1 // SPDX-License-Identifier: GPL-2.0 2 /* Simple test of virtio code, entirely in userpsace. */ 3 #define _GNU_SOURCE 4 #include <sched.h> 5 #include <err.h> 6 #include <linux/kernel.h> 7 #include <linux/err.h> 8 #include <linux/virtio.h> 9 #include <linux/vringh.h> 10 #include <linux/virtio_ring.h> 11 #include <linux/virtio_config.h> 12 #include <linux/uaccess.h> 13 #include <sys/types.h> 14 #include <sys/stat.h> 15 #include <sys/mman.h> 16 #include <sys/wait.h> 17 #include <fcntl.h> 18 19 #define USER_MEM (1024*1024) 20 void *__user_addr_min, *__user_addr_max; 21 void *__kmalloc_fake, *__kfree_ignore_start, *__kfree_ignore_end; 22 static u64 user_addr_offset; 23 24 #define RINGSIZE 256 25 #define ALIGN 4096 26 27 static bool never_notify_host(struct virtqueue *vq) 28 { 29 abort(); 30 } 31 32 static void never_callback_guest(struct virtqueue *vq) 33 { 34 abort(); 35 } 36 37 static bool getrange_iov(struct vringh *vrh, u64 addr, struct vringh_range *r) 38 { 39 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset) 40 return false; 41 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset) 42 return false; 43 44 r->start = (u64)(unsigned long)__user_addr_min - user_addr_offset; 45 r->end_incl = (u64)(unsigned long)__user_addr_max - 1 - user_addr_offset; 46 r->offset = user_addr_offset; 47 return true; 48 } 49 50 /* We return single byte ranges. */ 51 static bool getrange_slow(struct vringh *vrh, u64 addr, struct vringh_range *r) 52 { 53 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset) 54 return false; 55 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset) 56 return false; 57 58 r->start = addr; 59 r->end_incl = r->start; 60 r->offset = user_addr_offset; 61 return true; 62 } 63 64 struct guest_virtio_device { 65 struct virtio_device vdev; 66 int to_host_fd; 67 unsigned long notifies; 68 }; 69 70 static bool parallel_notify_host(struct virtqueue *vq) 71 { 72 int rc; 73 struct guest_virtio_device *gvdev; 74 75 gvdev = container_of(vq->vdev, struct guest_virtio_device, vdev); 76 rc = write(gvdev->to_host_fd, "", 1); 77 if (rc < 0) 78 return false; 79 gvdev->notifies++; 80 return true; 81 } 82 83 static bool no_notify_host(struct virtqueue *vq) 84 { 85 return true; 86 } 87 88 #define NUM_XFERS (10000000) 89 90 /* We aim for two "distant" cpus. */ 91 static void find_cpus(unsigned int *first, unsigned int *last) 92 { 93 unsigned int i; 94 95 *first = -1U; 96 *last = 0; 97 for (i = 0; i < 4096; i++) { 98 cpu_set_t set; 99 CPU_ZERO(&set); 100 CPU_SET(i, &set); 101 if (sched_setaffinity(getpid(), sizeof(set), &set) == 0) { 102 if (i < *first) 103 *first = i; 104 if (i > *last) 105 *last = i; 106 } 107 } 108 } 109 110 /* Opencoded version for fast mode */ 111 static inline int vringh_get_head(struct vringh *vrh, u16 *head) 112 { 113 u16 avail_idx, i; 114 int err; 115 116 err = get_user(avail_idx, &vrh->vring.avail->idx); 117 if (err) 118 return err; 119 120 if (vrh->last_avail_idx == avail_idx) 121 return 0; 122 123 /* Only get avail ring entries after they have been exposed by guest. */ 124 virtio_rmb(vrh->weak_barriers); 125 126 i = vrh->last_avail_idx & (vrh->vring.num - 1); 127 128 err = get_user(*head, &vrh->vring.avail->ring[i]); 129 if (err) 130 return err; 131 132 vrh->last_avail_idx++; 133 return 1; 134 } 135 136 static int parallel_test(u64 features, 137 bool (*getrange)(struct vringh *vrh, 138 u64 addr, struct vringh_range *r), 139 bool fast_vringh) 140 { 141 void *host_map, *guest_map; 142 int pipe_ret, fd, mapsize, to_guest[2], to_host[2]; 143 unsigned long xfers = 0, notifies = 0, receives = 0; 144 unsigned int first_cpu, last_cpu; 145 cpu_set_t cpu_set; 146 char buf[128]; 147 148 /* Create real file to mmap. */ 149 fd = open("/tmp/vringh_test-file", O_RDWR|O_CREAT|O_TRUNC, 0600); 150 if (fd < 0) 151 err(1, "Opening /tmp/vringh_test-file"); 152 153 /* Extra room at the end for some data, and indirects */ 154 mapsize = vring_size(RINGSIZE, ALIGN) 155 + RINGSIZE * 2 * sizeof(int) 156 + RINGSIZE * 6 * sizeof(struct vring_desc); 157 mapsize = (mapsize + getpagesize() - 1) & ~(getpagesize() - 1); 158 ftruncate(fd, mapsize); 159 160 /* Parent and child use separate addresses, to check our mapping logic! */ 161 host_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 162 if (host_map == MAP_FAILED) 163 err(1, "mmap host_map"); 164 165 guest_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 166 if (guest_map == MAP_FAILED) 167 err(1, "mmap guest_map"); 168 169 pipe_ret = pipe(to_guest); 170 assert(!pipe_ret); 171 172 pipe_ret = pipe(to_host); 173 assert(!pipe_ret); 174 175 CPU_ZERO(&cpu_set); 176 find_cpus(&first_cpu, &last_cpu); 177 printf("Using CPUS %u and %u\n", first_cpu, last_cpu); 178 fflush(stdout); 179 180 if (fork() != 0) { 181 struct vringh vrh; 182 int status, err, rlen = 0; 183 char rbuf[5]; 184 185 /* We are the host: never access guest addresses! */ 186 munmap(guest_map, mapsize); 187 188 __user_addr_min = host_map; 189 __user_addr_max = __user_addr_min + mapsize; 190 user_addr_offset = host_map - guest_map; 191 assert(user_addr_offset); 192 193 close(to_guest[0]); 194 close(to_host[1]); 195 196 vring_init(&vrh.vring, RINGSIZE, host_map, ALIGN); 197 vringh_init_user(&vrh, features, RINGSIZE, true, 198 vrh.vring.desc, vrh.vring.avail, vrh.vring.used); 199 CPU_SET(first_cpu, &cpu_set); 200 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set)) 201 errx(1, "Could not set affinity to cpu %u", first_cpu); 202 203 while (xfers < NUM_XFERS) { 204 struct iovec host_riov[2], host_wiov[2]; 205 struct vringh_iov riov, wiov; 206 u16 head, written; 207 208 if (fast_vringh) { 209 for (;;) { 210 err = vringh_get_head(&vrh, &head); 211 if (err != 0) 212 break; 213 err = vringh_need_notify_user(&vrh); 214 if (err < 0) 215 errx(1, "vringh_need_notify_user: %i", 216 err); 217 if (err) { 218 write(to_guest[1], "", 1); 219 notifies++; 220 } 221 } 222 if (err != 1) 223 errx(1, "vringh_get_head"); 224 written = 0; 225 goto complete; 226 } else { 227 vringh_iov_init(&riov, 228 host_riov, 229 ARRAY_SIZE(host_riov)); 230 vringh_iov_init(&wiov, 231 host_wiov, 232 ARRAY_SIZE(host_wiov)); 233 234 err = vringh_getdesc_user(&vrh, &riov, &wiov, 235 getrange, &head); 236 } 237 if (err == 0) { 238 err = vringh_need_notify_user(&vrh); 239 if (err < 0) 240 