1 /* Copyright (C) 2009 Red Hat, Inc. 2 * Author: Michael S. Tsirkin <mst@redhat.com> 3 * 4 * This work is licensed under the terms of the GNU GPL, version 2. 5 * 6 * virtio-net server in host kernel. 7 */ 8 9 #include <linux/compat.h> 10 #include <linux/eventfd.h> 11 #include <linux/vhost.h> 12 #include <linux/virtio_net.h> 13 #include <linux/miscdevice.h> 14 #include <linux/module.h> 15 #include <linux/moduleparam.h> 16 #include <linux/mutex.h> 17 #include <linux/workqueue.h> 18 #include <linux/file.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 22 #include <linux/net.h> 23 #include <linux/if_packet.h> 24 #include <linux/if_arp.h> 25 #include <linux/if_tun.h> 26 #include <linux/if_macvlan.h> 27 #include <linux/if_vlan.h> 28 29 #include <net/sock.h> 30 31 #include "vhost.h" 32 33 static int experimental_zcopytx = 1; 34 module_param(experimental_zcopytx, int, 0444); 35 MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;" 36 " 1 -Enable; 0 - Disable"); 37 38 /* Max number of bytes transferred before requeueing the job. 39 * Using this limit prevents one virtqueue from starving others. */ 40 #define VHOST_NET_WEIGHT 0x80000 41 42 /* MAX number of TX used buffers for outstanding zerocopy */ 43 #define VHOST_MAX_PEND 128 44 #define VHOST_GOODCOPY_LEN 256 45 46 /* 47 * For transmit, used buffer len is unused; we override it to track buffer 48 * status internally; used for zerocopy tx only. 49 */ 50 /* Lower device DMA failed */ 51 #define VHOST_DMA_FAILED_LEN ((__force __virtio32)3) 52 /* Lower device DMA done */ 53 #define VHOST_DMA_DONE_LEN ((__force __virtio32)2) 54 /* Lower device DMA in progress */ 55 #define VHOST_DMA_IN_PROGRESS ((__force __virtio32)1) 56 /* Buffer unused */ 57 #define VHOST_DMA_CLEAR_LEN ((__force __virtio32)0) 58 59 #define VHOST_DMA_IS_DONE(len) ((__force u32)(len) >= (__force u32)VHOST_DMA_DONE_LEN) 60 61 enum { 62 VHOST_NET_FEATURES = VHOST_FEATURES | 63 (1ULL << VHOST_NET_F_VIRTIO_NET_HDR) | 64 (1ULL << VIRTIO_NET_F_MRG_RXBUF) | 65 (1ULL << VIRTIO_F_VERSION_1), 66 }; 67 68 enum { 69 VHOST_NET_VQ_RX = 0, 70 VHOST_NET_VQ_TX = 1, 71 VHOST_NET_VQ_MAX = 2, 72 }; 73 74 struct vhost_net_ubuf_ref { 75 /* refcount follows semantics similar to kref: 76 * 0: object is released 77 * 1: no outstanding ubufs 78 * >1: outstanding ubufs 79 */ 80 atomic_t refcount; 81 wait_queue_head_t wait; 82 struct vhost_virtqueue *vq; 83 }; 84 85 struct vhost_net_virtqueue { 86 struct vhost_virtqueue vq; 87 /* hdr is used to store the virtio header. 88 * Since each iovec has >= 1 byte length, we never need more than 89 * header length entries to store the header. */ 90 struct iovec hdr[sizeof(struct virtio_net_hdr_mrg_rxbuf)]; 91 size_t vhost_hlen; 92 size_t sock_hlen; 93 /* vhost zerocopy support fields below: */ 94 /* last used idx for outstanding DMA zerocopy buffers */ 95 int upend_idx; 96 /* first used idx for DMA done zerocopy buffers */ 97 int done_idx; 98 /* an array of userspace buffers info */ 99 struct ubuf_info *ubuf_info; 100 /* Reference counting for outstanding ubufs. 101 * Protected by vq mutex. Writers must also take device mutex. */ 102 struct vhost_net_ubuf_ref *ubufs; 103 }; 104 105 struct vhost_net { 106 struct vhost_dev dev; 107 struct vhost_net_virtqueue vqs[VHOST_NET_VQ_MAX]; 108 struct vhost_poll poll[VHOST_NET_VQ_MAX]; 109 /* Number of TX recently submitted. 110 * Protected by tx vq lock. */ 111 unsigned tx_packets; 112 /* Number of times zerocopy TX recently failed. 