xen: prevent crashes with non-HIGHMEM 32-bit kernels with largeish memory
[linux-2.6.git] / drivers / xen / balloon.c
1 /******************************************************************************
2  * balloon.c
3  *
4  * Xen balloon driver - enables returning/claiming memory to/from Xen.
5  *
6  * Copyright (c) 2003, B Dragovic
7  * Copyright (c) 2003-2004, M Williamson, K Fraser
8  * Copyright (c) 2005 Dan M. Smith, IBM Corporation
9  *
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation; or, when distributed
13  * separately from the Linux kernel or incorporated into other
14  * software packages, subject to the following license:
15  *
16  * Permission is hereby granted, free of charge, to any person obtaining a copy
17  * of this source file (the "Software"), to deal in the Software without
18  * restriction, including without limitation the rights to use, copy, modify,
19  * merge, publish, distribute, sublicense, and/or sell copies of the Software,
20  * and to permit persons to whom the Software is furnished to do so, subject to
21  * the following conditions:
22  *
23  * The above copyright notice and this permission notice shall be included in
24  * all copies or substantial portions of the Software.
25  *
26  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
27  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
28  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
29  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
30  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
31  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
32  * IN THE SOFTWARE.
33  */
34
35 #include <linux/kernel.h>
36 #include <linux/module.h>
37 #include <linux/sched.h>
38 #include <linux/errno.h>
39 #include <linux/mm.h>
40 #include <linux/bootmem.h>
41 #include <linux/pagemap.h>
42 #include <linux/highmem.h>
43 #include <linux/mutex.h>
44 #include <linux/list.h>
45 #include <linux/sysdev.h>
46 #include <linux/gfp.h>
47
48 #include <asm/page.h>
49 #include <asm/pgalloc.h>
50 #include <asm/pgtable.h>
51 #include <asm/uaccess.h>
52 #include <asm/tlb.h>
53 #include <asm/e820.h>
54
55 #include <asm/xen/hypervisor.h>
56 #include <asm/xen/hypercall.h>
57
58 #include <xen/xen.h>
59 #include <xen/interface/xen.h>
60 #include <xen/interface/memory.h>
61 #include <xen/xenbus.h>
62 #include <xen/features.h>
63 #include <xen/page.h>
64
65 #define PAGES2KB(_p) ((_p)<<(PAGE_SHIFT-10))
66
67 #define BALLOON_CLASS_NAME "xen_memory"
68
69 struct balloon_stats {
70         /* We aim for 'current allocation' == 'target allocation'. */
71         unsigned long current_pages;
72         unsigned long target_pages;
73         /*
74          * Drivers may alter the memory reservation independently, but they
75          * must inform the balloon driver so we avoid hitting the hard limit.
76          */
77         unsigned long driver_pages;
78         /* Number of pages in high- and low-memory balloons. */
79         unsigned long balloon_low;
80         unsigned long balloon_high;
81 };
82
83 static DEFINE_MUTEX(balloon_mutex);
84
85 static struct sys_device balloon_sysdev;
86
87 static int register_balloon(struct sys_device *sysdev);
88
89 static struct balloon_stats balloon_stats;
90
91 /* We increase/decrease in batches which fit in a page */
92 static unsigned long frame_list[PAGE_SIZE / sizeof(unsigned long)];
93
94 #ifdef CONFIG_HIGHMEM
95 #define inc_totalhigh_pages() (totalhigh_pages++)
96 #define dec_totalhigh_pages() (totalhigh_pages--)
97 #else
98 #define inc_totalhigh_pages() do {} while(0)
99 #define dec_totalhigh_pages() do {} while(0)
100 #endif
101
102 /* List of ballooned pages, threaded through the mem_map array. */
103 static LIST_HEAD(ballooned_pages);
104
105 /* Main work function, always executed in process context. */
106 static void balloon_process(struct work_struct *work);
107 static DECLARE_WORK(balloon_worker, balloon_process);
108 static struct timer_list balloon_timer;
109
110 /* When ballooning out (allocating memory to return to Xen) we don't really
111    want the kernel to try too hard since that can trigger the oom killer. */
112 #define GFP_BALLOON \
113         (GFP_HIGHUSER | __GFP_NOWARN | __GFP_NORETRY | __GFP_NOMEMALLOC)
114
115 static void scrub_page(struct page *page)
116 {
117 #ifdef CONFIG_XEN_SCRUB_PAGES
118         clear_highpage(page);
119 #endif
120 }
