xref: /linux/drivers/vhost/vdpa.c (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2018-2020 Intel Corporation.
4  * Copyright (C) 2020 Red Hat, Inc.
5  *
6  * Author: Tiwei Bie <tiwei.bie@intel.com>
7  *         Jason Wang <jasowang@redhat.com>
8  *
9  * Thanks Michael S. Tsirkin for the valuable comments and
10  * suggestions.  And thanks to Cunming Liang and Zhihong Wang for all
11  * their supports.
12  */
13 
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/cdev.h>
17 #include <linux/device.h>
18 #include <linux/mm.h>
19 #include <linux/slab.h>
20 #include <linux/iommu.h>
21 #include <linux/uuid.h>
22 #include <linux/vdpa.h>
23 #include <linux/nospec.h>
24 #include <linux/vhost.h>
25 
26 #include "vhost.h"
27 
28 enum {
29 	VHOST_VDPA_BACKEND_FEATURES =
30 	(1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2) |
31 	(1ULL << VHOST_BACKEND_F_IOTLB_BATCH) |
32 	(1ULL << VHOST_BACKEND_F_IOTLB_ASID),
33 };
34 
35 #define VHOST_VDPA_DEV_MAX (1U << MINORBITS)
36 
37 #define VHOST_VDPA_IOTLB_BUCKETS 16
38 
39 struct vhost_vdpa_as {
40 	struct hlist_node hash_link;
41 	struct vhost_iotlb iotlb;
42 	u32 id;
43 };
44 
45 struct vhost_vdpa {
46 	struct vhost_dev vdev;
47 	struct iommu_domain *domain;
48 	struct vhost_virtqueue *vqs;
49 	struct completion completion;
50 	struct vdpa_device *vdpa;
51 	struct hlist_head as[VHOST_VDPA_IOTLB_BUCKETS];
52 	struct device dev;
53 	struct cdev cdev;
54 	atomic_t opened;
55 	u32 nvqs;
56 	int virtio_id;
57 	int minor;
58 	struct eventfd_ctx *config_ctx;
59 	int in_batch;
60 	struct vdpa_iova_range range;
61 	u32 batch_asid;
62 	bool suspended;
63 };
64 
65 static DEFINE_IDA(vhost_vdpa_ida);
66 
67 static dev_t vhost_vdpa_major;
68 
69 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
70 				   struct vhost_iotlb *iotlb, u64 start,
71 				   u64 last, u32 asid);
72 
73 static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb)
74 {
75 	struct vhost_vdpa_as *as = container_of(iotlb, struct
76 						vhost_vdpa_as, iotlb);
77 	return as->id;
78 }
79 
80 static struct vhost_vdpa_as *asid_to_as(struct vhost_vdpa *v, u32 asid)
81 {
82 	struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
83 	struct vhost_vdpa_as *as;
84 
85 	hlist_for_each_entry(as, head, hash_link)
86 		if (as->id == asid)
87 			return as;
88 
89 	return NULL;
90 }
91 
92 static struct vhost_iotlb *asid_to_iotlb(struct vhost_vdpa *v, u32 asid)
93 {
94 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
95 
96 	if (!as)
97 		return NULL;
98 
99 	return &as->iotlb;
100 }
101 
102 static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid)
103 {
104 	struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS];
105 	struct vhost_vdpa_as *as;
106 
107 	if (asid_to_as(v, asid))
108 		return NULL;
109 
110 	if (asid >= v->vdpa->nas)
111 		return NULL;
112 
113 	as = kmalloc(sizeof(*as), GFP_KERNEL);
114 	if (!as)
115 		return NULL;
116 
117 	vhost_iotlb_init(&as->iotlb, 0, 0);
118 	as->id = asid;
119 	hlist_add_head(&as->hash_link, head);
120 
121 	return as;
122 }
123 
124 static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v,
125 						      u32 asid)
126 {
127 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
128 
129 	if (as)
130 		return as;
131 
132 	return vhost_vdpa_alloc_as(v, asid);
133 }
134 
135 static void vhost_vdpa_reset_map(struct vhost_vdpa *v, u32 asid)
136 {
137 	struct vdpa_device *vdpa = v->vdpa;
138 	const struct vdpa_config_ops *ops = vdpa->config;
139 
140 	if (ops->reset_map)
141 		ops->reset_map(vdpa, asid);
142 }
143 
144 static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid)
145 {
146 	struct vhost_vdpa_as *as = asid_to_as(v, asid);
147 
148 	if (!as)
149 		return -EINVAL;
150 
151 	hlist_del(&as->hash_link);
152 	vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid);
153 	/*
154 	 * Devices with vendor specific IOMMU may need to restore
155 	 * iotlb to the initial or default state, which cannot be
156 	 * cleaned up in the all range unmap call above. Give them
157 	 * a chance to clean up or reset the map to the desired
158 	 * state.
159 	 */
160 	vhost_vdpa_reset_map(v, asid);
161 	kfree(as);
162 
163 	return 0;
164 }
165 
166 static void handle_vq_kick(struct vhost_work *work)
167 {
168 	struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
169 						  poll.work);
170 	struct vhost_vdpa *v = container_of(vq->dev, struct vhost_vdpa, vdev);
171 	const struct vdpa_config_ops *ops = v->vdpa->config;
172 
173 	ops->kick_vq(v->vdpa, vq - v->vqs);
174 }
175 
176 static irqreturn_t vhost_vdpa_virtqueue_cb(void *private)
177 {
178 	struct vhost_virtqueue *vq = private;
179 	struct eventfd_ctx *call_ctx = vq->call_ctx.ctx;
180 
181 	if (call_ctx)
182 		eventfd_signal(call_ctx);
183 
184 	return IRQ_HANDLED;
185 }
186 
187 static irqreturn_t vhost_vdpa_config_cb(void *private)
188 {
189 	struct vhost_vdpa *v = private;
190 	struct eventfd_ctx *config_ctx = v->config_ctx;
191 
192 	if (config_ctx)
193 		eventfd_signal(config_ctx);
194 
195 	return IRQ_HANDLED;
196 }
197 
198 static void vhost_vdpa_setup_vq_irq(struct vhost_vdpa *v, u16 qid)
199 {
200 	struct vhost_virtqueue *vq = &v->vqs[qid];
201 	const struct vdpa_config_ops *ops = v->vdpa->config;
202 	struct vdpa_device *vdpa = v->vdpa;
203 	int ret, irq;
204 
205 	if (!ops->get_vq_irq)
206 		return;
207 
208 	irq = ops->get_vq_irq(vdpa, qid);
209 	if (irq < 0)
210 		return;
211 
212 	if (!vq->call_ctx.ctx)
213 		return;
214 
215 	vq->call_ctx.producer.irq = irq;
216 	ret = irq_bypass_register_producer(&vq->call_ctx.producer);
217 	if (unlikely(ret))
218 		dev_info(&v->dev, "vq %u, irq bypass producer (token %p) registration fails, ret =  %d\n",
219 			 qid, vq->call_ctx.producer.token, ret);
220 }
221 
222 static void vhost_vdpa_unsetup_vq_irq(struct vhost_vdpa *v, u16 qid)
223 {
224 	struct vhost_virtqueue *vq = &v->vqs[qid];
225 
226 	irq_bypass_unregister_producer(&vq->call_ctx.producer);
227 }
228 
229 static int _compat_vdpa_reset(struct vhost_vdpa *v)
230 {
231 	struct vdpa_device *vdpa = v->vdpa;
232 	u32 flags = 0;
233 
234 	v->suspended = false;
