1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (C) 2018-2020 Intel Corporation.
4 * Copyright (C) 2020 Red Hat, Inc.
9 * Thanks Michael S. Tsirkin for the valuable comments and
10 * suggestions. And thanks to Cunming Liang and Zhihong Wang for all
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/cdev.h>
17 #include <linux/device.h>
19 #include <linux/slab.h>
20 #include <linux/iommu.h>
21 #include <linux/uuid.h>
22 #include <linux/vdpa.h>
23 #include <linux/nospec.h>
24 #include <linux/vhost.h>
29 VHOST_VDPA_BACKEND_FEATURES =
30 (1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2) |
31 (1ULL << VHOST_BACKEND_F_IOTLB_BATCH) |
32 (1ULL << VHOST_BACKEND_F_IOTLB_ASID),
35 #define VHOST_VDPA_DEV_MAX (1U << MINORBITS)
37 #define VHOST_VDPA_IOTLB_BUCKETS 16
39 struct vhost_vdpa_as {
40 struct hlist_node hash_link;
41 struct vhost_iotlb iotlb;
46 struct vhost_dev vdev;
47 struct iommu_domain *domain;
48 struct vhost_virtqueue *vqs;
49 struct completion completion;
50 struct vdpa_device *vdpa;
51 struct hlist_head as[VHOST_VDPA_IOTLB_BUCKETS];
58 struct eventfd_ctx *config_ctx;
60 struct vdpa_iova_range range;
65 static DEFINE_IDA(vhost_vdpa_ida);
67 static dev_t vhost_vdpa_major;
69 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
70 struct vhost_iotlb *iotlb, u64 start,
73 static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb)
75 struct vhost_vdpa_as *as = container_of(iotlb, struct
76 vhost_vdpa_as, iotlb);
80 static struct vhost_vdpa_as *asid_to_as(struct vhost_vdpa *v, u32 asid)
82 struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
83 struct vhost_vdpa_as *as;
85 hlist_for_each_entry(as, head, hash_link)
92 static struct vhost_iotlb *asid_to_iotlb(struct vhost_vdpa *v, u32 asid)
94 struct vhost_vdpa_as *as = asid_to_as(v, asid);
102 static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid)
104 struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
105 struct vhost_vdpa_as *as;
107 if (asid_to_as(v, asid))
110 if (asid >= v->vdpa->nas)
113 as = kmalloc(sizeof(*as), GFP_KERNEL);
117 vhost_iotlb_init(&as->iotlb, 0, 0);
119 hlist_add_head(&as->hash_link, head);
124 static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v,
127 struct vhost_vdpa_as *as = asid_to_as(v, asid);
132 return vhost_vdpa_alloc_as(v, asid);
135 static void vhost_vdpa_reset_map(struct vhost_vdpa *v, u32 asid)
137 struct vdpa_device *vdpa = v->vdpa;
138 const struct vdpa_config_ops *ops = vdpa->config;
141 ops->reset_map(vdpa, asid);
144 static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid)
146 struct vhost_vdpa_as *as = asid_to_as(v, asid);
151 hlist_del(&as->hash_link);
152 vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid);
154 * Devices with vendor specific IOMMU may need to restore
155 * iotlb to the initial or default state, which cannot be
156 * cleaned up in the all range unmap call above. Give them
157 * a chance to clean up or reset the map to the desired
160 vhost_vdpa_reset_map(v, asid);
166 static void handle_vq_kick(struct vhost_work *work)
168 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
170 struct vhost_vdpa *v = container_of(vq->dev, struct vhost_vdpa, vdev);
171 const struct vdpa_config_ops *ops = v->vdpa->config;
173 ops->kick_vq(v->vdpa, vq - v->vqs);
176 static irqreturn_t vhost_vdpa_virtqueue_cb(void *private)
178 struct vhost_virtqueue *vq = private;
179 struct eventfd_ctx *call_ctx = vq->call_ctx.ctx;
182 eventfd_signal(call_ctx);
187 static irqreturn_t vhost_vdpa_config_cb(void *private)
189 struct vhost_vdpa *v = private;
190 struct eventfd_ctx *config_ctx = v->config_ctx;
193 eventfd_signal(config_ctx);
198 static void vhost_vdpa_setup_vq_irq(struct vhost_vdpa *v, u16 qid)
200 struct vhost_virtqueue *vq = &v->vqs[qid];
201 const struct vdpa_config_ops *ops = v->vdpa->config;
202 struct vdpa_device *vdpa = v->vdpa;
205 if (!ops->get_vq_irq)
208 irq = ops->get_vq_irq(vdpa, qid);
212 if (!vq->call_ctx.ctx)
215 vq->call_ctx.producer.irq = irq;
216 ret = irq_bypass_register_producer(&vq->call_ctx.producer);
218 dev_info(&v->dev, "vq %u, irq bypass producer (token %p) registration fails, ret = %d\n",
219 qid, vq->call_ctx.producer.token, ret);
222 static void vhost_vdpa_unsetup_vq_irq(struct vhost_vdpa *v, u16 qid)
224 struct vhost_virtqueue *vq = &v->vqs[qid];
226 irq_bypass_unregister_producer(&vq->call_ctx.producer);
229 static int _compat_vdpa_reset(struct vhost_vdpa *v)
231 struct vdpa_device *vdpa = v->vdpa;
234 v->suspended = false;
237 flags |= !vhost_backend_has_feature(v->vdev.vqs[0],
238 VHOST_BACKEND_F_IOTLB_PERSIST) ?
239 VDPA_RESET_F_CLEAN_MAP : 0;
242 return vdpa_reset(vdpa, flags);
245 static int vhost_vdpa_reset(struct vhost_vdpa *v)
248 return _compat_vdpa_reset(v);
251 static long vhost_vdpa_bind_mm(struct vhost_vdpa *v)
253 struct vdpa_device *vdpa = v->vdpa;
254 const struct vdpa_config_ops *ops = vdpa->config;
256 if (!vdpa->use_va || !ops->bind_mm)
259 return ops->bind_mm(vdpa, v->vdev.mm);
262 static void vhost_vdpa_unbind_mm(struct vhost_vdpa *v)
264 struct vdpa_device *vdpa = v->vdpa;
265 const struct vdpa_config_ops *ops = vdpa->config;
267 if (!vdpa->use_va || !ops->unbind_mm)
270 ops->unbind_mm(vdpa);
273 static long vhost_vdpa_get_device_id(struct vhost_vdpa *v, u8 __user *argp)
275 struct vdpa_device *vdpa = v->vdpa;
276 const struct vdpa_config_ops *ops = vdpa->config;
279 device_id = ops->get_device_id(vdpa);
281 if (copy_to_user(argp, &device_id, sizeof(device_id)))
287 static long vhost_vdpa_get_status(struct vhost_vdpa *v, u8 __user *statusp)
289 struct vdpa_device *vdpa = v->vdpa;
290 const struct vdpa_config_ops *ops = vdpa->config;
293 status = ops->get_status(vdpa);
295 if (copy_to_user(statusp, &status, sizeof(status)))
301 static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
303 struct vdpa_device *vdpa = v->vdpa;
304 const struct vdpa_config_ops *ops = vdpa->config;
305 u8 status, status_old;
310 if (copy_from_user(&status, statusp, sizeof(status)))
313 status_old = ops->get_status(vdpa);
316 * Userspace shouldn't remove status bits unless reset the
319 if (status != 0 && (status_old & ~status) != 0)
322 if ((status_old & VIRTIO_CONFIG_S_DRIVER_OK) && !(status & VIRTIO_CONFIG_S_DRIVER_OK))
323 for (i = 0; i < nvqs; i++)
324 vhost_vdpa_unsetup_vq_irq(v, i);
327 ret = _compat_vdpa_reset(v);
331 vdpa_set_status(vdpa, status);
333 if ((status & VIRTIO_CONFIG_S_DRIVER_OK) && !(status_old & VIRTIO_CONFIG_S_DRIVER_OK))
334 for (i = 0; i < nvqs; i++)
335 vhost_vdpa_setup_vq_irq(v, i);
340 static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
341 struct vhost_vdpa_config *c)
343 struct vdpa_device *vdpa = v->vdpa;
344 size_t size = vdpa->config->get_config_size(vdpa);
346 if (c->len == 0 || c->off > size)
349 if (c->len > size - c->off)
355 static long vhost_vdpa_get_config(struct vhost_vdpa *v,
356 struct vhost_vdpa_config __user *c)
358 struct vdpa_device *vdpa = v->vdpa;
359 struct vhost_vdpa_config config;
360 unsigned long size = offsetof(struct vhost_vdpa_config, buf);
363 if (copy_from_user(&config, c, size))
365 if (vhost_vdpa_config_validate(v, &config))
367 buf = kvzalloc(config.len, GFP_KERNEL);
371 vdpa_get_config(vdpa, config.off, buf, config.len);
373 if (copy_to_user(c->buf, buf, config.len)) {
382 static long vhost_vdpa_set_config(struct vhost_vdpa *v,
383 struct vhost_vdpa_config __user *c)
385 struct vdpa_device *vdpa = v->vdpa;
386 struct vhost_vdpa_config config;
387 unsigned long size = offsetof(struct vhost_vdpa_config, buf);
390 if (copy_from_user(&config, c, size))
392 if (vhost_vdpa_config_validate(v, &config))
395 buf = vmemdup_user(c->buf, config.len);
399 vdpa_set_config(vdpa, config.off, buf, config.len);
405 static bool vhost_vdpa_can_suspend(const struct vhost_vdpa *v)
407 struct vdpa_device *vdpa = v->vdpa;
408 const struct vdpa_config_ops *ops = vdpa->config;
413 static bool vhost_vdpa_can_resume(const struct vhost_vdpa *v)
415 struct vdpa_device *vdpa = v->vdpa;
416 const struct vdpa_config_ops *ops = vdpa->config;
421 static bool vhost_vdpa_has_desc_group(const struct vhost_vdpa *v)
423 struct vdpa_device *vdpa = v->vdpa;
424 const struct vdpa_config_ops *ops = vdpa->config;
426 return ops->get_vq_desc_group;
429 static long vhost_vdpa_get_features(struct vhost_vdpa *v, u64 __user *featurep)
431 struct vdpa_device *vdpa = v->vdpa;
432 const struct vdpa_config_ops *ops = vdpa->config;
435 features = ops->get_device_features(vdpa);
437 if (copy_to_user(featurep, &features, sizeof(features)))
443 static u64 vhost_vdpa_get_backend_features(const struct vhost_vdpa *v)
445 struct vdpa_device *vdpa = v->vdpa;
446 const struct vdpa_config_ops *ops = vdpa->config;
448 if (!ops->get_backend_features)
451 return ops->get_backend_features(vdpa);
454 static bool vhost_vdpa_has_persistent_map(const struct vhost_vdpa *v)
456 struct vdpa_device *vdpa = v->vdpa;
457 const struct vdpa_config_ops *ops = vdpa->config;
459 return (!ops->set_map && !ops->dma_map) || ops->reset_map ||
460 vhost_vdpa_get_backend_features(v) & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST);
463 static long vhost_vdpa_set_features(struct vhost_vdpa *v, u64 __user *featurep)
465 struct vdpa_device *vdpa = v->vdpa;
466 const struct vdpa_config_ops *ops = vdpa->config;
467 struct vhost_dev *d = &v->vdev;
473 * It's not allowed to change the features after they have
476 if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_FEATURES_OK)
479 if (copy_from_user(&features, featurep, sizeof(features)))
482 if (vdpa_set_features(vdpa, features))
485 /* let the vqs know what has been configured */
486 actual_features = ops->get_driver_features(vdpa);
487 for (i = 0; i < d->nvqs; ++i) {
488 struct vhost_virtqueue *vq = d->vqs[i];
490 mutex_lock(&vq->mutex);
491 vq->acked_features = actual_features;
492 mutex_unlock(&vq->mutex);
498 static long vhost_vdpa_get_vring_num(struct vhost_vdpa *v, u16 __user *argp)
500 struct vdpa_device *vdpa = v->vdpa;
501 const struct vdpa_config_ops *ops = vdpa->config;
504 num = ops->get_vq_num_max(vdpa);
506 if (copy_to_user(argp, &num, sizeof(num)))
512 static void vhost_vdpa_config_put(struct vhost_vdpa *v)
515 eventfd_ctx_put(v->config_ctx);
516 v->config_ctx = NULL;
520 static long vhost_vdpa_set_config_call(struct vhost_vdpa *v, u32 __user *argp)
522 struct vdpa_callback cb;
524 struct eventfd_ctx *ctx;
526 cb.callback = vhost_vdpa_config_cb;
528 if (copy_from_user(&fd, argp, sizeof(fd)))
531 ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd);
532 swap(ctx, v->config_ctx);
534 if (!IS_ERR_OR_NULL(ctx))
535 eventfd_ctx_put(ctx);
537 if (IS_ERR(v->config_ctx)) {
538 long ret = PTR_ERR(v->config_ctx);
540 v->config_ctx = NULL;
544 v->vdpa->config->set_config_cb(v->vdpa, &cb);
549 static long vhost_vdpa_get_iova_range(struct vhost_vdpa *v, u32 __user *argp)
551 struct vhost_vdpa_iova_range range = {
552 .first = v->range.first,
553 .last = v->range.last,
556 if (copy_to_user(argp, &range, sizeof(range)))
561 static long vhost_vdpa_get_config_size(struct vhost_vdpa *v, u32 __user *argp)
563 struct vdpa_device *vdpa = v->vdpa;
564 const struct vdpa_config_ops *ops = vdpa->config;
567 size = ops->get_config_size(vdpa);
569 if (copy_to_user(argp, &size, sizeof(size)))
575 static long vhost_vdpa_get_vqs_count(struct vhost_vdpa *v, u32 __user *argp)
577 struct vdpa_device *vdpa = v->vdpa;
579 if (copy_to_user(argp, &vdpa->nvqs, sizeof(vdpa->nvqs)))
585 /* After a successful return of ioctl the device must not process more
586 * virtqueue descriptors. The device can answer to read or writes of config
587 * fields as if it were not suspended. In particular, writing to "queue_enable"
588 * with a value of 1 will not make the device start processing buffers.
590 static long vhost_vdpa_suspend(struct vhost_vdpa *v)
592 struct vdpa_device *vdpa = v->vdpa;
593 const struct vdpa_config_ops *ops = vdpa->config;
596 if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK))
602 ret = ops->suspend(vdpa);
609 /* After a successful return of this ioctl the device resumes processing
610 * virtqueue descriptors. The device becomes fully operational the same way it
611 * was before it was suspended.
613 static long vhost_vdpa_resume(struct vhost_vdpa *v)
615 struct vdpa_device *vdpa = v->vdpa;
616 const struct vdpa_config_ops *ops = vdpa->config;
619 if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK))
625 ret = ops->resume(vdpa);
627 v->suspended = false;
632 static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
635 struct vdpa_device *vdpa = v->vdpa;
636 const struct vdpa_config_ops *ops = vdpa->config;
637 struct vdpa_vq_state vq_state;
638 struct vdpa_callback cb;
639 struct vhost_virtqueue *vq;
640 struct vhost_vring_state s;
644 r = get_user(idx, (u32 __user *)argp);
651 idx = array_index_nospec(idx, v->nvqs);
655 case VHOST_VDPA_SET_VRING_ENABLE:
656 if (copy_from_user(&s, argp, sizeof(s)))
658 ops->set_vq_ready(vdpa, idx, s.num);
660 case VHOST_VDPA_GET_VRING_GROUP:
661 if (!ops->get_vq_group)
664 s.num = ops->get_vq_group(vdpa, idx);
665 if (s.num >= vdpa->ngroups)
667 else if (copy_to_user(argp, &s, sizeof(s)))
670 case VHOST_VDPA_GET_VRING_DESC_GROUP:
671 if (!vhost_vdpa_has_desc_group(v))
674 s.num = ops->get_vq_desc_group(vdpa, idx);
675 if (s.num >= vdpa->ngroups)
677 else if (copy_to_user(argp, &s, sizeof(s)))
680 case VHOST_VDPA_SET_GROUP_ASID:
681 if (copy_from_user(&s, argp, sizeof(s)))
683 if (s.num >= vdpa->nas)
685 if (!ops->set_group_asid)
687 return ops->set_group_asid(vdpa, idx, s.num);
688 case VHOST_VDPA_GET_VRING_SIZE:
689 if (!ops->get_vq_size)
692 s.num = ops->get_vq_size(vdpa, idx);
693 if (copy_to_user(argp, &s, sizeof(s)))
696 case VHOST_GET_VRING_BASE:
697 r = ops->get_vq_state(v->vdpa, idx, &vq_state);
701 if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
702 vq->last_avail_idx = vq_state.packed.last_avail_idx |
703 (vq_state.packed.last_avail_counter << 15);
704 vq->last_used_idx = vq_state.packed.last_used_idx |
705 (vq_state.packed.last_used_counter << 15);
707 vq->last_avail_idx = vq_state.split.avail_index;
710 case VHOST_SET_VRING_CALL:
711 if (vq->call_ctx.ctx) {
712 if (ops->get_status(vdpa) &
713 VIRTIO_CONFIG_S_DRIVER_OK)
714 vhost_vdpa_unsetup_vq_irq(v, idx);
715 vq->call_ctx.producer.token = NULL;
720 r = vhost_vring_ioctl(&v->vdev, cmd, argp);
725 case VHOST_SET_VRING_ADDR:
726 if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended)
729 if (ops->set_vq_address(vdpa, idx,
730 (u64)(uintptr_t)vq->desc,
731 (u64)(uintptr_t)vq->avail,
732 (u64)(uintptr_t)vq->used))
736 case VHOST_SET_VRING_BASE:
737 if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended)
740 if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
741 vq_state.packed.last_avail_idx = vq->last_avail_idx & 0x7fff;
742 vq_state.packed.last_avail_counter = !!(vq->last_avail_idx & 0x8000);
743 vq_state.packed.last_used_idx = vq->last_used_idx & 0x7fff;
744 vq_state.packed.last_used_counter = !!(vq->last_used_idx & 0x8000);
746 vq_state.split.avail_index = vq->last_avail_idx;
748 r = ops->set_vq_state(vdpa, idx, &vq_state);
751 case VHOST_SET_VRING_CALL:
752 if (vq->call_ctx.ctx) {
753 cb.callback = vhost_vdpa_virtqueue_cb;
755 cb.trigger = vq->call_ctx.ctx;
756 vq->call_ctx.producer.token = vq->call_ctx.ctx;
757 if (ops->get_status(vdpa) &
758 VIRTIO_CONFIG_S_DRIVER_OK)
759 vhost_vdpa_setup_vq_irq(v, idx);
765 ops->set_vq_cb(vdpa, idx, &cb);
768 case VHOST_SET_VRING_NUM:
769 ops->set_vq_num(vdpa, idx, vq->num);
776 static long vhost_vdpa_unlocked_ioctl(struct file *filep,
777 unsigned int cmd, unsigned long arg)
779 struct vhost_vdpa *v = filep->private_data;
780 struct vhost_dev *d = &v->vdev;
781 void __user *argp = (void __user *)arg;
782 u64 __user *featurep = argp;
786 if (cmd == VHOST_SET_BACKEND_FEATURES) {
787 if (copy_from_user(&features, featurep, sizeof(features)))
789 if (features & ~(VHOST_VDPA_BACKEND_FEATURES |
790 BIT_ULL(VHOST_BACKEND_F_DESC_ASID) |
791 BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST) |
792 BIT_ULL(VHOST_BACKEND_F_SUSPEND) |
793 BIT_ULL(VHOST_BACKEND_F_RESUME) |
794 BIT_ULL(VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK)))
796 if ((features & BIT_ULL(VHOST_BACKEND_F_SUSPEND)) &&
797 !vhost_vdpa_can_suspend(v))
799 if ((features & BIT_ULL(VHOST_BACKEND_F_RESUME)) &&
800 !vhost_vdpa_can_resume(v))
802 if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) &&
803 !(features & BIT_ULL(VHOST_BACKEND_F_IOTLB_ASID)))
805 if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) &&
806 !vhost_vdpa_has_desc_group(v))
808 if ((features & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST)) &&
809 !vhost_vdpa_has_persistent_map(v))
811 vhost_set_backend_features(&v->vdev, features);
815 mutex_lock(&d->mutex);
818 case VHOST_VDPA_GET_DEVICE_ID:
819 r = vhost_vdpa_get_device_id(v, argp);
821 case VHOST_VDPA_GET_STATUS:
822 r = vhost_vdpa_get_status(v, argp);
824 case VHOST_VDPA_SET_STATUS:
825 r = vhost_vdpa_set_status(v, argp);
827 case VHOST_VDPA_GET_CONFIG:
828 r = vhost_vdpa_get_config(v, argp);
830 case VHOST_VDPA_SET_CONFIG:
831 r = vhost_vdpa_set_config(v, argp);
833 case VHOST_GET_FEATURES:
834 r = vhost_vdpa_get_features(v, argp);
836 case VHOST_SET_FEATURES:
837 r = vhost_vdpa_set_features(v, argp);
839 case VHOST_VDPA_GET_VRING_NUM:
840 r = vhost_vdpa_get_vring_num(v, argp);
842 case VHOST_VDPA_GET_GROUP_NUM:
843 if (copy_to_user(argp, &v->vdpa->ngroups,
844 sizeof(v->vdpa->ngroups)))
847 case VHOST_VDPA_GET_AS_NUM:
848 if (copy_to_user(argp, &v->vdpa->nas, sizeof(v->vdpa->nas)))
851 case VHOST_SET_LOG_BASE:
852 case VHOST_SET_LOG_FD:
855 case VHOST_VDPA_SET_CONFIG_CALL:
856 r = vhost_vdpa_set_config_call(v, argp);
858 case VHOST_GET_BACKEND_FEATURES:
859 features = VHOST_VDPA_BACKEND_FEATURES;
860 if (vhost_vdpa_can_suspend(v))
861 features |= BIT_ULL(VHOST_BACKEND_F_SUSPEND);
862 if (vhost_vdpa_can_resume(v))
863 features |= BIT_ULL(VHOST_BACKEND_F_RESUME);
864 if (vhost_vdpa_has_desc_group(v))
865 features |= BIT_ULL(VHOST_BACKEND_F_DESC_ASID);
866 if (vhost_vdpa_has_persistent_map(v))
867 features |= BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST);
868 features |= vhost_vdpa_get_backend_features(v);
869 if (copy_to_user(featurep, &features, sizeof(features)))
872 case VHOST_VDPA_GET_IOVA_RANGE:
873 r = vhost_vdpa_get_iova_range(v, argp);
875 case VHOST_VDPA_GET_CONFIG_SIZE:
876 r = vhost_vdpa_get_config_size(v, argp);
878 case VHOST_VDPA_GET_VQS_COUNT:
879 r = vhost_vdpa_get_vqs_count(v, argp);
881 case VHOST_VDPA_SUSPEND:
882 r = vhost_vdpa_suspend(v);
884 case VHOST_VDPA_RESUME:
885 r = vhost_vdpa_resume(v);
888 r = vhost_dev_ioctl(&v->vdev, cmd, argp);
889 if (r == -ENOIOCTLCMD)
890 r = vhost_vdpa_vring_ioctl(v, cmd, argp);
898 case VHOST_SET_OWNER:
899 r = vhost_vdpa_bind_mm(v);
901 vhost_dev_reset_owner(d, NULL);
905 mutex_unlock(&d->mutex);
908 static void vhost_vdpa_general_unmap(struct vhost_vdpa *v,
909 struct vhost_iotlb_map *map, u32 asid)
911 struct vdpa_device *vdpa = v->vdpa;
912 const struct vdpa_config_ops *ops = vdpa->config;
914 ops->dma_unmap(vdpa, asid, map->start, map->size);
915 } else if (ops->set_map == NULL) {
916 iommu_unmap(v->domain, map->start, map->size);
920 static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
921 u64 start, u64 last, u32 asid)
923 struct vhost_dev *dev = &v->vdev;
924 struct vhost_iotlb_map *map;
926 unsigned long pfn, pinned;
928 while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
929 pinned = PFN_DOWN(map->size);
930 for (pfn = PFN_DOWN(map->addr);
931 pinned > 0; pfn++, pinned--) {
932 page = pfn_to_page(pfn);
933 if (map->perm & VHOST_ACCESS_WO)
934 set_page_dirty_lock(page);
935 unpin_user_page(page);
937 atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm);
938 vhost_vdpa_general_unmap(v, map, asid);
939 vhost_iotlb_map_free(iotlb, map);
943 static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
944 u64 start, u64 last, u32 asid)
946 struct vhost_iotlb_map *map;
947 struct vdpa_map_file *map_file;
949 while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
950 map_file = (struct vdpa_map_file *)map->opaque;
951 fput(map_file->file);
953 vhost_vdpa_general_unmap(v, map, asid);
954 vhost_iotlb_map_free(iotlb, map);
958 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
959 struct vhost_iotlb *iotlb, u64 start,
962 struct vdpa_device *vdpa = v->vdpa;
965 return vhost_vdpa_va_unmap(v, iotlb, start, last, asid);
967 return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid);
970 static int perm_to_iommu_flags(u32 perm)
975 case VHOST_ACCESS_WO:
976 flags |= IOMMU_WRITE;
978 case VHOST_ACCESS_RO:
981 case VHOST_ACCESS_RW:
982 flags |= (IOMMU_WRITE | IOMMU_READ);
985 WARN(1, "invalidate vhost IOTLB permission\n");
989 return flags | IOMMU_CACHE;
992 static int vhost_vdpa_map(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
993 u64 iova, u64 size, u64 pa, u32 perm, void *opaque)
995 struct vhost_dev *dev = &v->vdev;
996 struct vdpa_device *vdpa = v->vdpa;
997 const struct vdpa_config_ops *ops = vdpa->config;
998 u32 asid = iotlb_to_asid(iotlb);
1001 r = vhost_iotlb_add_range_ctx(iotlb, iova, iova + size - 1,
1007 r = ops->dma_map(vdpa, asid, iova, size, pa, perm, opaque);
1008 } else if (ops->set_map) {
1010 r = ops->set_map(vdpa, asid, iotlb);
1012 r = iommu_map(v->domain, iova, pa, size,
1013 perm_to_iommu_flags(perm),
1014 GFP_KERNEL_ACCOUNT);
1017 vhost_iotlb_del_range(iotlb, iova, iova + size - 1);
1022 atomic64_add(PFN_DOWN(size), &dev->mm->pinned_vm);
1027 static void vhost_vdpa_unmap(struct vhost_vdpa *v,
1028 struct vhost_iotlb *iotlb,
1031 struct vdpa_device *vdpa = v->vdpa;
1032 const struct vdpa_config_ops *ops = vdpa->config;
1033 u32 asid = iotlb_to_asid(iotlb);
1035 vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid);
1039 ops->set_map(vdpa, asid, iotlb);
1044 static int vhost_vdpa_va_map(struct vhost_vdpa *v,
1045 struct vhost_iotlb *iotlb,
1046 u64 iova, u64 size, u64 uaddr, u32 perm)
1048 struct vhost_dev *dev = &v->vdev;
1049 u64 offset, map_size, map_iova = iova;
1050 struct vdpa_map_file *map_file;
1051 struct vm_area_struct *vma;
1054 mmap_read_lock(dev->mm);
1057 vma = find_vma(dev->mm, uaddr);
1062 map_size = min(size, vma->vm_end - uaddr);
1063 if (!(vma->vm_file && (vma->vm_flags & VM_SHARED) &&
1064 !(vma->vm_flags & (VM_IO | VM_PFNMAP))))
1067 map_file = kzalloc(sizeof(*map_file), GFP_KERNEL);
1072 offset = (vma->vm_pgoff << PAGE_SHIFT) + uaddr - vma->vm_start;
1073 map_file->offset = offset;
1074 map_file->file = get_file(vma->vm_file);
1075 ret = vhost_vdpa_map(v, iotlb, map_iova, map_size, uaddr,
1078 fput(map_file->file);
1085 map_iova += map_size;
1088 vhost_vdpa_unmap(v, iotlb, iova, map_iova - iova);
1090 mmap_read_unlock(dev->mm);
1095 static int vhost_vdpa_pa_map(struct vhost_vdpa *v,
1096 struct vhost_iotlb *iotlb,
1097 u64 iova, u64 size, u64 uaddr, u32 perm)
1099 struct vhost_dev *dev = &v->vdev;
1100 struct page **page_list;
1101 unsigned long list_size = PAGE_SIZE / sizeof(struct page *);
1102 unsigned int gup_flags = FOLL_LONGTERM;
1103 unsigned long npages, cur_base, map_pfn, last_pfn = 0;
1104 unsigned long lock_limit, sz2pin, nchunks, i;
1109 /* Limit the use of memory for bookkeeping */
1110 page_list = (struct page **) __get_free_page(GFP_KERNEL);
1114 if (perm & VHOST_ACCESS_WO)
1115 gup_flags |= FOLL_WRITE;
1117 npages = PFN_UP(size + (iova & ~PAGE_MASK));
1123 mmap_read_lock(dev->mm);
1125 lock_limit = PFN_DOWN(rlimit(RLIMIT_MEMLOCK));
1126 if (npages + atomic64_read(&dev->mm->pinned_vm) > lock_limit) {
1131 cur_base = uaddr & PAGE_MASK;
1136 sz2pin = min_t(unsigned long, npages, list_size);
1137 pinned = pin_user_pages(cur_base, sz2pin,
1138 gup_flags, page_list);
1139 if (sz2pin != pinned) {
1143 unpin_user_pages(page_list, pinned);
1151 map_pfn = page_to_pfn(page_list[0]);
1153 for (i = 0; i < pinned; i++) {
1154 unsigned long this_pfn = page_to_pfn(page_list[i]);
1157 if (last_pfn && (this_pfn != last_pfn + 1)) {
1158 /* Pin a contiguous chunk of memory */
1159 csize = PFN_PHYS(last_pfn - map_pfn + 1);
1160 ret = vhost_vdpa_map(v, iotlb, iova, csize,
1165 * Unpin the pages that are left unmapped
1166 * from this point on in the current
1167 * page_list. The remaining outstanding
1168 * ones which may stride across several
1169 * chunks will be covered in the common
1170 * error path subsequently.
1172 unpin_user_pages(&page_list[i],
1182 last_pfn = this_pfn;
1185 cur_base += PFN_PHYS(pinned);
1189 /* Pin the rest chunk */
1190 ret = vhost_vdpa_map(v, iotlb, iova, PFN_PHYS(last_pfn - map_pfn + 1),
1191 PFN_PHYS(map_pfn), perm, NULL);
1198 * Unpin the outstanding pages which are yet to be
1199 * mapped but haven't due to vdpa_map() or
1200 * pin_user_pages() failure.
1202 * Mapped pages are accounted in vdpa_map(), hence
1203 * the corresponding unpinning will be handled by
1207 for (pfn = map_pfn; pfn <= last_pfn; pfn++)
1208 unpin_user_page(pfn_to_page(pfn));
1210 vhost_vdpa_unmap(v, iotlb, start, size);
1213 mmap_read_unlock(dev->mm);
1215 free_page((unsigned long)page_list);
1220 static int vhost_vdpa_process_iotlb_update(struct vhost_vdpa *v,
1221 struct vhost_iotlb *iotlb,
1222 struct vhost_iotlb_msg *msg)
1224 struct vdpa_device *vdpa = v->vdpa;
1226 if (msg->iova < v->range.first || !msg->size ||
1227 msg->iova > U64_MAX - msg->size + 1 ||
1228 msg->iova + msg->size - 1 > v->range.last)
1231 if (vhost_iotlb_itree_first(iotlb, msg->iova,
1232 msg->iova + msg->size - 1))
1236 return vhost_vdpa_va_map(v, iotlb, msg->iova, msg->size,
1237 msg->uaddr, msg->perm);
1239 return vhost_vdpa_pa_map(v, iotlb, msg->iova, msg->size, msg->uaddr,
1243 static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, u32 asid,
1244 struct vhost_iotlb_msg *msg)
1246 struct vhost_vdpa *v = container_of(dev, struct vhost_vdpa, vdev);
1247 struct vdpa_device *vdpa = v->vdpa;
1248 const struct vdpa_config_ops *ops = vdpa->config;
1249 struct vhost_iotlb *iotlb = NULL;
1250 struct vhost_vdpa_as *as = NULL;
1253 mutex_lock(&dev->mutex);
1255 r = vhost_dev_check_owner(dev);
1259 if (msg->type == VHOST_IOTLB_UPDATE ||
1260 msg->type == VHOST_IOTLB_BATCH_BEGIN) {
1261 as = vhost_vdpa_find_alloc_as(v, asid);
1263 dev_err(&v->dev, "can't find and alloc asid %d\n",
1270 iotlb = asid_to_iotlb(v, asid);
1272 if ((v->in_batch && v->batch_asid != asid) || !iotlb) {
1273 if (v->in_batch && v->batch_asid != asid) {
1274 dev_info(&v->dev, "batch id %d asid %d\n",
1275 v->batch_asid, asid);
1278 dev_err(&v->dev, "no iotlb for asid %d\n", asid);
1283 switch (msg->type) {
1284 case VHOST_IOTLB_UPDATE:
1285 r = vhost_vdpa_process_iotlb_update(v, iotlb, msg);
1287 case VHOST_IOTLB_INVALIDATE:
1288 vhost_vdpa_unmap(v, iotlb, msg->iova, msg->size);
1290 case VHOST_IOTLB_BATCH_BEGIN:
1291 v->batch_asid = asid;
1294 case VHOST_IOTLB_BATCH_END:
1295 if (v->in_batch && ops->set_map)
1296 ops->set_map(vdpa, asid, iotlb);
1297 v->in_batch = false;
1304 mutex_unlock(&dev->mutex);
1309 static ssize_t vhost_vdpa_chr_write_iter(struct kiocb *iocb,
1310 struct iov_iter *from)
1312 struct file *file = iocb->ki_filp;
1313 struct vhost_vdpa *v = file->private_data;
1314 struct vhost_dev *dev = &v->vdev;
1316 return vhost_chr_write_iter(dev, from);
1319 static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
1321 struct vdpa_device *vdpa = v->vdpa;
1322 const struct vdpa_config_ops *ops = vdpa->config;
1323 struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1326 /* Device want to do DMA by itself */
1327 if (ops->set_map || ops->dma_map)
1330 if (!device_iommu_capable(dma_dev, IOMMU_CAP_CACHE_COHERENCY)) {
1331 dev_warn_once(&v->dev,
1332 "Failed to allocate domain, device is not IOMMU cache coherent capable\n");
1336 v->domain = iommu_paging_domain_alloc(dma_dev);
1337 if (IS_ERR(v->domain)) {
1338 ret = PTR_ERR(v->domain);
1343 ret = iommu_attach_device(v->domain, dma_dev);
1350 iommu_domain_free(v->domain);
1355 static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
1357 struct vdpa_device *vdpa = v->vdpa;
1358 struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1361 iommu_detach_device(v->domain, dma_dev);
1362 iommu_domain_free(v->domain);
1368 static void vhost_vdpa_set_iova_range(struct vhost_vdpa *v)
1370 struct vdpa_iova_range *range = &v->range;
1371 struct vdpa_device *vdpa = v->vdpa;
1372 const struct vdpa_config_ops *ops = vdpa->config;
1374 if (ops->get_iova_range) {
1375 *range = ops->get_iova_range(vdpa);
1376 } else if (v->domain && v->domain->geometry.force_aperture) {
1377 range->first = v->domain->geometry.aperture_start;
1378 range->last = v->domain->geometry.aperture_end;
1381 range->last = ULLONG_MAX;
1385 static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
1387 struct vhost_vdpa_as *as;
1390 for (asid = 0; asid < v->vdpa->nas; asid++) {
1391 as = asid_to_as(v, asid);
1393 vhost_vdpa_remove_as(v, asid);
1396 vhost_vdpa_free_domain(v);
1397 vhost_dev_cleanup(&v->vdev);
1402 static int vhost_vdpa_open(struct inode *inode, struct file *filep)
1404 struct vhost_vdpa *v;
1405 struct vhost_dev *dev;
1406 struct vhost_virtqueue **vqs;
1410 v = container_of(inode->i_cdev, struct vhost_vdpa, cdev);
1412 opened = atomic_cmpxchg(&v->opened, 0, 1);
1417 r = vhost_vdpa_reset(v);
1421 vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
1428 for (i = 0; i < nvqs; i++) {
1429 vqs[i] = &v->vqs[i];
1430 vqs[i]->handle_kick = handle_vq_kick;
1431 vqs[i]->call_ctx.ctx = NULL;
1433 vhost_dev_init(dev, vqs, nvqs, 0, 0, 0, false,
1434 vhost_vdpa_process_iotlb_msg);
1436 r = vhost_vdpa_alloc_domain(v);
1438 goto err_alloc_domain;
1440 vhost_vdpa_set_iova_range(v);
1442 filep->private_data = v;
1447 vhost_vdpa_cleanup(v);
1449 atomic_dec(&v->opened);
1453 static void vhost_vdpa_clean_irq(struct vhost_vdpa *v)
1457 for (i = 0; i < v->nvqs; i++)
1458 vhost_vdpa_unsetup_vq_irq(v, i);
1461 static int vhost_vdpa_release(struct inode *inode, struct file *filep)
1463 struct vhost_vdpa *v = filep->private_data;
1464 struct vhost_dev *d = &v->vdev;
1466 mutex_lock(&d->mutex);
1467 filep->private_data = NULL;
1468 vhost_vdpa_clean_irq(v);
1469 vhost_vdpa_reset(v);
1470 vhost_dev_stop(&v->vdev);
1471 vhost_vdpa_unbind_mm(v);
1472 vhost_vdpa_config_put(v);
1473 vhost_vdpa_cleanup(v);
1474 mutex_unlock(&d->mutex);
1476 atomic_dec(&v->opened);
1477 complete(&v->completion);
1483 static vm_fault_t vhost_vdpa_fault(struct vm_fault *vmf)
1485 struct vhost_vdpa *v = vmf->vma->vm_file->private_data;
1486 struct vdpa_device *vdpa = v->vdpa;
1487 const struct vdpa_config_ops *ops = vdpa->config;
1488 struct vdpa_notification_area notify;
1489 struct vm_area_struct *vma = vmf->vma;
1490 u16 index = vma->vm_pgoff;
1492 notify = ops->get_vq_notification(vdpa, index);
1494 return vmf_insert_pfn(vma, vmf->address & PAGE_MASK, PFN_DOWN(notify.addr));
1497 static const struct vm_operations_struct vhost_vdpa_vm_ops = {
1498 .fault = vhost_vdpa_fault,
1501 static int vhost_vdpa_mmap(struct file *file, struct vm_area_struct *vma)
1503 struct vhost_vdpa *v = vma->vm_file->private_data;
1504 struct vdpa_device *vdpa = v->vdpa;
1505 const struct vdpa_config_ops *ops = vdpa->config;
1506 struct vdpa_notification_area notify;
1507 unsigned long index = vma->vm_pgoff;
1509 if (vma->vm_end - vma->vm_start != PAGE_SIZE)
1511 if ((vma->vm_flags & VM_SHARED) == 0)
1513 if (vma->vm_flags & VM_READ)
1517 if (!ops->get_vq_notification)
1520 /* To be safe and easily modelled by userspace, We only
1521 * support the doorbell which sits on the page boundary and
1522 * does not share the page with other registers.
