1 /* Copyright (C) 2009 Red Hat, Inc. 2 * Author: Michael S. Tsirkin <mst@redhat.com> 3 * 4 * This work is licensed under the terms of the GNU GPL, version 2. 5 * 6 * virtio-net server in host kernel. 7 */ 8 9 #include <linux/compat.h> 10 #include <linux/eventfd.h> 11 #include <linux/vhost.h> 12 #include <linux/virtio_net.h> 13 #include <linux/miscdevice.h> 14 #include <linux/module.h> 15 #include <linux/moduleparam.h> 16 #include <linux/mutex.h> 17 #include <linux/workqueue.h> 18 #include <linux/rcupdate.h> 19 #include <linux/file.h> 20 #include <linux/slab.h> 21 22 #include <linux/net.h> 23 #include <linux/if_packet.h> 24 #include <linux/if_arp.h> 25 #include <linux/if_tun.h> 26 #include <linux/if_macvlan.h> 27 #include <linux/if_vlan.h> 28 29 #include <net/sock.h> 30 31 #include "vhost.h" 32 33 static int experimental_zcopytx = 1; 34 module_param(experimental_zcopytx, int, 0444); 35 MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;" 36 " 1 -Enable; 0 - Disable"); 37 38 /* Max number of bytes transferred before requeueing the job. 39 * Using this limit prevents one virtqueue from starving others. */ 40 #define VHOST_NET_WEIGHT 0x80000 41 42 /* MAX number of TX used buffers for outstanding zerocopy */ 43 #define VHOST_MAX_PEND 128 44 #define VHOST_GOODCOPY_LEN 256 45 46 /* 47 * For transmit, used buffer len is unused; we override it to track buffer 48 * status internally; used for zerocopy tx only. 49 */ 50 /* Lower device DMA failed */ 51 #define VHOST_DMA_FAILED_LEN 3 52 /* Lower device DMA done */ 53 #define VHOST_DMA_DONE_LEN 2 54 /* Lower device DMA in progress */ 55 #define VHOST_DMA_IN_PROGRESS 1 56 /* Buffer unused */ 57 #define VHOST_DMA_CLEAR_LEN 0 58 59 #define VHOST_DMA_IS_DONE(len) ((len) >= VHOST_DMA_DONE_LEN) 60 61 enum { 62 VHOST_NET_FEATURES = VHOST_FEATURES | 63 (1ULL << VHOST_NET_F_VIRTIO_NET_HDR) | 64 (1ULL << VIRTIO_NET_F_MRG_RXBUF), 65 }; 66 67 enum { 68 VHOST_NET_VQ_RX = 0, 69 VHOST_NET_VQ_TX = 1, 70 VHOST_NET_VQ_MAX = 2, 71 }; 72 73 struct vhost_net_ubuf_ref { 74 struct kref kref; 75 wait_queue_head_t wait; 76 struct vhost_virtqueue *vq; 77 }; 78 79 struct vhost_net_virtqueue { 80 struct vhost_virtqueue vq; 81 /* hdr is used to store the virtio header. 82 * Since each iovec has >= 1 byte length, we never need more than 83 * header length entries to store the header. */ 84 struct iovec hdr[sizeof(struct virtio_net_hdr_mrg_rxbuf)]; 85 size_t vhost_hlen; 86 size_t sock_hlen; 87 /* vhost zerocopy support fields below: */ 88 /* last used idx for outstanding DMA zerocopy buffers */ 89 int upend_idx; 90 /* first used idx for DMA done zerocopy buffers */ 91 int done_idx; 92 /* an array of userspace buffers info */ 93 struct ubuf_info *ubuf_info; 94 /* Reference counting for outstanding ubufs. 95 * Protected by vq mutex. Writers must also take device mutex. */ 96 struct vhost_net_ubuf_ref *ubufs; 97 }; 98 99 struct vhost_net { 100 struct vhost_dev dev; 101 struct vhost_net_virtqueue vqs[VHOST_NET_VQ_MAX]; 102 struct vhost_poll poll[VHOST_NET_VQ_MAX]; 103 /* Number of TX recently submitted. 104 * Protected by tx vq lock. */ 105 unsigned tx_packets; 106 /* Number of times zerocopy TX recently failed. 107 * Protected by tx vq lock. */ 108 unsigned tx_zcopy_err; 109 /* Flush in progress. Protected by tx vq lock. */ 110 bool tx_flush; 111 }; 112 113 static unsigned vhost_net_zcopy_mask __read_mostly; 114 115 static void vhost_net_enable_zcopy(int vq) 116 { 117 vhost_net_zcopy_mask |= 0x1 << vq; 118 } 119 120 static void vhost_net_zerocopy_done_signal(struct kref *kref) 121 { 122 struct vhost_net_ubuf_ref *ubufs; 123 124 ubufs = container_of(kref, struct vhost_net_ubuf_ref, kref); 125 wake_up(&ubufs->wait); 126 } 127 128 static struct vhost_net_ubuf_ref * 129 vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) 130 { 131 struct vhost_net_ubuf_ref *ubufs; 132 /* No zero copy backend? Nothing to count. */ 133 if (!zcopy) 134 return NULL; 135 ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL); 