Merge tag 'vfio-v5.16-rc1' of git://github.com/awilliam/linux-vfio

+2 -1

drivers/bus/fsl-mc/Makefile

··· 15 15 dprc-driver.o \ 16 16 fsl-mc-allocator.o \ 17 17 fsl-mc-msi.o \ 18 - dpmcp.o 18 + dpmcp.o \ 19 + obj-api.o 19 20 20 21 # MC userspace support 21 22 obj-$(CONFIG_FSL_MC_UAPI_SUPPORT) += fsl-mc-uapi.o

+35 -4

drivers/bus/fsl-mc/fsl-mc-private.h

··· 48 48 49 49 /* DPMCP command IDs */ 50 50 #define DPMCP_CMDID_CLOSE DPMCP_CMD(0x800) 51 - #define DPMCP_CMDID_OPEN DPMCP_CMD(0x80b) 52 51 #define DPMCP_CMDID_RESET DPMCP_CMD(0x005) 53 52 54 53 struct dpmcp_cmd_open { ··· 90 91 91 92 /* DPRC command IDs */ 92 93 #define DPRC_CMDID_CLOSE DPRC_CMD(0x800) 93 - #define DPRC_CMDID_OPEN DPRC_CMD(0x805) 94 94 #define DPRC_CMDID_GET_API_VERSION DPRC_CMD(0xa05) 95 95 96 96 #define DPRC_CMDID_GET_ATTR DPRC_CMD(0x004) ··· 451 453 452 454 /* Command IDs */ 453 455 #define DPBP_CMDID_CLOSE DPBP_CMD(0x800) 454 - #define DPBP_CMDID_OPEN DPBP_CMD(0x804) 455 456 456 457 #define DPBP_CMDID_ENABLE DPBP_CMD(0x002) 457 458 #define DPBP_CMDID_DISABLE DPBP_CMD(0x003) ··· 489 492 490 493 /* Command IDs */ 491 494 #define DPCON_CMDID_CLOSE DPCON_CMD(0x800) 492 - #define DPCON_CMDID_OPEN DPCON_CMD(0x808) 493 495 494 496 #define DPCON_CMDID_ENABLE DPCON_CMD(0x002) 495 497 #define DPCON_CMDID_DISABLE DPCON_CMD(0x003) ··· 520 524 __le64 user_ctx; 521 525 }; 522 526 527 + /* 528 + * Generic FSL MC API 529 + */ 530 + 531 + /* generic command versioning */ 532 + #define OBJ_CMD_BASE_VERSION 1 533 + #define OBJ_CMD_ID_OFFSET 4 534 + 535 + #define OBJ_CMD(id) (((id) << OBJ_CMD_ID_OFFSET) | OBJ_CMD_BASE_VERSION) 536 + 537 + /* open command codes */ 538 + #define DPRTC_CMDID_OPEN OBJ_CMD(0x810) 539 + #define DPNI_CMDID_OPEN OBJ_CMD(0x801) 540 + #define DPSW_CMDID_OPEN OBJ_CMD(0x802) 541 + #define DPIO_CMDID_OPEN OBJ_CMD(0x803) 542 + #define DPBP_CMDID_OPEN OBJ_CMD(0x804) 543 + #define DPRC_CMDID_OPEN OBJ_CMD(0x805) 544 + #define DPDMUX_CMDID_OPEN OBJ_CMD(0x806) 545 + #define DPCI_CMDID_OPEN OBJ_CMD(0x807) 546 + #define DPCON_CMDID_OPEN OBJ_CMD(0x808) 547 + #define DPSECI_CMDID_OPEN OBJ_CMD(0x809) 548 + #define DPAIOP_CMDID_OPEN OBJ_CMD(0x80a) 549 + #define DPMCP_CMDID_OPEN OBJ_CMD(0x80b) 550 + #define DPMAC_CMDID_OPEN OBJ_CMD(0x80c) 551 + #define DPDCEI_CMDID_OPEN OBJ_CMD(0x80d) 552 + #define DPDMAI_CMDID_OPEN OBJ_CMD(0x80e) 553 + #define DPDBG_CMDID_OPEN OBJ_CMD(0x80f) 554 + 555 + /* Generic object command IDs */ 556 + #define OBJ_CMDID_CLOSE OBJ_CMD(0x800) 557 + #define OBJ_CMDID_RESET OBJ_CMD(0x005) 558 + 559 + struct fsl_mc_obj_cmd_open { 560 + __le32 obj_id; 561 + }; 523 562 524 563 /** 525 564 * struct fsl_mc_resource_pool - Pool of MC resources of a given

+103

drivers/bus/fsl-mc/obj-api.c

··· 1 + // SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) 2 + /* 3 + * Copyright 2021 NXP 4 + * 5 + */ 6 + #include <linux/kernel.h> 7 + #include <linux/fsl/mc.h> 8 + 9 + #include "fsl-mc-private.h" 10 + 11 + static int fsl_mc_get_open_cmd_id(const char *type) 12 + { 13 + static const struct { 14 + int cmd_id; 15 + const char *type; 16 + } dev_ids[] = { 17 + { DPRTC_CMDID_OPEN, "dprtc" }, 18 + { DPRC_CMDID_OPEN, "dprc" }, 19 + { DPNI_CMDID_OPEN, "dpni" }, 20 + { DPIO_CMDID_OPEN, "dpio" }, 21 + { DPSW_CMDID_OPEN, "dpsw" }, 22 + { DPBP_CMDID_OPEN, "dpbp" }, 23 + { DPCON_CMDID_OPEN, "dpcon" }, 24 + { DPMCP_CMDID_OPEN, "dpmcp" }, 25 + { DPMAC_CMDID_OPEN, "dpmac" }, 26 + { DPSECI_CMDID_OPEN, "dpseci" }, 27 + { DPDMUX_CMDID_OPEN, "dpdmux" }, 28 + { DPDCEI_CMDID_OPEN, "dpdcei" }, 29 + { DPAIOP_CMDID_OPEN, "dpaiop" }, 30 + { DPCI_CMDID_OPEN, "dpci" }, 31 + { DPDMAI_CMDID_OPEN, "dpdmai" }, 32 + { DPDBG_CMDID_OPEN, "dpdbg" }, 33 + { 0, NULL } 34 + }; 35 + int i; 36 + 37 + for (i = 0; dev_ids[i].type; i++) 38 + if (!strcmp(dev_ids[i].type, type)) 39 + return dev_ids[i].cmd_id; 40 + 41 + return -1; 42 + } 43 + 44 + int fsl_mc_obj_open(struct fsl_mc_io *mc_io, 45 + u32 cmd_flags, 46 + int obj_id, 47 + char *obj_type, 48 + u16 *token) 49 + { 50 + struct fsl_mc_command cmd = { 0 }; 51 + struct fsl_mc_obj_cmd_open *cmd_params; 52 + int err = 0; 53 + int cmd_id = fsl_mc_get_open_cmd_id(obj_type); 54 + 55 + if (cmd_id == -1) 56 + return -ENODEV; 57 + 58 + /* prepare command */ 59 + cmd.header = mc_encode_cmd_header(cmd_id, cmd_flags, 0); 60 + cmd_params = (struct fsl_mc_obj_cmd_open *)cmd.params; 61 + cmd_params->obj_id = cpu_to_le32(obj_id); 62 + 63 + /* send command to mc*/ 64 + err = mc_send_command(mc_io, &cmd); 65 + if (err) 66 + return err; 67 + 68 + /* retrieve response parameters */ 69 + *token = mc_cmd_hdr_read_token(&cmd); 70 + 71 + return err; 72 + } 73 + EXPORT_SYMBOL_GPL(fsl_mc_obj_open); 74 + 75 + int fsl_mc_obj_close(struct fsl_mc_io *mc_io, 76 + u32 cmd_flags, 77 + u16 token) 78 + { 79 + struct fsl_mc_command cmd = { 0 }; 80 + 81 + /* prepare command */ 82 + cmd.header = mc_encode_cmd_header(OBJ_CMDID_CLOSE, cmd_flags, 83 + token); 84 + 85 + /* send command to mc*/ 86 + return mc_send_command(mc_io, &cmd); 87 + } 88 + EXPORT_SYMBOL_GPL(fsl_mc_obj_close); 89 + 90 + int fsl_mc_obj_reset(struct fsl_mc_io *mc_io, 91 + u32 cmd_flags, 92 + u16 token) 93 + { 94 + struct fsl_mc_command cmd = { 0 }; 95 + 96 + /* prepare command */ 97 + cmd.header = mc_encode_cmd_header(OBJ_CMDID_RESET, cmd_flags, 98 + token); 99 + 100 + /* send command to mc*/ 101 + return mc_send_command(mc_io, &cmd); 102 + } 103 + EXPORT_SYMBOL_GPL(fsl_mc_obj_reset);

+92 -66

drivers/s390/cio/vfio_ccw_drv.c

··· 137 137 vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_INTERRUPT); 138 138 } 139 139 140 - static void vfio_ccw_free_regions(struct vfio_ccw_private *private) 140 + static struct vfio_ccw_private *vfio_ccw_alloc_private(struct subchannel *sch) 141 141 { 142 - if (private->crw_region) 143 - kmem_cache_free(vfio_ccw_crw_region, private->crw_region); 144 - if (private->schib_region) 145 - kmem_cache_free(vfio_ccw_schib_region, private->schib_region); 146 - if (private->cmd_region) 147 - kmem_cache_free(vfio_ccw_cmd_region, private->cmd_region); 148 - if (private->io_region) 149 - kmem_cache_free(vfio_ccw_io_region, private->io_region); 142 + struct vfio_ccw_private *private; 143 + 144 + private = kzalloc(sizeof(*private), GFP_KERNEL); 145 + if (!private) 146 + return ERR_PTR(-ENOMEM); 147 + 148 + private->sch = sch; 149 + mutex_init(&private->io_mutex); 150 + private->state = VFIO_CCW_STATE_NOT_OPER; 151 + INIT_LIST_HEAD(&private->crw); 152 + INIT_WORK(&private->io_work, vfio_ccw_sch_io_todo); 153 + INIT_WORK(&private->crw_work, vfio_ccw_crw_todo); 154 + atomic_set(&private->avail, 1); 155 + 156 + private->cp.guest_cp = kcalloc(CCWCHAIN_LEN_MAX, sizeof(struct ccw1), 157 + GFP_KERNEL); 158 + if (!private->cp.guest_cp) 159 + goto out_free_private; 160 + 161 + private->io_region = kmem_cache_zalloc(vfio_ccw_io_region, 162 + GFP_KERNEL | GFP_DMA); 163 + if (!private->io_region) 164 + goto out_free_cp; 165 + 166 + private->cmd_region = kmem_cache_zalloc(vfio_ccw_cmd_region, 167 + GFP_KERNEL | GFP_DMA); 168 + if (!private->cmd_region) 169 + goto out_free_io; 170 + 171 + private->schib_region = kmem_cache_zalloc(vfio_ccw_schib_region, 172 + GFP_KERNEL | GFP_DMA); 173 + 174 + if (!private->schib_region) 175 + goto out_free_cmd; 176 + 177 + private->crw_region = kmem_cache_zalloc(vfio_ccw_crw_region, 178 + GFP_KERNEL | GFP_DMA); 179 + 180 + if (!private->crw_region) 181 + goto out_free_schib; 182 + return private; 183 + 184 + out_free_schib: 185 + kmem_cache_free(vfio_ccw_schib_region, private->schib_region); 186 + out_free_cmd: 187 + kmem_cache_free(vfio_ccw_cmd_region, private->cmd_region); 188 + out_free_io: 189 + kmem_cache_free(vfio_ccw_io_region, private->io_region); 190 + out_free_cp: 191 + kfree(private->cp.guest_cp); 192 + out_free_private: 193 + mutex_destroy(&private->io_mutex); 194 + kfree(private); 195 + return ERR_PTR(-ENOMEM); 196 + } 197 + 198 + static void vfio_ccw_free_private(struct vfio_ccw_private *private) 199 + { 200 + struct vfio_ccw_crw *crw, *temp; 201 + 202 + list_for_each_entry_safe(crw, temp, &private->crw, next) { 203 + list_del(&crw->next); 204 + kfree(crw); 205 + } 206 + 207 + kmem_cache_free(vfio_ccw_crw_region, private->crw_region); 208 + kmem_cache_free(vfio_ccw_schib_region, private->schib_region); 209 + kmem_cache_free(vfio_ccw_cmd_region, private->cmd_region); 210 + kmem_cache_free(vfio_ccw_io_region, private->io_region); 211 + kfree(private->cp.guest_cp); 212 + mutex_destroy(&private->io_mutex); 213 + kfree(private); 150 214 } 151 215 152 216 static int vfio_ccw_sch_probe(struct subchannel *sch) ··· 225 161 return -ENODEV; 226 162 } 227 163 228 - private = kzalloc(sizeof(*private), GFP_KERNEL | GFP_DMA); 229 - if (!private) 230 - return -ENOMEM; 164 + private = vfio_ccw_alloc_private(sch); 165 + if (IS_ERR(private)) 166 + return PTR_ERR(private); 231 167 232 - private->cp.guest_cp = kcalloc(CCWCHAIN_LEN_MAX, sizeof(struct ccw1), 233 - GFP_KERNEL); 234 - if (!private->cp.guest_cp) 235 - goto out_free; 236 - 237 - private->io_region = kmem_cache_zalloc(vfio_ccw_io_region, 238 - GFP_KERNEL | GFP_DMA); 239 - if (!private->io_region) 240 - goto out_free; 241 - 242 - private->cmd_region = kmem_cache_zalloc(vfio_ccw_cmd_region, 243 - GFP_KERNEL | GFP_DMA); 244 - if (!private->cmd_region) 245 - goto out_free; 246 - 247 - private->schib_region = kmem_cache_zalloc(vfio_ccw_schib_region, 248 - GFP_KERNEL | GFP_DMA); 249 - 250 - if (!private->schib_region) 251 - goto out_free; 252 - 253 - private->crw_region = kmem_cache_zalloc(vfio_ccw_crw_region, 254 - GFP_KERNEL | GFP_DMA); 255 - 256 - if (!private->crw_region) 257 - goto out_free; 258 - 259 - private->sch = sch; 260 168 dev_set_drvdata(&sch->dev, private); 261 - mutex_init(&private->io_mutex); 262 169 263 170 spin_lock_irq(sch->lock); 264 - private->state = VFIO_CCW_STATE_NOT_OPER; 265 171 sch->isc = VFIO_CCW_ISC; 266 172 ret = cio_enable_subchannel(sch, (u32)(unsigned long)sch); 267 173 spin_unlock_irq(sch->lock); 268 174 if (ret) 269 175 goto out_free; 270 176 271 - INIT_LIST_HEAD(&private->crw); 272 - INIT_WORK(&private->io_work, vfio_ccw_sch_io_todo); 273 - INIT_WORK(&private->crw_work, vfio_ccw_crw_todo); 274 - atomic_set(&private->avail, 1); 275 177 private->state = VFIO_CCW_STATE_STANDBY; 276 178 277 179 ret = vfio_ccw_mdev_reg(sch); ··· 258 228 cio_disable_subchannel(sch); 259 229 out_free: 260 230 dev_set_drvdata(&sch->dev, NULL); 261 - vfio_ccw_free_regions(private); 262 - kfree(private->cp.guest_cp); 263 - kfree(private); 231 + vfio_ccw_free_private(private); 264 232 return ret; 265 233 } 266 234 267 235 static void vfio_ccw_sch_remove(struct subchannel *sch) 268 236 { 269 237 struct vfio_ccw_private *private = dev_get_drvdata(&sch->dev); 270 - struct vfio_ccw_crw *crw, *temp; 271 238 272 239 vfio_ccw_sch_quiesce(sch); 273 - 274 - list_for_each_entry_safe(crw, temp, &private->crw, next) { 275 - list_del(&crw->next); 276 - kfree(crw); 277 - } 278 - 279 240 vfio_ccw_mdev_unreg(sch); 280 241 281 242 dev_set_drvdata(&sch->dev, NULL); 282 243 283 - vfio_ccw_free_regions(private); 284 - kfree(private->cp.guest_cp); 285 - kfree(private); 244 + vfio_ccw_free_private(private); 286 245 287 246 VFIO_CCW_MSG_EVENT(4, "unbound from subchannel %x.%x.%04x\n", 288 247 sch->schid.cssid, sch->schid.ssid, ··· 468 449 vfio_ccw_work_q = create_singlethread_workqueue("vfio-ccw"); 469 450 if (!vfio_ccw_work_q) { 470 451 ret = -ENOMEM; 471 - goto out_err; 452 + goto out_regions; 472 453 } 473 454 474 455 vfio_ccw_io_region = kmem_cache_create_usercopy("vfio_ccw_io_region", ··· 477 458 sizeof(struct ccw_io_region), NULL); 478 459 if (!vfio_ccw_io_region) { 479 460 ret = -ENOMEM; 480 - goto out_err; 461 + goto out_regions; 481 462 } 482 463 483 464 vfio_ccw_cmd_region = kmem_cache_create_usercopy("vfio_ccw_cmd_region", ··· 486 467 sizeof(struct ccw_cmd_region), NULL); 487 468 if (!vfio_ccw_cmd_region) { 488 469 ret = -ENOMEM; 489 - goto out_err; 470 + goto out_regions; 490 471 } 491 472 492 473 vfio_ccw_schib_region = kmem_cache_create_usercopy("vfio_ccw_schib_region", ··· 496 477 497 478 if (!vfio_ccw_schib_region) { 498 479 ret = -ENOMEM; 499 - goto out_err; 480 + goto out_regions; 500 481 } 501 482 502 483 vfio_ccw_crw_region = kmem_cache_create_usercopy("vfio_ccw_crw_region", ··· 506 487 507 488 if (!vfio_ccw_crw_region) { 508 489 ret = -ENOMEM; 509 - goto out_err; 490 + goto out_regions; 510 491 } 492 + 493 + ret = mdev_register_driver(&vfio_ccw_mdev_driver); 494 + if (ret) 495 + goto out_regions; 511 496 512 497 isc_register(VFIO_CCW_ISC); 513 498 ret = css_driver_register(&vfio_ccw_sch_driver); 514 499 if (ret) { 515 500 isc_unregister(VFIO_CCW_ISC); 516 - goto out_err; 501 + goto out_driver; 517 502 } 518 503 519 504 return ret; 520 505 521 - out_err: 506 + out_driver: 507 + mdev_unregister_driver(&vfio_ccw_mdev_driver); 508 + out_regions: 522 509 vfio_ccw_destroy_regions(); 523 510 destroy_workqueue(vfio_ccw_work_q); 524 511 vfio_ccw_debug_exit(); ··· 534 509 static void __exit vfio_ccw_sch_exit(void) 535 510 { 536 511 css_driver_unregister(&vfio_ccw_sch_driver); 512 + mdev_unregister_driver(&vfio_ccw_mdev_driver); 537 513 isc_unregister(VFIO_CCW_ISC); 538 514 vfio_ccw_destroy_regions(); 539 515 destroy_workqueue(vfio_ccw_work_q);

