xen-hvm.c (49253B)
1 /* 2 * Copyright (C) 2010 Citrix Ltd. 3 * 4 * This work is licensed under the terms of the GNU GPL, version 2. See 5 * the COPYING file in the top-level directory. 6 * 7 * Contributions after 2012-01-13 are licensed under the terms of the 8 * GNU GPL, version 2 or (at your option) any later version. 9 */ 10 11 #include "qemu/osdep.h" 12 #include "qemu/units.h" 13 14 #include "cpu.h" 15 #include "hw/pci/pci.h" 16 #include "hw/pci/pci_host.h" 17 #include "hw/i386/pc.h" 18 #include "hw/irq.h" 19 #include "hw/hw.h" 20 #include "hw/i386/apic-msidef.h" 21 #include "hw/xen/xen_common.h" 22 #include "hw/xen/xen-legacy-backend.h" 23 #include "hw/xen/xen-bus.h" 24 #include "hw/xen/xen-x86.h" 25 #include "qapi/error.h" 26 #include "qapi/qapi-commands-migration.h" 27 #include "qemu/error-report.h" 28 #include "qemu/main-loop.h" 29 #include "qemu/range.h" 30 #include "sysemu/runstate.h" 31 #include "sysemu/sysemu.h" 32 #include "sysemu/xen.h" 33 #include "sysemu/xen-mapcache.h" 34 #include "trace.h" 35 36 #include <xen/hvm/ioreq.h> 37 #include <xen/hvm/e820.h> 38 39 //#define DEBUG_XEN_HVM 40 41 #ifdef DEBUG_XEN_HVM 42 #define DPRINTF(fmt, ...) \ 43 do { fprintf(stderr, "xen: " fmt, ## __VA_ARGS__); } while (0) 44 #else 45 #define DPRINTF(fmt, ...) \ 46 do { } while (0) 47 #endif 48 49 static MemoryRegion ram_memory, ram_640k, ram_lo, ram_hi; 50 static MemoryRegion *framebuffer; 51 static bool xen_in_migration; 52 53 /* Compatibility with older version */ 54 55 /* This allows QEMU to build on a system that has Xen 4.5 or earlier 56 * installed. This here (not in hw/xen/xen_common.h) because xen/hvm/ioreq.h 57 * needs to be included before this block and hw/xen/xen_common.h needs to 58 * be included before xen/hvm/ioreq.h 59 */ 60 #ifndef IOREQ_TYPE_VMWARE_PORT 61 #define IOREQ_TYPE_VMWARE_PORT 3 62 struct vmware_regs { 63 uint32_t esi; 64 uint32_t edi; 65 uint32_t ebx; 66 uint32_t ecx; 67 uint32_t edx; 68 }; 69 typedef struct vmware_regs vmware_regs_t; 70 71 struct shared_vmport_iopage { 72 struct vmware_regs vcpu_vmport_regs[1]; 73 }; 74 typedef struct shared_vmport_iopage shared_vmport_iopage_t; 75 #endif 76 77 static inline uint32_t xen_vcpu_eport(shared_iopage_t *shared_page, int i) 78 { 79 return shared_page->vcpu_ioreq[i].vp_eport; 80 } 81 static inline ioreq_t *xen_vcpu_ioreq(shared_iopage_t *shared_page, int vcpu) 82 { 83 return &shared_page->vcpu_ioreq[vcpu]; 84 } 85 86 #define BUFFER_IO_MAX_DELAY 100 87 88 typedef struct XenPhysmap { 89 hwaddr start_addr; 90 ram_addr_t size; 91 const char *name; 92 hwaddr phys_offset; 93 94 QLIST_ENTRY(XenPhysmap) list; 95 } XenPhysmap; 96 97 static QLIST_HEAD(, XenPhysmap) xen_physmap; 98 99 typedef struct XenPciDevice { 100 PCIDevice *pci_dev; 101 uint32_t sbdf; 102 QLIST_ENTRY(XenPciDevice) entry; 103 } XenPciDevice; 104 105 typedef struct XenIOState { 106 ioservid_t ioservid; 107 shared_iopage_t *shared_page; 108 shared_vmport_iopage_t *shared_vmport_page; 109 buffered_iopage_t *buffered_io_page; 110 xenforeignmemory_resource_handle *fres; 111 QEMUTimer *buffered_io_timer; 112 CPUState **cpu_by_vcpu_id; 113 /* the evtchn port for polling the notification, */ 114 evtchn_port_t *ioreq_local_port; 115 /* evtchn remote and local ports for buffered io */ 116 evtchn_port_t bufioreq_remote_port; 117 evtchn_port_t bufioreq_local_port; 118 /* the evtchn fd for polling */ 119 xenevtchn_handle *xce_handle; 120 /* which vcpu we are serving */ 121 int send_vcpu; 122 123 struct xs_handle *xenstore; 124 MemoryListener memory_listener; 125 MemoryListener io_listener; 126 QLIST_HEAD(, XenPciDevice) dev_list; 127 DeviceListener device_listener; 128 hwaddr free_phys_offset; 129 const XenPhysmap *log_for_dirtybit; 130 /* Buffer used by xen_sync_dirty_bitmap */ 131 unsigned long *dirty_bitmap; 132 133 Notifier exit; 134 Notifier suspend; 135 Notifier wakeup; 136 } XenIOState; 137 138 /* Xen specific function for piix pci */ 139 140 int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num) 141 { 142 return irq_num + (PCI_SLOT(pci_dev->devfn) << 2); 143 } 144 145 void xen_piix3_set_irq(void *opaque, int irq_num, int level) 146 { 147 xen_set_pci_intx_level(xen_domid, 0, 0, irq_num >> 2, 148 irq_num & 3, level); 149 } 150 151 int xen_set_pci_link_route(uint8_t link, uint8_t irq) 152 { 153 return xendevicemodel_set_pci_link_route(xen_dmod, xen_domid, link, irq); 154 } 155 156 int xen_is_pirq_msi(uint32_t msi_data) 157 { 158 /* If vector is 0, the msi is remapped into a pirq, passed as 159 * dest_id. 160 */ 161 return ((msi_data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT) == 0; 162 } 163 164 void xen_hvm_inject_msi(uint64_t addr, uint32_t data) 165 { 166 xen_inject_msi(xen_domid, addr, data); 167 } 168 169 static void xen_suspend_notifier(Notifier *notifier, void *data) 170 { 171 xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 3); 172 } 173 174 /* Xen Interrupt Controller */ 175 176 static void xen_set_irq(void *opaque, int irq, int level) 177 { 178 xen_set_isa_irq_level(xen_domid, irq, level); 179 } 180 181 qemu_irq *xen_interrupt_controller_init(void) 182 { 183 return qemu_allocate_irqs(xen_set_irq, NULL, 16); 184 } 185 186 /* Memory Ops */ 187 188 static void xen_ram_init(PCMachineState *pcms, 189 ram_addr_t ram_size, MemoryRegion **ram_memory_p) 190 { 191 X86MachineState *x86ms = X86_MACHINE(pcms); 192 MemoryRegion *sysmem = get_system_memory(); 193 ram_addr_t block_len; 194 uint64_t user_lowmem = 195 object_property_get_uint(qdev_get_machine(), 196 PC_MACHINE_MAX_RAM_BELOW_4G, 197 &error_abort); 198 199 /* Handle the machine opt max-ram-below-4g. It is basically doing 200 * min(xen limit, user limit). 