search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm...
[linux-2.6.git] / drivers / vfio / vfio.c
blob1eab4ace06718ac38574414d11de280755de6334
1 /*
2 * VFIO core
3 *
4 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
5 * Author: Alex Williamson <alex.williamson@redhat.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 * Derived from original vfio:
12 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
13 * Author: Tom Lyon, pugs@cisco.com
14 */
15
16 #include <linux/cdev.h>
17 #include <linux/compat.h>
18 #include <linux/device.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/fs.h>
22 #include <linux/idr.h>
23 #include <linux/iommu.h>
24 #include <linux/list.h>
25 #include <linux/module.h>
26 #include <linux/mutex.h>
27 #include <linux/rwsem.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/stat.h>
31 #include <linux/string.h>
32 #include <linux/uaccess.h>
33 #include <linux/vfio.h>
34 #include <linux/wait.h>
35
36 #define DRIVER_VERSION "0.3"
37 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
38 #define DRIVER_DESC "VFIO - User Level meta-driver"
39
40 static struct vfio {
41 struct class *class;
42 struct list_head iommu_drivers_list;
43 struct mutex iommu_drivers_lock;
44 struct list_head group_list;
45 struct idr group_idr;
46 struct mutex group_lock;
47 struct cdev group_cdev;
48 struct device *dev;
49 dev_t devt;
50 struct cdev cdev;
51 wait_queue_head_t release_q;
52 } vfio;
53
54 struct vfio_iommu_driver {
55 const struct vfio_iommu_driver_ops *ops;
56 struct list_head vfio_next;
57 };
58
59 struct vfio_container {
60 struct kref kref;
61 struct list_head group_list;
62 struct rw_semaphore group_lock;
63 struct vfio_iommu_driver *iommu_driver;
64 void *iommu_data;
65 };
66
67 struct vfio_group {
68 struct kref kref;
69 int minor;
70 atomic_t container_users;
71 struct iommu_group *iommu_group;
72 struct vfio_container *container;
73 struct list_head device_list;
74 struct mutex device_lock;
75 struct device *dev;
76 struct notifier_block nb;
77 struct list_head vfio_next;
78 struct list_head container_next;
79 atomic_t opened;
80 };
81
82 struct vfio_device {
83 struct kref kref;
84 struct device *dev;
85 const struct vfio_device_ops *ops;
86 struct vfio_group *group;
87 struct list_head group_next;
88 void *device_data;
89 };
90
91 /**
92 * IOMMU driver registration
93 */
94 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
95 {
96 struct vfio_iommu_driver *driver, *tmp;
97
98 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
99 if (!driver)
100 return -ENOMEM;
101
102 driver->ops = ops;
103
104 mutex_lock(&vfio.iommu_drivers_lock);
105
106 /* Check for duplicates */
107 list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
108 if (tmp->ops == ops) {
109 mutex_unlock(&vfio.iommu_drivers_lock);
110 kfree(driver);
111 return -EINVAL;
112 }
113 }
114
115 list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
116
117 mutex_unlock(&vfio.iommu_drivers_lock);
118
119 return 0;
120 }
121 EXPORT_SYMBOL_GPL(vfio_register_iommu_driver);
122
123 void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops)
124 {
125 struct vfio_iommu_driver *driver;
126
127 mutex_lock(&vfio.iommu_drivers_lock);
128 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
129 if (driver->ops == ops) {
130 list_del(&driver->vfio_next);
131 mutex_unlock(&vfio.iommu_drivers_lock);
132 kfree(driver);
133 return;
134 }
135 }
136 mutex_unlock(&vfio.iommu_drivers_lock);
137 }
138 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver);
139
140 /**
141 * Group minor allocation/free - both called with vfio.group_lock held
142 */
143 static int vfio_alloc_group_minor(struct vfio_group *group)
144 {
145 /* index 0 is used by /dev/vfio/vfio */
146 return idr_alloc(&vfio.group_idr, group, 1, MINORMASK + 1, GFP_KERNEL);
147 }
148
149 static void vfio_free_group_minor(int minor)
150 {
151 idr_remove(&vfio.group_idr, minor);
152 }
153
154 static int vfio_iommu_group_notifier(struct notifier_block *nb,
155 unsigned long action, void *data);
156 static void vfio_group_get(struct vfio_group *group);
157
158 /**
159 * Container objects - containers are created when /dev/vfio/vfio is
160 * opened, but their lifecycle extends until the last user is done, so
161 * it's freed via kref. Must support container/group/device being
162 * closed in any order.
163 */
164 static void vfio_container_get(struct vfio_container *container)
165 {
166 kref_get(&container->kref);
167 }
168
169 static void vfio_container_release(struct kref *kref)
170 {
171 struct vfio_container *container;
172 container = container_of(kref, struct vfio_container, kref);
173
174 kfree(container);
175 }
176
177 static void vfio_container_put(struct vfio_container *container)
178 {
179 kref_put(&container->kref, vfio_container_release);
180 }
181
182 static void vfio_group_unlock_and_free(struct vfio_group *group)
183 {
184 mutex_unlock(&vfio.group_lock);
185 /*
186 * Unregister outside of lock. A spurious callback is harmless now
187 * that the group is no longer in vfio.group_list.
188 */
189 iommu_group_unregister_notifier(group->iommu_group, &group->nb);
190 kfree(group);
191 }
192
193 /**
194 * Group objects - create, release, get, put, search
195 */
196 static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
197 {
198 struct vfio_group *group, *tmp;
199 struct device *dev;
200 int ret, minor;
201
202 group = kzalloc(sizeof(*group), GFP_KERNEL);
203 if (!group)
204 return ERR_PTR(-ENOMEM);
205
206 kref_init(&group->kref);
207 INIT_LIST_HEAD(&group->device_list);
208 mutex_init(&group->device_lock);
209 atomic_set(&group->container_users, 0);
210 atomic_set(&group->opened, 0);
211 group->iommu_group = iommu_group;
212
213 group->nb.notifier_call = vfio_iommu_group_notifier;
214
215 /*
216 * blocking notifiers acquire a rwsem around registering and hold
217 * it around callback. Therefore, need to register outside of
218 * vfio.group_lock to avoid A-B/B-A contention. Our callback won't
219 * do anything unless it can find the group in vfio.group_list, so
220 * no harm in registering early.
