1 // SPDX-License-Identifier: GPL-2.0
2 /* Simple test of virtio code, entirely in userpsace. */
3 #define _GNU_SOURCE
4 #include <sched.h>
5 #include <err.h>
6 #include <linux/kernel.h>
7 #include <linux/err.h>
8 #include <linux/virtio.h>
9 #include <linux/vringh.h>
10 #include <linux/virtio_ring.h>
11 #include <linux/virtio_config.h>
12 #include <linux/uaccess.h>
13 #include <sys/types.h>
14 #include <sys/stat.h>
15 #include <sys/mman.h>
16 #include <sys/wait.h>
17 #include <fcntl.h>
18
19 #define USER_MEM (1024*1024)
20 void *__user_addr_min, *__user_addr_max;
21 void *__kmalloc_fake, *__kfree_ignore_start, *__kfree_ignore_end;
22 static u64 user_addr_offset;
23
24 #define RINGSIZE 256
25 #define ALIGN 4096
26
never_notify_host(struct virtqueue * vq)27 static bool never_notify_host(struct virtqueue *vq)
28 {
29 abort();
30 }
31
never_callback_guest(struct virtqueue * vq)32 static void never_callback_guest(struct virtqueue *vq)
33 {
34 abort();
35 }
36
getrange_iov(struct vringh * vrh,u64 addr,struct vringh_range * r)37 static bool getrange_iov(struct vringh *vrh, u64 addr, struct vringh_range *r)
38 {
39 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset)
40 return false;
41 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset)
42 return false;
43
44 r->start = (u64)(unsigned long)__user_addr_min - user_addr_offset;
45 r->end_incl = (u64)(unsigned long)__user_addr_max - 1 - user_addr_offset;
46 r->offset = user_addr_offset;
47 return true;
48 }
49
50 /* We return single byte ranges. */
getrange_slow(struct vringh * vrh,u64 addr,struct vringh_range * r)51 static bool getrange_slow(struct vringh *vrh, u64 addr, struct vringh_range *r)
52 {
53 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset)
54 return false;
55 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset)
56 return false;
57
58 r->start = addr;
59 r->end_incl = r->start;
60 r->offset = user_addr_offset;
61 return true;
62 }
63
64 struct guest_virtio_device {
65 struct virtio_device vdev;
66 int to_host_fd;
67 unsigned long notifies;
68 };
69
parallel_notify_host(struct virtqueue * vq)70 static bool parallel_notify_host(struct virtqueue *vq)
71 {
72 int rc;
73 struct guest_virtio_device *gvdev;
74
75 gvdev = container_of(vq->vdev, struct guest_virtio_device, vdev);
76 rc = write(gvdev->to_host_fd, "", 1);
77 if (rc < 0)
78 return false;
79 gvdev->notifies++;
80 return true;
81 }
82
no_notify_host(struct virtqueue * vq)83 static bool no_notify_host(struct virtqueue *vq)
84 {
85 return true;
86 }
87
88 #define NUM_XFERS (10000000)
89
90 /* We aim for two "distant" cpus. */
find_cpus(unsigned int * first,unsigned int * last)91 static void find_cpus(unsigned int *first, unsigned int *last)
92 {
93 unsigned int i;
94
95 *first = -1U;
96 *last = 0;
97 for (i = 0; i < 4096; i++) {
98 cpu_set_t set;
99 CPU_ZERO(&set);
100 CPU_SET(i, &set);
101 if (sched_setaffinity(getpid(), sizeof(set), &set) == 0) {
102 if (i < *first)
103 *first = i;
104 if (i > *last)
105 *last = i;
106 }
107 }
108 }
109
110 /* Opencoded version for fast mode */
vringh_get_head(struct vringh * vrh,u16 * head)111 static inline int vringh_get_head(struct vringh *vrh, u16 *head)
112 {
113 u16 avail_idx, i;
