1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * VMware VMCI Driver 4 * 5 * Copyright (C) 2012 VMware, Inc. All rights reserved. 6 */ 7 8#include <linux/vmw_vmci_defs.h> 9#include <linux/vmw_vmci_api.h> 10#include <linux/highmem.h> 11#include <linux/kernel.h> 12#include <linux/mm.h> 13#include <linux/module.h> 14#include <linux/mutex.h> 15#include <linux/pagemap.h> 16#include <linux/pci.h> 17#include <linux/sched.h> 18#include <linux/slab.h> 19#include <linux/uio.h> 20#include <linux/wait.h> 21#include <linux/vmalloc.h> 22#include <linux/skbuff.h> 23 24#include "vmci_handle_array.h" 25#include "vmci_queue_pair.h" 26#include "vmci_datagram.h" 27#include "vmci_resource.h" 28#include "vmci_context.h" 29#include "vmci_driver.h" 30#include "vmci_event.h" 31#include "vmci_route.h" 32 33/* 34 * In the following, we will distinguish between two kinds of VMX processes - 35 * the ones with versions lower than VMCI_VERSION_NOVMVM that use specialized 36 * VMCI page files in the VMX and supporting VM to VM communication and the 37 * newer ones that use the guest memory directly. We will in the following 38 * refer to the older VMX versions as old-style VMX'en, and the newer ones as 39 * new-style VMX'en. 40 * 41 * The state transition datagram is as follows (the VMCIQPB_ prefix has been 42 * removed for readability) - see below for more details on the transtions: 43 * 44 * -------------- NEW ------------- 45 * | | 46 * \_/ \_/ 47 * CREATED_NO_MEM <-----------------> CREATED_MEM 48 * | | | 49 * | o-----------------------o | 50 * | | | 51 * \_/ \_/ \_/ 52 * ATTACHED_NO_MEM <----------------> ATTACHED_MEM 53 * | | | 54 * | o----------------------o | 55 * | | | 56 * \_/ \_/ \_/ 57 * SHUTDOWN_NO_MEM <----------------> SHUTDOWN_MEM 58 * | | 59 * | | 60 * -------------> gone <------------- 61 * 62 * In more detail. When a VMCI queue pair is first created, it will be in the 63 * VMCIQPB_NEW state. It will then move into one of the following states: 64 * 65 * - VMCIQPB_CREATED_NO_MEM: this state indicates that either: 66 * 67 * - the created was performed by a host endpoint, in which case there is 68 * no backing memory yet. 69 * 70 * - the create was initiated by an old-style VMX, that uses 71 * vmci_qp_broker_set_page_store to specify the UVAs of the queue pair at 72 * a later point in time. This state can be distinguished from the one 73 * above by the context ID of the creator. A host side is not allowed to 74 * attach until the page store has been set. 75 * 76 * - VMCIQPB_CREATED_MEM: this state is the result when the queue pair 77 * is created by a VMX using the queue pair device backend that 78 * sets the UVAs of the queue pair immediately and stores the 79 * information for later attachers. At this point, it is ready for 80 * the host side to attach to it. 81 * 82 * Once the queue pair is in one of the created states (with the exception of 83 * the case mentioned for older VMX'en above), it is possible to attach to the 84 * queue pair. Again we have two new states possible: 85 * 86 * - VMCIQPB_ATTACHED_MEM: this state can be reached through the following 87 * paths: 88 * 89 * - from VMCIQPB_CREATED_NO_MEM when a new-style VMX allocates a queue 90 * pair, and attaches to a queue pair previously created by the host side. 91 * 92 * - from VMCIQPB_CREATED_MEM when the host side attaches to a queue pair 93 * already created by a guest. 94 * 95 * - from VMCIQPB_ATTACHED_NO_MEM, when an old-style VMX calls 96 * vmci_qp_broker_set_page_store (see below). 97 * 98 * - VMCIQPB_ATTACHED_NO_MEM: If the queue pair already was in the 99 * VMCIQPB_CREATED_NO_MEM due to a host side create, an old-style VMX will 100 * bring the queue pair into this state. Once vmci_qp_broker_set_page_store 101 * is called to register the user memory, the VMCIQPB_ATTACH_MEM state 102 * will be entered. 103 * 104 * From the attached queue pair, the queue pair can enter the shutdown states 105 * when either side of the queue pair detaches. If the guest side detaches 106 * first, the queue pair will enter the VMCIQPB_SHUTDOWN_NO_MEM state, where 107 * the content of the queue pair will no longer be available. If the host 108 * side detaches first, the queue pair will either enter the 109 * VMCIQPB_SHUTDOWN_MEM, if the guest memory is currently mapped, or 110 * VMCIQPB_SHUTDOWN_NO_MEM, if the guest memory is not mapped 111 * (e.g., the host detaches while a guest is stunned). 112 * 113 * New-style VMX'en will also unmap guest memory, if the guest is 114 * quiesced, e.g., during a snapshot operation. In that case, the guest 115 * memory will no longer be available, and the queue pair will transition from 116 * *_MEM state to a *_NO_MEM state. The VMX may later map the memory once more, 117 * in which case the queue pair will transition from the *_NO_MEM state at that 118 * point back to the *_MEM state. Note that the *_NO_MEM state may have changed, 119 * since the peer may have either attached or detached in the meantime. The 120 * values are laid out such that ++ on a state will move from a *_NO_MEM to a 121 * *_MEM state, and vice versa. 122 */ 123 124/* The Kernel specific component of the struct vmci_queue structure. */ 125struct vmci_queue_kern_if { 126 struct mutex __mutex; /* Protects the queue. */ 127 struct mutex *mutex; /* Shared by producer and consumer queues. */ 128 size_t num_pages; /* Number of pages incl. header. */ 129 bool host; /* Host or guest? */ 130 union { 131 struct { 132 dma_addr_t *pas; 133 void **vas; 134 } g; /* Used by the guest. */ 135 struct { 136 struct page **page; 137 struct page **header_page; 138 } h; /* Used by the host. */ 139 } u; 140}; 141 142/* 143 * This structure is opaque to the clients. 144 */ 145struct vmci_qp { 146 struct vmci_handle handle; 147 struct vmci_queue *produce_q; 148 struct vmci_queue *consume_q; 149 u64 produce_q_size; 150 u64 consume_q_size; 151 u32 peer; 152 u32 flags; 153 u32 priv_flags; 154 bool guest_endpoint; 155 unsigned int blocked; 156 unsigned int generation; 157 wait_queue_head_t event; 158}; 159 160enum qp_broker_state { 161 VMCIQPB_NEW, 162 VMCIQPB_CREATED_NO_MEM, 163 VMCIQPB_CREATED_MEM, 164 VMCIQPB_ATTACHED_NO_MEM, 165 VMCIQPB_ATTACHED_MEM, 166 VMCIQPB_SHUTDOWN_NO_MEM, 167 VMCIQPB_SHUTDOWN_MEM, 168 VMCIQPB_GONE 169}; 170 171#define QPBROKERSTATE_HAS_MEM(_qpb) (_qpb->state == VMCIQPB_CREATED_MEM || \ 172 _qpb->state == VMCIQPB_ATTACHED_MEM || \ 173 _qpb->state == VMCIQPB_SHUTDOWN_MEM) 174 175/* 176 * In the queue pair broker, we always use the guest point of view for 177 * the produce and consume queue values and references, e.g., the 178 * produce queue size stored is the guests produce queue size. The 179 * host endpoint will need to swap these around. The only exception is 180 * the local queue pairs on the host, in which case the host endpoint 181 * that creates the queue pair will have the right orientation, and 182 * the attaching host endpoint will need to swap. 183 */ 184struct qp_entry { 185 struct list_head list_item; 186 struct vmci_handle handle; 187 u32 peer; 188 u32 flags; 189 u64 produce_size; 190 u64 consume_size; 191 u32 ref_count; 192}; 193 194struct qp_broker_entry { 195 struct vmci_resource resource; 196 struct qp_entry qp; 197 u32 create_id; 198 u32 attach_id; 199 enum qp_broker_state state; 200 bool require_trusted_attach; 201 bool created_by_trusted; 202 bool vmci_page_files; /* Created by VMX using VMCI page files */ 203 struct vmci_queue *produce_q; 204 struct vmci_queue *consume_q; 205 struct vmci_queue_header saved_produce_q; 206 struct vmci_queue_header saved_consume_q; 207 vmci_event_release_cb wakeup_cb; 208 void *client_data; 209 void *local_mem; /* Kernel memory for local queue pair */ 210}; 211 212struct qp_guest_endpoint { 213 struct vmci_resource resource; 214 struct qp_entry qp; 215 u64 num_ppns; 216 void *produce_q; 217 void *consume_q; 218 struct ppn_set ppn_set; 219}; 220 221struct qp_list { 222 struct list_head head; 223 struct mutex mutex; /* Protect queue list. */ 224}; 225 226static struct qp_list qp_broker_list = { 227 .head = LIST_HEAD_INIT(qp_broker_list.head), 228 .mutex = __MUTEX_INITIALIZER(qp_broker_list.mutex), 229}; 230 231static struct qp_list qp_guest_endpoints = { 232 .head = LIST_HEAD_INIT(qp_guest_endpoints.head), 233 .mutex = __MUTEX_INITIALIZER(qp_guest_endpoints.mutex), 234}; 235 236#define INVALID_VMCI_GUEST_MEM_ID 0 237#define QPE_NUM_PAGES(_QPE) ((u32) \ 238 (DIV_ROUND_UP(_QPE.produce_size, PAGE_SIZE) + \ 239 DIV_ROUND_UP(_QPE.consume_size, PAGE_SIZE) + 2)) 240 241 242/* 243 * Frees kernel VA space for a given queue and its queue header, and 244 * frees physical data pages. 245 */ 246static void qp_free_queue(void *q, u64 size) 247{ 248 struct vmci_queue *queue = q; 249 250 if (queue) { 251 u64 i; 252 253 /* Given size does not include header, so add in a page here. */ 254 for (i = 0; i < DIV_ROUND_UP(size, PAGE_SIZE) + 1; i++) { 255 dma_free_coherent(&vmci_pdev->dev, PAGE_SIZE, 256 queue->kernel_if->u.g.vas[i], 257 queue->kernel_if->u.g.pas[i]); 258 } 259 260 vfree(queue); 261 } 262} 263 264/* 265 * Allocates kernel queue pages of specified size with IOMMU mappings, 266 * plus space for the queue structure/kernel interface and the queue 267 * header. 268 */ 269static void *qp_alloc_queue(u64 size, u32 flags) 270{ 271 u64 i; 272 struct vmci_queue *queue; 273 size_t pas_size; 274 size_t vas_size; 275 size_t queue_size = sizeof(*queue) + sizeof(*queue->kernel_if); 276 u64 num_pages; 277 278 if (size > SIZE_MAX - PAGE_SIZE) 279 return NULL; 280 num_pages = DIV_ROUND_UP(size, PAGE_SIZE) + 1; 281 if (num_pages > 282 (SIZE_MAX - queue_size) / 283 (sizeof(*queue->kernel_if->u.g.pas) + 284 sizeof(*queue->kernel_if->u.g.vas))) 285 return NULL; 286 287 pas_size = num_pages * sizeof(*queue->kernel_if->u.g.pas); 288 vas_size = num_pages * sizeof(*queue->kernel_if->u.g.vas); 289 queue_size += pas_size + vas_size; 290 291 queue = vmalloc(queue_size); 292 if (!queue) 293 return NULL; 294 295 queue->q_header = NULL; 296 queue->saved_header = NULL; 297 queue->kernel_if = (struct vmci_queue_kern_if *)(queue + 1); 298 queue->kernel_if->mutex = NULL; 299 queue->kernel_if->num_pages = num_pages; 300 queue->kernel_if->u.g.pas = (dma_addr_t *)(queue->kernel_if + 1); 301 queue->kernel_if->u.g.vas = 302 (void **)((u8 *)queue->kernel_if->u.g.pas + pas_size); 303 queue->kernel_if->host = false; 304 305 for (i = 0; i < num_pages; i++) { 306 queue->kernel_if->u.g.vas[i] = 307 dma_alloc_coherent(&vmci_pdev->dev, PAGE_SIZE, 308 &queue->kernel_if->u.g.pas[i], 309 GFP_KERNEL); 310 if (!queue->kernel_if->u.g.vas[i]) { 311 /* Size excl. the header. */ 312 qp_free_queue(queue, i * PAGE_SIZE); 313 return NULL; 314 } 315 } 316 317 /* Queue header is the first page. */ 318 queue->q_header = queue->kernel_if->u.g.vas[0]; 319 320 return queue; 321} 322 323/* 324 * Copies from a given buffer or iovector to a VMCI Queue. Uses 325 * kmap()/kunmap() to dynamically map/unmap required portions of the queue 326 * by traversing the offset -> page translation structure for the queue. 327 * Assumes that offset + size does not wrap around in the queue. 328 */ 329static int qp_memcpy_to_queue_iter(struct vmci_queue *queue, 330 u64 queue_offset, 331 struct iov_iter *from, 332 size_t size) 333{ 334 struct vmci_queue_kern_if *kernel_if = queue->kernel_if; 335 size_t bytes_copied = 0; 336 337 while (bytes_copied < size) { 338 const u64 page_index = 339 (queue_offset + bytes_copied) / PAGE_SIZE; 340 const size_t page_offset = 341 (queue_offset + bytes_copied) & (PAGE_SIZE - 1); 342 void *va; 343 size_t to_copy; 344 345 if (kernel_if->host) 346 va = kmap(kernel_if->u.h.page[page_index]); 347 else 348 va = kernel_if->u.g.vas[page_index + 1]; 349 /* Skip header. */ 350 351 if (size - bytes_copied > PAGE_SIZE - page_offset) 352 /* Enough payload to fill up from this page. */ 353 to_copy = PAGE_SIZE - page_offset; 354 else 355 to_copy = size - bytes_copied; 356 357 if (!copy_from_iter_full((u8 *)va + page_offset, to_copy, 358 from)) { 359 if (kernel_if->host) 360 kunmap(kernel_if->u.h.page[page_index]); 361 return VMCI_ERROR_INVALID_ARGS; 362 } 363 bytes_copied += to_copy; 364 if (kernel_if->host) 365 kunmap(kernel_if->u.h.page[page_index]); 366 } 367 368 return VMCI_SUCCESS; 369} 370 371/* 372 * Copies to a given buffer or iovector from a VMCI Queue. Uses 373 * kmap()/kunmap() to dynamically map/unmap required portions of the queue 374 * by traversing the offset -> page translation structure for the queue. 375 * Assumes that offset + size does not wrap around in the queue. 376 */ 377static int qp_memcpy_from_queue_iter(struct iov_iter *to, 378 const struct vmci_queue *queue, 379 u64 queue_offset, size_t size) 380{ 381 struct vmci_queue_kern_if *kernel_if = queue->kernel_if; 382 size_t bytes_copied = 0; 383 384 while (bytes_copied < size) { 385 const u64 page_index = 386 (queue_offset + bytes_copied) / PAGE_SIZE; 387 const size_t page_offset = 388 (queue_offset + bytes_copied) & (PAGE_SIZE - 1); 389 void *va; 390 size_t to_copy; 391 int err; 392 393 if (kernel_if->host) 394 va = kmap(kernel_if->u.h.page[page_index]); 395 else 396 va = kernel_if->u.g.vas[page_index + 1]; 397 /* Skip header. */ 398 399 if (size - bytes_copied > PAGE_SIZE - page_offset) 400 /* Enough payload to fill up this page. */ 401 to_copy = PAGE_SIZE - page_offset; 402 else 403 to_copy = size - bytes_copied; 404 405 err = copy_to_iter((u8 *)va + page_offset, to_copy, to); 406 if (err != to_copy) { 407 if (kernel_if->host) 408 kunmap(kernel_if->u.h.page[page_index]); 409 return VMCI_ERROR_INVALID_ARGS; 410 } 411 bytes_copied += to_copy; 412 if (kernel_if->host) 413 kunmap(kernel_if->u.h.page[page_index]); 414 } 415 416 return VMCI_SUCCESS; 417} 418 419/* 420 * Allocates two list of PPNs --- one for the pages in the produce queue, 421 * and the other for the pages in the consume queue. Intializes the list 422 * of PPNs with the page frame numbers of the KVA for the two queues (and 423 * the queue headers). 424 */ 425static int qp_alloc_ppn_set(void *prod_q, 426 u64 num_produce_pages, 427 void *cons_q, 428 u64 num_consume_pages, struct ppn_set *ppn_set) 429{ 430 u64 *produce_ppns; 431 u64 *consume_ppns; 432 struct vmci_queue *produce_q = prod_q; 433 struct vmci_queue *consume_q = cons_q; 434 u64 i; 435 436 if (!produce_q || !num_produce_pages || !consume_q || 437 !num_consume_pages || !ppn_set) 438 return VMCI_ERROR_INVALID_ARGS; 439 440 if (ppn_set->initialized) 441 return VMCI_ERROR_ALREADY_EXISTS; 442 443 produce_ppns = 444 kmalloc_array(num_produce_pages, sizeof(*produce_ppns), 445 GFP_KERNEL); 446 if (!produce_ppns) 447 return VMCI_ERROR_NO_MEM; 448 449 consume_ppns = 450 kmalloc_array(num_consume_pages, sizeof(*consume_ppns), 451 GFP_KERNEL); 452 if (!consume_ppns) { 453 kfree(produce_ppns); 454 return VMCI_ERROR_NO_MEM; 455 } 456 457 for (i = 0; i < num_produce_pages; i++) 458 produce_ppns[i] = 459 produce_q->kernel_if->u.g.pas[i] >> PAGE_SHIFT; 460 461 for (i = 0; i < num_consume_pages; i++) 462 consume_ppns[i] = 463 consume_q->kernel_if->u.g.pas[i] >> PAGE_SHIFT; 464 465 ppn_set->num_produce_pages = num_produce_pages; 466 ppn_set->num_consume_pages = num_consume_pages; 467 ppn_set->produce_ppns = produce_ppns; 468 ppn_set->consume_ppns = consume_ppns; 469 ppn_set->initialized = true; 470 return VMCI_SUCCESS; 471} 472 473/* 474 * Frees the two list of PPNs for a queue pair. 475 */ 476static void qp_free_ppn_set(struct ppn_set *ppn_set) 477{ 478 if (ppn_set->initialized) { 479 /* Do not call these functions on NULL inputs. */ 480 kfree(ppn_set->produce_ppns); 481 kfree(ppn_set->consume_ppns); 482 } 483 memset(ppn_set, 0, sizeof(*ppn_set)); 484} 485 486/* 487 * Populates the list of PPNs in the hypercall structure with the PPNS 488 * of the produce queue and the consume queue. 489 */ 490static int qp_populate_ppn_set(u8 *call_buf, const struct ppn_set *ppn_set) 491{ 492 if (vmci_use_ppn64()) { 493 memcpy(call_buf, ppn_set->produce_ppns, 494 ppn_set->num_produce_pages * 495 sizeof(*ppn_set->produce_ppns)); 496 memcpy(call_buf + 497 ppn_set->num_produce_pages * 498 sizeof(*ppn_set->produce_ppns), 499 ppn_set->consume_ppns, 500 ppn_set->num_consume_pages * 501 sizeof(*ppn_set->consume_ppns)); 502 } else { 503 int i; 504 u32 *ppns = (u32 *) call_buf; 505 506 for (i = 0; i < ppn_set->num_produce_pages; i++) 507 ppns[i] = (u32) ppn_set->produce_ppns[i]; 508 509 ppns = &ppns[ppn_set->num_produce_pages]; 510 511 for (i = 0; i < ppn_set->num_consume_pages; i++) 512 ppns[i] = (u32) ppn_set->consume_ppns[i]; 513 } 514 515 return VMCI_SUCCESS; 516} 517 518/* 519 * Allocates kernel VA space of specified size plus space for the queue 520 * and kernel interface. This is different from the guest queue allocator, 521 * because we do not allocate our own queue header/data pages here but 522 * share those of the guest. 523 */ 524static struct vmci_queue *qp_host_alloc_queue(u64 size) 525{ 526 struct vmci_queue *queue; 527 size_t queue_page_size; 528 u64 num_pages; 529 const size_t queue_size = sizeof(*queue) + sizeof(*(queue->kernel_if)); 530 531 if (size > SIZE_MAX - PAGE_SIZE) 532 return NULL; 533 num_pages = DIV_ROUND_UP(size, PAGE_SIZE) + 1; 534 if (num_pages > (SIZE_MAX - queue_size) / 535 sizeof(*queue->kernel_if->u.h.page)) 536 return NULL; 537 538 queue_page_size = num_pages * sizeof(*queue->kernel_if->u.h.page); 539 540 if (queue_size + queue_page_size > KMALLOC_MAX_SIZE) 541 return NULL; 542 543 queue = kzalloc(queue_size + queue_page_size, GFP_KERNEL); 544 if (queue) { 545 queue->q_header = NULL; 546 queue->saved_header = NULL; 547 queue->kernel_if = (struct vmci_queue_kern_if *)(queue + 1); 548 queue->kernel_if->host = true; 549 queue->kernel_if->mutex = NULL; 550 queue->kernel_if->num_pages = num_pages; 551 queue->kernel_if->u.h.header_page = 552 (struct page **)((u8 *)queue + queue_size); 553 queue->kernel_if->u.h.page = 554 &queue->kernel_if->u.h.header_page[1]; 555 } 556 557 return queue; 558} 559 560/* 561 * Frees kernel memory for a given queue (header plus translation 562 * structure). 563 */ 564static void qp_host_free_queue(struct vmci_queue *queue, u64 queue_size) 565{ 566 kfree(queue); 567} 568 569/* 570 * Initialize the mutex for the pair of queues. This mutex is used to 571 * protect the q_header and the buffer from changing out from under any 572 * users of either queue. Of course, it's only any good if the mutexes 573 * are actually acquired. Queue structure must lie on non-paged memory 574 * or we cannot guarantee access to the mutex. 575 */ 576static void qp_init_queue_mutex(struct vmci_queue *produce_q, 577 struct vmci_queue *consume_q) 578{ 579 /* 580 * Only the host queue has shared state - the guest queues do not 581 * need to synchronize access using a queue mutex. 582 */ 583 584 if (produce_q->kernel_if->host) { 585 produce_q->kernel_if->mutex = &produce_q->kernel_if->__mutex; 586 consume_q->kernel_if->mutex = &produce_q->kernel_if->__mutex; 587 mutex_init(produce_q->kernel_if->mutex); 588 } 589} 590 591/* 592 * Cleans up the mutex for the pair of queues. 593 */ 594static void qp_cleanup_queue_mutex(struct vmci_queue *produce_q, 595 struct vmci_queue *consume_q) 596{ 597 if (produce_q->kernel_if->host) { 598 produce_q->kernel_if->mutex = NULL; 599 consume_q->kernel_if->mutex = NULL; 600 } 601} 602 603/* 604 * Acquire the mutex for the queue. Note that the produce_q and 605 * the consume_q share a mutex. So, only one of the two need to 606 * be passed in to this routine. Either will work just fine. 607 */ 608static void qp_acquire_queue_mutex(struct vmci_queue *queue) 609{ 610 if (queue->kernel_if->host) 611 mutex_lock(queue->kernel_if->mutex); 612} 613 614/* 615 * Release the mutex for the queue. Note that the produce_q and 616 * the consume_q share a mutex. So, only one of the two need to 617 * be passed in to this routine. Either will work just fine. 618 */ 619static void qp_release_queue_mutex(struct vmci_queue *queue) 620{ 621 if (queue->kernel_if->host) 622 mutex_unlock(queue->kernel_if->mutex); 623} 624 625/* 626 * Helper function to release pages in the PageStoreAttachInfo 627 * previously obtained using get_user_pages. 628 */ 629static void qp_release_pages(struct page **pages, 630 u64 num_pages, bool dirty) 631{ 632 int i; 633 634 for (i = 0; i < num_pages; i++) { 635 if (dirty) 636 set_page_dirty_lock(pages[i]); 637 638 put_page(pages[i]); 639 pages[i] = NULL; 640 } 641} 642 643/* 644 * Lock the user pages referenced by the {produce,consume}Buffer 645 * struct into memory and populate the {produce,consume}Pages 646 * arrays in the attach structure with them. 647 */ 648static int qp_host_get_user_memory(u64 produce_uva, 649 u64 consume_uva, 650 struct vmci_queue *produce_q, 651 struct vmci_queue *consume_q) 652{ 653 int retval; 654 int err = VMCI_SUCCESS; 655 656 retval = get_user_pages_fast((uintptr_t) produce_uva, 657 produce_q->kernel_if->num_pages, 658 FOLL_WRITE, 659 produce_q->kernel_if->u.h.header_page); 660 if (retval < (int)produce_q->kernel_if->num_pages) { 661 pr_debug("get_user_pages_fast(produce) failed (retval=%d)", 662 retval); 663 if (retval > 0) 664 qp_release_pages(produce_q->kernel_if->u.h.header_page, 665 retval, false); 666 err = VMCI_ERROR_NO_MEM; 667 goto out; 668 } 669 670 retval = get_user_pages_fast((uintptr_t) consume_uva, 671 consume_q->kernel_if->num_pages, 672 FOLL_WRITE, 673 consume_q->kernel_if->u.h.header_page); 674 if (retval < (int)consume_q->kernel_if->num_pages) { 675 pr_debug("get_user_pages_fast(consume) failed (retval=%d)", 676 retval); 677 if (retval > 0) 678 qp_release_pages(consume_q->kernel_if->u.h.header_page, 679 retval, false); 680 qp_release_pages(produce_q->kernel_if->u.h.header_page, 681 produce_q->kernel_if->num_pages, false); 682 err = VMCI_ERROR_NO_MEM; 683 } 684 685 out: 686 return err; 687} 688 689/* 690 * Registers the specification of the user pages used for backing a queue 691 * pair. Enough information to map in pages is stored in the OS specific 692 * part of the struct vmci_queue structure. 693 */ 694static int qp_host_register_user_memory(struct vmci_qp_page_store *page_store, 695 struct vmci_queue *produce_q, 696 struct vmci_queue *consume_q) 697{ 698 u64 produce_uva; 699 u64 consume_uva; 700 701 /* 702 * The new style and the old style mapping only differs in 703 * that we either get a single or two UVAs, so we split the 704 * single UVA range at the appropriate spot. 705 */ 706 produce_uva = page_store->pages; 707 consume_uva = page_store->pages + 708 produce_q->kernel_if->num_pages * PAGE_SIZE; 709 return qp_host_get_user_memory(produce_uva, consume_uva, produce_q, 710 consume_q); 711} 712 713/* 714 * Releases and removes the references to user pages stored in the attach 715 * struct. Pages are released from the page cache and may become 716 * swappable again. 717 */ 718static void qp_host_unregister_user_memory(struct vmci_queue *produce_q, 719 struct vmci_queue *consume_q) 720{ 721 qp_release_pages(produce_q->kernel_if->u.h.header_page, 722 produce_q->kernel_if->num_pages, true); 723 memset(produce_q->kernel_if->u.h.header_page, 0, 724 sizeof(*produce_q->kernel_if->u.h.header_page) * 725 produce_q->kernel_if->num_pages); 726 qp_release_pages(consume_q->kernel_if->u.h.header_page, 727 consume_q->kernel_if->num_pages, true); 728 memset(consume_q->kernel_if->u.h.header_page, 0, 729 sizeof(*consume_q->kernel_if->u.h.header_page) * 730 consume_q->kernel_if->num_pages); 731} 732 733/* 734 * Once qp_host_register_user_memory has been performed on a 735 * queue, the queue pair headers can be mapped into the 736 * kernel. Once mapped, they must be unmapped with 737 * qp_host_unmap_queues prior to calling 738 * qp_host_unregister_user_memory. 739 * Pages are pinned. 740 */ 741static int qp_host_map_queues(struct vmci_queue *produce_q, 742 struct vmci_queue *consume_q) 743{ 744 int result; 745 746 if (!produce_q->q_header || !consume_q->q_header) { 747 struct page *headers[2]; 748 749 if (produce_q->q_header != consume_q->q_header) 750 return VMCI_ERROR_QUEUEPAIR_MISMATCH; 751 752 if (produce_q->kernel_if->u.h.header_page == NULL || 753 *produce_q->kernel_if->u.h.header_page == NULL) 754 return VMCI_ERROR_UNAVAILABLE; 755 756 headers[0] = *produce_q->kernel_if->u.h.header_page; 757 headers[1] = *consume_q->kernel_if->u.h.header_page; 758 759 produce_q->q_header = vmap(headers, 2, VM_MAP, PAGE_KERNEL); 760 if (produce_q->q_header != NULL) { 761 consume_q->q_header = 762 (struct vmci_queue_header *)((u8 *) 763 produce_q->q_header + 764 PAGE_SIZE); 765 result = VMCI_SUCCESS; 766 } else { 767 pr_warn("vmap failed\n"); 768 result = VMCI_ERROR_NO_MEM; 769 } 770 } else { 771 result = VMCI_SUCCESS; 772 } 773 774 return result; 775} 776 777/* 778 * Unmaps previously mapped queue pair headers from the kernel. 779 * Pages are unpinned. 780 */ 781static int qp_host_unmap_queues(u32 gid, 782 struct vmci_queue *produce_q, 783 struct vmci_queue *consume_q) 784{ 785 if (produce_q->q_header) { 786 if (produce_q->q_header < consume_q->q_header) 787 vunmap(produce_q->q_header); 788 else 789 vunmap(consume_q->q_header); 790 791 produce_q->q_header = NULL; 792 consume_q->q_header = NULL; 793 } 794 795 return VMCI_SUCCESS; 796} 797 798/* 799 * Finds the entry in the list corresponding to a given handle. Assumes 800 * that the list is locked. 801 */ 802static struct qp_entry *qp_list_find(struct qp_list *qp_list, 803 struct vmci_handle handle) 804{ 805 struct qp_entry *entry; 806 807 if (vmci_handle_is_invalid(handle)) 808 return NULL; 809 810 list_for_each_entry(entry, &qp_list->head, list_item) { 811 if (vmci_handle_is_equal(entry->handle, handle)) 812 return entry; 813 } 814 815 return NULL; 816} 817 818/* 819 * Finds the entry in the list corresponding to a given handle. 820 */ 821static struct qp_guest_endpoint * 822qp_guest_handle_to_entry(struct vmci_handle handle) 823{ 824 struct qp_guest_endpoint *entry; 825 struct qp_entry *qp = qp_list_find(&qp_guest_endpoints, handle); 826 827 entry = qp ? container_of( 828 qp, struct qp_guest_endpoint, qp) : NULL; 829 return entry; 830} 831 832/* 833 * Finds the entry in the list corresponding to a given handle. 834 */ 835static struct qp_broker_entry * 836qp_broker_handle_to_entry(struct vmci_handle handle) 837{ 838 struct qp_broker_entry *entry; 839 struct qp_entry *qp = qp_list_find(&qp_broker_list, handle); 840 841 entry = qp ? container_of( 842 qp, struct qp_broker_entry, qp) : NULL; 843 return entry; 844} 845 846/* 847 * Dispatches a queue pair event message directly into the local event 848 * queue. 849 */ 850static int qp_notify_peer_local(bool attach, struct vmci_handle handle) 851{ 852 u32 context_id = vmci_get_context_id(); 853 struct vmci_event_qp ev; 854 855 memset(&ev, 0, sizeof(ev)); 856 ev.msg.hdr.dst = vmci_make_handle(context_id, VMCI_EVENT_HANDLER); 857 ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID, 858 VMCI_CONTEXT_RESOURCE_ID); 859 ev.msg.hdr.payload_size = sizeof(ev) - sizeof(ev.msg.hdr); 860 ev.msg.event_data.event = 861 attach ? VMCI_EVENT_QP_PEER_ATTACH : VMCI_EVENT_QP_PEER_DETACH; 862 ev.payload.peer_id = context_id; 863 ev.payload.handle = handle; 864 865 return vmci_event_dispatch(&ev.msg.hdr); 866} 867 868/* 869 * Allocates and initializes a qp_guest_endpoint structure. 870 * Allocates a queue_pair rid (and handle) iff the given entry has 871 * an invalid handle. 0 through VMCI_RESERVED_RESOURCE_ID_MAX 872 * are reserved handles. Assumes that the QP list mutex is held 873 * by the caller. 874 */ 875static struct qp_guest_endpoint * 876qp_guest_endpoint_create(struct vmci_handle handle, 877 u32 peer, 878 u32 flags, 879 u64 produce_size, 880 u64 consume_size, 881 void *produce_q, 882 void *consume_q) 883{ 884 int result; 885 struct qp_guest_endpoint *entry; 886 /* One page each for the queue headers. */ 887 const u64 num_ppns = DIV_ROUND_UP(produce_size, PAGE_SIZE) + 888 DIV_ROUND_UP(consume_size, PAGE_SIZE) + 2; 889 890 if (vmci_handle_is_invalid(handle)) { 891 u32 context_id = vmci_get_context_id(); 892 893 handle = vmci_make_handle(context_id, VMCI_INVALID_ID); 894 } 895 896 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 897 if (entry) { 898 entry->qp.peer = peer; 899 entry->qp.flags = flags; 900 entry->qp.produce_size = produce_size; 901 entry->qp.consume_size = consume_size; 902 entry->qp.ref_count = 0; 903 entry->num_ppns = num_ppns; 904 entry->produce_q = produce_q; 905 entry->consume_q = consume_q; 906 INIT_LIST_HEAD(&entry->qp.list_item); 907 908 /* Add resource obj */ 909 result = vmci_resource_add(&entry->resource, 910 VMCI_RESOURCE_TYPE_QPAIR_GUEST, 911 handle); 912 entry->qp.handle = vmci_resource_handle(&entry->resource); 913 if ((result != VMCI_SUCCESS) || 914 qp_list_find(&qp_guest_endpoints, entry->qp.handle)) { 915 pr_warn("Failed to add new resource (handle=0x%x:0x%x), error: %d", 916 handle.context, handle.resource, result); 917 kfree(entry); 918 entry = NULL; 919 } 920 } 921 return entry; 922} 923 924/* 925 * Frees a qp_guest_endpoint structure. 926 */ 927static void qp_guest_endpoint_destroy(struct qp_guest_endpoint *entry) 928{ 929 qp_free_ppn_set(&entry->ppn_set); 930 qp_cleanup_queue_mutex(entry->produce_q, entry->consume_q); 931 qp_free_queue(entry->produce_q, entry->qp.produce_size); 932 qp_free_queue(entry->consume_q, entry->qp.consume_size); 933 /* Unlink from resource hash table and free callback */ 934 vmci_resource_remove(&entry->resource); 935 936 kfree(entry); 937} 938 939/* 940 * Helper to make a queue_pairAlloc hypercall when the driver is 941 * supporting a guest device. 942 */ 943static int qp_alloc_hypercall(const struct qp_guest_endpoint *entry) 944{ 945 struct vmci_qp_alloc_msg *alloc_msg; 946 size_t msg_size; 947 size_t ppn_size; 948 int result; 949 950 if (!entry || entry->num_ppns <= 2) 951 return VMCI_ERROR_INVALID_ARGS; 952 953 ppn_size = vmci_use_ppn64() ? sizeof(u64) : sizeof(u32); 954 msg_size = sizeof(*alloc_msg) + 955 (size_t) entry->num_ppns * ppn_size; 956 alloc_msg = kmalloc(msg_size, GFP_KERNEL); 957 if (!alloc_msg) 958 return VMCI_ERROR_NO_MEM; 959 960 alloc_msg->hdr.dst = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID, 961 VMCI_QUEUEPAIR_ALLOC); 962 alloc_msg->hdr.src = VMCI_ANON_SRC_HANDLE; 963 alloc_msg->hdr.payload_size = msg_size - VMCI_DG_HEADERSIZE; 964 alloc_msg->handle = entry->qp.handle; 965 alloc_msg->peer = entry->qp.peer; 966 alloc_msg->flags = entry->qp.flags; 967 alloc_msg->produce_size = entry->qp.produce_size; 968 alloc_msg->consume_size = entry->qp.consume_size; 969 alloc_msg->num_ppns = entry->num_ppns; 970 971 result = qp_populate_ppn_set((u8 *)alloc_msg + sizeof(*alloc_msg), 972 &entry->ppn_set); 973 if (result == VMCI_SUCCESS) 974 result = vmci_send_datagram(&alloc_msg->hdr); 975 976 kfree(alloc_msg); 977 978 return result; 979} 980 981/* 982 * Helper to make a queue_pairDetach hypercall when the driver is 983 * supporting a guest device. 984 */ 985static int qp_detatch_hypercall(struct vmci_handle handle) 986{ 987 struct vmci_qp_detach_msg detach_msg; 988 989 detach_msg.hdr.dst = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID, 990 VMCI_QUEUEPAIR_DETACH); 991 detach_msg.hdr.src = VMCI_ANON_SRC_HANDLE; 992 detach_msg.hdr.payload_size = sizeof(handle); 993 detach_msg.handle = handle; 994 995 return vmci_send_datagram(&detach_msg.hdr); 996} 997 998/* 999 * Adds the given entry to the list. Assumes that the list is locked. 1000 */ 1001static void qp_list_add_entry(struct qp_list *qp_list, struct qp_entry *entry) 1002{ 1003 if (entry) 1004 list_add(&entry->list_item, &qp_list->head); 1005} 1006 1007/* 1008 * Removes the given entry from the list. Assumes that the list is locked. 1009 */ 1010static void qp_list_remove_entry(struct qp_list *qp_list, 1011 struct qp_entry *entry) 1012{ 1013 if (entry) 1014 list_del(&entry->list_item); 1015} 1016 1017/* 1018 * Helper for VMCI queue_pair detach interface. Frees the physical 1019 * pages for the queue pair. 1020 */ 1021static int qp_detatch_guest_work(struct vmci_handle handle) 1022{ 1023 int result; 1024 struct qp_guest_endpoint *entry; 1025 u32 ref_count = ~0; /* To avoid compiler warning below */ 1026 1027 mutex_lock(&qp_guest_endpoints.mutex); 1028 1029 entry = qp_guest_handle_to_entry(handle); 1030 if (!entry) { 1031 mutex_unlock(&qp_guest_endpoints.mutex); 1032 return VMCI_ERROR_NOT_FOUND; 1033 } 1034 1035 if (entry->qp.flags & VMCI_QPFLAG_LOCAL) { 1036 result = VMCI_SUCCESS; 1037 1038 if (entry->qp.ref_count > 1) { 1039 result = qp_notify_peer_local(false, handle); 1040 /* 1041 * We can fail to notify a local queuepair 1042 * because we can't allocate. We still want 1043 * to release the entry if that happens, so 1044 * don't bail out yet. 1045 */ 1046 } 1047 } else { 1048 result = qp_detatch_hypercall(handle); 1049 if (result < VMCI_SUCCESS) { 1050 /* 1051 * We failed to notify a non-local queuepair. 1052 * That other queuepair might still be 1053 * accessing the shared memory, so don't 1054 * release the entry yet. It will get cleaned 1055 * up by VMCIqueue_pair_Exit() if necessary 1056 * (assuming we are going away, otherwise why 1057 * did this fail?). 1058 */ 1059 1060 mutex_unlock(&qp_guest_endpoints.mutex); 1061 return result; 1062 } 1063 } 1064 1065 /* 1066 * If we get here then we either failed to notify a local queuepair, or 1067 * we succeeded in all cases. Release the entry if required. 1068 */ 1069 1070 entry->qp.ref_count--; 1071 if (entry->qp.ref_count == 0) 1072 qp_list_remove_entry(&qp_guest_endpoints, &entry->qp); 1073 1074 /* If we didn't remove the entry, this could change once we unlock. */ 1075 if (entry) 1076 ref_count = entry->qp.ref_count; 1077 1078 mutex_unlock(&qp_guest_endpoints.mutex); 1079 1080 if (ref_count == 0) 1081 qp_guest_endpoint_destroy(entry); 1082 1083 return result; 1084} 1085 1086/* 1087 * This functions handles the actual allocation of a VMCI queue 1088 * pair guest endpoint. Allocates physical pages for the queue 1089 * pair. It makes OS dependent calls through generic wrappers. 1090 */ 1091static int qp_alloc_guest_work(struct vmci_handle *handle, 1092 struct vmci_queue **produce_q, 1093 u64 produce_size, 1094 struct vmci_queue **consume_q, 1095 u64 consume_size, 1096 u32 peer, 1097 u32 flags, 1098 u32 priv_flags) 1099{ 1100 const u64 num_produce_pages = 1101 DIV_ROUND_UP(produce_size, PAGE_SIZE) + 1; 1102 const u64 num_consume_pages = 1103 DIV_ROUND_UP(consume_size, PAGE_SIZE) + 1; 1104 void *my_produce_q = NULL; 1105 void *my_consume_q = NULL; 1106 int result; 1107 struct qp_guest_endpoint *queue_pair_entry = NULL; 1108 1109 if (priv_flags != VMCI_NO_PRIVILEGE_FLAGS) 1110 return VMCI_ERROR_NO_ACCESS; 1111 1112 mutex_lock(&qp_guest_endpoints.mutex); 1113 1114 queue_pair_entry = qp_guest_handle_to_entry(*handle); 1115 if (queue_pair_entry) { 1116 if (queue_pair_entry->qp.flags & VMCI_QPFLAG_LOCAL) { 1117 /* Local attach case. */ 1118 if (queue_pair_entry->qp.ref_count > 1) { 1119 pr_devel("Error attempting to attach more than once\n"); 1120 result = VMCI_ERROR_UNAVAILABLE; 1121 goto error_keep_entry; 1122 } 1123 1124 if (queue_pair_entry->qp.produce_size != consume_size || 1125 queue_pair_entry->qp.consume_size != 1126 produce_size || 1127 queue_pair_entry->qp.flags != 1128 (flags & ~VMCI_QPFLAG_ATTACH_ONLY)) { 1129 pr_devel("Error mismatched queue pair in local attach\n"); 1130 result = VMCI_ERROR_QUEUEPAIR_MISMATCH; 1131 goto error_keep_entry; 1132 } 1133 1134 /* 1135 * Do a local attach. We swap the consume and 1136 * produce queues for the attacher and deliver 1137 * an attach event. 1138 */ 1139 result = qp_notify_peer_local(true, *handle); 1140 if (result < VMCI_SUCCESS) 1141 goto error_keep_entry; 1142 1143 my_produce_q = queue_pair_entry->consume_q; 1144 my_consume_q = queue_pair_entry->produce_q; 1145 goto out; 1146 } 1147 1148 result = VMCI_ERROR_ALREADY_EXISTS; 1149 goto error_keep_entry; 1150 } 1151 1152 my_produce_q = qp_alloc_queue(produce_size, flags); 1153 if (!my_produce_q) { 1154 pr_warn("Error allocating pages for produce queue\n"); 1155 result = VMCI_ERROR_NO_MEM; 1156 goto error; 1157 } 1158 1159 my_consume_q = qp_alloc_queue(consume_size, flags); 1160 if (!my_consume_q) { 1161 pr_warn("Error allocating pages for consume queue\n"); 1162 result = VMCI_ERROR_NO_MEM; 1163 goto error; 1164 } 1165 1166 queue_pair_entry = qp_guest_endpoint_create(*handle, peer, flags, 1167 produce_size, consume_size, 1168 my_produce_q, my_consume_q); 1169 if (!queue_pair_entry) { 1170 pr_warn("Error allocating memory in %s\n", __func__); 1171 result = VMCI_ERROR_NO_MEM; 1172 goto error; 1173 } 1174 1175 result = qp_alloc_ppn_set(my_produce_q, num_produce_pages, my_consume_q, 1176 num_consume_pages, 1177 &queue_pair_entry->ppn_set); 1178 if (result < VMCI_SUCCESS) { 1179 pr_warn("qp_alloc_ppn_set failed\n"); 1180 goto error; 1181 } 1182 1183 /* 1184 * It's only necessary to notify the host if this queue pair will be 1185 * attached to from another context. 1186 */ 1187 if (queue_pair_entry->qp.flags & VMCI_QPFLAG_LOCAL) { 1188 /* Local create case. */ 1189 u32 context_id = vmci_get_context_id(); 1190 1191 /* 1192 * Enforce similar checks on local queue pairs as we 1193 * do for regular ones. The handle's context must 1194 * match the creator or attacher context id (here they 1195 * are both the current context id) and the 1196 * attach-only flag cannot exist during create. We 1197 * also ensure specified peer is this context or an 1198 * invalid one. 1199 */ 1200 if (queue_pair_entry->qp.handle.context != context_id || 1201 (queue_pair_entry->qp.peer != VMCI_INVALID_ID && 1202 queue_pair_entry->qp.peer != context_id)) { 1203 result = VMCI_ERROR_NO_ACCESS; 1204 goto error; 1205 } 1206 1207 if (queue_pair_entry->qp.flags & VMCI_QPFLAG_ATTACH_ONLY) { 1208 result = VMCI_ERROR_NOT_FOUND; 1209 goto error; 1210 } 1211 } else { 1212 result = qp_alloc_hypercall(queue_pair_entry); 1213 if (result < VMCI_SUCCESS) { 1214 pr_warn("qp_alloc_hypercall result = %d\n", result); 1215 goto error; 1216 } 1217 } 1218 1219 qp_init_queue_mutex((struct vmci_queue *)my_produce_q, 1220 (struct vmci_queue *)my_consume_q); 1221 1222 qp_list_add_entry(&qp_guest_endpoints, &queue_pair_entry->qp); 1223 1224 out: 1225 queue_pair_entry->qp.ref_count++; 1226 *handle = queue_pair_entry->qp.handle; 1227 *produce_q = (struct vmci_queue *)my_produce_q; 1228 *consume_q = (struct vmci_queue *)my_consume_q; 1229 1230 /* 1231 * We should initialize the queue pair header pages on a local 1232 * queue pair create. For non-local queue pairs, the 1233 * hypervisor initializes the header pages in the create step. 1234 */ 1235 if ((queue_pair_entry->qp.flags & VMCI_QPFLAG_LOCAL) && 1236 queue_pair_entry->qp.ref_count == 1) { 1237 vmci_q_header_init((*produce_q)->q_header, *handle); 1238 vmci_q_header_init((*consume_q)->q_header, *handle); 1239 } 1240 1241 mutex_unlock(&qp_guest_endpoints.mutex); 1242 1243 return VMCI_SUCCESS; 1244 1245 error: 1246 mutex_unlock(&qp_guest_endpoints.mutex); 1247 if (queue_pair_entry) { 1248 /* The queues will be freed inside the destroy routine. */ 1249 qp_guest_endpoint_destroy(queue_pair_entry); 1250 } else { 1251 qp_free_queue(my_produce_q, produce_size); 1252 qp_free_queue(my_consume_q, consume_size); 1253 } 1254 return result; 1255 1256 error_keep_entry: 1257 /* This path should only be used when an existing entry was found. */ 1258 mutex_unlock(&qp_guest_endpoints.mutex); 1259 return result; 1260} 1261 1262/* 1263 * The first endpoint issuing a queue pair allocation will create the state 1264 * of the queue pair in the queue pair broker. 1265 * 1266 * If the creator is a guest, it will associate a VMX virtual address range 1267 * with the queue pair as specified by the page_store. For compatibility with 1268 * older VMX'en, that would use a separate step to set the VMX virtual 1269 * address range, the virtual address range can be registered later using 1270 * vmci_qp_broker_set_page_store. In that case, a page_store of NULL should be 1271 * used. 1272 * 1273 * If the creator is the host, a page_store of NULL should be used as well, 1274 * since the host is not able to supply a page store for the queue pair. 1275 * 1276 * For older VMX and host callers, the queue pair will be created in the 1277 * VMCIQPB_CREATED_NO_MEM state, and for current VMX callers, it will be 1278 * created in VMCOQPB_CREATED_MEM state. 1279 */ 1280static int qp_broker_create(struct vmci_handle handle, 1281 u32 peer, 1282 u32 flags, 1283 u32 priv_flags, 1284 u64 produce_size, 1285 u64 consume_size, 1286 struct vmci_qp_page_store *page_store, 1287 struct vmci_ctx *context, 1288 vmci_event_release_cb wakeup_cb, 1289 void *client_data, struct qp_broker_entry **ent) 1290{ 1291 struct qp_broker_entry *entry = NULL; 1292 const u32 context_id = vmci_ctx_get_id(context); 1293 bool is_local = flags & VMCI_QPFLAG_LOCAL; 1294 int result; 1295 u64 guest_produce_size; 1296 u64 guest_consume_size; 1297 1298 /* Do not create if the caller asked not to. */ 1299 if (flags & VMCI_QPFLAG_ATTACH_ONLY) 1300 return VMCI_ERROR_NOT_FOUND; 1301 1302 /* 1303 * Creator's context ID should match handle's context ID or the creator 1304 * must allow the context in handle's context ID as the "peer". 1305 */ 1306 if (handle.context != context_id && handle.context != peer) 1307 return VMCI_ERROR_NO_ACCESS; 1308 1309 if (VMCI_CONTEXT_IS_VM(context_id) && VMCI_CONTEXT_IS_VM(peer)) 1310 return VMCI_ERROR_DST_UNREACHABLE; 1311 1312 /* 1313 * Creator's context ID for local queue pairs should match the 1314 * peer, if a peer is specified. 1315 */ 1316 if (is_local && peer != VMCI_INVALID_ID && context_id != peer) 1317 return VMCI_ERROR_NO_ACCESS; 1318 1319 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 1320 if (!entry) 1321 return VMCI_ERROR_NO_MEM; 1322 1323 if (vmci_ctx_get_id(context) == VMCI_HOST_CONTEXT_ID && !is_local) { 1324 /* 1325 * The queue pair broker entry stores values from the guest 1326 * point of view, so a creating host side endpoint should swap 1327 * produce and consume values -- unless it is a local queue 1328 * pair, in which case no swapping is necessary, since the local 1329 * attacher will swap queues. 1330 */ 1331 1332 guest_produce_size = consume_size; 1333 guest_consume_size = produce_size; 1334 } else { 1335 guest_produce_size = produce_size; 1336 guest_consume_size = consume_size; 1337 } 1338 1339 entry->qp.handle = handle; 1340 entry->qp.peer = peer; 1341 entry->qp.flags = flags; 1342 entry->qp.produce_size = guest_produce_size; 1343 entry->qp.consume_size = guest_consume_size; 1344 entry->qp.ref_count = 1; 1345 entry->create_id = context_id; 1346 entry->attach_id = VMCI_INVALID_ID; 1347 entry->state = VMCIQPB_NEW; 1348 entry->require_trusted_attach = 1349 !!(context->priv_flags & VMCI_PRIVILEGE_FLAG_RESTRICTED); 1350 entry->created_by_trusted = 1351 !!(priv_flags & VMCI_PRIVILEGE_FLAG_TRUSTED); 1352 entry->vmci_page_files = false; 1353 entry->wakeup_cb = wakeup_cb; 1354 entry->client_data = client_data; 1355 entry->produce_q = qp_host_alloc_queue(guest_produce_size); 1356 if (entry->produce_q == NULL) { 1357 result = VMCI_ERROR_NO_MEM; 1358 goto error; 1359 } 1360 entry->consume_q = qp_host_alloc_queue(guest_consume_size); 1361 if (entry->consume_q == NULL) { 1362 result = VMCI_ERROR_NO_MEM; 1363 goto error; 1364 } 1365 1366 qp_init_queue_mutex(entry->produce_q, entry->consume_q); 1367 1368 INIT_LIST_HEAD(&entry->qp.list_item); 1369 1370 if (is_local) { 1371 u8 *tmp; 1372 1373 entry->local_mem = kcalloc(QPE_NUM_PAGES(entry->qp), 1374 PAGE_SIZE, GFP_KERNEL); 1375 if (entry->local_mem == NULL) { 1376 result = VMCI_ERROR_NO_MEM; 1377 goto error; 1378 } 1379 entry->state = VMCIQPB_CREATED_MEM; 1380 entry->produce_q->q_header = entry->local_mem; 1381 tmp = (u8 *)entry->local_mem + PAGE_SIZE * 1382 (DIV_ROUND_UP(entry->qp.produce_size, PAGE_SIZE) + 1); 1383 entry->consume_q->q_header = (struct vmci_queue_header *)tmp; 1384 } else if (page_store) { 1385 /* 1386 * The VMX already initialized the queue pair headers, so no 1387 * need for the kernel side to do that. 1388 */ 1389 result = qp_host_register_user_memory(page_store, 1390 entry->produce_q, 1391 entry->consume_q); 1392 if (result < VMCI_SUCCESS) 1393 goto error; 1394 1395 entry->state = VMCIQPB_CREATED_MEM; 1396 } else { 1397 /* 1398 * A create without a page_store may be either a host 1399 * side create (in which case we are waiting for the 1400 * guest side to supply the memory) or an old style 1401 * queue pair create (in which case we will expect a 1402 * set page store call as the next step). 1403 */ 1404 entry->state = VMCIQPB_CREATED_NO_MEM; 1405 } 1406 1407 qp_list_add_entry(&qp_broker_list, &entry->qp); 1408 if (ent != NULL) 1409 *ent = entry; 1410 1411 /* Add to resource obj */ 1412 result = vmci_resource_add(&entry->resource, 1413 VMCI_RESOURCE_TYPE_QPAIR_HOST, 1414 handle); 1415 if (result != VMCI_SUCCESS) { 1416 pr_warn("Failed to add new resource (handle=0x%x:0x%x), error: %d", 1417 handle.context, handle.resource, result); 1418 goto error; 1419 } 1420 1421 entry->qp.handle = vmci_resource_handle(&entry->resource); 1422 if (is_local) { 1423 vmci_q_header_init(entry->produce_q->q_header, 1424 entry->qp.handle); 1425 vmci_q_header_init(entry->consume_q->q_header, 1426 entry->qp.handle); 1427 } 1428 1429 vmci_ctx_qp_create(context, entry->qp.handle); 1430 1431 return VMCI_SUCCESS; 1432 1433 error: 1434 if (entry != NULL) { 1435 qp_host_free_queue(entry->produce_q, guest_produce_size); 1436 qp_host_free_queue(entry->consume_q, guest_consume_size); 1437 kfree(entry); 1438 } 1439 1440 return result; 1441} 1442 1443/* 1444 * Enqueues an event datagram to notify the peer VM attached to 1445 * the given queue pair handle about attach/detach event by the 1446 * given VM. Returns Payload size of datagram enqueued on 1447 * success, error code otherwise. 1448 */ 1449static int qp_notify_peer(bool attach, 1450 struct vmci_handle handle, 1451 u32 my_id, 1452 u32 peer_id) 1453{ 1454 int rv; 1455 struct vmci_event_qp ev; 1456 1457 if (vmci_handle_is_invalid(handle) || my_id == VMCI_INVALID_ID || 1458 peer_id == VMCI_INVALID_ID) 1459 return VMCI_ERROR_INVALID_ARGS; 1460 1461 /* 1462 * In vmci_ctx_enqueue_datagram() we enforce the upper limit on 1463 * number of pending events from the hypervisor to a given VM 1464 * otherwise a rogue VM could do an arbitrary number of attach 1465 * and detach operations causing memory pressure in the host 1466 * kernel. 1467 */ 1468 1469 memset(&ev, 0, sizeof(ev)); 1470 ev.msg.hdr.dst = vmci_make_handle(peer_id, VMCI_EVENT_HANDLER); 1471 ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID, 1472 VMCI_CONTEXT_RESOURCE_ID); 1473 ev.msg.hdr.payload_size = sizeof(ev) - sizeof(ev.msg.hdr); 1474 ev.msg.event_data.event = attach ? 1475 VMCI_EVENT_QP_PEER_ATTACH : VMCI_EVENT_QP_PEER_DETACH; 1476 ev.payload.handle = handle; 1477 ev.payload.peer_id = my_id; 1478 1479 rv = vmci_datagram_dispatch(VMCI_HYPERVISOR_CONTEXT_ID, 1480 &ev.msg.hdr, false); 1481 if (rv < VMCI_SUCCESS) 1482 pr_warn("Failed to enqueue queue_pair %s event datagram for context (ID=0x%x)\n", 1483 attach ? "ATTACH" : "DETACH", peer_id); 1484 1485 return rv; 1486} 1487 1488/* 1489 * The second endpoint issuing a queue pair allocation will attach to 1490 * the queue pair registered with the queue pair broker. 1491 * 1492 * If the attacher is a guest, it will associate a VMX virtual address 1493 * range with the queue pair as specified by the page_store. At this 1494 * point, the already attach host endpoint may start using the queue 1495 * pair, and an attach event is sent to it. For compatibility with 1496 * older VMX'en, that used a separate step to set the VMX virtual 1497 * address range, the virtual address range can be registered later 1498 * using vmci_qp_broker_set_page_store. In that case, a page_store of 1499 * NULL should be used, and the attach event will be generated once 1500 * the actual page store has been set. 1501 * 1502 * If the attacher is the host, a page_store of NULL should be used as 1503 * well, since the page store information is already set by the guest. 1504 * 1505 * For new VMX and host callers, the queue pair will be moved to the 1506 * VMCIQPB_ATTACHED_MEM state, and for older VMX callers, it will be 1507 * moved to the VMCOQPB_ATTACHED_NO_MEM state. 1508 */ 1509static int qp_broker_attach(struct qp_broker_entry *entry, 1510 u32 peer, 1511 u32 flags, 1512 u32 priv_flags, 1513 u64 produce_size, 1514 u64 consume_size, 1515 struct vmci_qp_page_store *page_store, 1516 struct vmci_ctx *context, 1517 vmci_event_release_cb wakeup_cb, 1518 void *client_data, 1519 struct qp_broker_entry **ent) 1520{ 1521 const u32 context_id = vmci_ctx_get_id(context); 1522 bool is_local = flags & VMCI_QPFLAG_LOCAL; 1523 int result; 1524 1525 if (entry->state != VMCIQPB_CREATED_NO_MEM && 1526 entry->state != VMCIQPB_CREATED_MEM) 1527 return VMCI_ERROR_UNAVAILABLE; 1528 1529 if (is_local) { 1530 if (!(entry->qp.flags & VMCI_QPFLAG_LOCAL) || 1531 context_id != entry->create_id) { 1532 return VMCI_ERROR_INVALID_ARGS; 1533 } 1534 } else if (context_id == entry->create_id || 1535 context_id == entry->attach_id) { 1536 return VMCI_ERROR_ALREADY_EXISTS; 1537 } 1538 1539 if (VMCI_CONTEXT_IS_VM(context_id) && 1540 VMCI_CONTEXT_IS_VM(entry->create_id)) 1541 return VMCI_ERROR_DST_UNREACHABLE; 1542 1543 /* 1544 * If we are attaching from a restricted context then the queuepair 1545 * must have been created by a trusted endpoint. 1546 */ 1547 if ((context->priv_flags & VMCI_PRIVILEGE_FLAG_RESTRICTED) && 1548 !entry->created_by_trusted) 1549 return VMCI_ERROR_NO_ACCESS; 1550 1551 /* 1552 * If we are attaching to a queuepair that was created by a restricted 1553 * context then we must be trusted. 1554 */ 1555 if (entry->require_trusted_attach && 1556 (!(priv_flags & VMCI_PRIVILEGE_FLAG_TRUSTED))) 1557 return VMCI_ERROR_NO_ACCESS; 1558 1559 /* 1560 * If the creator specifies VMCI_INVALID_ID in "peer" field, access 1561 * control check is not performed. 1562 */ 1563 if (entry->qp.peer != VMCI_INVALID_ID && entry->qp.peer != context_id) 1564 return VMCI_ERROR_NO_ACCESS; 1565 1566 if (entry->create_id == VMCI_HOST_CONTEXT_ID) { 1567 /* 1568 * Do not attach if the caller doesn't support Host Queue Pairs 1569 * and a host created this queue pair. 1570 */ 1571 1572 if (!vmci_ctx_supports_host_qp(context)) 1573 return VMCI_ERROR_INVALID_RESOURCE; 1574 1575 } else if (context_id == VMCI_HOST_CONTEXT_ID) { 1576 struct vmci_ctx *create_context; 1577 bool supports_host_qp; 1578 1579 /* 1580 * Do not attach a host to a user created queue pair if that 1581 * user doesn't support host queue pair end points. 1582 */ 1583 1584 create_context = vmci_ctx_get(entry->create_id); 1585 supports_host_qp = vmci_ctx_supports_host_qp(create_context); 1586 vmci_ctx_put(create_context); 1587 1588 if (!supports_host_qp) 1589 return VMCI_ERROR_INVALID_RESOURCE; 1590 } 1591 1592 if ((entry->qp.flags & ~VMCI_QP_ASYMM) != (flags & ~VMCI_QP_ASYMM_PEER)) 1593 return VMCI_ERROR_QUEUEPAIR_MISMATCH; 1594 1595 if (context_id != VMCI_HOST_CONTEXT_ID) { 1596 /* 1597 * The queue pair broker entry stores values from the guest 1598 * point of view, so an attaching guest should match the values 1599 * stored in the entry. 1600 */ 1601 1602 if (entry->qp.produce_size != produce_size || 1603 entry->qp.consume_size != consume_size) { 1604 return VMCI_ERROR_QUEUEPAIR_MISMATCH; 1605 } 1606 } else if (entry->qp.produce_size != consume_size || 1607 entry->qp.consume_size != produce_size) { 1608 return VMCI_ERROR_QUEUEPAIR_MISMATCH; 1609 } 1610 1611 if (context_id != VMCI_HOST_CONTEXT_ID) { 1612 /* 1613 * If a guest attached to a queue pair, it will supply 1614 * the backing memory. If this is a pre NOVMVM vmx, 1615 * the backing memory will be supplied by calling 1616 * vmci_qp_broker_set_page_store() following the 1617 * return of the vmci_qp_broker_alloc() call. If it is 1618 * a vmx of version NOVMVM or later, the page store 1619 * must be supplied as part of the 1620 * vmci_qp_broker_alloc call. Under all circumstances 1621 * must the initially created queue pair not have any 1622 * memory associated with it already. 1623 */ 1624 1625 if (entry->state != VMCIQPB_CREATED_NO_MEM) 1626 return VMCI_ERROR_INVALID_ARGS; 1627 1628 if (page_store != NULL) { 1629 /* 1630 * Patch up host state to point to guest 1631 * supplied memory. The VMX already 1632 * initialized the queue pair headers, so no 1633 * need for the kernel side to do that. 1634 */ 1635 1636 result = qp_host_register_user_memory(page_store, 1637 entry->produce_q, 1638 entry->consume_q); 1639 if (result < VMCI_SUCCESS) 1640 return result; 1641 1642 entry->state = VMCIQPB_ATTACHED_MEM; 1643 } else { 1644 entry->state = VMCIQPB_ATTACHED_NO_MEM; 1645 } 1646 } else if (entry->state == VMCIQPB_CREATED_NO_MEM) { 1647 /* 1648 * The host side is attempting to attach to a queue 1649 * pair that doesn't have any memory associated with 1650 * it. This must be a pre NOVMVM vmx that hasn't set 1651 * the page store information yet, or a quiesced VM. 1652 */ 1653 1654 return VMCI_ERROR_UNAVAILABLE; 1655 } else { 1656 /* The host side has successfully attached to a queue pair. */ 1657 entry->state = VMCIQPB_ATTACHED_MEM; 1658 } 1659 1660 if (entry->state == VMCIQPB_ATTACHED_MEM) { 1661 result = 1662 qp_notify_peer(true, entry->qp.handle, context_id, 1663 entry->create_id); 1664 if (result < VMCI_SUCCESS) 1665 pr_warn("Failed to notify peer (ID=0x%x) of attach to queue pair (handle=0x%x:0x%x)\n", 1666 entry->create_id, entry->qp.handle.context, 1667 entry->qp.handle.resource); 1668 } 1669 1670 entry->attach_id = context_id; 1671 entry->qp.ref_count++; 1672 if (wakeup_cb) { 1673 entry->wakeup_cb = wakeup_cb; 1674 entry->client_data = client_data; 1675 } 1676 1677 /* 1678 * When attaching to local queue pairs, the context already has 1679 * an entry tracking the queue pair, so don't add another one. 1680 */ 1681 if (!is_local) 1682 vmci_ctx_qp_create(context, entry->qp.handle); 1683 1684 if (ent != NULL) 1685 *ent = entry; 1686 1687 return VMCI_SUCCESS; 1688} 1689 1690/* 1691 * queue_pair_Alloc for use when setting up queue pair endpoints 1692 * on the host. 1693 */ 1694static int qp_broker_alloc(struct vmci_handle handle, 1695 u32 peer, 1696 u32 flags, 1697 u32 priv_flags, 1698 u64 produce_size, 1699 u64 consume_size, 1700 struct vmci_qp_page_store *page_store, 1701 struct vmci_ctx *context, 1702 vmci_event_release_cb wakeup_cb, 1703 void *client_data, 1704 struct qp_broker_entry **ent, 1705 bool *swap) 1706{ 1707 const u32 context_id = vmci_ctx_get_id(context); 1708 bool create; 1709 struct qp_broker_entry *entry = NULL; 1710 bool is_local = flags & VMCI_QPFLAG_LOCAL; 1711 int result; 1712 1713 if (vmci_handle_is_invalid(handle) || 1714 (flags & ~VMCI_QP_ALL_FLAGS) || is_local || 1715 !(produce_size || consume_size) || 1716 !context || context_id == VMCI_INVALID_ID || 1717 handle.context == VMCI_INVALID_ID) { 1718 return VMCI_ERROR_INVALID_ARGS; 1719 } 1720 1721 if (page_store && !VMCI_QP_PAGESTORE_IS_WELLFORMED(page_store)) 1722 return VMCI_ERROR_INVALID_ARGS; 1723 1724 /* 1725 * In the initial argument check, we ensure that non-vmkernel hosts 1726 * are not allowed to create local queue pairs. 1727 */ 1728 1729 mutex_lock(&qp_broker_list.mutex); 1730 1731 if (!is_local && vmci_ctx_qp_exists(context, handle)) { 1732 pr_devel("Context (ID=0x%x) already attached to queue pair (handle=0x%x:0x%x)\n", 1733 context_id, handle.context, handle.resource); 1734 mutex_unlock(&qp_broker_list.mutex); 1735 return VMCI_ERROR_ALREADY_EXISTS; 1736 } 1737 1738 if (handle.resource != VMCI_INVALID_ID) 1739 entry = qp_broker_handle_to_entry(handle); 1740 1741 if (!entry) { 1742 create = true; 1743 result = 1744 qp_broker_create(handle, peer, flags, priv_flags, 1745 produce_size, consume_size, page_store, 1746 context, wakeup_cb, client_data, ent); 1747 } else { 1748 create = false; 1749 result = 1750 qp_broker_attach(entry, peer, flags, priv_flags, 1751 produce_size, consume_size, page_store, 1752 context, wakeup_cb, client_data, ent); 1753 } 1754 1755 mutex_unlock(&qp_broker_list.mutex); 1756 1757 if (swap) 1758 *swap = (context_id == VMCI_HOST_CONTEXT_ID) && 1759 !(create && is_local); 1760 1761 return result; 1762} 1763 1764/* 1765 * This function implements the kernel API for allocating a queue 1766 * pair. 1767 */ 1768static int qp_alloc_host_work(struct vmci_handle *handle, 1769 struct vmci_queue **produce_q, 1770 u64 produce_size, 1771 struct vmci_queue **consume_q, 1772 u64 consume_size, 1773 u32 peer, 1774 u32 flags, 1775 u32 priv_flags, 1776 vmci_event_release_cb wakeup_cb, 1777 void *client_data) 1778{ 1779 struct vmci_handle new_handle; 1780 struct vmci_ctx *context; 1781 struct qp_broker_entry *entry; 1782 int result; 1783 bool swap; 1784 1785 if (vmci_handle_is_invalid(*handle)) { 1786 new_handle = vmci_make_handle( 1787 VMCI_HOST_CONTEXT_ID, VMCI_INVALID_ID); 1788 } else 1789 new_handle = *handle; 1790 1791 context = vmci_ctx_get(VMCI_HOST_CONTEXT_ID); 1792 entry = NULL; 1793 result = 1794 qp_broker_alloc(new_handle, peer, flags, priv_flags, 1795 produce_size, consume_size, NULL, context, 1796 wakeup_cb, client_data, &entry, &swap); 1797 if (result == VMCI_SUCCESS) { 1798 if (swap) { 1799 /* 1800 * If this is a local queue pair, the attacher 1801 * will swap around produce and consume 1802 * queues. 1803 */ 1804 1805 *produce_q = entry->consume_q; 1806 *consume_q = entry->produce_q; 1807 } else { 1808 *produce_q = entry->produce_q; 1809 *consume_q = entry->consume_q; 1810 } 1811 1812 *handle = vmci_resource_handle(&entry->resource); 1813 } else { 1814 *handle = VMCI_INVALID_HANDLE; 1815 pr_devel("queue pair broker failed to alloc (result=%d)\n", 1816 result); 1817 } 1818 vmci_ctx_put(context); 1819 return result; 1820} 1821 1822/* 1823 * Allocates a VMCI queue_pair. Only checks validity of input 1824 * arguments. The real work is done in the host or guest 1825 * specific function. 1826 */ 1827int vmci_qp_alloc(struct vmci_handle *handle, 1828 struct vmci_queue **produce_q, 1829 u64 produce_size, 1830 struct vmci_queue **consume_q, 1831 u64 consume_size, 1832 u32 peer, 1833 u32 flags, 1834 u32 priv_flags, 1835 bool guest_endpoint, 1836 vmci_event_release_cb wakeup_cb, 1837 void *client_data) 1838{ 1839 if (!handle || !produce_q || !consume_q || 1840 (!produce_size && !consume_size) || (flags & ~VMCI_QP_ALL_FLAGS)) 1841 return VMCI_ERROR_INVALID_ARGS; 1842 1843 if (guest_endpoint) { 1844 return qp_alloc_guest_work(handle, produce_q, 1845 produce_size, consume_q, 1846 consume_size, peer, 1847 flags, priv_flags); 1848 } else { 1849 return qp_alloc_host_work(handle, produce_q, 1850 produce_size, consume_q, 1851 consume_size, peer, flags, 1852 priv_flags, wakeup_cb, client_data); 1853 } 1854} 1855 1856/* 1857 * This function implements the host kernel API for detaching from 1858 * a queue pair. 1859 */ 1860static int qp_detatch_host_work(struct vmci_handle handle) 1861{ 1862 int result; 1863 struct vmci_ctx *context; 1864 1865 context = vmci_ctx_get(VMCI_HOST_CONTEXT_ID); 1866 1867 result = vmci_qp_broker_detach(handle, context); 1868 1869 vmci_ctx_put(context); 1870 return result; 1871} 1872 1873/* 1874 * Detaches from a VMCI queue_pair. Only checks validity of input argument. 1875 * Real work is done in the host or guest specific function. 1876 */ 1877static int qp_detatch(struct vmci_handle handle, bool guest_endpoint) 1878{ 1879 if (vmci_handle_is_invalid(handle)) 1880 return VMCI_ERROR_INVALID_ARGS; 1881 1882 if (guest_endpoint) 1883 return qp_detatch_guest_work(handle); 1884 else 1885 return qp_detatch_host_work(handle); 1886} 1887 1888/* 1889 * Returns the entry from the head of the list. Assumes that the list is 1890 * locked. 1891 */ 1892static struct qp_entry *qp_list_get_head(struct qp_list *qp_list) 1893{ 1894 if (!list_empty(&qp_list->head)) { 1895 struct qp_entry *entry = 1896 list_first_entry(&qp_list->head, struct qp_entry, 1897 list_item); 1898 return entry; 1899 } 1900 1901 return NULL; 1902} 1903 1904void vmci_qp_broker_exit(void) 1905{ 1906 struct qp_entry *entry; 1907 struct qp_broker_entry *be; 1908 1909 mutex_lock(&qp_broker_list.mutex); 1910 1911 while ((entry = qp_list_get_head(&qp_broker_list))) { 1912 be = (struct qp_broker_entry *)entry; 1913 1914 qp_list_remove_entry(&qp_broker_list, entry); 1915 kfree(be); 1916 } 1917 1918 mutex_unlock(&qp_broker_list.mutex); 1919} 1920 1921/* 1922 * Requests that a queue pair be allocated with the VMCI queue 1923 * pair broker. Allocates a queue pair entry if one does not 1924 * exist. Attaches to one if it exists, and retrieves the page 1925 * files backing that queue_pair. Assumes that the queue pair 1926 * broker lock is held. 1927 */ 1928int vmci_qp_broker_alloc(struct vmci_handle handle, 1929 u32 peer, 1930 u32 flags, 1931 u32 priv_flags, 1932 u64 produce_size, 1933 u64 consume_size, 1934 struct vmci_qp_page_store *page_store, 1935 struct vmci_ctx *context) 1936{ 1937 return qp_broker_alloc(handle, peer, flags, priv_flags, 1938 produce_size, consume_size, 1939 page_store, context, NULL, NULL, NULL, NULL); 1940} 1941 1942/* 1943 * VMX'en with versions lower than VMCI_VERSION_NOVMVM use a separate 1944 * step to add the UVAs of the VMX mapping of the queue pair. This function 1945 * provides backwards compatibility with such VMX'en, and takes care of 1946 * registering the page store for a queue pair previously allocated by the 1947 * VMX during create or attach. This function will move the queue pair state 1948 * to either from VMCIQBP_CREATED_NO_MEM to VMCIQBP_CREATED_MEM or 1949 * VMCIQBP_ATTACHED_NO_MEM to VMCIQBP_ATTACHED_MEM. If moving to the 1950 * attached state with memory, the queue pair is ready to be used by the 1951 * host peer, and an attached event will be generated. 1952 * 1953 * Assumes that the queue pair broker lock is held. 1954 * 1955 * This function is only used by the hosted platform, since there is no 1956 * issue with backwards compatibility for vmkernel. 1957 */ 1958int vmci_qp_broker_set_page_store(struct vmci_handle handle, 1959 u64 produce_uva, 1960 u64 consume_uva, 1961 struct vmci_ctx *context) 1962{ 1963 struct qp_broker_entry *entry; 1964 int result; 1965 const u32 context_id = vmci_ctx_get_id(context); 1966 1967 if (vmci_handle_is_invalid(handle) || !context || 1968 context_id == VMCI_INVALID_ID) 1969 return VMCI_ERROR_INVALID_ARGS; 1970 1971 /* 1972 * We only support guest to host queue pairs, so the VMX must 1973 * supply UVAs for the mapped page files. 1974 */ 1975 1976 if (produce_uva == 0 || consume_uva == 0) 1977 return VMCI_ERROR_INVALID_ARGS; 1978 1979 mutex_lock(&qp_broker_list.mutex); 1980 1981 if (!vmci_ctx_qp_exists(context, handle)) { 1982 pr_warn("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n", 1983 context_id, handle.context, handle.resource); 1984 result = VMCI_ERROR_NOT_FOUND; 1985 goto out; 1986 } 1987 1988 entry = qp_broker_handle_to_entry(handle); 1989 if (!entry) { 1990 result = VMCI_ERROR_NOT_FOUND; 1991 goto out; 1992 } 1993 1994 /* 1995 * If I'm the owner then I can set the page store. 1996 * 1997 * Or, if a host created the queue_pair and I'm the attached peer 1998 * then I can set the page store. 1999 */ 2000 if (entry->create_id != context_id && 2001 (entry->create_id != VMCI_HOST_CONTEXT_ID || 2002 entry->attach_id != context_id)) { 2003 result = VMCI_ERROR_QUEUEPAIR_NOTOWNER; 2004 goto out; 2005 } 2006 2007 if (entry->state != VMCIQPB_CREATED_NO_MEM && 2008 entry->state != VMCIQPB_ATTACHED_NO_MEM) { 2009 result = VMCI_ERROR_UNAVAILABLE; 2010 goto out; 2011 } 2012 2013 result = qp_host_get_user_memory(produce_uva, consume_uva, 2014 entry->produce_q, entry->consume_q); 2015 if (result < VMCI_SUCCESS) 2016 goto out; 2017 2018 result = qp_host_map_queues(entry->produce_q, entry->consume_q); 2019 if (result < VMCI_SUCCESS) { 2020 qp_host_unregister_user_memory(entry->produce_q, 2021 entry->consume_q); 2022 goto out; 2023 } 2024 2025 if (entry->state == VMCIQPB_CREATED_NO_MEM) 2026 entry->state = VMCIQPB_CREATED_MEM; 2027 else 2028 entry->state = VMCIQPB_ATTACHED_MEM; 2029 2030 entry->vmci_page_files = true; 2031 2032 if (entry->state == VMCIQPB_ATTACHED_MEM) { 2033 result = 2034 qp_notify_peer(true, handle, context_id, entry->create_id); 2035 if (result < VMCI_SUCCESS) { 2036 pr_warn("Failed to notify peer (ID=0x%x) of attach to queue pair (handle=0x%x:0x%x)\n", 2037 entry->create_id, entry->qp.handle.context, 2038 entry->qp.handle.resource); 2039 } 2040 } 2041 2042 result = VMCI_SUCCESS; 2043 out: 2044 mutex_unlock(&qp_broker_list.mutex); 2045 return result; 2046} 2047 2048/* 2049 * Resets saved queue headers for the given QP broker 2050 * entry. Should be used when guest memory becomes available 2051 * again, or the guest detaches. 2052 */ 2053static void qp_reset_saved_headers(struct qp_broker_entry *entry) 2054{ 2055 entry->produce_q->saved_header = NULL; 2056 entry->consume_q->saved_header = NULL; 2057} 2058 2059/* 2060 * The main entry point for detaching from a queue pair registered with the 2061 * queue pair broker. If more than one endpoint is attached to the queue 2062 * pair, the first endpoint will mainly decrement a reference count and 2063 * generate a notification to its peer. The last endpoint will clean up 2064 * the queue pair state registered with the broker. 2065 * 2066 * When a guest endpoint detaches, it will unmap and unregister the guest 2067 * memory backing the queue pair. If the host is still attached, it will 2068 * no longer be able to access the queue pair content. 2069 * 2070 * If the queue pair is already in a state where there is no memory 2071 * registered for the queue pair (any *_NO_MEM state), it will transition to 2072 * the VMCIQPB_SHUTDOWN_NO_MEM state. This will also happen, if a guest 2073 * endpoint is the first of two endpoints to detach. If the host endpoint is 2074 * the first out of two to detach, the queue pair will move to the 2075 * VMCIQPB_SHUTDOWN_MEM state. 2076 */ 2077int vmci_qp_broker_detach(struct vmci_handle handle, struct vmci_ctx *context) 2078{ 2079 struct qp_broker_entry *entry; 2080 const u32 context_id = vmci_ctx_get_id(context); 2081 u32 peer_id; 2082 bool is_local = false; 2083 int result; 2084 2085 if (vmci_handle_is_invalid(handle) || !context || 2086 context_id == VMCI_INVALID_ID) { 2087 return VMCI_ERROR_INVALID_ARGS; 2088 } 2089 2090 mutex_lock(&qp_broker_list.mutex); 2091 2092 if (!vmci_ctx_qp_exists(context, handle)) { 2093 pr_devel("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n", 2094 context_id, handle.context, handle.resource); 2095 result = VMCI_ERROR_NOT_FOUND; 2096 goto out; 2097 } 2098 2099 entry = qp_broker_handle_to_entry(handle); 2100 if (!entry) { 2101 pr_devel("Context (ID=0x%x) reports being attached to queue pair(handle=0x%x:0x%x) that isn't present in broker\n", 2102 context_id, handle.context, handle.resource); 2103 result = VMCI_ERROR_NOT_FOUND; 2104 goto out; 2105 } 2106 2107 if (context_id != entry->create_id && context_id != entry->attach_id) { 2108 result = VMCI_ERROR_QUEUEPAIR_NOTATTACHED; 2109 goto out; 2110 } 2111 2112 if (context_id == entry->create_id) { 2113 peer_id = entry->attach_id; 2114 entry->create_id = VMCI_INVALID_ID; 2115 } else { 2116 peer_id = entry->create_id; 2117 entry->attach_id = VMCI_INVALID_ID; 2118 } 2119 entry->qp.ref_count--; 2120 2121 is_local = entry->qp.flags & VMCI_QPFLAG_LOCAL; 2122 2123 if (context_id != VMCI_HOST_CONTEXT_ID) { 2124 bool headers_mapped; 2125 2126 /* 2127 * Pre NOVMVM vmx'en may detach from a queue pair 2128 * before setting the page store, and in that case 2129 * there is no user memory to detach from. Also, more 2130 * recent VMX'en may detach from a queue pair in the 2131 * quiesced state. 2132 */ 2133 2134 qp_acquire_queue_mutex(entry->produce_q); 2135 headers_mapped = entry->produce_q->q_header || 2136 entry->consume_q->q_header; 2137 if (QPBROKERSTATE_HAS_MEM(entry)) { 2138 result = 2139 qp_host_unmap_queues(INVALID_VMCI_GUEST_MEM_ID, 2140 entry->produce_q, 2141 entry->consume_q); 2142 if (result < VMCI_SUCCESS) 2143 pr_warn("Failed to unmap queue headers for queue pair (handle=0x%x:0x%x,result=%d)\n", 2144 handle.context, handle.resource, 2145 result); 2146 2147 qp_host_unregister_user_memory(entry->produce_q, 2148 entry->consume_q); 2149 2150 } 2151 2152 if (!headers_mapped) 2153 qp_reset_saved_headers(entry); 2154 2155 qp_release_queue_mutex(entry->produce_q); 2156 2157 if (!headers_mapped && entry->wakeup_cb) 2158 entry->wakeup_cb(entry->client_data); 2159 2160 } else { 2161 if (entry->wakeup_cb) { 2162 entry->wakeup_cb = NULL; 2163 entry->client_data = NULL; 2164 } 2165 } 2166 2167 if (entry->qp.ref_count == 0) { 2168 qp_list_remove_entry(&qp_broker_list, &entry->qp); 2169 2170 if (is_local) 2171 kfree(entry->local_mem); 2172 2173 qp_cleanup_queue_mutex(entry->produce_q, entry->consume_q); 2174 qp_host_free_queue(entry->produce_q, entry->qp.produce_size); 2175 qp_host_free_queue(entry->consume_q, entry->qp.consume_size); 2176 /* Unlink from resource hash table and free callback */ 2177 vmci_resource_remove(&entry->resource); 2178 2179 kfree(entry); 2180 2181 vmci_ctx_qp_destroy(context, handle); 2182 } else { 2183 qp_notify_peer(false, handle, context_id, peer_id); 2184 if (context_id == VMCI_HOST_CONTEXT_ID && 2185 QPBROKERSTATE_HAS_MEM(entry)) { 2186 entry->state = VMCIQPB_SHUTDOWN_MEM; 2187 } else { 2188 entry->state = VMCIQPB_SHUTDOWN_NO_MEM; 2189 } 2190 2191 if (!is_local) 2192 vmci_ctx_qp_destroy(context, handle); 2193 2194 } 2195 result = VMCI_SUCCESS; 2196 out: 2197 mutex_unlock(&qp_broker_list.mutex); 2198 return result; 2199} 2200 2201/* 2202 * Establishes the necessary mappings for a queue pair given a 2203 * reference to the queue pair guest memory. This is usually 2204 * called when a guest is unquiesced and the VMX is allowed to 2205 * map guest memory once again. 2206 */ 2207int vmci_qp_broker_map(struct vmci_handle handle, 2208 struct vmci_ctx *context, 2209 u64 guest_mem) 2210{ 2211 struct qp_broker_entry *entry; 2212 const u32 context_id = vmci_ctx_get_id(context); 2213 int result; 2214 2215 if (vmci_handle_is_invalid(handle) || !context || 2216 context_id == VMCI_INVALID_ID) 2217 return VMCI_ERROR_INVALID_ARGS; 2218 2219 mutex_lock(&qp_broker_list.mutex); 2220 2221 if (!vmci_ctx_qp_exists(context, handle)) { 2222 pr_devel("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n", 2223 context_id, handle.context, handle.resource); 2224 result = VMCI_ERROR_NOT_FOUND; 2225 goto out; 2226 } 2227 2228 entry = qp_broker_handle_to_entry(handle); 2229 if (!entry) { 2230 pr_devel("Context (ID=0x%x) reports being attached to queue pair (handle=0x%x:0x%x) that isn't present in broker\n", 2231 context_id, handle.context, handle.resource); 2232 result = VMCI_ERROR_NOT_FOUND; 2233 goto out; 2234 } 2235 2236 if (context_id != entry->create_id && context_id != entry->attach_id) { 2237 result = VMCI_ERROR_QUEUEPAIR_NOTATTACHED; 2238 goto out; 2239 } 2240 2241 result = VMCI_SUCCESS; 2242 2243 if (context_id != VMCI_HOST_CONTEXT_ID && 2244 !QPBROKERSTATE_HAS_MEM(entry)) { 2245 struct vmci_qp_page_store page_store; 2246 2247 page_store.pages = guest_mem; 2248 page_store.len = QPE_NUM_PAGES(entry->qp); 2249 2250 qp_acquire_queue_mutex(entry->produce_q); 2251 qp_reset_saved_headers(entry); 2252 result = 2253 qp_host_register_user_memory(&page_store, 2254 entry->produce_q, 2255 entry->consume_q); 2256 qp_release_queue_mutex(entry->produce_q); 2257 if (result == VMCI_SUCCESS) { 2258 /* Move state from *_NO_MEM to *_MEM */ 2259 2260 entry->state++; 2261 2262 if (entry->wakeup_cb) 2263 entry->wakeup_cb(entry->client_data); 2264 } 2265 } 2266 2267 out: 2268 mutex_unlock(&qp_broker_list.mutex); 2269 return result; 2270} 2271 2272/* 2273 * Saves a snapshot of the queue headers for the given QP broker 2274 * entry. Should be used when guest memory is unmapped. 2275 * Results: 2276 * VMCI_SUCCESS on success, appropriate error code if guest memory 2277 * can't be accessed.. 2278 */ 2279static int qp_save_headers(struct qp_broker_entry *entry) 2280{ 2281 int result; 2282 2283 if (entry->produce_q->saved_header != NULL && 2284 entry->consume_q->saved_header != NULL) { 2285 /* 2286 * If the headers have already been saved, we don't need to do 2287 * it again, and we don't want to map in the headers 2288 * unnecessarily. 2289 */ 2290 2291 return VMCI_SUCCESS; 2292 } 2293 2294 if (NULL == entry->produce_q->q_header || 2295 NULL == entry->consume_q->q_header) { 2296 result = qp_host_map_queues(entry->produce_q, entry->consume_q); 2297 if (result < VMCI_SUCCESS) 2298 return result; 2299 } 2300 2301 memcpy(&entry->saved_produce_q, entry->produce_q->q_header, 2302 sizeof(entry->saved_produce_q)); 2303 entry->produce_q->saved_header = &entry->saved_produce_q; 2304 memcpy(&entry->saved_consume_q, entry->consume_q->q_header, 2305 sizeof(entry->saved_consume_q)); 2306 entry->consume_q->saved_header = &entry->saved_consume_q; 2307 2308 return VMCI_SUCCESS; 2309} 2310 2311/* 2312 * Removes all references to the guest memory of a given queue pair, and 2313 * will move the queue pair from state *_MEM to *_NO_MEM. It is usually 2314 * called when a VM is being quiesced where access to guest memory should 2315 * avoided. 2316 */ 2317int vmci_qp_broker_unmap(struct vmci_handle handle, 2318 struct vmci_ctx *context, 2319 u32 gid) 2320{ 2321 struct qp_broker_entry *entry; 2322 const u32 context_id = vmci_ctx_get_id(context); 2323 int result; 2324 2325 if (vmci_handle_is_invalid(handle) || !context || 2326 context_id == VMCI_INVALID_ID) 2327 return VMCI_ERROR_INVALID_ARGS; 2328 2329 mutex_lock(&qp_broker_list.mutex); 2330 2331 if (!vmci_ctx_qp_exists(context, handle)) { 2332 pr_devel("Context (ID=0x%x) not attached to queue pair (handle=0x%x:0x%x)\n", 2333 context_id, handle.context, handle.resource); 2334 result = VMCI_ERROR_NOT_FOUND; 2335 goto out; 2336 } 2337 2338 entry = qp_broker_handle_to_entry(handle); 2339 if (!entry) { 2340 pr_devel("Context (ID=0x%x) reports being attached to queue pair (handle=0x%x:0x%x) that isn't present in broker\n", 2341 context_id, handle.context, handle.resource); 2342 result = VMCI_ERROR_NOT_FOUND; 2343 goto out; 2344 } 2345 2346 if (context_id != entry->create_id && context_id != entry->attach_id) { 2347 result = VMCI_ERROR_QUEUEPAIR_NOTATTACHED; 2348 goto out; 2349 } 2350 2351 if (context_id != VMCI_HOST_CONTEXT_ID && 2352 QPBROKERSTATE_HAS_MEM(entry)) { 2353 qp_acquire_queue_mutex(entry->produce_q); 2354 result = qp_save_headers(entry); 2355 if (result < VMCI_SUCCESS) 2356 pr_warn("Failed to save queue headers for queue pair (handle=0x%x:0x%x,result=%d)\n", 2357 handle.context, handle.resource, result); 2358 2359 qp_host_unmap_queues(gid, entry->produce_q, entry->consume_q); 2360 2361 /* 2362 * On hosted, when we unmap queue pairs, the VMX will also 2363 * unmap the guest memory, so we invalidate the previously 2364 * registered memory. If the queue pair is mapped again at a 2365 * later point in time, we will need to reregister the user 2366 * memory with a possibly new user VA. 2367 */ 2368 qp_host_unregister_user_memory(entry->produce_q, 2369 entry->consume_q); 2370 2371 /* 2372 * Move state from *_MEM to *_NO_MEM. 2373 */ 2374 entry->state--; 2375 2376 qp_release_queue_mutex(entry->produce_q); 2377 } 2378 2379 result = VMCI_SUCCESS; 2380 2381 out: 2382 mutex_unlock(&qp_broker_list.mutex); 2383 return result; 2384} 2385 2386/* 2387 * Destroys all guest queue pair endpoints. If active guest queue 2388 * pairs still exist, hypercalls to attempt detach from these 2389 * queue pairs will be made. Any failure to detach is silently 2390 * ignored. 2391 */ 2392void vmci_qp_guest_endpoints_exit(void) 2393{ 2394 struct qp_entry *entry; 2395 struct qp_guest_endpoint *ep; 2396 2397 mutex_lock(&qp_guest_endpoints.mutex); 2398 2399 while ((entry = qp_list_get_head(&qp_guest_endpoints))) { 2400 ep = (struct qp_guest_endpoint *)entry; 2401 2402 /* Don't make a hypercall for local queue_pairs. */ 2403 if (!(entry->flags & VMCI_QPFLAG_LOCAL)) 2404 qp_detatch_hypercall(entry->handle); 2405 2406 /* We cannot fail the exit, so let's reset ref_count. */ 2407 entry->ref_count = 0; 2408 qp_list_remove_entry(&qp_guest_endpoints, entry); 2409 2410 qp_guest_endpoint_destroy(ep); 2411 } 2412 2413 mutex_unlock(&qp_guest_endpoints.mutex); 2414} 2415 2416/* 2417 * Helper routine that will lock the queue pair before subsequent 2418 * operations. 2419 * Note: Non-blocking on the host side is currently only implemented in ESX. 2420 * Since non-blocking isn't yet implemented on the host personality we 2421 * have no reason to acquire a spin lock. So to avoid the use of an 2422 * unnecessary lock only acquire the mutex if we can block. 2423 */ 2424static void qp_lock(const struct vmci_qp *qpair) 2425{ 2426 qp_acquire_queue_mutex(qpair->produce_q); 2427} 2428 2429/* 2430 * Helper routine that unlocks the queue pair after calling 2431 * qp_lock. 2432 */ 2433static void qp_unlock(const struct vmci_qp *qpair) 2434{ 2435 qp_release_queue_mutex(qpair->produce_q); 2436} 2437 2438/* 2439 * The queue headers may not be mapped at all times. If a queue is 2440 * currently not mapped, it will be attempted to do so. 2441 */ 2442static int qp_map_queue_headers(struct vmci_queue *produce_q, 2443 struct vmci_queue *consume_q) 2444{ 2445 int result; 2446 2447 if (NULL == produce_q->q_header || NULL == consume_q->q_header) { 2448 result = qp_host_map_queues(produce_q, consume_q); 2449 if (result < VMCI_SUCCESS) 2450 return (produce_q->saved_header && 2451 consume_q->saved_header) ? 2452 VMCI_ERROR_QUEUEPAIR_NOT_READY : 2453 VMCI_ERROR_QUEUEPAIR_NOTATTACHED; 2454 } 2455 2456 return VMCI_SUCCESS; 2457} 2458 2459/* 2460 * Helper routine that will retrieve the produce and consume 2461 * headers of a given queue pair. If the guest memory of the 2462 * queue pair is currently not available, the saved queue headers 2463 * will be returned, if these are available. 2464 */ 2465static int qp_get_queue_headers(const struct vmci_qp *qpair, 2466 struct vmci_queue_header **produce_q_header, 2467 struct vmci_queue_header **consume_q_header) 2468{ 2469 int result; 2470 2471 result = qp_map_queue_headers(qpair->produce_q, qpair->consume_q); 2472 if (result == VMCI_SUCCESS) { 2473 *produce_q_header = qpair->produce_q->q_header; 2474 *consume_q_header = qpair->consume_q->q_header; 2475 } else if (qpair->produce_q->saved_header && 2476 qpair->consume_q->saved_header) { 2477 *produce_q_header = qpair->produce_q->saved_header; 2478 *consume_q_header = qpair->consume_q->saved_header; 2479 result = VMCI_SUCCESS; 2480 } 2481 2482 return result; 2483} 2484 2485/* 2486 * Callback from VMCI queue pair broker indicating that a queue 2487 * pair that was previously not ready, now either is ready or 2488 * gone forever. 2489 */ 2490static int qp_wakeup_cb(void *client_data) 2491{ 2492 struct vmci_qp *qpair = (struct vmci_qp *)client_data; 2493 2494 qp_lock(qpair); 2495 while (qpair->blocked > 0) { 2496 qpair->blocked--; 2497 qpair->generation++; 2498 wake_up(&qpair->event); 2499 } 2500 qp_unlock(qpair); 2501 2502 return VMCI_SUCCESS; 2503} 2504 2505/* 2506 * Makes the calling thread wait for the queue pair to become 2507 * ready for host side access. Returns true when thread is 2508 * woken up after queue pair state change, false otherwise. 2509 */ 2510static bool qp_wait_for_ready_queue(struct vmci_qp *qpair) 2511{ 2512 unsigned int generation; 2513 2514 qpair->blocked++; 2515 generation = qpair->generation; 2516 qp_unlock(qpair); 2517 wait_event(qpair->event, generation != qpair->generation); 2518 qp_lock(qpair); 2519 2520 return true; 2521} 2522 2523/* 2524 * Enqueues a given buffer to the produce queue using the provided 2525 * function. As many bytes as possible (space available in the queue) 2526 * are enqueued. Assumes the queue->mutex has been acquired. Returns 2527 * VMCI_ERROR_QUEUEPAIR_NOSPACE if no space was available to enqueue 2528 * data, VMCI_ERROR_INVALID_SIZE, if any queue pointer is outside the 2529 * queue (as defined by the queue size), VMCI_ERROR_INVALID_ARGS, if 2530 * an error occured when accessing the buffer, 2531 * VMCI_ERROR_QUEUEPAIR_NOTATTACHED, if the queue pair pages aren't 2532 * available. Otherwise, the number of bytes written to the queue is 2533 * returned. Updates the tail pointer of the produce queue. 2534 */ 2535static ssize_t qp_enqueue_locked(struct vmci_queue *produce_q, 2536 struct vmci_queue *consume_q, 2537 const u64 produce_q_size, 2538 struct iov_iter *from) 2539{ 2540 s64 free_space; 2541 u64 tail; 2542 size_t buf_size = iov_iter_count(from); 2543 size_t written; 2544 ssize_t result; 2545 2546 result = qp_map_queue_headers(produce_q, consume_q); 2547 if (unlikely(result != VMCI_SUCCESS)) 2548 return result; 2549 2550 free_space = vmci_q_header_free_space(produce_q->q_header, 2551 consume_q->q_header, 2552 produce_q_size); 2553 if (free_space == 0) 2554 return VMCI_ERROR_QUEUEPAIR_NOSPACE; 2555 2556 if (free_space < VMCI_SUCCESS) 2557 return (ssize_t) free_space; 2558 2559 written = (size_t) (free_space > buf_size ? buf_size : free_space); 2560 tail = vmci_q_header_producer_tail(produce_q->q_header); 2561 if (likely(tail + written < produce_q_size)) { 2562 result = qp_memcpy_to_queue_iter(produce_q, tail, from, written); 2563 } else { 2564 /* Tail pointer wraps around. */ 2565 2566 const size_t tmp = (size_t) (produce_q_size - tail); 2567 2568 result = qp_memcpy_to_queue_iter(produce_q, tail, from, tmp); 2569 if (result >= VMCI_SUCCESS) 2570 result = qp_memcpy_to_queue_iter(produce_q, 0, from, 2571 written - tmp); 2572 } 2573 2574 if (result < VMCI_SUCCESS) 2575 return result; 2576 2577 vmci_q_header_add_producer_tail(produce_q->q_header, written, 2578 produce_q_size); 2579 return written; 2580} 2581 2582/* 2583 * Dequeues data (if available) from the given consume queue. Writes data 2584 * to the user provided buffer using the provided function. 2585 * Assumes the queue->mutex has been acquired. 2586 * Results: 2587 * VMCI_ERROR_QUEUEPAIR_NODATA if no data was available to dequeue. 2588 * VMCI_ERROR_INVALID_SIZE, if any queue pointer is outside the queue 2589 * (as defined by the queue size). 2590 * VMCI_ERROR_INVALID_ARGS, if an error occured when accessing the buffer. 2591 * Otherwise the number of bytes dequeued is returned. 2592 * Side effects: 2593 * Updates the head pointer of the consume queue. 2594 */ 2595static ssize_t qp_dequeue_locked(struct vmci_queue *produce_q, 2596 struct vmci_queue *consume_q, 2597 const u64 consume_q_size, 2598 struct iov_iter *to, 2599 bool update_consumer) 2600{ 2601 size_t buf_size = iov_iter_count(to); 2602 s64 buf_ready; 2603 u64 head; 2604 size_t read; 2605 ssize_t result; 2606 2607 result = qp_map_queue_headers(produce_q, consume_q); 2608 if (unlikely(result != VMCI_SUCCESS)) 2609 return result; 2610 2611 buf_ready = vmci_q_header_buf_ready(consume_q->q_header, 2612 produce_q->q_header, 2613 consume_q_size); 2614 if (buf_ready == 0) 2615 return VMCI_ERROR_QUEUEPAIR_NODATA; 2616 2617 if (buf_ready < VMCI_SUCCESS) 2618 return (ssize_t) buf_ready; 2619 2620 read = (size_t) (buf_ready > buf_size ? buf_size : buf_ready); 2621 head = vmci_q_header_consumer_head(produce_q->q_header); 2622 if (likely(head + read < consume_q_size)) { 2623 result = qp_memcpy_from_queue_iter(to, consume_q, head, read); 2624 } else { 2625 /* Head pointer wraps around. */ 2626 2627 const size_t tmp = (size_t) (consume_q_size - head); 2628 2629 result = qp_memcpy_from_queue_iter(to, consume_q, head, tmp); 2630 if (result >= VMCI_SUCCESS) 2631 result = qp_memcpy_from_queue_iter(to, consume_q, 0, 2632 read - tmp); 2633 2634 } 2635 2636 if (result < VMCI_SUCCESS) 2637 return result; 2638 2639 if (update_consumer) 2640 vmci_q_header_add_consumer_head(produce_q->q_header, 2641 read, consume_q_size); 2642 2643 return read; 2644} 2645 2646/* 2647 * vmci_qpair_alloc() - Allocates a queue pair. 2648 * @qpair: Pointer for the new vmci_qp struct. 2649 * @handle: Handle to track the resource. 2650 * @produce_qsize: Desired size of the producer queue. 2651 * @consume_qsize: Desired size of the consumer queue. 2652 * @peer: ContextID of the peer. 2653 * @flags: VMCI flags. 2654 * @priv_flags: VMCI priviledge flags. 2655 * 2656 * This is the client interface for allocating the memory for a 2657 * vmci_qp structure and then attaching to the underlying 2658 * queue. If an error occurs allocating the memory for the 2659 * vmci_qp structure no attempt is made to attach. If an 2660 * error occurs attaching, then the structure is freed. 2661 */ 2662int vmci_qpair_alloc(struct vmci_qp **qpair, 2663 struct vmci_handle *handle, 2664 u64 produce_qsize, 2665 u64 consume_qsize, 2666 u32 peer, 2667 u32 flags, 2668 u32 priv_flags) 2669{ 2670 struct vmci_qp *my_qpair; 2671 int retval; 2672 struct vmci_handle src = VMCI_INVALID_HANDLE; 2673 struct vmci_handle dst = vmci_make_handle(peer, VMCI_INVALID_ID); 2674 enum vmci_route route; 2675 vmci_event_release_cb wakeup_cb; 2676 void *client_data; 2677 2678 /* 2679 * Restrict the size of a queuepair. The device already 2680 * enforces a limit on the total amount of memory that can be 2681 * allocated to queuepairs for a guest. However, we try to 2682 * allocate this memory before we make the queuepair 2683 * allocation hypercall. On Linux, we allocate each page 2684 * separately, which means rather than fail, the guest will 2685 * thrash while it tries to allocate, and will become 2686 * increasingly unresponsive to the point where it appears to 2687 * be hung. So we place a limit on the size of an individual 2688 * queuepair here, and leave the device to enforce the 2689 * restriction on total queuepair memory. (Note that this 2690 * doesn't prevent all cases; a user with only this much 2691 * physical memory could still get into trouble.) The error 2692 * used by the device is NO_RESOURCES, so use that here too. 2693 */ 2694 2695 if (produce_qsize + consume_qsize < max(produce_qsize, consume_qsize) || 2696 produce_qsize + consume_qsize > VMCI_MAX_GUEST_QP_MEMORY) 2697 return VMCI_ERROR_NO_RESOURCES; 2698 2699 retval = vmci_route(&src, &dst, false, &route); 2700 if (retval < VMCI_SUCCESS) 2701 route = vmci_guest_code_active() ? 2702 VMCI_ROUTE_AS_GUEST : VMCI_ROUTE_AS_HOST; 2703 2704 if (flags & (VMCI_QPFLAG_NONBLOCK | VMCI_QPFLAG_PINNED)) { 2705 pr_devel("NONBLOCK OR PINNED set"); 2706 return VMCI_ERROR_INVALID_ARGS; 2707 } 2708 2709 my_qpair = kzalloc(sizeof(*my_qpair), GFP_KERNEL); 2710 if (!my_qpair) 2711 return VMCI_ERROR_NO_MEM; 2712 2713 my_qpair->produce_q_size = produce_qsize; 2714 my_qpair->consume_q_size = consume_qsize; 2715 my_qpair->peer = peer; 2716 my_qpair->flags = flags; 2717 my_qpair->priv_flags = priv_flags; 2718 2719 wakeup_cb = NULL; 2720 client_data = NULL; 2721 2722 if (VMCI_ROUTE_AS_HOST == route) { 2723 my_qpair->guest_endpoint = false; 2724 if (!(flags & VMCI_QPFLAG_LOCAL)) { 2725 my_qpair->blocked = 0; 2726 my_qpair->generation = 0; 2727 init_waitqueue_head(&my_qpair->event); 2728 wakeup_cb = qp_wakeup_cb; 2729 client_data = (void *)my_qpair; 2730 } 2731 } else { 2732 my_qpair->guest_endpoint = true; 2733 } 2734 2735 retval = vmci_qp_alloc(handle, 2736 &my_qpair->produce_q, 2737 my_qpair->produce_q_size, 2738 &my_qpair->consume_q, 2739 my_qpair->consume_q_size, 2740 my_qpair->peer, 2741 my_qpair->flags, 2742 my_qpair->priv_flags, 2743 my_qpair->guest_endpoint, 2744 wakeup_cb, client_data); 2745 2746 if (retval < VMCI_SUCCESS) { 2747 kfree(my_qpair); 2748 return retval; 2749 } 2750 2751 *qpair = my_qpair; 2752 my_qpair->handle = *handle; 2753 2754 return retval; 2755} 2756EXPORT_SYMBOL_GPL(vmci_qpair_alloc); 2757 2758/* 2759 * vmci_qpair_detach() - Detatches the client from a queue pair. 2760 * @qpair: Reference of a pointer to the qpair struct. 2761 * 2762 * This is the client interface for detaching from a VMCIQPair. 2763 * Note that this routine will free the memory allocated for the 2764 * vmci_qp structure too. 2765 */ 2766int vmci_qpair_detach(struct vmci_qp **qpair) 2767{ 2768 int result; 2769 struct vmci_qp *old_qpair; 2770 2771 if (!qpair || !(*qpair)) 2772 return VMCI_ERROR_INVALID_ARGS; 2773 2774 old_qpair = *qpair; 2775 result = qp_detatch(old_qpair->handle, old_qpair->guest_endpoint); 2776 2777 /* 2778 * The guest can fail to detach for a number of reasons, and 2779 * if it does so, it will cleanup the entry (if there is one). 2780 * The host can fail too, but it won't cleanup the entry 2781 * immediately, it will do that later when the context is 2782 * freed. Either way, we need to release the qpair struct 2783 * here; there isn't much the caller can do, and we don't want 2784 * to leak. 2785 */ 2786 2787 memset(old_qpair, 0, sizeof(*old_qpair)); 2788 old_qpair->handle = VMCI_INVALID_HANDLE; 2789 old_qpair->peer = VMCI_INVALID_ID; 2790 kfree(old_qpair); 2791 *qpair = NULL; 2792 2793 return result; 2794} 2795EXPORT_SYMBOL_GPL(vmci_qpair_detach); 2796 2797/* 2798 * vmci_qpair_get_produce_indexes() - Retrieves the indexes of the producer. 2799 * @qpair: Pointer to the queue pair struct. 2800 * @producer_tail: Reference used for storing producer tail index. 2801 * @consumer_head: Reference used for storing the consumer head index. 2802 * 2803 * This is the client interface for getting the current indexes of the 2804 * QPair from the point of the view of the caller as the producer. 2805 */ 2806int vmci_qpair_get_produce_indexes(const struct vmci_qp *qpair, 2807 u64 *producer_tail, 2808 u64 *consumer_head) 2809{ 2810 struct vmci_queue_header *produce_q_header; 2811 struct vmci_queue_header *consume_q_header; 2812 int result; 2813 2814 if (!qpair) 2815 return VMCI_ERROR_INVALID_ARGS; 2816 2817 qp_lock(qpair); 2818 result = 2819 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header); 2820 if (result == VMCI_SUCCESS) 2821 vmci_q_header_get_pointers(produce_q_header, consume_q_header, 2822 producer_tail, consumer_head); 2823 qp_unlock(qpair); 2824 2825 if (result == VMCI_SUCCESS && 2826 ((producer_tail && *producer_tail >= qpair->produce_q_size) || 2827 (consumer_head && *consumer_head >= qpair->produce_q_size))) 2828 return VMCI_ERROR_INVALID_SIZE; 2829 2830 return result; 2831} 2832EXPORT_SYMBOL_GPL(vmci_qpair_get_produce_indexes); 2833 2834/* 2835 * vmci_qpair_get_consume_indexes() - Retrieves the indexes of the consumer. 2836 * @qpair: Pointer to the queue pair struct. 2837 * @consumer_tail: Reference used for storing consumer tail index. 2838 * @producer_head: Reference used for storing the producer head index. 2839 * 2840 * This is the client interface for getting the current indexes of the 2841 * QPair from the point of the view of the caller as the consumer. 2842 */ 2843int vmci_qpair_get_consume_indexes(const struct vmci_qp *qpair, 2844 u64 *consumer_tail, 2845 u64 *producer_head) 2846{ 2847 struct vmci_queue_header *produce_q_header; 2848 struct vmci_queue_header *consume_q_header; 2849 int result; 2850 2851 if (!qpair) 2852 return VMCI_ERROR_INVALID_ARGS; 2853 2854 qp_lock(qpair); 2855 result = 2856 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header); 2857 if (result == VMCI_SUCCESS) 2858 vmci_q_header_get_pointers(consume_q_header, produce_q_header, 2859 consumer_tail, producer_head); 2860 qp_unlock(qpair); 2861 2862 if (result == VMCI_SUCCESS && 2863 ((consumer_tail && *consumer_tail >= qpair->consume_q_size) || 2864 (producer_head && *producer_head >= qpair->consume_q_size))) 2865 return VMCI_ERROR_INVALID_SIZE; 2866 2867 return result; 2868} 2869EXPORT_SYMBOL_GPL(vmci_qpair_get_consume_indexes); 2870 2871/* 2872 * vmci_qpair_produce_free_space() - Retrieves free space in producer queue. 2873 * @qpair: Pointer to the queue pair struct. 2874 * 2875 * This is the client interface for getting the amount of free 2876 * space in the QPair from the point of the view of the caller as 2877 * the producer which is the common case. Returns < 0 if err, else 2878 * available bytes into which data can be enqueued if > 0. 2879 */ 2880s64 vmci_qpair_produce_free_space(const struct vmci_qp *qpair) 2881{ 2882 struct vmci_queue_header *produce_q_header; 2883 struct vmci_queue_header *consume_q_header; 2884 s64 result; 2885 2886 if (!qpair) 2887 return VMCI_ERROR_INVALID_ARGS; 2888 2889 qp_lock(qpair); 2890 result = 2891 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header); 2892 if (result == VMCI_SUCCESS) 2893 result = vmci_q_header_free_space(produce_q_header, 2894 consume_q_header, 2895 qpair->produce_q_size); 2896 else 2897 result = 0; 2898 2899 qp_unlock(qpair); 2900 2901 return result; 2902} 2903EXPORT_SYMBOL_GPL(vmci_qpair_produce_free_space); 2904 2905/* 2906 * vmci_qpair_consume_free_space() - Retrieves free space in consumer queue. 2907 * @qpair: Pointer to the queue pair struct. 2908 * 2909 * This is the client interface for getting the amount of free 2910 * space in the QPair from the point of the view of the caller as 2911 * the consumer which is not the common case. Returns < 0 if err, else 2912 * available bytes into which data can be enqueued if > 0. 2913 */ 2914s64 vmci_qpair_consume_free_space(const struct vmci_qp *qpair) 2915{ 2916 struct vmci_queue_header *produce_q_header; 2917 struct vmci_queue_header *consume_q_header; 2918 s64 result; 2919 2920 if (!qpair) 2921 return VMCI_ERROR_INVALID_ARGS; 2922 2923 qp_lock(qpair); 2924 result = 2925 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header); 2926 if (result == VMCI_SUCCESS) 2927 result = vmci_q_header_free_space(consume_q_header, 2928 produce_q_header, 2929 qpair->consume_q_size); 2930 else 2931 result = 0; 2932 2933 qp_unlock(qpair); 2934 2935 return result; 2936} 2937EXPORT_SYMBOL_GPL(vmci_qpair_consume_free_space); 2938 2939/* 2940 * vmci_qpair_produce_buf_ready() - Gets bytes ready to read from 2941 * producer queue. 2942 * @qpair: Pointer to the queue pair struct. 2943 * 2944 * This is the client interface for getting the amount of 2945 * enqueued data in the QPair from the point of the view of the 2946 * caller as the producer which is not the common case. Returns < 0 if err, 2947 * else available bytes that may be read. 2948 */ 2949s64 vmci_qpair_produce_buf_ready(const struct vmci_qp *qpair) 2950{ 2951 struct vmci_queue_header *produce_q_header; 2952 struct vmci_queue_header *consume_q_header; 2953 s64 result; 2954 2955 if (!qpair) 2956 return VMCI_ERROR_INVALID_ARGS; 2957 2958 qp_lock(qpair); 2959 result = 2960 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header); 2961 if (result == VMCI_SUCCESS) 2962 result = vmci_q_header_buf_ready(produce_q_header, 2963 consume_q_header, 2964 qpair->produce_q_size); 2965 else 2966 result = 0; 2967 2968 qp_unlock(qpair); 2969 2970 return result; 2971} 2972EXPORT_SYMBOL_GPL(vmci_qpair_produce_buf_ready); 2973 2974/* 2975 * vmci_qpair_consume_buf_ready() - Gets bytes ready to read from 2976 * consumer queue. 2977 * @qpair: Pointer to the queue pair struct. 2978 * 2979 * This is the client interface for getting the amount of 2980 * enqueued data in the QPair from the point of the view of the 2981 * caller as the consumer which is the normal case. Returns < 0 if err, 2982 * else available bytes that may be read. 2983 */ 2984s64 vmci_qpair_consume_buf_ready(const struct vmci_qp *qpair) 2985{ 2986 struct vmci_queue_header *produce_q_header; 2987 struct vmci_queue_header *consume_q_header; 2988 s64 result; 2989 2990 if (!qpair) 2991 return VMCI_ERROR_INVALID_ARGS; 2992 2993 qp_lock(qpair); 2994 result = 2995 qp_get_queue_headers(qpair, &produce_q_header, &consume_q_header); 2996 if (result == VMCI_SUCCESS) 2997 result = vmci_q_header_buf_ready(consume_q_header, 2998 produce_q_header, 2999 qpair->consume_q_size); 3000 else 3001 result = 0; 3002 3003 qp_unlock(qpair); 3004 3005 return result; 3006} 3007EXPORT_SYMBOL_GPL(vmci_qpair_consume_buf_ready); 3008 3009/* 3010 * vmci_qpair_enqueue() - Throw data on the queue. 3011 * @qpair: Pointer to the queue pair struct. 3012 * @buf: Pointer to buffer containing data 3013 * @buf_size: Length of buffer. 3014 * @buf_type: Buffer type (Unused). 3015 * 3016 * This is the client interface for enqueueing data into the queue. 3017 * Returns number of bytes enqueued or < 0 on error. 3018 */ 3019ssize_t vmci_qpair_enqueue(struct vmci_qp *qpair, 3020 const void *buf, 3021 size_t buf_size, 3022 int buf_type) 3023{ 3024 ssize_t result; 3025 struct iov_iter from; 3026 struct kvec v = {.iov_base = (void *)buf, .iov_len = buf_size}; 3027 3028 if (!qpair || !buf) 3029 return VMCI_ERROR_INVALID_ARGS; 3030 3031 iov_iter_kvec(&from, WRITE, &v, 1, buf_size); 3032 3033 qp_lock(qpair); 3034 3035 do { 3036 result = qp_enqueue_locked(qpair->produce_q, 3037 qpair->consume_q, 3038 qpair->produce_q_size, 3039 &from); 3040 3041 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY && 3042 !qp_wait_for_ready_queue(qpair)) 3043 result = VMCI_ERROR_WOULD_BLOCK; 3044 3045 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY); 3046 3047 qp_unlock(qpair); 3048 3049 return result; 3050} 3051EXPORT_SYMBOL_GPL(vmci_qpair_enqueue); 3052 3053/* 3054 * vmci_qpair_dequeue() - Get data from the queue. 3055 * @qpair: Pointer to the queue pair struct. 3056 * @buf: Pointer to buffer for the data 3057 * @buf_size: Length of buffer. 3058 * @buf_type: Buffer type (Unused). 3059 * 3060 * This is the client interface for dequeueing data from the queue. 3061 * Returns number of bytes dequeued or < 0 on error. 3062 */ 3063ssize_t vmci_qpair_dequeue(struct vmci_qp *qpair, 3064 void *buf, 3065 size_t buf_size, 3066 int buf_type) 3067{ 3068 ssize_t result; 3069 struct iov_iter to; 3070 struct kvec v = {.iov_base = buf, .iov_len = buf_size}; 3071 3072 if (!qpair || !buf) 3073 return VMCI_ERROR_INVALID_ARGS; 3074 3075 iov_iter_kvec(&to, READ, &v, 1, buf_size); 3076 3077 qp_lock(qpair); 3078 3079 do { 3080 result = qp_dequeue_locked(qpair->produce_q, 3081 qpair->consume_q, 3082 qpair->consume_q_size, 3083 &to, true); 3084 3085 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY && 3086 !qp_wait_for_ready_queue(qpair)) 3087 result = VMCI_ERROR_WOULD_BLOCK; 3088 3089 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY); 3090 3091 qp_unlock(qpair); 3092 3093 return result; 3094} 3095EXPORT_SYMBOL_GPL(vmci_qpair_dequeue); 3096 3097/* 3098 * vmci_qpair_peek() - Peek at the data in the queue. 3099 * @qpair: Pointer to the queue pair struct. 3100 * @buf: Pointer to buffer for the data 3101 * @buf_size: Length of buffer. 3102 * @buf_type: Buffer type (Unused on Linux). 3103 * 3104 * This is the client interface for peeking into a queue. (I.e., 3105 * copy data from the queue without updating the head pointer.) 3106 * Returns number of bytes dequeued or < 0 on error. 3107 */ 3108ssize_t vmci_qpair_peek(struct vmci_qp *qpair, 3109 void *buf, 3110 size_t buf_size, 3111 int buf_type) 3112{ 3113 struct iov_iter to; 3114 struct kvec v = {.iov_base = buf, .iov_len = buf_size}; 3115 ssize_t result; 3116 3117 if (!qpair || !buf) 3118 return VMCI_ERROR_INVALID_ARGS; 3119 3120 iov_iter_kvec(&to, READ, &v, 1, buf_size); 3121 3122 qp_lock(qpair); 3123 3124 do { 3125 result = qp_dequeue_locked(qpair->produce_q, 3126 qpair->consume_q, 3127 qpair->consume_q_size, 3128 &to, false); 3129 3130 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY && 3131 !qp_wait_for_ready_queue(qpair)) 3132 result = VMCI_ERROR_WOULD_BLOCK; 3133 3134 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY); 3135 3136 qp_unlock(qpair); 3137 3138 return result; 3139} 3140EXPORT_SYMBOL_GPL(vmci_qpair_peek); 3141 3142/* 3143 * vmci_qpair_enquev() - Throw data on the queue using iov. 3144 * @qpair: Pointer to the queue pair struct. 3145 * @iov: Pointer to buffer containing data 3146 * @iov_size: Length of buffer. 3147 * @buf_type: Buffer type (Unused). 3148 * 3149 * This is the client interface for enqueueing data into the queue. 3150 * This function uses IO vectors to handle the work. Returns number 3151 * of bytes enqueued or < 0 on error. 3152 */ 3153ssize_t vmci_qpair_enquev(struct vmci_qp *qpair, 3154 struct msghdr *msg, 3155 size_t iov_size, 3156 int buf_type) 3157{ 3158 ssize_t result; 3159 3160 if (!qpair) 3161 return VMCI_ERROR_INVALID_ARGS; 3162 3163 qp_lock(qpair); 3164 3165 do { 3166 result = qp_enqueue_locked(qpair->produce_q, 3167 qpair->consume_q, 3168 qpair->produce_q_size, 3169 &msg->msg_iter); 3170 3171 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY && 3172 !qp_wait_for_ready_queue(qpair)) 3173 result = VMCI_ERROR_WOULD_BLOCK; 3174 3175 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY); 3176 3177 qp_unlock(qpair); 3178 3179 return result; 3180} 3181EXPORT_SYMBOL_GPL(vmci_qpair_enquev); 3182 3183/* 3184 * vmci_qpair_dequev() - Get data from the queue using iov. 3185 * @qpair: Pointer to the queue pair struct. 3186 * @iov: Pointer to buffer for the data 3187 * @iov_size: Length of buffer. 3188 * @buf_type: Buffer type (Unused). 3189 * 3190 * This is the client interface for dequeueing data from the queue. 3191 * This function uses IO vectors to handle the work. Returns number 3192 * of bytes dequeued or < 0 on error. 3193 */ 3194ssize_t vmci_qpair_dequev(struct vmci_qp *qpair, 3195 struct msghdr *msg, 3196 size_t iov_size, 3197 int buf_type) 3198{ 3199 ssize_t result; 3200 3201 if (!qpair) 3202 return VMCI_ERROR_INVALID_ARGS; 3203 3204 qp_lock(qpair); 3205 3206 do { 3207 result = qp_dequeue_locked(qpair->produce_q, 3208 qpair->consume_q, 3209 qpair->consume_q_size, 3210 &msg->msg_iter, true); 3211 3212 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY && 3213 !qp_wait_for_ready_queue(qpair)) 3214 result = VMCI_ERROR_WOULD_BLOCK; 3215 3216 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY); 3217 3218 qp_unlock(qpair); 3219 3220 return result; 3221} 3222EXPORT_SYMBOL_GPL(vmci_qpair_dequev); 3223 3224/* 3225 * vmci_qpair_peekv() - Peek at the data in the queue using iov. 3226 * @qpair: Pointer to the queue pair struct. 3227 * @iov: Pointer to buffer for the data 3228 * @iov_size: Length of buffer. 3229 * @buf_type: Buffer type (Unused on Linux). 3230 * 3231 * This is the client interface for peeking into a queue. (I.e., 3232 * copy data from the queue without updating the head pointer.) 3233 * This function uses IO vectors to handle the work. Returns number 3234 * of bytes peeked or < 0 on error. 3235 */ 3236ssize_t vmci_qpair_peekv(struct vmci_qp *qpair, 3237 struct msghdr *msg, 3238 size_t iov_size, 3239 int buf_type) 3240{ 3241 ssize_t result; 3242 3243 if (!qpair) 3244 return VMCI_ERROR_INVALID_ARGS; 3245 3246 qp_lock(qpair); 3247 3248 do { 3249 result = qp_dequeue_locked(qpair->produce_q, 3250 qpair->consume_q, 3251 qpair->consume_q_size, 3252 &msg->msg_iter, false); 3253 3254 if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY && 3255 !qp_wait_for_ready_queue(qpair)) 3256 result = VMCI_ERROR_WOULD_BLOCK; 3257 3258 } while (result == VMCI_ERROR_QUEUEPAIR_NOT_READY); 3259 3260 qp_unlock(qpair); 3261 return result; 3262} 3263EXPORT_SYMBOL_GPL(vmci_qpair_peekv); 3264