]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - drivers/vhost/net.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vhost_net: fix possible infinite loop
[mirror_ubuntu-bionic-kernel.git] / drivers / vhost / net.c
CommitLineData
3a4d5c94
MT		 1/* Copyright (C) 2009 Red Hat, Inc.
2 * Author: Michael S. Tsirkin <mst@redhat.com>
3 *
4 * This work is licensed under the terms of the GNU GPL, version 2.
5 *
6 * virtio-net server in host kernel.
7 */
8
9#include <linux/compat.h>
10#include <linux/eventfd.h>
11#include <linux/vhost.h>
12#include <linux/virtio_net.h>
3a4d5c94
MT		 13#include <linux/miscdevice.h>
14#include <linux/module.h>
bab632d6 15#include <linux/moduleparam.h>
3a4d5c94
MT		 16#include <linux/mutex.h>
17#include <linux/workqueue.h>
3a4d5c94 18#include <linux/file.h>
5a0e3ad6 19#include <linux/slab.h>
e6017571 20#include <linux/sched/clock.h>
174cd4b1 21#include <linux/sched/signal.h>
23cc5a99 22#include <linux/vmalloc.h>
3a4d5c94
MT		 23
24#include <linux/net.h>
25#include <linux/if_packet.h>
26#include <linux/if_arp.h>
27#include <linux/if_tun.h>
501c774c 28#include <linux/if_macvlan.h>
635b8c8e 29#include <linux/if_tap.h>
c53cff5e 30#include <linux/if_vlan.h>
c67df11f
JW		 31#include <linux/skb_array.h>
32#include <linux/skbuff.h>
3a4d5c94
MT		 33
34#include <net/sock.h>
35
36#include "vhost.h"
37
f9611c43 38static int experimental_zcopytx = 1;
bab632d6 39module_param(experimental_zcopytx, int, 0444);
f9611c43
MT		 40MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;"
41 " 1 -Enable; 0 - Disable");
bab632d6 42
3a4d5c94
MT		 43/* Max number of bytes transferred before requeueing the job.
44 * Using this limit prevents one virtqueue from starving others. */
45#define VHOST_NET_WEIGHT 0x80000
46
5a328a2d 47/* Max number of packets transferred before requeueing the job.
3a2d7527
PA		 48 * Using this limit prevents one virtqueue from starving others with small
49 * pkts.
50 */
51#define VHOST_NET_PKT_WEIGHT 256
5a328a2d 52
bab632d6
MT		 53/* MAX number of TX used buffers for outstanding zerocopy */
54#define VHOST_MAX_PEND 128
55#define VHOST_GOODCOPY_LEN 256
56
eaae8132
MT		 57/*
58 * For transmit, used buffer len is unused; we override it to track buffer
59 * status internally; used for zerocopy tx only.
60 */
61/* Lower device DMA failed */
bf995734 62#define VHOST_DMA_FAILED_LEN ((__force __virtio32)3)
eaae8132 63/* Lower device DMA done */
bf995734 64#define VHOST_DMA_DONE_LEN ((__force __virtio32)2)
eaae8132 65/* Lower device DMA in progress */
bf995734 66#define VHOST_DMA_IN_PROGRESS ((__force __virtio32)1)
eaae8132 67/* Buffer unused */
bf995734 68#define VHOST_DMA_CLEAR_LEN ((__force __virtio32)0)
eaae8132 69
bf995734 70#define VHOST_DMA_IS_DONE(len) ((__force u32)(len) >= (__force u32)VHOST_DMA_DONE_LEN)
eaae8132 71
8570a6e7
AH		 72enum {
73 VHOST_NET_FEATURES = VHOST_FEATURES |
74 (1ULL << VHOST_NET_F_VIRTIO_NET_HDR) |
6b1e6cc7
JW		 75 (1ULL << VIRTIO_NET_F_MRG_RXBUF) |
76 (1ULL << VIRTIO_F_IOMMU_PLATFORM)
8570a6e7
AH		 77};
78
3a4d5c94
MT		 79enum {
80 VHOST_NET_VQ_RX = 0,
81 VHOST_NET_VQ_TX = 1,
82 VHOST_NET_VQ_MAX = 2,
83};
84
fe729a57 85struct vhost_net_ubuf_ref {
0ad8b480
MT		 86 /* refcount follows semantics similar to kref:
87 * 0: object is released
88 * 1: no outstanding ubufs
89 * >1: outstanding ubufs
90 */
91 atomic_t refcount;
2839400f
AH		 92 wait_queue_head_t wait;
93 struct vhost_virtqueue *vq;
94};
95
c67df11f
JW		 96#define VHOST_RX_BATCH 64
97struct vhost_net_buf {
98 struct sk_buff **queue;
99 int tail;
100 int head;
101};
102
3ab2e420
AH		 103struct vhost_net_virtqueue {
104 struct vhost_virtqueue vq;
81f95a55
MT		 105 size_t vhost_hlen;
106 size_t sock_hlen;
2839400f
AH		 107 /* vhost zerocopy support fields below: */
108 /* last used idx for outstanding DMA zerocopy buffers */
109 int upend_idx;
110 /* first used idx for DMA done zerocopy buffers */
111 int done_idx;
112 /* an array of userspace buffers info */
113 struct ubuf_info *ubuf_info;
114 /* Reference counting for outstanding ubufs.
115 * Protected by vq mutex. Writers must also take device mutex. */
fe729a57 116 struct vhost_net_ubuf_ref *ubufs;
c67df11f
JW		 117 struct skb_array *rx_array;
118 struct vhost_net_buf rxq;
3ab2e420
AH		 119};
120
3a4d5c94
MT		 121struct vhost_net {
122 struct vhost_dev dev;
3ab2e420 123 struct vhost_net_virtqueue vqs[VHOST_NET_VQ_MAX];
3a4d5c94 124 struct vhost_poll poll[VHOST_NET_VQ_MAX];
eaae8132
MT		 125 /* Number of TX recently submitted.
126 * Protected by tx vq lock. */
127 unsigned tx_packets;
128 /* Number of times zerocopy TX recently failed.
