4 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
5 * Author: Alex Williamson <alex.williamson@redhat.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Derived from original vfio:
12 * Copyright 2010 Cisco Systems, Inc. All rights reserved.
13 * Author: Tom Lyon, pugs@cisco.com
16 #include <linux/cdev.h>
17 #include <linux/compat.h>
18 #include <linux/device.h>
19 #include <linux/file.h>
20 #include <linux/anon_inodes.h>
22 #include <linux/idr.h>
23 #include <linux/iommu.h>
24 #include <linux/list.h>
25 #include <linux/miscdevice.h>
26 #include <linux/module.h>
27 #include <linux/mutex.h>
28 #include <linux/rwsem.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/stat.h>
32 #include <linux/string.h>
33 #include <linux/uaccess.h>
34 #include <linux/vfio.h>
35 #include <linux/wait.h>
37 #define DRIVER_VERSION "0.3"
38 #define DRIVER_AUTHOR "Alex Williamson <alex.williamson@redhat.com>"
39 #define DRIVER_DESC "VFIO - User Level meta-driver"
43 struct list_head iommu_drivers_list;
44 struct mutex iommu_drivers_lock;
45 struct list_head group_list;
47 struct mutex group_lock;
48 struct cdev group_cdev;
50 wait_queue_head_t release_q;
53 struct vfio_iommu_driver {
54 const struct vfio_iommu_driver_ops *ops;
55 struct list_head vfio_next;
58 struct vfio_container {
60 struct list_head group_list;
61 struct rw_semaphore group_lock;
62 struct vfio_iommu_driver *iommu_driver;
69 atomic_t container_users;
70 struct iommu_group *iommu_group;
71 struct vfio_container *container;
72 struct list_head device_list;
73 struct mutex device_lock;
75 struct notifier_block nb;
76 struct list_head vfio_next;
77 struct list_head container_next;
84 const struct vfio_device_ops *ops;
85 struct vfio_group *group;
86 struct list_head group_next;
91 * IOMMU driver registration
93 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
95 struct vfio_iommu_driver *driver, *tmp;
97 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
103 mutex_lock(&vfio.iommu_drivers_lock);
105 /* Check for duplicates */
106 list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
107 if (tmp->ops == ops) {
108 mutex_unlock(&vfio.iommu_drivers_lock);
114 list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
116 mutex_unlock(&vfio.iommu_drivers_lock);
120 EXPORT_SYMBOL_GPL(vfio_register_iommu_driver);
122 void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops)
124 struct vfio_iommu_driver *driver;
126 mutex_lock(&vfio.iommu_drivers_lock);
127 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
128 if (driver->ops == ops) {
129 list_del(&driver->vfio_next);
130 mutex_unlock(&vfio.iommu_drivers_lock);
135 mutex_unlock(&vfio.iommu_drivers_lock);
137 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver);
140 * Group minor allocation/free - both called with vfio.group_lock held
142 static int vfio_alloc_group_minor(struct vfio_group *group)
144 return idr_alloc(&vfio.group_idr, group, 0, MINORMASK + 1, GFP_KERNEL);
147 static void vfio_free_group_minor(int minor)
149 idr_remove(&vfio.group_idr, minor);
152 static int vfio_iommu_group_notifier(struct notifier_block *nb,
153 unsigned long action, void *data);
154 static void vfio_group_get(struct vfio_group *group);
157 * Container objects - containers are created when /dev/vfio/vfio is
158 * opened, but their lifecycle extends until the last user is done, so
159 * it's freed via kref. Must support container/group/device being
160 * closed in any order.
162 static void vfio_container_get(struct vfio_container *container)
164 kref_get(&container->kref);
167 static void vfio_container_release(struct kref *kref)
169 struct vfio_container *container;
170 container = container_of(kref, struct vfio_container, kref);
175 static void vfio_container_put(struct vfio_container *container)
177 kref_put(&container->kref, vfio_container_release);
180 static void vfio_group_unlock_and_free(struct vfio_group *group)
182 mutex_unlock(&vfio.group_lock);
184 * Unregister outside of lock. A spurious callback is harmless now
185 * that the group is no longer in vfio.group_list.
187 iommu_group_unregister_notifier(group->iommu_group, &group->nb);
192 * Group objects - create, release, get, put, search
194 static struct vfio_group *vfio_create_group(struct iommu_group *iommu_group)
196 struct vfio_group *group, *tmp;
200 group = kzalloc(sizeof(*group), GFP_KERNEL);
202 return ERR_PTR(-ENOMEM);
204 kref_init(&group->kref);
205 INIT_LIST_HEAD(&group->device_list);
206 mutex_init(&group->device_lock);
207 atomic_set(&group->container_users, 0);
208 atomic_set(&group->opened, 0);
209 group->iommu_group = iommu_group;
211 group->nb.notifier_call = vfio_iommu_group_notifier;
214 * blocking notifiers acquire a rwsem around registering and hold
215 * it around callback. Therefore, need to register outside of
216 * vfio.group_lock to avoid A-B/B-A contention. Our callback won't
217 * do anything unless it can find the group in vfio.group_list, so
218 * no harm in registering early.
