xref: /openbmc/linux/drivers/vhost/vringh.c (revision 5b448065)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Helpers for the host side of a virtio ring.
4  *
5  * Since these may be in userspace, we use (inline) accessors.
6  */
7 #include <linux/compiler.h>
8 #include <linux/module.h>
9 #include <linux/vringh.h>
10 #include <linux/virtio_ring.h>
11 #include <linux/kernel.h>
12 #include <linux/ratelimit.h>
13 #include <linux/uaccess.h>
14 #include <linux/slab.h>
15 #include <linux/export.h>
16 #if IS_REACHABLE(CONFIG_VHOST_IOTLB)
17 #include <linux/bvec.h>
18 #include <linux/highmem.h>
19 #include <linux/vhost_iotlb.h>
20 #endif
21 #include <uapi/linux/virtio_config.h>
22 
23 static __printf(1,2) __cold void vringh_bad(const char *fmt, ...)
24 {
25 	static DEFINE_RATELIMIT_STATE(vringh_rs,
26 				      DEFAULT_RATELIMIT_INTERVAL,
27 				      DEFAULT_RATELIMIT_BURST);
28 	if (__ratelimit(&vringh_rs)) {
29 		va_list ap;
30 		va_start(ap, fmt);
31 		printk(KERN_NOTICE "vringh:");
32 		vprintk(fmt, ap);
33 		va_end(ap);
34 	}
35 }
36 
37 /* Returns vring->num if empty, -ve on error. */
38 static inline int __vringh_get_head(const struct vringh *vrh,
39 				    int (*getu16)(const struct vringh *vrh,
40 						  u16 *val, const __virtio16 *p),
41 				    u16 *last_avail_idx)
42 {
43 	u16 avail_idx, i, head;
44 	int err;
45 
46 	err = getu16(vrh, &avail_idx, &vrh->vring.avail->idx);
47 	if (err) {
48 		vringh_bad("Failed to access avail idx at %p",
49 			   &vrh->vring.avail->idx);
50 		return err;
51 	}
52 
53 	if (*last_avail_idx == avail_idx)
54 		return vrh->vring.num;
55 
56 	/* Only get avail ring entries after they have been exposed by guest. */
57 	virtio_rmb(vrh->weak_barriers);
58 
59 	i = *last_avail_idx & (vrh->vring.num - 1);
60 
61 	err = getu16(vrh, &head, &vrh->vring.avail->ring[i]);
62 	if (err) {
63 		vringh_bad("Failed to read head: idx %d address %p",
64 			   *last_avail_idx, &vrh->vring.avail->ring[i]);
65 		return err;
66 	}
67 
68 	if (head >= vrh->vring.num) {
69 		vringh_bad("Guest says index %u > %u is available",
70 			   head, vrh->vring.num);
71 		return -EINVAL;
72 	}
73 
74 	(*last_avail_idx)++;
75 	return head;
76 }
77 
78 /**
79  * vringh_kiov_advance - skip bytes from vring_kiov
80  * @iov: an iov passed to vringh_getdesc_*() (updated as we consume)
81  * @len: the maximum length to advance
82  */
83 void vringh_kiov_advance(struct vringh_kiov *iov, size_t len)
84 {
85 	while (len && iov->i < iov->used) {
86 		size_t partlen = min(iov->iov[iov->i].iov_len, len);
87 
88 		iov->consumed += partlen;
89 		iov->iov[iov->i].iov_len -= partlen;
90 		iov->iov[iov->i].iov_base += partlen;
91 
92 		if (!iov->iov[iov->i].iov_len) {
93 			/* Fix up old iov element then increment. */
94 			iov->iov[iov->i].iov_len = iov->consumed;
95 			iov->iov[iov->i].iov_base -= iov->consumed;
96 
97 			iov->consumed = 0;
98 			iov->i++;
99 		}
100 
101 		len -= partlen;
102 	}
103 }
104 EXPORT_SYMBOL(vringh_kiov_advance);
105 
106 /* Copy some bytes to/from the iovec.  Returns num copied. */
107 static inline ssize_t vringh_iov_xfer(struct vringh *vrh,
108 				      struct vringh_kiov *iov,
109 				      void *ptr, size_t len,
110 				      int (*xfer)(const struct vringh *vrh,
111 						  void *addr, void *ptr,
112 						  size_t len))
113 {
114 	int err, done = 0;
115 
116 	while (len && iov->i < iov->used) {
117 		size_t partlen;
118 
119 		partlen = min(iov->iov[iov->i].iov_len, len);
120 		err = xfer(vrh, iov->iov[iov->i].iov_base, ptr, partlen);
121 		if (err)
122 			return err;
123 		done += partlen;
124 		len -= partlen;
125 		ptr += partlen;
126 
127 		vringh_kiov_advance(iov, partlen);
128 	}
129 	return done;
130 }
131 
132 /* May reduce *len if range is shorter. */
133 static inline bool range_check(struct vringh *vrh, u64 addr, size_t *len,
134 			       struct vringh_range *range,
135 			       bool (*getrange)(struct vringh *,
136 						u64, struct vringh_range *))
137 {
138 	if (addr < range->start || addr > range->end_incl) {
139 		if (!getrange(vrh, addr, range))
140 			return false;
141 	}
142 	BUG_ON(addr < range->start || addr > range->end_incl);
143 
144 	/* To end of memory? */
145 	if (unlikely(addr + *len == 0)) {
146 		if (range->end_incl == -1ULL)
147 			return true;
148 		goto truncate;
149 	}
150 
151 	/* Otherwise, don't wrap. */
152 	if (addr + *len < addr) {
153 		vringh_bad("Wrapping descriptor %zu@0x%llx",
154 			   *len, (unsigned long long)addr);
155 		return false;
156 	}
157 
158 	if (unlikely(addr + *len - 1 > range->end_incl))
159 		goto truncate;
160 	return true;
161 
162 truncate:
163 	*len = range->end_incl + 1 - addr;
164 	return true;
165 }
166 
167 static inline bool no_range_check(struct vringh *vrh, u64 addr, size_t *len,
168 				  struct vringh_range *range,
169 				  bool (*getrange)(struct vringh *,
170 						   u64, struct vringh_range *))
171 {
172 	return true;
173 }
174 
175 /* No reason for this code to be inline. */
176 static int move_to_indirect(const struct vringh *vrh,
177 			    int *up_next, u16 *i, void *addr,
178 			    const struct vring_desc *desc,
179 			    struct vring_desc **descs, int *desc_max)
180 {
181 	u32 len;
182 
183 	/* Indirect tables can't have indirect. */
184 	if (*up_next != -1) {
185 		vringh_bad("Multilevel indirect %u->%u", *up_next, *i);
186 		return -EINVAL;
187 	}
188 
189 	len = vringh32_to_cpu(vrh, desc->len);
190 	if (unlikely(len % sizeof(struct vring_desc))) {
191 		vringh_bad("Strange indirect len %u", desc->len);
192 		return -EINVAL;
193 	}
194 
195 	/* We will check this when we follow it! */
196 	if (desc->flags & cpu_to_vringh16(vrh, VRING_DESC_F_NEXT))
197 		*up_next = vringh16_to_cpu(vrh, desc->next);
198 	else
199 		*up_next = -2;
200 	*descs = addr;
201 	*desc_max = len / sizeof(struct vring_desc);
202 
