1/* Copyright (C) 2009 Red Hat, Inc. 2 * Author: Michael S. Tsirkin <mst@redhat.com> 3 * 4 * This work is licensed under the terms of the GNU GPL, version 2. 5 * 6 * virtio-net server in host kernel. 7 */ 8 9#include <linux/compat.h> 10#include <linux/eventfd.h> 11#include <linux/vhost.h> 12#include <linux/virtio_net.h> 13#include <linux/miscdevice.h> 14#include <linux/module.h> 15#include <linux/moduleparam.h> 16#include <linux/mutex.h> 17#include <linux/workqueue.h> 18#include <linux/file.h> 19#include <linux/slab.h> 20#include <linux/vmalloc.h> 21 22#include <linux/net.h> 23#include <linux/if_packet.h> 24#include <linux/if_arp.h> 25#include <linux/if_tun.h> 26#include <linux/if_macvlan.h> 27#include <linux/if_vlan.h> 28 29#include <net/sock.h> 30 31#include "vhost.h" 32 33static int experimental_zcopytx = 1; 34module_param(experimental_zcopytx, int, 0444); 35MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;" 36 " 1 -Enable; 0 - Disable"); 37 38/* Max number of bytes transferred before requeueing the job. 39 * Using this limit prevents one virtqueue from starving others. */ 40#define VHOST_NET_WEIGHT 0x80000 41 42/* MAX number of TX used buffers for outstanding zerocopy */ 43#define VHOST_MAX_PEND 128 44#define VHOST_GOODCOPY_LEN 256 45 46/* 47 * For transmit, used buffer len is unused; we override it to track buffer 48 * status internally; used for zerocopy tx only. 49 */ 50/* Lower device DMA failed */ 51#define VHOST_DMA_FAILED_LEN ((__force __virtio32)3) 52/* Lower device DMA done */ 53#define VHOST_DMA_DONE_LEN ((__force __virtio32)2) 54/* Lower device DMA in progress */ 55#define VHOST_DMA_IN_PROGRESS ((__force __virtio32)1) 56/* Buffer unused */ 57#define VHOST_DMA_CLEAR_LEN ((__force __virtio32)0) 58 59#define VHOST_DMA_IS_DONE(len) ((__force u32)(len) >= (__force u32)VHOST_DMA_DONE_LEN) 60 61enum { 62 VHOST_NET_FEATURES = VHOST_FEATURES | 63 (1ULL << VHOST_NET_F_VIRTIO_NET_HDR) | 64 (1ULL << VIRTIO_NET_F_MRG_RXBUF) | 65 (1ULL << VIRTIO_F_VERSION_1), 66}; 67 68enum { 69 VHOST_NET_VQ_RX = 0, 70 VHOST_NET_VQ_TX = 1, 71 VHOST_NET_VQ_MAX = 2, 72}; 73 74struct vhost_net_ubuf_ref { 75 /* refcount follows semantics similar to kref: 76 * 0: object is released 77 * 1: no outstanding ubufs 78 * >1: outstanding ubufs 79 */ 80 atomic_t refcount; 81 wait_queue_head_t wait; 82 struct vhost_virtqueue *vq; 83}; 84 85struct vhost_net_virtqueue { 86 struct vhost_virtqueue vq; 87 size_t vhost_hlen; 88 size_t sock_hlen; 89 /* vhost zerocopy support fields below: */ 90 /* last used idx for outstanding DMA zerocopy buffers */ 91 int upend_idx; 92 /* first used idx for DMA done zerocopy buffers */ 93 int done_idx; 94 /* an array of userspace buffers info */ 95 struct ubuf_info *ubuf_info; 96 /* Reference counting for outstanding ubufs. 97 * Protected by vq mutex. Writers must also take device mutex. */ 98 struct vhost_net_ubuf_ref *ubufs; 99}; 100 101struct vhost_net { 102 struct vhost_dev dev; 103 struct vhost_net_virtqueue vqs[VHOST_NET_VQ_MAX]; 104 struct vhost_poll poll[VHOST_NET_VQ_MAX]; 105 /* Number of TX recently submitted. 106 * Protected by tx vq lock. */ 107 unsigned tx_packets; 108 /* Number of times zerocopy TX recently failed. 109 * Protected by tx vq lock. */ 110 unsigned tx_zcopy_err; 111 /* Flush in progress. Protected by tx vq lock. */ 112 bool tx_flush; 113}; 114 115static unsigned vhost_net_zcopy_mask __read_mostly; 116 117static void vhost_net_enable_zcopy(int vq) 118{ 119 vhost_net_zcopy_mask |= 0x1 << vq; 120} 121 122static struct vhost_net_ubuf_ref * 123vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) 124{ 125 struct vhost_net_ubuf_ref *ubufs; 126 /* No zero copy backend? Nothing to count. */ 127 if (!zcopy) 128 return NULL; 129 ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL); 130 if (!ubufs) 131 return ERR_PTR(-ENOMEM); 132 atomic_set(&ubufs->refcount, 1); 133 