221 */
222 ret = iommu_group_register_notifier(iommu_group, &group->nb);
223 if (ret) {
224 kfree(group);
225 return ERR_PTR(ret);
226 }
227
228 mutex_lock(&vfio.group_lock);
229
230 minor = vfio_alloc_group_minor(group);
231 if (minor < 0) {
232 vfio_group_unlock_and_free(group);
233 return ERR_PTR(minor);
234 }
235
236 /* Did we race creating this group? */
237 list_for_each_entry(tmp, &vfio.group_list, vfio_next) {
238 if (tmp->iommu_group == iommu_group) {
239 vfio_group_get(tmp);
240 vfio_free_group_minor(minor);
241 vfio_group_unlock_and_free(group);
242 return tmp;
243 }
244 }
245
246 dev = device_create(vfio.class, NULL, MKDEV(MAJOR(vfio.devt), minor),
247 group, "%d", iommu_group_id(iommu_group));
248 if (IS_ERR(dev)) {
249 vfio_free_group_minor(minor);
250 vfio_group_unlock_and_free(group);
251 return (struct vfio_group *)dev; /* ERR_PTR */
252 }
253
254 group->minor = minor;
255 group->dev = dev;
256
257 list_add(&group->vfio_next, &vfio.group_list);
258
259 mutex_unlock(&vfio.group_lock);
260
261 return group;
262 }
263
264 /* called with vfio.group_lock held */
265 static void vfio_group_release(struct kref *kref)
266 {
267 struct vfio_group *group = container_of(kref, struct vfio_group, kref);
268
269 WARN_ON(!list_empty(&group->device_list));
270
271 device_destroy(vfio.class, MKDEV(MAJOR(vfio.devt), group->minor));
272 list_del(&group->vfio_next);
273 vfio_free_group_minor(group->minor);
274 vfio_group_unlock_and_free(group);
275 }
276
277 static void vfio_group_put(struct vfio_group *group)
278 {
279 kref_put_mutex(&group->kref, vfio_group_release, &vfio.group_lock);
280 }
281
282 /* Assume group_lock or group reference is held */
283 static void vfio_group_get(struct vfio_group *group)
284 {
285 kref_get(&group->kref);
286 }
287
288 /*
289 * Not really a try as we will sleep for mutex, but we need to make
290 * sure the group pointer is valid under lock and get a reference.
291 */
292 static struct vfio_group *vfio_group_try_get(struct vfio_group *group)
293 {
294 struct vfio_group *target = group;
295
296 mutex_lock(&vfio.group_lock);
297 list_for_each_entry(group, &vfio.group_list, vfio_next) {
298 if (group == target) {
299 vfio_group_get(group);
300 mutex_unlock(&vfio.group_lock);
301 return group;
302 }
303 }
304 mutex_unlock(&vfio.group_lock);
305
306 return NULL;
307 }
308
309 static
310 struct vfio_group *vfio_group_get_from_iommu(struct iommu_group *iommu_group)
311 {
312 struct vfio_group *group;
313
314 mutex_lock(&vfio.group_lock);
315 list_for_each_entry(group, &vfio.group_list, vfio_next) {
316 if (group->iommu_group == iommu_group) {
317 vfio_group_get(group);
318 mutex_unlock(&vfio.group_lock);
319 return group;
320 }
321 }
322 mutex_unlock(&vfio.group_lock);
323
324 return NULL;
325 }
326
327 static struct vfio_group *vfio_group_get_from_minor(int minor)
328 {
329 struct vfio_group *group;
330
331 mutex_lock(&vfio.group_lock);
332 group = idr_find(&vfio.group_idr, minor);
333 if (!group) {
334 mutex_unlock(&vfio.group_lock);
335 return NULL;
336 }
337 vfio_group_get(group);
338 mutex_unlock(&vfio.group_lock);
339
340 return group;
341 }
342
343 /**
344 * Device objects - create, release, get, put, search
345 */
346 static
347 struct vfio_device *vfio_group_create_device(struct vfio_group *group,
348 struct device *dev,
349 const struct vfio_device_ops *ops,
350 void *device_data)
351 {
352 struct vfio_device *device;
353 int ret;
354
355 device = kzalloc(sizeof(*device), GFP_KERNEL);
356 if (!device)
357 return ERR_PTR(-ENOMEM);
358
359 kref_init(&device->kref);
360 device->dev = dev;
361 device->group = group;
362 device->ops = ops;
363 device->device_data = device_data;
364
365 ret = dev_set_drvdata(dev, device);
366 if (ret) {
367 kfree(device);
368 return ERR_PTR(ret);
369 }
370
371 /* No need to get group_lock, caller has group reference */
372 vfio_group_get(group);
373
374 mutex_lock(&group->device_lock);
375 list_add(&device->group_next, &group->device_list);
376 mutex_unlock(&group->device_lock);
377
378 return device;
379 }
380
381 static void vfio_device_release(struct kref *kref)
382 {
383 struct vfio_device *device = container_of(kref,
384 struct vfio_device, kref);
385 struct vfio_group *group = device->group;
386
387 list_del(&device->group_next);
388 mutex_unlock(&group->device_lock);
389
390 dev_set_drvdata(device->dev, NULL);
391
392 kfree(device);
393
394 /* vfio_del_group_dev may be waiting for this device */
395 wake_up(&vfio.release_q);
396 }
397
398 /* Device reference always implies a group reference */
399 void vfio_device_put(struct vfio_device *device)
400 {
401 struct vfio_group *group = device->group;
402 kref_put_mutex(&device->kref, vfio_device_release, &group->device_lock);
403 vfio_group_put(group);
404 }
405 EXPORT_SYMBOL_GPL(vfio_device_put);
406
407 static void vfio_device_get(struct vfio_device *device)
408 {
409 vfio_group_get(device->group);
410 kref_get(&device->kref);
411 }
412
413 static struct vfio_device *vfio_group_get_device(struct vfio_group *group,
414 struct device *dev)
415 {
416 struct vfio_device *device;
417
418 mutex_lock(&group->device_lock);
419 list_for_each_entry(device, &group->device_list, group_next) {
420 if (device->dev == dev) {
421 vfio_device_get(device);
422 mutex_unlock(&group->device_lock);
423 return device;
424 }
425 }
426 mutex_unlock(&group->device_lock);
427 return NULL;
428 }
429
430 /*
431 * Whitelist some drivers that we know are safe (no dma) or just sit on
432 * a device. It's not always practical to leave a device within a group
433 * driverless as it could get re-bound to something unsafe.
434 */
435 static const char * const vfio_driver_whitelist[] = { "pci-stub", "pcieport" };
436
437 static bool vfio_whitelisted_driver(struct device_driver *drv)
438 {
439 int i;
440
441 for (i = 0; i < ARRAY_SIZE(vfio_driver_whitelist); i++) {
442 if (!strcmp(drv->name, vfio_driver_whitelist[i]))
443 return true;
444 }
445
446 return false;
447 }
448
449 /*
450 * A vfio group is viable for use by userspace if all devices are either
451 * driver-less or bound to a vfio or whitelisted driver. We test the
452 * latter by the existence of a struct vfio_device matching the dev.
453 */
454 static int vfio_dev_viable(struct device *dev, void *data)
455 {
456 struct vfio_group *group = data;
457 struct vfio_device *device;
458 struct device_driver *drv = ACCESS_ONCE(dev->driver);
459
460 if (!drv || vfio_whitelisted_driver(drv))
461 return 0;
462
463 device = vfio_group_get_device(group, dev);
464 if (device) {
465 vfio_device_put(device);
466 return 0;
467 }
468
469 return -EINVAL;
470 }
471
472 /**
473 * Async device support
474 */
475 static int vfio_group_nb_add_dev(struct vfio_group *group, struct device *dev)
476 {
477 struct vfio_device *device;
478
479 /* Do we already know about it? We shouldn't */
480 device = vfio_group_get_device(group, dev);
481 if (WARN_ON_ONCE(device)) {
482 vfio_device_put(device);
483 return 0;
484 }
485
486 /* Nothing to do for idle groups */
487 if (!atomic_read(&group->container_users))
488 return 0;
489
490 /* TODO Prevent device auto probing */
491 WARN("Device %s added to live group %d!\n", dev_name(dev),
492 iommu_group_id(group->iommu_group));
493
494 return 0;
495 }
496
497 static int vfio_group_nb_verify(struct vfio_group *group, struct device *dev)
498 {
499 /* We don't care what happens when the group isn't in use */
500 if (!atomic_read(&group->container_users))
501 return 0;
502
503 return vfio_dev_viable(dev, group);
504 }
505
506 static int vfio_iommu_group_notifier(struct notifier_block *nb,
507 unsigned long action, void *data)
508 {
509 struct vfio_group *group = container_of(nb, struct vfio_group, nb);
510 struct device *dev = data;
511
512 /*
513 * Need to go through a group_lock lookup to get a reference or we
514 * risk racing a group being removed. Ignore spurious notifies.
515 */
516 group = vfio_group_try_get(group);
517 if (!group)
518 return NOTIFY_OK;
519
520 switch (action) {
521 case IOMMU_GROUP_NOTIFY_ADD_DEVICE:
522 vfio_group_nb_add_dev(group, dev);
523 break;
524 case IOMMU_GROUP_NOTIFY_DEL_DEVICE:
525 /*
526 * Nothing to do here. If the device is in use, then the
527 * vfio sub-driver should block the remove callback until
528 * it is unused. If the device is unused or attached to a
529 * stub driver, then it should be released and we don't
530 * care that it will be going away.
531 */
532 break;
533 case IOMMU_GROUP_NOTIFY_BIND_DRIVER:
534 pr_debug("%s: Device %s, group %d binding to driver\n",
535 __func__, dev_name(dev),
536 iommu_group_id(group->iommu_group));
537 break;
538 case IOMMU_GROUP_NOTIFY_BOUND_DRIVER:
539 pr_debug("%s: Device %s, group %d bound to driver %s\n",
540 __func__, dev_name(dev),
541 iommu_group_id(group->iommu_group), dev->driver->name);
542 BUG_ON(vfio_group_nb_verify(group, dev));
543 break;
544 case IOMMU_GROUP_NOTIFY_UNBIND_DRIVER:
545 pr_debug("%s: Device %s, group %d unbinding from driver %s\n",
546 __func__, dev_name(dev),
547 iommu_group_id(group->iommu_group), dev->driver->name);
548 break;
549 case IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER:
550 pr_debug("%s: Device %s, group %d unbound from driver\n",
551 __func__, dev_name(dev),
552 iommu_group_id(group->iommu_group));
553 /*
554 * XXX An unbound device in a live group is ok, but we'd
555 * really like to avoid the above BUG_ON by preventing other
556 * drivers from binding to it. Once that occurs, we have to
557 * stop the system to maintain isolation. At a minimum, we'd
558 * want a toggle to disable driver auto probe for this device.
559 */
560 break;
561 }
562
563 vfio_group_put(group);
564 return NOTIFY_OK;
565 }
566
567 /**
568 * VFIO driver API
569 */
570 int vfio_add_group_dev(struct device *dev,
571 const struct vfio_device_ops *ops, void *device_data)
572 {
573 struct iommu_group *iommu_group;
574 struct vfio_group *group;
575 struct vfio_device *device;
576
577 iommu_group = iommu_group_get(dev);
578 if (!iommu_group)
579 return -EINVAL;
580
581 group = vfio_group_get_from_iommu(iommu_group);
582 if (!group) {
583 group = vfio_create_group(iommu_group);
584 if (IS_ERR(group)) {
585 iommu_group_put(iommu_group);
586 return PTR_ERR(group);
587 }
588 }
589
590 device = vfio_group_get_device(group, dev);
591 if (device) {
592 WARN(1, "Device %s already exists on group %d\n",
593 dev_name(dev), iommu_group_id(iommu_group));
594 vfio_device_put(device);
595 vfio_group_put(group);
596 iommu_group_put(iommu_group);
597 return -EBUSY;
598 }
599
600 device = vfio_group_create_device(group, dev, ops, device_data);
601 if (IS_ERR(device)) {
602 vfio_group_put(group);
603 iommu_group_put(iommu_group);
604 return PTR_ERR(device);
605 }
606
607 /*
608 * Added device holds reference to iommu_group and vfio_device
609 * (which in turn holds reference to vfio_group). Drop extra
610 * group reference used while acquiring device.
611 */
612 vfio_group_put(group);
613
614 return 0;
615 }
616 EXPORT_SYMBOL_GPL(vfio_add_group_dev);
617
618 /**
619 * Get a reference to the vfio_device for a device that is known to
620 * be bound to a vfio driver. The driver implicitly holds a
621 * vfio_device reference between vfio_add_group_dev and
622 * vfio_del_group_dev. We can therefore use drvdata to increment
623 * that reference from the struct device. This additional
624 * reference must be released by calling vfio_device_put.
625 */
626 struct vfio_device *vfio_device_get_from_dev(struct device *dev)
627 {
628 struct vfio_device *device = dev_get_drvdata(dev);
629
630 vfio_device_get(device);
631
632 return device;
633 }
634 EXPORT_SYMBOL_GPL(vfio_device_get_from_dev);
635
636 /*
637 * Caller must hold a reference to the vfio_device
638 */
639 void *vfio_device_data(struct vfio_device *device)
640 {
641 return device->device_data;
642 }
643 EXPORT_SYMBOL_GPL(vfio_device_data);
644
645 /* Given a referenced group, check if it contains the device */
646 static bool vfio_dev_present(struct vfio_group *group, struct device *dev)
647 {
648 struct vfio_device *device;
649
650 device = vfio_group_get_device(group, dev);
651 if (!device)
652 return false;
653
654 vfio_device_put(device);
655 return true;
656 }
657
658 /*
659 * Decrement the device reference count and wait for the device to be
660 * removed. Open file descriptors for the device... */
661 void *vfio_del_group_dev(struct device *dev)
662 {
663 struct vfio_device *device = dev_get_drvdata(dev);
664 struct vfio_group *group = device->group;
665 struct iommu_group *iommu_group = group->iommu_group;
666 void *device_data = device->device_data;
667
668 /*
669 * The group exists so long as we have a device reference. Get
670 * a group reference and use it to scan for the device going away.
671 */
672 vfio_group_get(group);
673
674 vfio_device_put(device);
675
676 /* TODO send a signal to encourage this to be released */
677 wait_event(vfio.release_q, !vfio_dev_present(group, dev));
678
679 vfio_group_put(group);
680
681 iommu_group_put(iommu_group);
682
683 return device_data;
684 }
685 EXPORT_SYMBOL_GPL(vfio_del_group_dev);
686
687 /**
688 * VFIO base fd, /dev/vfio/vfio
689 */
690 static long vfio_ioctl_check_extension(struct vfio_container *container,
691 unsigned long arg)
692 {
693 struct vfio_iommu_driver *driver;
694 long ret = 0;
695
696 down_read(&container->group_lock);
697
698 driver = container->iommu_driver;
699
700 switch (arg) {
701 /* No base extensions yet */
702 default:
703 /*
704 * If no driver is set, poll all registered drivers for
705 * extensions and return the first positive result. If
706 * a driver is already set, further queries will be passed
707 * only to that driver.
708 */
709 if (!driver) {
710 mutex_lock(&vfio.iommu_drivers_lock);
711 list_for_each_entry(driver, &vfio.iommu_drivers_list,
712 vfio_next) {
713 if (!try_module_get(driver->ops->owner))
714 continue;
715
716 ret = driver->ops->ioctl(NULL,
717 VFIO_CHECK_EXTENSION,
718 arg);
719 module_put(driver->ops->owner);
720 if (ret > 0)
721 break;
722 }
723 mutex_unlock(&vfio.iommu_drivers_lock);
724 } else
725 ret = driver->ops->ioctl(container->iommu_data,
726 VFIO_CHECK_EXTENSION, arg);
727 }
728
729 up_read(&container->group_lock);
730
731 return ret;
732 }
733
734 /* hold write lock on container->group_lock */
735 static int __vfio_container_attach_groups(struct vfio_container *container,
736 struct vfio_iommu_driver *driver,
737 void *data)
738 {
739 struct vfio_group *group;
740 int ret = -ENODEV;
741
742 list_for_each_entry(group, &container->group_list, container_next) {
743 ret = driver->ops->attach_group(data, group->iommu_group);
744 if (ret)
745 goto unwind;
746 }
747
748 return ret;
749
750 unwind:
751 list_for_each_entry_continue_reverse(group, &container->group_list,
752 container_next) {
753 driver->ops->detach_group(data, group->iommu_group);
754 }
755
756 return ret;
757 }
758
759 static long vfio_ioctl_set_iommu(struct vfio_container *container,
760 unsigned long arg)
761 {
762 struct vfio_iommu_driver *driver;
763 long ret = -ENODEV;
764
765 down_write(&container->group_lock);
766
767 /*
768 * The container is designed to be an unprivileged interface while
769 * the group can be assigned to specific users. Therefore, only by
770 * adding a group to a container does the user get the privilege of
771 * enabling the iommu, which may allocate finite resources. There
772 * is no unset_iommu, but by removing all the groups from a container,
773 * the container is deprivileged and returns to an unset state.
774 */
775 if (list_empty(&container->group_list) || container->iommu_driver) {
776 up_write(&container->group_lock);
777 return -EINVAL;
778 }
779
780 mutex_lock(&vfio.iommu_drivers_lock);
781 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
782 void *data;
783
784 if (!try_module_get(driver->ops->owner))
785 continue;
786
787 /*
788 * The arg magic for SET_IOMMU is the same as CHECK_EXTENSION,
789 * so test which iommu driver reported support for this
790 * extension and call open on them. We also pass them the
791 * magic, allowing a single driver to support multiple
792 * interfaces if they'd like.
793 */
794 if (driver->ops->ioctl(NULL, VFIO_CHECK_EXTENSION, arg) <= 0) {
795 module_put(driver->ops->owner);
796 continue;
797 }
798
799 /* module reference holds the driver we're working on */
800 mutex_unlock(&vfio.iommu_drivers_lock);
801
802 data = driver->ops->open(arg);
803 if (IS_ERR(data)) {
804 ret = PTR_ERR(data);
805 module_put(driver->ops->owner);
806 goto skip_drivers_unlock;
807 }
808
809 ret = __vfio_container_attach_groups(container, driver, data);
810 if (!ret) {
811 container->iommu_driver = driver;
812 container->iommu_data = data;
813 } else {
814 driver->ops->release(data);
815 module_put(driver->ops->owner);
816 }
817
818 goto skip_drivers_unlock;
819 }
820
821 mutex_unlock(&vfio.iommu_drivers_lock);
822 skip_drivers_unlock:
823 up_write(&container->group_lock);
824
825 return ret;
826 }
827
828 static long vfio_fops_unl_ioctl(struct file *filep,
829 unsigned int cmd, unsigned long arg)
830 {
831 struct vfio_container *container = filep->private_data;
832 struct vfio_iommu_driver *driver;
833 void *data;
834 long ret = -EINVAL;
835
836 if (!container)
837 return ret;
838
839 switch (cmd) {
840 case VFIO_GET_API_VERSION:
841 ret = VFIO_API_VERSION;
842 break;
843 case VFIO_CHECK_EXTENSION:
844 ret = vfio_ioctl_check_extension(container, arg);
845 break;
846 case VFIO_SET_IOMMU:
847 ret = vfio_ioctl_set_iommu(container, arg);
848 break;
849 default:
850 down_read(&container->group_lock);
851
852 driver = container->iommu_driver;
853 data = container->iommu_data;
854
855 if (driver) /* passthrough all unrecognized ioctls */
856 ret = driver->ops->ioctl(data, cmd, arg);
857
858 up_read(&container->group_lock);
859 }
860
861 return ret;
862 }
863
864 #ifdef CONFIG_COMPAT
865 static long vfio_fops_compat_ioctl(struct file *filep,
866 unsigned int cmd, unsigned long arg)
867 {
868 arg = (unsigned long)compat_ptr(arg);
869 return vfio_fops_unl_ioctl(filep, cmd, arg);
870 }
871 #endif /* CONFIG_COMPAT */
872
873 static int vfio_fops_open(struct inode *inode, struct file *filep)
874 {
875 struct vfio_container *container;
876
877 container = kzalloc(sizeof(*container), GFP_KERNEL);
878 if (!container)
879 return -ENOMEM;
880
881 INIT_LIST_HEAD(&container->group_list);
882 init_rwsem(&container->group_lock);
883 kref_init(&container->kref);
884
885 filep->private_data = container;
886
887 return 0;
888 }
889
890 static int vfio_fops_release(struct inode *inode, struct file *filep)
891 {
892 struct vfio_container *container = filep->private_data;
893
894 filep->private_data = NULL;
895
896 vfio_container_put(container);
897
898 return 0;
899 }
900
901 /*
902 * Once an iommu driver is set, we optionally pass read/write/mmap
903 * on to the driver, allowing management interfaces beyond ioctl.
904 */
905 static ssize_t vfio_fops_read(struct file *filep, char __user *buf,
906 size_t count, loff_t *ppos)
907 {
908 struct vfio_container *container = filep->private_data;
909 struct vfio_iommu_driver *driver;
910 ssize_t ret = -EINVAL;
911
912 down_read(&container->group_lock);
913
914 driver = container->iommu_driver;
915 if (likely(driver && driver->ops->read))
916 ret = driver->ops->read(container->iommu_data,
917 buf, count, ppos);
918
919 up_read(&container->group_lock);
920
921 return ret;
922 }
923
924 static ssize_t vfio_fops_write(struct file *filep, const char __user *buf,
925 size_t count, loff_t *ppos)
926 {
927 struct vfio_container *container = filep->private_data;
928 struct vfio_iommu_driver *driver;
929 ssize_t ret = -EINVAL;
930
931 down_read(&container->group_lock);
932
933 driver = container->iommu_driver;
934 if (likely(driver && driver->ops->write))
935 ret = driver->ops->write(container->iommu_data,
936 buf, count, ppos);
937
938 up_read(&container->group_lock);
939
940 return ret;
941 }
942
943 static int vfio_fops_mmap(struct file *filep, struct vm_area_struct *vma)
944 {
945 struct vfio_container *container = filep->private_data;
946 struct vfio_iommu_driver *driver;
947 int ret = -EINVAL;
948
949 down_read(&container->group_lock);
950
951 driver = container->iommu_driver;
952 if (likely(driver && driver->ops->mmap))
953 ret = driver->ops->mmap(container->iommu_data, vma);
954
955 up_read(&container->group_lock);
956
957 return ret;
958 }
959
960 static const struct file_operations vfio_fops = {
961 .owner = THIS_MODULE,
962 .open = vfio_fops_open,
963 .release = vfio_fops_release,
964 .read = vfio_fops_read,
965 .write = vfio_fops_write,
966 .unlocked_ioctl = vfio_fops_unl_ioctl,
967 #ifdef CONFIG_COMPAT
968 .compat_ioctl = vfio_fops_compat_ioctl,
969 #endif
970 .mmap = vfio_fops_mmap,
971 };
972
973 /**
974 * VFIO Group fd, /dev/vfio/$GROUP
975 */
976 static void __vfio_group_unset_container(struct vfio_group *group)
977 {
978 struct vfio_container *container = group->container;
979 struct vfio_iommu_driver *driver;
980
981 down_write(&container->group_lock);
982
983 driver = container->iommu_driver;
984 if (driver)
985 driver->ops->detach_group(container->iommu_data,
986 group->iommu_group);
987
988 group->container = NULL;
989 list_del(&group->container_next);
990
991 /* Detaching the last group deprivileges a container, remove iommu */
992 if (driver && list_empty(&container->group_list)) {
993 driver->ops->release(container->iommu_data);
994 module_put(driver->ops->owner);
995 container->iommu_driver = NULL;
996 container->iommu_data = NULL;
997 }
998
999 up_write(&container->group_lock);
1000
1001 vfio_container_put(container);
1002 }
1003
1004 /*
1005 * VFIO_GROUP_UNSET_CONTAINER should fail if there are other users or
1006 * if there was no container to unset. Since the ioctl is called on
1007 * the group, we know that still exists, therefore the only valid
1008 * transition here is 1->0.