129 * Protected by tx vq lock. */
130 unsigned tx_zcopy_err;
1280c27f
MT		 131 /* Flush in progress. Protected by tx vq lock. */
132 bool tx_flush;
3a4d5c94
MT		 133};
134
fe729a57 135static unsigned vhost_net_zcopy_mask __read_mostly;
2839400f 136
c67df11f
JW		 137static void *vhost_net_buf_get_ptr(struct vhost_net_buf *rxq)
138{
139 if (rxq->tail != rxq->head)
140 return rxq->queue[rxq->head];
141 else
142 return NULL;
143}
144
145static int vhost_net_buf_get_size(struct vhost_net_buf *rxq)
146{
147 return rxq->tail - rxq->head;
148}
149
150static int vhost_net_buf_is_empty(struct vhost_net_buf *rxq)
151{
152 return rxq->tail == rxq->head;
153}
154
155static void *vhost_net_buf_consume(struct vhost_net_buf *rxq)
156{
157 void *ret = vhost_net_buf_get_ptr(rxq);
158 ++rxq->head;
159 return ret;
160}
161
162static int vhost_net_buf_produce(struct vhost_net_virtqueue *nvq)
163{
164 struct vhost_net_buf *rxq = &nvq->rxq;
165
166 rxq->head = 0;
167 rxq->tail = skb_array_consume_batched(nvq->rx_array, rxq->queue,
168 VHOST_RX_BATCH);
169 return rxq->tail;
170}
171
172static void vhost_net_buf_unproduce(struct vhost_net_virtqueue *nvq)
173{
174 struct vhost_net_buf *rxq = &nvq->rxq;
175
176 if (nvq->rx_array && !vhost_net_buf_is_empty(rxq)) {
177 skb_array_unconsume(nvq->rx_array, rxq->queue + rxq->head,
178 vhost_net_buf_get_size(rxq));
179 rxq->head = rxq->tail = 0;
180 }
181}
182
183static int vhost_net_buf_peek(struct vhost_net_virtqueue *nvq)
184{
185 struct vhost_net_buf *rxq = &nvq->rxq;
186
187 if (!vhost_net_buf_is_empty(rxq))
188 goto out;
189
190 if (!vhost_net_buf_produce(nvq))
191 return 0;
192
193out:
194 return __skb_array_len_with_tag(vhost_net_buf_get_ptr(rxq));
195}
196
197static void vhost_net_buf_init(struct vhost_net_buf *rxq)
198{
199 rxq->head = rxq->tail = 0;
200}
201
fe729a57 202static void vhost_net_enable_zcopy(int vq)
2839400f 203{
fe729a57 204 vhost_net_zcopy_mask |= 0x1 << vq;
2839400f
AH		 205}
206
fe729a57
AH		 207static struct vhost_net_ubuf_ref *
208vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy)
2839400f 209{
fe729a57 210 struct vhost_net_ubuf_ref *ubufs;
2839400f
AH		 211 /* No zero copy backend? Nothing to count. */
212 if (!zcopy)
213 return NULL;
214 ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL);
215 if (!ubufs)
216 return ERR_PTR(-ENOMEM);
0ad8b480 217 atomic_set(&ubufs->refcount, 1);
2839400f
AH		 218 init_waitqueue_head(&ubufs->wait);
219 ubufs->vq = vq;
220 return ubufs;
221}
222
0ad8b480 223static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs)
2839400f 224{
0ad8b480
MT		 225 int r = atomic_sub_return(1, &ubufs->refcount);
226 if (unlikely(!r))
227 wake_up(&ubufs->wait);
228 return r;
2839400f
AH		 229}
230
fe729a57 231static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs)
2839400f 232{
0ad8b480
MT		 233 vhost_net_ubuf_put(ubufs);
234 wait_event(ubufs->wait, !atomic_read(&ubufs->refcount));
c38e39c3
MT		 235}
236
237static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs)
238{
239 vhost_net_ubuf_put_and_wait(ubufs);
2839400f
AH		 240 kfree(ubufs);
241}
242
b1ad8496
AH		 243static void vhost_net_clear_ubuf_info(struct vhost_net *n)
244{
b1ad8496
AH		 245 int i;
246
288cfe78
MT		 247 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) {
248 kfree(n->vqs[i].ubuf_info);
249 n->vqs[i].ubuf_info = NULL;
b1ad8496
AH		 250 }
251}
252
0a1febf7 253static int vhost_net_set_ubuf_info(struct vhost_net *n)
2839400f
AH		 254{
255 bool zcopy;
256 int i;
257
288cfe78 258 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) {
fe729a57 259 zcopy = vhost_net_zcopy_mask & (0x1 << i);
2839400f
AH		 260 if (!zcopy)
261 continue;
262 n->vqs[i].ubuf_info = kmalloc(sizeof(*n->vqs[i].ubuf_info) *
263 UIO_MAXIOV, GFP_KERNEL);
264 if (!n->vqs[i].ubuf_info)
265 goto err;
266 }
267 return 0;
268
269err:
288cfe78 270 vhost_net_clear_ubuf_info(n);
2839400f
AH		 271 return -ENOMEM;
272}
273
0a1febf7 274static void vhost_net_vq_reset(struct vhost_net *n)
2839400f
AH		 275{
276 int i;
277
288cfe78
MT		 278 vhost_net_clear_ubuf_info(n);
279
2839400f
AH		 280 for (i = 0; i < VHOST_NET_VQ_MAX; i++) {
281 n->vqs[i].done_idx = 0;
282 n->vqs[i].upend_idx = 0;
283 n->vqs[i].ubufs = NULL;
81f95a55
MT		 284 n->vqs[i].vhost_hlen = 0;
285 n->vqs[i].sock_hlen = 0;
c67df11f 286 vhost_net_buf_init(&n->vqs[i].rxq);
2839400f
AH		 287 }
288
289}
290
eaae8132
MT		 291static void vhost_net_tx_packet(struct vhost_net *net)
292{
293 ++net->tx_packets;
294 if (net->tx_packets < 1024)
295 return;
296 net->tx_packets = 0;
297 net->tx_zcopy_err = 0;
298}
299
300static void vhost_net_tx_err(struct vhost_net *net)
301{
302 ++net->tx_zcopy_err;
303}
304
305static bool vhost_net_tx_select_zcopy(struct vhost_net *net)
306{
1280c27f
MT		 307 /* TX flush waits for outstanding DMAs to be done.
308 * Don't start new DMAs.
309 */
310 return !net->tx_flush &&
311 net->tx_packets / 64 >= net->tx_zcopy_err;
eaae8132
MT		 312}
313
bab632d6
MT		 314static bool vhost_sock_zcopy(struct socket *sock)
315{
316 return unlikely(experimental_zcopytx) &&
317 sock_flag(sock->sk, SOCK_ZEROCOPY);
318}
319
b211616d
MT		 320/* In case of DMA done not in order in lower device driver for some reason.
321 * upend_idx is used to track end of used idx, done_idx is used to track head
322 * of used idx. Once lower device DMA done contiguously, we will signal KVM
323 * guest used idx.
324 */
094afe7d
JW		 325static void vhost_zerocopy_signal_used(struct vhost_net *net,
326 struct vhost_virtqueue *vq)
b211616d 327{
2839400f
AH		 328 struct vhost_net_virtqueue *nvq =
329 container_of(vq, struct vhost_net_virtqueue, vq);
c92112ae 330 int i, add;
b211616d
MT		 331 int j = 0;
332
2839400f 333 for (i = nvq->done_idx; i != nvq->upend_idx; i = (i + 1) % UIO_MAXIOV) {
eaae8132
MT		 334 if (vq->heads[i].len == VHOST_DMA_FAILED_LEN)
335 vhost_net_tx_err(net);
b211616d
MT		 336 if (VHOST_DMA_IS_DONE(vq->heads[i].len)) {
337 vq->heads[i].len = VHOST_DMA_CLEAR_LEN;
b211616d
MT		 338 ++j;
339 } else
340 break;
341 }
c92112ae
JW		 342 while (j) {
343 add = min(UIO_MAXIOV - nvq->done_idx, j);
344 vhost_add_used_and_signal_n(vq->dev, vq,
345 &vq->heads[nvq->done_idx], add);
346 nvq->done_idx = (nvq->done_idx + add) % UIO_MAXIOV;
347 j -= add;
348 }
b211616d
MT		 349}
350
eaae8132 351static void vhost_zerocopy_callback(struct ubuf_info *ubuf, bool success)
b211616d 352{
fe729a57 353 struct vhost_net_ubuf_ref *ubufs = ubuf->ctx;
b211616d 354 struct vhost_virtqueue *vq = ubufs->vq;
0ad8b480 355 int cnt;
24eb21a1 356
b0c057ca
MT		 357 rcu_read_lock_bh();
358
19c73b3e
JW		 359 /* set len to mark this desc buffers done DMA */
360 vq->heads[ubuf->desc].len = success ?
361 VHOST_DMA_DONE_LEN : VHOST_DMA_FAILED_LEN;
0ad8b480 362 cnt = vhost_net_ubuf_put(ubufs);
19c73b3e 363
24eb21a1
MT		 364 /*
365 * Trigger polling thread if guest stopped submitting new buffers:
0ad8b480 366 * in this case, the refcount after decrement will eventually reach 1.
24eb21a1
MT		 367 * We also trigger polling periodically after each 16 packets
368 * (the value 16 here is more or less arbitrary, it's tuned to trigger
369 * less than 10% of times).
