[mirror_ubuntu-zesty-kernel.git] / drivers / lguest / lguest_user.c

/*P:200 This contains all the /dev/lguest code, whereby the userspace
 * launcher controls and communicates with the Guest.  For example,
 * the first write will tell us the Guest's memory layout and entry
 * point.  A read will run the Guest until something happens, such as
 * a signal or the Guest accessing a device.
:*/
#include <linux/uaccess.h>
#include <linux/miscdevice.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/file.h>
#include <linux/slab.h>
#include <linux/export.h>
#include "lg.h"

/*L:052
  The Launcher can get the registers, and also set some of them.
*/
static int getreg_setup(struct lg_cpu *cpu, const unsigned long __user *input)
{
	unsigned long which;

	/* We re-use the ptrace structure to specify which register to read. */
	if (get_user(which, input) != 0)
		return -EFAULT;

	/*
	 * We set up the cpu register pointer, and their next read will
	 * actually get the value (instead of running the guest).
	 *
	 * The last argument 'true' says we can access any register.
	 */
	cpu->reg_read = lguest_arch_regptr(cpu, which, true);
	if (!cpu->reg_read)
		return -ENOENT;

	/* And because this is a write() call, we return the length used. */
	return sizeof(unsigned long) * 2;
}

static int setreg(struct lg_cpu *cpu, const unsigned long __user *input)
{
	unsigned long which, value, *reg;

	/* We re-use the ptrace structure to specify which register to read. */
	if (get_user(which, input) != 0)
		return -EFAULT;
	input++;
	if (get_user(value, input) != 0)
		return -EFAULT;

	/* The last argument 'false' means we can't access all registers. */
	reg = lguest_arch_regptr(cpu, which, false);
	if (!reg)
		return -ENOENT;

	*reg = value;

	/* And because this is a write() call, we return the length used. */
	return sizeof(unsigned long) * 3;
}

/*L:050
 * Sending an interrupt is done by writing LHREQ_IRQ and an interrupt
 * number to /dev/lguest.
 */
static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input)
{
	unsigned long irq;

	if (get_user(irq, input) != 0)
		return -EFAULT;
	if (irq >= LGUEST_IRQS)
		return -EINVAL;

	/*
	 * Next time the Guest runs, the core code will see if it can deliver
	 * this interrupt.
	 */
	set_interrupt(cpu, irq);
	return 0;
}

/*L:053
 * Deliver a trap: this is used by the Launcher if it can't emulate
 * an instruction.
 */
static int trap(struct lg_cpu *cpu, const unsigned long __user *input)
{
	unsigned long trapnum;

	if (get_user(trapnum, input) != 0)
		return -EFAULT;

	if (!deliver_trap(cpu, trapnum))
		return -EINVAL;

	return 0;
}

/*L:040
 * Once our Guest is initialized, the Launcher makes it run by reading
 * from /dev/lguest.
 */
static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o)
{
	struct lguest *lg = file->private_data;
	struct lg_cpu *cpu;
	unsigned int cpu_id = *o;

	/* You must write LHREQ_INITIALIZE first! */
	if (!lg)
		return -EINVAL;

	/* Watch out for arbitrary vcpu indexes! */
	if (cpu_id >= lg->nr_cpus)
		return -EINVAL;

	cpu = &lg->cpus[cpu_id];

	/* If you're not the task which owns the Guest, go away. */
	if (current != cpu->tsk)
		return -EPERM;

	/* If the Guest is already dead, we indicate why */
	if (lg->dead) {
		size_t len;

		/* lg->dead either contains an error code, or a string. */
		if (IS_ERR(lg->dead))
			return PTR_ERR(lg->dead);

		/* We can only return as much as the buffer they read with. */
		len = min(size, strlen(lg->dead)+1);
		if (copy_to_user(user, lg->dead, len) != 0)
			return -EFAULT;
		return len;
	}

	/*
	 * If we returned from read() last time because the Guest sent I/O,
	 * clear the flag.
	 */
	if (cpu->pending.trap)
		cpu->pending.trap = 0;

	/* Run the Guest until something interesting happens. */
	return run_guest(cpu, (unsigned long __user *)user);
}

