1 #include "qemu/osdep.h" 2 #include "qemu/units.h" 3 #include "qapi/error.h" 4 #include "exec/target_page.h" 5 #include "trace.h" 6 7 #include "hw/pci/pci_host.h" 8 #include "hw/xen/xen-hvm-common.h" 9 #include "hw/xen/xen-bus.h" 10 #include "hw/boards.h" 11 #include "hw/xen/arch_hvm.h" 12 13 MemoryRegion xen_memory; 14 15 void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, MemoryRegion *mr, 16 Error **errp) 17 { 18 unsigned target_page_bits = qemu_target_page_bits(); 19 unsigned long nr_pfn; 20 xen_pfn_t *pfn_list; 21 int i; 22 23 if (runstate_check(RUN_STATE_INMIGRATE)) { 24 /* RAM already populated in Xen */ 25 warn_report("%s: do not alloc "RAM_ADDR_FMT 26 " bytes of ram at "RAM_ADDR_FMT" when runstate is INMIGRATE", 27 __func__, size, ram_addr); 28 return; 29 } 30 31 if (mr == &xen_memory) { 32 return; 33 } 34 35 trace_xen_ram_alloc(ram_addr, size); 36 37 nr_pfn = size >> target_page_bits; 38 pfn_list = g_new(xen_pfn_t, nr_pfn); 39 40 for (i = 0; i < nr_pfn; i++) { 41 pfn_list[i] = (ram_addr >> target_page_bits) + i; 42 } 43 44 if (xc_domain_populate_physmap_exact(xen_xc, xen_domid, nr_pfn, 0, 0, pfn_list)) { 45 error_setg(errp, "xen: failed to populate ram at " RAM_ADDR_FMT, 46 ram_addr); 47 } 48 49 g_free(pfn_list); 50 } 51 52 static void xen_set_memory(struct MemoryListener *listener, 53 MemoryRegionSection *section, 54 bool add) 55 { 56 XenIOState *state = container_of(listener, XenIOState, memory_listener); 57 58 if (section->mr == &xen_memory) { 59 return; 60 } else { 61 if (add) { 62 xen_map_memory_section(xen_domid, state->ioservid, 63 section); 64 } else { 65 xen_unmap_memory_section(xen_domid, state->ioservid, 66 section); 67 } 68 } 69 70 arch_xen_set_memory(state, section, add); 71 } 72 73 void xen_region_add(MemoryListener *listener, 74 MemoryRegionSection *section) 75 { 76 memory_region_ref(section->mr); 77 xen_set_memory(listener, section, true); 78 } 79 80 void xen_region_del(MemoryListener *listener, 81 MemoryRegionSection *section) 82 { 83 xen_set_memory(listener, section, false); 84 memory_region_unref(section->mr); 85 } 86 87 void xen_io_add(MemoryListener *listener, 88 MemoryRegionSection *section) 89 { 90 XenIOState *state = container_of(listener, XenIOState, io_listener); 91 MemoryRegion *mr = section->mr; 92 93 if (mr->ops == &unassigned_io_ops) { 94 return; 95 } 96 97 memory_region_ref(mr); 98 99 xen_map_io_section(xen_domid, state->ioservid, section); 100 } 101 102 void xen_io_del(MemoryListener *listener, 103 MemoryRegionSection *section) 104 { 105 XenIOState *state = container_of(listener, XenIOState, io_listener); 106 MemoryRegion *mr = section->mr; 107 108 if (mr->ops == &unassigned_io_ops) { 109 return; 110 } 111 112 xen_unmap_io_section(xen_domid, state->ioservid, section); 113 114 memory_region_unref(mr); 115 } 116 117 void xen_device_realize(DeviceListener *listener, 118 DeviceState *dev) 119 { 120 XenIOState *state = container_of(listener, XenIOState, device_listener); 121 122 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) { 123 PCIDevice *pci_dev = PCI_DEVICE(dev); 124 XenPciDevice *xendev = g_new(XenPciDevice, 1); 125 126 xendev->pci_dev = pci_dev; 127 xendev->sbdf = PCI_BUILD_BDF(pci_dev_bus_num(pci_dev), 128 pci_dev->devfn); 129 QLIST_INSERT_HEAD(&state->dev_list, xendev, entry); 130 131 xen_map_pcidev(xen_domid, state->ioservid, pci_dev); 132 } 133 } 134 135 void