init_waitqueue_head(&ubufs->wait); 134 ubufs->vq = vq; 135 return ubufs; 136} 137 138static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs) 139{ 140 int r = atomic_sub_return(1, &ubufs->refcount); 141 if (unlikely(!r)) 142 wake_up(&ubufs->wait); 143 return r; 144} 145 146static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) 147{ 148 vhost_net_ubuf_put(ubufs); 149 wait_event(ubufs->wait, !atomic_read(&ubufs->refcount)); 150} 151 152static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) 153{ 154 vhost_net_ubuf_put_and_wait(ubufs); 155 kfree(ubufs); 156} 157 158static void vhost_net_clear_ubuf_info(struct vhost_net *n) 159{ 160 int i; 161 162 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 163 kfree(n->vqs[i].ubuf_info); 164 n->vqs[i].ubuf_info = NULL; 165 } 166} 167 168static int vhost_net_set_ubuf_info(struct vhost_net *n) 169{ 170 bool zcopy; 171 int i; 172 173 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 174 zcopy = vhost_net_zcopy_mask & (0x1 << i); 175 if (!zcopy) 176 continue; 177 n->vqs[i].ubuf_info = kmalloc(sizeof(*n->vqs[i].ubuf_info) * 178 UIO_MAXIOV, GFP_KERNEL); 179 if (!n->vqs[i].ubuf_info) 180 goto err; 181 } 182 return 0; 183 184err: 185 vhost_net_clear_ubuf_info(n); 186 return -ENOMEM; 187} 188 189static void vhost_net_vq_reset(struct vhost_net *n) 190{ 191 int i; 192 193 vhost_net_clear_ubuf_info(n); 194 195 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 196 n->vqs[i].done_idx = 0; 197 n->vqs[i].upend_idx = 0; 198 n->vqs[i].ubufs = NULL; 199 n->vqs[i].vhost_hlen = 0; 200 n->vqs[i].sock_hlen = 0; 201 } 202 203} 204 205static void vhost_net_tx_packet(struct vhost_net *net) 206{ 207 ++net->tx_packets; 208 if (net->tx_packets < 1024) 209 return; 210 net->tx_packets = 0; 211 net->tx_zcopy_err = 0; 212} 213 214static void vhost_net_tx_err(struct vhost_net *net) 215{ 216 ++net->tx_zcopy_err; 217} 218 219static bool vhost_net_tx_select_zcopy(struct vhost_net *net) 220{ 221 /* TX flush waits for outstanding DMAs to be done. 222 * Don't start new DMAs. 223 */ 224 return !net->tx_flush && 225 net->tx_packets / 64 >= net->tx_zcopy_err; 226} 227 228static bool vhost_sock_zcopy(struct socket *sock) 229{ 230 return unlikely(experimental_zcopytx) && 231 sock_flag(sock->sk, SOCK_ZEROCOPY); 232} 233 234/* In case of DMA done not in order in lower device driver for some reason. 235 * upend_idx is used to track end of used idx, done_idx is used to track head 236 * of used idx. Once lower device DMA done contiguously, we will signal KVM 237 * guest used idx. 238 */ 239static void vhost_zerocopy_signal_used(struct vhost_net *net, 240 struct vhost_virtqueue *vq) 241{ 242 struct vhost_net_virtqueue *nvq = 243 container_of(vq, struct vhost_net_virtqueue, vq); 244 int i, add; 245 int j = 0; 246 247 for (i = nvq->done_idx; i != nvq->upend_idx; i = (i + 1) % UIO_MAXIOV) { 248 if (vq->heads[i].len == VHOST_DMA_FAILED_LEN) 249 vhost_net_tx_err(net); 250 if (VHOST_DMA_IS_DONE(vq->heads[i].len)) { 251 vq->heads[i].len = VHOST_DMA_CLEAR_LEN; 252 ++j; 253 } else 254 break; 255 } 256 while (j) { 257 add = min(UIO_MAXIOV - nvq->done_idx, j); 258 vhost_add_used_and_signal_n(vq->dev, vq, 259 &vq->heads[nvq->done_idx], add); 260 nvq->done_idx = (nvq->done_idx + add) % UIO_MAXIOV; 261 j -= add; 262 } 263} 264 265static void vhost_zerocopy_callback(struct ubuf_info *ubuf, bool success) 266{ 267 struct vhost_net_ubuf_ref *ubufs = ubuf->ctx; 268 struct vhost_virtqueue *vq = ubufs->vq; 269 int cnt; 270 271 rcu_read_lock_bh(); 272 273 /* set len to mark this desc buffers done DMA */ 274 vq->heads[ubuf->desc].len = success ? 275 VHOST_DMA_DONE_LEN : VHOST_DMA_FAILED_LEN; 276 cnt = vhost_net_ubuf_put(ubufs); 277 278 /* 279 * Trigger polling thread if guest stopped submitting new buffers: 280 * in this case, the refcount after decrement will eventually reach 1. 