1 /****************************************************************************** 2 * xen.h 3 * 4 * Guest OS interface to Xen. 5 * 6 * SPDX-License-Identifier: MIT 7 * 8 * Copyright (c) 2004, K A Fraser 9 */ 10 11 #ifndef __XEN_PUBLIC_XEN_H__ 12 #define __XEN_PUBLIC_XEN_H__ 13 14 // 15 // Xen interface version used by Tianocore 16 // 17 #define __XEN_INTERFACE_VERSION__ 0x00040400 18 19 #include "xen-compat.h" 20 21 #if defined(MDE_CPU_IA32) || defined(MDE_CPU_X64) 22 #include "arch-x86/xen.h" 23 #elif defined(__arm__) || defined (__aarch64__) 24 #include "arch-arm/xen.h" 25 #else 26 #error "Unsupported architecture" 27 #endif 28 29 #ifndef __ASSEMBLY__ 30 /* Guest handles for primitive C types. */ 31 DEFINE_XEN_GUEST_HANDLE(CHAR8); 32 __DEFINE_XEN_GUEST_HANDLE(uchar, UINT8); 33 DEFINE_XEN_GUEST_HANDLE(INT32); 34 __DEFINE_XEN_GUEST_HANDLE(uint, UINT32); 35 #if __XEN_INTERFACE_VERSION__ < 0x00040300 36 DEFINE_XEN_GUEST_HANDLE(INTN); 37 __DEFINE_XEN_GUEST_HANDLE(ulong, UINTN); 38 #endif 39 DEFINE_XEN_GUEST_HANDLE(VOID); 40 41 DEFINE_XEN_GUEST_HANDLE(UINT64); 42 DEFINE_XEN_GUEST_HANDLE(xen_pfn_t); 43 DEFINE_XEN_GUEST_HANDLE(xen_ulong_t); 44 #endif 45 46 /* 47 * HYPERCALLS 48 */ 49 50 /* `incontents 100 hcalls List of hypercalls 51 * ` enum hypercall_num { // __HYPERVISOR_* => HYPERVISOR_*() 52 */ 53 54 #define __HYPERVISOR_set_trap_table 0 55 #define __HYPERVISOR_mmu_update 1 56 #define __HYPERVISOR_set_gdt 2 57 #define __HYPERVISOR_stack_switch 3 58 #define __HYPERVISOR_set_callbacks 4 59 #define __HYPERVISOR_fpu_taskswitch 5 60 #define __HYPERVISOR_sched_op_compat 6 /* compat since 0x00030101 */ 61 #define __HYPERVISOR_platform_op 7 62 #define __HYPERVISOR_set_debugreg 8 63 #define __HYPERVISOR_get_debugreg 9 64 #define __HYPERVISOR_update_descriptor 10 65 #define __HYPERVISOR_memory_op 12 66 #define __HYPERVISOR_multicall 13 67 #define __HYPERVISOR_update_va_mapping 14 68 #define __HYPERVISOR_set_timer_op 15 69 #define __HYPERVISOR_event_channel_op_compat 16 /* compat since 0x00030202 */ 70 #define __HYPERVISOR_xen_version 17 71 #define __HYPERVISOR_console_io 18 72 #define __HYPERVISOR_physdev_op_compat 19 /* compat since 0x00030202 */ 73 #define __HYPERVISOR_grant_table_op 20 74 #define __HYPERVISOR_vm_assist 21 75 #define __HYPERVISOR_update_va_mapping_otherdomain 22 76 #define __HYPERVISOR_iret 23 /* x86 only */ 77 #define __HYPERVISOR_vcpu_op 24 78 #define __HYPERVISOR_set_segment_base 25 /* x86/64 only */ 79 #define __HYPERVISOR_mmuext_op 26 80 #define __HYPERVISOR_xsm_op 27 81 #define __HYPERVISOR_nmi_op 28 82 #define __HYPERVISOR_sched_op 29 83 #define __HYPERVISOR_callback_op 30 84 #define __HYPERVISOR_xenoprof_op 31 85 #define __HYPERVISOR_event_channel_op 32 86 #define __HYPERVISOR_physdev_op 33 87 #define __HYPERVISOR_hvm_op 34 88 #define __HYPERVISOR_sysctl 35 89 #define __HYPERVISOR_domctl 36 90 #define __HYPERVISOR_kexec_op 37 91 #define __HYPERVISOR_tmem_op 38 92 #define __HYPERVISOR_xc_reserved_op 39 /* reserved for XenClient */ 93 94 /* Architecture-specific hypercall definitions. */ 95 #define __HYPERVISOR_arch_0 48 96 #define __HYPERVISOR_arch_1 49 97 #define __HYPERVISOR_arch_2 50 98 #define __HYPERVISOR_arch_3 51 99 #define __HYPERVISOR_arch_4 52 100 #define __HYPERVISOR_arch_5 53 101 #define __HYPERVISOR_arch_6 54 102 #define __HYPERVISOR_arch_7 55 103 104 /* ` } */ 105 106 /* 107 * HYPERCALL COMPATIBILITY. 108 */ 109 110 /* New sched_op hypercall introduced in 0x00030101. */ 111 #if __XEN_INTERFACE_VERSION__ < 0x00030101 112 #undef __HYPERVISOR_sched_op 113 #define __HYPERVISOR_sched_op __HYPERVISOR_sched_op_compat 114 #endif 115 116 /* New event-channel and physdev hypercalls introduced in 0x00030202. */ 117 #if __XEN_INTERFACE_VERSION__ < 0x00030202 118 #undef __HYPERVISOR_event_channel_op 119 #define __HYPERVISOR_event_channel_op __HYPERVISOR_event_channel_op_compat 120 #undef __HYPERVISOR_physdev_op 121 #define __HYPERVISOR_physdev_op __HYPERVISOR_physdev_op_compat 122 #endif 123 124 /* New platform_op hypercall introduced in 0x00030204. */ 125 #if __XEN_INTERFACE_VERSION__ < 0x00030204 126 #define __HYPERVISOR_dom0_op __HYPERVISOR_platform_op 127 #endif 128 129 #ifndef __ASSEMBLY__ 130 131 typedef UINT16 domid_t; 132 133 /* Domain ids >= DOMID_FIRST_RESERVED cannot be used for ordinary domains. */ 134 #define DOMID_FIRST_RESERVED (0x7FF0U) 135 136 /* DOMID_SELF is used in certain contexts to refer to oneself. */ 137 #define DOMID_SELF (0x7FF0U) 138 139 /* 140 * DOMID_IO is used to restrict page-table updates to mapping I/O memory. 