/*L:025
 * This actually initializes a CPU.  For the moment, a Guest is only
 * uniprocessor, so "id" is always 0.
 */
static int lg_cpu_start(struct lg_cpu *cpu, unsigned id, unsigned long start_ip)
{
	/* We have a limited number of CPUs in the lguest struct. */
	if (id >= ARRAY_SIZE(cpu->lg->cpus))
		return -EINVAL;

	/* Set up this CPU's id, and pointer back to the lguest struct. */
	cpu->id = id;
	cpu->lg = container_of(cpu, struct lguest, cpus[id]);
	cpu->lg->nr_cpus++;

	/* Each CPU has a timer it can set. */
	init_clockdev(cpu);

	/*
	 * We need a complete page for the Guest registers: they are accessible
	 * to the Guest and we can only grant it access to whole pages.
	 */
	cpu->regs_page = get_zeroed_page(GFP_KERNEL);
	if (!cpu->regs_page)
		return -ENOMEM;

	/* We actually put the registers at the end of the page. */
	cpu->regs = (void *)cpu->regs_page + PAGE_SIZE - sizeof(*cpu->regs);

	/*
	 * Now we initialize the Guest's registers, handing it the start
	 * address.
	 */
	lguest_arch_setup_regs(cpu, start_ip);

	/*
	 * We keep a pointer to the Launcher task (ie. current task) for when
	 * other Guests want to wake this one (eg. console input).
	 */
	cpu->tsk = current;

	/*
	 * We need to keep a pointer to the Launcher's memory map, because if
	 * the Launcher dies we need to clean it up.  If we don't keep a
	 * reference, it is destroyed before close() is called.
	 */
	cpu->mm = get_task_mm(cpu->tsk);

	/*
	 * We remember which CPU's pages this Guest used last, for optimization
	 * when the same Guest runs on the same CPU twice.
	 */
	cpu->last_pages = NULL;

	/* No error == success. */
	return 0;
}

/*L:020
 * The initialization write supplies 3 pointer sized (32 or 64 bit) values (in
 * addition to the LHREQ_INITIALIZE value).  These are:
 *
 * base: The start of the Guest-physical memory inside the Launcher memory.
 *
 * pfnlimit: The highest (Guest-physical) page number the Guest should be
 * allowed to access.  The Guest memory lives inside the Launcher, so it sets
 * this to ensure the Guest can only reach its own memory.
 *
 * start: The first instruction to execute ("eip" in x86-speak).
 */
static int initialize(struct file *file, const unsigned long __user *input)
{
	/* "struct lguest" contains all we (the Host) know about a Guest. */
	struct lguest *lg;
	int err;
	unsigned long args[4];

	/*
	 * We grab the Big Lguest lock, which protects against multiple
	 * simultaneous initializations.
	 */
	mutex_lock(&lguest_lock);
	/* You can't initialize twice!  Close the device and start again... */
	if (file->private_data) {
		err = -EBUSY;
		goto unlock;
	}

	if (copy_from_user(args, input, sizeof(args)) != 0) {
		err = -EFAULT;
		goto unlock;
	}

	lg = kzalloc(sizeof(*lg), GFP_KERNEL);
	if (!lg) {
		err = -ENOMEM;
		goto unlock;
	}

	/* Populate the easy fields of our "struct lguest" */
	lg->mem_base = (void __user *)args[0];
	lg->pfn_limit = args[1];
	lg->device_limit = args[3];

	/* This is the first cpu (cpu 0) and it will start booting at args[2] */
	err = lg_cpu_start(&lg->cpus[0], 0, args[2]);
	if (err)
		goto free_lg;

	/*
	 * Initialize the Guest's shadow page tables.  This allocates
	 * memory, so can fail.
	 */
	err = init_guest_pagetable(lg);
	if (err)
		goto free_regs;

	/* We keep our "struct lguest" in the file's private_data. */
	file->private_data = lg;

	mutex_unlock(&lguest_lock);

	/* And because this is a write() call, we return the length used. */
	return sizeof(args);

free_regs:
	/* FIXME: This should be in free_vcpu */
	free_page(lg->cpus[0].regs_page);
free_lg:
	kfree(lg);
unlock:
	mutex_unlock(&lguest_lock);
	return err;
}

/*L:010
 * The first operation the Launcher does must be a write.  All writes
 * start with an unsigned long number: for the first write this must be
 * LHREQ_INITIALIZE to set up the Guest.  After that the Launcher can use
 * writes of other values to send interrupts or set up receipt of notifications.
 *
 * Note that we overload the "offset" in the /dev/lguest file to indicate what
 * CPU number we're dealing with.  Currently this is always 0 since we only
 * support uniprocessor Guests, but you can see the beginnings of SMP support
 * here.
 */
static ssize_t write(struct file *file, const char __user *in,
		     size_t size, loff_t *off)
{
	/*
	 * Once the Guest is initialized, we hold the "struct lguest" in the
	 * file private data.
	 */
	struct lguest *lg = file->private_data;
	const unsigned long __user *input = (const unsigned long __user *)in;
	unsigned long req;
	struct lg_cpu *uninitialized_var(cpu);
	unsigned int cpu_id = *off;

	/* The first value tells us what this request is. */
	if (get_user(req, input) != 0)
		return -EFAULT;
	input++;

	/* If you haven't initialized, you must do that first. */
	if (req != LHREQ_INITIALIZE) {
		if (!lg || (cpu_id >= lg->nr_cpus))
			return -EINVAL;
		cpu = &lg->cpus[cpu_id];

		/* Once the Guest is dead, you can only read() why it died. */
		if (lg->dead)
			return -ENOENT;
	}

	switch (req) {
	case LHREQ_INITIALIZE:
		return initialize(file, input);
	case LHREQ_IRQ:
		return user_send_irq(cpu, input);
	case LHREQ_GETREG:
		return getreg_setup(cpu, input);
	case LHREQ_SETREG:
		return setreg(cpu, input);
	case LHREQ_TRAP:
		return trap(cpu, input);
	default:
		return -EINVAL;
	}
}

static int open(struct inode *inode, struct file *file)
{
	file->private_data = NULL;

	return 0;
}

/*L:060
 * The final piece of interface code is the close() routine.  It reverses
 * everything done in initialize().  This is usually called because the
 * Launcher exited.
 *
 * Note that the close routine returns 0 or a negative error number: it can't
 * really fail, but it can whine.  I blame Sun for this wart, and K&R C for
 * letting them do it.
:*/
static int close(struct inode *inode, struct file *file)
{
	struct lguest *lg = file->private_data;
	unsigned int i;

	/* If we never successfully initialized, there's nothing to clean up */
	if (!lg)
		return 0;

	/*
	 * We need the big lock, to protect from inter-guest I/O and other
	 * Launchers initializing guests.
	 */
	mutex_lock(&lguest_lock);

	/* Free up the shadow page tables for the Guest. */
	free_guest_pagetable(lg);

	for (i = 0; i < lg->nr_cpus; i++) {
		/* Cancels the hrtimer set via LHCALL_SET_CLOCKEVENT. */
		hrtimer_cancel(&lg->cpus[i].hrt);
		/* We can free up the register page we allocated. */
		free_page(lg->cpus[i].regs_page);
		/*
		 * Now all the memory cleanups are done, it's safe to release
		 * the Launcher's memory management structure.
		 */
		mmput(lg->cpus[i].mm);
	}

	/*
	 * If lg->dead doesn't contain an error code it will be NULL or a
	 * kmalloc()ed string, either of which is ok to hand to kfree().
	 */
	if (!IS_ERR(lg->dead))
		kfree(lg->dead);
	/* Free the memory allocated to the lguest_struct */
	kfree(lg);
	/* Release lock and exit. */
	mutex_unlock(&lguest_lock);

	return 0;
}

/*L:000
 * Welcome to our journey through the Launcher!
 *
 * The Launcher is the Host userspace program which sets up, runs and services
 * the Guest.  In fact, many comments in the Drivers which refer to "the Host"
 * doing things are inaccurate: the Launcher does all the device handling for
 * the Guest, but the Guest can't know that.
 *
 * Just to confuse you: to the Host kernel, the Launcher *is* the Guest and we
 * shall see more of that later.
 *
 * We begin our understanding with the Host kernel interface which the Launcher
 * uses: reading and writing a character device called /dev/lguest.  All the
 * work happens in the read(), write() and close() routines:
 */
static const struct file_operations lguest_fops = {
	.owner	 = THIS_MODULE,
	.open	 = open,
	.release = close,
	.write	 = write,
	.read	 = read,
	.llseek  = default_llseek,
};
/*:*/

/*
 * This is a textbook example of a "misc" character device.  Populate a "struct
 * miscdevice" and register it with misc_register().
 */
static struct miscdevice lguest_dev = {
	.minor	= MISC_DYNAMIC_MINOR,
	.name	= "lguest",
	.fops	= &lguest_fops,
};

int __init lguest_device_init(void)
{
	return misc_register(&lguest_dev);
}

void __exit lguest_device_remove(void)
{
	misc_deregister(&lguest_dev);
}
Commit	Line	Data
9f54288d RR	1	/*P:200 This contains all the /dev/lguest code, whereby the userspace
	2	* launcher controls and communicates with the Guest. For example,
	3	* the first write will tell us the Guest's memory layout and entry
	4	* point. A read will run the Guest until something happens, such as
d9bab50a	5	* a signal or the Guest accessing a device.
2e04ef76	6	:*/
d7e28ffe RR	7	#include <linux/uaccess.h>
	8	#include <linux/miscdevice.h>
	9	#include <linux/fs.h>
ca94f2bd	10	#include <linux/sched.h>
df60aeef	11	#include <linux/file.h>
5a0e3ad6	12	#include <linux/slab.h>
39a0e33d	13	#include <linux/export.h>
d7e28ffe RR	14	#include "lg.h"
d7e28ffe RR	15
a91d74a3	16	/*L:052
d9bab50a RR	17	The Launcher can get the registers, and also set some of them.
d9bab50a RR	18	*/
18c13737 RR	19	static int getreg_setup(struct lg_cpu cpu, const unsigned long __user input)
	20	{
	21	unsigned long which;
	22
	23	/* We re-use the ptrace structure to specify which register to read. */
	24	if (get_user(which, input) != 0)
	25	return -EFAULT;
	26
	27	/*
	28	* We set up the cpu register pointer, and their next read will
	29	* actually get the value (instead of running the guest).
	30	*
	31	* The last argument 'true' says we can access any register.
	32	*/
	33	cpu->reg_read = lguest_arch_regptr(cpu, which, true);
	34	if (!cpu->reg_read)
	35	return -ENOENT;
	36
	37	/* And because this is a write() call, we return the length used. */
	38	return sizeof(unsigned long) * 2;
	39	}
	40
	41	static int setreg(struct lg_cpu cpu, const unsigned long __user input)
	42	{
	43	unsigned long which, value, *reg;
	44
	45	/* We re-use the ptrace structure to specify which register to read. */
	46	if (get_user(which, input) != 0)
	47	return -EFAULT;
	48	input++;
	49	if (get_user(value, input) != 0)
	50	return -EFAULT;
	51
	52	/* The last argument 'false' means we can't access all registers. */
	53	reg = lguest_arch_regptr(cpu, which, false);
	54	if (!reg)
	55	return -ENOENT;
	56
	57	*reg = value;
	58
	59	/* And because this is a write() call, we return the length used. */
	60	return sizeof(unsigned long) * 3;
	61	}
	62
2e04ef76 RR	63	/*L:050
	64	* Sending an interrupt is done by writing LHREQ_IRQ and an interrupt
	65	* number to /dev/lguest.
	66	*/
177e449d	67	static int user_send_irq(struct lg_cpu cpu, const unsigned long __user input)
d7e28ffe	68	{
511801dc	69	unsigned long irq;
d7e28ffe RR	70
	71	if (get_user(irq, input) != 0)
	72	return -EFAULT;
	73	if (irq >= LGUEST_IRQS)
	74	return -EINVAL;
9f155a9b	75
a91d74a3 RR	76	/*
	77	* Next time the Guest runs, the core code will see if it can deliver
	78	* this interrupt.
	79	*/
9f155a9b	80	set_interrupt(cpu, irq);
d7e28ffe RR	81	return 0;
	82	}
	83
8ed31300 RR	84	/*L:053
	85	* Deliver a trap: this is used by the Launcher if it can't emulate
	86	* an instruction.
	87	*/
	88	static int trap(struct lg_cpu cpu, const unsigned long __user input)
	89	{
	90	unsigned long trapnum;
	91
	92	if (get_user(trapnum, input) != 0)
	93	return -EFAULT;
	94
	95	if (!deliver_trap(cpu, trapnum))
	96	return -EINVAL;
	97
	98	return 0;
	99	}
	100
2e04ef76 RR	101	/*L:040
	102	* Once our Guest is initialized, the Launcher makes it run by reading
	103	* from /dev/lguest.
	104	*/
d7e28ffe RR	105	static ssize_t read(struct file file, char __user user, size_t size,loff_t*o)
	106	{
	107	struct lguest *lg = file->private_data;
d0953d42 GOC	108	struct lg_cpu *cpu;
d0953d42 GOC	109	unsigned int cpu_id = *o;
d7e28ffe	110
dde79789	111	/* You must write LHREQ_INITIALIZE first! */
d7e28ffe RR	112	if (!lg)
	113	return -EINVAL;
	114
d0953d42 GOC	115	/* Watch out for arbitrary vcpu indexes! */
	116	if (cpu_id >= lg->nr_cpus)
	117	return -EINVAL;
	118
	119	cpu = &lg->cpus[cpu_id];
	120
e1e72965	121	/* If you're not the task which owns the Guest, go away. */
66686c2a	122	if (current != cpu->tsk)
d7e28ffe RR	123	return -EPERM;
d7e28ffe RR	124
a6bd8e13	125	/* If the Guest is already dead, we indicate why */
d7e28ffe RR	126	if (lg->dead) {
	127	size_t len;
	128
dde79789	129	/* lg->dead either contains an error code, or a string. */
d7e28ffe RR	130	if (IS_ERR(lg->dead))
	131	return PTR_ERR(lg->dead);
	132
dde79789	133	/* We can only return as much as the buffer they read with. */
d7e28ffe RR	134	len = min(size, strlen(lg->dead)+1);
	135	if (copy_to_user(user, lg->dead, len) != 0)
	136	return -EFAULT;
	137	return len;
	138	}
	139
2e04ef76 RR	140	/*
	141	* If we returned from read() last time because the Guest sent I/O,
	142	* clear the flag.
	143	*/
69a09dc1 RR	144	if (cpu->pending.trap)
69a09dc1 RR	145	cpu->pending.trap = 0;
d7e28ffe	146
dde79789	147	/* Run the Guest until something interesting happens. */
d0953d42	148	return run_guest(cpu, (unsigned long __user *)user);
d7e28ffe RR	149	}
d7e28ffe RR	150
2e04ef76 RR	151	/*L:025
	152	* This actually initializes a CPU. For the moment, a Guest is only
	153	* uniprocessor, so "id" is always 0.
	154	*/
4dcc53da GOC	155	static int lg_cpu_start(struct lg_cpu *cpu, unsigned id, unsigned long start_ip)
4dcc53da GOC	156	{
c2ecd515	157	/* We have a limited number of CPUs in the lguest struct. */
24adf127	158	if (id >= ARRAY_SIZE(cpu->lg->cpus))
4dcc53da GOC	159	return -EINVAL;
4dcc53da GOC	160
a6bd8e13	161	/* Set up this CPU's id, and pointer back to the lguest struct. */
4dcc53da	162	cpu->id = id;
c2ecd515	163	cpu->lg = container_of(cpu, struct lguest, cpus[id]);
4dcc53da	164	cpu->lg->nr_cpus++;
a6bd8e13 RR	165
a6bd8e13 RR	166	/* Each CPU has a timer it can set. */
ad8d8f3b	167	init_clockdev(cpu);
4dcc53da	168
2e04ef76 RR	169	/*
	170	* We need a complete page for the Guest registers: they are accessible
	171	* to the Guest and we can only grant it access to whole pages.
	172	*/
a53a35a8 GOC	173	cpu->regs_page = get_zeroed_page(GFP_KERNEL);
	174	if (!cpu->regs_page)
	175	return -ENOMEM;
	176
c2ecd515	177	/* We actually put the registers at the end of the page. */
a53a35a8 GOC	178	cpu->regs = (void )cpu->regs_page + PAGE_SIZE - sizeof(cpu->regs);
a53a35a8 GOC	179
2e04ef76 RR	180	/*
	181	* Now we initialize the Guest's registers, handing it the start
	182	* address.
	183	*/
a53a35a8 GOC	184	lguest_arch_setup_regs(cpu, start_ip);
a53a35a8 GOC	185
2e04ef76 RR	186	/*
	187	* We keep a pointer to the Launcher task (ie. current task) for when
	188	* other Guests want to wake this one (eg. console input).
	189	*/
66686c2a GOC	190	cpu->tsk = current;
66686c2a GOC	191
2e04ef76 RR	192	/*
2e04ef76 RR	193	* We need to keep a pointer to the Launcher's memory map, because if
66686c2a	194	* the Launcher dies we need to clean it up. If we don't keep a
2e04ef76 RR	195	* reference, it is destroyed before close() is called.
2e04ef76 RR	196	*/
66686c2a GOC	197	cpu->mm = get_task_mm(cpu->tsk);
66686c2a GOC	198
2e04ef76 RR	199	/*
	200	* We remember which CPU's pages this Guest used last, for optimization
	201	* when the same Guest runs on the same CPU twice.
	202	*/
f34f8c5f GOC	203	cpu->last_pages = NULL;
f34f8c5f GOC	204
a6bd8e13	205	/* No error == success. */
4dcc53da GOC	206	return 0;
	207	}
	208
2e04ef76 RR	209	/*L:020
	210	* The initialization write supplies 3 pointer sized (32 or 64 bit) values (in
	211	* addition to the LHREQ_INITIALIZE value). These are:
dde79789	212	*
3c6b5bfa RR	213	* base: The start of the Guest-physical memory inside the Launcher memory.
3c6b5bfa RR	214	*
dde79789	215	* pfnlimit: The highest (Guest-physical) page number the Guest should be
e1e72965 RR	216	* allowed to access. The Guest memory lives inside the Launcher, so it sets
e1e72965 RR	217	* this to ensure the Guest can only reach its own memory.
dde79789	218	*
dde79789	219	* start: The first instruction to execute ("eip" in x86-speak).
dde79789	220	*/
511801dc	221	static int initialize(struct file file, const unsigned long __user input)
d7e28ffe	222	{
2e04ef76	223	/* "struct lguest" contains all we (the Host) know about a Guest. */
d7e28ffe	224	struct lguest *lg;
48245cc0	225	int err;
7313d521	226	unsigned long args[4];
d7e28ffe	227
2e04ef76 RR	228	/*
	229	* We grab the Big Lguest lock, which protects against multiple
	230	* simultaneous initializations.
	231	*/
d7e28ffe	232	mutex_lock(&lguest_lock);
dde79789	233	/* You can't initialize twice! Close the device and start again... */
d7e28ffe RR	234	if (file->private_data) {
	235	err = -EBUSY;
	236	goto unlock;
	237	}
	238
	239	if (copy_from_user(args, input, sizeof(args)) != 0) {
	240	err = -EFAULT;
	241	goto unlock;
	242	}
	243
48245cc0 RR	244	lg = kzalloc(sizeof(*lg), GFP_KERNEL);
	245	if (!lg) {
	246	err = -ENOMEM;
d7e28ffe RR	247	goto unlock;
d7e28ffe RR	248	}
dde79789 RR	249
dde79789 RR	250	/* Populate the easy fields of our "struct lguest" */
74dbf719	251	lg->mem_base = (void __user *)args[0];
3c6b5bfa	252	lg->pfn_limit = args[1];
7313d521	253	lg->device_limit = args[3];
dde79789	254
58a24566 MZ	255	/* This is the first cpu (cpu 0) and it will start booting at args[2] */
58a24566 MZ	256	err = lg_cpu_start(&lg->cpus[0], 0, args[2]);
4dcc53da	257	if (err)
d9bab50a	258	goto free_lg;
4dcc53da	259
2e04ef76	260	/*
9f54288d RR	261	* Initialize the Guest's shadow page tables. This allocates
9f54288d RR	262	* memory, so can fail.
2e04ef76	263	*/
58a24566	264	err = init_guest_pagetable(lg);
d7e28ffe RR	265	if (err)
	266	goto free_regs;
	267
dde79789	268	/* We keep our "struct lguest" in the file's private_data. */
d7e28ffe RR	269	file->private_data = lg;
	270
	271	mutex_unlock(&lguest_lock);
	272
dde79789	273	/* And because this is a write() call, we return the length used. */
d7e28ffe RR	274	return sizeof(args);
	275
	276	free_regs:
a53a35a8 GOC	277	/* FIXME: This should be in free_vcpu */
a53a35a8 GOC	278	free_page(lg->cpus[0].regs_page);
df60aeef	279	free_lg:
43054412	280	kfree(lg);
d7e28ffe RR	281	unlock:
	282	mutex_unlock(&lguest_lock);
	283	return err;
	284	}
	285
2e04ef76 RR	286	/*L:010
2e04ef76 RR	287	* The first operation the Launcher does must be a write. All writes
e1e72965	288	* start with an unsigned long number: for the first write this must be
dde79789	289	* LHREQ_INITIALIZE to set up the Guest. After that the Launcher can use
a91d74a3	290	* writes of other values to send interrupts or set up receipt of notifications.
a6bd8e13 RR	291	*
a6bd8e13 RR	292	* Note that we overload the "offset" in the /dev/lguest file to indicate what
a91d74a3	293	* CPU number we're dealing with. Currently this is always 0 since we only
a6bd8e13	294	* support uniprocessor Guests, but you can see the beginnings of SMP support
2e04ef76 RR	295	* here.
2e04ef76 RR	296	*/
511801dc	297	static ssize_t write(struct file file, const char __user in,
d7e28ffe RR	298	size_t size, loff_t *off)
d7e28ffe RR	299	{
2e04ef76 RR	300	/*
	301	* Once the Guest is initialized, we hold the "struct lguest" in the
	302	* file private data.
	303	*/
d7e28ffe	304	struct lguest *lg = file->private_data;
511801dc JS	305	const unsigned long __user input = (const unsigned long __user )in;
511801dc JS	306	unsigned long req;
177e449d	307	struct lg_cpu *uninitialized_var(cpu);
7ea07a15	308	unsigned int cpu_id = *off;
d7e28ffe	309
a6bd8e13	310	/* The first value tells us what this request is. */
d7e28ffe RR	311	if (get_user(req, input) != 0)
d7e28ffe RR	312	return -EFAULT;
511801dc	313	input++;
d7e28ffe	314
dde79789	315	/* If you haven't initialized, you must do that first. */
7ea07a15 GOC	316	if (req != LHREQ_INITIALIZE) {
	317	if (!lg \|\| (cpu_id >= lg->nr_cpus))
	318	return -EINVAL;
	319	cpu = &lg->cpus[cpu_id];
dde79789	320
f73d1e6c ET	321	/* Once the Guest is dead, you can only read() why it died. */
	322	if (lg->dead)
	323	return -ENOENT;
f73d1e6c	324	}
d7e28ffe RR	325
	326	switch (req) {
	327	case LHREQ_INITIALIZE:
511801dc	328	return initialize(file, input);
d7e28ffe	329	case LHREQ_IRQ:
177e449d	330	return user_send_irq(cpu, input);
18c13737 RR	331	case LHREQ_GETREG:
	332	return getreg_setup(cpu, input);
	333	case LHREQ_SETREG:
	334	return setreg(cpu, input);
8ed31300 RR	335	case LHREQ_TRAP:
8ed31300 RR	336	return trap(cpu, input);
d7e28ffe RR	337	default:
	338	return -EINVAL;
	339	}
	340	}
	341
67c50bf2 MK	342	static int open(struct inode inode, struct file file)
	343	{
	344	file->private_data = NULL;
	345
	346	return 0;
	347	}
	348
2e04ef76 RR	349	/*L:060
2e04ef76 RR	350	* The final piece of interface code is the close() routine. It reverses
dde79789 RR	351	* everything done in initialize(). This is usually called because the
	352	* Launcher exited.
	353	*
	354	* Note that the close routine returns 0 or a negative error number: it can't
	355	* really fail, but it can whine. I blame Sun for this wart, and K&R C for
2e04ef76 RR	356	* letting them do it.
2e04ef76 RR	357	:*/
d7e28ffe RR	358	static int close(struct inode inode, struct file file)
	359	{
	360	struct lguest *lg = file->private_data;
ad8d8f3b	361	unsigned int i;
d7e28ffe	362
dde79789	363	/* If we never successfully initialized, there's nothing to clean up */
d7e28ffe RR	364	if (!lg)
	365	return 0;
	366
2e04ef76 RR	367	/*
	368	* We need the big lock, to protect from inter-guest I/O and other
	369	* Launchers initializing guests.
	370	*/
d7e28ffe	371	mutex_lock(&lguest_lock);
66686c2a GOC	372
	373	/* Free up the shadow page tables for the Guest. */
	374	free_guest_pagetable(lg);
	375
a53a35a8	376	for (i = 0; i < lg->nr_cpus; i++) {
ad8d8f3b GOC	377	/* Cancels the hrtimer set via LHCALL_SET_CLOCKEVENT. */
ad8d8f3b GOC	378	hrtimer_cancel(&lg->cpus[i].hrt);
a53a35a8 GOC	379	/* We can free up the register page we allocated. */
a53a35a8 GOC	380	free_page(lg->cpus[i].regs_page);
2e04ef76 RR	381	/*
	382	* Now all the memory cleanups are done, it's safe to release
	383	* the Launcher's memory management structure.
	384	*/
66686c2a	385	mmput(lg->cpus[i].mm);
a53a35a8	386	}
df60aeef	387
2e04ef76 RR	388	/*
	389	* If lg->dead doesn't contain an error code it will be NULL or a
	390	* kmalloc()ed string, either of which is ok to hand to kfree().
	391	*/
d7e28ffe RR	392	if (!IS_ERR(lg->dead))
d7e28ffe RR	393	kfree(lg->dead);
05dfdbbd MW	394	/* Free the memory allocated to the lguest_struct */
05dfdbbd MW	395	kfree(lg);
dde79789	396	/* Release lock and exit. */
d7e28ffe	397	mutex_unlock(&lguest_lock);
dde79789	398
d7e28ffe RR	399	return 0;
	400	}
	401
dde79789 RR	402	/*L:000
	403	* Welcome to our journey through the Launcher!
	404	*
	405	* The Launcher is the Host userspace program which sets up, runs and services
	406	* the Guest. In fact, many comments in the Drivers which refer to "the Host"
	407	* doing things are inaccurate: the Launcher does all the device handling for
e1e72965	408	* the Guest, but the Guest can't know that.
dde79789 RR	409	*
	410	* Just to confuse you: to the Host kernel, the Launcher is the Guest and we
	411	* shall see more of that later.
	412	*
	413	* We begin our understanding with the Host kernel interface which the Launcher
	414	* uses: reading and writing a character device called /dev/lguest. All the
2e04ef76 RR	415	* work happens in the read(), write() and close() routines:
2e04ef76 RR	416	*/
828c0950	417	static const struct file_operations lguest_fops = {
d7e28ffe	418	.owner = THIS_MODULE,
67c50bf2	419	.open = open,
d7e28ffe RR	420	.release = close,
	421	.write = write,
	422	.read = read,
6038f373	423	.llseek = default_llseek,
d7e28ffe	424	};
9f54288d	425	/:/
dde79789	426
2e04ef76 RR	427	/*
	428	* This is a textbook example of a "misc" character device. Populate a "struct
	429	* miscdevice" and register it with misc_register().
	430	*/
d7e28ffe RR	431	static struct miscdevice lguest_dev = {
	432	.minor = MISC_DYNAMIC_MINOR,
	433	.name = "lguest",
	434	.fops = &lguest_fops,
	435	};
	436
	437	int __init lguest_device_init(void)
	438	{
	439	return misc_register(&lguest_dev);
	440	}
	441
	442	void __exit lguest_device_remove(void)
	443	{
	444	misc_deregister(&lguest_dev);
	445	}