Line data Source code
1 : /* SPDX-License-Identifier: BSD-3-Clause
2 : * Copyright (C) 2020 Intel Corporation.
3 : * Copyright (c) 2019-2022, Nutanix Inc. All rights reserved.
4 : * Copyright (c) 2022, 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
5 : */
6 :
7 : /*
8 : * NVMe over vfio-user transport
9 : */
10 :
11 : #include <sys/param.h>
12 :
13 : #include <vfio-user/libvfio-user.h>
14 : #include <vfio-user/pci_defs.h>
15 :
16 : #include "spdk/barrier.h"
17 : #include "spdk/stdinc.h"
18 : #include "spdk/assert.h"
19 : #include "spdk/thread.h"
20 : #include "spdk/nvmf_transport.h"
21 : #include "spdk/sock.h"
22 : #include "spdk/string.h"
23 : #include "spdk/util.h"
24 : #include "spdk/log.h"
25 :
26 : #include "transport.h"
27 :
28 : #include "nvmf_internal.h"
29 :
30 : #define SWAP(x, y) \
31 : do \
32 : { \
33 : typeof(x) _tmp = x; \
34 : x = y; \
35 : y = _tmp; \
36 : } while (0)
37 :
38 : #define NVMF_VFIO_USER_DEFAULT_MAX_QUEUE_DEPTH 256
39 : #define NVMF_VFIO_USER_DEFAULT_AQ_DEPTH 32
40 : #define NVMF_VFIO_USER_DEFAULT_MAX_IO_SIZE ((NVMF_REQ_MAX_BUFFERS - 1) << SHIFT_4KB)
41 : #define NVMF_VFIO_USER_DEFAULT_IO_UNIT_SIZE NVMF_VFIO_USER_DEFAULT_MAX_IO_SIZE
42 :
43 : #define NVME_DOORBELLS_OFFSET 0x1000
44 : #define NVMF_VFIO_USER_SHADOW_DOORBELLS_BUFFER_COUNT 2
45 : #define NVMF_VFIO_USER_SET_EVENTIDX_MAX_ATTEMPTS 3
46 : #define NVMF_VFIO_USER_EVENTIDX_POLL UINT32_MAX
47 :
48 : #define NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR 512
49 : #define NVMF_VFIO_USER_DEFAULT_MAX_QPAIRS_PER_CTRLR (NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR / 4)
50 :
51 : /* NVMe spec 1.4, section 5.21.1.7 */
52 : SPDK_STATIC_ASSERT(NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR >= 2 &&
53 : NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR <= SPDK_NVME_MAX_IO_QUEUES,
54 : "bad number of queues");
55 :
56 : /*
57 : * NVMe driver reads 4096 bytes, which is the extended PCI configuration space
58 : * available on PCI-X 2.0 and PCI Express buses
59 : */
60 : #define NVME_REG_CFG_SIZE 0x1000
61 :
62 : /*
63 : * Doorbells must be page aligned so that they can memory mapped.
64 : *
65 : * TODO does the NVMe spec also require this? Document it.
66 : */
67 : #define NVMF_VFIO_USER_DOORBELLS_SIZE \
68 : SPDK_ALIGN_CEIL( \
69 : (NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR * 2 * SPDK_NVME_DOORBELL_REGISTER_SIZE), \
70 : 0x1000)
71 : #define NVME_REG_BAR0_SIZE (NVME_DOORBELLS_OFFSET + NVMF_VFIO_USER_DOORBELLS_SIZE)
72 :
73 : /*
74 : * TODO check the PCI spec whether BAR4 and BAR5 really have to be at least one
75 : * page and a multiple of page size (maybe QEMU also needs this?). Document all
76 : * this.
77 : */
78 :
79 : #define NVMF_VFIO_USER_MSIX_NUM MAX(CHAR_BIT, NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR)
80 :
81 : #define NVMF_VFIO_USER_MSIX_TABLE_BIR (4)
82 : #define NVMF_VFIO_USER_BAR4_SIZE SPDK_ALIGN_CEIL((NVMF_VFIO_USER_MSIX_NUM * 16), 0x1000)
83 : SPDK_STATIC_ASSERT(NVMF_VFIO_USER_BAR4_SIZE > 0, "Incorrect size");
84 :
85 : /*
86 : * TODO according to the PCI spec we need one bit per vector, document the
87 : * relevant section.
88 : */
89 : #define NVMF_VFIO_USER_MSIX_PBA_BIR (5)
90 : #define NVMF_VFIO_USER_BAR5_SIZE SPDK_ALIGN_CEIL((NVMF_VFIO_USER_MSIX_NUM / CHAR_BIT), 0x1000)
91 : SPDK_STATIC_ASSERT(NVMF_VFIO_USER_BAR5_SIZE > 0, "Incorrect size");
92 : struct nvmf_vfio_user_req;
93 :
94 : typedef int (*nvmf_vfio_user_req_cb_fn)(struct nvmf_vfio_user_req *req, void *cb_arg);
95 :
96 : /* 1 more for PRP2 list itself */
97 : #define NVMF_VFIO_USER_MAX_IOVECS (NVMF_REQ_MAX_BUFFERS + 1)
98 :
99 : enum nvmf_vfio_user_req_state {
100 : VFIO_USER_REQUEST_STATE_FREE = 0,
101 : VFIO_USER_REQUEST_STATE_EXECUTING,
102 : };
103 :
104 : /*
105 : * Support for live migration in NVMf/vfio-user: live migration is implemented
106 : * by stopping the NVMf subsystem when the device is instructed to enter the
107 : * stop-and-copy state and then trivially, and most importantly safely,
108 : * collecting migration state and providing it to the vfio-user client. We
109 : * don't provide any migration state at the pre-copy state as that's too
110 : * complicated to do, we might support this in the future.
111 : */
112 :
113 :
114 : /* NVMe device state representation */
115 : struct nvme_migr_sq_state {
116 : uint16_t sqid;
117 : uint16_t cqid;
118 : uint32_t head;
119 : uint32_t size;
120 : uint32_t reserved;
121 : uint64_t dma_addr;
122 : };
123 : SPDK_STATIC_ASSERT(sizeof(struct nvme_migr_sq_state) == 0x18, "Incorrect size");
124 :
125 : struct nvme_migr_cq_state {
126 : uint16_t cqid;
127 : uint16_t phase;
128 : uint32_t tail;
129 : uint32_t size;
130 : uint32_t iv;
131 : uint32_t ien;
132 : uint32_t reserved;
133 : uint64_t dma_addr;
134 : };
135 : SPDK_STATIC_ASSERT(sizeof(struct nvme_migr_cq_state) == 0x20, "Incorrect size");
136 :
137 : #define VFIO_USER_MIGR_CALLBACK_VERS 1
138 : #define VFIO_USER_NVME_MIGR_MAGIC 0xAFEDBC23
139 :
140 : /* The device state is in VFIO MIGRATION BAR(9) region, keep the device state page aligned.
141 : *
142 : * NVMe device migration region is defined as below:
143 : * -------------------------------------------------------------------------
144 : * | vfio_user_nvme_migr_header | nvmf controller data | queue pairs | BARs |
145 : * -------------------------------------------------------------------------
146 : *
147 : * Keep vfio_user_nvme_migr_header as a fixed 0x1000 length, all new added fields
148 : * can use the reserved space at the end of the data structure.
149 : */
150 : struct vfio_user_nvme_migr_header {
151 : /* Magic value to validate migration data */
152 : uint32_t magic;
153 : /* Version to check the data is same from source to destination */
154 : uint32_t version;
155 :
156 : /* The library uses this field to know how many fields in this
157 : * structure are valid, starting at the beginning of this data
158 : * structure. New added fields in future use `unused` memory
159 : * spaces.
160 : */
161 : uint32_t opts_size;
162 : uint32_t reserved0;
163 :
164 : /* BARs information */
165 : uint64_t bar_offset[VFU_PCI_DEV_NUM_REGIONS];
166 : uint64_t bar_len[VFU_PCI_DEV_NUM_REGIONS];
167 :
168 : /* Queue pair start offset, starting at the beginning of this
169 : * data structure.
170 : */
171 : uint64_t qp_offset;
172 : uint64_t qp_len;
173 :
174 : /* Controller data structure */
175 : uint32_t num_io_queues;
176 : uint32_t reserved1;
177 :
178 : /* NVMf controller data offset and length if exist, starting at
179 : * the beginning of this data structure.
180 : */
181 : uint64_t nvmf_data_offset;
182 : uint64_t nvmf_data_len;
183 :
184 : /*
185 : * Whether or not shadow doorbells are used in the source. 0 is a valid DMA
186 : * address.
187 : */
188 : uint32_t sdbl;
189 :
190 : /* Shadow doorbell DMA addresses. */
191 : uint64_t shadow_doorbell_buffer;
192 : uint64_t eventidx_buffer;
193 :
194 : /* Reserved memory space for new added fields, the
195 : * field is always at the end of this data structure.
196 : */
197 : uint8_t unused[3856];
198 : };
199 : SPDK_STATIC_ASSERT(sizeof(struct vfio_user_nvme_migr_header) == 0x1000, "Incorrect size");
200 :
201 : struct vfio_user_nvme_migr_qp {
202 : struct nvme_migr_sq_state sq;
203 : struct nvme_migr_cq_state cq;
204 : };
205 :
206 : /* NVMe state definition used to load/restore from/to NVMe migration BAR region */
207 : struct vfio_user_nvme_migr_state {
208 : struct vfio_user_nvme_migr_header ctrlr_header;
209 : struct spdk_nvmf_ctrlr_migr_data nvmf_data;
210 : struct vfio_user_nvme_migr_qp qps[NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR];
211 : uint8_t doorbells[NVMF_VFIO_USER_DOORBELLS_SIZE];
212 : uint8_t cfg[NVME_REG_CFG_SIZE];
213 : };
214 :
215 : struct nvmf_vfio_user_req {
216 : struct spdk_nvmf_request req;
217 : struct spdk_nvme_cpl rsp;
218 : struct spdk_nvme_cmd cmd;
219 :
220 : enum nvmf_vfio_user_req_state state;
221 : nvmf_vfio_user_req_cb_fn cb_fn;
222 : void *cb_arg;
223 :
224 : /* old CC before prop_set_cc fabric command */
225 : union spdk_nvme_cc_register cc;
226 :
227 : TAILQ_ENTRY(nvmf_vfio_user_req) link;
228 :
229 : struct iovec iov[NVMF_VFIO_USER_MAX_IOVECS];
230 : uint8_t iovcnt;
231 :
232 : /* NVMF_VFIO_USER_MAX_IOVECS worth of dma_sg_t. */
233 : uint8_t sg[];
234 : };
235 :
236 : #define MAP_R (0)
237 : #define MAP_RW (1 << 0)
238 : #define MAP_INITIALIZE (1 << 1)
239 : #define MAP_QUIET (1 << 2)
240 :
241 : /*
242 : * Mapping of an NVMe queue.
243 : *
244 : * This holds the information tracking a local process mapping of an NVMe queue
245 : * shared by the client.
246 : */
247 : struct nvme_q_mapping {
248 : /* iov of local process mapping. */
249 : struct iovec iov;
250 : /* Stored sg, needed for unmap. */
251 : dma_sg_t *sg;
252 : /* Client PRP of queue. */
253 : uint64_t prp1;
254 : /* Total length in bytes. */
255 : uint64_t len;
256 : };
257 :
258 : enum nvmf_vfio_user_sq_state {
259 : VFIO_USER_SQ_UNUSED = 0,
260 : VFIO_USER_SQ_CREATED,
261 : VFIO_USER_SQ_DELETED,
262 : VFIO_USER_SQ_ACTIVE,
263 : VFIO_USER_SQ_INACTIVE
264 : };
265 :
266 : enum nvmf_vfio_user_cq_state {
267 : VFIO_USER_CQ_UNUSED = 0,
268 : VFIO_USER_CQ_CREATED,
269 : VFIO_USER_CQ_DELETED,
270 : };
271 :
272 : enum nvmf_vfio_user_ctrlr_state {
273 : VFIO_USER_CTRLR_CREATING = 0,
274 : VFIO_USER_CTRLR_RUNNING,
275 : /* Quiesce requested by libvfio-user */
276 : VFIO_USER_CTRLR_PAUSING,
277 : /* NVMf subsystem is paused, it's safe to do PCI reset, memory register,
278 : * memory unergister, and vfio migration state transition in this state.
279 : */
280 : VFIO_USER_CTRLR_PAUSED,
281 : /*
282 : * Implies that the NVMf subsystem is paused. Device will be unquiesced (PCI
283 : * reset, memory register and unregister, controller in destination VM has
284 : * been restored). NVMf subsystem resume has been requested.
285 : */
286 : VFIO_USER_CTRLR_RESUMING,
287 : /*
288 : * Implies that the NVMf subsystem is paused. Both controller in source VM and
289 : * destinatiom VM is in this state when doing live migration.
290 : */
291 : VFIO_USER_CTRLR_MIGRATING
292 : };
293 :
294 : struct nvmf_vfio_user_sq {
295 : struct spdk_nvmf_qpair qpair;
296 : struct spdk_nvmf_transport_poll_group *group;
297 : struct nvmf_vfio_user_ctrlr *ctrlr;
298 :
299 : uint32_t qid;
300 : /* Number of entries in queue. */
301 : uint32_t size;
302 : struct nvme_q_mapping mapping;
303 : enum nvmf_vfio_user_sq_state sq_state;
304 :
305 : uint32_t head;
306 : volatile uint32_t *dbl_tailp;
307 :
308 : /* Whether a shadow doorbell eventidx needs setting. */
309 : bool need_rearm;
310 :
311 : /* multiple SQs can be mapped to the same CQ */
312 : uint16_t cqid;
313 :
314 : /* handle_queue_connect_rsp() can be used both for CREATE IO SQ response
315 : * and SQ re-connect response in the destination VM, for the prior case,
316 : * we will post a NVMe completion to VM, we will not set this flag when
317 : * re-connecting SQs in the destination VM.
318 : */
319 : bool post_create_io_sq_completion;
320 : /* Copy of Create IO SQ command, this field is used together with
321 : * `post_create_io_sq_completion` flag.
322 : */
323 : struct spdk_nvme_cmd create_io_sq_cmd;
324 :
325 : struct vfio_user_delete_sq_ctx *delete_ctx;
326 :
327 : /* Currently unallocated reqs. */
328 : TAILQ_HEAD(, nvmf_vfio_user_req) free_reqs;
329 : /* Poll group entry */
330 : TAILQ_ENTRY(nvmf_vfio_user_sq) link;
331 : /* Connected SQ entry */
332 : TAILQ_ENTRY(nvmf_vfio_user_sq) tailq;
333 : };
334 :
335 : struct nvmf_vfio_user_cq {
336 : struct spdk_nvmf_transport_poll_group *group;
337 : int cq_ref;
338 :
339 : uint32_t qid;
340 : /* Number of entries in queue. */
341 : uint32_t size;
342 : struct nvme_q_mapping mapping;
343 : enum nvmf_vfio_user_cq_state cq_state;
344 :
345 : uint32_t tail;
346 : volatile uint32_t *dbl_headp;
347 :
348 : bool phase;
349 :
350 : uint16_t iv;
351 : bool ien;
352 :
353 : uint32_t last_head;
354 : uint32_t last_trigger_irq_tail;
355 : };
356 :
357 : struct nvmf_vfio_user_poll_group {
358 : struct spdk_nvmf_transport_poll_group group;
359 : TAILQ_ENTRY(nvmf_vfio_user_poll_group) link;
360 : TAILQ_HEAD(, nvmf_vfio_user_sq) sqs;
361 : struct spdk_interrupt *intr;
362 : int intr_fd;
363 : struct {
364 :
365 : /*
366 : * ctrlr_intr and ctrlr_kicks will be zero for all other poll
367 : * groups. However, they can be zero even for the poll group
368 : * the controller belongs are if no vfio-user message has been
369 : * received or the controller hasn't been kicked yet.
370 : */
371 :
372 : /*
373 : * Number of times vfio_user_ctrlr_intr() has run:
374 : * vfio-user file descriptor has been ready or explicitly
375 : * kicked (see below).
376 : */
377 : uint64_t ctrlr_intr;
378 :
379 : /*
380 : * Kicks to the controller by ctrlr_kick().
381 : * ctrlr_intr - ctrlr_kicks is the number of times the
382 : * vfio-user poll file descriptor has been ready.
383 : */
384 : uint64_t ctrlr_kicks;
385 :
386 : /*
387 : * How many times we won the race arming an SQ.
388 : */
389 : uint64_t won;
390 :
391 : /*
392 : * How many times we lost the race arming an SQ
393 : */
394 : uint64_t lost;
395 :
396 : /*
397 : * How many requests we processed in total each time we lost
398 : * the rearm race.
399 : */
400 : uint64_t lost_count;
401 :
402 : /*
403 : * Number of attempts we attempted to rearm all the SQs in the
404 : * poll group.
405 : */
406 : uint64_t rearms;
407 :
408 : uint64_t pg_process_count;
409 : uint64_t intr;
410 : uint64_t polls;
411 : uint64_t polls_spurious;
412 : uint64_t poll_reqs;
413 : uint64_t poll_reqs_squared;
414 : uint64_t cqh_admin_writes;
415 : uint64_t cqh_io_writes;
416 : } stats;
417 : };
418 :
419 : struct nvmf_vfio_user_shadow_doorbells {
420 : volatile uint32_t *shadow_doorbells;
421 : volatile uint32_t *eventidxs;
422 : dma_sg_t *sgs;
423 : struct iovec *iovs;
424 : };
425 :
426 : struct nvmf_vfio_user_ctrlr {
427 : struct nvmf_vfio_user_endpoint *endpoint;
428 : struct nvmf_vfio_user_transport *transport;
429 :
430 : /* Connected SQs list */
431 : TAILQ_HEAD(, nvmf_vfio_user_sq) connected_sqs;
432 : enum nvmf_vfio_user_ctrlr_state state;
433 :
434 : /*
435 : * Tells whether live migration data have been prepared. This is used
436 : * by the get_pending_bytes callback to tell whether or not the
437 : * previous iteration finished.
438 : */
439 : bool migr_data_prepared;
440 :
441 : /* Controller is in source VM when doing live migration */
442 : bool in_source_vm;
443 :
444 : struct spdk_thread *thread;
445 : struct spdk_poller *vfu_ctx_poller;
446 : struct spdk_interrupt *intr;
447 : int intr_fd;
448 :
449 : bool queued_quiesce;
450 :
451 : bool reset_shn;
452 : bool disconnect;
453 :
454 : uint16_t cntlid;
455 : struct spdk_nvmf_ctrlr *ctrlr;
456 :
457 : struct nvmf_vfio_user_sq *sqs[NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR];
458 : struct nvmf_vfio_user_cq *cqs[NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR];
459 :
460 : TAILQ_ENTRY(nvmf_vfio_user_ctrlr) link;
461 :
462 : volatile uint32_t *bar0_doorbells;
463 : struct nvmf_vfio_user_shadow_doorbells *sdbl;
464 : /*
465 : * Shadow doorbells PRPs to provide during the stop-and-copy state.
466 : */
467 : uint64_t shadow_doorbell_buffer;
468 : uint64_t eventidx_buffer;
469 :
470 : bool adaptive_irqs_enabled;
471 : };
472 :
473 : /* Endpoint in vfio-user is associated with a socket file, which
474 : * is the representative of a PCI endpoint.
475 : */
476 : struct nvmf_vfio_user_endpoint {
477 : struct nvmf_vfio_user_transport *transport;
478 : vfu_ctx_t *vfu_ctx;
479 : struct spdk_poller *accept_poller;
480 : struct spdk_thread *accept_thread;
481 : bool interrupt_mode;
482 : struct msixcap *msix;
483 : vfu_pci_config_space_t *pci_config_space;
484 : int devmem_fd;
485 : int accept_intr_fd;
486 : struct spdk_interrupt *accept_intr;
487 :
488 : volatile uint32_t *bar0_doorbells;
489 :
490 : int migr_fd;
491 : void *migr_data;
492 :
493 : struct spdk_nvme_transport_id trid;
494 : struct spdk_nvmf_subsystem *subsystem;
495 :
496 : /* Controller is associated with an active socket connection,
497 : * the lifecycle of the controller is same as the VM.
498 : * Currently we only support one active connection, as the NVMe
499 : * specification defines, we may support multiple controllers in
500 : * future, so that it can support e.g: RESERVATION.
501 : */
502 : struct nvmf_vfio_user_ctrlr *ctrlr;
503 : pthread_mutex_t lock;
504 :
505 : bool need_async_destroy;
506 : /* The subsystem is in PAUSED state and need to be resumed, TRUE
507 : * only when migration is done successfully and the controller is
508 : * in source VM.
509 : */
510 : bool need_resume;
511 : /* Start the accept poller again after destroying the controller */
512 : bool need_relisten;
513 :
514 : TAILQ_ENTRY(nvmf_vfio_user_endpoint) link;
515 : };
516 :
517 : struct nvmf_vfio_user_transport_opts {
518 : bool disable_mappable_bar0;
519 : bool disable_adaptive_irq;
520 : bool disable_shadow_doorbells;
521 : bool disable_compare;
522 : bool enable_intr_mode_sq_spreading;
523 : };
524 :
525 : struct nvmf_vfio_user_transport {
526 : struct spdk_nvmf_transport transport;
527 : struct nvmf_vfio_user_transport_opts transport_opts;
528 : bool intr_mode_supported;
529 : pthread_mutex_t lock;
530 : TAILQ_HEAD(, nvmf_vfio_user_endpoint) endpoints;
531 :
532 : pthread_mutex_t pg_lock;
533 : TAILQ_HEAD(, nvmf_vfio_user_poll_group) poll_groups;
534 : struct nvmf_vfio_user_poll_group *next_pg;
535 : };
536 :
537 : /*
538 : * function prototypes
539 : */
540 : static int nvmf_vfio_user_req_free(struct spdk_nvmf_request *req);
541 :
542 : static struct nvmf_vfio_user_req *get_nvmf_vfio_user_req(struct nvmf_vfio_user_sq *sq);
543 :
544 : /*
545 : * Local process virtual address of a queue.
546 : */
547 : static inline void *
548 0 : q_addr(struct nvme_q_mapping *mapping)
549 : {
550 0 : return mapping->iov.iov_base;
551 : }
552 :
553 : static inline int
554 0 : queue_index(uint16_t qid, bool is_cq)
555 : {
556 0 : return (qid * 2) + is_cq;
557 : }
558 :
559 : static inline volatile uint32_t *
560 0 : sq_headp(struct nvmf_vfio_user_sq *sq)
561 : {
562 0 : assert(sq != NULL);
563 0 : return &sq->head;
564 : }
565 :
566 : static inline volatile uint32_t *
567 0 : sq_dbl_tailp(struct nvmf_vfio_user_sq *sq)
568 : {
569 0 : assert(sq != NULL);
570 0 : return sq->dbl_tailp;
571 : }
572 :
573 : static inline volatile uint32_t *
574 0 : cq_dbl_headp(struct nvmf_vfio_user_cq *cq)
575 : {
576 0 : assert(cq != NULL);
577 0 : return cq->dbl_headp;
578 : }
579 :
580 : static inline volatile uint32_t *
581 0 : cq_tailp(struct nvmf_vfio_user_cq *cq)
582 : {
583 0 : assert(cq != NULL);
584 0 : return &cq->tail;
585 : }
586 :
587 : static inline void
588 0 : sq_head_advance(struct nvmf_vfio_user_sq *sq)
589 : {
590 0 : assert(sq != NULL);
591 :
592 0 : assert(*sq_headp(sq) < sq->size);
593 0 : (*sq_headp(sq))++;
594 :
595 0 : if (spdk_unlikely(*sq_headp(sq) == sq->size)) {
596 0 : *sq_headp(sq) = 0;
597 0 : }
598 0 : }
599 :
600 : static inline void
601 0 : cq_tail_advance(struct nvmf_vfio_user_cq *cq)
602 : {
603 0 : assert(cq != NULL);
604 :
605 0 : assert(*cq_tailp(cq) < cq->size);
606 0 : (*cq_tailp(cq))++;
607 :
608 0 : if (spdk_unlikely(*cq_tailp(cq) == cq->size)) {
609 0 : *cq_tailp(cq) = 0;
610 0 : cq->phase = !cq->phase;
611 0 : }
612 0 : }
613 :
614 : static bool
615 0 : io_q_exists(struct nvmf_vfio_user_ctrlr *vu_ctrlr, const uint16_t qid, const bool is_cq)
616 : {
617 0 : assert(vu_ctrlr != NULL);
618 :
619 0 : if (qid == 0 || qid >= NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR) {
620 0 : return false;
621 : }
622 :
623 0 : if (is_cq) {
624 0 : if (vu_ctrlr->cqs[qid] == NULL) {
625 0 : return false;
626 : }
627 :
628 0 : return (vu_ctrlr->cqs[qid]->cq_state != VFIO_USER_CQ_DELETED &&
629 0 : vu_ctrlr->cqs[qid]->cq_state != VFIO_USER_CQ_UNUSED);
630 : }
631 :
632 0 : if (vu_ctrlr->sqs[qid] == NULL) {
633 0 : return false;
634 : }
635 :
636 0 : return (vu_ctrlr->sqs[qid]->sq_state != VFIO_USER_SQ_DELETED &&
637 0 : vu_ctrlr->sqs[qid]->sq_state != VFIO_USER_SQ_UNUSED);
638 0 : }
639 :
640 : static char *
641 0 : endpoint_id(struct nvmf_vfio_user_endpoint *endpoint)
642 : {
643 0 : return endpoint->trid.traddr;
644 : }
645 :
646 : static char *
647 0 : ctrlr_id(struct nvmf_vfio_user_ctrlr *ctrlr)
648 : {
649 0 : if (!ctrlr || !ctrlr->endpoint) {
650 0 : return "Null Ctrlr";
651 : }
652 :
653 0 : return endpoint_id(ctrlr->endpoint);
654 0 : }
655 :
656 : /* Return the poll group for the admin queue of the controller. */
657 : static inline struct nvmf_vfio_user_poll_group *
658 0 : ctrlr_to_poll_group(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
659 : {
660 0 : return SPDK_CONTAINEROF(vu_ctrlr->sqs[0]->group,
661 : struct nvmf_vfio_user_poll_group,
662 : group);
663 : }
664 :
665 : static inline struct nvmf_vfio_user_poll_group *
666 0 : sq_to_poll_group(struct nvmf_vfio_user_sq *sq)
667 : {
668 0 : return SPDK_CONTAINEROF(sq->group, struct nvmf_vfio_user_poll_group,
669 : group);
670 : }
671 :
672 : static inline struct spdk_thread *
673 0 : poll_group_to_thread(struct nvmf_vfio_user_poll_group *vu_pg)
674 : {
675 0 : return vu_pg->group.group->thread;
676 : }
677 :
678 : static dma_sg_t *
679 0 : index_to_sg_t(void *arr, size_t i)
680 : {
681 0 : return (dma_sg_t *)((uintptr_t)arr + i * dma_sg_size());
682 : }
683 :
684 : static inline size_t
685 0 : vfio_user_migr_data_len(void)
686 : {
687 0 : return SPDK_ALIGN_CEIL(sizeof(struct vfio_user_nvme_migr_state), PAGE_SIZE);
688 : }
689 :
690 : static inline bool
691 0 : in_interrupt_mode(struct nvmf_vfio_user_transport *vu_transport)
692 : {
693 0 : return spdk_interrupt_mode_is_enabled() &&
694 0 : vu_transport->intr_mode_supported;
695 : }
696 :
697 : static int vfio_user_ctrlr_intr(void *ctx);
698 :
699 : static void
700 0 : vfio_user_msg_ctrlr_intr(void *ctx)
701 : {
702 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = ctx;
703 0 : struct nvmf_vfio_user_poll_group *vu_ctrlr_group = ctrlr_to_poll_group(vu_ctrlr);
704 :
705 0 : vu_ctrlr_group->stats.ctrlr_kicks++;
706 :
707 0 : vfio_user_ctrlr_intr(ctx);
708 0 : }
709 :
710 : /*
711 : * Kick (force a wakeup) of all poll groups for this controller.
712 : * vfio_user_ctrlr_intr() itself arranges for kicking other poll groups if
713 : * needed.
714 : */
715 : static void
716 0 : ctrlr_kick(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
717 : {
718 0 : struct nvmf_vfio_user_poll_group *vu_ctrlr_group;
719 :
720 0 : SPDK_DEBUGLOG(vfio_user_db, "%s: kicked\n", ctrlr_id(vu_ctrlr));
721 :
722 0 : vu_ctrlr_group = ctrlr_to_poll_group(vu_ctrlr);
723 :
724 0 : spdk_thread_send_msg(poll_group_to_thread(vu_ctrlr_group),
725 0 : vfio_user_msg_ctrlr_intr, vu_ctrlr);
726 0 : }
727 :
728 : /*
729 : * Make the given DMA address and length available (locally mapped) via iov.