141 * Although no Foreign Domain need be specified to map I/O pages, DOMID_IO 142 * is useful to ensure that no mappings to the OS's own heap are accidentally 143 * installed. (e.g., in Linux this could cause havoc as reference counts 144 * aren't adjusted on the I/O-mapping code path). 145 * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can 146 * be specified by any calling domain. 147 */ 148 #define DOMID_IO (0x7FF1U) 149 150 /* 151 * DOMID_XEN is used to allow privileged domains to map restricted parts of 152 * Xen's heap space (e.g., the machine_to_phys table). 153 * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if 154 * the caller is privileged. 155 */ 156 #define DOMID_XEN (0x7FF2U) 157 158 /* 159 * DOMID_COW is used as the owner of sharable pages */ 160 #define DOMID_COW (0x7FF3U) 161 162 /* DOMID_INVALID is used to identify pages with unknown owner. */ 163 #define DOMID_INVALID (0x7FF4U) 164 165 /* Idle domain. */ 166 #define DOMID_IDLE (0x7FFFU) 167 168 #if __XEN_INTERFACE_VERSION__ < 0x00040400 169 /* 170 * Event channel endpoints per domain (when using the 2-level ABI): 171 * 1024 if a INTN is 32 bits; 4096 if a INTN is 64 bits. 172 */ 173 #define NR_EVENT_CHANNELS EVTCHN_2L_NR_CHANNELS 174 #endif 175 176 struct vcpu_time_info { 177 /* 178 * Updates to the following values are preceded and followed by an 179 * increment of 'version'. The guest can therefore detect updates by 180 * looking for changes to 'version'. If the least-significant bit of 181 * the version number is set then an update is in progress and the guest 182 * must wait to read a consistent set of values. 183 * The correct way to interact with the version number is similar to 184 * Linux's seqlock: see the implementations of read_seqbegin/read_seqretry. 185 */ 186 UINT32 version; 187 UINT32 pad0; 188 UINT64 tsc_timestamp; /* TSC at last update of time vals. */ 189 UINT64 system_time; /* Time, in nanosecs, since boot. */ 190 /* 191 * Current system time: 192 * system_time + 193 * ((((tsc - tsc_timestamp) << tsc_shift) * tsc_to_system_mul) >> 32) 194 * CPU frequency (Hz): 195 * ((10^9 << 32) / tsc_to_system_mul) >> tsc_shift 196 */ 197 UINT32 tsc_to_system_mul; 198 INT8 tsc_shift; 199 INT8 pad1[3]; 200 }; /* 32 bytes */ 201 typedef struct vcpu_time_info vcpu_time_info_t; 202 203 struct vcpu_info { 204 /* 205 * 'evtchn_upcall_pending' is written non-zero by Xen to indicate 206 * a pending notification for a particular VCPU. It is then cleared 207 * by the guest OS /before/ checking for pending work, thus avoiding 208 * a set-and-check race. Note that the mask is only accessed by Xen 209 * on the CPU that is currently hosting the VCPU. This means that the 210 * pending and mask flags can be updated by the guest without special 211 * synchronisation (i.e., no need for the x86 LOCK prefix). 212 * This may seem suboptimal because if the pending flag is set by 213 * a different CPU then an IPI may be scheduled even when the mask 214 * is set. However, note: 215 * 1. The task of 'interrupt holdoff' is covered by the per-event- 216 * channel mask bits. A 'noisy' event that is continually being 217 * triggered can be masked at source at this very precise 218 * granularity. 219 * 2. The main purpose of the per-VCPU mask is therefore to restrict 220 * reentrant execution: whether for concurrency control, or to 221 * prevent unbounded stack usage. Whatever the purpose, we expect 222 * that the mask will be asserted only for short periods at a time, 223 * and so the likelihood of a 'spurious' IPI is suitably small. 