1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (C) 2009 Red Hat, Inc.
3 * Copyright (C) 2006 Rusty Russell IBM Corporation
5 * Author: Michael S. Tsirkin <mst@redhat.com>
7 * Inspiration, some code, and most witty comments come from
8 * Documentation/virtual/lguest/lguest.c, by Rusty Russell
10 * Generic code for virtio server in host kernel.
13 #include <linux/eventfd.h>
14 #include <linux/vhost.h>
15 #include <linux/uio.h>
17 #include <linux/miscdevice.h>
18 #include <linux/mutex.h>
19 #include <linux/poll.h>
20 #include <linux/file.h>
21 #include <linux/highmem.h>
22 #include <linux/slab.h>
23 #include <linux/vmalloc.h>
24 #include <linux/kthread.h>
25 #include <linux/module.h>
26 #include <linux/sort.h>
27 #include <linux/sched/mm.h>
28 #include <linux/sched/signal.h>
29 #include <linux/sched/vhost_task.h>
30 #include <linux/interval_tree_generic.h>
31 #include <linux/nospec.h>
32 #include <linux/kcov.h>
36 static ushort max_mem_regions = 64;
37 module_param(max_mem_regions, ushort, 0444);
38 MODULE_PARM_DESC(max_mem_regions,
39 "Maximum number of memory regions in memory map. (default: 64)");
40 static int max_iotlb_entries = 2048;
41 module_param(max_iotlb_entries, int, 0444);
42 MODULE_PARM_DESC(max_iotlb_entries,
43 "Maximum number of iotlb entries. (default: 2048)");
46 VHOST_MEMORY_F_LOG = 0x1,
49 #define vhost_used_event(vq) ((__virtio16 __user *)&vq->avail->ring[vq->num])
50 #define vhost_avail_event(vq) ((__virtio16 __user *)&vq->used->ring[vq->num])
52 #ifdef CONFIG_VHOST_CROSS_ENDIAN_LEGACY
53 static void vhost_disable_cross_endian(struct vhost_virtqueue *vq)
55 vq->user_be = !virtio_legacy_is_little_endian();
58 static void vhost_enable_cross_endian_big(struct vhost_virtqueue *vq)
63 static void vhost_enable_cross_endian_little(struct vhost_virtqueue *vq)
68 static long vhost_set_vring_endian(struct vhost_virtqueue *vq, int __user *argp)
70 struct vhost_vring_state s;
75 if (copy_from_user(&s, argp, sizeof(s)))
78 if (s.num != VHOST_VRING_LITTLE_ENDIAN &&
79 s.num != VHOST_VRING_BIG_ENDIAN)
82 if (s.num == VHOST_VRING_BIG_ENDIAN)
83 vhost_enable_cross_endian_big(vq);
85 vhost_enable_cross_endian_little(vq);
90 static long vhost_get_vring_endian(struct vhost_virtqueue *vq, u32 idx,
93 struct vhost_vring_state s = {
98 if (copy_to_user(argp, &s, sizeof(s)))
104 static void vhost_init_is_le(struct vhost_virtqueue *vq)
106 /* Note for legacy virtio: user_be is initialized at reset time
107 * according to the host endianness. If userspace does not set an
108 * explicit endianness, the default behavior is native endian, as
109 * expected by legacy virtio.
111 vq->is_le = vhost_has_feature(vq, VIRTIO_F_VERSION_1) || !vq->user_be;
114 static void vhost_disable_cross_endian(struct vhost_virtqueue *vq)
118 static long vhost_set_vring_endian(struct vhost_virtqueue *vq, int __user *argp)
123 static long vhost_get_vring_endian(struct vhost_virtqueue *vq, u32 idx,
129 static void vhost_init_is_le(struct vhost_virtqueue *vq)
131 vq->is_le = vhost_has_feature(vq, VIRTIO_F_VERSION_1)
132 || virtio_legacy_is_little_endian();
134 #endif /* CONFIG_VHOST_CROSS_ENDIAN_LEGACY */
136 static void vhost_reset_is_le(struct vhost_virtqueue *vq)
138 vhost_init_is_le(vq);
141 struct vhost_flush_struct {
142 struct vhost_work work;
143 struct completion wait_event;
146 static void vhost_flush_work(struct vhost_work *work)
148 struct vhost_flush_struct *s;
150 s = container_of(work, struct vhost_flush_struct, work);
151 complete(&s->wait_event);
154 static void vhost_poll_func(struct file *file, wait_queue_head_t *wqh,
157 struct vhost_poll *poll;
159 poll = container_of(pt, struct vhost_poll, table);
161 add_wait_queue(wqh, &poll->wait);
164 static int vhost_poll_wakeup(wait_queue_entry_t *wait, unsigned mode, int sync,
167 struct vhost_poll *poll = container_of(wait, struct vhost_poll, wait);
168 struct vhost_work *work = &poll->work;
170 if (!(key_to_poll(key) & poll->mask))
173 if (!poll->dev->use_worker)
176 vhost_poll_queue(poll);
181 void vhost_work_init(struct vhost_work *work, vhost_work_fn_t fn)
183 clear_bit(VHOST_WORK_QUEUED, &work->flags);
186 EXPORT_SYMBOL_GPL(vhost_work_init);
188 /* Init poll structure */
189 void vhost_poll_init(struct vhost_poll *poll, vhost_work_fn_t fn,
190 __poll_t mask, struct vhost_dev *dev,
191 struct vhost_virtqueue *vq)
193 init_waitqueue_func_entry(&poll->wait, vhost_poll_wakeup);
194 init_poll_funcptr(&poll->table, vhost_poll_func);
200 vhost_work_init(&poll->work, fn);
202 EXPORT_SYMBOL_GPL(vhost_poll_init);
204 /* Start polling a file. We add ourselves to file's wait queue. The caller must
205 * keep a reference to a file until after vhost_poll_stop is called. */
206 int vhost_poll_start(struct vhost_poll *poll, struct file *file)
213 mask = vfs_poll(file, &poll->table);
215 vhost_poll_wakeup(&poll->wait, 0, 0, poll_to_key(mask));
216 if (mask & EPOLLERR) {
217 vhost_poll_stop(poll);
223 EXPORT_SYMBOL_GPL(vhost_poll_start);
225 /* Stop polling a file. After this function returns, it becomes safe to drop the
226 * file reference. You must also flush afterwards. */
227 void vhost_poll_stop(struct vhost_poll *poll)
230 remove_wait_queue(poll->wqh, &poll->wait);
234 EXPORT_SYMBOL_GPL(vhost_poll_stop);
236 static void vhost_worker_queue(struct vhost_worker *worker,
237 struct vhost_work *work)
239 if (!test_and_set_bit(VHOST_WORK_QUEUED, &work->flags)) {
240 /* We can only add the work to the list after we're
241 * sure it was not in the list.
242 * test_and_set_bit() implies a memory barrier.
244 llist_add(&work->node, &worker->work_list);
245 vhost_task_wake(worker->vtsk);
249 bool vhost_vq_work_queue(struct vhost_virtqueue *vq, struct vhost_work *work)
251 struct vhost_worker *worker;
255 worker = rcu_dereference(vq->worker);
258 vhost_worker_queue(worker, work);
264 EXPORT_SYMBOL_GPL(vhost_vq_work_queue);
266 void vhost_vq_flush(struct vhost_virtqueue *vq)
268 struct vhost_flush_struct flush;
270 init_completion(&flush.wait_event);
271 vhost_work_init(&flush.work, vhost_flush_work);
273 if (vhost_vq_work_queue(vq, &flush.work))
274 wait_for_completion(&flush.wait_event);
276 EXPORT_SYMBOL_GPL(vhost_vq_flush);
279 * vhost_worker_flush - flush a worker
280 * @worker: worker to flush
282 * This does not use RCU to protect the worker, so the device or worker
283 * mutex must be held.