xen_device_unrealize(DeviceListener *listener, 136 DeviceState *dev) 137 { 138 XenIOState *state = container_of(listener, XenIOState, device_listener); 139 140 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) { 141 PCIDevice *pci_dev = PCI_DEVICE(dev); 142 XenPciDevice *xendev, *next; 143 144 xen_unmap_pcidev(xen_domid, state->ioservid, pci_dev); 145 146 QLIST_FOREACH_SAFE(xendev, &state->dev_list, entry, next) { 147 if (xendev->pci_dev == pci_dev) { 148 QLIST_REMOVE(xendev, entry); 149 g_free(xendev); 150 break; 151 } 152 } 153 } 154 } 155 156 MemoryListener xen_io_listener = { 157 .name = "xen-io", 158 .region_add = xen_io_add, 159 .region_del = xen_io_del, 160 .priority = MEMORY_LISTENER_PRIORITY_ACCEL, 161 }; 162 163 DeviceListener xen_device_listener = { 164 .realize = xen_device_realize, 165 .unrealize = xen_device_unrealize, 166 }; 167 168 /* get the ioreq packets from share mem */ 169 static ioreq_t *cpu_get_ioreq_from_shared_memory(XenIOState *state, int vcpu) 170 { 171 ioreq_t *req = xen_vcpu_ioreq(state->shared_page, vcpu); 172 173 if (req->state != STATE_IOREQ_READY) { 174 trace_cpu_get_ioreq_from_shared_memory_req_not_ready(req->state, 175 req->data_is_ptr, 176 req->addr, 177 req->data, 178 req->count, 179 req->size); 180 return NULL; 181 } 182 183 xen_rmb(); /* see IOREQ_READY /then/ read contents of ioreq */ 184 185 req->state = STATE_IOREQ_INPROCESS; 186 return req; 187 } 188 189 /* use poll to get the port notification */ 190 /* ioreq_vec--out,the */ 191 /* retval--the number of ioreq packet */ 192 static ioreq_t *cpu_get_ioreq(XenIOState *state) 193 { 194 MachineState *ms = MACHINE(qdev_get_machine()); 195 unsigned int max_cpus = ms->smp.max_cpus; 196 int i; 197 evtchn_port_t port; 198 199 port = qemu_xen_evtchn_pending(state->xce_handle); 200 if (port == state->bufioreq_local_port) { 201 timer_mod(state->buffered_io_timer, 202 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME)); 203 return NULL; 204 } 205 206 if (port != -1) { 207 for (i = 0; i < max_cpus; i++) { 208 if (state->ioreq_local_port[i] == port) { 209 break; 210 } 211 } 212 213 if (i == max_cpus) { 214 hw_error("Fatal error while trying to get io event!\n"); 215 } 216 217 /* unmask the wanted port again */ 218 qemu_xen_evtchn_unmask(state->xce_handle, port); 219 220 /* get the io packet from shared memory */ 221 state->send_vcpu = i; 222 return cpu_get_ioreq_from_shared_memory(state, i); 223 } 224 225 /* read error or read nothing */ 226 return NULL; 227 } 228 229 static uint32_t do_inp(uint32_t addr, unsigned long size) 230 { 231 switch (size) { 232 case 1: 233 return cpu_inb(addr); 234 case 2: 235 return cpu_inw(addr); 236 case 4: 237 return cpu_inl(addr); 238 default: 239 hw_error("inp: bad size: %04x %lx", addr, size); 240 } 241 } 242 243 static void do_outp(uint32_t addr, 244 unsigned long size, uint32_t val) 245 { 246 switch (size) { 247 case 1: 248 return cpu_outb(addr, val); 249 case 2: 250 return cpu_outw(addr, val); 251 case 4: 252 return cpu_outl(addr, val); 253 default: 254 hw_error("outp: bad size: %04x %lx", addr, size); 255 } 256 } 257 258 /* 259 * Helper functions which read/write an object from/to physical guest 260 * memory, as part of the implementation of an ioreq. 261 * 262 * Equivalent to 263 * cpu_physical_memory_rw(addr + (req->df ? -1 : +1) * req->size * i, 264 * val, req->size, 0/1) 265 * except without the integer overflow problems. 