vhost-user-blk-server.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
vhost-user-blk-server.c (15926B)
      1/*
      2 * Sharing QEMU block devices via vhost-user protocal
      3 *
      4 * Parts of the code based on nbd/server.c.
      5 *
      6 * Copyright (c) Coiby Xu <coiby.xu@gmail.com>.
      7 * Copyright (c) 2020 Red Hat, Inc.
      8 *
      9 * This work is licensed under the terms of the GNU GPL, version 2 or
     10 * later.  See the COPYING file in the top-level directory.
     11 */
     12#include "qemu/osdep.h"
     13#include "block/block.h"
     14#include "subprojects/libvhost-user/libvhost-user.h" /* only for the type definitions */
     15#include "standard-headers/linux/virtio_blk.h"
     16#include "qemu/vhost-user-server.h"
     17#include "vhost-user-blk-server.h"
     18#include "qapi/error.h"
     19#include "qom/object_interfaces.h"
     20#include "sysemu/block-backend.h"
     21#include "util/block-helpers.h"
     22
     23/*
     24 * Sector units are 512 bytes regardless of the
     25 * virtio_blk_config->blk_size value.
     26 */
     27#define VIRTIO_BLK_SECTOR_BITS 9
     28#define VIRTIO_BLK_SECTOR_SIZE (1ull << VIRTIO_BLK_SECTOR_BITS)
     29
     30enum {
     31    VHOST_USER_BLK_NUM_QUEUES_DEFAULT = 1,
     32    VHOST_USER_BLK_MAX_DISCARD_SECTORS = 32768,
     33    VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS = 32768,
     34};
     35struct virtio_blk_inhdr {
     36    unsigned char status;
     37};
     38
     39typedef struct VuBlkReq {
     40    VuVirtqElement elem;
     41    int64_t sector_num;
     42    size_t size;
     43    struct virtio_blk_inhdr *in;
     44    struct virtio_blk_outhdr out;
     45    VuServer *server;
     46    struct VuVirtq *vq;
     47} VuBlkReq;
     48
     49/* vhost user block device */
     50typedef struct {
     51    BlockExport export;
     52    VuServer vu_server;
     53    uint32_t blk_size;
     54    QIOChannelSocket *sioc;
     55    struct virtio_blk_config blkcfg;
     56    bool writable;
     57} VuBlkExport;
     58
     59static void vu_blk_req_complete(VuBlkReq *req)
     60{
     61    VuDev *vu_dev = &req->server->vu_dev;
     62
     63    /* IO size with 1 extra status byte */
     64    vu_queue_push(vu_dev, req->vq, &req->elem, req->size + 1);
     65    vu_queue_notify(vu_dev, req->vq);
     66
     67    free(req);
     68}
     69
     70static bool vu_blk_sect_range_ok(VuBlkExport *vexp, uint64_t sector,
     71                                 size_t size)
     72{
     73    uint64_t nb_sectors;
     74    uint64_t total_sectors;
     75
     76    if (size % VIRTIO_BLK_SECTOR_SIZE) {
     77        return false;
     78    }
     79
     80    nb_sectors = size >> VIRTIO_BLK_SECTOR_BITS;
     81
     82    QEMU_BUILD_BUG_ON(BDRV_SECTOR_SIZE != VIRTIO_BLK_SECTOR_SIZE);
     83    if (nb_sectors > BDRV_REQUEST_MAX_SECTORS) {
     84        return false;
     85    }
     86    if ((sector << VIRTIO_BLK_SECTOR_BITS) % vexp->blk_size) {
     87        return false;
     88    }
     89    blk_get_geometry(vexp->export.blk, &total_sectors);
     90    if (sector > total_sectors || nb_sectors > total_sectors - sector) {
     91        return false;
     92    }
     93    return true;
     94}
     95
     96static int coroutine_fn
     97vu_blk_discard_write_zeroes(VuBlkExport *vexp, struct iovec *iov,
     98                            uint32_t iovcnt, uint32_t type)
     99{
    100    BlockBackend *blk = vexp->export.blk;
    101    struct virtio_blk_discard_write_zeroes desc;
    102    ssize_t size;
    103    uint64_t sector;
    104    uint32_t num_sectors;
    105    uint32_t max_sectors;
    106    uint32_t flags;
    107    int bytes;
    108
    109    /* Only one desc is currently supported */
    110    if (unlikely(iov_size(iov, iovcnt) > sizeof(desc))) {
    111        return VIRTIO_BLK_S_UNSUPP;
    112    }
    113
    114    size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc));
    115    if (unlikely(size != sizeof(desc))) {
    116        error_report("Invalid size %zd, expected %zu", size, sizeof(desc));
    117        return VIRTIO_BLK_S_IOERR;
    118    }
    119
    120    sector = le64_to_cpu(desc.sector);
    121    num_sectors = le32_to_cpu(desc.num_sectors);
    122    flags = le32_to_cpu(desc.flags);
    123    max_sectors = (type == VIRTIO_BLK_T_WRITE_ZEROES) ?