235 
236 	if (v->vdev.vqs) {
237 		flags |= !vhost_backend_has_feature(v->vdev.vqs[0],
238 						    VHOST_BACKEND_F_IOTLB_PERSIST) ?
239 			 VDPA_RESET_F_CLEAN_MAP : 0;
240 	}
241 
242 	return vdpa_reset(vdpa, flags);
243 }
244 
245 static int vhost_vdpa_reset(struct vhost_vdpa *v)
246 {
247 	v->in_batch = 0;
248 	return _compat_vdpa_reset(v);
249 }
250 
251 static long vhost_vdpa_bind_mm(struct vhost_vdpa *v)
252 {
253 	struct vdpa_device *vdpa = v->vdpa;
254 	const struct vdpa_config_ops *ops = vdpa->config;
255 
256 	if (!vdpa->use_va || !ops->bind_mm)
257 		return 0;
258 
259 	return ops->bind_mm(vdpa, v->vdev.mm);
260 }
261 
262 static void vhost_vdpa_unbind_mm(struct vhost_vdpa *v)
263 {
264 	struct vdpa_device *vdpa = v->vdpa;
265 	const struct vdpa_config_ops *ops = vdpa->config;
266 
267 	if (!vdpa->use_va || !ops->unbind_mm)
268 		return;
269 
270 	ops->unbind_mm(vdpa);
271 }
272 
273 static long vhost_vdpa_get_device_id(struct vhost_vdpa *v, u8 __user *argp)
274 {
275 	struct vdpa_device *vdpa = v->vdpa;
276 	const struct vdpa_config_ops *ops = vdpa->config;
277 	u32 device_id;
278 
279 	device_id = ops->get_device_id(vdpa);
280 
281 	if (copy_to_user(argp, &device_id, sizeof(device_id)))
282 		return -EFAULT;
283 
284 	return 0;
285 }
286 
287 static long vhost_vdpa_get_status(struct vhost_vdpa *v, u8 __user *statusp)
288 {
289 	struct vdpa_device *vdpa = v->vdpa;
290 	const struct vdpa_config_ops *ops = vdpa->config;
291 	u8 status;
292 
293 	status = ops->get_status(vdpa);
294 
295 	if (copy_to_user(statusp, &status, sizeof(status)))
296 		return -EFAULT;
297 
298 	return 0;
299 }
300 
301 static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
302 {
303 	struct vdpa_device *vdpa = v->vdpa;
304 	const struct vdpa_config_ops *ops = vdpa->config;
305 	u8 status, status_old;
306 	u32 nvqs = v->nvqs;
307 	int ret;
308 	u16 i;
309 
310 	if (copy_from_user(&status, statusp, sizeof(status)))
311 		return -EFAULT;
312 
313 	status_old = ops->get_status(vdpa);
314 
315 	/*
316 	 * Userspace shouldn't remove status bits unless reset the
317 	 * status to 0.
318 	 */
319 	if (status != 0 && (status_old & ~status) != 0)
320 		return -EINVAL;
321 
322 	if ((status_old & VIRTIO_CONFIG_S_DRIVER_OK) && !(status & VIRTIO_CONFIG_S_DRIVER_OK))
323 		for (i = 0; i < nvqs; i++)
324 			vhost_vdpa_unsetup_vq_irq(v, i);
325 
326 	if (status == 0) {
327 		ret = _compat_vdpa_reset(v);
328 		if (ret)
329 			return ret;
330 	} else
331 		vdpa_set_status(vdpa, status);
332 
333 	if ((status & VIRTIO_CONFIG_S_DRIVER_OK) && !(status_old & VIRTIO_CONFIG_S_DRIVER_OK))
334 		for (i = 0; i < nvqs; i++)
335 			vhost_vdpa_setup_vq_irq(v, i);
336 
337 	return 0;
338 }
339 
340 static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
341 				      struct vhost_vdpa_config *c)
342 {
343 	struct vdpa_device *vdpa = v->vdpa;
344 	size_t size = vdpa->config->get_config_size(vdpa);
345 
346 	if (c->len == 0 || c->off > size)
347 		return -EINVAL;
348 
349 	if (c->len > size - c->off)
350 		return -E2BIG;
351 
352 	return 0;
353 }
354 
355 static long vhost_vdpa_get_config(struct vhost_vdpa *v,
356 				  struct vhost_vdpa_config __user *c)
357 {
358 	struct vdpa_device *vdpa = v->vdpa;
359 	struct vhost_vdpa_config config;
360 	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
361 	u8 *buf;
362 
363 	if (copy_from_user(&config, c, size))
364 		return -EFAULT;
365 	if (vhost_vdpa_config_validate(v, &config))
366 		return -EINVAL;
367 	buf = kvzalloc(config.len, GFP_KERNEL);
368 	if (!buf)
369 		return -ENOMEM;
370 
371 	vdpa_get_config(vdpa, config.off, buf, config.len);
372 
373 	if (copy_to_user(c->buf, buf, config.len)) {
374 		kvfree(buf);
375 		return -EFAULT;
376 	}
377 
378 	kvfree(buf);
379 	return 0;
380 }
381 
382 static long vhost_vdpa_set_config(struct vhost_vdpa *v,
383 				  struct vhost_vdpa_config __user *c)
384 {
385 	struct vdpa_device *vdpa = v->vdpa;
386 	struct vhost_vdpa_config config;
387 	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
388 	u8 *buf;
389 
390 	if (copy_from_user(&config, c, size))
391 		return -EFAULT;
392 	if (vhost_vdpa_config_validate(v, &config))
393 		return -EINVAL;
394 
395 	buf = vmemdup_user(c->buf, config.len);
396 	if (IS_ERR(buf))
397 		return PTR_ERR(buf);
398 
399 	vdpa_set_config(vdpa, config.off, buf, config.len);
400 
401 	kvfree(buf);
402 	return 0;
403 }
404 
405 static bool vhost_vdpa_can_suspend(const struct vhost_vdpa *v)
406 {
407 	struct vdpa_device *vdpa = v->vdpa;
408 	const struct vdpa_config_ops *ops = vdpa->config;
409 
410 	return ops->suspend;
411 }
412 
413 static bool vhost_vdpa_can_resume(const struct vhost_vdpa *v)
414 {
415 	struct vdpa_device *vdpa = v->vdpa;
416 	const struct vdpa_config_ops *ops = vdpa->config;
417 
418 	return ops->resume;
419 }
420 
421 static bool vhost_vdpa_has_desc_group(const struct vhost_vdpa *v)
422 {
423 	struct vdpa_device *vdpa = v->vdpa;
424 	const struct vdpa_config_ops *ops = vdpa->config;
425 
426 	return ops->get_vq_desc_group;
427 }
428 
429 static long vhost_vdpa_get_features(struct vhost_vdpa *v, u64 __user *featurep)
430 {
431 	struct vdpa_device *vdpa = v->vdpa;
432 	const struct vdpa_config_ops *ops = vdpa->config;
433 	u64 features;
434 
435 	features = ops->get_device_features(vdpa);
436 
437 	if (copy_to_user(featurep, &features, sizeof(features)))
438 		return -EFAULT;
439 
440 	return 0;
441 }
442 
443 static u64 vhost_vdpa_get_backend_features(const struct vhost_vdpa *v)
444 {
445 	struct vdpa_device *vdpa = v->vdpa;
446 	const struct vdpa_config_ops *ops = vdpa->config;
447 
448 	if (!ops->get_backend_features)
449 		return 0;
450 	else
451 		return ops->get_backend_features(vdpa);
452 }
453 
454 static bool vhost_vdpa_has_persistent_map(const struct vhost_vdpa *v)
455 {
456 	struct vdpa_device *vdpa = v->vdpa;
457 	const struct vdpa_config_ops *ops = vdpa->config;
458 
459 	return (!ops->set_map && !ops->dma_map) || ops->reset_map ||
460 	       vhost_vdpa_get_backend_features(v) & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST);
461 }
462 
463 static long vhost_vdpa_set_features(struct vhost_vdpa *v, u64 __user *featurep)
464 {
465 	struct vdpa_device *vdpa = v->vdpa;
466 	const struct vdpa_config_ops *ops = vdpa->config;
467 	struct vhost_dev *d = &v->vdev;
468 	u64 actual_features;
469 	u64 features;
470 	int i;
471 
472 	/*
473 	 * It's not allowed to change the features after they have
474 	 * been negotiated.