113 * Protected by tx vq lock. */ 114 unsigned tx_zcopy_err; 115 /* Flush in progress. Protected by tx vq lock. */ 116 bool tx_flush; 117 }; 118 119 static unsigned vhost_net_zcopy_mask __read_mostly; 120 121 static void vhost_net_enable_zcopy(int vq) 122 { 123 vhost_net_zcopy_mask |= 0x1 << vq; 124 } 125 126 static struct vhost_net_ubuf_ref * 127 vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) 128 { 129 struct vhost_net_ubuf_ref *ubufs; 130 /* No zero copy backend? Nothing to count. */ 131 if (!zcopy) 132 return NULL; 133 ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL); 134 if (!ubufs) 135 return ERR_PTR(-ENOMEM); 136 atomic_set(&ubufs->refcount, 1); 137 init_waitqueue_head(&ubufs->wait); 138 ubufs->vq = vq; 139 return ubufs; 140 } 141 142 static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs) 143 { 144 int r = atomic_sub_return(1, &ubufs->refcount); 145 if (unlikely(!r)) 146 wake_up(&ubufs->wait); 147 return r; 148 } 149 150 static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) 151 { 152 vhost_net_ubuf_put(ubufs); 153 wait_event(ubufs->wait, !atomic_read(&ubufs->refcount)); 154 } 155 156 static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) 157 { 158 vhost_net_ubuf_put_and_wait(ubufs); 159 kfree(ubufs); 160 } 161 162 static void vhost_net_clear_ubuf_info(struct vhost_net *n) 163 { 164 int i; 165 166 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 167 kfree(n->vqs[i].ubuf_info); 168 n->vqs[i].ubuf_info = NULL; 169 } 170 } 171 172 static int vhost_net_set_ubuf_info(struct vhost_net *n) 173 { 174 bool zcopy; 175 int i; 176 177 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 178 zcopy = vhost_net_zcopy_mask & (0x1 << i); 179 if (!zcopy) 180 continue; 181 n->vqs[i].ubuf_info = kmalloc(sizeof(*n->vqs[i].ubuf_info) * 182 UIO_MAXIOV, GFP_KERNEL); 183 if (!n->vqs[i].ubuf_info) 184 goto err; 185 } 186 return 0; 187 188 err: 189 vhost_net_clear_ubuf_info(n); 190 return -ENOMEM; 191 } 192 193 static void vhost_net_vq_reset(struct vhost_net *n) 194 { 195 int i; 196 197 vhost_net_clear_ubuf_info(n); 198 199 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 200 n->vqs[i].done_idx = 0; 201 n->vqs[i].upend_idx = 0; 202 n->vqs[i].ubufs = NULL; 203 n->vqs[i].vhost_hlen = 0; 204 n->vqs[i].sock_hlen = 0; 205 } 206 207 } 208 209 static void vhost_net_tx_packet(struct vhost_net *net) 210 { 211 ++net->tx_packets; 212 if (net->tx_packets < 1024) 213 return; 214 net->tx_packets = 0; 215 net->tx_zcopy_err = 0; 216 } 217 218 static void vhost_net_tx_err(struct vhost_net *net) 219 { 220 ++net->tx_zcopy_err; 221 } 222 223 static bool vhost_net_tx_select_zcopy(struct vhost_net *net) 224 { 225 /* TX flush waits for outstanding DMAs to be done. 226 * Don't start new DMAs. 227 */ 228 return !net->tx_flush && 229 net->tx_packets / 64 >= net->tx_zcopy_err; 230 } 231 232 static bool vhost_sock_zcopy(struct socket *sock) 233 { 234 return unlikely(experimental_zcopytx) && 235 sock_flag(sock->sk, SOCK_ZEROCOPY); 236 } 237 238 /* Pop first len bytes from iovec. Return number of segments used. */ 239 static int move_iovec_hdr(struct iovec *from, struct iovec *to, 240 size_t len, int iov_count) 241 { 242 int seg = 0; 243 size_t size; 244 245 while (len && seg < iov_count) { 246 size = min(from->iov_len, len); 247 to->iov_base = from->iov_base; 248 to->iov_len = size; 249 from->iov_len -= size; 250 from->iov_base += size; 251 len -= size; 252 ++from; 253 ++to; 254 ++seg; 255 } 256 return seg; 257 } 258 /* Copy iovec entries for len bytes from iovec. */ 259 static void copy_iovec_hdr(const struct iovec *from, struct iovec *to, 260 size_t len, int iovcount) 261 { 262 int seg = 0; 263 size_t size; 264 265 while (len && seg < iovcount) { 266 size = min(from->iov_len, len); 267 to->iov_base = from->iov_base; 268 to->iov_len = size; 269 len -= size; 270 ++from; 271 ++to; 272 ++seg; 273 } 274 } 275 276 /* In case of DMA done not in order in lower device driver for some reason. 277 * upend_idx is used to track end of used idx, done_idx is used to track head 278 * of used idx. Once lower device DMA done contiguously, we will signal KVM 279 * guest used idx. 280 */ 281 static void vhost_zerocopy_signal_used(struct vhost_net *net, 282 struct vhost_virtqueue *vq) 283 { 284 struct vhost_net_virtqueue *nvq = 285 container_of(vq, struct vhost_net_virtqueue, vq); 286 int i, add; 287 int j = 0; 288 289 for (i = nvq->done_idx; i != nvq->upend_idx; i = (i + 1) % UIO_MAXIOV) { 290 if (vq->heads[i].len == VHOST_DMA_FAILED_LEN) 291 vhost_net_tx_err(net); 292 if (VHOST_DMA_IS_DONE(vq->heads[i].len)) { 