    124                  VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS :
    125                  VHOST_USER_BLK_MAX_DISCARD_SECTORS;
    126
    127    /* This check ensures that 'bytes' fits in an int */
    128    if (unlikely(num_sectors > max_sectors)) {
    129        return VIRTIO_BLK_S_IOERR;
    130    }
    131
    132    bytes = num_sectors << VIRTIO_BLK_SECTOR_BITS;
    133
    134    if (unlikely(!vu_blk_sect_range_ok(vexp, sector, bytes))) {
    135        return VIRTIO_BLK_S_IOERR;
    136    }
    137
    138    /*
    139     * The device MUST set the status byte to VIRTIO_BLK_S_UNSUPP for discard
    140     * and write zeroes commands if any unknown flag is set.
    141     */
    142    if (unlikely(flags & ~VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP)) {
    143        return VIRTIO_BLK_S_UNSUPP;
    144    }
    145
    146    if (type == VIRTIO_BLK_T_WRITE_ZEROES) {
    147        int blk_flags = 0;
    148
    149        if (flags & VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP) {
    150            blk_flags |= BDRV_REQ_MAY_UNMAP;
    151        }
    152
    153        if (blk_co_pwrite_zeroes(blk, sector << VIRTIO_BLK_SECTOR_BITS,
    154                                 bytes, blk_flags) == 0) {
    155            return VIRTIO_BLK_S_OK;
    156        }
    157    } else if (type == VIRTIO_BLK_T_DISCARD) {
    158        /*
    159         * The device MUST set the status byte to VIRTIO_BLK_S_UNSUPP for
    160         * discard commands if the unmap flag is set.
    161         */
    162        if (unlikely(flags & VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP)) {
    163            return VIRTIO_BLK_S_UNSUPP;
    164        }
    165
    166        if (blk_co_pdiscard(blk, sector << VIRTIO_BLK_SECTOR_BITS,
    167                            bytes) == 0) {
    168            return VIRTIO_BLK_S_OK;
    169        }
    170    }
    171
    172    return VIRTIO_BLK_S_IOERR;
    173}
    174
    175static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
    176{
    177    VuBlkReq *req = opaque;
    178    VuServer *server = req->server;
    179    VuVirtqElement *elem = &req->elem;
    180    uint32_t type;
    181
    182    VuBlkExport *vexp = container_of(server, VuBlkExport, vu_server);
    183    BlockBackend *blk = vexp->export.blk;
    184
    185    struct iovec *in_iov = elem->in_sg;
    186    struct iovec *out_iov = elem->out_sg;
    187    unsigned in_num = elem->in_num;
    188    unsigned out_num = elem->out_num;
    189
    190    /* refer to hw/block/virtio_blk.c */
    191    if (elem->out_num < 1 || elem->in_num < 1) {
    192        error_report("virtio-blk request missing headers");
    193        goto err;
    194    }
    195
    196    if (unlikely(iov_to_buf(out_iov, out_num, 0, &req->out,
    197                            sizeof(req->out)) != sizeof(req->out))) {
    198        error_report("virtio-blk request outhdr too short");
    199        goto err;
    200    }
    201
    202    iov_discard_front(&out_iov, &out_num, sizeof(req->out));
    203
    204    if (in_iov[in_num - 1].iov_len < sizeof(struct virtio_blk_inhdr)) {
    205        error_report("virtio-blk request inhdr too short");
    206        goto err;
    207    }
    208
    209    /* We always touch the last byte, so just see how big in_iov is.  */
    210    req->in = (void *)in_iov[in_num - 1].iov_base
