tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'vfio-v6.17-rc1-v2' of https://github.com/awilliam/linux-vfio

Pull VFIO updates from Alex Williamson:

- Fix imbalance where the no-iommu/cdev device path skips too much on
open, failing to increment a reference, but still decrements the
reference on close. Add bounds checking to prevent such underflows
(Jacob Pan)

- Fill missing detach_ioas op for pds_vfio_pci, fixing probe failure
when used with IOMMUFD (Brett Creeley)

- Split SR-IOV VFs to separate dev_set, avoiding unnecessary
serialization between VFs that appear on the same bus (Alex
Williamson)

- Fix a theoretical integer overflow is the mlx5-vfio-pci variant
driver (Artem Sadovnikov)

- Implement missing VF token checking support via vfio cdev/IOMMUFD
interface (Jason Gunthorpe)

- Update QAT vfio-pci variant driver to claim latest VF devices
(Małgorzata Mielnik)

- Add a cond_resched() call to avoid holding the CPU too long during
DMA mapping operations (Keith Busch)

* tag 'vfio-v6.17-rc1-v2' of https://github.com/awilliam/linux-vfio:
vfio/type1: conditional rescheduling while pinning
vfio/qat: add support for intel QAT 6xxx virtual functions
vfio/qat: Remove myself from VFIO QAT PCI driver maintainers
vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD
vfio/mlx5: fix possible overflow in tracking max message size
vfio/pci: Separate SR-IOV VF dev_set
vfio/pds: Fix missing detach_ioas op
vfio: Prevent open_count decrement to negative
vfio: Fix unbalanced vfio_df_close call in no-iommu mode

