1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (C) 2018-2020 Intel Corporation.
4 * Copyright (C) 2020 Red Hat, Inc.
6 * Author: Tiwei Bie <tiwei.bie@intel.com>
7 * Jason Wang <jasowang@redhat.com>
9 * Thanks Michael S. Tsirkin for the valuable comments and
10 * suggestions. And thanks to Cunming Liang and Zhihong Wang for all
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/cdev.h>
17 #include <linux/device.h>
19 #include <linux/slab.h>
20 #include <linux/iommu.h>
21 #include <linux/uuid.h>
22 #include <linux/vdpa.h>
23 #include <linux/nospec.h>
24 #include <linux/vhost.h>
29 VHOST_VDPA_BACKEND_FEATURES =
30 (1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2) |
31 (1ULL << VHOST_BACKEND_F_IOTLB_BATCH) |
32 (1ULL << VHOST_BACKEND_F_IOTLB_ASID),
35 #define VHOST_VDPA_DEV_MAX (1U << MINORBITS)
37 #define VHOST_VDPA_IOTLB_BUCKETS 16
39 struct vhost_vdpa_as {
40 struct hlist_node hash_link;
41 struct vhost_iotlb iotlb;
46 struct vhost_dev vdev;
47 struct iommu_domain *domain;
48 struct vhost_virtqueue *vqs;
49 struct completion completion;
50 struct vdpa_device *vdpa;
51 struct hlist_head as[VHOST_VDPA_IOTLB_BUCKETS];
58 struct eventfd_ctx *config_ctx;
60 struct vdpa_iova_range range;
64 static DEFINE_IDA(vhost_vdpa_ida);
66 static dev_t vhost_vdpa_major;
68 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
69 struct vhost_iotlb *iotlb, u64 start,
72 static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb)
74 struct vhost_vdpa_as *as = container_of(iotlb, struct
75 vhost_vdpa_as, iotlb);
79 static struct vhost_vdpa_as *asid_to_as(struct vhost_vdpa *v, u32 asid)
81 struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
82 struct vhost_vdpa_as *as;
84 hlist_for_each_entry(as, head, hash_link)
91 static struct vhost_iotlb *asid_to_iotlb(struct vhost_vdpa *v, u32 asid)
93 struct vhost_vdpa_as *as = asid_to_as(v, asid);
101 static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid)
103 struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
104 struct vhost_vdpa_as *as;
106 if (asid_to_as(v, asid))
109 if (asid >= v->vdpa->nas)
112 as = kmalloc(sizeof(*as), GFP_KERNEL);
116 vhost_iotlb_init(&as->iotlb, 0, 0);
118 hlist_add_head(&as->hash_link, head);
123 static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v,
126 struct vhost_vdpa_as *as = asid_to_as(v, asid);
131 return vhost_vdpa_alloc_as(v, asid);
134 static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid)
136 struct vhost_vdpa_as *as = asid_to_as(v, asid);
141 hlist_del(&as->hash_link);
142 vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid);
148 static void handle_vq_kick(struct vhost_work *work)
150 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
152 struct vhost_vdpa *v = container_of(vq->dev, struct vhost_vdpa, vdev);
153 const struct vdpa_config_ops *ops = v->vdpa->config;
155 ops->kick_vq(v->vdpa, vq - v->vqs);
158 static irqreturn_t vhost_vdpa_virtqueue_cb(void *private)
160 struct vhost_virtqueue *vq = private;
161 struct eventfd_ctx *call_ctx = vq->call_ctx.ctx;
164 eventfd_signal(call_ctx, 1);
169 static irqreturn_t vhost_vdpa_config_cb(void *private)
171 struct vhost_vdpa *v = private;
172 struct eventfd_ctx *config_ctx = v->config_ctx;
175 eventfd_signal(config_ctx, 1);
180 static void vhost_vdpa_setup_vq_irq(struct vhost_vdpa *v, u16 qid)
182 struct vhost_virtqueue *vq = &v->vqs[qid];
183 const struct vdpa_config_ops *ops = v->vdpa->config;
184 struct vdpa_device *vdpa = v->vdpa;
187 if (!ops->get_vq_irq)
190 irq = ops->get_vq_irq(vdpa, qid);
194 irq_bypass_unregister_producer(&vq->call_ctx.producer);
195 if (!vq->call_ctx.ctx)
198 vq->call_ctx.producer.token = vq->call_ctx.ctx;
199 vq->call_ctx.producer.irq = irq;
200 ret = irq_bypass_register_producer(&vq->call_ctx.producer);
202 dev_info(&v->dev, "vq %u, irq bypass producer (token %p) registration fails, ret = %d\n",
203 qid, vq->call_ctx.producer.token, ret);
206 static void vhost_vdpa_unsetup_vq_irq(struct vhost_vdpa *v, u16 qid)