220 ret = iommu_group_register_notifier(iommu_group, &group->nb);
226 mutex_lock(&vfio.group_lock);
228 minor = vfio_alloc_group_minor(group);
230 vfio_group_unlock_and_free(group);
231 return ERR_PTR(minor);
234 /* Did we race creating this group? */
235 list_for_each_entry(tmp, &vfio.group_list, vfio_next) {
236 if (tmp->iommu_group == iommu_group) {
238 vfio_free_group_minor(minor);
239 vfio_group_unlock_and_free(group);
244 dev = device_create(vfio.class, NULL,
245 MKDEV(MAJOR(vfio.group_devt), minor),
246 group, "%d", iommu_group_id(iommu_group));
248 vfio_free_group_minor(minor);
249 vfio_group_unlock_and_free(group);
250 return (struct vfio_group *)dev; /* ERR_PTR */
253 group->minor = minor;
256 list_add(&group->vfio_next, &vfio.group_list);
258 mutex_unlock(&vfio.group_lock);
263 /* called with vfio.group_lock held */
264 static void vfio_group_release(struct kref *kref)
266 struct vfio_group *group = container_of(kref, struct vfio_group, kref);
268 WARN_ON(!list_empty(&group->device_list));
270 device_destroy(vfio.class, MKDEV(MAJOR(vfio.group_devt), group->minor));
271 list_del(&group->vfio_next);
272 vfio_free_group_minor(group->minor);
273 vfio_group_unlock_and_free(group);
276 static void vfio_group_put(struct vfio_group *group)
278 kref_put_mutex(&group->kref, vfio_group_release, &vfio.group_lock);
281 /* Assume group_lock or group reference is held */
282 static void vfio_group_get(struct vfio_group *group)
284 kref_get(&group->kref);
288 * Not really a try as we will sleep for mutex, but we need to make
289 * sure the group pointer is valid under lock and get a reference.
291 static struct vfio_group *vfio_group_try_get(struct vfio_group *group)
293 struct vfio_group *target = group;
295 mutex_lock(&vfio.group_lock);
296 list_for_each_entry(group, &vfio.group_list, vfio_next) {
297 if (group == target) {
298 vfio_group_get(group);
299 mutex_unlock(&vfio.group_lock);
303 mutex_unlock(&vfio.group_lock);
309 struct vfio_group *vfio_group_get_from_iommu(struct iommu_group *iommu_group)
311 struct vfio_group *group;
313 mutex_lock(&vfio.group_lock);
314 list_for_each_entry(group, &vfio.group_list, vfio_next) {
315 if (group->iommu_group == iommu_group) {
316 vfio_group_get(group);
317 mutex_unlock(&vfio.group_lock);
321 mutex_unlock(&vfio.group_lock);
326 static struct vfio_group *vfio_group_get_from_minor(int minor)
328 struct vfio_group *group;
330 mutex_lock(&vfio.group_lock);
331 group = idr_find(&vfio.group_idr, minor);
333 mutex_unlock(&vfio.group_lock);
336 vfio_group_get(group);
337 mutex_unlock(&vfio.group_lock);
343 * Device objects - create, release, get, put, search
346 struct vfio_device *vfio_group_create_device(struct vfio_group *group,
348 const struct vfio_device_ops *ops,
351 struct vfio_device *device;
353 device = kzalloc(sizeof(*device), GFP_KERNEL);
355 return ERR_PTR(-ENOMEM);
357 kref_init(&device->kref);
359 device->group = group;
361 device->device_data = device_data;
362 dev_set_drvdata(dev, device);
364 /* No need to get group_lock, caller has group reference */
365 vfio_group_get(group);
367 mutex_lock(&group->device_lock);
368 list_add(&device->group_next, &group->device_list);
369 mutex_unlock(&group->device_lock);
374 static void vfio_device_release(struct kref *kref)
376 struct vfio_device *device = container_of(kref,
377 struct vfio_device, kref);
378 struct vfio_group *group = device->group;
380 list_del(&device->group_next);
381 mutex_unlock(&group->device_lock);
383 dev_set_drvdata(device->dev, NULL);
387 /* vfio_del_group_dev may be waiting for this device */
388 wake_up(&vfio.release_q);
391 /* Device reference always implies a group reference */
392 void vfio_device_put(struct vfio_device *device)
394 struct vfio_group *group = device->group;
395 kref_put_mutex(&device->kref, vfio_device_release, &group->device_lock);
396 vfio_group_put(group);
398 EXPORT_SYMBOL_GPL(vfio_device_put);
400 static void vfio_device_get(struct vfio_device *device)
402 vfio_group_get(device->group);
403 kref_get(&device->kref);
406 static struct vfio_device *vfio_group_get_device(struct vfio_group *group,
409 struct vfio_device *device;
411 mutex_lock(&group->device_lock);
412 list_for_each_entry(device, &group->device_list, group_next) {
413 if (device->dev == dev) {
414 vfio_device_get(device);
415 mutex_unlock(&group->device_lock);
419 mutex_unlock(&group->device_lock);
424 * Whitelist some drivers that we know are safe (no dma) or just sit on
425 * a device. It's not always practical to leave a device within a group
426 * driverless as it could get re-bound to something unsafe.
