xref: /openbmc/qemu/net/vhost-vdpa.c (revision b8116f4c)
1 /*
2  * vhost-vdpa.c
3  *
4  * Copyright(c) 2017-2018 Intel Corporation.
5  * Copyright(c) 2020 Red Hat, Inc.
6  *
7  * This work is licensed under the terms of the GNU GPL, version 2 or later.
8  * See the COPYING file in the top-level directory.
9  *
10  */
11 
12 #include "qemu/osdep.h"
13 #include "clients.h"
14 #include "hw/virtio/virtio-net.h"
15 #include "net/vhost_net.h"
16 #include "net/vhost-vdpa.h"
17 #include "hw/virtio/vhost-vdpa.h"
18 #include "qemu/config-file.h"
19 #include "qemu/error-report.h"
20 #include "qemu/log.h"
21 #include "qemu/memalign.h"
22 #include "qemu/option.h"
23 #include "qapi/error.h"
24 #include <linux/vhost.h>
25 #include <sys/ioctl.h>
26 #include <err.h>
27 #include "standard-headers/linux/virtio_net.h"
28 #include "monitor/monitor.h"
29 #include "migration/misc.h"
30 #include "hw/virtio/vhost.h"
31 #include "trace.h"
32 
33 /* Todo:need to add the multiqueue support here */
34 typedef struct VhostVDPAState {
35     NetClientState nc;
36     struct vhost_vdpa vhost_vdpa;
37     NotifierWithReturn migration_state;
38     VHostNetState *vhost_net;
39 
40     /* Control commands shadow buffers */
41     void *cvq_cmd_out_buffer;
42     virtio_net_ctrl_ack *status;
43 
44     /* The device always have SVQ enabled */
45     bool always_svq;
46 
47     /* The device can isolate CVQ in its own ASID */
48     bool cvq_isolated;
49 
50     bool started;
51 } VhostVDPAState;
52 
53 /*
54  * The array is sorted alphabetically in ascending order,
55  * with the exception of VHOST_INVALID_FEATURE_BIT,
56  * which should always be the last entry.
57  */
58 const int vdpa_feature_bits[] = {
59     VIRTIO_F_ANY_LAYOUT,
60     VIRTIO_F_IOMMU_PLATFORM,
61     VIRTIO_F_NOTIFY_ON_EMPTY,
62     VIRTIO_F_RING_PACKED,
63     VIRTIO_F_RING_RESET,
64     VIRTIO_F_VERSION_1,
65     VIRTIO_NET_F_CSUM,
66     VIRTIO_NET_F_CTRL_GUEST_OFFLOADS,
67     VIRTIO_NET_F_CTRL_MAC_ADDR,
68     VIRTIO_NET_F_CTRL_RX,
69     VIRTIO_NET_F_CTRL_RX_EXTRA,
70     VIRTIO_NET_F_CTRL_VLAN,
71     VIRTIO_NET_F_CTRL_VQ,
72     VIRTIO_NET_F_GSO,
73     VIRTIO_NET_F_GUEST_CSUM,
74     VIRTIO_NET_F_GUEST_ECN,
75     VIRTIO_NET_F_GUEST_TSO4,
76     VIRTIO_NET_F_GUEST_TSO6,
77     VIRTIO_NET_F_GUEST_UFO,
78     VIRTIO_NET_F_GUEST_USO4,
79     VIRTIO_NET_F_GUEST_USO6,
80     VIRTIO_NET_F_HASH_REPORT,
81     VIRTIO_NET_F_HOST_ECN,
82     VIRTIO_NET_F_HOST_TSO4,
83     VIRTIO_NET_F_HOST_TSO6,
84     VIRTIO_NET_F_HOST_UFO,
85     VIRTIO_NET_F_HOST_USO,
86     VIRTIO_NET_F_MQ,
87     VIRTIO_NET_F_MRG_RXBUF,
88     VIRTIO_NET_F_MTU,
89     VIRTIO_NET_F_RSS,
90     VIRTIO_NET_F_STATUS,
91     VIRTIO_RING_F_EVENT_IDX,
92     VIRTIO_RING_F_INDIRECT_DESC,
93 
94     /* VHOST_INVALID_FEATURE_BIT should always be the last entry */
95     VHOST_INVALID_FEATURE_BIT
96 };
97 
98 /** Supported device specific feature bits with SVQ */
99 static const uint64_t vdpa_svq_device_features =
100     BIT_ULL(VIRTIO_NET_F_CSUM) |
101     BIT_ULL(VIRTIO_NET_F_GUEST_CSUM) |
102     BIT_ULL(VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) |
103     BIT_ULL(VIRTIO_NET_F_MTU) |
104     BIT_ULL(VIRTIO_NET_F_MAC) |
105     BIT_ULL(VIRTIO_NET_F_GUEST_TSO4) |
106     BIT_ULL(VIRTIO_NET_F_GUEST_TSO6) |
107     BIT_ULL(VIRTIO_NET_F_GUEST_ECN) |
108     BIT_ULL(VIRTIO_NET_F_GUEST_UFO) |
109     BIT_ULL(VIRTIO_NET_F_HOST_TSO4) |
110     BIT_ULL(VIRTIO_NET_F_HOST_TSO6) |
111     BIT_ULL(VIRTIO_NET_F_HOST_ECN) |
112     BIT_ULL(VIRTIO_NET_F_HOST_UFO) |
113     BIT_ULL(VIRTIO_NET_F_MRG_RXBUF) |
114     BIT_ULL(VIRTIO_NET_F_STATUS) |
115     BIT_ULL(VIRTIO_NET_F_CTRL_VQ) |
116     BIT_ULL(VIRTIO_NET_F_CTRL_RX) |
117     BIT_ULL(VIRTIO_NET_F_CTRL_VLAN) |
118     BIT_ULL(VIRTIO_NET_F_CTRL_RX_EXTRA) |
119     BIT_ULL(VIRTIO_NET_F_MQ) |
120     BIT_ULL(VIRTIO_F_ANY_LAYOUT) |
121     BIT_ULL(VIRTIO_NET_F_CTRL_MAC_ADDR) |
122     /* VHOST_F_LOG_ALL is exposed by SVQ */
123     BIT_ULL(VHOST_F_LOG_ALL) |
124     BIT_ULL(VIRTIO_NET_F_HASH_REPORT) |
125     BIT_ULL(VIRTIO_NET_F_RSS) |
126     BIT_ULL(VIRTIO_NET_F_RSC_EXT) |
127     BIT_ULL(VIRTIO_NET_F_STANDBY) |
128     BIT_ULL(VIRTIO_NET_F_SPEED_DUPLEX);
129 
130 #define VHOST_VDPA_NET_CVQ_ASID 1
131 
132 VHostNetState *vhost_vdpa_get_vhost_net(NetClientState *nc)
133 {
134     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
135     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
136     return s->vhost_net;
137 }
138 
139 static size_t vhost_vdpa_net_cvq_cmd_len(void)
140 {
141     /*
142      * MAC_TABLE_SET is the ctrl command that produces the longer out buffer.
143      * In buffer is always 1 byte, so it should fit here
144      */
145     return sizeof(struct virtio_net_ctrl_hdr) +
146            2 * sizeof(struct virtio_net_ctrl_mac) +
147            MAC_TABLE_ENTRIES * ETH_ALEN;
148 }
149 
150 static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
151 {
152     return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), qemu_real_host_page_size());
153 }
154 
155 static bool vhost_vdpa_net_valid_svq_features(uint64_t features, Error **errp)
156 {
157     uint64_t invalid_dev_features =
158         features & ~vdpa_svq_device_features &
159         /* Transport are all accepted at this point */
160         ~MAKE_64BIT_MASK(VIRTIO_TRANSPORT_F_START,
161                          VIRTIO_TRANSPORT_F_END - VIRTIO_TRANSPORT_F_START);
162 
163     if (invalid_dev_features) {
164         error_setg(errp, "vdpa svq does not work with features 0x%" PRIx64,
165                    invalid_dev_features);
166         return false;
167     }
168 
169     return vhost_svq_valid_features(features, errp);
170 }
171 
172 static int vhost_vdpa_net_check_device_id(struct vhost_net *net)
173 {
174     uint32_t device_id;
175     int ret;
176     struct vhost_dev *hdev;
177 
178     hdev = (struct vhost_dev *)&net->dev;
179     ret = hdev->vhost_ops->vhost_get_device_id(hdev, &device_id);
180     if (device_id != VIRTIO_ID_NET) {
181         return -ENOTSUP;
182     }
183     return ret;
184 }
185 
186 static int vhost_vdpa_add(NetClientState *ncs, void *be,
187                           int queue_pair_index, int nvqs)
188 {
189     VhostNetOptions options;
190     struct vhost_net *net = NULL;
191     VhostVDPAState *s;
192     int ret;
193 
194     options.backend_type = VHOST_BACKEND_TYPE_VDPA;
195     assert(ncs->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
196     s = DO_UPCAST(VhostVDPAState, nc, ncs);
197     options.net_backend = ncs;
198     options.opaque      = be;
199     options.busyloop_timeout = 0;
200     options.nvqs = nvqs;
201 
202     net = vhost_net_init(&options);
203     if (!net) {
204         error_report("failed to init vhost_net for queue");
205         goto err_init;
206     }
207     s->vhost_net = net;
208     ret = vhost_vdpa_net_check_device_id(net);
209     if (ret) {
210         goto err_check;
211     }
212     return 0;
213 err_check:
214     vhost_net_cleanup(net);
215     g_free(net);
216 err_init:
217     return -1;
218 }
219 
220 static void vhost_vdpa_cleanup(NetClientState *nc)
221 {
222     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
223 
224     /*
225      * If a peer NIC is attached, do not cleanup anything.
