1 /*- 2 * Copyright (c) 2016 Akshay Jaggi <jaggi@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * gntdev.c 27 * 28 * Interface to /dev/xen/gntdev. 29 * 30 */ 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/uio.h> 35 #include <sys/bus.h> 36 #include <sys/malloc.h> 37 #include <sys/kernel.h> 38 #include <sys/lock.h> 39 #include <sys/mutex.h> 40 #include <sys/rwlock.h> 41 #include <sys/selinfo.h> 42 #include <sys/poll.h> 43 #include <sys/conf.h> 44 #include <sys/fcntl.h> 45 #include <sys/ioccom.h> 46 #include <sys/rman.h> 47 #include <sys/tree.h> 48 #include <sys/module.h> 49 #include <sys/proc.h> 50 #include <sys/bitset.h> 51 #include <sys/queue.h> 52 #include <sys/mman.h> 53 #include <sys/syslog.h> 54 #include <sys/taskqueue.h> 55 56 #include <vm/vm.h> 57 #include <vm/vm_param.h> 58 #include <vm/vm_extern.h> 59 #include <vm/vm_kern.h> 60 #include <vm/vm_page.h> 61 #include <vm/vm_map.h> 62 #include <vm/vm_object.h> 63 #include <vm/vm_pager.h> 64 65 #include <machine/md_var.h> 66 67 #include <xen/xen-os.h> 68 #include <xen/hypervisor.h> 69 #include <xen/error.h> 70 #include <xen/xen_intr.h> 71 #include <xen/gnttab.h> 72 #include <xen/gntdev.h> 73 74 MALLOC_DEFINE(M_GNTDEV, "gntdev", "Xen grant-table user-space device"); 75 76 #define MAX_OFFSET_COUNT ((0xffffffffffffffffull >> PAGE_SHIFT) + 1) 77 78 static d_open_t gntdev_open; 79 static d_ioctl_t gntdev_ioctl; 80 static d_mmap_single_t gntdev_mmap_single; 81 82 static struct cdevsw gntdev_devsw = { 83 .d_version = D_VERSION, 84 .d_open = gntdev_open, 85 .d_ioctl = gntdev_ioctl, 86 .d_mmap_single = gntdev_mmap_single, 87 .d_name = "gntdev", 88 }; 89 90 static device_t gntdev_dev = NULL; 91 92 struct gntdev_gref; 93 struct gntdev_gmap; 94 STAILQ_HEAD(gref_list_head, gntdev_gref); 95 STAILQ_HEAD(gmap_list_head, gntdev_gmap); 96 RB_HEAD(gref_tree_head, gntdev_gref); 97 RB_HEAD(gmap_tree_head, gntdev_gmap); 98 99 struct file_offset_struct { 100 RB_ENTRY(file_offset_struct) next; 101 uint64_t file_offset; 102 uint64_t count; 103 }; 104 105 static int 106 offset_cmp(struct file_offset_struct *f1, struct file_offset_struct *f2) 107 { 108 return (f1->file_offset - f2->file_offset); 109 } 110 111 RB_HEAD(file_offset_head, file_offset_struct); 112 RB_GENERATE_STATIC(file_offset_head, file_offset_struct, next, offset_cmp); 113 114 struct per_user_data { 115 struct mtx user_data_lock; 116 struct gref_tree_head gref_tree; 117 struct gmap_tree_head gmap_tree; 118 struct file_offset_head file_offset; 119 }; 120 121 /* 122 * Get offset into the file which will be used while mmapping the 123 * appropriate pages by the userspace program. 124 */ 125 static int 126 get_file_offset(struct per_user_data *priv_user, uint32_t count, 127 uint64_t *file_offset) 128 { 129 struct file_offset_struct *offset, *offset_tmp; 130 131 if (count == 0) 132 return (EINVAL); 133 mtx_lock(&priv_user->user_data_lock); 134 RB_FOREACH_SAFE(offset, file_offset_head, &priv_user->file_offset, 135 offset_tmp) { 136 if (offset->count >= count) { 137 offset->count -= count; 138 *file_offset = offset->file_offset + offset->count * 139 PAGE_SIZE; 140 if (offset->count == 0) { 141 RB_REMOVE(file_offset_head, 142 &priv_user->file_offset, offset); 143 free(offset, M_GNTDEV); 144 } 145 mtx_unlock(&priv_user->user_data_lock); 146 return (0); 147 } 148 } 149 mtx_unlock(&priv_user->user_data_lock); 150 151 return (ENOSPC); 152 } 153 154 static void 155 put_file_offset(struct per_user_data *priv_user, uint32_t count, 156 uint64_t file_offset) 157 { 158 struct file_offset_struct *offset, *offset_nxt, *offset_prv; 159 160 offset = malloc(sizeof(*offset), M_GNTDEV, M_WAITOK | M_ZERO); 161 offset->file_offset = file_offset; 162 offset->count = count; 163 164 mtx_lock(&priv_user->user_data_lock); 165 RB_INSERT(file_offset_head, &priv_user->file_offset, offset); 166 offset_nxt = RB_NEXT(file_offset_head, &priv_user->file_offset, offset); 167 offset_prv = RB_PREV(file_offset_head, &priv_user->file_offset, offset); 168 if (offset_nxt != NULL && 169 offset_nxt->file_offset == offset->file_offset + offset->count * 170 PAGE_SIZE) { 171 offset->count += offset_nxt->count; 172 RB_REMOVE(file_offset_head, &priv_user->file_offset, 173 offset_nxt); 174 free(offset_nxt, M_GNTDEV); 175 } 176 if (offset_prv != NULL && 177 offset->file_offset == offset_prv->file_offset + offset_prv->count * 178 PAGE_SIZE) { 179 offset_prv->count += offset->count; 180 RB_REMOVE(file_offset_head, &priv_user->file_offset, offset); 181 free(offset, M_GNTDEV); 182 } 183 mtx_unlock(&priv_user->user_data_lock); 184 } 185 186 static int gntdev_gmap_pg_ctor(void *handle, vm_ooffset_t size, 187 vm_prot_t