1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
6 * Author: Alex Williamson <alex.williamson@redhat.com>
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
10 * Author: Tom Lyon, pugs@cisco.com
13 #include <linux/cdev.h>
14 #include <linux/compat.h>
15 #include <linux/device.h>
16 #include <linux/file.h>
17 #include <linux/anon_inodes.h>
19 #include <linux/idr.h>
20 #include <linux/iommu.h>
21 #include <linux/list.h>
22 #include <linux/miscdevice.h>
23 #include <linux/module.h>
24 #include <linux/mutex.h>
25 #include <linux/pci.h>
26 #include <linux/rwsem.h>
27 #include <linux/sched.h>
28 #include <linux/slab.h>
29 #include <linux/stat.h>
30 #include <linux/string.h>
31 #include <linux/uaccess.h>
32 #include <linux/vfio.h>
33 #include <linux/wait.h>
34 #include <linux/sched/signal.h>
36 #define DRIVER_VERSION "0.3"
37 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
38 #define DRIVER_DESC "VFIO - User Level meta-driver"
42 struct list_head iommu_drivers_list;
43 struct mutex iommu_drivers_lock;
44 struct list_head group_list;
46 struct mutex group_lock;
47 struct cdev group_cdev;
51 struct vfio_iommu_driver {
52 const struct vfio_iommu_driver_ops *ops;
53 struct list_head vfio_next;
56 struct vfio_container {
58 struct list_head group_list;
59 struct rw_semaphore group_lock;
60 struct vfio_iommu_driver *iommu_driver;
65 struct vfio_unbound_dev {
67 struct list_head unbound_next;
73 atomic_t container_users;
74 struct iommu_group *iommu_group;
75 struct vfio_container *container;
76 struct list_head device_list;
77 struct mutex device_lock;
79 struct notifier_block nb;
80 struct list_head vfio_next;
81 struct list_head container_next;
82 struct list_head unbound_list;
83 struct mutex unbound_lock;
85 wait_queue_head_t container_q;
87 unsigned int dev_counter;
89 struct blocking_notifier_head notifier;
92 #ifdef CONFIG_VFIO_NOIOMMU
93 static bool noiommu __read_mostly;
94 module_param_named(enable_unsafe_noiommu_mode,
95 noiommu, bool, S_IRUGO | S_IWUSR);
96 MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
99 static DEFINE_XARRAY(vfio_device_set_xa);
101 int vfio_assign_device_set(struct vfio_device *device, void *set_id)
103 unsigned long idx = (unsigned long)set_id;
104 struct vfio_device_set *new_dev_set;
105 struct vfio_device_set *dev_set;
107 if (WARN_ON(!set_id))
111 * Atomically acquire a singleton object in the xarray for this set_id
113 xa_lock(&vfio_device_set_xa);
114 dev_set = xa_load(&vfio_device_set_xa, idx);
117 xa_unlock(&vfio_device_set_xa);
119 new_dev_set = kzalloc(sizeof(*new_dev_set), GFP_KERNEL);
122 mutex_init(&new_dev_set->lock);
123 INIT_LIST_HEAD(&new_dev_set->device_list);
124 new_dev_set->set_id = set_id;
126 xa_lock(&vfio_device_set_xa);
127 dev_set = __xa_cmpxchg(&vfio_device_set_xa, idx, NULL, new_dev_set,
130 dev_set = new_dev_set;
135 if (xa_is_err(dev_set)) {
136 xa_unlock(&vfio_device_set_xa);
137 return xa_err(dev_set);
141 dev_set->device_count++;
142 xa_unlock(&vfio_device_set_xa);
143 mutex_lock(&dev_set->lock);
144 device->dev_set = dev_set;
145 list_add_tail(&device->dev_set_list, &dev_set->device_list);
146 mutex_unlock(&dev_set->lock);
149 EXPORT_SYMBOL_GPL(vfio_assign_device_set);
151 static void vfio_release_device_set(struct vfio_device *device)
153 struct vfio_device_set *dev_set = device->dev_set;
158 mutex_lock(&dev_set->lock);
159 list_del(&device->dev_set_list);
160 mutex_unlock(&dev_set->lock);
162 xa_lock(&vfio_device_set_xa);
163 if (!--dev_set->device_count) {
164 __xa_erase(&vfio_device_set_xa,
165 (unsigned long)dev_set->set_id);
166 mutex_destroy(&dev_set->lock);
169 xa_unlock(&vfio_device_set_xa);
173 * vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe
174 * and remove functions, any use cases other than acquiring the first
175 * reference for the purpose of calling vfio_register_group_dev() or removing
176 * that symmetric reference after vfio_unregister_group_dev() should use the raw
177 * iommu_group_{get,put} functions. In particular, vfio_iommu_group_put()
178 * removes the device from the dummy group and cannot be nested.
180 struct iommu_group *vfio_iommu_group_get(struct device *dev)
182 struct iommu_group *group;
183 int __maybe_unused ret;
185 group = iommu_group_get(dev);
187 #ifdef CONFIG_VFIO_NOIOMMU
189 * With noiommu enabled, an IOMMU group will be created for a device
190 * that doesn't already have one and doesn't have an iommu_ops on their
191 * bus. We set iommudata simply to be able to identify these groups
192 * as special use and for reclamation later.
194 if (group || !noiommu || iommu_present(dev->bus))
197 group = iommu_group_alloc();
201 iommu_group_set_name(group, "vfio-noiommu");
202 iommu_group_set_iommudata(group, &noiommu, NULL);
203 ret = iommu_group_add_device(group, dev);
205 iommu_group_put(group);
210 * Where to taint? At this point we've added an IOMMU group for a
211 * device that is not backed by iommu_ops, therefore any iommu_
212 * callback using iommu_ops can legitimately Oops. So, while we may
213 * be about to give a DMA capable device to a user without IOMMU
214 * protection, which is clearly taint-worthy, let's go ahead and do
217 add_taint(TAINT_USER, LOCKDEP_STILL_OK);
218 dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
223 EXPORT_SYMBOL_GPL(vfio_iommu_group_get);
225 void vfio_iommu_group_put(struct iommu_group *group, struct device *dev)
227 #ifdef CONFIG_VFIO_NOIOMMU
228 if (iommu_group_get_iommudata(group) == &noiommu)
229 iommu_group_remove_device(dev);
232 iommu_group_put(group);
234 EXPORT_SYMBOL_GPL(vfio_iommu_group_put);
236 #ifdef CONFIG_VFIO_NOIOMMU
237 static void *vfio_noiommu_open(unsigned long arg)
239 if (arg != VFIO_NOIOMMU_IOMMU)
240 return ERR_PTR(-EINVAL);
241 if (!capable(CAP_SYS_RAWIO))
242 return ERR_PTR(-EPERM);
247 static void vfio_noiommu_release(void *iommu_data)
251 static long vfio_noiommu_ioctl(void *iommu_data,
252 unsigned int cmd, unsigned long arg)
254 if (cmd == VFIO_CHECK_EXTENSION)
255 return noiommu && (arg == VFIO_NOIOMMU_IOMMU) ? 1 : 0;
260 static int vfio_noiommu_attach_group(void *iommu_data,
261 struct iommu_group *iommu_group)
263 return iommu_group_get_iommudata(iommu_group) == &noiommu ? 0 : -EINVAL;
266 static void vfio_noiommu_detach_group(void *iommu_data,
267 struct iommu_group *iommu_group)
271 static const struct vfio_iommu_driver_ops vfio_noiommu_ops = {
272 .name = "vfio-noiommu",
273 .owner = THIS_MODULE,
274 .open = vfio_noiommu_open,
275 .release = vfio_noiommu_release,
276 .ioctl = vfio_noiommu_ioctl,
277 .attach_group = vfio_noiommu_attach_group,
278 .detach_group = vfio_noiommu_detach_group,
284 * IOMMU driver registration
286 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
288 struct vfio_iommu_driver *driver, *tmp;
290 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
296 mutex_lock(&vfio.iommu_drivers_lock);
298 /* Check for duplicates */
299 list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
300 if (tmp->ops == ops) {
301 mutex_unlock(&vfio.iommu_drivers_lock);
307 list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
309 mutex_unlock(&vfio.iommu_drivers_lock);
313 EXPORT_SYMBOL_GPL(vfio_register_iommu_driver);
315 void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops)
317 struct vfio_iommu_driver *driver;
319 mutex_lock(&vfio.iommu_drivers_lock);
320 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
321 if (driver->ops == ops) {
322 list_del(&driver->vfio_next);
323 mutex_unlock(&vfio.iommu_drivers_lock);
328 mutex_unlock(&vfio.iommu_drivers_lock);
330 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver);
333 * Group minor allocation/free - both called with vfio.group_lock held
335 static int vfio_alloc_group_minor(struct vfio_group *group)
337 return idr_alloc(&vfio.group_idr, group, 0, MINORMASK + 1, GFP_KERNEL);
340 static void vfio_free_group_minor(int minor)
342 idr_remove(&vfio.group_idr, minor);
345 static int vfio_iommu_group_notifier(struct notifier_block *nb,
346 unsigned long action, void *data);
347 static void vfio_group_get(struct vfio_group *group);
350 * Container objects - containers are created when /dev/vfio/vfio is
351 * opened, but their lifecycle extends until the last user is done, so
352 * it's freed via kref. Must support container/group/device being
353 * closed in any order.