428 static const char * const vfio_driver_whitelist[] = { "pci-stub", "pcieport" };
430 static bool vfio_whitelisted_driver(struct device_driver *drv)
434 for (i = 0; i < ARRAY_SIZE(vfio_driver_whitelist); i++) {
435 if (!strcmp(drv->name, vfio_driver_whitelist[i]))
443 * A vfio group is viable for use by userspace if all devices are either
444 * driver-less or bound to a vfio or whitelisted driver. We test the
445 * latter by the existence of a struct vfio_device matching the dev.
447 static int vfio_dev_viable(struct device *dev, void *data)
449 struct vfio_group *group = data;
450 struct vfio_device *device;
451 struct device_driver *drv = ACCESS_ONCE(dev->driver);
453 if (!drv || vfio_whitelisted_driver(drv))
456 device = vfio_group_get_device(group, dev);
458 vfio_device_put(device);
466 * Async device support
468 static int vfio_group_nb_add_dev(struct vfio_group *group, struct device *dev)
470 struct vfio_device *device;
472 /* Do we already know about it? We shouldn't */
473 device = vfio_group_get_device(group, dev);
474 if (WARN_ON_ONCE(device)) {
475 vfio_device_put(device);
479 /* Nothing to do for idle groups */
480 if (!atomic_read(&group->container_users))
483 /* TODO Prevent device auto probing */
484 WARN("Device %s added to live group %d!\n", dev_name(dev),
485 iommu_group_id(group->iommu_group));
490 static int vfio_group_nb_verify(struct vfio_group *group, struct device *dev)
492 /* We don't care what happens when the group isn't in use */
493 if (!atomic_read(&group->container_users))
496 return vfio_dev_viable(dev, group);
499 static int vfio_iommu_group_notifier(struct notifier_block *nb,
500 unsigned long action, void *data)
502 struct vfio_group *group = container_of(nb, struct vfio_group, nb);
503 struct device *dev = data;
506 * Need to go through a group_lock lookup to get a reference or we
507 * risk racing a group being removed. Ignore spurious notifies.
509 group = vfio_group_try_get(group);
514 case IOMMU_GROUP_NOTIFY_ADD_DEVICE:
515 vfio_group_nb_add_dev(group, dev);
517 case IOMMU_GROUP_NOTIFY_DEL_DEVICE:
519 * Nothing to do here. If the device is in use, then the
520 * vfio sub-driver should block the remove callback until
521 * it is unused. If the device is unused or attached to a
522 * stub driver, then it should be released and we don't
523 * care that it will be going away.
526 case IOMMU_GROUP_NOTIFY_BIND_DRIVER:
527 pr_debug("%s: Device %s, group %d binding to driver\n",
528 __func__, dev_name(dev),
529 iommu_group_id(group->iommu_group));
531 case IOMMU_GROUP_NOTIFY_BOUND_DRIVER:
532 pr_debug("%s: Device %s, group %d bound to driver %s\n",
533 __func__, dev_name(dev),
534 iommu_group_id(group->iommu_group), dev->driver->name);
535 BUG_ON(vfio_group_nb_verify(group, dev));
537 case IOMMU_GROUP_NOTIFY_UNBIND_DRIVER:
538 pr_debug("%s: Device %s, group %d unbinding from driver %s\n",
539 __func__, dev_name(dev),
540 iommu_group_id(group->iommu_group), dev->driver->name);
542 case IOMMU_GROUP_NOTIFY_UNBOUND_DRIVER:
543 pr_debug("%s: Device %s, group %d unbound from driver\n",
544 __func__, dev_name(dev),
545 iommu_group_id(group->iommu_group));
547 * XXX An unbound device in a live group is ok, but we'd
548 * really like to avoid the above BUG_ON by preventing other
549 * drivers from binding to it. Once that occurs, we have to
550 * stop the system to maintain isolation. At a minimum, we'd
551 * want a toggle to disable driver auto probe for this device.
