1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
5 * VFIO container (/dev/vfio/vfio)
7 #include <linux/file.h>
8 #include <linux/slab.h>
10 #include <linux/capability.h>
11 #include <linux/iommu.h>
12 #include <linux/miscdevice.h>
13 #include <linux/vfio.h>
14 #include <uapi/linux/vfio.h>
18 struct vfio_container {
20 struct list_head group_list;
21 struct rw_semaphore group_lock;
22 struct vfio_iommu_driver *iommu_driver;
28 struct list_head iommu_drivers_list;
29 struct mutex iommu_drivers_lock;
32 #ifdef CONFIG_VFIO_NOIOMMU
33 bool vfio_noiommu __read_mostly;
34 module_param_named(enable_unsafe_noiommu_mode,
35 vfio_noiommu, bool, S_IRUGO | S_IWUSR);
36 MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)");
39 static void *vfio_noiommu_open(unsigned long arg)
41 if (arg != VFIO_NOIOMMU_IOMMU)
42 return ERR_PTR(-EINVAL);
43 if (!capable(CAP_SYS_RAWIO))
44 return ERR_PTR(-EPERM);
49 static void vfio_noiommu_release(void *iommu_data)
53 static long vfio_noiommu_ioctl(void *iommu_data,
54 unsigned int cmd, unsigned long arg)
56 if (cmd == VFIO_CHECK_EXTENSION)
57 return vfio_noiommu && (arg == VFIO_NOIOMMU_IOMMU) ? 1 : 0;
62 static int vfio_noiommu_attach_group(void *iommu_data,
63 struct iommu_group *iommu_group, enum vfio_group_type type)
68 static void vfio_noiommu_detach_group(void *iommu_data,
69 struct iommu_group *iommu_group)
73 static const struct vfio_iommu_driver_ops vfio_noiommu_ops = {
74 .name = "vfio-noiommu",
76 .open = vfio_noiommu_open,
77 .release = vfio_noiommu_release,
78 .ioctl = vfio_noiommu_ioctl,
79 .attach_group = vfio_noiommu_attach_group,
80 .detach_group = vfio_noiommu_detach_group,
84 * Only noiommu containers can use vfio-noiommu and noiommu containers can only
87 static bool vfio_iommu_driver_allowed(struct vfio_container *container,
88 const struct vfio_iommu_driver *driver)
90 if (!IS_ENABLED(CONFIG_VFIO_NOIOMMU))
92 return container->noiommu == (driver->ops == &vfio_noiommu_ops);
96 * IOMMU driver registration
98 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
100 struct vfio_iommu_driver *driver, *tmp;
102 if (WARN_ON(!ops->register_device != !ops->unregister_device))
105 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
111 mutex_lock(&vfio.iommu_drivers_lock);
113 /* Check for duplicates */
114 list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
115 if (tmp->ops == ops) {
116 mutex_unlock(&vfio.iommu_drivers_lock);
122 list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
124 mutex_unlock(&vfio.iommu_drivers_lock);
128 EXPORT_SYMBOL_GPL(vfio_register_iommu_driver);
130 void vfio_unregister_iommu_driver(const struct vfio_iommu_driver_ops *ops)
132 struct vfio_iommu_driver *driver;
134 mutex_lock(&vfio.iommu_drivers_lock);
135 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
136 if (driver->ops == ops) {
137 list_del(&driver->vfio_next);
138 mutex_unlock(&vfio.iommu_drivers_lock);
143 mutex_unlock(&vfio.iommu_drivers_lock);
145 EXPORT_SYMBOL_GPL(vfio_unregister_iommu_driver);
148 * Container objects - containers are created when /dev/vfio/vfio is
149 * opened, but their lifecycle extends until the last user is done, so
150 * it's freed via kref. Must support container/group/device being
151 * closed in any order.
153 static void vfio_container_release(struct kref *kref)
155 struct vfio_container *container;
156 container = container_of(kref, struct vfio_container, kref);
161 static void vfio_container_get(struct vfio_container *container)
163 kref_get(&container->kref);
166 static void vfio_container_put(struct vfio_container *container)
168 kref_put(&container->kref, vfio_container_release);
171 void vfio_device_container_register(struct vfio_device *device)
173 struct vfio_iommu_driver *iommu_driver =
174 device->group->container->iommu_driver;
176 if (iommu_driver && iommu_driver->ops->register_device)
177 iommu_driver->ops->register_device(
178 device->group->container->iommu_data, device);
181 void vfio_device_container_unregister(struct vfio_device *device)
183 struct vfio_iommu_driver *iommu_driver =
184 device->group->container->iommu_driver;
186 if (iommu_driver && iommu_driver->ops->unregister_device)
187 iommu_driver->ops->unregister_device(
188 device->group->container->iommu_data, device);
192 vfio_container_ioctl_check_extension(struct vfio_container *container,
195 struct vfio_iommu_driver *driver;
198 down_read(&container->group_lock);
200 driver = container->iommu_driver;
203 /* No base extensions yet */
206 * If no driver is set, poll all registered drivers for
207 * extensions and return the first positive result. If
208 * a driver is already set, further queries will be passed
209 * only to that driver.