355 static void vfio_container_get(struct vfio_container *container)
357 kref_get(&container->kref);
360 static void vfio_container_release(struct kref *kref)
362 struct vfio_container *container;
363 container = container_of(kref, struct vfio_container, kref);
368 static void vfio_container_put(struct vfio_container *container)
370 kref_put(&container->kref, vfio_container_release);
373 static void vfio_group_unlock_and_free(struct vfio_group *group)
375 mutex_unlock(&vfio.group_lock);
377 * Unregister outside of lock. A spurious callback is harmless now
378 * that the group is no longer in vfio.group_list.
380 iommu_group_unregister_notifier(group->iommu_group, &group->nb);
385 * Group objects - create, release, get, put, search
387 static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
389 struct vfio_group *group, *tmp;
393 group = kzalloc(sizeof(*group), GFP_KERNEL);
395 return ERR_PTR(-ENOMEM);
397 kref_init(&group->kref);
398 INIT_LIST_HEAD(&group->device_list);
399 mutex_init(&group->device_lock);
400 INIT_LIST_HEAD(&group->unbound_list);
401 mutex_init(&group->unbound_lock);
402 atomic_set(&group->container_users, 0);
403 atomic_set(&group->opened, 0);
404 init_waitqueue_head(&group->container_q);
405 group->iommu_group = iommu_group;
406 #ifdef CONFIG_VFIO_NOIOMMU
407 group->noiommu = (iommu_group_get_iommudata(iommu_group) == &noiommu);
409 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
411 group->nb.notifier_call = vfio_iommu_group_notifier;
414 * blocking notifiers acquire a rwsem around registering and hold
415 * it around callback. Therefore, need to register outside of
416 * vfio.group_lock to avoid A-B/B-A contention. Our callback won't
417 * do anything unless it can find the group in vfio.group_list, so
418 * no harm in registering early.
420 ret = iommu_group_register_notifier(iommu_group, &group->nb);
426 mutex_lock(&vfio.group_lock);
428 /* Did we race creating this group? */
429 list_for_each_entry(tmp, &vfio.group_list, vfio_next) {
430 if (tmp->iommu_group == iommu_group) {
432 vfio_group_unlock_and_free(group);
437 minor = vfio_alloc_group_minor(group);
439 vfio_group_unlock_and_free(group);
440 return ERR_PTR(minor);
443 dev = device_create(vfio.class, NULL,
444 MKDEV(MAJOR(vfio.group_devt), minor),
445 group, "%s%d", group->noiommu ? "noiommu-" : "",
446 iommu_group_id(iommu_group));
448 vfio_free_group_minor(minor);
449 vfio_group_unlock_and_free(group);
450 return ERR_CAST(dev);
453 group->minor = minor;
456 list_add(&group->vfio_next, &vfio.group_list);
458 mutex_unlock(&vfio.group_lock);
463 /* called with vfio.group_lock held */
464 static void vfio_group_release(struct kref *kref)
466 struct vfio_group *group = container_of(kref, struct vfio_group, kref);
467 struct vfio_unbound_dev *unbound, *tmp;
468 struct iommu_group *iommu_group = group->iommu_group;
470 WARN_ON(!list_empty(&group->device_list));
471 WARN_ON(group->notifier.head);
473 list_for_each_entry_safe(unbound, tmp,
474 &group->unbound_list, unbound_next) {
475 list_del(&unbound->unbound_next);
479 device_destroy(vfio.class, MKDEV(MAJOR(vfio.group_devt), group->minor));
480 list_del(&group->vfio_next);
481 vfio_free_group_minor(group->minor);
482 vfio_group_unlock_and_free(group);
483 iommu_group_put(iommu_group);
486 static void vfio_group_put(struct vfio_group *group)
488 kref_put_mutex(&group->kref, vfio_group_release, &vfio.group_lock);
491 struct vfio_group_put_work {
492 struct work_struct work;
493 struct vfio_group *group;
496 static void vfio_group_put_bg(struct work_struct *work)
498 struct vfio_group_put_work *do_work;
500 do_work = container_of(work, struct vfio_group_put_work, work);
502 vfio_group_put(do_work->group);
506 static void vfio_group_schedule_put(struct vfio_group *group)
508 struct vfio_group_put_work *do_work;
510 do_work = kmalloc(sizeof(*do_work), GFP_KERNEL);
511 if (WARN_ON(!do_work))
514 INIT_WORK(&do_work->work, vfio_group_put_bg);
515 do_work->group = group;
516 schedule_work(&do_work->work);
519 /* Assume group_lock or group reference is held */
520 static void vfio_group_get(struct vfio_group *group)
522 kref_get(&group->kref);
526 * Not really a try as we will sleep for mutex, but we need to make
527 * sure the group pointer is valid under lock and get a reference.
529 static struct vfio_group *vfio_group_try_get(struct vfio_group *group)
531 struct vfio_group *target = group;
533 mutex_lock(&vfio.group_lock);
534 list_for_each_entry(group, &vfio.group_list, vfio_next) {
535 if (group == target) {
536 vfio_group_get(group);
537 mutex_unlock(&vfio.group_lock);
541 mutex_unlock(&vfio.group_lock);
547 struct vfio_group *vfio_group_get_from_iommu(struct iommu_group *iommu_group)
549 struct vfio_group *group;
551 mutex_lock(&vfio.group_lock);
552 list_for_each_entry(group, &vfio.group_list, vfio_next) {
553 if (group->iommu_group == iommu_group) {
554 vfio_group_get(group);
555 mutex_unlock(&vfio.group_lock);
559 mutex_unlock(&vfio.group_lock);
564 static struct vfio_group *vfio_group_get_from_minor(int minor)
566 struct vfio_group *group;
568 mutex_lock(&vfio.group_lock);
569 group = idr_find(&vfio.group_idr, minor);
571 mutex_unlock(&vfio.group_lock);
574 vfio_group_get(group);
575 mutex_unlock(&vfio.group_lock);
580 static struct vfio_group *vfio_group_get_from_dev(struct device *dev)
582 struct iommu_group *iommu_group;
583 struct vfio_group *group;
585 iommu_group = iommu_group_get(dev);
589 group = vfio_group_get_from_iommu(iommu_group);
590 iommu_group_put(iommu_group);
596 * Device objects - create, release, get, put, search
598 /* Device reference always implies a group reference */
599 void vfio_device_put(struct vfio_device *device)
601 if (refcount_dec_and_test(&device->refcount))
602 complete(&device->comp);
604 EXPORT_SYMBOL_GPL(vfio_device_put);
606 static bool vfio_device_try_get(struct vfio_device *device)
608 return refcount_inc_not_zero(&device->refcount);
611 static struct vfio_device *vfio_group_get_device(struct vfio_group *group,
614 struct vfio_device *device;
616 mutex_lock(&group->device_lock);
617 list_for_each_entry(device, &group->device_list, group_next) {
618 if (device->dev == dev && vfio_device_try_get(device)) {
619 mutex_unlock(&group->device_lock);
623 mutex_unlock(&group->device_lock);
628 * Some drivers, like pci-stub, are only used to prevent other drivers from
629 * claiming a device and are therefore perfectly legitimate for a user owned
630 * group. The pci-stub driver has no dependencies on DMA or the IOVA mapping
631 * of the device, but it does prevent the user from having direct access to
632 * the device, which is useful in some circumstances.
