Commit ad9a8612 authored by Jeremy Fitzhardinge's avatar Jeremy Fitzhardinge Committed by Jeremy Fitzhardinge

xen: Add grant table support

Add Xen 'grant table' driver which allows granting of access to
selected local memory pages by other virtual machines and,
symmetrically, the mapping of remote memory pages which other virtual
machines have granted access to.

This driver is a prerequisite for many of the Xen virtual device
drivers, which grant the 'device driver domain' restricted and
temporary access to only those memory pages that are currently
involved in I/O operations.
Signed-off-by: default avatarJeremy Fitzhardinge <jeremy@xensource.com>
Signed-off-by: default avatarIan Pratt <ian.pratt@xensource.com>
Signed-off-by: default avatarChristian Limpach <Christian.Limpach@cl.cam.ac.uk>
Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
parent b536b4b9
...@@ -15,6 +15,8 @@ obj-$(CONFIG_ACPI) += acpi/ ...@@ -15,6 +15,8 @@ obj-$(CONFIG_ACPI) += acpi/
obj-$(CONFIG_PNP) += pnp/ obj-$(CONFIG_PNP) += pnp/
obj-$(CONFIG_ARM_AMBA) += amba/ obj-$(CONFIG_ARM_AMBA) += amba/
obj-$(CONFIG_XEN) += xen/
# char/ comes before serial/ etc so that the VT console is the boot-time # char/ comes before serial/ etc so that the VT console is the boot-time
# default. # default.
obj-y += char/ obj-y += char/
......
obj-y += grant-table.o
This diff is collapsed.
/******************************************************************************
* grant_table.h
*
* Two sets of functionality:
* 1. Granting foreign access to our memory reservation.
* 2. Accessing others' memory reservations via grant references.
* (i.e., mechanisms for both sender and recipient of grant references)
*
* Copyright (c) 2004-2005, K A Fraser
* Copyright (c) 2005, Christopher Clark
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation; or, when distributed
* separately from the Linux kernel or incorporated into other
* software packages, subject to the following license:
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this source file (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy, modify,
* merge, publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*/
#ifndef __ASM_GNTTAB_H__
#define __ASM_GNTTAB_H__
#include <asm/xen/hypervisor.h>
#include <xen/interface/grant_table.h>
/* NR_GRANT_FRAMES must be less than or equal to that configured in Xen */
#define NR_GRANT_FRAMES 4
struct gnttab_free_callback {
struct gnttab_free_callback *next;
void (*fn)(void *);
void *arg;
u16 count;
};
int gnttab_grant_foreign_access(domid_t domid, unsigned long frame,
int readonly);
/*
* End access through the given grant reference, iff the grant entry is no
* longer in use. Return 1 if the grant entry was freed, 0 if it is still in
* use.
*/
int gnttab_end_foreign_access_ref(grant_ref_t ref, int readonly);
/*
* Eventually end access through the given grant reference, and once that
* access has been ended, free the given page too. Access will be ended
* immediately iff the grant entry is not in use, otherwise it will happen
* some time later. page may be 0, in which case no freeing will occur.
*/
void gnttab_end_foreign_access(grant_ref_t ref, int readonly,
unsigned long page);
int gnttab_grant_foreign_transfer(domid_t domid, unsigned long pfn);
unsigned long gnttab_end_foreign_transfer_ref(grant_ref_t ref);
unsigned long gnttab_end_foreign_transfer(grant_ref_t ref);
int gnttab_query_foreign_access(grant_ref_t ref);
/*
* operations on reserved batches of grant references
*/
int gnttab_alloc_grant_references(u16 count, grant_ref_t *pprivate_head);
void gnttab_free_grant_reference(grant_ref_t ref);
void gnttab_free_grant_references(grant_ref_t head);
int gnttab_empty_grant_references(const grant_ref_t *pprivate_head);
int gnttab_claim_grant_reference(grant_ref_t *pprivate_head);
void gnttab_release_grant_reference(grant_ref_t *private_head,
grant_ref_t release);
void gnttab_request_free_callback(struct gnttab_free_callback *callback,
void (*fn)(void *), void *arg, u16 count);
void gnttab_cancel_free_callback(struct gnttab_free_callback *callback);
void gnttab_grant_foreign_access_ref(grant_ref_t ref, domid_t domid,
unsigned long frame, int readonly);
void gnttab_grant_foreign_transfer_ref(grant_ref_t, domid_t domid,
unsigned long pfn);
#define gnttab_map_vaddr(map) ((void *)(map.host_virt_addr))
#endif /* __ASM_GNTTAB_H__ */
...@@ -4,6 +4,24 @@ ...@@ -4,6 +4,24 @@
* Interface for granting foreign access to page frames, and receiving * Interface for granting foreign access to page frames, and receiving
* page-ownership transfers. * page-ownership transfers.
