043e127a12
Shared objects lack spoofing protection. For VHOST_USER_BACKEND_SHARED_OBJECT_REMOVE messages received by the vhost-user interface, any backend was allowed to remove entries from the shared table just by knowing the UUID. Only the owner of the entry shall be allowed to removed their resources from the table. To fix that, add a check for all *SHARED_OBJECT_REMOVE messages received. A vhost device can only remove TYPE_VHOST_DEV entries that are owned by them, otherwise skip the removal, and inform the device that the entry has not been removed in the answer. Signed-off-by: Albert Esteve <aesteve@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20240219143423.272012-2-aesteve@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2009 lines
72 KiB
ReStructuredText
2009 lines
72 KiB
ReStructuredText
.. _vhost_user_proto:
|
||
|
||
===================
|
||
Vhost-user Protocol
|
||
===================
|
||
|
||
..
|
||
Copyright 2014 Virtual Open Systems Sarl.
|
||
Copyright 2019 Intel Corporation
|
||
Licence: This work is licensed under the terms of the GNU GPL,
|
||
version 2 or later. See the COPYING file in the top-level
|
||
directory.
|
||
|
||
.. contents:: Table of Contents
|
||
|
||
Introduction
|
||
============
|
||
|
||
This protocol is aiming to complement the ``ioctl`` interface used to
|
||
control the vhost implementation in the Linux kernel. It implements
|
||
the control plane needed to establish virtqueue sharing with a user
|
||
space process on the same host. It uses communication over a Unix
|
||
domain socket to share file descriptors in the ancillary data of the
|
||
message.
|
||
|
||
The protocol defines 2 sides of the communication, *front-end* and
|
||
*back-end*. The *front-end* is the application that shares its virtqueues, in
|
||
our case QEMU. The *back-end* is the consumer of the virtqueues.
|
||
|
||
In the current implementation QEMU is the *front-end*, and the *back-end*
|
||
is the external process consuming the virtio queues, for example a
|
||
software Ethernet switch running in user space, such as Snabbswitch,
|
||
or a block device back-end processing read & write to a virtual
|
||
disk. In order to facilitate interoperability between various back-end
|
||
implementations, it is recommended to follow the :ref:`Backend program
|
||
conventions <backend_conventions>`.
|
||
|
||
The *front-end* and *back-end* can be either a client (i.e. connecting) or
|
||
server (listening) in the socket communication.
|
||
|
||
Support for platforms other than Linux
|
||
--------------------------------------
|
||
|
||
While vhost-user was initially developed targeting Linux, nowadays it
|
||
is supported on any platform that provides the following features:
|
||
|
||
- A way for requesting shared memory represented by a file descriptor
|
||
so it can be passed over a UNIX domain socket and then mapped by the
|
||
other process.
|
||
|
||
- AF_UNIX sockets with SCM_RIGHTS, so QEMU and the other process can
|
||
exchange messages through it, including ancillary data when needed.
|
||
|
||
- Either eventfd or pipe/pipe2. On platforms where eventfd is not
|
||
available, QEMU will automatically fall back to pipe2 or, as a last
|
||
resort, pipe. Each file descriptor will be used for receiving or
|
||
sending events by reading or writing (respectively) an 8-byte value
|
||
to the corresponding it. The 8-value itself has no meaning and
|
||
should not be interpreted.
|
||
|
||
Message Specification
|
||
=====================
|
||
|
||
.. Note:: All numbers are in the machine native byte order.
|
||
|
||
A vhost-user message consists of 3 header fields and a payload.
|
||
|
||
+---------+-------+------+---------+
|
||
| request | flags | size | payload |
|
||
+---------+-------+------+---------+
|
||
|
||
Header
|
||
------
|
||
|
||
:request: 32-bit type of the request
|
||
|
||
:flags: 32-bit bit field
|
||
|
||
- Lower 2 bits are the version (currently 0x01)
|
||
- Bit 2 is the reply flag - needs to be sent on each reply from the back-end
|
||
- Bit 3 is the need_reply flag - see :ref:`REPLY_ACK <reply_ack>` for
|
||
details.
|
||
|
||
:size: 32-bit size of the payload
|
||
|
||
Payload
|
||
-------
|
||
|
||
Depending on the request type, **payload** can be:
|
||
|
||
A single 64-bit integer
|
||
^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-----+
|
||
| u64 |
|
||
+-----+
|
||
|
||
:u64: a 64-bit unsigned integer
|
||
|
||
A vring state description
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-------+-----+
|
||
| index | num |
|
||
+-------+-----+
|
||
|
||
:index: a 32-bit index
|
||
|
||
:num: a 32-bit number
|
||
|
||
A vring descriptor index for split virtqueues
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-------------+---------------------+
|
||
| vring index | index in avail ring |
|
||
+-------------+---------------------+
|
||
|
||
:vring index: 32-bit index of the respective virtqueue
|
||
|
||
:index in avail ring: 32-bit value, of which currently only the lower 16
|
||
bits are used:
|
||
|
||
- Bits 0–15: Index of the next *Available Ring* descriptor that the
|
||
back-end will process. This is a free-running index that is not
|
||
wrapped by the ring size.
|
||
- Bits 16–31: Reserved (set to zero)
|
||
|
||
Vring descriptor indices for packed virtqueues
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-------------+--------------------+
|
||
| vring index | descriptor indices |
|
||
+-------------+--------------------+
|
||
|
||
:vring index: 32-bit index of the respective virtqueue
|
||
|
||
:descriptor indices: 32-bit value:
|
||
|
||
- Bits 0–14: Index of the next *Available Ring* descriptor that the
|
||
back-end will process. This is a free-running index that is not
|
||
wrapped by the ring size.
|
||
- Bit 15: Driver (Available) Ring Wrap Counter
|
||
- Bits 16–30: Index of the entry in the *Used Ring* where the back-end
|
||
will place the next descriptor. This is a free-running index that
|
||
is not wrapped by the ring size.
|
||
- Bit 31: Device (Used) Ring Wrap Counter
|
||
|
||
A vring address description
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-------+-------+------------+------+-----------+-----+
|
||
| index | flags | descriptor | used | available | log |
|
||
+-------+-------+------------+------+-----------+-----+
|
||
|
||
:index: a 32-bit vring index
|
||
|
||
:flags: a 32-bit vring flags
|
||
|
||
:descriptor: a 64-bit ring address of the vring descriptor table
|
||
|
||
:used: a 64-bit ring address of the vring used ring
|
||
|
||
:available: a 64-bit ring address of the vring available ring
|
||
|
||
:log: a 64-bit guest address for logging
|
||
|
||
Note that a ring address is an IOVA if ``VIRTIO_F_IOMMU_PLATFORM`` has
|
||
been negotiated. Otherwise it is a user address.
|
||
|
||
Memory region description
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+---------------+------+--------------+-------------+
|
||
| guest address | size | user address | mmap offset |
|
||
+---------------+------+--------------+-------------+
|
||
|
||
:guest address: a 64-bit guest address of the region
|
||
|
||
:size: a 64-bit size
|
||
|
||
:user address: a 64-bit user address
|
||
|
||
:mmap offset: 64-bit offset where region starts in the mapped memory
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_XEN_MMAP`` protocol feature has been
|
||
successfully negotiated, the memory region description contains two extra
|
||
fields at the end.
|
||
|
||
+---------------+------+--------------+-------------+----------------+-------+
|
||
| guest address | size | user address | mmap offset | xen mmap flags | domid |
|
||
+---------------+------+--------------+-------------+----------------+-------+
|
||
|
||
:xen mmap flags: 32-bit bit field
|
||
|
||
- Bit 0 is set for Xen foreign memory mapping.
|
||
- Bit 1 is set for Xen grant memory mapping.
|
||
- Bit 8 is set if the memory region can not be mapped in advance, and memory
|
||
areas within this region must be mapped / unmapped only when required by the
|
||
back-end. The back-end shouldn't try to map the entire region at once, as the
|
||
front-end may not allow it. The back-end should rather map only the required
|
||
amount of memory at once and unmap it after it is used.
|
||
|
||
:domid: a 32-bit Xen hypervisor specific domain id.
|
||
|
||
Single memory region description
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+---------+--------+
|
||
| padding | region |
|
||
+---------+--------+
|
||
|
||
:padding: 64-bit
|
||
|
||
A region is represented by Memory region description.
|
||
|
||
Multiple Memory regions description
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-------------+---------+---------+-----+---------+
|
||
| num regions | padding | region0 | ... | region7 |
|
||
+-------------+---------+---------+-----+---------+
|
||
|
||
:num regions: a 32-bit number of regions
|
||
|
||
:padding: 32-bit
|
||
|
||
A region is represented by Memory region description.
|
||
|
||
Log description
|
||
^^^^^^^^^^^^^^^
|
||
|
||
+----------+------------+
|
||
| log size | log offset |
|
||
+----------+------------+
|
||
|
||
:log size: size of area used for logging
|
||
|
||
:log offset: offset from start of supplied file descriptor where
|
||
logging starts (i.e. where guest address 0 would be
|
||
logged)
|
||
|
||
An IOTLB message
|
||
^^^^^^^^^^^^^^^^
|
||
|
||
+------+------+--------------+-------------------+------+
|
||
| iova | size | user address | permissions flags | type |
|
||
+------+------+--------------+-------------------+------+
|
||
|
||
:iova: a 64-bit I/O virtual address programmed by the guest
|
||
|
||
:size: a 64-bit size
|
||
|
||
:user address: a 64-bit user address
|
||
|
||
:permissions flags: an 8-bit value:
|
||
- 0: No access
|
||
- 1: Read access
|
||
- 2: Write access
|
||
- 3: Read/Write access
|
||
|
||
:type: an 8-bit IOTLB message type:
|
||
- 1: IOTLB miss
|
||
- 2: IOTLB update
|
||
- 3: IOTLB invalidate
|
||
- 4: IOTLB access fail
|
||
|
||
Virtio device config space
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+--------+------+-------+---------+
|
||
| offset | size | flags | payload |
|
||
+--------+------+-------+---------+
|
||
|
||
:offset: a 32-bit offset of virtio device's configuration space
|
||
|
||
:size: a 32-bit configuration space access size in bytes
|
||
|
||
:flags: a 32-bit value:
|
||
- 0: Vhost front-end messages used for writable fields
|
||
- 1: Vhost front-end messages used for live migration
|
||
|
||
:payload: Size bytes array holding the contents of the virtio
|
||
device's configuration space
|
||
|
||
Vring area description
|
||
^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-----+------+--------+
|
||
| u64 | size | offset |
|
||
+-----+------+--------+
|
||
|
||
:u64: a 64-bit integer contains vring index and flags
|
||
|
||
:size: a 64-bit size of this area
|
||
|
||
:offset: a 64-bit offset of this area from the start of the
|
||
supplied file descriptor
|
||
|
||
Inflight description
|
||
^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+-----------+-------------+------------+------------+
|
||
| mmap size | mmap offset | num queues | queue size |
|
||
+-----------+-------------+------------+------------+
|
||
|
||
:mmap size: a 64-bit size of area to track inflight I/O
|
||
|
||
:mmap offset: a 64-bit offset of this area from the start
|
||
of the supplied file descriptor
|
||
|
||
:num queues: a 16-bit number of virtqueues
|
||
|
||
:queue size: a 16-bit size of virtqueues
|
||
|
||
VhostUserShared
|
||
^^^^^^^^^^^^^^^
|
||
|
||
+------+
|
||
| UUID |
|
||
+------+
|
||
|
||
:UUID: 16 bytes UUID, whose first three components (a 32-bit value, then
|
||
two 16-bit values) are stored in big endian.