136 if (!ubufs) 137 return ERR_PTR(-ENOMEM); 138 kref_init(&ubufs->kref); 139 init_waitqueue_head(&ubufs->wait); 140 ubufs->vq = vq; 141 return ubufs; 142 } 143 144 static void vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs) 145 { 146 kref_put(&ubufs->kref, vhost_net_zerocopy_done_signal); 147 } 148 149 static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) 150 { 151 kref_put(&ubufs->kref, vhost_net_zerocopy_done_signal); 152 wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount)); 153 } 154 155 static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) 156 { 157 vhost_net_ubuf_put_and_wait(ubufs); 158 kfree(ubufs); 159 } 160 161 static void vhost_net_clear_ubuf_info(struct vhost_net *n) 162 { 163 int i; 164 165 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 166 kfree(n->vqs[i].ubuf_info); 167 n->vqs[i].ubuf_info = NULL; 168 } 169 } 170 171 static int vhost_net_set_ubuf_info(struct vhost_net *n) 172 { 173 bool zcopy; 174 int i; 175 176 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 177 zcopy = vhost_net_zcopy_mask & (0x1 << i); 178 if (!zcopy) 179 continue; 180 n->vqs[i].ubuf_info = kmalloc(sizeof(*n->vqs[i].ubuf_info) * 181 UIO_MAXIOV, GFP_KERNEL); 182 if (!n->vqs[i].ubuf_info) 183 goto err; 184 } 185 return 0; 186 187 err: 188 vhost_net_clear_ubuf_info(n); 189 return -ENOMEM; 190 } 191 192 static void vhost_net_vq_reset(struct vhost_net *n) 193 { 194 int i; 195 196 vhost_net_clear_ubuf_info(n); 197 198 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 199 n->vqs[i].done_idx = 0; 200 n->vqs[i].upend_idx = 0; 201 n->vqs[i].ubufs = NULL; 202 n->vqs[i].vhost_hlen = 0; 203 n->vqs[i].sock_hlen = 0; 204 } 205 206 } 207 208 static void vhost_net_tx_packet(struct vhost_net *net) 209 { 210 ++net->tx_packets; 211 if (net->tx_packets < 1024) 212 return; 213 net->tx_packets = 0; 214 net->tx_zcopy_err = 0; 215 } 216 217 static void vhost_net_tx_err(struct vhost_net *net) 218 { 219 ++net->tx_zcopy_err; 220 } 221 222 static bool vhost_net_tx_select_zcopy(struct vhost_net *net) 223 { 224 /* TX flush waits for outstanding DMAs to be done. 225 * Don't start new DMAs. 226 */ 227 return !net->tx_flush && 228 net->tx_packets / 64 >= net->tx_zcopy_err; 229 } 230 231 static bool vhost_sock_zcopy(struct socket *sock) 232 { 233 return unlikely(experimental_zcopytx) && 234 sock_flag(sock->sk, SOCK_ZEROCOPY); 235 } 236 237 /* Pop first len bytes from iovec. Return number of segments used. */ 238 static int move_iovec_hdr(struct iovec *from, struct iovec *to, 239 size_t len, int iov_count) 240 { 241 int seg = 0; 242 size_t size; 243 244 while (len && seg < iov_count) { 245 size = min(from->iov_len, len); 246 to->iov_base = from->iov_base; 247 to->iov_len = size; 248 from->iov_len -= size; 249 from->iov_base += size; 250 len -= size; 251 ++from; 252 ++to; 253 ++seg; 254 } 255 return seg; 256 } 257 /* Copy iovec entries for len bytes from iovec. */ 258 static void copy_iovec_hdr(const struct iovec *from, struct iovec *to, 259 size_t len, int iovcount) 260 { 261 int seg = 0; 262 size_t size; 263 264 while (len && seg < iovcount) { 265 size = min(from->iov_len, len); 266 to->iov_base = from->iov_base; 267 to->iov_len = size; 268 len -= size; 269 ++from; 270 ++to; 271 ++seg; 272 } 273 } 274 275 /* In case of DMA done not in order in lower device driver for some reason. 276 * upend_idx is used to track end of used idx, done_idx is used to track head 277 * of used idx. Once lower device DMA done contiguously, we will signal KVM 278 * guest used idx. 279 */ 280 static int vhost_zerocopy_signal_used(struct vhost_net *net, 281 struct vhost_virtqueue *vq) 282 { 283 struct vhost_net_virtqueue *nvq = 284 container_of(vq, struct vhost_net_virtqueue, vq); 285 int i; 286 int j = 0; 287 288 for (i = nvq->done_idx; i != nvq->upend_idx; i = (i + 1) % UIO_MAXIOV) { 289 if (vq->heads[i].len == VHOST_DMA_FAILED_LEN) 290 vhost_net_tx_err(net); 291 if (VHOST_DMA_IS_DONE(vq->heads[i].len)) { 292 vq->heads[i].len = VHOST_DMA_CLEAR_LEN; 293 vhost_add_used_and_signal(vq->dev, vq, 294 vq->heads[i].id, 0); 295 ++j; 296 } else 297 break; 298 } 299 if (j) 300 nvq->done_idx = i; 301 return j; 302 } 303 304 static void vhost_zerocopy_callback(struct ubuf_info *ubuf, bool success) 305 { 306 struct vhost_net_ubuf_ref *ubufs = ubuf->ctx; 307 struct vhost_virtqueue *vq = ubufs->vq; 308 int cnt = atomic_read(&ubufs->kref.refcount); 309 310 /* 311 * Trigger polling thread if guest stopped submitting new buffers: 312 * in this case, the refcount after decrement will eventually reach 1 313 * so here it is 2. 314 * We also trigger polling periodically after each 16 packets 315 * (the value 16 here is more or less arbitrary, it's tuned to trigger 316 * less than 10% of times). 317 */ 318 if (cnt <= 2 || !(cnt % 16)) 319 vhost_poll_queue(&vq->poll); 320 /* set len to mark this desc buffers done DMA */ 321 vq->heads[ubuf->desc].len = success ? 322 VHOST_DMA_DONE_LEN : VHOST_DMA_FAILED_LEN; 323 vhost_net_ubuf_put(ubufs); 324 } 325 326 /* Expects to be always run from workqueue - which acts as 327 * read-size critical section for our kind of RCU. */ 328 static void handle_tx(struct vhost_net *net) 329 { 330 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX]; 331 struct vhost_virtqueue *vq = &nvq->vq; 332 unsigned out, in, s; 333 int head; 334 struct msghdr msg = { 335 .msg_name = NULL, 336 .msg_namelen = 0, 337 .msg_control = NULL, 338 .msg_controllen = 0, 339 .msg_iov = vq->iov, 340 .msg_flags = MSG_DONTWAIT, 341 }; 342 size_t len, total_len = 0; 343 int err; 344 size_t hdr_size; 345 struct socket *sock; 346 struct vhost_net_ubuf_ref *uninitialized_var(ubufs); 347 bool zcopy, zcopy_used; 348 349 /* TODO: check that we are running from vhost_worker? */ 350 sock = rcu_dereference_check(vq->private_data, 1); 351 if (!sock) 352 return; 353 354 mutex_lock(&vq->mutex); 355 vhost_disable_notify(&net->dev, vq); 356 357 hdr_size = nvq->vhost_hlen; 358 zcopy = nvq->ubufs; 359 360 for (;;) { 361 /* Release DMAs done buffers first */ 362 if (zcopy) 363 vhost_zerocopy_signal_used(net, vq); 364 365 head = vhost_get_vq_desc(&net->dev, vq, vq->iov, 366 ARRAY_SIZE(vq->iov), 367 &out, &in, 368 NULL, NULL); 369 /* On error, stop handling until the next kick. */ 370 if (unlikely(head < 0)) 371 break; 372 /* Nothing new? Wait for eventfd to tell us they refilled. */ 373 if (head == vq->num) { 374 int num_pends; 375 376 /* If more outstanding DMAs, queue the work. 377 * Handle upend_idx wrap around 378 */ 379 num_pends = likely(nvq->upend_idx >= nvq->done_idx) ? 380 (nvq->upend_idx - nvq->done_idx) : 381 (nvq->upend_idx + UIO_MAXIOV - 382 nvq->done_idx); 383 if (unlikely(num_pends > VHOST_MAX_PEND)) 384 break; 385 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 386 vhost_disable_notify(&net->dev, vq); 387 continue; 388 } 389 break; 390 } 391 if (in) { 392 vq_err(vq, "Unexpected descriptor format for TX: " 393 "out %d, int %d\n", out, in); 394 break; 395 } 396 /* Skip header. TODO: support TSO. */ 397 s = move_iovec_hdr(vq->iov, nvq->hdr, hdr_size, out); 398 msg.msg_iovlen = out; 399 len = iov_length(vq->iov, out); 400 /* Sanity check */ 401 if (!len) { 402 vq_err(vq, "Unexpected header len for TX: " 403 "%zd expected %zd\n", 404 iov_length(nvq->hdr, s), hdr_size); 405 break; 406 } 407 zcopy_used = zcopy && (len >= VHOST_GOODCOPY_LEN || 408 nvq->upend_idx != nvq->done_idx); 409 410 /* use msg_control to pass vhost zerocopy ubuf info to skb */ 411 if (zcopy_used) { 412 vq->heads[nvq->upend_idx].id = head; 413 if (!vhost_net_tx_select_zcopy(net) || 414 len < VHOST_GOODCOPY_LEN) { 415 /* copy don't need to wait for DMA done */ 416 vq->heads[nvq->upend_idx].len = 417 VHOST_DMA_DONE_LEN; 418 msg.msg_control = NULL; 419 msg.msg_controllen = 0; 420 ubufs = NULL; 421 } else { 422 struct ubuf_info *ubuf; 423 ubuf = nvq->ubuf_info + nvq->upend_idx; 424 425 vq->heads[nvq->upend_idx].len = 426 VHOST_DMA_IN_PROGRESS; 427 ubuf->callback = vhost_zerocopy_callback; 