730 : */
731 : static void *
732 0 : map_one(vfu_ctx_t *ctx, uint64_t addr, uint64_t len, dma_sg_t *sg,
733 : struct iovec *iov, int32_t flags)
734 : {
735 0 : int prot = PROT_READ;
736 0 : int ret;
737 :
738 0 : if (flags & MAP_RW) {
739 0 : prot |= PROT_WRITE;
740 0 : }
741 :
742 0 : assert(ctx != NULL);
743 0 : assert(sg != NULL);
744 0 : assert(iov != NULL);
745 :
746 0 : ret = vfu_addr_to_sgl(ctx, (void *)(uintptr_t)addr, len, sg, 1, prot);
747 0 : if (ret < 0) {
748 0 : if (ret == -1) {
749 0 : if (!(flags & MAP_QUIET)) {
750 0 : SPDK_ERRLOG("failed to translate IOVA [%#lx, %#lx) (prot=%d) to local VA: %m\n",
751 : addr, addr + len, prot);
752 0 : }
753 0 : } else {
754 0 : SPDK_ERRLOG("failed to translate IOVA [%#lx, %#lx) (prot=%d) to local VA: %d segments needed\n",
755 : addr, addr + len, prot, -(ret + 1));
756 : }
757 0 : return NULL;
758 : }
759 :
760 0 : ret = vfu_sgl_get(ctx, sg, iov, 1, 0);
761 0 : if (ret != 0) {
762 0 : SPDK_ERRLOG("failed to get iovec for IOVA [%#lx, %#lx): %m\n",
763 : addr, addr + len);
764 0 : return NULL;
765 : }
766 :
767 0 : assert(iov->iov_base != NULL);
768 0 : return iov->iov_base;
769 0 : }
770 :
771 : static int
772 5 : nvme_cmd_map_prps(void *prv, struct spdk_nvme_cmd *cmd, struct iovec *iovs,
773 : uint32_t max_iovcnt, uint32_t len, size_t mps,
774 : void *(*gpa_to_vva)(void *prv, uint64_t addr, uint64_t len, uint32_t flags))
775 : {
776 5 : uint64_t prp1, prp2;
777 5 : void *vva;
778 5 : uint32_t i;
779 5 : uint32_t residue_len, nents;
780 5 : uint64_t *prp_list;
781 5 : uint32_t iovcnt;
782 :
783 5 : assert(max_iovcnt > 0);
784 :
785 5 : prp1 = cmd->dptr.prp.prp1;
786 5 : prp2 = cmd->dptr.prp.prp2;
787 :
788 : /* PRP1 may started with unaligned page address */
789 5 : residue_len = mps - (prp1 % mps);
790 5 : residue_len = spdk_min(len, residue_len);
791 :
792 5 : vva = gpa_to_vva(prv, prp1, residue_len, MAP_RW);
793 5 : if (spdk_unlikely(vva == NULL)) {
794 0 : SPDK_ERRLOG("GPA to VVA failed\n");
795 0 : return -EINVAL;
796 : }
797 5 : len -= residue_len;
798 5 : if (len && max_iovcnt < 2) {
799 1 : SPDK_ERRLOG("Too many page entries, at least two iovs are required\n");
800 1 : return -ERANGE;
801 : }
802 4 : iovs[0].iov_base = vva;
803 4 : iovs[0].iov_len = residue_len;
804 :
805 4 : if (len) {
806 3 : if (spdk_unlikely(prp2 == 0)) {
807 0 : SPDK_ERRLOG("no PRP2, %d remaining\n", len);
808 0 : return -EINVAL;
809 : }
810 :
811 3 : if (len <= mps) {
812 : /* 2 PRP used */
813 1 : iovcnt = 2;
814 1 : vva = gpa_to_vva(prv, prp2, len, MAP_RW);
815 1 : if (spdk_unlikely(vva == NULL)) {
816 0 : SPDK_ERRLOG("no VVA for %#" PRIx64 ", len%#x\n",
817 : prp2, len);
818 0 : return -EINVAL;
819 : }
820 1 : iovs[1].iov_base = vva;
821 1 : iovs[1].iov_len = len;
822 1 : } else {
823 : /* PRP list used */
824 2 : nents = (len + mps - 1) / mps;
825 2 : if (spdk_unlikely(nents + 1 > max_iovcnt)) {
826 1 : SPDK_ERRLOG("Too many page entries\n");
827 1 : return -ERANGE;
828 : }
829 :
830 1 : vva = gpa_to_vva(prv, prp2, nents * sizeof(*prp_list), MAP_R);
831 1 : if (spdk_unlikely(vva == NULL)) {
832 0 : SPDK_ERRLOG("no VVA for %#" PRIx64 ", nents=%#x\n",
833 : prp2, nents);
834 0 : return -EINVAL;
835 : }
836 1 : prp_list = vva;
837 1 : i = 0;
838 33 : while (len != 0) {
839 32 : residue_len = spdk_min(len, mps);
840 32 : vva = gpa_to_vva(prv, prp_list[i], residue_len, MAP_RW);
841 32 : if (spdk_unlikely(vva == NULL)) {
842 0 : SPDK_ERRLOG("no VVA for %#" PRIx64 ", residue_len=%#x\n",
843 : prp_list[i], residue_len);
844 0 : return -EINVAL;
845 : }
846 32 : iovs[i + 1].iov_base = vva;
847 32 : iovs[i + 1].iov_len = residue_len;
848 32 : len -= residue_len;
849 32 : i++;
850 : }
851 1 : iovcnt = i + 1;
852 : }
853 2 : } else {
854 : /* 1 PRP used */
855 1 : iovcnt = 1;
856 : }
857 :
858 3 : assert(iovcnt <= max_iovcnt);
859 3 : return iovcnt;
860 5 : }
861 :
862 : static int
863 4 : nvme_cmd_map_sgls_data(void *prv, struct spdk_nvme_sgl_descriptor *sgls, uint32_t num_sgls,
864 : struct iovec *iovs, uint32_t max_iovcnt,
865 : void *(*gpa_to_vva)(void *prv, uint64_t addr, uint64_t len, uint32_t flags))
866 : {
867 4 : uint32_t i;
868 4 : void *vva;
869 :
870 4 : if (spdk_unlikely(max_iovcnt < num_sgls)) {
871 1 : return -ERANGE;
872 : }
873 :
874 8 : for (i = 0; i < num_sgls; i++) {
875 5 : if (spdk_unlikely(sgls[i].unkeyed.type != SPDK_NVME_SGL_TYPE_DATA_BLOCK)) {
876 0 : SPDK_ERRLOG("Invalid SGL type %u\n", sgls[i].unkeyed.type);
877 0 : return -EINVAL;
878 : }
879 5 : vva = gpa_to_vva(prv, sgls[i].address, sgls[i].unkeyed.length, MAP_RW);
880 5 : if (spdk_unlikely(vva == NULL)) {
881 0 : SPDK_ERRLOG("GPA to VVA failed\n");
882 0 : return -EINVAL;
883 : }
884 5 : iovs[i].iov_base = vva;
885 5 : iovs[i].iov_len = sgls[i].unkeyed.length;
886 5 : }
887 :
888 3 : return num_sgls;
889 4 : }
890 :
891 : static int
892 4 : nvme_cmd_map_sgls(void *prv, struct spdk_nvme_cmd *cmd, struct iovec *iovs, uint32_t max_iovcnt,
893 : uint32_t len, size_t mps,
894 : void *(*gpa_to_vva)(void *prv, uint64_t addr, uint64_t len, uint32_t flags))
895 : {
896 4 : struct spdk_nvme_sgl_descriptor *sgl, *last_sgl;
897 4 : uint32_t num_sgls, seg_len;
898 4 : void *vva;
899 4 : int ret;
900 4 : uint32_t total_iovcnt = 0;
901 :
902 : /* SGL cases */
903 4 : sgl = &cmd->dptr.sgl1;
904 :
905 : /* only one SGL segment */
906 4 : if (sgl->unkeyed.type == SPDK_NVME_SGL_TYPE_DATA_BLOCK) {
907 1 : assert(max_iovcnt > 0);
908 1 : vva = gpa_to_vva(prv, sgl->address, sgl->unkeyed.length, MAP_RW);
909 1 : if (spdk_unlikely(vva == NULL)) {
910 0 : SPDK_ERRLOG("GPA to VVA failed\n");
911 0 : return -EINVAL;
912 : }
913 1 : iovs[0].iov_base = vva;
914 1 : iovs[0].iov_len = sgl->unkeyed.length;
915 1 : assert(sgl->unkeyed.length == len);
916 :
917 1 : return 1;
918 : }
919 :
920 4 : for (;;) {
921 4 : if (spdk_unlikely((sgl->unkeyed.type != SPDK_NVME_SGL_TYPE_SEGMENT) &&
922 : (sgl->unkeyed.type != SPDK_NVME_SGL_TYPE_LAST_SEGMENT))) {
923 0 : SPDK_ERRLOG("Invalid SGL type %u\n", sgl->unkeyed.type);
924 0 : return -EINVAL;
925 : }
926 :
927 4 : seg_len = sgl->unkeyed.length;
928 4 : if (spdk_unlikely(seg_len % sizeof(struct spdk_nvme_sgl_descriptor))) {
929 0 : SPDK_ERRLOG("Invalid SGL segment len %u\n", seg_len);
930 0 : return -EINVAL;
931 : }
932 :
933 4 : num_sgls = seg_len / sizeof(struct spdk_nvme_sgl_descriptor);
934 4 : vva = gpa_to_vva(prv, sgl->address, sgl->unkeyed.length, MAP_R);
935 4 : if (spdk_unlikely(vva == NULL)) {
936 0 : SPDK_ERRLOG("GPA to VVA failed\n");
937 0 : return -EINVAL;
938 : }
939 :
940 : /* sgl point to the first segment */
941 4 : sgl = (struct spdk_nvme_sgl_descriptor *)vva;
942 4 : last_sgl = &sgl[num_sgls - 1];
943 :
944 : /* we are done */
945 4 : if (last_sgl->unkeyed.type == SPDK_NVME_SGL_TYPE_DATA_BLOCK) {
946 : /* map whole sgl list */
947 3 : ret = nvme_cmd_map_sgls_data(prv, sgl, num_sgls, &iovs[total_iovcnt],
948 3 : max_iovcnt - total_iovcnt, gpa_to_vva);
949 3 : if (spdk_unlikely(ret < 0)) {
950 1 : return ret;
951 : }
952 2 : total_iovcnt += ret;
953 :
954 2 : return total_iovcnt;
955 : }
956 :
957 1 : if (num_sgls > 1) {
958 : /* map whole sgl exclude last_sgl */
959 1 : ret = nvme_cmd_map_sgls_data(prv, sgl, num_sgls - 1, &iovs[total_iovcnt],
960 1 : max_iovcnt - total_iovcnt, gpa_to_vva);
961 1 : if (spdk_unlikely(ret < 0)) {
962 0 : return ret;
963 : }
964 1 : total_iovcnt += ret;
965 1 : }
966 :
967 : /* move to next level's segments */
968 1 : sgl = last_sgl;
969 : }
970 :
971 : return 0;
972 4 : }
973 :
974 : static int
975 0 : nvme_map_cmd(void *prv, struct spdk_nvme_cmd *cmd, struct iovec *iovs, uint32_t max_iovcnt,
976 : uint32_t len, size_t mps,
977 : void *(*gpa_to_vva)(void *prv, uint64_t addr, uint64_t len, uint32_t flags))
978 : {
979 0 : if (cmd->psdt == SPDK_NVME_PSDT_PRP) {
980 0 : return nvme_cmd_map_prps(prv, cmd, iovs, max_iovcnt, len, mps, gpa_to_vva);
981 : }
982 :
983 0 : return nvme_cmd_map_sgls(prv, cmd, iovs, max_iovcnt, len, mps, gpa_to_vva);
984 0 : }
985 :
986 : /*
987 : * For each queue, update the location of its doorbell to the correct location:
988 : * either our own BAR0, or the guest's configured shadow doorbell area.
989 : *
990 : * The Admin queue (qid: 0) does not ever use shadow doorbells.
991 : */
992 : static void
993 0 : vfio_user_ctrlr_switch_doorbells(struct nvmf_vfio_user_ctrlr *ctrlr, bool shadow)
994 : {
995 0 : volatile uint32_t *doorbells = shadow ? ctrlr->sdbl->shadow_doorbells :
996 0 : ctrlr->bar0_doorbells;
997 :
998 0 : assert(doorbells != NULL);
999 :
1000 0 : for (size_t i = 1; i < NVMF_VFIO_USER_DEFAULT_MAX_QPAIRS_PER_CTRLR; i++) {
1001 0 : struct nvmf_vfio_user_sq *sq = ctrlr->sqs[i];
1002 0 : struct nvmf_vfio_user_cq *cq = ctrlr->cqs[i];
1003 :
1004 0 : if (sq != NULL) {
1005 0 : sq->dbl_tailp = doorbells + queue_index(sq->qid, false);
1006 :
1007 0 : ctrlr->sqs[i]->need_rearm = shadow;
1008 0 : }
1009 :
1010 0 : if (cq != NULL) {
1011 0 : cq->dbl_headp = doorbells + queue_index(cq->qid, true);
1012 0 : }
1013 0 : }
1014 0 : }
1015 :
1016 : static void
1017 0 : unmap_sdbl(vfu_ctx_t *vfu_ctx, struct nvmf_vfio_user_shadow_doorbells *sdbl)
1018 : {
1019 0 : assert(vfu_ctx != NULL);
1020 0 : assert(sdbl != NULL);
1021 :
1022 : /*
1023 : * An allocation error would result in only one of the two being
1024 : * non-NULL. If that is the case, no memory should have been mapped.
1025 : */
1026 0 : if (sdbl->iovs == NULL || sdbl->sgs == NULL) {
1027 0 : return;
1028 : }
1029 :
1030 0 : for (size_t i = 0; i < NVMF_VFIO_USER_SHADOW_DOORBELLS_BUFFER_COUNT; ++i) {
1031 0 : struct iovec *iov;
1032 0 : dma_sg_t *sg;
1033 :
1034 0 : if (!sdbl->iovs[i].iov_len) {
1035 0 : continue;
1036 : }
1037 :
1038 0 : sg = index_to_sg_t(sdbl->sgs, i);
1039 0 : iov = sdbl->iovs + i;
1040 :
1041 0 : vfu_sgl_put(vfu_ctx, sg, iov, 1);
1042 0 : }
1043 0 : }
1044 :
1045 : static void
1046 0 : free_sdbl(vfu_ctx_t *vfu_ctx, struct nvmf_vfio_user_shadow_doorbells *sdbl)
1047 : {
1048 0 : if (sdbl == NULL) {
1049 0 : return;
1050 : }
1051 :
1052 0 : unmap_sdbl(vfu_ctx, sdbl);
1053 :
1054 : /*
1055 : * sdbl->shadow_doorbells and sdbl->eventidxs were mapped,
1056 : * not allocated, so don't free() them.
1057 : */
1058 0 : free(sdbl->sgs);
1059 0 : free(sdbl->iovs);
1060 0 : free(sdbl);
1061 0 : }
1062 :
1063 : static struct nvmf_vfio_user_shadow_doorbells *
1064 0 : map_sdbl(vfu_ctx_t *vfu_ctx, uint64_t prp1, uint64_t prp2, size_t len)
1065 : {
1066 0 : struct nvmf_vfio_user_shadow_doorbells *sdbl = NULL;
1067 0 : dma_sg_t *sg2 = NULL;
1068 0 : void *p;
1069 :
1070 0 : assert(vfu_ctx != NULL);
1071 :
1072 0 : sdbl = calloc(1, sizeof(*sdbl));
1073 0 : if (sdbl == NULL) {
1074 0 : goto err;
1075 : }
1076 :
1077 0 : sdbl->sgs = calloc(NVMF_VFIO_USER_SHADOW_DOORBELLS_BUFFER_COUNT, dma_sg_size());
1078 0 : sdbl->iovs = calloc(NVMF_VFIO_USER_SHADOW_DOORBELLS_BUFFER_COUNT, sizeof(*sdbl->iovs));
1079 0 : if (sdbl->sgs == NULL || sdbl->iovs == NULL) {
1080 0 : goto err;
1081 : }
1082 :
1083 : /* Map shadow doorbell buffer (PRP1). */
1084 0 : p = map_one(vfu_ctx, prp1, len, sdbl->sgs, sdbl->iovs, MAP_RW);
1085 :
1086 0 : if (p == NULL) {
1087 0 : goto err;
1088 : }
1089 :
1090 : /*
1091 : * Map eventidx buffer (PRP2).
1092 : * Should only be written to by the controller.
1093 : */
1094 :
1095 0 : sg2 = index_to_sg_t(sdbl->sgs, 1);
1096 :
1097 0 : p = map_one(vfu_ctx, prp2, len, sg2, sdbl->iovs + 1, MAP_RW);
1098 :
1099 0 : if (p == NULL) {
1100 0 : goto err;
1101 : }
1102 :
1103 0 : sdbl->shadow_doorbells = (uint32_t *)sdbl->iovs[0].iov_base;
1104 0 : sdbl->eventidxs = (uint32_t *)sdbl->iovs[1].iov_base;
1105 :
1106 0 : return sdbl;
1107 :
1108 : err:
1109 0 : free_sdbl(vfu_ctx, sdbl);
1110 0 : return NULL;
1111 0 : }
1112 :
1113 : /*
1114 : * Copy doorbells from one buffer to the other, during switches between BAR0
1115 : * doorbells and shadow doorbells.
1116 : */
1117 : static void
1118 0 : copy_doorbells(struct nvmf_vfio_user_ctrlr *ctrlr,
1119 : const volatile uint32_t *from, volatile uint32_t *to)
1120 : {
1121 0 : assert(ctrlr != NULL);
1122 0 : assert(from != NULL);
1123 0 : assert(to != NULL);
1124 :
1125 0 : SPDK_DEBUGLOG(vfio_user_db,
1126 : "%s: migrating shadow doorbells from %p to %p\n",
1127 : ctrlr_id(ctrlr), from, to);
1128 :
1129 : /* Can't use memcpy because it doesn't respect volatile semantics. */
1130 0 : for (size_t i = 0; i < NVMF_VFIO_USER_DEFAULT_MAX_QPAIRS_PER_CTRLR; ++i) {
1131 0 : if (ctrlr->sqs[i] != NULL) {
1132 0 : to[queue_index(i, false)] = from[queue_index(i, false)];
1133 0 : }
1134 :
1135 0 : if (ctrlr->cqs[i] != NULL) {
1136 0 : to[queue_index(i, true)] = from[queue_index(i, true)];
1137 0 : }
1138 0 : }
1139 0 : }
1140 :
1141 : static void
1142 0 : fail_ctrlr(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
1143 : {
1144 0 : const struct spdk_nvmf_registers *regs;
1145 :
1146 0 : assert(vu_ctrlr != NULL);
1147 0 : assert(vu_ctrlr->ctrlr != NULL);
1148 :
1149 0 : regs = spdk_nvmf_ctrlr_get_regs(vu_ctrlr->ctrlr);
1150 0 : if (regs->csts.bits.cfs == 0) {
1151 0 : SPDK_ERRLOG(":%s failing controller\n", ctrlr_id(vu_ctrlr));
1152 0 : }
1153 :
1154 0 : nvmf_ctrlr_set_fatal_status(vu_ctrlr->ctrlr);
1155 0 : }
1156 :
1157 : static inline bool
1158 0 : ctrlr_interrupt_enabled(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
1159 : {
1160 0 : assert(vu_ctrlr != NULL);
1161 0 : assert(vu_ctrlr->endpoint != NULL);
1162 :
1163 0 : vfu_pci_config_space_t *pci = vu_ctrlr->endpoint->pci_config_space;
1164 :
1165 0 : return (!pci->hdr.cmd.id || vu_ctrlr->endpoint->msix->mxc.mxe);
1166 0 : }
1167 :
1168 : static void
1169 1 : nvmf_vfio_user_destroy_endpoint(struct nvmf_vfio_user_endpoint *endpoint)
1170 : {
1171 1 : SPDK_DEBUGLOG(nvmf_vfio, "destroy endpoint %s\n", endpoint_id(endpoint));
1172 :
1173 1 : spdk_interrupt_unregister(&endpoint->accept_intr);
1174 1 : spdk_poller_unregister(&endpoint->accept_poller);
1175 :
1176 1 : if (endpoint->bar0_doorbells) {
1177 0 : munmap((void *)endpoint->bar0_doorbells, NVMF_VFIO_USER_DOORBELLS_SIZE);
1178 0 : }
1179 :
1180 1 : if (endpoint->devmem_fd > 0) {
1181 0 : close(endpoint->devmem_fd);
1182 0 : }
1183 :
1184 1 : if (endpoint->migr_data) {
1185 0 : munmap(endpoint->migr_data, vfio_user_migr_data_len());
1186 0 : }
1187 :
1188 1 : if (endpoint->migr_fd > 0) {
1189 0 : close(endpoint->migr_fd);
1190 0 : }
1191 :
1192 1 : if (endpoint->vfu_ctx) {
1193 0 : vfu_destroy_ctx(endpoint->vfu_ctx);
1194 0 : }
1195 :
1196 1 : pthread_mutex_destroy(&endpoint->lock);
1197 1 : free(endpoint);
1198 1 : }
1199 :
1200 : /* called when process exits */
1201 : static int
1202 1 : nvmf_vfio_user_destroy(struct spdk_nvmf_transport *transport,
1203 : spdk_nvmf_transport_destroy_done_cb cb_fn, void *cb_arg)
1204 : {
1205 1 : struct nvmf_vfio_user_transport *vu_transport;
1206 1 : struct nvmf_vfio_user_endpoint *endpoint, *tmp;
1207 :
1208 1 : SPDK_DEBUGLOG(nvmf_vfio, "destroy transport\n");
1209 :
1210 1 : vu_transport = SPDK_CONTAINEROF(transport, struct nvmf_vfio_user_transport,
1211 : transport);
1212 :
1213 1 : pthread_mutex_destroy(&vu_transport->lock);
1214 1 : pthread_mutex_destroy(&vu_transport->pg_lock);
1215 :
1216 2 : TAILQ_FOREACH_SAFE(endpoint, &vu_transport->endpoints, link, tmp) {
1217 1 : TAILQ_REMOVE(&vu_transport->endpoints, endpoint, link);
1218 1 : nvmf_vfio_user_destroy_endpoint(endpoint);
1219 1 : }
1220 :
1221 1 : free(vu_transport);
1222 :
1223 1 : if (cb_fn) {
1224 1 : cb_fn(cb_arg);
1225 1 : }
1226 :
1227 1 : return 0;
1228 1 : }
1229 :
1230 : static const struct spdk_json_object_decoder vfio_user_transport_opts_decoder[] = {
1231 : {
1232 : "disable_mappable_bar0",
1233 : offsetof(struct nvmf_vfio_user_transport, transport_opts.disable_mappable_bar0),
1234 : spdk_json_decode_bool, true
1235 : },
1236 : {
1237 : "disable_adaptive_irq",
1238 : offsetof(struct nvmf_vfio_user_transport, transport_opts.disable_adaptive_irq),
1239 : spdk_json_decode_bool, true
1240 : },
1241 : {
1242 : "disable_shadow_doorbells",
1243 : offsetof(struct nvmf_vfio_user_transport, transport_opts.disable_shadow_doorbells),
1244 : spdk_json_decode_bool, true
1245 : },
1246 : {
1247 : "disable_compare",
1248 : offsetof(struct nvmf_vfio_user_transport, transport_opts.disable_compare),
1249 : spdk_json_decode_bool, true
1250 : },
1251 : {
1252 : "enable_intr_mode_sq_spreading",
1253 : offsetof(struct nvmf_vfio_user_transport, transport_opts.enable_intr_mode_sq_spreading),
1254 : spdk_json_decode_bool, true
1255 : },
1256 : };
1257 :
1258 : static struct spdk_nvmf_transport *
1259 1 : nvmf_vfio_user_create(struct spdk_nvmf_transport_opts *opts)
1260 : {
1261 1 : struct nvmf_vfio_user_transport *vu_transport;
1262 1 : int err;
1263 :
1264 1 : if (opts->max_qpairs_per_ctrlr > NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR) {
1265 0 : SPDK_ERRLOG("Invalid max_qpairs_per_ctrlr=%d, supported max_qpairs_per_ctrlr=%d\n",
1266 : opts->max_qpairs_per_ctrlr, NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR);
1267 0 : return NULL;
1268 : }
1269 :
1270 1 : vu_transport = calloc(1, sizeof(*vu_transport));
1271 1 : if (vu_transport == NULL) {
1272 0 : SPDK_ERRLOG("Transport alloc fail: %m\n");
1273 0 : return NULL;
1274 : }
1275 :
1276 1 : err = pthread_mutex_init(&vu_transport->lock, NULL);
1277 1 : if (err != 0) {
1278 0 : SPDK_ERRLOG("Pthread initialisation failed (%d)\n", err);
1279 0 : goto err;
1280 : }
1281 1 : TAILQ_INIT(&vu_transport->endpoints);
1282 :
1283 1 : err = pthread_mutex_init(&vu_transport->pg_lock, NULL);
1284 1 : if (err != 0) {
1285 0 : pthread_mutex_destroy(&vu_transport->lock);
1286 0 : SPDK_ERRLOG("Pthread initialisation failed (%d)\n", err);
1287 0 : goto err;
1288 : }
1289 1 : TAILQ_INIT(&vu_transport->poll_groups);
1290 :
1291 1 : if (opts->transport_specific != NULL &&
1292 0 : spdk_json_decode_object_relaxed(opts->transport_specific, vfio_user_transport_opts_decoder,
1293 : SPDK_COUNTOF(vfio_user_transport_opts_decoder),
1294 0 : vu_transport)) {
1295 0 : SPDK_ERRLOG("spdk_json_decode_object_relaxed failed\n");
1296 0 : goto cleanup;
1297 : }
1298 :
1299 : /*
1300 : * To support interrupt mode, the transport must be configured with
1301 : * mappable BAR0 disabled: we need a vfio-user message to wake us up
1302 : * when a client writes new doorbell values to BAR0, via the
1303 : * libvfio-user socket fd.
1304 : */
1305 1 : vu_transport->intr_mode_supported =
1306 1 : vu_transport->transport_opts.disable_mappable_bar0;
1307 :
1308 : /*
1309 : * If BAR0 is mappable, it doesn't make sense to support shadow
1310 : * doorbells, so explicitly turn it off.
1311 : */
1312 1 : if (!vu_transport->transport_opts.disable_mappable_bar0) {
1313 1 : vu_transport->transport_opts.disable_shadow_doorbells = true;
1314 1 : }
1315 :
1316 1 : if (spdk_interrupt_mode_is_enabled()) {
1317 0 : if (!vu_transport->intr_mode_supported) {
1318 0 : SPDK_ERRLOG("interrupt mode not supported\n");
1319 0 : goto cleanup;
1320 : }
1321 :
1322 : /*
1323 : * If we are in interrupt mode, we cannot support adaptive IRQs,
1324 : * as there is no guarantee the SQ poller will run subsequently
1325 : * to send pending IRQs.
1326 : */
1327 0 : vu_transport->transport_opts.disable_adaptive_irq = true;
1328 0 : }
1329 :
1330 1 : SPDK_DEBUGLOG(nvmf_vfio, "vfio_user transport: disable_mappable_bar0=%d\n",
1331 : vu_transport->transport_opts.disable_mappable_bar0);
1332 1 : SPDK_DEBUGLOG(nvmf_vfio, "vfio_user transport: disable_adaptive_irq=%d\n",
1333 : vu_transport->transport_opts.disable_adaptive_irq);
1334 1 : SPDK_DEBUGLOG(nvmf_vfio, "vfio_user transport: disable_shadow_doorbells=%d\n",
1335 : vu_transport->transport_opts.disable_shadow_doorbells);
1336 :
1337 1 : return &vu_transport->transport;
1338 :
1339 : cleanup:
1340 0 : pthread_mutex_destroy(&vu_transport->lock);
1341 0 : pthread_mutex_destroy(&vu_transport->pg_lock);
1342 : err:
1343 0 : free(vu_transport);
1344 0 : return NULL;
1345 1 : }
1346 :
1347 : static uint32_t
1348 0 : max_queue_size(struct nvmf_vfio_user_ctrlr const *vu_ctrlr)
1349 : {
1350 0 : assert(vu_ctrlr != NULL);
1351 0 : assert(vu_ctrlr->ctrlr != NULL);
1352 :
1353 0 : return vu_ctrlr->ctrlr->vcprop.cap.bits.mqes + 1;
1354 : }
1355 :
1356 : static uint32_t
1357 0 : doorbell_stride(const struct nvmf_vfio_user_ctrlr *vu_ctrlr)
1358 : {
1359 0 : assert(vu_ctrlr != NULL);
1360 0 : assert(vu_ctrlr->ctrlr != NULL);
1361 :
1362 0 : return vu_ctrlr->ctrlr->vcprop.cap.bits.dstrd;
1363 : }
1364 :
1365 : static uintptr_t
1366 0 : memory_page_size(const struct nvmf_vfio_user_ctrlr *vu_ctrlr)
1367 : {
1368 0 : uint32_t memory_page_shift = vu_ctrlr->ctrlr->vcprop.cc.bits.mps + 12;
1369 0 : return 1ul << memory_page_shift;
1370 0 : }
1371 :
1372 : static uintptr_t
1373 0 : memory_page_mask(const struct nvmf_vfio_user_ctrlr *ctrlr)
1374 : {
1375 0 : return ~(memory_page_size(ctrlr) - 1);
1376 : }
1377 :
1378 : static int
1379 0 : map_q(struct nvmf_vfio_user_ctrlr *vu_ctrlr, struct nvme_q_mapping *mapping,
1380 : uint32_t flags)
1381 : {
1382 0 : void *ret;
1383 :
1384 0 : assert(mapping->len != 0);
1385 0 : assert(q_addr(mapping) == NULL);
1386 :
1387 0 : ret = map_one(vu_ctrlr->endpoint->vfu_ctx, mapping->prp1, mapping->len,
1388 0 : mapping->sg, &mapping->iov, flags);
1389 0 : if (ret == NULL) {
1390 0 : return -EFAULT;
1391 : }
1392 :
1393 0 : if (flags & MAP_INITIALIZE) {
1394 0 : memset(q_addr(mapping), 0, mapping->len);
1395 0 : }
1396 :
1397 0 : return 0;
1398 0 : }
1399 :
1400 : static inline void
1401 0 : unmap_q(struct nvmf_vfio_user_ctrlr *vu_ctrlr, struct nvme_q_mapping *mapping)
1402 : {
1403 0 : if (q_addr(mapping) != NULL) {
1404 0 : vfu_sgl_put(vu_ctrlr->endpoint->vfu_ctx, mapping->sg,
1405 0 : &mapping->iov, 1);
1406 0 : mapping->iov.iov_base = NULL;
1407 0 : }
1408 0 : }
1409 :
1410 : static int
1411 0 : asq_setup(struct nvmf_vfio_user_ctrlr *ctrlr)
1412 : {
1413 0 : struct nvmf_vfio_user_sq *sq;
1414 0 : const struct spdk_nvmf_registers *regs;
1415 0 : int ret;
1416 :
1417 0 : assert(ctrlr != NULL);
1418 :
1419 0 : sq = ctrlr->sqs[0];
1420 :
1421 0 : assert(sq != NULL);
1422 0 : assert(q_addr(&sq->mapping) == NULL);
1423 : /* XXX ctrlr->asq == 0 is a valid memory address */
1424 :
1425 0 : regs = spdk_nvmf_ctrlr_get_regs(ctrlr->ctrlr);
1426 0 : sq->qid = 0;
1427 0 : sq->size = regs->aqa.bits.asqs + 1;
1428 0 : sq->mapping.prp1 = regs->asq;
1429 0 : sq->mapping.len = sq->size * sizeof(struct spdk_nvme_cmd);
1430 0 : *sq_headp(sq) = 0;
1431 0 : sq->cqid = 0;
1432 :
1433 0 : ret = map_q(ctrlr, &sq->mapping, MAP_INITIALIZE);
1434 0 : if (ret) {
1435 0 : return ret;
1436 : }
1437 :
1438 : /* The Admin queue (qid: 0) does not ever use shadow doorbells. */
1439 0 : sq->dbl_tailp = ctrlr->bar0_doorbells + queue_index(0, false);
1440 :
1441 0 : *sq_dbl_tailp(sq) = 0;
1442 :
1443 0 : return 0;
1444 0 : }
1445 :
1446 : /*
1447 : * Updates eventidx to set an SQ into interrupt or polling mode.
1448 : *
1449 : * Returns false if the current SQ tail does not match the SQ head, as
1450 : * this means that the host has submitted more items to the queue while we were
1451 : * not looking - or during the event index update. In that case, we must retry,
1452 : * or otherwise make sure we are going to wake up again.
1453 : */
1454 : static bool
1455 0 : set_sq_eventidx(struct nvmf_vfio_user_sq *sq)
1456 : {
1457 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
1458 0 : volatile uint32_t *sq_tail_eidx;
1459 0 : uint32_t old_tail, new_tail;
1460 :
1461 0 : assert(sq != NULL);
1462 0 : assert(sq->ctrlr != NULL);
1463 0 : assert(sq->ctrlr->sdbl != NULL);
1464 0 : assert(sq->need_rearm);
1465 0 : assert(sq->qid != 0);
1466 :
1467 0 : ctrlr = sq->ctrlr;
1468 :
1469 0 : SPDK_DEBUGLOG(vfio_user_db, "%s: updating eventidx of sqid:%u\n",
1470 : ctrlr_id(ctrlr), sq->qid);
1471 :
1472 0 : sq_tail_eidx = ctrlr->sdbl->eventidxs + queue_index(sq->qid, false);
1473 :
1474 0 : assert(ctrlr->endpoint != NULL);
1475 :
1476 0 : if (!ctrlr->endpoint->interrupt_mode) {
1477 : /* No synchronisation necessary. */
1478 0 : *sq_tail_eidx = NVMF_VFIO_USER_EVENTIDX_POLL;
1479 0 : return true;
1480 : }
1481 :
1482 0 : old_tail = *sq_dbl_tailp(sq);
1483 0 : *sq_tail_eidx = old_tail;
1484 :
1485 : /*
1486 : * Ensure that the event index is updated before re-reading the tail
1487 : * doorbell. If it's not, then the host might race us and update the
1488 : * tail after the second read but before the event index is written, so
1489 : * it won't write to BAR0 and we'll miss the update.
1490 : *
1491 : * The driver should provide similar ordering with an mb().
1492 : */
1493 0 : spdk_mb();
1494 :
1495 : /*
1496 : * Check if the host has updated the tail doorbell after we've read it
1497 : * for the first time, but before the event index was written. If that's
1498 : * the case, then we've lost the race and we need to update the event
1499 : * index again (after polling the queue, since the host won't write to
1500 : * BAR0).
1501 : */
1502 0 : new_tail = *sq_dbl_tailp(sq);
1503 :
1504 : /*
1505 : * We might poll the queue straight after this function returns if the
1506 : * tail has been updated, so we need to ensure that any changes to the
1507 : * queue will be visible to us if the doorbell has been updated.
1508 : *
1509 : * The driver should provide similar ordering with a wmb() to ensure
1510 : * that the queue is written before it updates the tail doorbell.
1511 : */
1512 0 : spdk_rmb();
1513 :
1514 0 : SPDK_DEBUGLOG(vfio_user_db, "%s: sqid:%u, old_tail=%u, new_tail=%u, "
1515 : "sq_head=%u\n", ctrlr_id(ctrlr), sq->qid, old_tail,
1516 : new_tail, *sq_headp(sq));
1517 :
1518 0 : if (new_tail == *sq_headp(sq)) {
1519 0 : sq->need_rearm = false;
1520 0 : return true;
1521 : }
1522 :
1523 : /*
1524 : * We've lost the race: the tail was updated since we last polled,
1525 : * including if it happened within this routine.
1526 : *
1527 : * The caller should retry after polling (think of this as a cmpxchg
1528 : * loop); if we go to sleep while the SQ is not empty, then we won't
1529 : * process the remaining events.
1530 : */
1531 0 : return false;
1532 0 : }
1533 :
1534 : static int nvmf_vfio_user_sq_poll(struct nvmf_vfio_user_sq *sq);
1535 :
1536 : /*
1537 : * Arrange for an SQ to interrupt us if written. Returns non-zero if we
1538 : * processed some SQ entries.
1539 : */
1540 : static int
1541 0 : vfio_user_sq_rearm(struct nvmf_vfio_user_ctrlr *ctrlr,
1542 : struct nvmf_vfio_user_sq *sq,
1543 : struct nvmf_vfio_user_poll_group *vu_group)
1544 : {
1545 0 : int count = 0;
1546 0 : size_t i;
1547 :
1548 0 : assert(sq->need_rearm);
1549 :
1550 0 : for (i = 0; i < NVMF_VFIO_USER_SET_EVENTIDX_MAX_ATTEMPTS; i++) {
1551 0 : int ret;
1552 :
1553 0 : if (set_sq_eventidx(sq)) {
1554 : /* We won the race and set eventidx; done. */
1555 0 : vu_group->stats.won++;
1556 0 : return count;
1557 : }
1558 :
1559 0 : ret = nvmf_vfio_user_sq_poll(sq);
1560 :
1561 0 : count += (ret < 0) ? 1 : ret;
1562 :
1563 : /*
1564 : * set_sq_eventidx() hit the race, so we expected
1565 : * to process at least one command from this queue.
1566 : * If there were no new commands waiting for us, then
1567 : * we must have hit an unexpected race condition.
1568 : */
1569 0 : if (ret == 0) {
1570 0 : SPDK_ERRLOG("%s: unexpected race condition detected "
1571 : "while updating the shadow doorbell buffer\n",
1572 : ctrlr_id(ctrlr));
1573 :
1574 0 : fail_ctrlr(ctrlr);
1575 0 : return count;
1576 : }
1577 0 : }
1578 :
1579 0 : SPDK_DEBUGLOG(vfio_user_db,
1580 : "%s: set_sq_eventidx() lost the race %zu times\n",
1581 : ctrlr_id(ctrlr), i);
1582 :
1583 0 : vu_group->stats.lost++;
1584 0 : vu_group->stats.lost_count += count;
1585 :
1586 : /*
1587 : * We couldn't arrange an eventidx guaranteed to cause a BAR0 write, as
1588 : * we raced with the producer too many times; force ourselves to wake up
1589 : * instead. We'll process all queues at that point.
1590 : */
1591 0 : ctrlr_kick(ctrlr);
1592 :
1593 0 : return count;
1594 0 : }
1595 :
1596 : /*
1597 : * We're in interrupt mode, and potentially about to go to sleep. We need to
1598 : * make sure any further I/O submissions are guaranteed to wake us up: for
1599 : * shadow doorbells that means we may need to go through set_sq_eventidx() for
1600 : * every SQ that needs re-arming.
1601 : *
1602 : * Returns non-zero if we processed something.
1603 : */
1604 : static int
1605 0 : vfio_user_poll_group_rearm(struct nvmf_vfio_user_poll_group *vu_group)
1606 : {
1607 0 : struct nvmf_vfio_user_sq *sq;
1608 0 : int count = 0;
1609 :
1610 0 : vu_group->stats.rearms++;
1611 :
1612 0 : TAILQ_FOREACH(sq, &vu_group->sqs, link) {
1613 0 : if (spdk_unlikely(sq->sq_state != VFIO_USER_SQ_ACTIVE || !sq->size)) {
1614 0 : continue;
1615 : }
1616 :
1617 0 : if (sq->need_rearm) {
1618 0 : count += vfio_user_sq_rearm(sq->ctrlr, sq, vu_group);
1619 0 : }
1620 0 : }
1621 :
1622 0 : return count;
1623 0 : }
1624 :
1625 : static int
1626 0 : acq_setup(struct nvmf_vfio_user_ctrlr *ctrlr)
1627 : {
1628 0 : struct nvmf_vfio_user_cq *cq;
1629 0 : const struct spdk_nvmf_registers *regs;
1630 0 : int ret;
1631 :
1632 0 : assert(ctrlr != NULL);
1633 :
1634 0 : cq = ctrlr->cqs[0];
1635 :
1636 0 : assert(cq != NULL);
1637 :
1638 0 : assert(q_addr(&cq->mapping) == NULL);
1639 :
1640 0 : regs = spdk_nvmf_ctrlr_get_regs(ctrlr->ctrlr);
1641 0 : assert(regs != NULL);
1642 0 : cq->qid = 0;
1643 0 : cq->size = regs->aqa.bits.acqs + 1;
1644 0 : cq->mapping.prp1 = regs->acq;
1645 0 : cq->mapping.len = cq->size * sizeof(struct spdk_nvme_cpl);
1646 0 : *cq_tailp(cq) = 0;
1647 0 : cq->ien = true;
1648 0 : cq->phase = true;
1649 :
1650 0 : ret = map_q(ctrlr, &cq->mapping, MAP_RW | MAP_INITIALIZE);
1651 0 : if (ret) {
1652 0 : return ret;
1653 : }
1654 :
1655 : /* The Admin queue (qid: 0) does not ever use shadow doorbells. */
1656 0 : cq->dbl_headp = ctrlr->bar0_doorbells + queue_index(0, true);
1657 :
1658 0 : *cq_dbl_headp(cq) = 0;
1659 :
1660 0 : return 0;
1661 0 : }
1662 :
1663 : static void *
1664 0 : _map_one(void *prv, uint64_t addr, uint64_t len, uint32_t flags)
1665 : {
1666 0 : struct spdk_nvmf_request *req = (struct spdk_nvmf_request *)prv;
1667 0 : struct spdk_nvmf_qpair *qpair;
1668 0 : struct nvmf_vfio_user_req *vu_req;
1669 0 : struct nvmf_vfio_user_sq *sq;
1670 0 : void *ret;
1671 :
1672 0 : assert(req != NULL);
1673 0 : qpair = req->qpair;
1674 0 : vu_req = SPDK_CONTAINEROF(req, struct nvmf_vfio_user_req, req);
1675 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
1676 :
1677 0 : assert(vu_req->iovcnt < NVMF_VFIO_USER_MAX_IOVECS);
1678 0 : ret = map_one(sq->ctrlr->endpoint->vfu_ctx, addr, len,
1679 0 : index_to_sg_t(vu_req->sg, vu_req->iovcnt),
1680 0 : &vu_req->iov[vu_req->iovcnt], flags);
1681 0 : if (spdk_likely(ret != NULL)) {
1682 0 : vu_req->iovcnt++;
1683 0 : }
1684 0 : return ret;
1685 0 : }
1686 :
1687 : static int
1688 0 : vfio_user_map_cmd(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvmf_request *req,
1689 : struct iovec *iov, uint32_t length)
1690 : {
1691 : /* Map PRP list to from Guest physical memory to
1692 : * virtual memory address.
1693 : */
1694 0 : return nvme_map_cmd(req, &req->cmd->nvme_cmd, iov, NVMF_REQ_MAX_BUFFERS,
1695 0 : length, 4096, _map_one);
1696 : }
1697 :
1698 : static int handle_cmd_req(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvme_cmd *cmd,
1699 : struct nvmf_vfio_user_sq *sq);
1700 :
1701 : static uint32_t
1702 0 : cq_free_slots(struct nvmf_vfio_user_cq *cq)
1703 : {
1704 0 : uint32_t free_slots;
1705 :
1706 0 : assert(cq != NULL);
1707 :
1708 0 : if (cq->tail == cq->last_head) {
1709 0 : free_slots = cq->size;
1710 0 : } else if (cq->tail > cq->last_head) {
1711 0 : free_slots = cq->size - (cq->tail - cq->last_head);
1712 0 : } else {
1713 0 : free_slots = cq->last_head - cq->tail;
1714 : }
1715 0 : assert(free_slots > 0);
1716 :
1717 0 : return free_slots - 1;
1718 0 : }
1719 :
1720 : /*
1721 : * Since reading the head doorbell is relatively expensive, we use the cached
1722 : * value, so we only have to read it for real if it appears that we are full.
1723 : */
1724 : static inline bool
1725 0 : cq_is_full(struct nvmf_vfio_user_cq *cq)
1726 : {
1727 0 : uint32_t free_cq_slots;
1728 :
1729 0 : assert(cq != NULL);
1730 :
1731 0 : free_cq_slots = cq_free_slots(cq);
1732 :
1733 0 : if (spdk_unlikely(free_cq_slots == 0)) {
1734 0 : cq->last_head = *cq_dbl_headp(cq);
1735 0 : free_cq_slots = cq_free_slots(cq);
1736 0 : }
1737 :
1738 0 : return free_cq_slots == 0;
1739 0 : }
1740 :
1741 : /*
1742 : * Posts a CQE in the completion queue.
1743 : *
1744 : * @ctrlr: the vfio-user controller
1745 : * @cq: the completion queue
1746 : * @cdw0: cdw0 as reported by NVMf
1747 : * @sqid: submission queue ID
1748 : * @cid: command identifier in NVMe command
1749 : * @sc: the NVMe CQE status code
1750 : * @sct: the NVMe CQE status code type
1751 : */
1752 : static int
1753 0 : post_completion(struct nvmf_vfio_user_ctrlr *ctrlr, struct nvmf_vfio_user_cq *cq,
1754 : uint32_t cdw0, uint16_t sqid, uint16_t cid, uint16_t sc, uint16_t sct)
1755 : {
1756 0 : struct spdk_nvme_status cpl_status = { 0 };
1757 0 : struct spdk_nvme_cpl *cpl;
1758 0 : int err;
1759 :
1760 0 : assert(ctrlr != NULL);
1761 :
1762 0 : if (spdk_unlikely(cq == NULL || q_addr(&cq->mapping) == NULL)) {
1763 0 : return 0;
1764 : }
1765 :
1766 0 : if (cq->qid == 0) {
1767 0 : assert(spdk_get_thread() == cq->group->group->thread);
1768 0 : }
1769 :
1770 : /*
1771 : * As per NVMe Base spec 3.3.1.2.1, we are supposed to implement CQ flow
1772 : * control: if there is no space in the CQ, we should wait until there is.
1773 : *
1774 : * In practice, we just fail the controller instead: as it happens, all host
1775 : * implementations we care about right-size the CQ: this is required anyway for
1776 : * NVMEoF support (see 3.3.2.8).
1777 : */
1778 0 : if (cq_is_full(cq)) {
1779 0 : SPDK_ERRLOG("%s: cqid:%d full (tail=%d, head=%d)\n",
1780 : ctrlr_id(ctrlr), cq->qid, *cq_tailp(cq),
1781 : *cq_dbl_headp(cq));
1782 0 : return -1;
1783 : }
1784 :
1785 0 : cpl = ((struct spdk_nvme_cpl *)q_addr(&cq->mapping)) + *cq_tailp(cq);
1786 :
1787 0 : assert(ctrlr->sqs[sqid] != NULL);
1788 0 : SPDK_DEBUGLOG(nvmf_vfio,
1789 : "%s: request complete sqid:%d cid=%d status=%#x "
1790 : "sqhead=%d cq tail=%d\n", ctrlr_id(ctrlr), sqid, cid, sc,
1791 : *sq_headp(ctrlr->sqs[sqid]), *cq_tailp(cq));
1792 :
1793 0 : cpl->sqhd = *sq_headp(ctrlr->sqs[sqid]);
1794 0 : cpl->sqid = sqid;
1795 0 : cpl->cid = cid;
1796 0 : cpl->cdw0 = cdw0;
1797 :
1798 : /*
1799 : * This is a bitfield: instead of setting the individual bits we need
1800 : * directly in cpl->status, which would cause a read-modify-write cycle,
1801 : * we'll avoid reading from the CPL altogether by filling in a local
1802 : * cpl_status variable, then writing the whole thing.
1803 : */
1804 0 : cpl_status.sct = sct;
1805 0 : cpl_status.sc = sc;
1806 0 : cpl_status.p = cq->phase;
1807 0 : cpl->status = cpl_status;
1808 :
1809 : /* Ensure the Completion Queue Entry is visible. */
1810 0 : spdk_wmb();
1811 0 : cq_tail_advance(cq);
1812 :
1813 0 : if ((cq->qid == 0 || !ctrlr->adaptive_irqs_enabled) &&
1814 0 : cq->ien && ctrlr_interrupt_enabled(ctrlr)) {
1815 0 : err = vfu_irq_trigger(ctrlr->endpoint->vfu_ctx, cq->iv);
1816 0 : if (err != 0) {
1817 0 : SPDK_ERRLOG("%s: failed to trigger interrupt: %m\n",
1818 : ctrlr_id(ctrlr));
1819 0 : return err;
1820 : }
1821 0 : }
1822 :
1823 0 : return 0;
1824 0 : }
1825 :
1826 : static void
1827 0 : free_sq_reqs(struct nvmf_vfio_user_sq *sq)
1828 : {
1829 0 : while (!TAILQ_EMPTY(&sq->free_reqs)) {
1830 0 : struct nvmf_vfio_user_req *vu_req = TAILQ_FIRST(&sq->free_reqs);
1831 0 : TAILQ_REMOVE(&sq->free_reqs, vu_req, link);
1832 0 : free(vu_req);
1833 0 : }
1834 0 : }
1835 :
1836 : static void
1837 0 : delete_cq_done(struct nvmf_vfio_user_ctrlr *ctrlr, struct nvmf_vfio_user_cq *cq)
1838 : {
1839 0 : assert(cq->cq_ref == 0);
1840 0 : unmap_q(ctrlr, &cq->mapping);
1841 0 : cq->size = 0;
1842 0 : cq->cq_state = VFIO_USER_CQ_DELETED;
1843 0 : cq->group = NULL;
1844 0 : }
1845 :
1846 : /* Deletes a SQ, if this SQ is the last user of the associated CQ
1847 : * and the controller is being shut down/reset or vfio-user client disconnects,
1848 : * then the CQ is also deleted.
1849 : */
1850 : static void
1851 0 : delete_sq_done(struct nvmf_vfio_user_ctrlr *vu_ctrlr, struct nvmf_vfio_user_sq *sq)
1852 : {
1853 0 : struct nvmf_vfio_user_cq *cq;
1854 0 : uint16_t cqid;
1855 :
1856 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: delete sqid:%d=%p done\n", ctrlr_id(vu_ctrlr),
1857 : sq->qid, sq);
1858 :
1859 : /* Free SQ resources */
1860 0 : unmap_q(vu_ctrlr, &sq->mapping);
1861 :
1862 0 : free_sq_reqs(sq);
1863 :
1864 0 : sq->size = 0;
1865 :
1866 0 : sq->sq_state = VFIO_USER_SQ_DELETED;
1867 :
1868 : /* Controller RESET and SHUTDOWN are special cases,
1869 : * VM may not send DELETE IO SQ/CQ commands, NVMf library
1870 : * will disconnect IO queue pairs.
1871 : */
1872 0 : if (vu_ctrlr->reset_shn || vu_ctrlr->disconnect) {
1873 0 : cqid = sq->cqid;
1874 0 : cq = vu_ctrlr->cqs[cqid];
1875 :
1876 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: try to delete cqid:%u=%p\n", ctrlr_id(vu_ctrlr),
1877 : cq->qid, cq);
1878 :
1879 0 : assert(cq->cq_ref > 0);
1880 0 : if (--cq->cq_ref == 0) {
1881 0 : delete_cq_done(vu_ctrlr, cq);
1882 0 : }
1883 0 : }
1884 0 : }
1885 :
1886 : static void
1887 0 : free_qp(struct nvmf_vfio_user_ctrlr *ctrlr, uint16_t qid)
1888 : {
1889 0 : struct nvmf_vfio_user_sq *sq;
1890 0 : struct nvmf_vfio_user_cq *cq;
1891 :
1892 0 : if (ctrlr == NULL) {
1893 0 : return;
1894 : }
1895 :
1896 0 : sq = ctrlr->sqs[qid];
1897 0 : if (sq) {
1898 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: Free sqid:%u\n", ctrlr_id(ctrlr), qid);
1899 0 : unmap_q(ctrlr, &sq->mapping);
1900 :
1901 0 : free_sq_reqs(sq);
1902 :
1903 0 : free(sq->mapping.sg);
1904 0 : free(sq);
1905 0 : ctrlr->sqs[qid] = NULL;
1906 0 : }
1907 :
1908 0 : cq = ctrlr->cqs[qid];
1909 0 : if (cq) {
1910 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: Free cqid:%u\n", ctrlr_id(ctrlr), qid);
1911 0 : unmap_q(ctrlr, &cq->mapping);
1912 0 : free(cq->mapping.sg);
1913 0 : free(cq);
1914 0 : ctrlr->cqs[qid] = NULL;
1915 0 : }
1916 0 : }
1917 :
1918 : static int
1919 0 : init_sq(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvmf_transport *transport,
1920 : const uint16_t id)
1921 : {
1922 0 : struct nvmf_vfio_user_sq *sq;
1923 :
1924 0 : assert(ctrlr != NULL);
1925 0 : assert(transport != NULL);
1926 0 : assert(ctrlr->sqs[id] == NULL);
1927 :
1928 0 : sq = calloc(1, sizeof(*sq));
1929 0 : if (sq == NULL) {
1930 0 : return -ENOMEM;
1931 : }
1932 0 : sq->mapping.sg = calloc(1, dma_sg_size());
1933 0 : if (sq->mapping.sg == NULL) {
1934 0 : free(sq);
1935 0 : return -ENOMEM;
1936 : }
1937 :
1938 0 : sq->qid = id;
1939 0 : sq->qpair.qid = id;
1940 0 : sq->qpair.transport = transport;
1941 0 : sq->ctrlr = ctrlr;
1942 0 : ctrlr->sqs[id] = sq;
1943 :
1944 0 : TAILQ_INIT(&sq->free_reqs);
1945 :
1946 0 : return 0;
1947 0 : }
1948 :
1949 : static int
1950 0 : init_cq(struct nvmf_vfio_user_ctrlr *vu_ctrlr, const uint16_t id)
1951 : {
1952 0 : struct nvmf_vfio_user_cq *cq;
1953 :
1954 0 : assert(vu_ctrlr != NULL);
1955 0 : assert(vu_ctrlr->cqs[id] == NULL);
1956 :
1957 0 : cq = calloc(1, sizeof(*cq));
1958 0 : if (cq == NULL) {
1959 0 : return -ENOMEM;
1960 : }
1961 0 : cq->mapping.sg = calloc(1, dma_sg_size());
1962 0 : if (cq->mapping.sg == NULL) {
1963 0 : free(cq);
1964 0 : return -ENOMEM;
1965 : }
1966 :
1967 0 : cq->qid = id;
1968 0 : vu_ctrlr->cqs[id] = cq;
1969 :
1970 0 : return 0;
1971 0 : }
1972 :
1973 : static int
1974 0 : alloc_sq_reqs(struct nvmf_vfio_user_ctrlr *vu_ctrlr, struct nvmf_vfio_user_sq *sq)
1975 : {
1976 0 : struct nvmf_vfio_user_req *vu_req, *tmp;
1977 0 : size_t req_size;
1978 0 : uint32_t i;
1979 :
1980 0 : req_size = sizeof(struct nvmf_vfio_user_req) +
1981 0 : (dma_sg_size() * NVMF_VFIO_USER_MAX_IOVECS);
1982 :
1983 0 : for (i = 0; i < sq->size; i++) {
1984 0 : struct spdk_nvmf_request *req;
1985 :
1986 0 : vu_req = calloc(1, req_size);
1987 0 : if (vu_req == NULL) {
1988 0 : goto err;
1989 : }
1990 :
1991 0 : req = &vu_req->req;
1992 0 : req->qpair = &sq->qpair;
1993 0 : req->rsp = (union nvmf_c2h_msg *)&vu_req->rsp;
1994 0 : req->cmd = (union nvmf_h2c_msg *)&vu_req->cmd;
1995 0 : req->stripped_data = NULL;
1996 :
1997 0 : TAILQ_INSERT_TAIL(&sq->free_reqs, vu_req, link);
1998 0 : }
1999 :
2000 0 : return 0;
2001 :
2002 : err:
2003 0 : TAILQ_FOREACH_SAFE(vu_req, &sq->free_reqs, link, tmp) {
2004 0 : free(vu_req);
2005 0 : }
2006 0 : return -ENOMEM;
2007 0 : }
2008 :
2009 : static volatile uint32_t *
2010 0 : ctrlr_doorbell_ptr(struct nvmf_vfio_user_ctrlr *ctrlr)
2011 : {
2012 0 : return ctrlr->sdbl != NULL ?
2013 0 : ctrlr->sdbl->shadow_doorbells :
2014 0 : ctrlr->bar0_doorbells;
2015 : }
2016 :
2017 : static uint16_t
2018 0 : handle_create_io_sq(struct nvmf_vfio_user_ctrlr *ctrlr,
2019 : struct spdk_nvme_cmd *cmd, uint16_t *sct)
2020 : {
2021 0 : struct nvmf_vfio_user_transport *vu_transport = ctrlr->transport;
2022 0 : struct nvmf_vfio_user_sq *sq;
2023 0 : uint32_t qsize;
2024 0 : uint16_t cqid;
2025 0 : uint16_t qid;
2026 0 : int err;
2027 :
2028 0 : qid = cmd->cdw10_bits.create_io_q.qid;
2029 0 : cqid = cmd->cdw11_bits.create_io_sq.cqid;
2030 0 : qsize = cmd->cdw10_bits.create_io_q.qsize + 1;
2031 :
2032 0 : if (ctrlr->sqs[qid] == NULL) {
2033 0 : err = init_sq(ctrlr, ctrlr->sqs[0]->qpair.transport, qid);
2034 0 : if (err != 0) {
2035 0 : *sct = SPDK_NVME_SCT_GENERIC;
2036 0 : return SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2037 : }
2038 0 : }
2039 :
2040 0 : if (cqid == 0 || cqid >= vu_transport->transport.opts.max_qpairs_per_ctrlr) {
2041 0 : SPDK_ERRLOG("%s: invalid cqid:%u\n", ctrlr_id(ctrlr), cqid);
2042 0 : *sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2043 0 : return SPDK_NVME_SC_INVALID_QUEUE_IDENTIFIER;
2044 : }
2045 :
2046 : /* CQ must be created before SQ. */
2047 0 : if (!io_q_exists(ctrlr, cqid, true)) {
2048 0 : SPDK_ERRLOG("%s: cqid:%u does not exist\n", ctrlr_id(ctrlr), cqid);
2049 0 : *sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2050 0 : return SPDK_NVME_SC_COMPLETION_QUEUE_INVALID;
2051 : }
2052 :
2053 0 : if (cmd->cdw11_bits.create_io_sq.pc != 0x1) {
2054 0 : SPDK_ERRLOG("%s: non-PC SQ not supported\n", ctrlr_id(ctrlr));
2055 0 : *sct = SPDK_NVME_SCT_GENERIC;
2056 0 : return SPDK_NVME_SC_INVALID_FIELD;
2057 : }
2058 :
2059 0 : sq = ctrlr->sqs[qid];
2060 0 : sq->size = qsize;
2061 :
2062 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: sqid:%d cqid:%d\n", ctrlr_id(ctrlr),
2063 : qid, cqid);
2064 :
2065 0 : sq->mapping.prp1 = cmd->dptr.prp.prp1;
2066 0 : sq->mapping.len = sq->size * sizeof(struct spdk_nvme_cmd);
2067 :
2068 0 : err = map_q(ctrlr, &sq->mapping, MAP_INITIALIZE);
2069 0 : if (err) {
2070 0 : SPDK_ERRLOG("%s: failed to map I/O queue: %m\n", ctrlr_id(ctrlr));
2071 0 : *sct = SPDK_NVME_SCT_GENERIC;
2072 0 : return SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2073 : }
2074 :
2075 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: mapped sqid:%d IOVA=%#lx vaddr=%p\n",
2076 : ctrlr_id(ctrlr), qid, cmd->dptr.prp.prp1,
2077 : q_addr(&sq->mapping));
2078 :
2079 0 : err = alloc_sq_reqs(ctrlr, sq);
2080 0 : if (err < 0) {
2081 0 : SPDK_ERRLOG("%s: failed to allocate SQ requests: %m\n", ctrlr_id(ctrlr));
2082 0 : *sct = SPDK_NVME_SCT_GENERIC;
2083 0 : return SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2084 : }
2085 :
2086 0 : sq->cqid = cqid;
2087 0 : ctrlr->cqs[sq->cqid]->cq_ref++;
2088 0 : sq->sq_state = VFIO_USER_SQ_CREATED;
2089 0 : *sq_headp(sq) = 0;
2090 :
2091 0 : sq->dbl_tailp = ctrlr_doorbell_ptr(ctrlr) + queue_index(qid, false);
2092 :
2093 : /*
2094 : * We should always reset the doorbells.
2095 : *
2096 : * The Specification prohibits the controller from writing to the shadow
2097 : * doorbell buffer, however older versions of the Linux NVMe driver
2098 : * don't reset the shadow doorbell buffer after a Queue-Level or
2099 : * Controller-Level reset, which means that we're left with garbage
2100 : * doorbell values.
2101 : */
2102 0 : *sq_dbl_tailp(sq) = 0;
2103 :
2104 0 : if (ctrlr->sdbl != NULL) {
2105 0 : sq->need_rearm = true;
2106 :
2107 0 : if (!set_sq_eventidx(sq)) {
2108 0 : SPDK_ERRLOG("%s: host updated SQ tail doorbell before "
2109 : "sqid:%hu was initialized\n",
2110 : ctrlr_id(ctrlr), qid);
2111 0 : fail_ctrlr(ctrlr);
2112 0 : *sct = SPDK_NVME_SCT_GENERIC;
2113 0 : return SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2114 : }
2115 0 : }
2116 :
2117 : /*
2118 : * Create our new I/O qpair. This asynchronously invokes, on a suitable
2119 : * poll group, the nvmf_vfio_user_poll_group_add() callback, which will
2120 : * call spdk_nvmf_request_exec() with a generated fabrics
2121 : * connect command. This command is then eventually completed via
2122 : * handle_queue_connect_rsp().
2123 : */
2124 0 : sq->create_io_sq_cmd = *cmd;
2125 0 : sq->post_create_io_sq_completion = true;
2126 :
2127 0 : spdk_nvmf_tgt_new_qpair(ctrlr->transport->transport.tgt,
2128 0 : &sq->qpair);
2129 :
2130 0 : *sct = SPDK_NVME_SCT_GENERIC;
2131 0 : return SPDK_NVME_SC_SUCCESS;
2132 0 : }
2133 :
2134 : static uint16_t
2135 0 : handle_create_io_cq(struct nvmf_vfio_user_ctrlr *ctrlr,
2136 : struct spdk_nvme_cmd *cmd, uint16_t *sct)
2137 : {
2138 0 : struct nvmf_vfio_user_cq *cq;
2139 0 : uint32_t qsize;
2140 0 : uint16_t qid;
2141 0 : int err;
2142 :
2143 0 : qid = cmd->cdw10_bits.create_io_q.qid;
2144 0 : qsize = cmd->cdw10_bits.create_io_q.qsize + 1;
2145 :
2146 0 : if (ctrlr->cqs[qid] == NULL) {
2147 0 : err = init_cq(ctrlr, qid);
2148 0 : if (err != 0) {
2149 0 : *sct = SPDK_NVME_SCT_GENERIC;
2150 0 : return SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2151 : }
2152 0 : }
2153 :
2154 0 : if (cmd->cdw11_bits.create_io_cq.pc != 0x1) {
2155 0 : SPDK_ERRLOG("%s: non-PC CQ not supported\n", ctrlr_id(ctrlr));
2156 0 : *sct = SPDK_NVME_SCT_GENERIC;
2157 0 : return SPDK_NVME_SC_INVALID_FIELD;
2158 : }
2159 :
2160 0 : if (cmd->cdw11_bits.create_io_cq.iv > NVMF_VFIO_USER_MSIX_NUM - 1) {
2161 0 : SPDK_ERRLOG("%s: IV is too big\n", ctrlr_id(ctrlr));
2162 0 : *sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2163 0 : return SPDK_NVME_SC_INVALID_INTERRUPT_VECTOR;
2164 : }
2165 :
2166 0 : cq = ctrlr->cqs[qid];
2167 0 : cq->size = qsize;
2168 :
2169 0 : cq->mapping.prp1 = cmd->dptr.prp.prp1;
2170 0 : cq->mapping.len = cq->size * sizeof(struct spdk_nvme_cpl);
2171 :
2172 0 : cq->dbl_headp = ctrlr_doorbell_ptr(ctrlr) + queue_index(qid, true);
2173 :
2174 0 : err = map_q(ctrlr, &cq->mapping, MAP_RW | MAP_INITIALIZE);
2175 0 : if (err) {
2176 0 : SPDK_ERRLOG("%s: failed to map I/O queue: %m\n", ctrlr_id(ctrlr));
2177 0 : *sct = SPDK_NVME_SCT_GENERIC;
2178 0 : return SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2179 : }
2180 :
2181 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: mapped cqid:%u IOVA=%#lx vaddr=%p\n",
2182 : ctrlr_id(ctrlr), qid, cmd->dptr.prp.prp1,
2183 : q_addr(&cq->mapping));
2184 :
2185 0 : cq->ien = cmd->cdw11_bits.create_io_cq.ien;
2186 0 : cq->iv = cmd->cdw11_bits.create_io_cq.iv;
2187 0 : cq->phase = true;
2188 0 : cq->cq_state = VFIO_USER_CQ_CREATED;
2189 :
2190 0 : *cq_tailp(cq) = 0;
2191 :
2192 : /*
2193 : * We should always reset the doorbells.
2194 : *
2195 : * The Specification prohibits the controller from writing to the shadow
2196 : * doorbell buffer, however older versions of the Linux NVMe driver
2197 : * don't reset the shadow doorbell buffer after a Queue-Level or
2198 : * Controller-Level reset, which means that we're left with garbage
2199 : * doorbell values.
2200 : */
2201 0 : *cq_dbl_headp(cq) = 0;
2202 :
2203 0 : *sct = SPDK_NVME_SCT_GENERIC;
2204 0 : return SPDK_NVME_SC_SUCCESS;
2205 0 : }
2206 :
2207 : /*
2208 : * Creates a completion or submission I/O queue. Returns 0 on success, -errno
2209 : * on error.
2210 : */
2211 : static int
2212 0 : handle_create_io_q(struct nvmf_vfio_user_ctrlr *ctrlr,
2213 : struct spdk_nvme_cmd *cmd, const bool is_cq)
2214 : {
2215 0 : struct nvmf_vfio_user_transport *vu_transport = ctrlr->transport;
2216 0 : uint16_t sct = SPDK_NVME_SCT_GENERIC;
2217 0 : uint16_t sc = SPDK_NVME_SC_SUCCESS;
2218 0 : uint32_t qsize;
2219 0 : uint16_t qid;
2220 :
2221 0 : assert(ctrlr != NULL);
2222 0 : assert(cmd != NULL);
2223 :
2224 0 : qid = cmd->cdw10_bits.create_io_q.qid;
2225 0 : if (qid == 0 || qid >= vu_transport->transport.opts.max_qpairs_per_ctrlr) {
2226 0 : SPDK_ERRLOG("%s: invalid qid=%d, max=%d\n", ctrlr_id(ctrlr),
2227 : qid, vu_transport->transport.opts.max_qpairs_per_ctrlr);
2228 0 : sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2229 0 : sc = SPDK_NVME_SC_INVALID_QUEUE_IDENTIFIER;
2230 0 : goto out;
2231 : }
2232 :
2233 0 : if (io_q_exists(ctrlr, qid, is_cq)) {
2234 0 : SPDK_ERRLOG("%s: %cqid:%d already exists\n", ctrlr_id(ctrlr),
2235 : is_cq ? 'c' : 's', qid);
2236 0 : sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2237 0 : sc = SPDK_NVME_SC_INVALID_QUEUE_IDENTIFIER;
2238 0 : goto out;
2239 : }
2240 :
2241 0 : qsize = cmd->cdw10_bits.create_io_q.qsize + 1;
2242 0 : if (qsize == 1 || qsize > max_queue_size(ctrlr)) {
2243 0 : SPDK_ERRLOG("%s: invalid I/O queue size %u\n", ctrlr_id(ctrlr), qsize);
2244 0 : sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2245 0 : sc = SPDK_NVME_SC_INVALID_QUEUE_SIZE;
2246 0 : goto out;
2247 : }
2248 :
2249 0 : if (is_cq) {
2250 0 : sc = handle_create_io_cq(ctrlr, cmd, &sct);
2251 0 : } else {
2252 0 : sc = handle_create_io_sq(ctrlr, cmd, &sct);
2253 :
2254 0 : if (sct == SPDK_NVME_SCT_GENERIC &&
2255 0 : sc == SPDK_NVME_SC_SUCCESS) {
2256 : /* Completion posted asynchronously. */
2257 0 : return 0;
2258 : }
2259 : }
2260 :
2261 : out:
2262 0 : return post_completion(ctrlr, ctrlr->cqs[0], 0, 0, cmd->cid, sc, sct);
2263 0 : }
2264 :
2265 : /* For ADMIN I/O DELETE SUBMISSION QUEUE the NVMf library will disconnect and free
2266 : * queue pair, so save the command id and controller in a context.
2267 : */
2268 : struct vfio_user_delete_sq_ctx {
2269 : struct nvmf_vfio_user_ctrlr *vu_ctrlr;
2270 : uint16_t cid;
2271 : };
2272 :
2273 : static void
2274 0 : vfio_user_qpair_delete_cb(void *cb_arg)
2275 : {
2276 0 : struct vfio_user_delete_sq_ctx *ctx = cb_arg;
2277 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = ctx->vu_ctrlr;
2278 0 : struct nvmf_vfio_user_cq *admin_cq = vu_ctrlr->cqs[0];
2279 :
2280 0 : assert(admin_cq != NULL);
2281 0 : assert(admin_cq->group != NULL);
2282 0 : assert(admin_cq->group->group->thread != NULL);
2283 0 : if (admin_cq->group->group->thread != spdk_get_thread()) {
2284 0 : spdk_thread_send_msg(admin_cq->group->group->thread,
2285 : vfio_user_qpair_delete_cb,
2286 0 : cb_arg);
2287 0 : } else {
2288 0 : post_completion(vu_ctrlr, admin_cq, 0, 0,
2289 0 : ctx->cid,
2290 : SPDK_NVME_SC_SUCCESS, SPDK_NVME_SCT_GENERIC);
2291 0 : free(ctx);
2292 : }
2293 0 : }
2294 :
2295 : /*
2296 : * Deletes a completion or submission I/O queue.
2297 : */
2298 : static int
2299 0 : handle_del_io_q(struct nvmf_vfio_user_ctrlr *ctrlr,
2300 : struct spdk_nvme_cmd *cmd, const bool is_cq)
2301 : {
2302 0 : uint16_t sct = SPDK_NVME_SCT_GENERIC;
2303 0 : uint16_t sc = SPDK_NVME_SC_SUCCESS;
2304 0 : struct nvmf_vfio_user_sq *sq;
2305 0 : struct nvmf_vfio_user_cq *cq;
2306 :
2307 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: delete I/O %cqid:%d\n",
2308 : ctrlr_id(ctrlr), is_cq ? 'c' : 's',
2309 : cmd->cdw10_bits.delete_io_q.qid);
2310 :
2311 0 : if (!io_q_exists(ctrlr, cmd->cdw10_bits.delete_io_q.qid, is_cq)) {
2312 0 : SPDK_ERRLOG("%s: I/O %cqid:%d does not exist\n", ctrlr_id(ctrlr),
2313 : is_cq ? 'c' : 's', cmd->cdw10_bits.delete_io_q.qid);
2314 0 : sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2315 0 : sc = SPDK_NVME_SC_INVALID_QUEUE_IDENTIFIER;
2316 0 : goto out;
2317 : }
2318 :
2319 0 : if (is_cq) {
2320 0 : cq = ctrlr->cqs[cmd->cdw10_bits.delete_io_q.qid];
2321 0 : if (cq->cq_ref) {
2322 0 : SPDK_ERRLOG("%s: the associated SQ must be deleted first\n", ctrlr_id(ctrlr));
2323 0 : sct = SPDK_NVME_SCT_COMMAND_SPECIFIC;
2324 0 : sc = SPDK_NVME_SC_INVALID_QUEUE_DELETION;
2325 0 : goto out;
2326 : }
2327 0 : delete_cq_done(ctrlr, cq);
2328 0 : } else {
2329 : /*
2330 : * Deletion of the CQ is only deferred to delete_sq_done() on
2331 : * VM reboot or CC.EN change, so we have to delete it in all
2332 : * other cases.
2333 : */
2334 0 : sq = ctrlr->sqs[cmd->cdw10_bits.delete_io_q.qid];
2335 0 : sq->delete_ctx = calloc(1, sizeof(*sq->delete_ctx));
2336 0 : if (!sq->delete_ctx) {
2337 0 : sct = SPDK_NVME_SCT_GENERIC;
2338 0 : sc = SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
2339 0 : goto out;
2340 : }
2341 0 : sq->delete_ctx->vu_ctrlr = ctrlr;
2342 0 : sq->delete_ctx->cid = cmd->cid;
2343 0 : sq->sq_state = VFIO_USER_SQ_DELETED;
2344 0 : assert(ctrlr->cqs[sq->cqid]->cq_ref);
2345 0 : ctrlr->cqs[sq->cqid]->cq_ref--;
2346 :
2347 0 : spdk_nvmf_qpair_disconnect(&sq->qpair);
2348 0 : return 0;
2349 : }
2350 :
2351 : out:
2352 0 : return post_completion(ctrlr, ctrlr->cqs[0], 0, 0, cmd->cid, sc, sct);
2353 0 : }
2354 :
2355 : /*
2356 : * Configures Shadow Doorbells.
2357 : */
2358 : static int
2359 0 : handle_doorbell_buffer_config(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvme_cmd *cmd)
2360 : {
2361 0 : struct nvmf_vfio_user_shadow_doorbells *sdbl = NULL;
2362 0 : uint32_t dstrd;
2363 0 : uintptr_t page_size, page_mask;
2364 0 : uint64_t prp1, prp2;
2365 0 : uint16_t sct = SPDK_NVME_SCT_GENERIC;
2366 0 : uint16_t sc = SPDK_NVME_SC_INVALID_FIELD;
2367 :
2368 0 : assert(ctrlr != NULL);
2369 0 : assert(ctrlr->endpoint != NULL);
2370 0 : assert(cmd != NULL);
2371 :
2372 0 : dstrd = doorbell_stride(ctrlr);
2373 0 : page_size = memory_page_size(ctrlr);
2374 0 : page_mask = memory_page_mask(ctrlr);
2375 :
2376 : /* FIXME: we don't check doorbell stride when setting queue doorbells. */
2377 0 : if ((4u << dstrd) * NVMF_VFIO_USER_DEFAULT_MAX_QPAIRS_PER_CTRLR > page_size) {
2378 0 : SPDK_ERRLOG("%s: doorbells do not fit in a single host page",
2379 : ctrlr_id(ctrlr));
2380 :
2381 0 : goto out;
2382 : }
2383 :
2384 : /* Verify guest physical addresses passed as PRPs. */
2385 0 : if (cmd->psdt != SPDK_NVME_PSDT_PRP) {
2386 0 : SPDK_ERRLOG("%s: received Doorbell Buffer Config without PRPs",
2387 : ctrlr_id(ctrlr));
2388 :
2389 0 : goto out;
2390 : }
2391 :
2392 0 : prp1 = cmd->dptr.prp.prp1;
2393 0 : prp2 = cmd->dptr.prp.prp2;
2394 :
2395 0 : SPDK_DEBUGLOG(nvmf_vfio,
2396 : "%s: configuring shadow doorbells with PRP1=%#lx and PRP2=%#lx (GPAs)\n",
2397 : ctrlr_id(ctrlr), prp1, prp2);
2398 :
2399 0 : if (prp1 == prp2
2400 0 : || prp1 != (prp1 & page_mask)
2401 0 : || prp2 != (prp2 & page_mask)) {
2402 0 : SPDK_ERRLOG("%s: invalid shadow doorbell GPAs\n",
2403 : ctrlr_id(ctrlr));
2404 :
2405 0 : goto out;
2406 : }
2407 :
2408 : /* Map guest physical addresses to our virtual address space. */
2409 0 : sdbl = map_sdbl(ctrlr->endpoint->vfu_ctx, prp1, prp2, page_size);
2410 0 : if (sdbl == NULL) {
2411 0 : SPDK_ERRLOG("%s: failed to map shadow doorbell buffers\n",
2412 : ctrlr_id(ctrlr));
2413 :
2414 0 : goto out;
2415 : }
2416 :
2417 0 : ctrlr->shadow_doorbell_buffer = prp1;
2418 0 : ctrlr->eventidx_buffer = prp2;
2419 :
2420 0 : SPDK_DEBUGLOG(nvmf_vfio,
2421 : "%s: mapped shadow doorbell buffers [%p, %p) and [%p, %p)\n",
2422 : ctrlr_id(ctrlr),
2423 : sdbl->iovs[0].iov_base,
2424 : sdbl->iovs[0].iov_base + sdbl->iovs[0].iov_len,
2425 : sdbl->iovs[1].iov_base,
2426 : sdbl->iovs[1].iov_base + sdbl->iovs[1].iov_len);
2427 :
2428 :
2429 : /*
2430 : * Set all possible CQ head doorbells to polling mode now, such that we
2431 : * don't have to worry about it later if the host creates more queues.
2432 : *
2433 : * We only ever want interrupts for writes to the SQ tail doorbells
2434 : * (which are initialised in set_ctrlr_intr_mode() below).
2435 : */
2436 0 : for (uint16_t i = 0; i < NVMF_VFIO_USER_DEFAULT_MAX_QPAIRS_PER_CTRLR; ++i) {
2437 0 : sdbl->eventidxs[queue_index(i, true)] = NVMF_VFIO_USER_EVENTIDX_POLL;
2438 0 : }
2439 :
2440 : /* Update controller. */
2441 0 : SWAP(ctrlr->sdbl, sdbl);
2442 :
2443 : /*
2444 : * Copy doorbells from either the previous shadow doorbell buffer or the
2445 : * BAR0 doorbells and make I/O queue doorbells point to the new buffer.
2446 : *
2447 : * This needs to account for older versions of the Linux NVMe driver,
2448 : * which don't clear out the buffer after a controller reset.
2449 : */
2450 0 : copy_doorbells(ctrlr, sdbl != NULL ?
2451 0 : sdbl->shadow_doorbells : ctrlr->bar0_doorbells,
2452 0 : ctrlr->sdbl->shadow_doorbells);
2453 :
2454 0 : vfio_user_ctrlr_switch_doorbells(ctrlr, true);
2455 :
2456 0 : ctrlr_kick(ctrlr);
2457 :
2458 0 : sc = SPDK_NVME_SC_SUCCESS;
2459 :
2460 : out:
2461 : /*
2462 : * Unmap existing buffers, in case Doorbell Buffer Config was sent
2463 : * more than once (pointless, but not prohibited by the spec), or
2464 : * in case of an error.
2465 : *
2466 : * If this is the first time Doorbell Buffer Config was processed,
2467 : * then we've just swapped a NULL from ctrlr->sdbl into sdbl, so
2468 : * free_sdbl() becomes a noop.
2469 : */
2470 0 : free_sdbl(ctrlr->endpoint->vfu_ctx, sdbl);
2471 :
2472 0 : return post_completion(ctrlr, ctrlr->cqs[0], 0, 0, cmd->cid, sc, sct);
2473 0 : }
2474 :
2475 : /* Returns 0 on success and -errno on error. */
2476 : static int
2477 0 : consume_admin_cmd(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvme_cmd *cmd)
2478 : {
2479 0 : assert(ctrlr != NULL);
2480 0 : assert(cmd != NULL);
2481 :
2482 0 : if (cmd->fuse != 0) {
2483 : /* Fused admin commands are not supported. */
2484 0 : return post_completion(ctrlr, ctrlr->cqs[0], 0, 0, cmd->cid,
2485 : SPDK_NVME_SC_INVALID_FIELD,
2486 : SPDK_NVME_SCT_GENERIC);
2487 : }
2488 :
2489 0 : switch (cmd->opc) {
2490 : case SPDK_NVME_OPC_CREATE_IO_CQ:
2491 : case SPDK_NVME_OPC_CREATE_IO_SQ:
2492 0 : return handle_create_io_q(ctrlr, cmd,
2493 0 : cmd->opc == SPDK_NVME_OPC_CREATE_IO_CQ);
2494 : case SPDK_NVME_OPC_DELETE_IO_SQ:
2495 : case SPDK_NVME_OPC_DELETE_IO_CQ:
2496 0 : return handle_del_io_q(ctrlr, cmd,
2497 0 : cmd->opc == SPDK_NVME_OPC_DELETE_IO_CQ);
2498 : case SPDK_NVME_OPC_DOORBELL_BUFFER_CONFIG:
2499 0 : SPDK_NOTICELOG("%s: requested shadow doorbells (supported: %d)\n",
2500 : ctrlr_id(ctrlr),
2501 : !ctrlr->transport->transport_opts.disable_shadow_doorbells);
2502 0 : if (!ctrlr->transport->transport_opts.disable_shadow_doorbells) {
2503 0 : return handle_doorbell_buffer_config(ctrlr, cmd);
2504 : }
2505 : /* FALLTHROUGH */
2506 : default:
2507 0 : return handle_cmd_req(ctrlr, cmd, ctrlr->sqs[0]);
2508 : }
2509 0 : }
2510 :
2511 : static int
2512 0 : handle_cmd_rsp(struct nvmf_vfio_user_req *vu_req, void *cb_arg)
2513 : {
2514 0 : struct nvmf_vfio_user_sq *sq = cb_arg;
2515 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = sq->ctrlr;
2516 0 : uint16_t sqid, cqid;
2517 :
2518 0 : assert(sq != NULL);
2519 0 : assert(vu_req != NULL);
2520 0 : assert(vu_ctrlr != NULL);
2521 :
2522 0 : if (spdk_likely(vu_req->iovcnt)) {
2523 0 : vfu_sgl_put(vu_ctrlr->endpoint->vfu_ctx,
2524 0 : index_to_sg_t(vu_req->sg, 0),
2525 0 : vu_req->iov, vu_req->iovcnt);
2526 0 : }
2527 0 : sqid = sq->qid;
2528 0 : cqid = sq->cqid;
2529 :
2530 0 : return post_completion(vu_ctrlr, vu_ctrlr->cqs[cqid],
2531 0 : vu_req->req.rsp->nvme_cpl.cdw0,
2532 0 : sqid,
2533 0 : vu_req->req.cmd->nvme_cmd.cid,
2534 0 : vu_req->req.rsp->nvme_cpl.status.sc,
2535 0 : vu_req->req.rsp->nvme_cpl.status.sct);
2536 0 : }
2537 :
2538 : static int
2539 0 : consume_cmd(struct nvmf_vfio_user_ctrlr *ctrlr, struct nvmf_vfio_user_sq *sq,
2540 : struct spdk_nvme_cmd *cmd)
2541 : {
2542 0 : assert(sq != NULL);
2543 0 : if (spdk_unlikely(nvmf_qpair_is_admin_queue(&sq->qpair))) {
2544 0 : return consume_admin_cmd(ctrlr, cmd);
2545 : }
2546 :
2547 0 : return handle_cmd_req(ctrlr, cmd, sq);
2548 0 : }
2549 :
2550 : /* Returns the number of commands processed, or a negative value on error. */
2551 : static int
2552 0 : handle_sq_tdbl_write(struct nvmf_vfio_user_ctrlr *ctrlr, const uint32_t new_tail,
2553 : struct nvmf_vfio_user_sq *sq)
2554 : {
2555 0 : struct spdk_nvme_cmd *queue;
2556 0 : struct nvmf_vfio_user_cq *cq = ctrlr->cqs[sq->cqid];
2557 0 : int count = 0;
2558 0 : uint32_t free_cq_slots;
2559 :
2560 0 : assert(ctrlr != NULL);
2561 0 : assert(sq != NULL);
2562 :
2563 0 : if (ctrlr->sdbl != NULL && sq->qid != 0) {
2564 : /*
2565 : * Submission queue index has moved past the event index, so it
2566 : * needs to be re-armed before we go to sleep.
2567 : */
2568 0 : sq->need_rearm = true;
2569 0 : }
2570 :
2571 0 : free_cq_slots = cq_free_slots(cq);
2572 0 : queue = q_addr(&sq->mapping);
2573 0 : while (*sq_headp(sq) != new_tail) {
2574 0 : int err;
2575 0 : struct spdk_nvme_cmd *cmd;
2576 :
2577 : /*
2578 : * Linux host nvme driver can submit cmd's more than free cq slots
2579 : * available. So process only those who have cq slots available.
2580 : */
2581 0 : if (free_cq_slots-- == 0) {
2582 0 : cq->last_head = *cq_dbl_headp(cq);
2583 :
2584 0 : free_cq_slots = cq_free_slots(cq);
2585 0 : if (free_cq_slots > 0) {
2586 0 : continue;
2587 : }
2588 :
2589 : /*
2590 : * If there are no free cq slots then kick interrupt FD to loop
2591 : * again to process remaining sq cmds.
2592 : * In case of polling mode we will process remaining sq cmds during
2593 : * next polling iteration.
2594 : * sq head is advanced only for consumed commands.
2595 : */
2596 0 : if (in_interrupt_mode(ctrlr->transport)) {
2597 0 : struct nvmf_vfio_user_poll_group *vu_group = sq_to_poll_group(sq);
2598 0 : eventfd_write(vu_group->intr_fd, 1);
2599 0 : }
2600 0 : break;
2601 : }
2602 :
2603 0 : cmd = &queue[*sq_headp(sq)];
2604 0 : count++;
2605 :
2606 : /*
2607 : * SQHD must contain the new head pointer, so we must increase
2608 : * it before we generate a completion.
2609 : */
2610 0 : sq_head_advance(sq);
2611 :
2612 0 : err = consume_cmd(ctrlr, sq, cmd);
2613 0 : if (spdk_unlikely(err != 0)) {
2614 0 : return err;
2615 : }
2616 0 : }
2617 :
2618 0 : return count;
2619 0 : }
2620 :
2621 : /* Checks whether endpoint is connected from the same process */
2622 : static bool
2623 0 : is_peer_same_process(struct nvmf_vfio_user_endpoint *endpoint)
2624 : {
2625 0 : struct ucred ucred;
2626 0 : socklen_t ucredlen = sizeof(ucred);
2627 :
2628 0 : if (endpoint == NULL) {
2629 0 : return false;
2630 : }
2631 :
2632 0 : if (getsockopt(vfu_get_poll_fd(endpoint->vfu_ctx), SOL_SOCKET, SO_PEERCRED, &ucred,
2633 0 : &ucredlen) < 0) {
2634 0 : SPDK_ERRLOG("getsockopt(SO_PEERCRED): %s\n", strerror(errno));
2635 0 : return false;
2636 : }
2637 :
2638 0 : return ucred.pid == getpid();
2639 0 : }
2640 :
2641 : static void
2642 0 : memory_region_add_cb(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
2643 : {
2644 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
2645 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
2646 0 : struct nvmf_vfio_user_sq *sq;
2647 0 : struct nvmf_vfio_user_cq *cq;
2648 0 : void *map_start, *map_end;
2649 0 : int ret;
2650 :
2651 : /*
2652 : * We're not interested in any DMA regions that aren't mappable (we don't
2653 : * support clients that don't share their memory).
2654 : */
2655 0 : if (!info->vaddr) {
2656 0 : return;
2657 : }
2658 :
2659 0 : map_start = info->mapping.iov_base;
2660 0 : map_end = info->mapping.iov_base + info->mapping.iov_len;
2661 :
2662 0 : if (((uintptr_t)info->mapping.iov_base & MASK_2MB) ||
2663 0 : (info->mapping.iov_len & MASK_2MB)) {
2664 0 : SPDK_DEBUGLOG(nvmf_vfio, "Invalid memory region vaddr %p, IOVA %p-%p\n",
2665 : info->vaddr, map_start, map_end);
2666 0 : return;
2667 : }
2668 :
2669 0 : assert(endpoint != NULL);
2670 0 : if (endpoint->ctrlr == NULL) {
2671 0 : return;
2672 : }
2673 0 : ctrlr = endpoint->ctrlr;
2674 :
2675 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: map IOVA %p-%p\n", endpoint_id(endpoint),
2676 : map_start, map_end);
2677 :
2678 : /* VFIO_DMA_MAP_FLAG_READ | VFIO_DMA_MAP_FLAG_WRITE are enabled when registering to VFIO, here we also
2679 : * check the protection bits before registering. When vfio client and server are run in same process
2680 : * there is no need to register the same memory again.
2681 : */
2682 0 : if (info->prot == (PROT_WRITE | PROT_READ) && !is_peer_same_process(endpoint)) {
2683 0 : ret = spdk_mem_register(info->mapping.iov_base, info->mapping.iov_len);
2684 0 : if (ret) {
2685 0 : SPDK_ERRLOG("Memory region register %p-%p failed, ret=%d\n",
2686 : map_start, map_end, ret);
2687 0 : }
2688 0 : }
2689 :
2690 0 : pthread_mutex_lock(&endpoint->lock);
2691 0 : TAILQ_FOREACH(sq, &ctrlr->connected_sqs, tailq) {
2692 0 : if (sq->sq_state != VFIO_USER_SQ_INACTIVE) {
2693 0 : continue;
2694 : }
2695 :
2696 0 : cq = ctrlr->cqs[sq->cqid];
2697 :
2698 : /* For shared CQ case, we will use q_addr() to avoid mapping CQ multiple times */
2699 0 : if (cq->size && q_addr(&cq->mapping) == NULL) {
2700 0 : ret = map_q(ctrlr, &cq->mapping, MAP_RW | MAP_QUIET);
2701 0 : if (ret) {
2702 0 : SPDK_DEBUGLOG(nvmf_vfio, "Memory isn't ready to remap cqid:%d %#lx-%#lx\n",
2703 : cq->qid, cq->mapping.prp1,
2704 : cq->mapping.prp1 + cq->mapping.len);
2705 0 : continue;
2706 : }
2707 0 : }
2708 :
2709 0 : if (sq->size) {
2710 0 : ret = map_q(ctrlr, &sq->mapping, MAP_R | MAP_QUIET);
2711 0 : if (ret) {
2712 0 : SPDK_DEBUGLOG(nvmf_vfio, "Memory isn't ready to remap sqid:%d %#lx-%#lx\n",
2713 : sq->qid, sq->mapping.prp1,
2714 : sq->mapping.prp1 + sq->mapping.len);
2715 0 : continue;
2716 : }
2717 0 : }
2718 0 : sq->sq_state = VFIO_USER_SQ_ACTIVE;
2719 0 : SPDK_DEBUGLOG(nvmf_vfio, "Remap sqid:%u successfully\n", sq->qid);
2720 0 : }
2721 0 : pthread_mutex_unlock(&endpoint->lock);
2722 0 : }
2723 :
2724 : static void
2725 0 : memory_region_remove_cb(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
2726 : {
2727 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
2728 0 : struct nvmf_vfio_user_sq *sq;
2729 0 : struct nvmf_vfio_user_cq *cq;
2730 0 : void *map_start, *map_end;
2731 0 : int ret = 0;
2732 :
2733 0 : if (!info->vaddr) {
2734 0 : return;
2735 : }
2736 :
2737 0 : map_start = info->mapping.iov_base;
2738 0 : map_end = info->mapping.iov_base + info->mapping.iov_len;
2739 :
2740 0 : if (((uintptr_t)info->mapping.iov_base & MASK_2MB) ||
2741 0 : (info->mapping.iov_len & MASK_2MB)) {
2742 0 : SPDK_DEBUGLOG(nvmf_vfio, "Invalid memory region vaddr %p, IOVA %p-%p\n",
2743 : info->vaddr, map_start, map_end);
2744 0 : return;
2745 : }
2746 :
2747 0 : assert(endpoint != NULL);
2748 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: unmap IOVA %p-%p\n", endpoint_id(endpoint),
2749 : map_start, map_end);
2750 :
2751 0 : if (endpoint->ctrlr != NULL) {
2752 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
2753 0 : ctrlr = endpoint->ctrlr;
2754 :
2755 0 : pthread_mutex_lock(&endpoint->lock);
2756 0 : TAILQ_FOREACH(sq, &ctrlr->connected_sqs, tailq) {
2757 0 : if (q_addr(&sq->mapping) >= map_start && q_addr(&sq->mapping) <= map_end) {
2758 0 : unmap_q(ctrlr, &sq->mapping);
2759 0 : sq->sq_state = VFIO_USER_SQ_INACTIVE;
2760 0 : }
2761 :
2762 0 : cq = ctrlr->cqs[sq->cqid];
2763 0 : if (q_addr(&cq->mapping) >= map_start && q_addr(&cq->mapping) <= map_end) {
2764 0 : unmap_q(ctrlr, &cq->mapping);
2765 0 : }
2766 0 : }
2767 :
2768 0 : if (ctrlr->sdbl != NULL) {
2769 0 : size_t i;
2770 :
2771 0 : for (i = 0; i < NVMF_VFIO_USER_SHADOW_DOORBELLS_BUFFER_COUNT; i++) {
2772 0 : const void *const iov_base = ctrlr->sdbl->iovs[i].iov_base;
2773 :
2774 0 : if (iov_base >= map_start && iov_base < map_end) {
2775 0 : copy_doorbells(ctrlr,
2776 0 : ctrlr->sdbl->shadow_doorbells,
2777 0 : ctrlr->bar0_doorbells);
2778 0 : vfio_user_ctrlr_switch_doorbells(ctrlr, false);
2779 0 : free_sdbl(endpoint->vfu_ctx, ctrlr->sdbl);
2780 0 : ctrlr->sdbl = NULL;
2781 0 : break;
2782 : }
2783 0 : }
2784 0 : }
2785 :
2786 0 : pthread_mutex_unlock(&endpoint->lock);
2787 0 : }
2788 :
2789 0 : if (info->prot == (PROT_WRITE | PROT_READ) && !is_peer_same_process(endpoint)) {
2790 0 : ret = spdk_mem_unregister(info->mapping.iov_base, info->mapping.iov_len);
2791 0 : if (ret) {
2792 0 : SPDK_ERRLOG("Memory region unregister %p-%p failed, ret=%d\n",
2793 : map_start, map_end, ret);
2794 0 : }
2795 0 : }
2796 0 : }
2797 :
2798 : /* Used to initiate a controller-level reset or a controller shutdown. */
2799 : static void
2800 0 : disable_ctrlr(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
2801 : {
2802 0 : SPDK_NOTICELOG("%s: disabling controller\n", ctrlr_id(vu_ctrlr));
2803 :
2804 : /* Unmap Admin queue. */
2805 :
2806 0 : assert(vu_ctrlr->sqs[0] != NULL);
2807 0 : assert(vu_ctrlr->cqs[0] != NULL);
2808 :
2809 0 : unmap_q(vu_ctrlr, &vu_ctrlr->sqs[0]->mapping);
2810 0 : unmap_q(vu_ctrlr, &vu_ctrlr->cqs[0]->mapping);
2811 :
2812 0 : vu_ctrlr->sqs[0]->size = 0;
2813 0 : *sq_headp(vu_ctrlr->sqs[0]) = 0;
2814 :
2815 0 : vu_ctrlr->sqs[0]->sq_state = VFIO_USER_SQ_INACTIVE;
2816 :
2817 0 : vu_ctrlr->cqs[0]->size = 0;
2818 0 : *cq_tailp(vu_ctrlr->cqs[0]) = 0;
2819 :
2820 : /*
2821 : * For PCIe controller reset or shutdown, we will drop all AER
2822 : * responses.
2823 : */
2824 0 : spdk_nvmf_ctrlr_abort_aer(vu_ctrlr->ctrlr);
2825 :
2826 : /* Free the shadow doorbell buffer. */
2827 0 : vfio_user_ctrlr_switch_doorbells(vu_ctrlr, false);
2828 0 : free_sdbl(vu_ctrlr->endpoint->vfu_ctx, vu_ctrlr->sdbl);
2829 0 : vu_ctrlr->sdbl = NULL;
2830 0 : }
2831 :
2832 : /* Used to re-enable the controller after a controller-level reset. */
2833 : static int
2834 0 : enable_ctrlr(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
2835 : {
2836 0 : int err;
2837 :
2838 0 : assert(vu_ctrlr != NULL);
2839 :
2840 0 : SPDK_NOTICELOG("%s: enabling controller\n", ctrlr_id(vu_ctrlr));
2841 :
2842 0 : err = acq_setup(vu_ctrlr);
2843 0 : if (err != 0) {
2844 0 : return err;
2845 : }
2846 :
2847 0 : err = asq_setup(vu_ctrlr);
2848 0 : if (err != 0) {
2849 0 : return err;
2850 : }
2851 :
2852 0 : vu_ctrlr->sqs[0]->sq_state = VFIO_USER_SQ_ACTIVE;
2853 :
2854 0 : return 0;
2855 0 : }
2856 :
2857 : static int
2858 0 : nvmf_vfio_user_prop_req_rsp_set(struct nvmf_vfio_user_req *req,
2859 : struct nvmf_vfio_user_sq *sq)
2860 : {
2861 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr;
2862 0 : union spdk_nvme_cc_register cc, diff;
2863 :
2864 0 : assert(req->req.cmd->prop_set_cmd.fctype == SPDK_NVMF_FABRIC_COMMAND_PROPERTY_SET);
2865 0 : assert(sq->ctrlr != NULL);
2866 0 : vu_ctrlr = sq->ctrlr;
2867 :
2868 0 : if (req->req.cmd->prop_set_cmd.ofst != offsetof(struct spdk_nvme_registers, cc)) {
2869 0 : return 0;
2870 : }
2871 :
2872 0 : cc.raw = req->req.cmd->prop_set_cmd.value.u64;
2873 0 : diff.raw = cc.raw ^ req->cc.raw;
2874 :
2875 0 : if (diff.bits.en) {
2876 0 : if (cc.bits.en) {
2877 0 : int ret = enable_ctrlr(vu_ctrlr);
2878 0 : if (ret) {
2879 0 : SPDK_ERRLOG("%s: failed to enable ctrlr\n", ctrlr_id(vu_ctrlr));
2880 0 : return ret;
2881 : }
2882 0 : vu_ctrlr->reset_shn = false;
2883 0 : } else {
2884 0 : vu_ctrlr->reset_shn = true;
2885 : }
2886 0 : }
2887 :
2888 0 : if (diff.bits.shn) {
2889 0 : if (cc.bits.shn == SPDK_NVME_SHN_NORMAL || cc.bits.shn == SPDK_NVME_SHN_ABRUPT) {
2890 0 : vu_ctrlr->reset_shn = true;
2891 0 : }
2892 0 : }
2893 :
2894 0 : if (vu_ctrlr->reset_shn) {
2895 0 : disable_ctrlr(vu_ctrlr);
2896 0 : }
2897 0 : return 0;
2898 0 : }
2899 :
2900 : static int
2901 0 : nvmf_vfio_user_prop_req_rsp(struct nvmf_vfio_user_req *req, void *cb_arg)
2902 : {
2903 0 : struct nvmf_vfio_user_sq *sq = cb_arg;
2904 :
2905 0 : assert(sq != NULL);
2906 0 : assert(req != NULL);
2907 :
2908 0 : if (req->req.cmd->prop_get_cmd.fctype == SPDK_NVMF_FABRIC_COMMAND_PROPERTY_GET) {
2909 0 : assert(sq->ctrlr != NULL);
2910 0 : assert(req != NULL);
2911 :
2912 0 : memcpy(req->req.iov[0].iov_base,
2913 0 : &req->req.rsp->prop_get_rsp.value.u64,
2914 0 : req->req.length);
2915 0 : return 0;
2916 : }
2917 :
2918 0 : return nvmf_vfio_user_prop_req_rsp_set(req, sq);
2919 0 : }
2920 :
2921 : /*
2922 : * Handles a write at offset 0x1000 or more; this is the non-mapped path when a
2923 : * doorbell is written via access_bar0_fn().
2924 : *
2925 : * DSTRD is set to fixed value 0 for NVMf.
2926 : *
2927 : */
2928 : static int
2929 0 : handle_dbl_access(struct nvmf_vfio_user_ctrlr *ctrlr, uint32_t *buf,
2930 : const size_t count, loff_t pos, const bool is_write)
2931 : {
2932 0 : struct nvmf_vfio_user_poll_group *group;
2933 :
2934 0 : assert(ctrlr != NULL);
2935 0 : assert(buf != NULL);
2936 :
2937 0 : if (spdk_unlikely(!is_write)) {
2938 0 : SPDK_WARNLOG("%s: host tried to read BAR0 doorbell %#lx\n",
2939 : ctrlr_id(ctrlr), pos);
2940 0 : errno = EPERM;
2941 0 : return -1;
2942 : }
2943 :
2944 0 : if (spdk_unlikely(count != sizeof(uint32_t))) {
2945 0 : SPDK_ERRLOG("%s: bad doorbell buffer size %ld\n",
2946 : ctrlr_id(ctrlr), count);
2947 0 : errno = EINVAL;
2948 0 : return -1;
2949 : }
2950 :
2951 0 : pos -= NVME_DOORBELLS_OFFSET;
2952 :
2953 : /* pos must be dword aligned */
2954 0 : if (spdk_unlikely((pos & 0x3) != 0)) {
2955 0 : SPDK_ERRLOG("%s: bad doorbell offset %#lx\n", ctrlr_id(ctrlr), pos);
2956 0 : errno = EINVAL;
2957 0 : return -1;
2958 : }
2959 :
2960 : /* convert byte offset to array index */
2961 0 : pos >>= 2;
2962 :
2963 0 : if (spdk_unlikely(pos >= NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR * 2)) {
2964 0 : SPDK_ERRLOG("%s: bad doorbell index %#lx\n", ctrlr_id(ctrlr), pos);
2965 0 : errno = EINVAL;
2966 0 : return -1;
2967 : }
2968 :
2969 0 : ctrlr->bar0_doorbells[pos] = *buf;
2970 0 : spdk_wmb();
2971 :
2972 0 : group = ctrlr_to_poll_group(ctrlr);
2973 0 : if (pos == 1) {
2974 0 : group->stats.cqh_admin_writes++;
2975 0 : } else if (pos & 1) {
2976 0 : group->stats.cqh_io_writes++;
2977 0 : }
2978 :
2979 0 : SPDK_DEBUGLOG(vfio_user_db, "%s: updating BAR0 doorbell %s:%ld to %u\n",
2980 : ctrlr_id(ctrlr), (pos & 1) ? "cqid" : "sqid",
2981 : pos / 2, *buf);
2982 :
2983 :
2984 0 : return 0;
2985 0 : }
2986 :
2987 : static size_t
2988 0 : vfio_user_property_access(struct nvmf_vfio_user_ctrlr *vu_ctrlr,
2989 : char *buf, size_t count, loff_t pos,
2990 : bool is_write)
2991 : {
2992 0 : struct nvmf_vfio_user_req *req;
2993 0 : const struct spdk_nvmf_registers *regs;
2994 :
2995 0 : if ((count != 4) && (count != 8)) {
2996 0 : errno = EINVAL;
2997 0 : return -1;
2998 : }
2999 :
3000 : /* Construct a Fabric Property Get/Set command and send it */
3001 0 : req = get_nvmf_vfio_user_req(vu_ctrlr->sqs[0]);
3002 0 : if (req == NULL) {
3003 0 : errno = ENOBUFS;
3004 0 : return -1;
3005 : }
3006 0 : regs = spdk_nvmf_ctrlr_get_regs(vu_ctrlr->ctrlr);
3007 0 : req->cc.raw = regs->cc.raw;
3008 :
3009 0 : req->cb_fn = nvmf_vfio_user_prop_req_rsp;
3010 0 : req->cb_arg = vu_ctrlr->sqs[0];
3011 0 : req->req.cmd->prop_set_cmd.opcode = SPDK_NVME_OPC_FABRIC;
3012 0 : req->req.cmd->prop_set_cmd.cid = 0;
3013 0 : if (count == 4) {
3014 0 : req->req.cmd->prop_set_cmd.attrib.size = 0;
3015 0 : } else {
3016 0 : req->req.cmd->prop_set_cmd.attrib.size = 1;
3017 : }
3018 0 : req->req.cmd->prop_set_cmd.ofst = pos;
3019 0 : if (is_write) {
3020 0 : req->req.cmd->prop_set_cmd.fctype = SPDK_NVMF_FABRIC_COMMAND_PROPERTY_SET;
3021 0 : if (req->req.cmd->prop_set_cmd.attrib.size) {
3022 0 : req->req.cmd->prop_set_cmd.value.u64 = *(uint64_t *)buf;
3023 0 : } else {
3024 0 : req->req.cmd->prop_set_cmd.value.u32.high = 0;
3025 0 : req->req.cmd->prop_set_cmd.value.u32.low = *(uint32_t *)buf;
3026 : }
3027 0 : } else {
3028 0 : req->req.cmd->prop_get_cmd.fctype = SPDK_NVMF_FABRIC_COMMAND_PROPERTY_GET;
3029 : }
3030 0 : req->req.length = count;
3031 0 : SPDK_IOV_ONE(req->req.iov, &req->req.iovcnt, buf, req->req.length);
3032 :
3033 0 : spdk_nvmf_request_exec(&req->req);
3034 :
3035 0 : return count;
3036 0 : }
3037 :
3038 : static ssize_t
3039 0 : access_bar0_fn(vfu_ctx_t *vfu_ctx, char *buf, size_t count, loff_t pos,
3040 : bool is_write)
3041 : {
3042 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
3043 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
3044 0 : int ret;
3045 :
3046 0 : ctrlr = endpoint->ctrlr;
3047 0 : if (spdk_unlikely(endpoint->need_async_destroy || !ctrlr)) {
3048 0 : errno = EIO;
3049 0 : return -1;
3050 : }
3051 :
3052 0 : if (pos >= NVME_DOORBELLS_OFFSET) {
3053 : /*
3054 : * The fact that the doorbells can be memory mapped doesn't mean
3055 : * that the client (VFIO in QEMU) is obliged to memory map them,
3056 : * it might still elect to access them via regular read/write;
3057 : * we might also have had disable_mappable_bar0 set.
3058 : */
3059 0 : ret = handle_dbl_access(ctrlr, (uint32_t *)buf, count,
3060 0 : pos, is_write);
3061 0 : if (ret == 0) {
3062 0 : return count;
3063 : }
3064 0 : return ret;
3065 : }
3066 :
3067 0 : return vfio_user_property_access(ctrlr, buf, count, pos, is_write);
3068 0 : }
3069 :
3070 : static ssize_t
3071 0 : access_pci_config(vfu_ctx_t *vfu_ctx, char *buf, size_t count, loff_t offset,
3072 : bool is_write)
3073 : {
3074 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
3075 :
3076 0 : if (is_write) {
3077 0 : SPDK_ERRLOG("%s: write %#lx-%#lx not supported\n",
3078 : endpoint_id(endpoint), offset, offset + count);
3079 0 : errno = EINVAL;
3080 0 : return -1;
3081 : }
3082 :
3083 0 : if (offset + count > NVME_REG_CFG_SIZE) {
3084 0 : SPDK_ERRLOG("%s: access past end of extended PCI configuration space, want=%ld+%ld, max=%d\n",
3085 : endpoint_id(endpoint), offset, count,
3086 : NVME_REG_CFG_SIZE);
3087 0 : errno = ERANGE;
3088 0 : return -1;
3089 : }
3090 :
3091 0 : memcpy(buf, ((unsigned char *)endpoint->pci_config_space) + offset, count);
3092 :
3093 0 : return count;
3094 0 : }
3095 :
3096 : static void
3097 0 : vfio_user_log(vfu_ctx_t *vfu_ctx, int level, char const *msg)
3098 : {
3099 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
3100 :
3101 0 : if (level >= LOG_DEBUG) {
3102 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: %s\n", endpoint_id(endpoint), msg);
3103 0 : } else if (level >= LOG_INFO) {
3104 0 : SPDK_INFOLOG(nvmf_vfio, "%s: %s\n", endpoint_id(endpoint), msg);
3105 0 : } else if (level >= LOG_NOTICE) {
3106 0 : SPDK_NOTICELOG("%s: %s\n", endpoint_id(endpoint), msg);
3107 0 : } else if (level >= LOG_WARNING) {
3108 0 : SPDK_WARNLOG("%s: %s\n", endpoint_id(endpoint), msg);
3109 0 : } else {
3110 0 : SPDK_ERRLOG("%s: %s\n", endpoint_id(endpoint), msg);
3111 : }
3112 0 : }
3113 :
3114 : static int
3115 0 : vfio_user_get_log_level(void)
3116 : {
3117 0 : int level;
3118 :
3119 0 : if (SPDK_DEBUGLOG_FLAG_ENABLED("nvmf_vfio")) {
3120 0 : return LOG_DEBUG;
3121 : }
3122 :
3123 0 : level = spdk_log_to_syslog_level(spdk_log_get_level());
3124 0 : if (level < 0) {
3125 0 : return LOG_ERR;
3126 : }
3127 :
3128 0 : return level;
3129 0 : }
3130 :
3131 : static void
3132 0 : init_pci_config_space(vfu_pci_config_space_t *p)
3133 : {
3134 : /* MLBAR */
3135 0 : p->hdr.bars[0].raw = 0x0;
3136 : /* MUBAR */
3137 0 : p->hdr.bars[1].raw = 0x0;
3138 :
3139 : /* vendor specific, let's set them to zero for now */
3140 0 : p->hdr.bars[3].raw = 0x0;
3141 0 : p->hdr.bars[4].raw = 0x0;
3142 0 : p->hdr.bars[5].raw = 0x0;
3143 :
3144 : /* enable INTx */
3145 0 : p->hdr.intr.ipin = 0x1;
3146 0 : }
3147 :
3148 : struct ctrlr_quiesce_ctx {
3149 : struct nvmf_vfio_user_endpoint *endpoint;
3150 : struct nvmf_vfio_user_poll_group *group;
3151 : int status;
3152 : };
3153 :
3154 : static void ctrlr_quiesce(struct nvmf_vfio_user_ctrlr *vu_ctrlr);
3155 :
3156 : static void
3157 0 : _vfio_user_endpoint_resume_done_msg(void *ctx)
3158 : {
3159 0 : struct nvmf_vfio_user_endpoint *endpoint = ctx;
3160 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3161 :
3162 0 : endpoint->need_resume = false;
3163 :
3164 0 : if (!vu_ctrlr) {
3165 0 : return;
3166 : }
3167 :
3168 0 : if (!vu_ctrlr->queued_quiesce) {
3169 0 : vu_ctrlr->state = VFIO_USER_CTRLR_RUNNING;
3170 :
3171 : /*
3172 : * We might have ignored new SQ entries while we were quiesced:
3173 : * kick ourselves so we'll definitely check again while in
3174 : * VFIO_USER_CTRLR_RUNNING state.