201 */ 202 if (!user_lowmem) { 203 user_lowmem = HVM_BELOW_4G_RAM_END; /* default */ 204 } 205 if (HVM_BELOW_4G_RAM_END <= user_lowmem) { 206 user_lowmem = HVM_BELOW_4G_RAM_END; 207 } 208 209 if (ram_size >= user_lowmem) { 210 x86ms->above_4g_mem_size = ram_size - user_lowmem; 211 x86ms->below_4g_mem_size = user_lowmem; 212 } else { 213 x86ms->above_4g_mem_size = 0; 214 x86ms->below_4g_mem_size = ram_size; 215 } 216 if (!x86ms->above_4g_mem_size) { 217 block_len = ram_size; 218 } else { 219 /* 220 * Xen does not allocate the memory continuously, it keeps a 221 * hole of the size computed above or passed in. 222 */ 223 block_len = (4 * GiB) + x86ms->above_4g_mem_size; 224 } 225 memory_region_init_ram(&ram_memory, NULL, "xen.ram", block_len, 226 &error_fatal); 227 *ram_memory_p = &ram_memory; 228 229 memory_region_init_alias(&ram_640k, NULL, "xen.ram.640k", 230 &ram_memory, 0, 0xa0000); 231 memory_region_add_subregion(sysmem, 0, &ram_640k); 232 /* Skip of the VGA IO memory space, it will be registered later by the VGA 233 * emulated device. 234 * 235 * The area between 0xc0000 and 0x100000 will be used by SeaBIOS to load 236 * the Options ROM, so it is registered here as RAM. 237 */ 238 memory_region_init_alias(&ram_lo, NULL, "xen.ram.lo", 239 &ram_memory, 0xc0000, 240 x86ms->below_4g_mem_size - 0xc0000); 241 memory_region_add_subregion(sysmem, 0xc0000, &ram_lo); 242 if (x86ms->above_4g_mem_size > 0) { 243 memory_region_init_alias(&ram_hi, NULL, "xen.ram.hi", 244 &ram_memory, 0x100000000ULL, 245 x86ms->above_4g_mem_size); 246 memory_region_add_subregion(sysmem, 0x100000000ULL, &ram_hi); 247 } 248 } 249 250 void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, MemoryRegion *mr, 251 Error **errp) 252 { 253 unsigned long nr_pfn; 254 xen_pfn_t *pfn_list; 255 int i; 256 257 if (runstate_check(RUN_STATE_INMIGRATE)) { 258 /* RAM already populated in Xen */ 259 fprintf(stderr, "%s: do not alloc "RAM_ADDR_FMT 260 " bytes of ram at "RAM_ADDR_FMT" when runstate is INMIGRATE\n", 261 __func__, size, ram_addr); 262 return; 263 } 264 265 if (mr == &ram_memory) { 266 return; 267 } 268 269 trace_xen_ram_alloc(ram_addr, size); 270 271 nr_pfn = size >> TARGET_PAGE_BITS; 272 pfn_list = g_malloc(sizeof (*pfn_list) * nr_pfn); 273 274 for (i = 0; i < nr_pfn; i++) { 275 pfn_list[i] = (ram_addr >> TARGET_PAGE_BITS) + i; 276 } 277 278 if (xc_domain_populate_physmap_exact(xen_xc, xen_domid, nr_pfn, 0, 0, pfn_list)) { 279 error_setg(errp, "xen: failed to populate ram at " RAM_ADDR_FMT, 280 ram_addr); 281 } 282 283 g_free(pfn_list); 284 } 285 286 static XenPhysmap *get_physmapping(hwaddr start_addr, ram_addr_t size) 287 { 288 XenPhysmap *physmap = NULL; 289 290 start_addr &= TARGET_PAGE_MASK; 291 292 QLIST_FOREACH(physmap, &xen_physmap, list) { 293 if (range_covers_byte(physmap->start_addr, physmap->size, start_addr)) { 294 return physmap; 295 } 296 } 297 return NULL; 298 } 299 300 static hwaddr xen_phys_offset_to_gaddr(hwaddr phys_offset, ram_addr_t size) 301 { 302 hwaddr addr = phys_offset & TARGET_PAGE_MASK; 303 XenPhysmap *physmap = NULL; 304 305 QLIST_FOREACH(physmap, &xen_physmap, list) { 306 if (range_covers_byte(physmap->phys_offset, physmap->size, addr)) { 307 return physmap->start_addr + (phys_offset - physmap->phys_offset); 308 } 309 } 310 311 return phys_offset; 312 } 313 314 #ifdef XEN_COMPAT_PHYSMAP 315 static int xen_save_physmap(XenIOState *state, XenPhysmap *physmap) 316 { 317 char path[80], value[17]; 318 319 snprintf(path, sizeof(path), 320 "/local/domain/0/device-model/%d/physmap/%"PRIx64"/start_addr", 321 xen_domid, (uint64_t)physmap->phys_offset); 322 snprintf(value, sizeof(value), "%"PRIx64, (uint64_t)physmap->start_addr); 323 if (!xs_write(state->xenstore, 0, path, value, strlen(value))) { 324 return -1; 325 } 326 snprintf(path, sizeof(path), 327 "/local/domain/0/device-model/%d/physmap/%"PRIx64"/size", 328 xen_domid, (uint64_t)physmap->phys_offset); 329 snprintf(value, sizeof(value), "%"PRIx64, (uint64_t)physmap->size); 330 if (!xs_write(state->xenstore, 0, path, value, strlen(value))) { 331 return -1; 332 } 333 if (physmap->name) { 334 snprintf(path, sizeof(path), 335 "/local/domain/0/device-model/%d/physmap/%"PRIx64"/name", 336 xen_domid, (uint64_t)physmap->phys_offset); 337 if (!xs_write(state->xenstore, 0, path, 338 physmap->name, strlen(physmap->name))) { 339 return -1; 340 } 341 } 342 return 0; 343 } 344 #else 345 static int xen_save_physmap(XenIOState *state, XenPhysmap *physmap) 346 { 347 return 0; 348 } 349 #endif 350 351 static int xen_add_to_physmap(XenIOState *state, 352 hwaddr start_addr, 353 ram_addr_t size, 354 MemoryRegion *mr, 355 hwaddr offset_within_region) 356 { 357 unsigned long nr_pages; 358 int rc = 0; 359 XenPhysmap *physmap = NULL; 360 hwaddr pfn, start_gpfn; 361 hwaddr phys_offset = memory_region_get_ram_addr(mr); 362 const char *mr_name; 363 364 if (get_physmapping(start_addr, size)) { 365 return 0; 366 } 367 if (size <= 0) { 368 return -1; 369 } 370 371 /* Xen can only handle a single dirty log region for now and we want 372 * the linear framebuffer to be that region. 