226      * Cleanup will happen as a part of qemu_cleanup() -> net_cleanup()
227      * when the guest is shutting down.
228      */
229     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_NIC) {
230         return;
231     }
232     munmap(s->cvq_cmd_out_buffer, vhost_vdpa_net_cvq_cmd_page_len());
233     munmap(s->status, vhost_vdpa_net_cvq_cmd_page_len());
234     if (s->vhost_net) {
235         vhost_net_cleanup(s->vhost_net);
236         g_free(s->vhost_net);
237         s->vhost_net = NULL;
238     }
239     if (s->vhost_vdpa.index != 0) {
240         return;
241     }
242     qemu_close(s->vhost_vdpa.shared->device_fd);
243     g_free(s->vhost_vdpa.shared);
244 }
245 
246 /** Dummy SetSteeringEBPF to support RSS for vhost-vdpa backend  */
247 static bool vhost_vdpa_set_steering_ebpf(NetClientState *nc, int prog_fd)
248 {
249     return true;
250 }
251 
252 static bool vhost_vdpa_has_vnet_hdr(NetClientState *nc)
253 {
254     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
255 
256     return true;
257 }
258 
259 static bool vhost_vdpa_has_ufo(NetClientState *nc)
260 {
261     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
262     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
263     uint64_t features = 0;
264     features |= (1ULL << VIRTIO_NET_F_HOST_UFO);
265     features = vhost_net_get_features(s->vhost_net, features);
266     return !!(features & (1ULL << VIRTIO_NET_F_HOST_UFO));
267 
268 }
269 
270 static bool vhost_vdpa_check_peer_type(NetClientState *nc, ObjectClass *oc,
271                                        Error **errp)
272 {
273     const char *driver = object_class_get_name(oc);
274 
275     if (!g_str_has_prefix(driver, "virtio-net-")) {
276         error_setg(errp, "vhost-vdpa requires frontend driver virtio-net-*");
277         return false;
278     }
279 
280     return true;
281 }
282 
283 /** Dummy receive in case qemu falls back to userland tap networking */
284 static ssize_t vhost_vdpa_receive(NetClientState *nc, const uint8_t *buf,
285                                   size_t size)
286 {
287     return size;
288 }
289 
290 
291 /** From any vdpa net client, get the netclient of the i-th queue pair */
292 static VhostVDPAState *vhost_vdpa_net_get_nc_vdpa(VhostVDPAState *s, int i)
293 {
294     NICState *nic = qemu_get_nic(s->nc.peer);
295     NetClientState *nc_i = qemu_get_peer(nic->ncs, i);
296 
297     return DO_UPCAST(VhostVDPAState, nc, nc_i);
298 }
299 
300 static VhostVDPAState *vhost_vdpa_net_first_nc_vdpa(VhostVDPAState *s)
301 {
302     return vhost_vdpa_net_get_nc_vdpa(s, 0);
303 }
304 
305 static void vhost_vdpa_net_log_global_enable(VhostVDPAState *s, bool enable)
306 {
307     struct vhost_vdpa *v = &s->vhost_vdpa;
308     VirtIONet *n;
309     VirtIODevice *vdev;
310     int data_queue_pairs, cvq, r;
311 
312     /* We are only called on the first data vqs and only if x-svq is not set */
313     if (s->vhost_vdpa.shadow_vqs_enabled == enable) {
314         return;
315     }
316 
317     vdev = v->dev->vdev;
318     n = VIRTIO_NET(vdev);
319     if (!n->vhost_started) {
320         return;
321     }
322 
323     data_queue_pairs = n->multiqueue ? n->max_queue_pairs : 1;
324     cvq = virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ) ?
325                                   n->max_ncs - n->max_queue_pairs : 0;
326     v->shared->svq_switching = enable ?
327         SVQ_TSTATE_ENABLING : SVQ_TSTATE_DISABLING;
328     /*
329      * TODO: vhost_net_stop does suspend, get_base and reset. We can be smarter
330      * in the future and resume the device if read-only operations between
331      * suspend and reset goes wrong.
332      */
333     vhost_net_stop(vdev, n->nic->ncs, data_queue_pairs, cvq);
334 
335     /* Start will check migration setup_or_active to configure or not SVQ */
336     r = vhost_net_start(vdev, n->nic->ncs, data_queue_pairs, cvq);
337     if (unlikely(r < 0)) {
338         error_report("unable to start vhost net: %s(%d)", g_strerror(-r), -r);
339     }
340     v->shared->svq_switching = SVQ_TSTATE_DONE;
341 }
342 
343 static int vdpa_net_migration_state_notifier(NotifierWithReturn *notifier,
344                                              MigrationEvent *e, Error **errp)
345 {
346     VhostVDPAState *s = container_of(notifier, VhostVDPAState, migration_state);
347 
348     if (e->type == MIG_EVENT_PRECOPY_SETUP) {
349         vhost_vdpa_net_log_global_enable(s, true);
350     } else if (e->type == MIG_EVENT_PRECOPY_FAILED) {
351         vhost_vdpa_net_log_global_enable(s, false);
352     }
353     return 0;
354 }
355 
356 static void vhost_vdpa_net_data_start_first(VhostVDPAState *s)
357 {
358     struct vhost_vdpa *v = &s->vhost_vdpa;
359 
360     migration_add_notifier(&s->migration_state,
361                            vdpa_net_migration_state_notifier);
362     if (v->shadow_vqs_enabled) {
363         v->shared->iova_tree = vhost_iova_tree_new(v->shared->iova_range.first,
364                                                    v->shared->iova_range.last);
365     }
366 }
367 
368 static int vhost_vdpa_net_data_start(NetClientState *nc)
369 {
370     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
371     struct vhost_vdpa *v = &s->vhost_vdpa;
372 
373     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
374 
375     if (s->always_svq ||
376         migration_is_setup_or_active()) {
377         v->shadow_vqs_enabled = true;
378     } else {
379         v->shadow_vqs_enabled = false;
380     }
381 
382     if (v->index == 0) {
383         v->shared->shadow_data = v->shadow_vqs_enabled;
384         vhost_vdpa_net_data_start_first(s);
385         return 0;
386     }
387 
388     return 0;
389 }
390 
391 static int vhost_vdpa_net_data_load(NetClientState *nc)
392 {
393     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
394     struct vhost_vdpa *v = &s->vhost_vdpa;
395     bool has_cvq = v->dev->vq_index_end % 2;
396 
397     if (has_cvq) {
398         return 0;
399     }
400 
401     for (int i = 0; i < v->dev->nvqs; ++i) {
402         vhost_vdpa_set_vring_ready(v, i + v->dev->vq_index);
403     }
404     return 0;
405 }
406 
407 static void vhost_vdpa_net_client_stop(NetClientState *nc)
408 {
409     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
410     struct vhost_dev *dev;
411 
412     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
413 
414     if (s->vhost_vdpa.index == 0) {
415         migration_remove_notifier(&s->migration_state);
416     }
417 
418     dev = s->vhost_vdpa.dev;
419     if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
420         g_clear_pointer(&s->vhost_vdpa.shared->iova_tree,
421                         vhost_iova_tree_delete);
422     }
423 }
424 
425 static NetClientInfo net_vhost_vdpa_info = {
426         .type = NET_CLIENT_DRIVER_VHOST_VDPA,
427         .size = sizeof(VhostVDPAState),
428         .receive = vhost_vdpa_receive,
429         .start = vhost_vdpa_net_data_start,
430         .load = vhost_vdpa_net_data_load,
431         .stop = vhost_vdpa_net_client_stop,
432         .cleanup = vhost_vdpa_cleanup,
433         .has_vnet_hdr = vhost_vdpa_has_vnet_hdr,
434         .has_ufo = vhost_vdpa_has_ufo,
435         .check_peer_type = vhost_vdpa_check_peer_type,
436         .set_steering_ebpf = vhost_vdpa_set_steering_ebpf,
437 };
438 
439 static int64_t vhost_vdpa_get_vring_group(int device_fd, unsigned vq_index,
440                                           Error **errp)
441 {
442     struct vhost_vring_state state = {
443         .index = vq_index,
444     };
445     int r = ioctl(device_fd, VHOST_VDPA_GET_VRING_GROUP, &state);
446 
447     if (unlikely(r < 0)) {
448         r = -errno;
449         error_setg_errno(errp, errno, "Cannot get VQ %u group", vq_index);
450         return r;
451     }
452 
453     return state.num;
454 }
455 
456 static int vhost_vdpa_set_address_space_id(struct vhost_vdpa *v,
457                                            unsigned vq_group,
458                                            unsigned asid_num)
459 {
460     struct vhost_vring_state asid = {
461         .index = vq_group,
462         .num = asid_num,
463     };
464     int r;
465 
466     trace_vhost_vdpa_set_address_space_id(v, vq_group, asid_num);
467 
468     r = ioctl(v->shared->device_fd, VHOST_VDPA_SET_GROUP_ASID, &asid);
469     if (unlikely(r < 0)) {
470         error_report("Can't set vq group %u asid %u, errno=%d (%s)",
471                      asid.index, asid.num, errno, g_strerror(errno));
472     }
473     return r;
474 }
475 
476 static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)
477 {
478     VhostIOVATree *tree = v->shared->iova_tree;
479     DMAMap needle = {
480         /*
481          * No need to specify size or to look for more translations since
482          * this contiguous chunk was allocated by us.
