1 /* Copyright (C) 2009 Red Hat, Inc. 2 * Author: Michael S. Tsirkin <mst@redhat.com> 3 * 4 * This work is licensed under the terms of the GNU GPL, version 2. 5 * 6 * virtio-net server in host kernel. 7 */ 8 9 #include <linux/compat.h> 10 #include <linux/eventfd.h> 11 #include <linux/vhost.h> 12 #include <linux/virtio_net.h> 13 #include <linux/miscdevice.h> 14 #include <linux/module.h> 15 #include <linux/moduleparam.h> 16 #include <linux/mutex.h> 17 #include <linux/workqueue.h> 18 #include <linux/file.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 22 #include <linux/net.h> 23 #include <linux/if_packet.h> 24 #include <linux/if_arp.h> 25 #include <linux/if_tun.h> 26 #include <linux/if_macvlan.h> 27 #include <linux/if_vlan.h> 28 29 #include <net/sock.h> 30 31 #include "vhost.h" 32 33 static int experimental_zcopytx = 1; 34 module_param(experimental_zcopytx, int, 0444); 35 MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;" 36 " 1 -Enable; 0 - Disable"); 37 38 /* Max number of bytes transferred before requeueing the job. 39 * Using this limit prevents one virtqueue from starving others. */ 40 #define VHOST_NET_WEIGHT 0x80000 41 42 /* MAX number of TX used buffers for outstanding zerocopy */ 43 #define VHOST_MAX_PEND 128 44 #define VHOST_GOODCOPY_LEN 256 45 46 /* 47 * For transmit, used buffer len is unused; we override it to track buffer 48 * status internally; used for zerocopy tx only. 49 */ 50 /* Lower device DMA failed */ 51 #define VHOST_DMA_FAILED_LEN 3 52 /* Lower device DMA done */ 53 #define VHOST_DMA_DONE_LEN 2 54 /* Lower device DMA in progress */ 55 #define VHOST_DMA_IN_PROGRESS 1 56 /* Buffer unused */ 57 #define VHOST_DMA_CLEAR_LEN 0 58 59 #define VHOST_DMA_IS_DONE(len) ((len) >= VHOST_DMA_DONE_LEN) 60 61 enum { 62 VHOST_NET_FEATURES = VHOST_FEATURES | 63 (1ULL << VHOST_NET_F_VIRTIO_NET_HDR) | 64 (1ULL << VIRTIO_NET_F_MRG_RXBUF), 65 }; 66 67 enum { 68 VHOST_NET_VQ_RX = 0, 69 VHOST_NET_VQ_TX = 1, 70 VHOST_NET_VQ_MAX = 2, 71 }; 72 73 struct vhost_net_ubuf_ref { 74 /* refcount follows semantics similar to kref: 75 * 0: object is released 76 * 1: no outstanding ubufs 77 * >1: outstanding ubufs 78 */ 79 atomic_t refcount; 80 wait_queue_head_t wait; 81 struct vhost_virtqueue *vq; 82 }; 83 84 struct vhost_net_virtqueue { 85 struct vhost_virtqueue vq; 86 /* hdr is used to store the virtio header. 87 * Since each iovec has >= 1 byte length, we never need more than 88 * header length entries to store the header. */ 89 struct iovec hdr[sizeof(struct virtio_net_hdr_mrg_rxbuf)]; 90 size_t vhost_hlen; 91 size_t sock_hlen; 92 /* vhost zerocopy support fields below: */ 93 /* last used idx for outstanding DMA zerocopy buffers */ 94 int upend_idx; 95 /* first used idx for DMA done zerocopy buffers */ 96 int done_idx; 97 /* an array of userspace buffers info */ 98 struct ubuf_info *ubuf_info; 99 /* Reference counting for outstanding ubufs. 100 * Protected by vq mutex. Writers must also take device mutex. */ 101 struct vhost_net_ubuf_ref *ubufs; 102 }; 103 104 struct vhost_net { 105 struct vhost_dev dev; 106 struct vhost_net_virtqueue vqs[VHOST_NET_VQ_MAX]; 107 struct vhost_poll poll[VHOST_NET_VQ_MAX]; 108 /* Number of TX recently submitted. 109 * Protected by tx vq lock. */ 110 unsigned tx_packets; 111 /* Number of times zerocopy TX recently failed. 112 * Protected by tx vq lock. */ 113 unsigned tx_zcopy_err; 114 /* Flush in progress. Protected by tx vq lock. */ 115 bool tx_flush; 116 }; 117 118 static unsigned vhost_net_zcopy_mask __read_mostly; 119 120 static void vhost_net_enable_zcopy(int vq) 121 { 122 vhost_net_zcopy_mask |= 0x1 << vq; 123 } 124 125 static struct vhost_net_ubuf_ref * 126 vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) 127 { 128 struct vhost_net_ubuf_ref *ubufs; 129 /* No zero copy backend? Nothing to count. */ 130 if (!zcopy) 131 return NULL; 132 ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL); 133 if (!ubufs) 134 return ERR_PTR(-ENOMEM); 135 atomic_set(&ubufs->refcount, 