556 vfio_group_put(group);
563 int vfio_add_group_dev(struct device *dev,
564 const struct vfio_device_ops *ops, void *device_data)
566 struct iommu_group *iommu_group;
567 struct vfio_group *group;
568 struct vfio_device *device;
570 iommu_group = iommu_group_get(dev);
574 group = vfio_group_get_from_iommu(iommu_group);
576 group = vfio_create_group(iommu_group);
578 iommu_group_put(iommu_group);
579 return PTR_ERR(group);
583 device = vfio_group_get_device(group, dev);
585 WARN(1, "Device %s already exists on group %d\n",
586 dev_name(dev), iommu_group_id(iommu_group));
587 vfio_device_put(device);
588 vfio_group_put(group);
589 iommu_group_put(iommu_group);
593 device = vfio_group_create_device(group, dev, ops, device_data);
594 if (IS_ERR(device)) {
595 vfio_group_put(group);
596 iommu_group_put(iommu_group);
597 return PTR_ERR(device);
601 * Added device holds reference to iommu_group and vfio_device
602 * (which in turn holds reference to vfio_group). Drop extra
603 * group reference used while acquiring device.
605 vfio_group_put(group);
609 EXPORT_SYMBOL_GPL(vfio_add_group_dev);
612 * Get a reference to the vfio_device for a device that is known to
613 * be bound to a vfio driver. The driver implicitly holds a
614 * vfio_device reference between vfio_add_group_dev and
615 * vfio_del_group_dev. We can therefore use drvdata to increment
616 * that reference from the struct device. This additional
617 * reference must be released by calling vfio_device_put.
619 struct vfio_device *vfio_device_get_from_dev(struct device *dev)
621 struct vfio_device *device = dev_get_drvdata(dev);
623 vfio_device_get(device);
627 EXPORT_SYMBOL_GPL(vfio_device_get_from_dev);
630 * Caller must hold a reference to the vfio_device
632 void *vfio_device_data(struct vfio_device *device)
634 return device->device_data;
636 EXPORT_SYMBOL_GPL(vfio_device_data);
638 /* Given a referenced group, check if it contains the device */
639 static bool vfio_dev_present(struct vfio_group *group, struct device *dev)
641 struct vfio_device *device;
643 device = vfio_group_get_device(group, dev);
647 vfio_device_put(device);
652 * Decrement the device reference count and wait for the device to be
653 * removed. Open file descriptors for the device... */
654 void *vfio_del_group_dev(struct device *dev)
656 struct vfio_device *device = dev_get_drvdata(dev);
657 struct vfio_group *group = device->group;
658 struct iommu_group *iommu_group = group->iommu_group;
659 void *device_data = device->device_data;
662 * The group exists so long as we have a device reference. Get
663 * a group reference and use it to scan for the device going away.
665 vfio_group_get(group);
667 vfio_device_put(device);
669 /* TODO send a signal to encourage this to be released */
670 wait_event(vfio.release_q, !vfio_dev_present(group, dev));
672 vfio_group_put(group);
674 iommu_group_put(iommu_group);
678 EXPORT_SYMBOL_GPL(vfio_del_group_dev);
681 * VFIO base fd, /dev/vfio/vfio
683 static long vfio_ioctl_check_extension(struct vfio_container *container,
686 struct vfio_iommu_driver *driver;
689 down_read(&container->group_lock);
691 driver = container->iommu_driver;
694 /* No base extensions yet */
697 * If no driver is set, poll all registered drivers for
698 * extensions and return the first positive result. If
699 * a driver is already set, further queries will be passed
700 * only to that driver.
703 mutex_lock(&vfio.iommu_drivers_lock);
704 list_for_each_entry(driver, &vfio.iommu_drivers_list,
706 if (!try_module_get(driver->ops->owner))
709 ret = driver->ops->ioctl(NULL,
710 VFIO_CHECK_EXTENSION,
712 module_put(driver->ops->owner);
716 mutex_unlock(&vfio.iommu_drivers_lock);
718 ret = driver->ops->ioctl(container->iommu_data,
719 VFIO_CHECK_EXTENSION, arg);
722 up_read(&container->group_lock);
727 /* hold write lock on container->group_lock */
728 static int __vfio_container_attach_groups(struct vfio_container *container,
729 struct vfio_iommu_driver *driver,
732 struct vfio_group *group;
735 list_for_each_entry(group, &container->group_list, container_next) {
736 ret = driver->ops->attach_group(data, group->iommu_group);
744 list_for_each_entry_continue_reverse(group, &container->group_list,
746 driver->ops->detach_group(data, group->iommu_group);
752 static long vfio_ioctl_set_iommu(struct vfio_container *container,
755 struct vfio_iommu_driver *driver;
758 down_write(&container->group_lock);
761 * The container is designed to be an unprivileged interface while
762 * the group can be assigned to specific users. Therefore, only by
763 * adding a group to a container does the user get the privilege of
764 * enabling the iommu, which may allocate finite resources. There
765 * is no unset_iommu, but by removing all the groups from a container,
766 * the container is deprivileged and returns to an unset state.