634 * We also assume that we can include PCI interconnect devices, ie. bridges.
635 * IOMMU grouping on PCI necessitates that if we lack isolation on a bridge
636 * then all of the downstream devices will be part of the same IOMMU group as
637 * the bridge. Thus, if placing the bridge into the user owned IOVA space
638 * breaks anything, it only does so for user owned devices downstream. Note
639 * that error notification via MSI can be affected for platforms that handle
640 * MSI within the same IOVA space as DMA.
642 static const char * const vfio_driver_allowed[] = { "pci-stub" };
644 static bool vfio_dev_driver_allowed(struct device *dev,
645 struct device_driver *drv)
647 if (dev_is_pci(dev)) {
648 struct pci_dev *pdev = to_pci_dev(dev);
650 if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL)
654 return match_string(vfio_driver_allowed,
655 ARRAY_SIZE(vfio_driver_allowed),
660 * A vfio group is viable for use by userspace if all devices are in
661 * one of the following states:
663 * - bound to a vfio driver
664 * - bound to an otherwise allowed driver
665 * - a PCI interconnect device
667 * We use two methods to determine whether a device is bound to a vfio
668 * driver. The first is to test whether the device exists in the vfio
669 * group. The second is to test if the device exists on the group
670 * unbound_list, indicating it's in the middle of transitioning from
671 * a vfio driver to driver-less.
673 static int vfio_dev_viable(struct device *dev, void *data)
675 struct vfio_group *group = data;
676 struct vfio_device *device;
677 struct device_driver *drv = READ_ONCE(dev->driver);
678 struct vfio_unbound_dev *unbound;
681 mutex_lock(&group->unbound_lock);
682 list_for_each_entry(unbound, &group->unbound_list, unbound_next) {
683 if (dev == unbound->dev) {
688 mutex_unlock(&group->unbound_lock);
690 if (!ret || !drv || vfio_dev_driver_allowed(dev, drv))
693 device = vfio_group_get_device(group, dev);
695 vfio_device_put(device);
703 * Async device support
705 static int vfio_group_nb_add_dev(struct vfio_group *group, struct device *dev)
707 struct vfio_device *device;
709 /* Do we already know about it? We shouldn't */
710 device = vfio_group_get_device(group, dev);
711 if (WARN_ON_ONCE(device)) {
712 vfio_device_put(device);
716 /* Nothing to do for idle groups */
717 if (!atomic_read(&group->container_users))
720 /* TODO Prevent device auto probing */
721 dev_WARN(dev, "Device added to live group %d!\n",
722 iommu_group_id(group->iommu_group));
727 static int vfio_group_nb_verify(struct vfio_group *group, struct device *dev)
729 /* We don't care what happens when the group isn't in use */
730 if (!atomic_read(&group->container_users))
733 return vfio_dev_viable(dev, group);
736 static int vfio_iommu_group_notifier(struct notifier_block *nb,
737 unsigned long action, void *data)
739 struct vfio_group *group = container_of(nb, struct vfio_group, nb);
740 struct device *dev = data;
741 struct vfio_unbound_dev *unbound;
744 * Need to go through a group_lock lookup to get a reference or we
745 * risk racing a group being removed. Ignore spurious notifies.
747 group = vfio_group_try_get(group);
752 case IOMMU_GROUP_NOTIFY_ADD_DEVICE:
753 vfio_group_nb_add_dev(group, dev);
755 case IOMMU_GROUP_NOTIFY_DEL_DEVICE:
757 * Nothing to do here. If the device is in use, then the
758 * vfio sub-driver should block the remove callback until
759 * it is unused. If the device is unused or attached to a
760 * stub driver, then it should be released and we don't
761 * care that it will be going away.
764 case IOMMU_GROUP_NOTIFY_BIND_DRIVER:
765 dev_dbg(dev, "%s: group %d binding to driver\n", __func__,
766 iommu_group_id(group->iommu_group));
768 case IOMMU_GROUP_NOTIFY_BOUND_DRIVER:
769 dev_dbg(dev, "%s: group %d bound to driver %s\n", __func__,
770 iommu_group_id(group->iommu_group), dev->driver->name);
771 BUG_ON(vfio_group_nb_verify(group, dev));
773 case IOMMU_GROUP_NOTIFY_UNBIND_DRIVER:
774 dev_dbg(dev, "%s: group %d unbinding from driver %s\n",
775 __func__, iommu_group_id(group->iommu_group),
778 case IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER:
779 dev_dbg(dev, "%s: group %d unbound from driver\n", __func__,
780 iommu_group_id(group->iommu_group));
782 * XXX An unbound device in a live group is ok, but we'd
783 * really like to avoid the above BUG_ON by preventing other
784 * drivers from binding to it. Once that occurs, we have to
785 * stop the system to maintain isolation. At a minimum, we'd
786 * want a toggle to disable driver auto probe for this device.
789 mutex_lock(&group->unbound_lock);
790 list_for_each_entry(unbound,
791 &group->unbound_list, unbound_next) {
792 if (dev == unbound->dev) {
793 list_del(&unbound->unbound_next);
798 mutex_unlock(&group->unbound_lock);
803 * If we're the last reference to the group, the group will be
804 * released, which includes unregistering the iommu group notifier.
805 * We hold a read-lock on that notifier list, unregistering needs
806 * a write-lock... deadlock. Release our reference asynchronously
807 * to avoid that situation.
809 vfio_group_schedule_put(group);
816 void vfio_init_group_dev(struct vfio_device *device, struct device *dev,
817 const struct vfio_device_ops *ops)
819 init_completion(&device->comp);
823 EXPORT_SYMBOL_GPL(vfio_init_group_dev);
825 void vfio_uninit_group_dev(struct vfio_device *device)
827 vfio_release_device_set(device);
829 EXPORT_SYMBOL_GPL(vfio_uninit_group_dev);
831 int vfio_register_group_dev(struct vfio_device *device)
833 struct vfio_device *existing_device;
834 struct iommu_group *iommu_group;
835 struct vfio_group *group;
838 * If the driver doesn't specify a set then the device is added to a
839 * singleton set just for itself.
841 if (!device->dev_set)
842 vfio_assign_device_set(device, device);
844 iommu_group = iommu_group_get(device->dev);
848 group = vfio_group_get_from_iommu(iommu_group);
850 group = vfio_create_group(iommu_group);
852 iommu_group_put(iommu_group);
853 return PTR_ERR(group);
857 * A found vfio_group already holds a reference to the
858 * iommu_group. A created vfio_group keeps the reference.
860 iommu_group_put(iommu_group);
863 existing_device = vfio_group_get_device(group, device->dev);
864 if (existing_device) {
865 dev_WARN(device->dev, "Device already exists on group %d\n",
866 iommu_group_id(iommu_group));
867 vfio_device_put(existing_device);
868 vfio_group_put(group);
872 /* Our reference on group is moved to the device */
873 device->group = group;
875 /* Refcounting can't start until the driver calls register */
876 refcount_set(&device->refcount, 1);
878 mutex_lock(&group->device_lock);
879 list_add(&device->group_next, &group->device_list);
880 group->dev_counter++;
881 mutex_unlock(&group->device_lock);
885 EXPORT_SYMBOL_GPL(vfio_register_group_dev);
888 * Get a reference to the vfio_device for a device. Even if the
889 * caller thinks they own the device, they could be racing with a
890 * release call path, so we can't trust drvdata for the shortcut.
891 * Go the long way around, from the iommu_group to the vfio_group
892 * to the vfio_device.
894 struct vfio_device *vfio_device_get_from_dev(struct device *dev)
896 struct vfio_group *group;
897 struct vfio_device *device;
899 group = vfio_group_get_from_dev(dev);
903 device = vfio_group_get_device(group, dev);
904 vfio_group_put(group);
908 EXPORT_SYMBOL_GPL(vfio_device_get_from_dev);
910 static struct vfio_device *vfio_device_get_from_name(struct vfio_group *group,
913 struct vfio_device *it, *device = ERR_PTR(-ENODEV);
915 mutex_lock(&group->device_lock);
916 list_for_each_entry(it, &group->device_list, group_next) {
919 if (it->ops->match) {
920 ret = it->ops->match(it, buf);
922 device = ERR_PTR(ret);
926 ret = !strcmp(dev_name(it->dev), buf);
929 if (ret && vfio_device_try_get(it)) {
934 mutex_unlock(&group->device_lock);
940 * Decrement the device reference count and wait for the device to be
941 * removed. Open file descriptors for the device... */
942 void vfio_unregister_group_dev(struct vfio_device *device)
944 struct vfio_group *group = device->group;
945 struct vfio_unbound_dev *unbound;
947 bool interrupted = false;
951 * When the device is removed from the group, the group suddenly
952 * becomes non-viable; the device has a driver (until the unbind
953 * completes), but it's not present in the group. This is bad news
954 * for any external users that need to re-acquire a group reference
955 * in order to match and release their existing reference. To
956 * solve this, we track such devices on the unbound_list to bridge
957 * the gap until they're fully unbound.
959 unbound = kzalloc(sizeof(*unbound), GFP_KERNEL);
961 unbound->dev = device->dev;
962 mutex_lock(&group->unbound_lock);
963 list_add(&unbound->unbound_next, &group->unbound_list);
964 mutex_unlock(&group->unbound_lock);
968 vfio_device_put(device);
969 rc = try_wait_for_completion(&device->comp);
971 if (device->ops->request)
972 device->ops->request(device, i++);
975 rc = wait_for_completion_timeout(&device->comp,
978 rc = wait_for_completion_interruptible_timeout(
979 &device->comp, HZ * 10);
982 dev_warn(device->dev,
983 "Device is currently in use, task"
985 "blocked until device is released",
986 current->comm, task_pid_nr(current));
991 mutex_lock(&group->device_lock);
992 list_del(&device->group_next);
993 group->dev_counter--;
994 mutex_unlock(&group->device_lock);
997 * In order to support multiple devices per group, devices can be
998 * plucked from the group while other devices in the group are still
999 * in use. The container persists with this group and those remaining
1000 * devices still attached. If the user creates an isolation violation
1001 * by binding this device to another driver while the group is still in
1002 * use, that's their fault. However, in the case of removing the last,
1003 * or potentially the only, device in the group there can be no other
1004 * in-use devices in the group. The user has done their due diligence
1005 * and we should lay no claims to those devices. In order to do that,
1006 * we need to make sure the group is detached from the container.
1007 * Without this stall, we're potentially racing with a user process
1008 * that may attempt to immediately bind this device to another driver.
1010 if (list_empty(&group->device_list))
1011 wait_event(group->container_q, !group->container);
1013 /* Matches the get in vfio_register_group_dev() */
1014 vfio_group_put(group);
1016 EXPORT_SYMBOL_GPL(vfio_unregister_group_dev);
1019 * VFIO base fd, /dev/vfio/vfio
1021 static long vfio_ioctl_check_extension(struct vfio_container *container,
1024 struct vfio_iommu_driver *driver;
1027 down_read(&container->group_lock);
1029 driver = container->iommu_driver;
1032 /* No base extensions yet */
1035 * If no driver is set, poll all registered drivers for
1036 * extensions and return the first positive result. If
1037 * a driver is already set, further queries will be passed
1038 * only to that driver.
1041 mutex_lock(&vfio.iommu_drivers_lock);
1042 list_for_each_entry(driver, &vfio.iommu_drivers_list,
1045 #ifdef CONFIG_VFIO_NOIOMMU
1046 if (!list_empty(&container->group_list) &&
1047 (container->noiommu !=
1048 (driver->ops == &vfio_noiommu_ops)))
1052 if (!try_module_get(driver->ops->owner))
1055 ret = driver->ops->ioctl(NULL,
1056 VFIO_CHECK_EXTENSION,
1058 module_put(driver->ops->owner);
1062 mutex_unlock(&vfio.iommu_drivers_lock);
1064 ret = driver->ops->ioctl(container->iommu_data,
1065 VFIO_CHECK_EXTENSION, arg);
1068 up_read(&container->group_lock);
1073 /* hold write lock on container->group_lock */
1074 static int __vfio_container_attach_groups(struct vfio_container *container,
1075 struct vfio_iommu_driver *driver,
1078 struct vfio_group *group;
1081 list_for_each_entry(group, &container->group_list, container_next) {
1082 ret = driver->ops->attach_group(data, group->iommu_group);
1090 list_for_each_entry_continue_reverse(group, &container->group_list,
1092 driver->ops->detach_group(data, group->iommu_group);
1098 static long vfio_ioctl_set_iommu(struct vfio_container *container,
1101 struct vfio_iommu_driver *driver;
1104 down_write(&container->group_lock);
1107 * The container is designed to be an unprivileged interface while
1108 * the group can be assigned to specific users. Therefore, only by
1109 * adding a group to a container does the user get the privilege of
1110 * enabling the iommu, which may allocate finite resources. There
1111 * is no unset_iommu, but by removing all the groups from a container,
1112 * the container is deprivileged and returns to an unset state.
1114 if (list_empty(&container->group_list) || container->iommu_driver) {
1115 up_write(&container->group_lock);
1119 mutex_lock(&vfio.iommu_drivers_lock);
1120 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
1123 #ifdef CONFIG_VFIO_NOIOMMU
1125 * Only noiommu containers can use vfio-noiommu and noiommu
1126 * containers can only use vfio-noiommu.
1128 if (container->noiommu != (driver->ops == &vfio_noiommu_ops))
1132 if (!try_module_get(driver->ops->owner))
1136 * The arg magic for SET_IOMMU is the same as CHECK_EXTENSION,
1137 * so test which iommu driver reported support for this
1138 * extension and call open on them. We also pass them the
1139 * magic, allowing a single driver to support multiple
1140 * interfaces if they'd like.
1142 if (driver->ops->ioctl(NULL, VFIO_CHECK_EXTENSION, arg) <= 0) {
1143 module_put(driver->ops->owner);
1147 data = driver->ops->open(arg);
1149 ret = PTR_ERR(data);
1150 module_put(driver->ops->owner);
1154 ret = __vfio_container_attach_groups(container, driver, data);
1156 driver->ops->release(data);
1157 module_put(driver->ops->owner);
1161 container->iommu_driver = driver;
1162 container->iommu_data = data;
1166 mutex_unlock(&vfio.iommu_drivers_lock);
1167 up_write(&container->group_lock);
1172 static long vfio_fops_unl_ioctl(struct file *filep,
1173 unsigned int cmd, unsigned long arg)
1175 struct vfio_container *container = filep->private_data;
1176 struct vfio_iommu_driver *driver;
1184 case VFIO_GET_API_VERSION:
1185 ret = VFIO_API_VERSION;
1187 case VFIO_CHECK_EXTENSION:
1188 ret = vfio_ioctl_check_extension(container, arg);
1190 case VFIO_SET_IOMMU:
1191 ret = vfio_ioctl_set_iommu(container, arg);
1194 driver = container->iommu_driver;
1195 data = container->iommu_data;
1197 if (driver) /* passthrough all unrecognized ioctls */
1198 ret = driver->ops->ioctl(data, cmd, arg);
1204 static int vfio_fops_open(struct inode *inode, struct file *filep)
1206 struct vfio_container *container;
1208 container = kzalloc(sizeof(*container), GFP_KERNEL);
1212 INIT_LIST_HEAD(&container->group_list);
1213 init_rwsem(&container->group_lock);
1214 kref_init(&container->kref);
1216 filep->private_data = container;
1221 static int vfio_fops_release(struct inode *inode, struct file *filep)
1223 struct vfio_container *container = filep->private_data;
1224 struct vfio_iommu_driver *driver = container->iommu_driver;
1226 if (driver && driver->ops->notify)
1227 driver->ops->notify(container->iommu_data,
1228 VFIO_IOMMU_CONTAINER_CLOSE);
1230 filep->private_data = NULL;
1232 vfio_container_put(container);
1238 * Once an iommu driver is set, we optionally pass read/write/mmap
1239 * on to the driver, allowing management interfaces beyond ioctl.
1241 static ssize_t vfio_fops_read(struct file *filep, char __user *buf,
1242 size_t count, loff_t *ppos)
1244 struct vfio_container *container = filep->private_data;
1245 struct vfio_iommu_driver *driver;
1246 ssize_t ret = -EINVAL;
1248 driver = container->iommu_driver;
1249 if (likely(driver && driver->ops->read))
1250 ret = driver->ops->read(container->iommu_data,
1256 static ssize_t vfio_fops_write(struct file *filep, const char __user *buf,
1257 size_t count, loff_t *ppos)
1259 struct vfio_container *container = filep->private_data;
1260 struct vfio_iommu_driver *driver;
1261 ssize_t ret = -EINVAL;
1263 driver = container->iommu_driver;
1264 if (likely(driver && driver->ops->write))
1265 ret = driver->ops->write(container->iommu_data,
1271 static int vfio_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1273 struct vfio_container *container = filep->private_data;
1274 struct vfio_iommu_driver *driver;
1277 driver = container->iommu_driver;
1278 if (likely(driver && driver->ops->mmap))
1279 ret = driver->ops->mmap(container->iommu_data, vma);
1284 static const struct file_operations vfio_fops = {
1285 .owner = THIS_MODULE,
1286 .open = vfio_fops_open,
1287 .release = vfio_fops_release,
1288 .read = vfio_fops_read,
1289 .write = vfio_fops_write,
1290 .unlocked_ioctl = vfio_fops_unl_ioctl,
1291 .compat_ioctl = compat_ptr_ioctl,
1292 .mmap = vfio_fops_mmap,
1296 * VFIO Group fd, /dev/vfio/$GROUP
1298 static void __vfio_group_unset_container(struct vfio_group *group)
1300 struct vfio_container *container = group->container;
1301 struct vfio_iommu_driver *driver;
1303 down_write(&container->group_lock);
1305 driver = container->iommu_driver;
1307 driver->ops->detach_group(container->iommu_data,
1308 group->iommu_group);
1310 group->container = NULL;
1311 wake_up(&group->container_q);
1312 list_del(&group->container_next);
1314 /* Detaching the last group deprivileges a container, remove iommu */
1315 if (driver && list_empty(&container->group_list)) {
1316 driver->ops->release(container->iommu_data);
1317 module_put(driver->ops->owner);
1318 container->iommu_driver = NULL;
1319 container->iommu_data = NULL;
1322 up_write(&container->group_lock);
1324 vfio_container_put(container);
1328 * VFIO_GROUP_UNSET_CONTAINER should fail if there are other users or
1329 * if there was no container to unset. Since the ioctl is called on
1330 * the group, we know that still exists, therefore the only valid
1331 * transition here is 1->0.
1333 static int vfio_group_unset_container(struct vfio_group *group)
1335 int users = atomic_cmpxchg(&group->container_users, 1, 0);
1342 __vfio_group_unset_container(group);
1348 * When removing container users, anything that removes the last user
1349 * implicitly removes the group from the container. That is, if the
1350 * group file descriptor is closed, as well as any device file descriptors,
1351 * the group is free.
1353 static void vfio_group_try_dissolve_container(struct vfio_group *group)
1355 if (0 == atomic_dec_if_positive(&group->container_users))
1356 __vfio_group_unset_container(group);
1359 static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1362 struct vfio_container *container;
1363 struct vfio_iommu_driver *driver;
1366 if (atomic_read(&group->container_users))
1369 if (group->noiommu && !capable(CAP_SYS_RAWIO))
1372 f = fdget(container_fd);
1376 /* Sanity check, is this really our fd? */
1377 if (f.file->f_op != &vfio_fops) {
1382 container = f.file->private_data;
1383 WARN_ON(!container); /* fget ensures we don't race vfio_release */
1385 down_write(&container->group_lock);
1387 /* Real groups and fake groups cannot mix */
1388 if (!list_empty(&container->group_list) &&
1389 container->noiommu != group->noiommu) {
1394 driver = container->iommu_driver;
1396 ret = driver->ops->attach_group(container->iommu_data,
1397 group->iommu_group);
1402 group->container = container;
1403 container->noiommu = group->noiommu;
1404 list_add(&group->container_next, &container->group_list);
1406 /* Get a reference on the container and mark a user within the group */
1407 vfio_container_get(container);
1408 atomic_inc(&group->container_users);
1411 up_write(&container->group_lock);
1416 static bool vfio_group_viable(struct vfio_group *group)
1418 return (iommu_group_for_each_dev(group->iommu_group,
1419 group, vfio_dev_viable) == 0);
1422 static int vfio_group_add_container_user(struct vfio_group *group)
1424 if (!atomic_inc_not_zero(&group->container_users))
1427 if (group->noiommu) {
1428 atomic_dec(&group->container_users);
1431 if (!group->container->iommu_driver || !vfio_group_viable(group)) {
1432 atomic_dec(&group->container_users);
1439 static const struct file_operations vfio_device_fops;
1441 static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
1443 struct vfio_device *device;
1448 if (0 == atomic_read(&group->container_users) ||
1449 !group->container->iommu_driver || !vfio_group_viable(group))
1452 if (group->noiommu && !capable(CAP_SYS_RAWIO))
1455 device = vfio_device_get_from_name(group, buf);
1457 return PTR_ERR(device);
1459 if (!try_module_get(device->dev->driver->owner)) {
1461 goto err_device_put;
1464 mutex_lock(&device->dev_set->lock);
1465 device->open_count++;
1466 if (device->open_count == 1 && device->ops->open_device) {
1467 ret = device->ops->open_device(device);
1469 goto err_undo_count;
1471 mutex_unlock(&device->dev_set->lock);
1474 * We can't use anon_inode_getfd() because we need to modify
1475 * the f_mode flags directly to allow more than just ioctls
1477 fdno = ret = get_unused_fd_flags(O_CLOEXEC);
1479 goto err_close_device;
1481 filep = anon_inode_getfile("[vfio-device]", &vfio_device_fops,
1483 if (IS_ERR(filep)) {
1484 ret = PTR_ERR(filep);
1489 * TODO: add an anon_inode interface to do this.
1490 * Appears to be missing by lack of need rather than
1491 * explicitly prevented. Now there's need.
