Commit | Line | Data |
---|---|---|
685a6bf8 | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
20259849 GZ |
2 | /* |
3 | * VMware VMCI Driver | |
4 | * | |
5 | * Copyright (C) 2012 VMware, Inc. All rights reserved. | |
20259849 GZ |
6 | */ |
7 | ||
8 | #ifndef _VMW_VMCI_DEF_H_ | |
9 | #define _VMW_VMCI_DEF_H_ | |
10 | ||
11 | #include <linux/atomic.h> | |
9a41691e | 12 | #include <linux/bits.h> |
20259849 GZ |
13 | |
14 | /* Register offsets. */ | |
15 | #define VMCI_STATUS_ADDR 0x00 | |
16 | #define VMCI_CONTROL_ADDR 0x04 | |
17 | #define VMCI_ICR_ADDR 0x08 | |
18 | #define VMCI_IMR_ADDR 0x0c | |
19 | #define VMCI_DATA_OUT_ADDR 0x10 | |
20 | #define VMCI_DATA_IN_ADDR 0x14 | |
21 | #define VMCI_CAPS_ADDR 0x18 | |
22 | #define VMCI_RESULT_LOW_ADDR 0x1c | |
23 | #define VMCI_RESULT_HIGH_ADDR 0x20 | |
24 | ||
25 | /* Max number of devices. */ | |
26 | #define VMCI_MAX_DEVICES 1 | |
27 | ||
28 | /* Status register bits. */ | |
9a41691e | 29 | #define VMCI_STATUS_INT_ON BIT(0) |
20259849 GZ |
30 | |
31 | /* Control register bits. */ | |
9a41691e VD |
32 | #define VMCI_CONTROL_RESET BIT(0) |
33 | #define VMCI_CONTROL_INT_ENABLE BIT(1) | |
34 | #define VMCI_CONTROL_INT_DISABLE BIT(2) | |
20259849 GZ |
35 | |
36 | /* Capabilities register bits. */ | |
9a41691e VD |
37 | #define VMCI_CAPS_HYPERCALL BIT(0) |
38 | #define VMCI_CAPS_GUESTCALL BIT(1) | |
39 | #define VMCI_CAPS_DATAGRAM BIT(2) | |
40 | #define VMCI_CAPS_NOTIFICATIONS BIT(3) | |
41 | #define VMCI_CAPS_PPN64 BIT(4) | |
20259849 GZ |
42 | |
43 | /* Interrupt Cause register bits. */ | |
9a41691e VD |
44 | #define VMCI_ICR_DATAGRAM BIT(0) |
45 | #define VMCI_ICR_NOTIFICATION BIT(1) | |
20259849 GZ |
46 | |
47 | /* Interrupt Mask register bits. */ | |
9a41691e VD |
48 | #define VMCI_IMR_DATAGRAM BIT(0) |
49 | #define VMCI_IMR_NOTIFICATION BIT(1) | |
20259849 | 50 | |
20259849 GZ |
51 | /* Maximum MSI/MSI-X interrupt vectors in the device. */ |
52 | #define VMCI_MAX_INTRS 2 | |
53 | ||
54 | /* | |
55 | * Supported interrupt vectors. There is one for each ICR value above, | |
56 | * but here they indicate the position in the vector array/message ID. | |
57 | */ | |
58 | enum { | |
59 | VMCI_INTR_DATAGRAM = 0, | |
60 | VMCI_INTR_NOTIFICATION = 1, | |
61 | }; | |
62 | ||
63 | /* | |
64 | * A single VMCI device has an upper limit of 128MB on the amount of | |
1c2eb5b2 VD |
65 | * memory that can be used for queue pairs. Since each queue pair |
66 | * consists of at least two pages, the memory limit also dictates the | |
67 | * number of queue pairs a guest can create. | |
20259849 GZ |
68 | */ |
69 | #define VMCI_MAX_GUEST_QP_MEMORY (128 * 1024 * 1024) | |
1c2eb5b2 VD |
70 | #define VMCI_MAX_GUEST_QP_COUNT (VMCI_MAX_GUEST_QP_MEMORY / PAGE_SIZE / 2) |
71 | ||
72 | /* | |
73 | * There can be at most PAGE_SIZE doorbells since there is one doorbell | |
74 | * per byte in the doorbell bitmap page. | |
75 | */ | |
76 | #define VMCI_MAX_GUEST_DOORBELL_COUNT PAGE_SIZE | |
20259849 GZ |
77 | |
78 | /* | |
79 | * Queues with pre-mapped data pages must be small, so that we don't pin | |
80 | * too much kernel memory (especially on vmkernel). We limit a queuepair to | |
81 | * 32 KB, or 16 KB per queue for symmetrical pairs. | |
82 | */ | |
83 | #define VMCI_MAX_PINNED_QP_MEMORY (32 * 1024) | |
84 | ||
85 | /* | |
86 | * We have a fixed set of resource IDs available in the VMX. | |
87 | * This allows us to have a very simple implementation since we statically | |
88 | * know how many will create datagram handles. If a new caller arrives and | |
89 | * we have run out of slots we can manually increment the maximum size of | |
90 | * available resource IDs. | |
91 | * | |
92 | * VMCI reserved hypervisor datagram resource IDs. | |
93 | */ | |
94 | enum { | |
95 | VMCI_RESOURCES_QUERY = 0, | |
96 | VMCI_GET_CONTEXT_ID = 1, | |
97 | VMCI_SET_NOTIFY_BITMAP = 2, | |
98 | VMCI_DOORBELL_LINK = 3, | |
99 | VMCI_DOORBELL_UNLINK = 4, | |
100 | VMCI_DOORBELL_NOTIFY = 5, | |
101 | /* | |
102 | * VMCI_DATAGRAM_REQUEST_MAP and VMCI_DATAGRAM_REMOVE_MAP are | |
103 | * obsoleted by the removal of VM to VM communication. | |
104 | */ | |
105 | VMCI_DATAGRAM_REQUEST_MAP = 6, | |
106 | VMCI_DATAGRAM_REMOVE_MAP = 7, | |
107 | VMCI_EVENT_SUBSCRIBE = 8, | |
108 | VMCI_EVENT_UNSUBSCRIBE = 9, | |
109 | VMCI_QUEUEPAIR_ALLOC = 10, | |
110 | VMCI_QUEUEPAIR_DETACH = 11, | |
111 | ||
112 | /* | |
113 | * VMCI_VSOCK_VMX_LOOKUP was assigned to 12 for Fusion 3.0/3.1, | |
114 | * WS 7.0/7.1 and ESX 4.1 | |
115 | */ | |
116 | VMCI_HGFS_TRANSPORT = 13, | |