Linus Torvalds e8214ed5 cca7a0aa

+99 -22
-1
MAINTAINERS
··· 26455 26455 F: drivers/vfio/platform/ 26456 26456 26457 26457 VFIO QAT PCI DRIVER 26458 - M: Xin Zeng <xin.zeng@intel.com> 26459 26458 M: Giovanni Cabiddu <giovanni.cabiddu@intel.com> 26460 26459 L: kvm@vger.kernel.org 26461 26460 L: qat-linux@intel.com
+35 -3
drivers/vfio/device_cdev.c
··· 60 60 spin_unlock(&df->kvm_ref_lock); 61 61 } 62 62 63 + static int vfio_df_check_token(struct vfio_device *device, 64 + const struct vfio_device_bind_iommufd *bind) 65 + { 66 + uuid_t uuid; 67 + 68 + if (!device->ops->match_token_uuid) { 69 + if (bind->flags & VFIO_DEVICE_BIND_FLAG_TOKEN) 70 + return -EINVAL; 71 + return 0; 72 + } 73 + 74 + if (!(bind->flags & VFIO_DEVICE_BIND_FLAG_TOKEN)) 75 + return device->ops->match_token_uuid(device, NULL); 76 + 77 + if (copy_from_user(&uuid, u64_to_user_ptr(bind->token_uuid_ptr), 78 + sizeof(uuid))) 79 + return -EFAULT; 80 + return device->ops->match_token_uuid(device, &uuid); 81 + } 82 + 63 83 long vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df, 64 84 struct vfio_device_bind_iommufd __user *arg) 65 85 { 86 + const u32 VALID_FLAGS = VFIO_DEVICE_BIND_FLAG_TOKEN; 66 87 struct vfio_device *device = df->device; 67 88 struct vfio_device_bind_iommufd bind; 68 89 unsigned long minsz; 90 + u32 user_size; 69 91 int ret; 70 92 71 93 static_assert(__same_type(arg->out_devid, df->devid)); 72 94 73 95 minsz = offsetofend(struct vfio_device_bind_iommufd, out_devid); 74 96 75 - if (copy_from_user(&bind, arg, minsz)) 76 - return -EFAULT; 97 + ret = get_user(user_size, &arg->argsz); 98 + if (ret) 99 + return ret; 100 + if (user_size < minsz) 101 + return -EINVAL; 102 + ret = copy_struct_from_user(&bind, minsz, arg, user_size); 103 + if (ret) 104 + return ret; 77 105 78 - if (bind.argsz < minsz || bind.flags || bind.iommufd < 0) 106 + if (bind.iommufd < 0 || bind.flags & ~VALID_FLAGS) 79 107 return -EINVAL; 80 108 81 109 /* BIND_IOMMUFD only allowed for cdev fds */ ··· 120 92 ret = -EINVAL; 121 93 goto out_unlock; 122 94 } 95 + 96 + ret = vfio_df_check_token(device, &bind); 97 + if (ret) 98 + goto out_unlock; 123 99 124 100 df->iommufd = iommufd_ctx_from_fd(bind.iommufd); 125 101 if (IS_ERR(df->iommufd)) {
+3 -4
drivers/vfio/group.c
··· 192 192 * implies they expected translation to exist 193 193 */ 194 194 if (!capable(CAP_SYS_RAWIO) || 195 - vfio_iommufd_device_has_compat_ioas(device, df->iommufd)) 195 + vfio_iommufd_device_has_compat_ioas(device, df->iommufd)) { 196 196 ret = -EPERM; 197 - else 198 - ret = 0; 199 - goto out_put_kvm; 197 + goto out_put_kvm; 198 + } 200 199 } 201 200 202 201 ret = vfio_df_open(df);
+4
drivers/vfio/iommufd.c
··· 25 25 26 26 lockdep_assert_held(&vdev->dev_set->lock); 27 27 28 + /* Returns 0 to permit device opening under noiommu mode */ 29 + if (vfio_device_is_noiommu(vdev)) 30 + return 0; 31 + 28 32 return vdev->ops->bind_iommufd(vdev, ictx, &df->devid); 29 33 } 30 34
+1
drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
··· 1583 1583 .mmap = vfio_pci_core_mmap, 1584 1584 .request = vfio_pci_core_request, 1585 1585 .match = vfio_pci_core_match, 1586 + .match_token_uuid = vfio_pci_core_match_token_uuid, 1586 1587 .bind_iommufd = vfio_iommufd_physical_bind, 1587 1588 .unbind_iommufd = vfio_iommufd_physical_unbind, 1588 1589 .attach_ioas = vfio_iommufd_physical_attach_ioas,
+2 -2
drivers/vfio/pci/mlx5/cmd.c
··· 1523 1523 log_max_msg_size = MLX5_CAP_ADV_VIRTUALIZATION(mdev, pg_track_log_max_msg_size); 1524 1524 max_msg_size = (1ULL << log_max_msg_size); 1525 1525 /* The RQ must hold at least 4 WQEs/messages for successful QP creation */ 1526 - if (rq_size < 4 * max_msg_size) 1527 - rq_size = 4 * max_msg_size; 1526 + if (rq_size < 4ULL * max_msg_size) 1527 + rq_size = 4ULL * max_msg_size; 1528 1528 1529 1529 memset(tracker, 0, sizeof(*tracker)); 1530 1530 tracker->uar = mlx5_get_uars_page(mdev);