121
122 /* balloon_append: add the given page to the balloon. */
123 static void __balloon_append(struct page *page)
124 {
125         /* Lowmem is re-populated first, so highmem pages go at list tail. */
126         if (PageHighMem(page)) {
127                 list_add_tail(&page->lru, &ballooned_pages);
128                 balloon_stats.balloon_high++;
129                 dec_totalhigh_pages();
130         } else {
131                 list_add(&page->lru, &ballooned_pages);
132                 balloon_stats.balloon_low++;
133         }
134 }
135
136 static void balloon_append(struct page *page)
137 {
138         __balloon_append(page);
139         totalram_pages--;
140 }
141
142 /* balloon_retrieve: rescue a page from the balloon, if it is not empty. */
143 static struct page *balloon_retrieve(void)
144 {
145         struct page *page;
146
147         if (list_empty(&ballooned_pages))
148                 return NULL;
149
150         page = list_entry(ballooned_pages.next, struct page, lru);
151         list_del(&page->lru);
152
153         if (PageHighMem(page)) {
154                 balloon_stats.balloon_high--;
155                 inc_totalhigh_pages();
156         }
157         else
158                 balloon_stats.balloon_low--;
159
160         totalram_pages++;
161
162         return page;
163 }
164
165 static struct page *balloon_first_page(void)
166 {
167         if (list_empty(&ballooned_pages))
168                 return NULL;
169         return list_entry(ballooned_pages.next, struct page, lru);
170 }
171
172 static struct page *balloon_next_page(struct page *page)
173 {
174         struct list_head *next = page->lru.next;
175         if (next == &ballooned_pages)
176                 return NULL;
177         return list_entry(next, struct page, lru);
178 }
179
180 static void balloon_alarm(unsigned long unused)
181 {
182         schedule_work(&balloon_worker);
183 }
184
185 static unsigned long current_target(void)
186 {
187         unsigned long target = balloon_stats.target_pages;
188
189         target = min(target,
190                      balloon_stats.current_pages +
191                      balloon_stats.balloon_low +
192                      balloon_stats.balloon_high);
193
194         return target;
195 }
196
197 static int increase_reservation(unsigned long nr_pages)
198 {
199         unsigned long  pfn, i;
200         struct page   *page;
201         long           rc;
202         struct xen_memory_reservation reservation = {
203                 .address_bits = 0,
204                 .extent_order = 0,
205                 .domid        = DOMID_SELF
206         };
207
208         if (nr_pages > ARRAY_SIZE(frame_list))
209                 nr_pages = ARRAY_SIZE(frame_list);
210
211         page = balloon_first_page();
212         for (i = 0; i < nr_pages; i++) {
213                 BUG_ON(page == NULL);
214                 frame_list[i] = page_to_pfn(page);
215                 page = balloon_next_page(page);
216         }
217
218         set_xen_guest_handle(reservation.extent_start, frame_list);
219         reservation.nr_extents = nr_pages;
220         rc = HYPERVISOR_memory_op(XENMEM_populate_physmap, &reservation);
221         if (rc < 0)
222                 goto out;
223
224         for (i = 0; i < rc; i++) {
225                 page = balloon_retrieve();
226                 BUG_ON(page == NULL);
227
228                 pfn = page_to_pfn(page);
229                 BUG_ON(!xen_feature(XENFEAT_auto_translated_physmap) &&
230                        phys_to_machine_mapping_valid(pfn));
231
232                 set_phys_to_machine(pfn, frame_list[i]);
233
234                 /* Link back into the page tables if not highmem. */
235                 if (pfn < max_low_pfn) {
236                         int ret;
237                         ret = HYPERVISOR_update_va_mapping(
238                                 (unsigned long)__va(pfn << PAGE_SHIFT),
239                                 mfn_pte(frame_list[i], PAGE_KERNEL),
240                                 0);
241                         BUG_ON(ret);
242                 }
243
244                 /* Relinquish the page back to the allocator. */
245                 ClearPageReserved(page);
246                 init_page_count(page);
247                 __free_page(page);
248         }
249
250         balloon_stats.current_pages += rc;