370 */
0ad8b480 371 if (cnt <= 1 || !(cnt % 16))
24eb21a1 372 vhost_poll_queue(&vq->poll);
b0c057ca
MT		 373
374 rcu_read_unlock_bh();
b211616d
MT		 375}
376
03088137
JW		 377static inline unsigned long busy_clock(void)
378{
379 return local_clock() >> 10;
380}
381
a78d3457 382static bool vhost_can_busy_poll(unsigned long endtime)
03088137 383{
a78d3457
TM		 384 return likely(!need_resched() && !time_after(busy_clock(), endtime) &&
385 !signal_pending(current));
03088137
JW		 386}
387
8241a1e4
JW		 388static void vhost_net_disable_vq(struct vhost_net *n,
389 struct vhost_virtqueue *vq)
390{
391 struct vhost_net_virtqueue *nvq =
392 container_of(vq, struct vhost_net_virtqueue, vq);
393 struct vhost_poll *poll = n->poll + (nvq - n->vqs);
394 if (!vq->private_data)
395 return;
396 vhost_poll_stop(poll);
397}
398
399static int vhost_net_enable_vq(struct vhost_net *n,
400 struct vhost_virtqueue *vq)
401{
402 struct vhost_net_virtqueue *nvq =
403 container_of(vq, struct vhost_net_virtqueue, vq);
404 struct vhost_poll *poll = n->poll + (nvq - n->vqs);
405 struct socket *sock;
406
407 sock = vq->private_data;
408 if (!sock)
409 return 0;
410
411 return vhost_poll_start(poll, sock->file);
412}
413
03088137
JW		 414static int vhost_net_tx_get_vq_desc(struct vhost_net *net,
415 struct vhost_virtqueue *vq,
416 struct iovec iov[], unsigned int iov_size,
a78d3457
TM		 417 unsigned int *out_num, unsigned int *in_num,
418 bool *busyloop_intr)
03088137
JW		 419{
420 unsigned long uninitialized_var(endtime);
421 int r = vhost_get_vq_desc(vq, vq->iov, ARRAY_SIZE(vq->iov),
6b1e6cc7 422 out_num, in_num, NULL, NULL);
03088137
JW		 423
424 if (r == vq->num && vq->busyloop_timeout) {
425 preempt_disable();
426 endtime = busy_clock() + vq->busyloop_timeout;
a78d3457
TM		 427 while (vhost_can_busy_poll(endtime)) {
428 if (vhost_has_work(vq->dev)) {
429 *busyloop_intr = true;
430 break;
431 }
432 if (!vhost_vq_avail_empty(vq->dev, vq))
433 break;
f2f09a4c 434 cpu_relax();
a78d3457 435 }
03088137
JW		 436 preempt_enable();
437 r = vhost_get_vq_desc(vq, vq->iov, ARRAY_SIZE(vq->iov),
6b1e6cc7 438 out_num, in_num, NULL, NULL);
03088137
JW		 439 }
440
441 return r;
442}
443
0ed005ce
JW		 444static bool vhost_exceeds_maxpend(struct vhost_net *net)
445{
446 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX];
447 struct vhost_virtqueue *vq = &nvq->vq;
448
1e6f7453
WB		 449 return (nvq->upend_idx + UIO_MAXIOV - nvq->done_idx) % UIO_MAXIOV >
450 min_t(unsigned int, VHOST_MAX_PEND, vq->num >> 2);
0ed005ce
JW		 451}
452
3a4d5c94
MT		 453/* Expects to be always run from workqueue - which acts as
454 * read-size critical section for our kind of RCU. */
455static void handle_tx(struct vhost_net *net)
456{
2839400f 457 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX];
81f95a55 458 struct vhost_virtqueue *vq = &nvq->vq;
98a527aa 459 unsigned out, in;
d5675bd2 460 int head;
3a4d5c94
MT		 461 struct msghdr msg = {
462 .msg_name = NULL,
463 .msg_namelen = 0,
464 .msg_control = NULL,
465 .msg_controllen = 0,
3a4d5c94
MT		 466 .msg_flags = MSG_DONTWAIT,
467 };
468 size_t len, total_len = 0;
70181d51 469 int err;
3a4d5c94 470 size_t hdr_size;
28457ee6 471 struct socket *sock;
fe729a57 472 struct vhost_net_ubuf_ref *uninitialized_var(ubufs);
cedb9bdc 473 bool zcopy, zcopy_used;
5a328a2d 474 int sent_pkts = 0;
28457ee6 475
2e26af79
AH		 476 mutex_lock(&vq->mutex);
477 sock = vq->private_data;
3a4d5c94 478 if (!sock)
2e26af79 479 goto out;
3a4d5c94 480
6b1e6cc7
JW		 481 if (!vq_iotlb_prefetch(vq))
482 goto out;
483
8ea8cf89 484 vhost_disable_notify(&net->dev, vq);
feb8892c 485 vhost_net_disable_vq(net, vq);
3a4d5c94 486
81f95a55 487 hdr_size = nvq->vhost_hlen;
2839400f 488 zcopy = nvq->ubufs;
3a4d5c94 489
7a110057 490 do {
a78d3457
TM		 491 bool busyloop_intr;
492
bab632d6
MT		 493 /* Release DMAs done buffers first */
494 if (zcopy)
eaae8132 495 vhost_zerocopy_signal_used(net, vq);
bab632d6 496
a78d3457 497 busyloop_intr = false;
03088137
JW		 498 head = vhost_net_tx_get_vq_desc(net, vq, vq->iov,
499 ARRAY_SIZE(vq->iov),
a78d3457 500 &out, &in, &busyloop_intr);
d5675bd2 501 /* On error, stop handling until the next kick. */
7b3384fc 502 if (unlikely(head < 0))
d5675bd2 503 break;
3a4d5c94
MT		 504 /* Nothing new? Wait for eventfd to tell us they refilled. */
505 if (head == vq->num) {
a78d3457
TM		 506 if (unlikely(busyloop_intr)) {
507 vhost_poll_queue(&vq->poll);
508 } else if (unlikely(vhost_enable_notify(&net->dev, vq))) {
8ea8cf89 509 vhost_disable_notify(&net->dev, vq);
3a4d5c94
MT		 510 continue;
511 }
512 break;
513 }
514 if (in) {
515 vq_err(vq, "Unexpected descriptor format for TX: "
516 "out %d, int %d\n", out, in);
517 break;
518 }
519 /* Skip header. TODO: support TSO. */
3a4d5c94 520 len = iov_length(vq->iov, out);
c0371da6 521 iov_iter_init(&msg.msg_iter, WRITE, vq->iov, out, len);
98a527aa 522 iov_iter_advance(&msg.msg_iter, hdr_size);
3a4d5c94 523 /* Sanity check */
01e97e65 524 if (!msg_data_left(&msg)) {
3a4d5c94
MT		 525 vq_err(vq, "Unexpected header len for TX: "
526 "%zd expected %zd\n",
98a527aa 527 len, hdr_size);
3a4d5c94
MT		 528 break;
529 }
01e97e65 530 len = msg_data_left(&msg);
ce21a029
JW		 531
532 zcopy_used = zcopy && len >= VHOST_GOODCOPY_LEN
1e6f7453 533 && !vhost_exceeds_maxpend(net)
ce21a029 534 && vhost_net_tx_select_zcopy(net);
cedb9bdc 535
bab632d6 536 /* use msg_control to pass vhost zerocopy ubuf info to skb */
cedb9bdc 537 if (zcopy_used) {
ce21a029
JW		 538 struct ubuf_info *ubuf;
539 ubuf = nvq->ubuf_info + nvq->upend_idx;
540
8b38694a 541 vq->heads[nvq->upend_idx].id = cpu_to_vhost32(vq, head);
ce21a029
JW		 542 vq->heads[nvq->upend_idx].len = VHOST_DMA_IN_PROGRESS;
543 ubuf->callback = vhost_zerocopy_callback;
544 ubuf->ctx = nvq->ubufs;
545 ubuf->desc = nvq->upend_idx;
c1d1b437 546 refcount_set(&ubuf->refcnt, 1);
ce21a029
JW		 547 msg.msg_control = ubuf;
548 msg.msg_controllen = sizeof(ubuf);
549 ubufs = nvq->ubufs;
0ad8b480 550 atomic_inc(&ubufs->refcount);
2839400f 551 nvq->upend_idx = (nvq->upend_idx + 1) % UIO_MAXIOV;
ce21a029 552 } else {
4364d5f9 553 msg.msg_control = NULL;
ce21a029
JW		 554 ubufs = NULL;
555 }
0ed005ce
JW		 556 total_len += len;
557 if (total_len < VHOST_NET_WEIGHT &&
558 !vhost_vq_avail_empty(&net->dev, vq) &&
559 likely(!vhost_exceeds_maxpend(net))) {
560 msg.msg_flags |= MSG_MORE;
561 } else {
562 msg.msg_flags &= ~MSG_MORE;
563 }
564
3a4d5c94 565 /* TODO: Check specific error and bomb out unless ENOBUFS? */
1b784140 566 err = sock->ops->sendmsg(sock, &msg, len);
3a4d5c94 567 if (unlikely(err < 0)) {
cedb9bdc 568 if (zcopy_used) {
ce21a029 569 vhost_net_ubuf_put(ubufs);
2839400f
AH		 570 nvq->upend_idx = ((unsigned)nvq->upend_idx - 1)
571 % UIO_MAXIOV;
bab632d6 572 }
8dd014ad 573 vhost_discard_vq_desc(vq, 1);
feb8892c 574 vhost_net_enable_vq(net, vq);
3a4d5c94
MT		 575 break;
576 }
577 if (err != len)
95c0ec6a
MT		 578 pr_debug("Truncated TX packet: "
579 " len %d != %zd\n", err, len);
cedb9bdc 580 if (!zcopy_used)
bab632d6 581 vhost_add_used_and_signal(&net->dev, vq, head, 0);
c8fb217a 582 else
eaae8132 583 vhost_zerocopy_signal_used(net, vq);
eaae8132 584 vhost_net_tx_packet(net);
7a110057 585 } while (likely(!vhost_exceeds_weight(vq, ++sent_pkts, total_len)));
2e26af79 586out:
3a4d5c94 587 mutex_unlock(&vq->mutex);
3a4d5c94
MT		 588}
589
c67df11f 590static int peek_head_len(struct vhost_net_virtqueue *rvq, struct sock *sk)
8dd014ad
DS		 591{
592 struct sk_buff *head;
593 int len = 0;
783e3988 594 unsigned long flags;
8dd014ad 595
c67df11f
JW		 596 if (rvq->rx_array)
597 return vhost_net_buf_peek(rvq);
1576d986 598
783e3988 599 spin_lock_irqsave(&sk->sk_receive_queue.lock, flags);
8dd014ad 600 head = skb_peek(&sk->sk_receive_queue);
c53cff5e 601 if (likely(head)) {
8dd014ad 602 len = head->len;
df8a39de 603 if (skb_vlan_tag_present(head))
c53cff5e
BG		 604 len += VLAN_HLEN;
605 }
606
783e3988 607 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, flags);
8dd014ad
DS		 608 return len;
609}
610
1576d986
JW		 611static int sk_has_rx_data(struct sock *sk)
612{
613 struct socket *sock = sk->sk_socket;
614
615 if (sock->ops->peek_len)
616 return sock->ops->peek_len(sock);
617
618 return skb_queue_empty(&sk->sk_receive_queue);
619}
620
03088137
JW		 621static int vhost_net_rx_peek_head_len(struct vhost_net *net, struct sock *sk)
622{
c67df11f 623 struct vhost_net_virtqueue *rvq = &net->vqs[VHOST_NET_VQ_RX];
03088137
JW		 624 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_TX];
625 struct vhost_virtqueue *vq = &nvq->vq;
626 unsigned long uninitialized_var(endtime);
c67df11f 627 int len = peek_head_len(rvq, sk);
03088137
JW		 628
629 if (!len && vq->busyloop_timeout) {
630 /* Both tx vq and rx socket were polled here */
a871876a 631 mutex_lock_nested(&vq->mutex, 1);
03088137
JW		 632 vhost_disable_notify(&net->dev, vq);
633
634 preempt_disable();
635 endtime = busy_clock() + vq->busyloop_timeout;
636
a78d3457
TM		 637 while (vhost_can_busy_poll(endtime) &&
638 !vhost_has_work(&net->dev) &&
1576d986 639 !sk_has_rx_data(sk) &&
03088137 640 vhost_vq_avail_empty(&net->dev, vq))
f2f09a4c 641 cpu_relax();
03088137
JW		 642
643 preempt_enable();
644
8b949bef 645 if (!vhost_vq_avail_empty(&net->dev, vq))
03088137 646 vhost_poll_queue(&vq->poll);
8b949bef
JW		 647 else if (unlikely(vhost_enable_notify(&net->dev, vq))) {
648 vhost_disable_notify(&net->dev, vq);
649 vhost_poll_queue(&vq->poll);
650 }
651
03088137
JW		 652 mutex_unlock(&vq->mutex);
653
c67df11f 654 len = peek_head_len(rvq, sk);
03088137
JW		 655 }
656
657 return len;
658}
659
8dd014ad
DS		 660/* This is a multi-buffer version of vhost_get_desc, that works if
661 * vq has read descriptors only.
662 * @vq - the relevant virtqueue
663 * @datalen - data length we'll be reading
664 * @iovcount - returned count of io vectors we fill
665 * @log - vhost log
666 * @log_num - log offset
94249369 667 * @quota - headcount quota, 1 for big buffer
8dd014ad
DS		 668 * returns number of buffer heads allocated, negative on error
669 */
670static int get_rx_bufs(struct vhost_virtqueue *vq,
671 struct vring_used_elem *heads,
672 int datalen,
673 unsigned *iovcount,
674 struct vhost_log *log,
94249369
JW		 675 unsigned *log_num,
676 unsigned int quota)
8dd014ad
DS		 677{
678 unsigned int out, in;
679 int seg = 0;
680 int headcount = 0;
681 unsigned d;
682 int r, nlogs = 0;
8b38694a
MT		 683 /* len is always initialized before use since we are always called with
684 * datalen > 0.
685 */
686 u32 uninitialized_var(len);
8dd014ad 687
94249369 688 while (datalen > 0 && headcount < quota) {
e0e9b406 689 if (unlikely(seg >= UIO_MAXIOV)) {
8dd014ad
DS		 690 r = -ENOBUFS;
691 goto err;
692 }
47283bef 693 r = vhost_get_vq_desc(vq, vq->iov + seg,
8dd014ad
DS		 694 ARRAY_SIZE(vq->iov) - seg, &out,
695 &in, log, log_num);
a39ee449
MT		 696 if (unlikely(r < 0))
697 goto err;
698
699 d = r;
8dd014ad
DS		 700 if (d == vq->num) {
701 r = 0;
702 goto err;
703 }
704 if (unlikely(out || in <= 0)) {
705 vq_err(vq, "unexpected descriptor format for RX: "
706 "out %d, in %d\n", out, in);
707 r = -EINVAL;
708 goto err;
709 }
710 if (unlikely(log)) {
711 nlogs += *log_num;
712 log += *log_num;
713 }
8b38694a
MT		 714 heads[headcount].id = cpu_to_vhost32(vq, d);
715 len = iov_length(vq->iov + seg, in);
716 heads[headcount].len = cpu_to_vhost32(vq, len);
717 datalen -= len;
8dd014ad
DS		 718 ++headcount;
719 seg += in;
720 }
99975cc6 721 heads[headcount - 1].len = cpu_to_vhost32(vq, len + datalen);
8dd014ad
DS		 722 *iovcount = seg;
723 if (unlikely(log))
724 *log_num = nlogs;
d8316f39
MT		 725
726 /* Detect overrun */
727 if (unlikely(datalen > 0)) {
728 r = UIO_MAXIOV + 1;
729 goto err;
730 }
8dd014ad
DS		 731 return headcount;
732err:
733 vhost_discard_vq_desc(vq, headcount);
734 return r;
735}
736
3a4d5c94
MT		 737/* Expects to be always run from workqueue - which acts as
738 * read-size critical section for our kind of RCU. */
94249369 739static void handle_rx(struct vhost_net *net)
3a4d5c94 740{
81f95a55
MT		 741 struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX];
742 struct vhost_virtqueue *vq = &nvq->vq;
8dd014ad
DS		 743 unsigned uninitialized_var(in), log;
744 struct vhost_log *vq_log;
745 struct msghdr msg = {
746 .msg_name = NULL,
747 .msg_namelen = 0,
748 .msg_control = NULL, /* FIXME: get and handle RX aux data. */
749 .msg_controllen = 0,
8dd014ad
DS		 750 .msg_flags = MSG_DONTWAIT,
751 };
0960b641
JW		 752 struct virtio_net_hdr hdr = {
753 .flags = 0,
754 .gso_type = VIRTIO_NET_HDR_GSO_NONE
8dd014ad 755 };
8dd014ad 756 size_t total_len = 0;
910a578f
MT		 757 int err, mergeable;
758 s16 headcount;
8dd014ad
DS		 759 size_t vhost_hlen, sock_hlen;
760 size_t vhost_len, sock_len;
2e26af79 761 struct socket *sock;
ba7438ae 762 struct iov_iter fixup;
0960b641 763 __virtio16 num_buffers;
3a2d7527 764 int recv_pkts = 0;
8dd014ad 765
a871876a 766 mutex_lock_nested(&vq->mutex, 0);
2e26af79
AH		 767 sock = vq->private_data;
768 if (!sock)
769 goto out;
6b1e6cc7
JW		 770
771 if (!vq_iotlb_prefetch(vq))
772 goto out;
773
8ea8cf89 774 vhost_disable_notify(&net->dev, vq);
8241a1e4 775 vhost_net_disable_vq(net, vq);
2e26af79 776
81f95a55
MT		 777 vhost_hlen = nvq->vhost_hlen;
778 sock_hlen = nvq->sock_hlen;
8dd014ad 779
ea16c514 780 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ?
8dd014ad 781 vq->log : NULL;
ea16c514 782 mergeable = vhost_has_feature(vq, VIRTIO_NET_F_MRG_RXBUF);
8dd014ad 783
7a110057
JW		 784 do {
785 sock_len = vhost_net_rx_peek_head_len(net, sock->sk);
786
787 if (!sock_len)
788 break;
8dd014ad
DS		 789 sock_len += sock_hlen;
790 vhost_len = sock_len + vhost_hlen;
791 headcount = get_rx_bufs(vq, vq->heads, vhost_len,
94249369
JW		 792 &in, vq_log, &log,
793 likely(mergeable) ? UIO_MAXIOV : 1);
8dd014ad
DS		 794 /* On error, stop handling until the next kick. */
795 if (unlikely(headcount < 0))
8241a1e4 796 goto out;
8dd014ad
DS		 797 /* OK, now we need to know about added descriptors. */
798 if (!headcount) {
8ea8cf89 799 if (unlikely(vhost_enable_notify(&net->dev, vq))) {
8dd014ad
DS		 800 /* They have slipped one in as we were
801 * doing that: check again. */
8ea8cf89 802 vhost_disable_notify(&net->dev, vq);
8dd014ad
DS		 803 continue;
804 }
805 /* Nothing new? Wait for eventfd to tell us
806 * they refilled. */
8241a1e4 807 goto out;
8dd014ad 808 }
6e474083
WX		 809 if (nvq->rx_array)
810 msg.msg_control = vhost_net_buf_consume(&nvq->rxq);
811 /* On overrun, truncate and discard */
812 if (unlikely(headcount > UIO_MAXIOV)) {
813 iov_iter_init(&msg.msg_iter, READ, vq->iov, 1, 1);
814 err = sock->ops->recvmsg(sock, &msg,
815 1, MSG_DONTWAIT | MSG_TRUNC);
816 pr_debug("Discarded rx packet: len %zd\n", sock_len);
817 continue;
818 }
8dd014ad 819 /* We don't need to be notified again. */
ba7438ae
AV		 820 iov_iter_init(&msg.msg_iter, READ, vq->iov, in, vhost_len);
821 fixup = msg.msg_iter;
822 if (unlikely((vhost_hlen))) {
823 /* We will supply the header ourselves
824 * TODO: support TSO.
825 */
826 iov_iter_advance(&msg.msg_iter, vhost_hlen);
ba7438ae 827 }
1b784140 828 err = sock->ops->recvmsg(sock, &msg,
8dd014ad
DS		 829 sock_len, MSG_DONTWAIT | MSG_TRUNC);
830 /* Userspace might have consumed the packet meanwhile:
831 * it's not supposed to do this usually, but might be hard
832 * to prevent. Discard data we got (if any) and keep going. */
833 if (unlikely(err != sock_len)) {
834 pr_debug("Discarded rx packet: "
835 " len %d, expected %zd\n", err, sock_len);
836 vhost_discard_vq_desc(vq, headcount);
837 continue;
838 }
ba7438ae 839 /* Supply virtio_net_hdr if VHOST_NET_F_VIRTIO_NET_HDR */
4c5a8442
MT		 840 if (unlikely(vhost_hlen)) {
841 if (copy_to_iter(&hdr, sizeof(hdr),
842 &fixup) != sizeof(hdr)) {
843 vq_err(vq, "Unable to write vnet_hdr "
844 "at addr %p\n", vq->iov->iov_base);
8241a1e4 845 goto out;
4c5a8442
MT		 846 }
847 } else {
848 /* Header came from socket; we'll need to patch
849 * ->num_buffers over if VIRTIO_NET_F_MRG_RXBUF
850 */
851 iov_iter_advance(&fixup, sizeof(hdr));
8dd014ad
DS		 852 }
853 /* TODO: Should check and handle checksum. */
5201aa49 854
0960b641 855 num_buffers = cpu_to_vhost16(vq, headcount);
cfbdab95 856 if (likely(mergeable) &&
0d79a493
MT		 857 copy_to_iter(&num_buffers, sizeof num_buffers,
858 &fixup) != sizeof num_buffers) {
8dd014ad
DS		 859 vq_err(vq, "Failed num_buffers write");
860 vhost_discard_vq_desc(vq, headcount);
8241a1e4 861 goto out;
8dd014ad
DS		 862 }
863 vhost_add_used_and_signal_n(&net->dev, vq, vq->heads,
864 headcount);
865 if (unlikely(vq_log))
6fa98137
JW		 866 vhost_log_write(vq, vq_log, log, vhost_len,
867 vq->iov, in);
8dd014ad 868 total_len += vhost_len;
7a110057
JW		 869 } while (likely(!vhost_exceeds_weight(vq, ++recv_pkts, total_len)));
870
8241a1e4 871 vhost_net_enable_vq(net, vq);
2e26af79 872out:
8dd014ad 873 mutex_unlock(&vq->mutex);
8dd014ad
DS		 874}
875
c23f3445 876static void handle_tx_kick(struct vhost_work *work)
3a4d5c94 877{
c23f3445
TH		 878 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
879 poll.work);
880 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev);
881
3a4d5c94
MT		 882 handle_tx(net);
883}
884
c23f3445 885static void handle_rx_kick(struct vhost_work *work)
3a4d5c94 886{
c23f3445
TH		 887 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
888 poll.work);
889 struct vhost_net *net = container_of(vq->dev, struct vhost_net, dev);
890
3a4d5c94
MT		 891 handle_rx(net);
892}
893
c23f3445 894static void handle_tx_net(struct vhost_work *work)
3a4d5c94 895{
c23f3445
TH		 896 struct vhost_net *net = container_of(work, struct vhost_net,
897 poll[VHOST_NET_VQ_TX].work);
3a4d5c94
MT		 898 handle_tx(net);
899}
900
c23f3445 901static void handle_rx_net(struct vhost_work *work)
3a4d5c94 902{
c23f3445
TH		 903 struct vhost_net *net = container_of(work, struct vhost_net,
904 poll[VHOST_NET_VQ_RX].work);
3a4d5c94
MT		 905 handle_rx(net);
906}
907
908static int vhost_net_open(struct inode *inode, struct file *f)
909{
23cc5a99 910 struct vhost_net *n;
c23f3445 911 struct vhost_dev *dev;
3ab2e420 912 struct vhost_virtqueue **vqs;
c67df11f 913 struct sk_buff **queue;
59566b6e 914 int i;
c23f3445 915
dcda9b04 916 n = kvmalloc(sizeof *n, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
6c5ab651
MH		 917 if (!n)
918 return -ENOMEM;
3ab2e420
AH		 919 vqs = kmalloc(VHOST_NET_VQ_MAX * sizeof(*vqs), GFP_KERNEL);
920 if (!vqs) {
d04257b0 921 kvfree(n);
3ab2e420
AH		 922 return -ENOMEM;
923 }
c23f3445 924
c67df11f
JW		 925 queue = kmalloc_array(VHOST_RX_BATCH, sizeof(struct sk_buff *),
926 GFP_KERNEL);
927 if (!queue) {
928 kfree(vqs);
929 kvfree(n);
930 return -ENOMEM;
931 }
932 n->vqs[VHOST_NET_VQ_RX].rxq.queue = queue;
933
c23f3445 934 dev = &n->dev;
3ab2e420
AH		 935 vqs[VHOST_NET_VQ_TX] = &n->vqs[VHOST_NET_VQ_TX].vq;
936 vqs[VHOST_NET_VQ_RX] = &n->vqs[VHOST_NET_VQ_RX].vq;
937 n->vqs[VHOST_NET_VQ_TX].vq.handle_kick = handle_tx_kick;
938 n->vqs[VHOST_NET_VQ_RX].vq.handle_kick = handle_rx_kick;
2839400f
AH		 939 for (i = 0; i < VHOST_NET_VQ_MAX; i++) {
940 n->vqs[i].ubufs = NULL;
941 n->vqs[i].ubuf_info = NULL;
942 n->vqs[i].upend_idx = 0;
943 n->vqs[i].done_idx = 0;
81f95a55
MT		 944 n->vqs[i].vhost_hlen = 0;
945 n->vqs[i].sock_hlen = 0;
c67df11f 946 vhost_net_buf_init(&n->vqs[i].rxq);
2839400f 947 }
9564f70c 948 vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX,
7a110057 949 VHOST_NET_PKT_WEIGHT, VHOST_NET_WEIGHT);
3a4d5c94 950
c23f3445
TH		 951 vhost_poll_init(n->poll + VHOST_NET_VQ_TX, handle_tx_net, POLLOUT, dev);
952 vhost_poll_init(n->poll + VHOST_NET_VQ_RX, handle_rx_net, POLLIN, dev);
3a4d5c94
MT		 953
954 f->private_data = n;
955
956 return 0;
957}
958
3a4d5c94
MT		 959static struct socket *vhost_net_stop_vq(struct vhost_net *n,
960 struct vhost_virtqueue *vq)
961{
962 struct socket *sock;
c67df11f
JW		 963 struct vhost_net_virtqueue *nvq =
964 container_of(vq, struct vhost_net_virtqueue, vq);
3a4d5c94
MT		 965
966 mutex_lock(&vq->mutex);
22fa90c7 967 sock = vq->private_data;
3a4d5c94 968 vhost_net_disable_vq(n, vq);
22fa90c7 969 vq->private_data = NULL;
c67df11f 970 vhost_net_buf_unproduce(nvq);
3a4d5c94
MT		 971 mutex_unlock(&vq->mutex);
972 return sock;
973}
974
975static void vhost_net_stop(struct vhost_net *n, struct socket **tx_sock,
976 struct socket **rx_sock)
977{
3ab2e420
AH		 978 *tx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_TX].vq);
979 *rx_sock = vhost_net_stop_vq(n, &n->vqs[VHOST_NET_VQ_RX].vq);
3a4d5c94
MT		 980}
981
982static void vhost_net_flush_vq(struct vhost_net *n, int index)
983{
984 vhost_poll_flush(n->poll + index);
3ab2e420 985 vhost_poll_flush(&n->vqs[index].vq.poll);
3a4d5c94
MT		 986}
987
988static void vhost_net_flush(struct vhost_net *n)
989{
990 vhost_net_flush_vq(n, VHOST_NET_VQ_TX);
991 vhost_net_flush_vq(n, VHOST_NET_VQ_RX);
2839400f 992 if (n->vqs[VHOST_NET_VQ_TX].ubufs) {
3ab2e420 993 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex);
1280c27f 994 n->tx_flush = true;
3ab2e420 995 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex);
1280c27f 996 /* Wait for all lower device DMAs done. */
fe729a57 997 vhost_net_ubuf_put_and_wait(n->vqs[VHOST_NET_VQ_TX].ubufs);
3ab2e420 998 mutex_lock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex);
1280c27f 999 n->tx_flush = false;
0ad8b480 1000 atomic_set(&n->vqs[VHOST_NET_VQ_TX].ubufs->refcount, 1);
3ab2e420 1001 mutex_unlock(&n->vqs[VHOST_NET_VQ_TX].vq.mutex);
1280c27f 1002 }
3a4d5c94
MT		 1003}
1004
1005static int vhost_net_release(struct inode *inode, struct file *f)
1006{
1007 struct vhost_net *n = f->private_data;
1008 struct socket *tx_sock;
1009 struct socket *rx_sock;
1010
1011 vhost_net_stop(n, &tx_sock, &rx_sock);
1012 vhost_net_flush(n);
b211616d 1013 vhost_dev_stop(&n->dev);
ea5d4046 1014 vhost_dev_cleanup(&n->dev, false);
81f95a55 1015 vhost_net_vq_reset(n);
3a4d5c94 1016 if (tx_sock)
09aaacf0 1017 sockfd_put(tx_sock);
3a4d5c94 1018 if (rx_sock)
09aaacf0 1019 sockfd_put(rx_sock);
b0c057ca
MT		 1020 /* Make sure no callbacks are outstanding */
1021 synchronize_rcu_bh();
3a4d5c94
MT		 1022 /* We do an extra flush before freeing memory,
1023 * since jobs can re-queue themselves. */
1024 vhost_net_flush(n);
c67df11f 1025 kfree(n->vqs[VHOST_NET_VQ_RX].rxq.queue);
3ab2e420 1026 kfree(n->dev.vqs);
d04257b0 1027 kvfree(n);
3a4d5c94
MT		 1028 return 0;
1029}
1030
1031static struct socket *get_raw_socket(int fd)
1032{
1033 struct {
1034 struct sockaddr_ll sa;
1035 char buf[MAX_ADDR_LEN];
1036 } uaddr;
1037 int uaddr_len = sizeof uaddr, r;
1038 struct socket *sock = sockfd_lookup(fd, &r);
d47effe1 1039
3a4d5c94
MT		 1040 if (!sock)
1041 return ERR_PTR(-ENOTSOCK);
1042
1043 /* Parameter checking */
1044 if (sock->sk->sk_type != SOCK_RAW) {
1045 r = -ESOCKTNOSUPPORT;
1046 goto err;
1047 }
1048
1049 r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa,
1050 &uaddr_len, 0);
1051 if (r)
1052 goto err;
1053
1054 if (uaddr.sa.sll_family != AF_PACKET) {
1055 r = -EPFNOSUPPORT;
1056 goto err;
1057 }
1058 return sock;
1059err:
09aaacf0 1060 sockfd_put(sock);
3a4d5c94
MT		 1061 return ERR_PTR(r);
1062}
1063
c67df11f
JW		 1064static struct skb_array *get_tap_skb_array(int fd)
1065{
1066 struct skb_array *array;
1067 struct file *file = fget(fd);
1068
1069 if (!file)
1070 return NULL;
1071 array = tun_get_skb_array(file);
1072 if (!IS_ERR(array))
1073 goto out;
1074 array = tap_get_skb_array(file);
1075 if (!IS_ERR(array))
1076 goto out;
1077 array = NULL;
1078out:
1079 fput(file);
1080 return array;
1081}
1082
501c774c 1083static struct socket *get_tap_socket(int fd)
3a4d5c94
MT		 1084{
1085 struct file *file = fget(fd);
1086 struct socket *sock;
d47effe1 1087
3a4d5c94
MT		 1088 if (!file)
1089 return ERR_PTR(-EBADF);
1090 sock = tun_get_socket(file);
501c774c
AB		 1091 if (!IS_ERR(sock))
1092 return sock;
635b8c8e 1093 sock = tap_get_socket(file);
3a4d5c94
MT		 1094 if (IS_ERR(sock))
1095 fput(file);
1096 return sock;
1097}
1098
1099static struct socket *get_socket(int fd)
1100{
1101 struct socket *sock;
d47effe1 1102
3a4d5c94
MT		 1103 /* special case to disable backend */
1104 if (fd == -1)
1105 return NULL;
1106 sock = get_raw_socket(fd);
1107 if (!IS_ERR(sock))
1108 return sock;
501c774c 1109 sock = get_tap_socket(fd);
3a4d5c94
MT		 1110 if (!IS_ERR(sock))
1111 return sock;
1112 return ERR_PTR(-ENOTSOCK);
1113}
1114
1115static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
1116{
1117 struct socket *sock, *oldsock;
1118 struct vhost_virtqueue *vq;
2839400f 1119 struct vhost_net_virtqueue *nvq;
fe729a57 1120 struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL;
3a4d5c94
MT		 1121 int r;
1122
1123 mutex_lock(&n->dev.mutex);
1124 r = vhost_dev_check_owner(&n->dev);
1125 if (r)
1126 goto err;
1127
1128 if (index >= VHOST_NET_VQ_MAX) {
1129 r = -ENOBUFS;
1130 goto err;
1131 }
3ab2e420 1132 vq = &n->vqs[index].vq;
2839400f 1133 nvq = &n->vqs[index];
3a4d5c94
MT		 1134 mutex_lock(&vq->mutex);
1135
1136 /* Verify that ring has been setup correctly. */
1137 if (!vhost_vq_access_ok(vq)) {
1138 r = -EFAULT;
1dace8c8 1139 goto err_vq;
3a4d5c94
MT		 1140 }
1141 sock = get_socket(fd);
1142 if (IS_ERR(sock)) {
1143 r = PTR_ERR(sock);
1dace8c8 1144 goto err_vq;
3a4d5c94
MT		 1145 }
1146
1147 /* start polling new socket */
22fa90c7 1148 oldsock = vq->private_data;
11fe8839 1149 if (sock != oldsock) {
fe729a57
AH		 1150 ubufs = vhost_net_ubuf_alloc(vq,
1151 sock && vhost_sock_zcopy(sock));
bab632d6
MT		 1152 if (IS_ERR(ubufs)) {
1153 r = PTR_ERR(ubufs);
1154 goto err_ubufs;
1155 }
692a998b 1156
d47effe1 1157 vhost_net_disable_vq(n, vq);
22fa90c7 1158 vq->private_data = sock;
c67df11f
JW		 1159 vhost_net_buf_unproduce(nvq);
1160 if (index == VHOST_NET_VQ_RX)
1161 nvq->rx_array = get_tap_skb_array(fd);
80f7d030 1162 r = vhost_vq_init_access(vq);
f59281da 1163 if (r)
692a998b 1164 goto err_used;
2b8b328b
JW		 1165 r = vhost_net_enable_vq(n, vq);
1166 if (r)
1167 goto err_used;
692a998b 1168
2839400f
AH		 1169 oldubufs = nvq->ubufs;
1170 nvq->ubufs = ubufs;
64e9a9b8
MT		 1171
1172 n->tx_packets = 0;
1173 n->tx_zcopy_err = 0;
1280c27f 1174 n->tx_flush = false;
dd1f4078 1175 }
3a4d5c94 1176
1680e906
MT		 1177 mutex_unlock(&vq->mutex);
1178
c047e5f3 1179 if (oldubufs) {
c38e39c3 1180 vhost_net_ubuf_put_wait_and_free(oldubufs);
c047e5f3 1181 mutex_lock(&vq->mutex);
eaae8132 1182 vhost_zerocopy_signal_used(n, vq);
c047e5f3
MT		 1183 mutex_unlock(&vq->mutex);
1184 }
bab632d6 1185
3a4d5c94
MT		 1186 if (oldsock) {
1187 vhost_net_flush_vq(n, index);
09aaacf0 1188 sockfd_put(oldsock);
3a4d5c94 1189 }
1dace8c8 1190
1680e906
MT		 1191 mutex_unlock(&n->dev.mutex);
1192 return 0;
1193
692a998b 1194err_used:
22fa90c7 1195 vq->private_data = oldsock;
692a998b
JW		 1196 vhost_net_enable_vq(n, vq);
1197 if (ubufs)
c38e39c3 1198 vhost_net_ubuf_put_wait_and_free(ubufs);
bab632d6 1199err_ubufs:
d4d0e879
JW		 1200 if (sock)
1201 sockfd_put(sock);
1dace8c8
JD		 1202err_vq:
1203 mutex_unlock(&vq->mutex);
3a4d5c94
MT		 1204err:
1205 mutex_unlock(&n->dev.mutex);
1206 return r;
1207}
1208
1209static long vhost_net_reset_owner(struct vhost_net *n)
1210{
1211 struct socket *tx_sock = NULL;
1212 struct socket *rx_sock = NULL;
1213 long err;
a9709d68 1214 struct vhost_umem *umem;
d47effe1 1215
3a4d5c94
MT		 1216 mutex_lock(&n->dev.mutex);
1217 err = vhost_dev_check_owner(&n->dev);
1218 if (err)
1219 goto done;
a9709d68
JW		 1220 umem = vhost_dev_reset_owner_prepare();
1221 if (!umem) {
150b9e51
MT		 1222 err = -ENOMEM;
1223 goto done;
1224 }
3a4d5c94
MT		 1225 vhost_net_stop(n, &tx_sock, &rx_sock);
1226 vhost_net_flush(n);
3a688abf 1227 vhost_dev_stop(&n->dev);
a9709d68 1228 vhost_dev_reset_owner(&n->dev, umem);
81f95a55 1229 vhost_net_vq_reset(n);
3a4d5c94
MT		 1230done:
1231 mutex_unlock(&n->dev.mutex);
1232 if (tx_sock)
09aaacf0 1233 sockfd_put(tx_sock);
3a4d5c94 1234 if (rx_sock)
09aaacf0 1235 sockfd_put(rx_sock);
3a4d5c94
MT		 1236 return err;
1237}
1238
1239static int vhost_net_set_features(struct vhost_net *n, u64 features)
1240{
8dd014ad 1241 size_t vhost_hlen, sock_hlen, hdr_len;
3a4d5c94 1242 int i;
8dd014ad 1243
e4fca7d6
MT		 1244 hdr_len = (features & ((1ULL << VIRTIO_NET_F_MRG_RXBUF) |
1245 (1ULL << VIRTIO_F_VERSION_1))) ?
8dd014ad
DS		 1246 sizeof(struct virtio_net_hdr_mrg_rxbuf) :
1247 sizeof(struct virtio_net_hdr);
1248 if (features & (1 << VHOST_NET_F_VIRTIO_NET_HDR)) {
1249 /* vhost provides vnet_hdr */
1250 vhost_hlen = hdr_len;
1251 sock_hlen = 0;
1252 } else {
1253 /* socket provides vnet_hdr */
1254 vhost_hlen = 0;
1255 sock_hlen = hdr_len;
1256 }
3a4d5c94
MT		 1257 mutex_lock(&n->dev.mutex);
1258 if ((features & (1 << VHOST_F_LOG_ALL)) &&
6b1e6cc7
JW		 1259 !vhost_log_access_ok(&n->dev))
1260 goto out_unlock;
1261
1262 if ((features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))) {
1263 if (vhost_init_device_iotlb(&n->dev, true))
1264 goto out_unlock;
3a4d5c94 1265 }
6b1e6cc7 1266
3a4d5c94 1267 for (i = 0; i < VHOST_NET_VQ_MAX; ++i) {
3ab2e420 1268 mutex_lock(&n->vqs[i].vq.mutex);
ea16c514 1269 n->vqs[i].vq.acked_features = features;
81f95a55
MT		 1270 n->vqs[i].vhost_hlen = vhost_hlen;
1271 n->vqs[i].sock_hlen = sock_hlen;
3ab2e420 1272 mutex_unlock(&n->vqs[i].vq.mutex);
3a4d5c94 1273 }
3a4d5c94
MT		 1274 mutex_unlock(&n->dev.mutex);
1275 return 0;
6b1e6cc7
JW		 1276
1277out_unlock:
1278 mutex_unlock(&n->dev.mutex);
1279 return -EFAULT;
3a4d5c94
MT		 1280}
1281
b1ad8496
AH		 1282static long vhost_net_set_owner(struct vhost_net *n)
1283{
1284 int r;
1285
1286 mutex_lock(&n->dev.mutex);
05c05351
MT		 1287 if (vhost_dev_has_owner(&n->dev)) {
1288 r = -EBUSY;
1289 goto out;
1290 }
b1ad8496
AH		 1291 r = vhost_net_set_ubuf_info(n);
1292 if (r)
1293 goto out;
1294 r = vhost_dev_set_owner(&n->dev);
1295 if (r)
1296 vhost_net_clear_ubuf_info(n);
1297 vhost_net_flush(n);
1298out:
1299 mutex_unlock(&n->dev.mutex);
1300 return r;
1301}
1302
3a4d5c94
MT		 1303static long vhost_net_ioctl(struct file *f, unsigned int ioctl,
1304 unsigned long arg)
1305{
1306 struct vhost_net *n = f->private_data;
1307 void __user *argp = (void __user *)arg;
1308 u64 __user *featurep = argp;
1309 struct vhost_vring_file backend;
1310 u64 features;
1311 int r;
d47effe1 1312
3a4d5c94
MT		 1313 switch (ioctl) {
1314 case VHOST_NET_SET_BACKEND:
d3553a52
TY		 1315 if (copy_from_user(&backend, argp, sizeof backend))
1316 return -EFAULT;
3a4d5c94
MT		 1317 return vhost_net_set_backend(n, backend.index, backend.fd);
1318 case VHOST_GET_FEATURES:
0dd05a3b 1319 features = VHOST_NET_FEATURES;
d3553a52
TY		 1320 if (copy_to_user(featurep, &features, sizeof features))
1321 return -EFAULT;
1322 return 0;
3a4d5c94 1323 case VHOST_SET_FEATURES:
d3553a52
TY		 1324 if (copy_from_user(&features, featurep, sizeof features))
1325 return -EFAULT;
0dd05a3b 1326 if (features & ~VHOST_NET_FEATURES)
3a4d5c94
MT		 1327 return -EOPNOTSUPP;
1328 return vhost_net_set_features(n, features);
1329 case VHOST_RESET_OWNER:
1330 return vhost_net_reset_owner(n);
b1ad8496
AH		 1331 case VHOST_SET_OWNER:
1332 return vhost_net_set_owner(n);
3a4d5c94
MT		 1333 default:
1334 mutex_lock(&n->dev.mutex);
935cdee7
MT		 1335 r = vhost_dev_ioctl(&n->dev, ioctl, argp);
1336 if (r == -ENOIOCTLCMD)
1337 r = vhost_vring_ioctl(&n->dev, ioctl, argp);
1338 else
1339 vhost_net_flush(n);
3a4d5c94
MT		 1340 mutex_unlock(&n->dev.mutex);
1341 return r;
1342 }
1343}
1344
1345#ifdef CONFIG_COMPAT
1346static long vhost_net_compat_ioctl(struct file *f, unsigned int ioctl,
1347 unsigned long arg)
1348{
1349 return vhost_net_ioctl(f, ioctl, (unsigned long)compat_ptr(arg));
1350}
1351#endif
1352
6b1e6cc7
JW		 1353static ssize_t vhost_net_chr_read_iter(struct kiocb *iocb, struct iov_iter *to)
1354{
1355 struct file *file = iocb->ki_filp;
1356 struct vhost_net *n = file->private_data;
1357 struct vhost_dev *dev = &n->dev;
1358 int noblock = file->f_flags & O_NONBLOCK;
1359
1360 return vhost_chr_read_iter(dev, to, noblock);
1361}
1362
1363static ssize_t vhost_net_chr_write_iter(struct kiocb *iocb,
1364 struct iov_iter *from)
1365{
1366 struct file *file = iocb->ki_filp;
1367 struct vhost_net *n = file->private_data;
1368 struct vhost_dev *dev = &n->dev;
1369
1370 return vhost_chr_write_iter(dev, from);
1371}
1372
1373static unsigned int vhost_net_chr_poll(struct file *file, poll_table *wait)
1374{
1375 struct vhost_net *n = file->private_data;
1376 struct vhost_dev *dev = &n->dev;
1377
1378 return vhost_chr_poll(file, dev, wait);
1379}
1380
373a83a6 1381static const struct file_operations vhost_net_fops = {
3a4d5c94
MT		 1382 .owner = THIS_MODULE,
1383 .release = vhost_net_release,
6b1e6cc7
JW		 1384 .read_iter = vhost_net_chr_read_iter,
1385 .write_iter = vhost_net_chr_write_iter,
1386 .poll = vhost_net_chr_poll,
3a4d5c94
MT		 1387 .unlocked_ioctl = vhost_net_ioctl,
1388#ifdef CONFIG_COMPAT
1389 .compat_ioctl = vhost_net_compat_ioctl,
1390#endif
1391 .open = vhost_net_open,
6038f373 1392 .llseek = noop_llseek,
3a4d5c94
MT		 1393};
1394
1395static struct miscdevice vhost_net_misc = {
7c7c7f01 1396 .minor = VHOST_NET_MINOR,
1397 .name = "vhost-net",
1398 .fops = &vhost_net_fops,
3a4d5c94
MT		 1399};
1400
a8d3782f 1401static int vhost_net_init(void)
3a4d5c94 1402{
bab632d6 1403 if (experimental_zcopytx)
fe729a57 1404 vhost_net_enable_zcopy(VHOST_NET_VQ_TX);
c23f3445 1405 return misc_register(&vhost_net_misc);
3a4d5c94
MT		 1406}
1407module_init(vhost_net_init);
1408
a8d3782f 1409static void vhost_net_exit(void)
3a4d5c94
MT		 1410{
1411 misc_deregister(&vhost_net_misc);
3a4d5c94
MT		 1412}
1413module_exit(vhost_net_exit);
1414
1415MODULE_VERSION("0.0.1");
1416MODULE_LICENSE("GPL v2");
1417MODULE_AUTHOR("Michael S. Tsirkin");
1418MODULE_DESCRIPTION("Host kernel accelerator for virtio net");
7c7c7f01 1419MODULE_ALIAS_MISCDEV(VHOST_NET_MINOR);
1420MODULE_ALIAS("devname:vhost-net");
ubuntu-bionic-kernel mirror