1 /* 2 * Communication channel between QEMU and remote device process 3 * 4 * Copyright © 2018, 2021 Oracle and/or its affiliates. 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 * 9 */ 10 11 #include "qemu/osdep.h" 12 #include "qemu-common.h" 13 14 #include "qemu/module.h" 15 #include "hw/remote/mpqemu-link.h" 16 #include "qapi/error.h" 17 #include "qemu/iov.h" 18 #include "qemu/error-report.h" 19 #include "qemu/main-loop.h" 20 #include "io/channel.h" 21 #include "sysemu/iothread.h" 22 #include "trace.h" 23 24 /* 25 * Send message over the ioc QIOChannel. 26 * This function is safe to call from: 27 * - main loop in co-routine context. Will block the main loop if not in 28 * co-routine context; 29 * - vCPU thread with no co-routine context and if the channel is not part 30 * of the main loop handling; 31 * - IOThread within co-routine context, outside of co-routine context 32 * will block IOThread; 33 * Returns true if no errors were encountered, false otherwise. 34 */ 35 bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp) 36 { 37 ERRP_GUARD(); 38 bool iolock = qemu_mutex_iothread_locked(); 39 bool iothread = qemu_in_iothread(); 40 struct iovec send[2] = {}; 41 int *fds = NULL; 42 size_t nfds = 0; 43 bool ret = false; 44 45 send[0].iov_base = msg; 46 send[0].iov_len = MPQEMU_MSG_HDR_SIZE; 47 48 send[1].iov_base = (void *)&msg->data; 49 send[1].iov_len = msg->size; 50 51 if (msg->num_fds) { 52 nfds = msg->num_fds; 53 fds = msg->fds; 54 } 55 56 /* 57 * Dont use in IOThread out of co-routine context as 58 * it will block IOThread. 59 */ 60 assert(qemu_in_coroutine() || !iothread); 61 62 /* 63 * Skip unlocking/locking iothread lock when the IOThread is running 64 * in co-routine context. Co-routine context is asserted above 65 * for IOThread case. 66 * Also skip lock handling while in a co-routine in the main context. 67 */ 68 if (iolock && !iothread && !qemu_in_coroutine()) { 69 qemu_mutex_unlock_iothread(); 70 } 71 72 if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send), 73 fds, nfds, errp)) { 74 ret = true; 75 } else { 76 trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds); 77 } 78 79 if (iolock && !iothread && !qemu_in_coroutine()) { 80 /* See above comment why skip locking here. */ 81 qemu_mutex_lock_iothread(); 82 } 83 84 return ret; 85 } 86 87 /* 88 * Read message from the ioc QIOChannel. 89 * This function is safe to call from: 90 * - From main loop in co-routine context. Will block the main loop if not in 91 * co-routine context; 92 * - From vCPU thread with no co-routine context and if the channel is not part 93 * of the main loop handling; 94 * - From IOThread within co-routine context, outside of co-routine context 95 * will block IOThread; 96 */ 97 static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds, 98 size_t *nfds, Error **errp) 99 { 100 ERRP_GUARD(); 101 struct iovec iov = { .iov_base = buf, .iov_len = len }; 102 bool iolock = qemu_mutex_iothread_locked(); 103 bool iothread = qemu_in_iothread(); 104 int ret = -1; 105 106 /* 107 * Dont use in IOThread out of co-routine context as 108 * it will block IOThread. 109 */ 110 assert(qemu_in_coroutine() || !iothread); 111 112 if (iolock && !iothread && !qemu_in_coroutine()) { 113 qemu_mutex_unlock_iothread(); 114 } 115 116 ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp); 117 118 if (iolock && !iothread && !qemu_in_coroutine()) { 119 qemu_mutex_lock_iothread(); 120 } 121 122 return (ret <= 0) ? ret : iov.iov_len; 123 } 124 125 bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp) 126 { 127 ERRP_GUARD(); 128 g_autofree int *fds = NULL; 129 size_t nfds = 0; 130 ssize_t len; 131 bool ret = false; 132 133 len = mpqemu_read(ioc, msg, MPQEMU_MSG_HDR_SIZE, &fds, &nfds, errp); 134 if (len <= 0) { 135 goto fail; 136 } else if (len != MPQEMU_MSG_HDR_SIZE) { 137 error_setg(errp, "Message header corrupted"); 138 goto fail; 139 } 140 141 if (msg->size > sizeof(msg->data)) { 142 error_setg(errp, "Invalid size for message"); 143 goto fail; 144 } 145 146 if (!msg->size) { 147 goto copy_fds; 148 } 149 150 len = mpqemu_read(ioc, &msg->data, msg->size, NULL, NULL, errp); 151 if (len <= 0) { 152 goto fail; 153 } 154 if (len != msg->size) { 155 error_setg(errp, "Unable to read full message"); 156 goto fail; 157 } 158 159 copy_fds: 160 msg->num_fds = nfds; 161 if (nfds > G_N_ELEMENTS(msg->fds)) { 162 error_setg(errp, 163 "Overflow error: received %zu fds, more than max of %d fds", 164 nfds, REMOTE_MAX_FDS); 165 goto fail; 166 } 167 if (nfds) { 168 memcpy(msg->fds, fds, nfds * sizeof(int)); 169 } 170 171 ret = true; 172 173 fail: 174 if (*errp) { 175 trace_mpqemu_recv_io_error(msg->cmd, msg->size, nfds); 176 } 177 while (*errp && nfds) { 178 close(fds[nfds - 1]); 179 nfds--; 180 } 181 182 return ret; 183 } 184 185 /* 186 * Send msg and wait for a reply with command code RET_MSG. 187 * Returns the message received of size u64 or UINT64_MAX 188 * on error. 189 * Called from VCPU thread in non-coroutine context. 190 * Used by the Proxy object to communicate to remote processes. 191 */ 192 uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev, 193 Error **errp) 194 { 195 ERRP_GUARD(); 196 MPQemuMsg msg_reply = {0}; 197 uint64_t ret = UINT64_MAX; 198 199 assert(!qemu_in_coroutine()); 200 201 QEMU_LOCK_GUARD(&pdev->io_mutex); 202 if (!mpqemu_msg_send(msg, pdev->ioc, errp)) { 203 return ret; 204 } 205 206 if (!mpqemu_msg_recv(&msg_reply, pdev->ioc, errp)) { 207 return ret; 208 } 209 210 if (!mpqemu_msg_valid(&msg_reply) || msg_reply.cmd != MPQEMU_CMD_RET) { 211 error_setg(errp, "ERROR: Invalid reply received for command %d", 212 msg->cmd); 213 return ret; 214 } 215 216 return msg_reply.data.u64; 217 } 218 219 bool mpqemu_msg_valid(MPQemuMsg *msg) 220 { 221 if (msg->cmd >= MPQEMU_CMD_MAX || msg->cmd < 0) { 222 return false; 223 } 224 225 /* Verify FDs. */ 226 if (msg->num_fds >= REMOTE_MAX_FDS) { 227 return false; 228 } 229 230 if (msg->num_fds > 0) { 231 for (int i = 0; i < msg->num_fds; i++) { 232 if (fcntl(msg->fds[i], F_GETFL) == -1) { 233 return false; 234 } 235 } 236 } 237 238 /* Verify message specific fields. */ 239 switch (msg->cmd) { 240 case MPQEMU_CMD_SYNC_SYSMEM: 241 if (msg->num_fds == 0 || msg->size != sizeof(SyncSysmemMsg)) { 242 return false; 243 } 244 break; 245 case MPQEMU_CMD_PCI_CFGWRITE: 246 case MPQEMU_CMD_PCI_CFGREAD: 247 if (msg->size != sizeof(PciConfDataMsg)) { 248 return false; 249 } 250 break; 251 case MPQEMU_CMD_BAR_WRITE: 252 case MPQEMU_CMD_BAR_READ: 253 if ((msg->size != sizeof(BarAccessMsg)) || (msg->num_fds != 0)) { 254 return false; 255 } 256 break; 257 case MPQEMU_CMD_SET_IRQFD: 258 if (msg->size || (msg->num_fds != 2)) { 259 return false; 260 } 261 break; 262 default: 263 break; 264 } 265 266 return true; 267 } 268