1); 136 init_waitqueue_head(&ubufs->wait); 137 ubufs->vq = vq; 138 return ubufs; 139 } 140 141 static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs) 142 { 143 int r = atomic_sub_return(1, &ubufs->refcount); 144 if (unlikely(!r)) 145 wake_up(&ubufs->wait); 146 return r; 147 } 148 149 static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) 150 { 151 vhost_net_ubuf_put(ubufs); 152 wait_event(ubufs->wait, !atomic_read(&ubufs->refcount)); 153 } 154 155 static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) 156 { 157 vhost_net_ubuf_put_and_wait(ubufs); 158 kfree(ubufs); 159 } 160 161 static void vhost_net_clear_ubuf_info(struct vhost_net *n) 162 { 163 int i; 164 165 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 166 kfree(n->vqs[i].ubuf_info); 167 n->vqs[i].ubuf_info = NULL; 168 } 169 } 170 171 static int vhost_net_set_ubuf_info(struct vhost_net *n) 172 { 173 bool zcopy; 174 int i; 175 176 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 177 zcopy = vhost_net_zcopy_mask & (0x1 << i); 178 if (!zcopy) 179 continue; 180 n->vqs[i].ubuf_info = kmalloc(sizeof(*n->vqs[i].ubuf_info) * 181 UIO_MAXIOV, GFP_KERNEL); 182 if (!n->vqs[i].ubuf_info) 183 goto err; 184 } 185 return 0; 186 187 err: 188 vhost_net_clear_ubuf_info(n); 189 return -ENOMEM; 190 } 191 192 static void vhost_net_vq_reset(struct vhost_net *n) 193 { 194 int i; 195 196 vhost_net_clear_ubuf_info(n); 197 198 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 199 n->vqs[i].done_idx = 0; 200 n->vqs[i].upend_idx = 0; 201 n->vqs[i].ubufs = NULL; 202 n->vqs[i].vhost_hlen = 0; 203 n->vqs[i].sock_hlen = 0; 204 } 205 206 } 207 208 static void vhost_net_tx_packet(struct vhost_net *net) 209 { 210 ++net->tx_packets; 211 if (net->tx_packets < 1024) 212 return; 213 net->tx_packets = 0; 214 net->tx_zcopy_err = 0; 215 } 216 217 static void vhost_net_tx_err(struct vhost_net *net) 218 { 219 ++net->tx_zcopy_err; 220 } 221 222 static bool vhost_net_tx_select_zcopy(struct vhost_net *net) 223 { 224 /* TX flush waits for outstanding DMAs to be done. 225 * Don't start new DMAs. 226 */ 227 return !net->tx_flush && 228 net->tx_packets / 64 >= net->tx_zcopy_err; 229 } 230 231 static bool vhost_sock_zcopy(struct socket *sock) 232 { 233 return unlikely(experimental_zcopytx) && 234 sock_flag(sock->sk, SOCK_ZEROCOPY); 235 } 236 237 /* Pop first len bytes from iovec. Return number of segments used. */ 238 static int move_iovec_hdr(struct iovec *from, struct iovec *to, 239 size_t len, int iov_count) 240 { 241 int seg = 0; 242 size_t size; 243 244 while (len && seg < iov_count) { 245 size = min(from->iov_len, len); 246 to->iov_base = from->iov_base; 247 to->iov_len = size; 248 from->iov_len -= size; 249 from->iov_base += size; 250 len -= size; 251 ++from; 252 ++to; 253 ++seg; 254 } 255 return seg; 256 } 257 /* Copy iovec entries for len bytes from iovec. */ 258 static void copy_iovec_hdr(const struct iovec *from, struct iovec *to, 259 size_t len, int iovcount) 260 { 261 int seg = 0; 262 size_t size; 263 264 while (len && seg < iovcount) { 265 size = min(from->iov_len, len); 266 to->iov_base = from->iov_base; 267 to->iov_len = size; 268 len -= size; 269 ++from; 270 ++to; 271 ++seg; 272 } 273 } 274 275 /* In case of DMA done not in order in lower device driver for some reason. 276 * upend_idx is used to track end of used idx, done_idx is used to track head 277 * of used idx. Once lower device DMA done contiguously, we will signal KVM 278 * guest used idx. 279 */ 280 static void vhost_zerocopy_signal_used(struct vhost_net *net, 281 struct vhost_virtqueue *vq) 282 { 283 struct vhost_net_virtqueue *nvq = 284 container_of(vq, struct vhost_net_virtqueue, vq); 285 int i, add; 286 int j = 0; 287 288 for (i = nvq->done_idx; i != nvq->upend_idx; i = (i + 1) % UIO_MAXIOV) { 289 if (vq->heads[i].len == VHOST_DMA_FAILED_LEN) 290 vhost_net_tx_err(net); 291 if (VHOST_DMA_IS_DONE(vq->heads[i].len)) { 292 vq->heads[i].len = VHOST_DMA_CLEAR_LEN; 293 ++j; 294 } else 295 break; 296 } 297 while (j) { 298 add = min(UIO_MAXIOV - nvq->done_idx, j); 299 vhost_add_used_and_signal_n(vq->dev, vq, 300 &vq->heads[nvq->done_idx], add); 301 nvq->done_idx = (nvq->done_idx + add) % UIO_MAXIOV; 302 j -= add; 303 } 304 } 305 306 static void vhost_zerocopy_callback(struct ubuf_info *ubuf, bool success) 307 { 308 struct vhost_net_ubuf_ref *ubufs = ubuf->ctx; 309 struct vhost_virtqueue *vq = ubufs->vq; 310 int cnt; 311 312 rcu_read_lock_bh(); 313 314 /* set len to mark this desc buffers done DMA */ 315 vq->heads[ubuf->desc].len = success ? 