203 	/* Now, start at the first indirect. */
204 	*i = 0;
205 	return 0;
206 }
207 
208 static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
209 {
210 	struct kvec *new;
211 	unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
212 
213 	if (new_num < 8)
214 		new_num = 8;
215 
216 	flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
217 	if (flag)
218 		new = krealloc_array(iov->iov, new_num,
219 				     sizeof(struct iovec), gfp);
220 	else {
221 		new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
222 		if (new) {
223 			memcpy(new, iov->iov,
224 			       iov->max_num * sizeof(struct iovec));
225 			flag = VRINGH_IOV_ALLOCATED;
226 		}
227 	}
228 	if (!new)
229 		return -ENOMEM;
230 	iov->iov = new;
231 	iov->max_num = (new_num | flag);
232 	return 0;
233 }
234 
235 static u16 __cold return_from_indirect(const struct vringh *vrh, int *up_next,
236 				       struct vring_desc **descs, int *desc_max)
237 {
238 	u16 i = *up_next;
239 
240 	*up_next = -1;
241 	*descs = vrh->vring.desc;
242 	*desc_max = vrh->vring.num;
243 	return i;
244 }
245 
246 static int slow_copy(struct vringh *vrh, void *dst, const void *src,
247 		     bool (*rcheck)(struct vringh *vrh, u64 addr, size_t *len,
248 				    struct vringh_range *range,
249 				    bool (*getrange)(struct vringh *vrh,
250 						     u64,
251 						     struct vringh_range *)),
252 		     bool (*getrange)(struct vringh *vrh,
253 				      u64 addr,
254 				      struct vringh_range *r),
255 		     struct vringh_range *range,
256 		     int (*copy)(const struct vringh *vrh,
257 				 void *dst, const void *src, size_t len))
258 {
259 	size_t part, len = sizeof(struct vring_desc);
260 
261 	do {
262 		u64 addr;
263 		int err;
264 
265 		part = len;
266 		addr = (u64)(unsigned long)src - range->offset;
267 
268 		if (!rcheck(vrh, addr, &part, range, getrange))
269 			return -EINVAL;
270 
271 		err = copy(vrh, dst, src, part);
272 		if (err)
273 			return err;
274 
275 		dst += part;
276 		src += part;
277 		len -= part;
278 	} while (len);
279 	return 0;
280 }
281 
282 static inline int
283 __vringh_iov(struct vringh *vrh, u16 i,
284 	     struct vringh_kiov *riov,
285 	     struct vringh_kiov *wiov,
286 	     bool (*rcheck)(struct vringh *vrh, u64 addr, size_t *len,
287 			    struct vringh_range *range,
288 			    bool (*getrange)(struct vringh *, u64,
289 					     struct vringh_range *)),
290 	     bool (*getrange)(struct vringh *, u64, struct vringh_range *),
291 	     gfp_t gfp,
292 	     int (*copy)(const struct vringh *vrh,
293 			 void *dst, const void *src, size_t len))
294 {
295 	int err, count = 0, up_next, desc_max;
296 	struct vring_desc desc, *descs;
297 	struct vringh_range range = { -1ULL, 0 }, slowrange;
298 	bool slow = false;
299 
300 	/* We start traversing vring's descriptor table. */
301 	descs = vrh->vring.desc;
302 	desc_max = vrh->vring.num;
303 	up_next = -1;
304 
305 	/* You must want something! */
306 	if (WARN_ON(!riov && !wiov))
307 		return -EINVAL;
308 
309 	if (riov)
310 		riov->i = riov->used = riov->consumed = 0;
311 	if (wiov)
312 		wiov->i = wiov->used = wiov->consumed = 0;
313 
314 	for (;;) {
315 		void *addr;
316 		struct vringh_kiov *iov;
317 		size_t len;
318 
319 		if (unlikely(slow))
320 			err = slow_copy(vrh, &desc, &descs[i], rcheck, getrange,
321 					&slowrange, copy);
322 		else
323 			err = copy(vrh, &desc, &descs[i], sizeof(desc));
324 		if (unlikely(err))
325 			goto fail;
326 
327 		if (unlikely(desc.flags &
328 			     cpu_to_vringh16(vrh, VRING_DESC_F_INDIRECT))) {
329 			u64 a = vringh64_to_cpu(vrh, desc.addr);
330 
331 			/* Make sure it's OK, and get offset. */
332 			len = vringh32_to_cpu(vrh, desc.len);
333 			if (!rcheck(vrh, a, &len, &range, getrange)) {
334 				err = -EINVAL;
335 				goto fail;
336 			}
337 
338 			if (unlikely(len != vringh32_to_cpu(vrh, desc.len))) {
339 				slow = true;
340 				/* We need to save this range to use offset */
341 				slowrange = range;
342 			}
343 
344 			addr = (void *)(long)(a + range.offset);
345 			err = move_to_indirect(vrh, &up_next, &i, addr, &desc,
346 					       &descs, &desc_max);
347 			if (err)
348 				goto fail;
349 			continue;
350 		}
351 
352 		if (count++ == vrh->vring.num) {
353 			vringh_bad("Descriptor loop in %p", descs);
354 			err = -ELOOP;
355 			goto fail;
356 		}
357 
358 		if (desc.flags & cpu_to_vringh16(vrh, VRING_DESC_F_WRITE))
359 			iov = wiov;
360 		else {
361 			iov = riov;
362 			if (unlikely(wiov && wiov->i)) {
363 				vringh_bad("Readable desc %p after writable",
364 					   &descs[i]);
365 				err = -EINVAL;
366 				goto fail;
367 			}
368 		}
369 
370 		if (!iov) {
371 			vringh_bad("Unexpected %s desc",
372 				   !wiov ? "writable" : "readable");
373 			err = -EPROTO;
374 			goto fail;
375 		}
376 
377 	again:
378 		/* Make sure it's OK, and get offset. */
379 		len = vringh32_to_cpu(vrh, desc.len);
380 		if (!rcheck(vrh, vringh64_to_cpu(vrh, desc.addr), &len, &range,
381 			    getrange)) {
382 			err = -EINVAL;
383 			goto fail;
384 		}
385 		addr = (void *)(unsigned long)(vringh64_to_cpu(vrh, desc.addr) +
386 					       range.offset);
387 
388 		if (unlikely(iov->used == (iov->max_num & ~VRINGH_IOV_ALLOCATED))) {
389 			err = resize_iovec(iov, gfp);
390 			if (err)
391 				goto fail;
392 		}
393 
394 		iov->iov[iov->used].iov_base = addr;
395 		iov->iov[iov->used].iov_len = len;
396 		iov->used++;
397 
398 		if (unlikely(len != vringh32_to_cpu(vrh, desc.len))) {
399 			desc.len = cpu_to_vringh32(vrh,
400 				   vringh32_to_cpu(vrh, desc.len) - len);
401 			desc.addr = cpu_to_vringh64(vrh,
402 				    vringh64_to_cpu(vrh, desc.addr) + len);
403 			goto again;
404 		}
405 
406 		if (desc.flags & cpu_to_vringh16(vrh, VRING_DESC_F_NEXT)) {
407 			i = vringh16_to_cpu(vrh, desc.next);
408 		} else {