281 * We also trigger polling periodically after each 16 packets 282 * (the value 16 here is more or less arbitrary, it's tuned to trigger 283 * less than 10% of times). 284 */ 285 if (cnt <= 1 || !(cnt % 16)) 286 vhost_poll_queue(&vq->poll); 287 288 rcu_read_unlock_bh(); 289} 290 291/* Expects to be always run from workqueue - which acts as 292 * read-size critical section for our kind of RCU. */ 293static void handle_tx(struct vhost_net *net) 294{ 295 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX]; 296 struct vhost_virtqueue *vq = &nvq->vq; 297 unsigned out, in; 298 int head; 299 struct msghdr msg = { 300 .msg_name = NULL, 301 .msg_namelen = 0, 302 .msg_control = NULL, 303 .msg_controllen = 0, 304 .msg_flags = MSG_DONTWAIT, 305 }; 306 size_t len, total_len = 0; 307 int err; 308 size_t hdr_size; 309 struct socket *sock; 310 struct vhost_net_ubuf_ref *uninitialized_var(ubufs); 311 bool zcopy, zcopy_used; 312 313 mutex_lock(&vq->mutex); 314 sock = vq->private_data; 315 if (!sock) 316 goto out; 317 318 vhost_disable_notify(&net->dev, vq); 319 320 hdr_size = nvq->vhost_hlen; 321 zcopy = nvq->ubufs; 322 323 for (;;) { 324 /* Release DMAs done buffers first */ 325 if (zcopy) 326 vhost_zerocopy_signal_used(net, vq); 327 328 /* If more outstanding DMAs, queue the work. 329 * Handle upend_idx wrap around 330 */ 331 if (unlikely((nvq->upend_idx + vq->num - VHOST_MAX_PEND) 332 % UIO_MAXIOV == nvq->done_idx)) 333 break; 334 335 head = vhost_get_vq_desc(vq, vq->iov, 336 ARRAY_SIZE(vq->iov), 337 &out, &in, 338 NULL, NULL); 339 /* On error, stop handling until the next kick. */ 340 if (unlikely(head < 0)) 341 break; 342 /* Nothing new? Wait for eventfd to tell us they refilled. */ 343 if (head == vq->num) { 344 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 345 vhost_disable_notify(&net->dev, vq); 346 continue; 347 } 348 break; 349 } 350 if (in) { 351 vq_err(vq, "Unexpected descriptor format for TX: " 352 "out %d, int %d\n", out, in); 353 break; 354 } 355 /* Skip header. TODO: support TSO. */ 356 len = iov_length(vq->iov, out); 357 iov_iter_init(&msg.msg_iter, WRITE, vq->iov, out, len); 358 iov_iter_advance(&msg.msg_iter, hdr_size); 359 /* Sanity check */ 360 if (!msg_data_left(&msg)) { 361 vq_err(vq, "Unexpected header len for TX: " 362 "%zd expected %zd\n", 363 len, hdr_size); 364 break; 365 } 366 len = msg_data_left(&msg); 367 368 zcopy_used = zcopy && len >= VHOST_GOODCOPY_LEN 369 && (nvq->upend_idx + 1) % UIO_MAXIOV != 370 nvq->done_idx 371 && vhost_net_tx_select_zcopy(net); 372 373 /* use msg_control to pass vhost zerocopy ubuf info to skb */ 374 if (zcopy_used) { 375 struct ubuf_info *ubuf; 376 ubuf = nvq->ubuf_info + nvq->upend_idx; 377 378 vq->heads[nvq->upend_idx].id = cpu_to_vhost32(vq, head); 379 vq->heads[nvq->upend_idx].len = VHOST_DMA_IN_PROGRESS; 380 ubuf->callback = vhost_zerocopy_callback; 381 ubuf->ctx = nvq->ubufs; 382 ubuf->desc = nvq->upend_idx; 383 msg.msg_control = ubuf; 384 msg.msg_controllen = sizeof(ubuf); 385 ubufs = nvq->ubufs; 386 atomic_inc(&ubufs->refcount); 387 nvq->upend_idx = (nvq->upend_idx + 1) % UIO_MAXIOV; 388 } else { 389 msg.msg_control = NULL; 390 ubufs = NULL; 391 } 392 /* TODO: Check specific error and bomb out unless ENOBUFS? */ 393 err = sock->ops->sendmsg(sock, &msg, len); 394 if (unlikely(err < 0)) { 395 if (zcopy_used) { 396 vhost_net_ubuf_put(ubufs); 397 nvq->upend_idx = ((unsigned)nvq->upend_idx - 1) 398 % UIO_MAXIOV; 399 } 400 vhost_discard_vq_desc(vq, 1); 401 break; 402 } 403 if (err != len) 404 pr_debug("Truncated TX packet: " 405 " len %d != %zd\n", err, len); 406 if (!zcopy_used) 407 vhost_add_used_and_signal(&net->dev, vq, head, 0); 408 else 409 vhost_zerocopy_signal_used(net, vq); 410 total_len += len; 411 vhost_net_tx_packet(net); 412 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 413 vhost_poll_queue(&vq->poll); 414 break; 415 } 416 } 417out: 418 