373 * Avoid tracking any regions that is not videoram and avoid tracking 374 * the legacy vga region. */ 375 if (mr == framebuffer && start_addr > 0xbffff) { 376 goto go_physmap; 377 } 378 return -1; 379 380 go_physmap: 381 DPRINTF("mapping vram to %"HWADDR_PRIx" - %"HWADDR_PRIx"\n", 382 start_addr, start_addr + size); 383 384 mr_name = memory_region_name(mr); 385 386 physmap = g_new(XenPhysmap, 1); 387 388 physmap->start_addr = start_addr; 389 physmap->size = size; 390 physmap->name = mr_name; 391 physmap->phys_offset = phys_offset; 392 393 QLIST_INSERT_HEAD(&xen_physmap, physmap, list); 394 395 if (runstate_check(RUN_STATE_INMIGRATE)) { 396 /* Now when we have a physmap entry we can replace a dummy mapping with 397 * a real one of guest foreign memory. */ 398 uint8_t *p = xen_replace_cache_entry(phys_offset, start_addr, size); 399 assert(p && p == memory_region_get_ram_ptr(mr)); 400 401 return 0; 402 } 403 404 pfn = phys_offset >> TARGET_PAGE_BITS; 405 start_gpfn = start_addr >> TARGET_PAGE_BITS; 406 nr_pages = size >> TARGET_PAGE_BITS; 407 rc = xendevicemodel_relocate_memory(xen_dmod, xen_domid, nr_pages, pfn, 408 start_gpfn); 409 if (rc) { 410 int saved_errno = errno; 411 412 error_report("relocate_memory %lu pages from GFN %"HWADDR_PRIx 413 " to GFN %"HWADDR_PRIx" failed: %s", 414 nr_pages, pfn, start_gpfn, strerror(saved_errno)); 415 errno = saved_errno; 416 return -1; 417 } 418 419 rc = xendevicemodel_pin_memory_cacheattr(xen_dmod, xen_domid, 420 start_addr >> TARGET_PAGE_BITS, 421 (start_addr + size - 1) >> TARGET_PAGE_BITS, 422 XEN_DOMCTL_MEM_CACHEATTR_WB); 423 if (rc) { 424 error_report("pin_memory_cacheattr failed: %s", strerror(errno)); 425 } 426 return xen_save_physmap(state, physmap); 427 } 428 429 static int xen_remove_from_physmap(XenIOState *state, 430 hwaddr start_addr, 431 ram_addr_t size) 432 { 433 int rc = 0; 434 XenPhysmap *physmap = NULL; 435 hwaddr phys_offset = 0; 436 437 physmap = get_physmapping(start_addr, size); 438 if (physmap == NULL) { 439 return -1; 440 } 441 442 phys_offset = physmap->phys_offset; 443 size = physmap->size; 444 445 DPRINTF("unmapping vram to %"HWADDR_PRIx" - %"HWADDR_PRIx", at " 446 "%"HWADDR_PRIx"\n", start_addr, start_addr + size, phys_offset); 447 448 size >>= TARGET_PAGE_BITS; 449 start_addr >>= TARGET_PAGE_BITS; 450 phys_offset >>= TARGET_PAGE_BITS; 451 rc = xendevicemodel_relocate_memory(xen_dmod, xen_domid, size, start_addr, 452 phys_offset); 453 if (rc) { 454 int saved_errno = errno; 455 456 error_report("relocate_memory "RAM_ADDR_FMT" pages" 457 " from GFN %"HWADDR_PRIx 458 " to GFN %"HWADDR_PRIx" failed: %s", 459 size, start_addr, phys_offset, strerror(saved_errno)); 460 errno = saved_errno; 461 return -1; 462 } 463 464 QLIST_REMOVE(physmap, list); 465 if (state->log_for_dirtybit == physmap) { 466 state->log_for_dirtybit = NULL; 467 g_free(state->dirty_bitmap); 468 state->dirty_bitmap = NULL; 469 } 470 g_free(physmap); 471 472 return 0; 473 } 474 475 static void xen_set_memory(struct MemoryListener *listener, 476 MemoryRegionSection *section, 477 bool add) 478 { 479 XenIOState *state = container_of(listener, XenIOState, memory_listener); 480 hwaddr start_addr = section->offset_within_address_space; 481 ram_addr_t size = int128_get64(section->size); 482 bool log_dirty = memory_region_is_logging(section->mr, DIRTY_MEMORY_VGA); 483 hvmmem_type_t mem_type; 484 485 if (section->mr == &ram_memory) { 486 return; 487 } else { 488 if (add) { 489 xen_map_memory_section(xen_domid, state->ioservid, 490 section); 491 } else { 492 xen_unmap_memory_section(xen_domid, state->ioservid, 493 section); 494 } 495 } 496 497 if (!memory_region_is_ram(section->mr)) { 498 return; 499 } 500 501 if (log_dirty != add) { 502 return; 503 } 504 505 trace_xen_client_set_memory(start_addr, size, log_dirty); 506 507 start_addr &= TARGET_PAGE_MASK; 508 size = TARGET_PAGE_ALIGN(size); 509 510 if (add) { 511 if (!memory_region_is_rom(section->mr)) { 512 xen_add_to_physmap(state, start_addr, size, 513 section->mr, section->offset_within_region); 514 } else { 515 mem_type = HVMMEM_ram_ro; 516 if (xen_set_mem_type(xen_domid, mem_type, 517 start_addr >> TARGET_PAGE_BITS, 518 size >> TARGET_PAGE_BITS)) { 519 DPRINTF("xen_set_mem_type error, addr: "TARGET_FMT_plx"\n", 520 start_addr); 521 } 522 } 523 } else { 524 if (xen_remove_from_physmap(state, start_addr, size) < 0) { 525 DPRINTF("physmapping does not exist at "TARGET_FMT_plx"\n", start_addr); 526 } 527 } 528 } 529 530 static void xen_region_add(MemoryListener *listener, 531 MemoryRegionSection *section) 532 { 533 memory_region_ref(section->mr); 534 xen_set_memory(listener, section, true); 535 } 536 537 static void xen_region_del(MemoryListener *listener, 538 MemoryRegionSection *section) 539 { 540 xen_set_memory(listener, section, false); 541 memory_region_unref(section->mr); 542 } 543 544 static void xen_io_add(MemoryListener *listener, 545 MemoryRegionSection *section) 546 { 547 XenIOState *state = container_of(listener, XenIOState, io_listener); 548 MemoryRegion *mr = section->mr; 549 550 if (mr->ops == &unassigned_io_ops) { 551 return; 552 } 553 554 memory_region_ref(mr); 555 556 xen_map_io_section(xen_domid, state->ioservid, section); 557 } 558 559 static void xen_io_del(MemoryListener *listener, 560 MemoryRegionSection *section) 561 { 562 XenIOState *state = container_of(listener, XenIOState, io_listener); 563 MemoryRegion *mr = section->mr; 564 565 if (mr->ops == &unassigned_io_ops) { 566 return; 567 } 568 569 xen_unmap_io_section(xen_domid, state->ioservid, section); 570 571 memory_region_unref(mr); 572 } 573 574 static void xen_device_realize(DeviceListener *listener, 575 DeviceState *dev) 576 { 577 XenIOState *state = container_of(listener, XenIOState, device_listener); 578 579 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) { 580 PCIDevice *pci_dev = PCI_DEVICE(dev); 581 XenPciDevice *xendev = g_new(XenPciDevice, 1); 582 583 xendev->pci_dev = pci_dev; 584 xendev->sbdf = PCI_BUILD_BDF(pci_dev_bus_num(pci_dev), 585 pci_dev->devfn); 586 QLIST_INSERT_HEAD(&state->dev_list, xendev, entry); 587 588 xen_map_pcidev(xen_domid, state->ioservid, pci_dev); 589 } 590 } 591 592 static void xen_device_unrealize(DeviceListener *listener, 593 DeviceState *dev) 594 { 595 XenIOState *state = container_of(listener, XenIOState, device_listener); 596 597 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) { 598 PCIDevice *pci_dev = PCI_DEVICE(dev); 599 XenPciDevice *xendev, *next; 600 601 xen_unmap_pcidev(xen_domid, state->ioservid, pci_dev); 602 603 QLIST_FOREACH_SAFE(xendev, &state->dev_list, entry, next) { 604 if (xendev->pci_dev == pci_dev) { 605 QLIST_REMOVE(xendev, entry); 606 g_free(xendev); 607 break; 608 } 609 } 610 } 611 } 612 613 static void xen_sync_dirty_bitmap(XenIOState *state, 614 hwaddr start_addr, 615 ram_addr_t size) 616 { 617 hwaddr npages = size >> TARGET_PAGE_BITS; 618 const int width = sizeof(unsigned long) * 8; 619 size_t bitmap_size = DIV_ROUND_UP(npages, width); 620 int rc, i, j; 621 const XenPhysmap *physmap = NULL; 622 623 physmap = get_physmapping(start_addr, size); 624 if (physmap == NULL) { 625 /* not handled */ 626 return; 627 } 628 629 if (state->log_for_dirtybit == NULL) { 630 state->log_for_dirtybit = physmap; 631 state->dirty_bitmap = g_new(unsigned long, bitmap_size); 632 } else if (state->log_for_dirtybit != physmap) { 633 /* Only one range for dirty bitmap can be tracked. */ 634 return; 635 } 636 637 rc = xen_track_dirty_vram(xen_domid, start_addr >> TARGET_PAGE_BITS, 638 npages, state->dirty_bitmap); 639 if (rc < 0) { 640 #ifndef ENODATA 641 #define ENODATA ENOENT 642 #endif 643 if (errno == ENODATA) { 644 memory_region_set_dirty(framebuffer, 0, size); 645 DPRINTF("xen: track_dirty_vram failed (0x" TARGET_FMT_plx 646 ", 0x" TARGET_FMT_plx "): %s\n", 647 start_addr, start_addr + size, strerror(errno)); 648 } 649 return; 650 } 651 652 for (i = 0; i < bitmap_size; i++) { 653 unsigned long map = state->dirty_bitmap[i]; 654 while (map != 0) { 655 j = ctzl(map); 656 map &= ~(1ul << j); 657 memory_region_set_dirty(framebuffer, 658 (i * width + j) * TARGET_PAGE_SIZE, 659 TARGET_PAGE_SIZE); 660 }; 661 } 662 } 663 664 static void xen_log_start(MemoryListener *listener, 665 MemoryRegionSection *section, 666 int old, int new) 667 { 668 XenIOState *state = container_of(listener, XenIOState, memory_listener); 669 670 if (new & ~old & (1 << DIRTY_MEMORY_VGA)) { 671 xen_sync_dirty_bitmap(state, section->offset_within_address_space, 672 int128_get64(section->size)); 673 } 674 } 675 676 static void xen_log_stop(MemoryListener *listener, MemoryRegionSection *section, 677 int old, int new) 678 { 679 XenIOState *state = container_of(listener, XenIOState, memory_listener); 680 681 if (old & ~new & (1 << DIRTY_MEMORY_VGA)) { 682 state->log_for_dirtybit = NULL; 683 g_free(state->dirty_bitmap); 684 state->dirty_bitmap = NULL; 685 /* Disable dirty bit tracking */ 686 xen_track_dirty_vram(xen_domid, 0, 0, NULL); 687 } 688 } 689 690 static void xen_log_sync(MemoryListener *listener, MemoryRegionSection *section) 691 { 692 XenIOState *state = container_of(listener, XenIOState, memory_listener); 693 694 xen_sync_dirty_bitmap(state, section->offset_within_address_space, 695 int128_get64(section->size)); 696 } 697 698 static void xen_log_global_start(MemoryListener *listener) 699 { 700 if (xen_enabled()) { 701 xen_in_migration = true; 702 } 703 } 704 705 static void xen_log_global_stop(MemoryListener *listener) 706 { 707 xen_in_migration = false; 708 } 709 710 static MemoryListener xen_memory_listener = { 711 .name = "xen-memory", 712 .region_add = xen_region_add, 713 .region_del = xen_region_del, 714 .log_start = xen_log_start, 715 .log_stop = xen_log_stop, 716 .log_sync = xen_log_sync, 717 .log_global_start = xen_log_global_start, 718 .log_global_stop = xen_log_global_stop, 719 .priority = 10, 720 }; 721 722 static MemoryListener xen_io_listener = { 723 .name = "xen-io", 724 .region_add = xen_io_add, 725 .region_del = xen_io_del, 726 .priority = 10, 727 }; 728 729 static DeviceListener xen_device_listener = { 730 .realize = xen_device_realize, 731 .unrealize = xen_device_unrealize, 732 }; 733 734 /* get the ioreq packets from share mem */ 735 static ioreq_t *cpu_get_ioreq_from_shared_memory(XenIOState *state, int vcpu) 736 { 737 ioreq_t *req = xen_vcpu_ioreq(state->shared_page, vcpu); 738 739 if (req->state != STATE_IOREQ_READY) { 740 DPRINTF("I/O request not ready: " 741 "%x, ptr: %x, port: %"PRIx64", " 742 "data: %"PRIx64", count: %u, size: %u\n", 743 req->state, req->data_is_ptr, req->addr, 744 req->data, req->count, req->size); 745 return NULL; 746 } 747 748 xen_rmb(); /* see IOREQ_READY /then/ read contents of ioreq */ 749 750 req->state = STATE_IOREQ_INPROCESS; 751 return req; 752 } 753 754 /* use poll to get the port notification */ 755 /* ioreq_vec--out,the */ 756 /* retval--the number of ioreq packet */ 757 static ioreq_t *cpu_get_ioreq(XenIOState *state) 758 { 759 MachineState *ms = MACHINE(qdev_get_machine()); 760 unsigned int max_cpus = ms->smp.max_cpus; 761 int i; 762 evtchn_port_t port; 763 764 port = xenevtchn_pending(state->xce_handle); 765 if (port == state->bufioreq_local_port) { 766 timer_mod(state->buffered_io_timer, 767 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME)); 768 return NULL; 769 } 770 771 if (port != -1) { 772 for (i = 0; i < max_cpus; i++) { 773 if (state->ioreq_local_port[i] == port) { 774 break; 775 } 776 } 777 778 if (i == max_cpus) { 779 hw_error("Fatal error while trying to get io event!\n"); 780 } 781 782 /* unmask the wanted port again */ 783 xenevtchn_unmask(state->xce_handle, port); 784 785 /* get the io packet from shared memory */ 786 state->send_vcpu = i; 787 return cpu_get_ioreq_from_shared_memory(state, i); 788 } 789 790 /* read error or read nothing */ 791 return NULL; 792 } 793 794 static uint32_t do_inp(uint32_t addr, unsigned long size) 795 { 796 switch (size) { 797 case 1: 798 return cpu_inb(addr); 799 case 2: 800 return cpu_inw(addr); 801 case 4: 802 return cpu_inl(addr); 803 default: 804 hw_error("inp: bad size: %04x %lx", addr, size); 805 } 806 } 807 808 static void do_outp(uint32_t addr, 809 unsigned long size, uint32_t val) 810 { 811 switch (size) { 812 case 1: 813 return cpu_outb(addr, val); 814 case 2: 815 return cpu_outw(addr, val); 816 case 4: 817 return cpu_outl(addr, val); 818 default: 819 hw_error("outp: bad size: %04x %lx", addr, size); 820 } 821 } 822 823 /* 824 * Helper functions which read/write an object from/to physical guest 825 * memory, as part of the implementation of an ioreq. 