1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Copyright (C) 2021 Intel Corporation 3 * Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES 4 * 5 * iommufd provides control over the IOMMU HW objects created by IOMMU kernel 6 * drivers. IOMMU HW objects revolve around IO page tables that map incoming DMA 7 * addresses (IOVA) to CPU addresses. 8 */ 9 #define pr_fmt(fmt) "iommufd: " fmt 10 11 #include <linux/bug.h> 12 #include <linux/file.h> 13 #include <linux/fs.h> 14 #include <linux/iommufd.h> 15 #include <linux/miscdevice.h> 16 #include <linux/module.h> 17 #include <linux/mutex.h> 18 #include <linux/slab.h> 19 #include <uapi/linux/iommufd.h> 20 21 #include "io_pagetable.h" 22 #include "iommufd_private.h" 23 #include "iommufd_test.h" 24 25 struct iommufd_object_ops { 26 void (*pre_destroy)(struct iommufd_object *obj); 27 void (*destroy)(struct iommufd_object *obj); 28 void (*abort)(struct iommufd_object *obj); 29 }; 30 static const struct iommufd_object_ops iommufd_object_ops[]; 31 static struct miscdevice vfio_misc_dev; 32 33 struct iommufd_object *_iommufd_object_alloc(struct iommufd_ctx *ictx, 34 size_t size, 35 enum iommufd_object_type type) 36 { 37 struct iommufd_object *obj; 38 int rc; 39 40 obj = kzalloc(size, GFP_KERNEL_ACCOUNT); 41 if (!obj) 42 return ERR_PTR(-ENOMEM); 43 obj->type = type; 44 /* Starts out bias'd by 1 until it is removed from the xarray */ 45 refcount_set(&obj->wait_cnt, 1); 46 refcount_set(&obj->users, 1); 47 48 /* 49 * Reserve an ID in the xarray but do not publish the pointer yet since 50 * the caller hasn't initialized it yet. Once the pointer is published 51 * in the xarray and visible to other threads we can't reliably destroy 52 * it anymore, so the caller must complete all errorable operations 53 * before calling iommufd_object_finalize(). 54 */ 55 rc = xa_alloc(&ictx->objects, &obj->id, XA_ZERO_ENTRY, xa_limit_31b, 56 GFP_KERNEL_ACCOUNT); 57 if (rc) 58 goto out_free; 59 return obj; 60 out_free: 61 kfree(obj); 62 return ERR_PTR(rc); 63 } 64 65 struct iommufd_object *_iommufd_object_alloc_ucmd(struct iommufd_ucmd *ucmd, 66 size_t size, 67 enum iommufd_object_type type) 68 { 69 struct iommufd_object *new_obj; 70 71 /* Something is coded wrong if this is hit */ 72 if (WARN_ON(ucmd->new_obj)) 73 return ERR_PTR(-EBUSY); 74 75 /* 76 * An abort op means that its caller needs to invoke it within a lock in 77 * the caller. So it doesn't work with _iommufd_object_alloc_ucmd() that 78 * will invoke the abort op in iommufd_object_abort_and_destroy(), which 79 * must be outside the caller's lock. 80 */ 81 if (WARN_ON(iommufd_object_ops[type].abort)) 82 return ERR_PTR(-EOPNOTSUPP); 83 84 new_obj = _iommufd_object_alloc(ucmd->ictx, size, type); 85 if (IS_ERR(new_obj)) 86 return new_obj; 87 88 ucmd->new_obj = new_obj; 89 return new_obj; 90 } 91 92 /* 93 * Allow concurrent access to the object. 94 * 95 * Once another thread can see the object pointer it can prevent object 96 * destruction. Expect for special kernel-only objects there is no in-kernel way 97 * to reliably destroy a single object. Thus all APIs that are creating objects 98 * must use iommufd_object_abort() to handle their errors and only call 99 * iommufd_object_finalize() once object creation cannot fail. 100 */ 101 void iommufd_object_finalize(struct iommufd_ctx *ictx, 102 struct iommufd_object *obj) 103 { 104 XA_STATE(xas, &ictx->objects, obj->id); 105 void *old; 106 107 xa_lock(&ictx->objects); 108 old = xas_store(&xas, obj); 109 xa_unlock(&ictx->objects); 110 /* obj->id was returned from xa_alloc() so the xas_store() cannot fail */ 111 WARN_ON(old != XA_ZERO_ENTRY); 112 } 113 114 /* Undo _iommufd_object_alloc() if iommufd_object_finalize() was not called */ 115 void iommufd_object_abort(struct iommufd_ctx *ictx, struct iommufd_object *obj) 116 { 117 XA_STATE(xas, &ictx->objects, obj->id); 118 void *old; 119 120 xa_lock(&ictx->objects); 121 old = xas_store(&xas, NULL); 122 xa_unlock(&ictx->objects); 123 WARN_ON(old != XA_ZERO_ENTRY); 124 kfree(obj); 125 } 126 127 /* 128 * Abort an object that has been fully initialized and needs destroy, but has 129 * not been finalized. 130 */ 131 void iommufd_object_abort_and_destroy(struct iommufd_ctx *ictx, 132 struct iommufd_object *obj) 133 { 134 if (iommufd_object_ops[obj->type].abort) 135 iommufd_object_ops[obj->type].abort(obj); 136 else 137 iommufd_object_ops[obj->type].destroy(obj); 138 iommufd_object_abort(ictx, obj); 139 } 140 141 struct iommufd_object *iommufd_get_object(struct iommufd_ctx *ictx, u32 id, 142 enum iommufd_object_type type) 143 { 144 struct iommufd_object *obj; 145 146 if (iommufd_should_fail()) 147 return ERR_PTR(-ENOENT); 148 149 xa_lock(&ictx->objects); 150 obj = xa_load(&ictx->objects, id); 151 if (!obj || (type != IOMMUFD_OBJ_ANY && obj->type != type) || 152 !iommufd_lock_obj(obj)) 153 obj = ERR_PTR(-ENOENT); 154 xa_unlock(&ictx->objects); 155 return obj; 156 } 157 158 static int iommufd_object_dec_wait(struct iommufd_ctx *ictx, 159 struct iommufd_object *to_destroy) 160 { 161 if (refcount_dec_and_test(&to_destroy->wait_cnt)) 162 return 0; 163 164 if (iommufd_object_ops[to_destroy->type].pre_destroy) 165 iommufd_object_ops[to_destroy->type].pre_destroy(to_destroy); 166 167 if (wait_event_timeout(ictx->destroy_wait, 168 refcount_read(&to_destroy->wait_cnt) == 0, 169 msecs_to_jiffies(60000))) 170 return 0; 171 172 pr_crit("Time out waiting for iommufd object to become free\n"); 173 refcount_inc(&to_destroy->wait_cnt); 174 return -EBUSY; 175 } 176 177 /* 178 * Remove the given object id from the xarray if the only reference to the 179 * object is held by the xarray. 