117 | VMCI_UNITY_PBRPC_REGISTER = 14, | |
118 | VMCI_RPC_PRIVILEGED = 15, | |
119 | VMCI_RPC_UNPRIVILEGED = 16, | |
120 | VMCI_RESOURCE_MAX = 17, | |
121 | }; | |
122 | ||
123 | /* | |
124 | * struct vmci_handle - Ownership information structure | |
125 | * @context: The VMX context ID. | |
126 | * @resource: The resource ID (used for locating in resource hash). | |
127 | * | |
128 | * The vmci_handle structure is used to track resources used within | |
129 | * vmw_vmci. | |
130 | */ | |
131 | struct vmci_handle { | |
132 | u32 context; | |
133 | u32 resource; | |
134 | }; | |
135 | ||
136 | #define vmci_make_handle(_cid, _rid) \ | |
137 | (struct vmci_handle){ .context = _cid, .resource = _rid } | |
138 | ||
139 | static inline bool vmci_handle_is_equal(struct vmci_handle h1, | |
140 | struct vmci_handle h2) | |
141 | { | |
142 | return h1.context == h2.context && h1.resource == h2.resource; | |
143 | } | |
144 | ||
145 | #define VMCI_INVALID_ID ~0 | |
146 | static const struct vmci_handle VMCI_INVALID_HANDLE = { | |
147 | .context = VMCI_INVALID_ID, | |
148 | .resource = VMCI_INVALID_ID | |
149 | }; | |
150 | ||
151 | static inline bool vmci_handle_is_invalid(struct vmci_handle h) | |
152 | { | |
153 | return vmci_handle_is_equal(h, VMCI_INVALID_HANDLE); | |
154 | } | |
155 | ||
156 | /* | |
157 | * The below defines can be used to send anonymous requests. | |
158 | * This also indicates that no response is expected. | |
159 | */ | |
160 | #define VMCI_ANON_SRC_CONTEXT_ID VMCI_INVALID_ID | |
161 | #define VMCI_ANON_SRC_RESOURCE_ID VMCI_INVALID_ID | |
162 | static const struct vmci_handle VMCI_ANON_SRC_HANDLE = { | |
163 | .context = VMCI_ANON_SRC_CONTEXT_ID, | |
164 | .resource = VMCI_ANON_SRC_RESOURCE_ID | |
165 | }; | |
166 | ||
167 | /* The lowest 16 context ids are reserved for internal use. */ | |
168 | #define VMCI_RESERVED_CID_LIMIT ((u32) 16) | |
169 | ||
170 | /* | |
171 | * Hypervisor context id, used for calling into hypervisor | |
172 | * supplied services from the VM. | |
173 | */ | |
174 | #define VMCI_HYPERVISOR_CONTEXT_ID 0 | |
175 | ||
176 | /* | |
177 | * Well-known context id, a logical context that contains a set of | |
178 | * well-known services. This context ID is now obsolete. | |
179 | */ | |
180 | #define VMCI_WELL_KNOWN_CONTEXT_ID 1 | |
181 | ||
182 | /* | |
183 | * Context ID used by host endpoints. | |
184 | */ | |
185 | #define VMCI_HOST_CONTEXT_ID 2 | |
186 | ||
187 | #define VMCI_CONTEXT_IS_VM(_cid) (VMCI_INVALID_ID != (_cid) && \ | |
188 | (_cid) > VMCI_HOST_CONTEXT_ID) | |
189 | ||
190 | /* | |
191 | * The VMCI_CONTEXT_RESOURCE_ID is used together with vmci_make_handle to make | |
192 | * handles that refer to a specific context. | |
193 | */ | |
194 | #define VMCI_CONTEXT_RESOURCE_ID 0 | |
195 | ||
196 | /* | |
197 | * VMCI error codes. | |
198 | */ | |
199 | enum { | |
200 | VMCI_SUCCESS_QUEUEPAIR_ATTACH = 5, | |
201 | VMCI_SUCCESS_QUEUEPAIR_CREATE = 4, | |
202 | VMCI_SUCCESS_LAST_DETACH = 3, | |
203 | VMCI_SUCCESS_ACCESS_GRANTED = 2, | |
204 | VMCI_SUCCESS_ENTRY_DEAD = 1, | |
205 | VMCI_SUCCESS = 0, | |
206 | VMCI_ERROR_INVALID_RESOURCE = (-1), | |
207 | VMCI_ERROR_INVALID_ARGS = (-2), | |
208 | VMCI_ERROR_NO_MEM = (-3), | |
209 | VMCI_ERROR_DATAGRAM_FAILED = (-4), | |
210 | VMCI_ERROR_MORE_DATA = (-5), | |
211 | VMCI_ERROR_NO_MORE_DATAGRAMS = (-6), | |
212 | VMCI_ERROR_NO_ACCESS = (-7), | |
213 | VMCI_ERROR_NO_HANDLE = (-8), | |
214 | VMCI_ERROR_DUPLICATE_ENTRY = (-9), | |
215 | VMCI_ERROR_DST_UNREACHABLE = (-10), | |
216 | VMCI_ERROR_PAYLOAD_TOO_LARGE = (-11), | |
217 | VMCI_ERROR_INVALID_PRIV = (-12), | |
218 | VMCI_ERROR_GENERIC = (-13), | |
219 | VMCI_ERROR_PAGE_ALREADY_SHARED = (-14), | |
220 | VMCI_ERROR_CANNOT_SHARE_PAGE = (-15), | |
221 | VMCI_ERROR_CANNOT_UNSHARE_PAGE = (-16), | |
222 | VMCI_ERROR_NO_PROCESS = (-17), | |
223 | VMCI_ERROR_NO_DATAGRAM = (-18), | |
224 | VMCI_ERROR_NO_RESOURCES = (-19), | |
225 | VMCI_ERROR_UNAVAILABLE = (-20), | |
226 | VMCI_ERROR_NOT_FOUND = (-21), | |
227 | VMCI_ERROR_ALREADY_EXISTS = (-22), | |
228 | VMCI_ERROR_NOT_PAGE_ALIGNED = (-23), | |
229 | VMCI_ERROR_INVALID_SIZE = (-24), | |
230 | VMCI_ERROR_REGION_ALREADY_SHARED = (-25), | |
231 | VMCI_ERROR_TIMEOUT = (-26), | |
232 | VMCI_ERROR_DATAGRAM_INCOMPLETE = (-27), | |
233 | VMCI_ERROR_INCORRECT_IRQL = (-28), | |
234 | VMCI_ERROR_EVENT_UNKNOWN = (-29), | |
235 | VMCI_ERROR_OBSOLETE = (-30), | |
236 | VMCI_ERROR_QUEUEPAIR_MISMATCH = (-31), | |
237 | VMCI_ERROR_QUEUEPAIR_NOTSET = (-32), | |
238 | VMCI_ERROR_QUEUEPAIR_NOTOWNER = (-33), | |
