4 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
5 * Author: Alex Williamson <alex.williamson@redhat.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Derived from original vfio:
12 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
13 * Author: Tom Lyon, pugs@cisco.com
16 #include <linux/cdev.h>
17 #include <linux/compat.h>
18 #include <linux/device.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
22 #include <linux/idr.h>
23 #include <linux/iommu.h>
24 #include <linux/list.h>
25 #include <linux/miscdevice.h>
26 #include <linux/module.h>
27 #include <linux/mutex.h>
28 #include <linux/pci.h>
29 #include <linux/rwsem.h>
30 #include <linux/sched.h>
31 #include <linux/slab.h>
32 #include <linux/stat.h>
33 #include <linux/string.h>
34 #include <linux/uaccess.h>
35 #include <linux/vfio.h>
36 #include <linux/wait.h>
37 #include <linux/sched/signal.h>
39 #define DRIVER_VERSION "0.3"
40 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
41 #define DRIVER_DESC "VFIO - User Level meta-driver"
45 struct list_head iommu_drivers_list;
46 struct mutex iommu_drivers_lock;
47 struct list_head group_list;
49 struct mutex group_lock;
50 struct cdev group_cdev;
52 wait_queue_head_t release_q;
55 struct vfio_iommu_driver {
56 const struct vfio_iommu_driver_ops *ops;
57 struct list_head vfio_next;
60 struct vfio_container {
62 struct list_head group_list;
63 struct rw_semaphore group_lock;
64 struct vfio_iommu_driver *iommu_driver;
69 struct vfio_unbound_dev {
71 struct list_head unbound_next;
77 atomic_t container_users;
78 struct iommu_group *iommu_group;
79 struct vfio_container *container;
80 struct list_head device_list;
81 struct mutex device_lock;
83 struct notifier_block nb;
84 struct list_head vfio_next;
85 struct list_head container_next;
86 struct list_head unbound_list;
87 struct mutex unbound_lock;
89 wait_queue_head_t container_q;
92 struct blocking_notifier_head notifier;
98 const struct vfio_device_ops *ops;
99 struct vfio_group *group;
100 struct list_head group_next;
104 #ifdef CONFIG_VFIO_NOIOMMU
105 static bool noiommu __read_mostly;
106 module_param_named(enable_unsafe_noiommu_mode,
107 noiommu, bool, S_IRUGO | S_IWUSR);
108 MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
112 * vfio_iommu_group_{get,put} are only intended for VFIO bus driver probe
113 * and remove functions, any use cases other than acquiring the first
114 * reference for the purpose of calling vfio_add_group_dev() or removing
115 * that symmetric reference after vfio_del_group_dev() should use the raw
116 * iommu_group_{get,put} functions. In particular, vfio_iommu_group_put()
117 * removes the device from the dummy group and cannot be nested.
119 struct iommu_group *vfio_iommu_group_get(struct device *dev)
121 struct iommu_group *group;
122 int __maybe_unused ret;
124 group = iommu_group_get(dev);
126 #ifdef CONFIG_VFIO_NOIOMMU
128 * With noiommu enabled, an IOMMU group will be created for a device
129 * that doesn't already have one and doesn't have an iommu_ops on their
130 * bus. We set iommudata simply to be able to identify these groups
131 * as special use and for reclamation later.
133 if (group || !noiommu || iommu_present(dev->bus))
136 group = iommu_group_alloc();
140 iommu_group_set_name(group, "vfio-noiommu");
141 iommu_group_set_iommudata(group, &noiommu, NULL);
142 ret = iommu_group_add_device(group, dev);
144 iommu_group_put(group);
149 * Where to taint? At this point we've added an IOMMU group for a
150 * device that is not backed by iommu_ops, therefore any iommu_
151 * callback using iommu_ops can legitimately Oops. So, while we may
152 * be about to give a DMA capable device to a user without IOMMU
153 * protection, which is clearly taint-worthy, let's go ahead and do
156 add_taint(TAINT_USER, LOCKDEP_STILL_OK);
157 dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
162 EXPORT_SYMBOL_GPL(vfio_iommu_group_get);
164 void vfio_iommu_group_put(struct iommu_group *group, struct device *dev)
166 #ifdef CONFIG_VFIO_NOIOMMU
167 if (iommu_group_get_iommudata(group) == &noiommu)
168 iommu_group_remove_device(dev);
171 iommu_group_put(group);
173 EXPORT_SYMBOL_GPL(vfio_iommu_group_put);
175 #ifdef CONFIG_VFIO_NOIOMMU
176 static void *vfio_noiommu_open(unsigned long arg)
178 if (arg != VFIO_NOIOMMU_IOMMU)
179 return ERR_PTR(-EINVAL);
180 if (!capable(CAP_SYS_RAWIO))
181 return ERR_PTR(-EPERM);
186 static void vfio_noiommu_release(void *iommu_data)
190 static long vfio_noiommu_ioctl(void *iommu_data,
191 unsigned int cmd, unsigned long arg)
193 if (cmd == VFIO_CHECK_EXTENSION)
194 return noiommu && (arg == VFIO_NOIOMMU_IOMMU) ? 1 : 0;
199 static int vfio_noiommu_attach_group(void *iommu_data,
200 struct iommu_group *iommu_group)
202 return iommu_group_get_iommudata(iommu_group) == &noiommu ? 0 : -EINVAL;
205 static void vfio_noiommu_detach_group(void *iommu_data,
206 struct iommu_group *iommu_group)
210 static const struct vfio_iommu_driver_ops vfio_noiommu_ops = {
211 .name = "vfio-noiommu",
212 .owner = THIS_MODULE,
213 .open = vfio_noiommu_open,
214 .release = vfio_noiommu_release,
215 .ioctl = vfio_noiommu_ioctl,
216 .attach_group = vfio_noiommu_attach_group,
217 .detach_group = vfio_noiommu_detach_group,
223 * IOMMU driver registration
225 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
227 struct vfio_iommu_driver *driver, *tmp;
229 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
235 mutex_lock(&vfio.iommu_drivers_lock);
237 /* Check for duplicates */
238 list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
239 if (tmp->ops == ops) {
240 mutex_unlock(&vfio.iommu_drivers_lock);
246 list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
248 mutex_unlock(&vfio.iommu_drivers_lock);
252 EXPORT_SYMBOL_GPL(vfio_register_iommu_driver);
254 void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops)
256 struct vfio_iommu_driver *driver;
258 mutex_lock(&vfio.iommu_drivers_lock);
259 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
260 if (driver->ops == ops) {
261 list_del(&driver->vfio_next);
262 mutex_unlock(&vfio.iommu_drivers_lock);
267 mutex_unlock(&vfio.iommu_drivers_lock);
269 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver);
272 * Group minor allocation/free - both called with vfio.group_lock held
274 static int vfio_alloc_group_minor(struct vfio_group *group)
276 return idr_alloc(&vfio.group_idr, group, 0, MINORMASK + 1, GFP_KERNEL);
279 static void vfio_free_group_minor(int minor)
281 idr_remove(&vfio.group_idr, minor);
284 static int vfio_iommu_group_notifier(struct notifier_block *nb,
285 unsigned long action, void *data);
286 static void vfio_group_get(struct vfio_group *group);
289 * Container objects - containers are created when /dev/vfio/vfio is
290 * opened, but their lifecycle extends until the last user is done, so
291 * it's freed via kref. Must support container/group/device being
292 * closed in any order.