|
||
|
||
Device state transfer parameters
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
+--------------------+-----------------+
|
||
| transfer direction | migration phase |
|
||
+--------------------+-----------------+
|
||
|
||
:transfer direction: a 32-bit enum, describing the direction in which
|
||
the state is transferred:
|
||
|
||
- 0: Save: Transfer the state from the back-end to the front-end,
|
||
which happens on the source side of migration
|
||
- 1: Load: Transfer the state from the front-end to the back-end,
|
||
which happens on the destination side of migration
|
||
|
||
:migration phase: a 32-bit enum, describing the state in which the VM
|
||
guest and devices are:
|
||
|
||
- 0: Stopped (in the period after the transfer of memory-mapped
|
||
regions before switch-over to the destination): The VM guest is
|
||
stopped, and the vhost-user device is suspended (see
|
||
:ref:`Suspended device state <suspended_device_state>`).
|
||
|
||
In the future, additional phases might be added e.g. to allow
|
||
iterative migration while the device is running.
|
||
|
||
C structure
|
||
-----------
|
||
|
||
In QEMU the vhost-user message is implemented with the following struct:
|
||
|
||
.. code:: c
|
||
|
||
typedef struct VhostUserMsg {
|
||
VhostUserRequest request;
|
||
uint32_t flags;
|
||
uint32_t size;
|
||
union {
|
||
uint64_t u64;
|
||
struct vhost_vring_state state;
|
||
struct vhost_vring_addr addr;
|
||
VhostUserMemory memory;
|
||
VhostUserLog log;
|
||
struct vhost_iotlb_msg iotlb;
|
||
VhostUserConfig config;
|
||
VhostUserVringArea area;
|
||
VhostUserInflight inflight;
|
||
};
|
||
} QEMU_PACKED VhostUserMsg;
|
||
|
||
Communication
|
||
=============
|
||
|
||
The protocol for vhost-user is based on the existing implementation of
|
||
vhost for the Linux Kernel. Most messages that can be sent via the
|
||
Unix domain socket implementing vhost-user have an equivalent ioctl to
|
||
the kernel implementation.
|
||
|
||
The communication consists of the *front-end* sending message requests and
|
||
the *back-end* sending message replies. Most of the requests don't require
|
||
replies. Here is a list of the ones that do:
|
||
|
||
* ``VHOST_USER_GET_FEATURES``
|
||
* ``VHOST_USER_GET_PROTOCOL_FEATURES``
|
||
* ``VHOST_USER_GET_VRING_BASE``
|
||
* ``VHOST_USER_SET_LOG_BASE`` (if ``VHOST_USER_PROTOCOL_F_LOG_SHMFD``)
|
||
* ``VHOST_USER_GET_INFLIGHT_FD`` (if ``VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD``)
|
||
|
||
.. seealso::
|
||
|
||
:ref:`REPLY_ACK <reply_ack>`
|
||
The section on ``REPLY_ACK`` protocol extension.
|
||
|
||
There are several messages that the front-end sends with file descriptors passed
|
||
in the ancillary data:
|
||
|
||
* ``VHOST_USER_ADD_MEM_REG``
|
||
* ``VHOST_USER_SET_MEM_TABLE``
|
||
* ``VHOST_USER_SET_LOG_BASE`` (if ``VHOST_USER_PROTOCOL_F_LOG_SHMFD``)
|
||
* ``VHOST_USER_SET_LOG_FD``
|
||
* ``VHOST_USER_SET_VRING_KICK``
|
||
* ``VHOST_USER_SET_VRING_CALL``
|
||
* ``VHOST_USER_SET_VRING_ERR``
|
||
* ``VHOST_USER_SET_BACKEND_REQ_FD`` (previous name ``VHOST_USER_SET_SLAVE_REQ_FD``)
|
||
* ``VHOST_USER_SET_INFLIGHT_FD`` (if ``VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD``)
|
||
* ``VHOST_USER_SET_DEVICE_STATE_FD``
|
||
|
||
If *front-end* is unable to send the full message or receives a wrong
|
||
reply it will close the connection. An optional reconnection mechanism
|
||
can be implemented.
|
||
|
||
If *back-end* detects some error such as incompatible features, it may also
|
||
close the connection. This should only happen in exceptional circumstances.
|
||
|
||
Any protocol extensions are gated by protocol feature bits, which
|
||
allows full backwards compatibility on both front-end and back-end. As
|
||
older back-ends don't support negotiating protocol features, a feature
|
||
bit was dedicated for this purpose::
|
||
|
||
#define VHOST_USER_F_PROTOCOL_FEATURES 30
|
||
|
||
Note that VHOST_USER_F_PROTOCOL_FEATURES is the UNUSED (30) feature
|
||
bit defined in `VIRTIO 1.1 6.3 Legacy Interface: Reserved Feature Bits
|
||
<https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html#x1-4130003>`_.
|
||
VIRTIO devices do not advertise this feature bit and therefore VIRTIO
|
||
drivers cannot negotiate it.
|
||
|
||
This reserved feature bit was reused by the vhost-user protocol to add
|
||
vhost-user protocol feature negotiation in a backwards compatible
|
||
fashion. Old vhost-user front-end and back-end implementations continue to
|
||
work even though they are not aware of vhost-user protocol feature
|
||
negotiation.
|
||
|
||
Ring states
|
||
-----------
|
||
|
||
Rings have two independent states: started/stopped, and enabled/disabled.
|
||
|
||
* While a ring is stopped, the back-end must not process the ring at
|
||
all, regardless of whether it is enabled or disabled. The
|
||
enabled/disabled state should still be tracked, though, so it can come
|
||
into effect once the ring is started.
|
||
|
||
* started and disabled: The back-end must process the ring without
|
||
causing any side effects. For example, for a networking device,
|
||
in the disabled state the back-end must not supply any new RX packets,
|
||
but must process and discard any TX packets.
|
||
|
||
* started and enabled: The back-end must process the ring normally, i.e.
|
||
process all requests and execute them.
|
||
|
||
Each ring is initialized in a stopped and disabled state. The back-end
|
||
must start a ring upon receiving a kick (that is, detecting that file
|
||
descriptor is readable) on the descriptor specified by
|
||
``VHOST_USER_SET_VRING_KICK`` or receiving the in-band message
|
||
``VHOST_USER_VRING_KICK`` if negotiated, and stop a ring upon receiving
|
||
``VHOST_USER_GET_VRING_BASE``.
|
||
|
||
Rings can be enabled or disabled by ``VHOST_USER_SET_VRING_ENABLE``.
|
||
|
||
In addition, upon receiving a ``VHOST_USER_SET_FEATURES`` message from
|
||
the front-end without ``VHOST_USER_F_PROTOCOL_FEATURES`` set, the
|
||
back-end must enable all rings immediately.
|
||
|
||
While processing the rings (whether they are enabled or not), the back-end
|
||
must support changing some configuration aspects on the fly.
|
||
|
||
.. _suspended_device_state:
|
||
|
||
Suspended device state
|
||
^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
While all vrings are stopped, the device is *suspended*. In addition to
|
||
not processing any vring (because they are stopped), the device must:
|
||
|
||
* not write to any guest memory regions,
|
||
* not send any notifications to the guest,
|
||
* not send any messages to the front-end,
|
||
* still process and reply to messages from the front-end.
|
||
|
||
Multiple queue support
|
||
----------------------
|
||
|
||
Many devices have a fixed number of virtqueues. In this case the front-end
|
||
already knows the number of available virtqueues without communicating with the
|
||
back-end.
|
||
|
||
Some devices do not have a fixed number of virtqueues. Instead the maximum
|
||
number of virtqueues is chosen by the back-end. The number can depend on host
|
||
resource availability or back-end implementation details. Such devices are called
|
||
multiple queue devices.
|
||
|
||
Multiple queue support allows the back-end to advertise the maximum number of
|
||
queues. This is treated as a protocol extension, hence the back-end has to
|
||
implement protocol features first. The multiple queues feature is supported
|
||
only when the protocol feature ``VHOST_USER_PROTOCOL_F_MQ`` (bit 0) is set.
|
||
|
||
The max number of queues the back-end supports can be queried with message
|
||
``VHOST_USER_GET_QUEUE_NUM``. Front-end should stop when the number of requested
|
||
queues is bigger than that.
|
||
|
||
As all queues share one connection, the front-end uses a unique index for each
|
||
queue in the sent message to identify a specified queue.
|
||
|
||
The front-end enables queues by sending message ``VHOST_USER_SET_VRING_ENABLE``.
|
||
vhost-user-net has historically automatically enabled the first queue pair.
|
||
|
||
Back-ends should always implement the ``VHOST_USER_PROTOCOL_F_MQ`` protocol
|
||
feature, even for devices with a fixed number of virtqueues, since it is simple
|
||
to implement and offers a degree of introspection.
|
||
|
||
Front-ends must not rely on the ``VHOST_USER_PROTOCOL_F_MQ`` protocol feature for
|
||
devices with a fixed number of virtqueues. Only true multiqueue devices
|
||
require this protocol feature.
|
||
|
||
Migration
|
||
---------
|
||
|
||
During live migration, the front-end may need to track the modifications
|
||
the back-end makes to the memory mapped regions. The front-end should mark
|
||
the dirty pages in a log. Once it complies to this logging, it may
|
||
declare the ``VHOST_F_LOG_ALL`` vhost feature.
|
||
|
||
To start/stop logging of data/used ring writes, the front-end may send
|
||
messages ``VHOST_USER_SET_FEATURES`` with ``VHOST_F_LOG_ALL`` and
|
||
``VHOST_USER_SET_VRING_ADDR`` with ``VHOST_VRING_F_LOG`` in ring's
|
||
flags set to 1/0, respectively.
