projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a00ee1e) | patch
argo: implement the sendv op; evtchn: expose send_guest_global_virq
authorChristopher Clark <christopher.w.clark@gmail.com>
Wed, 6 Feb 2019 08:55:00 +0000 (09:55 +0100)
committerJan Beulich <jbeulich@suse.com>
Thu, 7 Feb 2019 13:23:52 +0000 (14:23 +0100)
commitd5a390ca53600df97a2f3937f4c9a9106b2acfdd
tree284cb4333f3315eff5969625a212d6a68e97a967tree | snapshot
parenta00ee1ec8f732940eb76f83057095c585d253e04commit | diff
argo: implement the sendv op; evtchn: expose send_guest_global_virq

sendv operation is invoked to perform a synchronous send of buffers
contained in iovs to a remote domain's registered ring.

It takes:
 * A destination address (domid, port) for the ring to send to.
   It performs a most-specific match lookup, to allow for wildcard.
 * A source address, used to inform the destination of where to reply.
 * The address of an array of iovs containing the data to send
 * .. and the length of that array of iovs
 * and a 32-bit message type, available to communicate message context
   data (eg. kernel-to-kernel, separate from the application data).

If insufficient space exists in the destination ring, it will return
-EAGAIN and Xen will notify the caller when sufficient space becomes
available.

Accesses to the ring indices are appropriately atomic. The rings are
mapped into Xen's private address space to write as needed and the
mappings are retained for later use.

Notifications are sent to guests via VIRQ and send_guest_global_virq is
exposed in the change to enable argo to call it. VIRQ_ARGO is claimed
from the VIRQ previously reserved for this purpose (#11).

The VIRQ notification method is used rather than sending events using
evtchn functions directly because:

* no current event channel type is an exact fit for the intended
  behaviour. ECS_IPI is closest, but it disallows migration to
  other VCPUs which is not necessarily a requirement for Argo.

* at the point of argo_init, allocation of an event channel is
  complicated by none of the guest VCPUs being initialized yet
  and the event channel logic expects that a valid event channel
  has a present VCPU.

* at the point of signalling a notification, the VIRQ logic is already
  defensive: if d->vcpu[0] is NULL, the notification is just silently
  dropped, whereas the evtchn_send logic is not so defensive: vcpu[0]
  must not be NULL, otherwise a null pointer dereference occurs.

Using a VIRQ removes the need for the guest to query to determine which
event channel notifications will be delivered on. This is also likely to
simplify establishing future L0/L1 nested hypervisor argo communication.

Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Tested-by: Chris Patterson <pattersonc@ainfosec.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
xen/common/argo.c diff | blob | history
xen/common/event_channel.c diff | blob | history
xen/include/public/argo.h diff | blob | history
xen/include/public/xen.h diff | blob | history
xen/include/xen/event.h diff | blob | history
xen/include/xlat.lst diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.