768 if (list_empty(&container->group_list) || container->iommu_driver) {
769 up_write(&container->group_lock);
773 mutex_lock(&vfio.iommu_drivers_lock);
774 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
777 if (!try_module_get(driver->ops->owner))
781 * The arg magic for SET_IOMMU is the same as CHECK_EXTENSION,
782 * so test which iommu driver reported support for this
783 * extension and call open on them. We also pass them the
784 * magic, allowing a single driver to support multiple
785 * interfaces if they'd like.
787 if (driver->ops->ioctl(NULL, VFIO_CHECK_EXTENSION, arg) <= 0) {
788 module_put(driver->ops->owner);
792 /* module reference holds the driver we're working on */
793 mutex_unlock(&vfio.iommu_drivers_lock);
795 data = driver->ops->open(arg);
798 module_put(driver->ops->owner);
799 goto skip_drivers_unlock;
802 ret = __vfio_container_attach_groups(container, driver, data);
804 container->iommu_driver = driver;
805 container->iommu_data = data;
807 driver->ops->release(data);
808 module_put(driver->ops->owner);
811 goto skip_drivers_unlock;
814 mutex_unlock(&vfio.iommu_drivers_lock);
816 up_write(&container->group_lock);
821 static long vfio_fops_unl_ioctl(struct file *filep,
822 unsigned int cmd, unsigned long arg)
824 struct vfio_container *container = filep->private_data;
825 struct vfio_iommu_driver *driver;
833 case VFIO_GET_API_VERSION:
834 ret = VFIO_API_VERSION;
836 case VFIO_CHECK_EXTENSION:
837 ret = vfio_ioctl_check_extension(container, arg);
840 ret = vfio_ioctl_set_iommu(container, arg);
843 down_read(&container->group_lock);
845 driver = container->iommu_driver;
846 data = container->iommu_data;
848 if (driver) /* passthrough all unrecognized ioctls */
849 ret = driver->ops->ioctl(data, cmd, arg);
851 up_read(&container->group_lock);
858 static long vfio_fops_compat_ioctl(struct file *filep,
859 unsigned int cmd, unsigned long arg)
861 arg = (unsigned long)compat_ptr(arg);
862 return vfio_fops_unl_ioctl(filep, cmd, arg);
864 #endif /* CONFIG_COMPAT */
866 static int vfio_fops_open(struct inode *inode, struct file *filep)
868 struct vfio_container *container;
870 container = kzalloc(sizeof(*container), GFP_KERNEL);
874 INIT_LIST_HEAD(&container->group_list);
875 init_rwsem(&container->group_lock);
876 kref_init(&container->kref);
878 filep->private_data = container;
883 static int vfio_fops_release(struct inode *inode, struct file *filep)
885 struct vfio_container *container = filep->private_data;
887 filep->private_data = NULL;
889 vfio_container_put(container);
895 * Once an iommu driver is set, we optionally pass read/write/mmap
896 * on to the driver, allowing management interfaces beyond ioctl.
898 static ssize_t vfio_fops_read(struct file *filep, char __user *buf,
899 size_t count, loff_t *ppos)
901 struct vfio_container *container = filep->private_data;
902 struct vfio_iommu_driver *driver;
903 ssize_t ret = -EINVAL;
905 down_read(&container->group_lock);
907 driver = container->iommu_driver;
908 if (likely(driver && driver->ops->read))
909 ret = driver->ops->read(container->iommu_data,
912 up_read(&container->group_lock);
917 static ssize_t vfio_fops_write(struct file *filep, const char __user *buf,
918 size_t count, loff_t *ppos)
920 struct vfio_container *container = filep->private_data;
921 struct vfio_iommu_driver *driver;
922 ssize_t ret = -EINVAL;
924 down_read(&container->group_lock);
926 driver = container->iommu_driver;
927 if (likely(driver && driver->ops->write))
928 ret = driver->ops->write(container->iommu_data,
931 up_read(&container->group_lock);
936 static int vfio_fops_mmap(struct file *filep, struct vm_area_struct *vma)
938 struct vfio_container *container = filep->private_data;
939 struct vfio_iommu_driver *driver;
942 down_read(&container->group_lock);
944 driver = container->iommu_driver;
945 if (likely(driver && driver->ops->mmap))
946 ret = driver->ops->mmap(container->iommu_data, vma);
948 up_read(&container->group_lock);
953 static const struct file_operations vfio_fops = {
954 .owner = THIS_MODULE,
955 .open = vfio_fops_open,
956 .release = vfio_fops_release,
957 .read = vfio_fops_read,
958 .write = vfio_fops_write,
959 .unlocked_ioctl = vfio_fops_unl_ioctl,
961 .compat_ioctl = vfio_fops_compat_ioctl,
963 .mmap = vfio_fops_mmap,
967 * VFIO Group fd, /dev/vfio/$GROUP
969 static void __vfio_group_unset_container(struct vfio_group *group)
971 struct vfio_container *container = group->container;
972 struct vfio_iommu_driver *driver;
974 down_write(&container->group_lock);
976 driver = container->iommu_driver;
978 driver->ops->detach_group(container->iommu_data,
981 group->container = NULL;
982 list_del(&group->container_next);
984 /* Detaching the last group deprivileges a container, remove iommu */
985 if (driver && list_empty(&container->group_list)) {
986 driver->ops->release(container->iommu_data);
987 module_put(driver->ops->owner);
988 container->iommu_driver = NULL;
989 container->iommu_data = NULL;
992 up_write(&container->group_lock);
994 vfio_container_put(container);
998 * VFIO_GROUP_UNSET_CONTAINER should fail if there are other users or
999 * if there was no container to unset. Since the ioctl is called on
1000 * the group, we know that still exists, therefore the only valid
1001 * transition here is 1->0.