114 int err;
115
116 err = get_user(avail_idx, &vrh->vring.avail->idx);
117 if (err)
118 return err;
119
120 if (vrh->last_avail_idx == avail_idx)
121 return 0;
122
123 /* Only get avail ring entries after they have been exposed by guest. */
124 virtio_rmb(vrh->weak_barriers);
125
126 i = vrh->last_avail_idx & (vrh->vring.num - 1);
127
128 err = get_user(*head, &vrh->vring.avail->ring[i]);
129 if (err)
130 return err;
131
132 vrh->last_avail_idx++;
133 return 1;
134 }
135
parallel_test(u64 features,bool (* getrange)(struct vringh * vrh,u64 addr,struct vringh_range * r),bool fast_vringh)136 static int parallel_test(u64 features,
137 bool (*getrange)(struct vringh *vrh,
138 u64 addr, struct vringh_range *r),
139 bool fast_vringh)
140 {
141 void *host_map, *guest_map;
142 int pipe_ret, fd, mapsize, to_guest[2], to_host[2];
143 unsigned long xfers = 0, notifies = 0, receives = 0;
144 unsigned int first_cpu, last_cpu;
145 cpu_set_t cpu_set;
146 char buf[128];
147
148 /* Create real file to mmap. */
149 fd = open("/tmp/vringh_test-file", O_RDWR|O_CREAT|O_TRUNC, 0600);
150 if (fd < 0)
151 err(1, "Opening /tmp/vringh_test-file");
152
153 /* Extra room at the end for some data, and indirects */
154 mapsize = vring_size(RINGSIZE, ALIGN)
155 + RINGSIZE * 2 * sizeof(int)
156 + RINGSIZE * 6 * sizeof(struct vring_desc);
157 mapsize = (mapsize + getpagesize() - 1) & ~(getpagesize() - 1);
158 ftruncate(fd, mapsize);
159
160 /* Parent and child use separate addresses, to check our mapping logic! */
161 host_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
162 guest_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
163
164 pipe_ret = pipe(to_guest);
165 assert(!pipe_ret);
166
167 pipe_ret = pipe(to_host);
168 assert(!pipe_ret);
169
170 CPU_ZERO(&cpu_set);
171 find_cpus(&first_cpu, &last_cpu);
172 printf("Using CPUS %u and %u\n", first_cpu, last_cpu);
173 fflush(stdout);
174
175 if (fork() != 0) {
176 struct vringh vrh;
177 int status, err, rlen = 0;
178 char rbuf[5];
179
180 /* We are the host: never access guest addresses! */
181 munmap(guest_map, mapsize);
182
183 __user_addr_min = host_map;
184 __user_addr_max = __user_addr_min + mapsize;
185 user_addr_offset = host_map - guest_map;
186 assert(user_addr_offset);
187
188 close(to_guest[0]);
189 close(to_host[1]);
190
191 vring_init(&vrh.vring, RINGSIZE, host_map, ALIGN);
192 vringh_init_user(&vrh, features, RINGSIZE, true,
193 vrh.vring.desc, vrh.vring.avail, vrh.vring.used);
194 CPU_SET(first_cpu, &cpu_set);
195 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set))
196 errx(1, "Could not set affinity to cpu %u", first_cpu);
197
198 while (xfers < NUM_XFERS) {
199 struct iovec host_riov[2], host_wiov[2];
200 struct vringh_iov riov, wiov;
201 u16 head, written;
202
203 if (fast_vringh) {
204 for (;;) {
205 err = vringh_get_head(&vrh, &head);
206 if (err != 0)
207 break;
208 err = vringh_need_notify_user(&vrh);
209 if (err < 0)
210 errx(1, "vringh_need_notify_user: %i",
211 err);
212 if (err) {
213 write(to_guest[1], "", 1);
214 notifies++;
215 }
216 }
217 if (err != 1)
218 errx(1, "vringh_get_head");
219 written = 0;
220 goto complete;
221 } else {
222 vringh_iov_init(&riov,
223 host_riov,
224 ARRAY_SIZE(host_riov));
