1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
6 * Author: Alex Williamson <alex.williamson@redhat.com>
8 * Derived from original vfio:
9 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
10 * Author: Tom Lyon, pugs@cisco.com
13 #include <linux/cdev.h>
14 #include <linux/compat.h>
15 #include <linux/device.h>
17 #include <linux/idr.h>
18 #include <linux/iommu.h>
19 #if IS_ENABLED(CONFIG_KVM)
20 #include <linux/kvm_host.h>
22 #include <linux/list.h>
23 #include <linux/miscdevice.h>
24 #include <linux/module.h>
25 #include <linux/mount.h>
26 #include <linux/mutex.h>
27 #include <linux/pci.h>
28 #include <linux/pseudo_fs.h>
29 #include <linux/rwsem.h>
30 #include <linux/sched.h>
31 #include <linux/slab.h>
32 #include <linux/stat.h>
33 #include <linux/string.h>
34 #include <linux/uaccess.h>
35 #include <linux/vfio.h>
36 #include <linux/wait.h>
37 #include <linux/sched/signal.h>
38 #include <linux/pm_runtime.h>
39 #include <linux/interval_tree.h>
40 #include <linux/iova_bitmap.h>
41 #include <linux/iommufd.h>
44 #define DRIVER_VERSION "0.3"
45 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
46 #define DRIVER_DESC "VFIO - User Level meta-driver"
48 #define VFIO_MAGIC 0x5646494f /* "VFIO" */
51 struct class *device_class;
52 struct ida device_ida;
53 struct vfsmount *vfs_mount;
57 #ifdef CONFIG_VFIO_NOIOMMU
58 bool vfio_noiommu __read_mostly;
59 module_param_named(enable_unsafe_noiommu_mode,
60 vfio_noiommu, bool, S_IRUGO | S_IWUSR);
61 MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
64 static DEFINE_XARRAY(vfio_device_set_xa);
66 int vfio_assign_device_set(struct vfio_device *device, void *set_id)
68 unsigned long idx = (unsigned long)set_id;
69 struct vfio_device_set *new_dev_set;
70 struct vfio_device_set *dev_set;
76 * Atomically acquire a singleton object in the xarray for this set_id
78 xa_lock(&vfio_device_set_xa);
79 dev_set = xa_load(&vfio_device_set_xa, idx);
82 xa_unlock(&vfio_device_set_xa);
84 new_dev_set = kzalloc(sizeof(*new_dev_set), GFP_KERNEL);
87 mutex_init(&new_dev_set->lock);
88 INIT_LIST_HEAD(&new_dev_set->device_list);
89 new_dev_set->set_id = set_id;
91 xa_lock(&vfio_device_set_xa);
92 dev_set = __xa_cmpxchg(&vfio_device_set_xa, idx, NULL, new_dev_set,
95 dev_set = new_dev_set;
100 if (xa_is_err(dev_set)) {
101 xa_unlock(&vfio_device_set_xa);
102 return xa_err(dev_set);
106 dev_set->device_count++;
107 xa_unlock(&vfio_device_set_xa);
108 mutex_lock(&dev_set->lock);
109 device->dev_set = dev_set;
110 list_add_tail(&device->dev_set_list, &dev_set->device_list);
111 mutex_unlock(&dev_set->lock);
114 EXPORT_SYMBOL_GPL(vfio_assign_device_set);
116 static void vfio_release_device_set(struct vfio_device *device)
118 struct vfio_device_set *dev_set = device->dev_set;
123 mutex_lock(&dev_set->lock);
124 list_del(&device->dev_set_list);
125 mutex_unlock(&dev_set->lock);
127 xa_lock(&vfio_device_set_xa);
128 if (!--dev_set->device_count) {
129 __xa_erase(&vfio_device_set_xa,
130 (unsigned long)dev_set->set_id);
131 mutex_destroy(&dev_set->lock);
134 xa_unlock(&vfio_device_set_xa);
137 unsigned int vfio_device_set_open_count(struct vfio_device_set *dev_set)
139 struct vfio_device *cur;
140 unsigned int open_count = 0;
142 lockdep_assert_held(&dev_set->lock);
144 list_for_each_entry(cur, &dev_set->device_list, dev_set_list)
145 open_count += cur->open_count;
148 EXPORT_SYMBOL_GPL(vfio_device_set_open_count);
151 vfio_find_device_in_devset(struct vfio_device_set *dev_set,
154 struct vfio_device *cur;
156 lockdep_assert_held(&dev_set->lock);
158 list_for_each_entry(cur, &dev_set->device_list, dev_set_list)
163 EXPORT_SYMBOL_GPL(vfio_find_device_in_devset);
166 * Device objects - create, release, get, put, search
168 /* Device reference always implies a group reference */
169 void vfio_device_put_registration(struct vfio_device *device)
171 if (refcount_dec_and_test(&device->refcount))
172 complete(&device->comp);
175 bool vfio_device_try_get_registration(struct vfio_device *device)
177 return refcount_inc_not_zero(&device->refcount);
183 /* Release helper called by vfio_put_device() */
184 static void vfio_device_release(struct device *dev)
186 struct vfio_device *device =
187 container_of(dev, struct vfio_device, device);
189 vfio_release_device_set(device);
190 ida_free(&vfio.device_ida, device->index);
192 if (device->ops->release)
193 device->ops->release(device);
196 simple_release_fs(&vfio.vfs_mount, &vfio.fs_count);
200 static int vfio_init_device(struct vfio_device *device, struct device *dev,
201 const struct vfio_device_ops *ops);
204 * Allocate and initialize vfio_device so it can be registered to vfio
207 * Drivers should use the wrapper vfio_alloc_device() for allocation.
208 * @size is the size of the structure to be allocated, including any
209 * private data used by the driver.
211 * Driver may provide an @init callback to cover device private data.
213 * Use vfio_put_device() to release the structure after success return.
215 struct vfio_device *_vfio_alloc_device(size_t size, struct device *dev,
216 const struct vfio_device_ops *ops)
218 struct vfio_device *device;
221 if (WARN_ON(size < sizeof(struct vfio_device)))
222 return ERR_PTR(-EINVAL);
224 device = kvzalloc(size, GFP_KERNEL);
226 return ERR_PTR(-ENOMEM);
228 ret = vfio_init_device(device, dev, ops);
237 EXPORT_SYMBOL_GPL(_vfio_alloc_device);
239 static int vfio_fs_init_fs_context(struct fs_context *fc)
241 return init_pseudo(fc, VFIO_MAGIC) ? 0 : -ENOMEM;
244 static struct file_system_type vfio_fs_type = {
246 .owner = THIS_MODULE,
247 .init_fs_context = vfio_fs_init_fs_context,
248 .kill_sb = kill_anon_super,
251 static struct inode *vfio_fs_inode_new(void)
256 ret = simple_pin_fs(&vfio_fs_type, &vfio.vfs_mount, &vfio.fs_count);
260 inode = alloc_anon_inode(vfio.vfs_mount->mnt_sb);
262 simple_release_fs(&vfio.vfs_mount, &vfio.fs_count);
268 * Initialize a vfio_device so it can be registered to vfio core.
270 static int vfio_init_device(struct vfio_device *device, struct device *dev,
271 const struct vfio_device_ops *ops)
275 ret = ida_alloc_max(&vfio.device_ida, MINORMASK, GFP_KERNEL);
277 dev_dbg(dev, "Error to alloc index\n");
282 init_completion(&device->comp);
285 device->inode = vfio_fs_inode_new();
286 if (IS_ERR(device->inode)) {
287 ret = PTR_ERR(device->inode);
292 ret = ops->init(device);
297 device_initialize(&device->device);
298 device->device.release = vfio_device_release;
299 device->device.class = vfio.device_class;
300 device->device.parent = device->dev;
305 simple_release_fs(&vfio.vfs_mount, &vfio.fs_count);
307 vfio_release_device_set(device);
308 ida_free(&vfio.device_ida, device->index);
312 static int __vfio_register_dev(struct vfio_device *device,
313 enum vfio_group_type type)
317 if (WARN_ON(IS_ENABLED(CONFIG_IOMMUFD) &&
318 (!device->ops->bind_iommufd ||
319 !device->ops->unbind_iommufd ||
320 !device->ops->attach_ioas ||
321 !device->ops->detach_ioas)))
325 * If the driver doesn't specify a set then the device is added to a
326 * singleton set just for itself.
328 if (!device->dev_set)
329 vfio_assign_device_set(device, device);
331 ret = dev_set_name(&device->device, "vfio%d", device->index);
335 ret = vfio_device_set_group(device, type);
340 * VFIO always sets IOMMU_CACHE because we offer no way for userspace to
341 * restore cache coherency. It has to be checked here because it is only
342 * valid for cases where we are using iommu groups.
344 if (type == VFIO_IOMMU && !vfio_device_is_noiommu(device) &&
345 !device_iommu_capable(device->dev, IOMMU_CAP_CACHE_COHERENCY)) {
350 ret = vfio_device_add(device);
354 /* Refcounting can't start until the driver calls register */
355 refcount_set(&device->refcount, 1);
357 vfio_device_group_register(device);
358 vfio_device_debugfs_init(device);
362 vfio_device_remove_group(device);
366 int vfio_register_group_dev(struct vfio_device *device)
368 return __vfio_register_dev(device, VFIO_IOMMU);
370 EXPORT_SYMBOL_GPL(vfio_register_group_dev);
373 * Register a virtual device without IOMMU backing. The user of this
374 * device must not be able to directly trigger unmediated DMA.
376 int vfio_register_emulated_iommu_dev(struct vfio_device *device)
378 return __vfio_register_dev(device, VFIO_EMULATED_IOMMU);
380 EXPORT_SYMBOL_GPL(vfio_register_emulated_iommu_dev);
383 * Decrement the device reference count and wait for the device to be
384 * removed. Open file descriptors for the device... */
385 void vfio_unregister_group_dev(struct vfio_device *device)
388 bool interrupted = false;
392 * Prevent new device opened by userspace via the
393 * VFIO_GROUP_GET_DEVICE_FD in the group path.
395 vfio_device_group_unregister(device);
398 * Balances vfio_device_add() in register path, also prevents
399 * new device opened by userspace in the cdev path.
401 vfio_device_del(device);
403 vfio_device_put_registration(device);
404 rc = try_wait_for_completion(&device->comp);
406 if (device->ops->request)
407 device->ops->request(device, i++);
410 rc = wait_for_completion_timeout(&device->comp,
413 rc = wait_for_completion_interruptible_timeout(
414 &device->comp, HZ * 10);
417 dev_warn(device->dev,
418 "Device is currently in use, task"
420 "blocked until device is released",
421 current->comm, task_pid_nr(current));
426 vfio_device_debugfs_exit(device);
427 /* Balances vfio_device_set_group in register path */
428 vfio_device_remove_group(device);
430 EXPORT_SYMBOL_GPL(vfio_unregister_group_dev);
432 #if IS_ENABLED(CONFIG_KVM)
433 void vfio_device_get_kvm_safe(struct vfio_device *device, struct kvm *kvm)
435 void (*pfn)(struct kvm *kvm);
436 bool (*fn)(struct kvm *kvm);
439 lockdep_assert_held(&device->dev_set->lock);
444 pfn = symbol_get(kvm_put_kvm);
448 fn = symbol_get(kvm_get_kvm_safe);
450 symbol_put(kvm_put_kvm);
455 symbol_put(kvm_get_kvm_safe);
457 symbol_put(kvm_put_kvm);
461 device->put_kvm = pfn;
465 void vfio_device_put_kvm(struct vfio_device *device)
467 lockdep_assert_held(&device->dev_set->lock);
472 if (WARN_ON(!device->put_kvm))
475 device->put_kvm(device->kvm);
476 device->put_kvm = NULL;
477 symbol_put(kvm_put_kvm);
484 /* true if the vfio_device has open_device() called but not close_device() */
485 static bool vfio_assert_device_open(struct vfio_device *device)
487 return !WARN_ON_ONCE(!READ_ONCE(device->open_count));
490 struct vfio_device_file *
491 vfio_allocate_device_file(struct vfio_device *device)
493 struct vfio_device_file *df;
495 df = kzalloc(sizeof(*df), GFP_KERNEL_ACCOUNT);
497 return ERR_PTR(-ENOMEM);
500 spin_lock_init(&df->kvm_ref_lock);
505 static int vfio_df_device_first_open(struct vfio_device_file *df)
507 struct vfio_device *device = df->device;
508 struct iommufd_ctx *iommufd = df->iommufd;
511 lockdep_assert_held(&device->dev_set->lock);
513 if (!try_module_get(device->dev->driver->owner))
517 ret = vfio_df_iommufd_bind(df);
519 ret = vfio_device_group_use_iommu(device);
523 if (device->ops->open_device) {
524 ret = device->ops->open_device(device);
526 goto err_unuse_iommu;
532 vfio_df_iommufd_unbind(df);
534 vfio_device_group_unuse_iommu(device);
536 module_put(device->dev->driver->owner);
540 static void vfio_df_device_last_close(struct vfio_device_file *df)
542 struct vfio_device *device = df->device;
543 struct iommufd_ctx *iommufd = df->iommufd;
545 lockdep_assert_held(&device->dev_set->lock);
547 if (device->ops->close_device)
548 device->ops->close_device(device);
550 vfio_df_iommufd_unbind(df);
552 vfio_device_group_unuse_iommu(device);
553 module_put(device->dev->driver->owner);
556 int vfio_df_open(struct vfio_device_file *df)
558 struct vfio_device *device = df->device;
561 lockdep_assert_held(&device->dev_set->lock);
564 * Only the group path allows the device to be opened multiple
565 * times. The device cdev path doesn't have a secure way for it.
