search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
xen: Avoid VLA
[qemu/ar7.git] / hw / i386 / xen / xen-hvm.c
blobed9c37c72d116e314fe5e4a06901a4e2be0c64b3
1 /*
2 * Copyright (C) 2010 Citrix Ltd.
3 *
4 * This work is licensed under the terms of the GNU GPL, version 2. See
5 * the COPYING file in the top-level directory.
6 *
7 * Contributions after 2012-01-13 are licensed under the terms of the
8 * GNU GPL, version 2 or (at your option) any later version.
9 */
10
11 #include "qemu/osdep.h"
12
13 #include "cpu.h"
14 #include "hw/pci/pci.h"
15 #include "hw/pci/pci_host.h"
16 #include "hw/i386/pc.h"
17 #include "hw/i386/apic-msidef.h"
18 #include "hw/xen/xen_common.h"
19 #include "hw/xen/xen-legacy-backend.h"
20 #include "hw/xen/xen-bus.h"
21 #include "qapi/error.h"
22 #include "qapi/qapi-commands-misc.h"
23 #include "qemu/error-report.h"
24 #include "qemu/range.h"
25 #include "sysemu/xen-mapcache.h"
26 #include "trace.h"
27 #include "exec/address-spaces.h"
28
29 #include <xen/hvm/ioreq.h>
30 #include <xen/hvm/params.h>
31 #include <xen/hvm/e820.h>
32
33 //#define DEBUG_XEN_HVM
34
35 #ifdef DEBUG_XEN_HVM
36 #define DPRINTF(fmt, ...) \
37 do { fprintf(stderr, "xen: " fmt, ## __VA_ARGS__); } while (0)
38 #else
39 #define DPRINTF(fmt, ...) \
40 do { } while (0)
41 #endif
42
43 static MemoryRegion ram_memory, ram_640k, ram_lo, ram_hi;
44 static MemoryRegion *framebuffer;
45 static bool xen_in_migration;
46
47 /* Compatibility with older version */
48
49 /* This allows QEMU to build on a system that has Xen 4.5 or earlier
50 * installed. This here (not in hw/xen/xen_common.h) because xen/hvm/ioreq.h
51 * needs to be included before this block and hw/xen/xen_common.h needs to
52 * be included before xen/hvm/ioreq.h
53 */
54 #ifndef IOREQ_TYPE_VMWARE_PORT
55 #define IOREQ_TYPE_VMWARE_PORT 3
56 struct vmware_regs {
57 uint32_t esi;
58 uint32_t edi;
59 uint32_t ebx;
60 uint32_t ecx;
61 uint32_t edx;
62 };
63 typedef struct vmware_regs vmware_regs_t;
64
65 struct shared_vmport_iopage {
66 struct vmware_regs vcpu_vmport_regs[1];
67 };
68 typedef struct shared_vmport_iopage shared_vmport_iopage_t;
69 #endif
70
71 static inline uint32_t xen_vcpu_eport(shared_iopage_t *shared_page, int i)
72 {
73 return shared_page->vcpu_ioreq[i].vp_eport;
74 }
75 static inline ioreq_t *xen_vcpu_ioreq(shared_iopage_t *shared_page, int vcpu)
76 {
77 return &shared_page->vcpu_ioreq[vcpu];
78 }
79
80 #define BUFFER_IO_MAX_DELAY 100
81
82 typedef struct XenPhysmap {
83 hwaddr start_addr;
84 ram_addr_t size;
85 const char *name;
86 hwaddr phys_offset;
87
88 QLIST_ENTRY(XenPhysmap) list;
89 } XenPhysmap;
90
91 static QLIST_HEAD(, XenPhysmap) xen_physmap;
92
93 typedef struct XenPciDevice {
94 PCIDevice *pci_dev;
95 uint32_t sbdf;
96 QLIST_ENTRY(XenPciDevice) entry;
97 } XenPciDevice;
98
99 typedef struct XenIOState {
100 ioservid_t ioservid;
101 shared_iopage_t *shared_page;
102 shared_vmport_iopage_t *shared_vmport_page;
103 buffered_iopage_t *buffered_io_page;
104 QEMUTimer *buffered_io_timer;
105 CPUState **cpu_by_vcpu_id;
106 /* the evtchn port for polling the notification, */
107 evtchn_port_t *ioreq_local_port;
108 /* evtchn remote and local ports for buffered io */
109 evtchn_port_t bufioreq_remote_port;
110 evtchn_port_t bufioreq_local_port;
111 /* the evtchn fd for polling */
112 xenevtchn_handle *xce_handle;
113 /* which vcpu we are serving */
114 int send_vcpu;
115
116 struct xs_handle *xenstore;
117 MemoryListener memory_listener;
118 MemoryListener io_listener;
119 QLIST_HEAD(, XenPciDevice) dev_list;
120 DeviceListener device_listener;
121 hwaddr free_phys_offset;
122 const XenPhysmap *log_for_dirtybit;
123 /* Buffer used by xen_sync_dirty_bitmap */
124 unsigned long *dirty_bitmap;
125
126 Notifier exit;
127 Notifier suspend;
128 Notifier wakeup;
129 } XenIOState;
130
131 /* Xen specific function for piix pci */
132
133 int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num)
134 {
135 return irq_num + ((pci_dev->devfn >> 3) << 2);
136 }
137
138 void xen_piix3_set_irq(void *opaque, int irq_num, int level)
139 {
140 xen_set_pci_intx_level(xen_domid, 0, 0, irq_num >> 2,
141 irq_num & 3, level);
142 }
143
144 void xen_piix_pci_write_config_client(uint32_t address, uint32_t val, int len)
145 {
146 int i;
147
148 /* Scan for updates to PCI link routes (0x60-0x63). */
149 for (i = 0; i < len; i++) {
150 uint8_t v = (val >> (8 * i)) & 0xff;
151 if (v & 0x80) {
152 v = 0;
153 }
154 v &= 0xf;
155 if (((address + i) >= 0x60) && ((address + i) <= 0x63)) {
156 xen_set_pci_link_route(xen_domid, address + i - 0x60, v);
157 }
158 }
159 }
160
161 int xen_is_pirq_msi(uint32_t msi_data)
162 {
163 /* If vector is 0, the msi is remapped into a pirq, passed as
164 * dest_id.
165 */
166 return ((msi_data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT) == 0;
167 }
168
169 void xen_hvm_inject_msi(uint64_t addr, uint32_t data)
170 {
171 xen_inject_msi(xen_domid, addr, data);
172 }
173
174 static void xen_suspend_notifier(Notifier *notifier, void *data)
175 {
176 xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 3);
177 }
178
179 /* Xen Interrupt Controller */
180
181 static void xen_set_irq(void *opaque, int irq, int level)
182 {
183 xen_set_isa_irq_level(xen_domid, irq, level);
184 }
185
186 qemu_irq *xen_interrupt_controller_init(void)
187 {
188 return qemu_allocate_irqs(xen_set_irq, NULL, 16);
189 }
190
191 /* Memory Ops */
192
193 static void xen_ram_init(PCMachineState *pcms,
194 ram_addr_t ram_size, MemoryRegion **ram_memory_p)
195 {
196 MemoryRegion *sysmem = get_system_memory();
197 ram_addr_t block_len;
198 uint64_t user_lowmem = object_property_get_uint(qdev_get_machine(),
199 PC_MACHINE_MAX_RAM_BELOW_4G,
200 &error_abort);
201
202 /* Handle the machine opt max-ram-below-4g. It is basically doing
203 * min(xen limit, user limit).
