off & ~TARGET_PAGE_MASK;
361 uint32_t mapped_base = (iter->last_off - 1) & ~TARGET_PAGE_MASK;
362 if (off_base != mapped_base || off_in_page < map_start_in_page) {
363 gpadl_iter_cache_unmap(iter);
364 iter->map = NULL;
365 }
366 }
367
368 if (!iter->map) {
369 dma_addr_t maddr;
370 dma_addr_t mlen = pgleft;
371 uint32_t idx = iter->off >> TARGET_PAGE_BITS;
372 assert(idx < iter->gpadl->num_gfns);
373
374 maddr = (iter->gpadl->gfns[idx] << TARGET_PAGE_BITS) | off_in_page;
375
376 iter->map = dma_memory_map(iter->as, maddr, &mlen, iter->dir,
377 MEMTXATTRS_UNSPECIFIED);
378 if (mlen != pgleft) {
379 dma_memory_unmap(iter->as, iter->map, mlen, iter->dir, 0);
380 iter->map = NULL;
381 return -EFAULT;
382 }
383 }
384
385 p = (void *)(uintptr_t)(((uintptr_t)iter->map & TARGET_PAGE_MASK) |
386 off_in_page);
387 if (iter->dir == DMA_DIRECTION_FROM_DEVICE) {
388 memcpy(p, buf, cplen);
389 } else {
390 memcpy(buf, p, cplen);
391 }
392
393 buf += cplen;
394 len -= cplen;
395 iter->off += cplen;
396 iter->last_off = iter->off;
397 }
398
399 return ret;
400 }
401
402 /*
403 * Position the iterator @iter at new offset @new_off.
404 * If this results in the cached mapping being unusable with the new offset,
405 * unmap it.
406 */
gpadl_iter_seek(GpadlIter * iter,uint32_t new_off)407 static inline void gpadl_iter_seek(GpadlIter *iter, uint32_t new_off)
408 {
409 assert(iter->active);
410 iter->off = new_off;
411 }
412
413 /*
414 * Start a series of i/o on the GPADL.
415 * After this i/o and seek operations on @iter become legal.
416 */
gpadl_iter_start_io(GpadlIter * iter)417 static inline void gpadl_iter_start_io(GpadlIter *iter)
418 {
419 assert(!iter->active);
420 /* mapping is cached lazily on i/o */
421 iter->map = NULL;
422 iter->active = true;
423 }
424
425 /*
426 * End the eariler started series of i/o on the GPADL and release the cached
427 * mapping if any.
428 */
gpadl_iter_end_io(GpadlIter * iter)429 static inline void gpadl_iter_end_io(GpadlIter *iter)
430 {
431 assert(iter->active);
432
433 if (iter->map) {
434 gpadl_iter_cache_unmap(iter);
435 }
436
437 iter->active = false;
438 }
439
440 static void vmbus_resched(VMBus *vmbus);
441 static void vmbus_msg_cb(void *data, int status);
442
vmbus_iov_to_gpadl(VMBusChannel * chan,VMBusGpadl * gpadl,uint32_t off,const struct iovec * iov,size_t iov_cnt)443 ssize_t vmbus_iov_to_gpadl(VMBusChannel *chan, VMBusGpadl *gpadl, uint32_t off,
444 const struct iovec *iov, size_t iov_cnt)
445 {
446 GpadlIter iter;
447 size_t i;
448 ssize_t ret = 0;
449
450 gpadl_iter_init(&iter, gpadl, chan->dev->dma_as,
451 DMA_DIRECTION_FROM_DEVICE);
452 gpadl_iter_start_io(&iter);
453 gpadl_iter_seek(&iter, off);
454 for (i = 0; i < iov_cnt; i++) {
455 ret = gpadl_iter_io(&iter, iov[i].iov_base, iov[i].iov_len);
456 if (ret < 0) {
457 goto out;
458 }
459 }
460 out:
461 gpadl_iter_end_io(&iter);
462 return ret;
463 }
464
vmbus_map_sgl(VMBusChanReq * req,DMADirection dir,struct iovec * iov,unsigned iov_cnt,size_t len,size_t off)465 int vmbus_map_sgl(VMBusChanReq *req, DMADirection dir, struct iovec *iov,
466 unsigned iov_cnt, size_t len, size_t off)
467 {
468 int ret_cnt = 0, ret;
469 unsigned i;
470 QEMUSGList *sgl = &req->sgl;
471 ScatterGatherEntry *sg = sgl->sg;
472
473 for (i = 0; i < sgl->nsg; i++) {
474 if (sg[i].len > off) {
475 break;
476 }
477 off -= sg[i].len;
478 }
479 for (; len && i < sgl->nsg; i++) {
480 dma_addr_t mlen = MIN(sg[i].len - off, len);
481 dma_addr_t addr = sg[i].base + off;
482 len -= mlen;
483 off = 0;
484
485 for (; mlen; ret_cnt++) {
486 dma_addr_t l = mlen;
487 dma_addr_t a = addr;
488
489 if (ret_cnt == iov_cnt) {
490 ret = -ENOBUFS;
491 goto err;
492 }
493
494 iov[ret_cnt].iov_base = dma_memory_map(sgl->as, a, &l, dir,
495 MEMTXATTRS_UNSPECIFIED);
496 if (!l) {
497 ret = -EFAULT;
498 goto err;
499 }
500 iov[ret_cnt].iov_len = l;
501 addr += l;
502 mlen -= l;
503 }
504 }
505
506 return ret_cnt;
507 err:
508 vmbus_unmap_sgl(req, dir, iov, ret_cnt, 0);
509 return ret;
510 }
511
vmbus_unmap_sgl(VMBusChanReq * req,DMADirection dir,struct iovec * iov,unsigned iov_cnt,size_t accessed)512 void vmbus_unmap_sgl(VMBusChanReq *req, DMADirection dir, struct iovec *iov,
513 unsigned iov_cnt, size_t accessed)
514 {
515 QEMUSGList *sgl = &req->sgl;
516 unsigned i;
517
518 for (i = 0; i < iov_cnt; i++) {
519 size_t acsd = MIN(accessed, iov[i].iov_len);
520 dma_memory_unmap(sgl->as, iov[i].iov_base, iov[i].iov_len, dir, acsd);
521 accessed -= acsd;
522 }
523 }
524
525 static const VMStateDescription vmstate_gpadl = {
526 .name = "vmbus/gpadl",
527 .version_id = 0,
528 .minimum_version_id = 0,
529 .fields = (const VMStateField[]) {
530 VMSTATE_UINT32(id, VMBusGpadl),
531 VMSTATE_UINT32(child_relid, VMBusGpadl),
532 VMSTATE_UINT32(num_gfns, VMBusGpadl),
533 VMSTATE_UINT32(seen_gfns, VMBusGpadl),
534 VMSTATE_VARRAY_UINT32_ALLOC(gfns, VMBusGpadl, num_gfns, 0,
535 vmstate_info_uint64, uint64_t),
536 VMSTATE_UINT8(state, VMBusGpadl),
537 VMSTATE_END_OF_LIST()
538 }
539 };
540
541 /*
542 * Wrap the index into a ring buffer of @len bytes.
543 * @idx is assumed not to exceed twice the size of the ringbuffer, so only
544 * single wraparound is considered.
545 */
rb_idx_wrap(uint32_t idx,uint32_t len)546 static inline uint32_t rb_idx_wrap(uint32_t idx, uint32_t len)
547 {
548 if (idx >= len) {
549 idx -= len;
550 }
551 return idx;
552 }
553
554 /*
555 * Circular difference between two indices into a ring buffer of @len bytes.
556 * @allow_catchup - whether @idx1 may catch up @idx2; e.g. read index may catch
557 * up write index but not vice versa.
558 */
rb_idx_delta(uint32_t idx1,uint32_t idx2,uint32_t len,bool allow_catchup)559 static inline uint32_t rb_idx_delta(uint32_t idx1, uint32_t idx2, uint32_t len,
560 bool allow_catchup)
561 {
562 return rb_idx_wrap(idx2 + len - idx1 - !allow_catchup, len);
563 }
564
ringbuf_map_hdr(VMBusRingBufCommon * ringbuf)565 static vmbus_ring_buffer *ringbuf_map_hdr(VMBusRingBufCommon *ringbuf)
566 {
567 vmbus_ring_buffer *rb;
568 dma_addr_t mlen = sizeof(*rb);
569
570 rb = dma_memory_map(ringbuf->as, ringbuf->rb_addr, &mlen,
571 DMA_DIRECTION_FROM_DEVICE, MEMTXATTRS_UNSPECIFIED);
572 if (mlen != sizeof(*rb)) {
573 dma_memory_unmap(ringbuf->as, rb, mlen,
574 DMA_DIRECTION_FROM_DEVICE, 0);
575 return NULL;
576 }
577 return rb;
578 }
579
ringbuf_unmap_hdr(VMBusRingBufCommon * ringbuf,vmbus_ring_buffer * rb,bool dirty)580 static void ringbuf_unmap_hdr(VMBusRingBufCommon *ringbuf,
581 vmbus_ring_buffer *rb, bool dirty)
582 {
583 assert(rb);
584
585 dma_memory_unmap(ringbuf->as, rb, sizeof(*rb), DMA_DIRECTION_FROM_DEVICE,
586 dirty ? sizeof(*rb) : 0);
587 }
588
ringbuf_init_common(VMBusRingBufCommon * ringbuf,VMBusGpadl * gpadl,AddressSpace * as,DMADirection dir,uint32_t begin,uint32_t end)589 static void ringbuf_init_common(VMBusRingBufCommon *ringbuf, VMBusGpadl *gpadl,
590 AddressSpace *as, DMADirection dir,
591 uint32_t begin, uint32_t end)
592 {
593 ringbuf->as = as;
594 ringbuf->rb_addr = gpadl->gfns[begin] << TARGET_PAGE_BITS;
595 ringbuf->base = (begin + 1) << TARGET_PAGE_BITS;
596 ringbuf->len = (end - begin - 1) << TARGET_PAGE_BITS;
597 gpadl_iter_init(&ringbuf->iter, gpadl, as, dir);
598 }
599
ringbufs_init(VMBusChannel * chan)600 static int ringbufs_init(VMBusChannel *chan)
601 {
602 vmbus_ring_buffer *rb;
603 VMBusSendRingBuf *send_ringbuf = &chan->send_ringbuf;
604 VMBusRecvRingBuf *recv_ringbuf = &chan->recv_ringbuf;
605
606 if (chan->ringbuf_send_offset <= 1 ||
607 chan->gpadl->num_gfns <= chan->ringbuf_send_offset + 1) {
608 return -EINVAL;
609 }
610
611 ringbuf_init_common(&recv_ringbuf->common, chan->gpadl, chan->dev->dma_as,
612 DMA_DIRECTION_TO_DEVICE, 0, chan->ringbuf_send_offset);
613 ringbuf_init_common(&send_ringbuf->common, chan->gpadl, chan->dev->dma_as,
614 DMA_DIRECTION_FROM_DEVICE, chan->ringbuf_send_offset,
615 chan->gpadl->num_gfns);
616 send_ringbuf->wanted = 0;
617 send_ringbuf->reserved = 0;
618
619 rb = ringbuf_map_hdr(&recv_ringbuf->common);
620 if (!rb) {
621 return -EFAULT;
622 }
623 recv_ringbuf->rd_idx = recv_ringbuf->last_rd_idx = rb->read_index;
624 ringbuf_unmap_hdr(&recv_ringbuf->common, rb, false);
625
626 rb = ringbuf_map_hdr(&send_ringbuf->common);
627 if (!rb) {
628 return -EFAULT;
629 }
630 send_ringbuf->wr_idx = send_ringbuf->last_wr_idx = rb->write_index;
631 send_ringbuf->last_seen_rd_idx = rb->read_index;
632 rb->feature_bits |= VMBUS_RING_BUFFER_FEAT_PENDING_SZ;
633 ringbuf_unmap_hdr(&send_ringbuf->common, rb, true);
634
635 if (recv_ringbuf->rd_idx >= recv_ringbuf->common.len ||
636 send_ringbuf->wr_idx >= send_ringbuf->common.len) {
637 return -EOVERFLOW;
638 }
639
640 return 0;
641 }
642
643 /*
644 * Perform io between the GPADL-backed ringbuffer @ringbuf and @buf, wrapping
645 * around if needed.
