1 /* Copyright (C) 2009 Red Hat, Inc. 2 * Author: Michael S. Tsirkin <mst@redhat.com> 3 * 4 * This work is licensed under the terms of the GNU GPL, version 2. 5 * 6 * virtio-net server in host kernel. 7 */ 8 9 #include <linux/compat.h> 10 #include <linux/eventfd.h> 11 #include <linux/vhost.h> 12 #include <linux/virtio_net.h> 13 #include <linux/miscdevice.h> 14 #include <linux/module.h> 15 #include <linux/moduleparam.h> 16 #include <linux/mutex.h> 17 #include <linux/workqueue.h> 18 #include <linux/file.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 22 #include <linux/net.h> 23 #include <linux/if_packet.h> 24 #include <linux/if_arp.h> 25 #include <linux/if_tun.h> 26 #include <linux/if_macvlan.h> 27 #include <linux/if_vlan.h> 28 29 #include <net/sock.h> 30 31 #include "vhost.h" 32 33 static int experimental_zcopytx = 1; 34 module_param(experimental_zcopytx, int, 0444); 35 MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;" 36 " 1 -Enable; 0 - Disable"); 37 38 /* Max number of bytes transferred before requeueing the job. 39 * Using this limit prevents one virtqueue from starving others. */ 40 #define VHOST_NET_WEIGHT 0x80000 41 42 /* MAX number of TX used buffers for outstanding zerocopy */ 43 #define VHOST_MAX_PEND 128 44 #define VHOST_GOODCOPY_LEN 256 45 46 /* 47 * For transmit, used buffer len is unused; we override it to track buffer 48 * status internally; used for zerocopy tx only. 49 */ 50 /* Lower device DMA failed */ 51 #define VHOST_DMA_FAILED_LEN ((__force __virtio32)3) 52 /* Lower device DMA done */ 53 #define VHOST_DMA_DONE_LEN ((__force __virtio32)2) 54 /* Lower device DMA in progress */ 55 #define VHOST_DMA_IN_PROGRESS ((__force __virtio32)1) 56 /* Buffer unused */ 57 #define VHOST_DMA_CLEAR_LEN ((__force __virtio32)0) 58 59 #define VHOST_DMA_IS_DONE(len) ((__force u32)(len) >= (__force u32)VHOST_DMA_DONE_LEN) 60 61 enum { 62 VHOST_NET_FEATURES = VHOST_FEATURES | 63 (1ULL << VHOST_NET_F_VIRTIO_NET_HDR) | 64 (1ULL << VIRTIO_NET_F_MRG_RXBUF) 65 }; 66 67 enum { 68 VHOST_NET_VQ_RX = 0, 69 VHOST_NET_VQ_TX = 1, 70 VHOST_NET_VQ_MAX = 2, 71 }; 72 73 struct vhost_net_ubuf_ref { 74 /* refcount follows semantics similar to kref: 75 * 0: object is released 76 * 1: no outstanding ubufs 77 * >1: outstanding ubufs 78 */ 79 atomic_t refcount; 80 wait_queue_head_t wait; 81 struct vhost_virtqueue *vq; 82 }; 83 84 struct vhost_net_virtqueue { 85 struct vhost_virtqueue vq; 86 size_t vhost_hlen; 87 size_t sock_hlen; 88 /* vhost zerocopy support fields below: */ 89 /* last used idx for outstanding DMA zerocopy buffers */ 90 int upend_idx; 91 /* first used idx for DMA done zerocopy buffers */ 92 int done_idx; 93 /* an array of userspace buffers info */ 94 struct ubuf_info *ubuf_info; 95 /* Reference counting for outstanding ubufs. 96 * Protected by vq mutex. Writers must also take device mutex. */ 97 struct vhost_net_ubuf_ref *ubufs; 98 }; 99 100 struct vhost_net { 101 struct vhost_dev dev; 102 struct vhost_net_virtqueue vqs[VHOST_NET_VQ_MAX]; 103 struct vhost_poll poll[VHOST_NET_VQ_MAX]; 104 /* Number of TX recently submitted. 105 * Protected by tx vq lock. */ 106 unsigned tx_packets; 107 /* Number of times zerocopy TX recently failed. 108 * Protected by tx vq lock. */ 109 unsigned tx_zcopy_err; 110 /* Flush in progress. Protected by tx vq lock. */ 111 bool tx_flush; 112 }; 113 114 static unsigned vhost_net_zcopy_mask __read_mostly; 115 116 static void vhost_net_enable_zcopy(int vq) 117 { 118 vhost_net_zcopy_mask |= 0x1 << vq; 119 } 120 121 static struct vhost_net_ubuf_ref * 122 vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) 123 { 124 struct vhost_net_ubuf_ref *ubufs; 125 /* No zero copy backend? Nothing to count. */ 126 if (!zcopy) 127 return NULL; 128 ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL); 129 if (!ubufs) 130 return ERR_PTR(-ENOMEM); 131 atomic_set(&ubufs->refcount, 1); 132 init_waitqueue_head(&ubufs->wait); 133 ubufs->vq = vq; 134 return ubufs; 135 } 136 137 static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs) 138 { 139 int r = atomic_sub_return(1, &ubufs->refcount); 140 if (unlikely(!r)) 141 wake_up(&ubufs->wait); 142 return r; 143 } 144 