From a38a498dc1dc2d101a4958b6bfbf921df478c069 Mon Sep 17 00:00:00 2001 From: linzhecheng Date: Tue, 13 Feb 2018 13:08:37 +0800 Subject: [PATCH 01/13] vhost-user: fix memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit g_free() was moved from vhost_net_cleanup in commit e6bcb1b, so we should free net after vhost_net_cleanup Signed-off-by: linzhecheng Reviewed-by: Marc-André Lureau < marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé --- net/vhost-user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/vhost-user.c b/net/vhost-user.c index cb45512506..d024573e45 100644 --- a/net/vhost-user.c +++ b/net/vhost-user.c @@ -109,6 +109,7 @@ static int vhost_user_start(int queues, NetClientState *ncs[], CharBackend *be) err: if (net) { vhost_net_cleanup(net); + g_free(net); } vhost_user_stop(i, ncs); return -1; From 2080a29f0e9cb2d456fabafbba936c8f78228a21 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Mon, 12 Feb 2018 15:18:08 +0100 Subject: [PATCH 02/13] virtio-pci: trivial fixes in error message Signed-off-by: Greg Kurz Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/virtio-pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index b55dfcf05c..1e8ab7bbc5 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1585,7 +1585,7 @@ static void virtio_pci_device_plugged(DeviceState *d, Error **errp) if (legacy) { if (virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) { error_setg(errp, "VIRTIO_F_IOMMU_PLATFORM was supported by" - "neither legacy nor transitional device."); + " neither legacy nor transitional device"); return ; } /* From b7a7bb358f2a9073922671f4616dfbe1e9566988 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Sat, 24 Feb 2018 09:30:12 +0100 Subject: [PATCH 03/13] intel-iommu: Accept 64-bit writes to FEADDR Xen is doing this [1] and currently triggers an abort. [1] http://xenbits.xenproject.org/gitweb/?p=xen.git;a=blob;f=xen/drivers/passthrough/vtd/iommu.c;h=daaed0abbdd06b6ba3d948ea103aadf02651e83c;hb=refs/heads/master#l1108 Reported-by: Luis Lloret Signed-off-by: Jan Kiszka Reviewed-by: Peter Xu Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/i386/intel_iommu.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 2e841cde27..fb31de9416 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -2129,8 +2129,15 @@ static void vtd_mem_write(void *opaque, hwaddr addr, /* Fault Event Address Register, 32-bit */ case DMAR_FEADDR_REG: - assert(size == 4); - vtd_set_long(s, addr, val); + if (size == 4) { + vtd_set_long(s, addr, val); + } else { + /* + * While the register is 32-bit only, some guests (Xen...) write to + * it with 64-bit. + */ + vtd_set_quad(s, addr, val); + } break; /* Fault Event Upper Address Register, 32-bit */ From c5e931640cb80151d8699779d66c158977055ef1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Golembiovsk=C3=BD?= Date: Mon, 19 Feb 2018 13:43:44 +0100 Subject: [PATCH 04/13] docs: document virtio-balloon stats MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Document statistics added in commits commit a0d06486b445985b8d128df172daefbae205bffd Author: Denis V. Lunev Date: Wed Feb 24 10:50:48 2016 +0300 virtio-balloon: add 'available' counter and commit bf1e7140ef0b3a149860ab9f05b36665133238f6 Author: Tomáš Golembiovský Date: Tue Dec 5 13:14:46 2017 +0100 virtio-balloon: include statistics of disk/file caches Signed-off-by: Tomáš Golembiovský Reviewed-by: Jonathan Helman Reviewed-by: Stefan Hajnoczi Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- docs/virtio-balloon-stats.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/virtio-balloon-stats.txt b/docs/virtio-balloon-stats.txt index edff5f22a8..7a66d25da5 100644 --- a/docs/virtio-balloon-stats.txt +++ b/docs/virtio-balloon-stats.txt @@ -32,6 +32,8 @@ which will return a dictionary containing: - stat-minor-faults - stat-free-memory - stat-total-memory + - stat-available-memory + - stat-disk-caches o A key named last-update, which contains the last stats update timestamp in seconds. Since this timestamp is generated by the host, From c8945922be9c11fc11dcbc54fadc556a893076fc Mon Sep 17 00:00:00 2001 From: Kashyap Chamarthy Date: Mon, 19 Feb 2018 17:31:31 +0100 Subject: [PATCH 05/13] docs: pcie: Spell out machine type needs for PCIe features MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PCIe features are available only via the 'q35' machine type for x86 and the 'virt' machine type for AArch64 architecture. Mention that explicitly. Thanks: Daniel Berrangé Signed-off-by: Kashyap Chamarthy Reviewed-by: Daniel P. Berrangé Reviewed-by: Marcel Apfelbaum Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- docs/pcie.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/pcie.txt b/docs/pcie.txt index 8d3694970e..89e3502075 100644 --- a/docs/pcie.txt +++ b/docs/pcie.txt @@ -3,8 +3,13 @@ PCI EXPRESS GUIDELINES 1. Introduction ================ -The doc proposes best practices on how to use PCI Express/PCI device -in PCI Express based machines and explains the reasoning behind them. +The doc proposes best practices on how to use PCI Express (PCIe) / PCI +devices in PCI Express based machines and explains the reasoning behind +them. + +Note that the PCIe features are available only when using the 'q35' +machine type on x86 architecture and the 'virt' machine type on AArch64. +Other machine types do not use PCIe at this time. The following presentations accompany this document: (1) Q35 overview. From 9e2a2a3e083fec1e8059b331e3998c0849d779c1 Mon Sep 17 00:00:00 2001 From: Jay Zhou Date: Tue, 27 Feb 2018 15:10:04 +0800 Subject: [PATCH 06/13] vhost: fix memslot limit check Since used_memslots will be updated to the actual value after registering memory listener for the first time, move the memslots limit checking to the right place. Reviewed-by: Igor Mammedov Signed-off-by: Jay Zhou Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/vhost.