prot, vm_ooffset_t foff, struct ucred *cred, u_short *color); 188 static void gntdev_gmap_pg_dtor(void *handle); 189 static int gntdev_gmap_pg_fault(vm_object_t object, vm_ooffset_t offset, 190 int prot, vm_page_t *mres); 191 192 static struct cdev_pager_ops gntdev_gmap_pg_ops = { 193 .cdev_pg_fault = gntdev_gmap_pg_fault, 194 .cdev_pg_ctor = gntdev_gmap_pg_ctor, 195 .cdev_pg_dtor = gntdev_gmap_pg_dtor, 196 }; 197 198 struct cleanup_data_struct { 199 struct mtx to_kill_grefs_mtx; 200 struct mtx to_kill_gmaps_mtx; 201 struct gref_list_head to_kill_grefs; 202 struct gmap_list_head to_kill_gmaps; 203 }; 204 205 static struct cleanup_data_struct cleanup_data = { 206 .to_kill_grefs = STAILQ_HEAD_INITIALIZER(cleanup_data.to_kill_grefs), 207 .to_kill_gmaps = STAILQ_HEAD_INITIALIZER(cleanup_data.to_kill_gmaps), 208 }; 209 MTX_SYSINIT(to_kill_grefs_mtx, &cleanup_data.to_kill_grefs_mtx, 210 "gntdev to_kill_grefs mutex", MTX_DEF); 211 MTX_SYSINIT(to_kill_gmaps_mtx, &cleanup_data.to_kill_gmaps_mtx, 212 "gntdev to_kill_gmaps mutex", MTX_DEF); 213 214 static void cleanup_function(void *arg, __unused int pending); 215 static struct task cleanup_task = TASK_INITIALIZER(0, cleanup_function, 216 &cleanup_data); 217 218 struct notify_data { 219 uint64_t index; 220 uint32_t action; 221 uint32_t event_channel_port; 222 xen_intr_handle_t notify_evtchn_handle; 223 }; 224 225 static void notify(struct notify_data *notify, vm_page_t page); 226 227 /*-------------------- Grant Allocation Methods -----------------------------*/ 228 229 struct gntdev_gref { 230 union gref_next_union { 231 STAILQ_ENTRY(gntdev_gref) list; 232 RB_ENTRY(gntdev_gref) tree; 233 } gref_next; 234 uint64_t file_index; 235 grant_ref_t gref_id; 236 vm_page_t page; 237 struct notify_data *notify; 238 }; 239 240 static int 241 gref_cmp(struct gntdev_gref *g1, struct gntdev_gref *g2) 242 { 243 return (g1->file_index - g2->file_index); 244 } 245 246 RB_GENERATE_STATIC(gref_tree_head, gntdev_gref, gref_next.tree, gref_cmp); 247 248 /* 249 * Traverse over the device-list of to-be-deleted grants allocated, and 250 * if all accesses, both local mmaps and foreign maps, to them have ended, 251 * destroy them. 252 */ 253 static void 254 gref_list_dtor(struct cleanup_data_struct *cleanup_data) 255 { 256 struct gref_list_head tmp_grefs; 257 struct gntdev_gref *gref, *gref_tmp, *gref_previous; 258 259 STAILQ_INIT(&tmp_grefs); 260 mtx_lock(&cleanup_data->to_kill_grefs_mtx); 261 STAILQ_SWAP(&cleanup_data->to_kill_grefs, &tmp_grefs, gntdev_gref); 262 mtx_unlock(&cleanup_data->to_kill_grefs_mtx); 263 264 gref_previous = NULL; 265 STAILQ_FOREACH_SAFE(gref, &tmp_grefs, gref_next.list, gref_tmp) { 266 if (gref->page && gref->page->object == NULL) { 267 if (gref->notify) { 268 notify(gref->notify, gref->page); 269 } 270 if (gref->gref_id != GRANT_REF_INVALID) { 271 if (gnttab_query_foreign_access(gref->gref_id)) 272 continue; 273 if (gnttab_end_foreign_access_ref(gref->gref_id) 274 == 0) 275 continue; 276 gnttab_free_grant_reference(gref->gref_id); 277 } 278 vm_page_unwire_noq(gref->page); 279 vm_page_free(gref->page); 280 gref->page = NULL; 281 } 282 if (gref->page == NULL) { 283 if (gref_previous == NULL) 284 STAILQ_REMOVE_HEAD(&tmp_grefs, gref_next.list); 285 else 286 STAILQ_REMOVE_AFTER(&tmp_grefs, gref_previous, 287 gref_next.list); 288 if (gref->notify) 289 free(gref->notify, M_GNTDEV); 290 free(gref, M_GNTDEV); 291 } 292 else 293 gref_previous = gref; 294 } 295 296 if (!STAILQ_EMPTY(&tmp_grefs)) { 297 mtx_lock(&cleanup_data->to_kill_grefs_mtx); 298 STAILQ_CONCAT(&cleanup_data->to_kill_grefs, &tmp_grefs); 299 mtx_unlock(&cleanup_data->to_kill_grefs_mtx); 300 } 301 } 302 303 /* 304 * Find count number of contiguous allocated grants for a given userspace 305 * program by file-offset (index). 306 */ 307 static struct gntdev_gref* 308 gntdev_find_grefs(struct per_user_data *priv_user, 309 uint64_t index, uint32_t count) 310 { 311 struct gntdev_gref find_gref, *gref, *gref_start = NULL; 312 313 find_gref.file_index = index; 314 315 mtx_lock(&priv_user->user_data_lock); 316 gref_start = RB_FIND(gref_tree_head, &priv_user->gref_tree, &find_gref); 317 for (gref = gref_start; gref != NULL && count > 0; gref = 318 RB_NEXT(gref_tree_head, &priv_user->gref_tree, gref)) { 319 if (index != gref->file_index) 320 break; 321 index += PAGE_SIZE; 322 count--; 323 } 324 mtx_unlock(&priv_user->user_data_lock); 325 326 if (count) 327 return (NULL); 328 return (gref_start); 329 } 330 331 /* 332 * IOCTL_GNTDEV_ALLOC_GREF 333 * Allocate required number of wired pages for the request, grant foreign 334 * access to the physical frames for these pages, and add details about 335 * this allocation to the per user private data, so that these pages can 336 * be mmapped by the userspace program. 337 */ 338 static int 339 gntdev_alloc_gref(struct ioctl_gntdev_alloc_gref *arg) 340 { 341 uint32_t i; 342 int error, readonly; 343 uint64_t file_offset; 344 struct gntdev_gref *grefs; 345 struct per_user_data *priv_user; 346 347 readonly = !(arg->flags & GNTDEV_ALLOC_FLAG_WRITABLE); 348 349 error = devfs_get_cdevpriv((void**) &priv_user); 350 if (error != 0) 351 return (EINVAL); 352 353 /* Cleanup grefs and free pages. */ 354 taskqueue_enqueue(taskqueue_thread, &cleanup_task); 355 356 /* Get file offset for this request. */ 357 error = get_file_offset(priv_user, arg->count, &file_offset); 358 if (error != 0) 359 return (error); 360 361 /* Allocate grefs. */ 362 grefs = malloc(sizeof(*grefs) * arg->count, M_GNTDEV, M_WAITOK); 363 364 for (i = 0; i < arg->count; i++) { 365 grefs[i].file_index = file_offset + i * PAGE_SIZE; 366 grefs[i].gref_id = GRANT_REF_INVALID; 367 grefs[i].notify = NULL; 368 grefs[i].page = vm_page_alloc_noobj(VM_ALLOC_WIRED | 369 VM_ALLOC_ZERO); 370 if (grefs[i].page == NULL) { 371 log(LOG_ERR, "Page allocation failed."); 372 error = ENOMEM; 373 break; 374 } 375 grefs[i].page->valid = VM_PAGE_BITS_ALL; 376 377 error = gnttab_grant_foreign_access(arg->domid, 378 (VM_PAGE_TO_PHYS(grefs[i].page) >> PAGE_SHIFT), 379 readonly, &grefs[i].gref_id); 380 if (error != 0) { 381 log(LOG_ERR, "Grant Table Hypercall failed."); 382 break; 383 } 384 } 385 386 if (error != 0) { 387 /* 388 * If target domain maps the gref (by guessing the gref-id), 389 * then we can't clean it up yet and we have to leave the 390 * page in place so as to not leak our memory to that domain. 391 * Add it to a global list to be cleaned up later. 392 */ 393 mtx_lock(&cleanup_data.to_kill_grefs_mtx); 394 for (i = 0; i < arg->count; i++) 395 STAILQ_INSERT_TAIL(&cleanup_data.to_kill_grefs, 396 &grefs[i], gref_next.list); 397 mtx_unlock(&cleanup_data.to_kill_grefs_mtx); 398 399 taskqueue_enqueue(taskqueue_thread, &cleanup_task); 400 401 return (error); 402 } 403 404 /* Copy the output values. */ 405 arg->index = file_offset; 406 for (i = 0; i < arg->count; i++) 407 suword32(&arg->gref_ids[i], grefs[i].gref_id); 408 409 /* Modify the per user private data. */ 410 mtx_lock(&priv_user->user_data_lock); 411 for (i = 0; i < arg->count; i++) 412 RB_INSERT(gref_tree_head, &priv_user->gref_tree, &grefs[i]); 413 mtx_unlock(&priv_user->user_data_lock); 414 415 return (error); 416 } 417 418 /* 419 * IOCTL_GNTDEV_DEALLOC_GREF 420 * Remove grant allocation information from the per user private data, so 421 * that it can't be mmapped anymore by the userspace program, and add it 422 * to the to-be-deleted grants global device-list. 423 */ 424 static int 425 gntdev_dealloc_gref(struct ioctl_gntdev_dealloc_gref *arg) 426 { 427 int error; 428 uint32_t count; 429 struct gntdev_gref *gref, *gref_tmp; 430 struct per_user_data *priv_user; 431 432 error = devfs_get_cdevpriv((void**) &priv_user); 433 if (error != 0) 434 return (EINVAL); 435 436 gref = gntdev_find_grefs(priv_user, arg->index, arg->count); 437 if (gref == NULL) { 438 log(LOG_ERR, "Can't find requested grant-refs."); 439 return (EINVAL); 440 } 441 442 /* Remove the grefs from user private data. */ 443 count = arg->count; 444 mtx_lock(&priv_user->user_data_lock); 445 mtx_lock(&cleanup_data.to_kill_grefs_mtx); 446 for (; gref != NULL && count > 0; gref = gref_tmp) { 447 gref_tmp = RB_NEXT(gref_tree_head, &priv_user->gref_tree, gref); 448 RB_REMOVE(gref_tree_head, &priv_user->gref_tree, gref); 449 STAILQ_INSERT_TAIL(&cleanup_data.to_kill_grefs, gref, 450 gref_next.list); 451 count--; 452 } 453 mtx_unlock(&cleanup_data.to_kill_grefs_mtx); 454 mtx_unlock(&priv_user->user_data_lock); 455 456 taskqueue_enqueue(taskqueue_thread, &cleanup_task); 457 put_file_offset(priv_user, arg->count, arg->index); 458 459 return (0); 460 } 461 462 /*-------------------- Grant Mapping Methods --------------------------------*/ 463 464 struct gntdev_gmap_map { 465 vm_object_t mem; 466 struct resource *pseudo_phys_res; 467 int pseudo_phys_res_id; 468 vm_paddr_t phys_base_addr; 469 }; 470 471 struct gntdev_gmap { 472 union gmap_next_union { 473 STAILQ_ENTRY(gntdev_gmap) list; 474 RB_ENTRY(gntdev_gmap) tree; 475 } gmap_next; 476 uint64_t file_index; 477 uint32_t count; 478 struct gnttab_map_grant_ref *grant_map_ops; 479 struct gntdev_gmap_map *map; 480 struct notify_data *notify; 481 }; 482 483 static int 484 gmap_cmp(struct gntdev_gmap *g1, struct gntdev_gmap *g2) 485 { 486 return (g1->file_index - g2->file_index); 487 } 488 489 RB_GENERATE_STATIC(gmap_tree_head, gntdev_gmap, gmap_next.tree, gmap_cmp); 490 491 /* 492 * Traverse over the device-list of to-be-deleted grant mappings, and if 493 * the region is no longer mmapped by anyone, free the memory used to 494 * store information about the mapping. 