266 */ 267 static void rw_phys_req_item(hwaddr addr, 268 ioreq_t *req, uint32_t i, void *val, int rw) 269 { 270 /* Do everything unsigned so overflow just results in a truncated result 271 * and accesses to undesired parts of guest memory, which is up 272 * to the guest */ 273 hwaddr offset = (hwaddr)req->size * i; 274 if (req->df) { 275 addr -= offset; 276 } else { 277 addr += offset; 278 } 279 cpu_physical_memory_rw(addr, val, req->size, rw); 280 } 281 282 static inline void read_phys_req_item(hwaddr addr, 283 ioreq_t *req, uint32_t i, void *val) 284 { 285 rw_phys_req_item(addr, req, i, val, 0); 286 } 287 static inline void write_phys_req_item(hwaddr addr, 288 ioreq_t *req, uint32_t i, void *val) 289 { 290 rw_phys_req_item(addr, req, i, val, 1); 291 } 292 293 294 void cpu_ioreq_pio(ioreq_t *req) 295 { 296 uint32_t i; 297 298 trace_cpu_ioreq_pio(req, req->dir, req->df, req->data_is_ptr, req->addr, 299 req->data, req->count, req->size); 300 301 if (req->size > sizeof(uint32_t)) { 302 hw_error("PIO: bad size (%u)", req->size); 303 } 304 305 if (req->dir == IOREQ_READ) { 306 if (!req->data_is_ptr) { 307 req->data = do_inp(req->addr, req->size); 308 trace_cpu_ioreq_pio_read_reg(req, req->data, req->addr, 309 req->size); 310 } else { 311 uint32_t tmp; 312 313 for (i = 0; i < req->count; i++) { 314 tmp = do_inp(req->addr, req->size); 315 write_phys_req_item(req->data, req, i, &tmp); 316 } 317 } 318 } else if (req->dir == IOREQ_WRITE) { 319 if (!req->data_is_ptr) { 320 trace_cpu_ioreq_pio_write_reg(req, req->data, req->addr, 321 req->size); 322 do_outp(req->addr, req->size, req->data); 323 } else { 324 for (i = 0; i < req->count; i++) { 325 uint32_t tmp = 0; 326 327 read_phys_req_item(req->data, req, i, &tmp); 328 do_outp(req->addr, req->size, tmp); 329 } 330 } 331 } 332 } 333 334 static void cpu_ioreq_move(ioreq_t *req) 335 { 336 uint32_t i; 337 338 trace_cpu_ioreq_move(req, req->dir, req->df, req->data_is_ptr, req->addr, 339 req->data, req->count, req->size); 340 341 if (req->size > sizeof(req->data)) { 342 hw_error("MMIO: bad size (%u)", req->size); 343 } 344 345 if (!req->data_is_ptr) { 346 if (req->dir == IOREQ_READ) { 347 for (i = 0; i < req->count; i++) { 348 read_phys_req_item(req->addr, req, i, &req->data); 349 } 350 } else if (req->dir == IOREQ_WRITE) { 351 for (i = 0; i < req->count; i++) { 352 write_phys_req_item(req->addr, req, i, &req->data); 353 } 354 } 355 } else { 356 uint64_t tmp; 357 358 if (req->dir == IOREQ_READ) { 359 for (i = 0; i < req->count; i++) { 360 read_phys_req_item(req->addr, req, i, &tmp); 361 write_phys_req_item(req->data, req, i, &tmp); 362 } 363 } else if (req->dir == IOREQ_WRITE) { 364 for (i = 0; i < req->count; i++) { 365 read_phys_req_item(req->data, req, i, &tmp); 366 write_phys_req_item(req->addr, req, i, &tmp); 367 } 368 } 369 } 370 } 371 372 static void cpu_ioreq_config(XenIOState *state, ioreq_t *req) 373 { 374 uint32_t sbdf = req->addr >> 32; 375 uint32_t reg = req->addr; 376 XenPciDevice *xendev; 377 378 if (req->size != sizeof(uint8_t) && req->size != sizeof(uint16_t) && 379 req->size != sizeof(uint32_t)) { 380 hw_error("PCI config access: bad size (%u)", req->size); 381 } 382 383 if (req->count != 1) { 384 hw_error("PCI config access: bad count (%u)", req->count); 385 } 386 387 QLIST_FOREACH(xendev, &state->dev_list, entry) { 388 if (xendev->sbdf != sbdf) { 389 continue; 390 } 391 