1 /*
2 * Back-end of the driver for virtual network devices. This portion of the
3 * driver exports a 'unified' network-device interface that can be accessed
4 * by any operating system that implements a compatible front end. A
5 * reference front-end implementation can be found in:
6 * drivers/net/xen-netfront.c
7 *
8 * Copyright (c) 2002-2005, K A Fraser
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation; or, when distributed
13 * separately from the Linux kernel or incorporated into other
14 * software packages, subject to the following license:
15 *
16 * Permission is hereby granted, free of charge, to any person obtaining a copy
17 * of this source file (the "Software"), to deal in the Software without
18 * restriction, including without limitation the rights to use, copy, modify,
19 * merge, publish, distribute, sublicense, and/or sell copies of the Software,
20 * and to permit persons to whom the Software is furnished to do so, subject to
21 * the following conditions:
22 *
23 * The above copyright notice and this permission notice shall be included in
24 * all copies or substantial portions of the Software.
25 *
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
27 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
28 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
29 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
30 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
31 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
32 * IN THE SOFTWARE.
33 */
34
35 #include "common.h"
36
37 #include <linux/kthread.h>
38 #include <linux/if_vlan.h>
39 #include <linux/udp.h>
40 #include <linux/highmem.h>
41
42 #include <net/tcp.h>
43
44 #include <xen/xen.h>
45 #include <xen/events.h>
46 #include <xen/interface/memory.h>
47 #include <xen/page.h>
48
49 #include <asm/xen/hypercall.h>
50
51 /* Provide an option to disable split event channels at load time as
52 * event channels are limited resource. Split event channels are
53 * enabled by default.
54 */
55 bool separate_tx_rx_irq = true;
56 module_param(separate_tx_rx_irq, bool, 0644);
57
58 /* The time that packets can stay on the guest Rx internal queue
59 * before they are dropped.
60 */
61 unsigned int rx_drain_timeout_msecs = 10000;
62 module_param(rx_drain_timeout_msecs, uint, 0444);
63
64 /* The length of time before the frontend is considered unresponsive
65 * because it isn't providing Rx slots.
66 */
67 unsigned int rx_stall_timeout_msecs = 60000;
68 module_param(rx_stall_timeout_msecs, uint, 0444);
69
70 #define MAX_QUEUES_DEFAULT 8
71 unsigned int xenvif_max_queues;
72 module_param_named(max_queues, xenvif_max_queues, uint, 0644);
73 MODULE_PARM_DESC(max_queues,
74 "Maximum number of queues per virtual interface");
75
76 /*
77 * This is the maximum slots a skb can have. If a guest sends a skb
78 * which exceeds this limit it is considered malicious.
79 */
80 #define FATAL_SKB_SLOTS_DEFAULT 20
81 static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT;
82 module_param(fatal_skb_slots, uint, 0444);
83
84 /* The amount to copy out of the first guest Tx slot into the skb's
85 * linear area. If the first slot has more data, it will be mapped
86 * and put into the first frag.
87 *
88 * This is sized to avoid pulling headers from the frags for most
89 * TCP/IP packets.
90 */
91 #define XEN_NETBACK_TX_COPY_LEN 128
92
93
94 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx,
95 u8 status);
96
97 static void make_tx_response(struct xenvif_queue *queue,
98 struct xen_netif_tx_request *txp,
99 s8 st);
100 static void push_tx_responses(struct xenvif_queue *queue);
101
102 static inline int tx_work_todo(struct xenvif_queue *queue);
103
104 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue,
105 u16 id,
106 s8 st,
107 u16 offset,
108 u16 size,
109 u16 flags);
110
idx_to_pfn(struct xenvif_queue * queue,u16 idx)111 static inline unsigned long idx_to_pfn(struct xenvif_queue *queue,
112 u16 idx)
113 {
114 return page_to_pfn(queue->mmap_pages[idx]);
115 }
116
idx_to_kaddr(struct xenvif_queue * queue,u16 idx)117 static inline unsigned long idx_to_kaddr(struct xenvif_queue *queue,
118 u16 idx)
119 {
120 return (unsigned long)pfn_to_kaddr(idx_to_pfn(queue, idx));
121 }
122
123 #define callback_param(vif, pending_idx) \
124 (vif->pending_tx_info[pending_idx].callback_struct)
125
126 /* Find the containing VIF's structure from a pointer in pending_tx_info array
127 */
ubuf_to_queue(const struct ubuf_info * ubuf)128 static inline struct xenvif_queue *ubuf_to_queue(const struct ubuf_info *ubuf)
129 {
130 u16 pending_idx = ubuf->desc;
131 struct pending_tx_info *temp =
132 container_of(ubuf, struct pending_tx_info, callback_struct);
133 return container_of(temp - pending_idx,
134 struct xenvif_queue,
135 pending_tx_info[0]);
136 }
137
frag_get_pending_idx(skb_frag_t * frag)138 static u16 frag_get_pending_idx(skb_frag_t *frag)
139 {
140 return (u16)frag->page_offset;
141 }
142
frag_set_pending_idx(skb_frag_t * frag,u16 pending_idx)143 static void frag_set_pending_idx(skb_frag_t *frag, u16 pending_idx)
144 {
145 frag->page_offset = pending_idx;
146 }
147
pending_index(unsigned i)148 static inline pending_ring_idx_t pending_index(unsigned i)
149 {
150 return i & (MAX_PENDING_REQS-1);
151 }
152
xenvif_rx_ring_slots_needed(struct xenvif * vif)153 static int xenvif_rx_ring_slots_needed(struct xenvif *vif)
154 {
155 if (vif->gso_mask)
156 return DIV_ROUND_UP(vif->dev->gso_max_size, XEN_PAGE_SIZE) + 1;
157 else
158 return DIV_ROUND_UP(vif->dev->mtu, XEN_PAGE_SIZE);
159 }
160
xenvif_rx_ring_slots_available(struct xenvif_queue * queue)161 static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue)
162 {
163 RING_IDX prod, cons;
164 int needed;
165
166 needed = xenvif_rx_ring_slots_needed(queue->vif);
167
168 do {
169 prod = queue->rx.sring->req_prod;
170 cons = queue->rx.req_cons;
171
172 if (prod - cons >= needed)
173 return true;
174
175 queue->rx.sring->req_event = prod + 1;
176
177 /* Make sure event is visible before we check prod
178 * again.
179 */
180 mb();
181 } while (queue->rx.sring->req_prod != prod);
182
183 return false;
184 }
185
xenvif_rx_queue_tail(struct xenvif_queue * queue,struct sk_buff * skb)186 void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb)
187 {
188 unsigned long flags;
189
190 spin_lock_irqsave(&queue->rx_queue.lock, flags);
191
192 if (queue->rx_queue_len >= queue->rx_queue_max) {
193 netif_tx_stop_queue(netdev_get_tx_queue(queue->vif->dev, queue->id));
194 kfree_skb(skb);
195 queue->vif->dev->stats.rx_dropped++;
196 } else {
197 __skb_queue_tail(&queue->rx_queue, skb);
198
199 queue->rx_queue_len += skb->len;
200 }
201
202 spin_unlock_irqrestore(&queue->rx_queue.lock, flags);
203 }
204
xenvif_rx_dequeue(struct xenvif_queue * queue)205 static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue)
206 {
207 struct sk_buff *skb;
208
209 spin_lock_irq(&queue->rx_queue.lock);
210
211 skb = __skb_dequeue(&queue->rx_queue);
212 if (skb)
213 queue->rx_queue_len -= skb->len;
214
215 spin_unlock_irq(&queue->rx_queue.lock);
216
217 return skb;
218 }
219
xenvif_rx_queue_maybe_wake(struct xenvif_queue * queue)220 static void xenvif_rx_queue_maybe_wake(struct xenvif_queue *queue)
221 {
222 spin_lock_irq(&queue->rx_queue.lock);
223
224 if (queue->rx_queue_len < queue->rx_queue_max)
225 netif_tx_wake_queue(netdev_get_tx_queue(queue->vif->dev, queue->id));
226
227 spin_unlock_irq(&queue->rx_queue.lock);
228 }
229
230
xenvif_rx_queue_purge(struct xenvif_queue * queue)231 static void xenvif_rx_queue_purge(struct xenvif_queue *queue)
232 {
233 struct sk_buff *skb;
234 while ((skb = xenvif_rx_dequeue(queue)) != NULL)
235 kfree_skb(skb);
236 }
237
xenvif_rx_queue_drop_expired(struct xenvif_queue * queue)238 static void xenvif_rx_queue_drop_expired(struct xenvif_queue *queue)
239 {
240 struct sk_buff *skb;
241
242 for(;;) {
243 skb = skb_peek(&queue->rx_queue);
244 if (!skb)
245 break;
246 if (time_before(jiffies, XENVIF_RX_CB(skb)->expires))
247 break;
248 xenvif_rx_dequeue(queue);
249 kfree_skb(skb);
250 queue->vif->dev->stats.rx_dropped++;
251 }
252 }
253
254 struct netrx_pending_operations {
255 unsigned copy_prod, copy_cons;
256 unsigned meta_prod, meta_cons;
257 struct gnttab_copy *copy;
258 struct xenvif_rx_meta *meta;
259 int copy_off;
260 grant_ref_t copy_gref;
261 };
262
get_next_rx_buffer(struct xenvif_queue * queue,struct netrx_pending_operations * npo)263 static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue,
264 struct netrx_pending_operations *npo)
265 {
266 struct xenvif_rx_meta *meta;
267 struct xen_netif_rx_request req;
268
269 RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req);
270
271 meta = npo->meta + npo->meta_prod++;
272 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE;
273 meta->gso_size = 0;
274 meta->size = 0;
275 meta->id = req.id;
276
277 npo->copy_off = 0;
278 npo->copy_gref = req.gref;
279
280 return meta;
281 }
282
283 struct gop_frag_copy {
284 struct xenvif_queue *queue;
285 struct netrx_pending_operations *npo;
286 struct xenvif_rx_meta *meta;
287 int head;
288 int gso_type;
289
290 struct page *page;
291 };
292
xenvif_setup_copy_gop(unsigned long gfn,unsigned int offset,unsigned int * len,struct gop_frag_copy * info)293 static void xenvif_setup_copy_gop(unsigned long gfn,
294 unsigned int offset,
295 unsigned int *len,
296 struct gop_frag_copy *info)
297 {
298 struct gnttab_copy *copy_gop;
299 struct xen_page_foreign *foreign;
300 /* Convenient aliases */
301 struct xenvif_queue *queue = info->queue;
302 struct netrx_pending_operations *npo = info->npo;
303 struct page *page = info->page;
304
305 BUG_ON(npo->copy_off > MAX_BUFFER_OFFSET);
306
307 if (npo->copy_off == MAX_BUFFER_OFFSET)
308 info->meta = get_next_rx_buffer(queue, npo);
309
310 if (npo->copy_off + *len > MAX_BUFFER_OFFSET)
311 *len = MAX_BUFFER_OFFSET - npo->copy_off;
312
313 copy_gop = npo->copy + npo->copy_prod++;
314 copy_gop->flags = GNTCOPY_dest_gref;
315 copy_gop->len = *len;
316
317 foreign = xen_page_foreign(page);
318 if (foreign) {
319 copy_gop->source.domid = foreign->domid;
320 copy_gop->source.u.ref = foreign->gref;
321 copy_gop->flags |= GNTCOPY_source_gref;
322 } else {
323 copy_gop->source.domid = DOMID_SELF;
324 copy_gop->source.u.gmfn = gfn;
325 }
326 copy_gop->source.offset = offset;
327
328 copy_gop->dest.domid = queue->vif->domid;
329 copy_gop->dest.offset = npo->copy_off;
330 copy_gop->dest.u.ref = npo->copy_gref;
331
332 npo->copy_off += *len;
333 info->meta->size += *len;
334
335 /* Leave a gap for the GSO descriptor. */
336 if (info->head && ((1 << info->gso_type) & queue->vif->gso_mask))
337 queue->rx.req_cons++;
338
339 info->head = 0; /* There must be something in this buffer now */
340 }
341
xenvif_gop_frag_copy_grant(unsigned long gfn,unsigned offset,unsigned int len,void * data)342 static void xenvif_gop_frag_copy_grant(unsigned long gfn,
343 unsigned offset,
344 unsigned int len,
345 void *data)
346 {
347 unsigned int bytes;
348
349 while (len) {
350 bytes = len;
351 xenvif_setup_copy_gop(gfn, offset, &bytes, data);
352 offset += bytes;
353 len -= bytes;
354 }
355 }
356
357 /*
358 * Set up the grant operations for this fragment. If it's a flipping
359 * interface, we also set up the unmap request from here.
360 */
xenvif_gop_frag_copy(struct xenvif_queue * queue,struct sk_buff * skb,struct netrx_pending_operations * npo,struct page * page,unsigned long size,unsigned long offset,int * head)361 static void xenvif_gop_frag_copy(struct xenvif_queue *queue, struct sk_buff *skb,
362 struct netrx_pending_operations *npo,
363 struct page *page, unsigned long size,
364 unsigned long offset, int *head)
365 {
366 struct gop_frag_copy info = {
367 .queue = queue,
368 .npo = npo,
369 .head = *head,
370 .gso_type = XEN_NETIF_GSO_TYPE_NONE,
371 };
372 unsigned long bytes;
373
374 if (skb_is_gso(skb)) {
375 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4)
376 info.gso_type = XEN_NETIF_GSO_TYPE_TCPV4;
377 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
378 info.gso_type = XEN_NETIF_GSO_TYPE_TCPV6;
379 }
380
381 /* Data must not cross a page boundary. */
382 BUG_ON(size + offset > PAGE_SIZE<<compound_order(page));
383
384 info.meta = npo->meta + npo->meta_prod - 1;
385
386 /* Skip unused frames from start of page */
387 page += offset >> PAGE_SHIFT;
388 offset &= ~PAGE_MASK;
389
390 while (size > 0) {
391 BUG_ON(offset >= PAGE_SIZE);
392
393 bytes = PAGE_SIZE - offset;
394 if (bytes > size)
395 bytes = size;
396
397 info.page = page;
398 gnttab_foreach_grant_in_range(page, offset, bytes,
399 xenvif_gop_frag_copy_grant,
400 &info);
401 size -= bytes;
402 offset = 0;
403
404 /* Next page */
405 if (size) {
406 BUG_ON(!PageCompound(page));
407 page++;
408 }
409 }
410
411 *head = info.head;
412 }
413
414 /*
415 * Prepare an SKB to be transmitted to the frontend.
416 *
417 * This function is responsible for allocating grant operations, meta
418 * structures, etc.
419 *
420 * It returns the number of meta structures consumed. The number of
421 * ring slots used is always equal to the number of meta slots used
422 * plus the number of GSO descriptors used. Currently, we use either
423 * zero GSO descriptors (for non-GSO packets) or one descriptor (for
424 * frontend-side LRO).
425 */
xenvif_gop_skb(struct sk_buff * skb,struct netrx_pending_operations * npo,struct xenvif_queue * queue)426 static int xenvif_gop_skb(struct sk_buff *skb,
427 struct netrx_pending_operations *npo,
428 struct xenvif_queue *queue)
429 {
430 struct xenvif *vif = netdev_priv(skb->dev);
431 int nr_frags = skb_shinfo(skb)->nr_frags;
432 int i;
433 struct xen_netif_rx_request req;
434 struct xenvif_rx_meta *meta;
435 unsigned char *data;
436 int head = 1;
437 int old_meta_prod;
438 int gso_type;
439
440 old_meta_prod = npo->meta_prod;
441
442 gso_type = XEN_NETIF_GSO_TYPE_NONE;
443 if (skb_is_gso(skb)) {
444 if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4)
445 gso_type = XEN_NETIF_GSO_TYPE_TCPV4;
446 else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
447 gso_type = XEN_NETIF_GSO_TYPE_TCPV6;
448 }
449
450 /* Set up a GSO prefix descriptor, if necessary */
451 if ((1 << gso_type) & vif->gso_prefix_mask) {
452 RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req);
453 meta = npo->meta + npo->meta_prod++;
454 meta->gso_type = gso_type;
455 meta->gso_size = skb_shinfo(skb)->gso_size;
456 meta->size = 0;
457 meta->id = req.id;
458 }
459
460 RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req);
461 meta = npo->meta + npo->meta_prod++;
462
463 if ((1 << gso_type) & vif->gso_mask) {
464 meta->gso_type = gso_type;
465 meta->gso_size = skb_shinfo(skb)->gso_size;
466 } else {
467 meta->gso_type = XEN_NETIF_GSO_TYPE_NONE;
468 meta->gso_size = 0;
469 }
470
471 meta->size = 0;
472 meta->id = req.id;
473 npo->copy_off = 0;
474 npo->copy_gref = req.gref;
475
476 data = skb->data;
477 while (data < skb_tail_pointer(skb)) {
478 unsigned int offset = offset_in_page(data);
479 unsigned int len = PAGE_SIZE - offset;
480
481 if (data + len > skb_tail_pointer(skb))
482 len = skb_tail_pointer(skb) - data;
483
484 xenvif_gop_frag_copy(queue, skb, npo,
485 virt_to_page(data), len, offset, &head);
486 data += len;
487 }
488
489 for (i = 0; i < nr_frags; i++) {
490 xenvif_gop_frag_copy(queue, skb, npo,
491 skb_frag_page(&skb_shinfo(skb)->frags[i]),
492 skb_frag_size(&skb_shinfo(skb)->frags[i]),
493 skb_shinfo(skb)->frags[i].page_offset,
494 &head);
495 }
496
497 return npo->meta_prod - old_meta_prod;
498 }
499
500 /*
501 * This is a twin to xenvif_gop_skb. Assume that xenvif_gop_skb was
502 * used to set up the operations on the top of
503 * netrx_pending_operations, which have since been done. Check that
504 * they didn't give any errors and advance over them.
505 */
xenvif_check_gop(struct xenvif * vif,int nr_meta_slots,struct netrx_pending_operations * npo)506 static int xenvif_check_gop(struct xenvif *vif, int nr_meta_slots,
507 struct netrx_pending_operations *npo)
508 {
509 struct gnttab_copy *copy_op;
510 int status = XEN_NETIF_RSP_OKAY;
511 int i;
512
513 for (i = 0; i < nr_meta_slots; i++) {
514 copy_op = npo->copy + npo->copy_cons++;
515 if (copy_op->status != GNTST_okay) {
516 netdev_dbg(vif->dev,
517 "Bad status %d from copy to DOM%d.\n",
518 copy_op->status, vif->domid);
519 status = XEN_NETIF_RSP_ERROR;
520 }
521 }
522
523 return status;
524 }
525
xenvif_add_frag_responses(struct xenvif_queue * queue,int status,struct xenvif_rx_meta * meta,int nr_meta_slots)526 static void xenvif_add_frag_responses(struct xenvif_queue *queue, int status,
527 struct xenvif_rx_meta *meta,
528 int nr_meta_slots)
529 {
530 int i;
531 unsigned long offset;
532
533 /* No fragments used */
534 if (nr_meta_slots <= 1)
535 return;
536
537 nr_meta_slots--;
538
539 for (i = 0; i < nr_meta_slots; i++) {
540 int flags;
541 if (i == nr_meta_slots - 1)
542 flags = 0;
543 else
544 flags = XEN_NETRXF_more_data;
545
546 offset = 0;
547 make_rx_response(queue, meta[i].id, status, offset,
548 meta[i].size, flags);
549 }
550 }
551
xenvif_kick_thread(struct xenvif_queue * queue)552 void xenvif_kick_thread(struct xenvif_queue *queue)
553 {
554 wake_up(&queue->wq);
555 }
556
xenvif_rx_action(struct xenvif_queue * queue)557 static void xenvif_rx_action(struct xenvif_queue *queue)
558 {
559 s8 status;
560 u16 flags;
561 struct xen_netif_rx_response *resp;
562 struct sk_buff_head rxq;
563 struct sk_buff *skb;
564 LIST_HEAD(notify);
565 int ret;
566 unsigned long offset;
567 bool need_to_notify = false;
568
569 struct netrx_pending_operations npo = {
570 .copy = queue->grant_copy_op,
571 .meta = queue->meta,
572 };
573
574 skb_queue_head_init(&rxq);
575
576 while (xenvif_rx_ring_slots_available(queue)
577 && (skb = xenvif_rx_dequeue(queue)) != NULL) {
578 queue->last_rx_time = jiffies;
579
580 XENVIF_RX_CB(skb)->meta_slots_used = xenvif_gop_skb(skb, &npo, queue);
581
582 __skb_queue_tail(&rxq, skb);
583 }
584
585 BUG_ON(npo.meta_prod > ARRAY_SIZE(queue->meta));