428 ubuf->ctx = nvq->ubufs; 429 ubuf->desc = nvq->upend_idx; 430 msg.msg_control = ubuf; 431 msg.msg_controllen = sizeof(ubuf); 432 ubufs = nvq->ubufs; 433 kref_get(&ubufs->kref); 434 } 435 nvq->upend_idx = (nvq->upend_idx + 1) % UIO_MAXIOV; 436 } else 437 msg.msg_control = NULL; 438 /* TODO: Check specific error and bomb out unless ENOBUFS? */ 439 err = sock->ops->sendmsg(NULL, sock, &msg, len); 440 if (unlikely(err < 0)) { 441 if (zcopy_used) { 442 if (ubufs) 443 vhost_net_ubuf_put(ubufs); 444 nvq->upend_idx = ((unsigned)nvq->upend_idx - 1) 445 % UIO_MAXIOV; 446 } 447 vhost_discard_vq_desc(vq, 1); 448 break; 449 } 450 if (err != len) 451 pr_debug("Truncated TX packet: " 452 " len %d != %zd\n", err, len); 453 if (!zcopy_used) 454 vhost_add_used_and_signal(&net->dev, vq, head, 0); 455 else 456 vhost_zerocopy_signal_used(net, vq); 457 total_len += len; 458 vhost_net_tx_packet(net); 459 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 460 vhost_poll_queue(&vq->poll); 461 break; 462 } 463 } 464 465 mutex_unlock(&vq->mutex); 466 } 467 468 static int peek_head_len(struct sock *sk) 469 { 470 struct sk_buff *head; 471 int len = 0; 472 unsigned long flags; 473 474 spin_lock_irqsave(&sk->sk_receive_queue.lock, flags); 475 head = skb_peek(&sk->sk_receive_queue); 476 if (likely(head)) { 477 len = head->len; 478 if (vlan_tx_tag_present(head)) 479 len += VLAN_HLEN; 480 } 481 482 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, flags); 483 return len; 484 } 485 486 /* This is a multi-buffer version of vhost_get_desc, that works if 487 * vq has read descriptors only. 488 * @vq - the relevant virtqueue 489 * @datalen - data length we'll be reading 490 * @iovcount - returned count of io vectors we fill 491 * @log - vhost log 492 * @log_num - log offset 493 * @quota - headcount quota, 1 for big buffer 494 * returns number of buffer heads allocated, negative on error 495 */ 496 static int get_rx_bufs(struct vhost_virtqueue *vq, 497 struct vring_used_elem *heads, 498 int datalen, 499 unsigned *iovcount, 500 struct vhost_log *log, 501 unsigned *log_num, 502 unsigned int quota) 503 { 504 unsigned int out, in; 505 int seg = 0; 506 int headcount = 0; 507 unsigned d; 508 int r, nlogs = 0; 509 510 while (datalen > 0 && headcount < quota) { 511 if (unlikely(seg >= UIO_MAXIOV)) { 512 r = -ENOBUFS; 513 goto err; 514 } 515 d = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg, 516 ARRAY_SIZE(vq->iov) - seg, &out, 517 &in, log, log_num); 518 if (d == vq->num) { 519 r = 0; 520 goto err; 521 } 522 if (unlikely(out || in <= 0)) { 523 vq_err(vq, "unexpected descriptor format for RX: " 524 "out %d, in %d\n", out, in); 525 r = -EINVAL; 526 goto err; 527 } 528 if (unlikely(log)) { 529 nlogs += *log_num; 530 log += *log_num; 531 } 532 heads[headcount].id = d; 533 heads[headcount].len = iov_length(vq->iov + seg, in); 534 datalen -= heads[headcount].len; 535 ++headcount; 536 seg += in; 537 } 538 heads[headcount - 1].len += datalen; 539 *iovcount = seg; 540 if (unlikely(log)) 541 *log_num = nlogs; 542 return headcount; 543 err: 544 vhost_discard_vq_desc(vq, headcount); 545 return r; 546 } 547 548 /* Expects to be always run from workqueue - which acts as 549 * read-size critical section for our kind of RCU. */ 550 static void handle_rx(struct vhost_net *net) 551 { 552 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX]; 553 struct vhost_virtqueue *vq = &nvq->vq; 554 unsigned uninitialized_var(in), log; 555 struct vhost_log *vq_log; 556 struct msghdr msg = { 557 .msg_name = NULL, 558 .msg_namelen = 0, 559 .msg_control = NULL, /* FIXME: get and handle RX aux data. */ 560 .msg_controllen = 0, 561 .msg_iov = vq->iov, 562 .msg_flags = MSG_DONTWAIT, 563 }; 564 struct virtio_net_hdr_mrg_rxbuf hdr = { 565 .hdr.flags = 0, 566 .hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE 567 }; 568 size_t total_len = 0; 569 int err, mergeable; 570 s16 headcount; 571 size_t vhost_hlen, sock_hlen; 572 size_t vhost_len, sock_len; 573 /* TODO: check that we are running from vhost_worker? */ 574 struct socket *sock = rcu_dereference_check(vq->private_data, 1); 575 576 if (!sock) 577 return; 578 579 mutex_lock(&vq->mutex); 580 vhost_disable_notify(&net->dev, vq); 581 vhost_hlen = nvq->vhost_hlen; 582 sock_hlen = nvq->sock_hlen; 583 584 vq_log = unlikely(vhost_has_feature(&net->dev, VHOST_F_LOG_ALL)) ? 