646 * @len is assumed not to exceed the size of the ringbuffer, so only single
647 * wraparound is considered.
648 */
ringbuf_io(VMBusRingBufCommon * ringbuf,void * buf,uint32_t len)649 static ssize_t ringbuf_io(VMBusRingBufCommon *ringbuf, void *buf, uint32_t len)
650 {
651 ssize_t ret1 = 0, ret2 = 0;
652 uint32_t remain = ringbuf->len + ringbuf->base - ringbuf->iter.off;
653
654 if (len >= remain) {
655 ret1 = gpadl_iter_io(&ringbuf->iter, buf, remain);
656 if (ret1 < 0) {
657 return ret1;
658 }
659 gpadl_iter_seek(&ringbuf->iter, ringbuf->base);
660 buf += remain;
661 len -= remain;
662 }
663 ret2 = gpadl_iter_io(&ringbuf->iter, buf, len);
664 if (ret2 < 0) {
665 return ret2;
666 }
667 return ret1 + ret2;
668 }
669
670 /*
671 * Position the circular iterator within @ringbuf to offset @new_off, wrapping
672 * around if needed.
673 * @new_off is assumed not to exceed twice the size of the ringbuffer, so only
674 * single wraparound is considered.
675 */
ringbuf_seek(VMBusRingBufCommon * ringbuf,uint32_t new_off)676 static inline void ringbuf_seek(VMBusRingBufCommon *ringbuf, uint32_t new_off)
677 {
678 gpadl_iter_seek(&ringbuf->iter,
679 ringbuf->base + rb_idx_wrap(new_off, ringbuf->len));
680 }
681
ringbuf_tell(VMBusRingBufCommon * ringbuf)682 static inline uint32_t ringbuf_tell(VMBusRingBufCommon *ringbuf)
683 {
684 return ringbuf->iter.off - ringbuf->base;
685 }
686
ringbuf_start_io(VMBusRingBufCommon * ringbuf)687 static inline void ringbuf_start_io(VMBusRingBufCommon *ringbuf)
688 {
689 gpadl_iter_start_io(&ringbuf->iter);
690 }
691
ringbuf_end_io(VMBusRingBufCommon * ringbuf)692 static inline void ringbuf_end_io(VMBusRingBufCommon *ringbuf)
693 {
694 gpadl_iter_end_io(&ringbuf->iter);
695 }
696
vmbus_channel_device(VMBusChannel * chan)697 VMBusDevice *vmbus_channel_device(VMBusChannel *chan)
698 {
699 return chan->dev;
700 }
701
vmbus_device_channel(VMBusDevice * dev,uint32_t chan_idx)702 VMBusChannel *vmbus_device_channel(VMBusDevice *dev, uint32_t chan_idx)
703 {
704 if (chan_idx >= dev->num_channels) {
705 return NULL;
706 }
707 return &dev->channels[chan_idx];
708 }
709
vmbus_channel_idx(VMBusChannel * chan)710 uint32_t vmbus_channel_idx(VMBusChannel *chan)
711 {
712 return chan - chan->dev->channels;
713 }
714
vmbus_channel_notify_host(VMBusChannel * chan)715 void vmbus_channel_notify_host(VMBusChannel *chan)
716 {
717 event_notifier_set(&chan->notifier);
718 }
719
vmbus_channel_is_open(VMBusChannel * chan)720 bool vmbus_channel_is_open(VMBusChannel *chan)
721 {
722 return chan->is_open;
723 }
724
725 /*
726 * Notify the guest side about the data to work on in the channel ring buffer.
727 * The notification is done by signaling a dedicated per-channel SynIC event
728 * flag (more recent guests) or setting a bit in the interrupt page and firing
729 * the VMBus SINT (older guests).
730 */
vmbus_channel_notify_guest(VMBusChannel * chan)731 static int vmbus_channel_notify_guest(VMBusChannel *chan)
732 {
733 int res = 0;
734 unsigned long *int_map, mask;
735 unsigned idx;
736 hwaddr addr = chan->vmbus->int_page_gpa;
737 hwaddr len = TARGET_PAGE_SIZE / 2, dirty = 0;
738
739 trace_vmbus_channel_notify_guest(chan->id);
740
741 if (!addr) {
742 return hyperv_set_event_flag(chan->notify_route, chan->id);
743 }
744
745 int_map = cpu_physical_memory_map(addr, &len, 1);
746 if (len != TARGET_PAGE_SIZE / 2) {
747 res = -ENXIO;
748 goto unmap;
749 }
750
751 idx = BIT_WORD(chan->id);
752 mask = BIT_MASK(chan->id);
753 if ((qatomic_fetch_or(&int_map[idx], mask) & mask) != mask) {
754 res = hyperv_sint_route_set_sint(chan->notify_route);
755 dirty = len;
756 }
757
758 unmap:
759 cpu_physical_memory_unmap(int_map, len, 1, dirty);
760 return res;
761 }
762
763 #define VMBUS_PKT_TRAILER sizeof(uint64_t)
764
vmbus_pkt_hdr_set_offsets(vmbus_packet_hdr * hdr,uint32_t desclen,uint32_t msglen)765 static uint32_t vmbus_pkt_hdr_set_offsets(vmbus_packet_hdr *hdr,
766 uint32_t desclen, uint32_t msglen)
767 {
768 hdr->offset_qwords = sizeof(*hdr) / sizeof(uint64_t) +
769 DIV_ROUND_UP(desclen, sizeof(uint64_t));
770 hdr->len_qwords = hdr->offset_qwords +
771 DIV_ROUND_UP(msglen, sizeof(uint64_t));
772 return hdr->len_qwords * sizeof(uint64_t) + VMBUS_PKT_TRAILER;
773 }
774
775 /*
776 * Simplified ring buffer operation with paired barriers annotations in the
777 * producer and consumer loops:
778 *
779 * producer * consumer
780 * ~~~~~~~~ * ~~~~~~~~
781 * write pending_send_sz * read write_index
782 * smp_mb [A] * smp_mb [C]
783 * read read_index * read packet
784 * smp_mb [B] * read/write out-of-band data
785 * read/write out-of-band data * smp_mb [B]
786 * write packet * write read_index
787 * smp_mb [C] * smp_mb [A]
788 * write write_index * read pending_send_sz
789 * smp_wmb [D] * smp_rmb [D]
790 * write pending_send_sz * read write_index
791 * ... * ...
792 */
793
ringbuf_send_avail(VMBusSendRingBuf * ringbuf)794 static inline uint32_t ringbuf_send_avail(VMBusSendRingBuf *ringbuf)
795 {
796 /* don't trust guest data */
797 if (ringbuf->last_seen_rd_idx >= ringbuf->common.len) {
798 return 0;
799 }
800 return rb_idx_delta(ringbuf->wr_idx, ringbuf->last_seen_rd_idx,
801 ringbuf->common.len, false);
802 }
803
ringbuf_send_update_idx(VMBusChannel * chan)804 static ssize_t ringbuf_send_update_idx(VMBusChannel *chan)
805 {
806 VMBusSendRingBuf *ringbuf = &chan->send_ringbuf;
807 vmbus_ring_buffer *rb;
808 uint32_t written;
809
810 written = rb_idx_delta(ringbuf->last_wr_idx, ringbuf->wr_idx,
811 ringbuf->common.len, true);
812 if (!written) {
813 return 0;
814 }
815
816 rb = ringbuf_map_hdr(&ringbuf->common);
817 if (!rb) {
818 return -EFAULT;
819 }
820
821 ringbuf->reserved -= written;
822
823 /* prevent reorder with the data operation and packet write */
824 smp_mb(); /* barrier pair [C] */
825 rb->write_index = ringbuf->wr_idx;
826
827 /*
828 * If the producer earlier indicated that it wants to be notified when the
829 * consumer frees certain amount of space in the ring buffer, that amount
830 * is reduced by the size of the completed write.
831 */
832 if (ringbuf->wanted) {
833 /* otherwise reservation would fail */
834 assert(ringbuf->wanted < written);
835 ringbuf->wanted -= written;
836 /* prevent reorder with write_index write */
837 smp_wmb(); /* barrier pair [D] */
838 rb->pending_send_sz = ringbuf->wanted;
839 }
840
841 /* prevent reorder with write_index or pending_send_sz write */
842 smp_mb(); /* barrier pair [A] */
843 ringbuf->last_seen_rd_idx = rb->read_index;
844
845 /*
846 * The consumer may have missed the reduction of pending_send_sz and skip
847 * notification, so re-check the blocking condition, and, if it's no longer
848 * true, ensure processing another iteration by simulating consumer's
849 * notification.
850 */
851 if (ringbuf_send_avail(ringbuf) >= ringbuf->wanted) {
852 vmbus_channel_notify_host(chan);
853 }
854
855 /* skip notification by consumer's request */
856 if (rb->interrupt_mask) {
857 goto out;
858 }
859
860 /*
861 * The consumer hasn't caught up with the producer's previous state so it's
862 * not blocked.
863 * (last_seen_rd_idx comes from the guest but it's safe to use w/o
864 * validation here as it only affects notification.)
865 */
866 if (rb_idx_delta(ringbuf->last_seen_rd_idx, ringbuf->wr_idx,
867 ringbuf->common.len, true) > written) {
868 goto out;
869 }
870
871 vmbus_channel_notify_guest(chan);
872 out:
873 ringbuf_unmap_hdr(&ringbuf->common, rb, true);
874 ringbuf->last_wr_idx = ringbuf->wr_idx;
875 return written;
876 }
877
vmbus_channel_reserve(VMBusChannel * chan,uint32_t desclen,uint32_t msglen)878 int vmbus_channel_reserve(VMBusChannel *chan,
879 uint32_t desclen, uint32_t msglen)
880 {
881 VMBusSendRingBuf *ringbuf = &chan->send_ringbuf;
882 vmbus_ring_buffer *rb = NULL;
883 vmbus_packet_hdr hdr;
884 uint32_t needed = ringbuf->reserved +
885 vmbus_pkt_hdr_set_offsets(&hdr, desclen, msglen);
886
887 /* avoid touching the guest memory if possible */
888 if (likely(needed <= ringbuf_send_avail(ringbuf))) {
889 goto success;
890 }
891
892 rb = ringbuf_map_hdr(&ringbuf->common);
893 if (!rb) {
894 return -EFAULT;
895 }
896
897 /* fetch read index from guest memory and try again */
898 ringbuf->last_seen_rd_idx = rb->read_index;
899
900 if (likely(needed <= ringbuf_send_avail(ringbuf))) {
901 goto success;
902 }
903
904 rb->pending_send_sz = needed;
905
906 /*
907 * The consumer may have made progress and freed up some space before
908 * seeing updated pending_send_sz, so re-read read_index (preventing
909 * reorder with the pending_send_sz write) and try again.