586
587 if (!npo.copy_prod)
588 goto done;
589
590 BUG_ON(npo.copy_prod > MAX_GRANT_COPY_OPS);
591 gnttab_batch_copy(queue->grant_copy_op, npo.copy_prod);
592
593 while ((skb = __skb_dequeue(&rxq)) != NULL) {
594
595 if ((1 << queue->meta[npo.meta_cons].gso_type) &
596 queue->vif->gso_prefix_mask) {
597 resp = RING_GET_RESPONSE(&queue->rx,
598 queue->rx.rsp_prod_pvt++);
599
600 resp->flags = XEN_NETRXF_gso_prefix | XEN_NETRXF_more_data;
601
602 resp->offset = queue->meta[npo.meta_cons].gso_size;
603 resp->id = queue->meta[npo.meta_cons].id;
604 resp->status = XENVIF_RX_CB(skb)->meta_slots_used;
605
606 npo.meta_cons++;
607 XENVIF_RX_CB(skb)->meta_slots_used--;
608 }
609
610
611 queue->stats.tx_bytes += skb->len;
612 queue->stats.tx_packets++;
613
614 status = xenvif_check_gop(queue->vif,
615 XENVIF_RX_CB(skb)->meta_slots_used,
616 &npo);
617
618 if (XENVIF_RX_CB(skb)->meta_slots_used == 1)
619 flags = 0;
620 else
621 flags = XEN_NETRXF_more_data;
622
623 if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */
624 flags |= XEN_NETRXF_csum_blank | XEN_NETRXF_data_validated;
625 else if (skb->ip_summed == CHECKSUM_UNNECESSARY)
626 /* remote but checksummed. */
627 flags |= XEN_NETRXF_data_validated;
628
629 offset = 0;
630 resp = make_rx_response(queue, queue->meta[npo.meta_cons].id,
631 status, offset,
632 queue->meta[npo.meta_cons].size,
633 flags);
634
635 if ((1 << queue->meta[npo.meta_cons].gso_type) &
636 queue->vif->gso_mask) {
637 struct xen_netif_extra_info *gso =
638 (struct xen_netif_extra_info *)
639 RING_GET_RESPONSE(&queue->rx,
640 queue->rx.rsp_prod_pvt++);
641
642 resp->flags |= XEN_NETRXF_extra_info;
643
644 gso->u.gso.type = queue->meta[npo.meta_cons].gso_type;
645 gso->u.gso.size = queue->meta[npo.meta_cons].gso_size;
646 gso->u.gso.pad = 0;
647 gso->u.gso.features = 0;
648
649 gso->type = XEN_NETIF_EXTRA_TYPE_GSO;
650 gso->flags = 0;
651 }
652
653 xenvif_add_frag_responses(queue, status,
654 queue->meta + npo.meta_cons + 1,
655 XENVIF_RX_CB(skb)->meta_slots_used);
656
657 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->rx, ret);
658
659 need_to_notify |= !!ret;
660
661 npo.meta_cons += XENVIF_RX_CB(skb)->meta_slots_used;
662 dev_kfree_skb(skb);
663 }
664
665 done:
666 if (need_to_notify)
667 notify_remote_via_irq(queue->rx_irq);
668 }
669
xenvif_napi_schedule_or_enable_events(struct xenvif_queue * queue)670 void xenvif_napi_schedule_or_enable_events(struct xenvif_queue *queue)
671 {
672 int more_to_do;
673
674 RING_FINAL_CHECK_FOR_REQUESTS(&queue->tx, more_to_do);
675
676 if (more_to_do)
677 napi_schedule(&queue->napi);
678 else if (xenvif_atomic_fetch_andnot(NETBK_TX_EOI | NETBK_COMMON_EOI,
679 &queue->eoi_pending) &
680 (NETBK_TX_EOI | NETBK_COMMON_EOI))
681 xen_irq_lateeoi(queue->tx_irq, 0);
682 }
683
tx_add_credit(struct xenvif_queue * queue)684 static void tx_add_credit(struct xenvif_queue *queue)
685 {
686 unsigned long max_burst, max_credit;
687
688 /*
689 * Allow a burst big enough to transmit a jumbo packet of up to 128kB.
690 * Otherwise the interface can seize up due to insufficient credit.
691 */
692 max_burst = max(131072UL, queue->credit_bytes);
693
694 /* Take care that adding a new chunk of credit doesn't wrap to zero. */
695 max_credit = queue->remaining_credit + queue->credit_bytes;
696 if (max_credit < queue->remaining_credit)
697 max_credit = ULONG_MAX; /* wrapped: clamp to ULONG_MAX */
698
699 queue->remaining_credit = min(max_credit, max_burst);
700 queue->rate_limited = false;
701 }
702
xenvif_tx_credit_callback(unsigned long data)703 void xenvif_tx_credit_callback(unsigned long data)
704 {
705 struct xenvif_queue *queue = (struct xenvif_queue *)data;
706 tx_add_credit(queue);
707 xenvif_napi_schedule_or_enable_events(queue);
708 }
709
xenvif_tx_err(struct xenvif_queue * queue,struct xen_netif_tx_request * txp,RING_IDX end)710 static void xenvif_tx_err(struct xenvif_queue *queue,
711 struct xen_netif_tx_request *txp, RING_IDX end)
712 {
713 RING_IDX cons = queue->tx.req_cons;
714 unsigned long flags;
715
716 do {
717 spin_lock_irqsave(&queue->response_lock, flags);
718 make_tx_response(queue, txp, XEN_NETIF_RSP_ERROR);
719 push_tx_responses(queue);
720 spin_unlock_irqrestore(&queue->response_lock, flags);
721 if (cons == end)
722 break;
723 RING_COPY_REQUEST(&queue->tx, cons++, txp);
724 } while (1);
725 queue->tx.req_cons = cons;
726 }
727
xenvif_fatal_tx_err(struct xenvif * vif)728 static void xenvif_fatal_tx_err(struct xenvif *vif)
729 {
730 netdev_err(vif->dev, "fatal error; disabling device\n");
731 vif->disabled = true;
732 /* Disable the vif from queue 0's kthread */
733 if (vif->queues)
734 xenvif_kick_thread(&vif->queues[0]);
735 }
736
xenvif_count_requests(struct xenvif_queue * queue,struct xen_netif_tx_request * first,struct xen_netif_tx_request * txp,int work_to_do)737 static int xenvif_count_requests(struct xenvif_queue *queue,
738 struct xen_netif_tx_request *first,
739 struct xen_netif_tx_request *txp,
740 int work_to_do)
741 {
742 RING_IDX cons = queue->tx.req_cons;
743 int slots = 0;
744 int drop_err = 0;
745 int more_data;
746
747 if (!(first->flags & XEN_NETTXF_more_data))
748 return 0;
749
750 do {
751 struct xen_netif_tx_request dropped_tx = { 0 };
752
753 if (slots >= work_to_do) {
754 netdev_err(queue->vif->dev,
755 "Asked for %d slots but exceeds this limit\n",
756 work_to_do);
757 xenvif_fatal_tx_err(queue->vif);
758 return -ENODATA;
759 }
760
761 /* This guest is really using too many slots and
762 * considered malicious.
763 */
764 if (unlikely(slots >= fatal_skb_slots)) {
765 netdev_err(queue->vif->dev,
766 "Malicious frontend using %d slots, threshold %u\n",
767 slots, fatal_skb_slots);
768 xenvif_fatal_tx_err(queue->vif);
769 return -E2BIG;
770 }
771
772 /* Xen network protocol had implicit dependency on
773 * MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to
774 * the historical MAX_SKB_FRAGS value 18 to honor the
775 * same behavior as before. Any packet using more than
776 * 18 slots but less than fatal_skb_slots slots is
777 * dropped
778 */
779 if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) {
780 if (net_ratelimit())
781 netdev_dbg(queue->vif->dev,
782 "Too many slots (%d) exceeding limit (%d), dropping packet\n",
783 slots, XEN_NETBK_LEGACY_SLOTS_MAX);
784 drop_err = -E2BIG;
785 }
786
787 if (drop_err)
788 txp = &dropped_tx;
789
790 RING_COPY_REQUEST(&queue->tx, cons + slots, txp);
791
792 /* If the guest submitted a frame >= 64 KiB then
793 * first->size overflowed and following slots will
794 * appear to be larger than the frame.
795 *
796 * This cannot be fatal error as there are buggy
797 * frontends that do this.
798 *
799 * Consume all slots and drop the packet.