208 struct vhost_virtqueue *vq = &v->vqs[qid];
210 irq_bypass_unregister_producer(&vq->call_ctx.producer);
213 static int vhost_vdpa_reset(struct vhost_vdpa *v)
215 struct vdpa_device *vdpa = v->vdpa;
219 return vdpa_reset(vdpa);
222 static long vhost_vdpa_get_device_id(struct vhost_vdpa *v, u8 __user *argp)
224 struct vdpa_device *vdpa = v->vdpa;
225 const struct vdpa_config_ops *ops = vdpa->config;
228 device_id = ops->get_device_id(vdpa);
230 if (copy_to_user(argp, &device_id, sizeof(device_id)))
236 static long vhost_vdpa_get_status(struct vhost_vdpa *v, u8 __user *statusp)
238 struct vdpa_device *vdpa = v->vdpa;
239 const struct vdpa_config_ops *ops = vdpa->config;
242 status = ops->get_status(vdpa);
244 if (copy_to_user(statusp, &status, sizeof(status)))
250 static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
252 struct vdpa_device *vdpa = v->vdpa;
253 const struct vdpa_config_ops *ops = vdpa->config;
254 u8 status, status_old;
259 if (copy_from_user(&status, statusp, sizeof(status)))
262 status_old = ops->get_status(vdpa);
265 * Userspace shouldn't remove status bits unless reset the
268 if (status != 0 && (status_old & ~status) != 0)
271 if ((status_old & VIRTIO_CONFIG_S_DRIVER_OK) && !(status & VIRTIO_CONFIG_S_DRIVER_OK))
272 for (i = 0; i < nvqs; i++)
273 vhost_vdpa_unsetup_vq_irq(v, i);
276 ret = vdpa_reset(vdpa);
280 vdpa_set_status(vdpa, status);
282 if ((status & VIRTIO_CONFIG_S_DRIVER_OK) && !(status_old & VIRTIO_CONFIG_S_DRIVER_OK))
283 for (i = 0; i < nvqs; i++)
284 vhost_vdpa_setup_vq_irq(v, i);
289 static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
290 struct vhost_vdpa_config *c)
292 struct vdpa_device *vdpa = v->vdpa;
293 size_t size = vdpa->config->get_config_size(vdpa);
295 if (c->len == 0 || c->off > size)
298 if (c->len > size - c->off)
304 static long vhost_vdpa_get_config(struct vhost_vdpa *v,
305 struct vhost_vdpa_config __user *c)
307 struct vdpa_device *vdpa = v->vdpa;
308 struct vhost_vdpa_config config;
309 unsigned long size = offsetof(struct vhost_vdpa_config, buf);
312 if (copy_from_user(&config, c, size))
314 if (vhost_vdpa_config_validate(v, &config))
316 buf = kvzalloc(config.len, GFP_KERNEL);
320 vdpa_get_config(vdpa, config.off, buf, config.len);
322 if (copy_to_user(c->buf, buf, config.len)) {
331 static long vhost_vdpa_set_config(struct vhost_vdpa *v,
332 struct vhost_vdpa_config __user *c)
334 struct vdpa_device *vdpa = v->vdpa;
335 struct vhost_vdpa_config config;
336 unsigned long size = offsetof(struct vhost_vdpa_config, buf);
339 if (copy_from_user(&config, c, size))
341 if (vhost_vdpa_config_validate(v, &config))
344 buf = vmemdup_user(c->buf, config.len);
348 vdpa_set_config(vdpa, config.off, buf, config.len);
354 static bool vhost_vdpa_can_suspend(const struct vhost_vdpa *v)
356 struct vdpa_device *vdpa = v->vdpa;
357 const struct vdpa_config_ops *ops = vdpa->config;
362 static bool vhost_vdpa_can_resume(const struct vhost_vdpa *v)
364 struct vdpa_device *vdpa = v->vdpa;
365 const struct vdpa_config_ops *ops = vdpa->config;
370 static long vhost_vdpa_get_features(struct vhost_vdpa *v, u64 __user *featurep)
372 struct vdpa_device *vdpa = v->vdpa;
373 const struct vdpa_config_ops *ops = vdpa->config;
376 features = ops->get_device_features(vdpa);
378 if (copy_to_user(featurep, &features, sizeof(features)))
384 static long vhost_vdpa_set_features(struct vhost_vdpa *v, u64 __user *featurep)
386 struct vdpa_device *vdpa = v->vdpa;
387 const struct vdpa_config_ops *ops = vdpa->config;
391 * It's not allowed to change the features after they have
394 if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_FEATURES_OK)
397 if (copy_from_user(&features, featurep, sizeof(features)))
400 if (vdpa_set_features(vdpa, features))
406 static long vhost_vdpa_get_vring_num(struct vhost_vdpa *v, u16 __user *argp)
408 struct vdpa_device *vdpa = v->vdpa;
409 const struct vdpa_config_ops *ops = vdpa->config;
412 num = ops->get_vq_num_max(vdpa);
