Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/include/xen/interface/xen.h
10817 views
1
/******************************************************************************

2
 * xen.h

3
 *

4
 * Guest OS interface to Xen.

5
 *

6
 * Copyright (c) 2004, K A Fraser

7
 */

8


9
#ifndef __XEN_PUBLIC_XEN_H__

10
#define __XEN_PUBLIC_XEN_H__

11


12
#include <asm/xen/interface.h>

13
#include <asm/pvclock-abi.h>

14


15
/*

16
 * XEN "SYSTEM CALLS" (a.k.a. HYPERCALLS).

17
 */

18


19
/*

20
 * x86_32: EAX = vector; EBX, ECX, EDX, ESI, EDI = args 1, 2, 3, 4, 5.

21
 *         EAX = return value

22
 *         (argument registers may be clobbered on return)

23
 * x86_64: RAX = vector; RDI, RSI, RDX, R10, R8, R9 = args 1, 2, 3, 4, 5, 6.

24
 *         RAX = return value

25
 *         (argument registers not clobbered on return; RCX, R11 are)

26
 */

27
#define __HYPERVISOR_set_trap_table        0

28
#define __HYPERVISOR_mmu_update            1

29
#define __HYPERVISOR_set_gdt               2

30
#define __HYPERVISOR_stack_switch          3

31
#define __HYPERVISOR_set_callbacks         4

32
#define __HYPERVISOR_fpu_taskswitch        5

33
#define __HYPERVISOR_sched_op_compat       6

34
#define __HYPERVISOR_dom0_op               7

35
#define __HYPERVISOR_set_debugreg          8

36
#define __HYPERVISOR_get_debugreg          9

37
#define __HYPERVISOR_update_descriptor    10

38
#define __HYPERVISOR_memory_op            12

39
#define __HYPERVISOR_multicall            13

40
#define __HYPERVISOR_update_va_mapping    14

41
#define __HYPERVISOR_set_timer_op         15

42
#define __HYPERVISOR_event_channel_op_compat 16

43
#define __HYPERVISOR_xen_version          17

44
#define __HYPERVISOR_console_io           18

45
#define __HYPERVISOR_physdev_op_compat    19

46
#define __HYPERVISOR_grant_table_op       20

47
#define __HYPERVISOR_vm_assist            21

48
#define __HYPERVISOR_update_va_mapping_otherdomain 22

49
#define __HYPERVISOR_iret                 23 /* x86 only */

50
#define __HYPERVISOR_vcpu_op              24

51
#define __HYPERVISOR_set_segment_base     25 /* x86/64 only */

52
#define __HYPERVISOR_mmuext_op            26

53
#define __HYPERVISOR_acm_op               27

54
#define __HYPERVISOR_nmi_op               28

55
#define __HYPERVISOR_sched_op             29

56
#define __HYPERVISOR_callback_op          30

57
#define __HYPERVISOR_xenoprof_op          31

58
#define __HYPERVISOR_event_channel_op     32

59
#define __HYPERVISOR_physdev_op           33

60
#define __HYPERVISOR_hvm_op               34

61
#define __HYPERVISOR_tmem_op              38

62


63
/* Architecture-specific hypercall definitions. */

64
#define __HYPERVISOR_arch_0               48

65
#define __HYPERVISOR_arch_1               49

66
#define __HYPERVISOR_arch_2               50

67
#define __HYPERVISOR_arch_3               51

68
#define __HYPERVISOR_arch_4               52

69
#define __HYPERVISOR_arch_5               53

70
#define __HYPERVISOR_arch_6               54

71
#define __HYPERVISOR_arch_7               55

72


73
/*

74
 * VIRTUAL INTERRUPTS

75
 *

76
 * Virtual interrupts that a guest OS may receive from Xen.