409 			/* Just in case we need to finish traversing above. */
410 			if (unlikely(up_next > 0)) {
411 				i = return_from_indirect(vrh, &up_next,
412 							 &descs, &desc_max);
413 				slow = false;
414 			} else
415 				break;
416 		}
417 
418 		if (i >= desc_max) {
419 			vringh_bad("Chained index %u > %u", i, desc_max);
420 			err = -EINVAL;
421 			goto fail;
422 		}
423 	}
424 
425 	return 0;
426 
427 fail:
428 	return err;
429 }
430 
431 static inline int __vringh_complete(struct vringh *vrh,
432 				    const struct vring_used_elem *used,
433 				    unsigned int num_used,
434 				    int (*putu16)(const struct vringh *vrh,
435 						  __virtio16 *p, u16 val),
436 				    int (*putused)(const struct vringh *vrh,
437 						   struct vring_used_elem *dst,
438 						   const struct vring_used_elem
439 						   *src, unsigned num))
440 {
441 	struct vring_used *used_ring;
442 	int err;
443 	u16 used_idx, off;
444 
445 	used_ring = vrh->vring.used;
446 	used_idx = vrh->last_used_idx + vrh->completed;
447 
448 	off = used_idx % vrh->vring.num;
449 
450 	/* Compiler knows num_used == 1 sometimes, hence extra check */
451 	if (num_used > 1 && unlikely(off + num_used >= vrh->vring.num)) {
452 		u16 part = vrh->vring.num - off;
453 		err = putused(vrh, &used_ring->ring[off], used, part);
454 		if (!err)
455 			err = putused(vrh, &used_ring->ring[0], used + part,
456 				      num_used - part);
457 	} else
458 		err = putused(vrh, &used_ring->ring[off], used, num_used);
459 
460 	if (err) {
461 		vringh_bad("Failed to write %u used entries %u at %p",
462 			   num_used, off, &used_ring->ring[off]);
463 		return err;
464 	}
465 
466 	/* Make sure buffer is written before we update index. */
467 	virtio_wmb(vrh->weak_barriers);
468 
469 	err = putu16(vrh, &vrh->vring.used->idx, used_idx + num_used);
470 	if (err) {
471 		vringh_bad("Failed to update used index at %p",
472 			   &vrh->vring.used->idx);
473 		return err;
474 	}
475 
476 	vrh->completed += num_used;
477 	return 0;
478 }
479 
480 
481 static inline int __vringh_need_notify(struct vringh *vrh,
482 				       int (*getu16)(const struct vringh *vrh,
483 						     u16 *val,
484 						     const __virtio16 *p))
485 {
486 	bool notify;
487 	u16 used_event;
488 	int err;
489 
490 	/* Flush out used index update. This is paired with the
491 	 * barrier that the Guest executes when enabling
492 	 * interrupts. */
493 	virtio_mb(vrh->weak_barriers);
494 
495 	/* Old-style, without event indices. */
496 	if (!vrh->event_indices) {
497 		u16 flags;
498 		err = getu16(vrh, &flags, &vrh->vring.avail->flags);
499 		if (err) {
500 			vringh_bad("Failed to get flags at %p",
501 				   &vrh->vring.avail->flags);
502 			return err;
503 		}
504 		return (!(flags & VRING_AVAIL_F_NO_INTERRUPT));
505 	}
506 
507 	/* Modern: we know when other side wants to know. */
508 	err = getu16(vrh, &used_event, &vring_used_event(&vrh->vring));
509 	if (err) {
510 		vringh_bad("Failed to get used event idx at %p",
511 			   &vring_used_event(&vrh->vring));
512 		return err;
513 	}
514 
515 	/* Just in case we added so many that we wrap. */
516 	if (unlikely(vrh->completed > 0xffff))
517 		notify = true;
518 	else
519 		notify = vring_need_event(used_event,
520 					  vrh->last_used_idx + vrh->completed,
521 					  vrh->last_used_idx);
522 
523 	vrh->last_used_idx += vrh->completed;
524 	vrh->completed = 0;
525 	return notify;
526 }
527 
528 static inline bool __vringh_notify_enable(struct vringh *vrh,
529 					  int (*getu16)(const struct vringh *vrh,
530 							u16 *val, const __virtio16 *p),
531 					  int (*putu16)(const struct vringh *vrh,
532 							__virtio16 *p, u16 val))
533 {
534 	u16 avail;
535 
536 	if (!vrh->event_indices) {
537 		/* Old-school; update flags. */
538 		if (putu16(vrh, &vrh->vring.used->flags, 0) != 0) {
539 			vringh_bad("Clearing used flags %p",
540 				   &vrh->vring.used->flags);
541 			return true;
542 		}
543 	} else {
544 		if (putu16(vrh, &vring_avail_event(&vrh->vring),
545 			   vrh->last_avail_idx) != 0) {
546 			vringh_bad("Updating avail event index %p",
547 				   &vring_avail_event(&vrh->vring));
548 			return true;
549 		}
550 	}
551 
552 	/* They could have slipped one in as we were doing that: make
553 	 * sure it's written, then check again. */
554 	virtio_mb(vrh->weak_barriers);
555 
556 	if (getu16(vrh, &avail, &vrh->vring.avail->idx) != 0) {
557 		vringh_bad("Failed to check avail idx at %p",
558 			   &vrh->vring.avail->idx);
559 		return true;
560 	}
561 
562 	/* This is unlikely, so we just leave notifications enabled
563 	 * (if we're using event_indices, we'll only get one
564 	 * notification anyway). */
565 	return avail == vrh->last_avail_idx;
566 }
567 
568 static inline void __vringh_notify_disable(struct vringh *vrh,
569 					   int (*putu16)(const struct vringh *vrh,
570 							 __virtio16 *p, u16 val))
571 {
572 	if (!vrh->event_indices) {
573 		/* Old-school; update flags. */
574 		if (putu16(vrh, &vrh->vring.used->flags,
575 			   VRING_USED_F_NO_NOTIFY)) {
576 			vringh_bad("Setting used flags %p",
577 				   &vrh->vring.used->flags);
578 		}
579 	}
580 }
581 
582 /* Userspace access helpers: in this case, addresses are really userspace. */
583 static inline int getu16_user(const struct vringh *vrh, u16 *val, const __virtio16 *p)
584 {
585 	__virtio16 v = 0;
586 	int rc = get_user(v, (__force __virtio16 __user *)p);
587 	*val = vringh16_to_cpu(vrh, v);
588 	return rc;
589 }
590 
591 static inline int putu16_user(const struct vringh *vrh, __virtio16 *p, u16 val)
592 {
593 	__virtio16 v = cpu_to_vringh16(vrh, val);
594 	return put_user(v, (__force __virtio16 __user *)p);
595 }
596 
597 static inline int copydesc_user(const struct vringh *vrh,
598 				void *dst, const void *src, size_t len)
599 {
600 	return copy_from_user(dst, (__force void __user *)src, len) ?