1009 */
1010 static int vfio_group_unset_container(struct vfio_group *group)
1011 {
1012 int users = atomic_cmpxchg(&group->container_users, 1, 0);
1013
1014 if (!users)
1015 return -EINVAL;
1016 if (users != 1)
1017 return -EBUSY;
1018
1019 __vfio_group_unset_container(group);
1020
1021 return 0;
1022 }
1023
1024 /*
1025 * When removing container users, anything that removes the last user
1026 * implicitly removes the group from the container. That is, if the
1027 * group file descriptor is closed, as well as any device file descriptors,
1028 * the group is free.
1029 */
1030 static void vfio_group_try_dissolve_container(struct vfio_group *group)
1031 {
1032 if (0 == atomic_dec_if_positive(&group->container_users))
1033 __vfio_group_unset_container(group);
1034 }
1035
1036 static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1037 {
1038 struct fd f;
1039 struct vfio_container *container;
1040 struct vfio_iommu_driver *driver;
1041 int ret = 0;
1042
1043 if (atomic_read(&group->container_users))
1044 return -EINVAL;
1045
1046 f = fdget(container_fd);
1047 if (!f.file)
1048 return -EBADF;
1049
1050 /* Sanity check, is this really our fd? */
1051 if (f.file->f_op != &vfio_fops) {
1052 fdput(f);
1053 return -EINVAL;
1054 }
1055
1056 container = f.file->private_data;
1057 WARN_ON(!container); /* fget ensures we don't race vfio_release */
1058
1059 down_write(&container->group_lock);
1060
1061 driver = container->iommu_driver;
1062 if (driver) {
1063 ret = driver->ops->attach_group(container->iommu_data,
1064 group->iommu_group);
1065 if (ret)
1066 goto unlock_out;
1067 }
1068
1069 group->container = container;
1070 list_add(&group->container_next, &container->group_list);
1071
1072 /* Get a reference on the container and mark a user within the group */
1073 vfio_container_get(container);
1074 atomic_inc(&group->container_users);
1075
1076 unlock_out:
1077 up_write(&container->group_lock);
1078 fdput(f);
1079 return ret;
1080 }
1081
1082 static bool vfio_group_viable(struct vfio_group *group)
1083 {
1084 return (iommu_group_for_each_dev(group->iommu_group,
1085 group, vfio_dev_viable) == 0);
1086 }
1087
1088 static const struct file_operations vfio_device_fops;
1089
1090 static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
1091 {
1092 struct vfio_device *device;
1093 struct file *filep;
1094 int ret = -ENODEV;
1095
1096 if (0 == atomic_read(&group->container_users) ||
1097 !group->container->iommu_driver || !vfio_group_viable(group))
1098 return -EINVAL;
1099
1100 mutex_lock(&group->device_lock);
1101 list_for_each_entry(device, &group->device_list, group_next) {
1102 if (strcmp(dev_name(device->dev), buf))
1103 continue;
1104
1105 ret = device->ops->open(device->device_data);
1106 if (ret)
1107 break;
1108 /*
1109 * We can't use anon_inode_getfd() because we need to modify
1110 * the f_mode flags directly to allow more than just ioctls
1111 */
1112 ret = get_unused_fd_flags(O_CLOEXEC);
1113 if (ret < 0) {
1114 device->ops->release(device->device_data);
1115 break;
1116 }
1117
1118 filep = anon_inode_getfile("[vfio-device]", &vfio_device_fops,
1119 device, O_RDWR);
1120 if (IS_ERR(filep)) {
1121 put_unused_fd(ret);
1122 ret = PTR_ERR(filep);
1123 device->ops->release(device->device_data);
1124 break;
1125 }
1126
1127 /*
1128 * TODO: add an anon_inode interface to do this.
1129 * Appears to be missing by lack of need rather than
1130 * explicitly prevented. Now there's need.
1131 */
1132 filep->f_mode |= (FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1133
1134 vfio_device_get(device);
1135 atomic_inc(&group->container_users);
1136
1137 fd_install(ret, filep);
1138 break;
1139 }
1140 mutex_unlock(&group->device_lock);
1141
1142 return ret;
1143 }
1144
1145 static long vfio_group_fops_unl_ioctl(struct file *filep,
1146 unsigned int cmd, unsigned long arg)
1147 {
1148 struct vfio_group *group = filep->private_data;
1149 long ret = -ENOTTY;
1150
1151 switch (cmd) {
1152 case VFIO_GROUP_GET_STATUS:
1153 {
1154 struct vfio_group_status status;
1155 unsigned long minsz;
1156
1157 minsz = offsetofend(struct vfio_group_status, flags);
1158
1159 if (copy_from_user(&status, (void __user *)arg, minsz))
1160 return -EFAULT;
1161
1162 if (status.argsz < minsz)
1163 return -EINVAL;
1164
1165 status.flags = 0;
1166
1167 if (vfio_group_viable(group))
1168 status.flags |= VFIO_GROUP_FLAGS_VIABLE;
1169
1170 if (group->container)
1171 status.flags |= VFIO_GROUP_FLAGS_CONTAINER_SET;
1172
1173 if (copy_to_user((void __user *)arg, &status, minsz))
1174 return -EFAULT;
1175
1176 ret = 0;
1177 break;
1178 }
1179 case VFIO_GROUP_SET_CONTAINER:
1180 {
1181 int fd;
1182
1183 if (get_user(fd, (int __user *)arg))
1184 return -EFAULT;
1185
1186 if (fd < 0)
1187 return -EINVAL;
1188
1189 ret = vfio_group_set_container(group, fd);
1190 break;
1191 }
1192 case VFIO_GROUP_UNSET_CONTAINER:
1193 ret = vfio_group_unset_container(group);
1194 break;
1195 case VFIO_GROUP_GET_DEVICE_FD:
1196 {
1197 char *buf;
1198
1199 buf = strndup_user((const char __user *)arg, PAGE_SIZE);
1200 if (IS_ERR(buf))
1201 return PTR_ERR(buf);
1202
1203 ret = vfio_group_get_device_fd(group, buf);
1204 kfree(buf);
1205 break;
1206 }
1207 }
1208
1209 return ret;
1210 }
1211
1212 #ifdef CONFIG_COMPAT
1213 static long vfio_group_fops_compat_ioctl(struct file *filep,
1214 unsigned int cmd, unsigned long arg)
1215 {
1216 arg = (unsigned long)compat_ptr(arg);
1217 return vfio_group_fops_unl_ioctl(filep, cmd, arg);
1218 }
1219 #endif /* CONFIG_COMPAT */
1220
1221 static int vfio_group_fops_open(struct inode *inode, struct file *filep)
1222 {
1223 struct vfio_group *group;
1224 int opened;
1225
1226 group = vfio_group_get_from_minor(iminor(inode));
1227 if (!group)
1228 return -ENODEV;
1229
1230 /* Do we need multiple instances of the group open? Seems not. */
1231 opened = atomic_cmpxchg(&group->opened, 0, 1);
1232 if (opened) {
1233 vfio_group_put(group);
1234 return -EBUSY;
1235 }
1236
1237 /* Is something still in use from a previous open? */
1238 if (group->container) {
1239 atomic_dec(&group->opened);
1240 vfio_group_put(group);
1241 return -EBUSY;
1242 }
1243
1244 filep->private_data = group;
1245
1246 return 0;
1247 }
1248
1249 static int vfio_group_fops_release(struct inode *inode, struct file *filep)
1250 {
1251 struct vfio_group *group = filep->private_data;
1252
1253 filep->private_data = NULL;
1254
1255 vfio_group_try_dissolve_container(group);
1256
1257 atomic_dec(&group->opened);
1258
1259 vfio_group_put(group);
1260
1261 return 0;
1262 }
1263
1264 static const struct file_operations vfio_group_fops = {
1265 .owner = THIS_MODULE,
1266 .unlocked_ioctl = vfio_group_fops_unl_ioctl,
1267 #ifdef CONFIG_COMPAT
1268 .compat_ioctl = vfio_group_fops_compat_ioctl,
1269 #endif
1270 .open = vfio_group_fops_open,
1271 .release = vfio_group_fops_release,
1272 };
1273
1274 /**
1275 * VFIO Device fd
1276 */
1277 static int vfio_device_fops_release(struct inode *inode, struct file *filep)
1278 {
1279 struct vfio_device *device = filep->private_data;
1280
1281 device->ops->release(device->device_data);
1282
1283 vfio_group_try_dissolve_container(device->group);
1284
1285 vfio_device_put(device);
1286
1287 return 0;
1288 }
1289
1290 static long vfio_device_fops_unl_ioctl(struct file *filep,
1291 unsigned int cmd, unsigned long arg)
1292 {
1293 struct vfio_device *device = filep->private_data;
1294
1295 if (unlikely(!device->ops->ioctl))
1296 return -EINVAL;
1297
1298 return device->ops->ioctl(device->device_data, cmd, arg);
1299 }
1300
1301 static ssize_t vfio_device_fops_read(struct file *filep, char __user *buf,
1302 size_t count, loff_t *ppos)
1303 {
1304 struct vfio_device *device = filep->private_data;
1305
1306 if (unlikely(!device->ops->read))
1307 return -EINVAL;
1308
1309 return device->ops->read(device->device_data, buf, count, ppos);
1310 }
1311
1312 static ssize_t vfio_device_fops_write(struct file *filep,
1313 const char __user *buf,
1314 size_t count, loff_t *ppos)
1315 {
1316 struct vfio_device *device = filep->private_data;
1317
1318 if (unlikely(!device->ops->write))
1319 return -EINVAL;
1320
1321 return device->ops->write(device->device_data, buf, count, ppos);
1322 }
1323
1324 static int vfio_device_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1325 {
1326 struct vfio_device *device = filep->private_data;
1327
1328 if (unlikely(!device->ops->mmap))
1329 return -EINVAL;
1330
1331 return device->ops->mmap(device->device_data, vma);
1332 }
1333
1334 #ifdef CONFIG_COMPAT
1335 static long vfio_device_fops_compat_ioctl(struct file *filep,
1336 unsigned int cmd, unsigned long arg)
1337 {
1338 arg = (unsigned long)compat_ptr(arg);
1339 return vfio_device_fops_unl_ioctl(filep, cmd, arg);
1340 }
1341 #endif /* CONFIG_COMPAT */
1342
1343 static const struct file_operations vfio_device_fops = {
1344 .owner = THIS_MODULE,
1345 .release = vfio_device_fops_release,
1346 .read = vfio_device_fops_read,
1347 .write = vfio_device_fops_write,
1348 .unlocked_ioctl = vfio_device_fops_unl_ioctl,
1349 #ifdef CONFIG_COMPAT
1350 .compat_ioctl = vfio_device_fops_compat_ioctl,
1351 #endif
1352 .mmap = vfio_device_fops_mmap,
1353 };
1354
1355 /**
1356 * External user API, exported by symbols to be linked dynamically.