285 static void vhost_worker_flush(struct vhost_worker *worker)
287 struct vhost_flush_struct flush;
289 init_completion(&flush.wait_event);
290 vhost_work_init(&flush.work, vhost_flush_work);
292 vhost_worker_queue(worker, &flush.work);
293 wait_for_completion(&flush.wait_event);
296 void vhost_dev_flush(struct vhost_dev *dev)
298 struct vhost_worker *worker;
301 xa_for_each(&dev->worker_xa, i, worker) {
302 mutex_lock(&worker->mutex);
303 if (!worker->attachment_cnt) {
304 mutex_unlock(&worker->mutex);
307 vhost_worker_flush(worker);
308 mutex_unlock(&worker->mutex);
311 EXPORT_SYMBOL_GPL(vhost_dev_flush);
313 /* A lockless hint for busy polling code to exit the loop */
314 bool vhost_vq_has_work(struct vhost_virtqueue *vq)
316 struct vhost_worker *worker;
317 bool has_work = false;
320 worker = rcu_dereference(vq->worker);
321 if (worker && !llist_empty(&worker->work_list))
327 EXPORT_SYMBOL_GPL(vhost_vq_has_work);
329 void vhost_poll_queue(struct vhost_poll *poll)
331 vhost_vq_work_queue(poll->vq, &poll->work);
333 EXPORT_SYMBOL_GPL(vhost_poll_queue);
335 static void __vhost_vq_meta_reset(struct vhost_virtqueue *vq)
339 for (j = 0; j < VHOST_NUM_ADDRS; j++)
340 vq->meta_iotlb[j] = NULL;
343 static void vhost_vq_meta_reset(struct vhost_dev *d)
347 for (i = 0; i < d->nvqs; ++i)
348 __vhost_vq_meta_reset(d->vqs[i]);
351 static void vhost_vring_call_reset(struct vhost_vring_call *call_ctx)
353 call_ctx->ctx = NULL;
354 memset(&call_ctx->producer, 0x0, sizeof(struct irq_bypass_producer));
357 bool vhost_vq_is_setup(struct vhost_virtqueue *vq)
359 return vq->avail && vq->desc && vq->used && vhost_vq_access_ok(vq);
361 EXPORT_SYMBOL_GPL(vhost_vq_is_setup);
363 static void vhost_vq_reset(struct vhost_dev *dev,
364 struct vhost_virtqueue *vq)
370 vq->last_avail_idx = 0;
372 vq->last_used_idx = 0;
373 vq->signalled_used = 0;
374 vq->signalled_used_valid = false;
376 vq->log_used = false;
377 vq->log_addr = -1ull;
378 vq->private_data = NULL;
379 vq->acked_features = 0;
380 vq->acked_backend_features = 0;
382 vq->error_ctx = NULL;
385 vhost_disable_cross_endian(vq);
386 vhost_reset_is_le(vq);
387 vq->busyloop_timeout = 0;
390 rcu_assign_pointer(vq->worker, NULL);
391 vhost_vring_call_reset(&vq->call_ctx);
392 __vhost_vq_meta_reset(vq);
395 static bool vhost_worker(void *data)
397 struct vhost_worker *worker = data;
398 struct vhost_work *work, *work_next;
399 struct llist_node *node;
401 node = llist_del_all(&worker->work_list);
403 __set_current_state(TASK_RUNNING);
405 node = llist_reverse_order(node);
406 /* make sure flag is seen after deletion */
408 llist_for_each_entry_safe(work, work_next, node, node) {
409 clear_bit(VHOST_WORK_QUEUED, &work->flags);
410 kcov_remote_start_common(worker->kcov_handle);
420 static void vhost_vq_free_iovecs(struct vhost_virtqueue *vq)
430 /* Helper to allocate iovec buffers for all vqs. */
431 static long vhost_dev_alloc_iovecs(struct vhost_dev *dev)
433 struct vhost_virtqueue *vq;
436 for (i = 0; i < dev->nvqs; ++i) {
438 vq->indirect = kmalloc_array(UIO_MAXIOV,
439 sizeof(*vq->indirect),
441 vq->log = kmalloc_array(dev->iov_limit, sizeof(*vq->log),
443 vq->heads = kmalloc_array(dev->iov_limit, sizeof(*vq->heads),
445 if (!vq->indirect || !vq->log || !vq->heads)
452 vhost_vq_free_iovecs(dev->vqs[i]);
456 static void vhost_dev_free_iovecs(struct vhost_dev *dev)
460 for (i = 0; i < dev->nvqs; ++i)
461 vhost_vq_free_iovecs(dev->vqs[i]);
464 bool vhost_exceeds_weight(struct vhost_virtqueue *vq,
465 int pkts, int total_len)
467 struct vhost_dev *dev = vq->dev;
469 if ((dev->byte_weight && total_len >= dev->byte_weight) ||
470 pkts >= dev->weight) {
471 vhost_poll_queue(&vq->poll);
477 EXPORT_SYMBOL_GPL(vhost_exceeds_weight);
479 static size_t vhost_get_avail_size(struct vhost_virtqueue *vq,
482 size_t event __maybe_unused =
483 vhost_has_feature(vq, VIRTIO_RING_F_EVENT_IDX) ? 2 : 0;
485 return size_add(struct_size(vq->avail, ring, num), event);
488 static size_t vhost_get_used_size(struct vhost_virtqueue *vq,
491 size_t event __maybe_unused =
492 vhost_has_feature(vq, VIRTIO_RING_F_EVENT_IDX) ? 2 : 0;
494 return size_add(struct_size(vq->used, ring, num), event);
497 static size_t vhost_get_desc_size(struct vhost_virtqueue *vq,
500 return sizeof(*vq->desc) * num;
503 void vhost_dev_init(struct vhost_dev *dev,
504 struct vhost_virtqueue **vqs, int nvqs,
505 int iov_limit, int weight, int byte_weight,
507 int (*msg_handler)(struct vhost_dev *dev, u32 asid,
508 struct vhost_iotlb_msg *msg))
510 struct vhost_virtqueue *vq;
515 mutex_init(&dev->mutex);
520 dev->iov_limit = iov_limit;
521 dev->weight = weight;
522 dev->byte_weight = byte_weight;
523 dev->use_worker = use_worker;
524 dev->msg_handler = msg_handler;
525 init_waitqueue_head(&dev->wait);
526 INIT_LIST_HEAD(&dev->read_list);
527 INIT_LIST_HEAD(&dev->pending_list);
528 spin_lock_init(&dev->iotlb_lock);
529 xa_init_flags(&dev->worker_xa, XA_FLAGS_ALLOC);
531 for (i = 0; i < dev->nvqs; ++i) {
537 mutex_init(&vq->mutex);
538 vhost_vq_reset(dev, vq);
540 vhost_poll_init(&vq->poll, vq->handle_kick,
544 EXPORT_SYMBOL_GPL(vhost_dev_init);
546 /* Caller should have device mutex */
547 long vhost_dev_check_owner(struct vhost_dev *dev)
549 /* Are you the owner? If not, I don't think you mean to do that */
550 return dev->mm == current->mm ? 0 : -EPERM;
552 EXPORT_SYMBOL_GPL(vhost_dev_check_owner);
554 /* Caller should have device mutex */
555 bool vhost_dev_has_owner(struct vhost_dev *dev)
559 EXPORT_SYMBOL_GPL(vhost_dev_has_owner);
561 static void vhost_attach_mm(struct vhost_dev *dev)
563 /* No owner, become one */
564 if (dev->use_worker) {
565 dev->mm = get_task_mm(current);
567 /* vDPA device does not use worker thead, so there's
568 * no need to hold the address space for mm. This help
569 * to avoid deadlock in the case of mmap() which may
570 * held the refcnt of the file and depends on release
571 * method to remove vma.
573 dev->mm = current->mm;
578 static void vhost_detach_mm(struct vhost_dev *dev)
591 static void vhost_worker_destroy(struct vhost_dev *dev,
592 struct vhost_worker *worker)
597 WARN_ON(!llist_empty(&worker->work_list));
598 xa_erase(&dev->worker_xa, worker->id);
599 vhost_task_stop(worker->vtsk);
603 static void vhost_workers_free(struct vhost_dev *dev)
605 struct vhost_worker *worker;
608 if (!dev->use_worker)
611 for (i = 0; i < dev->nvqs; i++)
612 rcu_assign_pointer(dev->vqs[i]->worker, NULL);
614 * Free the default worker we created and cleanup workers userspace
615 * created but couldn't clean up (it forgot or crashed).
617 xa_for_each(&dev->worker_xa, i, worker)
618 vhost_worker_destroy(dev, worker);
619 xa_destroy(&dev->worker_xa);
622 static struct vhost_worker *vhost_worker_create(struct vhost_dev *dev)
624 struct vhost_worker *worker;
625 struct vhost_task *vtsk;
626 char name[TASK_COMM_LEN];
630 worker = kzalloc(sizeof(*worker), GFP_KERNEL_ACCOUNT);
634 snprintf(name, sizeof(name), "vhost-%d", current->pid);
636 vtsk = vhost_task_create(vhost_worker, worker, name);
640 mutex_init(&worker->mutex);
641 init_llist_head(&worker->work_list);
642 worker->kcov_handle = kcov_common_handle();
645 vhost_task_start(vtsk);
647 ret = xa_alloc(&dev->worker_xa, &id, worker, xa_limit_32b, GFP_KERNEL);
655 vhost_task_stop(vtsk);
661 /* Caller must have device mutex */
662 static void __vhost_vq_attach_worker(struct vhost_virtqueue *vq,
663 struct vhost_worker *worker)
665 struct vhost_worker *old_worker;
667 old_worker = rcu_dereference_check(vq->worker,
668 lockdep_is_held(&vq->dev->mutex));
670 mutex_lock(&worker->mutex);
671 worker->attachment_cnt++;
672 mutex_unlock(&worker->mutex);
673 rcu_assign_pointer(vq->worker, worker);
678 * Take the worker mutex to make sure we see the work queued from
679 * device wide flushes which doesn't use RCU for execution.
681 mutex_lock(&old_worker->mutex);
682 old_worker->attachment_cnt--;
684 * We don't want to call synchronize_rcu for every vq during setup
685 * because it will slow down VM startup. If we haven't done
686 * VHOST_SET_VRING_KICK and not done the driver specific
687 * SET_ENDPOINT/RUNNUNG then we can skip the sync since there will
688 * not be any works queued for scsi and net.
690 mutex_lock(&vq->mutex);
691 if (!vhost_vq_get_backend(vq) && !vq->kick) {
692 mutex_unlock(&vq->mutex);
693 mutex_unlock(&old_worker->mutex);
695 * vsock can queue anytime after VHOST_VSOCK_SET_GUEST_CID.
696 * Warn if it adds support for multiple workers but forgets to
697 * handle the early queueing case.