+1
drivers/vfio/pci/mlx5/main.c
··· 1372 1372 .mmap = vfio_pci_core_mmap, 1373 1373 .request = vfio_pci_core_request, 1374 1374 .match = vfio_pci_core_match, 1375 + .match_token_uuid = vfio_pci_core_match_token_uuid, 1375 1376 .bind_iommufd = vfio_iommufd_physical_bind, 1376 1377 .unbind_iommufd = vfio_iommufd_physical_unbind, 1377 1378 .attach_ioas = vfio_iommufd_physical_attach_ioas,
+2
drivers/vfio/pci/nvgrace-gpu/main.c
··· 696 696 .mmap = nvgrace_gpu_mmap, 697 697 .request = vfio_pci_core_request, 698 698 .match = vfio_pci_core_match, 699 + .match_token_uuid = vfio_pci_core_match_token_uuid, 699 700 .bind_iommufd = vfio_iommufd_physical_bind, 700 701 .unbind_iommufd = vfio_iommufd_physical_unbind, 701 702 .attach_ioas = vfio_iommufd_physical_attach_ioas, ··· 716 715 .mmap = vfio_pci_core_mmap, 717 716 .request = vfio_pci_core_request, 718 717 .match = vfio_pci_core_match, 718 + .match_token_uuid = vfio_pci_core_match_token_uuid, 719 719 .bind_iommufd = vfio_iommufd_physical_bind, 720 720 .unbind_iommufd = vfio_iommufd_physical_unbind, 721 721 .attach_ioas = vfio_iommufd_physical_attach_ioas,
+2
drivers/vfio/pci/pds/vfio_dev.c
··· 201 201 .mmap = vfio_pci_core_mmap, 202 202 .request = vfio_pci_core_request, 203 203 .match = vfio_pci_core_match, 204 + .match_token_uuid = vfio_pci_core_match_token_uuid, 204 205 .bind_iommufd = vfio_iommufd_physical_bind, 205 206 .unbind_iommufd = vfio_iommufd_physical_unbind, 206 207 .attach_ioas = vfio_iommufd_physical_attach_ioas, 208 + .detach_ioas = vfio_iommufd_physical_detach_ioas, 207 209 }; 208 210 209 211 const struct vfio_device_ops *pds_vfio_ops_info(void)
+4 -1
drivers/vfio/pci/qat/main.c
··· 614 614 .mmap = vfio_pci_core_mmap, 615 615 .request = vfio_pci_core_request, 616 616 .match = vfio_pci_core_match, 617 + .match_token_uuid = vfio_pci_core_match_token_uuid, 617 618 .bind_iommufd = vfio_iommufd_physical_bind, 618 619 .unbind_iommufd = vfio_iommufd_physical_unbind, 619 620 .attach_ioas = vfio_iommufd_physical_attach_ioas, ··· 676 675 { PCI_DRIVER_OVERRIDE_DEVICE_VFIO(PCI_VENDOR_ID_INTEL, 0x4941) }, 677 676 { PCI_DRIVER_OVERRIDE_DEVICE_VFIO(PCI_VENDOR_ID_INTEL, 0x4943) }, 678 677 { PCI_DRIVER_OVERRIDE_DEVICE_VFIO(PCI_VENDOR_ID_INTEL, 0x4945) }, 678 + /* Intel QAT GEN6 6xxx VF device */ 679 + { PCI_DRIVER_OVERRIDE_DEVICE_VFIO(PCI_VENDOR_ID_INTEL, 0x4949) }, 679 680 {} 680 681 }; 681 682 MODULE_DEVICE_TABLE(pci, qat_vf_vfio_pci_table); ··· 699 696 700 697 MODULE_LICENSE("GPL"); 701 698 MODULE_AUTHOR("Xin Zeng <xin.zeng@intel.com>"); 702 - MODULE_DESCRIPTION("QAT VFIO PCI - VFIO PCI driver with live migration support for Intel(R) QAT GEN4 device family"); 699 + MODULE_DESCRIPTION("QAT VFIO PCI - VFIO PCI driver with live migration support for Intel(R) QAT device family"); 703 700 MODULE_IMPORT_NS("CRYPTO_QAT");
+1
drivers/vfio/pci/vfio_pci.c
··· 138 138 .mmap = vfio_pci_core_mmap, 139 139 .request = vfio_pci_core_request, 140 140 .match = vfio_pci_core_match, 141 + .match_token_uuid = vfio_pci_core_match_token_uuid, 141 142 .bind_iommufd = vfio_iommufd_physical_bind, 142 143 .unbind_iommufd = vfio_iommufd_physical_unbind, 143 144 .attach_ioas = vfio_iommufd_physical_attach_ioas,
+15 -9
drivers/vfio/pci/vfio_pci_core.c
