xref: /linux/drivers/vhost/vdpa.c (revision 7dd900ea0e1b9a2000270c9c0f4deab0cfa359b1)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2018-2020 Intel Corporation.
4  * Copyright (C) 2020 Red Hat, Inc.
5  *
6  * Author: Tiwei Bie <tiwei.bie@intel.com>
7  *         Jason Wang <jasowang@redhat.com>
8  *
9  * Thanks Michael S. Tsirkin for the valuable comments and
10  * suggestions.  And thanks to Cunming Liang and Zhihong Wang for all
11  * their supports.
12  */
13 
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/cdev.h>
17 #include <linux/device.h>
18 #include <linux/mm.h>
19 #include <linux/slab.h>
20 #include <linux/iommu.h>
21 #include <linux/uuid.h>
22 #include <linux/vdpa.h>
23 #include <linux/nospec.h>
24 #include <linux/vhost.h>
25 
26 #include "vhost.h"
27 
28 enum {
29 	VHOST_VDPA_BACKEND_FEATURES =
30 	(1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2) |
31 	(1ULL << VHOST_BACKEND_F_IOTLB_BATCH) |
32 	(1ULL << VHOST_BACKEND_F_IOTLB_ASID),
33 };
34 
35 #define VHOST_VDPA_DEV_MAX (1U << MINORBITS)
36 
37 #define VHOST_VDPA_IOTLB_BUCKETS 16
38 
39 struct vhost_vdpa_as {
40 	struct hlist_node hash_link;
41 	struct vhost_iotlb iotlb;
42 	u32 id;
43 };
44 
45 struct vhost_vdpa {
46 	struct vhost_dev vdev;
47 	struct iommu_domain *domain;
48 	struct vhost_virtqueue *vqs;
49 	struct completion completion;
50 	struct vdpa_device *vdpa;
51 	struct hlist_head as[VHOST_VDPA_IOTLB_BUCKETS];
52 	struct device dev;
53 	struct cdev cdev;
54 	atomic_t opened;
55 	u32 nvqs;
56 	int virtio_id;
57 	int minor;
58 	struct eventfd_ctx *config_ctx;
59 	int in_batch;
60 	struct vdpa_iova_range range;
61 	u32 batch_asid;
62 };
63 
64 static DEFINE_IDA(vhost_vdpa_ida);
65 
66 static dev_t vhost_vdpa_major;
67 
68 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
69 				   struct vhost_iotlb *iotlb, u64 start,
70 				   u64 last, u32 asid);
71 
72 static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb)
73 {
74 	struct vhost_vdpa_as *as = container_of(iotlb, struct
75 						vhost_vdpa_as, iotlb);
76 	return as->id;
77 }
78 
79 static struct vhost_vdpa_as *asid_to_as(struct vhost_vdpa *v, u32 asid)
80 {
81 	struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
82 	struct vhost_vdpa_as *as;
83 
84 	hlist_for_each_entry(as, head, hash_link)
85 		if (as->id == asid)
86 			return as;
87 
88 	return NULL;
89 }
90 
91 static struct vhost_iotlb *asid_to_iotlb(struct vhost_vdpa *v, u32 asid)
92 {
93 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
94 
95 	if (!as)
96 		return NULL;
97 
98 	return &as->iotlb;
99 }
100 
101 static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid)
102 {
103 	struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
104 	struct vhost_vdpa_as *as;
105 
106 	if (asid_to_as(v, asid))
107 		return NULL;
108 
109 	if (asid >= v->vdpa->nas)
110 		return NULL;
111 
112 	as = kmalloc(sizeof(*as), GFP_KERNEL);
113 	if (!as)
114 		return NULL;
115 
116 	vhost_iotlb_init(&as->iotlb, 0, 0);
117 	as->id = asid;
118 	hlist_add_head(&as->hash_link, head);
119 
120 	return as;
121 }
122 
123 static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v,
124 						      u32 asid)
125 {
126 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
127 
128 	if (as)
129 		return as;
130 
131 	return vhost_vdpa_alloc_as(v, asid);
132 }
133 
134 static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid)
135 {
136 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
137 
138 	if (!as)
139 		return -EINVAL;
140 
141 	hlist_del(&as->hash_link);
142 	vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid);
143 	kfree(as);
144 
145 	return 0;
146 }
147 
148 static void handle_vq_kick(struct vhost_work *work)
149 {
150 	struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
151 						  poll.work);
152 	struct vhost_vdpa *v = container_of(vq->dev, struct vhost_vdpa, vdev);
153 	const struct vdpa_config_ops *ops = v->vdpa->config;
154 
155 	ops->kick_vq(v->vdpa, vq - v->vqs);
156 }
157 
158 static irqreturn_t vhost_vdpa_virtqueue_cb(void *private)
159 {
160 	struct vhost_virtqueue *vq = private;
161 	struct eventfd_ctx *call_ctx = vq->call_ctx.ctx;
162 
163 	if (call_ctx)
164 		eventfd_signal(call_ctx, 1);
165 
166 	return IRQ_HANDLED;
167 }
168 
169 static irqreturn_t vhost_vdpa_config_cb(void *private)
170 {
171 	struct vhost_vdpa *v = private;
172 	struct eventfd_ctx *config_ctx = v->config_ctx;
173 
174 	if (config_ctx)
175 		eventfd_signal(config_ctx, 1);
176 
177 	return IRQ_HANDLED;
178 }
179 
180 static void vhost_vdpa_setup_vq_irq(struct vhost_vdpa *v, u16 qid)
181 {
182 	struct vhost_virtqueue *vq = &v->vqs[qid];
183 	const struct vdpa_config_ops *ops = v->vdpa->config;
184 	struct vdpa_device *vdpa = v->vdpa;
185 	int ret, irq;
186 
187 	if (!ops->get_vq_irq)
188 		return;
189 
190 	irq = ops->get_vq_irq(vdpa, qid);
191 	if (irq < 0)
192 		return;
193 
194 	irq_bypass_unregister_producer(&vq->call_ctx.producer);
195 	if (!vq->call_ctx.ctx)
196 		return;
197 
198 	vq->call_ctx.producer.token = vq->call_ctx.ctx;
199 	vq->call_ctx.producer.irq = irq;
200 	ret = irq_bypass_register_producer(&vq->call_ctx.producer);
201 	if (unlikely(ret))
202 		dev_info(&v->dev, "vq %u, irq bypass producer (token %p) registration fails, ret =  %d\n",
203 			 qid, vq->call_ctx.producer.token, ret);
204 }
205 
206 static void vhost_vdpa_unsetup_vq_irq(struct vhost_vdpa *v, u16 qid)
207 {
208 	struct vhost_virtqueue *vq = &v->vqs[qid];
209 
