1 // SPDX-License-Identifier: GPL-2.0-only
3 * VFIO: IOMMU DMA mapping support for Type1 IOMMU
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
6 * Author: Alex Williamson <alex.williamson@redhat.com>
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
10 * Author: Tom Lyon, pugs@cisco.com
12 * We arbitrarily define a Type1 IOMMU as one matching the below code.
13 * It could be called the x86 IOMMU as it's designed for AMD-Vi & Intel
14 * VT-d, but that makes it harder to re-use as theoretically anyone
15 * implementing a similar IOMMU could make use of this. We expect the
16 * IOMMU to support the IOMMU API and have few to no restrictions around
17 * the IOVA range that can be mapped. The Type1 IOMMU is currently
18 * optimized for relatively static mappings of a userspace process with
19 * userpsace pages pinned into memory. We also assume devices and IOMMU
20 * domains are PCI based as the IOMMU API is still centered around a
21 * device/bus interface rather than a group interface.
24 #include <linux/compat.h>
25 #include <linux/device.h>
27 #include <linux/iommu.h>
28 #include <linux/module.h>
30 #include <linux/mmu_context.h>
31 #include <linux/rbtree.h>
32 #include <linux/sched/signal.h>
33 #include <linux/sched/mm.h>
34 #include <linux/slab.h>
35 #include <linux/uaccess.h>
36 #include <linux/vfio.h>
37 #include <linux/workqueue.h>
38 #include <linux/mdev.h>
39 #include <linux/notifier.h>
40 #include <linux/dma-iommu.h>
41 #include <linux/irqdomain.h>
43 #define DRIVER_VERSION "0.2"
44 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
45 #define DRIVER_DESC "Type1 IOMMU driver for VFIO"
47 static bool allow_unsafe_interrupts;
48 module_param_named(allow_unsafe_interrupts,
49 allow_unsafe_interrupts, bool, S_IRUGO | S_IWUSR);
50 MODULE_PARM_DESC(allow_unsafe_interrupts,
51 "Enable VFIO IOMMU support for on platforms without interrupt remapping support.");
53 static bool disable_hugepages;
54 module_param_named(disable_hugepages,
55 disable_hugepages, bool, S_IRUGO | S_IWUSR);
56 MODULE_PARM_DESC(disable_hugepages,
57 "Disable VFIO IOMMU support for IOMMU hugepages.");
59 static unsigned int dma_entry_limit __read_mostly = U16_MAX;
60 module_param_named(dma_entry_limit, dma_entry_limit, uint, 0644);
61 MODULE_PARM_DESC(dma_entry_limit,
62 "Maximum number of user DMA mappings per container (65535).");
65 struct list_head domain_list;
66 struct list_head iova_list;
67 struct vfio_domain *external_domain; /* domain for external user */
69 struct rb_root dma_list;
70 struct blocking_notifier_head notifier;
71 unsigned int dma_avail;
72 uint64_t pgsize_bitmap;
75 bool dirty_page_tracking;
76 bool pinned_page_dirty_scope;
80 struct iommu_domain *domain;
81 struct list_head next;
82 struct list_head group_list;
83 int prot; /* IOMMU_CACHE */
84 bool fgsp; /* Fine-grained super pages */
89 dma_addr_t iova; /* Device address */
90 unsigned long vaddr; /* Process virtual addr */
91 size_t size; /* Map size (bytes) */
92 int prot; /* IOMMU_READ/WRITE */
94 bool lock_cap; /* capable(CAP_IPC_LOCK) */
95 struct task_struct *task;
96 struct rb_root pfn_list; /* Ex-user pinned pfn list */
97 unsigned long *bitmap;
101 struct iommu_group *iommu_group;
102 struct list_head next;
103 bool mdev_group; /* An mdev group */
104 bool pinned_page_dirty_scope;
108 struct list_head list;
114 * Guest RAM pinning working set or DMA target
118 dma_addr_t iova; /* Device address */
119 unsigned long pfn; /* Host pfn */
120 unsigned int ref_count;
123 struct vfio_regions {
124 struct list_head list;
130 #define IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu) \
131 (!list_empty(&iommu->domain_list))
133 #define DIRTY_BITMAP_BYTES(n) (ALIGN(n, BITS_PER_TYPE(u64)) / BITS_PER_BYTE)
136 * Input argument of number of bits to bitmap_set() is unsigned integer, which
137 * further casts to signed integer for unaligned multi-bit operation,
139 * Then maximum bitmap size supported is 2^31 bits divided by 2^3 bits/byte,
140 * that is 2^28 (256 MB) which maps to 2^31 * 2^12 = 2^43 (8TB) on 4K page
143 #define DIRTY_BITMAP_PAGES_MAX ((u64)INT_MAX)
144 #define DIRTY_BITMAP_SIZE_MAX DIRTY_BITMAP_BYTES(DIRTY_BITMAP_PAGES_MAX)
146 static int put_pfn(unsigned long pfn, int prot);
148 static struct vfio_group *vfio_iommu_find_iommu_group(struct vfio_iommu *iommu,
149 struct iommu_group *iommu_group);
151 static void update_pinned_page_dirty_scope(struct vfio_iommu *iommu);
153 * This code handles mapping and unmapping of user data buffers
154 * into DMA'ble space using the IOMMU
157 static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
158 dma_addr_t start, size_t size)
160 struct rb_node *node = iommu->dma_list.rb_node;
163 struct vfio_dma *dma = rb_entry(node, struct vfio_dma, node);
165 if (start + size <= dma->iova)
166 node = node->rb_left;
167 else if (start >= dma->iova + dma->size)
168 node = node->rb_right;
176 static void vfio_link_dma(struct vfio_iommu *iommu, struct vfio_dma *new)
178 struct rb_node **link = &iommu->dma_list.rb_node, *parent = NULL;
179 struct vfio_dma *dma;
183 dma = rb_entry(parent, struct vfio_dma, node);
185 if (new->iova + new->size <= dma->iova)
186 link = &(*link)->rb_left;
188 link = &(*link)->rb_right;
191 rb_link_node(&new->node, parent, link);
192 rb_insert_color(&new->node, &iommu->dma_list);
195 static void vfio_unlink_dma(struct vfio_iommu *iommu, struct vfio_dma *old)
197 rb_erase(&old->node, &iommu->dma_list);
201 static int vfio_dma_bitmap_alloc(struct vfio_dma *dma, size_t pgsize)
203 uint64_t npages = dma->size / pgsize;
205 if (npages > DIRTY_BITMAP_PAGES_MAX)
209 * Allocate extra 64 bits that are used to calculate shift required for
210 * bitmap_shift_left() to manipulate and club unaligned number of pages
211 * in adjacent vfio_dma ranges.
213 dma->bitmap = kvzalloc(DIRTY_BITMAP_BYTES(npages) + sizeof(u64),
221 static void vfio_dma_bitmap_free(struct vfio_dma *dma)
227 static void vfio_dma_populate_bitmap(struct vfio_dma *dma, size_t pgsize)
230 unsigned long pgshift = __ffs(pgsize);
232 for (p = rb_first(&dma->pfn_list); p; p = rb_next(p)) {
233 struct vfio_pfn *vpfn = rb_entry(p, struct vfio_pfn, node);
235 bitmap_set(dma->bitmap, (vpfn->iova - dma->iova) >> pgshift, 1);
239 static int vfio_dma_bitmap_alloc_all(struct vfio_iommu *iommu, size_t pgsize)
243 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
244 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
247 ret = vfio_dma_bitmap_alloc(dma, pgsize);
251 for (p = rb_prev(n); p; p = rb_prev(p)) {
252 struct vfio_dma *dma = rb_entry(n,
253 struct vfio_dma, node);
255 vfio_dma_bitmap_free(dma);
259 vfio_dma_populate_bitmap(dma, pgsize);
264 static void vfio_dma_bitmap_free_all(struct vfio_iommu *iommu)
268 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
269 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
271 vfio_dma_bitmap_free(dma);
276 * Helper Functions for host iova-pfn list
278 static struct vfio_pfn *vfio_find_vpfn(struct vfio_dma *dma, dma_addr_t iova)
280 struct vfio_pfn *vpfn;
281 struct rb_node *node = dma->pfn_list.rb_node;
284 vpfn = rb_entry(node, struct vfio_pfn, node);
286 if (iova < vpfn->iova)
287 node = node->rb_left;
288 else if (iova > vpfn->iova)
289 node = node->rb_right;
296 static void vfio_link_pfn(struct vfio_dma *dma,
297 struct vfio_pfn *new)
299 struct rb_node **link, *parent = NULL;
300 struct vfio_pfn *vpfn;
302 link = &dma->pfn_list.rb_node;
305 vpfn = rb_entry(parent, struct vfio_pfn, node);
307 if (new->iova < vpfn->iova)
308 link = &(*link)->rb_left;
310 link = &(*link)->rb_right;
313 rb_link_node(&new->node, parent, link);
314 rb_insert_color(&new->node, &dma->pfn_list);
317 static void vfio_unlink_pfn(struct vfio_dma *dma, struct vfio_pfn *old)
319 rb_erase(&old->node, &dma->pfn_list);
322 static int vfio_add_to_pfn_list(struct vfio_dma *dma, dma_addr_t iova,
325 struct vfio_pfn *vpfn;
327 vpfn = kzalloc(sizeof(*vpfn), GFP_KERNEL);
334 vfio_link_pfn(dma, vpfn);
338 static void vfio_remove_from_pfn_list(struct vfio_dma *dma,
339 struct vfio_pfn *vpfn)
341 vfio_unlink_pfn(dma, vpfn);
345 static struct vfio_pfn *vfio_iova_get_vfio_pfn(struct vfio_dma *dma,
348 struct vfio_pfn *vpfn = vfio_find_vpfn(dma, iova);
355 static int vfio_iova_put_vfio_pfn(struct vfio_dma *dma, struct vfio_pfn *vpfn)
360 if (!vpfn->ref_count) {
361 ret = put_pfn(vpfn->pfn, dma->prot);
362 vfio_remove_from_pfn_list(dma, vpfn);
367 static int vfio_lock_acct(struct vfio_dma *dma, long npage, bool async)
369 struct mm_struct *mm;
375 mm = async ? get_task_mm(dma->task) : dma->task->mm;
377 return -ESRCH; /* process exited */
379 ret = mmap_write_lock_killable(mm);
381 ret = __account_locked_vm(mm, abs(npage), npage > 0, dma->task,
383 mmap_write_unlock(mm);
393 * Some mappings aren't backed by a struct page, for example an mmap'd
394 * MMIO range for our own or another device. These use a different
395 * pfn conversion and shouldn't be tracked as locked pages.
396 * For compound pages, any driver that sets the reserved bit in head
397 * page needs to set the reserved bit in all subpages to be safe.
399 static bool is_invalid_reserved_pfn(unsigned long pfn)
402 return PageReserved(pfn_to_page(pfn));
407 static int put_pfn(unsigned long pfn, int prot)
409 if (!is_invalid_reserved_pfn(pfn)) {
410 struct page *page = pfn_to_page(pfn);
412 unpin_user_pages_dirty_lock(&page, 1, prot & IOMMU_WRITE);
418 static int follow_fault_pfn(struct vm_area_struct *vma, struct mm_struct *mm,
419 unsigned long vaddr, unsigned long *pfn,
424 ret = follow_pfn(vma, vaddr, pfn);
426 bool unlocked = false;
428 ret = fixup_user_fault(NULL, mm, vaddr,
430 (write_fault ? FAULT_FLAG_WRITE : 0),
438 ret = follow_pfn(vma, vaddr, pfn);
444 static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
445 int prot, unsigned long *pfn)
447 struct page *page[1];
448 struct vm_area_struct *vma;
449 unsigned int flags = 0;
452 if (prot & IOMMU_WRITE)
456 ret = pin_user_pages_remote(NULL, mm, vaddr, 1, flags | FOLL_LONGTERM,
459 *pfn = page_to_pfn(page[0]);
464 vaddr = untagged_addr(vaddr);
467 vma = find_vma_intersection(mm, vaddr, vaddr + 1);
469 if (vma && vma->vm_flags & VM_PFNMAP) {
470 ret = follow_fault_pfn(vma, mm, vaddr, pfn, prot & IOMMU_WRITE);
474 if (!ret && !is_invalid_reserved_pfn(*pfn))
478 mmap_read_unlock(mm);
483 * Attempt to pin pages. We really don't want to track all the pfns and
484 * the iommu can only map chunks of consecutive pfns anyway, so get the
485 * first page and all consecutive pages with the same locking.
487 static long vfio_pin_pages_remote(struct vfio_dma *dma, unsigned long vaddr,
488 long npage, unsigned long *pfn_base,
491 unsigned long pfn = 0;
492 long ret, pinned = 0, lock_acct = 0;
494 dma_addr_t iova = vaddr - dma->vaddr + dma->iova;
496 /* This code path is only user initiated */
500 ret = vaddr_get_pfn(current->mm, vaddr, dma->prot, pfn_base);
505 rsvd = is_invalid_reserved_pfn(*pfn_base);
508 * Reserved pages aren't counted against the user, externally pinned
509 * pages are already counted against the user.
511 if (!rsvd && !vfio_find_vpfn(dma, iova)) {
512 if (!dma->lock_cap && current->mm->locked_vm + 1 > limit) {
513 put_pfn(*pfn_base, dma->prot);
514 pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n", __func__,
515 limit << PAGE_SHIFT);
521 if (unlikely(disable_hugepages))
524 /* Lock all the consecutive pages from pfn_base */
525 for (vaddr += PAGE_SIZE, iova += PAGE_SIZE; pinned < npage;
526 pinned++, vaddr += PAGE_SIZE, iova += PAGE_SIZE) {
527 ret = vaddr_get_pfn(current->mm, vaddr, dma->prot, &pfn);
531 if (pfn != *pfn_base + pinned ||
532 rsvd != is_invalid_reserved_pfn(pfn)) {
533 put_pfn(pfn, dma->prot);
537 if (!rsvd && !vfio_find_vpfn(dma, iova)) {
538 if (!dma->lock_cap &&
539 current->mm->locked_vm + lock_acct + 1 > limit) {
540 put_pfn(pfn, dma->prot);
541 pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n",
542 __func__, limit << PAGE_SHIFT);
551 ret = vfio_lock_acct(dma, lock_acct, false);
556 for (pfn = *pfn_base ; pinned ; pfn++, pinned--)
557 put_pfn(pfn, dma->prot);
566 static long vfio_unpin_pages_remote(struct vfio_dma *dma, dma_addr_t iova,
567 unsigned long pfn, long npage,
570 long unlocked = 0, locked = 0;
573 for (i = 0; i < npage; i++, iova += PAGE_SIZE) {
574 if (put_pfn(pfn++, dma->prot)) {
576 if (vfio_find_vpfn(dma, iova))
582 vfio_lock_acct(dma, locked - unlocked, true);
587 static int vfio_pin_page_external(struct vfio_dma *dma, unsigned long vaddr,
588 unsigned long *pfn_base, bool do_accounting)
590 struct mm_struct *mm;
593 mm = get_task_mm(dma->task);
597 ret = vaddr_get_pfn(mm, vaddr, dma->prot, pfn_base);
598 if (!ret && do_accounting && !is_invalid_reserved_pfn(*pfn_base)) {
599 ret = vfio_lock_acct(dma, 1, true);
601 put_pfn(*pfn_base, dma->prot);
603 pr_warn("%s: Task %s (%d) RLIMIT_MEMLOCK "
604 "(%ld) exceeded\n", __func__,
605 dma->task->comm, task_pid_nr(dma->task),
606 task_rlimit(dma->task, RLIMIT_MEMLOCK));
614 static int vfio_unpin_page_external(struct vfio_dma *dma, dma_addr_t iova,
618 struct vfio_pfn *vpfn = vfio_find_vpfn(dma, iova);
623 unlocked = vfio_iova_put_vfio_pfn(dma, vpfn);
626 vfio_lock_acct(dma, -unlocked, true);
631 static int vfio_iommu_type1_pin_pages(void *iommu_data,
632 struct iommu_group *iommu_group,
633 unsigned long *user_pfn,
635 unsigned long *phys_pfn)
637 struct vfio_iommu *iommu = iommu_data;
638 struct vfio_group *group;
640 unsigned long remote_vaddr;
641 struct vfio_dma *dma;
644 if (!iommu || !user_pfn || !phys_pfn)
647 /* Supported for v2 version only */
651 mutex_lock(&iommu->lock);
653 /* Fail if notifier list is empty */
654 if (!iommu->notifier.head) {
660 * If iommu capable domain exist in the container then all pages are
661 * already pinned and accounted. Accouting should be done if there is no
662 * iommu capable domain in the container.
664 do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu);
666 for (i = 0; i < npage; i++) {
668 struct vfio_pfn *vpfn;
670 iova = user_pfn[i] << PAGE_SHIFT;
671 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
677 if ((dma->prot & prot) != prot) {
682 vpfn = vfio_iova_get_vfio_pfn(dma, iova);
684 phys_pfn[i] = vpfn->pfn;
688 remote_vaddr = dma->vaddr + (iova - dma->iova);
689 ret = vfio_pin_page_external(dma, remote_vaddr, &phys_pfn[i],
694 ret = vfio_add_to_pfn_list(dma, iova, phys_pfn[i]);
696 vfio_unpin_page_external(dma, iova, do_accounting);
700 if (iommu->dirty_page_tracking) {
701 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
704 * Bitmap populated with the smallest supported page
707 bitmap_set(dma->bitmap,
708 (iova - dma->iova) >> pgshift, 1);
713 group = vfio_iommu_find_iommu_group(iommu, iommu_group);
714 if (!group->pinned_page_dirty_scope) {
715 group->pinned_page_dirty_scope = true;
716 update_pinned_page_dirty_scope(iommu);
723 for (j = 0; j < i; j++) {
726 iova = user_pfn[j] << PAGE_SHIFT;
727 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
728 vfio_unpin_page_external(dma, iova, do_accounting);
732 mutex_unlock(&iommu->lock);
736 static int vfio_iommu_type1_unpin_pages(void *iommu_data,
737 unsigned long *user_pfn,
740 struct vfio_iommu *iommu = iommu_data;
744 if (!iommu || !user_pfn)
747 /* Supported for v2 version only */
751 mutex_lock(&iommu->lock);
753 do_accounting = !IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu);
754 for (i = 0; i < npage; i++) {
755 struct vfio_dma *dma;
758 iova = user_pfn[i] << PAGE_SHIFT;
759 dma = vfio_find_dma(iommu, iova, PAGE_SIZE);
762 vfio_unpin_page_external(dma, iova, do_accounting);
766 mutex_unlock(&iommu->lock);
767 return i > npage ? npage : (i > 0 ? i : -EINVAL);
770 static long vfio_sync_unpin(struct vfio_dma *dma, struct vfio_domain *domain,
771 struct list_head *regions,
772 struct iommu_iotlb_gather *iotlb_gather)
775 struct vfio_regions *entry, *next;
777 iommu_tlb_sync(domain->domain, iotlb_gather);
779 list_for_each_entry_safe(entry, next, regions, list) {
780 unlocked += vfio_unpin_pages_remote(dma,
782 entry->phys >> PAGE_SHIFT,
783 entry->len >> PAGE_SHIFT,
785 list_del(&entry->list);
795 * Generally, VFIO needs to unpin remote pages after each IOTLB flush.
796 * Therefore, when using IOTLB flush sync interface, VFIO need to keep track
797 * of these regions (currently using a list).
799 * This value specifies maximum number of regions for each IOTLB flush sync.
801 #define VFIO_IOMMU_TLB_SYNC_MAX 512
803 static size_t unmap_unpin_fast(struct vfio_domain *domain,
804 struct vfio_dma *dma, dma_addr_t *iova,
805 size_t len, phys_addr_t phys, long *unlocked,
806 struct list_head *unmapped_list,
808 struct iommu_iotlb_gather *iotlb_gather)
811 struct vfio_regions *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
814 unmapped = iommu_unmap_fast(domain->domain, *iova, len,
822 entry->len = unmapped;
823 list_add_tail(&entry->list, unmapped_list);
831 * Sync if the number of fast-unmap regions hits the limit
832 * or in case of errors.
834 if (*unmapped_cnt >= VFIO_IOMMU_TLB_SYNC_MAX || !unmapped) {
835 *unlocked += vfio_sync_unpin(dma, domain, unmapped_list,
843 static size_t unmap_unpin_slow(struct vfio_domain *domain,
844 struct vfio_dma *dma, dma_addr_t *iova,
845 size_t len, phys_addr_t phys,
848 size_t unmapped = iommu_unmap(domain->domain, *iova, len);
851 *unlocked += vfio_unpin_pages_remote(dma, *iova,
853 unmapped >> PAGE_SHIFT,
861 static long vfio_unmap_unpin(struct vfio_iommu *iommu, struct vfio_dma *dma,
864 dma_addr_t iova = dma->iova, end = dma->iova + dma->size;
865 struct vfio_domain *domain, *d;
866 LIST_HEAD(unmapped_region_list);
867 struct iommu_iotlb_gather iotlb_gather;
868 int unmapped_region_cnt = 0;
874 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
878 * We use the IOMMU to track the physical addresses, otherwise we'd
879 * need a much more complicated tracking system. Unfortunately that
880 * means we need to use one of the iommu domains to figure out the
881 * pfns to unpin. The rest need to be unmapped in advance so we have
882 * no iommu translations remaining when the pages are unpinned.
884 domain = d = list_first_entry(&iommu->domain_list,
885 struct vfio_domain, next);
887 list_for_each_entry_continue(d, &iommu->domain_list, next) {
888 iommu_unmap(d->domain, dma->iova, dma->size);
892 iommu_iotlb_gather_init(&iotlb_gather);
894 size_t unmapped, len;
895 phys_addr_t phys, next;
897 phys = iommu_iova_to_phys(domain->domain, iova);
898 if (WARN_ON(!phys)) {
904 * To optimize for fewer iommu_unmap() calls, each of which
905 * may require hardware cache flushing, try to find the
906 * largest contiguous physical memory chunk to unmap.
908 for (len = PAGE_SIZE;
909 !domain->fgsp && iova + len < end; len += PAGE_SIZE) {
910 next = iommu_iova_to_phys(domain->domain, iova + len);
911 if (next != phys + len)
916 * First, try to use fast unmap/unpin. In case of failure,
917 * switch to slow unmap/unpin path.
919 unmapped = unmap_unpin_fast(domain, dma, &iova, len, phys,
920 &unlocked, &unmapped_region_list,
921 &unmapped_region_cnt,
924 unmapped = unmap_unpin_slow(domain, dma, &iova, len,
926 if (WARN_ON(!unmapped))
931 dma->iommu_mapped = false;
933 if (unmapped_region_cnt) {
934 unlocked += vfio_sync_unpin(dma, domain, &unmapped_region_list,
939 vfio_lock_acct(dma, -unlocked, true);
945 static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *dma)
947 vfio_unmap_unpin(iommu, dma, true);
948 vfio_unlink_dma(iommu, dma);
949 put_task_struct(dma->task);
950 vfio_dma_bitmap_free(dma);
955 static void vfio_update_pgsize_bitmap(struct vfio_iommu *iommu)
957 struct vfio_domain *domain;
959 iommu->pgsize_bitmap = ULONG_MAX;
961 list_for_each_entry(domain, &iommu->domain_list, next)
962 iommu->pgsize_bitmap &= domain->domain->pgsize_bitmap;
965 * In case the IOMMU supports page sizes smaller than PAGE_SIZE
966 * we pretend PAGE_SIZE is supported and hide sub-PAGE_SIZE sizes.
967 * That way the user will be able to map/unmap buffers whose size/
968 * start address is aligned with PAGE_SIZE. Pinning code uses that
969 * granularity while iommu driver can use the sub-PAGE_SIZE size
972 if (iommu->pgsize_bitmap & ~PAGE_MASK) {
973 iommu->pgsize_bitmap &= PAGE_MASK;
974 iommu->pgsize_bitmap |= PAGE_SIZE;
978 static int update_user_bitmap(u64 __user *bitmap, struct vfio_iommu *iommu,
979 struct vfio_dma *dma, dma_addr_t base_iova,
982 unsigned long pgshift = __ffs(pgsize);
983 unsigned long nbits = dma->size >> pgshift;
984 unsigned long bit_offset = (dma->iova - base_iova) >> pgshift;
985 unsigned long copy_offset = bit_offset / BITS_PER_LONG;
986 unsigned long shift = bit_offset % BITS_PER_LONG;
987 unsigned long leftover;
990 * mark all pages dirty if any IOMMU capable device is not able
991 * to report dirty pages and all pages are pinned and mapped.
993 if (!iommu->pinned_page_dirty_scope && dma->iommu_mapped)
994 bitmap_set(dma->bitmap, 0, nbits);
997 bitmap_shift_left(dma->bitmap, dma->bitmap, shift,
1000 if (copy_from_user(&leftover,
1001 (void __user *)(bitmap + copy_offset),
1005 bitmap_or(dma->bitmap, dma->bitmap, &leftover, shift);
1008 if (copy_to_user((void __user *)(bitmap + copy_offset), dma->bitmap,
1009 DIRTY_BITMAP_BYTES(nbits + shift)))
1015 static int vfio_iova_dirty_bitmap(u64 __user *bitmap, struct vfio_iommu *iommu,
1016 dma_addr_t iova, size_t size, size_t pgsize)
1018 struct vfio_dma *dma;
1020 unsigned long pgshift = __ffs(pgsize);
1024 * GET_BITMAP request must fully cover vfio_dma mappings. Multiple
1025 * vfio_dma mappings may be clubbed by specifying large ranges, but
1026 * there must not be any previous mappings bisected by the range.
1027 * An error will be returned if these conditions are not met.
1029 dma = vfio_find_dma(iommu, iova, 1);
1030 if (dma && dma->iova != iova)
1033 dma = vfio_find_dma(iommu, iova + size - 1, 0);
1034 if (dma && dma->iova + dma->size != iova + size)
1037 for (n = rb_first(&iommu->dma_list); n; n = rb_next(n)) {
1038 struct vfio_dma *dma = rb_entry(n, struct vfio_dma, node);
1040 if (dma->iova < iova)
1043 if (dma->iova > iova + size - 1)
1046 ret = update_user_bitmap(bitmap, iommu, dma, iova, pgsize);
1051 * Re-populate bitmap to include all pinned pages which are
1052 * considered as dirty but exclude pages which are unpinned and
1053 * pages which are marked dirty by vfio_dma_rw()
1055 bitmap_clear(dma->bitmap, 0, dma->size >> pgshift);
1056 vfio_dma_populate_bitmap(dma, pgsize);
1061 static int verify_bitmap_size(uint64_t npages, uint64_t bitmap_size)
1063 if (!npages || !bitmap_size || (bitmap_size > DIRTY_BITMAP_SIZE_MAX) ||
1064 (bitmap_size < DIRTY_BITMAP_BYTES(npages)))
1070 static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
1071 struct vfio_iommu_type1_dma_unmap *unmap,
1072 struct vfio_bitmap *bitmap)
1074 struct vfio_dma *dma, *dma_last = NULL;
1075 size_t unmapped = 0, pgsize;
1076 int ret = 0, retries = 0;
1077 unsigned long pgshift;
1079 mutex_lock(&iommu->lock);
1081 pgshift = __ffs(iommu->pgsize_bitmap);
1082 pgsize = (size_t)1 << pgshift;
1084 if (unmap->iova & (pgsize - 1)) {
1089 if (!unmap->size || unmap->size & (pgsize - 1)) {
1094 if (unmap->iova + unmap->size - 1 < unmap->iova ||
1095 unmap->size > SIZE_MAX) {
1100 /* When dirty tracking is enabled, allow only min supported pgsize */
1101 if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) &&
1102 (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) {
1107 WARN_ON((pgsize - 1) & PAGE_MASK);
1110 * vfio-iommu-type1 (v1) - User mappings were coalesced together to
1111 * avoid tracking individual mappings. This means that the granularity
1112 * of the original mapping was lost and the user was allowed to attempt
1113 * to unmap any range. Depending on the contiguousness of physical
1114 * memory and page sizes supported by the IOMMU, arbitrary unmaps may
1115 * or may not have worked. We only guaranteed unmap granularity
1116 * matching the original mapping; even though it was untracked here,
1117 * the original mappings are reflected in IOMMU mappings. This
1118 * resulted in a couple unusual behaviors. First, if a range is not
1119 * able to be unmapped, ex. a set of 4k pages that was mapped as a
1120 * 2M hugepage into the IOMMU, the unmap ioctl returns success but with
1121 * a zero sized unmap. Also, if an unmap request overlaps the first
1122 * address of a hugepage, the IOMMU will unmap the entire hugepage.