77
 */

78
#define VIRQ_TIMER      0  /* Timebase update, and/or requested timeout.  */

79
#define VIRQ_DEBUG      1  /* Request guest to dump debug info.           */

80
#define VIRQ_CONSOLE    2  /* (DOM0) Bytes received on emergency console. */

81
#define VIRQ_DOM_EXC    3  /* (DOM0) Exceptional event for some domain.   */

82
#define VIRQ_DEBUGGER   6  /* (DOM0) A domain has paused for debugging.   */

83


84
/* Architecture-specific VIRQ definitions. */

85
#define VIRQ_ARCH_0    16

86
#define VIRQ_ARCH_1    17

87
#define VIRQ_ARCH_2    18

88
#define VIRQ_ARCH_3    19

89
#define VIRQ_ARCH_4    20

90
#define VIRQ_ARCH_5    21

91
#define VIRQ_ARCH_6    22

92
#define VIRQ_ARCH_7    23

93


94
#define NR_VIRQS       24

95
/*

96
 * MMU-UPDATE REQUESTS

97
 *

98
 * HYPERVISOR_mmu_update() accepts a list of (ptr, val) pairs.

99
 * A foreigndom (FD) can be specified (or DOMID_SELF for none).

100
 * Where the FD has some effect, it is described below.

101
 * ptr[1:0] specifies the appropriate MMU_* command.

102
 *

103
 * ptr[1:0] == MMU_NORMAL_PT_UPDATE:

104
 * Updates an entry in a page table. If updating an L1 table, and the new

105
 * table entry is valid/present, the mapped frame must belong to the FD, if

106
 * an FD has been specified. If attempting to map an I/O page then the

107
 * caller assumes the privilege of the FD.

108
 * FD == DOMID_IO: Permit /only/ I/O mappings, at the priv level of the caller.

109
 * FD == DOMID_XEN: Map restricted areas of Xen's heap space.

110
 * ptr[:2]  -- Machine address of the page-table entry to modify.

111
 * val      -- Value to write.

112
 *

113
 * ptr[1:0] == MMU_MACHPHYS_UPDATE:

114
 * Updates an entry in the machine->pseudo-physical mapping table.

115
 * ptr[:2]  -- Machine address within the frame whose mapping to modify.

116
 *             The frame must belong to the FD, if one is specified.

117
 * val      -- Value to write into the mapping entry.

118
 *

119
 * ptr[1:0] == MMU_PT_UPDATE_PRESERVE_AD:

120
 * As MMU_NORMAL_PT_UPDATE above, but A/D bits currently in the PTE are ORed

121
 * with those in @val.

122
 */

123
#define MMU_NORMAL_PT_UPDATE      0 /* checked '*ptr = val'. ptr is MA.       */

124
#define MMU_MACHPHYS_UPDATE       1 /* ptr = MA of frame to modify entry for  */

125
#define MMU_PT_UPDATE_PRESERVE_AD 2 /* atomically: *ptr = val | (*ptr&(A|D)) */

126


127
/*

128
 * MMU EXTENDED OPERATIONS

129
 *

130
 * HYPERVISOR_mmuext_op() accepts a list of mmuext_op structures.

131
 * A foreigndom (FD) can be specified (or DOMID_SELF for none).

132
 * Where the FD has some effect, it is described below.

133
 *

134
 * cmd: MMUEXT_(UN)PIN_*_TABLE

135
 * mfn: Machine frame number to be (un)pinned as a p.t. page.

136
 *      The frame must belong to the FD, if one is specified.

137
 *

138
 * cmd: MMUEXT_NEW_BASEPTR

139
 * mfn: Machine frame number of new page-table base to install in MMU.

140
 *

141
 * cmd: MMUEXT_NEW_USER_BASEPTR [x86/64 only]

142
 * mfn: Machine frame number of new page-table base to install in MMU

143
 *      when in user space.

144
 *

145
 * cmd: MMUEXT_TLB_FLUSH_LOCAL

146
 * No additional arguments. Flushes local TLB.

147
 *

148
 * cmd: MMUEXT_INVLPG_LOCAL

149
 * linear_addr: Linear address to be flushed from the local TLB.

150
 *

151
 * cmd: MMUEXT_TLB_FLUSH_MULTI

152
 * vcpumask: Pointer to bitmap of VCPUs to be flushed.

153
 *

154
 * cmd: MMUEXT_INVLPG_MULTI

155
 * linear_addr: Linear address to be flushed.

156
 * vcpumask: Pointer to bitmap of VCPUs to be flushed.