1003 static int vfio_group_unset_container(struct vfio_group *group)
1005 int users = atomic_cmpxchg(&group->container_users, 1, 0);
1012 __vfio_group_unset_container(group);
1018 * When removing container users, anything that removes the last user
1019 * implicitly removes the group from the container. That is, if the
1020 * group file descriptor is closed, as well as any device file descriptors,
1021 * the group is free.
1023 static void vfio_group_try_dissolve_container(struct vfio_group *group)
1025 if (0 == atomic_dec_if_positive(&group->container_users))
1026 __vfio_group_unset_container(group);
1029 static int vfio_group_set_container(struct vfio_group *group, int container_fd)
1032 struct vfio_container *container;
1033 struct vfio_iommu_driver *driver;
1036 if (atomic_read(&group->container_users))
1039 f = fdget(container_fd);
1043 /* Sanity check, is this really our fd? */
1044 if (f.file->f_op != &vfio_fops) {
1049 container = f.file->private_data;
1050 WARN_ON(!container); /* fget ensures we don't race vfio_release */
1052 down_write(&container->group_lock);
1054 driver = container->iommu_driver;
1056 ret = driver->ops->attach_group(container->iommu_data,
1057 group->iommu_group);
1062 group->container = container;
1063 list_add(&group->container_next, &container->group_list);
1065 /* Get a reference on the container and mark a user within the group */
1066 vfio_container_get(container);
1067 atomic_inc(&group->container_users);
1070 up_write(&container->group_lock);
1075 static bool vfio_group_viable(struct vfio_group *group)
1077 return (iommu_group_for_each_dev(group->iommu_group,
1078 group, vfio_dev_viable) == 0);
1081 static const struct file_operations vfio_device_fops;
1083 static int vfio_group_get_device_fd(struct vfio_group *group, char *buf)
1085 struct vfio_device *device;
1089 if (0 == atomic_read(&group->container_users) ||
1090 !group->container->iommu_driver || !vfio_group_viable(group))
1093 mutex_lock(&group->device_lock);
1094 list_for_each_entry(device, &group->device_list, group_next) {
1095 if (strcmp(dev_name(device->dev), buf))
1098 ret = device->ops->open(device->device_data);
1102 * We can't use anon_inode_getfd() because we need to modify
1103 * the f_mode flags directly to allow more than just ioctls
1105 ret = get_unused_fd_flags(O_CLOEXEC);
1107 device->ops->release(device->device_data);
1111 filep = anon_inode_getfile("[vfio-device]", &vfio_device_fops,
1113 if (IS_ERR(filep)) {
1115 ret = PTR_ERR(filep);
1116 device->ops->release(device->device_data);
1121 * TODO: add an anon_inode interface to do this.
1122 * Appears to be missing by lack of need rather than
1123 * explicitly prevented. Now there's need.