293 vq->heads[i].len = VHOST_DMA_CLEAR_LEN; 294 ++j; 295 } else 296 break; 297 } 298 while (j) { 299 add = min(UIO_MAXIOV - nvq->done_idx, j); 300 vhost_add_used_and_signal_n(vq->dev, vq, 301 &vq->heads[nvq->done_idx], add); 302 nvq->done_idx = (nvq->done_idx + add) % UIO_MAXIOV; 303 j -= add; 304 } 305 } 306 307 static void vhost_zerocopy_callback(struct ubuf_info *ubuf, bool success) 308 { 309 struct vhost_net_ubuf_ref *ubufs = ubuf->ctx; 310 struct vhost_virtqueue *vq = ubufs->vq; 311 int cnt; 312 313 rcu_read_lock_bh(); 314 315 /* set len to mark this desc buffers done DMA */ 316 vq->heads[ubuf->desc].len = success ? 317 VHOST_DMA_DONE_LEN : VHOST_DMA_FAILED_LEN; 318 cnt = vhost_net_ubuf_put(ubufs); 319 320 /* 321 * Trigger polling thread if guest stopped submitting new buffers: 322 * in this case, the refcount after decrement will eventually reach 1. 323 * We also trigger polling periodically after each 16 packets 324 * (the value 16 here is more or less arbitrary, it's tuned to trigger 325 * less than 10% of times). 326 */ 327 if (cnt <= 1 || !(cnt % 16)) 328 vhost_poll_queue(&vq->poll); 329 330 rcu_read_unlock_bh(); 331 } 332 333 /* Expects to be always run from workqueue - which acts as 334 * read-size critical section for our kind of RCU. */ 335 static void handle_tx(struct vhost_net *net) 336 { 337 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX]; 338 struct vhost_virtqueue *vq = &nvq->vq; 339 unsigned out, in, s; 340 int head; 341 struct msghdr msg = { 342 .msg_name = NULL, 343 .msg_namelen = 0, 344 .msg_control = NULL, 345 .msg_controllen = 0, 346 .msg_flags = MSG_DONTWAIT, 347 }; 348 size_t len, total_len = 0; 349 int err; 350 size_t hdr_size; 351 struct socket *sock; 352 struct vhost_net_ubuf_ref *uninitialized_var(ubufs); 353 bool zcopy, zcopy_used; 354 355 mutex_lock(&vq->mutex); 356 sock = vq->private_data; 357 if (!sock) 358 goto out; 359 360 vhost_disable_notify(&net->dev, vq); 361 362 hdr_size = nvq->vhost_hlen; 363 zcopy = nvq->ubufs; 364 365 for (;;) { 366 /* Release DMAs done buffers first */ 367 if (zcopy) 368 vhost_zerocopy_signal_used(net, vq); 369 370 /* If more outstanding DMAs, queue the work. 371 * Handle upend_idx wrap around 372 */ 373 if (unlikely((nvq->upend_idx + vq->num - VHOST_MAX_PEND) 374 % UIO_MAXIOV == nvq->done_idx)) 375 break; 376 377 head = vhost_get_vq_desc(vq, vq->iov, 378 ARRAY_SIZE(vq->iov), 379 &out, &in, 380 NULL, NULL); 381 /* On error, stop handling until the next kick. */ 382 if (unlikely(head < 0)) 383 break; 384 /* Nothing new? Wait for eventfd to tell us they refilled. */ 385 if (head == vq->num) { 386 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 387 vhost_disable_notify(&net->dev, vq); 388 continue; 389 } 390 break; 391 } 392 if (in) { 393 vq_err(vq, "Unexpected descriptor format for TX: " 394 "out %d, int %d\n", out, in); 395 break; 396 } 397 /* Skip header. TODO: support TSO. */ 398 s = move_iovec_hdr(vq->iov, nvq->hdr, hdr_size, out); 399 len = iov_length(vq->iov, out); 400 iov_iter_init(&msg.msg_iter, WRITE, vq->iov, out, len); 401 /* Sanity check */ 402 if (!len) { 403 vq_err(vq, "Unexpected header len for TX: " 404 "%zd expected %zd\n", 405 iov_length(nvq->hdr, s), hdr_size); 406 break; 407 } 408 409 zcopy_used = zcopy && len >= VHOST_GOODCOPY_LEN 410 && (nvq->upend_idx + 1) % UIO_MAXIOV != 411 nvq->done_idx 412 && vhost_net_tx_select_zcopy(net); 413 414 /* use msg_control to pass vhost zerocopy ubuf info to skb */ 415 if (zcopy_used) { 416 struct ubuf_info *ubuf; 417 ubuf = nvq->ubuf_info + nvq->upend_idx; 418 419 vq->heads[nvq->upend_idx].id = cpu_to_vhost32(vq, head); 420 vq->heads[nvq->upend_idx].len = VHOST_DMA_IN_PROGRESS; 421 ubuf->callback = vhost_zerocopy_callback; 422 ubuf->ctx = nvq->ubufs; 423 ubuf->desc = nvq->upend_idx; 424 msg.msg_control = ubuf; 425 msg.msg_controllen = sizeof(ubuf); 426 ubufs = nvq->ubufs; 427 atomic_inc(&ubufs->refcount); 428 nvq->upend_idx = (nvq->upend_idx + 1) % UIO_MAXIOV; 429 } else { 430 msg.msg_control = NULL; 