errx(1, "vringh_need_notify_user: %i", 241 err); 242 if (err) { 243 write(to_guest[1], "", 1); 244 notifies++; 245 } 246 247 if (!vringh_notify_enable_user(&vrh)) 248 continue; 249 250 /* Swallow all notifies at once. */ 251 if (read(to_host[0], buf, sizeof(buf)) < 1) 252 break; 253 254 vringh_notify_disable_user(&vrh); 255 receives++; 256 continue; 257 } 258 if (err != 1) 259 errx(1, "vringh_getdesc_user: %i", err); 260 261 /* We simply copy bytes. */ 262 if (riov.used) { 263 rlen = vringh_iov_pull_user(&riov, rbuf, 264 sizeof(rbuf)); 265 if (rlen != 4) 266 errx(1, "vringh_iov_pull_user: %i", 267 rlen); 268 assert(riov.i == riov.used); 269 written = 0; 270 } else { 271 err = vringh_iov_push_user(&wiov, rbuf, rlen); 272 if (err != rlen) 273 errx(1, "vringh_iov_push_user: %i", 274 err); 275 assert(wiov.i == wiov.used); 276 written = err; 277 } 278 complete: 279 xfers++; 280 281 err = vringh_complete_user(&vrh, head, written); 282 if (err != 0) 283 errx(1, "vringh_complete_user: %i", err); 284 } 285 286 err = vringh_need_notify_user(&vrh); 287 if (err < 0) 288 errx(1, "vringh_need_notify_user: %i", err); 289 if (err) { 290 write(to_guest[1], "", 1); 291 notifies++; 292 } 293 wait(&status); 294 if (!WIFEXITED(status)) 295 errx(1, "Child died with signal %i?", WTERMSIG(status)); 296 if (WEXITSTATUS(status) != 0) 297 errx(1, "Child exited %i?", WEXITSTATUS(status)); 298 printf("Host: notified %lu, pinged %lu\n", notifies, receives); 299 return 0; 300 } else { 301 struct guest_virtio_device gvdev; 302 struct virtqueue *vq; 303 unsigned int *data; 304 struct vring_desc *indirects; 305 unsigned int finished = 0; 306 307 /* We pass sg[]s pointing into here, but we need RINGSIZE+1 */ 308 data = guest_map + vring_size(RINGSIZE, ALIGN); 309 indirects = (void *)data + (RINGSIZE + 1) * 2 * sizeof(int); 310 311 /* We are the guest. */ 312 munmap(host_map, mapsize); 313 314 close(to_guest[1]); 315 close(to_host[0]); 316 317 gvdev.vdev.features = features; 318 INIT_LIST_HEAD(&gvdev.vdev.vqs); 319 spin_lock_init(&gvdev.vdev.vqs_list_lock); 320 gvdev.to_host_fd = to_host[1]; 321 gvdev.notifies = 0; 322 323 CPU_SET(first_cpu, &cpu_set); 324 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set)) 325 err(1, "Could not set affinity to cpu %u", first_cpu); 326 327 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &gvdev.vdev, true, 328 false, guest_map, 329 fast_vringh ? no_notify_host 330 : parallel_notify_host, 331 never_callback_guest, "guest vq"); 332 333 /* Don't kfree indirects. */ 334 __kfree_ignore_start = indirects; 335 __kfree_ignore_end = indirects + RINGSIZE * 6; 336 337 while (xfers < NUM_XFERS) { 338 struct scatterlist sg[4]; 339 unsigned int num_sg, len; 340 int *dbuf, err; 341 bool output = !