239 | VMCI_ERROR_QUEUEPAIR_NOTATTACHED = (-34), | |
240 | VMCI_ERROR_QUEUEPAIR_NOSPACE = (-35), | |
241 | VMCI_ERROR_QUEUEPAIR_NODATA = (-36), | |
242 | VMCI_ERROR_BUSMEM_INVALIDATION = (-37), | |
243 | VMCI_ERROR_MODULE_NOT_LOADED = (-38), | |
244 | VMCI_ERROR_DEVICE_NOT_FOUND = (-39), | |
245 | VMCI_ERROR_QUEUEPAIR_NOT_READY = (-40), | |
246 | VMCI_ERROR_WOULD_BLOCK = (-41), | |
247 | ||
248 | /* VMCI clients should return error code within this range */ | |
249 | VMCI_ERROR_CLIENT_MIN = (-500), | |
250 | VMCI_ERROR_CLIENT_MAX = (-550), | |
251 | ||
252 | /* Internal error codes. */ | |
253 | VMCI_SHAREDMEM_ERROR_BAD_CONTEXT = (-1000), | |
254 | }; | |
255 | ||
256 | /* VMCI reserved events. */ | |
257 | enum { | |
258 | /* Only applicable to guest endpoints */ | |
259 | VMCI_EVENT_CTX_ID_UPDATE = 0, | |
260 | ||
261 | /* Applicable to guest and host */ | |
262 | VMCI_EVENT_CTX_REMOVED = 1, | |
263 | ||
264 | /* Only applicable to guest endpoints */ | |
265 | VMCI_EVENT_QP_RESUMED = 2, | |
266 | ||
267 | /* Applicable to guest and host */ | |
268 | VMCI_EVENT_QP_PEER_ATTACH = 3, | |
269 | ||
270 | /* Applicable to guest and host */ | |
271 | VMCI_EVENT_QP_PEER_DETACH = 4, | |
272 | ||
273 | /* | |
274 | * Applicable to VMX and vmk. On vmk, | |
275 | * this event has the Context payload type. | |
276 | */ | |
277 | VMCI_EVENT_MEM_ACCESS_ON = 5, | |
278 | ||
279 | /* | |
280 | * Applicable to VMX and vmk. Same as | |
281 | * above for the payload type. | |
282 | */ | |
283 | VMCI_EVENT_MEM_ACCESS_OFF = 6, | |
284 | VMCI_EVENT_MAX = 7, | |
285 | }; | |
286 | ||
287 | /* | |
288 | * Of the above events, a few are reserved for use in the VMX, and | |
289 | * other endpoints (guest and host kernel) should not use them. For | |
290 | * the rest of the events, we allow both host and guest endpoints to | |
291 | * subscribe to them, to maintain the same API for host and guest | |
292 | * endpoints. | |
293 | */ | |
294 | #define VMCI_EVENT_VALID_VMX(_event) ((_event) == VMCI_EVENT_MEM_ACCESS_ON || \ | |
295 | (_event) == VMCI_EVENT_MEM_ACCESS_OFF) | |
296 | ||
297 | #define VMCI_EVENT_VALID(_event) ((_event) < VMCI_EVENT_MAX && \ | |
298 | !VMCI_EVENT_VALID_VMX(_event)) | |
299 | ||
300 | /* Reserved guest datagram resource ids. */ | |
301 | #define VMCI_EVENT_HANDLER 0 | |
302 | ||
303 | /* | |
304 | * VMCI coarse-grained privileges (per context or host | |
305 | * process/endpoint. An entity with the restricted flag is only | |
306 | * allowed to interact with the hypervisor and trusted entities. | |
307 | */ | |
308 | enum { | |
309 | VMCI_NO_PRIVILEGE_FLAGS = 0, | |
310 | VMCI_PRIVILEGE_FLAG_RESTRICTED = 1, | |
311 | VMCI_PRIVILEGE_FLAG_TRUSTED = 2, | |
312 | VMCI_PRIVILEGE_ALL_FLAGS = (VMCI_PRIVILEGE_FLAG_RESTRICTED | | |
313 | VMCI_PRIVILEGE_FLAG_TRUSTED), | |
314 | VMCI_DEFAULT_PROC_PRIVILEGE_FLAGS = VMCI_NO_PRIVILEGE_FLAGS, | |
315 | VMCI_LEAST_PRIVILEGE_FLAGS = VMCI_PRIVILEGE_FLAG_RESTRICTED, | |
316 | VMCI_MAX_PRIVILEGE_FLAGS = VMCI_PRIVILEGE_FLAG_TRUSTED, | |
317 | }; | |
318 | ||
319 | /* 0 through VMCI_RESERVED_RESOURCE_ID_MAX are reserved. */ | |
320 | #define VMCI_RESERVED_RESOURCE_ID_MAX 1023 | |
321 | ||
322 | /* | |
323 | * Driver version. | |
324 | * | |
325 | * Increment major version when you make an incompatible change. | |
326 | * Compatibility goes both ways (old driver with new executable | |
327 | * as well as new driver with old executable). | |
328 | */ | |
329 | ||
330 | /* Never change VMCI_VERSION_SHIFT_WIDTH */ | |
331 | #define VMCI_VERSION_SHIFT_WIDTH 16 | |
332 | #define VMCI_MAKE_VERSION(_major, _minor) \ | |
333 | ((_major) << VMCI_VERSION_SHIFT_WIDTH | (u16) (_minor)) | |
334 | ||
335 | #define VMCI_VERSION_MAJOR(v) ((u32) (v) >> VMCI_VERSION_SHIFT_WIDTH) | |
336 | #define VMCI_VERSION_MINOR(v) ((u16) (v)) | |
337 | ||
338 | /* | |
339 | * VMCI_VERSION is always the current version. Subsequently listed | |
340 | * versions are ways of detecting previous versions of the connecting | |
341 | * application (i.e., VMX). | |
342 | * | |
343 | * VMCI_VERSION_NOVMVM: This version removed support for VM to VM | |
344 | * communication. | |
345 | * | |
346 | * VMCI_VERSION_NOTIFY: This version introduced doorbell notification | |
347 | * support. | |
348 | * | |
349 | * VMCI_VERSION_HOSTQP: This version introduced host end point support | |
350 | * for hosted products. | |
351 | * | |
352 | * VMCI_VERSION_PREHOSTQP: This is the version prior to the adoption of | |
353 | * support for host end-points. | |
354 | * | |