1493 filep->f_mode |= (FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1495 atomic_inc(&group->container_users);
1497 fd_install(fdno, filep);
1500 dev_warn(device->dev, "vfio-noiommu device opened by user "
1501 "(%s:%d)\n", current->comm, task_pid_nr(current));
1505 put_unused_fd(fdno);
1507 mutex_lock(&device->dev_set->lock);
1508 if (device->open_count == 1 && device->ops->close_device)
1509 device->ops->close_device(device);
1511 device->open_count--;
1512 mutex_unlock(&device->dev_set->lock);
1513 module_put(device->dev->driver->owner);
1515 vfio_device_put(device);
1519 static long vfio_group_fops_unl_ioctl(struct file *filep,
1520 unsigned int cmd, unsigned long arg)
1522 struct vfio_group *group = filep->private_data;
1526 case VFIO_GROUP_GET_STATUS:
1528 struct vfio_group_status status;
1529 unsigned long minsz;
1531 minsz = offsetofend(struct vfio_group_status, flags);
1533 if (copy_from_user(&status, (void __user *)arg, minsz))
1536 if (status.argsz < minsz)
1541 if (vfio_group_viable(group))
1542 status.flags |= VFIO_GROUP_FLAGS_VIABLE;
1544 if (group->container)
1545 status.flags |= VFIO_GROUP_FLAGS_CONTAINER_SET;
1547 if (copy_to_user((void __user *)arg, &status, minsz))
1553 case VFIO_GROUP_SET_CONTAINER:
1557 if (get_user(fd, (int __user *)arg))
1563 ret = vfio_group_set_container(group, fd);
1566 case VFIO_GROUP_UNSET_CONTAINER:
1567 ret = vfio_group_unset_container(group);
1569 case VFIO_GROUP_GET_DEVICE_FD:
1573 buf = strndup_user((const char __user *)arg, PAGE_SIZE);
1575 return PTR_ERR(buf);
1577 ret = vfio_group_get_device_fd(group, buf);
1586 static int vfio_group_fops_open(struct inode *inode, struct file *filep)
1588 struct vfio_group *group;
1591 group = vfio_group_get_from_minor(iminor(inode));
1595 if (group->noiommu && !capable(CAP_SYS_RAWIO)) {
1596 vfio_group_put(group);
1600 /* Do we need multiple instances of the group open? Seems not. */
1601 opened = atomic_cmpxchg(&group->opened, 0, 1);
1603 vfio_group_put(group);
1607 /* Is something still in use from a previous open? */
1608 if (group->container) {
1609 atomic_dec(&group->opened);
1610 vfio_group_put(group);
1614 /* Warn if previous user didn't cleanup and re-init to drop them */
1615 if (WARN_ON(group->notifier.head))
1616 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
1618 filep->private_data = group;
1623 static int vfio_group_fops_release(struct inode *inode, struct file *filep)
1625 struct vfio_group *group = filep->private_data;
1627 filep->private_data = NULL;
1629 vfio_group_try_dissolve_container(group);
1631 atomic_dec(&group->opened);
1633 vfio_group_put(group);
1638 static const struct file_operations vfio_group_fops = {
1639 .owner = THIS_MODULE,
1640 .unlocked_ioctl = vfio_group_fops_unl_ioctl,
1641 .compat_ioctl = compat_ptr_ioctl,
1642 .open = vfio_group_fops_open,
1643 .release = vfio_group_fops_release,
1649 static int vfio_device_fops_release(struct inode *inode, struct file *filep)
1651 struct vfio_device *device = filep->private_data;
1653 mutex_lock(&device->dev_set->lock);
1654 if (!--device->open_count && device->ops->close_device)
1655 device->ops->close_device(device);
1656 mutex_unlock(&device->dev_set->lock);
1658 module_put(device->dev->driver->owner);
1660 vfio_group_try_dissolve_container(device->group);
1662 vfio_device_put(device);
1667 static long vfio_device_fops_unl_ioctl(struct file *filep,
1668 unsigned int cmd, unsigned long arg)
1670 struct vfio_device *device = filep->private_data;
1672 if (unlikely(!device->ops->ioctl))
1675 return device->ops->ioctl(device, cmd, arg);
1678 static ssize_t vfio_device_fops_read(struct file *filep, char __user *buf,
1679 size_t count, loff_t *ppos)
1681 struct vfio_device *device = filep->private_data;
1683 if (unlikely(!device->ops->read))
1686 return device->ops->read(device, buf, count, ppos);
1689 static ssize_t vfio_device_fops_write(struct file *filep,
1690 const char __user *buf,
1691 size_t count, loff_t *ppos)
1693 struct vfio_device *device = filep->private_data;
1695 if (unlikely(!device->ops->write))
1698 return device->ops->write(device, buf, count, ppos);
1701 static int vfio_device_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1703 struct vfio_device *device = filep->private_data;
1705 if (unlikely(!device->ops->mmap))
1708 return device->ops->mmap(device, vma);
1711 static const struct file_operations vfio_device_fops = {
1712 .owner = THIS_MODULE,
1713 .release = vfio_device_fops_release,
1714 .read = vfio_device_fops_read,
1715 .write = vfio_device_fops_write,
1716 .unlocked_ioctl = vfio_device_fops_unl_ioctl,
1717 .compat_ioctl = compat_ptr_ioctl,
1718 .mmap = vfio_device_fops_mmap,
1722 * External user API, exported by symbols to be linked dynamically.
1724 * The protocol includes:
1725 * 1. do normal VFIO init operation:
1726 * - opening a new container;
1727 * - attaching group(s) to it;
1728 * - setting an IOMMU driver for a container.
1729 * When IOMMU is set for a container, all groups in it are
1730 * considered ready to use by an external user.
1732 * 2. User space passes a group fd to an external user.
1733 * The external user calls vfio_group_get_external_user()
1735 * - the group is initialized;
1736 * - IOMMU is set for it.
1737 * If both checks passed, vfio_group_get_external_user()
1738 * increments the container user counter to prevent
1739 * the VFIO group from disposal before KVM exits.
1741 * 3. The external user calls vfio_external_user_iommu_id()
1742 * to know an IOMMU ID.
1744 * 4. When the external KVM finishes, it calls
1745 * vfio_group_put_external_user() to release the VFIO group.
1746 * This call decrements the container user counter.
1748 struct vfio_group *vfio_group_get_external_user(struct file *filep)
1750 struct vfio_group *group = filep->private_data;
1753 if (filep->f_op != &vfio_group_fops)
1754 return ERR_PTR(-EINVAL);
1756 ret = vfio_group_add_container_user(group);
1758 return ERR_PTR(ret);
1760 vfio_group_get(group);
1764 EXPORT_SYMBOL_GPL(vfio_group_get_external_user);
1767 * External user API, exported by symbols to be linked dynamically.
1768 * The external user passes in a device pointer
1770 * - A VFIO group is assiciated with the device;
1771 * - IOMMU is set for the group.
1772 * If both checks passed, vfio_group_get_external_user_from_dev()
1773 * increments the container user counter to prevent the VFIO group
1774 * from disposal before external user exits and returns the pointer
1775 * to the VFIO group.
1777 * When the external user finishes using the VFIO group, it calls
1778 * vfio_group_put_external_user() to release the VFIO group and
1779 * decrement the container user counter.
1781 * @dev [in] : device
1782 * Return error PTR or pointer to VFIO group.
1785 struct vfio_group *vfio_group_get_external_user_from_dev(struct device *dev)
1787 struct vfio_group *group;
1790 group = vfio_group_get_from_dev(dev);
1792 return ERR_PTR(-ENODEV);
1794 ret = vfio_group_add_container_user(group);
1796 vfio_group_put(group);
1797 return ERR_PTR(ret);
1802 EXPORT_SYMBOL_GPL(vfio_group_get_external_user_from_dev);
1804 void vfio_group_put_external_user(struct vfio_group *group)
1806 vfio_group_try_dissolve_container(group);
1807 vfio_group_put(group);
1809 EXPORT_SYMBOL_GPL(vfio_group_put_external_user);
1811 bool vfio_external_group_match_file(struct vfio_group *test_group,
1814 struct vfio_group *group = filep->private_data;
1816 return (filep->f_op == &vfio_group_fops) && (group == test_group);
1818 EXPORT_SYMBOL_GPL(vfio_external_group_match_file);
1820 int vfio_external_user_iommu_id(struct vfio_group *group)
1822 return iommu_group_id(group->iommu_group);
1824 EXPORT_SYMBOL_GPL(vfio_external_user_iommu_id);
1826 long vfio_external_check_extension(struct vfio_group *group, unsigned long arg)
1828 return vfio_ioctl_check_extension(group->container, arg);
1830 EXPORT_SYMBOL_GPL(vfio_external_check_extension);
1833 * Sub-module support
1836 * Helper for managing a buffer of info chain capabilities, allocate or
1837 * reallocate a buffer with additional @size, filling in @id and @version
1838 * of the capability. A pointer to the new capability is returned.
1840 * NB. The chain is based at the head of the buffer, so new entries are
1841 * added to the tail, vfio_info_cap_shift() should be called to fixup the
1842 * next offsets prior to copying to the user buffer.
1844 struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
1845 size_t size, u16 id, u16 version)
1848 struct vfio_info_cap_header *header, *tmp;
1850 buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL);
1855 return ERR_PTR(-ENOMEM);
1859 header = buf + caps->size;
1861 /* Eventually copied to user buffer, zero */
1862 memset(header, 0, size);
1865 header->version = version;
1867 /* Add to the end of the capability chain */
1868 for (tmp = buf; tmp->next; tmp = buf + tmp->next)
1871 tmp->next = caps->size;
1876 EXPORT_SYMBOL_GPL(vfio_info_cap_add);
1878 void vfio_info_cap_shift(struct vfio_info_cap *caps, size_t offset)
1880 struct vfio_info_cap_header *tmp;
1881 void *buf = (void *)caps->buf;
1883 for (tmp = buf; tmp->next; tmp = buf + tmp->next - offset)
1884 tmp->next += offset;
1886 EXPORT_SYMBOL(vfio_info_cap_shift);
1888 int vfio_info_add_capability(struct vfio_info_cap *caps,
1889 struct vfio_info_cap_header *cap, size_t size)
1891 struct vfio_info_cap_header *header;
1893 header = vfio_info_cap_add(caps, size, cap->id, cap->version);
1895 return PTR_ERR(header);
1897 memcpy(header + 1, cap + 1, size - sizeof(*header));
1901 EXPORT_SYMBOL(vfio_info_add_capability);
1903 int vfio_set_irqs_validate_and_prepare(struct vfio_irq_set *hdr, int num_irqs,
1904 int max_irq_type, size_t *data_size)
1906 unsigned long minsz;
1909 minsz = offsetofend(struct vfio_irq_set, count);
1911 if ((hdr->argsz < minsz) || (hdr->index >= max_irq_type) ||
1912 (hdr->count >= (U32_MAX - hdr->start)) ||
1913 (hdr->flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK |
1914 VFIO_IRQ_SET_ACTION_TYPE_MASK)))
1920 if (hdr->start >= num_irqs || hdr->start + hdr->count > num_irqs)
1923 switch (hdr->flags & VFIO_IRQ_SET_DATA_TYPE_MASK) {
1924 case VFIO_IRQ_SET_DATA_NONE:
1927 case VFIO_IRQ_SET_DATA_BOOL:
1928 size = sizeof(uint8_t);
1930 case VFIO_IRQ_SET_DATA_EVENTFD:
1931 size = sizeof(int32_t);
1938 if (hdr->argsz - minsz < hdr->count * size)
1944 *data_size = hdr->count * size;
1949 EXPORT_SYMBOL(vfio_set_irqs_validate_and_prepare);
1952 * Pin a set of guest PFNs and return their associated host PFNs for local
1954 * @dev [in] : device
1955 * @user_pfn [in]: array of user/guest PFNs to be pinned.
1956 * @npage [in] : count of elements in user_pfn array. This count should not
1957 * be greater VFIO_PIN_PAGES_MAX_ENTRIES.
1958 * @prot [in] : protection flags
1959 * @phys_pfn[out]: array of host PFNs
1960 * Return error or number of pages pinned.
1962 int vfio_pin_pages(struct device *dev, unsigned long *user_pfn, int npage,
1963 int prot, unsigned long *phys_pfn)
1965 struct vfio_container *container;
1966 struct vfio_group *group;
1967 struct vfio_iommu_driver *driver;
1970 if (!dev || !user_pfn || !phys_pfn || !npage)
1973 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
1976 group = vfio_group_get_from_dev(dev);
1980 if (group->dev_counter > 1) {
1985 ret = vfio_group_add_container_user(group);
1989 container = group->container;
1990 driver = container->iommu_driver;
1991 if (likely(driver && driver->ops->pin_pages))
1992 ret = driver->ops->pin_pages(container->iommu_data,
1993 group->iommu_group, user_pfn,
1994 npage, prot, phys_pfn);
1998 vfio_group_try_dissolve_container(group);
2001 vfio_group_put(group);
2004 EXPORT_SYMBOL(vfio_pin_pages);
2007 * Unpin set of host PFNs for local domain only.
2008 * @dev [in] : device
2009 * @user_pfn [in]: array of user/guest PFNs to be unpinned. Number of user/guest
2010 * PFNs should not be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
2011 * @npage [in] : count of elements in user_pfn array. This count should not
2012 * be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
2013 * Return error or number of pages unpinned.
2015 int vfio_unpin_pages(struct device *dev, unsigned long *user_pfn, int npage)
2017 struct vfio_container *container;
2018 struct vfio_group *group;
2019 struct vfio_iommu_driver *driver;
2022 if (!dev || !user_pfn || !npage)
2025 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
2028 group = vfio_group_get_from_dev(dev);
2032 ret = vfio_group_add_container_user(group);
2034 goto err_unpin_pages;
2036 container = group->container;
2037 driver = container->iommu_driver;
2038 if (likely(driver && driver->ops->unpin_pages))
2039 ret = driver->ops->unpin_pages(container->iommu_data, user_pfn,
2044 vfio_group_try_dissolve_container(group);
2047 vfio_group_put(group);
2050 EXPORT_SYMBOL(vfio_unpin_pages);
2053 * Pin a set of guest IOVA PFNs and return their associated host PFNs for a
2056 * The caller needs to call vfio_group_get_external_user() or
2057 * vfio_group_get_external_user_from_dev() prior to calling this interface,
2058 * so as to prevent the VFIO group from disposal in the middle of the call.
2059 * But it can keep the reference to the VFIO group for several calls into
2061 * After finishing using of the VFIO group, the caller needs to release the
2062 * VFIO group by calling vfio_group_put_external_user().
2064 * @group [in] : VFIO group
2065 * @user_iova_pfn [in] : array of user/guest IOVA PFNs to be pinned.
2066 * @npage [in] : count of elements in user_iova_pfn array.
2067 * This count should not be greater
2068 * VFIO_PIN_PAGES_MAX_ENTRIES.
2069 * @prot [in] : protection flags
2070 * @phys_pfn [out] : array of host PFNs
2071 * Return error or number of pages pinned.
2073 int vfio_group_pin_pages(struct vfio_group *group,
2074 unsigned long *user_iova_pfn, int npage,
2075 int prot, unsigned long *phys_pfn)
2077 struct vfio_container *container;
2078 struct vfio_iommu_driver *driver;
2081 if (!group || !user_iova_pfn || !phys_pfn || !npage)
2084 if (group->dev_counter > 1)
2087 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
2090 container = group->container;
2091 driver = container->iommu_driver;
2092 if (likely(driver && driver->ops->pin_pages))
2093 ret = driver->ops->pin_pages(container->iommu_data,
2094 group->iommu_group, user_iova_pfn,
2095 npage, prot, phys_pfn);
2101 EXPORT_SYMBOL(vfio_group_pin_pages);
2104 * Unpin a set of guest IOVA PFNs for a VFIO group.
2106 * The caller needs to call vfio_group_get_external_user() or
2107 * vfio_group_get_external_user_from_dev() prior to calling this interface,
2108 * so as to prevent the VFIO group from disposal in the middle of the call.
2109 * But it can keep the reference to the VFIO group for several calls into
2111 * After finishing using of the VFIO group, the caller needs to release the
2112 * VFIO group by calling vfio_group_put_external_user().
2114 * @group [in] : vfio group
2115 * @user_iova_pfn [in] : array of user/guest IOVA PFNs to be unpinned.
2116 * @npage [in] : count of elements in user_iova_pfn array.
2117 * This count should not be greater than
2118 * VFIO_PIN_PAGES_MAX_ENTRIES.
2119 * Return error or number of pages unpinned.
2121 int vfio_group_unpin_pages(struct vfio_group *group,
2122 unsigned long *user_iova_pfn, int npage)
2124 struct vfio_container *container;
2125 struct vfio_iommu_driver *driver;
2128 if (!group || !user_iova_pfn || !npage)
2131 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
2134 container = group->container;
2135 driver = container->iommu_driver;
2136 if (likely(driver && driver->ops->unpin_pages))
2137 ret = driver->ops->unpin_pages(container->iommu_data,
2138 user_iova_pfn, npage);
2144 EXPORT_SYMBOL(vfio_group_unpin_pages);
2148 * This interface allows the CPUs to perform some sort of virtual DMA on
2149 * behalf of the device.
2151 * CPUs read/write from/into a range of IOVAs pointing to user space memory
2152 * into/from a kernel buffer.
2154 * As the read/write of user space memory is conducted via the CPUs and is
2155 * not a real device DMA, it is not necessary to pin the user space memory.
2157 * The caller needs to call vfio_group_get_external_user() or
2158 * vfio_group_get_external_user_from_dev() prior to calling this interface,
2159 * so as to prevent the VFIO group from disposal in the middle of the call.
2160 * But it can keep the reference to the VFIO group for several calls into
2162 * After finishing using of the VFIO group, the caller needs to release the
2163 * VFIO group by calling vfio_group_put_external_user().
2165 * @group [in] : VFIO group
2166 * @user_iova [in] : base IOVA of a user space buffer
2167 * @data [in] : pointer to kernel buffer
2168 * @len [in] : kernel buffer length
2169 * @write : indicate read or write
2170 * Return error code on failure or 0 on success.
2172 int vfio_dma_rw(struct vfio_group *group, dma_addr_t user_iova,
2173 void *data, size_t len, bool write)
2175 struct vfio_container *container;
2176 struct vfio_iommu_driver *driver;
2179 if (!group || !data || len <= 0)
2182 container = group->container;
2183 driver = container->iommu_driver;
2185 if (likely(driver && driver->ops->dma_rw))
2186 ret = driver->ops->dma_rw(container->iommu_data,
2187 user_iova, data, len, write);
2193 EXPORT_SYMBOL(vfio_dma_rw);
2195 static int vfio_register_iommu_notifier(struct vfio_group *group,
2196 unsigned long *events,
2197 struct notifier_block *nb)
2199 struct vfio_container *container;
2200 struct vfio_iommu_driver *driver;
2203 ret = vfio_group_add_container_user(group);
2207 container = group->container;
2208 driver = container->iommu_driver;
2209 if (likely(driver && driver->ops->register_notifier))
2210 ret = driver->ops->register_notifier(container->iommu_data,
2215 vfio_group_try_dissolve_container(group);
2220 static int vfio_unregister_iommu_notifier(struct vfio_group *group,
2221 struct notifier_block *nb)
2223 struct vfio_container *container;
2224 struct vfio_iommu_driver *driver;
2227 ret = vfio_group_add_container_user(group);
2231 container = group->container;
2232 driver = container->iommu_driver;
2233 if (likely(driver && driver->ops->unregister_notifier))
2234 ret = driver->ops->unregister_notifier(container->iommu_data,
2239 vfio_group_try_dissolve_container(group);
2244 void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm)
2247 blocking_notifier_call_chain(&group->notifier,
2248 VFIO_GROUP_NOTIFY_SET_KVM, kvm);
2250 EXPORT_SYMBOL_GPL(vfio_group_set_kvm);
2252 static int vfio_register_group_notifier(struct vfio_group *group,
2253 unsigned long *events,
2254 struct notifier_block *nb)
2257 bool set_kvm = false;
2259 if (*events & VFIO_GROUP_NOTIFY_SET_KVM)
2262 /* clear known events */
2263 *events &= ~VFIO_GROUP_NOTIFY_SET_KVM;
2265 /* refuse to continue if still events remaining */
2269 ret = vfio_group_add_container_user(group);
2273 ret = blocking_notifier_chain_register(&group->notifier, nb);
2276 * The attaching of kvm and vfio_group might already happen, so
2277 * here we replay once upon registration.
2279 if (!ret && set_kvm && group->kvm)
2280 blocking_notifier_call_chain(&group->notifier,
2281 VFIO_GROUP_NOTIFY_SET_KVM, group->kvm);
2283 vfio_group_try_dissolve_container(group);
2288 static int vfio_unregister_group_notifier(struct vfio_group *group,
2289 struct notifier_block *nb)
2293 ret = vfio_group_add_container_user(group);
2297 ret = blocking_notifier_chain_unregister(&group->notifier, nb);
2299 vfio_group_try_dissolve_container(group);
2304 int vfio_register_notifier(struct device *dev, enum vfio_notify_type type,
2305 unsigned long *events, struct notifier_block *nb)
2307 struct vfio_group *group;
2310 if (!dev || !nb || !events || (*events == 0))
2313 group = vfio_group_get_from_dev(dev);
2318 case VFIO_IOMMU_NOTIFY:
2319 ret = vfio_register_iommu_notifier(group, events, nb);
2321 case VFIO_GROUP_NOTIFY:
2322 ret = vfio_register_group_notifier(group, events, nb);
2328 vfio_group_put(group);
2331 EXPORT_SYMBOL(vfio_register_notifier);
2333 int vfio_unregister_notifier(struct device *dev, enum vfio_notify_type type,
2334 struct notifier_block *nb)
2336 struct vfio_group *group;
2342 group = vfio_group_get_from_dev(dev);
2347 case VFIO_IOMMU_NOTIFY:
2348 ret = vfio_unregister_iommu_notifier(group, nb);
2350 case VFIO_GROUP_NOTIFY:
2351 ret = vfio_unregister_group_notifier(group, nb);
2357 vfio_group_put(group);
2360 EXPORT_SYMBOL(vfio_unregister_notifier);
2362 struct iommu_domain *vfio_group_iommu_domain(struct vfio_group *group)
2364 struct vfio_container *container;
2365 struct vfio_iommu_driver *driver;
2368 return ERR_PTR(-EINVAL);
2370 container = group->container;
2371 driver = container->iommu_driver;
2372 if (likely(driver && driver->ops->group_iommu_domain))
2373 return driver->ops->group_iommu_domain(container->iommu_data,
2374 group->iommu_group);
2376 return ERR_PTR(-ENOTTY);
2378 EXPORT_SYMBOL_GPL(vfio_group_iommu_domain);
2381 * Module/class support
2383 static char *vfio_devnode(struct device *dev, umode_t *mode)
2385 return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
2388 static struct miscdevice vfio_dev = {
2389 .minor = VFIO_MINOR,
2392 .nodename = "vfio/vfio",
2393 .mode = S_IRUGO | S_IWUGO,
2396 static int __init vfio_init(void)
2400 idr_init(&vfio.group_idr);
2401 mutex_init(&vfio.group_lock);
2402 mutex_init(&vfio.iommu_drivers_lock);
2403 INIT_LIST_HEAD(&vfio.group_list);
2404 INIT_LIST_HEAD(&vfio.iommu_drivers_list);
2406 ret = misc_register(&vfio_dev);
2408 pr_err("vfio: misc device register failed\n");
2412 /* /dev/vfio/$GROUP */
2413 vfio.class = class_create(THIS_MODULE, "vfio");
2414 if (IS_ERR(vfio.class)) {
2415 ret = PTR_ERR(vfio.class);
2419 vfio.class->devnode = vfio_devnode;
2421 ret = alloc_chrdev_region(&vfio.group_devt, 0, MINORMASK + 1, "vfio");
2423 goto err_alloc_chrdev;
2425 cdev_init(&vfio.group_cdev, &vfio_group_fops);
2426 ret = cdev_add(&vfio.group_cdev, vfio.group_devt, MINORMASK + 1);
2430 pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n");
2432 #ifdef CONFIG_VFIO_NOIOMMU
2433 vfio_register_iommu_driver(&vfio_noiommu_ops);
2438 unregister_chrdev_region(vfio.group_devt, MINORMASK + 1);
2440 class_destroy(vfio.class);
2443 misc_deregister(&vfio_dev);
2447 static void __exit vfio_cleanup(void)
2449 WARN_ON(!list_empty(&vfio.group_list));
2451 #ifdef CONFIG_VFIO_NOIOMMU
2452 vfio_unregister_iommu_driver(&vfio_noiommu_ops);
2454 idr_destroy(&vfio.group_idr);
2455 cdev_del(&vfio.group_cdev);
2456 unregister_chrdev_region(vfio.group_devt, MINORMASK + 1);
2457 class_destroy(vfio.class);
2459 misc_deregister(&vfio_dev);
2460 xa_destroy(&vfio_device_set_xa);
2463 module_init(vfio_init);
2464 module_exit(vfio_cleanup);
2466 MODULE_VERSION(DRIVER_VERSION);
2467 MODULE_LICENSE("GPL v2");
2468 MODULE_AUTHOR(DRIVER_AUTHOR);
2469 MODULE_DESCRIPTION(DRIVER_DESC);
2470 MODULE_ALIAS_MISCDEV(VFIO_MINOR);
2471 MODULE_ALIAS("devname:vfio/vfio");
2472 MODULE_SOFTDEP("post: vfio_iommu_type1 vfio_iommu_spapr_tce");
projects / platform / kernel / linux-rpi.git / blob