1 files changed, 58 insertions, 163 deletions
diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c
index 4263f4cc8c55..c4c6113eb9a6 100644
--- a/drivers/lguest/lguest_user.c
+++ b/drivers/lguest/lguest_user.c
@@ -2,175 +2,62 @@
 * launcher controls and communicates with the Guest.  For example,
 * the first write will tell us the Guest's memory layout and entry
 * point.  A read will run the Guest until something happens, such as
- * a signal or the Guest doing a NOTIFY out to the Launcher.  There is
+ * a signal or the Guest accessing a device.
- * also a way for the Launcher to attach eventfds to particular NOTIFY
- * values instead of returning from the read() call.
 :*/
 #include <linux/uaccess.h>
 #include <linux/miscdevice.h>
 #include <linux/fs.h>
 #include <linux/sched.h>
-#include <linux/eventfd.h>
 #include <linux/file.h>
 #include <linux/slab.h>
 #include <linux/export.h>
 #include "lg.h"
-/*L:056
+/*L:052
- * Before we move on, let's jump ahead and look at what the kernel does when
+  The Launcher can get the registers, and also set some of them.
- * it needs to look up the eventfds.  That will complete our picture of how we
+*/
- * use RCU.
+static int getreg_setup(struct lg_cpu *cpu, const unsigned long __user *input)
- *
- * The notification value is in cpu->pending_notify: we return true if it went
- * to an eventfd.
- */
-bool send_notify_to_eventfd(struct lg_cpu *cpu)
-{
-        unsigned int i;
-        struct lg_eventfd_map *map;
-        /*
-         * This "rcu_read_lock()" helps track when someone is still looking at
-         * the (RCU-using) eventfds array.  It's not actually a lock at all;
-         * indeed it's a noop in many configurations.  (You didn't expect me to
-         * explain all the RCU secrets here, did you?)
-         */
-        rcu_read_lock();
-        /*
-         * rcu_dereference is the counter-side of rcu_assign_pointer(); it
-         * makes sure we don't access the memory pointed to by
-         * cpu->lg->eventfds before cpu->lg->eventfds is set.  Sounds crazy,
-         * but Alpha allows this!  Paul McKenney points out that a really
-         * aggressive compiler could have the same effect:
-         *   http://lists.ozlabs.org/pipermail/lguest/2009-July/001560.html
-         *
-         * So play safe, use rcu_dereference to get the rcu-protected pointer:
-         */
-        map = rcu_dereference(cpu->lg->eventfds);
-        /*
-         * Simple array search: even if they add an eventfd while we do this,
-         * we'll continue to use the old array and just won't see the new one.
-         */
-        for (i = 0; i < map->num; i++) {
-                if (map->map[i].addr == cpu->pending_notify) {
-                        eventfd_signal(map->map[i].event, 1);
-                        cpu->pending_notify = 0;
-                        break;
-                }
-        }
-        /* We're done with the rcu-protected variable cpu->lg->eventfds. */
-        rcu_read_unlock();
-        /* If we cleared the notification, it's because we found a match. */
-        return cpu->pending_notify == 0;
-}
-/*L:055
- * One of the more tricksy tricks in the Linux Kernel is a technique called
- * Read Copy Update.  Since one point of lguest is to teach lguest journeyers
- * about kernel coding, I use it here.  (In case you're curious, other purposes
- * include learning about virtualization and instilling a deep appreciation for
- * simplicity and puppies).
- *
- * We keep a simple array which maps LHCALL_NOTIFY values to eventfds, but we
- * add new eventfds without ever blocking readers from accessing the array.
- * The current Launcher only does this during boot, so that never happens.  But
- * Read Copy Update is cool, and adding a lock risks damaging even more puppies
- * than this code does.
- *
- * We allocate a brand new one-larger array, copy the old one and add our new
- * element.  Then we make the lg eventfd pointer point to the new array.
