1 #include "qemu/osdep.h"
2 #include "qemu/units.h"
3 #include "qapi/error.h"
4 #include "exec/target_page.h"
5 #include "trace.h"
6
7 #include "hw/pci/pci_host.h"
8 #include "hw/xen/xen-hvm-common.h"
9 #include "hw/xen/xen-bus.h"
10 #include "hw/boards.h"
11 #include "hw/xen/arch_hvm.h"
12
13 MemoryRegion xen_memory;
14
xen_ram_alloc(ram_addr_t ram_addr,ram_addr_t size,MemoryRegion * mr,Error ** errp)15 void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, MemoryRegion *mr,
16 Error **errp)
17 {
18 unsigned target_page_bits = qemu_target_page_bits();
19 unsigned long nr_pfn;
20 xen_pfn_t *pfn_list;
21 int i;
22
23 if (runstate_check(RUN_STATE_INMIGRATE)) {
24 /* RAM already populated in Xen */
25 warn_report("%s: do not alloc "RAM_ADDR_FMT
26 " bytes of ram at "RAM_ADDR_FMT" when runstate is INMIGRATE",
27 __func__, size, ram_addr);
28 return;
29 }
30
31 if (mr == &xen_memory) {
32 return;
33 }
34
35 trace_xen_ram_alloc(ram_addr, size);
36
37 nr_pfn = size >> target_page_bits;
38 pfn_list = g_new(xen_pfn_t, nr_pfn);
39
40 for (i = 0; i < nr_pfn; i++) {
41 pfn_list[i] = (ram_addr >> target_page_bits) + i;
42 }
43
44 if (xc_domain_populate_physmap_exact(xen_xc, xen_domid, nr_pfn, 0, 0, pfn_list)) {
45 error_setg(errp, "xen: failed to populate ram at " RAM_ADDR_FMT,
46 ram_addr);
47 }
48
49 g_free(pfn_list);
50 }
51
xen_set_memory(struct MemoryListener * listener,MemoryRegionSection * section,bool add)52 static void xen_set_memory(struct MemoryListener *listener,
53 MemoryRegionSection *section,
54 bool add)
55 {
56 XenIOState *state = container_of(listener, XenIOState, memory_listener);
57
58 if (section->mr == &xen_memory) {
59 return;
60 } else {
61 if (add) {
62 xen_map_memory_section(xen_domid, state->ioservid,
63 section);
64 } else {
65 xen_unmap_memory_section(xen_domid, state->ioservid,
66 section);
67 }
68 }
69
70 arch_xen_set_memory(state, section, add);
71 }
72
xen_region_add(MemoryListener * listener,MemoryRegionSection * section)73 void xen_region_add(MemoryListener *listener,
74 MemoryRegionSection *section)
75 {
76 memory_region_ref(section->mr);
77 xen_set_memory(listener, section, true);
78 }
79
xen_region_del(MemoryListener * listener,MemoryRegionSection * section)80 void xen_region_del(MemoryListener *listener,
81 MemoryRegionSection *section)
82 {
83 xen_set_memory(listener, section, false);
84 memory_region_unref(section->mr);
85 }
86
xen_io_add(MemoryListener * listener,MemoryRegionSection * section)87 void xen_io_add(MemoryListener *listener,
88 MemoryRegionSection *section)
89 {
90 XenIOState *state = container_of(listener, XenIOState, io_listener);
91 MemoryRegion *mr = section->mr;
92
93 if (mr->ops == &unassigned_io_ops) {
94 return;
95 }
96
97 memory_region_ref(mr);
98
99 xen_map_io_section(xen_domid, state->ioservid, section);
100 }
101
xen_io_del(MemoryListener * listener,MemoryRegionSection * section)102 void xen_io_del(MemoryListener *listener,
103 MemoryRegionSection *section)
104 {