601 		-EFAULT : 0;
602 }
603 
604 static inline int putused_user(const struct vringh *vrh,
605 			       struct vring_used_elem *dst,
606 			       const struct vring_used_elem *src,
607 			       unsigned int num)
608 {
609 	return copy_to_user((__force void __user *)dst, src,
610 			    sizeof(*dst) * num) ? -EFAULT : 0;
611 }
612 
613 static inline int xfer_from_user(const struct vringh *vrh, void *src,
614 				 void *dst, size_t len)
615 {
616 	return copy_from_user(dst, (__force void __user *)src, len) ?
617 		-EFAULT : 0;
618 }
619 
620 static inline int xfer_to_user(const struct vringh *vrh,
621 			       void *dst, void *src, size_t len)
622 {
623 	return copy_to_user((__force void __user *)dst, src, len) ?
624 		-EFAULT : 0;
625 }
626 
627 /**
628  * vringh_init_user - initialize a vringh for a userspace vring.
629  * @vrh: the vringh to initialize.
630  * @features: the feature bits for this ring.
631  * @num: the number of elements.
632  * @weak_barriers: true if we only need memory barriers, not I/O.
633  * @desc: the userpace descriptor pointer.
634  * @avail: the userpace avail pointer.
635  * @used: the userpace used pointer.
636  *
637  * Returns an error if num is invalid: you should check pointers
638  * yourself!
639  */
640 int vringh_init_user(struct vringh *vrh, u64 features,
641 		     unsigned int num, bool weak_barriers,
642 		     vring_desc_t __user *desc,
643 		     vring_avail_t __user *avail,
644 		     vring_used_t __user *used)
645 {
646 	/* Sane power of 2 please! */
647 	if (!num || num > 0xffff || (num & (num - 1))) {
648 		vringh_bad("Bad ring size %u", num);
649 		return -EINVAL;
650 	}
651 
652 	vrh->little_endian = (features & (1ULL << VIRTIO_F_VERSION_1));
653 	vrh->event_indices = (features & (1 << VIRTIO_RING_F_EVENT_IDX));
654 	vrh->weak_barriers = weak_barriers;
655 	vrh->completed = 0;
656 	vrh->last_avail_idx = 0;
657 	vrh->last_used_idx = 0;
658 	vrh->vring.num = num;
659 	/* vring expects kernel addresses, but only used via accessors. */
660 	vrh->vring.desc = (__force struct vring_desc *)desc;
661 	vrh->vring.avail = (__force struct vring_avail *)avail;
662 	vrh->vring.used = (__force struct vring_used *)used;
663 	return 0;
664 }
665 EXPORT_SYMBOL(vringh_init_user);
666 
667 /**
668  * vringh_getdesc_user - get next available descriptor from userspace ring.
669  * @vrh: the userspace vring.
670  * @riov: where to put the readable descriptors (or NULL)
671  * @wiov: where to put the writable descriptors (or NULL)
672  * @getrange: function to call to check ranges.
673  * @head: head index we received, for passing to vringh_complete_user().
674  *
675  * Returns 0 if there was no descriptor, 1 if there was, or -errno.
676  *
677  * Note that on error return, you can tell the difference between an
678  * invalid ring and a single invalid descriptor: in the former case,
679  * *head will be vrh->vring.num.  You may be able to ignore an invalid
680  * descriptor, but there's not much you can do with an invalid ring.
681  *
682  * Note that you can reuse riov and wiov with subsequent calls. Content is
683  * overwritten and memory reallocated if more space is needed.
684  * When you don't have to use riov and wiov anymore, you should clean up them
685  * calling vringh_iov_cleanup() to release the memory, even on error!
686  */
687 int vringh_getdesc_user(struct vringh *vrh,
688 			struct vringh_iov *riov,
689 			struct vringh_iov *wiov,
690 			bool (*getrange)(struct vringh *vrh,
691 					 u64 addr, struct vringh_range *r),
692 			u16 *head)
693 {
694 	int err;
695 
696 	*head = vrh->vring.num;
697 	err = __vringh_get_head(vrh, getu16_user, &vrh->last_avail_idx);
698 	if (err < 0)
699 		return err;
700 
701 	/* Empty... */
702 	if (err == vrh->vring.num)
703 		return 0;
704 
705 	/* We need the layouts to be the identical for this to work */
706 	BUILD_BUG_ON(sizeof(struct vringh_kiov) != sizeof(struct vringh_iov));
707 	BUILD_BUG_ON(offsetof(struct vringh_kiov, iov) !=
708 		     offsetof(struct vringh_iov, iov));
709 	BUILD_BUG_ON(offsetof(struct vringh_kiov, i) !=
710 		     offsetof(struct vringh_iov, i));
711 	BUILD_BUG_ON(offsetof(struct vringh_kiov, used) !=
712 		     offsetof(struct vringh_iov, used));
713 	BUILD_BUG_ON(offsetof(struct vringh_kiov, max_num) !=
714 		     offsetof(struct vringh_iov, max_num));
715 	BUILD_BUG_ON(sizeof(struct iovec) != sizeof(struct kvec));
716 	BUILD_BUG_ON(offsetof(struct iovec, iov_base) !=
717 		     offsetof(struct kvec, iov_base));
718 	BUILD_BUG_ON(offsetof(struct iovec, iov_len) !=
719 		     offsetof(struct kvec, iov_len));
720 	BUILD_BUG_ON(sizeof(((struct iovec *)NULL)->iov_base)
721 		     != sizeof(((struct kvec *)NULL)->iov_base));
722 	BUILD_BUG_ON(sizeof(((struct iovec *)NULL)->iov_len)
723 		     != sizeof(((struct kvec *)NULL)->iov_len));
724 
725 	*head = err;
726 	err = __vringh_iov(vrh, *head, (struct vringh_kiov *)riov,
727 			   (struct vringh_kiov *)wiov,
728 			   range_check, getrange, GFP_KERNEL, copydesc_user);
729 	if (err)
730 		return err;
731 
732 	return 1;
733 }
734 EXPORT_SYMBOL(vringh_getdesc_user);
735 
736 /**
737  * vringh_iov_pull_user - copy bytes from vring_iov.
738  * @riov: the riov as passed to vringh_getdesc_user() (updated as we consume)
739  * @dst: the place to copy.
740  * @len: the maximum length to copy.
741  *
742  * Returns the bytes copied <= len or a negative errno.
