1 /* 2 * Copyright (c) 2016, Citrix Systems Inc 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a copy 5 * of this software and associated documentation files (the "Software"), to 6 * deal in the Software without restriction, including without limitation the 7 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 8 * sell copies of the Software, and to permit persons to whom the Software is 9 * furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 * DEALINGS IN THE SOFTWARE. 21 * 22 */ 23 24 #ifndef __XEN_PUBLIC_HVM_DM_OP_H__ 25 #define __XEN_PUBLIC_HVM_DM_OP_H__ 26 27 #include "../xen.h" 28 #include "../event_channel.h" 29 30 #ifndef uint64_aligned_t 31 #define uint64_aligned_t uint64_t 32 #endif 33 34 /* 35 * IOREQ Servers 36 * 37 * The interface between an I/O emulator an Xen is called an IOREQ Server. 38 * A domain supports a single 'legacy' IOREQ Server which is instantiated if 39 * parameter... 40 * 41 * HVM_PARAM_IOREQ_PFN is read (to get the gfn containing the synchronous 42 * ioreq structures), or... 43 * HVM_PARAM_BUFIOREQ_PFN is read (to get the gfn containing the buffered 44 * ioreq ring), or... 45 * HVM_PARAM_BUFIOREQ_EVTCHN is read (to get the event channel that Xen uses 46 * to request buffered I/O emulation). 47 * 48 * The following hypercalls facilitate the creation of IOREQ Servers for 49 * 'secondary' emulators which are invoked to implement port I/O, memory, or 50 * PCI config space ranges which they explicitly register. 51 */ 52 53 typedef uint16_t ioservid_t; 54 55 /* 56 * XEN_DMOP_create_ioreq_server: Instantiate a new IOREQ Server for a 57 * secondary emulator. 58 * 59 * The <id> handed back is unique for target domain. The valur of 60 * <handle_bufioreq> should be one of HVM_IOREQSRV_BUFIOREQ_* defined in 61 * hvm_op.h. If the value is HVM_IOREQSRV_BUFIOREQ_OFF then the buffered 62 * ioreq ring will not be allocated and hence all emulation requests to 63 * this server will be synchronous. 64 */ 65 #define XEN_DMOP_create_ioreq_server 1 66 67 struct xen_dm_op_create_ioreq_server { 68 /* IN - should server handle buffered ioreqs */ 69 uint8_t handle_bufioreq; 70 uint8_t pad[3]; 71 /* OUT - server id */ 72 ioservid_t id; 73 }; 74 typedef struct xen_dm_op_create_ioreq_server xen_dm_op_create_ioreq_server_t; 75 76 /* 77 * XEN_DMOP_get_ioreq_server_info: Get all the information necessary to 78 * access IOREQ Server <id>. 79 * 80 * If the IOREQ Server is handling buffered emulation requests, the 81 * emulator needs to bind to event channel <bufioreq_port> to listen for 82 * them. (The event channels used for synchronous emulation requests are 83 * specified in the per-CPU ioreq structures). 84 * In addition, if the XENMEM_acquire_resource memory op cannot be used, 85 * the emulator will need to map the synchronous ioreq structures and 86 * buffered ioreq ring (if it exists) from guest memory. If <flags> does 87 * not contain XEN_DMOP_no_gfns then these pages will be made available and 88 * the frame numbers passed back in gfns <ioreq_gfn> and <bufioreq_gfn> 89 * respectively. (If the IOREQ Server is not handling buffered emulation 90 * only <ioreq_gfn> will be valid). 91 * 92 * NOTE: To access the synchronous ioreq structures and buffered ioreq 93 * ring, it is preferable to use the XENMEM_acquire_resource memory 94 * op specifying resource type XENMEM_resource_ioreq_server. 