567 if (device->open_count != 0 && !df->group)
570 device->open_count++;
571 if (device->open_count == 1) {
572 ret = vfio_df_device_first_open(df);
574 device->open_count--;
580 void vfio_df_close(struct vfio_device_file *df)
582 struct vfio_device *device = df->device;
584 lockdep_assert_held(&device->dev_set->lock);
586 if (!vfio_assert_device_open(device))
588 if (device->open_count == 1)
589 vfio_df_device_last_close(df);
590 device->open_count--;
594 * Wrapper around pm_runtime_resume_and_get().
595 * Return error code on failure or 0 on success.
597 static inline int vfio_device_pm_runtime_get(struct vfio_device *device)
599 struct device *dev = device->dev;
601 if (dev->driver && dev->driver->pm) {
604 ret = pm_runtime_resume_and_get(dev);
606 dev_info_ratelimited(dev,
607 "vfio: runtime resume failed %d\n", ret);
616 * Wrapper around pm_runtime_put().
618 static inline void vfio_device_pm_runtime_put(struct vfio_device *device)
620 struct device *dev = device->dev;
622 if (dev->driver && dev->driver->pm)
629 static int vfio_device_fops_release(struct inode *inode, struct file *filep)
631 struct vfio_device_file *df = filep->private_data;
632 struct vfio_device *device = df->device;
635 vfio_df_group_close(df);
637 vfio_df_unbind_iommufd(df);
639 vfio_device_put_registration(device);
647 * vfio_mig_get_next_state - Compute the next step in the FSM
648 * @cur_fsm - The current state the device is in
649 * @new_fsm - The target state to reach
650 * @next_fsm - Pointer to the next step to get to new_fsm
652 * Return 0 upon success, otherwise -errno
653 * Upon success the next step in the state progression between cur_fsm and
654 * new_fsm will be set in next_fsm.
656 * This breaks down requests for combination transitions into smaller steps and
657 * returns the next step to get to new_fsm. The function may need to be called
658 * multiple times before reaching new_fsm.
661 int vfio_mig_get_next_state(struct vfio_device *device,
662 enum vfio_device_mig_state cur_fsm,
663 enum vfio_device_mig_state new_fsm,
664 enum vfio_device_mig_state *next_fsm)
666 enum { VFIO_DEVICE_NUM_STATES = VFIO_DEVICE_STATE_PRE_COPY_P2P + 1 };
668 * The coding in this table requires the driver to implement the
669 * following FSM arcs:
675 * If P2P is supported then the driver must also implement these FSM
677 * RUNNING -> RUNNING_P2P
678 * RUNNING_P2P -> RUNNING
679 * RUNNING_P2P -> STOP
680 * STOP -> RUNNING_P2P
682 * If precopy is supported then the driver must support these additional
684 * RUNNING -> PRE_COPY
685 * PRE_COPY -> RUNNING
686 * PRE_COPY -> STOP_COPY
687 * However, if precopy and P2P are supported together then the driver
688 * must support these additional arcs beyond the P2P arcs above:
689 * PRE_COPY -> RUNNING
690 * PRE_COPY -> PRE_COPY_P2P
691 * PRE_COPY_P2P -> PRE_COPY
692 * PRE_COPY_P2P -> RUNNING_P2P
693 * PRE_COPY_P2P -> STOP_COPY
694 * RUNNING -> PRE_COPY
695 * RUNNING_P2P -> PRE_COPY_P2P
697 * Without P2P and precopy the driver must implement:
701 * The coding will step through multiple states for some combination
702 * transitions; if all optional features are supported, this means the
704 * PRE_COPY -> PRE_COPY_P2P -> STOP_COPY
705 * PRE_COPY -> RUNNING -> RUNNING_P2P
706 * PRE_COPY -> RUNNING -> RUNNING_P2P -> STOP
707 * PRE_COPY -> RUNNING -> RUNNING_P2P -> STOP -> RESUMING
708 * PRE_COPY_P2P -> RUNNING_P2P -> RUNNING
709 * PRE_COPY_P2P -> RUNNING_P2P -> STOP
710 * PRE_COPY_P2P -> RUNNING_P2P -> STOP -> RESUMING
711 * RESUMING -> STOP -> RUNNING_P2P
712 * RESUMING -> STOP -> RUNNING_P2P -> PRE_COPY_P2P
713 * RESUMING -> STOP -> RUNNING_P2P -> RUNNING
714 * RESUMING -> STOP -> RUNNING_P2P -> RUNNING -> PRE_COPY
715 * RESUMING -> STOP -> STOP_COPY
716 * RUNNING -> RUNNING_P2P -> PRE_COPY_P2P
717 * RUNNING -> RUNNING_P2P -> STOP
718 * RUNNING -> RUNNING_P2P -> STOP -> RESUMING
719 * RUNNING -> RUNNING_P2P -> STOP -> STOP_COPY
720 * RUNNING_P2P -> RUNNING -> PRE_COPY
721 * RUNNING_P2P -> STOP -> RESUMING
722 * RUNNING_P2P -> STOP -> STOP_COPY
723 * STOP -> RUNNING_P2P -> PRE_COPY_P2P
724 * STOP -> RUNNING_P2P -> RUNNING
725 * STOP -> RUNNING_P2P -> RUNNING -> PRE_COPY
726 * STOP_COPY -> STOP -> RESUMING
727 * STOP_COPY -> STOP -> RUNNING_P2P
728 * STOP_COPY -> STOP -> RUNNING_P2P -> RUNNING
730 * The following transitions are blocked:
731 * STOP_COPY -> PRE_COPY
732 * STOP_COPY -> PRE_COPY_P2P
734 static const u8 vfio_from_fsm_table[VFIO_DEVICE_NUM_STATES][VFIO_DEVICE_NUM_STATES] = {
735 [VFIO_DEVICE_STATE_STOP] = {
736 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_STOP,
737 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_RUNNING_P2P,
738 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_RUNNING_P2P,
739 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_RUNNING_P2P,
740 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_STOP_COPY,
741 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_RESUMING,
742 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_RUNNING_P2P,
743 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
745 [VFIO_DEVICE_STATE_RUNNING] = {
