1// SPDX-License-Identifier: GPL-2.0 2/* Simple test of virtio code, entirely in userpsace. */ 3#define _GNU_SOURCE 4#include <sched.h> 5#include <err.h> 6#include <linux/kernel.h> 7#include <linux/err.h> 8#include <linux/virtio.h> 9#include <linux/vringh.h> 10#include <linux/virtio_ring.h> 11#include <linux/virtio_config.h> 12#include <linux/uaccess.h> 13#include <sys/types.h> 14#include <sys/stat.h> 15#include <sys/mman.h> 16#include <sys/wait.h> 17#include <fcntl.h> 18 19#define USER_MEM (1024*1024) 20void *__user_addr_min, *__user_addr_max; 21void *__kmalloc_fake, *__kfree_ignore_start, *__kfree_ignore_end; 22static u64 user_addr_offset; 23 24#define RINGSIZE 256 25#define ALIGN 4096 26 27static bool never_notify_host(struct virtqueue *vq) 28{ 29 abort(); 30} 31 32static void never_callback_guest(struct virtqueue *vq) 33{ 34 abort(); 35} 36 37static bool getrange_iov(struct vringh *vrh, u64 addr, struct vringh_range *r) 38{ 39 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset) 40 return false; 41 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset) 42 return false; 43 44 r->start = (u64)(unsigned long)__user_addr_min - user_addr_offset; 45 r->end_incl = (u64)(unsigned long)__user_addr_max - 1 - user_addr_offset; 46 r->offset = user_addr_offset; 47 return true; 48} 49 50/* We return single byte ranges. */ 51static bool getrange_slow(struct vringh *vrh, u64 addr, struct vringh_range *r) 52{ 53 if (addr < (u64)(unsigned long)__user_addr_min - user_addr_offset) 54 return false; 55 if (addr >= (u64)(unsigned long)__user_addr_max - user_addr_offset) 56 return false; 57 58 r->start = addr; 59 r->end_incl = r->start; 60 r->offset = user_addr_offset; 61 return true; 62} 63 64struct guest_virtio_device { 65 struct virtio_device vdev; 66 int to_host_fd; 67 unsigned long notifies; 68}; 69 70static bool parallel_notify_host(struct virtqueue *vq) 71{ 72 int rc; 73 struct guest_virtio_device *gvdev; 74 75 gvdev = container_of(vq->vdev, struct guest_virtio_device, vdev); 76 rc = write(gvdev->to_host_fd, "", 1); 77 if (rc < 0) 78 return false; 79 gvdev->notifies++; 80 return true; 81} 82 83static bool no_notify_host(struct virtqueue *vq) 84{ 85 return true; 86} 87 88#define NUM_XFERS (10000000) 89 90/* We aim for two "distant" cpus. */ 91static void find_cpus(unsigned int *first, unsigned int *last) 92{ 93 unsigned int i; 94 95 *first = -1U; 96 *last = 0; 97 for (i = 0; i < 4096; i++) { 98 cpu_set_t set; 99 CPU_ZERO(&set); 100 CPU_SET(i, &set); 101 if (sched_setaffinity(getpid(), sizeof(set), &set) == 0) { 102 if (i < *first) 103 *first = i; 104 if (i > *last) 105 *last = i; 106 } 107 } 108} 109 110/* Opencoded version for fast mode */ 111static inline int vringh_get_head(struct vringh *vrh, u16 *head) 112{ 113 u16 avail_idx, i; 114 int err; 115 116 err = get_user(avail_idx, &vrh->vring.avail->idx); 117 if (err) 118 return err; 119 120 if (vrh->last_avail_idx == avail_idx) 121 return 0; 122 123 /* Only get avail ring entries after they have been exposed by guest. */ 124 virtio_rmb(vrh->weak_barriers); 125 126 i = vrh->last_avail_idx & (vrh->vring.num - 1); 127 128 err = get_user(*head, &vrh->vring.avail->ring[i]); 129 if (err) 130 return err; 131 132 vrh->last_avail_idx++; 133 return 1; 134} 135 136static int parallel_test(u64 features, 137 bool (*getrange)(struct vringh *vrh, 138 u64 addr, struct vringh_range *r), 139 bool fast_vringh) 140{ 141 void *host_map, *guest_map; 142 int fd, mapsize, to_guest[2], to_host[2]; 143 unsigned long xfers = 0, notifies = 0, receives = 0; 144 unsigned int first_cpu, last_cpu; 145 cpu_set_t cpu_set; 146 char buf[128]; 147 148 /* Create real file to mmap. */ 149 fd = open("/tmp/vringh_test-file", O_RDWR|O_CREAT|O_TRUNC, 0600); 150 if (fd < 0) 151 err(1, "Opening /tmp/vringh_test-file"); 152 153 /* Extra room at the end for some data, and indirects */ 154 mapsize = vring_size(RINGSIZE, ALIGN) 155 + RINGSIZE * 2 * sizeof(int) 156 + RINGSIZE * 6 * sizeof(struct vring_desc); 157 mapsize = (mapsize + getpagesize() - 1) & ~(getpagesize() - 1); 158 ftruncate(fd, mapsize); 159 160 /* Parent and child use separate addresses, to check our mapping logic! */ 161 host_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 162 guest_map = mmap(NULL, mapsize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); 163 164 pipe(to_guest); 165 pipe(to_host); 166 167 CPU_ZERO(&cpu_set); 168 find_cpus(&first_cpu, &last_cpu); 169 printf("Using CPUS %u and %u\n", first_cpu, last_cpu); 170 fflush(stdout); 171 172 if (fork() != 0) { 173 struct vringh vrh; 174 int status, err, rlen = 0; 175 char rbuf[5]; 176 177 /* We are the host: never access guest addresses! */ 178 munmap(guest_map, mapsize); 179 180 __user_addr_min = host_map; 181 __user_addr_max = __user_addr_min + mapsize; 182 user_addr_offset = host_map - guest_map; 183 assert(user_addr_offset); 184 185 close(to_guest[0]); 186 close(to_host[1]); 187 188 vring_init(&vrh.vring, RINGSIZE, host_map, ALIGN); 189 vringh_init_user(&vrh, features, RINGSIZE, true, 190 vrh.vring.desc, vrh.vring.avail, vrh.vring.used); 191 CPU_SET(first_cpu, &cpu_set); 192 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set)) 193 errx(1, "Could not set affinity to cpu %u", first_cpu); 194 195 while (xfers < NUM_XFERS) { 196 struct iovec host_riov[2], host_wiov[2]; 197 struct vringh_iov riov, wiov; 198 u16 head, written; 199 200 if (fast_vringh) { 201 for (;;) { 202 err = vringh_get_head(&vrh, &head); 203 if (err != 0) 204 break; 205 err = vringh_need_notify_user(&vrh); 206 if (err < 0) 207 errx(1, "vringh_need_notify_user: %i", 208 err); 209 if (err) { 210 write(to_guest[1], "", 1); 211 notifies++; 212 } 213 } 214 if (err != 1) 215 errx(1, "vringh_get_head"); 216 written = 0; 217 goto complete; 218 } else { 219 vringh_iov_init(&riov, 220 host_riov, 221 ARRAY_SIZE(host_riov)); 222 vringh_iov_init(&wiov, 223 host_wiov, 224 ARRAY_SIZE(host_wiov)); 225 226 err = vringh_getdesc_user(&vrh, &riov, &wiov, 227 getrange, &head); 228 } 229 if (err == 0) { 230 err = vringh_need_notify_user(&vrh); 231 if (err < 0) 232 errx(1, "vringh_need_notify_user: %i", 233 err); 234 if (err) { 235 write(to_guest[1], "", 1); 236 notifies++; 237 } 238 239 if (!vringh_notify_enable_user(&vrh)) 240 continue; 241 242 /* Swallow all notifies at once. */ 243 if (read(to_host[0], buf, sizeof(buf)) < 1) 244 break; 245 246 vringh_notify_disable_user(&vrh); 247 receives++; 248 continue; 249 } 250 if (err != 1) 251 errx(1, "vringh_getdesc_user: %i", err); 252 253 /* We simply copy bytes. */ 254 if (riov.used) { 255 rlen = vringh_iov_pull_user(&riov, rbuf, 256 sizeof(rbuf)); 257 if (rlen != 4) 258 errx(1, "vringh_iov_pull_user: %i", 259 rlen); 260 assert(riov.i == riov.used); 261 written = 0; 262 } else { 263 err = vringh_iov_push_user(&wiov, rbuf, rlen); 264 if (err != rlen) 265 errx(1, "vringh_iov_push_user: %i", 266 err); 267 assert(wiov.i == wiov.used); 268 written = err; 269 } 270 complete: 271 xfers++; 272 273 err = vringh_complete_user(&vrh, head, written); 274 if (err != 0) 275 errx(1, "vringh_complete_user: %i", err); 276 } 277 278 err = vringh_need_notify_user(&vrh); 279 if (err < 0) 280 errx(1, "vringh_need_notify_user: %i", err); 281 if (err) { 282 write(to_guest[1], "", 1); 283 notifies++; 284 } 285 wait(&status); 286 if (!WIFEXITED(status)) 287 errx(1, "Child died with signal %i?", WTERMSIG(status)); 288 if (WEXITSTATUS(status) != 0) 289 errx(1, "Child exited %i?", WEXITSTATUS(status)); 290 printf("Host: notified %lu, pinged %lu\n", notifies, receives); 291 return 0; 292 } else { 293 struct guest_virtio_device gvdev; 294 struct virtqueue *vq; 295 unsigned int *data; 296 struct vring_desc *indirects; 297 unsigned int finished = 0; 298 299 /* We pass sg[]s pointing into here, but we need RINGSIZE+1 */ 300 data = guest_map + vring_size(RINGSIZE, ALIGN); 301 indirects = (void *)data + (RINGSIZE + 1) * 2 * sizeof(int); 302 303 /* We are the guest. */ 304 munmap(host_map, mapsize); 305 306 close(to_guest[1]); 307 close(to_host[0]); 308 309 gvdev.vdev.features = features; 310 INIT_LIST_HEAD(&gvdev.vdev.vqs); 311 spin_lock_init(&gvdev.vdev.vqs_list_lock); 312 gvdev.to_host_fd = to_host[1]; 313 gvdev.notifies = 0; 314 315 CPU_SET(first_cpu, &cpu_set); 316 if (sched_setaffinity(getpid(), sizeof(cpu_set), &cpu_set)) 317 err(1, "Could not set affinity to cpu %u", first_cpu); 318 319 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &gvdev.vdev, true, 320 false, guest_map, 321 fast_vringh ? no_notify_host 322 : parallel_notify_host, 323 never_callback_guest, "guest vq"); 324 325 /* Don't kfree indirects. */ 326 __kfree_ignore_start = indirects; 327 __kfree_ignore_end = indirects + RINGSIZE * 6; 328 329 while (xfers < NUM_XFERS) { 330 struct scatterlist sg[4]; 331 unsigned int num_sg, len; 332 int *dbuf, err; 333 bool output = !(xfers % 2); 334 335 /* Consume bufs. */ 336 while ((dbuf = virtqueue_get_buf(vq, &len)) != NULL) { 337 if (len == 4) 338 assert(*dbuf == finished - 1); 339 else if (!fast_vringh) 340 assert(*dbuf == finished); 341 finished++; 342 } 343 344 /* Produce a buffer. */ 345 dbuf = data + (xfers % (RINGSIZE + 1)); 346 347 if (output) 348 *dbuf = xfers; 349 else 350 *dbuf = -1; 351 352 switch ((xfers / sizeof(*dbuf)) % 4) { 353 case 0: 354 /* Nasty three-element sg list. */ 355 sg_init_table(sg, num_sg = 3); 356 sg_set_buf(&sg[0], (void *)dbuf, 1); 357 sg_set_buf(&sg[1], (void *)dbuf + 1, 2); 358 sg_set_buf(&sg[2], (void *)dbuf + 3, 1); 359 break; 360 case 1: 361 sg_init_table(sg, num_sg = 2); 362 sg_set_buf(&sg[0], (void *)dbuf, 1); 363 sg_set_buf(&sg[1], (void *)dbuf + 1, 3); 364 break; 365 case 2: 366 sg_init_table(sg, num_sg = 1); 367 sg_set_buf(&sg[0], (void *)dbuf, 4); 368 break; 369 case 3: 370 sg_init_table(sg, num_sg = 4); 371 sg_set_buf(&sg[0], (void *)dbuf, 1); 372 sg_set_buf(&sg[1], (void *)dbuf + 1, 1); 373 sg_set_buf(&sg[2], (void *)dbuf + 2, 1); 374 sg_set_buf(&sg[3], (void *)dbuf + 3, 1); 375 break; 376 } 377 378 /* May allocate an indirect, so force it to allocate 379 * user addr */ 380 __kmalloc_fake = indirects + (xfers % RINGSIZE) * 4; 381 if (output) 382 err = virtqueue_add_outbuf(vq, sg, num_sg, dbuf, 383 GFP_KERNEL); 384 else 385 err = virtqueue_add_inbuf(vq, sg, num_sg, 386 dbuf, GFP_KERNEL); 387 388 if (err == -ENOSPC) { 389 if (!virtqueue_enable_cb_delayed(vq)) 390 continue; 391 /* Swallow all notifies at once. */ 392 if (read(to_guest[0], buf, sizeof(buf)) < 1) 393 break; 394 395 receives++; 396 virtqueue_disable_cb(vq); 397 continue; 398 } 399 400 if (err) 401 errx(1, "virtqueue_add_in/outbuf: %i", err); 402 403 xfers++; 404 virtqueue_kick(vq); 405 } 406 407 /* Any extra? */ 408 while (finished != xfers) { 409 int *dbuf; 410 unsigned int len; 411 412 /* Consume bufs. */ 413 dbuf = virtqueue_get_buf(vq, &len); 414 if (dbuf) { 415 if (len == 4) 416 assert(*dbuf == finished - 1); 417 else 418 assert(len == 0); 419 finished++; 420 continue; 421 } 422 423 if (!virtqueue_enable_cb_delayed(vq)) 424 continue; 425 if (read(to_guest[0], buf, sizeof(buf)) < 1) 426 break; 427 428 receives++; 429 virtqueue_disable_cb(vq); 430 } 431 432 printf("Guest: notified %lu, pinged %lu\n", 433 gvdev.notifies, receives); 434 vring_del_virtqueue(vq); 435 return 0; 436 } 437} 438 439int main(int argc, char *argv[]) 440{ 441 struct virtio_device vdev; 442 struct virtqueue *vq; 443 struct vringh vrh; 444 struct scatterlist guest_sg[RINGSIZE], *sgs[2]; 445 struct iovec host_riov[2], host_wiov[2]; 446 struct vringh_iov riov, wiov; 447 struct vring_used_elem used[RINGSIZE]; 448 char buf[28]; 449 u16 head; 450 int err; 451 unsigned i; 452 void *ret; 453 bool (*getrange)(struct vringh *vrh, u64 addr, struct vringh_range *r); 454 bool fast_vringh = false, parallel = false; 455 456 getrange = getrange_iov; 457 vdev.features = 0; 458 INIT_LIST_HEAD(&vdev.vqs); 459 spin_lock_init(&vdev.vqs_list_lock); 460 461 while (argv[1]) { 462 if (strcmp(argv[1], "--indirect") == 0) 463 __virtio_set_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC); 464 else if (strcmp(argv[1], "--eventidx") == 0) 465 __virtio_set_bit(&vdev, VIRTIO_RING_F_EVENT_IDX); 466 else if (strcmp(argv[1], "--virtio-1") == 0) 467 __virtio_set_bit(&vdev, VIRTIO_F_VERSION_1); 468 else if (strcmp(argv[1], "--slow-range") == 0) 469 getrange = getrange_slow; 470 else if (strcmp(argv[1], "--fast-vringh") == 0) 471 fast_vringh = true; 472 else if (strcmp(argv[1], "--parallel") == 0) 473 parallel = true; 474 else 475 errx(1, "Unknown arg %s", argv[1]); 476 argv++; 477 } 478 479 if (parallel) 480 return parallel_test(vdev.features, getrange, fast_vringh); 481 482 if (posix_memalign(&__user_addr_min, PAGE_SIZE, USER_MEM) != 0) 483 abort(); 484 __user_addr_max = __user_addr_min + USER_MEM; 485 memset(__user_addr_min, 0, vring_size(RINGSIZE, ALIGN)); 486 487 /* Set up guest side. */ 488 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, false, 489 __user_addr_min, 490 never_notify_host, never_callback_guest, 491 "guest vq"); 492 493 /* Set up host side. */ 494 vring_init(&vrh.vring, RINGSIZE, __user_addr_min, ALIGN); 495 vringh_init_user(&vrh, vdev.features, RINGSIZE, true, 496 vrh.vring.desc, vrh.vring.avail, vrh.vring.used); 497 498 /* No descriptor to get yet... */ 499 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 500 if (err != 0) 501 errx(1, "vringh_getdesc_user: %i", err); 502 503 /* Guest puts in a descriptor. */ 504 memcpy(__user_addr_max - 1, "a", 1); 505 sg_init_table(guest_sg, 1); 506 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1); 507 sg_init_table(guest_sg+1, 1); 508 sg_set_buf(&guest_sg[1], __user_addr_max - 3, 2); 509 sgs[0] = &guest_sg[0]; 510 sgs[1] = &guest_sg[1]; 511 512 /* May allocate an indirect, so force it to allocate user addr */ 513 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN); 514 err = virtqueue_add_sgs(vq, sgs, 1, 1, &err, GFP_KERNEL); 515 if (err) 516 errx(1, "virtqueue_add_sgs: %i", err); 517 __kmalloc_fake = NULL; 518 519 /* Host retreives it. */ 520 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 521 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 522 523 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 524 if (err != 1) 525 errx(1, "vringh_getdesc_user: %i", err); 526 527 assert(riov.used == 1); 528 assert(riov.iov[0].iov_base == __user_addr_max - 1); 529 assert(riov.iov[0].iov_len == 1); 530 if (getrange != getrange_slow) { 531 assert(wiov.used == 1); 532 assert(wiov.iov[0].iov_base == __user_addr_max - 3); 533 assert(wiov.iov[0].iov_len == 2); 534 } else { 535 assert(wiov.used == 2); 536 assert(wiov.iov[0].iov_base == __user_addr_max - 3); 537 assert(wiov.iov[0].iov_len == 1); 538 assert(wiov.iov[1].iov_base == __user_addr_max - 2); 539 assert(wiov.iov[1].iov_len == 1); 540 } 541 542 err = vringh_iov_pull_user(&riov, buf, 5); 543 if (err != 1) 544 errx(1, "vringh_iov_pull_user: %i", err); 545 assert(buf[0] == 'a'); 546 assert(riov.i == 1); 547 assert(vringh_iov_pull_user(&riov, buf, 5) == 0); 548 549 memcpy(buf, "bcdef", 5); 550 err = vringh_iov_push_user(&wiov, buf, 5); 551 if (err != 2) 552 errx(1, "vringh_iov_push_user: %i", err); 553 assert(memcmp(__user_addr_max - 3, "bc", 2) == 0); 554 assert(wiov.i == wiov.used); 555 assert(vringh_iov_push_user(&wiov, buf, 5) == 0); 556 557 /* Host is done. */ 558 err = vringh_complete_user(&vrh, head, err); 559 if (err != 0) 560 errx(1, "vringh_complete_user: %i", err); 561 562 /* Guest should see used token now. */ 563 __kfree_ignore_start = __user_addr_min + vring_size(RINGSIZE, ALIGN); 564 __kfree_ignore_end = __kfree_ignore_start + 1; 565 ret = virtqueue_get_buf(vq, &i); 566 if (ret != &err) 567 errx(1, "virtqueue_get_buf: %p", ret); 568 assert(i == 2); 569 570 /* Guest puts in a huge descriptor. */ 571 sg_init_table(guest_sg, RINGSIZE); 572 for (i = 0; i < RINGSIZE; i++) { 573 sg_set_buf(&guest_sg[i], 574 __user_addr_max - USER_MEM/4, USER_MEM/4); 575 } 576 577 /* Fill contents with recognisable garbage. */ 578 for (i = 0; i < USER_MEM/4; i++) 579 ((char *)__user_addr_max - USER_MEM/4)[i] = i; 580 581 /* This will allocate an indirect, so force it to allocate user addr */ 582 __kmalloc_fake = __user_addr_min + vring_size(RINGSIZE, ALIGN); 583 err = virtqueue_add_outbuf(vq, guest_sg, RINGSIZE, &err, GFP_KERNEL); 584 if (err) 585 errx(1, "virtqueue_add_outbuf (large): %i", err); 586 __kmalloc_fake = NULL; 587 588 /* Host picks it up (allocates new iov). */ 589 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 590 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 591 592 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 593 if (err != 1) 594 errx(1, "vringh_getdesc_user: %i", err); 595 596 assert(riov.max_num & VRINGH_IOV_ALLOCATED); 597 assert(riov.iov != host_riov); 598 if (getrange != getrange_slow) 599 assert(riov.used == RINGSIZE); 600 else 601 assert(riov.used == RINGSIZE * USER_MEM/4); 602 603 assert(!(wiov.max_num & VRINGH_IOV_ALLOCATED)); 604 assert(wiov.used == 0); 605 606 /* Pull data back out (in odd chunks), should be as expected. */ 607 for (i = 0; i < RINGSIZE * USER_MEM/4; i += 3) { 608 err = vringh_iov_pull_user(&riov, buf, 3); 609 if (err != 3 && i + err != RINGSIZE * USER_MEM/4) 610 errx(1, "vringh_iov_pull_user large: %i", err); 611 assert(buf[0] == (char)i); 612 assert(err < 2 || buf[1] == (char)(i + 1)); 613 assert(err < 3 || buf[2] == (char)(i + 2)); 614 } 615 assert(riov.i == riov.used); 616 vringh_iov_cleanup(&riov); 617 vringh_iov_cleanup(&wiov); 618 619 /* Complete using multi interface, just because we can. */ 620 used[0].id = head; 621 used[0].len = 0; 622 err = vringh_complete_multi_user(&vrh, used, 1); 623 if (err) 624 errx(1, "vringh_complete_multi_user(1): %i", err); 625 626 /* Free up those descriptors. */ 627 ret = virtqueue_get_buf(vq, &i); 628 if (ret != &err) 629 errx(1, "virtqueue_get_buf: %p", ret); 630 631 /* Add lots of descriptors. */ 632 sg_init_table(guest_sg, 1); 633 sg_set_buf(&guest_sg[0], __user_addr_max - 1, 1); 634 for (i = 0; i < RINGSIZE; i++) { 635 err = virtqueue_add_outbuf(vq, guest_sg, 1, &err, GFP_KERNEL); 636 if (err) 637 errx(1, "virtqueue_add_outbuf (multiple): %i", err); 638 } 639 640 /* Now get many, and consume them all at once. */ 641 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 642 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 643 644 for (i = 0; i < RINGSIZE; i++) { 645 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 646 if (err != 1) 647 errx(1, "vringh_getdesc_user: %i", err); 648 used[i].id = head; 649 used[i].len = 0; 650 } 651 /* Make sure it wraps around ring, to test! */ 652 assert(vrh.vring.used->idx % RINGSIZE != 0); 653 err = vringh_complete_multi_user(&vrh, used, RINGSIZE); 654 if (err) 655 errx(1, "vringh_complete_multi_user: %i", err); 656 657 /* Free those buffers. */ 658 for (i = 0; i < RINGSIZE; i++) { 659 unsigned len; 660 assert(virtqueue_get_buf(vq, &len) != NULL); 661 } 662 663 /* Test weird (but legal!) indirect. */ 664 if (__virtio_test_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC)) { 665 char *data = __user_addr_max - USER_MEM/4; 666 struct vring_desc *d = __user_addr_max - USER_MEM/2; 667 struct vring vring; 668 669 /* Force creation of direct, which we modify. */ 670 __virtio_clear_bit(&vdev, VIRTIO_RING_F_INDIRECT_DESC); 671 vq = vring_new_virtqueue(0, RINGSIZE, ALIGN, &vdev, true, 672 false, __user_addr_min, 673 never_notify_host, 674 never_callback_guest, 675 "guest vq"); 676 677 sg_init_table(guest_sg, 4); 678 sg_set_buf(&guest_sg[0], d, sizeof(*d)*2); 679 sg_set_buf(&guest_sg[1], d + 2, sizeof(*d)*1); 680 sg_set_buf(&guest_sg[2], data + 6, 4); 681 sg_set_buf(&guest_sg[3], d + 3, sizeof(*d)*3); 682 683 err = virtqueue_add_outbuf(vq, guest_sg, 4, &err, GFP_KERNEL); 684 if (err) 685 errx(1, "virtqueue_add_outbuf (indirect): %i", err); 686 687 vring_init(&vring, RINGSIZE, __user_addr_min, ALIGN); 688 689 /* They're used in order, but double-check... */ 690 assert(vring.desc[0].addr == (unsigned long)d); 691 assert(vring.desc[1].addr == (unsigned long)(d+2)); 692 assert(vring.desc[2].addr == (unsigned long)data + 6); 693 assert(vring.desc[3].addr == (unsigned long)(d+3)); 694 vring.desc[0].flags |= VRING_DESC_F_INDIRECT; 695 vring.desc[1].flags |= VRING_DESC_F_INDIRECT; 696 vring.desc[3].flags |= VRING_DESC_F_INDIRECT; 697 698 /* First indirect */ 699 d[0].addr = (unsigned long)data; 700 d[0].len = 1; 701 d[0].flags = VRING_DESC_F_NEXT; 702 d[0].next = 1; 703 d[1].addr = (unsigned long)data + 1; 704 d[1].len = 2; 705 d[1].flags = 0; 706 707 /* Second indirect */ 708 d[2].addr = (unsigned long)data + 3; 709 d[2].len = 3; 710 d[2].flags = 0; 711 712 /* Third indirect */ 713 d[3].addr = (unsigned long)data + 10; 714 d[3].len = 5; 715 d[3].flags = VRING_DESC_F_NEXT; 716 d[3].next = 1; 717 d[4].addr = (unsigned long)data + 15; 718 d[4].len = 6; 719 d[4].flags = VRING_DESC_F_NEXT; 720 d[4].next = 2; 721 d[5].addr = (unsigned long)data + 21; 722 d[5].len = 7; 723 d[5].flags = 0; 724 725 /* Host picks it up (allocates new iov). */ 726 vringh_iov_init(&riov, host_riov, ARRAY_SIZE(host_riov)); 727 vringh_iov_init(&wiov, host_wiov, ARRAY_SIZE(host_wiov)); 728 729 err = vringh_getdesc_user(&vrh, &riov, &wiov, getrange, &head); 730 if (err != 1) 731 errx(1, "vringh_getdesc_user: %i", err); 732 733 if (head != 0) 734 errx(1, "vringh_getdesc_user: head %i not 0", head); 735 736 assert(riov.max_num & VRINGH_IOV_ALLOCATED); 737 if (getrange != getrange_slow) 738 assert(riov.used == 7); 739 else 740 assert(riov.used == 28); 741 err = vringh_iov_pull_user(&riov, buf, 29); 742 assert(err == 28); 743 744 /* Data should be linear. */ 745 for (i = 0; i < err; i++) 746 assert(buf[i] == i); 747 vringh_iov_cleanup(&riov); 748 } 749 750 /* Don't leak memory... */ 751 vring_del_virtqueue(vq); 752 free(__user_addr_min); 753 754 return 0; 755} 756