1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * vhost transport for vsock
4 *
5 * Copyright (C) 2013-2015 Red Hat, Inc.
6 * Author: Asias He <asias@redhat.com>
7 * Stefan Hajnoczi <stefanha@redhat.com>
8 */
9#include <linux/miscdevice.h>
10#include <linux/atomic.h>
11#include <linux/module.h>
12#include <linux/mutex.h>
13#include <linux/vmalloc.h>
14#include <net/sock.h>
15#include <linux/virtio_vsock.h>
16#include <linux/vhost.h>
17#include <linux/hashtable.h>
18
19#include <net/af_vsock.h>
20#include "vhost.h"
21
22#define VHOST_VSOCK_DEFAULT_HOST_CID 2
23/* Max number of bytes transferred before requeueing the job.
24 * Using this limit prevents one virtqueue from starving others. */
25#define VHOST_VSOCK_WEIGHT 0x80000
26/* Max number of packets transferred before requeueing the job.
27 * Using this limit prevents one virtqueue from starving others with
28 * small pkts.
29 */
30#define VHOST_VSOCK_PKT_WEIGHT 256
31
32enum {
33 VHOST_VSOCK_FEATURES = VHOST_FEATURES |
34 (1ULL << VIRTIO_F_ACCESS_PLATFORM) |
35 (1ULL << VIRTIO_VSOCK_F_SEQPACKET)
36};
37
38enum {
39 VHOST_VSOCK_BACKEND_FEATURES = (1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2)
40};
41
42/* Used to track all the vhost_vsock instances on the system. */
43static DEFINE_MUTEX(vhost_vsock_mutex);
44static DEFINE_READ_MOSTLY_HASHTABLE(vhost_vsock_hash, 8);
45
46struct vhost_vsock {
47 struct vhost_dev dev;
48 struct vhost_virtqueue vqs[2];
49
50 /* Link to global vhost_vsock_hash, writes use vhost_vsock_mutex */
51 struct hlist_node hash;
52
53 struct vhost_work send_pkt_work;
54 struct sk_buff_head send_pkt_queue; /* host->guest pending packets */
55
56 atomic_t queued_replies;
57
58 u32 guest_cid;
59 bool seqpacket_allow;
60};
61
62static u32 vhost_transport_get_local_cid(void)
63{
64 return VHOST_VSOCK_DEFAULT_HOST_CID;
65}
66
67/* Callers that dereference the return value must hold vhost_vsock_mutex or the
68 * RCU read lock.
69 */
70static struct vhost_vsock *vhost_vsock_get(u32 guest_cid)
71{
72 struct vhost_vsock *vsock;
73
74 hash_for_each_possible_rcu(vhost_vsock_hash, vsock, hash, guest_cid) {
75 u32 other_cid = vsock->guest_cid;
76
77 /* Skip instances that have no CID yet */
78 if (other_cid == 0)
79 continue;
80
81 if (other_cid == guest_cid)
82 return vsock;
83
84 }
85
86 return NULL;
87}
88
89static void
90vhost_transport_do_send_pkt(struct vhost_vsock *vsock,
91 struct vhost_virtqueue *vq)
92{
93 struct vhost_virtqueue *tx_vq = &vsock->vqs[VSOCK_VQ_TX];
94 int pkts = 0, total_len = 0;
95 bool added = false;
96 bool restart_tx = false;
97
98 mutex_lock(&vq->mutex);
99
100 if (!vhost_vq_get_backend(vq))
101 goto out;
102
103 if (!vq_meta_prefetch(vq))
104 goto out;
105
106 /* Avoid further vmexits, we're already processing the virtqueue */
107 vhost_disable_notify(&vsock->dev, vq);
108
109 do {
110 struct virtio_vsock_hdr *hdr;
111 size_t iov_len, payload_len;
112 struct iov_iter iov_iter;
113 u32 flags_to_restore = 0;
114 struct sk_buff *skb;
115 unsigned out, in;
116 size_t nbytes;
117 u32 offset;
118 int head;
119
120 skb = virtio_vsock_skb_dequeue(list: &vsock->send_pkt_queue);
121
122 if (!skb) {
123 vhost_enable_notify(&vsock->dev, vq);
124 break;
125 }
126
127 head = vhost_get_vq_desc(vq, iov: vq->iov, ARRAY_SIZE(vq->iov),
128 out_num: &out, in_num: &in, NULL, NULL);
129 if (head < 0) {
130 virtio_vsock_skb_queue_head(list: &vsock->send_pkt_queue, skb);
131 break;
132 }
133
134 if (head == vq->num) {
135 virtio_vsock_skb_queue_head(list: &vsock->send_pkt_queue, skb);
136 /* We cannot finish yet if more buffers snuck in while
137 * re-enabling notify.