204 */
205 if (!user_lowmem) {
206 user_lowmem = HVM_BELOW_4G_RAM_END; /* default */
207 }
208 if (HVM_BELOW_4G_RAM_END <= user_lowmem) {
209 user_lowmem = HVM_BELOW_4G_RAM_END;
210 }
211
212 if (ram_size >= user_lowmem) {
213 pcms->above_4g_mem_size = ram_size - user_lowmem;
214 pcms->below_4g_mem_size = user_lowmem;
215 } else {
216 pcms->above_4g_mem_size = 0;
217 pcms->below_4g_mem_size = ram_size;
218 }
219 if (!pcms->above_4g_mem_size) {
220 block_len = ram_size;
221 } else {
222 /*
223 * Xen does not allocate the memory continuously, it keeps a
224 * hole of the size computed above or passed in.
225 */
226 block_len = (1ULL << 32) + pcms->above_4g_mem_size;
227 }
228 memory_region_init_ram(&ram_memory, NULL, "xen.ram", block_len,
229 &error_fatal);
230 *ram_memory_p = &ram_memory;
231
232 memory_region_init_alias(&ram_640k, NULL, "xen.ram.640k",
233 &ram_memory, 0, 0xa0000);
234 memory_region_add_subregion(sysmem, 0, &ram_640k);
235 /* Skip of the VGA IO memory space, it will be registered later by the VGA
236 * emulated device.
237 *
238 * The area between 0xc0000 and 0x100000 will be used by SeaBIOS to load
239 * the Options ROM, so it is registered here as RAM.
240 */
241 memory_region_init_alias(&ram_lo, NULL, "xen.ram.lo",
242 &ram_memory, 0xc0000,
243 pcms->below_4g_mem_size - 0xc0000);
244 memory_region_add_subregion(sysmem, 0xc0000, &ram_lo);
245 if (pcms->above_4g_mem_size > 0) {
246 memory_region_init_alias(&ram_hi, NULL, "xen.ram.hi",
247 &ram_memory, 0x100000000ULL,
248 pcms->above_4g_mem_size);
249 memory_region_add_subregion(sysmem, 0x100000000ULL, &ram_hi);
250 }
251 }
252
253 void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, MemoryRegion *mr,
254 Error **errp)
255 {
256 unsigned long nr_pfn;
257 xen_pfn_t *pfn_list;
258 int i;
259
260 if (runstate_check(RUN_STATE_INMIGRATE)) {
261 /* RAM already populated in Xen */
262 fprintf(stderr, "%s: do not alloc "RAM_ADDR_FMT
263 " bytes of ram at "RAM_ADDR_FMT" when runstate is INMIGRATE\n",
264 __func__, size, ram_addr);
265 return;
266 }
267
268 if (mr == &ram_memory) {
269 return;
270 }
271
272 trace_xen_ram_alloc(ram_addr, size);
273
274 nr_pfn = size >> TARGET_PAGE_BITS;
275 pfn_list = g_malloc(sizeof (*pfn_list) * nr_pfn);
276
277 for (i = 0; i < nr_pfn; i++) {
278 pfn_list[i] = (ram_addr >> TARGET_PAGE_BITS) + i;
279 }
280
281 if (xc_domain_populate_physmap_exact(xen_xc, xen_domid, nr_pfn, 0, 0, pfn_list)) {
282 error_setg(errp, "xen: failed to populate ram at " RAM_ADDR_FMT,
283 ram_addr);
284 }
285
286 g_free(pfn_list);
287 }
288
289 static XenPhysmap *get_physmapping(hwaddr start_addr, ram_addr_t size)
290 {
291 XenPhysmap *physmap = NULL;
292
293 start_addr &= TARGET_PAGE_MASK;
294
295 QLIST_FOREACH(physmap, &xen_physmap, list) {
296 if (range_covers_byte(physmap->start_addr, physmap->size, start_addr)) {
297 return physmap;
298 }
299 }
300 return NULL;
301 }
302
303 static hwaddr xen_phys_offset_to_gaddr(hwaddr phys_offset, ram_addr_t size)
304 {
305 hwaddr addr = phys_offset & TARGET_PAGE_MASK;
306 XenPhysmap *physmap = NULL;
307
308 QLIST_FOREACH(physmap, &xen_physmap, list) {
309 if (range_covers_byte(physmap->phys_offset, physmap->size, addr)) {
310 return physmap->start_addr + (phys_offset - physmap->phys_offset);
311 }
312 }
313
314 return phys_offset;
315 }
316
317 #ifdef XEN_COMPAT_PHYSMAP
318 static int xen_save_physmap(XenIOState *state, XenPhysmap *physmap)
319 {
320 char path[80], value[17];
321
322 snprintf(path, sizeof(path),
323 "/local/domain/0/device-model/%d/physmap/%"PRIx64"/start_addr",
324 xen_domid, (uint64_t)physmap->phys_offset);
325 snprintf(value, sizeof(value), "%"PRIx64, (uint64_t)physmap->start_addr);
326 if (!xs_write(state->xenstore, 0, path, value, strlen(value))) {
327 return -1;
328 }
329 snprintf(path, sizeof(path),
330 "/local/domain/0/device-model/%d/physmap/%"PRIx64"/size",
331 xen_domid, (uint64_t)physmap->phys_offset);
332 snprintf(value, sizeof(value), "%"PRIx64, (uint64_t)physmap->size);
333 if (!xs_write(state->xenstore, 0, path, value, strlen(value))) {
334 return -1;
335 }
336 if (physmap->name) {
337 snprintf(path, sizeof(path),
338 "/local/domain/0/device-model/%d/physmap/%"PRIx64"/name",
339 xen_domid, (uint64_t)physmap->phys_offset);
340 if (!xs_write(state->xenstore, 0, path,
341 physmap->name, strlen(physmap->name))) {
342 return -1;
343 }
344 }
345 return 0;
346 }
347 #else
348 static int xen_save_physmap(XenIOState *state, XenPhysmap *physmap)
349 {
350 return 0;
351 }
352 #endif
353
354 static int xen_add_to_physmap(XenIOState *state,
355 hwaddr start_addr,
356 ram_addr_t size,
357 MemoryRegion *mr,
358 hwaddr offset_within_region)
359 {
360 unsigned long nr_pages;
361 int rc = 0;
362 XenPhysmap *physmap = NULL;
363 hwaddr pfn, start_gpfn;
364 hwaddr phys_offset = memory_region_get_ram_addr(mr);
365 const char *mr_name;
366
367 if (get_physmapping(start_addr, size)) {
368 return 0;
369 }
370 if (size <= 0) {
371 return -1;
372 }
373
374 /* Xen can only handle a single dirty log region for now and we want
375 * the linear framebuffer to be that region.