316 VHOST_DMA_DONE_LEN : VHOST_DMA_FAILED_LEN; 317 cnt = vhost_net_ubuf_put(ubufs); 318 319 /* 320 * Trigger polling thread if guest stopped submitting new buffers: 321 * in this case, the refcount after decrement will eventually reach 1. 322 * We also trigger polling periodically after each 16 packets 323 * (the value 16 here is more or less arbitrary, it's tuned to trigger 324 * less than 10% of times). 325 */ 326 if (cnt <= 1 || !(cnt % 16)) 327 vhost_poll_queue(&vq->poll); 328 329 rcu_read_unlock_bh(); 330 } 331 332 /* Expects to be always run from workqueue - which acts as 333 * read-size critical section for our kind of RCU. */ 334 static void handle_tx(struct vhost_net *net) 335 { 336 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX]; 337 struct vhost_virtqueue *vq = &nvq->vq; 338 unsigned out, in, s; 339 int head; 340 struct msghdr msg = { 341 .msg_name = NULL, 342 .msg_namelen = 0, 343 .msg_control = NULL, 344 .msg_controllen = 0, 345 .msg_iov = vq->iov, 346 .msg_flags = MSG_DONTWAIT, 347 }; 348 size_t len, total_len = 0; 349 int err; 350 size_t hdr_size; 351 struct socket *sock; 352 struct vhost_net_ubuf_ref *uninitialized_var(ubufs); 353 bool zcopy, zcopy_used; 354 355 mutex_lock(&vq->mutex); 356 sock = vq->private_data; 357 if (!sock) 358 goto out; 359 360 vhost_disable_notify(&net->dev, vq); 361 362 hdr_size = nvq->vhost_hlen; 363 zcopy = nvq->ubufs; 364 365 for (;;) { 366 /* Release DMAs done buffers first */ 367 if (zcopy) 368 vhost_zerocopy_signal_used(net, vq); 369 370 /* If more outstanding DMAs, queue the work. 371 * Handle upend_idx wrap around 372 */ 373 if (unlikely((nvq->upend_idx + vq->num - VHOST_MAX_PEND) 374 % UIO_MAXIOV == nvq->done_idx)) 375 break; 376 377 head = vhost_get_vq_desc(vq, vq->iov, 378 ARRAY_SIZE(vq->iov), 379 &out, &in, 380 NULL, NULL); 381 /* On error, stop handling until the next kick. */ 382 if (unlikely(head < 0)) 383 break; 384 /* Nothing new? Wait for eventfd to tell us they refilled. */ 385 if (head == vq->num) { 386 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 387 vhost_disable_notify(&net->dev, vq); 388 continue; 389 } 390 break; 391 } 392 if (in) { 393 vq_err(vq, "Unexpected descriptor format for TX: " 394 "out %d, int %d\n", out, in); 395 break; 396 } 397 /* Skip header. TODO: support TSO. */ 398 s = move_iovec_hdr(vq->iov, nvq->hdr, hdr_size, out); 399 msg.msg_iovlen = out; 400 len = iov_length(vq->iov, out); 401 /* Sanity check */ 402 if (!len) { 403 vq_err(vq, "Unexpected header len for TX: " 404 "%zd expected %zd\n", 405 iov_length(nvq->hdr, s), hdr_size); 406 break; 407 } 408 409 zcopy_used = zcopy && len >= VHOST_GOODCOPY_LEN 410 && (nvq->upend_idx + 1) % UIO_MAXIOV != 411 nvq->done_idx 412 && vhost_net_tx_select_zcopy(net); 413 414 /* use msg_control to pass vhost zerocopy ubuf info to skb */ 415 if (zcopy_used) { 416 struct ubuf_info *ubuf; 417 ubuf = nvq->ubuf_info + nvq->upend_idx; 418 419 vq->heads[nvq->upend_idx].id = head; 420 vq->heads[nvq->upend_idx].len = VHOST_DMA_IN_PROGRESS; 421 ubuf->callback = vhost_zerocopy_callback; 422 ubuf->ctx = nvq->ubufs; 423 ubuf->desc = nvq->upend_idx; 424 msg.msg_control = ubuf; 425 msg.msg_controllen = sizeof(ubuf); 426 ubufs = nvq->ubufs; 427 atomic_inc(&ubufs->refcount); 428 nvq->upend_idx = (nvq->upend_idx + 1) % UIO_MAXIOV; 429 } else { 430 msg.msg_control = NULL; 431 ubufs = NULL; 432 } 433 /* TODO: Check specific error and