i86xpv/os/mp_xen.c

843e1988Sjohnlev/*
843e1988Sjohnlev * CDDL HEADER START
843e1988Sjohnlev *
843e1988Sjohnlev * The contents of this file are subject to the terms of the
843e1988Sjohnlev * Common Development and Distribution License (the "License").
843e1988Sjohnlev * You may not use this file except in compliance with the License.
843e1988Sjohnlev *
843e1988Sjohnlev * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
843e1988Sjohnlev * or http://www.opensolaris.org/os/licensing.
843e1988Sjohnlev * See the License for the specific language governing permissions
843e1988Sjohnlev * and limitations under the License.
843e1988Sjohnlev *
843e1988Sjohnlev * When distributing Covered Code, include this CDDL HEADER in each
843e1988Sjohnlev * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
843e1988Sjohnlev * If applicable, add the following below this CDDL HEADER, with the
843e1988Sjohnlev * fields enclosed by brackets "[]" replaced with your own identifying
843e1988Sjohnlev * information: Portions Copyright [yyyy] [name of copyright owner]
843e1988Sjohnlev *
843e1988Sjohnlev * CDDL HEADER END
843e1988Sjohnlev */
843e1988Sjohnlev
843e1988Sjohnlev/*
f34a7178SJoe Bonasera * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
843e1988Sjohnlev * Use is subject to license terms.
843e1988Sjohnlev */
843e1988Sjohnlev
c3377ee9SJohn Levon/*
c3377ee9SJohn Levon * Copyright 2019 Joyent, Inc.
c3377ee9SJohn Levon */
c3377ee9SJohn Levon
1d03c31eSjohnlev/*
1d03c31eSjohnlev * Virtual CPU management.
1d03c31eSjohnlev *
1d03c31eSjohnlev * VCPUs can be controlled in one of two ways; through the domain itself
1d03c31eSjohnlev * (psradm, p_online(), etc.), and via changes in xenstore (vcpu_config()).
1d03c31eSjohnlev * Unfortunately, the terminology is used in different ways; they work out as
1d03c31eSjohnlev * follows:
1d03c31eSjohnlev *
1d03c31eSjohnlev * P_ONLINE: the VCPU is up and running, taking interrupts and running threads
1d03c31eSjohnlev *
1d03c31eSjohnlev * P_OFFLINE: the VCPU is up and running, but quiesced (i.e. blocked in the
1d03c31eSjohnlev * hypervisor on the idle thread).  It must be up since a downed VCPU cannot
1d03c31eSjohnlev * receive interrupts, and we require this for offline CPUs in Solaris.
1d03c31eSjohnlev *
1d03c31eSjohnlev * P_POWEROFF: the VCPU is down (we never called xen_vcpu_up(), or called
1d03c31eSjohnlev * xen_vcpu_down() for it).  It can't take interrupts or run anything, though
1d03c31eSjohnlev * if it has run previously, its software state (cpu_t, machcpu structures, IPI
1d03c31eSjohnlev * event channels, etc.) will still exist.
1d03c31eSjohnlev *
1d03c31eSjohnlev * The hypervisor has two notions of CPU states as represented in the store:
1d03c31eSjohnlev *
1d03c31eSjohnlev * "offline": the VCPU is down.  Corresponds to P_POWEROFF.
1d03c31eSjohnlev *
1d03c31eSjohnlev * "online": the VCPU is running.  Corresponds to a CPU state other than
1d03c31eSjohnlev * P_POWEROFF.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Currently, only a notification via xenstore can bring a CPU into a
1d03c31eSjohnlev * P_POWEROFF state, and only the domain can change between P_ONLINE, P_NOINTR,
1d03c31eSjohnlev * P_OFFLINE, etc.  We need to be careful to treat xenstore notifications
1d03c31eSjohnlev * idempotently, as we'll get 'duplicate' entries when we resume a domain.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Note that the xenstore configuration is strictly advisory, in that a domain
1d03c31eSjohnlev * can choose to ignore it and still power up a VCPU in the offline state. To
1d03c31eSjohnlev * play nice, we don't allow it. Thus, any attempt to power on/off a CPU is
1d03c31eSjohnlev * ENOTSUP from within Solaris.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Powering off a VCPU and suspending the domain use similar code. The
1d03c31eSjohnlev * difficulty here is that we must ensure that each VCPU is in a stable
1d03c31eSjohnlev * state: it must have a saved PCB, and not be responding to interrupts
1d03c31eSjohnlev * (since we are just about to remove its ability to run on a real CPU,
1d03c31eSjohnlev * possibly forever).  However, an offline CPU in Solaris can take
1d03c31eSjohnlev * cross-call interrupts, as mentioned, so we must go through a
1d03c31eSjohnlev * two-stage process.  First, we use the standard Solaris pause_cpus().
1d03c31eSjohnlev * This ensures that all CPUs are either in mach_cpu_pause() or
1d03c31eSjohnlev * mach_cpu_idle(), and nothing will cross-call them.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Powered-off-CPUs are already safe, as we own the cpu_lock needed to
1d03c31eSjohnlev * bring them back up, and in state CPU_PHASE_POWERED_OFF.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Running CPUs are spinning in mach_cpu_pause() waiting for either
1d03c31eSjohnlev * PAUSE_IDLE or CPU_PHASE_WAIT_SAFE.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Offline CPUs are either running the idle thread and periodically
1d03c31eSjohnlev * checking for CPU_PHASE_WAIT_SAFE, or blocked in the hypervisor.
1d03c31eSjohnlev *
1d03c31eSjohnlev * Thus, we set CPU_PHASE_WAIT_SAFE for every powered-on CPU, as well as
1d03c31eSjohnlev * poking them to make sure they're not blocked[1]. When every CPU has
1d03c31eSjohnlev * responded by reaching a safe state and setting CPU_PHASE_SAFE, we
1d03c31eSjohnlev * know we can suspend, or power-off a CPU, without problems.
1d03c31eSjohnlev *
1d03c31eSjohnlev * [1] note that we have to repeatedly poke offline CPUs: it's the only
1d03c31eSjohnlev * way to ensure that the CPU doesn't miss the state change before
1d03c31eSjohnlev * dropping into HYPERVISOR_block().