376 * Avoid tracking any regions that is not videoram and avoid tracking
377 * the legacy vga region. */
378 if (mr == framebuffer && start_addr > 0xbffff) {
379 goto go_physmap;
380 }
381 return -1;
382
383 go_physmap:
384 DPRINTF("mapping vram to %"HWADDR_PRIx" - %"HWADDR_PRIx"\n",
385 start_addr, start_addr + size);
386
387 mr_name = memory_region_name(mr);
388
389 physmap = g_malloc(sizeof(XenPhysmap));
390
391 physmap->start_addr = start_addr;
392 physmap->size = size;
393 physmap->name = mr_name;
394 physmap->phys_offset = phys_offset;
395
396 QLIST_INSERT_HEAD(&xen_physmap, physmap, list);
397
398 if (runstate_check(RUN_STATE_INMIGRATE)) {
399 /* Now when we have a physmap entry we can replace a dummy mapping with
400 * a real one of guest foreign memory. */
401 uint8_t *p = xen_replace_cache_entry(phys_offset, start_addr, size);
402 assert(p && p == memory_region_get_ram_ptr(mr));
403
404 return 0;
405 }
406
407 pfn = phys_offset >> TARGET_PAGE_BITS;
408 start_gpfn = start_addr >> TARGET_PAGE_BITS;
409 nr_pages = size >> TARGET_PAGE_BITS;
410 rc = xendevicemodel_relocate_memory(xen_dmod, xen_domid, nr_pages, pfn,
411 start_gpfn);
412 if (rc) {
413 int saved_errno = errno;
414
415 error_report("relocate_memory %lu pages from GFN %"HWADDR_PRIx
416 " to GFN %"HWADDR_PRIx" failed: %s",
417 nr_pages, pfn, start_gpfn, strerror(saved_errno));
418 errno = saved_errno;
419 return -1;
420 }
421
422 rc = xendevicemodel_pin_memory_cacheattr(xen_dmod, xen_domid,
423 start_addr >> TARGET_PAGE_BITS,
424 (start_addr + size - 1) >> TARGET_PAGE_BITS,
425 XEN_DOMCTL_MEM_CACHEATTR_WB);
426 if (rc) {
427 error_report("pin_memory_cacheattr failed: %s", strerror(errno));
428 }
429 return xen_save_physmap(state, physmap);
430 }
431
432 static int xen_remove_from_physmap(XenIOState *state,
433 hwaddr start_addr,
434 ram_addr_t size)
435 {
436 int rc = 0;
437 XenPhysmap *physmap = NULL;
438 hwaddr phys_offset = 0;
439
440 physmap = get_physmapping(start_addr, size);
441 if (physmap == NULL) {
442 return -1;
443 }
444
445 phys_offset = physmap->phys_offset;
446 size = physmap->size;
447
448 DPRINTF("unmapping vram to %"HWADDR_PRIx" - %"HWADDR_PRIx", at "
449 "%"HWADDR_PRIx"\n", start_addr, start_addr + size, phys_offset);
450
451 size >>= TARGET_PAGE_BITS;
452 start_addr >>= TARGET_PAGE_BITS;
453 phys_offset >>= TARGET_PAGE_BITS;
454 rc = xendevicemodel_relocate_memory(xen_dmod, xen_domid, size, start_addr,
455 phys_offset);
456 if (rc) {
457 int saved_errno = errno;
458
459 error_report("relocate_memory "RAM_ADDR_FMT" pages"
460 " from GFN %"HWADDR_PRIx
461 " to GFN %"HWADDR_PRIx" failed: %s",
462 size, start_addr, phys_offset, strerror(saved_errno));
463 errno = saved_errno;
464 return -1;
465 }
466
467 QLIST_REMOVE(physmap, list);
468 if (state->log_for_dirtybit == physmap) {
469 state->log_for_dirtybit = NULL;
470 g_free(state->dirty_bitmap);
471 state->dirty_bitmap = NULL;
472 }
473 g_free(physmap);
474
475 return 0;
476 }
477
478 static void xen_set_memory(struct MemoryListener *listener,
479 MemoryRegionSection *section,
480 bool add)
481 {
482 XenIOState *state = container_of(listener, XenIOState, memory_listener);
483 hwaddr start_addr = section->offset_within_address_space;
484 ram_addr_t size = int128_get64(section->size);
485 bool log_dirty = memory_region_is_logging(section->mr, DIRTY_MEMORY_VGA);
486 hvmmem_type_t mem_type;
487
488 if (section->mr == &ram_memory) {
489 return;
490 } else {
491 if (add) {
492 xen_map_memory_section(xen_domid, state->ioservid,
493 section);
494 } else {
495 xen_unmap_memory_section(xen_domid, state->ioservid,
496 section);
497 }
498 }
499
500 if (!memory_region_is_ram(section->mr)) {
501 return;
502 }
503
504 if (log_dirty != add) {
505 return;
506 }
507
508 trace_xen_client_set_memory(start_addr, size, log_dirty);
509
510 start_addr &= TARGET_PAGE_MASK;
511 size = TARGET_PAGE_ALIGN(size);
512
513 if (add) {
514 if (!memory_region_is_rom(section->mr)) {
515 xen_add_to_physmap(state, start_addr, size,
516 section->mr, section->offset_within_region);
517 } else {
518 mem_type = HVMMEM_ram_ro;
519 if (xen_set_mem_type(xen_domid, mem_type,
520 start_addr >> TARGET_PAGE_BITS,
521 size >> TARGET_PAGE_BITS)) {
522 DPRINTF("xen_set_mem_type error, addr: "TARGET_FMT_plx"\n",
523 start_addr);
524 }
525 }
526 } else {
527 if (xen_remove_from_physmap(state, start_addr, size) < 0) {
528 DPRINTF("physmapping does not exist at "TARGET_FMT_plx"\n", start_addr);
529 }
530 }
531 }
532
533 static void xen_region_add(MemoryListener *listener,
534 MemoryRegionSection *section)
535 {
536 memory_region_ref(section->mr);
537 xen_set_memory(listener, section, true);
538 }
539
540 static void xen_region_del(MemoryListener *listener,
541 MemoryRegionSection *section)
542 {
543 xen_set_memory(listener, section, false);
544 memory_region_unref(section->mr);
545 }
546
547 static void xen_io_add(MemoryListener *listener,
548 MemoryRegionSection *section)
549 {
550 XenIOState *state = container_of(listener, XenIOState, io_listener);
551 MemoryRegion *mr = section->mr;
552
553 if (mr->ops == &unassigned_io_ops) {
554 return;
555 }
556
557 memory_region_ref(mr);
558
559 xen_map_io_section(xen_domid, state->ioservid, section);
560 }
561
562 static void xen_io_del(MemoryListener *listener,
563 MemoryRegionSection *section)
564 {
565 XenIOState *state = container_of(listener, XenIOState, io_listener);
566 MemoryRegion *mr = section->mr;
567
568 if (mr->ops == &unassigned_io_ops) {
569 return;
570 }
571
572 xen_unmap_io_section(xen_domid, state->ioservid, section);
573
574 memory_region_unref(mr);
575 }
576
577 static void xen_device_realize(DeviceListener *listener,
578 DeviceState *dev)
579 {
580 XenIOState *state = container_of(listener, XenIOState, device_listener);
581
582 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
583 PCIDevice *pci_dev = PCI_DEVICE(dev);
584 XenPciDevice *xendev = g_new(XenPciDevice, 1);
585
586 xendev->pci_dev = pci_dev;
587 xendev->sbdf = PCI_BUILD_BDF(pci_dev_bus_num(pci_dev),
588 pci_dev->devfn);
589 QLIST_INSERT_HEAD(&state->dev_list, xendev, entry);
590
591 xen_map_pcidev(xen_domid, state->ioservid, pci_dev);
592 }
593 }
594
595 static void xen_device_unrealize(DeviceListener *listener,
596 DeviceState *dev)
597 {
598 XenIOState *state = container_of(listener, XenIOState, device_listener);
599
600 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
601 PCIDevice *pci_dev = PCI_DEVICE(dev);
602 XenPciDevice *xendev, *next;
603
604 xen_unmap_pcidev(xen_domid, state->ioservid, pci_dev);
605
606 QLIST_FOREACH_SAFE(xendev, &state->dev_list, entry, next) {
607 if (xendev->pci_dev == pci_dev) {
608 QLIST_REMOVE(xendev, entry);
609 g_free(xendev);
610 break;
611 }
612 }
613 }
614 }
615
616 static void xen_sync_dirty_bitmap(XenIOState *state,
617 hwaddr start_addr,
618 ram_addr_t size)
619 {
620 hwaddr npages = size >> TARGET_PAGE_BITS;
621 const int width = sizeof(unsigned long) * 8;
622 size_t bitmap_size = DIV_ROUND_UP(npages, width);
623 int rc, i, j;
624 const XenPhysmap *physmap = NULL;
625
626 physmap = get_physmapping(start_addr, size);
627 if (physmap == NULL) {
628 /* not handled */
629 return;
630 }
631
632 if (state->log_for_dirtybit == NULL) {
633 state->log_for_dirtybit = physmap;
634 state->dirty_bitmap = g_new(unsigned long, bitmap_size);
635 } else if (state->log_for_dirtybit != physmap) {
636 /* Only one range for dirty bitmap can be tracked. */
637 return;
638 }
639
640 rc = xen_track_dirty_vram(xen_domid, start_addr >> TARGET_PAGE_BITS,
641 npages, state->dirty_bitmap);
642 if (rc < 0) {
643 #ifndef ENODATA
644 #define ENODATA ENOENT
645 #endif
646 if (errno == ENODATA) {
647 memory_region_set_dirty(framebuffer, 0, size);
648 DPRINTF("xen: track_dirty_vram failed (0x" TARGET_FMT_plx
649 ", 0x" TARGET_FMT_plx "): %s\n",
650 start_addr, start_addr + size, strerror(errno));
651 }
652 return;
653 }
654
655 for (i = 0; i < bitmap_size; i++) {
656 unsigned long map = state->dirty_bitmap[i];
657 while (map != 0) {
658 j = ctzl(map);
659 map &= ~(1ul << j);
660 memory_region_set_dirty(framebuffer,
661 (i * width + j) * TARGET_PAGE_SIZE,
662 TARGET_PAGE_SIZE);
663 };
664 }
665 }
666
667 static void xen_log_start(MemoryListener *listener,
668 MemoryRegionSection *section,
669 int old, int new)
670 {
671 XenIOState *state = container_of(listener, XenIOState, memory_listener);
672
673 if (new & ~old & (1 << DIRTY_MEMORY_VGA)) {
674 xen_sync_dirty_bitmap(state, section->offset_within_address_space,
675 int128_get64(section->size));
676 }
677 }
678
679 static void xen_log_stop(MemoryListener *listener, MemoryRegionSection *section,
680 int old, int new)
681 {
682 XenIOState *state = container_of(listener, XenIOState, memory_listener);
683
684 if (old & ~new & (1 << DIRTY_MEMORY_VGA)) {
685 state->log_for_dirtybit = NULL;
686 g_free(state->dirty_bitmap);
687 state->dirty_bitmap = NULL;
688 /* Disable dirty bit tracking */
689 xen_track_dirty_vram(xen_domid, 0, 0, NULL);
690 }
691 }
692
693 static void xen_log_sync(MemoryListener *listener, MemoryRegionSection *section)
694 {
695 XenIOState *state = container_of(listener, XenIOState, memory_listener);
696
697 xen_sync_dirty_bitmap(state, section->offset_within_address_space,
698 int128_get64(section->size));
699 }
700
701 static void xen_log_global_start(MemoryListener *listener)
702 {
703 if (xen_enabled()) {
704 xen_in_migration = true;
705 }
706 }
707
708 static void xen_log_global_stop(MemoryListener *listener)
709 {
710 xen_in_migration = false;
711 }
712
713 static MemoryListener xen_memory_listener = {
714 .region_add = xen_region_add,
715 .region_del = xen_region_del,
716 .log_start = xen_log_start,
717 .log_stop = xen_log_stop,
718 .log_sync = xen_log_sync,
719 .log_global_start = xen_log_global_start,
720 .log_global_stop = xen_log_global_stop,
721 .priority = 10,
722 };
723
724 static MemoryListener xen_io_listener = {
725 .region_add = xen_io_add,
726 .region_del = xen_io_del,
727 .priority = 10,
728 };
729
730 static DeviceListener xen_device_listener = {
731 .realize = xen_device_realize,
732 .unrealize = xen_device_unrealize,
733 };
734
735 /* get the ioreq packets from share mem */
736 static ioreq_t *cpu_get_ioreq_from_shared_memory(XenIOState *state, int vcpu)
737 {
738 ioreq_t *req = xen_vcpu_ioreq(state->shared_page, vcpu);
739
740 if (req->state != STATE_IOREQ_READY) {
741 DPRINTF("I/O request not ready: "
742 "%x, ptr: %x, port: %"PRIx64", "
743 "data: %"PRIx64", count: %u, size: %u\n",
744 req->state, req->data_is_ptr, req->addr,
745 req->data, req->count, req->size);
746 return NULL;
747 }
748
749 xen_rmb(); /* see IOREQ_READY /then/ read contents of ioreq */
750
751 req->state = STATE_IOREQ_INPROCESS;
752 return req;
753 }
754
755 /* use poll to get the port notification */
756 /* ioreq_vec--out,the */
757 /* retval--the number of ioreq packet */
758 static ioreq_t *cpu_get_ioreq(XenIOState *state)
759 {
760 int i;
761 evtchn_port_t port;
762
763 port = xenevtchn_pending(state->xce_handle);
764 if (port == state->bufioreq_local_port) {
765 timer_mod(state->buffered_io_timer,
766 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
767 return NULL;
768 }
769
770 if (port != -1) {
771 for (i = 0; i < max_cpus; i++) {
772 if (state->ioreq_local_port[i] == port) {
773 break;
774 }
775 }
776
777 if (i == max_cpus) {
778 hw_error("Fatal error while trying to get io event!\n");
779 }
780
781 /* unmask the wanted port again */
782 xenevtchn_unmask(state->xce_handle, port);
783
784 /* get the io packet from shared memory */
785 state->send_vcpu = i;
786 return cpu_get_ioreq_from_shared_memory(state, i);
787 }
788
789 /* read error or read nothing */
790 return NULL;
791 }
792
793 static uint32_t do_inp(uint32_t addr, unsigned long size)
794 {
795 switch (size) {
796 case 1:
797 return cpu_inb(addr);
798 case 2:
799 return cpu_inw(addr);
800 case 4:
801 return cpu_inl(addr);
802 default:
803 hw_error("inp: bad size: %04x %lx", addr, size);
804 }
805 }
806
807 static void do_outp(uint32_t addr,
808 unsigned long size, uint32_t val)
809 {
810 switch (size) {
811 case 1:
812 return cpu_outb(addr, val);
813 case 2:
814 return cpu_outw(addr, val);
815 case 4:
816 return cpu_outl(addr, val);
817 default:
818 hw_error("outp: bad size: %04x %lx", addr, size);
819 }
820 }
821
822 /*
823 * Helper functions which read/write an object from/to physical guest
824 * memory, as part of the implementation of an ioreq.
825 *
826 * Equivalent to
827 * cpu_physical_memory_rw(addr + (req->df ? -1 : +1) * req->size * i,
828 * val, req->size, 0/1)
829 * except without the integer overflow problems.
830 */
831 static void rw_phys_req_item(hwaddr addr,
832 ioreq_t *req, uint32_t i, void *val, int rw)
833 {
834 /* Do everything unsigned so overflow just results in a truncated result
835 * and accesses to undesired parts of guest memory, which is up
836 * to the guest */
837 hwaddr offset = (hwaddr)req->size * i;
838 if (req->df) {
839 addr -= offset;
840 } else {
841 addr += offset;
842 }
843 cpu_physical_memory_rw(addr, val, req->size, rw);
844 }
845
846 static inline void read_phys_req_item(hwaddr addr,
847 ioreq_t *req, uint32_t i, void *val)
848 {
849 rw_phys_req_item(addr, req, i, val, 0);
850 }
851 static inline void write_phys_req_item(hwaddr addr,
852 ioreq_t *req, uint32_t i, void *val)
853 {
854 rw_phys_req_item(addr, req, i, val, 1);
855 }
856
857
858 static void cpu_ioreq_pio(ioreq_t *req)
859 {
860 uint32_t i;
861
862 trace_cpu_ioreq_pio(req, req->dir, req->df, req->data_is_ptr, req->addr,
863 req->data, req->count, req->size);
864
865 if (req->size > sizeof(uint32_t)) {
866 hw_error("PIO: bad size (%u)", req->size);
867 }
868
869 if (req->dir == IOREQ_READ) {
870 if (!req->data_is_ptr) {
871 req->data = do_inp(req->addr, req->size);
872 trace_cpu_ioreq_pio_read_reg(req, req->data, req->addr,
873 req->size);
874 } else {
875 uint32_t tmp;
876
877 for (i = 0; i < req->count; i++) {
878 tmp = do_inp(req->addr, req->size);
879 write_phys_req_item(req->data, req, i, &tmp);
880 }
881 }
882 } else if (req->dir == IOREQ_WRITE) {
883 if (!req->data_is_ptr) {
884 trace_cpu_ioreq_pio_write_reg(req, req->data, req->addr,
885 req->size);
886 do_outp(req->addr, req->size, req->data);
887 } else {
888 for (i = 0; i < req->count; i++) {
889 uint32_t tmp = 0;
890
891 read_phys_req_item(req->data, req, i, &tmp);
892 do_outp(req->addr, req->size, tmp);
893 }
894 }
895 }
896 }
897
898 static void cpu_ioreq_move(ioreq_t *req)
899 {
900 uint32_t i;
901
902 trace_cpu_ioreq_move(req, req->dir, req->df, req->data_is_ptr, req->addr,
903 req->data, req->count, req->size);
904
905 if (req->size > sizeof(req->data)) {
906 hw_error("MMIO: bad size (%u)", req->size);
907 }
908
909 if (!req->data_is_ptr) {
910 if (req->dir == IOREQ_READ) {
911 for (i = 0; i < req->count; i++) {
912 read_phys_req_item(req->addr, req, i, &req->data);
913 }
914 } else if (req->dir == IOREQ_WRITE) {
915 for (i = 0; i < req->count; i++) {
916 write_phys_req_item(req->addr, req, i, &req->data);
917 }
918 }
919 } else {
920 uint64_t tmp;
921
922 if (req->dir == IOREQ_READ) {
923 for (i = 0; i < req->count; i++) {
924 read_phys_req_item(req->addr, req, i, &tmp);
925 write_phys_req_item(req->data, req, i, &tmp);
926 }
927 } else if (req->dir == IOREQ_WRITE) {
928 for (i = 0; i < req->count; i++) {
929 read_phys_req_item(req->data, req, i, &tmp);
930 write_phys_req_item(req->addr, req, i, &tmp);
931 }
932 }
933 }
934 }
935
936 static void cpu_ioreq_config(XenIOState *state, ioreq_t *req)
937 {
938 uint32_t sbdf = req->addr >> 32;
939 uint32_t reg = req->addr;
940 XenPciDevice *xendev;
941
942 if (req->size != sizeof(uint8_t) && req->size != sizeof(uint16_t) &&
943 req->size != sizeof(uint32_t)) {
944 hw_error("PCI config access: bad size (%u)", req->size);
945 }
946
947 if (req->count != 1) {
948 hw_error("PCI config access: bad count (%u)", req->count);
949 }
950
951 QLIST_FOREACH(xendev, &state->dev_list, entry) {
952 if (xendev->sbdf != sbdf) {
953 continue;
954 }
955
956 if (!req->data_is_ptr) {
957 if (req->dir == IOREQ_READ) {
958 req->data = pci_host_config_read_common(
959 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
960 req->size);
961 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg,
962 req->size, req->data);
963 } else if (req->dir == IOREQ_WRITE) {
964 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg,
965 req->size, req->data);
966 pci_host_config_write_common(
967 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
968 req->data, req->size);
969 }
970 } else {
971 uint32_t tmp;
972
973 if (req->dir == IOREQ_READ) {
974 tmp = pci_host_config_read_common(
975 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
976 req->size);
977 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg,
978 req->size, tmp);
979 write_phys_req_item(req->data, req, 0, &tmp);
980 } else if (req->dir == IOREQ_WRITE) {
981 read_phys_req_item(req->data, req, 0, &tmp);
982 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg,
983 req->size, tmp);
984 pci_host_config_write_common(
985 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE,
986 tmp, req->size);
987 }
988 }
989 }
990 }
991
992 static void regs_to_cpu(vmware_regs_t *vmport_regs, ioreq_t *req)
993 {
994 X86CPU *cpu;
995 CPUX86State *env;
996
997 cpu = X86_CPU(current_cpu);
998 env = &cpu->env;
999 env->regs[R_EAX] = req->data;
1000 env->regs[R_EBX] = vmport_regs->ebx;
1001 env->regs[R_ECX] = vmport_regs->ecx;
1002 env->regs[R_EDX] = vmport_regs->edx;
1003 env->regs[R_ESI] = vmport_regs->esi;
1004 env->regs[R_EDI] = vmport_regs->edi;