210 	irq_bypass_unregister_producer(&vq->call_ctx.producer);
211 }
212 
213 static int vhost_vdpa_reset(struct vhost_vdpa *v)
214 {
215 	struct vdpa_device *vdpa = v->vdpa;
216 
217 	v->in_batch = 0;
218 
219 	return vdpa_reset(vdpa);
220 }
221 
222 static long vhost_vdpa_bind_mm(struct vhost_vdpa *v)
223 {
224 	struct vdpa_device *vdpa = v->vdpa;
225 	const struct vdpa_config_ops *ops = vdpa->config;
226 
227 	if (!vdpa->use_va || !ops->bind_mm)
228 		return 0;
229 
230 	return ops->bind_mm(vdpa, v->vdev.mm);
231 }
232 
233 static void vhost_vdpa_unbind_mm(struct vhost_vdpa *v)
234 {
235 	struct vdpa_device *vdpa = v->vdpa;
236 	const struct vdpa_config_ops *ops = vdpa->config;
237 
238 	if (!vdpa->use_va || !ops->unbind_mm)
239 		return;
240 
241 	ops->unbind_mm(vdpa);
242 }
243 
244 static long vhost_vdpa_get_device_id(struct vhost_vdpa *v, u8 __user *argp)
245 {
246 	struct vdpa_device *vdpa = v->vdpa;
247 	const struct vdpa_config_ops *ops = vdpa->config;
248 	u32 device_id;
249 
250 	device_id = ops->get_device_id(vdpa);
251 
252 	if (copy_to_user(argp, &device_id, sizeof(device_id)))
253 		return -EFAULT;
254 
255 	return 0;
256 }
257 
258 static long vhost_vdpa_get_status(struct vhost_vdpa *v, u8 __user *statusp)
259 {
260 	struct vdpa_device *vdpa = v->vdpa;
261 	const struct vdpa_config_ops *ops = vdpa->config;
262 	u8 status;
263 
264 	status = ops->get_status(vdpa);
265 
266 	if (copy_to_user(statusp, &status, sizeof(status)))
267 		return -EFAULT;
268 
269 	return 0;
270 }
271 
272 static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
273 {
274 	struct vdpa_device *vdpa = v->vdpa;
275 	const struct vdpa_config_ops *ops = vdpa->config;
276 	u8 status, status_old;
277 	u32 nvqs = v->nvqs;
278 	int ret;
279 	u16 i;
280 
281 	if (copy_from_user(&status, statusp, sizeof(status)))
282 		return -EFAULT;
283 
284 	status_old = ops->get_status(vdpa);
285 
286 	/*
287 	 * Userspace shouldn't remove status bits unless reset the
288 	 * status to 0.
289 	 */
290 	if (status != 0 && (status_old & ~status) != 0)
291 		return -EINVAL;
292 
293 	if ((status_old & VIRTIO_CONFIG_S_DRIVER_OK) && !(status & VIRTIO_CONFIG_S_DRIVER_OK))
294 		for (i = 0; i < nvqs; i++)
295 			vhost_vdpa_unsetup_vq_irq(v, i);
296 
297 	if (status == 0) {
298 		ret = vdpa_reset(vdpa);
299 		if (ret)
300 			return ret;
301 	} else
302 		vdpa_set_status(vdpa, status);
303 
304 	if ((status & VIRTIO_CONFIG_S_DRIVER_OK) && !(status_old & VIRTIO_CONFIG_S_DRIVER_OK))
305 		for (i = 0; i < nvqs; i++)
306 			vhost_vdpa_setup_vq_irq(v, i);
307 
308 	return 0;
309 }
310 
311 static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
312 				      struct vhost_vdpa_config *c)
313 {
314 	struct vdpa_device *vdpa = v->vdpa;
315 	size_t size = vdpa->config->get_config_size(vdpa);
316 
317 	if (c->len == 0 || c->off > size)
318 		return -EINVAL;
319 
320 	if (c->len > size - c->off)
321 		return -E2BIG;
322 
323 	return 0;
324 }
325 
326 static long vhost_vdpa_get_config(struct vhost_vdpa *v,
327 				  struct vhost_vdpa_config __user *c)
328 {
329 	struct vdpa_device *vdpa = v->vdpa;
330 	struct vhost_vdpa_config config;
331 	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
332 	u8 *buf;
333 
334 	if (copy_from_user(&config, c, size))
335 		return -EFAULT;
336 	if (vhost_vdpa_config_validate(v, &config))
337 		return -EINVAL;
338 	buf = kvzalloc(config.len, GFP_KERNEL);
339 	if (!buf)
340 		return -ENOMEM;
341 
342 	vdpa_get_config(vdpa, config.off, buf, config.len);
343 
344 	if (copy_to_user(c->buf, buf, config.len)) {
345 		kvfree(buf);
346 		return -EFAULT;
347 	}
348 
349 	kvfree(buf);
350 	return 0;
351 }
352 
353 static long vhost_vdpa_set_config(struct vhost_vdpa *v,
354 				  struct vhost_vdpa_config __user *c)
355 {
356 	struct vdpa_device *vdpa = v->vdpa;
357 	struct vhost_vdpa_config config;
358 	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
359 	u8 *buf;
360 
361 	if (copy_from_user(&config, c, size))
362 		return -EFAULT;
363 	if (vhost_vdpa_config_validate(v, &config))
364 		return -EINVAL;
365 
366 	buf = vmemdup_user(c->buf, config.len);
367 	if (IS_ERR(buf))
368 		return PTR_ERR(buf);
369 
370 	vdpa_set_config(vdpa, config.off, buf, config.len);
371 
372 	kvfree(buf);
373 	return 0;
374 }
375 
376 static bool vhost_vdpa_can_suspend(const struct vhost_vdpa *v)
377 {
378 	struct vdpa_device *vdpa = v->vdpa;
379 	const struct vdpa_config_ops *ops = vdpa->config;
380 
381 	return ops->suspend;
382 }
383 
384 static bool vhost_vdpa_can_resume(const struct vhost_vdpa *v)
385 {
386 	struct vdpa_device *vdpa = v->vdpa;
387 	const struct vdpa_config_ops *ops = vdpa->config;
388 
389 	return ops->resume;
390 }
391 
392 static long vhost_vdpa_get_features(struct vhost_vdpa *v, u64 __user *featurep)
393 {
394 	struct vdpa_device *vdpa = v->vdpa;
395 	const struct vdpa_config_ops *ops = vdpa->config;
396 	u64 features;
397 
398 	features = ops->get_device_features(vdpa);
399 
400 	if (copy_to_user(featurep, &features, sizeof(features)))
401 		return -EFAULT;
402 
403 	return 0;
404 }
405 
406 static long vhost_vdpa_set_features(struct vhost_vdpa *v, u64 __user *featurep)
407 {
408 	struct vdpa_device *vdpa = v->vdpa;
409 	const struct vdpa_config_ops *ops = vdpa->config;
410 	struct vhost_dev *d = &v->vdev;
411 	u64 actual_features;
412 	u64 features;
413 	int i;
414 
415 	/*
416 	 * It's not allowed to change the features after they have
417 	 * been negotiated.