bomb out unless ENOBUFS? */ 434 err = sock->ops->sendmsg(NULL, sock, &msg, len); 435 if (unlikely(err < 0)) { 436 if (zcopy_used) { 437 vhost_net_ubuf_put(ubufs); 438 nvq->upend_idx = ((unsigned)nvq->upend_idx - 1) 439 % UIO_MAXIOV; 440 } 441 vhost_discard_vq_desc(vq, 1); 442 break; 443 } 444 if (err != len) 445 pr_debug("Truncated TX packet: " 446 " len %d != %zd\n", err, len); 447 if (!zcopy_used) 448 vhost_add_used_and_signal(&net->dev, vq, head, 0); 449 else 450 vhost_zerocopy_signal_used(net, vq); 451 total_len += len; 452 vhost_net_tx_packet(net); 453 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 454 vhost_poll_queue(&vq->poll); 455 break; 456 } 457 } 458 out: 459 mutex_unlock(&vq->mutex); 460 } 461 462 static int peek_head_len(struct sock *sk) 463 { 464 struct sk_buff *head; 465 int len = 0; 466 unsigned long flags; 467 468 spin_lock_irqsave(&sk->sk_receive_queue.lock, flags); 469 head = skb_peek(&sk->sk_receive_queue); 470 if (likely(head)) { 471 len = head->len; 472 if (vlan_tx_tag_present(head)) 473 len += VLAN_HLEN; 474 } 475 476 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, flags); 477 return len; 478 } 479 480 /* This is a multi-buffer version of vhost_get_desc, that works if 481 * vq has read descriptors only. 482 * @vq - the relevant virtqueue 483 * @datalen - data length we'll be reading 484 * @iovcount - returned count of io vectors we fill 485 * @log - vhost log 486 * @log_num - log offset 487 * @quota - headcount quota, 1 for big buffer 488 * returns number of buffer heads allocated, negative on error 489 */ 490 static int get_rx_bufs(struct vhost_virtqueue *vq, 491 struct vring_used_elem *heads, 492 int datalen, 493 unsigned *iovcount, 494 struct vhost_log *log, 495 unsigned *log_num, 496 unsigned int quota) 497 { 498 unsigned int out, in; 499 int seg = 0; 500 int headcount = 0; 501 unsigned d; 502 int r, nlogs = 0; 503 504 while (datalen > 0 && headcount < quota) { 505 if (unlikely(seg >= UIO_MAXIOV)) { 506 r = -ENOBUFS; 507 goto err; 508 } 509 r = vhost_get_vq_desc(vq, vq->iov + seg, 510 ARRAY_SIZE(vq->iov) - seg, &out, 511 &in, log, log_num); 512 if (unlikely(r < 0)) 513 goto err; 514 515 d = r; 516 if (d == vq->num) { 517 r = 0; 518 goto err; 519 } 520 if (unlikely(out || in <= 0)) { 521 vq_err(vq, "unexpected descriptor format for RX: " 522 "out %d, in %d\n", out, in); 523 r = -EINVAL; 524 goto err; 525 } 526 if (unlikely(log)) { 527 nlogs += *log_num; 528 log += *log_num; 529 } 530 heads[headcount].id = d; 531 heads[headcount].len = iov_length(vq->iov + seg, in); 532 datalen -= heads[headcount].len; 533 ++headcount; 534 seg += in; 535 } 536 heads[headcount - 1].len += datalen; 537 *iovcount = seg; 538 if (unlikely(log)) 539 *log_num = nlogs; 540 541 /* Detect overrun */ 542 if (unlikely(datalen > 0)) { 543 r = UIO_MAXIOV + 1; 544 goto err; 545 } 546 return headcount; 547 err: 548 vhost_discard_vq_desc(vq, headcount); 549 return r; 550 } 551 552 /* Expects to be always run from workqueue - which acts as 553 * read-size critical section for our kind of RCU. */ 554 static void handle_rx(struct vhost_net *net) 555 { 556 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX]; 557 struct vhost_virtqueue *vq = &nvq->vq; 558 unsigned uninitialized_var(in), log; 559 struct vhost_log *vq_log; 560 struct msghdr msg = { 561 .msg_name = NULL, 562 .msg_namelen = 0, 563 .msg_control = NULL, /* FIXME: get and handle RX aux data. */ 564 .msg_controllen = 0, 565 .msg_iov = vq->iov, 566 .msg_flags = MSG_DONTWAIT, 567 }; 568 struct virtio_net_hdr_mrg_rxbuf hdr = { 569 .hdr.flags = 0, 570 .hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE 571 }; 572 size_t total_len = 0; 573 int err, mergeable; 574 s16 headcount; 575 size_t vhost_hlen, sock_hlen; 576 size_t vhost_len, sock_len; 577 struct socket *sock; 578 579 mutex_lock(&vq->mutex); 580 sock = vq->private_data; 581 if (!sock) 582 goto out; 583 vhost_disable_notify(&net->dev, vq); 584 585 vhost_hlen = nvq->vhost_hlen; 586 sock_hlen = nvq->sock_hlen; 587 588 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ? 