414 if (copy_to_user(argp, &num, sizeof(num)))
420 static void vhost_vdpa_config_put(struct vhost_vdpa *v)
423 eventfd_ctx_put(v->config_ctx);
424 v->config_ctx = NULL;
428 static long vhost_vdpa_set_config_call(struct vhost_vdpa *v, u32 __user *argp)
430 struct vdpa_callback cb;
432 struct eventfd_ctx *ctx;
434 cb.callback = vhost_vdpa_config_cb;
436 if (copy_from_user(&fd, argp, sizeof(fd)))
439 ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd);
440 swap(ctx, v->config_ctx);
442 if (!IS_ERR_OR_NULL(ctx))
443 eventfd_ctx_put(ctx);
445 if (IS_ERR(v->config_ctx)) {
446 long ret = PTR_ERR(v->config_ctx);
448 v->config_ctx = NULL;
452 v->vdpa->config->set_config_cb(v->vdpa, &cb);
457 static long vhost_vdpa_get_iova_range(struct vhost_vdpa *v, u32 __user *argp)
459 struct vhost_vdpa_iova_range range = {
460 .first = v->range.first,
461 .last = v->range.last,
464 if (copy_to_user(argp, &range, sizeof(range)))
469 static long vhost_vdpa_get_config_size(struct vhost_vdpa *v, u32 __user *argp)
471 struct vdpa_device *vdpa = v->vdpa;
472 const struct vdpa_config_ops *ops = vdpa->config;
475 size = ops->get_config_size(vdpa);
477 if (copy_to_user(argp, &size, sizeof(size)))
483 static long vhost_vdpa_get_vqs_count(struct vhost_vdpa *v, u32 __user *argp)
485 struct vdpa_device *vdpa = v->vdpa;
487 if (copy_to_user(argp, &vdpa->nvqs, sizeof(vdpa->nvqs)))
493 /* After a successful return of ioctl the device must not process more
494 * virtqueue descriptors. The device can answer to read or writes of config
495 * fields as if it were not suspended. In particular, writing to "queue_enable"
496 * with a value of 1 will not make the device start processing buffers.
498 static long vhost_vdpa_suspend(struct vhost_vdpa *v)
500 struct vdpa_device *vdpa = v->vdpa;
501 const struct vdpa_config_ops *ops = vdpa->config;
506 return ops->suspend(vdpa);
509 /* After a successful return of this ioctl the device resumes processing
510 * virtqueue descriptors. The device becomes fully operational the same way it
511 * was before it was suspended.
513 static long vhost_vdpa_resume(struct vhost_vdpa *v)
515 struct vdpa_device *vdpa = v->vdpa;
516 const struct vdpa_config_ops *ops = vdpa->config;
521 return ops->resume(vdpa);
524 static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
527 struct vdpa_device *vdpa = v->vdpa;
528 const struct vdpa_config_ops *ops = vdpa->config;
529 struct vdpa_vq_state vq_state;
530 struct vdpa_callback cb;
531 struct vhost_virtqueue *vq;
532 struct vhost_vring_state s;
536 r = get_user(idx, (u32 __user *)argp);
543 idx = array_index_nospec(idx, v->nvqs);
547 case VHOST_VDPA_SET_VRING_ENABLE:
548 if (copy_from_user(&s, argp, sizeof(s)))
550 ops->set_vq_ready(vdpa, idx, s.num);
552 case VHOST_VDPA_GET_VRING_GROUP:
553 if (!ops->get_vq_group)
556 s.num = ops->get_vq_group(vdpa, idx);
557 if (s.num >= vdpa->ngroups)
559 else if (copy_to_user(argp, &s, sizeof(s)))
562 case VHOST_VDPA_SET_GROUP_ASID:
563 if (copy_from_user(&s, argp, sizeof(s)))
565 if (s.num >= vdpa->nas)
567 if (!ops->set_group_asid)
569 return ops->set_group_asid(vdpa, idx, s.num);
570 case VHOST_GET_VRING_BASE:
571 r = ops->get_vq_state(v->vdpa, idx, &vq_state);
575 vq->last_avail_idx = vq_state.split.avail_index;
579 r = vhost_vring_ioctl(&v->vdev, cmd, argp);
584 case VHOST_SET_VRING_ADDR:
585 if (ops->set_vq_address(vdpa, idx,
586 (u64)(uintptr_t)vq->desc,
587 (u64)(uintptr_t)vq->avail,
588 (u64)(uintptr_t)vq->used))
592 case VHOST_SET_VRING_BASE:
593 vq_state.split.avail_index = vq->last_avail_idx;
594 if (ops->set_vq_state(vdpa, idx, &vq_state))
598 case VHOST_SET_VRING_CALL:
599 if (vq->call_ctx.ctx) {
600 cb.callback = vhost_vdpa_virtqueue_cb;
606 ops->set_vq_cb(vdpa, idx, &cb);
607 vhost_vdpa_setup_vq_irq(v, idx);
610 case VHOST_SET_VRING_NUM:
611 ops->set_vq_num(vdpa, idx, vq->num);
618 static long vhost_vdpa_unlocked_ioctl(struct file *filep,
619 unsigned int cmd, unsigned long arg)
621 struct vhost_vdpa *v = filep->private_data;