495 */ 496 static void 497 gmap_list_dtor(struct cleanup_data_struct *cleanup_data) 498 { 499 struct gmap_list_head tmp_gmaps; 500 struct gntdev_gmap *gmap, *gmap_tmp, *gmap_previous; 501 502 STAILQ_INIT(&tmp_gmaps); 503 mtx_lock(&cleanup_data->to_kill_gmaps_mtx); 504 STAILQ_SWAP(&cleanup_data->to_kill_gmaps, &tmp_gmaps, gntdev_gmap); 505 mtx_unlock(&cleanup_data->to_kill_gmaps_mtx); 506 507 gmap_previous = NULL; 508 STAILQ_FOREACH_SAFE(gmap, &tmp_gmaps, gmap_next.list, gmap_tmp) { 509 if (gmap->map == NULL) { 510 if (gmap_previous == NULL) 511 STAILQ_REMOVE_HEAD(&tmp_gmaps, gmap_next.list); 512 else 513 STAILQ_REMOVE_AFTER(&tmp_gmaps, gmap_previous, 514 gmap_next.list); 515 516 if (gmap->notify) 517 free(gmap->notify, M_GNTDEV); 518 free(gmap->grant_map_ops, M_GNTDEV); 519 free(gmap, M_GNTDEV); 520 } 521 else 522 gmap_previous = gmap; 523 } 524 525 if (!STAILQ_EMPTY(&tmp_gmaps)) { 526 mtx_lock(&cleanup_data->to_kill_gmaps_mtx); 527 STAILQ_CONCAT(&cleanup_data->to_kill_gmaps, &tmp_gmaps); 528 mtx_unlock(&cleanup_data->to_kill_gmaps_mtx); 529 } 530 } 531 532 /* 533 * Find mapped grants for a given userspace program, by file-offset (index) 534 * and count, as supplied during the map-ioctl. 535 */ 536 static struct gntdev_gmap* 537 gntdev_find_gmap(struct per_user_data *priv_user, 538 uint64_t index, uint32_t count) 539 { 540 struct gntdev_gmap find_gmap, *gmap; 541 542 find_gmap.file_index = index; 543 544 mtx_lock(&priv_user->user_data_lock); 545 gmap = RB_FIND(gmap_tree_head, &priv_user->gmap_tree, &find_gmap); 546 mtx_unlock(&priv_user->user_data_lock); 547 548 if (gmap != NULL && gmap->count == count) 549 return (gmap); 550 return (NULL); 551 } 552 553 /* 554 * Remove the pages from the mgtdevice pager, call the unmap hypercall, 555 * free the xenmem resource. This function is called during the 556 * destruction of the mgtdevice pager, which happens when all mmaps to 557 * it have been removed, and the unmap-ioctl has been performed. 558 */ 559 static int 560 notify_unmap_cleanup(struct gntdev_gmap *gmap) 561 { 562 uint32_t i; 563 int error, count; 564 vm_page_t m; 565 struct gnttab_unmap_grant_ref *unmap_ops; 566 567 unmap_ops = malloc(sizeof(struct gnttab_unmap_grant_ref) * gmap->count, 568 M_GNTDEV, M_WAITOK); 569 570 /* Enumerate freeable maps. */ 571 count = 0; 572 for (i = 0; i < gmap->count; i++) { 573 if (gmap->grant_map_ops[i].handle != -1) { 574 unmap_ops[count].handle = gmap->grant_map_ops[i].handle; 575 unmap_ops[count].host_addr = 576 gmap->grant_map_ops[i].host_addr; 577 unmap_ops[count].dev_bus_addr = 0; 578 count++; 579 } 580 } 581 582 /* Perform notification. */ 583 if (count > 0 && gmap->notify) { 584 vm_page_t page; 585 uint64_t page_offset; 586 587 page_offset = gmap->notify->index - gmap->file_index; 588 page = PHYS_TO_VM_PAGE(gmap->map->phys_base_addr + page_offset); 589 notify(gmap->notify, page); 590 } 591 592 /* Free the pages. */ 593 VM_OBJECT_WLOCK(gmap->map->mem); 594 retry: 595 for (i = 0; i < gmap->count; i++) { 596 m = vm_page_lookup(gmap->map->mem, i); 597 if (m == NULL) 598 continue; 599 if (vm_page_busy_acquire(m, VM_ALLOC_WAITFAIL) == 0) 600 goto retry; 601 cdev_pager_free_page(gmap->map->mem, m); 602 } 603 VM_OBJECT_WUNLOCK(gmap->map->mem); 604 605 /* Perform unmap hypercall. */ 606 error = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, 607 unmap_ops, count); 608 609 for (i = 0; i < gmap->count; i++) { 610 gmap->grant_map_ops[i].handle = -1; 611 gmap->grant_map_ops[i].host_addr = 0; 612 } 613 614 if (gmap->map) { 615 error = xenmem_free(gntdev_dev, gmap->map->pseudo_phys_res_id, 616 gmap->map->pseudo_phys_res); 617 KASSERT(error == 0, 618 ("Unable to release memory resource: %d", error)); 619 620 free(gmap->map, M_GNTDEV); 621 gmap->map = NULL; 622 } 623 624 free(unmap_ops, M_GNTDEV); 625 626 return (error); 627 } 628 629 /* 630 * IOCTL_GNTDEV_MAP_GRANT_REF 631 * Populate structures for mapping the grant reference in the per user 632 * private data. Actual resource allocation and map hypercall is performed 633 * during the mmap. 634 */ 635 static int 636 gntdev_map_grant_ref(struct ioctl_gntdev_map_grant_ref *arg) 637 { 638 uint32_t i; 639 int error; 640 struct gntdev_gmap *gmap; 641 struct per_user_data *priv_user; 642 643 error = devfs_get_cdevpriv((void**) &priv_user); 644 if (error != 0) 645 return (EINVAL); 646 647 gmap = malloc(sizeof(*gmap), M_GNTDEV, M_WAITOK | M_ZERO); 648 gmap->count = arg->count; 649 gmap->grant_map_ops = 650 malloc(sizeof(struct gnttab_map_grant_ref) * arg->count, 651 M_GNTDEV, M_WAITOK | M_ZERO); 652 653 for (i = 0; i < arg->count; i++) { 654 struct ioctl_gntdev_grant_ref ref; 655 656 error = copyin(&arg->refs[i], &ref, sizeof(ref)); 657 if (error != 0) { 658 free(gmap->grant_map_ops, M_GNTDEV); 659 free(gmap, M_GNTDEV); 660 return (error); 661 } 662 gmap->grant_map_ops[i].dom = ref.domid; 663 gmap->grant_map_ops[i].ref = ref.ref; 664 gmap->grant_map_ops[i].handle = -1; 665 gmap->grant_map_ops[i].flags = GNTMAP_host_map; 666 } 667 668 error = get_file_offset(priv_user, arg->count, &gmap->file_index); 669 if (error != 0) { 670 free(gmap->grant_map_ops, M_GNTDEV); 671 free(gmap, M_GNTDEV); 672 return (error); 673 } 674 675 mtx_lock(&priv_user->user_data_lock); 676 RB_INSERT(gmap_tree_head, &priv_user->gmap_tree, gmap); 677 mtx_unlock(&priv_user->user_data_lock); 678 679 arg->index = gmap->file_index; 680 681 return (error); 682 } 683 684 /* 685 * IOCTL_GNTDEV_UNMAP_GRANT_REF 686 * Remove the map information from the per user private data and add it 687 * to the global device-list of mappings to be deleted. A reference to 688 * the mgtdevice pager is also decreased, the reason for which is 689 * explained in mmap_gmap(). 690 */ 691 static int 692 gntdev_unmap_grant_ref(struct ioctl_gntdev_unmap_grant_ref *arg) 693 { 694 int error; 695 struct gntdev_gmap *gmap; 696 struct per_user_data *priv_user; 697 698 error = devfs_get_cdevpriv((void**) &priv_user); 699 if (error != 0) 700 return (EINVAL); 701 702 gmap = gntdev_find_gmap(priv_user, arg->index, arg->count); 703 if (gmap == NULL) { 704 log(LOG_ERR, "Can't find requested grant-map."); 705 return (EINVAL); 706 } 707 708 mtx_lock(&priv_user->user_data_lock); 709 mtx_lock(&cleanup_data.to_kill_gmaps_mtx); 710 RB_REMOVE(gmap_tree_head, &priv_user->gmap_tree, gmap); 711 STAILQ_INSERT_TAIL(&cleanup_data.to_kill_gmaps, gmap, gmap_next.list); 712 mtx_unlock(&cleanup_data.to_kill_gmaps_mtx); 713 mtx_unlock(&priv_user->user_data_lock); 714 715 if (gmap->map) 716 vm_object_deallocate(gmap->map->mem); 717 718 taskqueue_enqueue(taskqueue_thread, &cleanup_task); 719 put_file_offset(priv_user, arg->count, arg->index); 720 721 return (0); 722 } 723 724 /* 725 * IOCTL_GNTDEV_GET_OFFSET_FOR_VADDR 726 * Get file-offset and count for a given mapping, from the virtual address 727 * where the mapping is mmapped. 728 * Please note, this only works for grants mapped by this domain, and not 729 * grants allocated. Count doesn't make much sense in reference to grants 730 * allocated. Also, because this function is present in the linux gntdev 731 * device, but not in the linux gntalloc one, most userspace code only use 732 * it for mapped grants. 733 */ 734 static int 735 gntdev_get_offset_for_vaddr(struct ioctl_gntdev_get_offset_for_vaddr *arg, 736 struct thread *td) 737 { 738 int error; 739 vm_map_t map; 740 vm_map_entry_t entry; 741 vm_object_t mem; 742 vm_pindex_t pindex; 743 vm_prot_t prot; 744 boolean_t wired; 745 struct gntdev_gmap *gmap; 746 int rc; 747 748 map = &td->td_proc->p_vmspace->vm_map; 749 error = vm_map_lookup(&map, arg->vaddr, VM_PROT_NONE, &entry, 750 &mem, &pindex, &prot, &wired); 751 if (error != KERN_SUCCESS) 752 return (EINVAL); 753 754 if ((mem->type != OBJT_MGTDEVICE) || 755 (mem->un_pager.devp.ops != &gntdev_gmap_pg_ops)) { 756 rc = EINVAL; 757 goto out; 758 } 759 760 gmap = mem->handle; 761 if (gmap == NULL || 762 (entry->end - entry->start) != (gmap->count * PAGE_SIZE)) { 763 rc = EINVAL; 764 goto out; 765 } 766 767 arg->count = gmap->count; 768 arg->offset = gmap->file_index; 769 rc = 0; 770 771 out: 772 vm_map_lookup_done(map, entry); 773 return (rc); 774 } 775 776 /*-------------------- Grant Mapping Pager ----------------------------------*/ 777 778 static int 779 gntdev_gmap_pg_ctor(void *handle, vm_ooffset_t size, vm_prot_t prot, 780 vm_ooffset_t foff, struct ucred *cred, u_short *color) 781 { 782 783 return (0); 784 } 785 786 static void 787 gntdev_gmap_pg_dtor(void *handle) 788 { 789 790 notify_unmap_cleanup((struct gntdev_gmap *)handle); 791 } 792 793 static int 794 gntdev_gmap_pg_fault(vm_object_t object, vm_ooffset_t offset, int prot, 795 vm_page_t *mres) 796 { 797 struct gntdev_gmap *gmap = object->handle; 798 vm_pindex_t pidx, ridx; 799 vm_page_t page; 800 vm_ooffset_t relative_offset; 801 802 if (gmap->map == NULL) 803 return (VM_PAGER_FAIL); 804 805 relative_offset = offset - gmap->file_index; 806 807 pidx = OFF_TO_IDX(offset); 808 ridx = OFF_TO_IDX(relative_offset); 809 if (ridx >= gmap->count || 810 