145 static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) 146 { 147 vhost_net_ubuf_put(ubufs); 148 wait_event(ubufs->wait, !atomic_read(&ubufs->refcount)); 149 } 150 151 static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) 152 { 153 vhost_net_ubuf_put_and_wait(ubufs); 154 kfree(ubufs); 155 } 156 157 static void vhost_net_clear_ubuf_info(struct vhost_net *n) 158 { 159 int i; 160 161 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 162 kfree(n->vqs[i].ubuf_info); 163 n->vqs[i].ubuf_info = NULL; 164 } 165 } 166 167 static int vhost_net_set_ubuf_info(struct vhost_net *n) 168 { 169 bool zcopy; 170 int i; 171 172 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 173 zcopy = vhost_net_zcopy_mask & (0x1 << i); 174 if (!zcopy) 175 continue; 176 n->vqs[i].ubuf_info = kmalloc(sizeof(*n->vqs[i].ubuf_info) * 177 UIO_MAXIOV, GFP_KERNEL); 178 if (!n->vqs[i].ubuf_info) 179 goto err; 180 } 181 return 0; 182 183 err: 184 vhost_net_clear_ubuf_info(n); 185 return -ENOMEM; 186 } 187 188 static void vhost_net_vq_reset(struct vhost_net *n) 189 { 190 int i; 191 192 vhost_net_clear_ubuf_info(n); 193 194 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 195 n->vqs[i].done_idx = 0; 196 n->vqs[i].upend_idx = 0; 197 n->vqs[i].ubufs = NULL; 198 n->vqs[i].vhost_hlen = 0; 199 n->vqs[i].sock_hlen = 0; 200 } 201 202 } 203 204 static void vhost_net_tx_packet(struct vhost_net *net) 205 { 206 ++net->tx_packets; 207 if (net->tx_packets < 1024) 208 return; 209 net->tx_packets = 0; 210 net->tx_zcopy_err = 0; 211 } 212 213 static void vhost_net_tx_err(struct vhost_net *net) 214 { 215 ++net->tx_zcopy_err; 216 } 217 218 static bool vhost_net_tx_select_zcopy(struct vhost_net *net) 219 { 220 /* TX flush waits for outstanding DMAs to be done. 221 * Don't start new DMAs. 222 */ 223 return !net->tx_flush && 224 net->tx_packets / 64 >= net->tx_zcopy_err; 225 } 226 227 static bool vhost_sock_zcopy(struct socket *sock) 228 { 229 return unlikely(experimental_zcopytx) && 230 sock_flag(sock->sk, SOCK_ZEROCOPY); 231 } 232 233 /* In case of DMA done not in order in lower device driver for some reason. 234 * upend_idx is used to track end of used idx, done_idx is used to track head 235 * of used idx. Once lower device DMA done contiguously, we will signal KVM 236 * guest used idx. 237 */ 238 static void vhost_zerocopy_signal_used(struct vhost_net *net, 239 struct vhost_virtqueue *vq) 240 { 241 struct vhost_net_virtqueue *nvq = 242 container_of(vq, struct vhost_net_virtqueue, vq); 243 int i, add; 244 int j = 0; 245 246 for (i = nvq->done_idx; i != nvq->upend_idx; i = (i + 1) % UIO_MAXIOV) { 247 if (vq->heads[i].len == VHOST_DMA_FAILED_LEN) 248 vhost_net_tx_err(net); 249 if (VHOST_DMA_IS_DONE(vq->heads[i].len)) { 250 vq->heads[i].len = VHOST_DMA_CLEAR_LEN; 251 ++j; 252 } else 253 break; 254 } 255 while (j) { 256 add = min(UIO_MAXIOV - nvq->done_idx, j); 257 vhost_add_used_and_signal_n(vq->dev, vq, 258 &vq->heads[nvq->done_idx], add); 259 nvq->done_idx = (nvq->done_idx + add) % UIO_MAXIOV; 260 j -= add; 261 } 262 } 263 264 static void vhost_zerocopy_callback(struct ubuf_info *ubuf, bool success) 265 { 266 struct vhost_net_ubuf_ref *ubufs = ubuf->ctx; 267 struct vhost_virtqueue *vq = ubufs->vq; 268 int cnt; 269 270 rcu_read_lock_bh(); 271 272 /* set len to mark this desc buffers done DMA */ 273 vq->heads[ubuf->desc].len = success ? 274 VHOST_DMA_DONE_LEN : VHOST_DMA_FAILED_LEN; 275 cnt = vhost_net_ubuf_put(ubufs); 276 277 /* 278 * Trigger polling thread if guest stopped submitting new buffers: 279 * in this case, the refcount after decrement will eventually reach 1. 280 * We also trigger polling periodically after each 16 packets 281 * (the value 16 here is more or less arbitrary, it's tuned to trigger 282 * less than 10% of times). 283 */ 284 if (cnt <= 1 || !(cnt % 16)) 285 vhost_poll_queue(&vq->poll); 286 287 rcu_read_unlock_bh(); 288 } 289 290 static inline unsigned long busy_clock(void) 291 { 292 return local_clock() >> 10; 293 } 294 295 static bool vhost_can_busy_poll(struct vhost_dev *dev, 296 unsigned long endtime) 297 { 298 return likely(!need_resched()) && 299 likely(!time_after(busy_clock(), endtime)) && 300 likely(!signal_pending(current)) && 301 !vhost_has_work(dev); 302 } 303 304 static void vhost_net_disable_vq(struct vhost_net *n, 305 struct vhost_virtqueue *vq) 306 { 307 struct vhost_net_virtqueue *nvq = 308 container_of(vq, struct vhost_net_virtqueue, vq); 309 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 310 if (!vq->private_data) 311 return; 312 vhost_poll_stop(poll); 313 } 314 315 static int vhost_net_enable_vq(struct vhost_net *n, 316 struct vhost_virtqueue *vq) 317 { 318 struct vhost_net_virtqueue *nvq = 319 container_of(vq, struct vhost_net_virtqueue, vq); 320 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 321 struct socket *sock; 322 323 sock = vq->private_data; 324 if (!sock) 325 return 0; 326 327 return vhost_poll_start(poll, sock->file); 328 } 329 330 static int vhost_net_tx_get_vq_desc(struct vhost_net *net, 331 struct vhost_virtqueue *vq, 332 struct iovec iov[], unsigned int iov_size, 333 unsigned int *out_num, unsigned int *in_num) 334 { 335 unsigned long uninitialized_var(endtime); 336 int r = vhost_get_vq_desc(vq, vq->iov, ARRAY_SIZE(vq->iov), 337 out_num, in_num, NULL, NULL); 338 339 if (r == vq->num && vq->busyloop_timeout) { 340 preempt_disable(); 341 endtime = busy_clock() + vq->busyloop_timeout; 342 while (vhost_can_busy_poll(vq->dev, endtime) && 343 vhost_vq_avail_empty(vq->dev, vq)) 344 cpu_relax_lowlatency(); 345 preempt_enable(); 346 r = vhost_get_vq_desc(vq, vq->iov, ARRAY_SIZE(vq->iov), 347 out_num, in_num, NULL, NULL); 348 } 349 350 return r; 351 } 352 353 /* Expects to be always run from workqueue - which acts as 354 * read-size critical section for our kind of RCU. */ 355 static void handle_tx(struct vhost_net *net) 356 { 357 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX]; 358 struct vhost_virtqueue *vq = &nvq->vq; 359 unsigned out, in; 360 int head; 361 struct msghdr msg = { 362 .msg_name = NULL, 363 .msg_namelen = 0, 364 .msg_control = NULL, 365 .msg_controllen = 0, 366 .msg_flags = MSG_DONTWAIT, 367 }; 368 size_t len, total_len = 0; 369 int err; 370 size_t hdr_size; 371 struct socket *sock; 372 struct vhost_net_ubuf_ref *uninitialized_var(ubufs); 373 bool zcopy, zcopy_used; 374 375 mutex_lock(&vq->mutex); 376 sock = vq->private_data; 377 if (!sock) 378 goto out; 379 380 vhost_disable_notify(&net->dev, vq); 381 382 hdr_size = nvq->vhost_hlen; 383 zcopy = nvq->ubufs; 384 385 for (;;) { 386 /* Release DMAs done buffers first */ 387 if (zcopy) 388 vhost_zerocopy_signal_used(net, vq); 389 390 /* If more outstanding DMAs, queue the work. 391 * Handle upend_idx wrap around 392 */ 393 if (unlikely((nvq->upend_idx + vq->num - VHOST_MAX_PEND) 394 % UIO_MAXIOV == nvq->done_idx)) 395 break; 396 397 head = vhost_net_tx_get_vq_desc(net, vq, vq->iov, 398 ARRAY_SIZE(vq->iov), 399 &out, &in); 400 /* On error, stop handling until the next kick. */ 401 if (unlikely(head < 0)) 402 break; 403 /* Nothing new? Wait for eventfd to tell us they refilled. */ 404 if (head == vq->num) { 405 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 406 vhost_disable_notify(&net->dev, vq); 407 continue; 408 } 409 break; 410 } 411 if (in) { 412 vq_err(vq, "Unexpected descriptor format for TX: " 413 "out %d, int %d\n", out, in); 414 break; 415 } 416 /* Skip header. TODO: support TSO. */ 417 len = iov_length(vq->iov, out); 418 iov_iter_init(&msg.msg_iter, WRITE, vq->iov, out, len); 419 iov_iter_advance(&msg.msg_iter, hdr_size); 420 /* Sanity check */ 421 if (!msg_data_left(&msg)) { 422 vq_err(vq, "Unexpected header len for TX: " 423 "%zd expected %zd\n", 424 len, hdr_size); 425 break; 426 } 427 len = msg_data_left(&msg); 428 429 zcopy_used = zcopy && len >= VHOST_GOODCOPY_LEN 430 && (nvq->upend_idx + 1) % UIO_MAXIOV != 431 nvq->done_idx 432 && vhost_net_tx_select_zcopy(net); 433 434 /* use msg_control to pass vhost zerocopy ubuf info to skb */ 435 if (zcopy_used) { 436 struct ubuf_info *ubuf; 437 ubuf = nvq->ubuf_info + nvq->upend_idx; 438 439 vq->heads[nvq->upend_idx].id = cpu_to_vhost32(vq, head); 440 vq->heads[nvq->upend_idx].len = VHOST_DMA_IN_PROGRESS; 441 ubuf->callback = vhost_zerocopy_callback; 442 ubuf->ctx = nvq->ubufs; 443 ubuf->desc = nvq->upend_idx; 444 msg.msg_control = ubuf; 445 msg.msg_controllen = sizeof(ubuf); 446 ubufs = nvq->ubufs; 447 atomic_inc(&ubufs->refcount); 448 nvq->upend_idx = (nvq->upend_idx + 1) % UIO_MAXIOV; 449 } else { 450 msg.msg_control = NULL; 451 ubufs = NULL; 452 } 453 /* TODO: Check specific error and bomb out unless ENOBUFS? */ 454 err = sock->ops->sendmsg(sock, &msg, len); 455 if (unlikely(err < 0)) { 456 if (zcopy_used) { 457 vhost_net_ubuf_put(ubufs); 458 nvq->upend_idx = ((unsigned)nvq->upend_idx - 1) 459 % UIO_MAXIOV; 460 } 461 vhost_discard_vq_desc(vq, 1); 462 break; 463 } 464 if (err != len) 465 pr_debug("Truncated TX packet: " 466 " len %d != %zd\n", err, len); 467 if (!zcopy_used) 468 vhost_add_used_and_signal(&net->dev, vq, head, 0); 469 else 470 vhost_zerocopy_signal_used(net, vq); 471 total_len += len; 472 vhost_net_tx_packet(net); 473 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 474 vhost_poll_queue(&vq->poll); 475 break; 476 } 477 } 478 out: 479 mutex_unlock(&vq->mutex); 480 } 481 482 static int peek_head_len(struct sock *sk) 483 { 484 struct sk_buff *head; 485 int len = 0; 486 unsigned long flags; 487 488 spin_lock_irqsave(&sk->sk_receive_queue.lock, flags); 489 head = skb_peek(&sk->sk_receive_queue); 490 if (likely(head)) { 491 len = head->len; 492 if (skb_vlan_tag_present(head)) 493 len += VLAN_HLEN; 494 } 495 496 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, flags); 497 return len; 498 } 499 500 static int vhost_net_rx_peek_head_len(struct vhost_net *net, struct sock *sk) 501 { 502 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX]; 503 struct vhost_virtqueue *vq = &nvq->vq; 504 unsigned long uninitialized_var(endtime); 505 int len = peek_head_len(sk); 506 507 if (!len && vq->busyloop_timeout) { 508 /* Both tx vq and rx socket were polled here */ 509 mutex_lock(&vq->mutex); 510 vhost_disable_notify(&net->dev, vq); 511 512 preempt_disable(); 513 endtime = busy_clock() + vq->busyloop_timeout; 514 515 while (vhost_can_busy_poll(&net->dev, endtime) && 516 skb_queue_empty(&sk->sk_receive_queue) && 517 vhost_vq_avail_empty(&net->dev, vq)) 518 cpu_relax_lowlatency(); 519 520 preempt_enable(); 521 522 if (vhost_enable_notify(&net->dev, vq)) 523 vhost_poll_queue(&vq->poll); 524 mutex_unlock(&vq->mutex); 525 526 len = peek_head_len(sk); 527 } 528 529 return len; 530 } 531 532 /* This is a multi-buffer version of vhost_get_desc, that works if 533 * vq has read descriptors only. 534 * @vq - the relevant virtqueue 535 * @datalen - data length we'll be reading 536 * @iovcount - returned count of io vectors we fill 537 * @log - vhost log 538 * @log_num - log offset 539 * @quota - headcount quota, 1 for big buffer 540 * returns number of buffer heads allocated, negative on error 541 */ 542 static int get_rx_bufs(struct vhost_virtqueue *vq, 543 struct vring_used_elem *heads, 544 int datalen, 545 unsigned *iovcount, 546 struct vhost_log *log, 547 unsigned *log_num, 548 unsigned int quota) 549 { 550 unsigned int out, in; 551 int seg = 0; 552 int headcount = 0; 553 unsigned d; 554 int r, nlogs = 0; 555 /* len is always initialized before use since we are always called with 556 * datalen > 0. 557 */ 558 u32 uninitialized_var(len); 559 560 while (datalen > 0 && headcount < quota) { 561 if (unlikely(seg >= UIO_MAXIOV)) { 562 r = -ENOBUFS; 563 goto err; 564 } 565 r = vhost_get_vq_desc(vq, vq->iov + seg, 566 ARRAY_SIZE(vq->iov) - seg, &out, 567 &in, log, log_num); 568 if (unlikely(r < 0)) 569 goto err; 570 571 d = r; 572 if (d == vq->num) { 573 r = 0; 574 goto err; 575 } 576 if (unlikely(out || in <= 0)) { 577 vq_err(vq, "unexpected descriptor format for RX: " 578 "out %d, in %d\n", out, in); 579 r = -EINVAL; 580 goto err; 581 } 582 if (unlikely(log)) { 583 nlogs += *log_num; 584 log += *log_num; 585 } 586 heads[headcount].id = cpu_to_vhost32(vq, d); 587 len = iov_length(vq->iov + seg, in); 588 heads[headcount].len = cpu_to_vhost32(vq, len); 589 datalen -= len; 590 ++headcount; 591 seg += in; 592 } 593 heads[headcount - 1].len = cpu_to_vhost32(vq, len + datalen); 594 *iovcount = seg; 595 if (unlikely(log)) 596 *log_num = nlogs; 597 598 /* Detect overrun */ 599 