··· 1818 1818 } 1819 1819 EXPORT_SYMBOL_GPL(vfio_pci_core_request); 1820 1820 1821 - static int vfio_pci_validate_vf_token(struct vfio_pci_core_device *vdev, 1822 - bool vf_token, uuid_t *uuid) 1821 + int vfio_pci_core_match_token_uuid(struct vfio_device *core_vdev, 1822 + const uuid_t *uuid) 1823 + 1823 1824 { 1825 + struct vfio_pci_core_device *vdev = 1826 + container_of(core_vdev, struct vfio_pci_core_device, vdev); 1827 + 1824 1828 /* 1825 1829 * There's always some degree of trust or collaboration between SR-IOV 1826 1830 * PF and VFs, even if just that the PF hosts the SR-IOV capability and ··· 1855 1851 bool match; 1856 1852 1857 1853 if (!pf_vdev) { 1858 - if (!vf_token) 1854 + if (!uuid) 1859 1855 return 0; /* PF is not vfio-pci, no VF token */ 1860 1856 1861 1857 pci_info_ratelimited(vdev->pdev, ··· 1863 1859 return -EINVAL; 1864 1860 } 1865 1861 1866 - if (!vf_token) { 1862 + if (!uuid) { 1867 1863 pci_info_ratelimited(vdev->pdev, 1868 1864 "VF token required to access device\n"); 1869 1865 return -EACCES; ··· 1881 1877 } else if (vdev->vf_token) { 1882 1878 mutex_lock(&vdev->vf_token->lock); 1883 1879 if (vdev->vf_token->users) { 1884 - if (!vf_token) { 1880 + if (!uuid) { 1885 1881 mutex_unlock(&vdev->vf_token->lock); 1886 1882 pci_info_ratelimited(vdev->pdev, 1887 1883 "VF token required to access device\n"); ··· 1894 1890 "Incorrect VF token provided for device\n"); 1895 1891 return -EACCES; 1896 1892 } 1897 - } else if (vf_token) { 1893 + } else if (uuid) { 1898 1894 uuid_copy(&vdev->vf_token->uuid, uuid); 1899 1895 } 1900 1896 1901 1897 mutex_unlock(&vdev->vf_token->lock); 1902 - } else if (vf_token) { 1898 + } else if (uuid) { 1903 1899 pci_info_ratelimited(vdev->pdev, 1904 1900 "VF token incorrectly provided, not a PF or VF\n"); 1905 1901 return -EINVAL; ··· 1907 1903 1908 1904 return 0; 1909 1905 } 1906 + EXPORT_SYMBOL_GPL(vfio_pci_core_match_token_uuid); 1910 1907 1911 1908 #define VF_TOKEN_ARG "vf_token=" 1912 1909 ··· 1954 1949 } 1955 1950 } 1956 1951 1957 - ret = vfio_pci_validate_vf_token(vdev, vf_token, &uuid); 1952 + ret = core_vdev->ops->match_token_uuid(core_vdev, 1953 + vf_token ? &uuid : NULL); 1958 1954 if (ret) 1959 1955 return ret; 1960 1956 ··· 2152 2146 return -EBUSY; 2153 2147 } 2154 2148 2155 - if (pci_is_root_bus(pdev->bus)) { 2149 + if (pci_is_root_bus(pdev->bus) || pdev->is_virtfn) { 2156 2150 ret = vfio_assign_device_set(&vdev->vdev, vdev); 2157 2151 } else if (!pci_probe_reset_slot(pdev->slot)) { 2158 2152 ret = vfio_assign_device_set(&vdev->vdev, pdev->slot);
+3
drivers/vfio/pci/virtio/main.c
··· 94 94 .mmap = vfio_pci_core_mmap, 95 95 .request = vfio_pci_core_request, 96 96 .match = vfio_pci_core_match, 97 + .match_token_uuid = vfio_pci_core_match_token_uuid, 97 98 .bind_iommufd = vfio_iommufd_physical_bind, 98 99 .unbind_iommufd = vfio_iommufd_physical_unbind, 99 100 .attach_ioas = vfio_iommufd_physical_attach_ioas, ··· 115 114 .mmap = vfio_pci_core_mmap, 116 115 .request = vfio_pci_core_request, 117 116 .match = vfio_pci_core_match, 117 + .match_token_uuid = vfio_pci_core_match_token_uuid, 118 118 .bind_iommufd = vfio_iommufd_physical_bind, 119 119 .unbind_iommufd = vfio_iommufd_physical_unbind, 120 120 .attach_ioas = vfio_iommufd_physical_attach_ioas, ··· 136 134 .mmap = vfio_pci_core_mmap, 137 135 .request = vfio_pci_core_request, 138 136 .match = vfio_pci_core_match, 137 + .match_token_uuid = vfio_pci_core_match_token_uuid, 139 138 .bind_iommufd = vfio_iommufd_physical_bind, 140 139 .unbind_iommufd = vfio_iommufd_physical_unbind, 141 140 .attach_ioas = vfio_iommufd_physical_attach_ioas,
+7
drivers/vfio/vfio_iommu_type1.c
··· 647 647 648 648 while (npage) { 649 649 if (!batch->size) { 650 + /* 651 + * Large mappings may take a while to repeatedly refill 652 + * the batch, so conditionally relinquish the CPU when 653 + * needed to avoid stalls. 654 + */ 655 + cond_resched(); 656 + 650 657 /* Empty batch, so refill it. */ 651 658 ret = vaddr_get_pfns(mm, vaddr, npage, dma->prot, 652 659 &pfn, batch);