355 | * VMCI_VERSION_PREVERS2: This fictional version number is intended to | |
356 | * represent the version of a VMX which doesn't call into the driver | |
357 | * with ioctl VERSION2 and thus doesn't establish its version with the | |
358 | * driver. | |
359 | */ | |
360 | ||
361 | #define VMCI_VERSION VMCI_VERSION_NOVMVM | |
362 | #define VMCI_VERSION_NOVMVM VMCI_MAKE_VERSION(11, 0) | |
363 | #define VMCI_VERSION_NOTIFY VMCI_MAKE_VERSION(10, 0) | |
364 | #define VMCI_VERSION_HOSTQP VMCI_MAKE_VERSION(9, 0) | |
365 | #define VMCI_VERSION_PREHOSTQP VMCI_MAKE_VERSION(8, 0) | |
366 | #define VMCI_VERSION_PREVERS2 VMCI_MAKE_VERSION(1, 0) | |
367 | ||
368 | #define VMCI_SOCKETS_MAKE_VERSION(_p) \ | |
369 | ((((_p)[0] & 0xFF) << 24) | (((_p)[1] & 0xFF) << 16) | ((_p)[2])) | |
370 | ||
371 | /* | |
372 | * The VMCI IOCTLs. We use identity code 7, as noted in ioctl-number.h, and | |
373 | * we start at sequence 9f. This gives us the same values that our shipping | |
374 | * products use, starting at 1951, provided we leave out the direction and | |
375 | * structure size. Note that VMMon occupies the block following us, starting | |
376 | * at 2001. | |
377 | */ | |
378 | #define IOCTL_VMCI_VERSION _IO(7, 0x9f) /* 1951 */ | |
379 | #define IOCTL_VMCI_INIT_CONTEXT _IO(7, 0xa0) | |
380 | #define IOCTL_VMCI_QUEUEPAIR_SETVA _IO(7, 0xa4) | |
381 | #define IOCTL_VMCI_NOTIFY_RESOURCE _IO(7, 0xa5) | |
382 | #define IOCTL_VMCI_NOTIFICATIONS_RECEIVE _IO(7, 0xa6) | |
383 | #define IOCTL_VMCI_VERSION2 _IO(7, 0xa7) | |
384 | #define IOCTL_VMCI_QUEUEPAIR_ALLOC _IO(7, 0xa8) | |
385 | #define IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE _IO(7, 0xa9) | |
386 | #define IOCTL_VMCI_QUEUEPAIR_DETACH _IO(7, 0xaa) | |
387 | #define IOCTL_VMCI_DATAGRAM_SEND _IO(7, 0xab) | |
388 | #define IOCTL_VMCI_DATAGRAM_RECEIVE _IO(7, 0xac) | |
389 | #define IOCTL_VMCI_CTX_ADD_NOTIFICATION _IO(7, 0xaf) | |
390 | #define IOCTL_VMCI_CTX_REMOVE_NOTIFICATION _IO(7, 0xb0) | |
391 | #define IOCTL_VMCI_CTX_GET_CPT_STATE _IO(7, 0xb1) | |
392 | #define IOCTL_VMCI_CTX_SET_CPT_STATE _IO(7, 0xb2) | |
393 | #define IOCTL_VMCI_GET_CONTEXT_ID _IO(7, 0xb3) | |
394 | #define IOCTL_VMCI_SOCKETS_VERSION _IO(7, 0xb4) | |
395 | #define IOCTL_VMCI_SOCKETS_GET_AF_VALUE _IO(7, 0xb8) | |
396 | #define IOCTL_VMCI_SOCKETS_GET_LOCAL_CID _IO(7, 0xb9) | |
397 | #define IOCTL_VMCI_SET_NOTIFY _IO(7, 0xcb) /* 1995 */ | |
398 | /*IOCTL_VMMON_START _IO(7, 0xd1)*/ /* 2001 */ | |
399 | ||
400 | /* | |
401 | * struct vmci_queue_header - VMCI Queue Header information. | |
402 | * | |
403 | * A Queue cannot stand by itself as designed. Each Queue's header | |
404 | * contains a pointer into itself (the producer_tail) and into its peer | |
405 | * (consumer_head). The reason for the separation is one of | |
406 | * accessibility: Each end-point can modify two things: where the next | |
407 | * location to enqueue is within its produce_q (producer_tail); and | |
408 | * where the next dequeue location is in its consume_q (consumer_head). | |
409 | * | |
410 | * An end-point cannot modify the pointers of its peer (guest to | |
411 | * guest; NOTE that in the host both queue headers are mapped r/w). | |
412 | * But, each end-point needs read access to both Queue header | |
413 | * structures in order to determine how much space is used (or left) | |
414 | * in the Queue. This is because for an end-point to know how full | |
415 | * its produce_q is, it needs to use the consumer_head that points into | |
416 | * the produce_q but -that- consumer_head is in the Queue header for | |
417 | * that end-points consume_q. | |
418 | * | |
419 | * Thoroughly confused? Sorry. | |
420 | * | |
421 | * producer_tail: the point to enqueue new entrants. When you approach | |
422 | * a line in a store, for example, you walk up to the tail. | |
423 | * | |
424 | * consumer_head: the point in the queue from which the next element is | |
425 | * dequeued. In other words, who is next in line is he who is at the | |
426 | * head of the line. | |
427 | * | |
428 | * Also, producer_tail points to an empty byte in the Queue, whereas | |
429 | * consumer_head points to a valid byte of data (unless producer_tail == | |
430 | * consumer_head in which case consumer_head does not point to a valid | |
431 | * byte of data). | |
432 | * | |
433 | * For a queue of buffer 'size' bytes, the tail and head pointers will be in | |
434 | * the range [0, size-1]. | |
435 | * | |
436 | * If produce_q_header->producer_tail == consume_q_header->consumer_head | |
437 | * then the produce_q is empty. | |
438 | */ | |
439 | struct vmci_queue_header { | |
440 | /* All fields are 64bit and aligned. */ | |
441 | struct vmci_handle handle; /* Identifier. */ | |
9c3cef54 PZ |
442 | u64 producer_tail; /* Offset in this queue. */ |
443 | u64 consumer_head; /* Offset in peer queue. */ | |
20259849 GZ |
444 | }; |
445 | ||
446 | /* | |
447 | * struct vmci_datagram - Base struct for vmci datagrams. | |
448 | * @dst: A vmci_handle that tracks the destination of the datagram. | |
449 | * @src: A vmci_handle that tracks the source of the datagram. | |
450 | * @payload_size: The size of the payload. | |
451 | * | |
452 | * vmci_datagram structs are used when sending vmci datagrams. They include | |
453 | * the necessary source and destination information to properly route | |
454 | * the information along with the size of the package. | |
455 | */ | |
456 | struct vmci_datagram { | |
457 | struct vmci_handle dst; | |
458 | struct vmci_handle src; | |
459 | u64 payload_size; | |
460 | }; | |
461 | ||
462 | /* | |
463 | * Second flag is for creating a well-known handle instead of a per context | |
464 | * handle. Next flag is for deferring datagram delivery, so that the | |
465 | * datagram callback is invoked in a delayed context (not interrupt context). | |
466 | */ | |
467 | #define VMCI_FLAG_DG_NONE 0 | |
9a41691e VD |
468 | #define VMCI_FLAG_WELLKNOWN_DG_HND BIT(0) |
469 | #define VMCI_FLAG_ANYCID_DG_HND BIT(1) | |
470 | #define VMCI_FLAG_DG_DELAYED_CB BIT(2) | |
20259849 GZ |
471 | |
472 | /* | |
473 | * Maximum supported size of a VMCI datagram for routable datagrams. | |
474 | * Datagrams going to the hypervisor are allowed to be larger. | |
475 | */ | |
476 | #define VMCI_MAX_DG_SIZE (17 * 4096) | |
477 | #define VMCI_MAX_DG_PAYLOAD_SIZE (VMCI_MAX_DG_SIZE - \ | |
478 | sizeof(struct vmci_datagram)) | |
479 | #define VMCI_DG_PAYLOAD(_dg) (void *)((char *)(_dg) + \ | |
480 | sizeof(struct vmci_datagram)) | |
481 | #define VMCI_DG_HEADERSIZE sizeof(struct vmci_datagram) | |
482 | #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)->payload_size) | |
483 | #define VMCI_DG_SIZE_ALIGNED(_dg) ((VMCI_DG_SIZE(_dg) + 7) & (~((size_t) 0x7))) | |
484 | #define VMCI_MAX_DATAGRAM_QUEUE_SIZE (VMCI_MAX_DG_SIZE * 2) | |
485 | ||
486 | struct vmci_event_payload_qp { | |
487 | struct vmci_handle handle; /* queue_pair handle. */ | |
488 | u32 peer_id; /* Context id of attaching/detaching VM. */ | |
489 | u32 _pad; | |
490 | }; | |
491 | ||
492 | /* Flags for VMCI queue_pair API. */ | |
493 | enum { | |
494 | /* Fail alloc if QP not created by peer. */ | |
495 | VMCI_QPFLAG_ATTACH_ONLY = 1 << 0, | |
496 | ||
497 | /* Only allow attaches from local context. */ | |
498 | VMCI_QPFLAG_LOCAL = 1 << 1, | |
499 | ||
500 | /* Host won't block when guest is quiesced. */ | |
501 | VMCI_QPFLAG_NONBLOCK = 1 << 2, | |
502 | ||
503 | /* Pin data pages in ESX. Used with NONBLOCK */ | |
504 | VMCI_QPFLAG_PINNED = 1 << 3, | |
505 | ||
506 | /* Update the following flag when adding new flags. */ | |
507 | VMCI_QP_ALL_FLAGS = (VMCI_QPFLAG_ATTACH_ONLY | VMCI_QPFLAG_LOCAL | | |
508 | VMCI_QPFLAG_NONBLOCK | VMCI_QPFLAG_PINNED), | |
509 | ||
510 | /* Convenience flags */ | |
511 | VMCI_QP_ASYMM = (VMCI_QPFLAG_NONBLOCK | VMCI_QPFLAG_PINNED), | |
512 | VMCI_QP_ASYMM_PEER = (VMCI_QPFLAG_ATTACH_ONLY | VMCI_QP_ASYMM), | |
513 | }; | |
514 | ||
515 | /* | |
516 | * We allow at least 1024 more event datagrams from the hypervisor past the | |
517 | * normally allowed datagrams pending for a given context. We define this | |
518 | * limit on event datagrams from the hypervisor to guard against DoS attack | |
519 | * from a malicious VM which could repeatedly attach to and detach from a queue | |
520 | * pair, causing events to be queued at the destination VM. However, the rate | |
521 | * at which such events can be generated is small since it requires a VM exit | |
522 | * and handling of queue pair attach/detach call at the hypervisor. Event | |
523 | * datagrams may be queued up at the destination VM if it has interrupts | |
524 | * disabled or if it is not draining events for some other reason. 1024 | |
525 | * datagrams is a grossly conservative estimate of the time for which | |
526 | * interrupts may be disabled in the destination VM, but at the same time does | |
527 | * not exacerbate the memory pressure problem on the host by much (size of each | |
528 | * event datagram is small). | |
529 | */ | |
530 | #define VMCI_MAX_DATAGRAM_AND_EVENT_QUEUE_SIZE \ | |
531 | (VMCI_MAX_DATAGRAM_QUEUE_SIZE + \ | |
532 | 1024 * (sizeof(struct vmci_datagram) + \ | |
533 | sizeof(struct vmci_event_data_max))) | |
534 | ||
535 | /* | |
536 | * Struct used for querying, via VMCI_RESOURCES_QUERY, the availability of | |
537 | * hypervisor resources. Struct size is 16 bytes. All fields in struct are | |
538 | * aligned to their natural alignment. | |
539 | */ | |
540 | struct vmci_resource_query_hdr { | |
541 | struct vmci_datagram hdr; | |
542 | u32 num_resources; | |
543 | u32 _padding; | |
544 | }; | |
545 | ||
546 | /* | |
547 | * Convenience struct for negotiating vectors. Must match layout of | |
548 | * VMCIResourceQueryHdr minus the struct vmci_datagram header. | |
549 | */ | |
550 | struct vmci_resource_query_msg { | |
551 | u32 num_resources; | |
552 | u32 _padding; | |
553 | u32 resources[1]; | |
554 | }; | |
555 | ||
556 | /* | |
557 | * The maximum number of resources that can be queried using | |
558 | * VMCI_RESOURCE_QUERY is 31, as the result is encoded in the lower 31 | |
559 | * bits of a positive return value. Negative values are reserved for | |
560 | * errors. | |
561 | */ | |
562 | #define VMCI_RESOURCE_QUERY_MAX_NUM 31 | |
563 | ||
564 | /* Maximum size for the VMCI_RESOURCE_QUERY request. */ | |
565 | #define VMCI_RESOURCE_QUERY_MAX_SIZE \ | |
566 | (sizeof(struct vmci_resource_query_hdr) + \ | |
567 | sizeof(u32) * VMCI_RESOURCE_QUERY_MAX_NUM) | |
568 | ||
569 | /* | |
570 | * Struct used for setting the notification bitmap. All fields in | |
571 | * struct are aligned to their natural alignment. | |
572 | */ | |
573 | struct vmci_notify_bm_set_msg { | |
574 | struct vmci_datagram hdr; | |
f2db7361 VD |
575 | union { |
576 | u32 bitmap_ppn32; | |
577 | u64 bitmap_ppn64; | |
578 | }; | |
20259849 GZ |
579 | }; |
580 | ||
581 | /* | |
582 | * Struct used for linking a doorbell handle with an index in the | |
583 | * notify bitmap. All fields in struct are aligned to their natural | |
584 | * alignment. | |
585 | */ | |
586 | struct vmci_doorbell_link_msg { | |
587 | struct vmci_datagram hdr; | |
588 | struct vmci_handle handle; | |
589 | u64 notify_idx; | |
590 | }; | |
591 | ||
592 | /* | |
593 | * Struct used for unlinking a doorbell handle from an index in the | |
594 | * notify bitmap. All fields in struct are aligned to their natural | |
595 | * alignment. | |
596 | */ | |
597 | struct vmci_doorbell_unlink_msg { | |
598 | struct vmci_datagram hdr; | |
599 | struct vmci_handle handle; | |
600 | }; | |
601 | ||
602 | /* | |
603 | * Struct used for generating a notification on a doorbell handle. All | |
604 | * fields in struct are aligned to their natural alignment. | |
605 | */ | |
606 | struct vmci_doorbell_notify_msg { | |
607 | struct vmci_datagram hdr; | |
608 | struct vmci_handle handle; | |
609 | }; | |
610 | ||
611 | /* | |
612 | * This struct is used to contain data for events. Size of this struct is a | |
613 | * multiple of 8 bytes, and all fields are aligned to their natural alignment. | |
614 | */ | |
615 | struct vmci_event_data { | |
616 | u32 event; /* 4 bytes. */ | |
617 | u32 _pad; | |
618 | /* Event payload is put here. */ | |
619 | }; | |
620 | ||
621 | /* | |
622 | * Define the different VMCI_EVENT payload data types here. All structs must | |
623 | * be a multiple of 8 bytes, and fields must be aligned to their natural | |
624 | * alignment. | |
625 | */ | |
626 | struct vmci_event_payld_ctx { | |
627 | u32 context_id; /* 4 bytes. */ | |
628 | u32 _pad; | |
629 | }; | |
630 | ||
631 | struct vmci_event_payld_qp { | |
632 | struct vmci_handle handle; /* queue_pair handle. */ | |
633 | u32 peer_id; /* Context id of attaching/detaching VM. */ | |
634 | u32 _pad; | |
635 | }; | |
636 | ||
637 | /* | |
638 | * We define the following struct to get the size of the maximum event | |
639 | * data the hypervisor may send to the guest. If adding a new event | |
640 | * payload type above, add it to the following struct too (inside the | |
641 | * union). | |
642 | */ | |
643 | struct vmci_event_data_max { | |
644 | struct vmci_event_data event_data; | |
645 | union { | |
646 | struct vmci_event_payld_ctx context_payload; | |
647 | struct vmci_event_payld_qp qp_payload; | |
648 | } ev_data_payload; | |
649 | }; | |
650 | ||
651 | /* | |
652 | * Struct used for VMCI_EVENT_SUBSCRIBE/UNSUBSCRIBE and | |
653 | * VMCI_EVENT_HANDLER messages. Struct size is 32 bytes. All fields | |
654 | * in struct are aligned to their natural alignment. | |
655 | */ | |
656 | struct vmci_event_msg { | |
657 | struct vmci_datagram hdr; | |
658 | ||
659 | /* Has event type and payload. */ | |