589 vq->log : NULL; 590 mergeable = vhost_has_feature(vq, VIRTIO_NET_F_MRG_RXBUF); 591 592 while ((sock_len = peek_head_len(sock->sk))) { 593 sock_len += sock_hlen; 594 vhost_len = sock_len + vhost_hlen; 595 headcount = get_rx_bufs(vq, vq->heads, vhost_len, 596 &in, vq_log, &log, 597 likely(mergeable) ? UIO_MAXIOV : 1); 598 /* On error, stop handling until the next kick. */ 599 if (unlikely(headcount < 0)) 600 break; 601 /* On overrun, truncate and discard */ 602 if (unlikely(headcount > UIO_MAXIOV)) { 603 msg.msg_iovlen = 1; 604 err = sock->ops->recvmsg(NULL, sock, &msg, 605 1, MSG_DONTWAIT | MSG_TRUNC); 606 pr_debug("Discarded rx packet: len %zd\n", sock_len); 607 continue; 608 } 609 /* OK, now we need to know about added descriptors. */ 610 if (!headcount) { 611 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 612 /* They have slipped one in as we were 613 * doing that: check again. */ 614 vhost_disable_notify(&net->dev, vq); 615 continue; 616 } 617 /* Nothing new? Wait for eventfd to tell us 618 * they refilled. */ 619 break; 620 } 621 /* We don't need to be notified again. */ 622 if (unlikely((vhost_hlen))) 623 /* Skip header. TODO: support TSO. */ 624 move_iovec_hdr(vq->iov, nvq->hdr, vhost_hlen, in); 625 else 626 /* Copy the header for use in VIRTIO_NET_F_MRG_RXBUF: 627 * needed because recvmsg can modify msg_iov. */ 628 copy_iovec_hdr(vq->iov, nvq->hdr, sock_hlen, in); 629 msg.msg_iovlen = in; 630 err = sock->ops->recvmsg(NULL, sock, &msg, 631 sock_len, MSG_DONTWAIT | MSG_TRUNC); 632 /* Userspace might have consumed the packet meanwhile: 633 * it's not supposed to do this usually, but might be hard 634 * to prevent. Discard data we got (if any) and keep going. */ 635 if (unlikely(err != sock_len)) { 636 pr_debug("Discarded rx packet: " 637 " len %d, expected %zd\n", err, sock_len); 638 vhost_discard_vq_desc(vq, headcount); 639 continue; 640 } 641 if (unlikely(vhost_hlen) && 642 memcpy_toiovecend(nvq->hdr, (unsigned char *)&hdr, 0, 643 vhost_hlen)) { 644 vq_err(vq, "Unable to write vnet_hdr at addr %p\n", 645 vq->iov->iov_base); 646 break; 647 } 648 /* TODO: Should check and handle checksum. */ 649 if (likely(mergeable) && 650 memcpy_toiovecend(nvq->hdr, (unsigned char *)&headcount, 651 offsetof(typeof(hdr), num_buffers), 652 sizeof hdr.num_buffers)) { 653 vq_err(vq, "Failed num_buffers write"); 654 vhost_discard_vq_desc(vq, headcount); 655 break; 656 } 657 vhost_add_used_and_signal_n(&net->dev, vq, vq->heads, 658 headcount); 659 if (unlikely(vq_log)) 660 vhost_log_write(vq, vq_log, log, vhost_len); 661 total_len += vhost_len; 662 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 663 vhost_poll_queue(&vq->poll); 664 break; 665 } 666 } 667 out: 668 mutex_unlock(&vq->mutex); 669 } 670 671 static void handle_tx_kick(struct vhost_work *work) 672 { 673 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 674 poll.work); 675 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 676 677 handle_tx(net); 678 } 679 680 static void handle_rx_kick(struct vhost_work *work) 681 { 682 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 683 poll.work); 684 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 685 686 handle_rx(net); 687 } 688 689 static void handle_tx_net(struct vhost_work *work) 690 { 691 struct vhost_net *net = container_of(work, struct vhost_net, 692 poll[VHOST_NET_VQ_TX].work); 693 handle_tx(net); 694 } 695 696 static void handle_rx_net(struct vhost_work *work) 697 { 698 struct vhost_net *net = container_of(work, struct vhost_net, 699 poll[VHOST_NET_VQ_RX].work); 700 handle_rx(net); 701 } 702 703 static void vhost_net_free(void *addr) 704 { 705 if (is_vmalloc_addr(addr)) 706 vfree(addr); 707 else 708 kfree(addr); 709 } 710 711 static int vhost_net_open(struct inode *inode, struct file *f) 712 { 713 struct vhost_net *n; 714 struct vhost_dev *dev; 715 struct vhost_virtqueue **vqs; 716 int i; 717 