From patchwork Wed Oct 22 16:40:35 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Stabellini X-Patchwork-Id: 39323 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f200.google.com (mail-wi0-f200.google.com [209.85.212.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 64927202DB for ; Wed, 22 Oct 2014 16:44:37 +0000 (UTC) Received: by mail-wi0-f200.google.com with SMTP id bs8sf885992wib.7 for ; Wed, 22 Oct 2014 09:44:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:mime-version:cc:subject:precedence:list-id :list-unsubscribe:list-post:list-help:list-subscribe:sender :errors-to:x-original-sender:x-original-authentication-results :mailing-list:list-archive:content-type:content-transfer-encoding; bh=XFcEvdSBEYIcP8u/HxJN9yWkYUE45OgoTDpdZY+gspg=; b=Ktah4/sc/eOaQRGcWUdSSCz1SFrqtB6wTsJDrzx4neH7QhyKI1OIjEC4y5LjeJzOL5 eTN/QmT4f66Vc+zdyvqegjf8QXYgvYKNe+Eg9EpKaDoIYJIl3/sYPzp228JfQYEUIRBO R7UDHiaOFmWX/0K4mPBgv5qUbF7G/Jvn0vWN5vFng5yktb+J/4MROM4cBD3QER6BoCj7 R79f6MQQPduz27jzSVTldMSorMUQBvdYhoPNzyl/EeT2oOEBgBboEf8qA90nVRP7vcxt +Gbl147RBIxmIpP/wx3vi/zQ0VNMcUTGR7OWDG0ZzoPlwtJV0ebnmDDjRgPb6busugAM rxrg== X-Gm-Message-State: ALoCoQlDxjzQmVf+Bl1AIUSLjsvF62Y9GQ8Qv99qNLNPSTMDa1llnoH26d0FYFAQFcyQDGV90PV5 X-Received: by 10.152.6.4 with SMTP id w4mr407541law.7.1413996276588; Wed, 22 Oct 2014 09:44:36 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.30.40 with SMTP id p8ls186018lah.106.gmail; Wed, 22 Oct 2014 09:44:36 -0700 (PDT) X-Received: by 10.112.130.41 with SMTP id ob9mr42030205lbb.74.1413996276401; Wed, 22 Oct 2014 09:44:36 -0700 (PDT) Received: from mail-lb0-f180.google.com (mail-lb0-f180.google.com. [209.85.217.180]) by mx.google.com with ESMTPS id s6si24006892laj.90.2014.10.22.09.44.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 22 Oct 2014 09:44:36 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.180 as permitted sender) client-ip=209.85.217.180; Received: by mail-lb0-f180.google.com with SMTP id n15so3182471lbi.11 for ; Wed, 22 Oct 2014 09:44:36 -0700 (PDT) X-Received: by 10.152.116.102 with SMTP id jv6mr31610181lab.40.1413996276229; Wed, 22 Oct 2014 09:44:36 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.84.229 with SMTP id c5csp110740lbz; Wed, 22 Oct 2014 09:44:35 -0700 (PDT) X-Received: by 10.224.125.129 with SMTP id y1mr57446299qar.75.1413996274811; Wed, 22 Oct 2014 09:44:34 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id l64si13910534qgf.18.2014.10.22.09.44.34 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 22 Oct 2014 09:44:34 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Xgz0g-0004NW-0s; Wed, 22 Oct 2014 16:43:42 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Xgz0f-0004Mc-8a for xen-devel@lists.xensource.com; Wed, 22 Oct 2014 16:43:41 +0000 Received: from [193.109.254.147:23095] by server-12.bemta-14.messagelabs.com id EF/72-01461-CBED7445; Wed, 22 Oct 2014 16:43:40 +0000 X-Env-Sender: Stefano.Stabellini@citrix.com X-Msg-Ref: server-12.tower-27.messagelabs.com!1413996217!11904706!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n X-StarScan-Received: X-StarScan-Version: 6.12.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 5292 invoked from network); 22 Oct 2014 16:43:39 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-12.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 22 Oct 2014 16:43:39 -0000 X-IronPort-AV: E=Sophos;i="5.04,769,1406592000"; d="scan'208";a="183924878" Received: from ukmail1.uk.xensource.com (10.80.16.128) by smtprelay.citrix.com (10.13.107.78) with Microsoft SMTP Server id 14.3.181.6; Wed, 22 Oct 2014 12:43:10 -0400 Received: from kaball.uk.xensource.com ([10.80.2.59]) by ukmail1.uk.xensource.com with esmtp (Exim 4.69) (envelope-from ) id 1Xgz05-0001kp-E3; Wed, 22 Oct 2014 17:43:05 +0100 From: Stefano Stabellini To: Date: Wed, 22 Oct 2014 17:40:35 +0100 Message-ID: <1413996037-2747-6-git-send-email-stefano.stabellini@eu.citrix.com> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: References: MIME-Version: 1.0 X-DLP: MIA2 Cc: julien.grall@citrix.com, Ian.Campbell@citrix.com, JBeulich@suse.com, Stefano Stabellini Subject: [Xen-devel] [PATCH v11 6/8] xen/arm: introduce GNTTABOP_cache_flush X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: stefano.stabellini@eu.citrix.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.180 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: Introduce a new hypercall to perform cache maintenance operation on behalf of the guest. The argument is a machine address and a size. The implementation checks that the memory range is owned by the guest or the guest has been granted access to it by another domain. Introduce grant_map_exists: an internal grant table function to check whether an mfn has been granted to a given domain on a target grant table. Check hypercall_preempt_check() every 4096 iterations in the implementation of grant_map_exists. Use the top 20 bits of the GNTTABOP cmd encoding to save the last ref across the hypercall continuation. Signed-off-by: Stefano Stabellini --- Changes in v11: - make ref and max_iter unsigned int; - remove useless initializations of ret to 0; - check that cflush->op is valid; - BUG() later on if cflush->op is invalid; - fix blank lines; - remove comment. Changes in v10: - add a comment on dev_bus_addr; - remove comment on max GNTTABOP; - break long lines; - remove ref_count local variable; - use unsigned int* instead of grant_ref_t* as arguments. Changes in v9: - grant_map_exists: calculate max iteration before the loop; - do_grant_table_op: avoid shifts, use masks instead; - set GNTTABOP_CONTINUATION_ARG_SHIFT to 12; - remove MAX_GRANT_ENTRIES_ITER_SHIFT, use GNTTABOP_CONTINUATION_ARG_SHIFT; - move GNTTABOP_CMD_MASK and GNTTABOP_CONTINUATION_ARG_SHIFT to grant_table.c. Changes in v8: - avoid security issues, use two separate opaque variables to store the input argument and the output argument; - fix return values of grant_map_exists; - rename CMD_MASK to GNTTABOP_CMD_MASK; - rename OPAQUE_CONTINUATION_ARG_SHIFT to GNTTABOP_CONTINUATION_ARG_SHIFT; - save in the opaque argument the shifted ref_count; - set GNTTABOP_CONTINUATION_ARG_SHIFT to 20 and MAX_GRANT_ENTRIES_ITER_SHIFT to 12, to cover the full grant_ref_t value range; - move GNTTABOP_CONTINUATION_ARG_SHIFT and GNTTABOP_CMD_MASK to include/xen/grant_table.h; - cmd &= GNTTABOP_CMD_MASK in the compat wrapper. Changes in v7: - remove warning message; - prefix second line of the warning with XENLOG_WARNING; - do not lower DEFAULT_MAX_NR_GRANT_FRAMES; - no long lines; - interrupt loops in grant_map_exists with more than 2048 iterations, create an hypercall continuation if necessary. Changes in v6: - set DEFAULT_MAX_NR_GRANT_FRAMES to 10; - warn if max_grant_frames > 10. Changes in v5: - make mfn mfn unsigned long; - remove unhelpful error message; - handle errors returned by cache maintenance functions. Changes in v4: - ASSERT(spin_is_locked); - return instead of break in grant_map_exists; - pass a pointer to __gnttab_cache_flush; - code style; - unsigned int iterator in gnttab_cache_flush; - return ret instead -ret; - cflush.offset >= PAGE_SIZE return -EINVAL. Changes in v3: - reduce the time the grant_table lock is held; - fix warning message; - s/EFAULT/EPERM; - s/llx/PRIx64; - check offset and size independetly before checking their sum; - rcu_lock_current_domain cannot fail; - s/ENOSYS/EOPNOTSUPP; - use clean_and_invalidate_xen_dcache_va_range to do both operations at once; - fold grant_map_exists in this patch; - support "count" argument; - make correspondent changes to compat/grant_table.c; - introduce GNTTAB_CACHE_SOURCE_GREF to select the type of input in the union; - rename size field to length; - make length and offset uint16_t; - only take spin_lock if d != owner. Changes