diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-03-01 18:46:41 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-03-01 18:46:41 +0000 |
| commit | 427cbc7e4136a061628cb4315cc8182ea36d772f (patch) | |
| tree | ccbdf5985d6e2b20f6e7310a8b776824362fc9cf | |
| parent | 0dc8ae5e8e693737dfe65ba02d0c6eccb58a9c67 (diff) | |
| parent | 0a9b9be9eb40055d2d1bb5b8fc4d4faefecb22c3 (diff) | |
| download | qemu-427cbc7e4136a061628cb4315cc8182ea36d772f.tar.gz | |
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,vhost,pci,pc: features, fixes and cleanups
- documentation updates
- vhost fixes
- new crypto vhost device
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 01 Mar 2018 16:27:25 GMT
# gpg: using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
cryptodev-vhost-user: set the key length
cryptodev-vhost-user: add crypto session handler
cryptodev: add vhost support
cryptodev: add vhost-user as a new cryptodev backend
docs/vmcoreinfo: detail unsupported host format behaviour
vhost: fix incorrect check in vhost_verify_ring_mappings
vhost: avoid to start/stop virtqueue which is not ready
vhost: fix memslot limit check
docs: pcie: Spell out machine type needs for PCIe features
docs: document virtio-balloon stats
intel-iommu: Accept 64-bit writes to FEADDR
virtio-pci: trivial fixes in error message
vhost-user: fix memory leak
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | backends/Makefile.objs | 6 | ||||
| -rw-r--r-- | backends/cryptodev-builtin.c | 1 | ||||
| -rw-r--r-- | backends/cryptodev-vhost-user.c | 377 | ||||
| -rw-r--r-- | backends/cryptodev-vhost.c | 347 | ||||
| -rwxr-xr-x | configure | 15 | ||||
| -rw-r--r-- | docs/interop/vhost-user.txt | 26 | ||||
| -rw-r--r-- | docs/pcie.txt | 9 | ||||
| -rw-r--r-- | docs/specs/vmcoreinfo.txt | 4 | ||||
| -rw-r--r-- | docs/virtio-balloon-stats.txt | 2 | ||||
| -rw-r--r-- | hw/i386/intel_iommu.c | 11 | ||||
| -rw-r--r-- | hw/virtio/vhost-user.c | 104 | ||||
| -rw-r--r-- | hw/virtio/vhost.c | 41 | ||||
| -rw-r--r-- | hw/virtio/virtio-crypto.c | 70 | ||||
| -rw-r--r-- | hw/virtio/virtio-pci.c | 2 | ||||
| -rw-r--r-- | include/hw/virtio/vhost-backend.h | 8 | ||||
| -rw-r--r-- | include/hw/virtio/virtio-crypto.h | 1 | ||||
| -rw-r--r-- | include/sysemu/cryptodev-vhost-user.h | 47 | ||||
| -rw-r--r-- | include/sysemu/cryptodev-vhost.h | 154 | ||||
| -rw-r--r-- | include/sysemu/cryptodev.h | 8 | ||||
| -rw-r--r-- | net/vhost-user.c | 1 | ||||
| -rw-r--r-- | qemu-options.hx | 21 | ||||
| -rw-r--r-- | vl.c | 6 |
22 files changed, 1246 insertions, 15 deletions
diff --git a/backends/Makefile.objs b/backends/Makefile.objs index 67eeeba5fce..ad7c0325eda 100644 --- a/backends/Makefile.objs +++ b/backends/Makefile.objs @@ -9,4 +9,10 @@ common-obj-$(CONFIG_LINUX) += hostmem-file.o common-obj-y += cryptodev.o common-obj-y += cryptodev-builtin.o +ifeq ($(CONFIG_VIRTIO),y) +common-obj-y += cryptodev-vhost.o +common-obj-$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX)) += \ + cryptodev-vhost-user.o +endif + common-obj-$(CONFIG_LINUX) += hostmem-memfd.o diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index 657c0ba2f3e..9fb0bd57a6d 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -78,6 +78,7 @@ static void cryptodev_builtin_init( "cryptodev-builtin", NULL); cc->info_str = g_strdup_printf("cryptodev-builtin0"); cc->queue_index = 0; + cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN; backend->conf.peers.ccs[0] = cc; backend->conf.crypto_services = diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c new file mode 100644 index 00000000000..862d4f25801 --- /dev/null +++ b/backends/cryptodev-vhost-user.c @@ -0,0 +1,377 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "hw/boards.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "standard-headers/linux/virtio_crypto.h" +#include "sysemu/cryptodev-vhost.h" +#include "chardev/char-fe.h" +#include "sysemu/cryptodev-vhost-user.h" + + +/** + * @TYPE_CRYPTODEV_BACKEND_VHOST_USER: + * name of backend that uses vhost user server + */ +#define TYPE_CRYPTODEV_BACKEND_VHOST_USER "cryptodev-vhost-user" + +#define CRYPTODEV_BACKEND_VHOST_USER(obj) \ + OBJECT_CHECK(CryptoDevBackendVhostUser, \ + (obj), TYPE_CRYPTODEV_BACKEND_VHOST_USER) + + +typedef struct CryptoDevBackendVhostUser { + CryptoDevBackend parent_obj; + + CharBackend chr; + char *chr_name; + bool opened; + CryptoDevBackendVhost *vhost_crypto[MAX_CRYPTO_QUEUE_NUM]; +} CryptoDevBackendVhostUser; + +static int +cryptodev_vhost_user_running( + CryptoDevBackendVhost *crypto) +{ + return crypto ? 1 : 0; +} + +CryptoDevBackendVhost * +cryptodev_vhost_user_get_vhost( + CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(b); + assert(cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER); + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + return s->vhost_crypto[queue]; +} + +static void cryptodev_vhost_user_stop(int queues, + CryptoDevBackendVhostUser *s) +{ + size_t i; + + for (i = 0; i < queues; i++) { + if (!cryptodev_vhost_user_running(s->vhost_crypto[i])) { + continue; + } + + cryptodev_vhost_cleanup(s->vhost_crypto[i]); + s->vhost_crypto[i] = NULL; + } +} + +static int +cryptodev_vhost_user_start(int queues, + CryptoDevBackendVhostUser *s) +{ + CryptoDevBackendVhostOptions options; + CryptoDevBackend *b = CRYPTODEV_BACKEND(s); + int max_queues; + size_t i; + + for (i = 0; i < queues; i++) { + if (cryptodev_vhost_user_running(s->vhost_crypto[i])) { + continue; + } + + options.opaque = &s->chr; + options.backend_type = VHOST_BACKEND_TYPE_USER; + options.cc = b->conf.peers.ccs[i]; + s->vhost_crypto[i] = cryptodev_vhost_init(&options); + if (!s->vhost_crypto[i]) { + error_report("failed to init vhost_crypto for queue %zu", i); + goto err; + } + + if (i == 0) { + max_queues = + cryptodev_vhost_get_max_queues(s->vhost_crypto[i]); + if (queues > max_queues) { + error_report("you are asking more queues than supported: %d", + max_queues); + goto err; + } + } + } + + return 0; + +err: + cryptodev_vhost_user_stop(i + 1, s); + return -1; +} + +static Chardev * +cryptodev_vhost_claim_chardev(CryptoDevBackendVhostUser *s, + Error **errp) +{ + Chardev *chr; + + if (s->chr_name == NULL) { + error_setg(errp, QERR_INVALID_PARAMETER_VALUE, + "chardev", "a valid character device"); + return NULL; + } + + chr = qemu_chr_find(s->chr_name); + if (chr == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Device '%s' not found", s->chr_name); + return NULL; + } + + return chr; +} + +static void cryptodev_vhost_user_event(void *opaque, int event) +{ + CryptoDevBackendVhostUser *s = opaque; + CryptoDevBackend *b = CRYPTODEV_BACKEND(s); + Error *err = NULL; + int queues = b->conf.peers.queues; + + assert(queues < MAX_CRYPTO_QUEUE_NUM); + + switch (event) { + case CHR_EVENT_OPENED: + if (cryptodev_vhost_user_start(queues, s) < 0) { + exit(1); + } + b->ready = true; + break; + case CHR_EVENT_CLOSED: + b->ready = false; + cryptodev_vhost_user_stop(queues, s); + break; + } + + if (err) { + error_report_err(err); + } +} + +static void cryptodev_vhost_user_init( + CryptoDevBackend *backend, Error **errp) +{ + int queues = backend->conf.peers.queues; + size_t i; + Error *local_err = NULL; + Chardev *chr; + CryptoDevBackendClient *cc; + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(backend); + + chr = cryptodev_vhost_claim_chardev(s, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + s->opened = true; + + for (i = 0; i < queues; i++) { + cc = cryptodev_backend_new_client( + "cryptodev-vhost-user", NULL); + cc->info_str = g_strdup_printf("cryptodev-vhost-user%zu to %s ", + i, chr->label); + cc->queue_index = i; + cc->type = CRYPTODEV_BACKEND_TYPE_VHOST_USER; + + backend->conf.peers.ccs[i] = cc; + + if (i == 0) { + if (!qemu_chr_fe_init(&s->chr, chr, &local_err)) { + error_propagate(errp, local_err); + return; + } + } + } + + qemu_chr_fe_set_handlers(&s->chr, NULL, NULL, + cryptodev_vhost_user_event, NULL, s, NULL, true); + + backend->conf.crypto_services = + 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | + 1u << VIRTIO_CRYPTO_SERVICE_HASH | + 1u << VIRTIO_CRYPTO_SERVICE_MAC; + backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; + backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; + + backend->conf.max_size = UINT64_MAX; + backend->conf.max_cipher_key_len = VHOST_USER_MAX_CIPHER_KEY_LEN; + backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN; +} + +static int64_t cryptodev_vhost_user_sym_create_session( + CryptoDevBackend *backend, + CryptoDevBackendSymSessionInfo *sess_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClient *cc = + backend->conf.peers.ccs[queue_index]; + CryptoDevBackendVhost *vhost_crypto; + uint64_t session_id = 0; + int ret; + + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index); + if (vhost_crypto) { + struct vhost_dev *dev = &(vhost_crypto->dev); + ret = dev->vhost_ops->vhost_crypto_create_session(dev, + sess_info, + &session_id); + if (ret < 0) { + return -1; + } else { + return session_id; + } + } + return -1; +} + +static int cryptodev_vhost_user_sym_close_session( + CryptoDevBackend *backend, + uint64_t session_id, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClient *cc = + backend->conf.peers.ccs[queue_index]; + CryptoDevBackendVhost *vhost_crypto; + int ret; + + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index); + if (vhost_crypto) { + struct vhost_dev *dev = &(vhost_crypto->dev); + ret = dev->vhost_ops->vhost_crypto_close_session(dev, + session_id); + if (ret < 0) { + return -1; + } else { + return 0; + } + } + return -1; +} + +static void cryptodev_vhost_user_cleanup( + CryptoDevBackend *backend, + Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(backend); + size_t i; + int queues = backend->conf.peers.queues; + CryptoDevBackendClient *cc; + + cryptodev_vhost_user_stop(queues, s); + + for (i = 0; i < queues; i++) { + cc = backend->conf.peers.ccs[i]; + if (cc) { + cryptodev_backend_free_client(cc); + backend->conf.peers.ccs[i] = NULL; + } + } +} + +static void cryptodev_vhost_user_set_chardev(Object *obj, + const char *value, Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + + if (s->opened) { + error_setg(errp, QERR_PERMISSION_DENIED); + } else { + g_free(s->chr_name); + s->chr_name = g_strdup(value); + } +} + +static char * +cryptodev_vhost_user_get_chardev(Object *obj, Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + Chardev *chr = qemu_chr_fe_get_driver(&s->chr); + + if (chr && chr->label) { + return g_strdup(chr->label); + } + + return NULL; +} + +static void cryptodev_vhost_user_instance_int(Object *obj) +{ + object_property_add_str(obj, "chardev", + cryptodev_vhost_user_get_chardev, + cryptodev_vhost_user_set_chardev, + NULL); +} + +static void cryptodev_vhost_user_finalize(Object *obj) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + + qemu_chr_fe_deinit(&s->chr, false); + + g_free(s->chr_name); +} + +static void +cryptodev_vhost_user_class_init(ObjectClass *oc, void *data) +{ + CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); + + bc->init = cryptodev_vhost_user_init; + bc->cleanup = cryptodev_vhost_user_cleanup; + bc->create_session = cryptodev_vhost_user_sym_create_session; + bc->close_session = cryptodev_vhost_user_sym_close_session; + bc->do_sym_op = NULL; +} + +static const TypeInfo cryptodev_vhost_user_info = { + .name = TYPE_CRYPTODEV_BACKEND_VHOST_USER, + .parent = TYPE_CRYPTODEV_BACKEND, + .class_init = cryptodev_vhost_user_class_init, + .instance_init = cryptodev_vhost_user_instance_int, + .instance_finalize = cryptodev_vhost_user_finalize, + .instance_size = sizeof(CryptoDevBackendVhostUser), +}; + +static void +cryptodev_vhost_user_register_types(void) +{ + type_register_static(&cryptodev_vhost_user_info); +} + +type_init(cryptodev_vhost_user_register_types); diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c new file mode 100644 index 00000000000..8337c9a495f --- /dev/null +++ b/backends/cryptodev-vhost.c @@ -0,0 +1,347 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * Jay Zhou <jianjay.zhou@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "hw/virtio/virtio-bus.h" +#include "sysemu/cryptodev-vhost.h" + +#ifdef CONFIG_VHOST_CRYPTO +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "hw/virtio/virtio-crypto.h" +#include "sysemu/cryptodev-vhost-user.h" + +uint64_t +cryptodev_vhost_get_max_queues( + CryptoDevBackendVhost *crypto) +{ + return crypto->dev.max_queues; +} + +void cryptodev_vhost_cleanup(CryptoDevBackendVhost *crypto) +{ + vhost_dev_cleanup(&crypto->dev); + g_free(crypto); +} + +struct CryptoDevBackendVhost * +cryptodev_vhost_init( + CryptoDevBackendVhostOptions *options) +{ + int r; + CryptoDevBackendVhost *crypto; + + crypto = g_new(CryptoDevBackendVhost, 1); + crypto->dev.max_queues = 1; + crypto->dev.nvqs = 1; + crypto->dev.vqs = crypto->vqs; + + crypto->cc = options->cc; + + crypto->dev.protocol_features = 0; + crypto->backend = -1; + + /* vhost-user needs vq_index to initiate a specific queue pair */ + crypto->dev.vq_index = crypto->cc->queue_index * crypto->dev.nvqs; + + r = vhost_dev_init(&crypto->dev, options->opaque, options->backend_type, 0); + if (r < 0) { + goto fail; + } + + return crypto; +fail: + g_free(crypto); + return NULL; +} + +static int +cryptodev_vhost_start_one(CryptoDevBackendVhost *crypto, + VirtIODevice *dev) +{ + int r; + + crypto->dev.nvqs = 1; + crypto->dev.vqs = crypto->vqs; + + r = vhost_dev_enable_notifiers(&crypto->dev, dev); + if (r < 0) { + goto fail_notifiers; + } + + r = vhost_dev_start(&crypto->dev, dev); + if (r < 0) { + goto fail_start; + } + + return 0; + +fail_start: + vhost_dev_disable_notifiers(&crypto->dev, dev); +fail_notifiers: + return r; +} + +static void +cryptodev_vhost_stop_one(CryptoDevBackendVhost *crypto, + VirtIODevice *dev) +{ + vhost_dev_stop(&crypto->dev, dev); + vhost_dev_disable_notifiers(&crypto->dev, dev); +} + +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + CryptoDevBackendVhost *vhost_crypto = NULL; + + if (!cc) { + return NULL; + } + + switch (cc->type) { +#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) + case CRYPTODEV_BACKEND_TYPE_VHOST_USER: + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, b, queue); + break; +#endif + default: + break; + } + + return vhost_crypto; +} + +static void +cryptodev_vhost_set_vq_index(CryptoDevBackendVhost *crypto, + int vq_index) +{ + crypto->dev.vq_index = vq_index; +} + +static int +vhost_set_vring_enable(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue, int enable) +{ + CryptoDevBackendVhost *crypto = + cryptodev_get_vhost(cc, b, queue); + const VhostOps *vhost_ops; + + cc->vring_enable = enable; + + if (!crypto) { + return 0; + } + + vhost_ops = crypto->dev.vhost_ops; + if (vhost_ops->vhost_set_vring_enable) { + return vhost_ops->vhost_set_vring_enable(&crypto->dev, enable); + } + + return 0; +} + +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev))); + VirtioBusState *vbus = VIRTIO_BUS(qbus); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus); + int r, e; + int i; + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + if (!k->set_guest_notifiers) { + error_report("binding does not support guest notifiers"); + return -ENOSYS; + } + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_set_vq_index(vhost_crypto, i); + + /* Suppress the masking guest notifiers on vhost user + * because vhost user doesn't interrupt masking/unmasking + * properly. + */ + if (cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER) { + dev->use_guest_notifier_mask = false; + } + } + + r = k->set_guest_notifiers(qbus->parent, total_queues, true); + if (r < 0) { + error_report("error binding guest notifier: %d", -r); + goto err; + } + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + r = cryptodev_vhost_start_one(vhost_crypto, dev); + + if (r < 0) { + goto err_start; + } + + if (cc->vring_enable) { + /* restore vring enable state */ + r = vhost_set_vring_enable(cc, b, i, cc->vring_enable); + + if (r < 0) { + goto err_start; + } + } + } + + return 0; + +err_start: + while (--i >= 0) { + cc = b->conf.peers.ccs[i]; + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_stop_one(vhost_crypto, dev); + } + e = k->set_guest_notifiers(qbus->parent, total_queues, false); + if (e < 0) { + error_report("vhost guest notifier cleanup failed: %d", e); + } +err: + return r; +} + +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues) +{ + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev))); + VirtioBusState *vbus = VIRTIO_BUS(qbus); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus); + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + size_t i; + int r; + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_stop_one(vhost_crypto, dev); + } + + r = k->set_guest_notifiers(qbus->parent, total_queues, false); + if (r < 0) { + error_report("vhost guest notifier cleanup failed: %d", r); + } + assert(r >= 0); +} + +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + cc = b->conf.peers.ccs[queue]; + vhost_crypto = cryptodev_get_vhost(cc, b, queue); + + vhost_virtqueue_mask(&vhost_crypto->dev, dev, idx, mask); +} + +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + cc = b->conf.peers.ccs[queue]; + vhost_crypto = cryptodev_get_vhost(cc, b, queue); + + return vhost_virtqueue_pending(&vhost_crypto->dev, idx); +} + +#else +uint64_t +cryptodev_vhost_get_max_queues(CryptoDevBackendVhost *crypto) +{ + return 0; +} + +void cryptodev_vhost_cleanup(CryptoDevBackendVhost *crypto) +{ +} + +struct CryptoDevBackendVhost * +cryptodev_vhost_init(CryptoDevBackendVhostOptions *options) +{ + return NULL; +} + +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + return NULL; +} + +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues) +{ + return -1; +} + +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues) +{ +} + +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask) +{ +} + +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx) +{ + return false; +} +#endif diff --git a/configure b/configure index 39f3a430016..00c4b63cfa5 100755 --- a/configure +++ b/configure @@ -344,6 +344,7 @@ xfs="" tcg="yes" vhost_net="no" +vhost_crypto="no" vhost_scsi="no" vhost_vsock="no" vhost_user="" @@ -813,6 +814,7 @@ Linux) linux_user="yes" kvm="yes" vhost_net="yes" + vhost_crypto="yes" vhost_scsi="yes" vhost_vsock="yes" QEMU_INCLUDES="-I\$(SRC_PATH)/linux-headers -I$(pwd)/linux-headers $QEMU_INCLUDES" @@ -1183,6 +1185,14 @@ for opt do ;; --enable-vhost-net) vhost_net="yes" ;; + --disable-vhost-crypto) vhost_crypto="no" + ;; + --enable-vhost-crypto) + vhost_crypto="yes" + if test "$mingw32" = "yes"; then + error_exit "vhost-crypto isn't available on win32" + fi + ;; --disable-vhost-scsi) vhost_scsi="no" ;; --enable-vhost-scsi) vhost_scsi="yes" @@ -1580,6 +1590,7 @@ disabled with --disable-FEATURE, default is enabled if available: cap-ng libcap-ng support attr attr and xattr support vhost-net vhost-net acceleration support + vhost-crypto vhost-crypto acceleration support spice spice rbd rados block device (rbd) libiscsi iscsi support @@ -5771,6 +5782,7 @@ echo "posix_madvise $posix_madvise" echo "posix_memalign $posix_memalign" echo "libcap-ng support $cap_ng" echo "vhost-net support $vhost_net" +echo "vhost-crypto support $vhost_crypto" echo "vhost-scsi support $vhost_scsi" echo "vhost-vsock support $vhost_vsock" echo "vhost-user support $vhost_user" @@ -6216,6 +6228,9 @@ fi if test "$vhost_net" = "yes" -a "$vhost_user" = "yes"; then echo "CONFIG_VHOST_NET_USED=y" >> $config_host_mak fi +if test "$vhost_crypto" = "yes" ; then + echo "CONFIG_VHOST_CRYPTO=y" >> $config_host_mak +fi if test "$vhost_vsock" = "yes" ; then echo "CONFIG_VHOST_VSOCK=y" >> $config_host_mak fi diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt index 9fcf48d6113..cb3a7595aaf 100644 --- a/docs/interop/vhost-user.txt +++ b/docs/interop/vhost-user.txt @@ -368,6 +368,7 @@ Protocol features #define VHOST_USER_PROTOCOL_F_MTU 4 #define VHOST_USER_PROTOCOL_F_SLAVE_REQ 5 #define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN 6 +#define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7 Master message types -------------------- @@ -663,6 +664,31 @@ Master message types field, and slaves MUST NOT accept SET_CONFIG for read-only configuration space fields unless the live migration bit is set. +* VHOST_USER_CREATE_CRYPTO_SESSION + + Id: 26 + Equivalent ioctl: N/A + Master payload: crypto session description + Slave payload: crypto session description + + Create a session for crypto operation. The server side must return the + session id, 0 or positive for success, negative for failure. + This request should be sent only when VHOST_USER_PROTOCOL_F_CRYPTO_SESSION + feature has been successfully negotiated. + It's a required feature for crypto devices. + +* VHOST_USER_CLOSE_CRYPTO_SESSION + + Id: 27 + Equivalent ioctl: N/A + Master payload: u64 + + Close a session for crypto operation which was previously + created by VHOST_USER_CREATE_CRYPTO_SESSION. + This request should be sent only when VHOST_USER_PROTOCOL_F_CRYPTO_SESSION + feature has been successfully negotiated. + It's a required feature for crypto devices. + Slave message types ------------------- diff --git a/docs/pcie.txt b/docs/pcie.txt index 8d3694970ea..89e35020752 100644 --- a/docs/pcie.txt +++ b/docs/pcie.txt @@ -3,8 +3,13 @@ PCI EXPRESS GUIDELINES 1. Introduction ================ -The doc proposes best practices on how to use PCI Express/PCI device -in PCI Express based machines and explains the reasoning behind them. +The doc proposes best practices on how to use PCI Express (PCIe) / PCI +devices in PCI Express based machines and explains the reasoning behind +them. + +Note that the PCIe features are available only when using the 'q35' +machine type on x86 architecture and the 'virt' machine type on AArch64. +Other machine types do not use PCIe at this time. The following presentations accompany this document: (1) Q35 overview. diff --git a/docs/specs/vmcoreinfo.txt b/docs/specs/vmcoreinfo.txt index 821261067f8..bcbca6fe47c 100644 --- a/docs/specs/vmcoreinfo.txt +++ b/docs/specs/vmcoreinfo.txt @@ -29,6 +29,10 @@ processing of entry values. A write of 0 in guest_format will disable further processing of vmcoreinfo entry values & content. +You may write a guest_format that is not supported by the host, in +which case the entry data can be ignored by qemu (but you may still +access it through a debugger, via vmcoreinfo_realize::vmcoreinfo_state). + Format & content **************** diff --git a/docs/virtio-balloon-stats.txt b/docs/virtio-balloon-stats.txt index edff5f22a8b..7a66d25da5f 100644 --- a/docs/virtio-balloon-stats.txt +++ b/docs/virtio-balloon-stats.txt @@ -32,6 +32,8 @@ which will return a dictionary containing: - stat-minor-faults - stat-free-memory - stat-total-memory + - stat-available-memory + - stat-disk-caches o A key named last-update, which contains the last stats update timestamp in seconds. Since this timestamp is generated by the host, diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 2e841cde277..fb31de94164 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -2129,8 +2129,15 @@ static void vtd_mem_write(void *opaque, hwaddr addr, /* Fault Event Address Register, 32-bit */ case DMAR_FEADDR_REG: - assert(size == 4); - vtd_set_long(s, addr, val); + if (size == 4) { + vtd_set_long(s, addr, val); + } else { + /* + * While the register is 32-bit only, some guests (Xen...) write to + * it with 64-bit. + */ + vtd_set_quad(s, addr, val); + } break; /* Fault Event Upper Address Register, 32-bit */ diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 6eb97980ad8..41ff5cff41d 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -17,6 +17,7 @@ #include "sysemu/kvm.h" #include "qemu/error-report.h" #include "qemu/sockets.h" +#include "sysemu/cryptodev.h" #include <sys/ioctl.h> #include <sys/socket.h> @@ -39,6 +40,7 @@ enum VhostUserProtocolFeature { VHOST_USER_PROTOCOL_F_NET_MTU = 4, VHOST_USER_PROTOCOL_F_SLAVE_REQ = 5, VHOST_USER_PROTOCOL_F_CROSS_ENDIAN = 6, + VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7, VHOST_USER_PROTOCOL_F_MAX }; @@ -72,6 +74,8 @@ typedef enum VhostUserRequest { VHOST_USER_SET_VRING_ENDIAN = 23, VHOST_USER_GET_CONFIG = 24, VHOST_USER_SET_CONFIG = 25, + VHOST_USER_CREATE_CRYPTO_SESSION = 26, + VHOST_USER_CLOSE_CRYPTO_SESSION = 27, VHOST_USER_MAX } VhostUserRequest; @@ -107,6 +111,17 @@ typedef struct VhostUserConfig { uint8_t region[VHOST_USER_MAX_CONFIG_SIZE]; } VhostUserConfig; +#define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512 +#define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64 + +typedef struct VhostUserCryptoSession { + /* session id for success, -1 on errors */ + int64_t session_id; + CryptoDevBackendSymSessionInfo session_setup_data; + uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; + uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; +} VhostUserCryptoSession; + static VhostUserConfig c __attribute__ ((unused)); #define VHOST_USER_CONFIG_HDR_SIZE (sizeof(c.offset) \ + sizeof(c.size) \ @@ -132,6 +147,7 @@ typedef union { VhostUserLog log; struct vhost_iotlb_msg iotlb; VhostUserConfig config; + VhostUserCryptoSession session; } VhostUserPayload; typedef struct VhostUserMsg { @@ -1054,6 +1070,92 @@ static int vhost_user_set_config(struct vhost_dev *dev, const uint8_t *data, return 0; } +static int vhost_user_crypto_create_session(struct vhost_dev *dev, + void *session_info, + uint64_t *session_id) +{ + bool crypto_session = virtio_has_feature(dev->protocol_features, + VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); + CryptoDevBackendSymSessionInfo *sess_info = session_info; + VhostUserMsg msg = { + .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION, + .hdr.flags = VHOST_USER_VERSION, + .hdr.size = sizeof(msg.payload.session), + }; + + assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER); + + if (!crypto_session) { + error_report("vhost-user trying to send unhandled ioctl"); + return -1; + } + + memcpy(&msg.payload.session.session_setup_data, sess_info, + sizeof(CryptoDevBackendSymSessionInfo)); + if (sess_info->key_len) { + memcpy(&msg.payload.session.key, sess_info->cipher_key, + sess_info->key_len); + } + if (sess_info->auth_key_len > 0) { + memcpy(&msg.payload.session.auth_key, sess_info->auth_key, + sess_info->auth_key_len); + } + if (vhost_user_write(dev, &msg, NULL, 0) < 0) { + error_report("vhost_user_write() return -1, create session failed"); + return -1; + } + + if (vhost_user_read(dev, &msg) < 0) { + error_report("vhost_user_read() return -1, create session failed"); + return -1; + } + + if (msg.hdr.request != VHOST_USER_CREATE_CRYPTO_SESSION) { + error_report("Received unexpected msg type. Expected %d received %d", + VHOST_USER_CREATE_CRYPTO_SESSION, msg.hdr.request); + return -1; + } + + if (msg.hdr.size != sizeof(msg.payload.session)) { + error_report("Received bad msg size."); + return -1; + } + + if (msg.payload.session.session_id < 0) { + error_report("Bad session id: %" PRId64 "", + msg.payload.session.session_id); + return -1; + } + *session_id = msg.payload.session.session_id; + + return 0; +} + +static int +vhost_user_crypto_close_session(struct vhost_dev *dev, uint64_t session_id) +{ + bool crypto_session = virtio_has_feature(dev->protocol_features, + VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); + VhostUserMsg msg = { + .hdr.request = VHOST_USER_CLOSE_CRYPTO_SESSION, + .hdr.flags = VHOST_USER_VERSION, + .hdr.size = sizeof(msg.payload.u64), + }; + msg.payload.u64 = session_id; + + if (!crypto_session) { + error_report("vhost-user trying to send unhandled ioctl"); + return -1; + } + + if (vhost_user_write(dev, &msg, NULL, 0) < 0) { + error_report("vhost_user_write() return -1, close session failed"); + return -1; + } + + return 0; +} + const VhostOps user_ops = { .backend_type = VHOST_BACKEND_TYPE_USER, .vhost_backend_init = vhost_user_init, @@ -1082,4 +1184,6 @@ const VhostOps user_ops = { .vhost_send_device_iotlb_msg = vhost_user_send_device_iotlb_msg, .vhost_get_config = vhost_user_get_config, .vhost_set_config = vhost_user_set_config, + .vhost_crypto_create_session = vhost_user_crypto_create_session, + .vhost_crypto_close_session = vhost_user_crypto_close_session, }; diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 4a44e6e6bf5..d8d0ef92e16 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -345,6 +345,10 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, for (i = 0; i < dev->nvqs; ++i) { struct vhost_virtqueue *vq = dev->vqs + i; + if (vq->desc_phys == 0) { + continue; + } + j = 0; r = vhost_verify_ring_part_mapping( vq->desc, vq->desc_phys, vq->desc_size, @@ -355,7 +359,7 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, j++; r = vhost_verify_ring_part_mapping( - vq->desc, vq->desc_phys, vq->desc_size, + vq->avail, vq->avail_phys, vq->avail_size, reg_hva, reg_gpa, reg_size); if (r) { break; @@ -363,7 +367,7 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, j++; r = vhost_verify_ring_part_mapping( - vq->desc, vq->desc_phys, vq->desc_size, + vq->used, vq->used_phys, vq->used_size, reg_hva, reg_gpa, reg_size); if (r) { break; @@ -881,6 +885,11 @@ static int vhost_virtqueue_start(struct vhost_dev *dev, }; struct VirtQueue *vvq = virtio_get_queue(vdev, idx); + a = virtio_queue_get_desc_addr(vdev, idx); + if (a == 0) { + /* Queue might not be ready for start */ + return 0; + } vq->num = state.num = virtio_queue_get_num(vdev, idx); r = dev->vhost_ops->vhost_set_vring_num(dev, &state); @@ -906,7 +915,7 @@ static int vhost_virtqueue_start(struct vhost_dev *dev, } vq->desc_size = s = l = virtio_queue_get_desc_size(vdev, idx); - vq->desc_phys = a = virtio_queue_get_desc_addr(vdev, idx); + vq->desc_phys = a; vq->desc = vhost_memory_map(dev, a, &l, 0); if (!vq->desc || l != s) { r = -ENOMEM; @@ -989,6 +998,13 @@ static void vhost_virtqueue_stop(struct vhost_dev *dev, .index = vhost_vq_index, }; int r; + int a; + + a = virtio_queue_get_desc_addr(vdev, idx); + if (a == 0) { + /* Don't stop the virtqueue which might have not been started */ + return; + } r = dev->vhost_ops->vhost_get_vring_base(dev, &state); if (r < 0) { @@ -1106,13 +1122,6 @@ int vhost_dev_init(struct vhost_dev *hdev, void *opaque, goto fail; } - if (used_memslots > hdev->vhost_ops->vhost_backend_memslots_limit(hdev)) { - error_report("vhost backend memory slots limit is less" - " than current number of present memory slots"); - r = -1; - goto fail; - } - r = hdev->vhost_ops->vhost_set_owner(hdev); if (r < 0) { VHOST_OPS_DEBUG("vhost_set_owner failed"); @@ -1192,6 +1201,18 @@ int vhost_dev_init(struct vhost_dev *hdev, void *opaque, hdev->started = false; memory_listener_register(&hdev->memory_listener, &address_space_memory); QLIST_INSERT_HEAD(&vhost_devices, hdev, entry); + + if (used_memslots > hdev->vhost_ops->vhost_backend_memslots_limit(hdev)) { + error_report("vhost backend memory slots limit is less" + " than current number of present memory slots"); + r = -1; + if (busyloop_timeout) { + goto fail_busyloop; + } else { + goto fail; + } + } + return 0; fail_busyloop: diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 19c82e04325..9a9fa495d2d 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -20,6 +20,7 @@ #include "hw/virtio/virtio-crypto.h" #include "hw/virtio/virtio-access.h" #include "standard-headers/linux/virtio_ids.h" +#include "sysemu/cryptodev-vhost.h" #define VIRTIO_CRYPTO_VM_VERSION 1 @@ -880,6 +881,72 @@ static void virtio_crypto_get_config(VirtIODevice *vdev, uint8_t *config) memcpy(config, &crypto_cfg, c->config_size); } +static bool virtio_crypto_started(VirtIOCrypto *c, uint8_t status) +{ + VirtIODevice *vdev = VIRTIO_DEVICE(c); + return (status & VIRTIO_CONFIG_S_DRIVER_OK) && + (c->status & VIRTIO_CRYPTO_S_HW_READY) && vdev->vm_running; +} + +static void virtio_crypto_vhost_status(VirtIOCrypto *c, uint8_t status) +{ + VirtIODevice *vdev = VIRTIO_DEVICE(c); + int queues = c->multiqueue ? c->max_queues : 1; + CryptoDevBackend *b = c->cryptodev; + CryptoDevBackendClient *cc = b->conf.peers.ccs[0]; + + if (!cryptodev_get_vhost(cc, b, 0)) { + return; + } + + if ((virtio_crypto_started(c, status)) == !!c->vhost_started) { + return; + } + + if (!c->vhost_started) { + int r; + + c->vhost_started = 1; + r = cryptodev_vhost_start(vdev, queues); + if (r < 0) { + error_report("unable to start vhost crypto: %d: " + "falling back on userspace virtio", -r); + c->vhost_started = 0; + } + } else { + cryptodev_vhost_stop(vdev, queues); + c->vhost_started = 0; + } +} + +static void virtio_crypto_set_status(VirtIODevice *vdev, uint8_t status) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + + virtio_crypto_vhost_status(vcrypto, status); +} + +static void virtio_crypto_guest_notifier_mask(VirtIODevice *vdev, int idx, + bool mask) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + int queue = virtio_crypto_vq2q(idx); + + assert(vcrypto->vhost_started); + + cryptodev_vhost_virtqueue_mask(vdev, queue, idx, mask); +} + +static bool virtio_crypto_guest_notifier_pending(VirtIODevice *vdev, int idx) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + int queue = virtio_crypto_vq2q(idx); + + assert(vcrypto->vhost_started); + + return cryptodev_vhost_virtqueue_pending(vdev, queue, idx); +} + static void virtio_crypto_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); @@ -893,6 +960,9 @@ static void virtio_crypto_class_init(ObjectClass *klass, void *data) vdc->get_config = virtio_crypto_get_config; vdc->get_features = virtio_crypto_get_features; vdc->reset = virtio_crypto_reset; + vdc->set_status = virtio_crypto_set_status; + vdc->guest_notifier_mask = virtio_crypto_guest_notifier_mask; + vdc->guest_notifier_pending = virtio_crypto_guest_notifier_pending; } static void virtio_crypto_instance_init(Object *obj) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index b55dfcf05c0..1e8ab7bbc53 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1585,7 +1585,7 @@ static void virtio_pci_device_plugged(DeviceState *d, Error **errp) if (legacy) { if (virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) { error_setg(errp, "VIRTIO_F_IOMMU_PLATFORM was supported by" - "neither legacy nor transitional device."); + " neither legacy nor transitional device"); return ; } /* diff --git a/include/hw/virtio/vhost-backend.h b/include/hw/virtio/vhost-backend.h index 592254f40dc..5dac61f9ea9 100644 --- a/include/hw/virtio/vhost-backend.h +++ b/include/hw/virtio/vhost-backend.h @@ -95,6 +95,12 @@ typedef int (*vhost_set_config_op)(struct vhost_dev *dev, const uint8_t *data, typedef int (*vhost_get_config_op)(struct vhost_dev *dev, uint8_t *config, uint32_t config_len); +typedef int (*vhost_crypto_create_session_op)(struct vhost_dev *dev, + void *session_info, + uint64_t *session_id); +typedef int (*vhost_crypto_close_session_op)(struct vhost_dev *dev, + uint64_t session_id); + typedef struct VhostOps { VhostBackendType backend_type; vhost_backend_init vhost_backend_init; @@ -130,6 +136,8 @@ typedef struct VhostOps { vhost_send_device_iotlb_msg_op vhost_send_device_iotlb_msg; vhost_get_config_op vhost_get_config; vhost_set_config_op vhost_set_config; + vhost_crypto_create_session_op vhost_crypto_create_session; + vhost_crypto_close_session_op vhost_crypto_close_session; } VhostOps; extern const VhostOps user_ops; diff --git a/include/hw/virtio/virtio-crypto.h b/include/hw/virtio/virtio-crypto.h index a00a0bfabad..ca3a04938ee 100644 --- a/include/hw/virtio/virtio-crypto.h +++ b/include/hw/virtio/virtio-crypto.h @@ -96,6 +96,7 @@ typedef struct VirtIOCrypto { int multiqueue; uint32_t curr_queues; size_t config_size; + uint8_t vhost_started; } VirtIOCrypto; #endif /* _QEMU_VIRTIO_CRYPTO_H */ diff --git a/include/sysemu/cryptodev-vhost-user.h b/include/sysemu/cryptodev-vhost-user.h new file mode 100644 index 00000000000..6debf53fc53 --- /dev/null +++ b/include/sysemu/cryptodev-vhost-user.h @@ -0,0 +1,47 @@ +/* + * QEMU Crypto Device Common Vhost User Implement + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ +#ifndef CRYPTODEV_VHOST_USER_H +#define CRYPTODEV_VHOST_USER_H + +#define VHOST_USER_MAX_AUTH_KEY_LEN 512 +#define VHOST_USER_MAX_CIPHER_KEY_LEN 64 + + +/** + * cryptodev_vhost_user_get_vhost: + * @cc: the client object for each queue + * @b: the cryptodev backend common vhost object + * @queue: the queue index + * + * Gets a new cryptodev backend common vhost object based on + * @b and @queue + * + * Returns: the cryptodev backend common vhost object + */ +CryptoDevBackendVhost * +cryptodev_vhost_user_get_vhost( + CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue); + +#endif /* CRYPTODEV_VHOST_USER_H */ diff --git a/include/sysemu/cryptodev-vhost.h b/include/sysemu/cryptodev-vhost.h new file mode 100644 index 00000000000..fb26b86977e --- /dev/null +++ b/include/sysemu/cryptodev-vhost.h @@ -0,0 +1,154 @@ +/* + * QEMU Crypto Device Common Vhost Implement + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * Jay Zhou <jianjay.zhou@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ +#ifndef CRYPTODEV_VHOST_H +#define CRYPTODEV_VHOST_H + +#include "qemu-common.h" +#include "hw/virtio/vhost.h" +#include "hw/virtio/vhost-backend.h" +#include "chardev/char.h" + +#include "sysemu/cryptodev.h" + + +typedef struct CryptoDevBackendVhostOptions { + VhostBackendType backend_type; + void *opaque; + int total_queues; + CryptoDevBackendClient *cc; +} CryptoDevBackendVhostOptions; + +typedef struct CryptoDevBackendVhost { + struct vhost_dev dev; + struct vhost_virtqueue vqs[1]; + int backend; + CryptoDevBackendClient *cc; +} CryptoDevBackendVhost; + +/** + * cryptodev_vhost_get_max_queues: + * @crypto: the cryptodev backend common vhost object + * + * Get the maximum queue number of @crypto. + * + * + * Returns: the maximum queue number + */ +uint64_t +cryptodev_vhost_get_max_queues( + CryptoDevBackendVhost *crypto); + + +/** + * cryptodev_vhost_init: + * @options: the common vhost object's option + * + * Creates a new cryptodev backend common vhost object + * + ** The returned object must be released with + * cryptodev_vhost_cleanup() when no + * longer required + * + * Returns: the cryptodev backend common vhost object + */ +struct CryptoDevBackendVhost * +cryptodev_vhost_init( + CryptoDevBackendVhostOptions *options); + +/** + * cryptodev_vhost_cleanup: + * @crypto: the cryptodev backend common vhost object + * + * Clean the resouce associated with @crypto that realizaed + * by cryptodev_vhost_init() + * + */ +void cryptodev_vhost_cleanup( + CryptoDevBackendVhost *crypto); + +/** + * cryptodev_get_vhost: + * @cc: the client object for each queue + * @b: the cryptodev backend common vhost object + * @queue: the cryptodev backend queue index + * + * Gets a new cryptodev backend common vhost object based on + * @b and @queue + * + * Returns: the cryptodev backend common vhost object + */ +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue); +/** + * cryptodev_vhost_start: + * @dev: the virtio crypto object + * @total_queues: the total count of queue + * + * Starts the vhost crypto logic + * + * Returns: 0 for success, negative for errors + */ +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues); + +/** + * cryptodev_vhost_stop: + * @dev: the virtio crypto object + * @total_queues: the total count of queue + * + * Stops the vhost crypto logic + * + */ +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues); + +/** + * cryptodev_vhost_virtqueue_mask: + * @dev: the virtio crypto object + * @queue: the cryptodev backend queue index + * @idx: the virtqueue index + * @mask: mask or not (true or false) + * + * Mask/unmask events for @idx virtqueue on @dev device + * + */ +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask); + +/** + * cryptodev_vhost_virtqueue_pending: + * @dev: the virtio crypto object + * @queue: the cryptodev backend queue index + * @idx: the virtqueue index + * + * Test and clear event pending status for @idx virtqueue on @dev device. + * Should be called after unmask to avoid losing events. + * + * Returns: true for success, false for errors + */ +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx); + +#endif /* CRYPTODEV_VHOST_H */ diff --git a/include/sysemu/cryptodev.h b/include/sysemu/cryptodev.h index a9d0d1ee25a..faeb6f891a4 100644 --- a/include/sysemu/cryptodev.h +++ b/include/sysemu/cryptodev.h @@ -163,12 +163,20 @@ typedef struct CryptoDevBackendClass { uint32_t queue_index, Error **errp); } CryptoDevBackendClass; +typedef enum CryptoDevBackendOptionsType { + CRYPTODEV_BACKEND_TYPE_NONE = 0, + CRYPTODEV_BACKEND_TYPE_BUILTIN = 1, + CRYPTODEV_BACKEND_TYPE_VHOST_USER = 2, + CRYPTODEV_BACKEND_TYPE__MAX, +} CryptoDevBackendOptionsType; struct CryptoDevBackendClient { + CryptoDevBackendOptionsType type; char *model; char *name; char *info_str; unsigned int queue_index; + int vring_enable; QTAILQ_ENTRY(CryptoDevBackendClient) next; }; diff --git a/net/vhost-user.c b/net/vhost-user.c index cb455125069..d024573e45f 100644 --- a/net/vhost-user.c +++ b/net/vhost-user.c @@ -109,6 +109,7 @@ static int vhost_user_start(int queues, NetClientState *ncs[], CharBackend *be) err: if (net) { vhost_net_cleanup(net); + g_free(net); } vhost_user_stop(i, ncs); return -1; diff --git a/qemu-options.hx b/qemu-options.hx index 8ccd5dcaa61..fea949dd561 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4233,6 +4233,27 @@ which specify the queue number of cryptodev backend, the default of [...] @end example +@item -object cryptodev-vhost-user,id=@var{id},chardev=@var{chardevid}[,queues=@var{queues}] + +Creates a vhost-user cryptodev backend, backed by a chardev @var{chardevid}. +The @var{id} parameter is a unique ID that will be used to reference this +cryptodev backend from the @option{virtio-crypto} device. +The chardev should be a unix domain socket backed one. The vhost-user uses +a specifically defined protocol to pass vhost ioctl replacement messages +to an application on the other end of the socket. +The @var{queues} parameter is optional, which specify the queue number +of cryptodev backend for multiqueue vhost-user, the default of @var{queues} is 1. + +@example + + # qemu-system-x86_64 \ + [...] \ + -chardev socket,id=chardev0,path=/path/to/socket \ + -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \ + -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \ + [...] +@end example + @item -object secret,id=@var{id},data=@var{string},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] @item -object secret,id=@var{id},file=@var{filename},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] @@ -2845,6 +2845,12 @@ static bool object_create_initial(const char *type) return false; } +#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) + if (g_str_equal(type, "cryptodev-vhost-user")) { + return false; + } +#endif + /* * return false for concrete netfilters since * they depend on netdevs already existing |