hw/arm/bcm2836: Only provide "enabled-cpus" property to multicore SoCs
[qemu.git] / hw / hyperv / vmbus.c
1 /*
2 * QEMU Hyper-V VMBus
3 *
4 * Copyright (c) 2017-2018 Virtuozzo International GmbH.
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 */
9
10 #include "qemu/osdep.h"
11 #include "qemu/error-report.h"
12 #include "qemu/main-loop.h"
13 #include "qapi/error.h"
14 #include "migration/vmstate.h"
15 #include "hw/qdev-properties.h"
16 #include "hw/hyperv/hyperv.h"
17 #include "hw/hyperv/vmbus.h"
18 #include "hw/hyperv/vmbus-bridge.h"
19 #include "hw/sysbus.h"
20 #include "cpu.h"
21 #include "trace.h"
22
23 enum {
24 VMGPADL_INIT,
25 VMGPADL_ALIVE,
26 VMGPADL_TEARINGDOWN,
27 VMGPADL_TORNDOWN,
28 };
29
30 struct VMBusGpadl {
31 /* GPADL id */
32 uint32_t id;
33 /* associated channel id (rudimentary?) */
34 uint32_t child_relid;
35
36 /* number of pages in the GPADL as declared in GPADL_HEADER message */
37 uint32_t num_gfns;
38 /*
39 * Due to limited message size, GPADL may not fit fully in a single
40 * GPADL_HEADER message, and is further popluated using GPADL_BODY
41 * messages. @seen_gfns is the number of pages seen so far; once it
42 * reaches @num_gfns, the GPADL is ready to use.
43 */
44 uint32_t seen_gfns;
45 /* array of GFNs (of size @num_gfns once allocated) */
46 uint64_t *gfns;
47
48 uint8_t state;
49
50 QTAILQ_ENTRY(VMBusGpadl) link;
51 VMBus *vmbus;
52 unsigned refcount;
53 };
54
55 /*
56 * Wrap sequential read from / write to GPADL.
57 */
58 typedef struct GpadlIter {
59 VMBusGpadl *gpadl;
60 AddressSpace *as;
61 DMADirection dir;
62 /* offset into GPADL where the next i/o will be performed */
63 uint32_t off;
64 /*
65 * Cached mapping of the currently accessed page, up to page boundary.
66 * Updated lazily on i/o.
67 * Note: MemoryRegionCache can not be used here because pages in the GPADL
68 * are non-contiguous and may belong to different memory regions.
69 */
70 void *map;
71 /* offset after last i/o (i.e. not affected by seek) */
72 uint32_t last_off;
73 /*
74 * Indicator that the iterator is active and may have a cached mapping.
75 * Allows to enforce bracketing of all i/o (which may create cached
76 * mappings) and thus exclude mapping leaks.
77 */
78 bool active;
79 } GpadlIter;
80
81 /*
82 * Ring buffer. There are two of them, sitting in the same GPADL, for each
83 * channel.
84 * Each ring buffer consists of a set of pages, with the first page containing
85 * the ring buffer header, and the remaining pages being for data packets.
86 */
87 typedef struct VMBusRingBufCommon {
88 AddressSpace *as;
89 /* GPA of the ring buffer header */
90 dma_addr_t rb_addr;
91 /* start and length of the ring buffer data area within GPADL */
92 uint32_t base;
93 uint32_t len;
94
95 GpadlIter iter;
96 } VMBusRingBufCommon;
97
98 typedef struct VMBusSendRingBuf {
99 VMBusRingBufCommon common;
100 /* current write index, to be committed at the end of send */
101 uint32_t wr_idx;
102 /* write index at the start of send */
103 uint32_t last_wr_idx;
104 /* space to be requested from the guest */
105 uint32_t wanted;
106 /* space reserved for planned sends */
107 uint32_t reserved;
108 /* last seen read index */
109 uint32_t last_seen_rd_idx;
110 } VMBusSendRingBuf;
111
112 typedef struct VMBusRecvRingBuf {
113 VMBusRingBufCommon common;
114 /* current read index, to be committed at the end of receive */
115 uint32_t rd_idx;
116 /* read index at the start of receive */
117 uint32_t last_rd_idx;
118 /* last seen write index */
119 uint32_t last_seen_wr_idx;
120 } VMBusRecvRingBuf;
121
122
123 enum {
124 VMOFFER_INIT,
125 VMOFFER_SENDING,
126 VMOFFER_SENT,
127 };
128
129 enum {
130 VMCHAN_INIT,
131 VMCHAN_OPENING,
132 VMCHAN_OPEN,
133 };
134
135 struct VMBusChannel {
136 VMBusDevice *dev;
137
138 /* channel id */
139 uint32_t id;
140 /*
141 * subchannel index within the device; subchannel #0 is "primary" and
142 * always exists
143 */
144 uint16_t subchan_idx;
145 uint32_t open_id;
146 /* VP_INDEX of the vCPU to notify with (synthetic) interrupts */
147 uint32_t target_vp;
148 /* GPADL id to use for the ring buffers */
149 uint32_t ringbuf_gpadl;
150 /* start (in pages) of the send ring buffer within @ringbuf_gpadl */
151 uint32_t ringbuf_send_offset;
152
153 uint8_t offer_state;
154 uint8_t state;
155 bool is_open;
156
157 /* main device worker; copied from the device class */
158 VMBusChannelNotifyCb notify_cb;
159 /*
160 * guest->host notifications, either sent directly or dispatched via
161 * interrupt page (older VMBus)
162 */
163 EventNotifier notifier;
164
165 VMBus *vmbus;
166 /*
167 * SINT route to signal with host->guest notifications; may be shared with
168 * the main VMBus SINT route
169 */
170 HvSintRoute *notify_route;
171 VMBusGpadl *gpadl;
172
173 VMBusSendRingBuf send_ringbuf;
174 VMBusRecvRingBuf recv_ringbuf;
175
176 QTAILQ_ENTRY(VMBusChannel) link;
177 };
178
179 /*
180 * Hyper-V spec mandates that every message port has 16 buffers, which means
181 * that the guest can post up to this many messages without blocking.
182 * Therefore a queue for incoming messages has to be provided.
183 * For outgoing (i.e. host->guest) messages there's no queue; the VMBus just
184 * doesn't transition to a new state until the message is known to have been
185 * successfully delivered to the respective SynIC message slot.
186 */
187 #define HV_MSG_QUEUE_LEN 16
188
189 /* Hyper-V devices never use channel #0. Must be something special. */
190 #define VMBUS_FIRST_CHANID 1
191 /* Each channel occupies one bit within a single event page sint slot. */
192 #define VMBUS_CHANID_COUNT (HV_EVENT_FLAGS_COUNT - VMBUS_FIRST_CHANID)
193 /* Leave a few connection numbers for other purposes. */
194 #define VMBUS_CHAN_CONNECTION_OFFSET 16
195
196 /*
197 * Since the success or failure of sending a message is reported
198 * asynchronously, the VMBus state machine has effectively two entry points:
199 * vmbus_run and vmbus_msg_cb (the latter is called when the host->guest
200 * message delivery status becomes known). Both are run as oneshot BHs on the
201 * main aio context, ensuring serialization.
202 */
203 enum {
204 VMBUS_LISTEN,
205 VMBUS_HANDSHAKE,
206 VMBUS_OFFER,
207 VMBUS_CREATE_GPADL,
208 VMBUS_TEARDOWN_GPADL,
209 VMBUS_OPEN_CHANNEL,
210 VMBUS_UNLOAD,
211 VMBUS_STATE_MAX
212 };
213
214 struct VMBus {
215 BusState parent;
216
217 uint8_t state;
218 /* protection against recursive aio_poll (see vmbus_run) */
219 bool in_progress;
220 /* whether there's a message being delivered to the guest */
221 bool msg_in_progress;
222 uint32_t version;
223 /* VP_INDEX of the vCPU to send messages and interrupts to */
224 uint32_t target_vp;
225 HvSintRoute *sint_route;
226 /*
227 * interrupt page for older protocol versions; newer ones use SynIC event
228 * flags directly
229 */
230 hwaddr int_page_gpa;
231
232 DECLARE_BITMAP(chanid_bitmap, VMBUS_CHANID_COUNT);
233
234 /* incoming message queue */
235 struct hyperv_post_message_input rx_queue[HV_MSG_QUEUE_LEN];
236 uint8_t rx_queue_head;
237 uint8_t rx_queue_size;
238 QemuMutex rx_queue_lock;
239
240 QTAILQ_HEAD(, VMBusGpadl) gpadl_list;
241 QTAILQ_HEAD(, VMBusChannel) channel_list;
242
243 /*
244 * guest->host notifications for older VMBus, to be dispatched via
245 * interrupt page
246 */
247 EventNotifier notifier;
248 };
249
250 static bool gpadl_full(VMBusGpadl *gpadl)
251 {
252 return gpadl->seen_gfns == gpadl->num_gfns;
253 }
254
255 static VMBusGpadl *create_gpadl(VMBus *vmbus, uint32_t id,
256 uint32_t child_relid, uint32_t num_gfns)
257 {
258 VMBusGpadl *gpadl = g_new0(VMBusGpadl, 1);
259
260 gpadl->id = id;
261 gpadl->child_relid = child_relid;
262 gpadl->num_gfns = num_gfns;
263 gpadl->gfns = g_new(uint64_t, num_gfns);
264 QTAILQ_INSERT_HEAD(&vmbus->gpadl_list, gpadl, link);
265 gpadl->vmbus = vmbus;
266 gpadl->refcount = 1;
267 return gpadl;
268 }
269
270 static void free_gpadl(VMBusGpadl *gpadl)
271 {
272 QTAILQ_REMOVE(&gpadl->vmbus->gpadl_list, gpadl, link);
273 g_free(gpadl->gfns);
274 g_free(gpadl);
275 }
276
277 static VMBusGpadl *find_gpadl(VMBus *vmbus, uint32_t gpadl_id)
278 {
279 VMBusGpadl *gpadl;
280 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
281 if (gpadl->id == gpadl_id) {
282 return gpadl;
283 }
284 }
285 return NULL;
286 }
287
288 VMBusGpadl *vmbus_get_gpadl(VMBusChannel *chan, uint32_t gpadl_id)
289 {
290 VMBusGpadl *gpadl = find_gpadl(chan->vmbus, gpadl_id);
291 if (!gpadl || !gpadl_full(gpadl)) {
292 return NULL;
293 }
294 gpadl->refcount++;
295 return gpadl;
296 }
297
298 void vmbus_put_gpadl(VMBusGpadl *gpadl)
299 {
300 if (!gpadl) {
301 return;
302 }
303 if (--gpadl->refcount) {
304 return;
305 }
306 free_gpadl(gpadl);
307 }
308
309 uint32_t vmbus_gpadl_len(VMBusGpadl *gpadl)
310 {
311 return gpadl->num_gfns * TARGET_PAGE_SIZE;
312 }
313
314 static void gpadl_iter_init(GpadlIter *iter, VMBusGpadl *gpadl,
315 AddressSpace *as, DMADirection dir)
316 {
317 iter->gpadl = gpadl;
318 iter->as = as;
319 iter->dir = dir;
320 iter->active = false;
321 }
322
323 static inline void gpadl_iter_cache_unmap(GpadlIter *iter)
324 {
325 uint32_t map_start_in_page = (uintptr_t)iter->map & ~TARGET_PAGE_MASK;
326 uint32_t io_end_in_page = ((iter->last_off - 1) & ~TARGET_PAGE_MASK) + 1;
327
328 /* mapping is only done to do non-zero amount of i/o */
329 assert(iter->last_off > 0);
330 assert(map_start_in_page < io_end_in_page);
331
332 dma_memory_unmap(iter->as, iter->map, TARGET_PAGE_SIZE - map_start_in_page,
333 iter->dir, io_end_in_page - map_start_in_page);
334 }
335
336 /*
337 * Copy exactly @len bytes between the GPADL pointed to by @iter and @buf.
338 * The direction of the copy is determined by @iter->dir.
339 * The caller must ensure the operation overflows neither @buf nor the GPADL
340 * (there's an assert for the latter).
341 * Reuse the currently mapped page in the GPADL if possible.
