[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 05/25] argo: Add initial argo_init and argo_destroy
Initialises basic data structures and performs teardown of argo state for domain shutdown. Introduces headers: <public/argo.h> with definions of addresses and ring structure, including indexes for atomic update for communication between domain and hypervisor, and <xen/argo.h> to support hooking init and destroy into domain lifecycle. If CONFIG_ARGO is enabled: Adds per-domain init of argo data structures to domain_create by calling argo_init, and similarly adds teardown via argo_destroy into domain_destroy and the error exit path of domain_create. argo_init allocates an event channel for use for signalling to the domain. The event channel is of type IPI since that behaves in the required way; unbound event channels are unsuitable since they silently drop events. The only disadvantage of the IPI type is that the channel cannot be rebound to any other VCPU; that seems to be tolerable and avoids introducing any further changes to add another channel type. In accordance with recent work on _domain_destroy, argo_destroy is idempotent. Adds two new fields to struct domain: rwlock_t argo_lock; struct argo_domain *argo; Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx> --- xen/common/argo.c | 277 +++++++++++++++++++++++++++++++++++++++++++++- xen/common/domain.c | 15 +++ xen/include/public/argo.h | 55 +++++++++ xen/include/xen/argo.h | 30 +++++ xen/include/xen/sched.h | 7 ++ 5 files changed, 383 insertions(+), 1 deletion(-) create mode 100644 xen/include/public/argo.h create mode 100644 xen/include/xen/argo.h diff --git a/xen/common/argo.c b/xen/common/argo.c index 6917f98..1872d37 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -17,7 +17,101 @@ */ #include <xen/errno.h> +#include <xen/sched.h> +#include <xen/domain.h> +#include <xen/argo.h> +#include <xen/event.h> +#include <xen/domain_page.h> #include <xen/guest_access.h> +#include <xen/time.h> + +DEFINE_XEN_GUEST_HANDLE(argo_addr_t); +DEFINE_XEN_GUEST_HANDLE(argo_ring_t); + +struct argo_pending_ent +{ + struct hlist_node node; + domid_t id; + uint32_t len; +}; + +struct argo_ring_info +{ + /* next node in the hash, protected by L2 */ + struct hlist_node node; + /* this ring's id, protected by L2 */ + argo_ring_id_t id; + /* used to confirm sender id, protected by L2 */ + uint64_t partner_cookie; + /* L3 */ + spinlock_t lock; + /* cached length of the ring (from ring->len), protected by L3 */ + uint32_t len; + /* number of pages in the ring, protected by L3 */ + uint32_t npage; + /* number of pages translated into mfns, protected by L3 */ + uint32_t nmfns; + /* cached tx pointer location, protected by L3 */ + uint32_t tx_ptr; + /* mapped ring pages protected by L3 */ + uint8_t **mfn_mapping; + /* list of mfns of guest ring, protected by L3 */ + mfn_t *mfns; + /* list of struct argo_pending_ent for this ring, protected by L3 */ + struct hlist_head pending; +}; + +/* + * The value of the argo element in a struct domain is + * protected by the global lock argo_lock: L1 + */ +#define ARGO_HTABLE_SIZE 32 +struct argo_domain +{ + /* L2 */ + rwlock_t lock; + /* event channel */ + evtchn_port_t evtchn_port; + /* protected by L2 */ + struct hlist_head ring_hash[ARGO_HTABLE_SIZE]; + /* id cookie, written only at init, so readable with R(L1) */ + uint64_t domain_cookie; +}; + +/* + * locks + */ + +/* + * locking is organized as follows: + * + * L1 : The global lock: argo_lock + * Protects the argo elements of all struct domain *d in the system. + * It does not protect any of the elements of d->argo, only their + * addresses. + * By extension since the destruction of a domain with a non-NULL + * d->argo will need to free the d->argo pointer, holding this lock + * guarantees that no domains pointers that argo is interested in + * become invalid whilst this lock is held. + */ + +static DEFINE_RWLOCK(argo_lock); /* L1 */ + +/* + * L2 : The per-domain lock: d->argo->lock + * Holding a read lock on L2 protects the hash table and + * the elements in the hash_table d->argo->ring_hash, and + * the node and id fields in struct argo_ring_info in the + * hash table. + * Holding a write lock on L2 protects all of the elements of + * struct argo_ring_info. + * To take L2 you must already have R(L1). W(L1) implies W(L2) and L3. + * + * L3 : The ringinfo lock: argo_ring_info *ringinfo; ringinfo->lock + * Protects len, tx_ptr, the guest ring, the guest ring_data and + * the pending list. + * To aquire L3 you must already have R(L2). W(L2) implies L3. + */ /* * Debugs @@ -32,10 +126,191 @@ #define argo_dprintk(format, ... ) (void)0 #endif +/* + * ring buffer + */ + +/* caller must have L3 or W(L2) */ +static void +argo_ring_unmap(struct argo_ring_info *ring_info) +{ + int i; + + if ( !ring_info->mfn_mapping ) + return; + + for ( i = 0; i < ring_info->nmfns; i++ ) + { + if ( !ring_info->mfn_mapping[i] ) + continue; + if ( ring_info->mfns ) + argo_dprintk(XENLOG_ERR "argo: unmapping page %"PRI_mfn" from %p\n", + mfn_x(ring_info->mfns[i]), + ring_info->mfn_mapping[i]); + unmap_domain_page_global(ring_info->mfn_mapping[i]); + ring_info->mfn_mapping[i] = NULL; + } +} + +/* + * pending + */ +static void +argo_pending_remove_ent(struct argo_pending_ent *ent) +{ + hlist_del(&ent->node); + xfree(ent); +} + +static void +argo_pending_remove_all(struct argo_ring_info *ring_info) +{ + struct hlist_node *node, *next; + struct argo_pending_ent *pending_ent; + + hlist_for_each_entry_safe(pending_ent, node, next, + &ring_info->pending, node) + { + argo_pending_remove_ent(pending_ent); + } +} + +static void argo_ring_remove_mfns(const struct domain *d, + struct argo_ring_info *ring_info) +{ + int i; + + ASSERT(rw_is_write_locked(&d->argo->lock)); + + if ( !ring_info->mfns ) + return; + ASSERT(ring_info->mfn_mapping); + + argo_ring_unmap(ring_info); + + for ( i = 0; i < ring_info->nmfns; i++ ) + if ( mfn_x(ring_info->mfns[i]) != mfn_x(INVALID_MFN) ) + put_page_and_type(mfn_to_page(ring_info->mfns[i])); + + xfree(ring_info->mfns); + ring_info->mfns = NULL; + ring_info->npage = 0; + xfree(ring_info->mfn_mapping); + ring_info->mfn_mapping = NULL; + ring_info->nmfns = 0; +} + +static void +argo_ring_remove_info(struct domain *d, struct argo_ring_info *ring_info) +{ + ASSERT(rw_is_write_locked(&d->argo->lock)); + + /* Holding W(L2) so do not need to acquire L3 */ + argo_pending_remove_all(ring_info); + hlist_del(&ring_info->node); + argo_ring_remove_mfns(d, ring_info); + xfree(ring_info); +} + long do_argo_message_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, uint32_t arg3, uint32_t arg4) { - return -ENOSYS; + struct domain *d = current->domain; + long rc = -EFAULT; + + argo_dprintk("->do_argo_message_op(%d,%p,%p,%d,%d)\n", cmd, + (void *)arg1.p, (void *)arg2.p, (int) arg3, (int) arg4); + + domain_lock(d); + + switch (cmd) + { + default: + rc = -ENOSYS; + break; + } + + domain_unlock(d); + argo_dprintk("<-do_argo_message_op()=%ld\n", rc); + return rc; +} + +int +argo_init(struct domain *d) +{ + struct argo_domain *argo; + evtchn_port_t port; + int i; + int rc; + + argo = xmalloc(struct argo_domain); + if ( !argo ) + return -ENOMEM; + + rwlock_init(&argo->lock); + + for ( i = 0; i < ARGO_HTABLE_SIZE; ++i ) + INIT_HLIST_HEAD(&argo->ring_hash[i]); + + rc = evtchn_bind_ipi_vcpu0_domain(d, &port); + if ( rc ) + { + xfree(argo); + return rc; + } + argo->evtchn_port = port; + argo->domain_cookie = (uint64_t)NOW(); + + write_lock(&argo_lock); + d->argo = argo; + write_unlock(&argo_lock); + + return 0; +} + +void +argo_destroy(struct domain *d) +{ + int i; + + BUG_ON(!d->is_dying); + write_lock(&argo_lock); + + argo_dprintk("d->v=%p\n", d->argo); + + if ( d->argo ) + { + for ( i = 0; i < ARGO_HTABLE_SIZE; ++i ) + { + struct hlist_node *node, *next; + struct argo_ring_info *ring_info; + + hlist_for_each_entry_safe(ring_info, node, + next, &d->argo->ring_hash[i], + node) + { + argo_ring_remove_info(d, ring_info); + } + } + /* + * Since this function is only called during domain destruction, + * argo->evtchn_port need not be closed here. ref: evtchn_destroy + */ + d->argo->domain_cookie = 0; + xfree(d->argo); + d->argo = NULL; + } + write_unlock(&argo_lock); + + /* + * This (dying) domain's domid may be recorded as the authorized sender + * to rings registered by other domains, and those rings are not + * unregistered here. + * If a later domain is created that has the same domid as this one, the + * domain_cookie will differ, which ensures that the new domain cannot + * use the inherited authorizations to transmit that were issued to this + * domain. + */ } diff --git a/xen/common/domain.c b/xen/common/domain.c index 78cc524..eadea4d 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -277,6 +277,10 @@ static void _domain_destroy(struct domain *d) xfree(d->pbuf); +#ifdef CONFIG_ARGO + argo_destroy(d); +#endif + rangeset_domain_destroy(d); free_cpumask_var(d->dirty_cpumask); @@ -376,6 +380,9 @@ struct domain *domain_create(domid_t domid, spin_lock_init(&d->hypercall_deadlock_mutex); INIT_PAGE_LIST_HEAD(&d->page_list); INIT_PAGE_LIST_HEAD(&d->xenpage_list); +#ifdef CONFIG_ARGO + rwlock_init(&d->argo_lock); +#endif spin_lock_init(&d->node_affinity_lock); d->node_affinity = NODE_MASK_ALL; @@ -445,6 +452,11 @@ struct domain *domain_create(domid_t domid, goto fail; init_status |= INIT_gnttab; +#ifdef CONFIG_ARGO + if ( (err = argo_init(d)) != 0 ) + goto fail; +#endif + err = -ENOMEM; d->pbuf = xzalloc_array(char, DOMAIN_PBUF_SIZE); @@ -717,6 +729,9 @@ int domain_kill(struct domain *d) if ( d->is_dying != DOMDYING_alive ) return domain_kill(d); d->is_dying = DOMDYING_dying; +#ifdef CONFIG_ARGO + argo_destroy(d); +#endif evtchn_destroy(d); gnttab_release_mappings(d); tmem_destroy(d->tmem_client); diff --git a/xen/include/public/argo.h b/xen/include/public/argo.h new file mode 100644 index 0000000..20dabc0 --- /dev/null +++ b/xen/include/public/argo.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * Argo : Hypervisor-Mediated data eXchange + * + * Derived from v4v, the version 2 of v2v. + * + * Copyright (c) 2010, Citrix Systems + * Copyright (c) 2018, BAE Systems + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef __XEN_PUBLIC_ARGO_H__ +#define __XEN_PUBLIC_ARGO_H__ + +#include "xen.h" + +typedef struct argo_addr +{ + uint32_t port; + domid_t domain_id; + uint16_t pad; +} argo_addr_t; + +typedef struct argo_ring_id +{ + struct argo_addr addr; + domid_t partner; + uint16_t pad; +} argo_ring_id_t; + +typedef struct argo_ring +{ + uint64_t magic; + argo_ring_id_t id; + uint32_t len; + /* Guests should use atomic operations to access rx_ptr */ + uint32_t rx_ptr; + /* Guests should use atomic operations to access tx_ptr */ + uint32_t tx_ptr; + uint8_t reserved[32]; +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L + uint8_t ring[]; +#elif defined(__GNUC__) + uint8_t ring[0]; +#endif +} argo_ring_t; + +#endif diff --git a/xen/include/xen/argo.h b/xen/include/xen/argo.h new file mode 100644 index 0000000..c037de6 --- /dev/null +++ b/xen/include/xen/argo.h @@ -0,0 +1,30 @@ +/****************************************************************************** + * Argo : Hypervisor-Mediated data eXchange + * + * Derived from v4v, the version 2 of v2v. + * + * Copyright (c) 2010, Citrix Systems + * Copyright (c) 2018, BAE Systems + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef __XEN_ARGO_H__ +#define __XEN_ARGO_H__ + +#include <xen/types.h> +#include <public/argo.h> + +struct argo_domain; + +int argo_init(struct domain *d); +void argo_destroy(struct domain *d); + +#endif diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 0309c1f..4a19b55 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -22,6 +22,7 @@ #include <asm/atomic.h> #include <xen/vpci.h> #include <xen/wait.h> +#include <xen/argo.h> #include <public/xen.h> #include <public/domctl.h> #include <public/sysctl.h> @@ -490,6 +491,12 @@ struct domain unsigned int guest_request_enabled : 1; unsigned int guest_request_sync : 1; } monitor; + +#ifdef CONFIG_ARGO + /* Argo interdomain communication support */ + rwlock_t argo_lock; + struct argo_domain *argo; +#endif }; /* Protect updates/reads (resp.) of domain_list and domain_hash. */ -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |