1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
13 #include <linux/vfio.h>
14 #include <linux/iommufd.h>
15 #include <linux/anon_inodes.h>
20 struct list_head group_list;
21 struct mutex group_lock; /* locks group_list */
26 static struct vfio_device *vfio_device_get_from_name(struct vfio_group *group,
29 struct vfio_device *it, *device = ERR_PTR(-ENODEV);
31 mutex_lock(&group->device_lock);
32 list_for_each_entry(it, &group->device_list, group_next) {
36 ret = it->ops->match(it, buf);
38 device = ERR_PTR(ret);
42 ret = !strcmp(dev_name(it->dev), buf);
45 if (ret && vfio_device_try_get_registration(it)) {
50 mutex_unlock(&group->device_lock);
56 * VFIO Group fd, /dev/vfio/$GROUP
58 static bool vfio_group_has_iommu(struct vfio_group *group)
60 lockdep_assert_held(&group->group_lock);
62 * There can only be users if there is a container, and if there is a
63 * container there must be users.
65 WARN_ON(!group->container != !group->container_users);
67 return group->container || group->iommufd;
71 * VFIO_GROUP_UNSET_CONTAINER should fail if there are other users or
72 * if there was no container to unset. Since the ioctl is called on
73 * the group, we know that still exists, therefore the only valid
74 * transition here is 1->0.
76 static int vfio_group_ioctl_unset_container(struct vfio_group *group)
80 mutex_lock(&group->group_lock);
81 if (!vfio_group_has_iommu(group)) {
85 if (group->container) {
86 if (group->container_users != 1) {
90 vfio_group_detach_container(group);
93 iommufd_ctx_put(group->iommufd);
94 group->iommufd = NULL;
98 mutex_unlock(&group->group_lock);
102 static int vfio_group_ioctl_set_container(struct vfio_group *group,
105 struct vfio_container *container;
106 struct iommufd_ctx *iommufd;
110 if (get_user(fd, arg))
117 mutex_lock(&group->group_lock);
118 if (vfio_group_has_iommu(group)) {
122 if (!group->iommu_group) {
127 container = vfio_container_from_file(fd_file(f));
129 ret = vfio_container_attach_group(container, group);
133 iommufd = iommufd_ctx_from_file(fd_file(f));
134 if (!IS_ERR(iommufd)) {
135 if (IS_ENABLED(CONFIG_VFIO_NOIOMMU) &&
136 group->type == VFIO_NO_IOMMU)
137 ret = iommufd_vfio_compat_set_no_iommu(iommufd);
139 ret = iommufd_vfio_compat_ioas_create(iommufd);
142 iommufd_ctx_put(iommufd);
146 group->iommufd = iommufd;
150 /* The FD passed is not recognized. */
154 mutex_unlock(&group->group_lock);
158 static void vfio_device_group_get_kvm_safe(struct vfio_device *device)
160 spin_lock(&device->group->kvm_ref_lock);
161 vfio_device_get_kvm_safe(device, device->group->kvm);
162 spin_unlock(&device->group->kvm_ref_lock);
165 static int vfio_df_group_open(struct vfio_device_file *df)
167 struct vfio_device *device = df->device;
170 mutex_lock(&device->group->group_lock);
171 if (!vfio_group_has_iommu(device->group)) {
176 mutex_lock(&device->dev_set->lock);
179 * Before the first device open, get the KVM pointer currently
180 * associated with the group (if there is one) and obtain a reference
181 * now that will be held until the open_count reaches 0 again. Save
182 * the pointer in the device for use by drivers.
184 if (device->open_count == 0)
185 vfio_device_group_get_kvm_safe(device);
187 df->iommufd = device->group->iommufd;
188 if (df->iommufd && vfio_device_is_noiommu(device) && device->open_count == 0) {
190 * Require no compat ioas to be assigned to proceed. The basic
191 * statement is that the user cannot have done something that
192 * implies they expected translation to exist
194 if (!capable(CAP_SYS_RAWIO) ||
195 vfio_iommufd_device_has_compat_ioas(device, df->iommufd))
202 ret = vfio_df_open(df);
206 if (df->iommufd && device->open_count == 1) {
207 ret = vfio_iommufd_compat_attach_ioas(device, df->iommufd);
209 goto out_close_device;
213 * Paired with smp_load_acquire() in vfio_device_fops::ioctl/
214 * read/write/mmap and vfio_file_has_device_access()
216 smp_store_release(&df->access_granted, true);
218 mutex_unlock(&device->dev_set->lock);
219 mutex_unlock(&device->group->group_lock);
226 if (device->open_count == 0)
227 vfio_device_put_kvm(device);
228 mutex_unlock(&device->dev_set->lock);
230 mutex_unlock(&device->group->group_lock);
234 void vfio_df_group_close(struct vfio_device_file *df)
236 struct vfio_device *device = df->device;
238 mutex_lock(&device->group->group_lock);
239 mutex_lock(&device->dev_set->lock);
244 if (device->open_count == 0)
245 vfio_device_put_kvm(device);
247 mutex_unlock(&device->dev_set->lock);
248 mutex_unlock(&device->group->group_lock);
251 static struct file *vfio_device_open_file(struct vfio_device *device)
253 struct vfio_device_file *df;
257 df = vfio_allocate_device_file(device);
263 df->group = device->group;
265 ret = vfio_df_group_open(df);
270 * We can't use anon_inode_getfd() because we need to modify
271 * the f_mode flags directly to allow more than just ioctls
273 filep = anon_inode_getfile("[vfio-device]", &vfio_device_fops,
276 ret = PTR_ERR(filep);
277 goto err_close_device;
281 * TODO: add an anon_inode interface to do this.
282 * Appears to be missing by lack of need rather than
283 * explicitly prevented. Now there's need.
285 filep->f_mode |= (FMODE_PREAD | FMODE_PWRITE);
288 * Use the pseudo fs inode on the device to link all mmaps
289 * to the same address space, allowing us to unmap all vmas
290 * associated to this device using unmap_mapping_range().
292 filep->f_mapping = device->inode->i_mapping;
294 if (device->group->type == VFIO_NO_IOMMU)
295 dev_warn(device->dev, "vfio-noiommu device opened by user "
296 "(%s:%d)\n", current->comm, task_pid_nr(current));
298 * On success the ref of device is moved to the file and
299 * put in vfio_device_fops_release()
304 vfio_df_group_close(df);
311 static int vfio_group_ioctl_get_device_fd(struct vfio_group *group,
314 struct vfio_device *device;
320 buf = strndup_user(arg, PAGE_SIZE);
324 device = vfio_device_get_from_name(group, buf);
327 return PTR_ERR(device);
329 fdno = get_unused_fd_flags(O_CLOEXEC);
335 filep = vfio_device_open_file(device);
337 ret = PTR_ERR(filep);
341 fd_install(fdno, filep);
347 vfio_device_put_registration(device);
351 static int vfio_group_ioctl_get_status(struct vfio_group *group,
352 struct vfio_group_status __user *arg)
354 unsigned long minsz = offsetofend(struct vfio_group_status, flags);
355 struct vfio_group_status status;
357 if (copy_from_user(&status, arg, minsz))
360 if (status.argsz < minsz)
365 mutex_lock(&group->group_lock);
366 if (!group->iommu_group) {
367 mutex_unlock(&group->group_lock);
372 * With the container FD the iommu_group_claim_dma_owner() is done
373 * during SET_CONTAINER but for IOMMFD this is done during
374 * VFIO_GROUP_GET_DEVICE_FD. Meaning that with iommufd
375 * VFIO_GROUP_FLAGS_VIABLE could be set but GET_DEVICE_FD will fail due
378 if (vfio_group_has_iommu(group))
379 status.flags |= VFIO_GROUP_FLAGS_CONTAINER_SET |
380 VFIO_GROUP_FLAGS_VIABLE;
381 else if (!iommu_group_dma_owner_claimed(group->iommu_group))
382 status.flags |= VFIO_GROUP_FLAGS_VIABLE;
383 mutex_unlock(&group->group_lock);
385 if (copy_to_user(arg, &status, minsz))
390 static long vfio_group_fops_unl_ioctl(struct file *filep,
391 unsigned int cmd, unsigned long arg)
393 struct vfio_group *group = filep->private_data;
394 void __user *uarg = (void __user *)arg;
397 case VFIO_GROUP_GET_DEVICE_FD:
398 return vfio_group_ioctl_get_device_fd(group, uarg);
399 case VFIO_GROUP_GET_STATUS:
400 return vfio_group_ioctl_get_status(group, uarg);
401 case VFIO_GROUP_SET_CONTAINER:
402 return vfio_group_ioctl_set_container(group, uarg);
403 case VFIO_GROUP_UNSET_CONTAINER:
404 return vfio_group_ioctl_unset_container(group);
410 int vfio_device_block_group(struct vfio_device *device)
412 struct vfio_group *group = device->group;
415 mutex_lock(&group->group_lock);
416 if (group->opened_file) {
421 group->cdev_device_open_cnt++;
424 mutex_unlock(&group->group_lock);
428 void vfio_device_unblock_group(struct vfio_device *device)
430 struct vfio_group *group = device->group;
432 mutex_lock(&group->group_lock);
433 group->cdev_device_open_cnt--;
434 mutex_unlock(&group->group_lock);
437 static int vfio_group_fops_open(struct inode *inode, struct file *filep)
439 struct vfio_group *group =
440 container_of(inode->i_cdev, struct vfio_group, cdev);
443 mutex_lock(&group->group_lock);
446 * drivers can be zero if this races with vfio_device_remove_group(), it
447 * will be stable at 0 under the group rwsem
449 if (refcount_read(&group->drivers) == 0) {
454 if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO)) {
459 if (group->cdev_device_open_cnt) {
465 * Do we need multiple instances of the group open? Seems not.
467 if (group->opened_file) {
471 group->opened_file = filep;
472 filep->private_data = group;
475 mutex_unlock(&group->group_lock);
479 static int vfio_group_fops_release(struct inode *inode, struct file *filep)
481 struct vfio_group *group = filep->private_data;
483 filep->private_data = NULL;
485 mutex_lock(&group->group_lock);
487 * Device FDs hold a group file reference, therefore the group release
488 * is only called when there are no open devices.
490 WARN_ON(group->notifier.head);
491 if (group->container)
492 vfio_group_detach_container(group);
493 if (group->iommufd) {
494 iommufd_ctx_put(group->iommufd);
495 group->iommufd = NULL;
497 group->opened_file = NULL;
498 mutex_unlock(&group->group_lock);
502 static const struct file_operations vfio_group_fops = {
503 .owner = THIS_MODULE,
504 .unlocked_ioctl = vfio_group_fops_unl_ioctl,
505 .compat_ioctl = compat_ptr_ioctl,
506 .open = vfio_group_fops_open,
507 .release = vfio_group_fops_release,
511 * Group objects - create, release, get, put, search
513 static struct vfio_group *
514 vfio_group_find_from_iommu(struct iommu_group *iommu_group)
516 struct vfio_group *group;
518 lockdep_assert_held(&vfio.group_lock);
521 * group->iommu_group from the vfio.group_list cannot be NULL
522 * under the vfio.group_lock.
524 list_for_each_entry(group, &vfio.group_list, vfio_next) {
525 if (group->iommu_group == iommu_group)
531 static void vfio_group_release(struct device *dev)
533 struct vfio_group *group = container_of(dev, struct vfio_group, dev);
535 mutex_destroy(&group->device_lock);
536 mutex_destroy(&group->group_lock);
537 WARN_ON(group->iommu_group);
538 WARN_ON(group->cdev_device_open_cnt);
539 ida_free(&vfio.group_ida, MINOR(group->dev.devt));
543 static struct vfio_group *vfio_group_alloc(struct iommu_group *iommu_group,
544 enum vfio_group_type type)
546 struct vfio_group *group;
549 group = kzalloc(sizeof(*group), GFP_KERNEL);
551 return ERR_PTR(-ENOMEM);
553 minor = ida_alloc_max(&vfio.group_ida, MINORMASK, GFP_KERNEL);
556 return ERR_PTR(minor);
559 device_initialize(&group->dev);
560 group->dev.devt = MKDEV(MAJOR(vfio.group_devt), minor);
561 group->dev.class = vfio.class;
562 group->dev.release = vfio_group_release;
563 cdev_init(&group->cdev, &vfio_group_fops);
564 group->cdev.owner = THIS_MODULE;
566 refcount_set(&group->drivers, 1);
567 mutex_init(&group->group_lock);
568 spin_lock_init(&group->kvm_ref_lock);
569 INIT_LIST_HEAD(&group->device_list);
570 mutex_init(&group->device_lock);
571 group->iommu_group = iommu_group;
572 /* put in vfio_group_release() */
573 iommu_group_ref_get(iommu_group);
575 BLOCKING_INIT_NOTIFIER_HEAD(&group->notifier);
580 static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group,
581 enum vfio_group_type type)
583 struct vfio_group *group;
584 struct vfio_group *ret;
587 lockdep_assert_held(&vfio.group_lock);
589 group = vfio_group_alloc(iommu_group, type);
593 err = dev_set_name(&group->dev, "%s%d",
594 group->type == VFIO_NO_IOMMU ? "noiommu-" : "",
595 iommu_group_id(iommu_group));
601 err = cdev_device_add(&group->cdev, &group->dev);
607 list_add(&group->vfio_next, &vfio.group_list);
612 put_device(&group->dev);
616 static struct vfio_group *vfio_noiommu_group_alloc(struct device *dev,
617 enum vfio_group_type type)
619 struct iommu_group *iommu_group;
620 struct vfio_group *group;
623 iommu_group = iommu_group_alloc();
624 if (IS_ERR(iommu_group))
625 return ERR_CAST(iommu_group);
627 ret = iommu_group_set_name(iommu_group, "vfio-noiommu");
630 ret = iommu_group_add_device(iommu_group, dev);
634 mutex_lock(&vfio.group_lock);
635 group = vfio_create_group(iommu_group, type);
636 mutex_unlock(&vfio.group_lock);
638 ret = PTR_ERR(group);
639 goto out_remove_device;
641 iommu_group_put(iommu_group);
645 iommu_group_remove_device(dev);
647 iommu_group_put(iommu_group);
651 static bool vfio_group_has_device(struct vfio_group *group, struct device *dev)
653 struct vfio_device *device;
655 mutex_lock(&group->device_lock);
656 list_for_each_entry(device, &group->device_list, group_next) {
657 if (device->dev == dev) {
658 mutex_unlock(&group->device_lock);
662 mutex_unlock(&group->device_lock);
666 static struct vfio_group *vfio_group_find_or_alloc(struct device *dev)
668 struct iommu_group *iommu_group;
669 struct vfio_group *group;
671 iommu_group = iommu_group_get(dev);
672 if (!iommu_group && vfio_noiommu) {
674 * With noiommu enabled, create an IOMMU group for devices that
675 * don't already have one, implying no IOMMU hardware/driver
676 * exists. Taint the kernel because we're about to give a DMA
677 * capable device to a user without IOMMU protection.
679 group = vfio_noiommu_group_alloc(dev, VFIO_NO_IOMMU);
680 if (!IS_ERR(group)) {
681 add_taint(TAINT_USER, LOCKDEP_STILL_OK);
682 dev_warn(dev, "Adding kernel taint for vfio-noiommu group on device\n");
688 return ERR_PTR(-EINVAL);
690 mutex_lock(&vfio.group_lock);
691 group = vfio_group_find_from_iommu(iommu_group);
693 if (WARN_ON(vfio_group_has_device(group, dev)))
694 group = ERR_PTR(-EINVAL);
696 refcount_inc(&group->drivers);
698 group = vfio_create_group(iommu_group, VFIO_IOMMU);
700 mutex_unlock(&vfio.group_lock);
702 /* The vfio_group holds a reference to the iommu_group */
703 iommu_group_put(iommu_group);
707 int vfio_device_set_group(struct vfio_device *device,
708 enum vfio_group_type type)
710 struct vfio_group *group;
712 if (type == VFIO_IOMMU)
713 group = vfio_group_find_or_alloc(device->dev);
715 group = vfio_noiommu_group_alloc(device->dev, type);
718 return PTR_ERR(group);
720 /* Our reference on group is moved to the device */
721 device->group = group;
725 void vfio_device_remove_group(struct vfio_device *device)
727 struct vfio_group *group = device->group;
728 struct iommu_group *iommu_group;
730 if (group->type == VFIO_NO_IOMMU || group->type == VFIO_EMULATED_IOMMU)
731 iommu_group_remove_device(device->dev);
733 /* Pairs with vfio_create_group() / vfio_group_get_from_iommu() */
734 if (!refcount_dec_and_mutex_lock(&group->drivers, &vfio.group_lock))
736 list_del(&group->vfio_next);
739 * We could concurrently probe another driver in the group that might
740 * race vfio_device_remove_group() with vfio_get_group(), so we have to
741 * ensure that the sysfs is all cleaned up under lock otherwise the
742 * cdev_device_add() will fail due to the name aready existing.
744 cdev_device_del(&group->cdev, &group->dev);
746 mutex_lock(&group->group_lock);
748 * These data structures all have paired operations that can only be
749 * undone when the caller holds a live reference on the device. Since
750 * all pairs must be undone these WARN_ON's indicate some caller did not
751 * properly hold the group reference.
753 WARN_ON(!list_empty(&group->device_list));
754 WARN_ON(group->notifier.head);
757 * Revoke all users of group->iommu_group. At this point we know there
758 * are no devices active because we are unplugging the last one. Setting
759 * iommu_group to NULL blocks all new users.
761 if (group->container)
762 vfio_group_detach_container(group);
763 iommu_group = group->iommu_group;
764 group->iommu_group = NULL;
765 mutex_unlock(&group->group_lock);
766 mutex_unlock(&vfio.group_lock);
768 iommu_group_put(iommu_group);
769 put_device(&group->dev);
772 void vfio_device_group_register(struct vfio_device *device)
774 mutex_lock(&device->group->device_lock);
775 list_add(&device->group_next, &device->group->device_list);
776 mutex_unlock(&device->group->device_lock);
779 void vfio_device_group_unregister(struct vfio_device *device)
781 mutex_lock(&device->group->device_lock);
782 list_del(&device->group_next);
783 mutex_unlock(&device->group->device_lock);
786 int vfio_device_group_use_iommu(struct vfio_device *device)
788 struct vfio_group *group = device->group;
791 lockdep_assert_held(&group->group_lock);
793 if (WARN_ON(!group->container))
796 ret = vfio_group_use_container(group);
799 vfio_device_container_register(device);
803 void vfio_device_group_unuse_iommu(struct vfio_device *device)
805 struct vfio_group *group = device->group;
807 lockdep_assert_held(&group->group_lock);
809 if (WARN_ON(!group->container))
812 vfio_device_container_unregister(device);
813 vfio_group_unuse_container(group);
816 bool vfio_device_has_container(struct vfio_device *device)
818 return device->group->container;
821 struct vfio_group *vfio_group_from_file(struct file *file)
823 struct vfio_group *group = file->private_data;
825 if (file->f_op != &vfio_group_fops)
831 * vfio_file_iommu_group - Return the struct iommu_group for the vfio group file
832 * @file: VFIO group file
834 * The returned iommu_group is valid as long as a ref is held on the file. This
835 * returns a reference on the group. This function is deprecated, only the SPAPR
836 * path in kvm should call it.