1d03c31eSjohnlev */
1d03c31eSjohnlev
843e1988Sjohnlev#include <sys/types.h>
843e1988Sjohnlev#include <sys/systm.h>
843e1988Sjohnlev#include <sys/param.h>
843e1988Sjohnlev#include <sys/taskq.h>
843e1988Sjohnlev#include <sys/cmn_err.h>
843e1988Sjohnlev#include <sys/archsystm.h>
843e1988Sjohnlev#include <sys/machsystm.h>
843e1988Sjohnlev#include <sys/segments.h>
843e1988Sjohnlev#include <sys/cpuvar.h>
843e1988Sjohnlev#include <sys/x86_archext.h>
843e1988Sjohnlev#include <sys/controlregs.h>
843e1988Sjohnlev#include <sys/hypervisor.h>
843e1988Sjohnlev#include <sys/xpv_panic.h>
1d03c31eSjohnlev#include <sys/mman.h>
1d03c31eSjohnlev#include <sys/psw.h>
843e1988Sjohnlev#include <sys/cpu.h>
1d03c31eSjohnlev#include <sys/sunddi.h>
1d03c31eSjohnlev#include <util/sscanf.h>
1d03c31eSjohnlev#include <vm/hat_i86.h>
1d03c31eSjohnlev#include <vm/hat.h>
1d03c31eSjohnlev#include <vm/as.h>
843e1988Sjohnlev
843e1988Sjohnlev#include <xen/public/io/xs_wire.h>
1d03c31eSjohnlev#include <xen/sys/xenbus_impl.h>
1d03c31eSjohnlev#include <xen/public/vcpu.h>
843e1988Sjohnlev
f34a7178SJoe Bonaseraextern cpuset_t cpu_ready_set;
f34a7178SJoe Bonasera
1d03c31eSjohnlev#define	CPU_PHASE_NONE 0
1d03c31eSjohnlev#define	CPU_PHASE_WAIT_SAFE 1
1d03c31eSjohnlev#define	CPU_PHASE_SAFE 2
1d03c31eSjohnlev#define	CPU_PHASE_POWERED_OFF 3
1d03c31eSjohnlev
1d03c31eSjohnlev/*
1d03c31eSjohnlev * We can only poke CPUs during barrier enter 256 times a second at
1d03c31eSjohnlev * most.
1d03c31eSjohnlev */
1d03c31eSjohnlev#define	POKE_TIMEOUT (NANOSEC / 256)
843e1988Sjohnlev
843e1988Sjohnlevstatic taskq_t *cpu_config_tq;
1d03c31eSjohnlevstatic int cpu_phase[NCPU];
1d03c31eSjohnlev
843e1988Sjohnlevstatic void vcpu_config_event(struct xenbus_watch *, const char **, uint_t);
843e1988Sjohnlevstatic int xen_vcpu_initialize(processorid_t, vcpu_guest_context_t *);
843e1988Sjohnlev
b9bc7f78Ssmaybe/*
b9bc7f78Ssmaybe * Return whether or not the vcpu is actually running on a pcpu
b9bc7f78Ssmaybe */
b9bc7f78Ssmaybeint
b9bc7f78Ssmaybevcpu_on_pcpu(processorid_t cpu)
b9bc7f78Ssmaybe{
b9bc7f78Ssmaybe	struct vcpu_runstate_info runstate;
b9bc7f78Ssmaybe	int	ret = VCPU_STATE_UNKNOWN;
b9bc7f78Ssmaybe
b9bc7f78Ssmaybe	ASSERT(cpu < NCPU);
b9bc7f78Ssmaybe	/*
b9bc7f78Ssmaybe	 * Don't bother with hypercall if we are asking about ourself
b9bc7f78Ssmaybe	 */
b9bc7f78Ssmaybe	if (cpu == CPU->cpu_id)
b9bc7f78Ssmaybe		return (VCPU_ON_PCPU);
b9bc7f78Ssmaybe	if (HYPERVISOR_vcpu_op(VCPUOP_get_runstate_info, cpu, &runstate) != 0)
b9bc7f78Ssmaybe		goto out;
b9bc7f78Ssmaybe
b9bc7f78Ssmaybe	switch (runstate.state) {
b9bc7f78Ssmaybe	case RUNSTATE_running:
b9bc7f78Ssmaybe		ret = VCPU_ON_PCPU;
b9bc7f78Ssmaybe		break;
b9bc7f78Ssmaybe
b9bc7f78Ssmaybe	case RUNSTATE_runnable:
b9bc7f78Ssmaybe	case RUNSTATE_offline:
b9bc7f78Ssmaybe	case RUNSTATE_blocked:
b9bc7f78Ssmaybe		ret = VCPU_NOT_ON_PCPU;
b9bc7f78Ssmaybe		break;
b9bc7f78Ssmaybe
b9bc7f78Ssmaybe	default:
b9bc7f78Ssmaybe		break;
b9bc7f78Ssmaybe	}
b9bc7f78Ssmaybe
b9bc7f78Ssmaybeout:
b9bc7f78Ssmaybe	return (ret);
b9bc7f78Ssmaybe}
b9bc7f78Ssmaybe
843e1988Sjohnlev/*
843e1988Sjohnlev * These routines allocate any global state that might be needed
843e1988Sjohnlev * while starting cpus.  For virtual cpus, there is no such state.
843e1988Sjohnlev */
843e1988Sjohnlevint
843e1988Sjohnlevmach_cpucontext_init(void)
843e1988Sjohnlev{
843e1988Sjohnlev	return (0);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevvoid
843e1988Sjohnlevdo_cpu_config_watch(int state)
843e1988Sjohnlev{
843e1988Sjohnlev	static struct xenbus_watch cpu_config_watch;
843e1988Sjohnlev
843e1988Sjohnlev	if (state != XENSTORE_UP)
843e1988Sjohnlev		return;
843e1988Sjohnlev	cpu_config_watch.node = "cpu";
843e1988Sjohnlev	cpu_config_watch.callback = vcpu_config_event;
843e1988Sjohnlev	if (register_xenbus_watch(&cpu_config_watch)) {
843e1988Sjohnlev		taskq_destroy(cpu_config_tq);
843e1988Sjohnlev		cmn_err(CE_WARN, "do_cpu_config_watch: "
843e1988Sjohnlev		    "failed to set vcpu config watch");
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
843e1988Sjohnlev * This routine is called after all the "normal" MP startup has
843e1988Sjohnlev * been done; a good place to start watching xen store for virtual
843e1988Sjohnlev * cpu hot plug events.
843e1988Sjohnlev */
843e1988Sjohnlevvoid
843e1988Sjohnlevmach_cpucontext_fini(void)
843e1988Sjohnlev{
843e1988Sjohnlev
843e1988Sjohnlev	cpu_config_tq = taskq_create("vcpu config taskq", 1,
843e1988Sjohnlev	    maxclsyspri - 1, 1, 1, TASKQ_PREPOPULATE);
843e1988Sjohnlev
843e1988Sjohnlev	(void) xs_register_xenbus_callback(do_cpu_config_watch);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
843e1988Sjohnlev * Fill in the remaining CPU context and initialize it.
843e1988Sjohnlev */
843e1988Sjohnlevstatic int
843e1988Sjohnlevmp_set_cpu_context(vcpu_guest_context_t *vgc, cpu_t *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	uint_t vec, iopl;
843e1988Sjohnlev
843e1988Sjohnlev	vgc->flags = VGCF_IN_KERNEL;
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * fpu_ctx we leave as zero; on first fault we'll store
843e1988Sjohnlev	 * sse_initial into it anyway.
843e1988Sjohnlev	 */
843e1988Sjohnlev
843e1988Sjohnlev	vgc->user_regs.cs = KCS_SEL | SEL_KPL;	/* force to ring 3 */
843e1988Sjohnlev	vgc->user_regs.ds = KDS_SEL;
843e1988Sjohnlev	vgc->user_regs.es = KDS_SEL;
843e1988Sjohnlev	vgc->user_regs.ss = KDS_SEL;
843e1988Sjohnlev	vgc->kernel_ss = KDS_SEL;
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * Allow I/O privilege level for Dom0 kernel.