1123 * This also returns success and the returned unmap size reflects the
1124 * actual size unmapped.
1126 * We attempt to maintain compatibility with this "v1" interface, but
1127 * we take control out of the hands of the IOMMU. Therefore, an unmap
1128 * request offset from the beginning of the original mapping will
1129 * return success with zero sized unmap. And an unmap request covering
1130 * the first iova of mapping will unmap the entire range.
1132 * The v2 version of this interface intends to be more deterministic.
1133 * Unmap requests must fully cover previous mappings. Multiple
1134 * mappings may still be unmaped by specifying large ranges, but there
1135 * must not be any previous mappings bisected by the range. An error
1136 * will be returned if these conditions are not met. The v2 interface
1137 * will only return success and a size of zero if there were no
1138 * mappings within the range.
1141 dma = vfio_find_dma(iommu, unmap->iova, 1);
1142 if (dma && dma->iova != unmap->iova) {
1146 dma = vfio_find_dma(iommu, unmap->iova + unmap->size - 1, 0);
1147 if (dma && dma->iova + dma->size != unmap->iova + unmap->size) {
1153 while ((dma = vfio_find_dma(iommu, unmap->iova, unmap->size))) {
1154 if (!iommu->v2 && unmap->iova > dma->iova)
1157 * Task with same address space who mapped this iova range is
1158 * allowed to unmap the iova range.
1160 if (dma->task->mm != current->mm)
1163 if (!RB_EMPTY_ROOT(&dma->pfn_list)) {
1164 struct vfio_iommu_type1_dma_unmap nb_unmap;
1166 if (dma_last == dma) {
1167 BUG_ON(++retries > 10);
1173 nb_unmap.iova = dma->iova;
1174 nb_unmap.size = dma->size;
1177 * Notify anyone (mdev vendor drivers) to invalidate and
1178 * unmap iovas within the range we're about to unmap.
1179 * Vendor drivers MUST unpin pages in response to an
1182 mutex_unlock(&iommu->lock);
1183 blocking_notifier_call_chain(&iommu->notifier,
1184 VFIO_IOMMU_NOTIFY_DMA_UNMAP,
1186 mutex_lock(&iommu->lock);
1190 if (unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) {
1191 ret = update_user_bitmap(bitmap->data, iommu, dma,
1192 unmap->iova, pgsize);
1197 unmapped += dma->size;
1198 vfio_remove_dma(iommu, dma);
1202 mutex_unlock(&iommu->lock);
1204 /* Report how much was unmapped */
1205 unmap->size = unmapped;
1210 static int vfio_iommu_map(struct vfio_iommu *iommu, dma_addr_t iova,
1211 unsigned long pfn, long npage, int prot)
1213 struct vfio_domain *d;
1216 list_for_each_entry(d, &iommu->domain_list, next) {
1217 ret = iommu_map(d->domain, iova, (phys_addr_t)pfn << PAGE_SHIFT,
1218 npage << PAGE_SHIFT, prot | d->prot);
1228 list_for_each_entry_continue_reverse(d, &iommu->domain_list, next)
1229 iommu_unmap(d->domain, iova, npage << PAGE_SHIFT);
1234 static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma,
1237 dma_addr_t iova = dma->iova;
1238 unsigned long vaddr = dma->vaddr;
1239 size_t size = map_size;
1241 unsigned long pfn, limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
1245 /* Pin a contiguous chunk of memory */
1246 npage = vfio_pin_pages_remote(dma, vaddr + dma->size,
1247 size >> PAGE_SHIFT, &pfn, limit);
1255 ret = vfio_iommu_map(iommu, iova + dma->size, pfn, npage,
1258 vfio_unpin_pages_remote(dma, iova + dma->size, pfn,
1263 size -= npage << PAGE_SHIFT;
1264 dma->size += npage << PAGE_SHIFT;
1267 dma->iommu_mapped = true;
1270 vfio_remove_dma(iommu, dma);
1276 * Check dma map request is within a valid iova range
1278 static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,
1279 dma_addr_t start, dma_addr_t end)
1281 struct list_head *iova = &iommu->iova_list;
1282 struct vfio_iova *node;
1284 list_for_each_entry(node, iova, list) {
1285 if (start >= node->start && end <= node->end)
1290 * Check for list_empty() as well since a container with
1291 * a single mdev device will have an empty list.
1293 return list_empty(iova);
1296 static int vfio_dma_do_map(struct vfio_iommu *iommu,
1297 struct vfio_iommu_type1_dma_map *map)
1299 dma_addr_t iova = map->iova;
1300 unsigned long vaddr = map->vaddr;
1301 size_t size = map->size;
1302 int ret = 0, prot = 0;
1304 struct vfio_dma *dma;
1306 /* Verify that none of our __u64 fields overflow */
1307 if (map->size != size || map->vaddr != vaddr || map->iova != iova)
1310 /* READ/WRITE from device perspective */
1311 if (map->flags & VFIO_DMA_MAP_FLAG_WRITE)
1312 prot |= IOMMU_WRITE;
1313 if (map->flags & VFIO_DMA_MAP_FLAG_READ)
1316 mutex_lock(&iommu->lock);
1318 pgsize = (size_t)1 << __ffs(iommu->pgsize_bitmap);
1320 WARN_ON((pgsize - 1) & PAGE_MASK);
1322 if (!prot || !size || (size | iova | vaddr) & (pgsize - 1)) {
1327 /* Don't allow IOVA or virtual address wrap */
1328 if (iova + size - 1 < iova || vaddr + size - 1 < vaddr) {
1333 if (vfio_find_dma(iommu, iova, size)) {
1338 if (!iommu->dma_avail) {
1343 if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {
1348 dma = kzalloc(sizeof(*dma), GFP_KERNEL);
1360 * We need to be able to both add to a task's locked memory and test
1361 * against the locked memory limit and we need to be able to do both
1362 * outside of this call path as pinning can be asynchronous via the
1363 * external interfaces for mdev devices. RLIMIT_MEMLOCK requires a
1364 * task_struct and VM locked pages requires an mm_struct, however
1365 * holding an indefinite mm reference is not recommended, therefore we
1366 * only hold a reference to a task. We could hold a reference to
1367 * current, however QEMU uses this call path through vCPU threads,
1368 * which can be killed resulting in a NULL mm and failure in the unmap
1369 * path when called via a different thread. Avoid this problem by
1370 * using the group_leader as threads within the same group require
1371 * both CLONE_THREAD and CLONE_VM and will therefore use the same
1374 * Previously we also used the task for testing CAP_IPC_LOCK at the
1375 * time of pinning and accounting, however has_capability() makes use
1376 * of real_cred, a copy-on-write field, so we can't guarantee that it
1377 * matches group_leader, or in fact that it might not change by the
1378 * time it's evaluated. If a process were to call MAP_DMA with
1379 * CAP_IPC_LOCK but later drop it, it doesn't make sense that they
1380 * possibly see different results for an iommu_mapped vfio_dma vs
1381 * externally mapped. Therefore track CAP_IPC_LOCK in vfio_dma at the
1382 * time of calling MAP_DMA.
1384 get_task_struct(current->group_leader);
1385 dma->task = current->group_leader;
1386 dma->lock_cap = capable(CAP_IPC_LOCK);
1388 dma->pfn_list = RB_ROOT;
1390 /* Insert zero-sized and grow as we map chunks of it */
1391 vfio_link_dma(iommu, dma);
1393 /* Don't pin and map if container doesn't contain IOMMU capable domain*/
1394 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
1397 ret = vfio_pin_map_dma(iommu, dma, size);
1399 if (!ret && iommu->dirty_page_tracking) {
1400 ret = vfio_dma_bitmap_alloc(dma, pgsize);
1402 vfio_remove_dma(iommu, dma);
1406 mutex_unlock(&iommu->lock);
1410 static int vfio_bus_type(struct device *dev, void *data)
1412 struct bus_type **bus = data;
1414 if (*bus && *bus != dev->bus)
1422 static int vfio_iommu_replay(struct vfio_iommu *iommu,
1423 struct vfio_domain *domain)
1425 struct vfio_domain *d;
1427 unsigned long limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
1430 /* Arbitrarily pick the first domain in the list for lookups */
1431 d = list_first_entry(&iommu->domain_list, struct vfio_domain, next);
1432 n = rb_first(&iommu->dma_list);
1434 for (; n; n = rb_next(n)) {
1435 struct vfio_dma *dma;
1438 dma = rb_entry(n, struct vfio_dma, node);
1441 while (iova < dma->iova + dma->size) {
1445 if (dma->iommu_mapped) {
1449 phys = iommu_iova_to_phys(d->domain, iova);
1451 if (WARN_ON(!phys)) {
1459 while (i < dma->iova + dma->size &&
1460 p == iommu_iova_to_phys(d->domain, i)) {
1467 unsigned long vaddr = dma->vaddr +
1469 size_t n = dma->iova + dma->size - iova;
1472 npage = vfio_pin_pages_remote(dma, vaddr,
1481 phys = pfn << PAGE_SHIFT;
1482 size = npage << PAGE_SHIFT;
1485 ret = iommu_map(domain->domain, iova, phys,
1486 size, dma->prot | domain->prot);
1492 dma->iommu_mapped = true;
1498 * We change our unmap behavior slightly depending on whether the IOMMU
1499 * supports fine-grained superpages. IOMMUs like AMD-Vi will use a superpage
1500 * for practically any contiguous power-of-two mapping we give it. This means
1501 * we don't need to look for contiguous chunks ourselves to make unmapping
1502 * more efficient. On IOMMUs with coarse-grained super pages, like Intel VT-d
1503 * with discrete 2M/1G/512G/1T superpages, identifying contiguous chunks
1504 * significantly boosts non-hugetlbfs mappings and doesn't seem to hurt when
1505 * hugetlbfs is in use.
1507 static void vfio_test_domain_fgsp(struct vfio_domain *domain)
1510 int ret, order = get_order(PAGE_SIZE * 2);
1512 pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, order);
1516 ret = iommu_map(domain->domain, 0, page_to_phys(pages), PAGE_SIZE * 2,
1517 IOMMU_READ | IOMMU_WRITE | domain->prot);
1519 size_t unmapped = iommu_unmap(domain->domain, 0, PAGE_SIZE);
1521 if (unmapped == PAGE_SIZE)
1522 iommu_unmap(domain->domain, PAGE_SIZE, PAGE_SIZE);
1524 domain->fgsp = true;
1527 __free_pages(pages, order);
1530 static struct vfio_group *find_iommu_group(struct vfio_domain *domain,
1531 struct iommu_group *iommu_group)
1533 struct vfio_group *g;
1535 list_for_each_entry(g, &domain->group_list, next) {
1536 if (g->iommu_group == iommu_group)
1543 static struct vfio_group *vfio_iommu_find_iommu_group(struct vfio_iommu *iommu,
1544 struct iommu_group *iommu_group)
1546 struct vfio_domain *domain;
1547 struct vfio_group *group = NULL;
1549 list_for_each_entry(domain, &iommu->domain_list, next) {
1550 group = find_iommu_group(domain, iommu_group);
1555 if (iommu->external_domain)
1556 group = find_iommu_group(iommu->external_domain, iommu_group);
1561 static void update_pinned_page_dirty_scope(struct vfio_iommu *iommu)
1563 struct vfio_domain *domain;
1564 struct vfio_group *group;
1566 list_for_each_entry(domain, &iommu->domain_list, next) {
1567 list_for_each_entry(group, &domain->group_list, next) {
1568 if (!group->pinned_page_dirty_scope) {
1569 iommu->pinned_page_dirty_scope = false;
1575 if (iommu->external_domain) {
1576 domain = iommu->external_domain;
1577 list_for_each_entry(group, &domain->group_list, next) {
1578 if (!group->pinned_page_dirty_scope) {
1579 iommu->pinned_page_dirty_scope = false;
1585 iommu->pinned_page_dirty_scope = true;
1588 static bool vfio_iommu_has_sw_msi(struct list_head *group_resv_regions,
1591 struct iommu_resv_region *region;
1594 list_for_each_entry(region, group_resv_regions, list) {
1596 * The presence of any 'real' MSI regions should take
1597 * precedence over the software-managed one if the
1598 * IOMMU driver happens to advertise both types.
1600 if (region->type == IOMMU_RESV_MSI) {
1605 if (region->type == IOMMU_RESV_SW_MSI) {
1606 *base = region->start;
1614 static struct device *vfio_mdev_get_iommu_device(struct device *dev)
1616 struct device *(*fn)(struct device *dev);
1617 struct device *iommu_device;
1619 fn = symbol_get(mdev_get_iommu_device);
1621 iommu_device = fn(dev);
1622 symbol_put(mdev_get_iommu_device);
1624 return iommu_device;
1630 static int vfio_mdev_attach_domain(struct device *dev, void *data)
1632 struct iommu_domain *domain = data;
1633 struct device *iommu_device;
1635 iommu_device = vfio_mdev_get_iommu_device(dev);
1637 if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
1638 return iommu_aux_attach_device(domain, iommu_device);
1640 return iommu_attach_device(domain, iommu_device);
1646 static int vfio_mdev_detach_domain(struct device *dev, void *data)
1648 struct iommu_domain *domain = data;
1649 struct device *iommu_device;
1651 iommu_device = vfio_mdev_get_iommu_device(dev);
1653 if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
1654 iommu_aux_detach_device(domain, iommu_device);
1656 iommu_detach_device(domain, iommu_device);
1662 static int vfio_iommu_attach_group(struct vfio_domain *domain,
1663 struct vfio_group *group)
1665 if (group->mdev_group)
1666 return iommu_group_for_each_dev(group->iommu_group,
1668 vfio_mdev_attach_domain);
1670 return iommu_attach_group(domain->domain, group->iommu_group);
1673 static void vfio_iommu_detach_group(struct vfio_domain *domain,
1674 struct vfio_group *group)
1676 if (group->mdev_group)
1677 iommu_group_for_each_dev(group->iommu_group, domain->domain,
1678 vfio_mdev_detach_domain);
1680 iommu_detach_group(domain->domain, group->iommu_group);
1683 static bool vfio_bus_is_mdev(struct bus_type *bus)
1685 struct bus_type *mdev_bus;
1688 mdev_bus = symbol_get(mdev_bus_type);
1690 ret = (bus == mdev_bus);
1691 symbol_put(mdev_bus_type);
1697 static int vfio_mdev_iommu_device(struct device *dev, void *data)
1699 struct device **old = data, *new;
1701 new = vfio_mdev_get_iommu_device(dev);
1702 if (!new || (*old && *old != new))
1711 * This is a helper function to insert an address range to iova list.
1712 * The list is initially created with a single entry corresponding to
1713 * the IOMMU domain geometry to which the device group is attached.
1714 * The list aperture gets modified when a new domain is added to the
1715 * container if the new aperture doesn't conflict with the current one
1716 * or with any existing dma mappings. The list is also modified to
1717 * exclude any reserved regions associated with the device group.
1719 static int vfio_iommu_iova_insert(struct list_head *head,
1720 dma_addr_t start, dma_addr_t end)
1722 struct vfio_iova *region;
1724 region = kmalloc(sizeof(*region), GFP_KERNEL);
1728 INIT_LIST_HEAD(®ion->list);
1729 region->start = start;
1732 list_add_tail(®ion->list, head);
1737 * Check the new iommu aperture conflicts with existing aper or with any
1738 * existing dma mappings.
1740 static bool vfio_iommu_aper_conflict(struct vfio_iommu *iommu,
1741 dma_addr_t start, dma_addr_t end)
1743 struct vfio_iova *first, *last;
1744 struct list_head *iova = &iommu->iova_list;
1746 if (list_empty(iova))
1749 /* Disjoint sets, return conflict */
1750 first = list_first_entry(iova, struct vfio_iova, list);
1751 last = list_last_entry(iova, struct vfio_iova, list);
1752 if (start > last->end || end < first->start)
1755 /* Check for any existing dma mappings below the new start */
1756 if (start > first->start) {
1757 if (vfio_find_dma(iommu, first->start, start - first->start))
1761 /* Check for any existing dma mappings beyond the new end */
1762 if (end < last->end) {
1763 if (vfio_find_dma(iommu, end + 1, last->end - end))
1771 * Resize iommu iova aperture window. This is called only if the new
1772 * aperture has no conflict with existing aperture and dma mappings.
1774 static int vfio_iommu_aper_resize(struct list_head *iova,
1775 dma_addr_t start, dma_addr_t end)
1777 struct vfio_iova *node, *next;
1779 if (list_empty(iova))
1780 return vfio_iommu_iova_insert(iova, start, end);
1782 /* Adjust iova list start */
1783 list_for_each_entry_safe(node, next, iova, list) {
1784 if (start < node->start)
1786 if (start >= node->start && start < node->end) {
1787 node->start = start;
1790 /* Delete nodes before new start */
1791 list_del(&node->list);
1795 /* Adjust iova list end */
1796 list_for_each_entry_safe(node, next, iova, list) {
1797 if (end > node->end)
1799 if (end > node->start && end <= node->end) {
1803 /* Delete nodes after new end */
1804 list_del(&node->list);
1812 * Check reserved region conflicts with existing dma mappings
1814 static bool vfio_iommu_resv_conflict(struct vfio_iommu *iommu,
1815 struct list_head *resv_regions)
1817 struct iommu_resv_region *region;
1819 /* Check for conflict with existing dma mappings */
1820 list_for_each_entry(region, resv_regions, list) {
1821 if (region->type == IOMMU_RESV_DIRECT_RELAXABLE)
1824 if (vfio_find_dma(iommu, region->start, region->length))
1832 * Check iova region overlap with reserved regions and
1833 * exclude them from the iommu iova range
1835 static int vfio_iommu_resv_exclude(struct list_head *iova,
1836 struct list_head *resv_regions)
1838 struct iommu_resv_region *resv;
1839 struct vfio_iova *n, *next;
1841 list_for_each_entry(resv, resv_regions, list) {
1842 phys_addr_t start, end;
1844 if (resv->type == IOMMU_RESV_DIRECT_RELAXABLE)
1847 start = resv->start;
1848 end = resv->start + resv->length - 1;
1850 list_for_each_entry_safe(n, next, iova, list) {
1854 if (start > n->end || end < n->start)
1857 * Insert a new node if current node overlaps with the
1858 * reserve region to exlude that from valid iova range.
1859 * Note that, new node is inserted before the current
1860 * node and finally the current node is deleted keeping
1861 * the list updated and sorted.
1863 if (start > n->start)
1864 ret = vfio_iommu_iova_insert(&n->list, n->start,
1866 if (!ret && end < n->end)
1867 ret = vfio_iommu_iova_insert(&n->list, end + 1,
1877 if (list_empty(iova))
1883 static void vfio_iommu_resv_free(struct list_head *resv_regions)
1885 struct iommu_resv_region *n, *next;
1887 list_for_each_entry_safe(n, next, resv_regions, list) {
1893 static void vfio_iommu_iova_free(struct list_head *iova)
1895 struct vfio_iova *n, *next;
1897 list_for_each_entry_safe(n, next, iova, list) {
1903 static int vfio_iommu_iova_get_copy(struct vfio_iommu *iommu,
1904 struct list_head *iova_copy)
1906 struct list_head *iova = &iommu->iova_list;
1907 struct vfio_iova *n;
1910 list_for_each_entry(n, iova, list) {
1911 ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
1919 vfio_iommu_iova_free(iova_copy);
1923 static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
1924 struct list_head *iova_copy)
1926 struct list_head *iova = &iommu->iova_list;
1928 vfio_iommu_iova_free(iova);
1930 list_splice_tail(iova_copy, iova);
1932 static int vfio_iommu_type1_attach_group(void *iommu_data,
1933 struct iommu_group *iommu_group)
1935 struct vfio_iommu *iommu = iommu_data;
1936 struct vfio_group *group;
1937 struct vfio_domain *domain, *d;
1938 struct bus_type *bus = NULL;
1940 bool resv_msi, msi_remap;
1941 phys_addr_t resv_msi_base = 0;
1942 struct iommu_domain_geometry geo;
1943 LIST_HEAD(iova_copy);
1944 LIST_HEAD(group_resv_regions);
1946 mutex_lock(&iommu->lock);
1948 list_for_each_entry(d, &iommu->domain_list, next) {
1949 if (find_iommu_group(d, iommu_group)) {
1950 mutex_unlock(&iommu->lock);
1955 if (iommu->external_domain) {
1956 if (find_iommu_group(iommu->external_domain, iommu_group)) {
1957 mutex_unlock(&iommu->lock);
1962 group = kzalloc(sizeof(*group), GFP_KERNEL);
1963 domain = kzalloc(sizeof(*domain), GFP_KERNEL);
1964 if (!group || !domain) {
1969 group->iommu_group = iommu_group;
1971 /* Determine bus_type in order to allocate a domain */
1972 ret = iommu_group_for_each_dev(iommu_group, &bus, vfio_bus_type);
1976 if (vfio_bus_is_mdev(bus)) {
1977 struct device *iommu_device = NULL;
1979 group->mdev_group = true;
1981 /* Determine the isolation type */
1982 ret = iommu_group_for_each_dev(iommu_group, &iommu_device,
1983 vfio_mdev_iommu_device);
1984 if (ret || !iommu_device) {
1985 if (!iommu->external_domain) {
1986 INIT_LIST_HEAD(&domain->group_list);
1987 iommu->external_domain = domain;
1988 vfio_update_pgsize_bitmap(iommu);
1993 list_add(&group->next,
1994 &iommu->external_domain->group_list);
1996 * Non-iommu backed group cannot dirty memory directly,
1997 * it can only use interfaces that provide dirty
1999 * The iommu scope can only be promoted with the
2000 * addition of a dirty tracking group.
2002 group->pinned_page_dirty_scope = true;
2003 if (!iommu->pinned_page_dirty_scope)
2004 update_pinned_page_dirty_scope(iommu);
2005 mutex_unlock(&iommu->lock);
2010 bus = iommu_device->bus;
2013 domain->domain = iommu_domain_alloc(bus);
2014 if (!domain->domain) {
2019 if (iommu->nesting) {
2022 ret = iommu_domain_set_attr(domain->domain, DOMAIN_ATTR_NESTING,
2028 ret = vfio_iommu_attach_group(domain, group);
2032 /* Get aperture info */
2033 iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY, &geo);
2035 if (vfio_iommu_aper_conflict(iommu, geo.aperture_start,
2036 geo.aperture_end)) {
2041 ret = iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
2045 if (vfio_iommu_resv_conflict(iommu, &group_resv_regions)) {
2051 * We don't want to work on the original iova list as the list
2052 * gets modified and in case of failure we have to retain the
2053 * original list. Get a copy here.
2055 ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
2059 ret = vfio_iommu_aper_resize(&iova_copy, geo.aperture_start,
2064 ret = vfio_iommu_resv_exclude(&iova_copy, &group_resv_regions);
2068 resv_msi = vfio_iommu_has_sw_msi(&group_resv_regions, &resv_msi_base);
2070 INIT_LIST_HEAD(&domain->group_list);
2071 list_add(&group->next, &domain->group_list);
2073 msi_remap = irq_domain_check_msi_remap() ||
2074 iommu_capable(bus, IOMMU_CAP_INTR_REMAP);
2076 if (!allow_unsafe_interrupts && !msi_remap) {
2077 pr_warn("%s: No interrupt remapping support. Use the module param \"allow_unsafe_interrupts\" to enable VFIO IOMMU support on this platform\n",
2083 if (iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
2084 domain->prot |= IOMMU_CACHE;
2087 * Try to match an existing compatible domain. We don't want to
2088 * preclude an IOMMU driver supporting multiple bus_types and being
2089 * able to include different bus_types in the same IOMMU domain, so
2090 * we test whether the domains use the same iommu_ops rather than
2091 * testing if they're on the same bus_type.
2093 list_for_each_entry(d, &iommu->domain_list, next) {
2094 if (d->domain->ops == domain->domain->ops &&
2095 d->prot == domain->prot) {
2096 vfio_iommu_detach_group(domain, group);
2097 if (!vfio_iommu_attach_group(d, group)) {
2098 list_add(&group->next, &d->group_list);
2099 iommu_domain_free(domain->domain);
2104 ret = vfio_iommu_attach_group(domain, group);
2110 vfio_test_domain_fgsp(domain);
2112 /* replay mappings on new domains */
2113 ret = vfio_iommu_replay(iommu, domain);
2118 ret = iommu_get_msi_cookie(domain->domain, resv_msi_base);
2119 if (ret && ret != -ENODEV)
2123 list_add(&domain->next, &iommu->domain_list);
2124 vfio_update_pgsize_bitmap(iommu);
2126 /* Delete the old one and insert new iova list */
2127 vfio_iommu_iova_insert_copy(iommu, &iova_copy);
2130 * An iommu backed group can dirty memory directly and therefore
2131 * demotes the iommu scope until it declares itself dirty tracking
2132 * capable via the page pinning interface.
2134 iommu->pinned_page_dirty_scope = false;
2135 mutex_unlock(&iommu->lock);
2136 vfio_iommu_resv_free(&group_resv_regions);
2141 vfio_iommu_detach_group(domain, group);
2143 iommu_domain_free(domain->domain);
2144 vfio_iommu_iova_free(&iova_copy);
2145 vfio_iommu_resv_free(&group_resv_regions);
2149 mutex_unlock(&iommu->lock);
2153 static void vfio_iommu_unmap_unpin_all(struct vfio_iommu *iommu)
2155 struct rb_node *node;
2157 while ((node = rb_first(&iommu->dma_list)))
2158 vfio_remove_dma(iommu, rb_entry(node, struct vfio_dma, node));
2161 static void vfio_iommu_unmap_unpin_reaccount(struct vfio_iommu *iommu)
2163 struct rb_node *n, *p;
2165 n = rb_first(&iommu->dma_list);
2166 for (; n; n = rb_next(n)) {
2167 struct vfio_dma *dma;
2168 long locked = 0, unlocked = 0;
2170 dma = rb_entry(n, struct vfio_dma, node);
2171 unlocked += vfio_unmap_unpin(iommu, dma, false);
2172 p = rb_first(&dma->pfn_list);
2173 for (; p; p = rb_next(p)) {
2174 struct vfio_pfn *vpfn = rb_entry(p, struct vfio_pfn,
2177 if (!is_invalid_reserved_pfn(vpfn->pfn))
2180 vfio_lock_acct(dma, locked - unlocked, true);
2184 static void vfio_sanity_check_pfn_list(struct vfio_iommu *iommu)
2188 n = rb_first(&iommu->dma_list);
2189 for (; n; n = rb_next(n)) {
2190 struct vfio_dma *dma;
2192 dma = rb_entry(n, struct vfio_dma, node);
2194 if (WARN_ON(!RB_EMPTY_ROOT(&dma->pfn_list)))
2197 /* mdev vendor driver must unregister notifier */
2198 WARN_ON(iommu->notifier.head);
2202 * Called when a domain is removed in detach. It is possible that
2203 * the removed domain decided the iova aperture window. Modify the
2204 * iova aperture with the smallest window among existing domains.
