cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

virtio.c (8779B)

      1/*
      2 * Virtio driver bits
      3 *
      4 * Copyright (c) 2013 Alexander Graf <agraf@suse.de>
      5 *
      6 * This work is licensed under the terms of the GNU GPL, version 2 or (at
      7 * your option) any later version. See the COPYING file in the top-level
      8 * directory.
      9 */
     10
     11#include "libc.h"
     12#include "s390-ccw.h"
     13#include "cio.h"
     14#include "virtio.h"
     15#include "virtio-scsi.h"
     16#include "bswap.h"
     17#include "helper.h"
     18#include "s390-time.h"
     19
     20#define VRING_WAIT_REPLY_TIMEOUT 30
     21
     22static VRing block[VIRTIO_MAX_VQS];
     23static char ring_area[VIRTIO_RING_SIZE * VIRTIO_MAX_VQS]
     24                     __attribute__((__aligned__(PAGE_SIZE)));
     25
     26static VDev vdev = {
     27    .nr_vqs = 1,
     28    .vrings = block,
     29    .cmd_vr_idx = 0,
     30    .ring_area = ring_area,
     31    .wait_reply_timeout = VRING_WAIT_REPLY_TIMEOUT,
     32    .schid = { .one = 1 },
     33    .scsi_block_size = VIRTIO_SCSI_BLOCK_SIZE,
     34    .blk_factor = 1,
     35};
     36
     37VDev *virtio_get_device(void)
     38{
     39    return &vdev;
     40}
     41
     42VirtioDevType virtio_get_device_type(void)
     43{
     44    return vdev.senseid.cu_model;
     45}
     46
     47/* virtio spec v1.0 para 4.3.3.2 */
     48static long kvm_hypercall(unsigned long nr, unsigned long param1,
     49                          unsigned long param2, unsigned long param3)
     50{
     51    register ulong r_nr asm("1") = nr;
     52    register ulong r_param1 asm("2") = param1;
     53    register ulong r_param2 asm("3") = param2;
     54    register ulong r_param3 asm("4") = param3;
     55    register long retval asm("2");
     56
     57    asm volatile ("diag %%r2,%%r4,0x500"
     58                  : "=d" (retval)
     59                  : "d" (r_nr), "0" (r_param1), "r"(r_param2), "d"(r_param3)
     60                  : "memory", "cc");
     61
     62    return retval;
     63}
     64
     65static long virtio_notify(SubChannelId schid, int vq_idx, long cookie)
     66{
     67    return kvm_hypercall(KVM_S390_VIRTIO_CCW_NOTIFY, *(u32 *)&schid,
     68                         vq_idx, cookie);
     69}
     70
     71/***********************************************
     72 *             Virtio functions                *
     73 ***********************************************/
     74
     75int drain_irqs(SubChannelId schid)
     76{
     77    Irb irb = {};
     78    int r = 0;
     79
     80    while (1) {
     81        /* FIXME: make use of TPI, for that enable subchannel and isc */
     82        if (tsch(schid, &irb)) {
     83            /* Might want to differentiate error codes later on. */
     84            if (irb.scsw.cstat) {
     85                r = -EIO;
     86            } else if (irb.scsw.dstat != 0xc) {
     87                r = -EIO;
     88            }
     89            return r;
     90        }
     91    }
     92}
     93
     94static int run_ccw(VDev *vdev, int cmd, void *ptr, int len, bool sli)
     95{
     96    Ccw1 ccw = {};
     97
     98    ccw.cmd_code = cmd;
     99    ccw.cda = (long)ptr;
    100    ccw.count = len;
    101
    102    if (sli) {
    103        ccw.flags |= CCW_FLAG_SLI;
    104    }
    105
    106    return do_cio(vdev->schid, vdev->senseid.cu_type, ptr2u32(&ccw), CCW_FMT1);
    107}
    108
    109static void vring_init(VRing *vr, VqInfo *info)
    110{
    111    void *p = (void *) info->queue;
    112
    113    debug_print_addr("init p", p);
    114    vr->id = info->index;