475 	 */
476 	if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_FEATURES_OK)
477 		return -EBUSY;
478 
479 	if (copy_from_user(&features, featurep, sizeof(features)))
480 		return -EFAULT;
481 
482 	if (vdpa_set_features(vdpa, features))
483 		return -EINVAL;
484 
485 	/* let the vqs know what has been configured */
486 	actual_features = ops->get_driver_features(vdpa);
487 	for (i = 0; i < d->nvqs; ++i) {
488 		struct vhost_virtqueue *vq = d->vqs[i];
489 
490 		mutex_lock(&vq->mutex);
491 		vq->acked_features = actual_features;
492 		mutex_unlock(&vq->mutex);
493 	}
494 
495 	return 0;
496 }
497 
498 static long vhost_vdpa_get_vring_num(struct vhost_vdpa *v, u16 __user *argp)
499 {
500 	struct vdpa_device *vdpa = v->vdpa;
501 	const struct vdpa_config_ops *ops = vdpa->config;
502 	u16 num;
503 
504 	num = ops->get_vq_num_max(vdpa);
505 
506 	if (copy_to_user(argp, &num, sizeof(num)))
507 		return -EFAULT;
508 
509 	return 0;
510 }
511 
512 static void vhost_vdpa_config_put(struct vhost_vdpa *v)
513 {
514 	if (v->config_ctx) {
515 		eventfd_ctx_put(v->config_ctx);
516 		v->config_ctx = NULL;
517 	}
518 }
519 
520 static long vhost_vdpa_set_config_call(struct vhost_vdpa *v, u32 __user *argp)
521 {
522 	struct vdpa_callback cb;
523 	int fd;
524 	struct eventfd_ctx *ctx;
525 
526 	cb.callback = vhost_vdpa_config_cb;
527 	cb.private = v;
528 	if (copy_from_user(&fd, argp, sizeof(fd)))
529 		return  -EFAULT;
530 
531 	ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd);
532 	swap(ctx, v->config_ctx);
533 
534 	if (!IS_ERR_OR_NULL(ctx))
535 		eventfd_ctx_put(ctx);
536 
537 	if (IS_ERR(v->config_ctx)) {
538 		long ret = PTR_ERR(v->config_ctx);
539 
540 		v->config_ctx = NULL;
541 		return ret;
542 	}
543 
544 	v->vdpa->config->set_config_cb(v->vdpa, &cb);
545 
546 	return 0;
547 }
548 
549 static long vhost_vdpa_get_iova_range(struct vhost_vdpa *v, u32 __user *argp)
550 {
551 	struct vhost_vdpa_iova_range range = {
552 		.first = v->range.first,
553 		.last = v->range.last,
554 	};
555 
556 	if (copy_to_user(argp, &range, sizeof(range)))
557 		return -EFAULT;
558 	return 0;
559 }
560 
561 static long vhost_vdpa_get_config_size(struct vhost_vdpa *v, u32 __user *argp)
562 {
563 	struct vdpa_device *vdpa = v->vdpa;
564 	const struct vdpa_config_ops *ops = vdpa->config;
565 	u32 size;
566 
567 	size = ops->get_config_size(vdpa);
568 
569 	if (copy_to_user(argp, &size, sizeof(size)))
570 		return -EFAULT;
571 
572 	return 0;
573 }
574 
575 static long vhost_vdpa_get_vqs_count(struct vhost_vdpa *v, u32 __user *argp)
576 {
577 	struct vdpa_device *vdpa = v->vdpa;
578 
579 	if (copy_to_user(argp, &vdpa->nvqs, sizeof(vdpa->nvqs)))
580 		return -EFAULT;
581 
582 	return 0;
583 }
584 
585 /* After a successful return of ioctl the device must not process more
586  * virtqueue descriptors. The device can answer to read or writes of config
587  * fields as if it were not suspended. In particular, writing to "queue_enable"
588  * with a value of 1 will not make the device start processing buffers.
589  */
590 static long vhost_vdpa_suspend(struct vhost_vdpa *v)
591 {
592 	struct vdpa_device *vdpa = v->vdpa;
593 	const struct vdpa_config_ops *ops = vdpa->config;
594 	int ret;
595 
596 	if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK))
597 		return 0;
598 
599 	if (!ops->suspend)
600 		return -EOPNOTSUPP;
601 
602 	ret = ops->suspend(vdpa);
603 	if (!ret)
604 		v->suspended = true;
605 
606 	return ret;
607 }
608 
609 /* After a successful return of this ioctl the device resumes processing
610  * virtqueue descriptors. The device becomes fully operational the same way it
611  * was before it was suspended.
612  */
613 static long vhost_vdpa_resume(struct vhost_vdpa *v)
614 {
615 	struct vdpa_device *vdpa = v->vdpa;
616 	const struct vdpa_config_ops *ops = vdpa->config;
617 	int ret;
618 
619 	if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK))
620 		return 0;
621 
622 	if (!ops->resume)
623 		return -EOPNOTSUPP;
624 
625 	ret = ops->resume(vdpa);
626 	if (!ret)
627 		v->suspended = false;
628 
629 	return ret;
630 }
631 
632 static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
633 				   void __user *argp)
634 {
635 	struct vdpa_device *vdpa = v->vdpa;
636 	const struct vdpa_config_ops *ops = vdpa->config;
637 	struct vdpa_vq_state vq_state;
638 	struct vdpa_callback cb;
639 	struct vhost_virtqueue *vq;
640 	struct vhost_vring_state s;
641 	u32 idx;
642 	long r;
643 
644 	r = get_user(idx, (u32 __user *)argp);
645 	if (r < 0)
646 		return r;
647 
648 	if (idx >= v->nvqs)
649 		return -ENOBUFS;
650 
651 	idx = array_index_nospec(idx, v->nvqs);
652 	vq = &v->vqs[idx];
653 
654 	switch (cmd) {
655 	case VHOST_VDPA_SET_VRING_ENABLE:
656 		if (copy_from_user(&s, argp, sizeof(s)))
657 			return -EFAULT;
658 		ops->set_vq_ready(vdpa, idx, s.num);
659 		return 0;
660 	case VHOST_VDPA_GET_VRING_GROUP:
661 		if (!ops->get_vq_group)
662 			return -EOPNOTSUPP;
663 		s.index = idx;
664 		s.num = ops->get_vq_group(vdpa, idx);
665 		if (s.num >= vdpa->ngroups)
666 			return -EIO;
667 		else if (copy_to_user(argp, &s, sizeof(s)))
668 			return -EFAULT;
669 		return 0;
670 	case VHOST_VDPA_GET_VRING_DESC_GROUP:
671 		if (!vhost_vdpa_has_desc_group(v))
672 			return -EOPNOTSUPP;
673 		s.index = idx;
674 		s.num = ops->get_vq_desc_group(vdpa, idx);
675 		if (s.num >= vdpa->ngroups)
676 			return -EIO;
677 		else if (copy_to_user(argp, &s, sizeof(s)))
678 			return -EFAULT;
679 		return 0;
680 	case VHOST_VDPA_SET_GROUP_ASID:
681 		if (copy_from_user(&s, argp, sizeof(s)))
682 			return -EFAULT;
683 		if (s.num >= vdpa->nas)
684 			return -EINVAL;
685 		if (!ops->set_group_asid)
686 			return -EOPNOTSUPP;
687 		return ops->set_group_asid(vdpa, idx, s.num);
688 	case VHOST_VDPA_GET_VRING_SIZE:
689 		if (!ops->get_vq_size)
690 			return -EOPNOTSUPP;
691 		s.index = idx;
692 		s.num = ops->get_vq_size(vdpa, idx);
693 		if (copy_to_user(argp, &s, sizeof(s)))
694 			return -EFAULT;
695 		return 0;
696 	case VHOST_GET_VRING_BASE:
697 		r = ops->get_vq_state(v->vdpa, idx, &vq_state);
698 		if (r)
699 			return r;
700 
701 		if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
702 			vq->last_avail_idx = vq_state.packed.last_avail_idx |
703 					     (vq_state.packed.last_avail_counter << 15);
704 			vq->last_used_idx = vq_state.packed.last_used_idx |
705 					    (vq_state.packed.last_used_counter << 15);
706 		} else {
707 			vq->last_avail_idx = vq_state.split.avail_index;
708 		}
709 		break;
710 	case VHOST_SET_VRING_CALL:
711 		if (vq->call_ctx.ctx) {
712 			if (ops->get_status(vdpa) &
713 			    VIRTIO_CONFIG_S_DRIVER_OK)
714 				vhost_vdpa_unsetup_vq_irq(v, idx);
715 			vq->call_ctx.producer.token = NULL;
716 		}
717 		break;
718 	}
719 
720 	r = vhost_vring_ioctl(&v->vdev, cmd, argp);
721 	if (r)
722 		return r;
723 
724 	switch (cmd) {
725 	case VHOST_SET_VRING_ADDR:
726 		if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended)
727 			return -EINVAL;
728 
729 		if (ops->set_vq_address(vdpa, idx,
730 					(u64)(uintptr_t)vq->desc,
731 					(u64)(uintptr_t)vq->avail,
732 					(u64)(uintptr_t)vq->used))
733 			r = -EINVAL;
734 		break;
735 
736 	case VHOST_SET_VRING_BASE:
737 		if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended)
738 			return -EINVAL;
739 
740 		if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) {
741 			vq_state.packed.last_avail_idx = vq->last_avail_idx & 0x7fff;
742 			vq_state.packed.last_avail_counter = !!(vq->last_avail_idx & 0x8000);
743 			vq_state.packed.last_used_idx = vq->last_used_idx & 0x7fff;
744 			vq_state.packed.last_used_counter = !!(vq->last_used_idx & 0x8000);
745 		} else {
746 			vq_state.split.avail_index = vq->last_avail_idx;
747 		}
748 		r = ops->set_vq_state(vdpa, idx, &vq_state);
749 		break;
750 
751 	case VHOST_SET_VRING_CALL:
752 		if (vq->call_ctx.ctx) {
753 			cb.callback = vhost_vdpa_virtqueue_cb;
754 			cb.private = vq;
755 			cb.trigger = vq->call_ctx.ctx;
756 			vq->call_ctx.producer.token = vq->call_ctx.ctx;
757 			if (ops->get_status(vdpa) &
758 			    VIRTIO_CONFIG_S_DRIVER_OK)
759 				vhost_vdpa_setup_vq_irq(v, idx);
760 		} else {
761 			cb.callback = NULL;
762 			cb.private = NULL;
763 			cb.trigger = NULL;
764 		}
765 		ops->set_vq_cb(vdpa, idx, &cb);
766 		break;
767 
768 	case VHOST_SET_VRING_NUM:
769 		ops->set_vq_num(vdpa, idx, vq->num);
770 		break;
771 	}
772 
773 	return r;
774 }
775 
776 static long vhost_vdpa_unlocked_ioctl(struct file *filep,
777 				      unsigned int cmd, unsigned long arg)
778 {
779 	struct vhost_vdpa *v = filep->private_data;
780 	struct vhost_dev *d = &v->vdev;
781 	void __user *argp = (void __user *)arg;
782 	u64 __user *featurep = argp;
783 	u64 features;
784 	long r = 0;
785 
786 	if (cmd == VHOST_SET_BACKEND_FEATURES) {
787 		if (copy_from_user(&features, featurep, sizeof(features)))
788 			return -EFAULT;
789 		if (features & ~(VHOST_VDPA_BACKEND_FEATURES |
790 				 BIT_ULL(VHOST_BACKEND_F_DESC_ASID) |
791 				 BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST) |
792 				 BIT_ULL(VHOST_BACKEND_F_SUSPEND) |
793 				 BIT_ULL(VHOST_BACKEND_F_RESUME) |
794 				 BIT_ULL(VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK)))
795 			return -EOPNOTSUPP;
796 		if ((features & BIT_ULL(VHOST_BACKEND_F_SUSPEND)) &&
797 		     !vhost_vdpa_can_suspend(v))
798 			return -EOPNOTSUPP;
799 		if ((features & BIT_ULL(VHOST_BACKEND_F_RESUME)) &&
800 		     !vhost_vdpa_can_resume(v))
801 			return -EOPNOTSUPP;
802 		if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) &&
803 		    !(features & BIT_ULL(VHOST_BACKEND_F_IOTLB_ASID)))
804 			return -EINVAL;
805 		if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) &&
806 		     !vhost_vdpa_has_desc_group(v))
807 			return -EOPNOTSUPP;
808 		if ((features & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST)) &&
809 		     !vhost_vdpa_has_persistent_map(v))
810 			return -EOPNOTSUPP;
811 		vhost_set_backend_features(&v->vdev, features);
812 		return 0;
813 	}
814 
815 	mutex_lock(&d->mutex);
816 
817 	switch (cmd) {
818 	case VHOST_VDPA_GET_DEVICE_ID:
819 		r = vhost_vdpa_get_device_id(v, argp);
820 		break;
821 	case VHOST_VDPA_GET_STATUS:
822 		r = vhost_vdpa_get_status(v, argp);
823 		break;
824 	case VHOST_VDPA_SET_STATUS:
825 		r = vhost_vdpa_set_status(v, argp);
826 		break;
827 	case VHOST_VDPA_GET_CONFIG:
828 		r = vhost_vdpa_get_config(v, argp);
829 		break;
830 	case VHOST_VDPA_SET_CONFIG:
831 		r = vhost_vdpa_set_config(v, argp);
832 		break;
833 	case VHOST_GET_FEATURES:
834 		r = vhost_vdpa_get_features(v, argp);
835 		break;
836 	case VHOST_SET_FEATURES:
837 		r = vhost_vdpa_set_features(v, argp);
838 		break;
839 	case VHOST_VDPA_GET_VRING_NUM:
840 		r = vhost_vdpa_get_vring_num(v, argp);
841 		break;
842 	case VHOST_VDPA_GET_GROUP_NUM:
843 		if (copy_to_user(argp, &v->vdpa->ngroups,
844 				 sizeof(v->vdpa->ngroups)))
845 			r = -EFAULT;
846 		break;
847 	case VHOST_VDPA_GET_AS_NUM:
848 		if (copy_to_user(argp, &v->vdpa->nas, sizeof(v->vdpa->nas)))
849 			r = -EFAULT;
850 		break;
851 	case VHOST_SET_LOG_BASE:
852 	case VHOST_SET_LOG_FD:
853 		r = -ENOIOCTLCMD;
854 		break;
855 	case VHOST_VDPA_SET_CONFIG_CALL:
856 		r = vhost_vdpa_set_config_call(v, argp);
857 		break;
858 	case VHOST_GET_BACKEND_FEATURES:
859 		features = VHOST_VDPA_BACKEND_FEATURES;
860 		if (vhost_vdpa_can_suspend(v))
861 			features |= BIT_ULL(VHOST_BACKEND_F_SUSPEND);
862 		if (vhost_vdpa_can_resume(v))
863 			features |= BIT_ULL(VHOST_BACKEND_F_RESUME);
864 		if (vhost_vdpa_has_desc_group(v))
865 			features |= BIT_ULL(VHOST_BACKEND_F_DESC_ASID);
866 		if (vhost_vdpa_has_persistent_map(v))
867 			features |= BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST);
868 		features |= vhost_vdpa_get_backend_features(v);
869 		if (copy_to_user(featurep, &features, sizeof(features)))
870 			r = -EFAULT;
871 		break;
872 	case VHOST_VDPA_GET_IOVA_RANGE:
873 		r = vhost_vdpa_get_iova_range(v, argp);
874 		break;
875 	case VHOST_VDPA_GET_CONFIG_SIZE:
876 		r = vhost_vdpa_get_config_size(v, argp);
877 		break;
878 	case VHOST_VDPA_GET_VQS_COUNT:
879 		r = vhost_vdpa_get_vqs_count(v, argp);
880 		break;
881 	case VHOST_VDPA_SUSPEND:
882 		r = vhost_vdpa_suspend(v);
883 		break;
884 	case VHOST_VDPA_RESUME:
885 		r = vhost_vdpa_resume(v);
886 		break;
887 	default:
888 		r = vhost_dev_ioctl(&v->vdev, cmd, argp);
889 		if (r == -ENOIOCTLCMD)
890 			r = vhost_vdpa_vring_ioctl(v, cmd, argp);
891 		break;
892 	}
893 
894 	if (r)
895 		goto out;
896 
897 	switch (cmd) {
898 	case VHOST_SET_OWNER:
899 		r = vhost_vdpa_bind_mm(v);
900 		if (r)
901 			vhost_dev_reset_owner(d, NULL);
902 		break;
903 	}
904 out:
905 	mutex_unlock(&d->mutex);
906 	return r;
907 }
908 static void vhost_vdpa_general_unmap(struct vhost_vdpa *v,
909 				     struct vhost_iotlb_map *map, u32 asid)
910 {
911 	struct vdpa_device *vdpa = v->vdpa;
912 	const struct vdpa_config_ops *ops = vdpa->config;
913 	if (ops->dma_map) {
914 		ops->dma_unmap(vdpa, asid, map->start, map->size);
915 	} else if (ops->set_map == NULL) {
916 		iommu_unmap(v->domain, map->start, map->size);
917 	}
918 }
919 
920 static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
921 				u64 start, u64 last, u32 asid)
922 {
923 	struct vhost_dev *dev = &v->vdev;
924 	struct vhost_iotlb_map *map;
925 	struct page *page;
926 	unsigned long pfn, pinned;
927 
928 	while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
929 		pinned = PFN_DOWN(map->size);
930 		for (pfn = PFN_DOWN(map->addr);
931 		     pinned > 0; pfn++, pinned--) {
932 			page = pfn_to_page(pfn);
933 			if (map->perm & VHOST_ACCESS_WO)
934 				set_page_dirty_lock(page);
935 			unpin_user_page(page);
936 		}
937 		atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm);
938 		vhost_vdpa_general_unmap(v, map, asid);
939 		vhost_iotlb_map_free(iotlb, map);
940 	}
941 }
942 
943 static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
944 				u64 start, u64 last, u32 asid)
945 {
946 	struct vhost_iotlb_map *map;
947 	struct vdpa_map_file *map_file;
948 
949 	while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) {
950 		map_file = (struct vdpa_map_file *)map->opaque;
951 		fput(map_file->file);
952 		kfree(map_file);
953 		vhost_vdpa_general_unmap(v, map, asid);
954 		vhost_iotlb_map_free(iotlb, map);
955 	}
956 }
957 
958 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v,
959 				   struct vhost_iotlb *iotlb, u64 start,
960 				   u64 last, u32 asid)
961 {
962 	struct vdpa_device *vdpa = v->vdpa;
963 
964 	if (vdpa->use_va)
965 		return vhost_vdpa_va_unmap(v, iotlb, start, last, asid);
966 
967 	return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid);
968 }
969 
970 static int perm_to_iommu_flags(u32 perm)
971 {
972 	int flags = 0;
973 
974 	switch (perm) {
975 	case VHOST_ACCESS_WO:
976 		flags |= IOMMU_WRITE;
977 		break;
978 	case VHOST_ACCESS_RO:
979 		flags |= IOMMU_READ;
980 		break;
981 	case VHOST_ACCESS_RW:
982 		flags |= (IOMMU_WRITE | IOMMU_READ);
983 		break;
984 	default:
985 		WARN(1, "invalidate vhost IOTLB permission\n");
986 		break;
987 	}
988 
989 	return flags | IOMMU_CACHE;
990 }
991 
992 static int vhost_vdpa_map(struct vhost_vdpa *v, struct vhost_iotlb *iotlb,
993 			  u64 iova, u64 size, u64 pa, u32 perm, void *opaque)
994 {
995 	struct vhost_dev *dev = &v->vdev;
996 	struct vdpa_device *vdpa = v->vdpa;
997 	const struct vdpa_config_ops *ops = vdpa->config;
998 	u32 asid = iotlb_to_asid(iotlb);
999 	int r = 0;
1000 
1001 	r = vhost_iotlb_add_range_ctx(iotlb, iova, iova + size - 1,
1002 				      pa, perm, opaque);
1003 	if (r)
1004 		return r;
1005 
1006 	if (ops->dma_map) {
1007 		r = ops->dma_map(vdpa, asid, iova, size, pa, perm, opaque);
1008 	} else if (ops->set_map) {
1009 		if (!v->in_batch)
1010 			r = ops->set_map(vdpa, asid, iotlb);
1011 	} else {
1012 		r = iommu_map(v->domain, iova, pa, size,
1013 			      perm_to_iommu_flags(perm),
1014 			      GFP_KERNEL_ACCOUNT);
1015 	}
1016 	if (r) {
1017 		vhost_iotlb_del_range(iotlb, iova, iova + size - 1);
1018 		return r;
1019 	}
1020 
1021 	if (!vdpa->use_va)
1022 		atomic64_add(PFN_DOWN(size), &dev->mm->pinned_vm);
1023 
1024 	return 0;
1025 }
1026 
1027 static void vhost_vdpa_unmap(struct vhost_vdpa *v,
1028 			     struct vhost_iotlb *iotlb,
1029 			     u64 iova, u64 size)
1030 {
1031 	struct vdpa_device *vdpa = v->vdpa;
1032 	const struct vdpa_config_ops *ops = vdpa->config;
1033 	u32 asid = iotlb_to_asid(iotlb);
1034 
1035 	vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid);
1036 
1037 	if (ops->set_map) {
1038 		if (!v->in_batch)
1039 			ops->set_map(vdpa, asid, iotlb);
1040 	}
1041 
1042 }
1043 
1044 static int vhost_vdpa_va_map(struct vhost_vdpa *v,
1045 			     struct vhost_iotlb *iotlb,
1046 			     u64 iova, u64 size, u64 uaddr, u32 perm)
1047 {
1048 	struct vhost_dev *dev = &v->vdev;
1049 	u64 offset, map_size, map_iova = iova;
1050 	struct vdpa_map_file *map_file;
1051 	struct vm_area_struct *vma;
1052 	int ret = 0;
1053 
1054 	mmap_read_lock(dev->mm);
1055 
1056 	while (size) {
1057 		vma = find_vma(dev->mm, uaddr);
1058 		if (!vma) {
1059 			ret = -EINVAL;
1060 			break;
1061 		}
1062 		map_size = min(size, vma->vm_end - uaddr);
1063 		if (!(vma->vm_file && (vma->vm_flags & VM_SHARED) &&
1064 			!(vma->vm_flags & (VM_IO | VM_PFNMAP))))
1065 			goto next;
1066 
1067 		map_file = kzalloc(sizeof(*map_file), GFP_KERNEL);
1068 		if (!map_file) {
1069 			ret = -ENOMEM;
1070 			break;
1071 		}
1072 		offset = (vma->vm_pgoff << PAGE_SHIFT) + uaddr - vma->vm_start;
1073 		map_file->offset = offset;
1074 		map_file->file = get_file(vma->vm_file);
1075 		ret = vhost_vdpa_map(v, iotlb, map_iova, map_size, uaddr,
1076 				     perm, map_file);
1077 		if (ret) {
1078 			fput(map_file->file);
1079 			kfree(map_file);
1080 			break;
1081 		}
1082 next:
1083 		size -= map_size;
1084 		uaddr += map_size;
1085 		map_iova += map_size;
1086 	}
1087 	if (ret)
1088 		vhost_vdpa_unmap(v, iotlb, iova, map_iova - iova);
1089 
1090 	mmap_read_unlock(dev->mm);
1091 
1092 	return ret;
1093 }
1094 
1095 static int vhost_vdpa_pa_map(struct vhost_vdpa *v,
1096 			     struct vhost_iotlb *iotlb,