418 	 */
419 	if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_FEATURES_OK)
420 		return -EBUSY;
421 
422 	if (copy_from_user(&features, featurep, sizeof(features)))
423 		return -EFAULT;
424 
425 	if (vdpa_set_features(vdpa, features))
426 		return -EINVAL;
427 
428 	/* let the vqs know what has been configured */
429 	actual_features = ops->get_driver_features(vdpa);
430 	for (i = 0; i < d->nvqs; ++i) {
431 		struct vhost_virtqueue *vq = d->vqs[i];
432 
433 		mutex_lock(&vq->mutex);
434 		vq->acked_features = actual_features;
435 		mutex_unlock(&vq->mutex);
436 	}
437 
438 	return 0;
439 }
440 
441 static long vhost_vdpa_get_vring_num(struct vhost_vdpa *v, u16 __user *argp)
442 {
443 	struct vdpa_device *vdpa = v->vdpa;
444 	const struct vdpa_config_ops *ops = vdpa->config;
445 	u16 num;
446 
447 	num = ops->get_vq_num_max(vdpa);
448 
449 	if (copy_to_user(argp, &num, sizeof(num)))
450 		return -EFAULT;
451 
452 	return 0;
453 }
454 
455 static void vhost_vdpa_config_put(struct vhost_vdpa *v)
456 {
457 	if (v->config_ctx) {
458 		eventfd_ctx_put(v->config_ctx);
459 		v->config_ctx = NULL;
460 	}
461 }
462 
463 static long vhost_vdpa_set_config_call(struct vhost_vdpa *v, u32 __user *argp)
464 {
465 	struct vdpa_callback cb;
466 	int fd;
467 	struct eventfd_ctx *ctx;
468 
469 	cb.callback = vhost_vdpa_config_cb;
470 	cb.private = v;
471 	if (copy_from_user(&fd, argp, sizeof(fd)))
472 		return  -EFAULT;
473 
474 	ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd);
475 	swap(ctx, v->config_ctx);
476 
477 	if (!IS_ERR_OR_NULL(ctx))
478 		eventfd_ctx_put(ctx);
479 
480 	if (IS_ERR(v->config_ctx)) {
481 		long ret = PTR_ERR(v->config_ctx);
482 
483 		v->config_ctx = NULL;
484 		return ret;
485 	}
486 
487 	v->vdpa->config->set_config_cb(v->vdpa, &cb);
488 
489 	return 0;
490 }
491 
492 static long vhost_vdpa_get_iova_range(struct vhost_vdpa *v, u32 __user *argp)
493 {
494 	struct vhost_vdpa_iova_range range = {
495 		.first = v->range.first,
496 		.last = v->range.last,
497 	};
498 
499 	if (copy_to_user(argp, &range, sizeof(range)))
500 		return -EFAULT;
501 	return 0;
502 }
503 
504 static long vhost_vdpa_get_config_size(struct vhost_vdpa *v, u32 __user *argp)
505 {
506 	struct vdpa_device *vdpa = v->vdpa;
507 	const struct vdpa_config_ops *ops = vdpa->config;
508 	u32 size;
509 
510 	size = ops->get_config_size(vdpa);
511 
512 	if (copy_to_user(argp, &size, sizeof(size)))
513 		return -EFAULT;
514 
515 	return 0;
516 }
517 
518 static long vhost_vdpa_get_vqs_count(struct vhost_vdpa *v, u32 __user *argp)
519 {
520 	struct vdpa_device *vdpa = v->vdpa;
521 
522 	if (copy_to_user(argp, &vdpa->nvqs, sizeof(vdpa->nvqs)))
523 		return -EFAULT;
524 
525 	return 0;
526 }
527 
528 /* After a successful return of ioctl the device must not process more
529  * virtqueue descriptors. The device can answer to read or writes of config
530  * fields as if it were not suspended. In particular, writing to "queue_enable"
531  * with a value of 1 will not make the device start processing buffers.
532  */
533 static long vhost_vdpa_suspend(struct vhost_vdpa *v)
534 {
535 	struct vdpa_device *vdpa = v->vdpa;
536 	const struct vdpa_config_ops *ops = vdpa->config;
537 
538 	if (!ops->suspend)
539 		return -EOPNOTSUPP;
540 
541 	return ops->suspend(vdpa);
542 }
543 
544 /* After a successful return of this ioctl the device resumes processing
545  * virtqueue descriptors. The device becomes fully operational the same way it
546  * was before it was suspended.
547  */
548 static long vhost_vdpa_resume(struct vhost_vdpa *v)
549 {
550 	struct vdpa_device *vdpa = v->vdpa;
551 	const struct vdpa_config_ops *ops = vdpa->config;
552 
553 	if (!ops->resume)
554 		return -EOPNOTSUPP;
555 
556 	return ops->resume(vdpa);
557 }
558 
559 static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
560 				   void __user *argp)
561 {
562 	struct vdpa_device *vdpa = v->vdpa;
563 	const struct vdpa_config_ops *ops = vdpa->config;
564 	struct vdpa_vq_state vq_state;
565 	struct vdpa_callback cb;
566 	struct vhost_virtqueue *vq;
567 	struct vhost_vring_state s;
568 	u32 idx;
569 	long r;
570 
571 	r = get_user(idx, (u32 __user *)argp);
572 	if (r < 0)
573 		return r;
574 
575 	if (idx >= v->nvqs)
576 		return -ENOBUFS;
577 
578 	idx = array_index_nospec(idx, v->nvqs);
579 	vq = &v->vqs[idx];
580 
581 	switch (cmd) {
582 	case VHOST_VDPA_SET_VRING_ENABLE:
583 		if (copy_from_user(&s, argp, sizeof(s)))
584 			return -EFAULT;
585 		ops->set_vq_ready(vdpa, idx, s.num);
586 		return 0;
587 	case VHOST_VDPA_GET_VRING_GROUP:
588 		if (!ops->get_vq_group)
589 			return -EOPNOTSUPP;
590 		s.index = idx;
591 		s.num = ops->get_vq_group(vdpa, idx);
592 		if (s.num >= vdpa->ngroups)
593 			return -EIO;
594 		else if (copy_to_user(argp, &s, sizeof(s)))
595 			return -EFAULT;
596 		return 0;
597 	case VHOST_VDPA_SET_GROUP_ASID:
598 		if (copy_from_user(&s, argp, sizeof(s)))
599 			return -EFAULT;
600 		if (s.num >= vdpa->nas)
601 			return -EINVAL;
602 		if (!ops->set_group_asid)
603 			return -EOPNOTSUPP;
604 		return ops->set_group_asid(vdpa, idx, s.num);
605 	case VHOST_GET_VRING_BASE:
606 		r = ops->get_vq_state(v->vdpa, idx, &vq_state);
607 		if (r)
608 			return r;
609 
610 		if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
611 			vq->last_avail_idx = vq_state.packed.last_avail_idx |
612 					     (vq_state.packed.last_avail_counter << 15);
613 			vq->last_used_idx = vq_state.packed.last_used_idx |
614 					    (vq_state.packed.last_used_counter << 15);
615 		} else {
616 			vq->last_avail_idx = vq_state.split.avail_index;
617 		}
618 		break;
619 	}
620 
621 	r = vhost_vring_ioctl(&v->vdev, cmd, argp);
622 	if (r)
623 		return r;
624 
625 	switch (cmd) {
626 	case VHOST_SET_VRING_ADDR:
627 		if (ops->set_vq_address(vdpa, idx,
628 					(u64)(uintptr_t)vq->desc,
629 					(u64)(uintptr_t)vq->avail,
630 					(u64)(uintptr_t)vq->used))
631 			r = -EINVAL;
632 		break;
633 
634 	case VHOST_SET_VRING_BASE:
635 		if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
636 			vq_state.packed.last_avail_idx = vq->last_avail_idx & 0x7fff;
637 			vq_state.packed.last_avail_counter = !!(vq->last_avail_idx & 0x8000);
638 			vq_state.packed.last_used_idx = vq->last_used_idx & 0x7fff;
639 			vq_state.packed.last_used_counter = !!(vq->last_used_idx & 0x8000);
640 		} else {
641 			vq_state.split.avail_index = vq->last_avail_idx;
642 		}
643 		r = ops->set_vq_state(vdpa, idx, &vq_state);
644 		break;
645 
646 	case VHOST_SET_VRING_CALL:
647 		if (vq->call_ctx.ctx) {
648 			cb.callback = vhost_vdpa_virtqueue_cb;
649 			cb.private = vq;
650 			cb.trigger = vq->call_ctx.ctx;
651 		} else {
652 			cb.callback = NULL;
653 			cb.private = NULL;
654 			cb.trigger = NULL;
655 		}
656 		ops->set_vq_cb(vdpa, idx, &cb);
657 		vhost_vdpa_setup_vq_irq(v, idx);
658 		break;
659 
660 	case VHOST_SET_VRING_NUM:
661 		ops->set_vq_num(vdpa, idx, vq->num);
662 		break;
663 	}
664 
665 	return r;
666 }
667 
668 static long vhost_vdpa_unlocked_ioctl(struct file *filep,
669 				      unsigned int cmd, unsigned long arg)
670 {
671 	struct vhost_vdpa *v = filep->private_data;
672 	struct vhost_dev *d = &v->vdev;
673 	void __user *argp = (void __user *)arg;
674 	u64 __user *featurep = argp;
675 	u64 features;
676 	long r = 0;
677 
678 	if (cmd == VHOST_SET_BACKEND_FEATURES) {
679 		if (copy_from_user(&features, featurep, sizeof(features)))
680 			return -EFAULT;
681 		if (features & ~(VHOST_VDPA_BACKEND_FEATURES |
682 				 BIT_ULL(VHOST_BACKEND_F_SUSPEND) |
683 				 BIT_ULL(VHOST_BACKEND_F_RESUME)))
684 			return -EOPNOTSUPP;
685 		if ((features & BIT_ULL(VHOST_BACKEND_F_SUSPEND)) &&
686 		     !vhost_vdpa_can_suspend(v))
687 			return -EOPNOTSUPP;
688 		if ((features & BIT_ULL(VHOST_BACKEND_F_RESUME)) &&
689 		     !vhost_vdpa_can_resume(v))
690 			return -EOPNOTSUPP;
691 		vhost_set_backend_features(&v->vdev, features);
692 		return 0;
693 	}
694 
695 	mutex_lock(&d->mutex);
696 
697 	switch (cmd) {
698 	case VHOST_VDPA_GET_DEVICE_ID:
699 		r = vhost_vdpa_get_device_id(v, argp);
700 		break;
701 	case VHOST_VDPA_GET_STATUS:
702 		r = vhost_vdpa_get_status(v, argp);
703 		break;
704 	case VHOST_VDPA_SET_STATUS:
705 		r = vhost_vdpa_set_status(v, argp);
706 		break;
707 	case VHOST_VDPA_GET_CONFIG:
708 		r = vhost_vdpa_get_config(v, argp);
709 		break;
710 	case VHOST_VDPA_SET_CONFIG:
711 		r = vhost_vdpa_set_config(v, argp);
712 		break;
713 	case VHOST_GET_FEATURES:
714 		r = vhost_vdpa_get_features(v, argp);
715 		break;
716 	case VHOST_SET_FEATURES:
717 		r = vhost_vdpa_set_features(v, argp);
718 		break;
719 	case VHOST_VDPA_GET_VRING_NUM:
720 		r = vhost_vdpa_get_vring_num(v, argp);
721 		break;
722 	case VHOST_VDPA_GET_GROUP_NUM:
723 		if (copy_to_user(argp, &v->vdpa->ngroups,
724 				 sizeof(v->vdpa->ngroups)))
725 			r = -EFAULT;
726 		break;
727 	case VHOST_VDPA_GET_AS_NUM:
728 		if (copy_to_user(argp, &v->vdpa->nas, sizeof(v->vdpa->nas)))
729 			r = -EFAULT;
730 		break;
731 	case VHOST_SET_LOG_BASE:
732 	case VHOST_SET_LOG_FD:
733 		r = -ENOIOCTLCMD;
734 		break;
735 	case VHOST_VDPA_SET_CONFIG_CALL:
736 		r = vhost_vdpa_set_config_call(v, argp);
737 		break;
738 	case VHOST_GET_BACKEND_FEATURES:
739 		features = VHOST_VDPA_BACKEND_FEATURES;
740 		if (vhost_vdpa_can_suspend(v))
741 			features |= BIT_ULL(VHOST_BACKEND_F_SUSPEND);
742 		if (vhost_vdpa_can_resume(v))
743 			features |= BIT_ULL(VHOST_BACKEND_F_RESUME);
744 		if (copy_to_user(featurep, &features, sizeof(features)))
745 			r = -EFAULT;
746 		break;
747 	case VHOST_VDPA_GET_IOVA_RANGE:
748 		r = vhost_vdpa_get_iova_range(v, argp);
749 		break;
750 	case VHOST_VDPA_GET_CONFIG_SIZE:
751 		r = vhost_vdpa_get_config_size(v, argp);
752 		break;
753 	case VHOST_VDPA_GET_VQS_COUNT:
754 		r = vhost_vdpa_get_vqs_count(v, argp);
755 		break;
756 	case VHOST_VDPA_SUSPEND:
757 		r = vhost_vdpa_suspend(v);
758 		break;
759 	case VHOST_VDPA_RESUME:
760 		r = vhost_vdpa_resume(v);
761 		break;
762 	default:
763 		r = vhost_dev_ioctl(&v->vdev, cmd, argp);
764 		if (r == -ENOIOCTLCMD)
765 			r = vhost_vdpa_vring_ioctl(v, cmd, argp);
766 		break;
767 	}
768 
769 	if (r)
770 		goto out;
771 
772 	switch (cmd) {
773 	case VHOST_SET_OWNER:
774 		r = vhost_vdpa_bind_mm(v);
775 		if (r)
776 			vhost_dev_reset_owner(d, NULL);
777 		break;
778 	}
779 out:
780 	mutex_unlock(&d->mutex);
781 	return r;
782 }
783 static void vhost_vdpa_general_unmap(struct vhost_vdpa *v,
784 				     struct vhost_iotlb_map *map, u32 asid)
785 {
786 	struct vdpa_device *vdpa = v->vdpa;
787 	const struct vdpa_config_ops *ops = vdpa->config;
788 	if (ops->dma_map) {
789 		ops->dma_unmap(vdpa, asid, map->start, map->size);
790 	} else if (ops->set_map == NULL) {
791 		iommu_unmap(v->domain, map->start, map->size);
792 	}
793 }
794 
795 static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
796 				u64 start, u64 last, u32 asid)
797 {
798 	struct vhost_dev *dev = &v->vdev;
799 	struct vhost_iotlb_map *map;
800 	struct page *page;
801 	unsigned long pfn, pinned;
802 
803 	while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
804 		pinned = PFN_DOWN(map->size);
805 		for (pfn = PFN_DOWN(map->addr);
806 		     pinned > 0; pfn++, pinned--) {
807 			page = pfn_to_page(pfn);
808 			if (map->perm & VHOST_ACCESS_WO)
809 				set_page_dirty_lock(page);
810 			unpin_user_page(page);
811 		}
812 		atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm);
813 		vhost_vdpa_general_unmap(v, map, asid);
814 		vhost_iotlb_map_free(iotlb, map);
815 	}
816 }
817 
818 static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
819 				u64 start, u64 last, u32 asid)
820 {
821 	struct vhost_iotlb_map *map;
822 	struct vdpa_map_file *map_file;
823 
824 	while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
825 		map_file = (struct vdpa_map_file *)map->opaque;
826 		fput(map_file->file);
827 		kfree(map_file);
828 		vhost_vdpa_general_unmap(v, map, asid);
829 		vhost_iotlb_map_free(iotlb, map);