910 */
911 smp_mb(); /* barrier pair [A] */
912 ringbuf->last_seen_rd_idx = rb->read_index;
913
914 if (needed > ringbuf_send_avail(ringbuf)) {
915 goto out;
916 }
917
918 success:
919 ringbuf->reserved = needed;
920 needed = 0;
921
922 /* clear pending_send_sz if it was set */
923 if (ringbuf->wanted) {
924 if (!rb) {
925 rb = ringbuf_map_hdr(&ringbuf->common);
926 if (!rb) {
927 /* failure to clear pending_send_sz is non-fatal */
928 goto out;
929 }
930 }
931
932 rb->pending_send_sz = 0;
933 }
934
935 /* prevent reorder of the following data operation with read_index read */
936 smp_mb(); /* barrier pair [B] */
937
938 out:
939 if (rb) {
940 ringbuf_unmap_hdr(&ringbuf->common, rb, ringbuf->wanted == needed);
941 }
942 ringbuf->wanted = needed;
943 return needed ? -ENOSPC : 0;
944 }
945
vmbus_channel_send(VMBusChannel * chan,uint16_t pkt_type,void * desc,uint32_t desclen,void * msg,uint32_t msglen,bool need_comp,uint64_t transaction_id)946 ssize_t vmbus_channel_send(VMBusChannel *chan, uint16_t pkt_type,
947 void *desc, uint32_t desclen,
948 void *msg, uint32_t msglen,
949 bool need_comp, uint64_t transaction_id)
950 {
951 ssize_t ret = 0;
952 vmbus_packet_hdr hdr;
953 uint32_t totlen;
954 VMBusSendRingBuf *ringbuf = &chan->send_ringbuf;
955
956 if (!vmbus_channel_is_open(chan)) {
957 return -EINVAL;
958 }
959
960 totlen = vmbus_pkt_hdr_set_offsets(&hdr, desclen, msglen);
961 hdr.type = pkt_type;
962 hdr.flags = need_comp ? VMBUS_PACKET_FLAG_REQUEST_COMPLETION : 0;
963 hdr.transaction_id = transaction_id;
964
965 assert(totlen <= ringbuf->reserved);
966
967 ringbuf_start_io(&ringbuf->common);
968 ringbuf_seek(&ringbuf->common, ringbuf->wr_idx);
969 ret = ringbuf_io(&ringbuf->common, &hdr, sizeof(hdr));
970 if (ret < 0) {
971 goto out;
972 }
973 if (desclen) {
974 assert(desc);
975 ret = ringbuf_io(&ringbuf->common, desc, desclen);
976 if (ret < 0) {
977 goto out;
978 }
979 ringbuf_seek(&ringbuf->common,
980 ringbuf->wr_idx + hdr.offset_qwords * sizeof(uint64_t));
981 }
982 ret = ringbuf_io(&ringbuf->common, msg, msglen);
983 if (ret < 0) {
984 goto out;
985 }
986 ringbuf_seek(&ringbuf->common, ringbuf->wr_idx + totlen);
987 ringbuf->wr_idx = ringbuf_tell(&ringbuf->common);
988 ret = 0;
989 out:
990 ringbuf_end_io(&ringbuf->common);
991 if (ret) {
992 return ret;
993 }
994 return ringbuf_send_update_idx(chan);
995 }
996
vmbus_channel_send_completion(VMBusChanReq * req,void * msg,uint32_t msglen)997 ssize_t vmbus_channel_send_completion(VMBusChanReq *req,
998 void *msg, uint32_t msglen)
999 {
1000 assert(req->need_comp);
1001 return vmbus_channel_send(req->chan, VMBUS_PACKET_COMP, NULL, 0,
1002 msg, msglen, false, req->transaction_id);
1003 }
1004
sgl_from_gpa_ranges(QEMUSGList * sgl,VMBusDevice * dev,VMBusRingBufCommon * ringbuf,uint32_t len)1005 static int sgl_from_gpa_ranges(QEMUSGList *sgl, VMBusDevice *dev,
1006 VMBusRingBufCommon *ringbuf, uint32_t len)
1007 {
1008 int ret;
1009 vmbus_pkt_gpa_direct hdr;
1010 hwaddr curaddr = 0;
1011 hwaddr curlen = 0;
1012 int num;
1013
1014 if (len < sizeof(hdr)) {
1015 return -EIO;
1016 }
1017 ret = ringbuf_io(ringbuf, &hdr, sizeof(hdr));
1018 if (ret < 0) {
1019 return ret;
1020 }
1021 len -= sizeof(hdr);
1022
1023 num = (len - hdr.rangecount * sizeof(vmbus_gpa_range)) / sizeof(uint64_t);
1024 if (num < 0) {
1025 return -EIO;
1026 }
1027 qemu_sglist_init(sgl, DEVICE(dev), num, ringbuf->as);
1028
1029 for (; hdr.rangecount; hdr.rangecount--) {
1030 vmbus_gpa_range range;
1031
1032 if (len < sizeof(range)) {
1033 goto eio;
1034 }
1035 ret = ringbuf_io(ringbuf, &range, sizeof(range));
1036 if (ret < 0) {
1037 goto err;
1038 }
1039 len -= sizeof(range);
1040
1041 if (range.byte_offset & TARGET_PAGE_MASK) {
1042 goto eio;
1043 }
1044
1045 for (; range.byte_count; range.byte_offset = 0) {
1046 uint64_t paddr;
1047 uint32_t plen = MIN(range.byte_count,
1048 TARGET_PAGE_SIZE - range.byte_offset);
1049
1050 if (len < sizeof(uint64_t)) {
1051 goto eio;
1052 }
1053 ret = ringbuf_io(ringbuf, &paddr, sizeof(paddr));
1054 if (ret < 0) {
1055 goto err;
1056 }
1057 len -= sizeof(uint64_t);
1058 paddr <<= TARGET_PAGE_BITS;
1059 paddr |= range.byte_offset;
1060 range.byte_count -= plen;
1061
1062 if (curaddr + curlen == paddr) {
1063 /* consecutive fragments - join */
1064 curlen += plen;
1065 } else {
1066 if (curlen) {
1067 qemu_sglist_add(sgl, curaddr, curlen);
1068 }
1069
1070 curaddr = paddr;
1071 curlen = plen;
1072 }
1073 }
1074 }
1075
1076 if (curlen) {
1077 qemu_sglist_add(sgl, curaddr, curlen);
1078 }
1079
1080 return 0;
1081 eio:
1082 ret = -EIO;
1083 err:
1084 qemu_sglist_destroy(sgl);
1085 return ret;
1086 }
1087
vmbus_alloc_req(VMBusChannel * chan,uint32_t size,uint16_t pkt_type,uint32_t msglen,uint64_t transaction_id,bool need_comp)1088 static VMBusChanReq *vmbus_alloc_req(VMBusChannel *chan,
1089 uint32_t size, uint16_t pkt_type,
1090 uint32_t msglen, uint64_t transaction_id,
1091 bool need_comp)
1092 {
1093 VMBusChanReq *req;
1094 uint32_t msgoff = QEMU_ALIGN_UP(size, __alignof__(*req->msg));
1095 uint32_t totlen = msgoff + msglen;
1096
1097 req = g_malloc0(totlen);
1098 req->chan = chan;
1099 req->pkt_type = pkt_type;
1100 req->msg = (void *)req + msgoff;
1101 req->msglen = msglen;
1102 req->transaction_id = transaction_id;
1103 req->need_comp = need_comp;
1104 return req;
1105 }
1106
vmbus_channel_recv_start(VMBusChannel * chan)1107 int vmbus_channel_recv_start(VMBusChannel *chan)
1108 {
1109 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1110 vmbus_ring_buffer *rb;
1111
1112 rb = ringbuf_map_hdr(&ringbuf->common);
1113 if (!rb) {
1114 return -EFAULT;
1115 }
1116 ringbuf->last_seen_wr_idx = rb->write_index;
1117 ringbuf_unmap_hdr(&ringbuf->common, rb, false);
1118
1119 if (ringbuf->last_seen_wr_idx >= ringbuf->common.len) {
1120 return -EOVERFLOW;
1121 }
1122
1123 /* prevent reorder of the following data operation with write_index read */
1124 smp_mb(); /* barrier pair [C] */
1125 return 0;
1126 }
1127
vmbus_channel_recv_peek(VMBusChannel * chan,uint32_t size)1128 void *vmbus_channel_recv_peek(VMBusChannel *chan, uint32_t size)
1129 {
1130 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1131 vmbus_packet_hdr hdr = {};
1132 VMBusChanReq *req;
1133 uint32_t avail;
1134 uint32_t totlen, pktlen, msglen, msgoff, desclen;
1135
1136 assert(size >= sizeof(*req));
1137
1138 /* safe as last_seen_wr_idx is validated in vmbus_channel_recv_start */
1139 avail = rb_idx_delta(ringbuf->rd_idx, ringbuf->last_seen_wr_idx,
1140 ringbuf->common.len, true);
1141 if (avail < sizeof(hdr)) {
1142 return NULL;
1143 }
1144
1145 ringbuf_seek(&ringbuf->common, ringbuf->rd_idx);
1146 if (ringbuf_io(&ringbuf->common, &hdr, sizeof(hdr)) < 0) {
1147 return NULL;
1148 }
1149
1150 pktlen = hdr.len_qwords * sizeof(uint64_t);
1151 totlen = pktlen + VMBUS_PKT_TRAILER;
1152 if (totlen > avail) {
1153 return NULL;
1154 }
1155
1156 msgoff = hdr.offset_qwords * sizeof(uint64_t);
1157 if (msgoff > pktlen || msgoff < sizeof(hdr)) {
1158 error_report("%s: malformed packet: %u %u", __func__, msgoff, pktlen);
1159 return NULL;
1160 }
1161
1162 msglen = pktlen - msgoff;
1163
1164 req = vmbus_alloc_req(chan, size, hdr.type, msglen, hdr.transaction_id,
1165 hdr.flags & VMBUS_PACKET_FLAG_REQUEST_COMPLETION);
1166
1167 switch (hdr.type) {
1168 case VMBUS_PACKET_DATA_USING_GPA_DIRECT:
1169 desclen = msgoff - sizeof(hdr);
1170 if (sgl_from_gpa_ranges(&req->sgl, chan->dev, &ringbuf->common,
1171 desclen) < 0) {
1172 error_report("%s: failed to convert GPA ranges to SGL", __func__);
1173 goto free_req;
1174 }
1175 break;
1176 case VMBUS_PACKET_DATA_INBAND:
1177 case VMBUS_PACKET_COMP:
1178 break;
1179 default:
1180 error_report("%s: unexpected msg type: %x", __func__, hdr.type);
1181 goto free_req;
1182 }
1183
1184 ringbuf_seek(&ringbuf->common, ringbuf->rd_idx + msgoff);
1185 if (ringbuf_io(&ringbuf->common, req->msg, msglen) < 0) {
1186 goto free_req;
1187 }
1188 ringbuf_seek(&ringbuf->common, ringbuf->rd_idx + totlen);
1189
1190 return req;
1191 free_req:
1192 vmbus_free_req(req);
1193 return NULL;
1194 }
1195
vmbus_channel_recv_pop(VMBusChannel * chan)1196 void vmbus_channel_recv_pop(VMBusChannel *chan)
1197 {
1198 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1199 ringbuf->rd_idx = ringbuf_tell(&ringbuf->common);
1200 }
1201
vmbus_channel_recv_done(VMBusChannel * chan)1202 ssize_t vmbus_channel_recv_done(VMBusChannel *chan)
1203 {
1204 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1205 vmbus_ring_buffer *rb;
1206 uint32_t read;
1207
1208 read = rb_idx_delta(ringbuf->last_rd_idx, ringbuf->rd_idx,
1209 ringbuf->common.len, true);
1210 if (!read) {
1211 return 0;
1212 }
1213
1214 rb = ringbuf_map_hdr(&ringbuf->common);
1215 if (!rb) {
1216 return -EFAULT;
1217 }
1218
1219 /* prevent reorder with the data operation and packet read */
1220 smp_mb(); /* barrier pair [B] */
1221 rb->read_index = ringbuf->rd_idx;
1222
1223 /* prevent reorder of the following pending_send_sz read */
1224 smp_mb(); /* barrier pair [A] */
1225
1226 if (rb->interrupt_mask) {
1227 goto out;
1228 }
1229
1230 if (rb->feature_bits & VMBUS_RING_BUFFER_FEAT_PENDING_SZ) {
1231 uint32_t wr_idx, wr_avail;
1232 uint32_t wanted = rb->pending_send_sz;
1233
1234 if (!wanted) {
1235 goto out;
1236 }
1237
1238 /* prevent reorder with pending_send_sz read */
1239 smp_rmb(); /* barrier pair [D] */
1240 wr_idx = rb->write_index;
1241
1242 wr_avail = rb_idx_delta(wr_idx, ringbuf->rd_idx, ringbuf->common.len,
1243 true);
1244
1245 /* the producer wasn't blocked on the consumer state */
1246 if (wr_avail >= read + wanted) {
1247 goto out;
1248 }
1249 /* there's not enough space for the producer to make progress */
1250 if (wr_avail < wanted) {
1251 goto out;
1252 }
1253 }
1254
1255 vmbus_channel_notify_guest(chan);
1256 out:
1257 ringbuf_unmap_hdr(&ringbuf->common, rb, true);
1258 ringbuf->last_rd_idx = ringbuf->rd_idx;
1259 return read;
1260 }
1261
vmbus_free_req(void * req)1262 void vmbus_free_req(void *req)
1263 {
1264 VMBusChanReq *r = req;
1265
1266 if (!req) {
1267 return;
1268 }
1269
1270 if (r->sgl.dev) {
1271 qemu_sglist_destroy(&r->sgl);
1272 }
1273 g_free(req);
1274 }
1275
channel_event_cb(EventNotifier * e)1276 static void channel_event_cb(EventNotifier *e)
1277 {
1278 VMBusChannel *chan = container_of(e, VMBusChannel, notifier);
1279 if (event_notifier_test_and_clear(e)) {
1280 /*
1281 * All receives are supposed to happen within the device worker, so
1282 * bracket it with ringbuf_start/end_io on the receive ringbuffer, and
1283 * potentially reuse the cached mapping throughout the worker.