3175 : */
3176 0 : if (in_interrupt_mode(endpoint->transport)) {
3177 0 : ctrlr_kick(vu_ctrlr);
3178 0 : }
3179 0 : return;
3180 : }
3181 :
3182 :
3183 : /*
3184 : * Basically, once we call `vfu_device_quiesced` the device is
3185 : * unquiesced from libvfio-user's perspective so from the moment
3186 : * `vfio_user_quiesce_done` returns libvfio-user might quiesce the device
3187 : * again. However, because the NVMf subsystem is an asynchronous
3188 : * operation, this quiesce might come _before_ the NVMf subsystem has
3189 : * been resumed, so in the callback of `spdk_nvmf_subsystem_resume` we
3190 : * need to check whether a quiesce was requested.
3191 : */
3192 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s has queued quiesce event, quiesce again\n",
3193 : ctrlr_id(vu_ctrlr));
3194 0 : ctrlr_quiesce(vu_ctrlr);
3195 0 : }
3196 :
3197 : static void
3198 0 : vfio_user_endpoint_resume_done(struct spdk_nvmf_subsystem *subsystem,
3199 : void *cb_arg, int status)
3200 : {
3201 0 : struct nvmf_vfio_user_endpoint *endpoint = cb_arg;
3202 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3203 :
3204 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s resumed done with status %d\n", endpoint_id(endpoint), status);
3205 :
3206 0 : if (!vu_ctrlr) {
3207 0 : return;
3208 : }
3209 :
3210 0 : spdk_thread_send_msg(vu_ctrlr->thread, _vfio_user_endpoint_resume_done_msg, endpoint);
3211 0 : }
3212 :
3213 : static void
3214 0 : vfio_user_quiesce_done(void *ctx)
3215 : {
3216 0 : struct ctrlr_quiesce_ctx *quiesce_ctx = ctx;
3217 0 : struct nvmf_vfio_user_endpoint *endpoint = quiesce_ctx->endpoint;
3218 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3219 0 : int ret;
3220 :
3221 0 : if (!vu_ctrlr) {
3222 0 : free(quiesce_ctx);
3223 0 : return;
3224 : }
3225 :
3226 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s device quiesced\n", ctrlr_id(vu_ctrlr));
3227 :
3228 0 : assert(vu_ctrlr->state == VFIO_USER_CTRLR_PAUSING);
3229 0 : vu_ctrlr->state = VFIO_USER_CTRLR_PAUSED;
3230 0 : vfu_device_quiesced(endpoint->vfu_ctx, quiesce_ctx->status);
3231 0 : vu_ctrlr->queued_quiesce = false;
3232 0 : free(quiesce_ctx);
3233 :
3234 : /* `vfu_device_quiesced` can change the migration state,
3235 : * so we need to re-check `vu_ctrlr->state`.
3236 : */
3237 0 : if (vu_ctrlr->state == VFIO_USER_CTRLR_MIGRATING) {
3238 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s is in MIGRATION state\n", ctrlr_id(vu_ctrlr));
3239 0 : return;
3240 : }
3241 :
3242 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s start to resume\n", ctrlr_id(vu_ctrlr));
3243 0 : vu_ctrlr->state = VFIO_USER_CTRLR_RESUMING;
3244 0 : ret = spdk_nvmf_subsystem_resume((struct spdk_nvmf_subsystem *)endpoint->subsystem,
3245 0 : vfio_user_endpoint_resume_done, endpoint);
3246 0 : if (ret < 0) {
3247 0 : vu_ctrlr->state = VFIO_USER_CTRLR_PAUSED;
3248 0 : SPDK_ERRLOG("%s: failed to resume, ret=%d\n", endpoint_id(endpoint), ret);
3249 0 : }
3250 0 : }
3251 :
3252 : static void
3253 0 : vfio_user_pause_done(struct spdk_nvmf_subsystem *subsystem,
3254 : void *ctx, int status)
3255 : {
3256 0 : struct ctrlr_quiesce_ctx *quiesce_ctx = ctx;
3257 0 : struct nvmf_vfio_user_endpoint *endpoint = quiesce_ctx->endpoint;
3258 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3259 :
3260 0 : if (!vu_ctrlr) {
3261 0 : free(quiesce_ctx);
3262 0 : return;
3263 : }
3264 :
3265 0 : quiesce_ctx->status = status;
3266 :
3267 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s pause done with status %d\n",
3268 : ctrlr_id(vu_ctrlr), status);
3269 :
3270 0 : spdk_thread_send_msg(vu_ctrlr->thread,
3271 0 : vfio_user_quiesce_done, ctx);
3272 0 : }
3273 :
3274 : /*
3275 : * Ensure that, for this PG, we've stopped running in nvmf_vfio_user_sq_poll();
3276 : * we've already set ctrlr->state, so we won't process new entries, but we need
3277 : * to ensure that this PG is quiesced. This only works because there's no
3278 : * callback context set up between polling the SQ and spdk_nvmf_request_exec().
3279 : *
3280 : * Once we've walked all PGs, we need to pause any submitted I/O via
3281 : * spdk_nvmf_subsystem_pause(SPDK_NVME_GLOBAL_NS_TAG).
3282 : */
3283 : static void
3284 0 : vfio_user_quiesce_pg(void *ctx)
3285 : {
3286 0 : struct ctrlr_quiesce_ctx *quiesce_ctx = ctx;
3287 0 : struct nvmf_vfio_user_endpoint *endpoint = quiesce_ctx->endpoint;
3288 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3289 0 : struct nvmf_vfio_user_poll_group *vu_group = quiesce_ctx->group;
3290 0 : struct spdk_nvmf_subsystem *subsystem = endpoint->subsystem;
3291 0 : int ret;
3292 :
3293 0 : SPDK_DEBUGLOG(nvmf_vfio, "quiesced pg:%p\n", vu_group);
3294 :
3295 0 : if (!vu_ctrlr) {
3296 0 : free(quiesce_ctx);
3297 0 : return;
3298 : }
3299 :
3300 0 : quiesce_ctx->group = TAILQ_NEXT(vu_group, link);
3301 0 : if (quiesce_ctx->group != NULL) {
3302 0 : spdk_thread_send_msg(poll_group_to_thread(quiesce_ctx->group),
3303 0 : vfio_user_quiesce_pg, quiesce_ctx);
3304 0 : return;
3305 : }
3306 :
3307 0 : ret = spdk_nvmf_subsystem_pause(subsystem, SPDK_NVME_GLOBAL_NS_TAG,
3308 0 : vfio_user_pause_done, quiesce_ctx);
3309 0 : if (ret < 0) {
3310 0 : SPDK_ERRLOG("%s: failed to pause, ret=%d\n",
3311 : endpoint_id(endpoint), ret);
3312 0 : vu_ctrlr->state = VFIO_USER_CTRLR_RUNNING;
3313 0 : fail_ctrlr(vu_ctrlr);
3314 0 : free(quiesce_ctx);
3315 0 : }
3316 0 : }
3317 :
3318 : static void
3319 0 : ctrlr_quiesce(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
3320 : {
3321 0 : struct ctrlr_quiesce_ctx *quiesce_ctx;
3322 :
3323 0 : vu_ctrlr->state = VFIO_USER_CTRLR_PAUSING;
3324 :
3325 0 : quiesce_ctx = calloc(1, sizeof(*quiesce_ctx));
3326 0 : if (!quiesce_ctx) {
3327 0 : SPDK_ERRLOG("Failed to allocate subsystem pause context\n");
3328 0 : assert(false);
3329 : return;
3330 : }
3331 :
3332 0 : quiesce_ctx->endpoint = vu_ctrlr->endpoint;
3333 0 : quiesce_ctx->status = 0;
3334 0 : quiesce_ctx->group = TAILQ_FIRST(&vu_ctrlr->transport->poll_groups);
3335 :
3336 0 : spdk_thread_send_msg(poll_group_to_thread(quiesce_ctx->group),
3337 0 : vfio_user_quiesce_pg, quiesce_ctx);
3338 0 : }
3339 :
3340 : static int
3341 0 : vfio_user_dev_quiesce_cb(vfu_ctx_t *vfu_ctx)
3342 : {
3343 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
3344 0 : struct spdk_nvmf_subsystem *subsystem = endpoint->subsystem;
3345 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3346 :
3347 0 : if (!vu_ctrlr) {
3348 0 : return 0;
3349 : }
3350 :
3351 : /* NVMf library will destruct controller when no
3352 : * connected queue pairs.
3353 : */
3354 0 : if (!nvmf_subsystem_get_ctrlr(subsystem, vu_ctrlr->cntlid)) {
3355 0 : return 0;
3356 : }
3357 :
3358 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s starts to quiesce\n", ctrlr_id(vu_ctrlr));
3359 :
3360 : /* There is no race condition here as device quiesce callback
3361 : * and nvmf_prop_set_cc() are running in the same thread context.
3362 : */
3363 0 : if (!vu_ctrlr->ctrlr->vcprop.cc.bits.en) {
3364 0 : return 0;
3365 0 : } else if (!vu_ctrlr->ctrlr->vcprop.csts.bits.rdy) {
3366 0 : return 0;
3367 0 : } else if (vu_ctrlr->ctrlr->vcprop.csts.bits.shst == SPDK_NVME_SHST_COMPLETE) {
3368 0 : return 0;
3369 : }
3370 :
3371 0 : switch (vu_ctrlr->state) {
3372 : case VFIO_USER_CTRLR_PAUSED:
3373 : case VFIO_USER_CTRLR_MIGRATING:
3374 0 : return 0;
3375 : case VFIO_USER_CTRLR_RUNNING:
3376 0 : ctrlr_quiesce(vu_ctrlr);
3377 0 : break;
3378 : case VFIO_USER_CTRLR_RESUMING:
3379 0 : vu_ctrlr->queued_quiesce = true;
3380 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s is busy to quiesce, current state %u\n", ctrlr_id(vu_ctrlr),
3381 : vu_ctrlr->state);
3382 0 : break;
3383 : default:
3384 0 : assert(vu_ctrlr->state != VFIO_USER_CTRLR_PAUSING);
3385 0 : break;
3386 : }
3387 :
3388 0 : errno = EBUSY;
3389 0 : return -1;
3390 0 : }
3391 :
3392 : static void
3393 0 : vfio_user_ctrlr_dump_migr_data(const char *name,
3394 : struct vfio_user_nvme_migr_state *migr_data,
3395 : struct nvmf_vfio_user_shadow_doorbells *sdbl)
3396 : {
3397 0 : struct spdk_nvmf_registers *regs;
3398 0 : struct nvme_migr_sq_state *sq;
3399 0 : struct nvme_migr_cq_state *cq;
3400 0 : uint32_t *doorbell_base;
3401 0 : uint32_t i;
3402 :
3403 0 : SPDK_NOTICELOG("Dump %s\n", name);
3404 :
3405 0 : regs = &migr_data->nvmf_data.regs;
3406 0 : doorbell_base = (uint32_t *)&migr_data->doorbells;
3407 :
3408 0 : SPDK_NOTICELOG("Registers\n");
3409 0 : SPDK_NOTICELOG("CSTS 0x%x\n", regs->csts.raw);
3410 0 : SPDK_NOTICELOG("CAP 0x%"PRIx64"\n", regs->cap.raw);
3411 0 : SPDK_NOTICELOG("VS 0x%x\n", regs->vs.raw);
3412 0 : SPDK_NOTICELOG("CC 0x%x\n", regs->cc.raw);
3413 0 : SPDK_NOTICELOG("AQA 0x%x\n", regs->aqa.raw);
3414 0 : SPDK_NOTICELOG("ASQ 0x%"PRIx64"\n", regs->asq);
3415 0 : SPDK_NOTICELOG("ACQ 0x%"PRIx64"\n", regs->acq);
3416 :
3417 0 : SPDK_NOTICELOG("Number of IO Queues %u\n", migr_data->ctrlr_header.num_io_queues);
3418 :
3419 0 : if (sdbl != NULL) {
3420 0 : SPDK_NOTICELOG("shadow doorbell buffer=%#lx\n",
3421 : migr_data->ctrlr_header.shadow_doorbell_buffer);
3422 0 : SPDK_NOTICELOG("eventidx buffer=%#lx\n",
3423 : migr_data->ctrlr_header.eventidx_buffer);
3424 0 : }
3425 :
3426 0 : for (i = 0; i < NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR; i++) {
3427 0 : sq = &migr_data->qps[i].sq;
3428 0 : cq = &migr_data->qps[i].cq;
3429 :
3430 0 : if (sq->size) {
3431 0 : SPDK_NOTICELOG("sqid:%u, bar0_doorbell:%u\n", sq->sqid, doorbell_base[i * 2]);
3432 0 : if (i > 0 && sdbl != NULL) {
3433 0 : SPDK_NOTICELOG("sqid:%u, shadow_doorbell:%u, eventidx:%u\n",
3434 : sq->sqid,
3435 : sdbl->shadow_doorbells[queue_index(i, false)],
3436 : sdbl->eventidxs[queue_index(i, false)]);
3437 0 : }
3438 0 : SPDK_NOTICELOG("SQ sqid:%u, cqid:%u, sqhead:%u, size:%u, dma_addr:0x%"PRIx64"\n",
3439 : sq->sqid, sq->cqid, sq->head, sq->size, sq->dma_addr);
3440 0 : }
3441 :
3442 0 : if (cq->size) {
3443 0 : SPDK_NOTICELOG("cqid:%u, bar0_doorbell:%u\n", cq->cqid, doorbell_base[i * 2 + 1]);
3444 0 : if (i > 0 && sdbl != NULL) {
3445 0 : SPDK_NOTICELOG("cqid:%u, shadow_doorbell:%u, eventidx:%u\n",
3446 : cq->cqid,
3447 : sdbl->shadow_doorbells[queue_index(i, true)],
3448 : sdbl->eventidxs[queue_index(i, true)]);
3449 0 : }
3450 0 : SPDK_NOTICELOG("CQ cqid:%u, phase:%u, cqtail:%u, size:%u, iv:%u, ien:%u, dma_addr:0x%"PRIx64"\n",
3451 : cq->cqid, cq->phase, cq->tail, cq->size, cq->iv, cq->ien, cq->dma_addr);
3452 0 : }
3453 0 : }
3454 :
3455 0 : SPDK_NOTICELOG("%s Dump Done\n", name);
3456 0 : }
3457 :
3458 : /* Read region 9 content and restore it to migration data structures */
3459 : static int
3460 0 : vfio_user_migr_stream_to_data(struct nvmf_vfio_user_endpoint *endpoint,
3461 : struct vfio_user_nvme_migr_state *migr_state)
3462 : {
3463 0 : void *data_ptr = endpoint->migr_data;
3464 :
3465 : /* Load vfio_user_nvme_migr_header first */
3466 0 : memcpy(&migr_state->ctrlr_header, data_ptr, sizeof(struct vfio_user_nvme_migr_header));
3467 : /* TODO: version check */
3468 0 : if (migr_state->ctrlr_header.magic != VFIO_USER_NVME_MIGR_MAGIC) {
3469 0 : SPDK_ERRLOG("%s: bad magic number %x\n", endpoint_id(endpoint), migr_state->ctrlr_header.magic);
3470 0 : return -EINVAL;
3471 : }
3472 :
3473 : /* Load nvmf controller data */
3474 0 : data_ptr = endpoint->migr_data + migr_state->ctrlr_header.nvmf_data_offset;
3475 0 : memcpy(&migr_state->nvmf_data, data_ptr, migr_state->ctrlr_header.nvmf_data_len);
3476 :
3477 : /* Load queue pairs */
3478 0 : data_ptr = endpoint->migr_data + migr_state->ctrlr_header.qp_offset;
3479 0 : memcpy(&migr_state->qps, data_ptr, migr_state->ctrlr_header.qp_len);
3480 :
3481 : /* Load doorbells */
3482 0 : data_ptr = endpoint->migr_data + migr_state->ctrlr_header.bar_offset[VFU_PCI_DEV_BAR0_REGION_IDX];
3483 0 : memcpy(&migr_state->doorbells, data_ptr,
3484 0 : migr_state->ctrlr_header.bar_len[VFU_PCI_DEV_BAR0_REGION_IDX]);
3485 :
3486 : /* Load CFG */
3487 0 : data_ptr = endpoint->migr_data + migr_state->ctrlr_header.bar_offset[VFU_PCI_DEV_CFG_REGION_IDX];
3488 0 : memcpy(&migr_state->cfg, data_ptr, migr_state->ctrlr_header.bar_len[VFU_PCI_DEV_CFG_REGION_IDX]);
3489 :
3490 0 : return 0;
3491 0 : }
3492 :
3493 :
3494 : static void
3495 0 : vfio_user_migr_ctrlr_save_data(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
3496 : {
3497 0 : struct spdk_nvmf_ctrlr *ctrlr = vu_ctrlr->ctrlr;
3498 0 : struct nvmf_vfio_user_endpoint *endpoint = vu_ctrlr->endpoint;
3499 0 : struct nvmf_vfio_user_sq *sq;
3500 0 : struct nvmf_vfio_user_cq *cq;
3501 0 : uint64_t data_offset;
3502 0 : void *data_ptr;
3503 0 : uint32_t *doorbell_base;
3504 0 : uint32_t i = 0;
3505 0 : uint16_t sqid, cqid;
3506 0 : struct vfio_user_nvme_migr_state migr_state = {
3507 : .nvmf_data = {
3508 : .data_size = offsetof(struct spdk_nvmf_ctrlr_migr_data, unused),
3509 : .regs_size = sizeof(struct spdk_nvmf_registers),
3510 : .feat_size = sizeof(struct spdk_nvmf_ctrlr_feat)
3511 : }
3512 : };
3513 :
3514 : /* Save all data to vfio_user_nvme_migr_state first, then we will
3515 : * copy it to device migration region at last.
3516 : */
3517 :
3518 : /* save magic number */
3519 0 : migr_state.ctrlr_header.magic = VFIO_USER_NVME_MIGR_MAGIC;
3520 :
3521 : /* save controller data */
3522 0 : spdk_nvmf_ctrlr_save_migr_data(ctrlr, &migr_state.nvmf_data);
3523 :
3524 : /* save connected queue pairs */
3525 0 : TAILQ_FOREACH(sq, &vu_ctrlr->connected_sqs, tailq) {
3526 : /* save sq */
3527 0 : sqid = sq->qid;
3528 0 : migr_state.qps[sqid].sq.sqid = sq->qid;
3529 0 : migr_state.qps[sqid].sq.cqid = sq->cqid;
3530 0 : migr_state.qps[sqid].sq.head = *sq_headp(sq);
3531 0 : migr_state.qps[sqid].sq.size = sq->size;
3532 0 : migr_state.qps[sqid].sq.dma_addr = sq->mapping.prp1;
3533 :
3534 : /* save cq, for shared cq case, cq may be saved multiple times */
3535 0 : cqid = sq->cqid;
3536 0 : cq = vu_ctrlr->cqs[cqid];
3537 0 : migr_state.qps[cqid].cq.cqid = cqid;
3538 0 : migr_state.qps[cqid].cq.tail = *cq_tailp(cq);
3539 0 : migr_state.qps[cqid].cq.ien = cq->ien;
3540 0 : migr_state.qps[cqid].cq.iv = cq->iv;
3541 0 : migr_state.qps[cqid].cq.size = cq->size;
3542 0 : migr_state.qps[cqid].cq.phase = cq->phase;
3543 0 : migr_state.qps[cqid].cq.dma_addr = cq->mapping.prp1;
3544 0 : i++;
3545 0 : }
3546 :
3547 0 : assert(i > 0);
3548 0 : migr_state.ctrlr_header.num_io_queues = i - 1;
3549 :
3550 : /* Save doorbells */
3551 0 : doorbell_base = (uint32_t *)&migr_state.doorbells;
3552 0 : memcpy(doorbell_base, (void *)vu_ctrlr->bar0_doorbells, NVMF_VFIO_USER_DOORBELLS_SIZE);
3553 :
3554 : /* Save PCI configuration space */
3555 0 : memcpy(&migr_state.cfg, (void *)endpoint->pci_config_space, NVME_REG_CFG_SIZE);
3556 :
3557 : /* Save all data to device migration region */
3558 0 : data_ptr = endpoint->migr_data;
3559 :
3560 : /* Copy nvmf controller data */
3561 0 : data_offset = sizeof(struct vfio_user_nvme_migr_header);
3562 0 : data_ptr += data_offset;
3563 0 : migr_state.ctrlr_header.nvmf_data_offset = data_offset;
3564 0 : migr_state.ctrlr_header.nvmf_data_len = sizeof(struct spdk_nvmf_ctrlr_migr_data);
3565 0 : memcpy(data_ptr, &migr_state.nvmf_data, sizeof(struct spdk_nvmf_ctrlr_migr_data));
3566 :
3567 : /* Copy queue pairs */
3568 0 : data_offset += sizeof(struct spdk_nvmf_ctrlr_migr_data);
3569 0 : data_ptr += sizeof(struct spdk_nvmf_ctrlr_migr_data);
3570 0 : migr_state.ctrlr_header.qp_offset = data_offset;
3571 0 : migr_state.ctrlr_header.qp_len = i * (sizeof(struct nvme_migr_sq_state) + sizeof(
3572 : struct nvme_migr_cq_state));
3573 0 : memcpy(data_ptr, &migr_state.qps, migr_state.ctrlr_header.qp_len);
3574 :
3575 : /* Copy doorbells */
3576 0 : data_offset += migr_state.ctrlr_header.qp_len;
3577 0 : data_ptr += migr_state.ctrlr_header.qp_len;
3578 0 : migr_state.ctrlr_header.bar_offset[VFU_PCI_DEV_BAR0_REGION_IDX] = data_offset;
3579 0 : migr_state.ctrlr_header.bar_len[VFU_PCI_DEV_BAR0_REGION_IDX] = NVMF_VFIO_USER_DOORBELLS_SIZE;
3580 0 : memcpy(data_ptr, &migr_state.doorbells, NVMF_VFIO_USER_DOORBELLS_SIZE);
3581 :
3582 : /* Copy CFG */
3583 0 : data_offset += NVMF_VFIO_USER_DOORBELLS_SIZE;
3584 0 : data_ptr += NVMF_VFIO_USER_DOORBELLS_SIZE;
3585 0 : migr_state.ctrlr_header.bar_offset[VFU_PCI_DEV_CFG_REGION_IDX] = data_offset;
3586 0 : migr_state.ctrlr_header.bar_len[VFU_PCI_DEV_CFG_REGION_IDX] = NVME_REG_CFG_SIZE;
3587 0 : memcpy(data_ptr, &migr_state.cfg, NVME_REG_CFG_SIZE);
3588 :
3589 : /* copy shadow doorbells */
3590 0 : if (vu_ctrlr->sdbl != NULL) {
3591 0 : migr_state.ctrlr_header.sdbl = true;
3592 0 : migr_state.ctrlr_header.shadow_doorbell_buffer = vu_ctrlr->shadow_doorbell_buffer;
3593 0 : migr_state.ctrlr_header.eventidx_buffer = vu_ctrlr->eventidx_buffer;
3594 0 : }
3595 :
3596 : /* Copy nvme migration header finally */
3597 0 : memcpy(endpoint->migr_data, &migr_state.ctrlr_header, sizeof(struct vfio_user_nvme_migr_header));
3598 :
3599 0 : if (SPDK_DEBUGLOG_FLAG_ENABLED("nvmf_vfio")) {
3600 0 : vfio_user_ctrlr_dump_migr_data("SAVE", &migr_state, vu_ctrlr->sdbl);
3601 0 : }
3602 0 : }
3603 :
3604 : /*
3605 : * If we are about to close the connection, we need to unregister the interrupt,
3606 : * as the library will subsequently close the file descriptor we registered.
3607 : */
3608 : static int
3609 0 : vfio_user_device_reset(vfu_ctx_t *vfu_ctx, vfu_reset_type_t type)
3610 : {
3611 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
3612 0 : struct nvmf_vfio_user_ctrlr *ctrlr = endpoint->ctrlr;
3613 :
3614 0 : SPDK_DEBUGLOG(nvmf_vfio, "Device reset type %u\n", type);
3615 :
3616 0 : if (type == VFU_RESET_LOST_CONN) {
3617 0 : if (ctrlr != NULL) {
3618 0 : spdk_interrupt_unregister(&ctrlr->intr);
3619 0 : ctrlr->intr_fd = -1;
3620 0 : }
3621 0 : return 0;
3622 : }
3623 :
3624 : /* FIXME: LOST_CONN case ? */
3625 0 : if (ctrlr->sdbl != NULL) {
3626 0 : vfio_user_ctrlr_switch_doorbells(ctrlr, false);
3627 0 : free_sdbl(vfu_ctx, ctrlr->sdbl);
3628 0 : ctrlr->sdbl = NULL;
3629 0 : }
3630 :
3631 : /* FIXME: much more needed here. */
3632 :
3633 0 : return 0;
3634 0 : }
3635 :
3636 : static int
3637 0 : vfio_user_migr_ctrlr_construct_qps(struct nvmf_vfio_user_ctrlr *vu_ctrlr,
3638 : struct vfio_user_nvme_migr_state *migr_state)
3639 : {
3640 0 : uint32_t i, qsize = 0;
3641 0 : uint16_t sqid, cqid;
3642 0 : struct vfio_user_nvme_migr_qp migr_qp;
3643 0 : void *addr;
3644 0 : uint32_t cqs_ref[NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR] = {};
3645 0 : int ret;
3646 :
3647 0 : if (SPDK_DEBUGLOG_FLAG_ENABLED("nvmf_vfio")) {
3648 0 : vfio_user_ctrlr_dump_migr_data("RESUME", migr_state, vu_ctrlr->sdbl);
3649 0 : }
3650 :
3651 : /* restore submission queues */
3652 0 : for (i = 0; i < NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR; i++) {
3653 0 : migr_qp = migr_state->qps[i];
3654 :
3655 0 : qsize = migr_qp.sq.size;
3656 0 : if (qsize) {
3657 0 : struct nvmf_vfio_user_sq *sq;
3658 :
3659 0 : sqid = migr_qp.sq.sqid;
3660 0 : if (sqid != i) {
3661 0 : SPDK_ERRLOG("Expected sqid %u while got %u", i, sqid);
3662 0 : return -EINVAL;
3663 : }
3664 :
3665 : /* allocate sq if necessary */
3666 0 : if (vu_ctrlr->sqs[sqid] == NULL) {
3667 0 : ret = init_sq(vu_ctrlr, &vu_ctrlr->transport->transport, sqid);
3668 0 : if (ret) {
3669 0 : SPDK_ERRLOG("Construct qpair with qid %u failed\n", sqid);
3670 0 : return -EFAULT;
3671 : }
3672 0 : }
3673 :
3674 0 : sq = vu_ctrlr->sqs[sqid];
3675 0 : sq->size = qsize;
3676 :
3677 0 : ret = alloc_sq_reqs(vu_ctrlr, sq);
3678 0 : if (ret) {
3679 0 : SPDK_ERRLOG("Construct sq with qid %u failed\n", sqid);
3680 0 : return -EFAULT;
3681 : }
3682 :
3683 : /* restore sq */
3684 0 : sq->sq_state = VFIO_USER_SQ_CREATED;
3685 0 : sq->cqid = migr_qp.sq.cqid;
3686 0 : *sq_headp(sq) = migr_qp.sq.head;
3687 0 : sq->mapping.prp1 = migr_qp.sq.dma_addr;
3688 0 : sq->mapping.len = sq->size * sizeof(struct spdk_nvme_cmd);
3689 0 : addr = map_one(vu_ctrlr->endpoint->vfu_ctx,
3690 0 : sq->mapping.prp1, sq->mapping.len,
3691 0 : sq->mapping.sg, &sq->mapping.iov,
3692 : PROT_READ);
3693 0 : if (addr == NULL) {
3694 0 : SPDK_ERRLOG("Restore sq with qid %u PRP1 0x%"PRIx64" with size %u failed\n",
3695 : sqid, sq->mapping.prp1, sq->size);
3696 0 : return -EFAULT;
3697 : }
3698 0 : cqs_ref[sq->cqid]++;
3699 0 : }
3700 0 : }
3701 :
3702 : /* restore completion queues */
3703 0 : for (i = 0; i < NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR; i++) {
3704 0 : migr_qp = migr_state->qps[i];
3705 :
3706 0 : qsize = migr_qp.cq.size;
3707 0 : if (qsize) {
3708 0 : struct nvmf_vfio_user_cq *cq;
3709 :
3710 : /* restore cq */
3711 0 : cqid = migr_qp.sq.cqid;
3712 0 : assert(cqid == i);
3713 :
3714 : /* allocate cq if necessary */
3715 0 : if (vu_ctrlr->cqs[cqid] == NULL) {
3716 0 : ret = init_cq(vu_ctrlr, cqid);
3717 0 : if (ret) {
3718 0 : SPDK_ERRLOG("Construct qpair with qid %u failed\n", cqid);
3719 0 : return -EFAULT;
3720 : }
3721 0 : }
3722 :
3723 0 : cq = vu_ctrlr->cqs[cqid];
3724 :
3725 0 : cq->size = qsize;
3726 :
3727 0 : cq->cq_state = VFIO_USER_CQ_CREATED;
3728 0 : cq->cq_ref = cqs_ref[cqid];
3729 0 : *cq_tailp(cq) = migr_qp.cq.tail;
3730 0 : cq->mapping.prp1 = migr_qp.cq.dma_addr;
3731 0 : cq->mapping.len = cq->size * sizeof(struct spdk_nvme_cpl);
3732 0 : cq->ien = migr_qp.cq.ien;
3733 0 : cq->iv = migr_qp.cq.iv;
3734 0 : cq->phase = migr_qp.cq.phase;
3735 0 : addr = map_one(vu_ctrlr->endpoint->vfu_ctx,
3736 0 : cq->mapping.prp1, cq->mapping.len,
3737 0 : cq->mapping.sg, &cq->mapping.iov,
3738 : PROT_READ | PROT_WRITE);
3739 0 : if (addr == NULL) {
3740 0 : SPDK_ERRLOG("Restore cq with qid %u PRP1 0x%"PRIx64" with size %u failed\n",
3741 : cqid, cq->mapping.prp1, cq->size);
3742 0 : return -EFAULT;
3743 : }
3744 0 : }
3745 0 : }
3746 :
3747 0 : return 0;
3748 0 : }
3749 :
3750 : static int
3751 0 : vfio_user_migr_ctrlr_restore(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
3752 : {
3753 0 : struct nvmf_vfio_user_endpoint *endpoint = vu_ctrlr->endpoint;
3754 0 : struct spdk_nvmf_ctrlr *ctrlr = vu_ctrlr->ctrlr;
3755 0 : uint32_t *doorbell_base;
3756 0 : struct spdk_nvme_cmd cmd;
3757 0 : uint16_t i;
3758 0 : int rc = 0;
3759 0 : struct vfio_user_nvme_migr_state migr_state = {
3760 : .nvmf_data = {
3761 : .data_size = offsetof(struct spdk_nvmf_ctrlr_migr_data, unused),
3762 : .regs_size = sizeof(struct spdk_nvmf_registers),
3763 : .feat_size = sizeof(struct spdk_nvmf_ctrlr_feat)
3764 : }
3765 : };
3766 :
3767 0 : assert(endpoint->migr_data != NULL);
3768 0 : assert(ctrlr != NULL);
3769 0 : rc = vfio_user_migr_stream_to_data(endpoint, &migr_state);
3770 0 : if (rc) {
3771 0 : return rc;
3772 : }
3773 :
3774 : /* restore shadow doorbells */
3775 0 : if (migr_state.ctrlr_header.sdbl) {
3776 0 : struct nvmf_vfio_user_shadow_doorbells *sdbl;
3777 0 : sdbl = map_sdbl(vu_ctrlr->endpoint->vfu_ctx,
3778 0 : migr_state.ctrlr_header.shadow_doorbell_buffer,
3779 0 : migr_state.ctrlr_header.eventidx_buffer,
3780 0 : memory_page_size(vu_ctrlr));
3781 0 : if (sdbl == NULL) {
3782 0 : SPDK_ERRLOG("%s: failed to re-map shadow doorbell buffers\n",
3783 : ctrlr_id(vu_ctrlr));
3784 0 : return -1;
3785 : }
3786 :
3787 0 : vu_ctrlr->shadow_doorbell_buffer = migr_state.ctrlr_header.shadow_doorbell_buffer;
3788 0 : vu_ctrlr->eventidx_buffer = migr_state.ctrlr_header.eventidx_buffer;
3789 :
3790 0 : SWAP(vu_ctrlr->sdbl, sdbl);
3791 0 : }
3792 :
3793 0 : rc = vfio_user_migr_ctrlr_construct_qps(vu_ctrlr, &migr_state);
3794 0 : if (rc) {
3795 0 : return rc;
3796 : }
3797 :
3798 : /* restore PCI configuration space */
3799 0 : memcpy((void *)endpoint->pci_config_space, &migr_state.cfg, NVME_REG_CFG_SIZE);
3800 :
3801 0 : doorbell_base = (uint32_t *)&migr_state.doorbells;
3802 : /* restore doorbells from saved registers */
3803 0 : memcpy((void *)vu_ctrlr->bar0_doorbells, doorbell_base, NVMF_VFIO_USER_DOORBELLS_SIZE);
3804 :
3805 : /* restore nvmf controller data */
3806 0 : rc = spdk_nvmf_ctrlr_restore_migr_data(ctrlr, &migr_state.nvmf_data);
3807 0 : if (rc) {
3808 0 : return rc;
3809 : }
3810 :
3811 : /* resubmit pending AERs */
3812 0 : for (i = 0; i < migr_state.nvmf_data.num_aer_cids; i++) {
3813 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s AER resubmit, CID %u\n", ctrlr_id(vu_ctrlr),
3814 : migr_state.nvmf_data.aer_cids[i]);
3815 0 : memset(&cmd, 0, sizeof(cmd));
3816 0 : cmd.opc = SPDK_NVME_OPC_ASYNC_EVENT_REQUEST;
3817 0 : cmd.cid = migr_state.nvmf_data.aer_cids[i];
3818 0 : rc = handle_cmd_req(vu_ctrlr, &cmd, vu_ctrlr->sqs[0]);
3819 0 : if (spdk_unlikely(rc)) {
3820 0 : break;
3821 : }
3822 0 : }
3823 :
3824 0 : return rc;
3825 0 : }
3826 :
3827 : static void
3828 0 : vfio_user_migr_ctrlr_enable_sqs(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
3829 : {
3830 0 : uint32_t i;
3831 0 : struct nvmf_vfio_user_sq *sq;
3832 :
3833 : /* The Admin queue (qid: 0) does not ever use shadow doorbells. */
3834 :
3835 0 : if (vu_ctrlr->sqs[0] != NULL) {
3836 0 : vu_ctrlr->sqs[0]->dbl_tailp = vu_ctrlr->bar0_doorbells +
3837 0 : queue_index(0, false);
3838 0 : }
3839 :
3840 0 : if (vu_ctrlr->cqs[0] != NULL) {
3841 0 : vu_ctrlr->cqs[0]->dbl_headp = vu_ctrlr->bar0_doorbells +
3842 0 : queue_index(0, true);
3843 0 : }
3844 :
3845 0 : vfio_user_ctrlr_switch_doorbells(vu_ctrlr, vu_ctrlr->sdbl != NULL);
3846 :
3847 0 : for (i = 0; i < NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR; i++) {
3848 0 : sq = vu_ctrlr->sqs[i];
3849 0 : if (!sq || !sq->size) {
3850 0 : continue;
3851 : }
3852 :
3853 0 : if (nvmf_qpair_is_admin_queue(&sq->qpair)) {
3854 : /* ADMIN queue pair is always in the poll group, just enable it */
3855 0 : sq->sq_state = VFIO_USER_SQ_ACTIVE;
3856 0 : } else {
3857 0 : spdk_nvmf_tgt_new_qpair(vu_ctrlr->transport->transport.tgt, &sq->qpair);
3858 : }
3859 0 : }
3860 0 : }
3861 :
3862 : /*
3863 : * We are in stop-and-copy state, but still potentially have some current dirty
3864 : * sgls: while we're quiesced and thus should have no active requests, we still
3865 : * have potentially dirty maps of the shadow doorbells and the CQs (SQs are
3866 : * mapped read only).