(xfers % 2); 342 343 /* Consume bufs. */ 344 while ((dbuf = virtqueue_get_buf(vq, &len)) != NULL) { 345 if (len == 4) 346 assert(*dbuf == finished - 1); 347 else if (!fast_vringh) 348 assert(*dbuf == finished); 349 finished++; 350 } 351 352 /* Produce a buffer. */ 353 dbuf = data + (xfers % (RINGSIZE + 1)); 354 355 if (output) 356 *dbuf = xfers; 357 else 358 *dbuf = -1; 359 360 switch ((xfers / sizeof(*dbuf)) % 4) { 361 case 0: 362 /* Nasty three-element sg list. */ 363 sg_init_table(sg, num_sg = 3); 364 sg_set_buf(&sg[0], (void *)dbuf, 1); 365 sg_set_buf(&sg[1], (void *)dbuf + 1, 2); 366 sg_set_buf(&sg[2], (void *)dbuf + 3, 1); 367 break; 368 case 1: 369 sg_init_table(sg, num_sg = 2); 370 sg_set_buf(&sg[0], (void *)dbuf, 1); 371 sg_set_buf(&sg[1], (void *)dbuf + 1, 3); 372 break; 373 case 2: 374 sg_init_table(sg, num_sg = 1); 375 sg_set_buf(&sg[0], (void *)dbuf, 4); 376 break; 377 case 3: 378 sg_init_table(sg, num_sg = 4); 379 sg_set_buf(&sg[0], (void *)dbuf, 1); 380 sg_set_buf(&sg[1], (void *)dbuf + 1, 1); 381 sg_set_buf(&sg[2], (void *)dbuf + 2, 1); 382 sg_set_buf(&sg[3], (void *)dbuf + 3, 1); 383 break; 384 } 385 386 /* May allocate an indirect, so force it to allocate 387 * user addr */ 388 __kmalloc_fake = indirects + (xfers % RINGSIZE) * 4; 389 if (output) 390 err = virtqueue_add_outbuf(vq, sg, num_sg, dbuf, 391 GFP_KERNEL); 392 else 393 err = virtqueue_add_inbuf(vq, sg, num_sg, 394 dbuf, GFP_KERNEL); 395 396 if (err == -ENOSPC) { 397 if (!virtqueue_enable_cb_delayed(vq)) 398 continue; 399 /* Swallow all notifies at once. */ 400 if (read(to_guest[0], buf, sizeof(buf)) < 1) 401 break; 402 403 receives++; 404 virtqueue_disable_cb(vq); 405 continue; 406 } 407 408 if (err) 409 errx(1, "virtqueue_add_in/outbuf: %i", err); 410 411 xfers++; 412 virtqueue_kick(vq); 413 } 414 415 /* Any extra? */ 416 while (finished != xfers) { 417 int *dbuf; 418 unsigned int len; 419 420 /* Consume bufs. */ 421 dbuf = virtqueue_get_buf(vq, &len); 422 if (dbuf) { 423 if (len == 4) 424 assert(*dbuf == finished - 1); 425 else 426 assert(len == 0); 427 finished++; 428 continue; 429 } 430 431 if (!virtqueue_enable_cb_delayed(vq)) 432 continue; 433 if (read(to_guest[0], buf, sizeof(buf)) < 1) 434 break; 435 436 receives++; 437 virtqueue_disable_cb(vq); 438 } 439 440 printf("Guest: notified %lu, pinged %lu\n", 441 gvdev.notifies, receives); 442 vring_del_virtqueue(vq); 443 return 0; 444 } 445 } 446 447 int main(int argc, char *argv[]) 448 { 449 struct virtio_device vdev; 450 struct virtqueue *vq; 451 struct vringh vrh; 452 struct scatterlist guest_sg[RINGSIZE], *sgs[2]; 453 struct iovec host_riov[2], host_wiov[2]; 454 struct vringh_iov riov, wiov; 455 struct vring_used_elem used[RINGSIZE]; 456 char buf[28]; 457 u16 head; 458 int err; 459 unsigned i; 460 void *ret; 461 bool (*getrange)(struct vringh *vrh, u64 addr, struct vringh_range *r); 462 bool fast_vringh = false, parallel = false; 463 464 getrange = getrange_iov; 465 vdev.features = 0; 466 INIT_LIST_HEAD(&vdev.vqs); 467 spin_lock_init(&vdev.vqs_list_lock); 468 469 while (argv[1]) { 470 if (strcmp(argv[1], "--indirect") == 0) 471 __virtio_set_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC); 472 else if (strcmp(argv[1], "--eventidx") == 0) 473 __virtio_set_bit(&vdev, VIRTIO_RING_F_EVENT_IDX); 474 else if (strcmp(argv[1], "--virtio-1") == 0) 475 __virtio_set_bit(&vdev, VIRTIO_F_VERSION_1); 476 else if (strcmp(argv[1], "--slow-range") == 0) 477 getrange = getrange_slow; 478 else if (strcmp(argv[1], "--fast-vringh") == 0) 479 fast_vringh = true; 