392 if (!req->data_is_ptr) { 393 if (req->dir == IOREQ_READ) { 394 req->data = pci_host_config_read_common( 395 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 396 req->size); 397 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg, 398 req->size, req->data); 399 } else if (req->dir == IOREQ_WRITE) { 400 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg, 401 req->size, req->data); 402 pci_host_config_write_common( 403 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 404 req->data, req->size); 405 } 406 } else { 407 uint32_t tmp; 408 409 if (req->dir == IOREQ_READ) { 410 tmp = pci_host_config_read_common( 411 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 412 req->size); 413 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg, 414 req->size, tmp); 415 write_phys_req_item(req->data, req, 0, &tmp); 416 } else if (req->dir == IOREQ_WRITE) { 417 read_phys_req_item(req->data, req, 0, &tmp); 418 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg, 419 req->size, tmp); 420 pci_host_config_write_common( 421 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 422 tmp, req->size); 423 } 424 } 425 } 426 } 427 428 static void handle_ioreq(XenIOState *state, ioreq_t *req) 429 { 430 trace_handle_ioreq(req, req->type, req->dir, req->df, req->data_is_ptr, 431 req->addr, req->data, req->count, req->size); 432 433 if (!req->data_is_ptr && (req->dir == IOREQ_WRITE) && 434 (req->size < sizeof (target_ulong))) { 435 req->data &= ((target_ulong) 1 << (8 * req->size)) - 1; 436 } 437 438 if (req->dir == IOREQ_WRITE) 439 trace_handle_ioreq_write(req, req->type, req->df, req->data_is_ptr, 440 req->addr, req->data, req->count, req->size); 441 442 switch (req->type) { 443 case IOREQ_TYPE_PIO: 444 cpu_ioreq_pio(req); 445 break; 446 case IOREQ_TYPE_COPY: 447 cpu_ioreq_move(req); 448 break; 449 case IOREQ_TYPE_TIMEOFFSET: 450 break; 451 case IOREQ_TYPE_INVALIDATE: 452 xen_invalidate_map_cache(); 453 break; 454 case IOREQ_TYPE_PCI_CONFIG: 455 cpu_ioreq_config(state, req); 456 break; 457 default: 458 arch_handle_ioreq(state, req); 459 } 460 if (req->dir == IOREQ_READ) { 461 trace_handle_ioreq_read(req, req->type, req->df, req->data_is_ptr, 462 req->addr, req->data, req->count, req->size); 463 } 464 } 465 466 static bool handle_buffered_iopage(XenIOState *state) 467 { 468 buffered_iopage_t *buf_page = state->buffered_io_page; 469 buf_ioreq_t *buf_req = NULL; 470 bool handled_ioreq = false; 471 ioreq_t req; 472 int qw; 473 474 if (!buf_page) { 475 return 0; 476 } 477 478 memset(&req, 0x00, sizeof(req)); 479 req.state = STATE_IOREQ_READY; 480 req.count = 1; 481 req.dir = IOREQ_WRITE; 482 483 for (;;) { 484 uint32_t rdptr = buf_page->read_pointer, wrptr; 485 486 xen_rmb(); 487 wrptr = buf_page->write_pointer; 488 xen_rmb(); 489 if (rdptr != buf_page->read_pointer) { 490 continue; 491 } 492 if (rdptr == wrptr) { 493 break; 494 } 495 buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM]; 496 req.size = 1U << buf_req->size; 497 req.addr = buf_req->addr; 498 req.data = buf_req->data; 499 req.type = buf_req->type; 500 xen_rmb(); 501 qw = (req.size == 8); 502 if (qw) { 503 if (rdptr + 1 == wrptr) { 504 hw_error("Incomplete quad word buffered ioreq"); 505 } 506 buf_req = &buf_page->buf_ioreq[(rdptr + 1) % 507 IOREQ_BUFFER_SLOT_NUM]; 508 req.data |= ((uint64_t)buf_req->data) << 32; 509 xen_rmb(); 510 } 511 512 handle_ioreq(state, &req); 513 514 /* Only req.data may get updated by handle_ioreq(), albeit even that 515 * should not happen as such data would never make it to the guest (we 516 * can only usefully see writes here after all). 517 */ 518 assert(req.state == STATE_IOREQ_READY); 519 assert(req.count == 1); 520 assert(req.dir == IOREQ_WRITE); 521 assert(!req.data_is_ptr); 522 523 qatomic_add(&buf_page->read_pointer, qw + 1); 524 handled_ioreq = true; 525 } 526 527 return handled_ioreq; 528 } 529 530 static void handle_buffered_io(void *opaque) 531 { 532 XenIOState *state = opaque; 533 534 if (handle_buffered_iopage(state)) { 535 timer_mod(state->buffered_io_timer, 536 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME)); 537 } else { 538 timer_del(state->buffered_io_timer); 539 qemu_xen_evtchn_unmask(state->xce_handle, state->bufioreq_local_port); 540 } 541 } 542 543 static void cpu_handle_ioreq(void *opaque) 544 { 545 XenIOState *state = opaque; 546 ioreq_t *req = cpu_get_ioreq(state); 547 548 handle_buffered_iopage(state); 549 if (req) { 550 ioreq_t copy = *req; 551 552 xen_rmb(); 553 handle_ioreq(state, ©); 554 req->data = copy.data; 555 556 if (req->state != STATE_IOREQ_INPROCESS) { 557 warn_report("Badness in I/O request ... not in service?!: " 558 "%x, ptr: %x, port: %"PRIx64", " 559 "data: %"PRIx64", count: %u, size: %u, type: %u", 560 req->state, req->data_is_ptr, req->addr, 561 req->data, req->count, req->size, req->type); 562 destroy_hvm_domain(false); 563 return; 564 } 565 566 xen_wmb(); /* Update ioreq contents /then/ update state. */ 567 568 /* 569 * We do this before we send the response so that the tools 570 * have the opportunity to pick up on the reset before the 571 * guest resumes and does a hlt with interrupts disabled which 572 * causes Xen to powerdown the domain. 573 */ 574 if (runstate_is_running()) { 575 ShutdownCause request; 576 577 if (qemu_shutdown_requested_get()) { 578 destroy_hvm_domain(false); 579 } 580 request = qemu_reset_requested_get(); 581 if (request) { 582 qemu_system_reset(request); 583 destroy_hvm_domain(true); 584 } 585 } 586 587 req->state = STATE_IORESP_READY; 588 qemu_xen_evtchn_notify(state->xce_handle, 589 state->ioreq_local_port[state->send_vcpu]); 590 } 591 } 592 593 static void xen_main_loop_prepare(XenIOState *state) 594 { 595 int evtchn_fd = -1; 596 597 if (state->xce_handle != NULL) { 598 evtchn_fd = qemu_xen_evtchn_fd(state->xce_handle); 599 } 600 601 state->buffered_io_timer = timer_new_ms(QEMU_CLOCK_REALTIME, handle_buffered_io, 602 state); 603 604 if (evtchn_fd != -1) { 605 CPUState *cpu_state; 606 607 CPU_FOREACH(cpu_state) { 608 trace_xen_main_loop_prepare_init_cpu(cpu_state->cpu_index, 609 cpu_state); 610 state->cpu_by_vcpu_id[cpu_state->cpu_index] = cpu_state; 611 } 612 qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state); 613 } 614 } 615 616 617 void xen_hvm_change_state_handler(void *opaque, bool running, 618 RunState rstate) 619 { 620 XenIOState *state = opaque; 621 622 if (running) { 623 xen_main_loop_prepare(state); 624 } 625 626 xen_set_ioreq_server_state(xen_domid, 627 state->ioservid, 628 running); 629 } 630 631 void xen_exit_notifier(Notifier *n, void *data) 632 { 633 XenIOState *state = container_of(n, XenIOState, exit); 634 635 xen_destroy_ioreq_server(xen_domid, state->ioservid); 636 if (state->fres != NULL) { 637 xenforeignmemory_unmap_resource(xen_fmem, state->fres); 638 } 639 640 qemu_xen_evtchn_close(state->xce_handle); 641 xs_daemon_close(state->xenstore); 642 } 643 644 static int xen_map_ioreq_server(XenIOState *state) 645 { 646 void *addr = NULL; 647 xen_pfn_t ioreq_pfn; 648 xen_pfn_t bufioreq_pfn; 649 evtchn_port_t bufioreq_evtchn; 650 int rc; 651 652 /* 653 * Attempt to map using the resource API and fall back to normal 654 * foreign mapping if this is not supported. 655 */ 656 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_bufioreq != 0); 657 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_ioreq(0) != 1); 658 state->fres = xenforeignmemory_map_resource(xen_fmem, xen_domid, 659 XENMEM_resource_ioreq_server, 660 state->ioservid, 0, 2, 661 &addr, 662 PROT_READ | PROT_WRITE, 0); 663 if (state->fres != NULL) { 664 trace_xen_map_resource_ioreq(state->ioservid, addr); 665 state->buffered_io_page = addr; 666 state->shared_page = addr + XC_PAGE_SIZE; 667 } else if (errno != EOPNOTSUPP) { 668 error_report("failed to map ioreq server resources: error %d handle=%p", 669 errno, xen_xc); 670 return -1; 671 } 672 673 rc = xen_get_ioreq_server_info(xen_domid, state->ioservid, 674 (state->shared_page == NULL) ? 675 &ioreq_pfn : NULL, 676 (state->buffered_io_page == NULL) ? 677 &bufioreq_pfn : NULL, 678 &bufioreq_evtchn); 679 if (rc < 0) { 680 error_report("failed to get ioreq server info: error %d handle=%p", 681 errno, xen_xc); 682 return rc; 683 } 684 685 if (state->shared_page == NULL) { 686 trace_xen_map_ioreq_server_shared_page(ioreq_pfn); 687 688 state->shared_page = xenforeignmemory_map(xen_fmem, xen_domid, 689 PROT_READ | PROT_WRITE, 690 1, &ioreq_pfn, NULL); 691 if (state->shared_page == NULL) { 692 error_report("map shared IO page returned error %d handle=%p", 693 errno, xen_xc); 694 } 695 } 696 697 if (state->buffered_io_page == NULL) { 698 trace_xen_map_ioreq_server_buffered_io_page(bufioreq_pfn); 699 700 state->buffered_io_page = xenforeignmemory_map(xen_fmem, xen_domid, 701 PROT_READ | PROT_WRITE, 702 1, &bufioreq_pfn, 703 NULL); 704 if (state->buffered_io_page == NULL) { 705 error_report("map buffered IO page returned error %d", errno); 706 return -1; 707 } 708 } 709 710 if (state->shared_page == NULL || state->buffered_io_page == NULL) { 711 return -1; 712 } 713 714 trace_xen_map_ioreq_server_buffered_io_evtchn(bufioreq_evtchn); 715 716 state->bufioreq_remote_port = bufioreq_evtchn; 717 718 return 0; 719 } 720 721 void destroy_hvm_domain(bool reboot) 722 { 723 xc_interface *xc_handle; 724 int sts; 725 int rc; 726 727 unsigned int reason = reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff; 728 729 if (xen_dmod) { 730 rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason); 731 if (!rc) { 732 return; 733 } 734 if (errno != ENOTTY /* old Xen */) { 735 error_report("xendevicemodel_shutdown failed with error %d", errno); 736 } 737 /* well, try the old thing then */ 738 } 739 740 xc_handle = xc_interface_open(0, 0, 0); 741 if (xc_handle == NULL) { 742 trace_destroy_hvm_domain_cannot_acquire_handle(); 743 } else { 744 sts = xc_domain_shutdown(xc_handle, xen_domid, reason); 745 if (sts != 0) { 746 trace_destroy_hvm_domain_failed_action( 747 reboot ? "reboot" : "poweroff", sts, strerror(errno) 748 ); 749 } else { 750 trace_destroy_hvm_domain_action( 751 xen_domid, reboot ? "reboot" : "poweroff" 752 ); 753 } 754 xc_interface_close(xc_handle); 755 } 756 } 757 758 void xen_shutdown_fatal_error(const char *fmt, ...) 