3867 : *
3868 : * Since we won't be calling vfu_sgl_put() for them, we need to explicitly
3869 : * mark them dirty now.
3870 : */
3871 : static void
3872 0 : vfio_user_migr_ctrlr_mark_dirty(struct nvmf_vfio_user_ctrlr *vu_ctrlr)
3873 : {
3874 0 : struct nvmf_vfio_user_endpoint *endpoint = vu_ctrlr->endpoint;
3875 :
3876 0 : assert(vu_ctrlr->state == VFIO_USER_CTRLR_MIGRATING);
3877 :
3878 0 : for (size_t i = 0; i < NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR; i++) {
3879 0 : struct nvmf_vfio_user_cq *cq = vu_ctrlr->cqs[i];
3880 :
3881 0 : if (cq == NULL || q_addr(&cq->mapping) == NULL) {
3882 0 : continue;
3883 : }
3884 :
3885 0 : vfu_sgl_mark_dirty(endpoint->vfu_ctx, cq->mapping.sg, 1);
3886 0 : }
3887 :
3888 0 : if (vu_ctrlr->sdbl != NULL) {
3889 0 : dma_sg_t *sg;
3890 0 : size_t i;
3891 :
3892 0 : for (i = 0; i < NVMF_VFIO_USER_SHADOW_DOORBELLS_BUFFER_COUNT;
3893 0 : ++i) {
3894 :
3895 0 : if (!vu_ctrlr->sdbl->iovs[i].iov_len) {
3896 0 : continue;
3897 : }
3898 :
3899 0 : sg = index_to_sg_t(vu_ctrlr->sdbl->sgs, i);
3900 :
3901 0 : vfu_sgl_mark_dirty(endpoint->vfu_ctx, sg, 1);
3902 0 : }
3903 0 : }
3904 0 : }
3905 :
3906 : static int
3907 0 : vfio_user_migration_device_state_transition(vfu_ctx_t *vfu_ctx, vfu_migr_state_t state)
3908 : {
3909 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
3910 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = endpoint->ctrlr;
3911 0 : struct nvmf_vfio_user_sq *sq;
3912 0 : int ret = 0;
3913 :
3914 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s controller state %u, migration state %u\n", endpoint_id(endpoint),
3915 : vu_ctrlr->state, state);
3916 :
3917 0 : switch (state) {
3918 : case VFU_MIGR_STATE_STOP_AND_COPY:
3919 0 : vu_ctrlr->in_source_vm = true;
3920 0 : vu_ctrlr->state = VFIO_USER_CTRLR_MIGRATING;
3921 0 : vfio_user_migr_ctrlr_mark_dirty(vu_ctrlr);
3922 0 : vfio_user_migr_ctrlr_save_data(vu_ctrlr);
3923 0 : break;
3924 : case VFU_MIGR_STATE_STOP:
3925 0 : vu_ctrlr->state = VFIO_USER_CTRLR_MIGRATING;
3926 : /* The controller associates with source VM is dead now, we will resume
3927 : * the subsystem after destroying the controller data structure, then the
3928 : * subsystem can be re-used for another new client.
3929 : */
3930 0 : if (vu_ctrlr->in_source_vm) {
3931 0 : endpoint->need_resume = true;
3932 0 : }
3933 0 : break;
3934 : case VFU_MIGR_STATE_PRE_COPY:
3935 0 : assert(vu_ctrlr->state == VFIO_USER_CTRLR_PAUSED);
3936 0 : break;
3937 : case VFU_MIGR_STATE_RESUME:
3938 : /*
3939 : * Destination ADMIN queue pair is connected when starting the VM,
3940 : * but the ADMIN queue pair isn't enabled in destination VM, the poll
3941 : * group will do nothing to ADMIN queue pair for now.
3942 : */
3943 0 : if (vu_ctrlr->state != VFIO_USER_CTRLR_RUNNING) {
3944 0 : break;
3945 : }
3946 :
3947 0 : assert(!vu_ctrlr->in_source_vm);
3948 0 : vu_ctrlr->state = VFIO_USER_CTRLR_MIGRATING;
3949 :
3950 0 : sq = TAILQ_FIRST(&vu_ctrlr->connected_sqs);
3951 0 : assert(sq != NULL);
3952 0 : assert(sq->qpair.qid == 0);
3953 0 : sq->sq_state = VFIO_USER_SQ_INACTIVE;
3954 :
3955 : /* Free ADMIN SQ resources first, SQ resources will be
3956 : * allocated based on queue size from source VM.
3957 : */
3958 0 : free_sq_reqs(sq);
3959 0 : sq->size = 0;
3960 0 : break;
3961 : case VFU_MIGR_STATE_RUNNING:
3962 :
3963 0 : if (vu_ctrlr->state != VFIO_USER_CTRLR_MIGRATING) {
3964 0 : break;
3965 : }
3966 :
3967 0 : if (!vu_ctrlr->in_source_vm) {
3968 : /* Restore destination VM from BAR9 */
3969 0 : ret = vfio_user_migr_ctrlr_restore(vu_ctrlr);
3970 0 : if (ret) {
3971 0 : break;
3972 : }
3973 :
3974 0 : vfio_user_ctrlr_switch_doorbells(vu_ctrlr, false);
3975 0 : vfio_user_migr_ctrlr_enable_sqs(vu_ctrlr);
3976 0 : vu_ctrlr->state = VFIO_USER_CTRLR_RUNNING;
3977 : /* FIXME where do we resume nvmf? */
3978 0 : } else {
3979 : /* Rollback source VM */
3980 0 : vu_ctrlr->state = VFIO_USER_CTRLR_RESUMING;
3981 0 : ret = spdk_nvmf_subsystem_resume((struct spdk_nvmf_subsystem *)endpoint->subsystem,
3982 0 : vfio_user_endpoint_resume_done, endpoint);
3983 0 : if (ret < 0) {
3984 : /* TODO: fail controller with CFS bit set */
3985 0 : vu_ctrlr->state = VFIO_USER_CTRLR_PAUSED;
3986 0 : SPDK_ERRLOG("%s: failed to resume, ret=%d\n", endpoint_id(endpoint), ret);
3987 0 : }
3988 : }
3989 0 : vu_ctrlr->migr_data_prepared = false;
3990 0 : vu_ctrlr->in_source_vm = false;
3991 0 : break;
3992 :
3993 : default:
3994 0 : return -EINVAL;
3995 : }
3996 :
3997 0 : return ret;
3998 0 : }
3999 :
4000 : static uint64_t
4001 0 : vfio_user_migration_get_pending_bytes(vfu_ctx_t *vfu_ctx)
4002 : {
4003 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
4004 0 : struct nvmf_vfio_user_ctrlr *ctrlr = endpoint->ctrlr;
4005 0 : uint64_t pending_bytes;
4006 :
4007 0 : if (ctrlr->migr_data_prepared) {
4008 0 : assert(ctrlr->state == VFIO_USER_CTRLR_MIGRATING);
4009 0 : pending_bytes = 0;
4010 0 : } else {
4011 0 : pending_bytes = vfio_user_migr_data_len();
4012 : }
4013 :
4014 0 : SPDK_DEBUGLOG(nvmf_vfio,
4015 : "%s current state %u, pending bytes 0x%"PRIx64"\n",
4016 : endpoint_id(endpoint), ctrlr->state, pending_bytes);
4017 :
4018 0 : return pending_bytes;
4019 0 : }
4020 :
4021 : static int
4022 0 : vfio_user_migration_prepare_data(vfu_ctx_t *vfu_ctx, uint64_t *offset, uint64_t *size)
4023 : {
4024 0 : struct nvmf_vfio_user_endpoint *endpoint = vfu_get_private(vfu_ctx);
4025 0 : struct nvmf_vfio_user_ctrlr *ctrlr = endpoint->ctrlr;
4026 :
4027 : /*
4028 : * When transitioning to pre-copy state we set pending_bytes to 0,
4029 : * so the vfio-user client shouldn't attempt to read any migration
4030 : * data. This is not yet guaranteed by libvfio-user.
4031 : */
4032 0 : if (ctrlr->state != VFIO_USER_CTRLR_MIGRATING) {
4033 0 : assert(size != NULL);
4034 0 : *offset = 0;
4035 0 : *size = 0;
4036 0 : return 0;
4037 : }
4038 :
4039 0 : if (ctrlr->in_source_vm) { /* migration source */
4040 0 : assert(size != NULL);
4041 0 : *size = vfio_user_migr_data_len();
4042 0 : vfio_user_migr_ctrlr_save_data(ctrlr);
4043 0 : } else { /* migration destination */
4044 0 : assert(size == NULL);
4045 0 : assert(!ctrlr->migr_data_prepared);
4046 : }
4047 0 : *offset = 0;
4048 0 : ctrlr->migr_data_prepared = true;
4049 :
4050 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s current state %u\n", endpoint_id(endpoint), ctrlr->state);
4051 :
4052 0 : return 0;
4053 0 : }
4054 :
4055 : static ssize_t
4056 0 : vfio_user_migration_read_data(vfu_ctx_t *vfu_ctx __attribute__((unused)),
4057 : void *buf __attribute__((unused)),
4058 : uint64_t count __attribute__((unused)),
4059 : uint64_t offset __attribute__((unused)))
4060 : {
4061 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: migration read data not supported\n",
4062 : endpoint_id(vfu_get_private(vfu_ctx)));
4063 0 : errno = ENOTSUP;
4064 0 : return -1;
4065 : }
4066 :
4067 : static ssize_t
4068 0 : vfio_user_migration_write_data(vfu_ctx_t *vfu_ctx __attribute__((unused)),
4069 : void *buf __attribute__((unused)),
4070 : uint64_t count __attribute__((unused)),
4071 : uint64_t offset __attribute__((unused)))
4072 : {
4073 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: migration write data not supported\n",
4074 : endpoint_id(vfu_get_private(vfu_ctx)));
4075 0 : errno = ENOTSUP;
4076 0 : return -1;
4077 : }
4078 :
4079 : static int
4080 0 : vfio_user_migration_data_written(vfu_ctx_t *vfu_ctx __attribute__((unused)),
4081 : uint64_t count)
4082 : {
4083 0 : SPDK_DEBUGLOG(nvmf_vfio, "write 0x%"PRIx64"\n", (uint64_t)count);
4084 :
4085 0 : if (count != vfio_user_migr_data_len()) {
4086 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s bad count %#lx\n",
4087 : endpoint_id(vfu_get_private(vfu_ctx)), count);
4088 0 : errno = EINVAL;
4089 0 : return -1;
4090 : }
4091 :
4092 0 : return 0;
4093 0 : }
4094 :
4095 : static int
4096 0 : vfio_user_dev_info_fill(struct nvmf_vfio_user_transport *vu_transport,
4097 : struct nvmf_vfio_user_endpoint *endpoint)
4098 : {
4099 0 : int ret;
4100 0 : ssize_t cap_offset;
4101 0 : vfu_ctx_t *vfu_ctx = endpoint->vfu_ctx;
4102 0 : struct iovec migr_sparse_mmap = {};
4103 :
4104 0 : struct pmcap pmcap = { .hdr.id = PCI_CAP_ID_PM, .pmcs.nsfrst = 0x1 };
4105 0 : struct pxcap pxcap = {
4106 : .hdr.id = PCI_CAP_ID_EXP,
4107 : .pxcaps.ver = 0x2,
4108 : .pxdcap = {.rer = 0x1, .flrc = 0x1},
4109 : .pxdcap2.ctds = 0x1
4110 : };
4111 :
4112 0 : struct msixcap msixcap = {
4113 : .hdr.id = PCI_CAP_ID_MSIX,
4114 : .mxc.ts = NVMF_VFIO_USER_MSIX_NUM - 1,
4115 : .mtab = {.tbir = NVMF_VFIO_USER_MSIX_TABLE_BIR, .to = 0x0},
4116 : .mpba = {.pbir = NVMF_VFIO_USER_MSIX_PBA_BIR, .pbao = 0x0}
4117 : };
4118 :
4119 0 : struct iovec sparse_mmap[] = {
4120 : {
4121 : .iov_base = (void *)NVME_DOORBELLS_OFFSET,
4122 : .iov_len = NVMF_VFIO_USER_DOORBELLS_SIZE,
4123 : },
4124 : };
4125 :
4126 0 : const vfu_migration_callbacks_t migr_callbacks = {
4127 : .version = VFIO_USER_MIGR_CALLBACK_VERS,
4128 : .transition = &vfio_user_migration_device_state_transition,
4129 : .get_pending_bytes = &vfio_user_migration_get_pending_bytes,
4130 : .prepare_data = &vfio_user_migration_prepare_data,
4131 : .read_data = &vfio_user_migration_read_data,
4132 : .data_written = &vfio_user_migration_data_written,
4133 : .write_data = &vfio_user_migration_write_data
4134 : };
4135 :
4136 0 : ret = vfu_pci_init(vfu_ctx, VFU_PCI_TYPE_EXPRESS, PCI_HEADER_TYPE_NORMAL, 0);
4137 0 : if (ret < 0) {
4138 0 : SPDK_ERRLOG("vfu_ctx %p failed to initialize PCI\n", vfu_ctx);
4139 0 : return ret;
4140 : }
4141 0 : vfu_pci_set_id(vfu_ctx, SPDK_PCI_VID_NUTANIX, 0x0001, SPDK_PCI_VID_NUTANIX, 0);
4142 : /*
4143 : * 0x02, controller uses the NVM Express programming interface
4144 : * 0x08, non-volatile memory controller
4145 : * 0x01, mass storage controller
4146 : */
4147 0 : vfu_pci_set_class(vfu_ctx, 0x01, 0x08, 0x02);
4148 :
4149 0 : cap_offset = vfu_pci_add_capability(vfu_ctx, 0, 0, &pmcap);
4150 0 : if (cap_offset < 0) {
4151 0 : SPDK_ERRLOG("vfu_ctx %p failed add pmcap\n", vfu_ctx);
4152 0 : return ret;
4153 : }
4154 :
4155 0 : cap_offset = vfu_pci_add_capability(vfu_ctx, 0, 0, &pxcap);
4156 0 : if (cap_offset < 0) {
4157 0 : SPDK_ERRLOG("vfu_ctx %p failed add pxcap\n", vfu_ctx);
4158 0 : return ret;
4159 : }
4160 :
4161 0 : cap_offset = vfu_pci_add_capability(vfu_ctx, 0, 0, &msixcap);
4162 0 : if (cap_offset < 0) {
4163 0 : SPDK_ERRLOG("vfu_ctx %p failed add msixcap\n", vfu_ctx);
4164 0 : return ret;
4165 : }
4166 :
4167 0 : ret = vfu_setup_region(vfu_ctx, VFU_PCI_DEV_CFG_REGION_IDX, NVME_REG_CFG_SIZE,
4168 0 : access_pci_config, VFU_REGION_FLAG_RW, NULL, 0, -1, 0);
4169 0 : if (ret < 0) {
4170 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup cfg\n", vfu_ctx);
4171 0 : return ret;
4172 : }
4173 :
4174 0 : if (vu_transport->transport_opts.disable_mappable_bar0) {
4175 0 : ret = vfu_setup_region(vfu_ctx, VFU_PCI_DEV_BAR0_REGION_IDX, NVME_REG_BAR0_SIZE,
4176 0 : access_bar0_fn, VFU_REGION_FLAG_RW | VFU_REGION_FLAG_MEM,
4177 : NULL, 0, -1, 0);
4178 0 : } else {
4179 0 : ret = vfu_setup_region(vfu_ctx, VFU_PCI_DEV_BAR0_REGION_IDX, NVME_REG_BAR0_SIZE,
4180 0 : access_bar0_fn, VFU_REGION_FLAG_RW | VFU_REGION_FLAG_MEM,
4181 0 : sparse_mmap, 1, endpoint->devmem_fd, 0);
4182 : }
4183 :
4184 0 : if (ret < 0) {
4185 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup bar 0\n", vfu_ctx);
4186 0 : return ret;
4187 : }
4188 :
4189 0 : ret = vfu_setup_region(vfu_ctx, VFU_PCI_DEV_BAR4_REGION_IDX, NVMF_VFIO_USER_BAR4_SIZE,
4190 0 : NULL, VFU_REGION_FLAG_RW, NULL, 0, -1, 0);
4191 0 : if (ret < 0) {
4192 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup bar 4\n", vfu_ctx);
4193 0 : return ret;
4194 : }
4195 :
4196 0 : ret = vfu_setup_region(vfu_ctx, VFU_PCI_DEV_BAR5_REGION_IDX, NVMF_VFIO_USER_BAR5_SIZE,
4197 0 : NULL, VFU_REGION_FLAG_RW, NULL, 0, -1, 0);
4198 0 : if (ret < 0) {
4199 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup bar 5\n", vfu_ctx);
4200 0 : return ret;
4201 : }
4202 :
4203 0 : ret = vfu_setup_device_dma(vfu_ctx, memory_region_add_cb, memory_region_remove_cb);
4204 0 : if (ret < 0) {
4205 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup dma callback\n", vfu_ctx);
4206 0 : return ret;
4207 : }
4208 :
4209 0 : ret = vfu_setup_device_reset_cb(vfu_ctx, vfio_user_device_reset);
4210 0 : if (ret < 0) {
4211 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup reset callback\n", vfu_ctx);
4212 0 : return ret;
4213 : }
4214 :
4215 0 : ret = vfu_setup_device_nr_irqs(vfu_ctx, VFU_DEV_INTX_IRQ, 1);
4216 0 : if (ret < 0) {
4217 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup INTX\n", vfu_ctx);
4218 0 : return ret;
4219 : }
4220 :
4221 0 : ret = vfu_setup_device_nr_irqs(vfu_ctx, VFU_DEV_MSIX_IRQ, NVMF_VFIO_USER_MSIX_NUM);
4222 0 : if (ret < 0) {
4223 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup MSIX\n", vfu_ctx);
4224 0 : return ret;
4225 : }
4226 :
4227 0 : vfu_setup_device_quiesce_cb(vfu_ctx, vfio_user_dev_quiesce_cb);
4228 :
4229 0 : migr_sparse_mmap.iov_base = (void *)4096;
4230 0 : migr_sparse_mmap.iov_len = vfio_user_migr_data_len();
4231 0 : ret = vfu_setup_region(vfu_ctx, VFU_PCI_DEV_MIGR_REGION_IDX,
4232 0 : vfu_get_migr_register_area_size() + vfio_user_migr_data_len(),
4233 0 : NULL, VFU_REGION_FLAG_RW | VFU_REGION_FLAG_MEM, &migr_sparse_mmap,
4234 0 : 1, endpoint->migr_fd, 0);
4235 0 : if (ret < 0) {
4236 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup migration region\n", vfu_ctx);
4237 0 : return ret;
4238 : }
4239 :
4240 0 : ret = vfu_setup_device_migration_callbacks(vfu_ctx, &migr_callbacks,
4241 0 : vfu_get_migr_register_area_size());
4242 0 : if (ret < 0) {
4243 0 : SPDK_ERRLOG("vfu_ctx %p failed to setup migration callbacks\n", vfu_ctx);
4244 0 : return ret;
4245 : }
4246 :
4247 0 : ret = vfu_realize_ctx(vfu_ctx);
4248 0 : if (ret < 0) {
4249 0 : SPDK_ERRLOG("vfu_ctx %p failed to realize\n", vfu_ctx);
4250 0 : return ret;
4251 : }
4252 :
4253 0 : endpoint->pci_config_space = vfu_pci_get_config_space(endpoint->vfu_ctx);
4254 0 : assert(endpoint->pci_config_space != NULL);
4255 0 : init_pci_config_space(endpoint->pci_config_space);
4256 :
4257 0 : assert(cap_offset != 0);
4258 0 : endpoint->msix = (struct msixcap *)((uint8_t *)endpoint->pci_config_space + cap_offset);
4259 :
4260 0 : return 0;
4261 0 : }
4262 :
4263 : static int nvmf_vfio_user_accept(void *ctx);
4264 :
4265 : /*
4266 : * Register an "accept" poller: this is polling for incoming vfio-user socket
4267 : * connections (on the listening socket).
4268 : *
4269 : * We need to do this on first listening, and also after destroying a
4270 : * controller, so we can accept another connection.
4271 : */
4272 : static int
4273 0 : vfio_user_register_accept_poller(struct nvmf_vfio_user_endpoint *endpoint)
4274 : {
4275 0 : uint64_t poll_rate_us = endpoint->transport->transport.opts.acceptor_poll_rate;
4276 :
4277 0 : SPDK_DEBUGLOG(nvmf_vfio, "registering accept poller\n");
4278 :
4279 0 : endpoint->accept_poller = SPDK_POLLER_REGISTER(nvmf_vfio_user_accept,
4280 : endpoint, poll_rate_us);
4281 :
4282 0 : if (!endpoint->accept_poller) {
4283 0 : return -1;
4284 : }
4285 :
4286 0 : endpoint->accept_thread = spdk_get_thread();
4287 0 : endpoint->need_relisten = false;
4288 :
4289 0 : if (!spdk_interrupt_mode_is_enabled()) {
4290 0 : return 0;
4291 : }
4292 :
4293 0 : endpoint->accept_intr_fd = vfu_get_poll_fd(endpoint->vfu_ctx);
4294 0 : assert(endpoint->accept_intr_fd != -1);
4295 :
4296 0 : endpoint->accept_intr = SPDK_INTERRUPT_REGISTER(endpoint->accept_intr_fd,
4297 : nvmf_vfio_user_accept, endpoint);
4298 :
4299 0 : assert(endpoint->accept_intr != NULL);
4300 :
4301 0 : spdk_poller_register_interrupt(endpoint->accept_poller, NULL, NULL);
4302 0 : return 0;
4303 0 : }
4304 :
4305 : static void
4306 0 : _vfio_user_relisten(void *ctx)
4307 : {
4308 0 : struct nvmf_vfio_user_endpoint *endpoint = ctx;
4309 :
4310 0 : vfio_user_register_accept_poller(endpoint);
4311 0 : }
4312 :
4313 : static void
4314 0 : _free_ctrlr(void *ctx)
4315 : {
4316 0 : struct nvmf_vfio_user_ctrlr *ctrlr = ctx;
4317 0 : struct nvmf_vfio_user_endpoint *endpoint = ctrlr->endpoint;
4318 :
4319 0 : free_sdbl(endpoint->vfu_ctx, ctrlr->sdbl);
4320 :
4321 0 : spdk_interrupt_unregister(&ctrlr->intr);
4322 0 : ctrlr->intr_fd = -1;
4323 0 : spdk_poller_unregister(&ctrlr->vfu_ctx_poller);
4324 :
4325 0 : free(ctrlr);
4326 :
4327 0 : if (endpoint->need_async_destroy) {
4328 0 : nvmf_vfio_user_destroy_endpoint(endpoint);
4329 0 : } else if (endpoint->need_relisten) {
4330 0 : spdk_thread_send_msg(endpoint->accept_thread,
4331 0 : _vfio_user_relisten, endpoint);
4332 0 : }
4333 0 : }
4334 :
4335 : static void
4336 0 : free_ctrlr(struct nvmf_vfio_user_ctrlr *ctrlr)
4337 : {
4338 0 : struct spdk_thread *thread;
4339 0 : int i;
4340 :
4341 0 : assert(ctrlr != NULL);
4342 0 : thread = ctrlr->thread ? ctrlr->thread : spdk_get_thread();
4343 :
4344 0 : SPDK_DEBUGLOG(nvmf_vfio, "free %s\n", ctrlr_id(ctrlr));
4345 :
4346 0 : for (i = 0; i < NVMF_VFIO_USER_MAX_QPAIRS_PER_CTRLR; i++) {
4347 0 : free_qp(ctrlr, i);
4348 0 : }
4349 :
4350 0 : spdk_thread_exec_msg(thread, _free_ctrlr, ctrlr);
4351 0 : }
4352 :
4353 : static int
4354 0 : nvmf_vfio_user_create_ctrlr(struct nvmf_vfio_user_transport *transport,
4355 : struct nvmf_vfio_user_endpoint *endpoint)
4356 : {
4357 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
4358 0 : int err = 0;
4359 :
4360 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s\n", endpoint_id(endpoint));
4361 :
4362 : /* First, construct a vfio-user CUSTOM transport controller */
4363 0 : ctrlr = calloc(1, sizeof(*ctrlr));
4364 0 : if (ctrlr == NULL) {
4365 0 : err = -ENOMEM;
4366 0 : goto out;
4367 : }
4368 : /*
4369 : * We can only support one connection for now, but generate a unique cntlid in case vfio-user
4370 : * transport is used together with RDMA or TCP transports in the same target
4371 : */
4372 0 : ctrlr->cntlid = nvmf_subsystem_gen_cntlid(endpoint->subsystem);
4373 0 : ctrlr->intr_fd = -1;
4374 0 : ctrlr->transport = transport;
4375 0 : ctrlr->endpoint = endpoint;
4376 0 : ctrlr->bar0_doorbells = endpoint->bar0_doorbells;
4377 0 : TAILQ_INIT(&ctrlr->connected_sqs);
4378 :
4379 0 : ctrlr->adaptive_irqs_enabled =
4380 0 : !transport->transport_opts.disable_adaptive_irq;
4381 :
4382 : /* Then, construct an admin queue pair */
4383 0 : err = init_sq(ctrlr, &transport->transport, 0);
4384 0 : if (err != 0) {
4385 0 : free(ctrlr);
4386 0 : goto out;
4387 : }
4388 :
4389 0 : err = init_cq(ctrlr, 0);
4390 0 : if (err != 0) {
4391 0 : free(ctrlr);
4392 0 : goto out;
4393 : }
4394 :
4395 0 : ctrlr->sqs[0]->size = NVMF_VFIO_USER_DEFAULT_AQ_DEPTH;
4396 :
4397 0 : err = alloc_sq_reqs(ctrlr, ctrlr->sqs[0]);
4398 0 : if (err != 0) {
4399 0 : free(ctrlr);
4400 0 : goto out;
4401 : }
4402 0 : endpoint->ctrlr = ctrlr;
4403 :
4404 : /* Notify the generic layer about the new admin queue pair */
4405 0 : spdk_nvmf_tgt_new_qpair(transport->transport.tgt, &ctrlr->sqs[0]->qpair);
4406 :
4407 : out:
4408 0 : if (err != 0) {
4409 0 : SPDK_ERRLOG("%s: failed to create vfio-user controller: %s\n",
4410 : endpoint_id(endpoint), strerror(-err));
4411 0 : }
4412 :
4413 0 : return err;
4414 0 : }
4415 :
4416 : static int
4417 0 : nvmf_vfio_user_listen(struct spdk_nvmf_transport *transport,
4418 : const struct spdk_nvme_transport_id *trid,
4419 : struct spdk_nvmf_listen_opts *listen_opts)
4420 : {
4421 0 : struct nvmf_vfio_user_transport *vu_transport;
4422 0 : struct nvmf_vfio_user_endpoint *endpoint, *tmp;
4423 0 : char path[PATH_MAX] = {};
4424 0 : char uuid[PATH_MAX] = {};
4425 0 : int ret;
4426 :
4427 0 : vu_transport = SPDK_CONTAINEROF(transport, struct nvmf_vfio_user_transport,
4428 : transport);
4429 :
4430 0 : pthread_mutex_lock(&vu_transport->lock);
4431 0 : TAILQ_FOREACH_SAFE(endpoint, &vu_transport->endpoints, link, tmp) {
4432 : /* Only compare traddr */
4433 0 : if (strncmp(endpoint->trid.traddr, trid->traddr, sizeof(endpoint->trid.traddr)) == 0) {
4434 0 : pthread_mutex_unlock(&vu_transport->lock);
4435 0 : return -EEXIST;
4436 : }
4437 0 : }
4438 0 : pthread_mutex_unlock(&vu_transport->lock);
4439 :
4440 0 : endpoint = calloc(1, sizeof(*endpoint));
4441 0 : if (!endpoint) {
4442 0 : return -ENOMEM;
4443 : }
4444 :
4445 0 : pthread_mutex_init(&endpoint->lock, NULL);
4446 0 : endpoint->devmem_fd = -1;
4447 0 : memcpy(&endpoint->trid, trid, sizeof(endpoint->trid));
4448 0 : endpoint->transport = vu_transport;
4449 :
4450 0 : ret = snprintf(path, PATH_MAX, "%s/bar0", endpoint_id(endpoint));
4451 0 : if (ret < 0 || ret >= PATH_MAX) {
4452 0 : SPDK_ERRLOG("%s: error to get socket path: %s.\n", endpoint_id(endpoint), spdk_strerror(errno));
4453 0 : ret = -1;
4454 0 : goto out;
4455 : }
4456 :
4457 0 : ret = open(path, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
4458 0 : if (ret == -1) {
4459 0 : SPDK_ERRLOG("%s: failed to open device memory at %s: %s.\n",
4460 : endpoint_id(endpoint), path, spdk_strerror(errno));
4461 0 : goto out;
4462 : }
4463 0 : unlink(path);
4464 :
4465 0 : endpoint->devmem_fd = ret;
4466 0 : ret = ftruncate(endpoint->devmem_fd,
4467 : NVME_DOORBELLS_OFFSET + NVMF_VFIO_USER_DOORBELLS_SIZE);
4468 0 : if (ret != 0) {
4469 0 : SPDK_ERRLOG("%s: error to ftruncate file %s: %s.\n", endpoint_id(endpoint), path,
4470 : spdk_strerror(errno));
4471 0 : goto out;
4472 : }
4473 :
4474 0 : endpoint->bar0_doorbells = mmap(NULL, NVMF_VFIO_USER_DOORBELLS_SIZE,
4475 0 : PROT_READ | PROT_WRITE, MAP_SHARED, endpoint->devmem_fd, NVME_DOORBELLS_OFFSET);
4476 0 : if (endpoint->bar0_doorbells == MAP_FAILED) {
4477 0 : SPDK_ERRLOG("%s: error to mmap file %s: %s.\n", endpoint_id(endpoint), path, spdk_strerror(errno));
4478 0 : endpoint->bar0_doorbells = NULL;
4479 0 : ret = -1;
4480 0 : goto out;
4481 : }
4482 :
4483 0 : ret = snprintf(path, PATH_MAX, "%s/migr", endpoint_id(endpoint));
4484 0 : if (ret < 0 || ret >= PATH_MAX) {
4485 0 : SPDK_ERRLOG("%s: error to get migration file path: %s.\n", endpoint_id(endpoint),
4486 : spdk_strerror(errno));
4487 0 : ret = -1;
4488 0 : goto out;
4489 : }
4490 0 : ret = open(path, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
4491 0 : if (ret == -1) {
4492 0 : SPDK_ERRLOG("%s: failed to open device memory at %s: %s.\n",
4493 : endpoint_id(endpoint), path, spdk_strerror(errno));
4494 0 : goto out;
4495 : }
4496 0 : unlink(path);
4497 :
4498 0 : endpoint->migr_fd = ret;
4499 0 : ret = ftruncate(endpoint->migr_fd,
4500 0 : vfu_get_migr_register_area_size() + vfio_user_migr_data_len());
4501 0 : if (ret != 0) {
4502 0 : SPDK_ERRLOG("%s: error to ftruncate migration file %s: %s.\n", endpoint_id(endpoint), path,
4503 : spdk_strerror(errno));
4504 0 : goto out;
4505 : }
4506 :
4507 0 : endpoint->migr_data = mmap(NULL, vfio_user_migr_data_len(),
4508 0 : PROT_READ | PROT_WRITE, MAP_SHARED, endpoint->migr_fd, vfu_get_migr_register_area_size());
4509 0 : if (endpoint->migr_data == MAP_FAILED) {
4510 0 : SPDK_ERRLOG("%s: error to mmap file %s: %s.\n", endpoint_id(endpoint), path, spdk_strerror(errno));
4511 0 : endpoint->migr_data = NULL;
4512 0 : ret = -1;
4513 0 : goto out;
4514 : }
4515 :
4516 0 : ret = snprintf(uuid, PATH_MAX, "%s/cntrl", endpoint_id(endpoint));
4517 0 : if (ret < 0 || ret >= PATH_MAX) {
4518 0 : SPDK_ERRLOG("%s: error to get ctrlr file path: %s\n", endpoint_id(endpoint), spdk_strerror(errno));
4519 0 : ret = -1;
4520 0 : goto out;
4521 : }
4522 :
4523 0 : endpoint->vfu_ctx = vfu_create_ctx(VFU_TRANS_SOCK, uuid, LIBVFIO_USER_FLAG_ATTACH_NB,
4524 0 : endpoint, VFU_DEV_TYPE_PCI);
4525 0 : if (endpoint->vfu_ctx == NULL) {
4526 0 : SPDK_ERRLOG("%s: error creating libmuser context: %m\n",
4527 : endpoint_id(endpoint));
4528 0 : ret = -1;
4529 0 : goto out;
4530 : }
4531 :
4532 0 : ret = vfu_setup_log(endpoint->vfu_ctx, vfio_user_log,
4533 0 : vfio_user_get_log_level());
4534 0 : if (ret < 0) {
4535 0 : goto out;
4536 : }
4537 :
4538 :
4539 0 : ret = vfio_user_dev_info_fill(vu_transport, endpoint);
4540 0 : if (ret < 0) {
4541 0 : goto out;
4542 : }
4543 :
4544 0 : ret = vfio_user_register_accept_poller(endpoint);
4545 :
4546 0 : if (ret != 0) {
4547 0 : goto out;
4548 : }
4549 :
4550 0 : pthread_mutex_lock(&vu_transport->lock);
4551 0 : TAILQ_INSERT_TAIL(&vu_transport->endpoints, endpoint, link);
4552 0 : pthread_mutex_unlock(&vu_transport->lock);
4553 :
4554 : out:
4555 0 : if (ret != 0) {
4556 0 : nvmf_vfio_user_destroy_endpoint(endpoint);
4557 0 : }
4558 :
4559 0 : return ret;
4560 0 : }
4561 :
4562 : static void
4563 0 : nvmf_vfio_user_stop_listen(struct spdk_nvmf_transport *transport,
4564 : const struct spdk_nvme_transport_id *trid)
4565 : {
4566 0 : struct nvmf_vfio_user_transport *vu_transport;
4567 0 : struct nvmf_vfio_user_endpoint *endpoint, *tmp;
4568 :
4569 0 : assert(trid != NULL);
4570 0 : assert(trid->traddr != NULL);
4571 :
4572 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: stop listen\n", trid->traddr);
4573 :
4574 0 : vu_transport = SPDK_CONTAINEROF(transport, struct nvmf_vfio_user_transport,
4575 : transport);
4576 :
4577 0 : pthread_mutex_lock(&vu_transport->lock);
4578 0 : TAILQ_FOREACH_SAFE(endpoint, &vu_transport->endpoints, link, tmp) {
4579 0 : if (strcmp(trid->traddr, endpoint->trid.traddr) == 0) {
4580 0 : TAILQ_REMOVE(&vu_transport->endpoints, endpoint, link);
4581 : /* Defer to free endpoint resources until the controller
4582 : * is freed. There are two cases when running here:
4583 : * 1. kill nvmf target while VM is connected
4584 : * 2. remove listener via RPC call
4585 : * nvmf library will disconnect all queue paris.