585 vq->log : NULL; 586 mergeable = vhost_has_feature(&net->dev, VIRTIO_NET_F_MRG_RXBUF); 587 588 while ((sock_len = peek_head_len(sock->sk))) { 589 sock_len += sock_hlen; 590 vhost_len = sock_len + vhost_hlen; 591 headcount = get_rx_bufs(vq, vq->heads, vhost_len, 592 &in, vq_log, &log, 593 likely(mergeable) ? UIO_MAXIOV : 1); 594 /* On error, stop handling until the next kick. */ 595 if (unlikely(headcount < 0)) 596 break; 597 /* OK, now we need to know about added descriptors. */ 598 if (!headcount) { 599 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 600 /* They have slipped one in as we were 601 * doing that: check again. */ 602 vhost_disable_notify(&net->dev, vq); 603 continue; 604 } 605 /* Nothing new? Wait for eventfd to tell us 606 * they refilled. */ 607 break; 608 } 609 /* We don't need to be notified again. */ 610 if (unlikely((vhost_hlen))) 611 /* Skip header. TODO: support TSO. */ 612 move_iovec_hdr(vq->iov, nvq->hdr, vhost_hlen, in); 613 else 614 /* Copy the header for use in VIRTIO_NET_F_MRG_RXBUF: 615 * needed because recvmsg can modify msg_iov. */ 616 copy_iovec_hdr(vq->iov, nvq->hdr, sock_hlen, in); 617 msg.msg_iovlen = in; 618 err = sock->ops->recvmsg(NULL, sock, &msg, 619 sock_len, MSG_DONTWAIT | MSG_TRUNC); 620 /* Userspace might have consumed the packet meanwhile: 621 * it's not supposed to do this usually, but might be hard 622 * to prevent. Discard data we got (if any) and keep going. */ 623 if (unlikely(err != sock_len)) { 624 pr_debug("Discarded rx packet: " 625 " len %d, expected %zd\n", err, sock_len); 626 vhost_discard_vq_desc(vq, headcount); 627 continue; 628 } 629 if (unlikely(vhost_hlen) && 630 memcpy_toiovecend(nvq->hdr, (unsigned char *)&hdr, 0, 631 vhost_hlen)) { 632 vq_err(vq, "Unable to write vnet_hdr at addr %p\n", 633 vq->iov->iov_base); 634 break; 635 } 636 /* TODO: Should check and handle checksum. */ 637 if (likely(mergeable) && 638 memcpy_toiovecend(nvq->hdr, (unsigned char *)&headcount, 639 offsetof(typeof(hdr), num_buffers), 640 sizeof hdr.num_buffers)) { 641 vq_err(vq, "Failed num_buffers write"); 642 vhost_discard_vq_desc(vq, headcount); 643 break; 644 } 645 vhost_add_used_and_signal_n(&net->dev, vq, vq->heads, 646 headcount); 647 if (unlikely(vq_log)) 648 vhost_log_write(vq, vq_log, log, vhost_len); 649 total_len += vhost_len; 650 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 651 vhost_poll_queue(&vq->poll); 652 break; 653 } 654 } 655 656 mutex_unlock(&vq->mutex); 657 } 658 659 static void handle_tx_kick(struct vhost_work *work) 660 { 661 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 662 poll.work); 663 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 664 665 handle_tx(net); 666 } 667 668 static void handle_rx_kick(struct vhost_work *work) 669 { 670 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 671 poll.work); 672 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 673 674 handle_rx(net); 675 } 676 677 static void handle_tx_net(struct vhost_work *work) 678 { 679 struct vhost_net *net = container_of(work, struct vhost_net, 680 poll[VHOST_NET_VQ_TX].work); 681 handle_tx(net); 682 } 683 684 static void handle_rx_net(struct vhost_work *work) 685 { 686 struct vhost_net *net = container_of(work, struct vhost_net, 687 poll[VHOST_NET_VQ_RX].work); 688 handle_rx(net); 689 } 690 691 static int vhost_net_open(struct inode *inode, struct file *f) 692 { 693 struct vhost_net *n = kmalloc(sizeof *n, GFP_KERNEL); 694 struct vhost_dev *dev; 695 struct vhost_virtqueue **vqs; 696 int r, i; 697 698 if (!n) 699 return -ENOMEM; 700 vqs = kmalloc(VHOST_NET_VQ_MAX * sizeof(*vqs), GFP_KERNEL); 