The following changes since commit d9ccf33f9479201e5add8db0af68ca9ca8da358b:

Merge remote-tracking branch 'remotes/lvivier-gitlab/tags/linux-user-for-7.0-pull-request' into staging (2022-03-09 20:01:17 +0000)

for you to fetch changes up to eea40402ecf895ed345f8e8eb07dbb484f4542c5:

vdpa: Expose VHOST_F_LOG_ALL on SVQ (2022-03-10 10:26:32 +0800)

virtio-net: fix map leaking on error during receive

hw/net/virtio-net.c | 1 +

hw/virtio/meson.build | 2 +-

hw/virtio/vhost-iova-tree.c | 110 +++++++

hw/virtio/vhost-iova-tree.h | 27 ++

hw/virtio/vhost-shadow-virtqueue.c | 638 +++++++++++++++++++++++++++++++++++++

hw/virtio/vhost-shadow-virtqueue.h | 87 +++++

hw/virtio/vhost-vdpa.c | 525 +++++++++++++++++++++++++++++-

include/hw/virtio/vhost-vdpa.h | 8 +

include/qemu/iova-tree.h | 38 ++-

util/iova-tree.c | 169 ++++++++++

10 files changed, 1588 insertions(+), 17 deletions(-)

create mode 100644 hw/virtio/vhost-iova-tree.c

create mode 100644 hw/virtio/vhost-iova-tree.h

create mode 100644 hw/virtio/vhost-shadow-virtqueue.c

create mode 100644 hw/virtio/vhost-shadow-virtqueue.h

From: Eugenio Pérez <eperezma@redhat.com>

At this mode no buffer forwarding will be performed in SVQ mode: Qemu

will just forward the guest's kicks to the device.

Host memory notifiers regions are left out for simplicity, and they will

not be addressed in this series.

Acked-by: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>

Signed-off-by: Jason Wang <jasowang@redhat.com>

---

hw/virtio/vhost-shadow-virtqueue.c | 56 ++++++++++++++

hw/virtio/vhost-shadow-virtqueue.h | 14 ++++

hw/virtio/vhost-vdpa.c | 145 ++++++++++++++++++++++++++++++++++++-

include/hw/virtio/vhost-vdpa.h | 4 +

4 files changed, 217 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/virtio/vhost-shadow-virtqueue.c

+++ b/hw/virtio/vhost-shadow-virtqueue.c

@@ -XXX,XX +XXX,XX @@

#include "hw/virtio/vhost-shadow-virtqueue.h"

#include "qemu/error-report.h"

+#include "qemu/main-loop.h"

+#include "linux-headers/linux/vhost.h"

+

+/**

+ * Forward guest notifications.

+ *

+ * @n: guest kick event notifier, the one that guest set to notify svq.

+ */

+static void vhost_handle_guest_kick(EventNotifier *n)

+{

+ VhostShadowVirtqueue *svq = container_of(n, VhostShadowVirtqueue,

+ svq_kick);

+ event_notifier_test_and_clear(n);

+ event_notifier_set(&svq->hdev_kick);

+}

+

+/**

+ * Set a new file descriptor for the guest to kick the SVQ and notify for avail

+ *

+ * @svq: The svq

+ * @svq_kick_fd: The svq kick fd

+ *

+ * Note that the SVQ will never close the old file descriptor.

+ */

+void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd)

+{

+ EventNotifier *svq_kick = &svq->svq_kick;

+ bool poll_stop = VHOST_FILE_UNBIND != event_notifier_get_fd(svq_kick);

+ bool poll_start = svq_kick_fd != VHOST_FILE_UNBIND;

+

+ if (poll_stop) {

+ event_notifier_set_handler(svq_kick, NULL);

+ }

+

+ /*

+ * event_notifier_set_handler already checks for guest's notifications if

+ * they arrive at the new file descriptor in the switch, so there is no

+ * need to explicitly check for them.

+ */

+ if (poll_start) {

+ event_notifier_init_fd(svq_kick, svq_kick_fd);

+ event_notifier_set(svq_kick);

+ event_notifier_set_handler(svq_kick, vhost_handle_guest_kick);

+ }

+}

+

+/**

+ * Stop the shadow virtqueue operation.

+ * @svq: Shadow Virtqueue

+ */

+void vhost_svq_stop(VhostShadowVirtqueue *svq)

+{

+ event_notifier_set_handler(&svq->svq_kick, NULL);

+}

/**

* Creates vhost shadow virtqueue, and instructs the vhost device to use the

@@ -XXX,XX +XXX,XX @@ VhostShadowVirtqueue *vhost_svq_new(void)

goto err_init_hdev_call;

}

+ event_notifier_init_fd(&svq->svq_kick, VHOST_FILE_UNBIND);

return g_steal_pointer(&svq);

err_init_hdev_call:

@@ -XXX,XX +XXX,XX @@ err_init_hdev_kick:

void vhost_svq_free(gpointer pvq)

{

VhostShadowVirtqueue *vq = pvq;

+ vhost_svq_stop(vq);

event_notifier_cleanup(&vq->hdev_kick);

event_notifier_cleanup(&vq->hdev_call);

g_free(vq);

diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h

index XXXXXXX..XXXXXXX 100644

--- a/hw/virtio/vhost-shadow-virtqueue.h

+++ b/hw/virtio/vhost-shadow-virtqueue.h

@@ -XXX,XX +XXX,XX @@ typedef struct VhostShadowVirtqueue {

EventNotifier hdev_kick;

/* Shadow call notifier, sent to vhost */

EventNotifier hdev_call;

+

+ /*

+ * Borrowed virtqueue's guest to host notifier. To borrow it in this event

+ * notifier allows to recover the VhostShadowVirtqueue from the event loop

+ * easily. If we use the VirtQueue's one, we don't have an easy way to

+ * retrieve VhostShadowVirtqueue.

+ *

+ * So shadow virtqueue must not clean it, or we would lose VirtQueue one.

+ */

+ EventNotifier svq_kick;

} VhostShadowVirtqueue;

+void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd);

+

+void vhost_svq_stop(VhostShadowVirtqueue *svq);

+

VhostShadowVirtqueue *vhost_svq_new(void);

void vhost_svq_free(gpointer vq);

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/virtio/vhost-vdpa.c

+++ b/hw/virtio/vhost-vdpa.c

@@ -XXX,XX +XXX,XX @@

#include "hw/virtio/vhost.h"

#include "hw/virtio/vhost-backend.h"

#include "hw/virtio/virtio-net.h"

+#include "hw/virtio/vhost-shadow-virtqueue.h"

#include "hw/virtio/vhost-vdpa.h"

#include "exec/address-spaces.h"

#include "qemu/main-loop.h"

#include "cpu.h"

#include "trace.h"

#include "qemu-common.h"

+#include "qapi/error.h"

/*

* Return one past the end of the end of section. Be careful with uint64_t

@@ -XXX,XX +XXX,XX @@ static bool vhost_vdpa_one_time_request(struct vhost_dev *dev)

return v->index != 0;

}

+static int vhost_vdpa_init_svq(struct vhost_dev *hdev, struct vhost_vdpa *v,

+ Error **errp)

+{

+ g_autoptr(GPtrArray) shadow_vqs = NULL;

+

+ if (!v->shadow_vqs_enabled) {

+ return 0;

+ }

+

+ shadow_vqs = g_ptr_array_new_full(hdev->nvqs, vhost_svq_free);

+ for (unsigned n = 0; n < hdev->nvqs; ++n) {

+ g_autoptr(VhostShadowVirtqueue) svq = vhost_svq_new();

+

+ if (unlikely(!svq)) {

+ error_setg(errp, "Cannot create svq %u", n);

+ return -1;

+ }

+ g_ptr_array_add(shadow_vqs, g_steal_pointer(&svq));

+ }

+

+ v->shadow_vqs = g_steal_pointer(&shadow_vqs);

+ return 0;

+}

+

static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque, Error **errp)

{

struct vhost_vdpa *v;

@@ -XXX,XX +XXX,XX @@ static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque, Error **errp)

dev->opaque = opaque ;

v->listener = vhost_vdpa_memory_listener;

v->msg_type = VHOST_IOTLB_MSG_V2;

+ ret = vhost_vdpa_init_svq(dev, v, errp);

+ if (ret) {

+ goto err;

+ }

vhost_vdpa_get_iova_range(v);

@@ -XXX,XX +XXX,XX @@ static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque, Error **errp)

VIRTIO_CONFIG_S_DRIVER);

return 0;

+

+err:

+ ram_block_discard_disable(false);

+ return ret;

}

static void vhost_vdpa_host_notifier_uninit(struct vhost_dev *dev,

@@ -XXX,XX +XXX,XX @@ static void vhost_vdpa_host_notifiers_uninit(struct vhost_dev *dev, int n)

static void vhost_vdpa_host_notifiers_init(struct vhost_dev *dev)

{

+ struct vhost_vdpa *v = dev->opaque;

int i;

+ if (v->shadow_vqs_enabled) {

+ /* FIXME SVQ is not compatible with host notifiers mr */

+ return;

+ }

+

for (i = dev->vq_index; i < dev->vq_index + dev->nvqs; i++) {

if (vhost_vdpa_host_notifier_init(dev, i)) {

goto err;

@@ -XXX,XX +XXX,XX @@ err:

return;

}

+static void vhost_vdpa_svq_cleanup(struct vhost_dev *dev)

+{

+ struct vhost_vdpa *v = dev->opaque;

+ size_t idx;

+

+ if (!v->shadow_vqs) {

+ return;

+ }

+

+ for (idx = 0; idx < v->shadow_vqs->len; ++idx) {

+ vhost_svq_stop(g_ptr_array_index(v->shadow_vqs, idx));

+ }

+ g_ptr_array_free(v->shadow_vqs, true);

+}

+

static int vhost_vdpa_cleanup(struct vhost_dev *dev)

{

struct vhost_vdpa *v;

@@ -XXX,XX +XXX,XX @@ static int vhost_vdpa_cleanup(struct vhost_dev *dev)

trace_vhost_vdpa_cleanup(dev, v);

vhost_vdpa_host_notifiers_uninit(dev, dev->nvqs);

memory_listener_unregister(&v->listener);

+ vhost_vdpa_svq_cleanup(dev);

dev->opaque = NULL;

ram_block_discard_disable(false);

@@ -XXX,XX +XXX,XX @@ static int vhost_vdpa_get_device_id(struct vhost_dev *dev,

return ret;

}

+static void vhost_vdpa_reset_svq(struct vhost_vdpa *v)

+{

+ if (!v->shadow_vqs_enabled) {

+ return;

+ }

+

+ for (unsigned i = 0; i < v->shadow_vqs->len; ++i) {

+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);

+ vhost_svq_stop(svq);

+ }

+}

+

static int vhost_vdpa_reset_device(struct vhost_dev *dev)

{

+ struct vhost_vdpa *v = dev->opaque;

int ret;

uint8_t status = 0;

+ vhost_vdpa_reset_svq(v);

+

ret = vhost_vdpa_call(dev, VHOST_VDPA_SET_STATUS, &status);

trace_vhost_vdpa_reset_device(dev, status);

return ret;

@@ -XXX,XX +XXX,XX @@ static int vhost_vdpa_get_config(struct vhost_dev *dev, uint8_t *config,

return ret;

}

+static int vhost_vdpa_set_vring_dev_kick(struct vhost_dev *dev,

+ struct vhost_vring_file *file)

+{

+ trace_vhost_vdpa_set_vring_kick(dev, file->index, file->fd);

+ return vhost_vdpa_call(dev, VHOST_SET_VRING_KICK, file);

+}

+

+/**

+ * Set the shadow virtqueue descriptors to the device

+ *

+ * @dev: The vhost device model

+ * @svq: The shadow virtqueue

+ * @idx: The index of the virtqueue in the vhost device

+ * @errp: Error

+ */

+static bool vhost_vdpa_svq_setup(struct vhost_dev *dev,

+ VhostShadowVirtqueue *svq,

+ unsigned idx,

+ Error **errp)

+{

+ struct vhost_vring_file file = {

+ .index = dev->vq_index + idx,

+ };

+ const EventNotifier *event_notifier = &svq->hdev_kick;

+ int r;

+

+ file.fd = event_notifier_get_fd(event_notifier);

+ r = vhost_vdpa_set_vring_dev_kick(dev, &file);

+ if (unlikely(r != 0)) {

+ error_setg_errno(errp, -r, "Can't set device kick fd");

+ }

+

+ return r == 0;

+}

+

+static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)

+{

+ struct vhost_vdpa *v = dev->opaque;

+ Error *err = NULL;

+ unsigned i;

+

+ if (!v->shadow_vqs) {

+ return true;

+ }

+

+ for (i = 0; i < v->shadow_vqs->len; ++i) {

+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);

+ bool ok = vhost_vdpa_svq_setup(dev, svq, i, &err);

+ if (unlikely(!ok)) {

+ error_reportf_err(err, "Cannot setup SVQ %u: ", i);

+ return false;

+ }

+ }

+

+ return true;

+}

+

static int vhost_vdpa_dev_start(struct vhost_dev *dev, bool started)

{

struct vhost_vdpa *v = dev->opaque;

+ bool ok;

trace_vhost_vdpa_dev_start(dev, started);

if (started) {

vhost_vdpa_host_notifiers_init(dev);

+ ok = vhost_vdpa_svqs_start(dev);

+ if (unlikely(!ok)) {

+ return -1;

+ }

vhost_vdpa_set_vring_ready(dev);

} else {

vhost_vdpa_host_notifiers_uninit(dev, dev->nvqs);

@@ -XXX,XX +XXX,XX @@ static int vhost_vdpa_get_vring_base(struct vhost_dev *dev,

static int vhost_vdpa_set_vring_kick(struct vhost_dev *dev,

struct vhost_vring_file *file)

{

- trace_vhost_vdpa_set_vring_kick(dev, file->index, file->fd);

- return vhost_vdpa_call(dev, VHOST_SET_VRING_KICK, file);

+ struct vhost_vdpa *v = dev->opaque;

+ int vdpa_idx = file->index - dev->vq_index;

+

+ if (v->shadow_vqs_enabled) {

+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, vdpa_idx);

+ vhost_svq_set_svq_kick_fd(svq, file->fd);

+ return 0;

+ } else {

+ return vhost_vdpa_set_vring_dev_kick(dev, file);

+ }

}

static int vhost_vdpa_set_vring_call(struct vhost_dev *dev,

diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/virtio/vhost-vdpa.h

+++ b/include/hw/virtio/vhost-vdpa.h

@@ -XXX,XX +XXX,XX @@

#ifndef HW_VIRTIO_VHOST_VDPA_H

#define HW_VIRTIO_VHOST_VDPA_H

+#include <gmodule.h>

+

#include "hw/virtio/virtio.h"

#include "standard-headers/linux/vhost_types.h"

@@ -XXX,XX +XXX,XX @@ typedef struct vhost_vdpa {

bool iotlb_batch_begin_sent;

MemoryListener listener;

struct vhost_vdpa_iova_range iova_range;

+ bool shadow_vqs_enabled;

+ GPtrArray *shadow_vqs;

struct vhost_dev *dev;

VhostVDPAHostNotifier notifier[VIRTIO_QUEUE_MAX];

} VhostVDPA;

--

2.7.4

From: Eugenio Pérez <eperezma@redhat.com>

Initial version of shadow virtqueue that actually forward buffers. There

is no iommu support at the moment, and that will be addressed in future

patches of this series. Since all vhost-vdpa devices use forced IOMMU,

this means that SVQ is not usable at this point of the series on any

device.

For simplicity it only supports modern devices, that expects vring

in little endian, with split ring and no event idx or indirect

descriptors. Support for them will not be added in this series.

It reuses the VirtQueue code for the device part. The driver part is

based on Linux's virtio_ring driver, but with stripped functionality

and optimizations so it's easier to review.

However, forwarding buffers have some particular pieces: One of the most

unexpected ones is that a guest's buffer can expand through more than

one descriptor in SVQ. While this is handled gracefully by qemu's

emulated virtio devices, it may cause unexpected SVQ queue full. This

patch also solves it by checking for this condition at both guest's

kicks and device's calls. The code may be more elegant in the future if

SVQ code runs in its own iocontext.

Acked-by: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>

Signed-off-by: Jason Wang <jasowang@redhat.com>

---

hw/virtio/vhost-shadow-virtqueue.c | 354 ++++++++++++++++++++++++++++++++++++-

hw/virtio/vhost-shadow-virtqueue.h | 26 +++

hw/virtio/vhost-vdpa.c | 159 ++++++++++++++++-

3 files changed, 527 insertions(+), 12 deletions(-)

diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/virtio/vhost-shadow-virtqueue.c

+++ b/hw/virtio/vhost-shadow-virtqueue.c

@@ -XXX,XX +XXX,XX @@

#include "qemu/error-report.h"

#include "qapi/error.h"

#include "qemu/main-loop.h"

+#include "qemu/log.h"

+#include "qemu/memalign.h"

#include "linux-headers/linux/vhost.h"

/**

@@ -XXX,XX +XXX,XX @@ bool vhost_svq_valid_features(uint64_t features, Error **errp)

}

/**

- * Forward guest notifications.

+ * Number of descriptors that the SVQ can make available from the guest.