1125 filep->f_mode |= (FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1127 vfio_device_get(device);
1128 atomic_inc(&group->container_users);
1130 fd_install(ret, filep);
1133 mutex_unlock(&group->device_lock);
1138 static long vfio_group_fops_unl_ioctl(struct file *filep,
1139 unsigned int cmd, unsigned long arg)
1141 struct vfio_group *group = filep->private_data;
1145 case VFIO_GROUP_GET_STATUS:
1147 struct vfio_group_status status;
1148 unsigned long minsz;
1150 minsz = offsetofend(struct vfio_group_status, flags);
1152 if (copy_from_user(&status, (void __user *)arg, minsz))
1155 if (status.argsz < minsz)
1160 if (vfio_group_viable(group))
1161 status.flags |= VFIO_GROUP_FLAGS_VIABLE;
1163 if (group->container)
1164 status.flags |= VFIO_GROUP_FLAGS_CONTAINER_SET;
1166 if (copy_to_user((void __user *)arg, &status, minsz))
1172 case VFIO_GROUP_SET_CONTAINER:
1176 if (get_user(fd, (int __user *)arg))
1182 ret = vfio_group_set_container(group, fd);
1185 case VFIO_GROUP_UNSET_CONTAINER:
1186 ret = vfio_group_unset_container(group);
1188 case VFIO_GROUP_GET_DEVICE_FD:
1192 buf = strndup_user((const char __user *)arg, PAGE_SIZE);
1194 return PTR_ERR(buf);
1196 ret = vfio_group_get_device_fd(group, buf);
1205 #ifdef CONFIG_COMPAT
1206 static long vfio_group_fops_compat_ioctl(struct file *filep,
1207 unsigned int cmd, unsigned long arg)
1209 arg = (unsigned long)compat_ptr(arg);
1210 return vfio_group_fops_unl_ioctl(filep, cmd, arg);
1212 #endif /* CONFIG_COMPAT */
1214 static int vfio_group_fops_open(struct inode *inode, struct file *filep)
1216 struct vfio_group *group;
1219 group = vfio_group_get_from_minor(iminor(inode));
1223 /* Do we need multiple instances of the group open? Seems not. */
1224 opened = atomic_cmpxchg(&group->opened, 0, 1);
1226 vfio_group_put(group);
1230 /* Is something still in use from a previous open? */
1231 if (group->container) {
1232 atomic_dec(&group->opened);
1233 vfio_group_put(group);
1237 filep->private_data = group;
1242 static int vfio_group_fops_release(struct inode *inode, struct file *filep)
1244 struct vfio_group *group = filep->private_data;
1246 filep->private_data = NULL;
1248 vfio_group_try_dissolve_container(group);
1250 atomic_dec(&group->opened);
1252 vfio_group_put(group);
1257 static const struct file_operations vfio_group_fops = {
1258 .owner = THIS_MODULE,
1259 .unlocked_ioctl = vfio_group_fops_unl_ioctl,
1260 #ifdef CONFIG_COMPAT
1261 .compat_ioctl = vfio_group_fops_compat_ioctl,
1263 .open = vfio_group_fops_open,
1264 .release = vfio_group_fops_release,
1270 static int vfio_device_fops_release(struct inode *inode, struct file *filep)
1272 struct vfio_device *device = filep->private_data;
1274 device->ops->release(device->device_data);
1276 vfio_group_try_dissolve_container(device->group);
1278 vfio_device_put(device);
1283 static long vfio_device_fops_unl_ioctl(struct file *filep,
1284 unsigned int cmd, unsigned long arg)
1286 struct vfio_device *device = filep->private_data;
1288 if (unlikely(!device->ops->ioctl))
1291 return device->ops->ioctl(device->device_data, cmd, arg);
1294 static ssize_t vfio_device_fops_read(struct file *filep, char __user *buf,
1295 size_t count, loff_t *ppos)
1297 struct vfio_device *device = filep->private_data;
1299 if (unlikely(!device->ops->read))
1302 return device->ops->read(device->device_data, buf, count, ppos);
1305 static ssize_t vfio_device_fops_write(struct file *filep,
1306 const char __user *buf,
1307 size_t count, loff_t *ppos)
1309 struct vfio_device *device = filep->private_data;
1311 if (unlikely(!device->ops->write))
1314 return device->ops->write(device->device_data, buf, count, ppos);
1317 static int vfio_device_fops_mmap(struct file *filep, struct vm_area_struct *vma)
1319 struct vfio_device *device = filep->private_data;
1321 if (unlikely(!device->ops->mmap))
1324 return device->ops->mmap(device->device_data, vma);
1327 #ifdef CONFIG_COMPAT
1328 static long vfio_device_fops_compat_ioctl(struct file *filep,
1329 unsigned int cmd, unsigned long arg)
1331 arg = (unsigned long)compat_ptr(arg);
1332 return vfio_device_fops_unl_ioctl(filep, cmd, arg);
1334 #endif /* CONFIG_COMPAT */
1336 static const struct file_operations vfio_device_fops = {
1337 .owner = THIS_MODULE,
1338 .release = vfio_device_fops_release,
1339 .read = vfio_device_fops_read,
1340 .write = vfio_device_fops_write,
1341 .unlocked_ioctl = vfio_device_fops_unl_ioctl,
1342 #ifdef CONFIG_COMPAT
1343 .compat_ioctl = vfio_device_fops_compat_ioctl,
1345 .mmap = vfio_device_fops_mmap,
1349 * External user API, exported by symbols to be linked dynamically.
1351 * The protocol includes:
1352 * 1. do normal VFIO init operation:
1353 * - opening a new container;
1354 * - attaching group(s) to it;
1355 * - setting an IOMMU driver for a container.