843e1988Sjohnlev	 */
843e1988Sjohnlev	if (DOMAIN_IS_INITDOMAIN(xen_info))
843e1988Sjohnlev		iopl = (PS_IOPL & 0x1000); /* ring 1 */
843e1988Sjohnlev	else
843e1988Sjohnlev		iopl = 0;
843e1988Sjohnlev
843e1988Sjohnlev	vgc->user_regs.fs = 0;
843e1988Sjohnlev	vgc->user_regs.gs = 0;
843e1988Sjohnlev	vgc->user_regs.rflags = F_OFF | iopl;
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * Initialize the trap_info_t from the IDT
843e1988Sjohnlev	 */
843e1988Sjohnlev#if !defined(__lint)
843e1988Sjohnlev	ASSERT(NIDT == sizeof (vgc->trap_ctxt) / sizeof (vgc->trap_ctxt[0]));
843e1988Sjohnlev#endif
843e1988Sjohnlev	for (vec = 0; vec < NIDT; vec++) {
843e1988Sjohnlev		trap_info_t *ti = &vgc->trap_ctxt[vec];
843e1988Sjohnlev
843e1988Sjohnlev		if (xen_idt_to_trap_info(vec,
843e1988Sjohnlev		    &cp->cpu_m.mcpu_idt[vec], ti) == 0) {
843e1988Sjohnlev			ti->cs = KCS_SEL;
843e1988Sjohnlev			ti->vector = vec;
843e1988Sjohnlev		}
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * No LDT
843e1988Sjohnlev	 */
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * (We assert in various places that the GDT is (a) aligned on a
843e1988Sjohnlev	 * page boundary and (b) one page long, so this really should fit..)
843e1988Sjohnlev	 */
843e1988Sjohnlev#ifdef CRASH_XEN
843e1988Sjohnlev	vgc->gdt_frames[0] = pa_to_ma(mmu_btop(cp->cpu_m.mcpu_gdtpa));
843e1988Sjohnlev#else
843e1988Sjohnlev	vgc->gdt_frames[0] = pfn_to_mfn(mmu_btop(cp->cpu_m.mcpu_gdtpa));
843e1988Sjohnlev#endif
843e1988Sjohnlev	vgc->gdt_ents = NGDT;
843e1988Sjohnlev
843e1988Sjohnlev	vgc->ctrlreg[0] = CR0_ENABLE_FPU_FLAGS(getcr0());
843e1988Sjohnlev
*86ef0a63SRichard Lowe	vgc->ctrlreg[3] =
*86ef0a63SRichard Lowe	    pa_to_ma(mmu_ptob(kas.a_hat->hat_htable->ht_pfn));
843e1988Sjohnlev
843e1988Sjohnlev	vgc->ctrlreg[4] = getcr4();
843e1988Sjohnlev
843e1988Sjohnlev	vgc->event_callback_eip = (uintptr_t)xen_callback;
843e1988Sjohnlev	vgc->failsafe_callback_eip = (uintptr_t)xen_failsafe_callback;
843e1988Sjohnlev	vgc->flags |= VGCF_failsafe_disables_events;
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * XXPV should this be moved to init_cpu_syscall?
843e1988Sjohnlev	 */
843e1988Sjohnlev	vgc->syscall_callback_eip = (uintptr_t)sys_syscall;
843e1988Sjohnlev	vgc->flags |= VGCF_syscall_disables_events;
843e1988Sjohnlev
843e1988Sjohnlev	ASSERT(vgc->user_regs.gs == 0);
843e1988Sjohnlev	vgc->gs_base_kernel = (uintptr_t)cp;
843e1988Sjohnlev
843e1988Sjohnlev	return (xen_vcpu_initialize(cp->cpu_id, vgc));
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
843e1988Sjohnlev * Create a guest virtual cpu context so that the virtual cpu
843e1988Sjohnlev * springs into life in the domain just about to call mp_startup()
843e1988Sjohnlev *
843e1988Sjohnlev * Virtual CPUs must be initialized once in the lifetime of the domain;
843e1988Sjohnlev * after that subsequent attempts to start them will fail with X_EEXIST.
843e1988Sjohnlev *
843e1988Sjohnlev * Thus 'alloc' -really- creates and initializes the virtual
843e1988Sjohnlev * CPU context just once. Once the initialisation succeeds, we never
843e1988Sjohnlev * free it, nor the regular cpu_t to which it refers.
843e1988Sjohnlev */
843e1988Sjohnlevvoid *
843e1988Sjohnlevmach_cpucontext_alloc(struct cpu *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	kthread_t *tp = cp->cpu_thread;
843e1988Sjohnlev	vcpu_guest_context_t vgc;
843e1988Sjohnlev
843e1988Sjohnlev	int err = 1;
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * First, augment the incoming cpu structure
843e1988Sjohnlev	 * - vcpu pointer reference
843e1988Sjohnlev	 * - pending event storage area
843e1988Sjohnlev	 * - physical address of GDT
843e1988Sjohnlev	 */
843e1988Sjohnlev	cp->cpu_m.mcpu_vcpu_info =
843e1988Sjohnlev	    &HYPERVISOR_shared_info->vcpu_info[cp->cpu_id];
843e1988Sjohnlev	cp->cpu_m.mcpu_evt_pend = kmem_zalloc(
843e1988Sjohnlev	    sizeof (struct xen_evt_data), KM_SLEEP);
843e1988Sjohnlev	cp->cpu_m.mcpu_gdtpa =
843e1988Sjohnlev	    mmu_ptob(hat_getpfnum(kas.a_hat, (caddr_t)cp->cpu_gdt));
843e1988Sjohnlev
843e1988Sjohnlev	if ((err = xen_gdt_setprot(cp, PROT_READ)) != 0)
843e1988Sjohnlev		goto done;
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * Now set up the vcpu context so that we can start this vcpu
843e1988Sjohnlev	 * in the kernel at tp->t_pc (mp_startup).  Note that the
843e1988Sjohnlev	 * thread will thread_exit() shortly after performing the
843e1988Sjohnlev	 * initialization; in particular, we will *never* take a
843e1988Sjohnlev	 * privilege transition on this thread.
843e1988Sjohnlev	 */
843e1988Sjohnlev
843e1988Sjohnlev	bzero(&vgc, sizeof (vgc));
843e1988Sjohnlev
843e1988Sjohnlev	vgc.user_regs.rip = tp->t_pc;
843e1988Sjohnlev	vgc.user_regs.rsp = tp->t_sp;
843e1988Sjohnlev	vgc.user_regs.rbp = tp->t_sp - 2 * sizeof (greg_t);
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * XXPV	Fix resume, if Russ didn't already fix it.
843e1988Sjohnlev	 *
843e1988Sjohnlev	 * Note that resume unconditionally puts t->t_stk + sizeof (regs)
843e1988Sjohnlev	 * into kernel_sp via HYPERVISOR_stack_switch. This anticipates
843e1988Sjohnlev	 * that only lwps take traps that switch to the kernel stack;
843e1988Sjohnlev	 * part of creating an lwp adjusts the stack by subtracting
843e1988Sjohnlev	 * sizeof (struct regs) off t_stk.