157
 *

158
 * cmd: MMUEXT_TLB_FLUSH_ALL

159
 * No additional arguments. Flushes all VCPUs' TLBs.

160
 *

161
 * cmd: MMUEXT_INVLPG_ALL

162
 * linear_addr: Linear address to be flushed from all VCPUs' TLBs.

163
 *

164
 * cmd: MMUEXT_FLUSH_CACHE

165
 * No additional arguments. Writes back and flushes cache contents.

166
 *

167
 * cmd: MMUEXT_SET_LDT

168
 * linear_addr: Linear address of LDT base (NB. must be page-aligned).

169
 * nr_ents: Number of entries in LDT.

170
 */

171
#define MMUEXT_PIN_L1_TABLE      0

172
#define MMUEXT_PIN_L2_TABLE      1

173
#define MMUEXT_PIN_L3_TABLE      2

174
#define MMUEXT_PIN_L4_TABLE      3

175
#define MMUEXT_UNPIN_TABLE       4

176
#define MMUEXT_NEW_BASEPTR       5

177
#define MMUEXT_TLB_FLUSH_LOCAL   6

178
#define MMUEXT_INVLPG_LOCAL      7

179
#define MMUEXT_TLB_FLUSH_MULTI   8

180
#define MMUEXT_INVLPG_MULTI      9

181
#define MMUEXT_TLB_FLUSH_ALL    10

182
#define MMUEXT_INVLPG_ALL       11

183
#define MMUEXT_FLUSH_CACHE      12

184
#define MMUEXT_SET_LDT          13

185
#define MMUEXT_NEW_USER_BASEPTR 15

186


187
#ifndef __ASSEMBLY__

188
struct mmuext_op {

189
	unsigned int cmd;

190
	union {

191
		/* [UN]PIN_TABLE, NEW_BASEPTR, NEW_USER_BASEPTR */

192
		unsigned long mfn;

193
		/* INVLPG_LOCAL, INVLPG_ALL, SET_LDT */

194
		unsigned long linear_addr;

195
	} arg1;

196
	union {

197
		/* SET_LDT */

198
		unsigned int nr_ents;

199
		/* TLB_FLUSH_MULTI, INVLPG_MULTI */

200
		void *vcpumask;

201
	} arg2;

202
};

203
DEFINE_GUEST_HANDLE_STRUCT(mmuext_op);

204
#endif

205


206
/* These are passed as 'flags' to update_va_mapping. They can be ORed. */

207
/* When specifying UVMF_MULTI, also OR in a pointer to a CPU bitmap.   */

208
/* UVMF_LOCAL is merely UVMF_MULTI with a NULL bitmap pointer.         */

209
#define UVMF_NONE               (0UL<<0) /* No flushing at all.   */

210
#define UVMF_TLB_FLUSH          (1UL<<0) /* Flush entire TLB(s).  */

211
#define UVMF_INVLPG             (2UL<<0) /* Flush only one entry. */

212
#define UVMF_FLUSHTYPE_MASK     (3UL<<0)

213
#define UVMF_MULTI              (0UL<<2) /* Flush subset of TLBs. */

214
#define UVMF_LOCAL              (0UL<<2) /* Flush local TLB.      */

215
#define UVMF_ALL                (1UL<<2) /* Flush all TLBs.       */

216


217
/*

218
 * Commands to HYPERVISOR_console_io().

219
 */

220
#define CONSOLEIO_write         0

221
#define CONSOLEIO_read          1

222


223
/*

224
 * Commands to HYPERVISOR_vm_assist().

225
 */

226
#define VMASST_CMD_enable                0

227
#define VMASST_CMD_disable               1

228
#define VMASST_TYPE_4gb_segments         0

229
#define VMASST_TYPE_4gb_segments_notify  1

230
#define VMASST_TYPE_writable_pagetables  2

231
#define VMASST_TYPE_pae_extended_cr3     3

232
#define MAX_VMASST_TYPE 3

233


234
#ifndef __ASSEMBLY__

235


236
typedef uint16_t domid_t;

237


238
/* Domain ids >= DOMID_FIRST_RESERVED cannot be used for ordinary domains. */

239
#define DOMID_FIRST_RESERVED (0x7FF0U)

240


241
/* DOMID_SELF is used in certain contexts to refer to oneself. */

242
#define DOMID_SELF (0x7FF0U)

243


244
/*

245
 * DOMID_IO is used to restrict page-table updates to mapping I/O memory.

246
 * Although no Foreign Domain need be specified to map I/O pages, DOMID_IO

247
 * is useful to ensure that no mappings to the OS's own heap are accidentally

248
 * installed. (e.g., in Linux this could cause havoc as reference counts

249
 * aren't adjusted on the I/O-mapping code path).

250
 * This only makes sense in MMUEXT_SET_FOREIGNDOM, but in that context can

251
 * be specified by any calling domain.

252
 */

253
#define DOMID_IO   (0x7FF1U)

254


255
/*

256
 * DOMID_XEN is used to allow privileged domains to map restricted parts of

257
 * Xen's heap space (e.g., the machine_to_phys table).

258
 * This only makes sense in MMUEXT_SET_FOREIGNDOM, and is only permitted if

259
 * the caller is privileged.

260
 */

261
#define DOMID_XEN  (0x7FF2U)

262


263
/*

264
 * Send an array of these to HYPERVISOR_mmu_update().

265
 * NB. The fields are natural pointer/address size for this architecture.

266
 */

267
struct mmu_update {

268
    uint64_t ptr;       /* Machine address of PTE. */

269
    uint64_t val;       /* New contents of PTE.    */

270
};

271
DEFINE_GUEST_HANDLE_STRUCT(mmu_update);

272


273
/*

274
 * Send an array of these to HYPERVISOR_multicall().

275
 * NB. The fields are natural register size for this architecture.

276
 */

277
struct multicall_entry {

278
    unsigned long op;

279
    long result;

280
    unsigned long args[6];

281
};

282
DEFINE_GUEST_HANDLE_STRUCT(multicall_entry);

283


284
/*

285
 * Event channel endpoints per domain:

286
 *  1024 if a long is 32 bits; 4096 if a long is 64 bits.

287
 */

288
#define NR_EVENT_CHANNELS (sizeof(unsigned long) * sizeof(unsigned long) * 64)

289


290
struct vcpu_time_info {

291
	/*

292
	 * Updates to the following values are preceded and followed

293
	 * by an increment of 'version'. The guest can therefore

294
	 * detect updates by looking for changes to 'version'. If the

295
	 * least-significant bit of the version number is set then an

296
	 * update is in progress and the guest must wait to read a

297
	 * consistent set of values.  The correct way to interact with

298
	 * the version number is similar to Linux's seqlock: see the

299
	 * implementations of read_seqbegin/read_seqretry.

300
	 */

301
	uint32_t version;

302
	uint32_t pad0;

303
	uint64_t tsc_timestamp;   /* TSC at last update of time vals.  */

304
	uint64_t system_time;     /* Time, in nanosecs, since boot.    */

305
	/*

306
	 * Current system time:

307
	 *   system_time + ((tsc - tsc_timestamp) << tsc_shift) * tsc_to_system_mul

308
	 * CPU frequency (Hz):

309
	 *   ((10^9 << 32) / tsc_to_system_mul) >> tsc_shift

310
	 */

311
	uint32_t tsc_to_system_mul;

312
	int8_t   tsc_shift;

313
	int8_t   pad1[3];

314
}; /* 32 bytes */

315


316
struct vcpu_info {

317
	/*

318
	 * 'evtchn_upcall_pending' is written non-zero by Xen to indicate

319
	 * a pending notification for a particular VCPU. It is then cleared

320
	 * by the guest OS /before/ checking for pending work, thus avoiding

321
	 * a set-and-check race. Note that the mask is only accessed by Xen

322
	 * on the CPU that is currently hosting the VCPU. This means that the

323
	 * pending and mask flags can be updated by the guest without special

324
	 * synchronisation (i.e., no need for the x86 LOCK prefix).

325
	 * This may seem suboptimal because if the pending flag is set by

326
	 * a different CPU then an IPI may be scheduled even when the mask

327
	 * is set. However, note:

328
	 *  1. The task of 'interrupt holdoff' is covered by the per-event-

329
	 *     channel mask bits. A 'noisy' event that is continually being

330
	 *     triggered can be masked at source at this very precise

331
	 *     granularity.

332
	 *  2. The main purpose of the per-VCPU mask is therefore to restrict

333
	 *     reentrant execution: whether for concurrency control, or to

334
	 *     prevent unbounded stack usage. Whatever the purpose, we expect

335
	 *     that the mask will be asserted only for short periods at a time,

336
	 *     and so the likelihood of a 'spurious' IPI is suitably small.

337
	 * The mask is read before making an event upcall to the guest: a

338
	 * non-zero mask therefore guarantees that the VCPU will not receive

339
	 * an upcall activation. The mask is cleared when the VCPU requests

340
	 * to block: this avoids wakeup-waiting races.

341
	 */

342
	uint8_t evtchn_upcall_pending;

343
	uint8_t evtchn_upcall_mask;

344
	unsigned long evtchn_pending_sel;

345
	struct arch_vcpu_info arch;

346
	struct pvclock_vcpu_time_info time;

347
}; /* 64 bytes (x86) */

348


349
/*

350
 * Xen/kernel shared data -- pointer provided in start_info.

351
 * NB. We expect that this struct is smaller than a page.

352
 */

353
struct shared_info {

354
	struct vcpu_info vcpu_info[MAX_VIRT_CPUS];

355


356
	/*

357
	 * A domain can create "event channels" on which it can send and receive

358
	 * asynchronous event notifications. There are three classes of event that

359
	 * are delivered by this mechanism:

360
	 *  1. Bi-directional inter- and intra-domain connections. Domains must

361
	 *     arrange out-of-band to set up a connection (usually by allocating

362
	 *     an unbound 'listener' port and avertising that via a storage service

363
	 *     such as xenstore).

364
	 *  2. Physical interrupts. A domain with suitable hardware-access

365
	 *     privileges can bind an event-channel port to a physical interrupt

366
	 *     source.

367
	 *  3. Virtual interrupts ('events'). A domain can bind an event-channel

368
	 *     port to a virtual interrupt source, such as the virtual-timer

369
	 *     device or the emergency console.

370
	 *

371
	 * Event channels are addressed by a "port index". Each channel is

372
	 * associated with two bits of information:

373
	 *  1. PENDING -- notifies the domain that there is a pending notification

374
	 *     to be processed. This bit is cleared by the guest.

375
	 *  2. MASK -- if this bit is clear then a 0->1 transition of PENDING

376
	 *     will cause an asynchronous upcall to be scheduled. This bit is only

377
	 *     updated by the guest. It is read-only within Xen. If a channel

378
	 *     becomes pending while the channel is masked then the 'edge' is lost

379
	 *     (i.e., when the channel is unmasked, the guest must manually handle

380
	 *     pending notifications as no upcall will be scheduled by Xen).

381
	 *

382
	 * To expedite scanning of pending notifications, any 0->1 pending

383
	 * transition on an unmasked channel causes a corresponding bit in a

384
	 * per-vcpu selector word to be set. Each bit in the selector covers a

385
	 * 'C long' in the PENDING bitfield array.

386
	 */

387
	unsigned long evtchn_pending[sizeof(unsigned long) * 8];

388
	unsigned long evtchn_mask[sizeof(unsigned long) * 8];

389


390
	/*

391
	 * Wallclock time: updated only by control software. Guests should base

392
	 * their gettimeofday() syscall on this wallclock-base value.

393
	 */

394
	struct pvclock_wall_clock wc;

395


396
	struct arch_shared_info arch;

397


398
};

399


400
/*

401
 * Start-of-day memory layout for the initial domain (DOM0):

402
 *  1. The domain is started within contiguous virtual-memory region.

403
 *  2. The contiguous region begins and ends on an aligned 4MB boundary.

404
 *  3. The region start corresponds to the load address of the OS image.

405
 *     If the load address is not 4MB aligned then the address is rounded down.

406
 *  4. This the order of bootstrap elements in the initial virtual region:

407
 *      a. relocated kernel image

408
 *      b. initial ram disk              [mod_start, mod_len]

409
 *      c. list of allocated page frames [mfn_list, nr_pages]

410
 *      d. start_info_t structure        [register ESI (x86)]

411
 *      e. bootstrap page tables         [pt_base, CR3 (x86)]

412
 *      f. bootstrap stack               [register ESP (x86)]

413
 *  5. Bootstrap elements are packed together, but each is 4kB-aligned.

414
 *  6. The initial ram disk may be omitted.

415
 *  7. The list of page frames forms a contiguous 'pseudo-physical' memory

416
 *     layout for the domain. In particular, the bootstrap virtual-memory

417
 *     region is a 1:1 mapping to the first section of the pseudo-physical map.

418
 *  8. All bootstrap elements are mapped read-writable for the guest OS. The

419
 *     only exception is the bootstrap page table, which is mapped read-only.

420
 *  9. There is guaranteed to be at least 512kB padding after the final

421
 *     bootstrap element. If necessary, the bootstrap virtual region is

422
 *     extended by an extra 4MB to ensure this.

423
 */

424


425
#define MAX_GUEST_CMDLINE 1024

426
struct start_info {

427
	/* THE FOLLOWING ARE FILLED IN BOTH ON INITIAL BOOT AND ON RESUME.    */

428
	char magic[32];             /* "xen-<version>-<platform>".            */

429
	unsigned long nr_pages;     /* Total pages allocated to this domain.  */

430
	unsigned long shared_info;  /* MACHINE address of shared info struct. */

431
	uint32_t flags;             /* SIF_xxx flags.                         */

432
	unsigned long store_mfn;    /* MACHINE page number of shared page.    */

433
	uint32_t store_evtchn;      /* Event channel for store communication. */

434
	union {

435
		struct {

436
			unsigned long mfn;  /* MACHINE page number of console page.   */

437
			uint32_t  evtchn;   /* Event channel for console page.        */

438
		} domU;

439
		struct {

440
			uint32_t info_off;  /* Offset of console_info struct.         */

441
			uint32_t info_size; /* Size of console_info struct from start.*/

442
		} dom0;

443
	} console;

444
	/* THE FOLLOWING ARE ONLY FILLED IN ON INITIAL BOOT (NOT RESUME).     */

445
	unsigned long pt_base;      /* VIRTUAL address of page directory.     */

446
	unsigned long nr_pt_frames; /* Number of bootstrap p.t. frames.       */

447
	unsigned long mfn_list;     /* VIRTUAL address of page-frame list.    */

448
	unsigned long mod_start;    /* VIRTUAL address of pre-loaded module.  */

449
	unsigned long mod_len;      /* Size (bytes) of pre-loaded module.     */

450
	int8_t cmd_line[MAX_GUEST_CMDLINE];

451
};

452


453
/* These flags are passed in the 'flags' field of start_info_t. */

454
#define SIF_PRIVILEGED    (1<<0)  /* Is the domain privileged? */

455
#define SIF_INITDOMAIN    (1<<1)  /* Is this the initial control domain? */

456


457
typedef uint64_t cpumap_t;

458


459
typedef uint8_t xen_domain_handle_t[16];

460


461
/* Turn a plain number into a C unsigned long constant. */

462
#define __mk_unsigned_long(x) x ## UL

463
#define mk_unsigned_long(x) __mk_unsigned_long(x)

464


465
#define TMEM_SPEC_VERSION 1

466


467
struct tmem_op {

468
	uint32_t cmd;

469
	int32_t pool_id;

470
	union {

471
		struct {  /* for cmd == TMEM_NEW_POOL */

472
			uint64_t uuid[2];

473
			uint32_t flags;

474
		} new;

475
		struct {

476
			uint64_t oid[3];

477
			uint32_t index;

478
			uint32_t tmem_offset;

479
			uint32_t pfn_offset;

480
			uint32_t len;

481
			GUEST_HANDLE(void) gmfn; /* guest machine page frame */

482
		} gen;

483
	} u;

484
};

485


486
#else /* __ASSEMBLY__ */

487


488
/* In assembly code we cannot use C numeric constant suffixes. */

489
#define mk_unsigned_long(x) x

490


491
#endif /* !__ASSEMBLY__ */

492


493
#endif /* __XEN_PUBLIC_XEN_H__ */

494


495