251
252  out:
253         return rc < 0 ? rc : rc != nr_pages;
254 }
255
256 static int decrease_reservation(unsigned long nr_pages)
257 {
258         unsigned long  pfn, i;
259         struct page   *page;
260         int            need_sleep = 0;
261         int ret;
262         struct xen_memory_reservation reservation = {
263                 .address_bits = 0,
264                 .extent_order = 0,
265                 .domid        = DOMID_SELF
266         };
267
268         if (nr_pages > ARRAY_SIZE(frame_list))
269                 nr_pages = ARRAY_SIZE(frame_list);
270
271         for (i = 0; i < nr_pages; i++) {
272                 if ((page = alloc_page(GFP_BALLOON)) == NULL) {
273                         nr_pages = i;
274                         need_sleep = 1;
275                         break;
276                 }
277
278                 pfn = page_to_pfn(page);
279                 frame_list[i] = pfn_to_mfn(pfn);
280
281                 scrub_page(page);
282
283                 if (!PageHighMem(page)) {
284                         ret = HYPERVISOR_update_va_mapping(
285                                 (unsigned long)__va(pfn << PAGE_SHIFT),
286                                 __pte_ma(0), 0);
287                         BUG_ON(ret);
288                 }
289
290         }
291
292         /* Ensure that ballooned highmem pages don't have kmaps. */
293         kmap_flush_unused();
294         flush_tlb_all();
295
296         /* No more mappings: invalidate P2M and add to balloon. */
297         for (i = 0; i < nr_pages; i++) {
298                 pfn = mfn_to_pfn(frame_list[i]);
299                 set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
300                 balloon_append(pfn_to_page(pfn));
301         }
302
303         set_xen_guest_handle(reservation.extent_start, frame_list);
304         reservation.nr_extents   = nr_pages;
305         ret = HYPERVISOR_memory_op(XENMEM_decrease_reservation, &reservation);
306         BUG_ON(ret != nr_pages);
307
308         balloon_stats.current_pages -= nr_pages;
309
310         return need_sleep;
311 }
312
313 /*
314  * We avoid multiple worker processes conflicting via the balloon mutex.
315  * We may of course race updates of the target counts (which are protected
316  * by the balloon lock), or with changes to the Xen hard limit, but we will
317  * recover from these in time.
318  */
319 static void balloon_process(struct work_struct *work)
320 {
321         int need_sleep = 0;
322         long credit;
323
324         mutex_lock(&balloon_mutex);
325
326         do {
327                 credit = current_target() - balloon_stats.current_pages;
328                 if (credit > 0)
329                         need_sleep = (increase_reservation(credit) != 0);
330                 if (credit < 0)
331                         need_sleep = (decrease_reservation(-credit) != 0);
332
333 #ifndef CONFIG_PREEMPT
334                 if (need_resched())
335                         schedule();
336 #endif
337         } while ((credit != 0) && !need_sleep);
338
339         /* Schedule more work if there is some still to be done. */
340         if (current_target() != balloon_stats.current_pages)
341                 mod_timer(&balloon_timer, jiffies + HZ);
342
343         mutex_unlock(&balloon_mutex);
344 }
345
346 /* Resets the Xen limit, sets new target, and kicks off processing. */
347 static void balloon_set_new_target(unsigned long target)
348 {
349         /* No need for lock. Not read-modify-write updates. */
350         balloon_stats.target_pages = target;
351         schedule_work(&balloon_worker);
352 }
353
354 static struct xenbus_watch target_watch =
355 {
356         .node = "memory/target"
357 };
358
359 /* React to a change in the target key */
360 static void watch_target(struct xenbus_watch *watch,
361                          const char **vec, unsigned int len)
362 {
363         unsigned long long new_target;
364         int err;
365
366         err = xenbus_scanf(XBT_NIL, "memory", "target", "%llu", &new_target);
367         if (err != 1) {
368                 /* This is ok (for domain0 at least) - so just return */
369                 return;
370         }
371
372         /* The given memory/target value is in KiB, so it needs converting to
373          * pages. PAGE_SHIFT converts bytes to pages, hence PAGE_SHIFT - 10.