+80 -62

drivers/s390/cio/vfio_ccw_ops.c

··· 17 17 18 18 #include "vfio_ccw_private.h" 19 19 20 - static int vfio_ccw_mdev_reset(struct mdev_device *mdev) 20 + static const struct vfio_device_ops vfio_ccw_dev_ops; 21 + 22 + static int vfio_ccw_mdev_reset(struct vfio_ccw_private *private) 21 23 { 22 - struct vfio_ccw_private *private; 23 24 struct subchannel *sch; 24 25 int ret; 25 26 26 - private = dev_get_drvdata(mdev_parent_dev(mdev)); 27 27 sch = private->sch; 28 28 /* 29 29 * TODO: ··· 61 61 if (!cp_iova_pinned(&private->cp, unmap->iova)) 62 62 return NOTIFY_OK; 63 63 64 - if (vfio_ccw_mdev_reset(private->mdev)) 64 + if (vfio_ccw_mdev_reset(private)) 65 65 return NOTIFY_BAD; 66 66 67 67 cp_free(&private->cp); ··· 113 113 NULL, 114 114 }; 115 115 116 - static int vfio_ccw_mdev_create(struct mdev_device *mdev) 116 + static int vfio_ccw_mdev_probe(struct mdev_device *mdev) 117 117 { 118 - struct vfio_ccw_private *private = 119 - dev_get_drvdata(mdev_parent_dev(mdev)); 118 + struct vfio_ccw_private *private = dev_get_drvdata(mdev->dev.parent); 119 + int ret; 120 120 121 121 if (private->state == VFIO_CCW_STATE_NOT_OPER) 122 122 return -ENODEV; 123 123 124 124 if (atomic_dec_if_positive(&private->avail) < 0) 125 125 return -EPERM; 126 + 127 + memset(&private->vdev, 0, sizeof(private->vdev)); 128 + vfio_init_group_dev(&private->vdev, &mdev->dev, 129 + &vfio_ccw_dev_ops); 126 130 127 131 private->mdev = mdev; 128 132 private->state = VFIO_CCW_STATE_IDLE; ··· 136 132 private->sch->schid.ssid, 137 133 private->sch->schid.sch_no); 138 134 135 + ret = vfio_register_emulated_iommu_dev(&private->vdev); 136 + if (ret) 137 + goto err_atomic; 138 + dev_set_drvdata(&mdev->dev, private); 139 139 return 0; 140 + 141 + err_atomic: 142 + vfio_uninit_group_dev(&private->vdev); 143 + atomic_inc(&private->avail); 144 + private->mdev = NULL; 145 + private->state = VFIO_CCW_STATE_IDLE; 146 + return ret; 140 147 } 141 148 142 - static int vfio_ccw_mdev_remove(struct mdev_device *mdev) 149 + static void vfio_ccw_mdev_remove(struct mdev_device *mdev) 143 150 { 144 - struct vfio_ccw_private *private = 145 - dev_get_drvdata(mdev_parent_dev(mdev)); 151 + struct vfio_ccw_private *private = dev_get_drvdata(mdev->dev.parent); 146 152 147 153 VFIO_CCW_MSG_EVENT(2, "mdev %pUl, sch %x.%x.%04x: remove\n", 148 154 mdev_uuid(mdev), private->sch->schid.cssid, 149 155 private->sch->schid.ssid, 150 156 private->sch->schid.sch_no); 157 + 158 + vfio_unregister_group_dev(&private->vdev); 151 159 152 160 if ((private->state != VFIO_CCW_STATE_NOT_OPER) && 153 161 (private->state != VFIO_CCW_STATE_STANDBY)) { ··· 168 152 /* The state will be NOT_OPER on error. */ 169 153 } 170 154 155 + vfio_uninit_group_dev(&private->vdev); 171 156 cp_free(&private->cp); 172 157 private->mdev = NULL; 173 158 atomic_inc(&private->avail); 174 - 175 - return 0; 176 159 } 177 160 178 - static int vfio_ccw_mdev_open_device(struct mdev_device *mdev) 161 + static int vfio_ccw_mdev_open_device(struct vfio_device *vdev) 179 162 { 180 163 struct vfio_ccw_private *private = 181 - dev_get_drvdata(mdev_parent_dev(mdev)); 164 + container_of(vdev, struct vfio_ccw_private, vdev); 182 165 unsigned long events = VFIO_IOMMU_NOTIFY_DMA_UNMAP; 183 166 int ret; 184 167 185 168 private->nb.notifier_call = vfio_ccw_mdev_notifier; 186 169 187 - ret = vfio_register_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, 170 + ret = vfio_register_notifier(vdev->dev, VFIO_IOMMU_NOTIFY, 188 171 &events, &private->nb); 189 172 if (ret) 190 173 return ret; ··· 204 189 205 190 out_unregister: 206 191 vfio_ccw_unregister_dev_regions(private); 207 - vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, 192 + vfio_unregister_notifier(vdev->dev, VFIO_IOMMU_NOTIFY, 208 193 &private->nb); 209 194 return ret; 210 195 } 211 196 212 - static void vfio_ccw_mdev_close_device(struct mdev_device *mdev) 197 + static void vfio_ccw_mdev_close_device(struct vfio_device *vdev) 213 198 { 214 199 struct vfio_ccw_private *private = 215 - dev_get_drvdata(mdev_parent_dev(mdev)); 200 + container_of(vdev, struct vfio_ccw_private, vdev); 216 201 217 202 if ((private->state != VFIO_CCW_STATE_NOT_OPER) && 218 203 (private->state != VFIO_CCW_STATE_STANDBY)) { 219 - if (!vfio_ccw_mdev_reset(mdev)) 204 + if (!vfio_ccw_mdev_reset(private)) 220 205 private->state = VFIO_CCW_STATE_STANDBY; 221 206 /* The state will be NOT_OPER on error. */ 222 207 } 223 208 224 209 cp_free(&private->cp); 225 210 vfio_ccw_unregister_dev_regions(private); 226 - vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY, 227 - &private->nb); 211 + vfio_unregister_notifier(vdev->dev, VFIO_IOMMU_NOTIFY, &private->nb); 228 212 } 229 213 230 214 static ssize_t vfio_ccw_mdev_read_io_region(struct vfio_ccw_private *private, ··· 247 233 return ret; 248 234 } 249 235 250 - static ssize_t vfio_ccw_mdev_read(struct mdev_device *mdev, 236 + static ssize_t vfio_ccw_mdev_read(struct vfio_device *vdev, 251 237 char __user *buf, 252 238 size_t count, 253 239 loff_t *ppos) 254 240 { 241 + struct vfio_ccw_private *private = 242 + container_of(vdev, struct vfio_ccw_private, vdev); 255 243 unsigned int index = VFIO_CCW_OFFSET_TO_INDEX(*ppos); 256 - struct vfio_ccw_private *private; 257 - 258 - private = dev_get_drvdata(mdev_parent_dev(mdev)); 259 244 260 245 if (index >= VFIO_CCW_NUM_REGIONS + private->num_regions) 261 246 return -EINVAL; ··· 299 286 return ret; 300 287 } 301 288 302 - static ssize_t vfio_ccw_mdev_write(struct mdev_device *mdev, 289 + static ssize_t vfio_ccw_mdev_write(struct vfio_device *vdev, 303 290 const char __user *buf, 304 291 size_t count, 305 292 loff_t *ppos) 306 293 { 294 + struct vfio_ccw_private *private = 295 + container_of(vdev, struct vfio_ccw_private, vdev); 307 296 unsigned int index = VFIO_CCW_OFFSET_TO_INDEX(*ppos); 308 - struct vfio_ccw_private *private; 309 - 310 - private = dev_get_drvdata(mdev_parent_dev(mdev)); 311 297 312 298 if (index >= VFIO_CCW_NUM_REGIONS + private->num_regions) 313 299 return -EINVAL; ··· 323 311 return -EINVAL; 324 312 } 325 313 326 - static int vfio_ccw_mdev_get_device_info(struct vfio_device_info *info, 327 - struct mdev_device *mdev) 314 + static int vfio_ccw_mdev_get_device_info(struct vfio_ccw_private *private, 315 + struct vfio_device_info *info) 328 316 { 329 - struct vfio_ccw_private *private; 330 - 331 - private = dev_get_drvdata(mdev_parent_dev(mdev)); 332 317 info->flags = VFIO_DEVICE_FLAGS_CCW | VFIO_DEVICE_FLAGS_RESET; 333 318 info->num_regions = VFIO_CCW_NUM_REGIONS + private->num_regions; 334 319 info->num_irqs = VFIO_CCW_NUM_IRQS; ··· 333 324 return 0; 334 325 } 335 326 336 - static int vfio_ccw_mdev_get_region_info(struct vfio_region_info *info, 337 - struct mdev_device *mdev, 327 + static int vfio_ccw_mdev_get_region_info(struct vfio_ccw_private *private, 328 + struct vfio_region_info *info, 338 329 unsigned long arg) 339 330 { 340 - struct vfio_ccw_private *private; 341 331 int i; 342 332 343 - private = dev_get_drvdata(mdev_parent_dev(mdev)); 344 333 switch (info->index) { 345 334 case VFIO_CCW_CONFIG_REGION_INDEX: 346 335 info->offset = 0; ··· 413 406 return 0; 414 407 } 415 408 416 - static int vfio_ccw_mdev_set_irqs(struct mdev_device *mdev, 409 + static int vfio_ccw_mdev_set_irqs(struct vfio_ccw_private *private, 417 410 uint32_t flags, 418 411 uint32_t index, 419 412 void __user *data) 420 413 { 421 - struct vfio_ccw_private *private; 422 414 struct eventfd_ctx **ctx; 423 415 424 416 if (!(flags & VFIO_IRQ_SET_ACTION_TRIGGER)) 425 417 return -EINVAL; 426 - 427 - private = dev_get_drvdata(mdev_parent_dev(mdev)); 428 418 429 419 switch (index) { 430 420 case VFIO_CCW_IO_IRQ_INDEX: ··· 524 520 private->region = NULL; 525 521 } 526 522 527 - static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev, 523 + static ssize_t vfio_ccw_mdev_ioctl(struct vfio_device *vdev, 528 524 unsigned int cmd, 529 525 unsigned long arg) 530 526 { 527 + struct vfio_ccw_private *private = 528 + container_of(vdev, struct vfio_ccw_private, vdev); 531 529 int ret = 0; 532 530 unsigned long minsz; 533 531 ··· 546 540 if (info.argsz < minsz) 547 541 return -EINVAL; 548 542 549 - ret = vfio_ccw_mdev_get_device_info(&info, mdev); 543 + ret = vfio_ccw_mdev_get_device_info(private, &info); 550 544 if (ret) 551 545 return ret; 552 546 ··· 564 558 if (info.argsz < minsz) 565 559 return -EINVAL; 566 560 567 - ret = vfio_ccw_mdev_get_region_info(&info, mdev, arg); 561 + ret = vfio_ccw_mdev_get_region_info(private, &info, arg); 568 562 if (ret) 569 563 return ret; 570 564 ··· 609 603 return ret; 610 604 611 605 data = (void __user *)(arg + minsz); 612 - return vfio_ccw_mdev_set_irqs(mdev, hdr.flags, hdr.index, data); 606 + return vfio_ccw_mdev_set_irqs(private, hdr.flags, hdr.index, 607 + data); 613 608 } 614 609 case VFIO_DEVICE_RESET: 615 - return vfio_ccw_mdev_reset(mdev); 610 + return vfio_ccw_mdev_reset(private); 616 611 default: 617 612 return -ENOTTY; 618 613 } 619 614 } 620 615 621 616 /* Request removal of the device*/ 622 - static void vfio_ccw_mdev_request(struct mdev_device *mdev, unsigned int count) 617 + static void vfio_ccw_mdev_request(struct vfio_device *vdev, unsigned int count) 623 618 { 624 - struct vfio_ccw_private *private = dev_get_drvdata(mdev_parent_dev(mdev)); 625 - 626 - if (!private) 627 - return; 619 + struct vfio_ccw_private *private = 620 + container_of(vdev, struct vfio_ccw_private, vdev); 621 + struct device *dev = vdev->dev; 628 622 629 623 if (private->req_trigger) { 630 624 if (!(count % 10)) 631 - dev_notice_ratelimited(mdev_dev(private->mdev), 625 + dev_notice_ratelimited(dev, 632 626 "Relaying device request to user (#%u)\n", 633 627 count); 634 628 635 629 eventfd_signal(private->req_trigger, 1); 636 630 } else if (count == 0) { 637 - dev_notice(mdev_dev(private->mdev), 631 + dev_notice(dev, 638 632 "No device request channel registered, blocked until released by user\n"); 639 633 } 640 634 } 641 635 636 + static const struct vfio_device_ops vfio_ccw_dev_ops = { 637 + .open_device = vfio_ccw_mdev_open_device, 638 + .close_device = vfio_ccw_mdev_close_device, 639 + .read = vfio_ccw_mdev_read, 640 + .write = vfio_ccw_mdev_write, 641 + .ioctl = vfio_ccw_mdev_ioctl, 642 + .request = vfio_ccw_mdev_request, 643 + }; 644 + 645 + struct mdev_driver vfio_ccw_mdev_driver = { 646 + .driver = { 647 + .name = "vfio_ccw_mdev", 648 + .owner = THIS_MODULE, 649 + .mod_name = KBUILD_MODNAME, 650 + }, 651 + .probe = vfio_ccw_mdev_probe, 652 + .remove = vfio_ccw_mdev_remove, 653 + }; 654 + 642 655 static const struct mdev_parent_ops vfio_ccw_mdev_ops = { 643 656 .owner = THIS_MODULE, 657 + .device_driver = &vfio_ccw_mdev_driver, 644 658 .supported_type_groups = mdev_type_groups, 645 - .create = vfio_ccw_mdev_create, 646 - .remove = vfio_ccw_mdev_remove, 647 - .open_device = vfio_ccw_mdev_open_device, 648 - .close_device = vfio_ccw_mdev_close_device, 649 - .read = vfio_ccw_mdev_read, 650 - .write = vfio_ccw_mdev_write, 651 - .ioctl = vfio_ccw_mdev_ioctl, 652 - .request = vfio_ccw_mdev_request, 653 659 }; 654 660 655 661 int vfio_ccw_mdev_reg(struct subchannel *sch)