830 	}
831 }
832 
833 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
834 				   struct vhost_iotlb *iotlb, u64 start,
835 				   u64 last, u32 asid)
836 {
837 	struct vdpa_device *vdpa = v->vdpa;
838 
839 	if (vdpa->use_va)
840 		return vhost_vdpa_va_unmap(v, iotlb, start, last, asid);
841 
842 	return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid);
843 }
844 
845 static int perm_to_iommu_flags(u32 perm)
846 {
847 	int flags = 0;
848 
849 	switch (perm) {
850 	case VHOST_ACCESS_WO:
851 		flags |= IOMMU_WRITE;
852 		break;
853 	case VHOST_ACCESS_RO:
854 		flags |= IOMMU_READ;
855 		break;
856 	case VHOST_ACCESS_RW:
857 		flags |= (IOMMU_WRITE | IOMMU_READ);
858 		break;
859 	default:
860 		WARN(1, "invalidate vhost IOTLB permission\n");
861 		break;
862 	}
863 
864 	return flags | IOMMU_CACHE;
865 }
866 
867 static int vhost_vdpa_map(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
868 			  u64 iova, u64 size, u64 pa, u32 perm, void *opaque)
869 {
870 	struct vhost_dev *dev = &v->vdev;
871 	struct vdpa_device *vdpa = v->vdpa;
872 	const struct vdpa_config_ops *ops = vdpa->config;
873 	u32 asid = iotlb_to_asid(iotlb);
874 	int r = 0;
875 
876 	r = vhost_iotlb_add_range_ctx(iotlb, iova, iova + size - 1,
877 				      pa, perm, opaque);
878 	if (r)
879 		return r;
880 
881 	if (ops->dma_map) {
882 		r = ops->dma_map(vdpa, asid, iova, size, pa, perm, opaque);
883 	} else if (ops->set_map) {
884 		if (!v->in_batch)
885 			r = ops->set_map(vdpa, asid, iotlb);
886 	} else {
887 		r = iommu_map(v->domain, iova, pa, size,
888 			      perm_to_iommu_flags(perm), GFP_KERNEL);
889 	}
890 	if (r) {
891 		vhost_iotlb_del_range(iotlb, iova, iova + size - 1);
892 		return r;
893 	}
894 
895 	if (!vdpa->use_va)
896 		atomic64_add(PFN_DOWN(size), &dev->mm->pinned_vm);
897 
898 	return 0;
899 }
900 
901 static void vhost_vdpa_unmap(struct vhost_vdpa *v,
902 			     struct vhost_iotlb *iotlb,
903 			     u64 iova, u64 size)
904 {
905 	struct vdpa_device *vdpa = v->vdpa;
906 	const struct vdpa_config_ops *ops = vdpa->config;
907 	u32 asid = iotlb_to_asid(iotlb);
908 
909 	vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid);
910 
911 	if (ops->set_map) {
912 		if (!v->in_batch)
913 			ops->set_map(vdpa, asid, iotlb);
914 	}
915 
916 }
917 
918 static int vhost_vdpa_va_map(struct vhost_vdpa *v,
919 			     struct vhost_iotlb *iotlb,
920 			     u64 iova, u64 size, u64 uaddr, u32 perm)
921 {
922 	struct vhost_dev *dev = &v->vdev;
923 	u64 offset, map_size, map_iova = iova;
924 	struct vdpa_map_file *map_file;
925 	struct vm_area_struct *vma;
926 	int ret = 0;
927 
928 	mmap_read_lock(dev->mm);
929 
930 	while (size) {
931 		vma = find_vma(dev->mm, uaddr);
932 		if (!vma) {
933 			ret = -EINVAL;
934 			break;
935 		}
936 		map_size = min(size, vma->vm_end - uaddr);
937 		if (!(vma->vm_file && (vma->vm_flags & VM_SHARED) &&
938 			!(vma->vm_flags & (VM_IO | VM_PFNMAP))))
939 			goto next;
940 
941 		map_file = kzalloc(sizeof(*map_file), GFP_KERNEL);
942 		if (!map_file) {
943 			ret = -ENOMEM;
944 			break;
945 		}
946 		offset = (vma->vm_pgoff << PAGE_SHIFT) + uaddr - vma->vm_start;
947 		map_file->offset = offset;
948 		map_file->file = get_file(vma->vm_file);
949 		ret = vhost_vdpa_map(v, iotlb, map_iova, map_size, uaddr,
950 				     perm, map_file);
951 		if (ret) {
952 			fput(map_file->file);
953 			kfree(map_file);
954 			break;
955 		}
956 next:
957 		size -= map_size;
958 		uaddr += map_size;
959 		map_iova += map_size;
960 	}
961 	if (ret)
962 		vhost_vdpa_unmap(v, iotlb, iova, map_iova - iova);
963 
964 	mmap_read_unlock(dev->mm);
965 
966 	return ret;
967 }
968 
969 static int vhost_vdpa_pa_map(struct vhost_vdpa *v,
970 			     struct vhost_iotlb *iotlb,
971 			     u64 iova, u64 size, u64 uaddr, u32 perm)
972 {
973 	struct vhost_dev *dev = &v->vdev;
974 	struct page **page_list;
975 	unsigned long list_size = PAGE_SIZE / sizeof(struct page *);
976 	unsigned int gup_flags = FOLL_LONGTERM;
977 	unsigned long npages, cur_base, map_pfn, last_pfn = 0;
978 	unsigned long lock_limit, sz2pin, nchunks, i;
979 	u64 start = iova;
980 	long pinned;
981 	int ret = 0;
982 
983 	/* Limit the use of memory for bookkeeping */
984 	page_list = (struct page **) __get_free_page(GFP_KERNEL);
985 	if (!page_list)
986 		return -ENOMEM;
987 
988 	if (perm & VHOST_ACCESS_WO)
989 		gup_flags |= FOLL_WRITE;
990 
991 	npages = PFN_UP(size + (iova & ~PAGE_MASK));
992 	if (!npages) {
993 		ret = -EINVAL;
994 		goto free;
995 	}
996 
997 	mmap_read_lock(dev->mm);
998 
999 	lock_limit = PFN_DOWN(rlimit(RLIMIT_MEMLOCK));
1000 	if (npages + atomic64_read(&dev->mm->pinned_vm) > lock_limit) {
1001 		ret = -ENOMEM;
1002 		goto unlock;
1003 	}
1004 
1005 	cur_base = uaddr & PAGE_MASK;
1006 	iova &= PAGE_MASK;
1007 	nchunks = 0;
1008 
1009 	while (npages) {
1010 		sz2pin = min_t(unsigned long, npages, list_size);
1011 		pinned = pin_user_pages(cur_base, sz2pin,
1012 					gup_flags, page_list);
1013 		if (sz2pin != pinned) {
1014 			if (pinned < 0) {
1015 				ret = pinned;
1016 			} else {
1017 				unpin_user_pages(page_list, pinned);
1018 				ret = -ENOMEM;
1019 			}
1020 			goto out;
1021 		}
1022 		nchunks++;
1023 
1024 		if (!last_pfn)
1025 			map_pfn = page_to_pfn(page_list[0]);
1026 
1027 		for (i = 0; i < pinned; i++) {
1028 			unsigned long this_pfn = page_to_pfn(page_list[i]);
1029 			u64 csize;
1030 
1031 			if (last_pfn && (this_pfn != last_pfn + 1)) {
1032 				/* Pin a contiguous chunk of memory */
1033 				csize = PFN_PHYS(last_pfn - map_pfn + 1);
1034 				ret = vhost_vdpa_map(v, iotlb, iova, csize,
1035 						     PFN_PHYS(map_pfn),
1036 						     perm, NULL);
1037 				if (ret) {
1038 					/*
1039 					 * Unpin the pages that are left unmapped
1040 					 * from this point on in the current
1041 					 * page_list. The remaining outstanding
1042 					 * ones which may stride across several
1043 					 * chunks will be covered in the common
1044 					 * error path subsequently.
1045 					 */
1046 					unpin_user_pages(&page_list[i],
1047 							 pinned - i);
1048 					goto out;
1049 				}
1050 
1051 				map_pfn = this_pfn;
1052 				iova += csize;
1053 				nchunks = 0;
1054 			}
1055 
1056 			last_pfn = this_pfn;
1057 		}
1058 
1059 		cur_base += PFN_PHYS(pinned);
1060 		npages -= pinned;
1061 	}
1062 
1063 	/* Pin the rest chunk */
1064 	ret = vhost_vdpa_map(v, iotlb, iova, PFN_PHYS(last_pfn - map_pfn + 1),
1065 			     PFN_PHYS(map_pfn), perm, NULL);
1066 out:
1067 	if (ret) {
1068 		if (nchunks) {
1069 			unsigned long pfn;
1070 
1071 			/*
1072 			 * Unpin the outstanding pages which are yet to be
1073 			 * mapped but haven't due to vdpa_map() or
1074 			 * pin_user_pages() failure.
1075 			 *
1076 			 * Mapped pages are accounted in vdpa_map(), hence
1077 			 * the corresponding unpinning will be handled by
1078 			 * vdpa_unmap().
1079 			 */
1080 			WARN_ON(!last_pfn);
1081 			for (pfn = map_pfn; pfn <= last_pfn; pfn++)
1082 				unpin_user_page(pfn_to_page(pfn));
1083 		}
1084 		vhost_vdpa_unmap(v, iotlb, start, size);
1085 	}
1086 unlock:
1087 	mmap_read_unlock(dev->mm);
1088 free:
1089 	free_page((unsigned long)page_list);
1090 	return ret;
1091 
1092 }
1093 
1094 static int vhost_vdpa_process_iotlb_update(struct vhost_vdpa *v,
1095 					   struct vhost_iotlb *iotlb,
1096 					   struct vhost_iotlb_msg *msg)
1097 {
1098 	struct vdpa_device *vdpa = v->vdpa;
1099 
1100 	if (msg->iova < v->range.first || !msg->size ||
1101 	    msg->iova > U64_MAX - msg->size + 1 ||
1102 	    msg->iova + msg->size - 1 > v->range.last)
1103 		return -EINVAL;
1104 
1105 	if (vhost_iotlb_itree_first(iotlb, msg->iova,
1106 				    msg->iova + msg->size - 1))
1107 		return -EEXIST;
1108 
1109 	if (vdpa->use_va)
1110 		return vhost_vdpa_va_map(v, iotlb, msg->iova, msg->size,
1111 					 msg->uaddr, msg->perm);
1112 
1113 	return vhost_vdpa_pa_map(v, iotlb, msg->iova, msg->size, msg->uaddr,
1114 				 msg->perm);
1115 }
1116 
1117 static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, u32 asid,
1118 					struct vhost_iotlb_msg *msg)
1119 {
1120 	struct vhost_vdpa *v = container_of(dev, struct vhost_vdpa, vdev);
1121 	struct vdpa_device *vdpa = v->vdpa;
1122 	const struct vdpa_config_ops *ops = vdpa->config;
1123 	struct vhost_iotlb *iotlb = NULL;
1124 	struct vhost_vdpa_as *as = NULL;
1125 	int r = 0;
1126 
1127 	mutex_lock(&dev->mutex);
1128 
1129 	r = vhost_dev_check_owner(dev);
1130 	if (r)
1131 		goto unlock;
1132 
1133 	if (msg->type == VHOST_IOTLB_UPDATE ||
1134 	    msg->type == VHOST_IOTLB_BATCH_BEGIN) {
1135 		as = vhost_vdpa_find_alloc_as(v, asid);
1136 		if (!as) {
1137 			dev_err(&v->dev, "can't find and alloc asid %d\n",
1138 				asid);
1139 			r = -EINVAL;
1140 			goto unlock;
1141 		}
1142 		iotlb = &as->iotlb;
1143 	} else
1144 		iotlb = asid_to_iotlb(v, asid);
1145 
1146 	if ((v->in_batch && v->batch_asid != asid) || !iotlb) {
1147 		if (v->in_batch && v->batch_asid != asid) {
1148 			dev_info(&v->dev, "batch id %d asid %d\n",
1149 				 v->batch_asid, asid);
1150 		}
1151 		if (!iotlb)
1152 			dev_err(&v->dev, "no iotlb for asid %d\n", asid);
1153 		r = -EINVAL;
1154 		goto unlock;
1155 	}
1156 
1157 	switch (msg->type) {
1158 	case VHOST_IOTLB_UPDATE:
1159 		r = vhost_vdpa_process_iotlb_update(v, iotlb, msg);
1160 		break;
1161 	case VHOST_IOTLB_INVALIDATE:
1162 		vhost_vdpa_unmap(v, iotlb, msg->iova, msg->size);
1163 		break;
1164 	case VHOST_IOTLB_BATCH_BEGIN:
1165 		v->batch_asid = asid;
1166 		v->in_batch = true;
1167 		break;
1168 	case VHOST_IOTLB_BATCH_END:
1169 		if (v->in_batch && ops->set_map)
1170 			ops->set_map(vdpa, asid, iotlb);
1171 		v->in_batch = false;
1172 		break;
1173 	default:
1174 		r = -EINVAL;
1175 		break;
1176 	}
1177 unlock:
1178 	mutex_unlock(&dev->mutex);
1179 
1180 	return r;
1181 }
1182 
1183 static ssize_t vhost_vdpa_chr_write_iter(struct kiocb *iocb,
1184 					 struct iov_iter *from)
1185 {
1186 	struct file *file = iocb->ki_filp;
1187 	struct vhost_vdpa *v = file->private_data;
1188 	struct vhost_dev *dev = &v->vdev;
1189 
1190 	return vhost_chr_write_iter(dev, from);
1191 }
1192 
1193 static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
1194 {
1195 	struct vdpa_device *vdpa = v->vdpa;
1196 	const struct vdpa_config_ops *ops = vdpa->config;
1197 	struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1198 	const struct bus_type *bus;
1199 	int ret;
1200 
1201 	/* Device want to do DMA by itself */
1202 	if (ops->set_map || ops->dma_map)
1203 		return 0;
1204 
1205 	bus = dma_dev->bus;
1206 	if (!bus)
1207 		return -EFAULT;
1208 
1209 	if (!device_iommu_capable(dma_dev, IOMMU_CAP_CACHE_COHERENCY)) {
1210 		dev_warn_once(&v->dev,
1211 			      "Failed to allocate domain, device is not IOMMU cache coherent capable\n");
1212 		return -ENOTSUPP;
1213 	}
1214 
1215 	v->domain = iommu_domain_alloc(bus);
1216 	if (!v->domain)
1217 		return -EIO;
1218 
1219 	ret = iommu_attach_device(v->domain, dma_dev);
1220 	if (ret)
1221 		goto err_attach;