95 */ 96 #define XEN_DMOP_get_ioreq_server_info 2 97 98 struct xen_dm_op_get_ioreq_server_info { 99 /* IN - server id */ 100 ioservid_t id; 101 /* IN - flags */ 102 uint16_t flags; 103 104 #define _XEN_DMOP_no_gfns 0 105 #define XEN_DMOP_no_gfns (1u << _XEN_DMOP_no_gfns) 106 107 /* OUT - buffered ioreq port */ 108 evtchn_port_t bufioreq_port; 109 /* OUT - sync ioreq gfn (see block comment above) */ 110 uint64_aligned_t ioreq_gfn; 111 /* OUT - buffered ioreq gfn (see block comment above)*/ 112 uint64_aligned_t bufioreq_gfn; 113 }; 114 typedef struct xen_dm_op_get_ioreq_server_info xen_dm_op_get_ioreq_server_info_t; 115 116 /* 117 * XEN_DMOP_map_io_range_to_ioreq_server: Register an I/O range for 118 * emulation by the client of 119 * IOREQ Server <id>. 120 * XEN_DMOP_unmap_io_range_from_ioreq_server: Deregister an I/O range 121 * previously registered for 122 * emulation by the client of 123 * IOREQ Server <id>. 124 * 125 * There are three types of I/O that can be emulated: port I/O, memory 126 * accesses and PCI config space accesses. The <type> field denotes which 127 * type of range* the <start> and <end> (inclusive) fields are specifying. 128 * PCI config space ranges are specified by segment/bus/device/function 129 * values which should be encoded using the DMOP_PCI_SBDF helper macro 130 * below. 131 * 132 * NOTE: unless an emulation request falls entirely within a range mapped 133 * by a secondary emulator, it will not be passed to that emulator. 134 */ 135 #define XEN_DMOP_map_io_range_to_ioreq_server 3 136 #define XEN_DMOP_unmap_io_range_from_ioreq_server 4 137 138 struct xen_dm_op_ioreq_server_range { 139 /* IN - server id */ 140 ioservid_t id; 141 uint16_t pad; 142 /* IN - type of range */ 143 uint32_t type; 144 # define XEN_DMOP_IO_RANGE_PORT 0 /* I/O port range */ 145 # define XEN_DMOP_IO_RANGE_MEMORY 1 /* MMIO range */ 146 # define XEN_DMOP_IO_RANGE_PCI 2 /* PCI segment/bus/dev/func range */ 147 /* IN - inclusive start and end of range */ 148 uint64_aligned_t start, end; 149 }; 150 typedef struct xen_dm_op_ioreq_server_range xen_dm_op_ioreq_server_range_t; 151 152 #define XEN_DMOP_PCI_SBDF(s,b,d,f) \ 153 ((((s) & 0xffff) << 16) | \ 154 (((b) & 0xff) << 8) | \ 155 (((d) & 0x1f) << 3) | \ 156 ((f) & 0x07)) 157 158 /* 159 * XEN_DMOP_set_ioreq_server_state: Enable or disable the IOREQ Server <id> 160 * 161 * The IOREQ Server will not be passed any emulation requests until it is 162 * in the enabled state. 163 * Note that the contents of the ioreq_gfn and bufioreq_gfn (see 164 * XEN_DMOP_get_ioreq_server_info) are not meaningful until the IOREQ Server 165 * is in the enabled state. 166 */ 167 #define XEN_DMOP_set_ioreq_server_state 5 168 169 struct xen_dm_op_set_ioreq_server_state { 170 /* IN - server id */ 171 ioservid_t id; 172 /* IN - enabled? */ 173 uint8_t enabled; 174 uint8_t pad; 175 }; 176 typedef struct xen_dm_op_set_ioreq_server_state xen_dm_op_set_ioreq_server_state_t; 177 178 /* 179 * XEN_DMOP_destroy_ioreq_server: Destroy the IOREQ Server <id>. 180 * 181 * Any registered I/O ranges will be automatically deregistered. 182 */ 183 #define XEN_DMOP_destroy_ioreq_server 6 184 185 struct xen_dm_op_destroy_ioreq_server { 186 /* IN - server id */ 187 ioservid_t id; 188 uint16_t pad; 189 }; 190 typedef struct xen_dm_op_destroy_ioreq_server xen_dm_op_destroy_ioreq_server_t; 191 192 /* 193 * XEN_DMOP_track_dirty_vram: Track modifications to the specified pfn 194 * range. 195 * 196 * NOTE: The bitmap passed back to the caller is passed in a 197 * secondary buffer. 198 */ 199 #define XEN_DMOP_track_dirty_vram 7 200 201 struct xen_dm_op_track_dirty_vram { 202 /* IN - number of pages to be tracked */ 203 uint32_t nr; 204 uint32_t pad; 205 /* IN - first pfn to track */ 206 uint64_aligned_t first_pfn; 207 }; 208 typedef struct xen_dm_op_track_dirty_vram xen_dm_op_track_dirty_vram_t; 209 210 /* 211 * XEN_DMOP_set_pci_intx_level: Set the logical level of one of a domain's 212 * PCI INTx pins. 213 */ 214 #define XEN_DMOP_set_pci_intx_level 8 215 216 struct xen_dm_op_set_pci_intx_level { 217 /* IN - PCI INTx identification (domain:bus:device:intx) */ 218 uint16_t domain; 219 uint8_t bus, device, intx; 220 /* IN - Level: 0 -> deasserted, 1 -> asserted */ 221 uint8_t level; 222 }; 223 typedef struct xen_dm_op_set_pci_intx_level xen_dm_op_set_pci_intx_level_t; 224 225 /* 226 * XEN_DMOP_set_isa_irq_level: Set the logical level of a one of a domain's 227 * ISA IRQ lines. 228 */ 229 #define XEN_DMOP_set_isa_irq_level 9 230 231 struct xen_dm_op_set_isa_irq_level { 232 /* IN - ISA IRQ (0-15) */ 233 uint8_t isa_irq; 234 /* IN - Level: 0 -> deasserted, 1 -> asserted */ 235 uint8_t level; 236 }; 237 typedef struct xen_dm_op_set_isa_irq_level xen_dm_op_set_isa_irq_level_t; 238 239 /* 240 * XEN_DMOP_set_pci_link_route: Map a PCI INTx line to an IRQ line. 241 */ 242 #define XEN_DMOP_set_pci_link_route 10 243 244 struct xen_dm_op_set_pci_link_route { 245 /* PCI INTx line (0-3) */ 246 uint8_t link; 247 /* ISA IRQ (1-15) or 0 -> disable link */ 248 uint8_t isa_irq; 249 }; 250 typedef struct xen_dm_op_set_pci_link_route xen_dm_op_set_pci_link_route_t; 251 252 /* 253 * XEN_DMOP_modified_memory: Notify that a set of pages were modified by 254 * an emulator. 255 * 256 * DMOP buf 1 contains an array of xen_dm_op_modified_memory_extent with 257 * @nr_extents entries. 258 * 259 * On error, @nr_extents will contain the index+1 of the extent that 260 * had the error. It is not defined if or which pages may have been 261 * marked as dirty, in this event. 262 */ 263 #define XEN_DMOP_modified_memory 11 264 265 struct xen_dm_op_modified_memory { 266 /* 267 * IN - Number of extents to be processed 268 * OUT -returns n+1 for failing extent 269 */ 270 uint32_t nr_extents; 271 /* IN/OUT - Must be set to 0 */ 272 uint32_t opaque; 273 }; 274 typedef struct xen_dm_op_modified_memory xen_dm_op_modified_memory_t; 275 276 struct xen_dm_op_modified_memory_extent { 277 /* IN - number of contiguous pages modified */ 278 uint32_t nr; 279 uint32_t pad; 280 /* IN - first pfn modified */ 281 uint64_aligned_t first_pfn; 282 }; 283 284 /* 285 * XEN_DMOP_set_mem_type: Notify that a region of memory is to be treated 286 * in a specific way. (See definition of 287 * hvmmem_type_t). 288 * 289 * NOTE: In the event of a continuation (return code -ERESTART), the 290 * @first_pfn is set to the value of the pfn of the remaining 291 * region and @nr reduced to the size of the remaining region. 292 */ 293 #define XEN_DMOP_set_mem_type 12 294 295 struct xen_dm_op_set_mem_type { 296 /* IN - number of contiguous pages */ 297 uint32_t nr; 298 /* IN - new hvmmem_type_t of region */ 299 uint16_t mem_type; 300 uint16_t pad; 301 /* IN - first pfn in region */ 302 uint64_aligned_t first_pfn; 303 }; 304 typedef struct xen_dm_op_set_mem_type xen_dm_op_set_mem_type_t; 305 306 /* 307 * XEN_DMOP_inject_event: Inject an event into a VCPU, which will 308 * get taken up when it is next scheduled. 