746 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_RUNNING_P2P,
747 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_RUNNING,
748 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_PRE_COPY,
749 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_RUNNING_P2P,
750 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_RUNNING_P2P,
751 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_RUNNING_P2P,
752 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_RUNNING_P2P,
753 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
755 [VFIO_DEVICE_STATE_PRE_COPY] = {
756 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_RUNNING,
757 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_RUNNING,
758 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_PRE_COPY,
759 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_PRE_COPY_P2P,
760 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_PRE_COPY_P2P,
761 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_RUNNING,
762 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_RUNNING,
763 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
765 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = {
766 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_RUNNING_P2P,
767 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_RUNNING_P2P,
768 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_PRE_COPY,
769 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_PRE_COPY_P2P,
770 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_STOP_COPY,
771 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_RUNNING_P2P,
772 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_RUNNING_P2P,
773 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
775 [VFIO_DEVICE_STATE_STOP_COPY] = {
776 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_STOP,
777 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_STOP,
778 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_ERROR,
779 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_ERROR,
780 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_STOP_COPY,
781 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_STOP,
782 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_STOP,
783 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
785 [VFIO_DEVICE_STATE_RESUMING] = {
786 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_STOP,
787 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_STOP,
788 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_STOP,
789 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_STOP,
790 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_STOP,
791 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_RESUMING,
792 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_STOP,
793 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
795 [VFIO_DEVICE_STATE_RUNNING_P2P] = {
796 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_STOP,
797 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_RUNNING,
798 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_RUNNING,
799 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_PRE_COPY_P2P,
800 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_STOP,
801 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_STOP,
802 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_RUNNING_P2P,
803 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
805 [VFIO_DEVICE_STATE_ERROR] = {
806 [VFIO_DEVICE_STATE_STOP] = VFIO_DEVICE_STATE_ERROR,
807 [VFIO_DEVICE_STATE_RUNNING] = VFIO_DEVICE_STATE_ERROR,
808 [VFIO_DEVICE_STATE_PRE_COPY] = VFIO_DEVICE_STATE_ERROR,
809 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_DEVICE_STATE_ERROR,
810 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_DEVICE_STATE_ERROR,
811 [VFIO_DEVICE_STATE_RESUMING] = VFIO_DEVICE_STATE_ERROR,
812 [VFIO_DEVICE_STATE_RUNNING_P2P] = VFIO_DEVICE_STATE_ERROR,
813 [VFIO_DEVICE_STATE_ERROR] = VFIO_DEVICE_STATE_ERROR,
817 static const unsigned int state_flags_table[VFIO_DEVICE_NUM_STATES] = {
818 [VFIO_DEVICE_STATE_STOP] = VFIO_MIGRATION_STOP_COPY,
819 [VFIO_DEVICE_STATE_RUNNING] = VFIO_MIGRATION_STOP_COPY,
820 [VFIO_DEVICE_STATE_PRE_COPY] =
821 VFIO_MIGRATION_STOP_COPY | VFIO_MIGRATION_PRE_COPY,
822 [VFIO_DEVICE_STATE_PRE_COPY_P2P] = VFIO_MIGRATION_STOP_COPY |
824 VFIO_MIGRATION_PRE_COPY,
825 [VFIO_DEVICE_STATE_STOP_COPY] = VFIO_MIGRATION_STOP_COPY,
826 [VFIO_DEVICE_STATE_RESUMING] = VFIO_MIGRATION_STOP_COPY,
827 [VFIO_DEVICE_STATE_RUNNING_P2P] =
828 VFIO_MIGRATION_STOP_COPY | VFIO_MIGRATION_P2P,
829 [VFIO_DEVICE_STATE_ERROR] = ~0U,
832 if (WARN_ON(cur_fsm >= ARRAY_SIZE(vfio_from_fsm_table) ||
833 (state_flags_table[cur_fsm] & device->migration_flags) !=
834 state_flags_table[cur_fsm]))
837 if (new_fsm >= ARRAY_SIZE(vfio_from_fsm_table) ||
838 (state_flags_table[new_fsm] & device->migration_flags) !=
839 state_flags_table[new_fsm])
843 * Arcs touching optional and unsupported states are skipped over. The
844 * driver will instead see an arc from the original state to the next
845 * logical state, as per the above comment.