699 WARN_ON(!old_worker->attachment_cnt &&
700 !llist_empty(&old_worker->work_list));
703 mutex_unlock(&vq->mutex);
705 /* Make sure new vq queue/flush/poll calls see the new worker */
707 /* Make sure whatever was queued gets run */
708 vhost_worker_flush(old_worker);
709 mutex_unlock(&old_worker->mutex);
712 /* Caller must have device mutex */
713 static int vhost_vq_attach_worker(struct vhost_virtqueue *vq,
714 struct vhost_vring_worker *info)
716 unsigned long index = info->worker_id;
717 struct vhost_dev *dev = vq->dev;
718 struct vhost_worker *worker;
720 if (!dev->use_worker)
723 worker = xa_find(&dev->worker_xa, &index, UINT_MAX, XA_PRESENT);
724 if (!worker || worker->id != info->worker_id)
727 __vhost_vq_attach_worker(vq, worker);
731 /* Caller must have device mutex */
732 static int vhost_new_worker(struct vhost_dev *dev,
733 struct vhost_worker_state *info)
735 struct vhost_worker *worker;
737 worker = vhost_worker_create(dev);
741 info->worker_id = worker->id;
745 /* Caller must have device mutex */
746 static int vhost_free_worker(struct vhost_dev *dev,
747 struct vhost_worker_state *info)
749 unsigned long index = info->worker_id;
750 struct vhost_worker *worker;
752 worker = xa_find(&dev->worker_xa, &index, UINT_MAX, XA_PRESENT);
753 if (!worker || worker->id != info->worker_id)
756 mutex_lock(&worker->mutex);
757 if (worker->attachment_cnt) {
758 mutex_unlock(&worker->mutex);
761 mutex_unlock(&worker->mutex);
763 vhost_worker_destroy(dev, worker);
767 static int vhost_get_vq_from_user(struct vhost_dev *dev, void __user *argp,
768 struct vhost_virtqueue **vq, u32 *id)
770 u32 __user *idxp = argp;
774 r = get_user(idx, idxp);
778 if (idx >= dev->nvqs)
781 idx = array_index_nospec(idx, dev->nvqs);
788 /* Caller must have device mutex */
789 long vhost_worker_ioctl(struct vhost_dev *dev, unsigned int ioctl,
792 struct vhost_vring_worker ring_worker;
793 struct vhost_worker_state state;
794 struct vhost_worker *worker;
795 struct vhost_virtqueue *vq;
799 if (!dev->use_worker)
802 if (!vhost_dev_has_owner(dev))
805 ret = vhost_dev_check_owner(dev);
810 /* dev worker ioctls */
811 case VHOST_NEW_WORKER:
812 ret = vhost_new_worker(dev, &state);
813 if (!ret && copy_to_user(argp, &state, sizeof(state)))
816 case VHOST_FREE_WORKER:
817 if (copy_from_user(&state, argp, sizeof(state)))
819 return vhost_free_worker(dev, &state);
820 /* vring worker ioctls */
821 case VHOST_ATTACH_VRING_WORKER:
822 case VHOST_GET_VRING_WORKER:
828 ret = vhost_get_vq_from_user(dev, argp, &vq, &idx);
833 case VHOST_ATTACH_VRING_WORKER:
834 if (copy_from_user(&ring_worker, argp, sizeof(ring_worker))) {
839 ret = vhost_vq_attach_worker(vq, &ring_worker);
841 case VHOST_GET_VRING_WORKER:
842 worker = rcu_dereference_check(vq->worker,
843 lockdep_is_held(&dev->mutex));
849 ring_worker.index = idx;
850 ring_worker.worker_id = worker->id;
852 if (copy_to_user(argp, &ring_worker, sizeof(ring_worker)))
862 EXPORT_SYMBOL_GPL(vhost_worker_ioctl);
864 /* Caller should have device mutex */
865 long vhost_dev_set_owner(struct vhost_dev *dev)
867 struct vhost_worker *worker;
870 /* Is there an owner already? */
871 if (vhost_dev_has_owner(dev)) {
876 vhost_attach_mm(dev);
878 err = vhost_dev_alloc_iovecs(dev);
882 if (dev->use_worker) {
884 * This should be done last, because vsock can queue work
885 * before VHOST_SET_OWNER so it simplifies the failure path
886 * below since we don't have to worry about vsock queueing
887 * while we free the worker.
889 worker = vhost_worker_create(dev);
895 for (i = 0; i < dev->nvqs; i++)
896 __vhost_vq_attach_worker(dev->vqs[i], worker);
902 vhost_dev_free_iovecs(dev);
904 vhost_detach_mm(dev);
908 EXPORT_SYMBOL_GPL(vhost_dev_set_owner);
910 static struct vhost_iotlb *iotlb_alloc(void)
912 return vhost_iotlb_alloc(max_iotlb_entries,
913 VHOST_IOTLB_FLAG_RETIRE);
916 struct vhost_iotlb *vhost_dev_reset_owner_prepare(void)
918 return iotlb_alloc();
920 EXPORT_SYMBOL_GPL(vhost_dev_reset_owner_prepare);
922 /* Caller should have device mutex */
923 void vhost_dev_reset_owner(struct vhost_dev *dev, struct vhost_iotlb *umem)
927 vhost_dev_cleanup(dev);
930 /* We don't need VQ locks below since vhost_dev_cleanup makes sure
931 * VQs aren't running.
933 for (i = 0; i < dev->nvqs; ++i)
934 dev->vqs[i]->umem = umem;
936 EXPORT_SYMBOL_GPL(vhost_dev_reset_owner);
938 void vhost_dev_stop(struct vhost_dev *dev)
942 for (i = 0; i < dev->nvqs; ++i) {
943 if (dev->vqs[i]->kick && dev->vqs[i]->handle_kick)
944 vhost_poll_stop(&dev->vqs[i]->poll);
947 vhost_dev_flush(dev);
949 EXPORT_SYMBOL_GPL(vhost_dev_stop);
951 void vhost_clear_msg(struct vhost_dev *dev)
953 struct vhost_msg_node *node, *n;
955 spin_lock(&dev->iotlb_lock);
957 list_for_each_entry_safe(node, n, &dev->read_list, node) {
958 list_del(&node->node);
962 list_for_each_entry_safe(node, n, &dev->pending_list, node) {
963 list_del(&node->node);
967 spin_unlock(&dev->iotlb_lock);
969 EXPORT_SYMBOL_GPL(vhost_clear_msg);
971 void vhost_dev_cleanup(struct vhost_dev *dev)
975 for (i = 0; i < dev->nvqs; ++i) {
976 if (dev->vqs[i]->error_ctx)
977 eventfd_ctx_put(dev->vqs[i]->error_ctx);
978 if (dev->vqs[i]->kick)
979 fput(dev->vqs[i]->kick);
980 if (dev->vqs[i]->call_ctx.ctx)
981 eventfd_ctx_put(dev->vqs[i]->call_ctx.ctx);
982 vhost_vq_reset(dev, dev->vqs[i]);
984 vhost_dev_free_iovecs(dev);
986 eventfd_ctx_put(dev->log_ctx);
988 /* No one will access memory at this point */
989 vhost_iotlb_free(dev->umem);
991 vhost_iotlb_free(dev->iotlb);
993 vhost_clear_msg(dev);
994 wake_up_interruptible_poll(&dev->wait, EPOLLIN | EPOLLRDNORM);
995 vhost_workers_free(dev);
996 vhost_detach_mm(dev);
998 EXPORT_SYMBOL_GPL(vhost_dev_cleanup);
1000 static bool log_access_ok(void __user *log_base, u64 addr, unsigned long sz)
1002 u64 a = addr / VHOST_PAGE_SIZE / 8;
1004 /* Make sure 64 bit math will not overflow. */
1005 if (a > ULONG_MAX - (unsigned long)log_base ||
1006 a + (unsigned long)log_base > ULONG_MAX)
1009 return access_ok(log_base + a,
1010 (sz + VHOST_PAGE_SIZE * 8 - 1) / VHOST_PAGE_SIZE / 8);
1013 /* Make sure 64 bit math will not overflow. */
1014 static bool vhost_overflow(u64 uaddr, u64 size)
1016 if (uaddr > ULONG_MAX || size > ULONG_MAX)
1022 return uaddr > ULONG_MAX - size + 1;
1025 /* Caller should have vq mutex and device mutex. */
1026 static bool vq_memory_access_ok(void __user *log_base, struct vhost_iotlb *umem,
1029 struct vhost_iotlb_map *map;
1034 list_for_each_entry(map, &umem->list, link) {
1035 unsigned long a = map->addr;
1037 if (vhost_overflow(map->addr, map->size))
1041 if (!access_ok((void __user *)a, map->size))
1043 else if (log_all && !log_access_ok(log_base,
1051 static inline void __user *vhost_vq_meta_fetch(struct vhost_virtqueue *vq,
1052 u64 addr, unsigned int size,
1055 const struct vhost_iotlb_map *map = vq->meta_iotlb[type];
1060 return (void __user *)(uintptr_t)(map->addr + addr - map->start);
1063 /* Can we switch to this memory table? */
1064 /* Caller should have device mutex but not vq mutex */
1065 static bool memory_access_ok(struct vhost_dev *d, struct vhost_iotlb *umem,
1070 for (i = 0; i < d->nvqs; ++i) {
1074 mutex_lock(&d->vqs[i]->mutex);
1075 log = log_all || vhost_has_feature(d->vqs[i], VHOST_F_LOG_ALL);
1076 /* If ring is inactive, will check when it's enabled. */
1077 if (d->vqs[i]->private_data)
1078 ok = vq_memory_access_ok(d->vqs[i]->log_base,
1082 mutex_unlock(&d->vqs[i]->mutex);
1089 static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len,
1090 struct iovec iov[], int iov_size, int access);
1092 static int vhost_copy_to_user(struct vhost_virtqueue *vq, void __user *to,
1093 const void *from, unsigned size)
1098 return __copy_to_user(to, from, size);
1100 /* This function should be called after iotlb
1101 * prefetch, which means we're sure that all vq
1102 * could be access through iotlb. So -EAGAIN should
1103 * not happen in this case.
1106 void __user *uaddr = vhost_vq_meta_fetch(vq,
1107 (u64)(uintptr_t)to, size,
1111 return __copy_to_user(uaddr, from, size);
1113 ret = translate_desc(vq, (u64)(uintptr_t)to, size, vq->iotlb_iov,
1114 ARRAY_SIZE(vq->iotlb_iov),
1118 iov_iter_init(&t, ITER_DEST, vq->iotlb_iov, ret, size);
1119 ret = copy_to_iter(from, size, &t);
1127 static int vhost_copy_from_user(struct vhost_virtqueue *vq, void *to,
1128 void __user *from, unsigned size)
1133 return __copy_from_user(to, from, size);
1135 /* This function should be called after iotlb
1136 * prefetch, which means we're sure that vq
1137 * could be access through iotlb. So -EAGAIN should
1138 * not happen in this case.
1140 void __user *uaddr = vhost_vq_meta_fetch(vq,
1141 (u64)(uintptr_t)from, size,
1146 return __copy_from_user(to, uaddr, size);
1148 ret = translate_desc(vq, (u64)(uintptr_t)from, size, vq->iotlb_iov,
1149 ARRAY_SIZE(vq->iotlb_iov),
1152 vq_err(vq, "IOTLB translation failure: uaddr "
1153 "%p size 0x%llx\n", from,
1154 (unsigned long long) size);
1157 iov_iter_init(&f, ITER_SOURCE, vq->iotlb_iov, ret, size);
1158 ret = copy_from_iter(to, size, &f);
1167 static void __user *__vhost_get_user_slow(struct vhost_virtqueue *vq,
1168 void __user *addr, unsigned int size,
1173 ret = translate_desc(vq, (u64)(uintptr_t)addr, size, vq->iotlb_iov,
1174 ARRAY_SIZE(vq->iotlb_iov),
1177 vq_err(vq, "IOTLB translation failure: uaddr "
1178 "%p size 0x%llx\n", addr,
1179 (unsigned long long) size);
1183 if (ret != 1 || vq->iotlb_iov[0].iov_len != size) {
1184 vq_err(vq, "Non atomic userspace memory access: uaddr "
1185 "%p size 0x%llx\n", addr,
1186 (unsigned long long) size);
1190 return vq->iotlb_iov[0].iov_base;
1193 /* This function should be called after iotlb
1194 * prefetch, which means we're sure that vq
1195 * could be access through iotlb. So -EAGAIN should
1196 * not happen in this case.
1198 static inline void __user *__vhost_get_user(struct vhost_virtqueue *vq,
1199 void __user *addr, unsigned int size,
1202 void __user *uaddr = vhost_vq_meta_fetch(vq,
1203 (u64)(uintptr_t)addr, size, type);
1207 return __vhost_get_user_slow(vq, addr, size, type);
1210 #define vhost_put_user(vq, x, ptr) \
1214 ret = __put_user(x, ptr); \
1216 __typeof__(ptr) to = \
1217 (__typeof__(ptr)) __vhost_get_user(vq, ptr, \
1218 sizeof(*ptr), VHOST_ADDR_USED); \
1220 ret = __put_user(x, to); \
1227 static inline int vhost_put_avail_event(struct vhost_virtqueue *vq)
1229 return vhost_put_user(vq, cpu_to_vhost16(vq, vq->avail_idx),
1230 vhost_avail_event(vq));
1233 static inline int vhost_put_used(struct vhost_virtqueue *vq,
1234 struct vring_used_elem *head, int idx,
1237 return vhost_copy_to_user(vq, vq->used->ring + idx, head,
1238 count * sizeof(*head));
1241 static inline int vhost_put_used_flags(struct vhost_virtqueue *vq)
1244 return vhost_put_user(vq, cpu_to_vhost16(vq, vq->used_flags),
1248 static inline int vhost_put_used_idx(struct vhost_virtqueue *vq)
1251 return vhost_put_user(vq, cpu_to_vhost16(vq, vq->last_used_idx),
1255 #define vhost_get_user(vq, x, ptr, type) \
1259 ret = __get_user(x, ptr); \
1261 __typeof__(ptr) from = \
1262 (__typeof__(ptr)) __vhost_get_user(vq, ptr, \
1266 ret = __get_user(x, from); \
1273 #define vhost_get_avail(vq, x, ptr) \
1274 vhost_get_user(vq, x, ptr, VHOST_ADDR_AVAIL)
1276 #define vhost_get_used(vq, x, ptr) \
1277 vhost_get_user(vq, x, ptr, VHOST_ADDR_USED)
1279 static void vhost_dev_lock_vqs(struct vhost_dev *d)
1282 for (i = 0; i < d->nvqs; ++i)
1283 mutex_lock_nested(&d->vqs[i]->mutex, i);
1286 static void vhost_dev_unlock_vqs(struct vhost_dev *d)
1289 for (i = 0; i < d->nvqs; ++i)
1290 mutex_unlock(&d->vqs[i]->mutex);
1293 static inline int vhost_get_avail_idx(struct vhost_virtqueue *vq,
1296 return vhost_get_avail(vq, *idx, &vq->avail->idx);
1299 static inline int vhost_get_avail_head(struct vhost_virtqueue *vq,
1300 __virtio16 *head, int idx)
1302 return vhost_get_avail(vq, *head,
1303 &vq->avail->ring[idx & (vq->num - 1)]);
1306 static inline int vhost_get_avail_flags(struct vhost_virtqueue *vq,
1309 return vhost_get_avail(vq, *flags, &vq->avail->flags);
1312 static inline int vhost_get_used_event(struct vhost_virtqueue *vq,
1315 return vhost_get_avail(vq, *event, vhost_used_event(vq));
1318 static inline int vhost_get_used_idx(struct vhost_virtqueue *vq,
1321 return vhost_get_used(vq, *idx, &vq->used->idx);
1324 static inline int vhost_get_desc(struct vhost_virtqueue *vq,
1325 struct vring_desc *desc, int idx)
1327 return vhost_copy_from_user(vq, desc, vq->desc + idx, sizeof(*desc));
1330 static void vhost_iotlb_notify_vq(struct vhost_dev *d,
1331 struct vhost_iotlb_msg *msg)
1333 struct vhost_msg_node *node, *n;
1335 spin_lock(&d->iotlb_lock);
1337 list_for_each_entry_safe(node, n, &d->pending_list, node) {
1338 struct vhost_iotlb_msg *vq_msg = &node->msg.iotlb;
1339 if (msg->iova <= vq_msg->iova &&
1340 msg->iova + msg->size - 1 >= vq_msg->iova &&
1341 vq_msg->type == VHOST_IOTLB_MISS) {
1342 vhost_poll_queue(&node->vq->poll);
1343 list_del(&node->node);
1348 spin_unlock(&d->iotlb_lock);
1351 static bool umem_access_ok(u64 uaddr, u64 size, int access)
1353 unsigned long a = uaddr;
1355 /* Make sure 64 bit math will not overflow. */
1356 if (vhost_overflow(uaddr, size))
1359 if ((access & VHOST_ACCESS_RO) &&
1360 !access_ok((void __user *)a, size))
1362 if ((access & VHOST_ACCESS_WO) &&
1363 !access_ok((void __user *)a, size))
1368 static int vhost_process_iotlb_msg(struct vhost_dev *dev, u32 asid,
1369 struct vhost_iotlb_msg *msg)
1376 mutex_lock(&dev->mutex);
1377 vhost_dev_lock_vqs(dev);
1378 switch (msg->type) {
1379 case VHOST_IOTLB_UPDATE:
1384 if (!umem_access_ok(msg->uaddr, msg->size, msg->perm)) {
1388 vhost_vq_meta_reset(dev);
1389 if (vhost_iotlb_add_range(dev->iotlb, msg->iova,
1390 msg->iova + msg->size - 1,
1391 msg->uaddr, msg->perm)) {
1395 vhost_iotlb_notify_vq(dev, msg);
1397 case VHOST_IOTLB_INVALIDATE:
1402 vhost_vq_meta_reset(dev);
1403 vhost_iotlb_del_range(dev->iotlb, msg->iova,
1404 msg->iova + msg->size - 1);
1411 vhost_dev_unlock_vqs(dev);
1412 mutex_unlock(&dev->mutex);
1416 ssize_t vhost_chr_write_iter(struct vhost_dev *dev,
1417 struct iov_iter *from)
1419 struct vhost_iotlb_msg msg;
1424 ret = copy_from_iter(&type, sizeof(type), from);
1425 if (ret != sizeof(type)) {
1431 case VHOST_IOTLB_MSG:
1432 /* There maybe a hole after type for V1 message type,
1435 offset = offsetof(struct vhost_msg, iotlb) - sizeof(int);
1437 case VHOST_IOTLB_MSG_V2:
1438 if (vhost_backend_has_feature(dev->vqs[0],
1439 VHOST_BACKEND_F_IOTLB_ASID)) {
1440 ret = copy_from_iter(&asid, sizeof(asid), from);
1441 if (ret != sizeof(asid)) {
1447 offset = sizeof(__u32);
1454 iov_iter_advance(from, offset);
1455 ret = copy_from_iter(&msg, sizeof(msg), from);
1456 if (ret != sizeof(msg)) {
1461 if ((msg.type == VHOST_IOTLB_UPDATE ||
1462 msg.type == VHOST_IOTLB_INVALIDATE) &&
1468 if (dev->msg_handler)
1469 ret = dev->msg_handler(dev, asid, &msg);
1471 ret = vhost_process_iotlb_msg(dev, asid, &msg);
1477 ret = (type == VHOST_IOTLB_MSG) ? sizeof(struct vhost_msg) :
1478 sizeof(struct vhost_msg_v2);
1482 EXPORT_SYMBOL(vhost_chr_write_iter);
1484 __poll_t vhost_chr_poll(struct file *file, struct vhost_dev *dev,
1489 poll_wait(file, &dev->wait, wait);
1491 if (!list_empty(&dev->read_list))
1492 mask |= EPOLLIN | EPOLLRDNORM;
1496 EXPORT_SYMBOL(vhost_chr_poll);
1498 ssize_t vhost_chr_read_iter(struct vhost_dev *dev, struct iov_iter *to,
1502 struct vhost_msg_node *node;
1504 unsigned size = sizeof(struct vhost_msg);
1506 if (iov_iter_count(to) < size)
1511 prepare_to_wait(&dev->wait, &wait,
1512 TASK_INTERRUPTIBLE);
1514 node = vhost_dequeue_msg(dev, &dev->read_list);
1521 if (signal_pending(current)) {
1534 finish_wait(&dev->wait, &wait);
1537 struct vhost_iotlb_msg *msg;
1538 void *start = &node->msg;
1540 switch (node->msg.type) {
1541 case VHOST_IOTLB_MSG:
1542 size = sizeof(node->msg);
1543 msg = &node->msg.iotlb;
1545 case VHOST_IOTLB_MSG_V2:
1546 size = sizeof(node->msg_v2);
1547 msg = &node->msg_v2.iotlb;
1554 ret = copy_to_iter(start, size, to);
1555 if (ret != size || msg->type != VHOST_IOTLB_MISS) {
1559 vhost_enqueue_msg(dev, &dev->pending_list, node);
1564 EXPORT_SYMBOL_GPL(vhost_chr_read_iter);
1566 static int vhost_iotlb_miss(struct vhost_virtqueue *vq, u64 iova, int access)
1568 struct vhost_dev *dev = vq->dev;
1569 struct vhost_msg_node *node;
1570 struct vhost_iotlb_msg *msg;
1571 bool v2 = vhost_backend_has_feature(vq, VHOST_BACKEND_F_IOTLB_MSG_V2);
1573 node = vhost_new_msg(vq, v2 ? VHOST_IOTLB_MSG_V2 : VHOST_IOTLB_MSG);
1578 node->msg_v2.type = VHOST_IOTLB_MSG_V2;
1579 msg = &node->msg_v2.iotlb;
1581 msg = &node->msg.iotlb;
1584 msg->type = VHOST_IOTLB_MISS;
1588 vhost_enqueue_msg(dev, &dev->read_list, node);
1593 static bool vq_access_ok(struct vhost_virtqueue *vq, unsigned int num,
1594 vring_desc_t __user *desc,
1595 vring_avail_t __user *avail,
1596 vring_used_t __user *used)
1599 /* If an IOTLB device is present, the vring addresses are
1600 * GIOVAs. Access validation occurs at prefetch time. */
1604 return access_ok(desc, vhost_get_desc_size(vq, num)) &&
1605 access_ok(avail, vhost_get_avail_size(vq, num)) &&
1606 access_ok(used, vhost_get_used_size(vq, num));
1609 static void vhost_vq_meta_update(struct vhost_virtqueue *vq,
1610 const struct vhost_iotlb_map *map,
1613 int access = (type == VHOST_ADDR_USED) ?