294 static void vfio_container_get(struct vfio_container *container)
296 kref_get(&container->kref);
299 static void vfio_container_release(struct kref *kref)
301 struct vfio_container *container;
302 container = container_of(kref, struct vfio_container, kref);
307 static void vfio_container_put(struct vfio_container *container)
309 kref_put(&container->kref, vfio_container_release);
312 static void vfio_group_unlock_and_free(struct vfio_group *group)
314 mutex_unlock(&vfio.group_lock);
316 * Unregister outside of lock. A spurious callback is harmless now
317 * that the group is no longer in vfio.group_list.
319 iommu_group_unregister_notifier(group->iommu_group, &group->nb);
324 * Group objects - create, release, get, put, search
326 static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
328 struct vfio_group *group, *tmp;
332 group = kzalloc(sizeof(*group), GFP_KERNEL);
334 return ERR_PTR(-ENOMEM);
336 kref_init(&group->kref);
337 INIT_LIST_HEAD(&group->device_list);
338 mutex_init(&group->device_lock);
339 INIT_LIST_HEAD(&group->unbound_list);
340 mutex_init(&group->unbound_lock);
341 atomic_set(&group->container_users, 0);
342 atomic_set(&group->opened, 0);
343 init_waitqueue_head(&group->container_q);
344 group->iommu_group = iommu_group;
345 #ifdef CONFIG_VFIO_NOIOMMU
346 group->noiommu = (iommu_group_get_iommudata(iommu_group) == &noiommu);
348 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
350 group->nb.notifier_call = vfio_iommu_group_notifier;
353 * blocking notifiers acquire a rwsem around registering and hold
354 * it around callback. Therefore, need to register outside of
355 * vfio.group_lock to avoid A-B/B-A contention. Our callback won't
356 * do anything unless it can find the group in vfio.group_list, so
357 * no harm in registering early.
359 ret = iommu_group_register_notifier(iommu_group, &group->nb);
365 mutex_lock(&vfio.group_lock);
367 /* Did we race creating this group? */
368 list_for_each_entry(tmp, &vfio.group_list, vfio_next) {
369 if (tmp->iommu_group == iommu_group) {
371 vfio_group_unlock_and_free(group);
376 minor = vfio_alloc_group_minor(group);
378 vfio_group_unlock_and_free(group);
379 return ERR_PTR(minor);
382 dev = device_create(vfio.class, NULL,
383 MKDEV(MAJOR(vfio.group_devt), minor),
384 group, "%s%d", group->noiommu ? "noiommu-" : "",
385 iommu_group_id(iommu_group));
387 vfio_free_group_minor(minor);
388 vfio_group_unlock_and_free(group);
389 return ERR_CAST(dev);
392 group->minor = minor;
395 list_add(&group->vfio_next, &vfio.group_list);
397 mutex_unlock(&vfio.group_lock);
402 /* called with vfio.group_lock held */
403 static void vfio_group_release(struct kref *kref)
405 struct vfio_group *group = container_of(kref, struct vfio_group, kref);
406 struct vfio_unbound_dev *unbound, *tmp;
407 struct iommu_group *iommu_group = group->iommu_group;
409 WARN_ON(!list_empty(&group->device_list));
410 WARN_ON(group->notifier.head);
412 list_for_each_entry_safe(unbound, tmp,
413 &group->unbound_list, unbound_next) {
414 list_del(&unbound->unbound_next);
418 device_destroy(vfio.class, MKDEV(MAJOR(vfio.group_devt), group->minor));
419 list_del(&group->vfio_next);
420 vfio_free_group_minor(group->minor);
421 vfio_group_unlock_and_free(group);
422 iommu_group_put(iommu_group);
425 static void vfio_group_put(struct vfio_group *group)
427 kref_put_mutex(&group->kref, vfio_group_release, &vfio.group_lock);
430 struct vfio_group_put_work {
431 struct work_struct work;
432 struct vfio_group *group;
435 static void vfio_group_put_bg(struct work_struct *work)
437 struct vfio_group_put_work *do_work;
439 do_work = container_of(work, struct vfio_group_put_work, work);
441 vfio_group_put(do_work->group);
445 static void vfio_group_schedule_put(struct vfio_group *group)
447 struct vfio_group_put_work *do_work;
449 do_work = kmalloc(sizeof(*do_work), GFP_KERNEL);
450 if (WARN_ON(!do_work))
453 INIT_WORK(&do_work->work, vfio_group_put_bg);
454 do_work->group = group;
455 schedule_work(&do_work->work);
458 /* Assume group_lock or group reference is held */
459 static void vfio_group_get(struct vfio_group *group)
461 kref_get(&group->kref);
465 * Not really a try as we will sleep for mutex, but we need to make
466 * sure the group pointer is valid under lock and get a reference.
468 static struct vfio_group *vfio_group_try_get(struct vfio_group *group)
470 struct vfio_group *target = group;
472 mutex_lock(&vfio.group_lock);
473 list_for_each_entry(group, &vfio.group_list, vfio_next) {
474 if (group == target) {
475 vfio_group_get(group);
476 mutex_unlock(&vfio.group_lock);
480 mutex_unlock(&vfio.group_lock);
486 struct vfio_group *vfio_group_get_from_iommu(struct iommu_group *iommu_group)
488 struct vfio_group *group;
490 mutex_lock(&vfio.group_lock);
491 list_for_each_entry(group, &vfio.group_list, vfio_next) {
492 if (group->iommu_group == iommu_group) {
493 vfio_group_get(group);
494 mutex_unlock(&vfio.group_lock);
498 mutex_unlock(&vfio.group_lock);
503 static struct vfio_group *vfio_group_get_from_minor(int minor)
505 struct vfio_group *group;
507 mutex_lock(&vfio.group_lock);
508 group = idr_find(&vfio.group_idr, minor);
510 mutex_unlock(&vfio.group_lock);
513 vfio_group_get(group);
514 mutex_unlock(&vfio.group_lock);
519 static struct vfio_group *vfio_group_get_from_dev(struct device *dev)
521 struct iommu_group *iommu_group;
522 struct vfio_group *group;
524 iommu_group = iommu_group_get(dev);
528 group = vfio_group_get_from_iommu(iommu_group);
529 iommu_group_put(iommu_group);
535 * Device objects - create, release, get, put, search
538 struct vfio_device *vfio_group_create_device(struct vfio_group *group,
540 const struct vfio_device_ops *ops,
543 struct vfio_device *device;
545 device = kzalloc(sizeof(*device), GFP_KERNEL);
547 return ERR_PTR(-ENOMEM);
549 kref_init(&device->kref);
551 device->group = group;
553 device->device_data = device_data;
554 dev_set_drvdata(dev, device);
556 /* No need to get group_lock, caller has group reference */
557 vfio_group_get(group);
559 mutex_lock(&group->device_lock);
560 list_add(&device->group_next, &group->device_list);
561 mutex_unlock(&group->device_lock);
566 static void vfio_device_release(struct kref *kref)
568 struct vfio_device *device = container_of(kref,
569 struct vfio_device, kref);
570 struct vfio_group *group = device->group;
572 list_del(&device->group_next);
573 mutex_unlock(&group->device_lock);
575 dev_set_drvdata(device->dev, NULL);
579 /* vfio_del_group_dev may be waiting for this device */
580 wake_up(&vfio.release_q);
583 /* Device reference always implies a group reference */
584 void vfio_device_put(struct vfio_device *device)
586 struct vfio_group *group = device->group;
587 kref_put_mutex(&device->kref, vfio_device_release, &group->device_lock);
588 vfio_group_put(group);
590 EXPORT_SYMBOL_GPL(vfio_device_put);
592 static void vfio_device_get(struct vfio_device *device)
594 vfio_group_get(device->group);
595 kref_get(&device->kref);
598 static struct vfio_device *vfio_group_get_device(struct vfio_group *group,
601 struct vfio_device *device;
603 mutex_lock(&group->device_lock);
604 list_for_each_entry(device, &group->device_list, group_next) {
605 if (device->dev == dev) {
606 vfio_device_get(device);
607 mutex_unlock(&group->device_lock);
611 mutex_unlock(&group->device_lock);
616 * Some drivers, like pci-stub, are only used to prevent other drivers from
617 * claiming a device and are therefore perfectly legitimate for a user owned
618 * group. The pci-stub driver has no dependencies on DMA or the IOVA mapping
619 * of the device, but it does prevent the user from having direct access to
620 * the device, which is useful in some circumstances.