431 ubufs = NULL; 432 } 433 /* TODO: Check specific error and bomb out unless ENOBUFS? */ 434 err = sock->ops->sendmsg(NULL, sock, &msg, len); 435 if (unlikely(err < 0)) { 436 if (zcopy_used) { 437 vhost_net_ubuf_put(ubufs); 438 nvq->upend_idx = ((unsigned)nvq->upend_idx - 1) 439 % UIO_MAXIOV; 440 } 441 vhost_discard_vq_desc(vq, 1); 442 break; 443 } 444 if (err != len) 445 pr_debug("Truncated TX packet: " 446 " len %d != %zd\n", err, len); 447 if (!zcopy_used) 448 vhost_add_used_and_signal(&net->dev, vq, head, 0); 449 else 450 vhost_zerocopy_signal_used(net, vq); 451 total_len += len; 452 vhost_net_tx_packet(net); 453 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 454 vhost_poll_queue(&vq->poll); 455 break; 456 } 457 } 458 out: 459 mutex_unlock(&vq->mutex); 460 } 461 462 static int peek_head_len(struct sock *sk) 463 { 464 struct sk_buff *head; 465 int len = 0; 466 unsigned long flags; 467 468 spin_lock_irqsave(&sk->sk_receive_queue.lock, flags); 469 head = skb_peek(&sk->sk_receive_queue); 470 if (likely(head)) { 471 len = head->len; 472 if (vlan_tx_tag_present(head)) 473 len += VLAN_HLEN; 474 } 475 476 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, flags); 477 return len; 478 } 479 480 /* This is a multi-buffer version of vhost_get_desc, that works if 481 * vq has read descriptors only. 482 * @vq - the relevant virtqueue 483 * @datalen - data length we'll be reading 484 * @iovcount - returned count of io vectors we fill 485 * @log - vhost log 486 * @log_num - log offset 487 * @quota - headcount quota, 1 for big buffer 488 * returns number of buffer heads allocated, negative on error 489 */ 490 static int get_rx_bufs(struct vhost_virtqueue *vq, 491 struct vring_used_elem *heads, 492 int datalen, 493 unsigned *iovcount, 494 struct vhost_log *log, 495 unsigned *log_num, 496 unsigned int quota) 497 { 498 unsigned int out, in; 499 int seg = 0; 500 int headcount = 0; 501 unsigned d; 502 int r, nlogs = 0; 503 /* len is always initialized before use since we are always called with 504 * datalen > 0. 505 */ 506 u32 uninitialized_var(len); 507 508 while (datalen > 0 && headcount < quota) { 509 if (unlikely(seg >= UIO_MAXIOV)) { 510 r = -ENOBUFS; 511 goto err; 512 } 513 r = vhost_get_vq_desc(vq, vq->iov + seg, 514 ARRAY_SIZE(vq->iov) - seg, &out, 515 &in, log, log_num); 516 if (unlikely(r < 0)) 517 goto err; 518 519 d = r; 520 if (d == vq->num) { 521 r = 0; 522 goto err; 523 } 524 if (unlikely(out || in <= 0)) { 525 vq_err(vq, "unexpected descriptor format for RX: " 526 "out %d, in %d\n", out, in); 527 r = -EINVAL; 528 goto err; 529 } 530 if (unlikely(log)) { 531 nlogs += *log_num; 532 log += *log_num; 533 } 534 heads[headcount].id = cpu_to_vhost32(vq, d); 535 len = iov_length(vq->iov + seg, in); 536 heads[headcount].len = cpu_to_vhost32(vq, len); 537 datalen -= len; 538 ++headcount; 539 seg += in; 540 } 541 heads[headcount - 1].len = cpu_to_vhost32(vq, len + datalen); 542 *iovcount = seg; 543 if (unlikely(log)) 544 *log_num = nlogs; 545 546 /* Detect overrun */ 547 if (unlikely(datalen > 0)) { 548 r = UIO_MAXIOV + 1; 549 goto err; 550 } 551 return headcount; 552 err: 553 vhost_discard_vq_desc(vq, headcount); 554 return r; 555 } 556 557 /* Expects to be always run from workqueue - which acts as 558 * read-size critical section for our kind of RCU. */ 559 static void handle_rx(struct vhost_net *net) 560 { 561 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX]; 562 struct vhost_virtqueue *vq = &nvq->vq; 563 unsigned uninitialized_var(in), log; 564 struct vhost_log *vq_log; 565 struct msghdr msg = { 566 .msg_name = NULL, 567 .msg_namelen = 0, 568 .msg_control = NULL, /* FIXME: get and handle RX aux data. */ 569 .msg_controllen = 0, 570 .msg_flags = MSG_DONTWAIT, 571 }; 572 struct virtio_net_hdr_mrg_rxbuf hdr = { 573 .hdr.flags = 0, 574 .hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE 575 }; 576 size_t total_len = 0; 577 int err, mergeable; 578 s16 headcount; 579 size_t vhost_hlen, sock_hlen; 580 size_t vhost_len, sock_len; 581 struct socket *sock; 582 583 mutex_lock(&vq->mutex); 584 sock = vq->private_data; 585 if (!sock) 586 goto out; 587 vhost_disable_notify(&net->dev, vq); 588 589 vhost_hlen = nvq->vhost_hlen; 590 sock_hlen = nvq->sock_hlen; 591 592 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ? 