1614 VHOST_ACCESS_WO : VHOST_ACCESS_RO;
1616 if (likely(map->perm & access))
1617 vq->meta_iotlb[type] = map;
1620 static bool iotlb_access_ok(struct vhost_virtqueue *vq,
1621 int access, u64 addr, u64 len, int type)
1623 const struct vhost_iotlb_map *map;
1624 struct vhost_iotlb *umem = vq->iotlb;
1625 u64 s = 0, size, orig_addr = addr, last = addr + len - 1;
1627 if (vhost_vq_meta_fetch(vq, addr, len, type))
1631 map = vhost_iotlb_itree_first(umem, addr, last);
1632 if (map == NULL || map->start > addr) {
1633 vhost_iotlb_miss(vq, addr, access);
1635 } else if (!(map->perm & access)) {
1636 /* Report the possible access violation by
1637 * request another translation from userspace.
1642 size = map->size - addr + map->start;
1644 if (orig_addr == addr && size >= len)
1645 vhost_vq_meta_update(vq, map, type);
1654 int vq_meta_prefetch(struct vhost_virtqueue *vq)
1656 unsigned int num = vq->num;
1661 return iotlb_access_ok(vq, VHOST_MAP_RO, (u64)(uintptr_t)vq->desc,
1662 vhost_get_desc_size(vq, num), VHOST_ADDR_DESC) &&
1663 iotlb_access_ok(vq, VHOST_MAP_RO, (u64)(uintptr_t)vq->avail,
1664 vhost_get_avail_size(vq, num),
1665 VHOST_ADDR_AVAIL) &&
1666 iotlb_access_ok(vq, VHOST_MAP_WO, (u64)(uintptr_t)vq->used,
1667 vhost_get_used_size(vq, num), VHOST_ADDR_USED);
1669 EXPORT_SYMBOL_GPL(vq_meta_prefetch);
1671 /* Can we log writes? */
1672 /* Caller should have device mutex but not vq mutex */
1673 bool vhost_log_access_ok(struct vhost_dev *dev)
1675 return memory_access_ok(dev, dev->umem, 1);
1677 EXPORT_SYMBOL_GPL(vhost_log_access_ok);
1679 static bool vq_log_used_access_ok(struct vhost_virtqueue *vq,
1680 void __user *log_base,
1684 /* If an IOTLB device is present, log_addr is a GIOVA that
1685 * will never be logged by log_used(). */
1689 return !log_used || log_access_ok(log_base, log_addr,
1690 vhost_get_used_size(vq, vq->num));
1693 /* Verify access for write logging. */
1694 /* Caller should have vq mutex and device mutex */
1695 static bool vq_log_access_ok(struct vhost_virtqueue *vq,
1696 void __user *log_base)
1698 return vq_memory_access_ok(log_base, vq->umem,
1699 vhost_has_feature(vq, VHOST_F_LOG_ALL)) &&
1700 vq_log_used_access_ok(vq, log_base, vq->log_used, vq->log_addr);
1703 /* Can we start vq? */
1704 /* Caller should have vq mutex and device mutex */
1705 bool vhost_vq_access_ok(struct vhost_virtqueue *vq)
1707 if (!vq_log_access_ok(vq, vq->log_base))
1710 return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used);
1712 EXPORT_SYMBOL_GPL(vhost_vq_access_ok);
1714 static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m)
1716 struct vhost_memory mem, *newmem;
1717 struct vhost_memory_region *region;
1718 struct vhost_iotlb *newumem, *oldumem;
1719 unsigned long size = offsetof(struct vhost_memory, regions);
1722 if (copy_from_user(&mem, m, size))
1726 if (mem.nregions > max_mem_regions)
1728 newmem = kvzalloc(struct_size(newmem, regions, mem.nregions),
1733 memcpy(newmem, &mem, size);
1734 if (copy_from_user(newmem->regions, m->regions,
1735 flex_array_size(newmem, regions, mem.nregions))) {
1740 newumem = iotlb_alloc();
1746 for (region = newmem->regions;
1747 region < newmem->regions + mem.nregions;
1749 if (vhost_iotlb_add_range(newumem,
1750 region->guest_phys_addr,
1751 region->guest_phys_addr +
1752 region->memory_size - 1,
1753 region->userspace_addr,
1758 if (!memory_access_ok(d, newumem, 0))
1764 /* All memory accesses are done under some VQ mutex. */
1765 for (i = 0; i < d->nvqs; ++i) {
1766 mutex_lock(&d->vqs[i]->mutex);
1767 d->vqs[i]->umem = newumem;
1768 mutex_unlock(&d->vqs[i]->mutex);
1772 vhost_iotlb_free(oldumem);
1776 vhost_iotlb_free(newumem);
1781 static long vhost_vring_set_num(struct vhost_dev *d,
1782 struct vhost_virtqueue *vq,
1785 struct vhost_vring_state s;
1787 /* Resizing ring with an active backend?
1788 * You don't want to do that. */
1789 if (vq->private_data)
1792 if (copy_from_user(&s, argp, sizeof s))
1795 if (!s.num || s.num > 0xffff || (s.num & (s.num - 1)))
1802 static long vhost_vring_set_addr(struct vhost_dev *d,
1803 struct vhost_virtqueue *vq,
1806 struct vhost_vring_addr a;
1808 if (copy_from_user(&a, argp, sizeof a))
1810 if (a.flags & ~(0x1 << VHOST_VRING_F_LOG))
1813 /* For 32bit, verify that the top 32bits of the user
1814 data are set to zero. */
1815 if ((u64)(unsigned long)a.desc_user_addr != a.desc_user_addr ||
1816 (u64)(unsigned long)a.used_user_addr != a.used_user_addr ||
1817 (u64)(unsigned long)a.avail_user_addr != a.avail_user_addr)
1820 /* Make sure it's safe to cast pointers to vring types. */
1821 BUILD_BUG_ON(__alignof__ *vq->avail > VRING_AVAIL_ALIGN_SIZE);
1822 BUILD_BUG_ON(__alignof__ *vq->used > VRING_USED_ALIGN_SIZE);
1823 if ((a.avail_user_addr & (VRING_AVAIL_ALIGN_SIZE - 1)) ||
1824 (a.used_user_addr & (VRING_USED_ALIGN_SIZE - 1)) ||
1825 (a.log_guest_addr & (VRING_USED_ALIGN_SIZE - 1)))
1828 /* We only verify access here if backend is configured.
1829 * If it is not, we don't as size might not have been setup.
1830 * We will verify when backend is configured. */
1831 if (vq->private_data) {
1832 if (!vq_access_ok(vq, vq->num,
1833 (void __user *)(unsigned long)a.desc_user_addr,
1834 (void __user *)(unsigned long)a.avail_user_addr,
1835 (void __user *)(unsigned long)a.used_user_addr))
1838 /* Also validate log access for used ring if enabled. */
1839 if (!vq_log_used_access_ok(vq, vq->log_base,
1840 a.flags & (0x1 << VHOST_VRING_F_LOG),
1845 vq->log_used = !!(a.flags & (0x1 << VHOST_VRING_F_LOG));
1846 vq->desc = (void __user *)(unsigned long)a.desc_user_addr;
1847 vq->avail = (void __user *)(unsigned long)a.avail_user_addr;
1848 vq->log_addr = a.log_guest_addr;
1849 vq->used = (void __user *)(unsigned long)a.used_user_addr;
1854 static long vhost_vring_set_num_addr(struct vhost_dev *d,
1855 struct vhost_virtqueue *vq,
1861 mutex_lock(&vq->mutex);
1864 case VHOST_SET_VRING_NUM:
1865 r = vhost_vring_set_num(d, vq, argp);
1867 case VHOST_SET_VRING_ADDR:
1868 r = vhost_vring_set_addr(d, vq, argp);
1874 mutex_unlock(&vq->mutex);
1878 long vhost_vring_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
1880 struct file *eventfp, *filep = NULL;
1881 bool pollstart = false, pollstop = false;
1882 struct eventfd_ctx *ctx = NULL;
1883 struct vhost_virtqueue *vq;
1884 struct vhost_vring_state s;
1885 struct vhost_vring_file f;
1889 r = vhost_get_vq_from_user(d, argp, &vq, &idx);
1893 if (ioctl == VHOST_SET_VRING_NUM ||
1894 ioctl == VHOST_SET_VRING_ADDR) {
1895 return vhost_vring_set_num_addr(d, vq, ioctl, argp);
1898 mutex_lock(&vq->mutex);
1901 case VHOST_SET_VRING_BASE:
1902 /* Moving base with an active backend?