105 XenIOState *state = container_of(listener, XenIOState, io_listener);
106 MemoryRegion *mr = section->mr;
107
108 if (mr->ops == &unassigned_io_ops) {
109 return;
110 }
111
112 xen_unmap_io_section(xen_domid, state->ioservid, section);
113
114 memory_region_unref(mr);
115 }
116
xen_device_realize(DeviceListener * listener,DeviceState * dev)117 void xen_device_realize(DeviceListener *listener,
118 DeviceState *dev)
119 {
120 XenIOState *state = container_of(listener, XenIOState, device_listener);
121
122 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
123 PCIDevice *pci_dev = PCI_DEVICE(dev);
124 XenPciDevice *xendev = g_new(XenPciDevice, 1);
125
126 xendev->pci_dev = pci_dev;
127 xendev->sbdf = PCI_BUILD_BDF(pci_dev_bus_num(pci_dev),
128 pci_dev->devfn);
129 QLIST_INSERT_HEAD(&state->dev_list, xendev, entry);
130
131 xen_map_pcidev(xen_domid, state->ioservid, pci_dev);
132 }
133 }
134
xen_device_unrealize(DeviceListener * listener,DeviceState * dev)135 void xen_device_unrealize(DeviceListener *listener,
136 DeviceState *dev)
137 {
138 XenIOState *state = container_of(listener, XenIOState, device_listener);
139
140 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
141 PCIDevice *pci_dev = PCI_DEVICE(dev);
142 XenPciDevice *xendev, *next;
143
144 xen_unmap_pcidev(xen_domid, state->ioservid, pci_dev);
145
146 QLIST_FOREACH_SAFE(xendev, &state->dev_list, entry, next) {
147 if (xendev->pci_dev == pci_dev) {
148 QLIST_REMOVE(xendev, entry);
149 g_free(xendev);
150 break;
151 }
152 }
153 }
154 }
155
156 MemoryListener xen_io_listener = {
157 .name = "xen-io",
158 .region_add = xen_io_add,
159 .region_del = xen_io_del,
160 .priority = MEMORY_LISTENER_PRIORITY_ACCEL,
161 };
162
163 DeviceListener xen_device_listener = {
164 .realize = xen_device_realize,
165 .unrealize = xen_device_unrealize,
166 };
167
168 /* get the ioreq packets from share mem */
cpu_get_ioreq_from_shared_memory(XenIOState * state,int vcpu)169 static ioreq_t *cpu_get_ioreq_from_shared_memory(XenIOState *state, int vcpu)
170 {
171 ioreq_t *req = xen_vcpu_ioreq(state->shared_page, vcpu);
172
173 if (req->state != STATE_IOREQ_READY) {
174 trace_cpu_get_ioreq_from_shared_memory_req_not_ready(req->state,
175 req->data_is_ptr,
176 req->addr,
177 req->data,
178 req->count,
179 req->size);
180 return NULL;
181 }
182
183 xen_rmb(); /* see IOREQ_READY /then/ read contents of ioreq */
184
185 req->state = STATE_IOREQ_INPROCESS;
186 return req;
187 }
188
189 /* use poll to get the port notification */
190 /* ioreq_vec--out,the */
191 /* retval--the number of ioreq packet */
cpu_get_ioreq(XenIOState * state)192 static ioreq_t *cpu_get_ioreq(XenIOState *state)
193 {
194 MachineState *ms = MACHINE(qdev_get_machine());
195 unsigned int max_cpus = ms->smp.max_cpus;
196 int i;
197 evtchn_port_t port;
198
199 port = qemu_xen_evtchn_pending(state->xce_handle);
200 if (port == state->bufioreq_local_port) {
201 timer_mod(state->buffered_io_timer,
202 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
