Hi,
On 3/28/25 1:21 PM, Eugenio Perez Martin wrote:
On Thu, Mar 27, 2025 at 7:42 PM Sahil Siddiq <icegambi...@gmail.com> wrote:
On 3/26/25 1:33 PM, Eugenio Perez Martin wrote:
On Mon, Mar 24, 2025 at 3:14 PM Sahil Siddiq <icegambi...@gmail.com> wrote:
On 3/24/25 7:29 PM, Sahil Siddiq wrote:
Implement the insertion of available buffers in the descriptor area of
packed shadow virtqueues. It takes into account descriptor chains, but
does not consider indirect descriptors.
Enable the packed SVQ to forward the descriptors to the device.
Signed-off-by: Sahil Siddiq <sahil...@proton.me>
---
[...]
+
+/**
+ * Write descriptors to SVQ packed vring
+ *
+ * @svq: The shadow virtqueue
+ * @out_sg: The iovec to the guest
+ * @out_num: Outgoing iovec length
+ * @in_sg: The iovec from the guest
+ * @in_num: Incoming iovec length
+ * @sgs: Cache for hwaddr
+ * @head: Saves current free_head
+ */
+static void vhost_svq_add_packed(VhostShadowVirtqueue *svq,
+ const struct iovec *out_sg, size_t out_num,
+ const struct iovec *in_sg, size_t in_num,
+ hwaddr *sgs, unsigned *head)
+{
+ uint16_t id, curr, i, head_flags = 0, head_idx;
+ size_t num = out_num + in_num;
+ unsigned n;
+
+ struct vring_packed_desc *descs = svq->vring_packed.vring.desc;
+
+ head_idx = svq->vring_packed.next_avail_idx;
Since "svq->vring_packed.next_avail_idx" is part of QEMU internals and not
stored in guest memory, no endianness conversion is required here, right?
Right!
Understood.
+ i = head_idx;
+ id = svq->free_head;
+ curr = id;
+ *head = id;
Should head be the buffer id or the idx of the descriptor ring where the
first descriptor of a descriptor chain is inserted?
The buffer id of the *last* descriptor of a chain. See "2.8.6 Next
Flag: Descriptor Chaining" at [1].
Ah, yes. The second half of my question in incorrect.
The tail descriptor of the chain includes the buffer id. In this implementation
we place the same tail buffer id in other locations of the descriptor ring since
they will be ignored anyway [1].
The explanation below frames my query better.
+ /* Write descriptors to SVQ packed vring */
+ for (n = 0; n < num; n++) {
+ uint16_t flags = cpu_to_le16(svq->vring_packed.avail_used_flags |
+ (n < out_num ? 0 : VRING_DESC_F_WRITE) |
+ (n + 1 == num ? 0 : VRING_DESC_F_NEXT));
+ if (i == head_idx) {
+ head_flags = flags;
+ } else {
+ descs[i].flags = flags;
+ }
+
+ descs[i].addr = cpu_to_le64(sgs[n]);
+ descs[i].id = id;
+ if (n < out_num) {
+ descs[i].len = cpu_to_le32(out_sg[n].iov_len);
+ } else {
+ descs[i].len = cpu_to_le32(in_sg[n - out_num].iov_len);
+ }
+
+ curr = cpu_to_le16(svq->desc_next[curr]);
+
+ if (++i >= svq->vring_packed.vring.num) {
+ i = 0;
+ svq->vring_packed.avail_used_flags ^=
+ 1 << VRING_PACKED_DESC_F_AVAIL |
+ 1 << VRING_PACKED_DESC_F_USED;
+ }
+ }
+ if (i <= head_idx) {
+ svq->vring_packed.avail_wrap_counter ^= 1;
+ }
+
+ svq->vring_packed.next_avail_idx = i;
+ svq->shadow_avail_idx = i;
+ svq->free_head = curr;
+
+ /*
+ * A driver MUST NOT make the first descriptor in the list
+ * available before all subsequent descriptors comprising
+ * the list are made available.
+ */
+ smp_wmb();
+ svq->vring_packed.vring.desc[head_idx].flags = head_flags;
}
[...]
@@ -258,13 +356,22 @@ int vhost_svq_add(VhostShadowVirtqueue *svq, const struct
iovec *out_sg,
return -EINVAL;
}
- vhost_svq_add_split(svq, out_sg, out_num, in_sg,
- in_num, sgs, &qemu_head);
+ if (svq->is_packed) {
+ vhost_svq_add_packed(svq, out_sg, out_num, in_sg,
+ in_num, sgs, &qemu_head);
+ } else {
+ vhost_svq_add_split(svq, out_sg, out_num, in_sg,
+ in_num, sgs, &qemu_head);
+ }
svq->num_free -= ndescs;
svq->desc_state[qemu_head].elem = elem;
svq->desc_state[qemu_head].ndescs = ndescs;
*head in vhost_svq_add_packed() is stored in "qemu_head" here.
Sorry I don't get this, can you expand?
Sure. In vhost_svq_add(), after the descriptors have been added
(either using vhost_svq_add_split or vhost_svq_add_packed),
VirtQueueElement elem and ndescs are both saved in the
svq->desc_state array. "elem" and "ndescs" are later used when
the guest consumes used descriptors from the device in
vhost_svq_get_buf_(split|packed).
For split vqs, the index of svq->desc where elem and ndescs are
saved matches the index of the descriptor ring where the head of
the descriptor ring is placed.
In vhost_svq_add_split:
*head = svq->free_head;
[...]
avail_idx = svq->shadow_avail_idx & (svq->vring.num - 1);
avail->ring[avail_idx] = cpu_to_le16(*head);
"qemu_head" in vhost_svq_add gets its value from "*head" in
vhost_svq_add_split:
svq->desc_state[qemu_head].elem = elem;
svq->desc_state[qemu_head].ndescs = ndescs;
For packed vq, something similar has to be done. My approach was
to have the index of svq->desc_state match the buffer id in the
tail of the descriptor ring.
The entire chain is written to the descriptor ring in the loop
in vhost_svq_add_packed. I am not sure if the index of
svq->desc_state should be the buffer id or if it should be a
descriptor index ("head_idx" or the index corresponding to the
tail of the chain).
I think both approaches should be valid. My advice is to follow
Linux's code and let it be the tail descriptor id. This descriptor id
is pushed and popped from vq->free_head in a stack style.
In addition to that, Linux also sets the same id to all the chain
elements. I think this is useful when dealing with bad devices. In
particular,
Understood. So far, I have implemented this so it matches the
implementation in Linux.
QEMU's packed vq implementation looked at the first
desciptor's id, which is an incorrect behavior.
Are you referring to:
1. svq->desc_state[qemu_head].elem = elem (in vhost_svq_add()), and
2. *head = id (in vhost_svq_add_packed())
According to the virtio spec, the buffer id must be saved in the last
index of the list in the descriptor region [1]. QEMU and Linux [2][3]
both use the value of vq->free_head (instead of the id that precedes
curr [4]) to save in the descriptor region and to use in svq->desc_state.
Thanks,
Sahil
[1]
https://docs.oasis-open.org/virtio/virtio/v1.3/csd01/virtio-v1.3-csd01.html#x1-780006
[2]
https://github.com/torvalds/linux/blob/master/drivers/virtio/virtio_ring.c#L1507
[3]
https://github.com/torvalds/linux/blob/master/drivers/virtio/virtio_ring.c#L1563
[4]
https://github.com/torvalds/linux/blob/master/drivers/virtio/virtio_ring.c#L1560