1356 * When IOMMU is set for a container, all groups in it are
1357 * considered ready to use by an external user.
1359 * 2. User space passes a group fd to an external user.
1360 * The external user calls vfio_group_get_external_user()
1362 * - the group is initialized;
1363 * - IOMMU is set for it.
1364 * If both checks passed, vfio_group_get_external_user()
1365 * increments the container user counter to prevent
1366 * the VFIO group from disposal before KVM exits.
1368 * 3. The external user calls vfio_external_user_iommu_id()
1369 * to know an IOMMU ID.
1371 * 4. When the external KVM finishes, it calls
1372 * vfio_group_put_external_user() to release the VFIO group.
1373 * This call decrements the container user counter.
1375 struct vfio_group *vfio_group_get_external_user(struct file *filep)
1377 struct vfio_group *group = filep->private_data;
1379 if (filep->f_op != &vfio_group_fops)
1380 return ERR_PTR(-EINVAL);
1382 if (!atomic_inc_not_zero(&group->container_users))
1383 return ERR_PTR(-EINVAL);
1385 if (!group->container->iommu_driver ||
1386 !vfio_group_viable(group)) {
1387 atomic_dec(&group->container_users);
1388 return ERR_PTR(-EINVAL);
1391 vfio_group_get(group);
1395 EXPORT_SYMBOL_GPL(vfio_group_get_external_user);
1397 void vfio_group_put_external_user(struct vfio_group *group)
1399 vfio_group_put(group);
1400 vfio_group_try_dissolve_container(group);
1402 EXPORT_SYMBOL_GPL(vfio_group_put_external_user);
1404 int vfio_external_user_iommu_id(struct vfio_group *group)
1406 return iommu_group_id(group->iommu_group);
1408 EXPORT_SYMBOL_GPL(vfio_external_user_iommu_id);
1410 long vfio_external_check_extension(struct vfio_group *group, unsigned long arg)
1412 return vfio_ioctl_check_extension(group->container, arg);
1414 EXPORT_SYMBOL_GPL(vfio_external_check_extension);
1417 * Module/class support
1419 static char *vfio_devnode(struct device *dev, umode_t *mode)
1421 return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
1424 static struct miscdevice vfio_dev = {
1425 .minor = VFIO_MINOR,
1428 .nodename = "vfio/vfio",
1429 .mode = S_IRUGO | S_IWUGO,
1432 static int __init vfio_init(void)
1436 idr_init(&vfio.group_idr);
1437 mutex_init(&vfio.group_lock);
1438 mutex_init(&vfio.iommu_drivers_lock);
1439 INIT_LIST_HEAD(&vfio.group_list);
1440 INIT_LIST_HEAD(&vfio.iommu_drivers_list);
1441 init_waitqueue_head(&vfio.release_q);
1443 ret = misc_register(&vfio_dev);
1445 pr_err("vfio: misc device register failed\n");
1449 /* /dev/vfio/$GROUP */
1450 vfio.class = class_create(THIS_MODULE, "vfio");
1451 if (IS_ERR(vfio.class)) {
1452 ret = PTR_ERR(vfio.class);
1456 vfio.class->devnode = vfio_devnode;
1458 ret = alloc_chrdev_region(&vfio.group_devt, 0, MINORMASK, "vfio");
1460 goto err_alloc_chrdev;
1462 cdev_init(&vfio.group_cdev, &vfio_group_fops);
1463 ret = cdev_add(&vfio.group_cdev, vfio.group_devt, MINORMASK);
1467 pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n");
1470 * Attempt to load known iommu-drivers. This gives us a working
1471 * environment without the user needing to explicitly load iommu
1474 request_module_nowait("vfio_iommu_type1");
1475 request_module_nowait("vfio_iommu_spapr_tce");
1480 unregister_chrdev_region(vfio.group_devt, MINORMASK);
1482 class_destroy(vfio.class);
1485 misc_deregister(&vfio_dev);
1489 static void __exit vfio_cleanup(void)
1491 WARN_ON(!list_empty(&vfio.group_list));
1493 idr_destroy(&vfio.group_idr);
1494 cdev_del(&vfio.group_cdev);
1495 unregister_chrdev_region(vfio.group_devt, MINORMASK);
1496 class_destroy(vfio.class);
1498 misc_deregister(&vfio_dev);
1501 module_init(vfio_init);
1502 module_exit(vfio_cleanup);
1504 MODULE_VERSION(DRIVER_VERSION);
1505 MODULE_LICENSE("GPL v2");
1506 MODULE_AUTHOR(DRIVER_AUTHOR);
1507 MODULE_DESCRIPTION(DRIVER_DESC);
1508 MODULE_ALIAS_MISCDEV(VFIO_MINOR);
1509 MODULE_ALIAS("devname:vfio/vfio");
projects / cascardo / linux.git / blob