1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
5 * VFIO container (/dev/vfio/vfio)
7 #include <linux/file.h>
8 #include <linux/slab.h>
10 #include <linux/capability.h>
11 #include <linux/iommu.h>
12 #include <linux/miscdevice.h>
13 #include <linux/vfio.h>
14 #include <uapi/linux/vfio.h>
18 struct vfio_container {
20 struct list_head group_list;
21 struct rw_semaphore group_lock;
22 struct vfio_iommu_driver *iommu_driver;
28 struct list_head iommu_drivers_list;
29 struct mutex iommu_drivers_lock;
32 #ifdef CONFIG_VFIO_NOIOMMU
33 bool vfio_noiommu __read_mostly;
34 module_param_named(enable_unsafe_noiommu_mode,
35 vfio_noiommu, bool, S_IRUGO | S_IWUSR);
36 MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
39 static void *vfio_noiommu_open(unsigned long arg)
41 if (arg != VFIO_NOIOMMU_IOMMU)
42 return ERR_PTR(-EINVAL);
43 if (!capable(CAP_SYS_RAWIO))
44 return ERR_PTR(-EPERM);
49 static void vfio_noiommu_release(void *iommu_data)
53 static long vfio_noiommu_ioctl(void *iommu_data,
54 unsigned int cmd, unsigned long arg)
56 if (cmd == VFIO_CHECK_EXTENSION)
57 return vfio_noiommu && (arg == VFIO_NOIOMMU_IOMMU) ? 1 : 0;
62 static int vfio_noiommu_attach_group(void *iommu_data,
63 struct iommu_group *iommu_group, enum vfio_group_type type)
68 static void vfio_noiommu_detach_group(void *iommu_data,
69 struct iommu_group *iommu_group)
73 static const struct vfio_iommu_driver_ops vfio_noiommu_ops = {
74 .name = "vfio-noiommu",
76 .open = vfio_noiommu_open,
77 .release = vfio_noiommu_release,
78 .ioctl = vfio_noiommu_ioctl,
79 .attach_group = vfio_noiommu_attach_group,
80 .detach_group = vfio_noiommu_detach_group,
84 * Only noiommu containers can use vfio-noiommu and noiommu containers can only
87 static bool vfio_iommu_driver_allowed(struct vfio_container *container,
88 const struct vfio_iommu_driver *driver)
90 if (!IS_ENABLED(CONFIG_VFIO_NOIOMMU))
92 return container->noiommu == (driver->ops == &vfio_noiommu_ops);
96 * IOMMU driver registration
98 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
100 struct vfio_iommu_driver *driver, *tmp;
102 if (WARN_ON(!ops->register_device != !ops->unregister_device))
105 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
111 mutex_lock(&vfio.iommu_drivers_lock);
113 /* Check for duplicates */
114 list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
115 if (tmp->ops == ops) {
116 mutex_unlock(&vfio.iommu_drivers_lock);
122 list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
124 mutex_unlock(&vfio.iommu_drivers_lock);
128 EXPORT_SYMBOL_GPL(vfio_register_iommu_driver);
130 void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops)
132 struct vfio_iommu_driver *driver;
134 mutex_lock(&vfio.iommu_drivers_lock);
135 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
136 if (driver->ops == ops) {
137 list_del(&driver->vfio_next);
138 mutex_unlock(&vfio.iommu_drivers_lock);
143 mutex_unlock(&vfio.iommu_drivers_lock);
145 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver);
148 * Container objects - containers are created when /dev/vfio/vfio is
149 * opened, but their lifecycle extends until the last user is done, so
150 * it's freed via kref. Must support container/group/device being
151 * closed in any order.