1005 }
1006
1007 static void regs_from_cpu(vmware_regs_t *vmport_regs)
1008 {
1009 X86CPU *cpu = X86_CPU(current_cpu);
1010 CPUX86State *env = &cpu->env;
1011
1012 vmport_regs->ebx = env->regs[R_EBX];
1013 vmport_regs->ecx = env->regs[R_ECX];
1014 vmport_regs->edx = env->regs[R_EDX];
1015 vmport_regs->esi = env->regs[R_ESI];
1016 vmport_regs->edi = env->regs[R_EDI];
1017 }
1018
1019 static void handle_vmport_ioreq(XenIOState *state, ioreq_t *req)
1020 {
1021 vmware_regs_t *vmport_regs;
1022
1023 assert(state->shared_vmport_page);
1024 vmport_regs =
1025 &state->shared_vmport_page->vcpu_vmport_regs[state->send_vcpu];
1026 QEMU_BUILD_BUG_ON(sizeof(*req) < sizeof(*vmport_regs));
1027
1028 current_cpu = state->cpu_by_vcpu_id[state->send_vcpu];
1029 regs_to_cpu(vmport_regs, req);
1030 cpu_ioreq_pio(req);
1031 regs_from_cpu(vmport_regs);
1032 current_cpu = NULL;
1033 }
1034
1035 static void handle_ioreq(XenIOState *state, ioreq_t *req)
1036 {
1037 trace_handle_ioreq(req, req->type, req->dir, req->df, req->data_is_ptr,
1038 req->addr, req->data, req->count, req->size);
1039
1040 if (!req->data_is_ptr && (req->dir == IOREQ_WRITE) &&
1041 (req->size < sizeof (target_ulong))) {
1042 req->data &= ((target_ulong) 1 << (8 * req->size)) - 1;
1043 }
1044
1045 if (req->dir == IOREQ_WRITE)
1046 trace_handle_ioreq_write(req, req->type, req->df, req->data_is_ptr,
1047 req->addr, req->data, req->count, req->size);
1048
1049 switch (req->type) {
1050 case IOREQ_TYPE_PIO:
1051 cpu_ioreq_pio(req);
1052 break;
1053 case IOREQ_TYPE_COPY:
1054 cpu_ioreq_move(req);
1055 break;
1056 case IOREQ_TYPE_VMWARE_PORT:
1057 handle_vmport_ioreq(state, req);
1058 break;
1059 case IOREQ_TYPE_TIMEOFFSET:
1060 break;
1061 case IOREQ_TYPE_INVALIDATE:
1062 xen_invalidate_map_cache();
1063 break;
1064 case IOREQ_TYPE_PCI_CONFIG:
1065 cpu_ioreq_config(state, req);
1066 break;
1067 default:
1068 hw_error("Invalid ioreq type 0x%x\n", req->type);
1069 }
1070 if (req->dir == IOREQ_READ) {
1071 trace_handle_ioreq_read(req, req->type, req->df, req->data_is_ptr,
1072 req->addr, req->data, req->count, req->size);
1073 }
1074 }
1075
1076 static int handle_buffered_iopage(XenIOState *state)
1077 {
1078 buffered_iopage_t *buf_page = state->buffered_io_page;
1079 buf_ioreq_t *buf_req = NULL;
1080 ioreq_t req;
1081 int qw;
1082
1083 if (!buf_page) {
1084 return 0;
1085 }
1086
1087 memset(&req, 0x00, sizeof(req));
1088 req.state = STATE_IOREQ_READY;
1089 req.count = 1;
1090 req.dir = IOREQ_WRITE;
1091
1092 for (;;) {
1093 uint32_t rdptr = buf_page->read_pointer, wrptr;
1094
1095 xen_rmb();
1096 wrptr = buf_page->write_pointer;
1097 xen_rmb();
1098 if (rdptr != buf_page->read_pointer) {
1099 continue;
1100 }
1101 if (rdptr == wrptr) {
1102 break;
1103 }
1104 buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM];
1105 req.size = 1U << buf_req->size;
1106 req.addr = buf_req->addr;
1107 req.data = buf_req->data;
1108 req.type = buf_req->type;
1109 xen_rmb();
1110 qw = (req.size == 8);
1111 if (qw) {
1112 if (rdptr + 1 == wrptr) {
1113 hw_error("Incomplete quad word buffered ioreq");
1114 }
1115 buf_req = &buf_page->buf_ioreq[(rdptr + 1) %
1116 IOREQ_BUFFER_SLOT_NUM];
1117 req.data |= ((uint64_t)buf_req->data) << 32;
1118 xen_rmb();
1119 }
1120
1121 handle_ioreq(state, &req);
1122
1123 /* Only req.data may get updated by handle_ioreq(), albeit even that
1124 * should not happen as such data would never make it to the guest (we
1125 * can only usefully see writes here after all).
1126 */
1127 assert(req.state == STATE_IOREQ_READY);
1128 assert(req.count == 1);
1129 assert(req.dir == IOREQ_WRITE);
1130 assert(!req.data_is_ptr);
1131
1132 atomic_add(&buf_page->read_pointer, qw + 1);
1133 }
1134
1135 return req.count;
1136 }
1137
1138 static void handle_buffered_io(void *opaque)
1139 {
1140 XenIOState *state = opaque;
1141
1142 if (handle_buffered_iopage(state)) {
1143 timer_mod(state->buffered_io_timer,
1144 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
1145 } else {
1146 timer_del(state->buffered_io_timer);
1147 xenevtchn_unmask(state->xce_handle, state->bufioreq_local_port);
1148 }
1149 }
1150
1151 static void cpu_handle_ioreq(void *opaque)
1152 {
1153 XenIOState *state = opaque;
1154 ioreq_t *req = cpu_get_ioreq(state);
1155
1156 handle_buffered_iopage(state);
1157 if (req) {
1158 ioreq_t copy = *req;
1159
1160 xen_rmb();
1161 handle_ioreq(state, &copy);
1162 req->data = copy.data;
1163
1164 if (req->state != STATE_IOREQ_INPROCESS) {
1165 fprintf(stderr, "Badness in I/O request ... not in service?!: "
1166 "%x, ptr: %x, port: %"PRIx64", "
1167 "data: %"PRIx64", count: %u, size: %u, type: %u\n",
1168 req->state, req->data_is_ptr, req->addr,
1169 req->data, req->count, req->size, req->type);
1170 destroy_hvm_domain(false);
1171 return;
1172 }
1173
1174 xen_wmb(); /* Update ioreq contents /then/ update state. */
1175
1176 /*
1177 * We do this before we send the response so that the tools
1178 * have the opportunity to pick up on the reset before the
1179 * guest resumes and does a hlt with interrupts disabled which
1180 * causes Xen to powerdown the domain.