2206 static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
2207 struct list_head *iova_copy)
2209 struct vfio_domain *domain;
2210 struct iommu_domain_geometry geo;
2211 struct vfio_iova *node;
2212 dma_addr_t start = 0;
2213 dma_addr_t end = (dma_addr_t)~0;
2215 if (list_empty(iova_copy))
2218 list_for_each_entry(domain, &iommu->domain_list, next) {
2219 iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
2221 if (geo.aperture_start > start)
2222 start = geo.aperture_start;
2223 if (geo.aperture_end < end)
2224 end = geo.aperture_end;
2227 /* Modify aperture limits. The new aper is either same or bigger */
2228 node = list_first_entry(iova_copy, struct vfio_iova, list);
2229 node->start = start;
2230 node = list_last_entry(iova_copy, struct vfio_iova, list);
2235 * Called when a group is detached. The reserved regions for that
2236 * group can be part of valid iova now. But since reserved regions
2237 * may be duplicated among groups, populate the iova valid regions
2240 static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
2241 struct list_head *iova_copy)
2243 struct vfio_domain *d;
2244 struct vfio_group *g;
2245 struct vfio_iova *node;
2246 dma_addr_t start, end;
2247 LIST_HEAD(resv_regions);
2250 if (list_empty(iova_copy))
2253 list_for_each_entry(d, &iommu->domain_list, next) {
2254 list_for_each_entry(g, &d->group_list, next) {
2255 ret = iommu_get_group_resv_regions(g->iommu_group,
2262 node = list_first_entry(iova_copy, struct vfio_iova, list);
2263 start = node->start;
2264 node = list_last_entry(iova_copy, struct vfio_iova, list);
2267 /* purge the iova list and create new one */
2268 vfio_iommu_iova_free(iova_copy);
2270 ret = vfio_iommu_aper_resize(iova_copy, start, end);
2274 /* Exclude current reserved regions from iova ranges */
2275 ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
2277 vfio_iommu_resv_free(&resv_regions);
2281 static void vfio_iommu_type1_detach_group(void *iommu_data,
2282 struct iommu_group *iommu_group)
2284 struct vfio_iommu *iommu = iommu_data;
2285 struct vfio_domain *domain;
2286 struct vfio_group *group;
2287 bool update_dirty_scope = false;
2288 LIST_HEAD(iova_copy);
2290 mutex_lock(&iommu->lock);
2292 if (iommu->external_domain) {
2293 group = find_iommu_group(iommu->external_domain, iommu_group);
2295 update_dirty_scope = !group->pinned_page_dirty_scope;
2296 list_del(&group->next);
2299 if (list_empty(&iommu->external_domain->group_list)) {
2300 vfio_sanity_check_pfn_list(iommu);
2302 if (!IS_IOMMU_CAP_DOMAIN_IN_CONTAINER(iommu))
2303 vfio_iommu_unmap_unpin_all(iommu);
2305 kfree(iommu->external_domain);
2306 iommu->external_domain = NULL;
2308 goto detach_group_done;
2313 * Get a copy of iova list. This will be used to update
2314 * and to replace the current one later. Please note that
2315 * we will leave the original list as it is if update fails.
2317 vfio_iommu_iova_get_copy(iommu, &iova_copy);
2319 list_for_each_entry(domain, &iommu->domain_list, next) {
2320 group = find_iommu_group(domain, iommu_group);
2324 vfio_iommu_detach_group(domain, group);
2325 update_dirty_scope = !group->pinned_page_dirty_scope;
2326 list_del(&group->next);
2329 * Group ownership provides privilege, if the group list is
2330 * empty, the domain goes away. If it's the last domain with
2331 * iommu and external domain doesn't exist, then all the
2332 * mappings go away too. If it's the last domain with iommu and
2333 * external domain exist, update accounting
2335 if (list_empty(&domain->group_list)) {
2336 if (list_is_singular(&iommu->domain_list)) {
2337 if (!iommu->external_domain)
2338 vfio_iommu_unmap_unpin_all(iommu);
2340 vfio_iommu_unmap_unpin_reaccount(iommu);
2342 iommu_domain_free(domain->domain);
2343 list_del(&domain->next);
2345 vfio_iommu_aper_expand(iommu, &iova_copy);
2346 vfio_update_pgsize_bitmap(iommu);
2351 if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
2352 vfio_iommu_iova_insert_copy(iommu, &iova_copy);
2354 vfio_iommu_iova_free(&iova_copy);
2358 * Removal of a group without dirty tracking may allow the iommu scope
2361 if (update_dirty_scope)
2362 update_pinned_page_dirty_scope(iommu);
2363 mutex_unlock(&iommu->lock);
2366 static void *vfio_iommu_type1_open(unsigned long arg)
2368 struct vfio_iommu *iommu;
2370 iommu = kzalloc(sizeof(*iommu), GFP_KERNEL);
2372 return ERR_PTR(-ENOMEM);
2375 case VFIO_TYPE1_IOMMU:
2377 case VFIO_TYPE1_NESTING_IOMMU:
2378 iommu->nesting = true;
2380 case VFIO_TYPE1v2_IOMMU:
2385 return ERR_PTR(-EINVAL);
2388 INIT_LIST_HEAD(&iommu->domain_list);
2389 INIT_LIST_HEAD(&iommu->iova_list);
2390 iommu->dma_list = RB_ROOT;
2391 iommu->dma_avail = dma_entry_limit;
2392 mutex_init(&iommu->lock);
2393 BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier);
2398 static void vfio_release_domain(struct vfio_domain *domain, bool external)
2400 struct vfio_group *group, *group_tmp;
2402 list_for_each_entry_safe(group, group_tmp,
2403 &domain->group_list, next) {
2405 vfio_iommu_detach_group(domain, group);
2406 list_del(&group->next);
2411 iommu_domain_free(domain->domain);
2414 static void vfio_iommu_type1_release(void *iommu_data)
2416 struct vfio_iommu *iommu = iommu_data;
2417 struct vfio_domain *domain, *domain_tmp;
2419 if (iommu->external_domain) {
2420 vfio_release_domain(iommu->external_domain, true);
2421 vfio_sanity_check_pfn_list(iommu);
2422 kfree(iommu->external_domain);
2425 vfio_iommu_unmap_unpin_all(iommu);
2427 list_for_each_entry_safe(domain, domain_tmp,
2428 &iommu->domain_list, next) {
2429 vfio_release_domain(domain, false);
2430 list_del(&domain->next);
2434 vfio_iommu_iova_free(&iommu->iova_list);
2439 static int vfio_domains_have_iommu_cache(struct vfio_iommu *iommu)
2441 struct vfio_domain *domain;
2444 mutex_lock(&iommu->lock);
2445 list_for_each_entry(domain, &iommu->domain_list, next) {
2446 if (!(domain->prot & IOMMU_CACHE)) {
2451 mutex_unlock(&iommu->lock);
2456 static int vfio_iommu_iova_add_cap(struct vfio_info_cap *caps,
2457 struct vfio_iommu_type1_info_cap_iova_range *cap_iovas,
2460 struct vfio_info_cap_header *header;
2461 struct vfio_iommu_type1_info_cap_iova_range *iova_cap;
2463 header = vfio_info_cap_add(caps, size,
2464 VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE, 1);
2466 return PTR_ERR(header);
2468 iova_cap = container_of(header,
2469 struct vfio_iommu_type1_info_cap_iova_range,
2471 iova_cap->nr_iovas = cap_iovas->nr_iovas;
2472 memcpy(iova_cap->iova_ranges, cap_iovas->iova_ranges,
2473 cap_iovas->nr_iovas * sizeof(*cap_iovas->iova_ranges));
2477 static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
2478 struct vfio_info_cap *caps)
2480 struct vfio_iommu_type1_info_cap_iova_range *cap_iovas;
2481 struct vfio_iova *iova;
2483 int iovas = 0, i = 0, ret;
2485 list_for_each_entry(iova, &iommu->iova_list, list)
2490 * Return 0 as a container with a single mdev device
2491 * will have an empty list
2496 size = sizeof(*cap_iovas) + (iovas * sizeof(*cap_iovas->iova_ranges));
2498 cap_iovas = kzalloc(size, GFP_KERNEL);
2502 cap_iovas->nr_iovas = iovas;
2504 list_for_each_entry(iova, &iommu->iova_list, list) {
2505 cap_iovas->iova_ranges[i].start = iova->start;
2506 cap_iovas->iova_ranges[i].end = iova->end;
2510 ret = vfio_iommu_iova_add_cap(caps, cap_iovas, size);
2516 static int vfio_iommu_migration_build_caps(struct vfio_iommu *iommu,
2517 struct vfio_info_cap *caps)
2519 struct vfio_iommu_type1_info_cap_migration cap_mig;
2521 cap_mig.header.id = VFIO_IOMMU_TYPE1_INFO_CAP_MIGRATION;
2522 cap_mig.header.version = 1;
2525 /* support minimum pgsize */
2526 cap_mig.pgsize_bitmap = (size_t)1 << __ffs(iommu->pgsize_bitmap);
2527 cap_mig.max_dirty_bitmap_size = DIRTY_BITMAP_SIZE_MAX;
2529 return vfio_info_add_capability(caps, &cap_mig.header, sizeof(cap_mig));
2532 static long vfio_iommu_type1_ioctl(void *iommu_data,
2533 unsigned int cmd, unsigned long arg)
2535 struct vfio_iommu *iommu = iommu_data;
2536 unsigned long minsz;
2538 if (cmd == VFIO_CHECK_EXTENSION) {
2540 case VFIO_TYPE1_IOMMU:
2541 case VFIO_TYPE1v2_IOMMU:
2542 case VFIO_TYPE1_NESTING_IOMMU:
2544 case VFIO_DMA_CC_IOMMU:
2547 return vfio_domains_have_iommu_cache(iommu);
2551 } else if (cmd == VFIO_IOMMU_GET_INFO) {
2552 struct vfio_iommu_type1_info info;
2553 struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
2554 unsigned long capsz;
2557 minsz = offsetofend(struct vfio_iommu_type1_info, iova_pgsizes);
2559 /* For backward compatibility, cannot require this */
2560 capsz = offsetofend(struct vfio_iommu_type1_info, cap_offset);
2562 if (copy_from_user(&info, (void __user *)arg, minsz))
2565 if (info.argsz < minsz)
2568 if (info.argsz >= capsz) {
2570 info.cap_offset = 0; /* output, no-recopy necessary */
2573 mutex_lock(&iommu->lock);
2574 info.flags = VFIO_IOMMU_INFO_PGSIZES;
2576 info.iova_pgsizes = iommu->pgsize_bitmap;
2578 ret = vfio_iommu_migration_build_caps(iommu, &caps);
2581 ret = vfio_iommu_iova_build_caps(iommu, &caps);
2583 mutex_unlock(&iommu->lock);
2589 info.flags |= VFIO_IOMMU_INFO_CAPS;
2591 if (info.argsz < sizeof(info) + caps.size) {
2592 info.argsz = sizeof(info) + caps.size;
2594 vfio_info_cap_shift(&caps, sizeof(info));
2595 if (copy_to_user((void __user *)arg +
2596 sizeof(info), caps.buf,
2601 info.cap_offset = sizeof(info);
2607 return copy_to_user((void __user *)arg, &info, minsz) ?