701 if (!vqs) { 702 kfree(n); 703 return -ENOMEM; 704 } 705 706 dev = &n->dev; 707 vqs[VHOST_NET_VQ_TX] = &n->vqs[VHOST_NET_VQ_TX].vq; 708 vqs[VHOST_NET_VQ_RX] = &n->vqs[VHOST_NET_VQ_RX].vq; 709 n->vqs[VHOST_NET_VQ_TX].vq.handle_kick = handle_tx_kick; 710 n->vqs[VHOST_NET_VQ_RX].vq.handle_kick = handle_rx_kick; 711 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 712 n->vqs[i].ubufs = NULL; 713 n->vqs[i].ubuf_info = NULL; 714 n->vqs[i].upend_idx = 0; 715 n->vqs[i].done_idx = 0; 716 n->vqs[i].vhost_hlen = 0; 717 n->vqs[i].sock_hlen = 0; 718 } 719 r = vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX); 720 if (r < 0) { 721 kfree(n); 722 kfree(vqs); 723 return r; 724 } 725 726 vhost_poll_init(n->poll + VHOST_NET_VQ_TX, handle_tx_net, POLLOUT, dev); 727 vhost_poll_init(n->poll + VHOST_NET_VQ_RX, handle_rx_net, POLLIN, dev); 728 729 f->private_data = n; 730 731 return 0; 732 } 733 734 static void vhost_net_disable_vq(struct vhost_net *n, 735 struct vhost_virtqueue *vq) 736 { 737 struct vhost_net_virtqueue *nvq = 738 container_of(vq, struct vhost_net_virtqueue, vq); 739 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 740 if (!vq->private_data) 741 return; 742 vhost_poll_stop(poll); 743 } 744 745 static int vhost_net_enable_vq(struct vhost_net *n, 746 struct vhost_virtqueue *vq) 747 { 748 struct vhost_net_virtqueue *nvq = 749 container_of(vq, struct vhost_net_virtqueue, vq); 750 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 751 struct socket *sock; 752 753 sock = rcu_dereference_protected(vq->private_data, 754 lockdep_is_held(&vq->mutex)); 755 if (!sock) 756 return 0; 757 758 return vhost_poll_start(poll, sock->file); 759 } 760 761 static struct socket *vhost_net_stop_vq(struct vhost_net *n, 762 struct vhost_virtqueue *vq) 763 { 764 struct socket *sock; 765 766 mutex_lock(&vq->mutex); 767 sock = rcu_dereference_protected(vq->private_data, 768 lockdep_is_held(&vq->mutex)); 769 vhost_net_disable_vq(n, vq); 770 rcu_assign_pointer(vq->private_data, NULL); 771 mutex_unlock(&vq->mutex); 772 return sock; 773 } 774 775 static void vhost_net_stop(struct vhost_net *n, struct socket **tx_sock, 776 struct socket **rx_sock) 777 { 778 *tx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_TX].vq); 779 *rx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_RX].vq); 780 } 781 782 static void vhost_net_flush_vq(struct vhost_net *n, int index) 783 { 784 vhost_poll_flush(n->poll + index); 785 vhost_poll_flush(&n->vqs[index].vq.poll); 786 } 787 788 static void vhost_net_flush(struct vhost_net *n) 789 { 790 vhost_net_flush_vq(n, VHOST_NET_VQ_TX); 791 vhost_net_flush_vq(n, VHOST_NET_VQ_RX); 792 if (n->vqs[VHOST_NET_VQ_TX].ubufs) { 793 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 794 n->tx_flush = true; 795 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 796 /* Wait for all lower device DMAs done. */ 797 vhost_net_ubuf_put_and_wait(n->vqs[VHOST_NET_VQ_TX].ubufs); 798 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 799 n->tx_flush = false; 800 kref_init(&n->vqs[VHOST_NET_VQ_TX].ubufs->kref); 801 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 802 } 803 } 804 805 static int vhost_net_release(struct inode *inode, struct file *f) 806 { 807 struct vhost_net *n = f->private_data; 808 struct socket *tx_sock; 809 struct socket *rx_sock; 810 811 vhost_net_stop(n, &tx_sock, &rx_sock); 812 vhost_net_flush(n); 813 vhost_dev_stop(&n->dev); 814 vhost_dev_cleanup(&n->dev, false); 815 vhost_net_vq_reset(n); 816 if (tx_sock) 817 fput(tx_sock->file); 818 if (rx_sock) 819 fput(rx_sock->file); 820 /* We do an extra flush before freeing memory, 821 * since jobs can re-queue themselves. */ 822 vhost_net_flush(n); 823 kfree(n->dev.vqs); 824 kfree(n); 825 return 0; 826 } 827 828 static struct socket *get_raw_socket(int fd) 829 { 830 struct { 831 struct sockaddr_ll sa; 832 char buf[MAX_ADDR_LEN]; 833 } uaddr; 834 int uaddr_len = sizeof uaddr, r; 835 struct socket *sock = sockfd_lookup(fd, &r); 836 837 