in v2: - do not check for mfn_to_page errors; - take a reference to the page; - replace printk with gdprintk; - split long line; - remove out label; - move rcu_lock_current_domain down before the loop. - move the hypercall to GNTTABOP; - take a spin_lock before calling grant_map_exists. --- xen/common/compat/grant_table.c | 15 +++- xen/common/grant_table.c | 173 +++++++++++++++++++++++++++++++++++++- xen/include/public/grant_table.h | 20 +++++ xen/include/xlat.lst | 1 + 4 files changed, 203 insertions(+), 6 deletions(-) diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index 2dc1e44..0368289 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -51,16 +51,21 @@ CHECK_gnttab_get_version; CHECK_gnttab_swap_grant_ref; #undef xen_gnttab_swap_grant_ref +#define xen_gnttab_cache_flush gnttab_cache_flush +CHECK_gnttab_cache_flush; +#undef xen_gnttab_cache_flush + int compat_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) cmp_uop, unsigned int count) { int rc = 0; - unsigned int i; + unsigned int i, cmd_op; XEN_GUEST_HANDLE_PARAM(void) cnt_uop; set_xen_guest_handle(cnt_uop, NULL); - switch ( cmd ) + cmd_op = cmd & GNTTABOP_CMD_MASK; + switch ( cmd_op ) { #define CASE(name) \ case GNTTABOP_##name: \ @@ -106,6 +111,10 @@ int compat_grant_table_op(unsigned int cmd, CASE(swap_grant_ref); #endif +#ifndef CHECK_gnttab_cache_flush + CASE(cache_flush); +#endif + #undef CASE default: return do_grant_table_op(cmd, cmp_uop, count); @@ -132,7 +141,7 @@ int compat_grant_table_op(unsigned int cmd, } cmp; set_xen_guest_handle(nat.uop, COMPAT_ARG_XLAT_VIRT_BASE); - switch ( cmd ) + switch ( cmd_op ) { case GNTTABOP_setup_table: if ( unlikely(count > 1) ) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index f9a9b44..9b1c338 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -62,6 +62,11 @@ integer_param("gnttab_max_frames", max_grant_frames); static unsigned int __read_mostly max_maptrack_frames; integer_param("gnttab_max_maptrack_frames", max_maptrack_frames); + +#define GNTTABOP_CONTINUATION_ARG_SHIFT 12 +#define GNTTABOP_CMD_MASK ((1<lock)); + + max_iter = min(*ref_count + (1 << GNTTABOP_CONTINUATION_ARG_SHIFT), + nr_grant_entries(rgt)); + for ( ref = *ref_count; ref < max_iter; ref++ ) + { + act = &active_entry(rgt, ref); + + if ( !act->pin ) + continue; + + if ( act->domid != ld->domain_id ) + continue; + + if ( act->frame != mfn ) + continue; + + return 0; + } + + if ( ref < nr_grant_entries(rgt) ) + { + *ref_count = ref; + return 1; + } + + return -EINVAL; +} + static void mapcount( struct grant_table *lgt, struct domain *rd, unsigned long mfn, unsigned int *wrc, unsigned int *rdc) @@ -2488,16 +2530,124 @@ gnttab_swap_grant_ref(XEN_GUEST_HANDLE_PARAM(gnttab_swap_grant_ref_t) uop, return 0; } +static int __gnttab_cache_flush(gnttab_cache_flush_t *cflush, + unsigned int *ref_count) +{ + struct domain *d, *owner; + struct page_info *page; + unsigned long mfn; + void *v; + int ret; + + if ( (cflush->offset >= PAGE_SIZE) || + (cflush->length > PAGE_SIZE) || + (cflush->offset + cflush->length > PAGE_SIZE) ) + return -EINVAL; + + if ( cflush->length == 0 || cflush->op == 0 ) + return 0; + + /* currently unimplemented */ + if ( cflush->op & GNTTAB_CACHE_SOURCE_GREF ) + return -EOPNOTSUPP; + + if ( !(cflush->op & (GNTTAB_CACHE_INVAL|GNTTAB_CACHE_CLEAN)) || + (cflush->op & ~(GNTTAB_CACHE_INVAL|GNTTAB_CACHE_CLEAN)) ) + return -EINVAL; + + d = rcu_lock_current_domain(); + mfn = cflush->a.dev_bus_addr >> PAGE_SHIFT; + + if ( !mfn_valid(mfn) ) + { + rcu_unlock_domain(d); + return -EINVAL; + } + + page = mfn_to_page(mfn); + owner = page_get_owner_and_reference(page); + if ( !owner ) + { + rcu_unlock_domain(d); + return -EPERM; + } + + if ( d != owner ) + { + spin_lock(&owner->grant_table->lock); + + ret = grant_map_exists(d, owner->grant_table, mfn, ref_count); + if ( ret != 0 ) + { + spin_unlock(&owner->grant_table->lock); + rcu_unlock_domain(d); + put_page(page); + return ret; + } + } + + v = map_domain_page(mfn); + v += cflush->offset; + + if ( (cflush->op & GNTTAB_CACHE_INVAL) && (cflush->op & GNTTAB_CACHE_CLEAN) ) + ret = clean_and_invalidate_dcache_va_range(v, cflush->length); + else if ( cflush->op & GNTTAB_CACHE_INVAL ) + ret = invalidate_dcache_va_range(v, cflush->length); + else if ( cflush->op & GNTTAB_CACHE_CLEAN ) + ret = clean_dcache_va_range(v, cflush->length); + else + BUG(); + + if ( d != owner ) + spin_unlock(&owner->grant_table->lock); + unmap_domain_page(v); + put_page(page); + + return ret; +} + +static long +gnttab_cache_flush(XEN_GUEST_HANDLE_PARAM(gnttab_cache_flush_t) uop, + unsigned int *ref_count, + unsigned int count) +{ + int ret; + unsigned int i; + gnttab_cache_flush_t op; + + for ( i = 0; i < count; i++ ) + { + if ( i && hypercall_preempt_check() ) + return i; + if ( unlikely(__copy_from_guest(&op, uop, 1)) ) + return -EFAULT; + do { + ret = __gnttab_cache_flush(&op, ref_count); + if ( ret < 0 ) + return ret; + if ( ret > 0 && hypercall_preempt_check() ) + return i; + } while ( ret > 0 ); + *ref_count = 0; + guest_handle_add_offset(uop, 1); + } + return 0; +} + long do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { long rc; + unsigned int opaque_in = 0, opaque_out = 0; if ( (int)count < 0 ) return -EINVAL; rc = -EFAULT; + + opaque_in = cmd & GNTTABOP_ARG_MASK; + cmd &= GNTTABOP_CMD_MASK; switch ( cmd ) { case GNTTABOP_map_grant_ref: @@ -2617,17 +2767,34 @@ do_grant_table_op( } break; } + case GNTTABOP_cache_flush: + { + XEN_GUEST_HANDLE_PARAM(gnttab_cache_flush_t) cflush = + guest_handle_cast(uop, gnttab_cache_flush_t); + + if ( unlikely(!guest_handle_okay(cflush, count)) ) + goto out; + rc = gnttab_cache_flush(cflush, &opaque_in, count); + if ( rc > 0 ) + { + guest_handle_add_offset(cflush, rc); + uop = guest_handle_cast(cflush, void); + } + opaque_out = opaque_in; + break; + } default: rc = -ENOSYS; break; } out: - if ( rc > 0 ) + if ( rc > 0 || opaque_out != 0 ) { ASSERT(rc < count); - rc = hypercall_create_continuation(__HYPERVISOR_grant_table_op, - "ihi", cmd, uop, count - rc); + ASSERT((opaque_out & GNTTABOP_CMD_MASK) == 0); + rc = hypercall_create_continuation(__HYPERVISOR_grant_table_op, "ihi", + opaque_out | cmd, uop, count - rc); } return rc; diff --git a/xen/include/public/grant_table.h b/xen/include/public/grant_table.h index b8a3d6c..20d4e77 100644 --- a/xen/include/public/grant_table.h +++ b/xen/include/public/grant_table.h @@ -309,6 +309,7 @@ typedef uint16_t grant_status_t; #define GNTTABOP_get_status_frames 9 #define GNTTABOP_get_version 10 #define GNTTABOP_swap_grant_ref 11 +#define GNTTABOP_cache_flush 12 #endif /* __XEN_INTERFACE_VERSION__ */ /* ` } */ @@ -574,6 +575,25 @@ struct gnttab_swap_grant_ref { typedef struct gnttab_swap_grant_ref gnttab_swap_grant_ref_t; DEFINE_XEN_GUEST_HANDLE(gnttab_swap_grant_ref_t); +/* + * Issue one or more cache maintenance operations on a portion of a + * page granted to the calling domain by a foreign domain. + */ +struct gnttab_cache_flush { + union { + uint64_t dev_bus_addr; + grant_ref_t ref; + } a; + uint16_t offset; /* offset from start of grant */ + uint16_t length; /* size within the grant */ +#define GNTTAB_CACHE_CLEAN (1<<0) +#define GNTTAB_CACHE_INVAL (1<<1) +#define GNTTAB_CACHE_SOURCE_GREF (1<<31) + uint32_t op; +}; +typedef struct gnttab_cache_flush gnttab_cache_flush_t; +DEFINE_XEN_GUEST_HANDLE(gnttab_cache_flush_t); + #endif /* __XEN_INTERFACE_VERSION__ */ /* diff --git a/xen/include/xlat.lst b/xen/include/xlat.lst index 234b668..9ce9fee 100644 --- a/xen/include/xlat.lst +++ b/xen/include/xlat.lst @@ -51,6 +51,7 @@ ? grant_entry_header grant_table.h ? grant_entry_v2 grant_table.h ? gnttab_swap_grant_ref grant_table.h +? gnttab_cache_flush grant_table.h ? kexec_exec kexec.h ! kexec_image kexec.h ! kexec_range kexec.h