1357 *
1358 * The protocol includes:
1359 * 1. do normal VFIO init operation:
1360 * - opening a new container;
1361 * - attaching group(s) to it;
1362 * - setting an IOMMU driver for a container.
1363 * When IOMMU is set for a container, all groups in it are
1364 * considered ready to use by an external user.
1365 *
1366 * 2. User space passes a group fd to an external user.
1367 * The external user calls vfio_group_get_external_user()
1368 * to verify that:
1369 * - the group is initialized;
1370 * - IOMMU is set for it.
1371 * If both checks passed, vfio_group_get_external_user()
1372 * increments the container user counter to prevent
1373 * the VFIO group from disposal before KVM exits.
1374 *
1375 * 3. The external user calls vfio_external_user_iommu_id()
1376 * to know an IOMMU ID.
1377 *
1378 * 4. When the external KVM finishes, it calls
1379 * vfio_group_put_external_user() to release the VFIO group.
1380 * This call decrements the container user counter.
1381 */
1382 struct vfio_group *vfio_group_get_external_user(struct file *filep)
1383 {
1384 struct vfio_group *group = filep->private_data;
1385
1386 if (filep->f_op != &vfio_group_fops)
1387 return ERR_PTR(-EINVAL);
1388
1389 if (!atomic_inc_not_zero(&group->container_users))
1390 return ERR_PTR(-EINVAL);
1391
1392 if (!group->container->iommu_driver ||
1393 !vfio_group_viable(group)) {
1394 atomic_dec(&group->container_users);
1395 return ERR_PTR(-EINVAL);
1396 }
1397
1398 vfio_group_get(group);
1399
1400 return group;
1401 }
1402 EXPORT_SYMBOL_GPL(vfio_group_get_external_user);
1403
1404 void vfio_group_put_external_user(struct vfio_group *group)
1405 {
1406 vfio_group_put(group);
1407 vfio_group_try_dissolve_container(group);
1408 }
1409 EXPORT_SYMBOL_GPL(vfio_group_put_external_user);
1410
1411 int vfio_external_user_iommu_id(struct vfio_group *group)
1412 {
1413 return iommu_group_id(group->iommu_group);
1414 }
1415 EXPORT_SYMBOL_GPL(vfio_external_user_iommu_id);
1416
1417 /**
1418 * Module/class support
1419 */
1420 static char *vfio_devnode(struct device *dev, umode_t *mode)
1421 {
1422 if (mode && (MINOR(dev->devt) == 0))
1423 *mode = S_IRUGO | S_IWUGO;
1424
1425 return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
1426 }
1427
1428 static int __init vfio_init(void)
1429 {
1430 int ret;
1431
1432 idr_init(&vfio.group_idr);
1433 mutex_init(&vfio.group_lock);
1434 mutex_init(&vfio.iommu_drivers_lock);
1435 INIT_LIST_HEAD(&vfio.group_list);
1436 INIT_LIST_HEAD(&vfio.iommu_drivers_list);
1437 init_waitqueue_head(&vfio.release_q);
1438
1439 vfio.class = class_create(THIS_MODULE, "vfio");
1440 if (IS_ERR(vfio.class)) {
1441 ret = PTR_ERR(vfio.class);
1442 goto err_class;
1443 }
1444
1445 vfio.class->devnode = vfio_devnode;
1446
1447 ret = alloc_chrdev_region(&vfio.devt, 0, MINORMASK, "vfio");
1448 if (ret)
1449 goto err_base_chrdev;
1450
1451 cdev_init(&vfio.cdev, &vfio_fops);
1452 ret = cdev_add(&vfio.cdev, vfio.devt, 1);
1453 if (ret)
1454 goto err_base_cdev;
1455
1456 vfio.dev = device_create(vfio.class, NULL, vfio.devt, NULL, "vfio");
1457 if (IS_ERR(vfio.dev)) {
1458 ret = PTR_ERR(vfio.dev);
1459 goto err_base_dev;
1460 }
1461
1462 /* /dev/vfio/$GROUP */
1463 cdev_init(&vfio.group_cdev, &vfio_group_fops);
1464 ret = cdev_add(&vfio.group_cdev,
1465 MKDEV(MAJOR(vfio.devt), 1), MINORMASK - 1);
1466 if (ret)
1467 goto err_groups_cdev;
1468
1469 pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n");
1470
1471 /*
1472 * Attempt to load known iommu-drivers. This gives us a working
1473 * environment without the user needing to explicitly load iommu
1474 * drivers.
1475 */
1476 request_module_nowait("vfio_iommu_type1");
1477 request_module_nowait("vfio_iommu_spapr_tce");
1478
1479 return 0;
1480
1481 err_groups_cdev:
1482 device_destroy(vfio.class, vfio.devt);
1483 err_base_dev:
1484 cdev_del(&vfio.cdev);
1485 err_base_cdev:
1486 unregister_chrdev_region(vfio.devt, MINORMASK);
1487 err_base_chrdev:
1488 class_destroy(vfio.class);
1489 vfio.class = NULL;
1490 err_class:
1491 return ret;
1492 }
1493
1494 static void __exit vfio_cleanup(void)
1495 {
1496 WARN_ON(!list_empty(&vfio.group_list));
1497
1498 idr_destroy(&vfio.group_idr);
1499 cdev_del(&vfio.group_cdev);
1500 device_destroy(vfio.class, vfio.devt);
1501 cdev_del(&vfio.cdev);
1502 unregister_chrdev_region(vfio.devt, MINORMASK);
1503 class_destroy(vfio.class);
1504 vfio.class = NULL;
1505 }
1506
1507 module_init(vfio_init);
1508 module_exit(vfio_cleanup);
1509
1510 MODULE_VERSION(DRIVER_VERSION);
1511 MODULE_LICENSE("GPL v2");
1512 MODULE_AUTHOR(DRIVER_AUTHOR);
1513 MODULE_DESCRIPTION(DRIVER_DESC);
Linus' kernel tree