1222 
1223 	return 0;
1224 
1225 err_attach:
1226 	iommu_domain_free(v->domain);
1227 	v->domain = NULL;
1228 	return ret;
1229 }
1230 
1231 static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
1232 {
1233 	struct vdpa_device *vdpa = v->vdpa;
1234 	struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1235 
1236 	if (v->domain) {
1237 		iommu_detach_device(v->domain, dma_dev);
1238 		iommu_domain_free(v->domain);
1239 	}
1240 
1241 	v->domain = NULL;
1242 }
1243 
1244 static void vhost_vdpa_set_iova_range(struct vhost_vdpa *v)
1245 {
1246 	struct vdpa_iova_range *range = &v->range;
1247 	struct vdpa_device *vdpa = v->vdpa;
1248 	const struct vdpa_config_ops *ops = vdpa->config;
1249 
1250 	if (ops->get_iova_range) {
1251 		*range = ops->get_iova_range(vdpa);
1252 	} else if (v->domain && v->domain->geometry.force_aperture) {
1253 		range->first = v->domain->geometry.aperture_start;
1254 		range->last = v->domain->geometry.aperture_end;
1255 	} else {
1256 		range->first = 0;
1257 		range->last = ULLONG_MAX;
1258 	}
1259 }
1260 
1261 static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
1262 {
1263 	struct vhost_vdpa_as *as;
1264 	u32 asid;
1265 
1266 	for (asid = 0; asid < v->vdpa->nas; asid++) {
1267 		as = asid_to_as(v, asid);
1268 		if (as)
1269 			vhost_vdpa_remove_as(v, asid);
1270 	}
1271 
1272 	vhost_vdpa_free_domain(v);
1273 	vhost_dev_cleanup(&v->vdev);
1274 	kfree(v->vdev.vqs);
1275 }
1276 
1277 static int vhost_vdpa_open(struct inode *inode, struct file *filep)
1278 {
1279 	struct vhost_vdpa *v;
1280 	struct vhost_dev *dev;
1281 	struct vhost_virtqueue **vqs;
1282 	int r, opened;
1283 	u32 i, nvqs;
1284 
1285 	v = container_of(inode->i_cdev, struct vhost_vdpa, cdev);
1286 
1287 	opened = atomic_cmpxchg(&v->opened, 0, 1);
1288 	if (opened)
1289 		return -EBUSY;
1290 
1291 	nvqs = v->nvqs;
1292 	r = vhost_vdpa_reset(v);
1293 	if (r)
1294 		goto err;
1295 
1296 	vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
1297 	if (!vqs) {
1298 		r = -ENOMEM;
1299 		goto err;
1300 	}
1301 
1302 	dev = &v->vdev;
1303 	for (i = 0; i < nvqs; i++) {
1304 		vqs[i] = &v->vqs[i];
1305 		vqs[i]->handle_kick = handle_vq_kick;
1306 	}
1307 	vhost_dev_init(dev, vqs, nvqs, 0, 0, 0, false,
1308 		       vhost_vdpa_process_iotlb_msg);
1309 
1310 	r = vhost_vdpa_alloc_domain(v);
1311 	if (r)
1312 		goto err_alloc_domain;
1313 
1314 	vhost_vdpa_set_iova_range(v);
1315 
1316 	filep->private_data = v;
1317 
1318 	return 0;
1319 
1320 err_alloc_domain:
1321 	vhost_vdpa_cleanup(v);
1322 err:
1323 	atomic_dec(&v->opened);
1324 	return r;
1325 }
1326 
1327 static void vhost_vdpa_clean_irq(struct vhost_vdpa *v)
1328 {
1329 	u32 i;
1330 
1331 	for (i = 0; i < v->nvqs; i++)
1332 		vhost_vdpa_unsetup_vq_irq(v, i);
1333 }
1334 
1335 static int vhost_vdpa_release(struct inode *inode, struct file *filep)
1336 {
1337 	struct vhost_vdpa *v = filep->private_data;
1338 	struct vhost_dev *d = &v->vdev;
1339 
1340 	mutex_lock(&d->mutex);
1341 	filep->private_data = NULL;
1342 	vhost_vdpa_clean_irq(v);
1343 	vhost_vdpa_reset(v);
1344 	vhost_dev_stop(&v->vdev);
1345 	vhost_vdpa_unbind_mm(v);
1346 	vhost_vdpa_config_put(v);
1347 	vhost_vdpa_cleanup(v);
1348 	mutex_unlock(&d->mutex);
1349 
1350 	atomic_dec(&v->opened);
1351 	complete(&v->completion);
1352 
1353 	return 0;
1354 }
1355 
1356 #ifdef CONFIG_MMU
1357 static vm_fault_t vhost_vdpa_fault(struct vm_fault *vmf)
1358 {
1359 	struct vhost_vdpa *v = vmf->vma->vm_file->private_data;
1360 	struct vdpa_device *vdpa = v->vdpa;
1361 	const struct vdpa_config_ops *ops = vdpa->config;
1362 	struct vdpa_notification_area notify;
1363 	struct vm_area_struct *vma = vmf->vma;
1364 	u16 index = vma->vm_pgoff;
1365 
1366 	notify = ops->get_vq_notification(vdpa, index);
1367 
1368 	vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
1369 	if (remap_pfn_range(vma, vmf->address & PAGE_MASK,
1370 			    PFN_DOWN(notify.addr), PAGE_SIZE,
1371 			    vma->vm_page_prot))
1372 		return VM_FAULT_SIGBUS;
1373 
1374 	return VM_FAULT_NOPAGE;
1375 }
1376 
1377 static const struct vm_operations_struct vhost_vdpa_vm_ops = {
1378 	.fault = vhost_vdpa_fault,
1379 };
1380 
1381 static int vhost_vdpa_mmap(struct file *file, struct vm_area_struct *vma)
1382 {
1383 	struct vhost_vdpa *v = vma->vm_file->private_data;
1384 	struct vdpa_device *vdpa = v->vdpa;
1385 	const struct vdpa_config_ops *ops = vdpa->config;
1386 	struct vdpa_notification_area notify;
1387 	unsigned long index = vma->vm_pgoff;
1388 
1389 	if (vma->vm_end - vma->vm_start != PAGE_SIZE)
1390 		return -EINVAL;
1391 	if ((vma->vm_flags & VM_SHARED) == 0)
1392 		return -EINVAL;
1393 	if (vma->vm_flags & VM_READ)
1394 		return -EINVAL;
1395 	if (index > 65535)
1396 		return -EINVAL;
1397 	if (!ops->get_vq_notification)
1398 		return -ENOTSUPP;
1399 
1400 	/* To be safe and easily modelled by userspace, We only
1401 	 * support the doorbell which sits on the page boundary and
1402 	 * does not share the page with other registers.