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
* deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
* Copyright (c) 2004, K A Fraser * Copyright (c) 2004, K A Fraser
*/ */
...@@ -17,7 +35,7 @@ ...@@ -17,7 +35,7 @@
/* Some rough guidelines on accessing and updating grant-table entries /* Some rough guidelines on accessing and updating grant-table entries
* in a concurrency-safe manner. For more information, Linux contains a * in a concurrency-safe manner. For more information, Linux contains a
* reference implementation for guest OSes (arch/i386/mach-xen/grant_table.c). * reference implementation for guest OSes (arch/xen/kernel/grant_table.c).
* *
* NB. WMB is a no-op on current-generation x86 processors. However, a * NB. WMB is a no-op on current-generation x86 processors. However, a
* compiler barrier will still be required. * compiler barrier will still be required.
...@@ -144,9 +162,9 @@ typedef uint32_t grant_handle_t; ...@@ -144,9 +162,9 @@ typedef uint32_t grant_handle_t;
* that must be presented later to destroy the mapping(s). On error, <handle> * that must be presented later to destroy the mapping(s). On error, <handle>
* is a negative status code. * is a negative status code.
* NOTES: * NOTES:
* 1. If GNTPIN_map_for_dev is specified then <dev_bus_addr> is the address * 1. If GNTMAP_device_map is specified then <dev_bus_addr> is the address
* via which I/O devices may access the granted frame. * via which I/O devices may access the granted frame.
* 2. If GNTPIN_map_for_host is specified then a mapping will be added at * 2. If GNTMAP_host_map is specified then a mapping will be added at
* either a host virtual address in the current address space, or at * either a host virtual address in the current address space, or at
* a PTE at the specified machine address. The type of mapping to * a PTE at the specified machine address. The type of mapping to
* perform is selected through the GNTMAP_contains_pte flag, and the * perform is selected through the GNTMAP_contains_pte flag, and the
...@@ -167,7 +185,6 @@ struct gnttab_map_grant_ref { ...@@ -167,7 +185,6 @@ struct gnttab_map_grant_ref {
grant_handle_t handle; grant_handle_t handle;
uint64_t dev_bus_addr; uint64_t dev_bus_addr;
}; };
DEFINE_GUEST_HANDLE_STRUCT(gnttab_map_grant_ref);
/* /*
* GNTTABOP_unmap_grant_ref: Destroy one or more grant-reference mappings * GNTTABOP_unmap_grant_ref: Destroy one or more grant-reference mappings
...@@ -189,7 +206,6 @@ struct gnttab_unmap_grant_ref { ...@@ -189,7 +206,6 @@ struct gnttab_unmap_grant_ref {
/* OUT parameters. */ /* OUT parameters. */
int16_t status; /* GNTST_* */ int16_t status; /* GNTST_* */
}; };
DEFINE_GUEST_HANDLE_STRUCT(gnttab_unmap_grant_ref);
/* /*
* GNTTABOP_setup_table: Set up a grant table for <dom> comprising at least * GNTTABOP_setup_table: Set up a grant table for <dom> comprising at least
...@@ -207,9 +223,8 @@ struct gnttab_setup_table { ...@@ -207,9 +223,8 @@ struct gnttab_setup_table {
uint32_t nr_frames; uint32_t nr_frames;
/* OUT parameters. */ /* OUT parameters. */
int16_t status; /* GNTST_* */ int16_t status; /* GNTST_* */
GUEST_HANDLE(ulong) frame_list; ulong *frame_list;
}; };
DEFINE_GUEST_HANDLE_STRUCT(gnttab_setup_table);
/* /*
* GNTTABOP_dump_table: Dump the contents of the grant table to the * GNTTABOP_dump_table: Dump the contents of the grant table to the
...@@ -222,7 +237,6 @@ struct gnttab_dump_table { ...@@ -222,7 +237,6 @@ struct gnttab_dump_table {
/* OUT parameters. */ /* OUT parameters. */
int16_t status; /* GNTST_* */ int16_t status; /* GNTST_* */
}; };
DEFINE_GUEST_HANDLE_STRUCT(gnttab_dump_table);
/* /*
* GNTTABOP_transfer_grant_ref: Transfer <frame> to a foreign domain. The * GNTTABOP_transfer_grant_ref: Transfer <frame> to a foreign domain. The
...@@ -241,7 +255,65 @@ struct gnttab_transfer { ...@@ -241,7 +255,65 @@ struct gnttab_transfer {
/* OUT parameters. */ /* OUT parameters. */
int16_t status; int16_t status;
}; };
DEFINE_GUEST_HANDLE_STRUCT(gnttab_transfer);
/*
* GNTTABOP_copy: Hypervisor based copy
* source and destinations can be eithers MFNs or, for foreign domains,
* grant references. the foreign domain has to grant read/write access
* in its grant table.
*
* The flags specify what type source and destinations are (either MFN
* or grant reference).
*
* Note that this can also be used to copy data between two domains
* via a third party if the source and destination domains had previously
* grant appropriate access to their pages to the third party.
*
* source_offset specifies an offset in the source frame, dest_offset
* the offset in the target frame and len specifies the number of
* bytes to be copied.
*/
#define _GNTCOPY_source_gref (0)
#define GNTCOPY_source_gref (1<<_GNTCOPY_source_gref)
#define _GNTCOPY_dest_gref (1)
#define GNTCOPY_dest_gref (1<<_GNTCOPY_dest_gref)
#define GNTTABOP_copy 5
struct gnttab_copy {
/* IN parameters. */
struct {
union {
grant_ref_t ref;
unsigned long gmfn;
} u;
domid_t domid;
uint16_t offset;
} source, dest;
uint16_t len;
uint16_t flags; /* GNTCOPY_* */
/* OUT parameters. */
int16_t status;
};
/*
* GNTTABOP_query_size: Query the current and maximum sizes of the shared
* grant table.
* NOTES:
* 1. <dom> may be specified as DOMID_SELF.
* 2. Only a sufficiently-privileged domain may specify <dom> != DOMID_SELF.
*/
#define GNTTABOP_query_size 6
struct gnttab_query_size {
/* IN parameters. */
domid_t dom;
/* OUT parameters. */
uint32_t nr_frames;
uint32_t max_nr_frames;
int16_t status; /* GNTST_* */
};
/* /*
* Bitfield values for update_pin_status.flags. * Bitfield values for update_pin_status.flags.
...@@ -284,6 +356,7 @@ DEFINE_GUEST_HANDLE_STRUCT(gnttab_transfer); ...@@ -284,6 +356,7 @@ DEFINE_GUEST_HANDLE_STRUCT(gnttab_transfer);
#define GNTST_no_device_space (-7) /* Out of space in I/O MMU. */ #define GNTST_no_device_space (-7) /* Out of space in I/O MMU. */
#define GNTST_permission_denied (-8) /* Not enough privilege for operation. */ #define GNTST_permission_denied (-8) /* Not enough privilege for operation. */
#define GNTST_bad_page (-9) /* Specified page was invalid for op. */ #define GNTST_bad_page (-9) /* Specified page was invalid for op. */
#define GNTST_bad_copy_arg (-10) /* copy arguments cross page boundary */
#define GNTTABOP_error_msgs { \ #define GNTTABOP_error_msgs { \
"okay", \ "okay", \
...@@ -295,7 +368,8 @@ DEFINE_GUEST_HANDLE_STRUCT(gnttab_transfer); ...@@ -295,7 +368,8 @@ DEFINE_GUEST_HANDLE_STRUCT(gnttab_transfer);
"invalid device address", \ "invalid device address", \
"no spare translation slot in the I/O MMU", \ "no spare translation slot in the I/O MMU", \
"permission denied", \ "permission denied", \
"bad page" \ "bad page", \
"copy arguments cross page boundary" \
} }
#endif /* __XEN_PUBLIC_GRANT_TABLE_H__ */ #endif /* __XEN_PUBLIC_GRANT_TABLE_H__ */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment