xref: /openbmc/qemu/hw/xen/xen-hvm-common.c (revision 72baef13)
1 #include "qemu/osdep.h"
2 #include "qemu/units.h"
3 #include "qapi/error.h"
4 #include "exec/target_page.h"
5 #include "trace.h"
6 
7 #include "hw/pci/pci_host.h"
8 #include "hw/xen/xen-hvm-common.h"
9 #include "hw/xen/xen-bus.h"
10 #include "hw/boards.h"
11 #include "hw/xen/arch_hvm.h"
12 
13 MemoryRegion xen_memory;
14 
15 void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, MemoryRegion *mr,
16                    Error **errp)
17 {
18     unsigned target_page_bits = qemu_target_page_bits();
19     unsigned long nr_pfn;
20     xen_pfn_t *pfn_list;
21     int i;
22 
23     if (runstate_check(RUN_STATE_INMIGRATE)) {
24         /* RAM already populated in Xen */
25         warn_report("%s: do not alloc "RAM_ADDR_FMT
26                 " bytes of ram at "RAM_ADDR_FMT" when runstate is INMIGRATE",
27                 __func__, size, ram_addr);
28         return;
29     }
30 
31     if (mr == &xen_memory) {
32         return;
33     }
34 
35     trace_xen_ram_alloc(ram_addr, size);
36 
37     nr_pfn = size >> target_page_bits;
38     pfn_list = g_new(xen_pfn_t, nr_pfn);
39 
40     for (i = 0; i < nr_pfn; i++) {
41         pfn_list[i] = (ram_addr >> target_page_bits) + i;
42     }
43 
44     if (xc_domain_populate_physmap_exact(xen_xc, xen_domid, nr_pfn, 0, 0, pfn_list)) {
45         error_setg(errp, "xen: failed to populate ram at " RAM_ADDR_FMT,
46                    ram_addr);
47     }
48 
49     g_free(pfn_list);
50 }
51 
52 static void xen_set_memory(struct MemoryListener *listener,
53                            MemoryRegionSection *section,
54                            bool add)
55 {
56     XenIOState *state = container_of(listener, XenIOState, memory_listener);
57 
58     if (section->mr == &xen_memory) {
59         return;
60     } else {
61         if (add) {
62             xen_map_memory_section(xen_domid, state->ioservid,
63                                    section);
64         } else {
65             xen_unmap_memory_section(xen_domid, state->ioservid,
66                                      section);
67         }
68     }
69 
70     arch_xen_set_memory(state, section, add);
71 }
72 
73 void xen_region_add(MemoryListener *listener,
74                            MemoryRegionSection *section)
75 {
76     memory_region_ref(section->mr);
77     xen_set_memory(listener, section, true);
78 }
79 
80 void xen_region_del(MemoryListener *listener,
81                            MemoryRegionSection *section)
82 {
83     xen_set_memory(listener, section, false);
84     memory_region_unref(section->mr);
85 }
86 
87 void xen_io_add(MemoryListener *listener,
88                        MemoryRegionSection *section)
89 {
90     XenIOState *state = container_of(listener, XenIOState, io_listener);
91     MemoryRegion *mr = section->mr;
92 
93     if (mr->ops == &unassigned_io_ops) {
94         return;
95     }
96 
97     memory_region_ref(mr);
98 
99     xen_map_io_section(xen_domid, state->ioservid, section);
100 }
101 
102 void xen_io_del(MemoryListener *listener,
103                        MemoryRegionSection *section)
104 {
105     XenIOState *state = container_of(listener, XenIOState, io_listener);
106     MemoryRegion *mr = section->mr;
107 
108     if (mr->ops == &unassigned_io_ops) {
109         return;
110     }
111 
112     xen_unmap_io_section(xen_domid, state->ioservid, section);
113 
114     memory_region_unref(mr);
115 }
116 
117 void xen_device_realize(DeviceListener *listener,
118                                DeviceState *dev)
119 {
120     XenIOState *state = container_of(listener, XenIOState, device_listener);
121 
122     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
123         PCIDevice *pci_dev = PCI_DEVICE(dev);
124         XenPciDevice *xendev = g_new(XenPciDevice, 1);
125 
126         xendev->pci_dev = pci_dev;
127         xendev->sbdf = PCI_BUILD_BDF(pci_dev_bus_num(pci_dev),
128                                      pci_dev->devfn);
129         QLIST_INSERT_HEAD(&state->dev_list, xendev, entry);
130 
131         xen_map_pcidev(xen_domid, state->ioservid, pci_dev);
132     }
133 }
134 