847 *next_fsm = vfio_from_fsm_table[cur_fsm][new_fsm];
848 while ((state_flags_table[*next_fsm] & device->migration_flags) !=
849 state_flags_table[*next_fsm])
850 *next_fsm = vfio_from_fsm_table[*next_fsm][new_fsm];
852 return (*next_fsm != VFIO_DEVICE_STATE_ERROR) ? 0 : -EINVAL;
854 EXPORT_SYMBOL_GPL(vfio_mig_get_next_state);
857 * Convert the drivers's struct file into a FD number and return it to userspace
859 static int vfio_ioct_mig_return_fd(struct file *filp, void __user *arg,
860 struct vfio_device_feature_mig_state *mig)
865 fd = get_unused_fd_flags(O_CLOEXEC);
872 if (copy_to_user(arg, mig, sizeof(*mig))) {
876 fd_install(fd, filp);
887 vfio_ioctl_device_feature_mig_device_state(struct vfio_device *device,
888 u32 flags, void __user *arg,
892 offsetofend(struct vfio_device_feature_mig_state, data_fd);
893 struct vfio_device_feature_mig_state mig;
894 struct file *filp = NULL;
897 if (!device->mig_ops)
900 ret = vfio_check_feature(flags, argsz,
901 VFIO_DEVICE_FEATURE_SET |
902 VFIO_DEVICE_FEATURE_GET,
907 if (copy_from_user(&mig, arg, minsz))
910 if (flags & VFIO_DEVICE_FEATURE_GET) {
911 enum vfio_device_mig_state curr_state;
913 ret = device->mig_ops->migration_get_state(device,
917 mig.device_state = curr_state;
921 /* Handle the VFIO_DEVICE_FEATURE_SET */
922 filp = device->mig_ops->migration_set_state(device, mig.device_state);
923 if (IS_ERR(filp) || !filp)
926 return vfio_ioct_mig_return_fd(filp, arg, &mig);
929 if (copy_to_user(arg, &mig, sizeof(mig)))
932 return PTR_ERR(filp);
937 vfio_ioctl_device_feature_migration_data_size(struct vfio_device *device,
938 u32 flags, void __user *arg,
941 struct vfio_device_feature_mig_data_size data_size = {};
942 unsigned long stop_copy_length;
945 if (!device->mig_ops)
948 ret = vfio_check_feature(flags, argsz, VFIO_DEVICE_FEATURE_GET,
953 ret = device->mig_ops->migration_get_data_size(device, &stop_copy_length);
957 data_size.stop_copy_length = stop_copy_length;
958 if (copy_to_user(arg, &data_size, sizeof(data_size)))
964 static int vfio_ioctl_device_feature_migration(struct vfio_device *device,
965 u32 flags, void __user *arg,
968 struct vfio_device_feature_migration mig = {
969 .flags = device->migration_flags,
973 if (!device->mig_ops)
976 ret = vfio_check_feature(flags, argsz, VFIO_DEVICE_FEATURE_GET,
980 if (copy_to_user(arg, &mig, sizeof(mig)))
985 void vfio_combine_iova_ranges(struct rb_root_cached *root, u32 cur_nodes,
988 struct interval_tree_node *prev, *curr, *comb_start, *comb_end;
989 unsigned long min_gap, curr_gap;
991 /* Special shortcut when a single range is required */
992 if (req_nodes == 1) {
995 comb_start = interval_tree_iter_first(root, 0, ULONG_MAX);
998 if (WARN_ON_ONCE(!comb_start))
1005 curr = interval_tree_iter_next(curr, 0, ULONG_MAX);
1006 if (prev != comb_start)
1007 interval_tree_remove(prev, root);
1009 comb_start->last = last;
1013 /* Combine ranges which have the smallest gap */
1014 while (cur_nodes > req_nodes) {
1016 min_gap = ULONG_MAX;
1017 curr = interval_tree_iter_first(root, 0, ULONG_MAX);
1020 curr_gap = curr->start - prev->last;
1021 if (curr_gap < min_gap) {
1028 curr = interval_tree_iter_next(curr, 0, ULONG_MAX);
1031 /* Empty list or no nodes to combine */
1032 if (WARN_ON_ONCE(min_gap == ULONG_MAX))
1035 comb_start->last = comb_end->last;
1036 interval_tree_remove(comb_end, root);
1040 EXPORT_SYMBOL_GPL(vfio_combine_iova_ranges);
1042 /* Ranges should fit into a single kernel page */
1043 #define LOG_MAX_RANGES \
1044 (PAGE_SIZE / sizeof(struct vfio_device_feature_dma_logging_range))
1047 vfio_ioctl_device_feature_logging_start(struct vfio_device *device,
1048 u32 flags, void __user *arg,
1052 offsetofend(struct vfio_device_feature_dma_logging_control,
1054 struct vfio_device_feature_dma_logging_range __user *ranges;
1055 struct vfio_device_feature_dma_logging_control control;
1056 struct vfio_device_feature_dma_logging_range range;
1057 struct rb_root_cached root = RB_ROOT_CACHED;
1058 struct interval_tree_node *nodes;
1063 if (!device->log_ops)
1066 ret = vfio_check_feature(flags, argsz,
1067 VFIO_DEVICE_FEATURE_SET,
1072 if (copy_from_user(&control, arg, minsz))
1075 nnodes = control.num_ranges;
1079 if (nnodes > LOG_MAX_RANGES)
1082 ranges = u64_to_user_ptr(control.ranges);
1083 nodes = kmalloc_array(nnodes, sizeof(struct interval_tree_node),
1088 for (i = 0; i < nnodes; i++) {
1089 if (copy_from_user(&range, &ranges[i], sizeof(range))) {
1093 if (!IS_ALIGNED(range.iova, control.page_size) ||
1094 !IS_ALIGNED(range.length, control.page_size)) {
1099 if (check_add_overflow(range.iova, range.length, &iova_end) ||
1100 iova_end > ULONG_MAX) {
1105 nodes[i].start = range.iova;
1106 nodes[i].last = range.iova + range.length - 1;
1107 if (interval_tree_iter_first(&root, nodes[i].start,
1109 /* Range overlapping */
1113 interval_tree_insert(nodes + i, &root);
1116 ret = device->log_ops->log_start(device, &root, nnodes,
1117 &control.page_size);
1121 if (copy_to_user(arg, &control, sizeof(control))) {
1123 device->log_ops->log_stop(device);
1132 vfio_ioctl_device_feature_logging_stop(struct vfio_device *device,
1133 u32 flags, void __user *arg,
1138 if (!device->log_ops)
1141 ret = vfio_check_feature(flags, argsz,
1142 VFIO_DEVICE_FEATURE_SET, 0);
1146 return device->log_ops->log_stop(device);
1149 static int vfio_device_log_read_and_clear(struct iova_bitmap *iter,
1150 unsigned long iova, size_t length,
1153 struct vfio_device *device = opaque;
1155 return device->log_ops->log_read_and_clear(device, iova, length, iter);
1159 vfio_ioctl_device_feature_logging_report(struct vfio_device *device,
1160 u32 flags, void __user *arg,
1164 offsetofend(struct vfio_device_feature_dma_logging_report,
1166 struct vfio_device_feature_dma_logging_report report;
1167 struct iova_bitmap *iter;
1171 if (!device->log_ops)
1174 ret = vfio_check_feature(flags, argsz,
1175 VFIO_DEVICE_FEATURE_GET,
1180 if (copy_from_user(&report, arg, minsz))
1183 if (report.page_size < SZ_4K || !is_power_of_2(report.page_size))
1186 if (check_add_overflow(report.iova, report.length, &iova_end) ||
1187 iova_end > ULONG_MAX)
1190 iter = iova_bitmap_alloc(report.iova, report.length,
1192 u64_to_user_ptr(report.bitmap));
1194 return PTR_ERR(iter);
1196 ret = iova_bitmap_for_each(iter, device,
1197 vfio_device_log_read_and_clear);
1199 iova_bitmap_free(iter);
1203 static int vfio_ioctl_device_feature(struct vfio_device *device,
1204 struct vfio_device_feature __user *arg)
1206 size_t minsz = offsetofend(struct vfio_device_feature, flags);
1207 struct vfio_device_feature feature;
1209 if (copy_from_user(&feature, arg, minsz))
1212 if (feature.argsz < minsz)
1215 /* Check unknown flags */
1217 ~(VFIO_DEVICE_FEATURE_MASK | VFIO_DEVICE_FEATURE_SET |
1218 VFIO_DEVICE_FEATURE_GET | VFIO_DEVICE_FEATURE_PROBE))
1221 /* GET & SET are mutually exclusive except with PROBE */
1222 if (!(feature.flags & VFIO_DEVICE_FEATURE_PROBE) &&
1223 (feature.flags & VFIO_DEVICE_FEATURE_SET) &&
1224 (feature.flags & VFIO_DEVICE_FEATURE_GET))
1227 switch (feature.flags & VFIO_DEVICE_FEATURE_MASK) {
1228 case VFIO_DEVICE_FEATURE_MIGRATION:
1229 return vfio_ioctl_device_feature_migration(
1230 device, feature.flags, arg->data,
1231 feature.argsz - minsz);
1232 case VFIO_DEVICE_FEATURE_MIG_DEVICE_STATE:
1233 return vfio_ioctl_device_feature_mig_device_state(
1234 device, feature.flags, arg->data,
1235 feature.argsz - minsz);
1236 case VFIO_DEVICE_FEATURE_DMA_LOGGING_START:
1237 return vfio_ioctl_device_feature_logging_start(
1238 device, feature.flags, arg->data,
1239 feature.argsz - minsz);
1240 case VFIO_DEVICE_FEATURE_DMA_LOGGING_STOP:
1241 return vfio_ioctl_device_feature_logging_stop(
1242 device, feature.flags, arg->data,
1243 feature.argsz - minsz);
1244 case VFIO_DEVICE_FEATURE_DMA_LOGGING_REPORT:
1245 return vfio_ioctl_device_feature_logging_report(
1246 device, feature.flags, arg->data,
1247 feature.argsz - minsz);
1248 case VFIO_DEVICE_FEATURE_MIG_DATA_SIZE:
1249 return vfio_ioctl_device_feature_migration_data_size(
1250 device, feature.flags, arg->data,
1251 feature.argsz - minsz);
1253 if (unlikely(!device->ops->device_feature))
1255 return device->ops->device_feature(device, feature.flags,
1257 feature.argsz - minsz);
1261 static long vfio_device_fops_unl_ioctl(struct file *filep,
1262 unsigned int cmd, unsigned long arg)
1264 struct vfio_device_file *df = filep->private_data;
1265 struct vfio_device *device = df->device;
1266 void __user *uptr = (void __user *)arg;
1269 if (cmd == VFIO_DEVICE_BIND_IOMMUFD)
1270 return vfio_df_ioctl_bind_iommufd(df, uptr);
1272 /* Paired with smp_store_release() following vfio_df_open() */
1273 if (!smp_load_acquire(&df->access_granted))
1276 ret = vfio_device_pm_runtime_get(device);
1280 /* cdev only ioctls */
1281 if (IS_ENABLED(CONFIG_VFIO_DEVICE_CDEV) && !df->group) {
1283 case VFIO_DEVICE_ATTACH_IOMMUFD_PT:
1284 ret = vfio_df_ioctl_attach_pt(df, uptr);
1287 case VFIO_DEVICE_DETACH_IOMMUFD_PT:
1288 ret = vfio_df_ioctl_detach_pt(df, uptr);
1294 case VFIO_DEVICE_FEATURE:
1295 ret = vfio_ioctl_device_feature(device, uptr);
1299 if (unlikely(!device->ops->ioctl))
1302 ret = device->ops->ioctl(device, cmd, arg);
1306 vfio_device_pm_runtime_put(device);
1310 static ssize_t vfio_device_fops_read(struct file *filep, char __user *buf,
1311 size_t count, loff_t *ppos)
1313 struct vfio_device_file *df = filep->private_data;
1314 struct vfio_device *device = df->device;
1316 /* Paired with smp_store_release() following vfio_df_open() */
1317 if (!smp_load_acquire(&df->access_granted))
1320 if (unlikely(!device->ops->read))
1323 return device->ops->read(device, buf, count, ppos);
1326 static ssize_t vfio_device_fops_write(struct file *filep,
1327 const char __user *buf,
1328 size_t count, loff_t *ppos)
1330 struct vfio_device_file *df = filep->private_data;
1331 struct vfio_device *device = df->device;
1333 /* Paired with smp_store_release() following vfio_df_open() */
1334 if (!smp_load_acquire(&df->access_granted))
1337 if (unlikely(!device->ops->write))
1340 return device->ops->write(device, buf, count, ppos);
1343 static int vfio_device_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1345 struct vfio_device_file *df = filep->private_data;
1346 struct vfio_device *device = df->device;
1348 /* Paired with smp_store_release() following vfio_df_open() */
1349 if (!smp_load_acquire(&df->access_granted))
1352 if (unlikely(!device->ops->mmap))
1355 return device->ops->mmap(device, vma);
1358 const struct file_operations vfio_device_fops = {
1359 .owner = THIS_MODULE,
1360 .open = vfio_device_fops_cdev_open,
1361 .release = vfio_device_fops_release,
1362 .read = vfio_device_fops_read,
1363 .write = vfio_device_fops_write,
1364 .unlocked_ioctl = vfio_device_fops_unl_ioctl,
1365 .compat_ioctl = compat_ptr_ioctl,
1366 .mmap = vfio_device_fops_mmap,
1369 static struct vfio_device *vfio_device_from_file(struct file *file)
1371 struct vfio_device_file *df = file->private_data;
1373 if (file->f_op != &vfio_device_fops)
1379 * vfio_file_is_valid - True if the file is valid vfio file
1380 * @file: VFIO group file or VFIO device file
1382 bool vfio_file_is_valid(struct file *file)
1384 return vfio_group_from_file(file) ||
1385 vfio_device_from_file(file);
1387 EXPORT_SYMBOL_GPL(vfio_file_is_valid);
1390 * vfio_file_enforced_coherent - True if the DMA associated with the VFIO file
1391 * is always CPU cache coherent
1392 * @file: VFIO group file or VFIO device file
1394 * Enforced coherency means that the IOMMU ignores things like the PCIe no-snoop
1395 * bit in DMA transactions. A return of false indicates that the user has
1396 * rights to access additional instructions such as wbinvd on x86.
1398 bool vfio_file_enforced_coherent(struct file *file)
1400 struct vfio_device *device;
1401 struct vfio_group *group;
1403 group = vfio_group_from_file(file);
1405 return vfio_group_enforced_coherent(group);
1407 device = vfio_device_from_file(file);
1409 return device_iommu_capable(device->dev,
1410 IOMMU_CAP_ENFORCE_CACHE_COHERENCY);
1414 EXPORT_SYMBOL_GPL(vfio_file_enforced_coherent);
1416 static void vfio_device_file_set_kvm(struct file *file, struct kvm *kvm)
1418 struct vfio_device_file *df = file->private_data;
1421 * The kvm is first recorded in the vfio_device_file, and will
1422 * be propagated to vfio_device::kvm when the file is bound to
1423 * iommufd successfully in the vfio device cdev path.
1425 spin_lock(&df->kvm_ref_lock);
1427 spin_unlock(&df->kvm_ref_lock);
1431 * vfio_file_set_kvm - Link a kvm with VFIO drivers
1432 * @file: VFIO group file or VFIO device file
1435 * When a VFIO device is first opened the KVM will be available in
1436 * device->kvm if one was associated with the file.
1438 void vfio_file_set_kvm(struct file *file, struct kvm *kvm)
1440 struct vfio_group *group;
1442 group = vfio_group_from_file(file);
1444 vfio_group_set_kvm(group, kvm);
1446 if (vfio_device_from_file(file))
1447 vfio_device_file_set_kvm(file, kvm);
1449 EXPORT_SYMBOL_GPL(vfio_file_set_kvm);
1452 * Sub-module support
1455 * Helper for managing a buffer of info chain capabilities, allocate or
1456 * reallocate a buffer with additional @size, filling in @id and @version
1457 * of the capability. A pointer to the new capability is returned.
1459 * NB. The chain is based at the head of the buffer, so new entries are
1460 * added to the tail, vfio_info_cap_shift() should be called to fixup the
1461 * next offsets prior to copying to the user buffer.
1463 struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
1464 size_t size, u16 id, u16 version)
1467 struct vfio_info_cap_header *header, *tmp;
1469 /* Ensure that the next capability struct will be aligned */
1470 size = ALIGN(size, sizeof(u64));
1472 buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL);
1477 return ERR_PTR(-ENOMEM);
1481 header = buf + caps->size;
1483 /* Eventually copied to user buffer, zero */
1484 memset(header, 0, size);
1487 header->version = version;
1489 /* Add to the end of the capability chain */
1490 for (tmp = buf; tmp->next; tmp = buf + tmp->next)
1493 tmp->next = caps->size;
1498 EXPORT_SYMBOL_GPL(vfio_info_cap_add);
1500 void vfio_info_cap_shift(struct vfio_info_cap *caps, size_t offset)
1502 struct vfio_info_cap_header *tmp;
1503 void *buf = (void *)caps->buf;
1505 /* Capability structs should start with proper alignment */
1506 WARN_ON(!IS_ALIGNED(offset, sizeof(u64)));
1508 for (tmp = buf; tmp->next; tmp = buf + tmp->next - offset)
1509 tmp->next += offset;
1511 EXPORT_SYMBOL(vfio_info_cap_shift);
1513 int vfio_info_add_capability(struct vfio_info_cap *caps,
1514 struct vfio_info_cap_header *cap, size_t size)
1516 struct vfio_info_cap_header *header;
1518 header = vfio_info_cap_add(caps, size, cap->id, cap->version);
1520 return PTR_ERR(header);
1522 memcpy(header + 1, cap + 1, size - sizeof(*header));
1526 EXPORT_SYMBOL(vfio_info_add_capability);
1528 int vfio_set_irqs_validate_and_prepare(struct vfio_irq_set *hdr, int num_irqs,
1529 int max_irq_type, size_t *data_size)
1531 unsigned long minsz;
1534 minsz = offsetofend(struct vfio_irq_set, count);
1536 if ((hdr->argsz < minsz) || (hdr->index >= max_irq_type) ||
1537 (hdr->count >= (U32_MAX - hdr->start)) ||
1538 (hdr->flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK |
1539 VFIO_IRQ_SET_ACTION_TYPE_MASK)))
1545 if (hdr->start >= num_irqs || hdr->start + hdr->count > num_irqs)
1548 switch (hdr->flags & VFIO_IRQ_SET_DATA_TYPE_MASK) {
1549 case VFIO_IRQ_SET_DATA_NONE:
1552 case VFIO_IRQ_SET_DATA_BOOL:
1553 size = sizeof(uint8_t);
1555 case VFIO_IRQ_SET_DATA_EVENTFD:
1556 size = sizeof(int32_t);
1563 if (hdr->argsz - minsz < hdr->count * size)
1569 *data_size = hdr->count * size;
1574 EXPORT_SYMBOL(vfio_set_irqs_validate_and_prepare);
1577 * Pin contiguous user pages and return their associated host pages for local
1579 * @device [in] : device
1580 * @iova [in] : starting IOVA of user pages to be pinned.
1581 * @npage [in] : count of pages to be pinned. This count should not
1582 * be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
1583 * @prot [in] : protection flags
1584 * @pages[out] : array of host pages
1585 * Return error or number of pages pinned.
1587 * A driver may only call this function if the vfio_device was created
1588 * by vfio_register_emulated_iommu_dev() due to vfio_device_container_pin_pages().
1590 int vfio_pin_pages(struct vfio_device *device, dma_addr_t iova,
1591 int npage, int prot, struct page **pages)
1593 /* group->container cannot change while a vfio device is open */
1594 if (!pages || !npage || WARN_ON(!vfio_assert_device_open(device)))
1596 if (!device->ops->dma_unmap)
1598 if (vfio_device_has_container(device))
1599 return vfio_device_container_pin_pages(device, iova,
1600 npage, prot, pages);
1601 if (device->iommufd_access) {
1604 if (iova > ULONG_MAX)
1607 * VFIO ignores the sub page offset, npages is from the start of
1608 * a PAGE_SIZE chunk of IOVA. The caller is expected to recover
1609 * the sub page offset by doing:
1610 * pages[0] + (iova % PAGE_SIZE)
1612 ret = iommufd_access_pin_pages(
1613 device->iommufd_access, ALIGN_DOWN(iova, PAGE_SIZE),
1614 npage * PAGE_SIZE, pages,
1615 (prot & IOMMU_WRITE) ? IOMMUFD_ACCESS_RW_WRITE : 0);
1622 EXPORT_SYMBOL(vfio_pin_pages);
1625 * Unpin contiguous host pages for local domain only.
1626 * @device [in] : device
1627 * @iova [in] : starting address of user pages to be unpinned.
1628 * @npage [in] : count of pages to be unpinned. This count should not
1629 * be greater than VFIO_PIN_PAGES_MAX_ENTRIES.
1631 void vfio_unpin_pages(struct vfio_device *device, dma_addr_t iova, int npage)
1633 if (WARN_ON(!vfio_assert_device_open(device)))
1635 if (WARN_ON(!device->ops->dma_unmap))
1638 if (vfio_device_has_container(device)) {
1639 vfio_device_container_unpin_pages(device, iova, npage);
1642 if (device->iommufd_access) {
1643 if (WARN_ON(iova > ULONG_MAX))
1645 iommufd_access_unpin_pages(device->iommufd_access,
1646 ALIGN_DOWN(iova, PAGE_SIZE),
1651 EXPORT_SYMBOL(vfio_unpin_pages);
1654 * This interface allows the CPUs to perform some sort of virtual DMA on
1655 * behalf of the device.
1657 * CPUs read/write from/into a range of IOVAs pointing to user space memory
1658 * into/from a kernel buffer.
1660 * As the read/write of user space memory is conducted via the CPUs and is
1661 * not a real device DMA, it is not necessary to pin the user space memory.
1663 * @device [in] : VFIO device
1664 * @iova [in] : base IOVA of a user space buffer
1665 * @data [in] : pointer to kernel buffer
1666 * @len [in] : kernel buffer length
1667 * @write : indicate read or write
1668 * Return error code on failure or 0 on success.
1670 int vfio_dma_rw(struct vfio_device *device, dma_addr_t iova, void *data,
1671 size_t len, bool write)
1673 if (!data || len <= 0 || !vfio_assert_device_open(device))
1676 if (vfio_device_has_container(device))
1677 return vfio_device_container_dma_rw(device, iova,
1680 if (device->iommufd_access) {
1681 unsigned int flags = 0;
1683 if (iova > ULONG_MAX)
1686 /* VFIO historically tries to auto-detect a kthread */
1688 flags |= IOMMUFD_ACCESS_RW_KTHREAD;
1690 flags |= IOMMUFD_ACCESS_RW_WRITE;
1691 return iommufd_access_rw(device->iommufd_access, iova, data,
1696 EXPORT_SYMBOL(vfio_dma_rw);
1699 * Module/class support
1701 static int __init vfio_init(void)
1705 ida_init(&vfio.device_ida);
1707 ret = vfio_group_init();
1711 ret = vfio_virqfd_init();
1715 /* /sys/class/vfio-dev/vfioX */
1716 vfio.device_class = class_create("vfio-dev");
1717 if (IS_ERR(vfio.device_class)) {
1718 ret = PTR_ERR(vfio.device_class);
1722 ret = vfio_cdev_init(vfio.device_class);
1724 goto err_alloc_dev_chrdev;
1726 vfio_debugfs_create_root();
1727 pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n");
1730 err_alloc_dev_chrdev:
1731 class_destroy(vfio.device_class);
1732 vfio.device_class = NULL;
1736 vfio_group_cleanup();
1740 static void __exit vfio_cleanup(void)
1742 vfio_debugfs_remove_root();
1743 ida_destroy(&vfio.device_ida);
1744 vfio_cdev_cleanup();
1745 class_destroy(vfio.device_class);
1746 vfio.device_class = NULL;
1748 vfio_group_cleanup();
1749 xa_destroy(&vfio_device_set_xa);
1752 module_init(vfio_init);
1753 module_exit(vfio_cleanup);
1755 MODULE_IMPORT_NS("IOMMUFD");
1756 MODULE_VERSION(DRIVER_VERSION);
1757 MODULE_LICENSE("GPL v2");
1758 MODULE_AUTHOR(DRIVER_AUTHOR);
1759 MODULE_DESCRIPTION(DRIVER_DESC);
1760 MODULE_SOFTDEP("post: vfio_iommu_type1 vfio_iommu_spapr_tce");
projects / linux-block.git / blob