mutex_unlock(&vq->mutex); 419} 420 421static int peek_head_len(struct sock *sk) 422{ 423 struct sk_buff *head; 424 int len = 0; 425 unsigned long flags; 426 427 spin_lock_irqsave(&sk->sk_receive_queue.lock, flags); 428 head = skb_peek(&sk->sk_receive_queue); 429 if (likely(head)) { 430 len = head->len; 431 if (skb_vlan_tag_present(head)) 432 len += VLAN_HLEN; 433 } 434 435 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, flags); 436 return len; 437} 438 439/* This is a multi-buffer version of vhost_get_desc, that works if 440 * vq has read descriptors only. 441 * @vq - the relevant virtqueue 442 * @datalen - data length we'll be reading 443 * @iovcount - returned count of io vectors we fill 444 * @log - vhost log 445 * @log_num - log offset 446 * @quota - headcount quota, 1 for big buffer 447 * returns number of buffer heads allocated, negative on error 448 */ 449static int get_rx_bufs(struct vhost_virtqueue *vq, 450 struct vring_used_elem *heads, 451 int datalen, 452 unsigned *iovcount, 453 struct vhost_log *log, 454 unsigned *log_num, 455 unsigned int quota) 456{ 457 unsigned int out, in; 458 int seg = 0; 459 int headcount = 0; 460 unsigned d; 461 int r, nlogs = 0; 462 /* len is always initialized before use since we are always called with 463 * datalen > 0. 464 */ 465 u32 uninitialized_var(len); 466 467 while (datalen > 0 && headcount < quota) { 468 if (unlikely(seg >= UIO_MAXIOV)) { 469 r = -ENOBUFS; 470 goto err; 471 } 472 r = vhost_get_vq_desc(vq, vq->iov + seg, 473 ARRAY_SIZE(vq->iov) - seg, &out, 474 &in, log, log_num); 475 if (unlikely(r < 0)) 476 goto err; 477 478 d = r; 479 if (d == vq->num) { 480 r = 0; 481 goto err; 482 } 483 if (unlikely(out || in <= 0)) { 484 vq_err(vq, "unexpected descriptor format for RX: " 485 "out %d, in %d\n", out, in); 486 r = -EINVAL; 487 goto err; 488 } 489 if (unlikely(log)) { 490 nlogs += *log_num; 491 log += *log_num; 492 } 493 heads[headcount].id = cpu_to_vhost32(vq, d); 494 len = iov_length(vq->iov + seg, in); 495 heads[headcount].len = cpu_to_vhost32(vq, len); 496 datalen -= len; 497 ++headcount; 498 seg += in; 499 } 500 heads[headcount - 1].len = cpu_to_vhost32(vq, len + datalen); 501 *iovcount = seg; 502 if (unlikely(log)) 503 *log_num = nlogs; 504 505 /* Detect overrun */ 506 if (unlikely(datalen > 0)) { 507 r = UIO_MAXIOV + 1; 508 goto err; 509 } 510 return headcount; 511err: 512 vhost_discard_vq_desc(vq, headcount); 513 return r; 514} 515 516/* Expects to be always run from workqueue - which acts as 517 * read-size critical section for our kind of RCU. */ 518static void handle_rx(struct vhost_net *net) 519{ 520 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX]; 521 struct vhost_virtqueue *vq = &nvq->vq; 522 unsigned uninitialized_var(in), log; 523 struct vhost_log *vq_log; 524 struct msghdr msg = { 525 .msg_name = NULL, 526 .msg_namelen = 0, 527 .msg_control = NULL, /* FIXME: get and handle RX aux data. */ 528 .msg_controllen = 0, 529 .msg_flags = MSG_DONTWAIT, 530 }; 531 struct virtio_net_hdr hdr = { 532 .flags = 0, 533 .gso_type = VIRTIO_NET_HDR_GSO_NONE 534 }; 535 size_t total_len = 0; 536 int err, mergeable; 537 s16 headcount; 538 size_t vhost_hlen, sock_hlen; 539 size_t vhost_len, sock_len; 540 struct socket *sock; 541 struct iov_iter fixup; 542 __virtio16 num_buffers; 543 544 mutex_lock(&vq->mutex); 545 sock = vq->private_data; 546 if (!sock) 547 goto out; 548 vhost_disable_notify(&net->dev, vq); 549 550 vhost_hlen = nvq->vhost_hlen; 551 sock_hlen = nvq->sock_hlen; 552 553 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ? 