1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2018-2020 Intel Corporation. 4 * Copyright (C) 2020 Red Hat, Inc. 5 * 6 * Author: Tiwei Bie <tiwei.bie@intel.com> 7 * Jason Wang <jasowang@redhat.com> 8 * 9 * Thanks Michael S. Tsirkin for the valuable comments and 10 * suggestions. And thanks to Cunming Liang and Zhihong Wang for all 11 * their supports. 12 */ 13 14 #include <linux/kernel.h> 15 #include <linux/module.h> 16 #include <linux/cdev.h> 17 #include <linux/device.h> 18 #include <linux/mm.h> 19 #include <linux/slab.h> 20 #include <linux/iommu.h> 21 #include <linux/uuid.h> 22 #include <linux/vdpa.h> 23 #include <linux/nospec.h> 24 #include <linux/vhost.h> 25 26 #include "vhost.h" 27 28 enum { 29 VHOST_VDPA_BACKEND_FEATURES = 30 (1ULL << VHOST_BACKEND_F_IOTLB_MSG_V2) | 31 (1ULL << VHOST_BACKEND_F_IOTLB_BATCH) | 32 (1ULL << VHOST_BACKEND_F_IOTLB_ASID), 33 }; 34 35 #define VHOST_VDPA_DEV_MAX (1U << MINORBITS) 36 37 #define VHOST_VDPA_IOTLB_BUCKETS 16 38 39 struct vhost_vdpa_as { 40 struct hlist_node hash_link; 41 struct vhost_iotlb iotlb; 42 u32 id; 43 }; 44 45 struct vhost_vdpa { 46 struct vhost_dev vdev; 47 struct iommu_domain *domain; 48 struct vhost_virtqueue *vqs; 49 struct completion completion; 50 struct vdpa_device *vdpa; 51 struct hlist_head as[VHOST_VDPA_IOTLB_BUCKETS]; 52 struct device dev; 53 struct cdev cdev; 54 atomic_t opened; 55 u32 nvqs; 56 int virtio_id; 57 int minor; 58 struct eventfd_ctx *config_ctx; 59 int in_batch; 60 struct vdpa_iova_range range; 61 u32 batch_asid; 62 bool suspended; 63 }; 64 65 static DEFINE_IDA(vhost_vdpa_ida); 66 67 static dev_t vhost_vdpa_major; 68 69 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v, 70 struct vhost_iotlb *iotlb, u64 start, 71 u64 last, u32 asid); 72 73 static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb) 74 { 75 struct vhost_vdpa_as *as = container_of(iotlb, struct 76 vhost_vdpa_as, iotlb); 77 return as->id; 78 } 79 80 static struct vhost_vdpa_as *asid_to_as(struct vhost_vdpa *v, u32 asid) 81 { 82 struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS]; 83 struct vhost_vdpa_as *as; 84 85 hlist_for_each_entry(as, head, hash_link) 86 if (as->id == asid) 87 return as; 88 89 return NULL; 90 } 91 92 static struct vhost_iotlb *asid_to_iotlb(struct vhost_vdpa *v, u32 asid) 93 { 94 struct vhost_vdpa_as *as = asid_to_as(v, asid); 95 96 if (!as) 97 return NULL; 98 99 return &as->iotlb; 100 } 101 102 static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid) 103 { 104 struct hlist_head *head = &v->as[asid % VHOST_VDPA_IOTLB_BUCKETS]; 105 struct vhost_vdpa_as *as; 106 107 if (asid_to_as(v, asid)) 108 return NULL; 109 110 if (asid >= v->vdpa->nas) 111 return NULL; 112 113 as = kmalloc(sizeof(*as), GFP_KERNEL); 114 if (!as) 115 return NULL; 116 117 vhost_iotlb_init(&as->iotlb, 0, 0); 118 as->id = asid; 119 hlist_add_head(&as->hash_link, head); 120 121 return as; 122 } 123 124 static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v, 125 u32 asid) 126 { 127 struct vhost_vdpa_as *as = asid_to_as(v, asid); 128 129 if (as) 130 return as; 131 132 return vhost_vdpa_alloc_as(v, asid); 133 } 134 135 static void vhost_vdpa_reset_map(struct vhost_vdpa *v, u32 asid) 136 { 137 struct vdpa_device *vdpa = v->vdpa; 138 const struct vdpa_config_ops *ops = vdpa->config; 139 140 if (ops->reset_map) 141 ops->reset_map(vdpa, asid); 142 } 143 144 static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid) 145 { 146 struct vhost_vdpa_as *as = asid_to_as(v, asid); 147 148 if (!as) 149 return -EINVAL; 150 151 hlist_del(&as->hash_link); 152 vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid); 153 /* 154 * Devices with vendor specific IOMMU may need to restore 155 * iotlb to the initial or default state, which cannot be 156 * cleaned up in the all range unmap call above. Give them 157 * a chance to clean up or reset the map to the desired 158 * state. 159 */ 160 vhost_vdpa_reset_map(v, asid); 161 kfree(as); 162 163 return 0; 164 } 165 166 static void handle_vq_kick(struct vhost_work *work) 167 { 168 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 169 poll.work); 170 struct vhost_vdpa *v = container_of(vq->dev, struct vhost_vdpa, vdev); 171 const struct vdpa_config_ops *ops = v->vdpa->config; 172 173 ops->kick_vq(v->vdpa, vq - v->vqs); 174 } 175 176 static irqreturn_t vhost_vdpa_virtqueue_cb(void *private) 177 { 178 struct vhost_virtqueue *vq = private; 179 struct eventfd_ctx *call_ctx = vq->call_ctx.ctx; 180 181 if (call_ctx) 182 eventfd_signal(call_ctx); 183 184 return IRQ_HANDLED; 185 } 186 187 static irqreturn_t vhost_vdpa_config_cb(void *private) 188 { 189 struct vhost_vdpa *v = private; 190 struct eventfd_ctx *config_ctx = v->config_ctx; 191 192 if (config_ctx) 193 eventfd_signal(config_ctx); 194 195 return IRQ_HANDLED; 196 } 197 198 static void vhost_vdpa_setup_vq_irq(struct vhost_vdpa *v, u16 qid) 199 { 200 struct vhost_virtqueue *vq = &v->vqs[qid]; 201 const struct vdpa_config_ops *ops = v->vdpa->config; 202 struct vdpa_device *vdpa = v->vdpa; 203 int ret, irq; 204 205 if (!ops->get_vq_irq) 206 return; 207 208 irq = ops->get_vq_irq(vdpa, qid); 209 if (irq < 0) 210 return; 211 212 if (!vq->call_ctx.ctx) 213 return; 214 215 ret = irq_bypass_register_producer(&vq->call_ctx.producer, 216 vq->call_ctx.ctx, irq); 217 if (unlikely(ret)) 218 dev_info(&v->dev, "vq %u, irq bypass producer (eventfd %p) registration fails, ret = %d\n", 219 qid, vq->call_ctx.ctx, ret); 220 } 221 222 static void vhost_vdpa_unsetup_vq_irq(struct vhost_vdpa *v, u16 qid) 223 { 224 struct vhost_virtqueue *vq = &v->vqs[qid]; 225 226 irq_bypass_unregister_producer(&vq->call_ctx.producer); 227 } 228 229 static int _compat_vdpa_reset(struct vhost_vdpa *v) 230 { 231 struct vdpa_device *vdpa = v->vdpa; 232 u32 flags = 0; 233 234 v->suspended = false; 235 236 if (v->vdev.vqs) { 237 flags |= !vhost_backend_has_feature(v->vdev.vqs[0], 238 VHOST_BACKEND_F_IOTLB_PERSIST) ? 239 VDPA_RESET_F_CLEAN_MAP : 0; 240 } 241 242 return vdpa_reset(vdpa, flags); 243 } 244 245 static int vhost_vdpa_reset(struct vhost_vdpa *v) 246 { 247 v->in_batch = 0; 248 return _compat_vdpa_reset(v); 249 } 250 251 static long vhost_vdpa_bind_mm(struct vhost_vdpa *v) 252 { 253 struct vdpa_device *vdpa = v->vdpa; 254 const struct vdpa_config_ops *ops = vdpa->config; 255 256 if (!vdpa->use_va || !ops->bind_mm) 257 return 0; 258 259 return ops->bind_mm(vdpa, v->vdev.mm); 260 } 261 262 static void vhost_vdpa_unbind_mm(struct vhost_vdpa *v) 263 { 264 struct vdpa_device *vdpa = v->vdpa; 265 const struct vdpa_config_ops *ops = vdpa->config; 266 267 if (!vdpa->use_va || !ops->unbind_mm) 268 return; 269 270 ops->unbind_mm(vdpa); 271 } 272 273 static long vhost_vdpa_get_device_id(struct vhost_vdpa *v, u8 __user *argp) 274 { 275 struct vdpa_device *vdpa = v->vdpa; 276 const struct vdpa_config_ops *ops = vdpa->config; 277 u32 device_id; 278 279 device_id = ops->get_device_id(vdpa); 280 281 if (copy_to_user(argp, &device_id, sizeof(device_id))) 282 return -EFAULT; 283 284 return 0; 285 } 286 287 static long vhost_vdpa_get_status(struct vhost_vdpa *v, u8 __user *statusp) 288 { 289 struct vdpa_device *vdpa = v->vdpa; 290 const struct vdpa_config_ops *ops = vdpa->config; 291 u8 status; 292 293 status = ops->get_status(vdpa); 294 295 if (copy_to_user(statusp, &status, sizeof(status))) 296 return -EFAULT; 297 298 return 0; 299 } 300 301 static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp) 302 { 303 struct vdpa_device *vdpa = v->vdpa; 304 const struct vdpa_config_ops *ops = vdpa->config; 305 u8 status, status_old; 306 u32 nvqs = v->nvqs; 307 int ret; 308 u16 i; 309 310 if (copy_from_user(&status, statusp, sizeof(status))) 311 return -EFAULT; 312 313 status_old = ops->get_status(vdpa); 314 315 /* 316 * Userspace shouldn't remove status bits unless reset the 317 * status to 0. 318 */ 319 if (status != 0 && (status_old & ~status) != 0) 320 return -EINVAL; 321 322 if ((status_old & VIRTIO_CONFIG_S_DRIVER_OK) && !(status & VIRTIO_CONFIG_S_DRIVER_OK)) 323 for (i = 0; i < nvqs; i++) 324 vhost_vdpa_unsetup_vq_irq(v, i); 325 326 if (status == 0) { 327 ret = _compat_vdpa_reset(v); 328 if (ret) 329 return ret; 330 } else 331 vdpa_set_status(vdpa, status); 332 333 if ((status & VIRTIO_CONFIG_S_DRIVER_OK) && !(status_old & VIRTIO_CONFIG_S_DRIVER_OK)) 334 for (i = 0; i < nvqs; i++) 335 vhost_vdpa_setup_vq_irq(v, i); 336 337 return 0; 338 } 339 340 static int vhost_vdpa_config_validate(struct vhost_vdpa *v, 341 struct vhost_vdpa_config *c) 342 { 343 struct vdpa_device *vdpa = v->vdpa; 344 size_t size = vdpa->config->get_config_size(vdpa); 345 346 if (c->len == 0 || c->off > size) 347 return -EINVAL; 348 349 if (c->len > size - c->off) 350 return -E2BIG; 351 352 return 0; 353 } 354 355 static long vhost_vdpa_get_config(struct vhost_vdpa *v, 356 struct vhost_vdpa_config __user *c) 357 { 358 struct vdpa_device *vdpa = v->vdpa; 359 struct vhost_vdpa_config config; 360 unsigned long size = offsetof(struct vhost_vdpa_config, buf); 361 u8 *buf; 362 363 if (copy_from_user(&config, c, size)) 364 return -EFAULT; 365 if (vhost_vdpa_config_validate(v, &config)) 366 return -EINVAL; 367 buf = kvzalloc(config.len, GFP_KERNEL); 368 if (!buf) 369 return -ENOMEM; 370 371 vdpa_get_config(vdpa, config.off, buf, config.len); 372 373 if (copy_to_user(c->buf, buf, config.len)) { 374 kvfree(buf); 375 return -EFAULT; 376 } 377 378 kvfree(buf); 379 return 0; 380 } 381 382 static long vhost_vdpa_set_config(struct vhost_vdpa *v, 383 struct vhost_vdpa_config __user *c) 384 { 385 struct vdpa_device *vdpa = v->vdpa; 386 struct vhost_vdpa_config config; 387 unsigned long size = offsetof(struct vhost_vdpa_config, buf); 388 u8 *buf; 389 390 if (copy_from_user(&config, c, size)) 391 return -EFAULT; 392 if (vhost_vdpa_config_validate(v, &config)) 393 return -EINVAL; 394 395 buf = vmemdup_user(c->buf, config.len); 396 if (IS_ERR(buf)) 397 return PTR_ERR(buf); 398 399 vdpa_set_config(vdpa, config.off, buf, config.len); 400 401 kvfree(buf); 402 return 0; 403 } 404 405 static bool vhost_vdpa_can_suspend(const struct vhost_vdpa *v) 406 { 407 struct vdpa_device *vdpa = v->vdpa; 408 const struct vdpa_config_ops *ops = vdpa->config; 409 410 return ops->suspend; 411 } 412 413 static bool vhost_vdpa_can_resume(const struct vhost_vdpa *v) 414 { 415 struct vdpa_device *vdpa = v->vdpa; 416 const struct vdpa_config_ops *ops = vdpa->config; 417 418 return ops->resume; 419 } 420 421 static bool vhost_vdpa_has_desc_group(const struct vhost_vdpa *v) 422 { 423 struct vdpa_device *vdpa = v->vdpa; 424 const struct vdpa_config_ops *ops = vdpa->config; 425 426 return ops->get_vq_desc_group; 427 } 428 429 static long vhost_vdpa_get_features(struct vhost_vdpa *v, u64 __user *featurep) 430 { 431 struct vdpa_device *vdpa = v->vdpa; 432 const struct vdpa_config_ops *ops = vdpa->config; 433 u64 features; 434 435 features = ops->get_device_features(vdpa); 436 437 if (copy_to_user(featurep, &features, sizeof(features))) 438 return -EFAULT; 439 440 return 0; 441 } 442 443 static u64 vhost_vdpa_get_backend_features(const struct vhost_vdpa *v) 444 { 445 struct vdpa_device *vdpa = v->vdpa; 446 const struct vdpa_config_ops *ops = vdpa->config; 447 448 if (!ops->get_backend_features) 449 return 0; 450 else 451 return ops->get_backend_features(vdpa); 452 } 453 454 static bool vhost_vdpa_has_persistent_map(const struct vhost_vdpa *v) 455 { 456 struct vdpa_device *vdpa = v->vdpa; 457 const struct vdpa_config_ops *ops = vdpa->config; 458 459 return (!ops->set_map && !ops->dma_map) || ops->reset_map || 460 vhost_vdpa_get_backend_features(v) & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST); 461 } 462 463 static long vhost_vdpa_set_features(struct vhost_vdpa *v, u64 __user *featurep) 464 { 465 struct vdpa_device *vdpa = v->vdpa; 466 const struct vdpa_config_ops *ops = vdpa->config; 467 struct vhost_dev *d = &v->vdev; 468 u64 actual_features; 469 u64 features; 470 int i; 471 472 /* 473 * It's not allowed to change the features after they have 474 * been negotiated. 475 */ 476 if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_FEATURES_OK) 477 return -EBUSY; 478 479 if (copy_from_user(&features, featurep, sizeof(features))) 480 return -EFAULT; 481 482 if (vdpa_set_features(vdpa, features)) 483 return -EINVAL; 484 485 /* let the vqs know what has been configured */ 486 actual_features = ops->get_driver_features(vdpa); 487 for (i = 0; i < d->nvqs; ++i) { 488 struct vhost_virtqueue *vq = d->vqs[i]; 489 490 mutex_lock(&vq->mutex); 491 vq->acked_features = actual_features; 492 mutex_unlock(&vq->mutex); 493 } 494 495 return 0; 496 } 497 498 static long vhost_vdpa_get_vring_num(struct vhost_vdpa *v, u16 __user *argp) 499 { 500 struct vdpa_device *vdpa = v->vdpa; 501 const struct vdpa_config_ops *ops = vdpa->config; 502 u16 num; 503 504 num = ops->get_vq_num_max(vdpa); 505 506 if (copy_to_user(argp, &num, sizeof(num))) 507 return -EFAULT; 508 509 return 0; 510 } 511 512 static void vhost_vdpa_config_put(struct vhost_vdpa *v) 513 { 514 if (v->config_ctx) { 515 eventfd_ctx_put(v->config_ctx); 516 v->config_ctx = NULL; 517 } 518 } 519 520 static long vhost_vdpa_set_config_call(struct vhost_vdpa *v, u32 __user *argp) 521 { 522 struct vdpa_callback cb; 523 int fd; 524 struct eventfd_ctx *ctx; 525 526 cb.callback = vhost_vdpa_config_cb; 527 cb.private = v; 528 if (copy_from_user(&fd, argp, sizeof(fd))) 529 return -EFAULT; 530 531 ctx = fd == VHOST_FILE_UNBIND ? NULL : eventfd_ctx_fdget(fd); 532 swap(ctx, v->config_ctx); 533 534 if (!IS_ERR_OR_NULL(ctx)) 535 eventfd_ctx_put(ctx); 536 537 if (IS_ERR(v->config_ctx)) { 538 long ret = PTR_ERR(v->config_ctx); 539 540 v->config_ctx = NULL; 541 return ret; 542 } 543 544 v->vdpa->config->set_config_cb(v->vdpa, &cb); 545 546 return 0; 547 } 548 549 static long vhost_vdpa_get_iova_range(struct vhost_vdpa *v, u32 __user *argp) 550 { 551 struct vhost_vdpa_iova_range range = { 552 .first = v->range.first, 553 .last = v->range.last, 554 }; 555 556 if (copy_to_user(argp, &range, sizeof(range))) 557 return -EFAULT; 558 return 0; 559 } 560 561 static long vhost_vdpa_get_config_size(struct vhost_vdpa *v, u32 __user *argp) 562 { 563 struct vdpa_device *vdpa = v->vdpa; 564 const struct vdpa_config_ops *ops = vdpa->config; 565 u32 size; 566 567 size = ops->get_config_size(vdpa); 568 569 if (copy_to_user(argp, &size, sizeof(size))) 570 return -EFAULT; 571 572 return 0; 573 } 574 575 static long vhost_vdpa_get_vqs_count(struct vhost_vdpa *v, u32 __user *argp) 576 { 577 struct vdpa_device *vdpa = v->vdpa; 578 579 if (copy_to_user(argp, &vdpa->nvqs, sizeof(vdpa->nvqs))) 580 return -EFAULT; 581 582 return 0; 583 } 584 585 /* After a successful return of ioctl the device must not process more 586 * virtqueue descriptors. The device can answer to read or writes of config 587 * fields as if it were not suspended. In particular, writing to "queue_enable" 588 * with a value of 1 will not make the device start processing buffers. 589 */ 590 static long vhost_vdpa_suspend(struct vhost_vdpa *v) 591 { 592 struct vdpa_device *vdpa = v->vdpa; 593 const struct vdpa_config_ops *ops = vdpa->config; 594 int ret; 595 596 if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK)) 597 return 0; 598 599 if (!ops->suspend) 600 return -EOPNOTSUPP; 601 602 ret = ops->suspend(vdpa); 603 if (!ret) 604 v->suspended = true; 605 606 return ret; 607 } 608 609 /* After a successful return of this ioctl the device resumes processing 610 * virtqueue descriptors. The device becomes fully operational the same way it 611 * was before it was suspended. 612 */ 613 static long vhost_vdpa_resume(struct vhost_vdpa *v) 614 { 615 struct vdpa_device *vdpa = v->vdpa; 616 const struct vdpa_config_ops *ops = vdpa->config; 617 int ret; 618 619 if (!(ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK)) 620 return 0; 621 622 if (!ops->resume) 623 return -EOPNOTSUPP; 624 625 ret = ops->resume(vdpa); 626 if (!ret) 627 v->suspended = false; 628 629 return ret; 630 } 631 632 static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd, 633 void __user *argp) 634 { 635 struct vdpa_device *vdpa = v->vdpa; 636 const struct vdpa_config_ops *ops = vdpa->config; 637 struct vdpa_vq_state vq_state; 638 struct vdpa_callback cb; 639 struct vhost_virtqueue *vq; 640 struct vhost_vring_state s; 641 u32 idx; 642 long r; 643 644 r = get_user(idx, (u32 __user *)argp); 645 if (r < 0) 646 return r; 647 648 if (idx >= v->nvqs) 649 return -ENOBUFS; 650 651 idx = array_index_nospec(idx, v->nvqs); 652 vq = &v->vqs[idx]; 653 654 switch (cmd) { 655 case VHOST_VDPA_SET_VRING_ENABLE: 656 if (copy_from_user(&s, argp, sizeof(s))) 657 return -EFAULT; 658 ops->set_vq_ready(vdpa, idx, s.num); 659 return 0; 660 case VHOST_VDPA_GET_VRING_GROUP: 661 if (!ops->get_vq_group) 662 return -EOPNOTSUPP; 663 s.index = idx; 664 s.num = ops->get_vq_group(vdpa, idx); 665 if (s.num >= vdpa->ngroups) 666 return -EIO; 667 else if (copy_to_user(argp, &s, sizeof(s))) 668 return -EFAULT; 669 return 0; 670 case VHOST_VDPA_GET_VRING_DESC_GROUP: 671 if (!vhost_vdpa_has_desc_group(v)) 672 return -EOPNOTSUPP; 673 s.index = idx; 674 s.num = ops->get_vq_desc_group(vdpa, idx); 675 if (s.num >= vdpa->ngroups) 676 return -EIO; 677 else if (copy_to_user(argp, &s, sizeof(s))) 678 return -EFAULT; 679 return 0; 680 case VHOST_VDPA_SET_GROUP_ASID: 681 if (copy_from_user(&s, argp, sizeof(s))) 682 return -EFAULT; 683 if (idx >= vdpa->ngroups || s.num >= vdpa->nas) 684 return -EINVAL; 685 if (ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) 686 return -EBUSY; 687 if (!ops->set_group_asid) 688 return -EOPNOTSUPP; 689 return ops->set_group_asid(vdpa, idx, s.num); 690 case VHOST_VDPA_GET_VRING_SIZE: 691 if (!ops->get_vq_size) 692 return -EOPNOTSUPP; 693 s.index = idx; 694 s.num = ops->get_vq_size(vdpa, idx); 695 if (copy_to_user(argp, &s, sizeof(s))) 696 return -EFAULT; 697 return 0; 698 case VHOST_GET_VRING_BASE: 699 r = ops->get_vq_state(v->vdpa, idx, &vq_state); 700 if (r) 701 return r; 702 703 if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) { 704 vq->last_avail_idx = vq_state.packed.last_avail_idx | 705 (vq_state.packed.last_avail_counter << 15); 706 vq->last_used_idx = vq_state.packed.last_used_idx | 707 (vq_state.packed.last_used_counter << 15); 708 } else { 709 vq->last_avail_idx = vq_state.split.avail_index; 710 } 711 break; 712 case VHOST_SET_VRING_CALL: 713 if (vq->call_ctx.ctx) { 714 if (ops->get_status(vdpa) & 715 VIRTIO_CONFIG_S_DRIVER_OK) 716 vhost_vdpa_unsetup_vq_irq(v, idx); 717 } 718 break; 719 } 720 721 r = vhost_vring_ioctl(&v->vdev, cmd, argp); 722 if (r) 723 return r; 724 725 switch (cmd) { 726 case VHOST_SET_VRING_ADDR: 727 if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended) 728 return -EINVAL; 729 730 if (ops->set_vq_address(vdpa, idx, 731 (u64)(uintptr_t)vq->desc, 732 (u64)(uintptr_t)vq->avail, 733 (u64)(uintptr_t)vq->used)) 734 r = -EINVAL; 735 break; 736 737 case VHOST_SET_VRING_BASE: 738 if ((ops->get_status(vdpa) & VIRTIO_CONFIG_S_DRIVER_OK) && !v->suspended) 739 return -EINVAL; 740 741 if (vhost_has_feature(vq, VIRTIO_F_RING_PACKED)) { 742 vq_state.packed.last_avail_idx = vq->last_avail_idx & 0x7fff; 743 vq_state.packed.last_avail_counter = !!(vq->last_avail_idx & 0x8000); 744 vq_state.packed.last_used_idx = vq->last_used_idx & 0x7fff; 745 vq_state.packed.last_used_counter = !!(vq->last_used_idx & 0x8000); 746 } else { 747 vq_state.split.avail_index = vq->last_avail_idx; 748 } 749 r = ops->set_vq_state(vdpa, idx, &vq_state); 750 break; 751 752 case VHOST_SET_VRING_CALL: 753 if (vq->call_ctx.ctx) { 754 cb.callback = vhost_vdpa_virtqueue_cb; 755 cb.private = vq; 756 cb.trigger = vq->call_ctx.ctx; 757 if (ops->get_status(vdpa) & 758 VIRTIO_CONFIG_S_DRIVER_OK) 759 vhost_vdpa_setup_vq_irq(v, idx); 760 } else { 761 cb.callback = NULL; 762 cb.private = NULL; 763 cb.trigger = NULL; 764 } 765 ops->set_vq_cb(vdpa, idx, &cb); 766 break; 767 768 case VHOST_SET_VRING_NUM: 769 ops->set_vq_num(vdpa, idx, vq->num); 770 break; 771 } 772 773 return r; 774 } 775 776 static long vhost_vdpa_unlocked_ioctl(struct file *filep, 777 unsigned int cmd, unsigned long arg) 778 { 779 struct vhost_vdpa *v = filep->private_data; 780 struct vhost_dev *d = &v->vdev; 781 void __user *argp = (void __user *)arg; 782 u64 __user *featurep = argp; 783 u64 features; 784 long r = 0; 785 786 if (cmd == VHOST_SET_BACKEND_FEATURES) { 787 if (copy_from_user(&features, featurep, sizeof(features))) 788 return -EFAULT; 789 if (features & ~(VHOST_VDPA_BACKEND_FEATURES | 790 BIT_ULL(VHOST_BACKEND_F_DESC_ASID) | 791 BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST) | 792 BIT_ULL(VHOST_BACKEND_F_SUSPEND) | 793 BIT_ULL(VHOST_BACKEND_F_RESUME) | 794 BIT_ULL(VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK))) 795 return -EOPNOTSUPP; 796 if ((features & BIT_ULL(VHOST_BACKEND_F_SUSPEND)) && 797 !vhost_vdpa_can_suspend(v)) 798 return -EOPNOTSUPP; 799 if ((features & BIT_ULL(VHOST_BACKEND_F_RESUME)) && 800 !vhost_vdpa_can_resume(v)) 801 return -EOPNOTSUPP; 802 if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) && 803 !(features & BIT_ULL(VHOST_BACKEND_F_IOTLB_ASID))) 804 return -EINVAL; 805 if ((features & BIT_ULL(VHOST_BACKEND_F_DESC_ASID)) && 806 !vhost_vdpa_has_desc_group(v)) 807 return -EOPNOTSUPP; 808 if ((features & BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST)) && 809 !vhost_vdpa_has_persistent_map(v)) 810 return -EOPNOTSUPP; 811 vhost_set_backend_features(&v->vdev, features); 812 return 0; 813 } 814 815 mutex_lock(&d->mutex); 816 817 switch (cmd) { 818 case VHOST_VDPA_GET_DEVICE_ID: 819 r = vhost_vdpa_get_device_id(v, argp); 820 break; 821 case VHOST_VDPA_GET_STATUS: 822 r = vhost_vdpa_get_status(v, argp); 823 break; 824 case VHOST_VDPA_SET_STATUS: 825 r = vhost_vdpa_set_status(v, argp); 826 break; 827 case VHOST_VDPA_GET_CONFIG: 828 r = vhost_vdpa_get_config(v, argp); 829 break; 830 case VHOST_VDPA_SET_CONFIG: 831 r = vhost_vdpa_set_config(v, argp); 832 break; 833 case VHOST_GET_FEATURES: 834 r = vhost_vdpa_get_features(v, argp); 835 break; 836 case VHOST_SET_FEATURES: 837 r = vhost_vdpa_set_features(v, argp); 838 break; 839 case VHOST_VDPA_GET_VRING_NUM: 840 r = vhost_vdpa_get_vring_num(v, argp); 841 break; 842 case VHOST_VDPA_GET_GROUP_NUM: 843 if (copy_to_user(argp, &v->vdpa->ngroups, 844 sizeof(v->vdpa->ngroups))) 845 r = -EFAULT; 846 break; 847 case VHOST_VDPA_GET_AS_NUM: 848 if (copy_to_user(argp, &v->vdpa->nas, sizeof(v->vdpa->nas))) 849 r = -EFAULT; 850 break; 851 case VHOST_SET_LOG_BASE: 852 case VHOST_SET_LOG_FD: 853 r = -ENOIOCTLCMD; 854 break; 855 case VHOST_VDPA_SET_CONFIG_CALL: 856 r = vhost_vdpa_set_config_call(v, argp); 857 break; 858 case VHOST_GET_BACKEND_FEATURES: 859 features = VHOST_VDPA_BACKEND_FEATURES; 860 if (vhost_vdpa_can_suspend(v)) 861 features |= BIT_ULL(VHOST_BACKEND_F_SUSPEND); 862 if (vhost_vdpa_can_resume(v)) 863 features |= BIT_ULL(VHOST_BACKEND_F_RESUME); 864 if (vhost_vdpa_has_desc_group(v)) 865 features |= BIT_ULL(VHOST_BACKEND_F_DESC_ASID); 866 if (vhost_vdpa_has_persistent_map(v)) 867 features |= BIT_ULL(VHOST_BACKEND_F_IOTLB_PERSIST); 868 features |= vhost_vdpa_get_backend_features(v); 869 if (copy_to_user(featurep, &features, sizeof(features))) 870 r = -EFAULT; 871 break; 872 case VHOST_VDPA_GET_IOVA_RANGE: 873 r = vhost_vdpa_get_iova_range(v, argp); 874 break; 875 case VHOST_VDPA_GET_CONFIG_SIZE: 876 r = vhost_vdpa_get_config_size(v, argp); 877 break; 878 case VHOST_VDPA_GET_VQS_COUNT: 879 r = vhost_vdpa_get_vqs_count(v, argp); 880 break; 881 case VHOST_VDPA_SUSPEND: 882 r = vhost_vdpa_suspend(v); 883 break; 884 case VHOST_VDPA_RESUME: 885 r = vhost_vdpa_resume(v); 886 break; 887 default: 888 r = vhost_dev_ioctl(&v->vdev, cmd, argp); 889 if (r == -ENOIOCTLCMD) 890 r = vhost_vdpa_vring_ioctl(v, cmd, argp); 891 break; 892 } 893 894 if (r) 895 goto out; 896 897 switch (cmd) { 898 case VHOST_SET_OWNER: 899 r = vhost_vdpa_bind_mm(v); 900 if (r) 901 vhost_dev_reset_owner(d, NULL); 902 break; 903 } 904 out: 905 mutex_unlock(&d->mutex); 906 return r; 907 } 908 static void vhost_vdpa_general_unmap(struct vhost_vdpa *v, 909 struct vhost_iotlb_map *map, u32 asid) 910 { 911 struct vdpa_device *vdpa = v->vdpa; 912 const struct vdpa_config_ops *ops = vdpa->config; 913 if (ops->dma_map) { 914 ops->dma_unmap(vdpa, asid, map->start, map->size); 915 } else if (ops->set_map == NULL) { 916 iommu_unmap(v->domain, map->start, map->size); 917 } 918 } 919 920 static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb, 921 u64 start, u64 last, u32 asid) 922 { 923 struct vhost_dev *dev = &v->vdev; 924 struct vhost_iotlb_map *map; 925 struct page *page; 926 unsigned long pfn, pinned; 927 928 while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) { 929 pinned = PFN_DOWN(map->size); 930 for (pfn = PFN_DOWN(map->addr); 931 pinned > 0; pfn++, pinned--) { 932 page = pfn_to_page(pfn); 933 if (map->perm & VHOST_ACCESS_WO) 934 set_page_dirty_lock(page); 935 unpin_user_page(page); 936 } 937 atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm); 938 vhost_vdpa_general_unmap(v, map, asid); 939 vhost_iotlb_map_free(iotlb, map); 940 } 941 } 942 943 static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb, 944 u64 start, u64 last, u32 asid) 945 { 946 struct vhost_iotlb_map *map; 947 struct vdpa_map_file *map_file; 948 949 while ((map = vhost_iotlb_itree_first(iotlb, start, last)) != NULL) { 950 map_file = (struct vdpa_map_file *)map->opaque; 951 fput(map_file->file); 952 kfree(map_file); 953 vhost_vdpa_general_unmap(v, map, asid); 954 vhost_iotlb_map_free(iotlb, map); 955 } 956 } 957 958 static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v, 959 struct vhost_iotlb *iotlb, u64 start, 960 u64 last, u32 asid) 961 { 962 struct vdpa_device *vdpa = v->vdpa; 963 964 if (vdpa->use_va) 965 return vhost_vdpa_va_unmap(v, iotlb, start, last, asid); 966 967 return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid); 968 } 969 970 static int perm_to_iommu_flags(u32 perm) 971 { 972 int flags = 0; 973 974 switch (perm) { 975 case VHOST_ACCESS_WO: 976 flags |= IOMMU_WRITE; 977 break; 978 case VHOST_ACCESS_RO: 979 flags |= IOMMU_READ; 980 break; 981 case VHOST_ACCESS_RW: 982 flags |= (IOMMU_WRITE | IOMMU_READ); 983 break; 984 default: 985 WARN(1, "invalidate vhost IOTLB permission\n"); 986 break; 987 } 988 989 return flags | IOMMU_CACHE; 990 } 991 992 static int vhost_vdpa_map(struct vhost_vdpa *v, struct vhost_iotlb *iotlb, 993 u64 iova, u64 size, u64 pa, u32 perm, void *opaque) 994 { 995 struct vhost_dev *dev = &v->vdev; 996 struct vdpa_device *vdpa = v->vdpa; 997 const struct vdpa_config_ops *ops = vdpa->config; 998 u32 asid = iotlb_to_asid(iotlb); 999 int r = 0; 1000 1001 r = vhost_iotlb_add_range_ctx(iotlb, iova, iova + size - 1, 1002 pa, perm, opaque); 1003 if (r) 1004 return r; 1005 1006 if (ops->dma_map) { 1007 r = ops->dma_map(vdpa, asid, iova, size, pa, perm, opaque); 1008 } else if (ops->set_map) { 1009 if (!v->in_batch) 1010 r = ops->set_map(vdpa, asid, iotlb); 1011 } else { 1012 r = iommu_map(v->domain, iova, pa, size, 1013 perm_to_iommu_flags(perm), 1014 GFP_KERNEL_ACCOUNT); 1015 } 1016 if (r) { 1017 vhost_iotlb_del_range(iotlb, iova, iova + size - 1); 1018 return r; 1019 } 1020 1021 if (!vdpa->use_va) 1022 atomic64_add(PFN_DOWN(size), &dev->mm->pinned_vm); 1023 1024 return 0; 1025 } 1026 1027 static void vhost_vdpa_unmap(struct vhost_vdpa *v, 1028 struct vhost_iotlb *iotlb, 1029 u64 iova, u64 size) 1030 { 1031 struct vdpa_device *vdpa = v->vdpa; 1032 const struct vdpa_config_ops *ops = vdpa->config; 1033 u32 asid = iotlb_to_asid(iotlb); 1034 1035 vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid); 1036 1037 if (ops->set_map) { 1038 if (!v->in_batch) 1039 ops->set_map(vdpa, asid, iotlb); 1040 } 1041 1042 } 1043 1044 static int vhost_vdpa_va_map(struct vhost_vdpa *v, 1045 struct vhost_iotlb *iotlb, 1046 u64 iova, u64 size, u64 uaddr, u32 perm) 1047 { 1048 struct vhost_dev *dev = &v->vdev; 1049 u64 offset, map_size, map_iova = iova; 1050 struct vdpa_map_file *map_file; 1051 struct vm_area_struct *vma; 1052 int ret = 0; 1053 1054 mmap_read_lock(dev->mm); 1055 1056 while (size) { 1057 vma = find_vma(dev->mm, uaddr); 1058 if (!vma) { 1059 ret = -EINVAL; 1060 break; 1061 } 1062 map_size = min(size, vma->vm_end - uaddr); 1063 if (!(vma->vm_file && (vma->vm_flags & VM_SHARED) && 1064 !(vma->vm_flags & (VM_IO | VM_PFNMAP)))) 1065 goto next; 1066 1067 map_file = kzalloc(sizeof(*map_file), GFP_KERNEL); 1068 if (!map_file) { 1069 ret = -ENOMEM; 1070 break; 1071 } 1072 offset = (vma->vm_pgoff << PAGE_SHIFT) + uaddr - vma->vm_start; 1073 map_file->offset = offset; 1074 map_file->file = get_file(vma->vm_file); 1075 ret = vhost_vdpa_map(v, iotlb, map_iova, map_size, uaddr, 1076 perm, map_file); 1077 if (ret) { 1078 fput(map_file->file); 1079 kfree(map_file); 1080 break; 1081 } 1082 next: 1083 size -= map_size; 1084 uaddr += map_size; 1085 map_iova += map_size; 1086 } 1087 if (ret) 1088 vhost_vdpa_unmap(v, iotlb, iova, map_iova - iova); 1089 1090 mmap_read_unlock(dev->mm); 1091 1092 return ret; 1093 } 1094 1095 static int vhost_vdpa_pa_map(struct vhost_vdpa *v, 1096 struct vhost_iotlb *iotlb, 1097 u64 iova, u64 size, u64 uaddr, u32 perm) 1098 { 1099 struct vhost_dev *dev = &v->vdev; 1100 struct page **page_list; 1101 unsigned long list_size = PAGE_SIZE / sizeof(struct page *); 1102 unsigned int gup_flags = FOLL_LONGTERM; 1103 unsigned long npages, cur_base, map_pfn, last_pfn = 0; 1104 unsigned long lock_limit, sz2pin, nchunks, i; 1105 u64 start = iova; 1106 long pinned; 1107 int ret = 0; 1108 1109 /* Limit the use of memory for bookkeeping */ 1110 page_list = (struct page **) __get_free_page(GFP_KERNEL); 1111 if (!page_list) 1112 return -ENOMEM; 1113 1114 if (perm & VHOST_ACCESS_WO) 1115 gup_flags |= FOLL_WRITE; 1116 1117 npages = PFN_UP(size + (iova & ~PAGE_MASK)); 1118 if (!npages) { 1119 ret = -EINVAL; 1120 goto free; 1121 } 1122 1123 mmap_read_lock(dev->mm); 1124 1125 lock_limit = PFN_DOWN(rlimit(RLIMIT_MEMLOCK)); 1126 if (npages + atomic64_read(&dev->mm->pinned_vm) > lock_limit) { 1127 ret = -ENOMEM; 1128 goto unlock; 1129 } 1130 1131 cur_base = uaddr & PAGE_MASK; 1132 iova &= PAGE_MASK; 1133 nchunks = 0; 1134 1135 while (npages) { 1136 sz2pin = min_t(unsigned long, npages, list_size); 1137 pinned = pin_user_pages(cur_base, sz2pin, 1138 gup_flags, page_list); 1139 if (sz2pin != pinned) { 1140 if (pinned < 0) { 1141 ret = pinned; 1142 } else { 1143 unpin_user_pages(page_list, pinned); 1144 ret = -ENOMEM; 1145 } 1146 goto out; 1147 } 1148 nchunks++; 1149 1150 if (!last_pfn) 1151 map_pfn = page_to_pfn(page_list[0]); 1152 1153 for (i = 0; i < pinned; i++) { 1154 unsigned long this_pfn = page_to_pfn(page_list[i]); 1155 u64 csize; 1156 1157 if (last_pfn && (this_pfn != last_pfn + 1)) { 1158 /* Pin a contiguous chunk of memory */ 1159 csize = PFN_PHYS(last_pfn - map_pfn + 1); 1160 ret = vhost_vdpa_map(v, iotlb, iova, csize, 1161 PFN_PHYS(map_pfn), 1162 perm, NULL); 1163 if (ret) { 1164 /* 1165 * Unpin the pages that are left unmapped 1166 * from this point on in the current 1167 * page_list. The remaining outstanding 1168 * ones which may stride across several 1169 * chunks will be covered in the common 1170 * error path subsequently. 1171 */ 1172 unpin_user_pages(&page_list[i], 1173 pinned - i); 1174 goto out; 1175 } 1176 1177 map_pfn = this_pfn; 1178 iova += csize; 1179 nchunks = 0; 1180 } 1181 1182 last_pfn = this_pfn; 1183 } 1184 1185 cur_base += PFN_PHYS(pinned); 1186 npages -= pinned; 1187 } 1188 1189 /* Pin the rest chunk */ 1190 ret = vhost_vdpa_map(v, iotlb, iova, PFN_PHYS(last_pfn - map_pfn + 1), 1191 PFN_PHYS(map_pfn), perm, NULL); 1192 out: 1193 if (ret) { 1194 if (nchunks) { 1195 unsigned long pfn; 1196 1197 /* 1198 * Unpin the outstanding pages which are yet to be 1199 * mapped but haven't due to vdpa_map() or 1200 * pin_user_pages() failure. 1201 * 1202 * Mapped pages are accounted in vdpa_map(), hence 1203 * the corresponding unpinning will be handled by 1204 * vdpa_unmap(). 1205 */ 1206 WARN_ON(!last_pfn); 1207 for (pfn = map_pfn; pfn <= last_pfn; pfn++) 1208 unpin_user_page(pfn_to_page(pfn)); 1209 } 1210 vhost_vdpa_unmap(v, iotlb, start, size); 1211 } 1212 unlock: 1213 mmap_read_unlock(dev->mm); 1214 free: 1215 free_page((unsigned long)page_list); 1216 return ret; 1217 1218 } 1219 1220 static int vhost_vdpa_process_iotlb_update(struct vhost_vdpa *v, 1221 struct vhost_iotlb *iotlb, 1222 struct vhost_iotlb_msg *msg) 1223 { 1224 struct vdpa_device *vdpa = v->vdpa; 1225 1226 if (msg->iova < v->range.first || !msg->size || 1227 msg->iova > U64_MAX - msg->size + 1 || 1228 msg->iova + msg->size - 1 > v->range.last) 1229 return -EINVAL; 1230 1231 if (vhost_iotlb_itree_first(iotlb, msg->iova, 1232 msg->iova + msg->size - 1)) 1233 return -EEXIST; 1234 1235 if (vdpa->use_va) 1236 return vhost_vdpa_va_map(v, iotlb, msg->iova, msg->size, 1237 msg->uaddr, msg->perm); 1238 1239 return vhost_vdpa_pa_map(v, iotlb, msg->iova, msg->size, msg->uaddr, 1240 msg->perm); 1241 } 1242 1243 static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev, u32 asid, 1244 struct vhost_iotlb_msg *msg) 1245 { 1246 struct vhost_vdpa *v = container_of(dev, struct vhost_vdpa, vdev); 1247 struct vdpa_device *vdpa = v->vdpa; 1248 const struct vdpa_config_ops *ops = vdpa->config; 1249 struct vhost_iotlb *iotlb = NULL; 1250 struct vhost_vdpa_as *as = NULL; 1251 int r = 0; 1252 1253 mutex_lock(&dev->mutex); 1254 1255 r = vhost_dev_check_owner(dev); 1256 if (r) 1257 goto unlock; 1258 1259 if (msg->type == VHOST_IOTLB_UPDATE || 1260 msg->type == VHOST_IOTLB_BATCH_BEGIN) { 1261 as = vhost_vdpa_find_alloc_as(v, asid); 1262 if (!as) { 1263 dev_err(&v->dev, "can't find and alloc asid %d\n", 1264 asid); 1265 r = -EINVAL; 1266 goto unlock; 1267 } 1268 iotlb = &as->iotlb; 1269 } else 1270 iotlb = asid_to_iotlb(v, asid); 1271 1272 if ((v->in_batch && v->batch_asid != asid) || !iotlb) { 1273 if (v->in_batch && v->batch_asid != asid) { 1274 dev_info(&v->dev, "batch id %d asid %d\n", 1275 v->batch_asid, asid); 1276 } 1277 if (!iotlb) 1278 dev_err(&v->dev, "no iotlb for asid %d\n", asid); 1279 r = -EINVAL; 1280 goto unlock; 1281 } 1282 1283 switch (msg->type) { 1284 case VHOST_IOTLB_UPDATE: 1285 r = vhost_vdpa_process_iotlb_update(v, iotlb, msg); 1286 break; 1287 case VHOST_IOTLB_INVALIDATE: 1288 vhost_vdpa_unmap(v, iotlb, msg->iova, msg->size); 1289 break; 1290 case VHOST_IOTLB_BATCH_BEGIN: 1291 v->batch_asid = asid; 1292 v->in_batch = true; 1293 break; 1294 case VHOST_IOTLB_BATCH_END: 1295 if (v->in_batch && ops->set_map) 1296 ops->set_map(vdpa, asid, iotlb); 1297 v->in_batch = false; 1298 break; 1299 default: 1300 r = -EINVAL; 1301 break; 1302 } 1303 unlock: 1304 mutex_unlock(&dev->mutex); 1305 1306 return r; 1307 } 1308 1309 static ssize_t vhost_vdpa_chr_write_iter(struct kiocb *iocb, 1310 struct iov_iter *from) 1311 { 1312 struct file *file = iocb->ki_filp; 1313 struct vhost_vdpa *v = file->private_data; 1314 struct vhost_dev *dev = &v->vdev; 1315 1316 return vhost_chr_write_iter(dev, from); 1317 } 1318 1319 static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v) 1320 { 1321 struct vdpa_device *vdpa = v->vdpa; 1322 const struct vdpa_config_ops *ops = vdpa->config; 1323 union virtio_map map = vdpa_get_map(vdpa); 1324 struct device *dma_dev = map.dma_dev; 1325 int ret; 1326 1327 /* Device want to do DMA by itself */ 1328 if (ops->set_map || ops->dma_map) 1329 return 0; 1330 1331 if (!device_iommu_capable(dma_dev, IOMMU_CAP_CACHE_COHERENCY)) { 1332 dev_warn_once(&v->dev, 1333 "Failed to allocate domain, device is not IOMMU cache coherent capable\n"); 1334 return -ENOTSUPP; 1335 } 1336 1337 v->domain = iommu_paging_domain_alloc(dma_dev); 1338 if (IS_ERR(v->domain)) { 1339 ret = PTR_ERR(v->domain); 1340 v->domain = NULL; 1341 return ret; 1342 } 1343 1344 ret = iommu_attach_device(v->domain, dma_dev); 1345 if (ret) 1346 goto err_attach; 1347 1348 return 0; 1349 1350 err_attach: 1351 iommu_domain_free(v->domain); 1352 v->domain = NULL; 1353 return ret; 1354 } 1355 1356 static void vhost_vdpa_free_domain(struct vhost_vdpa *v) 1357 { 1358 struct vdpa_device *vdpa = v->vdpa; 1359 union virtio_map map = vdpa_get_map(vdpa); 1360 struct device *dma_dev = map.dma_dev; 1361 1362 if (v->domain) { 1363 iommu_detach_device(v->domain, dma_dev); 1364 iommu_domain_free(v->domain); 1365 } 1366 1367 v->domain = NULL; 1368 } 1369 1370 static void vhost_vdpa_set_iova_range(struct vhost_vdpa *v) 1371 { 1372 struct vdpa_iova_range *range = &v->range; 1373 struct vdpa_device *vdpa = v->vdpa; 1374 const struct vdpa_config_ops *ops = vdpa->config; 1375 1376 if (ops->get_iova_range) { 1377 *range = ops->get_iova_range(vdpa); 1378 } else if (v->domain && v->domain->geometry.force_aperture) { 1379 range->first = v->domain->geometry.aperture_start; 1380 range->last = v->domain->geometry.aperture_end; 1381 } else { 1382 range->first = 0; 1383 range->last = ULLONG_MAX; 1384 } 1385 } 1386 1387 static void vhost_vdpa_cleanup(struct vhost_vdpa *v) 1388 { 1389 struct vhost_vdpa_as *as; 1390 u32 asid; 1391 1392 for (asid = 0; asid < v->vdpa->nas; asid++) { 1393 as = asid_to_as(v, asid); 1394 if (as) 1395 vhost_vdpa_remove_as(v, asid); 1396 } 1397 1398 vhost_vdpa_free_domain(v); 1399 vhost_dev_cleanup(&v->vdev); 1400 kfree(v->vdev.vqs); 1401 v->vdev.vqs = NULL; 1402 } 1403 1404 static int vhost_vdpa_open(struct inode *inode, struct file *filep) 1405 { 1406 struct vhost_vdpa *v; 1407 struct vhost_dev *dev; 1408 struct vhost_virtqueue **vqs; 1409 int r, opened; 1410 u32 i, nvqs; 1411 1412 v = container_of(inode->i_cdev, struct vhost_vdpa, cdev); 1413 1414 opened = atomic_cmpxchg(&v->opened, 0, 1); 1415 if (opened) 1416 return -EBUSY; 1417 1418 nvqs = v->nvqs; 1419 r = vhost_vdpa_reset(v); 1420 if (r) 1421 goto err; 1422 1423 vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL); 1424 if (!vqs) { 1425 r = -ENOMEM; 1426 goto err; 1427 } 1428 1429 dev = &v->vdev; 1430 for (i = 0; i < nvqs; i++) { 1431 vqs[i] = &v->vqs[i]; 1432 vqs[i]->handle_kick = handle_vq_kick; 1433 vqs[i]->call_ctx.ctx = NULL; 1434 } 1435 vhost_dev_init(dev, vqs, nvqs, 0, 0, 0, false, 1436 vhost_vdpa_process_iotlb_msg); 1437 1438 r = vhost_vdpa_alloc_domain(v); 1439 if (r) 1440 goto err_alloc_domain; 1441 1442 vhost_vdpa_set_iova_range(v); 1443 1444 filep->private_data = v; 1445 1446 return 0; 1447 1448 err_alloc_domain: 1449 vhost_vdpa_cleanup(v); 1450 err: 1451 atomic_dec(&v->opened); 1452 return r; 1453 } 1454 1455 static void vhost_vdpa_clean_irq(struct vhost_vdpa *v) 1456 { 1457 u32 i; 1458 1459 for (i = 0; i < v->nvqs; i++) 1460 vhost_vdpa_unsetup_vq_irq(v, i); 1461 } 1462 1463 static int vhost_vdpa_release(struct inode *inode, struct file *filep) 1464 { 1465 struct vhost_vdpa *v = filep->private_data; 1466 struct vhost_dev *d = &v->vdev; 1467 1468 mutex_lock(&d->mutex); 1469 filep->private_data = NULL; 1470 vhost_vdpa_clean_irq(v); 1471 vhost_vdpa_reset(v); 1472 vhost_dev_stop(&v->vdev); 1473 vhost_vdpa_unbind_mm(v); 1474 vhost_vdpa_config_put(v); 1475 vhost_vdpa_cleanup(v); 1476 mutex_unlock(&d->mutex); 1477 1478 atomic_dec(&v->opened); 1479 complete(&v->completion); 1480 1481 return 0; 1482 } 1483 1484 #ifdef CONFIG_MMU 1485 static vm_fault_t vhost_vdpa_fault(struct vm_fault *vmf) 1486 { 1487 struct vhost_vdpa *v = vmf->vma->vm_file->private_data; 1488 struct vdpa_device *vdpa = v->vdpa; 1489 const struct vdpa_config_ops *ops = vdpa->config; 1490 struct vdpa_notification_area notify; 1491 struct vm_area_struct *vma = vmf->vma; 1492 u16 index = vma->vm_pgoff; 1493 1494 notify = ops->get_vq_notification(vdpa, index); 1495 1496 return vmf_insert_pfn(vma, vmf->address & PAGE_MASK, PFN_DOWN(notify.addr)); 1497 } 1498 1499 static const struct vm_operations_struct vhost_vdpa_vm_ops = { 1500 .fault = vhost_vdpa_fault, 1501 }; 1502 1503 static int vhost_vdpa_mmap(struct file *file, struct vm_area_struct *vma) 1504 { 1505 struct vhost_vdpa *v = vma->vm_file->private_data; 1506 struct vdpa_device *vdpa = v->vdpa; 1507 const struct vdpa_config_ops *ops = vdpa->config; 1508 struct vdpa_notification_area notify; 1509 unsigned long index = vma->vm_pgoff; 1510 1511 if (vma->vm_end - vma->vm_start != PAGE_SIZE) 1512 return -EINVAL; 1513 if ((vma->vm_flags & VM_SHARED) == 0) 1514 return -EINVAL; 1515 if (vma->vm_flags & VM_READ) 1516 return -EINVAL; 1517 if (index > 65535) 1518 return -EINVAL; 1519 if (!ops->get_vq_notification) 1520 return -ENOTSUPP; 1521 1522 /* To be safe and easily modelled by userspace, We only 1523 * support the doorbell which sits on the page boundary and 1524 * does not share the page with other registers. 1525 */ 1526 notify = ops->get_vq_notification(vdpa, index); 1527 if (notify.addr & (PAGE_SIZE - 1)) 1528 return -EINVAL; 1529 if (vma->vm_end - vma->vm_start != notify.size) 1530 return -ENOTSUPP; 1531 1532 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1533 vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP); 1534 vma->vm_ops = &vhost_vdpa_vm_ops; 1535 return 0; 1536 } 1537 #endif /* CONFIG_MMU */ 1538 1539 static const struct file_operations vhost_vdpa_fops = { 1540 .owner = THIS_MODULE, 1541 .open = vhost_vdpa_open, 1542 .release = vhost_vdpa_release, 1543 .write_iter = vhost_vdpa_chr_write_iter, 1544 .unlocked_ioctl = vhost_vdpa_unlocked_ioctl, 1545 #ifdef CONFIG_MMU 1546 .mmap = vhost_vdpa_mmap, 1547 #endif /* CONFIG_MMU */ 1548 .compat_ioctl = compat_ptr_ioctl, 1549 }; 1550 1551 static void vhost_vdpa_release_dev(struct device *device) 1552 { 1553 struct vhost_vdpa *v = 1554 container_of(device, struct vhost_vdpa, dev); 1555 1556 ida_free(&vhost_vdpa_ida, v->minor); 1557 kfree(v->vqs); 1558 kfree(v); 1559 } 1560 1561 static int vhost_vdpa_probe(struct vdpa_device *vdpa) 1562 { 1563 const struct vdpa_config_ops *ops = vdpa->config; 1564 struct vhost_vdpa *v; 1565 int minor; 1566 int i, r; 1567 1568 /* We can't support platform IOMMU device with more than 1 1569 * group or as 1570 */ 1571 if (!ops->set_map && !ops->dma_map && 1572 (vdpa->ngroups > 1 || vdpa->nas > 1)) 1573 return -EOPNOTSUPP; 1574 1575 v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL); 1576 if (!v) 1577 return -ENOMEM; 1578 1579 minor = ida_alloc_max(&vhost_vdpa_ida, VHOST_VDPA_DEV_MAX - 1, 1580 GFP_KERNEL); 1581 if (minor < 0) { 1582 kfree(v); 1583 return minor; 1584 } 1585 1586 atomic_set(&v->opened, 0); 1587 v->minor = minor; 1588 v->vdpa = vdpa; 1589 v->nvqs = vdpa->nvqs; 1590 v->virtio_id = ops->get_device_id(vdpa); 1591 1592 device_initialize(&v->dev); 1593 v->dev.release = vhost_vdpa_release_dev; 1594 v->dev.parent = &vdpa->dev; 1595 v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor); 1596 v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue), 1597 GFP_KERNEL); 1598 if (!v->vqs) { 1599 r = -ENOMEM; 1600 goto err; 1601 } 1602 1603 r = dev_set_name(&v->dev, "vhost-vdpa-%u", minor); 1604 if (r) 1605 goto err; 1606 1607 cdev_init(&v->cdev, &vhost_vdpa_fops); 1608 v->cdev.owner = THIS_MODULE; 1609 1610 r = cdev_device_add(&v->cdev, &v->dev); 1611 if (r) 1612 goto err; 1613 1614 init_completion(&v->completion); 1615 vdpa_set_drvdata(vdpa, v); 1616 1617 for (i = 0; i < VHOST_VDPA_IOTLB_BUCKETS; i++) 1618 INIT_HLIST_HEAD(&v->as[i]); 1619 1620 return 0; 1621 1622 err: 1623 put_device(&v->dev); 1624 return r; 1625 } 1626 1627 static void vhost_vdpa_remove(struct vdpa_device *vdpa) 1628 { 1629 struct vhost_vdpa *v = vdpa_get_drvdata(vdpa); 1630 int opened; 1631 1632 cdev_device_del(&v->cdev, &v->dev); 1633 1634 do { 1635 opened = atomic_cmpxchg(&v->opened, 0, 1); 1636 if (!opened) 1637 break; 1638 wait_for_completion(&v->completion); 1639 } while (1); 1640 1641 put_device(&v->dev); 1642 } 1643 1644 static struct vdpa_driver vhost_vdpa_driver = { 1645 .driver = { 1646 .name = "vhost_vdpa", 1647 }, 1648 .probe = vhost_vdpa_probe, 1649 .remove = vhost_vdpa_remove, 1650 }; 1651 1652 static int __init vhost_vdpa_init(void) 1653 { 1654 int r; 1655 1656 r = alloc_chrdev_region(&vhost_vdpa_major, 0, VHOST_VDPA_DEV_MAX, 1657 "vhost-vdpa"); 1658 if (r) 1659 goto err_alloc_chrdev; 1660 1661 r = vdpa_register_driver(&vhost_vdpa_driver); 1662 if (r) 1663 goto err_vdpa_register_driver; 1664 1665 return 0; 1666 1667 err_vdpa_register_driver: 1668 unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX); 1669 err_alloc_chrdev: 1670 return r; 1671 } 1672 module_init(vhost_vdpa_init); 1673 1674 static void __exit vhost_vdpa_exit(void) 1675 { 1676 vdpa_unregister_driver(&vhost_vdpa_driver); 1677 unregister_chrdev_region(vhost_vdpa_major, VHOST_VDPA_DEV_MAX); 1678 } 1679 module_exit(vhost_vdpa_exit); 1680 1681 MODULE_VERSION("0.0.1"); 1682 MODULE_LICENSE("GPL v2"); 1683 MODULE_AUTHOR("Intel Corporation"); 1684 MODULE_DESCRIPTION("vDPA-based vhost backend for virtio"); 1685