if (unlikely(datalen > 0)) { 600 r = UIO_MAXIOV + 1; 601 goto err; 602 } 603 return headcount; 604 err: 605 vhost_discard_vq_desc(vq, headcount); 606 return r; 607 } 608 609 /* Expects to be always run from workqueue - which acts as 610 * read-size critical section for our kind of RCU. */ 611 static void handle_rx(struct vhost_net *net) 612 { 613 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX]; 614 struct vhost_virtqueue *vq = &nvq->vq; 615 unsigned uninitialized_var(in), log; 616 struct vhost_log *vq_log; 617 struct msghdr msg = { 618 .msg_name = NULL, 619 .msg_namelen = 0, 620 .msg_control = NULL, /* FIXME: get and handle RX aux data. */ 621 .msg_controllen = 0, 622 .msg_flags = MSG_DONTWAIT, 623 }; 624 struct virtio_net_hdr hdr = { 625 .flags = 0, 626 .gso_type = VIRTIO_NET_HDR_GSO_NONE 627 }; 628 size_t total_len = 0; 629 int err, mergeable; 630 s16 headcount; 631 size_t vhost_hlen, sock_hlen; 632 size_t vhost_len, sock_len; 633 struct socket *sock; 634 struct iov_iter fixup; 635 __virtio16 num_buffers; 636 637 mutex_lock(&vq->mutex); 638 sock = vq->private_data; 639 if (!sock) 640 goto out; 641 vhost_disable_notify(&net->dev, vq); 642 vhost_net_disable_vq(net, vq); 643 644 vhost_hlen = nvq->vhost_hlen; 645 sock_hlen = nvq->sock_hlen; 646 647 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ? 648 vq->log : NULL; 649 mergeable = vhost_has_feature(vq, VIRTIO_NET_F_MRG_RXBUF); 650 651 while ((sock_len = vhost_net_rx_peek_head_len(net, sock->sk))) { 652 sock_len += sock_hlen; 653 vhost_len = sock_len + vhost_hlen; 654 headcount = get_rx_bufs(vq, vq->heads, vhost_len, 655 &in, vq_log, &log, 656 likely(mergeable) ? UIO_MAXIOV : 1); 657 /* On error, stop handling until the next kick. */ 658 if (unlikely(headcount < 0)) 659 goto out; 660 /* On overrun, truncate and discard */ 661 if (unlikely(headcount > UIO_MAXIOV)) { 662 iov_iter_init(&msg.msg_iter, READ, vq->iov, 1, 1); 663 err = sock->ops->recvmsg(sock, &msg, 664 1, MSG_DONTWAIT | MSG_TRUNC); 665 pr_debug("Discarded rx packet: len %zd\n", sock_len); 666 continue; 667 } 668 /* OK, now we need to know about added descriptors. */ 669 if (!headcount) { 670 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 671 /* They have slipped one in as we were 672 * doing that: check again. */ 673 vhost_disable_notify(&net->dev, vq); 674 continue; 675 } 676 /* Nothing new? Wait for eventfd to tell us 677 * they refilled. */ 678 goto out; 679 } 680 /* We don't need to be notified again. */ 681 iov_iter_init(&msg.msg_iter, READ, vq->iov, in, vhost_len); 682 fixup = msg.msg_iter; 683 if (unlikely((vhost_hlen))) { 684 /* We will supply the header ourselves 685 * TODO: support TSO. 686 */ 687 iov_iter_advance(&msg.msg_iter, vhost_hlen); 688 } 689 err = sock->ops->recvmsg(sock, &msg, 690 sock_len, MSG_DONTWAIT | MSG_TRUNC); 691 /* Userspace might have consumed the packet meanwhile: 692 * it's not supposed to do this usually, but might be hard 693 * to prevent. Discard data we got (if any) and keep going. */ 694 if (unlikely(err != sock_len)) { 695 pr_debug("Discarded rx packet: " 696 " len %d, expected %zd\n", err, sock_len); 697 vhost_discard_vq_desc(vq, headcount); 698 continue; 699 } 700 /* Supply virtio_net_hdr if VHOST_NET_F_VIRTIO_NET_HDR */ 701 if (unlikely(vhost_hlen)) { 702 if (copy_to_iter(&hdr, sizeof(hdr), 703 &fixup) != sizeof(hdr)) { 704 vq_err(vq, "Unable to write vnet_hdr " 705 "at addr %p\n", vq->iov->iov_base); 706 goto out; 707 } 708 } else { 709 /* Header came from socket; we'll need to patch 710 * ->num_buffers over if VIRTIO_NET_F_MRG_RXBUF 711 */ 712 iov_iter_advance(&fixup, sizeof(hdr)); 713 } 714 /* TODO: Should check and handle checksum. */ 715 716 num_buffers = cpu_to_vhost16(vq, headcount); 717 if (likely(mergeable) && 718 copy_to_iter(&num_buffers, sizeof num_buffers, 719 &fixup) != sizeof num_buffers) { 720 vq_err(vq, "Failed num_buffers write"); 721 vhost_discard_vq_desc(vq, headcount); 722 goto out; 723 } 724 vhost_add_used_and_signal_n(&net->dev, vq, vq->heads, 725 headcount); 726 if (unlikely(vq_log)) 727 vhost_log_write(vq, vq_log, log, vhost_len); 728 total_len += vhost_len; 729 