718 n = kmalloc(sizeof *n, GFP_KERNEL | __GFP_NOWARN | __GFP_REPEAT); 719 if (!n) { 720 n = vmalloc(sizeof *n); 721 if (!n) 722 return -ENOMEM; 723 } 724 vqs = kmalloc(VHOST_NET_VQ_MAX * sizeof(*vqs), GFP_KERNEL); 725 if (!vqs) { 726 vhost_net_free(n); 727 return -ENOMEM; 728 } 729 730 dev = &n->dev; 731 vqs[VHOST_NET_VQ_TX] = &n->vqs[VHOST_NET_VQ_TX].vq; 732 vqs[VHOST_NET_VQ_RX] = &n->vqs[VHOST_NET_VQ_RX].vq; 733 n->vqs[VHOST_NET_VQ_TX].vq.handle_kick = handle_tx_kick; 734 n->vqs[VHOST_NET_VQ_RX].vq.handle_kick = handle_rx_kick; 735 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 736 n->vqs[i].ubufs = NULL; 737 n->vqs[i].ubuf_info = NULL; 738 n->vqs[i].upend_idx = 0; 739 n->vqs[i].done_idx = 0; 740 n->vqs[i].vhost_hlen = 0; 741 n->vqs[i].sock_hlen = 0; 742 } 743 vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX); 744 745 vhost_poll_init(n->poll + VHOST_NET_VQ_TX, handle_tx_net, POLLOUT, dev); 746 vhost_poll_init(n->poll + VHOST_NET_VQ_RX, handle_rx_net, POLLIN, dev); 747 748 f->private_data = n; 749 750 return 0; 751 } 752 753 static void vhost_net_disable_vq(struct vhost_net *n, 754 struct vhost_virtqueue *vq) 755 { 756 struct vhost_net_virtqueue *nvq = 757 container_of(vq, struct vhost_net_virtqueue, vq); 758 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 759 if (!vq->private_data) 760 return; 761 vhost_poll_stop(poll); 762 } 763 764 static int vhost_net_enable_vq(struct vhost_net *n, 765 struct vhost_virtqueue *vq) 766 { 767 struct vhost_net_virtqueue *nvq = 768 container_of(vq, struct vhost_net_virtqueue, vq); 769 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 770 struct socket *sock; 771 772 sock = vq->private_data; 773 if (!sock) 774 return 0; 775 776 return vhost_poll_start(poll, sock->file); 777 } 778 779 static struct socket *vhost_net_stop_vq(struct vhost_net *n, 780 struct vhost_virtqueue *vq) 781 { 782 struct socket *sock; 783 784 mutex_lock(&vq->mutex); 785 sock = vq->private_data; 786 vhost_net_disable_vq(n, vq); 787 vq->private_data = NULL; 788 mutex_unlock(&vq->mutex); 789 return sock; 790 } 791 792 static void vhost_net_stop(struct vhost_net *n, struct socket **tx_sock, 793 struct socket **rx_sock) 794 { 795 *tx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_TX].vq); 796 *rx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_RX].vq); 797 } 798 799 static void vhost_net_flush_vq(struct vhost_net *n, int index) 800 { 801 vhost_poll_flush(n->poll + index); 802 vhost_poll_flush(&n->vqs[index].vq.poll); 803 } 804 805 static void vhost_net_flush(struct vhost_net *n) 806 { 807 vhost_net_flush_vq(n, VHOST_NET_VQ_TX); 808 vhost_net_flush_vq(n, VHOST_NET_VQ_RX); 809 if (n->vqs[VHOST_NET_VQ_TX].ubufs) { 810 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 811 n->tx_flush = true; 812 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 813 /* Wait for all lower device DMAs done. */ 814 vhost_net_ubuf_put_and_wait(n->vqs[VHOST_NET_VQ_TX].ubufs); 815 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 816 n->tx_flush = false; 817 atomic_set(&n->vqs[VHOST_NET_VQ_TX].ubufs->refcount, 1); 818 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 819 } 820 } 821 822 static int vhost_net_release(struct inode *inode, struct file *f) 823 { 824 struct vhost_net *n = f->private_data; 825 struct socket *tx_sock; 826 struct socket *rx_sock; 827 828 vhost_net_stop(n, &tx_sock, &rx_sock); 829 vhost_net_flush(n); 830 vhost_dev_stop(&n->dev); 831 vhost_dev_cleanup(&n->dev, false); 832 vhost_net_vq_reset(n); 833 if (tx_sock) 834 sockfd_put(tx_sock); 835 if (rx_sock) 836 sockfd_put(rx_sock); 837 /* Make sure no callbacks are outstanding */ 838 synchronize_rcu_bh(); 839 /* We do an extra flush before freeing memory, 840 * since jobs can re-queue themselves. */ 841 vhost_net_flush(n); 842 kfree(n->dev.vqs); 843 vhost_net_free(n); 844 return 0; 845 } 846 847 static struct socket *get_raw_socket(int fd) 848 { 849 struct { 850 struct sockaddr_ll sa; 851 char buf[MAX_ADDR_LEN]; 