+ *

+ * @svq: The svq

+ */

+static uint16_t vhost_svq_available_slots(const VhostShadowVirtqueue *svq)

+{

+ return svq->vring.num - (svq->shadow_avail_idx - svq->shadow_used_idx);

+}

+

+static void vhost_vring_write_descs(VhostShadowVirtqueue *svq,

+ const struct iovec *iovec,

+ size_t num, bool more_descs, bool write)

+{

+ uint16_t i = svq->free_head, last = svq->free_head;

+ unsigned n;

+ uint16_t flags = write ? cpu_to_le16(VRING_DESC_F_WRITE) : 0;

+ vring_desc_t *descs = svq->vring.desc;

+

+ if (num == 0) {

+ return;

+ }

+

+ for (n = 0; n < num; n++) {

+ if (more_descs || (n + 1 < num)) {

+ descs[i].flags = flags | cpu_to_le16(VRING_DESC_F_NEXT);

+ } else {

+ descs[i].flags = flags;

+ }

+ descs[i].addr = cpu_to_le64((hwaddr)iovec[n].iov_base);

+ descs[i].len = cpu_to_le32(iovec[n].iov_len);

+

+ last = i;

+ i = cpu_to_le16(descs[i].next);

+ }

+

+ svq->free_head = le16_to_cpu(descs[last].next);

+}

+

+static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,

+ VirtQueueElement *elem,

+ unsigned *head)

+{

+ unsigned avail_idx;

+ vring_avail_t *avail = svq->vring.avail;

+

+ *head = svq->free_head;

+

+ /* We need some descriptors here */

+ if (unlikely(!elem->out_num && !elem->in_num)) {

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "Guest provided element with no descriptors");

+ return false;

+ }

+

+ vhost_vring_write_descs(svq, elem->out_sg, elem->out_num,

+ elem->in_num > 0, false);

+ vhost_vring_write_descs(svq, elem->in_sg, elem->in_num, false, true);

+

+ /*

+ * Put the entry in the available array (but don't update avail->idx until

+ * they do sync).

+ */

+ avail_idx = svq->shadow_avail_idx & (svq->vring.num - 1);

+ avail->ring[avail_idx] = cpu_to_le16(*head);

+ svq->shadow_avail_idx++;

+

+ /* Update the avail index after write the descriptor */

+ smp_wmb();

+ avail->idx = cpu_to_le16(svq->shadow_avail_idx);

+

+ return true;

+}

+

+static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)

+{

+ unsigned qemu_head;

+ bool ok = vhost_svq_add_split(svq, elem, &qemu_head);

+ if (unlikely(!ok)) {

+ return false;

+ }

+

+ svq->ring_id_maps[qemu_head] = elem;

+ return true;

+}

+

+static void vhost_svq_kick(VhostShadowVirtqueue *svq)

+{

+ /*

+ * We need to expose the available array entries before checking the used

+ * flags

+ */

+ smp_mb();

+ if (svq->vring.used->flags & VRING_USED_F_NO_NOTIFY) {

+ return;

+ }

+

+ event_notifier_set(&svq->hdev_kick);

+}

+

+/**

+ * Forward available buffers.

+ *

+ * @svq: Shadow VirtQueue

+ *

+ * Note that this function does not guarantee that all guest's available

+ * buffers are available to the device in SVQ avail ring. The guest may have

+ * exposed a GPA / GIOVA contiguous buffer, but it may not be contiguous in

+ * qemu vaddr.

+ *

+ * If that happens, guest's kick notifications will be disabled until the

+ * device uses some buffers.

+ */

+static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)

+{

+ /* Clear event notifier */

+ event_notifier_test_and_clear(&svq->svq_kick);

+

+ /* Forward to the device as many available buffers as possible */

+ do {

+ virtio_queue_set_notification(svq->vq, false);

+

+ while (true) {

+ VirtQueueElement *elem;

+ bool ok;

+

+ if (svq->next_guest_avail_elem) {

+ elem = g_steal_pointer(&svq->next_guest_avail_elem);

+ } else {

+ elem = virtqueue_pop(svq->vq, sizeof(*elem));

+ }

+

+ if (!elem) {

+ break;

+ }

+

+ if (elem->out_num + elem->in_num >

+ vhost_svq_available_slots(svq)) {

+ /*

+ * This condition is possible since a contiguous buffer in GPA

+ * does not imply a contiguous buffer in qemu's VA

+ * scatter-gather segments. If that happens, the buffer exposed

+ * to the device needs to be a chain of descriptors at this

+ * moment.

+ *

+ * SVQ cannot hold more available buffers if we are here:

+ * queue the current guest descriptor and ignore further kicks

+ * until some elements are used.

+ */

+ svq->next_guest_avail_elem = elem;

+ return;

+ }

+

+ ok = vhost_svq_add(svq, elem);

+ if (unlikely(!ok)) {

+ /* VQ is broken, just return and ignore any other kicks */

+ return;

+ }

+ vhost_svq_kick(svq);

+ }