224 * The mask is read before making an event upcall to the guest: a 225 * non-zero mask therefore guarantees that the VCPU will not receive 226 * an upcall activation. The mask is cleared when the VCPU requests 227 * to block: this avoids wakeup-waiting races. 228 */ 229 UINT8 evtchn_upcall_pending; 230 #ifdef XEN_HAVE_PV_UPCALL_MASK 231 UINT8 evtchn_upcall_mask; 232 #else /* XEN_HAVE_PV_UPCALL_MASK */ 233 UINT8 pad0; 234 #endif /* XEN_HAVE_PV_UPCALL_MASK */ 235 xen_ulong_t evtchn_pending_sel; 236 struct arch_vcpu_info arch; 237 struct vcpu_time_info time; 238 }; /* 64 bytes (x86) */ 239 #ifndef __XEN__ 240 typedef struct vcpu_info vcpu_info_t; 241 #endif 242 243 /* 244 * `incontents 200 startofday_shared Start-of-day shared data structure 245 * Xen/kernel shared data -- pointer provided in start_info. 246 * 247 * This structure is defined to be both smaller than a page, and the 248 * only data on the shared page, but may vary in actual size even within 249 * compatible Xen versions; guests should not rely on the size 250 * of this structure remaining constant. 251 */ 252 struct shared_info { 253 struct vcpu_info vcpu_info[XEN_LEGACY_MAX_VCPUS]; 254 255 /* 256 * A domain can create "event channels" on which it can send and receive 257 * asynchronous event notifications. There are three classes of event that 258 * are delivered by this mechanism: 259 * 1. Bi-directional inter- and intra-domain connections. Domains must 260 * arrange out-of-band to set up a connection (usually by allocating 261 * an unbound 'listener' port and avertising that via a storage service 262 * such as xenstore). 263 * 2. Physical interrupts. A domain with suitable hardware-access 264 * privileges can bind an event-channel port to a physical interrupt 265 * source. 266 * 3. Virtual interrupts ('events'). A domain can bind an event-channel 267 * port to a virtual interrupt source, such as the virtual-timer 268 * device or the emergency console. 269 * 270 * Event channels are addressed by a "port index". Each channel is 271 * associated with two bits of information: 272 * 1. PENDING -- notifies the domain that there is a pending notification 273 * to be processed. This bit is cleared by the guest. 274 * 2. MASK -- if this bit is clear then a 0->1 transition of PENDING 275 * will cause an asynchronous upcall to be scheduled. This bit is only 276 * updated by the guest. It is read-only within Xen. If a channel 277 * becomes pending while the channel is masked then the 'edge' is lost 278 * (i.e., when the channel is unmasked, the guest must manually handle 279 * pending notifications as no upcall will be scheduled by Xen). 280 * 281 * To expedite scanning of pending notifications, any 0->1 pending 282 * transition on an unmasked channel causes a corresponding bit in a 283 * per-vcpu selector word to be set. Each bit in the selector covers a 284 * 'C INTN' in the PENDING bitfield array. 285 */ 286 xen_ulong_t evtchn_pending[sizeof(xen_ulong_t) * 8]; 287 xen_ulong_t evtchn_mask[sizeof(xen_ulong_t) * 8]; 288 289 /* 290 * Wallclock time: updated only by control software. Guests should base 291 * their gettimeofday() syscall on this wallclock-base value. 292 */ 293 UINT32 wc_version; /* Version counter: see vcpu_time_info_t. */ 294 UINT32 wc_sec; /* Secs 00:00:00 UTC, Jan 1, 1970. */ 295 UINT32 wc_nsec; /* Nsecs 00:00:00 UTC, Jan 1, 1970. */ 296 297 struct arch_shared_info arch; 298 299 }; 300 #ifndef __XEN__ 301 typedef struct shared_info shared_info_t; 302 #endif 303 304 /* Turn a plain number into a C UINTN constant. */ 305 #define __mk_unsigned_long(x) x ## UL 306 #define mk_unsigned_long(x) __mk_unsigned_long(x) 307 308 __DEFINE_XEN_GUEST_HANDLE(uint8, UINT8); 309 __DEFINE_XEN_GUEST_HANDLE(uint16, UINT16); 310 __DEFINE_XEN_GUEST_HANDLE(uint32, UINT32); 311 __DEFINE_XEN_GUEST_HANDLE(uint64, UINT64); 312 313 #else /* __ASSEMBLY__ */ 314 315 /* In assembly code we cannot use C numeric constant suffixes. */ 316 #define mk_unsigned_long(x) x 317 318 #endif /* !__ASSEMBLY__ */ 319 320 #endif /* __XEN_PUBLIC_XEN_H__ */ 321 322 /* 323 * Local variables: 324 * mode: C 325 * c-file-style: "BSD" 326 * c-basic-offset: 4 327 * tab-width: 4 328 * indent-tabs-mode: nil 329 * End: 330 */ 331