packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch

306 lines
10 KiB
Diff
Raw Normal View History

QEMU update to version 6.2.0-84(master) - hw/arm/fsl-imx: Do not ignore Error argument - hw/net/cadence_gem.c: spelling fixes: Octects - tests/qtest: check the return value - libvhost-user: Fix VHOST_USER_GET_MAX_MEM_SLOTS reply mainline inclusion commit 69a5daec06f423843ce1bb9be5fb049314996f78 category: bugfix - io_uring: fix short read slow path mainline inclusion commit c06fc7ce147e57ab493bad9263f1601b8298484b category: bugfix - libvhost-user: Fix VHOST_USER_ADD_MEM_REG reply mainline inclusion commit 7f27d20ded2f480f3e66d03f90ea71507b834276 category: bugfix - qsd: Unlink absolute PID file path mainline inclusion commit 9d8f8233b9fa525a7e37350fbc18877051128c5d category: bugfix - net: Fix a misleading error message - vdpa: stop all svq on device deletion - vhost: release virtqueue objects in error path - vhost: fix the fd leak - virtio: i2c: Check notifier helpers for VIRTIO_CONFIG_IRQ_IDX - hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments - virtio-net: clear guest_announce feature if no cvq backend - vdpa: fix VHOST_BACKEND_F_IOTLB_ASID flag check - vdpa: do not block migration if device has cvq and x-svq=on - vdpa net: block migration if the device has CVQ - vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mq() - vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mac() - vdpa: fix not using CVQ buffer in case of error - vdpa: Fix possible use-after-free for VirtQueueElement - hw/virtio: fix vhost_user_read tracepoint - vhost: Fix false positive out-of-bounds - vhost: fix possible wrap in SVQ descriptor ring - vhost: move iova_tree set to vhost_svq_start - vhost: Always store new kick fd on vhost_svq_set_svq_kick_fd - virtio-crypto: verify src&dst buffer length for sym request - vdpa: commit all host notifier MRs in a single MR transaction - vdpa: harden the error path if get_iova_range failed - vdpa-dev: get iova range explicitly - virtio-pci: add support for configure interrupt - virtio-mmio: add support for configure interrupt - virtio-net: add support for configure interrupt - vhost: add support for configure interrupt - virtio: add support for configure interrupt - vhost-vdpa: add support for config interrupt - vhost: introduce new VhostOps vhost_set_config_call - virtio-pci: decouple the single vector from the interrupt process - virtio-pci: decouple notifier from interrupt process - virtio: introduce macro VIRTIO_CONFIG_IRQ_IDX - vdpa: do not handle VIRTIO_NET_F_GUEST_ANNOUNCE in vhost-vdpa - vdpa: handle VIRTIO_NET_CTRL_ANNOUNCE in vhost_vdpa_net_handle_ctrl_avail - vhost: fix vq dirty bitmap syncing when vIOMMU is enabled - hw/virtio: gracefully handle unset vhost_dev vdev - hw/virtio/vhost: Fix typo in comment. - vdpa: always start CVQ in SVQ mode if possible - vdpa: add shadow_data to vhost_vdpa - vdpa: store x-svq parameter in VhostVDPAState - vdpa: add asid parameter to vhost_vdpa_dma_map/unmap - vdpa: allocate SVQ array unconditionally - vdpa: move SVQ vring features check to net/ - vdpa: request iova_range only once - vdpa: add vhost_vdpa_net_valid_svq_features - vhost: allocate SVQ device file descriptors at device start - vhost: set SVQ device call handler at SVQ start - vdpa: use v->shadow_vqs_enabled in vhost_vdpa_svqs_start & stop - vhost: enable vrings in vhost_dev_start() for vhost-user devices - vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset - net/vhost-vdpa.c: Fix clang compilation failure - vhost-vdpa: allow passing opened vhostfd to vhost-vdpa - vdpa: Remove shadow CVQ command check - vdpa: Delete duplicated vdpa_feature_bits entry - hw/virtio: add some vhost-user trace events - vdpa: Allow MQ feature in SVQ - virtio-net: Update virtio-net curr_queue_pairs in vdpa backends - vdpa: validate MQ CVQ commands - vdpa: Add vhost_vdpa_net_load_mq - vdpa: extract vhost_vdpa_net_load_mac from vhost_vdpa_net_load - vdpa: Make VhostVDPAState cvq_cmd_in_buffer control ack type - vdpa: Delete CVQ migration blocker - vdpa: Add virtio-net mac address via CVQ at start - vhost_net: add NetClientState->load() callback - vdpa: extract vhost_vdpa_net_cvq_add from vhost_vdpa_net_handle_ctrl_avail - vdpa: Move command buffers map to start of net device - vdpa: add net_vhost_vdpa_cvq_info NetClientInfo - vhost_net: Add NetClientInfo stop callback - vhost_net: Add NetClientInfo start callback - vdpa: Use ring hwaddr at vhost_vdpa_svq_unmap_ring - vdpa: Make SVQ vring unmapping return void - vdpa: Remove SVQ vring from iova_tree at shutdown - util: accept iova_tree_remove_parameter by value - vdpa: do not save failed dma maps in SVQ iova tree - vdpa: Skip the maps not in the iova tree - vdpa: Fix file descriptor leak on get features error - vdpa: Fix memory listener deletions of iova tree - vhost: Get vring base from vq, not svq - vdpa: Add x-svq to NetdevVhostVDPAOptions - vdpa: Add device migration blocker - vdpa: Extract get features part from vhost_vdpa_get_max_queue_pairs - vdpa: Buffer CVQ support on shadow virtqueue - vdpa: manual forward CVQ buffers - vdpa: Export vhost_vdpa_dma_map and unmap calls - vhost: Add svq avail_handler callback - vhost: add vhost_svq_poll - vhost: Expose vhost_svq_add - vhost: add vhost_svq_push_elem - vhost: Track number of descs in SVQDescState - vhost: Add SVQDescState - vhost: Decouple vhost_svq_add from VirtQueueElement - vhost: Check for queue full at vhost_svq_add - vhost: Move vhost_svq_kick call to vhost_svq_add - vhost: Reorder vhost_svq_kick - vdpa: Avoid compiler to squash reads to used idx - virtio-net: Expose ctrl virtqueue logic - virtio-net: Expose MAC_TABLE_ENTRIES - vhost: move descriptor translation to vhost_svq_vring_write_descs - util: Return void on iova_tree_remove - virtio-net: don't handle mq request in userspace handler for vhost-vdpa - vhost-vdpa: change name and polarity for vhost_vdpa_one_time_request() - vhost-vdpa: backend feature should set only once - vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa - virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa - virtio: add vhost support for virtio devices - include/hw: start documenting the vhost API - hw/virtio: add vhost_user_[read|write] trace points - vhost: Fix element in vhost_svq_add failure - vdpa: Fix index calculus at vhost_vdpa_svqs_start - vdpa: Fix bad index calculus at vhost_vdpa_get_vring_base - vhost: Fix device's used descriptor dequeue - vhost: Track descriptor chain in private at SVQ - vdpa: Add missing tracing to batch mapping functions - vhost-vdpa: fix typo in a comment - virtio: fix --enable-vhost-user build on non-Linux - vdpa: Expose VHOST_F_LOG_ALL on SVQ - vdpa: Never set log_base addr if SVQ is enabled - vdpa: Adapt vhost_vdpa_get_vring_base to SVQ - vdpa: Add custom IOTLB translations to SVQ - vhost: Add VhostIOVATree - util: add iova_tree_find_iova - util: Add iova_tree_alloc_map - vhost: Shadow virtqueue buffers forwarding - vdpa: adapt vhost_ops callbacks to svq - virtio: Add vhost_svq_get_vring_addr - vhost: Add vhost_svq_valid_features to shadow vq - vhost: Add Shadow VirtQueue call forwarding capabilities - vhost: Add Shadow VirtQueue kick forwarding capabilities - vhost: Add VhostShadowVirtqueue - vdpa: Make ncs autofree - Revert "virtio: introduce macro IRTIO_CONFIG_IRQ_IDX" - Revert "virtio-pci: decouple notifier from interrupt process" - Revert "virtio-pci: decouple the single vector from the interrupt process" - Revert "vhost-vdpa: add support for config interrupt" - Revert "virtio: add support for configure interrupt" - Revert "vhost: add support for configure interrupt" - Revert "virtio-net: add support for configure interrupt" - Revert "virtio-mmio: add support for configure interrupt" - Revert "virtio-pci: add support for configure interrupt" - Revert "vhost: introduce new VhostOps vhost_set_config_call" - virtio: signal after wrapping packed used_idx - target/i386: Adjust feature level according to FEAT_7_1_EDX - target/i386: Add new CPU model GraniteRapids - target/i386: Add support for PREFETCHIT0/1 in CPUID enumeration - target/i386: Add support for AVX-NE-CONVERT in CPUID enumeration - target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration - target/i386: Add support for AVX-IFMA in CPUID enumeration - target/i386: Add support for AMX-FP16 in CPUID enumeration - target/i386: Add support for CMPCCXADD in CPUID enumeration - tracetool: avoid invalid escape in Python string - hw/pvrdma: Protect against buggy or malicious guest driver - vga: avoid crash if no default vga card mainline inclusion commit 6985d8ede92494f3b791de01e8ee9306eb6d5e4a category: bugfix - qom/object: Remove circular include dependency mainline inclusion commit 5bba9bcfbb42e7c016626420e148a1bf1b080835 category: bugfix - artist: set memory region owners for buffers to the artist device mainline inclusion commit 39fbaeca096a9bf6cbe2af88572c1cb2aa62aa8c category: bugfix - virtio-iommu: Fix the partial copy of probe request mainline inclusion commit 45461aace83d961e933b27519b81d17b4c690514 category: bugfix - e1000: set RX descriptor status in a separate operation mainline inclusion commit 034d00d4858161e1d4cff82d8d230bce874a04d3 category: bugfix - vhost: introduce new VhostOps vhost_set_config_call - vhost: stick to -errno error return convention - vhost-user: stick to -errno error return convention - vhost-vdpa: stick to -errno error return convention - virtio-pci: add support for configure interrupt - virtio-mmio: add support for configure interrupt - virtio-net: add support for configure interrupt - vhost: add support for configure interrupt - virtio: add support for configure interrupt - vhost-vdpa: add support for config interrupt - virtio-pci: decouple the single vector from the interrupt process - virtio-pci: decouple notifier from interrupt process - virtio: introduce macro IRTIO_CONFIG_IRQ_IDX - pci: Fix the update of interrupt disable bit in PCI_COMMAND register - hw/timer/npcm7xx_timer: Prevent timer from counting down past zero - tpm_crb: mark command buffer as dirty on request completion mainline inclusion commit e37a0ef4605e5d2041785ff3fc89ca6021faf7a0 category: bugfix - pci: fix overflow in snprintf string formatting mainline inclusion commit 36f18c6989a3d1ff1d7a0e50b0868ef3958299b4 category: bugfix - hw/usb/hcd-ehci: fix writeback order mainline inclusion commit f471e8b060798f26a7fc339c6152f82f22a7b33d category: bugfix - qemu-timer: Skip empty timer lists before locking in qemu_clock_deadline_ns_all mainline inclusion commit 3f42906c9ab2c777a895b48b87b8107167e4a275 category: bugfix - semihosting/config: Merge --semihosting-config option groups mainline inclusion commit 90c072e063737e9e8f431489bbd334452f89056e category: bugfix - semihosting: fix memleak at semihosting_arg_fallback - target/i386: Export GDS_NO bit to guests Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
2023-11-28 15:57:41 +08:00
From 31bf37b3097c1ece48b915137167bbd4bd7340aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
Date: Wed, 20 Jul 2022 08:59:43 +0200
Subject: [PATCH] vdpa: Buffer CVQ support on shadow virtqueue
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Introduce the control virtqueue support for vDPA shadow virtqueue. This
is needed for advanced networking features like rx filtering.
Virtio-net control VQ copies the descriptors to qemu's VA, so we avoid
TOCTOU with the guest's or device's memory every time there is a device
model change. Otherwise, the guest could change the memory content in
the time between qemu and the device read it.
To demonstrate command handling, VIRTIO_NET_F_CTRL_MACADDR is
implemented. If the virtio-net driver changes MAC the virtio-net device
model will be updated with the new one, and a rx filtering change event
will be raised.
More cvq commands could be added here straightforwardly but they have
not been tested.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: fangyi <eric.fangyi@huawei.com>
---
net/vhost-vdpa.c | 214 +++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 206 insertions(+), 8 deletions(-)
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 53a14bc756..2d928feefb 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -32,6 +32,9 @@ typedef struct VhostVDPAState {
NetClientState nc;
struct vhost_vdpa vhost_vdpa;
VHostNetState *vhost_net;
+
+ /* Control commands shadow buffers */
+ void *cvq_cmd_out_buffer, *cvq_cmd_in_buffer;
bool started;
} VhostVDPAState;
@@ -138,6 +141,9 @@ static void vhost_vdpa_cleanup(NetClientState *nc)
if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_NIC) {
return;
}
+
+ qemu_vfree(s->cvq_cmd_out_buffer);
+ qemu_vfree(s->cvq_cmd_in_buffer);
if (s->vhost_net) {
vhost_net_cleanup(s->vhost_net);
g_free(s->vhost_net);
@@ -197,24 +203,191 @@ static NetClientInfo net_vhost_vdpa_info = {
.check_peer_type = vhost_vdpa_check_peer_type,
};
+static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)
+{
+ VhostIOVATree *tree = v->iova_tree;
+ DMAMap needle = {
+ /*
+ * No need to specify size or to look for more translations since
+ * this contiguous chunk was allocated by us.
+ */
+ .translated_addr = (hwaddr)(uintptr_t)addr,
+ };
+ const DMAMap *map = vhost_iova_tree_find_iova(tree, &needle);
+ int r;
+
+ if (unlikely(!map)) {
+ error_report("Cannot locate expected map");
+ return;
+ }
+
+ r = vhost_vdpa_dma_unmap(v, map->iova, map->size + 1);
+ if (unlikely(r != 0)) {
+ error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
+ }
+
+ vhost_iova_tree_remove(tree, map);
+}
+
+static size_t vhost_vdpa_net_cvq_cmd_len(void)
+{
+ /*
+ * MAC_TABLE_SET is the ctrl command that produces the longer out buffer.
+ * In buffer is always 1 byte, so it should fit here
+ */
+ return sizeof(struct virtio_net_ctrl_hdr) +
+ 2 * sizeof(struct virtio_net_ctrl_mac) +
+ MAC_TABLE_ENTRIES * ETH_ALEN;
+}
+
+static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
+{
+ return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), qemu_real_host_page_size);
+}
+
+/** Copy and map a guest buffer. */
+static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
+ const struct iovec *out_data,
+ size_t out_num, size_t data_len, void *buf,
+ size_t *written, bool write)
+{
+ DMAMap map = {};
+ int r;
+
+ if (unlikely(!data_len)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid legnth of %s buffer\n",
+ __func__, write ? "in" : "out");
+ return false;
+ }
+
+ *written = iov_to_buf(out_data, out_num, 0, buf, data_len);
+ map.translated_addr = (hwaddr)(uintptr_t)buf;
+ map.size = vhost_vdpa_net_cvq_cmd_page_len() - 1;
+ map.perm = write ? IOMMU_RW : IOMMU_RO,
+ r = vhost_iova_tree_map_alloc(v->iova_tree, &map);
+ if (unlikely(r != IOVA_OK)) {
+ error_report("Cannot map injected element");
+ return false;
+ }
+
+ r = vhost_vdpa_dma_map(v, map.iova, vhost_vdpa_net_cvq_cmd_page_len(), buf,
+ !write);
+ if (unlikely(r < 0)) {
+ goto dma_map_err;
+ }
+
+ return true;
+
+dma_map_err:
+ vhost_iova_tree_remove(v->iova_tree, &map);
+ return false;
+}
+
/**
- * Forward buffer for the moment.
+ * Copy the guest element into a dedicated buffer suitable to be sent to NIC
+ *
+ * @iov: [0] is the out buffer, [1] is the in one
+ */
+static bool vhost_vdpa_net_cvq_map_elem(VhostVDPAState *s,
+ VirtQueueElement *elem,
+ struct iovec *iov)
+{
+ size_t in_copied;
+ bool ok;
+
+ iov[0].iov_base = s->cvq_cmd_out_buffer;
+ ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, elem->out_sg, elem->out_num,
+ vhost_vdpa_net_cvq_cmd_len(), iov[0].iov_base,
+ &iov[0].iov_len, false);
+ if (unlikely(!ok)) {
+ return false;
+ }
+
+ iov[1].iov_base = s->cvq_cmd_in_buffer;
+ ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, NULL, 0,
+ sizeof(virtio_net_ctrl_ack), iov[1].iov_base,
+ &in_copied, true);
+ if (unlikely(!ok)) {
+ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer);
+ return false;
+ }
+
+ iov[1].iov_len = sizeof(virtio_net_ctrl_ack);
+ return true;
+}
+
+/**
+ * Do not forward commands not supported by SVQ. Otherwise, the device could
+ * accept it and qemu would not know how to update the device model.
+ */
+static bool vhost_vdpa_net_cvq_validate_cmd(const struct iovec *out,
+ size_t out_num)
+{
+ struct virtio_net_ctrl_hdr ctrl;
+ size_t n;
+
+ n = iov_to_buf(out, out_num, 0, &ctrl, sizeof(ctrl));
+ if (unlikely(n < sizeof(ctrl))) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: invalid legnth of out buffer %zu\n", __func__, n);
+ return false;
+ }
+
+ switch (ctrl.class) {
+ case VIRTIO_NET_CTRL_MAC:
+ switch (ctrl.cmd) {
+ case VIRTIO_NET_CTRL_MAC_ADDR_SET:
+ return true;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid mac cmd %u\n",
+ __func__, ctrl.cmd);
+ };
+ break;
+ default:
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid control class %u\n",
+ __func__, ctrl.class);
+ };
+
+ return false;
+}
+
+/**
+ * Validate and copy control virtqueue commands.
+ *
+ * Following QEMU guidelines, we offer a copy of the buffers to the device to
+ * prevent TOCTOU bugs.
*/
static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
VirtQueueElement *elem,
void *opaque)
{
- unsigned int n = elem->out_num + elem->in_num;
- g_autofree struct iovec *dev_buffers = g_new(struct iovec, n);
+ VhostVDPAState *s = opaque;
size_t in_len, dev_written;
virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
- int r;
+ /* out and in buffers sent to the device */
+ struct iovec dev_buffers[2] = {
+ { .iov_base = s->cvq_cmd_out_buffer },
+ { .iov_base = s->cvq_cmd_in_buffer },
+ };
+ /* in buffer used for device model */
+ const struct iovec in = {
+ .iov_base = &status,
+ .iov_len = sizeof(status),
+ };
+ int r = -EINVAL;
+ bool ok;
+
+ ok = vhost_vdpa_net_cvq_map_elem(s, elem, dev_buffers);
+ if (unlikely(!ok)) {
+ goto out;
+ }
- memcpy(dev_buffers, elem->out_sg, elem->out_num);
- memcpy(dev_buffers + elem->out_num, elem->in_sg, elem->in_num);
+ ok = vhost_vdpa_net_cvq_validate_cmd(&dev_buffers[0], 1);
+ if (unlikely(!ok)) {
+ goto out;
+ }
- r = vhost_svq_add(svq, &dev_buffers[0], elem->out_num, &dev_buffers[1],
- elem->in_num, elem);
+ r = vhost_svq_add(svq, &dev_buffers[0], 1, &dev_buffers[1], 1, elem);
if (unlikely(r != 0)) {
if (unlikely(r == -ENOSPC)) {
qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
@@ -231,6 +404,18 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
dev_written = vhost_svq_poll(svq);
if (unlikely(dev_written < sizeof(status))) {
error_report("Insufficient written data (%zu)", dev_written);
+ goto out;
+ }
+
+ memcpy(&status, dev_buffers[1].iov_base, sizeof(status));
+ if (status != VIRTIO_NET_OK) {
+ goto out;
+ }
+
+ status = VIRTIO_NET_ERR;
+ virtio_net_handle_ctrl_iov(svq->vdev, &in, 1, dev_buffers, 1);
+ if (status != VIRTIO_NET_OK) {
+ error_report("Bad CVQ processing in model");
}
out:
@@ -241,6 +426,12 @@ out:
}
vhost_svq_push_elem(svq, elem, MIN(in_len, sizeof(status)));
g_free(elem);
+ if (dev_buffers[0].iov_base) {
+ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, dev_buffers[0].iov_base);
+ }
+ if (dev_buffers[1].iov_base) {
+ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, dev_buffers[1].iov_base);
+ }
return r;
}
@@ -273,6 +464,13 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
s->vhost_vdpa.device_fd = vdpa_device_fd;
s->vhost_vdpa.index = queue_pair_index;
if (!is_datapath) {
+ s->cvq_cmd_out_buffer = qemu_memalign(qemu_real_host_page_size,
+ vhost_vdpa_net_cvq_cmd_page_len());
+ memset(s->cvq_cmd_out_buffer, 0, vhost_vdpa_net_cvq_cmd_page_len());
+ s->cvq_cmd_in_buffer = qemu_memalign(qemu_real_host_page_size,
+ vhost_vdpa_net_cvq_cmd_page_len());
+ memset(s->cvq_cmd_in_buffer, 0, vhost_vdpa_net_cvq_cmd_page_len());
+
s->vhost_vdpa.shadow_vq_ops = &vhost_vdpa_net_svq_ops;
s->vhost_vdpa.shadow_vq_ops_opaque = s;
}
--
2.27.0
Reference in New Issue Copy Permalink