IB: Fix information leak in marshalling code
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / lguest / lguest_device.c
blob69c84a1d88ea982d164ca55a94a9c8544c0cceb9
1 /*P:050
2 * Lguest guests use a very simple method to describe devices. It's a
3 * series of device descriptors contained just above the top of normal Guest
4 * memory.
6 * We use the standard "virtio" device infrastructure, which provides us with a
7 * console, a network and a block driver. Each one expects some configuration
8 * information and a "virtqueue" or two to send and receive data.
9 :*/
10 #include <linux/init.h>
11 #include <linux/bootmem.h>
12 #include <linux/lguest_launcher.h>
13 #include <linux/virtio.h>
14 #include <linux/virtio_config.h>
15 #include <linux/interrupt.h>
16 #include <linux/virtio_ring.h>
17 #include <linux/err.h>
18 #include <linux/slab.h>
19 #include <asm/io.h>
20 #include <asm/paravirt.h>
21 #include <asm/lguest_hcall.h>
23 /* The pointer to our (page) of device descriptions. */
24 static void *lguest_devices;
27 * For Guests, device memory can be used as normal memory, so we cast away the
28 * __iomem to quieten sparse.
30 static inline void *lguest_map(unsigned long phys_addr, unsigned long pages)
32 return (__force void *)ioremap_cache(phys_addr, PAGE_SIZE*pages);
35 static inline void lguest_unmap(void *addr)
37 iounmap((__force void __iomem *)addr);
40 /*D:100
41 * Each lguest device is just a virtio device plus a pointer to its entry
42 * in the lguest_devices page.
44 struct lguest_device {
45 struct virtio_device vdev;
47 /* The entry in the lguest_devices page for this device. */
48 struct lguest_device_desc *desc;
52 * Since the virtio infrastructure hands us a pointer to the virtio_device all
53 * the time, it helps to have a curt macro to get a pointer to the struct
54 * lguest_device it's enclosed in.
56 #define to_lgdev(vd) container_of(vd, struct lguest_device, vdev)
58 /*D:130
59 * Device configurations
61 * The configuration information for a device consists of one or more
62 * virtqueues, a feature bitmap, and some configuration bytes. The
63 * configuration bytes don't really matter to us: the Launcher sets them up, and
64 * the driver will look at them during setup.
66 * A convenient routine to return the device's virtqueue config array:
67 * immediately after the descriptor.
69 static struct lguest_vqconfig *lg_vq(const struct lguest_device_desc *desc)
71 return (void *)(desc + 1);
74 /* The features come immediately after the virtqueues. */
75 static u8 *lg_features(const struct lguest_device_desc *desc)
77 return (void *)(lg_vq(desc) + desc->num_vq);
80 /* The config space comes after the two feature bitmasks. */
81 static u8 *lg_config(const struct lguest_device_desc *desc)
83 return lg_features(desc) + desc->feature_len * 2;
86 /* The total size of the config page used by this device (incl. desc) */
87 static unsigned desc_size(const struct lguest_device_desc *desc)
89 return sizeof(*desc)
90 + desc->num_vq * sizeof(struct lguest_vqconfig)
91 + desc->feature_len * 2
92 + desc->config_len;
95 /* This gets the device's feature bits. */
96 static u32 lg_get_features(struct virtio_device *vdev)
98 unsigned int i;
99 u32 features = 0;
100 struct lguest_device_desc *desc = to_lgdev(vdev)->desc;
101 u8 *in_features = lg_features(desc);
103 /* We do this the slow but generic way. */
104 for (i = 0; i < min(desc->feature_len * 8, 32); i++)
105 if (in_features[i / 8] & (1 << (i % 8)))
106 features |= (1 << i);
108 return features;
112 * The virtio core takes the features the Host offers, and copies the ones
113 * supported by the driver into the vdev->features array. Once that's all
114 * sorted out, this routine is called so we can tell the Host which features we
115 * understand and accept.
117 static void lg_finalize_features(struct virtio_device *vdev)
119 unsigned int i, bits;
120 struct lguest_device_desc *desc = to_lgdev(vdev)->desc;
121 /* Second half of bitmap is features we accept. */
122 u8 *out_features = lg_features(desc) + desc->feature_len;
124 /* Give virtio_ring a chance to accept features. */
125 vring_transport_features(vdev);
128 * The vdev->feature array is a Linux bitmask: this isn't the same as a
129 * the simple array of bits used by lguest devices for features. So we
130 * do this slow, manual conversion which is completely general.