|
||
|
||
All the modifications to memory pointed by vring "descriptor" should
|
||
be marked. Modifications to "used" vring should be marked if
|
||
``VHOST_VRING_F_LOG`` is part of ring's flags.
|
||
|
||
Dirty pages are of size::
|
||
|
||
#define VHOST_LOG_PAGE 0x1000
|
||
|
||
The log memory fd is provided in the ancillary data of
|
||
``VHOST_USER_SET_LOG_BASE`` message when the back-end has
|
||
``VHOST_USER_PROTOCOL_F_LOG_SHMFD`` protocol feature.
|
||
|
||
The size of the log is supplied as part of ``VhostUserMsg`` which
|
||
should be large enough to cover all known guest addresses. Log starts
|
||
at the supplied offset in the supplied file descriptor. The log
|
||
covers from address 0 to the maximum of guest regions. In pseudo-code,
|
||
to mark page at ``addr`` as dirty::
|
||
|
||
page = addr / VHOST_LOG_PAGE
|
||
log[page / 8] |= 1 << page % 8
|
||
|
||
Where ``addr`` is the guest physical address.
|
||
|
||
Use atomic operations, as the log may be concurrently manipulated.
|
||
|
||
Note that when logging modifications to the used ring (when
|
||
``VHOST_VRING_F_LOG`` is set for this ring), ``log_guest_addr`` should
|
||
be used to calculate the log offset: the write to first byte of the
|
||
used ring is logged at this offset from log start. Also note that this
|
||
value might be outside the legal guest physical address range
|
||
(i.e. does not have to be covered by the ``VhostUserMemory`` table), but
|
||
the bit offset of the last byte of the ring must fall within the size
|
||
supplied by ``VhostUserLog``.
|
||
|
||
``VHOST_USER_SET_LOG_FD`` is an optional message with an eventfd in
|
||
ancillary data, it may be used to inform the front-end that the log has
|
||
been modified.
|
||
|
||
Once the source has finished migration, rings will be stopped by the
|
||
source (:ref:`Suspended device state <suspended_device_state>`). No
|
||
further update must be done before rings are restarted.
|
||
|
||
In postcopy migration the back-end is started before all the memory has
|
||
been received from the source host, and care must be taken to avoid
|
||
accessing pages that have yet to be received. The back-end opens a
|
||
'userfault'-fd and registers the memory with it; this fd is then
|
||
passed back over to the front-end. The front-end services requests on the
|
||
userfaultfd for pages that are accessed and when the page is available
|
||
it performs WAKE ioctl's on the userfaultfd to wake the stalled
|
||
back-end. The front-end indicates support for this via the
|
||
``VHOST_USER_PROTOCOL_F_PAGEFAULT`` feature.
|
||
|
||
.. _migrating_backend_state:
|
||
|
||
Migrating back-end state
|
||
^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
Migrating device state involves transferring the state from one
|
||
back-end, called the source, to another back-end, called the
|
||
destination. After migration, the destination transparently resumes
|
||
operation without requiring the driver to re-initialize the device at
|
||
the VIRTIO level. If the migration fails, then the source can
|
||
transparently resume operation until another migration attempt is made.
|
||
|
||
Generally, the front-end is connected to a virtual machine guest (which
|
||
contains the driver), which has its own state to transfer between source
|
||
and destination, and therefore will have an implementation-specific
|
||
mechanism to do so. The ``VHOST_USER_PROTOCOL_F_DEVICE_STATE`` feature
|
||
provides functionality to have the front-end include the back-end's
|
||
state in this transfer operation so the back-end does not need to
|
||
implement its own mechanism, and so the virtual machine may have its
|
||
complete state, including vhost-user devices' states, contained within a
|
||
single stream of data.
|
||
|
||
To do this, the back-end state is transferred from back-end to front-end
|
||
on the source side, and vice versa on the destination side. This
|
||
transfer happens over a channel that is negotiated using the
|
||
``VHOST_USER_SET_DEVICE_STATE_FD`` message. This message has two
|
||
parameters:
|
||
|
||
* Direction of transfer: On the source, the data is saved, transferring
|
||
it from the back-end to the front-end. On the destination, the data
|
||
is loaded, transferring it from the front-end to the back-end.
|
||
|
||
* Migration phase: Currently, the only supported phase is the period
|
||
after the transfer of memory-mapped regions before switch-over to the
|
||
destination, when both the source and destination devices are
|
||
suspended (:ref:`Suspended device state <suspended_device_state>`).
|
||
In the future, additional phases might be supported to allow iterative
|
||
migration while the device is running.
|
||
|
||
The nature of the channel is implementation-defined, but it must
|
||
generally behave like a pipe: The writing end will write all the data it
|
||
has into it, signalling the end of data by closing its end. The reading
|
||
end must read all of this data (until encountering the end of file) and
|
||
process it.
|
||
|
||
* When saving, the writing end is the source back-end, and the reading
|
||
end is the source front-end. After reading the state data from the
|
||
channel, the source front-end must transfer it to the destination
|
||
front-end through an implementation-defined mechanism.
|
||
|
||
* When loading, the writing end is the destination front-end, and the
|
||
reading end is the destination back-end. After reading the state data
|
||
from the channel, the destination back-end must deserialize its
|
||
internal state from that data and set itself up to allow the driver to
|
||
seamlessly resume operation on the VIRTIO level.
|
||
|
||
Seamlessly resuming operation means that the migration must be
|
||
transparent to the guest driver, which operates on the VIRTIO level.
|
||
This driver will not perform any re-initialization steps, but continue
|
||
to use the device as if no migration had occurred. The vhost-user
|
||
front-end, however, will re-initialize the vhost state on the
|
||
destination, following the usual protocol for establishing a connection
|
||
to a vhost-user back-end: This includes, for example, setting up memory
|
||
mappings and kick and call FDs as necessary, negotiating protocol
|
||
features, or setting the initial vring base indices (to the same value
|
||
as on the source side, so that operation can resume).
|
||
|
||
Both on the source and on the destination side, after the respective
|
||
front-end has seen all data transferred (when the transfer FD has been
|
||
closed), it sends the ``VHOST_USER_CHECK_DEVICE_STATE`` message to
|
||
verify that data transfer was successful in the back-end, too. The
|
||
back-end responds once it knows whether the transfer and processing was
|
||
successful or not.
|
||
|
||
Memory access
|
||
-------------
|
||
|
||
The front-end sends a list of vhost memory regions to the back-end using the
|
||
``VHOST_USER_SET_MEM_TABLE`` message. Each region has two base
|
||
addresses: a guest address and a user address.
|
||
|
||
Messages contain guest addresses and/or user addresses to reference locations
|
||
within the shared memory. The mapping of these addresses works as follows.
|
||
|
||
User addresses map to the vhost memory region containing that user address.
|
||
|
||
When the ``VIRTIO_F_IOMMU_PLATFORM`` feature has not been negotiated:
|
||
|
||
* Guest addresses map to the vhost memory region containing that guest
|
||
address.
|
||
|
||
When the ``VIRTIO_F_IOMMU_PLATFORM`` feature has been negotiated:
|
||
|
||
* Guest addresses are also called I/O virtual addresses (IOVAs). They are
|
||
translated to user addresses via the IOTLB.
|
||
|
||
* The vhost memory region guest address is not used.
|
||
|
||
IOMMU support
|
||
-------------
|
||
|
||
When the ``VIRTIO_F_IOMMU_PLATFORM`` feature has been negotiated, the
|
||
front-end sends IOTLB entries update & invalidation by sending
|
||
``VHOST_USER_IOTLB_MSG`` requests to the back-end with a ``struct
|
||
vhost_iotlb_msg`` as payload. For update events, the ``iotlb`` payload
|
||
has to be filled with the update message type (2), the I/O virtual
|
||
address, the size, the user virtual address, and the permissions
|
||
flags. Addresses and size must be within vhost memory regions set via
|
||
the ``VHOST_USER_SET_MEM_TABLE`` request. For invalidation events, the
|
||
``iotlb`` payload has to be filled with the invalidation message type
|
||
(3), the I/O virtual address and the size. On success, the back-end is
|
||
expected to reply with a zero payload, non-zero otherwise.
|
||
|
||
The back-end relies on the back-end communication channel (see :ref:`Back-end
|
||
communication <backend_communication>` section below) to send IOTLB miss
|
||
and access failure events, by sending ``VHOST_USER_BACKEND_IOTLB_MSG``
|
||
requests to the front-end with a ``struct vhost_iotlb_msg`` as
|
||
payload. For miss events, the iotlb payload has to be filled with the
|
||
miss message type (1), the I/O virtual address and the permissions
|
||
flags. For access failure event, the iotlb payload has to be filled
|
||
with the access failure message type (4), the I/O virtual address and
|
||
the permissions flags. For synchronization purpose, the back-end may
|
||
rely on the reply-ack feature, so the front-end may send a reply when
|
||
operation is completed if the reply-ack feature is negotiated and
|
||
back-ends requests a reply. For miss events, completed operation means
|
||
either front-end sent an update message containing the IOTLB entry
|
||
containing requested address and permission, or front-end sent nothing if
|
||
the IOTLB miss message is invalid (invalid IOVA or permission).
|
||
|
||
The front-end isn't expected to take the initiative to send IOTLB update
|
||
messages, as the back-end sends IOTLB miss messages for the guest virtual
|
||
memory areas it needs to access.
|
||
|
||
.. _backend_communication:
|
||
|
||
Back-end communication
|
||
----------------------
|
||
|
||
An optional communication channel is provided if the back-end declares
|
||
``VHOST_USER_PROTOCOL_F_BACKEND_REQ`` protocol feature, to allow the
|
||
back-end to make requests to the front-end.
|
||
|
||
The fd is provided via ``VHOST_USER_SET_BACKEND_REQ_FD`` ancillary data.
|
||
|
||
A back-end may then send ``VHOST_USER_BACKEND_*`` messages to the front-end
|
||
using this fd communication channel.
|
||
|
||
If ``VHOST_USER_PROTOCOL_F_BACKEND_SEND_FD`` protocol feature is
|
||
negotiated, back-end can send file descriptors (at most 8 descriptors in
|
||
each message) to front-end via ancillary data using this fd communication
|
||
channel.