1097 			     u64 iova, u64 size, u64 uaddr, u32 perm)
1098 {
1099 	struct vhost_dev *dev = &v->vdev;
1100 	struct page **page_list;
1101 	unsigned long list_size = PAGE_SIZE / sizeof(struct page *);
1102 	unsigned int gup_flags = FOLL_LONGTERM;
1103 	unsigned long npages, cur_base, map_pfn, last_pfn = 0;
1104 	unsigned long lock_limit, sz2pin, nchunks, i;
1105 	u64 start = iova;
1106 	long pinned;
1107 	int ret = 0;
1108 
1109 	/* Limit the use of memory for bookkeeping */
1110 	page_list = (struct page **) __get_free_page(GFP_KERNEL);
1111 	if (!page_list)
1112 		return -ENOMEM;
1113 
1114 	if (perm & VHOST_ACCESS_WO)
1115 		gup_flags |= FOLL_WRITE;
1116 
1117 	npages = PFN_UP(size + (iova & ~PAGE_MASK));
1118 	if (!npages) {
1119 		ret = -EINVAL;
1120 		goto free;
1121 	}
1122 
1123 	mmap_read_lock(dev->mm);
1124 
1125 	lock_limit = PFN_DOWN(rlimit(RLIMIT_MEMLOCK));
1126 	if (npages + atomic64_read(&dev->mm->pinned_vm) > lock_limit) {
1127 		ret = -ENOMEM;
1128 		goto unlock;
1129 	}
1130 
1131 	cur_base = uaddr & PAGE_MASK;
1132 	iova &= PAGE_MASK;
1133 	nchunks = 0;
1134 
1135 	while (npages) {
1136 		sz2pin = min_t(unsigned long, npages, list_size);
1137 		pinned = pin_user_pages(cur_base, sz2pin,
1138 					gup_flags, page_list);
1139 		if (sz2pin != pinned) {
1140 			if (pinned < 0) {
1141 				ret = pinned;
1142 			} else {
1143 				unpin_user_pages(page_list, pinned);
1144 				ret = -ENOMEM;
1145 			}
1146 			goto out;
1147 		}
1148 		nchunks++;
1149 
1150 		if (!last_pfn)
1151 			map_pfn = page_to_pfn(page_list[0]);
1152 
1153 		for (i = 0; i < pinned; i++) {
1154 			unsigned long this_pfn = page_to_pfn(page_list[i]);
1155 			u64 csize;
1156 
1157 			if (last_pfn && (this_pfn != last_pfn + 1)) {
1158 				/* Pin a contiguous chunk of memory */
1159 				csize = PFN_PHYS(last_pfn - map_pfn + 1);
1160 				ret = vhost_vdpa_map(v, iotlb, iova, csize,
1161 						     PFN_PHYS(map_pfn),
1162 						     perm, NULL);
1163 				if (ret) {
1164 					/*
1165 					 * Unpin the pages that are left unmapped
1166 					 * from this point on in the current
1167 					 * page_list. The remaining outstanding
1168 					 * ones which may stride across several
1169 					 * chunks will be covered in the common
1170 					 * error path subsequently.
1171 					 */
1172 					unpin_user_pages(&page_list[i],
1173 							 pinned - i);
1174 					goto out;
1175 				}
1176 
1177 				map_pfn = this_pfn;
1178 				iova += csize;
1179 				nchunks = 0;
1180 			}
1181 
1182 			last_pfn = this_pfn;
1183 		}
1184 
1185 		cur_base += PFN_PHYS(pinned);
1186 		npages -= pinned;
1187 	}
1188 
1189 	/* Pin the rest chunk */
1190 	ret = vhost_vdpa_map(v, iotlb, iova, PFN_PHYS(last_pfn - map_pfn + 1),
1191 			     PFN_PHYS(map_pfn), perm, NULL);
1192 out:
1193 	if (ret) {
1194 		if (nchunks) {
1195 			unsigned long pfn;
1196 
1197 			/*
1198 			 * Unpin the outstanding pages which are yet to be
1199 			 * mapped but haven't due to vdpa_map() or
1200 			 * pin_user_pages() failure.
1201 			 *
1202 			 * Mapped pages are accounted in vdpa_map(), hence
1203 			 * the corresponding unpinning will be handled by
1204 			 * vdpa_unmap().
1205 			 */
1206 			WARN_ON(!last_pfn);
1207 			for (pfn = map_pfn; pfn <= last_pfn; pfn++)
1208 				unpin_user_page(pfn_to_page(pfn));
1209 		}
1210 		vhost_vdpa_unmap(v, iotlb, start, size);
1211 	}
1212 unlock:
1213 	mmap_read_unlock(dev->mm);
1214 free:
1215 	free_page((unsigned long)page_list);
1216 	return ret;
1217 
1218 }
1219 
1220 static int vhost_vdpa_process_iotlb_update(struct vhost_vdpa *v,
1221 					   struct vhost_iotlb *iotlb,
1222 					   struct vhost_iotlb_msg *msg)
1223 {
1224 	struct vdpa_device *vdpa = v->vdpa;
1225 
1226 	if (msg->iova < v->range.first || !msg->size ||
1227 	    msg->iova > U64_MAX - msg->size + 1 ||
1228 	    msg->iova + msg->size - 1 > v->range.last)
1229 		return -EINVAL;
1230 
1231 	if (vhost_iotlb_itree_first(iotlb, msg->iova,
1232 				    msg->iova + msg->size - 1))
1233 		return -EEXIST;
1234 
1235 	if (vdpa->use_va)
1236 		return vhost_vdpa_va_map(v, iotlb, msg->iova, msg->size,
1237 					 msg->uaddr, msg->perm);
1238 
1239 	return vhost_vdpa_pa_map(v, iotlb, msg->iova, msg->size, msg->uaddr,
1240 				 msg->perm);
1241 }
1242 
1243 static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, u32 asid,
1244 					struct vhost_iotlb_msg *msg)
1245 {
1246 	struct vhost_vdpa *v = container_of(dev, struct vhost_vdpa, vdev);
1247 	struct vdpa_device *vdpa = v->vdpa;
1248 	const struct vdpa_config_ops *ops = vdpa->config;
1249 	struct vhost_iotlb *iotlb = NULL;
1250 	struct vhost_vdpa_as *as = NULL;
1251 	int r = 0;
1252 
1253 	mutex_lock(&dev->mutex);
1254 
1255 	r = vhost_dev_check_owner(dev);
1256 	if (r)
1257 		goto unlock;
1258 
1259 	if (msg->type == VHOST_IOTLB_UPDATE ||
1260 	    msg->type == VHOST_IOTLB_BATCH_BEGIN) {
1261 		as = vhost_vdpa_find_alloc_as(v, asid);
1262 		if (!as) {
1263 			dev_err(&v->dev, "can't find and alloc asid %d\n",
1264 				asid);
1265 			r = -EINVAL;
1266 			goto unlock;
1267 		}
1268 		iotlb = &as->iotlb;
1269 	} else
1270 		iotlb = asid_to_iotlb(v, asid);
1271 
1272 	if ((v->in_batch && v->batch_asid != asid) || !iotlb) {
1273 		if (v->in_batch && v->batch_asid != asid) {
1274 			dev_info(&v->dev, "batch id %d asid %d\n",
1275 				 v->batch_asid, asid);
1276 		}
1277 		if (!iotlb)
1278 			dev_err(&v->dev, "no iotlb for asid %d\n", asid);
1279 		r = -EINVAL;
1280 		goto unlock;
1281 	}
1282 
1283 	switch (msg->type) {
1284 	case VHOST_IOTLB_UPDATE:
1285 		r = vhost_vdpa_process_iotlb_update(v, iotlb, msg);
1286 		break;
1287 	case VHOST_IOTLB_INVALIDATE:
1288 		vhost_vdpa_unmap(v, iotlb, msg->iova, msg->size);
1289 		break;
1290 	case VHOST_IOTLB_BATCH_BEGIN:
1291 		v->batch_asid = asid;
1292 		v->in_batch = true;
1293 		break;
1294 	case VHOST_IOTLB_BATCH_END:
1295 		if (v->in_batch && ops->set_map)
1296 			ops->set_map(vdpa, asid, iotlb);
1297 		v->in_batch = false;
1298 		break;
1299 	default:
1300 		r = -EINVAL;
1301 		break;
1302 	}
1303 unlock:
1304 	mutex_unlock(&dev->mutex);
1305 
1306 	return r;
1307 }
1308 
1309 static ssize_t vhost_vdpa_chr_write_iter(struct kiocb *iocb,
1310 					 struct iov_iter *from)
1311 {
1312 	struct file *file = iocb->ki_filp;
1313 	struct vhost_vdpa *v = file->private_data;
1314 	struct vhost_dev *dev = &v->vdev;
1315 
1316 	return vhost_chr_write_iter(dev, from);
1317 }
1318 
1319 static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
1320 {
1321 	struct vdpa_device *vdpa = v->vdpa;
1322 	const struct vdpa_config_ops *ops = vdpa->config;
1323 	struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1324 	int ret;
1325 
1326 	/* Device want to do DMA by itself */
1327 	if (ops->set_map || ops->dma_map)
1328 		return 0;
1329 
1330 	if (!device_iommu_capable(dma_dev, IOMMU_CAP_CACHE_COHERENCY)) {
1331 		dev_warn_once(&v->dev,
1332 			      "Failed to allocate domain, device is not IOMMU cache coherent capable\n");
1333 		return -ENOTSUPP;
1334 	}
1335 
1336 	v->domain = iommu_paging_domain_alloc(dma_dev);
1337 	if (IS_ERR(v->domain)) {
1338 		ret = PTR_ERR(v->domain);
1339 		v->domain = NULL;
1340 		return ret;
1341 	}
1342 
1343 	ret = iommu_attach_device(v->domain, dma_dev);
1344 	if (ret)
1345 		goto err_attach;
1346 
1347 	return 0;
1348 
1349 err_attach:
1350 	iommu_domain_free(v->domain);
1351 	v->domain = NULL;
1352 	return ret;
1353 }
1354 
1355 static void vhost_vdpa_free_domain(struct vhost_vdpa *v)
1356 {
1357 	struct vdpa_device *vdpa = v->vdpa;
1358 	struct device *dma_dev = vdpa_get_dma_dev(vdpa);
1359 
1360 	if (v->domain) {
1361 		iommu_detach_device(v->domain, dma_dev);
1362 		iommu_domain_free(v->domain);
1363 	}
1364 
1365 	v->domain = NULL;
1366 }
1367 
1368 static void vhost_vdpa_set_iova_range(struct vhost_vdpa *v)
1369 {
1370 	struct vdpa_iova_range *range = &v->range;
1371 	struct vdpa_device *vdpa = v->vdpa;
1372 	const struct vdpa_config_ops *ops = vdpa->config;
1373 
1374 	if (ops->get_iova_range) {
1375 		*range = ops->get_iova_range(vdpa);
1376 	} else if (v->domain && v->domain->geometry.force_aperture) {
1377 		range->first = v->domain->geometry.aperture_start;
1378 		range->last = v->domain->geometry.aperture_end;
1379 	} else {
1380 		range->first = 0;
1381 		range->last = ULLONG_MAX;
1382 	}
1383 }
1384 
1385 static void vhost_vdpa_cleanup(struct vhost_vdpa *v)
1386 {
1387 	struct vhost_vdpa_as *as;
1388 	u32 asid;
1389 
1390 	for (asid = 0; asid < v->vdpa->nas; asid++) {
1391 		as = asid_to_as(v, asid);
1392 		if (as)
1393 			vhost_vdpa_remove_as(v, asid);
1394 	}
1395 
1396 	vhost_vdpa_free_domain(v);
1397 	vhost_dev_cleanup(&v->vdev);
1398 	kfree(v->vdev.vqs);
1399 	v->vdev.vqs = NULL;
1400 }
1401 
1402 static int vhost_vdpa_open(struct inode *inode, struct file *filep)
1403 {
1404 	struct vhost_vdpa *v;
1405 	struct vhost_dev *dev;
1406 	struct vhost_virtqueue **vqs;
1407 	int r, opened;
1408 	u32 i, nvqs;
1409 
1410 	v = container_of(inode->i_cdev, struct vhost_vdpa, cdev);
1411 
1412 	opened = atomic_cmpxchg(&v->opened, 0, 1);
1413 	if (opened)
1414 		return -EBUSY;
1415 
1416 	nvqs = v->nvqs;
1417 	r = vhost_vdpa_reset(v);
1418 	if (r)
1419 		goto err;
1420 
1421 	vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
1422 	if (!vqs) {
1423 		r = -ENOMEM;
1424 		goto err;
1425 	}
1426 
1427 	dev = &v->vdev;
1428 	for (i = 0; i < nvqs; i++) {
1429 		vqs[i] = &v->vqs[i];
1430 		vqs[i]->handle_kick = handle_vq_kick;
1431 		vqs[i]->call_ctx.ctx = NULL;
1432 	}
1433 	vhost_dev_init(dev, vqs, nvqs, 0, 0, 0, false,
1434 		       vhost_vdpa_process_iotlb_msg);
1435 
1436 	r = vhost_vdpa_alloc_domain(v);
1437 	if (r)
1438 		goto err_alloc_domain;
1439 
1440 	vhost_vdpa_set_iova_range(v);
1441 
1442 	filep->private_data = v;
1443 
1444 	return 0;
1445 
1446 err_alloc_domain:
1447 	vhost_vdpa_cleanup(v);
1448 err:
1449 	atomic_dec(&v->opened);
1450 	return r;
1451 }
1452 
1453 static void vhost_vdpa_clean_irq(struct vhost_vdpa *v)
1454 {
1455 	u32 i;
1456 
1457 	for (i = 0; i < v->nvqs; i++)
1458 		vhost_vdpa_unsetup_vq_irq(v, i);
1459 }
1460 
1461 static int vhost_vdpa_release(struct inode *inode, struct file *filep)
1462 {
1463 	struct vhost_vdpa *v = filep->private_data;
1464 	struct vhost_dev *d = &v->vdev;
1465 
1466 	mutex_lock(&d->mutex);
1467 	filep->private_data = NULL;
1468 	vhost_vdpa_clean_irq(v);
1469 	vhost_vdpa_reset(v);
1470 	vhost_dev_stop(&v->vdev);
1471 	vhost_vdpa_unbind_mm(v);
1472 	vhost_vdpa_config_put(v);
1473 	vhost_vdpa_cleanup(v);
1474 	mutex_unlock(&d->mutex);
1475 
1476 	atomic_dec(&v->opened);
1477 	complete(&v->completion);
1478 
1479 	return 0;
1480 }
1481 
1482 #ifdef CONFIG_MMU
1483 static vm_fault_t vhost_vdpa_fault(struct vm_fault *vmf)
1484 {
1485 	struct vhost_vdpa *v = vmf->vma->vm_file->private_data;
1486 	struct vdpa_device *vdpa = v->vdpa;
1487 	const struct vdpa_config_ops *ops = vdpa->config;
1488 	struct vdpa_notification_area notify;
1489 	struct vm_area_struct *vma = vmf->vma;
1490 	u16 index = vma->vm_pgoff;
1491 
1492 	notify = ops->get_vq_notification(vdpa, index);
1493 
1494 	return vmf_insert_pfn(vma, vmf->address & PAGE_MASK, PFN_DOWN(notify.addr));
1495 }
1496 
1497 static const struct vm_operations_struct vhost_vdpa_vm_ops = {
1498 	.fault = vhost_vdpa_fault,
1499 };
1500 
1501 static int vhost_vdpa_mmap(struct file *file, struct vm_area_struct *vma)
1502 {
1503 	struct vhost_vdpa *v = vma->vm_file->private_data;
1504 	struct vdpa_device *vdpa = v->vdpa;
1505 	const struct vdpa_config_ops *ops = vdpa->config;
1506 	struct vdpa_notification_area notify;
1507 	unsigned long index = vma->vm_pgoff;
1508 
1509 	if (vma->vm_end - vma->vm_start != PAGE_SIZE)
1510 		return -EINVAL;
1511 	if ((vma->vm_flags & VM_SHARED) == 0)
1512 		return -EINVAL;
1513 	if (vma->vm_flags & VM_READ)
1514 		return -EINVAL;
1515 	if (index > 65535)
1516 		return -EINVAL;
1517 	if (!ops->get_vq_notification)
1518 		return -ENOTSUPP;
1519 
1520 	/* To be safe and easily modelled by userspace, We only
1521 	 * support the doorbell which sits on the page boundary and
1522 	 * does not share the page with other registers.