852 } uaddr; 853 int uaddr_len = sizeof uaddr, r; 854 struct socket *sock = sockfd_lookup(fd, &r); 855 856 if (!sock) 857 return ERR_PTR(-ENOTSOCK); 858 859 /* Parameter checking */ 860 if (sock->sk->sk_type != SOCK_RAW) { 861 r = -ESOCKTNOSUPPORT; 862 goto err; 863 } 864 865 r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, 866 &uaddr_len, 0); 867 if (r) 868 goto err; 869 870 if (uaddr.sa.sll_family != AF_PACKET) { 871 r = -EPFNOSUPPORT; 872 goto err; 873 } 874 return sock; 875 err: 876 sockfd_put(sock); 877 return ERR_PTR(r); 878 } 879 880 static struct socket *get_tap_socket(int fd) 881 { 882 struct file *file = fget(fd); 883 struct socket *sock; 884 885 if (!file) 886 return ERR_PTR(-EBADF); 887 sock = tun_get_socket(file); 888 if (!IS_ERR(sock)) 889 return sock; 890 sock = macvtap_get_socket(file); 891 if (IS_ERR(sock)) 892 fput(file); 893 return sock; 894 } 895 896 static struct socket *get_socket(int fd) 897 { 898 struct socket *sock; 899 900 /* special case to disable backend */ 901 if (fd == -1) 902 return NULL; 903 sock = get_raw_socket(fd); 904 if (!IS_ERR(sock)) 905 return sock; 906 sock = get_tap_socket(fd); 907 if (!IS_ERR(sock)) 908 return sock; 909 return ERR_PTR(-ENOTSOCK); 910 } 911 912 static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) 913 { 914 struct socket *sock, *oldsock; 915 struct vhost_virtqueue *vq; 916 struct vhost_net_virtqueue *nvq; 917 struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL; 918 int r; 919 920 mutex_lock(&n->dev.mutex); 921 r = vhost_dev_check_owner(&n->dev); 922 if (r) 923 goto err; 924 925 if (index >= VHOST_NET_VQ_MAX) { 926 r = -ENOBUFS; 927 goto err; 928 } 929 vq = &n->vqs[index].vq; 930 nvq = &n->vqs[index]; 931 mutex_lock(&vq->mutex); 932 933 /* Verify that ring has been setup correctly. */ 934 if (!vhost_vq_access_ok(vq)) { 935 r = -EFAULT; 936 goto err_vq; 937 } 938 sock = get_socket(fd); 939 if (IS_ERR(sock)) { 940 r = PTR_ERR(sock); 941 goto err_vq; 942 } 943 944 /* start polling new socket */ 945 oldsock = vq->private_data; 946 if (sock != oldsock) { 947 ubufs = vhost_net_ubuf_alloc(vq, 948 sock && vhost_sock_zcopy(sock)); 949 if (IS_ERR(ubufs)) { 950 r = PTR_ERR(ubufs); 951 goto err_ubufs; 952 } 953 954 vhost_net_disable_vq(n, vq); 955 vq->private_data = sock; 956 r = vhost_init_used(vq); 957 if (r) 958 goto err_used; 959 r = vhost_net_enable_vq(n, vq); 960 if (r) 961 goto err_used; 962 963 oldubufs = nvq->ubufs; 964 nvq->ubufs = ubufs; 965 966 n->tx_packets = 0; 967 n->tx_zcopy_err = 0; 968 n->tx_flush = false; 969 } 970 971 mutex_unlock(&vq->mutex); 972 973 if (oldubufs) { 974 vhost_net_ubuf_put_wait_and_free(oldubufs); 975 mutex_lock(&vq->mutex); 976 vhost_zerocopy_signal_used(n, vq); 977 mutex_unlock(&vq->mutex); 978 } 979 980 if (oldsock) { 981 vhost_net_flush_vq(n, index); 982 sockfd_put(oldsock); 983 } 984 985 mutex_unlock(&n->dev.mutex); 986 return 0; 987 988 err_used: 989 vq->private_data = oldsock; 990 vhost_net_enable_vq(n, vq); 991 if (ubufs) 992 vhost_net_ubuf_put_wait_and_free(ubufs); 993 err_ubufs: 994 sockfd_put(sock); 995 err_vq: 996 mutex_unlock(&vq->mutex); 997 err: 998 mutex_unlock(&n->dev.mutex); 999 return r; 1000 } 1001 1002 static long vhost_net_reset_owner(struct vhost_net *n) 1003 { 1004 struct socket *tx_sock = NULL; 1005 struct socket *rx_sock = NULL; 1006 long err; 1007 struct vhost_memory *memory; 1008 1009 mutex_lock(&n->dev.mutex); 1010 err = vhost_dev_check_owner(&n->dev); 1011 if (err) 1012 goto done; 1013 memory = vhost_dev_reset_owner_prepare(); 1014 if (!memory) { 1015 err = -ENOMEM; 1016 goto done; 1017 } 1018 vhost_net_stop(n, &tx_sock, &rx_sock); 1019 vhost_net_flush(n); 1020 vhost_dev_reset_owner(&n->dev, memory); 1021 vhost_net_vq_reset(n); 1022 done: 1023 mutex_unlock(&n->dev.mutex); 1024 if (tx_sock) 1025 sockfd_put(tx_sock); 1026 if (rx_sock) 1027 sockfd_put(rx_sock); 1028 return err; 1029 } 1030 1031 static int vhost_net_set_features(struct vhost_net *n, u64 features) 1032 { 1033 size_t vhost_hlen, sock_hlen, hdr_len; 1034 int i; 1035 1036 hdr_len = (features & (1 << VIRTIO_NET_F_MRG_RXBUF)) ? 