138 */
139 if (unlikely(vhost_enable_notify(&vsock->dev, vq))) {
140 vhost_disable_notify(&vsock->dev, vq);
141 continue;
142 }
143 break;
144 }
145
146 if (out) {
147 kfree_skb(skb);
148 vq_err(vq, "Expected 0 output buffers, got %u\n", out);
149 break;
150 }
151
152 iov_len = iov_length(iov: &vq->iov[out], nr_segs: in);
153 if (iov_len < sizeof(*hdr)) {
154 kfree_skb(skb);
155 vq_err(vq, "Buffer len [%zu] too small\n", iov_len);
156 break;
157 }
158
159 iov_iter_init(i: &iov_iter, ITER_DEST, iov: &vq->iov[out], nr_segs: in, count: iov_len);
160 offset = VIRTIO_VSOCK_SKB_CB(skb)->offset;
161 payload_len = skb->len - offset;
162 hdr = virtio_vsock_hdr(skb);
163
164 /* If the packet is greater than the space available in the
165 * buffer, we split it using multiple buffers.
166 */
167 if (payload_len > iov_len - sizeof(*hdr)) {
168 payload_len = iov_len - sizeof(*hdr);
169
170 /* As we are copying pieces of large packet's buffer to
171 * small rx buffers, headers of packets in rx queue are
172 * created dynamically and are initialized with header
173 * of current packet(except length). But in case of
174 * SOCK_SEQPACKET, we also must clear message delimeter
175 * bit (VIRTIO_VSOCK_SEQ_EOM) and MSG_EOR bit
176 * (VIRTIO_VSOCK_SEQ_EOR) if set. Otherwise,
177 * there will be sequence of packets with these
178 * bits set. After initialized header will be copied to
179 * rx buffer, these required bits will be restored.
180 */
181 if (le32_to_cpu(hdr->flags) & VIRTIO_VSOCK_SEQ_EOM) {
182 hdr->flags &= ~cpu_to_le32(VIRTIO_VSOCK_SEQ_EOM);
183 flags_to_restore |= VIRTIO_VSOCK_SEQ_EOM;
184
185 if (le32_to_cpu(hdr->flags) & VIRTIO_VSOCK_SEQ_EOR) {
186 hdr->flags &= ~cpu_to_le32(VIRTIO_VSOCK_SEQ_EOR);
187 flags_to_restore |= VIRTIO_VSOCK_SEQ_EOR;
188 }
189 }
190 }
191
192 /* Set the correct length in the header */
193 hdr->len = cpu_to_le32(payload_len);
194
195 nbytes = copy_to_iter(addr: hdr, bytes: sizeof(*hdr), i: &iov_iter);
196 if (nbytes != sizeof(*hdr)) {
197 kfree_skb(skb);
198 vq_err(vq, "Faulted on copying pkt hdr\n");
199 break;
200 }
201
202 if (skb_copy_datagram_iter(from: skb,
203 offset,
204 to: &iov_iter,
205 size: payload_len)) {
206 kfree_skb(skb);
207 vq_err(vq, "Faulted on copying pkt buf\n");
208 break;
209 }
210
211 /* Deliver to monitoring devices all packets that we
212 * will transmit.
213 */
214 virtio_transport_deliver_tap_pkt(skb);
215
216 vhost_add_used(vq, head, len: sizeof(*hdr) + payload_len);
217 added = true;
218
219 VIRTIO_VSOCK_SKB_CB(skb)->offset += payload_len;
220 total_len += payload_len;
221
222 /* If we didn't send all the payload we can requeue the packet
223 * to send it with the next available buffer.
224 */
225 if (VIRTIO_VSOCK_SKB_CB(skb)->offset < skb->len) {
226 hdr->flags |= cpu_to_le32(flags_to_restore);
227
228 /* We are queueing the same skb to handle
229 * the remaining bytes, and we want to deliver it
230 * to monitoring devices in the next iteration.
231 */
232 virtio_vsock_skb_clear_tap_delivered(skb);
233 virtio_vsock_skb_queue_head(list: &vsock->send_pkt_queue, skb);
234 } else {
235 if (virtio_vsock_skb_reply(skb)) {
236 int val;
237
238 val = atomic_dec_return(v: &vsock->queued_replies);
239
240 /* Do we have resources to resume tx
241 * processing?