180 */ 181 int iommufd_object_remove(struct iommufd_ctx *ictx, 182 struct iommufd_object *to_destroy, u32 id, 183 unsigned int flags) 184 { 185 struct iommufd_object *obj; 186 XA_STATE(xas, &ictx->objects, id); 187 bool zerod_wait_cnt = false; 188 int ret; 189 190 /* 191 * The purpose of the wait_cnt is to ensure deterministic destruction 192 * of objects used by external drivers and destroyed by this function. 193 * Incrementing this wait_cnt should either be short lived, such as 194 * during ioctl execution, or be revoked and blocked during 195 * pre_destroy(), such as vdev holding the idev's refcount. 196 */ 197 if (flags & REMOVE_WAIT) { 198 ret = iommufd_object_dec_wait(ictx, to_destroy); 199 if (ret) { 200 /* 201 * We have a bug. Put back the callers reference and 202 * defer cleaning this object until close. 203 */ 204 refcount_dec(&to_destroy->users); 205 return ret; 206 } 207 zerod_wait_cnt = true; 208 } 209 210 xa_lock(&ictx->objects); 211 obj = xas_load(&xas); 212 if (to_destroy) { 213 /* 214 * If the caller is holding a ref on obj we put it here under 215 * the spinlock. 216 */ 217 refcount_dec(&obj->users); 218 219 if (WARN_ON(obj != to_destroy)) { 220 ret = -ENOENT; 221 goto err_xa; 222 } 223 } else if (xa_is_zero(obj) || !obj) { 224 ret = -ENOENT; 225 goto err_xa; 226 } 227 228 if (!refcount_dec_if_one(&obj->users)) { 229 ret = -EBUSY; 230 goto err_xa; 231 } 232 233 xas_store(&xas, (flags & REMOVE_OBJ_TOMBSTONE) ? XA_ZERO_ENTRY : NULL); 234 if (ictx->vfio_ioas == container_of(obj, struct iommufd_ioas, obj)) 235 ictx->vfio_ioas = NULL; 236 xa_unlock(&ictx->objects); 237 238 /* 239 * Since users is zero any positive wait_cnt must be racing 240 * iommufd_put_object(), or we have a bug. 241 */ 242 if (!zerod_wait_cnt) { 243 ret = iommufd_object_dec_wait(ictx, obj); 244 if (WARN_ON(ret)) 245 return ret; 246 } 247 248 iommufd_object_ops[obj->type].destroy(obj); 249 kfree(obj); 250 return 0; 251 252 err_xa: 253 if (zerod_wait_cnt) { 254 /* Restore the xarray owned reference */ 255 refcount_set(&obj->wait_cnt, 1); 256 } 257 xa_unlock(&ictx->objects); 258 259 /* The returned object reference count is zero */ 260 return ret; 261 } 262 263 static int iommufd_destroy(struct iommufd_ucmd *ucmd) 264 { 265 struct iommu_destroy *cmd = ucmd->cmd; 266 267 return iommufd_object_remove(ucmd->ictx, NULL, cmd->id, 0); 268 } 269 270 static int iommufd_fops_open(struct inode *inode, struct file *filp) 271 { 272 struct iommufd_ctx *ictx; 273 274 ictx = kzalloc(sizeof(*ictx), GFP_KERNEL_ACCOUNT); 275 if (!ictx) 276 return -ENOMEM; 277 278 /* 279 * For compatibility with VFIO when /dev/vfio/vfio is opened we default 280 * to the same rlimit accounting as vfio uses. 281 */ 282 if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER) && 283 filp->private_data == &vfio_misc_dev) { 284 ictx->account_mode = IOPT_PAGES_ACCOUNT_MM; 285 pr_info_once("IOMMUFD is providing /dev/vfio/vfio, not VFIO.