135 void xen_device_unrealize(DeviceListener *listener,
136                                  DeviceState *dev)
137 {
138     XenIOState *state = container_of(listener, XenIOState, device_listener);
139 
140     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
141         PCIDevice *pci_dev = PCI_DEVICE(dev);
142         XenPciDevice *xendev, *next;
143 
144         xen_unmap_pcidev(xen_domid, state->ioservid, pci_dev);
145 
146         QLIST_FOREACH_SAFE(xendev, &state->dev_list, entry, next) {
147             if (xendev->pci_dev == pci_dev) {
148                 QLIST_REMOVE(xendev, entry);
149                 g_free(xendev);
150                 break;
151             }
152         }
153     }
154 }
155 
156 MemoryListener xen_io_listener = {
157     .name = "xen-io",
158     .region_add = xen_io_add,
159     .region_del = xen_io_del,
160     .priority = MEMORY_LISTENER_PRIORITY_ACCEL,
161 };
162 
163 DeviceListener xen_device_listener = {
164     .realize = xen_device_realize,
165     .unrealize = xen_device_unrealize,
166 };
167 
168 /* get the ioreq packets from share mem */
169 static ioreq_t *cpu_get_ioreq_from_shared_memory(XenIOState *state, int vcpu)
170 {
171     ioreq_t *req = xen_vcpu_ioreq(state->shared_page, vcpu);
172 
173     if (req->state != STATE_IOREQ_READY) {
174         trace_cpu_get_ioreq_from_shared_memory_req_not_ready(req->state,
175                                                              req->data_is_ptr,
176                                                              req->addr,
177                                                              req->data,
178                                                              req->count,
179                                                              req->size);
180         return NULL;
181     }
182 
183     xen_rmb(); /* see IOREQ_READY /then/ read contents of ioreq */
184 
185     req->state = STATE_IOREQ_INPROCESS;
186     return req;
187 }
188 
189 /* use poll to get the port notification */
190 /* ioreq_vec--out,the */
191 /* retval--the number of ioreq packet */
192 static ioreq_t *cpu_get_ioreq(XenIOState *state)
193 {
194     MachineState *ms = MACHINE(qdev_get_machine());
195     unsigned int max_cpus = ms->smp.max_cpus;
196     int i;
197     evtchn_port_t port;
198 
199     port = qemu_xen_evtchn_pending(state->xce_handle);
200     if (port == state->bufioreq_local_port) {
201         timer_mod(state->buffered_io_timer,
202                 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
203         return NULL;
204     }
205 
206     if (port != -1) {
207         for (i = 0; i < max_cpus; i++) {
208             if (state->ioreq_local_port[i] == port) {
209                 break;
210             }
211         }
212 
213         if (i == max_cpus) {
214             hw_error("Fatal error while trying to get io event!\n");
215         }
216 
217         /* unmask the wanted port again */
218         qemu_xen_evtchn_unmask(state->xce_handle, port);
219 
220         /* get the io packet from shared memory */
221         state->send_vcpu = i;
222         return cpu_get_ioreq_from_shared_memory(state, i);
223     }
224 
225     /* read error or read nothing */
226     return NULL;
227 }
228 
229 static uint32_t do_inp(uint32_t addr, unsigned long size)
230 {
231     switch (size) {
232         case 1:
233             return cpu_inb(addr);
234         case 2:
235             return cpu_inw(addr);
236         case 4:
237             return cpu_inl(addr);
238         default:
239             hw_error("inp: bad size: %04x %lx", addr, size);
240     }
241 }
242 
243 static void do_outp(uint32_t addr,
244         unsigned long size, uint32_t val)
245 {
246     switch (size) {
247         case 1:
248             return cpu_outb(addr, val);
249         case 2:
250             return cpu_outw(addr, val);
251         case 4:
252             return cpu_outl(addr, val);
253         default:
254             hw_error("outp: bad size: %04x %lx", addr, size);
255     }
256 }
257 
258 /*
259  * Helper functions which read/write an object from/to physical guest
260  * memory, as part of the implementation of an ioreq.