4586 : */
4587 0 : if (endpoint->ctrlr) {
4588 0 : assert(!endpoint->need_async_destroy);
4589 0 : endpoint->need_async_destroy = true;
4590 0 : pthread_mutex_unlock(&vu_transport->lock);
4591 0 : return;
4592 : }
4593 :
4594 0 : nvmf_vfio_user_destroy_endpoint(endpoint);
4595 0 : pthread_mutex_unlock(&vu_transport->lock);
4596 0 : return;
4597 : }
4598 0 : }
4599 0 : pthread_mutex_unlock(&vu_transport->lock);
4600 :
4601 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: not found\n", trid->traddr);
4602 0 : }
4603 :
4604 : static void
4605 0 : nvmf_vfio_user_cdata_init(struct spdk_nvmf_transport *transport,
4606 : struct spdk_nvmf_subsystem *subsystem,
4607 : struct spdk_nvmf_ctrlr_data *cdata)
4608 : {
4609 0 : struct nvmf_vfio_user_transport *vu_transport;
4610 :
4611 0 : vu_transport = SPDK_CONTAINEROF(transport, struct nvmf_vfio_user_transport, transport);
4612 :
4613 0 : cdata->vid = SPDK_PCI_VID_NUTANIX;
4614 0 : cdata->ssvid = SPDK_PCI_VID_NUTANIX;
4615 0 : cdata->ieee[0] = 0x8d;
4616 0 : cdata->ieee[1] = 0x6b;
4617 0 : cdata->ieee[2] = 0x50;
4618 0 : memset(&cdata->sgls, 0, sizeof(struct spdk_nvme_cdata_sgls));
4619 0 : cdata->sgls.supported = SPDK_NVME_SGLS_SUPPORTED_DWORD_ALIGNED;
4620 0 : cdata->oncs.compare = !vu_transport->transport_opts.disable_compare;
4621 : /* libvfio-user can only support 1 connection for now */
4622 0 : cdata->oncs.reservations = 0;
4623 0 : cdata->oacs.doorbell_buffer_config = !vu_transport->transport_opts.disable_shadow_doorbells;
4624 0 : cdata->fuses.compare_and_write = !vu_transport->transport_opts.disable_compare;
4625 0 : }
4626 :
4627 : static int
4628 0 : nvmf_vfio_user_listen_associate(struct spdk_nvmf_transport *transport,
4629 : const struct spdk_nvmf_subsystem *subsystem,
4630 : const struct spdk_nvme_transport_id *trid)
4631 : {
4632 0 : struct nvmf_vfio_user_transport *vu_transport;
4633 0 : struct nvmf_vfio_user_endpoint *endpoint;
4634 :
4635 0 : vu_transport = SPDK_CONTAINEROF(transport, struct nvmf_vfio_user_transport, transport);
4636 :
4637 0 : pthread_mutex_lock(&vu_transport->lock);
4638 0 : TAILQ_FOREACH(endpoint, &vu_transport->endpoints, link) {
4639 0 : if (strncmp(endpoint->trid.traddr, trid->traddr, sizeof(endpoint->trid.traddr)) == 0) {
4640 0 : break;
4641 : }
4642 0 : }
4643 0 : pthread_mutex_unlock(&vu_transport->lock);
4644 :
4645 0 : if (endpoint == NULL) {
4646 0 : return -ENOENT;
4647 : }
4648 :
4649 : /* Drop const - we will later need to pause/unpause. */
4650 0 : endpoint->subsystem = (struct spdk_nvmf_subsystem *)subsystem;
4651 :
4652 0 : return 0;
4653 0 : }
4654 :
4655 : /*
4656 : * Executed periodically at a default SPDK_NVMF_DEFAULT_ACCEPT_POLL_RATE_US
4657 : * frequency.
4658 : *
4659 : * For this endpoint (which at the libvfio-user level corresponds to a socket),
4660 : * if we don't currently have a controller set up, peek to see if the socket is
4661 : * able to accept a new connection.
4662 : */
4663 : static int
4664 0 : nvmf_vfio_user_accept(void *ctx)
4665 : {
4666 0 : struct nvmf_vfio_user_endpoint *endpoint = ctx;
4667 0 : struct nvmf_vfio_user_transport *vu_transport;
4668 0 : int err;
4669 :
4670 0 : vu_transport = endpoint->transport;
4671 :
4672 0 : if (endpoint->ctrlr != NULL) {
4673 0 : return SPDK_POLLER_IDLE;
4674 : }
4675 :
4676 : /* While we're here, the controller is already destroyed,
4677 : * subsystem may still be in RESUMING state, we will wait
4678 : * until the subsystem is in RUNNING state.
4679 : */
4680 0 : if (endpoint->need_resume) {
4681 0 : return SPDK_POLLER_IDLE;
4682 : }
4683 :
4684 0 : err = vfu_attach_ctx(endpoint->vfu_ctx);
4685 0 : if (err == 0) {
4686 0 : SPDK_DEBUGLOG(nvmf_vfio, "attach succeeded\n");
4687 0 : err = nvmf_vfio_user_create_ctrlr(vu_transport, endpoint);
4688 0 : if (err == 0) {
4689 : /*
4690 : * Unregister ourselves: now we've accepted a
4691 : * connection, there is nothing for us to poll for, and
4692 : * we will poll the connection via vfu_run_ctx()
4693 : * instead.
4694 : */
4695 0 : spdk_interrupt_unregister(&endpoint->accept_intr);
4696 0 : spdk_poller_unregister(&endpoint->accept_poller);
4697 0 : }
4698 0 : return SPDK_POLLER_BUSY;
4699 : }
4700 :
4701 0 : if (errno == EAGAIN || errno == EWOULDBLOCK) {
4702 0 : return SPDK_POLLER_IDLE;
4703 : }
4704 :
4705 0 : return SPDK_POLLER_BUSY;
4706 0 : }
4707 :
4708 : static void
4709 0 : nvmf_vfio_user_discover(struct spdk_nvmf_transport *transport,
4710 : struct spdk_nvme_transport_id *trid,
4711 : struct spdk_nvmf_discovery_log_page_entry *entry)
4712 0 : { }
4713 :
4714 : static int vfio_user_poll_group_intr(void *ctx);
4715 :
4716 : static void
4717 0 : vfio_user_poll_group_add_intr(struct nvmf_vfio_user_poll_group *vu_group,
4718 : struct spdk_nvmf_poll_group *group)
4719 : {
4720 0 : vu_group->intr_fd = eventfd(0, EFD_NONBLOCK);
4721 0 : assert(vu_group->intr_fd != -1);
4722 :
4723 0 : vu_group->intr = SPDK_INTERRUPT_REGISTER(vu_group->intr_fd,
4724 : vfio_user_poll_group_intr, vu_group);
4725 0 : assert(vu_group->intr != NULL);
4726 0 : }
4727 :
4728 : static struct spdk_nvmf_transport_poll_group *
4729 0 : nvmf_vfio_user_poll_group_create(struct spdk_nvmf_transport *transport,
4730 : struct spdk_nvmf_poll_group *group)
4731 : {
4732 0 : struct nvmf_vfio_user_transport *vu_transport;
4733 0 : struct nvmf_vfio_user_poll_group *vu_group;
4734 :
4735 0 : vu_transport = SPDK_CONTAINEROF(transport, struct nvmf_vfio_user_transport,
4736 : transport);
4737 :
4738 0 : SPDK_DEBUGLOG(nvmf_vfio, "create poll group\n");
4739 :
4740 0 : vu_group = calloc(1, sizeof(*vu_group));
4741 0 : if (vu_group == NULL) {
4742 0 : SPDK_ERRLOG("Error allocating poll group: %m");
4743 0 : return NULL;
4744 : }
4745 :
4746 0 : if (in_interrupt_mode(vu_transport)) {
4747 0 : vfio_user_poll_group_add_intr(vu_group, group);
4748 0 : }
4749 :
4750 0 : TAILQ_INIT(&vu_group->sqs);
4751 :
4752 0 : pthread_mutex_lock(&vu_transport->pg_lock);
4753 0 : TAILQ_INSERT_TAIL(&vu_transport->poll_groups, vu_group, link);
4754 0 : if (vu_transport->next_pg == NULL) {
4755 0 : vu_transport->next_pg = vu_group;
4756 0 : }
4757 0 : pthread_mutex_unlock(&vu_transport->pg_lock);
4758 :
4759 0 : return &vu_group->group;
4760 0 : }
4761 :
4762 : static struct spdk_nvmf_transport_poll_group *
4763 0 : nvmf_vfio_user_get_optimal_poll_group(struct spdk_nvmf_qpair *qpair)
4764 : {
4765 0 : struct nvmf_vfio_user_transport *vu_transport;
4766 0 : struct nvmf_vfio_user_poll_group **vu_group;
4767 0 : struct nvmf_vfio_user_sq *sq;
4768 0 : struct nvmf_vfio_user_cq *cq;
4769 :
4770 0 : struct spdk_nvmf_transport_poll_group *result = NULL;
4771 :
4772 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
4773 0 : cq = sq->ctrlr->cqs[sq->cqid];
4774 0 : assert(cq != NULL);
4775 0 : vu_transport = SPDK_CONTAINEROF(qpair->transport, struct nvmf_vfio_user_transport, transport);
4776 :
4777 0 : pthread_mutex_lock(&vu_transport->pg_lock);
4778 0 : if (TAILQ_EMPTY(&vu_transport->poll_groups)) {
4779 0 : goto out;
4780 : }
4781 :
4782 0 : if (!nvmf_qpair_is_admin_queue(qpair)) {
4783 : /*
4784 : * If this is shared IO CQ case, just return the used CQ's poll
4785 : * group, so I/O completions don't have to use
4786 : * spdk_thread_send_msg().
4787 : */
4788 0 : if (cq->group != NULL) {
4789 0 : result = cq->group;
4790 0 : goto out;
4791 : }
4792 :
4793 : /*
4794 : * If we're in interrupt mode, align all qpairs for a controller
4795 : * on the same poll group by default, unless requested. This can
4796 : * be lower in performance than running on a single poll group,
4797 : * so we disable spreading by default.
4798 : */
4799 0 : if (in_interrupt_mode(vu_transport) &&
4800 0 : !vu_transport->transport_opts.enable_intr_mode_sq_spreading) {
4801 0 : result = sq->ctrlr->sqs[0]->group;
4802 0 : goto out;
4803 : }
4804 :
4805 0 : }
4806 :
4807 0 : vu_group = &vu_transport->next_pg;
4808 0 : assert(*vu_group != NULL);
4809 :
4810 0 : result = &(*vu_group)->group;
4811 0 : *vu_group = TAILQ_NEXT(*vu_group, link);
4812 0 : if (*vu_group == NULL) {
4813 0 : *vu_group = TAILQ_FIRST(&vu_transport->poll_groups);
4814 0 : }
4815 :
4816 : out:
4817 0 : if (cq->group == NULL) {
4818 0 : cq->group = result;
4819 0 : }
4820 :
4821 0 : pthread_mutex_unlock(&vu_transport->pg_lock);
4822 0 : return result;
4823 0 : }
4824 :
4825 : static void
4826 0 : vfio_user_poll_group_del_intr(struct nvmf_vfio_user_poll_group *vu_group)
4827 : {
4828 0 : assert(vu_group->intr_fd != -1);
4829 :
4830 0 : spdk_interrupt_unregister(&vu_group->intr);
4831 :
4832 0 : close(vu_group->intr_fd);
4833 0 : vu_group->intr_fd = -1;
4834 0 : }
4835 :
4836 : /* called when process exits */
4837 : static void
4838 0 : nvmf_vfio_user_poll_group_destroy(struct spdk_nvmf_transport_poll_group *group)
4839 : {
4840 0 : struct nvmf_vfio_user_poll_group *vu_group, *next_tgroup;
4841 0 : struct nvmf_vfio_user_transport *vu_transport;
4842 :
4843 0 : SPDK_DEBUGLOG(nvmf_vfio, "destroy poll group\n");
4844 :
4845 0 : vu_group = SPDK_CONTAINEROF(group, struct nvmf_vfio_user_poll_group, group);
4846 0 : vu_transport = SPDK_CONTAINEROF(vu_group->group.transport, struct nvmf_vfio_user_transport,
4847 : transport);
4848 :
4849 0 : if (in_interrupt_mode(vu_transport)) {
4850 0 : vfio_user_poll_group_del_intr(vu_group);
4851 0 : }
4852 :
4853 0 : pthread_mutex_lock(&vu_transport->pg_lock);
4854 0 : next_tgroup = TAILQ_NEXT(vu_group, link);
4855 0 : TAILQ_REMOVE(&vu_transport->poll_groups, vu_group, link);
4856 0 : if (next_tgroup == NULL) {
4857 0 : next_tgroup = TAILQ_FIRST(&vu_transport->poll_groups);
4858 0 : }
4859 0 : if (vu_transport->next_pg == vu_group) {
4860 0 : vu_transport->next_pg = next_tgroup;
4861 0 : }
4862 0 : pthread_mutex_unlock(&vu_transport->pg_lock);
4863 :
4864 0 : free(vu_group);
4865 0 : }
4866 :
4867 : static void
4868 0 : _vfio_user_qpair_disconnect(void *ctx)
4869 : {
4870 0 : struct nvmf_vfio_user_sq *sq = ctx;
4871 :
4872 0 : spdk_nvmf_qpair_disconnect(&sq->qpair);
4873 0 : }
4874 :
4875 : /* The function is used when socket connection is destroyed */
4876 : static int
4877 0 : vfio_user_destroy_ctrlr(struct nvmf_vfio_user_ctrlr *ctrlr)
4878 : {
4879 0 : struct nvmf_vfio_user_sq *sq;
4880 0 : struct nvmf_vfio_user_endpoint *endpoint;
4881 :
4882 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s stop processing\n", ctrlr_id(ctrlr));
4883 :
4884 0 : endpoint = ctrlr->endpoint;
4885 0 : assert(endpoint != NULL);
4886 :
4887 0 : pthread_mutex_lock(&endpoint->lock);
4888 0 : endpoint->need_relisten = true;
4889 0 : ctrlr->disconnect = true;
4890 0 : if (TAILQ_EMPTY(&ctrlr->connected_sqs)) {
4891 0 : endpoint->ctrlr = NULL;
4892 0 : free_ctrlr(ctrlr);
4893 0 : pthread_mutex_unlock(&endpoint->lock);
4894 0 : return 0;
4895 : }
4896 :
4897 0 : TAILQ_FOREACH(sq, &ctrlr->connected_sqs, tailq) {
4898 : /* add another round thread poll to avoid recursive endpoint lock */
4899 0 : spdk_thread_send_msg(ctrlr->thread, _vfio_user_qpair_disconnect, sq);
4900 0 : }
4901 0 : pthread_mutex_unlock(&endpoint->lock);
4902 :
4903 0 : return 0;
4904 0 : }
4905 :
4906 : /*
4907 : * Poll for and process any incoming vfio-user messages.
4908 : */
4909 : static int
4910 0 : vfio_user_poll_vfu_ctx(void *ctx)
4911 : {
4912 0 : struct nvmf_vfio_user_ctrlr *ctrlr = ctx;
4913 0 : int ret;
4914 :
4915 0 : assert(ctrlr != NULL);
4916 :
4917 : /* This will call access_bar0_fn() if there are any writes
4918 : * to the portion of the BAR that is not mmap'd */
4919 0 : ret = vfu_run_ctx(ctrlr->endpoint->vfu_ctx);
4920 0 : if (spdk_unlikely(ret == -1)) {
4921 0 : if (errno == EBUSY) {
4922 0 : return SPDK_POLLER_IDLE;
4923 : }
4924 :
4925 0 : spdk_poller_unregister(&ctrlr->vfu_ctx_poller);
4926 :
4927 : /*
4928 : * We lost the client; the reset callback will already have
4929 : * unregistered the interrupt.
4930 : */
4931 0 : if (errno == ENOTCONN) {
4932 0 : vfio_user_destroy_ctrlr(ctrlr);
4933 0 : return SPDK_POLLER_BUSY;
4934 : }
4935 :
4936 : /*
4937 : * We might not have got a reset callback in this case, so
4938 : * explicitly unregister the interrupt here.
4939 : */
4940 0 : spdk_interrupt_unregister(&ctrlr->intr);
4941 0 : ctrlr->intr_fd = -1;
4942 0 : fail_ctrlr(ctrlr);
4943 0 : }
4944 :
4945 0 : return ret != 0 ? SPDK_POLLER_BUSY : SPDK_POLLER_IDLE;
4946 0 : }
4947 :
4948 : struct vfio_user_post_cpl_ctx {
4949 : struct nvmf_vfio_user_ctrlr *ctrlr;
4950 : struct nvmf_vfio_user_cq *cq;
4951 : struct spdk_nvme_cpl cpl;
4952 : };
4953 :
4954 : static void
4955 0 : _post_completion_msg(void *ctx)
4956 : {
4957 0 : struct vfio_user_post_cpl_ctx *cpl_ctx = ctx;
4958 :
4959 0 : post_completion(cpl_ctx->ctrlr, cpl_ctx->cq, cpl_ctx->cpl.cdw0, cpl_ctx->cpl.sqid,
4960 0 : cpl_ctx->cpl.cid, cpl_ctx->cpl.status.sc, cpl_ctx->cpl.status.sct);
4961 0 : free(cpl_ctx);
4962 0 : }
4963 :
4964 : static int nvmf_vfio_user_poll_group_poll(struct spdk_nvmf_transport_poll_group *group);
4965 :
4966 : static int
4967 0 : vfio_user_poll_group_process(void *ctx)
4968 : {
4969 0 : struct nvmf_vfio_user_poll_group *vu_group = ctx;
4970 0 : int ret = 0;
4971 :
4972 0 : SPDK_DEBUGLOG(vfio_user_db, "pg:%p got intr\n", vu_group);
4973 :
4974 0 : ret |= nvmf_vfio_user_poll_group_poll(&vu_group->group);
4975 :
4976 : /*
4977 : * Re-arm the event indexes. NB: this also could rearm other
4978 : * controller's SQs.
4979 : */
4980 0 : ret |= vfio_user_poll_group_rearm(vu_group);
4981 :
4982 0 : vu_group->stats.pg_process_count++;
4983 0 : return ret != 0 ? SPDK_POLLER_BUSY : SPDK_POLLER_IDLE;
4984 0 : }
4985 :
4986 : static int
4987 0 : vfio_user_poll_group_intr(void *ctx)
4988 : {
4989 0 : struct nvmf_vfio_user_poll_group *vu_group = ctx;
4990 0 : eventfd_t val;
4991 :
4992 0 : eventfd_read(vu_group->intr_fd, &val);
4993 :
4994 0 : vu_group->stats.intr++;
4995 :
4996 0 : return vfio_user_poll_group_process(ctx);
4997 0 : }
4998 :
4999 : /*
5000 : * Handle an interrupt for the given controller: we must poll the vfu_ctx, and
5001 : * the SQs assigned to our own poll group. Other poll groups are handled via
5002 : * vfio_user_poll_group_intr().
5003 : */
5004 : static int
5005 0 : vfio_user_ctrlr_intr(void *ctx)
5006 : {
5007 0 : struct nvmf_vfio_user_poll_group *vu_ctrlr_group;
5008 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr = ctx;
5009 0 : struct nvmf_vfio_user_poll_group *vu_group;
5010 0 : int ret = SPDK_POLLER_IDLE;
5011 :
5012 0 : vu_ctrlr_group = ctrlr_to_poll_group(vu_ctrlr);
5013 :
5014 0 : SPDK_DEBUGLOG(vfio_user_db, "ctrlr pg:%p got intr\n", vu_ctrlr_group);
5015 :
5016 0 : vu_ctrlr_group->stats.ctrlr_intr++;
5017 :
5018 : /*
5019 : * Poll vfio-user for this controller. We need to do this before polling
5020 : * any SQs, as this is where doorbell writes may be handled.
5021 : */
5022 0 : ret = vfio_user_poll_vfu_ctx(vu_ctrlr);
5023 :
5024 : /*
5025 : * `sqs[0]` could be set to NULL in vfio_user_poll_vfu_ctx() context,
5026 : * just return for this case.
5027 : */
5028 0 : if (vu_ctrlr->sqs[0] == NULL) {
5029 0 : return ret;
5030 : }
5031 :
5032 0 : if (vu_ctrlr->transport->transport_opts.enable_intr_mode_sq_spreading) {
5033 : /*
5034 : * We may have just written to a doorbell owned by another
5035 : * reactor: we need to prod them to make sure its SQs are polled
5036 : * *after* the doorbell value is updated.
5037 : */
5038 0 : TAILQ_FOREACH(vu_group, &vu_ctrlr->transport->poll_groups, link) {
5039 0 : if (vu_group != vu_ctrlr_group) {
5040 0 : SPDK_DEBUGLOG(vfio_user_db, "prodding pg:%p\n", vu_group);
5041 0 : eventfd_write(vu_group->intr_fd, 1);
5042 0 : }
5043 0 : }
5044 0 : }
5045 :
5046 0 : ret |= vfio_user_poll_group_process(vu_ctrlr_group);
5047 :
5048 0 : return ret;
5049 0 : }
5050 :
5051 : static void
5052 0 : vfio_user_ctrlr_set_intr_mode(struct spdk_poller *poller, void *ctx,
5053 : bool interrupt_mode)
5054 : {
5055 0 : struct nvmf_vfio_user_ctrlr *ctrlr = ctx;
5056 0 : assert(ctrlr != NULL);
5057 0 : assert(ctrlr->endpoint != NULL);
5058 :
5059 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: setting interrupt mode to %d\n",
5060 : ctrlr_id(ctrlr), interrupt_mode);
5061 :
5062 : /*
5063 : * interrupt_mode needs to persist across controller resets, so store
5064 : * it in the endpoint instead.
5065 : */
5066 0 : ctrlr->endpoint->interrupt_mode = interrupt_mode;
5067 :
5068 0 : vfio_user_poll_group_rearm(ctrlr_to_poll_group(ctrlr));
5069 0 : }
5070 :
5071 : /*
5072 : * In response to the nvmf_vfio_user_create_ctrlr() path, the admin queue is now
5073 : * set up and we can start operating on this controller.
5074 : */
5075 : static void
5076 0 : start_ctrlr(struct nvmf_vfio_user_ctrlr *vu_ctrlr,
5077 : struct spdk_nvmf_ctrlr *ctrlr)
5078 : {
5079 0 : struct nvmf_vfio_user_endpoint *endpoint = vu_ctrlr->endpoint;
5080 :
5081 0 : vu_ctrlr->ctrlr = ctrlr;
5082 0 : vu_ctrlr->cntlid = ctrlr->cntlid;
5083 0 : vu_ctrlr->thread = spdk_get_thread();
5084 0 : vu_ctrlr->state = VFIO_USER_CTRLR_RUNNING;
5085 :
5086 0 : if (!in_interrupt_mode(endpoint->transport)) {
5087 0 : vu_ctrlr->vfu_ctx_poller = SPDK_POLLER_REGISTER(vfio_user_poll_vfu_ctx,
5088 : vu_ctrlr, 1000);
5089 0 : return;
5090 : }
5091 :
5092 0 : vu_ctrlr->vfu_ctx_poller = SPDK_POLLER_REGISTER(vfio_user_poll_vfu_ctx,
5093 : vu_ctrlr, 0);
5094 :
5095 0 : vu_ctrlr->intr_fd = vfu_get_poll_fd(vu_ctrlr->endpoint->vfu_ctx);
5096 0 : assert(vu_ctrlr->intr_fd != -1);
5097 :
5098 0 : vu_ctrlr->intr = SPDK_INTERRUPT_REGISTER(vu_ctrlr->intr_fd,
5099 : vfio_user_ctrlr_intr, vu_ctrlr);
5100 :
5101 0 : assert(vu_ctrlr->intr != NULL);
5102 :
5103 0 : spdk_poller_register_interrupt(vu_ctrlr->vfu_ctx_poller,
5104 : vfio_user_ctrlr_set_intr_mode,
5105 0 : vu_ctrlr);
5106 0 : }
5107 :
5108 : static int
5109 0 : handle_queue_connect_rsp(struct nvmf_vfio_user_req *req, void *cb_arg)
5110 : {
5111 0 : struct nvmf_vfio_user_poll_group *vu_group;
5112 0 : struct nvmf_vfio_user_sq *sq = cb_arg;
5113 0 : struct nvmf_vfio_user_cq *admin_cq;
5114 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr;
5115 0 : struct nvmf_vfio_user_endpoint *endpoint;
5116 :
5117 0 : assert(sq != NULL);
5118 0 : assert(req != NULL);
5119 :
5120 0 : vu_ctrlr = sq->ctrlr;
5121 0 : assert(vu_ctrlr != NULL);
5122 0 : endpoint = vu_ctrlr->endpoint;
5123 0 : assert(endpoint != NULL);
5124 :
5125 0 : if (spdk_nvme_cpl_is_error(&req->req.rsp->nvme_cpl)) {
5126 0 : SPDK_ERRLOG("SC %u, SCT %u\n", req->req.rsp->nvme_cpl.status.sc, req->req.rsp->nvme_cpl.status.sct);
5127 0 : endpoint->ctrlr = NULL;
5128 0 : free_ctrlr(vu_ctrlr);
5129 0 : return -1;
5130 : }
5131 :
5132 0 : vu_group = SPDK_CONTAINEROF(sq->group, struct nvmf_vfio_user_poll_group, group);
5133 0 : TAILQ_INSERT_TAIL(&vu_group->sqs, sq, link);
5134 :
5135 0 : admin_cq = vu_ctrlr->cqs[0];
5136 0 : assert(admin_cq != NULL);
5137 0 : assert(admin_cq->group != NULL);
5138 0 : assert(admin_cq->group->group->thread != NULL);
5139 :
5140 0 : pthread_mutex_lock(&endpoint->lock);
5141 0 : if (nvmf_qpair_is_admin_queue(&sq->qpair)) {
5142 0 : assert(admin_cq->group->group->thread == spdk_get_thread());
5143 : /*
5144 : * The admin queue is special as SQ0 and CQ0 are created
5145 : * together.
5146 : */
5147 0 : admin_cq->cq_ref = 1;
5148 0 : start_ctrlr(vu_ctrlr, sq->qpair.ctrlr);
5149 0 : } else {
5150 : /* For I/O queues this command was generated in response to an
5151 : * ADMIN I/O CREATE SUBMISSION QUEUE command which has not yet
5152 : * been completed. Complete it now.
5153 : */
5154 0 : if (sq->post_create_io_sq_completion) {
5155 0 : if (admin_cq->group->group->thread != spdk_get_thread()) {
5156 0 : struct vfio_user_post_cpl_ctx *cpl_ctx;
5157 :
5158 0 : cpl_ctx = calloc(1, sizeof(*cpl_ctx));
5159 0 : if (!cpl_ctx) {
5160 0 : return -ENOMEM;
5161 : }
5162 0 : cpl_ctx->ctrlr = vu_ctrlr;
5163 0 : cpl_ctx->cq = admin_cq;
5164 0 : cpl_ctx->cpl.sqid = 0;
5165 0 : cpl_ctx->cpl.cdw0 = 0;
5166 0 : cpl_ctx->cpl.cid = sq->create_io_sq_cmd.cid;
5167 0 : cpl_ctx->cpl.status.sc = SPDK_NVME_SC_SUCCESS;
5168 0 : cpl_ctx->cpl.status.sct = SPDK_NVME_SCT_GENERIC;
5169 :
5170 0 : spdk_thread_send_msg(admin_cq->group->group->thread,
5171 : _post_completion_msg,
5172 0 : cpl_ctx);
5173 0 : } else {
5174 0 : post_completion(vu_ctrlr, admin_cq, 0, 0,
5175 0 : sq->create_io_sq_cmd.cid, SPDK_NVME_SC_SUCCESS, SPDK_NVME_SCT_GENERIC);
5176 : }
5177 0 : sq->post_create_io_sq_completion = false;
5178 0 : } else if (in_interrupt_mode(endpoint->transport)) {
5179 : /*
5180 : * If we're live migrating a guest, there is a window
5181 : * where the I/O queues haven't been set up but the
5182 : * device is in running state, during which the guest
5183 : * might write to a doorbell. This doorbell write will
5184 : * go unnoticed, so let's poll the whole controller to
5185 : * pick that up.
5186 : */
5187 0 : ctrlr_kick(vu_ctrlr);
5188 0 : }
5189 0 : sq->sq_state = VFIO_USER_SQ_ACTIVE;
5190 : }
5191 :
5192 0 : TAILQ_INSERT_TAIL(&vu_ctrlr->connected_sqs, sq, tailq);
5193 0 : pthread_mutex_unlock(&endpoint->lock);
5194 :
5195 0 : free(req->req.iov[0].iov_base);
5196 0 : req->req.iov[0].iov_base = NULL;
5197 0 : req->req.iovcnt = 0;
5198 :
5199 0 : return 0;
5200 0 : }
5201 :
5202 : static void
5203 0 : _nvmf_vfio_user_poll_group_add(void *req)
5204 : {
5205 0 : spdk_nvmf_request_exec(req);
5206 0 : }
5207 :
5208 : /*
5209 : * Add the given qpair to the given poll group. New qpairs are added via
5210 : * spdk_nvmf_tgt_new_qpair(), which picks a poll group via
5211 : * nvmf_vfio_user_get_optimal_poll_group(), then calls back here via
5212 : * nvmf_transport_poll_group_add().
