1 /* Simple test of virtio code, entirely in userpsace. */ 2 #define _GNU_SOURCE 3 #include <sched.h> 4 #include <err.h> 5 #include <linux/kernel.h> 6 #include <linux/err.h> 7 #include <linux/virtio.h> 8 #include <linux/vringh.h> 9 #include <linux/virtio_ring.h> 10 #include <linux/uaccess.h> 11 #include <sys/types.h> 12 #include <sys/stat.h> 13 #include <sys/mman.h> 14 #include <sys/wait.h> 15 #include <fcntl.h> 16 17 #define USER_MEM (1024*1024) 18 void *__user_addr_min, *__user_addr_max; 19 void *__kmalloc_fake, *__kfree_ignore_start, *__kfree_ignore_end; 20 static u64 user_addr_offset; 21 22 #define RINGSIZE 256 23 #define ALIGN 4096 24 25 static bool never_notify_host(struct virtqueue *vq) 26 { 27 abort(); 28 } 29 30 static void never_callback_guest(struct virtqueue *vq) 31 { 32 abort(); 33 } 34 35 static bool getrange_iov(struct vringh *vrh, u64 addr, struct vringh_range *r) 36 { 37 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset) 38 return false; 39 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset) 40 return false; 41 42 r->start = (u64)(unsigned long)__user_addr_min - user_addr_offset; 43 r->end_incl = (u64)(unsigned long)__user_addr_max - 1 - user_addr_offset; 44 r->offset = user_addr_offset; 45 return true; 46 } 47 48 /* We return single byte ranges. */ 49 static bool getrange_slow(struct vringh *vrh, u64 addr, struct vringh_range *r) 50 { 51 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset) 52 return false; 53 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset) 54 return false; 55 56 r->start = addr; 57 r->end_incl = r->start; 58 r->offset = user_addr_offset; 59 return true; 60 } 61 62 struct guest_virtio_device { 63 struct virtio_device vdev; 64 int to_host_fd; 65 unsigned long notifies; 66 }; 67 68 static bool parallel_notify_host(struct virtqueue *vq) 69 { 70 int rc; 71 struct guest_virtio_device *gvdev; 72 73 gvdev = container_of(vq->vdev, struct guest_virtio_device, vdev); 74 rc = write(gvdev->to_host_fd, "", 1); 75 if (rc < 0) 76 return false; 77 gvdev->notifies++; 78 return true; 79 } 80 81 static bool no_notify_host(struct virtqueue *vq) 82 { 83 return true; 84 } 85 86 #define NUM_XFERS (10000000) 87 88 /* We aim for two "distant" cpus. */ 89 static void find_cpus(unsigned int *first, unsigned int *last) 90 { 91 unsigned int i; 92 93 *first = -1U; 94 *last = 0; 95 for (i = 0; i < 4096; i++) { 96 cpu_set_t set; 97 CPU_ZERO(&set); 98 CPU_SET(i, &set); 99 if (sched_setaffinity(getpid(), sizeof(set), &set) == 0) { 100 if (i < *first) 101 *first = i; 102 if (i > *last) 103 *last = i; 104 } 105 } 106 } 107 108 /* Opencoded version for fast mode */ 109 static inline int vringh_get_head(struct vringh *vrh, u16 *head) 110 { 111 u16 avail_idx, i; 112 int err; 113 114 err = get_user(avail_idx, &vrh->vring.avail->idx); 115 if (err) 116 return err; 117 118 if (vrh->last_avail_idx == avail_idx) 119 return 0; 120 121 /* Only get avail ring entries after they have been exposed by guest. */ 122 virtio_rmb(vrh->weak_barriers); 123 124 i = vrh->last_avail_idx & (vrh->vring.num - 1); 125 126 err = get_user(*head, &vrh->vring.avail->ring[i]); 127 if (err) 128 return err; 129 130 vrh->last_avail_idx++; 131 return 1; 132 } 133 134 static int parallel_test(unsigned long features, 135 bool (*getrange)(struct vringh *vrh, 136 u64 addr, struct vringh_range *r), 137 bool fast_vringh) 138 { 139 void *host_map, *guest_map; 140 int fd, mapsize, to_guest[2], to_host[2]; 141 unsigned long xfers = 0, notifies = 0, receives = 0; 142 unsigned int first_cpu, last_cpu; 143 cpu_set_t cpu_set; 144 char buf[128]; 145 146 /* Create real file to mmap. */ 147 fd = open("/tmp/vringh_test-file", O_RDWR|O_CREAT|O_TRUNC, 0600); 148 if (fd < 0) 149 err(1, "Opening /tmp/vringh_test-file"); 150 151 /* Extra room at the end for some data, and indirects */ 152 mapsize = vring_size(RINGSIZE, ALIGN) 153 + RINGSIZE * 2 * sizeof(int) 154 + RINGSIZE * 6 * sizeof(struct vring_desc); 155 mapsize = (mapsize + getpagesize() - 1) & ~(getpagesize() - 1); 156 ftruncate(fd, mapsize); 157 158 /* Parent and child use separate addresses, to check our mapping logic! */ 159 host_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 160 guest_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 161 162 pipe(to_guest); 163 pipe(to_host); 164 165 CPU_ZERO(&cpu_set); 166 find_cpus(&first_cpu, &last_cpu); 167 printf("Using CPUS %u and %u\n", first_cpu, last_cpu); 168 fflush(stdout); 169 170 if (fork() != 0) { 171 struct vringh vrh; 172 int status, err, rlen = 0; 173 char rbuf[5]; 174 175 /* We are the host: never access guest addresses! */ 176 munmap(guest_map, mapsize); 177 178 __user_addr_min = host_map; 179 __user_addr_max = __user_addr_min + mapsize; 180 user_addr_offset = host_map - guest_map; 181 assert(user_addr_offset); 182 183 close(to_guest[0]); 184 close(to_host[1]); 185 186 vring_init(&vrh.vring, RINGSIZE, host_map, ALIGN); 187 vringh_init_user(&vrh, features, RINGSIZE, true, 188 vrh.vring.desc, vrh.vring.avail, vrh.vring.used); 189 CPU_SET(first_cpu, &cpu_set); 190 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set)) 191 errx(1, "Could not set affinity to cpu %u", first_cpu); 192 193 while (xfers < NUM_XFERS) { 194 struct iovec host_riov[2], host_wiov[2]; 195 struct vringh_iov riov, wiov; 196 u16 head, written; 197 198 if (fast_vringh) { 199 for (;;) { 200 err = vringh_get_head(&vrh, &head); 201 if (err != 0) 202 break; 203 err = vringh_need_notify_user(&vrh); 204 if (err < 0) 205 errx(1, "vringh_need_notify_user: %i", 206 err); 207 if (err) { 208 write(to_guest[1], "", 1); 209 notifies++; 210 } 211 } 212 if (err != 1) 213 errx(1, "vringh_get_head"); 214 written = 0; 215 goto complete; 216 } else { 217 vringh_iov_init(&riov, 218 host_riov, 219 ARRAY_SIZE(host_riov)); 220 vringh_iov_init(&wiov, 221 host_wiov, 222 ARRAY_SIZE(host_wiov)); 223 224 err = vringh_getdesc_user(&vrh, &riov, &wiov, 225 getrange, &head); 226 } 227 if (err == 0) { 228 err = vringh_need_notify_user(&vrh); 229 if (err < 0) 230 errx(1, "vringh_need_notify_user: %i", 231 err); 232 if (err) { 233 write(to_guest[1], "", 1); 234 notifies++; 