1523 	 */
1524 	notify = ops->get_vq_notification(vdpa, index);
1525 	if (notify.addr & (PAGE_SIZE - 1))
1526 		return -EINVAL;
1527 	if (vma->vm_end - vma->vm_start != notify.size)
1528 		return -ENOTSUPP;
1529 
1530 	vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
1531 	vma->vm_ops = &vhost_vdpa_vm_ops;
1532 	return 0;
1533 }
1534 #endif /* CONFIG_MMU */
1535 
1536 static const struct file_operations vhost_vdpa_fops = {
1537 	.owner		= THIS_MODULE,
1538 	.open		= vhost_vdpa_open,
1539 	.release	= vhost_vdpa_release,
1540 	.write_iter	= vhost_vdpa_chr_write_iter,
1541 	.unlocked_ioctl	= vhost_vdpa_unlocked_ioctl,
1542 #ifdef CONFIG_MMU
1543 	.mmap		= vhost_vdpa_mmap,
1544 #endif /* CONFIG_MMU */
1545 	.compat_ioctl	= compat_ptr_ioctl,
1546 };
1547 
1548 static void vhost_vdpa_release_dev(struct device *device)
1549 {
1550 	struct vhost_vdpa *v =
1551 	       container_of(device, struct vhost_vdpa, dev);
1552 
1553 	ida_free(&vhost_vdpa_ida, v->minor);
1554 	kfree(v->vqs);
1555 	kfree(v);
1556 }
1557 
1558 static int vhost_vdpa_probe(struct vdpa_device *vdpa)
1559 {
1560 	const struct vdpa_config_ops *ops = vdpa->config;
1561 	struct vhost_vdpa *v;
1562 	int minor;
1563 	int i, r;
1564 
1565 	/* We can't support platform IOMMU device with more than 1
1566 	 * group or as
1567 	 */
1568 	if (!ops->set_map && !ops->dma_map &&
1569 	    (vdpa->ngroups > 1 || vdpa->nas > 1))
1570 		return -EOPNOTSUPP;
1571 
1572 	v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1573 	if (!v)
1574 		return -ENOMEM;
1575 
1576 	minor = ida_alloc_max(&vhost_vdpa_ida, VHOST_VDPA_DEV_MAX - 1,
1577 			      GFP_KERNEL);
1578 	if (minor < 0) {
1579 		kfree(v);
1580 		return minor;
1581 	}
1582 
1583 	atomic_set(&v->opened, 0);
1584 	v->minor = minor;
1585 	v->vdpa = vdpa;
1586 	v->nvqs = vdpa->nvqs;
1587 	v->virtio_id = ops->get_device_id(vdpa);
1588 
1589 	device_initialize(&v->dev);
1590 	v->dev.release = vhost_vdpa_release_dev;
1591 	v->dev.parent = &vdpa->dev;
1592 	v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor);
1593 	v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue),
1594 			       GFP_KERNEL);
1595 	if (!v->vqs) {
1596 		r = -ENOMEM;
1597 		goto err;
1598 	}
1599 
1600 	r = dev_set_name(&v->dev, "vhost-vdpa-%u", minor);
1601 	if (r)
1602 		goto err;
1603 
1604 	cdev_init(&v->cdev, &vhost_vdpa_fops);
1605 	v->cdev.owner = THIS_MODULE;
1606 
1607 	r = cdev_device_add(&v->cdev, &v->dev);
1608 	if (r)
1609 		goto err;
1610 
1611 	init_completion(&v->completion);
1612 	vdpa_set_drvdata(vdpa, v);
1613 
1614 	for (i = 0; i < VHOST_VDPA_IOTLB_BUCKETS; i++)
1615 		INIT_HLIST_HEAD(&v->as[i]);
1616 
1617 	return 0;
1618 
1619 err:
1620 	put_device(&v->dev);
1621 	return r;
1622 }
1623 
1624 static void vhost_vdpa_remove(struct vdpa_device *vdpa)
1625 {
1626 	struct vhost_vdpa *v = vdpa_get_drvdata(vdpa);
1627 	int opened;
1628 
1629 	cdev_device_del(&v->cdev, &v->dev);
1630 
1631 	do {
1632 		opened = atomic_cmpxchg(&v->opened, 0, 1);
1633 		if (!opened)
1634 			break;
1635 		wait_for_completion(&v->completion);
1636 	} while (1);
1637 
1638 	put_device(&v->dev);
1639 }
1640 
1641 static struct vdpa_driver vhost_vdpa_driver = {
1642 	.driver = {
1643 		.name	= "vhost_vdpa",
1644 	},
1645 	.probe	= vhost_vdpa_probe,
1646 	.remove	= vhost_vdpa_remove,
1647 };
1648 
1649 static int __init vhost_vdpa_init(void)
1650 {
1651 	int r;
1652 
1653 	r = alloc_chrdev_region(&vhost_vdpa_major, 0, VHOST_VDPA_DEV_MAX,
1654 				"vhost-vdpa");
1655 	if (r)
1656 		goto err_alloc_chrdev;
1657 
1658 	r = vdpa_register_driver(&vhost_vdpa_driver);
1659 	if (r)
1660 		goto err_vdpa_register_driver;
1661 
1662 	return 0;
1663 
1664 err_vdpa_register_driver:
1665 	unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1666 err_alloc_chrdev:
1667 	return r;
1668 }
1669 module_init(vhost_vdpa_init);
1670 
1671 static void __exit vhost_vdpa_exit(void)
1672 {
1673 	vdpa_unregister_driver(&vhost_vdpa_driver);
1674 	unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX);
1675 }
1676 module_exit(vhost_vdpa_exit);
1677 
1678 MODULE_VERSION("0.0.1");
1679 MODULE_LICENSE("GPL v2");
1680 MODULE_AUTHOR("Intel Corporation");
1681 MODULE_DESCRIPTION("vDPA-based vhost backend for virtio");
1682