480 else if (strcmp(argv[1], "--parallel") == 0) 481 parallel = true; 482 else 483 errx(1, "Unknown arg %s", argv[1]); 484 argv++; 485 } 486 487 if (parallel) 488 return parallel_test(vdev.features, getrange, fast_vringh); 489 490 if (posix_memalign(&__user_addr_min, PAGE_SIZE, USER_MEM) != 0) 491 abort(); 492 __user_addr_max = __user_addr_min + USER_MEM; 493 memset(__user_addr_min, 0, vring_size(RINGSIZE, ALIGN)); 494 495 /* Set up guest side. */ 496 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, false, 497 __user_addr_min, 498 never_notify_host, never_callback_guest, 499 "guest vq"); 500 501 /* Set up host side. */ 502 vring_init(&vrh.vring, RINGSIZE, __user_addr_min, ALIGN); 503 vringh_init_user(&vrh, vdev.features, RINGSIZE, true, 504 vrh.vring.desc, vrh.vring.avail, vrh.vring.used); 505 506 /* No descriptor to get yet... */ 507 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 508 if (err != 0) 509 errx(1, "vringh_getdesc_user: %i", err); 510 511 /* Guest puts in a descriptor. */ 512 memcpy(__user_addr_max - 1, "a", 1); 513 sg_init_table(guest_sg, 1); 514 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1); 515 sg_init_table(guest_sg+1, 1); 516 sg_set_buf(&guest_sg[1], __user_addr_max - 3, 2); 517 sgs[0] = &guest_sg[0]; 518 sgs[1] = &guest_sg[1]; 519 520 /* May allocate an indirect, so force it to allocate user addr */ 521 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN); 522 err = virtqueue_add_sgs(vq, sgs, 1, 1, &err, GFP_KERNEL); 523 if (err) 524 errx(1, "virtqueue_add_sgs: %i", err); 525 __kmalloc_fake = NULL; 526 527 /* Host retrieves it. */ 528 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 529 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 530 531 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 532 if (err != 1) 533 errx(1, "vringh_getdesc_user: %i", err); 534 535 assert(riov.used == 1); 536 assert(riov.iov[0].iov_base == __user_addr_max - 1); 537 assert(riov.iov[0].iov_len == 1); 538 if (getrange != getrange_slow) { 539 assert(wiov.used == 1); 540 assert(wiov.iov[0].iov_base == __user_addr_max - 3); 541 assert(wiov.iov[0].iov_len == 2); 542 } else { 543 assert(wiov.used == 2); 544 assert(wiov.iov[0].iov_base == __user_addr_max - 3); 545 assert(wiov.iov[0].iov_len == 1); 546 assert(wiov.iov[1].iov_base == __user_addr_max - 2); 547 assert(wiov.iov[1].iov_len == 1); 548 } 549 550 err = vringh_iov_pull_user(&riov, buf, 5); 551 if (err != 1) 552 errx(1, "vringh_iov_pull_user: %i", err); 553 assert(buf[0] == 'a'); 554 assert(riov.i == 1); 555 assert(vringh_iov_pull_user(&riov, buf, 5) == 0); 556 557 memcpy(buf, "bcdef", 5); 558 err = vringh_iov_push_user(&wiov, buf, 5); 559 if (err != 2) 560 errx(1, "vringh_iov_push_user: %i", err); 561 assert(memcmp(__user_addr_max - 3, "bc", 2) == 0); 562 assert(wiov.i == wiov.used); 563 assert(vringh_iov_push_user(&wiov, buf, 5) == 0); 564 565 /* Host is done. */ 566 err = vringh_complete_user(&vrh, head, err); 567 if (err != 0) 568 errx(1, "vringh_complete_user: %i", err); 569 570 /* Guest should see used token now. */ 571 __kfree_ignore_start = __user_addr_min + vring_size(RINGSIZE, ALIGN); 572 __kfree_ignore_end = __kfree_ignore_start + 1; 573 ret = virtqueue_get_buf(vq, &i); 574 if (ret != &err) 575 errx(1, "virtqueue_get_buf: %p", ret); 576 assert(i == 2); 577 578 /* Guest puts in a huge descriptor. */ 579 sg_init_table(guest_sg, RINGSIZE); 580 for (i = 0; i < RINGSIZE; i++) { 581 sg_set_buf(&guest_sg[i], 582 __user_addr_max - USER_MEM/4, USER_MEM/4); 583 } 584 585 /* Fill contents with recognisable garbage. */ 586 for (i = 0; i < USER_MEM/4; i++) 587 ((char *)__user_addr_max - USER_MEM/4)[i] = i; 588 589 /* This will allocate an indirect, so force it to allocate user addr */ 590 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN); 591 err = virtqueue_add_outbuf(vq, guest_sg, RINGSIZE, &err, GFP_KERNEL); 592 if (err) 593 errx(1, "virtqueue_add_outbuf (large): %i", err); 594 __kmalloc_fake = NULL; 595 596 /* Host picks it up (allocates new iov). */ 597 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 598 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 599 600 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 601 if (err != 1) 602 errx(1, "vringh_getdesc_user: %i", err); 603 604 assert(riov.max_num & VRINGH_IOV_ALLOCATED); 605 assert(riov.iov != host_riov); 606 if (getrange != getrange_slow) 607 assert(riov.used == RINGSIZE); 608 else 609 assert(riov.used == RINGSIZE * USER_MEM/4); 610 611 assert(!(wiov.max_num & VRINGH_IOV_ALLOCATED)); 612 assert(wiov.used == 0); 613 614 /* Pull data back out (in odd chunks), should be as expected. */ 615 for (i = 0; i < RINGSIZE * USER_MEM/4; i += 3) { 616 err = vringh_iov_pull_user(&riov, buf, 3); 617 if (err != 3 && i + err != RINGSIZE * USER_MEM/4) 618 errx(1, "vringh_iov_pull_user large: %i", err); 619 assert(buf[0] == (char)i); 620 assert(err < 2 || buf[1] == (char)(i + 1)); 621 assert(err < 3 || buf[2] == (char)(i + 2)); 622 } 623 assert(riov.i == riov.used); 624 vringh_iov_cleanup(&riov); 625 vringh_iov_cleanup(&wiov); 626 627 /* Complete using multi interface, just because we can. */ 628 used[0].id = head; 629 used[0].len = 0; 630 err = vringh_complete_multi_user(&vrh, used, 1); 631 if (err) 632 errx(1, "vringh_complete_multi_user(1): %i", err); 633 634 /* Free up those descriptors. */ 635 ret = virtqueue_get_buf(vq, &i); 636 if (ret != &err) 637 errx(1, "virtqueue_get_buf: %p", ret); 638 639 /* Add lots of descriptors. */ 640 sg_init_table(guest_sg, 1); 641 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1); 642 for (i = 0; i < RINGSIZE; i++) { 643 err = virtqueue_add_outbuf(vq, guest_sg, 1, &err, GFP_KERNEL); 644 if (err) 645 errx(1, "virtqueue_add_outbuf (multiple): %i", err); 646 } 647 648 /* Now get many, and consume them all at once. */ 649 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 650 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 651 652 for (i = 0; i < RINGSIZE; i++) { 653 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 654 if (err != 1) 655 errx(1, "vringh_getdesc_user: %i", err); 656 used[i].id = head; 657 used[i].len = 0; 658 } 659 /* Make sure it wraps around ring, to test! */ 660 assert(vrh.vring.used->idx % RINGSIZE != 0); 661 err = vringh_complete_multi_user(&vrh, used, RINGSIZE); 662 if (err) 663 errx(1, "vringh_complete_multi_user: %i", err); 664 665 /* Free those buffers. */ 666 for (i = 0; i < RINGSIZE; i++) { 667 unsigned len; 668 assert(virtqueue_get_buf(vq, &len) != NULL); 669 } 670 671 /* Test weird (but legal!) indirect. */ 672 if (__virtio_test_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC)) { 673 char *data = __user_addr_max - USER_MEM/4; 674 struct vring_desc *d = __user_addr_max - USER_MEM/2; 675 struct vring vring; 676 677 /* Force creation of direct, which we modify. */ 678 __virtio_clear_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC); 679 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, 680 false, __user_addr_min, 681 never_notify_host, 682 never_callback_guest, 683 "guest vq"); 684 685 sg_init_table(guest_sg, 4); 686 sg_set_buf(&guest_sg[0], d, sizeof(*d)*2); 687 sg_set_buf(&guest_sg[1], d + 2, sizeof(*d)*1); 688 sg_set_buf(&guest_sg[2], data + 6, 4); 689 sg_set_buf(&guest_sg[3], d + 3, sizeof(*d)*3); 690 691 err = virtqueue_add_outbuf(vq, guest_sg, 4, &err, GFP_KERNEL); 692 if (err) 693 errx(1, "virtqueue_add_outbuf (indirect): %i", err); 694 695 vring_init(&vring, RINGSIZE, __user_addr_min, ALIGN); 696 697 /* They're used in order, but double-check... */ 698 assert(vring.desc[0].addr == (unsigned long)d); 699 assert(vring.desc[1].addr == (unsigned long)(d+2)); 700 assert(vring.desc[2].addr == (unsigned long)data + 6); 701 assert(vring.desc[3].addr == (unsigned long)(d+3)); 702 vring.desc[0].flags |= VRING_DESC_F_INDIRECT; 703 vring.desc[1].flags |= VRING_DESC_F_INDIRECT; 704 vring.desc[3].flags |= VRING_DESC_F_INDIRECT; 705 706 /* First indirect */ 707 d[0].addr = (unsigned long)data; 708 d[0].len = 1; 709 d[0].flags = VRING_DESC_F_NEXT; 710 d[0].next = 1; 711 d[1].addr = (unsigned long)data + 1; 712 d[1].len = 2; 713 d[1].flags = 0; 714 715 /* Second indirect */ 716 d[2].addr = (unsigned long)data + 3; 717 d[2].len = 3; 718 d[2].flags = 0; 719 720 /* Third indirect */ 721 d[3].addr = (unsigned long)data + 10; 722 d[3].len = 5; 723 d[3].flags = VRING_DESC_F_NEXT; 724 d[3].next = 1; 725 d[4].addr = (unsigned long)data + 15; 726 d[4].len = 6; 727 d[4].flags = VRING_DESC_F_NEXT; 728 d[4].next = 2; 729 d[5].addr = (unsigned long)data + 21; 730 d[5].len = 7; 731 d[5].flags = 0; 732 733 /* Host picks it up (allocates new iov). */ 734 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 735 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 736 737 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 738 if (err != 1) 739 errx(1, "vringh_getdesc_user: %i", err); 740 741 if (head != 0) 742 errx(1, "vringh_getdesc_user: head %i not 0", head); 743 744 assert(riov.max_num & VRINGH_IOV_ALLOCATED); 745 if (getrange != getrange_slow) 746 assert(riov.used == 7); 747 else 748 assert(riov.used == 28); 749 err = vringh_iov_pull_user(&riov, buf, 29); 750 assert(err == 28); 751 752 /* Data should be linear. */ 753 for (i = 0; i < err; i++) 754 assert(buf[i] == i); 755 vringh_iov_cleanup(&riov); 756 } 757 758 /* Don't leak memory... */ 759 vring_del_virtqueue(vq); 760 free(__user_addr_min); 761 762 return 0; 763 } 764