4 * Copyright (c) 2009 Red Hat
6 * This work is licensed under the terms of the GNU General Public License
7 * (GNU GPL), version 2 or later.
13 #include "qemu-thread.h"
15 /* #define DEBUG_IOMMU */
17 static void do_dma_memory_set(AddressSpace
*as
,
18 dma_addr_t addr
, uint8_t c
, dma_addr_t len
)
20 #define FILLBUF_SIZE 512
21 uint8_t fillbuf
[FILLBUF_SIZE
];
24 memset(fillbuf
, c
, FILLBUF_SIZE
);
26 l
= len
< FILLBUF_SIZE
? len
: FILLBUF_SIZE
;
27 address_space_rw(as
, addr
, fillbuf
, l
, true);
33 int dma_memory_set(DMAContext
*dma
, dma_addr_t addr
, uint8_t c
, dma_addr_t len
)
35 dma_barrier(dma
, DMA_DIRECTION_FROM_DEVICE
);
37 if (dma_has_iommu(dma
)) {
38 return iommu_dma_memory_set(dma
, addr
, c
, len
);
40 do_dma_memory_set(dma
->as
, addr
, c
, len
);
45 void qemu_sglist_init(QEMUSGList
*qsg
, int alloc_hint
, DMAContext
*dma
)
47 qsg
->sg
= g_malloc(alloc_hint
* sizeof(ScatterGatherEntry
));
49 qsg
->nalloc
= alloc_hint
;
54 void qemu_sglist_add(QEMUSGList
*qsg
, dma_addr_t base
, dma_addr_t len
)
56 if (qsg
->nsg
== qsg
->nalloc
) {
57 qsg
->nalloc
= 2 * qsg
->nalloc
+ 1;
58 qsg
->sg
= g_realloc(qsg
->sg
, qsg
->nalloc
* sizeof(ScatterGatherEntry
));
60 qsg
->sg
[qsg
->nsg
].base
= base
;
61 qsg
->sg
[qsg
->nsg
].len
= len
;
66 void qemu_sglist_destroy(QEMUSGList
*qsg
)
69 memset(qsg
, 0, sizeof(*qsg
));
73 BlockDriverAIOCB common
;
75 BlockDriverAIOCB
*acb
;
81 dma_addr_t sg_cur_byte
;
87 static void dma_bdrv_cb(void *opaque
, int ret
);
89 static void reschedule_dma(void *opaque
)
91 DMAAIOCB
*dbs
= (DMAAIOCB
*)opaque
;
93 qemu_bh_delete(dbs
->bh
);
98 static void continue_after_map_failure(void *opaque
)
100 DMAAIOCB
*dbs
= (DMAAIOCB
*)opaque
;
102 dbs
->bh
= qemu_bh_new(reschedule_dma
, dbs
);
103 qemu_bh_schedule(dbs
->bh
);
106 static void dma_bdrv_unmap(DMAAIOCB
*dbs
)
110 for (i
= 0; i
< dbs
->iov
.niov
; ++i
) {
111 dma_memory_unmap(dbs
->sg
->dma
, dbs
->iov
.iov
[i
].iov_base
,
112 dbs
->iov
.iov
[i
].iov_len
, dbs
->dir
,
113 dbs
->iov
.iov
[i
].iov_len
);
115 qemu_iovec_reset(&dbs
->iov
);
118 static void dma_complete(DMAAIOCB
*dbs
, int ret
)
120 trace_dma_complete(dbs
, ret
, dbs
->common
.cb
);
123 if (dbs
->common
.cb
) {
124 dbs
->common
.cb(dbs
->common
.opaque
, ret
);
126 qemu_iovec_destroy(&dbs
->iov
);
128 qemu_bh_delete(dbs
->bh
);
131 if (!dbs
->in_cancel
) {
132 /* Requests may complete while dma_aio_cancel is in progress. In
133 * this case, the AIOCB should not be released because it is still
134 * referenced by dma_aio_cancel. */
135 qemu_aio_release(dbs
);
139 static void dma_bdrv_cb(void *opaque
, int ret
)
141 DMAAIOCB
*dbs
= (DMAAIOCB
*)opaque
;
142 dma_addr_t cur_addr
, cur_len
;
145 trace_dma_bdrv_cb(dbs
, ret
);
148 dbs
->sector_num
+= dbs
->iov
.size
/ 512;
151 if (dbs
->sg_cur_index
== dbs
->sg
->nsg
|| ret
< 0) {
152 dma_complete(dbs
, ret
);
156 while (dbs
->sg_cur_index
< dbs
->sg
->nsg
) {
157 cur_addr
= dbs
->sg
->sg
[dbs
->sg_cur_index
].base
+ dbs
->sg_cur_byte
;
158 cur_len
= dbs
->sg
->sg
[dbs
->sg_cur_index
].len
- dbs
->sg_cur_byte
;
159 mem
= dma_memory_map(dbs
->sg
->dma
, cur_addr
, &cur_len
, dbs
->dir
);
162 qemu_iovec_add(&dbs
->iov
, mem
, cur_len
);
163 dbs
->sg_cur_byte
+= cur_len
;
164 if (dbs
->sg_cur_byte
== dbs
->sg
->sg
[dbs
->sg_cur_index
].len
) {
165 dbs
->sg_cur_byte
= 0;
170 if (dbs
->iov
.size
== 0) {
171 trace_dma_map_wait(dbs
);
172 cpu_register_map_client(dbs
, continue_after_map_failure
);
176 dbs
->acb
= dbs
->io_func(dbs
->bs
, dbs
->sector_num
, &dbs
->iov
,
177 dbs
->iov
.size
/ 512, dma_bdrv_cb
, dbs
);
181 static void dma_aio_cancel(BlockDriverAIOCB
*acb
)
183 DMAAIOCB
*dbs
= container_of(acb
, DMAAIOCB
, common
);
185 trace_dma_aio_cancel(dbs
);
188 BlockDriverAIOCB
*acb
= dbs
->acb
;
190 dbs
->in_cancel
= true;
191 bdrv_aio_cancel(acb
);
192 dbs
->in_cancel
= false;
194 dbs
->common
.cb
= NULL
;
195 dma_complete(dbs
, 0);
198 static AIOPool dma_aio_pool
= {
199 .aiocb_size
= sizeof(DMAAIOCB
),
200 .cancel
= dma_aio_cancel
,
203 BlockDriverAIOCB
*dma_bdrv_io(
204 BlockDriverState
*bs
, QEMUSGList
*sg
, uint64_t sector_num
,
205 DMAIOFunc
*io_func
, BlockDriverCompletionFunc
*cb
,
206 void *opaque
, DMADirection dir
)
208 DMAAIOCB
*dbs
= qemu_aio_get(&dma_aio_pool
, bs
, cb
, opaque
);
210 trace_dma_bdrv_io(dbs
, bs
, sector_num
, (dir
== DMA_DIRECTION_TO_DEVICE
));
215 dbs
->sector_num
= sector_num
;
216 dbs
->sg_cur_index
= 0;
217 dbs
->sg_cur_byte
= 0;
219 dbs
->io_func
= io_func
;
221 qemu_iovec_init(&dbs
->iov
, sg
->nsg
);
227 BlockDriverAIOCB
*dma_bdrv_read(BlockDriverState
*bs
,
228 QEMUSGList
*sg
, uint64_t sector
,
229 void (*cb
)(void *opaque
, int ret
), void *opaque
)
231 return dma_bdrv_io(bs
, sg
, sector
, bdrv_aio_readv
, cb
, opaque
,
232 DMA_DIRECTION_FROM_DEVICE
);
235 BlockDriverAIOCB
*dma_bdrv_write(BlockDriverState
*bs
,
236 QEMUSGList
*sg
, uint64_t sector
,
237 void (*cb
)(void *opaque
, int ret
), void *opaque
)
239 return dma_bdrv_io(bs
, sg
, sector
, bdrv_aio_writev
, cb
, opaque
,
240 DMA_DIRECTION_TO_DEVICE
);
244 static uint64_t dma_buf_rw(uint8_t *ptr
, int32_t len
, QEMUSGList
*sg
,
252 len
= MIN(len
, resid
);
254 ScatterGatherEntry entry
= sg
->sg
[sg_cur_index
++];
255 int32_t xfer
= MIN(len
, entry
.len
);
256 dma_memory_rw(sg
->dma
, entry
.base
, ptr
, xfer
, dir
);
265 uint64_t dma_buf_read(uint8_t *ptr
, int32_t len
, QEMUSGList
*sg
)
267 return dma_buf_rw(ptr
, len
, sg
, DMA_DIRECTION_FROM_DEVICE
);
270 uint64_t dma_buf_write(uint8_t *ptr
, int32_t len
, QEMUSGList
*sg
)