309 * 310 * Note that the caller should know enough of the state of the CPU before 311 * injecting, to know what the effect of injecting the event will be. 312 */ 313 #define XEN_DMOP_inject_event 13 314 315 struct xen_dm_op_inject_event { 316 /* IN - index of vCPU */ 317 uint32_t vcpuid; 318 /* IN - interrupt vector */ 319 uint8_t vector; 320 /* IN - event type (DMOP_EVENT_* ) */ 321 uint8_t type; 322 /* NB. This enumeration precisely matches hvm.h:X86_EVENTTYPE_* */ 323 # define XEN_DMOP_EVENT_ext_int 0 /* external interrupt */ 324 # define XEN_DMOP_EVENT_nmi 2 /* nmi */ 325 # define XEN_DMOP_EVENT_hw_exc 3 /* hardware exception */ 326 # define XEN_DMOP_EVENT_sw_int 4 /* software interrupt (CD nn) */ 327 # define XEN_DMOP_EVENT_pri_sw_exc 5 /* ICEBP (F1) */ 328 # define XEN_DMOP_EVENT_sw_exc 6 /* INT3 (CC), INTO (CE) */ 329 /* IN - instruction length */ 330 uint8_t insn_len; 331 uint8_t pad0; 332 /* IN - error code (or ~0 to skip) */ 333 uint32_t error_code; 334 uint32_t pad1; 335 /* IN - type-specific extra data (%cr2 for #PF, pending_dbg for #DB) */ 336 uint64_aligned_t cr2; 337 }; 338 typedef struct xen_dm_op_inject_event xen_dm_op_inject_event_t; 339 340 /* 341 * XEN_DMOP_inject_msi: Inject an MSI for an emulated device. 342 */ 343 #define XEN_DMOP_inject_msi 14 344 345 struct xen_dm_op_inject_msi { 346 /* IN - MSI data (lower 32 bits) */ 347 uint32_t data; 348 uint32_t pad; 349 /* IN - MSI address (0xfeexxxxx) */ 350 uint64_aligned_t addr; 351 }; 352 typedef struct xen_dm_op_inject_msi xen_dm_op_inject_msi_t; 353 354 /* 355 * XEN_DMOP_map_mem_type_to_ioreq_server : map or unmap the IOREQ Server <id> 356 * to specific memory type <type> 357 * for specific accesses <flags> 358 * 359 * For now, flags only accept the value of XEN_DMOP_IOREQ_MEM_ACCESS_WRITE, 360 * which means only write operations are to be forwarded to an ioreq server. 361 * Support for the emulation of read operations can be added when an ioreq 362 * server has such requirement in future. 363 */ 364 #define XEN_DMOP_map_mem_type_to_ioreq_server 15 365 366 struct xen_dm_op_map_mem_type_to_ioreq_server { 367 ioservid_t id; /* IN - ioreq server id */ 368 uint16_t type; /* IN - memory type */ 369 uint32_t flags; /* IN - types of accesses to be forwarded to the 370 ioreq server. flags with 0 means to unmap the 371 ioreq server */ 372 373 #define XEN_DMOP_IOREQ_MEM_ACCESS_READ (1u << 0) 374 #define XEN_DMOP_IOREQ_MEM_ACCESS_WRITE (1u << 1) 375 376 uint64_t opaque; /* IN/OUT - only used for hypercall continuation, 377 has to be set to zero by the caller */ 378 }; 379 typedef struct xen_dm_op_map_mem_type_to_ioreq_server xen_dm_op_map_mem_type_to_ioreq_server_t; 380 381 /* 382 * XEN_DMOP_remote_shutdown : Declare a shutdown for another domain 383 * Identical to SCHEDOP_remote_shutdown 384 */ 385 #define XEN_DMOP_remote_shutdown 16 386 387 struct xen_dm_op_remote_shutdown { 388 uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ 389 /* (Other reason values are not blocked) */ 390 }; 391 typedef struct xen_dm_op_remote_shutdown xen_dm_op_remote_shutdown_t; 392 393 /* 394 * XEN_DMOP_relocate_memory : Relocate GFNs for the specified guest. 395 * Identical to XENMEM_add_to_physmap with 396 * space == XENMAPSPACE_gmfn_range. 397 */ 398 #define XEN_DMOP_relocate_memory 17 399 400 struct xen_dm_op_relocate_memory { 401 /* All fields are IN/OUT, with their OUT state undefined. */ 402 /* Number of GFNs to process. */ 403 uint32_t size; 404 uint32_t pad; 405 /* Starting GFN to relocate. */ 406 uint64_aligned_t src_gfn; 407 /* Starting GFN where GFNs should be relocated. */ 408 uint64_aligned_t dst_gfn; 409 }; 410 typedef struct xen_dm_op_relocate_memory xen_dm_op_relocate_memory_t; 411 412 /* 413 * XEN_DMOP_pin_memory_cacheattr : Pin caching type of RAM space. 414 * Identical to XEN_DOMCTL_pin_mem_cacheattr. 415 */ 416 #define XEN_DMOP_pin_memory_cacheattr 18 417 418 struct xen_dm_op_pin_memory_cacheattr { 419 uint64_aligned_t start; /* Start gfn. */ 420 uint64_aligned_t end; /* End gfn. */ 421 /* Caching types: these happen to be the same as x86 MTRR/PAT type codes. */ 422 #define XEN_DMOP_MEM_CACHEATTR_UC 0 423 #define XEN_DMOP_MEM_CACHEATTR_WC 1 424 #define XEN_DMOP_MEM_CACHEATTR_WT 4 425 #define XEN_DMOP_MEM_CACHEATTR_WP 5 426 #define XEN_DMOP_MEM_CACHEATTR_WB 6 427 #define XEN_DMOP_MEM_CACHEATTR_UCM 7 428 #define XEN_DMOP_DELETE_MEM_CACHEATTR (~(uint32_t)0) 429 uint32_t type; /* XEN_DMOP_MEM_CACHEATTR_* */ 430 uint32_t pad; 431 }; 432 typedef struct xen_dm_op_pin_memory_cacheattr xen_dm_op_pin_memory_cacheattr_t; 433 434 /* 435 * XEN_DMOP_set_irq_level: Set the logical level of a one of a domain's 436 * IRQ lines (currently Arm only). 437 * Only SPIs are supported. 438 */ 439 #define XEN_DMOP_set_irq_level 19 440 441 struct xen_dm_op_set_irq_level { 442 uint32_t irq; 443 /* IN - Level: 0 -> deasserted, 1 -> asserted */ 444 uint8_t level; 445 uint8_t pad[3]; 446 }; 447 typedef struct xen_dm_op_set_irq_level xen_dm_op_set_irq_level_t; 448 449 /* 450 * XEN_DMOP_nr_vcpus: Query the number of vCPUs a domain has. 451 * 452 * This is the number of vcpu objects allocated in Xen for the domain, and is 453 * fixed from creation time. This bound is applicable to e.g. the vcpuid 454 * parameter of XEN_DMOP_inject_event, or number of struct ioreq objects 455 * mapped via XENMEM_acquire_resource. 456 */ 457 #define XEN_DMOP_nr_vcpus 20 458 459 struct xen_dm_op_nr_vcpus { 460 uint32_t vcpus; /* OUT */ 461 }; 462 typedef struct xen_dm_op_nr_vcpus xen_dm_op_nr_vcpus_t; 463 464 struct xen_dm_op { 465 uint32_t op; 466 uint32_t pad; 467 union { 468 xen_dm_op_create_ioreq_server_t create_ioreq_server; 469 xen_dm_op_get_ioreq_server_info_t get_ioreq_server_info; 470 xen_dm_op_ioreq_server_range_t map_io_range_to_ioreq_server; 471 xen_dm_op_ioreq_server_range_t unmap_io_range_from_ioreq_server; 472 xen_dm_op_set_ioreq_server_state_t set_ioreq_server_state; 473 xen_dm_op_destroy_ioreq_server_t destroy_ioreq_server; 474 xen_dm_op_track_dirty_vram_t track_dirty_vram; 475 xen_dm_op_set_pci_intx_level_t set_pci_intx_level; 476 xen_dm_op_set_isa_irq_level_t set_isa_irq_level; 477 xen_dm_op_set_irq_level_t set_irq_level; 478 xen_dm_op_set_pci_link_route_t set_pci_link_route; 479 xen_dm_op_modified_memory_t modified_memory; 480 xen_dm_op_set_mem_type_t set_mem_type; 481 xen_dm_op_inject_event_t inject_event; 482 xen_dm_op_inject_msi_t inject_msi; 483 xen_dm_op_map_mem_type_to_ioreq_server_t map_mem_type_to_ioreq_server; 484 xen_dm_op_remote_shutdown_t remote_shutdown; 485 xen_dm_op_relocate_memory_t relocate_memory; 486 xen_dm_op_pin_memory_cacheattr_t pin_memory_cacheattr; 487 xen_dm_op_nr_vcpus_t nr_vcpus; 488 } u; 489 }; 490 491 struct xen_dm_op_buf { 492 XEN_GUEST_HANDLE(void) h; 493 xen_ulong_t size; 494 }; 495 typedef struct xen_dm_op_buf xen_dm_op_buf_t; 496 DEFINE_XEN_GUEST_HANDLE(xen_dm_op_buf_t); 497 498 /* ` enum neg_errnoval 499 * ` HYPERVISOR_dm_op(domid_t domid, 500 * ` unsigned int nr_bufs, 501 * ` xen_dm_op_buf_t bufs[]) 502 * ` 503 * 504 * @domid is the domain the hypercall operates on. 505 * @nr_bufs is the number of buffers in the @bufs array. 506 * @bufs points to an array of buffers where @bufs[0] contains a struct 507 * xen_dm_op, describing the specific device model operation and its 508 * parameters. 509 * @bufs[1..] may be referenced in the parameters for the purposes of 510 * passing extra information to or from the domain. 511 */ 512 513 #endif /* __XEN_PUBLIC_HVM_DM_OP_H__ */ 514 515 /* 516 * Local variables: 517 * mode: C 518 * c-file-style: "BSD" 519 * c-basic-offset: 4 520 * tab-width: 4 521 * indent-tabs-mode: nil 522 * End: 523 */ 524