2610 } else if (cmd == VFIO_IOMMU_MAP_DMA) {
2611 struct vfio_iommu_type1_dma_map map;
2612 uint32_t mask = VFIO_DMA_MAP_FLAG_READ |
2613 VFIO_DMA_MAP_FLAG_WRITE;
2615 minsz = offsetofend(struct vfio_iommu_type1_dma_map, size);
2617 if (copy_from_user(&map, (void __user *)arg, minsz))
2620 if (map.argsz < minsz || map.flags & ~mask)
2623 return vfio_dma_do_map(iommu, &map);
2625 } else if (cmd == VFIO_IOMMU_UNMAP_DMA) {
2626 struct vfio_iommu_type1_dma_unmap unmap;
2627 struct vfio_bitmap bitmap = { 0 };
2630 minsz = offsetofend(struct vfio_iommu_type1_dma_unmap, size);
2632 if (copy_from_user(&unmap, (void __user *)arg, minsz))
2635 if (unmap.argsz < minsz ||
2636 unmap.flags & ~VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP)
2639 if (unmap.flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) {
2640 unsigned long pgshift;
2642 if (unmap.argsz < (minsz + sizeof(bitmap)))
2645 if (copy_from_user(&bitmap,
2646 (void __user *)(arg + minsz),
2650 if (!access_ok((void __user *)bitmap.data, bitmap.size))
2653 pgshift = __ffs(bitmap.pgsize);
2654 ret = verify_bitmap_size(unmap.size >> pgshift,
2660 ret = vfio_dma_do_unmap(iommu, &unmap, &bitmap);
2664 return copy_to_user((void __user *)arg, &unmap, minsz) ?
2666 } else if (cmd == VFIO_IOMMU_DIRTY_PAGES) {
2667 struct vfio_iommu_type1_dirty_bitmap dirty;
2668 uint32_t mask = VFIO_IOMMU_DIRTY_PAGES_FLAG_START |
2669 VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP |
2670 VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP;
2676 minsz = offsetofend(struct vfio_iommu_type1_dirty_bitmap,
2679 if (copy_from_user(&dirty, (void __user *)arg, minsz))
2682 if (dirty.argsz < minsz || dirty.flags & ~mask)
2685 /* only one flag should be set at a time */
2686 if (__ffs(dirty.flags) != __fls(dirty.flags))
2689 if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_START) {
2692 mutex_lock(&iommu->lock);
2693 pgsize = 1 << __ffs(iommu->pgsize_bitmap);
2694 if (!iommu->dirty_page_tracking) {
2695 ret = vfio_dma_bitmap_alloc_all(iommu, pgsize);
2697 iommu->dirty_page_tracking = true;
2699 mutex_unlock(&iommu->lock);
2701 } else if (dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP) {
2702 mutex_lock(&iommu->lock);
2703 if (iommu->dirty_page_tracking) {
2704 iommu->dirty_page_tracking = false;
2705 vfio_dma_bitmap_free_all(iommu);
2707 mutex_unlock(&iommu->lock);
2709 } else if (dirty.flags &
2710 VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP) {
2711 struct vfio_iommu_type1_dirty_bitmap_get range;
2712 unsigned long pgshift;
2713 size_t data_size = dirty.argsz - minsz;
2714 size_t iommu_pgsize;
2716 if (!data_size || data_size < sizeof(range))
2719 if (copy_from_user(&range, (void __user *)(arg + minsz),
2723 if (range.iova + range.size < range.iova)
2725 if (!access_ok((void __user *)range.bitmap.data,
2729 pgshift = __ffs(range.bitmap.pgsize);
2730 ret = verify_bitmap_size(range.size >> pgshift,
2735 mutex_lock(&iommu->lock);
2737 iommu_pgsize = (size_t)1 << __ffs(iommu->pgsize_bitmap);
2739 /* allow only smallest supported pgsize */
2740 if (range.bitmap.pgsize != iommu_pgsize) {
2744 if (range.iova & (iommu_pgsize - 1)) {
2748 if (!range.size || range.size & (iommu_pgsize - 1)) {
2753 if (iommu->dirty_page_tracking)
2754 ret = vfio_iova_dirty_bitmap(range.bitmap.data,
2755 iommu, range.iova, range.size,
2756 range.bitmap.pgsize);
2760 mutex_unlock(&iommu->lock);
2769 static int vfio_iommu_type1_register_notifier(void *iommu_data,
2770 unsigned long *events,
2771 struct notifier_block *nb)
2773 struct vfio_iommu *iommu = iommu_data;
2775 /* clear known events */
2776 *events &= ~VFIO_IOMMU_NOTIFY_DMA_UNMAP;
2778 /* refuse to register if still events remaining */
2782 return blocking_notifier_chain_register(&iommu->notifier, nb);
2785 static int vfio_iommu_type1_unregister_notifier(void *iommu_data,
2786 struct notifier_block *nb)
2788 struct vfio_iommu *iommu = iommu_data;
2790 return blocking_notifier_chain_unregister(&iommu->notifier, nb);
2793 static int vfio_iommu_type1_dma_rw_chunk(struct vfio_iommu *iommu,
2794 dma_addr_t user_iova, void *data,
2795 size_t count, bool write,
2798 struct mm_struct *mm;
2799 unsigned long vaddr;
2800 struct vfio_dma *dma;
2801 bool kthread = current->mm == NULL;
2806 dma = vfio_find_dma(iommu, user_iova, 1);
2810 if ((write && !(dma->prot & IOMMU_WRITE)) ||
2811 !(dma->prot & IOMMU_READ))
2814 mm = get_task_mm(dma->task);
2821 else if (current->mm != mm)
2824 offset = user_iova - dma->iova;
2826 if (count > dma->size - offset)
2827 count = dma->size - offset;
2829 vaddr = dma->vaddr + offset;
2832 *copied = copy_to_user((void __user *)vaddr, data,
2834 if (*copied && iommu->dirty_page_tracking) {
2835 unsigned long pgshift = __ffs(iommu->pgsize_bitmap);
2837 * Bitmap populated with the smallest supported page
2840 bitmap_set(dma->bitmap, offset >> pgshift,
2841 *copied >> pgshift);
2844 *copied = copy_from_user(data, (void __user *)vaddr,
2850 return *copied ? 0 : -EFAULT;
2853 static int vfio_iommu_type1_dma_rw(void *iommu_data, dma_addr_t user_iova,
2854 void *data, size_t count, bool write)
2856 struct vfio_iommu *iommu = iommu_data;
2860 mutex_lock(&iommu->lock);
2862 ret = vfio_iommu_type1_dma_rw_chunk(iommu, user_iova, data,
2863 count, write, &done);
2872 mutex_unlock(&iommu->lock);
2876 static const struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1 = {
2877 .name = "vfio-iommu-type1",
2878 .owner = THIS_MODULE,
2879 .open = vfio_iommu_type1_open,
2880 .release = vfio_iommu_type1_release,
2881 .ioctl = vfio_iommu_type1_ioctl,
2882 .attach_group = vfio_iommu_type1_attach_group,
2883 .detach_group = vfio_iommu_type1_detach_group,
2884 .pin_pages = vfio_iommu_type1_pin_pages,
2885 .unpin_pages = vfio_iommu_type1_unpin_pages,
2886 .register_notifier = vfio_iommu_type1_register_notifier,
2887 .unregister_notifier = vfio_iommu_type1_unregister_notifier,
2888 .dma_rw = vfio_iommu_type1_dma_rw,
2891 static int __init vfio_iommu_type1_init(void)
2893 return vfio_register_iommu_driver(&vfio_iommu_driver_ops_type1);
2896 static void __exit vfio_iommu_type1_cleanup(void)
2898 vfio_unregister_iommu_driver(&vfio_iommu_driver_ops_type1);
2901 module_init(vfio_iommu_type1_init);
2902 module_exit(vfio_iommu_type1_cleanup);
2904 MODULE_VERSION(DRIVER_VERSION);
2905 MODULE_LICENSE("GPL v2");
2906 MODULE_AUTHOR(DRIVER_AUTHOR);
2907 MODULE_DESCRIPTION(DRIVER_DESC);
projects / linux-block.git / blob