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 730 vhost_poll_queue(&vq->poll); 731 goto out; 732 } 733 } 734 vhost_net_enable_vq(net, vq); 735 out: 736 mutex_unlock(&vq->mutex); 737 } 738 739 static void handle_tx_kick(struct vhost_work *work) 740 { 741 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 742 poll.work); 743 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 744 745 handle_tx(net); 746 } 747 748 static void handle_rx_kick(struct vhost_work *work) 749 { 750 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 751 poll.work); 752 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 753 754 handle_rx(net); 755 } 756 757 static void handle_tx_net(struct vhost_work *work) 758 { 759 struct vhost_net *net = container_of(work, struct vhost_net, 760 poll[VHOST_NET_VQ_TX].work); 761 handle_tx(net); 762 } 763 764 static void handle_rx_net(struct vhost_work *work) 765 { 766 struct vhost_net *net = container_of(work, struct vhost_net, 767 poll[VHOST_NET_VQ_RX].work); 768 handle_rx(net); 769 } 770 771 static int vhost_net_open(struct inode *inode, struct file *f) 772 { 773 struct vhost_net *n; 774 struct vhost_dev *dev; 775 struct vhost_virtqueue **vqs; 776 int i; 777 778 n = kmalloc(sizeof *n, GFP_KERNEL | __GFP_NOWARN | __GFP_REPEAT); 779 if (!n) { 780 n = vmalloc(sizeof *n); 781 if (!n) 782 return -ENOMEM; 783 } 784 vqs = kmalloc(VHOST_NET_VQ_MAX * sizeof(*vqs), GFP_KERNEL); 785 if (!vqs) { 786 kvfree(n); 787 return -ENOMEM; 788 } 789 790 dev = &n->dev; 791 vqs[VHOST_NET_VQ_TX] = &n->vqs[VHOST_NET_VQ_TX].vq; 792 vqs[VHOST_NET_VQ_RX] = &n->vqs[VHOST_NET_VQ_RX].vq; 793 n->vqs[VHOST_NET_VQ_TX].vq.handle_kick = handle_tx_kick; 794 n->vqs[VHOST_NET_VQ_RX].vq.handle_kick = handle_rx_kick; 795 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 796 n->vqs[i].ubufs = NULL; 797 n->vqs[i].ubuf_info = NULL; 798 n->vqs[i].upend_idx = 0; 799 n->vqs[i].done_idx = 0; 800 n->vqs[i].vhost_hlen = 0; 801 n->vqs[i].sock_hlen = 0; 802 } 803 vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX); 804 805 vhost_poll_init(n->poll + VHOST_NET_VQ_TX, handle_tx_net, POLLOUT, dev); 806 vhost_poll_init(n->poll + VHOST_NET_VQ_RX, handle_rx_net, POLLIN, dev); 807 808 f->private_data = n; 809 810 return 0; 811 } 812 813 static struct socket *vhost_net_stop_vq(struct vhost_net *n, 814 struct vhost_virtqueue *vq) 815 { 816 struct socket *sock; 817 818 mutex_lock(&vq->mutex); 819 sock = vq->private_data; 820 vhost_net_disable_vq(n, vq); 821 vq->private_data = NULL; 822 mutex_unlock(&vq->mutex); 823 return sock; 824 } 825 826 static void vhost_net_stop(struct vhost_net *n, struct socket **tx_sock, 827 struct socket **rx_sock) 828 { 829 *tx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_TX].vq); 830 *rx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_RX].vq); 831 } 832 833 static void vhost_net_flush_vq(struct vhost_net *n, int index) 834 { 835 vhost_poll_flush(n->poll + index); 836 vhost_poll_flush(&n->vqs[index].vq.poll); 837 } 838 839 static void vhost_net_flush(struct vhost_net *n) 840 { 841 vhost_net_flush_vq(n, VHOST_NET_VQ_TX); 842 vhost_net_flush_vq(n, VHOST_NET_VQ_RX); 843 if (n->vqs[VHOST_NET_VQ_TX].ubufs) { 844 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 845 n->tx_flush = true; 846 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 847 /* Wait for all lower device DMAs done. */ 848 vhost_net_ubuf_put_and_wait(n->vqs[VHOST_NET_VQ_TX].ubufs); 849 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 850 n->tx_flush = false; 851 atomic_set(&n->vqs[VHOST_NET_VQ_TX].ubufs->refcount, 1); 852 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 853 } 854 } 855 856 static int vhost_net_release(struct inode *inode, struct file *f) 857 { 858 struct vhost_net *n = f->private_data; 859 struct socket *tx_sock; 860 struct socket *rx_sock; 861 862 vhost_net_stop(n, &tx_sock, &rx_sock); 863 vhost_net_flush(n); 864 vhost_dev_stop(&n->dev); 865 vhost_dev_cleanup(&n->dev, false); 866 vhost_net_vq_reset(n); 867 if (tx_sock) 868 sockfd_put(tx_sock); 869 if (rx_sock) 870 sockfd_put(rx_sock); 871 /* Make sure no callbacks are outstanding */ 872 synchronize_rcu_bh(); 873 /* We do an extra flush