|
||
|
||
Inflight I/O tracking
|
||
---------------------
|
||
|
||
To support reconnecting after restart or crash, back-end may need to
|
||
resubmit inflight I/Os. If virtqueue is processed in order, we can
|
||
easily achieve that by getting the inflight descriptors from
|
||
descriptor table (split virtqueue) or descriptor ring (packed
|
||
virtqueue). However, it can't work when we process descriptors
|
||
out-of-order because some entries which store the information of
|
||
inflight descriptors in available ring (split virtqueue) or descriptor
|
||
ring (packed virtqueue) might be overridden by new entries. To solve
|
||
this problem, the back-end need to allocate an extra buffer to store this
|
||
information of inflight descriptors and share it with front-end for
|
||
persistent. ``VHOST_USER_GET_INFLIGHT_FD`` and
|
||
``VHOST_USER_SET_INFLIGHT_FD`` are used to transfer this buffer
|
||
between front-end and back-end. And the format of this buffer is described
|
||
below:
|
||
|
||
+---------------+---------------+-----+---------------+
|
||
| queue0 region | queue1 region | ... | queueN region |
|
||
+---------------+---------------+-----+---------------+
|
||
|
||
N is the number of available virtqueues. The back-end could get it from num
|
||
queues field of ``VhostUserInflight``.
|
||
|
||
For split virtqueue, queue region can be implemented as:
|
||
|
||
.. code:: c
|
||
|
||
typedef struct DescStateSplit {
|
||
/* Indicate whether this descriptor is inflight or not.
|
||
* Only available for head-descriptor. */
|
||
uint8_t inflight;
|
||
|
||
/* Padding */
|
||
uint8_t padding[5];
|
||
|
||
/* Maintain a list for the last batch of used descriptors.
|
||
* Only available when batching is used for submitting */
|
||
uint16_t next;
|
||
|
||
/* Used to preserve the order of fetching available descriptors.
|
||
* Only available for head-descriptor. */
|
||
uint64_t counter;
|
||
} DescStateSplit;
|
||
|
||
typedef struct QueueRegionSplit {
|
||
/* The feature flags of this region. Now it's initialized to 0. */
|
||
uint64_t features;
|
||
|
||
/* The version of this region. It's 1 currently.
|
||
* Zero value indicates an uninitialized buffer */
|
||
uint16_t version;
|
||
|
||
/* The size of DescStateSplit array. It's equal to the virtqueue size.
|
||
* The back-end could get it from queue size field of VhostUserInflight. */
|
||
uint16_t desc_num;
|
||
|
||
/* The head of list that track the last batch of used descriptors. */
|
||
uint16_t last_batch_head;
|
||
|
||
/* Store the idx value of used ring */
|
||
uint16_t used_idx;
|
||
|
||
/* Used to track the state of each descriptor in descriptor table */
|
||
DescStateSplit desc[];
|
||
} QueueRegionSplit;
|
||
|
||
To track inflight I/O, the queue region should be processed as follows:
|
||
|
||
When receiving available buffers from the driver:
|
||
|
||
#. Get the next available head-descriptor index from available ring, ``i``
|
||
|
||
#. Set ``desc[i].counter`` to the value of global counter
|
||
|
||
#. Increase global counter by 1
|
||
|
||
#. Set ``desc[i].inflight`` to 1
|
||
|
||
When supplying used buffers to the driver:
|
||
|
||
1. Get corresponding used head-descriptor index, i
|
||
|
||
2. Set ``desc[i].next`` to ``last_batch_head``
|
||
|
||
3. Set ``last_batch_head`` to ``i``
|
||
|
||
#. Steps 1,2,3 may be performed repeatedly if batching is possible
|
||
|
||
#. Increase the ``idx`` value of used ring by the size of the batch
|
||
|
||
#. Set the ``inflight`` field of each ``DescStateSplit`` entry in the batch to 0
|
||
|
||
#. Set ``used_idx`` to the ``idx`` value of used ring
|
||
|
||
When reconnecting:
|
||
|
||
#. If the value of ``used_idx`` does not match the ``idx`` value of
|
||
used ring (means the inflight field of ``DescStateSplit`` entries in
|
||
last batch may be incorrect),
|
||
|
||
a. Subtract the value of ``used_idx`` from the ``idx`` value of
|
||
used ring to get last batch size of ``DescStateSplit`` entries
|
||
|
||
#. Set the ``inflight`` field of each ``DescStateSplit`` entry to 0 in last batch
|
||
list which starts from ``last_batch_head``
|
||
|
||
#. Set ``used_idx`` to the ``idx`` value of used ring
|
||
|
||
#. Resubmit inflight ``DescStateSplit`` entries in order of their
|
||
counter value
|
||
|
||
For packed virtqueue, queue region can be implemented as:
|
||
|
||
.. code:: c
|
||
|
||
typedef struct DescStatePacked {
|
||
/* Indicate whether this descriptor is inflight or not.
|
||
* Only available for head-descriptor. */
|
||
uint8_t inflight;
|
||
|
||
/* Padding */
|
||
uint8_t padding;
|
||
|
||
/* Link to the next free entry */
|
||
uint16_t next;
|
||
|
||
/* Link to the last entry of descriptor list.
|
||
* Only available for head-descriptor. */
|
||
uint16_t last;
|
||
|
||
/* The length of descriptor list.
|
||
* Only available for head-descriptor. */
|
||
uint16_t num;
|
||
|
||
/* Used to preserve the order of fetching available descriptors.
|
||
* Only available for head-descriptor. */
|
||
uint64_t counter;
|
||
|
||
/* The buffer id */
|
||
uint16_t id;
|
||
|
||
/* The descriptor flags */
|
||
uint16_t flags;
|
||
|
||
/* The buffer length */
|
||
uint32_t len;
|
||
|
||
/* The buffer address */
|
||
uint64_t addr;
|
||
} DescStatePacked;
|
||
|
||
typedef struct QueueRegionPacked {
|
||
/* The feature flags of this region. Now it's initialized to 0. */
|
||
uint64_t features;
|
||
|
||
/* The version of this region. It's 1 currently.
|
||
* Zero value indicates an uninitialized buffer */
|
||
uint16_t version;
|
||
|
||
/* The size of DescStatePacked array. It's equal to the virtqueue size.
|
||
* The back-end could get it from queue size field of VhostUserInflight. */
|
||
uint16_t desc_num;
|
||
|
||
/* The head of free DescStatePacked entry list */
|
||
uint16_t free_head;
|
||
|
||
/* The old head of free DescStatePacked entry list */
|
||
uint16_t old_free_head;
|
||
|
||
/* The used index of descriptor ring */
|
||
uint16_t used_idx;
|
||
|
||
/* The old used index of descriptor ring */
|
||
uint16_t old_used_idx;
|
||
|
||
/* Device ring wrap counter */
|
||
uint8_t used_wrap_counter;
|
||
|
||
/* The old device ring wrap counter */
|
||
uint8_t old_used_wrap_counter;
|
||
|
||
/* Padding */
|
||
uint8_t padding[7];
|
||
|
||
/* Used to track the state of each descriptor fetched from descriptor ring */
|
||
DescStatePacked desc[];
|
||
} QueueRegionPacked;
|
||
|
||
To track inflight I/O, the queue region should be processed as follows:
|
||
|
||
When receiving available buffers from the driver:
|
||
|
||
#. Get the next available descriptor entry from descriptor ring, ``d``
|
||
|
||
#. If ``d`` is head descriptor,
|
||
|
||
a. Set ``desc[old_free_head].num`` to 0
|
||
|
||
#. Set ``desc[old_free_head].counter`` to the value of global counter
|
||
|
||
#. Increase global counter by 1
|
||
|
||
#. Set ``desc[old_free_head].inflight`` to 1
|
||
|
||
#. If ``d`` is last descriptor, set ``desc[old_free_head].last`` to
|
||
``free_head``
|
||
|
||
#. Increase ``desc[old_free_head].num`` by 1
|
||
|
||
#. Set ``desc[free_head].addr``, ``desc[free_head].len``,
|
||
``desc[free_head].flags``, ``desc[free_head].id`` to ``d.addr``,
|
||
``d.len``, ``d.flags``, ``d.id``
|
||
|
||
#. Set ``free_head`` to ``desc[free_head].next``
|
||
|
||
#. If ``d`` is last descriptor, set ``old_free_head`` to ``free_head``
|
||
|
||
When supplying used buffers to the driver:
|
||
|
||
1. Get corresponding used head-descriptor entry from descriptor ring,
|
||
``d``
|
||
|
||
2. Get corresponding ``DescStatePacked`` entry, ``e``
|
||
|
||
3. Set ``desc[e.last].next`` to ``free_head``
|
||
|
||
4. Set ``free_head`` to the index of ``e``
|
||
|
||
#. Steps 1,2,3,4 may be performed repeatedly if batching is possible
|
||
|
||
#. Increase ``used_idx`` by the size of the batch and update
|
||
``used_wrap_counter`` if needed
|
||
|
||
#. Update ``d.flags``
|
||
|
||
#. Set the ``inflight`` field of each head ``DescStatePacked`` entry
|
||
in the batch to 0
|
||
|
||
#. Set ``old_free_head``, ``old_used_idx``, ``old_used_wrap_counter``
|
||
to ``free_head``, ``used_idx``, ``used_wrap_counter``
|
||
|
||
When reconnecting:
|
||
|
||
#. If ``used_idx`` does not match ``old_used_idx`` (means the
|
||
``inflight`` field of ``DescStatePacked`` entries in last batch may
|
||
be incorrect),
|
||
|
||
a. Get the next descriptor ring entry through ``old_used_idx``, ``d``
|
||
|
||
#. Use ``old_used_wrap_counter`` to calculate the available flags
|
||
|
||
#. If ``d.flags`` is not equal to the calculated flags value (means
|
||
back-end has submitted the buffer to guest driver before crash, so
|
||
it has to commit the in-progress update), set ``old_free_head``,
|
||
``old_used_idx``, ``old_used_wrap_counter`` to ``free_head``,
|
||
``used_idx``, ``used_wrap_counter``
|
||
|
||
#. Set ``free_head``, ``used_idx``, ``used_wrap_counter`` to
|
||
``old_free_head``, ``old_used_idx``, ``old_used_wrap_counter``
|
||
(roll back any in-progress update)
|
||
|
||
#. Set the ``inflight`` field of each ``DescStatePacked`` entry in
|
||
free list to 0
|
||
|
||
#. Resubmit inflight ``DescStatePacked`` entries in order of their
|
||
counter value
|
||
|
||
In-band notifications
|
||
---------------------
|
||
|
||
In some limited situations (e.g. for simulation) it is desirable to
|
||
have the kick, call and error (if used) signals done via in-band
|
||
messages instead of asynchronous eventfd notifications. This can be
|
||
done by negotiating the ``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS``
|
||
protocol feature.