1181 */
1182 if (runstate_is_running()) {
1183 ShutdownCause request;
1184
1185 if (qemu_shutdown_requested_get()) {
1186 destroy_hvm_domain(false);
1187 }
1188 request = qemu_reset_requested_get();
1189 if (request) {
1190 qemu_system_reset(request);
1191 destroy_hvm_domain(true);
1192 }
1193 }
1194
1195 req->state = STATE_IORESP_READY;
1196 xenevtchn_notify(state->xce_handle,
1197 state->ioreq_local_port[state->send_vcpu]);
1198 }
1199 }
1200
1201 static void xen_main_loop_prepare(XenIOState *state)
1202 {
1203 int evtchn_fd = -1;
1204
1205 if (state->xce_handle != NULL) {
1206 evtchn_fd = xenevtchn_fd(state->xce_handle);
1207 }
1208
1209 state->buffered_io_timer = timer_new_ms(QEMU_CLOCK_REALTIME, handle_buffered_io,
1210 state);
1211
1212 if (evtchn_fd != -1) {
1213 CPUState *cpu_state;
1214
1215 DPRINTF("%s: Init cpu_by_vcpu_id\n", __func__);
1216 CPU_FOREACH(cpu_state) {
1217 DPRINTF("%s: cpu_by_vcpu_id[%d]=%p\n",
1218 __func__, cpu_state->cpu_index, cpu_state);
1219 state->cpu_by_vcpu_id[cpu_state->cpu_index] = cpu_state;
1220 }
1221 qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state);
1222 }
1223 }
1224
1225
1226 static void xen_hvm_change_state_handler(void *opaque, int running,
1227 RunState rstate)
1228 {
1229 XenIOState *state = opaque;
1230
1231 if (running) {
1232 xen_main_loop_prepare(state);
1233 }
1234
1235 xen_set_ioreq_server_state(xen_domid,
1236 state->ioservid,
1237 (rstate == RUN_STATE_RUNNING));
1238 }
1239
1240 static void xen_exit_notifier(Notifier *n, void *data)
1241 {
1242 XenIOState *state = container_of(n, XenIOState, exit);
1243
1244 xenevtchn_close(state->xce_handle);
1245 xs_daemon_close(state->xenstore);
1246 }
1247
1248 #ifdef XEN_COMPAT_PHYSMAP
1249 static void xen_read_physmap(XenIOState *state)
1250 {
1251 XenPhysmap *physmap = NULL;
1252 unsigned int len, num, i;
1253 char path[80], *value = NULL;
1254 char **entries = NULL;
1255
1256 snprintf(path, sizeof(path),
1257 "/local/domain/0/device-model/%d/physmap", xen_domid);
1258 entries = xs_directory(state->xenstore, 0, path, &num);
1259 if (entries == NULL)
1260 return;
1261
1262 for (i = 0; i < num; i++) {
1263 physmap = g_malloc(sizeof (XenPhysmap));
1264 physmap->phys_offset = strtoull(entries[i], NULL, 16);
1265 snprintf(path, sizeof(path),
1266 "/local/domain/0/device-model/%d/physmap/%s/start_addr",
1267 xen_domid, entries[i]);
1268 value = xs_read(state->xenstore, 0, path, &len);
1269 if (value == NULL) {
1270 g_free(physmap);
1271 continue;
1272 }
1273 physmap->start_addr = strtoull(value, NULL, 16);
1274 free(value);
1275
1276 snprintf(path, sizeof(path),
1277 "/local/domain/0/device-model/%d/physmap/%s/size",
1278 xen_domid, entries[i]);
1279 value = xs_read(state->xenstore, 0, path, &len);
1280 if (value == NULL) {
1281 g_free(physmap);
1282 continue;
1283 }
1284 physmap->size = strtoull(value, NULL, 16);
1285 free(value);
1286
1287 snprintf(path, sizeof(path),
1288 "/local/domain/0/device-model/%d/physmap/%s/name",
1289 xen_domid, entries[i]);
1290 physmap->name = xs_read(state->xenstore, 0, path, &len);
1291
1292 QLIST_INSERT_HEAD(&xen_physmap, physmap, list);
1293 }
1294 free(entries);
1295 }
1296 #else
1297 static void xen_read_physmap(XenIOState *state)
1298 {
1299 }
1300 #endif
1301
1302 static void xen_wakeup_notifier(Notifier *notifier, void *data)
1303 {
1304 xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 0);
1305 }
1306
1307 static int xen_map_ioreq_server(XenIOState *state)
1308 {
1309 void *addr = NULL;
1310 xenforeignmemory_resource_handle *fres;
1311 xen_pfn_t ioreq_pfn;
1312 xen_pfn_t bufioreq_pfn;
1313 evtchn_port_t bufioreq_evtchn;
1314 int rc;
1315
1316 /*
1317 * Attempt to map using the resource API and fall back to normal
1318 * foreign mapping if this is not supported.
1319 */
1320 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_bufioreq != 0);
1321 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_ioreq(0) != 1);
1322 fres = xenforeignmemory_map_resource(xen_fmem, xen_domid,
1323 XENMEM_resource_ioreq_server,
1324 state->ioservid, 0, 2,
1325 &addr,
1326 PROT_READ | PROT_WRITE, 0);
1327 if (fres != NULL) {
1328 trace_xen_map_resource_ioreq(state->ioservid, addr);
1329 state->buffered_io_page = addr;
1330 state->shared_page = addr + TARGET_PAGE_SIZE;
1331 } else if (errno != EOPNOTSUPP) {
1332 error_report("failed to map ioreq server resources: error %d handle=%p",
1333 errno, xen_xc);
1334 return -1;
1335 }
1336
1337 rc = xen_get_ioreq_server_info(xen_domid, state->ioservid,
1338 (state->shared_page == NULL) ?
1339 &ioreq_pfn : NULL,
1340 (state->buffered_io_page == NULL) ?
1341 &bufioreq_pfn : NULL,
1342 &bufioreq_evtchn);
1343 if (rc < 0) {
1344 error_report("failed to get ioreq server info: error %d handle=%p",
1345 errno, xen_xc);
1346 return rc;
1347 }
1348
1349 if (state->shared_page == NULL) {
1350 DPRINTF("shared page at pfn %lx\n", ioreq_pfn);
1351
1352 state->shared_page = xenforeignmemory_map(xen_fmem, xen_domid,
1353 PROT_READ | PROT_WRITE,
1354 1, &ioreq_pfn, NULL);
1355 if (state->shared_page == NULL) {
1356 error_report("map shared IO page returned error %d handle=%p",
1357 errno, xen_xc);
1358 }
1359 }
1360
1361 if (state->buffered_io_page == NULL) {
1362 DPRINTF("buffered io page at pfn %lx\n", bufioreq_pfn);
1363
1364 state->buffered_io_page = xenforeignmemory_map(xen_fmem, xen_domid,
1365 PROT_READ | PROT_WRITE,
1366 1, &bufioreq_pfn,
1367 NULL);
1368 if (state->buffered_io_page == NULL) {
1369 error_report("map buffered IO page returned error %d", errno);
1370 return -1;
1371 }
1372 }
1373
1374 if (state->shared_page == NULL || state->buffered_io_page == NULL) {
1375 return -1;
1376 }
1377
1378 DPRINTF("buffered io evtchn is %x\n", bufioreq_evtchn);
1379
1380 state->bufioreq_remote_port = bufioreq_evtchn;
1381
1382 return 0;
1383 }
1384
1385 void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
1386 {
1387 int i, rc;
1388 xen_pfn_t ioreq_pfn;
1389 XenIOState *state;
1390
1391 state = g_malloc0(sizeof (XenIOState));
1392
1393 state->xce_handle = xenevtchn_open(NULL, 0);
1394 if (state->xce_handle == NULL) {
1395 perror("xen: event channel open");
1396 goto err;
1397 }
1398
1399 state->xenstore = xs_daemon_open();
1400 if (state->xenstore == NULL) {
1401 perror("xen: xenstore open");
1402 goto err;
1403 }
1404
1405 xen_create_ioreq_server(xen_domid, &state->ioservid);
1406
1407 state->exit.notify = xen_exit_notifier;
1408 qemu_add_exit_notifier(&state->exit);
1409
1410 state->suspend.notify = xen_suspend_notifier;
1411 qemu_register_suspend_notifier(&state->suspend);
1412
1413 state->wakeup.notify = xen_wakeup_notifier;
1414 qemu_register_wakeup_notifier(&state->wakeup);
1415
1416 /*
1417 * Register wake-up support in QMP query-current-machine API
1418 */
1419 qemu_register_wakeup_support();
1420
1421 rc = xen_map_ioreq_server(state);
1422 if (rc < 0) {
1423 goto err;
1424 }
1425
1426 rc = xen_get_vmport_regs_pfn(xen_xc, xen_domid, &ioreq_pfn);
1427 if (!rc) {
1428 DPRINTF("shared vmport page at pfn %lx\n", ioreq_pfn);
1429 state->shared_vmport_page =
1430 xenforeignmemory_map(xen_fmem, xen_domid, PROT_READ|PROT_WRITE,
1431 1, &ioreq_pfn, NULL);
1432 if (state->shared_vmport_page == NULL) {
1433 error_report("map shared vmport IO page returned error %d handle=%p",
1434 errno, xen_xc);
1435 goto err;
1436 }
1437 } else if (rc != -ENOSYS) {
1438 error_report("get vmport regs pfn returned error %d, rc=%d",
1439 errno, rc);
1440 goto err;
1441 }
1442
1443 /* Note: cpus is empty at this point in init */
1444 state->cpu_by_vcpu_id = g_malloc0(max_cpus * sizeof(CPUState *));
1445
1446 rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true);
1447 if (rc < 0) {
1448 error_report("failed to enable ioreq server info: error %d handle=%p",
1449 errno, xen_xc);
1450 goto err;
1451 }
1452
1453 state->ioreq_local_port = g_malloc0(max_cpus * sizeof (evtchn_port_t));
1454
1455 /* FIXME: how about if we overflow the page here? */
1456 for (i = 0; i < max_cpus; i++) {
1457 rc = xenevtchn_bind_interdomain(state->xce_handle, xen_domid,
1458 xen_vcpu_eport(state->shared_page, i));
1459 if (rc == -1) {
1460 error_report("shared evtchn %d bind error %d", i, errno);
1461 goto err;
1462 }
1463 state->ioreq_local_port[i] = rc;
1464 }
1465
1466 rc = xenevtchn_bind_interdomain(state->xce_handle, xen_domid,
1467 state->bufioreq_remote_port);
1468 if (rc == -1) {
1469 error_report("buffered evtchn bind error %d", errno);
1470 goto err;
1471 }
1472 state->bufioreq_local_port = rc;
1473
1474 /* Init RAM management */
1475 #ifdef XEN_COMPAT_PHYSMAP
1476 xen_map_cache_init(xen_phys_offset_to_gaddr, state);
1477 #else
1478 xen_map_cache_init(NULL, state);
1479 #endif
1480 xen_ram_init(pcms, ram_size, ram_memory);
1481
1482 qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
1483
1484 state->memory_listener = xen_memory_listener;
1485 memory_listener_register(&state->memory_listener, &address_space_memory);
1486 state->log_for_dirtybit = NULL;
1487
1488 state->io_listener = xen_io_listener;
1489 memory_listener_register(&state->io_listener, &address_space_io);
1490
1491 state->device_listener = xen_device_listener;
1492 QLIST_INIT(&state->dev_list);
1493 device_listener_register(&state->device_listener);
1494
1495 xen_bus_init();
1496
1497 /* Initialize backend core & drivers */
1498 if (xen_be_init() != 0) {
1499 error_report("xen backend core setup failed");
1500 goto err;
1501 }
1502 xen_be_register_common();
1503
1504 QLIST_INIT(&xen_physmap);
1505 xen_read_physmap(state);
1506
1507 /* Disable ACPI build because Xen handles it */
1508 pcms->acpi_build_enabled = false;
1509
1510 return;
1511
1512 err:
1513 error_report("xen hardware virtual machine initialisation failed");
1514 exit(1);
1515 }
1516
1517 void destroy_hvm_domain(bool reboot)
1518 {
1519 xc_interface *xc_handle;
1520 int sts;
1521 int rc;
1522
1523 unsigned int reason = reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff;
1524
1525 if (xen_dmod) {
1526 rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason);
1527 if (!rc) {
1528 return;
1529 }
1530 if (errno != ENOTTY /* old Xen */) {
1531 perror("xendevicemodel_shutdown failed");
1532 }
1533 /* well, try the old thing then */
1534 }
1535
1536 xc_handle = xc_interface_open(0, 0, 0);
1537 if (xc_handle == NULL) {
1538 fprintf(stderr, "Cannot acquire xenctrl handle\n");
1539 } else {
1540 sts = xc_domain_shutdown(xc_handle, xen_domid, reason);
1541 if (sts != 0) {
1542 fprintf(stderr, "xc_domain_shutdown failed to issue %s, "
1543 "sts %d, %s\n", reboot ? "reboot" : "poweroff",
1544 sts, strerror(errno));
1545 } else {
1546 fprintf(stderr, "Issued domain %d %s\n", xen_domid,
1547 reboot ? "reboot" : "poweroff");
1548 }
1549 xc_interface_close(xc_handle);
1550 }
1551 }
1552
1553 void xen_register_framebuffer(MemoryRegion *mr)
1554 {
1555 framebuffer = mr;
1556 }
1557
1558 void xen_shutdown_fatal_error(const char *fmt, ...)
1559 {
1560 va_list ap;
1561
1562 va_start(ap, fmt);
1563 vfprintf(stderr, fmt, ap);
1564 va_end(ap);
1565 fprintf(stderr, "Will destroy the domain.\n");
1566 /* destroy the domain */
1567 qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR);
1568 }
1569
1570 void xen_hvm_modified_memory(ram_addr_t start, ram_addr_t length)
1571 {
1572 if (unlikely(xen_in_migration)) {
1573 int rc;
1574 ram_addr_t start_pfn, nb_pages;
1575
1576 start = xen_phys_offset_to_gaddr(start, length);
1577
1578 if (length == 0) {
1579 length = TARGET_PAGE_SIZE;
1580 }
1581 start_pfn = start >> TARGET_PAGE_BITS;
1582 nb_pages = ((start + length + TARGET_PAGE_SIZE - 1) >> TARGET_PAGE_BITS)
1583 - start_pfn;
1584 rc = xen_modified_memory(xen_domid, start_pfn, nb_pages);
1585 if (rc) {
1586 fprintf(stderr,
1587 "%s failed for "RAM_ADDR_FMT" ("RAM_ADDR_FMT"): %i, %s\n",
1588 __func__, start, nb_pages, errno, strerror(errno));
1589 }
1590 }
1591 }
1592
1593 void qmp_xen_set_global_dirty_log(bool enable, Error **errp)
1594 {
1595 if (enable) {
1596 memory_global_dirty_log_start();
1597 } else {
1598 memory_global_dirty_log_stop();
1599 }
1600 }
AR7 emulation for QEMU