before freeing memory, 874 * since jobs can re-queue themselves. */ 875 vhost_net_flush(n); 876 kfree(n->dev.vqs); 877 kvfree(n); 878 return 0; 879 } 880 881 static struct socket *get_raw_socket(int fd) 882 { 883 struct { 884 struct sockaddr_ll sa; 885 char buf[MAX_ADDR_LEN]; 886 } uaddr; 887 int uaddr_len = sizeof uaddr, r; 888 struct socket *sock = sockfd_lookup(fd, &r); 889 890 if (!sock) 891 return ERR_PTR(-ENOTSOCK); 892 893 /* Parameter checking */ 894 if (sock->sk->sk_type != SOCK_RAW) { 895 r = -ESOCKTNOSUPPORT; 896 goto err; 897 } 898 899 r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, 900 &uaddr_len, 0); 901 if (r) 902 goto err; 903 904 if (uaddr.sa.sll_family != AF_PACKET) { 905 r = -EPFNOSUPPORT; 906 goto err; 907 } 908 return sock; 909 err: 910 sockfd_put(sock); 911 return ERR_PTR(r); 912 } 913 914 static struct socket *get_tap_socket(int fd) 915 { 916 struct file *file = fget(fd); 917 struct socket *sock; 918 919 if (!file) 920 return ERR_PTR(-EBADF); 921 sock = tun_get_socket(file); 922 if (!IS_ERR(sock)) 923 return sock; 924 sock = macvtap_get_socket(file); 925 if (IS_ERR(sock)) 926 fput(file); 927 return sock; 928 } 929 930 static struct socket *get_socket(int fd) 931 { 932 struct socket *sock; 933 934 /* special case to disable backend */ 935 if (fd == -1) 936 return NULL; 937 sock = get_raw_socket(fd); 938 if (!IS_ERR(sock)) 939 return sock; 940 sock = get_tap_socket(fd); 941 if (!IS_ERR(sock)) 942 return sock; 943 return ERR_PTR(-ENOTSOCK); 944 } 945 946 static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) 947 { 948 struct socket *sock, *oldsock; 949 struct vhost_virtqueue *vq; 950 struct vhost_net_virtqueue *nvq; 951 struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL; 952 int r; 953 954 mutex_lock(&n->dev.mutex); 955 r = vhost_dev_check_owner(&n->dev); 956 if (r) 957 goto err; 958 959 if (index >= VHOST_NET_VQ_MAX) { 960 r = -ENOBUFS; 961 goto err; 962 } 963 vq = &n->vqs[index].vq; 964 nvq = &n->vqs[index]; 965 mutex_lock(&vq->mutex); 966 967 /* Verify that ring has been setup correctly. */ 968 if (!vhost_vq_access_ok(vq)) { 969 r = -EFAULT; 970 goto err_vq; 971 } 972 sock = get_socket(fd); 973 if (IS_ERR(sock)) { 974 r = PTR_ERR(sock); 975 goto err_vq; 976 } 977 978 /* start polling new socket */ 979 oldsock = vq->private_data; 980 if (sock != oldsock) { 981 ubufs = vhost_net_ubuf_alloc(vq, 982 sock && vhost_sock_zcopy(sock)); 983 if (IS_ERR(ubufs)) { 984 r = PTR_ERR(ubufs); 985 goto err_ubufs; 986 } 987 988 vhost_net_disable_vq(n, vq); 989 vq->private_data = sock; 990 r = vhost_vq_init_access(vq); 991 if (r) 992 goto err_used; 993 r = vhost_net_enable_vq(n, vq); 994 if (r) 995 goto err_used; 996 997 oldubufs = nvq->ubufs; 998 nvq->ubufs = ubufs; 999 1000 n->tx_packets = 0; 1001 n->tx_zcopy_err = 0; 1002 n->tx_flush = false; 1003 } 1004 1005 mutex_unlock(&vq->mutex); 1006 1007 if (oldubufs) { 1008 vhost_net_ubuf_put_wait_and_free(oldubufs); 1009 mutex_lock(&vq->mutex); 1010 vhost_zerocopy_signal_used(n, vq); 1011 mutex_unlock(&vq->mutex); 1012 } 1013 1014 if (oldsock) { 1015 vhost_net_flush_vq(n, index); 1016 sockfd_put(oldsock); 1017 } 1018 1019 mutex_unlock(&n->dev.mutex); 1020 return 0; 1021 1022 err_used: 1023 vq->private_data = oldsock; 1024 vhost_net_enable_vq(n, vq); 1025 if (ubufs) 1026 vhost_net_ubuf_put_wait_and_free(ubufs); 1027 err_ubufs: 1028 sockfd_put(sock); 1029 err_vq: 1030 mutex_unlock(&vq->mutex); 1031 err: 1032 mutex_unlock(&n->dev.mutex); 1033 return r; 1034 } 1035 1036 static long vhost_net_reset_owner(struct vhost_net *n) 1037 { 1038 struct socket *tx_sock = NULL; 1039 struct socket *rx_sock = NULL; 1040 long err; 1041 struct vhost_memory *memory; 1042 1043 mutex_lock(&n->dev.mutex); 1044 err = vhost_dev_check_owner(&n->dev); 1045 if (err) 1046 goto done; 1047 memory = vhost_dev_reset_owner_prepare(); 1048 if (!memory) { 1049 err = -ENOMEM; 1050 goto done; 1051 } 1052 vhost_net_stop(n, &tx_sock, &rx_sock); 1053 vhost_net_flush(n); 1054 vhost_dev_reset_owner(&n->dev, memory); 1055 vhost_net_vq_reset(n); 1056 done: 1057 mutex_unlock(&n->dev.mutex); 1058 if (tx_sock) 1059 sockfd_put(tx_sock); 1060 if (rx_sock) 1061 sockfd_put(rx_sock); 1062 return err; 1063 } 1064 1065 static int vhost_net_set_features(struct vhost_net *n, u64 features) 1066 { 1067 size_t vhost_hlen, sock_hlen, hdr_len; 1068 int i; 1069 1070 hdr_len = (features & ((1ULL << VIRTIO_NET_F_MRG_RXBUF) | 1071 (1ULL << VIRTIO_F_VERSION_1))) ? 1072 sizeof(struct virtio_net_hdr_mrg_rxbuf) : 1073 sizeof(struct virtio_net_hdr); 1074 if (features & (1 << VHOST_NET_F_VIRTIO_NET_HDR)) { 1075 /* vhost provides vnet_hdr */ 1076 vhost_hlen = hdr_len; 1077 sock_hlen = 0; 1078 } else { 1079 /* socket provides vnet_hdr */ 1080 vhost_hlen = 0; 1081 sock_hlen = hdr_len; 1082 } 1083 mutex_lock(&n->dev.mutex); 1084 if ((features & (1 << VHOST_F_LOG_ALL)) && 1085 !vhost_log_access_ok(&n->dev)) { 1086 mutex_unlock(&n->dev.mutex); 1087 return -EFAULT; 1088 } 1089 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 1090 mutex_lock(&n->vqs[i].vq.mutex); 1091 n->vqs[i].vq.acked_features = features; 1092 n->vqs[i].vhost_hlen = vhost_hlen; 1093 n->vqs[i].sock_hlen = sock_hlen; 1094 mutex_unlock(&n->vqs[i].vq.mutex); 1095 } 1096 mutex_unlock(&n->dev.mutex); 1097 return 0; 1098 } 1099 1100 static long vhost_net_set_owner(struct vhost_net *n) 1101 { 1102 int r; 1103 1104 mutex_lock(&n->dev.mutex); 1105 if (vhost_dev_has_owner(&n->dev)) { 1106 r = -EBUSY; 1107 goto out; 1108 } 1109 r = vhost_net_set_ubuf_info(n); 1110 if (r) 1111 goto out; 1112 r = vhost_dev_set_owner(&n->dev); 1113 if (r) 1114 vhost_net_clear_ubuf_info(n); 1115 vhost_net_flush(n); 1116 out: 1117 mutex_unlock(&n->dev.mutex); 1118 return r; 1119 } 1120 1121 static long vhost_net_ioctl(struct file *f, unsigned int ioctl, 1122 unsigned long arg) 1123 { 1124 struct vhost_net *n = f->private_data; 1125 void __user *argp = (void __user *)arg; 1126 u64 __user *featurep = argp; 1127 struct vhost_vring_file backend; 1128 u64 features; 1129 int r; 1130 1131 switch (ioctl) { 1132 case VHOST_NET_SET_BACKEND: 1133 if (copy_from_user(&backend, argp, sizeof backend)) 1134 return -EFAULT; 1135 return vhost_net_set_backend(n, backend.index, backend.fd); 1136 case VHOST_GET_FEATURES: 1137 features = VHOST_NET_FEATURES; 1138 if (copy_to_user(featurep, &features, sizeof features)) 1139 return -EFAULT; 1140 return 0; 1141 case VHOST_SET_FEATURES: 1142 if (copy_from_user(&features, featurep, sizeof features)) 1143 return -EFAULT; 1144 if (features & ~VHOST_NET_FEATURES) 1145 return -EOPNOTSUPP; 1146 return vhost_net_set_features(n, features); 1147 case VHOST_RESET_OWNER: 1148 return vhost_net_reset_owner(n); 1149 case VHOST_SET_OWNER: 1150 return vhost_net_set_owner(n); 1151 default: 1152 mutex_lock(&n->dev.mutex); 1153 r = vhost_dev_ioctl(&n->dev, ioctl, argp); 1154 if (r == -ENOIOCTLCMD) 1155 r = vhost_vring_ioctl(&n->dev, ioctl, argp); 1156 else 1157 vhost_net_flush(n); 1158 mutex_unlock(&n->dev.mutex); 1159 return r; 1160 } 1161 } 1162 1163 #ifdef CONFIG_COMPAT 1164 static long vhost_net_compat_ioctl(struct file *f, unsigned int ioctl, 1165 unsigned long arg) 1166 { 1167 return vhost_net_ioctl(f, ioctl, (unsigned long)compat_ptr(arg)); 1168 } 1169 #endif 1170 1171 static const struct file_operations vhost_net_fops = { 1172 .owner = THIS_MODULE, 1173 .release = vhost_net_release, 1174 .unlocked_ioctl = vhost_net_ioctl, 1175 #ifdef CONFIG_COMPAT 1176 .compat_ioctl = vhost_net_compat_ioctl, 1177 #endif 1178 .open = vhost_net_open, 1179 .llseek = noop_llseek, 1180 }; 1181 1182 static struct miscdevice vhost_net_misc = { 1183 .minor = VHOST_NET_MINOR, 1184 .name = "vhost-net", 1185 .fops = &vhost_net_fops, 1186 }; 1187 1188 static int vhost_net_init(void) 1189 { 1190 if (experimental_zcopytx) 1191 vhost_net_enable_zcopy(VHOST_NET_VQ_TX); 1192 return misc_register(&vhost_net_misc); 1193 } 1194 module_init(vhost_net_init); 1195 1196 static void vhost_net_exit(void) 1197 { 1198 misc_deregister(&vhost_net_misc); 1199 } 1200 module_exit(vhost_net_exit); 1201 1202 MODULE_VERSION("0.0.1"); 1203 MODULE_LICENSE("GPL v2"); 1204 MODULE_AUTHOR("Michael S. Tsirkin"); 1205 MODULE_DESCRIPTION("Host kernel accelerator for virtio net"); 1206 MODULE_ALIAS_MISCDEV(VHOST_NET_MINOR); 1207 MODULE_ALIAS("devname:vhost-net"); 1208