    211              + in_iov[in_num - 1].iov_len
    212              - sizeof(struct virtio_blk_inhdr);
    213    iov_discard_back(in_iov, &in_num, sizeof(struct virtio_blk_inhdr));
    214
    215    type = le32_to_cpu(req->out.type);
    216    switch (type & ~VIRTIO_BLK_T_BARRIER) {
    217    case VIRTIO_BLK_T_IN:
    218    case VIRTIO_BLK_T_OUT: {
    219        QEMUIOVector qiov;
    220        int64_t offset;
    221        ssize_t ret = 0;
    222        bool is_write = type & VIRTIO_BLK_T_OUT;
    223        req->sector_num = le64_to_cpu(req->out.sector);
    224
    225        if (is_write && !vexp->writable) {
    226            req->in->status = VIRTIO_BLK_S_IOERR;
    227            break;
    228        }
    229
    230        if (is_write) {
    231            qemu_iovec_init_external(&qiov, out_iov, out_num);
    232        } else {
    233            qemu_iovec_init_external(&qiov, in_iov, in_num);
    234        }
    235
    236        if (unlikely(!vu_blk_sect_range_ok(vexp,
    237                                           req->sector_num,
    238                                           qiov.size))) {
    239            req->in->status = VIRTIO_BLK_S_IOERR;
    240            break;
    241        }
    242
    243        offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
    244
    245        if (is_write) {
    246            ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
    247        } else {
    248            ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
    249        }
    250        if (ret >= 0) {
    251            req->in->status = VIRTIO_BLK_S_OK;
    252        } else {
    253            req->in->status = VIRTIO_BLK_S_IOERR;
    254        }
    255        break;
    256    }
    257    case VIRTIO_BLK_T_FLUSH:
    258        if (blk_co_flush(blk) == 0) {
    259            req->in->status = VIRTIO_BLK_S_OK;
    260        } else {
    261            req->in->status = VIRTIO_BLK_S_IOERR;
    262        }
    263        break;
    264    case VIRTIO_BLK_T_GET_ID: {
    265        size_t size = MIN(iov_size(&elem->in_sg[0], in_num),
    266                          VIRTIO_BLK_ID_BYTES);
    267        snprintf(elem->in_sg[0].iov_base, size, "%s", "vhost_user_blk");
    268        req->in->status = VIRTIO_BLK_S_OK;
    269        req->size = elem->in_sg[0].iov_len;
    270        break;
    271    }
    272    case VIRTIO_BLK_T_DISCARD:
    273    case VIRTIO_BLK_T_WRITE_ZEROES: {
    274        if (!vexp->writable) {
    275            req->in->status = VIRTIO_BLK_S_IOERR;
    276            break;
    277        }
    278
    279        req->in->status = vu_blk_discard_write_zeroes(vexp, out_iov, out_num,
    280                                                      type);
    281        break;
    282    }
    283    default:
    284        req->in->status = VIRTIO_BLK_S_UNSUPP;
    285        break;
    286    }
    287
    288    vu_blk_req_complete(req);
    289    return;
    290
    291err:
    292    free(req);
    293}
    294
    295static void vu_blk_process_vq(VuDev *vu_dev, int idx)
    296{
    297    VuServer *server = container_of(vu_dev, VuServer, vu_dev);
    298    VuVirtq *vq = vu_get_queue(vu_dev, idx);
    299
    300    while (1) {
    301        VuBlkReq *req;
    302
    303        req = vu_queue_pop(vu_dev, vq, sizeof(VuBlkReq));
    304        if (!req) {
    305            break;
    306        }
    307
    308        req->server = server;
    309        req->vq = vq;
    310
    311        Coroutine *co =
    312            qemu_coroutine_create(vu_blk_virtio_process_req, req);
    313        qemu_coroutine_enter(co);
    314    }
    315}
    316
    317static void vu_blk_queue_set_started(VuDev *vu_dev, int idx, bool started)
    318{
    319    VuVirtq *vq;
    320
    321    assert(vu_dev);
    322
    323    vq = vu_get_queue(vu_dev, idx);
    324    vu_set_queue_handler(vu_dev, vq, started ? vu_blk_process_vq : NULL);
    325}
    326
    327static uint64_t vu_blk_get_features(VuDev *dev)
    328{
    329    uint64_t features;
    330    VuServer *server = container_of(dev, VuServer, vu_dev);
    331    VuBlkExport *vexp = container_of(server, VuBlkExport, vu_server);
    332    features = 1ull << VIRTIO_BLK_F_SIZE_MAX |
    333               1ull << VIRTIO_BLK_F_SEG_MAX |
    334               1ull << VIRTIO_BLK_F_TOPOLOGY |
    335               1ull << VIRTIO_BLK_F_BLK_SIZE |
    336               1ull << VIRTIO_BLK_F_FLUSH |
    337               1ull << VIRTIO_BLK_F_DISCARD |
    338               1ull << VIRTIO_BLK_F_WRITE_ZEROES |
    339               1ull << VIRTIO_BLK_F_CONFIG_WCE |
    340               1ull << VIRTIO_BLK_F_MQ |
    341               1ull << VIRTIO_F_VERSION_1 |
    342               1ull << VIRTIO_RING_F_INDIRECT_DESC |
    343               1ull << VIRTIO_RING_F_EVENT_IDX |
    344               1ull << VHOST_USER_F_PROTOCOL_FEATURES;
    345
    346    if (!vexp->writable) {
    347        features |= 1ull << VIRTIO_BLK_F_RO;
    348    }
    349
    350    return features;
    351}
    352
    353static uint64_t vu_blk_get_protocol_features(VuDev *dev)
    354{
    355    return 1ull << VHOST_USER_PROTOCOL_F_CONFIG;
    356}
    357
    358static int
    359vu_blk_get_config(VuDev *vu_dev, uint8_t *config, uint32_t len)
    360{
    361    VuServer *server = container_of(vu_dev, VuServer, vu_dev);
    362    VuBlkExport *vexp = container_of(server, VuBlkExport, vu_server);
    363
    364    if (len > sizeof(struct virtio_blk_config)) {
    365        return -1;
    366    }
    367
    368    memcpy(config, &vexp->blkcfg, len);
    369    return 0;
    370}
    371
    372static int
    373vu_blk_set_config(VuDev *vu_dev, const uint8_t *data,
    374                    uint32_t offset, uint32_t size, uint32_t flags)
    375{
    376    VuServer *server = container_of(vu_dev, VuServer, vu_dev);
    377    VuBlkExport *vexp = container_of(server, VuBlkExport, vu_server);
    378    uint8_t wce;
    379
    380    /* don't support live migration */
    381    if (flags != VHOST_SET_CONFIG_TYPE_MASTER) {
    382        return -EINVAL;
    383    }
    384
    385    if (offset != offsetof(struct virtio_blk_config, wce) ||
    386        size != 1) {
    387        return -EINVAL;
    388    }
    389
    390    wce = *data;
    391    vexp->blkcfg.wce = wce;
    392    blk_set_enable_write_cache(vexp->export.blk, wce);
    393    return 0;
    394}
    395
    396/*
    397 * When the client disconnects, it sends a VHOST_USER_NONE request
    398 * and vu_process_message will simple call exit which cause the VM
    399 * to exit abruptly.
    400 * To avoid this issue,  process VHOST_USER_NONE request ahead
    401 * of vu_process_message.