if (!sock) 838 return ERR_PTR(-ENOTSOCK); 839 840 /* Parameter checking */ 841 if (sock->sk->sk_type != SOCK_RAW) { 842 r = -ESOCKTNOSUPPORT; 843 goto err; 844 } 845 846 r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, 847 &uaddr_len, 0); 848 if (r) 849 goto err; 850 851 if (uaddr.sa.sll_family != AF_PACKET) { 852 r = -EPFNOSUPPORT; 853 goto err; 854 } 855 return sock; 856 err: 857 fput(sock->file); 858 return ERR_PTR(r); 859 } 860 861 static struct socket *get_tap_socket(int fd) 862 { 863 struct file *file = fget(fd); 864 struct socket *sock; 865 866 if (!file) 867 return ERR_PTR(-EBADF); 868 sock = tun_get_socket(file); 869 if (!IS_ERR(sock)) 870 return sock; 871 sock = macvtap_get_socket(file); 872 if (IS_ERR(sock)) 873 fput(file); 874 return sock; 875 } 876 877 static struct socket *get_socket(int fd) 878 { 879 struct socket *sock; 880 881 /* special case to disable backend */ 882 if (fd == -1) 883 return NULL; 884 sock = get_raw_socket(fd); 885 if (!IS_ERR(sock)) 886 return sock; 887 sock = get_tap_socket(fd); 888 if (!IS_ERR(sock)) 889 return sock; 890 return ERR_PTR(-ENOTSOCK); 891 } 892 893 static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) 894 { 895 struct socket *sock, *oldsock; 896 struct vhost_virtqueue *vq; 897 struct vhost_net_virtqueue *nvq; 898 struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL; 899 int r; 900 901 mutex_lock(&n->dev.mutex); 902 r = vhost_dev_check_owner(&n->dev); 903 if (r) 904 goto err; 905 906 if (index >= VHOST_NET_VQ_MAX) { 907 r = -ENOBUFS; 908 goto err; 909 } 910 vq = &n->vqs[index].vq; 911 nvq = &n->vqs[index]; 912 mutex_lock(&vq->mutex); 913 914 /* Verify that ring has been setup correctly. */ 915 if (!vhost_vq_access_ok(vq)) { 916 r = -EFAULT; 917 goto err_vq; 918 } 919 sock = get_socket(fd); 920 if (IS_ERR(sock)) { 921 r = PTR_ERR(sock); 922 goto err_vq; 923 } 924 925 /* start polling new socket */ 926 oldsock = rcu_dereference_protected(vq->private_data, 927 lockdep_is_held(&vq->mutex)); 928 if (sock != oldsock) { 929 ubufs = vhost_net_ubuf_alloc(vq, 930 sock && vhost_sock_zcopy(sock)); 931 if (IS_ERR(ubufs)) { 932 r = PTR_ERR(ubufs); 933 goto err_ubufs; 934 } 935 936 vhost_net_disable_vq(n, vq); 937 rcu_assign_pointer(vq->private_data, sock); 938 r = vhost_init_used(vq); 939 if (r) 940 goto err_used; 941 r = vhost_net_enable_vq(n, vq); 942 if (r) 943 goto err_used; 944 945 oldubufs = nvq->ubufs; 946 nvq->ubufs = ubufs; 947 948 n->tx_packets = 0; 949 n->tx_zcopy_err = 0; 950 n->tx_flush = false; 951 } 952 953 mutex_unlock(&vq->mutex); 954 955 if (oldubufs) { 956 vhost_net_ubuf_put_wait_and_free(oldubufs); 957 mutex_lock(&vq->mutex); 958 vhost_zerocopy_signal_used(n, vq); 959 mutex_unlock(&vq->mutex); 960 } 961 962 if (oldsock) { 963 vhost_net_flush_vq(n, index); 964 fput(oldsock->file); 965 } 966 967 mutex_unlock(&n->dev.mutex); 968 return 0; 969 970 err_used: 971 rcu_assign_pointer(vq->private_data, oldsock); 972 vhost_net_enable_vq(n, vq); 973 if (ubufs) 974 vhost_net_ubuf_put_wait_and_free(ubufs); 975 err_ubufs: 976 fput(sock->file); 977 err_vq: 978 mutex_unlock(&vq->mutex); 979 err: 980 mutex_unlock(&n->dev.mutex); 981 return r; 982 } 983 984 static long vhost_net_reset_owner(struct vhost_net *n) 985 { 986 struct socket *tx_sock = NULL; 987 struct socket *rx_sock = NULL; 988 long err; 989 struct vhost_memory *memory; 990 991 mutex_lock(&n->dev.mutex); 992 err = vhost_dev_check_owner(&n->dev); 993 if (err) 994 goto done; 995 memory = vhost_dev_reset_owner_prepare(); 996 if (!memory) { 997 err = -ENOMEM; 998 goto done; 999 } 1000 vhost_net_stop(n, &tx_sock, &rx_sock); 1001 vhost_net_flush(n); 1002 vhost_dev_reset_owner(&n->dev, memory); 1003 vhost_net_vq_reset(n); 1004 done: 1005 mutex_unlock(&n->dev.mutex); 1006 if (tx_sock) 1007 fput(tx_sock->file); 1008 if (rx_sock) 1009 fput(rx_sock->file); 1010 return err; 1011 } 1012 1013 static int vhost_net_set_features(struct vhost_net *n, u64 features) 1014 { 1015 size_t vhost_hlen, sock_hlen, hdr_len; 1016 int i; 1017 1018 hdr_len = (features & (1 << VIRTIO_NET_F_MRG_RXBUF)) ? 