743  */
744 ssize_t vringh_iov_pull_user(struct vringh_iov *riov, void *dst, size_t len)
745 {
746 	return vringh_iov_xfer(NULL, (struct vringh_kiov *)riov,
747 			       dst, len, xfer_from_user);
748 }
749 EXPORT_SYMBOL(vringh_iov_pull_user);
750 
751 /**
752  * vringh_iov_push_user - copy bytes into vring_iov.
753  * @wiov: the wiov as passed to vringh_getdesc_user() (updated as we consume)
754  * @src: the place to copy from.
755  * @len: the maximum length to copy.
756  *
757  * Returns the bytes copied <= len or a negative errno.
758  */
759 ssize_t vringh_iov_push_user(struct vringh_iov *wiov,
760 			     const void *src, size_t len)
761 {
762 	return vringh_iov_xfer(NULL, (struct vringh_kiov *)wiov,
763 			       (void *)src, len, xfer_to_user);
764 }
765 EXPORT_SYMBOL(vringh_iov_push_user);
766 
767 /**
768  * vringh_abandon_user - we've decided not to handle the descriptor(s).
769  * @vrh: the vring.
770  * @num: the number of descriptors to put back (ie. num
771  *	 vringh_get_user() to undo).
772  *
773  * The next vringh_get_user() will return the old descriptor(s) again.
774  */
775 void vringh_abandon_user(struct vringh *vrh, unsigned int num)
776 {
777 	/* We only update vring_avail_event(vr) when we want to be notified,
778 	 * so we haven't changed that yet. */
779 	vrh->last_avail_idx -= num;
780 }
781 EXPORT_SYMBOL(vringh_abandon_user);
782 
783 /**
784  * vringh_complete_user - we've finished with descriptor, publish it.
785  * @vrh: the vring.
786  * @head: the head as filled in by vringh_getdesc_user.
787  * @len: the length of data we have written.
788  *
789  * You should check vringh_need_notify_user() after one or more calls
790  * to this function.
791  */
792 int vringh_complete_user(struct vringh *vrh, u16 head, u32 len)
793 {
794 	struct vring_used_elem used;
795 
796 	used.id = cpu_to_vringh32(vrh, head);
797 	used.len = cpu_to_vringh32(vrh, len);
798 	return __vringh_complete(vrh, &used, 1, putu16_user, putused_user);
799 }
800 EXPORT_SYMBOL(vringh_complete_user);
801 
802 /**
803  * vringh_complete_multi_user - we've finished with many descriptors.
804  * @vrh: the vring.
805  * @used: the head, length pairs.
806  * @num_used: the number of used elements.
807  *
808  * You should check vringh_need_notify_user() after one or more calls
809  * to this function.
810  */
811 int vringh_complete_multi_user(struct vringh *vrh,
812 			       const struct vring_used_elem used[],
813 			       unsigned num_used)
814 {
815 	return __vringh_complete(vrh, used, num_used,
816 				 putu16_user, putused_user);
817 }
818 EXPORT_SYMBOL(vringh_complete_multi_user);
819 
820 /**
821  * vringh_notify_enable_user - we want to know if something changes.
822  * @vrh: the vring.
823  *
824  * This always enables notifications, but returns false if there are
825  * now more buffers available in the vring.
826  */
827 bool vringh_notify_enable_user(struct vringh *vrh)
828 {
829 	return __vringh_notify_enable(vrh, getu16_user, putu16_user);
830 }
831 EXPORT_SYMBOL(vringh_notify_enable_user);
832 
833 /**
834  * vringh_notify_disable_user - don't tell us if something changes.
835  * @vrh: the vring.
836  *
837  * This is our normal running state: we disable and then only enable when
838  * we're going to sleep.
839  */
840 void vringh_notify_disable_user(struct vringh *vrh)
841 {
842 	__vringh_notify_disable(vrh, putu16_user);
843 }
844 EXPORT_SYMBOL(vringh_notify_disable_user);
845 
846 /**
847  * vringh_need_notify_user - must we tell the other side about used buffers?
848  * @vrh: the vring we've called vringh_complete_user() on.
849  *
850  * Returns -errno or 0 if we don't need to tell the other side, 1 if we do.
851  */
852 int vringh_need_notify_user(struct vringh *vrh)
853 {
854 	return __vringh_need_notify(vrh, getu16_user);
855 }
856 EXPORT_SYMBOL(vringh_need_notify_user);
857 
858 /* Kernelspace access helpers. */
859 static inline int getu16_kern(const struct vringh *vrh,
860 			      u16 *val, const __virtio16 *p)
861 {
862 	*val = vringh16_to_cpu(vrh, READ_ONCE(*p));
863 	return 0;
864 }
865 
866 static inline int putu16_kern(const struct vringh *vrh, __virtio16 *p, u16 val)
867 {
868 	WRITE_ONCE(*p, cpu_to_vringh16(vrh, val));
869 	return 0;
870 }
871 
872 static inline int copydesc_kern(const struct vringh *vrh,
873 				void *dst, const void *src, size_t len)
874 {
875 	memcpy(dst, src, len);
876 	return 0;
877 }
878 
879 static inline int putused_kern(const struct vringh *vrh,
880 			       struct vring_used_elem *dst,
881 			       const struct vring_used_elem *src,
882 			       unsigned int num)
883 {
884 	memcpy(dst, src, num * sizeof(*dst));
885 	return 0;
886 }
887 
888 static inline int xfer_kern(const struct vringh *vrh, void *src,
889 			    void *dst, size_t len)
890 {
891 	memcpy(dst, src, len);
892 	return 0;
893 }
894 
895 static inline int kern_xfer(const struct vringh *vrh, void *dst,
896 			    void *src, size_t len)
897 {
898 	memcpy(dst, src, len);
899 	return 0;
900 }
901 
902 /**
903  * vringh_init_kern - initialize a vringh for a kernelspace vring.
904  * @vrh: the vringh to initialize.
905  * @features: the feature bits for this ring.
906  * @num: the number of elements.
907  * @weak_barriers: true if we only need memory barriers, not I/O.
908  * @desc: the userpace descriptor pointer.
909  * @avail: the userpace avail pointer.
910  * @used: the userpace used pointer.
911  *
912  * Returns an error if num is invalid.
913  */
914 int vringh_init_kern(struct vringh *vrh, u64 features,
915 		     unsigned int num, bool weak_barriers,
916 		     struct vring_desc *desc,
917 		     struct vring_avail *avail,
918 		     struct vring_used *used)
919 {
920 	/* Sane power of 2 please! */
921 	if (!num || num > 0xffff || (num & (num - 1))) {
922 		vringh_bad("Bad ring size %u", num);
923 		return -EINVAL;
924 	}
925 
926 	vrh->little_endian = (features & (1ULL << VIRTIO_F_VERSION_1));
927 	vrh->event_indices = (features & (1 << VIRTIO_RING_F_EVENT_IDX));
928 	vrh->weak_barriers = weak_barriers;
929 	vrh->completed = 0;
930 	vrh->last_avail_idx = 0;
931 	vrh->last_used_idx = 0;
932 	vrh->vring.num = num;
933 	vrh->vring.desc = desc;
934 	vrh->vring.avail = avail;
935 	vrh->vring.used = used;
936 	return 0;
937 }
938 EXPORT_SYMBOL(vringh_init_kern);
939 
940 /**
941  * vringh_getdesc_kern - get next available descriptor from kernelspace ring.
942  * @vrh: the kernelspace vring.
943  * @riov: where to put the readable descriptors (or NULL)
944  * @wiov: where to put the writable descriptors (or NULL)
945  * @head: head index we received, for passing to vringh_complete_kern().
946  * @gfp: flags for allocating larger riov/wiov.
947  *
948  * Returns 0 if there was no descriptor, 1 if there was, or -errno.
949  *
950  * Note that on error return, you can tell the difference between an
951  * invalid ring and a single invalid descriptor: in the former case,
952  * *head will be vrh->vring.num.  You may be able to ignore an invalid
953  * descriptor, but there's not much you can do with an invalid ring.
954  *
955  * Note that you can reuse riov and wiov with subsequent calls. Content is
956  * overwritten and memory reallocated if more space is needed.
957  * When you don't have to use riov and wiov anymore, you should clean up them
958  * calling vringh_kiov_cleanup() to release the memory, even on error!
959  */
960 int vringh_getdesc_kern(struct vringh *vrh,
961 			struct vringh_kiov *riov,
962 			struct vringh_kiov *wiov,
963 			u16 *head,
964 			gfp_t gfp)
965 {
966 	int err;
967 
968 	err = __vringh_get_head(vrh, getu16_kern, &vrh->last_avail_idx);
969 	if (err < 0)
970 		return err;
971 
972 	/* Empty... */
973 	if (err == vrh->vring.num)
974 		return 0;
975 
976 	*head = err;
977 	err = __vringh_iov(vrh, *head, riov, wiov, no_range_check, NULL,
978 			   gfp, copydesc_kern);
979 	if (err)
980 		return err;
981 
982 	return 1;
983 }
984 EXPORT_SYMBOL(vringh_getdesc_kern);
985 
986 /**
987  * vringh_iov_pull_kern - copy bytes from vring_iov.
988  * @riov: the riov as passed to vringh_getdesc_kern() (updated as we consume)
989  * @dst: the place to copy.
990  * @len: the maximum length to copy.
991  *
992  * Returns the bytes copied <= len or a negative errno.
993  */
994 ssize_t vringh_iov_pull_kern(struct vringh_kiov *riov, void *dst, size_t len)
995 {
996 	return vringh_iov_xfer(NULL, riov, dst, len, xfer_kern);
997 }
998 EXPORT_SYMBOL(vringh_iov_pull_kern);
999 
1000 /**
1001  * vringh_iov_push_kern - copy bytes into vring_iov.
1002  * @wiov: the wiov as passed to vringh_getdesc_kern() (updated as we consume)
1003  * @src: the place to copy from.
1004  * @len: the maximum length to copy.
1005  *
1006  * Returns the bytes copied <= len or a negative errno.
1007  */
1008 ssize_t vringh_iov_push_kern(struct vringh_kiov *wiov,
1009 			     const void *src, size_t len)
1010 {
1011 	return vringh_iov_xfer(NULL, wiov, (void *)src, len, kern_xfer);
1012 }
1013 EXPORT_SYMBOL(vringh_iov_push_kern);
1014 
1015 /**
1016  * vringh_abandon_kern - we've decided not to handle the descriptor(s).
1017  * @vrh: the vring.
1018  * @num: the number of descriptors to put back (ie. num
1019  *	 vringh_get_kern() to undo).
1020  *
1021  * The next vringh_get_kern() will return the old descriptor(s) again.
1022  */
1023 void vringh_abandon_kern(struct vringh *vrh, unsigned int num)
1024 {
1025 	/* We only update vring_avail_event(vr) when we want to be notified,
1026 	 * so we haven't changed that yet. */
1027 	vrh->last_avail_idx -= num;
1028 }
1029 EXPORT_SYMBOL(vringh_abandon_kern);
1030 
1031 /**
1032  * vringh_complete_kern - we've finished with descriptor, publish it.
1033  * @vrh: the vring.
1034  * @head: the head as filled in by vringh_getdesc_kern.
1035  * @len: the length of data we have written.
1036  *
1037  * You should check vringh_need_notify_kern() after one or more calls
1038  * to this function.
1039  */
1040 int vringh_complete_kern(struct vringh *vrh, u16 head, u32 len)
1041 {
1042 	struct vring_used_elem used;
1043 
1044 	used.id = cpu_to_vringh32(vrh, head);
1045 	used.len = cpu_to_vringh32(vrh, len);
1046 
1047 	return __vringh_complete(vrh, &used, 1, putu16_kern, putused_kern);
1048 }
1049 EXPORT_SYMBOL(vringh_complete_kern);
1050 
1051 /**
1052  * vringh_notify_enable_kern - we want to know if something changes.
1053  * @vrh: the vring.
1054  *
1055  * This always enables notifications, but returns false if there are
1056  * now more buffers available in the vring.
1057  */
1058 bool vringh_notify_enable_kern(struct vringh *vrh)
1059 {
1060 	return __vringh_notify_enable(vrh, getu16_kern, putu16_kern);
1061 }
1062 EXPORT_SYMBOL(vringh_notify_enable_kern);
1063 
1064 /**
1065  * vringh_notify_disable_kern - don't tell us if something changes.
1066  * @vrh: the vring.
1067  *
1068  * This is our normal running state: we disable and then only enable when
1069  * we're going to sleep.
1070  */
1071 void vringh_notify_disable_kern(struct vringh *vrh)
1072 {
1073 	__vringh_notify_disable(vrh, putu16_kern);
1074 }
1075 EXPORT_SYMBOL(vringh_notify_disable_kern);
1076 
1077 /**
1078  * vringh_need_notify_kern - must we tell the other side about used buffers?
1079  * @vrh: the vring we've called vringh_complete_kern() on.
1080  *
1081  * Returns -errno or 0 if we don't need to tell the other side, 1 if we do.
1082  */
1083 int vringh_need_notify_kern(struct vringh *vrh)
1084 {
1085 	return __vringh_need_notify(vrh, getu16_kern);
1086 }
1087 EXPORT_SYMBOL(vringh_need_notify_kern);
1088 
1089 #if IS_REACHABLE(CONFIG_VHOST_IOTLB)
1090 
1091 static int iotlb_translate(const struct vringh *vrh,
1092 			   u64 addr, u64 len, struct bio_vec iov[],
1093 			   int iov_size, u32 perm)
1094 {
1095 	struct vhost_iotlb_map *map;
1096 	struct vhost_iotlb *iotlb = vrh->iotlb;
1097 	int ret = 0;
1098 	u64 s = 0;
1099 
1100 	spin_lock(vrh->iotlb_lock);
1101 
1102 	while (len > s) {
1103 		u64 size, pa, pfn;
1104 
1105 		if (unlikely(ret >= iov_size)) {
1106 			ret = -ENOBUFS;
1107 			break;
1108 		}
1109 
1110 		map = vhost_iotlb_itree_first(iotlb, addr,
1111 					      addr + len - 1);
1112 		if (!map || map->start > addr) {
1113 			ret = -EINVAL;
1114 			break;
1115 		} else if (!(map->perm & perm)) {
1116 			ret = -EPERM;
1117 			break;
1118 		}
1119 
1120 		size = map->size - addr + map->start;
1121 		pa = map->addr + addr - map->start;
1122 		pfn = pa >> PAGE_SHIFT;
1123 		iov[ret].bv_page = pfn_to_page(pfn);
1124 		iov[ret].bv_len = min(len - s, size);
1125 		iov[ret].bv_offset = pa & (PAGE_SIZE - 1);
1126 		s += size;
1127 		addr += size;
1128 		++ret;
1129 	}
1130 
1131 	spin_unlock(vrh->iotlb_lock);
1132 
1133 	return ret;
1134 }
1135 
1136 static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
1137 				  void *src, size_t len)
1138 {
1139 	struct iov_iter iter;
1140 	struct bio_vec iov[16];
1141 	int ret;
1142 
1143 	ret = iotlb_translate(vrh, (u64)(uintptr_t)src,
1144 			      len, iov, 16, VHOST_MAP_RO);
1145 	if (ret < 0)
1146 		return ret;
1147 
1148 	iov_iter_bvec(&iter, READ, iov, ret, len);
1149 
1150 	ret = copy_from_iter(dst, len, &iter);
1151 
1152 	return ret;
1153 }
1154 
1155 static inline int copy_to_iotlb(const struct vringh *vrh, void *dst,
1156 				void *src, size_t len)
1157 {
1158 	struct iov_iter iter;
1159 	struct bio_vec iov[16];
1160 	int ret;
1161 
1162 	ret = iotlb_translate(vrh, (u64)(uintptr_t)dst,
1163 			      len, iov, 16, VHOST_MAP_WO);
1164 	if (ret < 0)
1165 		return ret;
1166 
1167 	iov_iter_bvec(&iter, WRITE, iov, ret, len);
1168 
1169 	return copy_to_iter(src, len, &iter);
1170 }
1171 
1172 static inline int getu16_iotlb(const struct vringh *vrh,
1173 			       u16 *val, const __virtio16 *p)
1174 {
1175 	struct bio_vec iov;
1176 	void *kaddr, *from;
1177 	int ret;
1178 
1179 	/* Atomic read is needed for getu16 */
1180 	ret = iotlb_translate(vrh, (u64)(uintptr_t)p, sizeof(*p),
1181 			      &iov, 1, VHOST_MAP_RO);
1182 	if (ret < 0)
1183 		return ret;
1184 
1185 	kaddr = kmap_atomic(iov.bv_page);
1186 	from = kaddr + iov.bv_offset;
1187 	*val = vringh16_to_cpu(vrh, READ_ONCE(*(__virtio16 *)from));
1188 	kunmap_atomic(kaddr);
1189 
1190 	return 0;
1191 }
1192 
1193 static inline int putu16_iotlb(const struct vringh *vrh,
1194 			       __virtio16 *p, u16 val)
1195 {
1196 	struct bio_vec iov;
1197 	void *kaddr, *to;
1198 	int ret;
1199 
1200 	/* Atomic write is needed for putu16 */
1201 	ret = iotlb_translate(vrh, (u64)(uintptr_t)p, sizeof(*p),
1202 			      &iov, 1, VHOST_MAP_WO);
1203 	if (ret < 0)
1204 		return ret;
1205 
1206 	kaddr = kmap_atomic(iov.bv_page);
1207 	to = kaddr + iov.bv_offset;
1208 	WRITE_ONCE(*(__virtio16 *)to, cpu_to_vringh16(vrh, val));
1209 	kunmap_atomic(kaddr);
1210 
1211 	return 0;
1212 }
1213 
1214 static inline int copydesc_iotlb(const struct vringh *vrh,
1215 				 void *dst, const void *src, size_t len)
1216 {
1217 	int ret;
1218 
1219 	ret = copy_from_iotlb(vrh, dst, (void *)src, len);
1220 	if (ret != len)
1221 		return -EFAULT;
1222 
1223 	return 0;
1224 }
1225 
1226 static inline int xfer_from_iotlb(const struct vringh *vrh, void *src,
1227 				  void *dst, size_t len)
1228 {
1229 	int ret;
1230 
1231 	ret = copy_from_iotlb(vrh, dst, src, len);
1232 	if (ret != len)
1233 		return -EFAULT;
1234 
1235 	return 0;
1236 }
1237 
1238 static inline int xfer_to_iotlb(const struct vringh *vrh,
1239 			       void *dst, void *src, size_t len)
1240 {
1241 	int ret;
1242 
1243 	ret = copy_to_iotlb(vrh, dst, src, len);
1244 	if (ret != len)
1245 		return -EFAULT;
1246 
1247 	return 0;
1248 }
1249 
1250 static inline int putused_iotlb(const struct vringh *vrh,
1251 				struct vring_used_elem *dst,
1252 				const struct vring_used_elem *src,
1253 				unsigned int num)
1254 {
1255 	int size = num * sizeof(*dst);
1256 	int ret;
1257 
1258 	ret = copy_to_iotlb(vrh, dst, (void *)src, num * sizeof(*dst));
1259 	if (ret != size)
1260 		return -EFAULT;
1261 
1262 	return 0;
1263 }
1264 
1265 /**
1266  * vringh_init_iotlb - initialize a vringh for a ring with IOTLB.
1267  * @vrh: the vringh to initialize.
1268  * @features: the feature bits for this ring.
1269  * @num: the number of elements.
1270  * @weak_barriers: true if we only need memory barriers, not I/O.
1271  * @desc: the userpace descriptor pointer.
1272  * @avail: the userpace avail pointer.
1273  * @used: the userpace used pointer.
1274  *
1275  * Returns an error if num is invalid.
1276  */
1277 int vringh_init_iotlb(struct vringh *vrh, u64 features,
1278 		      unsigned int num, bool weak_barriers,
1279 		      struct vring_desc *desc,
1280 		      struct vring_avail *avail,
1281 		      struct vring_used *used)
1282 {
1283 	return vringh_init_kern(vrh, features, num, weak_barriers,
1284 				desc, avail, used);
1285 }
1286 EXPORT_SYMBOL(vringh_init_iotlb);
1287 
1288 /**
1289  * vringh_set_iotlb - initialize a vringh for a ring with IOTLB.
1290  * @vrh: the vring
1291  * @iotlb: iotlb associated with this vring
1292  * @iotlb_lock: spinlock to synchronize the iotlb accesses
1293  */
1294 void vringh_set_iotlb(struct vringh *vrh, struct vhost_iotlb *iotlb,
1295 		      spinlock_t *iotlb_lock)
1296 {
1297 	vrh->iotlb = iotlb;
1298 	vrh->iotlb_lock = iotlb_lock;
1299 }
1300 EXPORT_SYMBOL(vringh_set_iotlb);
1301 
1302 /**
1303  * vringh_getdesc_iotlb - get next available descriptor from ring with
1304  * IOTLB.
1305  * @vrh: the kernelspace vring.
1306  * @riov: where to put the readable descriptors (or NULL)
1307  * @wiov: where to put the writable descriptors (or NULL)
1308  * @head: head index we received, for passing to vringh_complete_iotlb().
1309  * @gfp: flags for allocating larger riov/wiov.
1310  *
1311  * Returns 0 if there was no descriptor, 1 if there was, or -errno.
1312  *
1313  * Note that on error return, you can tell the difference between an
1314  * invalid ring and a single invalid descriptor: in the former case,
1315  * *head will be vrh->vring.num.  You may be able to ignore an invalid
1316  * descriptor, but there's not much you can do with an invalid ring.
1317  *
1318  * Note that you can reuse riov and wiov with subsequent calls. Content is
1319  * overwritten and memory reallocated if more space is needed.
1320  * When you don't have to use riov and wiov anymore, you should clean up them
1321  * calling vringh_kiov_cleanup() to release the memory, even on error!
1322  */
1323 int vringh_getdesc_iotlb(struct vringh *vrh,
1324 			 struct vringh_kiov *riov,
1325 			 struct vringh_kiov *wiov,
1326 			 u16 *head,
1327 			 gfp_t gfp)
1328 {
1329 	int err;
1330 
1331 	err = __vringh_get_head(vrh, getu16_iotlb, &vrh->last_avail_idx);
1332 	if (err < 0)
1333 		return err;
1334 
1335 	/* Empty... */
1336 	if (err == vrh->vring.num)
1337 		return 0;
1338 
1339 	*head = err;
1340 	err = __vringh_iov(vrh, *head, riov, wiov, no_range_check, NULL,
1341 			   gfp, copydesc_iotlb);
1342 	if (err)
1343 		return err;
1344 
1345 	return 1;
1346 }
1347 EXPORT_SYMBOL(vringh_getdesc_iotlb);
1348 
1349 /**
1350  * vringh_iov_pull_iotlb - copy bytes from vring_iov.
1351  * @vrh: the vring.
1352  * @riov: the riov as passed to vringh_getdesc_iotlb() (updated as we consume)
1353  * @dst: the place to copy.
1354  * @len: the maximum length to copy.
1355  *
1356  * Returns the bytes copied <= len or a negative errno.
1357  */
1358 ssize_t vringh_iov_pull_iotlb(struct vringh *vrh,
1359 			      struct vringh_kiov *riov,
1360 			      void *dst, size_t len)
1361 {
1362 	return vringh_iov_xfer(vrh, riov, dst, len, xfer_from_iotlb);
1363 }
1364 EXPORT_SYMBOL(vringh_iov_pull_iotlb);
1365 
1366 /**
1367  * vringh_iov_push_iotlb - copy bytes into vring_iov.
1368  * @vrh: the vring.
1369  * @wiov: the wiov as passed to vringh_getdesc_iotlb() (updated as we consume)
1370  * @src: the place to copy from.
1371  * @len: the maximum length to copy.
1372  *
1373  * Returns the bytes copied <= len or a negative errno.
1374  */
1375 ssize_t vringh_iov_push_iotlb(struct vringh *vrh,
1376 			      struct vringh_kiov *wiov,
1377 			      const void *src, size_t len)
1378 {
1379 	return vringh_iov_xfer(vrh, wiov, (void *)src, len, xfer_to_iotlb);
1380 }
1381 EXPORT_SYMBOL(vringh_iov_push_iotlb);
1382 
1383 /**
1384  * vringh_abandon_iotlb - we've decided not to handle the descriptor(s).
1385  * @vrh: the vring.
1386  * @num: the number of descriptors to put back (ie. num
1387  *	 vringh_get_iotlb() to undo).
1388  *
1389  * The next vringh_get_iotlb() will return the old descriptor(s) again.
1390  */
1391 void vringh_abandon_iotlb(struct vringh *vrh, unsigned int num)
1392 {
1393 	/* We only update vring_avail_event(vr) when we want to be notified,
1394 	 * so we haven't changed that yet.
1395 	 */
1396 	vrh->last_avail_idx -= num;
1397 }
1398 EXPORT_SYMBOL(vringh_abandon_iotlb);
1399 
1400 /**
1401  * vringh_complete_iotlb - we've finished with descriptor, publish it.
1402  * @vrh: the vring.
1403  * @head: the head as filled in by vringh_getdesc_iotlb.
1404  * @len: the length of data we have written.
1405  *
1406  * You should check vringh_need_notify_iotlb() after one or more calls
1407  * to this function.
1408  */
1409 int vringh_complete_iotlb(struct vringh *vrh, u16 head, u32 len)
1410 {
1411 	struct vring_used_elem used;
1412 
1413 	used.id = cpu_to_vringh32(vrh, head);
1414 	used.len = cpu_to_vringh32(vrh, len);
1415 
1416 	return __vringh_complete(vrh, &used, 1, putu16_iotlb, putused_iotlb);
1417 }
1418 EXPORT_SYMBOL(vringh_complete_iotlb);
1419 
1420 /**
1421  * vringh_notify_enable_iotlb - we want to know if something changes.
1422  * @vrh: the vring.
1423  *
1424  * This always enables notifications, but returns false if there are
1425  * now more buffers available in the vring.
1426  */
1427 bool vringh_notify_enable_iotlb(struct vringh *vrh)
1428 {
1429 	return __vringh_notify_enable(vrh, getu16_iotlb, putu16_iotlb);
1430 }
1431 EXPORT_SYMBOL(vringh_notify_enable_iotlb);
1432 
1433 /**
1434  * vringh_notify_disable_iotlb - don't tell us if something changes.
1435  * @vrh: the vring.
1436  *
1437  * This is our normal running state: we disable and then only enable when
1438  * we're going to sleep.
1439  */
1440 void vringh_notify_disable_iotlb(struct vringh *vrh)
1441 {
1442 	__vringh_notify_disable(vrh, putu16_iotlb);
1443 }
1444 EXPORT_SYMBOL(vringh_notify_disable_iotlb);
1445 
1446 /**
1447  * vringh_need_notify_iotlb - must we tell the other side about used buffers?
1448  * @vrh: the vring we've called vringh_complete_iotlb() on.
1449  *
1450  * Returns -errno or 0 if we don't need to tell the other side, 1 if we do.
1451  */
1452 int vringh_need_notify_iotlb(struct vringh *vrh)
1453 {
1454 	return __vringh_need_notify(vrh, getu16_iotlb);
1455 }
1456 EXPORT_SYMBOL(vringh_need_notify_iotlb);
1457 
1458 #endif
1459 
1460 MODULE_LICENSE("GPL");
1461