554 vq->log : NULL; 555 mergeable = vhost_has_feature(vq, VIRTIO_NET_F_MRG_RXBUF); 556 557 while ((sock_len = peek_head_len(sock->sk))) { 558 sock_len += sock_hlen; 559 vhost_len = sock_len + vhost_hlen; 560 headcount = get_rx_bufs(vq, vq->heads, vhost_len, 561 &in, vq_log, &log, 562 likely(mergeable) ? UIO_MAXIOV : 1); 563 /* On error, stop handling until the next kick. */ 564 if (unlikely(headcount < 0)) 565 break; 566 /* On overrun, truncate and discard */ 567 if (unlikely(headcount > UIO_MAXIOV)) { 568 iov_iter_init(&msg.msg_iter, READ, vq->iov, 1, 1); 569 err = sock->ops->recvmsg(sock, &msg, 570 1, MSG_DONTWAIT | MSG_TRUNC); 571 pr_debug("Discarded rx packet: len %zd\n", sock_len); 572 continue; 573 } 574 /* OK, now we need to know about added descriptors. */ 575 if (!headcount) { 576 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 577 /* They have slipped one in as we were 578 * doing that: check again. */ 579 vhost_disable_notify(&net->dev, vq); 580 continue; 581 } 582 /* Nothing new? Wait for eventfd to tell us 583 * they refilled. */ 584 break; 585 } 586 /* We don't need to be notified again. */ 587 iov_iter_init(&msg.msg_iter, READ, vq->iov, in, vhost_len); 588 fixup = msg.msg_iter; 589 if (unlikely((vhost_hlen))) { 590 /* We will supply the header ourselves 591 * TODO: support TSO. 592 */ 593 iov_iter_advance(&msg.msg_iter, vhost_hlen); 594 } 595 err = sock->ops->recvmsg(sock, &msg, 596 sock_len, MSG_DONTWAIT | MSG_TRUNC); 597 /* Userspace might have consumed the packet meanwhile: 598 * it's not supposed to do this usually, but might be hard 599 * to prevent. Discard data we got (if any) and keep going. */ 600 if (unlikely(err != sock_len)) { 601 pr_debug("Discarded rx packet: " 602 " len %d, expected %zd\n", err, sock_len); 603 vhost_discard_vq_desc(vq, headcount); 604 continue; 605 } 606 /* Supply virtio_net_hdr if VHOST_NET_F_VIRTIO_NET_HDR */ 607 if (unlikely(vhost_hlen)) { 608 if (copy_to_iter(&hdr, sizeof(hdr), 609 &fixup) != sizeof(hdr)) { 610 vq_err(vq, "Unable to write vnet_hdr " 611 "at addr %p\n", vq->iov->iov_base); 612 break; 613 } 614 } else { 615 /* Header came from socket; we'll need to patch 616 * ->num_buffers over if VIRTIO_NET_F_MRG_RXBUF 617 */ 618 iov_iter_advance(&fixup, sizeof(hdr)); 619 } 620 /* TODO: Should check and handle checksum. */ 621 622 num_buffers = cpu_to_vhost16(vq, headcount); 623 if (likely(mergeable) && 624 copy_to_iter(&num_buffers, sizeof num_buffers, 625 &fixup) != sizeof num_buffers) { 626 vq_err(vq, "Failed num_buffers write"); 627 vhost_discard_vq_desc(vq, headcount); 628 break; 629 } 630 vhost_add_used_and_signal_n(&net->dev, vq, vq->heads, 631 headcount); 632 if (unlikely(vq_log)) 633 vhost_log_write(vq, vq_log, log, vhost_len); 634 total_len += vhost_len; 635 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 636 vhost_poll_queue(&vq->poll); 637 break; 638 } 639 } 640out: 641 mutex_unlock(&vq->mutex); 642} 643 644static void handle_tx_kick(struct vhost_work *work) 645{ 646 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 647 poll.work); 648 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 649 650 handle_tx(net); 651} 652 653static void handle_rx_kick(struct vhost_work *work) 654{ 655 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 656 poll.work); 657 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 658 659 handle_rx(net); 660} 661 662static void handle_tx_net(struct vhost_work *work) 663{ 664 struct vhost_net *net = container_of(work, struct vhost_net, 665 poll[VHOST_NET_VQ_TX].work); 666 handle_tx(net); 667} 668 669static void handle_rx_net(struct vhost_work *work) 670{ 671 struct vhost_net *net = container_of(work, struct vhost_net, 672 poll[VHOST_NET_VQ_RX].work); 673 handle_rx(net); 674} 675 676static int vhost_net_open(struct inode *inode, struct file *f) 677{ 678 struct vhost_net *n; 679 struct vhost_dev *dev; 680 struct vhost_virtqueue **vqs; 681 int i; 682 683 n = kmalloc(sizeof *n, GFP_KERNEL | __GFP_NOWARN | __GFP_REPEAT); 684 if (!n) { 685 n = vmalloc(sizeof *n); 686 if (!n) 687 return -ENOMEM; 688 } 689 vqs = kmalloc(VHOST_NET_VQ_MAX * sizeof(*vqs), GFP_KERNEL); 690 if (!vqs) { 691 kvfree(n); 