\n"); 286 } 287 288 init_rwsem(&ictx->ioas_creation_lock); 289 xa_init_flags(&ictx->objects, XA_FLAGS_ALLOC1 | XA_FLAGS_ACCOUNT); 290 xa_init(&ictx->groups); 291 ictx->file = filp; 292 mt_init_flags(&ictx->mt_mmap, MT_FLAGS_ALLOC_RANGE); 293 init_waitqueue_head(&ictx->destroy_wait); 294 mutex_init(&ictx->sw_msi_lock); 295 INIT_LIST_HEAD(&ictx->sw_msi_list); 296 filp->private_data = ictx; 297 return 0; 298 } 299 300 static int iommufd_fops_release(struct inode *inode, struct file *filp) 301 { 302 struct iommufd_ctx *ictx = filp->private_data; 303 struct iommufd_sw_msi_map *next; 304 struct iommufd_sw_msi_map *cur; 305 struct iommufd_object *obj; 306 307 /* 308 * The objects in the xarray form a graph of "users" counts, and we have 309 * to destroy them in a depth first manner. Leaf objects will reduce the 310 * users count of interior objects when they are destroyed. 311 * 312 * Repeatedly destroying all the "1 users" leaf objects will progress 313 * until the entire list is destroyed. If this can't progress then there 314 * is some bug related to object refcounting. 315 */ 316 while (!xa_empty(&ictx->objects)) { 317 unsigned int destroyed = 0; 318 unsigned long index; 319 bool empty = true; 320 321 /* 322 * We can't use xa_empty() to end the loop as the tombstones 323 * are stored as XA_ZERO_ENTRY in the xarray. However 324 * xa_for_each() automatically converts them to NULL and skips 325 * them causing xa_empty() to be kept false. Thus once 326 * xa_for_each() finds no further !NULL entries the loop is 327 * done. 328 */ 329 xa_for_each(&ictx->objects, index, obj) { 330 empty = false; 331 if (!refcount_dec_if_one(&obj->users)) 332 continue; 333 334 destroyed++; 335 xa_erase(&ictx->objects, index); 336 iommufd_object_ops[obj->type].destroy(obj); 337 kfree(obj); 338 } 339 340 if (empty) 341 break; 342 343 /* Bug related to users refcount */ 344 if (WARN_ON(!destroyed)) 345 break; 346 } 347 348 /* 349 * There may be some tombstones left over from 350 * iommufd_object_tombstone_user() 351 */ 352 xa_destroy(&ictx->objects); 353 354 WARN_ON(!xa_empty(&ictx->groups)); 355 356 mutex_destroy(&ictx->sw_msi_lock); 357 list_for_each_entry_safe(cur, next, &ictx->sw_msi_list, sw_msi_item) 358 kfree(cur); 359 360 kfree(ictx); 361 return 0; 362 } 363 364 static int iommufd_option(struct iommufd_ucmd *ucmd) 365 { 366 struct iommu_option *cmd = ucmd->cmd; 367 int rc; 368 369 if (cmd->__reserved) 370 return -EOPNOTSUPP; 371 372 switch (cmd->option_id) { 373 case IOMMU_OPTION_RLIMIT_MODE: 374 rc = iommufd_option_rlimit_mode(cmd, ucmd->ictx); 375 break; 376 case IOMMU_OPTION_HUGE_PAGES: 377 rc = iommufd_ioas_option(ucmd); 378 break; 379 default: 380 return -EOPNOTSUPP; 381 } 382 if (rc) 383 return rc; 384 if (copy_to_user(&((struct iommu_option __user *)ucmd->ubuffer)->val64, 385 &cmd->val64, sizeof(cmd->val64))) 386 return -EFAULT; 387 return 0; 388 } 389 390 