800 */
801 if (!drop_err && txp->size > first->size) {
802 if (net_ratelimit())
803 netdev_dbg(queue->vif->dev,
804 "Invalid tx request, slot size %u > remaining size %u\n",
805 txp->size, first->size);
806 drop_err = -EIO;
807 }
808
809 first->size -= txp->size;
810 slots++;
811
812 if (unlikely((txp->offset + txp->size) > XEN_PAGE_SIZE)) {
813 netdev_err(queue->vif->dev, "Cross page boundary, txp->offset: %u, size: %u\n",
814 txp->offset, txp->size);
815 xenvif_fatal_tx_err(queue->vif);
816 return -EINVAL;
817 }
818
819 more_data = txp->flags & XEN_NETTXF_more_data;
820
821 if (!drop_err)
822 txp++;
823
824 } while (more_data);
825
826 if (drop_err) {
827 xenvif_tx_err(queue, first, cons + slots);
828 return drop_err;
829 }
830
831 return slots;
832 }
833
834
835 struct xenvif_tx_cb {
836 u16 pending_idx;
837 };
838
839 #define XENVIF_TX_CB(skb) ((struct xenvif_tx_cb *)(skb)->cb)
840
xenvif_tx_create_map_op(struct xenvif_queue * queue,u16 pending_idx,struct xen_netif_tx_request * txp,struct gnttab_map_grant_ref * mop)841 static inline void xenvif_tx_create_map_op(struct xenvif_queue *queue,
842 u16 pending_idx,
843 struct xen_netif_tx_request *txp,
844 struct gnttab_map_grant_ref *mop)
845 {
846 queue->pages_to_map[mop-queue->tx_map_ops] = queue->mmap_pages[pending_idx];
847 gnttab_set_map_op(mop, idx_to_kaddr(queue, pending_idx),
848 GNTMAP_host_map | GNTMAP_readonly,
849 txp->gref, queue->vif->domid);
850
851 memcpy(&queue->pending_tx_info[pending_idx].req, txp,
852 sizeof(*txp));
853 }
854
xenvif_alloc_skb(unsigned int size)855 static inline struct sk_buff *xenvif_alloc_skb(unsigned int size)
856 {
857 struct sk_buff *skb =
858 alloc_skb(size + NET_SKB_PAD + NET_IP_ALIGN,
859 GFP_ATOMIC | __GFP_NOWARN);
860 if (unlikely(skb == NULL))
861 return NULL;
862
863 /* Packets passed to netif_rx() must have some headroom. */
864 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
865
866 /* Initialize it here to avoid later surprises */
867 skb_shinfo(skb)->destructor_arg = NULL;
868
869 return skb;
870 }
871
xenvif_get_requests(struct xenvif_queue * queue,struct sk_buff * skb,struct xen_netif_tx_request * txp,struct gnttab_map_grant_ref * gop,unsigned int frag_overflow,struct sk_buff * nskb)872 static struct gnttab_map_grant_ref *xenvif_get_requests(struct xenvif_queue *queue,
873 struct sk_buff *skb,
874 struct xen_netif_tx_request *txp,
875 struct gnttab_map_grant_ref *gop,
876 unsigned int frag_overflow,
877 struct sk_buff *nskb)
878 {
879 struct skb_shared_info *shinfo = skb_shinfo(skb);
880 skb_frag_t *frags = shinfo->frags;
881 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx;
882 int start;
883 pending_ring_idx_t index;
884 unsigned int nr_slots;
885
886 nr_slots = shinfo->nr_frags;
887
888 /* Skip first skb fragment if it is on same page as header fragment. */
889 start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx);
890
891 for (shinfo->nr_frags = start; shinfo->nr_frags < nr_slots;
892 shinfo->nr_frags++, txp++, gop++) {
893 index = pending_index(queue->pending_cons++);
894 pending_idx = queue->pending_ring[index];
895 xenvif_tx_create_map_op(queue, pending_idx, txp, gop);
896 frag_set_pending_idx(&frags[shinfo->nr_frags], pending_idx);
897 }
898
899 if (frag_overflow) {
900
901 shinfo = skb_shinfo(nskb);
902 frags = shinfo->frags;
903
904 for (shinfo->nr_frags = 0; shinfo->nr_frags < frag_overflow;
905 shinfo->nr_frags++, txp++, gop++) {
906 index = pending_index(queue->pending_cons++);
907 pending_idx = queue->pending_ring[index];
908 xenvif_tx_create_map_op(queue, pending_idx, txp, gop);
909 frag_set_pending_idx(&frags[shinfo->nr_frags],
910 pending_idx);
911 }
912
913 skb_shinfo(skb)->frag_list = nskb;
914 }
915
916 return gop;
917 }
918
xenvif_grant_handle_set(struct xenvif_queue * queue,u16 pending_idx,grant_handle_t handle)919 static inline void xenvif_grant_handle_set(struct xenvif_queue *queue,
920 u16 pending_idx,
921 grant_handle_t handle)
922 {
923 if (unlikely(queue->grant_tx_handle[pending_idx] !=
924 NETBACK_INVALID_HANDLE)) {
925 netdev_err(queue->vif->dev,
926 "Trying to overwrite active handle! pending_idx: 0x%x\n",
927 pending_idx);
928 BUG();
929 }
930 queue->grant_tx_handle[pending_idx] = handle;
931 }
932
xenvif_grant_handle_reset(struct xenvif_queue * queue,u16 pending_idx)933 static inline void xenvif_grant_handle_reset(struct xenvif_queue *queue,
934 u16 pending_idx)
935 {
936 if (unlikely(queue->grant_tx_handle[pending_idx] ==
937 NETBACK_INVALID_HANDLE)) {
938 netdev_err(queue->vif->dev,
939 "Trying to unmap invalid handle! pending_idx: 0x%x\n",
940 pending_idx);
941 BUG();
942 }
943 queue->grant_tx_handle[pending_idx] = NETBACK_INVALID_HANDLE;
944 }
945
xenvif_tx_check_gop(struct xenvif_queue * queue,struct sk_buff * skb,struct gnttab_map_grant_ref ** gopp_map,struct gnttab_copy ** gopp_copy)946 static int xenvif_tx_check_gop(struct xenvif_queue *queue,
947 struct sk_buff *skb,
948 struct gnttab_map_grant_ref **gopp_map,
949 struct gnttab_copy **gopp_copy)
950 {
951 struct gnttab_map_grant_ref *gop_map = *gopp_map;
952 u16 pending_idx = XENVIF_TX_CB(skb)->pending_idx;
953 /* This always points to the shinfo of the skb being checked, which
954 * could be either the first or the one on the frag_list
955 */
956 struct skb_shared_info *shinfo = skb_shinfo(skb);
957 /* If this is non-NULL, we are currently checking the frag_list skb, and
958 * this points to the shinfo of the first one
959 */
960 struct skb_shared_info *first_shinfo = NULL;
961 int nr_frags = shinfo->nr_frags;
962 const bool sharedslot = nr_frags &&
963 frag_get_pending_idx(&shinfo->frags[0]) == pending_idx;
964 int i, err;
965
966 /* Check status of header. */
967 err = (*gopp_copy)->status;
968 if (unlikely(err)) {
969 if (net_ratelimit())
970 netdev_dbg(queue->vif->dev,
971 "Grant copy of header failed! status: %d pending_idx: %u ref: %u\n",
972 (*gopp_copy)->status,
973 pending_idx,
974 (*gopp_copy)->source.u.ref);
975 /* The first frag might still have this slot mapped */
976 if (!sharedslot)
977 xenvif_idx_release(queue, pending_idx,
978 XEN_NETIF_RSP_ERROR);
979 }
980 (*gopp_copy)++;
981
982 check_frags:
983 for (i = 0; i < nr_frags; i++, gop_map++) {
984 int j, newerr;
985
986 pending_idx = frag_get_pending_idx(&shinfo->frags[i]);
987
988 /* Check error status: if okay then remember grant handle. */
989 newerr = gop_map->status;
990
991 if (likely(!newerr)) {
992 xenvif_grant_handle_set(queue,
993 pending_idx,
994 gop_map->handle);
995 /* Had a previous error? Invalidate this fragment. */
996 if (unlikely(err)) {
997 xenvif_idx_unmap(queue, pending_idx);
998 /* If the mapping of the first frag was OK, but
999 * the header's copy failed, and they are
1000 * sharing a slot, send an error
1001 */
1002 if (i == 0 && !first_shinfo && sharedslot)
1003 xenvif_idx_release(queue, pending_idx,
1004 XEN_NETIF_RSP_ERROR);
1005 else
1006 xenvif_idx_release(queue, pending_idx,
1007 XEN_NETIF_RSP_OKAY);
1008 }
1009 continue;
1010 }
1011
1012 /* Error on this fragment: respond to client with an error. */
1013 if (net_ratelimit())
1014 netdev_dbg(queue->vif->dev,
1015 "Grant map of %d. frag failed! status: %d pending_idx: %u ref: %u\n",
1016 i,
1017 gop_map->status,
1018 pending_idx,
1019 gop_map->ref);
1020
1021 xenvif_idx_release(queue, pending_idx, XEN_NETIF_RSP_ERROR);
1022
1023 /* Not the first error? Preceding frags already invalidated. */
1024 if (err)
1025 continue;
1026
1027 /* First error: if the header haven't shared a slot with the
1028 * first frag, release it as well.
1029 */
1030 if (!sharedslot)
1031 xenvif_idx_release(queue,
1032 XENVIF_TX_CB(skb)->pending_idx,
1033 XEN_NETIF_RSP_OKAY);
1034
1035 /* Invalidate preceding fragments of this skb. */
1036 for (j = 0; j < i; j++) {
1037 pending_idx = frag_get_pending_idx(&shinfo->frags[j]);
1038 xenvif_idx_unmap(queue, pending_idx);
1039 xenvif_idx_release(queue, pending_idx,
1040 XEN_NETIF_RSP_OKAY);
1041 }
1042
1043 /* And if we found the error while checking the frag_list, unmap
1044 * the first skb's frags
1045 */
1046 if (first_shinfo) {
1047 for (j = 0; j < first_shinfo->nr_frags; j++) {
1048 pending_idx = frag_get_pending_idx(&first_shinfo->frags[j]);
1049 xenvif_idx_unmap(queue, pending_idx);
1050 xenvif_idx_release(queue, pending_idx,
1051 XEN_NETIF_RSP_OKAY);
1052 }
1053 }
1054
1055 /* Remember the error: invalidate all subsequent fragments. */
1056 err = newerr;
1057 }
1058
1059 if (skb_has_frag_list(skb) && !first_shinfo) {
1060 first_shinfo = skb_shinfo(skb);
1061 shinfo = skb_shinfo(skb_shinfo(skb)->frag_list);
1062 nr_frags = shinfo->nr_frags;
1063
1064 goto check_frags;
1065 }
1066
1067 *gopp_map = gop_map;
1068 return err;
1069 }
1070
xenvif_fill_frags(struct xenvif_queue * queue,struct sk_buff * skb)1071 static void xenvif_fill_frags(struct xenvif_queue *queue, struct sk_buff *skb)
1072 {
1073 struct skb_shared_info *shinfo = skb_shinfo(skb);
1074 int nr_frags = shinfo->nr_frags;
1075 int i;
1076 u16 prev_pending_idx = INVALID_PENDING_IDX;
1077
1078 for (i = 0; i < nr_frags; i++) {
1079 skb_frag_t *frag = shinfo->frags + i;
1080 struct xen_netif_tx_request *txp;
1081 struct page *page;
1082 u16 pending_idx;
1083
1084 pending_idx = frag_get_pending_idx(frag);
1085
1086 /* If this is not the first frag, chain it to the previous*/
1087 if (prev_pending_idx == INVALID_PENDING_IDX)
1088 skb_shinfo(skb)->destructor_arg =
1089 &callback_param(queue, pending_idx);
1090 else
1091 callback_param(queue, prev_pending_idx).ctx =
1092 &callback_param(queue, pending_idx);
1093
1094 callback_param(queue, pending_idx).ctx = NULL;
1095 prev_pending_idx = pending_idx;
1096
1097 txp = &queue->pending_tx_info[pending_idx].req;
1098 page = virt_to_page(idx_to_kaddr(queue, pending_idx));
1099 __skb_fill_page_desc(skb, i, page, txp->offset, txp->size);
1100 skb->len += txp->size;
1101 skb->data_len += txp->size;
1102 skb->truesize += txp->size;
1103
1104 /* Take an extra reference to offset network stack's put_page */
1105 get_page(queue->mmap_pages[pending_idx]);
1106 }
1107 }
1108
xenvif_get_extras(struct xenvif_queue * queue,struct xen_netif_extra_info * extras,int work_to_do)1109 static int xenvif_get_extras(struct xenvif_queue *queue,
1110 struct xen_netif_extra_info *extras,
1111 int work_to_do)
1112 {
1113 struct xen_netif_extra_info extra;
1114 RING_IDX cons = queue->tx.req_cons;
1115
1116 do {
1117 if (unlikely(work_to_do-- <= 0)) {
1118 netdev_err(queue->vif->dev, "Missing extra info\n");
1119 xenvif_fatal_tx_err(queue->vif);
1120 return -EBADR;
1121 }
1122
1123 RING_COPY_REQUEST(&queue->tx, cons, &extra);
1124 if (unlikely(!extra.type ||
1125 extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) {
1126 queue->tx.req_cons = ++cons;
1127 netdev_err(queue->vif->dev,
1128 "Invalid extra type: %d\n", extra.type);
1129 xenvif_fatal_tx_err(queue->vif);
1130 return -EINVAL;
1131 }
1132
1133 memcpy(&extras[extra.type - 1], &extra, sizeof(extra));
1134 queue->tx.req_cons = ++cons;
1135 } while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE);
1136
1137 return work_to_do;
1138 }
1139
xenvif_set_skb_gso(struct xenvif * vif,struct sk_buff * skb,struct xen_netif_extra_info * gso)1140 static int xenvif_set_skb_gso(struct xenvif *vif,
1141 struct sk_buff *skb,
1142 struct xen_netif_extra_info *gso)
1143 {
1144 if (!gso->u.gso.size) {
1145 netdev_err(vif->dev, "GSO size must not be zero.\n");
1146 xenvif_fatal_tx_err(vif);
1147 return -EINVAL;
1148 }
1149
1150 switch (gso->u.gso.type) {
1151 case XEN_NETIF_GSO_TYPE_TCPV4:
1152 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
1153 break;
1154 case XEN_NETIF_GSO_TYPE_TCPV6:
1155 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
1156 break;
1157 default:
1158 netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type);
1159 xenvif_fatal_tx_err(vif);
1160 return -EINVAL;
1161 }
1162
1163 skb_shinfo(skb)->gso_size = gso->u.gso.size;
1164 /* gso_segs will be calculated later */
1165
1166 return 0;
1167 }
1168
checksum_setup(struct xenvif_queue * queue,struct sk_buff * skb)1169 static int checksum_setup(struct xenvif_queue *queue, struct sk_buff *skb)
1170 {
1171 bool recalculate_partial_csum = false;
1172
1173 /* A GSO SKB must be CHECKSUM_PARTIAL. However some buggy
1174 * peers can fail to set NETRXF_csum_blank when sending a GSO
1175 * frame. In this case force the SKB to CHECKSUM_PARTIAL and
1176 * recalculate the partial checksum.
1177 */
1178 if (skb->ip_summed != CHECKSUM_PARTIAL && skb_is_gso(skb)) {
1179 queue->stats.rx_gso_checksum_fixup++;
1180 skb->ip_summed = CHECKSUM_PARTIAL;
1181 recalculate_partial_csum = true;
1182 }
1183
1184 /* A non-CHECKSUM_PARTIAL SKB does not require setup. */
1185 if (skb->ip_summed != CHECKSUM_PARTIAL)
1186 return 0;
1187
1188 return skb_checksum_setup(skb, recalculate_partial_csum);
1189 }
1190
tx_credit_exceeded(struct xenvif_queue * queue,unsigned size)1191 static bool tx_credit_exceeded(struct xenvif_queue *queue, unsigned size)
1192 {
1193 u64 now = get_jiffies_64();
1194 u64 next_credit = queue->credit_window_start +
1195 msecs_to_jiffies(queue->credit_usec / 1000);
1196
1197 /* Timer could already be pending in rare cases. */
1198 if (timer_pending(&queue->credit_timeout)) {
1199 queue->rate_limited = true;
1200 return true;
1201 }
1202
1203 /* Passed the point where we can replenish credit? */
1204 if (time_after_eq64(now, next_credit)) {
1205 queue->credit_window_start = now;
1206 tx_add_credit(queue);
1207 }
1208
1209 /* Still too big to send right now? Set a callback. */
1210 if (size > queue->remaining_credit) {
1211 queue->credit_timeout.data =
1212 (unsigned long)queue;
1213 mod_timer(&queue->credit_timeout,
1214 next_credit);
1215 queue->credit_window_start = next_credit;
1216 queue->rate_limited = true;
1217
1218 return true;
1219 }
1220
1221 return false;
1222 }
1223
1224 /* No locking is required in xenvif_mcast_add/del() as they are
1225 * only ever invoked from NAPI poll. An RCU list is used because
1226 * xenvif_mcast_match() is called asynchronously, during start_xmit.
1227 */
1228
xenvif_mcast_add(struct xenvif * vif,const u8 * addr)1229 static int xenvif_mcast_add(struct xenvif *vif, const u8 *addr)
1230 {
1231 struct xenvif_mcast_addr *mcast;
1232
1233 if (vif->fe_mcast_count == XEN_NETBK_MCAST_MAX) {
1234 if (net_ratelimit())
1235 netdev_err(vif->dev,
1236 "Too many multicast addresses\n");
1237 return -ENOSPC;
1238 }
1239
1240 mcast = kzalloc(sizeof(*mcast), GFP_ATOMIC);
1241 if (!mcast)
1242 return -ENOMEM;
1243
1244 ether_addr_copy(mcast->addr, addr);
1245 list_add_tail_rcu(&mcast->entry, &vif->fe_mcast_addr);
1246 vif->fe_mcast_count++;
1247
1248 return 0;
1249 }
1250
xenvif_mcast_del(struct xenvif * vif,const u8 * addr)1251 static void xenvif_mcast_del(struct xenvif *vif, const u8 *addr)
1252 {
1253 struct xenvif_mcast_addr *mcast;
1254
1255 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) {
1256 if (ether_addr_equal(addr, mcast->addr)) {
1257 --vif->fe_mcast_count;
1258 list_del_rcu(&mcast->entry);
1259 kfree_rcu(mcast, rcu);
1260 break;
1261 }
1262 }
1263 }
1264
xenvif_mcast_match(struct xenvif * vif,const u8 * addr)1265 bool xenvif_mcast_match(struct xenvif *vif, const u8 *addr)
1266 {
1267 struct xenvif_mcast_addr *mcast;
1268
1269 rcu_read_lock();
1270 list_for_each_entry_rcu(mcast, &vif->fe_mcast_addr, entry) {
1271 if (ether_addr_equal(addr, mcast->addr)) {
1272 rcu_read_unlock();
1273 return true;
1274 }
1275 }
1276 rcu_read_unlock();
1277
1278 return false;
1279 }
1280
xenvif_mcast_addr_list_free(struct xenvif * vif)1281 void xenvif_mcast_addr_list_free(struct xenvif *vif)
1282 {
1283 /* No need for locking or RCU here. NAPI poll and TX queue
1284 * are stopped.
1285 */
1286 while (!list_empty(&vif->fe_mcast_addr)) {
1287 struct xenvif_mcast_addr *mcast;
1288
1289 mcast = list_first_entry(&vif->fe_mcast_addr,
1290 struct xenvif_mcast_addr,
1291 entry);
1292 --vif->fe_mcast_count;
1293 list_del(&mcast->entry);
1294 kfree(mcast);
1295 }
1296 }
1297
xenvif_tx_build_gops(struct xenvif_queue * queue,int budget,unsigned * copy_ops,unsigned * map_ops)1298 static void xenvif_tx_build_gops(struct xenvif_queue *queue,
1299 int budget,
1300 unsigned *copy_ops,
1301 unsigned *map_ops)
1302 {
1303 struct gnttab_map_grant_ref *gop = queue->tx_map_ops;
1304 struct sk_buff *skb, *nskb;
1305 int ret;
1306 unsigned int frag_overflow;
1307
1308 while (skb_queue_len(&queue->tx_queue) < budget) {
1309 struct xen_netif_tx_request txreq;
1310 struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX];
1311 struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1];
1312 u16 pending_idx;
1313 RING_IDX idx;
1314 int work_to_do;
1315 unsigned int data_len;
1316 pending_ring_idx_t index;
1317
1318 if (queue->tx.sring->req_prod - queue->tx.req_cons >
1319 XEN_NETIF_TX_RING_SIZE) {
1320 netdev_err(queue->vif->dev,
1321 "Impossible number of requests. "
1322 "req_prod %d, req_cons %d, size %ld\n",
1323 queue->tx.sring->req_prod, queue->tx.req_cons,
1324 XEN_NETIF_TX_RING_SIZE);
1325 xenvif_fatal_tx_err(queue->vif);
1326 break;
1327 }
1328
1329 work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&queue->tx);
1330 if (!work_to_do)
1331 break;
1332
1333 idx = queue->tx.req_cons;
1334 rmb(); /* Ensure that we see the request before we copy it. */
1335 RING_COPY_REQUEST(&queue->tx, idx, &txreq);
1336
1337 /* Credit-based scheduling. */
1338 if (txreq.size > queue->remaining_credit &&
1339 tx_credit_exceeded(queue, txreq.size))
1340 break;
1341
1342 queue->remaining_credit -= txreq.size;
1343
1344 work_to_do--;
1345 queue->tx.req_cons = ++idx;
1346
1347 memset(extras, 0, sizeof(extras));
1348 if (txreq.flags & XEN_NETTXF_extra_info) {
1349 work_to_do = xenvif_get_extras(queue, extras,
1350 work_to_do);
1351 idx = queue->tx.req_cons;
1352 if (unlikely(work_to_do < 0))
1353 break;
1354 }
1355
1356 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1].type) {
1357 struct xen_netif_extra_info *extra;
1358
1359 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_ADD - 1];
1360 ret = xenvif_mcast_add(queue->vif, extra->u.mcast.addr);
1361
1362 make_tx_response(queue, &txreq,
1363 (ret == 0) ?
1364 XEN_NETIF_RSP_OKAY :
1365 XEN_NETIF_RSP_ERROR);
1366 push_tx_responses(queue);
1367 continue;
1368 }
1369
1370 if (extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1].type) {
1371 struct xen_netif_extra_info *extra;
1372
1373 extra = &extras[XEN_NETIF_EXTRA_TYPE_MCAST_DEL - 1];
1374 xenvif_mcast_del(queue->vif, extra->u.mcast.addr);
1375
1376 make_tx_response(queue, &txreq, XEN_NETIF_RSP_OKAY);
1377 push_tx_responses(queue);
1378 continue;
1379 }
1380
1381 ret = xenvif_count_requests(queue, &txreq, txfrags, work_to_do);
1382 if (unlikely(ret < 0))
1383 break;
1384
1385 idx += ret;
1386
1387 if (unlikely(txreq.size < ETH_HLEN)) {
1388 netdev_dbg(queue->vif->dev,
1389 "Bad packet size: %d\n", txreq.size);
1390 xenvif_tx_err(queue, &txreq, idx);
1391 break;
1392 }
1393
1394 /* No crossing a page as the payload mustn't fragment. */
1395 if (unlikely((txreq.offset + txreq.size) > XEN_PAGE_SIZE)) {
1396 netdev_err(queue->vif->dev,
1397 "txreq.offset: %u, size: %u, end: %lu\n",
1398 txreq.offset, txreq.size,
1399 (unsigned long)(txreq.offset&~XEN_PAGE_MASK) + txreq.size);
1400 xenvif_fatal_tx_err(queue->vif);
1401 break;
1402 }
1403
1404 index = pending_index(queue->pending_cons);
1405 pending_idx = queue->pending_ring[index];
1406
1407 data_len = (txreq.size > XEN_NETBACK_TX_COPY_LEN &&
1408 ret < XEN_NETBK_LEGACY_SLOTS_MAX) ?
1409 XEN_NETBACK_TX_COPY_LEN : txreq.size;
1410
1411 skb = xenvif_alloc_skb(data_len);
1412 if (unlikely(skb == NULL)) {
1413 netdev_dbg(queue->vif->dev,
1414 "Can't allocate a skb in start_xmit.\n");
1415 xenvif_tx_err(queue, &txreq, idx);
1416 break;
1417 }
1418
1419 skb_shinfo(skb)->nr_frags = ret;
1420 if (data_len < txreq.size)
1421 skb_shinfo(skb)->nr_frags++;
1422 /* At this point shinfo->nr_frags is in fact the number of
1423 * slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX.
1424 */
1425 frag_overflow = 0;
1426 nskb = NULL;
1427 if (skb_shinfo(skb)->nr_frags > MAX_SKB_FRAGS) {
1428 frag_overflow = skb_shinfo(skb)->nr_frags - MAX_SKB_FRAGS;
1429 BUG_ON(frag_overflow > MAX_SKB_FRAGS);
1430 skb_shinfo(skb)->nr_frags = MAX_SKB_FRAGS;
1431 nskb = xenvif_alloc_skb(0);
1432 if (unlikely(nskb == NULL)) {
1433 skb_shinfo(skb)->nr_frags = 0;
1434 kfree_skb(skb);
1435 xenvif_tx_err(queue, &txreq, idx);
1436 if (net_ratelimit())
1437 netdev_err(queue->vif->dev,
1438 "Can't allocate the frag_list skb.\n");
1439 break;
1440 }
1441 }
1442
1443 if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) {
1444 struct xen_netif_extra_info *gso;
1445 gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1];
1446
1447 if (xenvif_set_skb_gso(queue->vif, skb, gso)) {
1448 /* Failure in xenvif_set_skb_gso is fatal. */
1449 skb_shinfo(skb)->nr_frags = 0;
1450 kfree_skb(skb);
1451 kfree_skb(nskb);
1452 break;
1453 }
1454 }
1455
1456 XENVIF_TX_CB(skb)->pending_idx = pending_idx;
1457
1458 __skb_put(skb, data_len);
1459 queue->tx_copy_ops[*copy_ops].source.u.ref = txreq.gref;
1460 queue->tx_copy_ops[*copy_ops].source.domid = queue->vif->domid;
1461 queue->tx_copy_ops[*copy_ops].source.offset = txreq.offset;
1462
1463 queue->tx_copy_ops[*copy_ops].dest.u.gmfn =
1464 virt_to_gfn(skb->data);
1465 queue->tx_copy_ops[*copy_ops].dest.domid = DOMID_SELF;
1466 queue->tx_copy_ops[*copy_ops].dest.offset =
1467 offset_in_page(skb->data) & ~XEN_PAGE_MASK;
1468
1469 queue->tx_copy_ops[*copy_ops].len = data_len;
1470 queue->tx_copy_ops[*copy_ops].flags = GNTCOPY_source_gref;
1471
1472 (*copy_ops)++;
1473
1474 if (data_len < txreq.size) {
1475 frag_set_pending_idx(&skb_shinfo(skb)->frags[0],
1476 pending_idx);
1477 xenvif_tx_create_map_op(queue, pending_idx, &txreq, gop);
1478 gop++;
1479 } else {
1480 frag_set_pending_idx(&skb_shinfo(skb)->frags[0],
1481 INVALID_PENDING_IDX);
1482 memcpy(&queue->pending_tx_info[pending_idx].req, &txreq,
1483 sizeof(txreq));
1484 }
1485
1486 queue->pending_cons++;
1487
1488 gop = xenvif_get_requests(queue, skb, txfrags, gop,
1489 frag_overflow, nskb);
1490
1491 __skb_queue_tail(&queue->tx_queue, skb);
1492
1493 queue->tx.req_cons = idx;
1494
1495 if (((gop-queue->tx_map_ops) >= ARRAY_SIZE(queue->tx_map_ops)) ||
1496 (*copy_ops >= ARRAY_SIZE(queue->tx_copy_ops)))
1497 break;
1498 }
1499
1500 (*map_ops) = gop - queue->tx_map_ops;
1501 return;
1502 }
1503
1504 /* Consolidate skb with a frag_list into a brand new one with local pages on
1505 * frags. Returns 0 or -ENOMEM if can't allocate new pages.
1506 */
xenvif_handle_frag_list(struct xenvif_queue * queue,struct sk_buff * skb)1507 static int xenvif_handle_frag_list(struct xenvif_queue *queue, struct sk_buff *skb)
1508 {
1509 unsigned int offset = skb_headlen(skb);
1510 skb_frag_t frags[MAX_SKB_FRAGS];
1511 int i, f;
1512 struct ubuf_info *uarg;
1513 struct sk_buff *nskb = skb_shinfo(skb)->frag_list;
1514
1515 queue->stats.tx_zerocopy_sent += 2;
1516 queue->stats.tx_frag_overflow++;
1517
1518 xenvif_fill_frags(queue, nskb);
1519 /* Subtract frags size, we will correct it later */
1520 skb->truesize -= skb->data_len;
1521 skb->len += nskb->len;
1522 skb->data_len += nskb->len;
1523
1524 /* create a brand new frags array and coalesce there */
1525 for (i = 0; offset < skb->len; i++) {
1526 struct page *page;
1527 unsigned int len;
1528
1529 BUG_ON(i >= MAX_SKB_FRAGS);
1530 page = alloc_page(GFP_ATOMIC);
1531 if (!page) {
1532 int j;
1533 skb->truesize += skb->data_len;
1534 for (j = 0; j < i; j++)
1535 put_page(frags[j].page.p);
1536 return -ENOMEM;
1537 }
1538
1539 if (offset + PAGE_SIZE < skb->len)
1540 len = PAGE_SIZE;
1541 else
1542 len = skb->len - offset;
1543 if (skb_copy_bits(skb, offset, page_address(page), len))
1544 BUG();
1545
1546 offset += len;
1547 frags[i].page.p = page;
1548 frags[i].page_offset = 0;
1549 skb_frag_size_set(&frags[i], len);
1550 }
1551
1552 /* Release all the original (foreign) frags. */
1553 for (f = 0; f < skb_shinfo(skb)->nr_frags; f++)
1554 skb_frag_unref(skb, f);
1555 uarg = skb_shinfo(skb)->destructor_arg;
1556 /* increase inflight counter to offset decrement in callback */
1557 atomic_inc(&queue->inflight_packets);
1558 uarg->callback(uarg, true);
1559 skb_shinfo(skb)->destructor_arg = NULL;
1560
1561 /* Fill the skb with the new (local) frags. */
1562 memcpy(skb_shinfo(skb)->frags, frags, i * sizeof(skb_frag_t));
1563 skb_shinfo(skb)->nr_frags = i;
1564 skb->truesize += i * PAGE_SIZE;
1565
1566 return 0;
1567 }
1568
xenvif_tx_submit(struct xenvif_queue * queue)1569 static int xenvif_tx_submit(struct xenvif_queue *queue)
1570 {
1571 struct gnttab_map_grant_ref *gop_map = queue->tx_map_ops;
1572 struct gnttab_copy *gop_copy = queue->tx_copy_ops;
1573 struct sk_buff *skb;
1574 int work_done = 0;
1575
1576 while ((skb = __skb_dequeue(&queue->tx_queue)) != NULL) {
1577 struct xen_netif_tx_request *txp;
1578 u16 pending_idx;
1579 unsigned data_len;
1580
1581 pending_idx = XENVIF_TX_CB(skb)->pending_idx;
1582 txp = &queue->pending_tx_info[pending_idx].req;
1583
1584 /* Check the remap error code. */
1585 if (unlikely(xenvif_tx_check_gop(queue, skb, &gop_map, &gop_copy))) {
1586 /* If there was an error, xenvif_tx_check_gop is
1587 * expected to release all the frags which were mapped,
1588 * so kfree_skb shouldn't do it again
1589 */
1590 skb_shinfo(skb)->nr_frags = 0;
1591 if (skb_has_frag_list(skb)) {
1592 struct sk_buff *nskb =
1593 skb_shinfo(skb)->frag_list;
1594 skb_shinfo(nskb)->nr_frags = 0;
1595 }
1596 kfree_skb(skb);
1597 continue;
1598 }
1599
1600 data_len = skb->len;
1601 callback_param(queue, pending_idx).ctx = NULL;
1602 if (data_len < txp->size) {
1603 /* Append the packet payload as a fragment. */
1604 txp->offset += data_len;
1605 txp->size -= data_len;
1606 } else {
1607 /* Schedule a response immediately. */
1608 xenvif_idx_release(queue, pending_idx,
1609 XEN_NETIF_RSP_OKAY);
1610 }
1611
1612 if (txp->flags & XEN_NETTXF_csum_blank)
1613 skb->ip_summed = CHECKSUM_PARTIAL;
1614 else if (txp->flags & XEN_NETTXF_data_validated)
1615 skb->ip_summed = CHECKSUM_UNNECESSARY;
1616
1617 xenvif_fill_frags(queue, skb);
1618
1619 if (unlikely(skb_has_frag_list(skb))) {
1620 struct sk_buff *nskb = skb_shinfo(skb)->frag_list;
1621 xenvif_skb_zerocopy_prepare(queue, nskb);
1622 if (xenvif_handle_frag_list(queue, skb)) {
1623 if (net_ratelimit())
1624 netdev_err(queue->vif->dev,
1625 "Not enough memory to consolidate frag_list!\n");
1626 xenvif_skb_zerocopy_prepare(queue, skb);
1627 kfree_skb(skb);
1628 continue;
1629 }
1630 /* Copied all the bits from the frag list -- free it. */
1631 skb_frag_list_init(skb);
1632 kfree_skb(nskb);
1633 }
1634
1635 skb->dev = queue->vif->dev;
1636 skb->protocol = eth_type_trans(skb, skb->dev);
1637 skb_reset_network_header(skb);
1638
1639 if (checksum_setup(queue, skb)) {
1640 netdev_dbg(queue->vif->dev,
1641 "Can't setup checksum in net_tx_action\n");
1642 /* We have to set this flag to trigger the callback */
1643 if (skb_shinfo(skb)->destructor_arg)
1644 xenvif_skb_zerocopy_prepare(queue, skb);
1645 kfree_skb(skb);
1646 continue;
1647 }
1648
1649 skb_probe_transport_header(skb, 0);
1650
1651 /* If the packet is GSO then we will have just set up the
1652 * transport header offset in checksum_setup so it's now
1653 * straightforward to calculate gso_segs.
1654 */
1655 if (skb_is_gso(skb)) {
1656 int mss = skb_shinfo(skb)->gso_size;
1657 int hdrlen = skb_transport_header(skb) -
1658 skb_mac_header(skb) +
1659 tcp_hdrlen(skb);
1660
1661 skb_shinfo(skb)->gso_segs =
1662 DIV_ROUND_UP(skb->len - hdrlen, mss);
1663 }
1664
1665 queue->stats.rx_bytes += skb->len;
1666 queue->stats.rx_packets++;
1667
1668 work_done++;
1669
1670 /* Set this flag right before netif_receive_skb, otherwise
1671 * someone might think this packet already left netback, and
1672 * do a skb_copy_ubufs while we are still in control of the
1673 * skb. E.g. the __pskb_pull_tail earlier can do such thing.
1674 */
1675 if (skb_shinfo(skb)->destructor_arg) {
1676 xenvif_skb_zerocopy_prepare(queue, skb);
1677 queue->stats.tx_zerocopy_sent++;
1678 }
1679
1680 netif_receive_skb(skb);
1681 }
1682
1683 return work_done;
1684 }
1685
xenvif_zerocopy_callback(struct ubuf_info * ubuf,bool zerocopy_success)1686 void xenvif_zerocopy_callback(struct ubuf_info *ubuf, bool zerocopy_success)
1687 {
1688 unsigned long flags;
1689 pending_ring_idx_t index;
1690 struct xenvif_queue *queue = ubuf_to_queue(ubuf);
1691
1692 /* This is the only place where we grab this lock, to protect callbacks
1693 * from each other.
1694 */
1695 spin_lock_irqsave(&queue->callback_lock, flags);
1696 do {
1697 u16 pending_idx = ubuf->desc;
1698 ubuf = (struct ubuf_info *) ubuf->ctx;
1699 BUG_ON(queue->dealloc_prod - queue->dealloc_cons >=
1700 MAX_PENDING_REQS);
1701 index = pending_index(queue->dealloc_prod);
1702 queue->dealloc_ring[index] = pending_idx;
1703 /* Sync with xenvif_tx_dealloc_action:
1704 * insert idx then incr producer.
1705 */
1706 smp_wmb();
1707 queue->dealloc_prod++;
1708 } while (ubuf);
1709 spin_unlock_irqrestore(&queue->callback_lock, flags);
1710
1711 if (likely(zerocopy_success))
1712 queue->stats.tx_zerocopy_success++;
1713 else
1714 queue->stats.tx_zerocopy_fail++;
1715 xenvif_skb_zerocopy_complete(queue);
1716 }
1717
xenvif_tx_dealloc_action(struct xenvif_queue * queue)1718 static inline void xenvif_tx_dealloc_action(struct xenvif_queue *queue)
1719 {
1720 struct gnttab_unmap_grant_ref *gop;
1721 pending_ring_idx_t dc, dp;
1722 u16 pending_idx, pending_idx_release[MAX_PENDING_REQS];
1723 unsigned int i = 0;
1724
1725 dc = queue->dealloc_cons;
1726 gop = queue->tx_unmap_ops;
1727
1728 /* Free up any grants we have finished using */
1729 do {
1730 dp = queue->dealloc_prod;
1731
1732 /* Ensure we see all indices enqueued by all
1733 * xenvif_zerocopy_callback().
1734 */
1735 smp_rmb();
1736
1737 while (dc != dp) {
1738 BUG_ON(gop - queue->tx_unmap_ops >= MAX_PENDING_REQS);
1739 pending_idx =
1740 queue->dealloc_ring[pending_index(dc++)];
1741
1742 pending_idx_release[gop - queue->tx_unmap_ops] =
1743 pending_idx;
1744 queue->pages_to_unmap[gop - queue->tx_unmap_ops] =
1745 queue->mmap_pages[pending_idx];
1746 gnttab_set_unmap_op(gop,
1747 idx_to_kaddr(queue, pending_idx),
1748 GNTMAP_host_map,
1749 queue->grant_tx_handle[pending_idx]);
1750 xenvif_grant_handle_reset(queue, pending_idx);
1751 ++gop;
1752 }
1753
1754 } while (dp != queue->dealloc_prod);
1755
1756 queue->dealloc_cons = dc;
1757
1758 if (gop - queue->tx_unmap_ops > 0) {
1759 int ret;
1760 ret = gnttab_unmap_refs(queue->tx_unmap_ops,
1761 NULL,
1762 queue->pages_to_unmap,
1763 gop - queue->tx_unmap_ops);
1764 if (ret) {
1765 netdev_err(queue->vif->dev, "Unmap fail: nr_ops %tu ret %d\n",
1766 gop - queue->tx_unmap_ops, ret);
1767 for (i = 0; i < gop - queue->tx_unmap_ops; ++i) {
1768 if (gop[i].status != GNTST_okay)
1769 netdev_err(queue->vif->dev,
1770 " host_addr: 0x%llx handle: 0x%x status: %d\n",
1771 gop[i].host_addr,
1772 gop[i].handle,
1773 gop[i].status);
1774 }
1775 BUG();
1776 }
1777 }
1778
1779 for (i = 0; i < gop - queue->tx_unmap_ops; ++i)
1780 xenvif_idx_release(queue, pending_idx_release[i],
1781 XEN_NETIF_RSP_OKAY);
1782 }
1783
1784
1785 /* Called after netfront has transmitted */
xenvif_tx_action(struct xenvif_queue * queue,int budget)1786 int xenvif_tx_action(struct xenvif_queue *queue, int budget)
1787 {
1788 unsigned nr_mops, nr_cops = 0;
1789 int work_done, ret;
1790
1791 if (unlikely(!tx_work_todo(queue)))
1792 return 0;
1793
1794 xenvif_tx_build_gops(queue, budget, &nr_cops, &nr_mops);
1795
1796 if (nr_cops == 0)
1797 return 0;
1798
1799 gnttab_batch_copy(queue->tx_copy_ops, nr_cops);
1800 if (nr_mops != 0) {
1801 ret = gnttab_map_refs(queue->tx_map_ops,
1802 NULL,
1803 queue->pages_to_map,
1804 nr_mops);
1805 if (ret) {
1806 unsigned int i;
1807
1808 netdev_err(queue->vif->dev, "Map fail: nr %u ret %d\n",
1809 nr_mops, ret);
1810 for (i = 0; i < nr_mops; ++i)
1811 WARN_ON_ONCE(queue->tx_map_ops[i].status ==
1812 GNTST_okay);
1813 }
1814 }
1815
1816 work_done = xenvif_tx_submit(queue);
1817
1818 return work_done;
1819 }
1820
xenvif_idx_release(struct xenvif_queue * queue,u16 pending_idx,u8 status)1821 static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx,
1822 u8 status)
1823 {
1824 struct pending_tx_info *pending_tx_info;
1825 pending_ring_idx_t index;
1826 unsigned long flags;
1827
1828 pending_tx_info = &queue->pending_tx_info[pending_idx];
1829
1830 spin_lock_irqsave(&queue->response_lock, flags);
1831
1832 make_tx_response(queue, &pending_tx_info->req, status);
1833
1834 /* Release the pending index before pusing the Tx response so
1835 * its available before a new Tx request is pushed by the
1836 * frontend.
1837 */
1838 index = pending_index(queue->pending_prod++);
1839 queue->pending_ring[index] = pending_idx;
1840
1841 push_tx_responses(queue);
1842
1843 spin_unlock_irqrestore(&queue->response_lock, flags);
1844 }
1845
1846
make_tx_response(struct xenvif_queue * queue,struct xen_netif_tx_request * txp,s8 st)1847 static void make_tx_response(struct xenvif_queue *queue,
1848 struct xen_netif_tx_request *txp,
1849 s8 st)
1850 {
1851 RING_IDX i = queue->tx.rsp_prod_pvt;
1852 struct xen_netif_tx_response *resp;
1853
1854 resp = RING_GET_RESPONSE(&queue->tx, i);
1855 resp->id = txp->id;
1856 resp->status = st;
1857
1858 if (txp->flags & XEN_NETTXF_extra_info)
1859 RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL;
1860
1861 queue->tx.rsp_prod_pvt = ++i;
1862 }
1863
push_tx_responses(struct xenvif_queue * queue)1864 static void push_tx_responses(struct xenvif_queue *queue)
1865 {
1866 int notify;
1867
1868 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify);
1869 if (notify)
1870 notify_remote_via_irq(queue->tx_irq);
1871 }
1872
make_rx_response(struct xenvif_queue * queue,u16 id,s8 st,u16 offset,u16 size,u16 flags)1873 static struct xen_netif_rx_response *make_rx_response(struct xenvif_queue *queue,
1874 u16 id,
1875 s8 st,
1876 u16 offset,
1877 u16 size,
1878 u16 flags)
1879 {
1880 RING_IDX i = queue->rx.rsp_prod_pvt;
1881 struct xen_netif_rx_response *resp;
1882
1883 resp = RING_GET_RESPONSE(&queue->rx, i);
1884 resp->offset = offset;
1885 resp->flags = flags;
1886 resp->id = id;
1887 resp->status = (s16)size;
1888 if (st < 0)
1889 resp->status = (s16)st;
1890
1891 queue->rx.rsp_prod_pvt = ++i;
1892
1893 return resp;
1894 }
1895
xenvif_idx_unmap(struct xenvif_queue * queue,u16 pending_idx)1896 void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx)
1897 {
1898 int ret;
1899 struct gnttab_unmap_grant_ref tx_unmap_op;
1900
1901 gnttab_set_unmap_op(&tx_unmap_op,
1902 idx_to_kaddr(queue, pending_idx),
1903 GNTMAP_host_map,
1904 queue->grant_tx_handle[pending_idx]);
1905 xenvif_grant_handle_reset(queue, pending_idx);
1906
1907 ret = gnttab_unmap_refs(&tx_unmap_op, NULL,
1908 &queue->mmap_pages[pending_idx], 1);
1909 if (ret) {
1910 netdev_err(queue->vif->dev,
1911 "Unmap fail: ret: %d pending_idx: %d host_addr: %llx handle: 0x%x status: %d\n",
1912 ret,
1913 pending_idx,
1914 tx_unmap_op.host_addr,
1915 tx_unmap_op.handle,
1916 tx_unmap_op.status);
1917 BUG();
1918 }
1919 }
1920
tx_work_todo(struct xenvif_queue * queue)1921 static inline int tx_work_todo(struct xenvif_queue *queue)
1922 {
1923 if (likely(RING_HAS_UNCONSUMED_REQUESTS(&queue->tx)))
1924 return 1;
1925
1926 return 0;
1927 }
1928
tx_dealloc_work_todo(struct xenvif_queue * queue)1929 static inline bool tx_dealloc_work_todo(struct xenvif_queue *queue)
1930 {
1931 return queue->dealloc_cons != queue->dealloc_prod;
1932 }
1933
xenvif_unmap_frontend_rings(struct xenvif_queue * queue)1934 void xenvif_unmap_frontend_rings(struct xenvif_queue *queue)
1935 {
1936 if (queue->tx.sring)
1937 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif),
1938 queue->tx.sring);
1939 if (queue->rx.sring)
1940 xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(queue->vif),
1941 queue->rx.sring);
1942 }
1943
xenvif_map_frontend_rings(struct xenvif_queue * queue,grant_ref_t tx_ring_ref,grant_ref_t rx_ring_ref)1944 int xenvif_map_frontend_rings(struct xenvif_queue *queue,
1945 grant_ref_t tx_ring_ref,
1946 grant_ref_t rx_ring_ref)
1947 {
1948 void *addr;
1949 struct xen_netif_tx_sring *txs;
1950 struct xen_netif_rx_sring *rxs;
1951
1952 int err = -ENOMEM;
1953
1954 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif),
1955 &tx_ring_ref, 1, &addr);
1956 if (err)
1957 goto err;
1958
1959 txs = (struct xen_netif_tx_sring *)addr;
1960 BACK_RING_INIT(&queue->tx, txs, XEN_PAGE_SIZE);
1961
1962 err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(queue->vif),
1963 &rx_ring_ref, 1, &addr);
1964 if (err)
1965 goto err;
1966
1967 rxs = (struct xen_netif_rx_sring *)addr;
1968 BACK_RING_INIT(&queue->rx, rxs, XEN_PAGE_SIZE);
1969
1970 return 0;
1971
1972 err:
1973 xenvif_unmap_frontend_rings(queue);
1974 return err;
1975 }
1976
xenvif_queue_carrier_off(struct xenvif_queue * queue)1977 static void xenvif_queue_carrier_off(struct xenvif_queue *queue)
1978 {
1979 struct xenvif *vif = queue->vif;
1980
1981 queue->stalled = true;
1982
1983 /* At least one queue has stalled? Disable the carrier. */
1984 spin_lock(&vif->lock);
1985 if (vif->stalled_queues++ == 0) {
1986 netdev_info(vif->dev, "Guest Rx stalled");
1987 netif_carrier_off(vif->dev);
1988 }
1989 spin_unlock(&vif->lock);
1990 }
1991
xenvif_queue_carrier_on(struct xenvif_queue * queue)1992 static void xenvif_queue_carrier_on(struct xenvif_queue *queue)
1993 {
1994 struct xenvif *vif = queue->vif;
1995
1996 queue->last_rx_time = jiffies; /* Reset Rx stall detection. */
1997 queue->stalled = false;
1998
1999 /* All queues are ready? Enable the carrier. */
2000 spin_lock(&vif->lock);
2001 if (--vif->stalled_queues == 0) {
2002 netdev_info(vif->dev, "Guest Rx ready");
2003 netif_carrier_on(vif->dev);
2004 }
2005 spin_unlock(&vif->lock);
2006 }
2007
xenvif_rx_queue_stalled(struct xenvif_queue * queue)2008 static bool xenvif_rx_queue_stalled(struct xenvif_queue *queue)
2009 {
2010 RING_IDX prod, cons;
2011
2012 prod = queue->rx.sring->req_prod;
2013 cons = queue->rx.req_cons;
2014
2015 return !queue->stalled && prod - cons < 1
2016 && time_after(jiffies,
2017 queue->last_rx_time + queue->vif->stall_timeout);
2018 }
2019
xenvif_rx_queue_ready(struct xenvif_queue * queue)2020 static bool xenvif_rx_queue_ready(struct xenvif_queue *queue)
2021 {
2022 RING_IDX prod, cons;
2023
2024 prod = queue->rx.sring->req_prod;
2025 cons = queue->rx.req_cons;
2026
2027 return queue->stalled && prod - cons >= 1;
2028 }
2029
xenvif_have_rx_work(struct xenvif_queue * queue,bool test_kthread)2030 bool xenvif_have_rx_work(struct xenvif_queue *queue, bool test_kthread)
2031 {
2032 return (!skb_queue_empty(&queue->rx_queue)
2033 && xenvif_rx_ring_slots_available(queue))
2034 || (queue->vif->stall_timeout &&
2035 (xenvif_rx_queue_stalled(queue)
2036 || xenvif_rx_queue_ready(queue)))
2037 || (test_kthread && kthread_should_stop())
2038 || queue->vif->disabled;
2039 }
2040
xenvif_rx_queue_timeout(struct xenvif_queue * queue)2041 static long xenvif_rx_queue_timeout(struct xenvif_queue *queue)
2042 {
2043 struct sk_buff *skb;
2044 long timeout;
2045
2046 skb = skb_peek(&queue->rx_queue);
2047 if (!skb)
2048 return MAX_SCHEDULE_TIMEOUT;
2049
2050 timeout = XENVIF_RX_CB(skb)->expires - jiffies;
2051 return timeout < 0 ? 0 : timeout;
2052 }
2053
2054 /* Wait until the guest Rx thread has work.
2055 *
2056 * The timeout needs to be adjusted based on the current head of the
2057 * queue (and not just the head at the beginning). In particular, if
2058 * the queue is initially empty an infinite timeout is used and this
2059 * needs to be reduced when a skb is queued.
2060 *
2061 * This cannot be done with wait_event_timeout() because it only
2062 * calculates the timeout once.
2063 */
xenvif_wait_for_rx_work(struct xenvif_queue * queue)2064 static void xenvif_wait_for_rx_work(struct xenvif_queue *queue)
2065 {
2066 DEFINE_WAIT(wait);
2067
2068 if (xenvif_have_rx_work(queue, true))
2069 return;
2070
2071 for (;;) {
2072 long ret;
2073
2074 prepare_to_wait(&queue->wq, &wait, TASK_INTERRUPTIBLE);
2075 if (xenvif_have_rx_work(queue, true))
2076 break;
2077 if (xenvif_atomic_fetch_andnot(NETBK_RX_EOI | NETBK_COMMON_EOI,
2078 &queue->eoi_pending) &
2079 (NETBK_RX_EOI | NETBK_COMMON_EOI))
2080 xen_irq_lateeoi(queue->rx_irq, 0);
2081
2082 ret = schedule_timeout(xenvif_rx_queue_timeout(queue));
2083 if (!ret)
2084 break;
2085 }
2086 finish_wait(&queue->wq, &wait);
2087 }
2088
xenvif_kthread_guest_rx(void * data)2089 int xenvif_kthread_guest_rx(void *data)
2090 {
2091 struct xenvif_queue *queue = data;
2092 struct xenvif *vif = queue->vif;
2093
2094 if (!vif->stall_timeout)
2095 xenvif_queue_carrier_on(queue);
2096
2097 for (;;) {
2098 xenvif_wait_for_rx_work(queue);
2099
2100 if (kthread_should_stop())
2101 break;
2102
2103 /* This frontend is found to be rogue, disable it in
2104 * kthread context. Currently this is only set when
2105 * netback finds out frontend sends malformed packet,
2106 * but we cannot disable the interface in softirq
2107 * context so we defer it here, if this thread is
2108 * associated with queue 0.
2109 */
2110 if (unlikely(vif->disabled && queue->id == 0)) {
2111 xenvif_carrier_off(vif);
2112 break;
2113 }
2114
2115 if (!skb_queue_empty(&queue->rx_queue))
2116 xenvif_rx_action(queue);
2117
2118 /* If the guest hasn't provided any Rx slots for a
2119 * while it's probably not responsive, drop the
2120 * carrier so packets are dropped earlier.
2121 */
2122 if (vif->stall_timeout) {
2123 if (xenvif_rx_queue_stalled(queue))
2124 xenvif_queue_carrier_off(queue);
2125 else if (xenvif_rx_queue_ready(queue))
2126 xenvif_queue_carrier_on(queue);
2127 }
2128
2129 /* Queued packets may have foreign pages from other
2130 * domains. These cannot be queued indefinitely as
2131 * this would starve guests of grant refs and transmit
2132 * slots.
2133 */
2134 xenvif_rx_queue_drop_expired(queue);
2135
2136 xenvif_rx_queue_maybe_wake(queue);
2137
2138 cond_resched();
2139 }
2140
2141 /* Bin any remaining skbs */
2142 xenvif_rx_queue_purge(queue);
2143
2144 return 0;
2145 }
2146
xenvif_dealloc_kthread_should_stop(struct xenvif_queue * queue)2147 static bool xenvif_dealloc_kthread_should_stop(struct xenvif_queue *queue)
2148 {
2149 /* Dealloc thread must remain running until all inflight
2150 * packets complete.
2151 */
2152 return kthread_should_stop() &&
2153 !atomic_read(&queue->inflight_packets);
2154 }
2155
xenvif_dealloc_kthread(void * data)2156 int xenvif_dealloc_kthread(void *data)
2157 {
2158 struct xenvif_queue *queue = data;
2159
2160 for (;;) {
2161 wait_event_interruptible(queue->dealloc_wq,
2162 tx_dealloc_work_todo(queue) ||
2163 xenvif_dealloc_kthread_should_stop(queue));
2164 if (xenvif_dealloc_kthread_should_stop(queue))
2165 break;
2166
2167 xenvif_tx_dealloc_action(queue);
2168 cond_resched();
2169 }
2170
2171 /* Unmap anything remaining*/
2172 if (tx_dealloc_work_todo(queue))
2173 xenvif_tx_dealloc_action(queue);
2174
2175 return 0;
2176 }
2177
netback_init(void)2178 static int __init netback_init(void)
2179 {
2180 int rc = 0;
2181
2182 if (!xen_domain())
2183 return -ENODEV;
2184
2185 /* Allow as many queues as there are CPUs but max. 8 if user has not
2186 * specified a value.
2187 */
2188 if (xenvif_max_queues == 0)
2189 xenvif_max_queues = min_t(unsigned int, MAX_QUEUES_DEFAULT,
2190 num_online_cpus());
2191
2192 if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) {
2193 pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n",
2194 fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX);
2195 fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX;
2196 }
2197
2198 rc = xenvif_xenbus_init();
2199 if (rc)
2200 goto failed_init;
2201
2202 #ifdef CONFIG_DEBUG_FS
2203 xen_netback_dbg_root = debugfs_create_dir("xen-netback", NULL);
2204 if (IS_ERR_OR_NULL(xen_netback_dbg_root))
2205 pr_warn("Init of debugfs returned %ld!\n",
2206 PTR_ERR(xen_netback_dbg_root));
2207 #endif /* CONFIG_DEBUG_FS */
2208
2209 return 0;
2210
2211 failed_init:
2212 return rc;
2213 }
2214
2215 module_init(netback_init);
2216
netback_fini(void)2217 static void __exit netback_fini(void)
2218 {
2219 #ifdef CONFIG_DEBUG_FS
2220 if (!IS_ERR_OR_NULL(xen_netback_dbg_root))
2221 debugfs_remove_recursive(xen_netback_dbg_root);
2222 #endif /* CONFIG_DEBUG_FS */
2223 xenvif_xenbus_fini();
2224 }
2225 module_exit(netback_fini);
2226
2227 MODULE_LICENSE("Dual BSD/GPL");
2228 MODULE_ALIAS("xen-backend:vif");
2229