212 mutex_lock(&vfio.iommu_drivers_lock);
213 list_for_each_entry(driver, &vfio.iommu_drivers_list,
216 if (!list_empty(&container->group_list) &&
217 !vfio_iommu_driver_allowed(container,
220 if (!try_module_get(driver->ops->owner))
223 ret = driver->ops->ioctl(NULL,
224 VFIO_CHECK_EXTENSION,
226 module_put(driver->ops->owner);
230 mutex_unlock(&vfio.iommu_drivers_lock);
232 ret = driver->ops->ioctl(container->iommu_data,
233 VFIO_CHECK_EXTENSION, arg);
236 up_read(&container->group_lock);
241 /* hold write lock on container->group_lock */
242 static int __vfio_container_attach_groups(struct vfio_container *container,
243 struct vfio_iommu_driver *driver,
246 struct vfio_group *group;
249 list_for_each_entry(group, &container->group_list, container_next) {
250 ret = driver->ops->attach_group(data, group->iommu_group,
259 list_for_each_entry_continue_reverse(group, &container->group_list,
261 driver->ops->detach_group(data, group->iommu_group);
267 static long vfio_ioctl_set_iommu(struct vfio_container *container,
270 struct vfio_iommu_driver *driver;
273 down_write(&container->group_lock);
276 * The container is designed to be an unprivileged interface while
277 * the group can be assigned to specific users. Therefore, only by
278 * adding a group to a container does the user get the privilege of
279 * enabling the iommu, which may allocate finite resources. There
280 * is no unset_iommu, but by removing all the groups from a container,
281 * the container is deprivileged and returns to an unset state.
283 if (list_empty(&container->group_list) || container->iommu_driver) {
284 up_write(&container->group_lock);
288 mutex_lock(&vfio.iommu_drivers_lock);
289 list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
292 if (!vfio_iommu_driver_allowed(container, driver))
294 if (!try_module_get(driver->ops->owner))
298 * The arg magic for SET_IOMMU is the same as CHECK_EXTENSION,
299 * so test which iommu driver reported support for this
300 * extension and call open on them. We also pass them the
301 * magic, allowing a single driver to support multiple
302 * interfaces if they'd like.
304 if (driver->ops->ioctl(NULL, VFIO_CHECK_EXTENSION, arg) <= 0) {
305 module_put(driver->ops->owner);
309 data = driver->ops->open(arg);
312 module_put(driver->ops->owner);
316 ret = __vfio_container_attach_groups(container, driver, data);
318 driver->ops->release(data);
319 module_put(driver->ops->owner);
323 container->iommu_driver = driver;
324 container->iommu_data = data;
328 mutex_unlock(&vfio.iommu_drivers_lock);
329 up_write(&container->group_lock);
334 static long vfio_fops_unl_ioctl(struct file *filep,
335 unsigned int cmd, unsigned long arg)
337 struct vfio_container *container = filep->private_data;
338 struct vfio_iommu_driver *driver;
346 case VFIO_GET_API_VERSION:
347 ret = VFIO_API_VERSION;
349 case VFIO_CHECK_EXTENSION:
350 ret = vfio_container_ioctl_check_extension(container, arg);
353 ret = vfio_ioctl_set_iommu(container, arg);
356 driver = container->iommu_driver;
357 data = container->iommu_data;
359 if (driver) /* passthrough all unrecognized ioctls */
360 ret = driver->ops->ioctl(data, cmd, arg);
366 static int vfio_fops_open(struct inode *inode, struct file *filep)
368 struct vfio_container *container;
370 container = kzalloc(sizeof(*container), GFP_KERNEL_ACCOUNT);
374 INIT_LIST_HEAD(&container->group_list);
375 init_rwsem(&container->group_lock);
376 kref_init(&container->kref);
378 filep->private_data = container;
383 static int vfio_fops_release(struct inode *inode, struct file *filep)
385 struct vfio_container *container = filep->private_data;
387 filep->private_data = NULL;
389 vfio_container_put(container);
394 static const struct file_operations vfio_fops = {
395 .owner = THIS_MODULE,
396 .open = vfio_fops_open,
397 .release = vfio_fops_release,
398 .unlocked_ioctl = vfio_fops_unl_ioctl,
399 .compat_ioctl = compat_ptr_ioctl,
402 struct vfio_container *vfio_container_from_file(struct file *file)
404 struct vfio_container *container;
406 /* Sanity check, is this really our fd? */
407 if (file->f_op != &vfio_fops)
410 container = file->private_data;
411 WARN_ON(!container); /* fget ensures we don't race vfio_release */
415 static struct miscdevice vfio_dev = {
419 .nodename = "vfio/vfio",
420 .mode = S_IRUGO | S_IWUGO,
423 int vfio_container_attach_group(struct vfio_container *container,
424 struct vfio_group *group)
426 struct vfio_iommu_driver *driver;
429 lockdep_assert_held(&group->group_lock);
431 if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO))
434 down_write(&container->group_lock);
436 /* Real groups and fake groups cannot mix */
437 if (!list_empty(&container->group_list) &&
438 container->noiommu != (group->type == VFIO_NO_IOMMU)) {
440 goto out_unlock_container;
443 if (group->type == VFIO_IOMMU) {
444 ret = iommu_group_claim_dma_owner(group->iommu_group, group);
446 goto out_unlock_container;
449 driver = container->iommu_driver;
451 ret = driver->ops->attach_group(container->iommu_data,
455 if (group->type == VFIO_IOMMU)
456 iommu_group_release_dma_owner(
458 goto out_unlock_container;
462 group->container = container;
463 group->container_users = 1;
464 container->noiommu = (group->type == VFIO_NO_IOMMU);
465 list_add(&group->container_next, &container->group_list);
467 /* Get a reference on the container and mark a user within the group */
468 vfio_container_get(container);
470 out_unlock_container:
471 up_write(&container->group_lock);
475 void vfio_group_detach_container(struct vfio_group *group)
477 struct vfio_container *container = group->container;
478 struct vfio_iommu_driver *driver;
480 lockdep_assert_held(&group->group_lock);
481 WARN_ON(group->container_users != 1);
483 down_write(&container->group_lock);
485 driver = container->iommu_driver;
487 driver->ops->detach_group(container->iommu_data,
490 if (group->type == VFIO_IOMMU)
491 iommu_group_release_dma_owner(group->iommu_group);
493 group->container = NULL;
494 group->container_users = 0;
495 list_del(&group->container_next);
497 /* Detaching the last group deprivileges a container, remove iommu */
498 if (driver && list_empty(&container->group_list)) {
499 driver->ops->release(container->iommu_data);
500 module_put(driver->ops->owner);
501 container->iommu_driver = NULL;
502 container->iommu_data = NULL;
505 up_write(&container->group_lock);
507 vfio_container_put(container);
510 int vfio_group_use_container(struct vfio_group *group)
512 lockdep_assert_held(&group->group_lock);
515 * The container fd has been assigned with VFIO_GROUP_SET_CONTAINER but
516 * VFIO_SET_IOMMU hasn't been done yet.
518 if (!group->container->iommu_driver)
521 if (group->type == VFIO_NO_IOMMU && !capable(CAP_SYS_RAWIO))
524 get_file(group->opened_file);
525 group->container_users++;
529 void vfio_group_unuse_container(struct vfio_group *group)
531 lockdep_assert_held(&group->group_lock);
533 WARN_ON(group->container_users <= 1);
534 group->container_users--;
535 fput(group->opened_file);
538 int vfio_device_container_pin_pages(struct vfio_device *device,
539 dma_addr_t iova, int npage,
540 int prot, struct page **pages)
542 struct vfio_container *container = device->group->container;
543 struct iommu_group *iommu_group = device->group->iommu_group;
544 struct vfio_iommu_driver *driver = container->iommu_driver;
546 if (npage > VFIO_PIN_PAGES_MAX_ENTRIES)
549 if (unlikely(!driver || !driver->ops->pin_pages))
551 return driver->ops->pin_pages(container->iommu_data, iommu_group, iova,
555 void vfio_device_container_unpin_pages(struct vfio_device *device,
556 dma_addr_t iova, int npage)
558 struct vfio_container *container = device->group->container;
560 if (WARN_ON(npage <= 0 || npage > VFIO_PIN_PAGES_MAX_ENTRIES))
563 container->iommu_driver->ops->unpin_pages(container->iommu_data, iova,
567 int vfio_device_container_dma_rw(struct vfio_device *device,
568 dma_addr_t iova, void *data,
569 size_t len, bool write)
571 struct vfio_container *container = device->group->container;
572 struct vfio_iommu_driver *driver = container->iommu_driver;
574 if (unlikely(!driver || !driver->ops->dma_rw))
576 return driver->ops->dma_rw(container->iommu_data, iova, data, len,
580 int __init vfio_container_init(void)
584 mutex_init(&vfio.iommu_drivers_lock);
585 INIT_LIST_HEAD(&vfio.iommu_drivers_list);
587 ret = misc_register(&vfio_dev);
589 pr_err("vfio: misc device register failed\n");
593 if (IS_ENABLED(CONFIG_VFIO_NOIOMMU)) {
594 ret = vfio_register_iommu_driver(&vfio_noiommu_ops);
601 misc_deregister(&vfio_dev);
605 void vfio_container_cleanup(void)
607 if (IS_ENABLED(CONFIG_VFIO_NOIOMMU))
608 vfio_unregister_iommu_driver(&vfio_noiommu_ops);
609 misc_deregister(&vfio_dev);
610 mutex_destroy(&vfio.iommu_drivers_lock);
613 MODULE_ALIAS_MISCDEV(VFIO_MINOR);
614 MODULE_ALIAS("devname:vfio/vfio");
projects / linux-2.6-microblaze.git / blob