242 */
243 if (val + 1 == tx_vq->num)
244 restart_tx = true;
245 }
246
247 consume_skb(skb);
248 }
249 } while(likely(!vhost_exceeds_weight(vq, ++pkts, total_len)));
250 if (added)
251 vhost_signal(&vsock->dev, vq);
252
253out:
254 mutex_unlock(lock: &vq->mutex);
255
256 if (restart_tx)
257 vhost_poll_queue(poll: &tx_vq->poll);
258}
259
260static void vhost_transport_send_pkt_work(struct vhost_work *work)
261{
262 struct vhost_virtqueue *vq;
263 struct vhost_vsock *vsock;
264
265 vsock = container_of(work, struct vhost_vsock, send_pkt_work);
266 vq = &vsock->vqs[VSOCK_VQ_RX];
267
268 vhost_transport_do_send_pkt(vsock, vq);
269}
270
271static int
272vhost_transport_send_pkt(struct sk_buff *skb)
273{
274 struct virtio_vsock_hdr *hdr = virtio_vsock_hdr(skb);
275 struct vhost_vsock *vsock;
276 int len = skb->len;
277
278 rcu_read_lock();
279
280 /* Find the vhost_vsock according to guest context id */
281 vsock = vhost_vsock_get(le64_to_cpu(hdr->dst_cid));
282 if (!vsock) {
283 rcu_read_unlock();
284 kfree_skb(skb);
285 return -ENODEV;
286 }
287
288 if (virtio_vsock_skb_reply(skb))
289 atomic_inc(v: &vsock->queued_replies);
290
291 virtio_vsock_skb_queue_tail(list: &vsock->send_pkt_queue, skb);
292 vhost_vq_work_queue(vq: &vsock->vqs[VSOCK_VQ_RX], work: &vsock->send_pkt_work);
293
294 rcu_read_unlock();
295 return len;
296}
297
298static int
299vhost_transport_cancel_pkt(struct vsock_sock *vsk)
300{
301 struct vhost_vsock *vsock;
302 int cnt = 0;
303 int ret = -ENODEV;
304
305 rcu_read_lock();
306
307 /* Find the vhost_vsock according to guest context id */
308 vsock = vhost_vsock_get(guest_cid: vsk->remote_addr.svm_cid);
309 if (!vsock)
310 goto out;
311
312 cnt = virtio_transport_purge_skbs(vsk, list: &vsock->send_pkt_queue);
313
314 if (cnt) {
315 struct vhost_virtqueue *tx_vq = &vsock->vqs[VSOCK_VQ_TX];
316 int new_cnt;
317
318 new_cnt = atomic_sub_return(i: cnt, v: &vsock->queued_replies);
319 if (new_cnt + cnt >= tx_vq->num && new_cnt < tx_vq->num)
320 vhost_poll_queue(poll: &tx_vq->poll);
321 }
322
323 ret = 0;
324out:
325 rcu_read_unlock();
326 return ret;
327}
328
329static struct sk_buff *
330vhost_vsock_alloc_skb(struct vhost_virtqueue *vq,
331 unsigned int out, unsigned int in)
332{
333 struct virtio_vsock_hdr *hdr;
334 struct iov_iter iov_iter;
335 struct sk_buff *skb;
336 size_t payload_len;
337 size_t nbytes;
338 size_t len;
339
340 if (in != 0) {
341 vq_err(vq, "Expected 0 input buffers, got %u\n", in);
342 return NULL;
343 }
344
345 len = iov_length(iov: vq->iov, nr_segs: out);
346
347 /* len contains both payload and hdr */
348 skb = virtio_vsock_alloc_skb(size: len, GFP_KERNEL);
349 if (!skb)
350 return NULL;
351
352 iov_iter_init(i: &iov_iter, ITER_SOURCE, iov: vq->iov, nr_segs: out, count: len);
353
354 hdr = virtio_vsock_hdr(skb);
355 nbytes = copy_from_iter(addr: hdr, bytes: sizeof(*hdr), i: &iov_iter);
356 if (nbytes != sizeof(*hdr)) {
357 vq_err(vq, "Expected %zu bytes for pkt->hdr, got %zu bytes\n",
358 sizeof(*hdr), nbytes);
359 kfree_skb(skb);
360 return NULL;
361 }
362
363 payload_len = le32_to_cpu(hdr->len);
364
365 /* No payload */
366 if (!payload_len)
367 return skb;
368
369 /* The pkt is too big or the length in the header is invalid */
370 if (payload_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE ||
371 payload_len + sizeof(*hdr) > len) {
372 kfree_skb(skb);
373 return NULL;
374 }
375
376 virtio_vsock_skb_rx_put(skb);
377
378 nbytes = copy_from_iter(addr: skb->data, bytes: payload_len, i: &iov_iter);
379 if (nbytes != payload_len) {
380 vq_err(vq, "Expected %zu byte payload, got %zu bytes\n",
381 payload_len, nbytes);
382 kfree_skb(skb);
383 return NULL;
384 }
385
386 return skb;
387}
388
389/* Is there space left for replies to rx packets? */
390static bool vhost_vsock_more_replies(struct vhost_vsock *vsock)
391{
392 struct vhost_virtqueue *vq = &vsock->vqs[VSOCK_VQ_TX];
393 int val;
394
395 smp_rmb(); /* paired with atomic_inc() and atomic_dec_return() */
396 val = atomic_read(v: &vsock->queued_replies);
397
398 return val < vq->num;
399}
400
401static bool vhost_transport_msgzerocopy_allow(void)
402{
403 return true;
404}
405
406static bool vhost_transport_seqpacket_allow(u32 remote_cid);
407
408static struct virtio_transport vhost_transport = {
409 .transport = {
410 .module = THIS_MODULE,
411
412 .get_local_cid = vhost_transport_get_local_cid,
413
414 .init = virtio_transport_do_socket_init,
415 .destruct = virtio_transport_destruct,
416 .release = virtio_transport_release,
417 .connect = virtio_transport_connect,
418 .shutdown = virtio_transport_shutdown,
419 .cancel_pkt = vhost_transport_cancel_pkt,
420
421 .dgram_enqueue = virtio_transport_dgram_enqueue,
422 .dgram_dequeue = virtio_transport_dgram_dequeue,
423 .dgram_bind = virtio_transport_dgram_bind,
424 .dgram_allow = virtio_transport_dgram_allow,
425
426 .stream_enqueue = virtio_transport_stream_enqueue,
427 .stream_dequeue = virtio_transport_stream_dequeue,
428 .stream_has_data = virtio_transport_stream_has_data,
429 .stream_has_space = virtio_transport_stream_has_space,
430 .stream_rcvhiwat = virtio_transport_stream_rcvhiwat,
431 .stream_is_active = virtio_transport_stream_is_active,
432 .stream_allow = virtio_transport_stream_allow,
433
434 .seqpacket_dequeue = virtio_transport_seqpacket_dequeue,
435 .seqpacket_enqueue = virtio_transport_seqpacket_enqueue,
436 .seqpacket_allow = vhost_transport_seqpacket_allow,
437 .seqpacket_has_data = virtio_transport_seqpacket_has_data,
438
439 .msgzerocopy_allow = vhost_transport_msgzerocopy_allow,
440
441 .notify_poll_in = virtio_transport_notify_poll_in,
442 .notify_poll_out = virtio_transport_notify_poll_out,
443 .notify_recv_init = virtio_transport_notify_recv_init,
444 .notify_recv_pre_block = virtio_transport_notify_recv_pre_block,
445 .notify_recv_pre_dequeue = virtio_transport_notify_recv_pre_dequeue,
446 .notify_recv_post_dequeue = virtio_transport_notify_recv_post_dequeue,
447 .notify_send_init = virtio_transport_notify_send_init,
448 .notify_send_pre_block = virtio_transport_notify_send_pre_block,
449 .notify_send_pre_enqueue = virtio_transport_notify_send_pre_enqueue,
450 .notify_send_post_enqueue = virtio_transport_notify_send_post_enqueue,
451 .notify_buffer_size = virtio_transport_notify_buffer_size,
452
453 .read_skb = virtio_transport_read_skb,
454 },
455
456 .send_pkt = vhost_transport_send_pkt,
457};
458
459static bool vhost_transport_seqpacket_allow(u32 remote_cid)
460{
461 struct vhost_vsock *vsock;
462 bool seqpacket_allow = false;
463
464 rcu_read_lock();
465 vsock = vhost_vsock_get(guest_cid: remote_cid);
466
467 if (vsock)
468 seqpacket_allow = vsock->seqpacket_allow;
469
470 rcu_read_unlock();
471
472 return seqpacket_allow;
473}
474
475static void vhost_vsock_handle_tx_kick(struct vhost_work *work)
476{
477 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
478 poll.work);
479 struct vhost_vsock *vsock = container_of(vq->dev, struct vhost_vsock,
480 dev);
481 int head, pkts = 0, total_len = 0;
482 unsigned int out, in;
483 struct sk_buff *skb;
484 bool added = false;
485
486 mutex_lock(&vq->mutex);
487
488 if (!vhost_vq_get_backend(vq))
489 goto out;
490
491 if (!vq_meta_prefetch(vq))
492 goto out;
493
494 vhost_disable_notify(&vsock->dev, vq);
495 do {
496 struct virtio_vsock_hdr *hdr;
497
498 if (!vhost_vsock_more_replies(vsock)) {
499 /* Stop tx until the device processes already
500 * pending replies. Leave tx virtqueue
501 * callbacks disabled.
502 */
503 goto no_more_replies;
504 }
505
506 head = vhost_get_vq_desc(vq, iov: vq->iov, ARRAY_SIZE(vq->iov),
507 out_num: &out, in_num: &in, NULL, NULL);
508 if (head < 0)
509 break;
510
511 if (head == vq->num) {
512 if (unlikely(vhost_enable_notify(&vsock->dev, vq))) {
513 vhost_disable_notify(&vsock->dev, vq);
514 continue;
515 }
516 break;
517 }
518
519 skb = vhost_vsock_alloc_skb(vq, out, in);
520 if (!skb) {
521 vq_err(vq, "Faulted on pkt\n");
522 continue;
523 }
524
525 total_len += sizeof(*hdr) + skb->len;
526
527 /* Deliver to monitoring devices all received packets */
528 virtio_transport_deliver_tap_pkt(skb);
529
530 hdr = virtio_vsock_hdr(skb);
531
532 /* Only accept correctly addressed packets */
533 if (le64_to_cpu(hdr->src_cid) == vsock->guest_cid &&
534 le64_to_cpu(hdr->dst_cid) ==
535 vhost_transport_get_local_cid())
536 virtio_transport_recv_pkt(t: &vhost_transport, skb);
537 else
538 kfree_skb(skb);
539
540 vhost_add_used(vq, head, len: 0);
541 added = true;
542 } while(likely(!vhost_exceeds_weight(vq, ++pkts, total_len)));
543
544no_more_replies:
545 if (added)
546 vhost_signal(&vsock->dev, vq);
547
548out:
549 mutex_unlock(lock: &vq->mutex);
550}
551
552static void vhost_vsock_handle_rx_kick(struct vhost_work *work)
553{
554 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
555 poll.work);
556 struct vhost_vsock *vsock = container_of(vq->dev, struct vhost_vsock,
557 dev);
558
559 vhost_transport_do_send_pkt(vsock, vq);
560}
561
562static int vhost_vsock_start(struct vhost_vsock *vsock)
563{
564 struct vhost_virtqueue *vq;
565 size_t i;
566 int ret;
567
568 mutex_lock(&vsock->dev.mutex);
569
570 ret = vhost_dev_check_owner(&vsock->dev);
571 if (ret)
572 goto err;
573
574 for (i = 0; i < ARRAY_SIZE(vsock->vqs); i++) {
575 vq = &vsock->vqs[i];
576
577 mutex_lock(&vq->mutex);
578
579 if (!vhost_vq_access_ok(vq)) {
580 ret = -EFAULT;
581 goto err_vq;
582 }
583
584 if (!vhost_vq_get_backend(vq)) {
585 vhost_vq_set_backend(vq, private_data: vsock);
586 ret = vhost_vq_init_access(vq);
587 if (ret)
588 goto err_vq;
589 }
590
591 mutex_unlock(lock: &vq->mutex);
592 }
593
594 /* Some packets may have been queued before the device was started,
595 * let's kick the send worker to send them.
596 */
597 vhost_vq_work_queue(vq: &vsock->vqs[VSOCK_VQ_RX], work: &vsock->send_pkt_work);
598
599 mutex_unlock(lock: &vsock->dev.mutex);
600 return 0;
601
602err_vq:
603 vhost_vq_set_backend(vq, NULL);
604 mutex_unlock(lock: &vq->mutex);
605
606 for (i = 0; i < ARRAY_SIZE(vsock->vqs); i++) {
607 vq = &vsock->vqs[i];
608
609 mutex_lock(&vq->mutex);
610 vhost_vq_set_backend(vq, NULL);
611 mutex_unlock(lock: &vq->mutex);
612 }
613err:
614 mutex_unlock(lock: &vsock->dev.mutex);
615 return ret;
616}
617
618static int vhost_vsock_stop(struct vhost_vsock *vsock, bool check_owner)
619{
620 size_t i;
621 int ret = 0;
622
623 mutex_lock(&vsock->dev.mutex);
624
625 if (check_owner) {
626 ret = vhost_dev_check_owner(&vsock->dev);
627 if (ret)
628 goto err;
629 }
630
631 for (i = 0; i < ARRAY_SIZE(vsock->vqs); i++) {
632 struct vhost_virtqueue *vq = &vsock->vqs[i];
633
634 mutex_lock(&vq->mutex);
635 vhost_vq_set_backend(vq, NULL);
636 mutex_unlock(lock: &vq->mutex);
637 }
638
639err:
640 mutex_unlock(lock: &vsock->dev.mutex);
641 return ret;
642}
643
644static void vhost_vsock_free(struct vhost_vsock *vsock)
645{
646 kvfree(addr: vsock);
647}
648
649static int vhost_vsock_dev_open(struct inode *inode, struct file *file)
650{
651 struct vhost_virtqueue **vqs;
652 struct vhost_vsock *vsock;
653 int ret;
654
655 /* This struct is large and allocation could fail, fall back to vmalloc
656 * if there is no other way.
657 */
658 vsock = kvmalloc(size: sizeof(*vsock), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
659 if (!vsock)
660 return -ENOMEM;
661
662 vqs = kmalloc_array(ARRAY_SIZE(vsock->vqs), size: sizeof(*vqs), GFP_KERNEL);
663 if (!vqs) {
664 ret = -ENOMEM;
665 goto out;
666 }
667
668 vsock->guest_cid = 0; /* no CID assigned yet */
669
670 atomic_set(v: &vsock->queued_replies, i: 0);
671
672 vqs[VSOCK_VQ_TX] = &vsock->vqs[VSOCK_VQ_TX];
673 vqs[VSOCK_VQ_RX] = &vsock->vqs[VSOCK_VQ_RX];
674 vsock->vqs[VSOCK_VQ_TX].handle_kick = vhost_vsock_handle_tx_kick;
675 vsock->vqs[VSOCK_VQ_RX].handle_kick = vhost_vsock_handle_rx_kick;
676
677 vhost_dev_init(&vsock->dev, vqs, ARRAY_SIZE(vsock->vqs),
678 UIO_MAXIOV, VHOST_VSOCK_PKT_WEIGHT,
679 VHOST_VSOCK_WEIGHT, use_worker: true, NULL);
680
681 file->private_data = vsock;
682 skb_queue_head_init(list: &vsock->send_pkt_queue);
683 vhost_work_init(work: &vsock->send_pkt_work, fn: vhost_transport_send_pkt_work);
684 return 0;
685
686out:
687 vhost_vsock_free(vsock);
688 return ret;
689}
690
691static void vhost_vsock_flush(struct vhost_vsock *vsock)
692{
693 vhost_dev_flush(dev: &vsock->dev);
694}
695
696static void vhost_vsock_reset_orphans(struct sock *sk)
697{
698 struct vsock_sock *vsk = vsock_sk(sk);
699
700 /* vmci_transport.c doesn't take sk_lock here either. At least we're
701 * under vsock_table_lock so the sock cannot disappear while we're
702 * executing.
703 */
704
705 /* If the peer is still valid, no need to reset connection */
706 if (vhost_vsock_get(guest_cid: vsk->remote_addr.svm_cid))
707 return;
708
709 /* If the close timeout is pending, let it expire. This avoids races
710 * with the timeout callback.
711 */
712 if (vsk->close_work_scheduled)
713 return;
714
715 sock_set_flag(sk, flag: SOCK_DONE);
716 vsk->peer_shutdown = SHUTDOWN_MASK;
717 sk->sk_state = SS_UNCONNECTED;
718 sk->sk_err = ECONNRESET;
719 sk_error_report(sk);
720}
721
722static int vhost_vsock_dev_release(struct inode *inode, struct file *file)
723{
724 struct vhost_vsock *vsock = file->private_data;
725
726 mutex_lock(&vhost_vsock_mutex);
727 if (vsock->guest_cid)
728 hash_del_rcu(node: &vsock->hash);
729 mutex_unlock(lock: &vhost_vsock_mutex);
730
731 /* Wait for other CPUs to finish using vsock */
732 synchronize_rcu();
733
734 /* Iterating over all connections for all CIDs to find orphans is
735 * inefficient. Room for improvement here. */
736 vsock_for_each_connected_socket(transport: &vhost_transport.transport,
737 fn: vhost_vsock_reset_orphans);
738
739 /* Don't check the owner, because we are in the release path, so we
740 * need to stop the vsock device in any case.
741 * vhost_vsock_stop() can not fail in this case, so we don't need to
742 * check the return code.
743 */
744 vhost_vsock_stop(vsock, check_owner: false);
745 vhost_vsock_flush(vsock);
746 vhost_dev_stop(&vsock->dev);
747
748 virtio_vsock_skb_queue_purge(list: &vsock->send_pkt_queue);
749
750 vhost_dev_cleanup(&vsock->dev);
751 kfree(objp: vsock->dev.vqs);
752 vhost_vsock_free(vsock);
753 return 0;
754}
755
756static int vhost_vsock_set_cid(struct vhost_vsock *vsock, u64 guest_cid)
757{
758 struct vhost_vsock *other;
759
760 /* Refuse reserved CIDs */
761 if (guest_cid <= VMADDR_CID_HOST ||
762 guest_cid == U32_MAX)
763 return -EINVAL;
764
765 /* 64-bit CIDs are not yet supported */
766 if (guest_cid > U32_MAX)
767 return -EINVAL;
768
769 /* Refuse if CID is assigned to the guest->host transport (i.e. nested
770 * VM), to make the loopback work.
771 */
772 if (vsock_find_cid(cid: guest_cid))
773 return -EADDRINUSE;
774
775 /* Refuse if CID is already in use */
776 mutex_lock(&vhost_vsock_mutex);
777 other = vhost_vsock_get(guest_cid);
778 if (other && other != vsock) {
779 mutex_unlock(lock: &vhost_vsock_mutex);
780 return -EADDRINUSE;
781 }
782
783 if (vsock->guest_cid)
784 hash_del_rcu(node: &vsock->hash);
785
786 vsock->guest_cid = guest_cid;
787 hash_add_rcu(vhost_vsock_hash, &vsock->hash, vsock->guest_cid);
788 mutex_unlock(lock: &vhost_vsock_mutex);
789
790 return 0;
791}
792
793static int vhost_vsock_set_features(struct vhost_vsock *vsock, u64 features)
794{
795 struct vhost_virtqueue *vq;
796 int i;
797
798 if (features & ~VHOST_VSOCK_FEATURES)
799 return -EOPNOTSUPP;
800
801 mutex_lock(&vsock->dev.mutex);
802 if ((features & (1 << VHOST_F_LOG_ALL)) &&
803 !vhost_log_access_ok(&vsock->dev)) {
804 goto err;
805 }
806
807 if ((features & (1ULL << VIRTIO_F_ACCESS_PLATFORM))) {
808 if (vhost_init_device_iotlb(d: &vsock->dev))
809 goto err;
810 }
811
812 if (features & (1ULL << VIRTIO_VSOCK_F_SEQPACKET))
813 vsock->seqpacket_allow = true;
814
815 for (i = 0; i < ARRAY_SIZE(vsock->vqs); i++) {
816 vq = &vsock->vqs[i];
817 mutex_lock(&vq->mutex);
818 vq->acked_features = features;
819 mutex_unlock(lock: &vq->mutex);
820 }
821 mutex_unlock(lock: &vsock->dev.mutex);
822 return 0;
823
824err:
825 mutex_unlock(lock: &vsock->dev.mutex);
826 return -EFAULT;
827}
828
829static long vhost_vsock_dev_ioctl(struct file *f, unsigned int ioctl,
830 unsigned long arg)
831{
832 struct vhost_vsock *vsock = f->private_data;
833 void __user *argp = (void __user *)arg;
834 u64 guest_cid;
835 u64 features;
836 int start;
837 int r;
838
839 switch (ioctl) {
840 case VHOST_VSOCK_SET_GUEST_CID:
841 if (copy_from_user(to: &guest_cid, from: argp, n: sizeof(guest_cid)))
842 return -EFAULT;
843 return vhost_vsock_set_cid(vsock, guest_cid);
844 case VHOST_VSOCK_SET_RUNNING:
845 if (copy_from_user(to: &start, from: argp, n: sizeof(start)))
846 return -EFAULT;
847 if (start)
848 return vhost_vsock_start(vsock);
849 else
850 return vhost_vsock_stop(vsock, check_owner: true);
851 case VHOST_GET_FEATURES:
852 features = VHOST_VSOCK_FEATURES;
853 if (copy_to_user(to: argp, from: &features, n: sizeof(features)))
854 return -EFAULT;
855 return 0;