+5

drivers/s390/cio/vfio_ccw_private.h

··· 17 17 #include <linux/eventfd.h> 18 18 #include <linux/workqueue.h> 19 19 #include <linux/vfio_ccw.h> 20 + #include <linux/vfio.h> 20 21 #include <asm/crw.h> 21 22 #include <asm/debug.h> 22 23 ··· 68 67 69 68 /** 70 69 * struct vfio_ccw_private 70 + * @vdev: Embedded VFIO device 71 71 * @sch: pointer to the subchannel 72 72 * @state: internal state of the device 73 73 * @completion: synchronization helper of the I/O completion ··· 92 90 * @crw_work: work for deferral process of CRW handling 93 91 */ 94 92 struct vfio_ccw_private { 93 + struct vfio_device vdev; 95 94 struct subchannel *sch; 96 95 int state; 97 96 struct completion *completion; ··· 123 120 extern void vfio_ccw_mdev_unreg(struct subchannel *sch); 124 121 125 122 extern int vfio_ccw_sch_quiesce(struct subchannel *sch); 123 + 124 + extern struct mdev_driver vfio_ccw_mdev_driver; 126 125 127 126 /* 128 127 * States of the device statemachine.

+1 -1

drivers/s390/crypto/vfio_ap_ops.c

··· 351 351 list_add(&matrix_mdev->node, &matrix_dev->mdev_list); 352 352 mutex_unlock(&matrix_dev->lock); 353 353 354 - ret = vfio_register_group_dev(&matrix_mdev->vdev); 354 + ret = vfio_register_emulated_iommu_dev(&matrix_mdev->vdev); 355 355 if (ret) 356 356 goto err_list; 357 357 dev_set_drvdata(&mdev->dev, matrix_mdev);

+32 -30

drivers/vfio/fsl-mc/vfio_fsl_mc.c

··· 65 65 kfree(vdev->regions); 66 66 } 67 67 68 + static int vfio_fsl_mc_reset_device(struct vfio_fsl_mc_device *vdev) 69 + { 70 + struct fsl_mc_device *mc_dev = vdev->mc_dev; 71 + int ret = 0; 72 + 73 + if (is_fsl_mc_bus_dprc(vdev->mc_dev)) { 74 + return dprc_reset_container(mc_dev->mc_io, 0, 75 + mc_dev->mc_handle, 76 + mc_dev->obj_desc.id, 77 + DPRC_RESET_OPTION_NON_RECURSIVE); 78 + } else { 79 + u16 token; 80 + 81 + ret = fsl_mc_obj_open(mc_dev->mc_io, 0, mc_dev->obj_desc.id, 82 + mc_dev->obj_desc.type, 83 + &token); 84 + if (ret) 85 + goto out; 86 + ret = fsl_mc_obj_reset(mc_dev->mc_io, 0, token); 87 + if (ret) { 88 + fsl_mc_obj_close(mc_dev->mc_io, 0, token); 89 + goto out; 90 + } 91 + ret = fsl_mc_obj_close(mc_dev->mc_io, 0, token); 92 + } 93 + out: 94 + return ret; 95 + } 68 96 69 97 static void vfio_fsl_mc_close_device(struct vfio_device *core_vdev) 70 98 { ··· 106 78 vfio_fsl_mc_regions_cleanup(vdev); 107 79 108 80 /* reset the device before cleaning up the interrupts */ 109 - ret = dprc_reset_container(mc_cont->mc_io, 0, mc_cont->mc_handle, 110 - mc_cont->obj_desc.id, 111 - DPRC_RESET_OPTION_NON_RECURSIVE); 81 + ret = vfio_fsl_mc_reset_device(vdev); 112 82 113 83 if (WARN_ON(ret)) 114 84 dev_warn(&mc_cont->dev, ··· 229 203 } 230 204 case VFIO_DEVICE_RESET: 231 205 { 232 - int ret; 233 - struct fsl_mc_device *mc_dev = vdev->mc_dev; 234 - 235 - /* reset is supported only for the DPRC */ 236 - if (!is_fsl_mc_bus_dprc(mc_dev)) 237 - return -ENOTTY; 238 - 239 - ret = dprc_reset_container(mc_dev->mc_io, 0, 240 - mc_dev->mc_handle, 241 - mc_dev->obj_desc.id, 242 - DPRC_RESET_OPTION_NON_RECURSIVE); 243 - return ret; 206 + return vfio_fsl_mc_reset_device(vdev); 244 207 245 208 } 246 209 default: ··· 520 505 521 506 static int vfio_fsl_mc_probe(struct fsl_mc_device *mc_dev) 522 507 { 523 - struct iommu_group *group; 524 508 struct vfio_fsl_mc_device *vdev; 525 509 struct device *dev = &mc_dev->dev; 526 510 int ret; 527 511 528 - group = vfio_iommu_group_get(dev); 529 - if (!group) { 530 - dev_err(dev, "VFIO_FSL_MC: No IOMMU group\n"); 531 - return -EINVAL; 532 - } 533 - 534 512 vdev = kzalloc(sizeof(*vdev), GFP_KERNEL); 535 - if (!vdev) { 536 - ret = -ENOMEM; 537 - goto out_group_put; 538 - } 513 + if (!vdev) 514 + return -ENOMEM; 539 515 540 516 vfio_init_group_dev(&vdev->vdev, dev, &vfio_fsl_mc_ops); 541 517 vdev->mc_dev = mc_dev; ··· 562 556 out_uninit: 563 557 vfio_uninit_group_dev(&vdev->vdev); 564 558 kfree(vdev); 565 - out_group_put: 566 - vfio_iommu_group_put(group, dev); 567 559 return ret; 568 560 } 569 561 ··· 578 574 579 575 vfio_uninit_group_dev(&vdev->vdev); 580 576 kfree(vdev); 581 - vfio_iommu_group_put(mc_dev->dev.iommu_group, dev); 582 - 583 577 return 0; 584 578 } 585 579

+4 -41

drivers/vfio/mdev/mdev_driver.c

··· 13 13 14 14 #include "mdev_private.h" 15 15 16 - static int mdev_attach_iommu(struct mdev_device *mdev) 17 - { 18 - int ret; 19 - struct iommu_group *group; 20 - 21 - group = iommu_group_alloc(); 22 - if (IS_ERR(group)) 23 - return PTR_ERR(group); 24 - 25 - ret = iommu_group_add_device(group, &mdev->dev); 26 - if (!ret) 27 - dev_info(&mdev->dev, "MDEV: group_id = %d\n", 28 - iommu_group_id(group)); 29 - 30 - iommu_group_put(group); 31 - return ret; 32 - } 33 - 34 - static void mdev_detach_iommu(struct mdev_device *mdev) 35 - { 36 - iommu_group_remove_device(&mdev->dev); 37 - dev_info(&mdev->dev, "MDEV: detaching iommu\n"); 38 - } 39 - 40 16 static int mdev_probe(struct device *dev) 41 17 { 42 18 struct mdev_driver *drv = 43 19 container_of(dev->driver, struct mdev_driver, driver); 44 - struct mdev_device *mdev = to_mdev_device(dev); 45 - int ret; 46 20 47 - ret = mdev_attach_iommu(mdev); 48 - if (ret) 49 - return ret; 50 - 51 - if (drv->probe) { 52 - ret = drv->probe(mdev); 53 - if (ret) 54 - mdev_detach_iommu(mdev); 55 - } 56 - 57 - return ret; 21 + if (!drv->probe) 22 + return 0; 23 + return drv->probe(to_mdev_device(dev)); 58 24 } 59 25 60 26 static void mdev_remove(struct device *dev) 61 27 { 62 28 struct mdev_driver *drv = 63 29 container_of(dev->driver, struct mdev_driver, driver); 64 - struct mdev_device *mdev = to_mdev_device(dev); 65 30 66 31 if (drv->remove) 67 - drv->remove(mdev); 68 - 69 - mdev_detach_iommu(mdev); 32 + drv->remove(to_mdev_device(dev)); 70 33 } 71 34 72 35 static int mdev_match(struct device *dev, struct device_driver *drv)

+1 -1

drivers/vfio/mdev/vfio_mdev.c

··· 119 119 return -ENOMEM; 120 120 121 121 vfio_init_group_dev(vdev, &mdev->dev, &vfio_mdev_dev_ops); 122 - ret = vfio_register_group_dev(vdev); 122 + ret = vfio_register_emulated_iommu_dev(vdev); 123 123 if (ret) 124 124 goto out_uninit; 125 125

+2 -11

drivers/vfio/pci/vfio_pci_core.c

··· 1806 1806 int vfio_pci_core_register_device(struct vfio_pci_core_device *vdev) 1807 1807 { 1808 1808 struct pci_dev *pdev = vdev->pdev; 1809 - struct iommu_group *group; 1810 1809 int ret; 1811 1810 1812 1811 if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL) ··· 1824 1825 return -EBUSY; 1825 1826 } 1826 1827 1827 - group = vfio_iommu_group_get(&pdev->dev); 1828 - if (!group) 1829 - return -EINVAL; 1830 - 1831 1828 if (pci_is_root_bus(pdev->bus)) { 1832 1829 ret = vfio_assign_device_set(&vdev->vdev, vdev); 1833 1830 } else if (!pci_probe_reset_slot(pdev->slot)) { ··· 1837 1842 } 1838 1843 1839 1844 if (ret) 1840 - goto out_group_put; 1845 + return ret; 1841 1846 ret = vfio_pci_vf_init(vdev); 1842 1847 if (ret) 1843 - goto out_group_put; 1848 + return ret; 1844 1849 ret = vfio_pci_vga_init(vdev); 1845 1850 if (ret) 1846 1851 goto out_vf; ··· 1871 1876 vfio_pci_set_power_state(vdev, PCI_D0); 1872 1877 out_vf: 1873 1878 vfio_pci_vf_uninit(vdev); 1874 - out_group_put: 1875 - vfio_iommu_group_put(group, &pdev->dev); 1876 1879 return ret; 1877 1880 } 1878 1881 EXPORT_SYMBOL_GPL(vfio_pci_core_register_device); ··· 1885 1892 1886 1893 vfio_pci_vf_uninit(vdev); 1887 1894 vfio_pci_vga_uninit(vdev); 1888 - 1889 - vfio_iommu_group_put(pdev->dev.iommu_group, &pdev->dev); 1890 1895 1891 1896 if (!disable_idle_d3) 1892 1897 vfio_pci_set_power_state(vdev, PCI_D0);

+176 -60

drivers/vfio/pci/vfio_pci_igd.c

··· 25 25 #define OPREGION_RVDS 0x3c2 26 26 #define OPREGION_VERSION 0x16 27 27 28 + struct igd_opregion_vbt { 29 + void *opregion; 30 + void *vbt_ex; 31 + }; 32 + 33 + /** 34 + * igd_opregion_shift_copy() - Copy OpRegion to user buffer and shift position. 35 + * @dst: User buffer ptr to copy to. 36 + * @off: Offset to user buffer ptr. Increased by bytes on return. 37 + * @src: Source buffer to copy from. 38 + * @pos: Increased by bytes on return. 39 + * @remaining: Decreased by bytes on return. 40 + * @bytes: Bytes to copy and adjust off, pos and remaining. 41 + * 42 + * Copy OpRegion to offset from specific source ptr and shift the offset. 43 + * 44 + * Return: 0 on success, -EFAULT otherwise. 45 + * 46 + */ 47 + static inline unsigned long igd_opregion_shift_copy(char __user *dst, 48 + loff_t *off, 49 + void *src, 50 + loff_t *pos, 51 + size_t *remaining, 52 + size_t bytes) 53 + { 54 + if (copy_to_user(dst + (*off), src, bytes)) 55 + return -EFAULT; 56 + 57 + *off += bytes; 58 + *pos += bytes; 59 + *remaining -= bytes; 60 + 61 + return 0; 62 + } 63 + 28 64 static ssize_t vfio_pci_igd_rw(struct vfio_pci_core_device *vdev, 29 65 char __user *buf, size_t count, loff_t *ppos, 30 66 bool iswrite) 31 67 { 32 68 unsigned int i = VFIO_PCI_OFFSET_TO_INDEX(*ppos) - VFIO_PCI_NUM_REGIONS; 33 - void *base = vdev->region[i].data; 34 - loff_t pos = *ppos & VFIO_PCI_OFFSET_MASK; 69 + struct igd_opregion_vbt *opregionvbt = vdev->region[i].data; 70 + loff_t pos = *ppos & VFIO_PCI_OFFSET_MASK, off = 0; 71 + size_t remaining; 35 72 36 73 if (pos >= vdev->region[i].size || iswrite) 37 74 return -EINVAL; 38 75 39 - count = min(count, (size_t)(vdev->region[i].size - pos)); 76 + count = min_t(size_t, count, vdev->region[i].size - pos); 77 + remaining = count; 40 78 41 - if (copy_to_user(buf, base + pos, count)) 79 + /* Copy until OpRegion version */ 80 + if (remaining && pos < OPREGION_VERSION) { 81 + size_t bytes = min_t(size_t, remaining, OPREGION_VERSION - pos); 82 + 83 + if (igd_opregion_shift_copy(buf, &off, 84 + opregionvbt->opregion + pos, &pos, 85 + &remaining, bytes)) 86 + return -EFAULT; 87 + } 88 + 89 + /* Copy patched (if necessary) OpRegion version */ 90 + if (remaining && pos < OPREGION_VERSION + sizeof(__le16)) { 91 + size_t bytes = min_t(size_t, remaining, 92 + OPREGION_VERSION + sizeof(__le16) - pos); 93 + __le16 version = *(__le16 *)(opregionvbt->opregion + 94 + OPREGION_VERSION); 95 + 96 + /* Patch to 2.1 if OpRegion 2.0 has extended VBT */ 97 + if (le16_to_cpu(version) == 0x0200 && opregionvbt->vbt_ex) 98 + version = cpu_to_le16(0x0201); 99 + 100 + if (igd_opregion_shift_copy(buf, &off, 101 + &version + (pos - OPREGION_VERSION), 102 + &pos, &remaining, bytes)) 103 + return -EFAULT; 104 + } 105 + 106 + /* Copy until RVDA */ 107 + if (remaining && pos < OPREGION_RVDA) { 108 + size_t bytes = min_t(size_t, remaining, OPREGION_RVDA - pos); 109 + 110 + if (igd_opregion_shift_copy(buf, &off, 111 + opregionvbt->opregion + pos, &pos, 112 + &remaining, bytes)) 113 + return -EFAULT; 114 + } 115 + 116 + /* Copy modified (if necessary) RVDA */ 117 + if (remaining && pos < OPREGION_RVDA + sizeof(__le64)) { 118 + size_t bytes = min_t(size_t, remaining, 119 + OPREGION_RVDA + sizeof(__le64) - pos); 120 + __le64 rvda = cpu_to_le64(opregionvbt->vbt_ex ? 121 + OPREGION_SIZE : 0); 122 + 123 + if (igd_opregion_shift_copy(buf, &off, 124 + &rvda + (pos - OPREGION_RVDA), 125 + &pos, &remaining, bytes)) 126 + return -EFAULT; 127 + } 128 + 129 + /* Copy the rest of OpRegion */ 130 + if (remaining && pos < OPREGION_SIZE) { 131 + size_t bytes = min_t(size_t, remaining, OPREGION_SIZE - pos); 132 + 133 + if (igd_opregion_shift_copy(buf, &off, 134 + opregionvbt->opregion + pos, &pos, 135 + &remaining, bytes)) 136 + return -EFAULT; 137 + } 138 + 139 + /* Copy extended VBT if exists */ 140 + if (remaining && 141 + copy_to_user(buf + off, opregionvbt->vbt_ex + (pos - OPREGION_SIZE), 142 + remaining)) 42 143 return -EFAULT; 43 144 44 145 *ppos += count; ··· 150 49 static void vfio_pci_igd_release(struct vfio_pci_core_device *vdev, 151 50 struct vfio_pci_region *region) 152 51 { 153 - memunmap(region->data); 52 + struct igd_opregion_vbt *opregionvbt = region->data; 53 + 54 + if (opregionvbt->vbt_ex) 55 + memunmap(opregionvbt->vbt_ex); 56 + 57 + memunmap(opregionvbt->opregion); 58 + kfree(opregionvbt); 154 59 } 155 60 156 61 static const struct vfio_pci_regops vfio_pci_igd_regops = { ··· 168 61 { 169 62 __le32 *dwordp = (__le32 *)(vdev->vconfig + OPREGION_PCI_ADDR); 170 63 u32 addr, size; 171 - void *base; 64 + struct igd_opregion_vbt *opregionvbt; 172 65 int ret; 173 66 u16 version; 174 67 ··· 179 72 if (!addr || !(~addr)) 180 73 return -ENODEV; 181 74 182 - base = memremap(addr, OPREGION_SIZE, MEMREMAP_WB); 183 - if (!base) 75 + opregionvbt = kzalloc(sizeof(*opregionvbt), GFP_KERNEL); 76 + if (!opregionvbt) 184 77 return -ENOMEM; 185 78 186 - if (memcmp(base, OPREGION_SIGNATURE, 16)) { 187 - memunmap(base); 79 + opregionvbt->opregion = memremap(addr, OPREGION_SIZE, MEMREMAP_WB); 80 + if (!opregionvbt->opregion) { 81 + kfree(opregionvbt); 82 + return -ENOMEM; 83 + } 84 + 85 + if (memcmp(opregionvbt->opregion, OPREGION_SIGNATURE, 16)) { 86 + memunmap(opregionvbt->opregion); 87 + kfree(opregionvbt); 188 88 return -EINVAL; 189 89 } 190 90 191 - size = le32_to_cpu(*(__le32 *)(base + 16)); 91 + size = le32_to_cpu(*(__le32 *)(opregionvbt->opregion + 16)); 192 92 if (!size) { 193 - memunmap(base); 93 + memunmap(opregionvbt->opregion); 94 + kfree(opregionvbt); 194 95 return -EINVAL; 195 96 } 196 97 197 98 size *= 1024; /* In KB */ 198 99 199 100 /* 200 - * Support opregion v2.1+ 201 - * When VBT data exceeds 6KB size and cannot be within mailbox #4, then 202 - * the Extended VBT region next to opregion is used to hold the VBT data. 203 - * RVDA (Relative Address of VBT Data from Opregion Base) and RVDS 204 - * (Raw VBT Data Size) from opregion structure member are used to hold the 205 - * address from region base and size of VBT data. RVDA/RVDS are not 206 - * defined before opregion 2.0. 101 + * OpRegion and VBT: 102 + * When VBT data doesn't exceed 6KB, it's stored in Mailbox #4. 103 + * When VBT data exceeds 6KB size, Mailbox #4 is no longer large enough 104 + * to hold the VBT data, the Extended VBT region is introduced since 105 + * OpRegion 2.0 to hold the VBT data. Since OpRegion 2.0, RVDA/RVDS are 106 + * introduced to define the extended VBT data location and size. 107 + * OpRegion 2.0: RVDA defines the absolute physical address of the 108 + * extended VBT data, RVDS defines the VBT data size. 109 + * OpRegion 2.1 and above: RVDA defines the relative address of the 110 + * extended VBT data to OpRegion base, RVDS defines the VBT data size. 207 111 * 208 - * opregion 2.1+: RVDA is unsigned, relative offset from 209 - * opregion base, and should point to the end of opregion. 210 - * otherwise, exposing to userspace to allow read access to everything between 211 - * the OpRegion and VBT is not safe. 212 - * RVDS is defined as size in bytes. 213 - * 214 - * opregion 2.0: rvda is the physical VBT address. 215 - * Since rvda is HPA it cannot be directly used in guest. 216 - * And it should not be practically available for end user,so it is not supported. 112 + * Due to the RVDA definition diff in OpRegion VBT (also the only diff 113 + * between 2.0 and 2.1), exposing OpRegion and VBT as a contiguous range 114 + * for OpRegion 2.0 and above makes it possible to support the 115 + * non-contiguous VBT through a single vfio region. From r/w ops view, 116 + * only contiguous VBT after OpRegion with version 2.1+ is exposed, 117 + * regardless the host OpRegion is 2.0 or non-contiguous 2.1+. The r/w 118 + * ops will on-the-fly shift the actural offset into VBT so that data at 119 + * correct position can be returned to the requester. 217 120 */ 218 - version = le16_to_cpu(*(__le16 *)(base + OPREGION_VERSION)); 121 + version = le16_to_cpu(*(__le16 *)(opregionvbt->opregion + 122 + OPREGION_VERSION)); 219 123 if (version >= 0x0200) { 220 - u64 rvda; 221 - u32 rvds; 124 + u64 rvda = le64_to_cpu(*(__le64 *)(opregionvbt->opregion + 125 + OPREGION_RVDA)); 126 + u32 rvds = le32_to_cpu(*(__le32 *)(opregionvbt->opregion + 127 + OPREGION_RVDS)); 222 128 223 - rvda = le64_to_cpu(*(__le64 *)(base + OPREGION_RVDA)); 224 - rvds = le32_to_cpu(*(__le32 *)(base + OPREGION_RVDS)); 129 + /* The extended VBT is valid only when RVDA/RVDS are non-zero */ 225 130 if (rvda && rvds) { 226 - /* no support for opregion v2.0 with physical VBT address */ 227 - if (version == 0x0200) { 228 - memunmap(base); 229 - pci_err(vdev->pdev, 230 - "IGD assignment does not support opregion v2.0 with an extended VBT region\n"); 231 - return -EINVAL; 232 - } 233 - 234 - if (rvda != size) { 235 - memunmap(base); 236 - pci_err(vdev->pdev, 237 - "Extended VBT does not follow opregion on version 0x%04x\n", 238 - version); 239 - return -EINVAL; 240 - } 241 - 242 - /* region size for opregion v2.0+: opregion and VBT size. */ 243 131 size += rvds; 244 - } 245 - } 246 132 247 - if (size != OPREGION_SIZE) { 248 - memunmap(base); 249 - base = memremap(addr, size, MEMREMAP_WB); 250 - if (!base) 251 - return -ENOMEM; 133 + /* 134 + * Extended VBT location by RVDA: 135 + * Absolute physical addr for 2.0. 136 + * Relative addr to OpRegion header for 2.1+. 137 + */ 138 + if (version == 0x0200) 139 + addr = rvda; 140 + else 141 + addr += rvda; 142 + 143 + opregionvbt->vbt_ex = memremap(addr, rvds, MEMREMAP_WB); 144 + if (!opregionvbt->vbt_ex) { 145 + memunmap(opregionvbt->opregion); 146 + kfree(opregionvbt); 147 + return -ENOMEM; 148 + } 149 + } 252 150 } 253 151 254 152 ret = vfio_pci_register_dev_region(vdev, 255 153 PCI_VENDOR_ID_INTEL | VFIO_REGION_TYPE_PCI_VENDOR_TYPE, 256 - VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION, 257 - &vfio_pci_igd_regops, size, VFIO_REGION_INFO_FLAG_READ, base); 154 + VFIO_REGION_SUBTYPE_INTEL_IGD_OPREGION, &vfio_pci_igd_regops, 155 + size, VFIO_REGION_INFO_FLAG_READ, opregionvbt); 258 156 if (ret) { 259 - memunmap(base); 157 + if (opregionvbt->vbt_ex) 158 + memunmap(opregionvbt->vbt_ex); 159 + 160 + memunmap(opregionvbt->opregion); 161 + kfree(opregionvbt); 260 162 return ret; 261 163 } 262 164

+1 -12

drivers/vfio/platform/vfio_platform_common.c

··· 642 642 int vfio_platform_probe_common(struct vfio_platform_device *vdev, 643 643 struct device *dev) 644 644 { 645 - struct iommu_group *group; 646 645 int ret; 647 646 648 647 vfio_init_group_dev(&vdev->vdev, dev, &vfio_platform_ops); ··· 662 663 goto out_uninit; 663 664 } 664 665 665 - group = vfio_iommu_group_get(dev); 666 - if (!group) { 667 - dev_err(dev, "No IOMMU group for device %s\n", vdev->name); 668 - ret = -EINVAL; 669 - goto put_reset; 670 - } 671 - 672 666 ret = vfio_register_group_dev(&vdev->vdev); 673 667 if (ret) 674 - goto put_iommu; 668 + goto put_reset; 675 669 676 670 mutex_init(&vdev->igate); 677 671 678 672 pm_runtime_enable(dev); 679 673 return 0; 680 674 681 - put_iommu: 682 - vfio_iommu_group_put(group, dev); 683 675 put_reset: 684 676 vfio_platform_put_reset(vdev); 685 677 out_uninit: ··· 686 696 pm_runtime_disable(vdev->device); 687 697 vfio_platform_put_reset(vdev); 688 698 vfio_uninit_group_dev(&vdev->vdev); 689 - vfio_iommu_group_put(vdev->vdev.dev->iommu_group, vdev->vdev.dev); 690 699 } 691 700 EXPORT_SYMBOL_GPL(vfio_platform_remove_common); 692 701

+272 -384

drivers/vfio/vfio.c

··· 32 32 #include <linux/vfio.h> 33 33 #include <linux/wait.h> 34 34 #include <linux/sched/signal.h> 35 + #include "vfio.h" 35 36 36 37 #define DRIVER_VERSION "0.3" 37 38 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>" ··· 43 42 struct list_head iommu_drivers_list; 44 43 struct mutex iommu_drivers_lock; 45 44 struct list_head group_list; 46 - struct idr group_idr; 47 - struct mutex group_lock; 48 - struct cdev group_cdev; 45 + struct mutex group_lock; /* locks group_list */ 46 + struct ida group_ida; 49 47 dev_t group_devt; 50 48 } vfio; 51 49 ··· 68 68 }; 69 69 70 70 struct vfio_group { 71 - struct kref kref; 72 - int minor; 71 + struct device dev; 72 + struct cdev cdev; 73 + refcount_t users; 73 74 atomic_t container_users; 74 75 struct iommu_group *iommu_group; 75 76 struct vfio_container *container; 76 77 struct list_head device_list; 77 78 struct mutex device_lock; 78 - struct device *dev; 79 79 struct notifier_block nb; 80 80 struct list_head vfio_next; 81 81 struct list_head container_next; ··· 83 83 struct mutex unbound_lock; 84 84 atomic_t opened; 85 85 wait_queue_head_t container_q; 86 - bool noiommu; 86 + enum vfio_group_type type; 87 87 unsigned int dev_counter; 88 88 struct kvm *kvm; 89 89 struct blocking_notifier_head notifier; ··· 97 97 #endif 98 98 99 99 static DEFINE_XARRAY(vfio_device_set_xa); 100 + static const struct file_operations vfio_group_fops; 100 101 101 102 int vfio_assign_device_set(struct vfio_device *device, void *set_id) 102 103 { ··· 170 169 xa_unlock(&vfio_device_set_xa); 171 170 } 172 171 173 - /* 174 - * vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe 175 - * and remove functions, any use cases other than acquiring the first 176 - * reference for the purpose of calling vfio_register_group_dev() or removing 177 - * that symmetric reference after vfio_unregister_group_dev() should use the raw 178 - * iommu_group_{get,put} functions. In particular, vfio_iommu_group_put() 179 - * removes the device from the dummy group and cannot be nested. 180 - */ 181 - struct iommu_group *vfio_iommu_group_get(struct device *dev) 182 - { 183 - struct iommu_group *group; 184 - int __maybe_unused ret; 185 - 186 - group = iommu_group_get(dev); 187 - 188 - #ifdef CONFIG_VFIO_NOIOMMU 189 - /* 190 - * With noiommu enabled, an IOMMU group will be created for a device 191 - * that doesn't already have one and doesn't have an iommu_ops on their 192 - * bus. We set iommudata simply to be able to identify these groups 193 - * as special use and for reclamation later. 194 - */ 195 - if (group || !noiommu || iommu_present(dev->bus)) 196 - return group; 197 - 198 - group = iommu_group_alloc(); 199 - if (IS_ERR(group)) 200 - return NULL; 201 - 202 - iommu_group_set_name(group, "vfio-noiommu"); 203 - iommu_group_set_iommudata(group, &noiommu, NULL); 204 - ret = iommu_group_add_device(group, dev); 205 - if (ret) { 206 - iommu_group_put(group); 207 - return NULL; 208 - } 209 - 210 - /* 211 - * Where to taint? At this point we've added an IOMMU group for a 212 - * device that is not backed by iommu_ops, therefore any iommu_ 213 - * callback using iommu_ops can legitimately Oops. So, while we may 214 - * be about to give a DMA capable device to a user without IOMMU 215 - * protection, which is clearly taint-worthy, let's go ahead and do 216 - * it here. 217 - */ 218 - add_taint(TAINT_USER, LOCKDEP_STILL_OK); 219 - dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n"); 220 - #endif 221 - 222 - return group; 223 - } 224 - EXPORT_SYMBOL_GPL(vfio_iommu_group_get); 225 - 226 - void vfio_iommu_group_put(struct iommu_group *group, struct device *dev) 227 - { 228 - #ifdef CONFIG_VFIO_NOIOMMU 229 - if (iommu_group_get_iommudata(group) == &noiommu) 230 - iommu_group_remove_device(dev); 231 - #endif 232 - 233 - iommu_group_put(group); 234 - } 235 - EXPORT_SYMBOL_GPL(vfio_iommu_group_put); 236 - 237 172 #ifdef CONFIG_VFIO_NOIOMMU 238 173 static void *vfio_noiommu_open(unsigned long arg) 239 174 { ··· 195 258 } 196 259 197 260 static int vfio_noiommu_attach_group(void *iommu_data, 198 - struct iommu_group *iommu_group) 261 + struct iommu_group *iommu_group, enum vfio_group_type type) 199 262 { 200 - return iommu_group_get_iommudata(iommu_group) == &noiommu ? 0 : -EINVAL; 263 + return 0; 201 264 } 202 265 203 266 static void vfio_noiommu_detach_group(void *iommu_data, ··· 214 277 .attach_group = vfio_noiommu_attach_group, 215 278 .detach_group = vfio_noiommu_detach_group, 216 279 }; 217 - #endif 218 280 281 + /* 282 + * Only noiommu containers can use vfio-noiommu and noiommu containers can only 283 + * use vfio-noiommu. 284 + */ 285 + static inline bool vfio_iommu_driver_allowed(struct vfio_container *container, 286 + const struct vfio_iommu_driver *driver) 287 + { 288 + return container->noiommu == (driver->ops == &vfio_noiommu_ops); 289 + } 290 + #else 291 + static inline bool vfio_iommu_driver_allowed(struct vfio_container *container, 292 + const struct vfio_iommu_driver *driver) 293 + { 294 + return true; 295 + } 296 + #endif /* CONFIG_VFIO_NOIOMMU */ 219 297 220 298 /** 221 299 * IOMMU driver registration ··· 281 329 } 282 330 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver); 283 331 284 - /** 285 - * Group minor allocation/free - both called with vfio.group_lock held 286 - */ 287 - static int vfio_alloc_group_minor(struct vfio_group *group) 288 - { 289 - return idr_alloc(&vfio.group_idr, group, 0, MINORMASK + 1, GFP_KERNEL); 290 - } 291 - 292 - static void vfio_free_group_minor(int minor) 293 - { 294 - idr_remove(&vfio.group_idr, minor); 295 - } 296 - 297 332 static int vfio_iommu_group_notifier(struct notifier_block *nb, 298 333 unsigned long action, void *data); 299 334 static void vfio_group_get(struct vfio_group *group); ··· 309 370 kref_put(&container->kref, vfio_container_release); 310 371 } 311 372 312 - static void vfio_group_unlock_and_free(struct vfio_group *group) 313 - { 314 - mutex_unlock(&vfio.group_lock); 315 - /* 316 - * Unregister outside of lock. A spurious callback is harmless now 317 - * that the group is no longer in vfio.group_list. 318 - */ 319 - iommu_group_unregister_notifier(group->iommu_group, &group->nb); 320 - kfree(group); 321 - } 322 - 323 373 /** 324 374 * Group objects - create, release, get, put, search 325 375 */ 326 - static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group) 376 + static struct vfio_group * 377 + __vfio_group_get_from_iommu(struct iommu_group *iommu_group) 327 378 { 328 - struct vfio_group *group, *tmp; 329 - struct device *dev; 330 - int ret, minor; 379 + struct vfio_group *group; 331 380 332 - group = kzalloc(sizeof(*group), GFP_KERNEL); 333 - if (!group) 334 - return ERR_PTR(-ENOMEM); 335 - 336 - kref_init(&group->kref); 337 - INIT_LIST_HEAD(&group->device_list); 338 - mutex_init(&group->device_lock); 339 - INIT_LIST_HEAD(&group->unbound_list); 340 - mutex_init(&group->unbound_lock); 341 - atomic_set(&group->container_users, 0); 342 - atomic_set(&group->opened, 0); 343 - init_waitqueue_head(&group->container_q); 344 - group->iommu_group = iommu_group; 345 - #ifdef CONFIG_VFIO_NOIOMMU 346 - group->noiommu = (iommu_group_get_iommudata(iommu_group) == &noiommu); 347 - #endif 348 - BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier); 349 - 350 - group->nb.notifier_call = vfio_iommu_group_notifier; 351 - 352 - /* 353 - * blocking notifiers acquire a rwsem around registering and hold 354 - * it around callback. Therefore, need to register outside of 355 - * vfio.group_lock to avoid A-B/B-A contention. Our callback won't 356 - * do anything unless it can find the group in vfio.group_list, so 357 - * no harm in registering early. 358 - */ 359 - ret = iommu_group_register_notifier(iommu_group, &group->nb); 360 - if (ret) { 361 - kfree(group); 362 - return ERR_PTR(ret); 363 - } 364 - 365 - mutex_lock(&vfio.group_lock); 366 - 367 - /* Did we race creating this group? */ 368 - list_for_each_entry(tmp, &vfio.group_list, vfio_next) { 369 - if (tmp->iommu_group == iommu_group) { 370 - vfio_group_get(tmp); 371 - vfio_group_unlock_and_free(group); 372 - return tmp; 381 + list_for_each_entry(group, &vfio.group_list, vfio_next) { 382 + if (group->iommu_group == iommu_group) { 383 + vfio_group_get(group); 384 + return group; 373 385 } 374 386 } 387 + return NULL; 388 + } 375 389 376 - minor = vfio_alloc_group_minor(group); 377 - if (minor < 0) { 378 - vfio_group_unlock_and_free(group); 379 - return ERR_PTR(minor); 380 - } 390 + static struct vfio_group * 391 + vfio_group_get_from_iommu(struct iommu_group *iommu_group) 392 + { 393 + struct vfio_group *group; 381 394 382 - dev = device_create(vfio.class, NULL, 383 - MKDEV(MAJOR(vfio.group_devt), minor), 384 - group, "%s%d", group->noiommu ? "noiommu-" : "", 385 - iommu_group_id(iommu_group)); 386 - if (IS_ERR(dev)) { 387 - vfio_free_group_minor(minor); 388 - vfio_group_unlock_and_free(group); 389 - return ERR_CAST(dev); 390 - } 391 - 392 - group->minor = minor; 393 - group->dev = dev; 394 - 395 - list_add(&group->vfio_next, &vfio.group_list); 396 - 395 + mutex_lock(&vfio.group_lock); 396 + group = __vfio_group_get_from_iommu(iommu_group); 397 397 mutex_unlock(&vfio.group_lock); 398 - 399 398 return group; 400 399 } 401 400 402 - /* called with vfio.group_lock held */ 403 - static void vfio_group_release(struct kref *kref) 401 + static void vfio_group_release(struct device *dev) 404 402 { 405 - struct vfio_group *group = container_of(kref, struct vfio_group, kref); 403 + struct vfio_group *group = container_of(dev, struct vfio_group, dev); 406 404 struct vfio_unbound_dev *unbound, *tmp; 407 - struct iommu_group *iommu_group = group->iommu_group; 408 - 409 - WARN_ON(!list_empty(&group->device_list)); 410 - WARN_ON(group->notifier.head); 411 405 412 406 list_for_each_entry_safe(unbound, tmp, 413 407 &group->unbound_list, unbound_next) { ··· 348 476 kfree(unbound); 349 477 } 350 478 351 - device_destroy(vfio.class, MKDEV(MAJOR(vfio.group_devt), group->minor)); 352 - list_del(&group->vfio_next); 353 - vfio_free_group_minor(group->minor); 354 - vfio_group_unlock_and_free(group); 355 - iommu_group_put(iommu_group); 479 + mutex_destroy(&group->device_lock); 480 + mutex_destroy(&group->unbound_lock); 481 + iommu_group_put(group->iommu_group); 482 + ida_free(&vfio.group_ida, MINOR(group->dev.devt)); 483 + kfree(group); 484 + } 485 + 486 + static struct vfio_group *vfio_group_alloc(struct iommu_group *iommu_group, 487 + enum vfio_group_type type) 488 + { 489 + struct vfio_group *group; 490 + int minor; 491 + 492 + group = kzalloc(sizeof(*group), GFP_KERNEL); 493 + if (!group) 494 + return ERR_PTR(-ENOMEM); 495 + 496 + minor = ida_alloc_max(&vfio.group_ida, MINORMASK, GFP_KERNEL); 497 + if (minor < 0) { 498 + kfree(group); 499 + return ERR_PTR(minor); 500 + } 501 + 502 + device_initialize(&group->dev); 503 + group->dev.devt = MKDEV(MAJOR(vfio.group_devt), minor); 504 + group->dev.class = vfio.class; 505 + group->dev.release = vfio_group_release; 506 + cdev_init(&group->cdev, &vfio_group_fops); 507 + group->cdev.owner = THIS_MODULE; 508 + 509 + refcount_set(&group->users, 1); 510 + INIT_LIST_HEAD(&group->device_list); 511 + mutex_init(&group->device_lock); 512 + INIT_LIST_HEAD(&group->unbound_list); 513 + mutex_init(&group->unbound_lock); 514 + init_waitqueue_head(&group->container_q); 515 + group->iommu_group = iommu_group; 516 + /* put in vfio_group_release() */ 517 + iommu_group_ref_get(iommu_group); 518 + group->type = type; 519 + BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier); 520 + 521 + return group; 522 + } 523 + 524 + static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group, 525 + enum vfio_group_type type) 526 + { 527 + struct vfio_group *group; 528 + struct vfio_group *ret; 529 + int err; 530 + 531 + group = vfio_group_alloc(iommu_group, type); 532 + if (IS_ERR(group)) 533 + return group; 534 + 535 + err = dev_set_name(&group->dev, "%s%d", 536 + group->type == VFIO_NO_IOMMU ? "noiommu-" : "", 537 + iommu_group_id(iommu_group)); 538 + if (err) { 539 + ret = ERR_PTR(err); 540 + goto err_put; 541 + } 542 + 543 + group->nb.notifier_call = vfio_iommu_group_notifier; 544 + err = iommu_group_register_notifier(iommu_group, &group->nb); 545 + if (err) { 546 + ret = ERR_PTR(err); 547 + goto err_put; 548 + } 549 + 550 + mutex_lock(&vfio.group_lock); 551 + 552 + /* Did we race creating this group? */ 553 + ret = __vfio_group_get_from_iommu(iommu_group); 554 + if (ret) 555 + goto err_unlock; 556 + 557 + err = cdev_device_add(&group->cdev, &group->dev); 558 + if (err) { 559 + ret = ERR_PTR(err); 560 + goto err_unlock; 561 + } 562 + 563 + list_add(&group->vfio_next, &vfio.group_list); 564 + 565 + mutex_unlock(&vfio.group_lock); 566 + return group; 567 + 568 + err_unlock: 569 + mutex_unlock(&vfio.group_lock); 570 + iommu_group_unregister_notifier(group->iommu_group, &group->nb); 571 + err_put: 572 + put_device(&group->dev); 573 + return ret; 356 574 } 357 575 358 576 static void vfio_group_put(struct vfio_group *group) 359 577 { 360 - kref_put_mutex(&group->kref, vfio_group_release, &vfio.group_lock); 361 - } 362 - 363 - struct vfio_group_put_work { 364 - struct work_struct work; 365 - struct vfio_group *group; 366 - }; 367 - 368 - static void vfio_group_put_bg(struct work_struct *work) 369 - { 370 - struct vfio_group_put_work *do_work; 371 - 372 - do_work = container_of(work, struct vfio_group_put_work, work); 373 - 374 - vfio_group_put(do_work->group); 375 - kfree(do_work); 376 - } 377 - 378 - static void vfio_group_schedule_put(struct vfio_group *group) 379 - { 380 - struct vfio_group_put_work *do_work; 381 - 382 - do_work = kmalloc(sizeof(*do_work), GFP_KERNEL); 383 - if (WARN_ON(!do_work)) 578 + if (!refcount_dec_and_mutex_lock(&group->users, &vfio.group_lock)) 384 579 return; 385 580 386 - INIT_WORK(&do_work->work, vfio_group_put_bg); 387 - do_work->group = group; 388 - schedule_work(&do_work->work); 581 + /* 582 + * These data structures all have paired operations that can only be 583 + * undone when the caller holds a live reference on the group. Since all 584 + * pairs must be undone these WARN_ON's indicate some caller did not 585 + * properly hold the group reference. 586 + */ 587 + WARN_ON(!list_empty(&group->device_list)); 588 + WARN_ON(atomic_read(&group->container_users)); 589 + WARN_ON(group->notifier.head); 590 + 591 + list_del(&group->vfio_next); 592 + cdev_device_del(&group->cdev, &group->dev); 593 + mutex_unlock(&vfio.group_lock); 594 + 595 + iommu_group_unregister_notifier(group->iommu_group, &group->nb); 596 + put_device(&group->dev); 389 597 } 390 598 391 - /* Assume group_lock or group reference is held */ 392 599 static void vfio_group_get(struct vfio_group *group) 393 600 { 394 - kref_get(&group->kref); 395 - } 396 - 397 - /* 398 - * Not really a try as we will sleep for mutex, but we need to make 399 - * sure the group pointer is valid under lock and get a reference. 400 - */ 401 - static struct vfio_group *vfio_group_try_get(struct vfio_group *group) 402 - { 403 - struct vfio_group *target = group; 404 - 405 - mutex_lock(&vfio.group_lock); 406 - list_for_each_entry(group, &vfio.group_list, vfio_next) { 407 - if (group == target) { 408 - vfio_group_get(group); 409 - mutex_unlock(&vfio.group_lock); 410 - return group; 411 - } 412 - } 413 - mutex_unlock(&vfio.group_lock); 414 - 415 - return NULL; 416 - } 417 - 418 - static 419 - struct vfio_group *vfio_group_get_from_iommu(struct iommu_group *iommu_group) 420 - { 421 - struct vfio_group *group; 422 - 423 - mutex_lock(&vfio.group_lock); 424 - list_for_each_entry(group, &vfio.group_list, vfio_next) { 425 - if (group->iommu_group == iommu_group) { 426 - vfio_group_get(group); 427 - mutex_unlock(&vfio.group_lock); 428 - return group; 429 - } 430 - } 431 - mutex_unlock(&vfio.group_lock); 432 - 433 - return NULL; 434 - } 435 - 436 - static struct vfio_group *vfio_group_get_from_minor(int minor) 437 - { 438 - struct vfio_group *group; 439 - 440 - mutex_lock(&vfio.group_lock); 441 - group = idr_find(&vfio.group_idr, minor); 442 - if (!group) { 443 - mutex_unlock(&vfio.group_lock); 444 - return NULL; 445 - } 446 - vfio_group_get(group); 447 - mutex_unlock(&vfio.group_lock); 448 - 449 - return group; 601 + refcount_inc(&group->users); 450 602 } 451 603 452 604 static struct vfio_group *vfio_group_get_from_dev(struct device *dev) ··· 636 740 struct device *dev = data; 637 741 struct vfio_unbound_dev *unbound; 638 742 639 - /* 640 - * Need to go through a group_lock lookup to get a reference or we 641 - * risk racing a group being removed. Ignore spurious notifies. 642 - */ 643 - group = vfio_group_try_get(group); 644 - if (!group) 645 - return NOTIFY_OK; 646 - 647 743 switch (action) { 648 744 case IOMMU_GROUP_NOTIFY_ADD_DEVICE: 649 745 vfio_group_nb_add_dev(group, dev); ··· 686 798 mutex_unlock(&group->unbound_lock); 687 799 break; 688 800 } 689 - 690 - /* 691 - * If we're the last reference to the group, the group will be 692 - * released, which includes unregistering the iommu group notifier. 693 - * We hold a read-lock on that notifier list, unregistering needs 694 - * a write-lock... deadlock. Release our reference asynchronously 695 - * to avoid that situation. 696 - */ 697 - vfio_group_schedule_put(group); 698 801 return NOTIFY_OK; 699 802 } 700 803 ··· 707 828 } 708 829 EXPORT_SYMBOL_GPL(vfio_uninit_group_dev); 709 830 710 - int vfio_register_group_dev(struct vfio_device *device) 831 + static struct vfio_group *vfio_noiommu_group_alloc(struct device *dev, 832 + enum vfio_group_type type) 711 833 { 712 - struct vfio_device *existing_device; 713 834 struct iommu_group *iommu_group; 714 835 struct vfio_group *group; 836 + int ret; 837 + 838 + iommu_group = iommu_group_alloc(); 839 + if (IS_ERR(iommu_group)) 840 + return ERR_CAST(iommu_group); 841 + 842 + iommu_group_set_name(iommu_group, "vfio-noiommu"); 843 + ret = iommu_group_add_device(iommu_group, dev); 844 + if (ret) 845 + goto out_put_group; 846 + 847 + group = vfio_create_group(iommu_group, type); 848 + if (IS_ERR(group)) { 849 + ret = PTR_ERR(group); 850 + goto out_remove_device; 851 + } 852 + iommu_group_put(iommu_group); 853 + return group; 854 + 855 + out_remove_device: 856 + iommu_group_remove_device(dev); 857 + out_put_group: 858 + iommu_group_put(iommu_group); 859 + return ERR_PTR(ret); 860 + } 861 + 862 + static struct vfio_group *vfio_group_find_or_alloc(struct device *dev) 863 + { 864 + struct iommu_group *iommu_group; 865 + struct vfio_group *group; 866 + 867 + iommu_group = iommu_group_get(dev); 868 + #ifdef CONFIG_VFIO_NOIOMMU 869 + if (!iommu_group && noiommu && !iommu_present(dev->bus)) { 870 + /* 871 + * With noiommu enabled, create an IOMMU group for devices that 872 + * don't already have one and don't have an iommu_ops on their 873 + * bus. Taint the kernel because we're about to give a DMA 874 + * capable device to a user without IOMMU protection. 875 + */ 876 + group = vfio_noiommu_group_alloc(dev, VFIO_NO_IOMMU); 877 + if (!IS_ERR(group)) { 878 + add_taint(TAINT_USER, LOCKDEP_STILL_OK); 879 + dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n"); 880 + } 881 + return group; 882 + } 883 + #endif 884 + if (!iommu_group) 885 + return ERR_PTR(-EINVAL); 886 + 887 + group = vfio_group_get_from_iommu(iommu_group); 888 + if (!group) 889 + group = vfio_create_group(iommu_group, VFIO_IOMMU); 890 + 891 + /* The vfio_group holds a reference to the iommu_group */ 892 + iommu_group_put(iommu_group); 893 + return group; 894 + } 895 + 896 + static int __vfio_register_dev(struct vfio_device *device, 897 + struct vfio_group *group) 898 + { 899 + struct vfio_device *existing_device; 900 + 901 + if (IS_ERR(group)) 902 + return PTR_ERR(group); 715 903 716 904 /* 717 905 * If the driver doesn't specify a set then the device is added to a ··· 787 841 if (!device->dev_set) 788 842 vfio_assign_device_set(device, device); 789 843 790 - iommu_group = iommu_group_get(device->dev); 791 - if (!iommu_group) 792 - return -EINVAL; 793 - 794 - group = vfio_group_get_from_iommu(iommu_group); 795 - if (!group) { 796 - group = vfio_create_group(iommu_group); 797 - if (IS_ERR(group)) { 798 - iommu_group_put(iommu_group); 799 - return PTR_ERR(group); 800 - } 801 - } else { 802 - /* 803 - * A found vfio_group already holds a reference to the 804 - * iommu_group. A created vfio_group keeps the reference. 805 - */ 806 - iommu_group_put(iommu_group); 807 - } 808 - 809 844 existing_device = vfio_group_get_device(group, device->dev); 810 845 if (existing_device) { 811 846 dev_WARN(device->dev, "Device already exists on group %d\n", 812 - iommu_group_id(iommu_group)); 847 + iommu_group_id(group->iommu_group)); 813 848 vfio_device_put(existing_device); 849 + if (group->type == VFIO_NO_IOMMU || 850 + group->type == VFIO_EMULATED_IOMMU) 851 + iommu_group_remove_device(device->dev); 814 852 vfio_group_put(group); 815 853 return -EBUSY; 816 854 } ··· 812 882 813 883 return 0; 814 884 } 885 + 886 + int vfio_register_group_dev(struct vfio_device *device) 887 + { 888 + return __vfio_register_dev(device, 889 + vfio_group_find_or_alloc(device->dev)); 890 + } 815 891 EXPORT_SYMBOL_GPL(vfio_register_group_dev); 892 + 893 + /* 894 + * Register a virtual device without IOMMU backing. The user of this 895 + * device must not be able to directly trigger unmediated DMA. 896 + */ 897 + int vfio_register_emulated_iommu_dev(struct vfio_device *device) 898 + { 899 + return __vfio_register_dev(device, 900 + vfio_noiommu_group_alloc(device->dev, VFIO_EMULATED_IOMMU)); 901 + } 902 + EXPORT_SYMBOL_GPL(vfio_register_emulated_iommu_dev); 816 903 817 904 /** 818 905 * Get a reference to the vfio_device for a device. Even if the ··· 957 1010 if (list_empty(&group->device_list)) 958 1011 wait_event(group->container_q, !group->container); 959 1012 1013 + if (group->type == VFIO_NO_IOMMU || group->type == VFIO_EMULATED_IOMMU) 1014 + iommu_group_remove_device(device->dev); 1015 + 960 1016 /* Matches the get in vfio_register_group_dev() */ 961 1017 vfio_group_put(group); 962 1018 } ··· 992 1042 list_for_each_entry(driver, &vfio.iommu_drivers_list, 993 1043 vfio_next) { 994 1044 995 - #ifdef CONFIG_VFIO_NOIOMMU 996 1045 if (!list_empty(&container->group_list) && 997 - (container->noiommu != 998 - (driver->ops == &vfio_noiommu_ops))) 1046 + !vfio_iommu_driver_allowed(container, 1047 + driver)) 999 1048 continue; 1000 - #endif 1001 - 1002 1049 if (!try_module_get(driver->ops->owner)) 1003 1050 continue; 1004 1051 ··· 1026 1079 int ret = -ENODEV; 1027 1080 1028 1081 list_for_each_entry(group, &container->group_list, container_next) { 1029 - ret = driver->ops->attach_group(data, group->iommu_group); 1082 + ret = driver->ops->attach_group(data, group->iommu_group, 1083 + group->type); 1030 1084 if (ret) 1031 1085 goto unwind; 1032 1086 } ··· 1068 1120 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) { 1069 1121 void *data; 1070 1122 1071 - #ifdef CONFIG_VFIO_NOIOMMU 1072 - /* 1073 - * Only noiommu containers can use vfio-noiommu and noiommu 1074 - * containers can only use vfio-noiommu. 1075 - */ 1076 - if (container->noiommu != (driver->ops == &vfio_noiommu_ops)) 1123 + if (!vfio_iommu_driver_allowed(container, driver)) 1077 1124 continue; 1078 - #endif 1079 - 1080 1125 if (!try_module_get(driver->ops->owner)) 1081 1126 continue; 1082 1127 ··· 1175 1234 return 0; 1176 1235 } 1177 1236 1178 - /* 1179 - * Once an iommu driver is set, we optionally pass read/write/mmap 1180 - * on to the driver, allowing management interfaces beyond ioctl. 1181 - */ 1182 - static ssize_t vfio_fops_read(struct file *filep, char __user *buf, 1183 - size_t count, loff_t *ppos) 1184 - { 1185 - struct vfio_container *container = filep->private_data; 1186 - struct vfio_iommu_driver *driver; 1187 - ssize_t ret = -EINVAL; 1188 - 1189 - driver = container->iommu_driver; 1190 - if (likely(driver && driver->ops->read)) 1191 - ret = driver->ops->read(container->iommu_data, 1192 - buf, count, ppos); 1193 - 1194 - return ret; 1195 - } 1196 - 1197 - static ssize_t vfio_fops_write(struct file *filep, const char __user *buf, 1198 - size_t count, loff_t *ppos) 1199 - { 1200 - struct vfio_container *container = filep->private_data; 1201 - struct vfio_iommu_driver *driver; 1202 - ssize_t ret = -EINVAL; 1203 - 1204 - driver = container->iommu_driver; 1205 - if (likely(driver && driver->ops->write)) 1206 - ret = driver->ops->write(container->iommu_data, 1207 - buf, count, ppos); 1208 - 1209 - return ret; 1210 - } 1211 - 1212 - static int vfio_fops_mmap(struct file *filep, struct vm_area_struct *vma) 1213 - { 1214 - struct vfio_container *container = filep->private_data; 1215 - struct vfio_iommu_driver *driver; 1216 - int ret = -EINVAL; 1217 - 1218 - driver = container->iommu_driver; 1219 - if (likely(driver && driver->ops->mmap)) 1220 - ret = driver->ops->mmap(container->iommu_data, vma); 1221 - 1222 - return ret; 1223 - } 1224 - 1225 1237 static const struct file_operations vfio_fops = { 1226 1238 .owner = THIS_MODULE, 1227 1239 .open = vfio_fops_open, 1228 1240 .release = vfio_fops_release, 1229 - .read = vfio_fops_read, 1230 - .write = vfio_fops_write, 1231 1241 .unlocked_ioctl = vfio_fops_unl_ioctl, 1232 1242 .compat_ioctl = compat_ptr_ioctl, 1233 - .mmap = vfio_fops_mmap, 1234 1243 }; 1235 1244 1236 1245 /** ··· 1257 1366 if (atomic_read(&group->container_users)) 1258 1367 return -EINVAL; 1259 1368 1260 - if (group->noiommu && !capable(CAP_SYS_RAWIO)) 1369 + if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO)) 1261 1370 return -EPERM; 1262 1371 1263 1372 f = fdget(container_fd); ··· 1277 1386 1278 1387 /* Real groups and fake groups cannot mix */ 1279 1388 if (!list_empty(&container->group_list) && 1280 - container->noiommu != group->noiommu) { 1389 + container->noiommu != (group->type == VFIO_NO_IOMMU)) { 1281 1390 ret = -EPERM; 1282 1391 goto unlock_out; 1283 1392 } ··· 1285 1394 driver = container->iommu_driver; 1286 1395 if (driver) { 1287 1396 ret = driver->ops->attach_group(container->iommu_data, 1288 - group->iommu_group); 1397 + group->iommu_group, 1398 + group->type); 1289 1399 if (ret) 1290 1400 goto unlock_out; 1291 1401 } 1292 1402 1293 1403 group->container = container; 1294 - container->noiommu = group->noiommu; 1404 + container->noiommu = (group->type == VFIO_NO_IOMMU); 1295 1405 list_add(&group->container_next, &container->group_list); 1296 1406 1297 1407 /* Get a reference on the container and mark a user within the group */ ··· 1316 1424 if (!atomic_inc_not_zero(&group->container_users)) 1317 1425 return -EINVAL; 1318 1426 1319 - if (group->noiommu) { 1427 + if (group->type == VFIO_NO_IOMMU) { 1320 1428 atomic_dec(&group->container_users); 1321 1429 return -EPERM; 1322 1430 } ··· 1341 1449 !group->container->iommu_driver || !vfio_group_viable(group)) 1342 1450 return -EINVAL; 1343 1451 1344 - if (group->noiommu && !capable(CAP_SYS_RAWIO)) 1452 + if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO)) 1345 1453 return -EPERM; 1346 1454 1347 1455 device = vfio_device_get_from_name(group, buf); ··· 1388 1496 1389 1497 fd_install(fdno, filep); 1390 1498 1391 - if (group->noiommu) 1499 + if (group->type == VFIO_NO_IOMMU) 1392 1500 dev_warn(device->dev, "vfio-noiommu device opened by user " 1393 1501 "(%s:%d)\n", current->comm, task_pid_nr(current)); 1394 1502 return fdno; ··· 1477 1585 1478 1586 static int vfio_group_fops_open(struct inode *inode, struct file *filep) 1479 1587 { 1480 - struct vfio_group *group; 1588 + struct vfio_group *group = 1589 + container_of(inode->i_cdev, struct vfio_group, cdev); 1481 1590 int opened; 1482 1591 1483 - group = vfio_group_get_from_minor(iminor(inode)); 1484 - if (!group) 1592 + /* users can be zero if this races with vfio_group_put() */ 1593 + if (!refcount_inc_not_zero(&group->users)) 1485 1594 return -ENODEV; 1486 1595 1487 - if (group->noiommu && !capable(CAP_SYS_RAWIO)) { 1596 + if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO)) { 1488 1597 vfio_group_put(group); 1489 1598 return -EPERM; 1490 1599 } ··· 1650 1757 if (ret) 1651 1758 return ERR_PTR(ret); 1652 1759 1760 + /* 1761 + * Since the caller holds the fget on the file group->users must be >= 1 1762 + */ 1653 1763 vfio_group_get(group); 1654 1764 1655 1765 return group; ··· 2292 2396 { 2293 2397 int ret; 2294 2398 2295 - idr_init(&vfio.group_idr); 2399 + ida_init(&vfio.group_ida); 2296 2400 mutex_init(&vfio.group_lock); 2297 2401 mutex_init(&vfio.iommu_drivers_lock); 2298 2402 INIT_LIST_HEAD(&vfio.group_list); ··· 2317 2421 if (ret) 2318 2422 goto err_alloc_chrdev; 2319 2423 2320 - cdev_init(&vfio.group_cdev, &vfio_group_fops); 2321 - ret = cdev_add(&vfio.group_cdev, vfio.group_devt, MINORMASK + 1); 2322 - if (ret) 2323 - goto err_cdev_add; 2324 - 2325 2424 pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n"); 2326 2425 2327 2426 #ifdef CONFIG_VFIO_NOIOMMU ··· 2324 2433 #endif 2325 2434 return 0; 2326 2435 2327 - err_cdev_add: 2328 - unregister_chrdev_region(vfio.group_devt, MINORMASK + 1); 2329 2436 err_alloc_chrdev: 2330 2437 class_destroy(vfio.class); 2331 2438 vfio.class = NULL; ··· 2339 2450 #ifdef CONFIG_VFIO_NOIOMMU 2340 2451 vfio_unregister_iommu_driver(&vfio_noiommu_ops); 2341 2452 #endif 2342 - idr_destroy(&vfio.group_idr); 2343 - cdev_del(&vfio.group_cdev); 2453 + ida_destroy(&vfio.group_ida); 2344 2454 unregister_chrdev_region(vfio.group_devt, MINORMASK + 1); 2345 2455 class_destroy(vfio.class); 2346 2456 vfio.class = NULL;

+72

drivers/vfio/vfio.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 + /* 3 + * Copyright (C) 2012 Red Hat, Inc. All rights reserved. 4 + * Author: Alex Williamson <alex.williamson@redhat.com> 5 + */ 6 + 7 + enum vfio_group_type { 8 + /* 9 + * Physical device with IOMMU backing. 10 + */ 11 + VFIO_IOMMU, 12 + 13 + /* 14 + * Virtual device without IOMMU backing. The VFIO core fakes up an 15 + * iommu_group as the iommu_group sysfs interface is part of the 16 + * userspace ABI. The user of these devices must not be able to 17 + * directly trigger unmediated DMA. 18 + */ 19 + VFIO_EMULATED_IOMMU, 20 + 21 + /* 22 + * Physical device without IOMMU backing. The VFIO core fakes up an 23 + * iommu_group as the iommu_group sysfs interface is part of the 24 + * userspace ABI. Users can trigger unmediated DMA by the device, 25 + * usage is highly dangerous, requires an explicit opt-in and will 26 + * taint the kernel. 27 + */ 28 + VFIO_NO_IOMMU, 29 + }; 30 + 31 + /* events for the backend driver notify callback */ 32 + enum vfio_iommu_notify_type { 33 + VFIO_IOMMU_CONTAINER_CLOSE = 0, 34 + }; 35 + 36 + /** 37 + * struct vfio_iommu_driver_ops - VFIO IOMMU driver callbacks 38 + */ 39 + struct vfio_iommu_driver_ops { 40 + char *name; 41 + struct module *owner; 42 + void *(*open)(unsigned long arg); 43 + void (*release)(void *iommu_data); 44 + long (*ioctl)(void *iommu_data, unsigned int cmd, 45 + unsigned long arg); 46 + int (*attach_group)(void *iommu_data, 47 + struct iommu_group *group, 48 + enum vfio_group_type); 49 + void (*detach_group)(void *iommu_data, 50 + struct iommu_group *group); 51 + int (*pin_pages)(void *iommu_data, 52 + struct iommu_group *group, 53 + unsigned long *user_pfn, 54 + int npage, int prot, 55 + unsigned long *phys_pfn); 56 + int (*unpin_pages)(void *iommu_data, 57 + unsigned long *user_pfn, int npage); 58 + int (*register_notifier)(void *iommu_data, 59 + unsigned long *events, 60 + struct notifier_block *nb); 61 + int (*unregister_notifier)(void *iommu_data, 62 + struct notifier_block *nb); 63 + int (*dma_rw)(void *iommu_data, dma_addr_t user_iova, 64 + void *data, size_t count, bool write); 65 + struct iommu_domain *(*group_iommu_domain)(void *iommu_data, 66 + struct iommu_group *group); 67 + void (*notify)(void *iommu_data, 68 + enum vfio_iommu_notify_type event); 69 + }; 70 + 71 + int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops); 72 + void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops);

+5 -1

drivers/vfio/vfio_iommu_spapr_tce.c

··· 20 20 #include <linux/sched/mm.h> 21 21 #include <linux/sched/signal.h> 22 22 #include <linux/mm.h> 23 + #include "vfio.h" 23 24 24 25 #include <asm/iommu.h> 25 26 #include <asm/tce.h> ··· 1239 1238 } 1240 1239 1241 1240 static int tce_iommu_attach_group(void *iommu_data, 1242 - struct iommu_group *iommu_group) 1241 + struct iommu_group *iommu_group, enum vfio_group_type type) 1243 1242 { 1244 1243 int ret = 0; 1245 1244 struct tce_container *container = iommu_data; 1246 1245 struct iommu_table_group *table_group; 1247 1246 struct tce_iommu_group *tcegrp = NULL; 1247 + 1248 + if (type == VFIO_EMULATED_IOMMU) 1249 + return -EINVAL; 1248 1250 1249 1251 mutex_lock(&container->lock); 1250 1252

+73 -183

drivers/vfio/vfio_iommu_type1.c

··· 36 36 #include <linux/uaccess.h> 37 37 #include <linux/vfio.h> 38 38 #include <linux/workqueue.h> 39 - #include <linux/mdev.h> 40 39 #include <linux/notifier.h> 41 40 #include <linux/dma-iommu.h> 42 41 #include <linux/irqdomain.h> 42 + #include "vfio.h" 43 43 44 44 #define DRIVER_VERSION "0.2" 45 45 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>" ··· 65 65 struct vfio_iommu { 66 66 struct list_head domain_list; 67 67 struct list_head iova_list; 68 - struct vfio_domain *external_domain; /* domain for external user */ 69 68 struct mutex lock; 70 69 struct rb_root dma_list; 71 70 struct blocking_notifier_head notifier; ··· 77 78 bool nesting; 78 79 bool dirty_page_tracking; 79 80 bool container_open; 81 + struct list_head emulated_iommu_groups; 80 82 }; 81 83 82 84 struct vfio_domain { ··· 113 113 struct vfio_iommu_group { 114 114 struct iommu_group *iommu_group; 115 115 struct list_head next; 116 - bool mdev_group; /* An mdev group */ 117 116 bool pinned_page_dirty_scope; 118 117 }; 119 118 ··· 138 139 phys_addr_t phys; 139 140 size_t len; 140 141 }; 141 - 142 - #define IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu) \ 143 - (!list_empty(&iommu->domain_list)) 144 142 145 143 #define DIRTY_BITMAP_BYTES(n) (ALIGN(n, BITS_PER_TYPE(u64)) / BITS_PER_BYTE) 146 144 ··· 876 880 * already pinned and accounted. Accounting should be done if there is no 877 881 * iommu capable domain in the container. 878 882 */ 879 - do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu); 883 + do_accounting = list_empty(&iommu->domain_list); 880 884 881 885 for (i = 0; i < npage; i++) { 882 886 struct vfio_pfn *vpfn; ··· 965 969 966 970 mutex_lock(&iommu->lock); 967 971 968 - do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu); 972 + do_accounting = list_empty(&iommu->domain_list); 969 973 for (i = 0; i < npage; i++) { 970 974 struct vfio_dma *dma; 971 975 dma_addr_t iova; ··· 1086 1090 if (!dma->size) 1087 1091 return 0; 1088 1092 1089 - if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu)) 1093 + if (list_empty(&iommu->domain_list)) 1090 1094 return 0; 1091 1095 1092 1096 /* ··· 1663 1667 vfio_link_dma(iommu, dma); 1664 1668 1665 1669 /* Don't pin and map if container doesn't contain IOMMU capable domain*/ 1666 - if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu)) 1670 + if (list_empty(&iommu->domain_list)) 1667 1671 dma->size = size; 1668 1672 else 1669 1673 ret = vfio_pin_map_dma(iommu, dma, size); ··· 1889 1893 vfio_iommu_find_iommu_group(struct vfio_iommu *iommu, 1890 1894 struct iommu_group *iommu_group) 1891 1895 { 1896 + struct vfio_iommu_group *group; 1892 1897 struct vfio_domain *domain; 1893 - struct vfio_iommu_group *group = NULL; 1894 1898 1895 1899 list_for_each_entry(domain, &iommu->domain_list, next) { 1896 1900 group = find_iommu_group(domain, iommu_group); ··· 1898 1902 return group; 1899 1903 } 1900 1904 1901 - if (iommu->external_domain) 1902 - group = find_iommu_group(iommu->external_domain, iommu_group); 1903 - 1904 - return group; 1905 + list_for_each_entry(group, &iommu->emulated_iommu_groups, next) 1906 + if (group->iommu_group == iommu_group) 1907 + return group; 1908 + return NULL; 1905 1909 } 1906 1910 1907 1911 static bool vfio_iommu_has_sw_msi(struct list_head *group_resv_regions, ··· 1928 1932 } 1929 1933 1930 1934 return ret; 1931 - } 1932 - 1933 - static int vfio_mdev_attach_domain(struct device *dev, void *data) 1934 - { 1935 - struct mdev_device *mdev = to_mdev_device(dev); 1936 - struct iommu_domain *domain = data; 1937 - struct device *iommu_device; 1938 - 1939 - iommu_device = mdev_get_iommu_device(mdev); 1940 - if (iommu_device) { 1941 - if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX)) 1942 - return iommu_aux_attach_device(domain, iommu_device); 1943 - else 1944 - return iommu_attach_device(domain, iommu_device); 1945 - } 1946 - 1947 - return -EINVAL; 1948 - } 1949 - 1950 - static int vfio_mdev_detach_domain(struct device *dev, void *data) 1951 - { 1952 - struct mdev_device *mdev = to_mdev_device(dev); 1953 - struct iommu_domain *domain = data; 1954 - struct device *iommu_device; 1955 - 1956 - iommu_device = mdev_get_iommu_device(mdev); 1957 - if (iommu_device) { 1958 - if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX)) 1959 - iommu_aux_detach_device(domain, iommu_device); 1960 - else 1961 - iommu_detach_device(domain, iommu_device); 1962 - } 1963 - 1964 - return 0; 1965 - } 1966 - 1967 - static int vfio_iommu_attach_group(struct vfio_domain *domain, 1968 - struct vfio_iommu_group *group) 1969 - { 1970 - if (group->mdev_group) 1971 - return iommu_group_for_each_dev(group->iommu_group, 1972 - domain->domain, 1973 - vfio_mdev_attach_domain); 1974 - else 1975 - return iommu_attach_group(domain->domain, group->iommu_group); 1976 - } 1977 - 1978 - static void vfio_iommu_detach_group(struct vfio_domain *domain, 1979 - struct vfio_iommu_group *group) 1980 - { 1981 - if (group->mdev_group) 1982 - iommu_group_for_each_dev(group->iommu_group, domain->domain, 1983 - vfio_mdev_detach_domain); 1984 - else 1985 - iommu_detach_group(domain->domain, group->iommu_group); 1986 - } 1987 - 1988 - static bool vfio_bus_is_mdev(struct bus_type *bus) 1989 - { 1990 - struct bus_type *mdev_bus; 1991 - bool ret = false; 1992 - 1993 - mdev_bus = symbol_get(mdev_bus_type); 1994 - if (mdev_bus) { 1995 - ret = (bus == mdev_bus); 1996 - symbol_put(mdev_bus_type); 1997 - } 1998 - 1999 - return ret; 2000 - } 2001 - 2002 - static int vfio_mdev_iommu_device(struct device *dev, void *data) 2003 - { 2004 - struct mdev_device *mdev = to_mdev_device(dev); 2005 - struct device **old = data, *new; 2006 - 2007 - new = mdev_get_iommu_device(mdev); 2008 - if (!new || (*old && *old != new)) 2009 - return -EINVAL; 2010 - 2011 - *old = new; 2012 - 2013 - return 0; 2014 1935 } 2015 1936 2016 1937 /* ··· 2154 2241 } 2155 2242 2156 2243 static int vfio_iommu_type1_attach_group(void *iommu_data, 2157 - struct iommu_group *iommu_group) 2244 + struct iommu_group *iommu_group, enum vfio_group_type type) 2158 2245 { 2159 2246 struct vfio_iommu *iommu = iommu_data; 2160 2247 struct vfio_iommu_group *group; 2161 2248 struct vfio_domain *domain, *d; 2162 2249 struct bus_type *bus = NULL; 2163 - int ret; 2164 2250 bool resv_msi, msi_remap; 2165 2251 phys_addr_t resv_msi_base = 0; 2166 2252 struct iommu_domain_geometry *geo; 2167 2253 LIST_HEAD(iova_copy); 2168 2254 LIST_HEAD(group_resv_regions); 2255 + int ret = -EINVAL; 2169 2256 2170 2257 mutex_lock(&iommu->lock); 2171 2258 2172 2259 /* Check for duplicates */ 2173 - if (vfio_iommu_find_iommu_group(iommu, iommu_group)) { 2174 - mutex_unlock(&iommu->lock); 2175 - return -EINVAL; 2176 - } 2260 + if (vfio_iommu_find_iommu_group(iommu, iommu_group)) 2261 + goto out_unlock; 2177 2262 2263 + ret = -ENOMEM; 2178 2264 group = kzalloc(sizeof(*group), GFP_KERNEL); 2179 - domain = kzalloc(sizeof(*domain), GFP_KERNEL); 2180 - if (!group || !domain) { 2181 - ret = -ENOMEM; 2182 - goto out_free; 2183 - } 2184 - 2265 + if (!group) 2266 + goto out_unlock; 2185 2267 group->iommu_group = iommu_group; 2268 + 2269 + if (type == VFIO_EMULATED_IOMMU) { 2270 + list_add(&group->next, &iommu->emulated_iommu_groups); 2271 + /* 2272 + * An emulated IOMMU group cannot dirty memory directly, it can 2273 + * only use interfaces that provide dirty tracking. 2274 + * The iommu scope can only be promoted with the addition of a 2275 + * dirty tracking group. 2276 + */ 2277 + group->pinned_page_dirty_scope = true; 2278 + ret = 0; 2279 + goto out_unlock; 2280 + } 2186 2281 2187 2282 /* Determine bus_type in order to allocate a domain */ 2188 2283 ret = iommu_group_for_each_dev(iommu_group, &bus, vfio_bus_type); 2189 2284 if (ret) 2190 - goto out_free; 2285 + goto out_free_group; 2191 2286 2192 - if (vfio_bus_is_mdev(bus)) { 2193 - struct device *iommu_device = NULL; 2287 + ret = -ENOMEM; 2288 + domain = kzalloc(sizeof(*domain), GFP_KERNEL); 2289 + if (!domain) 2290 + goto out_free_group; 2194 2291 2195 - group->mdev_group = true; 2196 - 2197 - /* Determine the isolation type */ 2198 - ret = iommu_group_for_each_dev(iommu_group, &iommu_device, 2199 - vfio_mdev_iommu_device); 2200 - if (ret || !iommu_device) { 2201 - if (!iommu->external_domain) { 2202 - INIT_LIST_HEAD(&domain->group_list); 2203 - iommu->external_domain = domain; 2204 - vfio_update_pgsize_bitmap(iommu); 2205 - } else { 2206 - kfree(domain); 2207 - } 2208 - 2209 - list_add(&group->next, 2210 - &iommu->external_domain->group_list); 2211 - /* 2212 - * Non-iommu backed group cannot dirty memory directly, 2213 - * it can only use interfaces that provide dirty 2214 - * tracking. 2215 - * The iommu scope can only be promoted with the 2216 - * addition of a dirty tracking group. 2217 - */ 2218 - group->pinned_page_dirty_scope = true; 2219 - mutex_unlock(&iommu->lock); 2220 - 2221 - return 0; 2222 - } 2223 - 2224 - bus = iommu_device->bus; 2225 - } 2226 - 2292 + ret = -EIO; 2227 2293 domain->domain = iommu_domain_alloc(bus); 2228 - if (!domain->domain) { 2229 - ret = -EIO; 2230 - goto out_free; 2231 - } 2294 + if (!domain->domain) 2295 + goto out_free_domain; 2232 2296 2233 2297 if (iommu->nesting) { 2234 2298 ret = iommu_enable_nesting(domain->domain); ··· 2213 2323 goto out_domain; 2214 2324 } 2215 2325 2216 - ret = vfio_iommu_attach_group(domain, group); 2326 + ret = iommu_attach_group(domain->domain, group->iommu_group); 2217 2327 if (ret) 2218 2328 goto out_domain; 2219 2329 ··· 2280 2390 list_for_each_entry(d, &iommu->domain_list, next) { 2281 2391 if (d->domain->ops == domain->domain->ops && 2282 2392 d->prot == domain->prot) { 2283 - vfio_iommu_detach_group(domain, group); 2284 - if (!vfio_iommu_attach_group(d, group)) { 2393 + iommu_detach_group(domain->domain, group->iommu_group); 2394 + if (!iommu_attach_group(d->domain, 2395 + group->iommu_group)) { 2285 2396 list_add(&group->next, &d->group_list); 2286 2397 iommu_domain_free(domain->domain); 2287 2398 kfree(domain); 2288 2399 goto done; 2289 2400 } 2290 2401 2291 - ret = vfio_iommu_attach_group(domain, group); 2402 + ret = iommu_attach_group(domain->domain, 2403 + group->iommu_group); 2292 2404 if (ret) 2293 2405 goto out_domain; 2294 2406 } ··· 2327 2435 return 0; 2328 2436 2329 2437 out_detach: 2330 - vfio_iommu_detach_group(domain, group); 2438 + iommu_detach_group(domain->domain, group->iommu_group); 2331 2439 out_domain: 2332 2440 iommu_domain_free(domain->domain); 2333 2441 vfio_iommu_iova_free(&iova_copy); 2334 2442 vfio_iommu_resv_free(&group_resv_regions); 2335 - out_free: 2443 + out_free_domain: 2336 2444 kfree(domain); 2445 + out_free_group: 2337 2446 kfree(group); 2447 + out_unlock: 2338 2448 mutex_unlock(&iommu->lock); 2339 2449 return ret; 2340 2450 } ··· 2461 2567 LIST_HEAD(iova_copy); 2462 2568 2463 2569 mutex_lock(&iommu->lock); 2570 + list_for_each_entry(group, &iommu->emulated_iommu_groups, next) { 2571 + if (group->iommu_group != iommu_group) 2572 + continue; 2573 + update_dirty_scope = !group->pinned_page_dirty_scope; 2574 + list_del(&group->next); 2575 + kfree(group); 2464 2576 2465 - if (iommu->external_domain) { 2466 - group = find_iommu_group(iommu->external_domain, iommu_group); 2467 - if (group) { 2468 - update_dirty_scope = !group->pinned_page_dirty_scope; 2469 - list_del(&group->next); 2470 - kfree(group); 2471 - 2472 - if (list_empty(&iommu->external_domain->group_list)) { 2473 - if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu)) { 2474 - WARN_ON(iommu->notifier.head); 2475 - vfio_iommu_unmap_unpin_all(iommu); 2476 - } 2477 - 2478 - kfree(iommu->external_domain); 2479 - iommu->external_domain = NULL; 2480 - } 2481 - goto detach_group_done; 2577 + if (list_empty(&iommu->emulated_iommu_groups) && 2578 + list_empty(&iommu->domain_list)) { 2579 + WARN_ON(iommu->notifier.head); 2580 + vfio_iommu_unmap_unpin_all(iommu); 2482 2581 } 2582 + goto detach_group_done; 2483 2583 } 2484 2584 2485 2585 /* ··· 2488 2600 if (!group) 2489 2601 continue; 2490 2602 2491 - vfio_iommu_detach_group(domain, group); 2603 + iommu_detach_group(domain->domain, group->iommu_group); 2492 2604 update_dirty_scope = !group->pinned_page_dirty_scope; 2493 2605 list_del(&group->next); 2494 2606 kfree(group); ··· 2501 2613 */ 2502 2614 if (list_empty(&domain->group_list)) { 2503 2615 if (list_is_singular(&iommu->domain_list)) { 2504 - if (!iommu->external_domain) { 2616 + if (list_empty(&iommu->emulated_iommu_groups)) { 2505 2617 WARN_ON(iommu->notifier.head); 2506 2618 vfio_iommu_unmap_unpin_all(iommu); 2507 2619 } else { ··· 2565 2677 mutex_init(&iommu->lock); 2566 2678 BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier); 2567 2679 init_waitqueue_head(&iommu->vaddr_wait); 2680 + iommu->pgsize_bitmap = PAGE_MASK; 2681 + INIT_LIST_HEAD(&iommu->emulated_iommu_groups); 2568 2682 2569 2683 return iommu; 2570 2684 } 2571 2685 2572 - static void vfio_release_domain(struct vfio_domain *domain, bool external) 2686 + static void vfio_release_domain(struct vfio_domain *domain) 2573 2687 { 2574 2688 struct vfio_iommu_group *group, *group_tmp; 2575 2689 2576 2690 list_for_each_entry_safe(group, group_tmp, 2577 2691 &domain->group_list, next) { 2578 - if (!external) 2579 - vfio_iommu_detach_group(domain, group); 2692 + iommu_detach_group(domain->domain, group->iommu_group); 2580 2693 list_del(&group->next); 2581 2694 kfree(group); 2582 2695 } 2583 2696 2584 - if (!external) 2585 - iommu_domain_free(domain->domain); 2697 + iommu_domain_free(domain->domain); 2586 2698 } 2587 2699 2588 2700 static void vfio_iommu_type1_release(void *iommu_data) 2589 2701 { 2590 2702 struct vfio_iommu *iommu = iommu_data; 2591 2703 struct vfio_domain *domain, *domain_tmp; 2704 + struct vfio_iommu_group *group, *next_group; 2592 2705 2593 - if (iommu->external_domain) { 2594 - vfio_release_domain(iommu->external_domain, true); 2595 - kfree(iommu->external_domain); 2706 + list_for_each_entry_safe(group, next_group, 2707 + &iommu->emulated_iommu_groups, next) { 2708 + list_del(&group->next); 2709 + kfree(group); 2596 2710 } 2597 2711 2598 2712 vfio_iommu_unmap_unpin_all(iommu); 2599 2713 2600 2714 list_for_each_entry_safe(domain, domain_tmp, 2601 2715 &iommu->domain_list, next) { 2602 - vfio_release_domain(domain, false); 2716 + vfio_release_domain(domain); 2603 2717 list_del(&domain->next); 2604 2718 kfree(domain); 2605 2719 }

+14

include/linux/fsl/mc.h

··· 620 620 u32 cmd_flags, 621 621 u16 token); 622 622 623 + int fsl_mc_obj_open(struct fsl_mc_io *mc_io, 624 + u32 cmd_flags, 625 + int obj_id, 626 + char *obj_type, 627 + u16 *token); 628 + 629 + int fsl_mc_obj_close(struct fsl_mc_io *mc_io, 630 + u32 cmd_flags, 631 + u16 token); 632 + 633 + int fsl_mc_obj_reset(struct fsl_mc_io *mc_io, 634 + u32 cmd_flags, 635 + u16 token); 636 + 623 637 /** 624 638 * struct dpcon_attr - Structure representing DPCON attributes 625 639 * @id: DPCON object ID

-20

include/linux/mdev.h

··· 18 18 void *driver_data; 19 19 struct list_head next; 20 20 struct mdev_type *type; 21 - struct device *iommu_device; 22 21 bool active; 23 22 }; 24 23 25 24 static inline struct mdev_device *to_mdev_device(struct device *dev) 26 25 { 27 26 return container_of(dev, struct mdev_device, dev); 28 - } 29 - 30 - /* 31 - * Called by the parent device driver to set the device which represents 32 - * this mdev in iommu protection scope. By default, the iommu device is 33 - * NULL, that indicates using vendor defined isolation. 34 - * 35 - * @dev: the mediated device that iommu will isolate. 36 - * @iommu_device: a pci device which represents the iommu for @dev. 37 - */ 38 - static inline void mdev_set_iommu_device(struct mdev_device *mdev, 39 - struct device *iommu_device) 40 - { 41 - mdev->iommu_device = iommu_device; 42 - } 43 - 44 - static inline struct device *mdev_get_iommu_device(struct mdev_device *mdev) 45 - { 46 - return mdev->iommu_device; 47 27 } 48 28 49 29 unsigned int mdev_get_type_group_id(struct mdev_device *mdev);

+1 -52

include/linux/vfio.h

··· 71 71 int (*match)(struct vfio_device *vdev, char *buf); 72 72 }; 73 73 74 - extern struct iommu_group *vfio_iommu_group_get(struct device *dev); 75 - extern void vfio_iommu_group_put(struct iommu_group *group, struct device *dev); 76 - 77 74 void vfio_init_group_dev(struct vfio_device *device, struct device *dev, 78 75 const struct vfio_device_ops *ops); 79 76 void vfio_uninit_group_dev(struct vfio_device *device); 80 77 int vfio_register_group_dev(struct vfio_device *device); 78 + int vfio_register_emulated_iommu_dev(struct vfio_device *device); 81 79 void vfio_unregister_group_dev(struct vfio_device *device); 82 80 extern struct vfio_device *vfio_device_get_from_dev(struct device *dev); 83 81 extern void vfio_device_put(struct vfio_device *device); 84 82 85 83 int vfio_assign_device_set(struct vfio_device *device, void *set_id); 86 - 87 - /* events for the backend driver notify callback */ 88 - enum vfio_iommu_notify_type { 89 - VFIO_IOMMU_CONTAINER_CLOSE = 0, 90 - }; 91 - 92 - /** 93 - * struct vfio_iommu_driver_ops - VFIO IOMMU driver callbacks 94 - */ 95 - struct vfio_iommu_driver_ops { 96 - char *name; 97 - struct module *owner; 98 - void *(*open)(unsigned long arg); 99 - void (*release)(void *iommu_data); 100 - ssize_t (*read)(void *iommu_data, char __user *buf, 101 - size_t count, loff_t *ppos); 102 - ssize_t (*write)(void *iommu_data, const char __user *buf, 103 - size_t count, loff_t *size); 104 - long (*ioctl)(void *iommu_data, unsigned int cmd, 105 - unsigned long arg); 106 - int (*mmap)(void *iommu_data, struct vm_area_struct *vma); 107 - int (*attach_group)(void *iommu_data, 108 - struct iommu_group *group); 109 - void (*detach_group)(void *iommu_data, 110 - struct iommu_group *group); 111 - int (*pin_pages)(void *iommu_data, 112 - struct iommu_group *group, 113 - unsigned long *user_pfn, 114 - int npage, int prot, 115 - unsigned long *phys_pfn); 116 - int (*unpin_pages)(void *iommu_data, 117 - unsigned long *user_pfn, int npage); 118 - int (*register_notifier)(void *iommu_data, 119 - unsigned long *events, 120 - struct notifier_block *nb); 121 - int (*unregister_notifier)(void *iommu_data, 122 - struct notifier_block *nb); 123 - int (*dma_rw)(void *iommu_data, dma_addr_t user_iova, 124 - void *data, size_t count, bool write); 125 - struct iommu_domain *(*group_iommu_domain)(void *iommu_data, 126 - struct iommu_group *group); 127 - void (*notify)(void *iommu_data, 128 - enum vfio_iommu_notify_type event); 129 - }; 130 - 131 - extern int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops); 132 - 133 - extern void vfio_unregister_iommu_driver( 134 - const struct vfio_iommu_driver_ops *ops); 135 84 136 85 /* 137 86 * External user API

+1 -1

samples/vfio-mdev/mbochs.c

··· 553 553 mbochs_create_config_space(mdev_state); 554 554 mbochs_reset(mdev_state); 555 555 556 - ret = vfio_register_group_dev(&mdev_state->vdev); 556 + ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev); 557 557 if (ret) 558 558 goto err_mem; 559 559 dev_set_drvdata(&mdev->dev, mdev_state);

+1 -1

samples/vfio-mdev/mdpy.c

··· 258 258 259 259 mdpy_count++; 260 260 261 - ret = vfio_register_group_dev(&mdev_state->vdev); 261 + ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev); 262 262 if (ret) 263 263 goto err_mem; 264 264 dev_set_drvdata(&mdev->dev, mdev_state);

+1 -1

samples/vfio-mdev/mtty.c

··· 741 741 742 742 mtty_create_config_space(mdev_state); 743 743 744 - ret = vfio_register_group_dev(&mdev_state->vdev); 744 + ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev); 745 745 if (ret) 746 746 goto err_vconfig; 747 747 dev_set_drvdata(&mdev->dev, mdev_state);