- * That's the easy part: now we need to free the old one, but we need to make
- * sure no slow CPU somewhere is still looking at it.  That's what
- * synchronize_rcu does for us: waits until every CPU has indicated that it has
- * moved on to know it's no longer using the old one.
- *
- * If that's unclear, see http://en.wikipedia.org/wiki/Read-copy-update.
- */
-static int add_eventfd(struct lguest *lg, unsigned long addr, int fd)
 {
-        struct lg_eventfd_map *new, *old = lg->eventfds;
+        unsigned long which;
-        /*
-         * We don't allow notifications on value 0 anyway (pending_notify of
-         * 0 means "nothing pending").
-         */
-        if (!addr)
-                return -EINVAL;
-        /*
-         * Replace the old array with the new one, carefully: others can
-         * be accessing it at the same time.
-         */
-        new = kmalloc(sizeof(*new) + sizeof(new->map[0]) * (old->num + 1),
-                      GFP_KERNEL);
-        if (!new)
-                return -ENOMEM;
-        /* First make identical copy. */
+        /* We re-use the ptrace structure to specify which register to read. */
-        memcpy(new->map, old->map, sizeof(old->map[0]) * old->num);
+        if (get_user(which, input) != 0)
-        new->num = old->num;
+                return -EFAULT;
-        /* Now append new entry. */
-        new->map[new->num].addr = addr;
-        new->map[new->num].event = eventfd_ctx_fdget(fd);
-        if (IS_ERR(new->map[new->num].event)) {
-                int err =  PTR_ERR(new->map[new->num].event);
-                kfree(new);
-                return err;
-        }
-        new->num++;
        /*
-         * Now put new one in place: rcu_assign_pointer() is a fancy way of
+         * We set up the cpu register pointer, and their next read will
-         * doing "lg->eventfds = new", but it uses memory barriers to make
+         * actually get the value (instead of running the guest).
-         * absolutely sure that the contents of "new" written above is nailed
-         * down before we actually do the assignment.
         *
-         * We have to think about these kinds of things when we're operating on
+         * The last argument 'true' says we can access any register.
-         * live data without locks.
         */
-        rcu_assign_pointer(lg->eventfds, new);
+        cpu->reg_read = lguest_arch_regptr(cpu, which, true);
+        if (!cpu->reg_read)
+                return -ENOENT;
-        /*
+        /* And because this is a write() call, we return the length used. */
-         * We're not in a big hurry.  Wait until no one's looking at old
+        return sizeof(unsigned long) * 2;
-         * version, then free it.
-         */
-        synchronize_rcu();
-        kfree(old);
-        return 0;
 }
-/*L:052
+static int setreg(struct lg_cpu *cpu, const unsigned long __user *input)
- * Receiving notifications from the Guest is usually done by attaching a
- * particular LHCALL_NOTIFY value to an event filedescriptor.  The eventfd will
- * become readable when the Guest does an LHCALL_NOTIFY with that value.
- *
- * This is really convenient for processing each virtqueue in a separate
- * thread.
- */
-static int attach_eventfd(struct lguest *lg, const unsigned long __user *input)
 {
-        unsigned long addr, fd;
+        unsigned long which, value, *reg;
-        int err;
-        if (get_user(addr, input) != 0)
+        /* We re-use the ptrace structure to specify which register to read. */
+        if (get_user(which, input) != 0)
                return -EFAULT;
        input++;
-        if (get_user(fd, input) != 0)
+        if (get_user(value, input) != 0)
                return -EFAULT;
-        /*
+        /* The last argument 'false' means we can't access all registers. */
-         * Just make sure two callers don't add eventfds at once.  We really
+        reg = lguest_arch_regptr(cpu, which, false);
-         * only need to lock against callers adding to the same Guest, so using
+        if (!reg)
-         * the Big Lguest Lock is overkill.  But this is setup, not a fast path.
+                return -ENOENT;
-         */
-        mutex_lock(&lguest_lock);
-        err = add_eventfd(lg, addr, fd);
-        mutex_unlock(&lguest_lock);
-        return err;
+        *reg = value;
+        /* And because this is a write() call, we return the length used. */
+        return sizeof(unsigned long) * 3;
 }
 /*L:050
@@ -194,6 +81,23 @@ static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input)
        return 0;
 }
+/*L:053
+ * Deliver a trap: this is used by the Launcher if it can't emulate
+ * an instruction.
+ */
+static int trap(struct lg_cpu *cpu, const unsigned long __user *input)
+{
+        unsigned long trapnum;
+        if (get_user(trapnum, input) != 0)
+                return -EFAULT;
+        if (!deliver_trap(cpu, trapnum))
+                return -EINVAL;
+        return 0;
+}
 /*L:040
 * Once our Guest is initialized, the Launcher makes it run by reading
 * from /dev/lguest.
@@ -237,8 +141,8 @@ static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o)
         * If we returned from read() last time because the Guest sent I/O,
         * clear the flag.
         */
-        if (cpu->pending_notify)
+        if (cpu->pending.trap)
-                cpu->pending_notify = 0;
+                cpu->pending.trap = 0;
        /* Run the Guest until something interesting happens. */
        return run_guest(cpu, (unsigned long __user *)user);
@@ -319,7 +223,7 @@ static int initialize(struct file *file, const unsigned long __user *input)
        /* "struct lguest" contains all we (the Host) know about a Guest. */
        struct lguest *lg;
        int err;
-        unsigned long args[3];
+        unsigned long args[4];
        /*
         * We grab the Big Lguest lock, which protects against multiple
@@ -343,21 +247,15 @@ static int initialize(struct file *file, const unsigned long __user *input)
                goto unlock;
        }
-        lg->eventfds = kmalloc(sizeof(*lg->eventfds), GFP_KERNEL);
-        if (!lg->eventfds) {
-                err = -ENOMEM;
-                goto free_lg;
-        }
-        lg->eventfds->num = 0;
        /* Populate the easy fields of our "struct lguest" */
        lg->mem_base = (void __user *)args[0];
        lg->pfn_limit = args[1];
+        lg->device_limit = args[3];
        /* This is the first cpu (cpu 0) and it will start booting at args[2] */
        err = lg_cpu_start(&lg->cpus[0], 0, args[2]);
        if (err)
-                goto free_eventfds;
+                goto free_lg;
        /*
         * Initialize the Guest's shadow page tables.  This allocates
@@ -378,8 +276,6 @@ static int initialize(struct file *file, const unsigned long __user *input)
 free_regs:
        /* FIXME: This should be in free_vcpu */
        free_page(lg->cpus[0].regs_page);
-free_eventfds:
-        kfree(lg->eventfds);
 free_lg:
        kfree(lg);
 unlock:
@@ -432,8 +328,12 @@ static ssize_t write(struct file *file, const char __user *in,
                return initialize(file, input);
        case LHREQ_IRQ:
                return user_send_irq(cpu, input);
-        case LHREQ_EVENTFD:
+        case LHREQ_GETREG:
-                return attach_eventfd(lg, input);
+                return getreg_setup(cpu, input);
+        case LHREQ_SETREG:
+                return setreg(cpu, input);
+        case LHREQ_TRAP:
+                return trap(cpu, input);
        default:
                return -EINVAL;
        }
@@ -478,11 +378,6 @@ static int close(struct inode *inode, struct file *file)
                mmput(lg->cpus[i].mm);
        }
-        /* Release any eventfds they registered. */
-        for (i = 0; i < lg->eventfds->num; i++)
-                eventfd_ctx_put(lg->eventfds->map[i].event);
-        kfree(lg->eventfds);
        /*
         * If lg->dead doesn't contain an error code it will be NULL or a
         * kmalloc()ed string, either of which is ok to hand to kfree().