/*
* Communication channel between QEMU and remote device process
*
* Copyright © 2018, 2021 Oracle and/or its affiliates.
*
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*
*/
#include "qemu/osdep.h"
#include "qemu/module.h"
#include "hw/remote/mpqemu-link.h"
#include "qapi/error.h"
#include "qemu/iov.h"
#include "qemu/error-report.h"
#include "qemu/main-loop.h"
#include "io/channel.h"
#include "sysemu/iothread.h"
#include "trace.h"
/*
* Send message over the ioc QIOChannel.
* This function is safe to call from:
* - main loop in co-routine context. Will block the main loop if not in
* co-routine context;
* - vCPU thread with no co-routine context and if the channel is not part
* of the main loop handling;
* - IOThread within co-routine context, outside of co-routine context
* will block IOThread;
* Returns true if no errors were encountered, false otherwise.
*/
bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
{
bool iolock = qemu_mutex_iothread_locked();
bool iothread = qemu_in_iothread();
struct iovec send[2] = {};
int *fds = NULL;
size_t nfds = 0;
bool ret = false;
send[0].iov_base = msg;
send[0].iov_len = MPQEMU_MSG_HDR_SIZE;
send[1].iov_base = (void *)&msg->data;
send[1].iov_len = msg->size;
if (msg->num_fds) {
nfds = msg->num_fds;
fds = msg->fds;
}
/*
* Dont use in IOThread out of co-routine context as
* it will block IOThread.
*/
assert(qemu_in_coroutine() || !iothread);
/*
* Skip unlocking/locking iothread lock when the IOThread is running
* in co-routine context. Co-routine context is asserted above
* for IOThread case.
* Also skip lock handling while in a co-routine in the main context.
*/
if (iolock && !iothread && !qemu_in_coroutine()) {
qemu_mutex_unlock_iothread();
}
if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
fds, nfds, 0, errp)) {
ret = true;
} else {
trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
}
if (iolock && !iothread && !qemu_in_coroutine()) {
/* See above comment why skip locking here. */
qemu_mutex_lock_iothread();
}
return ret;
}
/*
* Read message from the ioc QIOChannel.
* This function is safe to call from:
* - From main loop in co-routine context. Will block the main loop if not in
* co-routine context;
* - From vCPU thread with no co-routine context and if the channel is not part
* of the main loop handling;
* - From IOThread within co-routine context, outside of co-routine context
* will block IOThread;
*/
static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
size_t *nfds, Error **errp)
{
struct iovec iov = { .iov_base = buf, .iov_len = len };
bool iolock = qemu_mutex_iothread_locked();
bool iothread = qemu_in_iothread();
int ret = -1;
/*
* Dont use in IOThread out of co-routine context as
* it will block IOThread.
*/
assert(qemu_in_coroutine() || !iothread);
if (iolock && !iothread && !qemu_in_coroutine()) {
qemu_mutex_unlock_iothread();
}
ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp);
if (iolock && !iothread && !qemu_in_coroutine()) {
qemu_mutex_lock_iothread();
}
return (ret <= 0) ? ret : iov.iov_len;
}
bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
{
ERRP_GUARD();
g_autofree int *fds = NULL;
size_t nfds = 0;
ssize_t len;
bool ret = false;
len = mpqemu_read(ioc, msg, MPQEMU_MSG_HDR_SIZE, &fds, &nfds, errp);
if (len <= 0) {
goto fail;
} else if (len != MPQEMU_MSG_HDR_SIZE) {
error_setg(errp, "Message header corrupted");
goto fail;
}
if (msg->size > sizeof(msg->data)) {
error_setg(errp, "Invalid size for message");
goto fail;
}
if (!msg->size) {
goto copy_fds;
}
len = mpqemu_read(ioc, &msg->data, msg->size, NULL, NULL, errp);
if (len <= 0) {
goto fail;
}
if (len != msg->size) {
error_setg(errp, "Unable to read full message");
goto fail;
}
copy_fds:
msg->num_fds = nfds;
if (nfds > G_N_ELEMENTS(msg->fds)) {
error_setg(errp,
"Overflow error: received %zu fds, more than max of %d fds",
nfds, REMOTE_MAX_FDS);
goto fail;
}
if (nfds) {
memcpy(msg->fds, fds, nfds * sizeof(int));
}
ret = true;
fail:
if (*errp) {
trace_mpqemu_recv_io_error(msg->cmd, msg->size, nfds);
}
while (*errp && nfds) {
close(fds[nfds - 1]);
nfds--;
}
return ret;
}
/*
* Send msg and wait for a reply with command code RET_MSG.
* Returns the message received of size u64 or UINT64_MAX
* on error.
* Called from VCPU thread in non-coroutine context.
* Used by the Proxy object to communicate to remote processes.
*/
uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
Error **errp)
{
MPQemuMsg msg_reply = {0};
uint64_t ret = UINT64_MAX;
assert(!qemu_in_coroutine());
QEMU_LOCK_GUARD(&pdev->io_mutex);
if (!mpqemu_msg_send(msg, pdev->ioc, errp)) {
return ret;
}
if (!mpqemu_msg_recv(&msg_reply, pdev->ioc, errp)) {
return ret;
}
if (!mpqemu_msg_valid(&msg_reply) || msg_reply.cmd != MPQEMU_CMD_RET) {
error_setg(errp, "ERROR: Invalid reply received for command %d",
msg->cmd);
return ret;
}
return msg_reply.data.u64;
}
bool mpqemu_msg_valid(MPQemuMsg *msg)
{
if (msg->cmd >= MPQEMU_CMD_MAX || msg->cmd < 0) {
return false;
}
/* Verify FDs. */
if (msg->num_fds >= REMOTE_MAX_FDS) {
return false;
}
if (msg->num_fds > 0) {
for (int i = 0; i < msg->num_fds; i++) {
if (fcntl(msg->fds[i], F_GETFL) == -1) {
return false;
}
}
}
/* Verify message specific fields. */
switch (msg->cmd) {
case MPQEMU_CMD_SYNC_SYSMEM:
if (msg->num_fds == 0 || msg->size != sizeof(SyncSysmemMsg)) {
return false;
}
break;
case MPQEMU_CMD_PCI_CFGWRITE:
case MPQEMU_CMD_PCI_CFGREAD:
if (msg->size != sizeof(PciConfDataMsg)) {
return false;
}
break;
case MPQEMU_CMD_BAR_WRITE:
case MPQEMU_CMD_BAR_READ:
if ((msg->size != sizeof(BarAccessMsg)) || (msg->num_fds != 0)) {
return false;
}
break;
case MPQEMU_CMD_SET_IRQFD:
if (msg->size || (msg->num_fds != 2)) {
return false;
}
break;
default:
break;
}
return true;
}