843e1988Sjohnlev	 *
843e1988Sjohnlev	 * The more interesting question is, why do we do all the work
843e1988Sjohnlev	 * of a fully fledged lwp for a plain thread?  In particular
843e1988Sjohnlev	 * we don't have to call HYPERVISOR_stack_switch for lwp-less threads
843e1988Sjohnlev	 * or futz with the LDT.  This should probably all be done with
843e1988Sjohnlev	 * an lwp context operator to keep pure thread context switch fast.
843e1988Sjohnlev	 */
843e1988Sjohnlev	vgc.kernel_sp = (ulong_t)tp->t_stk;
843e1988Sjohnlev
843e1988Sjohnlev	err = mp_set_cpu_context(&vgc, cp);
843e1988Sjohnlev
843e1988Sjohnlevdone:
843e1988Sjohnlev	if (err) {
843e1988Sjohnlev		mach_cpucontext_free(cp, NULL, err);
843e1988Sjohnlev		return (NULL);
843e1988Sjohnlev	}
843e1988Sjohnlev	return (cp);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
843e1988Sjohnlev * By the time we are called either we have successfully started
843e1988Sjohnlev * the cpu, or our attempt to start it has failed.
843e1988Sjohnlev */
843e1988Sjohnlev
843e1988Sjohnlev/*ARGSUSED*/
843e1988Sjohnlevvoid
843e1988Sjohnlevmach_cpucontext_free(struct cpu *cp, void *arg, int err)
843e1988Sjohnlev{
843e1988Sjohnlev	switch (err) {
843e1988Sjohnlev	case 0:
843e1988Sjohnlev		break;
843e1988Sjohnlev	case ETIMEDOUT:
843e1988Sjohnlev		/*
843e1988Sjohnlev		 * The vcpu context is loaded into the hypervisor, and
843e1988Sjohnlev		 * we've tried to start it, but the vcpu has not been set
843e1988Sjohnlev		 * running yet, for whatever reason.  We arrange to -not-
843e1988Sjohnlev		 * free any data structures it may be referencing.  In
843e1988Sjohnlev		 * particular, we've already told the hypervisor about
843e1988Sjohnlev		 * the GDT, and so we can't map it read-write again.
843e1988Sjohnlev		 */
843e1988Sjohnlev		break;
843e1988Sjohnlev	default:
843e1988Sjohnlev		(void) xen_gdt_setprot(cp, PROT_READ | PROT_WRITE);
843e1988Sjohnlev		kmem_free(cp->cpu_m.mcpu_evt_pend,
843e1988Sjohnlev		    sizeof (struct xen_evt_data));
843e1988Sjohnlev		break;
843e1988Sjohnlev	}
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
843e1988Sjohnlev * Reset this CPU's context.  Clear out any pending evtchn data, since event
843e1988Sjohnlev * channel numbers will all change when we resume.
843e1988Sjohnlev */
843e1988Sjohnlevvoid
843e1988Sjohnlevmach_cpucontext_reset(cpu_t *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	bzero(cp->cpu_m.mcpu_evt_pend, sizeof (struct xen_evt_data));
843e1988Sjohnlev	/* mcpu_intr_pending ? */
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevstatic void
843e1988Sjohnlevpcb_to_user_regs(label_t *pcb, vcpu_guest_context_t *vgc)
843e1988Sjohnlev{
843e1988Sjohnlev	vgc->user_regs.rip = pcb->val[REG_LABEL_PC];
843e1988Sjohnlev	vgc->user_regs.rsp = pcb->val[REG_LABEL_SP];
843e1988Sjohnlev	vgc->user_regs.rbp = pcb->val[REG_LABEL_BP];
843e1988Sjohnlev	vgc->user_regs.rbx = pcb->val[REG_LABEL_RBX];
843e1988Sjohnlev	vgc->user_regs.r12 = pcb->val[REG_LABEL_R12];
843e1988Sjohnlev	vgc->user_regs.r13 = pcb->val[REG_LABEL_R13];
843e1988Sjohnlev	vgc->user_regs.r14 = pcb->val[REG_LABEL_R14];
843e1988Sjohnlev	vgc->user_regs.r15 = pcb->val[REG_LABEL_R15];
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
1d03c31eSjohnlev * Restore the context of a CPU during resume.  This context is always
1d03c31eSjohnlev * inside enter_safe_phase(), below.
843e1988Sjohnlev */
843e1988Sjohnlevvoid
843e1988Sjohnlevmach_cpucontext_restore(cpu_t *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	vcpu_guest_context_t vgc;
843e1988Sjohnlev	int err;
843e1988Sjohnlev
843e1988Sjohnlev	ASSERT(cp->cpu_thread == cp->cpu_pause_thread ||
843e1988Sjohnlev	    cp->cpu_thread == cp->cpu_idle_thread);
843e1988Sjohnlev
843e1988Sjohnlev	bzero(&vgc, sizeof (vgc));
843e1988Sjohnlev
843e1988Sjohnlev	pcb_to_user_regs(&cp->cpu_thread->t_pcb, &vgc);
843e1988Sjohnlev
843e1988Sjohnlev	/*
843e1988Sjohnlev	 * We're emulating a longjmp() here: in particular, we need to bump the
843e1988Sjohnlev	 * stack pointer to account for the pop of xIP that returning from
843e1988Sjohnlev	 * longjmp() normally would do, and set the return value in xAX to 1.
843e1988Sjohnlev	 */
843e1988Sjohnlev	vgc.user_regs.rax = 1;
843e1988Sjohnlev	vgc.user_regs.rsp += sizeof (ulong_t);
843e1988Sjohnlev
843e1988Sjohnlev	vgc.kernel_sp = cp->cpu_thread->t_sp;
843e1988Sjohnlev
843e1988Sjohnlev	err = mp_set_cpu_context(&vgc, cp);
843e1988Sjohnlev
843e1988Sjohnlev	ASSERT(err == 0);
843e1988Sjohnlev}
843e1988Sjohnlev
1d03c31eSjohnlev/*
1d03c31eSjohnlev * Reach a point at which the CPU can be safely powered-off or
1d03c31eSjohnlev * suspended.  Nothing can wake this CPU out of the loop.
1d03c31eSjohnlev */
1d03c31eSjohnlevstatic void
1d03c31eSjohnleventer_safe_phase(void)
1d03c31eSjohnlev{
1d03c31eSjohnlev	ulong_t flags = intr_clear();
1d03c31eSjohnlev
1d03c31eSjohnlev	if (setjmp(&curthread->t_pcb) == 0) {
1d03c31eSjohnlev		cpu_phase[CPU->cpu_id] = CPU_PHASE_SAFE;
1d03c31eSjohnlev		while (cpu_phase[CPU->cpu_id] == CPU_PHASE_SAFE)
1d03c31eSjohnlev			SMT_PAUSE();
1d03c31eSjohnlev	}
1d03c31eSjohnlev
1d03c31eSjohnlev	ASSERT(!interrupts_enabled());
1d03c31eSjohnlev
1d03c31eSjohnlev	intr_restore(flags);
1d03c31eSjohnlev}
1d03c31eSjohnlev
1d03c31eSjohnlev/*
1d03c31eSjohnlev * Offline CPUs run this code even under a pause_cpus(), so we must
1d03c31eSjohnlev * check if we need to enter the safe phase.
