1 /* 2 * Virtio crypto Support 3 * 4 * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. 5 * 6 * Authors: 7 * Gonglei <arei.gonglei@huawei.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or 10 * (at your option) any later version. See the COPYING file in the 11 * top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/iov.h" 16 #include "qemu/main-loop.h" 17 #include "qemu/module.h" 18 #include "qapi/error.h" 19 #include "qemu/error-report.h" 20 21 #include "hw/virtio/virtio.h" 22 #include "hw/virtio/virtio-crypto.h" 23 #include "hw/qdev-properties.h" 24 #include "hw/virtio/virtio-access.h" 25 #include "standard-headers/linux/virtio_ids.h" 26 #include "sysemu/cryptodev-vhost.h" 27 28 #define VIRTIO_CRYPTO_VM_VERSION 1 29 30 typedef struct VirtIOCryptoSessionReq { 31 VirtIODevice *vdev; 32 VirtQueue *vq; 33 VirtQueueElement *elem; 34 CryptoDevBackendSessionInfo info; 35 CryptoDevCompletionFunc cb; 36 } VirtIOCryptoSessionReq; 37 38 static void virtio_crypto_free_create_session_req(VirtIOCryptoSessionReq *sreq) 39 { 40 switch (sreq->info.op_code) { 41 case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: 42 g_free(sreq->info.u.sym_sess_info.cipher_key); 43 g_free(sreq->info.u.sym_sess_info.auth_key); 44 break; 45 46 case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: 47 g_free(sreq->info.u.asym_sess_info.key); 48 break; 49 50 case VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION: 51 case VIRTIO_CRYPTO_HASH_DESTROY_SESSION: 52 case VIRTIO_CRYPTO_MAC_DESTROY_SESSION: 53 case VIRTIO_CRYPTO_AEAD_DESTROY_SESSION: 54 case VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION: 55 break; 56 57 default: 58 error_report("Unknown opcode: %u", sreq->info.op_code); 59 } 60 g_free(sreq); 61 } 62 63 /* 64 * Transfer virtqueue index to crypto queue index. 65 * The control virtqueue is after the data virtqueues 66 * so the input value doesn't need to be adjusted 67 */ 68 static inline int virtio_crypto_vq2q(int queue_index) 69 { 70 return queue_index; 71 } 72 73 static int 74 virtio_crypto_cipher_session_helper(VirtIODevice *vdev, 75 CryptoDevBackendSymSessionInfo *info, 76 struct virtio_crypto_cipher_session_para *cipher_para, 77 struct iovec **iov, unsigned int *out_num) 78 { 79 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 80 unsigned int num = *out_num; 81 82 info->cipher_alg = ldl_le_p(&cipher_para->algo); 83 info->key_len = ldl_le_p(&cipher_para->keylen); 84 info->direction = ldl_le_p(&cipher_para->op); 85 DPRINTF("cipher_alg=%" PRIu32 ", info->direction=%" PRIu32 "\n", 86 info->cipher_alg, info->direction); 87 88 if (info->key_len > vcrypto->conf.max_cipher_key_len) { 89 error_report("virtio-crypto length of cipher key is too big: %u", 90 info->key_len); 91 return -VIRTIO_CRYPTO_ERR; 92 } 93 /* Get cipher key */ 94 if (info->key_len > 0) { 95 size_t s; 96 DPRINTF("keylen=%" PRIu32 "\n", info->key_len); 97 98 info->cipher_key = g_malloc(info->key_len); 99 s = iov_to_buf(*iov, num, 0, info->cipher_key, info->key_len); 100 if (unlikely(s != info->key_len)) { 101 virtio_error(vdev, "virtio-crypto cipher key incorrect"); 102 return -EFAULT; 103 } 104 iov_discard_front(iov, &num, info->key_len); 105 *out_num = num; 106 } 107 108 return 0; 109 } 110 111 static int 112 virtio_crypto_create_sym_session(VirtIOCrypto *vcrypto, 113 struct virtio_crypto_sym_create_session_req *sess_req, 114 uint32_t queue_id, 115 uint32_t opcode, 116 struct iovec *iov, unsigned int out_num, 117 VirtIOCryptoSessionReq *sreq) 118 { 119 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 120 CryptoDevBackendSymSessionInfo *sym_info = &sreq->info.u.sym_sess_info; 121 int queue_index; 122 uint32_t op_type; 123 int ret; 124 125 op_type = ldl_le_p(&sess_req->op_type); 126 sreq->info.op_code = opcode; 127 128 sym_info = &sreq->info.u.sym_sess_info; 129 sym_info->op_type = op_type; 130 131 if (op_type == VIRTIO_CRYPTO_SYM_OP_CIPHER) { 132 ret = virtio_crypto_cipher_session_helper(vdev, sym_info, 133 &sess_req->u.cipher.para, 134 &iov, &out_num); 135 if (ret < 0) { 136 return ret; 137 } 138 } else if (op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { 139 size_t s; 140 /* cipher part */ 141 ret = virtio_crypto_cipher_session_helper(vdev, sym_info, 142 &sess_req->u.chain.para.cipher_param, 143 &iov, &out_num); 144 if (ret < 0) { 145 return ret; 146 } 147 /* hash part */ 148 sym_info->alg_chain_order = ldl_le_p( 149 &sess_req->u.chain.para.alg_chain_order); 150 sym_info->add_len = ldl_le_p(&sess_req->u.chain.para.aad_len); 151 sym_info->hash_mode = ldl_le_p(&sess_req->u.chain.para.hash_mode); 152 if (sym_info->hash_mode == VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH) { 153 sym_info->hash_alg = 154 ldl_le_p(&sess_req->u.chain.para.u.mac_param.algo); 155 sym_info->auth_key_len = ldl_le_p( 156 &sess_req->u.chain.para.u.mac_param.auth_key_len); 157 sym_info->hash_result_len = ldl_le_p( 158 &sess_req->u.chain.para.u.mac_param.hash_result_len); 159 if (sym_info->auth_key_len > vcrypto->conf.max_auth_key_len) { 160 error_report("virtio-crypto length of auth key is too big: %u", 161 sym_info->auth_key_len); 162 return -VIRTIO_CRYPTO_ERR; 163 } 164 /* get auth key */ 165 if (sym_info->auth_key_len > 0) { 166 sym_info->auth_key = g_malloc(sym_info->auth_key_len); 167 s = iov_to_buf(iov, out_num, 0, sym_info->auth_key, 168 sym_info->auth_key_len); 169 if (unlikely(s != sym_info->auth_key_len)) { 170 virtio_error(vdev, 171 "virtio-crypto authenticated key incorrect"); 172 return -EFAULT; 173 } 174 iov_discard_front(&iov, &out_num, sym_info->auth_key_len); 175 } 176 } else if (sym_info->hash_mode == VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN) { 177 sym_info->hash_alg = ldl_le_p( 178 &sess_req->u.chain.para.u.hash_param.algo); 179 sym_info->hash_result_len = ldl_le_p( 180 &sess_req->u.chain.para.u.hash_param.hash_result_len); 181 } else { 182 /* VIRTIO_CRYPTO_SYM_HASH_MODE_NESTED */ 183 error_report("unsupported hash mode"); 184 return -VIRTIO_CRYPTO_NOTSUPP; 185 } 186 } else { 187 /* VIRTIO_CRYPTO_SYM_OP_NONE */ 188 error_report("unsupported cipher op_type: VIRTIO_CRYPTO_SYM_OP_NONE"); 189 return -VIRTIO_CRYPTO_NOTSUPP; 190 } 191 192 queue_index = virtio_crypto_vq2q(queue_id); 193 return cryptodev_backend_create_session(vcrypto->cryptodev, &sreq->info, 194 queue_index, sreq->cb, sreq); 195 } 196 197 static int 198 virtio_crypto_create_asym_session(VirtIOCrypto *vcrypto, 199 struct virtio_crypto_akcipher_create_session_req *sess_req, 200 uint32_t queue_id, uint32_t opcode, 201 struct iovec *iov, unsigned int out_num, 202 VirtIOCryptoSessionReq *sreq) 203 { 204 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 205 CryptoDevBackendAsymSessionInfo *asym_info = &sreq->info.u.asym_sess_info; 206 int queue_index; 207 uint32_t algo, keytype, keylen; 208 209 algo = ldl_le_p(&sess_req->para.algo); 210 keytype = ldl_le_p(&sess_req->para.keytype); 211 keylen = ldl_le_p(&sess_req->para.keylen); 212 213 if ((keytype != VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC) 214 && (keytype != VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE)) { 215 error_report("unsupported asym keytype: %d", keytype); 216 return -VIRTIO_CRYPTO_NOTSUPP; 217 } 218 219 if (keylen) { 220 asym_info->key = g_malloc(keylen); 221 if (iov_to_buf(iov, out_num, 0, asym_info->key, keylen) != keylen) { 222 virtio_error(vdev, "virtio-crypto asym key incorrect"); 223 return -EFAULT; 224 } 225 iov_discard_front(&iov, &out_num, keylen); 226 } 227 228 sreq->info.op_code = opcode; 229 asym_info = &sreq->info.u.asym_sess_info; 230 asym_info->algo = algo; 231 asym_info->keytype = keytype; 232 asym_info->keylen = keylen; 233 switch (asym_info->algo) { 234 case VIRTIO_CRYPTO_AKCIPHER_RSA: 235 asym_info->u.rsa.padding_algo = 236 ldl_le_p(&sess_req->para.u.rsa.padding_algo); 237 asym_info->u.rsa.hash_algo = 238 ldl_le_p(&sess_req->para.u.rsa.hash_algo); 239 break; 240 241 /* TODO DSA&ECDSA handling */ 242 243 default: 244 return -VIRTIO_CRYPTO_ERR; 245 } 246 247 queue_index = virtio_crypto_vq2q(queue_id); 248 return cryptodev_backend_create_session(vcrypto->cryptodev, &sreq->info, 249 queue_index, sreq->cb, sreq); 250 } 251 252 static int 253 virtio_crypto_handle_close_session(VirtIOCrypto *vcrypto, 254 struct virtio_crypto_destroy_session_req *close_sess_req, 255 uint32_t queue_id, 256 VirtIOCryptoSessionReq *sreq) 257 { 258 uint64_t session_id; 259 260 session_id = ldq_le_p(&close_sess_req->session_id); 261 DPRINTF("close session, id=%" PRIu64 "\n", session_id); 262 263 return cryptodev_backend_close_session( 264 vcrypto->cryptodev, session_id, queue_id, sreq->cb, sreq); 265 } 266 267 static void virtio_crypto_create_session_completion(void *opaque, int ret) 268 { 269 VirtIOCryptoSessionReq *sreq = (VirtIOCryptoSessionReq *)opaque; 270 VirtQueue *vq = sreq->vq; 271 VirtQueueElement *elem = sreq->elem; 272 VirtIODevice *vdev = sreq->vdev; 273 struct virtio_crypto_session_input input; 274 struct iovec *in_iov = elem->in_sg; 275 unsigned in_num = elem->in_num; 276 size_t s; 277 278 memset(&input, 0, sizeof(input)); 279 /* Serious errors, need to reset virtio crypto device */ 280 if (ret == -EFAULT) { 281 virtqueue_detach_element(vq, elem, 0); 282 goto out; 283 } else if (ret == -VIRTIO_CRYPTO_NOTSUPP) { 284 stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP); 285 } else if (ret == -VIRTIO_CRYPTO_KEY_REJECTED) { 286 stl_le_p(&input.status, VIRTIO_CRYPTO_KEY_REJECTED); 287 } else if (ret != VIRTIO_CRYPTO_OK) { 288 stl_le_p(&input.status, VIRTIO_CRYPTO_ERR); 289 } else { 290 /* Set the session id */ 291 stq_le_p(&input.session_id, sreq->info.session_id); 292 stl_le_p(&input.status, VIRTIO_CRYPTO_OK); 293 } 294 295 s = iov_from_buf(in_iov, in_num, 0, &input, sizeof(input)); 296 if (unlikely(s != sizeof(input))) { 297 virtio_error(vdev, "virtio-crypto input incorrect"); 298 virtqueue_detach_element(vq, elem, 0); 299 goto out; 300 } 301 virtqueue_push(vq, elem, sizeof(input)); 302 virtio_notify(vdev, vq); 303 304 out: 305 g_free(elem); 306 virtio_crypto_free_create_session_req(sreq); 307 } 308 309 static void virtio_crypto_destroy_session_completion(void *opaque, int ret) 310 { 311 VirtIOCryptoSessionReq *sreq = (VirtIOCryptoSessionReq *)opaque; 312 VirtQueue *vq = sreq->vq; 313 VirtQueueElement *elem = sreq->elem; 314 VirtIODevice *vdev = sreq->vdev; 315 struct iovec *in_iov = elem->in_sg; 316 unsigned in_num = elem->in_num; 317 uint8_t status; 318 size_t s; 319 320 if (ret < 0) { 321 status = VIRTIO_CRYPTO_ERR; 322 } else { 323 status = VIRTIO_CRYPTO_OK; 324 } 325 s = iov_from_buf(in_iov, in_num, 0, &status, sizeof(status)); 326 if (unlikely(s != sizeof(status))) { 327 virtio_error(vdev, "virtio-crypto status incorrect"); 328 virtqueue_detach_element(vq, elem, 0); 329 goto out; 330 } 331 virtqueue_push(vq, elem, sizeof(status)); 332 virtio_notify(vdev, vq); 333 334 out: 335 g_free(elem); 336 g_free(sreq); 337 } 338 339 static void virtio_crypto_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 340 { 341 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 342 struct virtio_crypto_op_ctrl_req ctrl; 343 VirtQueueElement *elem; 344 VirtIOCryptoSessionReq *sreq; 345 unsigned out_num; 346 unsigned in_num; 347 uint32_t queue_id; 348 uint32_t opcode; 349 struct virtio_crypto_session_input input; 350 size_t s; 351 int ret; 352 struct iovec *out_iov; 353 struct iovec *in_iov; 354 355 for (;;) { 356 g_autofree struct iovec *out_iov_copy = NULL; 357 358 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 359 if (!elem) { 360 break; 361 } 362 if (elem->out_num < 1 || elem->in_num < 1) { 363 virtio_error(vdev, "virtio-crypto ctrl missing headers"); 364 virtqueue_detach_element(vq, elem, 0); 365 g_free(elem); 366 break; 367 } 368 369 out_num = elem->out_num; 370 out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num); 371 out_iov = out_iov_copy; 372 373 in_num = elem->in_num; 374 in_iov = elem->in_sg; 375 376 if (unlikely(iov_to_buf(out_iov, out_num, 0, &ctrl, sizeof(ctrl)) 377 != sizeof(ctrl))) { 378 virtio_error(vdev, "virtio-crypto request ctrl_hdr too short"); 379 virtqueue_detach_element(vq, elem, 0); 380 g_free(elem); 381 break; 382 } 383 iov_discard_front(&out_iov, &out_num, sizeof(ctrl)); 384 385 opcode = ldl_le_p(&ctrl.header.opcode); 386 queue_id = ldl_le_p(&ctrl.header.queue_id); 387 388 sreq = g_new0(VirtIOCryptoSessionReq, 1); 389 sreq->vdev = vdev; 390 sreq->vq = vq; 391 sreq->elem = elem; 392 393 switch (opcode) { 394 case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: 395 sreq->cb = virtio_crypto_create_session_completion; 396 ret = virtio_crypto_create_sym_session(vcrypto, 397 &ctrl.u.sym_create_session, 398 queue_id, opcode, 399 out_iov, out_num, 400 sreq); 401 if (ret < 0) { 402 virtio_crypto_create_session_completion(sreq, ret); 403 } 404 break; 405 406 case VIRTIO_CRYPTO_AKCIPHER_CREATE_SESSION: 407 sreq->cb = virtio_crypto_create_session_completion; 408 ret = virtio_crypto_create_asym_session(vcrypto, 409 &ctrl.u.akcipher_create_session, 410 queue_id, opcode, 411 out_iov, out_num, 412 sreq); 413 if (ret < 0) { 414 virtio_crypto_create_session_completion(sreq, ret); 415 } 416 break; 417 418 case VIRTIO_CRYPTO_CIPHER_DESTROY_SESSION: 419 case VIRTIO_CRYPTO_HASH_DESTROY_SESSION: 420 case VIRTIO_CRYPTO_MAC_DESTROY_SESSION: 421 case VIRTIO_CRYPTO_AEAD_DESTROY_SESSION: 422 case VIRTIO_CRYPTO_AKCIPHER_DESTROY_SESSION: 423 sreq->cb = virtio_crypto_destroy_session_completion; 424 ret = virtio_crypto_handle_close_session(vcrypto, 425 &ctrl.u.destroy_session, queue_id, 426 sreq); 427 if (ret < 0) { 428 virtio_crypto_destroy_session_completion(sreq, ret); 429 } 430 break; 431 432 case VIRTIO_CRYPTO_HASH_CREATE_SESSION: 433 case VIRTIO_CRYPTO_MAC_CREATE_SESSION: 434 case VIRTIO_CRYPTO_AEAD_CREATE_SESSION: 435 default: 436 memset(&input, 0, sizeof(input)); 437 error_report("virtio-crypto unsupported ctrl opcode: %d", opcode); 438 stl_le_p(&input.status, VIRTIO_CRYPTO_NOTSUPP); 439 s = iov_from_buf(in_iov, in_num, 0, &input, sizeof(input)); 440 if (unlikely(s != sizeof(input))) { 441 virtio_error(vdev, "virtio-crypto input incorrect"); 442 virtqueue_detach_element(vq, elem, 0); 443 } else { 444 virtqueue_push(vq, elem, sizeof(input)); 445 virtio_notify(vdev, vq); 446 } 447 g_free(sreq); 448 g_free(elem); 449 450 break; 451 } /* end switch case */ 452 453 } /* end for loop */ 454 } 455 456 static void virtio_crypto_init_request(VirtIOCrypto *vcrypto, VirtQueue *vq, 457 VirtIOCryptoReq *req) 458 { 459 req->vcrypto = vcrypto; 460 req->vq = vq; 461 req->in = NULL; 462 req->in_iov = NULL; 463 req->in_num = 0; 464 req->in_len = 0; 465 req->flags = QCRYPTODEV_BACKEND_ALG__MAX; 466 memset(&req->op_info, 0x00, sizeof(req->op_info)); 467 } 468 469 static void virtio_crypto_free_request(VirtIOCryptoReq *req) 470 { 471 if (!req) { 472 return; 473 } 474 475 if (req->flags == QCRYPTODEV_BACKEND_ALG_SYM) { 476 size_t max_len; 477 CryptoDevBackendSymOpInfo *op_info = req->op_info.u.sym_op_info; 478 479 max_len = op_info->iv_len + 480 op_info->aad_len + 481 op_info->src_len + 482 op_info->dst_len + 483 op_info->digest_result_len; 484 485 /* Zeroize and free request data structure */ 486 memset(op_info, 0, sizeof(*op_info) + max_len); 487 g_free(op_info); 488 } else if (req->flags == QCRYPTODEV_BACKEND_ALG_ASYM) { 489 CryptoDevBackendAsymOpInfo *op_info = req->op_info.u.asym_op_info; 490 if (op_info) { 491 g_free(op_info->src); 492 g_free(op_info->dst); 493 memset(op_info, 0, sizeof(*op_info)); 494 g_free(op_info); 495 } 496 } 497 498 g_free(req->in_iov); 499 g_free(req); 500 } 501 502 static void 503 virtio_crypto_sym_input_data_helper(VirtIODevice *vdev, 504 VirtIOCryptoReq *req, 505 uint32_t status, 506 CryptoDevBackendSymOpInfo *sym_op_info) 507 { 508 size_t s, len; 509 struct iovec *in_iov = req->in_iov; 510 511 if (status != VIRTIO_CRYPTO_OK) { 512 return; 513 } 514 515 len = sym_op_info->src_len; 516 /* Save the cipher result */ 517 s = iov_from_buf(in_iov, req->in_num, 0, sym_op_info->dst, len); 518 if (s != len) { 519 virtio_error(vdev, "virtio-crypto dest data incorrect"); 520 return; 521 } 522 523 iov_discard_front(&in_iov, &req->in_num, len); 524 525 if (sym_op_info->op_type == 526 VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { 527 /* Save the digest result */ 528 s = iov_from_buf(in_iov, req->in_num, 0, 529 sym_op_info->digest_result, 530 sym_op_info->digest_result_len); 531 if (s != sym_op_info->digest_result_len) { 532 virtio_error(vdev, "virtio-crypto digest result incorrect"); 533 } 534 } 535 } 536 537 static void 538 virtio_crypto_akcipher_input_data_helper(VirtIODevice *vdev, 539 VirtIOCryptoReq *req, int32_t status, 540 CryptoDevBackendAsymOpInfo *asym_op_info) 541 { 542 size_t s, len; 543 struct iovec *in_iov = req->in_iov; 544 545 if (status != VIRTIO_CRYPTO_OK) { 546 return; 547 } 548 549 len = asym_op_info->dst_len; 550 if (!len) { 551 return; 552 } 553 554 s = iov_from_buf(in_iov, req->in_num, 0, asym_op_info->dst, len); 555 if (s != len) { 556 virtio_error(vdev, "virtio-crypto asym dest data incorrect"); 557 return; 558 } 559 560 iov_discard_front(&in_iov, &req->in_num, len); 561 562 /* For akcipher, dst_len may be changed after operation */ 563 req->in_len = sizeof(struct virtio_crypto_inhdr) + asym_op_info->dst_len; 564 } 565 566 static void virtio_crypto_req_complete(void *opaque, int ret) 567 { 568 VirtIOCryptoReq *req = (VirtIOCryptoReq *)opaque; 569 VirtIOCrypto *vcrypto = req->vcrypto; 570 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 571 uint8_t status = -ret; 572 573 if (req->flags == QCRYPTODEV_BACKEND_ALG_SYM) { 574 virtio_crypto_sym_input_data_helper(vdev, req, status, 575 req->op_info.u.sym_op_info); 576 } else if (req->flags == QCRYPTODEV_BACKEND_ALG_ASYM) { 577 virtio_crypto_akcipher_input_data_helper(vdev, req, status, 578 req->op_info.u.asym_op_info); 579 } 580 stb_p(&req->in->status, status); 581 virtqueue_push(req->vq, &req->elem, req->in_len); 582 virtio_notify(vdev, req->vq); 583 virtio_crypto_free_request(req); 584 } 585 586 static VirtIOCryptoReq * 587 virtio_crypto_get_request(VirtIOCrypto *s, VirtQueue *vq) 588 { 589 VirtIOCryptoReq *req = virtqueue_pop(vq, sizeof(VirtIOCryptoReq)); 590 591 if (req) { 592 virtio_crypto_init_request(s, vq, req); 593 } 594 return req; 595 } 596 597 static CryptoDevBackendSymOpInfo * 598 virtio_crypto_sym_op_helper(VirtIODevice *vdev, 599 struct virtio_crypto_cipher_para *cipher_para, 600 struct virtio_crypto_alg_chain_data_para *alg_chain_para, 601 struct iovec *iov, unsigned int out_num) 602 { 603 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 604 CryptoDevBackendSymOpInfo *op_info; 605 uint32_t src_len = 0, dst_len = 0; 606 uint32_t iv_len = 0; 607 uint32_t aad_len = 0, hash_result_len = 0; 608 uint32_t hash_start_src_offset = 0, len_to_hash = 0; 609 uint32_t cipher_start_src_offset = 0, len_to_cipher = 0; 610 611 uint64_t max_len, curr_size = 0; 612 size_t s; 613 614 /* Plain cipher */ 615 if (cipher_para) { 616 iv_len = ldl_le_p(&cipher_para->iv_len); 617 src_len = ldl_le_p(&cipher_para->src_data_len); 618 dst_len = ldl_le_p(&cipher_para->dst_data_len); 619 } else if (alg_chain_para) { /* Algorithm chain */ 620 iv_len = ldl_le_p(&alg_chain_para->iv_len); 621 src_len = ldl_le_p(&alg_chain_para->src_data_len); 622 dst_len = ldl_le_p(&alg_chain_para->dst_data_len); 623 624 aad_len = ldl_le_p(&alg_chain_para->aad_len); 625 hash_result_len = ldl_le_p(&alg_chain_para->hash_result_len); 626 hash_start_src_offset = ldl_le_p( 627 &alg_chain_para->hash_start_src_offset); 628 cipher_start_src_offset = ldl_le_p( 629 &alg_chain_para->cipher_start_src_offset); 630 len_to_cipher = ldl_le_p(&alg_chain_para->len_to_cipher); 631 len_to_hash = ldl_le_p(&alg_chain_para->len_to_hash); 632 } else { 633 return NULL; 634 } 635 636 max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; 637 if (unlikely(max_len > vcrypto->conf.max_size)) { 638 virtio_error(vdev, "virtio-crypto too big length"); 639 return NULL; 640 } 641 642 op_info = g_malloc0(sizeof(CryptoDevBackendSymOpInfo) + max_len); 643 op_info->iv_len = iv_len; 644 op_info->src_len = src_len; 645 op_info->dst_len = dst_len; 646 op_info->aad_len = aad_len; 647 op_info->digest_result_len = hash_result_len; 648 op_info->hash_start_src_offset = hash_start_src_offset; 649 op_info->len_to_hash = len_to_hash; 650 op_info->cipher_start_src_offset = cipher_start_src_offset; 651 op_info->len_to_cipher = len_to_cipher; 652 /* Handle the initilization vector */ 653 if (op_info->iv_len > 0) { 654 DPRINTF("iv_len=%" PRIu32 "\n", op_info->iv_len); 655 op_info->iv = op_info->data + curr_size; 656 657 s = iov_to_buf(iov, out_num, 0, op_info->iv, op_info->iv_len); 658 if (unlikely(s != op_info->iv_len)) { 659 virtio_error(vdev, "virtio-crypto iv incorrect"); 660 goto err; 661 } 662 iov_discard_front(&iov, &out_num, op_info->iv_len); 663 curr_size += op_info->iv_len; 664 } 665 666 /* Handle additional authentication data if exists */ 667 if (op_info->aad_len > 0) { 668 DPRINTF("aad_len=%" PRIu32 "\n", op_info->aad_len); 669 op_info->aad_data = op_info->data + curr_size; 670 671 s = iov_to_buf(iov, out_num, 0, op_info->aad_data, op_info->aad_len); 672 if (unlikely(s != op_info->aad_len)) { 673 virtio_error(vdev, "virtio-crypto additional auth data incorrect"); 674 goto err; 675 } 676 iov_discard_front(&iov, &out_num, op_info->aad_len); 677 678 curr_size += op_info->aad_len; 679 } 680 681 /* Handle the source data */ 682 if (op_info->src_len > 0) { 683 DPRINTF("src_len=%" PRIu32 "\n", op_info->src_len); 684 op_info->src = op_info->data + curr_size; 685 686 s = iov_to_buf(iov, out_num, 0, op_info->src, op_info->src_len); 687 if (unlikely(s != op_info->src_len)) { 688 virtio_error(vdev, "virtio-crypto source data incorrect"); 689 goto err; 690 } 691 iov_discard_front(&iov, &out_num, op_info->src_len); 692 693 curr_size += op_info->src_len; 694 } 695 696 /* Handle the destination data */ 697 op_info->dst = op_info->data + curr_size; 698 curr_size += op_info->dst_len; 699 700 DPRINTF("dst_len=%" PRIu32 "\n", op_info->dst_len); 701 702 /* Handle the hash digest result */ 703 if (hash_result_len > 0) { 704 DPRINTF("hash_result_len=%" PRIu32 "\n", hash_result_len); 705 op_info->digest_result = op_info->data + curr_size; 706 } 707 708 return op_info; 709 710 err: 711 g_free(op_info); 712 return NULL; 713 } 714 715 static int 716 virtio_crypto_handle_sym_req(VirtIOCrypto *vcrypto, 717 struct virtio_crypto_sym_data_req *req, 718 CryptoDevBackendOpInfo *op_info, 719 struct iovec *iov, unsigned int out_num) 720 { 721 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 722 CryptoDevBackendSymOpInfo *sym_op_info; 723 uint32_t op_type; 724 725 op_type = ldl_le_p(&req->op_type); 726 if (op_type == VIRTIO_CRYPTO_SYM_OP_CIPHER) { 727 sym_op_info = virtio_crypto_sym_op_helper(vdev, &req->u.cipher.para, 728 NULL, iov, out_num); 729 if (!sym_op_info) { 730 return -EFAULT; 731 } 732 } else if (op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { 733 sym_op_info = virtio_crypto_sym_op_helper(vdev, NULL, 734 &req->u.chain.para, 735 iov, out_num); 736 if (!sym_op_info) { 737 return -EFAULT; 738 } 739 } else { 740 /* VIRTIO_CRYPTO_SYM_OP_NONE */ 741 error_report("virtio-crypto unsupported cipher type"); 742 return -VIRTIO_CRYPTO_NOTSUPP; 743 } 744 745 sym_op_info->op_type = op_type; 746 op_info->u.sym_op_info = sym_op_info; 747 748 return 0; 749 } 750 751 static int 752 virtio_crypto_handle_asym_req(VirtIOCrypto *vcrypto, 753 struct virtio_crypto_akcipher_data_req *req, 754 CryptoDevBackendOpInfo *op_info, 755 struct iovec *iov, unsigned int out_num) 756 { 757 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 758 CryptoDevBackendAsymOpInfo *asym_op_info; 759 uint32_t src_len; 760 uint32_t dst_len; 761 uint32_t len; 762 uint8_t *src = NULL; 763 uint8_t *dst = NULL; 764 765 asym_op_info = g_new0(CryptoDevBackendAsymOpInfo, 1); 766 src_len = ldl_le_p(&req->para.src_data_len); 767 dst_len = ldl_le_p(&req->para.dst_data_len); 768 769 if (src_len > 0) { 770 src = g_malloc0(src_len); 771 len = iov_to_buf(iov, out_num, 0, src, src_len); 772 if (unlikely(len != src_len)) { 773 virtio_error(vdev, "virtio-crypto asym src data incorrect" 774 "expected %u, actual %u", src_len, len); 775 goto err; 776 } 777 778 iov_discard_front(&iov, &out_num, src_len); 779 } 780 781 if (dst_len > 0) { 782 dst = g_malloc0(dst_len); 783 784 if (op_info->op_code == VIRTIO_CRYPTO_AKCIPHER_VERIFY) { 785 len = iov_to_buf(iov, out_num, 0, dst, dst_len); 786 if (unlikely(len != dst_len)) { 787 virtio_error(vdev, "virtio-crypto asym dst data incorrect" 788 "expected %u, actual %u", dst_len, len); 789 goto err; 790 } 791 792 iov_discard_front(&iov, &out_num, dst_len); 793 } 794 } 795 796 asym_op_info->src_len = src_len; 797 asym_op_info->dst_len = dst_len; 798 asym_op_info->src = src; 799 asym_op_info->dst = dst; 800 op_info->u.asym_op_info = asym_op_info; 801 802 return 0; 803 804 err: 805 g_free(asym_op_info); 806 g_free(src); 807 g_free(dst); 808 809 return -EFAULT; 810 } 811 812 static int 813 virtio_crypto_handle_request(VirtIOCryptoReq *request) 814 { 815 VirtIOCrypto *vcrypto = request->vcrypto; 816 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 817 VirtQueueElement *elem = &request->elem; 818 int queue_index = virtio_crypto_vq2q(virtio_get_queue_index(request->vq)); 819 struct virtio_crypto_op_data_req req; 820 int ret; 821 g_autofree struct iovec *in_iov_copy = NULL; 822 g_autofree struct iovec *out_iov_copy = NULL; 823 struct iovec *in_iov; 824 struct iovec *out_iov; 825 unsigned in_num; 826 unsigned out_num; 827 uint32_t opcode; 828 CryptoDevBackendOpInfo *op_info = &request->op_info; 829 830 if (elem->out_num < 1 || elem->in_num < 1) { 831 virtio_error(vdev, "virtio-crypto dataq missing headers"); 832 return -1; 833 } 834 835 out_num = elem->out_num; 836 out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num); 837 out_iov = out_iov_copy; 838 839 in_num = elem->in_num; 840 in_iov_copy = g_memdup2(elem->in_sg, sizeof(in_iov[0]) * in_num); 841 in_iov = in_iov_copy; 842 843 if (unlikely(iov_to_buf(out_iov, out_num, 0, &req, sizeof(req)) 844 != sizeof(req))) { 845 virtio_error(vdev, "virtio-crypto request outhdr too short"); 846 return -1; 847 } 848 iov_discard_front(&out_iov, &out_num, sizeof(req)); 849 850 if (in_iov[in_num - 1].iov_len < 851 sizeof(struct virtio_crypto_inhdr)) { 852 virtio_error(vdev, "virtio-crypto request inhdr too short"); 853 return -1; 854 } 855 /* We always touch the last byte, so just see how big in_iov is. */ 856 request->in_len = iov_size(in_iov, in_num); 857 request->in = (void *)in_iov[in_num - 1].iov_base 858 + in_iov[in_num - 1].iov_len 859 - sizeof(struct virtio_crypto_inhdr); 860 iov_discard_back(in_iov, &in_num, sizeof(struct virtio_crypto_inhdr)); 861 862 /* 863 * The length of operation result, including dest_data 864 * and digest_result if exists. 865 */ 866 request->in_num = in_num; 867 request->in_iov = in_iov; 868 /* now, we free the in_iov_copy inside virtio_crypto_free_request */ 869 in_iov_copy = NULL; 870 871 opcode = ldl_le_p(&req.header.opcode); 872 op_info->session_id = ldq_le_p(&req.header.session_id); 873 op_info->op_code = opcode; 874 op_info->queue_index = queue_index; 875 op_info->cb = virtio_crypto_req_complete; 876 op_info->opaque = request; 877 878 switch (opcode) { 879 case VIRTIO_CRYPTO_CIPHER_ENCRYPT: 880 case VIRTIO_CRYPTO_CIPHER_DECRYPT: 881 op_info->algtype = request->flags = QCRYPTODEV_BACKEND_ALG_SYM; 882 ret = virtio_crypto_handle_sym_req(vcrypto, 883 &req.u.sym_req, op_info, 884 out_iov, out_num); 885 goto check_result; 886 887 case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT: 888 case VIRTIO_CRYPTO_AKCIPHER_DECRYPT: 889 case VIRTIO_CRYPTO_AKCIPHER_SIGN: 890 case VIRTIO_CRYPTO_AKCIPHER_VERIFY: 891 op_info->algtype = request->flags = QCRYPTODEV_BACKEND_ALG_ASYM; 892 ret = virtio_crypto_handle_asym_req(vcrypto, 893 &req.u.akcipher_req, op_info, 894 out_iov, out_num); 895 896 check_result: 897 /* Serious errors, need to reset virtio crypto device */ 898 if (ret == -EFAULT) { 899 return -1; 900 } else if (ret == -VIRTIO_CRYPTO_NOTSUPP) { 901 virtio_crypto_req_complete(request, -VIRTIO_CRYPTO_NOTSUPP); 902 } else { 903 ret = cryptodev_backend_crypto_operation(vcrypto->cryptodev, 904 op_info); 905 if (ret < 0) { 906 virtio_crypto_req_complete(request, ret); 907 } 908 } 909 break; 910 911 case VIRTIO_CRYPTO_HASH: 912 case VIRTIO_CRYPTO_MAC: 913 case VIRTIO_CRYPTO_AEAD_ENCRYPT: 914 case VIRTIO_CRYPTO_AEAD_DECRYPT: 915 default: 916 error_report("virtio-crypto unsupported dataq opcode: %u", 917 opcode); 918 virtio_crypto_req_complete(request, -VIRTIO_CRYPTO_NOTSUPP); 919 } 920 921 return 0; 922 } 923 924 static void virtio_crypto_handle_dataq(VirtIODevice *vdev, VirtQueue *vq) 925 { 926 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 927 VirtIOCryptoReq *req; 928 929 while ((req = virtio_crypto_get_request(vcrypto, vq))) { 930 if (virtio_crypto_handle_request(req) < 0) { 931 virtqueue_detach_element(req->vq, &req->elem, 0); 932 virtio_crypto_free_request(req); 933 break; 934 } 935 } 936 } 937 938 static void virtio_crypto_dataq_bh(void *opaque) 939 { 940 VirtIOCryptoQueue *q = opaque; 941 VirtIOCrypto *vcrypto = q->vcrypto; 942 VirtIODevice *vdev = VIRTIO_DEVICE(vcrypto); 943 944 /* This happens when device was stopped but BH wasn't. */ 945 if (!vdev->vm_running) { 946 return; 947 } 948 949 /* Just in case the driver is not ready on more */ 950 if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) { 951 return; 952 } 953 954 for (;;) { 955 virtio_crypto_handle_dataq(vdev, q->dataq); 956 virtio_queue_set_notification(q->dataq, 1); 957 958 /* Are we done or did the guest add more buffers? */ 959 if (virtio_queue_empty(q->dataq)) { 960 break; 961 } 962 963 virtio_queue_set_notification(q->dataq, 0); 964 } 965 } 966 967 static void 968 virtio_crypto_handle_dataq_bh(VirtIODevice *vdev, VirtQueue *vq) 969 { 970 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 971 VirtIOCryptoQueue *q = 972 &vcrypto->vqs[virtio_crypto_vq2q(virtio_get_queue_index(vq))]; 973 974 /* This happens when device was stopped but VCPU wasn't. */ 975 if (!vdev->vm_running) { 976 return; 977 } 978 virtio_queue_set_notification(vq, 0); 979 qemu_bh_schedule(q->dataq_bh); 980 } 981 982 static uint64_t virtio_crypto_get_features(VirtIODevice *vdev, 983 uint64_t features, 984 Error **errp) 985 { 986 return features; 987 } 988 989 static void virtio_crypto_reset(VirtIODevice *vdev) 990 { 991 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 992 /* multiqueue is disabled by default */ 993 vcrypto->curr_queues = 1; 994 if (!cryptodev_backend_is_ready(vcrypto->cryptodev)) { 995 vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY; 996 } else { 997 vcrypto->status |= VIRTIO_CRYPTO_S_HW_READY; 998 } 999 } 1000 1001 static uint32_t virtio_crypto_init_services(uint32_t qservices) 1002 { 1003 uint32_t vservices = 0; 1004 1005 if (qservices & (1 << QCRYPTODEV_BACKEND_SERVICE_CIPHER)) { 1006 vservices |= (1 << VIRTIO_CRYPTO_SERVICE_CIPHER); 1007 } 1008 if (qservices & (1 << QCRYPTODEV_BACKEND_SERVICE_HASH)) { 1009 vservices |= (1 << VIRTIO_CRYPTO_SERVICE_HASH); 1010 } 1011 if (qservices & (1 << QCRYPTODEV_BACKEND_SERVICE_MAC)) { 1012 vservices |= (1 << VIRTIO_CRYPTO_SERVICE_MAC); 1013 } 1014 if (qservices & (1 << QCRYPTODEV_BACKEND_SERVICE_AEAD)) { 1015 vservices |= (1 << VIRTIO_CRYPTO_SERVICE_AEAD); 1016 } 1017 if (qservices & (1 << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER)) { 1018 vservices |= (1 << VIRTIO_CRYPTO_SERVICE_AKCIPHER); 1019 } 1020 1021 return vservices; 1022 } 1023 1024 static void virtio_crypto_init_config(VirtIODevice *vdev) 1025 { 1026 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 1027 1028 vcrypto->conf.crypto_services = virtio_crypto_init_services( 1029 vcrypto->conf.cryptodev->conf.crypto_services); 1030 vcrypto->conf.cipher_algo_l = 1031 vcrypto->conf.cryptodev->conf.cipher_algo_l; 1032 vcrypto->conf.cipher_algo_h = 1033 vcrypto->conf.cryptodev->conf.cipher_algo_h; 1034 vcrypto->conf.hash_algo = vcrypto->conf.cryptodev->conf.hash_algo; 1035 vcrypto->conf.mac_algo_l = vcrypto->conf.cryptodev->conf.mac_algo_l; 1036 vcrypto->conf.mac_algo_h = vcrypto->conf.cryptodev->conf.mac_algo_h; 1037 vcrypto->conf.aead_algo = vcrypto->conf.cryptodev->conf.aead_algo; 1038 vcrypto->conf.akcipher_algo = vcrypto->conf.cryptodev->conf.akcipher_algo; 1039 vcrypto->conf.max_cipher_key_len = 1040 vcrypto->conf.cryptodev->conf.max_cipher_key_len; 1041 vcrypto->conf.max_auth_key_len = 1042 vcrypto->conf.cryptodev->conf.max_auth_key_len; 1043 vcrypto->conf.max_size = vcrypto->conf.cryptodev->conf.max_size; 1044 } 1045 1046 static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) 1047 { 1048 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 1049 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); 1050 int i; 1051 1052 vcrypto->cryptodev = vcrypto->conf.cryptodev; 1053 if (vcrypto->cryptodev == NULL) { 1054 error_setg(errp, "'cryptodev' parameter expects a valid object"); 1055 return; 1056 } else if (cryptodev_backend_is_used(vcrypto->cryptodev)) { 1057 error_setg(errp, "can't use already used cryptodev backend: %s", 1058 object_get_canonical_path_component(OBJECT(vcrypto->conf.cryptodev))); 1059 return; 1060 } 1061 1062 vcrypto->max_queues = MAX(vcrypto->cryptodev->conf.peers.queues, 1); 1063 if (vcrypto->max_queues + 1 > VIRTIO_QUEUE_MAX) { 1064 error_setg(errp, "Invalid number of queues (= %" PRIu32 "), " 1065 "must be a positive integer less than %d.", 1066 vcrypto->max_queues, VIRTIO_QUEUE_MAX); 1067 return; 1068 } 1069 1070 virtio_init(vdev, VIRTIO_ID_CRYPTO, vcrypto->config_size); 1071 vcrypto->curr_queues = 1; 1072 vcrypto->vqs = g_new0(VirtIOCryptoQueue, vcrypto->max_queues); 1073 for (i = 0; i < vcrypto->max_queues; i++) { 1074 vcrypto->vqs[i].dataq = 1075 virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); 1076 vcrypto->vqs[i].dataq_bh = 1077 qemu_bh_new(virtio_crypto_dataq_bh, &vcrypto->vqs[i]); 1078 vcrypto->vqs[i].vcrypto = vcrypto; 1079 } 1080 1081 vcrypto->ctrl_vq = virtio_add_queue(vdev, 1024, virtio_crypto_handle_ctrl); 1082 if (!cryptodev_backend_is_ready(vcrypto->cryptodev)) { 1083 vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY; 1084 } else { 1085 vcrypto->status |= VIRTIO_CRYPTO_S_HW_READY; 1086 } 1087 1088 virtio_crypto_init_config(vdev); 1089 cryptodev_backend_set_used(vcrypto->cryptodev, true); 1090 } 1091 1092 static void virtio_crypto_device_unrealize(DeviceState *dev) 1093 { 1094 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 1095 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); 1096 VirtIOCryptoQueue *q; 1097 int i, max_queues; 1098 1099 max_queues = vcrypto->multiqueue ? vcrypto->max_queues : 1; 1100 for (i = 0; i < max_queues; i++) { 1101 virtio_delete_queue(vcrypto->vqs[i].dataq); 1102 q = &vcrypto->vqs[i]; 1103 qemu_bh_delete(q->dataq_bh); 1104 } 1105 1106 g_free(vcrypto->vqs); 1107 virtio_delete_queue(vcrypto->ctrl_vq); 1108 1109 virtio_cleanup(vdev); 1110 cryptodev_backend_set_used(vcrypto->cryptodev, false); 1111 } 1112 1113 static const VMStateDescription vmstate_virtio_crypto = { 1114 .name = "virtio-crypto", 1115 .unmigratable = 1, 1116 .minimum_version_id = VIRTIO_CRYPTO_VM_VERSION, 1117 .version_id = VIRTIO_CRYPTO_VM_VERSION, 1118 .fields = (VMStateField[]) { 1119 VMSTATE_VIRTIO_DEVICE, 1120 VMSTATE_END_OF_LIST() 1121 }, 1122 }; 1123 1124 static Property virtio_crypto_properties[] = { 1125 DEFINE_PROP_LINK("cryptodev", VirtIOCrypto, conf.cryptodev, 1126 TYPE_CRYPTODEV_BACKEND, CryptoDevBackend *), 1127 DEFINE_PROP_END_OF_LIST(), 1128 }; 1129 1130 static void virtio_crypto_get_config(VirtIODevice *vdev, uint8_t *config) 1131 { 1132 VirtIOCrypto *c = VIRTIO_CRYPTO(vdev); 1133 struct virtio_crypto_config crypto_cfg = {}; 1134 1135 /* 1136 * Virtio-crypto device conforms to VIRTIO 1.0 which is always LE, 1137 * so we can use LE accessors directly. 1138 */ 1139 stl_le_p(&crypto_cfg.status, c->status); 1140 stl_le_p(&crypto_cfg.max_dataqueues, c->max_queues); 1141 stl_le_p(&crypto_cfg.crypto_services, c->conf.crypto_services); 1142 stl_le_p(&crypto_cfg.cipher_algo_l, c->conf.cipher_algo_l); 1143 stl_le_p(&crypto_cfg.cipher_algo_h, c->conf.cipher_algo_h); 1144 stl_le_p(&crypto_cfg.hash_algo, c->conf.hash_algo); 1145 stl_le_p(&crypto_cfg.mac_algo_l, c->conf.mac_algo_l); 1146 stl_le_p(&crypto_cfg.mac_algo_h, c->conf.mac_algo_h); 1147 stl_le_p(&crypto_cfg.aead_algo, c->conf.aead_algo); 1148 stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len); 1149 stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len); 1150 stq_le_p(&crypto_cfg.max_size, c->conf.max_size); 1151 stl_le_p(&crypto_cfg.akcipher_algo, c->conf.akcipher_algo); 1152 1153 memcpy(config, &crypto_cfg, c->config_size); 1154 } 1155 1156 static bool virtio_crypto_started(VirtIOCrypto *c, uint8_t status) 1157 { 1158 VirtIODevice *vdev = VIRTIO_DEVICE(c); 1159 return (status & VIRTIO_CONFIG_S_DRIVER_OK) && 1160 (c->status & VIRTIO_CRYPTO_S_HW_READY) && vdev->vm_running; 1161 } 1162 1163 static void virtio_crypto_vhost_status(VirtIOCrypto *c, uint8_t status) 1164 { 1165 VirtIODevice *vdev = VIRTIO_DEVICE(c); 1166 int queues = c->multiqueue ? c->max_queues : 1; 1167 CryptoDevBackend *b = c->cryptodev; 1168 CryptoDevBackendClient *cc = b->conf.peers.ccs[0]; 1169 1170 if (!cryptodev_get_vhost(cc, b, 0)) { 1171 return; 1172 } 1173 1174 if ((virtio_crypto_started(c, status)) == !!c->vhost_started) { 1175 return; 1176 } 1177 1178 if (!c->vhost_started) { 1179 int r; 1180 1181 c->vhost_started = 1; 1182 r = cryptodev_vhost_start(vdev, queues); 1183 if (r < 0) { 1184 error_report("unable to start vhost crypto: %d: " 1185 "falling back on userspace virtio", -r); 1186 c->vhost_started = 0; 1187 } 1188 } else { 1189 cryptodev_vhost_stop(vdev, queues); 1190 c->vhost_started = 0; 1191 } 1192 } 1193 1194 static void virtio_crypto_set_status(VirtIODevice *vdev, uint8_t status) 1195 { 1196 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 1197 1198 virtio_crypto_vhost_status(vcrypto, status); 1199 } 1200 1201 static void virtio_crypto_guest_notifier_mask(VirtIODevice *vdev, int idx, 1202 bool mask) 1203 { 1204 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 1205 int queue = virtio_crypto_vq2q(idx); 1206 1207 assert(vcrypto->vhost_started); 1208 1209 /* 1210 * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1 1211 * as the Marco of configure interrupt's IDX, If this driver does not 1212 * support, the function will return 1213 */ 1214 1215 if (idx == VIRTIO_CONFIG_IRQ_IDX) { 1216 return; 1217 } 1218 cryptodev_vhost_virtqueue_mask(vdev, queue, idx, mask); 1219 } 1220 1221 static bool virtio_crypto_guest_notifier_pending(VirtIODevice *vdev, int idx) 1222 { 1223 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 1224 int queue = virtio_crypto_vq2q(idx); 1225 1226 assert(vcrypto->vhost_started); 1227 1228 /* 1229 * Add the check for configure interrupt, Use VIRTIO_CONFIG_IRQ_IDX -1 1230 * as the Marco of configure interrupt's IDX, If this driver does not 1231 * support, the function will return 1232 */ 1233 1234 if (idx == VIRTIO_CONFIG_IRQ_IDX) { 1235 return false; 1236 } 1237 return cryptodev_vhost_virtqueue_pending(vdev, queue, idx); 1238 } 1239 1240 static struct vhost_dev *virtio_crypto_get_vhost(VirtIODevice *vdev) 1241 { 1242 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); 1243 CryptoDevBackend *b = vcrypto->cryptodev; 1244 CryptoDevBackendClient *cc = b->conf.peers.ccs[0]; 1245 CryptoDevBackendVhost *vhost_crypto = cryptodev_get_vhost(cc, b, 0); 1246 return &vhost_crypto->dev; 1247 } 1248 1249 static void virtio_crypto_class_init(ObjectClass *klass, void *data) 1250 { 1251 DeviceClass *dc = DEVICE_CLASS(klass); 1252 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1253 1254 device_class_set_props(dc, virtio_crypto_properties); 1255 dc->vmsd = &vmstate_virtio_crypto; 1256 set_bit(DEVICE_CATEGORY_MISC, dc->categories); 1257 vdc->realize = virtio_crypto_device_realize; 1258 vdc->unrealize = virtio_crypto_device_unrealize; 1259 vdc->get_config = virtio_crypto_get_config; 1260 vdc->get_features = virtio_crypto_get_features; 1261 vdc->reset = virtio_crypto_reset; 1262 vdc->set_status = virtio_crypto_set_status; 1263 vdc->guest_notifier_mask = virtio_crypto_guest_notifier_mask; 1264 vdc->guest_notifier_pending = virtio_crypto_guest_notifier_pending; 1265 vdc->get_vhost = virtio_crypto_get_vhost; 1266 } 1267 1268 static void virtio_crypto_instance_init(Object *obj) 1269 { 1270 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(obj); 1271 1272 /* 1273 * The default config_size is sizeof(struct virtio_crypto_config). 1274 * Can be overriden with virtio_crypto_set_config_size. 1275 */ 1276 vcrypto->config_size = sizeof(struct virtio_crypto_config); 1277 } 1278 1279 static const TypeInfo virtio_crypto_info = { 1280 .name = TYPE_VIRTIO_CRYPTO, 1281 .parent = TYPE_VIRTIO_DEVICE, 1282 .instance_size = sizeof(VirtIOCrypto), 1283 .instance_init = virtio_crypto_instance_init, 1284 .class_init = virtio_crypto_class_init, 1285 }; 1286 1287 static void virtio_register_types(void) 1288 { 1289 type_register_static(&virtio_crypto_info); 1290 } 1291 1292 type_init(virtio_register_types) 1293