132 memset(out_features, 0, desc->feature_len);
133 bits = min_t(unsigned, desc->feature_len, sizeof(vdev->features)) * 8;
134 for (i = 0; i < bits; i++) {
135 if (test_bit(i, vdev->features))
136 out_features[i / 8] |= (1 << (i % 8));
140 /* Once they've found a field, getting a copy of it is easy. */
141 static void lg_get(struct virtio_device *vdev, unsigned int offset,
142 void *buf, unsigned len)
144 struct lguest_device_desc *desc = to_lgdev(vdev)->desc;
146 /* Check they didn't ask for more than the length of the config! */
147 BUG_ON(offset + len > desc->config_len);
148 memcpy(buf, lg_config(desc) + offset, len);
151 /* Setting the contents is also trivial. */
152 static void lg_set(struct virtio_device *vdev, unsigned int offset,
153 const void *buf, unsigned len)
155 struct lguest_device_desc *desc = to_lgdev(vdev)->desc;
157 /* Check they didn't ask for more than the length of the config! */
158 BUG_ON(offset + len > desc->config_len);
159 memcpy(lg_config(desc) + offset, buf, len);
163 * The operations to get and set the status word just access the status field
164 * of the device descriptor.
166 static u8 lg_get_status(struct virtio_device *vdev)
168 return to_lgdev(vdev)->desc->status;
172 * To notify on status updates, we (ab)use the NOTIFY hypercall, with the
173 * descriptor address of the device. A zero status means "reset".
175 static void set_status(struct virtio_device *vdev, u8 status)
177 unsigned long offset = (void *)to_lgdev(vdev)->desc - lguest_devices;
179 /* We set the status. */
180 to_lgdev(vdev)->desc->status = status;
181 hcall(LHCALL_NOTIFY, (max_pfn << PAGE_SHIFT) + offset, 0, 0, 0);
184 static void lg_set_status(struct virtio_device *vdev, u8 status)
186 BUG_ON(!status);
187 set_status(vdev, status);
190 static void lg_reset(struct virtio_device *vdev)
192 set_status(vdev, 0);
196 * Virtqueues
198 * The other piece of infrastructure virtio needs is a "virtqueue": a way of
199 * the Guest device registering buffers for the other side to read from or
200 * write into (ie. send and receive buffers). Each device can have multiple
201 * virtqueues: for example the console driver uses one queue for sending and
202 * another for receiving.
204 * Fortunately for us, a very fast shared-memory-plus-descriptors virtqueue
205 * already exists in virtio_ring.c. We just need to connect it up.
207 * We start with the information we need to keep about each virtqueue.
210 /*D:140 This is the information we remember about each virtqueue. */
211 struct lguest_vq_info {
212 /* A copy of the information contained in the device config. */
213 struct lguest_vqconfig config;
215 /* The address where we mapped the virtio ring, so we can unmap it. */
216 void *pages;
220 * When the virtio_ring code wants to prod the Host, it calls us here and we
221 * make a hypercall. We hand the physical address of the virtqueue so the Host
222 * knows which virtqueue we're talking about.
224 static void lg_notify(struct virtqueue *vq)
227 * We store our virtqueue information in the "priv" pointer of the
228 * virtqueue structure.
230 struct lguest_vq_info *lvq = vq->priv;
232 hcall(LHCALL_NOTIFY, lvq->config.pfn << PAGE_SHIFT, 0, 0, 0);
235 /* An extern declaration inside a C file is bad form. Don't do it. */
236 extern void lguest_setup_irq(unsigned int irq);
239 * This routine finds the Nth virtqueue described in the configuration of
240 * this device and sets it up.
242 * This is kind of an ugly duckling. It'd be nicer to have a standard
243 * representation of a virtqueue in the configuration space, but it seems that
244 * everyone wants to do it differently. The KVM coders want the Guest to
245 * allocate its own pages and tell the Host where they are, but for lguest it's
246 * simpler for the Host to simply tell us where the pages are.
248 static struct virtqueue *lg_find_vq(struct virtio_device *vdev,
249 unsigned index,
250 void (*callback)(struct virtqueue *vq),
251 const char *name)
253 struct lguest_device *ldev = to_lgdev(vdev);
254 struct lguest_vq_info *lvq;
255 struct virtqueue *vq;
256 int err;
258 /* We must have this many virtqueues. */
259 if (index >= ldev->desc->num_vq)
260 return ERR_PTR(-ENOENT);
262 lvq = kmalloc(sizeof(*lvq), GFP_KERNEL);
263 if (!lvq)
264 return ERR_PTR(-ENOMEM);
267 * Make a copy of the "struct lguest_vqconfig" entry, which sits after
268 * the descriptor. We need a copy because the config space might not
269 * be aligned correctly.
271 memcpy(&lvq->config, lg_vq(ldev->desc)+index, sizeof(lvq->config));
273 printk("Mapping virtqueue %i addr %lx\n", index,
274 (unsigned long)lvq->config.pfn << PAGE_SHIFT);
275 /* Figure out how many pages the ring will take, and map that memory */
276 lvq->pages = lguest_map((unsigned long)lvq->config.pfn << PAGE_SHIFT,
277 DIV_ROUND_UP(vring_size(lvq->config.num,
278 LGUEST_VRING_ALIGN),
279 PAGE_SIZE));
280 if (!lvq->pages) {
281 err = -ENOMEM;
282 goto free_lvq;
286 * OK, tell virtio_ring.c to set up a virtqueue now we know its size
287 * and we've got a pointer to its pages.
289 vq = vring_new_virtqueue(lvq->config.num, LGUEST_VRING_ALIGN,
290 vdev, lvq->pages, lg_notify, callback, name);
291 if (!vq) {
292 err = -ENOMEM;
293 goto unmap;
296 /* Make sure the interrupt is allocated. */
297 lguest_setup_irq(lvq->config.irq);
300 * Tell the interrupt for this virtqueue to go to the virtio_ring
301 * interrupt handler.
303 * FIXME: We used to have a flag for the Host to tell us we could use
304 * the interrupt as a source of randomness: it'd be nice to have that
305 * back.
307 err = request_irq(lvq->config.irq, vring_interrupt, IRQF_SHARED,
308 dev_name(&vdev->dev), vq);
309 if (err)
310 goto destroy_vring;
313 * Last of all we hook up our 'struct lguest_vq_info" to the
314 * virtqueue's priv pointer.
316 vq->priv = lvq;
317 return vq;
319 destroy_vring:
320 vring_del_virtqueue(vq);
321 unmap:
322 lguest_unmap(lvq->pages);
323 free_lvq:
324 kfree(lvq);
325 return ERR_PTR(err);
327 /*:*/
329 /* Cleaning up a virtqueue is easy */
330 static void lg_del_vq(struct virtqueue *vq)
332 struct lguest_vq_info *lvq = vq->priv;
334 /* Release the interrupt */
335 free_irq(lvq->config.irq, vq);
336 /* Tell virtio_ring.c to free the virtqueue. */
337 vring_del_virtqueue(vq);
338 /* Unmap the pages containing the ring. */
339 lguest_unmap(lvq->pages);
340 /* Free our own queue information. */
341 kfree(lvq);
344 static void lg_del_vqs(struct virtio_device *vdev)
346 struct virtqueue *vq, *n;
348 list_for_each_entry_safe(vq, n, &vdev->vqs, list)
349 lg_del_vq(vq);
352 static int lg_find_vqs(struct virtio_device *vdev, unsigned nvqs,
353 struct virtqueue *vqs[],
354 vq_callback_t *callbacks[],
355 const char *names[])
357 struct lguest_device *ldev = to_lgdev(vdev);
358 int i;
360 /* We must have this many virtqueues. */
361 if (nvqs > ldev->desc->num_vq)
362 return -ENOENT;
364 for (i = 0; i < nvqs; ++i) {
365 vqs[i] = lg_find_vq(vdev, i, callbacks[i], names[i]);
366 if (IS_ERR(vqs[i]))
367 goto error;
369 return 0;
371 error:
372 lg_del_vqs(vdev);
373 return PTR_ERR(vqs[i]);
376 /* The ops structure which hooks everything together. */
377 static struct virtio_config_ops lguest_config_ops = {
378 .get_features = lg_get_features,
379 .finalize_features = lg_finalize_features,
380 .get = lg_get,
381 .set = lg_set,
382 .get_status = lg_get_status,
383 .set_status = lg_set_status,
384 .reset = lg_reset,
385 .find_vqs = lg_find_vqs,
386 .del_vqs = lg_del_vqs,
390 * The root device for the lguest virtio devices. This makes them appear as
391 * /sys/devices/lguest/0,1,2 not /sys/devices/0,1,2.