1284 * Can't do this for sends as they may happen outside the device
1285 * worker.
1286 */
1287 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1288 ringbuf_start_io(&ringbuf->common);
1289 chan->notify_cb(chan);
1290 ringbuf_end_io(&ringbuf->common);
1291
1292 }
1293 }
1294
alloc_chan_id(VMBus * vmbus)1295 static int alloc_chan_id(VMBus *vmbus)
1296 {
1297 int ret;
1298
1299 ret = find_next_zero_bit(vmbus->chanid_bitmap, VMBUS_CHANID_COUNT, 0);
1300 if (ret == VMBUS_CHANID_COUNT) {
1301 return -ENOMEM;
1302 }
1303 return ret + VMBUS_FIRST_CHANID;
1304 }
1305
register_chan_id(VMBusChannel * chan)1306 static int register_chan_id(VMBusChannel *chan)
1307 {
1308 return test_and_set_bit(chan->id - VMBUS_FIRST_CHANID,
1309 chan->vmbus->chanid_bitmap) ? -EEXIST : 0;
1310 }
1311
unregister_chan_id(VMBusChannel * chan)1312 static void unregister_chan_id(VMBusChannel *chan)
1313 {
1314 clear_bit(chan->id - VMBUS_FIRST_CHANID, chan->vmbus->chanid_bitmap);
1315 }
1316
chan_connection_id(VMBusChannel * chan)1317 static uint32_t chan_connection_id(VMBusChannel *chan)
1318 {
1319 return VMBUS_CHAN_CONNECTION_OFFSET + chan->id;
1320 }
1321
init_channel(VMBus * vmbus,VMBusDevice * dev,VMBusDeviceClass * vdc,VMBusChannel * chan,uint16_t idx,Error ** errp)1322 static void init_channel(VMBus *vmbus, VMBusDevice *dev, VMBusDeviceClass *vdc,
1323 VMBusChannel *chan, uint16_t idx, Error **errp)
1324 {
1325 int res;
1326
1327 chan->dev = dev;
1328 chan->notify_cb = vdc->chan_notify_cb;
1329 chan->subchan_idx = idx;
1330 chan->vmbus = vmbus;
1331
1332 res = alloc_chan_id(vmbus);
1333 if (res < 0) {
1334 error_setg(errp, "no spare channel id");
1335 return;
1336 }
1337 chan->id = res;
1338 register_chan_id(chan);
1339
1340 /*
1341 * The guest drivers depend on the device subchannels (idx #1+) to be
1342 * offered after the primary channel (idx #0) of that device. To ensure
1343 * that, record the channels on the channel list in the order they appear
1344 * within the device.
1345 */
1346 QTAILQ_INSERT_TAIL(&vmbus->channel_list, chan, link);
1347 }
1348
deinit_channel(VMBusChannel * chan)1349 static void deinit_channel(VMBusChannel *chan)
1350 {
1351 assert(chan->state == VMCHAN_INIT);
1352 QTAILQ_REMOVE(&chan->vmbus->channel_list, chan, link);
1353 unregister_chan_id(chan);
1354 }
1355
create_channels(VMBus * vmbus,VMBusDevice * dev,Error ** errp)1356 static void create_channels(VMBus *vmbus, VMBusDevice *dev, Error **errp)
1357 {
1358 uint16_t i;
1359 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(dev);
1360 Error *err = NULL;
1361
1362 dev->num_channels = vdc->num_channels ? vdc->num_channels(dev) : 1;
1363 if (dev->num_channels < 1) {
1364 error_setg(errp, "invalid #channels: %u", dev->num_channels);
1365 return;
1366 }
1367
1368 dev->channels = g_new0(VMBusChannel, dev->num_channels);
1369 for (i = 0; i < dev->num_channels; i++) {
1370 init_channel(vmbus, dev, vdc, &dev->channels[i], i, &err);
1371 if (err) {
1372 goto err_init;
1373 }
1374 }
1375
1376 return;
1377
1378 err_init:
1379 while (i--) {
1380 deinit_channel(&dev->channels[i]);
1381 }
1382 error_propagate(errp, err);
1383 }
1384
free_channels(VMBusDevice * dev)1385 static void free_channels(VMBusDevice *dev)
1386 {
1387 uint16_t i;
1388 for (i = 0; i < dev->num_channels; i++) {
1389 deinit_channel(&dev->channels[i]);
1390 }
1391 g_free(dev->channels);
1392 }
1393
make_sint_route(VMBus * vmbus,uint32_t vp_index)1394 static HvSintRoute *make_sint_route(VMBus *vmbus, uint32_t vp_index)
1395 {
1396 VMBusChannel *chan;
1397
1398 if (vp_index == vmbus->target_vp) {
1399 hyperv_sint_route_ref(vmbus->sint_route);
1400 return vmbus->sint_route;
1401 }
1402
1403 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1404 if (chan->target_vp == vp_index && vmbus_channel_is_open(chan)) {
1405 hyperv_sint_route_ref(chan->notify_route);
1406 return chan->notify_route;
1407 }
1408 }
1409
1410 return hyperv_sint_route_new(vp_index, VMBUS_SINT, NULL, NULL);
1411 }
1412
open_channel(VMBusChannel * chan)1413 static void open_channel(VMBusChannel *chan)
1414 {
1415 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(chan->dev);
1416
1417 chan->gpadl = vmbus_get_gpadl(chan, chan->ringbuf_gpadl);
1418 if (!chan->gpadl) {
1419 return;
1420 }
1421
1422 if (ringbufs_init(chan)) {
1423 goto put_gpadl;
1424 }
1425
1426 if (event_notifier_init(&chan->notifier, 0)) {
1427 goto put_gpadl;
1428 }
1429
1430 event_notifier_set_handler(&chan->notifier, channel_event_cb);
1431
1432 if (hyperv_set_event_flag_handler(chan_connection_id(chan),
1433 &chan->notifier)) {
1434 goto cleanup_notifier;
1435 }
1436
1437 chan->notify_route = make_sint_route(chan->vmbus, chan->target_vp);
1438 if (!chan->notify_route) {
1439 goto clear_event_flag_handler;
1440 }
1441
1442 if (vdc->open_channel && vdc->open_channel(chan)) {
1443 goto unref_sint_route;
1444 }
1445
1446 chan->is_open = true;
1447 return;
1448
1449 unref_sint_route:
1450 hyperv_sint_route_unref(chan->notify_route);
1451 clear_event_flag_handler:
1452 hyperv_set_event_flag_handler(chan_connection_id(chan), NULL);
1453 cleanup_notifier:
1454 event_notifier_set_handler(&chan->notifier, NULL);
1455 event_notifier_cleanup(&chan->notifier);
1456 put_gpadl:
1457 vmbus_put_gpadl(chan->gpadl);
1458 }
1459
close_channel(VMBusChannel * chan)1460 static void close_channel(VMBusChannel *chan)
1461 {
1462 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(chan->dev);
1463
1464 if (!chan->is_open) {
1465 return;
1466 }
1467
1468 if (vdc->close_channel) {
1469 vdc->close_channel(chan);
1470 }
1471
1472 hyperv_sint_route_unref(chan->notify_route);
1473 hyperv_set_event_flag_handler(chan_connection_id(chan), NULL);
1474 event_notifier_set_handler(&chan->notifier, NULL);
1475 event_notifier_cleanup(&chan->notifier);
1476 vmbus_put_gpadl(chan->gpadl);
1477 chan->is_open = false;
1478 }
1479
channel_post_load(void * opaque,int version_id)1480 static int channel_post_load(void *opaque, int version_id)
1481 {
1482 VMBusChannel *chan = opaque;
1483
1484 return register_chan_id(chan);
1485 }
1486
1487 static const VMStateDescription vmstate_channel = {
1488 .name = "vmbus/channel",
1489 .version_id = 0,
1490 .minimum_version_id = 0,
1491 .post_load = channel_post_load,
1492 .fields = (const VMStateField[]) {
1493 VMSTATE_UINT32(id, VMBusChannel),
1494 VMSTATE_UINT16(subchan_idx, VMBusChannel),
1495 VMSTATE_UINT32(open_id, VMBusChannel),
1496 VMSTATE_UINT32(target_vp, VMBusChannel),
1497 VMSTATE_UINT32(ringbuf_gpadl, VMBusChannel),
1498 VMSTATE_UINT32(ringbuf_send_offset, VMBusChannel),
1499 VMSTATE_UINT8(offer_state, VMBusChannel),
1500 VMSTATE_UINT8(state, VMBusChannel),
1501 VMSTATE_END_OF_LIST()
1502 }
1503 };
1504
find_channel(VMBus * vmbus,uint32_t id)1505 static VMBusChannel *find_channel(VMBus *vmbus, uint32_t id)
1506 {
1507 VMBusChannel *chan;
1508 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1509 if (chan->id == id) {
1510 return chan;
1511 }
1512 }
1513 return NULL;
1514 }
1515
enqueue_incoming_message(VMBus * vmbus,const struct hyperv_post_message_input * msg)1516 static int enqueue_incoming_message(VMBus *vmbus,
1517 const struct hyperv_post_message_input *msg)
1518 {
1519 int ret = 0;
1520 uint8_t idx, prev_size;
1521
1522 qemu_mutex_lock(&vmbus->rx_queue_lock);
1523
1524 if (vmbus->rx_queue_size == HV_MSG_QUEUE_LEN) {
1525 ret = -ENOBUFS;
1526 goto out;
1527 }
1528
1529 prev_size = vmbus->rx_queue_size;
1530 idx = (vmbus->rx_queue_head + vmbus->rx_queue_size) % HV_MSG_QUEUE_LEN;
1531 memcpy(&vmbus->rx_queue[idx], msg, sizeof(*msg));
1532 vmbus->rx_queue_size++;
1533
1534 /* only need to resched if the queue was empty before */
1535 if (!prev_size) {
1536 vmbus_resched(vmbus);
1537 }
1538 out:
1539 qemu_mutex_unlock(&vmbus->rx_queue_lock);
1540 return ret;
1541 }
1542
vmbus_recv_message(const struct hyperv_post_message_input * msg,void * data)1543 static uint16_t vmbus_recv_message(const struct hyperv_post_message_input *msg,
1544 void *data)
1545 {
1546 VMBus *vmbus = data;
1547 struct vmbus_message_header *vmbus_msg;
1548
1549 if (msg->message_type != HV_MESSAGE_VMBUS) {
1550 return HV_STATUS_INVALID_HYPERCALL_INPUT;
1551 }
1552
1553 if (msg->payload_size < sizeof(struct vmbus_message_header)) {
1554 return HV_STATUS_INVALID_HYPERCALL_INPUT;
1555 }
1556
1557 vmbus_msg = (struct vmbus_message_header *)msg->payload;
1558
1559 trace_vmbus_recv_message(vmbus_msg->message_type, msg->payload_size);
1560
1561 if (vmbus_msg->message_type == VMBUS_MSG_INVALID ||
1562 vmbus_msg->message_type >= VMBUS_MSG_COUNT) {
1563 error_report("vmbus: unknown message type %#x",
1564 vmbus_msg->message_type);
1565 return HV_STATUS_INVALID_HYPERCALL_INPUT;
1566 }
1567
1568 if (enqueue_incoming_message(vmbus, msg)) {
1569 return HV_STATUS_INSUFFICIENT_BUFFERS;
1570 }
1571 return HV_STATUS_SUCCESS;
1572 }
1573
vmbus_initialized(VMBus * vmbus)1574 static bool vmbus_initialized(VMBus *vmbus)
1575 {
1576 return vmbus->version > 0 && vmbus->version <= VMBUS_VERSION_CURRENT;
1577 }
1578
vmbus_reset_all(VMBus * vmbus)1579 static void vmbus_reset_all(VMBus *vmbus)
1580 {
1581 bus_cold_reset(BUS(vmbus));
1582 }
1583
post_msg(VMBus * vmbus,void * msgdata,uint32_t msglen)1584 static void post_msg(VMBus *vmbus, void *msgdata, uint32_t msglen)
1585 {
1586 int ret;
1587 struct hyperv_message msg = {
1588 .header.message_type = HV_MESSAGE_VMBUS,
1589 };
1590
1591 assert(!vmbus->msg_in_progress);
1592 assert(msglen <= sizeof(msg.payload));
1593 assert(msglen >= sizeof(struct vmbus_message_header));
1594
1595 vmbus->msg_in_progress = true;
1596
1597 trace_vmbus_post_msg(((struct vmbus_message_header *)msgdata)->message_type,
1598 msglen);
1599
1600 memcpy(msg.payload, msgdata, msglen);
1601 msg.header.payload_size = ROUND_UP(msglen, VMBUS_MESSAGE_SIZE_ALIGN);
1602
1603 ret = hyperv_post_msg(vmbus->sint_route, &msg);
1604 if (ret == 0 || ret == -EAGAIN) {
1605 return;
1606 }
1607
1608 error_report("message delivery fatal failure: %d; aborting vmbus", ret);
1609 vmbus_reset_all(vmbus);
1610 }
1611
vmbus_init(VMBus * vmbus)1612 static int vmbus_init(VMBus *vmbus)
1613 {
1614 if (vmbus->target_vp != (uint32_t)-1) {
1615 vmbus->sint_route = hyperv_sint_route_new(vmbus->target_vp, VMBUS_SINT,
1616 vmbus_msg_cb, vmbus);
1617 if (!vmbus->sint_route) {
1618 error_report("failed to set up SINT route");
1619 return -ENOMEM;
1620 }
1621 }
1622 return 0;
1623 }
1624
vmbus_deinit(VMBus * vmbus)1625 static void vmbus_deinit(VMBus *vmbus)
1626 {
1627 VMBusGpadl *gpadl, *tmp_gpadl;
1628 VMBusChannel *chan;
1629
1630 QTAILQ_FOREACH_SAFE(gpadl, &vmbus->gpadl_list, link, tmp_gpadl) {
1631 if (gpadl->state == VMGPADL_TORNDOWN) {
1632 continue;
1633 }
1634 vmbus_put_gpadl(gpadl);
1635 }
1636
1637 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1638 chan->offer_state = VMOFFER_INIT;
1639 }
1640
1641 hyperv_sint_route_unref(vmbus->sint_route);
1642 vmbus->sint_route = NULL;
1643 vmbus->int_page_gpa = 0;
1644 vmbus->target_vp = (uint32_t)-1;
1645 vmbus->version = 0;
1646 vmbus->state = VMBUS_LISTEN;
1647 vmbus->msg_in_progress = false;
1648 }
1649
handle_initiate_contact(VMBus * vmbus,vmbus_message_initiate_contact * msg,uint32_t msglen)1650 static void handle_initiate_contact(VMBus *vmbus,
1651 vmbus_message_initiate_contact *msg,
1652 uint32_t msglen)
1653 {
1654 if (msglen < sizeof(*msg)) {
1655 return;
1656 }
1657
1658 trace_vmbus_initiate_contact(msg->version_requested >> 16,
1659 msg->version_requested & 0xffff,
1660 msg->target_vcpu, msg->monitor_page1,
1661 msg->monitor_page2, msg->interrupt_page);
1662
1663 /*
1664 * Reset vmbus on INITIATE_CONTACT regardless of its previous state.
1665 * Useful, in particular, with vmbus-aware BIOS which can't shut vmbus down
1666 * before handing over to OS loader.
1667 */
1668 vmbus_reset_all(vmbus);
1669
1670 vmbus->target_vp = msg->target_vcpu;
1671 vmbus->version = msg->version_requested;
1672 if (vmbus->version < VMBUS_VERSION_WIN8) {
1673 /* linux passes interrupt page even when it doesn't need it */
1674 vmbus->int_page_gpa = msg->interrupt_page;
1675 }
1676 vmbus->state = VMBUS_HANDSHAKE;
1677
1678 if (vmbus_init(vmbus)) {
1679 error_report("failed to init vmbus; aborting");
1680 vmbus_deinit(vmbus);
1681 return;
1682 }
1683 }
1684
send_handshake(VMBus * vmbus)1685 static void send_handshake(VMBus *vmbus)
1686 {
1687 struct vmbus_message_version_response msg = {
1688 .header.message_type = VMBUS_MSG_VERSION_RESPONSE,
1689 .version_supported = vmbus_initialized(vmbus),
1690 };
1691
1692 post_msg(vmbus, &msg, sizeof(msg));
1693 }
1694
handle_request_offers(VMBus * vmbus,void * msgdata,uint32_t msglen)1695 static void handle_request_offers(VMBus *vmbus, void *msgdata, uint32_t msglen)
1696 {
1697 VMBusChannel *chan;
1698
1699 if (!vmbus_initialized(vmbus)) {
1700 return;
1701 }
1702
1703 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1704 if (chan->offer_state == VMOFFER_INIT) {
1705 chan->offer_state = VMOFFER_SENDING;
1706 break;
1707 }
1708 }
1709
1710 vmbus->state = VMBUS_OFFER;
1711 }
1712
send_offer(VMBus * vmbus)1713 static void send_offer(VMBus *vmbus)
1714 {
1715 VMBusChannel *chan;
1716 struct vmbus_message_header alloffers_msg = {
1717 .message_type = VMBUS_MSG_ALLOFFERS_DELIVERED,
1718 };
1719
1720 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1721 if (chan->offer_state == VMOFFER_SENDING) {
1722 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(chan->dev);
1723 /* Hyper-V wants LE GUIDs */
1724 QemuUUID classid = qemu_uuid_bswap(vdc->classid);
1725 QemuUUID instanceid = qemu_uuid_bswap(chan->dev->instanceid);
1726 struct vmbus_message_offer_channel msg = {
1727 .header.message_type = VMBUS_MSG_OFFERCHANNEL,
1728 .child_relid = chan->id,
1729 .connection_id = chan_connection_id(chan),
1730 .channel_flags = vdc->channel_flags,
1731 .mmio_size_mb = vdc->mmio_size_mb,
1732 .sub_channel_index = vmbus_channel_idx(chan),
1733 .interrupt_flags = VMBUS_OFFER_INTERRUPT_DEDICATED,
1734 };
1735
1736 memcpy(msg.type_uuid, &classid, sizeof(classid));
1737 memcpy(msg.instance_uuid, &instanceid, sizeof(instanceid));
1738
1739 trace_vmbus_send_offer(chan->id, chan->dev);
1740
1741 post_msg(vmbus, &msg, sizeof(msg));
1742 return;
1743 }
1744 }
1745
1746 /* no more offers, send terminator message */
1747 trace_vmbus_terminate_offers();
1748 post_msg(vmbus, &alloffers_msg, sizeof(alloffers_msg));
1749 }
1750
complete_offer(VMBus * vmbus)1751 static bool complete_offer(VMBus *vmbus)
1752 {
1753 VMBusChannel *chan;
1754
1755 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1756 if (chan->offer_state == VMOFFER_SENDING) {
1757 chan->offer_state = VMOFFER_SENT;
1758 goto next_offer;
1759 }
1760 }
1761 /*
1762 * no transitioning channels found so this is completing the terminator
1763 * message, and vmbus can move to the next state
1764 */
1765 return true;
1766
1767 next_offer:
1768 /* try to mark another channel for offering */
1769 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1770 if (chan->offer_state == VMOFFER_INIT) {
1771 chan->offer_state = VMOFFER_SENDING;
1772 break;
1773 }
1774 }
1775 /*
1776 * if an offer has been sent there are more offers or the terminator yet to
1777 * send, so no state transition for vmbus
1778 */
1779 return false;
1780 }
1781
1782
handle_gpadl_header(VMBus * vmbus,vmbus_message_gpadl_header * msg,uint32_t msglen)1783 static void handle_gpadl_header(VMBus *vmbus, vmbus_message_gpadl_header *msg,
1784 uint32_t msglen)
1785 {
1786 VMBusGpadl *gpadl;
1787 uint32_t num_gfns, i;
1788
1789 /* must include at least one gpa range */
1790 if (msglen < sizeof(*msg) + sizeof(msg->range[0]) ||
1791 !vmbus_initialized(vmbus)) {
1792 return;
1793 }
1794
1795 num_gfns = (msg->range_buflen - msg->rangecount * sizeof(msg->range[0])) /
1796 sizeof(msg->range[0].pfn_array[0]);
1797
1798 trace_vmbus_gpadl_header(msg->gpadl_id, num_gfns);
1799
1800 /*
1801 * In theory the GPADL_HEADER message can define a GPADL with multiple GPA
1802 * ranges each with arbitrary size and alignment. However in practice only
1803 * single-range page-aligned GPADLs have been observed so just ignore
1804 * anything else and simplify things greatly.
1805 */
1806 if (msg->rangecount != 1 || msg->range[0].byte_offset ||
1807 (msg->range[0].byte_count != (num_gfns << TARGET_PAGE_BITS))) {
1808 return;
1809 }
1810
1811 /* ignore requests to create already existing GPADLs */
1812 if (find_gpadl(vmbus, msg->gpadl_id)) {
1813 return;
1814 }
1815
1816 gpadl = create_gpadl(vmbus, msg->gpadl_id, msg->child_relid, num_gfns);
1817
1818 for (i = 0; i < num_gfns &&
1819 (void *)&msg->range[0].pfn_array[i + 1] <= (void *)msg + msglen;
1820 i++) {
1821 gpadl->gfns[gpadl->seen_gfns++] = msg->range[0].pfn_array[i];
1822 }
1823
1824 if (gpadl_full(gpadl)) {
1825 vmbus->state = VMBUS_CREATE_GPADL;
1826 }
1827 }
1828
handle_gpadl_body(VMBus * vmbus,vmbus_message_gpadl_body * msg,uint32_t msglen)1829 static void handle_gpadl_body(VMBus *vmbus, vmbus_message_gpadl_body *msg,
1830 uint32_t msglen)
1831 {
1832 VMBusGpadl *gpadl;
1833 uint32_t num_gfns_left, i;
1834
1835 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
1836 return;
1837 }
1838
1839 trace_vmbus_gpadl_body(msg->gpadl_id);
1840
1841 gpadl = find_gpadl(vmbus, msg->gpadl_id);
1842 if (!gpadl) {
1843 return;
1844 }
1845
1846 num_gfns_left = gpadl->num_gfns - gpadl->seen_gfns;
1847 assert(num_gfns_left);
1848
1849 for (i = 0; i < num_gfns_left &&
1850 (void *)&msg->pfn_array[i + 1] <= (void *)msg + msglen; i++) {
1851 gpadl->gfns[gpadl->seen_gfns++] = msg->pfn_array[i];
1852 }
1853
1854 if (gpadl_full(gpadl)) {
1855 vmbus->state = VMBUS_CREATE_GPADL;
1856 }
1857 }
1858
send_create_gpadl(VMBus * vmbus)1859 static void send_create_gpadl(VMBus *vmbus)
1860 {
1861 VMBusGpadl *gpadl;
1862
1863 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
1864 if (gpadl_full(gpadl) && gpadl->state == VMGPADL_INIT) {
1865 struct vmbus_message_gpadl_created msg = {
1866 .header.message_type = VMBUS_MSG_GPADL_CREATED,
1867 .gpadl_id = gpadl->id,
1868 .child_relid = gpadl->child_relid,
1869 };
1870
1871 trace_vmbus_gpadl_created(gpadl->id);
1872 post_msg(vmbus, &msg, sizeof(msg));
1873 return;
1874 }
1875 }
1876
1877 assert(false);
1878 }
1879
complete_create_gpadl(VMBus * vmbus)1880 static bool complete_create_gpadl(VMBus *vmbus)
1881 {
1882 VMBusGpadl *gpadl;
1883
1884 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
1885 if (gpadl_full(gpadl) && gpadl->state == VMGPADL_INIT) {
1886 gpadl->state = VMGPADL_ALIVE;
1887
1888 return true;
1889 }
1890 }
1891
1892 assert(false);
1893 return false;
1894 }
1895
handle_gpadl_teardown(VMBus * vmbus,vmbus_message_gpadl_teardown * msg,uint32_t msglen)1896 static void handle_gpadl_teardown(VMBus *vmbus,
1897 vmbus_message_gpadl_teardown *msg,
1898 uint32_t msglen)
1899 {
1900 VMBusGpadl *gpadl;
1901
1902 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
1903 return;
1904 }
1905
1906 trace_vmbus_gpadl_teardown(msg->gpadl_id);
1907
1908 gpadl = find_gpadl(vmbus, msg->gpadl_id);
1909 if (!gpadl || gpadl->state == VMGPADL_TORNDOWN) {
1910 return;
1911 }
1912
1913 gpadl->state = VMGPADL_TEARINGDOWN;
1914 vmbus->state = VMBUS_TEARDOWN_GPADL;
1915 }
1916
send_teardown_gpadl(VMBus * vmbus)1917 static void send_teardown_gpadl(VMBus *vmbus)
1918 {
1919 VMBusGpadl *gpadl;
1920
1921 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
1922 if (gpadl->state == VMGPADL_TEARINGDOWN) {
1923 struct vmbus_message_gpadl_torndown msg = {
1924 .header.message_type = VMBUS_MSG_GPADL_TORNDOWN,
1925 .gpadl_id = gpadl->id,
1926 };
1927
1928 trace_vmbus_gpadl_torndown(gpadl->id);
1929 post_msg(vmbus, &msg, sizeof(msg));
1930 return;
1931 }
1932 }
1933
1934 assert(false);
1935 }
1936
complete_teardown_gpadl(VMBus * vmbus)1937 static bool complete_teardown_gpadl(VMBus *vmbus)
1938 {
1939 VMBusGpadl *gpadl;
1940
1941 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
1942 if (gpadl->state == VMGPADL_TEARINGDOWN) {
1943 gpadl->state = VMGPADL_TORNDOWN;
1944 vmbus_put_gpadl(gpadl);
1945 return true;
1946 }
1947 }
1948
1949 assert(false);
1950 return false;
1951 }
1952
handle_open_channel(VMBus * vmbus,vmbus_message_open_channel * msg,uint32_t msglen)1953 static void handle_open_channel(VMBus *vmbus, vmbus_message_open_channel *msg,
1954 uint32_t msglen)
1955 {
1956 VMBusChannel *chan;
1957
1958 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
1959 return;
1960 }
1961
1962 trace_vmbus_open_channel(msg->child_relid, msg->ring_buffer_gpadl_id,
1963 msg->target_vp);
1964 chan = find_channel(vmbus, msg->child_relid);
1965 if (!chan || chan->state != VMCHAN_INIT) {
1966 return;
1967 }
1968
1969 chan->ringbuf_gpadl = msg->ring_buffer_gpadl_id;
1970 chan->ringbuf_send_offset = msg->ring_buffer_offset;
1971 chan->target_vp = msg->target_vp;
1972 chan->open_id = msg->open_id;
1973
1974 open_channel(chan);
1975
1976 chan->state = VMCHAN_OPENING;
1977 vmbus->state = VMBUS_OPEN_CHANNEL;
1978 }
1979
send_open_channel(VMBus * vmbus)1980 static void send_open_channel(VMBus *vmbus)
1981 {
1982 VMBusChannel *chan;
1983
1984 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1985 if (chan->state == VMCHAN_OPENING) {
1986 struct vmbus_message_open_result msg = {
1987 .header.message_type = VMBUS_MSG_OPENCHANNEL_RESULT,
1988 .child_relid = chan->id,
1989 .open_id = chan->open_id,
1990 .status = !vmbus_channel_is_open(chan),
1991 };
1992
1993 trace_vmbus_channel_open(chan->id, msg.status);
1994 post_msg(vmbus, &msg, sizeof(msg));
1995 return;
1996 }
1997 }
1998
1999 assert(false);
2000 }
2001
complete_open_channel(VMBus * vmbus)2002 static bool complete_open_channel(VMBus *vmbus)
2003 {
2004 VMBusChannel *chan;
2005
2006 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2007 if (chan->state == VMCHAN_OPENING) {
2008 if (vmbus_channel_is_open(chan)) {
2009 chan->state = VMCHAN_OPEN;
2010 /*
2011 * simulate guest notification of ringbuffer space made
2012 * available, for the channel protocols where the host
2013 * initiates the communication
2014 */
2015 vmbus_channel_notify_host(chan);
2016 } else {
2017 chan->state = VMCHAN_INIT;
2018 }
2019 return true;
2020 }
2021 }
2022
2023 assert(false);
2024 return false;
2025 }
2026
vdev_reset_on_close(VMBusDevice * vdev)2027 static void vdev_reset_on_close(VMBusDevice *vdev)
2028 {
2029 uint16_t i;
2030
2031 for (i = 0; i < vdev->num_channels; i++) {
2032 if (vmbus_channel_is_open(&vdev->channels[i])) {
2033 return;
2034 }
2035 }
2036
2037 /* all channels closed -- reset device */
2038 device_cold_reset(DEVICE(vdev));
2039 }
2040
handle_close_channel(VMBus * vmbus,vmbus_message_close_channel * msg,uint32_t msglen)2041 static void handle_close_channel(VMBus *vmbus, vmbus_message_close_channel *msg,
2042 uint32_t msglen)
2043 {
2044 VMBusChannel *chan;
2045
2046 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
2047 return;
2048 }
2049
2050 trace_vmbus_close_channel(msg->child_relid);
2051
2052 chan = find_channel(vmbus, msg->child_relid);
2053 if (!chan) {
2054 return;
2055 }
2056
2057 close_channel(chan);
2058 chan->state = VMCHAN_INIT;
2059
2060 vdev_reset_on_close(chan->dev);
2061 }
2062
handle_unload(VMBus * vmbus,void * msg,uint32_t msglen)2063 static void handle_unload(VMBus *vmbus, void *msg, uint32_t msglen)
2064 {
2065 vmbus->state = VMBUS_UNLOAD;
2066 }
2067
send_unload(VMBus * vmbus)2068 static void send_unload(VMBus *vmbus)
2069 {
2070 vmbus_message_header msg = {
2071 .message_type = VMBUS_MSG_UNLOAD_RESPONSE,
2072 };
2073
2074 qemu_mutex_lock(&vmbus->rx_queue_lock);
2075 vmbus->rx_queue_size = 0;
2076 qemu_mutex_unlock(&vmbus->rx_queue_lock);
2077
2078 post_msg(vmbus, &msg, sizeof(msg));
2079 return;
2080 }
2081
complete_unload(VMBus * vmbus)2082 static bool complete_unload(VMBus *vmbus)
2083 {
2084 vmbus_reset_all(vmbus);
2085 return true;
2086 }
2087
process_message(VMBus * vmbus)2088 static void process_message(VMBus *vmbus)
2089 {
2090 struct hyperv_post_message_input *hv_msg;
2091 struct vmbus_message_header *msg;
2092 void *msgdata;
2093 uint32_t msglen;
2094
2095 qemu_mutex_lock(&vmbus->rx_queue_lock);
2096
2097 if (!vmbus->rx_queue_size) {
2098 goto unlock;
2099 }
2100
2101 hv_msg = &vmbus->rx_queue[vmbus->rx_queue_head];
2102 msglen = hv_msg->payload_size;
2103 if (msglen < sizeof(*msg)) {
2104 goto out;
2105 }
2106 msgdata = hv_msg->payload;
2107 msg = msgdata;
2108
2109 trace_vmbus_process_incoming_message(msg->message_type);
2110
2111 switch (msg->message_type) {
2112 case VMBUS_MSG_INITIATE_CONTACT:
2113 handle_initiate_contact(vmbus, msgdata, msglen);
2114 break;
2115 case VMBUS_MSG_REQUESTOFFERS:
2116 handle_request_offers(vmbus, msgdata, msglen);
2117 break;
2118 case VMBUS_MSG_GPADL_HEADER:
2119 handle_gpadl_header(vmbus, msgdata, msglen);
2120 break;
2121 case VMBUS_MSG_GPADL_BODY:
2122 handle_gpadl_body(vmbus, msgdata, msglen);
2123 break;
2124 case VMBUS_MSG_GPADL_TEARDOWN:
2125 handle_gpadl_teardown(vmbus, msgdata, msglen);
2126 break;
2127 case VMBUS_MSG_OPENCHANNEL:
2128 handle_open_channel(vmbus, msgdata, msglen);
2129 break;
2130 case VMBUS_MSG_CLOSECHANNEL:
2131 handle_close_channel(vmbus, msgdata, msglen);
2132 break;
2133 case VMBUS_MSG_UNLOAD:
2134 handle_unload(vmbus, msgdata, msglen);
2135 break;
2136 default:
2137 error_report("unknown message type %#x", msg->message_type);
2138 break;
2139 }
2140
2141 out:
2142 vmbus->rx_queue_size--;
2143 vmbus->rx_queue_head++;
2144 vmbus->rx_queue_head %= HV_MSG_QUEUE_LEN;
2145
2146 vmbus_resched(vmbus);
2147 unlock:
2148 qemu_mutex_unlock(&vmbus->rx_queue_lock);
2149 }
2150
2151 static const struct {
2152 void (*run)(VMBus *vmbus);
2153 bool (*complete)(VMBus *vmbus);
2154 } state_runner[] = {
2155 [VMBUS_LISTEN] = {process_message, NULL},
2156 [VMBUS_HANDSHAKE] = {send_handshake, NULL},
2157 [VMBUS_OFFER] = {send_offer, complete_offer},
2158 [VMBUS_CREATE_GPADL] = {send_create_gpadl, complete_create_gpadl},
2159 [VMBUS_TEARDOWN_GPADL] = {send_teardown_gpadl, complete_teardown_gpadl},
2160 [VMBUS_OPEN_CHANNEL] = {send_open_channel, complete_open_channel},
2161 [VMBUS_UNLOAD] = {send_unload, complete_unload},
2162 };
2163
vmbus_do_run(VMBus * vmbus)2164 static void vmbus_do_run(VMBus *vmbus)
2165 {
2166 if (vmbus->msg_in_progress) {
2167 return;
2168 }
2169
2170 assert(vmbus->state < VMBUS_STATE_MAX);
2171 assert(state_runner[vmbus->state].run);
2172 state_runner[vmbus->state].run(vmbus);
2173 }
2174
vmbus_run(void * opaque)2175 static void vmbus_run(void *opaque)
2176 {
2177 VMBus *vmbus = opaque;
2178
2179 /* make sure no recursion happens (e.g. due to recursive aio_poll()) */
2180 if (vmbus->in_progress) {
2181 return;
2182 }
2183
2184 vmbus->in_progress = true;
2185 /*
2186 * FIXME: if vmbus_resched() is called from within vmbus_do_run(), it
2187 * should go *after* the code that can result in aio_poll; otherwise
2188 * reschedules can be missed. No idea how to enforce that.
2189 */
2190 vmbus_do_run(vmbus);
2191 vmbus->in_progress = false;
2192 }
2193
vmbus_msg_cb(void * data,int status)2194 static void vmbus_msg_cb(void *data, int status)
2195 {
2196 VMBus *vmbus = data;
2197 bool (*complete)(VMBus *vmbus);
2198
2199 assert(vmbus->msg_in_progress);
2200
2201 trace_vmbus_msg_cb(status);
2202
2203 if (status == -EAGAIN) {
2204 goto out;
2205 }
2206 if (status) {
2207 error_report("message delivery fatal failure: %d; aborting vmbus",
2208 status);
2209 vmbus_reset_all(vmbus);
2210 return;
2211 }
2212
2213 assert(vmbus->state < VMBUS_STATE_MAX);
2214 complete = state_runner[vmbus->state].complete;
2215 if (!complete || complete(vmbus)) {
2216 vmbus->state = VMBUS_LISTEN;
2217 }
2218 out:
2219 vmbus->msg_in_progress = false;
2220 vmbus_resched(vmbus);
2221 }
2222
vmbus_resched(VMBus * vmbus)2223 static void vmbus_resched(VMBus *vmbus)
2224 {
2225 aio_bh_schedule_oneshot(qemu_get_aio_context(), vmbus_run, vmbus);
2226 }
2227
vmbus_signal_event(EventNotifier * e)2228 static void vmbus_signal_event(EventNotifier *e)
2229 {
2230 VMBusChannel *chan;
2231 VMBus *vmbus = container_of(e, VMBus, notifier);
2232 unsigned long *int_map;
2233 hwaddr addr, len;
2234 bool is_dirty = false;
2235
2236 if (!event_notifier_test_and_clear(e)) {
2237 return;
2238 }
2239
2240 trace_vmbus_signal_event();
2241
2242 if (!vmbus->int_page_gpa) {
2243 return;
2244 }
2245
2246 addr = vmbus->int_page_gpa + TARGET_PAGE_SIZE / 2;
2247 len = TARGET_PAGE_SIZE / 2;
2248 int_map = cpu_physical_memory_map(addr, &len, 1);
2249 if (len != TARGET_PAGE_SIZE / 2) {
2250 goto unmap;
2251 }
2252
2253 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2254 if (bitmap_test_and_clear_atomic(int_map, chan->id, 1)) {
2255 if (!vmbus_channel_is_open(chan)) {
2256 continue;
2257 }
2258 vmbus_channel_notify_host(chan);
2259 is_dirty = true;
2260 }
2261 }
2262
2263 unmap:
2264 cpu_physical_memory_unmap(int_map, len, 1, is_dirty);
2265 }
2266
vmbus_dev_realize(DeviceState * dev,Error ** errp)2267 static void vmbus_dev_realize(DeviceState *dev, Error **errp)
2268 {
2269 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2270 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2271 VMBus *vmbus = VMBUS(qdev_get_parent_bus(dev));
2272 BusChild *child;
2273 Error *err = NULL;
2274 char idstr[UUID_STR_LEN];
2275
2276 assert(!qemu_uuid_is_null(&vdev->instanceid));
2277
2278 if (!qemu_uuid_is_null(&vdc->instanceid)) {
2279 /* Class wants to only have a single instance with a fixed UUID */
2280 if (!qemu_uuid_is_equal(&vdev->instanceid, &vdc->instanceid)) {
2281 error_setg(&err, "instance id can't be changed");
2282 goto error_out;
2283 }
2284 }
2285
2286 /* Check for instance id collision for this class id */
2287 QTAILQ_FOREACH(child, &BUS(vmbus)->children, sibling) {
2288 VMBusDevice *child_dev = VMBUS_DEVICE(child->child);
2289
2290 if (child_dev == vdev) {
2291 continue;
2292 }
2293
2294 if (qemu_uuid_is_equal(&child_dev->instanceid, &vdev->instanceid)) {
2295 qemu_uuid_unparse(&vdev->instanceid, idstr);
2296 error_setg(&err, "duplicate vmbus device instance id %s", idstr);
2297 goto error_out;
2298 }
2299 }
2300
2301 vdev->dma_as = &address_space_memory;
2302
2303 create_channels(vmbus, vdev, &err);
2304 if (err) {
2305 goto error_out;
2306 }
2307
2308 if (vdc->vmdev_realize) {
2309 vdc->vmdev_realize(vdev, &err);
2310 if (err) {
2311 goto err_vdc_realize;
2312 }
2313 }
2314 return;
2315
2316 err_vdc_realize:
2317 free_channels(vdev);
2318 error_out:
2319 error_propagate(errp, err);
2320 }
2321
vmbus_dev_reset(DeviceState * dev)2322 static void vmbus_dev_reset(DeviceState *dev)
2323 {
2324 uint16_t i;
2325 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2326 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2327
2328 if (vdev->channels) {
2329 for (i = 0; i < vdev->num_channels; i++) {
2330 VMBusChannel *chan = &vdev->channels[i];
2331 close_channel(chan);
2332 chan->state = VMCHAN_INIT;
2333 }
2334 }
2335
2336 if (vdc->vmdev_reset) {
2337 vdc->vmdev_reset(vdev);
2338 }
2339 }
2340
vmbus_dev_unrealize(DeviceState * dev)2341 static void vmbus_dev_unrealize(DeviceState *dev)
2342 {
2343 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2344 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2345
2346 if (vdc->vmdev_unrealize) {
2347 vdc->vmdev_unrealize(vdev);
2348 }
2349 free_channels(vdev);
2350 }
2351
2352 static Property vmbus_dev_props[] = {
2353 DEFINE_PROP_UUID("instanceid", VMBusDevice, instanceid),
2354 DEFINE_PROP_END_OF_LIST()
2355 };
2356
2357
vmbus_dev_class_init(ObjectClass * klass,void * data)2358 static void vmbus_dev_class_init(ObjectClass *klass, void *data)
2359 {
2360 DeviceClass *kdev = DEVICE_CLASS(klass);
2361 device_class_set_props(kdev, vmbus_dev_props);
2362 kdev->bus_type = TYPE_VMBUS;
2363 kdev->realize = vmbus_dev_realize;
2364 kdev->unrealize = vmbus_dev_unrealize;
2365 kdev->reset = vmbus_dev_reset;
2366 }
2367
vmbus_dev_instance_init(Object * obj)2368 static void vmbus_dev_instance_init(Object *obj)
2369 {
2370 VMBusDevice *vdev = VMBUS_DEVICE(obj);
2371 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2372
2373 if (!qemu_uuid_is_null(&vdc->instanceid)) {
2374 /* Class wants to only have a single instance with a fixed UUID */
2375 vdev->instanceid = vdc->instanceid;
2376 }
2377 }
2378
2379 const VMStateDescription vmstate_vmbus_dev = {
2380 .name = TYPE_VMBUS_DEVICE,
2381 .version_id = 0,
2382 .minimum_version_id = 0,
2383 .fields = (const VMStateField[]) {
2384 VMSTATE_UINT8_ARRAY(instanceid.data, VMBusDevice, 16),
2385 VMSTATE_UINT16(num_channels, VMBusDevice),
2386 VMSTATE_STRUCT_VARRAY_POINTER_UINT16(channels, VMBusDevice,
2387 num_channels, vmstate_channel,
2388 VMBusChannel),
2389 VMSTATE_END_OF_LIST()
2390 }
2391 };
2392
2393 /* vmbus generic device base */
2394 static const TypeInfo vmbus_dev_type_info = {
2395 .name = TYPE_VMBUS_DEVICE,
2396 .parent = TYPE_DEVICE,
2397 .abstract = true,
2398 .instance_size = sizeof(VMBusDevice),
2399 .class_size = sizeof(VMBusDeviceClass),
2400 .class_init = vmbus_dev_class_init,
2401 .instance_init = vmbus_dev_instance_init,
2402 };
2403
vmbus_realize(BusState * bus,Error ** errp)2404 static void vmbus_realize(BusState *bus, Error **errp)
2405 {
2406 int ret = 0;
2407 VMBus *vmbus = VMBUS(bus);
2408
2409 qemu_mutex_init(&vmbus->rx_queue_lock);
2410
2411 QTAILQ_INIT(&vmbus->gpadl_list);
2412 QTAILQ_INIT(&vmbus->channel_list);
2413
2414 ret = hyperv_set_msg_handler(VMBUS_MESSAGE_CONNECTION_ID,
2415 vmbus_recv_message, vmbus);
2416 if (ret != 0) {
2417 error_setg(errp, "hyperv set message handler failed: %d", ret);
2418 goto error_out;
2419 }
2420
2421 ret = event_notifier_init(&vmbus->notifier, 0);
2422 if (ret != 0) {
2423 error_setg(errp, "event notifier failed to init with %d", ret);
2424 goto remove_msg_handler;
2425 }
2426
2427 event_notifier_set_handler(&vmbus->notifier, vmbus_signal_event);
2428 ret = hyperv_set_event_flag_handler(VMBUS_EVENT_CONNECTION_ID,
2429 &vmbus->notifier);
2430 if (ret != 0) {
2431 error_setg(errp, "hyperv set event handler failed with %d", ret);
2432 goto clear_event_notifier;
2433 }
2434
2435 return;
2436
2437 clear_event_notifier:
2438 event_notifier_cleanup(&vmbus->notifier);
2439 remove_msg_handler:
2440 hyperv_set_msg_handler(VMBUS_MESSAGE_CONNECTION_ID, NULL, NULL);
2441 error_out:
2442 qemu_mutex_destroy(&vmbus->rx_queue_lock);
2443 }
2444
vmbus_unrealize(BusState * bus)2445 static void vmbus_unrealize(BusState *bus)
2446 {
2447 VMBus *vmbus = VMBUS(bus);
2448
2449 hyperv_set_msg_handler(VMBUS_MESSAGE_CONNECTION_ID, NULL, NULL);
2450 hyperv_set_event_flag_handler(VMBUS_EVENT_CONNECTION_ID, NULL);
2451 event_notifier_cleanup(&vmbus->notifier);
2452
2453 qemu_mutex_destroy(&vmbus->rx_queue_lock);
2454 }
2455
vmbus_reset_hold(Object * obj,ResetType type)2456 static void vmbus_reset_hold(Object *obj, ResetType type)
2457 {
2458 vmbus_deinit(VMBUS(obj));
2459 }
2460
vmbus_get_dev_path(DeviceState * dev)2461 static char *vmbus_get_dev_path(DeviceState *dev)
2462 {
2463 BusState *bus = qdev_get_parent_bus(dev);
2464 return qdev_get_dev_path(bus->parent);
2465 }
2466
vmbus_get_fw_dev_path(DeviceState * dev)2467 static char *vmbus_get_fw_dev_path(DeviceState *dev)
2468 {
2469 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2470 char uuid[UUID_STR_LEN];
2471
2472 qemu_uuid_unparse(&vdev->instanceid, uuid);
2473 return g_strdup_printf("%s@%s", qdev_fw_name(dev), uuid);
2474 }
2475
vmbus_class_init(ObjectClass * klass,void * data)2476 static void vmbus_class_init(ObjectClass *klass, void *data)
2477 {
2478 BusClass *k = BUS_CLASS(klass);
2479 ResettableClass *rc = RESETTABLE_CLASS(klass);
2480
2481 k->get_dev_path = vmbus_get_dev_path;
2482 k->get_fw_dev_path = vmbus_get_fw_dev_path;
2483 k->realize = vmbus_realize;
2484 k->unrealize = vmbus_unrealize;
2485 rc->phases.hold = vmbus_reset_hold;
2486 }
2487
vmbus_pre_load(void * opaque)2488 static int vmbus_pre_load(void *opaque)
2489 {
2490 VMBusChannel *chan;
2491 VMBus *vmbus = VMBUS(opaque);
2492
2493 /*
2494 * channel IDs allocated by the source will come in the migration stream
2495 * for each channel, so clean up the ones allocated at realize
2496 */
2497 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2498 unregister_chan_id(chan);
2499 }
2500
2501 return 0;
2502 }
vmbus_post_load(void * opaque,int version_id)2503 static int vmbus_post_load(void *opaque, int version_id)
2504 {
2505 int ret;
2506 VMBus *vmbus = VMBUS(opaque);
2507 VMBusGpadl *gpadl;
2508 VMBusChannel *chan;
2509
2510 ret = vmbus_init(vmbus);
2511 if (ret) {
2512 return ret;
2513 }
2514
2515 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
2516 gpadl->vmbus = vmbus;
2517 gpadl->refcount = 1;
2518 }
2519
2520 /*
2521 * reopening channels depends on initialized vmbus so it's done here
2522 * instead of channel_post_load()
2523 */
2524 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2525
2526 if (chan->state == VMCHAN_OPENING || chan->state == VMCHAN_OPEN) {
2527 open_channel(chan);
2528 }
2529
2530 if (chan->state != VMCHAN_OPEN) {
2531 continue;
2532 }
2533
2534 if (!vmbus_channel_is_open(chan)) {
2535 /* reopen failed, abort loading */
2536 return -1;
2537 }
2538
2539 /* resume processing on the guest side if it missed the notification */
2540 hyperv_sint_route_set_sint(chan->notify_route);
2541 /* ditto on the host side */
2542 vmbus_channel_notify_host(chan);
2543 }
2544
2545 vmbus_resched(vmbus);
2546 return 0;
2547 }
2548
2549 static const VMStateDescription vmstate_post_message_input = {
2550 .name = "vmbus/hyperv_post_message_input",
2551 .version_id = 0,
2552 .minimum_version_id = 0,
2553 .fields = (const VMStateField[]) {
2554 /*
2555 * skip connection_id and message_type as they are validated before
2556 * queueing and ignored on dequeueing
2557 */
2558 VMSTATE_UINT32(payload_size, struct hyperv_post_message_input),
2559 VMSTATE_UINT8_ARRAY(payload, struct hyperv_post_message_input,
2560 HV_MESSAGE_PAYLOAD_SIZE),
2561 VMSTATE_END_OF_LIST()
2562 }
2563 };
2564
vmbus_rx_queue_needed(void * opaque)2565 static bool vmbus_rx_queue_needed(void *opaque)
2566 {
2567 VMBus *vmbus = VMBUS(opaque);
2568 return vmbus->rx_queue_size;
2569 }
2570
2571 static const VMStateDescription vmstate_rx_queue = {
2572 .name = "vmbus/rx_queue",
2573 .version_id = 0,
2574 .minimum_version_id = 0,
2575 .needed = vmbus_rx_queue_needed,
2576 .fields = (const VMStateField[]) {
2577 VMSTATE_UINT8(rx_queue_head, VMBus),
2578 VMSTATE_UINT8(rx_queue_size, VMBus),
2579 VMSTATE_STRUCT_ARRAY(rx_queue, VMBus,
2580 HV_MSG_QUEUE_LEN, 0,
2581 vmstate_post_message_input,
2582 struct hyperv_post_message_input),
2583 VMSTATE_END_OF_LIST()
2584 }
2585 };
2586
2587 static const VMStateDescription vmstate_vmbus = {
2588 .name = TYPE_VMBUS,
2589 .version_id = 0,
2590 .minimum_version_id = 0,
2591 .pre_load = vmbus_pre_load,
2592 .post_load = vmbus_post_load,
2593 .fields = (const VMStateField[]) {
2594 VMSTATE_UINT8(state, VMBus),
2595 VMSTATE_UINT32(version, VMBus),
2596 VMSTATE_UINT32(target_vp, VMBus),
2597 VMSTATE_UINT64(int_page_gpa, VMBus),
2598 VMSTATE_QTAILQ_V(gpadl_list, VMBus, 0,
2599 vmstate_gpadl, VMBusGpadl, link),
2600 VMSTATE_END_OF_LIST()
2601 },
2602 .subsections = (const VMStateDescription * const []) {
2603 &vmstate_rx_queue,
2604 NULL
2605 }
2606 };
2607
2608 static const TypeInfo vmbus_type_info = {
2609 .name = TYPE_VMBUS,
2610 .parent = TYPE_BUS,
2611 .instance_size = sizeof(VMBus),
2612 .class_init = vmbus_class_init,
2613 };
2614
vmbus_bridge_realize(DeviceState * dev,Error ** errp)2615 static void vmbus_bridge_realize(DeviceState *dev, Error **errp)
2616 {
2617 VMBusBridge *bridge = VMBUS_BRIDGE(dev);
2618
2619 /*
2620 * here there's at least one vmbus bridge that is being realized, so
2621 * vmbus_bridge_find can only return NULL if it's not unique
2622 */
2623 if (!vmbus_bridge_find()) {
2624 error_setg(errp, "there can be at most one %s in the system",
2625 TYPE_VMBUS_BRIDGE);
2626 return;
2627 }
2628
2629 if (!hyperv_is_synic_enabled()) {
2630 error_report("VMBus requires usable Hyper-V SynIC and VP_INDEX");
2631 return;
2632 }
2633
2634 if (!hyperv_are_vmbus_recommended_features_enabled()) {
2635 warn_report("VMBus enabled without the recommended set of Hyper-V features: "
2636 "hv-stimer, hv-vapic and hv-runtime. "
2637 "Some Windows versions might not boot or enable the VMBus device");
2638 }
2639
2640 bridge->bus = VMBUS(qbus_new(TYPE_VMBUS, dev, "vmbus"));
2641 }
2642
vmbus_bridge_ofw_unit_address(const SysBusDevice * dev)2643 static char *vmbus_bridge_ofw_unit_address(const SysBusDevice *dev)
2644 {
2645 /* there can be only one VMBus */
2646 return g_strdup("0");
2647 }
2648
2649 static const VMStateDescription vmstate_vmbus_bridge = {
2650 .name = TYPE_VMBUS_BRIDGE,
2651 .version_id = 0,
2652 .minimum_version_id = 0,
2653 .fields = (const VMStateField[]) {
2654 VMSTATE_STRUCT_POINTER(bus, VMBusBridge, vmstate_vmbus, VMBus),
2655 VMSTATE_END_OF_LIST()
2656 },
2657 };
2658
2659 static Property vmbus_bridge_props[] = {
2660 DEFINE_PROP_UINT8("irq", VMBusBridge, irq, 7),
2661 DEFINE_PROP_END_OF_LIST()
2662 };
2663
vmbus_bridge_class_init(ObjectClass * klass,void * data)2664 static void vmbus_bridge_class_init(ObjectClass *klass, void *data)
2665 {
2666 DeviceClass *k = DEVICE_CLASS(klass);
2667 SysBusDeviceClass *sk = SYS_BUS_DEVICE_CLASS(klass);
2668
2669 k->realize = vmbus_bridge_realize;
2670 k->fw_name = "vmbus";
2671 sk->explicit_ofw_unit_address = vmbus_bridge_ofw_unit_address;
2672 set_bit(DEVICE_CATEGORY_BRIDGE, k->categories);
2673 k->vmsd = &vmstate_vmbus_bridge;
2674 device_class_set_props(k, vmbus_bridge_props);
2675 /* override SysBusDevice's default */
2676 k->user_creatable = true;
2677 }
2678
2679 static const TypeInfo vmbus_bridge_type_info = {
2680 .name = TYPE_VMBUS_BRIDGE,
2681 .parent = TYPE_SYS_BUS_DEVICE,
2682 .instance_size = sizeof(VMBusBridge),
2683 .class_init = vmbus_bridge_class_init,
2684 };
2685
vmbus_register_types(void)2686 static void vmbus_register_types(void)
2687 {
2688 type_register_static(&vmbus_bridge_type_info);
2689 type_register_static(&vmbus_dev_type_info);
2690 type_register_static(&vmbus_type_info);
2691 }
2692
2693 type_init(vmbus_register_types)
2694