xref: /linux/drivers/vhost/vdpa.c (revision 300a0cfe9f375b2843bcb331bcfa7503475ef5dd)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2018-2020 Intel Corporation.
4  * Copyright (C) 2020 Red Hat, Inc.
5  *
6  * Author: Tiwei Bie <tiwei.bie@intel.com>
7  *         Jason Wang <jasowang@redhat.com>
8  *
9  * Thanks Michael S. Tsirkin for the valuable comments and
10  * suggestions.  And thanks to Cunming Liang and Zhihong Wang for all
11  * their supports.
12  */
13 
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/cdev.h>
17 #include <linux/device.h>
18 #include <linux/mm.h>
19 #include <linux/slab.h>
20 #include <linux/iommu.h>
21 #include <linux/uuid.h>
22 #include <linux/vdpa.h>
23 #include <linux/nospec.h>
24 #include <linux/vhost.h>
25 
26 #include "vhost.h"
27 
28 enum {
29 	VHOST_VDPA_BACKEND_FEATURES =
30 	(1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2) |
31 	(1ULL << VHOST_BACKEND_F_IOTLB_BATCH) |
32 	(1ULL << VHOST_BACKEND_F_IOTLB_ASID),
33 };
34 
35 #define VHOST_VDPA_DEV_MAX (1U << MINORBITS)
36 
37 #define VHOST_VDPA_IOTLB_BUCKETS 16
38 
39 struct vhost_vdpa_as {
40 	struct hlist_node hash_link;
41 	struct vhost_iotlb iotlb;
42 	u32 id;
43 };
44 
45 struct vhost_vdpa {
46 	struct vhost_dev vdev;
47 	struct iommu_domain *domain;
48 	struct vhost_virtqueue *vqs;
49 	struct completion completion;
50 	struct vdpa_device *vdpa;
51 	struct hlist_head as[VHOST_VDPA_IOTLB_BUCKETS];
52 	struct device dev;
53 	struct cdev cdev;
54 	atomic_t opened;
55 	u32 nvqs;
56 	int virtio_id;
57 	int minor;
58 	struct eventfd_ctx *config_ctx;
59 	int in_batch;
60 	struct vdpa_iova_range range;
61 	u32 batch_asid;
62 	bool suspended;
63 };
64 
65 static DEFINE_IDA(vhost_vdpa_ida);
66 
67 static dev_t vhost_vdpa_major;
68 
69 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
70 				   struct vhost_iotlb *iotlb, u64 start,
71 				   u64 last, u32 asid);
72 
73 static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb)
74 {
75 	struct vhost_vdpa_as *as = container_of(iotlb, struct
76 						vhost_vdpa_as, iotlb);
77 	return as->id;
78 }
79 
80 static struct vhost_vdpa_as *asid_to_as(struct vhost_vdpa *v, u32 asid)
81 {
82 	struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
83 	struct vhost_vdpa_as *as;
84 
85 	hlist_for_each_entry(as, head, hash_link)
86 		if (as->id == asid)
87 			return as;
88 
89 	return NULL;
90 }
91 
92 static struct vhost_iotlb *asid_to_iotlb(struct vhost_vdpa *v, u32 asid)
93 {
94 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
95 
96 	if (!as)
97 		return NULL;
98 
99 	return &as->iotlb;
100 }
101 
102 static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid)
103 {
104 	struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
105 	struct vhost_vdpa_as *as;
106 
107 	if (asid_to_as(v, asid))
108 		return NULL;
109 
110 	if (asid >= v->vdpa->nas)
111 		return NULL;
112 
113 	as = kmalloc(sizeof(*as), GFP_KERNEL);
114 	if (!as)
115 		return NULL;
116 
117 	vhost_iotlb_init(&as->iotlb, 0, 0);
118 	as->id = asid;
119 	hlist_add_head(&as->hash_link, head);
120 
121 	return as;
122 }
123 
124 static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v,
125 						      u32 asid)
126 {
127 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
128 
129 	if (as)
130 		return as;
131 
132 	return vhost_vdpa_alloc_as(v, asid);
133 }
134 
135 static void vhost_vdpa_reset_map(struct vhost_vdpa *v, u32 asid)
136 {
137 	struct vdpa_device *vdpa = v->vdpa;
138 	const struct vdpa_config_ops *ops = vdpa->config;
139 
140 	if (ops->reset_map)
141 		ops->reset_map(vdpa, asid);
142 }
143 
144 static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid)
145 {
146 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
147 
148 	if (!as)
149 		return -EINVAL;
150 
151 	hlist_del(&as->hash_link);
152 	vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid);
153 	/*
154 	 * Devices with vendor specific IOMMU may need to restore
155 	 * iotlb to the initial or default state, which cannot be
156 	 * cleaned up in the all range unmap call above. Give them
157 	 * a chance to clean up or reset the map to the desired
158 	 * state.
159 	 */
160 	vhost_vdpa_reset_map(v, asid);
161 	kfree(as);
162 
163 	return 0;
164 }
165 
166 static void handle_vq_kick(struct vhost_work *work)
167 {
168 	struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
169 						  poll.work);
170 	struct vhost_vdpa *v = container_of(vq->dev, struct vhost_vdpa, vdev);
171 	const struct vdpa_config_ops *ops = v->vdpa->config;
172 
173 	ops->kick_vq(v->vdpa, vq - v->vqs);
174 }
175 
176 static irqreturn_t vhost_vdpa_virtqueue_cb(void *private)
177 {
178 	struct vhost_virtqueue *vq = private;
179 	struct eventfd_ctx *call_ctx = vq->call_ctx.ctx;
180 
181 	if (call_ctx)
182 		eventfd_signal(call_ctx);
183 
184 	return IRQ_HANDLED;
185 }
186 
187 static irqreturn_t vhost_vdpa_config_cb(void *private)
188 {
189 	struct vhost_vdpa *v = private;
190 	struct eventfd_ctx *config_ctx = v->config_ctx;
191 
192 	if (config_ctx)
193 		eventfd_signal(config_ctx);
194 
195 	return IRQ_HANDLED;
196 }
197 
198 static void vhost_vdpa_setup_vq_irq(struct vhost_vdpa *v, u16 qid)
199 {
200 	struct vhost_virtqueue *vq = &v->vqs[qid];
201 	const struct vdpa_config_ops *ops = v->vdpa->config;
202 	struct vdpa_device *vdpa = v->vdpa;
203 	int ret, irq;
204 
205 	if (!ops->get_vq_irq)
206 		return;
207 
208 	irq = ops->get_vq_irq(vdpa, qid);
209 	if (irq < 0)
210 		return;
211 
212 	if (!vq->call_ctx.ctx)
213 		return;
214 
215 	ret = irq_bypass_register_producer(&vq->call_ctx.producer,
216 					   vq->call_ctx.ctx, irq);
217 	if (unlikely(ret))
218 		dev_info(&v->dev, "vq %u, irq bypass producer (eventfd %p) registration fails, ret =  %d\n",
219 			 qid, vq->call_ctx.ctx, ret);
220 }
221 
222 static void vhost_vdpa_unsetup_vq_irq(struct vhost_vdpa *v, u16 qid)
223 {
224 	struct vhost_virtqueue *vq = &v->vqs[qid];
225 
226 	irq_bypass_unregister_producer(&vq->call_ctx.producer);
227 }
228 
229 static int _compat_vdpa_reset(struct vhost_vdpa *v)
230 {
231 	struct vdpa_device *vdpa = v->vdpa;
232 	u32 flags = 0;
233 
234 	v->suspended = false;
235 
236 	if (v->vdev.vqs) {
237 		flags |= !vhost_backend_has_feature(v->vdev.vqs[0],
238 						    VHOST_BACKEND_F_IOTLB_PERSIST) ?
239 			 VDPA_RESET_F_CLEAN_MAP : 0;
240 	}
241 
242 	return vdpa_reset(vdpa, flags);
243 }
244 
245 static int vhost_vdpa_reset(struct vhost_vdpa *v)
246 {
247 	v->in_batch = 0;
248 	return _compat_vdpa_reset(v);
249 }
250 
251 static long vhost_vdpa_bind_mm(struct vhost_vdpa *v)
252 {
253 	struct vdpa_device *vdpa = v->vdpa;
254 	const struct vdpa_config_ops *ops = vdpa->config;
255 
256 	if (!vdpa->use_va || !ops->bind_mm)
257 		return 0;
258 
259 	return ops->bind_mm(vdpa, v->vdev.mm);
260 }
261 
262 static void vhost_vdpa_unbind_mm(struct vhost_vdpa *v)
263 {
264 	struct vdpa_device *vdpa = v->vdpa;
265 	const struct vdpa_config_ops *ops = vdpa->config;
266 
267 	if (!vdpa->use_va || !ops->unbind_mm)
268 		return;
269 
270 	ops->unbind_mm(vdpa);
271 }
272 
273 static long vhost_vdpa_get_device_id(struct vhost_vdpa *v, u8 __user *argp)
274 {
275 	struct vdpa_device *vdpa = v->vdpa;
276 	const struct vdpa_config_ops *ops = vdpa->config;
277 	u32 device_id;
278 
279 	device_id = ops->get_device_id(vdpa);
280 
281 	if (copy_to_user(argp, &device_id, sizeof(device_id)))
282 		return -EFAULT;
283 
284 	return 0;
285 }
286 
287 static long vhost_vdpa_get_status(struct vhost_vdpa *v, u8 __user *statusp)
288 {
289 	struct vdpa_device *vdpa = v->vdpa;
290 	const struct vdpa_config_ops *ops = vdpa->config;
291 	u8 status;
292 
293 	status = ops->get_status(vdpa);
294 
295 	if (copy_to_user(statusp, &status, sizeof(status)))
296 		return -EFAULT;
297 
298 	return 0;
299 }
300 
301 static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
302 {
303 	struct vdpa_device *vdpa = v->vdpa;
304 	const struct vdpa_config_ops *ops = vdpa->config;
305 	u8 status, status_old;
306 	u32 nvqs = v->nvqs;
307 	int ret;
308 	u16 i;
309 
310 	if (copy_from_user(&status, statusp, sizeof(status)))
311 		return -EFAULT;
312 
313 	status_old = ops->get_status(vdpa);
314 
315 	/*
316 	 * Userspace shouldn't remove status bits unless reset the
317 	 * status to 0.
318 	 */
319 	if (status != 0 && (status_old & ~status) != 0)
320 		return -EINVAL;
321 
322 	if ((status_old & VIRTIO_CONFIG_S_DRIVER_OK) && !(status & VIRTIO_CONFIG_S_DRIVER_OK))
323 		for (i = 0; i < nvqs; i++)
324 			vhost_vdpa_unsetup_vq_irq(v, i);
325 
326 	if (status == 0) {
327 		ret = _compat_vdpa_reset(v);
328 		if (ret)
329 			return ret;
330 	} else
331 		vdpa_set_status(vdpa, status);
332 
333 	if ((status & VIRTIO_CONFIG_S_DRIVER_OK) && !(status_old & VIRTIO_CONFIG_S_DRIVER_OK))
334 		for (i = 0; i < nvqs; i++)
335 			vhost_vdpa_setup_vq_irq(v, i);
336 
337 	return 0;
338 }
339 
340 static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
341 				      struct vhost_vdpa_config *c)
342 {
343 	struct vdpa_device *vdpa = v->vdpa;
344 	size_t size = vdpa->config->get_config_size(vdpa);
345 
346 	if (c->len == 0 || c->off > size)
347 		return -EINVAL;
348 
349 	if (c->len > size - c->off)
350 		return -E2BIG;
351 
352 	return 0;
353 }
354 
355 static long vhost_vdpa_get_config(struct vhost_vdpa *v,
356 				  struct vhost_vdpa_config __user *c)
357 {
358 	struct vdpa_device *vdpa = v->vdpa;
359 	struct vhost_vdpa_config config;
360 	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
361 	u8 *buf;
362 
363 	if (copy_from_user(&config, c, size))
364 		return -EFAULT;
365 	if (vhost_vdpa_config_validate(v, &config))
366 		return -EINVAL;
367 	buf = kvzalloc(config.len, GFP_KERNEL);
368 	if (!buf)
369 		return -ENOMEM;
370 
371 	vdpa_get_config(vdpa, config.off, buf, config.len);
372 
373 	if (copy_to_user(c->buf, buf, config.len)) {
374 		kvfree(buf);
375 		return -EFAULT;
376 	}
377 
378 	kvfree(buf);
379 	return 0;
380 }
381 
382 static long vhost_vdpa_set_config(struct vhost_vdpa *v,
383 				  struct vhost_vdpa_config __user *c)
384 {
385 	struct vdpa_device *vdpa = v->vdpa;
386 	struct vhost_vdpa_config config;
387 	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
388 	u8 *buf;
389 
390 	if (copy_from_user(&config, c, size))
391 		return -EFAULT;
392 	if (vhost_vdpa_config_validate(v, &config))
393 		return -EINVAL;
394 
395 	buf = vmemdup_user(c->buf, config.len);
396 	if (IS_ERR(buf))
397 		return PTR_ERR(buf);
398 
399 	vdpa_set_config(vdpa, config.off, buf, config.len);
400 
401 	kvfree(buf);
402 	return 0;
403 }
404 
405 static bool vhost_vdpa_can_suspend(const struct vhost_vdpa *v)
406 {
407 	struct vdpa_device *vdpa = v->vdpa;
408 	const struct vdpa_config_ops *ops = vdpa->config;
409 
410 	return ops->suspend;
411 }
412 
413 static bool vhost_vdpa_can_resume(const struct vhost_vdpa *v)
414 {
415 	struct vdpa_device *vdpa = v->vdpa;
416 	const struct vdpa_config_ops *ops = vdpa->config;
417 
418 	return ops->resume;
419 }
420 
421 static bool vhost_vdpa_has_desc_group(const struct vhost_vdpa *v)
422 {
423 	struct vdpa_device *vdpa = v->vdpa;
424 	const struct vdpa_config_ops *ops = vdpa->config;
425 
426 	return ops->get_vq_desc_group;
427 }
428 
429 static long vhost_vdpa_get_features(struct vhost_vdpa *v, u64 __user *featurep)
430 {
431 	struct vdpa_device *vdpa = v->vdpa;
432 	const struct vdpa_config_ops *ops = vdpa->config;
433 	u64 features;
434 
435 	features = ops->get_device_features(vdpa);
436 
437 	if (copy_to_user(featurep, &features, sizeof(features)))
438 		return -EFAULT;
439 
440 	return 0;
441 }
442 
443 static u64 vhost_vdpa_get_backend_features(const struct vhost_vdpa *v)
444 {
445 	struct vdpa_device *vdpa = v->vdpa;
446 	const struct vdpa_config_ops *ops = vdpa->config;
447 
448 	if (!ops->get_backend_features)
449 		return 0;
450 	else
451 		return ops->get_backend_features(vdpa);
452 }
453 
454 static bool vhost_vdpa_has_persistent_map(const struct vhost_vdpa *v)
455 {
456 	struct vdpa_device *vdpa = v->vdpa;
457 	const struct vdpa_config_ops *ops = vdpa->config;
458 
459 	return (!ops->set_map && !ops->dma_map) || ops->reset_map ||
460 	       vhost_vdpa_get_backend_features(v) & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST);
461 }
462 
463 static long vhost_vdpa_set_features(struct vhost_vdpa *v, u64 __user *featurep)
464 {
465 	struct vdpa_device *vdpa = v->vdpa;
466 	const struct vdpa_config_ops *ops = vdpa->config;
467 	struct vhost_dev *d = &v->vdev;
468 	u64 actual_features;
469 	u64 features;
470 	int i;
471 
472 	/*
473 	 * It's not allowed to change the features after they have
474 	 * been negotiated.
475 	 */
476 	if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_FEATURES_OK)
477 		return -EBUSY;
478 
479 	if (copy_from_user(&features, featurep, sizeof(features)))
480 		return -EFAULT;
481 
482 	if (vdpa_set_features(vdpa, features))
483 		return -EINVAL;
484 
485 	/* let the vqs know what has been configured */
486 	actual_features = ops->get_driver_features(vdpa);
487 	for (i = 0; i < d->nvqs; ++i) {
488 		struct vhost_virtqueue *vq = d->vqs[i];
489 
490 		mutex_lock(&vq->mutex);
491 		vq->acked_features = actual_features;
492 		mutex_unlock(&vq->mutex);
493 	}
494 
495 	return 0;
496 }
497 
498 static long vhost_vdpa_get_vring_num(struct vhost_vdpa *v, u16 __user *argp)
499 {
500 	struct vdpa_device *vdpa = v->vdpa;
501 	const struct vdpa_config_ops *ops = vdpa->config;
502 	u16 num;
503 
504 	num = ops->get_vq_num_max(vdpa);
505 
506 	if (copy_to_user(argp, &num, sizeof(num)))
507 		return -EFAULT;
508 
509 	return 0;
510 }
511 
512 static void vhost_vdpa_config_put(struct vhost_vdpa *v)
513 {
514 	if (v->config_ctx) {
515 		eventfd_ctx_put(v->config_ctx);
516 		v->config_ctx = NULL;
517 	}
518 }
519 
520 static long vhost_vdpa_set_config_call(struct vhost_vdpa *v, u32 __user *argp)
521 {
522 	struct vdpa_callback cb;
523 	int fd;
524 	struct eventfd_ctx *ctx;
525 
526 	cb.callback = vhost_vdpa_config_cb;
527 	cb.private = v;
528 	if (copy_from_user(&fd, argp, sizeof(fd)))
529 		return  -EFAULT;
530 
531 	ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd);
532 	swap(ctx, v->config_ctx);
533 
534 	if (!IS_ERR_OR_NULL(ctx))
535 		eventfd_ctx_put(ctx);
536 
537 	if (IS_ERR(v->config_ctx)) {
538 		long ret = PTR_ERR(v->config_ctx);
539 
540 		v->config_ctx = NULL;
541 		return ret;
542 	}
543 
544 	v->vdpa->config->set_config_cb(v->vdpa, &cb);
545 
546 	return 0;
547 }
548 
549 static long vhost_vdpa_get_iova_range(struct vhost_vdpa *v, u32 __user *argp)
550 {
551 	struct vhost_vdpa_iova_range range = {
552 		.first = v->range.first,
553 		.last = v->range.last,
554 	};
555 
556 	if (copy_to_user(argp, &range, sizeof(range)))
557 		return -EFAULT;
558 	return 0;
559 }
560 
561 static long vhost_vdpa_get_config_size(struct vhost_vdpa *v, u32 __user *argp)
562 {
563 	struct vdpa_device *vdpa = v->vdpa;
564 	const struct vdpa_config_ops *ops = vdpa->config;
565 	u32 size;
566 
567 	size = ops->get_config_size(vdpa);
568 
569 	if (copy_to_user(argp, &size, sizeof(size)))
570 		return -EFAULT;
571 
572 	return 0;
573 }
574 
575 static long vhost_vdpa_get_vqs_count(struct vhost_vdpa *v, u32 __user *argp)
576 {
577 	struct vdpa_device *vdpa = v->vdpa;
578 
579 	if (copy_to_user(argp, &vdpa->nvqs, sizeof(vdpa->nvqs)))
580 		return -EFAULT;
581 
582 	return 0;
583 }
584 
585 /* After a successful return of ioctl the device must not process more
586  * virtqueue descriptors. The device can answer to read or writes of config
587  * fields as if it were not suspended. In particular, writing to "queue_enable"
588  * with a value of 1 will not make the device start processing buffers.
589  */
590 static long vhost_vdpa_suspend(struct vhost_vdpa *v)
591 {
592 	struct vdpa_device *vdpa = v->vdpa;
593 	const struct vdpa_config_ops *ops = vdpa->config;
594 	int ret;
595 
596 	if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK))
597 		return 0;
598 
599 	if (!ops->suspend)
600 		return -EOPNOTSUPP;
601 
602 	ret = ops->suspend(vdpa);
603 	if (!ret)
604 		v->suspended = true;
605 
606 	return ret;
607 }
608 
609 /* After a successful return of this ioctl the device resumes processing
610  * virtqueue descriptors. The device becomes fully operational the same way it
611  * was before it was suspended.
612  */
613 static long vhost_vdpa_resume(struct vhost_vdpa *v)
614 {
615 	struct vdpa_device *vdpa = v->vdpa;
616 	const struct vdpa_config_ops *ops = vdpa->config;
617 	int ret;
618 
619 	if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK))
620 		return 0;
621 
622 	if (!ops->resume)
623 		return -EOPNOTSUPP;
624 
625 	ret = ops->resume(vdpa);
626 	if (!ret)
627 		v->suspended = false;
628 
629 	return ret;
630 }
631 
632 static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
633 				   void __user *argp)
634 {
635 	struct vdpa_device *vdpa = v->vdpa;
636 	const struct vdpa_config_ops *ops = vdpa->config;
637 	struct vdpa_vq_state vq_state;
638 	struct vdpa_callback cb;
639 	struct vhost_virtqueue *vq;
640 	struct vhost_vring_state s;
641 	u32 idx;
642 	long r;
643 
644 	r = get_user(idx, (u32 __user *)argp);
645 	if (r < 0)
646 		return r;
647 
648 	if (idx >= v->nvqs)
649 		return -ENOBUFS;
650 
651 	idx = array_index_nospec(idx, v->nvqs);
652 	vq = &v->vqs[idx];
653 
654 	switch (cmd) {
655 	case VHOST_VDPA_SET_VRING_ENABLE:
656 		if (copy_from_user(&s, argp, sizeof(s)))
657 			return -EFAULT;
658 		ops->set_vq_ready(vdpa, idx, s.num);
659 		return 0;
660 	case VHOST_VDPA_GET_VRING_GROUP:
661 		if (!ops->get_vq_group)
662 			return -EOPNOTSUPP;
663 		s.index = idx;
664 		s.num = ops->get_vq_group(vdpa, idx);
665 		if (s.num >= vdpa->ngroups)
666 			return -EIO;
667 		else if (copy_to_user(argp, &s, sizeof(s)))
668 			return -EFAULT;
669 		return 0;
670 	case VHOST_VDPA_GET_VRING_DESC_GROUP:
671 		if (!vhost_vdpa_has_desc_group(v))
672 			return -EOPNOTSUPP;
673 		s.index = idx;
674 		s.num = ops->get_vq_desc_group(vdpa, idx);
675 		if (s.num >= vdpa->ngroups)
676 			return -EIO;
677 		else if (copy_to_user(argp, &s, sizeof(s)))
678 			return -EFAULT;
679 		return 0;
680 	case VHOST_VDPA_SET_GROUP_ASID:
681 		if (copy_from_user(&s, argp, sizeof(s)))
682 			return -EFAULT;
683 		if (s.num >= vdpa->nas)
684 			return -EINVAL;
685 		if (!ops->set_group_asid)
686 			return -EOPNOTSUPP;
687 		return ops->set_group_asid(vdpa, idx, s.num);
688 	case VHOST_VDPA_GET_VRING_SIZE:
689 		if (!ops->get_vq_size)
690 			return -EOPNOTSUPP;
691 		s.index = idx;
692 		s.num = ops->get_vq_size(vdpa, idx);
693 		if (copy_to_user(argp, &s, sizeof(s)))
694 			return -EFAULT;
695 		return 0;
696 	case VHOST_GET_VRING_BASE:
697 		r = ops->get_vq_state(v->vdpa, idx, &vq_state);
698 		if (r)
699 			return r;
700 
701 		if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
702 			vq->last_avail_idx = vq_state.packed.last_avail_idx |
703 					     (vq_state.packed.last_avail_counter << 15);
704 			vq->last_used_idx = vq_state.packed.last_used_idx |
705 					    (vq_state.packed.last_used_counter << 15);
706 		} else {
707 			vq->last_avail_idx = vq_state.split.avail_index;
708 		}
709 		break;
710 	case VHOST_SET_VRING_CALL:
711 		if (vq->call_ctx.ctx) {
712 			if (ops->get_status(vdpa) &
713 			    VIRTIO_CONFIG_S_DRIVER_OK)
714 				vhost_vdpa_unsetup_vq_irq(v, idx);
715 		}
716 		break;
717 	}
718 
719 	r = vhost_vring_ioctl(&v->vdev, cmd, argp);
720 	if (r)
721 		return r;
722 
723 	switch (cmd) {
724 	case VHOST_SET_VRING_ADDR:
725 		if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended)
726 			return -EINVAL;
727 
728 		if (ops->set_vq_address(vdpa, idx,
729 					(u64)(uintptr_t)vq->desc,
730 					(u64)(uintptr_t)vq->avail,
731 					(u64)(uintptr_t)vq->used))
732 			r = -EINVAL;
733 		break;
734 
735 	case VHOST_SET_VRING_BASE:
736 		if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended)
737 			return -EINVAL;
738 
739 		if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
740 			vq_state.packed.last_avail_idx = vq->last_avail_idx & 0x7fff;
741 			vq_state.packed.last_avail_counter = !!(vq->last_avail_idx & 0x8000);
742 			vq_state.packed.last_used_idx = vq->last_used_idx & 0x7fff;
743 			vq_state.packed.last_used_counter = !!(vq->last_used_idx & 0x8000);
744 		} else {
745 			vq_state.split.avail_index = vq->last_avail_idx;
746 		}
747 		r = ops->set_vq_state(vdpa, idx, &vq_state);
748 		break;
749 
750 	case VHOST_SET_VRING_CALL:
751 		if (vq->call_ctx.ctx) {
752 			cb.callback = vhost_vdpa_virtqueue_cb;
753 			cb.private = vq;
754 			cb.trigger = vq->call_ctx.ctx;
755 			if (ops->get_status(vdpa) &
756 			    VIRTIO_CONFIG_S_DRIVER_OK)
757 				vhost_vdpa_setup_vq_irq(v, idx);
758 		} else {
759 			cb.callback = NULL;
760 			cb.private = NULL;
761 			cb.trigger = NULL;
762 		}
763 		ops->set_vq_cb(vdpa, idx, &cb);
764 		break;
765 
766 	case VHOST_SET_VRING_NUM:
767 		ops->set_vq_num(vdpa, idx, vq->num);
768 		break;
769 	}
770 
771 	return r;
772 }
773 
774 static long vhost_vdpa_unlocked_ioctl(struct file *filep,
775 				      unsigned int cmd, unsigned long arg)
776 {
777 	struct vhost_vdpa *v = filep->private_data;
778 	struct vhost_dev *d = &v->vdev;
779 	void __user *argp = (void __user *)arg;
780 	u64 __user *featurep = argp;
781 	u64 features;
782 	long r = 0;
783 
784 	if (cmd == VHOST_SET_BACKEND_FEATURES) {
785 		if (copy_from_user(&features, featurep, sizeof(features)))
786 			return -EFAULT;
787 		if (features & ~(VHOST_VDPA_BACKEND_FEATURES |
788 				 BIT_ULL(VHOST_BACKEND_F_DESC_ASID) |
789 				 BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST) |
790 				 BIT_ULL(VHOST_BACKEND_F_SUSPEND) |
791 				 BIT_ULL(VHOST_BACKEND_F_RESUME) |
792 				 BIT_ULL(VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK)))
793 			return -EOPNOTSUPP;
794 		if ((features & BIT_ULL(VHOST_BACKEND_F_SUSPEND)) &&
795 		     !vhost_vdpa_can_suspend(v))
796 			return -EOPNOTSUPP;
797 		if ((features & BIT_ULL(VHOST_BACKEND_F_RESUME)) &&
798 		     !vhost_vdpa_can_resume(v))
799 			return -EOPNOTSUPP;
800 		if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) &&
801 		    !(features & BIT_ULL(VHOST_BACKEND_F_IOTLB_ASID)))
802 			return -EINVAL;
803 		if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) &&
804 		     !vhost_vdpa_has_desc_group(v))
805 			return -EOPNOTSUPP;
806 		if ((features & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST)) &&
807 		     !vhost_vdpa_has_persistent_map(v))
808 			return -EOPNOTSUPP;
809 		vhost_set_backend_features(&v->vdev, features);
810 		return 0;
811 	}
812 
813 	mutex_lock(&d->mutex);
814 
815 	switch (cmd) {
816 	case VHOST_VDPA_GET_DEVICE_ID:
817 		r = vhost_vdpa_get_device_id(v, argp);
818 		break;
819 	case VHOST_VDPA_GET_STATUS:
820 		r = vhost_vdpa_get_status(v, argp);
821 		break;
822 	case VHOST_VDPA_SET_STATUS:
823 		r = vhost_vdpa_set_status(v, argp);
824 		break;
825 	case VHOST_VDPA_GET_CONFIG:
826 		r = vhost_vdpa_get_config(v, argp);
827 		break;
828 	case VHOST_VDPA_SET_CONFIG:
829 		r = vhost_vdpa_set_config(v, argp);
830 		break;
831 	case VHOST_GET_FEATURES:
832 		r = vhost_vdpa_get_features(v, argp);
833 		break;
834 	case VHOST_SET_FEATURES:
835 		r = vhost_vdpa_set_features(v, argp);
836 		break;
837 	case VHOST_VDPA_GET_VRING_NUM:
838 		r = vhost_vdpa_get_vring_num(v, argp);
839 		break;
840 	case VHOST_VDPA_GET_GROUP_NUM:
841 		if (copy_to_user(argp, &v->vdpa->ngroups,
842 				 sizeof(v->vdpa->ngroups)))
843 			r = -EFAULT;
844 		break;
845 	case VHOST_VDPA_GET_AS_NUM:
846 		if (copy_to_user(argp, &v->vdpa->nas, sizeof(v->vdpa->nas)))
847 			r = -EFAULT;
848 		break;
849 	case VHOST_SET_LOG_BASE:
850 	case VHOST_SET_LOG_FD:
851 		r = -ENOIOCTLCMD;
852 		break;
853 	case VHOST_VDPA_SET_CONFIG_CALL:
854 		r = vhost_vdpa_set_config_call(v, argp);
855 		break;
856 	case VHOST_GET_BACKEND_FEATURES:
857 		features = VHOST_VDPA_BACKEND_FEATURES;
858 		if (vhost_vdpa_can_suspend(v))
859 			features |= BIT_ULL(VHOST_BACKEND_F_SUSPEND);
860 		if (vhost_vdpa_can_resume(v))
861 			features |= BIT_ULL(VHOST_BACKEND_F_RESUME);
862 		if (vhost_vdpa_has_desc_group(v))
863 			features |= BIT_ULL(VHOST_BACKEND_F_DESC_ASID);
864 		if (vhost_vdpa_has_persistent_map(v))
865 			features |= BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST);
866 		features |= vhost_vdpa_get_backend_features(v);
867 		if (copy_to_user(featurep, &features, sizeof(features)))
868 			r = -EFAULT;
869 		break;
870 	case VHOST_VDPA_GET_IOVA_RANGE:
871 		r = vhost_vdpa_get_iova_range(v, argp);
872 		break;
873 	case VHOST_VDPA_GET_CONFIG_SIZE:
874 		r = vhost_vdpa_get_config_size(v, argp);
875 		break;
876 	case VHOST_VDPA_GET_VQS_COUNT:
877 		r = vhost_vdpa_get_vqs_count(v, argp);
878 		break;
879 	case VHOST_VDPA_SUSPEND:
880 		r = vhost_vdpa_suspend(v);
881 		break;
882 	case VHOST_VDPA_RESUME:
883 		r = vhost_vdpa_resume(v);
884 		break;
885 	default:
886 		r = vhost_dev_ioctl(&v->vdev, cmd, argp);
887 		if (r == -ENOIOCTLCMD)
888 			r = vhost_vdpa_vring_ioctl(v, cmd, argp);
889 		break;
890 	}
891 
892 	if (r)
893 		goto out;
894 
895 	switch (cmd) {
896 	case VHOST_SET_OWNER:
897 		r = vhost_vdpa_bind_mm(v);
898 		if (r)
899 			vhost_dev_reset_owner(d, NULL);
900 		break;
901 	}
902 out:
903 	mutex_unlock(&d->mutex);
904 	return r;
905 }
906 static void vhost_vdpa_general_unmap(struct vhost_vdpa *v,
907 				     struct vhost_iotlb_map *map, u32 asid)
908 {
909 	struct vdpa_device *vdpa = v->vdpa;
910 	const struct vdpa_config_ops *ops = vdpa->config;
911 	if (ops->dma_map) {
912 		ops->dma_unmap(vdpa, asid, map->start, map->size);
913 	} else if (ops->set_map == NULL) {
914 		iommu_unmap(v->domain, map->start, map->size);
915 	}
916 }
917 
918 static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
919 				u64 start, u64 last, u32 asid)
920 {
921 	struct vhost_dev *dev = &v->vdev;
922 	struct vhost_iotlb_map *map;
923 	struct page *page;
924 	unsigned long pfn, pinned;
925 
926 	while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
927 		pinned = PFN_DOWN(map->size);
928 		for (pfn = PFN_DOWN(map->addr);
929 		     pinned > 0; pfn++, pinned--) {
930 			page = pfn_to_page(pfn);
931 			if (map->perm & VHOST_ACCESS_WO)
932 				set_page_dirty_lock(page);
933 			unpin_user_page(page);
934 		}
935 		atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm);
936 		vhost_vdpa_general_unmap(v, map, asid);
937 		vhost_iotlb_map_free(iotlb, map);
938 	}
939 }
940 
941 static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
942 				u64 start, u64 last, u32 asid)
943 {
944 	struct vhost_iotlb_map *map;
945 	struct vdpa_map_file *map_file;
946 
947 	while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
948 		map_file = (struct vdpa_map_file *)map->opaque;
949 		fput(map_file->file);
950 		kfree(map_file);
951 		vhost_vdpa_general_unmap(v, map, asid);
952 		vhost_iotlb_map_free(iotlb, map);
953 	}
954 }
955 
956 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
957 				   struct vhost_iotlb *iotlb, u64 start,
958 				   u64 last, u32 asid)
959 {
960 	struct vdpa_device *vdpa = v->vdpa;
961 
962 	if (vdpa->use_va)
963 		return vhost_vdpa_va_unmap(v, iotlb, start, last, asid);
964 
965 	return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid);
966 }
967 
968 static int perm_to_iommu_flags(u32 perm)
969 {
970 	int flags = 0;
971 
972 	switch (perm) {
973 	case VHOST_ACCESS_WO:
974 		flags |= IOMMU_WRITE;
975 		break;
976 	case VHOST_ACCESS_RO:
977 		flags |= IOMMU_READ;
978 		break;
979 	case VHOST_ACCESS_RW:
980 		flags |= (IOMMU_WRITE | IOMMU_READ);
981 		break;
982 	default:
983 		WARN(1, "invalidate vhost IOTLB permission\n");
984 		break;
985 	}
986 
987 	return flags | IOMMU_CACHE;
988 }
989 
990 static int vhost_vdpa_map(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
991 			  u64 iova, u64 size, u64 pa, u32 perm, void *opaque)
992 {
993 	struct vhost_dev *dev = &v->vdev;
994 	struct vdpa_device *vdpa = v->vdpa;
995 	const struct vdpa_config_ops *ops = vdpa->config;
996 	u32 asid = iotlb_to_asid(iotlb);
997 	int r = 0;
998 
999 	r = vhost_iotlb_add_range_ctx(iotlb, iova, iova + size - 1,
1000 				      pa, perm, opaque);
1001 	if (r)
1002 		return r;
1003 
1004 	if (ops->dma_map) {
1005 		r = ops->dma_map(vdpa, asid, iova, size, pa, perm, opaque);
1006 	} else if (ops->set_map) {
1007 		if (!v->in_batch)
1008 			r = ops->set_map(vdpa, asid, iotlb);
1009 	} else {
1010 		r = iommu_map(v->domain, iova, pa, size,
1011 			      perm_to_iommu_flags(perm),
1012 			      GFP_KERNEL_ACCOUNT);
1013 	}
1014 	if (r) {
1015 		vhost_iotlb_del_range(iotlb, iova, iova + size - 1);
1016 		return r;
1017 	}
1018 
1019 	if (!vdpa->use_va)
1020 		atomic64_add(PFN_DOWN(size), &dev->mm->pinned_vm);
1021 
1022 	return 0;
1023 }
1024 
1025 static void vhost_vdpa_unmap(struct vhost_vdpa *v,
1026 			     struct vhost_iotlb *iotlb,
1027 			     u64 iova, u64 size)
1028 {
1029 	struct vdpa_device *vdpa = v->vdpa;
1030 	const struct vdpa_config_ops *ops = vdpa->config;
1031 	u32 asid = iotlb_to_asid(iotlb);
1032 
1033 	vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid);
1034 
1035 	if (ops->set_map) {
1036 		if (!v->in_batch)
1037 			ops->set_map(vdpa, asid, iotlb);
1038 	}
1039 
1040 }
1041 
1042 static int vhost_vdpa_va_map(struct vhost_vdpa *v,
1043 			     struct vhost_iotlb *iotlb,
1044 			     u64 iova, u64 size, u64 uaddr, u32 perm)
1045 {
1046 	struct vhost_dev *dev = &v->vdev;
1047 	u64 offset, map_size, map_iova = iova;
1048 	struct vdpa_map_file *map_file;
1049 	struct vm_area_struct *vma;
1050 	int ret = 0;
1051 
1052 	mmap_read_lock(dev->mm);
1053 
1054 	while (size) {
1055 		vma = find_vma(dev->mm, uaddr);
1056 		if (!vma) {
1057 			ret = -EINVAL;
1058 			break;
1059 		}
1060 		map_size = min(size, vma->vm_end - uaddr);
1061 		if (!(vma->vm_file && (vma->vm_flags & VM_SHARED) &&
1062 			!(vma->vm_flags & (VM_IO | VM_PFNMAP))))
1063 			goto next;
1064 
1065 		map_file = kzalloc(sizeof(*map_file), GFP_KERNEL);
1066 		if (!map_file) {
1067 			ret = -ENOMEM;
1068 			break;
1069 		}
1070 		offset = (vma->vm_pgoff << PAGE_SHIFT) + uaddr - vma->vm_start;
1071 		map_file->offset = offset;
1072 		map_file->file = get_file(vma->vm_file);
1073 		ret = vhost_vdpa_map(v, iotlb, map_iova, map_size, uaddr,
1074 				     perm, map_file);
1075 		if (ret) {
1076 			fput(map_file->file);
1077 			kfree(map_file);
1078 			break;
1079 		}
1080 next:
1081 		size -= map_size;
1082 		uaddr += map_size;
1083 		map_iova += map_size;
1084 	}
1085 	if (ret)
1086 		vhost_vdpa_unmap(v, iotlb, iova, map_iova - iova);
1087 
1088 	mmap_read_unlock(dev->mm);
1089 
1090 	return ret;
1091 }
1092 
1093 static int vhost_vdpa_pa_map(struct vhost_vdpa *v,
1094 			     struct vhost_iotlb *iotlb,
1095 			     u64 iova, u64 size, u64 uaddr, u32 perm)
1096 {
1097 	struct vhost_dev *dev = &v->vdev;
1098 	struct page **page_list;
1099 	unsigned long list_size = PAGE_SIZE / sizeof(struct page *);
1100 	unsigned int gup_flags = FOLL_LONGTERM;
1101 	unsigned long npages, cur_base, map_pfn, last_pfn = 0;
1102 	unsigned long lock_limit, sz2pin, nchunks, i;
1103 	u64 start = iova;
1104 	long pinned;
1105 	int ret = 0;
1106 
1107 	/* Limit the use of memory for bookkeeping */
1108 	page_list = (struct page **) __get_free_page(GFP_KERNEL);
1109 	if (!page_list)
1110 		return -ENOMEM;
1111 
1112 	if (perm & VHOST_ACCESS_WO)
1113 		gup_flags |= FOLL_WRITE;
1114 
1115 	npages = PFN_UP(size + (iova & ~PAGE_MASK));
1116 	if (!npages) {
1117 		ret = -EINVAL;
1118 		goto free;
1119 	}
1120 
1121 	mmap_read_lock(dev->mm);
1122 
1123 	lock_limit = PFN_DOWN(rlimit(RLIMIT_MEMLOCK));
1124 	if (npages + atomic64_read(&dev->mm->pinned_vm) > lock_limit) {
1125 		ret = -ENOMEM;
1126 		goto unlock;
1127 	}
1128 
1129 	cur_base = uaddr & PAGE_MASK;
1130 	iova &= PAGE_MASK;
1131 	nchunks = 0;
1132 
1133 	while (npages) {
1134 		sz2pin = min_t(unsigned long, npages, list_size);
1135 		pinned = pin_user_pages(cur_base, sz2pin,
1136 					gup_flags, page_list);
1137 		if (sz2pin != pinned) {
1138 			if (pinned < 0) {
1139 				ret = pinned;
1140 			} else {
1141 				unpin_user_pages(page_list, pinned);
1142 				ret = -ENOMEM;
1143 			}
1144 			goto out;
1145 		}
1146 		nchunks++;
1147 
1148 		if (!last_pfn)
1149 			map_pfn = page_to_pfn(page_list[0]);
1150 
1151 		for (i = 0; i < pinned; i++) {
1152 			unsigned long this_pfn = page_to_pfn(page_list[i]);
1153 			u64 csize;
1154 
1155 			if (last_pfn && (this_pfn != last_pfn + 1)) {
1156 				/* Pin a contiguous chunk of memory */
1157 				csize = PFN_PHYS(last_pfn - map_pfn + 1);
1158 				ret = vhost_vdpa_map(v, iotlb, iova, csize,
1159 						     PFN_PHYS(map_pfn),
1160 						     perm, NULL);
1161 				if (ret) {
1162 					/*
1163 					 * Unpin the pages that are left unmapped
1164 					 * from this point on in the current
1165 					 * page_list. The remaining outstanding
1166 					 * ones which may stride across several
1167 					 * chunks will be covered in the common
1168 					 * error path subsequently.
1169 					 */
1170 					unpin_user_pages(&page_list[i],
1171 							 pinned - i);
1172 					goto out;
1173 				}
1174 
1175 				map_pfn = this_pfn;
1176 				iova += csize;
1177 				nchunks = 0;
1178 			}
1179 
1180 			last_pfn = this_pfn;
1181 		}
1182 
1183 		cur_base += PFN_PHYS(pinned);
1184 		npages -= pinned;
1185 	}
1186 
1187 	/* Pin the rest chunk */
1188 	ret = vhost_vdpa_map(v, iotlb, iova, PFN_PHYS(last_pfn - map_pfn + 1),
1189 			     PFN_PHYS(map_pfn), perm, NULL);
1190 out:
1191 	if (ret) {
1192 		if (nchunks) {
1193 			unsigned long pfn;
1194 
1195 			/*
1196 			 * Unpin the outstanding pages which are yet to be
1197 			 * mapped but haven't due to vdpa_map() or
1198 			 * pin_user_pages() failure.
1199 			 *
1200 			 * Mapped pages are accounted in vdpa_map(), hence
1201 			 * the corresponding unpinning will be handled by
1202 			 * vdpa_unmap().
1203 			 */
1204 			WARN_ON(!last_pfn);
1205 			for (pfn = map_pfn; pfn <= last_pfn; pfn++)
1206 				unpin_user_page(pfn_to_page(pfn));
1207 		}
1208 		vhost_vdpa_unmap(v, iotlb, start, size);
1209 	}
1210 unlock:
1211 	mmap_read_unlock(dev->mm);
1212 free:
1213 	free_page((unsigned long)page_list);
1214 	return ret;
1215 
1216 }
1217 
1218 static int vhost_vdpa_process_iotlb_update(struct vhost_vdpa *v,
1219 					   struct vhost_iotlb *iotlb,
1220 					   struct vhost_iotlb_msg *msg)
1221 {
1222 	struct vdpa_device *vdpa = v->vdpa;
1223 
1224 	if (msg->iova < v->range.first || !msg->size ||
1225 	    msg->iova > U64_MAX - msg->size + 1 ||
1226 	    msg->iova + msg->size - 1 > v->range.last)
1227 		return -EINVAL;
1228 
1229 	if (vhost_iotlb_itree_first(iotlb, msg->iova,
1230 				    msg->iova + msg->size - 1))
1231 		return -EEXIST;
1232 
1233 	if (vdpa->use_va)
1234 		return vhost_vdpa_va_map(v, iotlb, msg->iova, msg->size,
1235 					 msg->uaddr, msg->perm);
1236 
1237 	return vhost_vdpa_pa_map(v, iotlb, msg->iova, msg->size, msg->uaddr,
1238 				 msg->perm);
1239 }
1240 
1241 static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, u32 asid,
1242 					struct vhost_iotlb_msg *msg)
1243 {
1244 	struct vhost_vdpa *v = container_of(dev, struct vhost_vdpa, vdev);
1245 	struct vdpa_device *vdpa = v->vdpa;
1246 	const struct vdpa_config_ops *ops = vdpa->config;
1247 	struct vhost_iotlb *iotlb = NULL;
1248 	struct vhost_vdpa_as *as = NULL;
1249 	int r = 0;
1250 
1251 	mutex_lock(&dev->mutex);
1252 
1253 	r = vhost_dev_check_owner(dev);
1254 	if (r)
1255 		goto unlock;
1256 
1257 	if (msg->type == VHOST_IOTLB_UPDATE ||
1258 	    msg->type == VHOST_IOTLB_BATCH_BEGIN) {
1259 		as = vhost_vdpa_find_alloc_as(v, asid);
1260 		if (!as) {
1261 			dev_err(&v->dev, "can't find and alloc asid %d\n",
1262 				asid);
1263 			r = -EINVAL;
1264 			goto unlock;
1265 		}
1266 		iotlb = &as->iotlb;
1267 	} else
1268 		iotlb = asid_to_iotlb(v, asid);
1269 
1270 	if ((v->in_batch && v->batch_asid != asid) || !iotlb) {
1271 		if (v->in_batch && v->batch_asid != asid) {
1272 			dev_info(&v->dev, "batch id %d asid %d\n",
1273 				 v->batch_asid, asid);
1274 		}
1275 		if (!iotlb)
1276 			dev_err(&v->dev, "no iotlb for asid %d\n", asid);
1277 		r = -EINVAL;
1278 		goto unlock;
1279 	}
1280 
1281 	switch (msg->type) {
1282 	case VHOST_IOTLB_UPDATE:
1283 		r = vhost_vdpa_process_iotlb_update(v, iotlb, msg);
1284 		break;
1285 	case VHOST_IOTLB_INVALIDATE:
1286 		vhost_vdpa_unmap(v, iotlb, msg->iova, msg->size);
1287 		break;
1288 	case VHOST_IOTLB_BATCH_BEGIN:
1289 		v->batch_asid = asid;
1290 		v->in_batch = true;
1291 		break;
1292 	case VHOST_IOTLB_BATCH_END:
1293 		if (v->in_batch && ops->set_map)
1294 			ops->set_map(vdpa, asid, iotlb);
1295 		v->in_batch = false;
1296 		break;
1297 	default:
1298 		r = -EINVAL;
1299 		break;
1300 	}
1301 unlock:
1302 	mutex_unlock(&dev->mutex);
1303 
1304 	return r;
1305 }
1306 
1307 static ssize_t vhost_vdpa_chr_write_iter(struct kiocb *iocb,
1308 					 struct iov_iter *from)
1309 {
1310 	struct file *file = iocb->ki_filp;
1311 	struct vhost_vdpa *v = file->private_data;
1312 	struct vhost_dev *dev = &v->vdev;
1313 
1314 	return vhost_chr_write_iter(dev, from);
1315 }
1316 
1317 static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
1318 {
1319 	struct vdpa_device *vdpa = v->vdpa;
1320 	const struct vdpa_config_ops *ops = vdpa->config;
1321 	struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1322 	int ret;
1323 
1324 	/* Device want to do DMA by itself */
1325 	if (ops->set_map || ops->dma_map)
1326 		return 0;
1327 
1328 	if (!device_iommu_capable(dma_dev, IOMMU_CAP_CACHE_COHERENCY)) {
1329 		dev_warn_once(&v->dev,
1330 			      "Failed to allocate domain, device is not IOMMU cache coherent capable\n");
1331 		return -ENOTSUPP;
1332 	}
1333 
1334 	v->domain = iommu_paging_domain_alloc(dma_dev);
1335 	if (IS_ERR(v->domain)) {
1336 		ret = PTR_ERR(v->domain);
1337 		v->domain = NULL;
1338 		return ret;
1339 	}
1340 
1341 	ret = iommu_attach_device(v->domain, dma_dev);
1342 	if (ret)
1343 		goto err_attach;
1344 
1345 	return 0;
1346 
1347 err_attach:
1348 	iommu_domain_free(v->domain);
1349 	v->domain = NULL;
1350 	return ret;
1351 }
1352 
1353 static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
1354 {
1355 	struct vdpa_device *vdpa = v->vdpa;
1356 	struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1357 
1358 	if (v->domain) {
1359 		iommu_detach_device(v->domain, dma_dev);
1360 		iommu_domain_free(v->domain);
1361 	}
1362 
1363 	v->domain = NULL;
1364 }
1365 
1366 static void vhost_vdpa_set_iova_range(struct vhost_vdpa *v)
1367 {
1368 	struct vdpa_iova_range *range = &v->range;
1369 	struct vdpa_device *vdpa = v->vdpa;
1370 	const struct vdpa_config_ops *ops = vdpa->config;
1371 
1372 	if (ops->get_iova_range) {
1373 		*range = ops->get_iova_range(vdpa);
1374 	} else if (v->domain && v->domain->geometry.force_aperture) {
1375 		range->first = v->domain->geometry.aperture_start;
1376 		range->last = v->domain->geometry.aperture_end;
1377 	} else {
1378 		range->first = 0;
1379 		range->last = ULLONG_MAX;
1380 	}
1381 }
1382 
1383 static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
1384 {
1385 	struct vhost_vdpa_as *as;
1386 	u32 asid;
1387 
1388 	for (asid = 0; asid < v->vdpa->nas; asid++) {
1389 		as = asid_to_as(v, asid);
1390 		if (as)
1391 			vhost_vdpa_remove_as(v, asid);
1392 	}
1393 
1394 	vhost_vdpa_free_domain(v);
1395 	vhost_dev_cleanup(&v->vdev);
1396 	kfree(v->vdev.vqs);
1397 	v->vdev.vqs = NULL;
1398 }
1399 
1400 static int vhost_vdpa_open(struct inode *inode, struct file *filep)
1401 {
1402 	struct vhost_vdpa *v;
1403 	struct vhost_dev *dev;
1404 	struct vhost_virtqueue **vqs;
1405 	int r, opened;
1406 	u32 i, nvqs;
1407 
1408 	v = container_of(inode->i_cdev, struct vhost_vdpa, cdev);
1409 
1410 	opened = atomic_cmpxchg(&v->opened, 0, 1);
1411 	if (opened)
1412 		return -EBUSY;
1413 
1414 	nvqs = v->nvqs;
1415 	r = vhost_vdpa_reset(v);
1416 	if (r)
1417 		goto err;
1418 
1419 	vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
1420 	if (!vqs) {
1421 		r = -ENOMEM;
1422 		goto err;
1423 	}
1424 
1425 	dev = &v->vdev;
1426 	for (i = 0; i < nvqs; i++) {
1427 		vqs[i] = &v->vqs[i];
1428 		vqs[i]->handle_kick = handle_vq_kick;
1429 		vqs[i]->call_ctx.ctx = NULL;
1430 	}
1431 	vhost_dev_init(dev, vqs, nvqs, 0, 0, 0, false,
1432 		       vhost_vdpa_process_iotlb_msg);
1433 
1434 	r = vhost_vdpa_alloc_domain(v);
1435 	if (r)
1436 		goto err_alloc_domain;
1437 
1438 	vhost_vdpa_set_iova_range(v);
1439 
1440 	filep->private_data = v;
1441 
1442 	return 0;
1443 
1444 err_alloc_domain:
1445 	vhost_vdpa_cleanup(v);
1446 err:
1447 	atomic_dec(&v->opened);
1448 	return r;
1449 }
1450 
1451 static void vhost_vdpa_clean_irq(struct vhost_vdpa *v)
1452 {
1453 	u32 i;
1454 
1455 	for (i = 0; i < v->nvqs; i++)
1456 		vhost_vdpa_unsetup_vq_irq(v, i);
1457 }
1458 
1459 static int vhost_vdpa_release(struct inode *inode, struct file *filep)
1460 {
1461 	struct vhost_vdpa *v = filep->private_data;
1462 	struct vhost_dev *d = &v->vdev;
1463 
1464 	mutex_lock(&d->mutex);
1465 	filep->private_data = NULL;
1466 	vhost_vdpa_clean_irq(v);
1467 	vhost_vdpa_reset(v);
1468 	vhost_dev_stop(&v->vdev);
1469 	vhost_vdpa_unbind_mm(v);
1470 	vhost_vdpa_config_put(v);
1471 	vhost_vdpa_cleanup(v);
1472 	mutex_unlock(&d->mutex);
1473 
1474 	atomic_dec(&v->opened);
1475 	complete(&v->completion);
1476 
1477 	return 0;
1478 }
1479 
1480 #ifdef CONFIG_MMU
1481 static vm_fault_t vhost_vdpa_fault(struct vm_fault *vmf)
1482 {
1483 	struct vhost_vdpa *v = vmf->vma->vm_file->private_data;
1484 	struct vdpa_device *vdpa = v->vdpa;
1485 	const struct vdpa_config_ops *ops = vdpa->config;
1486 	struct vdpa_notification_area notify;
1487 	struct vm_area_struct *vma = vmf->vma;
1488 	u16 index = vma->vm_pgoff;
1489 
1490 	notify = ops->get_vq_notification(vdpa, index);
1491 
1492 	return vmf_insert_pfn(vma, vmf->address & PAGE_MASK, PFN_DOWN(notify.addr));
1493 }
1494 
1495 static const struct vm_operations_struct vhost_vdpa_vm_ops = {
1496 	.fault = vhost_vdpa_fault,
1497 };
1498 
1499 static int vhost_vdpa_mmap(struct file *file, struct vm_area_struct *vma)
1500 {
1501 	struct vhost_vdpa *v = vma->vm_file->private_data;
1502 	struct vdpa_device *vdpa = v->vdpa;
1503 	const struct vdpa_config_ops *ops = vdpa->config;
1504 	struct vdpa_notification_area notify;
1505 	unsigned long index = vma->vm_pgoff;
1506 
1507 	if (vma->vm_end - vma->vm_start != PAGE_SIZE)
1508 		return -EINVAL;
1509 	if ((vma->vm_flags & VM_SHARED) == 0)
1510 		return -EINVAL;
1511 	if (vma->vm_flags & VM_READ)
1512 		return -EINVAL;
1513 	if (index > 65535)
1514 		return -EINVAL;
1515 	if (!ops->get_vq_notification)
1516 		return -ENOTSUPP;
1517 
1518 	/* To be safe and easily modelled by userspace, We only
1519 	 * support the doorbell which sits on the page boundary and
1520 	 * does not share the page with other registers.
1521 	 */
1522 	notify = ops->get_vq_notification(vdpa, index);
1523 	if (notify.addr & (PAGE_SIZE - 1))
1524 		return -EINVAL;
1525 	if (vma->vm_end - vma->vm_start != notify.size)
1526 		return -ENOTSUPP;
1527 
1528 	vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
1529 	vma->vm_ops = &vhost_vdpa_vm_ops;
1530 	return 0;
1531 }
1532 #endif /* CONFIG_MMU */
1533 
1534 static const struct file_operations vhost_vdpa_fops = {
1535 	.owner		= THIS_MODULE,
1536 	.open		= vhost_vdpa_open,
1537 	.release	= vhost_vdpa_release,
1538 	.write_iter	= vhost_vdpa_chr_write_iter,
1539 	.unlocked_ioctl	= vhost_vdpa_unlocked_ioctl,
1540 #ifdef CONFIG_MMU
1541 	.mmap		= vhost_vdpa_mmap,
1542 #endif /* CONFIG_MMU */
1543 	.compat_ioctl	= compat_ptr_ioctl,
1544 };
1545 
1546 static void vhost_vdpa_release_dev(struct device *device)
1547 {
1548 	struct vhost_vdpa *v =
1549 	       container_of(device, struct vhost_vdpa, dev);
1550 
1551 	ida_free(&vhost_vdpa_ida, v->minor);
1552 	kfree(v->vqs);
1553 	kfree(v);
1554 }
1555 
1556 static int vhost_vdpa_probe(struct vdpa_device *vdpa)
1557 {
1558 	const struct vdpa_config_ops *ops = vdpa->config;
1559 	struct vhost_vdpa *v;
1560 	int minor;
1561 	int i, r;
1562 
1563 	/* We can't support platform IOMMU device with more than 1
1564 	 * group or as
1565 	 */
1566 	if (!ops->set_map && !ops->dma_map &&
1567 	    (vdpa->ngroups > 1 || vdpa->nas > 1))
1568 		return -EOPNOTSUPP;
1569 
1570 	v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1571 	if (!v)
1572 		return -ENOMEM;
1573 
1574 	minor = ida_alloc_max(&vhost_vdpa_ida, VHOST_VDPA_DEV_MAX - 1,
1575 			      GFP_KERNEL);
1576 	if (minor < 0) {
1577 		kfree(v);
1578 		return minor;
1579 	}
1580 
1581 	atomic_set(&v->opened, 0);
1582 	v->minor = minor;
1583 	v->vdpa = vdpa;
1584 	v->nvqs = vdpa->nvqs;
1585 	v->virtio_id = ops->get_device_id(vdpa);
1586 
1587 	device_initialize(&v->dev);
1588 	v->dev.release = vhost_vdpa_release_dev;
1589 	v->dev.parent = &vdpa->dev;
1590 	v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor);
1591 	v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue),
1592 			       GFP_KERNEL);
1593 	if (!v->vqs) {
1594 		r = -ENOMEM;
1595 		goto err;
1596 	}
1597 
1598 	r = dev_set_name(&v->dev, "vhost-vdpa-%u", minor);
1599 	if (r)
1600 		goto err;
1601 
1602 	cdev_init(&v->cdev, &vhost_vdpa_fops);
1603 	v->cdev.owner = THIS_MODULE;
1604 
1605 	r = cdev_device_add(&v->cdev, &v->dev);
1606 	if (r)
1607 		goto err;
1608 
1609 	init_completion(&v->completion);
1610 	vdpa_set_drvdata(vdpa, v);
1611 
1612 	for (i = 0; i < VHOST_VDPA_IOTLB_BUCKETS; i++)
1613 		INIT_HLIST_HEAD(&v->as[i]);
1614 
1615 	return 0;
1616 
1617 err:
1618 	put_device(&v->dev);
1619 	return r;
1620 }
1621 
1622 static void vhost_vdpa_remove(struct vdpa_device *vdpa)
1623 {
1624 	struct vhost_vdpa *v = vdpa_get_drvdata(vdpa);
1625 	int opened;
1626 
1627 	cdev_device_del(&v->cdev, &v->dev);
1628 
1629 	do {
1630 		opened = atomic_cmpxchg(&v->opened, 0, 1);
1631 		if (!opened)
1632 			break;
1633 		wait_for_completion(&v->completion);
1634 	} while (1);
1635 
1636 	put_device(&v->dev);
1637 }
1638 
1639 static struct vdpa_driver vhost_vdpa_driver = {
1640 	.driver = {
1641 		.name	= "vhost_vdpa",
1642 	},
1643 	.probe	= vhost_vdpa_probe,
1644 	.remove	= vhost_vdpa_remove,
1645 };
1646 
1647 static int __init vhost_vdpa_init(void)
1648 {
1649 	int r;
1650 
1651 	r = alloc_chrdev_region(&vhost_vdpa_major, 0, VHOST_VDPA_DEV_MAX,
1652 				"vhost-vdpa");
1653 	if (r)
1654 		goto err_alloc_chrdev;
1655 
1656 	r = vdpa_register_driver(&vhost_vdpa_driver);
1657 	if (r)
1658 		goto err_vdpa_register_driver;
1659 
1660 	return 0;
1661 
1662 err_vdpa_register_driver:
1663 	unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1664 err_alloc_chrdev:
1665 	return r;
1666 }
1667 module_init(vhost_vdpa_init);
1668 
1669 static void __exit vhost_vdpa_exit(void)
1670 {
1671 	vdpa_unregister_driver(&vhost_vdpa_driver);
1672 	unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1673 }
1674 module_exit(vhost_vdpa_exit);
1675 
1676 MODULE_VERSION("0.0.1");
1677 MODULE_LICENSE("GPL v2");
1678 MODULE_AUTHOR("Intel Corporation");
1679 MODULE_DESCRIPTION("vDPA-based vhost backend for virtio");
1680