]> git.proxmox.com Git - qemu.git/blame - xen-mapcache.c
fw_cfg: Splash image loader can overrun a stack variable, fix
[qemu.git] / xen-mapcache.c
CommitLineData
432d268c
JN
1/*
2 * Copyright (C) 2011 Citrix Ltd.
3 *
4 * This work is licensed under the terms of the GNU GPL, version 2. See
5 * the COPYING file in the top-level directory.
6 *
6b620ca3
PB
7 * Contributions after 2012-01-13 are licensed under the terms of the
8 * GNU GPL, version 2 or (at your option) any later version.
432d268c
JN
9 */
10
11#include "config.h"
12
13#include <sys/resource.h>
14
15#include "hw/xen_backend.h"
9c17d615 16#include "sysemu/blockdev.h"
1de7afc9 17#include "qemu/bitmap.h"
432d268c
JN
18
19#include <xen/hvm/params.h>
20#include <sys/mman.h>
21
9c17d615 22#include "sysemu/xen-mapcache.h"
432d268c
JN
23#include "trace.h"
24
25
26//#define MAPCACHE_DEBUG
27
28#ifdef MAPCACHE_DEBUG
29# define DPRINTF(fmt, ...) do { \
30 fprintf(stderr, "xen_mapcache: " fmt, ## __VA_ARGS__); \
31} while (0)
32#else
33# define DPRINTF(fmt, ...) do { } while (0)
34#endif
35
36#if defined(__i386__)
37# define MCACHE_BUCKET_SHIFT 16
ea6c5f8f 38# define MCACHE_MAX_SIZE (1UL<<31) /* 2GB Cap */
432d268c
JN
39#elif defined(__x86_64__)
40# define MCACHE_BUCKET_SHIFT 20
ea6c5f8f 41# define MCACHE_MAX_SIZE (1UL<<35) /* 32GB Cap */
432d268c
JN
42#endif
43#define MCACHE_BUCKET_SIZE (1UL << MCACHE_BUCKET_SHIFT)
44
56c119e5
AP
45/* This is the size of the virtual address space reserve to QEMU that will not
46 * be use by MapCache.
47 * From empirical tests I observed that qemu use 75MB more than the
48 * max_mcache_size.
49 */
50#define NON_MCACHE_MEMORY_SIZE (80 * 1024 * 1024)
51
e41d7c69
JK
52#define mapcache_lock() ((void)0)
53#define mapcache_unlock() ((void)0)
54
432d268c 55typedef struct MapCacheEntry {
a8170e5e 56 hwaddr paddr_index;
432d268c 57 uint8_t *vaddr_base;
c13390cd 58 unsigned long *valid_mapping;
432d268c 59 uint8_t lock;
a8170e5e 60 hwaddr size;
432d268c
JN
61 struct MapCacheEntry *next;
62} MapCacheEntry;
63
64typedef struct MapCacheRev {
65 uint8_t *vaddr_req;
a8170e5e
AK
66 hwaddr paddr_index;
67 hwaddr size;
432d268c
JN
68 QTAILQ_ENTRY(MapCacheRev) next;
69} MapCacheRev;
70
71typedef struct MapCache {
72 MapCacheEntry *entry;
73 unsigned long nr_buckets;
74 QTAILQ_HEAD(map_cache_head, MapCacheRev) locked_entries;
75
76 /* For most cases (>99.9%), the page address is the same. */
a8170e5e 77 hwaddr last_address_index;
432d268c
JN
78 uint8_t *last_address_vaddr;
79 unsigned long max_mcache_size;
80 unsigned int mcache_bucket_shift;
cd1ba7de
AP
81
82 phys_offset_to_gaddr_t phys_offset_to_gaddr;
83 void *opaque;
432d268c
JN
84} MapCache;
85
86static MapCache *mapcache;
87
c13390cd
SS
88static inline int test_bits(int nr, int size, const unsigned long *addr)
89{
90 unsigned long res = find_next_zero_bit(addr, size + nr, nr);
91 if (res >= nr + size)
92 return 1;
93 else
94 return 0;
95}
96
cd1ba7de 97void xen_map_cache_init(phys_offset_to_gaddr_t f, void *opaque)
432d268c
JN
98{
99 unsigned long size;
100 struct rlimit rlimit_as;
101
7267c094 102 mapcache = g_malloc0(sizeof (MapCache));
432d268c 103
cd1ba7de
AP
104 mapcache->phys_offset_to_gaddr = f;
105 mapcache->opaque = opaque;
106
432d268c
JN
107 QTAILQ_INIT(&mapcache->locked_entries);
108 mapcache->last_address_index = -1;
109
56c119e5
AP
110 if (geteuid() == 0) {
111 rlimit_as.rlim_cur = RLIM_INFINITY;
112 rlimit_as.rlim_max = RLIM_INFINITY;
113 mapcache->max_mcache_size = MCACHE_MAX_SIZE;
ea6c5f8f 114 } else {
56c119e5
AP
115 getrlimit(RLIMIT_AS, &rlimit_as);
116 rlimit_as.rlim_cur = rlimit_as.rlim_max;
117
118 if (rlimit_as.rlim_max != RLIM_INFINITY) {
119 fprintf(stderr, "Warning: QEMU's maximum size of virtual"
120 " memory is not infinity.\n");
121 }
122 if (rlimit_as.rlim_max < MCACHE_MAX_SIZE + NON_MCACHE_MEMORY_SIZE) {
123 mapcache->max_mcache_size = rlimit_as.rlim_max -
124 NON_MCACHE_MEMORY_SIZE;
125 } else {
126 mapcache->max_mcache_size = MCACHE_MAX_SIZE;
127 }
ea6c5f8f
JB
128 }
129
432d268c 130 setrlimit(RLIMIT_AS, &rlimit_as);
432d268c
JN
131
132 mapcache->nr_buckets =
133 (((mapcache->max_mcache_size >> XC_PAGE_SHIFT) +
134 (1UL << (MCACHE_BUCKET_SHIFT - XC_PAGE_SHIFT)) - 1) >>
135 (MCACHE_BUCKET_SHIFT - XC_PAGE_SHIFT));
136
137 size = mapcache->nr_buckets * sizeof (MapCacheEntry);
138 size = (size + XC_PAGE_SIZE - 1) & ~(XC_PAGE_SIZE - 1);
e41d7c69
JK
139 DPRINTF("%s, nr_buckets = %lx size %lu\n", __func__,
140 mapcache->nr_buckets, size);
7267c094 141 mapcache->entry = g_malloc0(size);
432d268c
JN
142}
143
e41d7c69 144static void xen_remap_bucket(MapCacheEntry *entry,
a8170e5e
AK
145 hwaddr size,
146 hwaddr address_index)
432d268c
JN
147{
148 uint8_t *vaddr_base;
149 xen_pfn_t *pfns;
150 int *err;
ea6c5f8f 151 unsigned int i;
a8170e5e 152 hwaddr nb_pfn = size >> XC_PAGE_SHIFT;
432d268c 153
e41d7c69 154 trace_xen_remap_bucket(address_index);
432d268c 155
7267c094
AL
156 pfns = g_malloc0(nb_pfn * sizeof (xen_pfn_t));
157 err = g_malloc0(nb_pfn * sizeof (int));
432d268c
JN
158
159 if (entry->vaddr_base != NULL) {
c13390cd 160 if (munmap(entry->vaddr_base, entry->size) != 0) {
432d268c
JN
161 perror("unmap fails");
162 exit(-1);
163 }
164 }
c13390cd 165 if (entry->valid_mapping != NULL) {
7267c094 166 g_free(entry->valid_mapping);
c13390cd
SS
167 entry->valid_mapping = NULL;
168 }
432d268c
JN
169
170 for (i = 0; i < nb_pfn; i++) {
171 pfns[i] = (address_index << (MCACHE_BUCKET_SHIFT-XC_PAGE_SHIFT)) + i;
172 }
173
174 vaddr_base = xc_map_foreign_bulk(xen_xc, xen_domid, PROT_READ|PROT_WRITE,
175 pfns, err, nb_pfn);
176 if (vaddr_base == NULL) {
177 perror("xc_map_foreign_bulk");
178 exit(-1);
179 }
180
181 entry->vaddr_base = vaddr_base;
182 entry->paddr_index = address_index;
c13390cd 183 entry->size = size;
7267c094 184 entry->valid_mapping = (unsigned long *) g_malloc0(sizeof(unsigned long) *
c13390cd 185 BITS_TO_LONGS(size >> XC_PAGE_SHIFT));
432d268c 186
ea6c5f8f
JB
187 bitmap_zero(entry->valid_mapping, nb_pfn);
188 for (i = 0; i < nb_pfn; i++) {
189 if (!err[i]) {
190 bitmap_set(entry->valid_mapping, i, 1);
432d268c 191 }
432d268c
JN
192 }
193
7267c094
AL
194 g_free(pfns);
195 g_free(err);
432d268c
JN
196}
197
a8170e5e 198uint8_t *xen_map_cache(hwaddr phys_addr, hwaddr size,
e41d7c69 199 uint8_t lock)
432d268c
JN
200{
201 MapCacheEntry *entry, *pentry = NULL;
a8170e5e
AK
202 hwaddr address_index;
203 hwaddr address_offset;
204 hwaddr __size = size;
cd1ba7de
AP
205 bool translated = false;
206
207tryagain:
208 address_index = phys_addr >> MCACHE_BUCKET_SHIFT;
209 address_offset = phys_addr & (MCACHE_BUCKET_SIZE - 1);
432d268c 210
e41d7c69 211 trace_xen_map_cache(phys_addr);
432d268c 212
c13390cd 213 if (address_index == mapcache->last_address_index && !lock && !__size) {
e41d7c69 214 trace_xen_map_cache_return(mapcache->last_address_vaddr + address_offset);
432d268c
JN
215 return mapcache->last_address_vaddr + address_offset;
216 }
217
c13390cd 218 /* size is always a multiple of MCACHE_BUCKET_SIZE */
09ab48ee
AP
219 if (size) {
220 __size = size + address_offset;
221 if (__size % MCACHE_BUCKET_SIZE) {
222 __size += MCACHE_BUCKET_SIZE - (__size % MCACHE_BUCKET_SIZE);
223 }
224 } else {
c13390cd 225 __size = MCACHE_BUCKET_SIZE;
09ab48ee 226 }
c13390cd 227
432d268c
JN
228 entry = &mapcache->entry[address_index % mapcache->nr_buckets];
229
c13390cd
SS
230 while (entry && entry->lock && entry->vaddr_base &&
231 (entry->paddr_index != address_index || entry->size != __size ||
232 !test_bits(address_offset >> XC_PAGE_SHIFT, size >> XC_PAGE_SHIFT,
233 entry->valid_mapping))) {
432d268c
JN
234 pentry = entry;
235 entry = entry->next;
236 }
237 if (!entry) {
7267c094 238 entry = g_malloc0(sizeof (MapCacheEntry));
432d268c 239 pentry->next = entry;
e41d7c69 240 xen_remap_bucket(entry, __size, address_index);
432d268c
JN
241 } else if (!entry->lock) {
242 if (!entry->vaddr_base || entry->paddr_index != address_index ||
c13390cd
SS
243 entry->size != __size ||
244 !test_bits(address_offset >> XC_PAGE_SHIFT, size >> XC_PAGE_SHIFT,
245 entry->valid_mapping)) {
e41d7c69 246 xen_remap_bucket(entry, __size, address_index);
432d268c
JN
247 }
248 }
249
c13390cd
SS
250 if(!test_bits(address_offset >> XC_PAGE_SHIFT, size >> XC_PAGE_SHIFT,
251 entry->valid_mapping)) {
432d268c 252 mapcache->last_address_index = -1;
cd1ba7de
AP
253 if (!translated && mapcache->phys_offset_to_gaddr) {
254 phys_addr = mapcache->phys_offset_to_gaddr(phys_addr, size, mapcache->opaque);
255 translated = true;
256 goto tryagain;
257 }
e41d7c69 258 trace_xen_map_cache_return(NULL);
432d268c
JN
259 return NULL;
260 }
261
262 mapcache->last_address_index = address_index;
263 mapcache->last_address_vaddr = entry->vaddr_base;
264 if (lock) {
7267c094 265 MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev));
432d268c
JN
266 entry->lock++;
267 reventry->vaddr_req = mapcache->last_address_vaddr + address_offset;
268 reventry->paddr_index = mapcache->last_address_index;
c13390cd 269 reventry->size = entry->size;
432d268c
JN
270 QTAILQ_INSERT_HEAD(&mapcache->locked_entries, reventry, next);
271 }
272
e41d7c69 273 trace_xen_map_cache_return(mapcache->last_address_vaddr + address_offset);
432d268c
JN
274 return mapcache->last_address_vaddr + address_offset;
275}
276
e41d7c69 277ram_addr_t xen_ram_addr_from_mapcache(void *ptr)
432d268c 278{
ecf169b7 279 MapCacheEntry *entry = NULL;
432d268c 280 MapCacheRev *reventry;
a8170e5e
AK
281 hwaddr paddr_index;
282 hwaddr size;
432d268c
JN
283 int found = 0;
284
285 QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
286 if (reventry->vaddr_req == ptr) {
287 paddr_index = reventry->paddr_index;
c13390cd 288 size = reventry->size;
432d268c
JN
289 found = 1;
290 break;
291 }
292 }
293 if (!found) {
e41d7c69 294 fprintf(stderr, "%s, could not find %p\n", __func__, ptr);
432d268c
JN
295 QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
296 DPRINTF(" "TARGET_FMT_plx" -> %p is present\n", reventry->paddr_index,
297 reventry->vaddr_req);
298 }
299 abort();
300 return 0;
301 }
302
c13390cd
SS
303 entry = &mapcache->entry[paddr_index % mapcache->nr_buckets];
304 while (entry && (entry->paddr_index != paddr_index || entry->size != size)) {
c13390cd
SS
305 entry = entry->next;
306 }
307 if (!entry) {
308 DPRINTF("Trying to find address %p that is not in the mapcache!\n", ptr);
309 return 0;
310 }
311 return (reventry->paddr_index << MCACHE_BUCKET_SHIFT) +
312 ((unsigned long) ptr - (unsigned long) entry->vaddr_base);
432d268c
JN
313}
314
e41d7c69 315void xen_invalidate_map_cache_entry(uint8_t *buffer)
432d268c
JN
316{
317 MapCacheEntry *entry = NULL, *pentry = NULL;
318 MapCacheRev *reventry;
a8170e5e
AK
319 hwaddr paddr_index;
320 hwaddr size;
432d268c
JN
321 int found = 0;
322
432d268c
JN
323 QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
324 if (reventry->vaddr_req == buffer) {
325 paddr_index = reventry->paddr_index;
c13390cd 326 size = reventry->size;
432d268c
JN
327 found = 1;
328 break;
329 }
330 }
331 if (!found) {
e41d7c69 332 DPRINTF("%s, could not find %p\n", __func__, buffer);
432d268c
JN
333 QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
334 DPRINTF(" "TARGET_FMT_plx" -> %p is present\n", reventry->paddr_index, reventry->vaddr_req);
335 }
336 return;
337 }
338 QTAILQ_REMOVE(&mapcache->locked_entries, reventry, next);
7267c094 339 g_free(reventry);
432d268c 340
27b7652e
FZ
341 if (mapcache->last_address_index == paddr_index) {
342 mapcache->last_address_index = -1;
343 mapcache->last_address_vaddr = NULL;
344 }
345
432d268c 346 entry = &mapcache->entry[paddr_index % mapcache->nr_buckets];
c13390cd 347 while (entry && (entry->paddr_index != paddr_index || entry->size != size)) {
432d268c
JN
348 pentry = entry;
349 entry = entry->next;
350 }
351 if (!entry) {
352 DPRINTF("Trying to unmap address %p that is not in the mapcache!\n", buffer);
353 return;
354 }
355 entry->lock--;
356 if (entry->lock > 0 || pentry == NULL) {
357 return;
358 }
359
360 pentry->next = entry->next;
c13390cd 361 if (munmap(entry->vaddr_base, entry->size) != 0) {
432d268c
JN
362 perror("unmap fails");
363 exit(-1);
364 }
7267c094
AL
365 g_free(entry->valid_mapping);
366 g_free(entry);
432d268c
JN
367}
368
e41d7c69 369void xen_invalidate_map_cache(void)
432d268c
JN
370{
371 unsigned long i;
372 MapCacheRev *reventry;
373
374 /* Flush pending AIO before destroying the mapcache */
922453bc 375 bdrv_drain_all();
432d268c
JN
376
377 QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
378 DPRINTF("There should be no locked mappings at this time, "
379 "but "TARGET_FMT_plx" -> %p is present\n",
380 reventry->paddr_index, reventry->vaddr_req);
381 }
382
383 mapcache_lock();
384
385 for (i = 0; i < mapcache->nr_buckets; i++) {
386 MapCacheEntry *entry = &mapcache->entry[i];
387
388 if (entry->vaddr_base == NULL) {
389 continue;
390 }
852a7cec
JG
391 if (entry->lock > 0) {
392 continue;
393 }
432d268c 394
c13390cd 395 if (munmap(entry->vaddr_base, entry->size) != 0) {
432d268c
JN
396 perror("unmap fails");
397 exit(-1);
398 }
399
400 entry->paddr_index = 0;
401 entry->vaddr_base = NULL;
c13390cd 402 entry->size = 0;
7267c094 403 g_free(entry->valid_mapping);
c13390cd 404 entry->valid_mapping = NULL;
432d268c
JN
405 }
406
407 mapcache->last_address_index = -1;
408 mapcache->last_address_vaddr = NULL;
409
410 mapcache_unlock();
411}