759 { 760 va_list ap; 761 762 va_start(ap, fmt); 763 error_vreport(fmt, ap); 764 va_end(ap); 765 error_report("Will destroy the domain."); 766 /* destroy the domain */ 767 qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR); 768 } 769 770 static void xen_do_ioreq_register(XenIOState *state, 771 unsigned int max_cpus, 772 const MemoryListener *xen_memory_listener) 773 { 774 int i, rc; 775 776 state->exit.notify = xen_exit_notifier; 777 qemu_add_exit_notifier(&state->exit); 778 779 /* 780 * Register wake-up support in QMP query-current-machine API 781 */ 782 qemu_register_wakeup_support(); 783 784 rc = xen_map_ioreq_server(state); 785 if (rc < 0) { 786 goto err; 787 } 788 789 /* Note: cpus is empty at this point in init */ 790 state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus); 791 792 rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true); 793 if (rc < 0) { 794 error_report("failed to enable ioreq server info: error %d handle=%p", 795 errno, xen_xc); 796 goto err; 797 } 798 799 state->ioreq_local_port = g_new0(evtchn_port_t, max_cpus); 800 801 /* FIXME: how about if we overflow the page here? */ 802 for (i = 0; i < max_cpus; i++) { 803 rc = qemu_xen_evtchn_bind_interdomain(state->xce_handle, xen_domid, 804 xen_vcpu_eport(state->shared_page, 805 i)); 806 if (rc == -1) { 807 error_report("shared evtchn %d bind error %d", i, errno); 808 goto err; 809 } 810 state->ioreq_local_port[i] = rc; 811 } 812 813 rc = qemu_xen_evtchn_bind_interdomain(state->xce_handle, xen_domid, 814 state->bufioreq_remote_port); 815 if (rc == -1) { 816 error_report("buffered evtchn bind error %d", errno); 817 goto err; 818 } 819 state->bufioreq_local_port = rc; 820 821 /* Init RAM management */ 822 #ifdef XEN_COMPAT_PHYSMAP 823 xen_map_cache_init(xen_phys_offset_to_gaddr, state); 824 #else 825 xen_map_cache_init(NULL, state); 826 #endif 827 828 qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state); 829 830 state->memory_listener = *xen_memory_listener; 831 memory_listener_register(&state->memory_listener, &address_space_memory); 832 833 state->io_listener = xen_io_listener; 834 memory_listener_register(&state->io_listener, &address_space_io); 835 836 state->device_listener = xen_device_listener; 837 QLIST_INIT(&state->dev_list); 838 device_listener_register(&state->device_listener); 839 840 return; 841 842 err: 843 error_report("xen hardware virtual machine initialisation failed"); 844 exit(1); 845 } 846 847 void xen_register_ioreq(XenIOState *state, unsigned int max_cpus, 848 const MemoryListener *xen_memory_listener) 849 { 850 int rc; 851 852 setup_xen_backend_ops(); 853 854 state->xce_handle = qemu_xen_evtchn_open(); 855 if (state->xce_handle == NULL) { 856 error_report("xen: event channel open failed with error %d", errno); 857 goto err; 858 } 859 860 state->xenstore = xs_daemon_open(); 861 if (state->xenstore == NULL) { 862 error_report("xen: xenstore open failed with error %d", errno); 863 goto err; 864 } 865 866 rc = xen_create_ioreq_server(xen_domid, &state->ioservid); 867 if (!rc) { 868 xen_do_ioreq_register(state, max_cpus, xen_memory_listener); 869 } else { 870 warn_report("xen: failed to create ioreq server"); 871 } 872 873 xen_bus_init(); 874 875 xen_be_init(); 876 877 return; 878 879 err: 880 error_report("xen hardware virtual machine backend registration failed"); 881 exit(1); 882 } 883