1403 	 */
1404 	notify = ops->get_vq_notification(vdpa, index);
1405 	if (notify.addr & (PAGE_SIZE - 1))
1406 		return -EINVAL;
1407 	if (vma->vm_end - vma->vm_start != notify.size)
1408 		return -ENOTSUPP;
1409 
1410 	vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
1411 	vma->vm_ops = &vhost_vdpa_vm_ops;
1412 	return 0;
1413 }
1414 #endif /* CONFIG_MMU */
1415 
1416 static const struct file_operations vhost_vdpa_fops = {
1417 	.owner		= THIS_MODULE,
1418 	.open		= vhost_vdpa_open,
1419 	.release	= vhost_vdpa_release,
1420 	.write_iter	= vhost_vdpa_chr_write_iter,
1421 	.unlocked_ioctl	= vhost_vdpa_unlocked_ioctl,
1422 #ifdef CONFIG_MMU
1423 	.mmap		= vhost_vdpa_mmap,
1424 #endif /* CONFIG_MMU */
1425 	.compat_ioctl	= compat_ptr_ioctl,
1426 };
1427 
1428 static void vhost_vdpa_release_dev(struct device *device)
1429 {
1430 	struct vhost_vdpa *v =
1431 	       container_of(device, struct vhost_vdpa, dev);
1432 
1433 	ida_simple_remove(&vhost_vdpa_ida, v->minor);
1434 	kfree(v->vqs);
1435 	kfree(v);
1436 }
1437 
1438 static int vhost_vdpa_probe(struct vdpa_device *vdpa)
1439 {
1440 	const struct vdpa_config_ops *ops = vdpa->config;
1441 	struct vhost_vdpa *v;
1442 	int minor;
1443 	int i, r;
1444 
1445 	/* We can't support platform IOMMU device with more than 1
1446 	 * group or as
1447 	 */
1448 	if (!ops->set_map && !ops->dma_map &&
1449 	    (vdpa->ngroups > 1 || vdpa->nas > 1))
1450 		return -EOPNOTSUPP;
1451 
1452 	v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1453 	if (!v)
1454 		return -ENOMEM;
1455 
1456 	minor = ida_simple_get(&vhost_vdpa_ida, 0,
1457 			       VHOST_VDPA_DEV_MAX, GFP_KERNEL);
1458 	if (minor < 0) {
1459 		kfree(v);
1460 		return minor;
1461 	}
1462 
1463 	atomic_set(&v->opened, 0);
1464 	v->minor = minor;
1465 	v->vdpa = vdpa;
1466 	v->nvqs = vdpa->nvqs;
1467 	v->virtio_id = ops->get_device_id(vdpa);
1468 
1469 	device_initialize(&v->dev);
1470 	v->dev.release = vhost_vdpa_release_dev;
1471 	v->dev.parent = &vdpa->dev;
1472 	v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor);
1473 	v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue),
1474 			       GFP_KERNEL);
1475 	if (!v->vqs) {
1476 		r = -ENOMEM;
1477 		goto err;
1478 	}
1479 
1480 	r = dev_set_name(&v->dev, "vhost-vdpa-%u", minor);
1481 	if (r)
1482 		goto err;
1483 
1484 	cdev_init(&v->cdev, &vhost_vdpa_fops);
1485 	v->cdev.owner = THIS_MODULE;
1486 
1487 	r = cdev_device_add(&v->cdev, &v->dev);
1488 	if (r)
1489 		goto err;
1490 
1491 	init_completion(&v->completion);
1492 	vdpa_set_drvdata(vdpa, v);
1493 
1494 	for (i = 0; i < VHOST_VDPA_IOTLB_BUCKETS; i++)
1495 		INIT_HLIST_HEAD(&v->as[i]);
1496 
1497 	return 0;
1498 
1499 err:
1500 	put_device(&v->dev);
1501 	ida_simple_remove(&vhost_vdpa_ida, v->minor);
1502 	return r;
1503 }
1504 
1505 static void vhost_vdpa_remove(struct vdpa_device *vdpa)
1506 {
1507 	struct vhost_vdpa *v = vdpa_get_drvdata(vdpa);
1508 	int opened;
1509 
1510 	cdev_device_del(&v->cdev, &v->dev);
1511 
1512 	do {
1513 		opened = atomic_cmpxchg(&v->opened, 0, 1);
1514 		if (!opened)
1515 			break;
1516 		wait_for_completion(&v->completion);
1517 	} while (1);
1518 
1519 	put_device(&v->dev);
1520 }
1521 
1522 static struct vdpa_driver vhost_vdpa_driver = {
1523 	.driver = {
1524 		.name	= "vhost_vdpa",
1525 	},
1526 	.probe	= vhost_vdpa_probe,
1527 	.remove	= vhost_vdpa_remove,
1528 };
1529 
1530 static int __init vhost_vdpa_init(void)
1531 {
1532 	int r;
1533 
1534 	r = alloc_chrdev_region(&vhost_vdpa_major, 0, VHOST_VDPA_DEV_MAX,
1535 				"vhost-vdpa");
1536 	if (r)
1537 		goto err_alloc_chrdev;
1538 
1539 	r = vdpa_register_driver(&vhost_vdpa_driver);
1540 	if (r)
1541 		goto err_vdpa_register_driver;
1542 
1543 	return 0;
1544 
1545 err_vdpa_register_driver:
1546 	unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1547 err_alloc_chrdev:
1548 	return r;
1549 }
1550 module_init(vhost_vdpa_init);
1551 
1552 static void __exit vhost_vdpa_exit(void)
1553 {
1554 	vdpa_unregister_driver(&vhost_vdpa_driver);
1555 	unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1556 }
1557 module_exit(vhost_vdpa_exit);
1558 
1559 MODULE_VERSION("0.0.1");
1560 MODULE_LICENSE("GPL v2");
1561 MODULE_AUTHOR("Intel Corporation");
1562 MODULE_DESCRIPTION("vDPA-based vhost backend for virtio");
1563