    402 *
    403 */
    404static int vu_blk_process_msg(VuDev *dev, VhostUserMsg *vmsg, int *do_reply)
    405{
    406    if (vmsg->request == VHOST_USER_NONE) {
    407        dev->panic(dev, "disconnect");
    408        return true;
    409    }
    410    return false;
    411}
    412
    413static const VuDevIface vu_blk_iface = {
    414    .get_features          = vu_blk_get_features,
    415    .queue_set_started     = vu_blk_queue_set_started,
    416    .get_protocol_features = vu_blk_get_protocol_features,
    417    .get_config            = vu_blk_get_config,
    418    .set_config            = vu_blk_set_config,
    419    .process_msg           = vu_blk_process_msg,
    420};
    421
    422static void blk_aio_attached(AioContext *ctx, void *opaque)
    423{
    424    VuBlkExport *vexp = opaque;
    425
    426    vexp->export.ctx = ctx;
    427    vhost_user_server_attach_aio_context(&vexp->vu_server, ctx);
    428}
    429
    430static void blk_aio_detach(void *opaque)
    431{
    432    VuBlkExport *vexp = opaque;
    433
    434    vhost_user_server_detach_aio_context(&vexp->vu_server);
    435    vexp->export.ctx = NULL;
    436}
    437
    438static void
    439vu_blk_initialize_config(BlockDriverState *bs,
    440                         struct virtio_blk_config *config,
    441                         uint32_t blk_size,
    442                         uint16_t num_queues)
    443{
    444    config->capacity =
    445        cpu_to_le64(bdrv_getlength(bs) >> VIRTIO_BLK_SECTOR_BITS);
    446    config->blk_size = cpu_to_le32(blk_size);
    447    config->size_max = cpu_to_le32(0);
    448    config->seg_max = cpu_to_le32(128 - 2);
    449    config->min_io_size = cpu_to_le16(1);
    450    config->opt_io_size = cpu_to_le32(1);
    451    config->num_queues = cpu_to_le16(num_queues);
    452    config->max_discard_sectors =
    453        cpu_to_le32(VHOST_USER_BLK_MAX_DISCARD_SECTORS);
    454    config->max_discard_seg = cpu_to_le32(1);
    455    config->discard_sector_alignment =
    456        cpu_to_le32(blk_size >> VIRTIO_BLK_SECTOR_BITS);
    457    config->max_write_zeroes_sectors
    458        = cpu_to_le32(VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS);
    459    config->max_write_zeroes_seg = cpu_to_le32(1);
    460}
    461
    462static void vu_blk_exp_request_shutdown(BlockExport *exp)
    463{
    464    VuBlkExport *vexp = container_of(exp, VuBlkExport, export);
    465
    466    vhost_user_server_stop(&vexp->vu_server);
    467}
    468
    469static int vu_blk_exp_create(BlockExport *exp, BlockExportOptions *opts,
    470                             Error **errp)
    471{
    472    VuBlkExport *vexp = container_of(exp, VuBlkExport, export);
    473    BlockExportOptionsVhostUserBlk *vu_opts = &opts->u.vhost_user_blk;
    474    Error *local_err = NULL;
    475    uint64_t logical_block_size;
    476    uint16_t num_queues = VHOST_USER_BLK_NUM_QUEUES_DEFAULT;
    477
    478    vexp->writable = opts->writable;
    479    vexp->blkcfg.wce = 0;
    480
    481    if (vu_opts->has_logical_block_size) {
    482        logical_block_size = vu_opts->logical_block_size;
    483    } else {
    484        logical_block_size = VIRTIO_BLK_SECTOR_SIZE;
    485    }
    486    check_block_size(exp->id, "logical-block-size", logical_block_size,
    487                     &local_err);
    488    if (local_err) {
    489        error_propagate(errp, local_err);
    490        return -EINVAL;
    491    }
    492    vexp->blk_size = logical_block_size;
    493    blk_set_guest_block_size(exp->blk, logical_block_size);
    494
    495    if (vu_opts->has_num_queues) {
    496        num_queues = vu_opts->num_queues;
    497    }
    498    if (num_queues == 0) {
    499        error_setg(errp, "num-queues must be greater than 0");
    500        return -EINVAL;
    501    }
    502
    503    vu_blk_initialize_config(blk_bs(exp->blk), &vexp->blkcfg,
    504                             logical_block_size, num_queues);
    505
    506    blk_add_aio_context_notifier(exp->blk, blk_aio_attached, blk_aio_detach,
    507                                 vexp);
    508
    509    if (!vhost_user_server_start(&vexp->vu_server, vu_opts->addr, exp->ctx,
    510                                 num_queues, &vu_blk_iface, errp)) {
    511        blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,
    512                                        blk_aio_detach, vexp);
    513        return -EADDRNOTAVAIL;
    514    }
    515
    516    return 0;
    517}
    518
    519static void vu_blk_exp_delete(BlockExport *exp)
    520{
    521    VuBlkExport *vexp = container_of(exp, VuBlkExport, export);
    522
    523    blk_remove_aio_context_notifier(exp->blk, blk_aio_attached, blk_aio_detach,
    524                                    vexp);
    525}
    526
    527const BlockExportDriver blk_exp_vhost_user_blk = {
    528    .type               = BLOCK_EXPORT_TYPE_VHOST_USER_BLK,
    529    .instance_size      = sizeof(VuBlkExport),
    530    .create             = vu_blk_exp_create,
    531    .delete             = vu_blk_exp_delete,
    532    .request_shutdown   = vu_blk_exp_request_shutdown,
    533};