hw/sd: fix out-of-bounds check for multi block reads
[qemu/kevin.git] / hw / virtio / vhost-vsock.c
blob5ec1c6a2a2332e5c745b54de5509a16a72ac0c7f
1 /*
2 * Virtio vsock device
4 * Copyright 2015 Red Hat, Inc.
6 * Authors:
7 * Stefan Hajnoczi <stefanha@redhat.com>
9 * This work is licensed under the terms of the GNU GPL, version 2 or
10 * (at your option) any later version. See the COPYING file in the
11 * top-level directory.
14 #include <sys/ioctl.h>
15 #include "qemu/osdep.h"
16 #include "standard-headers/linux/virtio_vsock.h"
17 #include "qapi/error.h"
18 #include "hw/virtio/virtio-bus.h"
19 #include "hw/virtio/virtio-access.h"
20 #include "qemu/error-report.h"
21 #include "hw/virtio/vhost-vsock.h"
22 #include "qemu/iov.h"
23 #include "monitor/monitor.h"
25 enum {
26 VHOST_VSOCK_SAVEVM_VERSION = 0,
28 VHOST_VSOCK_QUEUE_SIZE = 128,
31 static void vhost_vsock_get_config(VirtIODevice *vdev, uint8_t *config)
33 VHostVSock *vsock = VHOST_VSOCK(vdev);
34 struct virtio_vsock_config vsockcfg = {};
36 virtio_stq_p(vdev, &vsockcfg.guest_cid, vsock->conf.guest_cid);
37 memcpy(config, &vsockcfg, sizeof(vsockcfg));
40 static int vhost_vsock_set_guest_cid(VHostVSock *vsock)
42 const VhostOps *vhost_ops = vsock->vhost_dev.vhost_ops;
43 int ret;
45 if (!vhost_ops->vhost_vsock_set_guest_cid) {
46 return -ENOSYS;
49 ret = vhost_ops->vhost_vsock_set_guest_cid(&vsock->vhost_dev,
50 vsock->conf.guest_cid);
51 if (ret < 0) {
52 return -errno;
54 return 0;
57 static int vhost_vsock_set_running(VHostVSock *vsock, int start)
59 const VhostOps *vhost_ops = vsock->vhost_dev.vhost_ops;
60 int ret;
62 if (!vhost_ops->vhost_vsock_set_running) {
63 return -ENOSYS;
66 ret = vhost_ops->vhost_vsock_set_running(&vsock->vhost_dev, start);
67 if (ret < 0) {
68 return -errno;
70 return 0;
73 static void vhost_vsock_start(VirtIODevice *vdev)
75 VHostVSock *vsock = VHOST_VSOCK(vdev);
76 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
77 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
78 int ret;
79 int i;
81 if (!k->set_guest_notifiers) {
82 error_report("binding does not support guest notifiers");
83 return;
86 ret = vhost_dev_enable_notifiers(&vsock->vhost_dev, vdev);
87 if (ret < 0) {
88 error_report("Error enabling host notifiers: %d", -ret);
89 return;
92 ret = k->set_guest_notifiers(qbus->parent, vsock->vhost_dev.nvqs, true);
93 if (ret < 0) {
94 error_report("Error binding guest notifier: %d", -ret);
95 goto err_host_notifiers;
98 vsock->vhost_dev.acked_features = vdev->guest_features;
99 ret = vhost_dev_start(&vsock->vhost_dev, vdev);
100 if (ret < 0) {
101 error_report("Error starting vhost: %d", -ret);
102 goto err_guest_notifiers;
105 ret = vhost_vsock_set_running(vsock, 1);
106 if (ret < 0) {
107 error_report("Error starting vhost vsock: %d", -ret);
108 goto err_dev_start;
111 /* guest_notifier_mask/pending not used yet, so just unmask
112 * everything here. virtio-pci will do the right thing by
113 * enabling/disabling irqfd.
115 for (i = 0; i < vsock->vhost_dev.nvqs; i++) {
116 vhost_virtqueue_mask(&vsock->vhost_dev, vdev, i, false);
119 return;
121 err_dev_start:
122 vhost_dev_stop(&vsock->vhost_dev, vdev);
123 err_guest_notifiers:
124 k->set_guest_notifiers(qbus->parent, vsock->vhost_dev.nvqs, false);
125 err_host_notifiers:
126 vhost_dev_disable_notifiers(&vsock->vhost_dev, vdev);
129 static void vhost_vsock_stop(VirtIODevice *vdev)
131 VHostVSock *vsock = VHOST_VSOCK(vdev);
132 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
133 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
134 int ret;
136 if (!k->set_guest_notifiers) {
137 return;
140 ret = vhost_vsock_set_running(vsock, 0);
141 if (ret < 0) {
142 error_report("vhost vsock set running failed: %d", ret);
143 return;
146 vhost_dev_stop(&vsock->vhost_dev, vdev);
148 ret = k->set_guest_notifiers(qbus->parent, vsock->vhost_dev.nvqs, false);
149 if (ret < 0) {
150 error_report("vhost guest notifier cleanup failed: %d", ret);
151 return;
154 vhost_dev_disable_notifiers(&vsock->vhost_dev, vdev);
157 static void vhost_vsock_set_status(VirtIODevice *vdev, uint8_t status)
159 VHostVSock *vsock = VHOST_VSOCK(vdev);
160 bool should_start = status & VIRTIO_CONFIG_S_DRIVER_OK;
162 if (!vdev->vm_running) {
163 should_start = false;
166 if (vsock->vhost_dev.started == should_start) {
167 return;
170 if (should_start) {
171 vhost_vsock_start(vdev);
172 } else {
173 vhost_vsock_stop(vdev);
177 static uint64_t vhost_vsock_get_features(VirtIODevice *vdev,
178 uint64_t requested_features,
179 Error **errp)
181 /* No feature bits used yet */
182 return requested_features;
185 static void vhost_vsock_handle_output(VirtIODevice *vdev, VirtQueue *vq)
187 /* Do nothing */
190 static void vhost_vsock_guest_notifier_mask(VirtIODevice *vdev, int idx,
191 bool mask)
193 VHostVSock *vsock = VHOST_VSOCK(vdev);
195 vhost_virtqueue_mask(&vsock->vhost_dev, vdev, idx, mask);
198 static bool vhost_vsock_guest_notifier_pending(VirtIODevice *vdev, int idx)
200 VHostVSock *vsock = VHOST_VSOCK(vdev);
202 return vhost_virtqueue_pending(&vsock->vhost_dev, idx);
205 static void vhost_vsock_send_transport_reset(VHostVSock *vsock)
207 VirtQueueElement *elem;
208 VirtQueue *vq = vsock->event_vq;
209 struct virtio_vsock_event event = {
210 .id = cpu_to_le32(VIRTIO_VSOCK_EVENT_TRANSPORT_RESET),
213 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
214 if (!elem) {
215 error_report("vhost-vsock missed transport reset event");
216 return;
219 if (elem->out_num) {
220 error_report("invalid vhost-vsock event virtqueue element with "
221 "out buffers");
222 goto out;
225 if (iov_from_buf(elem->in_sg, elem->in_num, 0,
226 &event, sizeof(event)) != sizeof(event)) {
227 error_report("vhost-vsock event virtqueue element is too short");
228 goto out;
231 virtqueue_push(vq, elem, sizeof(event));
232 virtio_notify(VIRTIO_DEVICE(vsock), vq);
234 out:
235 g_free(elem);
238 static void vhost_vsock_post_load_timer_cleanup(VHostVSock *vsock)
240 if (!vsock->post_load_timer) {
241 return;
244 timer_del(vsock->post_load_timer);
245 timer_free(vsock->post_load_timer);
246 vsock->post_load_timer = NULL;
249 static void vhost_vsock_post_load_timer_cb(void *opaque)
251 VHostVSock *vsock = opaque;
253 vhost_vsock_post_load_timer_cleanup(vsock);
254 vhost_vsock_send_transport_reset(vsock);
257 static int vhost_vsock_pre_save(void *opaque)
259 VHostVSock *vsock = opaque;
261 /* At this point, backend must be stopped, otherwise
262 * it might keep writing to memory. */
263 assert(!vsock->vhost_dev.started);
265 return 0;
268 static int vhost_vsock_post_load(void *opaque, int version_id)
270 VHostVSock *vsock = opaque;
271 VirtIODevice *vdev = VIRTIO_DEVICE(vsock);
273 if (virtio_queue_get_addr(vdev, 2)) {
274 /* Defer transport reset event to a vm clock timer so that virtqueue
275 * changes happen after migration has completed.
277 assert(!vsock->post_load_timer);
278 vsock->post_load_timer =
279 timer_new_ns(QEMU_CLOCK_VIRTUAL,
280 vhost_vsock_post_load_timer_cb,
281 vsock);
282 timer_mod(vsock->post_load_timer, 1);
284 return 0;
287 static const VMStateDescription vmstate_virtio_vhost_vsock = {
288 .name = "virtio-vhost_vsock",
289 .minimum_version_id = VHOST_VSOCK_SAVEVM_VERSION,
290 .version_id = VHOST_VSOCK_SAVEVM_VERSION,
291 .fields = (VMStateField[]) {
292 VMSTATE_VIRTIO_DEVICE,
293 VMSTATE_END_OF_LIST()
295 .pre_save = vhost_vsock_pre_save,
296 .post_load = vhost_vsock_post_load,
299 static void vhost_vsock_device_realize(DeviceState *dev, Error **errp)
301 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
302 VHostVSock *vsock = VHOST_VSOCK(dev);
303 int vhostfd;
304 int ret;
306 /* Refuse to use reserved CID numbers */
307 if (vsock->conf.guest_cid <= 2) {
308 error_setg(errp, "guest-cid property must be greater than 2");
309 return;
312 if (vsock->conf.guest_cid > UINT32_MAX) {
313 error_setg(errp, "guest-cid property must be a 32-bit number");
314 return;
317 if (vsock->conf.vhostfd) {
318 vhostfd = monitor_fd_param(cur_mon, vsock->conf.vhostfd, errp);
319 if (vhostfd == -1) {
320 error_prepend(errp, "vhost-vsock: unable to parse vhostfd: ");
321 return;
323 } else {
324 vhostfd = open("/dev/vhost-vsock", O_RDWR);
325 if (vhostfd < 0) {
326 error_setg_errno(errp, -errno,
327 "vhost-vsock: failed to open vhost device");
328 return;
332 virtio_init(vdev, "vhost-vsock", VIRTIO_ID_VSOCK,
333 sizeof(struct virtio_vsock_config));
335 /* Receive and transmit queues belong to vhost */
336 virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE, vhost_vsock_handle_output);
337 virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE, vhost_vsock_handle_output);
339 /* The event queue belongs to QEMU */
340 vsock->event_vq = virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE,
341 vhost_vsock_handle_output);
343 vsock->vhost_dev.nvqs = ARRAY_SIZE(vsock->vhost_vqs);
344 vsock->vhost_dev.vqs = vsock->vhost_vqs;
345 ret = vhost_dev_init(&vsock->vhost_dev, (void *)(uintptr_t)vhostfd,
346 VHOST_BACKEND_TYPE_KERNEL, 0);
347 if (ret < 0) {
348 error_setg_errno(errp, -ret, "vhost-vsock: vhost_dev_init failed");
349 goto err_virtio;
352 ret = vhost_vsock_set_guest_cid(vsock);
353 if (ret < 0) {
354 error_setg_errno(errp, -ret, "vhost-vsock: unable to set guest cid");
355 goto err_vhost_dev;
358 vsock->post_load_timer = NULL;
359 return;
361 err_vhost_dev:
362 vhost_dev_cleanup(&vsock->vhost_dev);
363 err_virtio:
364 virtio_cleanup(vdev);
365 close(vhostfd);
366 return;
369 static void vhost_vsock_device_unrealize(DeviceState *dev, Error **errp)
371 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
372 VHostVSock *vsock = VHOST_VSOCK(dev);
374 vhost_vsock_post_load_timer_cleanup(vsock);
376 /* This will stop vhost backend if appropriate. */
377 vhost_vsock_set_status(vdev, 0);
379 vhost_dev_cleanup(&vsock->vhost_dev);
380 virtio_cleanup(vdev);
383 static Property vhost_vsock_properties[] = {
384 DEFINE_PROP_UINT64("guest-cid", VHostVSock, conf.guest_cid, 0),
385 DEFINE_PROP_STRING("vhostfd", VHostVSock, conf.vhostfd),
386 DEFINE_PROP_END_OF_LIST(),
389 static void vhost_vsock_class_init(ObjectClass *klass, void *data)
391 DeviceClass *dc = DEVICE_CLASS(klass);
392 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
394 dc->props = vhost_vsock_properties;
395 dc->vmsd = &vmstate_virtio_vhost_vsock;
396 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
397 vdc->realize = vhost_vsock_device_realize;
398 vdc->unrealize = vhost_vsock_device_unrealize;
399 vdc->get_features = vhost_vsock_get_features;
400 vdc->get_config = vhost_vsock_get_config;
401 vdc->set_status = vhost_vsock_set_status;
402 vdc->guest_notifier_mask = vhost_vsock_guest_notifier_mask;
403 vdc->guest_notifier_pending = vhost_vsock_guest_notifier_pending;
406 static const TypeInfo vhost_vsock_info = {
407 .name = TYPE_VHOST_VSOCK,
408 .parent = TYPE_VIRTIO_DEVICE,
409 .instance_size = sizeof(VHostVSock),
410 .class_init = vhost_vsock_class_init,
413 static void vhost_vsock_register_types(void)
415 type_register_static(&vhost_vsock_info);
418 type_init(vhost_vsock_register_types)