225 vringh_iov_init(&wiov,
226 host_wiov,
227 ARRAY_SIZE(host_wiov));
228
229 err = vringh_getdesc_user(&vrh, &riov, &wiov,
230 getrange, &head);
231 }
232 if (err == 0) {
233 err = vringh_need_notify_user(&vrh);
234 if (err < 0)
235 errx(1, "vringh_need_notify_user: %i",
236 err);
237 if (err) {
238 write(to_guest[1], "", 1);
239 notifies++;
240 }
241
242 if (!vringh_notify_enable_user(&vrh))
243 continue;
244
245 /* Swallow all notifies at once. */
246 if (read(to_host[0], buf, sizeof(buf)) < 1)
247 break;
248
249 vringh_notify_disable_user(&vrh);
250 receives++;
251 continue;
252 }
253 if (err != 1)
254 errx(1, "vringh_getdesc_user: %i", err);
255
256 /* We simply copy bytes. */
257 if (riov.used) {
258 rlen = vringh_iov_pull_user(&riov, rbuf,
259 sizeof(rbuf));
260 if (rlen != 4)
261 errx(1, "vringh_iov_pull_user: %i",
262 rlen);
263 assert(riov.i == riov.used);
264 written = 0;
265 } else {
266 err = vringh_iov_push_user(&wiov, rbuf, rlen);
267 if (err != rlen)
268 errx(1, "vringh_iov_push_user: %i",
269 err);
270 assert(wiov.i == wiov.used);
271 written = err;
272 }
273 complete:
274 xfers++;
275
276 err = vringh_complete_user(&vrh, head, written);
277 if (err != 0)
278 errx(1, "vringh_complete_user: %i", err);
279 }
280
281 err = vringh_need_notify_user(&vrh);
282 if (err < 0)
283 errx(1, "vringh_need_notify_user: %i", err);
284 if (err) {
285 write(to_guest[1], "", 1);
286 notifies++;
287 }
288 wait(&status);
289 if (!WIFEXITED(status))
290 errx(1, "Child died with signal %i?", WTERMSIG(status));
291 if (WEXITSTATUS(status) != 0)
292 errx(1, "Child exited %i?", WEXITSTATUS(status));
293 printf("Host: notified %lu, pinged %lu\n", notifies, receives);
294 return 0;
295 } else {
296 struct guest_virtio_device gvdev;
297 struct virtqueue *vq;
298 unsigned int *data;
299 struct vring_desc *indirects;
300 unsigned int finished = 0;
301
302 /* We pass sg[]s pointing into here, but we need RINGSIZE+1 */
303 data = guest_map + vring_size(RINGSIZE, ALIGN);
304 indirects = (void *)data + (RINGSIZE + 1) * 2 * sizeof(int);
305
306 /* We are the guest. */
307 munmap(host_map, mapsize);
308
309 close(to_guest[1]);
310 close(to_host[0]);
311
312 gvdev.vdev.features = features;
313 INIT_LIST_HEAD(&gvdev.vdev.vqs);
314 spin_lock_init(&gvdev.vdev.vqs_list_lock);
315 gvdev.to_host_fd = to_host[1];
316 gvdev.notifies = 0;
317
318 CPU_SET(first_cpu, &cpu_set);
319 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set))
320 err(1, "Could not set affinity to cpu %u", first_cpu);
321
322 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &gvdev.vdev, true,
323 false, guest_map,
324 fast_vringh ? no_notify_host
325 : parallel_notify_host,
326 never_callback_guest, "guest vq");
327
328 /* Don't kfree indirects. */
329 __kfree_ignore_start = indirects;
330 __kfree_ignore_end = indirects + RINGSIZE * 6;
331
332 while (xfers < NUM_XFERS) {
333 struct scatterlist sg[4];
334 unsigned int num_sg, len;
335 int *dbuf, err;
336 bool output = !(xfers % 2);
337
338 /* Consume bufs. */
339 while ((dbuf = virtqueue_get_buf(vq, &len)) != NULL) {
340 if (len == 4)
341 assert(*dbuf == finished - 1);
342 else if (!fast_vringh)
343 assert(*dbuf == finished);
344 finished++;