203 return NULL;
204 }
205
206 if (port != -1) {
207 for (i = 0; i < max_cpus; i++) {
208 if (state->ioreq_local_port[i] == port) {
209 break;
210 }
211 }
212
213 if (i == max_cpus) {
214 hw_error("Fatal error while trying to get io event!\n");
215 }
216
217 /* unmask the wanted port again */
218 qemu_xen_evtchn_unmask(state->xce_handle, port);
219
220 /* get the io packet from shared memory */
221 state->send_vcpu = i;
222 return cpu_get_ioreq_from_shared_memory(state, i);
223 }
224
225 /* read error or read nothing */
226 return NULL;
227 }
228
do_inp(uint32_t addr,unsigned long size)229 static uint32_t do_inp(uint32_t addr, unsigned long size)
230 {
231 switch (size) {
232 case 1:
233 return cpu_inb(addr);
234 case 2:
235 return cpu_inw(addr);
236 case 4:
237 return cpu_inl(addr);
238 default:
239 hw_error("inp: bad size: %04x %lx", addr, size);
240 }
241 }
242
do_outp(uint32_t addr,unsigned long size,uint32_t val)243 static void do_outp(uint32_t addr,
244 unsigned long size, uint32_t val)
245 {
246 switch (size) {
247 case 1:
248 return cpu_outb(addr, val);
249 case 2:
250 return cpu_outw(addr, val);
251 case 4:
252 return cpu_outl(addr, val);
253 default:
254 hw_error("outp: bad size: %04x %lx", addr, size);
255 }
256 }
257
258 /*
259 * Helper functions which read/write an object from/to physical guest
260 * memory, as part of the implementation of an ioreq.
261 *
262 * Equivalent to
263 * cpu_physical_memory_rw(addr + (req->df ? -1 : +1) * req->size * i,
264 * val, req->size, 0/1)
265 * except without the integer overflow problems.
266 */
rw_phys_req_item(hwaddr addr,ioreq_t * req,uint32_t i,void * val,int rw)267 static void rw_phys_req_item(hwaddr addr,
268 ioreq_t *req, uint32_t i, void *val, int rw)
269 {
270 /* Do everything unsigned so overflow just results in a truncated result
271 * and accesses to undesired parts of guest memory, which is up
272 * to the guest */
273 hwaddr offset = (hwaddr)req->size * i;
274 if (req->df) {
275 addr -= offset;
276 } else {
277 addr += offset;
278 }
279 cpu_physical_memory_rw(addr, val, req->size, rw);
280 }
281
read_phys_req_item(hwaddr addr,ioreq_t * req,uint32_t i,void * val)282 static inline void read_phys_req_item(hwaddr addr,
283 ioreq_t *req, uint32_t i, void *val)
284 {
285 rw_phys_req_item(addr, req, i, val, 0);
286 }
write_phys_req_item(hwaddr addr,ioreq_t * req,uint32_t i,void * val)287 static inline void write_phys_req_item(hwaddr addr,
288 ioreq_t *req, uint32_t i, void *val)
289 {
290 rw_phys_req_item(addr, req, i, val, 1);
291 }
292
293
cpu_ioreq_pio(ioreq_t * req)294 void cpu_ioreq_pio(ioreq_t *req)
295 {
296 uint32_t i;
297
298 trace_cpu_ioreq_pio(req, req->dir, req->df, req->data_is_ptr, req->addr,
299 req->data, req->count, req->size);
300
301 if (req->size > sizeof(uint32_t)) {
302 hw_error("PIO: bad size (%u)", req->size);
303 }
304
305 if (req->dir == IOREQ_READ) {
306 if (!req->data_is_ptr) {
307 req->data = do_inp(req->addr, req->size);