1524 notify = ops->get_vq_notification(vdpa, index);
1525 if (notify.addr & (PAGE_SIZE - 1))
1527 if (vma->vm_end - vma->vm_start != notify.size)
1530 vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
1531 vma->vm_ops = &vhost_vdpa_vm_ops;
1534 #endif /* CONFIG_MMU */
1536 static const struct file_operations vhost_vdpa_fops = {
1537 .owner = THIS_MODULE,
1538 .open = vhost_vdpa_open,
1539 .release = vhost_vdpa_release,
1540 .write_iter = vhost_vdpa_chr_write_iter,
1541 .unlocked_ioctl = vhost_vdpa_unlocked_ioctl,
1543 .mmap = vhost_vdpa_mmap,
1544 #endif /* CONFIG_MMU */
1545 .compat_ioctl = compat_ptr_ioctl,
1548 static void vhost_vdpa_release_dev(struct device *device)
1550 struct vhost_vdpa *v =
1551 container_of(device, struct vhost_vdpa, dev);
1553 ida_free(&vhost_vdpa_ida, v->minor);
1558 static int vhost_vdpa_probe(struct vdpa_device *vdpa)
1560 const struct vdpa_config_ops *ops = vdpa->config;
1561 struct vhost_vdpa *v;
1565 /* We can't support platform IOMMU device with more than 1
1568 if (!ops->set_map && !ops->dma_map &&
1569 (vdpa->ngroups > 1 || vdpa->nas > 1))
1572 v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1576 minor = ida_alloc_max(&vhost_vdpa_ida, VHOST_VDPA_DEV_MAX - 1,
1583 atomic_set(&v->opened, 0);
1586 v->nvqs = vdpa->nvqs;
1587 v->virtio_id = ops->get_device_id(vdpa);
1589 device_initialize(&v->dev);
1590 v->dev.release = vhost_vdpa_release_dev;
1591 v->dev.parent = &vdpa->dev;
1592 v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor);
1593 v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue),
1600 r = dev_set_name(&v->dev, "vhost-vdpa-%u", minor);
1604 cdev_init(&v->cdev, &vhost_vdpa_fops);
1605 v->cdev.owner = THIS_MODULE;
1607 r = cdev_device_add(&v->cdev, &v->dev);
1611 init_completion(&v->completion);
1612 vdpa_set_drvdata(vdpa, v);
1614 for (i = 0; i < VHOST_VDPA_IOTLB_BUCKETS; i++)
1615 INIT_HLIST_HEAD(&v->as[i]);
1620 put_device(&v->dev);
1624 static void vhost_vdpa_remove(struct vdpa_device *vdpa)
1626 struct vhost_vdpa *v = vdpa_get_drvdata(vdpa);
1629 cdev_device_del(&v->cdev, &v->dev);
1632 opened = atomic_cmpxchg(&v->opened, 0, 1);
1635 wait_for_completion(&v->completion);
1638 put_device(&v->dev);
1641 static struct vdpa_driver vhost_vdpa_driver = {
1643 .name = "vhost_vdpa",
1645 .probe = vhost_vdpa_probe,
1646 .remove = vhost_vdpa_remove,
1649 static int __init vhost_vdpa_init(void)
1653 r = alloc_chrdev_region(&vhost_vdpa_major, 0, VHOST_VDPA_DEV_MAX,
1656 goto err_alloc_chrdev;
1658 r = vdpa_register_driver(&vhost_vdpa_driver);
1660 goto err_vdpa_register_driver;
1664 err_vdpa_register_driver:
1665 unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1669 module_init(vhost_vdpa_init);
1671 static void __exit vhost_vdpa_exit(void)
1673 vdpa_unregister_driver(&vhost_vdpa_driver);
1674 unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1676 module_exit(vhost_vdpa_exit);
1678 MODULE_VERSION("0.0.1");
1679 MODULE_LICENSE("GPL v2");
1680 MODULE_AUTHOR("Intel Corporation");
1681 MODULE_DESCRIPTION("vDPA-based vhost backend for virtio");