1037 sizeof(struct virtio_net_hdr_mrg_rxbuf) : 1038 sizeof(struct virtio_net_hdr); 1039 if (features & (1 << VHOST_NET_F_VIRTIO_NET_HDR)) { 1040 /* vhost provides vnet_hdr */ 1041 vhost_hlen = hdr_len; 1042 sock_hlen = 0; 1043 } else { 1044 /* socket provides vnet_hdr */ 1045 vhost_hlen = 0; 1046 sock_hlen = hdr_len; 1047 } 1048 mutex_lock(&n->dev.mutex); 1049 if ((features & (1 << VHOST_F_LOG_ALL)) && 1050 !vhost_log_access_ok(&n->dev)) { 1051 mutex_unlock(&n->dev.mutex); 1052 return -EFAULT; 1053 } 1054 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 1055 mutex_lock(&n->vqs[i].vq.mutex); 1056 n->vqs[i].vq.acked_features = features; 1057 n->vqs[i].vhost_hlen = vhost_hlen; 1058 n->vqs[i].sock_hlen = sock_hlen; 1059 mutex_unlock(&n->vqs[i].vq.mutex); 1060 } 1061 mutex_unlock(&n->dev.mutex); 1062 return 0; 1063 } 1064 1065 static long vhost_net_set_owner(struct vhost_net *n) 1066 { 1067 int r; 1068 1069 mutex_lock(&n->dev.mutex); 1070 if (vhost_dev_has_owner(&n->dev)) { 1071 r = -EBUSY; 1072 goto out; 1073 } 1074 r = vhost_net_set_ubuf_info(n); 1075 if (r) 1076 goto out; 1077 r = vhost_dev_set_owner(&n->dev); 1078 if (r) 1079 vhost_net_clear_ubuf_info(n); 1080 vhost_net_flush(n); 1081 out: 1082 mutex_unlock(&n->dev.mutex); 1083 return r; 1084 } 1085 1086 static long vhost_net_ioctl(struct file *f, unsigned int ioctl, 1087 unsigned long arg) 1088 { 1089 struct vhost_net *n = f->private_data; 1090 void __user *argp = (void __user *)arg; 1091 u64 __user *featurep = argp; 1092 struct vhost_vring_file backend; 1093 u64 features; 1094 int r; 1095 1096 switch (ioctl) { 1097 case VHOST_NET_SET_BACKEND: 1098 if (copy_from_user(&backend, argp, sizeof backend)) 1099 return -EFAULT; 1100 return vhost_net_set_backend(n, backend.index, backend.fd); 1101 case VHOST_GET_FEATURES: 1102 features = VHOST_NET_FEATURES; 1103 if (copy_to_user(featurep, &features, sizeof features)) 1104 return -EFAULT; 1105 return 0; 1106 case VHOST_SET_FEATURES: 1107 if (copy_from_user(&features, featurep, sizeof features)) 1108 return -EFAULT; 1109 if (features & ~VHOST_NET_FEATURES) 1110 return -EOPNOTSUPP; 1111 return vhost_net_set_features(n, features); 1112 case VHOST_RESET_OWNER: 1113 return vhost_net_reset_owner(n); 1114 case VHOST_SET_OWNER: 1115 return vhost_net_set_owner(n); 1116 default: 1117 mutex_lock(&n->dev.mutex); 1118 r = vhost_dev_ioctl(&n->dev, ioctl, argp); 1119 if (r == -ENOIOCTLCMD) 1120 r = vhost_vring_ioctl(&n->dev, ioctl, argp); 1121 else 1122 vhost_net_flush(n); 1123 mutex_unlock(&n->dev.mutex); 1124 return r; 1125 } 1126 } 1127 1128 #ifdef CONFIG_COMPAT 1129 static long vhost_net_compat_ioctl(struct file *f, unsigned int ioctl, 1130 unsigned long arg) 1131 { 1132 return vhost_net_ioctl(f, ioctl, (unsigned long)compat_ptr(arg)); 1133 } 1134 #endif 1135 1136 static const struct file_operations vhost_net_fops = { 1137 .owner = THIS_MODULE, 1138 .release = vhost_net_release, 1139 .unlocked_ioctl = vhost_net_ioctl, 1140 #ifdef CONFIG_COMPAT 1141 .compat_ioctl = vhost_net_compat_ioctl, 1142 #endif 1143 .open = vhost_net_open, 1144 .llseek = noop_llseek, 1145 }; 1146 1147 static struct miscdevice vhost_net_misc = { 1148 .minor = VHOST_NET_MINOR, 1149 .name = "vhost-net", 1150 .fops = &vhost_net_fops, 1151 }; 1152 1153 static int vhost_net_init(void) 1154 { 1155 if (experimental_zcopytx) 1156 vhost_net_enable_zcopy(VHOST_NET_VQ_TX); 1157 return misc_register(&vhost_net_misc); 1158 } 1159 module_init(vhost_net_init); 1160 1161 static void vhost_net_exit(void) 1162 { 1163 misc_deregister(&vhost_net_misc); 1164 } 1165 module_exit(vhost_net_exit); 1166 1167 MODULE_VERSION("0.0.1"); 1168 MODULE_LICENSE("GPL v2"); 1169 MODULE_AUTHOR("Michael S. Tsirkin"); 1170 MODULE_DESCRIPTION("Host kernel accelerator for virtio net"); 1171 MODULE_ALIAS_MISCDEV(VHOST_NET_MINOR); 1172 MODULE_ALIAS("devname:vhost-net"); 1173