272 return dma_buf_rw(ptr
, len
, sg
, DMA_DIRECTION_TO_DEVICE
);
275 void dma_acct_start(BlockDriverState
*bs
, BlockAcctCookie
*cookie
,
276 QEMUSGList
*sg
, enum BlockAcctType type
)
278 bdrv_acct_start(bs
, cookie
, sg
->size
, type
);
281 bool iommu_dma_memory_valid(DMAContext
*dma
, dma_addr_t addr
, dma_addr_t len
,
284 target_phys_addr_t paddr
, plen
;
287 fprintf(stderr
, "dma_memory_check context=%p addr=0x" DMA_ADDR_FMT
288 " len=0x" DMA_ADDR_FMT
" dir=%d\n", dma
, addr
, len
, dir
);
292 if (dma
->translate(dma
, addr
, &paddr
, &plen
, dir
) != 0) {
296 /* The translation might be valid for larger regions. */
308 int iommu_dma_memory_rw(DMAContext
*dma
, dma_addr_t addr
,
309 void *buf
, dma_addr_t len
, DMADirection dir
)
311 target_phys_addr_t paddr
, plen
;
315 fprintf(stderr
, "dma_memory_rw context=%p addr=0x" DMA_ADDR_FMT
" len=0x"
316 DMA_ADDR_FMT
" dir=%d\n", dma
, addr
, len
, dir
);
320 err
= dma
->translate(dma
, addr
, &paddr
, &plen
, dir
);
323 * In case of failure on reads from the guest, we clean the
324 * destination buffer so that a device that doesn't test
325 * for errors will not expose qemu internal memory.
331 /* The translation might be valid for larger regions. */
336 address_space_rw(dma
->as
, paddr
, buf
, plen
, dir
== DMA_DIRECTION_FROM_DEVICE
);
346 int iommu_dma_memory_set(DMAContext
*dma
, dma_addr_t addr
, uint8_t c
,
349 target_phys_addr_t paddr
, plen
;
353 fprintf(stderr
, "dma_memory_set context=%p addr=0x" DMA_ADDR_FMT
354 " len=0x" DMA_ADDR_FMT
"\n", dma
, addr
, len
);
358 err
= dma
->translate(dma
, addr
, &paddr
, &plen
,
359 DMA_DIRECTION_FROM_DEVICE
);
364 /* The translation might be valid for larger regions. */
369 do_dma_memory_set(dma
->as
, paddr
, c
, plen
);
378 void dma_context_init(DMAContext
*dma
, AddressSpace
*as
, DMATranslateFunc translate
,
379 DMAMapFunc map
, DMAUnmapFunc unmap
)
382 fprintf(stderr
, "dma_context_init(%p, %p, %p, %p)\n",
383 dma
, translate
, map
, unmap
);
386 dma
->translate
= translate
;
391 void *iommu_dma_memory_map(DMAContext
*dma
, dma_addr_t addr
, dma_addr_t
*len
,
395 target_phys_addr_t paddr
, plen
;
399 return dma
->map(dma
, addr
, len
, dir
);
403 err
= dma
->translate(dma
, addr
, &paddr
, &plen
, dir
);
409 * If this is true, the virtual region is contiguous,
410 * but the translated physical region isn't. We just
411 * clamp *len, much like address_space_map() does.
417 buf
= address_space_map(dma
->as
, paddr
, &plen
, dir
== DMA_DIRECTION_FROM_DEVICE
);
423 void iommu_dma_memory_unmap(DMAContext
*dma
, void *buffer
, dma_addr_t len
,
424 DMADirection dir
, dma_addr_t access_len
)
427 dma
->unmap(dma
, buffer
, len
, dir
, access_len
);
431 address_space_unmap(dma
->as
, buffer
, len
, dir
== DMA_DIRECTION_FROM_DEVICE
,