gmap->grant_map_ops[ridx].status != GNTST_okay) 811 return (VM_PAGER_FAIL); 812 813 page = PHYS_TO_VM_PAGE(gmap->map->phys_base_addr + relative_offset); 814 if (page == NULL) 815 return (VM_PAGER_FAIL); 816 817 KASSERT((page->flags & PG_FICTITIOUS) != 0, 818 ("not fictitious %p", page)); 819 KASSERT(vm_page_wired(page), ("page %p is not wired", page)); 820 KASSERT(!vm_page_busied(page), ("page %p is busy", page)); 821 822 vm_page_busy_acquire(page, 0); 823 vm_page_valid(page); 824 if (*mres != NULL) 825 vm_page_replace(page, object, pidx, *mres); 826 else 827 vm_page_insert(page, object, pidx); 828 *mres = page; 829 return (VM_PAGER_OK); 830 } 831 832 /*------------------ Grant Table Methods ------------------------------------*/ 833 834 static void 835 notify(struct notify_data *notify, vm_page_t page) 836 { 837 if (notify->action & UNMAP_NOTIFY_CLEAR_BYTE) { 838 uint8_t *mem; 839 uint64_t offset; 840 841 offset = notify->index & PAGE_MASK; 842 mem = (uint8_t *)pmap_quick_enter_page(page); 843 mem[offset] = 0; 844 pmap_quick_remove_page((vm_offset_t)mem); 845 } 846 if (notify->action & UNMAP_NOTIFY_SEND_EVENT) { 847 xen_intr_signal(notify->notify_evtchn_handle); 848 xen_intr_unbind(¬ify->notify_evtchn_handle); 849 } 850 notify->action = 0; 851 } 852 853 /* 854 * Helper to copy new arguments from the notify ioctl into 855 * the existing notify data. 856 */ 857 static int 858 copy_notify_helper(struct notify_data *destination, 859 struct ioctl_gntdev_unmap_notify *source) 860 { 861 xen_intr_handle_t handlep = NULL; 862 863 /* 864 * "Get" before "Put"ting previous reference, as we might be 865 * holding the last reference to the event channel port. 866 */ 867 if (source->action & UNMAP_NOTIFY_SEND_EVENT) 868 if (xen_intr_get_evtchn_from_port(source->event_channel_port, 869 &handlep) != 0) 870 return (EINVAL); 871 872 if (destination->action & UNMAP_NOTIFY_SEND_EVENT) 873 xen_intr_unbind(&destination->notify_evtchn_handle); 874 875 destination->action = source->action; 876 destination->event_channel_port = source->event_channel_port; 877 destination->index = source->index; 878 destination->notify_evtchn_handle = handlep; 879 880 return (0); 881 } 882 883 /* 884 * IOCTL_GNTDEV_SET_UNMAP_NOTIFY 885 * Set unmap notification inside the appropriate grant. It sends a 886 * notification when the grant is completely munmapped by this domain 887 * and ready for destruction. 888 */ 889 static int 890 gntdev_set_unmap_notify(struct ioctl_gntdev_unmap_notify *arg) 891 { 892 int error; 893 uint64_t index; 894 struct per_user_data *priv_user; 895 struct gntdev_gref *gref = NULL; 896 struct gntdev_gmap *gmap; 897 898 error = devfs_get_cdevpriv((void**) &priv_user); 899 if (error != 0) 900 return (EINVAL); 901 902 if (arg->action & ~(UNMAP_NOTIFY_CLEAR_BYTE|UNMAP_NOTIFY_SEND_EVENT)) 903 return (EINVAL); 904 905 index = arg->index & ~PAGE_MASK; 906 gref = gntdev_find_grefs(priv_user, index, 1); 907 if (gref) { 908 if (gref->notify == NULL) 909 gref->notify = malloc(sizeof(*arg), M_GNTDEV, 910 M_WAITOK | M_ZERO); 911 return (copy_notify_helper(gref->notify, arg)); 912 } 913 914 error = EINVAL; 915 mtx_lock(&priv_user->user_data_lock); 916 RB_FOREACH(gmap, gmap_tree_head, &priv_user->gmap_tree) { 917 if (arg->index >= gmap->file_index && 918 arg->index < gmap->file_index + gmap->count * PAGE_SIZE) { 919 if (gmap->notify == NULL) 920 gmap->notify = malloc(sizeof(*arg), M_GNTDEV, 921 M_WAITOK | M_ZERO); 922 error = copy_notify_helper(gmap->notify, arg); 923 break; 924 } 925 } 926 mtx_unlock(&priv_user->user_data_lock); 927 928 return (error); 929 } 930 931 /*------------------ Gntdev Char Device Methods -----------------------------*/ 932 933 static void 934 cleanup_function(void *arg, __unused int pending) 935 { 936 937 gref_list_dtor((struct cleanup_data_struct *) arg); 938 gmap_list_dtor((struct cleanup_data_struct *) arg); 939 } 940 941 static void 942 per_user_data_dtor(void *arg) 943 { 944 struct gntdev_gref *gref, *gref_tmp; 945 struct gntdev_gmap *gmap, *gmap_tmp; 946 struct file_offset_struct *offset, *offset_tmp; 947 struct per_user_data *priv_user; 948 949 priv_user = (struct per_user_data *) arg; 950 951 mtx_lock(&priv_user->user_data_lock); 952 953 mtx_lock(&cleanup_data.to_kill_grefs_mtx); 954 RB_FOREACH_SAFE(gref, gref_tree_head, &priv_user->gref_tree, gref_tmp) { 955 RB_REMOVE(gref_tree_head, &priv_user->gref_tree, gref); 956 STAILQ_INSERT_TAIL(&cleanup_data.to_kill_grefs, gref, 957 gref_next.list); 958 } 959 mtx_unlock(&cleanup_data.to_kill_grefs_mtx); 960 961 mtx_lock(&cleanup_data.to_kill_gmaps_mtx); 962 RB_FOREACH_SAFE(gmap, gmap_tree_head, &priv_user->gmap_tree, gmap_tmp) { 963 RB_REMOVE(gmap_tree_head, &priv_user->gmap_tree, gmap); 964 STAILQ_INSERT_TAIL(&cleanup_data.to_kill_gmaps, gmap, 965 gmap_next.list); 966 if (gmap->map) 967 vm_object_deallocate(gmap->map->mem); 968 } 969 mtx_unlock(&cleanup_data.to_kill_gmaps_mtx); 970 971 RB_FOREACH_SAFE(offset, file_offset_head, &priv_user->file_offset, 972 offset_tmp) { 973 RB_REMOVE(file_offset_head, &priv_user->file_offset, offset); 974 free(offset, M_GNTDEV); 975 } 976 977 mtx_unlock(&priv_user->user_data_lock); 978 979 taskqueue_enqueue(taskqueue_thread, &cleanup_task); 980 981 mtx_destroy(&priv_user->user_data_lock); 982 free(priv_user, M_GNTDEV); 983 } 984 985 static int 986 gntdev_open(struct cdev *dev, int flag, int otyp, struct thread *td) 987 { 988 int error; 989 struct per_user_data *priv_user; 990 struct file_offset_struct *offset; 991 992 priv_user = malloc(sizeof(*priv_user), M_GNTDEV, M_WAITOK | M_ZERO); 993 RB_INIT(&priv_user->gref_tree); 994 RB_INIT(&priv_user->gmap_tree); 995 RB_INIT(&priv_user->file_offset); 996 offset = malloc(sizeof(*offset), M_GNTDEV, M_WAITOK | M_ZERO); 997 offset->file_offset = 0; 998 offset->count = MAX_OFFSET_COUNT; 999 RB_INSERT(file_offset_head, &priv_user->file_offset, offset); 1000 mtx_init(&priv_user->user_data_lock, 1001 "per user data mutex", NULL, MTX_DEF); 1002 1003 error = devfs_set_cdevpriv(priv_user, per_user_data_dtor); 1004 if (error != 0) 1005 per_user_data_dtor(priv_user); 1006 1007 return (error); 1008 } 1009 1010 static int 1011 gntdev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, 1012 int fflag, struct thread *td) 1013 { 1014 int error; 1015 1016 switch (cmd) { 1017 case IOCTL_GNTDEV_SET_UNMAP_NOTIFY: 1018 error = gntdev_set_unmap_notify( 1019 (struct ioctl_gntdev_unmap_notify*) data); 1020 break; 1021 case IOCTL_GNTDEV_ALLOC_GREF: 1022 error = gntdev_alloc_gref( 1023 (struct ioctl_gntdev_alloc_gref*) data); 1024 break; 1025 case IOCTL_GNTDEV_DEALLOC_GREF: 1026 error = gntdev_dealloc_gref( 1027 (struct ioctl_gntdev_dealloc_gref*) data); 1028 break; 1029 case IOCTL_GNTDEV_MAP_GRANT_REF: 1030 error = gntdev_map_grant_ref( 1031 (struct ioctl_gntdev_map_grant_ref*) data); 1032 break; 1033 case IOCTL_GNTDEV_UNMAP_GRANT_REF: 1034 error = gntdev_unmap_grant_ref( 1035 (struct ioctl_gntdev_unmap_grant_ref*) data); 1036 break; 1037 case IOCTL_GNTDEV_GET_OFFSET_FOR_VADDR: 1038 error = gntdev_get_offset_for_vaddr( 1039 (struct ioctl_gntdev_get_offset_for_vaddr*) data, td); 1040 break; 1041 default: 1042 error = ENOSYS; 1043 break; 1044 } 1045 1046 return (error); 1047 } 1048 1049 /* 1050 * MMAP an allocated grant into user memory. 1051 * Please note, that the grants must not already be mmapped, otherwise 1052 * this function will fail. 1053 */ 1054 static int 1055 mmap_gref(struct per_user_data *priv_user, struct gntdev_gref *gref_start, 1056 uint32_t count, vm_size_t size, struct vm_object **object) 1057 { 1058 vm_object_t mem_obj; 1059 struct gntdev_gref *gref; 1060 1061 mem_obj = vm_pager_allocate(OBJT_PHYS, NULL, size, VM_PROT_ALL, 0, 1062 curthread->td_ucred); 1063 if (mem_obj == NULL) 1064 return (ENOMEM); 1065 1066 mtx_lock(&priv_user->user_data_lock); 1067 VM_OBJECT_WLOCK(mem_obj); 1068 for (gref = gref_start; gref != NULL && count > 0; gref = 1069 RB_NEXT(gref_tree_head, &priv_user->gref_tree, gref)) { 1070 if (gref->page->object) 1071 break; 1072 1073 vm_page_insert(gref->page, mem_obj, 1074 OFF_TO_IDX(gref->file_index)); 1075 1076 count--; 1077 } 1078 VM_OBJECT_WUNLOCK(mem_obj); 1079 mtx_unlock(&priv_user->user_data_lock); 1080 1081 if (count) { 1082 vm_object_deallocate(mem_obj); 1083 return (EINVAL); 1084 } 1085 1086 *object = mem_obj; 1087 1088 return (0); 1089 1090 } 1091 1092 /* 1093 * MMAP a mapped grant into user memory. 1094 */ 1095 static int 1096 mmap_gmap(struct per_user_data *priv_user, struct gntdev_gmap *gmap_start, 1097 vm_ooffset_t *offset, vm_size_t size, struct vm_object **object, int nprot) 1098 { 1099 uint32_t i; 1100 int error; 1101 1102 /* 1103 * The grant map hypercall might already be done. 1104 * If that is the case, increase a reference to the 1105 * vm object and return the already allocated object. 