1903 * You don't want to do that. */
1904 if (vq->private_data) {
1908 if (copy_from_user(&s, argp, sizeof s)) {
1912 if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
1913 vq->last_avail_idx = s.num & 0xffff;
1914 vq->last_used_idx = (s.num >> 16) & 0xffff;
1916 if (s.num > 0xffff) {
1920 vq->last_avail_idx = s.num;
1922 /* Forget the cached index value. */
1923 vq->avail_idx = vq->last_avail_idx;
1925 case VHOST_GET_VRING_BASE:
1927 if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED))
1928 s.num = (u32)vq->last_avail_idx | ((u32)vq->last_used_idx << 16);
1930 s.num = vq->last_avail_idx;
1931 if (copy_to_user(argp, &s, sizeof s))
1934 case VHOST_SET_VRING_KICK:
1935 if (copy_from_user(&f, argp, sizeof f)) {
1939 eventfp = f.fd == VHOST_FILE_UNBIND ? NULL : eventfd_fget(f.fd);
1940 if (IS_ERR(eventfp)) {
1941 r = PTR_ERR(eventfp);
1944 if (eventfp != vq->kick) {
1945 pollstop = (filep = vq->kick) != NULL;
1946 pollstart = (vq->kick = eventfp) != NULL;
1950 case VHOST_SET_VRING_CALL:
1951 if (copy_from_user(&f, argp, sizeof f)) {
1955 ctx = f.fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(f.fd);
1961 swap(ctx, vq->call_ctx.ctx);
1963 case VHOST_SET_VRING_ERR:
1964 if (copy_from_user(&f, argp, sizeof f)) {
1968 ctx = f.fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(f.fd);
1973 swap(ctx, vq->error_ctx);
1975 case VHOST_SET_VRING_ENDIAN:
1976 r = vhost_set_vring_endian(vq, argp);
1978 case VHOST_GET_VRING_ENDIAN:
1979 r = vhost_get_vring_endian(vq, idx, argp);
1981 case VHOST_SET_VRING_BUSYLOOP_TIMEOUT:
1982 if (copy_from_user(&s, argp, sizeof(s))) {
1986 vq->busyloop_timeout = s.num;
1988 case VHOST_GET_VRING_BUSYLOOP_TIMEOUT:
1990 s.num = vq->busyloop_timeout;
1991 if (copy_to_user(argp, &s, sizeof(s)))
1998 if (pollstop && vq->handle_kick)
1999 vhost_poll_stop(&vq->poll);
2001 if (!IS_ERR_OR_NULL(ctx))
2002 eventfd_ctx_put(ctx);
2006 if (pollstart && vq->handle_kick)
2007 r = vhost_poll_start(&vq->poll, vq->kick);
2009 mutex_unlock(&vq->mutex);
2011 if (pollstop && vq->handle_kick)
2012 vhost_dev_flush(vq->poll.dev);
2015 EXPORT_SYMBOL_GPL(vhost_vring_ioctl);
2017 int vhost_init_device_iotlb(struct vhost_dev *d)
2019 struct vhost_iotlb *niotlb, *oiotlb;
2022 niotlb = iotlb_alloc();
2029 for (i = 0; i < d->nvqs; ++i) {
2030 struct vhost_virtqueue *vq = d->vqs[i];
2032 mutex_lock(&vq->mutex);
2034 __vhost_vq_meta_reset(vq);
2035 mutex_unlock(&vq->mutex);
2038 vhost_iotlb_free(oiotlb);
2042 EXPORT_SYMBOL_GPL(vhost_init_device_iotlb);
2044 /* Caller must have device mutex */
2045 long vhost_dev_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
2047 struct eventfd_ctx *ctx;
2052 /* If you are not the owner, you can become one */
2053 if (ioctl == VHOST_SET_OWNER) {
2054 r = vhost_dev_set_owner(d);
2058 /* You must be the owner to do anything else */
2059 r = vhost_dev_check_owner(d);
2064 case VHOST_SET_MEM_TABLE:
2065 r = vhost_set_memory(d, argp);
2067 case VHOST_SET_LOG_BASE:
2068 if (copy_from_user(&p, argp, sizeof p)) {
2072 if ((u64)(unsigned long)p != p) {
2076 for (i = 0; i < d->nvqs; ++i) {
2077 struct vhost_virtqueue *vq;
2078 void __user *base = (void __user *)(unsigned long)p;
2080 mutex_lock(&vq->mutex);
2081 /* If ring is inactive, will check when it's enabled. */
2082 if (vq->private_data && !vq_log_access_ok(vq, base))
2085 vq->log_base = base;
2086 mutex_unlock(&vq->mutex);
2089 case VHOST_SET_LOG_FD:
2090 r = get_user(fd, (int __user *)argp);
2093 ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd);
2098 swap(ctx, d->log_ctx);
2099 for (i = 0; i < d->nvqs; ++i) {
2100 mutex_lock(&d->vqs[i]->mutex);
2101 d->vqs[i]->log_ctx = d->log_ctx;
2102 mutex_unlock(&d->vqs[i]->mutex);
2105 eventfd_ctx_put(ctx);
2114 EXPORT_SYMBOL_GPL(vhost_dev_ioctl);
2116 /* TODO: This is really inefficient. We need something like get_user()
2117 * (instruction directly accesses the data, with an exception table entry
2118 * returning -EFAULT). See Documentation/arch/x86/exception-tables.rst.
2120 static int set_bit_to_user(int nr, void __user *addr)
2122 unsigned long log = (unsigned long)addr;
2125 int bit = nr + (log % PAGE_SIZE) * 8;
2128 r = pin_user_pages_fast(log, 1, FOLL_WRITE, &page);
2132 base = kmap_atomic(page);
2134 kunmap_atomic(base);
2135 unpin_user_pages_dirty_lock(&page, 1, true);
2139 static int log_write(void __user *log_base,
2140 u64 write_address, u64 write_length)
2142 u64 write_page = write_address / VHOST_PAGE_SIZE;
2147 write_length += write_address % VHOST_PAGE_SIZE;
2149 u64 base = (u64)(unsigned long)log_base;
2150 u64 log = base + write_page / 8;
2151 int bit = write_page % 8;
2152 if ((u64)(unsigned long)log != log)
2154 r = set_bit_to_user(bit, (void __user *)(unsigned long)log);
2157 if (write_length <= VHOST_PAGE_SIZE)
2159 write_length -= VHOST_PAGE_SIZE;
2165 static int log_write_hva(struct vhost_virtqueue *vq, u64 hva, u64 len)
2167 struct vhost_iotlb *umem = vq->umem;
2168 struct vhost_iotlb_map *u;
2169 u64 start, end, l, min;
2175 /* More than one GPAs can be mapped into a single HVA. So
2176 * iterate all possible umems here to be safe.