622 struct vhost_dev *d = &v->vdev;
623 void __user *argp = (void __user *)arg;
624 u64 __user *featurep = argp;
628 if (cmd == VHOST_SET_BACKEND_FEATURES) {
629 if (copy_from_user(&features, featurep, sizeof(features)))
631 if (features & ~(VHOST_VDPA_BACKEND_FEATURES |
632 BIT_ULL(VHOST_BACKEND_F_SUSPEND) |
633 BIT_ULL(VHOST_BACKEND_F_RESUME)))
635 if ((features & BIT_ULL(VHOST_BACKEND_F_SUSPEND)) &&
636 !vhost_vdpa_can_suspend(v))
638 if ((features & BIT_ULL(VHOST_BACKEND_F_RESUME)) &&
639 !vhost_vdpa_can_resume(v))
641 vhost_set_backend_features(&v->vdev, features);
645 mutex_lock(&d->mutex);
648 case VHOST_VDPA_GET_DEVICE_ID:
649 r = vhost_vdpa_get_device_id(v, argp);
651 case VHOST_VDPA_GET_STATUS:
652 r = vhost_vdpa_get_status(v, argp);
654 case VHOST_VDPA_SET_STATUS:
655 r = vhost_vdpa_set_status(v, argp);
657 case VHOST_VDPA_GET_CONFIG:
658 r = vhost_vdpa_get_config(v, argp);
660 case VHOST_VDPA_SET_CONFIG:
661 r = vhost_vdpa_set_config(v, argp);
663 case VHOST_GET_FEATURES:
664 r = vhost_vdpa_get_features(v, argp);
666 case VHOST_SET_FEATURES:
667 r = vhost_vdpa_set_features(v, argp);
669 case VHOST_VDPA_GET_VRING_NUM:
670 r = vhost_vdpa_get_vring_num(v, argp);
672 case VHOST_VDPA_GET_GROUP_NUM:
673 if (copy_to_user(argp, &v->vdpa->ngroups,
674 sizeof(v->vdpa->ngroups)))
677 case VHOST_VDPA_GET_AS_NUM:
678 if (copy_to_user(argp, &v->vdpa->nas, sizeof(v->vdpa->nas)))
681 case VHOST_SET_LOG_BASE:
682 case VHOST_SET_LOG_FD:
685 case VHOST_VDPA_SET_CONFIG_CALL:
686 r = vhost_vdpa_set_config_call(v, argp);
688 case VHOST_GET_BACKEND_FEATURES:
689 features = VHOST_VDPA_BACKEND_FEATURES;
690 if (vhost_vdpa_can_suspend(v))
691 features |= BIT_ULL(VHOST_BACKEND_F_SUSPEND);
692 if (vhost_vdpa_can_resume(v))
693 features |= BIT_ULL(VHOST_BACKEND_F_RESUME);
694 if (copy_to_user(featurep, &features, sizeof(features)))
697 case VHOST_VDPA_GET_IOVA_RANGE:
698 r = vhost_vdpa_get_iova_range(v, argp);
700 case VHOST_VDPA_GET_CONFIG_SIZE:
701 r = vhost_vdpa_get_config_size(v, argp);
703 case VHOST_VDPA_GET_VQS_COUNT:
704 r = vhost_vdpa_get_vqs_count(v, argp);
706 case VHOST_VDPA_SUSPEND:
707 r = vhost_vdpa_suspend(v);
709 case VHOST_VDPA_RESUME:
710 r = vhost_vdpa_resume(v);
713 r = vhost_dev_ioctl(&v->vdev, cmd, argp);
714 if (r == -ENOIOCTLCMD)
715 r = vhost_vdpa_vring_ioctl(v, cmd, argp);
719 mutex_unlock(&d->mutex);
722 static void vhost_vdpa_general_unmap(struct vhost_vdpa *v,
723 struct vhost_iotlb_map *map, u32 asid)
725 struct vdpa_device *vdpa = v->vdpa;
726 const struct vdpa_config_ops *ops = vdpa->config;
728 ops->dma_unmap(vdpa, asid, map->start, map->size);
729 } else if (ops->set_map == NULL) {
730 iommu_unmap(v->domain, map->start, map->size);
734 static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
735 u64 start, u64 last, u32 asid)
737 struct vhost_dev *dev = &v->vdev;
738 struct vhost_iotlb_map *map;
740 unsigned long pfn, pinned;
742 while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
743 pinned = PFN_DOWN(map->size);
744 for (pfn = PFN_DOWN(map->addr);
745 pinned > 0; pfn++, pinned--) {
746 page = pfn_to_page(pfn);
747 if (map->perm & VHOST_ACCESS_WO)
748 set_page_dirty_lock(page);
749 unpin_user_page(page);
751 atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm);
752 vhost_vdpa_general_unmap(v, map, asid);
753 vhost_iotlb_map_free(iotlb, map);
757 static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
758 u64 start, u64 last, u32 asid)
760 struct vhost_iotlb_map *map;
761 struct vdpa_map_file *map_file;
763 while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
764 map_file = (struct vdpa_map_file *)map->opaque;
765 fput(map_file->file);
767 vhost_vdpa_general_unmap(v, map, asid);
768 vhost_iotlb_map_free(iotlb, map);
772 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
773 struct vhost_iotlb *iotlb, u64 start,
776 struct vdpa_device *vdpa = v->vdpa;
779 return vhost_vdpa_va_unmap(v, iotlb, start, last, asid);
781 return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid);
784 static int perm_to_iommu_flags(u32 perm)
789 case VHOST_ACCESS_WO:
790 flags |= IOMMU_WRITE;
792 case VHOST_ACCESS_RO:
795 case VHOST_ACCESS_RW:
796 flags |= (IOMMU_WRITE | IOMMU_READ);
799 WARN(1, "invalidate vhost IOTLB permission\n");
803 return flags | IOMMU_CACHE;
806 static int vhost_vdpa_map(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
807 u64 iova, u64 size, u64 pa, u32 perm, void *opaque)
809 struct vhost_dev *dev = &v->vdev;
810 struct vdpa_device *vdpa = v->vdpa;
811 const struct vdpa_config_ops *ops = vdpa->config;
812 u32 asid = iotlb_to_asid(iotlb);
815 r = vhost_iotlb_add_range_ctx(iotlb, iova, iova + size - 1,
821 r = ops->dma_map(vdpa, asid, iova, size, pa, perm, opaque);
822 } else if (ops->set_map) {
824 r = ops->set_map(vdpa, asid, iotlb);
826 r = iommu_map(v->domain, iova, pa, size,
827 perm_to_iommu_flags(perm), GFP_KERNEL);
830 vhost_iotlb_del_range(iotlb, iova, iova + size - 1);
835 atomic64_add(PFN_DOWN(size), &dev->mm->pinned_vm);
840 static void vhost_vdpa_unmap(struct vhost_vdpa *v,
841 struct vhost_iotlb *iotlb,
844 struct vdpa_device *vdpa = v->vdpa;
845 const struct vdpa_config_ops *ops = vdpa->config;
846 u32 asid = iotlb_to_asid(iotlb);
848 vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid);
852 ops->set_map(vdpa, asid, iotlb);
854 /* If we are in the middle of batch processing, delay the free
855 * of AS until BATCH_END.
857 if (!v->in_batch && !iotlb->nmaps)
858 vhost_vdpa_remove_as(v, asid);
861 static int vhost_vdpa_va_map(struct vhost_vdpa *v,
862 struct vhost_iotlb *iotlb,
863 u64 iova, u64 size, u64 uaddr, u32 perm)
865 struct vhost_dev *dev = &v->vdev;
866 u64 offset, map_size, map_iova = iova;
867 struct vdpa_map_file *map_file;
868 struct vm_area_struct *vma;
871 mmap_read_lock(dev->mm);
874 vma = find_vma(dev->mm, uaddr);
879 map_size = min(size, vma->vm_end - uaddr);
880 if (!(vma->vm_file && (vma->vm_flags & VM_SHARED) &&
881 !(vma->vm_flags & (VM_IO | VM_PFNMAP))))
884 map_file = kzalloc(sizeof(*map_file), GFP_KERNEL);
889 offset = (vma->vm_pgoff << PAGE_SHIFT) + uaddr - vma->vm_start;
890 map_file->offset = offset;
891 map_file->file = get_file(vma->vm_file);
892 ret = vhost_vdpa_map(v, iotlb, map_iova, map_size, uaddr,
895 fput(map_file->file);
902 map_iova += map_size;
905 vhost_vdpa_unmap(v, iotlb, iova, map_iova - iova);
907 mmap_read_unlock(dev->mm);
912 static int vhost_vdpa_pa_map(struct vhost_vdpa *v,
913 struct vhost_iotlb *iotlb,
914 u64 iova, u64 size, u64 uaddr, u32 perm)
916 struct vhost_dev *dev = &v->vdev;
917 struct page **page_list;
918 unsigned long list_size = PAGE_SIZE / sizeof(struct page *);
919 unsigned int gup_flags = FOLL_LONGTERM;
920 unsigned long npages, cur_base, map_pfn, last_pfn = 0;
921 unsigned long lock_limit, sz2pin, nchunks, i;
926 /* Limit the use of memory for bookkeeping */
927 page_list = (struct page **) __get_free_page(GFP_KERNEL);
931 if (perm & VHOST_ACCESS_WO)
932 gup_flags |= FOLL_WRITE;
934 npages = PFN_UP(size + (iova & ~PAGE_MASK));
940 mmap_read_lock(dev->mm);
942 lock_limit = PFN_DOWN(rlimit(RLIMIT_MEMLOCK));
943 if (npages + atomic64_read(&dev->mm->pinned_vm) > lock_limit) {
948 cur_base = uaddr & PAGE_MASK;
953 sz2pin = min_t(unsigned long, npages, list_size);
954 pinned = pin_user_pages(cur_base, sz2pin,
955 gup_flags, page_list, NULL);
956 if (sz2pin != pinned) {
960 unpin_user_pages(page_list, pinned);
968 map_pfn = page_to_pfn(page_list[0]);
970 for (i = 0; i < pinned; i++) {
971 unsigned long this_pfn = page_to_pfn(page_list[i]);
974 if (last_pfn && (this_pfn != last_pfn + 1)) {
975 /* Pin a contiguous chunk of memory */
976 csize = PFN_PHYS(last_pfn - map_pfn + 1);
977 ret = vhost_vdpa_map(v, iotlb, iova, csize,
982 * Unpin the pages that are left unmapped
983 * from this point on in the current
984 * page_list. The remaining outstanding
985 * ones which may stride across several
986 * chunks will be covered in the common
987 * error path subsequently.