235 } 236 237 if (!vringh_notify_enable_user(&vrh)) 238 continue; 239 240 /* Swallow all notifies at once. */ 241 if (read(to_host[0], buf, sizeof(buf)) < 1) 242 break; 243 244 vringh_notify_disable_user(&vrh); 245 receives++; 246 continue; 247 } 248 if (err != 1) 249 errx(1, "vringh_getdesc_user: %i", err); 250 251 /* We simply copy bytes. */ 252 if (riov.used) { 253 rlen = vringh_iov_pull_user(&riov, rbuf, 254 sizeof(rbuf)); 255 if (rlen != 4) 256 errx(1, "vringh_iov_pull_user: %i", 257 rlen); 258 assert(riov.i == riov.used); 259 written = 0; 260 } else { 261 err = vringh_iov_push_user(&wiov, rbuf, rlen); 262 if (err != rlen) 263 errx(1, "vringh_iov_push_user: %i", 264 err); 265 assert(wiov.i == wiov.used); 266 written = err; 267 } 268 complete: 269 xfers++; 270 271 err = vringh_complete_user(&vrh, head, written); 272 if (err != 0) 273 errx(1, "vringh_complete_user: %i", err); 274 } 275 276 err = vringh_need_notify_user(&vrh); 277 if (err < 0) 278 errx(1, "vringh_need_notify_user: %i", err); 279 if (err) { 280 write(to_guest[1], "", 1); 281 notifies++; 282 } 283 wait(&status); 284 if (!WIFEXITED(status)) 285 errx(1, "Child died with signal %i?", WTERMSIG(status)); 286 if (WEXITSTATUS(status) != 0) 287 errx(1, "Child exited %i?", WEXITSTATUS(status)); 288 printf("Host: notified %lu, pinged %lu\n", notifies, receives); 289 return 0; 290 } else { 291 struct guest_virtio_device gvdev; 292 struct virtqueue *vq; 293 unsigned int *data; 294 struct vring_desc *indirects; 295 unsigned int finished = 0; 296 297 /* We pass sg[]s pointing into here, but we need RINGSIZE+1 */ 298 data = guest_map + vring_size(RINGSIZE, ALIGN); 299 indirects = (void *)data + (RINGSIZE + 1) * 2 * sizeof(int); 300 301 /* We are the guest. */ 302 munmap(host_map, mapsize); 303 304 close(to_guest[1]); 305 close(to_host[0]); 306 307 gvdev.vdev.features[0] = features; 308 gvdev.to_host_fd = to_host[1]; 309 gvdev.notifies = 0; 310 311 CPU_SET(first_cpu, &cpu_set); 312 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set)) 313 err(1, "Could not set affinity to cpu %u", first_cpu); 314 315 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &gvdev.vdev, true, 316 guest_map, fast_vringh ? no_notify_host 317 : parallel_notify_host, 318 never_callback_guest, "guest vq"); 319 320 /* Don't kfree indirects. */ 321 __kfree_ignore_start = indirects; 322 __kfree_ignore_end = indirects + RINGSIZE * 6; 323 324 while (xfers < NUM_XFERS) { 325 struct scatterlist sg[4]; 326 unsigned int num_sg, len; 327 int *dbuf, err; 328 bool output = !(xfers % 2); 329 330 /* Consume bufs. */ 331 while ((dbuf = virtqueue_get_buf(vq, &len)) != NULL) { 332 if (len == 4) 333 assert(*dbuf == finished - 1); 334 else if (!fast_vringh) 335 assert(*dbuf == finished); 336 finished++; 337 } 338 339 /* Produce a buffer. */ 340 dbuf = data + (xfers % (RINGSIZE + 1)); 341 342 if (output) 343 *dbuf = xfers; 344 else 345 *dbuf = -1; 346 347 switch ((xfers / sizeof(*dbuf)) % 4) { 348 case 0: 349 /* Nasty three-element sg list. */ 350 sg_init_table(sg, num_sg = 3); 351 sg_set_buf(&sg[0], (void *)dbuf, 1); 352 sg_set_buf(&sg[1], (void *)dbuf + 1, 2); 353 sg_set_buf(&sg[2], (void *)dbuf + 3, 1); 354 break; 355 case 1: 356 sg_init_table(sg, num_sg = 2); 357 sg_set_buf(&sg[0], (void *)dbuf, 1); 358 sg_set_buf(&sg[1], (void *)dbuf + 1, 3); 359 break; 360 case 2: 361 sg_init_table(sg, num_sg = 1); 362 sg_set_buf(&sg[0], (void *)dbuf, 4); 363 break; 364 case 3: 365 sg_init_table(sg, num_sg = 4); 366 sg_set_buf(&sg[0], (void *)dbuf, 1); 367 sg_set_buf(&sg[1], (void *)dbuf + 1, 1); 368 sg_set_buf(&sg[2], (void *)dbuf + 2, 1); 369 sg_set_buf(&sg[3], (void *)dbuf + 3, 1); 370 break; 371 } 372 373 /* May allocate an indirect, so force it to allocate 374 * user addr */ 375 __kmalloc_fake = indirects + (xfers % RINGSIZE) * 4; 376 if (output) 377 err = virtqueue_add_outbuf(vq, sg, num_sg, dbuf, 378 GFP_KERNEL); 379 else 380 err = virtqueue_add_inbuf(vq, sg, num_sg, 381 dbuf, GFP_KERNEL); 382 383 if (err == -ENOSPC) { 384 if (!virtqueue_enable_cb_delayed(vq)) 385 continue; 386 /* Swallow all notifies at once. */ 387 if (read(to_guest[0], buf, sizeof(buf)) < 1) 388 break; 389 390 receives++; 391 virtqueue_disable_cb(vq); 392 continue; 393 } 394 395 if (err) 396 errx(1, "virtqueue_add_in/outbuf: %i", err); 397 398 xfers++; 399 virtqueue_kick(vq); 400 } 401 402 /* Any extra? */ 403 while (finished != xfers) { 404 int *dbuf; 405 unsigned int len; 406 407 /* Consume bufs. */ 408 dbuf = virtqueue_get_buf(vq, &len); 409 if (dbuf) { 410 if (len == 4) 411 assert(*dbuf == finished - 1); 412 else 413 assert(len == 0); 414 finished++; 415 continue; 416 } 417 418 if (!virtqueue_enable_cb_delayed(vq)) 419 continue; 420 if (read(to_guest[0], buf, sizeof(buf)) < 1) 421 break; 422 423 receives++; 424 virtqueue_disable_cb(vq); 425 } 426 427 printf("Guest: notified %lu, pinged %lu\n", 428 gvdev.notifies, receives); 429 vring_del_virtqueue(vq); 430 return 0; 431 } 432 } 433 434 int main(int argc, char *argv[]) 435 { 436 struct virtio_device vdev; 437 struct virtqueue *vq; 438 struct vringh vrh; 439 struct scatterlist guest_sg[RINGSIZE], *sgs[2]; 440 struct iovec host_riov[2], host_wiov[2]; 441 struct vringh_iov riov, wiov; 442 struct vring_used_elem used[RINGSIZE]; 443 char buf[28]; 444 u16 head; 445 int err; 446 unsigned i; 447 void *ret; 448 bool (*getrange)(struct vringh *vrh, u64 addr, struct vringh_range *r); 449 bool fast_vringh = false, parallel = false; 450 451 getrange = getrange_iov; 452 vdev.features[0] = 0; 453 454 while (argv[1]) { 455 if (strcmp(argv[1], "--indirect") == 0) 456 vdev.features[0] |= (1 << VIRTIO_RING_F_INDIRECT_DESC); 457 else if (strcmp(argv[1], "--eventidx") == 0) 458 vdev.features[0] |= (1 << VIRTIO_RING_F_EVENT_IDX); 459 else if (strcmp(argv[1], "--slow-range") == 0) 460 getrange = getrange_slow; 461 else if (strcmp(argv[1], "--fast-vringh") == 0) 462 fast_vringh = true; 463 else if (strcmp(argv[1], "--parallel") == 0) 464 parallel = true; 465 else 466 errx(1, "Unknown arg %s", argv[1]); 467 argv++; 468 } 469 470 if (parallel) 471 return parallel_test(vdev.features[0], getrange, fast_vringh); 472 473 if (posix_memalign(&__user_addr_min, PAGE_SIZE, USER_MEM) != 0) 474 abort(); 475 __user_addr_max = __user_addr_min + USER_MEM; 476 memset(__user_addr_min, 0, vring_size(RINGSIZE, ALIGN)); 477 478 /* Set up guest side. */ 479 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, 480 __user_addr_min, 481 never_notify_host, never_callback_guest, 482 "guest vq"); 483 484 /* Set up host side. */ 485 vring_init(&vrh.vring, RINGSIZE, __user_addr_min, ALIGN); 486 vringh_init_user(&vrh, vdev.features[0], RINGSIZE, true, 487 vrh.vring.desc, vrh.vring.avail, vrh.vring.used); 488 489 /* No descriptor to get yet... */ 490 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 491 if (err != 0) 492 errx(1, "vringh_getdesc_user: %i", err); 493 494 /* Guest puts in a descriptor. */ 495 memcpy(__user_addr_max - 1, "a", 1); 496 sg_init_table(guest_sg, 1); 497 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1); 498 sg_init_table(guest_sg+1, 1); 499 sg_set_buf(&guest_sg[1], __user_addr_max - 3, 2); 500 sgs[0] = &guest_sg[0]; 501 sgs[1] = &guest_sg[1]; 502 503 /* May allocate an indirect, so force it to allocate user addr */ 504 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN); 505 err = virtqueue_add_sgs(vq, sgs, 1, 1, &err, GFP_KERNEL); 506 if (err) 507 errx(1, "virtqueue_add_sgs: %i", err); 508 __kmalloc_fake = NULL; 509 510 /* Host retreives it. */ 511 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 512 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 513 514 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 515 if (err != 1) 516 errx(1, "vringh_getdesc_user: %i", err); 517 518 assert(riov.used == 1); 519 assert(riov.iov[0].iov_base == __user_addr_max - 1); 520 assert(riov.iov[0].iov_len == 1); 521 if (getrange != getrange_slow) { 522 assert(wiov.used == 1); 523 assert(wiov.iov[0].iov_base == __user_addr_max - 3); 524 assert(wiov.iov[0].iov_len == 2); 525 } else { 526 assert(wiov.used == 2); 527 assert(wiov.iov[0].iov_base == __user_addr_max - 3); 528 assert(wiov.iov[0].iov_len == 1); 529 assert(wiov.iov[1].iov_base == __user_addr_max - 2); 530 assert(wiov.iov[1].iov_len == 1); 531 } 532 533 err = vringh_iov_pull_user(&riov, buf, 5); 534 if (err != 1) 535 errx(1, "vringh_iov_pull_user: %i", err); 536 assert(buf[0] == 'a'); 537 assert(riov.i == 1); 538 assert(vringh_iov_pull_user(&riov, buf, 5) == 0); 539 540 memcpy(buf, "bcdef", 5); 541 err = vringh_iov_push_user(&wiov, buf, 5); 542 if (err != 2) 543 errx(1, "vringh_iov_push_user: %i", err); 544 assert(memcmp(__user_addr_max - 3, "bc", 2) == 0); 545 assert(wiov.i == wiov.used); 546 assert(vringh_iov_push_user(&wiov, buf, 5) == 0); 547 548 /* Host is done. */ 549 err = vringh_complete_user(&vrh, head, err); 550 if (err != 0) 551 errx(1, "vringh_complete_user: %i", err); 552 553 /* Guest should see used token now. */ 554 __kfree_ignore_start = __user_addr_min + vring_size(RINGSIZE, ALIGN); 555 __kfree_ignore_end = __kfree_ignore_start + 1; 556 ret = virtqueue_get_buf(vq, &i); 557 if (ret != &err) 558 errx(1, "virtqueue_get_buf: %p", ret); 559 assert(i == 2); 560 561 /* Guest puts in a huge descriptor. */ 562 sg_init_table(guest_sg, RINGSIZE); 563 for (i = 0; i < RINGSIZE; i++) { 564 sg_set_buf(&guest_sg[i], 565 __user_addr_max - USER_MEM/4, USER_MEM/4); 566 } 567 568 /* Fill contents with recognisable garbage. */ 569 for (i = 0; i < USER_MEM/4; i++) 570 ((char *)__user_addr_max - USER_MEM/4)[i] = i; 571 572 /* This will allocate an indirect, so force it to allocate user addr */ 573 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN); 574 err = virtqueue_add_outbuf(vq, guest_sg, RINGSIZE, &err, GFP_KERNEL); 575 if (err) 576 errx(1, "virtqueue_add_outbuf (large): %i", err); 577 __kmalloc_fake = NULL; 578 579 /* Host picks it up (allocates new iov). */ 580 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 581 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 582 583 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 584 if (err != 1) 585 errx(1, "vringh_getdesc_user: %i", err); 586 587 assert(riov.max_num & VRINGH_IOV_ALLOCATED); 588 assert(riov.iov != host_riov); 589 if (getrange != getrange_slow) 590 assert(riov.used == RINGSIZE); 591 else 592 assert(riov.used == RINGSIZE * USER_MEM/4); 593 594 assert(!(wiov.max_num & VRINGH_IOV_ALLOCATED)); 595 assert(wiov.used == 0); 596 597 /* Pull data back out (in odd chunks), should be as expected. */ 598 for (i = 0; i < RINGSIZE * USER_MEM/4; i += 3) { 599 err = vringh_iov_pull_user(&riov, buf, 3); 600 if (err != 3 && i + err != RINGSIZE * USER_MEM/4) 601 errx(1, "vringh_iov_pull_user large: %i", err); 602 assert(buf[0] == (char)i); 603 assert(err < 2 || buf[1] == (char)(i + 1)); 604 assert(err < 3 || buf[2] == (char)(i + 2)); 605 } 606 assert(riov.i == riov.used); 607 vringh_iov_cleanup(&riov); 608 vringh_iov_cleanup(&wiov); 609 610 /* Complete using multi interface, just because we can. */ 611 used[0].id = head; 612 used[0].len = 0; 613 err = vringh_complete_multi_user(&vrh, used, 1); 614 if (err) 615 errx(1, "vringh_complete_multi_user(1): %i", err); 616 617 /* Free up those descriptors. */ 618 ret = virtqueue_get_buf(vq, &i); 619 if (ret != &err) 620 errx(1, "virtqueue_get_buf: %p", ret); 621 622 /* Add lots of descriptors. */ 623 sg_init_table(guest_sg, 1); 624 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1); 625 for (i = 0; i < RINGSIZE; i++) { 626 err = virtqueue_add_outbuf(vq, guest_sg, 1, &err, GFP_KERNEL); 627 if (err) 628 errx(1, "virtqueue_add_outbuf (multiple): %i", err); 629 } 630 631 /* Now get many, and consume them all at once. */ 632 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 633 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 634 635 for (i = 0; i < RINGSIZE; i++) { 636 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 637 if (err != 1) 638 errx(1, "vringh_getdesc_user: %i", err); 639 used[i].id = head; 640 used[i].len = 0; 641 } 642 /* Make sure it wraps around ring, to test! */ 643 assert(vrh.vring.used->idx % RINGSIZE != 0); 644 err = vringh_complete_multi_user(&vrh, used, RINGSIZE); 645 if (err) 646 errx(1, "vringh_complete_multi_user: %i", err); 647 648 /* Free those buffers. */ 649 for (i = 0; i < RINGSIZE; i++) { 650 unsigned len; 651 assert(virtqueue_get_buf(vq, &len) != NULL); 652 } 653 654 /* Test weird (but legal!) indirect. */ 655 if (vdev.features[0] & (1 << VIRTIO_RING_F_INDIRECT_DESC)) { 656 char *data = __user_addr_max - USER_MEM/4; 657 struct vring_desc *d = __user_addr_max - USER_MEM/2; 658 struct vring vring; 659 660 /* Force creation of direct, which we modify. */ 661 vdev.features[0] &= ~(1 << VIRTIO_RING_F_INDIRECT_DESC); 662 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, 663 __user_addr_min, 664 never_notify_host, 665 never_callback_guest, 666 "guest vq"); 667 668 sg_init_table(guest_sg, 4); 669 sg_set_buf(&guest_sg[0], d, sizeof(*d)*2); 670 sg_set_buf(&guest_sg[1], d + 2, sizeof(*d)*1); 671 sg_set_buf(&guest_sg[2], data + 6, 4); 672 sg_set_buf(&guest_sg[3], d + 3, sizeof(*d)*3); 673 674 err = virtqueue_add_outbuf(vq, guest_sg, 4, &err, GFP_KERNEL); 675 if (err) 676 errx(1, "virtqueue_add_outbuf (indirect): %i", err); 677 678 vring_init(&vring, RINGSIZE, __user_addr_min, ALIGN); 679 680 /* They're used in order, but double-check... */ 681 assert(vring.desc[0].addr == (unsigned long)d); 682 assert(vring.desc[1].addr == (unsigned long)(d+2)); 683 assert(vring.desc[2].addr == (unsigned long)data + 6); 684 assert(vring.desc[3].addr == (unsigned long)(d+3)); 685 vring.desc[0].flags |= VRING_DESC_F_INDIRECT; 686 vring.desc[1].flags |= VRING_DESC_F_INDIRECT; 687 vring.desc[3].flags |= VRING_DESC_F_INDIRECT; 688 689 /* First indirect */ 690 d[0].addr = (unsigned long)data; 691 d[0].len = 1; 692 d[0].flags = VRING_DESC_F_NEXT; 693 d[0].next = 1; 694 d[1].addr = (unsigned long)data + 1; 695 d[1].len = 2; 696 d[1].flags = 0; 697 698 /* Second indirect */ 699 d[2].addr = (unsigned long)data + 3; 700 d[2].len = 3; 701 d[2].flags = 0; 702 703 /* Third indirect */ 704 d[3].addr = (unsigned long)data + 10; 705 d[3].len = 5; 706 d[3].flags = VRING_DESC_F_NEXT; 707 d[3].next = 1; 708 d[4].addr = (unsigned long)data + 15; 709 d[4].len = 6; 710 d[4].flags = VRING_DESC_F_NEXT; 711 d[4].next = 2; 712 d[5].addr = (unsigned long)data + 21; 713 d[5].len = 7; 714 d[5].flags = 0; 715 716 /* Host picks it up (allocates new iov). */ 717 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 718 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 719 720 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 721 if (err != 1) 722 errx(1, "vringh_getdesc_user: %i", err); 723 724 if (head != 0) 725 errx(1, "vringh_getdesc_user: head %i not 0", head); 726 727 assert(riov.max_num & VRINGH_IOV_ALLOCATED); 728 if (getrange != getrange_slow) 729 assert(riov.used == 7); 730 else 731 assert(riov.used == 28); 732 err = vringh_iov_pull_user(&riov, buf, 29); 733 assert(err == 28); 734 735 /* Data should be linear. */ 736 for (i = 0; i < err; i++) 737 assert(buf[i] == i); 738 vringh_iov_cleanup(&riov); 739 } 740 741 /* Don't leak memory... */ 742 vring_del_virtqueue(vq); 743 free(__user_addr_min); 744 745 return 0; 746 } 747