660 | struct vmci_event_data event_data; | |
661 | ||
662 | /* Payload gets put here. */ | |
663 | }; | |
664 | ||
665 | /* Event with context payload. */ | |
666 | struct vmci_event_ctx { | |
667 | struct vmci_event_msg msg; | |
668 | struct vmci_event_payld_ctx payload; | |
669 | }; | |
670 | ||
671 | /* Event with QP payload. */ | |
672 | struct vmci_event_qp { | |
673 | struct vmci_event_msg msg; | |
674 | struct vmci_event_payld_qp payload; | |
675 | }; | |
676 | ||
677 | /* | |
678 | * Structs used for queue_pair alloc and detach messages. We align fields of | |
679 | * these structs to 64bit boundaries. | |
680 | */ | |
681 | struct vmci_qp_alloc_msg { | |
682 | struct vmci_datagram hdr; | |
683 | struct vmci_handle handle; | |
684 | u32 peer; | |
685 | u32 flags; | |
686 | u64 produce_size; | |
687 | u64 consume_size; | |
688 | u64 num_ppns; | |
689 | ||
690 | /* List of PPNs placed here. */ | |
691 | }; | |
692 | ||
693 | struct vmci_qp_detach_msg { | |
694 | struct vmci_datagram hdr; | |
695 | struct vmci_handle handle; | |
696 | }; | |
697 | ||
698 | /* VMCI Doorbell API. */ | |
9a41691e | 699 | #define VMCI_FLAG_DELAYED_CB BIT(0) |
20259849 GZ |
700 | |
701 | typedef void (*vmci_callback) (void *client_data); | |
702 | ||
703 | /* | |
704 | * struct vmci_qp - A vmw_vmci queue pair handle. | |
705 | * | |
706 | * This structure is used as a handle to a queue pair created by | |
707 | * VMCI. It is intentionally left opaque to clients. | |
708 | */ | |
709 | struct vmci_qp; | |
710 | ||
711 | /* Callback needed for correctly waiting on events. */ | |
712 | typedef int (*vmci_datagram_recv_cb) (void *client_data, | |
713 | struct vmci_datagram *msg); | |
714 | ||
715 | /* VMCI Event API. */ | |
716 | typedef void (*vmci_event_cb) (u32 sub_id, const struct vmci_event_data *ed, | |
717 | void *client_data); | |
718 | ||
719 | /* | |
720 | * We use the following inline function to access the payload data | |
721 | * associated with an event data. | |
722 | */ | |
723 | static inline const void * | |
724 | vmci_event_data_const_payload(const struct vmci_event_data *ev_data) | |
725 | { | |
726 | return (const char *)ev_data + sizeof(*ev_data); | |
727 | } | |
728 | ||
729 | static inline void *vmci_event_data_payload(struct vmci_event_data *ev_data) | |
730 | { | |
731 | return (void *)vmci_event_data_const_payload(ev_data); | |
732 | } | |
733 | ||
f42a0fd1 JH |
734 | /* |
735 | * Helper to read a value from a head or tail pointer. For X86_32, the | |
736 | * pointer is treated as a 32bit value, since the pointer value | |
737 | * never exceeds a 32bit value in this case. Also, doing an | |
738 | * atomic64_read on X86_32 uniprocessor systems may be implemented | |
739 | * as a non locked cmpxchg8b, that may end up overwriting updates done | |
740 | * by the VMCI device to the memory location. On 32bit SMP, the lock | |
741 | * prefix will be used, so correctness isn't an issue, but using a | |
742 | * 64bit operation still adds unnecessary overhead. | |
743 | */ | |
9c3cef54 | 744 | static inline u64 vmci_q_read_pointer(u64 *var) |
f42a0fd1 | 745 | { |
9c3cef54 | 746 | return READ_ONCE(*(unsigned long *)var); |
f42a0fd1 JH |
747 | } |
748 | ||
749 | /* | |
750 | * Helper to set the value of a head or tail pointer. For X86_32, the | |
751 | * pointer is treated as a 32bit value, since the pointer value | |
752 | * never exceeds a 32bit value in this case. On 32bit SMP, using a | |
753 | * locked cmpxchg8b adds unnecessary overhead. | |
754 | */ | |
9c3cef54 | 755 | static inline void vmci_q_set_pointer(u64 *var, u64 new_val) |
f42a0fd1 | 756 | { |
9c3cef54 PZ |
757 | /* XXX buggered on big-endian */ |
758 | WRITE_ONCE(*(unsigned long *)var, (unsigned long)new_val); | |
f42a0fd1 JH |
759 | } |
760 | ||
20259849 GZ |
761 | /* |
762 | * Helper to add a given offset to a head or tail pointer. Wraps the | |
763 | * value of the pointer around the max size of the queue. | |
764 | */ | |
9c3cef54 | 765 | static inline void vmci_qp_add_pointer(u64 *var, size_t add, u64 size) |
20259849 | 766 | { |
f42a0fd1 | 767 | u64 new_val = vmci_q_read_pointer(var); |
20259849 GZ |
768 | |
769 | if (new_val >= size - add) | |
770 | new_val -= size; | |
771 | ||
772 | new_val += add; | |
773 | ||
f42a0fd1 | 774 | vmci_q_set_pointer(var, new_val); |
20259849 GZ |
775 | } |
776 | ||
777 | /* | |
778 | * Helper routine to get the Producer Tail from the supplied queue. | |
779 | */ | |
780 | static inline u64 | |
781 | vmci_q_header_producer_tail(const struct vmci_queue_header *q_header) | |
782 | { | |
783 | struct vmci_queue_header *qh = (struct vmci_queue_header *)q_header; | |
f42a0fd1 | 784 | return vmci_q_read_pointer(&qh->producer_tail); |
20259849 GZ |
785 | } |
786 | ||
787 | /* | |
788 | * Helper routine to get the Consumer Head from the supplied queue. | |
789 | */ | |
790 | static inline u64 | |
791 | vmci_q_header_consumer_head(const struct vmci_queue_header *q_header) | |
792 | { | |
793 | struct vmci_queue_header *qh = (struct vmci_queue_header *)q_header; | |
f42a0fd1 | 794 | return vmci_q_read_pointer(&qh->consumer_head); |
20259849 GZ |
795 | } |
796 | ||
797 | /* | |
798 | * Helper routine to increment the Producer Tail. Fundamentally, | |
799 | * vmci_qp_add_pointer() is used to manipulate the tail itself. | |
800 | */ | |
801 | static inline void | |
802 | vmci_q_header_add_producer_tail(struct vmci_queue_header *q_header, | |
803 | size_t add, | |
804 | u64 queue_size) | |
805 | { | |
806 | vmci_qp_add_pointer(&q_header->producer_tail, add, queue_size); | |
807 | } | |
808 | ||
809 | /* | |
810 | * Helper routine to increment the Consumer Head. Fundamentally, | |
811 | * vmci_qp_add_pointer() is used to manipulate the head itself. | |
812 | */ | |
813 | static inline void | |
814 | vmci_q_header_add_consumer_head(struct vmci_queue_header *q_header, | |
815 | size_t add, | |
816 | u64 queue_size) | |
817 | { | |
818 | vmci_qp_add_pointer(&q_header->consumer_head, add, queue_size); | |
819 | } | |
820 | ||
821 | /* | |
822 | * Helper routine for getting the head and the tail pointer for a queue. | |
823 | * Both the VMCIQueues are needed to get both the pointers for one queue. | |
824 | */ | |
825 | static inline void | |
826 | vmci_q_header_get_pointers(const struct vmci_queue_header *produce_q_header, | |
827 | const struct vmci_queue_header *consume_q_header, | |
828 | u64 *producer_tail, | |
829 | u64 *consumer_head) | |
830 | { | |
831 | if (producer_tail) | |
832 | *producer_tail = vmci_q_header_producer_tail(produce_q_header); | |
833 | ||
834 | if (consumer_head) | |
835 | *consumer_head = vmci_q_header_consumer_head(consume_q_header); | |
836 | } | |
837 | ||
838 | static inline void vmci_q_header_init(struct vmci_queue_header *q_header, | |
839 | const struct vmci_handle handle) | |
840 | { | |
841 | q_header->handle = handle; | |
9c3cef54 PZ |
842 | q_header->producer_tail = 0; |
843 | q_header->consumer_head = 0; | |
20259849 GZ |
844 | } |
845 | ||
846 | /* | |
847 | * Finds available free space in a produce queue to enqueue more | |
848 | * data or reports an error if queue pair corruption is detected. | |
849 | */ | |
850 | static s64 | |
851 | vmci_q_header_free_space(const struct vmci_queue_header *produce_q_header, | |
852 | const struct vmci_queue_header *consume_q_header, | |
853 | const u64 produce_q_size) | |
854 | { | |
855 | u64 tail; | |
856 | u64 head; | |
857 | u64 free_space; | |
858 | ||
859 | tail = vmci_q_header_producer_tail(produce_q_header); | |
860 | head = vmci_q_header_consumer_head(consume_q_header); | |
861 | ||
862 | if (tail >= produce_q_size || head >= produce_q_size) | |
863 | return VMCI_ERROR_INVALID_SIZE; | |
864 | ||
865 | /* | |
866 | * Deduct 1 to avoid tail becoming equal to head which causes | |
867 | * ambiguity. If head and tail are equal it means that the | |
868 | * queue is empty. | |
869 | */ | |
870 | if (tail >= head) | |
871 | free_space = produce_q_size - (tail - head) - 1; | |
872 | else | |
873 | free_space = head - tail - 1; | |
874 | ||
875 | return free_space; | |
876 | } | |
877 | ||
878 | /* | |
879 | * vmci_q_header_free_space() does all the heavy lifting of | |
880 | * determing the number of free bytes in a Queue. This routine, | |
881 | * then subtracts that size from the full size of the Queue so | |
882 | * the caller knows how many bytes are ready to be dequeued. | |
883 | * Results: | |
884 | * On success, available data size in bytes (up to MAX_INT64). | |
885 | * On failure, appropriate error code. | |
886 | */ | |
887 | static inline s64 | |
888 | vmci_q_header_buf_ready(const struct vmci_queue_header *consume_q_header, | |
889 | const struct vmci_queue_header *produce_q_header, | |
890 | const u64 consume_q_size) | |
891 | { | |
892 | s64 free_space; | |
893 | ||
894 | free_space = vmci_q_header_free_space(consume_q_header, | |
895 | produce_q_header, consume_q_size); | |
896 | if (free_space < VMCI_SUCCESS) | |
897 | return free_space; | |
898 | ||
899 | return consume_q_size - free_space - 1; | |
900 | } | |
901 | ||
902 | ||
903 | #endif /* _VMW_VMCI_DEF_H_ */ |