|
||
|
||
Note that due to the fact that too many messages on the sockets can
|
||
cause the sending application(s) to block, it is not advised to use
|
||
this feature unless absolutely necessary. It is also considered an
|
||
error to negotiate this feature without also negotiating
|
||
``VHOST_USER_PROTOCOL_F_BACKEND_REQ`` and ``VHOST_USER_PROTOCOL_F_REPLY_ACK``,
|
||
the former is necessary for getting a message channel from the back-end
|
||
to the front-end, while the latter needs to be used with the in-band
|
||
notification messages to block until they are processed, both to avoid
|
||
blocking later and for proper processing (at least in the simulation
|
||
use case.) As it has no other way of signalling this error, the back-end
|
||
should close the connection as a response to a
|
||
``VHOST_USER_SET_PROTOCOL_FEATURES`` message that sets the in-band
|
||
notifications feature flag without the other two.
|
||
|
||
Protocol features
|
||
-----------------
|
||
|
||
.. code:: c
|
||
|
||
#define VHOST_USER_PROTOCOL_F_MQ 0
|
||
#define VHOST_USER_PROTOCOL_F_LOG_SHMFD 1
|
||
#define VHOST_USER_PROTOCOL_F_RARP 2
|
||
#define VHOST_USER_PROTOCOL_F_REPLY_ACK 3
|
||
#define VHOST_USER_PROTOCOL_F_MTU 4
|
||
#define VHOST_USER_PROTOCOL_F_BACKEND_REQ 5
|
||
#define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN 6
|
||
#define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
|
||
#define VHOST_USER_PROTOCOL_F_PAGEFAULT 8
|
||
#define VHOST_USER_PROTOCOL_F_CONFIG 9
|
||
#define VHOST_USER_PROTOCOL_F_BACKEND_SEND_FD 10
|
||
#define VHOST_USER_PROTOCOL_F_HOST_NOTIFIER 11
|
||
#define VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD 12
|
||
#define VHOST_USER_PROTOCOL_F_RESET_DEVICE 13
|
||
#define VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS 14
|
||
#define VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS 15
|
||
#define VHOST_USER_PROTOCOL_F_STATUS 16
|
||
#define VHOST_USER_PROTOCOL_F_XEN_MMAP 17
|
||
#define VHOST_USER_PROTOCOL_F_SHARED_OBJECT 18
|
||
#define VHOST_USER_PROTOCOL_F_DEVICE_STATE 19
|
||
|
||
Front-end message types
|
||
-----------------------
|
||
|
||
``VHOST_USER_GET_FEATURES``
|
||
:id: 1
|
||
:equivalent ioctl: ``VHOST_GET_FEATURES``
|
||
:request payload: N/A
|
||
:reply payload: ``u64``
|
||
|
||
Get from the underlying vhost implementation the features bitmask.
|
||
Feature bit ``VHOST_USER_F_PROTOCOL_FEATURES`` signals back-end support
|
||
for ``VHOST_USER_GET_PROTOCOL_FEATURES`` and
|
||
``VHOST_USER_SET_PROTOCOL_FEATURES``.
|
||
|
||
``VHOST_USER_SET_FEATURES``
|
||
:id: 2
|
||
:equivalent ioctl: ``VHOST_SET_FEATURES``
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Enable features in the underlying vhost implementation using a
|
||
bitmask. Feature bit ``VHOST_USER_F_PROTOCOL_FEATURES`` signals
|
||
back-end support for ``VHOST_USER_GET_PROTOCOL_FEATURES`` and
|
||
``VHOST_USER_SET_PROTOCOL_FEATURES``.
|
||
|
||
``VHOST_USER_GET_PROTOCOL_FEATURES``
|
||
:id: 15
|
||
:equivalent ioctl: ``VHOST_GET_FEATURES``
|
||
:request payload: N/A
|
||
:reply payload: ``u64``
|
||
|
||
Get the protocol feature bitmask from the underlying vhost
|
||
implementation. Only legal if feature bit
|
||
``VHOST_USER_F_PROTOCOL_FEATURES`` is present in
|
||
``VHOST_USER_GET_FEATURES``. It does not need to be acknowledged by
|
||
``VHOST_USER_SET_FEATURES``.
|
||
|
||
.. Note::
|
||
Back-ends that report ``VHOST_USER_F_PROTOCOL_FEATURES`` must
|
||
support this message even before ``VHOST_USER_SET_FEATURES`` was
|
||
called.
|
||
|
||
``VHOST_USER_SET_PROTOCOL_FEATURES``
|
||
:id: 16
|
||
:equivalent ioctl: ``VHOST_SET_FEATURES``
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Enable protocol features in the underlying vhost implementation.
|
||
|
||
Only legal if feature bit ``VHOST_USER_F_PROTOCOL_FEATURES`` is present in
|
||
``VHOST_USER_GET_FEATURES``. It does not need to be acknowledged by
|
||
``VHOST_USER_SET_FEATURES``.
|
||
|
||
.. Note::
|
||
Back-ends that report ``VHOST_USER_F_PROTOCOL_FEATURES`` must support
|
||
this message even before ``VHOST_USER_SET_FEATURES`` was called.
|
||
|
||
``VHOST_USER_SET_OWNER``
|
||
:id: 3
|
||
:equivalent ioctl: ``VHOST_SET_OWNER``
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
Issued when a new connection is established. It marks the sender
|
||
as the front-end that owns of the session. This can be used on the *back-end*
|
||
as a "session start" flag.
|
||
|
||
``VHOST_USER_RESET_OWNER``
|
||
:id: 4
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
.. admonition:: Deprecated
|
||
|
||
This is no longer used. Used to be sent to request disabling all
|
||
rings, but some back-ends interpreted it to also discard connection
|
||
state (this interpretation would lead to bugs). It is recommended
|
||
that back-ends either ignore this message, or use it to disable all
|
||
rings.
|
||
|
||
``VHOST_USER_SET_MEM_TABLE``
|
||
:id: 5
|
||
:equivalent ioctl: ``VHOST_SET_MEM_TABLE``
|
||
:request payload: multiple memory regions description
|
||
:reply payload: (postcopy only) multiple memory regions description
|
||
|
||
Sets the memory map regions on the back-end so it can translate the
|
||
vring addresses. In the ancillary data there is an array of file
|
||
descriptors for each memory mapped region. The size and ordering of
|
||
the fds matches the number and ordering of memory regions.
|
||
|
||
When ``VHOST_USER_POSTCOPY_LISTEN`` has been received,
|
||
``SET_MEM_TABLE`` replies with the bases of the memory mapped
|
||
regions to the front-end. The back-end must have mmap'd the regions but
|
||
not yet accessed them and should not yet generate a userfault
|
||
event.
|
||
|
||
.. Note::
|
||
``NEED_REPLY_MASK`` is not set in this case. QEMU will then
|
||
reply back to the list of mappings with an empty
|
||
``VHOST_USER_SET_MEM_TABLE`` as an acknowledgement; only upon
|
||
reception of this message may the guest start accessing the memory
|
||
and generating faults.
|
||
|
||
``VHOST_USER_SET_LOG_BASE``
|
||
:id: 6
|
||
:equivalent ioctl: ``VHOST_SET_LOG_BASE``
|
||
:request payload: u64
|
||
:reply payload: N/A
|
||
|
||
Sets logging shared memory space.
|
||
|
||
When the back-end has ``VHOST_USER_PROTOCOL_F_LOG_SHMFD`` protocol feature,
|
||
the log memory fd is provided in the ancillary data of
|
||
``VHOST_USER_SET_LOG_BASE`` message, the size and offset of shared
|
||
memory area provided in the message.
|
||
|
||
``VHOST_USER_SET_LOG_FD``
|
||
:id: 7
|
||
:equivalent ioctl: ``VHOST_SET_LOG_FD``
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
Sets the logging file descriptor, which is passed as ancillary data.
|
||
|
||
``VHOST_USER_SET_VRING_NUM``
|
||
:id: 8
|
||
:equivalent ioctl: ``VHOST_SET_VRING_NUM``
|
||
:request payload: vring state description
|
||
:reply payload: N/A
|
||
|
||
Set the size of the queue.
|
||
|
||
``VHOST_USER_SET_VRING_ADDR``
|
||
:id: 9
|
||
:equivalent ioctl: ``VHOST_SET_VRING_ADDR``
|
||
:request payload: vring address description
|
||
:reply payload: N/A
|
||
|
||
Sets the addresses of the different aspects of the vring.
|
||
|
||
``VHOST_USER_SET_VRING_BASE``
|
||
:id: 10
|
||
:equivalent ioctl: ``VHOST_SET_VRING_BASE``
|
||
:request payload: vring descriptor index/indices
|
||
:reply payload: N/A
|
||
|
||
Sets the next index to use for descriptors in this vring:
|
||
|
||
* For a split virtqueue, sets only the next descriptor index to
|
||
process in the *Available Ring*. The device is supposed to read the
|
||
next index in the *Used Ring* from the respective vring structure in
|
||
guest memory.
|
||
|
||
* For a packed virtqueue, both indices are supplied, as they are not
|
||
explicitly available in memory.
|
||
|
||
Consequently, the payload type is specific to the type of virt queue
|
||
(*a vring descriptor index for split virtqueues* vs. *vring descriptor
|
||
indices for packed virtqueues*).
|
||
|
||
``VHOST_USER_GET_VRING_BASE``
|
||
:id: 11
|
||
:equivalent ioctl: ``VHOST_USER_GET_VRING_BASE``
|
||
:request payload: vring state description
|
||
:reply payload: vring descriptor index/indices
|
||
|
||
Stops the vring and returns the current descriptor index or indices:
|
||
|
||
* For a split virtqueue, returns only the 16-bit next descriptor
|
||
index to process in the *Available Ring*. Note that this may
|
||
differ from the available ring index in the vring structure in
|
||
memory, which points to where the driver will put new available
|
||
descriptors. For the *Used Ring*, the device only needs the next
|
||
descriptor index at which to put new descriptors, which is the
|
||
value in the vring structure in memory, so this value is not
|
||
covered by this message.
|
||
|
||
* For a packed virtqueue, neither index is explicitly available to
|
||
read from memory, so both indices (as maintained by the device) are
|
||
returned.
|
||
|
||
Consequently, the payload type is specific to the type of virt queue
|
||
(*a vring descriptor index for split virtqueues* vs. *vring descriptor
|
||
indices for packed virtqueues*).
|
||
|
||
When and as long as all of a device’s vrings are stopped, it is
|
||
*suspended*, see :ref:`Suspended device state
|
||
<suspended_device_state>`.
|
||
|
||
The request payload’s *num* field is currently reserved and must be
|
||
set to 0.
|
||
|
||
``VHOST_USER_SET_VRING_KICK``
|
||
:id: 12
|
||
:equivalent ioctl: ``VHOST_SET_VRING_KICK``
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Set the event file descriptor for adding buffers to the vring. It is
|
||
passed in the ancillary data.
|
||
|
||
Bits (0-7) of the payload contain the vring index. Bit 8 is the
|
||
invalid FD flag. This flag is set when there is no file descriptor
|
||
in the ancillary data. This signals that polling should be used
|
||
instead of waiting for the kick. Note that if the protocol feature
|
||
``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS`` has been negotiated
|
||
this message isn't necessary as the ring is also started on the
|
||
``VHOST_USER_VRING_KICK`` message, it may however still be used to
|
||
set an event file descriptor (which will be preferred over the
|
||
message) or to enable polling.
|
||
|
||
``VHOST_USER_SET_VRING_CALL``
|
||
:id: 13
|
||
:equivalent ioctl: ``VHOST_SET_VRING_CALL``
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Set the event file descriptor to signal when buffers are used. It is
|
||
passed in the ancillary data.
|
||
|
||
Bits (0-7) of the payload contain the vring index. Bit 8 is the
|
||
invalid FD flag. This flag is set when there is no file descriptor
|
||
in the ancillary data. This signals that polling will be used
|
||
instead of waiting for the call. Note that if the protocol features
|
||
``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS`` and
|
||
``VHOST_USER_PROTOCOL_F_BACKEND_REQ`` have been negotiated this message
|
||
isn't necessary as the ``VHOST_USER_BACKEND_VRING_CALL`` message can be
|
||
used, it may however still be used to set an event file descriptor
|
||
or to enable polling.
|
||
|
||
``VHOST_USER_SET_VRING_ERR``
|
||
:id: 14
|
||
:equivalent ioctl: ``VHOST_SET_VRING_ERR``
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Set the event file descriptor to signal when error occurs. It is
|
||
passed in the ancillary data.
|
||
|
||
Bits (0-7) of the payload contain the vring index. Bit 8 is the
|
||
invalid FD flag. This flag is set when there is no file descriptor
|
||
in the ancillary data. Note that if the protocol features
|
||
``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS`` and
|
||
``VHOST_USER_PROTOCOL_F_BACKEND_REQ`` have been negotiated this message
|
||
isn't necessary as the ``VHOST_USER_BACKEND_VRING_ERR`` message can be
|
||
used, it may however still be used to set an event file descriptor
|
||
(which will be preferred over the message).
|
||
|
||
``VHOST_USER_GET_QUEUE_NUM``
|
||
:id: 17
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: u64
|
||
|
||
Query how many queues the back-end supports.
|
||
|
||
This request should be sent only when ``VHOST_USER_PROTOCOL_F_MQ``
|
||
is set in queried protocol features by
|
||
``VHOST_USER_GET_PROTOCOL_FEATURES``.
|
||
|
||
``VHOST_USER_SET_VRING_ENABLE``
|
||
:id: 18
|
||
:equivalent ioctl: N/A
|
||
:request payload: vring state description
|
||
:reply payload: N/A
|
||
|
||
Signal the back-end to enable or disable corresponding vring.
|
||
|
||
This request should be sent only when
|
||
``VHOST_USER_F_PROTOCOL_FEATURES`` has been negotiated.
|
||
|
||
``VHOST_USER_SEND_RARP``
|
||
:id: 19
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Ask vhost user back-end to broadcast a fake RARP to notify the migration
|
||
is terminated for guest that does not support GUEST_ANNOUNCE.
|
||
|
||
Only legal if feature bit ``VHOST_USER_F_PROTOCOL_FEATURES`` is
|
||
present in ``VHOST_USER_GET_FEATURES`` and protocol feature bit
|
||
``VHOST_USER_PROTOCOL_F_RARP`` is present in
|
||
``VHOST_USER_GET_PROTOCOL_FEATURES``. The first 6 bytes of the
|
||
payload contain the mac address of the guest to allow the vhost user
|
||
back-end to construct and broadcast the fake RARP.
|
||
|
||
``VHOST_USER_NET_SET_MTU``
|
||
:id: 20
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Set host MTU value exposed to the guest.
|
||
|
||
This request should be sent only when ``VIRTIO_NET_F_MTU`` feature
|
||
has been successfully negotiated, ``VHOST_USER_F_PROTOCOL_FEATURES``
|
||
is present in ``VHOST_USER_GET_FEATURES`` and protocol feature bit
|
||
``VHOST_USER_PROTOCOL_F_NET_MTU`` is present in
|
||
``VHOST_USER_GET_PROTOCOL_FEATURES``.
|
||
|
||
If ``VHOST_USER_PROTOCOL_F_REPLY_ACK`` is negotiated, the back-end must
|
||
respond with zero in case the specified MTU is valid, or non-zero
|
||
otherwise.
|
||
|
||
``VHOST_USER_SET_BACKEND_REQ_FD`` (previous name ``VHOST_USER_SET_SLAVE_REQ_FD``)
|
||
:id: 21
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
Set the socket file descriptor for back-end initiated requests. It is passed
|
||
in the ancillary data.
|
||
|
||
This request should be sent only when
|
||
``VHOST_USER_F_PROTOCOL_FEATURES`` has been negotiated, and protocol
|
||
feature bit ``VHOST_USER_PROTOCOL_F_BACKEND_REQ`` bit is present in
|
||
``VHOST_USER_GET_PROTOCOL_FEATURES``. If
|
||
``VHOST_USER_PROTOCOL_F_REPLY_ACK`` is negotiated, the back-end must
|
||
respond with zero for success, non-zero otherwise.
|
||
|
||
``VHOST_USER_IOTLB_MSG``
|
||
:id: 22
|
||
:equivalent ioctl: N/A (equivalent to ``VHOST_IOTLB_MSG`` message type)
|
||
:request payload: ``struct vhost_iotlb_msg``
|
||
:reply payload: ``u64``
|
||
|
||
Send IOTLB messages with ``struct vhost_iotlb_msg`` as payload.
|
||
|
||
The front-end sends such requests to update and invalidate entries in the
|
||
device IOTLB. The back-end has to acknowledge the request with sending
|
||
zero as ``u64`` payload for success, non-zero otherwise.
|
||
|
||
This request should be send only when ``VIRTIO_F_IOMMU_PLATFORM``
|
||
feature has been successfully negotiated.
|
||
|
||
``VHOST_USER_SET_VRING_ENDIAN``
|
||
:id: 23
|
||
:equivalent ioctl: ``VHOST_SET_VRING_ENDIAN``
|
||
:request payload: vring state description
|
||
:reply payload: N/A
|
||
|
||
Set the endianness of a VQ for legacy devices. Little-endian is
|
||
indicated with state.num set to 0 and big-endian is indicated with
|
||
state.num set to 1. Other values are invalid.
|
||
|
||
This request should be sent only when
|
||
``VHOST_USER_PROTOCOL_F_CROSS_ENDIAN`` has been negotiated.
|
||
Backends that negotiated this feature should handle both
|
||
endiannesses and expect this message once (per VQ) during device
|
||
configuration (ie. before the front-end starts the VQ).
|
||
|
||
``VHOST_USER_GET_CONFIG``
|
||
:id: 24
|
||
:equivalent ioctl: N/A
|
||
:request payload: virtio device config space
|
||
:reply payload: virtio device config space
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_CONFIG`` is negotiated, this message is
|
||
submitted by the vhost-user front-end to fetch the contents of the
|
||
virtio device configuration space, vhost-user back-end's payload size
|
||
MUST match the front-end's request, vhost-user back-end uses zero length of
|
||
payload to indicate an error to the vhost-user front-end. The vhost-user
|
||
front-end may cache the contents to avoid repeated
|
||
``VHOST_USER_GET_CONFIG`` calls.
|
||
|
||
``VHOST_USER_SET_CONFIG``
|
||
:id: 25
|
||
:equivalent ioctl: N/A
|
||
:request payload: virtio device config space
|
||
:reply payload: N/A
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_CONFIG`` is negotiated, this message is
|
||
submitted by the vhost-user front-end when the Guest changes the virtio
|
||
device configuration space and also can be used for live migration
|
||
on the destination host. The vhost-user back-end must check the flags
|
||
field, and back-ends MUST NOT accept SET_CONFIG for read-only
|
||
configuration space fields unless the live migration bit is set.
|
||
|
||
``VHOST_USER_CREATE_CRYPTO_SESSION``
|
||
:id: 26
|
||
:equivalent ioctl: N/A
|
||
:request payload: crypto session description
|
||
:reply payload: crypto session description
|
||
|
||
Create a session for crypto operation. The back-end must return
|
||
the session id, 0 or positive for success, negative for failure.
|
||
This request should be sent only when
|
||
``VHOST_USER_PROTOCOL_F_CRYPTO_SESSION`` feature has been
|
||
successfully negotiated. It's a required feature for crypto
|
||
devices.
|
||
|
||
``VHOST_USER_CLOSE_CRYPTO_SESSION``
|
||
:id: 27
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
Close a session for crypto operation which was previously
|
||
created by ``VHOST_USER_CREATE_CRYPTO_SESSION``.
|
||
|
||
This request should be sent only when
|
||
``VHOST_USER_PROTOCOL_F_CRYPTO_SESSION`` feature has been
|
||
successfully negotiated. It's a required feature for crypto
|
||
devices.
|
||
|
||
``VHOST_USER_POSTCOPY_ADVISE``
|
||
:id: 28
|
||
:request payload: N/A
|
||
:reply payload: userfault fd
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_PAGEFAULT`` is supported, the front-end
|
||
advises back-end that a migration with postcopy enabled is underway,
|
||
the back-end must open a userfaultfd for later use. Note that at this
|
||
stage the migration is still in precopy mode.
|
||
|
||
``VHOST_USER_POSTCOPY_LISTEN``
|
||
:id: 29
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
The front-end advises back-end that a transition to postcopy mode has
|
||
happened. The back-end must ensure that shared memory is registered
|
||
with userfaultfd to cause faulting of non-present pages.
|
||
|
||
This is always sent sometime after a ``VHOST_USER_POSTCOPY_ADVISE``,
|
||
and thus only when ``VHOST_USER_PROTOCOL_F_PAGEFAULT`` is supported.
|
||
|
||
``VHOST_USER_POSTCOPY_END``
|
||
:id: 30
|
||
:request payload: N/A
|
||
:reply payload: ``u64``
|
||
|
||
The front-end advises that postcopy migration has now completed. The back-end
|
||
must disable the userfaultfd. The reply is an acknowledgement
|
||
only.
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_PAGEFAULT`` is supported, this message
|
||
is sent at the end of the migration, after
|
||
``VHOST_USER_POSTCOPY_LISTEN`` was previously sent.
|
||
|
||
The value returned is an error indication; 0 is success.
|
||
|
||
``VHOST_USER_GET_INFLIGHT_FD``
|
||
:id: 31
|
||
:equivalent ioctl: N/A
|
||
:request payload: inflight description
|
||
:reply payload: N/A
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD`` protocol feature has
|
||
been successfully negotiated, this message is submitted by the front-end to
|
||
get a shared buffer from back-end. The shared buffer will be used to
|
||
track inflight I/O by back-end. QEMU should retrieve a new one when vm
|
||
reset.
|
||
|
||
``VHOST_USER_SET_INFLIGHT_FD``
|
||
:id: 32
|
||
:equivalent ioctl: N/A
|
||
:request payload: inflight description
|
||
:reply payload: N/A
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD`` protocol feature has
|
||
been successfully negotiated, this message is submitted by the front-end to
|
||
send the shared inflight buffer back to the back-end so that the back-end
|
||
could get inflight I/O after a crash or restart.
|
||
|
||
``VHOST_USER_GPU_SET_SOCKET``
|
||
:id: 33
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
Sets the GPU protocol socket file descriptor, which is passed as
|
||
ancillary data. The GPU protocol is used to inform the front-end of
|
||
rendering state and updates. See vhost-user-gpu.rst for details.
|
||
|
||
``VHOST_USER_RESET_DEVICE``
|
||
:id: 34
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
Ask the vhost user back-end to disable all rings and reset all
|
||
internal device state to the initial state, ready to be
|
||
reinitialized. The back-end retains ownership of the device
|
||
throughout the reset operation.
|
||
|
||
Only valid if the ``VHOST_USER_PROTOCOL_F_RESET_DEVICE`` protocol
|
||
feature is set by the back-end.
|
||
|
||
``VHOST_USER_VRING_KICK``
|
||
:id: 35
|
||
:equivalent ioctl: N/A
|
||
:request payload: vring state description
|
||
:reply payload: N/A
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS`` protocol
|
||
feature has been successfully negotiated, this message may be
|
||
submitted by the front-end to indicate that a buffer was added to
|
||
the vring instead of signalling it using the vring's kick file
|
||
descriptor or having the back-end rely on polling.
|
||
|
||
The state.num field is currently reserved and must be set to 0.
|
||
|
||
``VHOST_USER_GET_MAX_MEM_SLOTS``
|
||
:id: 36
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: u64
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS`` protocol
|
||
feature has been successfully negotiated, this message is submitted
|
||
by the front-end to the back-end. The back-end should return the message with a
|
||
u64 payload containing the maximum number of memory slots for
|
||
QEMU to expose to the guest. The value returned by the back-end
|
||
will be capped at the maximum number of ram slots which can be
|
||
supported by the target platform.
|
||
|
||
``VHOST_USER_ADD_MEM_REG``
|
||
:id: 37
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: single memory region description
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS`` protocol
|
||
feature has been successfully negotiated, this message is submitted
|
||
by the front-end to the back-end. The message payload contains a memory
|
||
region descriptor struct, describing a region of guest memory which
|
||
the back-end device must map in. When the
|
||
``VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS`` protocol feature has
|
||
been successfully negotiated, along with the
|
||
``VHOST_USER_REM_MEM_REG`` message, this message is used to set and
|
||
update the memory tables of the back-end device.
|
||
|
||
Exactly one file descriptor from which the memory is mapped is
|
||
passed in the ancillary data.
|
||
|
||
In postcopy mode (see ``VHOST_USER_POSTCOPY_LISTEN``), the back-end
|
||
replies with the bases of the memory mapped region to the front-end.
|
||
For further details on postcopy, see ``VHOST_USER_SET_MEM_TABLE``.
|
||
They apply to ``VHOST_USER_ADD_MEM_REG`` accordingly.
|
||
|
||
``VHOST_USER_REM_MEM_REG``
|
||
:id: 38
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: single memory region description
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS`` protocol
|
||
feature has been successfully negotiated, this message is submitted
|
||
by the front-end to the back-end. The message payload contains a memory
|
||
region descriptor struct, describing a region of guest memory which
|
||
the back-end device must unmap. When the
|
||
``VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS`` protocol feature has
|
||
been successfully negotiated, along with the
|
||
``VHOST_USER_ADD_MEM_REG`` message, this message is used to set and
|
||
update the memory tables of the back-end device.
|
||
|
||
The memory region to be removed is identified by its guest address,
|
||
user address and size. The mmap offset is ignored.
|
||
|
||
No file descriptors SHOULD be passed in the ancillary data. For
|
||
compatibility with existing incorrect implementations, the back-end MAY
|
||
accept messages with one file descriptor. If a file descriptor is
|
||
passed, the back-end MUST close it without using it otherwise.
|
||
|
||
``VHOST_USER_SET_STATUS``
|
||
:id: 39
|
||
:equivalent ioctl: VHOST_VDPA_SET_STATUS
|
||
:request payload: ``u64``
|
||
:reply payload: N/A
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_STATUS`` protocol feature has been
|
||
successfully negotiated, this message is submitted by the front-end to
|
||
notify the back-end with updated device status as defined in the Virtio
|
||
specification.
|
||
|
||
``VHOST_USER_GET_STATUS``
|
||
:id: 40
|
||
:equivalent ioctl: VHOST_VDPA_GET_STATUS
|
||
:request payload: N/A
|
||
:reply payload: ``u64``
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_STATUS`` protocol feature has been
|
||
successfully negotiated, this message is submitted by the front-end to
|
||
query the back-end for its device status as defined in the Virtio
|
||
specification.
|
||
|
||
``VHOST_USER_GET_SHARED_OBJECT``
|
||
:id: 41
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``struct VhostUserShared``
|
||
:reply payload: dmabuf fd
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_SHARED_OBJECT`` protocol
|
||
feature has been successfully negotiated, and the UUID is found
|
||
in the exporters cache, this message is submitted by the front-end
|
||
to retrieve a given dma-buf fd from a given back-end, determined by
|
||
the requested UUID. Back-end will reply passing the fd when the operation
|
||
is successful, or no fd otherwise.
|
||
|
||
``VHOST_USER_SET_DEVICE_STATE_FD``
|
||
:id: 42
|
||
:equivalent ioctl: N/A
|
||
:request payload: device state transfer parameters
|
||
:reply payload: ``u64``
|
||
|
||
Front-end and back-end negotiate a channel over which to transfer the
|
||
back-end’s internal state during migration. Either side (front-end or
|
||
back-end) may create the channel. The nature of this channel is not
|
||
restricted or defined in this document, but whichever side creates it
|
||
must create a file descriptor that is provided to the respectively
|
||
other side, allowing access to the channel. This FD must behave as
|
||
follows:
|
||
|
||
* For the writing end, it must allow writing the whole back-end state
|
||
sequentially. Closing the file descriptor signals the end of
|
||
transfer.
|
||
|
||
* For the reading end, it must allow reading the whole back-end state
|
||
sequentially. The end of file signals the end of the transfer.
|
||
|
||
For example, the channel may be a pipe, in which case the two ends of
|
||
the pipe fulfill these requirements respectively.
|
||
|
||
Initially, the front-end creates a channel along with such an FD. It
|
||
passes the FD to the back-end as ancillary data of a
|
||
``VHOST_USER_SET_DEVICE_STATE_FD`` message. The back-end may create a
|
||
different transfer channel, passing the respective FD back to the
|
||
front-end as ancillary data of the reply. If so, the front-end must
|
||
then discard its channel and use the one provided by the back-end.
|
||
|
||
Whether the back-end should decide to use its own channel is decided
|
||
based on efficiency: If the channel is a pipe, both ends will most
|
||
likely need to copy data into and out of it. Any channel that allows
|
||
for more efficient processing on at least one end, e.g. through
|
||
zero-copy, is considered more efficient and thus preferred. If the
|
||
back-end can provide such a channel, it should decide to use it.
|
||
|
||
The request payload contains parameters for the subsequent data
|
||
transfer, as described in the :ref:`Migrating back-end state
|
||
<migrating_backend_state>` section.
|
||
|
||
The value returned is both an indication for success, and whether a
|
||
file descriptor for a back-end-provided channel is returned: Bits 0–7
|
||
are 0 on success, and non-zero on error. Bit 8 is the invalid FD
|
||
flag; this flag is set when there is no file descriptor returned.
|
||
When this flag is not set, the front-end must use the returned file
|
||
descriptor as its end of the transfer channel. The back-end must not
|
||
both indicate an error and return a file descriptor.
|
||
|
||
Using this function requires prior negotiation of the
|
||
``VHOST_USER_PROTOCOL_F_DEVICE_STATE`` feature.
|
||
|
||
``VHOST_USER_CHECK_DEVICE_STATE``
|
||
:id: 43
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: ``u64``
|
||
|
||
After transferring the back-end’s internal state during migration (see
|
||
the :ref:`Migrating back-end state <migrating_backend_state>`
|
||
section), check whether the back-end was able to successfully fully
|
||
process the state.
|
||
|
||
The value returned indicates success or error; 0 is success, any
|
||
non-zero value is an error.
|
||
|
||
Using this function requires prior negotiation of the
|
||
``VHOST_USER_PROTOCOL_F_DEVICE_STATE`` feature.
|
||
|
||
Back-end message types
|
||
----------------------
|
||
|
||
For this type of message, the request is sent by the back-end and the reply
|
||
is sent by the front-end.
|
||
|
||
``VHOST_USER_BACKEND_IOTLB_MSG`` (previous name ``VHOST_USER_SLAVE_IOTLB_MSG``)
|
||
:id: 1
|
||
:equivalent ioctl: N/A (equivalent to ``VHOST_IOTLB_MSG`` message type)
|
||
:request payload: ``struct vhost_iotlb_msg``
|
||
:reply payload: N/A
|
||
|
||
Send IOTLB messages with ``struct vhost_iotlb_msg`` as payload.
|
||
The back-end sends such requests to notify of an IOTLB miss, or an IOTLB
|
||
access failure. If ``VHOST_USER_PROTOCOL_F_REPLY_ACK`` is
|
||
negotiated, and back-end set the ``VHOST_USER_NEED_REPLY`` flag, the front-end
|
||
must respond with zero when operation is successfully completed, or
|
||
non-zero otherwise. This request should be send only when
|
||
``VIRTIO_F_IOMMU_PLATFORM`` feature has been successfully
|
||
negotiated.