1d03c31eSjohnlev */
843e1988Sjohnlevvoid
843e1988Sjohnlevmach_cpu_idle(void)
843e1988Sjohnlev{
843e1988Sjohnlev	if (IN_XPV_PANIC()) {
843e1988Sjohnlev		xpv_panic_halt();
843e1988Sjohnlev	} else  {
843e1988Sjohnlev		(void) HYPERVISOR_block();
1d03c31eSjohnlev		if (cpu_phase[CPU->cpu_id] == CPU_PHASE_WAIT_SAFE)
1d03c31eSjohnlev			enter_safe_phase();
843e1988Sjohnlev	}
843e1988Sjohnlev}
843e1988Sjohnlev
1d03c31eSjohnlev/*
1d03c31eSjohnlev * Spin until either start_cpus() wakes us up, or we get a request to
1d03c31eSjohnlev * enter the safe phase (followed by a later start_cpus()).
1d03c31eSjohnlev */
843e1988Sjohnlevvoid
843e1988Sjohnlevmach_cpu_pause(volatile char *safe)
843e1988Sjohnlev{
1d03c31eSjohnlev	*safe = PAUSE_WAIT;
1d03c31eSjohnlev	membar_enter();
843e1988Sjohnlev
1d03c31eSjohnlev	while (*safe != PAUSE_IDLE) {
1d03c31eSjohnlev		if (cpu_phase[CPU->cpu_id] == CPU_PHASE_WAIT_SAFE)
1d03c31eSjohnlev			enter_safe_phase();
843e1988Sjohnlev		SMT_PAUSE();
1d03c31eSjohnlev	}
843e1988Sjohnlev}
843e1988Sjohnlev
027bcc9fSToomas Soomeint
027bcc9fSToomas Soomemach_cpu_halt(xc_arg_t arg1, xc_arg_t arg2 __unused, xc_arg_t arg3 __unused)
1d03c31eSjohnlev{
027bcc9fSToomas Soome	char *msg = (char *)arg1;
027bcc9fSToomas Soome
1d03c31eSjohnlev	if (msg)
1d03c31eSjohnlev		prom_printf("%s\n", msg);
1d03c31eSjohnlev	(void) xen_vcpu_down(CPU->cpu_id);
027bcc9fSToomas Soome	return (0);
1d03c31eSjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*ARGSUSED*/
843e1988Sjohnlevint
843e1988Sjohnlevmp_cpu_poweron(struct cpu *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	return (ENOTSUP);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*ARGSUSED*/
843e1988Sjohnlevint
843e1988Sjohnlevmp_cpu_poweroff(struct cpu *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	return (ENOTSUP);
843e1988Sjohnlev}
843e1988Sjohnlev
1d03c31eSjohnlevvoid
1d03c31eSjohnlevmp_enter_barrier(void)
843e1988Sjohnlev{
1d03c31eSjohnlev	hrtime_t last_poke_time = 0;
1d03c31eSjohnlev	int poke_allowed = 0;
1d03c31eSjohnlev	int done = 0;
1d03c31eSjohnlev	int i;
843e1988Sjohnlev
843e1988Sjohnlev	ASSERT(MUTEX_HELD(&cpu_lock));
843e1988Sjohnlev
0ed5c46eSJosef 'Jeff' Sipek	pause_cpus(NULL, NULL);
1d03c31eSjohnlev
1d03c31eSjohnlev	while (!done) {
1d03c31eSjohnlev		done = 1;
1d03c31eSjohnlev		poke_allowed = 0;
1d03c31eSjohnlev
1d03c31eSjohnlev		if (xpv_gethrtime() - last_poke_time > POKE_TIMEOUT) {
1d03c31eSjohnlev			last_poke_time = xpv_gethrtime();
1d03c31eSjohnlev			poke_allowed = 1;
1d03c31eSjohnlev		}
1d03c31eSjohnlev
1d03c31eSjohnlev		for (i = 0; i < NCPU; i++) {
1d03c31eSjohnlev			cpu_t *cp = cpu_get(i);
1d03c31eSjohnlev
1d03c31eSjohnlev			if (cp == NULL || cp == CPU)
1d03c31eSjohnlev				continue;
1d03c31eSjohnlev
1d03c31eSjohnlev			switch (cpu_phase[i]) {
1d03c31eSjohnlev			case CPU_PHASE_NONE:
1d03c31eSjohnlev				cpu_phase[i] = CPU_PHASE_WAIT_SAFE;
1d03c31eSjohnlev				poke_cpu(i);
1d03c31eSjohnlev				done = 0;
1d03c31eSjohnlev				break;
1d03c31eSjohnlev
1d03c31eSjohnlev			case CPU_PHASE_WAIT_SAFE:
1d03c31eSjohnlev				if (poke_allowed)
1d03c31eSjohnlev					poke_cpu(i);
1d03c31eSjohnlev				done = 0;
1d03c31eSjohnlev				break;
1d03c31eSjohnlev
1d03c31eSjohnlev			case CPU_PHASE_SAFE:
1d03c31eSjohnlev			case CPU_PHASE_POWERED_OFF:
1d03c31eSjohnlev				break;
1d03c31eSjohnlev			}
1d03c31eSjohnlev		}
1d03c31eSjohnlev
1d03c31eSjohnlev		SMT_PAUSE();
843e1988Sjohnlev	}
1d03c31eSjohnlev}
843e1988Sjohnlev
1d03c31eSjohnlevvoid
1d03c31eSjohnlevmp_leave_barrier(void)
1d03c31eSjohnlev{
1d03c31eSjohnlev	int i;
1d03c31eSjohnlev
1d03c31eSjohnlev	ASSERT(MUTEX_HELD(&cpu_lock));
1d03c31eSjohnlev
1d03c31eSjohnlev	for (i = 0; i < NCPU; i++) {
1d03c31eSjohnlev		cpu_t *cp = cpu_get(i);
1d03c31eSjohnlev
1d03c31eSjohnlev		if (cp == NULL || cp == CPU)
1d03c31eSjohnlev			continue;
1d03c31eSjohnlev
1d03c31eSjohnlev		switch (cpu_phase[i]) {
843e1988Sjohnlev		/*
1d03c31eSjohnlev		 * If we see a CPU in one of these phases, something has
1d03c31eSjohnlev		 * gone badly wrong with the guarantees
1d03c31eSjohnlev		 * mp_enter_barrier() is supposed to provide.  Rather
1d03c31eSjohnlev		 * than attempt to stumble along (and since we can't
1d03c31eSjohnlev		 * panic properly in this context), we tell the
1d03c31eSjohnlev		 * hypervisor we've crashed.