345 }
346
347 /* Produce a buffer. */
348 dbuf = data + (xfers % (RINGSIZE + 1));
349
350 if (output)
351 *dbuf = xfers;
352 else
353 *dbuf = -1;
354
355 switch ((xfers / sizeof(*dbuf)) % 4) {
356 case 0:
357 /* Nasty three-element sg list. */
358 sg_init_table(sg, num_sg = 3);
359 sg_set_buf(&sg[0], (void *)dbuf, 1);
360 sg_set_buf(&sg[1], (void *)dbuf + 1, 2);
361 sg_set_buf(&sg[2], (void *)dbuf + 3, 1);
362 break;
363 case 1:
364 sg_init_table(sg, num_sg = 2);
365 sg_set_buf(&sg[0], (void *)dbuf, 1);
366 sg_set_buf(&sg[1], (void *)dbuf + 1, 3);
367 break;
368 case 2:
369 sg_init_table(sg, num_sg = 1);
370 sg_set_buf(&sg[0], (void *)dbuf, 4);
371 break;
372 case 3:
373 sg_init_table(sg, num_sg = 4);
374 sg_set_buf(&sg[0], (void *)dbuf, 1);
375 sg_set_buf(&sg[1], (void *)dbuf + 1, 1);
376 sg_set_buf(&sg[2], (void *)dbuf + 2, 1);
377 sg_set_buf(&sg[3], (void *)dbuf + 3, 1);
378 break;
379 }
380
381 /* May allocate an indirect, so force it to allocate
382 * user addr */
383 __kmalloc_fake = indirects + (xfers % RINGSIZE) * 4;
384 if (output)
385 err = virtqueue_add_outbuf(vq, sg, num_sg, dbuf,
386 GFP_KERNEL);
387 else
388 err = virtqueue_add_inbuf(vq, sg, num_sg,
389 dbuf, GFP_KERNEL);
390
391 if (err == -ENOSPC) {
392 if (!virtqueue_enable_cb_delayed(vq))
393 continue;
394 /* Swallow all notifies at once. */
395 if (read(to_guest[0], buf, sizeof(buf)) < 1)
396 break;
397
398 receives++;
399 virtqueue_disable_cb(vq);
400 continue;
401 }
402
403 if (err)
404 errx(1, "virtqueue_add_in/outbuf: %i", err);
405
406 xfers++;
407 virtqueue_kick(vq);
408 }
409
410 /* Any extra? */
411 while (finished != xfers) {
412 int *dbuf;
413 unsigned int len;
414
415 /* Consume bufs. */
416 dbuf = virtqueue_get_buf(vq, &len);
417 if (dbuf) {
418 if (len == 4)
419 assert(*dbuf == finished - 1);
420 else
421 assert(len == 0);
422 finished++;
423 continue;
424 }
425
426 if (!virtqueue_enable_cb_delayed(vq))
427 continue;
428 if (read(to_guest[0], buf, sizeof(buf)) < 1)
429 break;
430
431 receives++;
432 virtqueue_disable_cb(vq);
433 }
434
435 printf("Guest: notified %lu, pinged %lu\n",
436 gvdev.notifies, receives);
437 vring_del_virtqueue(vq);
438 return 0;
439 }
440 }
441
main(int argc,char * argv[])442 int main(int argc, char *argv[])
443 {
444 struct virtio_device vdev;
445 struct virtqueue *vq;
446 struct vringh vrh;
447 struct scatterlist guest_sg[RINGSIZE], *sgs[2];
448 struct iovec host_riov[2], host_wiov[2];
449 struct vringh_iov riov, wiov;
450 struct vring_used_elem used[RINGSIZE];
451 char buf[28];
452 u16 head;
453 int err;
454 unsigned i;
455 void *ret;
456 bool (*getrange)(struct vringh *vrh, u64 addr, struct vringh_range *r);
457 bool fast_vringh = false, parallel = false;
458
459 getrange = getrange_iov;
460 vdev.features = 0;
461 INIT_LIST_HEAD(&vdev.vqs);
462 spin_lock_init(&vdev.vqs_list_lock);
463
464 while (argv[1]) {
465 if (strcmp(argv[1], "--indirect") == 0)
466 __virtio_set_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC);
467 else if (strcmp(argv[1], "--eventidx") == 0)
468 __virtio_set_bit(&vdev, VIRTIO_RING_F_EVENT_IDX);
469 else if (strcmp(argv[1], "--virtio-1") == 0)
470 __virtio_set_bit(&vdev, VIRTIO_F_VERSION_1);
471 else if (strcmp(argv[1], "--slow-range") == 0)
472 getrange = getrange_slow;
473 else if (strcmp(argv[1], "--fast-vringh") == 0)
474 fast_vringh = true;
475 else if (strcmp(argv[1], "--parallel") == 0)
476 parallel = true;
477 else
478 errx(1, "Unknown arg %s", argv[1]);
479 argv++;
480 }
481
482 if (parallel)
483 return parallel_test(vdev.features, getrange, fast_vringh);
484
485 if (posix_memalign(&__user_addr_min, PAGE_SIZE, USER_MEM) != 0)
486 abort();
487 __user_addr_max = __user_addr_min + USER_MEM;
488 memset(__user_addr_min, 0, vring_size(RINGSIZE, ALIGN));
489
490 /* Set up guest side. */
491 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, false,
492 __user_addr_min,
493 never_notify_host, never_callback_guest,
494 "guest vq");
495
496 /* Set up host side. */
497 vring_init(&vrh.vring, RINGSIZE, __user_addr_min, ALIGN);
498 vringh_init_user(&vrh, vdev.features, RINGSIZE, true,
499 vrh.vring.desc, vrh.vring.avail, vrh.vring.used);
500
501 /* No descriptor to get yet... */
502 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head);
503 if (err != 0)
504 errx(1, "vringh_getdesc_user: %i", err);
505
506 /* Guest puts in a descriptor. */
507 memcpy(__user_addr_max - 1, "a", 1);
508 sg_init_table(guest_sg, 1);
509 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1);
510 sg_init_table(guest_sg+1, 1);
511 sg_set_buf(&guest_sg[1], __user_addr_max - 3, 2);
512 sgs[0] = &guest_sg[0];
513 sgs[1] = &guest_sg[1];
514
515 /* May allocate an indirect, so force it to allocate user addr */
516 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN);
517 err = virtqueue_add_sgs(vq, sgs, 1, 1, &err, GFP_KERNEL);
518 if (err)
519 errx(1, "virtqueue_add_sgs: %i", err);
520 __kmalloc_fake = NULL;
521
522 /* Host retrieves it. */
523 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov));
524 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov));
525
526 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head);
527 if (err != 1)
528 errx(1, "vringh_getdesc_user: %i", err);
529
530 assert(riov.used == 1);
531 assert(riov.iov[0].iov_base == __user_addr_max - 1);
532 assert(riov.iov[0].iov_len == 1);
533 if (getrange != getrange_slow) {
534 assert(wiov.used == 1);
535 assert(wiov.iov[0].iov_base == __user_addr_max - 3);
536 assert(wiov.iov[0].iov_len == 2);
537 } else {
538 assert(wiov.used == 2);
539 assert(wiov.iov[0].iov_base == __user_addr_max - 3);
540 assert(wiov.iov[0].iov_len == 1);
541 assert(wiov.iov[1].iov_base == __user_addr_max - 2);
542 assert(wiov.iov[1].iov_len == 1);
543 }
544
545 err = vringh_iov_pull_user(&riov, buf, 5);
546 if (err != 1)
547 errx(1, "vringh_iov_pull_user: %i", err);
548 assert(buf[0] == 'a');
549 assert(riov.i == 1);
550 assert(vringh_iov_pull_user(&riov, buf, 5) == 0);
551
552 memcpy(buf, "bcdef", 5);
553 err = vringh_iov_push_user(&wiov, buf, 5);
554 if (err != 2)
555 errx(1, "vringh_iov_push_user: %i", err);
556 assert(memcmp(__user_addr_max - 3, "bc", 2) == 0);
557 assert(wiov.i == wiov.used);
558 assert(vringh_iov_push_user(&wiov, buf, 5) == 0);
559
560 /* Host is done. */
561 err = vringh_complete_user(&vrh, head, err);
562 if (err != 0)
563 errx(1, "vringh_complete_user: %i", err);
564
565 /* Guest should see used token now. */