826 * 827 * Equivalent to 828 * cpu_physical_memory_rw(addr + (req->df ? -1 : +1) * req->size * i, 829 * val, req->size, 0/1) 830 * except without the integer overflow problems. 831 */ 832 static void rw_phys_req_item(hwaddr addr, 833 ioreq_t *req, uint32_t i, void *val, int rw) 834 { 835 /* Do everything unsigned so overflow just results in a truncated result 836 * and accesses to undesired parts of guest memory, which is up 837 * to the guest */ 838 hwaddr offset = (hwaddr)req->size * i; 839 if (req->df) { 840 addr -= offset; 841 } else { 842 addr += offset; 843 } 844 cpu_physical_memory_rw(addr, val, req->size, rw); 845 } 846 847 static inline void read_phys_req_item(hwaddr addr, 848 ioreq_t *req, uint32_t i, void *val) 849 { 850 rw_phys_req_item(addr, req, i, val, 0); 851 } 852 static inline void write_phys_req_item(hwaddr addr, 853 ioreq_t *req, uint32_t i, void *val) 854 { 855 rw_phys_req_item(addr, req, i, val, 1); 856 } 857 858 859 static void cpu_ioreq_pio(ioreq_t *req) 860 { 861 uint32_t i; 862 863 trace_cpu_ioreq_pio(req, req->dir, req->df, req->data_is_ptr, req->addr, 864 req->data, req->count, req->size); 865 866 if (req->size > sizeof(uint32_t)) { 867 hw_error("PIO: bad size (%u)", req->size); 868 } 869 870 if (req->dir == IOREQ_READ) { 871 if (!req->data_is_ptr) { 872 req->data = do_inp(req->addr, req->size); 873 trace_cpu_ioreq_pio_read_reg(req, req->data, req->addr, 874 req->size); 875 } else { 876 uint32_t tmp; 877 878 for (i = 0; i < req->count; i++) { 879 tmp = do_inp(req->addr, req->size); 880 write_phys_req_item(req->data, req, i, &tmp); 881 } 882 } 883 } else if (req->dir == IOREQ_WRITE) { 884 if (!req->data_is_ptr) { 885 trace_cpu_ioreq_pio_write_reg(req, req->data, req->addr, 886 req->size); 887 do_outp(req->addr, req->size, req->data); 888 } else { 889 for (i = 0; i < req->count; i++) { 890 uint32_t tmp = 0; 891 892 read_phys_req_item(req->data, req, i, &tmp); 893 do_outp(req->addr, req->size, tmp); 894 } 895 } 896 } 897 } 898 899 static void cpu_ioreq_move(ioreq_t *req) 900 { 901 uint32_t i; 902 903 trace_cpu_ioreq_move(req, req->dir, req->df, req->data_is_ptr, req->addr, 904 req->data, req->count, req->size); 905 906 if (req->size > sizeof(req->data)) { 907 hw_error("MMIO: bad size (%u)", req->size); 908 } 909 910 if (!req->data_is_ptr) { 911 if (req->dir == IOREQ_READ) { 912 for (i = 0; i < req->count; i++) { 913 read_phys_req_item(req->addr, req, i, &req->data); 914 } 915 } else if (req->dir == IOREQ_WRITE) { 916 for (i = 0; i < req->count; i++) { 917 write_phys_req_item(req->addr, req, i, &req->data); 918 } 919 } 920 } else { 921 uint64_t tmp; 922 923 if (req->dir == IOREQ_READ) { 924 for (i = 0; i < req->count; i++) { 925 read_phys_req_item(req->addr, req, i, &tmp); 926 write_phys_req_item(req->data, req, i, &tmp); 927 } 928 } else if (req->dir == IOREQ_WRITE) { 929 for (i = 0; i < req->count; i++) { 930 read_phys_req_item(req->data, req, i, &tmp); 931 write_phys_req_item(req->addr, req, i, &tmp); 932 } 933 } 934 } 935 } 936 937 static void cpu_ioreq_config(XenIOState *state, ioreq_t *req) 938 { 939 uint32_t sbdf = req->addr >> 32; 940 uint32_t reg = req->addr; 941 XenPciDevice *xendev; 942 943 if (req->size != sizeof(uint8_t) && req->size != sizeof(uint16_t) && 944 req->size != sizeof(uint32_t)) { 945 hw_error("PCI config access: bad size (%u)", req->size); 946 } 947 948 if (req->count != 1) { 949 hw_error("PCI config access: bad count (%u)", req->count); 950 } 951 952 QLIST_FOREACH(xendev, &state->dev_list, entry) { 953 if (xendev->sbdf != sbdf) { 954 continue; 955 } 956 957 if (!req->data_is_ptr) { 958 if (req->dir == IOREQ_READ) { 959 req->data = pci_host_config_read_common( 960 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 961 req->size); 962 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg, 963 req->size, req->data); 964 } else if (req->dir == IOREQ_WRITE) { 965 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg, 966 req->size, req->data); 967 pci_host_config_write_common( 968 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 969 req->data, req->size); 970 } 971 } else { 972 uint32_t tmp; 973 974 if (req->dir == IOREQ_READ) { 975 tmp = pci_host_config_read_common( 976 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 977 req->size); 978 trace_cpu_ioreq_config_read(req, xendev->sbdf, reg, 979 req->size, tmp); 980 write_phys_req_item(req->data, req, 0, &tmp); 981 } else if (req->dir == IOREQ_WRITE) { 982 read_phys_req_item(req->data, req, 0, &tmp); 983 trace_cpu_ioreq_config_write(req, xendev->sbdf, reg, 984 req->size, tmp); 985 pci_host_config_write_common( 986 xendev->pci_dev, reg, PCI_CONFIG_SPACE_SIZE, 987 tmp, req->size); 988 } 989 } 990 } 991 } 992 993 static void regs_to_cpu(vmware_regs_t *vmport_regs, ioreq_t *req) 994 { 995 X86CPU *cpu; 996 CPUX86State *env; 997 998 cpu = X86_CPU(current_cpu); 999 env = &cpu->env; 1000 env->regs[R_EAX] = req->data; 1001 env->regs[R_EBX] = vmport_regs->ebx; 1002 env->regs[R_ECX] = vmport_regs->ecx; 1003 env->regs[R_EDX] = vmport_regs->edx; 1004 env->regs[R_ESI] = vmport_regs->esi; 1005 env->regs[R_EDI] = vmport_regs->edi; 1006 } 1007 1008 static void regs_from_cpu(vmware_regs_t *vmport_regs) 1009 { 1010 X86CPU *cpu = X86_CPU(current_cpu); 1011 CPUX86State *env = &cpu->env; 1012 1013 vmport_regs->ebx = env->regs[R_EBX]; 1014 vmport_regs->ecx = env->regs[R_ECX]; 1015 vmport_regs->edx = env->regs[R_EDX]; 1016 vmport_regs->esi = env->regs[R_ESI]; 1017 vmport_regs->edi = env->regs[R_EDI]; 1018 } 1019 1020 static void handle_vmport_ioreq(XenIOState *state, ioreq_t *req) 1021 { 1022 vmware_regs_t *vmport_regs; 1023 1024 assert(state->shared_vmport_page); 1025 vmport_regs = 1026 &state->shared_vmport_page->vcpu_vmport_regs[state->send_vcpu]; 1027 QEMU_BUILD_BUG_ON(sizeof(*req) < sizeof(*vmport_regs)); 1028 1029 current_cpu = state->cpu_by_vcpu_id[state->send_vcpu]; 1030 regs_to_cpu(vmport_regs, req); 1031 cpu_ioreq_pio(req); 1032 regs_from_cpu(vmport_regs); 1033 current_cpu = NULL; 1034 } 1035 1036 static void handle_ioreq(XenIOState *state, ioreq_t *req) 1037 { 1038 trace_handle_ioreq(req, req->type, req->dir, req->df, req->data_is_ptr, 1039 req->addr, req->data, req->count, req->size); 1040 1041 if (!req->data_is_ptr && (req->dir == IOREQ_WRITE) && 1042 (req->size < sizeof (target_ulong))) { 1043 req->data &= ((target_ulong) 1 << (8 * req->size)) - 1; 1044 } 1045 1046 if (req->dir == IOREQ_WRITE) 1047 trace_handle_ioreq_write(req, req->type, req->df, req->data_is_ptr, 1048 req->addr, req->data, req->count, req->size); 1049 1050 switch (req->type) { 1051 case IOREQ_TYPE_PIO: 1052 cpu_ioreq_pio(req); 1053 break; 1054 case IOREQ_TYPE_COPY: 1055 cpu_ioreq_move(req); 1056 break; 1057 case IOREQ_TYPE_VMWARE_PORT: 1058 handle_vmport_ioreq(state, req); 1059 break; 1060 case IOREQ_TYPE_TIMEOFFSET: 1061 break; 1062 case IOREQ_TYPE_INVALIDATE: 1063 xen_invalidate_map_cache(); 1064 break; 1065 case IOREQ_TYPE_PCI_CONFIG: 1066 cpu_ioreq_config(state, req); 1067 break; 1068 default: 1069 hw_error("Invalid ioreq type 0x%x\n", req->type); 1070 } 1071 if (req->dir == IOREQ_READ) { 1072 trace_handle_ioreq_read(req, req->type, req->df, req->data_is_ptr, 1073 req->addr, req->data, req->count, req->size); 1074 } 1075 } 1076 1077 static bool handle_buffered_iopage(XenIOState *state) 1078 { 1079 buffered_iopage_t *buf_page = state->buffered_io_page; 1080 buf_ioreq_t *buf_req = NULL; 1081 bool handled_ioreq = false; 1082 ioreq_t req; 1083 int qw; 1084 1085 if (!buf_page) { 1086 return 0; 1087 } 1088 1089 memset(&req, 0x00, sizeof(req)); 1090 req.state = STATE_IOREQ_READY; 1091 req.count = 1; 1092 req.dir = IOREQ_WRITE; 1093 1094 for (;;) { 1095 uint32_t rdptr = buf_page->read_pointer, wrptr; 1096 1097 xen_rmb(); 1098 wrptr = buf_page->write_pointer; 1099 xen_rmb(); 1100 if (rdptr != buf_page->read_pointer) { 1101 continue; 1102 } 1103 if (rdptr == wrptr) { 1104 break; 1105 } 1106 buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM]; 1107 req.size = 1U << buf_req->size; 1108 req.addr = buf_req->addr; 1109 req.data = buf_req->data; 1110 req.type = buf_req->type; 1111 xen_rmb(); 1112 qw = (req.size == 8); 1113 if (qw) { 1114 if (rdptr + 1 == wrptr) { 1115 hw_error("Incomplete quad word buffered ioreq"); 1116 } 1117 buf_req = &buf_page->buf_ioreq[(rdptr + 1) % 1118 IOREQ_BUFFER_SLOT_NUM]; 1119 req.data |= ((uint64_t)buf_req->data) << 32; 1120 xen_rmb(); 1121 } 1122 1123 handle_ioreq(state, &req); 1124 1125 /* Only req.data may get updated by handle_ioreq(), albeit even that 1126 * should not happen as such data would never make it to the guest (we 1127 * can only usefully see writes here after all). 1128 */ 1129 assert(req.state == STATE_IOREQ_READY); 1130 assert(req.count == 1); 1131 assert(req.dir == IOREQ_WRITE); 1132 assert(!req.data_is_ptr); 1133 1134 qatomic_add(&buf_page->read_pointer, qw + 1); 1135 handled_ioreq = true; 1136 } 1137 1138 return handled_ioreq; 1139 } 1140 1141 static void handle_buffered_io(void *opaque) 1142 { 1143 XenIOState *state = opaque; 1144 1145 if (handle_buffered_iopage(state)) { 1146 timer_mod(state->buffered_io_timer, 1147 BUFFER_IO_MAX_DELAY + qemu_clock_get_ms(QEMU_CLOCK_REALTIME)); 1148 } else { 1149 timer_del(state->buffered_io_timer); 1150 xenevtchn_unmask(state->xce_handle, state->bufioreq_local_port); 1151 } 1152 } 1153 1154 static void cpu_handle_ioreq(void *opaque) 1155 { 1156 XenIOState *state = opaque; 1157 ioreq_t *req = cpu_get_ioreq(state); 1158 1159 handle_buffered_iopage(state); 1160 if (req) { 1161 ioreq_t copy = *req; 1162 1163 xen_rmb(); 1164 handle_ioreq(state, ©); 1165 req->data = copy.data; 1166 1167 if (req->state != STATE_IOREQ_INPROCESS) { 1168 fprintf(stderr, "Badness in I/O request ... not in service?!: " 1169 "%x, ptr: %x, port: %"PRIx64", " 1170 "data: %"PRIx64", count: %u, size: %u, type: %u\n", 1171 req->state, req->data_is_ptr, req->addr, 1172 req->data, req->count, req->size, req->type); 1173 destroy_hvm_domain(false); 1174 return; 1175 } 1176 1177 xen_wmb(); /* Update ioreq contents /then/ update state. */ 1178 1179 /* 1180 * We do this before we send the response so that the tools 1181 * have the opportunity to pick up on the reset before the 1182 * guest resumes and does a hlt with interrupts disabled which 1183 * causes Xen to powerdown the domain. 1184 */ 1185 if (runstate_is_running()) { 1186 ShutdownCause request; 1187 1188 if (qemu_shutdown_requested_get()) { 1189 destroy_hvm_domain(false); 1190 } 1191 request = qemu_reset_requested_get(); 1192 if (request) { 1193 qemu_system_reset(request); 1194 destroy_hvm_domain(true); 1195 } 1196 } 1197 1198 req->state = STATE_IORESP_READY; 1199 xenevtchn_notify(state->xce_handle, 1200 state->ioreq_local_port[state->send_vcpu]); 1201 } 1202 } 1203 1204 static void xen_main_loop_prepare(XenIOState *state) 1205 { 1206 int evtchn_fd = -1; 1207 1208 if (state->xce_handle != NULL) { 1209 evtchn_fd = xenevtchn_fd(state->xce_handle); 1210 } 1211 1212 state->buffered_io_timer = timer_new_ms(QEMU_CLOCK_REALTIME, handle_buffered_io, 1213 state); 1214 1215 if (evtchn_fd != -1) { 1216 CPUState *cpu_state; 1217 1218 DPRINTF("%s: Init cpu_by_vcpu_id\n", __func__); 1219 CPU_FOREACH(cpu_state) { 1220 DPRINTF("%s: cpu_by_vcpu_id[%d]=%p\n", 1221 __func__, cpu_state->cpu_index, cpu_state); 1222 state->cpu_by_vcpu_id[cpu_state->cpu_index] = cpu_state; 1223 } 1224 qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state); 1225 } 1226 } 1227 1228 1229 static void xen_hvm_change_state_handler(void *opaque, bool running, 1230 RunState rstate) 1231 { 1232 XenIOState *state = opaque; 1233 1234 if (running) { 1235 xen_main_loop_prepare(state); 1236 } 1237 1238 xen_set_ioreq_server_state(xen_domid, 1239 state->ioservid, 1240 (rstate == RUN_STATE_RUNNING)); 1241 } 1242 1243 static void xen_exit_notifier(Notifier *n, void *data) 1244 { 1245 XenIOState *state = container_of(n, XenIOState, exit); 1246 1247 xen_destroy_ioreq_server(xen_domid, state->ioservid); 1248 if (state->fres != NULL) { 1249 xenforeignmemory_unmap_resource(xen_fmem, state->fres); 1250 } 1251 1252 xenevtchn_close(state->xce_handle); 1253 xs_daemon_close(state->xenstore); 1254 } 1255 1256 #ifdef XEN_COMPAT_PHYSMAP 1257 static void xen_read_physmap(XenIOState *state) 1258 { 1259 XenPhysmap *physmap = NULL; 1260 unsigned int len, num, i; 1261 char path[80], *value = NULL; 1262 char **entries = NULL; 1263 1264 snprintf(path, sizeof(path), 1265 "/local/domain/0/device-model/%d/physmap", xen_domid); 1266 entries = xs_directory(state->xenstore, 0, path, &num); 1267 if (entries == NULL) 1268 return; 1269 1270 for (i = 0; i < num; i++) { 1271 physmap = g_new(XenPhysmap, 1); 1272 physmap->phys_offset = strtoull(entries[i], NULL, 16); 1273 snprintf(path, sizeof(path), 1274 "/local/domain/0/device-model/%d/physmap/%s/start_addr", 1275 xen_domid, entries[i]); 1276 value = xs_read(state->xenstore, 0, path, &len); 1277 if (value == NULL) { 1278 g_free(physmap); 1279 continue; 1280 } 1281 physmap->start_addr = strtoull(value, NULL, 16); 1282 free(value); 1283 1284 snprintf(path, sizeof(path), 1285 "/local/domain/0/device-model/%d/physmap/%s/size", 1286 xen_domid, entries[i]); 1287 value = xs_read(state->xenstore, 0, path, &len); 1288 if (value == NULL) { 1289 g_free(physmap); 1290 continue; 1291 } 1292 physmap->size = strtoull(value, NULL, 16); 1293 free(value); 1294 1295 snprintf(path, sizeof(path), 1296 "/local/domain/0/device-model/%d/physmap/%s/name", 1297 xen_domid, entries[i]); 1298 physmap->name = xs_read(state->xenstore, 0, path, &len); 1299 1300 QLIST_INSERT_HEAD(&xen_physmap, physmap, list); 1301 } 1302 free(entries); 1303 } 1304 #else 1305 static void xen_read_physmap(XenIOState *state) 1306 { 1307 } 1308 #endif 1309 1310 static void xen_wakeup_notifier(Notifier *notifier, void *data) 1311 { 1312 xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 0); 1313 } 1314 1315 static int xen_map_ioreq_server(XenIOState *state) 1316 { 1317 void *addr = NULL; 1318 xen_pfn_t ioreq_pfn; 1319 xen_pfn_t bufioreq_pfn; 1320 evtchn_port_t bufioreq_evtchn; 1321 int rc; 1322 1323 /* 1324 * Attempt to map using the resource API and fall back to normal 1325 * foreign mapping if this is not supported. 1326 */ 1327 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_bufioreq != 0); 1328 QEMU_BUILD_BUG_ON(XENMEM_resource_ioreq_server_frame_ioreq(0) != 1); 1329 state->fres = xenforeignmemory_map_resource(xen_fmem, xen_domid, 1330 XENMEM_resource_ioreq_server, 1331 state->ioservid, 0, 2, 1332 &addr, 1333 PROT_READ | PROT_WRITE, 0); 1334 if (state->fres != NULL) { 1335 trace_xen_map_resource_ioreq(state->ioservid, addr); 1336 state->buffered_io_page = addr; 1337 state->shared_page = addr + TARGET_PAGE_SIZE; 1338 } else if (errno != EOPNOTSUPP) { 1339 error_report("failed to map ioreq server resources: error %d handle=%p", 1340 errno, xen_xc); 1341 return -1; 1342 } 1343 1344 rc = xen_get_ioreq_server_info(xen_domid, state->ioservid, 1345 (state->shared_page == NULL) ? 1346 &ioreq_pfn : NULL, 1347 (state->buffered_io_page == NULL) ? 1348 &bufioreq_pfn : NULL, 1349 &bufioreq_evtchn); 1350 if (rc < 0) { 1351 error_report("failed to get ioreq server info: error %d handle=%p", 1352 errno, xen_xc); 1353 return rc; 1354 } 1355 1356 if (state->shared_page == NULL) { 1357 DPRINTF("shared page at pfn %lx\n", ioreq_pfn); 1358 1359 state->shared_page = xenforeignmemory_map(xen_fmem, xen_domid, 1360 PROT_READ | PROT_WRITE, 1361 1, &ioreq_pfn, NULL); 1362 if (state->shared_page == NULL) { 1363 error_report("map shared IO page returned error %d handle=%p", 1364 errno, xen_xc); 1365 } 1366 } 1367 1368 if (state->buffered_io_page == NULL) { 1369 DPRINTF("buffered io page at pfn %lx\n", bufioreq_pfn); 1370 1371 state->buffered_io_page = xenforeignmemory_map(xen_fmem, xen_domid, 1372 PROT_READ | PROT_WRITE, 1373 1, &bufioreq_pfn, 1374 NULL); 1375 if (state->buffered_io_page == NULL) { 1376 error_report("map buffered IO page returned error %d", errno); 1377 return -1; 1378 } 1379 } 1380 1381 if (state->shared_page == NULL || state->buffered_io_page == NULL) { 1382 return -1; 1383 } 1384 1385 DPRINTF("buffered io evtchn is %x\n", bufioreq_evtchn); 1386 1387 state->bufioreq_remote_port = bufioreq_evtchn; 1388 1389 return 0; 1390 } 1391 1392 void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion **ram_memory) 1393 { 1394 MachineState *ms = MACHINE(pcms); 1395 unsigned int max_cpus = ms->smp.max_cpus; 1396 int i, rc; 1397 xen_pfn_t ioreq_pfn; 1398 XenIOState *state; 1399 1400 state = g_new0(XenIOState, 1); 1401 1402 state->xce_handle = xenevtchn_open(NULL, 0); 1403 if (state->xce_handle == NULL) { 1404 perror("xen: event channel open"); 1405 goto err; 1406 } 1407 1408 state->xenstore = xs_daemon_open(); 1409 if (state->xenstore == NULL) { 1410 perror("xen: xenstore open"); 1411 goto err; 1412 } 1413 1414 