1/*P:500 2 * Just as userspace programs request kernel operations through a system 3 * call, the Guest requests Host operations through a "hypercall". You might 4 * notice this nomenclature doesn't really follow any logic, but the name has 5 * been around for long enough that we're stuck with it. As you'd expect, this 6 * code is basically a one big switch statement. 7:*/ 8 9/* Copyright (C) 2006 Rusty Russell IBM Corporation 10 11 This program is free software; you can redistribute it and/or modify 12 it under the terms of the GNU General Public License as published by 13 the Free Software Foundation; either version 2 of the License, or 14 (at your option) any later version. 15 16 This program is distributed in the hope that it will be useful, 17 but WITHOUT ANY WARRANTY; without even the implied warranty of 18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 GNU General Public License for more details. 20 21 You should have received a copy of the GNU General Public License 22 along with this program; if not, write to the Free Software 23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24*/ 25#include <linux/uaccess.h> 26#include <linux/syscalls.h> 27#include <linux/mm.h> 28#include <linux/ktime.h> 29#include <asm/page.h> 30#include <asm/pgtable.h> 31#include "lg.h" 32 33/*H:120 34 * This is the core hypercall routine: where the Guest gets what it wants. 35 * Or gets killed. Or, in the case of LHCALL_SHUTDOWN, both. 36 */ 37static void do_hcall(struct lg_cpu *cpu, struct hcall_args *args) 38{ 39 switch (args->arg0) { 40 case LHCALL_FLUSH_ASYNC: 41 /* 42 * This call does nothing, except by breaking out of the Guest 43 * it makes us process all the asynchronous hypercalls. 44 */ 45 break; 46 case LHCALL_SEND_INTERRUPTS: 47 /* 48 * This call does nothing too, but by breaking out of the Guest 49 * it makes us process any pending interrupts. 50 */ 51 break; 52 case LHCALL_LGUEST_INIT: 53 /* 54 * You can't get here unless you're already initialized. Don't 55 * do that. 56 */ 57 kill_guest(cpu, "already have lguest_data"); 58 break; 59 case LHCALL_SHUTDOWN: { 60 char msg[128]; 61 /* 62 * Shutdown is such a trivial hypercall that we do it in five 63 * lines right here. 64 * 65 * If the lgread fails, it will call kill_guest() itself; the 66 * kill_guest() with the message will be ignored. 67 */ 68 __lgread(cpu, msg, args->arg1, sizeof(msg)); 69 msg[sizeof(msg)-1] = '\0'; 70 kill_guest(cpu, "CRASH: %s", msg); 71 if (args->arg2 == LGUEST_SHUTDOWN_RESTART) 72 cpu->lg->dead = ERR_PTR(-ERESTART); 73 break; 74 } 75 case LHCALL_FLUSH_TLB: 76 /* FLUSH_TLB comes in two flavors, depending on the argument: */ 77 if (args->arg1) 78 guest_pagetable_clear_all(cpu); 79 else 80 guest_pagetable_flush_user(cpu); 81 break; 82 83 /* 84 * All these calls simply pass the arguments through to the right 85 * routines. 86 */ 87 case LHCALL_NEW_PGTABLE: 88 guest_new_pagetable(cpu, args->arg1); 89 break; 90 case LHCALL_SET_STACK: 91 guest_set_stack(cpu, args->arg1, args->arg2, args->arg3); 92 break; 93 case LHCALL_SET_PTE: 94#ifdef CONFIG_X86_PAE 95 guest_set_pte(cpu, args->arg1, args->arg2, 96 __pte(args->arg3 | (u64)args->arg4 << 32)); 97#else 98 guest_set_pte(cpu, args->arg1, args->arg2, __pte(args->arg3)); 99#endif 100 break; 101 case LHCALL_SET_PGD: 102 guest_set_pgd(cpu->lg, args->arg1, args->arg2); 103 break; 104#ifdef CONFIG_X86_PAE 105 case LHCALL_SET_PMD: 106 guest_set_pmd(cpu->lg, args->arg1, args->arg2); 107 break; 108#endif 109 case LHCALL_SET_CLOCKEVENT: 110 guest_set_clockevent(cpu, args->arg1); 111 break; 112 case LHCALL_TS: 113 /* This sets the TS flag, as we saw used in run_guest(). */ 114 cpu->ts = args->arg1; 115 break; 116 case LHCALL_HALT: 117 /* Similarly, this sets the halted flag for run_guest(). */ 118 cpu->halted = 1; 119 break; 120 case LHCALL_NOTIFY: 121 cpu->pending_notify = args->arg1; 122 break; 123 default: 124 /* It should be an architecture-specific hypercall. */ 125 if (lguest_arch_do_hcall(cpu, args)) 126 kill_guest(cpu, "Bad hypercall %li\n", args->arg0); 127 } 128} 129 130/*H:124 131 * Asynchronous hypercalls are easy: we just look in the array in the 132 * Guest's "struct lguest_data" to see if any new ones are marked "ready". 133 * 134 * We are careful to do these in order: obviously we respect the order the 135 * Guest put them in the ring, but we also promise the Guest that they will 136 * happen before any normal hypercall (which is why we check this before 137 * checking for a normal hcall). 138 */ 139static void do_async_hcalls(struct lg_cpu *cpu) 140{ 141 unsigned int i; 142 u8 st[LHCALL_RING_SIZE]; 143 144 /* For simplicity, we copy the entire call status array in at once. */ 145 if (copy_from_user(&st, &cpu->lg->lguest_data->hcall_status, sizeof(st))) 146 return; 147 148 /* We process "struct lguest_data"s hcalls[] ring once. */ 149 for (i = 0; i < ARRAY_SIZE(st); i++) { 150 struct hcall_args args; 151 /* 152 * We remember where we were up to from last time. This makes 153 * sure that the hypercalls are done in the order the Guest 154 * places them in the ring. 155 */ 156 unsigned int n = cpu->next_hcall; 157 158 /* 0xFF means there's no call here (yet). */ 159 if (st[n] == 0xFF) 160 break; 161 162 /* 163 * OK, we have hypercall. Increment the "next_hcall" cursor, 164 * and wrap back to 0 if we reach the end. 165 */ 166 if (++cpu->next_hcall == LHCALL_RING_SIZE) 167 cpu->next_hcall = 0; 168 169 /* 170 * Copy the hypercall arguments into a local copy of the 171 * hcall_args struct. 172 */ 173 if (copy_from_user(&args, &cpu->lg->lguest_data->hcalls[n], 174 sizeof(struct hcall_args))) { 175 kill_guest(cpu, "Fetching async hypercalls"); 176 break; 177 } 178 179 /* Do the hypercall, same as a normal one. */ 180 do_hcall(cpu, &args); 181 182 /* Mark the hypercall done. */ 183 if (put_user(0xFF, &cpu->lg->lguest_data->hcall_status[n])) { 184 kill_guest(cpu, "Writing result for async hypercall"); 185 break; 186 } 187 188 /* 189 * Stop doing hypercalls if they want to notify the Launcher: 190 * it needs to service this first. 191 */ 192 if (cpu->pending_notify) 193 break; 194 } 195} 196 197/* 198 * Last of all, we look at what happens first of all. The very first time the 199 * Guest makes a hypercall, we end up here to set things up: 200 */ 201static void initialize(struct lg_cpu *cpu) 202{ 203 /* 204 * You can't do anything until you're initialized. The Guest knows the 205 * rules, so we're unforgiving here. 206 */ 207 if (cpu->hcall->arg0 != LHCALL_LGUEST_INIT) { 208 kill_guest(cpu, "hypercall %li before INIT", cpu->hcall->arg0); 209 return; 210 } 211 212 if (lguest_arch_init_hypercalls(cpu)) 213 kill_guest(cpu, "bad guest page %p", cpu->lg->lguest_data); 214 215 /* 216 * The Guest tells us where we're not to deliver interrupts by putting 217 * the range of addresses into "struct lguest_data". 218 */ 219 if (get_user(cpu->lg->noirq_start, &cpu->lg->lguest_data->noirq_start) 220 || get_user(cpu->lg->noirq_end, &cpu->lg->lguest_data->noirq_end)) 221 kill_guest(cpu, "bad guest page %p", cpu->lg->lguest_data); 222 223 /* 224 * We write the current time into the Guest's data page once so it can 225 * set its clock. 226 */ 227 write_timestamp(cpu); 228 229 /* page_tables.c will also do some setup. */ 230 page_table_guest_data_init(cpu); 231 232 /* 233 * This is the one case where the above accesses might have been the 234 * first write to a Guest page. This may have caused a copy-on-write 235 * fault, but the old page might be (read-only) in the Guest 236 * pagetable. 237 */ 238 guest_pagetable_clear_all(cpu); 239} 240/*:*/ 241 242/*M:013 243 * If a Guest reads from a page (so creates a mapping) that it has never 244 * written to, and then the Launcher writes to it (ie. the output of a virtual 245 * device), the Guest will still see the old page. In practice, this never 246 * happens: why would the Guest read a page which it has never written to? But 247 * a similar scenario might one day bite us, so it's worth mentioning. 248 * 249 * Note that if we used a shared anonymous mapping in the Launcher instead of 250 * mapping /dev/zero private, we wouldn't worry about cop-on-write. And we 251 * need that to switch the Launcher to processes (away from threads) anyway. 252:*/ 253 254/*H:100 255 * Hypercalls 256 * 257 * Remember from the Guest, hypercalls come in two flavors: normal and 258 * asynchronous. This file handles both of types. 259 */ 260void do_hypercalls(struct lg_cpu *cpu) 261{ 262 /* Not initialized yet? This hypercall must do it. */ 263 if (unlikely(!cpu->lg->lguest_data)) { 264 /* Set up the "struct lguest_data" */ 265 initialize(cpu); 266 /* Hcall is done. */ 267 cpu->hcall = NULL; 268 return; 269 } 270 271 /* 272 * The Guest has initialized. 273 * 274 * Look in the hypercall ring for the async hypercalls: 275 */ 276 do_async_hcalls(cpu); 277 278 /* 279 * If we stopped reading the hypercall ring because the Guest did a 280 * NOTIFY to the Launcher, we want to return now. Otherwise we do 281 * the hypercall. 282 */ 283 if (!cpu->pending_notify) { 284 do_hcall(cpu, cpu->hcall); 285 /* 286 * Tricky point: we reset the hcall pointer to mark the 287 * hypercall as "done". We use the hcall pointer rather than 288 * the trap number to indicate a hypercall is pending. 289 * Normally it doesn't matter: the Guest will run again and 290 * update the trap number before we come back here. 291 * 292 * However, if we are signalled or the Guest sends I/O to the 293 * Launcher, the run_guest() loop will exit without running the 294 * Guest. When it comes back it would try to re-run the 295 * hypercall. Finding that bug sucked. 296 */ 297 cpu->hcall = NULL; 298 } 299} 300 301/* 302 * This routine supplies the Guest with time: it's used for wallclock time at 303 * initial boot and as a rough time source if the TSC isn't available. 304 */ 305void write_timestamp(struct lg_cpu *cpu) 306{ 307 struct timespec now; 308 ktime_get_real_ts(&now); 309 if (copy_to_user(&cpu->lg->lguest_data->time, 310 &now, sizeof(struct timespec))) 311 kill_guest(cpu, "Writing timestamp"); 312} 313