261  *
262  * Equivalent to
263  *   cpu_physical_memory_rw(addr + (req->df ? -1 : +1) * req->size * i,
264  *                          val, req->size, 0/1)
265  * except without the integer overflow problems.
266  */
267 static void rw_phys_req_item(hwaddr addr,
268                              ioreq_t *req, uint32_t i, void *val, int rw)
269 {
270     /* Do everything unsigned so overflow just results in a truncated result
271      * and accesses to undesired parts of guest memory, which is up
272      * to the guest */
273     hwaddr offset = (hwaddr)req->size * i;
274     if (req->df) {
275         addr -= offset;
276     } else {
277         addr += offset;
278     }
279     cpu_physical_memory_rw(addr, val, req->size, rw);
280 }
281 
282 static inline void read_phys_req_item(hwaddr addr,
283                                       ioreq_t *req, uint32_t i, void *val)
284 {
285     rw_phys_req_item(addr, req, i, val, 0);
286 }
287 static inline void write_phys_req_item(hwaddr addr,
288                                        ioreq_t *req, uint32_t i, void *val)
289 {
290     rw_phys_req_item(addr, req, i, val, 1);
291 }
292 
293 
294 void cpu_ioreq_pio(ioreq_t *req)
295 {
296     uint32_t i;
297 
298     trace_cpu_ioreq_pio(req, req->dir, req->df, req->data_is_ptr, req->addr,
299                          req->data, req->count, req->size);
300 
301     if (req->size > sizeof(uint32_t)) {
302         hw_error("PIO: bad size (%u)", req->size);
303     }
304 
305     if (req->dir == IOREQ_READ) {
306         if (!req->data_is_ptr) {
307             req->data = do_inp(req->addr, req->size);
308             trace_cpu_ioreq_pio_read_reg(req, req->data, req->addr,
309                                          req->size);
310         } else {
311             uint32_t tmp;
312 
313             for (i = 0; i < req->count; i++) {
314                 tmp = do_inp(req->addr, req->size);
315                 write_phys_req_item(req->data, req, i, &tmp);
316             }
317         }
318     } else if (req->dir == IOREQ_WRITE) {
319         if (!req->data_is_ptr) {
320             trace_cpu_ioreq_pio_write_reg(req, req->data, req->addr,
321                                           req->size);
322             do_outp(req->addr, req->size, req->data);
323         } else {
324             for (i = 0; i < req->count; i++) {
325                 uint32_t tmp = 0;
326 
327                 read_phys_req_item(req->data, req, i, &tmp);
328                 do_outp(req->addr, req->size, tmp);
329             }
330         }
331     }
332 }
333 
334 static void cpu_ioreq_move(ioreq_t *req)
335 {
336     uint32_t i;
337 
338     trace_cpu_ioreq_move(req, req->dir, req->df, req->data_is_ptr, req->addr,
339                          req->data, req->count, req->size);
340 
341     if (req->size > sizeof(req->data)) {
342         hw_error("MMIO: bad size (%u)", req->size);
343     }
344 
345     if (!req->data_is_ptr) {
346         if (req->dir == IOREQ_READ) {
347             for (i = 0; i < req->count; i++) {
348                 read_phys_req_item(req->addr, req, i, &req->data);
349             }
350         } else if (req->dir == IOREQ_WRITE) {
351             for (i = 0; i < req->count; i++) {
352                 write_phys_req_item(req->addr, req, i, &req->data);
353             }
354         }
355     } else {
356         uint64_t tmp;
357 
358         if (req->dir == IOREQ_READ) {
359             for (i = 0; i < req->count; i++) {
360                 read_phys_req_item(req->addr, req, i, &tmp);
361                 write_phys_req_item(req->data, req, i, &tmp);
362             }
363         } else if (req->dir == IOREQ_WRITE) {
364             for (i = 0; i < req->count; i++) {
365                 read_phys_req_item(req->data, req, i, &tmp);
366                 write_phys_req_item(req->addr, req, i, &tmp);
367             }
368         }
369     }
370 }
371 
372 static void cpu_ioreq_config(XenIOState *state, ioreq_t *req)
373 {
374     uint32_t sbdf = req->addr >> 32;
375     uint32_t reg = req->addr;
376     XenPciDevice *xendev;
377 
378     if (req->size != sizeof(uint8_t) && req->size != sizeof(uint16_t) &&
379         req->size != sizeof(uint32_t)) {
380         hw_error("PCI config access: bad size (%u)", req->size);
381     }
382 
383     if (req->count != 1) {
384         hw_error("PCI config access: bad count (%u)", req->count);
385     }
386 
387     QLIST_FOREACH(xendev, &state->dev_list, entry) {
388         if (xendev->sbdf != sbdf) {
389             continue;
390         }
391 
392         if (!req->data_is_ptr) {
393             if (req->dir == IOREQ_READ) {
394                 req->data = pci_host_config_read_common(
395                     xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
396                     req->size);
397                 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg,
398                                             req->size, req->data);
399             } else if (req->dir == IOREQ_WRITE) {
400                 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg,
401                                              req->size, req->data);
402                 pci_host_config_write_common(
403                     xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
404                     req->data, req->size);
405             }
406         } else {
407             uint32_t tmp;
408 
409             if (req->dir == IOREQ_READ) {
410                 tmp = pci_host_config_read_common(
411                     xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
412                     req->size);
413                 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg,
414                                             req->size, tmp);
415                 write_phys_req_item(req->data, req, 0, &tmp);
416             } else if (req->dir == IOREQ_WRITE) {
417                 read_phys_req_item(req->data, req, 0, &tmp);
418                 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg,
419                                              req->size, tmp);
420                 pci_host_config_write_common(
421                     xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
422                     tmp, req->size);
423             }
424         }
425     }
426 }
427 
428 static void handle_ioreq(XenIOState *state, ioreq_t *req)
429 {
430     trace_handle_ioreq(req, req->type, req->dir, req->df, req->data_is_ptr,
431                        req->addr, req->data, req->count, req->size);
432 
433     if (!req->data_is_ptr && (req->dir == IOREQ_WRITE) &&
434             (req->size < sizeof (target_ulong))) {
435         req->data &= ((target_ulong) 1 << (8 * req->size)) - 1;
436     }
437 
438     if (req->dir == IOREQ_WRITE)
439         trace_handle_ioreq_write(req, req->type, req->df, req->data_is_ptr,
440                                  req->addr, req->data, req->count, req->size);
441 
442     switch (req->type) {
443         case IOREQ_TYPE_PIO:
444             cpu_ioreq_pio(req);
445             break;
446         case IOREQ_TYPE_COPY:
447             cpu_ioreq_move(req);
448             break;
449         case IOREQ_TYPE_TIMEOFFSET:
450             break;
451         case IOREQ_TYPE_INVALIDATE:
452             xen_invalidate_map_cache();
453             break;
454         case IOREQ_TYPE_PCI_CONFIG:
455             cpu_ioreq_config(state, req);
456             break;
457         default:
458             arch_handle_ioreq(state, req);
459     }
460     if (req->dir == IOREQ_READ) {
461         trace_handle_ioreq_read(req, req->type, req->df, req->data_is_ptr,
462                                 req->addr, req->data, req->count, req->size);
463     }
464 }
465 
466 static bool handle_buffered_iopage(XenIOState *state)
467 {
468     buffered_iopage_t *buf_page = state->buffered_io_page;
469     buf_ioreq_t *buf_req = NULL;
470     bool handled_ioreq = false;
471     ioreq_t req;
472     int qw;
473 
474     if (!buf_page) {
475         return 0;
476     }
477 
478     memset(&req, 0x00, sizeof(req));
479     req.state = STATE_IOREQ_READY;
480     req.count = 1;
481     req.dir = IOREQ_WRITE;
482 
483     for (;;) {
484         uint32_t rdptr = buf_page->read_pointer, wrptr;
485 
486         xen_rmb();
487         wrptr = buf_page->write_pointer;
488         xen_rmb();
489         if (rdptr != buf_page->read_pointer) {
490             continue;
491         }
492         if (rdptr == wrptr) {
493             break;
494         }
495         buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM];
496         req.size = 1U << buf_req->size;
497         req.addr = buf_req->addr;
498         req.data = buf_req->data;
499         req.type = buf_req->type;
500         xen_rmb();
501         qw = (req.size == 8);
502         if (qw) {
503             if (rdptr + 1 == wrptr) {
504                 hw_error("Incomplete quad word buffered ioreq");
505             }
506             buf_req = &buf_page->buf_ioreq[(rdptr + 1) %
507                                            IOREQ_BUFFER_SLOT_NUM];
508             req.data |= ((uint64_t)buf_req->data) << 32;
509             xen_rmb();
510         }
511 
512         handle_ioreq(state, &req);
513 
514         /* Only req.data may get updated by handle_ioreq(), albeit even that
515          * should not happen as such data would never make it to the guest (we
516          * can only usefully see writes here after all).
517          */
518         assert(req.state == STATE_IOREQ_READY);
519         assert(req.count == 1);
520         assert(req.dir == IOREQ_WRITE);
521         assert(!req.data_is_ptr);
522 
523         qatomic_add(&buf_page->read_pointer, qw + 1);
524         handled_ioreq = true;
525     }
526 
527     return handled_ioreq;
528 }
529 
530 static void handle_buffered_io(void *opaque)
531 {
532     XenIOState *state = opaque;
533 
534     if (handle_buffered_iopage(state)) {
535         timer_mod(state->buffered_io_timer,
536                 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
537     } else {
538         timer_del(state->buffered_io_timer);
539         qemu_xen_evtchn_unmask(state->xce_handle, state->bufioreq_local_port);
540     }
541 }
542 
543 static void cpu_handle_ioreq(void *opaque)
544 {
545     XenIOState *state = opaque;
546     ioreq_t *req = cpu_get_ioreq(state);
547 
548     handle_buffered_iopage(state);
549     if (req) {
550         ioreq_t copy = *req;
551 
552         xen_rmb();
553         handle_ioreq(state, &copy);
554         req->data = copy.data;
555 
556         if (req->state != STATE_IOREQ_INPROCESS) {
557             warn_report("Badness in I/O request ... not in service?!: "
558                     "%x, ptr: %x, port: %"PRIx64", "
559                     "data: %"PRIx64", count: %u, size: %u, type: %u",
560                     req->state, req->data_is_ptr, req->addr,
561                     req->data, req->count, req->size, req->type);
562             destroy_hvm_domain(false);
563             return;
564         }
565 
566         xen_wmb(); /* Update ioreq contents /then/ update state. */
567 
568         /*
569          * We do this before we send the response so that the tools
570          * have the opportunity to pick up on the reset before the
571          * guest resumes and does a hlt with interrupts disabled which
572          * causes Xen to powerdown the domain.
573          */
574         if (runstate_is_running()) {
575             ShutdownCause request;
576 
577             if (qemu_shutdown_requested_get()) {
578                 destroy_hvm_domain(false);
579             }
580             request = qemu_reset_requested_get();
581             if (request) {
582                 qemu_system_reset(request);
583                 destroy_hvm_domain(true);
584             }
585         }
586 
587         req->state = STATE_IORESP_READY;
588         qemu_xen_evtchn_notify(state->xce_handle,
589                                state->ioreq_local_port[state->send_vcpu]);
590     }
591 }
592 
593 static void xen_main_loop_prepare(XenIOState *state)
594 {
595     int evtchn_fd = -1;
596 
597     if (state->xce_handle != NULL) {
598         evtchn_fd = qemu_xen_evtchn_fd(state->xce_handle);
599     }
600 
601     state->buffered_io_timer = timer_new_ms(QEMU_CLOCK_REALTIME, handle_buffered_io,
602                                                  state);
603 
604     if (evtchn_fd != -1) {
605         CPUState *cpu_state;
606 
607         CPU_FOREACH(cpu_state) {
608             trace_xen_main_loop_prepare_init_cpu(cpu_state->cpu_index,
609                                                  cpu_state);
610             state->cpu_by_vcpu_id[cpu_state->cpu_index] = cpu_state;
611         }
612         qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state);
613     }
614 }
615 
616 
617 void xen_hvm_change_state_handler(void *opaque, bool running,
618                                          RunState rstate)
619 {
620     XenIOState *state = opaque;
621 
622     if (running) {
623         xen_main_loop_prepare(state);
624     }
625 
626     xen_set_ioreq_server_state(xen_domid,
627                                state->ioservid,
628                                running);
629 }
630 
631 void xen_exit_notifier(Notifier *n, void *data)
632 {
633     XenIOState *state = container_of(n, XenIOState, exit);
634 
635     xen_destroy_ioreq_server(xen_domid, state->ioservid);
636     if (state->fres != NULL) {
637         xenforeignmemory_unmap_resource(xen_fmem, state->fres);
638     }
639 
640     qemu_xen_evtchn_close(state->xce_handle);
641     xs_daemon_close(state->xenstore);
642 }
643 
644 static int xen_map_ioreq_server(XenIOState *state)
645 {
646     void *addr = NULL;
647     xen_pfn_t ioreq_pfn;
648     xen_pfn_t bufioreq_pfn;
649     evtchn_port_t bufioreq_evtchn;
650     int rc;
651 
652     /*
653      * Attempt to map using the resource API and fall back to normal
654      * foreign mapping if this is not supported.
655      */
656     QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_bufioreq != 0);
657     QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_ioreq(0) != 1);
658     state->fres = xenforeignmemory_map_resource(xen_fmem, xen_domid,
659                                          XENMEM_resource_ioreq_server,
660                                          state->ioservid, 0, 2,
661                                          &addr,
662                                          PROT_READ | PROT_WRITE, 0);
663     if (state->fres != NULL) {
664         trace_xen_map_resource_ioreq(state->ioservid, addr);
665         state->buffered_io_page = addr;
666         state->shared_page = addr + XC_PAGE_SIZE;
667     } else if (errno != EOPNOTSUPP) {
668         error_report("failed to map ioreq server resources: error %d handle=%p",
669                      errno, xen_xc);
670         return -1;
671     }
672 
673     rc = xen_get_ioreq_server_info(xen_domid, state->ioservid,
674                                    (state->shared_page == NULL) ?
675                                    &ioreq_pfn : NULL,
676                                    (state->buffered_io_page == NULL) ?
677                                    &bufioreq_pfn : NULL,
678                                    &bufioreq_evtchn);
679     if (rc < 0) {
680         error_report("failed to get ioreq server info: error %d handle=%p",
681                      errno, xen_xc);
682         return rc;
683     }
684 
685     if (state->shared_page == NULL) {
686         trace_xen_map_ioreq_server_shared_page(ioreq_pfn);
687 
688         state->shared_page = xenforeignmemory_map(xen_fmem, xen_domid,
689                                                   PROT_READ | PROT_WRITE,
690                                                   1, &ioreq_pfn, NULL);
691         if (state->shared_page == NULL) {
692             error_report("map shared IO page returned error %d handle=%p",
693                          errno, xen_xc);
694         }
695     }
696 
697     if (state->buffered_io_page == NULL) {
698         trace_xen_map_ioreq_server_buffered_io_page(bufioreq_pfn);
699 
700         state->buffered_io_page = xenforeignmemory_map(xen_fmem, xen_domid,
701                                                        PROT_READ | PROT_WRITE,
702                                                        1, &bufioreq_pfn,
703                                                        NULL);
704         if (state->buffered_io_page == NULL) {
705             error_report("map buffered IO page returned error %d", errno);
706             return -1;
707         }
708     }
709 
710     if (state->shared_page == NULL || state->buffered_io_page == NULL) {
711         return -1;
712     }
713 
714     trace_xen_map_ioreq_server_buffered_io_evtchn(bufioreq_evtchn);
715 
716     state->bufioreq_remote_port = bufioreq_evtchn;
717 
718     return 0;
719 }
720 
721 void destroy_hvm_domain(bool reboot)
722 {
723     xc_interface *xc_handle;
724     int sts;
725     int rc;
726 
727     unsigned int reason = reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff;
728 
729     if (xen_dmod) {
730         rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason);
731         if (!rc) {
732             return;
733         }
734         if (errno != ENOTTY /* old Xen */) {
735             error_report("xendevicemodel_shutdown failed with error %d", errno);
736         }
737         /* well, try the old thing then */
738     }
739 
740     xc_handle = xc_interface_open(0, 0, 0);
741     if (xc_handle == NULL) {
742         trace_destroy_hvm_domain_cannot_acquire_handle();
743     } else {
744         sts = xc_domain_shutdown(xc_handle, xen_domid, reason);
745         if (sts != 0) {
746             trace_destroy_hvm_domain_failed_action(
747                 reboot ? "reboot" : "poweroff", sts, strerror(errno)
748             );
749         } else {
750             trace_destroy_hvm_domain_action(
751                 xen_domid, reboot ? "reboot" : "poweroff"
752             );
753         }
754         xc_interface_close(xc_handle);
755     }
756 }
757 
758 void xen_shutdown_fatal_error(const char *fmt, ...)
759 {
760     va_list ap;
761 
762     va_start(ap, fmt);
763     error_vreport(fmt, ap);
764     va_end(ap);
765     error_report("Will destroy the domain.");
766     /* destroy the domain */
767     qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR);
768 }
769 
770 static void xen_do_ioreq_register(XenIOState *state,
771                                   unsigned int max_cpus,
772                                   const MemoryListener *xen_memory_listener)
773 {
774     int i, rc;
775 
776     state->exit.notify = xen_exit_notifier;
777     qemu_add_exit_notifier(&state->exit);
778 
779     /*
780      * Register wake-up support in QMP query-current-machine API
781      */
782     qemu_register_wakeup_support();
783 
784     rc = xen_map_ioreq_server(state);
785     if (rc < 0) {
786         goto err;
787     }
788 
789     /* Note: cpus is empty at this point in init */
790     state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus);
791 
792     rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true);
793     if (rc < 0) {
794         error_report("failed to enable ioreq server info: error %d handle=%p",
795                      errno, xen_xc);
796         goto err;
797     }
798 
799     state->ioreq_local_port = g_new0(evtchn_port_t, max_cpus);
800 
801     /* FIXME: how about if we overflow the page here? */
802     for (i = 0; i < max_cpus; i++) {
803         rc = qemu_xen_evtchn_bind_interdomain(state->xce_handle, xen_domid,
804                                               xen_vcpu_eport(state->shared_page,
805                                                              i));
806         if (rc == -1) {
807             error_report("shared evtchn %d bind error %d", i, errno);
808             goto err;
809         }
810         state->ioreq_local_port[i] = rc;
811     }
812 
813     rc = qemu_xen_evtchn_bind_interdomain(state->xce_handle, xen_domid,
814                                           state->bufioreq_remote_port);
815     if (rc == -1) {
816         error_report("buffered evtchn bind error %d", errno);
817         goto err;
818     }
819     state->bufioreq_local_port = rc;
820 
821     /* Init RAM management */
822 #ifdef XEN_COMPAT_PHYSMAP
823     xen_map_cache_init(xen_phys_offset_to_gaddr, state);
824 #else
825     xen_map_cache_init(NULL, state);
826 #endif
827 
828     qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
829 
830     state->memory_listener = *xen_memory_listener;
831     memory_listener_register(&state->memory_listener, &address_space_memory);
832 
833     state->io_listener = xen_io_listener;
834     memory_listener_register(&state->io_listener, &address_space_io);
835 
836     state->device_listener = xen_device_listener;
837     QLIST_INIT(&state->dev_list);
838     device_listener_register(&state->device_listener);
839 
840     return;
841 
842 err:
843     error_report("xen hardware virtual machine initialisation failed");
844     exit(1);
845 }
846 
847 void xen_register_ioreq(XenIOState *state, unsigned int max_cpus,
848                         const MemoryListener *xen_memory_listener)
849 {
850     int rc;
851 
852     setup_xen_backend_ops();
853 
854     state->xce_handle = qemu_xen_evtchn_open();
855     if (state->xce_handle == NULL) {
856         error_report("xen: event channel open failed with error %d", errno);
857         goto err;
858     }
859 
860     state->xenstore = xs_daemon_open();
861     if (state->xenstore == NULL) {
862         error_report("xen: xenstore open failed with error %d", errno);
863         goto err;
864     }
865 
866     rc = xen_create_ioreq_server(xen_domid, &state->ioservid);
867     if (!rc) {
868         xen_do_ioreq_register(state, max_cpus, xen_memory_listener);
869     } else {
870         warn_report("xen: failed to create ioreq server");
871     }
872 
873     xen_bus_init();
874 
875     return;
876 
877 err:
878     error_report("xen hardware virtual machine backend registration failed");
879     exit(1);
880 }
881