566 __kfree_ignore_start = __user_addr_min + vring_size(RINGSIZE, ALIGN);
567 __kfree_ignore_end = __kfree_ignore_start + 1;
568 ret = virtqueue_get_buf(vq, &i);
569 if (ret != &err)
570 errx(1, "virtqueue_get_buf: %p", ret);
571 assert(i == 2);
572
573 /* Guest puts in a huge descriptor. */
574 sg_init_table(guest_sg, RINGSIZE);
575 for (i = 0; i < RINGSIZE; i++) {
576 sg_set_buf(&guest_sg[i],
577 __user_addr_max - USER_MEM/4, USER_MEM/4);
578 }
579
580 /* Fill contents with recognisable garbage. */
581 for (i = 0; i < USER_MEM/4; i++)
582 ((char *)__user_addr_max - USER_MEM/4)[i] = i;
583
584 /* This will allocate an indirect, so force it to allocate user addr */
585 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN);
586 err = virtqueue_add_outbuf(vq, guest_sg, RINGSIZE, &err, GFP_KERNEL);
587 if (err)
588 errx(1, "virtqueue_add_outbuf (large): %i", err);
589 __kmalloc_fake = NULL;
590
591 /* Host picks it up (allocates new iov). */
592 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov));
593 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov));
594
595 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head);
596 if (err != 1)
597 errx(1, "vringh_getdesc_user: %i", err);
598
599 assert(riov.max_num & VRINGH_IOV_ALLOCATED);
600 assert(riov.iov != host_riov);
601 if (getrange != getrange_slow)
602 assert(riov.used == RINGSIZE);
603 else
604 assert(riov.used == RINGSIZE * USER_MEM/4);
605
606 assert(!(wiov.max_num & VRINGH_IOV_ALLOCATED));
607 assert(wiov.used == 0);
608
609 /* Pull data back out (in odd chunks), should be as expected. */
610 for (i = 0; i < RINGSIZE * USER_MEM/4; i += 3) {
611 err = vringh_iov_pull_user(&riov, buf, 3);
612 if (err != 3 && i + err != RINGSIZE * USER_MEM/4)
613 errx(1, "vringh_iov_pull_user large: %i", err);
614 assert(buf[0] == (char)i);
615 assert(err < 2 || buf[1] == (char)(i + 1));
616 assert(err < 3 || buf[2] == (char)(i + 2));
617 }
618 assert(riov.i == riov.used);
619 vringh_iov_cleanup(&riov);
620 vringh_iov_cleanup(&wiov);
621
622 /* Complete using multi interface, just because we can. */
623 used[0].id = head;
624 used[0].len = 0;
625 err = vringh_complete_multi_user(&vrh, used, 1);
626 if (err)
627 errx(1, "vringh_complete_multi_user(1): %i", err);
628
629 /* Free up those descriptors. */
630 ret = virtqueue_get_buf(vq, &i);
631 if (ret != &err)
632 errx(1, "virtqueue_get_buf: %p", ret);
633
634 /* Add lots of descriptors. */
635 sg_init_table(guest_sg, 1);
636 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1);
637 for (i = 0; i < RINGSIZE; i++) {
638 err = virtqueue_add_outbuf(vq, guest_sg, 1, &err, GFP_KERNEL);
639 if (err)
640 errx(1, "virtqueue_add_outbuf (multiple): %i", err);
641 }
642
643 /* Now get many, and consume them all at once. */
644 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov));
645 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov));
646
647 for (i = 0; i < RINGSIZE; i++) {
648 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head);
649 if (err != 1)
650 errx(1, "vringh_getdesc_user: %i", err);
651 used[i].id = head;
652 used[i].len = 0;
653 }
654 /* Make sure it wraps around ring, to test! */
655 assert(vrh.vring.used->idx % RINGSIZE != 0);
656 err = vringh_complete_multi_user(&vrh, used, RINGSIZE);
657 if (err)
658 errx(1, "vringh_complete_multi_user: %i", err);
659
660 /* Free those buffers. */
661 for (i = 0; i < RINGSIZE; i++) {
662 unsigned len;
663 assert(virtqueue_get_buf(vq, &len) != NULL);
664 }
665
666 /* Test weird (but legal!) indirect. */
667 if (__virtio_test_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC)) {
668 char *data = __user_addr_max - USER_MEM/4;
669 struct vring_desc *d = __user_addr_max - USER_MEM/2;
670 struct vring vring;
671
672 /* Force creation of direct, which we modify. */
673 __virtio_clear_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC);
674 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true,
675 false, __user_addr_min,
676 never_notify_host,
677 never_callback_guest,
678 "guest vq");
679
680 sg_init_table(guest_sg, 4);
681 sg_set_buf(&guest_sg[0], d, sizeof(*d)*2);
682 sg_set_buf(&guest_sg[1], d + 2, sizeof(*d)*1);
683 sg_set_buf(&guest_sg[2], data + 6, 4);
684 sg_set_buf(&guest_sg[3], d + 3, sizeof(*d)*3);
685
686 err = virtqueue_add_outbuf(vq, guest_sg, 4, &err, GFP_KERNEL);
687 if (err)
688 errx(1, "virtqueue_add_outbuf (indirect): %i", err);
689
690 vring_init(&vring, RINGSIZE, __user_addr_min, ALIGN);
691
692 /* They're used in order, but double-check... */
693 assert(vring.desc[0].addr == (unsigned long)d);
694 assert(vring.desc[1].addr == (unsigned long)(d+2));
695 assert(vring.desc[2].addr == (unsigned long)data + 6);
696 assert(vring.desc[3].addr == (unsigned long)(d+3));
697 vring.desc[0].flags |= VRING_DESC_F_INDIRECT;
698 vring.desc[1].flags |= VRING_DESC_F_INDIRECT;
699 vring.desc[3].flags |= VRING_DESC_F_INDIRECT;
700
701 /* First indirect */
702 d[0].addr = (unsigned long)data;
703 d[0].len = 1;
704 d[0].flags = VRING_DESC_F_NEXT;
705 d[0].next = 1;
706 d[1].addr = (unsigned long)data + 1;
707 d[1].len = 2;
708 d[1].flags = 0;
709
710 /* Second indirect */
711 d[2].addr = (unsigned long)data + 3;
712 d[2].len = 3;
713 d[2].flags = 0;
714
715 /* Third indirect */
716 d[3].addr = (unsigned long)data + 10;
717 d[3].len = 5;
718 d[3].flags = VRING_DESC_F_NEXT;
719 d[3].next = 1;
720 d[4].addr = (unsigned long)data + 15;
721 d[4].len = 6;
722 d[4].flags = VRING_DESC_F_NEXT;
723 d[4].next = 2;
724 d[5].addr = (unsigned long)data + 21;
725 d[5].len = 7;
726 d[5].flags = 0;
727
728 /* Host picks it up (allocates new iov). */
729 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov));
730 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov));
731
732 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head);
733 if (err != 1)
734 errx(1, "vringh_getdesc_user: %i", err);
735
736 if (head != 0)
737 errx(1, "vringh_getdesc_user: head %i not 0", head);
738
739 assert(riov.max_num & VRINGH_IOV_ALLOCATED);
740 if (getrange != getrange_slow)
741 assert(riov.used == 7);
742 else
743 assert(riov.used == 28);
744 err = vringh_iov_pull_user(&riov, buf, 29);
745 assert(err == 28);
746
747 /* Data should be linear. */
748 for (i = 0; i < err; i++)
749 assert(buf[i] == i);
750 vringh_iov_cleanup(&riov);
751 }
752
753 /* Don't leak memory... */
754 vring_del_virtqueue(vq);
755 free(__user_addr_min);
756
757 return 0;
758 }
759