374          */
375         balloon_set_new_target(new_target >> (PAGE_SHIFT - 10));
376 }
377
378 static int balloon_init_watcher(struct notifier_block *notifier,
379                                 unsigned long event,
380                                 void *data)
381 {
382         int err;
383
384         err = register_xenbus_watch(&target_watch);
385         if (err)
386                 printk(KERN_ERR "Failed to set balloon watcher\n");
387
388         return NOTIFY_DONE;
389 }
390
391 static struct notifier_block xenstore_notifier;
392
393 static int __init balloon_init(void)
394 {
395         unsigned long pfn, extra_pfn_end;
396         struct page *page;
397
398         if (!xen_pv_domain())
399                 return -ENODEV;
400
401         pr_info("xen_balloon: Initialising balloon driver.\n");
402
403         balloon_stats.current_pages = min(xen_start_info->nr_pages, max_pfn);
404         balloon_stats.target_pages  = balloon_stats.current_pages;
405         balloon_stats.balloon_low   = 0;
406         balloon_stats.balloon_high  = 0;
407         balloon_stats.driver_pages  = 0UL;
408
409         init_timer(&balloon_timer);
410         balloon_timer.data = 0;
411         balloon_timer.function = balloon_alarm;
412
413         register_balloon(&balloon_sysdev);
414
415         /*
416          * Initialise the balloon with excess memory space.  We need
417          * to make sure we don't add memory which doesn't exist or
418          * logically exist.  The E820 map can be trimmed to be smaller
419          * than the amount of physical memory due to the mem= command
420          * line parameter.  And if this is a 32-bit non-HIGHMEM kernel
421          * on a system with memory which requires highmem to access,
422          * don't try to use it.
423          */
424         extra_pfn_end = min(min(max_pfn, e820_end_of_ram_pfn()),
425                             (unsigned long)PFN_DOWN(xen_extra_mem_start + xen_extra_mem_size));
426         for (pfn = PFN_UP(xen_extra_mem_start);
427              pfn < extra_pfn_end;
428              pfn++) {
429                 page = pfn_to_page(pfn);
430                 /* totalram_pages doesn't include the boot-time
431                    balloon extension, so don't subtract from it. */
432                 __balloon_append(page);
433         }
434
435         target_watch.callback = watch_target;
436         xenstore_notifier.notifier_call = balloon_init_watcher;
437
438         register_xenstore_notifier(&xenstore_notifier);
439
440         return 0;
441 }
442
443 subsys_initcall(balloon_init);
444
445 static void balloon_exit(void)
446 {
447     /* XXX - release balloon here */
448     return;
449 }
450
451 module_exit(balloon_exit);
452
453 #define BALLOON_SHOW(name, format, args...)                             \
454         static ssize_t show_##name(struct sys_device *dev,              \
455                                    struct sysdev_attribute *attr,       \
456                                    char *buf)                           \
457         {                                                               \
458                 return sprintf(buf, format, ##args);                    \
459         }                                                               \
460         static SYSDEV_ATTR(name, S_IRUGO, show_##name, NULL)
461
462 BALLOON_SHOW(current_kb, "%lu\n", PAGES2KB(balloon_stats.current_pages));
463 BALLOON_SHOW(low_kb, "%lu\n", PAGES2KB(balloon_stats.balloon_low));
464 BALLOON_SHOW(high_kb, "%lu\n", PAGES2KB(balloon_stats.balloon_high));
465 BALLOON_SHOW(driver_kb, "%lu\n", PAGES2KB(balloon_stats.driver_pages));
466
467 static ssize_t show_target_kb(struct sys_device *dev, struct sysdev_attribute *attr,
468                               char *buf)
469 {
470         return sprintf(buf, "%lu\n", PAGES2KB(balloon_stats.target_pages));
471 }
472
473 static ssize_t store_target_kb(struct sys_device *dev,
474                                struct sysdev_attribute *attr,
475                                const char *buf,
476                                size_t count)
477 {
478         char *endchar;
479         unsigned long long target_bytes;
480
481         if (!capable(CAP_SYS_ADMIN))
482                 return -EPERM;
483
484         target_bytes = simple_strtoull(buf, &endchar, 0) * 1024;
485
486         balloon_set_new_target(target_bytes >> PAGE_SHIFT);
487
488         return count;
489 }
490
491 static SYSDEV_ATTR(target_kb, S_IRUGO | S_IWUSR,
492                    show_target_kb, store_target_kb);
493
494
495 static ssize_t show_target(struct sys_device *dev, struct sysdev_attribute *attr,
496                               char *buf)
497 {
498         return sprintf(buf, "%llu\n",
499                        (unsigned long long)balloon_stats.target_pages
500                        << PAGE_SHIFT);
501 }
502
503 static ssize_t store_target(struct sys_device *dev,
504                             struct sysdev_attribute *attr,
505                             const char *buf,
506                             size_t count)
507 {
508         char *endchar;
509         unsigned long long target_bytes;
510
511         if (!capable(CAP_SYS_ADMIN))
512                 return -EPERM;
513
514         target_bytes = memparse(buf, &endchar);
515
516         balloon_set_new_target(target_bytes >> PAGE_SHIFT);
517
518         return count;
519 }
520
521 static SYSDEV_ATTR(target, S_IRUGO | S_IWUSR,
522                    show_target, store_target);
523
524
525 static struct sysdev_attribute *balloon_attrs[] = {
526         &attr_target_kb,
527         &attr_target,
528 };
529
530 static struct attribute *balloon_info_attrs[] = {
531         &attr_current_kb.attr,
532         &attr_low_kb.attr,
533         &attr_high_kb.attr,
534         &attr_driver_kb.attr,
535         NULL
536 };
537
538 static struct attribute_group balloon_info_group = {
539         .name = "info",
540         .attrs = balloon_info_attrs,
541 };
542
543 static struct sysdev_class balloon_sysdev_class = {
544         .name = BALLOON_CLASS_NAME,
545 };
546
547 static int register_balloon(struct sys_device *sysdev)
548 {
549         int i, error;
550
551         error = sysdev_class_register(&balloon_sysdev_class);
552         if (error)
553                 return error;
554
555         sysdev->id = 0;
556         sysdev->cls = &balloon_sysdev_class;
557
558         error = sysdev_register(sysdev);
559         if (error) {
560                 sysdev_class_unregister(&balloon_sysdev_class);
561                 return error;
562         }
563
564         for (i = 0; i < ARRAY_SIZE(balloon_attrs); i++) {
565                 error = sysdev_create_file(sysdev, balloon_attrs[i]);
566                 if (error)
567                         goto fail;
568         }
569
570         error = sysfs_create_group(&sysdev->kobj, &balloon_info_group);
571         if (error)
572                 goto fail;
573
574         return 0;
575
576  fail:
577         while (--i >= 0)
578                 sysdev_remove_file(sysdev, balloon_attrs[i]);
579         sysdev_unregister(sysdev);
580         sysdev_class_unregister(&balloon_sysdev_class);
581         return error;
582 }
583
584 MODULE_LICENSE("GPL");