483          */
484         .translated_addr = (hwaddr)(uintptr_t)addr,
485     };
486     const DMAMap *map = vhost_iova_tree_find_iova(tree, &needle);
487     int r;
488 
489     if (unlikely(!map)) {
490         error_report("Cannot locate expected map");
491         return;
492     }
493 
494     r = vhost_vdpa_dma_unmap(v->shared, v->address_space_id, map->iova,
495                              map->size + 1);
496     if (unlikely(r != 0)) {
497         error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
498     }
499 
500     vhost_iova_tree_remove(tree, *map);
501 }
502 
503 /** Map CVQ buffer. */
504 static int vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v, void *buf, size_t size,
505                                   bool write)
506 {
507     DMAMap map = {};
508     int r;
509 
510     map.translated_addr = (hwaddr)(uintptr_t)buf;
511     map.size = size - 1;
512     map.perm = write ? IOMMU_RW : IOMMU_RO,
513     r = vhost_iova_tree_map_alloc(v->shared->iova_tree, &map);
514     if (unlikely(r != IOVA_OK)) {
515         error_report("Cannot map injected element");
516         return r;
517     }
518 
519     r = vhost_vdpa_dma_map(v->shared, v->address_space_id, map.iova,
520                            vhost_vdpa_net_cvq_cmd_page_len(), buf, !write);
521     if (unlikely(r < 0)) {
522         goto dma_map_err;
523     }
524 
525     return 0;
526 
527 dma_map_err:
528     vhost_iova_tree_remove(v->shared->iova_tree, map);
529     return r;
530 }
531 
532 static int vhost_vdpa_net_cvq_start(NetClientState *nc)
533 {
534     VhostVDPAState *s, *s0;
535     struct vhost_vdpa *v;
536     int64_t cvq_group;
537     int r;
538     Error *err = NULL;
539 
540     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
541 
542     s = DO_UPCAST(VhostVDPAState, nc, nc);
543     v = &s->vhost_vdpa;
544 
545     s0 = vhost_vdpa_net_first_nc_vdpa(s);
546     v->shadow_vqs_enabled = s0->vhost_vdpa.shadow_vqs_enabled;
547     s->vhost_vdpa.address_space_id = VHOST_VDPA_GUEST_PA_ASID;
548 
549     if (v->shared->shadow_data) {
550         /* SVQ is already configured for all virtqueues */
551         goto out;
552     }
553 
554     /*
555      * If we early return in these cases SVQ will not be enabled. The migration
556      * will be blocked as long as vhost-vdpa backends will not offer _F_LOG.
557      */
558     if (!vhost_vdpa_net_valid_svq_features(v->dev->features, NULL)) {
559         return 0;
560     }
561 
562     if (!s->cvq_isolated) {
563         return 0;
564     }
565 
566     cvq_group = vhost_vdpa_get_vring_group(v->shared->device_fd,
567                                            v->dev->vq_index_end - 1,
568                                            &err);
569     if (unlikely(cvq_group < 0)) {
570         error_report_err(err);
571         return cvq_group;
572     }
573 
574     r = vhost_vdpa_set_address_space_id(v, cvq_group, VHOST_VDPA_NET_CVQ_ASID);
575     if (unlikely(r < 0)) {
576         return r;
577     }
578 
579     v->shadow_vqs_enabled = true;
580     s->vhost_vdpa.address_space_id = VHOST_VDPA_NET_CVQ_ASID;
581 
582 out:
583     if (!s->vhost_vdpa.shadow_vqs_enabled) {
584         return 0;
585     }
586 
587     /*
588      * If other vhost_vdpa already have an iova_tree, reuse it for simplicity,
589      * whether CVQ shares ASID with guest or not, because:
590      * - Memory listener need access to guest's memory addresses allocated in
591      *   the IOVA tree.
592      * - There should be plenty of IOVA address space for both ASID not to
593      *   worry about collisions between them.  Guest's translations are still
594      *   validated with virtio virtqueue_pop so there is no risk for the guest
595      *   to access memory that it shouldn't.
596      *
597      * To allocate a iova tree per ASID is doable but it complicates the code
598      * and it is not worth it for the moment.
599      */
600     if (!v->shared->iova_tree) {
601         v->shared->iova_tree = vhost_iova_tree_new(v->shared->iova_range.first,
602                                                    v->shared->iova_range.last);
603     }
604 
605     r = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer,
606                                vhost_vdpa_net_cvq_cmd_page_len(), false);
607     if (unlikely(r < 0)) {
608         return r;
609     }
610 
611     r = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, s->status,
612                                vhost_vdpa_net_cvq_cmd_page_len(), true);
613     if (unlikely(r < 0)) {
614         vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer);
615     }
616 
617     return r;
618 }
619 
620 static void vhost_vdpa_net_cvq_stop(NetClientState *nc)
621 {
622     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
623 
624     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
625 
626     if (s->vhost_vdpa.shadow_vqs_enabled) {
627         vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer);
628         vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->status);
629     }
630 
631     vhost_vdpa_net_client_stop(nc);
632 }
633 
634 static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s,
635                                     const struct iovec *out_sg, size_t out_num,
636                                     const struct iovec *in_sg, size_t in_num)
637 {
638     VhostShadowVirtqueue *svq = g_ptr_array_index(s->vhost_vdpa.shadow_vqs, 0);
639     int r;
640 
641     r = vhost_svq_add(svq, out_sg, out_num, in_sg, in_num, NULL);
642     if (unlikely(r != 0)) {
643         if (unlikely(r == -ENOSPC)) {
644             qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
645                           __func__);
646         }
647     }
648 
649     return r;
650 }
651 
652 /*
653  * Convenience wrapper to poll SVQ for multiple control commands.
654  *
655  * Caller should hold the BQL when invoking this function, and should take
656  * the answer before SVQ pulls by itself when BQL is released.
657  */
658 static ssize_t vhost_vdpa_net_svq_poll(VhostVDPAState *s, size_t cmds_in_flight)
659 {
660     VhostShadowVirtqueue *svq = g_ptr_array_index(s->vhost_vdpa.shadow_vqs, 0);
661     return vhost_svq_poll(svq, cmds_in_flight);
662 }
663 
664 static void vhost_vdpa_net_load_cursor_reset(VhostVDPAState *s,
665                                              struct iovec *out_cursor,
666                                              struct iovec *in_cursor)
667 {
668     /* reset the cursor of the output buffer for the device */
669     out_cursor->iov_base = s->cvq_cmd_out_buffer;
670     out_cursor->iov_len = vhost_vdpa_net_cvq_cmd_page_len();
671 
672     /* reset the cursor of the in buffer for the device */
673     in_cursor->iov_base = s->status;
674     in_cursor->iov_len = vhost_vdpa_net_cvq_cmd_page_len();
675 }
676 
677 /*
678  * Poll SVQ for multiple pending control commands and check the device's ack.
679  *
680  * Caller should hold the BQL when invoking this function.
681  *
682  * @s: The VhostVDPAState
683  * @len: The length of the pending status shadow buffer
684  */
685 static ssize_t vhost_vdpa_net_svq_flush(VhostVDPAState *s, size_t len)
686 {
687     /* device uses a one-byte length ack for each control command */
688     ssize_t dev_written = vhost_vdpa_net_svq_poll(s, len);
689     if (unlikely(dev_written != len)) {
690         return -EIO;
691     }
692 
693     /* check the device's ack */
694     for (int i = 0; i < len; ++i) {
695         if (s->status[i] != VIRTIO_NET_OK) {
696             return -EIO;
697         }
698     }
699     return 0;
700 }
701 
702 static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s,
703                                        struct iovec *out_cursor,
704                                        struct iovec *in_cursor, uint8_t class,
705                                        uint8_t cmd, const struct iovec *data_sg,
706                                        size_t data_num)
707 {
708     const struct virtio_net_ctrl_hdr ctrl = {
709         .class = class,
710         .cmd = cmd,
711     };
712     size_t data_size = iov_size(data_sg, data_num), cmd_size;
713     struct iovec out, in;
714     ssize_t r;
715     unsigned dummy_cursor_iov_cnt;
716     VhostShadowVirtqueue *svq = g_ptr_array_index(s->vhost_vdpa.shadow_vqs, 0);
717 
718     assert(data_size < vhost_vdpa_net_cvq_cmd_page_len() - sizeof(ctrl));
719     cmd_size = sizeof(ctrl) + data_size;
720     trace_vhost_vdpa_net_load_cmd(s, class, cmd, data_num, data_size);
721     if (vhost_svq_available_slots(svq) < 2 ||
722         iov_size(out_cursor, 1) < cmd_size) {
723         /*
724          * It is time to flush all pending control commands if SVQ is full
725          * or control commands shadow buffers are full.
726          *
727          * We can poll here since we've had BQL from the time
728          * we sent the descriptor.
729          */
730         r = vhost_vdpa_net_svq_flush(s, in_cursor->iov_base -
731                                      (void *)s->status);
732         if (unlikely(r < 0)) {
733             return r;
734         }
735 
736         vhost_vdpa_net_load_cursor_reset(s, out_cursor, in_cursor);
737     }
738 
739     /* pack the CVQ command header */
740     iov_from_buf(out_cursor, 1, 0, &ctrl, sizeof(ctrl));
741     /* pack the CVQ command command-specific-data */
742     iov_to_buf(data_sg, data_num, 0,
743                out_cursor->iov_base + sizeof(ctrl), data_size);
744 
745     /* extract the required buffer from the cursor for output */
746     iov_copy(&out, 1, out_cursor, 1, 0, cmd_size);
747     /* extract the required buffer from the cursor for input */
748     iov_copy(&in, 1, in_cursor, 1, 0, sizeof(*s->status));
749 
750     r = vhost_vdpa_net_cvq_add(s, &out, 1, &in, 1);
751     if (unlikely(r < 0)) {
752         trace_vhost_vdpa_net_load_cmd_retval(s, class, cmd, r);
753         return r;
754     }
755 
756     /* iterate the cursors */
757     dummy_cursor_iov_cnt = 1;
758     iov_discard_front(&out_cursor, &dummy_cursor_iov_cnt, cmd_size);
759     dummy_cursor_iov_cnt = 1;
760     iov_discard_front(&in_cursor, &dummy_cursor_iov_cnt, sizeof(*s->status));
761 
762     return 0;
763 }
764 
765 static int vhost_vdpa_net_load_mac(VhostVDPAState *s, const VirtIONet *n,
766                                    struct iovec *out_cursor,
767                                    struct iovec *in_cursor)
768 {
769     if (virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_CTRL_MAC_ADDR)) {
770         const struct iovec data = {
771             .iov_base = (void *)n->mac,
772             .iov_len = sizeof(n->mac),
773         };
774         ssize_t r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
775                                             VIRTIO_NET_CTRL_MAC,
776                                             VIRTIO_NET_CTRL_MAC_ADDR_SET,
777                                             &data, 1);
778         if (unlikely(r < 0)) {
779             return r;
780         }
781     }
782 
783     /*
784      * According to VirtIO standard, "The device MUST have an
785      * empty MAC filtering table on reset.".
786      *
787      * Therefore, there is no need to send this CVQ command if the
788      * driver also sets an empty MAC filter table, which aligns with
789      * the device's defaults.
790      *
791      * Note that the device's defaults can mismatch the driver's
792      * configuration only at live migration.
793      */
794     if (!virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_CTRL_RX) ||
795         n->mac_table.in_use == 0) {
796         return 0;
797     }
798 
799     uint32_t uni_entries = n->mac_table.first_multi,
800              uni_macs_size = uni_entries * ETH_ALEN,
801              mul_entries = n->mac_table.in_use - uni_entries,
802              mul_macs_size = mul_entries * ETH_ALEN;
803     struct virtio_net_ctrl_mac uni = {
804         .entries = cpu_to_le32(uni_entries),
805     };
806     struct virtio_net_ctrl_mac mul = {
807         .entries = cpu_to_le32(mul_entries),
808     };
809     const struct iovec data[] = {
810         {
811             .iov_base = &uni,
812             .iov_len = sizeof(uni),
813         }, {
814             .iov_base = n->mac_table.macs,
815             .iov_len = uni_macs_size,
816         }, {
817             .iov_base = &mul,
818             .iov_len = sizeof(mul),
819         }, {
820             .iov_base = &n->mac_table.macs[uni_macs_size],
821             .iov_len = mul_macs_size,
822         },
823     };
824     ssize_t r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
825                                         VIRTIO_NET_CTRL_MAC,
826                                         VIRTIO_NET_CTRL_MAC_TABLE_SET,
827                                         data, ARRAY_SIZE(data));
828     if (unlikely(r < 0)) {
829         return r;
830     }
831 
832     return 0;
833 }
834 
835 static int vhost_vdpa_net_load_rss(VhostVDPAState *s, const VirtIONet *n,
836                                    struct iovec *out_cursor,
837                                    struct iovec *in_cursor, bool do_rss)
838 {
839     struct virtio_net_rss_config cfg = {};
840     ssize_t r;
841     g_autofree uint16_t *table = NULL;
842 
843     /*
844      * According to VirtIO standard, "Initially the device has all hash
845      * types disabled and reports only VIRTIO_NET_HASH_REPORT_NONE.".
846      *
847      * Therefore, there is no need to send this CVQ command if the
848      * driver disables the all hash types, which aligns with
849      * the device's defaults.
850      *
851      * Note that the device's defaults can mismatch the driver's
852      * configuration only at live migration.
853      */
854     if (!n->rss_data.enabled ||
855         n->rss_data.hash_types == VIRTIO_NET_HASH_REPORT_NONE) {
856         return 0;
857     }
858 
859     table = g_malloc_n(n->rss_data.indirections_len,
860                        sizeof(n->rss_data.indirections_table[0]));
861     cfg.hash_types = cpu_to_le32(n->rss_data.hash_types);
862 
863     if (do_rss) {
864         /*
865          * According to VirtIO standard, "Number of entries in indirection_table
866          * is (indirection_table_mask + 1)".
867          */
868         cfg.indirection_table_mask = cpu_to_le16(n->rss_data.indirections_len -
869                                                  1);
870         cfg.unclassified_queue = cpu_to_le16(n->rss_data.default_queue);
871         for (int i = 0; i < n->rss_data.indirections_len; ++i) {
872             table[i] = cpu_to_le16(n->rss_data.indirections_table[i]);
873         }
874         cfg.max_tx_vq = cpu_to_le16(n->curr_queue_pairs);
875     } else {
876         /*
877          * According to VirtIO standard, "Field reserved MUST contain zeroes.
878          * It is defined to make the structure to match the layout of
879          * virtio_net_rss_config structure, defined in 5.1.6.5.7.".
880          *
881          * Therefore, we need to zero the fields in
882          * struct virtio_net_rss_config, which corresponds to the
883          * `reserved` field in struct virtio_net_hash_config.
884          *
885          * Note that all other fields are zeroed at their definitions,
886          * except for the `indirection_table` field, where the actual data
887          * is stored in the `table` variable to ensure compatibility
888          * with RSS case. Therefore, we need to zero the `table` variable here.
889          */
890         table[0] = 0;
891     }
892 
893     /*
894      * Considering that virtio_net_handle_rss() currently does not restore
895      * the hash key length parsed from the CVQ command sent from the guest
896      * into n->rss_data and uses the maximum key length in other code, so
897      * we also employ the maximum key length here.
898      */
899     cfg.hash_key_length = sizeof(n->rss_data.key);
900 
901     const struct iovec data[] = {
902         {
903             .iov_base = &cfg,
904             .iov_len = offsetof(struct virtio_net_rss_config,
905                                 indirection_table),
906         }, {
907             .iov_base = table,
908             .iov_len = n->rss_data.indirections_len *
909                        sizeof(n->rss_data.indirections_table[0]),
910         }, {
911             .iov_base = &cfg.max_tx_vq,
912             .iov_len = offsetof(struct virtio_net_rss_config, hash_key_data) -
913                        offsetof(struct virtio_net_rss_config, max_tx_vq),
914         }, {
915             .iov_base = (void *)n->rss_data.key,
916             .iov_len = sizeof(n->rss_data.key),
917         }
918     };
919 
920     r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
921                                 VIRTIO_NET_CTRL_MQ,
922                                 do_rss ? VIRTIO_NET_CTRL_MQ_RSS_CONFIG :
923                                 VIRTIO_NET_CTRL_MQ_HASH_CONFIG,
924                                 data, ARRAY_SIZE(data));
925     if (unlikely(r < 0)) {
926         return r;
927     }
928 
929     return 0;
930 }
931 
932 static int vhost_vdpa_net_load_mq(VhostVDPAState *s,
933                                   const VirtIONet *n,
934                                   struct iovec *out_cursor,
935                                   struct iovec *in_cursor)
936 {
937     struct virtio_net_ctrl_mq mq;
938     ssize_t r;
939 
940     if (!virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_MQ)) {
941         return 0;
942     }
943 
944     trace_vhost_vdpa_net_load_mq(s, n->curr_queue_pairs);
945 
946     mq.virtqueue_pairs = cpu_to_le16(n->curr_queue_pairs);
947     const struct iovec data = {
948         .iov_base = &mq,
949         .iov_len = sizeof(mq),
950     };
951     r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
952                                 VIRTIO_NET_CTRL_MQ,
953                                 VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET,
954                                 &data, 1);
955     if (unlikely(r < 0)) {
956         return r;
957     }
958 
959     if (virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_RSS)) {
960         /* load the receive-side scaling state */
961         r = vhost_vdpa_net_load_rss(s, n, out_cursor, in_cursor, true);
962         if (unlikely(r < 0)) {
963             return r;
964         }
965     } else if (virtio_vdev_has_feature(&n->parent_obj,
966                                        VIRTIO_NET_F_HASH_REPORT)) {
967         /* load the hash calculation state */
968         r = vhost_vdpa_net_load_rss(s, n, out_cursor, in_cursor, false);
969         if (unlikely(r < 0)) {
970             return r;
971         }
972     }
973 
974     return 0;
975 }
976 
977 static int vhost_vdpa_net_load_offloads(VhostVDPAState *s,
978                                         const VirtIONet *n,
979                                         struct iovec *out_cursor,
980                                         struct iovec *in_cursor)
981 {
982     uint64_t offloads;
983     ssize_t r;
984 
985     if (!virtio_vdev_has_feature(&n->parent_obj,
986                                  VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
987         return 0;
988     }
989 
990     if (n->curr_guest_offloads == virtio_net_supported_guest_offloads(n)) {
991         /*
992          * According to VirtIO standard, "Upon feature negotiation
993          * corresponding offload gets enabled to preserve
994          * backward compatibility.".
995          *
996          * Therefore, there is no need to send this CVQ command if the
997          * driver also enables all supported offloads, which aligns with
998          * the device's defaults.
999          *
1000          * Note that the device's defaults can mismatch the driver's
1001          * configuration only at live migration.
1002          */
1003         return 0;
1004     }
1005 
1006     offloads = cpu_to_le64(n->curr_guest_offloads);
1007     const struct iovec data = {
1008         .iov_base = &offloads,
1009         .iov_len = sizeof(offloads),
1010     };
1011     r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
1012                                 VIRTIO_NET_CTRL_GUEST_OFFLOADS,
1013                                 VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET,
1014                                 &data, 1);
1015     if (unlikely(r < 0)) {
1016         return r;
1017     }
1018 
1019     return 0;
1020 }
1021 
1022 static int vhost_vdpa_net_load_rx_mode(VhostVDPAState *s,
1023                                        struct iovec *out_cursor,
1024                                        struct iovec *in_cursor,
1025                                        uint8_t cmd,
1026                                        uint8_t on)
1027 {
1028     const struct iovec data = {
1029         .iov_base = &on,
1030         .iov_len = sizeof(on),
1031     };
1032     ssize_t r;
1033 
1034     r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
1035                                 VIRTIO_NET_CTRL_RX, cmd, &data, 1);
1036     if (unlikely(r < 0)) {
1037         return r;
1038     }
1039 
1040     return 0;
1041 }
1042 
1043 static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
1044                                   const VirtIONet *n,
1045                                   struct iovec *out_cursor,
1046                                   struct iovec *in_cursor)
1047 {
1048     ssize_t r;
1049 
1050     if (!virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_CTRL_RX)) {
1051         return 0;
1052     }
1053 
1054     /*
1055      * According to virtio_net_reset(), device turns promiscuous mode
1056      * on by default.
1057      *
1058      * Additionally, according to VirtIO standard, "Since there are
1059      * no guarantees, it can use a hash filter or silently switch to
1060      * allmulti or promiscuous mode if it is given too many addresses.".
1061      * QEMU marks `n->mac_table.uni_overflow` if guest sets too many
1062      * non-multicast MAC addresses, indicating that promiscuous mode
1063      * should be enabled.
1064      *
1065      * Therefore, QEMU should only send this CVQ command if the
1066      * `n->mac_table.uni_overflow` is not marked and `n->promisc` is off,
1067      * which sets promiscuous mode on, different from the device's defaults.
1068      *
1069      * Note that the device's defaults can mismatch the driver's
1070      * configuration only at live migration.
1071      */
1072     if (!n->mac_table.uni_overflow && !n->promisc) {
1073         r = vhost_vdpa_net_load_rx_mode(s, out_cursor, in_cursor,
1074                                         VIRTIO_NET_CTRL_RX_PROMISC, 0);
1075         if (unlikely(r < 0)) {
1076             return r;
1077         }
1078     }
1079 
1080     /*
1081      * According to virtio_net_reset(), device turns all-multicast mode
1082      * off by default.
1083      *
1084      * According to VirtIO standard, "Since there are no guarantees,
1085      * it can use a hash filter or silently switch to allmulti or
1086      * promiscuous mode if it is given too many addresses.". QEMU marks
1087      * `n->mac_table.multi_overflow` if guest sets too many
1088      * non-multicast MAC addresses.
1089      *
1090      * Therefore, QEMU should only send this CVQ command if the
1091      * `n->mac_table.multi_overflow` is marked or `n->allmulti` is on,
1092      * which sets all-multicast mode on, different from the device's defaults.
1093      *
1094      * Note that the device's defaults can mismatch the driver's
1095      * configuration only at live migration.
1096      */
1097     if (n->mac_table.multi_overflow || n->allmulti) {
1098         r = vhost_vdpa_net_load_rx_mode(s, out_cursor, in_cursor,
1099                                         VIRTIO_NET_CTRL_RX_ALLMULTI, 1);
1100         if (unlikely(r < 0)) {
1101             return r;
1102         }
1103     }
1104 
1105     if (!virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_CTRL_RX_EXTRA)) {
1106         return 0;
1107     }
1108 
1109     /*
1110      * According to virtio_net_reset(), device turns all-unicast mode
1111      * off by default.
1112      *
1113      * Therefore, QEMU should only send this CVQ command if the driver
1114      * sets all-unicast mode on, different from the device's defaults.
1115      *
1116      * Note that the device's defaults can mismatch the driver's
1117      * configuration only at live migration.
1118      */
1119     if (n->alluni) {
1120         r = vhost_vdpa_net_load_rx_mode(s, out_cursor, in_cursor,
1121                                         VIRTIO_NET_CTRL_RX_ALLUNI, 1);
1122         if (r < 0) {
1123             return r;
1124         }
1125     }
1126 
1127     /*
1128      * According to virtio_net_reset(), device turns non-multicast mode
1129      * off by default.
1130      *
1131      * Therefore, QEMU should only send this CVQ command if the driver
1132      * sets non-multicast mode on, different from the device's defaults.
1133      *
1134      * Note that the device's defaults can mismatch the driver's
1135      * configuration only at live migration.
1136      */
1137     if (n->nomulti) {
1138         r = vhost_vdpa_net_load_rx_mode(s, out_cursor, in_cursor,
1139                                         VIRTIO_NET_CTRL_RX_NOMULTI, 1);
1140         if (r < 0) {
1141             return r;
1142         }
1143     }
1144 
1145     /*
1146      * According to virtio_net_reset(), device turns non-unicast mode
1147      * off by default.
1148      *
1149      * Therefore, QEMU should only send this CVQ command if the driver
1150      * sets non-unicast mode on, different from the device's defaults.
1151      *
1152      * Note that the device's defaults can mismatch the driver's
1153      * configuration only at live migration.
1154      */
1155     if (n->nouni) {
1156         r = vhost_vdpa_net_load_rx_mode(s, out_cursor, in_cursor,
1157                                         VIRTIO_NET_CTRL_RX_NOUNI, 1);
1158         if (r < 0) {
1159             return r;
1160         }
1161     }
1162 
1163     /*
1164      * According to virtio_net_reset(), device turns non-broadcast mode
1165      * off by default.
1166      *
1167      * Therefore, QEMU should only send this CVQ command if the driver
1168      * sets non-broadcast mode on, different from the device's defaults.
1169      *
1170      * Note that the device's defaults can mismatch the driver's
1171      * configuration only at live migration.
1172      */
1173     if (n->nobcast) {
1174         r = vhost_vdpa_net_load_rx_mode(s, out_cursor, in_cursor,
1175                                         VIRTIO_NET_CTRL_RX_NOBCAST, 1);
1176         if (r < 0) {
1177             return r;
1178         }
1179     }
1180 
1181     return 0;
1182 }
1183 
1184 static int vhost_vdpa_net_load_single_vlan(VhostVDPAState *s,
1185                                            const VirtIONet *n,
1186                                            struct iovec *out_cursor,
1187                                            struct iovec *in_cursor,
1188                                            uint16_t vid)
1189 {
1190     const struct iovec data = {
1191         .iov_base = &vid,
1192         .iov_len = sizeof(vid),
1193     };
1194     ssize_t r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
1195                                         VIRTIO_NET_CTRL_VLAN,
1196                                         VIRTIO_NET_CTRL_VLAN_ADD,
1197                                         &data, 1);
1198     if (unlikely(r < 0)) {
1199         return r;
1200     }
1201 
1202     return 0;
1203 }
1204 
1205 static int vhost_vdpa_net_load_vlan(VhostVDPAState *s,
1206                                     const VirtIONet *n,
1207                                     struct iovec *out_cursor,
1208                                     struct iovec *in_cursor)
1209 {
1210     int r;
1211 
1212     if (!virtio_vdev_has_feature(&n->parent_obj, VIRTIO_NET_F_CTRL_VLAN)) {
1213         return 0;
1214     }
1215 
1216     for (int i = 0; i < MAX_VLAN >> 5; i++) {
1217         for (int j = 0; n->vlans[i] && j <= 0x1f; j++) {
1218             if (n->vlans[i] & (1U << j)) {
1219                 r = vhost_vdpa_net_load_single_vlan(s, n, out_cursor,
1220                                                     in_cursor, (i << 5) + j);
1221                 if (unlikely(r != 0)) {
1222                     return r;
1223                 }
1224             }
1225         }
1226     }
1227 
1228     return 0;
1229 }
1230 
1231 static int vhost_vdpa_net_cvq_load(NetClientState *nc)
1232 {
1233     VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
1234     struct vhost_vdpa *v = &s->vhost_vdpa;
1235     const VirtIONet *n;
1236     int r;
1237     struct iovec out_cursor, in_cursor;
1238 
1239     assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
1240 
1241     vhost_vdpa_set_vring_ready(v, v->dev->vq_index);
1242 
1243     if (v->shadow_vqs_enabled) {
1244         n = VIRTIO_NET(v->dev->vdev);
1245         vhost_vdpa_net_load_cursor_reset(s, &out_cursor, &in_cursor);
1246         r = vhost_vdpa_net_load_mac(s, n, &out_cursor, &in_cursor);
1247         if (unlikely(r < 0)) {
1248             return r;
1249         }
1250         r = vhost_vdpa_net_load_mq(s, n, &out_cursor, &in_cursor);
1251         if (unlikely(r)) {
1252             return r;
1253         }
1254         r = vhost_vdpa_net_load_offloads(s, n, &out_cursor, &in_cursor);
1255         if (unlikely(r)) {
1256             return r;
1257         }
1258         r = vhost_vdpa_net_load_rx(s, n, &out_cursor, &in_cursor);
1259         if (unlikely(r)) {
1260             return r;
1261         }
1262         r = vhost_vdpa_net_load_vlan(s, n, &out_cursor, &in_cursor);
1263         if (unlikely(r)) {
1264             return r;
1265         }
1266 
1267         /*
1268          * We need to poll and check all pending device's used buffers.
1269          *
1270          * We can poll here since we've had BQL from the time
1271          * we sent the descriptor.
1272          */
1273         r = vhost_vdpa_net_svq_flush(s, in_cursor.iov_base - (void *)s->status);
1274         if (unlikely(r)) {
1275             return r;
1276         }
1277     }
1278 
1279     for (int i = 0; i < v->dev->vq_index; ++i) {
1280         vhost_vdpa_set_vring_ready(v, i);
1281     }
1282 
1283     return 0;
1284 }
1285 
1286 static NetClientInfo net_vhost_vdpa_cvq_info = {
1287     .type = NET_CLIENT_DRIVER_VHOST_VDPA,
1288     .size = sizeof(VhostVDPAState),
1289     .receive = vhost_vdpa_receive,
1290     .start = vhost_vdpa_net_cvq_start,
1291     .load = vhost_vdpa_net_cvq_load,
1292     .stop = vhost_vdpa_net_cvq_stop,
1293     .cleanup = vhost_vdpa_cleanup,
1294     .has_vnet_hdr = vhost_vdpa_has_vnet_hdr,
1295     .has_ufo = vhost_vdpa_has_ufo,
1296     .check_peer_type = vhost_vdpa_check_peer_type,
1297     .set_steering_ebpf = vhost_vdpa_set_steering_ebpf,
1298 };
1299 
1300 /*
1301  * Forward the excessive VIRTIO_NET_CTRL_MAC_TABLE_SET CVQ command to
1302  * vdpa device.
1303  *
1304  * Considering that QEMU cannot send the entire filter table to the
1305  * vdpa device, it should send the VIRTIO_NET_CTRL_RX_PROMISC CVQ
1306  * command to enable promiscuous mode to receive all packets,
1307  * according to VirtIO standard, "Since there are no guarantees,
1308  * it can use a hash filter or silently switch to allmulti or
1309  * promiscuous mode if it is given too many addresses.".
1310  *
1311  * Since QEMU ignores MAC addresses beyond `MAC_TABLE_ENTRIES` and
1312  * marks `n->mac_table.x_overflow` accordingly, it should have
1313  * the same effect on the device model to receive
1314  * (`MAC_TABLE_ENTRIES` + 1) or more non-multicast MAC addresses.
1315  * The same applies to multicast MAC addresses.
1316  *
1317  * Therefore, QEMU can provide the device model with a fake
1318  * VIRTIO_NET_CTRL_MAC_TABLE_SET command with (`MAC_TABLE_ENTRIES` + 1)
1319  * non-multicast MAC addresses and (`MAC_TABLE_ENTRIES` + 1) multicast
1320  * MAC addresses. This ensures that the device model marks
1321  * `n->mac_table.uni_overflow` and `n->mac_table.multi_overflow`,
1322  * allowing all packets to be received, which aligns with the
1323  * state of the vdpa device.
1324  */
1325 static int vhost_vdpa_net_excessive_mac_filter_cvq_add(VhostVDPAState *s,
1326                                                        VirtQueueElement *elem,
1327                                                        struct iovec *out,
1328                                                        const struct iovec *in)
1329 {
1330     struct virtio_net_ctrl_mac mac_data, *mac_ptr;
1331     struct virtio_net_ctrl_hdr *hdr_ptr;
1332     uint32_t cursor;
1333     ssize_t r;
1334     uint8_t on = 1;
1335 
1336     /* parse the non-multicast MAC address entries from CVQ command */
1337     cursor = sizeof(*hdr_ptr);
1338     r = iov_to_buf(elem->out_sg, elem->out_num, cursor,
1339                    &mac_data, sizeof(mac_data));
1340     if (unlikely(r != sizeof(mac_data))) {
1341         /*
1342          * If the CVQ command is invalid, we should simulate the vdpa device
1343          * to reject the VIRTIO_NET_CTRL_MAC_TABLE_SET CVQ command
1344          */
1345         *s->status = VIRTIO_NET_ERR;
1346         return sizeof(*s->status);
1347     }
1348     cursor += sizeof(mac_data) + le32_to_cpu(mac_data.entries) * ETH_ALEN;
1349 
1350     /* parse the multicast MAC address entries from CVQ command */
1351     r = iov_to_buf(elem->out_sg, elem->out_num, cursor,
1352                    &mac_data, sizeof(mac_data));
1353     if (r != sizeof(mac_data)) {
1354         /*
1355          * If the CVQ command is invalid, we should simulate the vdpa device
1356          * to reject the VIRTIO_NET_CTRL_MAC_TABLE_SET CVQ command
1357          */
1358         *s->status = VIRTIO_NET_ERR;
1359         return sizeof(*s->status);
1360     }
1361     cursor += sizeof(mac_data) + le32_to_cpu(mac_data.entries) * ETH_ALEN;
1362 
1363     /* validate the CVQ command */
1364     if (iov_size(elem->out_sg, elem->out_num) != cursor) {
1365         /*
1366          * If the CVQ command is invalid, we should simulate the vdpa device
1367          * to reject the VIRTIO_NET_CTRL_MAC_TABLE_SET CVQ command
1368          */
1369         *s->status = VIRTIO_NET_ERR;
1370         return sizeof(*s->status);
1371     }
1372 
1373     /*
1374      * According to VirtIO standard, "Since there are no guarantees,
1375      * it can use a hash filter or silently switch to allmulti or
1376      * promiscuous mode if it is given too many addresses.".
1377      *
1378      * Therefore, considering that QEMU is unable to send the entire
1379      * filter table to the vdpa device, it should send the
1380      * VIRTIO_NET_CTRL_RX_PROMISC CVQ command to enable promiscuous mode
1381      */
1382     hdr_ptr = out->iov_base;
1383     out->iov_len = sizeof(*hdr_ptr) + sizeof(on);
1384 
1385     hdr_ptr->class = VIRTIO_NET_CTRL_RX;
1386     hdr_ptr->cmd = VIRTIO_NET_CTRL_RX_PROMISC;
1387     iov_from_buf(out, 1, sizeof(*hdr_ptr), &on, sizeof(on));
1388     r = vhost_vdpa_net_cvq_add(s, out, 1, in, 1);
1389     if (unlikely(r < 0)) {
1390         return r;
1391     }
1392 
1393     /*
1394      * We can poll here since we've had BQL from the time
1395      * we sent the descriptor.
1396      */
1397     r = vhost_vdpa_net_svq_poll(s, 1);
1398     if (unlikely(r < sizeof(*s->status))) {
1399         return r;
1400     }
1401     if (*s->status != VIRTIO_NET_OK) {
1402         return sizeof(*s->status);
1403     }
1404 
1405     /*
1406      * QEMU should also send a fake VIRTIO_NET_CTRL_MAC_TABLE_SET CVQ
1407      * command to the device model, including (`MAC_TABLE_ENTRIES` + 1)
1408      * non-multicast MAC addresses and (`MAC_TABLE_ENTRIES` + 1)
1409      * multicast MAC addresses.
1410      *
1411      * By doing so, the device model can mark `n->mac_table.uni_overflow`
1412      * and `n->mac_table.multi_overflow`, enabling all packets to be
1413      * received, which aligns with the state of the vdpa device.
1414      */
1415     cursor = 0;
1416     uint32_t fake_uni_entries = MAC_TABLE_ENTRIES + 1,
1417              fake_mul_entries = MAC_TABLE_ENTRIES + 1,
1418              fake_cvq_size = sizeof(struct virtio_net_ctrl_hdr) +
1419                              sizeof(mac_data) + fake_uni_entries * ETH_ALEN +
1420                              sizeof(mac_data) + fake_mul_entries * ETH_ALEN;
1421 
1422     assert(fake_cvq_size < vhost_vdpa_net_cvq_cmd_page_len());
1423     out->iov_len = fake_cvq_size;
1424 
1425     /* pack the header for fake CVQ command */
1426     hdr_ptr = out->iov_base + cursor;
1427     hdr_ptr->class = VIRTIO_NET_CTRL_MAC;
1428     hdr_ptr->cmd = VIRTIO_NET_CTRL_MAC_TABLE_SET;
1429     cursor += sizeof(*hdr_ptr);
1430 
1431     /*
1432      * Pack the non-multicast MAC addresses part for fake CVQ command.
1433      *
1434      * According to virtio_net_handle_mac(), QEMU doesn't verify the MAC
1435      * addresses provided in CVQ command. Therefore, only the entries
1436      * field need to be prepared in the CVQ command.
1437      */
1438     mac_ptr = out->iov_base + cursor;
1439     mac_ptr->entries = cpu_to_le32(fake_uni_entries);
1440     cursor += sizeof(*mac_ptr) + fake_uni_entries * ETH_ALEN;
1441 
1442     /*
1443      * Pack the multicast MAC addresses part for fake CVQ command.
1444      *
1445      * According to virtio_net_handle_mac(), QEMU doesn't verify the MAC
1446      * addresses provided in CVQ command. Therefore, only the entries
1447      * field need to be prepared in the CVQ command.
1448      */
1449     mac_ptr = out->iov_base + cursor;
1450     mac_ptr->entries = cpu_to_le32(fake_mul_entries);
1451 
1452     /*
1453      * Simulating QEMU poll a vdpa device used buffer
1454      * for VIRTIO_NET_CTRL_MAC_TABLE_SET CVQ command
1455      */
1456     return sizeof(*s->status);
1457 }
1458 
1459 /**
1460  * Validate and copy control virtqueue commands.
1461  *
1462  * Following QEMU guidelines, we offer a copy of the buffers to the device to
1463  * prevent TOCTOU bugs.
1464  */
1465 static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
1466                                             VirtQueueElement *elem,
1467                                             void *opaque)
1468 {
1469     VhostVDPAState *s = opaque;
1470     size_t in_len;
1471     const struct virtio_net_ctrl_hdr *ctrl;
1472     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
1473     /* Out buffer sent to both the vdpa device and the device model */
1474     struct iovec out = {
1475         .iov_base = s->cvq_cmd_out_buffer,
1476     };
1477     /* in buffer used for device model */
1478     const struct iovec model_in = {
1479         .iov_base = &status,
1480         .iov_len = sizeof(status),
1481     };
1482     /* in buffer used for vdpa device */
1483     const struct iovec vdpa_in = {
1484         .iov_base = s->status,
1485         .iov_len = sizeof(*s->status),
1486     };
1487     ssize_t dev_written = -EINVAL;
1488 
1489     out.iov_len = iov_to_buf(elem->out_sg, elem->out_num, 0,
1490                              s->cvq_cmd_out_buffer,
1491                              vhost_vdpa_net_cvq_cmd_page_len());
1492 
1493     ctrl = s->cvq_cmd_out_buffer;
1494     if (ctrl->class == VIRTIO_NET_CTRL_ANNOUNCE) {
1495         /*
1496          * Guest announce capability is emulated by qemu, so don't forward to
1497          * the device.
1498          */
1499         dev_written = sizeof(status);
1500         *s->status = VIRTIO_NET_OK;
1501     } else if (unlikely(ctrl->class == VIRTIO_NET_CTRL_MAC &&
1502                         ctrl->cmd == VIRTIO_NET_CTRL_MAC_TABLE_SET &&
1503                         iov_size(elem->out_sg, elem->out_num) > out.iov_len)) {
1504         /*
1505          * Due to the size limitation of the out buffer sent to the vdpa device,
1506          * which is determined by vhost_vdpa_net_cvq_cmd_page_len(), excessive
1507          * MAC addresses set by the driver for the filter table can cause
1508          * truncation of the CVQ command in QEMU. As a result, the vdpa device
1509          * rejects the flawed CVQ command.
1510          *
1511          * Therefore, QEMU must handle this situation instead of sending
1512          * the CVQ command directly.
1513          */
1514         dev_written = vhost_vdpa_net_excessive_mac_filter_cvq_add(s, elem,
1515                                                             &out, &vdpa_in);
1516         if (unlikely(dev_written < 0)) {
1517             goto out;
1518         }
1519     } else {
1520         ssize_t r;
1521         r = vhost_vdpa_net_cvq_add(s, &out, 1, &vdpa_in, 1);
1522         if (unlikely(r < 0)) {
1523             dev_written = r;
1524             goto out;
1525         }
1526 
1527         /*
1528          * We can poll here since we've had BQL from the time
1529          * we sent the descriptor.
1530          */
1531         dev_written = vhost_vdpa_net_svq_poll(s, 1);
1532     }
1533 
1534     if (unlikely(dev_written < sizeof(status))) {
1535         error_report("Insufficient written data (%zu)", dev_written);
1536         goto out;
1537     }
1538 
1539     if (*s->status != VIRTIO_NET_OK) {
1540         goto out;
1541     }
1542 
1543     status = VIRTIO_NET_ERR;
1544     virtio_net_handle_ctrl_iov(svq->vdev, &model_in, 1, &out, 1);
1545     if (status != VIRTIO_NET_OK) {
1546         error_report("Bad CVQ processing in model");
1547     }
1548 
1549 out:
1550     in_len = iov_from_buf(elem->in_sg, elem->in_num, 0, &status,
1551                           sizeof(status));
1552     if (unlikely(in_len < sizeof(status))) {
1553         error_report("Bad device CVQ written length");
1554     }
1555     vhost_svq_push_elem(svq, elem, MIN(in_len, sizeof(status)));
1556     /*
1557      * `elem` belongs to vhost_vdpa_net_handle_ctrl_avail() only when
1558      * the function successfully forwards the CVQ command, indicated
1559      * by a non-negative value of `dev_written`. Otherwise, it still
1560      * belongs to SVQ.
1561      * This function should only free the `elem` when it owns.
1562      */
1563     if (dev_written >= 0) {
1564         g_free(elem);
1565     }
1566     return dev_written < 0 ? dev_written : 0;
1567 }
1568 
1569 static const VhostShadowVirtqueueOps vhost_vdpa_net_svq_ops = {
1570     .avail_handler = vhost_vdpa_net_handle_ctrl_avail,
1571 };
1572 
1573 /**
1574  * Probe if CVQ is isolated
1575  *
1576  * @device_fd         The vdpa device fd
1577  * @features          Features offered by the device.
1578  * @cvq_index         The control vq pair index
1579  *
1580  * Returns <0 in case of failure, 0 if false and 1 if true.
1581  */
1582 static int vhost_vdpa_probe_cvq_isolation(int device_fd, uint64_t features,
1583                                           int cvq_index, Error **errp)
1584 {
1585     ERRP_GUARD();
1586     uint64_t backend_features;
1587     int64_t cvq_group;
1588     uint8_t status = VIRTIO_CONFIG_S_ACKNOWLEDGE |
1589                      VIRTIO_CONFIG_S_DRIVER;
1590     int r;
1591 
1592     r = ioctl(device_fd, VHOST_GET_BACKEND_FEATURES, &backend_features);
1593     if (unlikely(r < 0)) {
1594         error_setg_errno(errp, errno, "Cannot get vdpa backend_features");
1595         return r;
1596     }
1597 
1598     if (!(backend_features & BIT_ULL(VHOST_BACKEND_F_IOTLB_ASID))) {
1599         return 0;
1600     }
1601 
1602     r = ioctl(device_fd, VHOST_VDPA_SET_STATUS, &status);
1603     if (unlikely(r)) {
1604         error_setg_errno(errp, -r, "Cannot set device status");
1605         goto out;
1606     }
1607 
1608     r = ioctl(device_fd, VHOST_SET_FEATURES, &features);
1609     if (unlikely(r)) {
1610         error_setg_errno(errp, -r, "Cannot set features");
1611         goto out;
1612     }
1613 
1614     status |= VIRTIO_CONFIG_S_FEATURES_OK;
1615     r = ioctl(device_fd, VHOST_VDPA_SET_STATUS, &status);
1616     if (unlikely(r)) {
1617         error_setg_errno(errp, -r, "Cannot set device status");
1618         goto out;
1619     }
1620 
1621     cvq_group = vhost_vdpa_get_vring_group(device_fd, cvq_index, errp);
1622     if (unlikely(cvq_group < 0)) {
1623         if (cvq_group != -ENOTSUP) {
1624             r = cvq_group;
1625             goto out;
1626         }
1627 
1628         /*
1629          * The kernel report VHOST_BACKEND_F_IOTLB_ASID if the vdpa frontend
1630          * support ASID even if the parent driver does not.  The CVQ cannot be
1631          * isolated in this case.
1632          */
1633         error_free(*errp);
1634         *errp = NULL;
1635         r = 0;
1636         goto out;
1637     }
1638 
1639     for (int i = 0; i < cvq_index; ++i) {
1640         int64_t group = vhost_vdpa_get_vring_group(device_fd, i, errp);
1641         if (unlikely(group < 0)) {
1642             r = group;
1643             goto out;
1644         }
1645 
1646         if (group == (int64_t)cvq_group) {
1647             r = 0;
1648             goto out;
1649         }
1650     }
1651 
1652     r = 1;
1653 
1654 out:
1655     status = 0;
1656     ioctl(device_fd, VHOST_VDPA_SET_STATUS, &status);
1657     return r;
1658 }
1659 
1660 static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
1661                                        const char *device,
1662                                        const char *name,
1663                                        int vdpa_device_fd,
1664                                        int queue_pair_index,
1665                                        int nvqs,
1666                                        bool is_datapath,
1667                                        bool svq,
1668                                        struct vhost_vdpa_iova_range iova_range,
1669                                        uint64_t features,
1670                                        VhostVDPAShared *shared,
1671                                        Error **errp)
1672 {
1673     NetClientState *nc = NULL;
1674     VhostVDPAState *s;
1675     int ret = 0;
1676     assert(name);
1677     int cvq_isolated = 0;
1678 
1679     if (is_datapath) {
1680         nc = qemu_new_net_client(&net_vhost_vdpa_info, peer, device,
1681                                  name);
1682     } else {
1683         cvq_isolated = vhost_vdpa_probe_cvq_isolation(vdpa_device_fd, features,
1684                                                       queue_pair_index * 2,
1685                                                       errp);
1686         if (unlikely(cvq_isolated < 0)) {
1687             return NULL;
1688         }
1689 
1690         nc = qemu_new_net_control_client(&net_vhost_vdpa_cvq_info, peer,
1691                                          device, name);
1692     }
1693     qemu_set_info_str(nc, TYPE_VHOST_VDPA);
1694     s = DO_UPCAST(VhostVDPAState, nc, nc);
1695 
1696     s->vhost_vdpa.index = queue_pair_index;
1697     s->always_svq = svq;
1698     s->migration_state.notify = NULL;
1699     s->vhost_vdpa.shadow_vqs_enabled = svq;
1700     if (queue_pair_index == 0) {
1701         vhost_vdpa_net_valid_svq_features(features,
1702                                           &s->vhost_vdpa.migration_blocker);
1703         s->vhost_vdpa.shared = g_new0(VhostVDPAShared, 1);
1704         s->vhost_vdpa.shared->device_fd = vdpa_device_fd;
1705         s->vhost_vdpa.shared->iova_range = iova_range;
1706         s->vhost_vdpa.shared->shadow_data = svq;
1707     } else if (!is_datapath) {
1708         s->cvq_cmd_out_buffer = mmap(NULL, vhost_vdpa_net_cvq_cmd_page_len(),
1709                                      PROT_READ | PROT_WRITE,
1710                                      MAP_SHARED | MAP_ANONYMOUS, -1, 0);
1711         s->status = mmap(NULL, vhost_vdpa_net_cvq_cmd_page_len(),
1712                          PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS,
1713                          -1, 0);
1714 
1715         s->vhost_vdpa.shadow_vq_ops = &vhost_vdpa_net_svq_ops;
1716         s->vhost_vdpa.shadow_vq_ops_opaque = s;
1717         s->cvq_isolated = cvq_isolated;
1718     }
1719     if (queue_pair_index != 0) {
1720         s->vhost_vdpa.shared = shared;
1721     }
1722 
1723     ret = vhost_vdpa_add(nc, (void *)&s->vhost_vdpa, queue_pair_index, nvqs);
1724     if (ret) {
1725         qemu_del_net_client(nc);
1726         return NULL;
1727     }
1728 
1729     return nc;
1730 }
1731 
1732 static int vhost_vdpa_get_features(int fd, uint64_t *features, Error **errp)
1733 {
1734     int ret = ioctl(fd, VHOST_GET_FEATURES, features);
1735     if (unlikely(ret < 0)) {
1736         error_setg_errno(errp, errno,
1737                          "Fail to query features from vhost-vDPA device");
1738     }
1739     return ret;
1740 }
1741 
1742 static int vhost_vdpa_get_max_queue_pairs(int fd, uint64_t features,
1743                                           int *has_cvq, Error **errp)
1744 {
1745     unsigned long config_size = offsetof(struct vhost_vdpa_config, buf);
1746     g_autofree struct vhost_vdpa_config *config = NULL;
1747     __virtio16 *max_queue_pairs;
1748     int ret;
1749 
1750     if (features & (1 << VIRTIO_NET_F_CTRL_VQ)) {
1751         *has_cvq = 1;
1752     } else {
1753         *has_cvq = 0;
1754     }
1755 
1756     if (features & (1 << VIRTIO_NET_F_MQ)) {
1757         config = g_malloc0(config_size + sizeof(*max_queue_pairs));
1758         config->off = offsetof(struct virtio_net_config, max_virtqueue_pairs);
1759         config->len = sizeof(*max_queue_pairs);
1760 
1761         ret = ioctl(fd, VHOST_VDPA_GET_CONFIG, config);
1762         if (ret) {
1763             error_setg(errp, "Fail to get config from vhost-vDPA device");
1764             return -ret;
1765         }
1766 
1767         max_queue_pairs = (__virtio16 *)&config->buf;
1768 
1769         return lduw_le_p(max_queue_pairs);
1770     }
1771 
1772     return 1;
1773 }
1774 
1775 int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
1776                         NetClientState *peer, Error **errp)
1777 {
1778     ERRP_GUARD();
1779     const NetdevVhostVDPAOptions *opts;
1780     uint64_t features;
1781     int vdpa_device_fd;
1782     g_autofree NetClientState **ncs = NULL;
1783     struct vhost_vdpa_iova_range iova_range;
1784     NetClientState *nc;
1785     int queue_pairs, r, i = 0, has_cvq = 0;
1786 
1787     assert(netdev->type == NET_CLIENT_DRIVER_VHOST_VDPA);
1788     opts = &netdev->u.vhost_vdpa;
1789     if (!opts->vhostdev && !opts->vhostfd) {
1790         error_setg(errp,
1791                    "vhost-vdpa: neither vhostdev= nor vhostfd= was specified");
1792         return -1;
1793     }
1794 
1795     if (opts->vhostdev && opts->vhostfd) {
1796         error_setg(errp,
1797                    "vhost-vdpa: vhostdev= and vhostfd= are mutually exclusive");
1798         return -1;
1799     }
1800 
1801     if (opts->vhostdev) {
1802         vdpa_device_fd = qemu_open(opts->vhostdev, O_RDWR, errp);
1803         if (vdpa_device_fd == -1) {
1804             return -errno;
1805         }
1806     } else {
1807         /* has_vhostfd */
1808         vdpa_device_fd = monitor_fd_param(monitor_cur(), opts->vhostfd, errp);
1809         if (vdpa_device_fd == -1) {
1810             error_prepend(errp, "vhost-vdpa: unable to parse vhostfd: ");
1811             return -1;
1812         }
1813     }
1814 
1815     r = vhost_vdpa_get_features(vdpa_device_fd, &features, errp);
1816     if (unlikely(r < 0)) {
1817         goto err;
1818     }
1819 
1820     queue_pairs = vhost_vdpa_get_max_queue_pairs(vdpa_device_fd, features,
1821                                                  &has_cvq, errp);
1822     if (queue_pairs < 0) {
1823         qemu_close(vdpa_device_fd);
1824         return queue_pairs;
1825     }
1826 
1827     r = vhost_vdpa_get_iova_range(vdpa_device_fd, &iova_range);
1828     if (unlikely(r < 0)) {
1829         error_setg(errp, "vhost-vdpa: get iova range failed: %s",
1830                    strerror(-r));
1831         goto err;
1832     }
1833 
1834     if (opts->x_svq && !vhost_vdpa_net_valid_svq_features(features, errp)) {
1835         goto err;
1836     }
1837 
1838     ncs = g_malloc0(sizeof(*ncs) * queue_pairs);
1839 
1840     for (i = 0; i < queue_pairs; i++) {
1841         VhostVDPAShared *shared = NULL;
1842 
1843         if (i) {
1844             shared = DO_UPCAST(VhostVDPAState, nc, ncs[0])->vhost_vdpa.shared;
1845         }
1846         ncs[i] = net_vhost_vdpa_init(peer, TYPE_VHOST_VDPA, name,
1847                                      vdpa_device_fd, i, 2, true, opts->x_svq,
1848                                      iova_range, features, shared, errp);
1849         if (!ncs[i])
1850             goto err;
1851     }
1852 
1853     if (has_cvq) {
1854         VhostVDPAState *s0 = DO_UPCAST(VhostVDPAState, nc, ncs[0]);
1855         VhostVDPAShared *shared = s0->vhost_vdpa.shared;
1856 
1857         nc = net_vhost_vdpa_init(peer, TYPE_VHOST_VDPA, name,
1858                                  vdpa_device_fd, i, 1, false,
1859                                  opts->x_svq, iova_range, features, shared,
1860                                  errp);
1861         if (!nc)
1862             goto err;
1863     }
1864 
1865     return 0;
1866 
1867 err:
1868     if (i) {
1869         for (i--; i >= 0; i--) {
1870             qemu_del_net_client(ncs[i]);
1871         }
1872     }
1873 
1874     qemu_close(vdpa_device_fd);
1875 
1876     return -1;
1877 }
1878