989 unpin_user_pages(&page_list[i],
1002 cur_base += PFN_PHYS(pinned);
1006 /* Pin the rest chunk */
1007 ret = vhost_vdpa_map(v, iotlb, iova, PFN_PHYS(last_pfn - map_pfn + 1),
1008 PFN_PHYS(map_pfn), perm, NULL);
1015 * Unpin the outstanding pages which are yet to be
1016 * mapped but haven't due to vdpa_map() or
1017 * pin_user_pages() failure.
1019 * Mapped pages are accounted in vdpa_map(), hence
1020 * the corresponding unpinning will be handled by
1024 for (pfn = map_pfn; pfn <= last_pfn; pfn++)
1025 unpin_user_page(pfn_to_page(pfn));
1027 vhost_vdpa_unmap(v, iotlb, start, size);
1030 mmap_read_unlock(dev->mm);
1032 free_page((unsigned long)page_list);
1037 static int vhost_vdpa_process_iotlb_update(struct vhost_vdpa *v,
1038 struct vhost_iotlb *iotlb,
1039 struct vhost_iotlb_msg *msg)
1041 struct vdpa_device *vdpa = v->vdpa;
1043 if (msg->iova < v->range.first || !msg->size ||
1044 msg->iova > U64_MAX - msg->size + 1 ||
1045 msg->iova + msg->size - 1 > v->range.last)
1048 if (vhost_iotlb_itree_first(iotlb, msg->iova,
1049 msg->iova + msg->size - 1))
1053 return vhost_vdpa_va_map(v, iotlb, msg->iova, msg->size,
1054 msg->uaddr, msg->perm);
1056 return vhost_vdpa_pa_map(v, iotlb, msg->iova, msg->size, msg->uaddr,
1060 static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, u32 asid,
1061 struct vhost_iotlb_msg *msg)
1063 struct vhost_vdpa *v = container_of(dev, struct vhost_vdpa, vdev);
1064 struct vdpa_device *vdpa = v->vdpa;
1065 const struct vdpa_config_ops *ops = vdpa->config;
1066 struct vhost_iotlb *iotlb = NULL;
1067 struct vhost_vdpa_as *as = NULL;
1070 mutex_lock(&dev->mutex);
1072 r = vhost_dev_check_owner(dev);
1076 if (msg->type == VHOST_IOTLB_UPDATE ||
1077 msg->type == VHOST_IOTLB_BATCH_BEGIN) {
1078 as = vhost_vdpa_find_alloc_as(v, asid);
1080 dev_err(&v->dev, "can't find and alloc asid %d\n",
1087 iotlb = asid_to_iotlb(v, asid);
1089 if ((v->in_batch && v->batch_asid != asid) || !iotlb) {
1090 if (v->in_batch && v->batch_asid != asid) {
1091 dev_info(&v->dev, "batch id %d asid %d\n",
1092 v->batch_asid, asid);
1095 dev_err(&v->dev, "no iotlb for asid %d\n", asid);
1100 switch (msg->type) {
1101 case VHOST_IOTLB_UPDATE:
1102 r = vhost_vdpa_process_iotlb_update(v, iotlb, msg);
1104 case VHOST_IOTLB_INVALIDATE:
1105 vhost_vdpa_unmap(v, iotlb, msg->iova, msg->size);
1107 case VHOST_IOTLB_BATCH_BEGIN:
1108 v->batch_asid = asid;
1111 case VHOST_IOTLB_BATCH_END:
1112 if (v->in_batch && ops->set_map)
1113 ops->set_map(vdpa, asid, iotlb);
1114 v->in_batch = false;
1116 vhost_vdpa_remove_as(v, asid);
1123 mutex_unlock(&dev->mutex);
1128 static ssize_t vhost_vdpa_chr_write_iter(struct kiocb *iocb,
1129 struct iov_iter *from)
1131 struct file *file = iocb->ki_filp;
1132 struct vhost_vdpa *v = file->private_data;
1133 struct vhost_dev *dev = &v->vdev;
1135 return vhost_chr_write_iter(dev, from);
1138 static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
1140 struct vdpa_device *vdpa = v->vdpa;
1141 const struct vdpa_config_ops *ops = vdpa->config;
1142 struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1143 struct bus_type *bus;
1146 /* Device want to do DMA by itself */
1147 if (ops->set_map || ops->dma_map)
1154 if (!device_iommu_capable(dma_dev, IOMMU_CAP_CACHE_COHERENCY)) {
1155 dev_warn_once(&v->dev,
1156 "Failed to allocate domain, device is not IOMMU cache coherent capable\n");
1160 v->domain = iommu_domain_alloc(bus);
1164 ret = iommu_attach_device(v->domain, dma_dev);
1171 iommu_domain_free(v->domain);
1176 static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
1178 struct vdpa_device *vdpa = v->vdpa;
1179 struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1182 iommu_detach_device(v->domain, dma_dev);
1183 iommu_domain_free(v->domain);
1189 static void vhost_vdpa_set_iova_range(struct vhost_vdpa *v)
1191 struct vdpa_iova_range *range = &v->range;
1192 struct vdpa_device *vdpa = v->vdpa;
1193 const struct vdpa_config_ops *ops = vdpa->config;
1195 if (ops->get_iova_range) {
1196 *range = ops->get_iova_range(vdpa);
1197 } else if (v->domain && v->domain->geometry.force_aperture) {
1198 range->first = v->domain->geometry.aperture_start;
1199 range->last = v->domain->geometry.aperture_end;
1202 range->last = ULLONG_MAX;
1206 static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
1208 struct vhost_vdpa_as *as;
1211 for (asid = 0; asid < v->vdpa->nas; asid++) {
1212 as = asid_to_as(v, asid);
1214 vhost_vdpa_remove_as(v, asid);
1217 vhost_vdpa_free_domain(v);
1218 vhost_dev_cleanup(&v->vdev);
1222 static int vhost_vdpa_open(struct inode *inode, struct file *filep)
1224 struct vhost_vdpa *v;
1225 struct vhost_dev *dev;
1226 struct vhost_virtqueue **vqs;
1230 v = container_of(inode->i_cdev, struct vhost_vdpa, cdev);
1232 opened = atomic_cmpxchg(&v->opened, 0, 1);
1237 r = vhost_vdpa_reset(v);
1241 vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
1248 for (i = 0; i < nvqs; i++) {
1249 vqs[i] = &v->vqs[i];
1250 vqs[i]->handle_kick = handle_vq_kick;
1252 vhost_dev_init(dev, vqs, nvqs, 0, 0, 0, false,
1253 vhost_vdpa_process_iotlb_msg);
1255 r = vhost_vdpa_alloc_domain(v);
1257 goto err_alloc_domain;
1259 vhost_vdpa_set_iova_range(v);
1261 filep->private_data = v;
1266 vhost_vdpa_cleanup(v);
1268 atomic_dec(&v->opened);
1272 static void vhost_vdpa_clean_irq(struct vhost_vdpa *v)
1276 for (i = 0; i < v->nvqs; i++)
1277 vhost_vdpa_unsetup_vq_irq(v, i);
1280 static int vhost_vdpa_release(struct inode *inode, struct file *filep)
1282 struct vhost_vdpa *v = filep->private_data;
1283 struct vhost_dev *d = &v->vdev;
1285 mutex_lock(&d->mutex);
1286 filep->private_data = NULL;
1287 vhost_vdpa_clean_irq(v);
1288 vhost_vdpa_reset(v);
1289 vhost_dev_stop(&v->vdev);
1290 vhost_vdpa_config_put(v);
1291 vhost_vdpa_cleanup(v);
1292 mutex_unlock(&d->mutex);
1294 atomic_dec(&v->opened);
1295 complete(&v->completion);
1301 static vm_fault_t vhost_vdpa_fault(struct vm_fault *vmf)
1303 struct vhost_vdpa *v = vmf->vma->vm_file->private_data;
1304 struct vdpa_device *vdpa = v->vdpa;
1305 const struct vdpa_config_ops *ops = vdpa->config;
1306 struct vdpa_notification_area notify;
1307 struct vm_area_struct *vma = vmf->vma;
1308 u16 index = vma->vm_pgoff;
1310 notify = ops->get_vq_notification(vdpa, index);
1312 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
1313 if (remap_pfn_range(vma, vmf->address & PAGE_MASK,
1314 PFN_DOWN(notify.addr), PAGE_SIZE,
1316 return VM_FAULT_SIGBUS;
1318 return VM_FAULT_NOPAGE;
1321 static const struct vm_operations_struct vhost_vdpa_vm_ops = {
1322 .fault = vhost_vdpa_fault,
1325 static int vhost_vdpa_mmap(struct file *file, struct vm_area_struct *vma)
1327 struct vhost_vdpa *v = vma->vm_file->private_data;
1328 struct vdpa_device *vdpa = v->vdpa;
1329 const struct vdpa_config_ops *ops = vdpa->config;
1330 struct vdpa_notification_area notify;
1331 unsigned long index = vma->vm_pgoff;
1333 if (vma->vm_end - vma->vm_start != PAGE_SIZE)
1335 if ((vma->vm_flags & VM_SHARED) == 0)
1337 if (vma->vm_flags & VM_READ)
1341 if (!ops->get_vq_notification)
1344 /* To be safe and easily modelled by userspace, We only
1345 * support the doorbell which sits on the page boundary and
1346 * does not share the page with other registers.
1348 notify = ops->get_vq_notification(vdpa, index);
1349 if (notify.addr & (PAGE_SIZE - 1))
1351 if (vma->vm_end - vma->vm_start != notify.size)
1354 vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
1355 vma->vm_ops = &vhost_vdpa_vm_ops;
1358 #endif /* CONFIG_MMU */
1360 static const struct file_operations vhost_vdpa_fops = {
1361 .owner = THIS_MODULE,
1362 .open = vhost_vdpa_open,
1363 .release = vhost_vdpa_release,
1364 .write_iter = vhost_vdpa_chr_write_iter,
1365 .unlocked_ioctl = vhost_vdpa_unlocked_ioctl,
1367 .mmap = vhost_vdpa_mmap,
1368 #endif /* CONFIG_MMU */
1369 .compat_ioctl = compat_ptr_ioctl,
1372 static void vhost_vdpa_release_dev(struct device *device)
1374 struct vhost_vdpa *v =
1375 container_of(device, struct vhost_vdpa, dev);
1377 ida_simple_remove(&vhost_vdpa_ida, v->minor);
1382 static int vhost_vdpa_probe(struct vdpa_device *vdpa)
1384 const struct vdpa_config_ops *ops = vdpa->config;
1385 struct vhost_vdpa *v;
1389 /* We can't support platform IOMMU device with more than 1
1392 if (!ops->set_map && !ops->dma_map &&
1393 (vdpa->ngroups > 1 || vdpa->nas > 1))
1396 v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1400 minor = ida_simple_get(&vhost_vdpa_ida, 0,
1401 VHOST_VDPA_DEV_MAX, GFP_KERNEL);
1407 atomic_set(&v->opened, 0);
1410 v->nvqs = vdpa->nvqs;
1411 v->virtio_id = ops->get_device_id(vdpa);
1413 device_initialize(&v->dev);
1414 v->dev.release = vhost_vdpa_release_dev;
1415 v->dev.parent = &vdpa->dev;
1416 v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor);
1417 v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue),
1424 r = dev_set_name(&v->dev, "vhost-vdpa-%u", minor);
1428 cdev_init(&v->cdev, &vhost_vdpa_fops);
1429 v->cdev.owner = THIS_MODULE;
1431 r = cdev_device_add(&v->cdev, &v->dev);
1435 init_completion(&v->completion);
1436 vdpa_set_drvdata(vdpa, v);
1438 for (i = 0; i < VHOST_VDPA_IOTLB_BUCKETS; i++)
1439 INIT_HLIST_HEAD(&v->as[i]);
1444 put_device(&v->dev);
1445 ida_simple_remove(&vhost_vdpa_ida, v->minor);
1449 static void vhost_vdpa_remove(struct vdpa_device *vdpa)
1451 struct vhost_vdpa *v = vdpa_get_drvdata(vdpa);
1454 cdev_device_del(&v->cdev, &v->dev);
1457 opened = atomic_cmpxchg(&v->opened, 0, 1);
1460 wait_for_completion(&v->completion);
1463 put_device(&v->dev);
1466 static struct vdpa_driver vhost_vdpa_driver = {
1468 .name = "vhost_vdpa",
1470 .probe = vhost_vdpa_probe,
1471 .remove = vhost_vdpa_remove,
1474 static int __init vhost_vdpa_init(void)
1478 r = alloc_chrdev_region(&vhost_vdpa_major, 0, VHOST_VDPA_DEV_MAX,
1481 goto err_alloc_chrdev;
1483 r = vdpa_register_driver(&vhost_vdpa_driver);
1485 goto err_vdpa_register_driver;
1489 err_vdpa_register_driver:
1490 unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1494 module_init(vhost_vdpa_init);
1496 static void __exit vhost_vdpa_exit(void)
1498 vdpa_unregister_driver(&vhost_vdpa_driver);
1499 unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1501 module_exit(vhost_vdpa_exit);
1503 MODULE_VERSION("0.0.1");
1504 MODULE_LICENSE("GPL v2");
1505 MODULE_AUTHOR("Intel Corporation");
1506 MODULE_DESCRIPTION("vDPA-based vhost backend for virtio");
projects / linux-block.git / blob