|
||
|
||
``VHOST_USER_BACKEND_CONFIG_CHANGE_MSG`` (previous name ``VHOST_USER_SLAVE_CONFIG_CHANGE_MSG``)
|
||
:id: 2
|
||
:equivalent ioctl: N/A
|
||
:request payload: N/A
|
||
:reply payload: N/A
|
||
|
||
When ``VHOST_USER_PROTOCOL_F_CONFIG`` is negotiated, vhost-user
|
||
back-end sends such messages to notify that the virtio device's
|
||
configuration space has changed, for those host devices which can
|
||
support such feature, host driver can send ``VHOST_USER_GET_CONFIG``
|
||
message to the back-end to get the latest content. If
|
||
``VHOST_USER_PROTOCOL_F_REPLY_ACK`` is negotiated, and the back-end sets the
|
||
``VHOST_USER_NEED_REPLY`` flag, the front-end must respond with zero when
|
||
operation is successfully completed, or non-zero otherwise.
|
||
|
||
``VHOST_USER_BACKEND_VRING_HOST_NOTIFIER_MSG`` (previous name ``VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG``)
|
||
:id: 3
|
||
:equivalent ioctl: N/A
|
||
:request payload: vring area description
|
||
:reply payload: N/A
|
||
|
||
Sets host notifier for a specified queue. The queue index is
|
||
contained in the ``u64`` field of the vring area description. The
|
||
host notifier is described by the file descriptor (typically it's a
|
||
VFIO device fd) which is passed as ancillary data and the size
|
||
(which is mmap size and should be the same as host page size) and
|
||
offset (which is mmap offset) carried in the vring area
|
||
description. QEMU can mmap the file descriptor based on the size and
|
||
offset to get a memory range. Registering a host notifier means
|
||
mapping this memory range to the VM as the specified queue's notify
|
||
MMIO region. The back-end sends this request to tell QEMU to de-register
|
||
the existing notifier if any and register the new notifier if the
|
||
request is sent with a file descriptor.
|
||
|
||
This request should be sent only when
|
||
``VHOST_USER_PROTOCOL_F_HOST_NOTIFIER`` protocol feature has been
|
||
successfully negotiated.
|
||
|
||
``VHOST_USER_BACKEND_VRING_CALL`` (previous name ``VHOST_USER_SLAVE_VRING_CALL``)
|
||
:id: 4
|
||
:equivalent ioctl: N/A
|
||
:request payload: vring state description
|
||
:reply payload: N/A
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS`` protocol
|
||
feature has been successfully negotiated, this message may be
|
||
submitted by the back-end to indicate that a buffer was used from
|
||
the vring instead of signalling this using the vring's call file
|
||
descriptor or having the front-end relying on polling.
|
||
|
||
The state.num field is currently reserved and must be set to 0.
|
||
|
||
``VHOST_USER_BACKEND_VRING_ERR`` (previous name ``VHOST_USER_SLAVE_VRING_ERR``)
|
||
:id: 5
|
||
:equivalent ioctl: N/A
|
||
:request payload: vring state description
|
||
:reply payload: N/A
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS`` protocol
|
||
feature has been successfully negotiated, this message may be
|
||
submitted by the back-end to indicate that an error occurred on the
|
||
specific vring, instead of signalling the error file descriptor
|
||
set by the front-end via ``VHOST_USER_SET_VRING_ERR``.
|
||
|
||
The state.num field is currently reserved and must be set to 0.
|
||
|
||
``VHOST_USER_BACKEND_SHARED_OBJECT_ADD``
|
||
:id: 6
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``struct VhostUserShared``
|
||
:reply payload: N/A
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_SHARED_OBJECT`` protocol
|
||
feature has been successfully negotiated, this message can be submitted
|
||
by the backends to add themselves as exporters to the virtio shared lookup
|
||
table. The back-end device gets associated with a UUID in the shared table.
|
||
The back-end is responsible of keeping its own table with exported dma-buf fds.
|
||
When another back-end tries to import the resource associated with the UUID,
|
||
it will send a message to the front-end, which will act as a proxy to the
|
||
exporter back-end. If ``VHOST_USER_PROTOCOL_F_REPLY_ACK`` is negotiated, and
|
||
the back-end sets the ``VHOST_USER_NEED_REPLY`` flag, the front-end must
|
||
respond with zero when operation is successfully completed, or non-zero
|
||
otherwise.
|
||
|
||
``VHOST_USER_BACKEND_SHARED_OBJECT_REMOVE``
|
||
:id: 7
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``struct VhostUserShared``
|
||
:reply payload: N/A
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_SHARED_OBJECT`` protocol
|
||
feature has been successfully negotiated, this message can be submitted
|
||
by the backend to remove themselves from to the virtio-dmabuf shared
|
||
table API. Only the back-end owning the entry (i.e., the one that first added
|
||
it) will have permission to remove it. Otherwise, the message is ignored.
|
||
The shared table will remove the back-end device associated with
|
||
the UUID. If ``VHOST_USER_PROTOCOL_F_REPLY_ACK`` is negotiated, and the
|
||
back-end sets the ``VHOST_USER_NEED_REPLY`` flag, the front-end must respond
|
||
with zero when operation is successfully completed, or non-zero otherwise.
|
||
|
||
``VHOST_USER_BACKEND_SHARED_OBJECT_LOOKUP``
|
||
:id: 8
|
||
:equivalent ioctl: N/A
|
||
:request payload: ``struct VhostUserShared``
|
||
:reply payload: dmabuf fd and ``u64``
|
||
|
||
When the ``VHOST_USER_PROTOCOL_F_SHARED_OBJECT`` protocol
|
||
feature has been successfully negotiated, this message can be submitted
|
||
by the backends to retrieve a given dma-buf fd from the virtio-dmabuf
|
||
shared table given a UUID. Frontend will reply passing the fd and a zero
|
||
when the operation is successful, or non-zero otherwise. Note that if the
|
||
operation fails, no fd is sent to the backend.
|
||
|
||
.. _reply_ack:
|
||
|
||
VHOST_USER_PROTOCOL_F_REPLY_ACK
|
||
-------------------------------
|
||
|
||
The original vhost-user specification only demands replies for certain
|
||
commands. This differs from the vhost protocol implementation where
|
||
commands are sent over an ``ioctl()`` call and block until the back-end
|
||
has completed.
|
||
|
||
With this protocol extension negotiated, the sender (QEMU) can set the
|
||
``need_reply`` [Bit 3] flag to any command. This indicates that the
|
||
back-end MUST respond with a Payload ``VhostUserMsg`` indicating success
|
||
or failure. The payload should be set to zero on success or non-zero
|
||
on failure, unless the message already has an explicit reply body.
|
||
|
||
The reply payload gives QEMU a deterministic indication of the result
|
||
of the command. Today, QEMU is expected to terminate the main vhost-user
|
||
loop upon receiving such errors. In future, qemu could be taught to be more
|
||
resilient for selective requests.
|
||
|
||
For the message types that already solicit a reply from the back-end,
|
||
the presence of ``VHOST_USER_PROTOCOL_F_REPLY_ACK`` or need_reply bit
|
||
being set brings no behavioural change. (See the Communication_
|
||
section for details.)
|
||
|
||
.. _backend_conventions:
|
||
|
||
Backend program conventions
|
||
===========================
|
||
|
||
vhost-user back-ends can provide various devices & services and may
|
||
need to be configured manually depending on the use case. However, it
|
||
is a good idea to follow the conventions listed here when
|
||
possible. Users, QEMU or libvirt, can then rely on some common
|
||
behaviour to avoid heterogeneous configuration and management of the
|
||
back-end programs and facilitate interoperability.
|
||
|
||
Each back-end installed on a host system should come with at least one
|
||
JSON file that conforms to the vhost-user.json schema. Each file
|
||
informs the management applications about the back-end type, and binary
|
||
location. In addition, it defines rules for management apps for
|
||
picking the highest priority back-end when multiple match the search
|
||
criteria (see ``@VhostUserBackend`` documentation in the schema file).
|
||
|
||
If the back-end is not capable of enabling a requested feature on the
|
||
host (such as 3D acceleration with virgl), or the initialization
|
||
failed, the back-end should fail to start early and exit with a status
|
||
!= 0. It may also print a message to stderr for further details.
|
||
|
||
The back-end program must not daemonize itself, but it may be
|
||
daemonized by the management layer. It may also have a restricted
|
||
access to the system.
|
||
|
||
File descriptors 0, 1 and 2 will exist, and have regular
|
||
stdin/stdout/stderr usage (they may have been redirected to /dev/null
|
||
by the management layer, or to a log handler).
|
||
|
||
The back-end program must end (as quickly and cleanly as possible) when
|
||
the SIGTERM signal is received. Eventually, it may receive SIGKILL by
|
||
the management layer after a few seconds.
|
||
|
||
The following command line options have an expected behaviour. They
|
||
are mandatory, unless explicitly said differently:
|
||
|
||
--socket-path=PATH
|
||
|
||
This option specify the location of the vhost-user Unix domain socket.
|
||
It is incompatible with --fd.
|
||
|
||
--fd=FDNUM
|
||
|
||
When this argument is given, the back-end program is started with the
|
||
vhost-user socket as file descriptor FDNUM. It is incompatible with
|
||
--socket-path.
|
||
|
||
--print-capabilities
|
||
|
||
Output to stdout the back-end capabilities in JSON format, and then
|
||
exit successfully. Other options and arguments should be ignored, and
|
||
the back-end program should not perform its normal function. The
|
||
capabilities can be reported dynamically depending on the host
|
||
capabilities.
|
||
|
||
The JSON output is described in the ``vhost-user.json`` schema, by
|
||
```@VHostUserBackendCapabilities``. Example:
|
||
|
||
.. code:: json
|
||
|
||
{
|
||
"type": "foo",
|
||
"features": [
|
||
"feature-a",
|
||
"feature-b"
|
||
]
|
||
}
|
||
|
||
vhost-user-input
|
||
----------------
|
||
|
||
Command line options:
|
||
|
||
--evdev-path=PATH
|
||
|
||
Specify the linux input device.
|
||
|
||
(optional)
|
||
|
||
--no-grab
|
||
|
||
Do no request exclusive access to the input device.
|
||
|
||
(optional)
|
||
|
||
vhost-user-gpu
|
||
--------------
|
||
|
||
Command line options:
|
||
|
||
--render-node=PATH
|
||
|
||
Specify the GPU DRM render node.
|
||
|
||
(optional)
|
||
|
||
--virgl
|
||
|
||
Enable virgl rendering support.
|
||
|
||
(optional)
|
||
|
||
vhost-user-blk
|
||
--------------
|
||
|
||
Command line options:
|
||
|
||
--blk-file=PATH
|
||
|
||
Specify block device or file path.
|
||
|
||
(optional)
|
||
|
||
--read-only
|
||
|
||
Enable read-only.
|
||
|
||
(optional)
|