308 trace_cpu_ioreq_pio_read_reg(req, req->data, req->addr,
309 req->size);
310 } else {
311 uint32_t tmp;
312
313 for (i = 0; i < req->count; i++) {
314 tmp = do_inp(req->addr, req->size);
315 write_phys_req_item(req->data, req, i, &tmp);
316 }
317 }
318 } else if (req->dir == IOREQ_WRITE) {
319 if (!req->data_is_ptr) {
320 trace_cpu_ioreq_pio_write_reg(req, req->data, req->addr,
321 req->size);
322 do_outp(req->addr, req->size, req->data);
323 } else {
324 for (i = 0; i < req->count; i++) {
325 uint32_t tmp = 0;
326
327 read_phys_req_item(req->data, req, i, &tmp);
328 do_outp(req->addr, req->size, tmp);
329 }
330 }
331 }
332 }
333
cpu_ioreq_move(ioreq_t * req)334 static void cpu_ioreq_move(ioreq_t *req)
335 {
336 uint32_t i;
337
338 trace_cpu_ioreq_move(req, req->dir, req->df, req->data_is_ptr, req->addr,
339 req->data, req->count, req->size);
340
341 if (req->size > sizeof(req->data)) {
342 hw_error("MMIO: bad size (%u)", req->size);
343 }
344
345 if (!req->data_is_ptr) {
346 if (req->dir == IOREQ_READ) {
347 for (i = 0; i < req->count; i++) {
348 read_phys_req_item(req->addr, req, i, &req->data);
349 }
350 } else if (req->dir == IOREQ_WRITE) {
351 for (i = 0; i < req->count; i++) {
352 write_phys_req_item(req->addr, req, i, &req->data);
353 }
354 }
355 } else {
356 uint64_t tmp;
357
358 if (req->dir == IOREQ_READ) {
359 for (i = 0; i < req->count; i++) {
360 read_phys_req_item(req->addr, req, i, &tmp);
361 write_phys_req_item(req->data, req, i, &tmp);
362 }
363 } else if (req->dir == IOREQ_WRITE) {
364 for (i = 0; i < req->count; i++) {
365 read_phys_req_item(req->data, req, i, &tmp);
366 write_phys_req_item(req->addr, req, i, &tmp);
367 }
368 }
369 }
370 }
371
cpu_ioreq_config(XenIOState * state,ioreq_t * req)372 static void cpu_ioreq_config(XenIOState *state, ioreq_t *req)
373 {
374 uint32_t sbdf = req->addr >> 32;
375 uint32_t reg = req->addr;
376 XenPciDevice *xendev;
377
378 if (req->size != sizeof(uint8_t) && req->size != sizeof(uint16_t) &&
379 req->size != sizeof(uint32_t)) {
380 hw_error("PCI config access: bad size (%u)", req->size);
381 }
382
383 if (req->count != 1) {
384 hw_error("PCI config access: bad count (%u)", req->count);
385 }
386
387 QLIST_FOREACH(xendev, &state->dev_list, entry) {
388 if (xendev->sbdf != sbdf) {
389 continue;
390 }
391
392 if (!req->data_is_ptr) {
393 if (req->dir == IOREQ_READ) {
394 req->data = pci_host_config_read_common(
395 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
396 req->size);
397 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg,
398 req->size, req->data);
399 } else if (req->dir == IOREQ_WRITE) {
400 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg,
401 req->size, req->data);
402 pci_host_config_write_common(
403 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
404 req->data, req->size);
405 }
406 } else {
407 uint32_t tmp;
408
409 if (req->dir == IOREQ_READ) {
410 tmp = pci_host_config_read_common(
411 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
412 req->size);
413 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg,
414 req->size, tmp);
415 write_phys_req_item(req->data, req, 0, &tmp);
416 } else if (req->dir == IOREQ_WRITE) {
417 read_phys_req_item(req->data, req, 0, &tmp);
418 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg,
419 req->size, tmp);
420 pci_host_config_write_common(
421 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
422 tmp, req->size);
423 }
424 }
425 }
426 }
427
handle_ioreq(XenIOState * state,ioreq_t * req)428 static void handle_ioreq(XenIOState *state, ioreq_t *req)
429 {
430 trace_handle_ioreq(req, req->type, req->dir, req->df, req->data_is_ptr,
431 req->addr, req->data, req->count, req->size);
432
433 if (!req->data_is_ptr && (req->dir == IOREQ_WRITE) &&
434 (req->size < sizeof (target_ulong))) {
435 req->data &= ((target_ulong) 1 << (8 * req->size)) - 1;
436 }
437
438 if (req->dir == IOREQ_WRITE)
439 trace_handle_ioreq_write(req, req->type, req->df, req->data_is_ptr,
440 req->addr, req->data, req->count, req->size);
441
442 switch (req->type) {
443 case IOREQ_TYPE_PIO:
444 cpu_ioreq_pio(req);
445 break;
446 case IOREQ_TYPE_COPY:
447 cpu_ioreq_move(req);
448 break;
449 case IOREQ_TYPE_TIMEOFFSET:
450 break;
451 case IOREQ_TYPE_INVALIDATE:
452 xen_invalidate_map_cache();
453 break;
454 case IOREQ_TYPE_PCI_CONFIG:
455 cpu_ioreq_config(state, req);
456 break;
457 default:
458 arch_handle_ioreq(state, req);
459 }
460 if (req->dir == IOREQ_READ) {
461 trace_handle_ioreq_read(req, req->type, req->df, req->data_is_ptr,
462 req->addr, req->data, req->count, req->size);
463 }
464 }
465
handle_buffered_iopage(XenIOState * state)466 static bool handle_buffered_iopage(XenIOState *state)
467 {
468 buffered_iopage_t *buf_page = state->buffered_io_page;
469 buf_ioreq_t *buf_req = NULL;
470 bool handled_ioreq = false;
471 ioreq_t req;
472 int qw;
473
474 if (!buf_page) {
475 return 0;
476 }
477
478 memset(&req, 0x00, sizeof(req));
479 req.state = STATE_IOREQ_READY;
480 req.count = 1;
481 req.dir = IOREQ_WRITE;
482
483 for (;;) {
484 uint32_t rdptr = buf_page->read_pointer, wrptr;
485
486 xen_rmb();
487 wrptr = buf_page->write_pointer;
488 xen_rmb();
489 if (rdptr != buf_page->read_pointer) {
490 continue;
491 }
492 if (rdptr == wrptr) {
493 break;
494 }
495 buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM];
496 req.size = 1U << buf_req->size;
497 req.addr = buf_req->addr;
498 req.data = buf_req->data;
499 req.type = buf_req->type;
500 xen_rmb();
501 qw = (req.size == 8);
502 if (qw) {
503 if (rdptr + 1 == wrptr) {
504 hw_error("Incomplete quad word buffered ioreq");
505 }
506 buf_req = &buf_page->buf_ioreq[(rdptr + 1) %
507 IOREQ_BUFFER_SLOT_NUM];
508 req.data |= ((uint64_t)buf_req->data) << 32;
509 xen_rmb();
510 }
511
512 handle_ioreq(state, &req);
513
514 /* Only req.data may get updated by handle_ioreq(), albeit even that
515 * should not happen as such data would never make it to the guest (we
516 * can only usefully see writes here after all).
517 */
518 assert(req.state == STATE_IOREQ_READY);
519 assert(req.count == 1);
520 assert(req.dir == IOREQ_WRITE);
521 assert(!req.data_is_ptr);
522
523 qatomic_add(&buf_page->read_pointer, qw + 1);
524 handled_ioreq = true;
525 }
526
527 return handled_ioreq;
528 }
529
handle_buffered_io(void * opaque)530 static void handle_buffered_io(void *opaque)
531 {
532 XenIOState *state = opaque;
533
534 if (handle_buffered_iopage(state)) {
535 timer_mod(state->buffered_io_timer,
536 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
537 } else {
538 timer_del(state->buffered_io_timer);
539 qemu_xen_evtchn_unmask(state->xce_handle, state->bufioreq_local_port);
540 }
541 }
542
cpu_handle_ioreq(void * opaque)543 static void cpu_handle_ioreq(void *opaque)
544 {
545 XenIOState *state = opaque;
546 ioreq_t *req = cpu_get_ioreq(state);
547
548 handle_buffered_iopage(state);
549 if (req) {
550 ioreq_t copy = *req;
551
552 xen_rmb();
553 handle_ioreq(state, ©);
554 req->data = copy.data;
555
556 if (req->state != STATE_IOREQ_INPROCESS) {
557 warn_report("Badness in I/O request ... not in service?!: "
558 "%x, ptr: %x, port: %"PRIx64", "
559 "data: %"PRIx64", count: %u, size: %u, type: %u",
560 req->state, req->data_is_ptr, req->addr,
561 req->data, req->count, req->size, req->type);
562 destroy_hvm_domain(false);
563 return;
564 }
565
566 xen_wmb(); /* Update ioreq contents /then/ update state. */
567
568 /*
569 * We do this before we send the response so that the tools
570 * have the opportunity to pick up on the reset before the
571 * guest resumes and does a hlt with interrupts disabled which
572 * causes Xen to powerdown the domain.
573 */
574 if (runstate_is_running()) {
575 ShutdownCause request;
576
577 if (qemu_shutdown_requested_get()) {
578 destroy_hvm_domain(false);
579 }
580 request = qemu_reset_requested_get();
581 if (request) {
582 qemu_system_reset(request);
583 destroy_hvm_domain(true);
584 }
585 }
586
587 req->state = STATE_IORESP_READY;
588 qemu_xen_evtchn_notify(state->xce_handle,
589 state->ioreq_local_port[state->send_vcpu]);
590 }
591 }
592
xen_main_loop_prepare(XenIOState * state)593 static void xen_main_loop_prepare(XenIOState *state)
594 {
595 int evtchn_fd = -1;
596
597 if (state->xce_handle != NULL) {
598 evtchn_fd = qemu_xen_evtchn_fd(state->xce_handle);
599 }
600
601 state->buffered_io_timer = timer_new_ms(QEMU_CLOCK_REALTIME, handle_buffered_io,
602 state);
603
604 if (evtchn_fd != -1) {
605 CPUState *cpu_state;
606
607 CPU_FOREACH(cpu_state) {
608 trace_xen_main_loop_prepare_init_cpu(cpu_state->cpu_index,
609 cpu_state);
610 state->cpu_by_vcpu_id[cpu_state->cpu_index] = cpu_state;
611 }
612 qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state);
613 }
614 }
615
616
xen_hvm_change_state_handler(void * opaque,bool running,RunState rstate)617 void xen_hvm_change_state_handler(void *opaque, bool running,
618 RunState rstate)
619 {
620 XenIOState *state = opaque;
621
622 if (running) {
623 xen_main_loop_prepare(state);
624 }
625
626 xen_set_ioreq_server_state(xen_domid,
627 state->ioservid,
628 running);
629 }
630
xen_exit_notifier(Notifier * n,void * data)631 void xen_exit_notifier(Notifier *n, void *data)
632 {
633 XenIOState *state = container_of(n, XenIOState, exit);
634
635 xen_destroy_ioreq_server(xen_domid, state->ioservid);
636 if (state->fres != NULL) {
637 xenforeignmemory_unmap_resource(xen_fmem, state->fres);
638 }
639
640 qemu_xen_evtchn_close(state->xce_handle);
641 xs_daemon_close(state->xenstore);
642 }
643
xen_map_ioreq_server(XenIOState * state)644 static int xen_map_ioreq_server(XenIOState *state)
645 {
646 void *addr = NULL;
647 xen_pfn_t ioreq_pfn;
648 xen_pfn_t bufioreq_pfn;
649 evtchn_port_t bufioreq_evtchn;
650 int rc;
651
652 /*
653 * Attempt to map using the resource API and fall back to normal
654 * foreign mapping if this is not supported.