153 static void vfio_container_release(struct kref *kref)
155 struct vfio_container *container;
156 container = container_of(kref, struct vfio_container, kref);
161 static void vfio_container_get(struct vfio_container *container)
163 kref_get(&container->kref);
166 static void vfio_container_put(struct vfio_container *container)
168 kref_put(&container->kref, vfio_container_release);
171 void vfio_device_container_register(struct vfio_device *device)
173 struct vfio_iommu_driver *iommu_driver =
174 device->group->container->iommu_driver;
176 if (iommu_driver && iommu_driver->ops->register_device)
177 iommu_driver->ops->register_device(
178 device->group->container->iommu_data, device);
181 void vfio_device_container_unregister(struct vfio_device *device)
183 struct vfio_iommu_driver *iommu_driver =
184 device->group->container->iommu_driver;
186 if (iommu_driver && iommu_driver->ops->unregister_device)
187 iommu_driver->ops->unregister_device(
188 device->group->container->iommu_data, device);
191 long vfio_container_ioctl_check_extension(struct vfio_container *container,
194 struct vfio_iommu_driver *driver;
197 down_read(&container->group_lock);
199 driver = container->iommu_driver;
202 /* No base extensions yet */
205 * If no driver is set, poll all registered drivers for
206 * extensions and return the first positive result. If
207 * a driver is already set, further queries will be passed
208 * only to that driver.
211 mutex_lock(&vfio.iommu_drivers_lock);
212 list_for_each_entry(driver, &vfio.iommu_drivers_list,
215 if (!list_empty(&container->group_list) &&
216 !vfio_iommu_driver_allowed(container,
219 if (!try_module_get(driver->ops->owner))
222 ret = driver->ops->ioctl(NULL,
223 VFIO_CHECK_EXTENSION,
225 module_put(driver->ops->owner);
229 mutex_unlock(&vfio.iommu_drivers_lock);
231 ret = driver->ops->ioctl(container->iommu_data,
232 VFIO_CHECK_EXTENSION, arg);
235 up_read(&container->group_lock);
240 /* hold write lock on container->group_lock */
241 static int __vfio_container_attach_groups(struct vfio_container *container,
242 struct vfio_iommu_driver *driver,
245 struct vfio_group *group;
248 list_for_each_entry(group, &container->group_list, container_next) {
249 ret = driver->ops->attach_group(data, group->iommu_group,
258 list_for_each_entry_continue_reverse(group, &container->group_list,
260 driver->ops->detach_group(data, group->iommu_group);
266 static long vfio_ioctl_set_iommu(struct vfio_container *container,
269 struct vfio_iommu_driver *driver;
272 down_write(&container->group_lock);
275 * The container is designed to be an unprivileged interface while
276 * the group can be assigned to specific users. Therefore, only by
277 * adding a group to a container does the user get the privilege of
278 * enabling the iommu, which may allocate finite resources. There
279 * is no unset_iommu, but by removing all the groups from a container,
280 * the container is deprivileged and returns to an unset state.
282 if (list_empty(&container->group_list) || container->iommu_driver) {
283 up_write(&container->group_lock);
287 mutex_lock(&vfio.iommu_drivers_lock);
288 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
291 if (!vfio_iommu_driver_allowed(container, driver))
293 if (!try_module_get(driver->ops->owner))
297 * The arg magic for SET_IOMMU is the same as CHECK_EXTENSION,
298 * so test which iommu driver reported support for this
299 * extension and call open on them. We also pass them the
300 * magic, allowing a single driver to support multiple
301 * interfaces if they'd like.
303 if (driver->ops->ioctl(NULL, VFIO_CHECK_EXTENSION, arg) <= 0) {
304 module_put(driver->ops->owner);
308 data = driver->ops->open(arg);
311 module_put(driver->ops->owner);
315 ret = __vfio_container_attach_groups(container, driver, data);
317 driver->ops->release(data);
318 module_put(driver->ops->owner);
322 container->iommu_driver = driver;
323 container->iommu_data = data;
327 mutex_unlock(&vfio.iommu_drivers_lock);
328 up_write(&container->group_lock);
333 static long vfio_fops_unl_ioctl(struct file *filep,
334 unsigned int cmd, unsigned long arg)
336 struct vfio_container *container = filep->private_data;
337 struct vfio_iommu_driver *driver;
345 case VFIO_GET_API_VERSION:
346 ret = VFIO_API_VERSION;
348 case VFIO_CHECK_EXTENSION:
349 ret = vfio_container_ioctl_check_extension(container, arg);
352 ret = vfio_ioctl_set_iommu(container, arg);
355 driver = container->iommu_driver;
356 data = container->iommu_data;
358 if (driver) /* passthrough all unrecognized ioctls */
359 ret = driver->ops->ioctl(data, cmd, arg);
365 static int vfio_fops_open(struct inode *inode, struct file *filep)
367 struct vfio_container *container;
369 container = kzalloc(sizeof(*container), GFP_KERNEL);
373 INIT_LIST_HEAD(&container->group_list);
374 init_rwsem(&container->group_lock);
375 kref_init(&container->kref);
377 filep->private_data = container;
382 static int vfio_fops_release(struct inode *inode, struct file *filep)
384 struct vfio_container *container = filep->private_data;
385 struct vfio_iommu_driver *driver = container->iommu_driver;
387 if (driver && driver->ops->notify)
388 driver->ops->notify(container->iommu_data,
389 VFIO_IOMMU_CONTAINER_CLOSE);
391 filep->private_data = NULL;
393 vfio_container_put(container);
398 static const struct file_operations vfio_fops = {
399 .owner = THIS_MODULE,
400 .open = vfio_fops_open,
401 .release = vfio_fops_release,
402 .unlocked_ioctl = vfio_fops_unl_ioctl,
403 .compat_ioctl = compat_ptr_ioctl,
406 struct vfio_container *vfio_container_from_file(struct file *file)
408 struct vfio_container *container;
410 /* Sanity check, is this really our fd? */
411 if (file->f_op != &vfio_fops)
414 container = file->private_data;
415 WARN_ON(!container); /* fget ensures we don't race vfio_release */
419 static struct miscdevice vfio_dev = {
423 .nodename = "vfio/vfio",
424 .mode = S_IRUGO | S_IWUGO,
427 int vfio_container_attach_group(struct vfio_container *container,
428 struct vfio_group *group)
430 struct vfio_iommu_driver *driver;
433 lockdep_assert_held(&group->group_lock);
435 if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO))
438 down_write(&container->group_lock);
440 /* Real groups and fake groups cannot mix */
441 if (!list_empty(&container->group_list) &&
442 container->noiommu != (group->type == VFIO_NO_IOMMU)) {
444 goto out_unlock_container;
447 if (group->type == VFIO_IOMMU) {
448 ret = iommu_group_claim_dma_owner(group->iommu_group, group);
450 goto out_unlock_container;
453 driver = container->iommu_driver;
455 ret = driver->ops->attach_group(container->iommu_data,
459 if (group->type == VFIO_IOMMU)
460 iommu_group_release_dma_owner(
462 goto out_unlock_container;
466 group->container = container;
467 group->container_users = 1;
468 container->noiommu = (group->type == VFIO_NO_IOMMU);
469 list_add(&group->container_next, &container->group_list);
471 /* Get a reference on the container and mark a user within the group */
472 vfio_container_get(container);
474 out_unlock_container:
475 up_write(&container->group_lock);
479 void vfio_group_detach_container(struct vfio_group *group)
481 struct vfio_container *container = group->container;
482 struct vfio_iommu_driver *driver;
484 lockdep_assert_held(&group->group_lock);
485 WARN_ON(group->container_users != 1);
487 down_write(&container->group_lock);
489 driver = container->iommu_driver;
491 driver->ops->detach_group(container->iommu_data,
494 if (group->type == VFIO_IOMMU)
495 iommu_group_release_dma_owner(group->iommu_group);
497 group->container = NULL;
498 group->container_users = 0;
499 list_del(&group->container_next);
501 /* Detaching the last group deprivileges a container, remove iommu */
502 if (driver && list_empty(&container->group_list)) {
503 driver->ops->release(container->iommu_data);
504 module_put(driver->ops->owner);
505 container->iommu_driver = NULL;
506 container->iommu_data = NULL;
509 up_write(&container->group_lock);
511 vfio_container_put(container);
514 int vfio_device_assign_container(struct vfio_device *device)
516 struct vfio_group *group = device->group;
518 lockdep_assert_held(&group->group_lock);
520 if (!group->container || !group->container->iommu_driver ||
521 WARN_ON(!group->container_users))
524 if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO))
527 get_file(group->opened_file);
528 group->container_users++;
532 void vfio_device_unassign_container(struct vfio_device *device)
534 mutex_lock(&device->group->group_lock);
535 WARN_ON(device->group->container_users <= 1);
536 device->group->container_users--;
537 fput(device->group->opened_file);
538 mutex_unlock(&device->group->group_lock);
542 * Pin contiguous user pages and return their associated host pages for local
544 * @device [in] : device
545 * @iova [in] : starting IOVA of user pages to be pinned.
546 * @npage [in] : count of pages to be pinned. This count should not
547 * be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
548 * @prot [in] : protection flags
549 * @pages[out] : array of host pages
550 * Return error or number of pages pinned.
552 * A driver may only call this function if the vfio_device was created
553 * by vfio_register_emulated_iommu_dev().
555 int vfio_pin_pages(struct vfio_device *device, dma_addr_t iova,
556 int npage, int prot, struct page **pages)
558 struct vfio_container *container;
559 struct vfio_group *group = device->group;
560 struct vfio_iommu_driver *driver;
563 if (!pages || !npage || !vfio_assert_device_open(device))
566 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
569 /* group->container cannot change while a vfio device is open */
570 container = group->container;
571 driver = container->iommu_driver;
572 if (likely(driver && driver->ops->pin_pages))
573 ret = driver->ops->pin_pages(container->iommu_data,
574 group->iommu_group, iova,
581 EXPORT_SYMBOL(vfio_pin_pages);
584 * Unpin contiguous host pages for local domain only.
585 * @device [in] : device
586 * @iova [in] : starting address of user pages to be unpinned.
587 * @npage [in] : count of pages to be unpinned. This count should not
588 * be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
590 void vfio_unpin_pages(struct vfio_device *device, dma_addr_t iova, int npage)
592 struct vfio_container *container;
593 struct vfio_iommu_driver *driver;
595 if (WARN_ON(npage <= 0 || npage > VFIO_PIN_PAGES_MAX_ENTRIES))
598 if (WARN_ON(!vfio_assert_device_open(device)))
601 /* group->container cannot change while a vfio device is open */
602 container = device->group->container;
603 driver = container->iommu_driver;
605 driver->ops->unpin_pages(container->iommu_data, iova, npage);
607 EXPORT_SYMBOL(vfio_unpin_pages);
610 * This interface allows the CPUs to perform some sort of virtual DMA on
611 * behalf of the device.
613 * CPUs read/write from/into a range of IOVAs pointing to user space memory
614 * into/from a kernel buffer.
616 * As the read/write of user space memory is conducted via the CPUs and is
617 * not a real device DMA, it is not necessary to pin the user space memory.
619 * @device [in] : VFIO device
620 * @iova [in] : base IOVA of a user space buffer
621 * @data [in] : pointer to kernel buffer
622 * @len [in] : kernel buffer length
623 * @write : indicate read or write
624 * Return error code on failure or 0 on success.
626 int vfio_dma_rw(struct vfio_device *device, dma_addr_t iova, void *data,
627 size_t len, bool write)
629 struct vfio_container *container;
630 struct vfio_iommu_driver *driver;
633 if (!data || len <= 0 || !vfio_assert_device_open(device))
636 /* group->container cannot change while a vfio device is open */
637 container = device->group->container;
638 driver = container->iommu_driver;
640 if (likely(driver && driver->ops->dma_rw))
641 ret = driver->ops->dma_rw(container->iommu_data,
642 iova, data, len, write);
647 EXPORT_SYMBOL(vfio_dma_rw);
649 int __init vfio_container_init(void)
653 mutex_init(&vfio.iommu_drivers_lock);
654 INIT_LIST_HEAD(&vfio.iommu_drivers_list);
656 ret = misc_register(&vfio_dev);
658 pr_err("vfio: misc device register failed\n");
662 if (IS_ENABLED(CONFIG_VFIO_NOIOMMU)) {
663 ret = vfio_register_iommu_driver(&vfio_noiommu_ops);
670 misc_deregister(&vfio_dev);
674 void vfio_container_cleanup(void)
676 if (IS_ENABLED(CONFIG_VFIO_NOIOMMU))
677 vfio_unregister_iommu_driver(&vfio_noiommu_ops);
678 misc_deregister(&vfio_dev);
679 mutex_destroy(&vfio.iommu_drivers_lock);
projects / platform / kernel / linux-starfive.git / blob