393 static struct device *lguest_root;
395 /*D:120
396 * This is the core of the lguest bus: actually adding a new device.
397 * It's a separate function because it's neater that way, and because an
398 * earlier version of the code supported hotplug and unplug. They were removed
399 * early on because they were never used.
401 * As Andrew Tridgell says, "Untested code is buggy code".
403 * It's worth reading this carefully: we start with a pointer to the new device
404 * descriptor in the "lguest_devices" page, and the offset into the device
405 * descriptor page so we can uniquely identify it if things go badly wrong.
407 static void add_lguest_device(struct lguest_device_desc *d,
408 unsigned int offset)
410 struct lguest_device *ldev;
412 /* Start with zeroed memory; Linux's device layer counts on it. */
413 ldev = kzalloc(sizeof(*ldev), GFP_KERNEL);
414 if (!ldev) {
415 printk(KERN_EMERG "Cannot allocate lguest dev %u type %u\n",
416 offset, d->type);
417 return;
420 /* This devices' parent is the lguest/ dir. */
421 ldev->vdev.dev.parent = lguest_root;
423 * The device type comes straight from the descriptor. There's also a
424 * device vendor field in the virtio_device struct, which we leave as
425 * 0.
427 ldev->vdev.id.device = d->type;
429 * We have a simple set of routines for querying the device's
430 * configuration information and setting its status.
432 ldev->vdev.config = &lguest_config_ops;
433 /* And we remember the device's descriptor for lguest_config_ops. */
434 ldev->desc = d;
437 * register_virtio_device() sets up the generic fields for the struct
438 * virtio_device and calls device_register(). This makes the bus
439 * infrastructure look for a matching driver.
441 if (register_virtio_device(&ldev->vdev) != 0) {
442 printk(KERN_ERR "Failed to register lguest dev %u type %u\n",
443 offset, d->type);
444 kfree(ldev);
448 /*D:110
449 * scan_devices() simply iterates through the device page. The type 0 is
450 * reserved to mean "end of devices".
452 static void scan_devices(void)
454 unsigned int i;
455 struct lguest_device_desc *d;
457 /* We start at the page beginning, and skip over each entry. */
458 for (i = 0; i < PAGE_SIZE; i += desc_size(d)) {
459 d = lguest_devices + i;
461 /* Once we hit a zero, stop. */
462 if (d->type == 0)
463 break;
465 printk("Device at %i has size %u\n", i, desc_size(d));
466 add_lguest_device(d, i);
470 /*D:105
471 * Fairly early in boot, lguest_devices_init() is called to set up the
472 * lguest device infrastructure. We check that we are a Guest by checking
473 * pv_info.name: there are other ways of checking, but this seems most
474 * obvious to me.
476 * So we can access the "struct lguest_device_desc"s easily, we map that memory
477 * and store the pointer in the global "lguest_devices". Then we register a
478 * root device from which all our devices will hang (this seems to be the
479 * correct sysfs incantation).
481 * Finally we call scan_devices() which adds all the devices found in the
482 * lguest_devices page.
484 static int __init lguest_devices_init(void)
486 if (strcmp(pv_info.name, "lguest") != 0)
487 return 0;
489 lguest_root = root_device_register("lguest");
490 if (IS_ERR(lguest_root))
491 panic("Could not register lguest root");
493 /* Devices are in a single page above top of "normal" mem */
494 lguest_devices = lguest_map(max_pfn<<PAGE_SHIFT, 1);
496 scan_devices();
497 return 0;
499 /* We do this after core stuff, but before the drivers. */
500 postcore_initcall(lguest_devices_init);
502 /*D:150
503 * At this point in the journey we used to now wade through the lguest
504 * devices themselves: net, block and console. Since they're all now virtio
505 * devices rather than lguest-specific, I've decided to ignore them. Mostly,
506 * they're kind of boring. But this does mean you'll never experience the
507 * thrill of reading the forbidden love scene buried deep in the block driver.
509 * "make Launcher" beckons, where we answer questions like "Where do Guests
510 * come from?", and "What do you do when someone asks for optimization?".