2178 list_for_each_entry(u, &umem->list, link) {
2179 if (u->addr > hva - 1 + len ||
2180 u->addr - 1 + u->size < hva)
2182 start = max(u->addr, hva);
2183 end = min(u->addr - 1 + u->size, hva - 1 + len);
2184 l = end - start + 1;
2185 r = log_write(vq->log_base,
2186 u->start + start - u->addr,
2204 static int log_used(struct vhost_virtqueue *vq, u64 used_offset, u64 len)
2206 struct iovec *iov = vq->log_iov;
2210 return log_write(vq->log_base, vq->log_addr + used_offset, len);
2212 ret = translate_desc(vq, (uintptr_t)vq->used + used_offset,
2213 len, iov, 64, VHOST_ACCESS_WO);
2217 for (i = 0; i < ret; i++) {
2218 ret = log_write_hva(vq, (uintptr_t)iov[i].iov_base,
2227 int vhost_log_write(struct vhost_virtqueue *vq, struct vhost_log *log,
2228 unsigned int log_num, u64 len, struct iovec *iov, int count)
2232 /* Make sure data written is seen before log. */
2236 for (i = 0; i < count; i++) {
2237 r = log_write_hva(vq, (uintptr_t)iov[i].iov_base,
2245 for (i = 0; i < log_num; ++i) {
2246 u64 l = min(log[i].len, len);
2247 r = log_write(vq->log_base, log[i].addr, l);
2253 eventfd_signal(vq->log_ctx, 1);
2257 /* Length written exceeds what we have stored. This is a bug. */
2261 EXPORT_SYMBOL_GPL(vhost_log_write);
2263 static int vhost_update_used_flags(struct vhost_virtqueue *vq)
2266 if (vhost_put_used_flags(vq))
2268 if (unlikely(vq->log_used)) {
2269 /* Make sure the flag is seen before log. */
2271 /* Log used flag write. */
2272 used = &vq->used->flags;
2273 log_used(vq, (used - (void __user *)vq->used),
2274 sizeof vq->used->flags);
2276 eventfd_signal(vq->log_ctx, 1);
2281 static int vhost_update_avail_event(struct vhost_virtqueue *vq)
2283 if (vhost_put_avail_event(vq))
2285 if (unlikely(vq->log_used)) {
2287 /* Make sure the event is seen before log. */
2289 /* Log avail event write */
2290 used = vhost_avail_event(vq);
2291 log_used(vq, (used - (void __user *)vq->used),
2292 sizeof *vhost_avail_event(vq));
2294 eventfd_signal(vq->log_ctx, 1);
2299 int vhost_vq_init_access(struct vhost_virtqueue *vq)
2301 __virtio16 last_used_idx;
2303 bool is_le = vq->is_le;
2305 if (!vq->private_data)
2308 vhost_init_is_le(vq);
2310 r = vhost_update_used_flags(vq);
2313 vq->signalled_used_valid = false;
2315 !access_ok(&vq->used->idx, sizeof vq->used->idx)) {
2319 r = vhost_get_used_idx(vq, &last_used_idx);
2321 vq_err(vq, "Can't access used idx at %p\n",
2325 vq->last_used_idx = vhost16_to_cpu(vq, last_used_idx);
2332 EXPORT_SYMBOL_GPL(vhost_vq_init_access);
2334 static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len,
2335 struct iovec iov[], int iov_size, int access)
2337 const struct vhost_iotlb_map *map;
2338 struct vhost_dev *dev = vq->dev;
2339 struct vhost_iotlb *umem = dev->iotlb ? dev->iotlb : dev->umem;
2341 u64 s = 0, last = addr + len - 1;
2344 while ((u64)len > s) {
2346 if (unlikely(ret >= iov_size)) {
2351 map = vhost_iotlb_itree_first(umem, addr, last);
2352 if (map == NULL || map->start > addr) {
2353 if (umem != dev->iotlb) {
2359 } else if (!(map->perm & access)) {
2365 size = map->size - addr + map->start;
2366 _iov->iov_len = min((u64)len - s, size);
2367 _iov->iov_base = (void __user *)(unsigned long)
2368 (map->addr + addr - map->start);
2375 vhost_iotlb_miss(vq, addr, access);
2379 /* Each buffer in the virtqueues is actually a chain of descriptors. This
2380 * function returns the next descriptor in the chain,
2381 * or -1U if we're at the end. */
2382 static unsigned next_desc(struct vhost_virtqueue *vq, struct vring_desc *desc)
2386 /* If this descriptor says it doesn't chain, we're done. */
2387 if (!(desc->flags & cpu_to_vhost16(vq, VRING_DESC_F_NEXT)))
2390 /* Check they're not leading us off end of descriptors. */
2391 next = vhost16_to_cpu(vq, READ_ONCE(desc->next));
2395 static int get_indirect(struct vhost_virtqueue *vq,
2396 struct iovec iov[], unsigned int iov_size,
2397 unsigned int *out_num, unsigned int *in_num,
2398 struct vhost_log *log, unsigned int *log_num,
2399 struct vring_desc *indirect)
2401 struct vring_desc desc;
2402 unsigned int i = 0, count, found = 0;
2403 u32 len = vhost32_to_cpu(vq, indirect->len);
2404 struct iov_iter from;
2408 if (unlikely(len % sizeof desc)) {
2409 vq_err(vq, "Invalid length in indirect descriptor: "
2410 "len 0x%llx not multiple of 0x%zx\n",
2411 (unsigned long long)len,
2416 ret = translate_desc(vq, vhost64_to_cpu(vq, indirect->addr), len, vq->indirect,
2417 UIO_MAXIOV, VHOST_ACCESS_RO);
2418 if (unlikely(ret < 0)) {
2420 vq_err(vq, "Translation failure %d in indirect.\n", ret);
2423 iov_iter_init(&from, ITER_SOURCE, vq->indirect, ret, len);
2424 count = len / sizeof desc;
2425 /* Buffers are chained via a 16 bit next field, so
2426 * we can have at most 2^16 of these. */
2427 if (unlikely(count > USHRT_MAX + 1)) {
2428 vq_err(vq, "Indirect buffer length too big: %d\n",
2434 unsigned iov_count = *in_num + *out_num;
2435 if (unlikely(++found > count)) {
2436 vq_err(vq, "Loop detected: last one at %u "
2437 "indirect size %u\n",
2441 if (unlikely(!copy_from_iter_full(&desc, sizeof(desc), &from))) {
2442 vq_err(vq, "Failed indirect descriptor: idx %d, %zx\n",
2443 i, (size_t)vhost64_to_cpu(vq, indirect->addr) + i * sizeof desc);
2446 if (unlikely(desc.flags & cpu_to_vhost16(vq, VRING_DESC_F_INDIRECT))) {
2447 vq_err(vq, "Nested indirect descriptor: idx %d, %zx\n",
2448 i, (size_t)vhost64_to_cpu(vq, indirect->addr) + i * sizeof desc);
2452 if (desc.flags & cpu_to_vhost16(vq, VRING_DESC_F_WRITE))
2453 access = VHOST_ACCESS_WO;
2455 access = VHOST_ACCESS_RO;
2457 ret = translate_desc(vq, vhost64_to_cpu(vq, desc.addr),
2458 vhost32_to_cpu(vq, desc.len), iov + iov_count,
2459 iov_size - iov_count, access);
2460 if (unlikely(ret < 0)) {
2462 vq_err(vq, "Translation failure %d indirect idx %d\n",
2466 /* If this is an input descriptor, increment that count. */
2467 if (access == VHOST_ACCESS_WO) {
2469 if (unlikely(log && ret)) {
2470 log[*log_num].addr = vhost64_to_cpu(vq, desc.addr);
2471 log[*log_num].len = vhost32_to_cpu(vq, desc.len);
2475 /* If it's an output descriptor, they're all supposed
2476 * to come before any input descriptors. */
2477 if (unlikely(*in_num)) {
2478 vq_err(vq, "Indirect descriptor "
2479 "has out after in: idx %d\n", i);
2484 } while ((i = next_desc(vq, &desc)) != -1);
2488 /* This looks in the virtqueue and for the first available buffer, and converts
2489 * it to an iovec for convenient access. Since descriptors consist of some
2490 * number of output then some number of input descriptors, it's actually two
2491 * iovecs, but we pack them into one and note how many of each there were.
2493 * This function returns the descriptor number found, or vq->num (which is
2494 * never a valid descriptor number) if none was found. A negative code is
2495 * returned on error. */
2496 int vhost_get_vq_desc(struct vhost_virtqueue *vq,
2497 struct iovec iov[], unsigned int iov_size,
2498 unsigned int *out_num, unsigned int *in_num,
2499 struct vhost_log *log, unsigned int *log_num)
2501 struct vring_desc desc;
2502 unsigned int i, head, found = 0;
2504 __virtio16 avail_idx;
2505 __virtio16 ring_head;
2508 /* Check it isn't doing very strange things with descriptor numbers. */
2509 last_avail_idx = vq->last_avail_idx;
2511 if (vq->avail_idx == vq->last_avail_idx) {
2512 if (unlikely(vhost_get_avail_idx(vq, &avail_idx))) {
2513 vq_err(vq, "Failed to access avail idx at %p\n",
2517 vq->avail_idx = vhost16_to_cpu(vq, avail_idx);
2519 if (unlikely((u16)(vq->avail_idx - last_avail_idx) > vq->num)) {
2520 vq_err(vq, "Guest moved used index from %u to %u",
2521 last_avail_idx, vq->avail_idx);
2525 /* If there's nothing new since last we looked, return
2528 if (vq->avail_idx == last_avail_idx)
2531 /* Only get avail ring entries after they have been
2537 /* Grab the next descriptor number they're advertising, and increment
2538 * the index we've seen. */
2539 if (unlikely(vhost_get_avail_head(vq, &ring_head, last_avail_idx))) {
2540 vq_err(vq, "Failed to read head: idx %d address %p\n",
2542 &vq->avail->ring[last_avail_idx % vq->num]);
2546 head = vhost16_to_cpu(vq, ring_head);
2548 /* If their number is silly, that's an error. */
2549 if (unlikely(head >= vq->num)) {
2550 vq_err(vq, "Guest says index %u > %u is available",
2555 /* When we start there are none of either input nor output. */
2556 *out_num = *in_num = 0;
2562 unsigned iov_count = *in_num + *out_num;
2563 if (unlikely(i >= vq->num)) {
2564 vq_err(vq, "Desc index is %u > %u, head = %u",
2568 if (unlikely(++found > vq->num)) {
2569 vq_err(vq, "Loop detected: last one at %u "
2570 "vq size %u head %u\n",
2574 ret = vhost_get_desc(vq, &desc, i);
2575 if (unlikely(ret)) {
2576 vq_err(vq, "Failed to get descriptor: idx %d addr %p\n",
2580 if (desc.flags & cpu_to_vhost16(vq, VRING_DESC_F_INDIRECT)) {
2581 ret = get_indirect(vq, iov, iov_size,
2583 log, log_num, &desc);
2584 if (unlikely(ret < 0)) {
2586 vq_err(vq, "Failure detected "
2587 "in indirect descriptor at idx %d\n", i);
2593 if (desc.flags & cpu_to_vhost16(vq, VRING_DESC_F_WRITE))
2594 access = VHOST_ACCESS_WO;
2596 access = VHOST_ACCESS_RO;
2597 ret = translate_desc(vq, vhost64_to_cpu(vq, desc.addr),
2598 vhost32_to_cpu(vq, desc.len), iov + iov_count,
2599 iov_size - iov_count, access);
2600 if (unlikely(ret < 0)) {
2602 vq_err(vq, "Translation failure %d descriptor idx %d\n",
2606 if (access == VHOST_ACCESS_WO) {
2607 /* If this is an input descriptor,
2608 * increment that count. */
2610 if (unlikely(log && ret)) {
2611 log[*log_num].addr = vhost64_to_cpu(vq, desc.addr);
2612 log[*log_num].len = vhost32_to_cpu(vq, desc.len);
2616 /* If it's an output descriptor, they're all supposed
2617 * to come before any input descriptors. */
2618 if (unlikely(*in_num)) {
2619 vq_err(vq, "Descriptor has out after in: "
2625 } while ((i = next_desc(vq, &desc)) != -1);
2627 /* On success, increment avail index. */
2628 vq->last_avail_idx++;
2630 /* Assume notifications from guest are disabled at this point,
2631 * if they aren't we would need to update avail_event index. */
2632 BUG_ON(!(vq->used_flags & VRING_USED_F_NO_NOTIFY));
2635 EXPORT_SYMBOL_GPL(vhost_get_vq_desc);
2637 /* Reverse the effect of vhost_get_vq_desc. Useful for error handling. */
2638 void vhost_discard_vq_desc(struct vhost_virtqueue *vq, int n)
2640 vq->last_avail_idx -= n;
2642 EXPORT_SYMBOL_GPL(vhost_discard_vq_desc);
2644 /* After we've used one of their buffers, we tell them about it. We'll then
2645 * want to notify the guest, using eventfd. */
2646 int vhost_add_used(struct vhost_virtqueue *vq, unsigned int head, int len)
2648 struct vring_used_elem heads = {
2649 cpu_to_vhost32(vq, head),
2650 cpu_to_vhost32(vq, len)
2653 return vhost_add_used_n(vq, &heads, 1);
2655 EXPORT_SYMBOL_GPL(vhost_add_used);
2657 static int __vhost_add_used_n(struct vhost_virtqueue *vq,
2658 struct vring_used_elem *heads,
2661 vring_used_elem_t __user *used;
2665 start = vq->last_used_idx & (vq->num - 1);
2666 used = vq->used->ring + start;
2667 if (vhost_put_used(vq, heads, start, count)) {
2668 vq_err(vq, "Failed to write used");
2671 if (unlikely(vq->log_used)) {
2672 /* Make sure data is seen before log. */
2674 /* Log used ring entry write. */
2675 log_used(vq, ((void __user *)used - (void __user *)vq->used),
2676 count * sizeof *used);
2678 old = vq->last_used_idx;
2679 new = (vq->last_used_idx += count);
2680 /* If the driver never bothers to signal in a very long while,
2681 * used index might wrap around. If that happens, invalidate
2682 * signalled_used index we stored. TODO: make sure driver
2683 * signals at least once in 2^16 and remove this. */
2684 if (unlikely((u16)(new - vq->signalled_used) < (u16)(new - old)))
2685 vq->signalled_used_valid = false;
2689 /* After we've used one of their buffers, we tell them about it. We'll then
2690 * want to notify the guest, using eventfd. */
2691 int vhost_add_used_n(struct vhost_virtqueue *vq, struct vring_used_elem *heads,
2696 start = vq->last_used_idx & (vq->num - 1);
2697 n = vq->num - start;
2699 r = __vhost_add_used_n(vq, heads, n);
2705 r = __vhost_add_used_n(vq, heads, count);
2707 /* Make sure buffer is written before we update index. */
2709 if (vhost_put_used_idx(vq)) {
2710 vq_err(vq, "Failed to increment used idx");
2713 if (unlikely(vq->log_used)) {
2714 /* Make sure used idx is seen before log. */
2716 /* Log used index update. */
2717 log_used(vq, offsetof(struct vring_used, idx),
2718 sizeof vq->used->idx);
2720 eventfd_signal(vq->log_ctx, 1);
2724 EXPORT_SYMBOL_GPL(vhost_add_used_n);
2726 static bool vhost_notify(struct vhost_dev *dev, struct vhost_virtqueue *vq)
2731 /* Flush out used index updates. This is paired
2732 * with the barrier that the Guest executes when enabling
2736 if (vhost_has_feature(vq, VIRTIO_F_NOTIFY_ON_EMPTY) &&
2737 unlikely(vq->avail_idx == vq->last_avail_idx))
2740 if (!vhost_has_feature(vq, VIRTIO_RING_F_EVENT_IDX)) {
2742 if (vhost_get_avail_flags(vq, &flags)) {
2743 vq_err(vq, "Failed to get flags");
2746 return !(flags & cpu_to_vhost16(vq, VRING_AVAIL_F_NO_INTERRUPT));
2748 old = vq->signalled_used;
2749 v = vq->signalled_used_valid;
2750 new = vq->signalled_used = vq->last_used_idx;
2751 vq->signalled_used_valid = true;
2756 if (vhost_get_used_event(vq, &event)) {
2757 vq_err(vq, "Failed to get used event idx");
2760 return vring_need_event(vhost16_to_cpu(vq, event), new, old);
2763 /* This actually signals the guest, using eventfd. */
2764 void vhost_signal(struct vhost_dev *dev, struct vhost_virtqueue *vq)
2766 /* Signal the Guest tell them we used something up. */
2767 if (vq->call_ctx.ctx && vhost_notify(dev, vq))
2768 eventfd_signal(vq->call_ctx.ctx, 1);
2770 EXPORT_SYMBOL_GPL(vhost_signal);
2772 /* And here's the combo meal deal. Supersize me! */
2773 void vhost_add_used_and_signal(struct vhost_dev *dev,
2774 struct vhost_virtqueue *vq,
2775 unsigned int head, int len)
2777 vhost_add_used(vq, head, len);
2778 vhost_signal(dev, vq);
2780 EXPORT_SYMBOL_GPL(vhost_add_used_and_signal);
2782 /* multi-buffer version of vhost_add_used_and_signal */
2783 void vhost_add_used_and_signal_n(struct vhost_dev *dev,
2784 struct vhost_virtqueue *vq,
2785 struct vring_used_elem *heads, unsigned count)
2787 vhost_add_used_n(vq, heads, count);
2788 vhost_signal(dev, vq);
2790 EXPORT_SYMBOL_GPL(vhost_add_used_and_signal_n);
2792 /* return true if we're sure that avaiable ring is empty */
2793 bool vhost_vq_avail_empty(struct vhost_dev *dev, struct vhost_virtqueue *vq)
2795 __virtio16 avail_idx;
2798 if (vq->avail_idx != vq->last_avail_idx)
2801 r = vhost_get_avail_idx(vq, &avail_idx);
2804 vq->avail_idx = vhost16_to_cpu(vq, avail_idx);
2806 return vq->avail_idx == vq->last_avail_idx;
2808 EXPORT_SYMBOL_GPL(vhost_vq_avail_empty);
2810 /* OK, now we need to know about added descriptors. */
2811 bool vhost_enable_notify(struct vhost_dev *dev, struct vhost_virtqueue *vq)
2813 __virtio16 avail_idx;
2816 if (!(vq->used_flags & VRING_USED_F_NO_NOTIFY))
2818 vq->used_flags &= ~VRING_USED_F_NO_NOTIFY;
2819 if (!vhost_has_feature(vq, VIRTIO_RING_F_EVENT_IDX)) {
2820 r = vhost_update_used_flags(vq);
2822 vq_err(vq, "Failed to enable notification at %p: %d\n",
2823 &vq->used->flags, r);
2827 r = vhost_update_avail_event(vq);
2829 vq_err(vq, "Failed to update avail event index at %p: %d\n",
2830 vhost_avail_event(vq), r);
2834 /* They could have slipped one in as we were doing that: make
2835 * sure it's written, then check again. */
2837 r = vhost_get_avail_idx(vq, &avail_idx);
2839 vq_err(vq, "Failed to check avail idx at %p: %d\n",
2840 &vq->avail->idx, r);
2843 vq->avail_idx = vhost16_to_cpu(vq, avail_idx);
2845 return vq->avail_idx != vq->last_avail_idx;
2847 EXPORT_SYMBOL_GPL(vhost_enable_notify);
2849 /* We don't need to be notified again. */
2850 void vhost_disable_notify(struct vhost_dev *dev, struct vhost_virtqueue *vq)
2854 if (vq->used_flags & VRING_USED_F_NO_NOTIFY)
2856 vq->used_flags |= VRING_USED_F_NO_NOTIFY;
2857 if (!vhost_has_feature(vq, VIRTIO_RING_F_EVENT_IDX)) {
2858 r = vhost_update_used_flags(vq);
2860 vq_err(vq, "Failed to disable notification at %p: %d\n",
2861 &vq->used->flags, r);
2864 EXPORT_SYMBOL_GPL(vhost_disable_notify);
2866 /* Create a new message. */
2867 struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
2869 /* Make sure all padding within the structure is initialized. */
2870 struct vhost_msg_node *node = kzalloc(sizeof(*node), GFP_KERNEL);
2875 node->msg.type = type;
2878 EXPORT_SYMBOL_GPL(vhost_new_msg);
2880 void vhost_enqueue_msg(struct vhost_dev *dev, struct list_head *head,
2881 struct vhost_msg_node *node)
2883 spin_lock(&dev->iotlb_lock);
2884 list_add_tail(&node->node, head);
2885 spin_unlock(&dev->iotlb_lock);
2887 wake_up_interruptible_poll(&dev->wait, EPOLLIN | EPOLLRDNORM);
2889 EXPORT_SYMBOL_GPL(vhost_enqueue_msg);
2891 struct vhost_msg_node *vhost_dequeue_msg(struct vhost_dev *dev,
2892 struct list_head *head)
2894 struct vhost_msg_node *node = NULL;
2896 spin_lock(&dev->iotlb_lock);
2897 if (!list_empty(head)) {
2898 node = list_first_entry(head, struct vhost_msg_node,
2900 list_del(&node->node);
2902 spin_unlock(&dev->iotlb_lock);
2906 EXPORT_SYMBOL_GPL(vhost_dequeue_msg);
2908 void vhost_set_backend_features(struct vhost_dev *dev, u64 features)
2910 struct vhost_virtqueue *vq;
2913 mutex_lock(&dev->mutex);
2914 for (i = 0; i < dev->nvqs; ++i) {
2916 mutex_lock(&vq->mutex);
2917 vq->acked_backend_features = features;
2918 mutex_unlock(&vq->mutex);
2920 mutex_unlock(&dev->mutex);
2922 EXPORT_SYMBOL_GPL(vhost_set_backend_features);
2924 static int __init vhost_init(void)
2929 static void __exit vhost_exit(void)
2933 module_init(vhost_init);
2934 module_exit(vhost_exit);
2936 MODULE_VERSION("0.0.1");
2937 MODULE_LICENSE("GPL v2");
2938 MODULE_AUTHOR("Michael S. Tsirkin");
2939 MODULE_DESCRIPTION("Host kernel accelerator for virtio");
projects / linux-2.6-block.git / blob