856 case VHOST_SET_FEATURES:
857 if (copy_from_user(to: &features, from: argp, n: sizeof(features)))
858 return -EFAULT;
859 return vhost_vsock_set_features(vsock, features);
860 case VHOST_GET_BACKEND_FEATURES:
861 features = VHOST_VSOCK_BACKEND_FEATURES;
862 if (copy_to_user(to: argp, from: &features, n: sizeof(features)))
863 return -EFAULT;
864 return 0;
865 case VHOST_SET_BACKEND_FEATURES:
866 if (copy_from_user(to: &features, from: argp, n: sizeof(features)))
867 return -EFAULT;
868 if (features & ~VHOST_VSOCK_BACKEND_FEATURES)
869 return -EOPNOTSUPP;
870 vhost_set_backend_features(dev: &vsock->dev, features);
871 return 0;
872 default:
873 mutex_lock(&vsock->dev.mutex);
874 r = vhost_dev_ioctl(&vsock->dev, ioctl, argp);
875 if (r == -ENOIOCTLCMD)
876 r = vhost_vring_ioctl(d: &vsock->dev, ioctl, argp);
877 else
878 vhost_vsock_flush(vsock);
879 mutex_unlock(lock: &vsock->dev.mutex);
880 return r;
881 }
882}
883
884static ssize_t vhost_vsock_chr_read_iter(struct kiocb *iocb, struct iov_iter *to)
885{
886 struct file *file = iocb->ki_filp;
887 struct vhost_vsock *vsock = file->private_data;
888 struct vhost_dev *dev = &vsock->dev;
889 int noblock = file->f_flags & O_NONBLOCK;
890
891 return vhost_chr_read_iter(dev, to, noblock);
892}
893
894static ssize_t vhost_vsock_chr_write_iter(struct kiocb *iocb,
895 struct iov_iter *from)
896{
897 struct file *file = iocb->ki_filp;
898 struct vhost_vsock *vsock = file->private_data;
899 struct vhost_dev *dev = &vsock->dev;
900
901 return vhost_chr_write_iter(dev, from);
902}
903
904static __poll_t vhost_vsock_chr_poll(struct file *file, poll_table *wait)
905{
906 struct vhost_vsock *vsock = file->private_data;
907 struct vhost_dev *dev = &vsock->dev;
908
909 return vhost_chr_poll(file, dev, wait);
910}
911
912static const struct file_operations vhost_vsock_fops = {
913 .owner = THIS_MODULE,
914 .open = vhost_vsock_dev_open,
915 .release = vhost_vsock_dev_release,
916 .llseek = noop_llseek,
917 .unlocked_ioctl = vhost_vsock_dev_ioctl,
918 .compat_ioctl = compat_ptr_ioctl,
919 .read_iter = vhost_vsock_chr_read_iter,
920 .write_iter = vhost_vsock_chr_write_iter,
921 .poll = vhost_vsock_chr_poll,
922};
923
924static struct miscdevice vhost_vsock_misc = {
925 .minor = VHOST_VSOCK_MINOR,
926 .name = "vhost-vsock",
927 .fops = &vhost_vsock_fops,
928};
929
930static int __init vhost_vsock_init(void)
931{
932 int ret;
933
934 ret = vsock_core_register(t: &vhost_transport.transport,
935 VSOCK_TRANSPORT_F_H2G);
936 if (ret < 0)
937 return ret;
938
939 ret = misc_register(misc: &vhost_vsock_misc);
940 if (ret) {
941 vsock_core_unregister(t: &vhost_transport.transport);
942 return ret;
943 }
944
945 return 0;
946};
947
948static void __exit vhost_vsock_exit(void)
949{
950 misc_deregister(misc: &vhost_vsock_misc);
951 vsock_core_unregister(t: &vhost_transport.transport);
952};
953
954module_init(vhost_vsock_init);
955module_exit(vhost_vsock_exit);
956MODULE_LICENSE("GPL v2");
957MODULE_AUTHOR("Asias He");
958MODULE_DESCRIPTION("vhost transport for vsock ");
959MODULE_ALIAS_MISCDEV(VHOST_VSOCK_MINOR);
960MODULE_ALIAS("devname:vhost-vsock");
961

source code of linux/drivers/vhost/vsock.c