622 * We also assume that we can include PCI interconnect devices, ie. bridges.
623 * IOMMU grouping on PCI necessitates that if we lack isolation on a bridge
624 * then all of the downstream devices will be part of the same IOMMU group as
625 * the bridge. Thus, if placing the bridge into the user owned IOVA space
626 * breaks anything, it only does so for user owned devices downstream. Note
627 * that error notification via MSI can be affected for platforms that handle
628 * MSI within the same IOVA space as DMA.
630 static const char * const vfio_driver_whitelist[] = { "pci-stub" };
632 static bool vfio_dev_whitelisted(struct device *dev, struct device_driver *drv)
634 if (dev_is_pci(dev)) {
635 struct pci_dev *pdev = to_pci_dev(dev);
637 if (pdev->hdr_type != PCI_HEADER_TYPE_NORMAL)
641 return match_string(vfio_driver_whitelist,
642 ARRAY_SIZE(vfio_driver_whitelist),
647 * A vfio group is viable for use by userspace if all devices are in
648 * one of the following states:
650 * - bound to a vfio driver
651 * - bound to a whitelisted driver
652 * - a PCI interconnect device
654 * We use two methods to determine whether a device is bound to a vfio
655 * driver. The first is to test whether the device exists in the vfio
656 * group. The second is to test if the device exists on the group
657 * unbound_list, indicating it's in the middle of transitioning from
658 * a vfio driver to driver-less.
660 static int vfio_dev_viable(struct device *dev, void *data)
662 struct vfio_group *group = data;
663 struct vfio_device *device;
664 struct device_driver *drv = READ_ONCE(dev->driver);
665 struct vfio_unbound_dev *unbound;
668 mutex_lock(&group->unbound_lock);
669 list_for_each_entry(unbound, &group->unbound_list, unbound_next) {
670 if (dev == unbound->dev) {
675 mutex_unlock(&group->unbound_lock);
677 if (!ret || !drv || vfio_dev_whitelisted(dev, drv))
680 device = vfio_group_get_device(group, dev);
682 vfio_device_put(device);
690 * Async device support
692 static int vfio_group_nb_add_dev(struct vfio_group *group, struct device *dev)
694 struct vfio_device *device;
696 /* Do we already know about it? We shouldn't */
697 device = vfio_group_get_device(group, dev);
698 if (WARN_ON_ONCE(device)) {
699 vfio_device_put(device);
703 /* Nothing to do for idle groups */
704 if (!atomic_read(&group->container_users))
707 /* TODO Prevent device auto probing */
708 WARN(1, "Device %s added to live group %d!\n", dev_name(dev),
709 iommu_group_id(group->iommu_group));
714 static int vfio_group_nb_verify(struct vfio_group *group, struct device *dev)
716 /* We don't care what happens when the group isn't in use */
717 if (!atomic_read(&group->container_users))
720 return vfio_dev_viable(dev, group);
723 static int vfio_iommu_group_notifier(struct notifier_block *nb,
724 unsigned long action, void *data)
726 struct vfio_group *group = container_of(nb, struct vfio_group, nb);
727 struct device *dev = data;
728 struct vfio_unbound_dev *unbound;
731 * Need to go through a group_lock lookup to get a reference or we
732 * risk racing a group being removed. Ignore spurious notifies.
734 group = vfio_group_try_get(group);
739 case IOMMU_GROUP_NOTIFY_ADD_DEVICE:
740 vfio_group_nb_add_dev(group, dev);
742 case IOMMU_GROUP_NOTIFY_DEL_DEVICE:
744 * Nothing to do here. If the device is in use, then the
745 * vfio sub-driver should block the remove callback until
746 * it is unused. If the device is unused or attached to a
747 * stub driver, then it should be released and we don't
748 * care that it will be going away.
751 case IOMMU_GROUP_NOTIFY_BIND_DRIVER:
752 pr_debug("%s: Device %s, group %d binding to driver\n",
753 __func__, dev_name(dev),
754 iommu_group_id(group->iommu_group));
756 case IOMMU_GROUP_NOTIFY_BOUND_DRIVER:
757 pr_debug("%s: Device %s, group %d bound to driver %s\n",
758 __func__, dev_name(dev),
759 iommu_group_id(group->iommu_group), dev->driver->name);
760 BUG_ON(vfio_group_nb_verify(group, dev));
762 case IOMMU_GROUP_NOTIFY_UNBIND_DRIVER:
763 pr_debug("%s: Device %s, group %d unbinding from driver %s\n",
764 __func__, dev_name(dev),
765 iommu_group_id(group->iommu_group), dev->driver->name);
767 case IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER:
768 pr_debug("%s: Device %s, group %d unbound from driver\n",
769 __func__, dev_name(dev),
770 iommu_group_id(group->iommu_group));
772 * XXX An unbound device in a live group is ok, but we'd
773 * really like to avoid the above BUG_ON by preventing other
774 * drivers from binding to it. Once that occurs, we have to
775 * stop the system to maintain isolation. At a minimum, we'd
776 * want a toggle to disable driver auto probe for this device.
779 mutex_lock(&group->unbound_lock);
780 list_for_each_entry(unbound,
781 &group->unbound_list, unbound_next) {
782 if (dev == unbound->dev) {
783 list_del(&unbound->unbound_next);
788 mutex_unlock(&group->unbound_lock);
793 * If we're the last reference to the group, the group will be
794 * released, which includes unregistering the iommu group notifier.
795 * We hold a read-lock on that notifier list, unregistering needs
796 * a write-lock... deadlock. Release our reference asynchronously
797 * to avoid that situation.
799 vfio_group_schedule_put(group);
806 int vfio_add_group_dev(struct device *dev,
807 const struct vfio_device_ops *ops, void *device_data)
809 struct iommu_group *iommu_group;
810 struct vfio_group *group;
811 struct vfio_device *device;
813 iommu_group = iommu_group_get(dev);
817 group = vfio_group_get_from_iommu(iommu_group);
819 group = vfio_create_group(iommu_group);
821 iommu_group_put(iommu_group);
822 return PTR_ERR(group);
826 * A found vfio_group already holds a reference to the
827 * iommu_group. A created vfio_group keeps the reference.