655 */
656 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_bufioreq != 0);
657 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_ioreq(0) != 1);
658 state->fres = xenforeignmemory_map_resource(xen_fmem, xen_domid,
659 XENMEM_resource_ioreq_server,
660 state->ioservid, 0, 2,
661 &addr,
662 PROT_READ | PROT_WRITE, 0);
663 if (state->fres != NULL) {
664 trace_xen_map_resource_ioreq(state->ioservid, addr);
665 state->buffered_io_page = addr;
666 state->shared_page = addr + XC_PAGE_SIZE;
667 } else if (errno != EOPNOTSUPP) {
668 error_report("failed to map ioreq server resources: error %d handle=%p",
669 errno, xen_xc);
670 return -1;
671 }
672
673 rc = xen_get_ioreq_server_info(xen_domid, state->ioservid,
674 (state->shared_page == NULL) ?
675 &ioreq_pfn : NULL,
676 (state->buffered_io_page == NULL) ?
677 &bufioreq_pfn : NULL,
678 &bufioreq_evtchn);
679 if (rc < 0) {
680 error_report("failed to get ioreq server info: error %d handle=%p",
681 errno, xen_xc);
682 return rc;
683 }
684
685 if (state->shared_page == NULL) {
686 trace_xen_map_ioreq_server_shared_page(ioreq_pfn);
687
688 state->shared_page = xenforeignmemory_map(xen_fmem, xen_domid,
689 PROT_READ | PROT_WRITE,
690 1, &ioreq_pfn, NULL);
691 if (state->shared_page == NULL) {
692 error_report("map shared IO page returned error %d handle=%p",
693 errno, xen_xc);
694 }
695 }
696
697 if (state->buffered_io_page == NULL) {
698 trace_xen_map_ioreq_server_buffered_io_page(bufioreq_pfn);
699
700 state->buffered_io_page = xenforeignmemory_map(xen_fmem, xen_domid,
701 PROT_READ | PROT_WRITE,
702 1, &bufioreq_pfn,
703 NULL);
704 if (state->buffered_io_page == NULL) {
705 error_report("map buffered IO page returned error %d", errno);
706 return -1;
707 }
708 }
709
710 if (state->shared_page == NULL || state->buffered_io_page == NULL) {
711 return -1;
712 }
713
714 trace_xen_map_ioreq_server_buffered_io_evtchn(bufioreq_evtchn);
715
716 state->bufioreq_remote_port = bufioreq_evtchn;
717
718 return 0;
719 }
720
destroy_hvm_domain(bool reboot)721 void destroy_hvm_domain(bool reboot)
722 {
723 xc_interface *xc_handle;
724 int sts;
725 int rc;
726
727 unsigned int reason = reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff;
728
729 if (xen_dmod) {
730 rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason);
731 if (!rc) {
732 return;
733 }
734 if (errno != ENOTTY /* old Xen */) {
735 error_report("xendevicemodel_shutdown failed with error %d", errno);
736 }
737 /* well, try the old thing then */
738 }
739
740 xc_handle = xc_interface_open(0, 0, 0);
741 if (xc_handle == NULL) {
742 trace_destroy_hvm_domain_cannot_acquire_handle();
743 } else {
744 sts = xc_domain_shutdown(xc_handle, xen_domid, reason);
745 if (sts != 0) {
746 trace_destroy_hvm_domain_failed_action(
747 reboot ? "reboot" : "poweroff", sts, strerror(errno)
748 );
749 } else {
750 trace_destroy_hvm_domain_action(
751 xen_domid, reboot ? "reboot" : "poweroff"
752 );
753 }
754 xc_interface_close(xc_handle);
755 }
756 }
757
xen_shutdown_fatal_error(const char * fmt,...)758 void xen_shutdown_fatal_error(const char *fmt, ...)