692 return -ENOMEM; 693 } 694 695 dev = &n->dev; 696 vqs[VHOST_NET_VQ_TX] = &n->vqs[VHOST_NET_VQ_TX].vq; 697 vqs[VHOST_NET_VQ_RX] = &n->vqs[VHOST_NET_VQ_RX].vq; 698 n->vqs[VHOST_NET_VQ_TX].vq.handle_kick = handle_tx_kick; 699 n->vqs[VHOST_NET_VQ_RX].vq.handle_kick = handle_rx_kick; 700 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 701 n->vqs[i].ubufs = NULL; 702 n->vqs[i].ubuf_info = NULL; 703 n->vqs[i].upend_idx = 0; 704 n->vqs[i].done_idx = 0; 705 n->vqs[i].vhost_hlen = 0; 706 n->vqs[i].sock_hlen = 0; 707 } 708 vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX); 709 710 vhost_poll_init(n->poll + VHOST_NET_VQ_TX, handle_tx_net, POLLOUT, dev); 711 vhost_poll_init(n->poll + VHOST_NET_VQ_RX, handle_rx_net, POLLIN, dev); 712 713 f->private_data = n; 714 715 return 0; 716} 717 718static void vhost_net_disable_vq(struct vhost_net *n, 719 struct vhost_virtqueue *vq) 720{ 721 struct vhost_net_virtqueue *nvq = 722 container_of(vq, struct vhost_net_virtqueue, vq); 723 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 724 if (!vq->private_data) 725 return; 726 vhost_poll_stop(poll); 727} 728 729static int vhost_net_enable_vq(struct vhost_net *n, 730 struct vhost_virtqueue *vq) 731{ 732 struct vhost_net_virtqueue *nvq = 733 container_of(vq, struct vhost_net_virtqueue, vq); 734 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 735 struct socket *sock; 736 737 sock = vq->private_data; 738 if (!sock) 739 return 0; 740 741 return vhost_poll_start(poll, sock->file); 742} 743 744static struct socket *vhost_net_stop_vq(struct vhost_net *n, 745 struct vhost_virtqueue *vq) 746{ 747 struct socket *sock; 748 749 mutex_lock(&vq->mutex); 750 sock = vq->private_data; 751 vhost_net_disable_vq(n, vq); 752 vq->private_data = NULL; 753 mutex_unlock(&vq->mutex); 754 return sock; 755} 756 757static void vhost_net_stop(struct vhost_net *n, struct socket **tx_sock, 758 struct socket **rx_sock) 759{ 760 *tx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_TX].vq); 761 *rx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_RX].vq); 762} 763 764static void vhost_net_flush_vq(struct vhost_net *n, int index) 765{ 766 vhost_poll_flush(n->poll + index); 767 vhost_poll_flush(&n->vqs[index].vq.poll); 768} 769 770static void vhost_net_flush(struct vhost_net *n) 771{ 772 vhost_net_flush_vq(n, VHOST_NET_VQ_TX); 773 vhost_net_flush_vq(n, VHOST_NET_VQ_RX); 774 if (n->vqs[VHOST_NET_VQ_TX].ubufs) { 775 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 776 n->tx_flush = true; 777 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 778 /* Wait for all lower device DMAs done. */ 779 vhost_net_ubuf_put_and_wait(n->vqs[VHOST_NET_VQ_TX].ubufs); 780 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 781 n->tx_flush = false; 782 atomic_set(&n->vqs[VHOST_NET_VQ_TX].ubufs->refcount, 1); 783 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 784 } 785} 786 787static int vhost_net_release(struct inode *inode, struct file *f) 788{ 789 struct vhost_net *n = f->private_data; 790 struct socket *tx_sock; 791 struct socket *rx_sock; 792 793 vhost_net_stop(n, &tx_sock, &rx_sock); 794 vhost_net_flush(n); 795 vhost_dev_stop(&n->dev); 796 vhost_dev_cleanup(&n->dev, false); 797 vhost_net_vq_reset(n); 798 if (tx_sock) 799 sockfd_put(tx_sock); 800 if (rx_sock) 801 sockfd_put(rx_sock); 802 /* Make sure no callbacks are outstanding */ 803 synchronize_rcu_bh(); 804 /* We do an extra flush before freeing memory, 805 * since jobs can re-queue themselves. */ 806 vhost_net_flush(n); 807 kfree(n->dev.vqs); 808 kvfree(n); 809 return 0; 810} 811 812static struct socket *get_raw_socket(int fd) 813{ 814 struct { 815 struct sockaddr_ll sa; 816 char buf[MAX_ADDR_LEN]; 817 } uaddr; 818 int uaddr_len = sizeof uaddr, r; 819 struct socket *sock = sockfd_lookup(fd, &r); 820 821 if (!sock) 822 return ERR_PTR(-ENOTSOCK); 823 824 /* Parameter