829 iommu_group_put(iommu_group);
832 device = vfio_group_get_device(group, dev);
834 WARN(1, "Device %s already exists on group %d\n",
835 dev_name(dev), iommu_group_id(iommu_group));
836 vfio_device_put(device);
837 vfio_group_put(group);
841 device = vfio_group_create_device(group, dev, ops, device_data);
842 if (IS_ERR(device)) {
843 vfio_group_put(group);
844 return PTR_ERR(device);
848 * Drop all but the vfio_device reference. The vfio_device holds
849 * a reference to the vfio_group, which holds a reference to the
852 vfio_group_put(group);
856 EXPORT_SYMBOL_GPL(vfio_add_group_dev);
859 * Get a reference to the vfio_device for a device. Even if the
860 * caller thinks they own the device, they could be racing with a
861 * release call path, so we can't trust drvdata for the shortcut.
862 * Go the long way around, from the iommu_group to the vfio_group
863 * to the vfio_device.
865 struct vfio_device *vfio_device_get_from_dev(struct device *dev)
867 struct vfio_group *group;
868 struct vfio_device *device;
870 group = vfio_group_get_from_dev(dev);
874 device = vfio_group_get_device(group, dev);
875 vfio_group_put(group);
879 EXPORT_SYMBOL_GPL(vfio_device_get_from_dev);
881 static struct vfio_device *vfio_device_get_from_name(struct vfio_group *group,
884 struct vfio_device *it, *device = NULL;
886 mutex_lock(&group->device_lock);
887 list_for_each_entry(it, &group->device_list, group_next) {
888 if (!strcmp(dev_name(it->dev), buf)) {
890 vfio_device_get(device);
894 mutex_unlock(&group->device_lock);
900 * Caller must hold a reference to the vfio_device
902 void *vfio_device_data(struct vfio_device *device)
904 return device->device_data;
906 EXPORT_SYMBOL_GPL(vfio_device_data);
909 * Decrement the device reference count and wait for the device to be
910 * removed. Open file descriptors for the device... */
911 void *vfio_del_group_dev(struct device *dev)
913 DEFINE_WAIT_FUNC(wait, woken_wake_function);
914 struct vfio_device *device = dev_get_drvdata(dev);
915 struct vfio_group *group = device->group;
916 void *device_data = device->device_data;
917 struct vfio_unbound_dev *unbound;
919 bool interrupted = false;
922 * The group exists so long as we have a device reference. Get
923 * a group reference and use it to scan for the device going away.
925 vfio_group_get(group);
928 * When the device is removed from the group, the group suddenly
929 * becomes non-viable; the device has a driver (until the unbind
930 * completes), but it's not present in the group. This is bad news
931 * for any external users that need to re-acquire a group reference
932 * in order to match and release their existing reference. To
933 * solve this, we track such devices on the unbound_list to bridge
934 * the gap until they're fully unbound.
936 unbound = kzalloc(sizeof(*unbound), GFP_KERNEL);
939 mutex_lock(&group->unbound_lock);
940 list_add(&unbound->unbound_next, &group->unbound_list);
941 mutex_unlock(&group->unbound_lock);
945 vfio_device_put(device);
948 * If the device is still present in the group after the above
949 * 'put', then it is in use and we need to request it from the
950 * bus driver. The driver may in turn need to request the
951 * device from the user. We send the request on an arbitrary
952 * interval with counter to allow the driver to take escalating
953 * measures to release the device if it has the ability to do so.
955 add_wait_queue(&vfio.release_q, &wait);
958 device = vfio_group_get_device(group, dev);
962 if (device->ops->request)
963 device->ops->request(device_data, i++);
965 vfio_device_put(device);
968 wait_woken(&wait, TASK_UNINTERRUPTIBLE, HZ * 10);
970 wait_woken(&wait, TASK_INTERRUPTIBLE, HZ * 10);
971 if (signal_pending(current)) {
974 "Device is currently in use, task"
976 "blocked until device is released",
977 current->comm, task_pid_nr(current));
983 remove_wait_queue(&vfio.release_q, &wait);
985 * In order to support multiple devices per group, devices can be
986 * plucked from the group while other devices in the group are still
987 * in use. The container persists with this group and those remaining
988 * devices still attached. If the user creates an isolation violation
989 * by binding this device to another driver while the group is still in
990 * use, that's their fault. However, in the case of removing the last,
991 * or potentially the only, device in the group there can be no other
992 * in-use devices in the group. The user has done their due diligence
993 * and we should lay no claims to those devices. In order to do that,
994 * we need to make sure the group is detached from the container.
995 * Without this stall, we're potentially racing with a user process
996 * that may attempt to immediately bind this device to another driver.
998 if (list_empty(&group->device_list))
999 wait_event(group->container_q, !group->container);
1001 vfio_group_put(group);
1005 EXPORT_SYMBOL_GPL(vfio_del_group_dev);
1008 * VFIO base fd, /dev/vfio/vfio
1010 static long vfio_ioctl_check_extension(struct vfio_container *container,
1013 struct vfio_iommu_driver *driver;
1016 down_read(&container->group_lock);
1018 driver = container->iommu_driver;
1021 /* No base extensions yet */
1024 * If no driver is set, poll all registered drivers for
1025 * extensions and return the first positive result. If
1026 * a driver is already set, further queries will be passed
1027 * only to that driver.
1030 mutex_lock(&vfio.iommu_drivers_lock);
1031 list_for_each_entry(driver, &vfio.iommu_drivers_list,
1034 #ifdef CONFIG_VFIO_NOIOMMU
1035 if (!list_empty(&container->group_list) &&
1036 (container->noiommu !=
1037 (driver->ops == &vfio_noiommu_ops)))
1041 if (!try_module_get(driver->ops->owner))
1044 ret = driver->ops->ioctl(NULL,
1045 VFIO_CHECK_EXTENSION,
1047 module_put(driver->ops->owner);
1051 mutex_unlock(&vfio.iommu_drivers_lock);
1053 ret = driver->ops->ioctl(container->iommu_data,
1054 VFIO_CHECK_EXTENSION, arg);
1057 up_read(&container->group_lock);
1062 /* hold write lock on container->group_lock */
1063 static int __vfio_container_attach_groups(struct vfio_container *container,
1064 struct vfio_iommu_driver *driver,
1067 struct vfio_group *group;
1070 list_for_each_entry(group, &container->group_list, container_next) {
1071 ret = driver->ops->attach_group(data, group->iommu_group);
1079 list_for_each_entry_continue_reverse(group, &container->group_list,
1081 driver->ops->detach_group(data, group->iommu_group);
1087 static long vfio_ioctl_set_iommu(struct vfio_container *container,
1090 struct vfio_iommu_driver *driver;
1093 down_write(&container->group_lock);
1096 * The container is designed to be an unprivileged interface while
1097 * the group can be assigned to specific users. Therefore, only by
1098 * adding a group to a container does the user get the privilege of
1099 * enabling the iommu, which may allocate finite resources. There
1100 * is no unset_iommu, but by removing all the groups from a container,
1101 * the container is deprivileged and returns to an unset state.
1103 if (list_empty(&container->group_list) || container->iommu_driver) {
1104 up_write(&container->group_lock);
1108 mutex_lock(&vfio.iommu_drivers_lock);
1109 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
1112 #ifdef CONFIG_VFIO_NOIOMMU
1114 * Only noiommu containers can use vfio-noiommu and noiommu
1115 * containers can only use vfio-noiommu.
1117 if (container->noiommu != (driver->ops == &vfio_noiommu_ops))
1121 if (!try_module_get(driver->ops->owner))
1125 * The arg magic for SET_IOMMU is the same as CHECK_EXTENSION,
1126 * so test which iommu driver reported support for this
1127 * extension and call open on them. We also pass them the
1128 * magic, allowing a single driver to support multiple
1129 * interfaces if they'd like.
1131 if (driver->ops->ioctl(NULL, VFIO_CHECK_EXTENSION, arg) <= 0) {
1132 module_put(driver->ops->owner);
1136 data = driver->ops->open(arg);
1138 ret = PTR_ERR(data);
1139 module_put(driver->ops->owner);
1143 ret = __vfio_container_attach_groups(container, driver, data);
1145 driver->ops->release(data);
1146 module_put(driver->ops->owner);
1150 container->iommu_driver = driver;
1151 container->iommu_data = data;
1155 mutex_unlock(&vfio.iommu_drivers_lock);
1156 up_write(&container->group_lock);
1161 static long vfio_fops_unl_ioctl(struct file *filep,
1162 unsigned int cmd, unsigned long arg)
1164 struct vfio_container *container = filep->private_data;
1165 struct vfio_iommu_driver *driver;
1173 case VFIO_GET_API_VERSION:
1174 ret = VFIO_API_VERSION;
1176 case VFIO_CHECK_EXTENSION:
1177 ret = vfio_ioctl_check_extension(container, arg);
1179 case VFIO_SET_IOMMU:
1180 ret = vfio_ioctl_set_iommu(container, arg);
1183 driver = container->iommu_driver;
1184 data = container->iommu_data;
1186 if (driver) /* passthrough all unrecognized ioctls */
1187 ret = driver->ops->ioctl(data, cmd, arg);
1193 #ifdef CONFIG_COMPAT
1194 static long vfio_fops_compat_ioctl(struct file *filep,
1195 unsigned int cmd, unsigned long arg)
1197 arg = (unsigned long)compat_ptr(arg);
1198 return vfio_fops_unl_ioctl(filep, cmd, arg);
1200 #endif /* CONFIG_COMPAT */
1202 static int vfio_fops_open(struct inode *inode, struct file *filep)
1204 struct vfio_container *container;
1206 container = kzalloc(sizeof(*container), GFP_KERNEL);
1210 INIT_LIST_HEAD(&container->group_list);
1211 init_rwsem(&container->group_lock);
1212 kref_init(&container->kref);
1214 filep->private_data = container;
1219 static int vfio_fops_release(struct inode *inode, struct file *filep)
1221 struct vfio_container *container = filep->private_data;
1223 filep->private_data = NULL;
1225 vfio_container_put(container);
1231 * Once an iommu driver is set, we optionally pass read/write/mmap
1232 * on to the driver, allowing management interfaces beyond ioctl.
1234 static ssize_t vfio_fops_read(struct file *filep, char __user *buf,
1235 size_t count, loff_t *ppos)
1237 struct vfio_container *container = filep->private_data;
1238 struct vfio_iommu_driver *driver;
1239 ssize_t ret = -EINVAL;
1241 driver = container->iommu_driver;
1242 if (likely(driver && driver->ops->read))
1243 ret = driver->ops->read(container->iommu_data,
1249 static ssize_t vfio_fops_write(struct file *filep, const char __user *buf,
1250 size_t count, loff_t *ppos)
1252 struct vfio_container *container = filep->private_data;
1253 struct vfio_iommu_driver *driver;
1254 ssize_t ret = -EINVAL;
1256 driver = container->iommu_driver;
1257 if (likely(driver && driver->ops->write))
1258 ret = driver->ops->write(container->iommu_data,
1264 static int vfio_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1266 struct vfio_container *container = filep->private_data;
1267 struct vfio_iommu_driver *driver;
1270 driver = container->iommu_driver;
1271 if (likely(driver && driver->ops->mmap))
1272 ret = driver->ops->mmap(container->iommu_data, vma);
1277 static const struct file_operations vfio_fops = {
1278 .owner = THIS_MODULE,
1279 .open = vfio_fops_open,
1280 .release = vfio_fops_release,
1281 .read = vfio_fops_read,
1282 .write = vfio_fops_write,
1283 .unlocked_ioctl = vfio_fops_unl_ioctl,
1284 #ifdef CONFIG_COMPAT
1285 .compat_ioctl = vfio_fops_compat_ioctl,
1287 .mmap = vfio_fops_mmap,
1291 * VFIO Group fd, /dev/vfio/$GROUP
1293 static void __vfio_group_unset_container(struct vfio_group *group)
1295 struct vfio_container *container = group->container;
1296 struct vfio_iommu_driver *driver;
1298 down_write(&container->group_lock);
1300 driver = container->iommu_driver;
1302 driver->ops->detach_group(container->iommu_data,
1303 group->iommu_group);
1305 group->container = NULL;
1306 wake_up(&group->container_q);
1307 list_del(&group->container_next);
1309 /* Detaching the last group deprivileges a container, remove iommu */
1310 if (driver && list_empty(&container->group_list)) {
1311 driver->ops->release(container->iommu_data);
1312 module_put(driver->ops->owner);
1313 container->iommu_driver = NULL;
1314 container->iommu_data = NULL;
1317 up_write(&container->group_lock);
1319 vfio_container_put(container);
1323 * VFIO_GROUP_UNSET_CONTAINER should fail if there are other users or
1324 * if there was no container to unset. Since the ioctl is called on
1325 * the group, we know that still exists, therefore the only valid
1326 * transition here is 1->0.
1328 static int vfio_group_unset_container(struct vfio_group *group)
1330 int users = atomic_cmpxchg(&group->container_users, 1, 0);
1337 __vfio_group_unset_container(group);
1343 * When removing container users, anything that removes the last user
1344 * implicitly removes the group from the container. That is, if the
1345 * group file descriptor is closed, as well as any device file descriptors,
1346 * the group is free.
1348 static void vfio_group_try_dissolve_container(struct vfio_group *group)
1350 if (0 == atomic_dec_if_positive(&group->container_users))
1351 __vfio_group_unset_container(group);
1354 static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1357 struct vfio_container *container;
1358 struct vfio_iommu_driver *driver;
1361 if (atomic_read(&group->container_users))
1364 if (group->noiommu && !capable(CAP_SYS_RAWIO))
1367 f = fdget(container_fd);
1371 /* Sanity check, is this really our fd? */
1372 if (f.file->f_op != &vfio_fops) {
1377 container = f.file->private_data;
1378 WARN_ON(!container); /* fget ensures we don't race vfio_release */
1380 down_write(&container->group_lock);
1382 /* Real groups and fake groups cannot mix */
1383 if (!list_empty(&container->group_list) &&
1384 container->noiommu != group->noiommu) {
1389 driver = container->iommu_driver;
1391 ret = driver->ops->attach_group(container->iommu_data,
1392 group->iommu_group);
1397 group->container = container;
1398 container->noiommu = group->noiommu;
1399 list_add(&group->container_next, &container->group_list);
1401 /* Get a reference on the container and mark a user within the group */
1402 vfio_container_get(container);
1403 atomic_inc(&group->container_users);
1406 up_write(&container->group_lock);
1411 static bool vfio_group_viable(struct vfio_group *group)
1413 return (iommu_group_for_each_dev(group->iommu_group,
1414 group, vfio_dev_viable) == 0);
1417 static int vfio_group_add_container_user(struct vfio_group *group)
1419 if (!atomic_inc_not_zero(&group->container_users))
1422 if (group->noiommu) {
1423 atomic_dec(&group->container_users);
1426 if (!group->container->iommu_driver || !vfio_group_viable(group)) {
1427 atomic_dec(&group->container_users);
1434 static const struct file_operations vfio_device_fops;
1436 static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
1438 struct vfio_device *device;
1442 if (0 == atomic_read(&group->container_users) ||
1443 !group->container->iommu_driver || !vfio_group_viable(group))
1446 if (group->noiommu && !capable(CAP_SYS_RAWIO))
1449 device = vfio_device_get_from_name(group, buf);
1453 ret = device->ops->open(device->device_data);
1455 vfio_device_put(device);
1460 * We can't use anon_inode_getfd() because we need to modify
1461 * the f_mode flags directly to allow more than just ioctls
1463 ret = get_unused_fd_flags(O_CLOEXEC);
1465 device->ops->release(device->device_data);
1466 vfio_device_put(device);
1470 filep = anon_inode_getfile("[vfio-device]", &vfio_device_fops,
1472 if (IS_ERR(filep)) {
1474 ret = PTR_ERR(filep);
1475 device->ops->release(device->device_data);
1476 vfio_device_put(device);
1481 * TODO: add an anon_inode interface to do this.
1482 * Appears to be missing by lack of need rather than
1483 * explicitly prevented. Now there's need.
1485 filep->f_mode |= (FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1487 atomic_inc(&group->container_users);
1489 fd_install(ret, filep);
1492 dev_warn(device->dev, "vfio-noiommu device opened by user "
1493 "(%s:%d)\n", current->comm, task_pid_nr(current));
1498 static long vfio_group_fops_unl_ioctl(struct file *filep,
1499 unsigned int cmd, unsigned long arg)
1501 struct vfio_group *group = filep->private_data;
1505 case VFIO_GROUP_GET_STATUS:
1507 struct vfio_group_status status;
1508 unsigned long minsz;
1510 minsz = offsetofend(struct vfio_group_status, flags);
1512 if (copy_from_user(&status, (void __user *)arg, minsz))
1515 if (status.argsz < minsz)
1520 if (vfio_group_viable(group))
1521 status.flags |= VFIO_GROUP_FLAGS_VIABLE;
1523 if (group->container)
1524 status.flags |= VFIO_GROUP_FLAGS_CONTAINER_SET;
1526 if (copy_to_user((void __user *)arg, &status, minsz))
1532 case VFIO_GROUP_SET_CONTAINER:
1536 if (get_user(fd, (int __user *)arg))
1542 ret = vfio_group_set_container(group, fd);
1545 case VFIO_GROUP_UNSET_CONTAINER:
1546 ret = vfio_group_unset_container(group);
1548 case VFIO_GROUP_GET_DEVICE_FD:
1552 buf = strndup_user((const char __user *)arg, PAGE_SIZE);
1554 return PTR_ERR(buf);
1556 ret = vfio_group_get_device_fd(group, buf);
1565 #ifdef CONFIG_COMPAT
1566 static long vfio_group_fops_compat_ioctl(struct file *filep,
1567 unsigned int cmd, unsigned long arg)
1569 arg = (unsigned long)compat_ptr(arg);
1570 return vfio_group_fops_unl_ioctl(filep, cmd, arg);
1572 #endif /* CONFIG_COMPAT */
1574 static int vfio_group_fops_open(struct inode *inode, struct file *filep)
1576 struct vfio_group *group;
1579 group = vfio_group_get_from_minor(iminor(inode));
1583 if (group->noiommu && !capable(CAP_SYS_RAWIO)) {
1584 vfio_group_put(group);
1588 /* Do we need multiple instances of the group open? Seems not. */
1589 opened = atomic_cmpxchg(&group->opened, 0, 1);
1591 vfio_group_put(group);
1595 /* Is something still in use from a previous open? */
1596 if (group->container) {
1597 atomic_dec(&group->opened);
1598 vfio_group_put(group);
1602 /* Warn if previous user didn't cleanup and re-init to drop them */
1603 if (WARN_ON(group->notifier.head))
1604 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
1606 filep->private_data = group;
1611 static int vfio_group_fops_release(struct inode *inode, struct file *filep)
1613 struct vfio_group *group = filep->private_data;
1615 filep->private_data = NULL;
1617 vfio_group_try_dissolve_container(group);
1619 atomic_dec(&group->opened);
1621 vfio_group_put(group);
1626 static const struct file_operations vfio_group_fops = {
1627 .owner = THIS_MODULE,
1628 .unlocked_ioctl = vfio_group_fops_unl_ioctl,
1629 #ifdef CONFIG_COMPAT
1630 .compat_ioctl = vfio_group_fops_compat_ioctl,
1632 .open = vfio_group_fops_open,
1633 .release = vfio_group_fops_release,
1639 static int vfio_device_fops_release(struct inode *inode, struct file *filep)
1641 struct vfio_device *device = filep->private_data;
1643 device->ops->release(device->device_data);
1645 vfio_group_try_dissolve_container(device->group);
1647 vfio_device_put(device);
1652 static long vfio_device_fops_unl_ioctl(struct file *filep,
1653 unsigned int cmd, unsigned long arg)
1655 struct vfio_device *device = filep->private_data;
1657 if (unlikely(!device->ops->ioctl))
1660 return device->ops->ioctl(device->device_data, cmd, arg);
1663 static ssize_t vfio_device_fops_read(struct file *filep, char __user *buf,
1664 size_t count, loff_t *ppos)
1666 struct vfio_device *device = filep->private_data;
1668 if (unlikely(!device->ops->read))
1671 return device->ops->read(device->device_data, buf, count, ppos);
1674 static ssize_t vfio_device_fops_write(struct file *filep,
1675 const char __user *buf,
1676 size_t count, loff_t *ppos)
1678 struct vfio_device *device = filep->private_data;
1680 if (unlikely(!device->ops->write))
1683 return device->ops->write(device->device_data, buf, count, ppos);
1686 static int vfio_device_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1688 struct vfio_device *device = filep->private_data;
1690 if (unlikely(!device->ops->mmap))
1693 return device->ops->mmap(device->device_data, vma);
1696 #ifdef CONFIG_COMPAT
1697 static long vfio_device_fops_compat_ioctl(struct file *filep,
1698 unsigned int cmd, unsigned long arg)
1700 arg = (unsigned long)compat_ptr(arg);
1701 return vfio_device_fops_unl_ioctl(filep, cmd, arg);
1703 #endif /* CONFIG_COMPAT */
1705 static const struct file_operations vfio_device_fops = {
1706 .owner = THIS_MODULE,
1707 .release = vfio_device_fops_release,
1708 .read = vfio_device_fops_read,
1709 .write = vfio_device_fops_write,
1710 .unlocked_ioctl = vfio_device_fops_unl_ioctl,
1711 #ifdef CONFIG_COMPAT
1712 .compat_ioctl = vfio_device_fops_compat_ioctl,
1714 .mmap = vfio_device_fops_mmap,
1718 * External user API, exported by symbols to be linked dynamically.
1720 * The protocol includes:
1721 * 1. do normal VFIO init operation:
1722 * - opening a new container;
1723 * - attaching group(s) to it;
1724 * - setting an IOMMU driver for a container.
1725 * When IOMMU is set for a container, all groups in it are
1726 * considered ready to use by an external user.
1728 * 2. User space passes a group fd to an external user.
1729 * The external user calls vfio_group_get_external_user()
1731 * - the group is initialized;
1732 * - IOMMU is set for it.
1733 * If both checks passed, vfio_group_get_external_user()
1734 * increments the container user counter to prevent
1735 * the VFIO group from disposal before KVM exits.
1737 * 3. The external user calls vfio_external_user_iommu_id()
1738 * to know an IOMMU ID.
1740 * 4. When the external KVM finishes, it calls
1741 * vfio_group_put_external_user() to release the VFIO group.
1742 * This call decrements the container user counter.
1744 struct vfio_group *vfio_group_get_external_user(struct file *filep)
1746 struct vfio_group *group = filep->private_data;
1749 if (filep->f_op != &vfio_group_fops)
1750 return ERR_PTR(-EINVAL);
1752 ret = vfio_group_add_container_user(group);
1754 return ERR_PTR(ret);
1756 vfio_group_get(group);
1760 EXPORT_SYMBOL_GPL(vfio_group_get_external_user);
1762 void vfio_group_put_external_user(struct vfio_group *group)
1764 vfio_group_try_dissolve_container(group);
1765 vfio_group_put(group);
1767 EXPORT_SYMBOL_GPL(vfio_group_put_external_user);
1769 bool vfio_external_group_match_file(struct vfio_group *test_group,
1772 struct vfio_group *group = filep->private_data;
1774 return (filep->f_op == &vfio_group_fops) && (group == test_group);
1776 EXPORT_SYMBOL_GPL(vfio_external_group_match_file);
1778 int vfio_external_user_iommu_id(struct vfio_group *group)
1780 return iommu_group_id(group->iommu_group);
1782 EXPORT_SYMBOL_GPL(vfio_external_user_iommu_id);
1784 long vfio_external_check_extension(struct vfio_group *group, unsigned long arg)
1786 return vfio_ioctl_check_extension(group->container, arg);
1788 EXPORT_SYMBOL_GPL(vfio_external_check_extension);
1791 * Sub-module support
1794 * Helper for managing a buffer of info chain capabilities, allocate or
1795 * reallocate a buffer with additional @size, filling in @id and @version
1796 * of the capability. A pointer to the new capability is returned.
1798 * NB. The chain is based at the head of the buffer, so new entries are
1799 * added to the tail, vfio_info_cap_shift() should be called to fixup the
1800 * next offsets prior to copying to the user buffer.
1802 struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
1803 size_t size, u16 id, u16 version)
1806 struct vfio_info_cap_header *header, *tmp;
1808 buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL);
1813 return ERR_PTR(-ENOMEM);
1817 header = buf + caps->size;
1819 /* Eventually copied to user buffer, zero */
1820 memset(header, 0, size);
1823 header->version = version;
1825 /* Add to the end of the capability chain */
1826 for (tmp = buf; tmp->next; tmp = buf + tmp->next)
1829 tmp->next = caps->size;
1834 EXPORT_SYMBOL_GPL(vfio_info_cap_add);
1836 void vfio_info_cap_shift(struct vfio_info_cap *caps, size_t offset)
1838 struct vfio_info_cap_header *tmp;
1839 void *buf = (void *)caps->buf;
1841 for (tmp = buf; tmp->next; tmp = buf + tmp->next - offset)
1842 tmp->next += offset;
1844 EXPORT_SYMBOL(vfio_info_cap_shift);
1846 int vfio_info_add_capability(struct vfio_info_cap *caps,
1847 struct vfio_info_cap_header *cap, size_t size)
1849 struct vfio_info_cap_header *header;
1851 header = vfio_info_cap_add(caps, size, cap->id, cap->version);
1853 return PTR_ERR(header);
1855 memcpy(header + 1, cap + 1, size - sizeof(*header));
1859 EXPORT_SYMBOL(vfio_info_add_capability);
1861 int vfio_set_irqs_validate_and_prepare(struct vfio_irq_set *hdr, int num_irqs,
1862 int max_irq_type, size_t *data_size)
1864 unsigned long minsz;
1867 minsz = offsetofend(struct vfio_irq_set, count);
1869 if ((hdr->argsz < minsz) || (hdr->index >= max_irq_type) ||
1870 (hdr->count >= (U32_MAX - hdr->start)) ||
1871 (hdr->flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK |
1872 VFIO_IRQ_SET_ACTION_TYPE_MASK)))
1878 if (hdr->start >= num_irqs || hdr->start + hdr->count > num_irqs)
1881 switch (hdr->flags & VFIO_IRQ_SET_DATA_TYPE_MASK) {
1882 case VFIO_IRQ_SET_DATA_NONE:
1885 case VFIO_IRQ_SET_DATA_BOOL:
1886 size = sizeof(uint8_t);
1888 case VFIO_IRQ_SET_DATA_EVENTFD:
1889 size = sizeof(int32_t);
1896 if (hdr->argsz - minsz < hdr->count * size)
1902 *data_size = hdr->count * size;
1907 EXPORT_SYMBOL(vfio_set_irqs_validate_and_prepare);
1910 * Pin a set of guest PFNs and return their associated host PFNs for local
1912 * @dev [in] : device
1913 * @user_pfn [in]: array of user/guest PFNs to be pinned.
1914 * @npage [in] : count of elements in user_pfn array. This count should not
1915 * be greater VFIO_PIN_PAGES_MAX_ENTRIES.
1916 * @prot [in] : protection flags
1917 * @phys_pfn[out]: array of host PFNs
1918 * Return error or number of pages pinned.
1920 int vfio_pin_pages(struct device *dev, unsigned long *user_pfn, int npage,
1921 int prot, unsigned long *phys_pfn)
1923 struct vfio_container *container;
1924 struct vfio_group *group;
1925 struct vfio_iommu_driver *driver;
1928 if (!dev || !user_pfn || !phys_pfn || !npage)
1931 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
1934 group = vfio_group_get_from_dev(dev);
1938 ret = vfio_group_add_container_user(group);
1942 container = group->container;
1943 driver = container->iommu_driver;
1944 if (likely(driver && driver->ops->pin_pages))
1945 ret = driver->ops->pin_pages(container->iommu_data, user_pfn,
1946 npage, prot, phys_pfn);
1950 vfio_group_try_dissolve_container(group);
1953 vfio_group_put(group);
1956 EXPORT_SYMBOL(vfio_pin_pages);
1959 * Unpin set of host PFNs for local domain only.
1960 * @dev [in] : device
1961 * @user_pfn [in]: array of user/guest PFNs to be unpinned. Number of user/guest
1962 * PFNs should not be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
1963 * @npage [in] : count of elements in user_pfn array. This count should not
1964 * be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
1965 * Return error or number of pages unpinned.
1967 int vfio_unpin_pages(struct device *dev, unsigned long *user_pfn, int npage)
1969 struct vfio_container *container;
1970 struct vfio_group *group;
1971 struct vfio_iommu_driver *driver;
1974 if (!dev || !user_pfn || !npage)
1977 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
1980 group = vfio_group_get_from_dev(dev);
1984 ret = vfio_group_add_container_user(group);
1986 goto err_unpin_pages;
1988 container = group->container;
1989 driver = container->iommu_driver;
1990 if (likely(driver && driver->ops->unpin_pages))
1991 ret = driver->ops->unpin_pages(container->iommu_data, user_pfn,
1996 vfio_group_try_dissolve_container(group);
1999 vfio_group_put(group);
2002 EXPORT_SYMBOL(vfio_unpin_pages);
2004 static int vfio_register_iommu_notifier(struct vfio_group *group,
2005 unsigned long *events,
2006 struct notifier_block *nb)
2008 struct vfio_container *container;
2009 struct vfio_iommu_driver *driver;
2012 ret = vfio_group_add_container_user(group);
2016 container = group->container;
2017 driver = container->iommu_driver;
2018 if (likely(driver && driver->ops->register_notifier))
2019 ret = driver->ops->register_notifier(container->iommu_data,
2024 vfio_group_try_dissolve_container(group);
2029 static int vfio_unregister_iommu_notifier(struct vfio_group *group,
2030 struct notifier_block *nb)
2032 struct vfio_container *container;
2033 struct vfio_iommu_driver *driver;
2036 ret = vfio_group_add_container_user(group);
2040 container = group->container;
2041 driver = container->iommu_driver;
2042 if (likely(driver && driver->ops->unregister_notifier))
2043 ret = driver->ops->unregister_notifier(container->iommu_data,
2048 vfio_group_try_dissolve_container(group);
2053 void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm)
2056 blocking_notifier_call_chain(&group->notifier,
2057 VFIO_GROUP_NOTIFY_SET_KVM, kvm);
2059 EXPORT_SYMBOL_GPL(vfio_group_set_kvm);
2061 static int vfio_register_group_notifier(struct vfio_group *group,
2062 unsigned long *events,
2063 struct notifier_block *nb)
2066 bool set_kvm = false;
2068 if (*events & VFIO_GROUP_NOTIFY_SET_KVM)
2071 /* clear known events */
2072 *events &= ~VFIO_GROUP_NOTIFY_SET_KVM;
2074 /* refuse to continue if still events remaining */
2078 ret = vfio_group_add_container_user(group);
2082 ret = blocking_notifier_chain_register(&group->notifier, nb);
2085 * The attaching of kvm and vfio_group might already happen, so
2086 * here we replay once upon registration.
2088 if (!ret && set_kvm && group->kvm)
2089 blocking_notifier_call_chain(&group->notifier,
2090 VFIO_GROUP_NOTIFY_SET_KVM, group->kvm);
2092 vfio_group_try_dissolve_container(group);
2097 static int vfio_unregister_group_notifier(struct vfio_group *group,
2098 struct notifier_block *nb)
2102 ret = vfio_group_add_container_user(group);
2106 ret = blocking_notifier_chain_unregister(&group->notifier, nb);
2108 vfio_group_try_dissolve_container(group);
2113 int vfio_register_notifier(struct device *dev, enum vfio_notify_type type,
2114 unsigned long *events, struct notifier_block *nb)
2116 struct vfio_group *group;
2119 if (!dev || !nb || !events || (*events == 0))
2122 group = vfio_group_get_from_dev(dev);
2127 case VFIO_IOMMU_NOTIFY:
2128 ret = vfio_register_iommu_notifier(group, events, nb);
2130 case VFIO_GROUP_NOTIFY:
2131 ret = vfio_register_group_notifier(group, events, nb);
2137 vfio_group_put(group);
2140 EXPORT_SYMBOL(vfio_register_notifier);
2142 int vfio_unregister_notifier(struct device *dev, enum vfio_notify_type type,
2143 struct notifier_block *nb)
2145 struct vfio_group *group;
2151 group = vfio_group_get_from_dev(dev);
2156 case VFIO_IOMMU_NOTIFY:
2157 ret = vfio_unregister_iommu_notifier(group, nb);
2159 case VFIO_GROUP_NOTIFY:
2160 ret = vfio_unregister_group_notifier(group, nb);
2166 vfio_group_put(group);
2169 EXPORT_SYMBOL(vfio_unregister_notifier);
2172 * Module/class support
2174 static char *vfio_devnode(struct device *dev, umode_t *mode)
2176 return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
2179 static struct miscdevice vfio_dev = {
2180 .minor = VFIO_MINOR,
2183 .nodename = "vfio/vfio",
2184 .mode = S_IRUGO | S_IWUGO,
2187 static int __init vfio_init(void)
2191 idr_init(&vfio.group_idr);
2192 mutex_init(&vfio.group_lock);
2193 mutex_init(&vfio.iommu_drivers_lock);
2194 INIT_LIST_HEAD(&vfio.group_list);
2195 INIT_LIST_HEAD(&vfio.iommu_drivers_list);
2196 init_waitqueue_head(&vfio.release_q);
2198 ret = misc_register(&vfio_dev);
2200 pr_err("vfio: misc device register failed\n");
2204 /* /dev/vfio/$GROUP */
2205 vfio.class = class_create(THIS_MODULE, "vfio");
2206 if (IS_ERR(vfio.class)) {
2207 ret = PTR_ERR(vfio.class);
2211 vfio.class->devnode = vfio_devnode;
2213 ret = alloc_chrdev_region(&vfio.group_devt, 0, MINORMASK, "vfio");
2215 goto err_alloc_chrdev;
2217 cdev_init(&vfio.group_cdev, &vfio_group_fops);
2218 ret = cdev_add(&vfio.group_cdev, vfio.group_devt, MINORMASK);
2222 pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n");
2224 #ifdef CONFIG_VFIO_NOIOMMU
2225 vfio_register_iommu_driver(&vfio_noiommu_ops);
2230 unregister_chrdev_region(vfio.group_devt, MINORMASK);
2232 class_destroy(vfio.class);
2235 misc_deregister(&vfio_dev);
2239 static void __exit vfio_cleanup(void)
2241 WARN_ON(!list_empty(&vfio.group_list));
2243 #ifdef CONFIG_VFIO_NOIOMMU
2244 vfio_unregister_iommu_driver(&vfio_noiommu_ops);
2246 idr_destroy(&vfio.group_idr);
2247 cdev_del(&vfio.group_cdev);
2248 unregister_chrdev_region(vfio.group_devt, MINORMASK);
2249 class_destroy(vfio.class);
2251 misc_deregister(&vfio_dev);
2254 module_init(vfio_init);
2255 module_exit(vfio_cleanup);
2257 MODULE_VERSION(DRIVER_VERSION);
2258 MODULE_LICENSE("GPL v2");
2259 MODULE_AUTHOR(DRIVER_AUTHOR);
2260 MODULE_DESCRIPTION(DRIVER_DESC);
2261 MODULE_ALIAS_MISCDEV(VFIO_MINOR);
2262 MODULE_ALIAS("devname:vfio/vfio");
2263 MODULE_SOFTDEP("post: vfio_iommu_type1 vfio_iommu_spapr_tce");
projects / releases.git / blob