1019 sizeof(struct virtio_net_hdr_mrg_rxbuf) : 1020 sizeof(struct virtio_net_hdr); 1021 if (features & (1 << VHOST_NET_F_VIRTIO_NET_HDR)) { 1022 /* vhost provides vnet_hdr */ 1023 vhost_hlen = hdr_len; 1024 sock_hlen = 0; 1025 } else { 1026 /* socket provides vnet_hdr */ 1027 vhost_hlen = 0; 1028 sock_hlen = hdr_len; 1029 } 1030 mutex_lock(&n->dev.mutex); 1031 if ((features & (1 << VHOST_F_LOG_ALL)) && 1032 !vhost_log_access_ok(&n->dev)) { 1033 mutex_unlock(&n->dev.mutex); 1034 return -EFAULT; 1035 } 1036 n->dev.acked_features = features; 1037 smp_wmb(); 1038 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 1039 mutex_lock(&n->vqs[i].vq.mutex); 1040 n->vqs[i].vhost_hlen = vhost_hlen; 1041 n->vqs[i].sock_hlen = sock_hlen; 1042 mutex_unlock(&n->vqs[i].vq.mutex); 1043 } 1044 vhost_net_flush(n); 1045 mutex_unlock(&n->dev.mutex); 1046 return 0; 1047 } 1048 1049 static long vhost_net_set_owner(struct vhost_net *n) 1050 { 1051 int r; 1052 1053 mutex_lock(&n->dev.mutex); 1054 if (vhost_dev_has_owner(&n->dev)) { 1055 r = -EBUSY; 1056 goto out; 1057 } 1058 r = vhost_net_set_ubuf_info(n); 1059 if (r) 1060 goto out; 1061 r = vhost_dev_set_owner(&n->dev); 1062 if (r) 1063 vhost_net_clear_ubuf_info(n); 1064 vhost_net_flush(n); 1065 out: 1066 mutex_unlock(&n->dev.mutex); 1067 return r; 1068 } 1069 1070 static long vhost_net_ioctl(struct file *f, unsigned int ioctl, 1071 unsigned long arg) 1072 { 1073 struct vhost_net *n = f->private_data; 1074 void __user *argp = (void __user *)arg; 1075 u64 __user *featurep = argp; 1076 struct vhost_vring_file backend; 1077 u64 features; 1078 int r; 1079 1080 switch (ioctl) { 1081 case VHOST_NET_SET_BACKEND: 1082 if (copy_from_user(&backend, argp, sizeof backend)) 1083 return -EFAULT; 1084 return vhost_net_set_backend(n, backend.index, backend.fd); 1085 case VHOST_GET_FEATURES: 1086 features = VHOST_NET_FEATURES; 1087 if (copy_to_user(featurep, &features, sizeof features)) 1088 return -EFAULT; 1089 return 0; 1090 case VHOST_SET_FEATURES: 1091 if (copy_from_user(&features, featurep, sizeof features)) 1092 return -EFAULT; 1093 if (features & ~VHOST_NET_FEATURES) 1094 return -EOPNOTSUPP; 1095 return vhost_net_set_features(n, features); 1096 case VHOST_RESET_OWNER: 1097 return vhost_net_reset_owner(n); 1098 case VHOST_SET_OWNER: 1099 return vhost_net_set_owner(n); 1100 default: 1101 mutex_lock(&n->dev.mutex); 1102 r = vhost_dev_ioctl(&n->dev, ioctl, argp); 1103 if (r == -ENOIOCTLCMD) 1104 r = vhost_vring_ioctl(&n->dev, ioctl, argp); 1105 else 1106 vhost_net_flush(n); 1107 mutex_unlock(&n->dev.mutex); 1108 return r; 1109 } 1110 } 1111 1112 #ifdef CONFIG_COMPAT 1113 static long vhost_net_compat_ioctl(struct file *f, unsigned int ioctl, 1114 unsigned long arg) 1115 { 1116 return vhost_net_ioctl(f, ioctl, (unsigned long)compat_ptr(arg)); 1117 } 1118 #endif 1119 1120 static const struct file_operations vhost_net_fops = { 1121 .owner = THIS_MODULE, 1122 .release = vhost_net_release, 1123 .unlocked_ioctl = vhost_net_ioctl, 1124 #ifdef CONFIG_COMPAT 1125 .compat_ioctl = vhost_net_compat_ioctl, 1126 #endif 1127 .open = vhost_net_open, 1128 .llseek = noop_llseek, 1129 }; 1130 1131 static struct miscdevice vhost_net_misc = { 1132 .minor = VHOST_NET_MINOR, 1133 .name = "vhost-net", 1134 .fops = &vhost_net_fops, 1135 }; 1136 1137 static int vhost_net_init(void) 1138 { 1139 if (experimental_zcopytx) 1140 vhost_net_enable_zcopy(VHOST_NET_VQ_TX); 1141 return misc_register(&vhost_net_misc); 1142 } 1143 module_init(vhost_net_init); 1144 1145 static void vhost_net_exit(void) 1146 { 1147 misc_deregister(&vhost_net_misc); 1148 } 1149 module_exit(vhost_net_exit); 1150 1151 MODULE_VERSION("0.0.1"); 1152 MODULE_LICENSE("GPL v2"); 1153 MODULE_AUTHOR("Michael S. Tsirkin"); 1154 MODULE_DESCRIPTION("Host kernel accelerator for virtio net"); 1155 MODULE_ALIAS_MISCDEV(VHOST_NET_MINOR); 1156 MODULE_ALIAS("devname:vhost-net"); 1157