593 vq->log : NULL; 594 mergeable = vhost_has_feature(vq, VIRTIO_NET_F_MRG_RXBUF); 595 596 while ((sock_len = peek_head_len(sock->sk))) { 597 sock_len += sock_hlen; 598 vhost_len = sock_len + vhost_hlen; 599 headcount = get_rx_bufs(vq, vq->heads, vhost_len, 600 &in, vq_log, &log, 601 likely(mergeable) ? UIO_MAXIOV : 1); 602 /* On error, stop handling until the next kick. */ 603 if (unlikely(headcount < 0)) 604 break; 605 /* On overrun, truncate and discard */ 606 if (unlikely(headcount > UIO_MAXIOV)) { 607 iov_iter_init(&msg.msg_iter, READ, vq->iov, 1, 1); 608 err = sock->ops->recvmsg(NULL, sock, &msg, 609 1, MSG_DONTWAIT | MSG_TRUNC); 610 pr_debug("Discarded rx packet: len %zd\n", sock_len); 611 continue; 612 } 613 /* OK, now we need to know about added descriptors. */ 614 if (!headcount) { 615 if (unlikely(vhost_enable_notify(&net->dev, vq))) { 616 /* They have slipped one in as we were 617 * doing that: check again. */ 618 vhost_disable_notify(&net->dev, vq); 619 continue; 620 } 621 /* Nothing new? Wait for eventfd to tell us 622 * they refilled. */ 623 break; 624 } 625 /* We don't need to be notified again. */ 626 if (unlikely((vhost_hlen))) 627 /* Skip header. TODO: support TSO. */ 628 move_iovec_hdr(vq->iov, nvq->hdr, vhost_hlen, in); 629 else 630 /* Copy the header for use in VIRTIO_NET_F_MRG_RXBUF: 631 * needed because recvmsg can modify msg_iov. */ 632 copy_iovec_hdr(vq->iov, nvq->hdr, sock_hlen, in); 633 iov_iter_init(&msg.msg_iter, READ, vq->iov, in, sock_len); 634 err = sock->ops->recvmsg(NULL, sock, &msg, 635 sock_len, MSG_DONTWAIT | MSG_TRUNC); 636 /* Userspace might have consumed the packet meanwhile: 637 * it's not supposed to do this usually, but might be hard 638 * to prevent. Discard data we got (if any) and keep going. */ 639 if (unlikely(err != sock_len)) { 640 pr_debug("Discarded rx packet: " 641 " len %d, expected %zd\n", err, sock_len); 642 vhost_discard_vq_desc(vq, headcount); 643 continue; 644 } 645 if (unlikely(vhost_hlen) && 646 memcpy_toiovecend(nvq->hdr, (unsigned char *)&hdr, 0, 647 vhost_hlen)) { 648 vq_err(vq, "Unable to write vnet_hdr at addr %p\n", 649 vq->iov->iov_base); 650 break; 651 } 652 /* TODO: Should check and handle checksum. */ 653 if (likely(mergeable) && 654 memcpy_toiovecend(nvq->hdr, (unsigned char *)&headcount, 655 offsetof(typeof(hdr), num_buffers), 656 sizeof hdr.num_buffers)) { 657 vq_err(vq, "Failed num_buffers write"); 658 vhost_discard_vq_desc(vq, headcount); 659 break; 660 } 661 vhost_add_used_and_signal_n(&net->dev, vq, vq->heads, 662 headcount); 663 if (unlikely(vq_log)) 664 vhost_log_write(vq, vq_log, log, vhost_len); 665 total_len += vhost_len; 666 if (unlikely(total_len >= VHOST_NET_WEIGHT)) { 667 vhost_poll_queue(&vq->poll); 668 break; 669 } 670 } 671 out: 672 mutex_unlock(&vq->mutex); 673 } 674 675 static void handle_tx_kick(struct vhost_work *work) 676 { 677 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 678 poll.work); 679 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 680 681 handle_tx(net); 682 } 683 684 static void handle_rx_kick(struct vhost_work *work) 685 { 686 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 687 poll.work); 688 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev); 689 690 handle_rx(net); 691 } 692 693 static void handle_tx_net(struct vhost_work *work) 694 { 695 struct vhost_net *net = container_of(work, struct vhost_net, 696 poll[VHOST_NET_VQ_TX].work); 697 handle_tx(net); 698 } 699 700 static void handle_rx_net(struct vhost_work *work) 701 { 702 struct vhost_net *net = container_of(work, struct vhost_net, 703 poll[VHOST_NET_VQ_RX].work); 704 handle_rx(net); 705 } 706 707 static int vhost_net_open(struct inode *inode, struct file *f) 708 { 