+2 -1
drivers/vfio/vfio_main.c
··· 583 583 584 584 lockdep_assert_held(&device->dev_set->lock); 585 585 586 - vfio_assert_device_open(device); 586 + if (!vfio_assert_device_open(device)) 587 + return; 587 588 if (device->open_count == 1) 588 589 vfio_df_device_last_close(df); 589 590 device->open_count--;
+4
include/linux/vfio.h
··· 105 105 * @match: Optional device name match callback (return: 0 for no-match, >0 for 106 106 * match, -errno for abort (ex. match with insufficient or incorrect 107 107 * additional args) 108 + * @match_token_uuid: Optional device token match/validation. Return 0 109 + * if the uuid is valid for the device, -errno otherwise. uuid is NULL 110 + * if none was provided. 108 111 * @dma_unmap: Called when userspace unmaps IOVA from the container 109 112 * this device is attached to. 110 113 * @device_feature: Optional, fill in the VFIO_DEVICE_FEATURE ioctl ··· 135 132 int (*mmap)(struct vfio_device *vdev, struct vm_area_struct *vma); 136 133 void (*request)(struct vfio_device *vdev, unsigned int count); 137 134 int (*match)(struct vfio_device *vdev, char *buf); 135 + int (*match_token_uuid)(struct vfio_device *vdev, const uuid_t *uuid); 138 136 void (*dma_unmap)(struct vfio_device *vdev, u64 iova, u64 length); 139 137 int (*device_feature)(struct vfio_device *device, u32 flags, 140 138 void __user *arg, size_t argsz);
+2
include/linux/vfio_pci_core.h
··· 122 122 int vfio_pci_core_mmap(struct vfio_device *core_vdev, struct vm_area_struct *vma); 123 123 void vfio_pci_core_request(struct vfio_device *core_vdev, unsigned int count); 124 124 int vfio_pci_core_match(struct vfio_device *core_vdev, char *buf); 125 + int vfio_pci_core_match_token_uuid(struct vfio_device *core_vdev, 126 + const uuid_t *uuid); 125 127 int vfio_pci_core_enable(struct vfio_pci_core_device *vdev); 126 128 void vfio_pci_core_disable(struct vfio_pci_core_device *vdev); 127 129 void vfio_pci_core_finish_enable(struct vfio_pci_core_device *vdev);
+11 -1
include/uapi/linux/vfio.h
··· 905 905 * VFIO_DEVICE_BIND_IOMMUFD - _IOR(VFIO_TYPE, VFIO_BASE + 18, 906 906 * struct vfio_device_bind_iommufd) 907 907 * @argsz: User filled size of this data. 908 - * @flags: Must be 0. 908 + * @flags: Must be 0 or a bit flags of VFIO_DEVICE_BIND_* 909 909 * @iommufd: iommufd to bind. 910 910 * @out_devid: The device id generated by this bind. devid is a handle for 911 911 * this device/iommufd bond and can be used in IOMMUFD commands. 912 + * @token_uuid_ptr: Valid if VFIO_DEVICE_BIND_FLAG_TOKEN. Points to a 16 byte 913 + * UUID in the same format as VFIO_DEVICE_FEATURE_PCI_VF_TOKEN. 912 914 * 913 915 * Bind a vfio_device to the specified iommufd. 914 916 * ··· 919 917 * 920 918 * Unbind is automatically conducted when device fd is closed. 921 919 * 920 + * A token is sometimes required to open the device, unless this is known to be 921 + * needed VFIO_DEVICE_BIND_FLAG_TOKEN should not be set and token_uuid_ptr is 922 + * ignored. The only case today is a PF/VF relationship where the VF bind must 923 + * be provided the same token as VFIO_DEVICE_FEATURE_PCI_VF_TOKEN provided to 924 + * the PF. 925 + * 922 926 * Return: 0 on success, -errno on failure. 923 927 */ 924 928 struct vfio_device_bind_iommufd { 925 929 __u32 argsz; 926 930 __u32 flags; 931 + #define VFIO_DEVICE_BIND_FLAG_TOKEN (1 << 0) 927 932 __s32 iommufd; 928 933 __u32 out_devid; 934 + __aligned_u64 token_uuid_ptr; 929 935 }; 930 936 931 937 #define VFIO_DEVICE_BIND_IOMMUFD _IO(VFIO_TYPE, VFIO_BASE + 18)