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 4a44e6e6bf..4a583a3c1e 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -1106,13 +1106,6 @@ int vhost_dev_init(struct vhost_dev *hdev, void *opaque, goto fail; } - if (used_memslots > hdev->vhost_ops->vhost_backend_memslots_limit(hdev)) { - error_report("vhost backend memory slots limit is less" - " than current number of present memory slots"); - r = -1; - goto fail; - } - r = hdev->vhost_ops->vhost_set_owner(hdev); if (r < 0) { VHOST_OPS_DEBUG("vhost_set_owner failed"); @@ -1192,6 +1185,18 @@ int vhost_dev_init(struct vhost_dev *hdev, void *opaque, hdev->started = false; memory_listener_register(&hdev->memory_listener, &address_space_memory); QLIST_INSERT_HEAD(&vhost_devices, hdev, entry); + + if (used_memslots > hdev->vhost_ops->vhost_backend_memslots_limit(hdev)) { + error_report("vhost backend memory slots limit is less" + " than current number of present memory slots"); + r = -1; + if (busyloop_timeout) { + goto fail_busyloop; + } else { + goto fail; + } + } + return 0; fail_busyloop: From fb20fbb764aa1eb3014c7544ea3daa58bc7b4cd2 Mon Sep 17 00:00:00 2001 From: Jia He Date: Wed, 28 Feb 2018 01:35:28 -0800 Subject: [PATCH 07/13] vhost: avoid to start/stop virtqueue which is not ready In our Armv8a server, we try to configure the vhost scsi but fail to boot up the guest (-machine virt-2.10). The guest's boot failure is very early, even earlier than grub. There are 3 virtqueues (ctrl, event and cmd) for virtio scsi device, but ovmf and seabios will only set the physical address for the 3rd one (cmd). Then in vhost_virtqueue_start(), virtio_queue_get_desc_addr will be 0 for ctrl and event vq when qemu negotiates with ovmf. So vhost_memory_map fails with ENOMEM. This patch just fixs it by early quitting the virtqueue start/stop when virtio_queue_get_desc_addr is 0. Btw, after guest kernel starts, all the 3 queues will be initialized and set address correctly. Already tested on Arm64 and X86_64 qemu. Signed-off-by: Jia He Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/vhost.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 4a583a3c1e..d02d12a861 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -345,6 +345,10 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, for (i = 0; i < dev->nvqs; ++i) { struct vhost_virtqueue *vq = dev->vqs + i; + if (vq->desc_phys == 0) { + continue; + } + j = 0; r = vhost_verify_ring_part_mapping( vq->desc, vq->desc_phys, vq->desc_size, @@ -881,6 +885,11 @@ static int vhost_virtqueue_start(struct vhost_dev *dev, }; struct VirtQueue *vvq = virtio_get_queue(vdev, idx); + a = virtio_queue_get_desc_addr(vdev, idx); + if (a == 0) { + /* Queue might not be ready for start */ + return 0; + } vq->num = state.num = virtio_queue_get_num(vdev, idx); r = dev->vhost_ops->vhost_set_vring_num(dev, &state); @@ -906,7 +915,7 @@ static int vhost_virtqueue_start(struct vhost_dev *dev, } vq->desc_size = s = l = virtio_queue_get_desc_size(vdev, idx); - vq->desc_phys = a = virtio_queue_get_desc_addr(vdev, idx); + vq->desc_phys = a; vq->desc = vhost_memory_map(dev, a, &l, 0); if (!vq->desc || l != s) { r = -ENOMEM; @@ -989,6 +998,13 @@ static void vhost_virtqueue_stop(struct vhost_dev *dev, .index = vhost_vq_index, }; int r; + int a; + + a = virtio_queue_get_desc_addr(vdev, idx); + if (a == 0) { + /* Don't stop the virtqueue which might have not been started */ + return; + } r = dev->vhost_ops->vhost_get_vring_base(dev, &state); if (r < 0) { From 9fac50c88d91ebf7a7d3d31f8520762ac24e12b9 Mon Sep 17 00:00:00 2001 From: Jia He Date: Wed, 28 Feb 2018 01:35:29 -0800 Subject: [PATCH 08/13] vhost: fix incorrect check in vhost_verify_ring_mappings In commit 0ca1fd2d6878 ("vhost: Simplify ring verification checks"), it checks the virtqueue desc mapping for 3 times. Fixed: commit 0ca1fd2d6878 ("vhost: Simplify ring verification checks") Signed-off-by: Jia He Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert --- hw/virtio/vhost.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index d02d12a861..d8d0ef92e1 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -359,7 +359,7 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, j++; r = vhost_verify_ring_part_mapping( - vq->desc, vq->desc_phys, vq->desc_size, + vq->avail, vq->avail_phys, vq->avail_size, reg_hva, reg_gpa, reg_size); if (r) { break; @@ -367,7 +367,7 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, j++; r = vhost_verify_ring_part_mapping( - vq->desc, vq->desc_phys, vq->desc_size, + vq->used, vq->used_phys, vq->used_size, reg_hva, reg_gpa, reg_size); if (r) { break; From 59fbfed9b814f7e6d55adf9b3a978ee2c987d05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Wed, 28 Feb 2018 16:58:39 +0100 Subject: [PATCH 09/13] docs/vmcoreinfo: detail unsupported host format behaviour MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Suggested-by: Michael S. Tsirkin Signed-off-by: Marc-André Lureau Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- docs/specs/vmcoreinfo.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/specs/vmcoreinfo.txt b/docs/specs/vmcoreinfo.txt index 821261067f..bcbca6fe47 100644 --- a/docs/specs/vmcoreinfo.txt +++ b/docs/specs/vmcoreinfo.txt @@ -29,6 +29,10 @@ processing of entry values. A write of 0 in guest_format will disable further processing of vmcoreinfo entry values & content. +You may write a guest_format that is not supported by the host, in +which case the entry data can be ignored by qemu (but you may still +access it through a debugger, via vmcoreinfo_realize::vmcoreinfo_state). + Format & content **************** From 042cea274c5854023e1d18626480190c0d64268e Mon Sep 17 00:00:00 2001 From: Gonglei Date: Thu, 1 Mar 2018 21:46:28 +0800 Subject: [PATCH 10/13] cryptodev: add vhost-user as a new cryptodev backend Usage: -chardev socket,id=charcrypto0,path=/path/to/your/socket -object cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 Signed-off-by: Gonglei Signed-off-by: Longpeng(Mike) Signed-off-by: Jay Zhou Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- backends/Makefile.objs | 6 + backends/cryptodev-vhost-user.c | 331 +++++++++++++++++++++++++++++++ backends/cryptodev-vhost.c | 89 +++++++++ configure | 15 ++ include/sysemu/cryptodev-vhost.h | 154 ++++++++++++++ qemu-options.hx | 21 ++ vl.c | 6 + 7 files changed, 622 insertions(+) create mode 100644 backends/cryptodev-vhost-user.c create mode 100644 backends/cryptodev-vhost.c create mode 100644 include/sysemu/cryptodev-vhost.h diff --git a/backends/Makefile.objs b/backends/Makefile.objs index 67eeeba5fc..ad7c0325ed 100644 --- a/backends/Makefile.objs +++ b/backends/Makefile.objs @@ -9,4 +9,10 @@ common-obj-$(CONFIG_LINUX) += hostmem-file.o common-obj-y += cryptodev.o common-obj-y += cryptodev-builtin.o +ifeq ($(CONFIG_VIRTIO),y) +common-obj-y += cryptodev-vhost.o +common-obj-$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX)) += \ + cryptodev-vhost-user.o +endif + common-obj-$(CONFIG_LINUX) += hostmem-memfd.o diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c new file mode 100644 index 0000000000..93c3f10a8f --- /dev/null +++ b/backends/cryptodev-vhost-user.c @@ -0,0 +1,331 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "hw/boards.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "standard-headers/linux/virtio_crypto.h" +#include "sysemu/cryptodev-vhost.h" +#include "chardev/char-fe.h" + + +/** + * @TYPE_CRYPTODEV_BACKEND_VHOST_USER: + * name of backend that uses vhost user server + */ +#define TYPE_CRYPTODEV_BACKEND_VHOST_USER "cryptodev-vhost-user" + +#define CRYPTODEV_BACKEND_VHOST_USER(obj) \ + OBJECT_CHECK(CryptoDevBackendVhostUser, \ + (obj), TYPE_CRYPTODEV_BACKEND_VHOST_USER) + + +typedef struct CryptoDevBackendVhostUser { + CryptoDevBackend parent_obj; + + CharBackend chr; + char *chr_name; + bool opened; + CryptoDevBackendVhost *vhost_crypto[MAX_CRYPTO_QUEUE_NUM]; +} CryptoDevBackendVhostUser; + +static int +cryptodev_vhost_user_running( + CryptoDevBackendVhost *crypto) +{ + return crypto ? 1 : 0; +} + +static void cryptodev_vhost_user_stop(int queues, + CryptoDevBackendVhostUser *s) +{ + size_t i; + + for (i = 0; i < queues; i++) { + if (!cryptodev_vhost_user_running(s->vhost_crypto[i])) { + continue; + } + + cryptodev_vhost_cleanup(s->vhost_crypto[i]); + s->vhost_crypto[i] = NULL; + } +} + +static int +cryptodev_vhost_user_start(int queues, + CryptoDevBackendVhostUser *s) +{ + CryptoDevBackendVhostOptions options; + CryptoDevBackend *b = CRYPTODEV_BACKEND(s); + int max_queues; + size_t i; + + for (i = 0; i < queues; i++) { + if (cryptodev_vhost_user_running(s->vhost_crypto[i])) { + continue; + } + + options.opaque = &s->chr; + options.backend_type = VHOST_BACKEND_TYPE_USER; + options.cc = b->conf.peers.ccs[i]; + s->vhost_crypto[i] = cryptodev_vhost_init(&options); + if (!s->vhost_crypto[i]) { + error_report("failed to init vhost_crypto for queue %zu", i); + goto err; + } + + if (i == 0) { + max_queues = + cryptodev_vhost_get_max_queues(s->vhost_crypto[i]); + if (queues > max_queues) { + error_report("you are asking more queues than supported: %d", + max_queues); + goto err; + } + } + } + + return 0; + +err: + cryptodev_vhost_user_stop(i + 1, s); + return -1; +} + +static Chardev * +cryptodev_vhost_claim_chardev(CryptoDevBackendVhostUser *s, + Error **errp) +{ + Chardev *chr; + + if (s->chr_name == NULL) { + error_setg(errp, QERR_INVALID_PARAMETER_VALUE, + "chardev", "a valid character device"); + return NULL; + } + + chr = qemu_chr_find(s->chr_name); + if (chr == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Device '%s' not found", s->chr_name); + return NULL; + } + + return chr; +} + +static void cryptodev_vhost_user_event(void *opaque, int event) +{ + CryptoDevBackendVhostUser *s = opaque; + CryptoDevBackend *b = CRYPTODEV_BACKEND(s); + Error *err = NULL; + int queues = b->conf.peers.queues; + + assert(queues < MAX_CRYPTO_QUEUE_NUM); + + switch (event) { + case CHR_EVENT_OPENED: + if (cryptodev_vhost_user_start(queues, s) < 0) { + exit(1); + } + b->ready = true; + break; + case CHR_EVENT_CLOSED: + b->ready = false; + cryptodev_vhost_user_stop(queues, s); + break; + } + + if (err) { + error_report_err(err); + } +} + +static void cryptodev_vhost_user_init( + CryptoDevBackend *backend, Error **errp) +{ + int queues = backend->conf.peers.queues; + size_t i; + Error *local_err = NULL; + Chardev *chr; + CryptoDevBackendClient *cc; + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(backend); + + chr = cryptodev_vhost_claim_chardev(s, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + s->opened = true; + + for (i = 0; i < queues; i++) { + cc = cryptodev_backend_new_client( + "cryptodev-vhost-user", NULL); + cc->info_str = g_strdup_printf("cryptodev-vhost-user%zu to %s ", + i, chr->label); + cc->queue_index = i; + + backend->conf.peers.ccs[i] = cc; + + if (i == 0) { + if (!qemu_chr_fe_init(&s->chr, chr, &local_err)) { + error_propagate(errp, local_err); + return; + } + } + } + + qemu_chr_fe_set_handlers(&s->chr, NULL, NULL, + cryptodev_vhost_user_event, NULL, s, NULL, true); + + backend->conf.crypto_services = + 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | + 1u << VIRTIO_CRYPTO_SERVICE_HASH | + 1u << VIRTIO_CRYPTO_SERVICE_MAC; + backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; + backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; +} + +static int64_t cryptodev_vhost_user_sym_create_session( + CryptoDevBackend *backend, + CryptoDevBackendSymSessionInfo *sess_info, + uint32_t queue_index, Error **errp) +{ + return 0; +} + +static int cryptodev_vhost_user_sym_close_session( + CryptoDevBackend *backend, + uint64_t session_id, + uint32_t queue_index, Error **errp) +{ + return 0; +} + +static int cryptodev_vhost_user_sym_operation( + CryptoDevBackend *backend, + CryptoDevBackendSymOpInfo *op_info, + uint32_t queue_index, Error **errp) +{ + return VIRTIO_CRYPTO_OK; +} + +static void cryptodev_vhost_user_cleanup( + CryptoDevBackend *backend, + Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(backend); + size_t i; + int queues = backend->conf.peers.queues; + CryptoDevBackendClient *cc; + + cryptodev_vhost_user_stop(queues, s); + + for (i = 0; i < queues; i++) { + cc = backend->conf.peers.ccs[i]; + if (cc) { + cryptodev_backend_free_client(cc); + backend->conf.peers.ccs[i] = NULL; + } + } +} + +static void cryptodev_vhost_user_set_chardev(Object *obj, + const char *value, Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + + if (s->opened) { + error_setg(errp, QERR_PERMISSION_DENIED); + } else { + g_free(s->chr_name); + s->chr_name = g_strdup(value); + } +} + +static char * +cryptodev_vhost_user_get_chardev(Object *obj, Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + Chardev *chr = qemu_chr_fe_get_driver(&s->chr); + + if (chr && chr->label) { + return g_strdup(chr->label); + } + + return NULL; +} + +static void cryptodev_vhost_user_instance_int(Object *obj) +{ + object_property_add_str(obj, "chardev", + cryptodev_vhost_user_get_chardev, + cryptodev_vhost_user_set_chardev, + NULL); +} + +static void cryptodev_vhost_user_finalize(Object *obj) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + + qemu_chr_fe_deinit(&s->chr, false); + + g_free(s->chr_name); +} + +static void +cryptodev_vhost_user_class_init(ObjectClass *oc, void *data) +{ + CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); + + bc->init = cryptodev_vhost_user_init; + bc->cleanup = cryptodev_vhost_user_cleanup; + bc->create_session = cryptodev_vhost_user_sym_create_session; + bc->close_session = cryptodev_vhost_user_sym_close_session; + bc->do_sym_op = cryptodev_vhost_user_sym_operation; +} + +static