checking */ 825 if (sock->sk->sk_type != SOCK_RAW) { 826 r = -ESOCKTNOSUPPORT; 827 goto err; 828 } 829 830 r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, 831 &uaddr_len, 0); 832 if (r) 833 goto err; 834 835 if (uaddr.sa.sll_family != AF_PACKET) { 836 r = -EPFNOSUPPORT; 837 goto err; 838 } 839 return sock; 840err: 841 sockfd_put(sock); 842 return ERR_PTR(r); 843} 844 845static struct socket *get_tap_socket(int fd) 846{ 847 struct file *file = fget(fd); 848 struct socket *sock; 849 850 if (!file) 851 return ERR_PTR(-EBADF); 852 sock = tun_get_socket(file); 853 if (!IS_ERR(sock)) 854 return sock; 855 sock = macvtap_get_socket(file); 856 if (IS_ERR(sock)) 857 fput(file); 858 return sock; 859} 860 861static struct socket *get_socket(int fd) 862{ 863 struct socket *sock; 864 865 /* special case to disable backend */ 866 if (fd == -1) 867 return NULL; 868 sock = get_raw_socket(fd); 869 if (!IS_ERR(sock)) 870 return sock; 871 sock = get_tap_socket(fd); 872 if (!IS_ERR(sock)) 873 return sock; 874 return ERR_PTR(-ENOTSOCK); 875} 876 877static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) 878{ 879 struct socket *sock, *oldsock; 880 struct vhost_virtqueue *vq; 881 struct vhost_net_virtqueue *nvq; 882 struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL; 883 int r; 884 885 mutex_lock(&n->dev.mutex); 886 r = vhost_dev_check_owner(&n->dev); 887 if (r) 888 goto err; 889 890 if (index >= VHOST_NET_VQ_MAX) { 891 r = -ENOBUFS; 892 goto err; 893 } 894 vq = &n->vqs[index].vq; 895 nvq = &n->vqs[index]; 896 mutex_lock(&vq->mutex); 897 898 /* Verify that ring has been setup correctly. */ 899 if (!vhost_vq_access_ok(vq)) { 900 r = -EFAULT; 901 goto err_vq; 902 } 903 sock = get_socket(fd); 904 if (IS_ERR(sock)) { 905 r = PTR_ERR(sock); 906 goto err_vq; 907 } 908 909 /* start polling new socket */ 910 oldsock = vq->private_data; 911 if (sock != oldsock) { 912 ubufs = vhost_net_ubuf_alloc(vq, 913 sock && vhost_sock_zcopy(sock)); 914 if (IS_ERR(ubufs)) { 915 r = PTR_ERR(ubufs); 916 goto err_ubufs; 917 } 918 919 vhost_net_disable_vq(n, vq); 920 vq->private_data = sock; 921 r = vhost_init_used(vq); 922 if (r) 923 goto err_used; 924 r = vhost_net_enable_vq(n, vq); 925 if (r) 926 goto err_used; 927 928 oldubufs = nvq->ubufs; 929 nvq->ubufs = ubufs; 930 931 n->tx_packets = 0; 932 n->tx_zcopy_err = 0; 933 n->tx_flush = false; 934 } 935 936 mutex_unlock(&vq->mutex); 937 938 if (oldubufs) { 939 vhost_net_ubuf_put_wait_and_free(oldubufs); 940 mutex_lock(&vq->mutex); 941 vhost_zerocopy_signal_used(n, vq); 942 mutex_unlock(&vq->mutex); 943 } 944 945 if (oldsock) { 946 vhost_net_flush_vq(n, index); 947 sockfd_put(oldsock); 948 } 949 950 mutex_unlock(&n->dev.mutex); 951 return 0; 952 953err_used: 954 vq->private_data = oldsock; 955 vhost_net_enable_vq(n, vq); 956 if (ubufs) 957 vhost_net_ubuf_put_wait_and_free(ubufs); 958err_ubufs: 959 sockfd_put(sock); 960err_vq: 961 mutex_unlock(&vq->mutex); 962err: 963 mutex_unlock(&n->dev.mutex); 964 return r; 965} 966 967static long vhost_net_reset_owner(struct vhost_net *n) 968{ 969 struct socket *tx_sock = NULL; 970 struct socket *rx_sock = NULL; 971 long err; 972 struct vhost_memory *memory; 973 974 mutex_lock(&n->dev.mutex); 975 err = vhost_dev_check_owner(&n->dev); 976 if (err) 977 goto done; 978 memory = vhost_dev_reset_owner_prepare(); 979 if (!memory) { 980 err = -ENOMEM; 981 goto done; 982 } 983 vhost_net_stop(n, &tx_sock, &rx_sock); 984 vhost_net_flush(n); 985 vhost_dev_reset_owner(&n->dev, memory); 986 vhost_net_vq_reset(n); 987done: 988 mutex_unlock(&n->dev.mutex); 989 if (tx_sock) 990 sockfd_put(tx_sock); 991 if (rx_sock) 992 sockfd_put(rx_sock); 993 return err; 994} 995 996static int vhost_net_set_features(struct vhost_net *n, u64 features) 997{ 998 size_t vhost_hlen, sock_hlen, hdr_len; 999 int i; 1000 1001 hdr_len = (features & ((1ULL << VIRTIO_NET_F_MRG_RXBUF) | 1002 (1ULL << VIRTIO_F_VERSION_1))) ? 1003 sizeof(struct virtio_net_hdr_mrg_rxbuf) : 1004 sizeof(struct virtio_net_hdr); 1005 if (features & (1 << VHOST_NET_F_VIRTIO_NET_HDR)) { 1006 /* vhost provides vnet_hdr */ 1007 vhost_hlen = hdr_len; 1008 sock_hlen = 0; 1009 } else { 1010 /* socket provides vnet_hdr */ 1011 vhost_hlen = 0; 1012 sock_hlen = hdr_len; 1013 } 1014 mutex_lock(&n->dev.mutex); 1015 if ((features & (1 << VHOST_F_LOG_ALL)) && 1016 !vhost_log_access_ok(&n->dev)) { 1017 mutex_unlock(&n->dev.mutex); 1018 return -EFAULT; 1019 } 1020 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 1021 mutex_lock(&n->vqs[i].vq.mutex); 1022 n->vqs[i].vq.acked_features = features; 1023 n->vqs[i].vhost_hlen = vhost_hlen; 1024 n->vqs[i].sock_hlen = sock_hlen; 1025 mutex_unlock(&n->vqs[i].vq.mutex); 1026 } 1027 mutex_unlock(&n->dev.mutex); 1028 return 0; 1029} 1030 1031static long vhost_net_set_owner(struct vhost_net *n) 1032{ 1033 int r; 1034 1035 mutex_lock(&n->dev.mutex); 1036 if (vhost_dev_has_owner(&n->dev)) { 1037 r = -EBUSY; 1038 goto out; 1039 } 1040 r = vhost_net_set_ubuf_info(n); 1041 if (r) 1042 goto out; 1043 r = vhost_dev_set_owner(&n->dev); 1044 if (r) 1045 vhost_net_clear_ubuf_info(n); 1046 vhost_net_flush(n); 1047out: 1048 mutex_unlock(&n->dev.mutex); 1049 return r; 1050} 1051 1052static long vhost_net_ioctl(struct file *f, unsigned int ioctl, 1053 unsigned long arg) 1054{ 1055 struct vhost_net *n = f->private_data; 1056 void __user *argp = (void __user *)arg; 1057 u64 __user *featurep = argp; 1058 struct vhost_vring_file backend; 1059 u64 features; 1060 int r; 1061 1062 switch (ioctl) { 1063 case VHOST_NET_SET_BACKEND: 1064 if (copy_from_user(&backend, argp, sizeof backend)) 1065 return -EFAULT; 1066 return vhost_net_set_backend(n, backend.index, backend.fd); 1067 case VHOST_GET_FEATURES: 1068 features = VHOST_NET_FEATURES; 1069 if (copy_to_user(featurep, &features, sizeof features)) 1070 return -EFAULT; 1071 return 0; 1072 case VHOST_SET_FEATURES: 1073 if (copy_from_user(&features, featurep, sizeof features)) 1074 return -EFAULT; 1075 if (features & ~VHOST_NET_FEATURES) 1076 return -EOPNOTSUPP; 1077 return vhost_net_set_features(n, features); 1078 case VHOST_RESET_OWNER: 1079 return vhost_net_reset_owner(n); 1080 case VHOST_SET_OWNER: 1081 return vhost_net_set_owner(n); 1082 default: 1083 mutex_lock(&n->dev.mutex); 1084 r = vhost_dev_ioctl(&n->dev, ioctl, argp); 1085 if (r == -ENOIOCTLCMD) 1086 r = vhost_vring_ioctl(&n->dev, ioctl, argp); 1087 else 1088 vhost_net_flush(n); 1089 mutex_unlock(&n->dev.mutex); 1090 return r; 1091 } 1092} 1093 1094#ifdef CONFIG_COMPAT 1095static long vhost_net_compat_ioctl(struct file *f, unsigned int ioctl, 1096 unsigned long arg) 1097{ 1098 return vhost_net_ioctl(f, ioctl, (unsigned long)compat_ptr(arg)); 1099} 1100#endif 1101 1102static const struct file_operations vhost_net_fops = { 1103 .owner = THIS_MODULE, 1104 .release = vhost_net_release, 1105 .unlocked_ioctl = vhost_net_ioctl, 1106#ifdef CONFIG_COMPAT 1107 .compat_ioctl = vhost_net_compat_ioctl, 1108#endif 1109 .open = vhost_net_open, 1110 .llseek = noop_llseek, 1111}; 1112 1113static struct miscdevice vhost_net_misc = { 1114 .minor = VHOST_NET_MINOR, 1115 .name = "vhost-net", 1116 .fops = &vhost_net_fops, 1117}; 1118 1119static int vhost_net_init(void) 1120{ 1121 if (experimental_zcopytx) 1122 vhost_net_enable_zcopy(VHOST_NET_VQ_TX); 1123 return misc_register(&vhost_net_misc); 1124} 1125module_init(vhost_net_init); 1126 1127static void vhost_net_exit(void) 1128{ 1129 misc_deregister(&vhost_net_misc); 1130} 1131module_exit(vhost_net_exit); 1132 1133MODULE_VERSION("0.0.1"); 1134MODULE_LICENSE("GPL v2"); 1135MODULE_AUTHOR("Michael S. Tsirkin"); 1136MODULE_DESCRIPTION("Host kernel accelerator for virtio net"); 1137MODULE_ALIAS_MISCDEV(VHOST_NET_MINOR); 1138MODULE_ALIAS("devname:vhost-net"); 1139