342 */
343 static ssize_t gpadl_iter_io(GpadlIter *iter, void *buf, uint32_t len)
344 {
345 ssize_t ret = len;
346
347 assert(iter->active);
348
349 while (len) {
350 uint32_t off_in_page = iter->off & ~TARGET_PAGE_MASK;
351 uint32_t pgleft = TARGET_PAGE_SIZE - off_in_page;
352 uint32_t cplen = MIN(pgleft, len);
353 void *p;
354
355 /* try to reuse the cached mapping */
356 if (iter->map) {
357 uint32_t map_start_in_page =
358 (uintptr_t)iter->map & ~TARGET_PAGE_MASK;
359 uint32_t off_base = iter->off & ~TARGET_PAGE_MASK;
360 uint32_t mapped_base = (iter->last_off - 1) & ~TARGET_PAGE_MASK;
361 if (off_base != mapped_base || off_in_page < map_start_in_page) {
362 gpadl_iter_cache_unmap(iter);
363 iter->map = NULL;
364 }
365 }
366
367 if (!iter->map) {
368 dma_addr_t maddr;
369 dma_addr_t mlen = pgleft;
370 uint32_t idx = iter->off >> TARGET_PAGE_BITS;
371 assert(idx < iter->gpadl->num_gfns);
372
373 maddr = (iter->gpadl->gfns[idx] << TARGET_PAGE_BITS) | off_in_page;
374
375 iter->map = dma_memory_map(iter->as, maddr, &mlen, iter->dir);
376 if (mlen != pgleft) {
377 dma_memory_unmap(iter->as, iter->map, mlen, iter->dir, 0);
378 iter->map = NULL;
379 return -EFAULT;
380 }
381 }
382
383 p = (void *)(uintptr_t)(((uintptr_t)iter->map & TARGET_PAGE_MASK) |
384 off_in_page);
385 if (iter->dir == DMA_DIRECTION_FROM_DEVICE) {
386 memcpy(p, buf, cplen);
387 } else {
388 memcpy(buf, p, cplen);
389 }
390
391 buf += cplen;
392 len -= cplen;
393 iter->off += cplen;
394 iter->last_off = iter->off;
395 }
396
397 return ret;
398 }
399
400 /*
401 * Position the iterator @iter at new offset @new_off.
402 * If this results in the cached mapping being unusable with the new offset,
403 * unmap it.
404 */
405 static inline void gpadl_iter_seek(GpadlIter *iter, uint32_t new_off)
406 {
407 assert(iter->active);
408 iter->off = new_off;
409 }
410
411 /*
412 * Start a series of i/o on the GPADL.
413 * After this i/o and seek operations on @iter become legal.
414 */
415 static inline void gpadl_iter_start_io(GpadlIter *iter)
416 {
417 assert(!iter->active);
418 /* mapping is cached lazily on i/o */
419 iter->map = NULL;
420 iter->active = true;
421 }
422
423 /*
424 * End the eariler started series of i/o on the GPADL and release the cached
425 * mapping if any.
426 */
427 static inline void gpadl_iter_end_io(GpadlIter *iter)
428 {
429 assert(iter->active);
430
431 if (iter->map) {
432 gpadl_iter_cache_unmap(iter);
433 }
434
435 iter->active = false;
436 }
437
438 static void vmbus_resched(VMBus *vmbus);
439 static void vmbus_msg_cb(void *data, int status);
440
441 ssize_t vmbus_iov_to_gpadl(VMBusChannel *chan, VMBusGpadl *gpadl, uint32_t off,
442 const struct iovec *iov, size_t iov_cnt)
443 {
444 GpadlIter iter;
445 size_t i;
446 ssize_t ret = 0;
447
448 gpadl_iter_init(&iter, gpadl, chan->dev->dma_as,
449 DMA_DIRECTION_FROM_DEVICE);
450 gpadl_iter_start_io(&iter);
451 gpadl_iter_seek(&iter, off);
452 for (i = 0; i < iov_cnt; i++) {
453 ret = gpadl_iter_io(&iter, iov[i].iov_base, iov[i].iov_len);
454 if (ret < 0) {
455 goto out;
456 }
457 }
458 out:
459 gpadl_iter_end_io(&iter);
460 return ret;
461 }
462
463 int vmbus_map_sgl(VMBusChanReq *req, DMADirection dir, struct iovec *iov,
464 unsigned iov_cnt, size_t len, size_t off)
465 {
466 int ret_cnt = 0, ret;
467 unsigned i;
468 QEMUSGList *sgl = &req->sgl;
469 ScatterGatherEntry *sg = sgl->sg;
470
471 for (i = 0; i < sgl->nsg; i++) {
472 if (sg[i].len > off) {
473 break;
474 }
475 off -= sg[i].len;
476 }
477 for (; len && i < sgl->nsg; i++) {
478 dma_addr_t mlen = MIN(sg[i].len - off, len);
479 dma_addr_t addr = sg[i].base + off;
480 len -= mlen;
481 off = 0;
482
483 for (; mlen; ret_cnt++) {
484 dma_addr_t l = mlen;
485 dma_addr_t a = addr;
486
487 if (ret_cnt == iov_cnt) {
488 ret = -ENOBUFS;
489 goto err;
490 }
491
492 iov[ret_cnt].iov_base = dma_memory_map(sgl->as, a, &l, dir);
493 if (!l) {
494 ret = -EFAULT;
495 goto err;
496 }
497 iov[ret_cnt].iov_len = l;
498 addr += l;
499 mlen -= l;
500 }
501 }
502
503 return ret_cnt;
504 err:
505 vmbus_unmap_sgl(req, dir, iov, ret_cnt, 0);
506 return ret;
507 }
508
509 void vmbus_unmap_sgl(VMBusChanReq *req, DMADirection dir, struct iovec *iov,
510 unsigned iov_cnt, size_t accessed)
511 {
512 QEMUSGList *sgl = &req->sgl;
513 unsigned i;
514
515 for (i = 0; i < iov_cnt; i++) {
516 size_t acsd = MIN(accessed, iov[i].iov_len);
517 dma_memory_unmap(sgl->as, iov[i].iov_base, iov[i].iov_len, dir, acsd);
518 accessed -= acsd;
519 }
520 }
521
522 static const VMStateDescription vmstate_gpadl = {
523 .name = "vmbus/gpadl",
524 .version_id = 0,
525 .minimum_version_id = 0,
526 .fields = (VMStateField[]) {
527 VMSTATE_UINT32(id, VMBusGpadl),
528 VMSTATE_UINT32(child_relid, VMBusGpadl),
529 VMSTATE_UINT32(num_gfns, VMBusGpadl),
530 VMSTATE_UINT32(seen_gfns, VMBusGpadl),
531 VMSTATE_VARRAY_UINT32_ALLOC(gfns, VMBusGpadl, num_gfns, 0,
532 vmstate_info_uint64, uint64_t),
533 VMSTATE_UINT8(state, VMBusGpadl),
534 VMSTATE_END_OF_LIST()
535 }
536 };
537
538 /*
539 * Wrap the index into a ring buffer of @len bytes.
540 * @idx is assumed not to exceed twice the size of the ringbuffer, so only
541 * single wraparound is considered.
542 */
543 static inline uint32_t rb_idx_wrap(uint32_t idx, uint32_t len)
544 {
545 if (idx >= len) {
546 idx -= len;
547 }
548 return idx;
549 }
550
551 /*
552 * Circular difference between two indices into a ring buffer of @len bytes.
553 * @allow_catchup - whether @idx1 may catch up @idx2; e.g. read index may catch
554 * up write index but not vice versa.
555 */
556 static inline uint32_t rb_idx_delta(uint32_t idx1, uint32_t idx2, uint32_t len,
557 bool allow_catchup)
558 {
559 return rb_idx_wrap(idx2 + len - idx1 - !allow_catchup, len);
560 }
561
562 static vmbus_ring_buffer *ringbuf_map_hdr(VMBusRingBufCommon *ringbuf)
563 {
564 vmbus_ring_buffer *rb;
565 dma_addr_t mlen = sizeof(*rb);
566
567 rb = dma_memory_map(ringbuf->as, ringbuf->rb_addr, &mlen,
568 DMA_DIRECTION_FROM_DEVICE);
569 if (mlen != sizeof(*rb)) {
570 dma_memory_unmap(ringbuf->as, rb, mlen,
571 DMA_DIRECTION_FROM_DEVICE, 0);
572 return NULL;
573 }
574 return rb;
575 }
576
577 static void ringbuf_unmap_hdr(VMBusRingBufCommon *ringbuf,
578 vmbus_ring_buffer *rb, bool dirty)
579 {
580 assert(rb);
581
582 dma_memory_unmap(ringbuf->as, rb, sizeof(*rb), DMA_DIRECTION_FROM_DEVICE,
583 dirty ? sizeof(*rb) : 0);
584 }
585
586 static void ringbuf_init_common(VMBusRingBufCommon *ringbuf, VMBusGpadl *gpadl,
587 AddressSpace *as, DMADirection dir,
588 uint32_t begin, uint32_t end)
589 {
590 ringbuf->as = as;
591 ringbuf->rb_addr = gpadl->gfns[begin] << TARGET_PAGE_BITS;
592 ringbuf->base = (begin + 1) << TARGET_PAGE_BITS;
593 ringbuf->len = (end - begin - 1) << TARGET_PAGE_BITS;
594 gpadl_iter_init(&ringbuf->iter, gpadl, as, dir);
595 }
596
597 static int ringbufs_init(VMBusChannel *chan)
598 {
599 vmbus_ring_buffer *rb;
600 VMBusSendRingBuf *send_ringbuf = &chan->send_ringbuf;
601 VMBusRecvRingBuf *recv_ringbuf = &chan->recv_ringbuf;
602
603 if (chan->ringbuf_send_offset <= 1 ||
604 chan->gpadl->num_gfns <= chan->ringbuf_send_offset + 1) {
605 return -EINVAL;
606 }
607
608 ringbuf_init_common(&recv_ringbuf->common, chan->gpadl, chan->dev->dma_as,
609 DMA_DIRECTION_TO_DEVICE, 0, chan->ringbuf_send_offset);
610 ringbuf_init_common(&send_ringbuf->common, chan->gpadl, chan->dev->dma_as,
611 DMA_DIRECTION_FROM_DEVICE, chan->ringbuf_send_offset,
612 chan->gpadl->num_gfns);
613 send_ringbuf->wanted = 0;
614 send_ringbuf->reserved = 0;
615
616 rb = ringbuf_map_hdr(&recv_ringbuf->common);
617 if (!rb) {
618 return -EFAULT;
619 }
620 recv_ringbuf->rd_idx = recv_ringbuf->last_rd_idx = rb->read_index;
621 ringbuf_unmap_hdr(&recv_ringbuf->common, rb, false);
622
623 rb = ringbuf_map_hdr(&send_ringbuf->common);
624 if (!rb) {
625 return -EFAULT;
626 }
627 send_ringbuf->wr_idx = send_ringbuf->last_wr_idx = rb->write_index;
628 send_ringbuf->last_seen_rd_idx = rb->read_index;
629 rb->feature_bits |= VMBUS_RING_BUFFER_FEAT_PENDING_SZ;
630 ringbuf_unmap_hdr(&send_ringbuf->common, rb, true);
631
632 if (recv_ringbuf->rd_idx >= recv_ringbuf->common.len ||
633 send_ringbuf->wr_idx >= send_ringbuf->common.len) {
634 return -EOVERFLOW;
635 }
636
637 return 0;
638 }
639
640 /*
641 * Perform io between the GPADL-backed ringbuffer @ringbuf and @buf, wrapping
642 * around if needed.
643 * @len is assumed not to exceed the size of the ringbuffer, so only single
644 * wraparound is considered.
645 */
646 static ssize_t ringbuf_io(VMBusRingBufCommon *ringbuf, void *buf, uint32_t len)
647 {
648 ssize_t ret1 = 0, ret2 = 0;
649 uint32_t remain = ringbuf->len + ringbuf->base - ringbuf->iter.off;
650
651 if (len >= remain) {
652 ret1 = gpadl_iter_io(&ringbuf->iter, buf, remain);
653 if (ret1 < 0) {
654 return ret1;
655 }
656 gpadl_iter_seek(&ringbuf->iter, ringbuf->base);
657 buf += remain;
658 len -= remain;
659 }
660 ret2 = gpadl_iter_io(&ringbuf->iter, buf, len);
661 if (ret2 < 0) {
662 return ret2;
663 }
664 return ret1 + ret2;
665 }
666
667 /*
668 * Position the circular iterator within @ringbuf to offset @new_off, wrapping
669 * around if needed.
670 * @new_off is assumed not to exceed twice the size of the ringbuffer, so only
671 * single wraparound is considered.
672 */
673 static inline void ringbuf_seek(VMBusRingBufCommon *ringbuf, uint32_t new_off)
674 {
675 gpadl_iter_seek(&ringbuf->iter,
676 ringbuf->base + rb_idx_wrap(new_off, ringbuf->len));
677 }
678
679 static inline uint32_t ringbuf_tell(VMBusRingBufCommon *ringbuf)
680 {
681 return ringbuf->iter.off - ringbuf->base;
682 }
683
684 static inline void ringbuf_start_io(VMBusRingBufCommon *ringbuf)
685 {
686 gpadl_iter_start_io(&ringbuf->iter);
687 }
688
689 static inline void ringbuf_end_io(VMBusRingBufCommon *ringbuf)
690 {
691 gpadl_iter_end_io(&ringbuf->iter);
692 }
693
694 VMBusDevice *vmbus_channel_device(VMBusChannel *chan)
695 {
696 return chan->dev;
697 }
698
699 VMBusChannel *vmbus_device_channel(VMBusDevice *dev, uint32_t chan_idx)
700 {
701 if (chan_idx >= dev->num_channels) {
702 return NULL;
703 }
704 return &dev->channels[chan_idx];
705 }
706
707 uint32_t vmbus_channel_idx(VMBusChannel *chan)
708 {
709 return chan - chan->dev->channels;
710 }
711
712 void vmbus_channel_notify_host(VMBusChannel *chan)
713 {
714 event_notifier_set(&chan->notifier);
715 }
716
717 bool vmbus_channel_is_open(VMBusChannel *chan)
718 {
719 return chan->is_open;
720 }
721
722 /*
723 * Notify the guest side about the data to work on in the channel ring buffer.
724 * The notification is done by signaling a dedicated per-channel SynIC event
725 * flag (more recent guests) or setting a bit in the interrupt page and firing
726 * the VMBus SINT (older guests).
727 */
728 static int vmbus_channel_notify_guest(VMBusChannel *chan)
729 {
730 int res = 0;
731 unsigned long *int_map, mask;
732 unsigned idx;
733 hwaddr addr = chan->vmbus->int_page_gpa;
734 hwaddr len = TARGET_PAGE_SIZE / 2, dirty = 0;
735
736 trace_vmbus_channel_notify_guest(chan->id);
737
738 if (!addr) {
739 return hyperv_set_event_flag(chan->notify_route, chan->id);
740 }
741
742 int_map = cpu_physical_memory_map(addr, &len, 1);
743 if (len != TARGET_PAGE_SIZE / 2) {
744 res = -ENXIO;
745 goto unmap;
746 }
747
748 idx = BIT_WORD(chan->id);
749 mask = BIT_MASK(chan->id);
750 if ((qatomic_fetch_or(&int_map[idx], mask) & mask) != mask) {
751 res = hyperv_sint_route_set_sint(chan->notify_route);
752 dirty = len;
753 }
754
755 unmap:
756 cpu_physical_memory_unmap(int_map, len, 1, dirty);
757 return res;
758 }
759
760 #define VMBUS_PKT_TRAILER sizeof(uint64_t)
761
762 static uint32_t vmbus_pkt_hdr_set_offsets(vmbus_packet_hdr *hdr,
763 uint32_t desclen, uint32_t msglen)
764 {
765 hdr->offset_qwords = sizeof(*hdr) / sizeof(uint64_t) +
766 DIV_ROUND_UP(desclen, sizeof(uint64_t));
767 hdr->len_qwords = hdr->offset_qwords +
768 DIV_ROUND_UP(msglen, sizeof(uint64_t));
769 return hdr->len_qwords * sizeof(uint64_t) + VMBUS_PKT_TRAILER;
770 }
771
772 /*
773 * Simplified ring buffer operation with paired barriers annotations in the
774 * producer and consumer loops:
775 *
776 * producer * consumer
777 * ~~~~~~~~ * ~~~~~~~~
778 * write pending_send_sz * read write_index
779 * smp_mb [A] * smp_mb [C]
780 * read read_index * read packet
781 * smp_mb [B] * read/write out-of-band data
782 * read/write out-of-band data * smp_mb [B]
783 * write packet * write read_index
784 * smp_mb [C] * smp_mb [A]
785 * write write_index * read pending_send_sz
786 * smp_wmb [D] * smp_rmb [D]
787 * write pending_send_sz * read write_index
788 * ... * ...
789 */
790
791 static inline uint32_t ringbuf_send_avail(VMBusSendRingBuf *ringbuf)
792 {
793 /* don't trust guest data */
794 if (ringbuf->last_seen_rd_idx >= ringbuf->common.len) {
795 return 0;
796 }
797 return rb_idx_delta(ringbuf->wr_idx, ringbuf->last_seen_rd_idx,
798 ringbuf->common.len, false);
799 }
800
801 static ssize_t ringbuf_send_update_idx(VMBusChannel *chan)
802 {
803 VMBusSendRingBuf *ringbuf = &chan->send_ringbuf;
804 vmbus_ring_buffer *rb;
805 uint32_t written;
806
807 written = rb_idx_delta(ringbuf->last_wr_idx, ringbuf->wr_idx,
808 ringbuf->common.len, true);
809 if (!written) {
810 return 0;
811 }
812
813 rb = ringbuf_map_hdr(&ringbuf->common);
814 if (!rb) {
815 return -EFAULT;
816 }
817
818 ringbuf->reserved -= written;
819
820 /* prevent reorder with the data operation and packet write */
821 smp_mb(); /* barrier pair [C] */
822 rb->write_index = ringbuf->wr_idx;
823
824 /*
825 * If the producer earlier indicated that it wants to be notified when the
826 * consumer frees certain amount of space in the ring buffer, that amount
827 * is reduced by the size of the completed write.
828 */
829 if (ringbuf->wanted) {
830 /* otherwise reservation would fail */
831 assert(ringbuf->wanted < written);
832 ringbuf->wanted -= written;
833 /* prevent reorder with write_index write */
834 smp_wmb(); /* barrier pair [D] */
835 rb->pending_send_sz = ringbuf->wanted;
836 }
837
838 /* prevent reorder with write_index or pending_send_sz write */
839 smp_mb(); /* barrier pair [A] */
840 ringbuf->last_seen_rd_idx = rb->read_index;
841
842 /*
843 * The consumer may have missed the reduction of pending_send_sz and skip
844 * notification, so re-check the blocking condition, and, if it's no longer
845 * true, ensure processing another iteration by simulating consumer's
846 * notification.
847 */
848 if (ringbuf_send_avail(ringbuf) >= ringbuf->wanted) {
849 vmbus_channel_notify_host(chan);
850 }
851
852 /* skip notification by consumer's request */
853 if (rb->interrupt_mask) {
854 goto out;
855 }
856
857 /*
858 * The consumer hasn't caught up with the producer's previous state so it's
859 * not blocked.
860 * (last_seen_rd_idx comes from the guest but it's safe to use w/o
861 * validation here as it only affects notification.)
862 */
863 if (rb_idx_delta(ringbuf->last_seen_rd_idx, ringbuf->wr_idx,
864 ringbuf->common.len, true) > written) {
865 goto out;
866 }
867
868 vmbus_channel_notify_guest(chan);
869 out:
870 ringbuf_unmap_hdr(&ringbuf->common, rb, true);
871 ringbuf->last_wr_idx = ringbuf->wr_idx;
872 return written;
873 }
874
875 int vmbus_channel_reserve(VMBusChannel *chan,
876 uint32_t desclen, uint32_t msglen)
877 {
878 VMBusSendRingBuf *ringbuf = &chan->send_ringbuf;
879 vmbus_ring_buffer *rb = NULL;
880 vmbus_packet_hdr hdr;
881 uint32_t needed = ringbuf->reserved +
882 vmbus_pkt_hdr_set_offsets(&hdr, desclen, msglen);
883
884 /* avoid touching the guest memory if possible */
885 if (likely(needed <= ringbuf_send_avail(ringbuf))) {
886 goto success;
887 }
888
889 rb = ringbuf_map_hdr(&ringbuf->common);
890 if (!rb) {
891 return -EFAULT;
892 }
893
894 /* fetch read index from guest memory and try again */
895 ringbuf->last_seen_rd_idx = rb->read_index;
896
897 if (likely(needed <= ringbuf_send_avail(ringbuf))) {
898 goto success;
899 }
900
901 rb->pending_send_sz = needed;
902
903 /*
904 * The consumer may have made progress and freed up some space before
905 * seeing updated pending_send_sz, so re-read read_index (preventing
906 * reorder with the pending_send_sz write) and try again.
907 */
908 smp_mb(); /* barrier pair [A] */
909 ringbuf->last_seen_rd_idx = rb->read_index;
910
911 if (needed > ringbuf_send_avail(ringbuf)) {
912 goto out;
913 }
914
915 success:
916 ringbuf->reserved = needed;
917 needed = 0;
918
919 /* clear pending_send_sz if it was set */
920 if (ringbuf->wanted) {
921 if (!rb) {
922 rb = ringbuf_map_hdr(&ringbuf->common);
923 if (!rb) {
924 /* failure to clear pending_send_sz is non-fatal */
925 goto out;
926 }
927 }
928
929 rb->pending_send_sz = 0;
930 }
931
932 /* prevent reorder of the following data operation with read_index read */
933 smp_mb(); /* barrier pair [B] */
934
935 out:
936 if (rb) {
937 ringbuf_unmap_hdr(&ringbuf->common, rb, ringbuf->wanted == needed);
938 }
939 ringbuf->wanted = needed;
940 return needed ? -ENOSPC : 0;
941 }
942
943 ssize_t vmbus_channel_send(VMBusChannel *chan, uint16_t pkt_type,
944 void *desc, uint32_t desclen,
945 void *msg, uint32_t msglen,
946 bool need_comp, uint64_t transaction_id)
947 {
948 ssize_t ret = 0;
949 vmbus_packet_hdr hdr;
950 uint32_t totlen;
951 VMBusSendRingBuf *ringbuf = &chan->send_ringbuf;
952
953 if (!vmbus_channel_is_open(chan)) {
954 return -EINVAL;
955 }
956
957 totlen = vmbus_pkt_hdr_set_offsets(&hdr, desclen, msglen);
958 hdr.type = pkt_type;
959 hdr.flags = need_comp ? VMBUS_PACKET_FLAG_REQUEST_COMPLETION : 0;
960 hdr.transaction_id = transaction_id;
961
962 assert(totlen <= ringbuf->reserved);
963
964 ringbuf_start_io(&ringbuf->common);
965 ringbuf_seek(&ringbuf->common, ringbuf->wr_idx);
966 ret = ringbuf_io(&ringbuf->common, &hdr, sizeof(hdr));
967 if (ret < 0) {
968 goto out;
969 }
970 if (desclen) {
971 assert(desc);
972 ret = ringbuf_io(&ringbuf->common, desc, desclen);
973 if (ret < 0) {
974 goto out;
975 }
976 ringbuf_seek(&ringbuf->common,
977 ringbuf->wr_idx + hdr.offset_qwords * sizeof(uint64_t));
978 }
979 ret = ringbuf_io(&ringbuf->common, msg, msglen);
980 if (ret < 0) {
981 goto out;
982 }
983 ringbuf_seek(&ringbuf->common, ringbuf->wr_idx + totlen);
984 ringbuf->wr_idx = ringbuf_tell(&ringbuf->common);
985 ret = 0;
986 out:
987 ringbuf_end_io(&ringbuf->common);
988 if (ret) {
989 return ret;
990 }
991 return ringbuf_send_update_idx(chan);
992 }
993
994 ssize_t vmbus_channel_send_completion(VMBusChanReq *req,
995 void *msg, uint32_t msglen)
996 {
997 assert(req->need_comp);
998 return vmbus_channel_send(req->chan, VMBUS_PACKET_COMP, NULL, 0,
999 msg, msglen, false, req->transaction_id);
1000 }
1001
1002 static int sgl_from_gpa_ranges(QEMUSGList *sgl, VMBusDevice *dev,
1003 VMBusRingBufCommon *ringbuf, uint32_t len)
1004 {
1005 int ret;
1006 vmbus_pkt_gpa_direct hdr;
1007 hwaddr curaddr = 0;
1008 hwaddr curlen = 0;
1009 int num;
1010
1011 if (len < sizeof(hdr)) {
1012 return -EIO;
1013 }
1014 ret = ringbuf_io(ringbuf, &hdr, sizeof(hdr));
1015 if (ret < 0) {
1016 return ret;
1017 }
1018 len -= sizeof(hdr);
1019
1020 num = (len - hdr.rangecount * sizeof(vmbus_gpa_range)) / sizeof(uint64_t);
1021 if (num < 0) {
1022 return -EIO;
1023 }
1024 qemu_sglist_init(sgl, DEVICE(dev), num, ringbuf->as);
1025
1026 for (; hdr.rangecount; hdr.rangecount--) {
1027 vmbus_gpa_range range;
1028
1029 if (len < sizeof(range)) {
1030 goto eio;
1031 }
1032 ret = ringbuf_io(ringbuf, &range, sizeof(range));
1033 if (ret < 0) {
1034 goto err;
1035 }
1036 len -= sizeof(range);
1037
1038 if (range.byte_offset & TARGET_PAGE_MASK) {
1039 goto eio;
1040 }
1041
1042 for (; range.byte_count; range.byte_offset = 0) {
1043 uint64_t paddr;
1044 uint32_t plen = MIN(range.byte_count,
1045 TARGET_PAGE_SIZE - range.byte_offset);
1046
1047 if (len < sizeof(uint64_t)) {
1048 goto eio;
1049 }
1050 ret = ringbuf_io(ringbuf, &paddr, sizeof(paddr));
1051 if (ret < 0) {
1052 goto err;
1053 }
1054 len -= sizeof(uint64_t);
1055 paddr <<= TARGET_PAGE_BITS;
1056 paddr |= range.byte_offset;
1057 range.byte_count -= plen;
1058
1059 if (curaddr + curlen == paddr) {
1060 /* consecutive fragments - join */
1061 curlen += plen;
1062 } else {
1063 if (curlen) {
1064 qemu_sglist_add(sgl, curaddr, curlen);
1065 }
1066
1067 curaddr = paddr;
1068 curlen = plen;
1069 }
1070 }
1071 }
1072
1073 if (curlen) {
1074 qemu_sglist_add(sgl, curaddr, curlen);
1075 }
1076
1077 return 0;
1078 eio:
1079 ret = -EIO;
1080 err:
1081 qemu_sglist_destroy(sgl);
1082 return ret;
1083 }
1084
1085 static VMBusChanReq *vmbus_alloc_req(VMBusChannel *chan,
1086 uint32_t size, uint16_t pkt_type,
1087 uint32_t msglen, uint64_t transaction_id,
1088 bool need_comp)
1089 {
1090 VMBusChanReq *req;
1091 uint32_t msgoff = QEMU_ALIGN_UP(size, __alignof__(*req->msg));
1092 uint32_t totlen = msgoff + msglen;
1093
1094 req = g_malloc0(totlen);
1095 req->chan = chan;
1096 req->pkt_type = pkt_type;
1097 req->msg = (void *)req + msgoff;
1098 req->msglen = msglen;
1099 req->transaction_id = transaction_id;
1100 req->need_comp = need_comp;
1101 return req;
1102 }
1103
1104 int vmbus_channel_recv_start(VMBusChannel *chan)
1105 {
1106 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1107 vmbus_ring_buffer *rb;
1108
1109 rb = ringbuf_map_hdr(&ringbuf->common);
1110 if (!rb) {
1111 return -EFAULT;
1112 }
1113 ringbuf->last_seen_wr_idx = rb->write_index;
1114 ringbuf_unmap_hdr(&ringbuf->common, rb, false);
1115
1116 if (ringbuf->last_seen_wr_idx >= ringbuf->common.len) {
1117 return -EOVERFLOW;
1118 }
1119
1120 /* prevent reorder of the following data operation with write_index read */
1121 smp_mb(); /* barrier pair [C] */
1122 return 0;
1123 }
1124
1125 void *vmbus_channel_recv_peek(VMBusChannel *chan, uint32_t size)
1126 {
1127 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1128 vmbus_packet_hdr hdr = {};
1129 VMBusChanReq *req;
1130 uint32_t avail;
1131 uint32_t totlen, pktlen, msglen, msgoff, desclen;
1132
1133 assert(size >= sizeof(*req));
1134
1135 /* safe as last_seen_wr_idx is validated in vmbus_channel_recv_start */
1136 avail = rb_idx_delta(ringbuf->rd_idx, ringbuf->last_seen_wr_idx,
1137 ringbuf->common.len, true);
1138 if (avail < sizeof(hdr)) {
1139 return NULL;
1140 }
1141
1142 ringbuf_seek(&ringbuf->common, ringbuf->rd_idx);
1143 if (ringbuf_io(&ringbuf->common, &hdr, sizeof(hdr)) < 0) {
1144 return NULL;
1145 }
1146
1147 pktlen = hdr.len_qwords * sizeof(uint64_t);
1148 totlen = pktlen + VMBUS_PKT_TRAILER;
1149 if (totlen > avail) {
1150 return NULL;
1151 }
1152
1153 msgoff = hdr.offset_qwords * sizeof(uint64_t);
1154 if (msgoff > pktlen || msgoff < sizeof(hdr)) {
1155 error_report("%s: malformed packet: %u %u", __func__, msgoff, pktlen);
1156 return NULL;
1157 }
1158
1159 msglen = pktlen - msgoff;
1160
1161 req = vmbus_alloc_req(chan, size, hdr.type, msglen, hdr.transaction_id,
1162 hdr.flags & VMBUS_PACKET_FLAG_REQUEST_COMPLETION);
1163
1164 switch (hdr.type) {
1165 case VMBUS_PACKET_DATA_USING_GPA_DIRECT:
1166 desclen = msgoff - sizeof(hdr);
1167 if (sgl_from_gpa_ranges(&req->sgl, chan->dev, &ringbuf->common,
1168 desclen) < 0) {
1169 error_report("%s: failed to convert GPA ranges to SGL", __func__);
1170 goto free_req;
1171 }
1172 break;
1173 case VMBUS_PACKET_DATA_INBAND:
1174 case VMBUS_PACKET_COMP:
1175 break;
1176 default:
1177 error_report("%s: unexpected msg type: %x", __func__, hdr.type);
1178 goto free_req;
1179 }
1180
1181 ringbuf_seek(&ringbuf->common, ringbuf->rd_idx + msgoff);
1182 if (ringbuf_io(&ringbuf->common, req->msg, msglen) < 0) {
1183 goto free_req;
1184 }
1185 ringbuf_seek(&ringbuf->common, ringbuf->rd_idx + totlen);
1186
1187 return req;
1188 free_req:
1189 vmbus_free_req(req);
1190 return NULL;
1191 }
1192
1193 void vmbus_channel_recv_pop(VMBusChannel *chan)
1194 {
1195 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1196 ringbuf->rd_idx = ringbuf_tell(&ringbuf->common);
1197 }
1198
1199 ssize_t vmbus_channel_recv_done(VMBusChannel *chan)
1200 {
1201 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1202 vmbus_ring_buffer *rb;
1203 uint32_t read;
1204
1205 read = rb_idx_delta(ringbuf->last_rd_idx, ringbuf->rd_idx,
1206 ringbuf->common.len, true);
1207 if (!read) {
1208 return 0;
1209 }
1210
1211 rb = ringbuf_map_hdr(&ringbuf->common);
1212 if (!rb) {
1213 return -EFAULT;
1214 }
1215
1216 /* prevent reorder with the data operation and packet read */
1217 smp_mb(); /* barrier pair [B] */
1218 rb->read_index = ringbuf->rd_idx;
1219
1220 /* prevent reorder of the following pending_send_sz read */
1221 smp_mb(); /* barrier pair [A] */
1222
1223 if (rb->interrupt_mask) {
1224 goto out;
1225 }
1226
1227 if (rb->feature_bits & VMBUS_RING_BUFFER_FEAT_PENDING_SZ) {
1228 uint32_t wr_idx, wr_avail;
1229 uint32_t wanted = rb->pending_send_sz;
1230
1231 if (!wanted) {
1232 goto out;
1233 }
1234
1235 /* prevent reorder with pending_send_sz read */
1236 smp_rmb(); /* barrier pair [D] */
1237 wr_idx = rb->write_index;
1238
1239 wr_avail = rb_idx_delta(wr_idx, ringbuf->rd_idx, ringbuf->common.len,
1240 true);
1241
1242 /* the producer wasn't blocked on the consumer state */
1243 if (wr_avail >= read + wanted) {
1244 goto out;
1245 }
1246 /* there's not enough space for the producer to make progress */
1247 if (wr_avail < wanted) {
1248 goto out;
1249 }
1250 }
1251
1252 vmbus_channel_notify_guest(chan);
1253 out:
1254 ringbuf_unmap_hdr(&ringbuf->common, rb, true);
1255 ringbuf->last_rd_idx = ringbuf->rd_idx;
1256 return read;
1257 }
1258
1259 void vmbus_free_req(void *req)
1260 {
1261 VMBusChanReq *r = req;
1262
1263 if (!req) {
1264 return;
1265 }
1266
1267 if (r->sgl.dev) {
1268 qemu_sglist_destroy(&r->sgl);
1269 }
1270 g_free(req);
1271 }
1272
1273 static const VMStateDescription vmstate_sgent = {
1274 .name = "vmbus/sgentry",
1275 .version_id = 0,
1276 .minimum_version_id = 0,
1277 .fields = (VMStateField[]) {
1278 VMSTATE_UINT64(base, ScatterGatherEntry),
1279 VMSTATE_UINT64(len, ScatterGatherEntry),
1280 VMSTATE_END_OF_LIST()
1281 }
1282 };
1283
1284 typedef struct VMBusChanReqSave {
1285 uint16_t chan_idx;
1286 uint16_t pkt_type;
1287 uint32_t msglen;
1288 void *msg;
1289 uint64_t transaction_id;
1290 bool need_comp;
1291 uint32_t num;
1292 ScatterGatherEntry *sgl;
1293 } VMBusChanReqSave;
1294
1295 static const VMStateDescription vmstate_vmbus_chan_req = {
1296 .name = "vmbus/vmbus_chan_req",
1297 .version_id = 0,
1298 .minimum_version_id = 0,
1299 .fields = (VMStateField[]) {
1300 VMSTATE_UINT16(chan_idx, VMBusChanReqSave),
1301 VMSTATE_UINT16(pkt_type, VMBusChanReqSave),
1302 VMSTATE_UINT32(msglen, VMBusChanReqSave),
1303 VMSTATE_VBUFFER_ALLOC_UINT32(msg, VMBusChanReqSave, 0, NULL, msglen),
1304 VMSTATE_UINT64(transaction_id, VMBusChanReqSave),
1305 VMSTATE_BOOL(need_comp, VMBusChanReqSave),
1306 VMSTATE_UINT32(num, VMBusChanReqSave),
1307 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(sgl, VMBusChanReqSave, num,
1308 vmstate_sgent, ScatterGatherEntry),
1309 VMSTATE_END_OF_LIST()
1310 }
1311 };
1312
1313 void vmbus_save_req(QEMUFile *f, VMBusChanReq *req)
1314 {
1315 VMBusChanReqSave req_save;
1316
1317 req_save.chan_idx = req->chan->subchan_idx;
1318 req_save.pkt_type = req->pkt_type;
1319 req_save.msglen = req->msglen;
1320 req_save.msg = req->msg;
1321 req_save.transaction_id = req->transaction_id;
1322 req_save.need_comp = req->need_comp;
1323 req_save.num = req->sgl.nsg;
1324 req_save.sgl = g_memdup(req->sgl.sg,
1325 req_save.num * sizeof(ScatterGatherEntry));
1326
1327 vmstate_save_state(f, &vmstate_vmbus_chan_req, &req_save, NULL);
1328
1329 g_free(req_save.sgl);
1330 }
1331
1332 void *vmbus_load_req(QEMUFile *f, VMBusDevice *dev, uint32_t size)
1333 {
1334 VMBusChanReqSave req_save;
1335 VMBusChanReq *req = NULL;
1336 VMBusChannel *chan = NULL;
1337 uint32_t i;
1338
1339 vmstate_load_state(f, &vmstate_vmbus_chan_req, &req_save, 0);
1340
1341 if (req_save.chan_idx >= dev->num_channels) {
1342 error_report("%s: %u(chan_idx) > %u(num_channels)", __func__,
1343 req_save.chan_idx, dev->num_channels);
1344 goto out;
1345 }
1346 chan = &dev->channels[req_save.chan_idx];
1347
1348 if (vmbus_channel_reserve(chan, 0, req_save.msglen)) {
1349 goto out;
1350 }
1351
1352 req = vmbus_alloc_req(chan, size, req_save.pkt_type, req_save.msglen,
1353 req_save.transaction_id, req_save.need_comp);
1354 if (req_save.msglen) {
1355 memcpy(req->msg, req_save.msg, req_save.msglen);
1356 }
1357
1358 for (i = 0; i < req_save.num; i++) {
1359 qemu_sglist_add(&req->sgl, req_save.sgl[i].base, req_save.sgl[i].len);
1360 }
1361
1362 out:
1363 if (req_save.msglen) {
1364 g_free(req_save.msg);
1365 }
1366 if (req_save.num) {
1367 g_free(req_save.sgl);
1368 }
1369 return req;
1370 }
1371
1372 static void channel_event_cb(EventNotifier *e)
1373 {
1374 VMBusChannel *chan = container_of(e, VMBusChannel, notifier);
1375 if (event_notifier_test_and_clear(e)) {
1376 /*
1377 * All receives are supposed to happen within the device worker, so
1378 * bracket it with ringbuf_start/end_io on the receive ringbuffer, and
1379 * potentially reuse the cached mapping throughout the worker.
1380 * Can't do this for sends as they may happen outside the device
1381 * worker.
1382 */
1383 VMBusRecvRingBuf *ringbuf = &chan->recv_ringbuf;
1384 ringbuf_start_io(&ringbuf->common);
1385 chan->notify_cb(chan);
1386 ringbuf_end_io(&ringbuf->common);
1387
1388 }
1389 }
1390
1391 static int alloc_chan_id(VMBus *vmbus)
1392 {
1393 int ret;
1394
1395 ret = find_next_zero_bit(vmbus->chanid_bitmap, VMBUS_CHANID_COUNT, 0);
1396 if (ret == VMBUS_CHANID_COUNT) {
1397 return -ENOMEM;
1398 }
1399 return ret + VMBUS_FIRST_CHANID;
1400 }
1401
1402 static int register_chan_id(VMBusChannel *chan)
1403 {
1404 return test_and_set_bit(chan->id - VMBUS_FIRST_CHANID,
1405 chan->vmbus->chanid_bitmap) ? -EEXIST : 0;
1406 }
1407
1408 static void unregister_chan_id(VMBusChannel *chan)
1409 {
1410 clear_bit(chan->id - VMBUS_FIRST_CHANID, chan->vmbus->chanid_bitmap);
1411 }
1412
1413 static uint32_t chan_connection_id(VMBusChannel *chan)
1414 {
1415 return VMBUS_CHAN_CONNECTION_OFFSET + chan->id;
1416 }
1417
1418 static void init_channel(VMBus *vmbus, VMBusDevice *dev, VMBusDeviceClass *vdc,
1419 VMBusChannel *chan, uint16_t idx, Error **errp)
1420 {
1421 int res;
1422
1423 chan->dev = dev;
1424 chan->notify_cb = vdc->chan_notify_cb;
1425 chan->subchan_idx = idx;
1426 chan->vmbus = vmbus;
1427
1428 res = alloc_chan_id(vmbus);
1429 if (res < 0) {
1430 error_setg(errp, "no spare channel id");
1431 return;
1432 }
1433 chan->id = res;
1434 register_chan_id(chan);
1435
1436 /*
1437 * The guest drivers depend on the device subchannels (idx #1+) to be
1438 * offered after the primary channel (idx #0) of that device. To ensure
1439 * that, record the channels on the channel list in the order they appear
1440 * within the device.
1441 */
1442 QTAILQ_INSERT_TAIL(&vmbus->channel_list, chan, link);
1443 }
1444
1445 static void deinit_channel(VMBusChannel *chan)
1446 {
1447 assert(chan->state == VMCHAN_INIT);
1448 QTAILQ_REMOVE(&chan->vmbus->channel_list, chan, link);
1449 unregister_chan_id(chan);
1450 }
1451
1452 static void create_channels(VMBus *vmbus, VMBusDevice *dev, Error **errp)
1453 {
1454 uint16_t i;
1455 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(dev);
1456 Error *err = NULL;
1457
1458 dev->num_channels = vdc->num_channels ? vdc->num_channels(dev) : 1;
1459 if (dev->num_channels < 1) {
1460 error_setg(errp, "invalid #channels: %u", dev->num_channels);
1461 return;
1462 }
1463
1464 dev->channels = g_new0(VMBusChannel, dev->num_channels);
1465 for (i = 0; i < dev->num_channels; i++) {
1466 init_channel(vmbus, dev, vdc, &dev->channels[i], i, &err);
1467 if (err) {
1468 goto err_init;
1469 }
1470 }
1471
1472 return;
1473
1474 err_init:
1475 while (i--) {
1476 deinit_channel(&dev->channels[i]);
1477 }
1478 error_propagate(errp, err);
1479 }
1480
1481 static void free_channels(VMBusDevice *dev)
1482 {
1483 uint16_t i;
1484 for (i = 0; i < dev->num_channels; i++) {
1485 deinit_channel(&dev->channels[i]);
1486 }
1487 g_free(dev->channels);
1488 }
1489
1490 static HvSintRoute *make_sint_route(VMBus *vmbus, uint32_t vp_index)
1491 {
1492 VMBusChannel *chan;
1493
1494 if (vp_index == vmbus->target_vp) {
1495 hyperv_sint_route_ref(vmbus->sint_route);
1496 return vmbus->sint_route;
1497 }
1498
1499 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1500 if (chan->target_vp == vp_index && vmbus_channel_is_open(chan)) {
1501 hyperv_sint_route_ref(chan->notify_route);
1502 return chan->notify_route;
1503 }
1504 }
1505
1506 return hyperv_sint_route_new(vp_index, VMBUS_SINT, NULL, NULL);
1507 }
1508
1509 static void open_channel(VMBusChannel *chan)
1510 {
1511 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(chan->dev);
1512
1513 chan->gpadl = vmbus_get_gpadl(chan, chan->ringbuf_gpadl);
1514 if (!chan->gpadl) {
1515 return;
1516 }
1517
1518 if (ringbufs_init(chan)) {
1519 goto put_gpadl;
1520 }
1521
1522 if (event_notifier_init(&chan->notifier, 0)) {
1523 goto put_gpadl;
1524 }
1525
1526 event_notifier_set_handler(&chan->notifier, channel_event_cb);
1527
1528 if (hyperv_set_event_flag_handler(chan_connection_id(chan),
1529 &chan->notifier)) {
1530 goto cleanup_notifier;
1531 }
1532
1533 chan->notify_route = make_sint_route(chan->vmbus, chan->target_vp);
1534 if (!chan->notify_route) {
1535 goto clear_event_flag_handler;
1536 }
1537
1538 if (vdc->open_channel && vdc->open_channel(chan)) {
1539 goto unref_sint_route;
1540 }
1541
1542 chan->is_open = true;
1543 return;
1544
1545 unref_sint_route:
1546 hyperv_sint_route_unref(chan->notify_route);
1547 clear_event_flag_handler:
1548 hyperv_set_event_flag_handler(chan_connection_id(chan), NULL);
1549 cleanup_notifier:
1550 event_notifier_set_handler(&chan->notifier, NULL);
1551 event_notifier_cleanup(&chan->notifier);
1552 put_gpadl:
1553 vmbus_put_gpadl(chan->gpadl);
1554 }
1555
1556 static void close_channel(VMBusChannel *chan)
1557 {
1558 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(chan->dev);
1559
1560 if (!chan->is_open) {
1561 return;
1562 }
1563
1564 if (vdc->close_channel) {
1565 vdc->close_channel(chan);
1566 }
1567
1568 hyperv_sint_route_unref(chan->notify_route);
1569 hyperv_set_event_flag_handler(chan_connection_id(chan), NULL);
1570 event_notifier_set_handler(&chan->notifier, NULL);
1571 event_notifier_cleanup(&chan->notifier);
1572 vmbus_put_gpadl(chan->gpadl);
1573 chan->is_open = false;
1574 }
1575
1576 static int channel_post_load(void *opaque, int version_id)
1577 {
1578 VMBusChannel *chan = opaque;
1579
1580 return register_chan_id(chan);
1581 }
1582
1583 static const VMStateDescription vmstate_channel = {
1584 .name = "vmbus/channel",
1585 .version_id = 0,
1586 .minimum_version_id = 0,
1587 .post_load = channel_post_load,
1588 .fields = (VMStateField[]) {
1589 VMSTATE_UINT32(id, VMBusChannel),
1590 VMSTATE_UINT16(subchan_idx, VMBusChannel),
1591 VMSTATE_UINT32(open_id, VMBusChannel),
1592 VMSTATE_UINT32(target_vp, VMBusChannel),
1593 VMSTATE_UINT32(ringbuf_gpadl, VMBusChannel),
1594 VMSTATE_UINT32(ringbuf_send_offset, VMBusChannel),
1595 VMSTATE_UINT8(offer_state, VMBusChannel),
1596 VMSTATE_UINT8(state, VMBusChannel),
1597 VMSTATE_END_OF_LIST()
1598 }
1599 };
1600
1601 static VMBusChannel *find_channel(VMBus *vmbus, uint32_t id)
1602 {
1603 VMBusChannel *chan;
1604 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1605 if (chan->id == id) {
1606 return chan;
1607 }
1608 }
1609 return NULL;
1610 }
1611
1612 static int enqueue_incoming_message(VMBus *vmbus,
1613 const struct hyperv_post_message_input *msg)
1614 {
1615 int ret = 0;
1616 uint8_t idx, prev_size;
1617
1618 qemu_mutex_lock(&vmbus->rx_queue_lock);
1619
1620 if (vmbus->rx_queue_size == HV_MSG_QUEUE_LEN) {
1621 ret = -ENOBUFS;
1622 goto out;
1623 }
1624
1625 prev_size = vmbus->rx_queue_size;
1626 idx = (vmbus->rx_queue_head + vmbus->rx_queue_size) % HV_MSG_QUEUE_LEN;
1627 memcpy(&vmbus->rx_queue[idx], msg, sizeof(*msg));
1628 vmbus->rx_queue_size++;
1629
1630 /* only need to resched if the queue was empty before */
1631 if (!prev_size) {
1632 vmbus_resched(vmbus);
1633 }
1634 out:
1635 qemu_mutex_unlock(&vmbus->rx_queue_lock);
1636 return ret;
1637 }
1638
1639 static uint16_t vmbus_recv_message(const struct hyperv_post_message_input *msg,
1640 void *data)
1641 {
1642 VMBus *vmbus = data;
1643 struct vmbus_message_header *vmbus_msg;
1644
1645 if (msg->message_type != HV_MESSAGE_VMBUS) {
1646 return HV_STATUS_INVALID_HYPERCALL_INPUT;
1647 }
1648
1649 if (msg->payload_size < sizeof(struct vmbus_message_header)) {
1650 return HV_STATUS_INVALID_HYPERCALL_INPUT;
1651 }
1652
1653 vmbus_msg = (struct vmbus_message_header *)msg->payload;
1654
1655 trace_vmbus_recv_message(vmbus_msg->message_type, msg->payload_size);
1656
1657 if (vmbus_msg->message_type == VMBUS_MSG_INVALID ||
1658 vmbus_msg->message_type >= VMBUS_MSG_COUNT) {
1659 error_report("vmbus: unknown message type %#x",
1660 vmbus_msg->message_type);
1661 return HV_STATUS_INVALID_HYPERCALL_INPUT;
1662 }
1663
1664 if (enqueue_incoming_message(vmbus, msg)) {
1665 return HV_STATUS_INSUFFICIENT_BUFFERS;
1666 }
1667 return HV_STATUS_SUCCESS;
1668 }
1669
1670 static bool vmbus_initialized(VMBus *vmbus)
1671 {
1672 return vmbus->version > 0 && vmbus->version <= VMBUS_VERSION_CURRENT;
1673 }
1674
1675 static void vmbus_reset_all(VMBus *vmbus)
1676 {
1677 qbus_reset_all(BUS(vmbus));
1678 }
1679
1680 static void post_msg(VMBus *vmbus, void *msgdata, uint32_t msglen)
1681 {
1682 int ret;
1683 struct hyperv_message msg = {
1684 .header.message_type = HV_MESSAGE_VMBUS,
1685 };
1686
1687 assert(!vmbus->msg_in_progress);
1688 assert(msglen <= sizeof(msg.payload));
1689 assert(msglen >= sizeof(struct vmbus_message_header));
1690
1691 vmbus->msg_in_progress = true;
1692
1693 trace_vmbus_post_msg(((struct vmbus_message_header *)msgdata)->message_type,
1694 msglen);
1695
1696 memcpy(msg.payload, msgdata, msglen);
1697 msg.header.payload_size = ROUND_UP(msglen, VMBUS_MESSAGE_SIZE_ALIGN);
1698
1699 ret = hyperv_post_msg(vmbus->sint_route, &msg);
1700 if (ret == 0 || ret == -EAGAIN) {
1701 return;
1702 }
1703
1704 error_report("message delivery fatal failure: %d; aborting vmbus", ret);
1705 vmbus_reset_all(vmbus);
1706 }
1707
1708 static int vmbus_init(VMBus *vmbus)
1709 {
1710 if (vmbus->target_vp != (uint32_t)-1) {
1711 vmbus->sint_route = hyperv_sint_route_new(vmbus->target_vp, VMBUS_SINT,
1712 vmbus_msg_cb, vmbus);
1713 if (!vmbus->sint_route) {
1714 error_report("failed to set up SINT route");
1715 return -ENOMEM;
1716 }
1717 }
1718 return 0;
1719 }
1720
1721 static void vmbus_deinit(VMBus *vmbus)
1722 {
1723 VMBusGpadl *gpadl, *tmp_gpadl;
1724 VMBusChannel *chan;
1725
1726 QTAILQ_FOREACH_SAFE(gpadl, &vmbus->gpadl_list, link, tmp_gpadl) {
1727 if (gpadl->state == VMGPADL_TORNDOWN) {
1728 continue;
1729 }
1730 vmbus_put_gpadl(gpadl);
1731 }
1732
1733 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1734 chan->offer_state = VMOFFER_INIT;
1735 }
1736
1737 hyperv_sint_route_unref(vmbus->sint_route);
1738 vmbus->sint_route = NULL;
1739 vmbus->int_page_gpa = 0;
1740 vmbus->target_vp = (uint32_t)-1;
1741 vmbus->version = 0;
1742 vmbus->state = VMBUS_LISTEN;
1743 vmbus->msg_in_progress = false;
1744 }
1745
1746 static void handle_initiate_contact(VMBus *vmbus,
1747 vmbus_message_initiate_contact *msg,
1748 uint32_t msglen)
1749 {
1750 if (msglen < sizeof(*msg)) {
1751 return;
1752 }
1753
1754 trace_vmbus_initiate_contact(msg->version_requested >> 16,
1755 msg->version_requested & 0xffff,
1756 msg->target_vcpu, msg->monitor_page1,
1757 msg->monitor_page2, msg->interrupt_page);
1758
1759 /*
1760 * Reset vmbus on INITIATE_CONTACT regardless of its previous state.
1761 * Useful, in particular, with vmbus-aware BIOS which can't shut vmbus down
1762 * before handing over to OS loader.
1763 */
1764 vmbus_reset_all(vmbus);
1765
1766 vmbus->target_vp = msg->target_vcpu;
1767 vmbus->version = msg->version_requested;
1768 if (vmbus->version < VMBUS_VERSION_WIN8) {
1769 /* linux passes interrupt page even when it doesn't need it */
1770 vmbus->int_page_gpa = msg->interrupt_page;
1771 }
1772 vmbus->state = VMBUS_HANDSHAKE;
1773
1774 if (vmbus_init(vmbus)) {
1775 error_report("failed to init vmbus; aborting");
1776 vmbus_deinit(vmbus);
1777 return;
1778 }
1779 }
1780
1781 static void send_handshake(VMBus *vmbus)
1782 {
1783 struct vmbus_message_version_response msg = {
1784 .header.message_type = VMBUS_MSG_VERSION_RESPONSE,
1785 .version_supported = vmbus_initialized(vmbus),
1786 };
1787
1788 post_msg(vmbus, &msg, sizeof(msg));
1789 }
1790
1791 static void handle_request_offers(VMBus *vmbus, void *msgdata, uint32_t msglen)
1792 {
1793 VMBusChannel *chan;
1794
1795 if (!vmbus_initialized(vmbus)) {
1796 return;
1797 }
1798
1799 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1800 if (chan->offer_state == VMOFFER_INIT) {
1801 chan->offer_state = VMOFFER_SENDING;
1802 break;
1803 }
1804 }
1805
1806 vmbus->state = VMBUS_OFFER;
1807 }
1808
1809 static void send_offer(VMBus *vmbus)
1810 {
1811 VMBusChannel *chan;
1812 struct vmbus_message_header alloffers_msg = {
1813 .message_type = VMBUS_MSG_ALLOFFERS_DELIVERED,
1814 };
1815
1816 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1817 if (chan->offer_state == VMOFFER_SENDING) {
1818 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(chan->dev);
1819 /* Hyper-V wants LE GUIDs */
1820 QemuUUID classid = qemu_uuid_bswap(vdc->classid);
1821 QemuUUID instanceid = qemu_uuid_bswap(chan->dev->instanceid);
1822 struct vmbus_message_offer_channel msg = {
1823 .header.message_type = VMBUS_MSG_OFFERCHANNEL,
1824 .child_relid = chan->id,
1825 .connection_id = chan_connection_id(chan),
1826 .channel_flags = vdc->channel_flags,
1827 .mmio_size_mb = vdc->mmio_size_mb,
1828 .sub_channel_index = vmbus_channel_idx(chan),
1829 .interrupt_flags = VMBUS_OFFER_INTERRUPT_DEDICATED,
1830 };
1831
1832 memcpy(msg.type_uuid, &classid, sizeof(classid));
1833 memcpy(msg.instance_uuid, &instanceid, sizeof(instanceid));
1834
1835 trace_vmbus_send_offer(chan->id, chan->dev);
1836
1837 post_msg(vmbus, &msg, sizeof(msg));
1838 return;
1839 }
1840 }
1841
1842 /* no more offers, send terminator message */
1843 trace_vmbus_terminate_offers();
1844 post_msg(vmbus, &alloffers_msg, sizeof(alloffers_msg));
1845 }
1846
1847 static bool complete_offer(VMBus *vmbus)
1848 {
1849 VMBusChannel *chan;
1850
1851 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1852 if (chan->offer_state == VMOFFER_SENDING) {
1853 chan->offer_state = VMOFFER_SENT;
1854 goto next_offer;
1855 }
1856 }
1857 /*
1858 * no transitioning channels found so this is completing the terminator
1859 * message, and vmbus can move to the next state
1860 */
1861 return true;
1862
1863 next_offer:
1864 /* try to mark another channel for offering */
1865 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
1866 if (chan->offer_state == VMOFFER_INIT) {
1867 chan->offer_state = VMOFFER_SENDING;
1868 break;
1869 }
1870 }
1871 /*
1872 * if an offer has been sent there are more offers or the terminator yet to
1873 * send, so no state transition for vmbus
1874 */
1875 return false;
1876 }
1877
1878
1879 static void handle_gpadl_header(VMBus *vmbus, vmbus_message_gpadl_header *msg,
1880 uint32_t msglen)
1881 {
1882 VMBusGpadl *gpadl;
1883 uint32_t num_gfns, i;
1884
1885 /* must include at least one gpa range */
1886 if (msglen < sizeof(*msg) + sizeof(msg->range[0]) ||
1887 !vmbus_initialized(vmbus)) {
1888 return;
1889 }
1890
1891 num_gfns = (msg->range_buflen - msg->rangecount * sizeof(msg->range[0])) /
1892 sizeof(msg->range[0].pfn_array[0]);
1893
1894 trace_vmbus_gpadl_header(msg->gpadl_id, num_gfns);
1895
1896 /*
1897 * In theory the GPADL_HEADER message can define a GPADL with multiple GPA
1898 * ranges each with arbitrary size and alignment. However in practice only
1899 * single-range page-aligned GPADLs have been observed so just ignore
1900 * anything else and simplify things greatly.
1901 */
1902 if (msg->rangecount != 1 || msg->range[0].byte_offset ||
1903 (msg->range[0].byte_count != (num_gfns << TARGET_PAGE_BITS))) {
1904 return;
1905 }
1906
1907 /* ignore requests to create already existing GPADLs */
1908 if (find_gpadl(vmbus, msg->gpadl_id)) {
1909 return;
1910 }
1911
1912 gpadl = create_gpadl(vmbus, msg->gpadl_id, msg->child_relid, num_gfns);
1913
1914 for (i = 0; i < num_gfns &&
1915 (void *)&msg->range[0].pfn_array[i + 1] <= (void *)msg + msglen;
1916 i++) {
1917 gpadl->gfns[gpadl->seen_gfns++] = msg->range[0].pfn_array[i];
1918 }
1919
1920 if (gpadl_full(gpadl)) {
1921 vmbus->state = VMBUS_CREATE_GPADL;
1922 }
1923 }
1924
1925 static void handle_gpadl_body(VMBus *vmbus, vmbus_message_gpadl_body *msg,
1926 uint32_t msglen)
1927 {
1928 VMBusGpadl *gpadl;
1929 uint32_t num_gfns_left, i;
1930
1931 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
1932 return;
1933 }
1934
1935 trace_vmbus_gpadl_body(msg->gpadl_id);
1936
1937 gpadl = find_gpadl(vmbus, msg->gpadl_id);
1938 if (!gpadl) {
1939 return;
1940 }
1941
1942 num_gfns_left = gpadl->num_gfns - gpadl->seen_gfns;
1943 assert(num_gfns_left);
1944
1945 for (i = 0; i < num_gfns_left &&
1946 (void *)&msg->pfn_array[i + 1] <= (void *)msg + msglen; i++) {
1947 gpadl->gfns[gpadl->seen_gfns++] = msg->pfn_array[i];
1948 }
1949
1950 if (gpadl_full(gpadl)) {
1951 vmbus->state = VMBUS_CREATE_GPADL;
1952 }
1953 }
1954
1955 static void send_create_gpadl(VMBus *vmbus)
1956 {
1957 VMBusGpadl *gpadl;
1958
1959 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
1960 if (gpadl_full(gpadl) && gpadl->state == VMGPADL_INIT) {
1961 struct vmbus_message_gpadl_created msg = {
1962 .header.message_type = VMBUS_MSG_GPADL_CREATED,
1963 .gpadl_id = gpadl->id,
1964 .child_relid = gpadl->child_relid,
1965 };
1966
1967 trace_vmbus_gpadl_created(gpadl->id);
1968 post_msg(vmbus, &msg, sizeof(msg));
1969 return;
1970 }
1971 }
1972
1973 assert(false);
1974 }
1975
1976 static bool complete_create_gpadl(VMBus *vmbus)
1977 {
1978 VMBusGpadl *gpadl;
1979
1980 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
1981 if (gpadl_full(gpadl) && gpadl->state == VMGPADL_INIT) {
1982 gpadl->state = VMGPADL_ALIVE;
1983
1984 return true;
1985 }
1986 }
1987
1988 assert(false);
1989 return false;
1990 }
1991
1992 static void handle_gpadl_teardown(VMBus *vmbus,
1993 vmbus_message_gpadl_teardown *msg,
1994 uint32_t msglen)
1995 {
1996 VMBusGpadl *gpadl;
1997
1998 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
1999 return;
2000 }
2001
2002 trace_vmbus_gpadl_teardown(msg->gpadl_id);
2003
2004 gpadl = find_gpadl(vmbus, msg->gpadl_id);
2005 if (!gpadl || gpadl->state == VMGPADL_TORNDOWN) {
2006 return;
2007 }
2008
2009 gpadl->state = VMGPADL_TEARINGDOWN;
2010 vmbus->state = VMBUS_TEARDOWN_GPADL;
2011 }
2012
2013 static void send_teardown_gpadl(VMBus *vmbus)
2014 {
2015 VMBusGpadl *gpadl;
2016
2017 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
2018 if (gpadl->state == VMGPADL_TEARINGDOWN) {
2019 struct vmbus_message_gpadl_torndown msg = {
2020 .header.message_type = VMBUS_MSG_GPADL_TORNDOWN,
2021 .gpadl_id = gpadl->id,
2022 };
2023
2024 trace_vmbus_gpadl_torndown(gpadl->id);
2025 post_msg(vmbus, &msg, sizeof(msg));
2026 return;
2027 }
2028 }
2029
2030 assert(false);
2031 }
2032
2033 static bool complete_teardown_gpadl(VMBus *vmbus)
2034 {
2035 VMBusGpadl *gpadl;
2036
2037 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
2038 if (gpadl->state == VMGPADL_TEARINGDOWN) {
2039 gpadl->state = VMGPADL_TORNDOWN;
2040 vmbus_put_gpadl(gpadl);
2041 return true;
2042 }
2043 }
2044
2045 assert(false);
2046 return false;
2047 }
2048
2049 static void handle_open_channel(VMBus *vmbus, vmbus_message_open_channel *msg,
2050 uint32_t msglen)
2051 {
2052 VMBusChannel *chan;
2053
2054 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
2055 return;
2056 }
2057
2058 trace_vmbus_open_channel(msg->child_relid, msg->ring_buffer_gpadl_id,
2059 msg->target_vp);
2060 chan = find_channel(vmbus, msg->child_relid);
2061 if (!chan || chan->state != VMCHAN_INIT) {
2062 return;
2063 }
2064
2065 chan->ringbuf_gpadl = msg->ring_buffer_gpadl_id;
2066 chan->ringbuf_send_offset = msg->ring_buffer_offset;
2067 chan->target_vp = msg->target_vp;
2068 chan->open_id = msg->open_id;
2069
2070 open_channel(chan);
2071
2072 chan->state = VMCHAN_OPENING;
2073 vmbus->state = VMBUS_OPEN_CHANNEL;
2074 }
2075
2076 static void send_open_channel(VMBus *vmbus)
2077 {
2078 VMBusChannel *chan;
2079
2080 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2081 if (chan->state == VMCHAN_OPENING) {
2082 struct vmbus_message_open_result msg = {
2083 .header.message_type = VMBUS_MSG_OPENCHANNEL_RESULT,
2084 .child_relid = chan->id,
2085 .open_id = chan->open_id,
2086 .status = !vmbus_channel_is_open(chan),
2087 };
2088
2089 trace_vmbus_channel_open(chan->id, msg.status);
2090 post_msg(vmbus, &msg, sizeof(msg));
2091 return;
2092 }
2093 }
2094
2095 assert(false);
2096 }
2097
2098 static bool complete_open_channel(VMBus *vmbus)
2099 {
2100 VMBusChannel *chan;
2101
2102 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2103 if (chan->state == VMCHAN_OPENING) {
2104 if (vmbus_channel_is_open(chan)) {
2105 chan->state = VMCHAN_OPEN;
2106 /*
2107 * simulate guest notification of ringbuffer space made
2108 * available, for the channel protocols where the host
2109 * initiates the communication
2110 */
2111 vmbus_channel_notify_host(chan);
2112 } else {
2113 chan->state = VMCHAN_INIT;
2114 }
2115 return true;
2116 }
2117 }
2118
2119 assert(false);
2120 return false;
2121 }
2122
2123 static void vdev_reset_on_close(VMBusDevice *vdev)
2124 {
2125 uint16_t i;
2126
2127 for (i = 0; i < vdev->num_channels; i++) {
2128 if (vmbus_channel_is_open(&vdev->channels[i])) {
2129 return;
2130 }
2131 }
2132
2133 /* all channels closed -- reset device */
2134 qdev_reset_all(DEVICE(vdev));
2135 }
2136
2137 static void handle_close_channel(VMBus *vmbus, vmbus_message_close_channel *msg,
2138 uint32_t msglen)
2139 {
2140 VMBusChannel *chan;
2141
2142 if (msglen < sizeof(*msg) || !vmbus_initialized(vmbus)) {
2143 return;
2144 }
2145
2146 trace_vmbus_close_channel(msg->child_relid);
2147
2148 chan = find_channel(vmbus, msg->child_relid);
2149 if (!chan) {
2150 return;
2151 }
2152
2153 close_channel(chan);
2154 chan->state = VMCHAN_INIT;
2155
2156 vdev_reset_on_close(chan->dev);
2157 }
2158
2159 static void handle_unload(VMBus *vmbus, void *msg, uint32_t msglen)
2160 {
2161 vmbus->state = VMBUS_UNLOAD;
2162 }
2163
2164 static void send_unload(VMBus *vmbus)
2165 {
2166 vmbus_message_header msg = {
2167 .message_type = VMBUS_MSG_UNLOAD_RESPONSE,
2168 };
2169
2170 qemu_mutex_lock(&vmbus->rx_queue_lock);
2171 vmbus->rx_queue_size = 0;
2172 qemu_mutex_unlock(&vmbus->rx_queue_lock);
2173
2174 post_msg(vmbus, &msg, sizeof(msg));
2175 return;
2176 }
2177
2178 static bool complete_unload(VMBus *vmbus)
2179 {
2180 vmbus_reset_all(vmbus);
2181 return true;
2182 }
2183
2184 static void process_message(VMBus *vmbus)
2185 {
2186 struct hyperv_post_message_input *hv_msg;
2187 struct vmbus_message_header *msg;
2188 void *msgdata;
2189 uint32_t msglen;
2190
2191 qemu_mutex_lock(&vmbus->rx_queue_lock);
2192
2193 if (!vmbus->rx_queue_size) {
2194 goto unlock;
2195 }
2196
2197 hv_msg = &vmbus->rx_queue[vmbus->rx_queue_head];
2198 msglen = hv_msg->payload_size;
2199 if (msglen < sizeof(*msg)) {
2200 goto out;
2201 }
2202 msgdata = hv_msg->payload;
2203 msg = (struct vmbus_message_header *)msgdata;
2204
2205 trace_vmbus_process_incoming_message(msg->message_type);
2206
2207 switch (msg->message_type) {
2208 case VMBUS_MSG_INITIATE_CONTACT:
2209 handle_initiate_contact(vmbus, msgdata, msglen);
2210 break;
2211 case VMBUS_MSG_REQUESTOFFERS:
2212 handle_request_offers(vmbus, msgdata, msglen);
2213 break;
2214 case VMBUS_MSG_GPADL_HEADER:
2215 handle_gpadl_header(vmbus, msgdata, msglen);
2216 break;
2217 case VMBUS_MSG_GPADL_BODY:
2218 handle_gpadl_body(vmbus, msgdata, msglen);
2219 break;
2220 case VMBUS_MSG_GPADL_TEARDOWN:
2221 handle_gpadl_teardown(vmbus, msgdata, msglen);
2222 break;
2223 case VMBUS_MSG_OPENCHANNEL:
2224 handle_open_channel(vmbus, msgdata, msglen);
2225 break;
2226 case VMBUS_MSG_CLOSECHANNEL:
2227 handle_close_channel(vmbus, msgdata, msglen);
2228 break;
2229 case VMBUS_MSG_UNLOAD:
2230 handle_unload(vmbus, msgdata, msglen);
2231 break;
2232 default:
2233 error_report("unknown message type %#x", msg->message_type);
2234 break;
2235 }
2236
2237 out:
2238 vmbus->rx_queue_size--;
2239 vmbus->rx_queue_head++;
2240 vmbus->rx_queue_head %= HV_MSG_QUEUE_LEN;
2241
2242 vmbus_resched(vmbus);
2243 unlock:
2244 qemu_mutex_unlock(&vmbus->rx_queue_lock);
2245 }
2246
2247 static const struct {
2248 void (*run)(VMBus *vmbus);
2249 bool (*complete)(VMBus *vmbus);
2250 } state_runner[] = {
2251 [VMBUS_LISTEN] = {process_message, NULL},
2252 [VMBUS_HANDSHAKE] = {send_handshake, NULL},
2253 [VMBUS_OFFER] = {send_offer, complete_offer},
2254 [VMBUS_CREATE_GPADL] = {send_create_gpadl, complete_create_gpadl},
2255 [VMBUS_TEARDOWN_GPADL] = {send_teardown_gpadl, complete_teardown_gpadl},
2256 [VMBUS_OPEN_CHANNEL] = {send_open_channel, complete_open_channel},
2257 [VMBUS_UNLOAD] = {send_unload, complete_unload},
2258 };
2259
2260 static void vmbus_do_run(VMBus *vmbus)
2261 {
2262 if (vmbus->msg_in_progress) {
2263 return;
2264 }
2265
2266 assert(vmbus->state < VMBUS_STATE_MAX);
2267 assert(state_runner[vmbus->state].run);
2268 state_runner[vmbus->state].run(vmbus);
2269 }
2270
2271 static void vmbus_run(void *opaque)
2272 {
2273 VMBus *vmbus = opaque;
2274
2275 /* make sure no recursion happens (e.g. due to recursive aio_poll()) */
2276 if (vmbus->in_progress) {
2277 return;
2278 }
2279
2280 vmbus->in_progress = true;
2281 /*
2282 * FIXME: if vmbus_resched() is called from within vmbus_do_run(), it
2283 * should go *after* the code that can result in aio_poll; otherwise
2284 * reschedules can be missed. No idea how to enforce that.
2285 */
2286 vmbus_do_run(vmbus);
2287 vmbus->in_progress = false;
2288 }
2289
2290 static void vmbus_msg_cb(void *data, int status)
2291 {
2292 VMBus *vmbus = data;
2293 bool (*complete)(VMBus *vmbus);
2294
2295 assert(vmbus->msg_in_progress);
2296
2297 trace_vmbus_msg_cb(status);
2298
2299 if (status == -EAGAIN) {
2300 goto out;
2301 }
2302 if (status) {
2303 error_report("message delivery fatal failure: %d; aborting vmbus",
2304 status);
2305 vmbus_reset_all(vmbus);
2306 return;
2307 }
2308
2309 assert(vmbus->state < VMBUS_STATE_MAX);
2310 complete = state_runner[vmbus->state].complete;
2311 if (!complete || complete(vmbus)) {
2312 vmbus->state = VMBUS_LISTEN;
2313 }
2314 out:
2315 vmbus->msg_in_progress = false;
2316 vmbus_resched(vmbus);
2317 }
2318
2319 static void vmbus_resched(VMBus *vmbus)
2320 {
2321 aio_bh_schedule_oneshot(qemu_get_aio_context(), vmbus_run, vmbus);
2322 }
2323
2324 static void vmbus_signal_event(EventNotifier *e)
2325 {
2326 VMBusChannel *chan;
2327 VMBus *vmbus = container_of(e, VMBus, notifier);
2328 unsigned long *int_map;
2329 hwaddr addr, len;
2330 bool is_dirty = false;
2331
2332 if (!event_notifier_test_and_clear(e)) {
2333 return;
2334 }
2335
2336 trace_vmbus_signal_event();
2337
2338 if (!vmbus->int_page_gpa) {
2339 return;
2340 }
2341
2342 addr = vmbus->int_page_gpa + TARGET_PAGE_SIZE / 2;
2343 len = TARGET_PAGE_SIZE / 2;
2344 int_map = cpu_physical_memory_map(addr, &len, 1);
2345 if (len != TARGET_PAGE_SIZE / 2) {
2346 goto unmap;
2347 }
2348
2349 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2350 if (bitmap_test_and_clear_atomic(int_map, chan->id, 1)) {
2351 if (!vmbus_channel_is_open(chan)) {
2352 continue;
2353 }
2354 vmbus_channel_notify_host(chan);
2355 is_dirty = true;
2356 }
2357 }
2358
2359 unmap:
2360 cpu_physical_memory_unmap(int_map, len, 1, is_dirty);
2361 }
2362
2363 static void vmbus_dev_realize(DeviceState *dev, Error **errp)
2364 {
2365 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2366 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2367 VMBus *vmbus = VMBUS(qdev_get_parent_bus(dev));
2368 BusChild *child;
2369 Error *err = NULL;
2370 char idstr[UUID_FMT_LEN + 1];
2371
2372 assert(!qemu_uuid_is_null(&vdev->instanceid));
2373
2374 /* Check for instance id collision for this class id */
2375 QTAILQ_FOREACH(child, &BUS(vmbus)->children, sibling) {
2376 VMBusDevice *child_dev = VMBUS_DEVICE(child->child);
2377
2378 if (child_dev == vdev) {
2379 continue;
2380 }
2381
2382 if (qemu_uuid_is_equal(&child_dev->instanceid, &vdev->instanceid)) {
2383 qemu_uuid_unparse(&vdev->instanceid, idstr);
2384 error_setg(&err, "duplicate vmbus device instance id %s", idstr);
2385 goto error_out;
2386 }
2387 }
2388
2389 vdev->dma_as = &address_space_memory;
2390
2391 create_channels(vmbus, vdev, &err);
2392 if (err) {
2393 goto error_out;
2394 }
2395
2396 if (vdc->vmdev_realize) {
2397 vdc->vmdev_realize(vdev, &err);
2398 if (err) {
2399 goto err_vdc_realize;
2400 }
2401 }
2402 return;
2403
2404 err_vdc_realize:
2405 free_channels(vdev);
2406 error_out:
2407 error_propagate(errp, err);
2408 }
2409
2410 static void vmbus_dev_reset(DeviceState *dev)
2411 {
2412 uint16_t i;
2413 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2414 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2415
2416 if (vdev->channels) {
2417 for (i = 0; i < vdev->num_channels; i++) {
2418 VMBusChannel *chan = &vdev->channels[i];
2419 close_channel(chan);
2420 chan->state = VMCHAN_INIT;
2421 }
2422 }
2423
2424 if (vdc->vmdev_reset) {
2425 vdc->vmdev_reset(vdev);
2426 }
2427 }
2428
2429 static void vmbus_dev_unrealize(DeviceState *dev)
2430 {
2431 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2432 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2433
2434 if (vdc->vmdev_unrealize) {
2435 vdc->vmdev_unrealize(vdev);
2436 }
2437 free_channels(vdev);
2438 }
2439
2440 static void vmbus_dev_class_init(ObjectClass *klass, void *data)
2441 {
2442 DeviceClass *kdev = DEVICE_CLASS(klass);
2443 kdev->bus_type = TYPE_VMBUS;
2444 kdev->realize = vmbus_dev_realize;
2445 kdev->unrealize = vmbus_dev_unrealize;
2446 kdev->reset = vmbus_dev_reset;
2447 }
2448
2449 static Property vmbus_dev_instanceid =
2450 DEFINE_PROP_UUID("instanceid", VMBusDevice, instanceid);
2451
2452 static void vmbus_dev_instance_init(Object *obj)
2453 {
2454 VMBusDevice *vdev = VMBUS_DEVICE(obj);
2455 VMBusDeviceClass *vdc = VMBUS_DEVICE_GET_CLASS(vdev);
2456
2457 if (!qemu_uuid_is_null(&vdc->instanceid)) {
2458 /* Class wants to only have a single instance with a fixed UUID */
2459 vdev->instanceid = vdc->instanceid;
2460 } else {
2461 qdev_property_add_static(DEVICE(vdev), &vmbus_dev_instanceid);
2462 }
2463 }
2464
2465 const VMStateDescription vmstate_vmbus_dev = {
2466 .name = TYPE_VMBUS_DEVICE,
2467 .version_id = 0,
2468 .minimum_version_id = 0,
2469 .fields = (VMStateField[]) {
2470 VMSTATE_UINT8_ARRAY(instanceid.data, VMBusDevice, 16),
2471 VMSTATE_UINT16(num_channels, VMBusDevice),
2472 VMSTATE_STRUCT_VARRAY_POINTER_UINT16(channels, VMBusDevice,
2473 num_channels, vmstate_channel,
2474 VMBusChannel),
2475 VMSTATE_END_OF_LIST()
2476 }
2477 };
2478
2479 /* vmbus generic device base */
2480 static const TypeInfo vmbus_dev_type_info = {
2481 .name = TYPE_VMBUS_DEVICE,
2482 .parent = TYPE_DEVICE,
2483 .abstract = true,
2484 .instance_size = sizeof(VMBusDevice),
2485 .class_size = sizeof(VMBusDeviceClass),
2486 .class_init = vmbus_dev_class_init,
2487 .instance_init = vmbus_dev_instance_init,
2488 };
2489
2490 static void vmbus_realize(BusState *bus, Error **errp)
2491 {
2492 int ret = 0;
2493 Error *local_err = NULL;
2494 VMBus *vmbus = VMBUS(bus);
2495
2496 qemu_mutex_init(&vmbus->rx_queue_lock);
2497
2498 QTAILQ_INIT(&vmbus->gpadl_list);
2499 QTAILQ_INIT(&vmbus->channel_list);
2500
2501 ret = hyperv_set_msg_handler(VMBUS_MESSAGE_CONNECTION_ID,
2502 vmbus_recv_message, vmbus);
2503 if (ret != 0) {
2504 error_setg(&local_err, "hyperv set message handler failed: %d", ret);
2505 goto error_out;
2506 }
2507
2508 ret = event_notifier_init(&vmbus->notifier, 0);
2509 if (ret != 0) {
2510 error_setg(&local_err, "event notifier failed to init with %d", ret);
2511 goto remove_msg_handler;
2512 }
2513
2514 event_notifier_set_handler(&vmbus->notifier, vmbus_signal_event);
2515 ret = hyperv_set_event_flag_handler(VMBUS_EVENT_CONNECTION_ID,
2516 &vmbus->notifier);
2517 if (ret != 0) {
2518 error_setg(&local_err, "hyperv set event handler failed with %d", ret);
2519 goto clear_event_notifier;
2520 }
2521
2522 return;
2523
2524 clear_event_notifier:
2525 event_notifier_cleanup(&vmbus->notifier);
2526 remove_msg_handler:
2527 hyperv_set_msg_handler(VMBUS_MESSAGE_CONNECTION_ID, NULL, NULL);
2528 error_out:
2529 qemu_mutex_destroy(&vmbus->rx_queue_lock);
2530 error_propagate(errp, local_err);
2531 }
2532
2533 static void vmbus_unrealize(BusState *bus)
2534 {
2535 VMBus *vmbus = VMBUS(bus);
2536
2537 hyperv_set_msg_handler(VMBUS_MESSAGE_CONNECTION_ID, NULL, NULL);
2538 hyperv_set_event_flag_handler(VMBUS_EVENT_CONNECTION_ID, NULL);
2539 event_notifier_cleanup(&vmbus->notifier);
2540
2541 qemu_mutex_destroy(&vmbus->rx_queue_lock);
2542 }
2543
2544 static void vmbus_reset(BusState *bus)
2545 {
2546 vmbus_deinit(VMBUS(bus));
2547 }
2548
2549 static char *vmbus_get_dev_path(DeviceState *dev)
2550 {
2551 BusState *bus = qdev_get_parent_bus(dev);
2552 return qdev_get_dev_path(bus->parent);
2553 }
2554
2555 static char *vmbus_get_fw_dev_path(DeviceState *dev)
2556 {
2557 VMBusDevice *vdev = VMBUS_DEVICE(dev);
2558 char uuid[UUID_FMT_LEN + 1];
2559
2560 qemu_uuid_unparse(&vdev->instanceid, uuid);
2561 return g_strdup_printf("%s@%s", qdev_fw_name(dev), uuid);
2562 }
2563
2564 static void vmbus_class_init(ObjectClass *klass, void *data)
2565 {
2566 BusClass *k = BUS_CLASS(klass);
2567
2568 k->get_dev_path = vmbus_get_dev_path;
2569 k->get_fw_dev_path = vmbus_get_fw_dev_path;
2570 k->realize = vmbus_realize;
2571 k->unrealize = vmbus_unrealize;
2572 k->reset = vmbus_reset;
2573 }
2574
2575 static int vmbus_pre_load(void *opaque)
2576 {
2577 VMBusChannel *chan;
2578 VMBus *vmbus = VMBUS(opaque);
2579
2580 /*
2581 * channel IDs allocated by the source will come in the migration stream
2582 * for each channel, so clean up the ones allocated at realize
2583 */
2584 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2585 unregister_chan_id(chan);
2586 }
2587
2588 return 0;
2589 }
2590 static int vmbus_post_load(void *opaque, int version_id)
2591 {
2592 int ret;
2593 VMBus *vmbus = VMBUS(opaque);
2594 VMBusGpadl *gpadl;
2595 VMBusChannel *chan;
2596
2597 ret = vmbus_init(vmbus);
2598 if (ret) {
2599 return ret;
2600 }
2601
2602 QTAILQ_FOREACH(gpadl, &vmbus->gpadl_list, link) {
2603 gpadl->vmbus = vmbus;
2604 gpadl->refcount = 1;
2605 }
2606
2607 /*
2608 * reopening channels depends on initialized vmbus so it's done here
2609 * instead of channel_post_load()
2610 */
2611 QTAILQ_FOREACH(chan, &vmbus->channel_list, link) {
2612
2613 if (chan->state == VMCHAN_OPENING || chan->state == VMCHAN_OPEN) {
2614 open_channel(chan);
2615 }
2616
2617 if (chan->state != VMCHAN_OPEN) {
2618 continue;
2619 }
2620
2621 if (!vmbus_channel_is_open(chan)) {
2622 /* reopen failed, abort loading */
2623 return -1;
2624 }
2625
2626 /* resume processing on the guest side if it missed the notification */
2627 hyperv_sint_route_set_sint(chan->notify_route);
2628 /* ditto on the host side */
2629 vmbus_channel_notify_host(chan);
2630 }
2631
2632 vmbus_resched(vmbus);
2633 return 0;
2634 }
2635
2636 static const VMStateDescription vmstate_post_message_input = {
2637 .name = "vmbus/hyperv_post_message_input",
2638 .version_id = 0,
2639 .minimum_version_id = 0,
2640 .fields = (VMStateField[]) {
2641 /*
2642 * skip connection_id and message_type as they are validated before
2643 * queueing and ignored on dequeueing
2644 */
2645 VMSTATE_UINT32(payload_size, struct hyperv_post_message_input),
2646 VMSTATE_UINT8_ARRAY(payload, struct hyperv_post_message_input,
2647 HV_MESSAGE_PAYLOAD_SIZE),
2648 VMSTATE_END_OF_LIST()
2649 }
2650 };
2651
2652 static bool vmbus_rx_queue_needed(void *opaque)
2653 {
2654 VMBus *vmbus = VMBUS(opaque);
2655 return vmbus->rx_queue_size;
2656 }
2657
2658 static const VMStateDescription vmstate_rx_queue = {
2659 .name = "vmbus/rx_queue",
2660 .version_id = 0,
2661 .minimum_version_id = 0,
2662 .needed = vmbus_rx_queue_needed,
2663 .fields = (VMStateField[]) {
2664 VMSTATE_UINT8(rx_queue_head, VMBus),
2665 VMSTATE_UINT8(rx_queue_size, VMBus),
2666 VMSTATE_STRUCT_ARRAY(rx_queue, VMBus,
2667 HV_MSG_QUEUE_LEN, 0,
2668 vmstate_post_message_input,
2669 struct hyperv_post_message_input),
2670 VMSTATE_END_OF_LIST()
2671 }
2672 };
2673
2674 static const VMStateDescription vmstate_vmbus = {
2675 .name = TYPE_VMBUS,
2676 .version_id = 0,
2677 .minimum_version_id = 0,
2678 .pre_load = vmbus_pre_load,
2679 .post_load = vmbus_post_load,
2680 .fields = (VMStateField[]) {
2681 VMSTATE_UINT8(state, VMBus),
2682 VMSTATE_UINT32(version, VMBus),
2683 VMSTATE_UINT32(target_vp, VMBus),
2684 VMSTATE_UINT64(int_page_gpa, VMBus),
2685 VMSTATE_QTAILQ_V(gpadl_list, VMBus, 0,
2686 vmstate_gpadl, VMBusGpadl, link),
2687 VMSTATE_END_OF_LIST()
2688 },
2689 .subsections = (const VMStateDescription * []) {
2690 &vmstate_rx_queue,
2691 NULL
2692 }
2693 };
2694
2695 static const TypeInfo vmbus_type_info = {
2696 .name = TYPE_VMBUS,
2697 .parent = TYPE_BUS,
2698 .instance_size = sizeof(VMBus),
2699 .class_init = vmbus_class_init,
2700 };
2701
2702 static void vmbus_bridge_realize(DeviceState *dev, Error **errp)
2703 {
2704 VMBusBridge *bridge = VMBUS_BRIDGE(dev);
2705
2706 /*
2707 * here there's at least one vmbus bridge that is being realized, so
2708 * vmbus_bridge_find can only return NULL if it's not unique
2709 */
2710 if (!vmbus_bridge_find()) {
2711 error_setg(errp, "there can be at most one %s in the system",
2712 TYPE_VMBUS_BRIDGE);
2713 return;
2714 }
2715
2716 if (!hyperv_is_synic_enabled()) {
2717 error_report("VMBus requires usable Hyper-V SynIC and VP_INDEX");
2718 return;
2719 }
2720
2721 bridge->bus = VMBUS(qbus_create(TYPE_VMBUS, dev, "vmbus"));
2722 }
2723
2724 static char *vmbus_bridge_ofw_unit_address(const SysBusDevice *dev)
2725 {
2726 /* there can be only one VMBus */
2727 return g_strdup("0");
2728 }
2729
2730 static const VMStateDescription vmstate_vmbus_bridge = {
2731 .name = TYPE_VMBUS_BRIDGE,
2732 .version_id = 0,
2733 .minimum_version_id = 0,
2734 .fields = (VMStateField[]) {
2735 VMSTATE_STRUCT_POINTER(bus, VMBusBridge, vmstate_vmbus, VMBus),
2736 VMSTATE_END_OF_LIST()
2737 },
2738 };
2739
2740 static Property vmbus_bridge_props[] = {
2741 DEFINE_PROP_UINT8("irq", VMBusBridge, irq, 7),
2742 DEFINE_PROP_END_OF_LIST()
2743 };
2744
2745 static void vmbus_bridge_class_init(ObjectClass *klass, void *data)
2746 {
2747 DeviceClass *k = DEVICE_CLASS(klass);
2748 SysBusDeviceClass *sk = SYS_BUS_DEVICE_CLASS(klass);
2749
2750 k->realize = vmbus_bridge_realize;
2751 k->fw_name = "vmbus";
2752 sk->explicit_ofw_unit_address = vmbus_bridge_ofw_unit_address;
2753 set_bit(DEVICE_CATEGORY_BRIDGE, k->categories);
2754 k->vmsd = &vmstate_vmbus_bridge;
2755 device_class_set_props(k, vmbus_bridge_props);
2756 /* override SysBusDevice's default */
2757 k->user_creatable = true;
2758 }
2759
2760 static const TypeInfo vmbus_bridge_type_info = {
2761 .name = TYPE_VMBUS_BRIDGE,
2762 .parent = TYPE_SYS_BUS_DEVICE,
2763 .instance_size = sizeof(VMBusBridge),
2764 .class_init = vmbus_bridge_class_init,
2765 };
2766
2767 static void vmbus_register_types(void)
2768 {
2769 type_register_static(&vmbus_bridge_type_info);
2770 type_register_static(&vmbus_dev_type_info);
2771 type_register_static(&vmbus_type_info);
2772 }
2773
2774 type_init(vmbus_register_types)