    115    vr->num = info->num;
    116    vr->desc = p;
    117    vr->avail = p + info->num * sizeof(VRingDesc);
    118    vr->used = (void *)(((unsigned long)&vr->avail->ring[info->num]
    119               + info->align - 1) & ~(info->align - 1));
    120
    121    /* Zero out all relevant field */
    122    vr->avail->flags = 0;
    123    vr->avail->idx = 0;
    124
    125    /* We're running with interrupts off anyways, so don't bother */
    126    vr->used->flags = VRING_USED_F_NO_NOTIFY;
    127    vr->used->idx = 0;
    128    vr->used_idx = 0;
    129    vr->next_idx = 0;
    130    vr->cookie = 0;
    131
    132    debug_print_addr("init vr", vr);
    133}
    134
    135bool vring_notify(VRing *vr)
    136{
    137    vr->cookie = virtio_notify(vr->schid, vr->id, vr->cookie);
    138    return vr->cookie >= 0;
    139}
    140
    141void vring_send_buf(VRing *vr, void *p, int len, int flags)
    142{
    143    /* For follow-up chains we need to keep the first entry point */
    144    if (!(flags & VRING_HIDDEN_IS_CHAIN)) {
    145        vr->avail->ring[vr->avail->idx % vr->num] = vr->next_idx;
    146    }
    147
    148    vr->desc[vr->next_idx].addr = (ulong)p;
    149    vr->desc[vr->next_idx].len = len;
    150    vr->desc[vr->next_idx].flags = flags & ~VRING_HIDDEN_IS_CHAIN;
    151    vr->desc[vr->next_idx].next = vr->next_idx;
    152    vr->desc[vr->next_idx].next++;
    153    vr->next_idx++;
    154
    155    /* Chains only have a single ID */
    156    if (!(flags & VRING_DESC_F_NEXT)) {
    157        vr->avail->idx++;
    158    }
    159}
    160
    161int vr_poll(VRing *vr)
    162{
    163    if (vr->used->idx == vr->used_idx) {
    164        vring_notify(vr);
    165        yield();
    166        return 0;
    167    }
    168
    169    vr->used_idx = vr->used->idx;
    170    vr->next_idx = 0;
    171    vr->desc[0].len = 0;
    172    vr->desc[0].flags = 0;
    173    return 1; /* vr has been updated */
    174}
    175
    176/*
    177 * Wait for the host to reply.
    178 *
    179 * timeout is in seconds if > 0.
    180 *
    181 * Returns 0 on success, 1 on timeout.
    182 */
    183int vring_wait_reply(void)
    184{
    185    ulong target_second = get_time_seconds() + vdev.wait_reply_timeout;
    186
    187    /* Wait for any queue to be updated by the host */
    188    do {
    189        int i, r = 0;
    190
    191        for (i = 0; i < vdev.nr_vqs; i++) {
    192            r += vr_poll(&vdev.vrings[i]);
    193        }
    194        yield();
    195        if (r) {
    196            return 0;
    197        }
    198    } while (!vdev.wait_reply_timeout || (get_time_seconds() < target_second));
    199
    200    return 1;
    201}
    202
    203int virtio_run(VDev *vdev, int vqid, VirtioCmd *cmd)
    204{
    205    VRing *vr = &vdev->vrings[vqid];
    206    int i = 0;
    207
    208    do {
    209        vring_send_buf(vr, cmd[i].data, cmd[i].size,
    210                       cmd[i].flags | (i ? VRING_HIDDEN_IS_CHAIN : 0));
    211    } while (cmd[i++].flags & VRING_DESC_F_NEXT);
    212
    213    vring_wait_reply();
    214    if (drain_irqs(vr->schid)) {
    215        return -1;
    216    }
    217    return 0;
    218}
    219
    220void virtio_setup_ccw(VDev *vdev)
    221{
    222    int i, rc, cfg_size = 0;
    223    unsigned char status = VIRTIO_CONFIG_S_DRIVER_OK;
    224    struct VirtioFeatureDesc {
    225        uint32_t features;
    226        uint8_t index;
    227    } __attribute__((packed)) feats;
    228
    229    IPL_assert(virtio_is_supported(vdev->schid), "PE");
    230    /* device ID has been established now */
    231
    232    vdev->config.blk.blk_size = 0; /* mark "illegal" - setup started... */
    233    vdev->guessed_disk_nature = VIRTIO_GDN_NONE;
    234
    235    run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0, false);
    236
    237    switch (vdev->senseid.cu_model) {
    238    case VIRTIO_ID_NET:
    239        vdev->nr_vqs = 2;
    240        vdev->cmd_vr_idx = 0;
    241        cfg_size = sizeof(vdev->config.net);
    242        break;
    243    case VIRTIO_ID_BLOCK:
    244        vdev->nr_vqs = 1;
    245        vdev->cmd_vr_idx = 0;
    246        cfg_size = sizeof(vdev->config.blk);
    247        break;
    248    case VIRTIO_ID_SCSI:
    249        vdev->nr_vqs = 3;
    250        vdev->cmd_vr_idx = VR_REQUEST;
    251        cfg_size = sizeof(vdev->config.scsi);
    252        break;
    253    default:
    254        panic("Unsupported virtio device\n");
    255    }
    256    IPL_assert(
    257        run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false) == 0,
    258       "Could not get block device configuration");
    259
    260    /* Feature negotiation */
    261    for (i = 0; i < ARRAY_SIZE(vdev->guest_features); i++) {
    262        feats.features = 0;
    263        feats.index = i;
    264        rc = run_ccw(vdev, CCW_CMD_READ_FEAT, &feats, sizeof(feats), false);
    265        IPL_assert(rc == 0, "Could not get features bits");
    266        vdev->guest_features[i] &= bswap32(feats.features);
    267        feats.features = bswap32(vdev->guest_features[i]);
    268        rc = run_ccw(vdev, CCW_CMD_WRITE_FEAT, &feats, sizeof(feats), false);
    269        IPL_assert(rc == 0, "Could not set features bits");
    270    }
    271
    272    for (i = 0; i < vdev->nr_vqs; i++) {
    273        VqInfo info = {
    274            .queue = (unsigned long long) ring_area + (i * VIRTIO_RING_SIZE),
    275            .align = KVM_S390_VIRTIO_RING_ALIGN,
    276            .index = i,
    277            .num = 0,
    278        };
    279        VqConfig config = {
    280            .index = i,
    281            .num = 0,
    282        };
    283
    284        IPL_assert(
    285            run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config), false) == 0,
    286            "Could not get block device VQ configuration");
    287        info.num = config.num;
    288        vring_init(&vdev->vrings[i], &info);
    289        vdev->vrings[i].schid = vdev->schid;
    290        IPL_assert(
    291            run_ccw(vdev, CCW_CMD_SET_VQ, &info, sizeof(info), false) == 0,
    292            "Cannot set VQ info");
    293    }
    294    IPL_assert(
    295        run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false) == 0,
    296        "Could not write status to host");
    297}
    298
    299bool virtio_is_supported(SubChannelId schid)
    300{
    301    vdev.schid = schid;
    302    memset(&vdev.senseid, 0, sizeof(vdev.senseid));
    303
    304    /*
    305     * Run sense id command.
    306     * The size of the senseid data differs between devices (notably,
    307     * between virtio devices and dasds), so specify the largest possible
    308     * size and suppress the incorrect length indication for smaller sizes.
    309     */
    310    if (run_ccw(&vdev, CCW_CMD_SENSE_ID, &vdev.senseid, sizeof(vdev.senseid),
    311                true)) {
    312        return false;
    313    }
    314    if (vdev.senseid.cu_type == 0x3832) {
    315        switch (vdev.senseid.cu_model) {
    316        case VIRTIO_ID_BLOCK:
    317        case VIRTIO_ID_SCSI:
    318        case VIRTIO_ID_NET:
    319            return true;
    320        }
    321    }
    322    return false;
    323}