709 struct vhost_net *n; 710 struct vhost_dev *dev; 711 struct vhost_virtqueue **vqs; 712 int i; 713 714 n = kmalloc(sizeof *n, GFP_KERNEL | __GFP_NOWARN | __GFP_REPEAT); 715 if (!n) { 716 n = vmalloc(sizeof *n); 717 if (!n) 718 return -ENOMEM; 719 } 720 vqs = kmalloc(VHOST_NET_VQ_MAX * sizeof(*vqs), GFP_KERNEL); 721 if (!vqs) { 722 kvfree(n); 723 return -ENOMEM; 724 } 725 726 dev = &n->dev; 727 vqs[VHOST_NET_VQ_TX] = &n->vqs[VHOST_NET_VQ_TX].vq; 728 vqs[VHOST_NET_VQ_RX] = &n->vqs[VHOST_NET_VQ_RX].vq; 729 n->vqs[VHOST_NET_VQ_TX].vq.handle_kick = handle_tx_kick; 730 n->vqs[VHOST_NET_VQ_RX].vq.handle_kick = handle_rx_kick; 731 for (i = 0; i < VHOST_NET_VQ_MAX; i++) { 732 n->vqs[i].ubufs = NULL; 733 n->vqs[i].ubuf_info = NULL; 734 n->vqs[i].upend_idx = 0; 735 n->vqs[i].done_idx = 0; 736 n->vqs[i].vhost_hlen = 0; 737 n->vqs[i].sock_hlen = 0; 738 } 739 vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX); 740 741 vhost_poll_init(n->poll + VHOST_NET_VQ_TX, handle_tx_net, POLLOUT, dev); 742 vhost_poll_init(n->poll + VHOST_NET_VQ_RX, handle_rx_net, POLLIN, dev); 743 744 f->private_data = n; 745 746 return 0; 747 } 748 749 static void vhost_net_disable_vq(struct vhost_net *n, 750 struct vhost_virtqueue *vq) 751 { 752 struct vhost_net_virtqueue *nvq = 753 container_of(vq, struct vhost_net_virtqueue, vq); 754 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 755 if (!vq->private_data) 756 return; 757 vhost_poll_stop(poll); 758 } 759 760 static int vhost_net_enable_vq(struct vhost_net *n, 761 struct vhost_virtqueue *vq) 762 { 763 struct vhost_net_virtqueue *nvq = 764 container_of(vq, struct vhost_net_virtqueue, vq); 765 struct vhost_poll *poll = n->poll + (nvq - n->vqs); 766 struct socket *sock; 767 768 sock = vq->private_data; 769 if (!sock) 770 return 0; 771 772 return vhost_poll_start(poll, sock->file); 773 } 774 775 static struct socket *vhost_net_stop_vq(struct vhost_net *n, 776 struct vhost_virtqueue *vq) 777 { 778 struct socket *sock; 779 780 mutex_lock(&vq->mutex); 781 sock = vq->private_data; 782 vhost_net_disable_vq(n, vq); 783 vq->private_data = NULL; 784 mutex_unlock(&vq->mutex); 785 return sock; 786 } 787 788 static void vhost_net_stop(struct vhost_net *n, struct socket **tx_sock, 789 struct socket **rx_sock) 790 { 791 *tx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_TX].vq); 792 *rx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_RX].vq); 793 } 794 795 static void vhost_net_flush_vq(struct vhost_net *n, int index) 796 { 797 vhost_poll_flush(n->poll + index); 798 vhost_poll_flush(&n->vqs[index].vq.poll); 799 } 800 801 static void vhost_net_flush(struct vhost_net *n) 802 { 803 vhost_net_flush_vq(n, VHOST_NET_VQ_TX); 804 vhost_net_flush_vq(n, VHOST_NET_VQ_RX); 805 if (n->vqs[VHOST_NET_VQ_TX].ubufs) { 806 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 807 n->tx_flush = true; 808 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 809 /* Wait for all lower device DMAs done. */ 810 vhost_net_ubuf_put_and_wait(n->vqs[VHOST_NET_VQ_TX].ubufs); 811 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 812 n->tx_flush = false; 813 atomic_set(&n->vqs[VHOST_NET_VQ_TX].ubufs->refcount, 1); 814 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex); 815 } 816 } 817 818 static int vhost_net_release(struct inode *inode, struct file *f) 819 { 820 struct vhost_net *n = f->private_data; 821 struct socket *tx_sock; 822 struct socket *rx_sock; 823 824 vhost_net_stop(n, &tx_sock, &rx_sock); 825 vhost_net_flush(n); 826 vhost_dev_stop(&n->dev); 827 vhost_dev_cleanup(&n->dev, false); 828 vhost_net_vq_reset(n); 829 if (tx_sock) 830 sockfd_put(tx_sock); 831 if (rx_sock) 832 sockfd_put(rx_sock); 833 /* Make sure no callbacks are outstanding */ 834 synchronize_rcu_bh(); 835 /* We do an extra flush before freeing memory, 836 * since jobs can re-queue themselves. */ 837 vhost_net_flush(n); 838 kfree(n->dev.vqs); 839 kvfree(n); 840 return 0; 841 } 842 843 static struct socket *get_raw_socket(int fd) 844 { 845 struct { 846 struct sockaddr_ll sa; 847 char buf[MAX_ADDR_LEN]; 848 } uaddr; 849 int uaddr_len = sizeof uaddr, r; 850 struct socket *sock = sockfd_lookup(fd, &r); 851 852 if (!sock) 853 return ERR_PTR(-ENOTSOCK); 854 855 /* Parameter checking */ 856 if (sock->sk->sk_type != SOCK_RAW) { 857 r = -ESOCKTNOSUPPORT; 858 goto err; 859 } 860 861 r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, 862 &uaddr_len, 0); 863 if (r) 864 goto err; 865 866 if (uaddr.sa.sll_family != AF_PACKET) { 867 r = -EPFNOSUPPORT; 868 goto err; 869 } 870 return sock; 871 err: 872 sockfd_put(sock); 873 return ERR_PTR(r); 874 } 875 876 static struct socket *get_tap_socket(int fd) 877 { 878 struct file *file = fget(fd); 879 struct socket *sock; 880 881 if (!file) 882 return ERR_PTR(-EBADF); 883 sock = tun_get_socket(file); 884 if (!IS_ERR(sock)) 885 return sock; 886 sock = macvtap_get_socket(file); 887 if (IS_ERR(sock)) 888 fput(file); 889 return sock; 890 } 891 892 static struct socket *get_socket(int fd) 893 { 894 struct socket *sock; 895 896 /* special case to disable backend */ 897 if (fd == -1) 898 return NULL; 899 sock = get_raw_socket(fd); 900 if (!IS_ERR(sock)) 901 return sock; 902 sock = get_tap_socket(fd); 903 if (!IS_ERR(sock)) 904 return sock; 905 return ERR_PTR(-ENOTSOCK); 906 } 907 908 static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) 909 { 910 struct socket *sock, *oldsock; 911 struct vhost_virtqueue *vq; 912 struct vhost_net_virtqueue *nvq; 913 struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL; 914 int r; 915 916 mutex_lock(&n->dev.mutex); 917 r = vhost_dev_check_owner(&n->dev); 918 if (r) 919 goto err; 920 921 if (index >= VHOST_NET_VQ_MAX) { 922 r = -ENOBUFS; 923 goto err; 924 } 925 vq = &n->vqs[index].vq; 926 nvq = &n->vqs[index]; 927 mutex_lock(&vq->mutex); 928 929 /* Verify that ring has been setup correctly. */ 930 if (!vhost_vq_access_ok(vq)) { 931 r = -EFAULT; 932 goto err_vq; 933 } 934 sock = get_socket(fd); 935 if (IS_ERR(sock)) { 936 r = PTR_ERR(sock); 937 goto err_vq; 938 } 939 940 /* start polling new socket */ 941 oldsock = vq->private_data; 942 if (sock != oldsock) { 943 ubufs = vhost_net_ubuf_alloc(vq, 944 sock && vhost_sock_zcopy(sock)); 945 if (IS_ERR(ubufs)) { 946 r = PTR_ERR(ubufs); 947 goto err_ubufs; 948 } 949 950 vhost_net_disable_vq(n, vq); 951 vq->private_data = sock; 952 r = vhost_init_used(vq); 953 if (r) 954 goto err_used; 955 r = vhost_net_enable_vq(n, vq); 956 if (r) 957 goto err_used; 958 959 oldubufs = nvq->ubufs; 960 nvq->ubufs = ubufs; 961 962 n->tx_packets = 0; 963 n->tx_zcopy_err = 0; 964 n->tx_flush = false; 965 } 966 967 mutex_unlock(&vq->mutex); 968 969 if (oldubufs) { 970 vhost_net_ubuf_put_wait_and_free(oldubufs); 971 mutex_lock(&vq->mutex); 972 vhost_zerocopy_signal_used(n, vq); 973 mutex_unlock(&vq->mutex); 974 } 975 976 if (oldsock) { 977 vhost_net_flush_vq(n, index); 978 sockfd_put(oldsock); 979 } 980 981 mutex_unlock(&n->dev.mutex); 982 return 0; 983 984 err_used: 985 vq->private_data = oldsock; 986 vhost_net_enable_vq(n, vq); 987 if (ubufs) 988 vhost_net_ubuf_put_wait_and_free(ubufs); 989 err_ubufs: 990 sockfd_put(sock); 991 err_vq: 992 mutex_unlock(&vq->mutex); 993 err: 994 mutex_unlock(&n->dev.mutex); 995 return r; 996 } 997 998 static long vhost_net_reset_owner(struct vhost_net *n) 999 { 1000 struct socket *tx_sock = NULL; 1001 struct socket *rx_sock = NULL; 1002 long err; 1003 struct vhost_memory *memory; 1004 1005 mutex_lock(&n->dev.mutex); 1006 err = vhost_dev_check_owner(&n->dev); 1007 if (err) 1008 goto done; 1009 memory = vhost_dev_reset_owner_prepare(); 1010 if (!memory) { 1011 err = -ENOMEM; 1012 goto done; 1013 } 1014 vhost_net_stop(n, &tx_sock, &rx_sock); 1015 vhost_net_flush(n); 1016 vhost_dev_reset_owner(&n->dev, memory); 1017 vhost_net_vq_reset(n); 1018 done: 1019 mutex_unlock(&n->dev.mutex); 1020 if (tx_sock) 1021 sockfd_put(tx_sock); 1022 if (rx_sock) 1023 sockfd_put(rx_sock); 1024 return err; 1025 } 1026 1027 static int vhost_net_set_features(struct vhost_net *n, u64 features) 1028 { 1029 size_t vhost_hlen, sock_hlen, hdr_len; 1030 int i; 1031 1032 hdr_len = (features & ((1ULL << VIRTIO_NET_F_MRG_RXBUF) | 1033 (1ULL << VIRTIO_F_VERSION_1))) ? 1034 sizeof(struct virtio_net_hdr_mrg_rxbuf) : 1035 sizeof(struct virtio_net_hdr); 1036 if (features & (1 << VHOST_NET_F_VIRTIO_NET_HDR)) { 1037 /* vhost provides vnet_hdr */ 1038 vhost_hlen = hdr_len; 1039 sock_hlen = 0; 1040 } else { 1041 /* socket provides vnet_hdr */ 1042 vhost_hlen = 0; 1043 sock_hlen = hdr_len; 1044 } 1045 mutex_lock(&n->dev.mutex); 1046 if ((features & (1 << VHOST_F_LOG_ALL)) && 1047 !vhost_log_access_ok(&n->dev)) { 1048 mutex_unlock(&n->dev.mutex); 1049 return -EFAULT; 1050 } 1051 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) { 1052 mutex_lock(&n->vqs[i].vq.mutex); 1053 n->vqs[i].vq.acked_features = features; 1054 n->vqs[i].vhost_hlen = vhost_hlen; 1055 n->vqs[i].sock_hlen = sock_hlen; 1056 mutex_unlock(&n->vqs[i].vq.mutex); 1057 } 1058 mutex_unlock(&n->dev.mutex); 1059 return 0; 1060 } 1061 1062 static long vhost_net_set_owner(struct vhost_net *n) 1063 { 1064 int r; 1065 1066 mutex_lock(&n->dev.mutex); 1067 if (vhost_dev_has_owner(&n->dev)) { 1068 r = -EBUSY; 1069 goto out; 1070 } 1071 r = vhost_net_set_ubuf_info(n); 1072 if (r) 1073 goto out; 1074 r = vhost_dev_set_owner(&n->dev); 1075 if (r) 1076 vhost_net_clear_ubuf_info(n); 1077 vhost_net_flush(n); 1078 out: 1079 mutex_unlock(&n->dev.mutex); 1080 return r; 1081 } 1082 1083 static long vhost_net_ioctl(struct file *f, unsigned int ioctl, 1084 unsigned long arg) 1085 { 1086 struct vhost_net *n = f->private_data; 1087 void __user *argp = (void __user *)arg; 1088 u64 __user *featurep = argp; 1089 struct vhost_vring_file backend; 1090 u64 features; 1091 int r; 1092 1093 switch (ioctl) { 1094 case VHOST_NET_SET_BACKEND: 1095 if (copy_from_user(&backend, argp, sizeof backend)) 1096 return -EFAULT; 1097 return vhost_net_set_backend(n, backend.index, backend.fd); 1098 case VHOST_GET_FEATURES: 1099 features = VHOST_NET_FEATURES; 1100 if (copy_to_user(featurep, &features, sizeof features)) 1101 return -EFAULT; 1102 return 0; 1103 case VHOST_SET_FEATURES: 1104 if (copy_from_user(&features, featurep, sizeof features)) 1105 return -EFAULT; 1106 if (features & ~VHOST_NET_FEATURES) 1107 return -EOPNOTSUPP; 1108 return vhost_net_set_features(n, features); 1109 case VHOST_RESET_OWNER: 1110 return vhost_net_reset_owner(n); 1111 case VHOST_SET_OWNER: 1112 return vhost_net_set_owner(n); 1113 default: 1114 mutex_lock(&n->dev.mutex); 1115 r = vhost_dev_ioctl(&n->dev, ioctl, argp); 1116 if (r == -ENOIOCTLCMD) 1117 r = vhost_vring_ioctl(&n->dev, ioctl, argp); 1118 else 1119 vhost_net_flush(n); 1120 mutex_unlock(&n->dev.mutex); 1121 return r; 1122 } 1123 } 1124 1125 #ifdef CONFIG_COMPAT 1126 static long vhost_net_compat_ioctl(struct file *f, unsigned int ioctl, 1127 unsigned long arg) 1128 { 1129 return vhost_net_ioctl(f, ioctl, (unsigned long)compat_ptr(arg)); 1130 } 1131 #endif 1132 1133 static const struct file_operations vhost_net_fops = { 1134 .owner = THIS_MODULE, 1135 .release = vhost_net_release, 1136 .unlocked_ioctl = vhost_net_ioctl, 1137 #ifdef CONFIG_COMPAT 1138 .compat_ioctl = vhost_net_compat_ioctl, 1139 #endif 1140 .open = vhost_net_open, 1141 .llseek = noop_llseek, 1142 }; 1143 1144 static struct miscdevice vhost_net_misc = { 1145 .minor = VHOST_NET_MINOR, 1146 .name = "vhost-net", 1147 .fops = &vhost_net_fops, 1148 }; 1149 1150 static int vhost_net_init(void) 1151 { 1152 if (experimental_zcopytx) 1153 vhost_net_enable_zcopy(VHOST_NET_VQ_TX); 1154 return misc_register(&vhost_net_misc); 1155 } 1156 module_init(vhost_net_init); 1157 1158 static void vhost_net_exit(void) 1159 { 1160 misc_deregister(&vhost_net_misc); 1161 } 1162 module_exit(vhost_net_exit); 1163 1164 MODULE_VERSION("0.0.1"); 1165 MODULE_LICENSE("GPL v2"); 1166 MODULE_AUTHOR("Michael S. Tsirkin"); 1167 MODULE_DESCRIPTION("Host kernel accelerator for virtio net"); 1168 MODULE_ALIAS_MISCDEV(VHOST_NET_MINOR); 1169 MODULE_ALIAS("devname:vhost-net"); 1170