1 /*
2 * VMware VMCI Driver
3 *
4 * Copyright (C) 2012 VMware, Inc. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation version 2 and no later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <linux/vmw_vmci_defs.h>
17 #include <linux/vmw_vmci_api.h>
18 #include <linux/highmem.h>
19 #include <linux/kernel.h>
20 #include <linux/mm.h>
21 #include <linux/module.h>
22 #include <linux/mutex.h>
23 #include <linux/pagemap.h>
24 #include <linux/pci.h>
25 #include <linux/sched.h>
26 #include <linux/slab.h>
27 #include <linux/uio.h>
28 #include <linux/wait.h>
29 #include <linux/vmalloc.h>
30 #include <linux/skbuff.h>
31
32 #include "vmci_handle_array.h"
33 #include "vmci_queue_pair.h"
34 #include "vmci_datagram.h"
35 #include "vmci_resource.h"
36 #include "vmci_context.h"
37 #include "vmci_driver.h"
38 #include "vmci_event.h"
39 #include "vmci_route.h"
40
41 /*
42 * In the following, we will distinguish between two kinds of VMX processes -
43 * the ones with versions lower than VMCI_VERSION_NOVMVM that use specialized
44 * VMCI page files in the VMX and supporting VM to VM communication and the
45 * newer ones that use the guest memory directly. We will in the following
46 * refer to the older VMX versions as old-style VMX'en, and the newer ones as
47 * new-style VMX'en.
48 *
49 * The state transition datagram is as follows (the VMCIQPB_ prefix has been
50 * removed for readability) - see below for more details on the transtions:
51 *
52 * -------------- NEW -------------
53 * | |
54 * \_/ \_/
55 * CREATED_NO_MEM <-----------------> CREATED_MEM
56 * | | |
57 * | o-----------------------o |
58 * | | |
59 * \_/ \_/ \_/
60 * ATTACHED_NO_MEM <----------------> ATTACHED_MEM
61 * | | |
62 * | o----------------------o |
63 * | | |
64 * \_/ \_/ \_/
65 * SHUTDOWN_NO_MEM <----------------> SHUTDOWN_MEM
66 * | |
67 * | |
68 * -------------> gone <-------------
69 *
70 * In more detail. When a VMCI queue pair is first created, it will be in the
71 * VMCIQPB_NEW state. It will then move into one of the following states:
72 *
73 * - VMCIQPB_CREATED_NO_MEM: this state indicates that either:
74 *
75 * - the created was performed by a host endpoint, in which case there is
76 * no backing memory yet.
77 *
78 * - the create was initiated by an old-style VMX, that uses
79 * vmci_qp_broker_set_page_store to specify the UVAs of the queue pair at
80 * a later point in time. This state can be distinguished from the one
81 * above by the context ID of the creator. A host side is not allowed to
82 * attach until the page store has been set.
83 *
84 * - VMCIQPB_CREATED_MEM: this state is the result when the queue pair
85 * is created by a VMX using the queue pair device backend that
86 * sets the UVAs of the queue pair immediately and stores the
87 * information for later attachers. At this point, it is ready for
88 * the host side to attach to it.
89 *
90 * Once the queue pair is in one of the created states (with the exception of
91 * the case mentioned for older VMX'en above), it is possible to attach to the
92 * queue pair. Again we have two new states possible:
93 *
94 * - VMCIQPB_ATTACHED_MEM: this state can be reached through the following
95 * paths:
96 *
97 * - from VMCIQPB_CREATED_NO_MEM when a new-style VMX allocates a queue
98 * pair, and attaches to a queue pair previously created by the host side.
99 *
100 * - from VMCIQPB_CREATED_MEM when the host side attaches to a queue pair
101 * already created by a guest.
102 *
103 * - from VMCIQPB_ATTACHED_NO_MEM, when an old-style VMX calls
104 * vmci_qp_broker_set_page_store (see below).
105 *
106 * - VMCIQPB_ATTACHED_NO_MEM: If the queue pair already was in the
107 * VMCIQPB_CREATED_NO_MEM due to a host side create, an old-style VMX will
108 * bring the queue pair into this state. Once vmci_qp_broker_set_page_store
109 * is called to register the user memory, the VMCIQPB_ATTACH_MEM state
110 * will be entered.
111 *
112 * From the attached queue pair, the queue pair can enter the shutdown states
113 * when either side of the queue pair detaches. If the guest side detaches
114 * first, the queue pair will enter the VMCIQPB_SHUTDOWN_NO_MEM state, where
115 * the content of the queue pair will no longer be available. If the host
116 * side detaches first, the queue pair will either enter the
117 * VMCIQPB_SHUTDOWN_MEM, if the guest memory is currently mapped, or
118 * VMCIQPB_SHUTDOWN_NO_MEM, if the guest memory is not mapped
119 * (e.g., the host detaches while a guest is stunned).
120 *
121 * New-style VMX'en will also unmap guest memory, if the guest is
122 * quiesced, e.g., during a snapshot operation. In that case, the guest
123 * memory will no longer be available, and the queue pair will transition from
124 * *_MEM state to a *_NO_MEM state. The VMX may later map the memory once more,
125 * in which case the queue pair will transition from the *_NO_MEM state at that
126 * point back to the *_MEM state. Note that the *_NO_MEM state may have changed,
127 * since the peer may have either attached or detached in the meantime. The
128 * values are laid out such that ++ on a state will move from a *_NO_MEM to a
129 * *_MEM state, and vice versa.
130 */
131
132 /* The Kernel specific component of the struct vmci_queue structure. */
133 struct vmci_queue_kern_if {
134 struct mutex __mutex; /* Protects the queue. */
135 struct mutex *mutex; /* Shared by producer and consumer queues. */
136 size_t num_pages; /* Number of pages incl. header. */
137 bool host; /* Host or guest? */
138 union {
139 struct {
140 dma_addr_t *pas;
141 void **vas;
142 } g; /* Used by the guest. */
143 struct {
144 struct page **page;
145 struct page **header_page;
146 } h; /* Used by the host. */
147 } u;
148 };
149
150 /*
151 * This structure is opaque to the clients.
152 */
153 struct vmci_qp {
154 struct vmci_handle handle;
155 struct vmci_queue *produce_q;
156 struct vmci_queue *consume_q;
157 u64 produce_q_size;
158 u64 consume_q_size;
159 u32 peer;
160 u32 flags;
161 u32 priv_flags;
162 bool guest_endpoint;
163 unsigned int blocked;
164 unsigned int generation;
165 wait_queue_head_t event;
166 };
167
168 enum qp_broker_state {
169 VMCIQPB_NEW,
170 VMCIQPB_CREATED_NO_MEM,
171 VMCIQPB_CREATED_MEM,
172 VMCIQPB_ATTACHED_NO_MEM,
173 VMCIQPB_ATTACHED_MEM,
174 VMCIQPB_SHUTDOWN_NO_MEM,
175 VMCIQPB_SHUTDOWN_MEM,
176 VMCIQPB_GONE
177 };
178
179 #define QPBROKERSTATE_HAS_MEM(_qpb) (_qpb->state == VMCIQPB_CREATED_MEM || \
180 _qpb->state == VMCIQPB_ATTACHED_MEM || \
181 _qpb->state == VMCIQPB_SHUTDOWN_MEM)
182
183 /*
184 * In the queue pair broker, we always use the guest point of view for
185 * the produce and consume queue values and references, e.g., the
186 * produce queue size stored is the guests produce queue size. The
187 * host endpoint will need to swap these around. The only exception is
188 * the local queue pairs on the host, in which case the host endpoint
189 * that creates the queue pair will have the right orientation, and
190 * the attaching host endpoint will need to swap.
191 */
192 struct qp_entry {
193 struct list_head list_item;
194 struct vmci_handle handle;
195 u32 peer;
196 u32 flags;
197 u64 produce_size;
198 u64 consume_size;
199 u32 ref_count;
200 };
201
202 struct qp_broker_entry {
203 struct vmci_resource resource;
204 struct qp_entry qp;
205 u32 create_id;
206 u32 attach_id;
207 enum qp_broker_state state;
208 bool require_trusted_attach;
209 bool created_by_trusted;
210 bool vmci_page_files; /* Created by VMX using VMCI page files */
211 struct vmci_queue *produce_q;
212 struct vmci_queue *consume_q;
213 struct vmci_queue_header saved_produce_q;
214 struct vmci_queue_header saved_consume_q;
215 vmci_event_release_cb wakeup_cb;
216 void *client_data;
217 void *local_mem; /* Kernel memory for local queue pair */
218 };
219
220 struct qp_guest_endpoint {
221 struct vmci_resource resource;
222 struct qp_entry qp;
223 u64 num_ppns;
224 void *produce_q;
225 void *consume_q;
226 struct ppn_set ppn_set;
227 };
228
229 struct qp_list {
230 struct list_head head;
231 struct mutex mutex; /* Protect queue list. */
232 };
233
234 static struct qp_list qp_broker_list = {
235 .head = LIST_HEAD_INIT(qp_broker_list.head),
236 .mutex = __MUTEX_INITIALIZER(qp_broker_list.mutex),
237 };
238
239 static struct qp_list qp_guest_endpoints = {
240 .head = LIST_HEAD_INIT(qp_guest_endpoints.head),
241 .mutex = __MUTEX_INITIALIZER(qp_guest_endpoints.mutex),
242 };
243
244 #define INVALID_VMCI_GUEST_MEM_ID 0
245 #define QPE_NUM_PAGES(_QPE) ((u32) \
246 (DIV_ROUND_UP(_QPE.produce_size, PAGE_SIZE) + \
247 DIV_ROUND_UP(_QPE.consume_size, PAGE_SIZE) + 2))
248
249
250 /*
251 * Frees kernel VA space for a given queue and its queue header, and
252 * frees physical data pages.
253 */
qp_free_queue(void * q,u64 size)254 static void qp_free_queue(void *q, u64 size)
255 {
256 struct vmci_queue *queue = q;
257
258 if (queue) {
259 u64 i;
260
261 /* Given size does not include header, so add in a page here. */
262 for (i = 0; i < DIV_ROUND_UP(size, PAGE_SIZE) + 1; i++) {
263 dma_free_coherent(&vmci_pdev->dev, PAGE_SIZE,
264 queue->kernel_if->u.g.vas[i],
265 queue->kernel_if->u.g.pas[i]);
266 }
267
268 vfree(queue);
269 }
270 }
271
272 /*
273 * Allocates kernel queue pages of specified size with IOMMU mappings,
274 * plus space for the queue structure/kernel interface and the queue
275 * header.
276 */
qp_alloc_queue(u64 size,u32 flags)277 static void *qp_alloc_queue(u64 size, u32 flags)
278 {
279 u64 i;
280 struct vmci_queue *queue;
281 size_t pas_size;
282 size_t vas_size;
283 size_t queue_size = sizeof(*queue) + sizeof(*queue->kernel_if);
284 u64 num_pages;
285
286 if (size > SIZE_MAX - PAGE_SIZE)
287 return NULL;
288 num_pages = DIV_ROUND_UP(size, PAGE_SIZE) + 1;
289 if (num_pages >
290 (SIZE_MAX - queue_size) /
291 (sizeof(*queue->kernel_if->u.g.pas) +
292 sizeof(*queue->kernel_if->u.g.vas)))
293 return NULL;
294
295 pas_size = num_pages * sizeof(*queue->kernel_if->u.g.pas);
296 vas_size = num_pages * sizeof(*queue->kernel_if->u.g.vas);
297 queue_size += pas_size + vas_size;
298
299 queue = vmalloc(queue_size);
300 if (!queue)
301 return NULL;
302
303 queue->q_header = NULL;
304 queue->saved_header = NULL;
305 queue->kernel_if = (struct vmci_queue_kern_if *)(queue + 1);
306 queue->kernel_if->mutex = NULL;
307 queue->kernel_if->num_pages = num_pages;
308 queue->kernel_if->u.g.pas = (dma_addr_t *)(queue->kernel_if + 1);
309 queue->kernel_if->u.g.vas =
310 (void **)((u8 *)queue->kernel_if->u.g.pas + pas_size);
311 queue->kernel_if->host = false;
312
313 for (i = 0; i < num_pages; i++) {
314 queue->kernel_if->u.g.vas[i] =
315 dma_alloc_coherent(&vmci_pdev->dev, PAGE_SIZE,
316 &queue->kernel_if->u.g.pas[i],
317 GFP_KERNEL);
318 if (!queue->kernel_if->u.g.vas[i]) {
319 /* Size excl. the header. */
320 qp_free_queue(queue, i * PAGE_SIZE);
321 return NULL;
322 }
323 }
324
325 /* Queue header is the first page. */
326 queue->q_header = queue->kernel_if->u.g.vas[0];
327
328 return queue;
329 }
330
331 /*
332 * Copies from a given buffer or iovector to a VMCI Queue. Uses
333 * kmap()/kunmap() to dynamically map/unmap required portions of the queue
334 * by traversing the offset -> page translation structure for the queue.
335 * Assumes that offset + size does not wrap around in the queue.
336 */
qp_memcpy_to_queue_iter(struct vmci_queue * queue,u64 queue_offset,struct iov_iter * from,size_t size)337 static int qp_memcpy_to_queue_iter(struct vmci_queue *queue,
338 u64 queue_offset,
339 struct iov_iter *from,
340 size_t size)
341 {
342 struct vmci_queue_kern_if *kernel_if = queue->kernel_if;
343 size_t bytes_copied = 0;
344
345 while (bytes_copied < size) {
346 const u64 page_index =
347 (queue_offset + bytes_copied) / PAGE_SIZE;
348 const size_t page_offset =
349 (queue_offset + bytes_copied) & (PAGE_SIZE - 1);
350 void *va;
351 size_t to_copy;
352
353 if (kernel_if->host)
354 va = kmap(kernel_if->u.h.page[page_index]);
355 else
356 va = kernel_if->u.g.vas[page_index + 1];
357 /* Skip header. */
358
359 if (size - bytes_copied > PAGE_SIZE - page_offset)
360 /* Enough payload to fill up from this page. */
361 to_copy = PAGE_SIZE - page_offset;
362 else
363 to_copy = size - bytes_copied;
364
365 if (!copy_from_iter_full((u8 *)va + page_offset, to_copy,
366 from)) {
367 if (kernel_if->host)
368 kunmap(kernel_if->u.h.page[page_index]);
369 return VMCI_ERROR_INVALID_ARGS;
370 }
371 bytes_copied += to_copy;
372 if (kernel_if->host)
373 kunmap(kernel_if->u.h.page[page_index]);
374 }
375
376 return VMCI_SUCCESS;
377 }
378
379 /*
380 * Copies to a given buffer or iovector from a VMCI Queue. Uses
381 * kmap()/kunmap() to dynamically map/unmap required portions of the queue
382 * by traversing the offset -> page translation structure for the queue.
383 * Assumes that offset + size does not wrap around in the queue.
384 */
qp_memcpy_from_queue_iter(struct iov_iter * to,const struct vmci_queue * queue,u64 queue_offset,size_t size)385 static int qp_memcpy_from_queue_iter(struct iov_iter *to,
386 const struct vmci_queue *queue,
387 u64 queue_offset, size_t size)
388 {
389 struct vmci_queue_kern_if *kernel_if = queue->kernel_if;
390 size_t bytes_copied = 0;
391
392 while (bytes_copied < size) {
393 const u64 page_index =
394 (queue_offset + bytes_copied) / PAGE_SIZE;
395 const size_t page_offset =
396 (queue_offset + bytes_copied) & (PAGE_SIZE - 1);
397 void *va;
398 size_t to_copy;
399 int err;
400
401 if (kernel_if->host)
402 va = kmap(kernel_if->u.h.page[page_index]);
403 else
404 va = kernel_if->u.g.vas[page_index + 1];
405 /* Skip header. */
406
407 if (size - bytes_copied > PAGE_SIZE - page_offset)
408 /* Enough payload to fill up this page. */
409 to_copy = PAGE_SIZE - page_offset;
410 else
411 to_copy = size - bytes_copied;
412
413 err = copy_to_iter((u8 *)va + page_offset, to_copy, to);
414 if (err != to_copy) {
415 if (kernel_if->host)
416 kunmap(kernel_if->u.h.page[page_index]);
417 return VMCI_ERROR_INVALID_ARGS;
418 }
419 bytes_copied += to_copy;
420 if (kernel_if->host)
421 kunmap(kernel_if->u.h.page[page_index]);
422 }
423
424 return VMCI_SUCCESS;
425 }
426
427 /*
428 * Allocates two list of PPNs --- one for the pages in the produce queue,
429 * and the other for the pages in the consume queue. Intializes the list
430 * of PPNs with the page frame numbers of the KVA for the two queues (and
431 * the queue headers).
432 */
qp_alloc_ppn_set(void * prod_q,u64 num_produce_pages,void * cons_q,u64 num_consume_pages,struct ppn_set * ppn_set)433 static int qp_alloc_ppn_set(void *prod_q,
434 u64 num_produce_pages,
435 void *cons_q,
436 u64 num_consume_pages, struct ppn_set *ppn_set)
437 {
438 u32 *produce_ppns;
439 u32 *consume_ppns;
440 struct vmci_queue *produce_q = prod_q;
441 struct vmci_queue *consume_q = cons_q;
442 u64 i;
443
444 if (!produce_q || !num_produce_pages || !consume_q ||
445 !num_consume_pages || !ppn_set)
446 return VMCI_ERROR_INVALID_ARGS;
447
448 if (ppn_set->initialized)
449 return VMCI_ERROR_ALREADY_EXISTS;
450
451 produce_ppns =
452 kmalloc_array(num_produce_pages, sizeof(*produce_ppns),
453 GFP_KERNEL);
454 if (!produce_ppns)
455 return VMCI_ERROR_NO_MEM;
456
457 consume_ppns =
458 kmalloc_array(num_consume_pages, sizeof(*consume_ppns),
459 GFP_KERNEL);
460 if (!consume_ppns) {
461 kfree(produce_ppns);
462 return VMCI_ERROR_NO_MEM;
463 }
464
465 for (i = 0; i < num_produce_pages; i++) {
466 unsigned long pfn;
467
468 produce_ppns[i] =
469 produce_q->kernel_if->u.g.pas[i] >> PAGE_SHIFT;
470 pfn = produce_ppns[i];
471
472 /* Fail allocation if PFN isn't supported by hypervisor. */
473 if (sizeof(pfn) > sizeof(*produce_ppns)
474 && pfn != produce_ppns[i])
475 goto ppn_error;
476 }
477
478 for (i = 0; i < num_consume_pages; i++) {
479 unsigned long pfn;
480
481 consume_ppns[i] =
482 consume_q->kernel_if->u.g.pas[i] >> PAGE_SHIFT;
483 pfn = consume_ppns[i];
484
485 /* Fail allocation if PFN isn't supported by hypervisor. */
486 if (sizeof(pfn) > sizeof(*consume_ppns)
487 && pfn != consume_ppns[i])
488 goto ppn_error;
489 }
490
491 ppn_set->num_produce_pages = num_produce_pages;
492 ppn_set->num_consume_pages = num_consume_pages;
493 ppn_set->produce_ppns = produce_ppns;
494 ppn_set->consume_ppns = consume_ppns;
495 ppn_set->initialized = true;
496 return VMCI_SUCCESS;
497
498 ppn_error:
499 kfree(produce_ppns);
500 kfree(consume_ppns);
501 return VMCI_ERROR_INVALID_ARGS;
502 }
503
504 /*
505 * Frees the two list of PPNs for a queue pair.
506 */
qp_free_ppn_set(struct ppn_set * ppn_set)507 static void qp_free_ppn_set(struct ppn_set *ppn_set)
508 {
509 if (ppn_set->initialized) {
510 /* Do not call these functions on NULL inputs. */
511 kfree(ppn_set->produce_ppns);
512 kfree(ppn_set->consume_ppns);
513 }
514 memset(ppn_set, 0, sizeof(*ppn_set));
515 }
516
517 /*
518 * Populates the list of PPNs in the hypercall structure with the PPNS
519 * of the produce queue and the consume queue.
520 */
qp_populate_ppn_set(u8 * call_buf,const struct ppn_set * ppn_set)521 static int qp_populate_ppn_set(u8 *call_buf, const struct ppn_set *ppn_set)
522 {
523 memcpy(call_buf, ppn_set->produce_ppns,
524 ppn_set->num_produce_pages * sizeof(*ppn_set->produce_ppns));
525 memcpy(call_buf +
526 ppn_set->num_produce_pages * sizeof(*ppn_set->produce_ppns),
527 ppn_set->consume_ppns,
528 ppn_set->num_consume_pages * sizeof(*ppn_set->consume_ppns));
529
530 return VMCI_SUCCESS;
531 }
532
533 /*
534 * Allocates kernel VA space of specified size plus space for the queue
535 * and kernel interface. This is different from the guest queue allocator,
536 * because we do not allocate our own queue header/data pages here but
537 * share those of the guest.
538 */
qp_host_alloc_queue(u64 size)539 static struct vmci_queue *qp_host_alloc_queue(u64 size)
540 {
541 struct vmci_queue *queue;
542 size_t queue_page_size;
543 u64 num_pages;
544 const size_t queue_size = sizeof(*queue) + sizeof(*(queue->kernel_if));
545
546 if (size > SIZE_MAX - PAGE_SIZE)
547 return NULL;
548 num_pages = DIV_ROUND_UP(size, PAGE_SIZE) + 1;
549 if (num_pages > (SIZE_MAX - queue_size) /
550 sizeof(*queue->kernel_if->u.h.page))
551 return NULL;
552
553 queue_page_size = num_pages * sizeof(*queue->kernel_if->u.h.page);
554
555 queue = kzalloc(queue_size + queue_page_size, GFP_KERNEL);
556 if (queue) {
557 queue->q_header = NULL;
558 queue->saved_header = NULL;
559 queue->kernel_if = (struct vmci_queue_kern_if *)(queue + 1);
560 queue->kernel_if->host = true;
561 queue->kernel_if->mutex = NULL;
562 queue->kernel_if->num_pages = num_pages;
563 queue->kernel_if->u.h.header_page =
564 (struct page **)((u8 *)queue + queue_size);
565 queue->kernel_if->u.h.page =
566 &queue->kernel_if->u.h.header_page[1];
567 }
568
569 return queue;
570 }
571
572 /*
573 * Frees kernel memory for a given queue (header plus translation
574 * structure).
575 */
qp_host_free_queue(struct vmci_queue * queue,u64 queue_size)576 static void qp_host_free_queue(struct vmci_queue *queue, u64 queue_size)
577 {
578 kfree(queue);
579 }
580
581 /*
582 * Initialize the mutex for the pair of queues. This mutex is used to
583 * protect the q_header and the buffer from changing out from under any
584 * users of either queue. Of course, it's only any good if the mutexes
585 * are actually acquired. Queue structure must lie on non-paged memory
586 * or we cannot guarantee access to the mutex.
587 */
qp_init_queue_mutex(struct vmci_queue * produce_q,struct vmci_queue * consume_q)588 static void qp_init_queue_mutex(struct vmci_queue *produce_q,
589 struct vmci_queue *consume_q)
590 {
591 /*
592 * Only the host queue has shared state - the guest queues do not
593 * need to synchronize access using a queue mutex.
594 */
595
596 if (produce_q->kernel_if->host) {
597 produce_q->kernel_if->mutex = &produce_q->kernel_if->__mutex;
598 consume_q->kernel_if->mutex = &produce_q->kernel_if->__mutex;
599 mutex_init(produce_q->kernel_if->mutex);
600 }
601 }
602
603 /*
604 * Cleans up the mutex for the pair of queues.
605 */
qp_cleanup_queue_mutex(struct vmci_queue * produce_q,struct vmci_queue * consume_q)606 static void qp_cleanup_queue_mutex(struct vmci_queue *produce_q,
607 struct vmci_queue *consume_q)
608 {
609 if (produce_q->kernel_if->host) {
610 produce_q->kernel_if->mutex = NULL;
611 consume_q->kernel_if->mutex = NULL;
612 }
613 }
614
615 /*
616 * Acquire the mutex for the queue. Note that the produce_q and
617 * the consume_q share a mutex. So, only one of the two need to
618 * be passed in to this routine. Either will work just fine.
619 */
qp_acquire_queue_mutex(struct vmci_queue * queue)620 static void qp_acquire_queue_mutex(struct vmci_queue *queue)
621 {
622 if (queue->kernel_if->host)
623 mutex_lock(queue->kernel_if->mutex);
624 }
625
626 /*
627 * Release the mutex for the queue. Note that the produce_q and
628 * the consume_q share a mutex. So, only one of the two need to
629 * be passed in to this routine. Either will work just fine.
630 */
qp_release_queue_mutex(struct vmci_queue * queue)631 static void qp_release_queue_mutex(struct vmci_queue *queue)
632 {
633 if (queue->kernel_if->host)
634 mutex_unlock(queue->kernel_if->mutex);
635 }
636
637 /*
638 * Helper function to release pages in the PageStoreAttachInfo
639 * previously obtained using get_user_pages.
640 */
qp_release_pages(struct page ** pages,u64 num_pages,bool dirty)641 static void qp_release_pages(struct page **pages,
642 u64 num_pages, bool dirty)
643 {
644 int i;
645
646 for (i = 0; i < num_pages; i++) {
647 if (dirty)
648 set_page_dirty(pages[i]);
649
650 put_page(pages[i]);
651 pages[i] = NULL;
652 }
653 }
654
655 /*
656 * Lock the user pages referenced by the {produce,consume}Buffer
657 * struct into memory and populate the {produce,consume}Pages
658 * arrays in the attach structure with them.
659 */
qp_host_get_user_memory(u64 produce_uva,u64 consume_uva,struct vmci_queue * produce_q,struct vmci_queue * consume_q)660 static int qp_host_get_user_memory(u64 produce_uva,
661 u64 consume_uva,
662 struct vmci_queue *produce_q,
663 struct vmci_queue *consume_q)
664 {
665 int retval;
666 int err = VMCI_SUCCESS;
667
668 retval = get_user_pages_fast((uintptr_t) produce_uva,
669 produce_q->kernel_if->num_pages, 1,
670 produce_q->kernel_if->u.h.header_page);
671 if (retval < (int)produce_q->kernel_if->num_pages) {
672 pr_debug("get_user_pages_fast(produce) failed (retval=%d)",
673 retval);
674 if (retval > 0)
675 qp_release_pages(produce_q->kernel_if->u.h.header_page,
676 retval, false);
677 err = VMCI_ERROR_NO_MEM;
678 goto out;
679 }
680
681 retval = get_user_pages_fast((uintptr_t) consume_uva,
682 consume_q->kernel_if->num_pages, 1,
683 consume_q->kernel_if->u.h.header_page);
684 if (retval < (int)consume_q->kernel_if->num_pages) {
685 pr_debug("get_user_pages_fast(consume) failed (retval=%d)",
686 retval);
687 if (retval > 0)
688 qp_release_pages(consume_q->kernel_if->u.h.header_page,
689 retval, false);
690 qp_release_pages(produce_q->kernel_if->u.h.header_page,
691 produce_q->kernel_if->num_pages, false);
692 err = VMCI_ERROR_NO_MEM;
693 }
694
695 out:
696 return err;
697 }
698
699 /*
700 * Registers the specification of the user pages used for backing a queue
701 * pair. Enough information to map in pages is stored in the OS specific
702 * part of the struct vmci_queue structure.
703 */
qp_host_register_user_memory(struct vmci_qp_page_store * page_store,struct vmci_queue * produce_q,struct vmci_queue * consume_q)704 static int qp_host_register_user_memory(struct vmci_qp_page_store *page_store,
705 struct vmci_queue *produce_q,
706 struct vmci_queue *consume_q)
707 {
708 u64 produce_uva;
709 u64 consume_uva;
710
711 /*
712 * The new style and the old style mapping only differs in
713 * that we either get a single or two UVAs, so we split the
714 * single UVA range at the appropriate spot.
715 */
716 produce_uva = page_store->pages;
717 consume_uva = page_store->pages +
718 produce_q->kernel_if->num_pages * PAGE_SIZE;
719 return qp_host_get_user_memory(produce_uva, consume_uva, produce_q,
720 consume_q);
721 }
722
723 /*
724 * Releases and removes the references to user pages stored in the attach
725 * struct. Pages are released from the page cache and may become
726 * swappable again.
727 */
qp_host_unregister_user_memory(struct vmci_queue * produce_q,struct vmci_queue * consume_q)728 static void qp_host_unregister_user_memory(struct vmci_queue *produce_q,
729 struct vmci_queue *consume_q)
730 {
731 qp_release_pages(produce_q->kernel_if->u.h.header_page,
732 produce_q->kernel_if->num_pages, true);
733 memset(produce_q->kernel_if->u.h.header_page, 0,
734 sizeof(*produce_q->kernel_if->u.h.header_page) *
735 produce_q->kernel_if->num_pages);
736 qp_release_pages(consume_q->kernel_if->u.h.header_page,
737 consume_q->kernel_if->num_pages, true);
738 memset(consume_q->kernel_if->u.h.header_page, 0,
739 sizeof(*consume_q->kernel_if->u.h.header_page) *
740 consume_q->kernel_if->num_pages);
741 }
742
743 /*
744 * Once qp_host_register_user_memory has been performed on a
745 * queue, the queue pair headers can be mapped into the
746 * kernel. Once mapped, they must be unmapped with
747 * qp_host_unmap_queues prior to calling
748 * qp_host_unregister_user_memory.
749 * Pages are pinned.
750 */
qp_host_map_queues(struct vmci_queue * produce_q,struct vmci_queue * consume_q)751 static int qp_host_map_queues(struct vmci_queue *produce_q,
752 struct vmci_queue *consume_q)
753 {
754 int result;
755
756 if (!produce_q->q_header || !consume_q->q_header) {
757 struct page *headers[2];
758
759 if (produce_q->q_header != consume_q->q_header)
760 return VMCI_ERROR_QUEUEPAIR_MISMATCH;
761
762 if (produce_q->kernel_if->u.h.header_page == NULL ||
763 *produce_q->kernel_if->u.h.header_page == NULL)
764 return VMCI_ERROR_UNAVAILABLE;
765
766 headers[0] = *produce_q->kernel_if->u.h.header_page;
767 headers[1] = *consume_q->kernel_if->u.h.header_page;
768
769 produce_q->q_header = vmap(headers, 2, VM_MAP, PAGE_KERNEL);
770 if (produce_q->q_header != NULL) {
771 consume_q->q_header =
772 (struct vmci_queue_header *)((u8 *)
773 produce_q->q_header +
774 PAGE_SIZE);
775 result = VMCI_SUCCESS;
776 } else {
777 pr_warn("vmap failed\n");
778 result = VMCI_ERROR_NO_MEM;
779 }
780 } else {
781 result = VMCI_SUCCESS;
782 }
783
784 return result;
785 }
786
787 /*
788 * Unmaps previously mapped queue pair headers from the kernel.
789 * Pages are unpinned.
790 */
qp_host_unmap_queues(u32 gid,struct vmci_queue * produce_q,struct vmci_queue * consume_q)791 static int qp_host_unmap_queues(u32 gid,
792 struct vmci_queue *produce_q,
793 struct vmci_queue *consume_q)
794 {
795 if (produce_q->q_header) {
796 if (produce_q->q_header < consume_q->q_header)
797 vunmap(produce_q->q_header);
798 else
799 vunmap(consume_q->q_header);
800
801 produce_q->q_header = NULL;
802 consume_q->q_header = NULL;
803 }
804
805 return VMCI_SUCCESS;
806 }
807
808 /*
809 * Finds the entry in the list corresponding to a given handle. Assumes
810 * that the list is locked.
811 */
qp_list_find(struct qp_list * qp_list,struct vmci_handle handle)812 static struct qp_entry *qp_list_find(struct qp_list *qp_list,
813 struct vmci_handle handle)
814 {
815 struct qp_entry *entry;
816
817 if (vmci_handle_is_invalid(handle))
818 return NULL;
819
820 list_for_each_entry(entry, &qp_list->head, list_item) {
821 if (vmci_handle_is_equal(entry->handle, handle))
822 return entry;
823 }
824
825 return NULL;
826 }
827
828 /*
829 * Finds the entry in the list corresponding to a given handle.
830 */
831 static struct qp_guest_endpoint *
qp_guest_handle_to_entry(struct vmci_handle handle)832 qp_guest_handle_to_entry(struct vmci_handle handle)
833 {
834 struct qp_guest_endpoint *entry;
835 struct qp_entry *qp = qp_list_find(&qp_guest_endpoints, handle);
836
837 entry = qp ? container_of(
838 qp, struct qp_guest_endpoint, qp) : NULL;
839 return entry;
840 }
841
842 /*
843 * Finds the entry in the list corresponding to a given handle.
844 */
845 static struct qp_broker_entry *
qp_broker_handle_to_entry(struct vmci_handle handle)846 qp_broker_handle_to_entry(struct vmci_handle handle)
847 {
848 struct qp_broker_entry *entry;
849 struct qp_entry *qp = qp_list_find(&qp_broker_list, handle);
850
851 entry = qp ? container_of(
852 qp, struct qp_broker_entry, qp) : NULL;
853 return entry;
854 }
855
856 /*
857 * Dispatches a queue pair event message directly into the local event
858 * queue.
859 */
qp_notify_peer_local(bool attach,struct vmci_handle handle)860 static int qp_notify_peer_local(bool attach, struct vmci_handle handle)
861 {
862 u32 context_id = vmci_get_context_id();
863 struct vmci_event_qp ev;
864
865 ev.msg.hdr.dst = vmci_make_handle(context_id, VMCI_EVENT_HANDLER);
866 ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
867 VMCI_CONTEXT_RESOURCE_ID);
868 ev.msg.hdr.payload_size = sizeof(ev) - sizeof(ev.msg.hdr);
869 ev.msg.event_data.event =
870 attach ? VMCI_EVENT_QP_PEER_ATTACH : VMCI_EVENT_QP_PEER_DETACH;
871 ev.payload.peer_id = context_id;
872 ev.payload.handle = handle;
873
874 return vmci_event_dispatch(&ev.msg.hdr);
875 }
876
877 /*
878 * Allocates and initializes a qp_guest_endpoint structure.
879 * Allocates a queue_pair rid (and handle) iff the given entry has
880 * an invalid handle. 0 through VMCI_RESERVED_RESOURCE_ID_MAX
881 * are reserved handles. Assumes that the QP list mutex is held
882 * by the caller.
883 */
884 static struct qp_guest_endpoint *
qp_guest_endpoint_create(struct vmci_handle handle,u32 peer,u32 flags,u64 produce_size,u64 consume_size,void * produce_q,void * consume_q)885 qp_guest_endpoint_create(struct vmci_handle handle,
886 u32 peer,
887 u32 flags,
888 u64 produce_size,
889 u64 consume_size,
890 void *produce_q,
891 void *consume_q)
892 {
893 int result;
894 struct qp_guest_endpoint *entry;
895 /* One page each for the queue headers. */
896 const u64 num_ppns = DIV_ROUND_UP(produce_size, PAGE_SIZE) +
897 DIV_ROUND_UP(consume_size, PAGE_SIZE) + 2;
898
899 if (vmci_handle_is_invalid(handle)) {
900 u32 context_id = vmci_get_context_id();
901
902 handle = vmci_make_handle(context_id, VMCI_INVALID_ID);
903 }
904
905 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
906 if (entry) {
907 entry->qp.peer = peer;
908 entry->qp.flags = flags;
909 entry->qp.produce_size = produce_size;
910 entry->qp.consume_size = consume_size;
911 entry->qp.ref_count = 0;
912 entry->num_ppns = num_ppns;
913 entry->produce_q = produce_q;
914 entry->consume_q = consume_q;
915 INIT_LIST_HEAD(&entry->qp.list_item);
916
917 /* Add resource obj */
918 result = vmci_resource_add(&entry->resource,
919 VMCI_RESOURCE_TYPE_QPAIR_GUEST,
920 handle);
921 entry->qp.handle = vmci_resource_handle(&entry->resource);
922 if ((result != VMCI_SUCCESS) ||
923 qp_list_find(&qp_guest_endpoints, entry->qp.handle)) {
924 pr_warn("Failed to add new resource (handle=0x%x:0x%x), error: %d",
925 handle.context, handle.resource, result);
926 kfree(entry);
927 entry = NULL;
928 }
929 }
930 return entry;
931 }
932
933 /*
934 * Frees a qp_guest_endpoint structure.
935 */
qp_guest_endpoint_destroy(struct qp_guest_endpoint * entry)936 static void qp_guest_endpoint_destroy(struct qp_guest_endpoint *entry)
937 {
938 qp_free_ppn_set(&entry->ppn_set);
939 qp_cleanup_queue_mutex(entry->produce_q, entry->consume_q);
940 qp_free_queue(entry->produce_q, entry->qp.produce_size);
941 qp_free_queue(entry->consume_q, entry->qp.consume_size);
942 /* Unlink from resource hash table and free callback */
943 vmci_resource_remove(&entry->resource);
944
945 kfree(entry);
946 }
947
948 /*
949 * Helper to make a queue_pairAlloc hypercall when the driver is
950 * supporting a guest device.
951 */
qp_alloc_hypercall(const struct qp_guest_endpoint * entry)952 static int qp_alloc_hypercall(const struct qp_guest_endpoint *entry)
953 {
954 struct vmci_qp_alloc_msg *alloc_msg;
955 size_t msg_size;
956 int result;
957
958 if (!entry || entry->num_ppns <= 2)
959 return VMCI_ERROR_INVALID_ARGS;
960
961 msg_size = sizeof(*alloc_msg) +
962 (size_t) entry->num_ppns * sizeof(u32);
963 alloc_msg = kmalloc(msg_size, GFP_KERNEL);
964 if (!alloc_msg)
965 return VMCI_ERROR_NO_MEM;
966
967 alloc_msg->hdr.dst = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
968 VMCI_QUEUEPAIR_ALLOC);
969 alloc_msg->hdr.src = VMCI_ANON_SRC_HANDLE;
970 alloc_msg->hdr.payload_size = msg_size - VMCI_DG_HEADERSIZE;
971 alloc_msg->handle = entry->qp.handle;
972 alloc_msg->peer = entry->qp.peer;
973 alloc_msg->flags = entry->qp.flags;
974 alloc_msg->produce_size = entry->qp.produce_size;
975 alloc_msg->consume_size = entry->qp.consume_size;
976 alloc_msg->num_ppns = entry->num_ppns;
977
978 result = qp_populate_ppn_set((u8 *)alloc_msg + sizeof(*alloc_msg),
979 &entry->ppn_set);
980 if (result == VMCI_SUCCESS)
981 result = vmci_send_datagram(&alloc_msg->hdr);
982
983 kfree(alloc_msg);
984
985 return result;
986 }
987
988 /*
989 * Helper to make a queue_pairDetach hypercall when the driver is
990 * supporting a guest device.
991 */
qp_detatch_hypercall(struct vmci_handle handle)992 static int qp_detatch_hypercall(struct vmci_handle handle)
993 {
994 struct vmci_qp_detach_msg detach_msg;
995
996 detach_msg.hdr.dst = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
997 VMCI_QUEUEPAIR_DETACH);
998 detach_msg.hdr.src = VMCI_ANON_SRC_HANDLE;
999 detach_msg.hdr.payload_size = sizeof(handle);
1000 detach_msg.handle = handle;
1001
1002 return vmci_send_datagram(&detach_msg.hdr);
1003 }
1004
1005 /*
1006 * Adds the given entry to the list. Assumes that the list is locked.
1007 */
qp_list_add_entry(struct qp_list * qp_list,struct qp_entry * entry)1008 static void qp_list_add_entry(struct qp_list *qp_list, struct qp_entry *entry)
1009 {
1010 if (entry)
1011 list_add(&entry->list_item, &qp_list->head);
1012 }
1013
1014 /*
1015 * Removes the given entry from the list. Assumes that the list is locked.
1016 */
qp_list_remove_entry(struct qp_list * qp_list,struct qp_entry * entry)1017 static void qp_list_remove_entry(struct qp_list *qp_list,
1018 struct qp_entry *entry)
1019 {
1020 if (entry)
1021 list_del(&entry->list_item);
1022 }
1023
1024 /*
1025 * Helper for VMCI queue_pair detach interface. Frees the physical
1026 * pages for the queue pair.
1027 */
qp_detatch_guest_work(struct vmci_handle handle)1028 static int qp_detatch_guest_work(struct vmci_handle handle)
1029 {
1030 int result;
1031 struct qp_guest_endpoint *entry;
1032 u32 ref_count = ~0; /* To avoid compiler warning below */
1033
1034 mutex_lock(&qp_guest_endpoints.mutex);
1035
1036 entry = qp_guest_handle_to_entry(handle);
1037 if (!entry) {
1038 mutex_unlock(&qp_guest_endpoints.mutex);
1039 return VMCI_ERROR_NOT_FOUND;
1040 }
1041
1042 if (entry->qp.flags & VMCI_QPFLAG_LOCAL) {
1043 result = VMCI_SUCCESS;
1044
1045 if (entry->qp.ref_count > 1) {
1046 result = qp_notify_peer_local(false, handle);
1047 /*
1048 * We can fail to notify a local queuepair
1049 * because we can't allocate. We still want
1050 * to release the entry if that happens, so
1051 * don't bail out yet.
1052 */
1053 }
1054 } else {
1055 result = qp_detatch_hypercall(handle);
1056 if (result < VMCI_SUCCESS) {
1057 /*
1058 * We failed to notify a non-local queuepair.
1059 * That other queuepair might still be
1060 * accessing the shared memory, so don't
1061 * release the entry yet. It will get cleaned
1062 * up by VMCIqueue_pair_Exit() if necessary
1063 * (assuming we are going away, otherwise why
1064 * did this fail?).
1065 */
1066
1067 mutex_unlock(&qp_guest_endpoints.mutex);
1068 return result;
1069 }
1070 }
1071
1072 /*
1073 * If we get here then we either failed to notify a local queuepair, or
1074 * we succeeded in all cases. Release the entry if required.
1075 */
1076
1077 entry->qp.ref_count--;
1078 if (entry->qp.ref_count == 0)
1079 qp_list_remove_entry(&qp_guest_endpoints, &entry->qp);
1080
1081 /* If we didn't remove the entry, this could change once we unlock. */
1082 if (entry)
1083 ref_count = entry->qp.ref_count;
1084
1085 mutex_unlock(&qp_guest_endpoints.mutex);
1086
1087 if (ref_count == 0)
1088 qp_guest_endpoint_destroy(entry);
1089
1090 return result;
1091 }
1092
1093 /*
1094 * This functions handles the actual allocation of a VMCI queue
1095 * pair guest endpoint. Allocates physical pages for the queue
1096 * pair. It makes OS dependent calls through generic wrappers.
1097 */
qp_alloc_guest_work(struct vmci_handle * handle,struct vmci_queue ** produce_q,u64 produce_size,struct vmci_queue ** consume_q,u64 consume_size,u32 peer,u32 flags,u32 priv_flags)1098 static int qp_alloc_guest_work(struct vmci_handle *handle,
1099 struct vmci_queue **produce_q,
1100 u64 produce_size,
1101 struct vmci_queue **consume_q,
1102 u64 consume_size,
1103 u32 peer,
1104 u32 flags,
1105 u32 priv_flags)
1106 {
1107 const u64 num_produce_pages =
1108 DIV_ROUND_UP(produce_size, PAGE_SIZE) + 1;
1109 const u64 num_consume_pages =
1110 DIV_ROUND_UP(consume_size, PAGE_SIZE) + 1;
1111 void *my_produce_q = NULL;
1112 void *my_consume_q = NULL;
1113 int result;
1114 struct qp_guest_endpoint *queue_pair_entry = NULL;
1115
1116 if (priv_flags != VMCI_NO_PRIVILEGE_FLAGS)
1117 return VMCI_ERROR_NO_ACCESS;
1118
1119 mutex_lock(&qp_guest_endpoints.mutex);
1120
1121 queue_pair_entry = qp_guest_handle_to_entry(*handle);
1122 if (queue_pair_entry) {
1123 if (queue_pair_entry->qp.flags & VMCI_QPFLAG_LOCAL) {
1124 /* Local attach case. */
1125 if (queue_pair_entry->qp.ref_count > 1) {
1126 pr_devel("Error attempting to attach more than once\n");
1127 result = VMCI_ERROR_UNAVAILABLE;
1128 goto error_keep_entry;
1129 }
1130
1131 if (queue_pair_entry->qp.produce_size != consume_size ||
1132 queue_pair_entry->qp.consume_size !=
1133 produce_size ||
1134 queue_pair_entry->qp.flags !=
1135 (flags & ~VMCI_QPFLAG_ATTACH_ONLY)) {
1136 pr_devel("Error mismatched queue pair in local attach\n");
1137 result = VMCI_ERROR_QUEUEPAIR_MISMATCH;
1138 goto error_keep_entry;
1139 }
1140
1141 /*
1142 * Do a local attach. We swap the consume and
1143 * produce queues for the attacher and deliver
1144 * an attach event.
1145 */
1146 result = qp_notify_peer_local(true, *handle);
1147 if (result < VMCI_SUCCESS)
1148 goto error_keep_entry;
1149
1150 my_produce_q = queue_pair_entry->consume_q;
1151 my_consume_q = queue_pair_entry->produce_q;
1152 goto out;
1153 }
1154
1155 result = VMCI_ERROR_ALREADY_EXISTS;
1156 goto error_keep_entry;
1157 }
1158
1159 my_produce_q = qp_alloc_queue(produce_size, flags);
1160 if (!my_produce_q) {
1161 pr_warn("Error allocating pages for produce queue\n");
1162 result = VMCI_ERROR_NO_MEM;
1163 goto error;
1164 }
1165
1166 my_consume_q = qp_alloc_queue(consume_size, flags);
1167 if (!my_consume_q) {
1168 pr_warn("Error allocating pages for consume queue\n");
1169 result = VMCI_ERROR_NO_MEM;
1170 goto error;
1171 }
1172
1173 queue_pair_entry = qp_guest_endpoint_create(*handle, peer, flags,
1174 produce_size, consume_size,
1175 my_produce_q, my_consume_q);
1176 if (!queue_pair_entry) {
1177 pr_warn("Error allocating memory in %s\n", __func__);
1178 result = VMCI_ERROR_NO_MEM;
1179 goto error;
1180 }
1181
1182 result = qp_alloc_ppn_set(my_produce_q, num_produce_pages, my_consume_q,
1183 num_consume_pages,
1184 &queue_pair_entry->ppn_set);
1185 if (result < VMCI_SUCCESS) {
1186 pr_warn("qp_alloc_ppn_set failed\n");
1187 goto error;
1188 }
1189
1190 /*
1191 * It's only necessary to notify the host if this queue pair will be
1192 * attached to from another context.
1193 */
1194 if (queue_pair_entry->qp.flags & VMCI_QPFLAG_LOCAL) {
1195 /* Local create case. */
1196 u32 context_id = vmci_get_context_id();
1197
1198 /*
1199 * Enforce similar checks on local queue pairs as we
1200 * do for regular ones. The handle's context must
1201 * match the creator or attacher context id (here they
1202 * are both the current context id) and the
1203 * attach-only flag cannot exist during create. We
1204 * also ensure specified peer is this context or an
1205 * invalid one.
1206 */
1207 if (queue_pair_entry->qp.handle.context != context_id ||
1208 (queue_pair_entry->qp.peer != VMCI_INVALID_ID &&
1209 queue_pair_entry->qp.peer != context_id)) {
1210 result = VMCI_ERROR_NO_ACCESS;
1211 goto error;
1212 }
1213
1214 if (queue_pair_entry->qp.flags & VMCI_QPFLAG_ATTACH_ONLY) {
1215 result = VMCI_ERROR_NOT_FOUND;
1216 goto error;
1217 }
1218 } else {
1219 result = qp_alloc_hypercall(queue_pair_entry);
1220 if (result < VMCI_SUCCESS) {
1221 pr_warn("qp_alloc_hypercall result = %d\n", result);
1222 goto error;
1223 }
1224 }
1225
1226 qp_init_queue_mutex((struct vmci_queue *)my_produce_q,
1227 (struct vmci_queue *)my_consume_q);
1228
1229 qp_list_add_entry(&qp_guest_endpoints, &queue_pair_entry->qp);
1230
1231 out:
1232 queue_pair_entry->qp.ref_count++;
1233 *handle = queue_pair_entry->qp.handle;
1234 *produce_q = (struct vmci_queue *)my_produce_q;
1235 *consume_q = (struct vmci_queue *)my_consume_q;
1236
1237 /*
1238 * We should initialize the queue pair header pages on a local
1239 * queue pair create. For non-local queue pairs, the
1240 * hypervisor initializes the header pages in the create step.
1241 */
1242 if ((queue_pair_entry->qp.flags & VMCI_QPFLAG_LOCAL) &&
1243 queue_pair_entry->qp.ref_count == 1) {
1244 vmci_q_header_init((*produce_q)->q_header, *handle);
1245 vmci_q_header_init((*consume_q)->q_header, *handle);
1246 }
1247
1248 mutex_unlock(&qp_guest_endpoints.mutex);
1249
1250 return VMCI_SUCCESS;
1251
1252 error:
1253 mutex_unlock(&qp_guest_endpoints.mutex);
1254 if (queue_pair_entry) {
1255 /* The queues will be freed inside the destroy routine. */
1256 qp_guest_endpoint_destroy(queue_pair_entry);
1257 } else {
1258 qp_free_queue(my_produce_q, produce_size);
1259 qp_free_queue(my_consume_q, consume_size);
1260 }
1261 return result;
1262
1263 error_keep_entry:
1264 /* This path should only be used when an existing entry was found. */
1265 mutex_unlock(&qp_guest_endpoints.mutex);
1266 return result;
1267 }
1268
1269 /*
1270 * The first endpoint issuing a queue pair allocation will create the state
1271 * of the queue pair in the queue pair broker.
1272 *
1273 * If the creator is a guest, it will associate a VMX virtual address range
1274 * with the queue pair as specified by the page_store. For compatibility with
1275 * older VMX'en, that would use a separate step to set the VMX virtual
1276 * address range, the virtual address range can be registered later using
1277 * vmci_qp_broker_set_page_store. In that case, a page_store of NULL should be
1278 * used.
1279 *
1280 * If the creator is the host, a page_store of NULL should be used as well,
1281 * since the host is not able to supply a page store for the queue pair.
1282 *
1283 * For older VMX and host callers, the queue pair will be created in the
1284 * VMCIQPB_CREATED_NO_MEM state, and for current VMX callers, it will be
1285 * created in VMCOQPB_CREATED_MEM state.
1286 */
qp_broker_create(struct vmci_handle handle,u32 peer,u32 flags,u32 priv_flags,u64 produce_size,u64 consume_size,struct vmci_qp_page_store * page_store,struct vmci_ctx * context,vmci_event_release_cb wakeup_cb,void * client_data,struct qp_broker_entry ** ent)1287 static int qp_broker_create(struct vmci_handle handle,
1288 u32 peer,
1289 u32 flags,
1290 u32 priv_flags,
1291 u64 produce_size,
1292 u64 consume_size,
1293 struct vmci_qp_page_store *page_store,
1294 struct vmci_ctx *context,
1295 vmci_event_release_cb wakeup_cb,
1296 void *client_data, struct qp_broker_entry **ent)
1297 {
1298 struct qp_broker_entry *entry = NULL;
1299 const u32 context_id = vmci_ctx_get_id(context);
1300 bool is_local = flags & VMCI_QPFLAG_LOCAL;
1301 int result;
1302 u64 guest_produce_size;
1303 u64 guest_consume_size;
1304
1305 /* Do not create if the caller asked not to. */
1306 if (flags & VMCI_QPFLAG_ATTACH_ONLY)
1307 return VMCI_ERROR_NOT_FOUND;
1308
1309 /*
1310 * Creator's context ID should match handle's context ID or the creator
1311 * must allow the context in handle's context ID as the "peer".
1312 */
1313 if (handle.context != context_id && handle.context != peer)
1314 return VMCI_ERROR_NO_ACCESS;
1315
1316 if (VMCI_CONTEXT_IS_VM(context_id) && VMCI_CONTEXT_IS_VM(peer))
1317 return VMCI_ERROR_DST_UNREACHABLE;
1318
1319 /*
1320 * Creator's context ID for local queue pairs should match the
1321 * peer, if a peer is specified.
1322 */
1323 if (is_local && peer != VMCI_INVALID_ID && context_id != peer)
1324 return VMCI_ERROR_NO_ACCESS;
1325
1326 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1327 if (!entry)
1328 return VMCI_ERROR_NO_MEM;
1329
1330 if (vmci_ctx_get_id(context) == VMCI_HOST_CONTEXT_ID && !is_local) {
1331 /*
1332 * The queue pair broker entry stores values from the guest
1333 * point of view, so a creating host side endpoint should swap
1334 * produce and consume values -- unless it is a local queue
1335 * pair, in which case no swapping is necessary, since the local
1336 * attacher will swap queues.
1337 */
1338
1339 guest_produce_size = consume_size;
1340 guest_consume_size = produce_size;
1341 } else {
1342 guest_produce_size = produce_size;
1343 guest_consume_size = consume_size;
1344 }
1345
1346 entry->qp.handle = handle;
1347 entry->qp.peer = peer;
1348 entry->qp.flags = flags;
1349 entry->qp.produce_size = guest_produce_size;
1350 entry->qp.consume_size = guest_consume_size;
1351 entry->qp.ref_count = 1;
1352 entry->create_id = context_id;
1353 entry->attach_id = VMCI_INVALID_ID;
1354 entry->state = VMCIQPB_NEW;
1355 entry->require_trusted_attach =
1356 !!(context->priv_flags & VMCI_PRIVILEGE_FLAG_RESTRICTED);
1357 entry->created_by_trusted =
1358 !!(priv_flags & VMCI_PRIVILEGE_FLAG_TRUSTED);
1359 entry->vmci_page_files = false;
1360 entry->wakeup_cb = wakeup_cb;
1361 entry->client_data = client_data;
1362 entry->produce_q = qp_host_alloc_queue(guest_produce_size);
1363 if (entry->produce_q == NULL) {
1364 result = VMCI_ERROR_NO_MEM;
1365 goto error;
1366 }
1367 entry->consume_q = qp_host_alloc_queue(guest_consume_size);
1368 if (entry->consume_q == NULL) {
1369 result = VMCI_ERROR_NO_MEM;
1370 goto error;
1371 }
1372
1373 qp_init_queue_mutex(entry->produce_q, entry->consume_q);
1374
1375 INIT_LIST_HEAD(&entry->qp.list_item);
1376
1377 if (is_local) {
1378 u8 *tmp;
1379
1380 entry->local_mem = kcalloc(QPE_NUM_PAGES(entry->qp),
1381 PAGE_SIZE, GFP_KERNEL);
1382 if (entry->local_mem == NULL) {
1383 result = VMCI_ERROR_NO_MEM;
1384 goto error;
1385 }
1386 entry->state = VMCIQPB_CREATED_MEM;
1387 entry->produce_q->q_header = entry->local_mem;
1388 tmp = (u8 *)entry->local_mem + PAGE_SIZE *
1389 (DIV_ROUND_UP(entry->qp.produce_size, PAGE_SIZE) + 1);
1390 entry->consume_q->q_header = (struct vmci_queue_header *)tmp;
1391 } else if (page_store) {
1392 /*
1393 * The VMX already initialized the queue pair headers, so no
1394 * need for the kernel side to do that.
1395 */
1396 result = qp_host_register_user_memory(page_store,
1397 entry->produce_q,
1398 entry->consume_q);
1399 if (result < VMCI_SUCCESS)
1400 goto error;
1401
1402 entry->state = VMCIQPB_CREATED_MEM;
1403 } else {
1404 /*
1405 * A create without a page_store may be either a host
1406 * side create (in which case we are waiting for the
1407 * guest side to supply the memory) or an old style
1408 * queue pair create (in which case we will expect a
1409 * set page store call as the next step).
1410 */
1411 entry->state = VMCIQPB_CREATED_NO_MEM;
1412 }
1413
1414 qp_list_add_entry(&qp_broker_list, &entry->qp);
1415 if (ent != NULL)
1416 *ent = entry;
1417
1418 /* Add to resource obj */
1419 result = vmci_resource_add(&entry->resource,
1420 VMCI_RESOURCE_TYPE_QPAIR_HOST,
1421 handle);
1422 if (result != VMCI_SUCCESS) {
1423 pr_warn("Failed to add new resource (handle=0x%x:0x%x), error: %d",
1424 handle.context, handle.resource, result);
1425 goto error;
1426 }
1427
1428 entry->qp.handle = vmci_resource_handle(&entry->resource);
1429 if (is_local) {
1430 vmci_q_header_init(entry->produce_q->q_header,
1431 entry->qp.handle);
1432 vmci_q_header_init(entry->consume_q->q_header,
1433 entry->qp.handle);
1434 }
1435
1436 vmci_ctx_qp_create(context, entry->qp.handle);
1437
1438 return VMCI_SUCCESS;
1439
1440 error:
1441 if (entry != NULL) {
1442 qp_host_free_queue(entry->produce_q, guest_produce_size);
1443 qp_host_free_queue(entry->consume_q, guest_consume_size);
1444 kfree(entry);
1445 }
1446
1447 return result;
1448 }
1449
1450 /*
1451 * Enqueues an event datagram to notify the peer VM attached to
1452 * the given queue pair handle about attach/detach event by the
1453 * given VM. Returns Payload size of datagram enqueued on
1454 * success, error code otherwise.
1455 */
qp_notify_peer(bool attach,struct vmci_handle handle,u32 my_id,u32 peer_id)1456 static int qp_notify_peer(bool attach,
1457 struct vmci_handle handle,
1458 u32 my_id,
1459 u32 peer_id)
1460 {
1461 int rv;
1462 struct vmci_event_qp ev;
1463
1464 if (vmci_handle_is_invalid(handle) || my_id == VMCI_INVALID_ID ||
1465 peer_id == VMCI_INVALID_ID)
1466 return VMCI_ERROR_INVALID_ARGS;
1467
1468 /*
1469 * In vmci_ctx_enqueue_datagram() we enforce the upper limit on
1470 * number of pending events from the hypervisor to a given VM
1471 * otherwise a rogue VM could do an arbitrary number of attach
1472 * and detach operations causing memory pressure in the host
1473 * kernel.
1474 */
1475
1476 ev.msg.hdr.dst = vmci_make_handle(peer_id, VMCI_EVENT_HANDLER);
1477 ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
1478 VMCI_CONTEXT_RESOURCE_ID);
1479 ev.msg.hdr.payload_size = sizeof(ev) - sizeof(ev.msg.hdr);
1480 ev.msg.event_data.event = attach ?
1481 VMCI_EVENT_QP_PEER_ATTACH : VMCI_EVENT_QP_PEER_DETACH;
1482 ev.payload.handle = handle;
1483 ev.payload.peer_id = my_id;
1484
1485 rv = vmci_datagram_dispatch(VMCI_HYPERVISOR_CONTEXT_ID,
1486 &ev.msg.hdr, false);
1487 if (rv < VMCI_SUCCESS)
1488 pr_warn("Failed to enqueue queue_pair %s event datagram for context (ID=0x%x)\n",
1489 attach ? "ATTACH" : "DETACH", peer_id);
1490
1491 return rv;
1492 }
1493
1494 /*
1495 * The second endpoint issuing a queue pair allocation will attach to
1496 * the queue pair registered with the queue pair broker.
1497 *
1498 * If the attacher is a guest, it will associate a VMX virtual address
1499 * range with the queue pair as specified by the page_store. At this
1500 * point, the already attach host endpoint may start using the queue
1501 * pair, and an attach event is sent to it. For compatibility with
1502 * older VMX'en, that used a separate step to set the VMX virtual
1503 * address range, the virtual address range can be registered later
1504 * using vmci_qp_broker_set_page_store. In that case, a page_store of
1505 * NULL should be used, and the attach event will be generated once
1506 * the actual page store has been set.
1507 *
1508 * If the attacher is the host, a page_store of NULL should be used as
1509 * well, since the page store information is already set by the guest.
1510 *
1511 * For new VMX and host callers, the queue pair will be moved to the
1512 * VMCIQPB_ATTACHED_MEM state, and for older VMX callers, it will be
1513 * moved to the VMCOQPB_ATTACHED_NO_MEM state.
1514 */
qp_broker_attach(struct qp_broker_entry * entry,u32 peer,u32 flags,u32 priv_flags,u64 produce_size,u64 consume_size,struct vmci_qp_page_store * page_store,struct vmci_ctx * context,vmci_event_release_cb wakeup_cb,void * client_data,struct qp_broker_entry ** ent)1515 static int qp_broker_attach(struct qp_broker_entry *entry,
1516 u32 peer,
1517 u32 flags,
1518 u32 priv_flags,
1519 u64 produce_size,
1520 u64 consume_size,
1521 struct vmci_qp_page_store *page_store,
1522 struct vmci_ctx *context,
1523 vmci_event_release_cb wakeup_cb,
1524 void *client_data,
1525 struct qp_broker_entry **ent)
1526 {
1527 const u32 context_id = vmci_ctx_get_id(context);
1528 bool is_local = flags & VMCI_QPFLAG_LOCAL;
1529 int result;
1530
1531 if (entry->state != VMCIQPB_CREATED_NO_MEM &&
1532 entry->state != VMCIQPB_CREATED_MEM)
1533 return VMCI_ERROR_UNAVAILABLE;
1534
1535 if (is_local) {
1536 if (!(entry->qp.flags & VMCI_QPFLAG_LOCAL) ||
1537 context_id != entry->create_id) {
1538 return VMCI_ERROR_INVALID_ARGS;
1539 }
1540 } else if (context_id == entry->create_id ||
1541 context_id == entry->attach_id) {
1542 return VMCI_ERROR_ALREADY_EXISTS;
1543 }
1544
1545 if (VMCI_CONTEXT_IS_VM(context_id) &&
1546 VMCI_CONTEXT_IS_VM(entry->create_id))
1547 return VMCI_ERROR_DST_UNREACHABLE;
1548
1549 /*
1550 * If we are attaching from a restricted context then the queuepair
1551 * must have been created by a trusted endpoint.
1552 */
1553 if ((context->priv_flags & VMCI_PRIVILEGE_FLAG_RESTRICTED) &&
1554 !entry->created_by_trusted)
1555 return VMCI_ERROR_NO_ACCESS;
1556
1557 /*
1558 * If we are attaching to a queuepair that was created by a restricted
1559 * context then we must be trusted.
1560 */
1561 if (entry->require_trusted_attach &&
1562 (!(priv_flags & VMCI_PRIVILEGE_FLAG_TRUSTED)))
1563 return VMCI_ERROR_NO_ACCESS;
1564
1565 /*
1566 * If the creator specifies VMCI_INVALID_ID in "peer" field, access
1567 * control check is not performed.
1568 */
1569 if (entry->qp.peer != VMCI_INVALID_ID && entry->qp.peer != context_id)
1570 return VMCI_ERROR_NO_ACCESS;
1571
1572 if (entry->create_id == VMCI_HOST_CONTEXT_ID) {
1573 /*
1574 * Do not attach if the caller doesn't support Host Queue Pairs
1575 * and a host created this queue pair.
1576 */
1577
1578 if (!vmci_ctx_supports_host_qp(context))
1579 return VMCI_ERROR_INVALID_RESOURCE;
1580
1581 } else if (context_id == VMCI_HOST_CONTEXT_ID) {
1582 struct vmci_ctx *create_context;
1583 bool supports_host_qp;
1584
1585 /*
1586 * Do not attach a host to a user created queue pair if that
1587 * user doesn't support host queue pair end points.
1588 */
1589
1590 create_context = vmci_ctx_get(entry->create_id);
1591 supports_host_qp = vmci_ctx_supports_host_qp(create_context);
1592 vmci_ctx_put(create_context);
1593
1594 if (!supports_host_qp)
1595 return VMCI_ERROR_INVALID_RESOURCE;
1596 }
1597
1598 if ((entry->qp.flags & ~VMCI_QP_ASYMM) != (flags & ~VMCI_QP_ASYMM_PEER))
1599 return VMCI_ERROR_QUEUEPAIR_MISMATCH;
1600
1601 if (context_id != VMCI_HOST_CONTEXT_ID) {
1602 /*
1603 * The queue pair broker entry stores values from the guest
1604 * point of view, so an attaching guest should match the values
1605 * stored in the entry.
1606 */
1607
1608 if (entry->qp.produce_size != produce_size ||
1609 entry->qp.consume_size != consume_size) {
1610 return VMCI_ERROR_QUEUEPAIR_MISMATCH;
1611 }
1612 } else if (entry->qp.produce_size != consume_size ||
1613 entry->qp.consume_size != produce_size) {
1614 return VMCI_ERROR_QUEUEPAIR_MISMATCH;
1615 }
1616
1617 if (context_id != VMCI_HOST_CONTEXT_ID) {
1618 /*
1619 * If a guest attached to a queue pair, it will supply
1620 * the backing memory. If this is a pre NOVMVM vmx,
1621 * the backing memory will be supplied by calling
1622 * vmci_qp_broker_set_page_store() following the
1623 * return of the vmci_qp_broker_alloc() call. If it is
1624 * a vmx of version NOVMVM or later, the page store
1625 * must be supplied as part of the
1626 * vmci_qp_broker_alloc call. Under all circumstances
1627 * must the initially created queue pair not have any
1628 * memory associated with it already.
1629 */
1630
1631 if (entry->state != VMCIQPB_CREATED_NO_MEM)
1632 return VMCI_ERROR_INVALID_ARGS;
1633
1634 if (page_store != NULL) {
1635 /*
1636 * Patch up host state to point to guest
1637 * supplied memory. The VMX already
1638 * initialized the queue pair headers, so no
1639 * need for the kernel side to do that.
1640 */
1641
1642 result = qp_host_register_user_memory(page_store,
1643 entry->produce_q,
1644 entry->consume_q);
1645 if (result < VMCI_SUCCESS)
1646 return result;
1647
1648 entry->state = VMCIQPB_ATTACHED_MEM;
1649 } else {
1650 entry->state = VMCIQPB_ATTACHED_NO_MEM;
1651 }
1652 } else if (entry->state == VMCIQPB_CREATED_NO_MEM) {
1653 /*
1654 * The host side is attempting to attach to a queue
1655 * pair that doesn't have any memory associated with
1656 * it. This must be a pre NOVMVM vmx that hasn't set
1657 * the page store information yet, or a quiesced VM.
1658 */
1659
1660 return VMCI_ERROR_UNAVAILABLE;
1661 } else {
1662 /* The host side has successfully attached to a queue pair. */
1663 entry->state = VMCIQPB_ATTACHED_MEM;
1664 }
1665
1666 if (entry->state == VMCIQPB_ATTACHED_MEM) {
1667 result =
1668 qp_notify_peer(true, entry->qp.handle, context_id,
1669 entry->create_id);
1670 if (result < VMCI_SUCCESS)
1671 pr_warn("Failed to notify peer (ID=0x%x) of attach to queue pair (handle=0x%x:0x%x)\n",
1672 entry->create_id, entry->qp.handle.context,
1673 entry->qp.handle.resource);
1674 }
1675
1676 entry->attach_id = context_id;
1677 entry->qp.ref_count++;
1678 if (wakeup_cb) {
1679 entry->wakeup_cb = wakeup_cb;
1680 entry->client_data = client_data;
1681 }
1682
1683 /*
1684 * When attaching to local queue pairs, the context already has
1685 * an entry tracking the queue pair, so don't add another one.
1686 */
1687 if (!is_local)
1688 vmci_ctx_qp_create(context, entry->qp.handle);
1689
1690 if (ent != NULL)
1691 *ent = entry;
1692
1693 return VMCI_SUCCESS;
1694 }
1695
1696 /*
1697 * queue_pair_Alloc for use when setting up queue pair endpoints
1698 * on the host.
1699 */
qp_broker_alloc(struct vmci_handle handle,u32 peer,u32 flags,u32 priv_flags,u64 produce_size,u64 consume_size,struct vmci_qp_page_store * page_store,struct vmci_ctx * context,vmci_event_release_cb wakeup_cb,void * client_data,struct qp_broker_entry ** ent,bool * swap)1700 static int qp_broker_alloc(struct vmci_handle handle,
1701 u32 peer,
1702 u32 flags,
1703 u32 priv_flags,
1704 u64 produce_size,
1705 u64 consume_size,
1706 struct vmci_qp_page_store *page_store,
1707 struct vmci_ctx *context,
1708 vmci_event_release_cb wakeup_cb,
1709 void *client_data,
1710 struct qp_broker_entry **ent,
1711 bool *swap)
1712 {
1713 const u32 context_id = vmci_ctx_get_id(context);
1714 bool create;
1715 struct qp_broker_entry *entry = NULL;
1716 bool is_local = flags & VMCI_QPFLAG_LOCAL;
1717 int result;
1718
1719 if (vmci_handle_is_invalid(handle) ||
1720 (flags & ~VMCI_QP_ALL_FLAGS) || is_local ||
1721 !(produce_size || consume_size) ||
1722 !context || context_id == VMCI_INVALID_ID ||
1723 handle.context == VMCI_INVALID_ID) {
1724 return VMCI_ERROR_INVALID_ARGS;
1725 }
1726
1727 if (page_store && !VMCI_QP_PAGESTORE_IS_WELLFORMED(page_store))
1728 return VMCI_ERROR_INVALID_ARGS;
1729
1730 /*
1731 * In the initial argument check, we ensure that non-vmkernel hosts
1732 * are not allowed to create local queue pairs.
1733 */
1734
1735 mutex_lock(&qp_broker_list.mutex);
1736
1737 if (!is_local && vmci_ctx_qp_exists(context, handle)) {
1738 pr_devel("Context (ID=0x%x) already attached to queue pair (handle=0x%x:0x%x)\n",
1739 context_id, handle.context, handle.resource);
1740 mutex_unlock(&qp_broker_list.mutex);
1741 return VMCI_ERROR_ALREADY_EXISTS;
1742 }
1743
1744 if (handle.resource != VMCI_INVALID_ID)
1745 entry = qp_broker_handle_to_entry(handle);
1746
1747 if (!entry) {
1748 create = true;
1749 result =
1750 qp_broker_create(handle, peer, flags, priv_flags,
1751 produce_size, consume_size, page_store,
1752 context, wakeup_cb, client_data, ent);
1753 } else {
1754 create = false;
1755 result =
1756 qp_broker_attach(entry, peer, flags, priv_flags,
1757 produce_size, consume_size, page_store,
1758 context, wakeup_cb, client_data, ent);
1759 }
1760
1761 mutex_unlock(&qp_broker_list.mutex);
1762
1763 if (swap)
1764 *swap = (context_id == VMCI_HOST_CONTEXT_ID) &&
1765 !(create && is_local);
1766
1767 return result;
1768 }
1769
1770 /*
1771 * This function implements the kernel API for allocating a queue
1772 * pair.
1773 */
qp_alloc_host_work(struct vmci_handle * handle,struct vmci_queue ** produce_q,u64 produce_size,struct vmci_queue ** consume_q,u64 consume_size,u32 peer,u32 flags,u32 priv_flags,vmci_event_release_cb wakeup_cb,void * client_data)1774 static int qp_alloc_host_work(struct vmci_handle *handle,
1775 struct vmci_queue **produce_q,
1776 u64 produce_size,
1777 struct vmci_queue **consume_q,
1778 u64 consume_size,
1779 u32 peer,
1780 u32 flags,
1781 u32 priv_flags,
1782 vmci_event_release_cb wakeup_cb,
1783 void *client_data)
1784 {
1785 struct vmci_handle new_handle;
1786 struct vmci_ctx *context;
1787 struct qp_broker_entry *entry;
1788 int result;
1789 bool swap;
1790
1791 if (vmci_handle_is_invalid(*handle)) {
1792 new_handle = vmci_make_handle(
1793 VMCI_HOST_CONTEXT_ID, VMCI_INVALID_ID);
1794 } else
1795 new_handle = *handle;
1796
1797 context = vmci_ctx_get(VMCI_HOST_CONTEXT_ID);
1798 entry = NULL;
1799 result =
1800 qp_broker_alloc(new_handle, peer, flags, priv_flags,
1801 produce_size, consume_size, NULL, context,
1802 wakeup_cb, client_data, &entry, &swap);
1803 if (result == VMCI_SUCCESS) {
1804 if (swap) {
1805 /*
1806 * If this is a local queue pair, the attacher
1807 * will swap around produce and consume
1808 * queues.
1809 */
1810
1811 *produce_q = entry->consume_q;
1812 *consume_q = entry->produce_q;
1813 } else {
1814 *produce_q = entry->produce_q;
1815 *consume_q = entry->consume_q;
1816 }
1817
1818 *handle = vmci_resource_handle(&entry->resource);
1819 } else {
1820 *handle = VMCI_INVALID_HANDLE;
1821 pr_devel("queue pair broker failed to alloc (result=%d)\n",
1822 result);
1823 }
1824 vmci_ctx_put(context);
1825 return result;
1826 }
1827
1828 /*
1829 * Allocates a VMCI queue_pair. Only checks validity of input
1830 * arguments. The real work is done in the host or guest
1831 * specific function.
1832 */
vmci_qp_alloc(struct vmci_handle * handle,struct vmci_queue ** produce_q,u64 produce_size,struct vmci_queue ** consume_q,u64 consume_size,u32 peer,u32 flags,u32 priv_flags,bool guest_endpoint,vmci_event_release_cb wakeup_cb,void * client_data)1833 int vmci_qp_alloc(struct vmci_handle *handle,
1834 struct vmci_queue **produce_q,
1835 u64 produce_size,
1836 struct vmci_queue **consume_q,
1837 u64 consume_size,
1838 u32 peer,
1839 u32 flags,
1840 u32 priv_flags,
1841 bool guest_endpoint,
1842 vmci_event_release_cb wakeup_cb,
1843 void *client_data)
1844 {
1845 if (!handle || !produce_q || !consume_q ||
1846 (!produce_size && !consume_size) || (flags & ~VMCI_QP_ALL_FLAGS))
1847 return VMCI_ERROR_INVALID_ARGS;
1848
1849 if (guest_endpoint) {
1850 return qp_alloc_guest_work(handle, produce_q,
1851 produce_size, consume_q,
1852 consume_size, peer,
1853 flags, priv_flags);
1854 } else {
1855 return qp_alloc_host_work(handle, produce_q,
1856 produce_size, consume_q,
1857 consume_size, peer, flags,
1858 priv_flags, wakeup_cb, client_data);
1859 }
1860 }
1861
1862 /*
1863 * This function implements the host kernel API for detaching from
1864 * a queue pair.
1865 */
qp_detatch_host_work(struct vmci_handle handle)1866 static int qp_detatch_host_work(struct vmci_handle handle)
1867 {
1868 int result;
1869 struct vmci_ctx *context;
1870
1871 context = vmci_ctx_get(VMCI_HOST_CONTEXT_ID);
1872
1873 result = vmci_qp_broker_detach(handle, context);
1874
1875 vmci_ctx_put(context);
1876 return result;
1877 }
1878
1879 /*
1880 * Detaches from a VMCI queue_pair. Only checks validity of input argument.
1881 * Real work is done in the host or guest specific function.
1882 */
qp_detatch(struct vmci_handle handle,bool guest_endpoint)1883 static int qp_detatch(struct vmci_handle handle, bool guest_endpoint)
1884 {
1885 if (vmci_handle_is_invalid(handle))
1886 return VMCI_ERROR_INVALID_ARGS;
1887
1888 if (guest_endpoint)
1889 return qp_detatch_guest_work(handle);
1890 else
1891 return qp_detatch_host_work(handle);
1892 }
1893
1894 /*
1895 * Returns the entry from the head of the list. Assumes that the list is
1896 * locked.
1897 */
qp_list_get_head(struct qp_list * qp_list)1898 static struct qp_entry *qp_list_get_head(struct qp_list *qp_list)
1899 {
1900 if (!list_empty(&qp_list->head)) {
1901 struct qp_entry *entry =
1902 list_first_entry(&qp_list->head, struct qp_entry,
1903 list_item);
1904 return entry;
1905 }
1906
1907 return NULL;
1908 }
1909
vmci_qp_broker_exit(void)1910 void vmci_qp_broker_exit(void)
1911 {
1912 struct qp_entry *entry;
1913 struct qp_broker_entry *be;
1914
1915 mutex_lock(&qp_broker_list.mutex);
1916
1917 while ((entry = qp_list_get_head(&qp_broker_list))) {
1918 be = (struct qp_broker_entry *)entry;
1919
1920 qp_list_remove_entry(&qp_broker_list, entry);
1921 kfree(be);
1922 }
1923
1924 mutex_unlock(&qp_broker_list.mutex);
1925 }
1926
1927 /*
1928 * Requests that a queue pair be allocated with the VMCI queue
1929 * pair broker. Allocates a queue pair entry if one does not
1930 * exist. Attaches to one if it exists, and retrieves the page
1931 * files backing that queue_pair. Assumes that the queue pair
1932 * broker lock is held.
1933 */
vmci_qp_broker_alloc(struct vmci_handle handle,u32 peer,u32 flags,u32 priv_flags,u64 produce_size,u64 consume_size,struct vmci_qp_page_store * page_store,struct vmci_ctx * context)1934 int vmci_qp_broker_alloc(struct vmci_handle handle,
1935 u32 peer,
1936 u32 flags,
1937 u32 priv_flags,
1938 u64 produce_size,
1939 u64 consume_size,
1940 struct vmci_qp_page_store *page_store,
1941 struct vmci_ctx *context)
1942 {
1943 return qp_broker_alloc(handle, peer, flags, priv_flags,
1944 produce_size, consume_size,
1945 page_store, context, NULL, NULL, NULL, NULL);
1946 }
1947
1948 /*
1949 * VMX'en with versions lower than VMCI_VERSION_NOVMVM use a separate
1950 * step to add the UVAs of the VMX mapping of the queue pair. This function
1951 * provides backwards compatibility with such VMX'en, and takes care of
1952 * registering the page store for a queue pair previously allocated by the
1953 * VMX during create or attach. This function will move the queue pair state
1954 * to either from VMCIQBP_CREATED_NO_MEM to VMCIQBP_CREATED_MEM or
1955 * VMCIQBP_ATTACHED_NO_MEM to VMCIQBP_ATTACHED_MEM. If moving to the
1956 * attached state with memory, the queue pair is ready to be used by the
1957 * host peer, and an attached event will be generated.
1958 *
1959 * Assumes that the queue pair broker lock is held.
1960 *
1961 * This function is only used by the hosted platform, since there is no
1962 * issue with backwards compatibility for vmkernel.
1963 */
vmci_qp_broker_set_page_store(struct vmci_handle handle,u64 produce_uva,u64 consume_uva,struct vmci_ctx * context)1964 int vmci_qp_broker_set_page_store(struct vmci_handle handle,
1965 u64 produce_uva,
1966 u64 consume_uva,
1967 struct vmci_ctx *context)
1968 {
1969 struct qp_broker_entry *entry;
1970 int result;
1971 const u32 context_id = vmci_ctx_get_id(context);
1972
1973 if (vmci_handle_is_invalid(handle) || !context ||
1974 context_id == VMCI_INVALID_ID)
1975 return VMCI_ERROR_INVALID_ARGS;
1976
1977 /*
1978 * We only support guest to host queue pairs, so the VMX must
1979 * supply UVAs for the mapped page files.
1980 */
1981
1982 if (produce_uva == 0 || consume_uva == 0)
1983 return VMCI_ERROR_INVALID_ARGS;
1984
1985 mutex_lock(&qp_broker_list.mutex);
1986
1987 if (!vmci_ctx_qp_exists(context, handle)) {
1988 pr_warn("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n",
1989 context_id, handle.context, handle.resource);
1990 result = VMCI_ERROR_NOT_FOUND;
1991 goto out;
1992 }
1993
1994 entry = qp_broker_handle_to_entry(handle);
1995 if (!entry) {
1996 result = VMCI_ERROR_NOT_FOUND;
1997 goto out;
1998 }
1999
2000 /*
2001 * If I'm the owner then I can set the page store.
2002 *
2003 * Or, if a host created the queue_pair and I'm the attached peer
2004 * then I can set the page store.
2005 */
2006 if (entry->create_id != context_id &&
2007 (entry->create_id != VMCI_HOST_CONTEXT_ID ||
2008 entry->attach_id != context_id)) {
2009 result = VMCI_ERROR_QUEUEPAIR_NOTOWNER;
2010 goto out;
2011 }
2012
2013 if (entry->state != VMCIQPB_CREATED_NO_MEM &&
2014 entry->state != VMCIQPB_ATTACHED_NO_MEM) {
2015 result = VMCI_ERROR_UNAVAILABLE;
2016 goto out;
2017 }
2018
2019 result = qp_host_get_user_memory(produce_uva, consume_uva,
2020 entry->produce_q, entry->consume_q);
2021 if (result < VMCI_SUCCESS)
2022 goto out;
2023
2024 result = qp_host_map_queues(entry->produce_q, entry->consume_q);
2025 if (result < VMCI_SUCCESS) {
2026 qp_host_unregister_user_memory(entry->produce_q,
2027 entry->consume_q);
2028 goto out;
2029 }
2030
2031 if (entry->state == VMCIQPB_CREATED_NO_MEM)
2032 entry->state = VMCIQPB_CREATED_MEM;
2033 else
2034 entry->state = VMCIQPB_ATTACHED_MEM;
2035
2036 entry->vmci_page_files = true;
2037
2038 if (entry->state == VMCIQPB_ATTACHED_MEM) {
2039 result =
2040 qp_notify_peer(true, handle, context_id, entry->create_id);
2041 if (result < VMCI_SUCCESS) {
2042 pr_warn("Failed to notify peer (ID=0x%x) of attach to queue pair (handle=0x%x:0x%x)\n",
2043 entry->create_id, entry->qp.handle.context,
2044 entry->qp.handle.resource);
2045 }
2046 }
2047
2048 result = VMCI_SUCCESS;
2049 out:
2050 mutex_unlock(&qp_broker_list.mutex);
2051 return result;
2052 }
2053
2054 /*
2055 * Resets saved queue headers for the given QP broker
2056 * entry. Should be used when guest memory becomes available
2057 * again, or the guest detaches.
2058 */
qp_reset_saved_headers(struct qp_broker_entry * entry)2059 static void qp_reset_saved_headers(struct qp_broker_entry *entry)
2060 {
2061 entry->produce_q->saved_header = NULL;
2062 entry->consume_q->saved_header = NULL;
2063 }
2064
2065 /*
2066 * The main entry point for detaching from a queue pair registered with the
2067 * queue pair broker. If more than one endpoint is attached to the queue
2068 * pair, the first endpoint will mainly decrement a reference count and
2069 * generate a notification to its peer. The last endpoint will clean up
2070 * the queue pair state registered with the broker.
2071 *
2072 * When a guest endpoint detaches, it will unmap and unregister the guest
2073 * memory backing the queue pair. If the host is still attached, it will
2074 * no longer be able to access the queue pair content.
2075 *
2076 * If the queue pair is already in a state where there is no memory
2077 * registered for the queue pair (any *_NO_MEM state), it will transition to
2078 * the VMCIQPB_SHUTDOWN_NO_MEM state. This will also happen, if a guest
2079 * endpoint is the first of two endpoints to detach. If the host endpoint is
2080 * the first out of two to detach, the queue pair will move to the
2081 * VMCIQPB_SHUTDOWN_MEM state.
2082 */
vmci_qp_broker_detach(struct vmci_handle handle,struct vmci_ctx * context)2083 int vmci_qp_broker_detach(struct vmci_handle handle, struct vmci_ctx *context)
2084 {
2085 struct qp_broker_entry *entry;
2086 const u32 context_id = vmci_ctx_get_id(context);
2087 u32 peer_id;
2088 bool is_local = false;
2089 int result;
2090
2091 if (vmci_handle_is_invalid(handle) || !context ||
2092 context_id == VMCI_INVALID_ID) {
2093 return VMCI_ERROR_INVALID_ARGS;
2094 }
2095
2096 mutex_lock(&qp_broker_list.mutex);
2097
2098 if (!vmci_ctx_qp_exists(context, handle)) {
2099 pr_devel("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n",
2100 context_id, handle.context, handle.resource);
2101 result = VMCI_ERROR_NOT_FOUND;
2102 goto out;
2103 }
2104
2105 entry = qp_broker_handle_to_entry(handle);
2106 if (!entry) {
2107 pr_devel("Context (ID=0x%x) reports being attached to queue pair(handle=0x%x:0x%x) that isn't present in broker\n",
2108 context_id, handle.context, handle.resource);
2109 result = VMCI_ERROR_NOT_FOUND;
2110 goto out;
2111 }
2112
2113 if (context_id != entry->create_id && context_id != entry->attach_id) {
2114 result = VMCI_ERROR_QUEUEPAIR_NOTATTACHED;
2115 goto out;
2116 }
2117
2118 if (context_id == entry->create_id) {
2119 peer_id = entry->attach_id;
2120 entry->create_id = VMCI_INVALID_ID;
2121 } else {
2122 peer_id = entry->create_id;
2123 entry->attach_id = VMCI_INVALID_ID;
2124 }
2125 entry->qp.ref_count--;
2126
2127 is_local = entry->qp.flags & VMCI_QPFLAG_LOCAL;
2128
2129 if (context_id != VMCI_HOST_CONTEXT_ID) {
2130 bool headers_mapped;
2131
2132 /*
2133 * Pre NOVMVM vmx'en may detach from a queue pair
2134 * before setting the page store, and in that case
2135 * there is no user memory to detach from. Also, more
2136 * recent VMX'en may detach from a queue pair in the
2137 * quiesced state.
2138 */
2139
2140 qp_acquire_queue_mutex(entry->produce_q);
2141 headers_mapped = entry->produce_q->q_header ||
2142 entry->consume_q->q_header;
2143 if (QPBROKERSTATE_HAS_MEM(entry)) {
2144 result =
2145 qp_host_unmap_queues(INVALID_VMCI_GUEST_MEM_ID,
2146 entry->produce_q,
2147 entry->consume_q);
2148 if (result < VMCI_SUCCESS)
2149 pr_warn("Failed to unmap queue headers for queue pair (handle=0x%x:0x%x,result=%d)\n",
2150 handle.context, handle.resource,
2151 result);
2152
2153 qp_host_unregister_user_memory(entry->produce_q,
2154 entry->consume_q);
2155
2156 }
2157
2158 if (!headers_mapped)
2159 qp_reset_saved_headers(entry);
2160
2161 qp_release_queue_mutex(entry->produce_q);
2162
2163 if (!headers_mapped && entry->wakeup_cb)
2164 entry->wakeup_cb(entry->client_data);
2165
2166 } else {
2167 if (entry->wakeup_cb) {
2168 entry->wakeup_cb = NULL;
2169 entry->client_data = NULL;
2170 }
2171 }
2172
2173 if (entry->qp.ref_count == 0) {
2174 qp_list_remove_entry(&qp_broker_list, &entry->qp);
2175
2176 if (is_local)
2177 kfree(entry->local_mem);
2178
2179 qp_cleanup_queue_mutex(entry->produce_q, entry->consume_q);
2180 qp_host_free_queue(entry->produce_q, entry->qp.produce_size);
2181 qp_host_free_queue(entry->consume_q, entry->qp.consume_size);
2182 /* Unlink from resource hash table and free callback */
2183 vmci_resource_remove(&entry->resource);
2184
2185 kfree(entry);
2186
2187 vmci_ctx_qp_destroy(context, handle);
2188 } else {
2189 qp_notify_peer(false, handle, context_id, peer_id);
2190 if (context_id == VMCI_HOST_CONTEXT_ID &&
2191 QPBROKERSTATE_HAS_MEM(entry)) {
2192 entry->state = VMCIQPB_SHUTDOWN_MEM;
2193 } else {
2194 entry->state = VMCIQPB_SHUTDOWN_NO_MEM;
2195 }
2196
2197 if (!is_local)
2198 vmci_ctx_qp_destroy(context, handle);
2199
2200 }
2201 result = VMCI_SUCCESS;
2202 out:
2203 mutex_unlock(&qp_broker_list.mutex);
2204 return result;
2205 }
2206
2207 /*
2208 * Establishes the necessary mappings for a queue pair given a
2209 * reference to the queue pair guest memory. This is usually
2210 * called when a guest is unquiesced and the VMX is allowed to
2211 * map guest memory once again.
2212 */
vmci_qp_broker_map(struct vmci_handle handle,struct vmci_ctx * context,u64 guest_mem)2213 int vmci_qp_broker_map(struct vmci_handle handle,
2214 struct vmci_ctx *context,
2215 u64 guest_mem)
2216 {
2217 struct qp_broker_entry *entry;
2218 const u32 context_id = vmci_ctx_get_id(context);
2219 int result;
2220
2221 if (vmci_handle_is_invalid(handle) || !context ||
2222 context_id == VMCI_INVALID_ID)
2223 return VMCI_ERROR_INVALID_ARGS;
2224
2225 mutex_lock(&qp_broker_list.mutex);
2226
2227 if (!vmci_ctx_qp_exists(context, handle)) {
2228 pr_devel("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n",
2229 context_id, handle.context, handle.resource);
2230 result = VMCI_ERROR_NOT_FOUND;
2231 goto out;
2232 }
2233
2234 entry = qp_broker_handle_to_entry(handle);
2235 if (!entry) {
2236 pr_devel("Context (ID=0x%x) reports being attached to queue pair (handle=0x%x:0x%x) that isn't present in broker\n",
2237 context_id, handle.context, handle.resource);
2238 result = VMCI_ERROR_NOT_FOUND;
2239 goto out;
2240 }
2241
2242 if (context_id != entry->create_id && context_id != entry->attach_id) {
2243 result = VMCI_ERROR_QUEUEPAIR_NOTATTACHED;
2244 goto out;
2245 }
2246
2247 result = VMCI_SUCCESS;
2248
2249 if (context_id != VMCI_HOST_CONTEXT_ID) {
2250 struct vmci_qp_page_store page_store;
2251
2252 page_store.pages = guest_mem;
2253 page_store.len = QPE_NUM_PAGES(entry->qp);
2254
2255 qp_acquire_queue_mutex(entry->produce_q);
2256 qp_reset_saved_headers(entry);
2257 result =
2258 qp_host_register_user_memory(&page_store,
2259 entry->produce_q,
2260 entry->consume_q);
2261 qp_release_queue_mutex(entry->produce_q);
2262 if (result == VMCI_SUCCESS) {
2263 /* Move state from *_NO_MEM to *_MEM */
2264
2265 entry->state++;
2266
2267 if (entry->wakeup_cb)
2268 entry->wakeup_cb(entry->client_data);
2269 }
2270 }
2271
2272 out:
2273 mutex_unlock(&qp_broker_list.mutex);
2274 return result;
2275 }
2276
2277 /*
2278 * Saves a snapshot of the queue headers for the given QP broker
2279 * entry. Should be used when guest memory is unmapped.
2280 * Results:
2281 * VMCI_SUCCESS on success, appropriate error code if guest memory
2282 * can't be accessed..
2283 */
qp_save_headers(struct qp_broker_entry * entry)2284 static int qp_save_headers(struct qp_broker_entry *entry)
2285 {
2286 int result;
2287
2288 if (entry->produce_q->saved_header != NULL &&
2289 entry->consume_q->saved_header != NULL) {
2290 /*
2291 * If the headers have already been saved, we don't need to do
2292 * it again, and we don't want to map in the headers
2293 * unnecessarily.
2294 */
2295
2296 return VMCI_SUCCESS;
2297 }
2298
2299 if (NULL == entry->produce_q->q_header ||
2300 NULL == entry->consume_q->q_header) {
2301 result = qp_host_map_queues(entry->produce_q, entry->consume_q);
2302 if (result < VMCI_SUCCESS)
2303 return result;
2304 }
2305
2306 memcpy(&entry->saved_produce_q, entry->produce_q->q_header,
2307 sizeof(entry->saved_produce_q));
2308 entry->produce_q->saved_header = &entry->saved_produce_q;
2309 memcpy(&entry->saved_consume_q, entry->consume_q->q_header,
2310 sizeof(entry->saved_consume_q));
2311 entry->consume_q->saved_header = &entry->saved_consume_q;
2312
2313 return VMCI_SUCCESS;
2314 }
2315
2316 /*
2317 * Removes all references to the guest memory of a given queue pair, and
2318 * will move the queue pair from state *_MEM to *_NO_MEM. It is usually
2319 * called when a VM is being quiesced where access to guest memory should
2320 * avoided.
2321 */
vmci_qp_broker_unmap(struct vmci_handle handle,struct vmci_ctx * context,u32 gid)2322 int vmci_qp_broker_unmap(struct vmci_handle handle,
2323 struct vmci_ctx *context,
2324 u32 gid)
2325 {
2326 struct qp_broker_entry *entry;
2327 const u32 context_id = vmci_ctx_get_id(context);
2328 int result;
2329
2330 if (vmci_handle_is_invalid(handle) || !context ||
2331 context_id == VMCI_INVALID_ID)
2332 return VMCI_ERROR_INVALID_ARGS;
2333
2334 mutex_lock(&qp_broker_list.mutex);
2335
2336 if (!vmci_ctx_qp_exists(context, handle)) {
2337 pr_devel("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n",
2338 context_id, handle.context, handle.resource);
2339 result = VMCI_ERROR_NOT_FOUND;
2340 goto out;
2341 }
2342
2343 entry = qp_broker_handle_to_entry(handle);
2344 if (!entry) {
2345 pr_devel("Context (ID=0x%x) reports being attached to queue pair (handle=0x%x:0x%x) that isn't present in broker\n",
2346 context_id, handle.context, handle.resource);
2347 result = VMCI_ERROR_NOT_FOUND;
2348 goto out;
2349 }
2350
2351 if (context_id != entry->create_id && context_id != entry->attach_id) {
2352 result = VMCI_ERROR_QUEUEPAIR_NOTATTACHED;
2353 goto out;
2354 }
2355
2356 if (context_id != VMCI_HOST_CONTEXT_ID) {
2357 qp_acquire_queue_mutex(entry->produce_q);
2358 result = qp_save_headers(entry);
2359 if (result < VMCI_SUCCESS)
2360 pr_warn("Failed to save queue headers for queue pair (handle=0x%x:0x%x,result=%d)\n",
2361 handle.context, handle.resource, result);
2362
2363 qp_host_unmap_queues(gid, entry->produce_q, entry->consume_q);
2364
2365 /*
2366 * On hosted, when we unmap queue pairs, the VMX will also
2367 * unmap the guest memory, so we invalidate the previously
2368 * registered memory. If the queue pair is mapped again at a
2369 * later point in time, we will need to reregister the user
2370 * memory with a possibly new user VA.
2371 */
2372 qp_host_unregister_user_memory(entry->produce_q,
2373 entry->consume_q);
2374
2375 /*
2376 * Move state from *_MEM to *_NO_MEM.
2377 */
2378 entry->state--;
2379
2380 qp_release_queue_mutex(entry->produce_q);
2381 }
2382
2383 result = VMCI_SUCCESS;
2384
2385 out:
2386 mutex_unlock(&qp_broker_list.mutex);
2387 return result;
2388 }
2389
2390 /*
2391 * Destroys all guest queue pair endpoints. If active guest queue
2392 * pairs still exist, hypercalls to attempt detach from these
2393 * queue pairs will be made. Any failure to detach is silently
2394 * ignored.
2395 */
vmci_qp_guest_endpoints_exit(void)2396 void vmci_qp_guest_endpoints_exit(void)
2397 {
2398 struct qp_entry *entry;
2399 struct qp_guest_endpoint *ep;
2400
2401 mutex_lock(&qp_guest_endpoints.mutex);
2402
2403 while ((entry = qp_list_get_head(&qp_guest_endpoints))) {
2404 ep = (struct qp_guest_endpoint *)entry;
2405
2406 /* Don't make a hypercall for local queue_pairs. */
2407 if (!(entry->flags & VMCI_QPFLAG_LOCAL))
2408 qp_detatch_hypercall(entry->handle);
2409
2410 /* We cannot fail the exit, so let's reset ref_count. */
2411 entry->ref_count = 0;
2412 qp_list_remove_entry(&qp_guest_endpoints, entry);
2413
2414 qp_guest_endpoint_destroy(ep);
2415 }
2416
2417 mutex_unlock(&qp_guest_endpoints.mutex);
2418 }
2419
2420 /*
2421 * Helper routine that will lock the queue pair before subsequent
2422 * operations.
2423 * Note: Non-blocking on the host side is currently only implemented in ESX.
2424 * Since non-blocking isn't yet implemented on the host personality we
2425 * have no reason to acquire a spin lock. So to avoid the use of an
2426 * unnecessary lock only acquire the mutex if we can block.
2427 */
qp_lock(const struct vmci_qp * qpair)2428 static void qp_lock(const struct vmci_qp *qpair)
2429 {
2430 qp_acquire_queue_mutex(qpair->produce_q);
2431 }
2432
2433 /*
2434 * Helper routine that unlocks the queue pair after calling
2435 * qp_lock.
2436 */
qp_unlock(const struct vmci_qp * qpair)2437 static void qp_unlock(const struct vmci_qp *qpair)
2438 {
2439 qp_release_queue_mutex(qpair->produce_q);
2440 }
2441
2442 /*
2443 * The queue headers may not be mapped at all times. If a queue is
2444 * currently not mapped, it will be attempted to do so.
2445 */
qp_map_queue_headers(struct vmci_queue * produce_q,struct vmci_queue * consume_q)2446 static int qp_map_queue_headers(struct vmci_queue *produce_q,
2447 struct vmci_queue *consume_q)
2448 {
2449 int result;
2450
2451 if (NULL == produce_q->q_header || NULL == consume_q->q_header) {
2452 result = qp_host_map_queues(produce_q, consume_q);
2453 if (result < VMCI_SUCCESS)
2454 return (produce_q->saved_header &&
2455 consume_q->saved_header) ?
2456 VMCI_ERROR_QUEUEPAIR_NOT_READY :
2457 VMCI_ERROR_QUEUEPAIR_NOTATTACHED;
2458 }
2459
2460 return VMCI_SUCCESS;
2461 }
2462
2463 /*
2464 * Helper routine that will retrieve the produce and consume
2465 * headers of a given queue pair. If the guest memory of the
2466 * queue pair is currently not available, the saved queue headers
2467 * will be returned, if these are available.
2468 */
qp_get_queue_headers(const struct vmci_qp * qpair,struct vmci_queue_header ** produce_q_header,struct vmci_queue_header ** consume_q_header)2469 static int qp_get_queue_headers(const struct vmci_qp *qpair,
2470 struct vmci_queue_header **produce_q_header,
2471 struct vmci_queue_header **consume_q_header)
2472 {
2473 int result;
2474
2475 result = qp_map_queue_headers(qpair->produce_q, qpair->consume_q);
2476 if (result == VMCI_SUCCESS) {
2477 *produce_q_header = qpair->produce_q->q_header;
2478 *consume_q_header = qpair->consume_q->q_header;
2479 } else if (qpair->produce_q->saved_header &&
2480 qpair->consume_q->saved_header) {
2481 *produce_q_header = qpair->produce_q->saved_header;
2482 *consume_q_header = qpair->consume_q->saved_header;
2483 result = VMCI_SUCCESS;
2484 }
2485
2486 return result;
2487 }
2488
2489 /*
2490 * Callback from VMCI queue pair broker indicating that a queue
2491 * pair that was previously not ready, now either is ready or
2492 * gone forever.
2493 */
qp_wakeup_cb(void * client_data)2494 static int qp_wakeup_cb(void *client_data)
2495 {
2496 struct vmci_qp *qpair = (struct vmci_qp *)client_data;
2497
2498 qp_lock(qpair);
2499 while (qpair->blocked > 0) {
2500 qpair->blocked--;
2501 qpair->generation++;
2502 wake_up(&qpair->event);
2503 }
2504 qp_unlock(qpair);
2505
2506 return VMCI_SUCCESS;
2507 }
2508
2509 /*
2510 * Makes the calling thread wait for the queue pair to become
2511 * ready for host side access. Returns true when thread is
2512 * woken up after queue pair state change, false otherwise.
2513 */
qp_wait_for_ready_queue(struct vmci_qp * qpair)2514 static bool qp_wait_for_ready_queue(struct vmci_qp *qpair)
2515 {
2516 unsigned int generation;
2517
2518 qpair->blocked++;
2519 generation = qpair->generation;
2520 qp_unlock(qpair);
2521 wait_event(qpair->event, generation != qpair->generation);
2522 qp_lock(qpair);
2523
2524 return true;
2525 }
2526
2527 /*
2528 * Enqueues a given buffer to the produce queue using the provided
2529 * function. As many bytes as possible (space available in the queue)
2530 * are enqueued. Assumes the queue->mutex has been acquired. Returns
2531 * VMCI_ERROR_QUEUEPAIR_NOSPACE if no space was available to enqueue
2532 * data, VMCI_ERROR_INVALID_SIZE, if any queue pointer is outside the
2533 * queue (as defined by the queue size), VMCI_ERROR_INVALID_ARGS, if
2534 * an error occured when accessing the buffer,
2535 * VMCI_ERROR_QUEUEPAIR_NOTATTACHED, if the queue pair pages aren't
2536 * available. Otherwise, the number of bytes written to the queue is
2537 * returned. Updates the tail pointer of the produce queue.
2538 */
qp_enqueue_locked(struct vmci_queue * produce_q,struct vmci_queue * consume_q,const u64 produce_q_size,struct iov_iter * from)2539 static ssize_t qp_enqueue_locked(struct vmci_queue *produce_q,
2540 struct vmci_queue *consume_q,
2541 const u64 produce_q_size,
2542 struct iov_iter *from)
2543 {
2544 s64 free_space;
2545 u64 tail;
2546 size_t buf_size = iov_iter_count(from);
2547 size_t written;
2548 ssize_t result;
2549
2550 result = qp_map_queue_headers(produce_q, consume_q);
2551 if (unlikely(result != VMCI_SUCCESS))
2552 return result;
2553
2554 free_space = vmci_q_header_free_space(produce_q->q_header,
2555 consume_q->q_header,
2556 produce_q_size);
2557 if (free_space == 0)
2558 return VMCI_ERROR_QUEUEPAIR_NOSPACE;
2559
2560 if (free_space < VMCI_SUCCESS)
2561 return (ssize_t) free_space;
2562
2563 written = (size_t) (free_space > buf_size ? buf_size : free_space);
2564 tail = vmci_q_header_producer_tail(produce_q->q_header);
2565 if (likely(tail + written < produce_q_size)) {
2566 result = qp_memcpy_to_queue_iter(produce_q, tail, from, written);
2567 } else {
2568 /* Tail pointer wraps around. */
2569
2570 const size_t tmp = (size_t) (produce_q_size - tail);
2571
2572 result = qp_memcpy_to_queue_iter(produce_q, tail, from, tmp);
2573 if (result >= VMCI_SUCCESS)
2574 result = qp_memcpy_to_queue_iter(produce_q, 0, from,
2575 written - tmp);
2576 }
2577
2578 if (result < VMCI_SUCCESS)
2579 return result;
2580
2581 vmci_q_header_add_producer_tail(produce_q->q_header, written,
2582 produce_q_size);
2583 return written;
2584 }
2585
2586 /*
2587 * Dequeues data (if available) from the given consume queue. Writes data
2588 * to the user provided buffer using the provided function.
2589 * Assumes the queue->mutex has been acquired.
2590 * Results:
2591 * VMCI_ERROR_QUEUEPAIR_NODATA if no data was available to dequeue.
2592 * VMCI_ERROR_INVALID_SIZE, if any queue pointer is outside the queue
2593 * (as defined by the queue size).
2594 * VMCI_ERROR_INVALID_ARGS, if an error occured when accessing the buffer.
2595 * Otherwise the number of bytes dequeued is returned.
2596 * Side effects:
2597 * Updates the head pointer of the consume queue.
2598 */
qp_dequeue_locked(struct vmci_queue * produce_q,struct vmci_queue * consume_q,const u64 consume_q_size,struct iov_iter * to,bool update_consumer)2599 static ssize_t qp_dequeue_locked(struct vmci_queue *produce_q,
2600 struct vmci_queue *consume_q,
2601 const u64 consume_q_size,
2602 struct iov_iter *to,
2603 bool update_consumer)
2604 {
2605 size_t buf_size = iov_iter_count(to);
2606 s64 buf_ready;
2607 u64 head;
2608 size_t read;
2609 ssize_t result;
2610
2611 result = qp_map_queue_headers(produce_q, consume_q);
2612 if (unlikely(result != VMCI_SUCCESS))
2613 return result;
2614
2615 buf_ready = vmci_q_header_buf_ready(consume_q->q_header,
2616 produce_q->q_header,
2617 consume_q_size);
2618 if (buf_ready == 0)
2619 return VMCI_ERROR_QUEUEPAIR_NODATA;
2620
2621 if (buf_ready < VMCI_SUCCESS)
2622 return (ssize_t) buf_ready;
2623
2624 read = (size_t) (buf_ready > buf_size ? buf_size : buf_ready);
2625 head = vmci_q_header_consumer_head(produce_q->q_header);
2626 if (likely(head + read < consume_q_size)) {
2627 result = qp_memcpy_from_queue_iter(to, consume_q, head, read);
2628 } else {
2629 /* Head pointer wraps around. */
2630
2631 const size_t tmp = (size_t) (consume_q_size - head);
2632
2633 result = qp_memcpy_from_queue_iter(to, consume_q, head, tmp);
2634 if (result >= VMCI_SUCCESS)
2635 result = qp_memcpy_from_queue_iter(to, consume_q, 0,
2636 read - tmp);
2637
2638 }
2639
2640 if (result < VMCI_SUCCESS)
2641 return result;
2642
2643 if (update_consumer)
2644 vmci_q_header_add_consumer_head(produce_q->q_header,
2645 read, consume_q_size);
2646
2647 return read;
2648 }
2649
2650 /*
2651 * vmci_qpair_alloc() - Allocates a queue pair.
2652 * @qpair: Pointer for the new vmci_qp struct.
2653 * @handle: Handle to track the resource.
2654 * @produce_qsize: Desired size of the producer queue.
2655 * @consume_qsize: Desired size of the consumer queue.
2656 * @peer: ContextID of the peer.
2657 * @flags: VMCI flags.
2658 * @priv_flags: VMCI priviledge flags.
2659 *
2660 * This is the client interface for allocating the memory for a
2661 * vmci_qp structure and then attaching to the underlying
2662 * queue. If an error occurs allocating the memory for the
2663 * vmci_qp structure no attempt is made to attach. If an
2664 * error occurs attaching, then the structure is freed.
2665 */
vmci_qpair_alloc(struct vmci_qp ** qpair,struct vmci_handle * handle,u64 produce_qsize,u64 consume_qsize,u32 peer,u32 flags,u32 priv_flags)2666 int vmci_qpair_alloc(struct vmci_qp **qpair,
2667 struct vmci_handle *handle,
2668 u64 produce_qsize,
2669 u64 consume_qsize,
2670 u32 peer,
2671 u32 flags,
2672 u32 priv_flags)
2673 {
2674 struct vmci_qp *my_qpair;
2675 int retval;
2676 struct vmci_handle src = VMCI_INVALID_HANDLE;
2677 struct vmci_handle dst = vmci_make_handle(peer, VMCI_INVALID_ID);
2678 enum vmci_route route;
2679 vmci_event_release_cb wakeup_cb;
2680 void *client_data;
2681
2682 /*
2683 * Restrict the size of a queuepair. The device already
2684 * enforces a limit on the total amount of memory that can be
2685 * allocated to queuepairs for a guest. However, we try to
2686 * allocate this memory before we make the queuepair
2687 * allocation hypercall. On Linux, we allocate each page
2688 * separately, which means rather than fail, the guest will
2689 * thrash while it tries to allocate, and will become
2690 * increasingly unresponsive to the point where it appears to
2691 * be hung. So we place a limit on the size of an individual
2692 * queuepair here, and leave the device to enforce the
2693 * restriction on total queuepair memory. (Note that this
2694 * doesn't prevent all cases; a user with only this much
2695 * physical memory could still get into trouble.) The error
2696 * used by the device is NO_RESOURCES, so use that here too.
2697 */
2698
2699 if (produce_qsize + consume_qsize < max(produce_qsize, consume_qsize) ||
2700 produce_qsize + consume_qsize > VMCI_MAX_GUEST_QP_MEMORY)
2701 return VMCI_ERROR_NO_RESOURCES;
2702
2703 retval = vmci_route(&src, &dst, false, &route);
2704 if (retval < VMCI_SUCCESS)
2705 route = vmci_guest_code_active() ?
2706 VMCI_ROUTE_AS_GUEST : VMCI_ROUTE_AS_HOST;
2707
2708 if (flags & (VMCI_QPFLAG_NONBLOCK | VMCI_QPFLAG_PINNED)) {
2709 pr_devel("NONBLOCK OR PINNED set");
2710 return VMCI_ERROR_INVALID_ARGS;
2711 }
2712
2713 my_qpair = kzalloc(sizeof(*my_qpair), GFP_KERNEL);
2714 if (!my_qpair)
2715 return VMCI_ERROR_NO_MEM;
2716
2717 my_qpair->produce_q_size = produce_qsize;
2718 my_qpair->consume_q_size = consume_qsize;
2719 my_qpair->peer = peer;
2720 my_qpair->flags = flags;
2721 my_qpair->priv_flags = priv_flags;
2722
2723 wakeup_cb = NULL;
2724 client_data = NULL;
2725
2726 if (VMCI_ROUTE_AS_HOST == route) {
2727 my_qpair->guest_endpoint = false;
2728 if (!(flags & VMCI_QPFLAG_LOCAL)) {
2729 my_qpair->blocked = 0;
2730 my_qpair->generation = 0;
2731 init_waitqueue_head(&my_qpair->event);
2732 wakeup_cb = qp_wakeup_cb;
2733 client_data = (void *)my_qpair;
2734 }
2735 } else {
2736 my_qpair->guest_endpoint = true;
2737 }
2738
2739 retval = vmci_qp_alloc(handle,
2740 &my_qpair->produce_q,
2741 my_qpair->produce_q_size,
2742 &my_qpair->consume_q,
2743 my_qpair->consume_q_size,
2744 my_qpair->peer,
2745 my_qpair->flags,
2746 my_qpair->priv_flags,
2747 my_qpair->guest_endpoint,
2748 wakeup_cb, client_data);
2749
2750 if (retval < VMCI_SUCCESS) {
2751 kfree(my_qpair);
2752 return retval;
2753 }
2754
2755 *qpair = my_qpair;
2756 my_qpair->handle = *handle;
2757
2758 return retval;
2759 }
2760 EXPORT_SYMBOL_GPL(vmci_qpair_alloc);
2761
2762 /*
2763 * vmci_qpair_detach() - Detatches the client from a queue pair.
2764 * @qpair: Reference of a pointer to the qpair struct.
2765 *
2766 * This is the client interface for detaching from a VMCIQPair.
2767 * Note that this routine will free the memory allocated for the
2768 * vmci_qp structure too.
2769 */
vmci_qpair_detach(struct vmci_qp ** qpair)2770 int vmci_qpair_detach(struct vmci_qp **qpair)
2771 {
2772 int result;
2773 struct vmci_qp *old_qpair;
2774
2775 if (!qpair || !(*qpair))
2776 return VMCI_ERROR_INVALID_ARGS;
2777
2778 old_qpair = *qpair;
2779 result = qp_detatch(old_qpair->handle, old_qpair->guest_endpoint);
2780
2781 /*
2782 * The guest can fail to detach for a number of reasons, and
2783 * if it does so, it will cleanup the entry (if there is one).
2784 * The host can fail too, but it won't cleanup the entry
2785 * immediately, it will do that later when the context is
2786 * freed. Either way, we need to release the qpair struct
2787 * here; there isn't much the caller can do, and we don't want
2788 * to leak.
2789 */
2790
2791 memset(old_qpair, 0, sizeof(*old_qpair));
2792 old_qpair->handle = VMCI_INVALID_HANDLE;
2793 old_qpair->peer = VMCI_INVALID_ID;
2794 kfree(old_qpair);
2795 *qpair = NULL;
2796
2797 return result;
2798 }
2799 EXPORT_SYMBOL_GPL(vmci_qpair_detach);
2800
2801 /*
2802 * vmci_qpair_get_produce_indexes() - Retrieves the indexes of the producer.
2803 * @qpair: Pointer to the queue pair struct.
2804 * @producer_tail: Reference used for storing producer tail index.
2805 * @consumer_head: Reference used for storing the consumer head index.
2806 *
2807 * This is the client interface for getting the current indexes of the
2808 * QPair from the point of the view of the caller as the producer.
2809 */
vmci_qpair_get_produce_indexes(const struct vmci_qp * qpair,u64 * producer_tail,u64 * consumer_head)2810 int vmci_qpair_get_produce_indexes(const struct vmci_qp *qpair,
2811 u64 *producer_tail,
2812 u64 *consumer_head)
2813 {
2814 struct vmci_queue_header *produce_q_header;
2815 struct vmci_queue_header *consume_q_header;
2816 int result;
2817
2818 if (!qpair)
2819 return VMCI_ERROR_INVALID_ARGS;
2820
2821 qp_lock(qpair);
2822 result =
2823 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header);
2824 if (result == VMCI_SUCCESS)
2825 vmci_q_header_get_pointers(produce_q_header, consume_q_header,
2826 producer_tail, consumer_head);
2827 qp_unlock(qpair);
2828
2829 if (result == VMCI_SUCCESS &&
2830 ((producer_tail && *producer_tail >= qpair->produce_q_size) ||
2831 (consumer_head && *consumer_head >= qpair->produce_q_size)))
2832 return VMCI_ERROR_INVALID_SIZE;
2833
2834 return result;
2835 }
2836 EXPORT_SYMBOL_GPL(vmci_qpair_get_produce_indexes);
2837
2838 /*
2839 * vmci_qpair_get_consume_indexes() - Retrieves the indexes of the consumer.
2840 * @qpair: Pointer to the queue pair struct.
2841 * @consumer_tail: Reference used for storing consumer tail index.
2842 * @producer_head: Reference used for storing the producer head index.
2843 *
2844 * This is the client interface for getting the current indexes of the
2845 * QPair from the point of the view of the caller as the consumer.
2846 */
vmci_qpair_get_consume_indexes(const struct vmci_qp * qpair,u64 * consumer_tail,u64 * producer_head)2847 int vmci_qpair_get_consume_indexes(const struct vmci_qp *qpair,
2848 u64 *consumer_tail,
2849 u64 *producer_head)
2850 {
2851 struct vmci_queue_header *produce_q_header;
2852 struct vmci_queue_header *consume_q_header;
2853 int result;
2854
2855 if (!qpair)
2856 return VMCI_ERROR_INVALID_ARGS;
2857
2858 qp_lock(qpair);
2859 result =
2860 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header);
2861 if (result == VMCI_SUCCESS)
2862 vmci_q_header_get_pointers(consume_q_header, produce_q_header,
2863 consumer_tail, producer_head);
2864 qp_unlock(qpair);
2865
2866 if (result == VMCI_SUCCESS &&
2867 ((consumer_tail && *consumer_tail >= qpair->consume_q_size) ||
2868 (producer_head && *producer_head >= qpair->consume_q_size)))
2869 return VMCI_ERROR_INVALID_SIZE;
2870
2871 return result;
2872 }
2873 EXPORT_SYMBOL_GPL(vmci_qpair_get_consume_indexes);
2874
2875 /*
2876 * vmci_qpair_produce_free_space() - Retrieves free space in producer queue.
2877 * @qpair: Pointer to the queue pair struct.
2878 *
2879 * This is the client interface for getting the amount of free
2880 * space in the QPair from the point of the view of the caller as
2881 * the producer which is the common case. Returns < 0 if err, else
2882 * available bytes into which data can be enqueued if > 0.
2883 */
vmci_qpair_produce_free_space(const struct vmci_qp * qpair)2884 s64 vmci_qpair_produce_free_space(const struct vmci_qp *qpair)
2885 {
2886 struct vmci_queue_header *produce_q_header;
2887 struct vmci_queue_header *consume_q_header;
2888 s64 result;
2889
2890 if (!qpair)
2891 return VMCI_ERROR_INVALID_ARGS;
2892
2893 qp_lock(qpair);
2894 result =
2895 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header);
2896 if (result == VMCI_SUCCESS)
2897 result = vmci_q_header_free_space(produce_q_header,
2898 consume_q_header,
2899 qpair->produce_q_size);
2900 else
2901 result = 0;
2902
2903 qp_unlock(qpair);
2904
2905 return result;
2906 }
2907 EXPORT_SYMBOL_GPL(vmci_qpair_produce_free_space);
2908
2909 /*
2910 * vmci_qpair_consume_free_space() - Retrieves free space in consumer queue.
2911 * @qpair: Pointer to the queue pair struct.
2912 *
2913 * This is the client interface for getting the amount of free
2914 * space in the QPair from the point of the view of the caller as
2915 * the consumer which is not the common case. Returns < 0 if err, else
2916 * available bytes into which data can be enqueued if > 0.
2917 */
vmci_qpair_consume_free_space(const struct vmci_qp * qpair)2918 s64 vmci_qpair_consume_free_space(const struct vmci_qp *qpair)
2919 {
2920 struct vmci_queue_header *produce_q_header;
2921 struct vmci_queue_header *consume_q_header;
2922 s64 result;
2923
2924 if (!qpair)
2925 return VMCI_ERROR_INVALID_ARGS;
2926
2927 qp_lock(qpair);
2928 result =
2929 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header);
2930 if (result == VMCI_SUCCESS)
2931 result = vmci_q_header_free_space(consume_q_header,
2932 produce_q_header,
2933 qpair->consume_q_size);
2934 else
2935 result = 0;
2936
2937 qp_unlock(qpair);
2938
2939 return result;
2940 }
2941 EXPORT_SYMBOL_GPL(vmci_qpair_consume_free_space);
2942
2943 /*
2944 * vmci_qpair_produce_buf_ready() - Gets bytes ready to read from
2945 * producer queue.
2946 * @qpair: Pointer to the queue pair struct.
2947 *
2948 * This is the client interface for getting the amount of
2949 * enqueued data in the QPair from the point of the view of the
2950 * caller as the producer which is not the common case. Returns < 0 if err,
2951 * else available bytes that may be read.
2952 */
vmci_qpair_produce_buf_ready(const struct vmci_qp * qpair)2953 s64 vmci_qpair_produce_buf_ready(const struct vmci_qp *qpair)
2954 {
2955 struct vmci_queue_header *produce_q_header;
2956 struct vmci_queue_header *consume_q_header;
2957 s64 result;
2958
2959 if (!qpair)
2960 return VMCI_ERROR_INVALID_ARGS;
2961
2962 qp_lock(qpair);
2963 result =
2964 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header);
2965 if (result == VMCI_SUCCESS)
2966 result = vmci_q_header_buf_ready(produce_q_header,
2967 consume_q_header,
2968 qpair->produce_q_size);
2969 else
2970 result = 0;
2971
2972 qp_unlock(qpair);
2973
2974 return result;
2975 }
2976 EXPORT_SYMBOL_GPL(vmci_qpair_produce_buf_ready);
2977
2978 /*
2979 * vmci_qpair_consume_buf_ready() - Gets bytes ready to read from
2980 * consumer queue.
2981 * @qpair: Pointer to the queue pair struct.
2982 *
2983 * This is the client interface for getting the amount of
2984 * enqueued data in the QPair from the point of the view of the
2985 * caller as the consumer which is the normal case. Returns < 0 if err,
2986 * else available bytes that may be read.
2987 */
vmci_qpair_consume_buf_ready(const struct vmci_qp * qpair)2988 s64 vmci_qpair_consume_buf_ready(const struct vmci_qp *qpair)
2989 {
2990 struct vmci_queue_header *produce_q_header;
2991 struct vmci_queue_header *consume_q_header;
2992 s64 result;
2993
2994 if (!qpair)
2995 return VMCI_ERROR_INVALID_ARGS;
2996
2997 qp_lock(qpair);
2998 result =
2999 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header);
3000 if (result == VMCI_SUCCESS)
3001 result = vmci_q_header_buf_ready(consume_q_header,
3002 produce_q_header,
3003 qpair->consume_q_size);
3004 else
3005 result = 0;
3006
3007 qp_unlock(qpair);
3008
3009 return result;
3010 }
3011 EXPORT_SYMBOL_GPL(vmci_qpair_consume_buf_ready);
3012
3013 /*
3014 * vmci_qpair_enqueue() - Throw data on the queue.
3015 * @qpair: Pointer to the queue pair struct.
3016 * @buf: Pointer to buffer containing data
3017 * @buf_size: Length of buffer.
3018 * @buf_type: Buffer type (Unused).
3019 *
3020 * This is the client interface for enqueueing data into the queue.
3021 * Returns number of bytes enqueued or < 0 on error.
3022 */
vmci_qpair_enqueue(struct vmci_qp * qpair,const void * buf,size_t buf_size,int buf_type)3023 ssize_t vmci_qpair_enqueue(struct vmci_qp *qpair,
3024 const void *buf,
3025 size_t buf_size,
3026 int buf_type)
3027 {
3028 ssize_t result;
3029 struct iov_iter from;
3030 struct kvec v = {.iov_base = (void *)buf, .iov_len = buf_size};
3031
3032 if (!qpair || !buf)
3033 return VMCI_ERROR_INVALID_ARGS;
3034
3035 iov_iter_kvec(&from, WRITE | ITER_KVEC, &v, 1, buf_size);
3036
3037 qp_lock(qpair);
3038
3039 do {
3040 result = qp_enqueue_locked(qpair->produce_q,
3041 qpair->consume_q,
3042 qpair->produce_q_size,
3043 &from);
3044
3045 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
3046 !qp_wait_for_ready_queue(qpair))
3047 result = VMCI_ERROR_WOULD_BLOCK;
3048
3049 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY);
3050
3051 qp_unlock(qpair);
3052
3053 return result;
3054 }
3055 EXPORT_SYMBOL_GPL(vmci_qpair_enqueue);
3056
3057 /*
3058 * vmci_qpair_dequeue() - Get data from the queue.
3059 * @qpair: Pointer to the queue pair struct.
3060 * @buf: Pointer to buffer for the data
3061 * @buf_size: Length of buffer.
3062 * @buf_type: Buffer type (Unused).
3063 *
3064 * This is the client interface for dequeueing data from the queue.
3065 * Returns number of bytes dequeued or < 0 on error.
3066 */
vmci_qpair_dequeue(struct vmci_qp * qpair,void * buf,size_t buf_size,int buf_type)3067 ssize_t vmci_qpair_dequeue(struct vmci_qp *qpair,
3068 void *buf,
3069 size_t buf_size,
3070 int buf_type)
3071 {
3072 ssize_t result;
3073 struct iov_iter to;
3074 struct kvec v = {.iov_base = buf, .iov_len = buf_size};
3075
3076 if (!qpair || !buf)
3077 return VMCI_ERROR_INVALID_ARGS;
3078
3079 iov_iter_kvec(&to, READ | ITER_KVEC, &v, 1, buf_size);
3080
3081 qp_lock(qpair);
3082
3083 do {
3084 result = qp_dequeue_locked(qpair->produce_q,
3085 qpair->consume_q,
3086 qpair->consume_q_size,
3087 &to, true);
3088
3089 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
3090 !qp_wait_for_ready_queue(qpair))
3091 result = VMCI_ERROR_WOULD_BLOCK;
3092
3093 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY);
3094
3095 qp_unlock(qpair);
3096
3097 return result;
3098 }
3099 EXPORT_SYMBOL_GPL(vmci_qpair_dequeue);
3100
3101 /*
3102 * vmci_qpair_peek() - Peek at the data in the queue.
3103 * @qpair: Pointer to the queue pair struct.
3104 * @buf: Pointer to buffer for the data
3105 * @buf_size: Length of buffer.
3106 * @buf_type: Buffer type (Unused on Linux).
3107 *
3108 * This is the client interface for peeking into a queue. (I.e.,
3109 * copy data from the queue without updating the head pointer.)
3110 * Returns number of bytes dequeued or < 0 on error.
3111 */
vmci_qpair_peek(struct vmci_qp * qpair,void * buf,size_t buf_size,int buf_type)3112 ssize_t vmci_qpair_peek(struct vmci_qp *qpair,
3113 void *buf,
3114 size_t buf_size,
3115 int buf_type)
3116 {
3117 struct iov_iter to;
3118 struct kvec v = {.iov_base = buf, .iov_len = buf_size};
3119 ssize_t result;
3120
3121 if (!qpair || !buf)
3122 return VMCI_ERROR_INVALID_ARGS;
3123
3124 iov_iter_kvec(&to, READ | ITER_KVEC, &v, 1, buf_size);
3125
3126 qp_lock(qpair);
3127
3128 do {
3129 result = qp_dequeue_locked(qpair->produce_q,
3130 qpair->consume_q,
3131 qpair->consume_q_size,
3132 &to, false);
3133
3134 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
3135 !qp_wait_for_ready_queue(qpair))
3136 result = VMCI_ERROR_WOULD_BLOCK;
3137
3138 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY);
3139
3140 qp_unlock(qpair);
3141
3142 return result;
3143 }
3144 EXPORT_SYMBOL_GPL(vmci_qpair_peek);
3145
3146 /*
3147 * vmci_qpair_enquev() - Throw data on the queue using iov.
3148 * @qpair: Pointer to the queue pair struct.
3149 * @iov: Pointer to buffer containing data
3150 * @iov_size: Length of buffer.
3151 * @buf_type: Buffer type (Unused).
3152 *
3153 * This is the client interface for enqueueing data into the queue.
3154 * This function uses IO vectors to handle the work. Returns number
3155 * of bytes enqueued or < 0 on error.
3156 */
vmci_qpair_enquev(struct vmci_qp * qpair,struct msghdr * msg,size_t iov_size,int buf_type)3157 ssize_t vmci_qpair_enquev(struct vmci_qp *qpair,
3158 struct msghdr *msg,
3159 size_t iov_size,
3160 int buf_type)
3161 {
3162 ssize_t result;
3163
3164 if (!qpair)
3165 return VMCI_ERROR_INVALID_ARGS;
3166
3167 qp_lock(qpair);
3168
3169 do {
3170 result = qp_enqueue_locked(qpair->produce_q,
3171 qpair->consume_q,
3172 qpair->produce_q_size,
3173 &msg->msg_iter);
3174
3175 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
3176 !qp_wait_for_ready_queue(qpair))
3177 result = VMCI_ERROR_WOULD_BLOCK;
3178
3179 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY);
3180
3181 qp_unlock(qpair);
3182
3183 return result;
3184 }
3185 EXPORT_SYMBOL_GPL(vmci_qpair_enquev);
3186
3187 /*
3188 * vmci_qpair_dequev() - Get data from the queue using iov.
3189 * @qpair: Pointer to the queue pair struct.
3190 * @iov: Pointer to buffer for the data
3191 * @iov_size: Length of buffer.
3192 * @buf_type: Buffer type (Unused).
3193 *
3194 * This is the client interface for dequeueing data from the queue.
3195 * This function uses IO vectors to handle the work. Returns number
3196 * of bytes dequeued or < 0 on error.
3197 */
vmci_qpair_dequev(struct vmci_qp * qpair,struct msghdr * msg,size_t iov_size,int buf_type)3198 ssize_t vmci_qpair_dequev(struct vmci_qp *qpair,
3199 struct msghdr *msg,
3200 size_t iov_size,
3201 int buf_type)
3202 {
3203 ssize_t result;
3204
3205 if (!qpair)
3206 return VMCI_ERROR_INVALID_ARGS;
3207
3208 qp_lock(qpair);
3209
3210 do {
3211 result = qp_dequeue_locked(qpair->produce_q,
3212 qpair->consume_q,
3213 qpair->consume_q_size,
3214 &msg->msg_iter, true);
3215
3216 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
3217 !qp_wait_for_ready_queue(qpair))
3218 result = VMCI_ERROR_WOULD_BLOCK;
3219
3220 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY);
3221
3222 qp_unlock(qpair);
3223
3224 return result;
3225 }
3226 EXPORT_SYMBOL_GPL(vmci_qpair_dequev);
3227
3228 /*
3229 * vmci_qpair_peekv() - Peek at the data in the queue using iov.
3230 * @qpair: Pointer to the queue pair struct.
3231 * @iov: Pointer to buffer for the data
3232 * @iov_size: Length of buffer.
3233 * @buf_type: Buffer type (Unused on Linux).
3234 *
3235 * This is the client interface for peeking into a queue. (I.e.,
3236 * copy data from the queue without updating the head pointer.)
3237 * This function uses IO vectors to handle the work. Returns number
3238 * of bytes peeked or < 0 on error.
3239 */
vmci_qpair_peekv(struct vmci_qp * qpair,struct msghdr * msg,size_t iov_size,int buf_type)3240 ssize_t vmci_qpair_peekv(struct vmci_qp *qpair,
3241 struct msghdr *msg,
3242 size_t iov_size,
3243 int buf_type)
3244 {
3245 ssize_t result;
3246
3247 if (!qpair)
3248 return VMCI_ERROR_INVALID_ARGS;
3249
3250 qp_lock(qpair);
3251
3252 do {
3253 result = qp_dequeue_locked(qpair->produce_q,
3254 qpair->consume_q,
3255 qpair->consume_q_size,
3256 &msg->msg_iter, false);
3257
3258 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
3259 !qp_wait_for_ready_queue(qpair))
3260 result = VMCI_ERROR_WOULD_BLOCK;
3261
3262 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY);
3263
3264 qp_unlock(qpair);
3265 return result;
3266 }
3267 EXPORT_SYMBOL_GPL(vmci_qpair_peekv);
3268