xen_create_ioreq_server(xen_domid, &state->ioservid); 1415 1416 state->exit.notify = xen_exit_notifier; 1417 qemu_add_exit_notifier(&state->exit); 1418 1419 state->suspend.notify = xen_suspend_notifier; 1420 qemu_register_suspend_notifier(&state->suspend); 1421 1422 state->wakeup.notify = xen_wakeup_notifier; 1423 qemu_register_wakeup_notifier(&state->wakeup); 1424 1425 /* 1426 * Register wake-up support in QMP query-current-machine API 1427 */ 1428 qemu_register_wakeup_support(); 1429 1430 rc = xen_map_ioreq_server(state); 1431 if (rc < 0) { 1432 goto err; 1433 } 1434 1435 rc = xen_get_vmport_regs_pfn(xen_xc, xen_domid, &ioreq_pfn); 1436 if (!rc) { 1437 DPRINTF("shared vmport page at pfn %lx\n", ioreq_pfn); 1438 state->shared_vmport_page = 1439 xenforeignmemory_map(xen_fmem, xen_domid, PROT_READ|PROT_WRITE, 1440 1, &ioreq_pfn, NULL); 1441 if (state->shared_vmport_page == NULL) { 1442 error_report("map shared vmport IO page returned error %d handle=%p", 1443 errno, xen_xc); 1444 goto err; 1445 } 1446 } else if (rc != -ENOSYS) { 1447 error_report("get vmport regs pfn returned error %d, rc=%d", 1448 errno, rc); 1449 goto err; 1450 } 1451 1452 /* Note: cpus is empty at this point in init */ 1453 state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus); 1454 1455 rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true); 1456 if (rc < 0) { 1457 error_report("failed to enable ioreq server info: error %d handle=%p", 1458 errno, xen_xc); 1459 goto err; 1460 } 1461 1462 state->ioreq_local_port = g_new0(evtchn_port_t, max_cpus); 1463 1464 /* FIXME: how about if we overflow the page here? */ 1465 for (i = 0; i < max_cpus; i++) { 1466 rc = xenevtchn_bind_interdomain(state->xce_handle, xen_domid, 1467 xen_vcpu_eport(state->shared_page, i)); 1468 if (rc == -1) { 1469 error_report("shared evtchn %d bind error %d", i, errno); 1470 goto err; 1471 } 1472 state->ioreq_local_port[i] = rc; 1473 } 1474 1475 rc = xenevtchn_bind_interdomain(state->xce_handle, xen_domid, 1476 state->bufioreq_remote_port); 1477 if (rc == -1) { 1478 error_report("buffered evtchn bind error %d", errno); 1479 goto err; 1480 } 1481 state->bufioreq_local_port = rc; 1482 1483 /* Init RAM management */ 1484 #ifdef XEN_COMPAT_PHYSMAP 1485 xen_map_cache_init(xen_phys_offset_to_gaddr, state); 1486 #else 1487 xen_map_cache_init(NULL, state); 1488 #endif 1489 xen_ram_init(pcms, ms->ram_size, ram_memory); 1490 1491 qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state); 1492 1493 state->memory_listener = xen_memory_listener; 1494 memory_listener_register(&state->memory_listener, &address_space_memory); 1495 state->log_for_dirtybit = NULL; 1496 1497 state->io_listener = xen_io_listener; 1498 memory_listener_register(&state->io_listener, &address_space_io); 1499 1500 state->device_listener = xen_device_listener; 1501 QLIST_INIT(&state->dev_list); 1502 device_listener_register(&state->device_listener); 1503 1504 xen_bus_init(); 1505 1506 /* Initialize backend core & drivers */ 1507 if (xen_be_init() != 0) { 1508 error_report("xen backend core setup failed"); 1509 goto err; 1510 } 1511 xen_be_register_common(); 1512 1513 QLIST_INIT(&xen_physmap); 1514 xen_read_physmap(state); 1515 1516 /* Disable ACPI build because Xen handles it */ 1517 pcms->acpi_build_enabled = false; 1518 1519 return; 1520 1521 err: 1522 error_report("xen hardware virtual machine initialisation failed"); 1523 exit(1); 1524 } 1525 1526 void destroy_hvm_domain(bool reboot) 1527 { 1528 xc_interface *xc_handle; 1529 int sts; 1530 int rc; 1531 1532 unsigned int reason = reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff; 1533 1534 if (xen_dmod) { 1535 rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason); 1536 if (!rc) { 1537 return; 1538 } 1539 if (errno != ENOTTY /* old Xen */) { 1540 perror("xendevicemodel_shutdown failed"); 1541 } 1542 /* well, try the old thing then */ 1543 } 1544 1545 xc_handle = xc_interface_open(0, 0, 0); 1546 if (xc_handle == NULL) { 1547 fprintf(stderr, "Cannot acquire xenctrl handle\n"); 1548 } else { 1549 sts = xc_domain_shutdown(xc_handle, xen_domid, reason); 1550 if (sts != 0) { 1551 fprintf(stderr, "xc_domain_shutdown failed to issue %s, " 1552 "sts %d, %s\n", reboot ? "reboot" : "poweroff", 1553 sts, strerror(errno)); 1554 } else { 1555 fprintf(stderr, "Issued domain %d %s\n", xen_domid, 1556 reboot ? "reboot" : "poweroff"); 1557 } 1558 xc_interface_close(xc_handle); 1559 } 1560 } 1561 1562 void xen_register_framebuffer(MemoryRegion *mr) 1563 { 1564 framebuffer = mr; 1565 } 1566 1567 void xen_shutdown_fatal_error(const char *fmt, ...) 1568 { 1569 va_list ap; 1570 1571 va_start(ap, fmt); 1572 vfprintf(stderr, fmt, ap); 1573 va_end(ap); 1574 fprintf(stderr, "Will destroy the domain.\n"); 1575 /* destroy the domain */ 1576 qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR); 1577 } 1578 1579 void xen_hvm_modified_memory(ram_addr_t start, ram_addr_t length) 1580 { 1581 if (unlikely(xen_in_migration)) { 1582 int rc; 1583 ram_addr_t start_pfn, nb_pages; 1584 1585 start = xen_phys_offset_to_gaddr(start, length); 1586 1587 if (length == 0) { 1588 length = TARGET_PAGE_SIZE; 1589 } 1590 start_pfn = start >> TARGET_PAGE_BITS; 1591 nb_pages = ((start + length + TARGET_PAGE_SIZE - 1) >> TARGET_PAGE_BITS) 1592 - start_pfn; 1593 rc = xen_modified_memory(xen_domid, start_pfn, nb_pages); 1594 if (rc) { 1595 fprintf(stderr, 1596 "%s failed for "RAM_ADDR_FMT" ("RAM_ADDR_FMT"): %i, %s\n", 1597 __func__, start, nb_pages, errno, strerror(errno)); 1598 } 1599 } 1600 } 1601 1602 void qmp_xen_set_global_dirty_log(bool enable, Error **errp) 1603 { 1604 if (enable) { 1605 memory_global_dirty_log_start(GLOBAL_DIRTY_MIGRATION); 1606 } else { 1607 memory_global_dirty_log_stop(GLOBAL_DIRTY_MIGRATION); 1608 } 1609 }