1106 */ 1107 if (gmap_start->map) { 1108 vm_object_reference(gmap_start->map->mem); 1109 *object = gmap_start->map->mem; 1110 return (0); 1111 } 1112 1113 gmap_start->map = malloc(sizeof(*(gmap_start->map)), M_GNTDEV, 1114 M_WAITOK | M_ZERO); 1115 1116 /* Allocate the xen pseudo physical memory resource. */ 1117 gmap_start->map->pseudo_phys_res_id = 0; 1118 gmap_start->map->pseudo_phys_res = xenmem_alloc(gntdev_dev, 1119 &gmap_start->map->pseudo_phys_res_id, size); 1120 if (gmap_start->map->pseudo_phys_res == NULL) { 1121 free(gmap_start->map, M_GNTDEV); 1122 gmap_start->map = NULL; 1123 return (ENOMEM); 1124 } 1125 gmap_start->map->phys_base_addr = 1126 rman_get_start(gmap_start->map->pseudo_phys_res); 1127 1128 /* Allocate the mgtdevice pager. */ 1129 gmap_start->map->mem = cdev_pager_allocate(gmap_start, OBJT_MGTDEVICE, 1130 &gntdev_gmap_pg_ops, size, nprot, *offset, NULL); 1131 if (gmap_start->map->mem == NULL) { 1132 xenmem_free(gntdev_dev, gmap_start->map->pseudo_phys_res_id, 1133 gmap_start->map->pseudo_phys_res); 1134 free(gmap_start->map, M_GNTDEV); 1135 gmap_start->map = NULL; 1136 return (ENOMEM); 1137 } 1138 1139 for (i = 0; i < gmap_start->count; i++) { 1140 gmap_start->grant_map_ops[i].host_addr = 1141 gmap_start->map->phys_base_addr + i * PAGE_SIZE; 1142 1143 if ((nprot & PROT_WRITE) == 0) 1144 gmap_start->grant_map_ops[i].flags |= GNTMAP_readonly; 1145 } 1146 /* Make the MAP hypercall. */ 1147 error = HYPERVISOR_grant_table_op(GNTTABOP_map_grant_ref, 1148 gmap_start->grant_map_ops, gmap_start->count); 1149 if (error != 0) { 1150 /* 1151 * Deallocate pager. 1152 * Pager deallocation will automatically take care of 1153 * xenmem deallocation, etc. 1154 */ 1155 vm_object_deallocate(gmap_start->map->mem); 1156 1157 return (EINVAL); 1158 } 1159 1160 /* Retry EAGAIN maps. */ 1161 for (i = 0; i < gmap_start->count; i++) { 1162 int delay = 1; 1163 while (delay < 256 && 1164 gmap_start->grant_map_ops[i].status == GNTST_eagain) { 1165 HYPERVISOR_grant_table_op( GNTTABOP_map_grant_ref, 1166 &gmap_start->grant_map_ops[i], 1); 1167 pause(("gntmap"), delay * SBT_1MS); 1168 delay++; 1169 } 1170 if (gmap_start->grant_map_ops[i].status == GNTST_eagain) 1171 gmap_start->grant_map_ops[i].status = GNTST_bad_page; 1172 1173 if (gmap_start->grant_map_ops[i].status != GNTST_okay) { 1174 /* 1175 * Deallocate pager. 1176 * Pager deallocation will automatically take care of 1177 * xenmem deallocation, notification, unmap hypercall, 1178 * etc. 1179 */ 1180 vm_object_deallocate(gmap_start->map->mem); 1181 1182 return (EINVAL); 1183 } 1184 } 1185 1186 /* 1187 * Add a reference to the vm object. We do not want 1188 * the vm object to be deleted when all the mmaps are 1189 * unmapped, because it may be re-mmapped. Instead, 1190 * we want the object to be deleted, when along with 1191 * munmaps, we have also processed the unmap-ioctl. 1192 */ 1193 vm_object_reference(gmap_start->map->mem); 1194 1195 *object = gmap_start->map->mem; 1196 1197 return (0); 1198 } 1199 1200 static int 1201 gntdev_mmap_single(struct cdev *cdev, vm_ooffset_t *offset, vm_size_t size, 1202 struct vm_object **object, int nprot) 1203 { 1204 int error; 1205 uint32_t count; 1206 struct gntdev_gref *gref_start; 1207 struct gntdev_gmap *gmap_start; 1208 struct per_user_data *priv_user; 1209 1210 error = devfs_get_cdevpriv((void**) &priv_user); 1211 if (error != 0) 1212 return (EINVAL); 1213 1214 count = OFF_TO_IDX(size); 1215 1216 gref_start = gntdev_find_grefs(priv_user, *offset, count); 1217 if (gref_start) { 1218 error = mmap_gref(priv_user, gref_start, count, size, object); 1219 return (error); 1220 } 1221 1222 gmap_start = gntdev_find_gmap(priv_user, *offset, count); 1223 if (gmap_start) { 1224 error = mmap_gmap(priv_user, gmap_start, offset, size, object, 1225 nprot); 1226 return (error); 1227 } 1228 1229 return (EINVAL); 1230 } 1231 1232 /*------------------ Private Device Attachment Functions --------------------*/ 1233 static void 1234 gntdev_identify(driver_t *driver, device_t parent) 1235 { 1236 1237 KASSERT((xen_domain()), 1238 ("Trying to attach gntdev device on non Xen domain")); 1239 1240 if (BUS_ADD_CHILD(parent, 0, "gntdev", 0) == NULL) 1241 panic("unable to attach gntdev user-space device"); 1242 } 1243 1244 static int 1245 gntdev_probe(device_t dev) 1246 { 1247 1248 gntdev_dev = dev; 1249 device_set_desc(dev, "Xen grant-table user-space device"); 1250 return (BUS_PROBE_NOWILDCARD); 1251 } 1252 1253 static int 1254 gntdev_attach(device_t dev) 1255 { 1256 1257 make_dev_credf(MAKEDEV_ETERNAL, &gntdev_devsw, 0, NULL, UID_ROOT, 1258 GID_WHEEL, 0600, "xen/gntdev"); 1259 return (0); 1260 } 1261 1262 /*-------------------- Private Device Attachment Data -----------------------*/ 1263 static device_method_t gntdev_methods[] = { 1264 DEVMETHOD(device_identify, gntdev_identify), 1265 DEVMETHOD(device_probe, gntdev_probe), 1266 DEVMETHOD(device_attach, gntdev_attach), 1267 DEVMETHOD_END 1268 }; 1269 1270 static driver_t gntdev_driver = { 1271 "gntdev", 1272 gntdev_methods, 1273 0, 1274 }; 1275 1276 DRIVER_MODULE(gntdev, xenpv, gntdev_driver, 0, 0); 1277 MODULE_DEPEND(gntdev, xenpv, 1, 1, 1); 1278