union ucmd_buffer { 391 struct iommu_destroy destroy; 392 struct iommu_fault_alloc fault; 393 struct iommu_hw_info info; 394 struct iommu_hw_queue_alloc hw_queue; 395 struct iommu_hwpt_alloc hwpt; 396 struct iommu_hwpt_get_dirty_bitmap get_dirty_bitmap; 397 struct iommu_hwpt_invalidate cache; 398 struct iommu_hwpt_set_dirty_tracking set_dirty_tracking; 399 struct iommu_ioas_alloc alloc; 400 struct iommu_ioas_allow_iovas allow_iovas; 401 struct iommu_ioas_copy ioas_copy; 402 struct iommu_ioas_iova_ranges iova_ranges; 403 struct iommu_ioas_map map; 404 struct iommu_ioas_unmap unmap; 405 struct iommu_option option; 406 struct iommu_vdevice_alloc vdev; 407 struct iommu_veventq_alloc veventq; 408 struct iommu_vfio_ioas vfio_ioas; 409 struct iommu_viommu_alloc viommu; 410 #ifdef CONFIG_IOMMUFD_TEST 411 struct iommu_test_cmd test; 412 #endif 413 }; 414 415 struct iommufd_ioctl_op { 416 unsigned int size; 417 unsigned int min_size; 418 unsigned int ioctl_num; 419 int (*execute)(struct iommufd_ucmd *ucmd); 420 }; 421 422 #define IOCTL_OP(_ioctl, _fn, _struct, _last) \ 423 [_IOC_NR(_ioctl) - IOMMUFD_CMD_BASE] = { \ 424 .size = sizeof(_struct) + \ 425 BUILD_BUG_ON_ZERO(sizeof(union ucmd_buffer) < \ 426 sizeof(_struct)), \ 427 .min_size = offsetofend(_struct, _last), \ 428 .ioctl_num = _ioctl, \ 429 .execute = _fn, \ 430 } 431 static const struct iommufd_ioctl_op iommufd_ioctl_ops[] = { 432 IOCTL_OP(IOMMU_DESTROY, iommufd_destroy, struct iommu_destroy, id), 433 IOCTL_OP(IOMMU_FAULT_QUEUE_ALLOC, iommufd_fault_alloc, 434 struct iommu_fault_alloc, out_fault_fd), 435 IOCTL_OP(IOMMU_GET_HW_INFO, iommufd_get_hw_info, struct iommu_hw_info, 436 __reserved), 437 IOCTL_OP(IOMMU_HW_QUEUE_ALLOC, iommufd_hw_queue_alloc_ioctl, 438 struct iommu_hw_queue_alloc, length), 439 IOCTL_OP(IOMMU_HWPT_ALLOC, iommufd_hwpt_alloc, struct iommu_hwpt_alloc, 440 __reserved), 441 IOCTL_OP(IOMMU_HWPT_GET_DIRTY_BITMAP, iommufd_hwpt_get_dirty_bitmap, 442 struct iommu_hwpt_get_dirty_bitmap, data), 443 IOCTL_OP(IOMMU_HWPT_INVALIDATE, iommufd_hwpt_invalidate, 444 struct iommu_hwpt_invalidate, __reserved), 445 IOCTL_OP(IOMMU_HWPT_SET_DIRTY_TRACKING, iommufd_hwpt_set_dirty_tracking, 446 struct iommu_hwpt_set_dirty_tracking, __reserved), 447 IOCTL_OP(IOMMU_IOAS_ALLOC, iommufd_ioas_alloc_ioctl, 448 struct iommu_ioas_alloc, out_ioas_id), 449 IOCTL_OP(IOMMU_IOAS_ALLOW_IOVAS, iommufd_ioas_allow_iovas, 450 struct iommu_ioas_allow_iovas, allowed_iovas), 451 IOCTL_OP(IOMMU_IOAS_CHANGE_PROCESS, iommufd_ioas_change_process, 452 struct iommu_ioas_change_process, __reserved), 453 IOCTL_OP(IOMMU_IOAS_COPY, iommufd_ioas_copy, struct iommu_ioas_copy, 454 src_iova), 455 IOCTL_OP(IOMMU_IOAS_IOVA_RANGES, iommufd_ioas_iova_ranges, 456 struct iommu_ioas_iova_ranges, out_iova_alignment), 457 IOCTL_OP(IOMMU_IOAS_MAP, iommufd_ioas_map, struct iommu_ioas_map, iova), 458 IOCTL_OP(IOMMU_IOAS_MAP_FILE, iommufd_ioas_map_file, 459 struct iommu_ioas_map_file, iova), 460 IOCTL_OP(IOMMU_IOAS_UNMAP, iommufd_ioas_unmap, struct iommu_ioas_unmap, 461 length), 462 IOCTL_OP(IOMMU_OPTION, iommufd_option, struct iommu_option, val64), 463 IOCTL_OP(IOMMU_VDEVICE_ALLOC, iommufd_vdevice_alloc_ioctl, 464 struct iommu_vdevice_alloc, virt_id), 465 IOCTL_OP(IOMMU_VEVENTQ_ALLOC, iommufd_veventq_alloc, 466 struct iommu_veventq_alloc, out_veventq_fd), 467 IOCTL_OP(IOMMU_VFIO_IOAS, iommufd_vfio_ioas, struct iommu_vfio_ioas, 468 __reserved), 469 IOCTL_OP(IOMMU_VIOMMU_ALLOC, iommufd_viommu_alloc_ioctl, 470 struct iommu_viommu_alloc, out_viommu_id), 471 #ifdef CONFIG_IOMMUFD_TEST 472 IOCTL_OP(IOMMU_TEST_CMD, iommufd_test, struct iommu_test_cmd, last), 473 #endif 474 }; 475 476 static long iommufd_fops_ioctl(struct file *filp, unsigned int cmd, 477 unsigned long arg) 478 { 479 struct iommufd_ctx *ictx = filp->private_data; 480 const struct iommufd_ioctl_op *op; 481 struct iommufd_ucmd ucmd = {}; 482 union ucmd_buffer buf; 483 unsigned int nr; 484 int ret; 485 486 nr = _IOC_NR(cmd); 487 if (nr < IOMMUFD_CMD_BASE || 488 (nr - IOMMUFD_CMD_BASE) >= ARRAY_SIZE(iommufd_ioctl_ops)) 489 return iommufd_vfio_ioctl(ictx, cmd, arg); 490 491 ucmd.ictx = ictx; 492 ucmd.ubuffer = (void __user *)arg; 493 ret = get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer); 494 if (ret) 495 return ret; 496 497 op = &iommufd_ioctl_ops[nr - IOMMUFD_CMD_BASE]; 498 if (op->ioctl_num != cmd) 499 return -ENOIOCTLCMD; 500 if (ucmd.user_size < op->min_size) 501 return -EINVAL; 502 503 ucmd.cmd = &buf; 504 ret = copy_struct_from_user(ucmd.cmd, op->size, ucmd.ubuffer, 505 ucmd.user_size); 506 if (ret) 507 return ret; 508 ret = op->execute(&ucmd); 509 510 if (ucmd.new_obj) { 511 if (ret) 512 iommufd_object_abort_and_destroy(ictx, ucmd.new_obj); 513 else 514 iommufd_object_finalize(ictx, ucmd.new_obj); 515 } 516 return ret; 517 } 518 519 static void iommufd_fops_vma_open(struct vm_area_struct *vma) 520 { 521 struct iommufd_mmap *immap = vma->vm_private_data; 522 523 refcount_inc(&immap->owner->users); 524 } 525 526 static void iommufd_fops_vma_close(struct vm_area_struct *vma) 527 { 528 struct iommufd_mmap *immap = vma->vm_private_data; 529 530 refcount_dec(&immap->owner->users); 531 } 532 533 static const struct vm_operations_struct iommufd_vma_ops = { 534 .open = iommufd_fops_vma_open, 535 .close = iommufd_fops_vma_close, 536 }; 537 538 /* The vm_pgoff must be pre-allocated from mt_mmap, and given to user space */ 539 static int iommufd_fops_mmap(struct file *filp, struct vm_area_struct *vma) 540 { 541 struct iommufd_ctx *ictx = filp->private_data; 542 size_t length = vma->vm_end - vma->vm_start; 543 struct iommufd_mmap *immap; 544 int rc; 545 546 if (!PAGE_ALIGNED(length)) 547 return -EINVAL; 548 if (!(vma->vm_flags & VM_SHARED)) 549 return -EINVAL; 550 if (vma->vm_flags & VM_EXEC) 551 return -EPERM; 552 553 /* vma->vm_pgoff carries a page-shifted start position to an immap */ 554 immap = mtree_load(&ictx->mt_mmap, vma->vm_pgoff << PAGE_SHIFT); 555 if (!immap) 556 return -ENXIO; 557 /* 558 * mtree_load() returns the immap for any contained mmio_addr, so only 559 * allow the exact immap thing to be mapped 560 */ 561 if (vma->vm_pgoff != immap->vm_pgoff || length != immap->length) 562 return -ENXIO; 563 564 vma->vm_pgoff = 0; 565 vma->vm_private_data = immap; 566 vma->vm_ops = &iommufd_vma_ops; 567 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 568 569 rc = io_remap_pfn_range(vma, vma->vm_start, 570 immap->mmio_addr >> PAGE_SHIFT, length, 571 vma->vm_page_prot); 572 if (rc) 573 return rc; 574 575 /* vm_ops.open won't be called for mmap itself. */ 576 refcount_inc(&immap->owner->users); 577 return rc; 578 } 579 580 static const struct file_operations iommufd_fops = { 581 .owner = THIS_MODULE, 582 .open = iommufd_fops_open, 583 .release = iommufd_fops_release, 584 .unlocked_ioctl = iommufd_fops_ioctl, 585 .mmap = iommufd_fops_mmap, 586 }; 587 588 /** 589 * iommufd_ctx_get - Get a context reference 590 * @ictx: Context to get 591 * 592 * The caller must already hold a valid reference to ictx. 593 */ 594 void iommufd_ctx_get(struct iommufd_ctx *ictx) 595 { 596 get_file(ictx->file); 597 } 598 EXPORT_SYMBOL_NS_GPL(iommufd_ctx_get, "IOMMUFD"); 599 600 /** 601 * iommufd_ctx_from_file - Acquires a reference to the iommufd context 602 * @file: File to obtain the reference from 603 * 604 * Returns a pointer to the iommufd_ctx, otherwise ERR_PTR. The struct file 605 * remains owned by the caller and the caller must still do fput. On success 606 * the caller is responsible to call iommufd_ctx_put(). 607 */ 608 struct iommufd_ctx *iommufd_ctx_from_file(struct file *file) 609 { 610 struct iommufd_ctx *ictx; 611 612 if (file->f_op != &iommufd_fops) 613 return ERR_PTR(-EBADFD); 614 ictx = file->private_data; 615 iommufd_ctx_get(ictx); 616 return ictx; 617 } 618 EXPORT_SYMBOL_NS_GPL(iommufd_ctx_from_file, "IOMMUFD"); 619 620 /** 621 * iommufd_ctx_from_fd - Acquires a reference to the iommufd context 622 * @fd: File descriptor to obtain the reference from 623 * 624 * Returns a pointer to the iommufd_ctx, otherwise ERR_PTR. On success 625 * the caller is responsible to call iommufd_ctx_put(). 626 */ 627 struct iommufd_ctx *iommufd_ctx_from_fd(int fd) 628 { 629 struct file *file; 630 631 file = fget(fd); 632 if (!file) 633 return ERR_PTR(-EBADF); 634 635 if (file->f_op != &iommufd_fops) { 636 fput(file); 637 return ERR_PTR(-EBADFD); 638 } 639 /* fget is the same as iommufd_ctx_get() */ 640 return file->private_data; 641 } 642 EXPORT_SYMBOL_NS_GPL(iommufd_ctx_from_fd, "IOMMUFD"); 643 644 /** 645 * iommufd_ctx_put - Put back a reference 646 * @ictx: Context to put back 647 */ 648 void iommufd_ctx_put(struct iommufd_ctx *ictx) 649 { 650 fput(ictx->file); 651 } 652 EXPORT_SYMBOL_NS_GPL(iommufd_ctx_put, "IOMMUFD"); 653 654 static const struct iommufd_object_ops iommufd_object_ops[] = { 655 [IOMMUFD_OBJ_ACCESS] = { 656 .destroy = iommufd_access_destroy_object, 657 }, 658 [IOMMUFD_OBJ_DEVICE] = { 659 .pre_destroy = iommufd_device_pre_destroy, 660 .destroy = iommufd_device_destroy, 661 }, 662 [IOMMUFD_OBJ_FAULT] = { 663 .destroy = iommufd_fault_destroy, 664 }, 665 [IOMMUFD_OBJ_HW_QUEUE] = { 666 .destroy = iommufd_hw_queue_destroy, 667 }, 668 [IOMMUFD_OBJ_HWPT_PAGING] = { 669 .destroy = iommufd_hwpt_paging_destroy, 670 .abort = iommufd_hwpt_paging_abort, 671 }, 672 [IOMMUFD_OBJ_HWPT_NESTED] = { 673 .destroy = iommufd_hwpt_nested_destroy, 674 .abort = iommufd_hwpt_nested_abort, 675 }, 676 [IOMMUFD_OBJ_IOAS] = { 677 .destroy = iommufd_ioas_destroy, 678 }, 679 [IOMMUFD_OBJ_VDEVICE] = { 680 .destroy = iommufd_vdevice_destroy, 681 .abort = iommufd_vdevice_abort, 682 }, 683 [IOMMUFD_OBJ_VEVENTQ] = { 684 .destroy = iommufd_veventq_destroy, 685 .abort = iommufd_veventq_abort, 686 }, 687 [IOMMUFD_OBJ_VIOMMU] = { 688 .destroy = iommufd_viommu_destroy, 689 }, 690 #ifdef CONFIG_IOMMUFD_TEST 691 [IOMMUFD_OBJ_SELFTEST] = { 692 .destroy = iommufd_selftest_destroy, 693 }, 694 #endif 695 }; 696 697 static struct miscdevice iommu_misc_dev = { 698 .minor = MISC_DYNAMIC_MINOR, 699 .name = "iommu", 700 .fops = &iommufd_fops, 701 .nodename = "iommu", 702 .mode = 0660, 703 }; 704 705 static struct miscdevice vfio_misc_dev = { 706 .minor = VFIO_MINOR, 707 .name = "vfio", 708 .fops = &iommufd_fops, 709 .nodename = "vfio/vfio", 710 .mode = 0666, 711 }; 712 713 static int __init iommufd_init(void) 714 { 715 int ret; 716 717 ret = misc_register(&iommu_misc_dev); 718 if (ret) 719 return ret; 720 721 if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER)) { 722 ret = misc_register(&vfio_misc_dev); 723 if (ret) 724 goto err_misc; 725 } 726 ret = iommufd_test_init(); 727 if (ret) 728 goto err_vfio_misc; 729 return 0; 730 731 err_vfio_misc: 732 if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER)) 733 misc_deregister(&vfio_misc_dev); 734 err_misc: 735 misc_deregister(&iommu_misc_dev); 736 return ret; 737 } 738 739 static void __exit iommufd_exit(void) 740 { 741 iommufd_test_exit(); 742 if (IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER)) 743 misc_deregister(&vfio_misc_dev); 744 misc_deregister(&iommu_misc_dev); 745 } 746 747 module_init(iommufd_init); 748 module_exit(iommufd_exit); 749 750 #if IS_ENABLED(CONFIG_IOMMUFD_VFIO_CONTAINER) 751 MODULE_ALIAS_MISCDEV(VFIO_MINOR); 752 MODULE_ALIAS("devname:vfio/vfio"); 753 #endif 754 MODULE_IMPORT_NS("IOMMUFD_INTERNAL"); 755 MODULE_IMPORT_NS("IOMMUFD"); 756 MODULE_DESCRIPTION("I/O Address Space Management for passthrough devices"); 757 MODULE_LICENSE("GPL"); 758