843e1988Sjohnlev		 */
1d03c31eSjohnlev		case CPU_PHASE_NONE:
1d03c31eSjohnlev		case CPU_PHASE_WAIT_SAFE:
1d03c31eSjohnlev			(void) HYPERVISOR_shutdown(SHUTDOWN_crash);
1d03c31eSjohnlev			break;
843e1988Sjohnlev
1d03c31eSjohnlev		case CPU_PHASE_POWERED_OFF:
1d03c31eSjohnlev			break;
1d03c31eSjohnlev
1d03c31eSjohnlev		case CPU_PHASE_SAFE:
1d03c31eSjohnlev			cpu_phase[i] = CPU_PHASE_NONE;
1d03c31eSjohnlev		}
843e1988Sjohnlev	}
843e1988Sjohnlev
1d03c31eSjohnlev	start_cpus();
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevstatic int
843e1988Sjohnlevpoweroff_vcpu(struct cpu *cp)
843e1988Sjohnlev{
843e1988Sjohnlev	int error;
843e1988Sjohnlev
843e1988Sjohnlev	ASSERT(MUTEX_HELD(&cpu_lock));
843e1988Sjohnlev
843e1988Sjohnlev	ASSERT(CPU->cpu_id != cp->cpu_id);
843e1988Sjohnlev	ASSERT(cp->cpu_flags & CPU_QUIESCED);
843e1988Sjohnlev
1d03c31eSjohnlev	mp_enter_barrier();
843e1988Sjohnlev
843e1988Sjohnlev	if ((error = xen_vcpu_down(cp->cpu_id)) == 0) {
1d03c31eSjohnlev		ASSERT(cpu_phase[cp->cpu_id] == CPU_PHASE_SAFE);
1d03c31eSjohnlev
843e1988Sjohnlev		CPUSET_DEL(cpu_ready_set, cp->cpu_id);
1d03c31eSjohnlev
c3377ee9SJohn Levon		if (cp->cpu_flags & CPU_ENABLE)
c3377ee9SJohn Levon			ncpus_intr_enabled--;
c3377ee9SJohn Levon
843e1988Sjohnlev		cp->cpu_flags |= CPU_POWEROFF | CPU_OFFLINE;
843e1988Sjohnlev		cp->cpu_flags &=
843e1988Sjohnlev		    ~(CPU_RUNNING | CPU_READY | CPU_EXISTS | CPU_ENABLE);
843e1988Sjohnlev
1d03c31eSjohnlev		cpu_phase[cp->cpu_id] = CPU_PHASE_POWERED_OFF;
1d03c31eSjohnlev
843e1988Sjohnlev		cpu_set_state(cp);
843e1988Sjohnlev	}
1d03c31eSjohnlev
1d03c31eSjohnlev	mp_leave_barrier();
1d03c31eSjohnlev
843e1988Sjohnlev	return (error);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevstatic int
843e1988Sjohnlevvcpu_config_poweroff(processorid_t id)
843e1988Sjohnlev{
843e1988Sjohnlev	int oldstate;
843e1988Sjohnlev	int error;
843e1988Sjohnlev	cpu_t *cp;
843e1988Sjohnlev
843e1988Sjohnlev	mutex_enter(&cpu_lock);
843e1988Sjohnlev
843e1988Sjohnlev	if ((cp = cpu_get(id)) == NULL) {
843e1988Sjohnlev		mutex_exit(&cpu_lock);
843e1988Sjohnlev		return (ESRCH);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	if (cpu_get_state(cp) == P_POWEROFF) {
843e1988Sjohnlev		mutex_exit(&cpu_lock);
843e1988Sjohnlev		return (0);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	mutex_exit(&cpu_lock);
843e1988Sjohnlev
843e1988Sjohnlev	do {
843e1988Sjohnlev		error = p_online_internal(id, P_OFFLINE,
843e1988Sjohnlev		    &oldstate);
843e1988Sjohnlev
843e1988Sjohnlev		if (error != 0)
843e1988Sjohnlev			break;
843e1988Sjohnlev
843e1988Sjohnlev		/*
843e1988Sjohnlev		 * So we just changed it to P_OFFLINE.  But then we dropped
843e1988Sjohnlev		 * cpu_lock, so now it is possible for another thread to change
843e1988Sjohnlev		 * the cpu back to a different, non-quiesced state e.g.
843e1988Sjohnlev		 * P_ONLINE.
843e1988Sjohnlev		 */
843e1988Sjohnlev		mutex_enter(&cpu_lock);
843e1988Sjohnlev		if ((cp = cpu_get(id)) == NULL)
843e1988Sjohnlev			error = ESRCH;
843e1988Sjohnlev		else {
843e1988Sjohnlev			if (cp->cpu_flags & CPU_QUIESCED)
843e1988Sjohnlev				error = poweroff_vcpu(cp);
843e1988Sjohnlev			else
843e1988Sjohnlev				error = EBUSY;
843e1988Sjohnlev		}
843e1988Sjohnlev		mutex_exit(&cpu_lock);
843e1988Sjohnlev	} while (error == EBUSY);
843e1988Sjohnlev
843e1988Sjohnlev	return (error);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*
843e1988Sjohnlev * Add a new virtual cpu to the domain.
843e1988Sjohnlev */
843e1988Sjohnlevstatic int
843e1988Sjohnlevvcpu_config_new(processorid_t id)
843e1988Sjohnlev{
843e1988Sjohnlev	extern int start_cpu(processorid_t);
843e1988Sjohnlev	int error;
843e1988Sjohnlev
843e1988Sjohnlev	if (ncpus == 1) {
843e1988Sjohnlev		printf("cannot (yet) add cpus to a single-cpu domain\n");
843e1988Sjohnlev		return (ENOTSUP);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	affinity_set(CPU_CURRENT);
843e1988Sjohnlev	error = start_cpu(id);
843e1988Sjohnlev	affinity_clear();
843e1988Sjohnlev	return (error);
843e1988Sjohnlev}
843e1988Sjohnlev
1d03c31eSjohnlevstatic int
1d03c31eSjohnlevpoweron_vcpu(struct cpu *cp)
1d03c31eSjohnlev{
1d03c31eSjohnlev	int error;
1d03c31eSjohnlev
1d03c31eSjohnlev	ASSERT(MUTEX_HELD(&cpu_lock));
1d03c31eSjohnlev
1d03c31eSjohnlev	if (HYPERVISOR_vcpu_op(VCPUOP_is_up, cp->cpu_id, NULL) != 0) {
1d03c31eSjohnlev		printf("poweron_vcpu: vcpu%d is not available!\n",
1d03c31eSjohnlev		    cp->cpu_id);
1d03c31eSjohnlev		return (ENXIO);
1d03c31eSjohnlev	}
1d03c31eSjohnlev
1d03c31eSjohnlev	if ((error = xen_vcpu_up(cp->cpu_id)) == 0) {
1d03c31eSjohnlev		CPUSET_ADD(cpu_ready_set, cp->cpu_id);
1d03c31eSjohnlev		cp->cpu_flags |= CPU_EXISTS | CPU_READY | CPU_RUNNING;
1d03c31eSjohnlev		cp->cpu_flags &= ~CPU_POWEROFF;
1d03c31eSjohnlev		/*
1d03c31eSjohnlev		 * There are some nasty races possible here.
1d03c31eSjohnlev		 * Tell the vcpu it's up one more time.
1d03c31eSjohnlev		 * XXPV	Is this enough?  Is this safe?
1d03c31eSjohnlev		 */
1d03c31eSjohnlev		(void) xen_vcpu_up(cp->cpu_id);
1d03c31eSjohnlev
1d03c31eSjohnlev		cpu_phase[cp->cpu_id] = CPU_PHASE_NONE;
1d03c31eSjohnlev
1d03c31eSjohnlev		cpu_set_state(cp);
1d03c31eSjohnlev	}
1d03c31eSjohnlev	return (error);
1d03c31eSjohnlev}
1d03c31eSjohnlev
843e1988Sjohnlevstatic int
843e1988Sjohnlevvcpu_config_poweron(processorid_t id)
843e1988Sjohnlev{
843e1988Sjohnlev	cpu_t *cp;
843e1988Sjohnlev	int oldstate;
843e1988Sjohnlev	int error;
843e1988Sjohnlev
843e1988Sjohnlev	if (id >= ncpus)
843e1988Sjohnlev		return (vcpu_config_new(id));
843e1988Sjohnlev
843e1988Sjohnlev	mutex_enter(&cpu_lock);
843e1988Sjohnlev
843e1988Sjohnlev	if ((cp = cpu_get(id)) == NULL) {
843e1988Sjohnlev		mutex_exit(&cpu_lock);
843e1988Sjohnlev		return (ESRCH);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	if (cpu_get_state(cp) != P_POWEROFF) {
843e1988Sjohnlev		mutex_exit(&cpu_lock);
843e1988Sjohnlev		return (0);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	if ((error = poweron_vcpu(cp)) != 0) {
843e1988Sjohnlev		mutex_exit(&cpu_lock);
843e1988Sjohnlev		return (error);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	mutex_exit(&cpu_lock);
843e1988Sjohnlev
843e1988Sjohnlev	return (p_online_internal(id, P_ONLINE, &oldstate));
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev#define	REPORT_LEN	128
843e1988Sjohnlev
843e1988Sjohnlevstatic void
843e1988Sjohnlevvcpu_config_report(processorid_t id, uint_t newstate, int error)
843e1988Sjohnlev{
843e1988Sjohnlev	char *report = kmem_alloc(REPORT_LEN, KM_SLEEP);
843e1988Sjohnlev	size_t len;
843e1988Sjohnlev	char *ps;
843e1988Sjohnlev
2a9992ecSToomas Soome	ps = NULL;
843e1988Sjohnlev	switch (newstate) {
843e1988Sjohnlev	case P_ONLINE:
843e1988Sjohnlev		ps = PS_ONLINE;
843e1988Sjohnlev		break;
843e1988Sjohnlev	case P_POWEROFF:
843e1988Sjohnlev		ps = PS_POWEROFF;
843e1988Sjohnlev		break;
843e1988Sjohnlev	default:
843e1988Sjohnlev		cmn_err(CE_PANIC, "unknown state %u\n", newstate);
843e1988Sjohnlev		break;
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	len = snprintf(report, REPORT_LEN,
843e1988Sjohnlev	    "cpu%d: externally initiated %s", id, ps);
843e1988Sjohnlev
843e1988Sjohnlev	if (!error) {
843e1988Sjohnlev		cmn_err(CE_CONT, "!%s\n", report);
843e1988Sjohnlev		kmem_free(report, REPORT_LEN);
843e1988Sjohnlev		return;
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	len += snprintf(report + len, REPORT_LEN - len,
843e1988Sjohnlev	    " failed, error %d: ", error);
843e1988Sjohnlev	switch (error) {
843e1988Sjohnlev	case EEXIST:
843e1988Sjohnlev		len += snprintf(report + len, REPORT_LEN - len,
843e1988Sjohnlev		    "cpu already %s", ps ? ps : "?");
843e1988Sjohnlev		break;
843e1988Sjohnlev	case ESRCH:
843e1988Sjohnlev		len += snprintf(report + len, REPORT_LEN - len,
843e1988Sjohnlev		    "cpu not found");
843e1988Sjohnlev		break;
843e1988Sjohnlev	case EINVAL:
843e1988Sjohnlev	case EALREADY:
843e1988Sjohnlev		break;
843e1988Sjohnlev	case EPERM:
843e1988Sjohnlev		len += snprintf(report + len, REPORT_LEN - len,
843e1988Sjohnlev		    "insufficient privilege (0x%x)", id);
843e1988Sjohnlev		break;
843e1988Sjohnlev	case EBUSY:
843e1988Sjohnlev		switch (newstate) {
843e1988Sjohnlev		case P_ONLINE:
843e1988Sjohnlev			/*
843e1988Sjohnlev			 * This return comes from mp_cpu_start -
843e1988Sjohnlev			 * we cannot 'start' the boot CPU.
843e1988Sjohnlev			 */
843e1988Sjohnlev			len += snprintf(report + len, REPORT_LEN - len,
843e1988Sjohnlev			    "already running");
843e1988Sjohnlev			break;
843e1988Sjohnlev		case P_POWEROFF:
843e1988Sjohnlev			len += snprintf(report + len, REPORT_LEN - len,
843e1988Sjohnlev			    "bound lwps?");
843e1988Sjohnlev			break;
843e1988Sjohnlev		default:
843e1988Sjohnlev			break;
843e1988Sjohnlev		}
843e1988Sjohnlev	default:
843e1988Sjohnlev		break;
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	cmn_err(CE_CONT, "%s\n", report);
843e1988Sjohnlev	kmem_free(report, REPORT_LEN);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevstatic void
843e1988Sjohnlevvcpu_config(void *arg)
843e1988Sjohnlev{
843e1988Sjohnlev	int id = (int)(uintptr_t)arg;
843e1988Sjohnlev	int error;
843e1988Sjohnlev	char dir[16];
843e1988Sjohnlev	char *state;
843e1988Sjohnlev
843e1988Sjohnlev	if ((uint_t)id >= max_ncpus) {
843e1988Sjohnlev		cmn_err(CE_WARN,
843e1988Sjohnlev		    "vcpu_config: cpu%d does not fit in this domain", id);
843e1988Sjohnlev		return;
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	(void) snprintf(dir, sizeof (dir), "cpu/%d", id);
843e1988Sjohnlev	state = kmem_alloc(MAXPATHLEN, KM_SLEEP);
843e1988Sjohnlev	if (xenbus_scanf(XBT_NULL, dir, "availability", "%s", state) == 0) {
843e1988Sjohnlev		if (strcmp(state, "online") == 0) {
843e1988Sjohnlev			error = vcpu_config_poweron(id);
843e1988Sjohnlev			vcpu_config_report(id, P_ONLINE, error);
843e1988Sjohnlev		} else if (strcmp(state, "offline") == 0) {
843e1988Sjohnlev			error = vcpu_config_poweroff(id);
843e1988Sjohnlev			vcpu_config_report(id, P_POWEROFF, error);
843e1988Sjohnlev		} else {
843e1988Sjohnlev			cmn_err(CE_WARN,
843e1988Sjohnlev			    "cpu%d: unknown target state '%s'", id, state);
843e1988Sjohnlev		}
843e1988Sjohnlev	} else
843e1988Sjohnlev		cmn_err(CE_WARN,
843e1988Sjohnlev		    "cpu%d: unable to read target state from xenstore", id);
843e1988Sjohnlev
843e1988Sjohnlev	kmem_free(state, MAXPATHLEN);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlev/*ARGSUSED*/
843e1988Sjohnlevstatic void
843e1988Sjohnlevvcpu_config_event(struct xenbus_watch *watch, const char **vec, uint_t len)
843e1988Sjohnlev{
843e1988Sjohnlev	const char *path = vec[XS_WATCH_PATH];
843e1988Sjohnlev	processorid_t id;
843e1988Sjohnlev	char *s;
843e1988Sjohnlev
843e1988Sjohnlev	if ((s = strstr(path, "cpu/")) != NULL &&
843e1988Sjohnlev	    sscanf(s, "cpu/%d", &id) == 1) {
843e1988Sjohnlev		/*
843e1988Sjohnlev		 * Run the virtual CPU configuration on a separate thread to
843e1988Sjohnlev		 * avoid blocking on this event for too long (and for now,
843e1988Sjohnlev		 * to ensure configuration requests are serialized.)
843e1988Sjohnlev		 */
843e1988Sjohnlev		(void) taskq_dispatch(cpu_config_tq,
843e1988Sjohnlev		    vcpu_config, (void *)(uintptr_t)id, 0);
843e1988Sjohnlev	}
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevstatic int
843e1988Sjohnlevxen_vcpu_initialize(processorid_t id, vcpu_guest_context_t *vgc)
843e1988Sjohnlev{
843e1988Sjohnlev	int err;
843e1988Sjohnlev
843e1988Sjohnlev	if ((err = HYPERVISOR_vcpu_op(VCPUOP_initialise, id, vgc)) != 0) {
843e1988Sjohnlev		char *str;
843e1988Sjohnlev		int level = CE_WARN;
843e1988Sjohnlev
843e1988Sjohnlev		switch (err) {
843e1988Sjohnlev		case -X_EINVAL:
843e1988Sjohnlev			/*
843e1988Sjohnlev			 * This interface squashes multiple error sources
843e1988Sjohnlev			 * to one error code.  In particular, an X_EINVAL
843e1988Sjohnlev			 * code can mean:
843e1988Sjohnlev			 *
843e1988Sjohnlev			 * -	the vcpu id is out of range
843e1988Sjohnlev			 * -	cs or ss are in ring 0
843e1988Sjohnlev			 * -	cr3 is wrong
843e1988Sjohnlev			 * -	an entry in the new gdt is above the
843e1988Sjohnlev			 *	reserved entry
843e1988Sjohnlev			 * -	a frame underneath the new gdt is bad
843e1988Sjohnlev			 */
843e1988Sjohnlev			str = "something is wrong :(";
843e1988Sjohnlev			break;
843e1988Sjohnlev		case -X_ENOENT:
843e1988Sjohnlev			str = "no such cpu";
843e1988Sjohnlev			break;
843e1988Sjohnlev		case -X_ENOMEM:
843e1988Sjohnlev			str = "no mem to copy ctxt";
843e1988Sjohnlev			break;
843e1988Sjohnlev		case -X_EFAULT:
843e1988Sjohnlev			str = "bad address";
843e1988Sjohnlev			break;
843e1988Sjohnlev		case -X_EEXIST:
843e1988Sjohnlev			/*
843e1988Sjohnlev			 * Hmm.  This error is returned if the vcpu has already
843e1988Sjohnlev			 * been initialized once before in the lifetime of this
843e1988Sjohnlev			 * domain.  This is a logic error in the kernel.
843e1988Sjohnlev			 */
843e1988Sjohnlev			level = CE_PANIC;
843e1988Sjohnlev			str = "already initialized";
843e1988Sjohnlev			break;
843e1988Sjohnlev		default:
843e1988Sjohnlev			level = CE_PANIC;
843e1988Sjohnlev			str = "<unexpected>";
843e1988Sjohnlev			break;
843e1988Sjohnlev		}
843e1988Sjohnlev
843e1988Sjohnlev		cmn_err(level, "vcpu%d: failed to init: error %d: %s",
843e1988Sjohnlev		    id, -err, str);
843e1988Sjohnlev	}
843e1988Sjohnlev	return (err);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevlong
843e1988Sjohnlevxen_vcpu_up(processorid_t id)
843e1988Sjohnlev{
843e1988Sjohnlev	long err;
843e1988Sjohnlev
843e1988Sjohnlev	if ((err = HYPERVISOR_vcpu_op(VCPUOP_up, id, NULL)) != 0) {
843e1988Sjohnlev		char *str;
843e1988Sjohnlev
843e1988Sjohnlev		switch (err) {
843e1988Sjohnlev		case -X_ENOENT:
843e1988Sjohnlev			str = "no such cpu";
843e1988Sjohnlev			break;
843e1988Sjohnlev		case -X_EINVAL:
843e1988Sjohnlev			/*
843e1988Sjohnlev			 * Perhaps this is diagnostic overkill.
843e1988Sjohnlev			 */
843e1988Sjohnlev			if (HYPERVISOR_vcpu_op(VCPUOP_is_up, id, NULL) < 0)
843e1988Sjohnlev				str = "bad cpuid";
843e1988Sjohnlev			else
843e1988Sjohnlev				str = "not initialized";
843e1988Sjohnlev			break;
843e1988Sjohnlev		default:
843e1988Sjohnlev			str = "<unexpected>";
843e1988Sjohnlev			break;
843e1988Sjohnlev		}
843e1988Sjohnlev
843e1988Sjohnlev		printf("vcpu%d: failed to start: error %d: %s\n",
843e1988Sjohnlev		    id, -(int)err, str);
843e1988Sjohnlev		return (EBFONT);	/* deliberately silly */
843e1988Sjohnlev	}
843e1988Sjohnlev	return (err);
843e1988Sjohnlev}
843e1988Sjohnlev
843e1988Sjohnlevlong
843e1988Sjohnlevxen_vcpu_down(processorid_t id)
843e1988Sjohnlev{
843e1988Sjohnlev	long err;
843e1988Sjohnlev
843e1988Sjohnlev	if ((err = HYPERVISOR_vcpu_op(VCPUOP_down, id, NULL)) != 0) {
843e1988Sjohnlev		/*
843e1988Sjohnlev		 * X_ENOENT:	no such cpu
843e1988Sjohnlev		 * X_EINVAL:	bad cpuid
843e1988Sjohnlev		 */
843e1988Sjohnlev		panic("vcpu%d: failed to stop: error %d", id, -(int)err);
843e1988Sjohnlev	}
843e1988Sjohnlev
843e1988Sjohnlev	return (err);
843e1988Sjohnlev}