5213 : */
5214 : static int
5215 0 : nvmf_vfio_user_poll_group_add(struct spdk_nvmf_transport_poll_group *group,
5216 : struct spdk_nvmf_qpair *qpair)
5217 : {
5218 0 : struct nvmf_vfio_user_sq *sq;
5219 0 : struct nvmf_vfio_user_req *vu_req;
5220 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
5221 0 : struct spdk_nvmf_request *req;
5222 0 : struct spdk_nvmf_fabric_connect_data *data;
5223 0 : bool admin;
5224 :
5225 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
5226 0 : sq->group = group;
5227 0 : ctrlr = sq->ctrlr;
5228 :
5229 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: add QP%d=%p(%p) to poll_group=%p\n",
5230 : ctrlr_id(ctrlr), sq->qpair.qid,
5231 : sq, qpair, group);
5232 :
5233 0 : admin = nvmf_qpair_is_admin_queue(&sq->qpair);
5234 :
5235 0 : vu_req = get_nvmf_vfio_user_req(sq);
5236 0 : if (vu_req == NULL) {
5237 0 : return -1;
5238 : }
5239 :
5240 0 : req = &vu_req->req;
5241 0 : req->cmd->connect_cmd.opcode = SPDK_NVME_OPC_FABRIC;
5242 0 : req->cmd->connect_cmd.cid = 0;
5243 0 : req->cmd->connect_cmd.fctype = SPDK_NVMF_FABRIC_COMMAND_CONNECT;
5244 0 : req->cmd->connect_cmd.recfmt = 0;
5245 0 : req->cmd->connect_cmd.sqsize = sq->size - 1;
5246 0 : req->cmd->connect_cmd.qid = admin ? 0 : qpair->qid;
5247 :
5248 0 : req->length = sizeof(struct spdk_nvmf_fabric_connect_data);
5249 :
5250 0 : data = calloc(1, req->length);
5251 0 : if (data == NULL) {
5252 0 : nvmf_vfio_user_req_free(req);
5253 0 : return -ENOMEM;
5254 : }
5255 :
5256 0 : SPDK_IOV_ONE(req->iov, &req->iovcnt, data, req->length);
5257 :
5258 0 : data->cntlid = ctrlr->cntlid;
5259 0 : snprintf(data->subnqn, sizeof(data->subnqn), "%s",
5260 0 : spdk_nvmf_subsystem_get_nqn(ctrlr->endpoint->subsystem));
5261 :
5262 0 : vu_req->cb_fn = handle_queue_connect_rsp;
5263 0 : vu_req->cb_arg = sq;
5264 :
5265 0 : SPDK_DEBUGLOG(nvmf_vfio,
5266 : "%s: sending connect fabrics command for qid:%#x cntlid=%#x\n",
5267 : ctrlr_id(ctrlr), qpair->qid, data->cntlid);
5268 :
5269 : /*
5270 : * By the time transport's poll_group_add() callback is executed, the
5271 : * qpair isn't in the ACTIVE state yet, so spdk_nvmf_request_exec()
5272 : * would fail. The state changes to ACTIVE immediately after the
5273 : * callback finishes, so delay spdk_nvmf_request_exec() by sending a
5274 : * message.
5275 : */
5276 0 : spdk_thread_send_msg(spdk_get_thread(), _nvmf_vfio_user_poll_group_add, req);
5277 0 : return 0;
5278 0 : }
5279 :
5280 : static int
5281 0 : nvmf_vfio_user_poll_group_remove(struct spdk_nvmf_transport_poll_group *group,
5282 : struct spdk_nvmf_qpair *qpair)
5283 : {
5284 0 : struct nvmf_vfio_user_sq *sq;
5285 0 : struct nvmf_vfio_user_poll_group *vu_group;
5286 :
5287 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
5288 :
5289 0 : SPDK_DEBUGLOG(nvmf_vfio,
5290 : "%s: remove NVMf QP%d=%p from NVMf poll_group=%p\n",
5291 : ctrlr_id(sq->ctrlr), qpair->qid, qpair, group);
5292 :
5293 :
5294 0 : vu_group = SPDK_CONTAINEROF(group, struct nvmf_vfio_user_poll_group, group);
5295 0 : TAILQ_REMOVE(&vu_group->sqs, sq, link);
5296 :
5297 0 : return 0;
5298 0 : }
5299 :
5300 : static void
5301 0 : _nvmf_vfio_user_req_free(struct nvmf_vfio_user_sq *sq, struct nvmf_vfio_user_req *vu_req)
5302 : {
5303 0 : memset(&vu_req->cmd, 0, sizeof(vu_req->cmd));
5304 0 : memset(&vu_req->rsp, 0, sizeof(vu_req->rsp));
5305 0 : vu_req->iovcnt = 0;
5306 0 : vu_req->req.iovcnt = 0;
5307 0 : vu_req->req.length = 0;
5308 0 : vu_req->state = VFIO_USER_REQUEST_STATE_FREE;
5309 :
5310 0 : TAILQ_INSERT_TAIL(&sq->free_reqs, vu_req, link);
5311 0 : }
5312 :
5313 : static int
5314 0 : nvmf_vfio_user_req_free(struct spdk_nvmf_request *req)
5315 : {
5316 0 : struct nvmf_vfio_user_sq *sq;
5317 0 : struct nvmf_vfio_user_req *vu_req;
5318 :
5319 0 : assert(req != NULL);
5320 :
5321 0 : vu_req = SPDK_CONTAINEROF(req, struct nvmf_vfio_user_req, req);
5322 0 : sq = SPDK_CONTAINEROF(req->qpair, struct nvmf_vfio_user_sq, qpair);
5323 :
5324 0 : _nvmf_vfio_user_req_free(sq, vu_req);
5325 :
5326 0 : return 0;
5327 0 : }
5328 :
5329 : static int
5330 0 : nvmf_vfio_user_req_complete(struct spdk_nvmf_request *req)
5331 : {
5332 0 : struct nvmf_vfio_user_sq *sq;
5333 0 : struct nvmf_vfio_user_req *vu_req;
5334 :
5335 0 : assert(req != NULL);
5336 :
5337 0 : vu_req = SPDK_CONTAINEROF(req, struct nvmf_vfio_user_req, req);
5338 0 : sq = SPDK_CONTAINEROF(req->qpair, struct nvmf_vfio_user_sq, qpair);
5339 :
5340 0 : if (vu_req->cb_fn != NULL) {
5341 0 : if (vu_req->cb_fn(vu_req, vu_req->cb_arg) != 0) {
5342 0 : fail_ctrlr(sq->ctrlr);
5343 0 : }
5344 0 : }
5345 :
5346 0 : _nvmf_vfio_user_req_free(sq, vu_req);
5347 :
5348 0 : return 0;
5349 0 : }
5350 :
5351 : static void
5352 0 : nvmf_vfio_user_close_qpair(struct spdk_nvmf_qpair *qpair,
5353 : spdk_nvmf_transport_qpair_fini_cb cb_fn, void *cb_arg)
5354 : {
5355 0 : struct nvmf_vfio_user_sq *sq;
5356 0 : struct nvmf_vfio_user_ctrlr *vu_ctrlr;
5357 0 : struct nvmf_vfio_user_endpoint *endpoint;
5358 0 : struct vfio_user_delete_sq_ctx *del_ctx;
5359 :
5360 0 : assert(qpair != NULL);
5361 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
5362 0 : vu_ctrlr = sq->ctrlr;
5363 0 : endpoint = vu_ctrlr->endpoint;
5364 0 : del_ctx = sq->delete_ctx;
5365 0 : sq->delete_ctx = NULL;
5366 :
5367 0 : pthread_mutex_lock(&endpoint->lock);
5368 0 : TAILQ_REMOVE(&vu_ctrlr->connected_sqs, sq, tailq);
5369 0 : delete_sq_done(vu_ctrlr, sq);
5370 0 : if (TAILQ_EMPTY(&vu_ctrlr->connected_sqs)) {
5371 0 : endpoint->ctrlr = NULL;
5372 0 : if (vu_ctrlr->in_source_vm && endpoint->need_resume) {
5373 : /* The controller will be freed, we can resume the subsystem
5374 : * now so that the endpoint can be ready to accept another
5375 : * new connection.
5376 : */
5377 0 : spdk_nvmf_subsystem_resume((struct spdk_nvmf_subsystem *)endpoint->subsystem,
5378 0 : vfio_user_endpoint_resume_done, endpoint);
5379 0 : }
5380 0 : free_ctrlr(vu_ctrlr);
5381 0 : }
5382 0 : pthread_mutex_unlock(&endpoint->lock);
5383 :
5384 0 : if (del_ctx) {
5385 0 : vfio_user_qpair_delete_cb(del_ctx);
5386 0 : }
5387 :
5388 0 : if (cb_fn) {
5389 0 : cb_fn(cb_arg);
5390 0 : }
5391 0 : }
5392 :
5393 : /**
5394 : * Returns a preallocated request, or NULL if there isn't one available.
5395 : */
5396 : static struct nvmf_vfio_user_req *
5397 0 : get_nvmf_vfio_user_req(struct nvmf_vfio_user_sq *sq)
5398 : {
5399 0 : struct nvmf_vfio_user_req *req;
5400 :
5401 0 : if (sq == NULL) {
5402 0 : return NULL;
5403 : }
5404 :
5405 0 : req = TAILQ_FIRST(&sq->free_reqs);
5406 0 : if (req == NULL) {
5407 0 : return NULL;
5408 : }
5409 :
5410 0 : TAILQ_REMOVE(&sq->free_reqs, req, link);
5411 :
5412 0 : return req;
5413 0 : }
5414 :
5415 : static int
5416 0 : get_nvmf_io_req_length(struct spdk_nvmf_request *req)
5417 : {
5418 0 : uint16_t nr;
5419 0 : uint32_t nlb, nsid;
5420 0 : struct spdk_nvme_cmd *cmd = &req->cmd->nvme_cmd;
5421 0 : struct spdk_nvmf_ctrlr *ctrlr = req->qpair->ctrlr;
5422 0 : struct spdk_nvmf_ns *ns;
5423 :
5424 0 : nsid = cmd->nsid;
5425 0 : ns = _nvmf_subsystem_get_ns(ctrlr->subsys, nsid);
5426 0 : if (ns == NULL || ns->bdev == NULL) {
5427 0 : SPDK_ERRLOG("unsuccessful query for nsid %u\n", cmd->nsid);
5428 0 : return -EINVAL;
5429 : }
5430 :
5431 0 : if (cmd->opc == SPDK_NVME_OPC_DATASET_MANAGEMENT) {
5432 0 : nr = cmd->cdw10_bits.dsm.nr + 1;
5433 0 : return nr * sizeof(struct spdk_nvme_dsm_range);
5434 : }
5435 :
5436 0 : if (cmd->opc == SPDK_NVME_OPC_COPY) {
5437 0 : nr = (cmd->cdw12 & 0x000000ffu) + 1;
5438 0 : return nr * sizeof(struct spdk_nvme_scc_source_range);
5439 : }
5440 :
5441 0 : nlb = (cmd->cdw12 & 0x0000ffffu) + 1;
5442 0 : return nlb * spdk_bdev_desc_get_block_size(ns->desc);
5443 0 : }
5444 :
5445 : static int
5446 0 : map_admin_cmd_req(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvmf_request *req)
5447 : {
5448 0 : struct spdk_nvme_cmd *cmd = &req->cmd->nvme_cmd;
5449 0 : uint32_t len = 0, numdw = 0;
5450 0 : uint8_t fid;
5451 0 : int iovcnt;
5452 :
5453 0 : req->xfer = spdk_nvme_opc_get_data_transfer(cmd->opc);
5454 :
5455 0 : if (req->xfer == SPDK_NVME_DATA_NONE) {
5456 0 : return 0;
5457 : }
5458 :
5459 0 : switch (cmd->opc) {
5460 : case SPDK_NVME_OPC_IDENTIFY:
5461 0 : len = 4096;
5462 0 : break;
5463 : case SPDK_NVME_OPC_GET_LOG_PAGE:
5464 0 : numdw = ((((uint32_t)cmd->cdw11_bits.get_log_page.numdu << 16) |
5465 0 : cmd->cdw10_bits.get_log_page.numdl) + 1);
5466 0 : if (numdw > UINT32_MAX / 4) {
5467 0 : return -EINVAL;
5468 : }
5469 0 : len = numdw * 4;
5470 0 : break;
5471 : case SPDK_NVME_OPC_GET_FEATURES:
5472 : case SPDK_NVME_OPC_SET_FEATURES:
5473 0 : fid = cmd->cdw10_bits.set_features.fid;
5474 0 : switch (fid) {
5475 : case SPDK_NVME_FEAT_LBA_RANGE_TYPE:
5476 0 : len = 4096;
5477 0 : break;
5478 : case SPDK_NVME_FEAT_AUTONOMOUS_POWER_STATE_TRANSITION:
5479 0 : len = 256;
5480 0 : break;
5481 : case SPDK_NVME_FEAT_TIMESTAMP:
5482 0 : len = 8;
5483 0 : break;
5484 : case SPDK_NVME_FEAT_HOST_BEHAVIOR_SUPPORT:
5485 0 : len = 512;
5486 0 : break;
5487 : case SPDK_NVME_FEAT_HOST_IDENTIFIER:
5488 0 : if (cmd->cdw11_bits.feat_host_identifier.bits.exhid) {
5489 0 : len = 16;
5490 0 : } else {
5491 0 : len = 8;
5492 : }
5493 0 : break;
5494 : default:
5495 0 : return 0;
5496 : }
5497 0 : break;
5498 : case SPDK_NVME_OPC_FABRIC:
5499 0 : return -ENOTSUP;
5500 : default:
5501 0 : return 0;
5502 : }
5503 :
5504 : /* ADMIN command will not use SGL */
5505 0 : if (cmd->psdt != 0) {
5506 0 : return -EINVAL;
5507 : }
5508 :
5509 0 : iovcnt = vfio_user_map_cmd(ctrlr, req, req->iov, len);
5510 0 : if (iovcnt < 0) {
5511 0 : SPDK_ERRLOG("%s: map Admin Opc %x failed\n",
5512 : ctrlr_id(ctrlr), cmd->opc);
5513 0 : return -1;
5514 : }
5515 0 : req->length = len;
5516 0 : req->iovcnt = iovcnt;
5517 :
5518 0 : return 0;
5519 0 : }
5520 :
5521 : /*
5522 : * Map an I/O command's buffers.
5523 : *
5524 : * Returns 0 on success and -errno on failure.
5525 : */
5526 : static int
5527 0 : map_io_cmd_req(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvmf_request *req)
5528 : {
5529 0 : int len, iovcnt;
5530 0 : struct spdk_nvme_cmd *cmd;
5531 :
5532 0 : assert(ctrlr != NULL);
5533 0 : assert(req != NULL);
5534 :
5535 0 : cmd = &req->cmd->nvme_cmd;
5536 0 : req->xfer = spdk_nvme_opc_get_data_transfer(cmd->opc);
5537 :
5538 0 : if (spdk_unlikely(req->xfer == SPDK_NVME_DATA_NONE)) {
5539 0 : return 0;
5540 : }
5541 :
5542 0 : len = get_nvmf_io_req_length(req);
5543 0 : if (len < 0) {
5544 0 : return -EINVAL;
5545 : }
5546 0 : req->length = len;
5547 :
5548 0 : iovcnt = vfio_user_map_cmd(ctrlr, req, req->iov, req->length);
5549 0 : if (iovcnt < 0) {
5550 0 : SPDK_ERRLOG("%s: failed to map IO OPC %u\n", ctrlr_id(ctrlr), cmd->opc);
5551 0 : return -EFAULT;
5552 : }
5553 0 : req->iovcnt = iovcnt;
5554 :
5555 0 : return 0;
5556 0 : }
5557 :
5558 : static int
5559 0 : handle_cmd_req(struct nvmf_vfio_user_ctrlr *ctrlr, struct spdk_nvme_cmd *cmd,
5560 : struct nvmf_vfio_user_sq *sq)
5561 : {
5562 0 : int err;
5563 0 : struct nvmf_vfio_user_req *vu_req;
5564 0 : struct spdk_nvmf_request *req;
5565 :
5566 0 : assert(ctrlr != NULL);
5567 0 : assert(cmd != NULL);
5568 :
5569 0 : vu_req = get_nvmf_vfio_user_req(sq);
5570 0 : if (spdk_unlikely(vu_req == NULL)) {
5571 0 : SPDK_ERRLOG("%s: no request for NVMe command opc 0x%x\n", ctrlr_id(ctrlr), cmd->opc);
5572 0 : return post_completion(ctrlr, ctrlr->cqs[sq->cqid], 0, 0, cmd->cid,
5573 : SPDK_NVME_SC_INTERNAL_DEVICE_ERROR, SPDK_NVME_SCT_GENERIC);
5574 :
5575 : }
5576 0 : req = &vu_req->req;
5577 :
5578 0 : assert(req->qpair != NULL);
5579 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: handle sqid:%u, req opc=%#x cid=%d\n",
5580 : ctrlr_id(ctrlr), req->qpair->qid, cmd->opc, cmd->cid);
5581 :
5582 0 : vu_req->cb_fn = handle_cmd_rsp;
5583 0 : vu_req->cb_arg = SPDK_CONTAINEROF(req->qpair, struct nvmf_vfio_user_sq, qpair);
5584 0 : req->cmd->nvme_cmd = *cmd;
5585 :
5586 0 : if (nvmf_qpair_is_admin_queue(req->qpair)) {
5587 0 : err = map_admin_cmd_req(ctrlr, req);
5588 0 : } else {
5589 0 : switch (cmd->opc) {
5590 : case SPDK_NVME_OPC_RESERVATION_REGISTER:
5591 : case SPDK_NVME_OPC_RESERVATION_REPORT:
5592 : case SPDK_NVME_OPC_RESERVATION_ACQUIRE:
5593 : case SPDK_NVME_OPC_RESERVATION_RELEASE:
5594 : case SPDK_NVME_OPC_FABRIC:
5595 0 : err = -ENOTSUP;
5596 0 : break;
5597 : default:
5598 0 : err = map_io_cmd_req(ctrlr, req);
5599 0 : break;
5600 : }
5601 : }
5602 :
5603 0 : if (spdk_unlikely(err < 0)) {
5604 0 : SPDK_ERRLOG("%s: process NVMe command opc 0x%x failed\n",
5605 : ctrlr_id(ctrlr), cmd->opc);
5606 0 : req->rsp->nvme_cpl.status.sct = SPDK_NVME_SCT_GENERIC;
5607 0 : req->rsp->nvme_cpl.status.sc = err == -ENOTSUP ?
5608 : SPDK_NVME_SC_INVALID_OPCODE :
5609 : SPDK_NVME_SC_INTERNAL_DEVICE_ERROR;
5610 0 : err = handle_cmd_rsp(vu_req, vu_req->cb_arg);
5611 0 : _nvmf_vfio_user_req_free(sq, vu_req);
5612 0 : return err;
5613 : }
5614 :
5615 0 : vu_req->state = VFIO_USER_REQUEST_STATE_EXECUTING;
5616 0 : spdk_nvmf_request_exec(req);
5617 :
5618 0 : return 0;
5619 0 : }
5620 :
5621 : /*
5622 : * If we suppressed an IRQ in post_completion(), check if it needs to be fired
5623 : * here: if the host isn't up to date, and is apparently not actively processing
5624 : * the queue (i.e. ->last_head isn't changing), we need an IRQ.
5625 : */
5626 : static void
5627 0 : handle_suppressed_irq(struct nvmf_vfio_user_ctrlr *ctrlr,
5628 : struct nvmf_vfio_user_sq *sq)
5629 : {
5630 0 : struct nvmf_vfio_user_cq *cq = ctrlr->cqs[sq->cqid];
5631 0 : uint32_t cq_head;
5632 0 : uint32_t cq_tail;
5633 :
5634 0 : if (!cq->ien || cq->qid == 0 || !ctrlr_interrupt_enabled(ctrlr)) {
5635 0 : return;
5636 : }
5637 :
5638 0 : cq_tail = *cq_tailp(cq);
5639 :
5640 : /* Already sent? */
5641 0 : if (cq_tail == cq->last_trigger_irq_tail) {
5642 0 : return;
5643 : }
5644 :
5645 : spdk_ivdt_dcache(cq_dbl_headp(cq));
5646 0 : cq_head = *cq_dbl_headp(cq);
5647 :
5648 0 : if (cq_head != cq_tail && cq_head == cq->last_head) {
5649 0 : int err = vfu_irq_trigger(ctrlr->endpoint->vfu_ctx, cq->iv);
5650 0 : if (err != 0) {
5651 0 : SPDK_ERRLOG("%s: failed to trigger interrupt: %m\n",
5652 : ctrlr_id(ctrlr));
5653 0 : } else {
5654 0 : cq->last_trigger_irq_tail = cq_tail;
5655 : }
5656 0 : }
5657 :
5658 0 : cq->last_head = cq_head;
5659 0 : }
5660 :
5661 : /* Returns the number of commands processed, or a negative value on error. */
5662 : static int
5663 0 : nvmf_vfio_user_sq_poll(struct nvmf_vfio_user_sq *sq)
5664 : {
5665 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
5666 0 : uint32_t new_tail;
5667 0 : int count = 0;
5668 :
5669 0 : assert(sq != NULL);
5670 :
5671 0 : ctrlr = sq->ctrlr;
5672 :
5673 : /*
5674 : * A quiesced, or migrating, controller should never process new
5675 : * commands.
5676 : */
5677 0 : if (ctrlr->state != VFIO_USER_CTRLR_RUNNING) {
5678 0 : return SPDK_POLLER_IDLE;
5679 : }
5680 :
5681 0 : if (ctrlr->adaptive_irqs_enabled) {
5682 0 : handle_suppressed_irq(ctrlr, sq);
5683 0 : }
5684 :
5685 : /* On aarch64 platforms, doorbells update from guest VM may not be seen
5686 : * on SPDK target side. This is because there is memory type mismatch
5687 : * situation here. That is on guest VM side, the doorbells are treated as
5688 : * device memory while on SPDK target side, it is treated as normal
5689 : * memory. And this situation cause problem on ARM platform.
5690 : * Refer to "https://developer.arm.com/documentation/102376/0100/
5691 : * Memory-aliasing-and-mismatched-memory-types". Only using spdk_mb()
5692 : * cannot fix this. Use "dc civac" to invalidate cache may solve
5693 : * this.
5694 : */
5695 : spdk_ivdt_dcache(sq_dbl_tailp(sq));
5696 :
5697 : /* Load-Acquire. */
5698 0 : new_tail = *sq_dbl_tailp(sq);
5699 :
5700 0 : new_tail = new_tail & 0xffffu;
5701 0 : if (spdk_unlikely(new_tail >= sq->size)) {
5702 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: invalid sqid:%u doorbell value %u\n", ctrlr_id(ctrlr), sq->qid,
5703 : new_tail);
5704 0 : spdk_nvmf_ctrlr_async_event_error_event(ctrlr->ctrlr, SPDK_NVME_ASYNC_EVENT_INVALID_DB_WRITE);
5705 :
5706 0 : return -1;
5707 : }
5708 :
5709 0 : if (*sq_headp(sq) == new_tail) {
5710 0 : return 0;
5711 : }
5712 :
5713 0 : SPDK_DEBUGLOG(nvmf_vfio, "%s: sqid:%u doorbell old=%u new=%u\n",
5714 : ctrlr_id(ctrlr), sq->qid, *sq_headp(sq), new_tail);
5715 0 : if (ctrlr->sdbl != NULL) {
5716 0 : SPDK_DEBUGLOG(nvmf_vfio,
5717 : "%s: sqid:%u bar0_doorbell=%u shadow_doorbell=%u eventidx=%u\n",
5718 : ctrlr_id(ctrlr), sq->qid,
5719 : ctrlr->bar0_doorbells[queue_index(sq->qid, false)],
5720 : ctrlr->sdbl->shadow_doorbells[queue_index(sq->qid, false)],
5721 : ctrlr->sdbl->eventidxs[queue_index(sq->qid, false)]);
5722 0 : }
5723 :
5724 : /*
5725 : * Ensure that changes to the queue are visible to us.
5726 : * The host driver should write the queue first, do a wmb(), and then
5727 : * update the SQ tail doorbell (their Store-Release).
5728 : */
5729 0 : spdk_rmb();
5730 :
5731 0 : count = handle_sq_tdbl_write(ctrlr, new_tail, sq);
5732 0 : if (spdk_unlikely(count < 0)) {
5733 0 : fail_ctrlr(ctrlr);
5734 0 : }
5735 :
5736 0 : return count;
5737 0 : }
5738 :
5739 : /*
5740 : * vfio-user transport poll handler. Note that the library context is polled in
5741 : * a separate poller (->vfu_ctx_poller), so this poller only needs to poll the
5742 : * active SQs.
5743 : *
5744 : * Returns the number of commands processed, or a negative value on error.
5745 : */
5746 : static int
5747 0 : nvmf_vfio_user_poll_group_poll(struct spdk_nvmf_transport_poll_group *group)
5748 : {
5749 0 : struct nvmf_vfio_user_poll_group *vu_group;
5750 0 : struct nvmf_vfio_user_sq *sq, *tmp;
5751 0 : int count = 0;
5752 :
5753 0 : assert(group != NULL);
5754 :
5755 0 : vu_group = SPDK_CONTAINEROF(group, struct nvmf_vfio_user_poll_group, group);
5756 :
5757 0 : SPDK_DEBUGLOG(vfio_user_db, "polling all SQs\n");
5758 :
5759 0 : TAILQ_FOREACH_SAFE(sq, &vu_group->sqs, link, tmp) {
5760 0 : int ret;
5761 :
5762 0 : if (spdk_unlikely(sq->sq_state != VFIO_USER_SQ_ACTIVE || !sq->size)) {
5763 0 : continue;
5764 : }
5765 :
5766 0 : ret = nvmf_vfio_user_sq_poll(sq);
5767 :
5768 0 : if (spdk_unlikely(ret < 0)) {
5769 0 : return ret;
5770 : }
5771 :
5772 0 : count += ret;
5773 0 : }
5774 :
5775 0 : vu_group->stats.polls++;
5776 0 : vu_group->stats.poll_reqs += count;
5777 0 : vu_group->stats.poll_reqs_squared += count * count;
5778 0 : if (count == 0) {
5779 0 : vu_group->stats.polls_spurious++;
5780 0 : }
5781 :
5782 0 : return count;
5783 0 : }
5784 :
5785 : static int
5786 0 : nvmf_vfio_user_qpair_get_local_trid(struct spdk_nvmf_qpair *qpair,
5787 : struct spdk_nvme_transport_id *trid)
5788 : {
5789 0 : struct nvmf_vfio_user_sq *sq;
5790 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
5791 :
5792 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
5793 0 : ctrlr = sq->ctrlr;
5794 :
5795 0 : memcpy(trid, &ctrlr->endpoint->trid, sizeof(*trid));
5796 0 : return 0;
5797 0 : }
5798 :
5799 : static int
5800 0 : nvmf_vfio_user_qpair_get_peer_trid(struct spdk_nvmf_qpair *qpair,
5801 : struct spdk_nvme_transport_id *trid)
5802 : {
5803 0 : return 0;
5804 : }
5805 :
5806 : static int
5807 0 : nvmf_vfio_user_qpair_get_listen_trid(struct spdk_nvmf_qpair *qpair,
5808 : struct spdk_nvme_transport_id *trid)
5809 : {
5810 0 : struct nvmf_vfio_user_sq *sq;
5811 0 : struct nvmf_vfio_user_ctrlr *ctrlr;
5812 :
5813 0 : sq = SPDK_CONTAINEROF(qpair, struct nvmf_vfio_user_sq, qpair);
5814 0 : ctrlr = sq->ctrlr;
5815 :
5816 0 : memcpy(trid, &ctrlr->endpoint->trid, sizeof(*trid));
5817 0 : return 0;
5818 0 : }
5819 :
5820 : static void
5821 0 : nvmf_vfio_user_qpair_abort_request(struct spdk_nvmf_qpair *qpair,
5822 : struct spdk_nvmf_request *req)
5823 : {
5824 0 : struct spdk_nvmf_request *req_to_abort = NULL;
5825 0 : struct spdk_nvmf_request *temp_req = NULL;
5826 0 : uint16_t cid;
5827 :
5828 0 : cid = req->cmd->nvme_cmd.cdw10_bits.abort.cid;
5829 :
5830 0 : TAILQ_FOREACH(temp_req, &qpair->outstanding, link) {
5831 0 : struct nvmf_vfio_user_req *vu_req;
5832 :
5833 0 : vu_req = SPDK_CONTAINEROF(temp_req, struct nvmf_vfio_user_req, req);
5834 :
5835 0 : if (vu_req->state == VFIO_USER_REQUEST_STATE_EXECUTING && vu_req->cmd.cid == cid) {
5836 0 : req_to_abort = temp_req;
5837 0 : break;
5838 : }
5839 0 : }
5840 :
5841 0 : if (req_to_abort == NULL) {
5842 0 : spdk_nvmf_request_complete(req);
5843 0 : return;
5844 : }
5845 :
5846 0 : req->req_to_abort = req_to_abort;
5847 0 : nvmf_ctrlr_abort_request(req);
5848 0 : }
5849 :
5850 : static void
5851 0 : nvmf_vfio_user_poll_group_dump_stat(struct spdk_nvmf_transport_poll_group *group,
5852 : struct spdk_json_write_ctx *w)
5853 : {
5854 0 : struct nvmf_vfio_user_poll_group *vu_group = SPDK_CONTAINEROF(group,
5855 : struct nvmf_vfio_user_poll_group, group);
5856 0 : uint64_t polls_denom;
5857 :
5858 0 : spdk_json_write_named_uint64(w, "ctrlr_intr", vu_group->stats.ctrlr_intr);
5859 0 : spdk_json_write_named_uint64(w, "ctrlr_kicks", vu_group->stats.ctrlr_kicks);
5860 0 : spdk_json_write_named_uint64(w, "won", vu_group->stats.won);
5861 0 : spdk_json_write_named_uint64(w, "lost", vu_group->stats.lost);
5862 0 : spdk_json_write_named_uint64(w, "lost_count", vu_group->stats.lost_count);
5863 0 : spdk_json_write_named_uint64(w, "rearms", vu_group->stats.rearms);
5864 0 : spdk_json_write_named_uint64(w, "pg_process_count", vu_group->stats.pg_process_count);
5865 0 : spdk_json_write_named_uint64(w, "intr", vu_group->stats.intr);
5866 0 : spdk_json_write_named_uint64(w, "polls", vu_group->stats.polls);
5867 0 : spdk_json_write_named_uint64(w, "polls_spurious", vu_group->stats.polls_spurious);
5868 0 : spdk_json_write_named_uint64(w, "poll_reqs", vu_group->stats.poll_reqs);
5869 0 : polls_denom = vu_group->stats.polls * (vu_group->stats.polls - 1);
5870 0 : if (polls_denom) {
5871 0 : uint64_t n = vu_group->stats.polls * vu_group->stats.poll_reqs_squared - vu_group->stats.poll_reqs *
5872 0 : vu_group->stats.poll_reqs;
5873 0 : spdk_json_write_named_double(w, "poll_reqs_variance", sqrt(n / polls_denom));
5874 0 : }
5875 :
5876 0 : spdk_json_write_named_uint64(w, "cqh_admin_writes", vu_group->stats.cqh_admin_writes);
5877 0 : spdk_json_write_named_uint64(w, "cqh_io_writes", vu_group->stats.cqh_io_writes);
5878 0 : }
5879 :
5880 : static void
5881 0 : nvmf_vfio_user_opts_init(struct spdk_nvmf_transport_opts *opts)
5882 : {
5883 0 : opts->max_queue_depth = NVMF_VFIO_USER_DEFAULT_MAX_QUEUE_DEPTH;
5884 0 : opts->max_qpairs_per_ctrlr = NVMF_VFIO_USER_DEFAULT_MAX_QPAIRS_PER_CTRLR;
5885 0 : opts->in_capsule_data_size = 0;
5886 0 : opts->max_io_size = NVMF_VFIO_USER_DEFAULT_MAX_IO_SIZE;
5887 0 : opts->io_unit_size = NVMF_VFIO_USER_DEFAULT_IO_UNIT_SIZE;
5888 0 : opts->max_aq_depth = NVMF_VFIO_USER_DEFAULT_AQ_DEPTH;
5889 0 : opts->num_shared_buffers = 0;
5890 0 : opts->buf_cache_size = 0;
5891 0 : opts->association_timeout = 0;
5892 0 : opts->transport_specific = NULL;
5893 0 : }
5894 :
5895 : const struct spdk_nvmf_transport_ops spdk_nvmf_transport_vfio_user = {
5896 : .name = "VFIOUSER",
5897 : .type = SPDK_NVME_TRANSPORT_VFIOUSER,
5898 : .opts_init = nvmf_vfio_user_opts_init,
5899 : .create = nvmf_vfio_user_create,
5900 : .destroy = nvmf_vfio_user_destroy,
5901 :
5902 : .listen = nvmf_vfio_user_listen,
5903 : .stop_listen = nvmf_vfio_user_stop_listen,
5904 : .cdata_init = nvmf_vfio_user_cdata_init,
5905 : .listen_associate = nvmf_vfio_user_listen_associate,
5906 :
5907 : .listener_discover = nvmf_vfio_user_discover,
5908 :
5909 : .poll_group_create = nvmf_vfio_user_poll_group_create,
5910 : .get_optimal_poll_group = nvmf_vfio_user_get_optimal_poll_group,
5911 : .poll_group_destroy = nvmf_vfio_user_poll_group_destroy,
5912 : .poll_group_add = nvmf_vfio_user_poll_group_add,
5913 : .poll_group_remove = nvmf_vfio_user_poll_group_remove,
5914 : .poll_group_poll = nvmf_vfio_user_poll_group_poll,
5915 :
5916 : .req_free = nvmf_vfio_user_req_free,
5917 : .req_complete = nvmf_vfio_user_req_complete,
5918 :
5919 : .qpair_fini = nvmf_vfio_user_close_qpair,
5920 : .qpair_get_local_trid = nvmf_vfio_user_qpair_get_local_trid,
5921 : .qpair_get_peer_trid = nvmf_vfio_user_qpair_get_peer_trid,
5922 : .qpair_get_listen_trid = nvmf_vfio_user_qpair_get_listen_trid,
5923 : .qpair_abort_request = nvmf_vfio_user_qpair_abort_request,
5924 :
5925 : .poll_group_dump_stat = nvmf_vfio_user_poll_group_dump_stat,
5926 : };
5927 :
5928 1 : SPDK_NVMF_TRANSPORT_REGISTER(muser, &spdk_nvmf_transport_vfio_user);
5929 1 : SPDK_LOG_REGISTER_COMPONENT(nvmf_vfio)
5930 1 : SPDK_LOG_REGISTER_COMPONENT(vfio_user_db)
|