838 struct iommu_group *vfio_file_iommu_group(struct file *file)
840 struct vfio_group *group = vfio_group_from_file(file);
841 struct iommu_group *iommu_group = NULL;
843 if (!IS_ENABLED(CONFIG_SPAPR_TCE_IOMMU))
849 mutex_lock(&group->group_lock);
850 if (group->iommu_group) {
851 iommu_group = group->iommu_group;
852 iommu_group_ref_get(iommu_group);
854 mutex_unlock(&group->group_lock);
857 EXPORT_SYMBOL_GPL(vfio_file_iommu_group);
860 * vfio_file_is_group - True if the file is a vfio group file
861 * @file: VFIO group file
863 bool vfio_file_is_group(struct file *file)
865 return vfio_group_from_file(file);
867 EXPORT_SYMBOL_GPL(vfio_file_is_group);
869 bool vfio_group_enforced_coherent(struct vfio_group *group)
871 struct vfio_device *device;
875 * If the device does not have IOMMU_CAP_ENFORCE_CACHE_COHERENCY then
876 * any domain later attached to it will also not support it. If the cap
877 * is set then the iommu_domain eventually attached to the device/group
878 * must use a domain with enforce_cache_coherency().
880 mutex_lock(&group->device_lock);
881 list_for_each_entry(device, &group->device_list, group_next) {
882 if (!device_iommu_capable(device->dev,
883 IOMMU_CAP_ENFORCE_CACHE_COHERENCY)) {
888 mutex_unlock(&group->device_lock);
892 void vfio_group_set_kvm(struct vfio_group *group, struct kvm *kvm)
894 spin_lock(&group->kvm_ref_lock);
896 spin_unlock(&group->kvm_ref_lock);
900 * vfio_file_has_dev - True if the VFIO file is a handle for device
901 * @file: VFIO file to check
902 * @device: Device that must be part of the file
904 * Returns true if given file has permission to manipulate the given device.
906 bool vfio_file_has_dev(struct file *file, struct vfio_device *device)
908 struct vfio_group *group = vfio_group_from_file(file);
913 return group == device->group;
915 EXPORT_SYMBOL_GPL(vfio_file_has_dev);
917 static char *vfio_devnode(const struct device *dev, umode_t *mode)
919 return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
922 int __init vfio_group_init(void)
926 ida_init(&vfio.group_ida);
927 mutex_init(&vfio.group_lock);
928 INIT_LIST_HEAD(&vfio.group_list);
930 ret = vfio_container_init();
934 /* /dev/vfio/$GROUP */
935 vfio.class = class_create("vfio");
936 if (IS_ERR(vfio.class)) {
937 ret = PTR_ERR(vfio.class);
938 goto err_group_class;
941 vfio.class->devnode = vfio_devnode;
943 ret = alloc_chrdev_region(&vfio.group_devt, 0, MINORMASK + 1, "vfio");
945 goto err_alloc_chrdev;
949 class_destroy(vfio.class);
952 vfio_container_cleanup();
956 void vfio_group_cleanup(void)
958 WARN_ON(!list_empty(&vfio.group_list));
959 ida_destroy(&vfio.group_ida);
960 unregister_chrdev_region(vfio.group_devt, MINORMASK + 1);
961 class_destroy(vfio.class);
963 vfio_container_cleanup();
projects / J-linux.git / blob