759 {
760 va_list ap;
761
762 va_start(ap, fmt);
763 error_vreport(fmt, ap);
764 va_end(ap);
765 error_report("Will destroy the domain.");
766 /* destroy the domain */
767 qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR);
768 }
769
xen_do_ioreq_register(XenIOState * state,unsigned int max_cpus,const MemoryListener * xen_memory_listener)770 static void xen_do_ioreq_register(XenIOState *state,
771 unsigned int max_cpus,
772 const MemoryListener *xen_memory_listener)
773 {
774 int i, rc;
775
776 state->exit.notify = xen_exit_notifier;
777 qemu_add_exit_notifier(&state->exit);
778
779 /*
780 * Register wake-up support in QMP query-current-machine API
781 */
782 qemu_register_wakeup_support();
783
784 rc = xen_map_ioreq_server(state);
785 if (rc < 0) {
786 goto err;
787 }
788
789 /* Note: cpus is empty at this point in init */
790 state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus);
791
792 rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true);
793 if (rc < 0) {
794 error_report("failed to enable ioreq server info: error %d handle=%p",
795 errno, xen_xc);
796 goto err;
797 }
798
799 state->ioreq_local_port = g_new0(evtchn_port_t, max_cpus);
800
801 /* FIXME: how about if we overflow the page here? */
802 for (i = 0; i < max_cpus; i++) {
803 rc = qemu_xen_evtchn_bind_interdomain(state->xce_handle, xen_domid,
804 xen_vcpu_eport(state->shared_page,
805 i));
806 if (rc == -1) {
807 error_report("shared evtchn %d bind error %d", i, errno);
808 goto err;
809 }
810 state->ioreq_local_port[i] = rc;
811 }
812
813 rc = qemu_xen_evtchn_bind_interdomain(state->xce_handle, xen_domid,
814 state->bufioreq_remote_port);
815 if (rc == -1) {
816 error_report("buffered evtchn bind error %d", errno);
817 goto err;
818 }
819 state->bufioreq_local_port = rc;
820
821 /* Init RAM management */
822 #ifdef XEN_COMPAT_PHYSMAP
823 xen_map_cache_init(xen_phys_offset_to_gaddr, state);
824 #else
825 xen_map_cache_init(NULL, state);
826 #endif
827
828 qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
829
830 state->memory_listener = *xen_memory_listener;
831 memory_listener_register(&state->memory_listener, &address_space_memory);
832
833 state->io_listener = xen_io_listener;
834 memory_listener_register(&state->io_listener, &address_space_io);
835
836 state->device_listener = xen_device_listener;
837 QLIST_INIT(&state->dev_list);
838 device_listener_register(&state->device_listener);
839
840 return;
841
842 err:
843 error_report("xen hardware virtual machine initialisation failed");
844 exit(1);
845 }
846
xen_register_ioreq(XenIOState * state,unsigned int max_cpus,const MemoryListener * xen_memory_listener)847 void xen_register_ioreq(XenIOState *state, unsigned int max_cpus,
848 const MemoryListener *xen_memory_listener)
849 {
850 int rc;
851
852 setup_xen_backend_ops();
853
854 state->xce_handle = qemu_xen_evtchn_open();
855 if (state->xce_handle == NULL) {
856 error_report("xen: event channel open failed with error %d", errno);
857 goto err;
858 }
859
860 state->xenstore = xs_daemon_open();
861 if (state->xenstore == NULL) {
862 error_report("xen: xenstore open failed with error %d", errno);
863 goto err;
864 }
865
866 rc = xen_create_ioreq_server(xen_domid, &state->ioservid);
867 if (!rc) {
868 xen_do_ioreq_register(state, max_cpus, xen_memory_listener);
869 } else {
870 warn_report("xen: failed to create ioreq server");
871 }
872
873 xen_bus_init();
874
875 return;
876
877 err:
878 error_report("xen hardware virtual machine backend registration failed");
879 exit(1);
880 }
881