const TypeInfo cryptodev_vhost_user_info = { + .name = TYPE_CRYPTODEV_BACKEND_VHOST_USER, + .parent = TYPE_CRYPTODEV_BACKEND, + .class_init = cryptodev_vhost_user_class_init, + .instance_init = cryptodev_vhost_user_instance_int, + .instance_finalize = cryptodev_vhost_user_finalize, + .instance_size = sizeof(CryptoDevBackendVhostUser), +}; + +static void +cryptodev_vhost_user_register_types(void) +{ + type_register_static(&cryptodev_vhost_user_info); +} + +type_init(cryptodev_vhost_user_register_types); diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c new file mode 100644 index 0000000000..27e1c4ad25 --- /dev/null +++ b/backends/cryptodev-vhost.c @@ -0,0 +1,89 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei + * Jay Zhou + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "sysemu/cryptodev-vhost.h" + +#ifdef CONFIG_VHOST_CRYPTO +uint64_t +cryptodev_vhost_get_max_queues( + CryptoDevBackendVhost *crypto) +{ + return crypto->dev.max_queues; +} + +void cryptodev_vhost_cleanup(CryptoDevBackendVhost *crypto) +{ + vhost_dev_cleanup(&crypto->dev); + g_free(crypto); +} + +struct CryptoDevBackendVhost * +cryptodev_vhost_init( + CryptoDevBackendVhostOptions *options) +{ + int r; + CryptoDevBackendVhost *crypto; + + crypto = g_new(CryptoDevBackendVhost, 1); + crypto->dev.max_queues = 1; + crypto->dev.nvqs = 1; + crypto->dev.vqs = crypto->vqs; + + crypto->cc = options->cc; + + crypto->dev.protocol_features = 0; + crypto->backend = -1; + + /* vhost-user needs vq_index to initiate a specific queue pair */ + crypto->dev.vq_index = crypto->cc->queue_index * crypto->dev.nvqs; + + r = vhost_dev_init(&crypto->dev, options->opaque, options->backend_type, 0); + if (r < 0) { + goto fail; + } + + return crypto; +fail: + g_free(crypto); + return NULL; +} + +#else +uint64_t +cryptodev_vhost_get_max_queues(CryptoDevBackendVhost *crypto) +{ + return 0; +} + +void cryptodev_vhost_cleanup(CryptoDevBackendVhost *crypto) +{ +} + +struct CryptoDevBackendVhost * +cryptodev_vhost_init(CryptoDevBackendVhostOptions *options) +{ + return NULL; +} +#endif diff --git a/configure b/configure index 39f3a43001..00c4b63cfa 100755 --- a/configure +++ b/configure @@ -344,6 +344,7 @@ xfs="" tcg="yes" vhost_net="no" +vhost_crypto="no" vhost_scsi="no" vhost_vsock="no" vhost_user="" @@ -813,6 +814,7 @@ Linux) linux_user="yes" kvm="yes" vhost_net="yes" + vhost_crypto="yes" vhost_scsi="yes" vhost_vsock="yes" QEMU_INCLUDES="-I\$(SRC_PATH)/linux-headers -I$(pwd)/linux-headers $QEMU_INCLUDES" @@ -1183,6 +1185,14 @@ for opt do ;; --enable-vhost-net) vhost_net="yes" ;; + --disable-vhost-crypto) vhost_crypto="no" + ;; + --enable-vhost-crypto) + vhost_crypto="yes" + if test "$mingw32" = "yes"; then + error_exit "vhost-crypto isn't available on win32" + fi + ;; --disable-vhost-scsi) vhost_scsi="no" ;; --enable-vhost-scsi) vhost_scsi="yes" @@ -1580,6 +1590,7 @@ disabled with --disable-FEATURE, default is enabled if available: cap-ng libcap-ng support attr attr and xattr support vhost-net vhost-net acceleration support + vhost-crypto vhost-crypto acceleration support spice spice rbd rados block device (rbd) libiscsi iscsi support @@ -5771,6 +5782,7 @@ echo "posix_madvise $posix_madvise" echo "posix_memalign $posix_memalign" echo "libcap-ng support $cap_ng" echo "vhost-net support $vhost_net" +echo "vhost-crypto support $vhost_crypto" echo "vhost-scsi support $vhost_scsi" echo "vhost-vsock support $vhost_vsock" echo "vhost-user support $vhost_user" @@ -6216,6 +6228,9 @@ fi if test "$vhost_net" = "yes" -a "$vhost_user" = "yes"; then echo "CONFIG_VHOST_NET_USED=y" >> $config_host_mak fi +if test "$vhost_crypto" = "yes" ; then + echo "CONFIG_VHOST_CRYPTO=y" >> $config_host_mak +fi if test "$vhost_vsock" = "yes" ; then echo "CONFIG_VHOST_VSOCK=y" >> $config_host_mak fi diff --git a/include/sysemu/cryptodev-vhost.h b/include/sysemu/cryptodev-vhost.h new file mode 100644 index 0000000000..fb26b86977 --- /dev/null +++ b/include/sysemu/cryptodev-vhost.h @@ -0,0 +1,154 @@ +/* + * QEMU Crypto Device Common Vhost Implement + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei + * Jay Zhou + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ +#ifndef CRYPTODEV_VHOST_H +#define CRYPTODEV_VHOST_H + +#include "qemu-common.h" +#include "hw/virtio/vhost.h" +#include "hw/virtio/vhost-backend.h" +#include "chardev/char.h" + +#include "sysemu/cryptodev.h" + + +typedef struct CryptoDevBackendVhostOptions { + VhostBackendType backend_type; + void *opaque; + int total_queues; + CryptoDevBackendClient *cc; +} CryptoDevBackendVhostOptions; + +typedef struct CryptoDevBackendVhost { + struct vhost_dev dev; + struct vhost_virtqueue vqs[1]; + int backend; + CryptoDevBackendClient *cc; +} CryptoDevBackendVhost; + +/** + * cryptodev_vhost_get_max_queues: + * @crypto: the cryptodev backend common vhost object + * + * Get the maximum queue number of @crypto. + * + * + * Returns: the maximum queue number + */ +uint64_t +cryptodev_vhost_get_max_queues( + CryptoDevBackendVhost *crypto); + + +/** + * cryptodev_vhost_init: + * @options: the common vhost object's option + * + * Creates a new cryptodev backend common vhost object + * + ** The returned object must be released with + * cryptodev_vhost_cleanup() when no + * longer required + * + * Returns: the cryptodev backend common vhost object + */ +struct CryptoDevBackendVhost * +cryptodev_vhost_init( + CryptoDevBackendVhostOptions *options); + +/** + * cryptodev_vhost_cleanup: + * @crypto: the cryptodev backend common vhost object + * + * Clean the resouce associated with @crypto that realizaed + * by cryptodev_vhost_init() + * + */ +void cryptodev_vhost_cleanup( + CryptoDevBackendVhost *crypto); + +/** + * cryptodev_get_vhost: + * @cc: the client object for each queue + * @b: the cryptodev backend common vhost object + * @queue: the cryptodev backend queue index + * + * Gets a new cryptodev backend common vhost object based on + * @b and @queue + * + * Returns: the cryptodev backend common vhost object + */ +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue); +/** + * cryptodev_vhost_start: + * @dev: the virtio crypto object + * @total_queues: the total count of queue + * + * Starts the vhost crypto logic + * + * Returns: 0 for success, negative for errors + */ +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues); + +/** + * cryptodev_vhost_stop: + * @dev: the virtio crypto object + * @total_queues: the total count of queue + * + * Stops the vhost crypto logic + * + */ +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues); + +/** + * cryptodev_vhost_virtqueue_mask: + * @dev: the virtio crypto object + * @queue: the cryptodev backend queue index + * @idx: the virtqueue index + * @mask: mask or not (true or false) + * + * Mask/unmask events for @idx virtqueue on @dev device + * + */ +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask); + +/** + * cryptodev_vhost_virtqueue_pending: + * @dev: the virtio crypto object + * @queue: the cryptodev backend queue index + * @idx: the virtqueue index + * + * Test and clear event pending status for @idx virtqueue on @dev device. + * Should be called after unmask to avoid losing events. + * + * Returns: true for success, false for errors + */ +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx); + +#endif /* CRYPTODEV_VHOST_H */ diff --git a/qemu-options.hx b/qemu-options.hx index 8ccd5dcaa6..fea949dd56 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4233,6 +4233,27 @@ which specify the queue number of cryptodev backend, the default of [...] @end example +@item -object cryptodev-vhost-user,id=@var{id},chardev=@var{chardevid}[,queues=@var{queues}] + +Creates a vhost-user cryptodev backend, backed by a chardev @var{chardevid}. +The @var{id} parameter is a unique ID that will be used to reference this +cryptodev backend from the @option{virtio-crypto} device. +The chardev should be a unix domain socket backed one. The vhost-user uses +a specifically defined protocol to pass vhost ioctl replacement messages +to an application on the other end of the socket. +The @var{queues} parameter is optional, which specify the queue number +of cryptodev backend for multiqueue vhost-user, the default of @var{queues} is 1. + +@example + + # qemu-system-x86_64 \ + [...] \ + -chardev socket,id=chardev0,path=/path/to/socket \ + -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \ + -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \ + [...] +@end example + @item -object secret,id=@var{id},data=@var{string},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] @item -object secret,id=@var{id},file=@var{filename},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] diff --git a/vl.c b/vl.c index 9e7235df6d..6d15386a2e 100644 --- a/vl.c +++ b/vl.c @@ -2838,6 +2838,12 @@ static bool object_create_initial(const char *type) return false; } +#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) + if (g_str_equal(type, "cryptodev-vhost-user")) { + return false; + } +#endif + /* * return false for concrete netfilters since * they depend on netdevs already existing From 5da73dabe86162005dec83a039102b126944f03a Mon Sep 17 00:00:00 2001 From: Gonglei Date: Thu, 1 Mar 2018 21:46:29 +0800 Subject: [PATCH 11/13] cryptodev: add vhost support Impliment the vhost-crypto's funtions, such as startup, stop and notification etc. Introduce an enum QCryptoCryptoDevBackendOptionsType in order to identify the cryptodev vhost backend is vhost-user or vhost-kernel-module (If exist). At this point, the cryptdoev-vhost-user works. Signed-off-by: Gonglei Signed-off-by: Longpeng(Mike) Signed-off-by: Jay Zhou Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- backends/cryptodev-builtin.c | 1 + backends/cryptodev-vhost-user.c | 16 ++ backends/cryptodev-vhost.c | 258 ++++++++++++++++++++++++++ hw/virtio/virtio-crypto.c | 70 +++++++ include/hw/virtio/virtio-crypto.h | 1 + include/sysemu/cryptodev-vhost-user.h | 44 +++++ include/sysemu/cryptodev.h | 8 + 7 files changed, 398 insertions(+) create mode 100644 include/sysemu/cryptodev-vhost-user.h diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index 657c0ba2f3..9fb0bd57a6 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -78,6 +78,7 @@ static void cryptodev_builtin_init( "cryptodev-builtin", NULL); cc->info_str = g_strdup_printf("cryptodev-builtin0"); cc->queue_index = 0; + cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN; backend->conf.peers.ccs[0] = cc; backend->conf.crypto_services = diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c index 93c3f10a8f..151a0e6ca7 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -29,6 +29,7 @@ #include "standard-headers/linux/virtio_crypto.h" #include "sysemu/cryptodev-vhost.h" #include "chardev/char-fe.h" +#include "sysemu/cryptodev-vhost-user.h" /** @@ -58,6 +59,20 @@ cryptodev_vhost_user_running( return crypto ? 1 : 0; } +CryptoDevBackendVhost * +cryptodev_vhost_user_get_vhost( + CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(b); + assert(cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER); + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + return s->vhost_crypto[queue]; +} + static void cryptodev_vhost_user_stop(int queues, CryptoDevBackendVhostUser *s) { @@ -188,6 +203,7 @@ static void cryptodev_vhost_user_init( cc->info_str = g_strdup_printf("cryptodev-vhost-user%zu to %s ", i, chr->label); cc->queue_index = i; + cc->type = CRYPTODEV_BACKEND_TYPE_VHOST_USER; backend->conf.peers.ccs[i] = cc; diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c index 27e1c4ad25..8337c9a495 100644 --- a/backends/cryptodev-vhost.c +++ b/backends/cryptodev-vhost.c @@ -23,9 +23,16 @@ */ #include "qemu/osdep.h" +#include "hw/virtio/virtio-bus.h" #include "sysemu/cryptodev-vhost.h" #ifdef CONFIG_VHOST_CRYPTO +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "hw/virtio/virtio-crypto.h" +#include "sysemu/cryptodev-vhost-user.h" + uint64_t cryptodev_vhost_get_max_queues( CryptoDevBackendVhost *crypto) @@ -70,6 +77,228 @@ fail: return NULL; } +static int +cryptodev_vhost_start_one(CryptoDevBackendVhost *crypto, + VirtIODevice *dev) +{ + int r; + + crypto->dev.nvqs = 1; + crypto->dev.vqs = crypto->vqs; + + r = vhost_dev_enable_notifiers(&crypto->dev, dev); + if (r < 0) { + goto fail_notifiers; + } + + r = vhost_dev_start(&crypto->dev, dev); + if (r < 0) { + goto fail_start; + } + + return 0; + +fail_start: + vhost_dev_disable_notifiers(&crypto->dev, dev); +fail_notifiers: + return r; +} + +static void +cryptodev_vhost_stop_one(CryptoDevBackendVhost *crypto, + VirtIODevice *dev) +{ + vhost_dev_stop(&crypto->dev, dev); + vhost_dev_disable_notifiers(&crypto->dev, dev); +} + +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + CryptoDevBackendVhost *vhost_crypto = NULL; + + if (!cc) { + return NULL; + } + + switch (cc->type) { +#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) + case CRYPTODEV_BACKEND_TYPE_VHOST_USER: + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, b, queue); + break; +#endif + default: + break; + } + + return vhost_crypto; +} + +static void +cryptodev_vhost_set_vq_index(CryptoDevBackendVhost *crypto, + int vq_index) +{ + crypto->dev.vq_index = vq_index; +} + +static int +vhost_set_vring_enable(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue, int enable) +{ + CryptoDevBackendVhost *crypto = + cryptodev_get_vhost(cc, b, queue); + const VhostOps *vhost_ops; + + cc->vring_enable = enable; + + if (!crypto) { + return 0; + } + + vhost_ops = crypto->dev.vhost_ops; + if (vhost_ops->vhost_set_vring_enable) { + return vhost_ops->vhost_set_vring_enable(&crypto->dev, enable); + } + + return 0; +} + +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev))); + VirtioBusState *vbus = VIRTIO_BUS(qbus); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus); + int r, e; + int i; + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + if (!k->set_guest_notifiers) { + error_report("binding does not support guest notifiers"); + return -ENOSYS; + } + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_set_vq_index(vhost_crypto, i); + + /* Suppress the masking guest notifiers on vhost user + * because vhost user doesn't interrupt masking/unmasking + * properly. + */ + if (cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER) { + dev->use_guest_notifier_mask = false; + } + } + + r = k->set_guest_notifiers(qbus->parent, total_queues, true); + if (r < 0) { + error_report("error binding guest notifier: %d", -r); + goto err; + } + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + r = cryptodev_vhost_start_one(vhost_crypto, dev); + + if (r < 0) { + goto err_start; + } + + if (cc->vring_enable) { + /* restore vring enable state */ + r = vhost_set_vring_enable(cc, b, i, cc->vring_enable); + + if (r < 0) { + goto err_start; + } + } + } + + return 0; + +err_start: + while (--i >= 0) { + cc = b->conf.peers.ccs[i]; + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_stop_one(vhost_crypto, dev); + } + e = k->set_guest_notifiers(qbus->parent, total_queues, false); + if (e < 0) { + error_report("vhost guest notifier cleanup failed: %d", e); + } +err: + return r; +} + +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues) +{ + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev))); + VirtioBusState *vbus = VIRTIO_BUS(qbus); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus); + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + size_t i; + int r; + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_stop_one(vhost_crypto, dev); + } + + r = k->set_guest_notifiers(qbus->parent, total_queues, false); + if (r < 0) { + error_report("vhost guest notifier cleanup failed: %d", r); + } + assert(r >= 0); +} + +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + cc = b->conf.peers.ccs[queue]; + vhost_crypto = cryptodev_get_vhost(cc, b, queue); + + vhost_virtqueue_mask(&vhost_crypto->dev, dev, idx, mask); +} + +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + cc = b->conf.peers.ccs[queue]; + vhost_crypto = cryptodev_get_vhost(cc, b, queue); + + return vhost_virtqueue_pending(&vhost_crypto->dev, idx); +} + #else uint64_t cryptodev_vhost_get_max_queues(CryptoDevBackendVhost *crypto) @@ -86,4 +315,33 @@ cryptodev_vhost_init(CryptoDevBackendVhostOptions *options) { return NULL; } + +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + return NULL; +} + +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues) +{ + return -1; +} + +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues) +{ +} + +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask) +{ +} + +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx) +{ + return false; +} #endif diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 19c82e0432..9a9fa495d2 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -20,6 +20,7 @@ #include "hw/virtio/virtio-crypto.h" #include "hw/virtio/virtio-access.h" #include "standard-headers/linux/virtio_ids.h" +#include "sysemu/cryptodev-vhost.h" #define VIRTIO_CRYPTO_VM_VERSION 1 @@ -880,6 +881,72 @@ static void virtio_crypto_get_config(VirtIODevice *vdev, uint8_t *config) memcpy(config, &crypto_cfg, c->config_size); } +static bool virtio_crypto_started(VirtIOCrypto *c, uint8_t status) +{ + VirtIODevice *vdev = VIRTIO_DEVICE(c); + return (status & VIRTIO_CONFIG_S_DRIVER_OK) && + (c->status & VIRTIO_CRYPTO_S_HW_READY) && vdev->vm_running; +} + +static void virtio_crypto_vhost_status(VirtIOCrypto *c, uint8_t status) +{ + VirtIODevice *vdev = VIRTIO_DEVICE(c); + int queues = c->multiqueue ? c->max_queues : 1; + CryptoDevBackend *b = c->cryptodev; + CryptoDevBackendClient *cc = b->conf.peers.ccs[0]; + + if (!cryptodev_get_vhost(cc, b, 0)) { + return; + } + + if ((virtio_crypto_started(c, status)) == !!c->vhost_started) { + return; + } + + if (!c->vhost_started) { + int r; + + c->vhost_started = 1; + r = cryptodev_vhost_start(vdev, queues); + if (r < 0) { + error_report("unable to start vhost crypto: %d: " + "falling back on userspace virtio", -r); + c->vhost_started = 0; + } + } else { + cryptodev_vhost_stop(vdev, queues); + c->vhost_started = 0; + } +} + +static void virtio_crypto_set_status(VirtIODevice *vdev, uint8_t status) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + + virtio_crypto_vhost_status(vcrypto, status); +} + +static void virtio_crypto_guest_notifier_mask(VirtIODevice *vdev, int idx, + bool mask) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + int queue = virtio_crypto_vq2q(idx); + + assert(vcrypto->vhost_started); + + cryptodev_vhost_virtqueue_mask(vdev, queue, idx, mask); +} + +static bool virtio_crypto_guest_notifier_pending(VirtIODevice *vdev, int idx) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev); + int queue = virtio_crypto_vq2q(idx); + + assert(vcrypto->vhost_started); + + return cryptodev_vhost_virtqueue_pending(vdev, queue, idx); +} + static void virtio_crypto_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); @@ -893,6 +960,9 @@ static void virtio_crypto_class_init(ObjectClass *klass, void *data) vdc->get_config = virtio_crypto_get_config; vdc->get_features = virtio_crypto_get_features; vdc->reset = virtio_crypto_reset; + vdc->set_status = virtio_crypto_set_status; + vdc->guest_notifier_mask = virtio_crypto_guest_notifier_mask; + vdc->guest_notifier_pending = virtio_crypto_guest_notifier_pending; } static void virtio_crypto_instance_init(Object *obj) diff --git a/include/hw/virtio/virtio-crypto.h b/include/hw/virtio/virtio-crypto.h index a00a0bfaba..ca3a04938e 100644 --- a/include/hw/virtio/virtio-crypto.h +++ b/include/hw/virtio/virtio-crypto.h @@ -96,6 +96,7 @@ typedef struct VirtIOCrypto { int multiqueue; uint32_t curr_queues; size_t config_size; + uint8_t vhost_started; } VirtIOCrypto; #endif /* _QEMU_VIRTIO_CRYPTO_H */ diff --git a/include/sysemu/cryptodev-vhost-user.h b/include/sysemu/cryptodev-vhost-user.h new file mode 100644 index 0000000000..937217bc32 --- /dev/null +++ b/include/sysemu/cryptodev-vhost-user.h @@ -0,0 +1,44 @@ +/* + * QEMU Crypto Device Common Vhost User Implement + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ +#ifndef CRYPTODEV_VHOST_USER_H +#define CRYPTODEV_VHOST_USER_H + + +/** + * cryptodev_vhost_user_get_vhost: + * @cc: the client object for each queue + * @b: the cryptodev backend common vhost object + * @queue: the queue index + * + * Gets a new cryptodev backend common vhost object based on + * @b and @queue + * + * Returns: the cryptodev backend common vhost object + */ +CryptoDevBackendVhost * +cryptodev_vhost_user_get_vhost( + CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue); + +#endif /* CRYPTODEV_VHOST_USER_H */ diff --git a/include/sysemu/cryptodev.h b/include/sysemu/cryptodev.h index a9d0d1ee25..faeb6f891a 100644 --- a/include/sysemu/cryptodev.h +++ b/include/sysemu/cryptodev.h @@ -163,12 +163,20 @@ typedef struct CryptoDevBackendClass { uint32_t queue_index, Error **errp); } CryptoDevBackendClass; +typedef enum CryptoDevBackendOptionsType { + CRYPTODEV_BACKEND_TYPE_NONE = 0, + CRYPTODEV_BACKEND_TYPE_BUILTIN = 1, + CRYPTODEV_BACKEND_TYPE_VHOST_USER = 2, + CRYPTODEV_BACKEND_TYPE__MAX, +} CryptoDevBackendOptionsType; struct CryptoDevBackendClient { + CryptoDevBackendOptionsType type; char *model; char *name; char *info_str; unsigned int queue_index; + int vring_enable; QTAILQ_ENTRY(CryptoDevBackendClient) next; }; From efbfeb81802cf9723a4663fadd674bf452a07e11 Mon Sep 17 00:00:00 2001 From: Gonglei Date: Thu, 1 Mar 2018 21:46:30 +0800 Subject: [PATCH 12/13] cryptodev-vhost-user: add crypto session handler Introduce two vhost-user meassges: VHOST_USER_CREATE_CRYPTO_SESSION and VHOST_USER_CLOSE_CRYPTO_SESSION. At this point, the QEMU side support crypto operation in cryptodev host-user backend. Signed-off-by: Gonglei Signed-off-by: Longpeng(Mike) Signed-off-by: Jay Zhou Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- backends/cryptodev-vhost-user.c | 46 ++++++++++--- docs/interop/vhost-user.txt | 26 ++++++++ hw/virtio/vhost-user.c | 104 ++++++++++++++++++++++++++++++ include/hw/virtio/vhost-backend.h | 8 +++ 4 files changed, 174 insertions(+), 10 deletions(-) diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c index 151a0e6ca7..9cd06c4b9e 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -231,7 +231,25 @@ static int64_t cryptodev_vhost_user_sym_create_session( CryptoDevBackendSymSessionInfo *sess_info, uint32_t queue_index, Error **errp) { - return 0; + CryptoDevBackendClient *cc = + backend->conf.peers.ccs[queue_index]; + CryptoDevBackendVhost *vhost_crypto; + uint64_t session_id = 0; + int ret; + + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index); + if (vhost_crypto) { + struct vhost_dev *dev = &(vhost_crypto->dev); + ret = dev->vhost_ops->vhost_crypto_create_session(dev, + sess_info, + &session_id); + if (ret < 0) { + return -1; + } else { + return session_id; + } + } + return -1; } static int cryptodev_vhost_user_sym_close_session( @@ -239,15 +257,23 @@ static int cryptodev_vhost_user_sym_close_session( uint64_t session_id, uint32_t queue_index, Error **errp) { - return 0; -} + CryptoDevBackendClient *cc = + backend->conf.peers.ccs[queue_index]; + CryptoDevBackendVhost *vhost_crypto; + int ret; -static int cryptodev_vhost_user_sym_operation( - CryptoDevBackend *backend, - CryptoDevBackendSymOpInfo *op_info, - uint32_t queue_index, Error **errp) -{ - return VIRTIO_CRYPTO_OK; + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index); + if (vhost_crypto) { + struct vhost_dev *dev = &(vhost_crypto->dev); + ret = dev->vhost_ops->vhost_crypto_close_session(dev, + session_id); + if (ret < 0) { + return -1; + } else { + return 0; + } + } + return -1; } static void cryptodev_vhost_user_cleanup( @@ -326,7 +352,7 @@ cryptodev_vhost_user_class_init(ObjectClass *oc, void *data) bc->cleanup = cryptodev_vhost_user_cleanup; bc->create_session = cryptodev_vhost_user_sym_create_session; bc->close_session = cryptodev_vhost_user_sym_close_session; - bc->do_sym_op = cryptodev_vhost_user_sym_operation; + bc->do_sym_op = NULL; } static const TypeInfo cryptodev_vhost_user_info = { diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt index 9fcf48d611..cb3a7595aa 100644 --- a/docs/interop/vhost-user.txt +++ b/docs/interop/vhost-user.txt @@ -368,6 +368,7 @@ Protocol features #define VHOST_USER_PROTOCOL_F_MTU 4 #define VHOST_USER_PROTOCOL_F_SLAVE_REQ 5 #define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN 6 +#define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7 Master message types -------------------- @@ -663,6 +664,31 @@ Master message types field, and slaves MUST NOT accept SET_CONFIG for read-only configuration space fields unless the live migration bit is set. +* VHOST_USER_CREATE_CRYPTO_SESSION + + Id: 26 + Equivalent ioctl: N/A + Master payload: crypto session description + Slave payload: crypto session description + + Create a session for crypto operation. The server side must return the + session id, 0 or positive for success, negative for failure. + This request should be sent only when VHOST_USER_PROTOCOL_F_CRYPTO_SESSION + feature has been successfully negotiated. + It's a required feature for crypto devices. + +* VHOST_USER_CLOSE_CRYPTO_SESSION + + Id: 27 + Equivalent ioctl: N/A + Master payload: u64 + + Close a session for crypto operation which was previously + created by VHOST_USER_CREATE_CRYPTO_SESSION. + This request should be sent only when VHOST_USER_PROTOCOL_F_CRYPTO_SESSION + feature has been successfully negotiated. + It's a required feature for crypto devices. + Slave message types ------------------- diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 6eb97980ad..41ff5cff41 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -17,6 +17,7 @@ #include "sysemu/kvm.h" #include "qemu/error-report.h" #include "qemu/sockets.h" +#include "sysemu/cryptodev.h" #include #include @@ -39,6 +40,7 @@ enum VhostUserProtocolFeature { VHOST_USER_PROTOCOL_F_NET_MTU = 4, VHOST_USER_PROTOCOL_F_SLAVE_REQ = 5, VHOST_USER_PROTOCOL_F_CROSS_ENDIAN = 6, + VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7, VHOST_USER_PROTOCOL_F_MAX }; @@ -72,6 +74,8 @@ typedef enum VhostUserRequest { VHOST_USER_SET_VRING_ENDIAN = 23, VHOST_USER_GET_CONFIG = 24, VHOST_USER_SET_CONFIG = 25, + VHOST_USER_CREATE_CRYPTO_SESSION = 26, + VHOST_USER_CLOSE_CRYPTO_SESSION = 27, VHOST_USER_MAX } VhostUserRequest; @@ -107,6 +111,17 @@ typedef struct VhostUserConfig { uint8_t region[VHOST_USER_MAX_CONFIG_SIZE]; } VhostUserConfig; +#define VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN 512 +#define VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN 64 + +typedef struct VhostUserCryptoSession { + /* session id for success, -1 on errors */ + int64_t session_id; + CryptoDevBackendSymSessionInfo session_setup_data; + uint8_t key[VHOST_CRYPTO_SYM_CIPHER_MAX_KEY_LEN]; + uint8_t auth_key[VHOST_CRYPTO_SYM_HMAC_MAX_KEY_LEN]; +} VhostUserCryptoSession; + static VhostUserConfig c __attribute__ ((unused)); #define VHOST_USER_CONFIG_HDR_SIZE (sizeof(c.offset) \ + sizeof(c.size) \ @@ -132,6 +147,7 @@ typedef union { VhostUserLog log; struct vhost_iotlb_msg iotlb; VhostUserConfig config; + VhostUserCryptoSession session; } VhostUserPayload; typedef struct VhostUserMsg { @@ -1054,6 +1070,92 @@ static int vhost_user_set_config(struct vhost_dev *dev, const uint8_t *data, return 0; } +static int vhost_user_crypto_create_session(struct vhost_dev *dev, + void *session_info, + uint64_t *session_id) +{ + bool crypto_session = virtio_has_feature(dev->protocol_features, + VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); + CryptoDevBackendSymSessionInfo *sess_info = session_info; + VhostUserMsg msg = { + .hdr.request = VHOST_USER_CREATE_CRYPTO_SESSION, + .hdr.flags = VHOST_USER_VERSION, + .hdr.size = sizeof(msg.payload.session), + }; + + assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER); + + if (!crypto_session) { + error_report("vhost-user trying to send unhandled ioctl"); + return -1; + } + + memcpy(&msg.payload.session.session_setup_data, sess_info, + sizeof(CryptoDevBackendSymSessionInfo)); + if (sess_info->key_len) { + memcpy(&msg.payload.session.key, sess_info->cipher_key, + sess_info->key_len); + } + if (sess_info->auth_key_len > 0) { + memcpy(&msg.payload.session.auth_key, sess_info->auth_key, + sess_info->auth_key_len); + } + if (vhost_user_write(dev, &msg, NULL, 0) < 0) { + error_report("vhost_user_write() return -1, create session failed"); + return -1; + } + + if (vhost_user_read(dev, &msg) < 0) { + error_report("vhost_user_read() return -1, create session failed"); + return -1; + } + + if (msg.hdr.request != VHOST_USER_CREATE_CRYPTO_SESSION) { + error_report("Received unexpected msg type. Expected %d received %d", + VHOST_USER_CREATE_CRYPTO_SESSION, msg.hdr.request); + return -1; + } + + if (msg.hdr.size != sizeof(msg.payload.session)) { + error_report("Received bad msg size."); + return -1; + } + + if (msg.payload.session.session_id < 0) { + error_report("Bad session id: %" PRId64 "", + msg.payload.session.session_id); + return -1; + } + *session_id = msg.payload.session.session_id; + + return 0; +} + +static int +vhost_user_crypto_close_session(struct vhost_dev *dev, uint64_t session_id) +{ + bool crypto_session = virtio_has_feature(dev->protocol_features, + VHOST_USER_PROTOCOL_F_CRYPTO_SESSION); + VhostUserMsg msg = { + .hdr.request = VHOST_USER_CLOSE_CRYPTO_SESSION, + .hdr.flags = VHOST_USER_VERSION, + .hdr.size = sizeof(msg.payload.u64), + }; + msg.payload.u64 = session_id; + + if (!crypto_session) { + error_report("vhost-user trying to send unhandled ioctl"); + return -1; + } + + if (vhost_user_write(dev, &msg, NULL, 0) < 0) { + error_report("vhost_user_write() return -1, close session failed"); + return -1; + } + + return 0; +} + const VhostOps user_ops = { .backend_type = VHOST_BACKEND_TYPE_USER, .vhost_backend_init = vhost_user_init, @@ -1082,4 +1184,6 @@ const VhostOps user_ops = { .vhost_send_device_iotlb_msg = vhost_user_send_device_iotlb_msg, .vhost_get_config = vhost_user_get_config, .vhost_set_config = vhost_user_set_config, + .vhost_crypto_create_session = vhost_user_crypto_create_session, + .vhost_crypto_close_session = vhost_user_crypto_close_session, }; diff --git a/include/hw/virtio/vhost-backend.h b/include/hw/virtio/vhost-backend.h index 592254f40d..5dac61f9ea 100644 --- a/include/hw/virtio/vhost-backend.h +++ b/include/hw/virtio/vhost-backend.h @@ -95,6 +95,12 @@ typedef int (*vhost_set_config_op)(struct vhost_dev *dev, const uint8_t *data, typedef int (*vhost_get_config_op)(struct vhost_dev *dev, uint8_t *config, uint32_t config_len); +typedef int (*vhost_crypto_create_session_op)(struct vhost_dev *dev, + void *session_info, + uint64_t *session_id); +typedef int (*vhost_crypto_close_session_op)(struct vhost_dev *dev, + uint64_t session_id); + typedef struct VhostOps { VhostBackendType backend_type; vhost_backend_init vhost_backend_init; @@ -130,6 +136,8 @@ typedef struct VhostOps { vhost_send_device_iotlb_msg_op vhost_send_device_iotlb_msg; vhost_get_config_op vhost_get_config; vhost_set_config_op vhost_set_config; + vhost_crypto_create_session_op vhost_crypto_create_session; + vhost_crypto_close_session_op vhost_crypto_close_session; } VhostOps; extern const VhostOps user_ops; From 0a9b9be9eb40055d2d1bb5b8fc4d4faefecb22c3 Mon Sep 17 00:00:00 2001 From: Gonglei Date: Thu, 1 Mar 2018 21:46:31 +0800 Subject: [PATCH 13/13] cryptodev-vhost-user: set the key length Signed-off-by: Gonglei Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- backends/cryptodev-vhost-user.c | 4 ++++ include/sysemu/cryptodev-vhost-user.h | 3 +++ 2 files changed, 7 insertions(+) diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c index 9cd06c4b9e..862d4f2580 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -224,6 +224,10 @@ static void cryptodev_vhost_user_init( 1u << VIRTIO_CRYPTO_SERVICE_MAC; backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; + + backend->conf.max_size = UINT64_MAX; + backend->conf.max_cipher_key_len = VHOST_USER_MAX_CIPHER_KEY_LEN; + backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN; } static int64_t cryptodev_vhost_user_sym_create_session( diff --git a/include/sysemu/cryptodev-vhost-user.h b/include/sysemu/cryptodev-vhost-user.h index 937217bc32..6debf53fc5 100644 --- a/include/sysemu/cryptodev-vhost-user.h +++ b/include/sysemu/cryptodev-vhost-user.h @@ -23,6 +23,9 @@ #ifndef CRYPTODEV_VHOST_USER_H #define CRYPTODEV_VHOST_USER_H +#define VHOST_USER_MAX_AUTH_KEY_LEN 512 +#define VHOST_USER_MAX_CIPHER_KEY_LEN 64 + /** * cryptodev_vhost_user_get_vhost: