1 /*
2  * Communication channel between QEMU and remote device process
3  *
4  * Copyright © 2018, 2021 Oracle and/or its affiliates.
5  *
6  * This work is licensed under the terms of the GNU GPL, version 2 or later.
7  * See the COPYING file in the top-level directory.
8  *
9  */
10 
11 #include "qemu/osdep.h"
12 #include "qemu-common.h"
13 
14 #include "qemu/module.h"
15 #include "hw/remote/mpqemu-link.h"
16 #include "qapi/error.h"
17 #include "qemu/iov.h"
18 #include "qemu/error-report.h"
19 #include "qemu/main-loop.h"
20 #include "io/channel.h"
21 #include "sysemu/iothread.h"
22 #include "trace.h"
23 
24 /*
25  * Send message over the ioc QIOChannel.
26  * This function is safe to call from:
27  * - main loop in co-routine context. Will block the main loop if not in
28  *   co-routine context;
29  * - vCPU thread with no co-routine context and if the channel is not part
30  *   of the main loop handling;
31  * - IOThread within co-routine context, outside of co-routine context
32  *   will block IOThread;
33  * Returns true if no errors were encountered, false otherwise.
34  */
mpqemu_msg_send(MPQemuMsg * msg,QIOChannel * ioc,Error ** errp)35 bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
36 {
37     bool iolock = qemu_mutex_iothread_locked();
38     bool iothread = qemu_in_iothread();
39     struct iovec send[2] = {};
40     int *fds = NULL;
41     size_t nfds = 0;
42     bool ret = false;
43 
44     send[0].iov_base = msg;
45     send[0].iov_len = MPQEMU_MSG_HDR_SIZE;
46 
47     send[1].iov_base = (void *)&msg->data;
48     send[1].iov_len = msg->size;
49 
50     if (msg->num_fds) {
51         nfds = msg->num_fds;
52         fds = msg->fds;
53     }
54 
55     /*
56      * Dont use in IOThread out of co-routine context as
57      * it will block IOThread.
58      */
59     assert(qemu_in_coroutine() || !iothread);
60 
61     /*
62      * Skip unlocking/locking iothread lock when the IOThread is running
63      * in co-routine context. Co-routine context is asserted above
64      * for IOThread case.
65      * Also skip lock handling while in a co-routine in the main context.
66      */
67     if (iolock && !iothread && !qemu_in_coroutine()) {
68         qemu_mutex_unlock_iothread();
69     }
70 
71     if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
72                                     fds, nfds, errp)) {
73         ret = true;
74     } else {
75         trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
76     }
77 
78     if (iolock && !iothread && !qemu_in_coroutine()) {
79         /* See above comment why skip locking here. */
80         qemu_mutex_lock_iothread();
81     }
82 
83     return ret;
84 }
85 
86 /*
87  * Read message from the ioc QIOChannel.
88  * This function is safe to call from:
89  * - From main loop in co-routine context. Will block the main loop if not in
90  *   co-routine context;
91  * - From vCPU thread with no co-routine context and if the channel is not part
92  *   of the main loop handling;
93  * - From IOThread within co-routine context, outside of co-routine context
94  *   will block IOThread;
95  */
mpqemu_read(QIOChannel * ioc,void * buf,size_t len,int ** fds,size_t * nfds,Error ** errp)96 static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
97                            size_t *nfds, Error **errp)
98 {
99     struct iovec iov = { .iov_base = buf, .iov_len = len };
100     bool iolock = qemu_mutex_iothread_locked();
101     bool iothread = qemu_in_iothread();
102     int ret = -1;
103 
104     /*
105      * Dont use in IOThread out of co-routine context as
106      * it will block IOThread.
107      */
108     assert(qemu_in_coroutine() || !iothread);
109 
110     if (iolock && !iothread && !qemu_in_coroutine()) {
111         qemu_mutex_unlock_iothread();
112     }
113 
114     ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp);
115 
116     if (iolock && !iothread && !qemu_in_coroutine()) {
117         qemu_mutex_lock_iothread();
118     }
119 
120     return (ret <= 0) ? ret : iov.iov_len;
121 }
122 
mpqemu_msg_recv(MPQemuMsg * msg,QIOChannel * ioc,Error ** errp)123 bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
124 {
125     ERRP_GUARD();
126     g_autofree int *fds = NULL;
127     size_t nfds = 0;
128     ssize_t len;
129     bool ret = false;
130 
131     len = mpqemu_read(ioc, msg, MPQEMU_MSG_HDR_SIZE, &fds, &nfds, errp);
132     if (len <= 0) {
133         goto fail;
134     } else if (len != MPQEMU_MSG_HDR_SIZE) {
135         error_setg(errp, "Message header corrupted");
136         goto fail;
137     }
138 
139     if (msg->size > sizeof(msg->data)) {
140         error_setg(errp, "Invalid size for message");
141         goto fail;
142     }
143 
144     if (!msg->size) {
145         goto copy_fds;
146     }
147 
148     len = mpqemu_read(ioc, &msg->data, msg->size, NULL, NULL, errp);
149     if (len <= 0) {
150         goto fail;
151     }
152     if (len != msg->size) {
153         error_setg(errp, "Unable to read full message");
154         goto fail;
155     }
156 
157 copy_fds:
158     msg->num_fds = nfds;
159     if (nfds > G_N_ELEMENTS(msg->fds)) {
160         error_setg(errp,
161                    "Overflow error: received %zu fds, more than max of %d fds",
162                    nfds, REMOTE_MAX_FDS);
163         goto fail;
164     }
165     if (nfds) {
166         memcpy(msg->fds, fds, nfds * sizeof(int));
167     }
168 
169     ret = true;
170 
171 fail:
172     if (*errp) {
173         trace_mpqemu_recv_io_error(msg->cmd, msg->size, nfds);
174     }
175     while (*errp && nfds) {
176         close(fds[nfds - 1]);
177         nfds--;
178     }
179 
180     return ret;
181 }
182 
183 /*
184  * Send msg and wait for a reply with command code RET_MSG.
185  * Returns the message received of size u64 or UINT64_MAX
186  * on error.
187  * Called from VCPU thread in non-coroutine context.
188  * Used by the Proxy object to communicate to remote processes.
189  */
mpqemu_msg_send_and_await_reply(MPQemuMsg * msg,PCIProxyDev * pdev,Error ** errp)190 uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
191                                          Error **errp)
192 {
193     MPQemuMsg msg_reply = {0};
194     uint64_t ret = UINT64_MAX;
195 
196     assert(!qemu_in_coroutine());
197 
198     QEMU_LOCK_GUARD(&pdev->io_mutex);
199     if (!mpqemu_msg_send(msg, pdev->ioc, errp)) {
200         return ret;
201     }
202 
203     if (!mpqemu_msg_recv(&msg_reply, pdev->ioc, errp)) {
204         return ret;
205     }
206 
207     if (!mpqemu_msg_valid(&msg_reply) || msg_reply.cmd != MPQEMU_CMD_RET) {
208         error_setg(errp, "ERROR: Invalid reply received for command %d",
209                          msg->cmd);
210         return ret;
211     }
212 
213     return msg_reply.data.u64;
214 }
215 
mpqemu_msg_valid(MPQemuMsg * msg)216 bool mpqemu_msg_valid(MPQemuMsg *msg)
217 {
218     if (msg->cmd >= MPQEMU_CMD_MAX || msg->cmd < 0) {
219         return false;
220     }
221 
222     /* Verify FDs. */
223     if (msg->num_fds >= REMOTE_MAX_FDS) {
224         return false;
225     }
226 
227     if (msg->num_fds > 0) {
228         for (int i = 0; i < msg->num_fds; i++) {
229             if (fcntl(msg->fds[i], F_GETFL) == -1) {
230                 return false;
231             }
232         }
233     }
234 
235      /* Verify message specific fields. */
236     switch (msg->cmd) {
237     case MPQEMU_CMD_SYNC_SYSMEM:
238         if (msg->num_fds == 0 || msg->size != sizeof(SyncSysmemMsg)) {
239             return false;
240         }
241         break;
242     case MPQEMU_CMD_PCI_CFGWRITE:
243     case MPQEMU_CMD_PCI_CFGREAD:
244         if (msg->size != sizeof(PciConfDataMsg)) {
245             return false;
246         }
247         break;
248     case MPQEMU_CMD_BAR_WRITE:
249     case MPQEMU_CMD_BAR_READ:
250         if ((msg->size != sizeof(BarAccessMsg)) || (msg->num_fds != 0)) {
251             return false;
252         }
253         break;
254     case MPQEMU_CMD_SET_IRQFD:
255         if (msg->size || (msg->num_fds != 2)) {
256             return false;
257         }
258         break;
259     default:
260         break;
261     }
262 
263     return true;
264 }
265